diff --git a/.circleci/config.yml b/.circleci/config.yml
index d62fc838d..9e8de80ba 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -1,26 +1,81 @@
 version: 2
 jobs:
-  build:
+  build-c7-baseline:
     docker:
       - image: ossrs/srs:dev
     steps:
       - checkout
       - run: |
-          cd trunk &&
-          ./configure --gb28181=off --utest=off --srtp-nasm=off && make &&
-          ./configure --gb28181=on --utest=on --srtp-nasm=on && make clean && make
-  test:
+          echo "Build and run SRS baseline" &&
+          cd trunk && ./configure && make
+  build-c7-noasm:
     docker:
       - image: ossrs/srs:dev
     steps:
       - checkout
       - run: |
-          cd trunk &&
-          ./configure --gb28181=on --srtp-nasm=on --utest=on --gcov=on && make &&
+          echo "Build and run SRS without NASM or SRTP-NASM" &&
+          cd trunk && ./configure --nasm=off --srtp-nasm=off && make
+  build-c7-gb28181:
+    docker:
+      - image: ossrs/srs:dev
+    steps:
+      - checkout
+      - run: |
+          echo "Build and run SRS with GB28181" &&
+          cd trunk && ./configure --gb28181=on && make
+  build-c8-baseline:
+    docker:
+      - image: ossrs/srs:dev8
+    steps:
+      - checkout
+      - run: |
+          echo "Build and run SRS for CentOS8" &&
+          cd trunk && ./configure && make
+  build-u20-baseline:
+    docker:
+      - image: ossrs/srs:dev8
+    steps:
+      - checkout
+      - run: |
+          echo "Build and run SRS for Ubuntu20" &&
+          cd trunk && ./configure && make
+  run-utest:
+    docker:
+      - image: ossrs/srs:dev
+    steps:
+      - checkout
+      - run: |
+          echo "Build and run utest for SRS" &&
+          cd trunk && ./configure --gb28181=on --utest=on --gcov=on && make &&
           ./objs/srs_utest && bash auto/coverage.sh
+  run-regression-test:
+    docker:
+      - image: ossrs/srs:dev
+    steps:
+      - checkout
+      - run: |
+          echo "Build and run SRS with regression config" &&
+          cd trunk && ./configure && make && ./objs/srs -c conf/regression-test.conf &&
+          echo "Run srs-bench regression test" &&
+          cd 3rdparty/srs-bench && make && ./objs/srs_test -test.v
+  build-c7-ansi-noff:
+    docker:
+      - image: ossrs/srs:dev
+    steps:
+      - checkout
+      - run: |
+          echo "Build and run SRS C++98(ANSI), no FFmpeg-fit" &&
+          cd trunk && ./configure --cxx11=off --cxx14=off --ffmpeg-fit=off && make
 workflows:
   version: 2
   build_and_test:
     jobs:
-      - build
-      - test
+      - build-c7-baseline
+      - run-utest
+      - run-regression-test
+      - build-c7-noasm
+      - build-c7-gb28181
+      - build-c8-baseline
+      - build-u20-baseline
+      - build-c7-ansi-noff
diff --git a/README.md b/README.md
index a2c506a58..7fc5067ad 100755
--- a/README.md
+++ b/README.md
@@ -58,6 +58,7 @@ docker run -p 1935:1935 -p 1985:1985 -p 8080:8080 \
 * Usage: How to delivery HLS?([CN][v3_CN_SampleHLS], [EN][v3_EN_SampleHLS])
 * Usage: How to publish GB28181 to SRS? [#1500](https://github.com/ossrs/srs/issues/1500#issuecomment-606695679)
 * Usage: How to play WebRTC from SRS? [#307](https://github.com/ossrs/srs/issues/307)
+* Usage: How to publish WebRTC to SRS? [#307](https://github.com/ossrs/srs/issues/307)
 * Usage: How to publish SRT(Experimental) to SRS?([CN][v4_CN_SampleSRT], [EN][v4_EN_SampleSRT])
 * Usage: How to transode stream by FFMPEG?([CN][v2_CN_SampleFFMPEG], [EN][v2_EN_SampleFFMPEG])
 * Usage: How to forward stream to other servers?([CN][v3_CN_SampleForward], [EN][v3_EN_SampleForward])
@@ -156,6 +157,11 @@ For previous versions, please read:
 
 ## V4 changes
 
+* v4.0, 2021-03-03, Fix [#2106][bug #2106], [#2011][bug #2011], RTMP/AAC transcode to Opus bug. 4.0.81
+* v4.0, 2021-03-02, Refine build script for FFmpeg and SRTP. 4.0.80
+* v4.0, 2021-03-02, Upgrade libsrtp from 2.0.0 to 2.3.0, with source code. 4.0.79
+* v4.0, 2021-03-01, Upgrade openssl from 1.1.0e to 1.1.1b, with source code. 4.0.78
+* v4.0, 2021-03-01, Enable Object Cache and Zero Copy Nack by default. 4.0.77
 * v4.0, 2021-02-28, RTC: Support high performance [Zero Copy NACK](https://github.com/ossrs/srs/commit/36ea67359e55c94ab044cee4b6a4ec901a83a287#commitcomment-47654868). 4.0.76
 * v4.0, 2021-02-27, RTC: Support [Object Cache Pool](https://github.com/ossrs/srs/commit/14bfc98122bba369572417c19ebb2a61b373fc45#commitcomment-47655008) for performance. 4.0.75
 * v4.0, 2021-02-12, RTC: Support [High Resolution(about 25ms) Timer](https://github.com/ossrs/srs/commit/c5d2027f9af77fc2d34a6b6ca941c0f0fbdd10c4#commitcomment-47655747). 4.0.72
@@ -1474,6 +1480,10 @@ Winlin
 [v3_EN_NgExec]:https://github.com/ossrs/srs/wiki/v3_EN_NgExec
 [v3_CN_ReusePort]:https://github.com/ossrs/srs/wiki/v3_CN_ReusePort
 [v3_EN_ReusePort]:https://github.com/ossrs/srs/wiki/v3_EN_ReusePort
+[v4_CN_SampleSRT]:https://github.com/ossrs/srs/wiki/v4_CN_SampleSRT
+[v4_EN_SampleSRT]:https://github.com/ossrs/srs/wiki/v4_EN_SampleSRT
+[v3_CN_SampleDASH]:https://github.com/ossrs/srs/wiki/v3_CN_SampleDASH
+[v3_EN_SampleDASH]:https://github.com/ossrs/srs/wiki/v3_EN_SampleDASH
 
 [bug #213]: https://github.com/ossrs/srs/issues/213
 [bug #194]: https://github.com/ossrs/srs/issues/194
@@ -1815,6 +1825,8 @@ Winlin
 [bug #1657-2]: https://github.com/ossrs/srs/issues/1657#issuecomment-722904004
 [bug #1657-3]: https://github.com/ossrs/srs/issues/1657#issuecomment-722971676
 [bug #1998]: https://github.com/ossrs/srs/issues/1998
+[bug #2106]: https://github.com/ossrs/srs/issues/2106
+[bug #2011]: https://github.com/ossrs/srs/issues/2011
 [bug #zzzzzzzzzzzzz]: https://github.com/ossrs/srs/issues/zzzzzzzzzzzzz
 
 [exo #828]: https://github.com/google/ExoPlayer/pull/828
diff --git a/trunk/3rdparty/readme.txt b/trunk/3rdparty/README.md
similarity index 64%
rename from trunk/3rdparty/readme.txt
rename to trunk/3rdparty/README.md
index 331e2928c..5d5ef35db 100644
--- a/trunk/3rdparty/readme.txt
+++ b/trunk/3rdparty/README.md
@@ -1,75 +1,80 @@
 http-parser-2.1.zip
-    for srs to support http callback.
+* for srs to support http callback.
 
 nginx-1.5.7.zip
-    for srs to support hls streaming.
-    
+* for srs to support hls streaming.
+
+openssl-1.1.1b.tar.gz    
 openssl-1.1.0e.zip
 openssl-OpenSSL_1_0_2u.tar.gz
-    openssl for SRS(with-ssl) RTMP complex handshake to delivery h264+aac stream.
-    SRTP depends on openssl 1.0.*, so we use both ssl versions.
+* openssl for SRS(with-ssl) RTMP complex handshake to delivery h264+aac stream.
+* SRTP depends on openssl 1.0.*, so we use both ssl versions.
 
 CherryPy-3.2.4.zip
-    sample api server for srs.
+* sample api server for srs.
+
+libsrtp-2.3.0.tar.gz
+* For WebRTC.
 
 ffmpeg-3.2.4.tar.gz
 yasm-1.2.0.tar.gz
 lame-3.99.5.tar.gz
 speex-1.2rc1.zip
 x264-snapshot-20131129-2245-stable.tar.bz2 (core.138)
-    for srs to support live stream transcoding.
-    remark: we use *.zip for all linux plantform.
+* for srs to support live stream transcoding.
+* remark: we use *.zip for all linux plantform.
 
 fdk-aac-0.1.3.zip
-    https://github.com/mstorsjo/fdk-aac/releases
+* https://github.com/mstorsjo/fdk-aac/releases
 
 tools/ccache-3.1.9.zip
-    to fast build.
+* to fast build.
     
 gtest-1.6.0.zip
-    google test framework.
+* google test framework.
     
 gperftools-2.1.zip
-    gperf tools for performance benchmark.
+* gperf tools for performance benchmark.
 
 st-srs
 st-1.9.zip
 state-threads
 state-threads-1.9.1.tar.gz
-    Patched ST from https://github.com/ossrs/state-threads
+* Patched ST from https://github.com/ossrs/state-threads
 
 links:
-    nginx:
+* nginx:
         http://nginx.org/
-    http-parser:
+* http-parser:
         https://github.com/joyent/http-parser
-    state-threads:
+* state-threads:
         https://github.com/ossrs/state-threads
-    ffmpeg: 
+* ffmpeg: 
         http://ffmpeg.org/ 
         http://ffmpeg.org/releases/ffmpeg-3.2.4.tar.gz
-    x264: 
+* x264: 
         http://www.videolan.org/ 
         ftp://ftp.videolan.org/pub/videolan/x264/snapshots/x264-snapshot-20131129-2245-stable.tar.bz2
-    lame: 
+* lame: 
         http://sourceforge.net/projects/lame/ 
         http://nchc.dl.sourceforge.net/project/lame/lame/3.99/lame-3.99.5.tar.gz
-    yasm:
+* yasm:
         http://yasm.tortall.net/
         http://www.tortall.net/projects/yasm/releases/yasm-1.2.0.tar.gz
-    cherrypy:
+* cherrypy:
         http://www.cherrypy.org/
         https://pypi.python.org/pypi/CherryPy/3.2.4
-    openssl:
+* openssl:
         http://www.openssl.org/
         http://www.openssl.org/source/openssl-1.1.0e.tar.gz
-    gtest:
+* gtest:
         https://code.google.com/p/googletest
         https://code.google.com/p/googletest/downloads/list
-    gperftools:
+* gperftools:
         https://code.google.com/p/gperftools/
         https://code.google.com/p/gperftools/downloads/list
-    speex:
+* speex:
         http://www.speex.org/downloads/
         http://downloads.xiph.org/releases/speex/speex-1.2rc1.tar.gz
-
+* srtp:
+        https://github.com/cisco/libsrtp/releases/tag/v2.3.0
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/.gitignore b/trunk/3rdparty/ffmpeg-4-fit/.gitignore
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/.gitignore
rename to trunk/3rdparty/ffmpeg-4-fit/.gitignore
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/.version b/trunk/3rdparty/ffmpeg-4-fit/.version
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/.version
rename to trunk/3rdparty/ffmpeg-4-fit/.version
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/Makefile b/trunk/3rdparty/ffmpeg-4-fit/Makefile
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/Makefile
rename to trunk/3rdparty/ffmpeg-4-fit/Makefile
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/compat/atomics/gcc/stdatomic.h b/trunk/3rdparty/ffmpeg-4-fit/compat/atomics/gcc/stdatomic.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/compat/atomics/gcc/stdatomic.h
rename to trunk/3rdparty/ffmpeg-4-fit/compat/atomics/gcc/stdatomic.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/compat/va_copy.h b/trunk/3rdparty/ffmpeg-4-fit/compat/va_copy.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/compat/va_copy.h
rename to trunk/3rdparty/ffmpeg-4-fit/compat/va_copy.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/configure b/trunk/3rdparty/ffmpeg-4-fit/configure
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/configure
rename to trunk/3rdparty/ffmpeg-4-fit/configure
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/ffbuild/arch.mak b/trunk/3rdparty/ffmpeg-4-fit/ffbuild/arch.mak
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/ffbuild/arch.mak
rename to trunk/3rdparty/ffmpeg-4-fit/ffbuild/arch.mak
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/ffbuild/common.mak b/trunk/3rdparty/ffmpeg-4-fit/ffbuild/common.mak
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/ffbuild/common.mak
rename to trunk/3rdparty/ffmpeg-4-fit/ffbuild/common.mak
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/ffbuild/library.mak b/trunk/3rdparty/ffmpeg-4-fit/ffbuild/library.mak
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/ffbuild/library.mak
rename to trunk/3rdparty/ffmpeg-4-fit/ffbuild/library.mak
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/ffbuild/libversion.sh b/trunk/3rdparty/ffmpeg-4-fit/ffbuild/libversion.sh
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/ffbuild/libversion.sh
rename to trunk/3rdparty/ffmpeg-4-fit/ffbuild/libversion.sh
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/ffbuild/pkgconfig_generate.sh b/trunk/3rdparty/ffmpeg-4-fit/ffbuild/pkgconfig_generate.sh
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/ffbuild/pkgconfig_generate.sh
rename to trunk/3rdparty/ffmpeg-4-fit/ffbuild/pkgconfig_generate.sh
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/ffbuild/version.sh b/trunk/3rdparty/ffmpeg-4-fit/ffbuild/version.sh
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/ffbuild/version.sh
rename to trunk/3rdparty/ffmpeg-4-fit/ffbuild/version.sh
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/Makefile b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/Makefile
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/Makefile
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/Makefile
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aac.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aac.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aac.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aac.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aac_ac3_parser.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aac_ac3_parser.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aac_ac3_parser.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aac_ac3_parser.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aac_ac3_parser.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aac_ac3_parser.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aac_ac3_parser.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aac_ac3_parser.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aac_adtstoasc_bsf.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aac_adtstoasc_bsf.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aac_adtstoasc_bsf.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aac_adtstoasc_bsf.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aac_defines.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aac_defines.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aac_defines.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aac_defines.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aac_parser.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aac_parser.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aac_parser.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aac_parser.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aaccoder.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aaccoder.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aaccoder.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aaccoder.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aaccoder_trellis.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aaccoder_trellis.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aaccoder_trellis.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aaccoder_trellis.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aaccoder_twoloop.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aaccoder_twoloop.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aaccoder_twoloop.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aaccoder_twoloop.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacdec.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacdec.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacdec.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacdec.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacdec_fixed.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacdec_fixed.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacdec_fixed.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacdec_fixed.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacdec_template.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacdec_template.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacdec_template.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacdec_template.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacdectab.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacdectab.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacdectab.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacdectab.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacenc.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacenc.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacenc.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacenc.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacenc.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacenc.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacenc.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacenc.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacenc_is.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacenc_is.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacenc_is.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacenc_is.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacenc_is.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacenc_is.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacenc_is.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacenc_is.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacenc_ltp.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacenc_ltp.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacenc_ltp.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacenc_ltp.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacenc_ltp.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacenc_ltp.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacenc_ltp.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacenc_ltp.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacenc_pred.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacenc_pred.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacenc_pred.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacenc_pred.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacenc_pred.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacenc_pred.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacenc_pred.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacenc_pred.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacenc_quantization.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacenc_quantization.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacenc_quantization.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacenc_quantization.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacenc_quantization_misc.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacenc_quantization_misc.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacenc_quantization_misc.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacenc_quantization_misc.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacenc_tns.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacenc_tns.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacenc_tns.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacenc_tns.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacenc_tns.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacenc_tns.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacenc_tns.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacenc_tns.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacenc_utils.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacenc_utils.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacenc_utils.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacenc_utils.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacencdsp.asm b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacencdsp.asm
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacencdsp.asm
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacencdsp.asm
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacencdsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacencdsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacencdsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacencdsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacenctab.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacenctab.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacenctab.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacenctab.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacenctab.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacenctab.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacenctab.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacenctab.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacps.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacps.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacps.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacps.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacps.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacps.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacps.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacps.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacps_fixed.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacps_fixed.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacps_fixed.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacps_fixed.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacps_fixed_tablegen.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacps_fixed_tablegen.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacps_fixed_tablegen.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacps_fixed_tablegen.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacps_fixed_tablegen.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacps_fixed_tablegen.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacps_fixed_tablegen.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacps_fixed_tablegen.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacps_float.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacps_float.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacps_float.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacps_float.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacps_tablegen.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacps_tablegen.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacps_tablegen.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacps_tablegen.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacps_tablegen.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacps_tablegen.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacps_tablegen.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacps_tablegen.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacps_tablegen_template.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacps_tablegen_template.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacps_tablegen_template.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacps_tablegen_template.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacpsdata.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacpsdata.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacpsdata.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacpsdata.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacpsdsp.asm b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacpsdsp.asm
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacpsdsp.asm
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacpsdsp.asm
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacpsdsp.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacpsdsp.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacpsdsp.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacpsdsp.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacpsdsp_fixed.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacpsdsp_fixed.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacpsdsp_fixed.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacpsdsp_fixed.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacpsdsp_float.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacpsdsp_float.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacpsdsp_float.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacpsdsp_float.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacpsdsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacpsdsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacpsdsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacpsdsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacpsdsp_template.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacpsdsp_template.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacpsdsp_template.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacpsdsp_template.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacpsy.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacpsy.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacpsy.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacpsy.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacsbr.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacsbr.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacsbr.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacsbr.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacsbr.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacsbr.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacsbr.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacsbr.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacsbr_fixed.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacsbr_fixed.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacsbr_fixed.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacsbr_fixed.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacsbr_fixed_tablegen.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacsbr_fixed_tablegen.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacsbr_fixed_tablegen.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacsbr_fixed_tablegen.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacsbr_tablegen.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacsbr_tablegen.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacsbr_tablegen.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacsbr_tablegen.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacsbr_tablegen_common.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacsbr_tablegen_common.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacsbr_tablegen_common.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacsbr_tablegen_common.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacsbr_template.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacsbr_template.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacsbr_template.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacsbr_template.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacsbrdata.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacsbrdata.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aacsbrdata.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aacsbrdata.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aactab.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aactab.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aactab.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aactab.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aactab.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aactab.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aactab.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aactab.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/Makefile b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/Makefile
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/Makefile
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/Makefile
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/aacpsdsp_init_aarch64.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/aacpsdsp_init_aarch64.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/aacpsdsp_init_aarch64.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/aacpsdsp_init_aarch64.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/asm-offsets.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/asm-offsets.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/asm-offsets.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/asm-offsets.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/cabac.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/cabac.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/cabac.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/cabac.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/fft_init_aarch64.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/fft_init_aarch64.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/fft_init_aarch64.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/fft_init_aarch64.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/fmtconvert_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/fmtconvert_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/fmtconvert_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/fmtconvert_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/h264chroma_init_aarch64.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/h264chroma_init_aarch64.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/h264chroma_init_aarch64.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/h264chroma_init_aarch64.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/h264dsp_init_aarch64.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/h264dsp_init_aarch64.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/h264dsp_init_aarch64.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/h264dsp_init_aarch64.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/h264pred_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/h264pred_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/h264pred_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/h264pred_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/h264qpel_init_aarch64.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/h264qpel_init_aarch64.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/h264qpel_init_aarch64.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/h264qpel_init_aarch64.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/hpeldsp_init_aarch64.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/hpeldsp_init_aarch64.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/hpeldsp_init_aarch64.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/hpeldsp_init_aarch64.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/idct.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/idct.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/idct.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/idct.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/idctdsp_init_aarch64.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/idctdsp_init_aarch64.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/idctdsp_init_aarch64.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/idctdsp_init_aarch64.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/mpegaudiodsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/mpegaudiodsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/mpegaudiodsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/mpegaudiodsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/opusdsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/opusdsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/opusdsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/opusdsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/rv40dsp_init_aarch64.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/rv40dsp_init_aarch64.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/rv40dsp_init_aarch64.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/rv40dsp_init_aarch64.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/sbrdsp_init_aarch64.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/sbrdsp_init_aarch64.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/sbrdsp_init_aarch64.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/sbrdsp_init_aarch64.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/synth_filter_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/synth_filter_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/synth_filter_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/synth_filter_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/vc1dsp_init_aarch64.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/vc1dsp_init_aarch64.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/vc1dsp_init_aarch64.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/vc1dsp_init_aarch64.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/videodsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/videodsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/videodsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/videodsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/vorbisdsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/vorbisdsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/vorbisdsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/vorbisdsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/vp8dsp.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/vp8dsp.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/vp8dsp.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/vp8dsp.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/vp8dsp_init_aarch64.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/vp8dsp_init_aarch64.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/vp8dsp_init_aarch64.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/vp8dsp_init_aarch64.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/vp9dsp_init.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/vp9dsp_init.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/vp9dsp_init.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/vp9dsp_init.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/vp9dsp_init_10bpp_aarch64.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/vp9dsp_init_10bpp_aarch64.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/vp9dsp_init_10bpp_aarch64.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/vp9dsp_init_10bpp_aarch64.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/vp9dsp_init_12bpp_aarch64.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/vp9dsp_init_12bpp_aarch64.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/vp9dsp_init_12bpp_aarch64.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/vp9dsp_init_12bpp_aarch64.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/vp9dsp_init_16bpp_aarch64_template.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/vp9dsp_init_16bpp_aarch64_template.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/vp9dsp_init_16bpp_aarch64_template.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/vp9dsp_init_16bpp_aarch64_template.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/vp9dsp_init_aarch64.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/vp9dsp_init_aarch64.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/aarch64/vp9dsp_init_aarch64.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/aarch64/vp9dsp_init_aarch64.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/ac3.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/ac3.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/ac3.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/ac3.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/ac3.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/ac3.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/ac3.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/ac3.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/ac3_parser.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/ac3_parser.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/ac3_parser.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/ac3_parser.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/ac3_parser.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/ac3_parser.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/ac3_parser.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/ac3_parser.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/ac3_parser_internal.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/ac3_parser_internal.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/ac3_parser_internal.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/ac3_parser_internal.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/ac3dec.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/ac3dec.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/ac3dec.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/ac3dec.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/ac3dec.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/ac3dec.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/ac3dec.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/ac3dec.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/ac3dec_data.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/ac3dec_data.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/ac3dec_data.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/ac3dec_data.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/ac3dec_data.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/ac3dec_data.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/ac3dec_data.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/ac3dec_data.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/ac3dec_fixed.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/ac3dec_fixed.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/ac3dec_fixed.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/ac3dec_fixed.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/ac3dec_float.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/ac3dec_float.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/ac3dec_float.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/ac3dec_float.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/ac3dsp.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/ac3dsp.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/ac3dsp.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/ac3dsp.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/ac3dsp.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/ac3dsp.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/ac3dsp.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/ac3dsp.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/ac3enc.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/ac3enc.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/ac3enc.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/ac3enc.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/ac3enc.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/ac3enc.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/ac3enc.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/ac3enc.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/ac3enc_fixed.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/ac3enc_fixed.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/ac3enc_fixed.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/ac3enc_fixed.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/ac3enc_float.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/ac3enc_float.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/ac3enc_float.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/ac3enc_float.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/ac3enc_opts_template.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/ac3enc_opts_template.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/ac3enc_opts_template.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/ac3enc_opts_template.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/ac3enc_template.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/ac3enc_template.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/ac3enc_template.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/ac3enc_template.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/ac3tab.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/ac3tab.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/ac3tab.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/ac3tab.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/ac3tab.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/ac3tab.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/ac3tab.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/ac3tab.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/adts_header.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/adts_header.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/adts_header.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/adts_header.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/adts_header.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/adts_header.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/adts_header.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/adts_header.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/adts_parser.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/adts_parser.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/adts_parser.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/adts_parser.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/adts_parser.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/adts_parser.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/adts_parser.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/adts_parser.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/allcodecs.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/allcodecs.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/allcodecs.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/allcodecs.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/audio_frame_queue.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/audio_frame_queue.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/audio_frame_queue.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/audio_frame_queue.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/audio_frame_queue.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/audio_frame_queue.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/audio_frame_queue.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/audio_frame_queue.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/avcodec.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/avcodec.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/avcodec.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/avcodec.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/avdct.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/avdct.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/avdct.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/avdct.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/avdct.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/avdct.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/avdct.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/avdct.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/avfft.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/avfft.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/avfft.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/avfft.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/avfft.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/avfft.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/avfft.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/avfft.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/avpacket.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/avpacket.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/avpacket.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/avpacket.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/avpicture.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/avpicture.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/avpicture.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/avpicture.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/bitstream.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/bitstream.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/bitstream.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/bitstream.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/bitstream_filter.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/bitstream_filter.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/bitstream_filter.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/bitstream_filter.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/bitstream_filters.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/bitstream_filters.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/bitstream_filters.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/bitstream_filters.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/blockdsp.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/blockdsp.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/blockdsp.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/blockdsp.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/blockdsp.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/blockdsp.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/blockdsp.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/blockdsp.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/bsf.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/bsf.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/bsf.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/bsf.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/bsf.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/bsf.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/bsf.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/bsf.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/bsf_list.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/bsf_list.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/bsf_list.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/bsf_list.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/bytestream.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/bytestream.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/bytestream.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/bytestream.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/cbrt_data.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/cbrt_data.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/cbrt_data.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/cbrt_data.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/cbrt_data.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/cbrt_data.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/cbrt_data.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/cbrt_data.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/cbrt_data_fixed.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/cbrt_data_fixed.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/cbrt_data_fixed.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/cbrt_data_fixed.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/cbrt_tablegen.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/cbrt_tablegen.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/cbrt_tablegen.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/cbrt_tablegen.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/cbrt_tablegen.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/cbrt_tablegen.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/cbrt_tablegen.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/cbrt_tablegen.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/codec_desc.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/codec_desc.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/codec_desc.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/codec_desc.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/codec_list.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/codec_list.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/codec_list.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/codec_list.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/d3d11va.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/d3d11va.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/d3d11va.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/d3d11va.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/d3d11va.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/d3d11va.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/d3d11va.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/d3d11va.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/dct.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/dct.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/dct.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/dct.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/decode.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/decode.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/decode.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/decode.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/decode.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/decode.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/decode.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/decode.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/dirac.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/dirac.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/dirac.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/dirac.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/dirac.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/dirac.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/dirac.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/dirac.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/dirac_arith.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/dirac_arith.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/dirac_arith.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/dirac_arith.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/dirac_dwt.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/dirac_dwt.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/dirac_dwt.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/dirac_dwt.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/dirac_vlc.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/dirac_vlc.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/dirac_vlc.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/dirac_vlc.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/diracdsp.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/diracdsp.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/diracdsp.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/diracdsp.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/diractab.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/diractab.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/diractab.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/diractab.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/dv_profile.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/dv_profile.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/dv_profile.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/dv_profile.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/dv_profile.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/dv_profile.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/dv_profile.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/dv_profile.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/dv_profile_internal.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/dv_profile_internal.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/dv_profile_internal.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/dv_profile_internal.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/dxva2.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/dxva2.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/dxva2.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/dxva2.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/encode.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/encode.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/encode.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/encode.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/error_resilience.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/error_resilience.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/error_resilience.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/error_resilience.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/error_resilience.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/error_resilience.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/error_resilience.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/error_resilience.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/fdctdsp.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/fdctdsp.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/fdctdsp.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/fdctdsp.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/fft-internal.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/fft-internal.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/fft-internal.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/fft-internal.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/fft.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/fft.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/fft.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/fft.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/fft_fixed.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/fft_fixed.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/fft_fixed.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/fft_fixed.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/fft_fixed_32.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/fft_fixed_32.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/fft_fixed_32.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/fft_fixed_32.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/fft_float.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/fft_float.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/fft_float.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/fft_float.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/fft_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/fft_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/fft_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/fft_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/fft_init_table.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/fft_init_table.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/fft_init_table.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/fft_init_table.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/fft_table.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/fft_table.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/fft_table.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/fft_table.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/fft_template.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/fft_template.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/fft_template.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/fft_template.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/frame_thread_encoder.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/frame_thread_encoder.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/frame_thread_encoder.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/frame_thread_encoder.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/frame_thread_encoder.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/frame_thread_encoder.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/frame_thread_encoder.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/frame_thread_encoder.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/get_bits.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/get_bits.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/get_bits.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/get_bits.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/golomb.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/golomb.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/golomb.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/golomb.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/golomb.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/golomb.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/golomb.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/golomb.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/h263dsp.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/h263dsp.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/h263dsp.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/h263dsp.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/h263dsp.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/h263dsp.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/h263dsp.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/h263dsp.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/h264chroma.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/h264chroma.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/h264chroma.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/h264chroma.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/h264chroma.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/h264chroma.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/h264chroma.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/h264chroma.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/hpeldsp.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/hpeldsp.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/hpeldsp.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/hpeldsp.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/hpeldsp.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/hpeldsp.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/hpeldsp.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/hpeldsp.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/hwaccel.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/hwaccel.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/hwaccel.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/hwaccel.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/hwaccels.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/hwaccels.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/hwaccels.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/hwaccels.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/idctdsp.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/idctdsp.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/idctdsp.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/idctdsp.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/iirfilter.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/iirfilter.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/iirfilter.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/iirfilter.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/iirfilter.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/iirfilter.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/iirfilter.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/iirfilter.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/imgconvert.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/imgconvert.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/imgconvert.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/imgconvert.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/internal.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/internal.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/internal.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/internal.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/jni.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/jni.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/jni.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/jni.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/jni.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/jni.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/jni.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/jni.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/kbdwin.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/kbdwin.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/kbdwin.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/kbdwin.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/kbdwin.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/kbdwin.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/kbdwin.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/kbdwin.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/latm_parser.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/latm_parser.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/latm_parser.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/latm_parser.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/libopus.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/libopus.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/libopus.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/libopus.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/libopus.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/libopus.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/libopus.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/libopus.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/libopusdec.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/libopusdec.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/libopusdec.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/libopusdec.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/libopusenc.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/libopusenc.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/libopusenc.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/libopusenc.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/lpc.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/lpc.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/lpc.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/lpc.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/lpc.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/lpc.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/lpc.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/lpc.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mathops.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/mathops.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mathops.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/mathops.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mathtables.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/mathtables.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mathtables.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/mathtables.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mdct15.asm b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/mdct15.asm
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mdct15.asm
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/mdct15.asm
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mdct15.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/mdct15.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mdct15.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/mdct15.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mdct15.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/mdct15.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mdct15.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/mdct15.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mdct15_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/mdct15_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mdct15_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/mdct15_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mdct_fixed.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/mdct_fixed.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mdct_fixed.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/mdct_fixed.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mdct_fixed_32.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/mdct_fixed_32.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mdct_fixed_32.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/mdct_fixed_32.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mdct_float.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/mdct_float.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mdct_float.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/mdct_float.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mdct_template.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/mdct_template.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mdct_template.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/mdct_template.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/me_cmp.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/me_cmp.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/me_cmp.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/me_cmp.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/me_cmp.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/me_cmp.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/me_cmp.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/me_cmp.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mediacodec.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/mediacodec.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mediacodec.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/mediacodec.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mediacodec.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/mediacodec.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mediacodec.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/mediacodec.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mediacodec_surface.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/mediacodec_surface.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mediacodec_surface.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/mediacodec_surface.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mediacodec_sw_buffer.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/mediacodec_sw_buffer.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mediacodec_sw_buffer.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/mediacodec_sw_buffer.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mediacodec_wrapper.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/mediacodec_wrapper.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mediacodec_wrapper.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/mediacodec_wrapper.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mediacodecdec_common.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/mediacodecdec_common.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mediacodecdec_common.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/mediacodecdec_common.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mjpegenc.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/mjpegenc.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mjpegenc.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/mjpegenc.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mjpegenc_common.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/mjpegenc_common.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mjpegenc_common.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/mjpegenc_common.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mjpegenc_huffman.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/mjpegenc_huffman.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mjpegenc_huffman.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/mjpegenc_huffman.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mjpegenc_huffman.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/mjpegenc_huffman.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mjpegenc_huffman.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/mjpegenc_huffman.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/motion_est.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/motion_est.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/motion_est.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/motion_est.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/motion_est.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/motion_est.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/motion_est.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/motion_est.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mpeg12.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/mpeg12.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mpeg12.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/mpeg12.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mpeg12.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/mpeg12.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mpeg12.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/mpeg12.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mpeg12data.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/mpeg12data.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mpeg12data.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/mpeg12data.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mpeg12data.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/mpeg12data.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mpeg12data.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/mpeg12data.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mpeg12framerate.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/mpeg12framerate.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mpeg12framerate.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/mpeg12framerate.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mpeg12vlc.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/mpeg12vlc.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mpeg12vlc.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/mpeg12vlc.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mpeg4audio.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/mpeg4audio.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mpeg4audio.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/mpeg4audio.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mpeg4audio.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/mpeg4audio.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mpeg4audio.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/mpeg4audio.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mpegpicture.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/mpegpicture.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mpegpicture.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/mpegpicture.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mpegpicture.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/mpegpicture.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mpegpicture.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/mpegpicture.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mpegutils.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/mpegutils.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mpegutils.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/mpegutils.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mpegutils.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/mpegutils.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mpegutils.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/mpegutils.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mpegvideo.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/mpegvideo.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mpegvideo.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/mpegvideo.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mpegvideo.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/mpegvideo.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mpegvideo.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/mpegvideo.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mpegvideodata.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/mpegvideodata.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mpegvideodata.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/mpegvideodata.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mpegvideodata.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/mpegvideodata.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mpegvideodata.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/mpegvideodata.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mpegvideodsp.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/mpegvideodsp.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mpegvideodsp.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/mpegvideodsp.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mpegvideodsp.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/mpegvideodsp.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mpegvideodsp.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/mpegvideodsp.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mpegvideoencdsp.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/mpegvideoencdsp.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mpegvideoencdsp.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/mpegvideoencdsp.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mpegvideoencdsp.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/mpegvideoencdsp.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/mpegvideoencdsp.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/mpegvideoencdsp.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/null_bsf.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/null_bsf.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/null_bsf.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/null_bsf.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/options.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/options.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/options.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/options.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/options_table.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/options_table.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/options_table.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/options_table.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/opus.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/opus.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/opus.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/opus.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/opus.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/opus.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/opus.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/opus.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/opus_celt.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/opus_celt.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/opus_celt.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/opus_celt.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/opus_celt.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/opus_celt.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/opus_celt.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/opus_celt.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/opus_pvq.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/opus_pvq.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/opus_pvq.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/opus_pvq.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/opus_pvq.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/opus_pvq.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/opus_pvq.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/opus_pvq.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/opus_rc.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/opus_rc.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/opus_rc.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/opus_rc.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/opus_rc.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/opus_rc.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/opus_rc.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/opus_rc.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/opusdsp.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/opusdsp.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/opusdsp.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/opusdsp.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/opusdsp.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/opusdsp.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/opusdsp.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/opusdsp.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/opusenc.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/opusenc.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/opusenc.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/opusenc.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/opusenc.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/opusenc.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/opusenc.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/opusenc.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/opusenc_psy.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/opusenc_psy.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/opusenc_psy.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/opusenc_psy.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/opusenc_psy.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/opusenc_psy.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/opusenc_psy.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/opusenc_psy.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/opusenc_utils.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/opusenc_utils.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/opusenc_utils.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/opusenc_utils.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/opustab.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/opustab.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/opustab.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/opustab.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/opustab.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/opustab.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/opustab.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/opustab.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/parser.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/parser.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/parser.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/parser.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/parser.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/parser.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/parser.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/parser.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/parser_list.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/parser_list.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/parser_list.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/parser_list.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/parsers.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/parsers.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/parsers.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/parsers.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/pixblockdsp.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/pixblockdsp.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/pixblockdsp.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/pixblockdsp.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/profiles.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/profiles.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/profiles.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/profiles.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/profiles.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/profiles.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/profiles.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/profiles.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/psymodel.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/psymodel.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/psymodel.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/psymodel.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/psymodel.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/psymodel.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/psymodel.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/psymodel.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/pthread.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/pthread.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/pthread.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/pthread.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/pthread_frame.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/pthread_frame.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/pthread_frame.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/pthread_frame.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/pthread_internal.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/pthread_internal.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/pthread_internal.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/pthread_internal.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/pthread_slice.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/pthread_slice.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/pthread_slice.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/pthread_slice.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/put_bits.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/put_bits.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/put_bits.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/put_bits.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/qpeldsp.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/qpeldsp.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/qpeldsp.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/qpeldsp.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/qpeldsp.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/qpeldsp.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/qpeldsp.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/qpeldsp.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/qsv.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/qsv.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/qsv.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/qsv.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/qsv_api.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/qsv_api.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/qsv_api.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/qsv_api.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/ratecontrol.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/ratecontrol.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/ratecontrol.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/ratecontrol.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/ratecontrol.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/ratecontrol.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/ratecontrol.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/ratecontrol.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/raw.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/raw.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/raw.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/raw.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/raw.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/raw.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/raw.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/raw.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/rdft.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/rdft.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/rdft.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/rdft.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/rl.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/rl.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/rl.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/rl.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/rl.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/rl.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/rl.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/rl.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/rle.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/rle.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/rle.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/rle.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/sbr.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/sbr.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/sbr.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/sbr.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/sbrdsp.asm b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/sbrdsp.asm
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/sbrdsp.asm
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/sbrdsp.asm
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/sbrdsp.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/sbrdsp.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/sbrdsp.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/sbrdsp.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/sbrdsp.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/sbrdsp.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/sbrdsp.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/sbrdsp.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/sbrdsp_fixed.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/sbrdsp_fixed.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/sbrdsp_fixed.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/sbrdsp_fixed.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/sbrdsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/sbrdsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/sbrdsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/sbrdsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/sbrdsp_template.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/sbrdsp_template.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/sbrdsp_template.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/sbrdsp_template.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/sinewin.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/sinewin.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/sinewin.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/sinewin.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/sinewin.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/sinewin.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/sinewin.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/sinewin.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/sinewin_fixed.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/sinewin_fixed.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/sinewin_fixed.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/sinewin_fixed.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/sinewin_tablegen.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/sinewin_tablegen.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/sinewin_tablegen.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/sinewin_tablegen.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/sinewin_tablegen.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/sinewin_tablegen.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/sinewin_tablegen.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/sinewin_tablegen.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/thread.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/thread.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/thread.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/thread.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/utils.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/utils.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/utils.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/utils.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/v4l2_buffers.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/v4l2_buffers.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/v4l2_buffers.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/v4l2_buffers.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/v4l2_buffers.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/v4l2_buffers.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/v4l2_buffers.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/v4l2_buffers.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/v4l2_context.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/v4l2_context.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/v4l2_context.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/v4l2_context.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/v4l2_context.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/v4l2_context.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/v4l2_context.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/v4l2_context.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/v4l2_fmt.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/v4l2_fmt.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/v4l2_fmt.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/v4l2_fmt.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/v4l2_fmt.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/v4l2_fmt.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/v4l2_fmt.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/v4l2_fmt.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/v4l2_m2m.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/v4l2_m2m.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/v4l2_m2m.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/v4l2_m2m.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/v4l2_m2m.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/v4l2_m2m.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/v4l2_m2m.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/v4l2_m2m.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/vaapi.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/vaapi.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/vaapi.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/vaapi.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/vdpau.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/vdpau.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/vdpau.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/vdpau.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/version.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/version.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/version.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/version.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/videodsp.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/videodsp.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/videodsp.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/videodsp.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/videodsp.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/videodsp.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/videodsp.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/videodsp.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/videotoolbox.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/videotoolbox.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/videotoolbox.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/videotoolbox.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/vlc.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/vlc.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/vlc.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/vlc.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/vorbis.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/vorbis.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/vorbis.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/vorbis.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/vorbis.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/vorbis.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/vorbis.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/vorbis.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/vorbis_data.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/vorbis_data.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/vorbis_data.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/vorbis_data.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/vorbis_enc_data.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/vorbis_enc_data.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/vorbis_enc_data.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/vorbis_enc_data.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/vorbis_parser.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/vorbis_parser.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/vorbis_parser.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/vorbis_parser.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/vorbis_parser.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/vorbis_parser.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/vorbis_parser.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/vorbis_parser.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/vorbis_parser_internal.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/vorbis_parser_internal.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/vorbis_parser_internal.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/vorbis_parser_internal.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/vorbisdsp.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/vorbisdsp.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/vorbisdsp.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/vorbisdsp.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/Makefile b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/Makefile
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/Makefile
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/Makefile
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/aacencdsp.asm b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/aacencdsp.asm
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/aacencdsp.asm
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/aacencdsp.asm
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/aacencdsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/aacencdsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/aacencdsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/aacencdsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/aacpsdsp.asm b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/aacpsdsp.asm
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/aacpsdsp.asm
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/aacpsdsp.asm
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/aacpsdsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/aacpsdsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/aacpsdsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/aacpsdsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/ac3dsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/ac3dsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/ac3dsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/ac3dsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/alacdsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/alacdsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/alacdsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/alacdsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/audiodsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/audiodsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/audiodsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/audiodsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/blockdsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/blockdsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/blockdsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/blockdsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/bswapdsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/bswapdsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/bswapdsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/bswapdsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/cabac.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/cabac.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/cabac.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/cabac.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/cavsdsp.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/cavsdsp.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/cavsdsp.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/cavsdsp.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/celt_pvq_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/celt_pvq_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/celt_pvq_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/celt_pvq_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/celt_pvq_search.asm b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/celt_pvq_search.asm
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/celt_pvq_search.asm
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/celt_pvq_search.asm
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/constants.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/constants.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/constants.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/constants.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/constants.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/constants.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/constants.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/constants.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/dcadsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/dcadsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/dcadsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/dcadsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/dct_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/dct_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/dct_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/dct_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/dirac_dwt_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/dirac_dwt_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/dirac_dwt_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/dirac_dwt_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/diracdsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/diracdsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/diracdsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/diracdsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/dnxhdenc_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/dnxhdenc_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/dnxhdenc_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/dnxhdenc_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/exrdsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/exrdsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/exrdsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/exrdsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/fdct.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/fdct.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/fdct.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/fdct.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/fdct.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/fdct.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/fdct.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/fdct.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/fdctdsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/fdctdsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/fdctdsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/fdctdsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/fft.asm b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/fft.asm
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/fft.asm
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/fft.asm
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/fft.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/fft.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/fft.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/fft.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/fft_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/fft_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/fft_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/fft_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/flacdsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/flacdsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/flacdsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/flacdsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/fmtconvert_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/fmtconvert_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/fmtconvert_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/fmtconvert_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/fpel.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/fpel.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/fpel.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/fpel.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/g722dsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/g722dsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/g722dsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/g722dsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/h263dsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/h263dsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/h263dsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/h263dsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/h264_cabac.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/h264_cabac.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/h264_cabac.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/h264_cabac.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/h264_intrapred_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/h264_intrapred_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/h264_intrapred_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/h264_intrapred_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/h264_qpel.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/h264_qpel.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/h264_qpel.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/h264_qpel.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/h264chroma_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/h264chroma_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/h264chroma_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/h264chroma_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/h264dsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/h264dsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/h264dsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/h264dsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/hevcdsp.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/hevcdsp.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/hevcdsp.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/hevcdsp.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/hevcdsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/hevcdsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/hevcdsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/hevcdsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/hpeldsp.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/hpeldsp.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/hpeldsp.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/hpeldsp.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/hpeldsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/hpeldsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/hpeldsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/hpeldsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/hpeldsp_rnd_template.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/hpeldsp_rnd_template.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/hpeldsp_rnd_template.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/hpeldsp_rnd_template.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/hpeldsp_vp3_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/hpeldsp_vp3_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/hpeldsp_vp3_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/hpeldsp_vp3_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/huffyuvdsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/huffyuvdsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/huffyuvdsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/huffyuvdsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/huffyuvencdsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/huffyuvencdsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/huffyuvencdsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/huffyuvencdsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/idctdsp.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/idctdsp.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/idctdsp.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/idctdsp.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/idctdsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/idctdsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/idctdsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/idctdsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/inline_asm.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/inline_asm.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/inline_asm.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/inline_asm.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/jpeg2000dsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/jpeg2000dsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/jpeg2000dsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/jpeg2000dsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/lossless_audiodsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/lossless_audiodsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/lossless_audiodsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/lossless_audiodsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/lossless_videodsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/lossless_videodsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/lossless_videodsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/lossless_videodsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/lossless_videoencdsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/lossless_videoencdsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/lossless_videoencdsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/lossless_videoencdsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/lpc.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/lpc.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/lpc.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/lpc.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/mathops.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/mathops.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/mathops.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/mathops.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/mdct15.asm b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/mdct15.asm
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/mdct15.asm
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/mdct15.asm
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/mdct15_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/mdct15_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/mdct15_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/mdct15_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/me_cmp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/me_cmp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/me_cmp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/me_cmp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/mlpdsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/mlpdsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/mlpdsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/mlpdsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/mpegaudiodsp.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/mpegaudiodsp.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/mpegaudiodsp.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/mpegaudiodsp.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/mpegvideo.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/mpegvideo.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/mpegvideo.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/mpegvideo.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/mpegvideodsp.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/mpegvideodsp.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/mpegvideodsp.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/mpegvideodsp.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/mpegvideoenc.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/mpegvideoenc.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/mpegvideoenc.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/mpegvideoenc.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/mpegvideoenc_qns_template.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/mpegvideoenc_qns_template.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/mpegvideoenc_qns_template.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/mpegvideoenc_qns_template.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/mpegvideoenc_template.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/mpegvideoenc_template.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/mpegvideoenc_template.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/mpegvideoenc_template.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/mpegvideoencdsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/mpegvideoencdsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/mpegvideoencdsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/mpegvideoencdsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/opusdsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/opusdsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/opusdsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/opusdsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/pixblockdsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/pixblockdsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/pixblockdsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/pixblockdsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/pngdsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/pngdsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/pngdsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/pngdsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/proresdsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/proresdsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/proresdsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/proresdsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/qpeldsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/qpeldsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/qpeldsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/qpeldsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/rnd_template.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/rnd_template.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/rnd_template.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/rnd_template.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/rv34dsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/rv34dsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/rv34dsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/rv34dsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/rv40dsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/rv40dsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/rv40dsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/rv40dsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/sbcdsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/sbcdsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/sbcdsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/sbcdsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/sbrdsp.asm b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/sbrdsp.asm
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/sbrdsp.asm
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/sbrdsp.asm
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/sbrdsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/sbrdsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/sbrdsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/sbrdsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/simple_idct.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/simple_idct.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/simple_idct.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/simple_idct.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/snowdsp.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/snowdsp.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/snowdsp.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/snowdsp.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/svq1enc_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/svq1enc_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/svq1enc_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/svq1enc_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/synth_filter_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/synth_filter_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/synth_filter_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/synth_filter_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/takdsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/takdsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/takdsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/takdsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/ttadsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/ttadsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/ttadsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/ttadsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/ttaencdsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/ttaencdsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/ttaencdsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/ttaencdsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/utvideodsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/utvideodsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/utvideodsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/utvideodsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/v210-init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/v210-init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/v210-init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/v210-init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/v210enc_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/v210enc_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/v210enc_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/v210enc_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/vc1dsp.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/vc1dsp.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/vc1dsp.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/vc1dsp.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/vc1dsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/vc1dsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/vc1dsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/vc1dsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/vc1dsp_mmx.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/vc1dsp_mmx.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/vc1dsp_mmx.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/vc1dsp_mmx.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/videodsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/videodsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/videodsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/videodsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/vorbisdsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/vorbisdsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/vorbisdsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/vorbisdsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/vp3dsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/vp3dsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/vp3dsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/vp3dsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/vp56_arith.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/vp56_arith.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/vp56_arith.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/vp56_arith.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/vp6dsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/vp6dsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/vp6dsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/vp6dsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/vp8dsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/vp8dsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/vp8dsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/vp8dsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/vp9dsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/vp9dsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/vp9dsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/vp9dsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/vp9dsp_init.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/vp9dsp_init.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/vp9dsp_init.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/vp9dsp_init.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/vp9dsp_init_10bpp.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/vp9dsp_init_10bpp.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/vp9dsp_init_10bpp.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/vp9dsp_init_10bpp.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/vp9dsp_init_12bpp.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/vp9dsp_init_12bpp.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/vp9dsp_init_12bpp.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/vp9dsp_init_12bpp.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/vp9dsp_init_16bpp.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/vp9dsp_init_16bpp.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/vp9dsp_init_16bpp.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/vp9dsp_init_16bpp.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/vp9dsp_init_16bpp_template.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/vp9dsp_init_16bpp_template.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/vp9dsp_init_16bpp_template.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/vp9dsp_init_16bpp_template.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/xvididct.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/xvididct.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/xvididct.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/xvididct.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/xvididct_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/xvididct_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/x86/xvididct_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/x86/xvididct_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/xiph.c b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/xiph.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/xiph.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/xiph.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/xiph.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/xiph.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/xiph.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/xiph.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/xvmc.h b/trunk/3rdparty/ffmpeg-4-fit/libavcodec/xvmc.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavcodec/xvmc.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavcodec/xvmc.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavdevice/alldevices.c b/trunk/3rdparty/ffmpeg-4-fit/libavdevice/alldevices.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavdevice/alldevices.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavdevice/alldevices.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavdevice/indev_list.c b/trunk/3rdparty/ffmpeg-4-fit/libavdevice/indev_list.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavdevice/indev_list.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavdevice/indev_list.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavdevice/outdev_list.c b/trunk/3rdparty/ffmpeg-4-fit/libavdevice/outdev_list.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavdevice/outdev_list.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavdevice/outdev_list.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavfilter/allfilters.c b/trunk/3rdparty/ffmpeg-4-fit/libavfilter/allfilters.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavfilter/allfilters.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavfilter/allfilters.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavfilter/avfilter.h b/trunk/3rdparty/ffmpeg-4-fit/libavfilter/avfilter.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavfilter/avfilter.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavfilter/avfilter.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavfilter/bufferqueue.h b/trunk/3rdparty/ffmpeg-4-fit/libavfilter/bufferqueue.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavfilter/bufferqueue.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavfilter/bufferqueue.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavfilter/filter_list.c b/trunk/3rdparty/ffmpeg-4-fit/libavfilter/filter_list.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavfilter/filter_list.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavfilter/filter_list.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavfilter/version.h b/trunk/3rdparty/ffmpeg-4-fit/libavfilter/version.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavfilter/version.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavfilter/version.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavfilter/window_func.h b/trunk/3rdparty/ffmpeg-4-fit/libavfilter/window_func.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavfilter/window_func.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavfilter/window_func.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavformat/allformats.c b/trunk/3rdparty/ffmpeg-4-fit/libavformat/allformats.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavformat/allformats.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavformat/allformats.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavformat/demuxer_list.c b/trunk/3rdparty/ffmpeg-4-fit/libavformat/demuxer_list.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavformat/demuxer_list.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavformat/demuxer_list.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavformat/muxer_list.c b/trunk/3rdparty/ffmpeg-4-fit/libavformat/muxer_list.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavformat/muxer_list.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavformat/muxer_list.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavformat/protocol_list.c b/trunk/3rdparty/ffmpeg-4-fit/libavformat/protocol_list.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavformat/protocol_list.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavformat/protocol_list.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavformat/protocols.c b/trunk/3rdparty/ffmpeg-4-fit/libavformat/protocols.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavformat/protocols.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavformat/protocols.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/Makefile b/trunk/3rdparty/ffmpeg-4-fit/libavutil/Makefile
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/Makefile
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/Makefile
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/aarch64/Makefile b/trunk/3rdparty/ffmpeg-4-fit/libavutil/aarch64/Makefile
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/aarch64/Makefile
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/aarch64/Makefile
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/aarch64/bswap.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/aarch64/bswap.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/aarch64/bswap.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/aarch64/bswap.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/aarch64/cpu.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/aarch64/cpu.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/aarch64/cpu.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/aarch64/cpu.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/aarch64/cpu.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/aarch64/cpu.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/aarch64/cpu.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/aarch64/cpu.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/aarch64/float_dsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/aarch64/float_dsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/aarch64/float_dsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/aarch64/float_dsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/aarch64/neontest.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/aarch64/neontest.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/aarch64/neontest.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/aarch64/neontest.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/aarch64/timer.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/aarch64/timer.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/aarch64/timer.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/aarch64/timer.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/adler32.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/adler32.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/adler32.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/adler32.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/adler32.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/adler32.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/adler32.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/adler32.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/aes.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/aes.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/aes.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/aes.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/aes.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/aes.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/aes.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/aes.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/aes_ctr.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/aes_ctr.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/aes_ctr.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/aes_ctr.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/aes_ctr.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/aes_ctr.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/aes_ctr.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/aes_ctr.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/aes_internal.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/aes_internal.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/aes_internal.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/aes_internal.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/arm/Makefile b/trunk/3rdparty/ffmpeg-4-fit/libavutil/arm/Makefile
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/arm/Makefile
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/arm/Makefile
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/arm/bswap.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/arm/bswap.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/arm/bswap.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/arm/bswap.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/arm/cpu.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/arm/cpu.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/arm/cpu.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/arm/cpu.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/arm/cpu.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/arm/cpu.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/arm/cpu.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/arm/cpu.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/arm/float_dsp_arm.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/arm/float_dsp_arm.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/arm/float_dsp_arm.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/arm/float_dsp_arm.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/arm/float_dsp_init_arm.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/arm/float_dsp_init_arm.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/arm/float_dsp_init_arm.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/arm/float_dsp_init_arm.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/arm/float_dsp_init_neon.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/arm/float_dsp_init_neon.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/arm/float_dsp_init_neon.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/arm/float_dsp_init_neon.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/arm/float_dsp_init_vfp.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/arm/float_dsp_init_vfp.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/arm/float_dsp_init_vfp.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/arm/float_dsp_init_vfp.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/arm/intmath.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/arm/intmath.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/arm/intmath.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/arm/intmath.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/arm/intreadwrite.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/arm/intreadwrite.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/arm/intreadwrite.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/arm/intreadwrite.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/arm/neontest.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/arm/neontest.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/arm/neontest.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/arm/neontest.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/arm/timer.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/arm/timer.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/arm/timer.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/arm/timer.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/attributes.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/attributes.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/attributes.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/attributes.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/audio_fifo.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/audio_fifo.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/audio_fifo.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/audio_fifo.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/audio_fifo.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/audio_fifo.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/audio_fifo.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/audio_fifo.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/avassert.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/avassert.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/avassert.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/avassert.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/avsscanf.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/avsscanf.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/avsscanf.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/avsscanf.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/avstring.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/avstring.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/avstring.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/avstring.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/avstring.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/avstring.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/avstring.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/avstring.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/avutil.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/avutil.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/avutil.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/avutil.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/avutilres.rc b/trunk/3rdparty/ffmpeg-4-fit/libavutil/avutilres.rc
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/avutilres.rc
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/avutilres.rc
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/base64.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/base64.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/base64.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/base64.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/base64.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/base64.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/base64.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/base64.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/blowfish.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/blowfish.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/blowfish.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/blowfish.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/blowfish.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/blowfish.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/blowfish.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/blowfish.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/bprint.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/bprint.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/bprint.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/bprint.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/bprint.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/bprint.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/bprint.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/bprint.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/bswap.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/bswap.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/bswap.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/bswap.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/buffer.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/buffer.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/buffer.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/buffer.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/buffer.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/buffer.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/buffer.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/buffer.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/buffer_internal.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/buffer_internal.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/buffer_internal.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/buffer_internal.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/camellia.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/camellia.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/camellia.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/camellia.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/camellia.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/camellia.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/camellia.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/camellia.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/cast5.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/cast5.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/cast5.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/cast5.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/cast5.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/cast5.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/cast5.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/cast5.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/channel_layout.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/channel_layout.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/channel_layout.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/channel_layout.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/channel_layout.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/channel_layout.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/channel_layout.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/channel_layout.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/color_utils.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/color_utils.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/color_utils.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/color_utils.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/color_utils.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/color_utils.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/color_utils.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/color_utils.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/colorspace.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/colorspace.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/colorspace.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/colorspace.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/common.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/common.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/common.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/common.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/cpu.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/cpu.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/cpu.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/cpu.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/cpu.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/cpu.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/cpu.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/cpu.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/cpu_internal.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/cpu_internal.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/cpu_internal.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/cpu_internal.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/crc.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/crc.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/crc.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/crc.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/crc.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/crc.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/crc.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/crc.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/des.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/des.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/des.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/des.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/des.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/des.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/des.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/des.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/dict.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/dict.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/dict.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/dict.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/dict.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/dict.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/dict.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/dict.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/display.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/display.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/display.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/display.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/display.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/display.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/display.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/display.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/downmix_info.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/downmix_info.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/downmix_info.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/downmix_info.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/downmix_info.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/downmix_info.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/downmix_info.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/downmix_info.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/dynarray.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/dynarray.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/dynarray.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/dynarray.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/encryption_info.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/encryption_info.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/encryption_info.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/encryption_info.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/encryption_info.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/encryption_info.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/encryption_info.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/encryption_info.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/error.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/error.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/error.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/error.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/error.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/error.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/error.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/error.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/eval.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/eval.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/eval.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/eval.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/eval.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/eval.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/eval.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/eval.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/ffmath.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/ffmath.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/ffmath.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/ffmath.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/fifo.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/fifo.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/fifo.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/fifo.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/fifo.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/fifo.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/fifo.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/fifo.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/file.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/file.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/file.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/file.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/file.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/file.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/file.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/file.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/file_open.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/file_open.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/file_open.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/file_open.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/fixed_dsp.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/fixed_dsp.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/fixed_dsp.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/fixed_dsp.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/fixed_dsp.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/fixed_dsp.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/fixed_dsp.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/fixed_dsp.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/float_dsp.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/float_dsp.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/float_dsp.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/float_dsp.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/float_dsp.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/float_dsp.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/float_dsp.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/float_dsp.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/frame.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/frame.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/frame.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/frame.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/frame.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/frame.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/frame.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/frame.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hash.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/hash.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hash.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/hash.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hash.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/hash.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hash.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/hash.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hdr_dynamic_metadata.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/hdr_dynamic_metadata.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hdr_dynamic_metadata.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/hdr_dynamic_metadata.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hdr_dynamic_metadata.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/hdr_dynamic_metadata.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hdr_dynamic_metadata.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/hdr_dynamic_metadata.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hmac.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/hmac.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hmac.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/hmac.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hmac.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/hmac.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hmac.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/hmac.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hwcontext.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/hwcontext.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hwcontext.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/hwcontext.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hwcontext.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/hwcontext.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hwcontext.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/hwcontext.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hwcontext_cuda.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/hwcontext_cuda.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hwcontext_cuda.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/hwcontext_cuda.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hwcontext_cuda.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/hwcontext_cuda.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hwcontext_cuda.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/hwcontext_cuda.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hwcontext_cuda_internal.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/hwcontext_cuda_internal.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hwcontext_cuda_internal.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/hwcontext_cuda_internal.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hwcontext_d3d11va.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/hwcontext_d3d11va.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hwcontext_d3d11va.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/hwcontext_d3d11va.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hwcontext_d3d11va.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/hwcontext_d3d11va.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hwcontext_d3d11va.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/hwcontext_d3d11va.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hwcontext_drm.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/hwcontext_drm.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hwcontext_drm.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/hwcontext_drm.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hwcontext_drm.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/hwcontext_drm.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hwcontext_drm.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/hwcontext_drm.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hwcontext_dxva2.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/hwcontext_dxva2.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hwcontext_dxva2.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/hwcontext_dxva2.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hwcontext_dxva2.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/hwcontext_dxva2.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hwcontext_dxva2.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/hwcontext_dxva2.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hwcontext_internal.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/hwcontext_internal.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hwcontext_internal.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/hwcontext_internal.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hwcontext_mediacodec.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/hwcontext_mediacodec.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hwcontext_mediacodec.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/hwcontext_mediacodec.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hwcontext_mediacodec.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/hwcontext_mediacodec.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hwcontext_mediacodec.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/hwcontext_mediacodec.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hwcontext_opencl.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/hwcontext_opencl.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hwcontext_opencl.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/hwcontext_opencl.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hwcontext_opencl.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/hwcontext_opencl.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hwcontext_opencl.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/hwcontext_opencl.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hwcontext_qsv.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/hwcontext_qsv.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hwcontext_qsv.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/hwcontext_qsv.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hwcontext_qsv.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/hwcontext_qsv.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hwcontext_qsv.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/hwcontext_qsv.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hwcontext_vaapi.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/hwcontext_vaapi.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hwcontext_vaapi.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/hwcontext_vaapi.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hwcontext_vaapi.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/hwcontext_vaapi.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hwcontext_vaapi.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/hwcontext_vaapi.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hwcontext_vdpau.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/hwcontext_vdpau.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hwcontext_vdpau.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/hwcontext_vdpau.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hwcontext_vdpau.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/hwcontext_vdpau.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hwcontext_vdpau.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/hwcontext_vdpau.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hwcontext_videotoolbox.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/hwcontext_videotoolbox.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hwcontext_videotoolbox.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/hwcontext_videotoolbox.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hwcontext_videotoolbox.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/hwcontext_videotoolbox.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/hwcontext_videotoolbox.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/hwcontext_videotoolbox.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/imgutils.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/imgutils.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/imgutils.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/imgutils.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/imgutils.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/imgutils.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/imgutils.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/imgutils.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/imgutils_internal.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/imgutils_internal.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/imgutils_internal.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/imgutils_internal.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/integer.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/integer.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/integer.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/integer.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/integer.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/integer.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/integer.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/integer.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/internal.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/internal.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/internal.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/internal.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/intfloat.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/intfloat.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/intfloat.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/intfloat.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/intmath.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/intmath.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/intmath.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/intmath.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/intmath.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/intmath.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/intmath.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/intmath.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/intreadwrite.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/intreadwrite.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/intreadwrite.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/intreadwrite.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/lfg.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/lfg.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/lfg.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/lfg.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/lfg.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/lfg.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/lfg.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/lfg.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/libm.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/libm.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/libm.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/libm.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/lls.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/lls.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/lls.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/lls.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/lls.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/lls.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/lls.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/lls.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/log.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/log.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/log.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/log.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/log.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/log.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/log.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/log.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/log2_tab.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/log2_tab.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/log2_tab.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/log2_tab.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/macros.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/macros.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/macros.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/macros.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/mastering_display_metadata.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/mastering_display_metadata.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/mastering_display_metadata.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/mastering_display_metadata.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/mastering_display_metadata.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/mastering_display_metadata.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/mastering_display_metadata.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/mastering_display_metadata.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/mathematics.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/mathematics.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/mathematics.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/mathematics.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/mathematics.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/mathematics.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/mathematics.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/mathematics.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/md5.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/md5.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/md5.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/md5.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/md5.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/md5.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/md5.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/md5.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/mem.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/mem.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/mem.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/mem.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/mem.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/mem.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/mem.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/mem.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/mem_internal.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/mem_internal.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/mem_internal.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/mem_internal.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/motion_vector.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/motion_vector.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/motion_vector.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/motion_vector.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/murmur3.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/murmur3.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/murmur3.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/murmur3.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/murmur3.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/murmur3.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/murmur3.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/murmur3.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/opt.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/opt.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/opt.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/opt.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/opt.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/opt.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/opt.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/opt.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/parseutils.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/parseutils.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/parseutils.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/parseutils.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/parseutils.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/parseutils.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/parseutils.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/parseutils.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/pixdesc.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/pixdesc.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/pixdesc.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/pixdesc.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/pixdesc.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/pixdesc.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/pixdesc.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/pixdesc.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/pixelutils.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/pixelutils.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/pixelutils.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/pixelutils.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/pixelutils.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/pixelutils.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/pixelutils.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/pixelutils.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/pixfmt.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/pixfmt.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/pixfmt.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/pixfmt.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/qsort.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/qsort.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/qsort.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/qsort.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/random_seed.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/random_seed.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/random_seed.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/random_seed.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/random_seed.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/random_seed.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/random_seed.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/random_seed.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/rational.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/rational.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/rational.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/rational.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/rational.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/rational.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/rational.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/rational.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/rc4.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/rc4.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/rc4.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/rc4.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/rc4.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/rc4.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/rc4.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/rc4.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/replaygain.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/replaygain.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/replaygain.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/replaygain.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/reverse.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/reverse.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/reverse.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/reverse.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/reverse.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/reverse.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/reverse.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/reverse.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/ripemd.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/ripemd.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/ripemd.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/ripemd.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/ripemd.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/ripemd.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/ripemd.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/ripemd.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/samplefmt.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/samplefmt.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/samplefmt.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/samplefmt.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/samplefmt.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/samplefmt.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/samplefmt.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/samplefmt.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/sha.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/sha.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/sha.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/sha.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/sha.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/sha.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/sha.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/sha.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/sha512.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/sha512.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/sha512.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/sha512.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/sha512.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/sha512.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/sha512.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/sha512.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/slicethread.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/slicethread.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/slicethread.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/slicethread.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/slicethread.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/slicethread.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/slicethread.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/slicethread.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/softfloat.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/softfloat.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/softfloat.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/softfloat.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/softfloat_ieee754.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/softfloat_ieee754.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/softfloat_ieee754.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/softfloat_ieee754.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/softfloat_tables.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/softfloat_tables.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/softfloat_tables.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/softfloat_tables.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/spherical.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/spherical.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/spherical.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/spherical.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/spherical.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/spherical.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/spherical.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/spherical.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/stereo3d.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/stereo3d.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/stereo3d.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/stereo3d.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/stereo3d.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/stereo3d.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/stereo3d.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/stereo3d.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/tea.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/tea.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/tea.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/tea.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/tea.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/tea.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/tea.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/tea.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/thread.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/thread.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/thread.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/thread.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/threadmessage.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/threadmessage.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/threadmessage.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/threadmessage.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/threadmessage.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/threadmessage.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/threadmessage.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/threadmessage.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/time.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/time.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/time.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/time.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/time.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/time.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/time.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/time.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/time_internal.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/time_internal.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/time_internal.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/time_internal.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/timecode.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/timecode.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/timecode.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/timecode.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/timecode.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/timecode.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/timecode.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/timecode.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/timer.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/timer.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/timer.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/timer.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/timestamp.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/timestamp.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/timestamp.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/timestamp.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/tree.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/tree.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/tree.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/tree.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/tree.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/tree.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/tree.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/tree.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/twofish.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/twofish.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/twofish.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/twofish.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/twofish.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/twofish.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/twofish.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/twofish.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/tx.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/tx.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/tx.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/tx.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/tx.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/tx.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/tx.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/tx.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/utils.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/utils.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/utils.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/utils.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/version.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/version.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/version.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/version.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/x86/Makefile b/trunk/3rdparty/ffmpeg-4-fit/libavutil/x86/Makefile
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/x86/Makefile
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/x86/Makefile
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/x86/asm.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/x86/asm.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/x86/asm.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/x86/asm.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/x86/bswap.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/x86/bswap.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/x86/bswap.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/x86/bswap.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/x86/cpu.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/x86/cpu.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/x86/cpu.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/x86/cpu.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/x86/cpu.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/x86/cpu.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/x86/cpu.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/x86/cpu.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/x86/cpuid.asm b/trunk/3rdparty/ffmpeg-4-fit/libavutil/x86/cpuid.asm
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/x86/cpuid.asm
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/x86/cpuid.asm
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/x86/emms.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/x86/emms.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/x86/emms.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/x86/emms.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/x86/fixed_dsp.asm b/trunk/3rdparty/ffmpeg-4-fit/libavutil/x86/fixed_dsp.asm
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/x86/fixed_dsp.asm
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/x86/fixed_dsp.asm
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/x86/fixed_dsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/x86/fixed_dsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/x86/fixed_dsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/x86/fixed_dsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/x86/float_dsp.asm b/trunk/3rdparty/ffmpeg-4-fit/libavutil/x86/float_dsp.asm
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/x86/float_dsp.asm
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/x86/float_dsp.asm
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/x86/float_dsp_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/x86/float_dsp_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/x86/float_dsp_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/x86/float_dsp_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/x86/imgutils.asm b/trunk/3rdparty/ffmpeg-4-fit/libavutil/x86/imgutils.asm
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/x86/imgutils.asm
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/x86/imgutils.asm
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/x86/imgutils_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/x86/imgutils_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/x86/imgutils_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/x86/imgutils_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/x86/intmath.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/x86/intmath.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/x86/intmath.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/x86/intmath.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/x86/intreadwrite.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/x86/intreadwrite.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/x86/intreadwrite.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/x86/intreadwrite.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/x86/lls.asm b/trunk/3rdparty/ffmpeg-4-fit/libavutil/x86/lls.asm
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/x86/lls.asm
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/x86/lls.asm
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/x86/lls_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/x86/lls_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/x86/lls_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/x86/lls_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/x86/pixelutils.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/x86/pixelutils.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/x86/pixelutils.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/x86/pixelutils.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/x86/pixelutils_init.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/x86/pixelutils_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/x86/pixelutils_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/x86/pixelutils_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/x86/timer.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/x86/timer.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/x86/timer.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/x86/timer.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/x86/w64xmmtest.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/x86/w64xmmtest.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/x86/w64xmmtest.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/x86/w64xmmtest.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/x86/x86inc.asm b/trunk/3rdparty/ffmpeg-4-fit/libavutil/x86/x86inc.asm
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/x86/x86inc.asm
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/x86/x86inc.asm
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/x86/x86util.asm b/trunk/3rdparty/ffmpeg-4-fit/libavutil/x86/x86util.asm
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/x86/x86util.asm
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/x86/x86util.asm
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/xga_font_data.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/xga_font_data.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/xga_font_data.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/xga_font_data.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/xga_font_data.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/xga_font_data.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/xga_font_data.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/xga_font_data.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/xtea.c b/trunk/3rdparty/ffmpeg-4-fit/libavutil/xtea.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/xtea.c
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/xtea.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libavutil/xtea.h b/trunk/3rdparty/ffmpeg-4-fit/libavutil/xtea.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libavutil/xtea.h
rename to trunk/3rdparty/ffmpeg-4-fit/libavutil/xtea.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libswresample/Makefile b/trunk/3rdparty/ffmpeg-4-fit/libswresample/Makefile
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libswresample/Makefile
rename to trunk/3rdparty/ffmpeg-4-fit/libswresample/Makefile
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libswresample/aarch64/Makefile b/trunk/3rdparty/ffmpeg-4-fit/libswresample/aarch64/Makefile
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libswresample/aarch64/Makefile
rename to trunk/3rdparty/ffmpeg-4-fit/libswresample/aarch64/Makefile
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libswresample/aarch64/audio_convert_init.c b/trunk/3rdparty/ffmpeg-4-fit/libswresample/aarch64/audio_convert_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libswresample/aarch64/audio_convert_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libswresample/aarch64/audio_convert_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libswresample/aarch64/resample_init.c b/trunk/3rdparty/ffmpeg-4-fit/libswresample/aarch64/resample_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libswresample/aarch64/resample_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libswresample/aarch64/resample_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libswresample/arm/Makefile b/trunk/3rdparty/ffmpeg-4-fit/libswresample/arm/Makefile
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libswresample/arm/Makefile
rename to trunk/3rdparty/ffmpeg-4-fit/libswresample/arm/Makefile
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libswresample/arm/audio_convert_init.c b/trunk/3rdparty/ffmpeg-4-fit/libswresample/arm/audio_convert_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libswresample/arm/audio_convert_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libswresample/arm/audio_convert_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libswresample/arm/resample_init.c b/trunk/3rdparty/ffmpeg-4-fit/libswresample/arm/resample_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libswresample/arm/resample_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libswresample/arm/resample_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libswresample/audioconvert.c b/trunk/3rdparty/ffmpeg-4-fit/libswresample/audioconvert.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libswresample/audioconvert.c
rename to trunk/3rdparty/ffmpeg-4-fit/libswresample/audioconvert.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libswresample/audioconvert.h b/trunk/3rdparty/ffmpeg-4-fit/libswresample/audioconvert.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libswresample/audioconvert.h
rename to trunk/3rdparty/ffmpeg-4-fit/libswresample/audioconvert.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libswresample/dither.c b/trunk/3rdparty/ffmpeg-4-fit/libswresample/dither.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libswresample/dither.c
rename to trunk/3rdparty/ffmpeg-4-fit/libswresample/dither.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libswresample/dither_template.c b/trunk/3rdparty/ffmpeg-4-fit/libswresample/dither_template.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libswresample/dither_template.c
rename to trunk/3rdparty/ffmpeg-4-fit/libswresample/dither_template.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libswresample/noise_shaping_data.c b/trunk/3rdparty/ffmpeg-4-fit/libswresample/noise_shaping_data.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libswresample/noise_shaping_data.c
rename to trunk/3rdparty/ffmpeg-4-fit/libswresample/noise_shaping_data.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libswresample/options.c b/trunk/3rdparty/ffmpeg-4-fit/libswresample/options.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libswresample/options.c
rename to trunk/3rdparty/ffmpeg-4-fit/libswresample/options.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libswresample/rematrix.c b/trunk/3rdparty/ffmpeg-4-fit/libswresample/rematrix.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libswresample/rematrix.c
rename to trunk/3rdparty/ffmpeg-4-fit/libswresample/rematrix.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libswresample/rematrix_template.c b/trunk/3rdparty/ffmpeg-4-fit/libswresample/rematrix_template.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libswresample/rematrix_template.c
rename to trunk/3rdparty/ffmpeg-4-fit/libswresample/rematrix_template.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libswresample/resample.c b/trunk/3rdparty/ffmpeg-4-fit/libswresample/resample.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libswresample/resample.c
rename to trunk/3rdparty/ffmpeg-4-fit/libswresample/resample.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libswresample/resample.h b/trunk/3rdparty/ffmpeg-4-fit/libswresample/resample.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libswresample/resample.h
rename to trunk/3rdparty/ffmpeg-4-fit/libswresample/resample.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libswresample/resample_dsp.c b/trunk/3rdparty/ffmpeg-4-fit/libswresample/resample_dsp.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libswresample/resample_dsp.c
rename to trunk/3rdparty/ffmpeg-4-fit/libswresample/resample_dsp.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libswresample/resample_template.c b/trunk/3rdparty/ffmpeg-4-fit/libswresample/resample_template.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libswresample/resample_template.c
rename to trunk/3rdparty/ffmpeg-4-fit/libswresample/resample_template.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libswresample/swresample.c b/trunk/3rdparty/ffmpeg-4-fit/libswresample/swresample.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libswresample/swresample.c
rename to trunk/3rdparty/ffmpeg-4-fit/libswresample/swresample.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libswresample/swresample.h b/trunk/3rdparty/ffmpeg-4-fit/libswresample/swresample.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libswresample/swresample.h
rename to trunk/3rdparty/ffmpeg-4-fit/libswresample/swresample.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libswresample/swresample_frame.c b/trunk/3rdparty/ffmpeg-4-fit/libswresample/swresample_frame.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libswresample/swresample_frame.c
rename to trunk/3rdparty/ffmpeg-4-fit/libswresample/swresample_frame.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libswresample/swresample_internal.h b/trunk/3rdparty/ffmpeg-4-fit/libswresample/swresample_internal.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libswresample/swresample_internal.h
rename to trunk/3rdparty/ffmpeg-4-fit/libswresample/swresample_internal.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libswresample/swresampleres.rc b/trunk/3rdparty/ffmpeg-4-fit/libswresample/swresampleres.rc
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libswresample/swresampleres.rc
rename to trunk/3rdparty/ffmpeg-4-fit/libswresample/swresampleres.rc
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libswresample/version.h b/trunk/3rdparty/ffmpeg-4-fit/libswresample/version.h
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libswresample/version.h
rename to trunk/3rdparty/ffmpeg-4-fit/libswresample/version.h
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libswresample/x86/Makefile b/trunk/3rdparty/ffmpeg-4-fit/libswresample/x86/Makefile
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libswresample/x86/Makefile
rename to trunk/3rdparty/ffmpeg-4-fit/libswresample/x86/Makefile
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libswresample/x86/audio_convert.asm b/trunk/3rdparty/ffmpeg-4-fit/libswresample/x86/audio_convert.asm
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libswresample/x86/audio_convert.asm
rename to trunk/3rdparty/ffmpeg-4-fit/libswresample/x86/audio_convert.asm
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libswresample/x86/audio_convert_init.c b/trunk/3rdparty/ffmpeg-4-fit/libswresample/x86/audio_convert_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libswresample/x86/audio_convert_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libswresample/x86/audio_convert_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libswresample/x86/rematrix.asm b/trunk/3rdparty/ffmpeg-4-fit/libswresample/x86/rematrix.asm
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libswresample/x86/rematrix.asm
rename to trunk/3rdparty/ffmpeg-4-fit/libswresample/x86/rematrix.asm
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libswresample/x86/rematrix_init.c b/trunk/3rdparty/ffmpeg-4-fit/libswresample/x86/rematrix_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libswresample/x86/rematrix_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libswresample/x86/rematrix_init.c
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libswresample/x86/resample.asm b/trunk/3rdparty/ffmpeg-4-fit/libswresample/x86/resample.asm
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libswresample/x86/resample.asm
rename to trunk/3rdparty/ffmpeg-4-fit/libswresample/x86/resample.asm
diff --git a/trunk/3rdparty/ffmpeg-4.2-fit/libswresample/x86/resample_init.c b/trunk/3rdparty/ffmpeg-4-fit/libswresample/x86/resample_init.c
similarity index 100%
rename from trunk/3rdparty/ffmpeg-4.2-fit/libswresample/x86/resample_init.c
rename to trunk/3rdparty/ffmpeg-4-fit/libswresample/x86/resample_init.c
diff --git a/trunk/3rdparty/libsrtp-2-fit/.clang-format b/trunk/3rdparty/libsrtp-2-fit/.clang-format
new file mode 100644
index 000000000..358e22272
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/.clang-format
@@ -0,0 +1,79 @@
+AccessModifierOffset: -4
+
+AlignAfterOpenBracket: Align
+AlignConsecutiveAssignments: false
+AlignConsecutiveDeclarations: false
+AlignEscapedNewlinesLeft: false
+AlignOperands:   true
+AlignTrailingComments: true
+
+AllowAllParametersOfDeclarationOnNextLine: false
+
+AllowShortBlocksOnASingleLine: false
+AllowShortCaseLabelsOnASingleLine: false
+AllowShortFunctionsOnASingleLine: Inline
+AllowShortIfStatementsOnASingleLine: false
+AllowShortLoopsOnASingleLine: false
+
+AlwaysBreakAfterDefinitionReturnType: None
+AlwaysBreakBeforeMultilineStrings: false
+AlwaysBreakTemplateDeclarations: false
+
+BinPackArguments: true
+BinPackParameters: false
+BraceWrapping:
+  AfterControlStatement: false
+  AfterEnum:       false
+  AfterFunction:   true
+  AfterStruct:     false
+  AfterUnion:      false
+  BeforeCatch:     false
+  BeforeElse:      false
+  IndentBraces:    false
+
+BreakBeforeBinaryOperators: None
+BreakBeforeBraces: Custom
+BreakBeforeTernaryOperators: true
+
+ColumnLimit:     80
+CommentPragmas:  '^ IWYU pragma:'
+ContinuationIndentWidth: 4
+DerivePointerAlignment: false
+DisableFormat:   false
+ExperimentalAutoDetectBinPacking: false
+
+IndentCaseLabels: false
+IndentWidth:     4
+IndentWrappedFunctionNames: false
+
+KeepEmptyLinesAtTheStartOfBlocks: false
+
+MaxEmptyLinesToKeep: 1
+
+PenaltyBreakBeforeFirstCallParameter: 16
+PenaltyBreakComment: 300
+PenaltyBreakFirstLessLess: 120
+PenaltyBreakString: 1000
+PenaltyExcessCharacter: 1000
+PenaltyReturnTypeOnItsOwnLine: 9000
+
+Cpp11BracedListStyle: false
+
+PointerAlignment: Right
+
+ReflowComments:  true
+
+SortIncludes: false
+
+SpaceAfterCStyleCast: false
+SpaceBeforeAssignmentOperators: true
+SpaceBeforeParens: ControlStatements
+SpaceInEmptyParentheses: false
+SpacesBeforeTrailingComments: 1
+SpacesInAngles:  false
+SpacesInContainerLiterals: true
+SpacesInCStyleCastParentheses: false
+SpacesInParentheses: false
+SpacesInSquareBrackets: false
+TabWidth:        4
+UseTab:          Never
diff --git a/trunk/3rdparty/libsrtp-2-fit/.gitignore b/trunk/3rdparty/libsrtp-2-fit/.gitignore
new file mode 100644
index 000000000..c8b1235a2
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/.gitignore
@@ -0,0 +1,49 @@
+# Misc crap
+*~
+old
+old?
+*.pc
+
+# Object files
+*.o
+
+# Libraries
+*.lib
+*.a
+
+# Shared objects (inc. Windows DLLs)
+*.dll
+*.so
+*.so.*
+*.dylib
+
+# Executables
+*.exe
+*.out
+*.app
+
+# srtp things
+build
+Debug
+Makefile
+Root
+autom4te.cache
+config.log
+config.status
+crypto/include/config.h
+crypto/test/aes_calc
+crypto/test/cipher_driver
+crypto/test/datatypes_driver
+crypto/test/env
+crypto/test/kernel_driver
+crypto/test/sha1_driver
+crypto/test/stat_driver
+tables/aes_tables
+test/dtls_srtp_driver
+test/rdbx_driver
+test/replay_driver
+test/roc_driver
+test/rtp_decoder
+test/rtpw
+test/srtp_driver
+test/test_srtp
diff --git a/trunk/3rdparty/libsrtp-2-fit/.travis.yml b/trunk/3rdparty/libsrtp-2-fit/.travis.yml
new file mode 100644
index 000000000..0994588a2
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/.travis.yml
@@ -0,0 +1,259 @@
+dist: xenial
+sudo: false
+language: c
+
+env:
+  global:
+    - secure: "QD09MuUxftXRXtz7ZrB7S0NV/3O9yVhjvIlCSbXN8B87rNSDC8wxMThKMT7iZewnqGk53m+Up19PiMw5ERlHose5tm2cmY1FO/l+c9oAyWZaAL+4XNXryq6zI5F5FX5I61NbfqV3xcnfLTI2QIJF6WqDojNxhPjTbNzQGxIDuqw="
+
+matrix:
+  include:
+
+    # linux build
+    - os: linux
+      env:
+        - TEST="linux (gcc / valgrind)"
+      addons:
+        apt:
+          sources:
+            - ubuntu-toolchain-r-test
+          packages:
+            - gcc-6
+            - valgrind
+      script:
+        - CC=gcc-6 EXTRA_CFLAGS=-Werror ./configure
+        - make
+        - make runtest
+        - make runtest-valgrind
+        - make distclean
+        - mkdir build && cd build
+        - cmake ..
+        - make
+        - make test
+
+    # linux build with openssl
+    - os: linux
+      env:
+        - TEST="linux openssl (gcc / valgrind)"
+      addons:
+        apt:
+          sources:
+            - ubuntu-toolchain-r-test
+          packages:
+            - gcc-6
+            - valgrind
+      script:
+        - CC=gcc-6 EXTRA_CFLAGS=-Werror ./configure --enable-openssl
+        - make
+        - make runtest
+        - make runtest-valgrind
+        - make distclean
+        - mkdir build && cd build
+        - cmake -DENABLE_OPENSSL=ON ..
+        - make
+        - make test
+        - cd ..
+        - mkdir build_shared && cd build_shared
+        - cmake -DENABLE_OPENSSL=ON -DBUILD_SHARED_LIBS=ON ..
+        - make
+        - make test
+
+    # linux build with openssl and clang
+    - os: linux
+      env:
+        - TEST="linux openssl (clang)"
+      addons:
+        apt:
+          packages:
+            - clang
+      script:
+        - CC=clang EXTRA_CFLAGS=-Werror ./configure --enable-openssl
+        - make
+        - make runtest
+
+    # linux build with nss
+    - os: linux
+      env:
+        - TEST="linux nss (gcc / valgrind)"
+      addons:
+        apt:
+          sources:
+            - ubuntu-toolchain-r-test
+          packages:
+            - gcc-6
+            - valgrind
+            - libnss3-dev
+      script:
+        - CC=gcc-6 EXTRA_CFLAGS=-Werror ./configure --enable-nss
+        - make
+        - make runtest
+        - make runtest-valgrind
+
+    # default osx build
+    - os: osx
+      env:
+        - TEST="osx"
+      script:
+        - EXTRA_CFLAGS=-Werror ./configure
+        - make
+        - make runtest
+        - make distclean
+        - mkdir build && cd build
+        - cmake ..
+        - make
+        - make test
+
+    # osx build with openssl
+    - os: osx
+      osx_image: xcode11.2
+      env:
+        - TEST="osx openssl"
+      before_install:
+            - brew install openssl@1.1
+      script:
+        - PKG_CONFIG_PATH=$(brew --prefix openssl@1.1)/lib/pkgconfig EXTRA_CFLAGS=-Werror ./configure --enable-openssl
+        - make
+        - make runtest
+        - make distclean
+        - mkdir build && cd build
+        - cmake -DOPENSSL_ROOT_DIR=$(brew --prefix openssl@1.1) -DENABLE_OPENSSL=ON ..
+        - make
+        - make test
+
+    # osx build with nss
+    - os: osx
+      osx_image: xcode11.2
+      env:
+        - TEST="osx nss"
+      script:
+        - PKG_CONFIG_PATH=$(brew --prefix nss)/lib/pkgconfig EXTRA_CFLAGS=-Werror ./configure --enable-nss
+        - make
+        - make runtest
+
+    # code format check
+    - os: linux
+      env:
+        - TEST="clang-format"
+      addons:
+        apt:
+          packages:
+            - clang-format-3.9
+      script:
+        - CLANG_FORMAT=clang-format-3.9 ./format.sh -d
+
+    # big-endian
+    - os: linux
+      sudo: true
+      env:
+        - TEST="big-endian"
+      services:
+        - docker
+      addons:
+        apt:
+          packages:
+            - qemu-user-static
+            - qemu-system-mips
+      before_install:
+        - sudo docker run --volume $(pwd):/src --workdir /src --name mipsX --tty --detach ubuntu:16.04 tail
+        - sudo docker exec --tty mipsX apt-get update
+        - sudo docker exec --tty mipsX apt-get install build-essential -y
+        - sudo docker exec --tty mipsX apt-get install gcc-mips-linux-gnu -y
+      script:
+        - sudo docker exec --tty mipsX bash -c 'EXTRA_CFLAGS=-static CC=mips-linux-gnu-gcc ./configure --host=mips-linux-gnu'
+        - sudo docker exec --tty mipsX make
+        - sudo docker kill mipsX
+        - file test/srtp_driver
+        - make runtest
+
+    # linux build of fuzzer
+    - os: linux
+      env:
+        - TEST="fuzzer (build only)"
+      addons:
+        apt:
+          packages:
+            - clang
+      script:
+        - CC=clang CXX=clang++ CXXFLAGS="-fsanitize=fuzzer-no-link,address,undefined -g -O3" CFLAGS="-fsanitize=fuzzer-no-link,address,undefined -g -O3" LDFLAGS="-fsanitize=fuzzer-no-link,address,undefined" ./configure
+        - LIBFUZZER="-fsanitize=fuzzer" make srtp-fuzzer
+
+    # coverity scan
+    - os: linux
+      env:
+        - TEST="Coverity Scan"
+      addons:
+        coverity_scan:
+          project:
+            name: "cisco-libSRTP"
+            description: "Build submitted via Travis CI"
+            version: 2
+          notification_email: pabuhler@cisco.com
+          build_command_prepend: "./configure"
+          build_command: "make"
+          branch_pattern: master
+      script:
+        - echo -n | openssl s_client -connect scan.coverity.com:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | sudo tee -a /etc/ssl/certs/ca-
+
+    # windows build
+    - os: windows
+      env:
+        - TEST="windows"
+      script:
+        - export PATH="c:\Program Files (x86)\Microsoft Visual Studio\2017\BuildTools\MSBuild\15.0\Bin":$PATH
+        - mkdir build && cd build
+        - cmake -G "Visual Studio 15 2017" ..
+        - msbuild.exe libsrtp2.sln -p:Configuration=Release
+        - msbuild.exe RUN_TESTS.vcxproj -p:Configuration=Release
+        - cd ..
+        - mkdir build_shared && cd build_shared
+        - cmake -G "Visual Studio 15 2017" -DBUILD_SHARED_LIBS=ON ..
+        - msbuild.exe libsrtp2.sln -p:Configuration=Release
+        - msbuild.exe RUN_TESTS.vcxproj -p:Configuration=Release
+
+    # android build
+    - os: linux
+      env:
+        - TEST="android"
+      script:
+        - wget -q https://dl.google.com/android/repository/android-ndk-r20b-linux-x86_64.zip
+        - unzip -qq android-ndk-r20b-linux-x86_64.zip
+        - ANDROID_NDK=`pwd`/android-ndk-r20b
+        - mkdir build_android
+        - cd build_android
+        - cmake -DCMAKE_TOOLCHAIN_FILE=$ANDROID_NDK/build/cmake/android.toolchain.cmake -DANDROID_ABI=arm64-v8a ..
+        - make
+        - cd ..
+        - TOOLCHAIN=$ANDROID_NDK/toolchains/llvm/prebuilt/linux-x86_64
+          AR=$TOOLCHAIN/bin/aarch64-linux-android-ar
+          AS=$TOOLCHAIN/bin/aarch64-linux-android-as
+          CC=$TOOLCHAIN/bin/aarch64-linux-android21-clang
+          CXX=$TOOLCHAIN/bin/aarch64-linux-android21-clang++
+          LD=$TOOLCHAIN/bin/aarch64-linux-android-ld
+          RANLIB=$TOOLCHAIN/bin/aarch64-linux-android-ranlib
+          STRIP=$TOOLCHAIN/bin/aarch64-linux-android-strip
+          ./configure --host aarch64-linux-android
+        - make
+
+    # ios build with openssl
+    - os: osx
+      osx_image: xcode11.2
+      env:
+        - TEST="ios"
+      script:
+        - wget -q https://raw.githubusercontent.com/leetal/ios-cmake/master/ios.toolchain.cmake
+        - mkdir build && cd build
+        - cmake -DCMAKE_TOOLCHAIN_FILE=../ios.toolchain.cmake  -DPLATFORM=OS64 ..
+        - make
+        - cd ..
+        - CFLAGS="-arch arm64 --sysroot=$(xcrun --sdk iphoneos --show-sdk-path) -miphoneos-version-min=8.0 -fembed-bitcode"
+          LDFLAGS="-arch arm64 --sysroot=$(xcrun --sdk iphoneos --show-sdk-path) -miphoneos-version-min=8.0 -fembed-bitcode"
+          AR="$(xcrun --find --sdk iphoneos ar)"
+          AS="$(xcrun --find --sdk iphoneos as)"
+          CC="$(xcrun --find --sdk iphoneos clang)"
+          CXX="$(xcrun --find --sdk iphoneos clang++)"
+          LD="$(xcrun --find --sdk iphoneos ld)"
+          RANLIB="$(xcrun --find --sdk iphoneos ranlib)"
+          STRIP="$(xcrun --find --sdk iphoneos strip)"
+          ./configure --host arm-apple-darwin
+        - make
+        - make shared_library
diff --git a/trunk/3rdparty/libsrtp-2-fit/LICENSE b/trunk/3rdparty/libsrtp-2-fit/LICENSE
new file mode 100644
index 000000000..af0a2ac31
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/LICENSE
@@ -0,0 +1,35 @@
+/*
+ *	
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ * 
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ * 
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
diff --git a/trunk/3rdparty/libsrtp-2-fit/Makefile.in b/trunk/3rdparty/libsrtp-2-fit/Makefile.in
new file mode 100644
index 000000000..b782fb1f6
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/Makefile.in
@@ -0,0 +1,331 @@
+# Makefile for secure rtp
+#
+# David A. McGrew
+# Cisco Systems, Inc.
+
+# targets:
+#
+# runtest       runs test applications
+# runtest-valgrind runs test applications with valgrind
+# test		builds test applications
+# libsrtp2.a	static library implementing srtp
+# libsrtp2.so	shared library implementing srtp
+# clean		removes objects, libs, and executables
+# distribution  cleans and builds a .tgz
+# tags          builds etags file from all .c and .h files
+
+DYNAMIC_PATH_VAR = @DYNAMIC_PATH_VAR@
+CRYPTO_LIBDIR = @CRYPTO_LIBDIR@
+USE_EXTERNAL_CRYPTO = @USE_EXTERNAL_CRYPTO@
+HAVE_PCAP = @HAVE_PCAP@
+
+# Specify how tests should find shared libraries on macOS and Linux
+#
+# macOS purges DYLD_LIBRARY_PATH when spawning subprocesses, so it's
+# not possible to pass this in from the outside; we have to specify
+# it for any subprocesses we call. No support for dynamic linked
+# tests on Windows.
+ifneq ($(strip $(CRYPTO_LIBDIR)),)
+	ifneq ($(OS),Windows_NT)
+		UNAME_S = $(shell uname -s)
+		ifeq ($(UNAME_S),Linux)
+			FIND_LIBRARIES = LD_LIBRARY_PATH=$(CRYPTO_LIBDIR)
+		endif
+		ifeq ($(UNAME_S),Darwin)
+			FIND_LIBRARIES = DYLD_LIBRARY_PATH=$(CRYPTO_LIBDIR)
+		endif
+		CRYPTO_LIBDIR_FORWARD = CRYPTO_LIBDIR=$(CRYPTO_LIBDIR)
+	endif
+endif
+
+.PHONY: all shared_library test
+
+all: test
+
+runtest: test
+	@echo "running libsrtp2 test applications..."
+	$(FIND_LIBRARIES) crypto/test/cipher_driver$(EXE) -v >/dev/null
+	$(FIND_LIBRARIES) crypto/test/kernel_driver$(EXE) -v >/dev/null
+	$(FIND_LIBRARIES) test/test_srtp$(EXE) >/dev/null
+	$(FIND_LIBRARIES) test/rdbx_driver$(EXE) -v >/dev/null
+	$(FIND_LIBRARIES) test/srtp_driver$(EXE) -v >/dev/null
+	$(FIND_LIBRARIES) test/roc_driver$(EXE) -v >/dev/null
+	$(FIND_LIBRARIES) test/replay_driver$(EXE) -v >/dev/null
+	$(FIND_LIBRARIES) test/dtls_srtp_driver$(EXE) >/dev/null
+	cd test; $(CRYPTO_LIBDIR_FORWARD) $(abspath $(srcdir))/test/rtpw_test.sh -w $(abspath $(srcdir))/test/words.txt >/dev/null
+ifeq (1, $(USE_EXTERNAL_CRYPTO))
+	cd test; $(CRYPTO_LIBDIR_FORWARD) $(abspath $(srcdir))/test/rtpw_test_gcm.sh -w $(abspath $(srcdir))/test/words.txt >/dev/null
+endif
+	@echo "libsrtp2 test applications passed."
+	$(MAKE) -C crypto runtest
+
+runtest-valgrind: test
+	@echo "running libsrtp2 test applications... (valgrind)"
+	valgrind --error-exitcode=1 --leak-check=full test/test_srtp$(EXE) -v >/dev/null
+	valgrind --error-exitcode=1 --leak-check=full test/srtp_driver$(EXE) -v >/dev/null
+	@echo "libsrtp2 test applications passed. (valgrind)"
+
+# makefile variables
+
+CC	= @CC@
+CXX	= @CXX@
+INCDIR	= -Icrypto/include -I$(srcdir)/include -I$(srcdir)/crypto/include
+DEFS	= @DEFS@
+CPPFLAGS= @CPPFLAGS@
+CFLAGS	= @CFLAGS@
+CXXFLAGS= @CXXFLAGS@
+srtp-fuzzer: CFLAGS += -g
+srtp-fuzzer: CXXFLAGS += -g
+LIBS	= @LIBS@
+LDFLAGS	= -L. @LDFLAGS@
+COMPILE = $(CC) $(DEFS) $(INCDIR) $(CPPFLAGS) $(CFLAGS)
+SRTPLIB	= -lsrtp2
+PCAP_LIB = @PCAP_LIB@
+
+AR      = @AR@
+RANLIB	= @RANLIB@
+INSTALL	= @INSTALL@
+
+# EXE defines the suffix on executables - it's .exe for Windows, and
+# null on linux, bsd, and OS X and other OSes.
+EXE	= @EXE@
+
+HMAC_OBJS = @HMAC_OBJS@
+AES_ICM_OBJS = @AES_ICM_OBJS@
+
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+top_builddir = @top_builddir@
+VPATH = @srcdir@
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+includedir = @includedir@
+libdir = @libdir@
+bindir = @bindir@
+
+pkgconfigdir = $(libdir)/pkgconfig
+pkgconfig_DATA = libsrtp2.pc
+
+SHAREDLIBVERSION = 1
+ifneq (,$(or $(findstring linux,@host@), $(findstring gnu,@host@)))
+SHAREDLIB_DIR = $(libdir)
+SHAREDLIB_LDFLAGS = -shared -Wl,-soname,$@
+SHAREDLIBSUFFIXNOVER = so
+SHAREDLIBSUFFIX = $(SHAREDLIBSUFFIXNOVER).$(SHAREDLIBVERSION)
+else ifneq (,$(or $(findstring cygwin,@host@), $(findstring mingw,@host@)))
+SHAREDLIB_DIR = $(bindir)
+SHAREDLIB_LDFLAGS = -shared -Wl,--out-implib,libsrtp2.dll.a
+SHAREDLIBVERSION =
+SHAREDLIBSUFFIXNOVER = dll
+SHAREDLIBSUFFIX = $(SHAREDLIBSUFFIXNOVER)
+else ifeq (darwin,$(findstring darwin,@host@))
+SHAREDLIB_DIR = $(libdir)
+SHAREDLIB_LDFLAGS = -dynamiclib -twolevel_namespace \
+		-fno-common -headerpad_max_install_names -install_name $(libdir)/$@
+SHAREDLIBSUFFIXNOVER = dylib
+SHAREDLIBSUFFIX = $(SHAREDLIBVERSION).$(SHAREDLIBSUFFIXNOVER)
+endif
+
+# implicit rules for object files and test apps
+
+%.o: %.c
+	$(COMPILE) -c $< -o $@
+
+%$(EXE): %.c
+	$(COMPILE) $(LDFLAGS) $< -o $@ $(SRTPLIB) $(LIBS)
+
+ciphers = crypto/cipher/cipher.o crypto/cipher/null_cipher.o      \
+		  $(AES_ICM_OBJS)
+
+hashes  = crypto/hash/null_auth.o  crypto/hash/auth.o            \
+	  $(HMAC_OBJS)
+
+replay  = crypto/replay/rdb.o crypto/replay/rdbx.o               \
+		  crypto/replay/ut_sim.o
+
+math    = crypto/math/datatypes.o crypto/math/stat.o
+
+ust     = crypto/ust/ust.o
+
+err     = crypto/kernel/err.o
+
+kernel  = crypto/kernel/crypto_kernel.o  crypto/kernel/alloc.o   \
+		  crypto/kernel/key.o $(err) # $(ust)
+
+cryptobj =  $(ciphers) $(hashes) $(math) $(kernel) $(replay)
+
+# libsrtp2.a (implements srtp processing)
+
+srtpobj = srtp/srtp.o srtp/ekt.o
+
+libsrtp2.a: $(srtpobj) $(cryptobj) $(gdoi)
+	$(AR) cr libsrtp2.a $^
+	$(RANLIB) libsrtp2.a
+
+libsrtp2.$(SHAREDLIBSUFFIX): $(srtpobj) $(cryptobj) $(gdoi)
+	$(CC) -shared -o $@ $(SHAREDLIB_LDFLAGS) \
+				$^ $(LDFLAGS) $(LIBS)
+	if [ -n "$(SHAREDLIBVERSION)" ]; then \
+		ln -sfn $@ libsrtp2.$(SHAREDLIBSUFFIXNOVER); \
+	fi
+
+shared_library: libsrtp2.$(SHAREDLIBSUFFIX)
+
+libsrtp2.so: $(srtpobj) $(cryptobj)
+	$(CC) -shared -Wl,-soname,libsrtp2.so \
+		-o libsrtp2.so $^ $(LDFLAGS)
+
+# test applications
+ifneq (1, $(USE_EXTERNAL_CRYPTO))
+AES_CALC = crypto/test/aes_calc$(EXE)
+endif
+
+crypto_testapp = $(AES_CALC) crypto/test/cipher_driver$(EXE) \
+	crypto/test/datatypes_driver$(EXE) crypto/test/kernel_driver$(EXE) \
+	crypto/test/sha1_driver$(EXE) crypto/test/stat_driver$(EXE) \
+	crypto/test/env$(EXE)
+
+testapp = $(crypto_testapp) test/srtp_driver$(EXE) test/replay_driver$(EXE) \
+	  test/roc_driver$(EXE) test/rdbx_driver$(EXE) test/rtpw$(EXE) \
+	  test/dtls_srtp_driver$(EXE) test/test_srtp$(EXE)
+
+ifeq (1, $(HAVE_PCAP))
+testapp += test/rtp_decoder$(EXE)
+endif
+
+$(testapp): libsrtp2.a
+
+test/rtpw$(EXE): test/rtpw.c test/rtp.c test/util.c test/getopt_s.c \
+		crypto/math/datatypes.c
+	$(COMPILE) $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB)
+
+ifeq (1, $(HAVE_PCAP))
+test/rtp_decoder$(EXE): test/rtp_decoder.c test/rtp.c test/util.c test/getopt_s.c \
+		crypto/math/datatypes.c
+	$(COMPILE) $(LDFLAGS) -o $@ $^ $(PCAP_LIB) $(LIBS) $(SRTPLIB)
+endif
+
+crypto/test/aes_calc$(EXE): crypto/test/aes_calc.c test/util.c
+	$(COMPILE) -I$(srcdir)/test $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB)
+
+test/test_srtp$(EXE): test/test_srtp.c
+	$(COMPILE) -I$(srcdir)/test $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB)
+
+crypto/test/datatypes_driver$(EXE): crypto/test/datatypes_driver.c test/util.c
+	$(COMPILE) -I$(srcdir)/test $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB)
+
+crypto/test/sha1_driver$(EXE): crypto/test/sha1_driver.c test/util.c
+	$(COMPILE) -I$(srcdir)/test $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB)
+
+test/srtp_driver$(EXE): test/srtp_driver.c test/util.c test/getopt_s.c
+	$(COMPILE) $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB)
+
+test/rdbx_driver$(EXE): test/rdbx_driver.c test/getopt_s.c
+	$(COMPILE) $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB)
+
+test/dtls_srtp_driver$(EXE): test/dtls_srtp_driver.c test/getopt_s.c test/util.c
+	$(COMPILE) $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB)
+
+crypto/test/cipher_driver$(EXE): crypto/test/cipher_driver.c test/getopt_s.c
+	$(COMPILE) $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB)
+
+crypto/test/kernel_driver$(EXE): crypto/test/kernel_driver.c test/getopt_s.c
+	$(COMPILE) $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB)
+
+crypto/test/env$(EXE): crypto/test/env.c test/getopt_s.c
+	$(COMPILE) $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB)
+
+test: $(testapp)
+	@echo "Build done. Please run '$(MAKE) runtest' to run self tests."
+
+memtest: test/srtp_driver
+	@test/srtp_driver -v -d "alloc" > tmp
+	@grep freed tmp | wc -l > freed
+	@grep allocated tmp | wc -l > allocated
+	@echo "checking for memory leaks (only works with --enable-stdout)"
+	cmp -s allocated freed
+	@echo "passed (same number of alloc() and dealloc() calls found)"
+	@rm freed allocated tmp
+
+# the target 'plot' runs the timing test (test/srtp_driver -t) then
+# uses gnuplot to produce plots of the results - see the script file
+# 'timing'
+
+plot:	test/srtp_driver
+	test/srtp_driver -t > timing.dat
+
+
+# bookkeeping: tags, clean, and distribution
+
+tags:
+	etags */*.[ch] */*/*.[ch]
+
+
+# documentation - the target libsrtp2doc builds html documentation
+
+libsrtp2doc:
+	$(MAKE) -C doc
+
+# fuzzer
+
+srtp-fuzzer: libsrtp2.a
+	$(MAKE) -C fuzzer
+
+.PHONY: clean superclean distclean install
+
+install:
+	$(INSTALL) -d $(DESTDIR)$(includedir)/srtp2
+	$(INSTALL) -d $(DESTDIR)$(libdir)
+	cp $(srcdir)/include/srtp.h $(DESTDIR)$(includedir)/srtp2
+	cp $(srcdir)/crypto/include/cipher.h $(DESTDIR)$(includedir)/srtp2
+	cp $(srcdir)/crypto/include/auth.h $(DESTDIR)$(includedir)/srtp2
+	cp $(srcdir)/crypto/include/crypto_types.h $(DESTDIR)$(includedir)/srtp2
+	if [ -f libsrtp2.a ]; then cp libsrtp2.a $(DESTDIR)$(libdir)/; fi
+	if [ -f libsrtp2.dll.a ]; then cp libsrtp2.dll.a $(DESTDIR)$(libdir)/; fi
+	if [ -f libsrtp2.$(SHAREDLIBSUFFIX) ]; then \
+		$(INSTALL) -d $(DESTDIR)$(SHAREDLIB_DIR); \
+		cp libsrtp2.$(SHAREDLIBSUFFIX) $(DESTDIR)$(SHAREDLIB_DIR)/; \
+		cp libsrtp2.$(SHAREDLIBSUFFIXNOVER) $(DESTDIR)$(SHAREDLIB_DIR)/; \
+		if [ -n "$(SHAREDLIBVERSION)" ]; then \
+			ln -sfn libsrtp2.$(SHAREDLIBSUFFIX) $(DESTDIR)$(SHAREDLIB_DIR)/libsrtp2.$(SHAREDLIBSUFFIXNOVER); \
+		fi; \
+	fi
+	$(INSTALL) -d $(DESTDIR)$(pkgconfigdir)
+	cp $(top_builddir)/$(pkgconfig_DATA) $(DESTDIR)$(pkgconfigdir)/
+
+uninstall:
+	rm -f $(DESTDIR)$(includedir)/srtp2/*.h
+	rm -f $(DESTDIR)$(libdir)/libsrtp2.*
+	-rmdir $(DESTDIR)$(includedir)/srtp2
+	rm -f $(DESTDIR)$(pkgconfigdir)/$(pkgconfig_DATA)
+
+clean:
+	rm -rf $(cryptobj) $(srtpobj) TAGS \
+		libsrtp2.a libsrtp2.so libsrtp2.dll.a core *.core test/core
+	for a in * */* */*/*; do			\
+			  if [ -f "$$a~" ] ; then rm -f $$a~; fi;	\
+		done;
+	for a in $(testapp); do rm -rf $$a$(EXE); done
+	rm -rf *.pict *.jpg *.dat
+	rm -rf freed allocated tmp
+	$(MAKE) -C doc clean
+	$(MAKE) -C fuzzer clean
+
+superclean: clean
+	rm -rf crypto/include/config.h config.log config.cache config.status \
+			   Makefile crypto/Makefile doc/Makefile \
+			   .gdb_history test/.gdb_history .DS_Store
+	rm -rf autom4te.cache
+
+distclean: superclean
+
+distname = libsrtp-$(shell cat VERSION)
+
+distribution: runtest superclean
+	if ! [ -f VERSION ]; then exit 1; fi
+	if [ -f ../$(distname).tgz ]; then               \
+		   mv ../$(distname).tgz ../$(distname).tgz.bak; \
+		fi
+	cd ..; tar cvzf $(distname).tgz libsrtp
+
+# EOF
diff --git a/trunk/3rdparty/libsrtp-2-fit/config.guess b/trunk/3rdparty/libsrtp-2-fit/config.guess
new file mode 100755
index 000000000..c4bd827a7
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/config.guess
@@ -0,0 +1,1456 @@
+#! /bin/sh
+# Attempt to guess a canonical system name.
+#   Copyright 1992-2016 Free Software Foundation, Inc.
+
+timestamp='2016-05-15'
+
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that
+# program.  This Exception is an additional permission under section 7
+# of the GNU General Public License, version 3 ("GPLv3").
+#
+# Originally written by Per Bothner; maintained since 2000 by Ben Elliston.
+#
+# You can get the latest version of this script from:
+# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess
+#
+# Please send patches to <config-patches@gnu.org>.
+
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION]
+
+Output the configuration name of the system \`$me' is run on.
+
+Operation modes:
+  -h, --help         print this help, then exit
+  -t, --time-stamp   print date of last modification, then exit
+  -v, --version      print version number, then exit
+
+Report bugs and patches to <config-patches@gnu.org>."
+
+version="\
+GNU config.guess ($timestamp)
+
+Originally written by Per Bothner.
+Copyright 1992-2016 Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+  case $1 in
+    --time-stamp | --time* | -t )
+       echo "$timestamp" ; exit ;;
+    --version | -v )
+       echo "$version" ; exit ;;
+    --help | --h* | -h )
+       echo "$usage"; exit ;;
+    -- )     # Stop option processing
+       shift; break ;;
+    - )	# Use stdin as input.
+       break ;;
+    -* )
+       echo "$me: invalid option $1$help" >&2
+       exit 1 ;;
+    * )
+       break ;;
+  esac
+done
+
+if test $# != 0; then
+  echo "$me: too many arguments$help" >&2
+  exit 1
+fi
+
+trap 'exit 1' 1 2 15
+
+# CC_FOR_BUILD -- compiler used by this script. Note that the use of a
+# compiler to aid in system detection is discouraged as it requires
+# temporary files to be created and, as you can see below, it is a
+# headache to deal with in a portable fashion.
+
+# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
+# use `HOST_CC' if defined, but it is deprecated.
+
+# Portable tmp directory creation inspired by the Autoconf team.
+
+set_cc_for_build='
+trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ;
+trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ;
+: ${TMPDIR=/tmp} ;
+ { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
+ { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } ||
+ { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } ||
+ { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ;
+dummy=$tmp/dummy ;
+tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ;
+case $CC_FOR_BUILD,$HOST_CC,$CC in
+ ,,)    echo "int x;" > $dummy.c ;
+	for c in cc gcc c89 c99 ; do
+	  if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then
+	     CC_FOR_BUILD="$c"; break ;
+	  fi ;
+	done ;
+	if test x"$CC_FOR_BUILD" = x ; then
+	  CC_FOR_BUILD=no_compiler_found ;
+	fi
+	;;
+ ,,*)   CC_FOR_BUILD=$CC ;;
+ ,*,*)  CC_FOR_BUILD=$HOST_CC ;;
+esac ; set_cc_for_build= ;'
+
+# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
+# (ghazi@noc.rutgers.edu 1994-08-24)
+if (test -f /.attbin/uname) >/dev/null 2>&1 ; then
+	PATH=$PATH:/.attbin ; export PATH
+fi
+
+UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
+UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
+UNAME_SYSTEM=`(uname -s) 2>/dev/null`  || UNAME_SYSTEM=unknown
+UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
+
+case "${UNAME_SYSTEM}" in
+Linux|GNU|GNU/*)
+	# If the system lacks a compiler, then just pick glibc.
+	# We could probably try harder.
+	LIBC=gnu
+
+	eval $set_cc_for_build
+	cat <<-EOF > $dummy.c
+	#include <features.h>
+	#if defined(__UCLIBC__)
+	LIBC=uclibc
+	#elif defined(__dietlibc__)
+	LIBC=dietlibc
+	#else
+	LIBC=gnu
+	#endif
+	EOF
+	eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC' | sed 's, ,,g'`
+	;;
+esac
+
+# Note: order is significant - the case branches are not exclusive.
+
+case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
+    *:NetBSD:*:*)
+	# NetBSD (nbsd) targets should (where applicable) match one or
+	# more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*,
+	# *-*-netbsdecoff* and *-*-netbsd*.  For targets that recently
+	# switched to ELF, *-*-netbsd* would select the old
+	# object file format.  This provides both forward
+	# compatibility and a consistent mechanism for selecting the
+	# object file format.
+	#
+	# Note: NetBSD doesn't particularly care about the vendor
+	# portion of the name.  We always set it to "unknown".
+	sysctl="sysctl -n hw.machine_arch"
+	UNAME_MACHINE_ARCH=`(uname -p 2>/dev/null || \
+	    /sbin/$sysctl 2>/dev/null || \
+	    /usr/sbin/$sysctl 2>/dev/null || \
+	    echo unknown)`
+	case "${UNAME_MACHINE_ARCH}" in
+	    armeb) machine=armeb-unknown ;;
+	    arm*) machine=arm-unknown ;;
+	    sh3el) machine=shl-unknown ;;
+	    sh3eb) machine=sh-unknown ;;
+	    sh5el) machine=sh5le-unknown ;;
+	    earmv*)
+		arch=`echo ${UNAME_MACHINE_ARCH} | sed -e 's,^e\(armv[0-9]\).*$,\1,'`
+		endian=`echo ${UNAME_MACHINE_ARCH} | sed -ne 's,^.*\(eb\)$,\1,p'`
+		machine=${arch}${endian}-unknown
+		;;
+	    *) machine=${UNAME_MACHINE_ARCH}-unknown ;;
+	esac
+	# The Operating System including object format, if it has switched
+	# to ELF recently (or will in the future) and ABI.
+	case "${UNAME_MACHINE_ARCH}" in
+	    earm*)
+		os=netbsdelf
+		;;
+	    arm*|i386|m68k|ns32k|sh3*|sparc|vax)
+		eval $set_cc_for_build
+		if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
+			| grep -q __ELF__
+		then
+		    # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
+		    # Return netbsd for either.  FIX?
+		    os=netbsd
+		else
+		    os=netbsdelf
+		fi
+		;;
+	    *)
+		os=netbsd
+		;;
+	esac
+	# Determine ABI tags.
+	case "${UNAME_MACHINE_ARCH}" in
+	    earm*)
+		expr='s/^earmv[0-9]/-eabi/;s/eb$//'
+		abi=`echo ${UNAME_MACHINE_ARCH} | sed -e "$expr"`
+		;;
+	esac
+	# The OS release
+	# Debian GNU/NetBSD machines have a different userland, and
+	# thus, need a distinct triplet. However, they do not need
+	# kernel version information, so it can be replaced with a
+	# suitable tag, in the style of linux-gnu.
+	case "${UNAME_VERSION}" in
+	    Debian*)
+		release='-gnu'
+		;;
+	    *)
+		release=`echo ${UNAME_RELEASE} | sed -e 's/[-_].*//' | cut -d. -f1,2`
+		;;
+	esac
+	# Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
+	# contains redundant information, the shorter form:
+	# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
+	echo "${machine}-${os}${release}${abi}"
+	exit ;;
+    *:Bitrig:*:*)
+	UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'`
+	echo ${UNAME_MACHINE_ARCH}-unknown-bitrig${UNAME_RELEASE}
+	exit ;;
+    *:OpenBSD:*:*)
+	UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
+	echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
+	exit ;;
+    *:LibertyBSD:*:*)
+	UNAME_MACHINE_ARCH=`arch | sed 's/^.*BSD\.//'`
+	echo ${UNAME_MACHINE_ARCH}-unknown-libertybsd${UNAME_RELEASE}
+	exit ;;
+    *:ekkoBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE}
+	exit ;;
+    *:SolidBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE}
+	exit ;;
+    macppc:MirBSD:*:*)
+	echo powerpc-unknown-mirbsd${UNAME_RELEASE}
+	exit ;;
+    *:MirBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE}
+	exit ;;
+    *:Sortix:*:*)
+	echo ${UNAME_MACHINE}-unknown-sortix
+	exit ;;
+    alpha:OSF1:*:*)
+	case $UNAME_RELEASE in
+	*4.0)
+		UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
+		;;
+	*5.*)
+		UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
+		;;
+	esac
+	# According to Compaq, /usr/sbin/psrinfo has been available on
+	# OSF/1 and Tru64 systems produced since 1995.  I hope that
+	# covers most systems running today.  This code pipes the CPU
+	# types through head -n 1, so we only detect the type of CPU 0.
+	ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^  The alpha \(.*\) processor.*$/\1/p' | head -n 1`
+	case "$ALPHA_CPU_TYPE" in
+	    "EV4 (21064)")
+		UNAME_MACHINE=alpha ;;
+	    "EV4.5 (21064)")
+		UNAME_MACHINE=alpha ;;
+	    "LCA4 (21066/21068)")
+		UNAME_MACHINE=alpha ;;
+	    "EV5 (21164)")
+		UNAME_MACHINE=alphaev5 ;;
+	    "EV5.6 (21164A)")
+		UNAME_MACHINE=alphaev56 ;;
+	    "EV5.6 (21164PC)")
+		UNAME_MACHINE=alphapca56 ;;
+	    "EV5.7 (21164PC)")
+		UNAME_MACHINE=alphapca57 ;;
+	    "EV6 (21264)")
+		UNAME_MACHINE=alphaev6 ;;
+	    "EV6.7 (21264A)")
+		UNAME_MACHINE=alphaev67 ;;
+	    "EV6.8CB (21264C)")
+		UNAME_MACHINE=alphaev68 ;;
+	    "EV6.8AL (21264B)")
+		UNAME_MACHINE=alphaev68 ;;
+	    "EV6.8CX (21264D)")
+		UNAME_MACHINE=alphaev68 ;;
+	    "EV6.9A (21264/EV69A)")
+		UNAME_MACHINE=alphaev69 ;;
+	    "EV7 (21364)")
+		UNAME_MACHINE=alphaev7 ;;
+	    "EV7.9 (21364A)")
+		UNAME_MACHINE=alphaev79 ;;
+	esac
+	# A Pn.n version is a patched version.
+	# A Vn.n version is a released version.
+	# A Tn.n version is a released field test version.
+	# A Xn.n version is an unreleased experimental baselevel.
+	# 1.2 uses "1.2" for uname -r.
+	echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`
+	# Reset EXIT trap before exiting to avoid spurious non-zero exit code.
+	exitcode=$?
+	trap '' 0
+	exit $exitcode ;;
+    Alpha\ *:Windows_NT*:*)
+	# How do we know it's Interix rather than the generic POSIX subsystem?
+	# Should we change UNAME_MACHINE based on the output of uname instead
+	# of the specific Alpha model?
+	echo alpha-pc-interix
+	exit ;;
+    21064:Windows_NT:50:3)
+	echo alpha-dec-winnt3.5
+	exit ;;
+    Amiga*:UNIX_System_V:4.0:*)
+	echo m68k-unknown-sysv4
+	exit ;;
+    *:[Aa]miga[Oo][Ss]:*:*)
+	echo ${UNAME_MACHINE}-unknown-amigaos
+	exit ;;
+    *:[Mm]orph[Oo][Ss]:*:*)
+	echo ${UNAME_MACHINE}-unknown-morphos
+	exit ;;
+    *:OS/390:*:*)
+	echo i370-ibm-openedition
+	exit ;;
+    *:z/VM:*:*)
+	echo s390-ibm-zvmoe
+	exit ;;
+    *:OS400:*:*)
+	echo powerpc-ibm-os400
+	exit ;;
+    arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
+	echo arm-acorn-riscix${UNAME_RELEASE}
+	exit ;;
+    arm*:riscos:*:*|arm*:RISCOS:*:*)
+	echo arm-unknown-riscos
+	exit ;;
+    SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
+	echo hppa1.1-hitachi-hiuxmpp
+	exit ;;
+    Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
+	# akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
+	if test "`(/bin/universe) 2>/dev/null`" = att ; then
+		echo pyramid-pyramid-sysv3
+	else
+		echo pyramid-pyramid-bsd
+	fi
+	exit ;;
+    NILE*:*:*:dcosx)
+	echo pyramid-pyramid-svr4
+	exit ;;
+    DRS?6000:unix:4.0:6*)
+	echo sparc-icl-nx6
+	exit ;;
+    DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*)
+	case `/usr/bin/uname -p` in
+	    sparc) echo sparc-icl-nx7; exit ;;
+	esac ;;
+    s390x:SunOS:*:*)
+	echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4H:SunOS:5.*:*)
+	echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
+	echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*)
+	echo i386-pc-auroraux${UNAME_RELEASE}
+	exit ;;
+    i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*)
+	eval $set_cc_for_build
+	SUN_ARCH=i386
+	# If there is a compiler, see if it is configured for 64-bit objects.
+	# Note that the Sun cc does not turn __LP64__ into 1 like gcc does.
+	# This test works for both compilers.
+	if [ "$CC_FOR_BUILD" != no_compiler_found ]; then
+	    if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \
+		(CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
+		grep IS_64BIT_ARCH >/dev/null
+	    then
+		SUN_ARCH=x86_64
+	    fi
+	fi
+	echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:6*:*)
+	# According to config.sub, this is the proper way to canonicalize
+	# SunOS6.  Hard to guess exactly what SunOS6 will be like, but
+	# it's likely to be more like Solaris than SunOS4.
+	echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:*:*)
+	case "`/usr/bin/arch -k`" in
+	    Series*|S4*)
+		UNAME_RELEASE=`uname -v`
+		;;
+	esac
+	# Japanese Language versions have a version number like `4.1.3-JL'.
+	echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`
+	exit ;;
+    sun3*:SunOS:*:*)
+	echo m68k-sun-sunos${UNAME_RELEASE}
+	exit ;;
+    sun*:*:4.2BSD:*)
+	UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
+	test "x${UNAME_RELEASE}" = x && UNAME_RELEASE=3
+	case "`/bin/arch`" in
+	    sun3)
+		echo m68k-sun-sunos${UNAME_RELEASE}
+		;;
+	    sun4)
+		echo sparc-sun-sunos${UNAME_RELEASE}
+		;;
+	esac
+	exit ;;
+    aushp:SunOS:*:*)
+	echo sparc-auspex-sunos${UNAME_RELEASE}
+	exit ;;
+    # The situation for MiNT is a little confusing.  The machine name
+    # can be virtually everything (everything which is not
+    # "atarist" or "atariste" at least should have a processor
+    # > m68000).  The system name ranges from "MiNT" over "FreeMiNT"
+    # to the lowercase version "mint" (or "freemint").  Finally
+    # the system name "TOS" denotes a system which is actually not
+    # MiNT.  But MiNT is downward compatible to TOS, so this should
+    # be no problem.
+    atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
+	echo m68k-atari-mint${UNAME_RELEASE}
+	exit ;;
+    atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
+	echo m68k-atari-mint${UNAME_RELEASE}
+	exit ;;
+    *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
+	echo m68k-atari-mint${UNAME_RELEASE}
+	exit ;;
+    milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
+	echo m68k-milan-mint${UNAME_RELEASE}
+	exit ;;
+    hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
+	echo m68k-hades-mint${UNAME_RELEASE}
+	exit ;;
+    *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
+	echo m68k-unknown-mint${UNAME_RELEASE}
+	exit ;;
+    m68k:machten:*:*)
+	echo m68k-apple-machten${UNAME_RELEASE}
+	exit ;;
+    powerpc:machten:*:*)
+	echo powerpc-apple-machten${UNAME_RELEASE}
+	exit ;;
+    RISC*:Mach:*:*)
+	echo mips-dec-mach_bsd4.3
+	exit ;;
+    RISC*:ULTRIX:*:*)
+	echo mips-dec-ultrix${UNAME_RELEASE}
+	exit ;;
+    VAX*:ULTRIX*:*:*)
+	echo vax-dec-ultrix${UNAME_RELEASE}
+	exit ;;
+    2020:CLIX:*:* | 2430:CLIX:*:*)
+	echo clipper-intergraph-clix${UNAME_RELEASE}
+	exit ;;
+    mips:*:*:UMIPS | mips:*:*:RISCos)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+#ifdef __cplusplus
+#include <stdio.h>  /* for printf() prototype */
+	int main (int argc, char *argv[]) {
+#else
+	int main (argc, argv) int argc; char *argv[]; {
+#endif
+	#if defined (host_mips) && defined (MIPSEB)
+	#if defined (SYSTYPE_SYSV)
+	  printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0);
+	#endif
+	#if defined (SYSTYPE_SVR4)
+	  printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0);
+	#endif
+	#if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD)
+	  printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0);
+	#endif
+	#endif
+	  exit (-1);
+	}
+EOF
+	$CC_FOR_BUILD -o $dummy $dummy.c &&
+	  dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` &&
+	  SYSTEM_NAME=`$dummy $dummyarg` &&
+	    { echo "$SYSTEM_NAME"; exit; }
+	echo mips-mips-riscos${UNAME_RELEASE}
+	exit ;;
+    Motorola:PowerMAX_OS:*:*)
+	echo powerpc-motorola-powermax
+	exit ;;
+    Motorola:*:4.3:PL8-*)
+	echo powerpc-harris-powermax
+	exit ;;
+    Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
+	echo powerpc-harris-powermax
+	exit ;;
+    Night_Hawk:Power_UNIX:*:*)
+	echo powerpc-harris-powerunix
+	exit ;;
+    m88k:CX/UX:7*:*)
+	echo m88k-harris-cxux7
+	exit ;;
+    m88k:*:4*:R4*)
+	echo m88k-motorola-sysv4
+	exit ;;
+    m88k:*:3*:R3*)
+	echo m88k-motorola-sysv3
+	exit ;;
+    AViiON:dgux:*:*)
+	# DG/UX returns AViiON for all architectures
+	UNAME_PROCESSOR=`/usr/bin/uname -p`
+	if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
+	then
+	    if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
+	       [ ${TARGET_BINARY_INTERFACE}x = x ]
+	    then
+		echo m88k-dg-dgux${UNAME_RELEASE}
+	    else
+		echo m88k-dg-dguxbcs${UNAME_RELEASE}
+	    fi
+	else
+	    echo i586-dg-dgux${UNAME_RELEASE}
+	fi
+	exit ;;
+    M88*:DolphinOS:*:*)	# DolphinOS (SVR3)
+	echo m88k-dolphin-sysv3
+	exit ;;
+    M88*:*:R3*:*)
+	# Delta 88k system running SVR3
+	echo m88k-motorola-sysv3
+	exit ;;
+    XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
+	echo m88k-tektronix-sysv3
+	exit ;;
+    Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
+	echo m68k-tektronix-bsd
+	exit ;;
+    *:IRIX*:*:*)
+	echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
+	exit ;;
+    ????????:AIX?:[12].1:2)   # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
+	echo romp-ibm-aix     # uname -m gives an 8 hex-code CPU id
+	exit ;;               # Note that: echo "'`uname -s`'" gives 'AIX '
+    i*86:AIX:*:*)
+	echo i386-ibm-aix
+	exit ;;
+    ia64:AIX:*:*)
+	if [ -x /usr/bin/oslevel ] ; then
+		IBM_REV=`/usr/bin/oslevel`
+	else
+		IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+	fi
+	echo ${UNAME_MACHINE}-ibm-aix${IBM_REV}
+	exit ;;
+    *:AIX:2:3)
+	if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
+		eval $set_cc_for_build
+		sed 's/^		//' << EOF >$dummy.c
+		#include <sys/systemcfg.h>
+
+		main()
+			{
+			if (!__power_pc())
+				exit(1);
+			puts("powerpc-ibm-aix3.2.5");
+			exit(0);
+			}
+EOF
+		if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy`
+		then
+			echo "$SYSTEM_NAME"
+		else
+			echo rs6000-ibm-aix3.2.5
+		fi
+	elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
+		echo rs6000-ibm-aix3.2.4
+	else
+		echo rs6000-ibm-aix3.2
+	fi
+	exit ;;
+    *:AIX:*:[4567])
+	IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
+	if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
+		IBM_ARCH=rs6000
+	else
+		IBM_ARCH=powerpc
+	fi
+	if [ -x /usr/bin/lslpp ] ; then
+		IBM_REV=`/usr/bin/lslpp -Lqc bos.rte.libc |
+			   awk -F: '{ print $3 }' | sed s/[0-9]*$/0/`
+	else
+		IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+	fi
+	echo ${IBM_ARCH}-ibm-aix${IBM_REV}
+	exit ;;
+    *:AIX:*:*)
+	echo rs6000-ibm-aix
+	exit ;;
+    ibmrt:4.4BSD:*|romp-ibm:BSD:*)
+	echo romp-ibm-bsd4.4
+	exit ;;
+    ibmrt:*BSD:*|romp-ibm:BSD:*)            # covers RT/PC BSD and
+	echo romp-ibm-bsd${UNAME_RELEASE}   # 4.3 with uname added to
+	exit ;;                             # report: romp-ibm BSD 4.3
+    *:BOSX:*:*)
+	echo rs6000-bull-bosx
+	exit ;;
+    DPX/2?00:B.O.S.:*:*)
+	echo m68k-bull-sysv3
+	exit ;;
+    9000/[34]??:4.3bsd:1.*:*)
+	echo m68k-hp-bsd
+	exit ;;
+    hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
+	echo m68k-hp-bsd4.4
+	exit ;;
+    9000/[34678]??:HP-UX:*:*)
+	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+	case "${UNAME_MACHINE}" in
+	    9000/31? )            HP_ARCH=m68000 ;;
+	    9000/[34]?? )         HP_ARCH=m68k ;;
+	    9000/[678][0-9][0-9])
+		if [ -x /usr/bin/getconf ]; then
+		    sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
+		    sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
+		    case "${sc_cpu_version}" in
+		      523) HP_ARCH=hppa1.0 ;; # CPU_PA_RISC1_0
+		      528) HP_ARCH=hppa1.1 ;; # CPU_PA_RISC1_1
+		      532)                      # CPU_PA_RISC2_0
+			case "${sc_kernel_bits}" in
+			  32) HP_ARCH=hppa2.0n ;;
+			  64) HP_ARCH=hppa2.0w ;;
+			  '') HP_ARCH=hppa2.0 ;;   # HP-UX 10.20
+			esac ;;
+		    esac
+		fi
+		if [ "${HP_ARCH}" = "" ]; then
+		    eval $set_cc_for_build
+		    sed 's/^		//' << EOF >$dummy.c
+
+		#define _HPUX_SOURCE
+		#include <stdlib.h>
+		#include <unistd.h>
+
+		int main ()
+		{
+		#if defined(_SC_KERNEL_BITS)
+		    long bits = sysconf(_SC_KERNEL_BITS);
+		#endif
+		    long cpu  = sysconf (_SC_CPU_VERSION);
+
+		    switch (cpu)
+			{
+			case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
+			case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
+			case CPU_PA_RISC2_0:
+		#if defined(_SC_KERNEL_BITS)
+			    switch (bits)
+				{
+				case 64: puts ("hppa2.0w"); break;
+				case 32: puts ("hppa2.0n"); break;
+				default: puts ("hppa2.0"); break;
+				} break;
+		#else  /* !defined(_SC_KERNEL_BITS) */
+			    puts ("hppa2.0"); break;
+		#endif
+			default: puts ("hppa1.0"); break;
+			}
+		    exit (0);
+		}
+EOF
+		    (CCOPTS="" $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
+		    test -z "$HP_ARCH" && HP_ARCH=hppa
+		fi ;;
+	esac
+	if [ ${HP_ARCH} = hppa2.0w ]
+	then
+	    eval $set_cc_for_build
+
+	    # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating
+	    # 32-bit code.  hppa64-hp-hpux* has the same kernel and a compiler
+	    # generating 64-bit code.  GNU and HP use different nomenclature:
+	    #
+	    # $ CC_FOR_BUILD=cc ./config.guess
+	    # => hppa2.0w-hp-hpux11.23
+	    # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
+	    # => hppa64-hp-hpux11.23
+
+	    if echo __LP64__ | (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) |
+		grep -q __LP64__
+	    then
+		HP_ARCH=hppa2.0w
+	    else
+		HP_ARCH=hppa64
+	    fi
+	fi
+	echo ${HP_ARCH}-hp-hpux${HPUX_REV}
+	exit ;;
+    ia64:HP-UX:*:*)
+	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+	echo ia64-hp-hpux${HPUX_REV}
+	exit ;;
+    3050*:HI-UX:*:*)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#include <unistd.h>
+	int
+	main ()
+	{
+	  long cpu = sysconf (_SC_CPU_VERSION);
+	  /* The order matters, because CPU_IS_HP_MC68K erroneously returns
+	     true for CPU_PA_RISC1_0.  CPU_IS_PA_RISC returns correct
+	     results, however.  */
+	  if (CPU_IS_PA_RISC (cpu))
+	    {
+	      switch (cpu)
+		{
+		  case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break;
+		  case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break;
+		  case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break;
+		  default: puts ("hppa-hitachi-hiuxwe2"); break;
+		}
+	    }
+	  else if (CPU_IS_HP_MC68K (cpu))
+	    puts ("m68k-hitachi-hiuxwe2");
+	  else puts ("unknown-hitachi-hiuxwe2");
+	  exit (0);
+	}
+EOF
+	$CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` &&
+		{ echo "$SYSTEM_NAME"; exit; }
+	echo unknown-hitachi-hiuxwe2
+	exit ;;
+    9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
+	echo hppa1.1-hp-bsd
+	exit ;;
+    9000/8??:4.3bsd:*:*)
+	echo hppa1.0-hp-bsd
+	exit ;;
+    *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
+	echo hppa1.0-hp-mpeix
+	exit ;;
+    hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
+	echo hppa1.1-hp-osf
+	exit ;;
+    hp8??:OSF1:*:*)
+	echo hppa1.0-hp-osf
+	exit ;;
+    i*86:OSF1:*:*)
+	if [ -x /usr/sbin/sysversion ] ; then
+	    echo ${UNAME_MACHINE}-unknown-osf1mk
+	else
+	    echo ${UNAME_MACHINE}-unknown-osf1
+	fi
+	exit ;;
+    parisc*:Lites*:*:*)
+	echo hppa1.1-hp-lites
+	exit ;;
+    C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
+	echo c1-convex-bsd
+	exit ;;
+    C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
+	if getsysinfo -f scalar_acc
+	then echo c32-convex-bsd
+	else echo c2-convex-bsd
+	fi
+	exit ;;
+    C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
+	echo c34-convex-bsd
+	exit ;;
+    C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
+	echo c38-convex-bsd
+	exit ;;
+    C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
+	echo c4-convex-bsd
+	exit ;;
+    CRAY*Y-MP:*:*:*)
+	echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*[A-Z]90:*:*:*)
+	echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
+	| sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
+	      -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
+	      -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*TS:*:*:*)
+	echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*T3E:*:*:*)
+	echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*SV1:*:*:*)
+	echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    *:UNICOS/mp:*:*)
+	echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
+	FUJITSU_PROC=`uname -m | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`
+	FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'`
+	FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
+	echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+	exit ;;
+    5000:UNIX_System_V:4.*:*)
+	FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'`
+	FUJITSU_REL=`echo ${UNAME_RELEASE} | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/ /_/'`
+	echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+	exit ;;
+    i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
+	echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
+	exit ;;
+    sparc*:BSD/OS:*:*)
+	echo sparc-unknown-bsdi${UNAME_RELEASE}
+	exit ;;
+    *:BSD/OS:*:*)
+	echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
+	exit ;;
+    *:FreeBSD:*:*)
+	UNAME_PROCESSOR=`/usr/bin/uname -p`
+	case ${UNAME_PROCESSOR} in
+	    amd64)
+		echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	    *)
+		echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	esac
+	exit ;;
+    i*:CYGWIN*:*)
+	echo ${UNAME_MACHINE}-pc-cygwin
+	exit ;;
+    *:MINGW64*:*)
+	echo ${UNAME_MACHINE}-pc-mingw64
+	exit ;;
+    *:MINGW*:*)
+	echo ${UNAME_MACHINE}-pc-mingw32
+	exit ;;
+    *:MSYS*:*)
+	echo ${UNAME_MACHINE}-pc-msys
+	exit ;;
+    i*:windows32*:*)
+	# uname -m includes "-pc" on this system.
+	echo ${UNAME_MACHINE}-mingw32
+	exit ;;
+    i*:PW*:*)
+	echo ${UNAME_MACHINE}-pc-pw32
+	exit ;;
+    *:Interix*:*)
+	case ${UNAME_MACHINE} in
+	    x86)
+		echo i586-pc-interix${UNAME_RELEASE}
+		exit ;;
+	    authenticamd | genuineintel | EM64T)
+		echo x86_64-unknown-interix${UNAME_RELEASE}
+		exit ;;
+	    IA64)
+		echo ia64-unknown-interix${UNAME_RELEASE}
+		exit ;;
+	esac ;;
+    [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
+	echo i${UNAME_MACHINE}-pc-mks
+	exit ;;
+    8664:Windows_NT:*)
+	echo x86_64-pc-mks
+	exit ;;
+    i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
+	# How do we know it's Interix rather than the generic POSIX subsystem?
+	# It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
+	# UNAME_MACHINE based on the output of uname instead of i386?
+	echo i586-pc-interix
+	exit ;;
+    i*:UWIN*:*)
+	echo ${UNAME_MACHINE}-pc-uwin
+	exit ;;
+    amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*)
+	echo x86_64-unknown-cygwin
+	exit ;;
+    p*:CYGWIN*:*)
+	echo powerpcle-unknown-cygwin
+	exit ;;
+    prep*:SunOS:5.*:*)
+	echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    *:GNU:*:*)
+	# the GNU system
+	echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-${LIBC}`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
+	exit ;;
+    *:GNU/*:*:*)
+	# other systems with GNU libc and userland
+	echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC}
+	exit ;;
+    i*86:Minix:*:*)
+	echo ${UNAME_MACHINE}-pc-minix
+	exit ;;
+    aarch64:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    aarch64_be:Linux:*:*)
+	UNAME_MACHINE=aarch64_be
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    alpha:Linux:*:*)
+	case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
+	  EV5)   UNAME_MACHINE=alphaev5 ;;
+	  EV56)  UNAME_MACHINE=alphaev56 ;;
+	  PCA56) UNAME_MACHINE=alphapca56 ;;
+	  PCA57) UNAME_MACHINE=alphapca56 ;;
+	  EV6)   UNAME_MACHINE=alphaev6 ;;
+	  EV67)  UNAME_MACHINE=alphaev67 ;;
+	  EV68*) UNAME_MACHINE=alphaev68 ;;
+	esac
+	objdump --private-headers /bin/sh | grep -q ld.so.1
+	if test "$?" = 0 ; then LIBC=gnulibc1 ; fi
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    arc:Linux:*:* | arceb:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    arm*:Linux:*:*)
+	eval $set_cc_for_build
+	if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \
+	    | grep -q __ARM_EABI__
+	then
+	    echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	else
+	    if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \
+		| grep -q __ARM_PCS_VFP
+	    then
+		echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabi
+	    else
+		echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabihf
+	    fi
+	fi
+	exit ;;
+    avr32*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    cris:Linux:*:*)
+	echo ${UNAME_MACHINE}-axis-linux-${LIBC}
+	exit ;;
+    crisv32:Linux:*:*)
+	echo ${UNAME_MACHINE}-axis-linux-${LIBC}
+	exit ;;
+    e2k:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    frv:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    hexagon:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    i*86:Linux:*:*)
+	echo ${UNAME_MACHINE}-pc-linux-${LIBC}
+	exit ;;
+    ia64:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    k1om:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    m32r*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    m68*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    mips:Linux:*:* | mips64:Linux:*:*)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#undef CPU
+	#undef ${UNAME_MACHINE}
+	#undef ${UNAME_MACHINE}el
+	#if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
+	CPU=${UNAME_MACHINE}el
+	#else
+	#if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
+	CPU=${UNAME_MACHINE}
+	#else
+	CPU=
+	#endif
+	#endif
+EOF
+	eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'`
+	test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; }
+	;;
+    openrisc*:Linux:*:*)
+	echo or1k-unknown-linux-${LIBC}
+	exit ;;
+    or32:Linux:*:* | or1k*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    padre:Linux:*:*)
+	echo sparc-unknown-linux-${LIBC}
+	exit ;;
+    parisc64:Linux:*:* | hppa64:Linux:*:*)
+	echo hppa64-unknown-linux-${LIBC}
+	exit ;;
+    parisc:Linux:*:* | hppa:Linux:*:*)
+	# Look for CPU level
+	case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
+	  PA7*) echo hppa1.1-unknown-linux-${LIBC} ;;
+	  PA8*) echo hppa2.0-unknown-linux-${LIBC} ;;
+	  *)    echo hppa-unknown-linux-${LIBC} ;;
+	esac
+	exit ;;
+    ppc64:Linux:*:*)
+	echo powerpc64-unknown-linux-${LIBC}
+	exit ;;
+    ppc:Linux:*:*)
+	echo powerpc-unknown-linux-${LIBC}
+	exit ;;
+    ppc64le:Linux:*:*)
+	echo powerpc64le-unknown-linux-${LIBC}
+	exit ;;
+    ppcle:Linux:*:*)
+	echo powerpcle-unknown-linux-${LIBC}
+	exit ;;
+    s390:Linux:*:* | s390x:Linux:*:*)
+	echo ${UNAME_MACHINE}-ibm-linux-${LIBC}
+	exit ;;
+    sh64*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    sh*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    sparc:Linux:*:* | sparc64:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    tile*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    vax:Linux:*:*)
+	echo ${UNAME_MACHINE}-dec-linux-${LIBC}
+	exit ;;
+    x86_64:Linux:*:*)
+	echo ${UNAME_MACHINE}-pc-linux-${LIBC}
+	exit ;;
+    xtensa*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    i*86:DYNIX/ptx:4*:*)
+	# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
+	# earlier versions are messed up and put the nodename in both
+	# sysname and nodename.
+	echo i386-sequent-sysv4
+	exit ;;
+    i*86:UNIX_SV:4.2MP:2.*)
+	# Unixware is an offshoot of SVR4, but it has its own version
+	# number series starting with 2...
+	# I am not positive that other SVR4 systems won't match this,
+	# I just have to hope.  -- rms.
+	# Use sysv4.2uw... so that sysv4* matches it.
+	echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
+	exit ;;
+    i*86:OS/2:*:*)
+	# If we were able to find `uname', then EMX Unix compatibility
+	# is probably installed.
+	echo ${UNAME_MACHINE}-pc-os2-emx
+	exit ;;
+    i*86:XTS-300:*:STOP)
+	echo ${UNAME_MACHINE}-unknown-stop
+	exit ;;
+    i*86:atheos:*:*)
+	echo ${UNAME_MACHINE}-unknown-atheos
+	exit ;;
+    i*86:syllable:*:*)
+	echo ${UNAME_MACHINE}-pc-syllable
+	exit ;;
+    i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*)
+	echo i386-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    i*86:*DOS:*:*)
+	echo ${UNAME_MACHINE}-pc-msdosdjgpp
+	exit ;;
+    i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
+	UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
+	if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
+		echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL}
+	else
+		echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
+	fi
+	exit ;;
+    i*86:*:5:[678]*)
+	# UnixWare 7.x, OpenUNIX and OpenServer 6.
+	case `/bin/uname -X | grep "^Machine"` in
+	    *486*)	     UNAME_MACHINE=i486 ;;
+	    *Pentium)	     UNAME_MACHINE=i586 ;;
+	    *Pent*|*Celeron) UNAME_MACHINE=i686 ;;
+	esac
+	echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
+	exit ;;
+    i*86:*:3.2:*)
+	if test -f /usr/options/cb.name; then
+		UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
+		echo ${UNAME_MACHINE}-pc-isc$UNAME_REL
+	elif /bin/uname -X 2>/dev/null >/dev/null ; then
+		UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')`
+		(/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486
+		(/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \
+			&& UNAME_MACHINE=i586
+		(/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \
+			&& UNAME_MACHINE=i686
+		(/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \
+			&& UNAME_MACHINE=i686
+		echo ${UNAME_MACHINE}-pc-sco$UNAME_REL
+	else
+		echo ${UNAME_MACHINE}-pc-sysv32
+	fi
+	exit ;;
+    pc:*:*:*)
+	# Left here for compatibility:
+	# uname -m prints for DJGPP always 'pc', but it prints nothing about
+	# the processor, so we play safe by assuming i586.
+	# Note: whatever this is, it MUST be the same as what config.sub
+	# prints for the "djgpp" host, or else GDB configure will decide that
+	# this is a cross-build.
+	echo i586-pc-msdosdjgpp
+	exit ;;
+    Intel:Mach:3*:*)
+	echo i386-pc-mach3
+	exit ;;
+    paragon:*:*:*)
+	echo i860-intel-osf1
+	exit ;;
+    i860:*:4.*:*) # i860-SVR4
+	if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
+	  echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
+	else # Add other i860-SVR4 vendors below as they are discovered.
+	  echo i860-unknown-sysv${UNAME_RELEASE}  # Unknown i860-SVR4
+	fi
+	exit ;;
+    mini*:CTIX:SYS*5:*)
+	# "miniframe"
+	echo m68010-convergent-sysv
+	exit ;;
+    mc68k:UNIX:SYSTEM5:3.51m)
+	echo m68k-convergent-sysv
+	exit ;;
+    M680?0:D-NIX:5.3:*)
+	echo m68k-diab-dnix
+	exit ;;
+    M68*:*:R3V[5678]*:*)
+	test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;;
+    3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0)
+	OS_REL=''
+	test -r /etc/.relid \
+	&& OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+	/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+	  && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
+	/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+	  && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
+    3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
+	/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+	  && { echo i486-ncr-sysv4; exit; } ;;
+    NCR*:*:4.2:* | MPRAS*:*:4.2:*)
+	OS_REL='.3'
+	test -r /etc/.relid \
+	    && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+	/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+	    && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
+	/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+	    && { echo i586-ncr-sysv4.3${OS_REL}; exit; }
+	/bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \
+	    && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
+    m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
+	echo m68k-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    mc68030:UNIX_System_V:4.*:*)
+	echo m68k-atari-sysv4
+	exit ;;
+    TSUNAMI:LynxOS:2.*:*)
+	echo sparc-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    rs6000:LynxOS:2.*:*)
+	echo rs6000-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*)
+	echo powerpc-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    SM[BE]S:UNIX_SV:*:*)
+	echo mips-dde-sysv${UNAME_RELEASE}
+	exit ;;
+    RM*:ReliantUNIX-*:*:*)
+	echo mips-sni-sysv4
+	exit ;;
+    RM*:SINIX-*:*:*)
+	echo mips-sni-sysv4
+	exit ;;
+    *:SINIX-*:*:*)
+	if uname -p 2>/dev/null >/dev/null ; then
+		UNAME_MACHINE=`(uname -p) 2>/dev/null`
+		echo ${UNAME_MACHINE}-sni-sysv4
+	else
+		echo ns32k-sni-sysv
+	fi
+	exit ;;
+    PENTIUM:*:4.0*:*)	# Unisys `ClearPath HMP IX 4000' SVR4/MP effort
+			# says <Richard.M.Bartel@ccMail.Census.GOV>
+	echo i586-unisys-sysv4
+	exit ;;
+    *:UNIX_System_V:4*:FTX*)
+	# From Gerald Hewes <hewes@openmarket.com>.
+	# How about differentiating between stratus architectures? -djm
+	echo hppa1.1-stratus-sysv4
+	exit ;;
+    *:*:*:FTX*)
+	# From seanf@swdc.stratus.com.
+	echo i860-stratus-sysv4
+	exit ;;
+    i*86:VOS:*:*)
+	# From Paul.Green@stratus.com.
+	echo ${UNAME_MACHINE}-stratus-vos
+	exit ;;
+    *:VOS:*:*)
+	# From Paul.Green@stratus.com.
+	echo hppa1.1-stratus-vos
+	exit ;;
+    mc68*:A/UX:*:*)
+	echo m68k-apple-aux${UNAME_RELEASE}
+	exit ;;
+    news*:NEWS-OS:6*:*)
+	echo mips-sony-newsos6
+	exit ;;
+    R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
+	if [ -d /usr/nec ]; then
+		echo mips-nec-sysv${UNAME_RELEASE}
+	else
+		echo mips-unknown-sysv${UNAME_RELEASE}
+	fi
+	exit ;;
+    BeBox:BeOS:*:*)	# BeOS running on hardware made by Be, PPC only.
+	echo powerpc-be-beos
+	exit ;;
+    BeMac:BeOS:*:*)	# BeOS running on Mac or Mac clone, PPC only.
+	echo powerpc-apple-beos
+	exit ;;
+    BePC:BeOS:*:*)	# BeOS running on Intel PC compatible.
+	echo i586-pc-beos
+	exit ;;
+    BePC:Haiku:*:*)	# Haiku running on Intel PC compatible.
+	echo i586-pc-haiku
+	exit ;;
+    x86_64:Haiku:*:*)
+	echo x86_64-unknown-haiku
+	exit ;;
+    SX-4:SUPER-UX:*:*)
+	echo sx4-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-5:SUPER-UX:*:*)
+	echo sx5-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-6:SUPER-UX:*:*)
+	echo sx6-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-7:SUPER-UX:*:*)
+	echo sx7-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-8:SUPER-UX:*:*)
+	echo sx8-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-8R:SUPER-UX:*:*)
+	echo sx8r-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-ACE:SUPER-UX:*:*)
+	echo sxace-nec-superux${UNAME_RELEASE}
+	exit ;;
+    Power*:Rhapsody:*:*)
+	echo powerpc-apple-rhapsody${UNAME_RELEASE}
+	exit ;;
+    *:Rhapsody:*:*)
+	echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
+	exit ;;
+    *:Darwin:*:*)
+	UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown
+	eval $set_cc_for_build
+	if test "$UNAME_PROCESSOR" = unknown ; then
+	    UNAME_PROCESSOR=powerpc
+	fi
+	if test `echo "$UNAME_RELEASE" | sed -e 's/\..*//'` -le 10 ; then
+	    if [ "$CC_FOR_BUILD" != no_compiler_found ]; then
+		if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \
+		    (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
+		    grep IS_64BIT_ARCH >/dev/null
+		then
+		    case $UNAME_PROCESSOR in
+			i386) UNAME_PROCESSOR=x86_64 ;;
+			powerpc) UNAME_PROCESSOR=powerpc64 ;;
+		    esac
+		fi
+	    fi
+	elif test "$UNAME_PROCESSOR" = i386 ; then
+	    # Avoid executing cc on OS X 10.9, as it ships with a stub
+	    # that puts up a graphical alert prompting to install
+	    # developer tools.  Any system running Mac OS X 10.7 or
+	    # later (Darwin 11 and later) is required to have a 64-bit
+	    # processor. This is not true of the ARM version of Darwin
+	    # that Apple uses in portable devices.
+	    UNAME_PROCESSOR=x86_64
+	fi
+	echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
+	exit ;;
+    *:procnto*:*:* | *:QNX:[0123456789]*:*)
+	UNAME_PROCESSOR=`uname -p`
+	if test "$UNAME_PROCESSOR" = x86; then
+		UNAME_PROCESSOR=i386
+		UNAME_MACHINE=pc
+	fi
+	echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE}
+	exit ;;
+    *:QNX:*:4*)
+	echo i386-pc-qnx
+	exit ;;
+    NEO-?:NONSTOP_KERNEL:*:*)
+	echo neo-tandem-nsk${UNAME_RELEASE}
+	exit ;;
+    NSE-*:NONSTOP_KERNEL:*:*)
+	echo nse-tandem-nsk${UNAME_RELEASE}
+	exit ;;
+    NSR-?:NONSTOP_KERNEL:*:*)
+	echo nsr-tandem-nsk${UNAME_RELEASE}
+	exit ;;
+    *:NonStop-UX:*:*)
+	echo mips-compaq-nonstopux
+	exit ;;
+    BS2000:POSIX*:*:*)
+	echo bs2000-siemens-sysv
+	exit ;;
+    DS/*:UNIX_System_V:*:*)
+	echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
+	exit ;;
+    *:Plan9:*:*)
+	# "uname -m" is not consistent, so use $cputype instead. 386
+	# is converted to i386 for consistency with other x86
+	# operating systems.
+	if test "$cputype" = 386; then
+	    UNAME_MACHINE=i386
+	else
+	    UNAME_MACHINE="$cputype"
+	fi
+	echo ${UNAME_MACHINE}-unknown-plan9
+	exit ;;
+    *:TOPS-10:*:*)
+	echo pdp10-unknown-tops10
+	exit ;;
+    *:TENEX:*:*)
+	echo pdp10-unknown-tenex
+	exit ;;
+    KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
+	echo pdp10-dec-tops20
+	exit ;;
+    XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
+	echo pdp10-xkl-tops20
+	exit ;;
+    *:TOPS-20:*:*)
+	echo pdp10-unknown-tops20
+	exit ;;
+    *:ITS:*:*)
+	echo pdp10-unknown-its
+	exit ;;
+    SEI:*:*:SEIUX)
+	echo mips-sei-seiux${UNAME_RELEASE}
+	exit ;;
+    *:DragonFly:*:*)
+	echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
+	exit ;;
+    *:*VMS:*:*)
+	UNAME_MACHINE=`(uname -p) 2>/dev/null`
+	case "${UNAME_MACHINE}" in
+	    A*) echo alpha-dec-vms ; exit ;;
+	    I*) echo ia64-dec-vms ; exit ;;
+	    V*) echo vax-dec-vms ; exit ;;
+	esac ;;
+    *:XENIX:*:SysV)
+	echo i386-pc-xenix
+	exit ;;
+    i*86:skyos:*:*)
+	echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE} | sed -e 's/ .*$//'`
+	exit ;;
+    i*86:rdos:*:*)
+	echo ${UNAME_MACHINE}-pc-rdos
+	exit ;;
+    i*86:AROS:*:*)
+	echo ${UNAME_MACHINE}-pc-aros
+	exit ;;
+    x86_64:VMkernel:*:*)
+	echo ${UNAME_MACHINE}-unknown-esx
+	exit ;;
+    amd64:Isilon\ OneFS:*:*)
+	echo x86_64-unknown-onefs
+	exit ;;
+esac
+
+cat >&2 <<EOF
+$0: unable to guess system type
+
+This script (version $timestamp), has failed to recognize the
+operating system you are using. If your script is old, overwrite
+config.guess and config.sub with the latest versions from:
+
+  http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess
+and
+  http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub
+
+If $0 has already been updated, send the following data and any
+information you think might be pertinent to config-patches@gnu.org to
+provide the necessary information to handle your system.
+
+config.guess timestamp = $timestamp
+
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null`
+/bin/uname -X     = `(/bin/uname -X) 2>/dev/null`
+
+hostinfo               = `(hostinfo) 2>/dev/null`
+/bin/universe          = `(/bin/universe) 2>/dev/null`
+/usr/bin/arch -k       = `(/usr/bin/arch -k) 2>/dev/null`
+/bin/arch              = `(/bin/arch) 2>/dev/null`
+/usr/bin/oslevel       = `(/usr/bin/oslevel) 2>/dev/null`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null`
+
+UNAME_MACHINE = ${UNAME_MACHINE}
+UNAME_RELEASE = ${UNAME_RELEASE}
+UNAME_SYSTEM  = ${UNAME_SYSTEM}
+UNAME_VERSION = ${UNAME_VERSION}
+EOF
+
+exit 1
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/trunk/3rdparty/libsrtp-2-fit/config.h_win32vc7 b/trunk/3rdparty/libsrtp-2-fit/config.h_win32vc7
new file mode 100644
index 000000000..3b2a78c7b
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/config.h_win32vc7
@@ -0,0 +1,162 @@
+/* Hacked config.h for Windows XP 32-bit & VC7  */
+
+#ifdef (_MSC_VER >= 1400)
+# define HAVE_RAND_S	1
+#endif
+
+/* Define if building for a CISC machine (e.g. Intel). */
+#define CPU_CISC 1
+
+/* Define if building for a RISC machine (assume slow byte access). */
+#undef CPU_RISC
+
+/* Path to random device */
+#undef DEV_URANDOM
+
+/* Define to enabled debug logging for all mudules. */
+#undef ENABLE_DEBUG_LOGGING
+
+/* Logging statments will be writen to this file. */
+#undef ERR_REPORTING_FILE
+
+/* Define to redirect logging to stdout. */
+#undef ERR_REPORTING_STDOUT
+
+/* Define to 1 if you have the <arpa/inet.h> header file. */
+#undef HAVE_ARPA_INET_H
+
+/* Define to 1 if you have the <byteswap.h> header file. */
+#undef HAVE_BYTESWAP_H
+
+/* Define to 1 if you have the `inet_aton' function. */
+#define HAVE_INET_ATON 1
+
+/* Define to 1 if the system has the type `int16_t'. */
+#undef HAVE_INT16_T
+
+/* Define to 1 if the system has the type `int32_t'. */
+#undef HAVE_INT32_T
+
+/* Define to 1 if the system has the type `int8_t'. */
+#undef HAVE_INT8_T
+
+/* Define to 1 if you have the <inttypes.h> header file. */
+#undef HAVE_INTTYPES_H
+
+/* Define to 1 if you have the `socket' library (-lsocket). */
+#undef HAVE_LIBSOCKET
+
+/* Define to 1 if you have the <machine/types.h> header file. */
+#undef HAVE_MACHINE_TYPES_H
+
+/* Define to 1 if you have the <memory.h> header file. */
+#define HAVE_MEMORY_H 1
+
+/* Define to 1 if you have the <netinet/in.h> header file. */
+#undef HAVE_NETINET_IN_H
+
+/* Define to 1 if you have the `socket' function. */
+#define HAVE_SOCKET 1
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#undef HAVE_STDINT_H
+
+/* Define to 1 if you have the <stdlib.h> header file. */
+#define HAVE_STDLIB_H 1
+
+/* Define to 1 if you have the <strings.h> header file. */
+#define HAVE_STRINGS_H 1
+
+/* Define to 1 if you have the <string.h> header file. */
+#define HAVE_STRING_H 1
+
+/* Define to 1 if you have the <sys/int_types.h> header file. */
+#undef HAVE_SYS_INT_TYPES_H
+
+/* Define to 1 if you have the <sys/socket.h> header file. */
+#undef HAVE_SYS_SOCKET_H
+
+/* Define to 1 if you have the <sys/stat.h> header file. */
+#undef HAVE_SYS_STAT_H
+
+/* Define to 1 if you have the <sys/types.h> header file. */
+#undef HAVE_SYS_TYPES_H
+
+/* Define to 1 if you have the <sys/uio.h> header file. */
+#undef HAVE_SYS_UIO_H
+
+/* Define to 1 if the system has the type `uint16_t'. */
+#undef HAVE_UINT16_T
+
+/* Define to 1 if the system has the type `uint32_t'. */
+#undef HAVE_UINT32_T 
+
+/* Define to 1 if the system has the type `uint64_t'. */
+#undef HAVE_UINT64_T
+
+/* Define to 1 if the system has the type `uint8_t'. */
+#undef HAVE_UINT8_T
+
+/* Define to 1 if you have the <unistd.h> header file. */
+#define HAVE_UNISTD_H 1
+
+/* Define to 1 if you have the `usleep' function. */
+#define HAVE_USLEEP 1
+
+/* Define to 1 if you have the <windows.h> header file. */
+#define HAVE_WINDOWS_H 1
+
+/* Define to 1 if you have the <winsock2.h> header file. */
+#define HAVE_WINSOCK2_H 1
+
+/* Define to use X86 inlined assembly code */
+#undef HAVE_X86
+
+/* Define to the address where bug reports for this package should be sent. */
+#undef PACKAGE_BUGREPORT
+
+/* Define to the full name of this package. */
+#undef PACKAGE_NAME
+
+/* Define to the full name and version of this package. */
+#undef PACKAGE_STRING
+
+/* Define to the one symbol short name of this package. */
+#undef PACKAGE_TARNAME
+
+/* Define to the version of this package. */
+#undef PACKAGE_VERSION
+
+/* The size of a `unsigned long', as computed by sizeof. */
+#define SIZEOF_UNSIGNED_LONG 4
+
+/* The size of a `unsigned long long', as computed by sizeof. */
+#define SIZEOF_UNSIGNED_LONG_LONG 8
+
+/* Define to use GDOI. */
+#undef SRTP_GDOI
+
+/* Define to compile for kernel contexts. */
+#undef SRTP_KERNEL
+
+/* Define to compile for Linux kernel context. */
+#undef SRTP_KERNEL_LINUX
+
+/* Define to 1 if you have the ANSI C header files. */
+#undef STDC_HEADERS
+
+/* Define to 1 if your processor stores words with the most significant byte
+   first (like Motorola and SPARC, unlike Intel and VAX). */
+#undef WORDS_BIGENDIAN
+
+/* Define to empty if `const' does not conform to ANSI C. */
+//#undef const
+/* Define to `__inline__' or `__inline' if that's what the C compiler
+   calls it, or to nothing if 'inline' is not supported under any name.  */
+//#ifndef __cplusplus
+//#undef inline
+//#endif
+#define inline __inline
+
+/* Define to `unsigned' if <sys/types.h> does not define. */
+//#undef size_t
diff --git a/trunk/3rdparty/libsrtp-2-fit/config.hw b/trunk/3rdparty/libsrtp-2-fit/config.hw
new file mode 100644
index 000000000..6fc65df67
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/config.hw
@@ -0,0 +1,182 @@
+/* crypto/include/config.h.  Generated by configure.  */
+/* config_in.h.  Generated from configure.in by autoheader.  */
+
+#if (_MSC_VER >= 1400)
+# define HAVE_RAND_S	1
+# define _CRT_RAND_S
+#endif
+
+/* Define if building for a CISC machine (e.g. Intel). */
+#define CPU_CISC 1
+
+/* Define if building for a RISC machine (assume slow byte access). */
+/* #undef CPU_RISC */
+
+/* Define to enabled debug logging for all mudules. */
+#undef ENABLE_DEBUG_LOGGING
+
+/* Logging statments will be writen to this file. */
+/* #undef ERR_REPORTING_FILE */
+
+/* Define to redirect logging to stdout. */
+#undef ERR_REPORTING_STDOUT
+
+/* Define to 1 if you have the <arpa/inet.h> header file. */
+/* #undef HAVE_ARPA_INET_H */
+
+/* Define to 1 if you have the <byteswap.h> header file. */
+/* #undef HAVE_BYTESWAP_H */
+
+/* Define to 1 if you have the `inet_aton' function. */
+/* #undef HAVE_INET_ATON */
+
+/* Define to 1 if the system has the type `int16_t'. */
+#define HAVE_INT16_T 1
+
+/* Define to 1 if the system has the type `int32_t'. */
+#define HAVE_INT32_T 1
+
+/* Define to 1 if the system has the type `int8_t'. */
+#define HAVE_INT8_T 1
+
+/* Define to 1 if you have the <inttypes.h> header file. */
+/* #undef HAVE_INTTYPES_H */
+
+/* Define to 1 if you have the `socket' library (-lsocket). */
+/* #undef HAVE_LIBSOCKET */
+
+/* Define to 1 if you have the <machine/types.h> header file. */
+/* #undef HAVE_MACHINE_TYPES_H */
+
+/* Define to 1 if you have the <memory.h> header file. */
+#define HAVE_MEMORY_H 1
+
+/* Define to 1 if you have the <netinet/in.h> header file. */
+/* #undef HAVE_NETINET_IN_H */
+
+/* Define to 1 if you have the `socket' function. */
+/* #undef HAVE_SOCKET */
+
+/* Define to 1 if you have the <stdint.h> header file. */
+/* #undef HAVE_STDINT_H */
+
+/* Define to 1 if you have the <stdlib.h> header file. */
+#define HAVE_STDLIB_H 1
+
+/* Define to 1 if you have the <strings.h> header file. */
+#define HAVE_STRINGS_H 1
+
+/* Define to 1 if you have the <string.h> header file. */
+#define HAVE_STRING_H 1
+
+/* Define to 1 if you have the <sys/int_types.h> header file. */
+/* #undef HAVE_SYS_INT_TYPES_H */
+
+/* Define to 1 if you have the <sys/socket.h> header file. */
+/* #undef HAVE_SYS_SOCKET_H */
+
+/* Define to 1 if you have the <sys/stat.h> header file. */
+#define HAVE_SYS_STAT_H 1
+
+/* Define to 1 if you have the <sys/types.h> header file. */
+#define HAVE_SYS_TYPES_H 1
+
+/* Define to 1 if you have the <sys/uio.h> header file. */
+/* #undef HAVE_SYS_UIO_H */
+
+/* Define to 1 if the system has the type `uint16_t'. */
+#define HAVE_UINT16_T 1
+
+/* Define to 1 if the system has the type `uint32_t'. */
+#define HAVE_UINT32_T 1
+
+/* Define to 1 if the system has the type `uint64_t'. */
+#define HAVE_UINT64_T 1
+
+/* Define to 1 if the system has the type `uint8_t'. */
+#define HAVE_UINT8_T 1
+
+/* Define to 1 if you have the <unistd.h> header file. */
+/* #undef HAVE_UNISTD_H */
+
+/* Define to 1 if you have the `usleep' function. */
+/* #undef HAVE_USLEEP */
+
+/* Define to 1 if you have the <windows.h> header file. */
+#define HAVE_WINDOWS_H 1
+
+/* Define to 1 if you have the <winsock2.h> header file. */
+#define HAVE_WINSOCK2_H 1
+
+/* Define to use X86 inlined assembly code */
+/* #undef HAVE_X86 */
+
+/* Define to the address where bug reports for this package should be sent. */
+#define PACKAGE_BUGREPORT ""
+
+/* Define to the full name of this package. */
+#define PACKAGE_NAME ""
+
+/* Define to the full name and version of this package. */
+#define PACKAGE_STRING ""
+
+/* Define to the one symbol short name of this package. */
+#define PACKAGE_TARNAME ""
+
+/* Define to the version of this package. */
+#define PACKAGE_VERSION ""
+
+/* The size of a `unsigned long', as computed by sizeof. */
+#define SIZEOF_UNSIGNED_LONG 4
+
+/* The size of a `unsigned long long', as computed by sizeof. */
+#define SIZEOF_UNSIGNED_LONG_LONG 8
+
+/* Define to use GDOI. */
+/* #undef SRTP_GDOI */
+
+/* Define to compile for kernel contexts. */
+/* #undef SRTP_KERNEL */
+
+/* Define to compile for Linux kernel context. */
+/* #undef SRTP_KERNEL_LINUX */
+
+/* Define to 1 if you have the ANSI C header files. */
+#define STDC_HEADERS 1
+
+/* Define to 1 if your processor stores words with the most significant byte
+   first (like Motorola and SPARC, unlike Intel and VAX). */
+/* #undef WORDS_BIGENDIAN */
+
+/* Define to empty if `const' does not conform to ANSI C. */
+/* #undef const */
+
+/* Define 'inline' to nothing, since the MSVC compiler doesn't support it.  */
+#define inline 
+
+/* Define to `unsigned' if <sys/types.h> does not define. */
+/* #undef size_t */
+
+#if (_MSC_VER >= 1400) // VC8+
+#ifndef _CRT_SECURE_NO_DEPRECATE
+#define _CRT_SECURE_NO_DEPRECATE
+#endif
+#ifndef _CRT_NONSTDC_NO_DEPRECATE
+#define _CRT_NONSTDC_NO_DEPRECATE
+#endif
+#endif // VC8+
+
+#ifndef uint32_t
+typedef unsigned __int8		uint8_t;
+typedef unsigned __int16	uint16_t;
+typedef unsigned __int32	uint32_t;
+typedef unsigned __int64    uint64_t;
+typedef __int8		int8_t;
+typedef __int16		int16_t;
+typedef __int32		int32_t;
+typedef __int64		int64_t;
+#endif
+
+#ifdef _MSC_VER
+#pragma warning(disable:4311)
+#endif
diff --git a/trunk/3rdparty/libsrtp-2-fit/config.sub b/trunk/3rdparty/libsrtp-2-fit/config.sub
new file mode 100755
index 000000000..6d86a1e2f
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/config.sub
@@ -0,0 +1,1815 @@
+#! /bin/sh
+# Configuration validation subroutine script.
+#   Copyright 1992-2016 Free Software Foundation, Inc.
+
+timestamp='2016-05-10'
+
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that
+# program.  This Exception is an additional permission under section 7
+# of the GNU General Public License, version 3 ("GPLv3").
+
+
+# Please send patches to <config-patches@gnu.org>.
+#
+# Configuration subroutine to validate and canonicalize a configuration type.
+# Supply the specified configuration type as an argument.
+# If it is invalid, we print an error message on stderr and exit with code 1.
+# Otherwise, we print the canonical config type on stdout and succeed.
+
+# You can get the latest version of this script from:
+# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub
+
+# This file is supposed to be the same for all GNU packages
+# and recognize all the CPU types, system types and aliases
+# that are meaningful with *any* GNU software.
+# Each package is responsible for reporting which valid configurations
+# it does not support.  The user should be able to distinguish
+# a failure to support a valid configuration from a meaningless
+# configuration.
+
+# The goal of this file is to map all the various variations of a given
+# machine specification into a single specification in the form:
+#	CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
+# or in some cases, the newer four-part form:
+#	CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
+# It is wrong to echo any other type of specification.
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION] CPU-MFR-OPSYS or ALIAS
+
+Canonicalize a configuration name.
+
+Operation modes:
+  -h, --help         print this help, then exit
+  -t, --time-stamp   print date of last modification, then exit
+  -v, --version      print version number, then exit
+
+Report bugs and patches to <config-patches@gnu.org>."
+
+version="\
+GNU config.sub ($timestamp)
+
+Copyright 1992-2016 Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+  case $1 in
+    --time-stamp | --time* | -t )
+       echo "$timestamp" ; exit ;;
+    --version | -v )
+       echo "$version" ; exit ;;
+    --help | --h* | -h )
+       echo "$usage"; exit ;;
+    -- )     # Stop option processing
+       shift; break ;;
+    - )	# Use stdin as input.
+       break ;;
+    -* )
+       echo "$me: invalid option $1$help"
+       exit 1 ;;
+
+    *local*)
+       # First pass through any local machine types.
+       echo $1
+       exit ;;
+
+    * )
+       break ;;
+  esac
+done
+
+case $# in
+ 0) echo "$me: missing argument$help" >&2
+    exit 1;;
+ 1) ;;
+ *) echo "$me: too many arguments$help" >&2
+    exit 1;;
+esac
+
+# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
+# Here we must recognize all the valid KERNEL-OS combinations.
+maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
+case $maybe_os in
+  nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \
+  linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \
+  knetbsd*-gnu* | netbsd*-gnu* | netbsd*-eabi* | \
+  kopensolaris*-gnu* | \
+  storm-chaos* | os2-emx* | rtmk-nova*)
+    os=-$maybe_os
+    basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
+    ;;
+  android-linux)
+    os=-linux-android
+    basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown
+    ;;
+  *)
+    basic_machine=`echo $1 | sed 's/-[^-]*$//'`
+    if [ $basic_machine != $1 ]
+    then os=`echo $1 | sed 's/.*-/-/'`
+    else os=; fi
+    ;;
+esac
+
+### Let's recognize common machines as not being operating systems so
+### that things like config.sub decstation-3100 work.  We also
+### recognize some manufacturers as not being operating systems, so we
+### can provide default operating systems below.
+case $os in
+	-sun*os*)
+		# Prevent following clause from handling this invalid input.
+		;;
+	-dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \
+	-att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \
+	-unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \
+	-convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
+	-c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
+	-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
+	-apple | -axis | -knuth | -cray | -microblaze*)
+		os=
+		basic_machine=$1
+		;;
+	-bluegene*)
+		os=-cnk
+		;;
+	-sim | -cisco | -oki | -wec | -winbond)
+		os=
+		basic_machine=$1
+		;;
+	-scout)
+		;;
+	-wrs)
+		os=-vxworks
+		basic_machine=$1
+		;;
+	-chorusos*)
+		os=-chorusos
+		basic_machine=$1
+		;;
+	-chorusrdb)
+		os=-chorusrdb
+		basic_machine=$1
+		;;
+	-hiux*)
+		os=-hiuxwe2
+		;;
+	-sco6)
+		os=-sco5v6
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco5)
+		os=-sco3.2v5
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco4)
+		os=-sco3.2v4
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco3.2.[4-9]*)
+		os=`echo $os | sed -e 's/sco3.2./sco3.2v/'`
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco3.2v[4-9]*)
+		# Don't forget version if it is 3.2v4 or newer.
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco5v6*)
+		# Don't forget version if it is 3.2v4 or newer.
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco*)
+		os=-sco3.2v2
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-udk*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-isc)
+		os=-isc2.2
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-clix*)
+		basic_machine=clipper-intergraph
+		;;
+	-isc*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-lynx*178)
+		os=-lynxos178
+		;;
+	-lynx*5)
+		os=-lynxos5
+		;;
+	-lynx*)
+		os=-lynxos
+		;;
+	-ptx*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'`
+		;;
+	-windowsnt*)
+		os=`echo $os | sed -e 's/windowsnt/winnt/'`
+		;;
+	-psos*)
+		os=-psos
+		;;
+	-mint | -mint[0-9]*)
+		basic_machine=m68k-atari
+		os=-mint
+		;;
+esac
+
+# Decode aliases for certain CPU-COMPANY combinations.
+case $basic_machine in
+	# Recognize the basic CPU types without company name.
+	# Some are omitted here because they have special meanings below.
+	1750a | 580 \
+	| a29k \
+	| aarch64 | aarch64_be \
+	| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
+	| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
+	| am33_2.0 \
+	| arc | arceb \
+	| arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \
+	| avr | avr32 \
+	| ba \
+	| be32 | be64 \
+	| bfin \
+	| c4x | c8051 | clipper \
+	| d10v | d30v | dlx | dsp16xx \
+	| e2k | epiphany \
+	| fido | fr30 | frv | ft32 \
+	| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
+	| hexagon \
+	| i370 | i860 | i960 | ia64 \
+	| ip2k | iq2000 \
+	| k1om \
+	| le32 | le64 \
+	| lm32 \
+	| m32c | m32r | m32rle | m68000 | m68k | m88k \
+	| maxq | mb | microblaze | microblazeel | mcore | mep | metag \
+	| mips | mipsbe | mipseb | mipsel | mipsle \
+	| mips16 \
+	| mips64 | mips64el \
+	| mips64octeon | mips64octeonel \
+	| mips64orion | mips64orionel \
+	| mips64r5900 | mips64r5900el \
+	| mips64vr | mips64vrel \
+	| mips64vr4100 | mips64vr4100el \
+	| mips64vr4300 | mips64vr4300el \
+	| mips64vr5000 | mips64vr5000el \
+	| mips64vr5900 | mips64vr5900el \
+	| mipsisa32 | mipsisa32el \
+	| mipsisa32r2 | mipsisa32r2el \
+	| mipsisa32r6 | mipsisa32r6el \
+	| mipsisa64 | mipsisa64el \
+	| mipsisa64r2 | mipsisa64r2el \
+	| mipsisa64r6 | mipsisa64r6el \
+	| mipsisa64sb1 | mipsisa64sb1el \
+	| mipsisa64sr71k | mipsisa64sr71kel \
+	| mipsr5900 | mipsr5900el \
+	| mipstx39 | mipstx39el \
+	| mn10200 | mn10300 \
+	| moxie \
+	| mt \
+	| msp430 \
+	| nds32 | nds32le | nds32be \
+	| nios | nios2 | nios2eb | nios2el \
+	| ns16k | ns32k \
+	| open8 | or1k | or1knd | or32 \
+	| pdp10 | pdp11 | pj | pjl \
+	| powerpc | powerpc64 | powerpc64le | powerpcle \
+	| pyramid \
+	| riscv32 | riscv64 \
+	| rl78 | rx \
+	| score \
+	| sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[234]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
+	| sh64 | sh64le \
+	| sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
+	| sparcv8 | sparcv9 | sparcv9b | sparcv9v \
+	| spu \
+	| tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \
+	| ubicom32 \
+	| v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \
+	| visium \
+	| we32k \
+	| x86 | xc16x | xstormy16 | xtensa \
+	| z8k | z80)
+		basic_machine=$basic_machine-unknown
+		;;
+	c54x)
+		basic_machine=tic54x-unknown
+		;;
+	c55x)
+		basic_machine=tic55x-unknown
+		;;
+	c6x)
+		basic_machine=tic6x-unknown
+		;;
+	leon|leon[3-9])
+		basic_machine=sparc-$basic_machine
+		;;
+	m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | nvptx | picochip)
+		basic_machine=$basic_machine-unknown
+		os=-none
+		;;
+	m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k)
+		;;
+	ms1)
+		basic_machine=mt-unknown
+		;;
+
+	strongarm | thumb | xscale)
+		basic_machine=arm-unknown
+		;;
+	xgate)
+		basic_machine=$basic_machine-unknown
+		os=-none
+		;;
+	xscaleeb)
+		basic_machine=armeb-unknown
+		;;
+
+	xscaleel)
+		basic_machine=armel-unknown
+		;;
+
+	# We use `pc' rather than `unknown'
+	# because (1) that's what they normally are, and
+	# (2) the word "unknown" tends to confuse beginning users.
+	i*86 | x86_64)
+	  basic_machine=$basic_machine-pc
+	  ;;
+	# Object if more than one company name word.
+	*-*-*)
+		echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+		exit 1
+		;;
+	# Recognize the basic CPU types with company name.
+	580-* \
+	| a29k-* \
+	| aarch64-* | aarch64_be-* \
+	| alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
+	| alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
+	| alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \
+	| arm-*  | armbe-* | armle-* | armeb-* | armv*-* \
+	| avr-* | avr32-* \
+	| ba-* \
+	| be32-* | be64-* \
+	| bfin-* | bs2000-* \
+	| c[123]* | c30-* | [cjt]90-* | c4x-* \
+	| c8051-* | clipper-* | craynv-* | cydra-* \
+	| d10v-* | d30v-* | dlx-* \
+	| e2k-* | elxsi-* \
+	| f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
+	| h8300-* | h8500-* \
+	| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
+	| hexagon-* \
+	| i*86-* | i860-* | i960-* | ia64-* \
+	| ip2k-* | iq2000-* \
+	| k1om-* \
+	| le32-* | le64-* \
+	| lm32-* \
+	| m32c-* | m32r-* | m32rle-* \
+	| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
+	| m88110-* | m88k-* | maxq-* | mcore-* | metag-* \
+	| microblaze-* | microblazeel-* \
+	| mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
+	| mips16-* \
+	| mips64-* | mips64el-* \
+	| mips64octeon-* | mips64octeonel-* \
+	| mips64orion-* | mips64orionel-* \
+	| mips64r5900-* | mips64r5900el-* \
+	| mips64vr-* | mips64vrel-* \
+	| mips64vr4100-* | mips64vr4100el-* \
+	| mips64vr4300-* | mips64vr4300el-* \
+	| mips64vr5000-* | mips64vr5000el-* \
+	| mips64vr5900-* | mips64vr5900el-* \
+	| mipsisa32-* | mipsisa32el-* \
+	| mipsisa32r2-* | mipsisa32r2el-* \
+	| mipsisa32r6-* | mipsisa32r6el-* \
+	| mipsisa64-* | mipsisa64el-* \
+	| mipsisa64r2-* | mipsisa64r2el-* \
+	| mipsisa64r6-* | mipsisa64r6el-* \
+	| mipsisa64sb1-* | mipsisa64sb1el-* \
+	| mipsisa64sr71k-* | mipsisa64sr71kel-* \
+	| mipsr5900-* | mipsr5900el-* \
+	| mipstx39-* | mipstx39el-* \
+	| mmix-* \
+	| mt-* \
+	| msp430-* \
+	| nds32-* | nds32le-* | nds32be-* \
+	| nios-* | nios2-* | nios2eb-* | nios2el-* \
+	| none-* | np1-* | ns16k-* | ns32k-* \
+	| open8-* \
+	| or1k*-* \
+	| orion-* \
+	| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
+	| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \
+	| pyramid-* \
+	| riscv32-* | riscv64-* \
+	| rl78-* | romp-* | rs6000-* | rx-* \
+	| sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
+	| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
+	| sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
+	| sparclite-* \
+	| sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx*-* \
+	| tahoe-* \
+	| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
+	| tile*-* \
+	| tron-* \
+	| ubicom32-* \
+	| v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \
+	| vax-* \
+	| visium-* \
+	| we32k-* \
+	| x86-* | x86_64-* | xc16x-* | xps100-* \
+	| xstormy16-* | xtensa*-* \
+	| ymp-* \
+	| z8k-* | z80-*)
+		;;
+	# Recognize the basic CPU types without company name, with glob match.
+	xtensa*)
+		basic_machine=$basic_machine-unknown
+		;;
+	# Recognize the various machine names and aliases which stand
+	# for a CPU type and a company and sometimes even an OS.
+	386bsd)
+		basic_machine=i386-unknown
+		os=-bsd
+		;;
+	3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
+		basic_machine=m68000-att
+		;;
+	3b*)
+		basic_machine=we32k-att
+		;;
+	a29khif)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+	abacus)
+		basic_machine=abacus-unknown
+		;;
+	adobe68k)
+		basic_machine=m68010-adobe
+		os=-scout
+		;;
+	alliant | fx80)
+		basic_machine=fx80-alliant
+		;;
+	altos | altos3068)
+		basic_machine=m68k-altos
+		;;
+	am29k)
+		basic_machine=a29k-none
+		os=-bsd
+		;;
+	amd64)
+		basic_machine=x86_64-pc
+		;;
+	amd64-*)
+		basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	amdahl)
+		basic_machine=580-amdahl
+		os=-sysv
+		;;
+	amiga | amiga-*)
+		basic_machine=m68k-unknown
+		;;
+	amigaos | amigados)
+		basic_machine=m68k-unknown
+		os=-amigaos
+		;;
+	amigaunix | amix)
+		basic_machine=m68k-unknown
+		os=-sysv4
+		;;
+	apollo68)
+		basic_machine=m68k-apollo
+		os=-sysv
+		;;
+	apollo68bsd)
+		basic_machine=m68k-apollo
+		os=-bsd
+		;;
+	aros)
+		basic_machine=i386-pc
+		os=-aros
+		;;
+	asmjs)
+		basic_machine=asmjs-unknown
+		;;
+	aux)
+		basic_machine=m68k-apple
+		os=-aux
+		;;
+	balance)
+		basic_machine=ns32k-sequent
+		os=-dynix
+		;;
+	blackfin)
+		basic_machine=bfin-unknown
+		os=-linux
+		;;
+	blackfin-*)
+		basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'`
+		os=-linux
+		;;
+	bluegene*)
+		basic_machine=powerpc-ibm
+		os=-cnk
+		;;
+	c54x-*)
+		basic_machine=tic54x-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	c55x-*)
+		basic_machine=tic55x-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	c6x-*)
+		basic_machine=tic6x-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	c90)
+		basic_machine=c90-cray
+		os=-unicos
+		;;
+	cegcc)
+		basic_machine=arm-unknown
+		os=-cegcc
+		;;
+	convex-c1)
+		basic_machine=c1-convex
+		os=-bsd
+		;;
+	convex-c2)
+		basic_machine=c2-convex
+		os=-bsd
+		;;
+	convex-c32)
+		basic_machine=c32-convex
+		os=-bsd
+		;;
+	convex-c34)
+		basic_machine=c34-convex
+		os=-bsd
+		;;
+	convex-c38)
+		basic_machine=c38-convex
+		os=-bsd
+		;;
+	cray | j90)
+		basic_machine=j90-cray
+		os=-unicos
+		;;
+	craynv)
+		basic_machine=craynv-cray
+		os=-unicosmp
+		;;
+	cr16 | cr16-*)
+		basic_machine=cr16-unknown
+		os=-elf
+		;;
+	crds | unos)
+		basic_machine=m68k-crds
+		;;
+	crisv32 | crisv32-* | etraxfs*)
+		basic_machine=crisv32-axis
+		;;
+	cris | cris-* | etrax*)
+		basic_machine=cris-axis
+		;;
+	crx)
+		basic_machine=crx-unknown
+		os=-elf
+		;;
+	da30 | da30-*)
+		basic_machine=m68k-da30
+		;;
+	decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn)
+		basic_machine=mips-dec
+		;;
+	decsystem10* | dec10*)
+		basic_machine=pdp10-dec
+		os=-tops10
+		;;
+	decsystem20* | dec20*)
+		basic_machine=pdp10-dec
+		os=-tops20
+		;;
+	delta | 3300 | motorola-3300 | motorola-delta \
+	      | 3300-motorola | delta-motorola)
+		basic_machine=m68k-motorola
+		;;
+	delta88)
+		basic_machine=m88k-motorola
+		os=-sysv3
+		;;
+	dicos)
+		basic_machine=i686-pc
+		os=-dicos
+		;;
+	djgpp)
+		basic_machine=i586-pc
+		os=-msdosdjgpp
+		;;
+	dpx20 | dpx20-*)
+		basic_machine=rs6000-bull
+		os=-bosx
+		;;
+	dpx2* | dpx2*-bull)
+		basic_machine=m68k-bull
+		os=-sysv3
+		;;
+	ebmon29k)
+		basic_machine=a29k-amd
+		os=-ebmon
+		;;
+	elxsi)
+		basic_machine=elxsi-elxsi
+		os=-bsd
+		;;
+	encore | umax | mmax)
+		basic_machine=ns32k-encore
+		;;
+	es1800 | OSE68k | ose68k | ose | OSE)
+		basic_machine=m68k-ericsson
+		os=-ose
+		;;
+	fx2800)
+		basic_machine=i860-alliant
+		;;
+	genix)
+		basic_machine=ns32k-ns
+		;;
+	gmicro)
+		basic_machine=tron-gmicro
+		os=-sysv
+		;;
+	go32)
+		basic_machine=i386-pc
+		os=-go32
+		;;
+	h3050r* | hiux*)
+		basic_machine=hppa1.1-hitachi
+		os=-hiuxwe2
+		;;
+	h8300hms)
+		basic_machine=h8300-hitachi
+		os=-hms
+		;;
+	h8300xray)
+		basic_machine=h8300-hitachi
+		os=-xray
+		;;
+	h8500hms)
+		basic_machine=h8500-hitachi
+		os=-hms
+		;;
+	harris)
+		basic_machine=m88k-harris
+		os=-sysv3
+		;;
+	hp300-*)
+		basic_machine=m68k-hp
+		;;
+	hp300bsd)
+		basic_machine=m68k-hp
+		os=-bsd
+		;;
+	hp300hpux)
+		basic_machine=m68k-hp
+		os=-hpux
+		;;
+	hp3k9[0-9][0-9] | hp9[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hp9k2[0-9][0-9] | hp9k31[0-9])
+		basic_machine=m68000-hp
+		;;
+	hp9k3[2-9][0-9])
+		basic_machine=m68k-hp
+		;;
+	hp9k6[0-9][0-9] | hp6[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hp9k7[0-79][0-9] | hp7[0-79][0-9])
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k78[0-9] | hp78[0-9])
+		# FIXME: really hppa2.0-hp
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893)
+		# FIXME: really hppa2.0-hp
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[0-9][13679] | hp8[0-9][13679])
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[0-9][0-9] | hp8[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hppa-next)
+		os=-nextstep3
+		;;
+	hppaosf)
+		basic_machine=hppa1.1-hp
+		os=-osf
+		;;
+	hppro)
+		basic_machine=hppa1.1-hp
+		os=-proelf
+		;;
+	i370-ibm* | ibm*)
+		basic_machine=i370-ibm
+		;;
+	i*86v32)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv32
+		;;
+	i*86v4*)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv4
+		;;
+	i*86v)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv
+		;;
+	i*86sol2)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-solaris2
+		;;
+	i386mach)
+		basic_machine=i386-mach
+		os=-mach
+		;;
+	i386-vsta | vsta)
+		basic_machine=i386-unknown
+		os=-vsta
+		;;
+	iris | iris4d)
+		basic_machine=mips-sgi
+		case $os in
+		    -irix*)
+			;;
+		    *)
+			os=-irix4
+			;;
+		esac
+		;;
+	isi68 | isi)
+		basic_machine=m68k-isi
+		os=-sysv
+		;;
+	leon-*|leon[3-9]-*)
+		basic_machine=sparc-`echo $basic_machine | sed 's/-.*//'`
+		;;
+	m68knommu)
+		basic_machine=m68k-unknown
+		os=-linux
+		;;
+	m68knommu-*)
+		basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'`
+		os=-linux
+		;;
+	m88k-omron*)
+		basic_machine=m88k-omron
+		;;
+	magnum | m3230)
+		basic_machine=mips-mips
+		os=-sysv
+		;;
+	merlin)
+		basic_machine=ns32k-utek
+		os=-sysv
+		;;
+	microblaze*)
+		basic_machine=microblaze-xilinx
+		;;
+	mingw64)
+		basic_machine=x86_64-pc
+		os=-mingw64
+		;;
+	mingw32)
+		basic_machine=i686-pc
+		os=-mingw32
+		;;
+	mingw32ce)
+		basic_machine=arm-unknown
+		os=-mingw32ce
+		;;
+	miniframe)
+		basic_machine=m68000-convergent
+		;;
+	*mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*)
+		basic_machine=m68k-atari
+		os=-mint
+		;;
+	mips3*-*)
+		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`
+		;;
+	mips3*)
+		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
+		;;
+	monitor)
+		basic_machine=m68k-rom68k
+		os=-coff
+		;;
+	morphos)
+		basic_machine=powerpc-unknown
+		os=-morphos
+		;;
+	moxiebox)
+		basic_machine=moxie-unknown
+		os=-moxiebox
+		;;
+	msdos)
+		basic_machine=i386-pc
+		os=-msdos
+		;;
+	ms1-*)
+		basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'`
+		;;
+	msys)
+		basic_machine=i686-pc
+		os=-msys
+		;;
+	mvs)
+		basic_machine=i370-ibm
+		os=-mvs
+		;;
+	nacl)
+		basic_machine=le32-unknown
+		os=-nacl
+		;;
+	ncr3000)
+		basic_machine=i486-ncr
+		os=-sysv4
+		;;
+	netbsd386)
+		basic_machine=i386-unknown
+		os=-netbsd
+		;;
+	netwinder)
+		basic_machine=armv4l-rebel
+		os=-linux
+		;;
+	news | news700 | news800 | news900)
+		basic_machine=m68k-sony
+		os=-newsos
+		;;
+	news1000)
+		basic_machine=m68030-sony
+		os=-newsos
+		;;
+	news-3600 | risc-news)
+		basic_machine=mips-sony
+		os=-newsos
+		;;
+	necv70)
+		basic_machine=v70-nec
+		os=-sysv
+		;;
+	next | m*-next )
+		basic_machine=m68k-next
+		case $os in
+		    -nextstep* )
+			;;
+		    -ns2*)
+		      os=-nextstep2
+			;;
+		    *)
+		      os=-nextstep3
+			;;
+		esac
+		;;
+	nh3000)
+		basic_machine=m68k-harris
+		os=-cxux
+		;;
+	nh[45]000)
+		basic_machine=m88k-harris
+		os=-cxux
+		;;
+	nindy960)
+		basic_machine=i960-intel
+		os=-nindy
+		;;
+	mon960)
+		basic_machine=i960-intel
+		os=-mon960
+		;;
+	nonstopux)
+		basic_machine=mips-compaq
+		os=-nonstopux
+		;;
+	np1)
+		basic_machine=np1-gould
+		;;
+	neo-tandem)
+		basic_machine=neo-tandem
+		;;
+	nse-tandem)
+		basic_machine=nse-tandem
+		;;
+	nsr-tandem)
+		basic_machine=nsr-tandem
+		;;
+	op50n-* | op60c-*)
+		basic_machine=hppa1.1-oki
+		os=-proelf
+		;;
+	openrisc | openrisc-*)
+		basic_machine=or32-unknown
+		;;
+	os400)
+		basic_machine=powerpc-ibm
+		os=-os400
+		;;
+	OSE68000 | ose68000)
+		basic_machine=m68000-ericsson
+		os=-ose
+		;;
+	os68k)
+		basic_machine=m68k-none
+		os=-os68k
+		;;
+	pa-hitachi)
+		basic_machine=hppa1.1-hitachi
+		os=-hiuxwe2
+		;;
+	paragon)
+		basic_machine=i860-intel
+		os=-osf
+		;;
+	parisc)
+		basic_machine=hppa-unknown
+		os=-linux
+		;;
+	parisc-*)
+		basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'`
+		os=-linux
+		;;
+	pbd)
+		basic_machine=sparc-tti
+		;;
+	pbb)
+		basic_machine=m68k-tti
+		;;
+	pc532 | pc532-*)
+		basic_machine=ns32k-pc532
+		;;
+	pc98)
+		basic_machine=i386-pc
+		;;
+	pc98-*)
+		basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentium | p5 | k5 | k6 | nexgen | viac3)
+		basic_machine=i586-pc
+		;;
+	pentiumpro | p6 | 6x86 | athlon | athlon_*)
+		basic_machine=i686-pc
+		;;
+	pentiumii | pentium2 | pentiumiii | pentium3)
+		basic_machine=i686-pc
+		;;
+	pentium4)
+		basic_machine=i786-pc
+		;;
+	pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
+		basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentiumpro-* | p6-* | 6x86-* | athlon-*)
+		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*)
+		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentium4-*)
+		basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pn)
+		basic_machine=pn-gould
+		;;
+	power)	basic_machine=power-ibm
+		;;
+	ppc | ppcbe)	basic_machine=powerpc-unknown
+		;;
+	ppc-* | ppcbe-*)
+		basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppcle | powerpclittle | ppc-le | powerpc-little)
+		basic_machine=powerpcle-unknown
+		;;
+	ppcle-* | powerpclittle-*)
+		basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppc64)	basic_machine=powerpc64-unknown
+		;;
+	ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppc64le | powerpc64little | ppc64-le | powerpc64-little)
+		basic_machine=powerpc64le-unknown
+		;;
+	ppc64le-* | powerpc64little-*)
+		basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ps2)
+		basic_machine=i386-ibm
+		;;
+	pw32)
+		basic_machine=i586-unknown
+		os=-pw32
+		;;
+	rdos | rdos64)
+		basic_machine=x86_64-pc
+		os=-rdos
+		;;
+	rdos32)
+		basic_machine=i386-pc
+		os=-rdos
+		;;
+	rom68k)
+		basic_machine=m68k-rom68k
+		os=-coff
+		;;
+	rm[46]00)
+		basic_machine=mips-siemens
+		;;
+	rtpc | rtpc-*)
+		basic_machine=romp-ibm
+		;;
+	s390 | s390-*)
+		basic_machine=s390-ibm
+		;;
+	s390x | s390x-*)
+		basic_machine=s390x-ibm
+		;;
+	sa29200)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+	sb1)
+		basic_machine=mipsisa64sb1-unknown
+		;;
+	sb1el)
+		basic_machine=mipsisa64sb1el-unknown
+		;;
+	sde)
+		basic_machine=mipsisa32-sde
+		os=-elf
+		;;
+	sei)
+		basic_machine=mips-sei
+		os=-seiux
+		;;
+	sequent)
+		basic_machine=i386-sequent
+		;;
+	sh)
+		basic_machine=sh-hitachi
+		os=-hms
+		;;
+	sh5el)
+		basic_machine=sh5le-unknown
+		;;
+	sh64)
+		basic_machine=sh64-unknown
+		;;
+	sparclite-wrs | simso-wrs)
+		basic_machine=sparclite-wrs
+		os=-vxworks
+		;;
+	sps7)
+		basic_machine=m68k-bull
+		os=-sysv2
+		;;
+	spur)
+		basic_machine=spur-unknown
+		;;
+	st2000)
+		basic_machine=m68k-tandem
+		;;
+	stratus)
+		basic_machine=i860-stratus
+		os=-sysv4
+		;;
+	strongarm-* | thumb-*)
+		basic_machine=arm-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	sun2)
+		basic_machine=m68000-sun
+		;;
+	sun2os3)
+		basic_machine=m68000-sun
+		os=-sunos3
+		;;
+	sun2os4)
+		basic_machine=m68000-sun
+		os=-sunos4
+		;;
+	sun3os3)
+		basic_machine=m68k-sun
+		os=-sunos3
+		;;
+	sun3os4)
+		basic_machine=m68k-sun
+		os=-sunos4
+		;;
+	sun4os3)
+		basic_machine=sparc-sun
+		os=-sunos3
+		;;
+	sun4os4)
+		basic_machine=sparc-sun
+		os=-sunos4
+		;;
+	sun4sol2)
+		basic_machine=sparc-sun
+		os=-solaris2
+		;;
+	sun3 | sun3-*)
+		basic_machine=m68k-sun
+		;;
+	sun4)
+		basic_machine=sparc-sun
+		;;
+	sun386 | sun386i | roadrunner)
+		basic_machine=i386-sun
+		;;
+	sv1)
+		basic_machine=sv1-cray
+		os=-unicos
+		;;
+	symmetry)
+		basic_machine=i386-sequent
+		os=-dynix
+		;;
+	t3e)
+		basic_machine=alphaev5-cray
+		os=-unicos
+		;;
+	t90)
+		basic_machine=t90-cray
+		os=-unicos
+		;;
+	tile*)
+		basic_machine=$basic_machine-unknown
+		os=-linux-gnu
+		;;
+	tx39)
+		basic_machine=mipstx39-unknown
+		;;
+	tx39el)
+		basic_machine=mipstx39el-unknown
+		;;
+	toad1)
+		basic_machine=pdp10-xkl
+		os=-tops20
+		;;
+	tower | tower-32)
+		basic_machine=m68k-ncr
+		;;
+	tpf)
+		basic_machine=s390x-ibm
+		os=-tpf
+		;;
+	udi29k)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+	ultra3)
+		basic_machine=a29k-nyu
+		os=-sym1
+		;;
+	v810 | necv810)
+		basic_machine=v810-nec
+		os=-none
+		;;
+	vaxv)
+		basic_machine=vax-dec
+		os=-sysv
+		;;
+	vms)
+		basic_machine=vax-dec
+		os=-vms
+		;;
+	vpp*|vx|vx-*)
+		basic_machine=f301-fujitsu
+		;;
+	vxworks960)
+		basic_machine=i960-wrs
+		os=-vxworks
+		;;
+	vxworks68)
+		basic_machine=m68k-wrs
+		os=-vxworks
+		;;
+	vxworks29k)
+		basic_machine=a29k-wrs
+		os=-vxworks
+		;;
+	w65*)
+		basic_machine=w65-wdc
+		os=-none
+		;;
+	w89k-*)
+		basic_machine=hppa1.1-winbond
+		os=-proelf
+		;;
+	xbox)
+		basic_machine=i686-pc
+		os=-mingw32
+		;;
+	xps | xps100)
+		basic_machine=xps100-honeywell
+		;;
+	xscale-* | xscalee[bl]-*)
+		basic_machine=`echo $basic_machine | sed 's/^xscale/arm/'`
+		;;
+	ymp)
+		basic_machine=ymp-cray
+		os=-unicos
+		;;
+	z8k-*-coff)
+		basic_machine=z8k-unknown
+		os=-sim
+		;;
+	z80-*-coff)
+		basic_machine=z80-unknown
+		os=-sim
+		;;
+	none)
+		basic_machine=none-none
+		os=-none
+		;;
+
+# Here we handle the default manufacturer of certain CPU types.  It is in
+# some cases the only manufacturer, in others, it is the most popular.
+	w89k)
+		basic_machine=hppa1.1-winbond
+		;;
+	op50n)
+		basic_machine=hppa1.1-oki
+		;;
+	op60c)
+		basic_machine=hppa1.1-oki
+		;;
+	romp)
+		basic_machine=romp-ibm
+		;;
+	mmix)
+		basic_machine=mmix-knuth
+		;;
+	rs6000)
+		basic_machine=rs6000-ibm
+		;;
+	vax)
+		basic_machine=vax-dec
+		;;
+	pdp10)
+		# there are many clones, so DEC is not a safe bet
+		basic_machine=pdp10-unknown
+		;;
+	pdp11)
+		basic_machine=pdp11-dec
+		;;
+	we32k)
+		basic_machine=we32k-att
+		;;
+	sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele)
+		basic_machine=sh-unknown
+		;;
+	sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v)
+		basic_machine=sparc-sun
+		;;
+	cydra)
+		basic_machine=cydra-cydrome
+		;;
+	orion)
+		basic_machine=orion-highlevel
+		;;
+	orion105)
+		basic_machine=clipper-highlevel
+		;;
+	mac | mpw | mac-mpw)
+		basic_machine=m68k-apple
+		;;
+	pmac | pmac-mpw)
+		basic_machine=powerpc-apple
+		;;
+	*-unknown)
+		# Make sure to match an already-canonicalized machine name.
+		;;
+	*)
+		echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+		exit 1
+		;;
+esac
+
+# Here we canonicalize certain aliases for manufacturers.
+case $basic_machine in
+	*-digital*)
+		basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'`
+		;;
+	*-commodore*)
+		basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'`
+		;;
+	*)
+		;;
+esac
+
+# Decode manufacturer-specific aliases for certain operating systems.
+
+if [ x"$os" != x"" ]
+then
+case $os in
+	# First match some system type aliases
+	# that might get confused with valid system types.
+	# -solaris* is a basic system type, with this one exception.
+	-auroraux)
+		os=-auroraux
+		;;
+	-solaris1 | -solaris1.*)
+		os=`echo $os | sed -e 's|solaris1|sunos4|'`
+		;;
+	-solaris)
+		os=-solaris2
+		;;
+	-svr4*)
+		os=-sysv4
+		;;
+	-unixware*)
+		os=-sysv4.2uw
+		;;
+	-gnu/linux*)
+		os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
+		;;
+	# First accept the basic system types.
+	# The portable systems comes first.
+	# Each alternative MUST END IN A *, to match a version number.
+	# -sysv* is not here because it comes later, after sysvr4.
+	-gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
+	      | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\
+	      | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \
+	      | -sym* | -kopensolaris* | -plan9* \
+	      | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
+	      | -aos* | -aros* | -cloudabi* | -sortix* \
+	      | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
+	      | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
+	      | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
+	      | -bitrig* | -openbsd* | -solidbsd* | -libertybsd* \
+	      | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
+	      | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
+	      | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
+	      | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
+	      | -chorusos* | -chorusrdb* | -cegcc* \
+	      | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
+	      | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \
+	      | -linux-newlib* | -linux-musl* | -linux-uclibc* \
+	      | -uxpv* | -beos* | -mpeix* | -udk* | -moxiebox* \
+	      | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
+	      | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
+	      | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
+	      | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
+	      | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
+	      | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
+	      | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* \
+	      | -onefs* | -tirtos* | -phoenix*)
+	# Remember, each alternative MUST END IN *, to match a version number.
+		;;
+	-qnx*)
+		case $basic_machine in
+		    x86-* | i*86-*)
+			;;
+		    *)
+			os=-nto$os
+			;;
+		esac
+		;;
+	-nto-qnx*)
+		;;
+	-nto*)
+		os=`echo $os | sed -e 's|nto|nto-qnx|'`
+		;;
+	-sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
+	      | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \
+	      | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
+		;;
+	-mac*)
+		os=`echo $os | sed -e 's|mac|macos|'`
+		;;
+	-linux-dietlibc)
+		os=-linux-dietlibc
+		;;
+	-linux*)
+		os=`echo $os | sed -e 's|linux|linux-gnu|'`
+		;;
+	-sunos5*)
+		os=`echo $os | sed -e 's|sunos5|solaris2|'`
+		;;
+	-sunos6*)
+		os=`echo $os | sed -e 's|sunos6|solaris3|'`
+		;;
+	-opened*)
+		os=-openedition
+		;;
+	-os400*)
+		os=-os400
+		;;
+	-wince*)
+		os=-wince
+		;;
+	-osfrose*)
+		os=-osfrose
+		;;
+	-osf*)
+		os=-osf
+		;;
+	-utek*)
+		os=-bsd
+		;;
+	-dynix*)
+		os=-bsd
+		;;
+	-acis*)
+		os=-aos
+		;;
+	-atheos*)
+		os=-atheos
+		;;
+	-syllable*)
+		os=-syllable
+		;;
+	-386bsd)
+		os=-bsd
+		;;
+	-ctix* | -uts*)
+		os=-sysv
+		;;
+	-nova*)
+		os=-rtmk-nova
+		;;
+	-ns2 )
+		os=-nextstep2
+		;;
+	-nsk*)
+		os=-nsk
+		;;
+	# Preserve the version number of sinix5.
+	-sinix5.*)
+		os=`echo $os | sed -e 's|sinix|sysv|'`
+		;;
+	-sinix*)
+		os=-sysv4
+		;;
+	-tpf*)
+		os=-tpf
+		;;
+	-triton*)
+		os=-sysv3
+		;;
+	-oss*)
+		os=-sysv3
+		;;
+	-svr4)
+		os=-sysv4
+		;;
+	-svr3)
+		os=-sysv3
+		;;
+	-sysvr4)
+		os=-sysv4
+		;;
+	# This must come after -sysvr4.
+	-sysv*)
+		;;
+	-ose*)
+		os=-ose
+		;;
+	-es1800*)
+		os=-ose
+		;;
+	-xenix)
+		os=-xenix
+		;;
+	-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+		os=-mint
+		;;
+	-aros*)
+		os=-aros
+		;;
+	-zvmoe)
+		os=-zvmoe
+		;;
+	-dicos*)
+		os=-dicos
+		;;
+	-nacl*)
+		;;
+	-ios)
+		;;
+	-none)
+		;;
+	*)
+		# Get rid of the `-' at the beginning of $os.
+		os=`echo $os | sed 's/[^-]*-//'`
+		echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2
+		exit 1
+		;;
+esac
+else
+
+# Here we handle the default operating systems that come with various machines.
+# The value should be what the vendor currently ships out the door with their
+# machine or put another way, the most popular os provided with the machine.
+
+# Note that if you're going to try to match "-MANUFACTURER" here (say,
+# "-sun"), then you have to tell the case statement up towards the top
+# that MANUFACTURER isn't an operating system.  Otherwise, code above
+# will signal an error saying that MANUFACTURER isn't an operating
+# system, and we'll never get to this point.
+
+case $basic_machine in
+	score-*)
+		os=-elf
+		;;
+	spu-*)
+		os=-elf
+		;;
+	*-acorn)
+		os=-riscix1.2
+		;;
+	arm*-rebel)
+		os=-linux
+		;;
+	arm*-semi)
+		os=-aout
+		;;
+	c4x-* | tic4x-*)
+		os=-coff
+		;;
+	c8051-*)
+		os=-elf
+		;;
+	hexagon-*)
+		os=-elf
+		;;
+	tic54x-*)
+		os=-coff
+		;;
+	tic55x-*)
+		os=-coff
+		;;
+	tic6x-*)
+		os=-coff
+		;;
+	# This must come before the *-dec entry.
+	pdp10-*)
+		os=-tops20
+		;;
+	pdp11-*)
+		os=-none
+		;;
+	*-dec | vax-*)
+		os=-ultrix4.2
+		;;
+	m68*-apollo)
+		os=-domain
+		;;
+	i386-sun)
+		os=-sunos4.0.2
+		;;
+	m68000-sun)
+		os=-sunos3
+		;;
+	m68*-cisco)
+		os=-aout
+		;;
+	mep-*)
+		os=-elf
+		;;
+	mips*-cisco)
+		os=-elf
+		;;
+	mips*-*)
+		os=-elf
+		;;
+	or32-*)
+		os=-coff
+		;;
+	*-tti)	# must be before sparc entry or we get the wrong os.
+		os=-sysv3
+		;;
+	sparc-* | *-sun)
+		os=-sunos4.1.1
+		;;
+	*-be)
+		os=-beos
+		;;
+	*-haiku)
+		os=-haiku
+		;;
+	*-ibm)
+		os=-aix
+		;;
+	*-knuth)
+		os=-mmixware
+		;;
+	*-wec)
+		os=-proelf
+		;;
+	*-winbond)
+		os=-proelf
+		;;
+	*-oki)
+		os=-proelf
+		;;
+	*-hp)
+		os=-hpux
+		;;
+	*-hitachi)
+		os=-hiux
+		;;
+	i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent)
+		os=-sysv
+		;;
+	*-cbm)
+		os=-amigaos
+		;;
+	*-dg)
+		os=-dgux
+		;;
+	*-dolphin)
+		os=-sysv3
+		;;
+	m68k-ccur)
+		os=-rtu
+		;;
+	m88k-omron*)
+		os=-luna
+		;;
+	*-next )
+		os=-nextstep
+		;;
+	*-sequent)
+		os=-ptx
+		;;
+	*-crds)
+		os=-unos
+		;;
+	*-ns)
+		os=-genix
+		;;
+	i370-*)
+		os=-mvs
+		;;
+	*-next)
+		os=-nextstep3
+		;;
+	*-gould)
+		os=-sysv
+		;;
+	*-highlevel)
+		os=-bsd
+		;;
+	*-encore)
+		os=-bsd
+		;;
+	*-sgi)
+		os=-irix
+		;;
+	*-siemens)
+		os=-sysv4
+		;;
+	*-masscomp)
+		os=-rtu
+		;;
+	f30[01]-fujitsu | f700-fujitsu)
+		os=-uxpv
+		;;
+	*-rom68k)
+		os=-coff
+		;;
+	*-*bug)
+		os=-coff
+		;;
+	*-apple)
+		os=-macos
+		;;
+	*-atari*)
+		os=-mint
+		;;
+	*)
+		os=-none
+		;;
+esac
+fi
+
+# Here we handle the case where we know the os, and the CPU type, but not the
+# manufacturer.  We pick the logical manufacturer.
+vendor=unknown
+case $basic_machine in
+	*-unknown)
+		case $os in
+			-riscix*)
+				vendor=acorn
+				;;
+			-sunos*)
+				vendor=sun
+				;;
+			-cnk*|-aix*)
+				vendor=ibm
+				;;
+			-beos*)
+				vendor=be
+				;;
+			-hpux*)
+				vendor=hp
+				;;
+			-mpeix*)
+				vendor=hp
+				;;
+			-hiux*)
+				vendor=hitachi
+				;;
+			-unos*)
+				vendor=crds
+				;;
+			-dgux*)
+				vendor=dg
+				;;
+			-luna*)
+				vendor=omron
+				;;
+			-genix*)
+				vendor=ns
+				;;
+			-mvs* | -opened*)
+				vendor=ibm
+				;;
+			-os400*)
+				vendor=ibm
+				;;
+			-ptx*)
+				vendor=sequent
+				;;
+			-tpf*)
+				vendor=ibm
+				;;
+			-vxsim* | -vxworks* | -windiss*)
+				vendor=wrs
+				;;
+			-aux*)
+				vendor=apple
+				;;
+			-hms*)
+				vendor=hitachi
+				;;
+			-mpw* | -macos*)
+				vendor=apple
+				;;
+			-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+				vendor=atari
+				;;
+			-vos*)
+				vendor=stratus
+				;;
+		esac
+		basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"`
+		;;
+esac
+
+echo $basic_machine$os
+exit
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/trunk/3rdparty/libsrtp-2-fit/config_in.h b/trunk/3rdparty/libsrtp-2-fit/config_in.h
new file mode 100644
index 000000000..31e6ffe38
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/config_in.h
@@ -0,0 +1,196 @@
+/* config_in.h.  Generated from configure.ac by autoheader.  */
+
+/* Define if building universal (internal helper macro) */
+#undef AC_APPLE_UNIVERSAL_BUILD
+
+/* Define if building for a CISC machine (e.g. Intel). */
+#undef CPU_CISC
+
+/* Define if building for a RISC machine (assume slow byte access). */
+#undef CPU_RISC
+
+/* Define to enabled debug logging for all mudules. */
+#undef ENABLE_DEBUG_LOGGING
+
+/* Logging statments will be writen to this file. */
+#undef ERR_REPORTING_FILE
+
+/* Define to redirect logging to stdout. */
+#undef ERR_REPORTING_STDOUT
+
+/* Define this to use AES-GCM. */
+#undef GCM
+
+/* Define to 1 if you have the <arpa/inet.h> header file. */
+#undef HAVE_ARPA_INET_H
+
+/* Define to 1 if you have the <byteswap.h> header file. */
+#undef HAVE_BYTESWAP_H
+
+/* Define to 1 if you have the `inet_aton' function. */
+#undef HAVE_INET_ATON
+
+/* Define to 1 if the system has the type `int16_t'. */
+#undef HAVE_INT16_T
+
+/* Define to 1 if the system has the type `int32_t'. */
+#undef HAVE_INT32_T
+
+/* Define to 1 if the system has the type `int8_t'. */
+#undef HAVE_INT8_T
+
+/* Define to 1 if you have the <inttypes.h> header file. */
+#undef HAVE_INTTYPES_H
+
+/* Define to 1 if you have the `dl' library (-ldl). */
+#undef HAVE_LIBDL
+
+/* Define to 1 if you have the `nspr4' library (-lnspr4). */
+#undef HAVE_LIBNSPR4
+
+/* Define to 1 if you have the `nss3' library (-lnss3). */
+#undef HAVE_LIBNSS3
+
+/* Define to 1 if you have the `socket' library (-lsocket). */
+#undef HAVE_LIBSOCKET
+
+/* Define to 1 if you have the `z' library (-lz). */
+#undef HAVE_LIBZ
+
+/* Define to 1 if you have the <machine/types.h> header file. */
+#undef HAVE_MACHINE_TYPES_H
+
+/* Define to 1 if you have the <memory.h> header file. */
+#undef HAVE_MEMORY_H
+
+/* Define to 1 if you have the <netinet/in.h> header file. */
+#undef HAVE_NETINET_IN_H
+
+/* Define to 1 if you have the <nss.h> header file. */
+#undef HAVE_NSS_H
+
+/* Define to 1 if you have the `winpcap' library (-lwpcap) */
+#undef HAVE_PCAP
+
+/* Define to 1 if you have the `sigaction' function. */
+#undef HAVE_SIGACTION
+
+/* Define to 1 if you have the `socket' function. */
+#undef HAVE_SOCKET
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#undef HAVE_STDINT_H
+
+/* Define to 1 if you have the <stdlib.h> header file. */
+#undef HAVE_STDLIB_H
+
+/* Define to 1 if you have the <strings.h> header file. */
+#undef HAVE_STRINGS_H
+
+/* Define to 1 if you have the <string.h> header file. */
+#undef HAVE_STRING_H
+
+/* Define to 1 if you have the <sys/int_types.h> header file. */
+#undef HAVE_SYS_INT_TYPES_H
+
+/* Define to 1 if you have the <sys/socket.h> header file. */
+#undef HAVE_SYS_SOCKET_H
+
+/* Define to 1 if you have the <sys/stat.h> header file. */
+#undef HAVE_SYS_STAT_H
+
+/* Define to 1 if you have the <sys/types.h> header file. */
+#undef HAVE_SYS_TYPES_H
+
+/* Define to 1 if you have the <sys/uio.h> header file. */
+#undef HAVE_SYS_UIO_H
+
+/* Define to 1 if the system has the type `uint16_t'. */
+#undef HAVE_UINT16_T
+
+/* Define to 1 if the system has the type `uint32_t'. */
+#undef HAVE_UINT32_T
+
+/* Define to 1 if the system has the type `uint64_t'. */
+#undef HAVE_UINT64_T
+
+/* Define to 1 if the system has the type `uint8_t'. */
+#undef HAVE_UINT8_T
+
+/* Define to 1 if you have the <unistd.h> header file. */
+#undef HAVE_UNISTD_H
+
+/* Define to 1 if you have the `usleep' function. */
+#undef HAVE_USLEEP
+
+/* Define to 1 if you have the <windows.h> header file. */
+#undef HAVE_WINDOWS_H
+
+/* Define to 1 if you have the <winsock2.h> header file. */
+#undef HAVE_WINSOCK2_H
+
+/* Define to use X86 inlined assembly code */
+#undef HAVE_X86
+
+/* Define this to use NSS crypto. */
+#undef NSS
+
+/* Define this to use OpenSSL crypto. */
+#undef OPENSSL
+
+/* Define this if OPENSSL_cleanse is broken. */
+#undef OPENSSL_CLEANSE_BROKEN
+
+/* Define this to use OpenSSL KDF for SRTP. */
+#undef OPENSSL_KDF
+
+/* Define to the address where bug reports for this package should be sent. */
+#undef PACKAGE_BUGREPORT
+
+/* Define to the full name of this package. */
+#undef PACKAGE_NAME
+
+/* Define to the full name and version of this package. */
+#undef PACKAGE_STRING
+
+/* Define to the one symbol short name of this package. */
+#undef PACKAGE_TARNAME
+
+/* Define to the home page for this package. */
+#undef PACKAGE_URL
+
+/* Define to the version of this package. */
+#undef PACKAGE_VERSION
+
+/* The size of `unsigned long', as computed by sizeof. */
+#undef SIZEOF_UNSIGNED_LONG
+
+/* The size of `unsigned long long', as computed by sizeof. */
+#undef SIZEOF_UNSIGNED_LONG_LONG
+
+/* Define to 1 if you have the ANSI C header files. */
+#undef STDC_HEADERS
+
+/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
+   significant byte first (like Motorola and SPARC, unlike Intel). */
+#if defined AC_APPLE_UNIVERSAL_BUILD
+# if defined __BIG_ENDIAN__
+#  define WORDS_BIGENDIAN 1
+# endif
+#else
+# ifndef WORDS_BIGENDIAN
+#  undef WORDS_BIGENDIAN
+# endif
+#endif
+
+/* Define to empty if `const' does not conform to ANSI C. */
+#undef const
+
+/* Define to `__inline__' or `__inline' if that's what the C compiler
+   calls it, or to nothing if 'inline' is not supported under any name.  */
+#ifndef __cplusplus
+#undef inline
+#endif
+
+/* Define to `unsigned int' if <sys/types.h> does not define. */
+#undef size_t
diff --git a/trunk/3rdparty/libsrtp-2-fit/config_in_cmake.h b/trunk/3rdparty/libsrtp-2-fit/config_in_cmake.h
new file mode 100644
index 000000000..25daeb379
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/config_in_cmake.h
@@ -0,0 +1,115 @@
+/* clang-format off */
+
+/* Define to the full name and version of this package. */
+#cmakedefine PACKAGE_VERSION "@PACKAGE_VERSION@"
+
+/* Define to the version of this package. */
+#cmakedefine PACKAGE_STRING "@PACKAGE_STRING@"
+
+/* Define to enabled debug logging for all mudules. */
+#cmakedefine ENABLE_DEBUG_LOGGING 1
+
+/* Logging statments will be writen to this file. */
+#cmakedefine ERR_REPORTING_FILE "@ERR_REPORTING_FILE@"
+
+/* Define to redirect logging to stdout. */
+#cmakedefine ERR_REPORTING_STDOUT 1
+
+/* Define this to use OpenSSL crypto. */
+#cmakedefine OPENSSL 1
+
+/* Define this to use AES-GCM. */
+#cmakedefine GCM 1
+
+/* Define if building for a CISC machine (e.g. Intel). */
+#define CPU_CISC 1
+
+/* Define if building for a RISC machine (assume slow byte access). */
+/* #undef CPU_RISC */
+
+/* Define to use X86 inlined assembly code */
+#cmakedefine HAVE_X86 1
+
+/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
+ significant byte first (like Motorola and SPARC, unlike Intel). */
+#cmakedefine WORDS_BIGENDIAN 1
+
+/* Define to 1 if you have the <arpa/inet.h> header file. */
+#cmakedefine HAVE_ARPA_INET_H 1
+
+/* Define to 1 if you have the <byteswap.h> header file. */
+#cmakedefine HAVE_BYTESWAP_H 1
+
+/* Define to 1 if you have the <inttypes.h> header file. */
+#cmakedefine HAVE_INTTYPES_H 1
+
+/* Define to 1 if you have the <machine/types.h> header file. */
+#cmakedefine HAVE_MACHINE_TYPES_H 1
+
+/* Define to 1 if you have the <netinet/in.h> header file. */
+#cmakedefine HAVE_NETINET_IN_H 1
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#cmakedefine HAVE_STDINT_H 1
+
+/* Define to 1 if you have the <stdlib.h> header file. */
+#cmakedefine HAVE_STDLIB_H 1
+
+/* Define to 1 if you have the <sys/int_types.h> header file. */
+#cmakedefine HAVE_SYS_INT_TYPES_H 1
+
+/* Define to 1 if you have the <sys/socket.h> header file. */
+#cmakedefine HAVE_SYS_SOCKET_H 1
+
+/* Define to 1 if you have the <sys/types.h> header file. */
+#cmakedefine HAVE_SYS_TYPES_H 1
+
+/* Define to 1 if you have the <unistd.h> header file. */
+#cmakedefine HAVE_UNISTD_H 1
+
+/* Define to 1 if you have the <windows.h> header file. */
+#cmakedefine HAVE_WINDOWS_H 1
+
+/* Define to 1 if you have the <winsock2.h> header file. */
+#cmakedefine HAVE_WINSOCK2_H 1
+
+/* Define to 1 if you have the `inet_aton' function. */
+#cmakedefine HAVE_INET_ATON 1
+
+/* Define to 1 if you have the `sigaction' function. */
+#cmakedefine HAVE_SIGACTION 1
+
+/* Define to 1 if you have the `usleep' function. */
+#cmakedefine HAVE_USLEEP 1
+
+/* Define to 1 if the system has the type `uint8_t'. */
+#cmakedefine HAVE_UINT8_T 1
+
+/* Define to 1 if the system has the type `uint16_t'. */
+#cmakedefine HAVE_UINT16_T 1
+
+/* Define to 1 if the system has the type `uint32_t'. */
+#cmakedefine HAVE_UINT32_T 1
+
+/* Define to 1 if the system has the type `uint64_t'. */
+#cmakedefine HAVE_UINT64_T 1
+
+/* Define to 1 if the system has the type `int32_t'. */
+#cmakedefine HAVE_INT32_T 1
+
+/* The size of `unsigned long', as computed by sizeof. */
+@SIZEOF_UNSIGNED_LONG_CODE@
+
+/* The size of `unsigned long long', as computed by sizeof. */
+@SIZEOF_UNSIGNED_LONG_LONG_CODE@
+
+/* Define inline to what is supported by compiler  */
+#cmakedefine HAVE_INLINE 1
+#cmakedefine HAVE___INLINE 1
+#ifndef HAVE_INLINE
+  #ifdef HAVE___INLINE
+    #define inline __inline
+  #else
+    #define inline
+  #endif
+#endif
diff --git a/trunk/3rdparty/libsrtp-2-fit/configure b/trunk/3rdparty/libsrtp-2-fit/configure
new file mode 100755
index 000000000..93c9840e8
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/configure
@@ -0,0 +1,7782 @@
+#! /bin/sh
+# Guess values for system-dependent variables and create Makefiles.
+# Generated by GNU Autoconf 2.69 for libsrtp2 2.3.0.
+#
+# Report bugs to <https://github.com/cisco/libsrtp/issues>.
+#
+#
+# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
+#
+#
+# This configure script is free software; the Free Software Foundation
+# gives unlimited permission to copy, distribute and modify it.
+## -------------------- ##
+## M4sh Initialization. ##
+## -------------------- ##
+
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in #(
+  *posix*) :
+    set -o posix ;; #(
+  *) :
+     ;;
+esac
+fi
+
+
+as_nl='
+'
+export as_nl
+# Printing a long string crashes Solaris 7 /usr/bin/printf.
+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+# Prefer a ksh shell builtin over an external printf program on Solaris,
+# but without wasting forks for bash or zsh.
+if test -z "$BASH_VERSION$ZSH_VERSION" \
+    && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
+  as_echo='print -r --'
+  as_echo_n='print -rn --'
+elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+  as_echo='printf %s\n'
+  as_echo_n='printf %s'
+else
+  if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+    as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+    as_echo_n='/usr/ucb/echo -n'
+  else
+    as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+    as_echo_n_body='eval
+      arg=$1;
+      case $arg in #(
+      *"$as_nl"*)
+	expr "X$arg" : "X\\(.*\\)$as_nl";
+	arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+      esac;
+      expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+    '
+    export as_echo_n_body
+    as_echo_n='sh -c $as_echo_n_body as_echo'
+  fi
+  export as_echo_body
+  as_echo='sh -c $as_echo_body as_echo'
+fi
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+  PATH_SEPARATOR=:
+  (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+    (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+      PATH_SEPARATOR=';'
+  }
+fi
+
+
+# IFS
+# We need space, tab and new line, in precisely that order.  Quoting is
+# there to prevent editors from complaining about space-tab.
+# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+# splitting by setting IFS to empty value.)
+IFS=" ""	$as_nl"
+
+# Find who we are.  Look in the path if we contain no directory separator.
+as_myself=
+case $0 in #((
+  *[\\/]* ) as_myself=$0 ;;
+  *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+  done
+IFS=$as_save_IFS
+
+     ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+  as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+  $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+  exit 1
+fi
+
+# Unset variables that we do not need and which cause bugs (e.g. in
+# pre-3.0 UWIN ksh).  But do not cause bugs in bash 2.01; the "|| exit 1"
+# suppresses any "Segmentation fault" message there.  '((' could
+# trigger a bug in pdksh 5.2.14.
+for as_var in BASH_ENV ENV MAIL MAILPATH
+do eval test x\${$as_var+set} = xset \
+  && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
+done
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# CDPATH.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+# Use a proper internal environment variable to ensure we don't fall
+  # into an infinite loop, continuously re-executing ourselves.
+  if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then
+    _as_can_reexec=no; export _as_can_reexec;
+    # We cannot yet assume a decent shell, so we have to provide a
+# neutralization value for shells without unset; and this also
+# works around shells that cannot unset nonexistent variables.
+# Preserve -v and -x to the replacement shell.
+BASH_ENV=/dev/null
+ENV=/dev/null
+(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
+case $- in # ((((
+  *v*x* | *x*v* ) as_opts=-vx ;;
+  *v* ) as_opts=-v ;;
+  *x* ) as_opts=-x ;;
+  * ) as_opts= ;;
+esac
+exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
+# Admittedly, this is quite paranoid, since all the known shells bail
+# out after a failed `exec'.
+$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2
+as_fn_exit 255
+  fi
+  # We don't want this to propagate to other subprocesses.
+          { _as_can_reexec=; unset _as_can_reexec;}
+if test "x$CONFIG_SHELL" = x; then
+  as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then :
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '\${1+\"\$@\"}'='\"\$@\"'
+  setopt NO_GLOB_SUBST
+else
+  case \`(set -o) 2>/dev/null\` in #(
+  *posix*) :
+    set -o posix ;; #(
+  *) :
+     ;;
+esac
+fi
+"
+  as_required="as_fn_return () { (exit \$1); }
+as_fn_success () { as_fn_return 0; }
+as_fn_failure () { as_fn_return 1; }
+as_fn_ret_success () { return 0; }
+as_fn_ret_failure () { return 1; }
+
+exitcode=0
+as_fn_success || { exitcode=1; echo as_fn_success failed.; }
+as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; }
+as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; }
+as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; }
+if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then :
+
+else
+  exitcode=1; echo positional parameters were not saved.
+fi
+test x\$exitcode = x0 || exit 1
+test -x / || exit 1"
+  as_suggested="  as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO
+  as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO
+  eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" &&
+  test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1
+test \$(( 1 + 1 )) = 2 || exit 1"
+  if (eval "$as_required") 2>/dev/null; then :
+  as_have_required=yes
+else
+  as_have_required=no
+fi
+  if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then :
+
+else
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+as_found=false
+for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  as_found=:
+  case $as_dir in #(
+	 /*)
+	   for as_base in sh bash ksh sh5; do
+	     # Try only shells that exist, to save several forks.
+	     as_shell=$as_dir/$as_base
+	     if { test -f "$as_shell" || test -f "$as_shell.exe"; } &&
+		    { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then :
+  CONFIG_SHELL=$as_shell as_have_required=yes
+		   if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then :
+  break 2
+fi
+fi
+	   done;;
+       esac
+  as_found=false
+done
+$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } &&
+	      { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then :
+  CONFIG_SHELL=$SHELL as_have_required=yes
+fi; }
+IFS=$as_save_IFS
+
+
+      if test "x$CONFIG_SHELL" != x; then :
+  export CONFIG_SHELL
+             # We cannot yet assume a decent shell, so we have to provide a
+# neutralization value for shells without unset; and this also
+# works around shells that cannot unset nonexistent variables.
+# Preserve -v and -x to the replacement shell.
+BASH_ENV=/dev/null
+ENV=/dev/null
+(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
+case $- in # ((((
+  *v*x* | *x*v* ) as_opts=-vx ;;
+  *v* ) as_opts=-v ;;
+  *x* ) as_opts=-x ;;
+  * ) as_opts= ;;
+esac
+exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
+# Admittedly, this is quite paranoid, since all the known shells bail
+# out after a failed `exec'.
+$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2
+exit 255
+fi
+
+    if test x$as_have_required = xno; then :
+  $as_echo "$0: This script requires a shell more modern than all"
+  $as_echo "$0: the shells that I found on your system."
+  if test x${ZSH_VERSION+set} = xset ; then
+    $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should"
+    $as_echo "$0: be upgraded to zsh 4.3.4 or later."
+  else
+    $as_echo "$0: Please tell bug-autoconf@gnu.org and
+$0: https://github.com/cisco/libsrtp/issues about your
+$0: system, including any error possibly output before this
+$0: message. Then install a modern shell, or manually run
+$0: the script under such a shell if you do have one."
+  fi
+  exit 1
+fi
+fi
+fi
+SHELL=${CONFIG_SHELL-/bin/sh}
+export SHELL
+# Unset more variables known to interfere with behavior of common tools.
+CLICOLOR_FORCE= GREP_OPTIONS=
+unset CLICOLOR_FORCE GREP_OPTIONS
+
+## --------------------- ##
+## M4sh Shell Functions. ##
+## --------------------- ##
+# as_fn_unset VAR
+# ---------------
+# Portably unset VAR.
+as_fn_unset ()
+{
+  { eval $1=; unset $1;}
+}
+as_unset=as_fn_unset
+
+# as_fn_set_status STATUS
+# -----------------------
+# Set $? to STATUS, without forking.
+as_fn_set_status ()
+{
+  return $1
+} # as_fn_set_status
+
+# as_fn_exit STATUS
+# -----------------
+# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
+as_fn_exit ()
+{
+  set +e
+  as_fn_set_status $1
+  exit $1
+} # as_fn_exit
+
+# as_fn_mkdir_p
+# -------------
+# Create "$as_dir" as a directory, including parents if necessary.
+as_fn_mkdir_p ()
+{
+
+  case $as_dir in #(
+  -*) as_dir=./$as_dir;;
+  esac
+  test -d "$as_dir" || eval $as_mkdir_p || {
+    as_dirs=
+    while :; do
+      case $as_dir in #(
+      *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+      *) as_qdir=$as_dir;;
+      esac
+      as_dirs="'$as_qdir' $as_dirs"
+      as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_dir" : 'X\(//\)[^/]' \| \
+	 X"$as_dir" : 'X\(//\)$' \| \
+	 X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      test -d "$as_dir" && break
+    done
+    test -z "$as_dirs" || eval "mkdir $as_dirs"
+  } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
+
+
+} # as_fn_mkdir_p
+
+# as_fn_executable_p FILE
+# -----------------------
+# Test if FILE is an executable regular file.
+as_fn_executable_p ()
+{
+  test -f "$1" && test -x "$1"
+} # as_fn_executable_p
+# as_fn_append VAR VALUE
+# ----------------------
+# Append the text in VALUE to the end of the definition contained in VAR. Take
+# advantage of any shell optimizations that allow amortized linear growth over
+# repeated appends, instead of the typical quadratic growth present in naive
+# implementations.
+if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
+  eval 'as_fn_append ()
+  {
+    eval $1+=\$2
+  }'
+else
+  as_fn_append ()
+  {
+    eval $1=\$$1\$2
+  }
+fi # as_fn_append
+
+# as_fn_arith ARG...
+# ------------------
+# Perform arithmetic evaluation on the ARGs, and store the result in the
+# global $as_val. Take advantage of shells that can avoid forks. The arguments
+# must be portable across $(()) and expr.
+if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
+  eval 'as_fn_arith ()
+  {
+    as_val=$(( $* ))
+  }'
+else
+  as_fn_arith ()
+  {
+    as_val=`expr "$@" || test $? -eq 1`
+  }
+fi # as_fn_arith
+
+
+# as_fn_error STATUS ERROR [LINENO LOG_FD]
+# ----------------------------------------
+# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
+# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
+# script with STATUS, using 1 if that was 0.
+as_fn_error ()
+{
+  as_status=$1; test $as_status -eq 0 && as_status=1
+  if test "$4"; then
+    as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+    $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
+  fi
+  $as_echo "$as_me: error: $2" >&2
+  as_fn_exit $as_status
+} # as_fn_error
+
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+  as_basename=basename
+else
+  as_basename=false
+fi
+
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+  as_dirname=dirname
+else
+  as_dirname=false
+fi
+
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+	 X"$0" : 'X\(//\)$' \| \
+	 X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X/"$0" |
+    sed '/^.*\/\([^/][^/]*\)\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+
+  as_lineno_1=$LINENO as_lineno_1a=$LINENO
+  as_lineno_2=$LINENO as_lineno_2a=$LINENO
+  eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" &&
+  test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || {
+  # Blame Lee E. McMahon (1931-1989) for sed's syntax.  :-)
+  sed -n '
+    p
+    /[$]LINENO/=
+  ' <$as_myself |
+    sed '
+      s/[$]LINENO.*/&-/
+      t lineno
+      b
+      :lineno
+      N
+      :loop
+      s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
+      t loop
+      s/-\n.*//
+    ' >$as_me.lineno &&
+  chmod +x "$as_me.lineno" ||
+    { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; }
+
+  # If we had to re-execute with $CONFIG_SHELL, we're ensured to have
+  # already done that, so ensure we don't try to do so again and fall
+  # in an infinite loop.  This has already happened in practice.
+  _as_can_reexec=no; export _as_can_reexec
+  # Don't try to exec as it changes $[0], causing all sort of problems
+  # (the dirname of $[0] is not the place where we might find the
+  # original and so on.  Autoconf is especially sensitive to this).
+  . "./$as_me.lineno"
+  # Exit status is that of the last command.
+  exit
+}
+
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in #(((((
+-n*)
+  case `echo 'xy\c'` in
+  *c*) ECHO_T='	';;	# ECHO_T is single tab character.
+  xy)  ECHO_C='\c';;
+  *)   echo `echo ksh88 bug on AIX 6.1` > /dev/null
+       ECHO_T='	';;
+  esac;;
+*)
+  ECHO_N='-n';;
+esac
+
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+  rm -f conf$$.dir/conf$$.file
+else
+  rm -f conf$$.dir
+  mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+  if ln -s conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s='ln -s'
+    # ... but there are two gotchas:
+    # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+    # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+    # In both cases, we have to default to `cp -pR'.
+    ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+      as_ln_s='cp -pR'
+  elif ln conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s=ln
+  else
+    as_ln_s='cp -pR'
+  fi
+else
+  as_ln_s='cp -pR'
+fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+if mkdir -p . 2>/dev/null; then
+  as_mkdir_p='mkdir -p "$as_dir"'
+else
+  test -d ./-p && rmdir ./-p
+  as_mkdir_p=false
+fi
+
+as_test_x='test -x'
+as_executable_p=as_fn_executable_p
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+test -n "$DJDIR" || exec 7<&0 </dev/null
+exec 6>&1
+
+# Name of the host.
+# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status,
+# so uname gets run too.
+ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
+
+#
+# Initializations.
+#
+ac_default_prefix=/usr/local
+ac_clean_files=
+ac_config_libobj_dir=.
+LIBOBJS=
+cross_compiling=no
+subdirs=
+MFLAGS=
+MAKEFLAGS=
+
+# Identity of this package.
+PACKAGE_NAME='libsrtp2'
+PACKAGE_TARNAME='libsrtp2'
+PACKAGE_VERSION='2.3.0'
+PACKAGE_STRING='libsrtp2 2.3.0'
+PACKAGE_BUGREPORT='https://github.com/cisco/libsrtp/issues'
+PACKAGE_URL=''
+
+# Factoring default headers for most tests.
+ac_includes_default="\
+#include <stdio.h>
+#ifdef HAVE_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+# include <sys/stat.h>
+#endif
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif
+#ifdef HAVE_STRING_H
+# if !defined STDC_HEADERS && defined HAVE_MEMORY_H
+#  include <memory.h>
+# endif
+# include <string.h>
+#endif
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif
+#ifdef HAVE_INTTYPES_H
+# include <inttypes.h>
+#endif
+#ifdef HAVE_STDINT_H
+# include <stdint.h>
+#endif
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif"
+
+ac_subst_vars='LTLIBOBJS
+LIBOBJS
+PCAP_LIB
+HAVE_PCAP
+HMAC_OBJS
+AES_ICM_OBJS
+nss_LIBS
+nss_CFLAGS
+CRYPTO_LIBDIR
+USE_EXTERNAL_CRYPTO
+crypto_LIBS
+crypto_CFLAGS
+PKG_CONFIG_LIBDIR
+PKG_CONFIG_PATH
+PKG_CONFIG
+EXE
+host_os
+host_vendor
+host_cpu
+host
+build_os
+build_vendor
+build_cpu
+build
+EGREP
+GREP
+SED
+INSTALL_DATA
+INSTALL_SCRIPT
+INSTALL_PROGRAM
+RANLIB
+ac_ct_AR
+AR
+EXTRA_CFLAGS
+ac_ct_CXX
+CXXFLAGS
+CXX
+CPP
+OBJEXT
+EXEEXT
+ac_ct_CC
+CPPFLAGS
+LDFLAGS
+CFLAGS
+CC
+target_alias
+host_alias
+build_alias
+LIBS
+ECHO_T
+ECHO_N
+ECHO_C
+DEFS
+mandir
+localedir
+libdir
+psdir
+pdfdir
+dvidir
+htmldir
+infodir
+docdir
+oldincludedir
+includedir
+runstatedir
+localstatedir
+sharedstatedir
+sysconfdir
+datadir
+datarootdir
+libexecdir
+sbindir
+bindir
+program_transform_name
+prefix
+exec_prefix
+PACKAGE_URL
+PACKAGE_BUGREPORT
+PACKAGE_STRING
+PACKAGE_VERSION
+PACKAGE_TARNAME
+PACKAGE_NAME
+PATH_SEPARATOR
+SHELL'
+ac_subst_files=''
+ac_user_opts='
+enable_option_checking
+enable_debug_logging
+enable_openssl
+enable_nss
+with_openssl_dir
+enable_openssl_kdf
+with_nss_dir
+enable_pcap
+enable_log_stdout
+with_log_file
+'
+      ac_precious_vars='build_alias
+host_alias
+target_alias
+CC
+CFLAGS
+LDFLAGS
+LIBS
+CPPFLAGS
+CPP
+CXX
+CXXFLAGS
+CCC
+EXTRA_CFLAGS
+PKG_CONFIG
+PKG_CONFIG_PATH
+PKG_CONFIG_LIBDIR
+crypto_CFLAGS
+crypto_LIBS
+nss_CFLAGS
+nss_LIBS'
+
+
+# Initialize some variables set by options.
+ac_init_help=
+ac_init_version=false
+ac_unrecognized_opts=
+ac_unrecognized_sep=
+# The variables have the same names as the options, with
+# dashes changed to underlines.
+cache_file=/dev/null
+exec_prefix=NONE
+no_create=
+no_recursion=
+prefix=NONE
+program_prefix=NONE
+program_suffix=NONE
+program_transform_name=s,x,x,
+silent=
+site=
+srcdir=
+verbose=
+x_includes=NONE
+x_libraries=NONE
+
+# Installation directory options.
+# These are left unexpanded so users can "make install exec_prefix=/foo"
+# and all the variables that are supposed to be based on exec_prefix
+# by default will actually change.
+# Use braces instead of parens because sh, perl, etc. also accept them.
+# (The list follows the same order as the GNU Coding Standards.)
+bindir='${exec_prefix}/bin'
+sbindir='${exec_prefix}/sbin'
+libexecdir='${exec_prefix}/libexec'
+datarootdir='${prefix}/share'
+datadir='${datarootdir}'
+sysconfdir='${prefix}/etc'
+sharedstatedir='${prefix}/com'
+localstatedir='${prefix}/var'
+runstatedir='${localstatedir}/run'
+includedir='${prefix}/include'
+oldincludedir='/usr/include'
+docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
+infodir='${datarootdir}/info'
+htmldir='${docdir}'
+dvidir='${docdir}'
+pdfdir='${docdir}'
+psdir='${docdir}'
+libdir='${exec_prefix}/lib'
+localedir='${datarootdir}/locale'
+mandir='${datarootdir}/man'
+
+ac_prev=
+ac_dashdash=
+for ac_option
+do
+  # If the previous option needs an argument, assign it.
+  if test -n "$ac_prev"; then
+    eval $ac_prev=\$ac_option
+    ac_prev=
+    continue
+  fi
+
+  case $ac_option in
+  *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;;
+  *=)   ac_optarg= ;;
+  *)    ac_optarg=yes ;;
+  esac
+
+  # Accept the important Cygnus configure options, so we can diagnose typos.
+
+  case $ac_dashdash$ac_option in
+  --)
+    ac_dashdash=yes ;;
+
+  -bindir | --bindir | --bindi | --bind | --bin | --bi)
+    ac_prev=bindir ;;
+  -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
+    bindir=$ac_optarg ;;
+
+  -build | --build | --buil | --bui | --bu)
+    ac_prev=build_alias ;;
+  -build=* | --build=* | --buil=* | --bui=* | --bu=*)
+    build_alias=$ac_optarg ;;
+
+  -cache-file | --cache-file | --cache-fil | --cache-fi \
+  | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
+    ac_prev=cache_file ;;
+  -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
+  | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
+    cache_file=$ac_optarg ;;
+
+  --config-cache | -C)
+    cache_file=config.cache ;;
+
+  -datadir | --datadir | --datadi | --datad)
+    ac_prev=datadir ;;
+  -datadir=* | --datadir=* | --datadi=* | --datad=*)
+    datadir=$ac_optarg ;;
+
+  -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \
+  | --dataroo | --dataro | --datar)
+    ac_prev=datarootdir ;;
+  -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \
+  | --dataroot=* | --dataroo=* | --dataro=* | --datar=*)
+    datarootdir=$ac_optarg ;;
+
+  -disable-* | --disable-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      as_fn_error $? "invalid feature name: $ac_useropt"
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"enable_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval enable_$ac_useropt=no ;;
+
+  -docdir | --docdir | --docdi | --doc | --do)
+    ac_prev=docdir ;;
+  -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*)
+    docdir=$ac_optarg ;;
+
+  -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv)
+    ac_prev=dvidir ;;
+  -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*)
+    dvidir=$ac_optarg ;;
+
+  -enable-* | --enable-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      as_fn_error $? "invalid feature name: $ac_useropt"
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"enable_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval enable_$ac_useropt=\$ac_optarg ;;
+
+  -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
+  | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
+  | --exec | --exe | --ex)
+    ac_prev=exec_prefix ;;
+  -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
+  | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
+  | --exec=* | --exe=* | --ex=*)
+    exec_prefix=$ac_optarg ;;
+
+  -gas | --gas | --ga | --g)
+    # Obsolete; use --with-gas.
+    with_gas=yes ;;
+
+  -help | --help | --hel | --he | -h)
+    ac_init_help=long ;;
+  -help=r* | --help=r* | --hel=r* | --he=r* | -hr*)
+    ac_init_help=recursive ;;
+  -help=s* | --help=s* | --hel=s* | --he=s* | -hs*)
+    ac_init_help=short ;;
+
+  -host | --host | --hos | --ho)
+    ac_prev=host_alias ;;
+  -host=* | --host=* | --hos=* | --ho=*)
+    host_alias=$ac_optarg ;;
+
+  -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht)
+    ac_prev=htmldir ;;
+  -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \
+  | --ht=*)
+    htmldir=$ac_optarg ;;
+
+  -includedir | --includedir | --includedi | --included | --include \
+  | --includ | --inclu | --incl | --inc)
+    ac_prev=includedir ;;
+  -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
+  | --includ=* | --inclu=* | --incl=* | --inc=*)
+    includedir=$ac_optarg ;;
+
+  -infodir | --infodir | --infodi | --infod | --info | --inf)
+    ac_prev=infodir ;;
+  -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
+    infodir=$ac_optarg ;;
+
+  -libdir | --libdir | --libdi | --libd)
+    ac_prev=libdir ;;
+  -libdir=* | --libdir=* | --libdi=* | --libd=*)
+    libdir=$ac_optarg ;;
+
+  -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
+  | --libexe | --libex | --libe)
+    ac_prev=libexecdir ;;
+  -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
+  | --libexe=* | --libex=* | --libe=*)
+    libexecdir=$ac_optarg ;;
+
+  -localedir | --localedir | --localedi | --localed | --locale)
+    ac_prev=localedir ;;
+  -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*)
+    localedir=$ac_optarg ;;
+
+  -localstatedir | --localstatedir | --localstatedi | --localstated \
+  | --localstate | --localstat | --localsta | --localst | --locals)
+    ac_prev=localstatedir ;;
+  -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
+  | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*)
+    localstatedir=$ac_optarg ;;
+
+  -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
+    ac_prev=mandir ;;
+  -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
+    mandir=$ac_optarg ;;
+
+  -nfp | --nfp | --nf)
+    # Obsolete; use --without-fp.
+    with_fp=no ;;
+
+  -no-create | --no-create | --no-creat | --no-crea | --no-cre \
+  | --no-cr | --no-c | -n)
+    no_create=yes ;;
+
+  -no-recursion | --no-recursion | --no-recursio | --no-recursi \
+  | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
+    no_recursion=yes ;;
+
+  -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \
+  | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \
+  | --oldin | --oldi | --old | --ol | --o)
+    ac_prev=oldincludedir ;;
+  -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
+  | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
+  | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
+    oldincludedir=$ac_optarg ;;
+
+  -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
+    ac_prev=prefix ;;
+  -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
+    prefix=$ac_optarg ;;
+
+  -program-prefix | --program-prefix | --program-prefi | --program-pref \
+  | --program-pre | --program-pr | --program-p)
+    ac_prev=program_prefix ;;
+  -program-prefix=* | --program-prefix=* | --program-prefi=* \
+  | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
+    program_prefix=$ac_optarg ;;
+
+  -program-suffix | --program-suffix | --program-suffi | --program-suff \
+  | --program-suf | --program-su | --program-s)
+    ac_prev=program_suffix ;;
+  -program-suffix=* | --program-suffix=* | --program-suffi=* \
+  | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
+    program_suffix=$ac_optarg ;;
+
+  -program-transform-name | --program-transform-name \
+  | --program-transform-nam | --program-transform-na \
+  | --program-transform-n | --program-transform- \
+  | --program-transform | --program-transfor \
+  | --program-transfo | --program-transf \
+  | --program-trans | --program-tran \
+  | --progr-tra | --program-tr | --program-t)
+    ac_prev=program_transform_name ;;
+  -program-transform-name=* | --program-transform-name=* \
+  | --program-transform-nam=* | --program-transform-na=* \
+  | --program-transform-n=* | --program-transform-=* \
+  | --program-transform=* | --program-transfor=* \
+  | --program-transfo=* | --program-transf=* \
+  | --program-trans=* | --program-tran=* \
+  | --progr-tra=* | --program-tr=* | --program-t=*)
+    program_transform_name=$ac_optarg ;;
+
+  -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd)
+    ac_prev=pdfdir ;;
+  -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*)
+    pdfdir=$ac_optarg ;;
+
+  -psdir | --psdir | --psdi | --psd | --ps)
+    ac_prev=psdir ;;
+  -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*)
+    psdir=$ac_optarg ;;
+
+  -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+  | -silent | --silent | --silen | --sile | --sil)
+    silent=yes ;;
+
+  -runstatedir | --runstatedir | --runstatedi | --runstated \
+  | --runstate | --runstat | --runsta | --runst | --runs \
+  | --run | --ru | --r)
+    ac_prev=runstatedir ;;
+  -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
+  | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
+  | --run=* | --ru=* | --r=*)
+    runstatedir=$ac_optarg ;;
+
+  -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
+    ac_prev=sbindir ;;
+  -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
+  | --sbi=* | --sb=*)
+    sbindir=$ac_optarg ;;
+
+  -sharedstatedir | --sharedstatedir | --sharedstatedi \
+  | --sharedstated | --sharedstate | --sharedstat | --sharedsta \
+  | --sharedst | --shareds | --shared | --share | --shar \
+  | --sha | --sh)
+    ac_prev=sharedstatedir ;;
+  -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \
+  | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
+  | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
+  | --sha=* | --sh=*)
+    sharedstatedir=$ac_optarg ;;
+
+  -site | --site | --sit)
+    ac_prev=site ;;
+  -site=* | --site=* | --sit=*)
+    site=$ac_optarg ;;
+
+  -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
+    ac_prev=srcdir ;;
+  -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
+    srcdir=$ac_optarg ;;
+
+  -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
+  | --syscon | --sysco | --sysc | --sys | --sy)
+    ac_prev=sysconfdir ;;
+  -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
+  | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
+    sysconfdir=$ac_optarg ;;
+
+  -target | --target | --targe | --targ | --tar | --ta | --t)
+    ac_prev=target_alias ;;
+  -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
+    target_alias=$ac_optarg ;;
+
+  -v | -verbose | --verbose | --verbos | --verbo | --verb)
+    verbose=yes ;;
+
+  -version | --version | --versio | --versi | --vers | -V)
+    ac_init_version=: ;;
+
+  -with-* | --with-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      as_fn_error $? "invalid package name: $ac_useropt"
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"with_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval with_$ac_useropt=\$ac_optarg ;;
+
+  -without-* | --without-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      as_fn_error $? "invalid package name: $ac_useropt"
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"with_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval with_$ac_useropt=no ;;
+
+  --x)
+    # Obsolete; use --with-x.
+    with_x=yes ;;
+
+  -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \
+  | --x-incl | --x-inc | --x-in | --x-i)
+    ac_prev=x_includes ;;
+  -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
+  | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
+    x_includes=$ac_optarg ;;
+
+  -x-libraries | --x-libraries | --x-librarie | --x-librari \
+  | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
+    ac_prev=x_libraries ;;
+  -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
+  | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
+    x_libraries=$ac_optarg ;;
+
+  -*) as_fn_error $? "unrecognized option: \`$ac_option'
+Try \`$0 --help' for more information"
+    ;;
+
+  *=*)
+    ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='`
+    # Reject names that are not valid shell variable names.
+    case $ac_envvar in #(
+      '' | [0-9]* | *[!_$as_cr_alnum]* )
+      as_fn_error $? "invalid variable name: \`$ac_envvar'" ;;
+    esac
+    eval $ac_envvar=\$ac_optarg
+    export $ac_envvar ;;
+
+  *)
+    # FIXME: should be removed in autoconf 3.0.
+    $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2
+    expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
+      $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2
+    : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}"
+    ;;
+
+  esac
+done
+
+if test -n "$ac_prev"; then
+  ac_option=--`echo $ac_prev | sed 's/_/-/g'`
+  as_fn_error $? "missing argument to $ac_option"
+fi
+
+if test -n "$ac_unrecognized_opts"; then
+  case $enable_option_checking in
+    no) ;;
+    fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;;
+    *)     $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;;
+  esac
+fi
+
+# Check all directory arguments for consistency.
+for ac_var in	exec_prefix prefix bindir sbindir libexecdir datarootdir \
+		datadir sysconfdir sharedstatedir localstatedir includedir \
+		oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
+		libdir localedir mandir runstatedir
+do
+  eval ac_val=\$$ac_var
+  # Remove trailing slashes.
+  case $ac_val in
+    */ )
+      ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'`
+      eval $ac_var=\$ac_val;;
+  esac
+  # Be sure to have absolute directory names.
+  case $ac_val in
+    [\\/$]* | ?:[\\/]* )  continue;;
+    NONE | '' ) case $ac_var in *prefix ) continue;; esac;;
+  esac
+  as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val"
+done
+
+# There might be people who depend on the old broken behavior: `$host'
+# used to hold the argument of --host etc.
+# FIXME: To remove some day.
+build=$build_alias
+host=$host_alias
+target=$target_alias
+
+# FIXME: To remove some day.
+if test "x$host_alias" != x; then
+  if test "x$build_alias" = x; then
+    cross_compiling=maybe
+  elif test "x$build_alias" != "x$host_alias"; then
+    cross_compiling=yes
+  fi
+fi
+
+ac_tool_prefix=
+test -n "$host_alias" && ac_tool_prefix=$host_alias-
+
+test "$silent" = yes && exec 6>/dev/null
+
+
+ac_pwd=`pwd` && test -n "$ac_pwd" &&
+ac_ls_di=`ls -di .` &&
+ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` ||
+  as_fn_error $? "working directory cannot be determined"
+test "X$ac_ls_di" = "X$ac_pwd_ls_di" ||
+  as_fn_error $? "pwd does not report name of working directory"
+
+
+# Find the source files, if location was not specified.
+if test -z "$srcdir"; then
+  ac_srcdir_defaulted=yes
+  # Try the directory containing this script, then the parent directory.
+  ac_confdir=`$as_dirname -- "$as_myself" ||
+$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_myself" : 'X\(//\)[^/]' \| \
+	 X"$as_myself" : 'X\(//\)$' \| \
+	 X"$as_myself" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_myself" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+  srcdir=$ac_confdir
+  if test ! -r "$srcdir/$ac_unique_file"; then
+    srcdir=..
+  fi
+else
+  ac_srcdir_defaulted=no
+fi
+if test ! -r "$srcdir/$ac_unique_file"; then
+  test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .."
+  as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir"
+fi
+ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work"
+ac_abs_confdir=`(
+	cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg"
+	pwd)`
+# When building in place, set srcdir=.
+if test "$ac_abs_confdir" = "$ac_pwd"; then
+  srcdir=.
+fi
+# Remove unnecessary trailing slashes from srcdir.
+# Double slashes in file names in object file debugging info
+# mess up M-x gdb in Emacs.
+case $srcdir in
+*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;;
+esac
+for ac_var in $ac_precious_vars; do
+  eval ac_env_${ac_var}_set=\${${ac_var}+set}
+  eval ac_env_${ac_var}_value=\$${ac_var}
+  eval ac_cv_env_${ac_var}_set=\${${ac_var}+set}
+  eval ac_cv_env_${ac_var}_value=\$${ac_var}
+done
+
+#
+# Report the --help message.
+#
+if test "$ac_init_help" = "long"; then
+  # Omit some internal or obsolete options to make the list less imposing.
+  # This message is too long to be a string in the A/UX 3.1 sh.
+  cat <<_ACEOF
+\`configure' configures libsrtp2 2.3.0 to adapt to many kinds of systems.
+
+Usage: $0 [OPTION]... [VAR=VALUE]...
+
+To assign environment variables (e.g., CC, CFLAGS...), specify them as
+VAR=VALUE.  See below for descriptions of some of the useful variables.
+
+Defaults for the options are specified in brackets.
+
+Configuration:
+  -h, --help              display this help and exit
+      --help=short        display options specific to this package
+      --help=recursive    display the short help of all the included packages
+  -V, --version           display version information and exit
+  -q, --quiet, --silent   do not print \`checking ...' messages
+      --cache-file=FILE   cache test results in FILE [disabled]
+  -C, --config-cache      alias for \`--cache-file=config.cache'
+  -n, --no-create         do not create output files
+      --srcdir=DIR        find the sources in DIR [configure dir or \`..']
+
+Installation directories:
+  --prefix=PREFIX         install architecture-independent files in PREFIX
+                          [$ac_default_prefix]
+  --exec-prefix=EPREFIX   install architecture-dependent files in EPREFIX
+                          [PREFIX]
+
+By default, \`make install' will install all the files in
+\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc.  You can specify
+an installation prefix other than \`$ac_default_prefix' using \`--prefix',
+for instance \`--prefix=\$HOME'.
+
+For better control, use the options below.
+
+Fine tuning of the installation directories:
+  --bindir=DIR            user executables [EPREFIX/bin]
+  --sbindir=DIR           system admin executables [EPREFIX/sbin]
+  --libexecdir=DIR        program executables [EPREFIX/libexec]
+  --sysconfdir=DIR        read-only single-machine data [PREFIX/etc]
+  --sharedstatedir=DIR    modifiable architecture-independent data [PREFIX/com]
+  --localstatedir=DIR     modifiable single-machine data [PREFIX/var]
+  --runstatedir=DIR       modifiable per-process data [LOCALSTATEDIR/run]
+  --libdir=DIR            object code libraries [EPREFIX/lib]
+  --includedir=DIR        C header files [PREFIX/include]
+  --oldincludedir=DIR     C header files for non-gcc [/usr/include]
+  --datarootdir=DIR       read-only arch.-independent data root [PREFIX/share]
+  --datadir=DIR           read-only architecture-independent data [DATAROOTDIR]
+  --infodir=DIR           info documentation [DATAROOTDIR/info]
+  --localedir=DIR         locale-dependent data [DATAROOTDIR/locale]
+  --mandir=DIR            man documentation [DATAROOTDIR/man]
+  --docdir=DIR            documentation root [DATAROOTDIR/doc/libsrtp2]
+  --htmldir=DIR           html documentation [DOCDIR]
+  --dvidir=DIR            dvi documentation [DOCDIR]
+  --pdfdir=DIR            pdf documentation [DOCDIR]
+  --psdir=DIR             ps documentation [DOCDIR]
+_ACEOF
+
+  cat <<\_ACEOF
+
+System types:
+  --build=BUILD     configure for building on BUILD [guessed]
+  --host=HOST       cross-compile to build programs to run on HOST [BUILD]
+_ACEOF
+fi
+
+if test -n "$ac_init_help"; then
+  case $ac_init_help in
+     short | recursive ) echo "Configuration of libsrtp2 2.3.0:";;
+   esac
+  cat <<\_ACEOF
+
+Optional Features:
+  --disable-option-checking  ignore unrecognized --enable/--with options
+  --disable-FEATURE       do not include FEATURE (same as --enable-FEATURE=no)
+  --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]
+  --enable-debug-logging  Enable debug logging in all modules
+  --enable-openssl        compile in OpenSSL crypto engine
+  --enable-nss            compile in NSS crypto engine
+  --enable-openssl-kdf    Use OpenSSL KDF algorithm
+  --disable-pcap          Build without `pcap' library (-lpcap)
+  --enable-log-stdout     redirecting logging to stdout
+
+Optional Packages:
+  --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
+  --without-PACKAGE       do not use PACKAGE (same as --with-PACKAGE=no)
+  --with-openssl-dir      Location of OpenSSL installation
+  --with-nss-dir          Location of NSS installation
+  --with-log-file         Use file for logging
+
+Some influential environment variables:
+  CC          C compiler command
+  CFLAGS      C compiler flags
+  LDFLAGS     linker flags, e.g. -L<lib dir> if you have libraries in a
+              nonstandard directory <lib dir>
+  LIBS        libraries to pass to the linker, e.g. -l<library>
+  CPPFLAGS    (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if
+              you have headers in a nonstandard directory <include dir>
+  CPP         C preprocessor
+  CXX         C++ compiler command
+  CXXFLAGS    C++ compiler flags
+  EXTRA_CFLAGS
+              C compiler flags appended to the regular C compiler flags
+              instead of overriding them
+  PKG_CONFIG  path to pkg-config utility
+  PKG_CONFIG_PATH
+              directories to add to pkg-config's search path
+  PKG_CONFIG_LIBDIR
+              path overriding pkg-config's built-in search path
+  crypto_CFLAGS
+              C compiler flags for crypto, overriding pkg-config
+  crypto_LIBS linker flags for crypto, overriding pkg-config
+  nss_CFLAGS  C compiler flags for nss, overriding pkg-config
+  nss_LIBS    linker flags for nss, overriding pkg-config
+
+Use these variables to override the choices made by `configure' or to help
+it to find libraries and programs with nonstandard names/locations.
+
+Report bugs to <https://github.com/cisco/libsrtp/issues>.
+_ACEOF
+ac_status=$?
+fi
+
+if test "$ac_init_help" = "recursive"; then
+  # If there are subdirs, report their specific --help.
+  for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
+    test -d "$ac_dir" ||
+      { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } ||
+      continue
+    ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+  ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+  # A ".." for each directory in $ac_dir_suffix.
+  ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+  case $ac_top_builddir_sub in
+  "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+  *)  ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+  esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+  .)  # We are building in place.
+    ac_srcdir=.
+    ac_top_srcdir=$ac_top_builddir_sub
+    ac_abs_top_srcdir=$ac_pwd ;;
+  [\\/]* | ?:[\\/]* )  # Absolute name.
+    ac_srcdir=$srcdir$ac_dir_suffix;
+    ac_top_srcdir=$srcdir
+    ac_abs_top_srcdir=$srcdir ;;
+  *) # Relative name.
+    ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+    ac_top_srcdir=$ac_top_build_prefix$srcdir
+    ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+    cd "$ac_dir" || { ac_status=$?; continue; }
+    # Check for guested configure.
+    if test -f "$ac_srcdir/configure.gnu"; then
+      echo &&
+      $SHELL "$ac_srcdir/configure.gnu" --help=recursive
+    elif test -f "$ac_srcdir/configure"; then
+      echo &&
+      $SHELL "$ac_srcdir/configure" --help=recursive
+    else
+      $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
+    fi || ac_status=$?
+    cd "$ac_pwd" || { ac_status=$?; break; }
+  done
+fi
+
+test -n "$ac_init_help" && exit $ac_status
+if $ac_init_version; then
+  cat <<\_ACEOF
+libsrtp2 configure 2.3.0
+generated by GNU Autoconf 2.69
+
+Copyright (C) 2012 Free Software Foundation, Inc.
+This configure script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it.
+_ACEOF
+  exit
+fi
+
+## ------------------------ ##
+## Autoconf initialization. ##
+## ------------------------ ##
+
+# ac_fn_c_try_compile LINENO
+# --------------------------
+# Try to compile conftest.$ac_ext, and return whether this succeeded.
+ac_fn_c_try_compile ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  rm -f conftest.$ac_objext
+  if { { ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_compile") 2>conftest.err
+  ac_status=$?
+  if test -s conftest.err; then
+    grep -v '^ *+' conftest.err >conftest.er1
+    cat conftest.er1 >&5
+    mv -f conftest.er1 conftest.err
+  fi
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then :
+  ac_retval=0
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_retval=1
+fi
+  eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+  as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_compile
+
+# ac_fn_c_try_cpp LINENO
+# ----------------------
+# Try to preprocess conftest.$ac_ext, and return whether this succeeded.
+ac_fn_c_try_cpp ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  if { { ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err
+  ac_status=$?
+  if test -s conftest.err; then
+    grep -v '^ *+' conftest.err >conftest.er1
+    cat conftest.er1 >&5
+    mv -f conftest.er1 conftest.err
+  fi
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; } > conftest.i && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then :
+  ac_retval=0
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+    ac_retval=1
+fi
+  eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+  as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_cpp
+
+# ac_fn_cxx_try_compile LINENO
+# ----------------------------
+# Try to compile conftest.$ac_ext, and return whether this succeeded.
+ac_fn_cxx_try_compile ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  rm -f conftest.$ac_objext
+  if { { ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_compile") 2>conftest.err
+  ac_status=$?
+  if test -s conftest.err; then
+    grep -v '^ *+' conftest.err >conftest.er1
+    cat conftest.er1 >&5
+    mv -f conftest.er1 conftest.err
+  fi
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; } && {
+	 test -z "$ac_cxx_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then :
+  ac_retval=0
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_retval=1
+fi
+  eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+  as_fn_set_status $ac_retval
+
+} # ac_fn_cxx_try_compile
+
+# ac_fn_c_try_run LINENO
+# ----------------------
+# Try to link conftest.$ac_ext, and return whether this succeeded. Assumes
+# that executables *can* be run.
+ac_fn_c_try_run ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  if { { ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_link") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; } && { ac_try='./conftest$ac_exeext'
+  { { case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_try") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; }; then :
+  ac_retval=0
+else
+  $as_echo "$as_me: program exited with status $ac_status" >&5
+       $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+       ac_retval=$ac_status
+fi
+  rm -rf conftest.dSYM conftest_ipa8_conftest.oo
+  eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+  as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_run
+
+# ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES
+# -------------------------------------------------------
+# Tests whether HEADER exists and can be compiled using the include files in
+# INCLUDES, setting the cache variable VAR accordingly.
+ac_fn_c_check_header_compile ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if eval \${$3+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$4
+#include <$2>
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  eval "$3=yes"
+else
+  eval "$3=no"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+eval ac_res=\$$3
+	       { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+  eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+
+} # ac_fn_c_check_header_compile
+
+# ac_fn_c_check_type LINENO TYPE VAR INCLUDES
+# -------------------------------------------
+# Tests whether TYPE exists after having included INCLUDES, setting cache
+# variable VAR accordingly.
+ac_fn_c_check_type ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if eval \${$3+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  eval "$3=no"
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$4
+int
+main ()
+{
+if (sizeof ($2))
+	 return 0;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$4
+int
+main ()
+{
+if (sizeof (($2)))
+	    return 0;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+else
+  eval "$3=yes"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+eval ac_res=\$$3
+	       { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+  eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+
+} # ac_fn_c_check_type
+
+# ac_fn_c_compute_int LINENO EXPR VAR INCLUDES
+# --------------------------------------------
+# Tries to find the compile-time value of EXPR in a program that includes
+# INCLUDES, setting VAR accordingly. Returns whether the value could be
+# computed
+ac_fn_c_compute_int ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  if test "$cross_compiling" = yes; then
+    # Depending upon the size, compute the lo and hi bounds.
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) >= 0)];
+test_array [0] = 0;
+return test_array [0];
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_lo=0 ac_mid=0
+  while :; do
+    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) <= $ac_mid)];
+test_array [0] = 0;
+return test_array [0];
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_hi=$ac_mid; break
+else
+  as_fn_arith $ac_mid + 1 && ac_lo=$as_val
+			if test $ac_lo -le $ac_mid; then
+			  ac_lo= ac_hi=
+			  break
+			fi
+			as_fn_arith 2 '*' $ac_mid + 1 && ac_mid=$as_val
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+  done
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) < 0)];
+test_array [0] = 0;
+return test_array [0];
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_hi=-1 ac_mid=-1
+  while :; do
+    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) >= $ac_mid)];
+test_array [0] = 0;
+return test_array [0];
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_lo=$ac_mid; break
+else
+  as_fn_arith '(' $ac_mid ')' - 1 && ac_hi=$as_val
+			if test $ac_mid -le $ac_hi; then
+			  ac_lo= ac_hi=
+			  break
+			fi
+			as_fn_arith 2 '*' $ac_mid && ac_mid=$as_val
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+  done
+else
+  ac_lo= ac_hi=
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+# Binary search between lo and hi bounds.
+while test "x$ac_lo" != "x$ac_hi"; do
+  as_fn_arith '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo && ac_mid=$as_val
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) <= $ac_mid)];
+test_array [0] = 0;
+return test_array [0];
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_hi=$ac_mid
+else
+  as_fn_arith '(' $ac_mid ')' + 1 && ac_lo=$as_val
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+done
+case $ac_lo in #((
+?*) eval "$3=\$ac_lo"; ac_retval=0 ;;
+'') ac_retval=1 ;;
+esac
+  else
+    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$4
+static long int longval () { return $2; }
+static unsigned long int ulongval () { return $2; }
+#include <stdio.h>
+#include <stdlib.h>
+int
+main ()
+{
+
+  FILE *f = fopen ("conftest.val", "w");
+  if (! f)
+    return 1;
+  if (($2) < 0)
+    {
+      long int i = longval ();
+      if (i != ($2))
+	return 1;
+      fprintf (f, "%ld", i);
+    }
+  else
+    {
+      unsigned long int i = ulongval ();
+      if (i != ($2))
+	return 1;
+      fprintf (f, "%lu", i);
+    }
+  /* Do not output a trailing newline, as this causes \r\n confusion
+     on some platforms.  */
+  return ferror (f) || fclose (f) != 0;
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+  echo >>conftest.val; read $3 <conftest.val; ac_retval=0
+else
+  ac_retval=1
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+rm -f conftest.val
+
+  fi
+  eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+  as_fn_set_status $ac_retval
+
+} # ac_fn_c_compute_int
+
+# ac_fn_c_try_link LINENO
+# -----------------------
+# Try to link conftest.$ac_ext, and return whether this succeeded.
+ac_fn_c_try_link ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  rm -f conftest.$ac_objext conftest$ac_exeext
+  if { { ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_link") 2>conftest.err
+  ac_status=$?
+  if test -s conftest.err; then
+    grep -v '^ *+' conftest.err >conftest.er1
+    cat conftest.er1 >&5
+    mv -f conftest.er1 conftest.err
+  fi
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext && {
+	 test "$cross_compiling" = yes ||
+	 test -x conftest$ac_exeext
+       }; then :
+  ac_retval=0
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_retval=1
+fi
+  # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information
+  # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would
+  # interfere with the next link command; also delete a directory that is
+  # left behind by Apple's compiler.  We do this before executing the actions.
+  rm -rf conftest.dSYM conftest_ipa8_conftest.oo
+  eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+  as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_link
+
+# ac_fn_c_check_func LINENO FUNC VAR
+# ----------------------------------
+# Tests whether FUNC exists, setting the cache variable VAR accordingly
+ac_fn_c_check_func ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if eval \${$3+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+/* Define $2 to an innocuous variant, in case <limits.h> declares $2.
+   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
+#define $2 innocuous_$2
+
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $2 (); below.
+    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+    <limits.h> exists even on freestanding compilers.  */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $2
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $2 ();
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined __stub_$2 || defined __stub___$2
+choke me
+#endif
+
+int
+main ()
+{
+return $2 ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  eval "$3=yes"
+else
+  eval "$3=no"
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+fi
+eval ac_res=\$$3
+	       { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+  eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+
+} # ac_fn_c_check_func
+cat >config.log <<_ACEOF
+This file contains any messages produced by compilers while
+running configure, to aid debugging if configure makes a mistake.
+
+It was created by libsrtp2 $as_me 2.3.0, which was
+generated by GNU Autoconf 2.69.  Invocation command line was
+
+  $ $0 $@
+
+_ACEOF
+exec 5>>config.log
+{
+cat <<_ASUNAME
+## --------- ##
+## Platform. ##
+## --------- ##
+
+hostname = `(hostname || uname -n) 2>/dev/null | sed 1q`
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown`
+/bin/uname -X     = `(/bin/uname -X) 2>/dev/null     || echo unknown`
+
+/bin/arch              = `(/bin/arch) 2>/dev/null              || echo unknown`
+/usr/bin/arch -k       = `(/usr/bin/arch -k) 2>/dev/null       || echo unknown`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
+/usr/bin/hostinfo      = `(/usr/bin/hostinfo) 2>/dev/null      || echo unknown`
+/bin/machine           = `(/bin/machine) 2>/dev/null           || echo unknown`
+/usr/bin/oslevel       = `(/usr/bin/oslevel) 2>/dev/null       || echo unknown`
+/bin/universe          = `(/bin/universe) 2>/dev/null          || echo unknown`
+
+_ASUNAME
+
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    $as_echo "PATH: $as_dir"
+  done
+IFS=$as_save_IFS
+
+} >&5
+
+cat >&5 <<_ACEOF
+
+
+## ----------- ##
+## Core tests. ##
+## ----------- ##
+
+_ACEOF
+
+
+# Keep a trace of the command line.
+# Strip out --no-create and --no-recursion so they do not pile up.
+# Strip out --silent because we don't want to record it for future runs.
+# Also quote any args containing shell meta-characters.
+# Make two passes to allow for proper duplicate-argument suppression.
+ac_configure_args=
+ac_configure_args0=
+ac_configure_args1=
+ac_must_keep_next=false
+for ac_pass in 1 2
+do
+  for ac_arg
+  do
+    case $ac_arg in
+    -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;;
+    -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+    | -silent | --silent | --silen | --sile | --sil)
+      continue ;;
+    *\'*)
+      ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    esac
+    case $ac_pass in
+    1) as_fn_append ac_configure_args0 " '$ac_arg'" ;;
+    2)
+      as_fn_append ac_configure_args1 " '$ac_arg'"
+      if test $ac_must_keep_next = true; then
+	ac_must_keep_next=false # Got value, back to normal.
+      else
+	case $ac_arg in
+	  *=* | --config-cache | -C | -disable-* | --disable-* \
+	  | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \
+	  | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \
+	  | -with-* | --with-* | -without-* | --without-* | --x)
+	    case "$ac_configure_args0 " in
+	      "$ac_configure_args1"*" '$ac_arg' "* ) continue ;;
+	    esac
+	    ;;
+	  -* ) ac_must_keep_next=true ;;
+	esac
+      fi
+      as_fn_append ac_configure_args " '$ac_arg'"
+      ;;
+    esac
+  done
+done
+{ ac_configure_args0=; unset ac_configure_args0;}
+{ ac_configure_args1=; unset ac_configure_args1;}
+
+# When interrupted or exit'd, cleanup temporary files, and complete
+# config.log.  We remove comments because anyway the quotes in there
+# would cause problems or look ugly.
+# WARNING: Use '\'' to represent an apostrophe within the trap.
+# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug.
+trap 'exit_status=$?
+  # Save into config.log some information that might help in debugging.
+  {
+    echo
+
+    $as_echo "## ---------------- ##
+## Cache variables. ##
+## ---------------- ##"
+    echo
+    # The following way of writing the cache mishandles newlines in values,
+(
+  for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do
+    eval ac_val=\$$ac_var
+    case $ac_val in #(
+    *${as_nl}*)
+      case $ac_var in #(
+      *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
+$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+      esac
+      case $ac_var in #(
+      _ | IFS | as_nl) ;; #(
+      BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
+      *) { eval $ac_var=; unset $ac_var;} ;;
+      esac ;;
+    esac
+  done
+  (set) 2>&1 |
+    case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #(
+    *${as_nl}ac_space=\ *)
+      sed -n \
+	"s/'\''/'\''\\\\'\'''\''/g;
+	  s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p"
+      ;; #(
+    *)
+      sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
+      ;;
+    esac |
+    sort
+)
+    echo
+
+    $as_echo "## ----------------- ##
+## Output variables. ##
+## ----------------- ##"
+    echo
+    for ac_var in $ac_subst_vars
+    do
+      eval ac_val=\$$ac_var
+      case $ac_val in
+      *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+      esac
+      $as_echo "$ac_var='\''$ac_val'\''"
+    done | sort
+    echo
+
+    if test -n "$ac_subst_files"; then
+      $as_echo "## ------------------- ##
+## File substitutions. ##
+## ------------------- ##"
+      echo
+      for ac_var in $ac_subst_files
+      do
+	eval ac_val=\$$ac_var
+	case $ac_val in
+	*\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+	esac
+	$as_echo "$ac_var='\''$ac_val'\''"
+      done | sort
+      echo
+    fi
+
+    if test -s confdefs.h; then
+      $as_echo "## ----------- ##
+## confdefs.h. ##
+## ----------- ##"
+      echo
+      cat confdefs.h
+      echo
+    fi
+    test "$ac_signal" != 0 &&
+      $as_echo "$as_me: caught signal $ac_signal"
+    $as_echo "$as_me: exit $exit_status"
+  } >&5
+  rm -f core *.core core.conftest.* &&
+    rm -f -r conftest* confdefs* conf$$* $ac_clean_files &&
+    exit $exit_status
+' 0
+for ac_signal in 1 2 13 15; do
+  trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal
+done
+ac_signal=0
+
+# confdefs.h avoids OS command line length limits that DEFS can exceed.
+rm -f -r conftest* confdefs.h
+
+$as_echo "/* confdefs.h */" > confdefs.h
+
+# Predefined preprocessor variables.
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_NAME "$PACKAGE_NAME"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_TARNAME "$PACKAGE_TARNAME"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_VERSION "$PACKAGE_VERSION"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_STRING "$PACKAGE_STRING"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_URL "$PACKAGE_URL"
+_ACEOF
+
+
+# Let the site file select an alternate cache file if it wants to.
+# Prefer an explicitly selected file to automatically selected ones.
+ac_site_file1=NONE
+ac_site_file2=NONE
+if test -n "$CONFIG_SITE"; then
+  # We do not want a PATH search for config.site.
+  case $CONFIG_SITE in #((
+    -*)  ac_site_file1=./$CONFIG_SITE;;
+    */*) ac_site_file1=$CONFIG_SITE;;
+    *)   ac_site_file1=./$CONFIG_SITE;;
+  esac
+elif test "x$prefix" != xNONE; then
+  ac_site_file1=$prefix/share/config.site
+  ac_site_file2=$prefix/etc/config.site
+else
+  ac_site_file1=$ac_default_prefix/share/config.site
+  ac_site_file2=$ac_default_prefix/etc/config.site
+fi
+for ac_site_file in "$ac_site_file1" "$ac_site_file2"
+do
+  test "x$ac_site_file" = xNONE && continue
+  if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5
+$as_echo "$as_me: loading site script $ac_site_file" >&6;}
+    sed 's/^/| /' "$ac_site_file" >&5
+    . "$ac_site_file" \
+      || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "failed to load site script $ac_site_file
+See \`config.log' for more details" "$LINENO" 5; }
+  fi
+done
+
+if test -r "$cache_file"; then
+  # Some versions of bash will fail to source /dev/null (special files
+  # actually), so we avoid doing that.  DJGPP emulates it as a regular file.
+  if test /dev/null != "$cache_file" && test -f "$cache_file"; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5
+$as_echo "$as_me: loading cache $cache_file" >&6;}
+    case $cache_file in
+      [\\/]* | ?:[\\/]* ) . "$cache_file";;
+      *)                      . "./$cache_file";;
+    esac
+  fi
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5
+$as_echo "$as_me: creating cache $cache_file" >&6;}
+  >$cache_file
+fi
+
+# Check that the precious variables saved in the cache have kept the same
+# value.
+ac_cache_corrupted=false
+for ac_var in $ac_precious_vars; do
+  eval ac_old_set=\$ac_cv_env_${ac_var}_set
+  eval ac_new_set=\$ac_env_${ac_var}_set
+  eval ac_old_val=\$ac_cv_env_${ac_var}_value
+  eval ac_new_val=\$ac_env_${ac_var}_value
+  case $ac_old_set,$ac_new_set in
+    set,)
+      { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
+$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
+      ac_cache_corrupted=: ;;
+    ,set)
+      { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5
+$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
+      ac_cache_corrupted=: ;;
+    ,);;
+    *)
+      if test "x$ac_old_val" != "x$ac_new_val"; then
+	# differences in whitespace do not lead to failure.
+	ac_old_val_w=`echo x $ac_old_val`
+	ac_new_val_w=`echo x $ac_new_val`
+	if test "$ac_old_val_w" != "$ac_new_val_w"; then
+	  { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5
+$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
+	  ac_cache_corrupted=:
+	else
+	  { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5
+$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;}
+	  eval $ac_var=\$ac_old_val
+	fi
+	{ $as_echo "$as_me:${as_lineno-$LINENO}:   former value:  \`$ac_old_val'" >&5
+$as_echo "$as_me:   former value:  \`$ac_old_val'" >&2;}
+	{ $as_echo "$as_me:${as_lineno-$LINENO}:   current value: \`$ac_new_val'" >&5
+$as_echo "$as_me:   current value: \`$ac_new_val'" >&2;}
+      fi;;
+  esac
+  # Pass precious variables to config.status.
+  if test "$ac_new_set" = set; then
+    case $ac_new_val in
+    *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
+    *) ac_arg=$ac_var=$ac_new_val ;;
+    esac
+    case " $ac_configure_args " in
+      *" '$ac_arg' "*) ;; # Avoid dups.  Use of quotes ensures accuracy.
+      *) as_fn_append ac_configure_args " '$ac_arg'" ;;
+    esac
+  fi
+done
+if $ac_cache_corrupted; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+  { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5
+$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;}
+  as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5
+fi
+## -------------------- ##
+## Main body of script. ##
+## -------------------- ##
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+
+EMPTY_CFLAGS="no"
+if test "x$CFLAGS" = "x"; then
+      EMPTY_CFLAGS="yes"
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}gcc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_CC+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_CC="${ac_tool_prefix}gcc"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_CC"; then
+  ac_ct_CC=$CC
+  # Extract the first word of "gcc", so it can be a program name with args.
+set dummy gcc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_CC+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_CC"; then
+  ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_ac_ct_CC="gcc"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
+$as_echo "$ac_ct_CC" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_ct_CC" = x; then
+    CC=""
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    CC=$ac_ct_CC
+  fi
+else
+  CC="$ac_cv_prog_CC"
+fi
+
+if test -z "$CC"; then
+          if test -n "$ac_tool_prefix"; then
+    # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}cc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_CC+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_CC="${ac_tool_prefix}cc"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  fi
+fi
+if test -z "$CC"; then
+  # Extract the first word of "cc", so it can be a program name with args.
+set dummy cc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_CC+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+  ac_prog_rejected=no
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
+       ac_prog_rejected=yes
+       continue
+     fi
+    ac_cv_prog_CC="cc"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+if test $ac_prog_rejected = yes; then
+  # We found a bogon in the path, so make sure we never use it.
+  set dummy $ac_cv_prog_CC
+  shift
+  if test $# != 0; then
+    # We chose a different compiler from the bogus one.
+    # However, it has the same basename, so the bogon will be chosen
+    # first if we set CC to just the basename; use the full file name.
+    shift
+    ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@"
+  fi
+fi
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$CC"; then
+  if test -n "$ac_tool_prefix"; then
+  for ac_prog in cl.exe
+  do
+    # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_CC+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+    test -n "$CC" && break
+  done
+fi
+if test -z "$CC"; then
+  ac_ct_CC=$CC
+  for ac_prog in cl.exe
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_CC+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_CC"; then
+  ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_ac_ct_CC="$ac_prog"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
+$as_echo "$ac_ct_CC" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  test -n "$ac_ct_CC" && break
+done
+
+  if test "x$ac_ct_CC" = x; then
+    CC=""
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    CC=$ac_ct_CC
+  fi
+fi
+
+fi
+
+
+test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "no acceptable C compiler found in \$PATH
+See \`config.log' for more details" "$LINENO" 5; }
+
+# Provide some information about the compiler.
+$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5
+set X $ac_compile
+ac_compiler=$2
+for ac_option in --version -v -V -qversion; do
+  { { ac_try="$ac_compiler $ac_option >&5"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_compiler $ac_option >&5") 2>conftest.err
+  ac_status=$?
+  if test -s conftest.err; then
+    sed '10a\
+... rest of stderr output deleted ...
+         10q' conftest.err >conftest.er1
+    cat conftest.er1 >&5
+  fi
+  rm -f conftest.er1 conftest.err
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }
+done
+
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out"
+# Try to create an executable without -o first, disregard a.out.
+# It will help us diagnose broken compilers, and finding out an intuition
+# of exeext.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5
+$as_echo_n "checking whether the C compiler works... " >&6; }
+ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
+
+# The possible output files:
+ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*"
+
+ac_rmfiles=
+for ac_file in $ac_files
+do
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
+    * ) ac_rmfiles="$ac_rmfiles $ac_file";;
+  esac
+done
+rm -f $ac_rmfiles
+
+if { { ac_try="$ac_link_default"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_link_default") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then :
+  # Autoconf-2.13 could set the ac_cv_exeext variable to `no'.
+# So ignore a value of `no', otherwise this would lead to `EXEEXT = no'
+# in a Makefile.  We should not override ac_cv_exeext if it was cached,
+# so that the user can short-circuit this test for compilers unknown to
+# Autoconf.
+for ac_file in $ac_files ''
+do
+  test -f "$ac_file" || continue
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj )
+	;;
+    [ab].out )
+	# We found the default executable, but exeext='' is most
+	# certainly right.
+	break;;
+    *.* )
+	if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no;
+	then :; else
+	   ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+	fi
+	# We set ac_cv_exeext here because the later test for it is not
+	# safe: cross compilers may not add the suffix if given an `-o'
+	# argument, so we may need to know it at that point already.
+	# Even if this section looks crufty: it has the advantage of
+	# actually working.
+	break;;
+    * )
+	break;;
+  esac
+done
+test "$ac_cv_exeext" = no && ac_cv_exeext=
+
+else
+  ac_file=''
+fi
+if test -z "$ac_file"; then :
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+$as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "C compiler cannot create executables
+See \`config.log' for more details" "$LINENO" 5; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5
+$as_echo_n "checking for C compiler default output file name... " >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5
+$as_echo "$ac_file" >&6; }
+ac_exeext=$ac_cv_exeext
+
+rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out
+ac_clean_files=$ac_clean_files_save
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5
+$as_echo_n "checking for suffix of executables... " >&6; }
+if { { ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_link") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then :
+  # If both `conftest.exe' and `conftest' are `present' (well, observable)
+# catch `conftest.exe'.  For instance with Cygwin, `ls conftest' will
+# work properly (i.e., refer to `conftest.exe'), while it won't with
+# `rm'.
+for ac_file in conftest.exe conftest conftest.*; do
+  test -f "$ac_file" || continue
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
+    *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+	  break;;
+    * ) break;;
+  esac
+done
+else
+  { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot compute suffix of executables: cannot compile and link
+See \`config.log' for more details" "$LINENO" 5; }
+fi
+rm -f conftest conftest$ac_cv_exeext
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5
+$as_echo "$ac_cv_exeext" >&6; }
+
+rm -f conftest.$ac_ext
+EXEEXT=$ac_cv_exeext
+ac_exeext=$EXEEXT
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <stdio.h>
+int
+main ()
+{
+FILE *f = fopen ("conftest.out", "w");
+ return ferror (f) || fclose (f) != 0;
+
+  ;
+  return 0;
+}
+_ACEOF
+ac_clean_files="$ac_clean_files conftest.out"
+# Check that the compiler produces executables we can run.  If not, either
+# the compiler is broken, or we cross compile.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5
+$as_echo_n "checking whether we are cross compiling... " >&6; }
+if test "$cross_compiling" != yes; then
+  { { ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_link") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }
+  if { ac_try='./conftest$ac_cv_exeext'
+  { { case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_try") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; }; then
+    cross_compiling=no
+  else
+    if test "$cross_compiling" = maybe; then
+	cross_compiling=yes
+    else
+	{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot run C compiled programs.
+If you meant to cross compile, use \`--host'.
+See \`config.log' for more details" "$LINENO" 5; }
+    fi
+  fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5
+$as_echo "$cross_compiling" >&6; }
+
+rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out
+ac_clean_files=$ac_clean_files_save
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5
+$as_echo_n "checking for suffix of object files... " >&6; }
+if ${ac_cv_objext+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.o conftest.obj
+if { { ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_compile") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then :
+  for ac_file in conftest.o conftest.obj conftest.*; do
+  test -f "$ac_file" || continue;
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;;
+    *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'`
+       break;;
+  esac
+done
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot compute suffix of object files: cannot compile
+See \`config.log' for more details" "$LINENO" 5; }
+fi
+rm -f conftest.$ac_cv_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5
+$as_echo "$ac_cv_objext" >&6; }
+OBJEXT=$ac_cv_objext
+ac_objext=$OBJEXT
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5
+$as_echo_n "checking whether we are using the GNU C compiler... " >&6; }
+if ${ac_cv_c_compiler_gnu+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+#ifndef __GNUC__
+       choke me
+#endif
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_compiler_gnu=yes
+else
+  ac_compiler_gnu=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ac_cv_c_compiler_gnu=$ac_compiler_gnu
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5
+$as_echo "$ac_cv_c_compiler_gnu" >&6; }
+if test $ac_compiler_gnu = yes; then
+  GCC=yes
+else
+  GCC=
+fi
+ac_test_CFLAGS=${CFLAGS+set}
+ac_save_CFLAGS=$CFLAGS
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5
+$as_echo_n "checking whether $CC accepts -g... " >&6; }
+if ${ac_cv_prog_cc_g+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_save_c_werror_flag=$ac_c_werror_flag
+   ac_c_werror_flag=yes
+   ac_cv_prog_cc_g=no
+   CFLAGS="-g"
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_cv_prog_cc_g=yes
+else
+  CFLAGS=""
+      cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+else
+  ac_c_werror_flag=$ac_save_c_werror_flag
+	 CFLAGS="-g"
+	 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_cv_prog_cc_g=yes
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+   ac_c_werror_flag=$ac_save_c_werror_flag
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5
+$as_echo "$ac_cv_prog_cc_g" >&6; }
+if test "$ac_test_CFLAGS" = set; then
+  CFLAGS=$ac_save_CFLAGS
+elif test $ac_cv_prog_cc_g = yes; then
+  if test "$GCC" = yes; then
+    CFLAGS="-g -O2"
+  else
+    CFLAGS="-g"
+  fi
+else
+  if test "$GCC" = yes; then
+    CFLAGS="-O2"
+  else
+    CFLAGS=
+  fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5
+$as_echo_n "checking for $CC option to accept ISO C89... " >&6; }
+if ${ac_cv_prog_cc_c89+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_cv_prog_cc_c89=no
+ac_save_CC=$CC
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <stdarg.h>
+#include <stdio.h>
+struct stat;
+/* Most of the following tests are stolen from RCS 5.7's src/conf.sh.  */
+struct buf { int x; };
+FILE * (*rcsopen) (struct buf *, struct stat *, int);
+static char *e (p, i)
+     char **p;
+     int i;
+{
+  return p[i];
+}
+static char *f (char * (*g) (char **, int), char **p, ...)
+{
+  char *s;
+  va_list v;
+  va_start (v,p);
+  s = g (p, va_arg (v,int));
+  va_end (v);
+  return s;
+}
+
+/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default.  It has
+   function prototypes and stuff, but not '\xHH' hex character constants.
+   These don't provoke an error unfortunately, instead are silently treated
+   as 'x'.  The following induces an error, until -std is added to get
+   proper ANSI mode.  Curiously '\x00'!='x' always comes out true, for an
+   array size at least.  It's necessary to write '\x00'==0 to get something
+   that's true only with -std.  */
+int osf4_cc_array ['\x00' == 0 ? 1 : -1];
+
+/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
+   inside strings and character constants.  */
+#define FOO(x) 'x'
+int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1];
+
+int test (int i, double x);
+struct s1 {int (*f) (int a);};
+struct s2 {int (*f) (double a);};
+int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int);
+int argc;
+char **argv;
+int
+main ()
+{
+return f (e, argv, 0) != argv[0]  ||  f (e, argv, 1) != argv[1];
+  ;
+  return 0;
+}
+_ACEOF
+for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \
+	-Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
+do
+  CC="$ac_save_CC $ac_arg"
+  if ac_fn_c_try_compile "$LINENO"; then :
+  ac_cv_prog_cc_c89=$ac_arg
+fi
+rm -f core conftest.err conftest.$ac_objext
+  test "x$ac_cv_prog_cc_c89" != "xno" && break
+done
+rm -f conftest.$ac_ext
+CC=$ac_save_CC
+
+fi
+# AC_CACHE_VAL
+case "x$ac_cv_prog_cc_c89" in
+  x)
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
+$as_echo "none needed" >&6; } ;;
+  xno)
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
+$as_echo "unsupported" >&6; } ;;
+  *)
+    CC="$CC $ac_cv_prog_cc_c89"
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5
+$as_echo "$ac_cv_prog_cc_c89" >&6; } ;;
+esac
+if test "x$ac_cv_prog_cc_c89" != xno; then :
+
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5
+$as_echo_n "checking how to run the C preprocessor... " >&6; }
+# On Suns, sometimes $CPP names a directory.
+if test -n "$CPP" && test -d "$CPP"; then
+  CPP=
+fi
+if test -z "$CPP"; then
+  if ${ac_cv_prog_CPP+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+      # Double quotes because CPP needs to be expanded
+    for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp"
+    do
+      ac_preproc_ok=false
+for ac_c_preproc_warn_flag in '' yes
+do
+  # Use a header file that comes with gcc, so configuring glibc
+  # with a fresh cross-compiler works.
+  # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+  # <limits.h> exists even on freestanding compilers.
+  # On the NeXT, cc -E runs the code through the compiler's parser,
+  # not just through cpp. "Syntax error" is here to catch this case.
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+		     Syntax error
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+
+else
+  # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+  # OK, works on sane cases.  Now check whether nonexistent headers
+  # can be detected and how.
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <ac_nonexistent.h>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+  # Broken: success on invalid input.
+continue
+else
+  # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.i conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then :
+  break
+fi
+
+    done
+    ac_cv_prog_CPP=$CPP
+
+fi
+  CPP=$ac_cv_prog_CPP
+else
+  ac_cv_prog_CPP=$CPP
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5
+$as_echo "$CPP" >&6; }
+ac_preproc_ok=false
+for ac_c_preproc_warn_flag in '' yes
+do
+  # Use a header file that comes with gcc, so configuring glibc
+  # with a fresh cross-compiler works.
+  # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+  # <limits.h> exists even on freestanding compilers.
+  # On the NeXT, cc -E runs the code through the compiler's parser,
+  # not just through cpp. "Syntax error" is here to catch this case.
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+		     Syntax error
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+
+else
+  # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+  # OK, works on sane cases.  Now check whether nonexistent headers
+  # can be detected and how.
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <ac_nonexistent.h>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+  # Broken: success on invalid input.
+continue
+else
+  # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.i conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then :
+
+else
+  { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "C preprocessor \"$CPP\" fails sanity check
+See \`config.log' for more details" "$LINENO" 5; }
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+ac_ext=cpp
+ac_cpp='$CXXCPP $CPPFLAGS'
+ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
+if test -z "$CXX"; then
+  if test -n "$CCC"; then
+    CXX=$CCC
+  else
+    if test -n "$ac_tool_prefix"; then
+  for ac_prog in g++ c++ gpp aCC CC cxx cc++ cl.exe FCC KCC RCC xlC_r xlC
+  do
+    # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_CXX+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$CXX"; then
+  ac_cv_prog_CXX="$CXX" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_CXX="$ac_tool_prefix$ac_prog"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+CXX=$ac_cv_prog_CXX
+if test -n "$CXX"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CXX" >&5
+$as_echo "$CXX" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+    test -n "$CXX" && break
+  done
+fi
+if test -z "$CXX"; then
+  ac_ct_CXX=$CXX
+  for ac_prog in g++ c++ gpp aCC CC cxx cc++ cl.exe FCC KCC RCC xlC_r xlC
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_CXX+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_CXX"; then
+  ac_cv_prog_ac_ct_CXX="$ac_ct_CXX" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_ac_ct_CXX="$ac_prog"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CXX=$ac_cv_prog_ac_ct_CXX
+if test -n "$ac_ct_CXX"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CXX" >&5
+$as_echo "$ac_ct_CXX" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  test -n "$ac_ct_CXX" && break
+done
+
+  if test "x$ac_ct_CXX" = x; then
+    CXX="g++"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    CXX=$ac_ct_CXX
+  fi
+fi
+
+  fi
+fi
+# Provide some information about the compiler.
+$as_echo "$as_me:${as_lineno-$LINENO}: checking for C++ compiler version" >&5
+set X $ac_compile
+ac_compiler=$2
+for ac_option in --version -v -V -qversion; do
+  { { ac_try="$ac_compiler $ac_option >&5"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_compiler $ac_option >&5") 2>conftest.err
+  ac_status=$?
+  if test -s conftest.err; then
+    sed '10a\
+... rest of stderr output deleted ...
+         10q' conftest.err >conftest.er1
+    cat conftest.er1 >&5
+  fi
+  rm -f conftest.er1 conftest.err
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }
+done
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C++ compiler" >&5
+$as_echo_n "checking whether we are using the GNU C++ compiler... " >&6; }
+if ${ac_cv_cxx_compiler_gnu+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+#ifndef __GNUC__
+       choke me
+#endif
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_compile "$LINENO"; then :
+  ac_compiler_gnu=yes
+else
+  ac_compiler_gnu=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ac_cv_cxx_compiler_gnu=$ac_compiler_gnu
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_cxx_compiler_gnu" >&5
+$as_echo "$ac_cv_cxx_compiler_gnu" >&6; }
+if test $ac_compiler_gnu = yes; then
+  GXX=yes
+else
+  GXX=
+fi
+ac_test_CXXFLAGS=${CXXFLAGS+set}
+ac_save_CXXFLAGS=$CXXFLAGS
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CXX accepts -g" >&5
+$as_echo_n "checking whether $CXX accepts -g... " >&6; }
+if ${ac_cv_prog_cxx_g+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_save_cxx_werror_flag=$ac_cxx_werror_flag
+   ac_cxx_werror_flag=yes
+   ac_cv_prog_cxx_g=no
+   CXXFLAGS="-g"
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_compile "$LINENO"; then :
+  ac_cv_prog_cxx_g=yes
+else
+  CXXFLAGS=""
+      cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_compile "$LINENO"; then :
+
+else
+  ac_cxx_werror_flag=$ac_save_cxx_werror_flag
+	 CXXFLAGS="-g"
+	 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_compile "$LINENO"; then :
+  ac_cv_prog_cxx_g=yes
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+   ac_cxx_werror_flag=$ac_save_cxx_werror_flag
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cxx_g" >&5
+$as_echo "$ac_cv_prog_cxx_g" >&6; }
+if test "$ac_test_CXXFLAGS" = set; then
+  CXXFLAGS=$ac_save_CXXFLAGS
+elif test $ac_cv_prog_cxx_g = yes; then
+  if test "$GXX" = yes; then
+    CXXFLAGS="-g -O2"
+  else
+    CXXFLAGS="-g"
+  fi
+else
+  if test "$GXX" = yes; then
+    CXXFLAGS="-O2"
+  else
+    CXXFLAGS=
+  fi
+fi
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+ac_aux_dir=
+for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do
+  if test -f "$ac_dir/install-sh"; then
+    ac_aux_dir=$ac_dir
+    ac_install_sh="$ac_aux_dir/install-sh -c"
+    break
+  elif test -f "$ac_dir/install.sh"; then
+    ac_aux_dir=$ac_dir
+    ac_install_sh="$ac_aux_dir/install.sh -c"
+    break
+  elif test -f "$ac_dir/shtool"; then
+    ac_aux_dir=$ac_dir
+    ac_install_sh="$ac_aux_dir/shtool install -c"
+    break
+  fi
+done
+if test -z "$ac_aux_dir"; then
+  as_fn_error $? "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5
+fi
+
+# These three variables are undocumented and unsupported,
+# and are intended to be withdrawn in a future Autoconf release.
+# They can cause serious problems if a builder's source tree is in a directory
+# whose full name contains unusual characters.
+ac_config_guess="$SHELL $ac_aux_dir/config.guess"  # Please don't use this var.
+ac_config_sub="$SHELL $ac_aux_dir/config.sub"  # Please don't use this var.
+ac_configure="$SHELL $ac_aux_dir/configure"  # Please don't use this var.
+
+
+# Expand $ac_aux_dir to an absolute path.
+am_aux_dir=`cd "$ac_aux_dir" && pwd`
+
+
+if test -n "$ac_tool_prefix"; then
+  for ac_prog in ar lib "link -lib"
+  do
+    # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_AR+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$AR"; then
+  ac_cv_prog_AR="$AR" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_AR="$ac_tool_prefix$ac_prog"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+AR=$ac_cv_prog_AR
+if test -n "$AR"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5
+$as_echo "$AR" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+    test -n "$AR" && break
+  done
+fi
+if test -z "$AR"; then
+  ac_ct_AR=$AR
+  for ac_prog in ar lib "link -lib"
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_AR+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_AR"; then
+  ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_ac_ct_AR="$ac_prog"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_AR=$ac_cv_prog_ac_ct_AR
+if test -n "$ac_ct_AR"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5
+$as_echo "$ac_ct_AR" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  test -n "$ac_ct_AR" && break
+done
+
+  if test "x$ac_ct_AR" = x; then
+    AR="false"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    AR=$ac_ct_AR
+  fi
+fi
+
+: ${AR=ar}
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the archiver ($AR) interface" >&5
+$as_echo_n "checking the archiver ($AR) interface... " >&6; }
+if ${am_cv_ar_interface+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+   am_cv_ar_interface=ar
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+int some_variable = 0;
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  am_ar_try='$AR cru libconftest.a conftest.$ac_objext >&5'
+      { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$am_ar_try\""; } >&5
+  (eval $am_ar_try) 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }
+      if test "$ac_status" -eq 0; then
+        am_cv_ar_interface=ar
+      else
+        am_ar_try='$AR -NOLOGO -OUT:conftest.lib conftest.$ac_objext >&5'
+        { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$am_ar_try\""; } >&5
+  (eval $am_ar_try) 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }
+        if test "$ac_status" -eq 0; then
+          am_cv_ar_interface=lib
+        else
+          am_cv_ar_interface=unknown
+        fi
+      fi
+      rm -f conftest.lib libconftest.a
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+   ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_ar_interface" >&5
+$as_echo "$am_cv_ar_interface" >&6; }
+
+case $am_cv_ar_interface in
+ar)
+  ;;
+lib)
+  # Microsoft lib, so override with the ar-lib wrapper script.
+  # FIXME: It is wrong to rewrite AR.
+  # But if we don't then we get into trouble of one sort or another.
+  # A longer-term fix would be to have automake use am__AR in this case,
+  # and then we could set am__AR="$am_aux_dir/ar-lib \$(AR)" or something
+  # similar.
+  AR="$am_aux_dir/ar-lib $AR"
+  ;;
+unknown)
+  as_fn_error $? "could not determine $AR interface" "$LINENO" 5
+  ;;
+esac
+
+if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args.
+set dummy ${ac_tool_prefix}ranlib; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_RANLIB+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$RANLIB"; then
+  ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+RANLIB=$ac_cv_prog_RANLIB
+if test -n "$RANLIB"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5
+$as_echo "$RANLIB" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_RANLIB"; then
+  ac_ct_RANLIB=$RANLIB
+  # Extract the first word of "ranlib", so it can be a program name with args.
+set dummy ranlib; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_RANLIB+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_RANLIB"; then
+  ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_ac_ct_RANLIB="ranlib"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB
+if test -n "$ac_ct_RANLIB"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5
+$as_echo "$ac_ct_RANLIB" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_ct_RANLIB" = x; then
+    RANLIB=":"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    RANLIB=$ac_ct_RANLIB
+  fi
+else
+  RANLIB="$ac_cv_prog_RANLIB"
+fi
+
+# Find a good install program.  We prefer a C program (faster),
+# so one script is as good as another.  But avoid the broken or
+# incompatible versions:
+# SysV /etc/install, /usr/sbin/install
+# SunOS /usr/etc/install
+# IRIX /sbin/install
+# AIX /bin/install
+# AmigaOS /C/install, which installs bootblocks on floppy discs
+# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag
+# AFS /usr/afsws/bin/install, which mishandles nonexistent args
+# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
+# OS/2's system install, which has a completely different semantic
+# ./install, which can be erroneously created by make from ./install.sh.
+# Reject install programs that cannot install multiple files.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5
+$as_echo_n "checking for a BSD-compatible install... " >&6; }
+if test -z "$INSTALL"; then
+if ${ac_cv_path_install+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    # Account for people who put trailing slashes in PATH elements.
+case $as_dir/ in #((
+  ./ | .// | /[cC]/* | \
+  /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \
+  ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \
+  /usr/ucb/* ) ;;
+  *)
+    # OSF1 and SCO ODT 3.0 have their own names for install.
+    # Don't use installbsd from OSF since it installs stuff as root
+    # by default.
+    for ac_prog in ginstall scoinst install; do
+      for ac_exec_ext in '' $ac_executable_extensions; do
+	if as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then
+	  if test $ac_prog = install &&
+	    grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+	    # AIX install.  It has an incompatible calling convention.
+	    :
+	  elif test $ac_prog = install &&
+	    grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+	    # program-specific install script used by HP pwplus--don't use.
+	    :
+	  else
+	    rm -rf conftest.one conftest.two conftest.dir
+	    echo one > conftest.one
+	    echo two > conftest.two
+	    mkdir conftest.dir
+	    if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" &&
+	      test -s conftest.one && test -s conftest.two &&
+	      test -s conftest.dir/conftest.one &&
+	      test -s conftest.dir/conftest.two
+	    then
+	      ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c"
+	      break 3
+	    fi
+	  fi
+	fi
+      done
+    done
+    ;;
+esac
+
+  done
+IFS=$as_save_IFS
+
+rm -rf conftest.one conftest.two conftest.dir
+
+fi
+  if test "${ac_cv_path_install+set}" = set; then
+    INSTALL=$ac_cv_path_install
+  else
+    # As a last resort, use the slow shell script.  Don't cache a
+    # value for INSTALL within a source directory, because that will
+    # break other packages using the cache if that directory is
+    # removed, or if the value is a relative name.
+    INSTALL=$ac_install_sh
+  fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5
+$as_echo "$INSTALL" >&6; }
+
+# Use test -z because SunOS4 sh mishandles braces in ${var-val}.
+# It thinks the first close brace ends the variable substitution.
+test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}'
+
+test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}'
+
+test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5
+$as_echo_n "checking for a sed that does not truncate output... " >&6; }
+if ${ac_cv_path_SED+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+            ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/
+     for ac_i in 1 2 3 4 5 6 7; do
+       ac_script="$ac_script$as_nl$ac_script"
+     done
+     echo "$ac_script" 2>/dev/null | sed 99q >conftest.sed
+     { ac_script=; unset ac_script;}
+     if test -z "$SED"; then
+  ac_path_SED_found=false
+  # Loop through the user's path and test for each of PROGNAME-LIST
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_prog in sed gsed; do
+    for ac_exec_ext in '' $ac_executable_extensions; do
+      ac_path_SED="$as_dir/$ac_prog$ac_exec_ext"
+      as_fn_executable_p "$ac_path_SED" || continue
+# Check for GNU ac_path_SED and select it if it is found.
+  # Check for GNU $ac_path_SED
+case `"$ac_path_SED" --version 2>&1` in
+*GNU*)
+  ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;;
+*)
+  ac_count=0
+  $as_echo_n 0123456789 >"conftest.in"
+  while :
+  do
+    cat "conftest.in" "conftest.in" >"conftest.tmp"
+    mv "conftest.tmp" "conftest.in"
+    cp "conftest.in" "conftest.nl"
+    $as_echo '' >> "conftest.nl"
+    "$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break
+    diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+    as_fn_arith $ac_count + 1 && ac_count=$as_val
+    if test $ac_count -gt ${ac_path_SED_max-0}; then
+      # Best one so far, save it but keep looking for a better one
+      ac_cv_path_SED="$ac_path_SED"
+      ac_path_SED_max=$ac_count
+    fi
+    # 10*(2^10) chars as input seems more than enough
+    test $ac_count -gt 10 && break
+  done
+  rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+      $ac_path_SED_found && break 3
+    done
+  done
+  done
+IFS=$as_save_IFS
+  if test -z "$ac_cv_path_SED"; then
+    as_fn_error $? "no acceptable sed could be found in \$PATH" "$LINENO" 5
+  fi
+else
+  ac_cv_path_SED=$SED
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5
+$as_echo "$ac_cv_path_SED" >&6; }
+ SED="$ac_cv_path_SED"
+  rm -f conftest.sed
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5
+$as_echo_n "checking for grep that handles long lines and -e... " >&6; }
+if ${ac_cv_path_GREP+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -z "$GREP"; then
+  ac_path_GREP_found=false
+  # Loop through the user's path and test for each of PROGNAME-LIST
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_prog in grep ggrep; do
+    for ac_exec_ext in '' $ac_executable_extensions; do
+      ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext"
+      as_fn_executable_p "$ac_path_GREP" || continue
+# Check for GNU ac_path_GREP and select it if it is found.
+  # Check for GNU $ac_path_GREP
+case `"$ac_path_GREP" --version 2>&1` in
+*GNU*)
+  ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;;
+*)
+  ac_count=0
+  $as_echo_n 0123456789 >"conftest.in"
+  while :
+  do
+    cat "conftest.in" "conftest.in" >"conftest.tmp"
+    mv "conftest.tmp" "conftest.in"
+    cp "conftest.in" "conftest.nl"
+    $as_echo 'GREP' >> "conftest.nl"
+    "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break
+    diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+    as_fn_arith $ac_count + 1 && ac_count=$as_val
+    if test $ac_count -gt ${ac_path_GREP_max-0}; then
+      # Best one so far, save it but keep looking for a better one
+      ac_cv_path_GREP="$ac_path_GREP"
+      ac_path_GREP_max=$ac_count
+    fi
+    # 10*(2^10) chars as input seems more than enough
+    test $ac_count -gt 10 && break
+  done
+  rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+      $ac_path_GREP_found && break 3
+    done
+  done
+  done
+IFS=$as_save_IFS
+  if test -z "$ac_cv_path_GREP"; then
+    as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
+  fi
+else
+  ac_cv_path_GREP=$GREP
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5
+$as_echo "$ac_cv_path_GREP" >&6; }
+ GREP="$ac_cv_path_GREP"
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5
+$as_echo_n "checking for egrep... " >&6; }
+if ${ac_cv_path_EGREP+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if echo a | $GREP -E '(a|b)' >/dev/null 2>&1
+   then ac_cv_path_EGREP="$GREP -E"
+   else
+     if test -z "$EGREP"; then
+  ac_path_EGREP_found=false
+  # Loop through the user's path and test for each of PROGNAME-LIST
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_prog in egrep; do
+    for ac_exec_ext in '' $ac_executable_extensions; do
+      ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext"
+      as_fn_executable_p "$ac_path_EGREP" || continue
+# Check for GNU ac_path_EGREP and select it if it is found.
+  # Check for GNU $ac_path_EGREP
+case `"$ac_path_EGREP" --version 2>&1` in
+*GNU*)
+  ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;;
+*)
+  ac_count=0
+  $as_echo_n 0123456789 >"conftest.in"
+  while :
+  do
+    cat "conftest.in" "conftest.in" >"conftest.tmp"
+    mv "conftest.tmp" "conftest.in"
+    cp "conftest.in" "conftest.nl"
+    $as_echo 'EGREP' >> "conftest.nl"
+    "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break
+    diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+    as_fn_arith $ac_count + 1 && ac_count=$as_val
+    if test $ac_count -gt ${ac_path_EGREP_max-0}; then
+      # Best one so far, save it but keep looking for a better one
+      ac_cv_path_EGREP="$ac_path_EGREP"
+      ac_path_EGREP_max=$ac_count
+    fi
+    # 10*(2^10) chars as input seems more than enough
+    test $ac_count -gt 10 && break
+  done
+  rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+      $ac_path_EGREP_found && break 3
+    done
+  done
+  done
+IFS=$as_save_IFS
+  if test -z "$ac_cv_path_EGREP"; then
+    as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
+  fi
+else
+  ac_cv_path_EGREP=$EGREP
+fi
+
+   fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5
+$as_echo "$ac_cv_path_EGREP" >&6; }
+ EGREP="$ac_cv_path_EGREP"
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5
+$as_echo_n "checking for ANSI C header files... " >&6; }
+if ${ac_cv_header_stdc+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <float.h>
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_cv_header_stdc=yes
+else
+  ac_cv_header_stdc=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+if test $ac_cv_header_stdc = yes; then
+  # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <string.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  $EGREP "memchr" >/dev/null 2>&1; then :
+
+else
+  ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+  # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <stdlib.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  $EGREP "free" >/dev/null 2>&1; then :
+
+else
+  ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+  # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
+  if test "$cross_compiling" = yes; then :
+  :
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <ctype.h>
+#include <stdlib.h>
+#if ((' ' & 0x0FF) == 0x020)
+# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
+# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
+#else
+# define ISLOWER(c) \
+		   (('a' <= (c) && (c) <= 'i') \
+		     || ('j' <= (c) && (c) <= 'r') \
+		     || ('s' <= (c) && (c) <= 'z'))
+# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
+#endif
+
+#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
+int
+main ()
+{
+  int i;
+  for (i = 0; i < 256; i++)
+    if (XOR (islower (i), ISLOWER (i))
+	|| toupper (i) != TOUPPER (i))
+      return 2;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+
+else
+  ac_cv_header_stdc=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5
+$as_echo "$ac_cv_header_stdc" >&6; }
+if test $ac_cv_header_stdc = yes; then
+
+$as_echo "#define STDC_HEADERS 1" >>confdefs.h
+
+fi
+
+# On IRIX 5.3, sys/types and inttypes.h are conflicting.
+for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \
+		  inttypes.h stdint.h unistd.h
+do :
+  as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default
+"
+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether byte ordering is bigendian" >&5
+$as_echo_n "checking whether byte ordering is bigendian... " >&6; }
+if ${ac_cv_c_bigendian+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_cv_c_bigendian=unknown
+    # See if we're dealing with a universal compiler.
+    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#ifndef __APPLE_CC__
+	       not a universal capable compiler
+	     #endif
+	     typedef int dummy;
+
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+	# Check for potential -arch flags.  It is not universal unless
+	# there are at least two -arch flags with different values.
+	ac_arch=
+	ac_prev=
+	for ac_word in $CC $CFLAGS $CPPFLAGS $LDFLAGS; do
+	 if test -n "$ac_prev"; then
+	   case $ac_word in
+	     i?86 | x86_64 | ppc | ppc64)
+	       if test -z "$ac_arch" || test "$ac_arch" = "$ac_word"; then
+		 ac_arch=$ac_word
+	       else
+		 ac_cv_c_bigendian=universal
+		 break
+	       fi
+	       ;;
+	   esac
+	   ac_prev=
+	 elif test "x$ac_word" = "x-arch"; then
+	   ac_prev=arch
+	 fi
+       done
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+    if test $ac_cv_c_bigendian = unknown; then
+      # See if sys/param.h defines the BYTE_ORDER macro.
+      cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <sys/types.h>
+	     #include <sys/param.h>
+
+int
+main ()
+{
+#if ! (defined BYTE_ORDER && defined BIG_ENDIAN \
+		     && defined LITTLE_ENDIAN && BYTE_ORDER && BIG_ENDIAN \
+		     && LITTLE_ENDIAN)
+	      bogus endian macros
+	     #endif
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  # It does; now see whether it defined to BIG_ENDIAN or not.
+	 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <sys/types.h>
+		#include <sys/param.h>
+
+int
+main ()
+{
+#if BYTE_ORDER != BIG_ENDIAN
+		 not big endian
+		#endif
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_cv_c_bigendian=yes
+else
+  ac_cv_c_bigendian=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+    fi
+    if test $ac_cv_c_bigendian = unknown; then
+      # See if <limits.h> defines _LITTLE_ENDIAN or _BIG_ENDIAN (e.g., Solaris).
+      cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <limits.h>
+
+int
+main ()
+{
+#if ! (defined _LITTLE_ENDIAN || defined _BIG_ENDIAN)
+	      bogus endian macros
+	     #endif
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  # It does; now see whether it defined to _BIG_ENDIAN or not.
+	 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <limits.h>
+
+int
+main ()
+{
+#ifndef _BIG_ENDIAN
+		 not big endian
+		#endif
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_cv_c_bigendian=yes
+else
+  ac_cv_c_bigendian=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+    fi
+    if test $ac_cv_c_bigendian = unknown; then
+      # Compile a test program.
+      if test "$cross_compiling" = yes; then :
+  # Try to guess by grepping values from an object file.
+	 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+short int ascii_mm[] =
+		  { 0x4249, 0x4765, 0x6E44, 0x6961, 0x6E53, 0x7953, 0 };
+		short int ascii_ii[] =
+		  { 0x694C, 0x5454, 0x656C, 0x6E45, 0x6944, 0x6E61, 0 };
+		int use_ascii (int i) {
+		  return ascii_mm[i] + ascii_ii[i];
+		}
+		short int ebcdic_ii[] =
+		  { 0x89D3, 0xE3E3, 0x8593, 0x95C5, 0x89C4, 0x9581, 0 };
+		short int ebcdic_mm[] =
+		  { 0xC2C9, 0xC785, 0x95C4, 0x8981, 0x95E2, 0xA8E2, 0 };
+		int use_ebcdic (int i) {
+		  return ebcdic_mm[i] + ebcdic_ii[i];
+		}
+		extern int foo;
+
+int
+main ()
+{
+return use_ascii (foo) == use_ebcdic (foo);
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  if grep BIGenDianSyS conftest.$ac_objext >/dev/null; then
+	      ac_cv_c_bigendian=yes
+	    fi
+	    if grep LiTTleEnDian conftest.$ac_objext >/dev/null ; then
+	      if test "$ac_cv_c_bigendian" = unknown; then
+		ac_cv_c_bigendian=no
+	      else
+		# finding both strings is unlikely to happen, but who knows?
+		ac_cv_c_bigendian=unknown
+	      fi
+	    fi
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$ac_includes_default
+int
+main ()
+{
+
+	     /* Are we little or big endian?  From Harbison&Steele.  */
+	     union
+	     {
+	       long int l;
+	       char c[sizeof (long int)];
+	     } u;
+	     u.l = 1;
+	     return u.c[sizeof (long int) - 1] == 1;
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+  ac_cv_c_bigendian=no
+else
+  ac_cv_c_bigendian=yes
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+    fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_bigendian" >&5
+$as_echo "$ac_cv_c_bigendian" >&6; }
+ case $ac_cv_c_bigendian in #(
+   yes)
+     $as_echo "#define WORDS_BIGENDIAN 1" >>confdefs.h
+;; #(
+   no)
+      ;; #(
+   universal)
+
+$as_echo "#define AC_APPLE_UNIVERSAL_BUILD 1" >>confdefs.h
+
+     ;; #(
+   *)
+     as_fn_error $? "unknown endianness
+ presetting ac_cv_c_bigendian=no (or yes) will help" "$LINENO" 5 ;;
+ esac
+
+
+# Make sure we can run config.sub.
+$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 ||
+  as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5
+$as_echo_n "checking build system type... " >&6; }
+if ${ac_cv_build+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_build_alias=$build_alias
+test "x$ac_build_alias" = x &&
+  ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"`
+test "x$ac_build_alias" = x &&
+  as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5
+ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` ||
+  as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5
+$as_echo "$ac_cv_build" >&6; }
+case $ac_cv_build in
+*-*-*) ;;
+*) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;;
+esac
+build=$ac_cv_build
+ac_save_IFS=$IFS; IFS='-'
+set x $ac_cv_build
+shift
+build_cpu=$1
+build_vendor=$2
+shift; shift
+# Remember, the first character of IFS is used to create $*,
+# except with old shells:
+build_os=$*
+IFS=$ac_save_IFS
+case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5
+$as_echo_n "checking host system type... " >&6; }
+if ${ac_cv_host+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test "x$host_alias" = x; then
+  ac_cv_host=$ac_cv_build
+else
+  ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` ||
+    as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5
+$as_echo "$ac_cv_host" >&6; }
+case $ac_cv_host in
+*-*-*) ;;
+*) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;;
+esac
+host=$ac_cv_host
+ac_save_IFS=$IFS; IFS='-'
+set x $ac_cv_host
+shift
+host_cpu=$1
+host_vendor=$2
+shift; shift
+# Remember, the first character of IFS is used to create $*,
+# except with old shells:
+host_os=$*
+IFS=$ac_save_IFS
+case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac
+
+
+
+case $host_cpu in
+  i*86 | x86_64 )
+
+$as_echo "#define CPU_CISC 1" >>confdefs.h
+
+
+$as_echo "#define HAVE_X86 1" >>confdefs.h
+
+    ;;
+  * )
+
+$as_echo "#define CPU_RISC 1" >>confdefs.h
+
+    ;;
+esac
+
+case $host_os in
+  *cygwin*|*mingw* )
+    EXE=.exe
+    ;;
+  * )
+    EXE=""
+    ;;
+esac
+   # define executable suffix; this is needed for `make clean'
+
+supported_cflags=""
+if test "$EMPTY_CFLAGS" = "no"; then
+  supported_cflags="$CFLAGS"
+fi
+
+WERROR=""
+for w in -Werror -errwarn; do
+  if test "x$WERROR" = "x"; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${CC-c} accepts $w" >&5
+$as_echo_n "checking whether ${CC-c} accepts $w... " >&6; }
+    save_cflags="$CFLAGS"
+    if test "x$CFLAGS" = "x"; then :
+  CFLAGS="$w"
+else
+  CFLAGS="$CFLAGS $w"
+fi
+    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+int main(void) { return 0; }
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  WERROR="$w"
+       { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+  CFLAGS="$save_cflags"
+       { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+  fi
+done
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${CC-c} accepts -fPIC" >&5
+$as_echo_n "checking whether ${CC-c} accepts -fPIC... " >&6; }
+save_cflags="$CFLAGS"
+if test "x$CFLAGS" = "x"; then :
+  CFLAGS="-fPIC"
+else
+  CFLAGS="$CFLAGS -fPIC"
+fi
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+int main(void) { return 0; }
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  if test "x$supported_cflags" = "x"; then :
+  supported_cflags="-fPIC"
+else
+  supported_cflags="$supported_cflags -fPIC"
+fi
+   { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+  CFLAGS="$save_cflags"
+   { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+if test "$EMPTY_CFLAGS" = "yes"; then
+  for f in -Wall -pedantic -Wstrict-prototypes; do
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${CC-c} accepts $f" >&5
+$as_echo_n "checking whether ${CC-c} accepts $f... " >&6; }
+    save_cflags="$CFLAGS"
+    if test "x$CFLAGS" = "x"; then :
+  CFLAGS="$f"
+else
+  CFLAGS="$CFLAGS $f"
+fi
+    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+int main(void) { return 0; }
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  if test "x$supported_cflags" = "x"; then :
+  supported_cflags="$f"
+else
+  supported_cflags="$supported_cflags $f"
+fi
+       { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+  CFLAGS="$save_cflags"
+       { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+  done
+
+  OOPT=""
+  for f in -O4 -O3; do
+    if test "x$OOPT" = "x"; then
+      { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${CC-c} accepts $f" >&5
+$as_echo_n "checking whether ${CC-c} accepts $f... " >&6; }
+      save_cflags="$CFLAGS"
+      if test "x$CFLAGS" = "x"; then :
+  CFLAGS="$f"
+else
+  CFLAGS="$CFLAGS $f"
+fi
+      cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+int main(void) { return 0; }
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  if test "x$supported_cflags" = "x"; then :
+  supported_cflags="$f"
+else
+  supported_cflags="$supported_cflags $f"
+fi
+         OOPT="$f"
+         { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+  CFLAGS="$save_cflags"
+         { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+    fi
+  done
+
+  for f in -fexpensive-optimizations -funroll-loops; do
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${CC-c} accepts $f" >&5
+$as_echo_n "checking whether ${CC-c} accepts $f... " >&6; }
+    save_cflags="$CFLAGS"
+    if test "x$CFLAGS" = "x"; then :
+  CFLAGS="$f"
+else
+  CFLAGS="$CFLAGS $f"
+fi
+    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+int main(void) { return 0; }
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  if test "x$supported_cflags" = "x"; then :
+  supported_cflags="$f"
+else
+  supported_cflags="$supported_cflags $f"
+fi
+       { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+  CFLAGS="$save_cflags"
+       { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+  done
+fi
+
+for f in -Wno-language-extension-token; do
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${CC-c} accepts $f" >&5
+$as_echo_n "checking whether ${CC-c} accepts $f... " >&6; }
+  save_cflags="$CFLAGS"
+  testf=$(echo "$f" | $SED 's|-Wno-\(.*\)|-W\1|g')
+  if test "x$CFLAGS" = "x"; then :
+  CFLAGS="$testf"
+else
+  CFLAGS="$CFLAGS $testf"
+fi
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+int main(void) { return 0; }
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  if test "x$supported_cflags" = "x"; then :
+  supported_cflags="$f"
+else
+  supported_cflags="$supported_cflags $f"
+fi
+     { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+  CFLAGS="$save_cflags"
+     { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+done
+
+CFLAGS="$supported_cflags"
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5
+$as_echo_n "checking for ANSI C header files... " >&6; }
+if ${ac_cv_header_stdc+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <float.h>
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_cv_header_stdc=yes
+else
+  ac_cv_header_stdc=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+if test $ac_cv_header_stdc = yes; then
+  # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <string.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  $EGREP "memchr" >/dev/null 2>&1; then :
+
+else
+  ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+  # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <stdlib.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  $EGREP "free" >/dev/null 2>&1; then :
+
+else
+  ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+  # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
+  if test "$cross_compiling" = yes; then :
+  :
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <ctype.h>
+#include <stdlib.h>
+#if ((' ' & 0x0FF) == 0x020)
+# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
+# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
+#else
+# define ISLOWER(c) \
+		   (('a' <= (c) && (c) <= 'i') \
+		     || ('j' <= (c) && (c) <= 'r') \
+		     || ('s' <= (c) && (c) <= 'z'))
+# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
+#endif
+
+#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
+int
+main ()
+{
+  int i;
+  for (i = 0; i < 256; i++)
+    if (XOR (islower (i), ISLOWER (i))
+	|| toupper (i) != TOUPPER (i))
+      return 2;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+
+else
+  ac_cv_header_stdc=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5
+$as_echo "$ac_cv_header_stdc" >&6; }
+if test $ac_cv_header_stdc = yes; then
+
+$as_echo "#define STDC_HEADERS 1" >>confdefs.h
+
+fi
+
+for ac_header in unistd.h byteswap.h stdint.h sys/uio.h inttypes.h sys/types.h machine/types.h sys/int_types.h
+do :
+  as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default
+"
+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+for ac_header in sys/socket.h netinet/in.h arpa/inet.h
+do :
+  as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default
+"
+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+for ac_header in windows.h
+do :
+  ac_fn_c_check_header_compile "$LINENO" "windows.h" "ac_cv_header_windows_h" "$ac_includes_default
+"
+if test "x$ac_cv_header_windows_h" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_WINDOWS_H 1
+_ACEOF
+ for ac_header in winsock2.h
+do :
+  ac_fn_c_check_header_compile "$LINENO" "winsock2.h" "ac_cv_header_winsock2_h" "$ac_includes_default
+"
+if test "x$ac_cv_header_winsock2_h" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_WINSOCK2_H 1
+_ACEOF
+
+fi
+
+done
+
+fi
+
+done
+
+
+ac_fn_c_check_type "$LINENO" "int8_t" "ac_cv_type_int8_t" "$ac_includes_default"
+if test "x$ac_cv_type_int8_t" = xyes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_INT8_T 1
+_ACEOF
+
+
+fi
+ac_fn_c_check_type "$LINENO" "uint8_t" "ac_cv_type_uint8_t" "$ac_includes_default"
+if test "x$ac_cv_type_uint8_t" = xyes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_UINT8_T 1
+_ACEOF
+
+
+fi
+ac_fn_c_check_type "$LINENO" "int16_t" "ac_cv_type_int16_t" "$ac_includes_default"
+if test "x$ac_cv_type_int16_t" = xyes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_INT16_T 1
+_ACEOF
+
+
+fi
+ac_fn_c_check_type "$LINENO" "uint16_t" "ac_cv_type_uint16_t" "$ac_includes_default"
+if test "x$ac_cv_type_uint16_t" = xyes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_UINT16_T 1
+_ACEOF
+
+
+fi
+ac_fn_c_check_type "$LINENO" "int32_t" "ac_cv_type_int32_t" "$ac_includes_default"
+if test "x$ac_cv_type_int32_t" = xyes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_INT32_T 1
+_ACEOF
+
+
+fi
+ac_fn_c_check_type "$LINENO" "uint32_t" "ac_cv_type_uint32_t" "$ac_includes_default"
+if test "x$ac_cv_type_uint32_t" = xyes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_UINT32_T 1
+_ACEOF
+
+
+fi
+ac_fn_c_check_type "$LINENO" "uint64_t" "ac_cv_type_uint64_t" "$ac_includes_default"
+if test "x$ac_cv_type_uint64_t" = xyes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_UINT64_T 1
+_ACEOF
+
+
+fi
+
+# The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of unsigned long" >&5
+$as_echo_n "checking size of unsigned long... " >&6; }
+if ${ac_cv_sizeof_unsigned_long+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned long))" "ac_cv_sizeof_unsigned_long"        "$ac_includes_default"; then :
+
+else
+  if test "$ac_cv_type_unsigned_long" = yes; then
+     { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute sizeof (unsigned long)
+See \`config.log' for more details" "$LINENO" 5; }
+   else
+     ac_cv_sizeof_unsigned_long=0
+   fi
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_unsigned_long" >&5
+$as_echo "$ac_cv_sizeof_unsigned_long" >&6; }
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_UNSIGNED_LONG $ac_cv_sizeof_unsigned_long
+_ACEOF
+
+
+# The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of unsigned long long" >&5
+$as_echo_n "checking size of unsigned long long... " >&6; }
+if ${ac_cv_sizeof_unsigned_long_long+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned long long))" "ac_cv_sizeof_unsigned_long_long"        "$ac_includes_default"; then :
+
+else
+  if test "$ac_cv_type_unsigned_long_long" = yes; then
+     { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute sizeof (unsigned long long)
+See \`config.log' for more details" "$LINENO" 5; }
+   else
+     ac_cv_sizeof_unsigned_long_long=0
+   fi
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_unsigned_long_long" >&5
+$as_echo "$ac_cv_sizeof_unsigned_long_long" >&6; }
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_UNSIGNED_LONG_LONG $ac_cv_sizeof_unsigned_long_long
+_ACEOF
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for an ANSI C-conforming const" >&5
+$as_echo_n "checking for an ANSI C-conforming const... " >&6; }
+if ${ac_cv_c_const+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+#ifndef __cplusplus
+  /* Ultrix mips cc rejects this sort of thing.  */
+  typedef int charset[2];
+  const charset cs = { 0, 0 };
+  /* SunOS 4.1.1 cc rejects this.  */
+  char const *const *pcpcc;
+  char **ppc;
+  /* NEC SVR4.0.2 mips cc rejects this.  */
+  struct point {int x, y;};
+  static struct point const zero = {0,0};
+  /* AIX XL C 1.02.0.0 rejects this.
+     It does not let you subtract one const X* pointer from another in
+     an arm of an if-expression whose if-part is not a constant
+     expression */
+  const char *g = "string";
+  pcpcc = &g + (g ? g-g : 0);
+  /* HPUX 7.0 cc rejects these. */
+  ++pcpcc;
+  ppc = (char**) pcpcc;
+  pcpcc = (char const *const *) ppc;
+  { /* SCO 3.2v4 cc rejects this sort of thing.  */
+    char tx;
+    char *t = &tx;
+    char const *s = 0 ? (char *) 0 : (char const *) 0;
+
+    *t++ = 0;
+    if (s) return 0;
+  }
+  { /* Someone thinks the Sun supposedly-ANSI compiler will reject this.  */
+    int x[] = {25, 17};
+    const int *foo = &x[0];
+    ++foo;
+  }
+  { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */
+    typedef const int *iptr;
+    iptr p = 0;
+    ++p;
+  }
+  { /* AIX XL C 1.02.0.0 rejects this sort of thing, saying
+       "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */
+    struct s { int j; const int *ap[3]; } bx;
+    struct s *b = &bx; b->j = 5;
+  }
+  { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */
+    const int foo = 10;
+    if (!foo) return 0;
+  }
+  return !cs[0] && !zero.x;
+#endif
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_cv_c_const=yes
+else
+  ac_cv_c_const=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_const" >&5
+$as_echo "$ac_cv_c_const" >&6; }
+if test $ac_cv_c_const = no; then
+
+$as_echo "#define const /**/" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for inline" >&5
+$as_echo_n "checking for inline... " >&6; }
+if ${ac_cv_c_inline+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_cv_c_inline=no
+for ac_kw in inline __inline__ __inline; do
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#ifndef __cplusplus
+typedef int foo_t;
+static $ac_kw foo_t static_foo () {return 0; }
+$ac_kw foo_t foo () {return 0; }
+#endif
+
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_cv_c_inline=$ac_kw
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+  test "$ac_cv_c_inline" != no && break
+done
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_inline" >&5
+$as_echo "$ac_cv_c_inline" >&6; }
+
+case $ac_cv_c_inline in
+  inline | yes) ;;
+  *)
+    case $ac_cv_c_inline in
+      no) ac_val=;;
+      *) ac_val=$ac_cv_c_inline;;
+    esac
+    cat >>confdefs.h <<_ACEOF
+#ifndef __cplusplus
+#define inline $ac_val
+#endif
+_ACEOF
+    ;;
+esac
+
+ac_fn_c_check_type "$LINENO" "size_t" "ac_cv_type_size_t" "$ac_includes_default"
+if test "x$ac_cv_type_size_t" = xyes; then :
+
+else
+
+cat >>confdefs.h <<_ACEOF
+#define size_t unsigned int
+_ACEOF
+
+fi
+
+
+for ac_func in socket inet_aton usleep sigaction
+do :
+  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+
+if test "x$ac_cv_func_socket" = "xno"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for socket in -lsocket" >&5
+$as_echo_n "checking for socket in -lsocket... " >&6; }
+if ${ac_cv_lib_socket_socket+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lsocket  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char socket ();
+int
+main ()
+{
+return socket ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_socket_socket=yes
+else
+  ac_cv_lib_socket_socket=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_socket_socket" >&5
+$as_echo "$ac_cv_lib_socket_socket" >&6; }
+if test "x$ac_cv_lib_socket_socket" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBSOCKET 1
+_ACEOF
+
+  LIBS="-lsocket $LIBS"
+
+fi
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for socket in -lwsock32" >&5
+$as_echo_n "checking for socket in -lwsock32... " >&6; }
+  SAVELIBS="$LIBS"
+  LIBS="$LIBS -lwsock32"
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+#include <winsock2.h>
+int main(void)
+{
+    int fd = socket(0, 0, 0);
+    if (fd < 0)
+      return -1;
+    else
+      return 0;
+}
+
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_func_socket=yes
+     { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+  LIBS="$SAVELIBS"
+     { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable debug logging in all modules" >&5
+$as_echo_n "checking whether to enable debug logging in all modules... " >&6; }
+# Check whether --enable-debug-logging was given.
+if test "${enable_debug_logging+set}" = set; then :
+  enableval=$enable_debug_logging;
+else
+  enable_debug_logging=no
+fi
+
+if test "$enable_debug_logging" = "yes"; then
+
+$as_echo "#define ENABLE_DEBUG_LOGGING 1" >>confdefs.h
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_debug_logging" >&5
+$as_echo "$enable_debug_logging" >&6; }
+
+
+
+
+
+
+
+
+if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
+	if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args.
+set dummy ${ac_tool_prefix}pkg-config; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_PKG_CONFIG+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  case $PKG_CONFIG in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  ;;
+esac
+fi
+PKG_CONFIG=$ac_cv_path_PKG_CONFIG
+if test -n "$PKG_CONFIG"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5
+$as_echo "$PKG_CONFIG" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_path_PKG_CONFIG"; then
+  ac_pt_PKG_CONFIG=$PKG_CONFIG
+  # Extract the first word of "pkg-config", so it can be a program name with args.
+set dummy pkg-config; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_ac_pt_PKG_CONFIG+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  case $ac_pt_PKG_CONFIG in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_path_ac_pt_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  ;;
+esac
+fi
+ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG
+if test -n "$ac_pt_PKG_CONFIG"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5
+$as_echo "$ac_pt_PKG_CONFIG" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_pt_PKG_CONFIG" = x; then
+    PKG_CONFIG=""
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    PKG_CONFIG=$ac_pt_PKG_CONFIG
+  fi
+else
+  PKG_CONFIG="$ac_cv_path_PKG_CONFIG"
+fi
+
+fi
+if test -n "$PKG_CONFIG"; then
+	_pkg_min_version=0.9.0
+	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5
+$as_echo_n "checking pkg-config is at least version $_pkg_min_version... " >&6; }
+	if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+	else
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+		PKG_CONFIG=""
+	fi
+fi
+if test "x$PKG_CONFIG" != "x"; then :
+  PKG_CONFIG="$PKG_CONFIG --static"
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to leverage OpenSSL crypto" >&5
+$as_echo_n "checking whether to leverage OpenSSL crypto... " >&6; }
+# Check whether --enable-openssl was given.
+if test "${enable_openssl+set}" = set; then :
+  enableval=$enable_openssl;
+else
+  enable_openssl=no
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_openssl" >&5
+$as_echo "$enable_openssl" >&6; }
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to leverage NSS crypto" >&5
+$as_echo_n "checking whether to leverage NSS crypto... " >&6; }
+# Check whether --enable-nss was given.
+if test "${enable_nss+set}" = set; then :
+  enableval=$enable_nss;
+else
+  enable_nss=no
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_nss" >&5
+$as_echo "$enable_nss" >&6; }
+
+if test "$enable_openssl" = "yes"; then
+   { $as_echo "$as_me:${as_lineno-$LINENO}: checking for user specified OpenSSL directory" >&5
+$as_echo_n "checking for user specified OpenSSL directory... " >&6; }
+
+# Check whether --with-openssl-dir was given.
+if test "${with_openssl_dir+set}" = set; then :
+  withval=$with_openssl_dir; if test "x$PKG_CONFIG" != "x" && test -f $with_openssl_dir/lib/pkgconfig/libcrypto.pc; then
+         if test "x$PKG_CONFIG_PATH" = "x"; then
+           export PKG_CONFIG_PATH="$with_openssl_dir/lib/pkgconfig"
+         else
+           export PKG_CONFIG_PATH="$with_openssl_dir/lib/pkgconfig:$PKG_CONFIG_PATH"
+         fi
+         { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_openssl_dir" >&5
+$as_echo "$with_openssl_dir" >&6; }
+       elif test -d $with_openssl_dir/lib; then
+         CFLAGS="$CFLAGS -I$with_openssl_dir/include"
+         if test "x$LDFLAGS" = "x"; then
+           LDFLAGS="-L$with_openssl_dir/lib"
+         else
+           LDFLAGS="$LDFLAGS -L$with_openssl_dir/lib"
+         fi
+         { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_openssl_dir" >&5
+$as_echo "$with_openssl_dir" >&6; }
+       else
+         { $as_echo "$as_me:${as_lineno-$LINENO}: result: invalid" >&5
+$as_echo "invalid" >&6; }
+         { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "Invalid OpenSSL location: $with_openssl_dir
+See \`config.log' for more details" "$LINENO" 5; }
+       fi
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+   if test "x$PKG_CONFIG" != "x"; then
+
+pkg_failed=no
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for crypto" >&5
+$as_echo_n "checking for crypto... " >&6; }
+
+if test -n "$crypto_CFLAGS"; then
+    pkg_cv_crypto_CFLAGS="$crypto_CFLAGS"
+ elif test -n "$PKG_CONFIG"; then
+    if test -n "$PKG_CONFIG" && \
+    { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libcrypto >= 1.0.1\""; } >&5
+  ($PKG_CONFIG --exists --print-errors "libcrypto >= 1.0.1") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then
+  pkg_cv_crypto_CFLAGS=`$PKG_CONFIG --cflags "libcrypto >= 1.0.1" 2>/dev/null`
+		      test "x$?" != "x0" && pkg_failed=yes
+else
+  pkg_failed=yes
+fi
+ else
+    pkg_failed=untried
+fi
+if test -n "$crypto_LIBS"; then
+    pkg_cv_crypto_LIBS="$crypto_LIBS"
+ elif test -n "$PKG_CONFIG"; then
+    if test -n "$PKG_CONFIG" && \
+    { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libcrypto >= 1.0.1\""; } >&5
+  ($PKG_CONFIG --exists --print-errors "libcrypto >= 1.0.1") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then
+  pkg_cv_crypto_LIBS=`$PKG_CONFIG --libs "libcrypto >= 1.0.1" 2>/dev/null`
+		      test "x$?" != "x0" && pkg_failed=yes
+else
+  pkg_failed=yes
+fi
+ else
+    pkg_failed=untried
+fi
+
+
+
+if test $pkg_failed = yes; then
+   	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
+        _pkg_short_errors_supported=yes
+else
+        _pkg_short_errors_supported=no
+fi
+        if test $_pkg_short_errors_supported = yes; then
+	        crypto_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libcrypto >= 1.0.1" 2>&1`
+        else
+	        crypto_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libcrypto >= 1.0.1" 2>&1`
+        fi
+	# Put the nasty error message in config.log where it belongs
+	echo "$crypto_PKG_ERRORS" >&5
+
+	as_fn_error $? "Package requirements (libcrypto >= 1.0.1) were not met:
+
+$crypto_PKG_ERRORS
+
+Consider adjusting the PKG_CONFIG_PATH environment variable if you
+installed software in a non-standard prefix.
+
+Alternatively, you may set the environment variables crypto_CFLAGS
+and crypto_LIBS to avoid the need to call pkg-config.
+See the pkg-config man page for more details." "$LINENO" 5
+elif test $pkg_failed = untried; then
+     	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+	{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "The pkg-config script could not be found or is too old.  Make sure it
+is in your PATH or set the PKG_CONFIG environment variable to the full
+path to pkg-config.
+
+Alternatively, you may set the environment variables crypto_CFLAGS
+and crypto_LIBS to avoid the need to call pkg-config.
+See the pkg-config man page for more details.
+
+To get pkg-config, see <http://pkg-config.freedesktop.org/>.
+See \`config.log' for more details" "$LINENO" 5; }
+else
+	crypto_CFLAGS=$pkg_cv_crypto_CFLAGS
+	crypto_LIBS=$pkg_cv_crypto_LIBS
+        { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+	CFLAGS="$CFLAGS $crypto_CFLAGS"
+        LIBS="$crypto_LIBS $LIBS"
+fi
+   else
+     { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
+$as_echo_n "checking for dlopen in -ldl... " >&6; }
+if ${ac_cv_lib_dl_dlopen+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldl  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dlopen ();
+int
+main ()
+{
+return dlopen ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_dl_dlopen=yes
+else
+  ac_cv_lib_dl_dlopen=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
+$as_echo "$ac_cv_lib_dl_dlopen" >&6; }
+if test "x$ac_cv_lib_dl_dlopen" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBDL 1
+_ACEOF
+
+  LIBS="-ldl $LIBS"
+
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: can't find libdl" >&5
+$as_echo "$as_me: WARNING: can't find libdl" >&2;}
+fi
+
+     { $as_echo "$as_me:${as_lineno-$LINENO}: checking for inflate in -lz" >&5
+$as_echo_n "checking for inflate in -lz... " >&6; }
+if ${ac_cv_lib_z_inflate+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lz  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char inflate ();
+int
+main ()
+{
+return inflate ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_z_inflate=yes
+else
+  ac_cv_lib_z_inflate=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_z_inflate" >&5
+$as_echo "$ac_cv_lib_z_inflate" >&6; }
+if test "x$ac_cv_lib_z_inflate" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBZ 1
+_ACEOF
+
+  LIBS="-lz $LIBS"
+
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: can't find libz" >&5
+$as_echo "$as_me: WARNING: can't find libz" >&2;}
+fi
+
+   fi
+
+   { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing EVP_EncryptInit" >&5
+$as_echo_n "checking for library containing EVP_EncryptInit... " >&6; }
+if ${ac_cv_search_EVP_EncryptInit+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char EVP_EncryptInit ();
+int
+main ()
+{
+return EVP_EncryptInit ();
+  ;
+  return 0;
+}
+_ACEOF
+for ac_lib in '' crypto; do
+  if test -z "$ac_lib"; then
+    ac_res="none required"
+  else
+    ac_res=-l$ac_lib
+    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
+  fi
+  if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_search_EVP_EncryptInit=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext
+  if ${ac_cv_search_EVP_EncryptInit+:} false; then :
+  break
+fi
+done
+if ${ac_cv_search_EVP_EncryptInit+:} false; then :
+
+else
+  ac_cv_search_EVP_EncryptInit=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_EVP_EncryptInit" >&5
+$as_echo "$ac_cv_search_EVP_EncryptInit" >&6; }
+ac_res=$ac_cv_search_EVP_EncryptInit
+if test "$ac_res" != no; then :
+  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+else
+  { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "can't find openssl >= 1.0.1 crypto lib
+See \`config.log' for more details" "$LINENO" 5; }
+fi
+
+   { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing EVP_aes_128_ctr" >&5
+$as_echo_n "checking for library containing EVP_aes_128_ctr... " >&6; }
+if ${ac_cv_search_EVP_aes_128_ctr+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char EVP_aes_128_ctr ();
+int
+main ()
+{
+return EVP_aes_128_ctr ();
+  ;
+  return 0;
+}
+_ACEOF
+for ac_lib in '' crypto; do
+  if test -z "$ac_lib"; then
+    ac_res="none required"
+  else
+    ac_res=-l$ac_lib
+    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
+  fi
+  if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_search_EVP_aes_128_ctr=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext
+  if ${ac_cv_search_EVP_aes_128_ctr+:} false; then :
+  break
+fi
+done
+if ${ac_cv_search_EVP_aes_128_ctr+:} false; then :
+
+else
+  ac_cv_search_EVP_aes_128_ctr=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_EVP_aes_128_ctr" >&5
+$as_echo "$ac_cv_search_EVP_aes_128_ctr" >&6; }
+ac_res=$ac_cv_search_EVP_aes_128_ctr
+if test "$ac_res" != no; then :
+  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+else
+  { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "can't find openssl >= 1.0.1 crypto lib
+See \`config.log' for more details" "$LINENO" 5; }
+fi
+
+   { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing EVP_aes_128_gcm" >&5
+$as_echo_n "checking for library containing EVP_aes_128_gcm... " >&6; }
+if ${ac_cv_search_EVP_aes_128_gcm+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char EVP_aes_128_gcm ();
+int
+main ()
+{
+return EVP_aes_128_gcm ();
+  ;
+  return 0;
+}
+_ACEOF
+for ac_lib in '' crypto; do
+  if test -z "$ac_lib"; then
+    ac_res="none required"
+  else
+    ac_res=-l$ac_lib
+    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
+  fi
+  if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_search_EVP_aes_128_gcm=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext
+  if ${ac_cv_search_EVP_aes_128_gcm+:} false; then :
+  break
+fi
+done
+if ${ac_cv_search_EVP_aes_128_gcm+:} false; then :
+
+else
+  ac_cv_search_EVP_aes_128_gcm=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_EVP_aes_128_gcm" >&5
+$as_echo "$ac_cv_search_EVP_aes_128_gcm" >&6; }
+ac_res=$ac_cv_search_EVP_aes_128_gcm
+if test "$ac_res" != no; then :
+  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+else
+  { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "can't find openssl >= 1.0.1 crypto lib
+See \`config.log' for more details" "$LINENO" 5; }
+fi
+
+
+
+$as_echo "#define GCM 1" >>confdefs.h
+
+
+$as_echo "#define OPENSSL 1" >>confdefs.h
+
+   AES_ICM_OBJS="crypto/cipher/aes_icm_ossl.o crypto/cipher/aes_gcm_ossl.o"
+   HMAC_OBJS=crypto/hash/hmac_ossl.o
+   USE_EXTERNAL_CRYPTO=1
+
+
+   { $as_echo "$as_me:${as_lineno-$LINENO}: checking if OPENSSL_cleanse is broken" >&5
+$as_echo_n "checking if OPENSSL_cleanse is broken... " >&6; }
+   if test "$cross_compiling" = yes; then :
+  { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot run test program while cross compiling
+See \`config.log' for more details" "$LINENO" 5; }
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+     #include <stdio.h>
+     #include <openssl/crypto.h>
+
+int
+main ()
+{
+
+     #define BUFFER_SIZE (16)
+     char buffer[BUFFER_SIZE];
+     int i;
+     for (i = 0; i < BUFFER_SIZE; i++) {
+       buffer[i] = i & 0xff;
+     }
+     OPENSSL_cleanse(buffer, BUFFER_SIZE);
+     for (i = 0; i < BUFFER_SIZE; i++) {
+       if (buffer[i]) {
+         printf("Buffer contents not zero at position %d (is %d)\n", i,
+             buffer[i]);
+         return 1;
+       }
+     }
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+  openssl_cleanse_broken=no
+else
+
+     openssl_cleanse_broken=yes
+
+$as_echo "#define OPENSSL_CLEANSE_BROKEN 1" >>confdefs.h
+
+
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+   { $as_echo "$as_me:${as_lineno-$LINENO}: result: $openssl_cleanse_broken" >&5
+$as_echo "$openssl_cleanse_broken" >&6; }
+
+   { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to leverage OpenSSL KDF algorithm" >&5
+$as_echo_n "checking whether to leverage OpenSSL KDF algorithm... " >&6; }
+   # Check whether --enable-openssl-kdf was given.
+if test "${enable_openssl_kdf+set}" = set; then :
+  enableval=$enable_openssl_kdf;
+else
+  enable_openssl_kdf=no
+fi
+
+   { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_openssl_kdf" >&5
+$as_echo "$enable_openssl_kdf" >&6; }
+   if test "$enable_openssl_kdf" = "yes"; then
+     { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing kdf_srtp" >&5
+$as_echo_n "checking for library containing kdf_srtp... " >&6; }
+if ${ac_cv_search_kdf_srtp+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char kdf_srtp ();
+int
+main ()
+{
+return kdf_srtp ();
+  ;
+  return 0;
+}
+_ACEOF
+for ac_lib in '' crypto; do
+  if test -z "$ac_lib"; then
+    ac_res="none required"
+  else
+    ac_res=-l$ac_lib
+    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
+  fi
+  if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_search_kdf_srtp=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext
+  if ${ac_cv_search_kdf_srtp+:} false; then :
+  break
+fi
+done
+if ${ac_cv_search_kdf_srtp+:} false; then :
+
+else
+  ac_cv_search_kdf_srtp=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_kdf_srtp" >&5
+$as_echo "$ac_cv_search_kdf_srtp" >&6; }
+ac_res=$ac_cv_search_kdf_srtp
+if test "$ac_res" != no; then :
+  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+else
+  { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "can't find openssl KDF lib
+See \`config.log' for more details" "$LINENO" 5; }
+fi
+
+
+$as_echo "#define OPENSSL_KDF 1" >>confdefs.h
+
+   fi
+elif test "$enable_nss" = "yes"; then
+   { $as_echo "$as_me:${as_lineno-$LINENO}: checking for user specified NSS directory" >&5
+$as_echo_n "checking for user specified NSS directory... " >&6; }
+
+# Check whether --with-nss-dir was given.
+if test "${with_nss_dir+set}" = set; then :
+  withval=$with_nss_dir; if test "x$PKG_CONFIG" != "x" && test -f $with_nss_dir/lib/pkgconfig/nss.pc; then
+         if test "x$PKG_CONFIG_PATH" = "x"; then
+           export PKG_CONFIG_PATH="$with_nss_dir/lib/pkgconfig"
+         else
+           export PKG_CONFIG_PATH="$with_nss_dir/lib/pkgconfig:$PKG_CONFIG_PATH"
+         fi
+         { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_nss_dir" >&5
+$as_echo "$with_nss_dir" >&6; }
+       elif test -d $with_nss_dir/lib; then
+         CFLAGS="$CFLAGS -I$with_nss_dir/include"
+         CFLAGS="$CFLAGS -I$with_nss_dir/../public/nss"
+         if test "x$LDFLAGS" = "x"; then
+           LDFLAGS="-L$with_nss_dir/lib"
+         else
+           LDFLAGS="$LDFLAGS -L$with_nss_dir/lib"
+         fi
+         nss_skip_pkg_config=yes
+         { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_nss_dir" >&5
+$as_echo "$with_nss_dir" >&6; }
+       else
+         { $as_echo "$as_me:${as_lineno-$LINENO}: result: invalid" >&5
+$as_echo "invalid" >&6; }
+         { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "Invalid NSS location: $with_nss_dir
+See \`config.log' for more details" "$LINENO" 5; }
+       fi
+       CRYPTO_LIBDIR=$with_nss_dir/lib
+
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+   if test "x$PKG_CONFIG" != "x" && test "$nss_skip_pkg_config" != "yes"; then
+
+pkg_failed=no
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for nss" >&5
+$as_echo_n "checking for nss... " >&6; }
+
+if test -n "$nss_CFLAGS"; then
+    pkg_cv_nss_CFLAGS="$nss_CFLAGS"
+ elif test -n "$PKG_CONFIG"; then
+    if test -n "$PKG_CONFIG" && \
+    { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"nss\""; } >&5
+  ($PKG_CONFIG --exists --print-errors "nss") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then
+  pkg_cv_nss_CFLAGS=`$PKG_CONFIG --cflags "nss" 2>/dev/null`
+		      test "x$?" != "x0" && pkg_failed=yes
+else
+  pkg_failed=yes
+fi
+ else
+    pkg_failed=untried
+fi
+if test -n "$nss_LIBS"; then
+    pkg_cv_nss_LIBS="$nss_LIBS"
+ elif test -n "$PKG_CONFIG"; then
+    if test -n "$PKG_CONFIG" && \
+    { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"nss\""; } >&5
+  ($PKG_CONFIG --exists --print-errors "nss") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then
+  pkg_cv_nss_LIBS=`$PKG_CONFIG --libs "nss" 2>/dev/null`
+		      test "x$?" != "x0" && pkg_failed=yes
+else
+  pkg_failed=yes
+fi
+ else
+    pkg_failed=untried
+fi
+
+
+
+if test $pkg_failed = yes; then
+   	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
+        _pkg_short_errors_supported=yes
+else
+        _pkg_short_errors_supported=no
+fi
+        if test $_pkg_short_errors_supported = yes; then
+	        nss_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "nss" 2>&1`
+        else
+	        nss_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "nss" 2>&1`
+        fi
+	# Put the nasty error message in config.log where it belongs
+	echo "$nss_PKG_ERRORS" >&5
+
+	as_fn_error $? "Package requirements (nss) were not met:
+
+$nss_PKG_ERRORS
+
+Consider adjusting the PKG_CONFIG_PATH environment variable if you
+installed software in a non-standard prefix.
+
+Alternatively, you may set the environment variables nss_CFLAGS
+and nss_LIBS to avoid the need to call pkg-config.
+See the pkg-config man page for more details." "$LINENO" 5
+elif test $pkg_failed = untried; then
+     	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+	{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "The pkg-config script could not be found or is too old.  Make sure it
+is in your PATH or set the PKG_CONFIG environment variable to the full
+path to pkg-config.
+
+Alternatively, you may set the environment variables nss_CFLAGS
+and nss_LIBS to avoid the need to call pkg-config.
+See the pkg-config man page for more details.
+
+To get pkg-config, see <http://pkg-config.freedesktop.org/>.
+See \`config.log' for more details" "$LINENO" 5; }
+else
+	nss_CFLAGS=$pkg_cv_nss_CFLAGS
+	nss_LIBS=$pkg_cv_nss_LIBS
+        { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+	CFLAGS="$CFLAGS $nss_CFLAGS"
+         LIBS="$nss_LIBS $LIBS"
+fi
+   else
+     for ac_header in nss.h
+do :
+  ac_fn_c_check_header_compile "$LINENO" "nss.h" "ac_cv_header_nss_h" "$ac_includes_default
+"
+if test "x$ac_cv_header_nss_h" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_NSS_H 1
+_ACEOF
+
+else
+  { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "can't find useable NSS headers
+See \`config.log' for more details" "$LINENO" 5; }
+fi
+
+done
+
+     { $as_echo "$as_me:${as_lineno-$LINENO}: checking for PR_GetError in -lnspr4" >&5
+$as_echo_n "checking for PR_GetError in -lnspr4... " >&6; }
+if ${ac_cv_lib_nspr4_PR_GetError+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lnspr4  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char PR_GetError ();
+int
+main ()
+{
+return PR_GetError ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_nspr4_PR_GetError=yes
+else
+  ac_cv_lib_nspr4_PR_GetError=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nspr4_PR_GetError" >&5
+$as_echo "$ac_cv_lib_nspr4_PR_GetError" >&6; }
+if test "x$ac_cv_lib_nspr4_PR_GetError" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBNSPR4 1
+_ACEOF
+
+  LIBS="-lnspr4 $LIBS"
+
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: can't find libnspr4" >&5
+$as_echo "$as_me: WARNING: can't find libnspr4" >&2;}
+fi
+
+     { $as_echo "$as_me:${as_lineno-$LINENO}: checking for NSS_NoDB_Init in -lnss3" >&5
+$as_echo_n "checking for NSS_NoDB_Init in -lnss3... " >&6; }
+if ${ac_cv_lib_nss3_NSS_NoDB_Init+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lnss3  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char NSS_NoDB_Init ();
+int
+main ()
+{
+return NSS_NoDB_Init ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_nss3_NSS_NoDB_Init=yes
+else
+  ac_cv_lib_nss3_NSS_NoDB_Init=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nss3_NSS_NoDB_Init" >&5
+$as_echo "$ac_cv_lib_nss3_NSS_NoDB_Init" >&6; }
+if test "x$ac_cv_lib_nss3_NSS_NoDB_Init" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBNSS3 1
+_ACEOF
+
+  LIBS="-lnss3 $LIBS"
+
+else
+  { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "can't find useable libnss3
+See \`config.log' for more details" "$LINENO" 5; }
+fi
+
+   fi
+
+
+$as_echo "#define GCM 1" >>confdefs.h
+
+
+$as_echo "#define NSS 1" >>confdefs.h
+
+   AES_ICM_OBJS="crypto/cipher/aes_icm_nss.o crypto/cipher/aes_gcm_nss.o"
+
+   # TODO(RLB): Use NSS for HMAC
+   HMAC_OBJS="crypto/hash/hmac.o crypto/hash/sha1.o"
+
+   # TODO(RLB): Use NSS for KDF
+
+   USE_EXTERNAL_CRYPTO=1
+
+else
+   AES_ICM_OBJS="crypto/cipher/aes_icm.o crypto/cipher/aes.o"
+   HMAC_OBJS="crypto/hash/hmac.o crypto/hash/sha1.o"
+fi
+
+
+
+
+PCAP_LIB=""
+# Check whether --enable-pcap was given.
+if test "${enable_pcap+set}" = set; then :
+  enableval=$enable_pcap;
+fi
+
+if test "x$enable_pcap" != "xno"; then :
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pcap_create in -lpcap" >&5
+$as_echo_n "checking for pcap_create in -lpcap... " >&6; }
+if ${ac_cv_lib_pcap_pcap_create+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lpcap  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char pcap_create ();
+int
+main ()
+{
+return pcap_create ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_pcap_pcap_create=yes
+else
+  ac_cv_lib_pcap_pcap_create=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pcap_pcap_create" >&5
+$as_echo "$ac_cv_lib_pcap_pcap_create" >&6; }
+if test "x$ac_cv_lib_pcap_pcap_create" = xyes; then :
+  PCAP_LIB="-lpcap"
+
+$as_echo "#define HAVE_PCAP 1" >>confdefs.h
+
+     HAVE_PCAP=1
+
+fi
+
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pcap_create in -lwpcap" >&5
+$as_echo_n "checking for pcap_create in -lwpcap... " >&6; }
+if ${ac_cv_lib_wpcap_pcap_create+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lwpcap  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char pcap_create ();
+int
+main ()
+{
+return pcap_create ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_wpcap_pcap_create=yes
+else
+  ac_cv_lib_wpcap_pcap_create=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_wpcap_pcap_create" >&5
+$as_echo "$ac_cv_lib_wpcap_pcap_create" >&6; }
+if test "x$ac_cv_lib_wpcap_pcap_create" = xyes; then :
+  PCAP_LIB="-lwpcap"
+
+$as_echo "#define HAVE_PCAP 1" >>confdefs.h
+
+     HAVE_PCAP=1
+
+fi
+
+
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to redirect logging to stdout" >&5
+$as_echo_n "checking whether to redirect logging to stdout... " >&6; }
+# Check whether --enable-log-stdout was given.
+if test "${enable_log_stdout+set}" = set; then :
+  enableval=$enable_log_stdout;
+else
+  enable_log_stdout=no
+fi
+
+if test "$enable_log_stdout" = "yes"; then
+
+$as_echo "#define ERR_REPORTING_STDOUT 1" >>confdefs.h
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_log_stdout" >&5
+$as_echo "$enable_log_stdout" >&6; }
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking wheather to use a file for logging" >&5
+$as_echo_n "checking wheather to use a file for logging... " >&6; }
+
+# Check whether --with-log-file was given.
+if test "${with_log_file+set}" = set; then :
+  withval=$with_log_file; case x$with_log_file in #(
+  x) :
+    valid_with_log_file="no" ;; #(
+  xyes) :
+    valid_with_log_file="no" ;; #(
+  *) :
+    valid_with_error_file="yes" ;;
+esac
+   if test "$valid_with_log_file" = "no"; then :
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: invalid" >&5
+$as_echo "invalid" >&6; }
+      { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "Invalid value for --with-log-file: \"$with_log_file\"
+See \`config.log' for more details" "$LINENO" 5; }
+else
+
+cat >>confdefs.h <<_ACEOF
+#define ERR_REPORTING_FILE "$with_log_file"
+_ACEOF
+
+      { $as_echo "$as_me:${as_lineno-$LINENO}: result: using log file: \"$with_log_file\"" >&5
+$as_echo "using log file: \"$with_log_file\"" >&6; }
+fi
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+if test "$enable_log_stdout" = "yes" && test "x$with_log_file" != "x"; then :
+  { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "Can only use one of --enable-log-stdout and --with-log-file; they are mutually exclusive
+See \`config.log' for more details" "$LINENO" 5; }
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for extra C compiler flags" >&5
+$as_echo_n "checking for extra C compiler flags... " >&6; }
+if test "x$EXTRA_CFLAGS" != "x"; then :
+  if test "x$CFLAGS" = "x"; then :
+  CFLAGS="$EXTRA_CFLAGS"
+else
+  CFLAGS="$CFLAGS $EXTRA_CFLAGS"
+fi
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: $EXTRA_CFLAGS" >&5
+$as_echo "$EXTRA_CFLAGS" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ac_config_headers="$ac_config_headers crypto/include/config.h:config_in.h"
+
+
+ac_config_files="$ac_config_files Makefile crypto/Makefile doc/Makefile fuzzer/Makefile libsrtp2.pc"
+
+cat >confcache <<\_ACEOF
+# This file is a shell script that caches the results of configure
+# tests run on this system so they can be shared between configure
+# scripts and configure runs, see configure's option --config-cache.
+# It is not useful on other systems.  If it contains results you don't
+# want to keep, you may remove or edit it.
+#
+# config.status only pays attention to the cache file if you give it
+# the --recheck option to rerun configure.
+#
+# `ac_cv_env_foo' variables (set or unset) will be overridden when
+# loading this file, other *unset* `ac_cv_foo' will be assigned the
+# following values.
+
+_ACEOF
+
+# The following way of writing the cache mishandles newlines in values,
+# but we know of no workaround that is simple, portable, and efficient.
+# So, we kill variables containing newlines.
+# Ultrix sh set writes to stderr and can't be redirected directly,
+# and sets the high bit in the cache file unless we assign to the vars.
+(
+  for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do
+    eval ac_val=\$$ac_var
+    case $ac_val in #(
+    *${as_nl}*)
+      case $ac_var in #(
+      *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
+$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+      esac
+      case $ac_var in #(
+      _ | IFS | as_nl) ;; #(
+      BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
+      *) { eval $ac_var=; unset $ac_var;} ;;
+      esac ;;
+    esac
+  done
+
+  (set) 2>&1 |
+    case $as_nl`(ac_space=' '; set) 2>&1` in #(
+    *${as_nl}ac_space=\ *)
+      # `set' does not quote correctly, so add quotes: double-quote
+      # substitution turns \\\\ into \\, and sed turns \\ into \.
+      sed -n \
+	"s/'/'\\\\''/g;
+	  s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
+      ;; #(
+    *)
+      # `set' quotes correctly as required by POSIX, so do not add quotes.
+      sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
+      ;;
+    esac |
+    sort
+) |
+  sed '
+     /^ac_cv_env_/b end
+     t clear
+     :clear
+     s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/
+     t end
+     s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
+     :end' >>confcache
+if diff "$cache_file" confcache >/dev/null 2>&1; then :; else
+  if test -w "$cache_file"; then
+    if test "x$cache_file" != "x/dev/null"; then
+      { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5
+$as_echo "$as_me: updating cache $cache_file" >&6;}
+      if test ! -f "$cache_file" || test -h "$cache_file"; then
+	cat confcache >"$cache_file"
+      else
+        case $cache_file in #(
+        */* | ?:*)
+	  mv -f confcache "$cache_file"$$ &&
+	  mv -f "$cache_file"$$ "$cache_file" ;; #(
+        *)
+	  mv -f confcache "$cache_file" ;;
+	esac
+      fi
+    fi
+  else
+    { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5
+$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;}
+  fi
+fi
+rm -f confcache
+
+test "x$prefix" = xNONE && prefix=$ac_default_prefix
+# Let make expand exec_prefix.
+test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
+
+DEFS=-DHAVE_CONFIG_H
+
+ac_libobjs=
+ac_ltlibobjs=
+U=
+for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue
+  # 1. Remove the extension, and $U if already installed.
+  ac_script='s/\$U\././;s/\.o$//;s/\.obj$//'
+  ac_i=`$as_echo "$ac_i" | sed "$ac_script"`
+  # 2. Prepend LIBOBJDIR.  When used with automake>=1.10 LIBOBJDIR
+  #    will be set to the directory where LIBOBJS objects are built.
+  as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext"
+  as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo'
+done
+LIBOBJS=$ac_libobjs
+
+LTLIBOBJS=$ac_ltlibobjs
+
+
+
+
+: "${CONFIG_STATUS=./config.status}"
+ac_write_fail=0
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files $CONFIG_STATUS"
+{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5
+$as_echo "$as_me: creating $CONFIG_STATUS" >&6;}
+as_write_fail=0
+cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1
+#! $SHELL
+# Generated by $as_me.
+# Run this file to recreate the current configuration.
+# Compiler output produced by configure, useful for debugging
+# configure, is in config.log if it exists.
+
+debug=false
+ac_cs_recheck=false
+ac_cs_silent=false
+
+SHELL=\${CONFIG_SHELL-$SHELL}
+export SHELL
+_ASEOF
+cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1
+## -------------------- ##
+## M4sh Initialization. ##
+## -------------------- ##
+
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in #(
+  *posix*) :
+    set -o posix ;; #(
+  *) :
+     ;;
+esac
+fi
+
+
+as_nl='
+'
+export as_nl
+# Printing a long string crashes Solaris 7 /usr/bin/printf.
+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+# Prefer a ksh shell builtin over an external printf program on Solaris,
+# but without wasting forks for bash or zsh.
+if test -z "$BASH_VERSION$ZSH_VERSION" \
+    && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
+  as_echo='print -r --'
+  as_echo_n='print -rn --'
+elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+  as_echo='printf %s\n'
+  as_echo_n='printf %s'
+else
+  if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+    as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+    as_echo_n='/usr/ucb/echo -n'
+  else
+    as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+    as_echo_n_body='eval
+      arg=$1;
+      case $arg in #(
+      *"$as_nl"*)
+	expr "X$arg" : "X\\(.*\\)$as_nl";
+	arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+      esac;
+      expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+    '
+    export as_echo_n_body
+    as_echo_n='sh -c $as_echo_n_body as_echo'
+  fi
+  export as_echo_body
+  as_echo='sh -c $as_echo_body as_echo'
+fi
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+  PATH_SEPARATOR=:
+  (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+    (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+      PATH_SEPARATOR=';'
+  }
+fi
+
+
+# IFS
+# We need space, tab and new line, in precisely that order.  Quoting is
+# there to prevent editors from complaining about space-tab.
+# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+# splitting by setting IFS to empty value.)
+IFS=" ""	$as_nl"
+
+# Find who we are.  Look in the path if we contain no directory separator.
+as_myself=
+case $0 in #((
+  *[\\/]* ) as_myself=$0 ;;
+  *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+  done
+IFS=$as_save_IFS
+
+     ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+  as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+  $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+  exit 1
+fi
+
+# Unset variables that we do not need and which cause bugs (e.g. in
+# pre-3.0 UWIN ksh).  But do not cause bugs in bash 2.01; the "|| exit 1"
+# suppresses any "Segmentation fault" message there.  '((' could
+# trigger a bug in pdksh 5.2.14.
+for as_var in BASH_ENV ENV MAIL MAILPATH
+do eval test x\${$as_var+set} = xset \
+  && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
+done
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# CDPATH.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+
+# as_fn_error STATUS ERROR [LINENO LOG_FD]
+# ----------------------------------------
+# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
+# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
+# script with STATUS, using 1 if that was 0.
+as_fn_error ()
+{
+  as_status=$1; test $as_status -eq 0 && as_status=1
+  if test "$4"; then
+    as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+    $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
+  fi
+  $as_echo "$as_me: error: $2" >&2
+  as_fn_exit $as_status
+} # as_fn_error
+
+
+# as_fn_set_status STATUS
+# -----------------------
+# Set $? to STATUS, without forking.
+as_fn_set_status ()
+{
+  return $1
+} # as_fn_set_status
+
+# as_fn_exit STATUS
+# -----------------
+# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
+as_fn_exit ()
+{
+  set +e
+  as_fn_set_status $1
+  exit $1
+} # as_fn_exit
+
+# as_fn_unset VAR
+# ---------------
+# Portably unset VAR.
+as_fn_unset ()
+{
+  { eval $1=; unset $1;}
+}
+as_unset=as_fn_unset
+# as_fn_append VAR VALUE
+# ----------------------
+# Append the text in VALUE to the end of the definition contained in VAR. Take
+# advantage of any shell optimizations that allow amortized linear growth over
+# repeated appends, instead of the typical quadratic growth present in naive
+# implementations.
+if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
+  eval 'as_fn_append ()
+  {
+    eval $1+=\$2
+  }'
+else
+  as_fn_append ()
+  {
+    eval $1=\$$1\$2
+  }
+fi # as_fn_append
+
+# as_fn_arith ARG...
+# ------------------
+# Perform arithmetic evaluation on the ARGs, and store the result in the
+# global $as_val. Take advantage of shells that can avoid forks. The arguments
+# must be portable across $(()) and expr.
+if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
+  eval 'as_fn_arith ()
+  {
+    as_val=$(( $* ))
+  }'
+else
+  as_fn_arith ()
+  {
+    as_val=`expr "$@" || test $? -eq 1`
+  }
+fi # as_fn_arith
+
+
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+  as_basename=basename
+else
+  as_basename=false
+fi
+
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+  as_dirname=dirname
+else
+  as_dirname=false
+fi
+
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+	 X"$0" : 'X\(//\)$' \| \
+	 X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X/"$0" |
+    sed '/^.*\/\([^/][^/]*\)\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in #(((((
+-n*)
+  case `echo 'xy\c'` in
+  *c*) ECHO_T='	';;	# ECHO_T is single tab character.
+  xy)  ECHO_C='\c';;
+  *)   echo `echo ksh88 bug on AIX 6.1` > /dev/null
+       ECHO_T='	';;
+  esac;;
+*)
+  ECHO_N='-n';;
+esac
+
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+  rm -f conf$$.dir/conf$$.file
+else
+  rm -f conf$$.dir
+  mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+  if ln -s conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s='ln -s'
+    # ... but there are two gotchas:
+    # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+    # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+    # In both cases, we have to default to `cp -pR'.
+    ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+      as_ln_s='cp -pR'
+  elif ln conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s=ln
+  else
+    as_ln_s='cp -pR'
+  fi
+else
+  as_ln_s='cp -pR'
+fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+
+# as_fn_mkdir_p
+# -------------
+# Create "$as_dir" as a directory, including parents if necessary.
+as_fn_mkdir_p ()
+{
+
+  case $as_dir in #(
+  -*) as_dir=./$as_dir;;
+  esac
+  test -d "$as_dir" || eval $as_mkdir_p || {
+    as_dirs=
+    while :; do
+      case $as_dir in #(
+      *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+      *) as_qdir=$as_dir;;
+      esac
+      as_dirs="'$as_qdir' $as_dirs"
+      as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_dir" : 'X\(//\)[^/]' \| \
+	 X"$as_dir" : 'X\(//\)$' \| \
+	 X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      test -d "$as_dir" && break
+    done
+    test -z "$as_dirs" || eval "mkdir $as_dirs"
+  } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
+
+
+} # as_fn_mkdir_p
+if mkdir -p . 2>/dev/null; then
+  as_mkdir_p='mkdir -p "$as_dir"'
+else
+  test -d ./-p && rmdir ./-p
+  as_mkdir_p=false
+fi
+
+
+# as_fn_executable_p FILE
+# -----------------------
+# Test if FILE is an executable regular file.
+as_fn_executable_p ()
+{
+  test -f "$1" && test -x "$1"
+} # as_fn_executable_p
+as_test_x='test -x'
+as_executable_p=as_fn_executable_p
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+exec 6>&1
+## ----------------------------------- ##
+## Main body of $CONFIG_STATUS script. ##
+## ----------------------------------- ##
+_ASEOF
+test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# Save the log message, to keep $0 and so on meaningful, and to
+# report actual input values of CONFIG_FILES etc. instead of their
+# values after options handling.
+ac_log="
+This file was extended by libsrtp2 $as_me 2.3.0, which was
+generated by GNU Autoconf 2.69.  Invocation command line was
+
+  CONFIG_FILES    = $CONFIG_FILES
+  CONFIG_HEADERS  = $CONFIG_HEADERS
+  CONFIG_LINKS    = $CONFIG_LINKS
+  CONFIG_COMMANDS = $CONFIG_COMMANDS
+  $ $0 $@
+
+on `(hostname || uname -n) 2>/dev/null | sed 1q`
+"
+
+_ACEOF
+
+case $ac_config_files in *"
+"*) set x $ac_config_files; shift; ac_config_files=$*;;
+esac
+
+case $ac_config_headers in *"
+"*) set x $ac_config_headers; shift; ac_config_headers=$*;;
+esac
+
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+# Files that config.status was made for.
+config_files="$ac_config_files"
+config_headers="$ac_config_headers"
+
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+ac_cs_usage="\
+\`$as_me' instantiates files and other configuration actions
+from templates according to the current configuration.  Unless the files
+and actions are specified as TAGs, all are instantiated by default.
+
+Usage: $0 [OPTION]... [TAG]...
+
+  -h, --help       print this help, then exit
+  -V, --version    print version number and configuration settings, then exit
+      --config     print configuration, then exit
+  -q, --quiet, --silent
+                   do not print progress messages
+  -d, --debug      don't remove temporary files
+      --recheck    update $as_me by reconfiguring in the same conditions
+      --file=FILE[:TEMPLATE]
+                   instantiate the configuration file FILE
+      --header=FILE[:TEMPLATE]
+                   instantiate the configuration header FILE
+
+Configuration files:
+$config_files
+
+Configuration headers:
+$config_headers
+
+Report bugs to <https://github.com/cisco/libsrtp/issues>."
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
+ac_cs_version="\\
+libsrtp2 config.status 2.3.0
+configured by $0, generated by GNU Autoconf 2.69,
+  with options \\"\$ac_cs_config\\"
+
+Copyright (C) 2012 Free Software Foundation, Inc.
+This config.status script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it."
+
+ac_pwd='$ac_pwd'
+srcdir='$srcdir'
+INSTALL='$INSTALL'
+test -n "\$AWK" || AWK=awk
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# The default lists apply if the user does not specify any file.
+ac_need_defaults=:
+while test $# != 0
+do
+  case $1 in
+  --*=?*)
+    ac_option=`expr "X$1" : 'X\([^=]*\)='`
+    ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'`
+    ac_shift=:
+    ;;
+  --*=)
+    ac_option=`expr "X$1" : 'X\([^=]*\)='`
+    ac_optarg=
+    ac_shift=:
+    ;;
+  *)
+    ac_option=$1
+    ac_optarg=$2
+    ac_shift=shift
+    ;;
+  esac
+
+  case $ac_option in
+  # Handling of the options.
+  -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
+    ac_cs_recheck=: ;;
+  --version | --versio | --versi | --vers | --ver | --ve | --v | -V )
+    $as_echo "$ac_cs_version"; exit ;;
+  --config | --confi | --conf | --con | --co | --c )
+    $as_echo "$ac_cs_config"; exit ;;
+  --debug | --debu | --deb | --de | --d | -d )
+    debug=: ;;
+  --file | --fil | --fi | --f )
+    $ac_shift
+    case $ac_optarg in
+    *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    '') as_fn_error $? "missing file argument" ;;
+    esac
+    as_fn_append CONFIG_FILES " '$ac_optarg'"
+    ac_need_defaults=false;;
+  --header | --heade | --head | --hea )
+    $ac_shift
+    case $ac_optarg in
+    *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    esac
+    as_fn_append CONFIG_HEADERS " '$ac_optarg'"
+    ac_need_defaults=false;;
+  --he | --h)
+    # Conflict between --help and --header
+    as_fn_error $? "ambiguous option: \`$1'
+Try \`$0 --help' for more information.";;
+  --help | --hel | -h )
+    $as_echo "$ac_cs_usage"; exit ;;
+  -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+  | -silent | --silent | --silen | --sile | --sil | --si | --s)
+    ac_cs_silent=: ;;
+
+  # This is an error.
+  -*) as_fn_error $? "unrecognized option: \`$1'
+Try \`$0 --help' for more information." ;;
+
+  *) as_fn_append ac_config_targets " $1"
+     ac_need_defaults=false ;;
+
+  esac
+  shift
+done
+
+ac_configure_extra_args=
+
+if $ac_cs_silent; then
+  exec 6>/dev/null
+  ac_configure_extra_args="$ac_configure_extra_args --silent"
+fi
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+if \$ac_cs_recheck; then
+  set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
+  shift
+  \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6
+  CONFIG_SHELL='$SHELL'
+  export CONFIG_SHELL
+  exec "\$@"
+fi
+
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+exec 5>>config.log
+{
+  echo
+  sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
+## Running $as_me. ##
+_ASBOX
+  $as_echo "$ac_log"
+} >&5
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+
+# Handling of arguments.
+for ac_config_target in $ac_config_targets
+do
+  case $ac_config_target in
+    "crypto/include/config.h") CONFIG_HEADERS="$CONFIG_HEADERS crypto/include/config.h:config_in.h" ;;
+    "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
+    "crypto/Makefile") CONFIG_FILES="$CONFIG_FILES crypto/Makefile" ;;
+    "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;;
+    "fuzzer/Makefile") CONFIG_FILES="$CONFIG_FILES fuzzer/Makefile" ;;
+    "libsrtp2.pc") CONFIG_FILES="$CONFIG_FILES libsrtp2.pc" ;;
+
+  *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
+  esac
+done
+
+
+# If the user did not use the arguments to specify the items to instantiate,
+# then the envvar interface is used.  Set only those that are not.
+# We use the long form for the default assignment because of an extremely
+# bizarre bug on SunOS 4.1.3.
+if $ac_need_defaults; then
+  test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
+  test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers
+fi
+
+# Have a temporary directory for convenience.  Make it in the build tree
+# simply because there is no reason against having it here, and in addition,
+# creating and moving files from /tmp can sometimes cause problems.
+# Hook for its removal unless debugging.
+# Note that there is a small window in which the directory will not be cleaned:
+# after its creation but before its name has been assigned to `$tmp'.
+$debug ||
+{
+  tmp= ac_tmp=
+  trap 'exit_status=$?
+  : "${ac_tmp:=$tmp}"
+  { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status
+' 0
+  trap 'as_fn_exit 1' 1 2 13 15
+}
+# Create a (secure) tmp directory for tmp files.
+
+{
+  tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` &&
+  test -d "$tmp"
+}  ||
+{
+  tmp=./conf$$-$RANDOM
+  (umask 077 && mkdir "$tmp")
+} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5
+ac_tmp=$tmp
+
+# Set up the scripts for CONFIG_FILES section.
+# No need to generate them if there are no CONFIG_FILES.
+# This happens for instance with `./config.status config.h'.
+if test -n "$CONFIG_FILES"; then
+
+
+ac_cr=`echo X | tr X '\015'`
+# On cygwin, bash can eat \r inside `` if the user requested igncr.
+# But we know of no other shell where ac_cr would be empty at this
+# point, so we can use a bashism as a fallback.
+if test "x$ac_cr" = x; then
+  eval ac_cr=\$\'\\r\'
+fi
+ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' </dev/null 2>/dev/null`
+if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then
+  ac_cs_awk_cr='\\r'
+else
+  ac_cs_awk_cr=$ac_cr
+fi
+
+echo 'BEGIN {' >"$ac_tmp/subs1.awk" &&
+_ACEOF
+
+
+{
+  echo "cat >conf$$subs.awk <<_ACEOF" &&
+  echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' &&
+  echo "_ACEOF"
+} >conf$$subs.sh ||
+  as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
+ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'`
+ac_delim='%!_!# '
+for ac_last_try in false false false false false :; do
+  . ./conf$$subs.sh ||
+    as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
+
+  ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X`
+  if test $ac_delim_n = $ac_delim_num; then
+    break
+  elif $ac_last_try; then
+    as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
+  else
+    ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
+  fi
+done
+rm -f conf$$subs.sh
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK &&
+_ACEOF
+sed -n '
+h
+s/^/S["/; s/!.*/"]=/
+p
+g
+s/^[^!]*!//
+:repl
+t repl
+s/'"$ac_delim"'$//
+t delim
+:nl
+h
+s/\(.\{148\}\)..*/\1/
+t more1
+s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/
+p
+n
+b repl
+:more1
+s/["\\]/\\&/g; s/^/"/; s/$/"\\/
+p
+g
+s/.\{148\}//
+t nl
+:delim
+h
+s/\(.\{148\}\)..*/\1/
+t more2
+s/["\\]/\\&/g; s/^/"/; s/$/"/
+p
+b
+:more2
+s/["\\]/\\&/g; s/^/"/; s/$/"\\/
+p
+g
+s/.\{148\}//
+t delim
+' <conf$$subs.awk | sed '
+/^[^""]/{
+  N
+  s/\n//
+}
+' >>$CONFIG_STATUS || ac_write_fail=1
+rm -f conf$$subs.awk
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+_ACAWK
+cat >>"\$ac_tmp/subs1.awk" <<_ACAWK &&
+  for (key in S) S_is_set[key] = 1
+  FS = ""
+
+}
+{
+  line = $ 0
+  nfields = split(line, field, "@")
+  substed = 0
+  len = length(field[1])
+  for (i = 2; i < nfields; i++) {
+    key = field[i]
+    keylen = length(key)
+    if (S_is_set[key]) {
+      value = S[key]
+      line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3)
+      len += length(value) + length(field[++i])
+      substed = 1
+    } else
+      len += 1 + keylen
+  }
+
+  print line
+}
+
+_ACAWK
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then
+  sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g"
+else
+  cat
+fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \
+  || as_fn_error $? "could not setup config files machinery" "$LINENO" 5
+_ACEOF
+
+# VPATH may cause trouble with some makes, so we remove sole $(srcdir),
+# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and
+# trailing colons and then remove the whole line if VPATH becomes empty
+# (actually we leave an empty line to preserve line numbers).
+if test "x$srcdir" = x.; then
+  ac_vpsub='/^[	 ]*VPATH[	 ]*=[	 ]*/{
+h
+s///
+s/^/:/
+s/[	 ]*$/:/
+s/:\$(srcdir):/:/g
+s/:\${srcdir}:/:/g
+s/:@srcdir@:/:/g
+s/^:*//
+s/:*$//
+x
+s/\(=[	 ]*\).*/\1/
+G
+s/\n//
+s/^[^=]*=[	 ]*$//
+}'
+fi
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+fi # test -n "$CONFIG_FILES"
+
+# Set up the scripts for CONFIG_HEADERS section.
+# No need to generate them if there are no CONFIG_HEADERS.
+# This happens for instance with `./config.status Makefile'.
+if test -n "$CONFIG_HEADERS"; then
+cat >"$ac_tmp/defines.awk" <<\_ACAWK ||
+BEGIN {
+_ACEOF
+
+# Transform confdefs.h into an awk script `defines.awk', embedded as
+# here-document in config.status, that substitutes the proper values into
+# config.h.in to produce config.h.
+
+# Create a delimiter string that does not exist in confdefs.h, to ease
+# handling of long lines.
+ac_delim='%!_!# '
+for ac_last_try in false false :; do
+  ac_tt=`sed -n "/$ac_delim/p" confdefs.h`
+  if test -z "$ac_tt"; then
+    break
+  elif $ac_last_try; then
+    as_fn_error $? "could not make $CONFIG_HEADERS" "$LINENO" 5
+  else
+    ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
+  fi
+done
+
+# For the awk script, D is an array of macro values keyed by name,
+# likewise P contains macro parameters if any.  Preserve backslash
+# newline sequences.
+
+ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]*
+sed -n '
+s/.\{148\}/&'"$ac_delim"'/g
+t rset
+:rset
+s/^[	 ]*#[	 ]*define[	 ][	 ]*/ /
+t def
+d
+:def
+s/\\$//
+t bsnl
+s/["\\]/\\&/g
+s/^ \('"$ac_word_re"'\)\(([^()]*)\)[	 ]*\(.*\)/P["\1"]="\2"\
+D["\1"]=" \3"/p
+s/^ \('"$ac_word_re"'\)[	 ]*\(.*\)/D["\1"]=" \2"/p
+d
+:bsnl
+s/["\\]/\\&/g
+s/^ \('"$ac_word_re"'\)\(([^()]*)\)[	 ]*\(.*\)/P["\1"]="\2"\
+D["\1"]=" \3\\\\\\n"\\/p
+t cont
+s/^ \('"$ac_word_re"'\)[	 ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p
+t cont
+d
+:cont
+n
+s/.\{148\}/&'"$ac_delim"'/g
+t clear
+:clear
+s/\\$//
+t bsnlc
+s/["\\]/\\&/g; s/^/"/; s/$/"/p
+d
+:bsnlc
+s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p
+b cont
+' <confdefs.h | sed '
+s/'"$ac_delim"'/"\\\
+"/g' >>$CONFIG_STATUS || ac_write_fail=1
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+  for (key in D) D_is_set[key] = 1
+  FS = ""
+}
+/^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ {
+  line = \$ 0
+  split(line, arg, " ")
+  if (arg[1] == "#") {
+    defundef = arg[2]
+    mac1 = arg[3]
+  } else {
+    defundef = substr(arg[1], 2)
+    mac1 = arg[2]
+  }
+  split(mac1, mac2, "(") #)
+  macro = mac2[1]
+  prefix = substr(line, 1, index(line, defundef) - 1)
+  if (D_is_set[macro]) {
+    # Preserve the white space surrounding the "#".
+    print prefix "define", macro P[macro] D[macro]
+    next
+  } else {
+    # Replace #undef with comments.  This is necessary, for example,
+    # in the case of _POSIX_SOURCE, which is predefined and required
+    # on some systems where configure will not decide to define it.
+    if (defundef == "undef") {
+      print "/*", prefix defundef, macro, "*/"
+      next
+    }
+  }
+}
+{ print }
+_ACAWK
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+  as_fn_error $? "could not setup config headers machinery" "$LINENO" 5
+fi # test -n "$CONFIG_HEADERS"
+
+
+eval set X "  :F $CONFIG_FILES  :H $CONFIG_HEADERS    "
+shift
+for ac_tag
+do
+  case $ac_tag in
+  :[FHLC]) ac_mode=$ac_tag; continue;;
+  esac
+  case $ac_mode$ac_tag in
+  :[FHL]*:*);;
+  :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;;
+  :[FH]-) ac_tag=-:-;;
+  :[FH]*) ac_tag=$ac_tag:$ac_tag.in;;
+  esac
+  ac_save_IFS=$IFS
+  IFS=:
+  set x $ac_tag
+  IFS=$ac_save_IFS
+  shift
+  ac_file=$1
+  shift
+
+  case $ac_mode in
+  :L) ac_source=$1;;
+  :[FH])
+    ac_file_inputs=
+    for ac_f
+    do
+      case $ac_f in
+      -) ac_f="$ac_tmp/stdin";;
+      *) # Look for the file first in the build tree, then in the source tree
+	 # (if the path is not absolute).  The absolute path cannot be DOS-style,
+	 # because $ac_f cannot contain `:'.
+	 test -f "$ac_f" ||
+	   case $ac_f in
+	   [\\/$]*) false;;
+	   *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";;
+	   esac ||
+	   as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;;
+      esac
+      case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
+      as_fn_append ac_file_inputs " '$ac_f'"
+    done
+
+    # Let's still pretend it is `configure' which instantiates (i.e., don't
+    # use $as_me), people would be surprised to read:
+    #    /* config.h.  Generated by config.status.  */
+    configure_input='Generated from '`
+	  $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
+	`' by configure.'
+    if test x"$ac_file" != x-; then
+      configure_input="$ac_file.  $configure_input"
+      { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5
+$as_echo "$as_me: creating $ac_file" >&6;}
+    fi
+    # Neutralize special characters interpreted by sed in replacement strings.
+    case $configure_input in #(
+    *\&* | *\|* | *\\* )
+       ac_sed_conf_input=`$as_echo "$configure_input" |
+       sed 's/[\\\\&|]/\\\\&/g'`;; #(
+    *) ac_sed_conf_input=$configure_input;;
+    esac
+
+    case $ac_tag in
+    *:-:* | *:-) cat >"$ac_tmp/stdin" \
+      || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;;
+    esac
+    ;;
+  esac
+
+  ac_dir=`$as_dirname -- "$ac_file" ||
+$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$ac_file" : 'X\(//\)[^/]' \| \
+	 X"$ac_file" : 'X\(//\)$' \| \
+	 X"$ac_file" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$ac_file" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+  as_dir="$ac_dir"; as_fn_mkdir_p
+  ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+  ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+  # A ".." for each directory in $ac_dir_suffix.
+  ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+  case $ac_top_builddir_sub in
+  "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+  *)  ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+  esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+  .)  # We are building in place.
+    ac_srcdir=.
+    ac_top_srcdir=$ac_top_builddir_sub
+    ac_abs_top_srcdir=$ac_pwd ;;
+  [\\/]* | ?:[\\/]* )  # Absolute name.
+    ac_srcdir=$srcdir$ac_dir_suffix;
+    ac_top_srcdir=$srcdir
+    ac_abs_top_srcdir=$srcdir ;;
+  *) # Relative name.
+    ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+    ac_top_srcdir=$ac_top_build_prefix$srcdir
+    ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+
+  case $ac_mode in
+  :F)
+  #
+  # CONFIG_FILE
+  #
+
+  case $INSTALL in
+  [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;;
+  *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;;
+  esac
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# If the template does not know about datarootdir, expand it.
+# FIXME: This hack should be removed a few years after 2.60.
+ac_datarootdir_hack=; ac_datarootdir_seen=
+ac_sed_dataroot='
+/datarootdir/ {
+  p
+  q
+}
+/@datadir@/p
+/@docdir@/p
+/@infodir@/p
+/@localedir@/p
+/@mandir@/p'
+case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in
+*datarootdir*) ac_datarootdir_seen=yes;;
+*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*)
+  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
+$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+  ac_datarootdir_hack='
+  s&@datadir@&$datadir&g
+  s&@docdir@&$docdir&g
+  s&@infodir@&$infodir&g
+  s&@localedir@&$localedir&g
+  s&@mandir@&$mandir&g
+  s&\\\${datarootdir}&$datarootdir&g' ;;
+esac
+_ACEOF
+
+# Neutralize VPATH when `$srcdir' = `.'.
+# Shell code in configure.ac might set extrasub.
+# FIXME: do we really want to maintain this feature?
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ac_sed_extra="$ac_vpsub
+$extrasub
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+:t
+/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
+s|@configure_input@|$ac_sed_conf_input|;t t
+s&@top_builddir@&$ac_top_builddir_sub&;t t
+s&@top_build_prefix@&$ac_top_build_prefix&;t t
+s&@srcdir@&$ac_srcdir&;t t
+s&@abs_srcdir@&$ac_abs_srcdir&;t t
+s&@top_srcdir@&$ac_top_srcdir&;t t
+s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t
+s&@builddir@&$ac_builddir&;t t
+s&@abs_builddir@&$ac_abs_builddir&;t t
+s&@abs_top_builddir@&$ac_abs_top_builddir&;t t
+s&@INSTALL@&$ac_INSTALL&;t t
+$ac_datarootdir_hack
+"
+eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \
+  >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5
+
+test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
+  { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } &&
+  { ac_out=`sed -n '/^[	 ]*datarootdir[	 ]*:*=/p' \
+      "$ac_tmp/out"`; test -z "$ac_out"; } &&
+  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined.  Please make sure it is defined" >&5
+$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined.  Please make sure it is defined" >&2;}
+
+  rm -f "$ac_tmp/stdin"
+  case $ac_file in
+  -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";;
+  *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";;
+  esac \
+  || as_fn_error $? "could not create $ac_file" "$LINENO" 5
+ ;;
+  :H)
+  #
+  # CONFIG_HEADER
+  #
+  if test x"$ac_file" != x-; then
+    {
+      $as_echo "/* $configure_input  */" \
+      && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs"
+    } >"$ac_tmp/config.h" \
+      || as_fn_error $? "could not create $ac_file" "$LINENO" 5
+    if diff "$ac_file" "$ac_tmp/config.h" >/dev/null 2>&1; then
+      { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5
+$as_echo "$as_me: $ac_file is unchanged" >&6;}
+    else
+      rm -f "$ac_file"
+      mv "$ac_tmp/config.h" "$ac_file" \
+	|| as_fn_error $? "could not create $ac_file" "$LINENO" 5
+    fi
+  else
+    $as_echo "/* $configure_input  */" \
+      && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" \
+      || as_fn_error $? "could not create -" "$LINENO" 5
+  fi
+ ;;
+
+
+  esac
+
+done # for ac_tag
+
+
+as_fn_exit 0
+_ACEOF
+ac_clean_files=$ac_clean_files_save
+
+test $ac_write_fail = 0 ||
+  as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5
+
+
+# configure is writing to config.log, and then calls config.status.
+# config.status does its own redirection, appending to config.log.
+# Unfortunately, on DOS this fails, as config.log is still kept open
+# by configure, so config.status won't be able to write to it; its
+# output is simply discarded.  So we exec the FD to /dev/null,
+# effectively closing config.log, so it can be properly (re)opened and
+# appended to by config.status.  When coming back to configure, we
+# need to make the FD available again.
+if test "$no_create" != yes; then
+  ac_cs_success=:
+  ac_config_status_args=
+  test "$silent" = yes &&
+    ac_config_status_args="$ac_config_status_args --quiet"
+  exec 5>/dev/null
+  $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false
+  exec 5>>config.log
+  # Use ||, not &&, to avoid exiting from the if with $? = 1, which
+  # would make configure fail if this is the last instruction.
+  $ac_cs_success || as_fn_exit 1
+fi
+if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5
+$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;}
+fi
+
+
+# This is needed when building outside the source dir.
+as_dir=crypto/cipher; as_fn_mkdir_p
+as_dir=crypto/hash; as_fn_mkdir_p
+as_dir=crypto/kernel; as_fn_mkdir_p
+as_dir=crypto/math; as_fn_mkdir_p
+as_dir=crypto/replay; as_fn_mkdir_p
+as_dir=crypto/test; as_fn_mkdir_p
+as_dir=doc; as_fn_mkdir_p
+as_dir=srtp; as_fn_mkdir_p
+as_dir=test; as_fn_mkdir_p
diff --git a/trunk/3rdparty/libsrtp-2-fit/configure.ac b/trunk/3rdparty/libsrtp-2-fit/configure.ac
new file mode 100644
index 000000000..fc312bbdc
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/configure.ac
@@ -0,0 +1,429 @@
+dnl Process this file with autoconf to produce a configure script.
+AC_INIT([libsrtp2], [2.3.0], [https://github.com/cisco/libsrtp/issues])
+
+dnl Must come before AC_PROG_CC
+EMPTY_CFLAGS="no"
+if test "x$CFLAGS" = "x"; then
+   dnl Default value for CFLAGS if not specified.
+   EMPTY_CFLAGS="yes"
+fi
+
+dnl Checks for programs.
+AC_PROG_CC
+AC_PROG_CPP
+AC_PROG_CXX
+AC_ARG_VAR(
+  [EXTRA_CFLAGS],
+  [C compiler flags appended to the regular C compiler flags instead of overriding them])
+AM_PROG_AR
+AC_PROG_RANLIB
+AC_PROG_INSTALL
+AC_PROG_SED
+
+dnl Check the byte order
+AC_C_BIGENDIAN
+
+AC_CANONICAL_HOST
+
+dnl check host_cpu type, set defines appropriately
+case $host_cpu in
+  i*86 | x86_64 )
+    AC_DEFINE([CPU_CISC], [1], [Define if building for a CISC machine (e.g. Intel).])
+    AC_DEFINE([HAVE_X86], [1], [Define to use X86 inlined assembly code])
+    ;;
+  * )
+    AC_DEFINE([CPU_RISC], [1], [Define if building for a RISC machine (assume slow byte access).])
+    ;;
+esac
+
+dnl Check if we are on a Windows platform.
+case $host_os in
+  *cygwin*|*mingw* )
+    EXE=.exe
+    ;;
+  * )
+    EXE=""
+    ;;
+esac
+AC_SUBST([EXE])   # define executable suffix; this is needed for `make clean'
+
+dnl Checks for supported compiler flags.
+supported_cflags=""
+if test "$EMPTY_CFLAGS" = "no"; then
+  supported_cflags="$CFLAGS"
+fi
+
+dnl For accurate detection, we need warnings as errors.
+dnl I.e. Clang will issue a warning about unsupported flags.
+dnl For the compilation to fail, those warnings needs to be upgraded to errors.
+dnl This will be removed again once the tests are complete (see below).
+WERROR=""
+for w in -Werror -errwarn; do
+  if test "x$WERROR" = "x"; then
+    AC_MSG_CHECKING([whether ${CC-c} accepts $w])
+    save_cflags="$CFLAGS"
+    AS_IF([test "x$CFLAGS" = "x"], [CFLAGS="$w"], [CFLAGS="$CFLAGS $w"])
+    AC_COMPILE_IFELSE([AC_LANG_SOURCE([int main(void) { return 0; }])],
+      [WERROR="$w"
+       AC_MSG_RESULT([yes])],
+      [CFLAGS="$save_cflags"
+       AC_MSG_RESULT([no])])
+  fi
+done
+
+dnl Note that -fPIC is not explicitly added to LDFLAGS.
+dnl Since the compiler is used as the link driver, CFLAGS will be part of the
+dnl link line as well and the linker will get the flag from there.
+dnl Adding it to LDFLAGS explicitly would duplicate the flag on the link line,
+dnl but otherwise do no harm.
+AC_MSG_CHECKING([whether ${CC-c} accepts -fPIC])
+save_cflags="$CFLAGS"
+AS_IF([test "x$CFLAGS" = "x"], [CFLAGS="-fPIC"], [CFLAGS="$CFLAGS -fPIC"])
+AC_COMPILE_IFELSE([AC_LANG_SOURCE([int main(void) { return 0; }])],
+  [AS_IF([test "x$supported_cflags" = "x"], [supported_cflags="-fPIC"], [supported_cflags="$supported_cflags -fPIC"])
+   AC_MSG_RESULT([yes])],
+  [CFLAGS="$save_cflags"
+   AC_MSG_RESULT([no])])
+
+if test "$EMPTY_CFLAGS" = "yes"; then
+  for f in -Wall -pedantic -Wstrict-prototypes; do
+    AC_MSG_CHECKING([whether ${CC-c} accepts $f])
+    save_cflags="$CFLAGS"
+    AS_IF([test "x$CFLAGS" = "x"], [CFLAGS="$f"], [CFLAGS="$CFLAGS $f"])
+    AC_COMPILE_IFELSE([AC_LANG_SOURCE([int main(void) { return 0; }])],
+      [AS_IF([test "x$supported_cflags" = "x"], [supported_cflags="$f"], [supported_cflags="$supported_cflags $f"])
+       AC_MSG_RESULT([yes])],
+      [CFLAGS="$save_cflags"
+       AC_MSG_RESULT([no])])
+  done
+
+  OOPT=""
+  for f in -O4 -O3; do
+    if test "x$OOPT" = "x"; then
+      AC_MSG_CHECKING([whether ${CC-c} accepts $f])
+      save_cflags="$CFLAGS"
+      AS_IF([test "x$CFLAGS" = "x"], [CFLAGS="$f"], [CFLAGS="$CFLAGS $f"])
+      AC_COMPILE_IFELSE([AC_LANG_SOURCE([int main(void) { return 0; }])],
+        [AS_IF([test "x$supported_cflags" = "x"], [supported_cflags="$f"], [supported_cflags="$supported_cflags $f"])
+         OOPT="$f"
+         AC_MSG_RESULT([yes])],
+        [CFLAGS="$save_cflags"
+         AC_MSG_RESULT([no])])
+    fi
+  done
+
+  for f in -fexpensive-optimizations -funroll-loops; do
+    AC_MSG_CHECKING([whether ${CC-c} accepts $f])
+    save_cflags="$CFLAGS"
+    AS_IF([test "x$CFLAGS" = "x"], [CFLAGS="$f"], [CFLAGS="$CFLAGS $f"])
+    AC_COMPILE_IFELSE([AC_LANG_SOURCE([int main(void) { return 0; }])],
+      [AS_IF([test "x$supported_cflags" = "x"], [supported_cflags="$f"], [supported_cflags="$supported_cflags $f"])
+       AC_MSG_RESULT([yes])],
+      [CFLAGS="$save_cflags"
+       AC_MSG_RESULT([no])])
+  done
+fi
+
+dnl When turning off warnigns, we're expecting unrecognized command line option errors if they're not
+dnl supported. However, the -Wno-<warning> form isn't consulted unless a warning is triggered.
+dnl At least that's the case for GCC. So to check which warnings we can turn off, we need to check
+dnl if they can be turned on, thereby forcing GCC to take the argument into account right away.
+for f in -Wno-language-extension-token; do
+  AC_MSG_CHECKING([whether ${CC-c} accepts $f])
+  save_cflags="$CFLAGS"
+  testf=$(echo "$f" | $SED 's|-Wno-\(.*\)|-W\1|g')
+  AS_IF([test "x$CFLAGS" = "x"], [CFLAGS="$testf"], [CFLAGS="$CFLAGS $testf"])
+  AC_COMPILE_IFELSE([AC_LANG_SOURCE([int main(void) { return 0; }])],
+    [AS_IF([test "x$supported_cflags" = "x"], [supported_cflags="$f"], [supported_cflags="$supported_cflags $f"])
+     AC_MSG_RESULT([yes])],
+    [CFLAGS="$save_cflags"
+     AC_MSG_RESULT([no])])
+done
+
+dnl Remowing -Werror again
+CFLAGS="$supported_cflags"
+
+dnl Checks for header files.
+AC_HEADER_STDC
+AC_CHECK_HEADERS(
+    [unistd.h byteswap.h stdint.h sys/uio.h inttypes.h sys/types.h machine/types.h sys/int_types.h],
+    [], [], [AC_INCLUDES_DEFAULT])
+
+dnl socket() and friends
+AC_CHECK_HEADERS([sys/socket.h netinet/in.h arpa/inet.h], [], [], [AC_INCLUDES_DEFAULT])
+AC_CHECK_HEADERS(
+    [windows.h],
+    [AC_CHECK_HEADERS([winsock2.h], [], [], [AC_INCLUDES_DEFAULT])],
+    [], [AC_INCLUDES_DEFAULT])
+
+AC_CHECK_TYPES([int8_t, uint8_t, int16_t, uint16_t, int32_t, uint32_t, uint64_t])
+AC_CHECK_SIZEOF([unsigned long])
+AC_CHECK_SIZEOF([unsigned long long])
+
+dnl Checks for typedefs, structures, and compiler characteristics.
+AC_C_CONST
+AC_C_INLINE
+AC_TYPE_SIZE_T
+
+dnl Checks for library functions.
+AC_CHECK_FUNCS([socket inet_aton usleep sigaction])
+
+dnl Find socket function if not found yet.
+if test "x$ac_cv_func_socket" = "xno"; then
+  AC_CHECK_LIB([socket], [socket])
+  AC_MSG_CHECKING([for socket in -lwsock32])
+  SAVELIBS="$LIBS"
+  LIBS="$LIBS -lwsock32"
+  AC_LINK_IFELSE(
+    [AC_LANG_SOURCE([
+#include <winsock2.h>
+int main(void)
+{
+    int fd = socket(0, 0, 0);
+    if (fd < 0)
+      return -1;
+    else
+      return 0;
+}
+    ])],
+    [ac_cv_func_socket=yes
+     AC_MSG_RESULT([yes])],
+    [LIBS="$SAVELIBS"
+     AC_MSG_RESULT([no])])
+fi
+
+AC_MSG_CHECKING([whether to enable debug logging in all modules])
+AC_ARG_ENABLE([debug-logging],
+  [AS_HELP_STRING([--enable-debug-logging], [Enable debug logging in all modules])],
+  [], enable_debug_logging=no)
+if test "$enable_debug_logging" = "yes"; then
+   AC_DEFINE([ENABLE_DEBUG_LOGGING], [1], [Define to enabled debug logging for all mudules.])
+fi
+AC_MSG_RESULT([$enable_debug_logging])
+
+PKG_PROG_PKG_CONFIG
+AS_IF([test "x$PKG_CONFIG" != "x"], [PKG_CONFIG="$PKG_CONFIG --static"])
+
+AC_MSG_CHECKING([whether to leverage OpenSSL crypto])
+AC_ARG_ENABLE([openssl],
+  [AS_HELP_STRING([--enable-openssl], [compile in OpenSSL crypto engine])],
+  [], [enable_openssl=no])
+AC_MSG_RESULT([$enable_openssl])
+
+AC_MSG_CHECKING([whether to leverage NSS crypto])
+AC_ARG_ENABLE([nss],
+  [AS_HELP_STRING([--enable-nss], [compile in NSS crypto engine])],
+  [], [enable_nss=no])
+AC_MSG_RESULT([$enable_nss])
+
+if test "$enable_openssl" = "yes"; then
+   AC_MSG_CHECKING([for user specified OpenSSL directory])
+   AC_ARG_WITH([openssl-dir],
+      [AS_HELP_STRING([--with-openssl-dir], [Location of OpenSSL installation])],
+      [if test "x$PKG_CONFIG" != "x" && test -f $with_openssl_dir/lib/pkgconfig/libcrypto.pc; then
+         if test "x$PKG_CONFIG_PATH" = "x"; then
+           export PKG_CONFIG_PATH="$with_openssl_dir/lib/pkgconfig"
+         else
+           export PKG_CONFIG_PATH="$with_openssl_dir/lib/pkgconfig:$PKG_CONFIG_PATH"
+         fi
+         AC_MSG_RESULT([$with_openssl_dir])
+       elif test -d $with_openssl_dir/lib; then
+         CFLAGS="$CFLAGS -I$with_openssl_dir/include"
+         if test "x$LDFLAGS" = "x"; then
+           LDFLAGS="-L$with_openssl_dir/lib"
+         else
+           LDFLAGS="$LDFLAGS -L$with_openssl_dir/lib"
+         fi
+         AC_MSG_RESULT([$with_openssl_dir])
+       else
+         AC_MSG_RESULT([invalid])
+         AC_MSG_FAILURE([Invalid OpenSSL location: $with_openssl_dir])
+       fi],
+      [AC_MSG_RESULT([no])])
+
+   if test "x$PKG_CONFIG" != "x"; then
+     PKG_CHECK_MODULES([crypto], [libcrypto >= 1.0.1],
+       [CFLAGS="$CFLAGS $crypto_CFLAGS"
+        LIBS="$crypto_LIBS $LIBS"])
+   else
+     AC_CHECK_LIB([dl], [dlopen], [], [AC_MSG_WARN([can't find libdl])])
+     AC_CHECK_LIB([z], [inflate], [], [AC_MSG_WARN([can't find libz])])
+   fi
+
+   AC_SEARCH_LIBS([EVP_EncryptInit], [crypto],
+     [], [AC_MSG_FAILURE([can't find openssl >= 1.0.1 crypto lib])])
+   AC_SEARCH_LIBS([EVP_aes_128_ctr], [crypto],
+     [], [AC_MSG_FAILURE([can't find openssl >= 1.0.1 crypto lib])])
+   AC_SEARCH_LIBS([EVP_aes_128_gcm], [crypto],
+     [], [AC_MSG_FAILURE([can't find openssl >= 1.0.1 crypto lib])])
+
+   AC_DEFINE([GCM], [1], [Define this to use AES-GCM.])
+   AC_DEFINE([OPENSSL], [1], [Define this to use OpenSSL crypto.])
+   AES_ICM_OBJS="crypto/cipher/aes_icm_ossl.o crypto/cipher/aes_gcm_ossl.o"
+   HMAC_OBJS=crypto/hash/hmac_ossl.o
+   AC_SUBST([USE_EXTERNAL_CRYPTO], [1])
+
+   AC_MSG_CHECKING([if OPENSSL_cleanse is broken])
+   AC_RUN_IFELSE([AC_LANG_PROGRAM([
+     #include <stdio.h>
+     #include <openssl/crypto.h>
+   ], [
+     #define BUFFER_SIZE (16)
+     char buffer[[BUFFER_SIZE]];
+     int i;
+     for (i = 0; i < BUFFER_SIZE; i++) {
+       buffer[[i]] = i & 0xff;
+     }
+     OPENSSL_cleanse(buffer, BUFFER_SIZE);
+     for (i = 0; i < BUFFER_SIZE; i++) {
+       if (buffer[[i]]) {
+         printf("Buffer contents not zero at position %d (is %d)\n", i,
+             buffer[[i]]);
+         return 1;
+       }
+     }
+   ])], [openssl_cleanse_broken=no], [
+     openssl_cleanse_broken=yes
+     AC_DEFINE([OPENSSL_CLEANSE_BROKEN], [1], [Define this if OPENSSL_cleanse is broken.])
+   ])
+   AC_MSG_RESULT([$openssl_cleanse_broken])
+
+   AC_MSG_CHECKING([whether to leverage OpenSSL KDF algorithm])
+   AC_ARG_ENABLE([openssl-kdf],
+      [AS_HELP_STRING([--enable-openssl-kdf], [Use OpenSSL KDF algorithm])],
+      [], [enable_openssl_kdf=no])
+   AC_MSG_RESULT([$enable_openssl_kdf])
+   if test "$enable_openssl_kdf" = "yes"; then
+     AC_SEARCH_LIBS([kdf_srtp], [crypto],
+       [], [AC_MSG_FAILURE([can't find openssl KDF lib])])
+     AC_DEFINE([OPENSSL_KDF], [1], [Define this to use OpenSSL KDF for SRTP.])
+   fi
+elif test "$enable_nss" = "yes"; then
+   AC_MSG_CHECKING([for user specified NSS directory])
+   AC_ARG_WITH([nss-dir],
+      [AS_HELP_STRING([--with-nss-dir], [Location of NSS installation])],
+      [if test "x$PKG_CONFIG" != "x" && test -f $with_nss_dir/lib/pkgconfig/nss.pc; then
+         if test "x$PKG_CONFIG_PATH" = "x"; then
+           export PKG_CONFIG_PATH="$with_nss_dir/lib/pkgconfig"
+         else
+           export PKG_CONFIG_PATH="$with_nss_dir/lib/pkgconfig:$PKG_CONFIG_PATH"
+         fi
+         AC_MSG_RESULT([$with_nss_dir])
+       elif test -d $with_nss_dir/lib; then
+         CFLAGS="$CFLAGS -I$with_nss_dir/include"
+         CFLAGS="$CFLAGS -I$with_nss_dir/../public/nss"
+         if test "x$LDFLAGS" = "x"; then
+           LDFLAGS="-L$with_nss_dir/lib"
+         else
+           LDFLAGS="$LDFLAGS -L$with_nss_dir/lib"
+         fi
+         nss_skip_pkg_config=yes
+         AC_MSG_RESULT([$with_nss_dir])
+       else
+         AC_MSG_RESULT([invalid])
+         AC_MSG_FAILURE([Invalid NSS location: $with_nss_dir])
+       fi
+       AC_SUBST([CRYPTO_LIBDIR], [$with_nss_dir/lib])],
+      [AC_MSG_RESULT([no])])
+
+   if test "x$PKG_CONFIG" != "x" && test "$nss_skip_pkg_config" != "yes"; then
+     PKG_CHECK_MODULES([nss], [nss],
+       [CFLAGS="$CFLAGS $nss_CFLAGS"
+         LIBS="$nss_LIBS $LIBS"])
+   else
+     AC_CHECK_HEADERS(
+       [nss.h],
+       [], [AC_MSG_FAILURE([can't find useable NSS headers])],
+       [AC_INCLUDES_DEFAULT])
+     AC_CHECK_LIB(
+       [nspr4], [PR_GetError],
+       [], [AC_MSG_WARN([can't find libnspr4])])
+     AC_CHECK_LIB(
+       [nss3], [NSS_NoDB_Init],
+       [], [AC_MSG_FAILURE([can't find useable libnss3])])
+   fi
+
+   AC_DEFINE([GCM], [1], [Define this to use AES-GCM.])
+   AC_DEFINE([NSS], [1], [Define this to use NSS crypto.])
+   AES_ICM_OBJS="crypto/cipher/aes_icm_nss.o crypto/cipher/aes_gcm_nss.o"
+
+   # TODO(RLB): Use NSS for HMAC
+   HMAC_OBJS="crypto/hash/hmac.o crypto/hash/sha1.o"
+
+   # TODO(RLB): Use NSS for KDF
+
+   AC_SUBST([USE_EXTERNAL_CRYPTO], [1])
+else
+   AES_ICM_OBJS="crypto/cipher/aes_icm.o crypto/cipher/aes.o"
+   HMAC_OBJS="crypto/hash/hmac.o crypto/hash/sha1.o"
+fi
+AC_SUBST([AES_ICM_OBJS])
+AC_SUBST([HMAC_OBJS])
+
+dnl Checking for PCAP
+
+PCAP_LIB=""
+AC_ARG_ENABLE([pcap], AS_HELP_STRING([--disable-pcap], [Build without `pcap' library (-lpcap)]))
+AS_IF([test "x$enable_pcap" != "xno"], [
+  AC_CHECK_LIB([pcap], [pcap_create],
+    [PCAP_LIB="-lpcap"
+     AC_DEFINE([HAVE_PCAP], [1], [Define to 1 if you have the `pcap' library (-lpcap)])
+     AC_SUBST([HAVE_PCAP], [1])])
+
+  AC_CHECK_LIB([wpcap], [pcap_create],
+    [PCAP_LIB="-lwpcap"
+     AC_DEFINE([HAVE_PCAP], [1], [Define to 1 if you have the `winpcap' library (-lwpcap)])
+     AC_SUBST([HAVE_PCAP], [1])])
+])
+AC_SUBST([PCAP_LIB])
+   
+AC_MSG_CHECKING([whether to redirect logging to stdout])
+AC_ARG_ENABLE([log-stdout],
+  [AS_HELP_STRING([--enable-log-stdout], [redirecting logging to stdout])],
+  [], [enable_log_stdout=no])
+if test "$enable_log_stdout" = "yes"; then
+   AC_DEFINE([ERR_REPORTING_STDOUT], [1], [Define to redirect logging to stdout.])
+fi
+AC_MSG_RESULT([$enable_log_stdout])
+
+AC_MSG_CHECKING([wheather to use a file for logging])
+AC_ARG_WITH([log-file],
+  [AS_HELP_STRING([--with-log-file], [Use file for logging])],
+  [AS_CASE([x$with_log_file],
+     [x], [valid_with_log_file="no"],
+     [xyes], [valid_with_log_file="no"],
+     [valid_with_error_file="yes"])
+   AS_IF([test "$valid_with_log_file" = "no"],
+     [AC_MSG_RESULT([invalid])
+      AC_MSG_FAILURE([Invalid value for --with-log-file: "$with_log_file"])],
+     [AC_DEFINE_UNQUOTED([ERR_REPORTING_FILE], ["$with_log_file"], [Logging statments will be writen to this file.])
+      AC_MSG_RESULT([using log file: "$with_log_file"])])],
+  [AC_MSG_RESULT([no])])
+
+AS_IF(
+  [test "$enable_log_stdout" = "yes" && test "x$with_log_file" != "x"],
+  [AC_MSG_FAILURE([Can only use one of --enable-log-stdout and --with-log-file; they are mutually exclusive])])
+
+dnl Appending EXTRA_CFLAGS, if given
+AC_MSG_CHECKING([for extra C compiler flags])
+AS_IF([test "x$EXTRA_CFLAGS" != "x"],
+   [AS_IF([test "x$CFLAGS" = "x"],
+      [CFLAGS="$EXTRA_CFLAGS"], [CFLAGS="$CFLAGS $EXTRA_CFLAGS"])
+    AC_MSG_RESULT([$EXTRA_CFLAGS])],
+   [AC_MSG_RESULT(no)])
+
+AC_CONFIG_HEADER([crypto/include/config.h:config_in.h])
+
+AC_CONFIG_FILES([Makefile crypto/Makefile doc/Makefile fuzzer/Makefile libsrtp2.pc])
+AC_OUTPUT
+
+# This is needed when building outside the source dir.
+AS_MKDIR_P([crypto/cipher])
+AS_MKDIR_P([crypto/hash])
+AS_MKDIR_P([crypto/kernel])
+AS_MKDIR_P([crypto/math])
+AS_MKDIR_P([crypto/replay])
+AS_MKDIR_P([crypto/test])
+AS_MKDIR_P([doc])
+AS_MKDIR_P([srtp])
+AS_MKDIR_P([test])
diff --git a/trunk/3rdparty/libsrtp-2-fit/crypto/Makefile.in b/trunk/3rdparty/libsrtp-2-fit/crypto/Makefile.in
new file mode 100644
index 000000000..44f29ad2c
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/crypto/Makefile.in
@@ -0,0 +1,119 @@
+# Makefile for crypto test suite
+#
+# David A. McGrew
+# Cisco Systems, Inc.
+
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+top_builddir = @top_builddir@
+VPATH = @srcdir@
+
+CC	= @CC@
+INCDIR	= -Iinclude -I$(srcdir)/include -I$(top_srcdir)/include
+DEFS	= @DEFS@
+CPPFLAGS= @CPPFLAGS@
+CFLAGS	= @CFLAGS@
+LIBS	= @LIBS@
+LDFLAGS	= @LDFLAGS@ -L. -L..
+COMPILE = $(CC) $(DEFS) $(INCDIR) $(CPPFLAGS) $(CFLAGS)
+CRYPTOLIB = -lsrtp2
+CRYPTO_LIBDIR = @CRYPTO_LIBDIR@
+
+RANLIB	= @RANLIB@
+
+# Specify how tests should find shared libraries on macOS and Linux
+#
+# macOS purges DYLD_LIBRARY_PATH when spawning subprocesses, so it's
+# not possible to pass this in from the outside; we have to specify
+# it for any subprocesses we call. No support for dynamic linked
+# tests on Windows.
+ifneq ($(strip $(CRYPTO_LIBDIR)),)
+	ifneq ($(OS),Windows_NT)
+		UNAME_S = $(shell uname -s)
+		ifeq ($(UNAME_S),Linux)
+			FIND_LIBRARIES = LD_LIBRARY_PATH=$(CRYPTO_LIBDIR)
+		endif
+		ifeq ($(UNAME_S),Darwin)
+			FIND_LIBRARIES = DYLD_LIBRARY_PATH=$(CRYPTO_LIBDIR)
+		endif
+	endif
+endif
+
+# EXE defines the suffix on executables - it's .exe for cygwin, and
+# null on linux, bsd, and OS X and other OSes.  we define this so that
+# `make clean` will work on the cygwin platform
+EXE = @EXE@
+# Random source.
+USE_EXTERNAL_CRYPTO = @USE_EXTERNAL_CRYPTO@
+
+ifdef ARCH
+  DEFS += -D$(ARCH)=1
+endif
+
+ifdef sysname
+  DEFS += -D$(sysname)=1
+endif
+
+.PHONY: dummy all runtest clean superclean
+
+dummy : all runtest
+
+# test applications
+ifneq (1, $(USE_EXTERNAL_CRYPTO))
+AES_CALC = test/aes_calc$(EXE)
+endif
+
+testapp = test/cipher_driver$(EXE) test/datatypes_driver$(EXE) \
+	  test/stat_driver$(EXE) test/sha1_driver$(EXE) \
+	  test/kernel_driver$(EXE) $(AES_CALC) \
+	  test/env$(EXE)
+
+# data values used to test the aes_calc application for AES-128
+k128=000102030405060708090a0b0c0d0e0f
+p128=00112233445566778899aabbccddeeff
+c128=69c4e0d86a7b0430d8cdb78070b4c55a
+
+
+# data values used to test the aes_calc application for AES-256
+k256=000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
+p256=00112233445566778899aabbccddeeff
+c256=8ea2b7ca516745bfeafc49904b496089
+
+
+runtest: $(testapp)
+	$(FIND_LIBRARIES) test/env$(EXE) # print out information on the build environment
+	@echo "running crypto test applications..."
+ifneq (1, $(USE_EXTERNAL_CRYPTO))
+	$(FIND_LIBRARIES) test `test/aes_calc $(k128) $(p128)` = $(c128)
+	$(FIND_LIBRARIES) test `test/aes_calc $(k256) $(p256)` = $(c256)
+endif
+	$(FIND_LIBRARIES) test/cipher_driver$(EXE) -v >/dev/null
+	$(FIND_LIBRARIES) test/datatypes_driver$(EXE) -v >/dev/null
+	$(FIND_LIBRARIES) test/stat_driver$(EXE) >/dev/null
+	$(FIND_LIBRARIES) test/sha1_driver$(EXE) -v >/dev/null
+	$(FIND_LIBRARIES) test/kernel_driver$(EXE) -v >/dev/null
+	@echo "crypto test applications passed."
+
+
+# the rule for making object files and test apps
+
+%.o: %.c
+	$(COMPILE) -c $< -o $@
+
+%$(EXE): %.c $(srcdir)/../test/getopt_s.c
+	$(COMPILE) $(LDFLAGS) $< $(srcdir)/../test/getopt_s.c -o $@ $(CRYPTOLIB) $(LIBS)
+
+all: $(testapp)
+
+# housekeeping functions
+
+clean:
+	rm -f $(testapp) *.o */*.o
+	for a in * .* */*; do if [ -f "$$a~" ] ; then rm $$a~; fi; done;
+	rm -f `find . -name "*.[ch]~*~"`
+	rm -rf latex
+
+superclean: clean
+	rm -f *core TAGS ktrace.out
+
+# EOF
diff --git a/trunk/3rdparty/libsrtp-2-fit/crypto/cipher/aes.c b/trunk/3rdparty/libsrtp-2-fit/crypto/cipher/aes.c
new file mode 100644
index 000000000..c9cd77420
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/crypto/cipher/aes.c
@@ -0,0 +1,2189 @@
+/*
+ * aes.c
+ *
+ * An implemnetation of the AES block cipher.
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ */
+
+/*
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include "aes.h"
+#include "err.h"
+
+/*
+ * we use the tables T0, T1, T2, T3, and T4 to compute AES, and
+ * the tables U0, U1, U2, and U4 to compute its inverse
+ *
+ * different tables are used on little-endian (Intel, VMS) and
+ * big-endian processors (everything else)
+ *
+ * these tables are computed using the program tables/aes_tables; use
+ * this program to generate different tables for porting or
+ * optimization on a different platform
+ */
+
+#ifndef WORDS_BIGENDIAN
+/* clang-format off */
+static const uint32_t T0[256] = {
+    0xa56363c6, 0x847c7cf8,  0x997777ee,  0x8d7b7bf6,
+    0xdf2f2ff,  0xbd6b6bd6,  0xb16f6fde,  0x54c5c591,
+    0x50303060, 0x3010102,   0xa96767ce,  0x7d2b2b56,
+    0x19fefee7, 0x62d7d7b5,  0xe6abab4d,  0x9a7676ec,
+    0x45caca8f, 0x9d82821f,  0x40c9c989,  0x877d7dfa,
+    0x15fafaef, 0xeb5959b2,  0xc947478e,  0xbf0f0fb,
+    0xecadad41, 0x67d4d4b3,  0xfda2a25f,  0xeaafaf45,
+    0xbf9c9c23, 0xf7a4a453,  0x967272e4,  0x5bc0c09b,
+    0xc2b7b775, 0x1cfdfde1,  0xae93933d,  0x6a26264c,
+    0x5a36366c, 0x413f3f7e,  0x2f7f7f5,   0x4fcccc83,
+    0x5c343468, 0xf4a5a551,  0x34e5e5d1,  0x8f1f1f9,
+    0x937171e2, 0x73d8d8ab,  0x53313162,  0x3f15152a,
+    0xc040408,  0x52c7c795,  0x65232346,  0x5ec3c39d,
+    0x28181830, 0xa1969637,  0xf05050a,   0xb59a9a2f,
+    0x907070e,  0x36121224,  0x9b80801b,  0x3de2e2df,
+    0x26ebebcd, 0x6927274e,  0xcdb2b27f,  0x9f7575ea,
+    0x1b090912, 0x9e83831d,  0x742c2c58,  0x2e1a1a34,
+    0x2d1b1b36, 0xb26e6edc,  0xee5a5ab4,  0xfba0a05b,
+    0xf65252a4, 0x4d3b3b76,  0x61d6d6b7,  0xceb3b37d,
+    0x7b292952, 0x3ee3e3dd,  0x712f2f5e,  0x97848413,
+    0xf55353a6, 0x68d1d1b9,  0x0,         0x2cededc1,
+    0x60202040, 0x1ffcfce3,  0xc8b1b179,  0xed5b5bb6,
+    0xbe6a6ad4, 0x46cbcb8d,  0xd9bebe67,  0x4b393972,
+    0xde4a4a94, 0xd44c4c98,  0xe85858b0,  0x4acfcf85,
+    0x6bd0d0bb, 0x2aefefc5,  0xe5aaaa4f,  0x16fbfbed,
+    0xc5434386, 0xd74d4d9a,  0x55333366,  0x94858511,
+    0xcf45458a, 0x10f9f9e9,  0x6020204,   0x817f7ffe,
+    0xf05050a0, 0x443c3c78,  0xba9f9f25,  0xe3a8a84b,
+    0xf35151a2, 0xfea3a35d,  0xc0404080,  0x8a8f8f05,
+    0xad92923f, 0xbc9d9d21,  0x48383870,  0x4f5f5f1,
+    0xdfbcbc63, 0xc1b6b677,  0x75dadaaf,  0x63212142,
+    0x30101020, 0x1affffe5,  0xef3f3fd,   0x6dd2d2bf,
+    0x4ccdcd81, 0x140c0c18,  0x35131326,  0x2fececc3,
+    0xe15f5fbe, 0xa2979735,  0xcc444488,  0x3917172e,
+    0x57c4c493, 0xf2a7a755,  0x827e7efc,  0x473d3d7a,
+    0xac6464c8, 0xe75d5dba,  0x2b191932,  0x957373e6,
+    0xa06060c0, 0x98818119,  0xd14f4f9e,  0x7fdcdca3,
+    0x66222244, 0x7e2a2a54,  0xab90903b,  0x8388880b,
+    0xca46468c, 0x29eeeec7,  0xd3b8b86b,  0x3c141428,
+    0x79dedea7, 0xe25e5ebc,  0x1d0b0b16,  0x76dbdbad,
+    0x3be0e0db, 0x56323264,  0x4e3a3a74,  0x1e0a0a14,
+    0xdb494992, 0xa06060c,   0x6c242448,  0xe45c5cb8,
+    0x5dc2c29f, 0x6ed3d3bd,  0xefacac43,  0xa66262c4,
+    0xa8919139, 0xa4959531,  0x37e4e4d3,  0x8b7979f2,
+    0x32e7e7d5, 0x43c8c88b,  0x5937376e,  0xb76d6dda,
+    0x8c8d8d01, 0x64d5d5b1,  0xd24e4e9c,  0xe0a9a949,
+    0xb46c6cd8, 0xfa5656ac,  0x7f4f4f3,   0x25eaeacf,
+    0xaf6565ca, 0x8e7a7af4,  0xe9aeae47,  0x18080810,
+    0xd5baba6f, 0x887878f0,  0x6f25254a,  0x722e2e5c,
+    0x241c1c38, 0xf1a6a657,  0xc7b4b473,  0x51c6c697,
+    0x23e8e8cb, 0x7cdddda1,  0x9c7474e8,  0x211f1f3e,
+    0xdd4b4b96, 0xdcbdbd61,  0x868b8b0d,  0x858a8a0f,
+    0x907070e0, 0x423e3e7c,  0xc4b5b571,  0xaa6666cc,
+    0xd8484890, 0x5030306,   0x1f6f6f7,   0x120e0e1c,
+    0xa36161c2, 0x5f35356a,  0xf95757ae,  0xd0b9b969,
+    0x91868617, 0x58c1c199,  0x271d1d3a,  0xb99e9e27,
+    0x38e1e1d9, 0x13f8f8eb,  0xb398982b,  0x33111122,
+    0xbb6969d2, 0x70d9d9a9,  0x898e8e07,  0xa7949433,
+    0xb69b9b2d, 0x221e1e3c,  0x92878715,  0x20e9e9c9,
+    0x49cece87, 0xff5555aa,  0x78282850,  0x7adfdfa5,
+    0x8f8c8c03, 0xf8a1a159,  0x80898909,  0x170d0d1a,
+    0xdabfbf65, 0x31e6e6d7,  0xc6424284,  0xb86868d0,
+    0xc3414182, 0xb0999929,  0x772d2d5a,  0x110f0f1e,
+    0xcbb0b07b, 0xfc5454a8,  0xd6bbbb6d,  0x3a16162c,
+};
+/* clang-format on */
+
+/* clang-format off */
+static const uint32_t T1[256] = {
+    0x6363c6a5, 0x7c7cf884,  0x7777ee99,  0x7b7bf68d,
+    0xf2f2ff0d, 0x6b6bd6bd,  0x6f6fdeb1,  0xc5c59154,
+    0x30306050, 0x1010203,   0x6767cea9,  0x2b2b567d,
+    0xfefee719, 0xd7d7b562,  0xabab4de6,  0x7676ec9a,
+    0xcaca8f45, 0x82821f9d,  0xc9c98940,  0x7d7dfa87,
+    0xfafaef15, 0x5959b2eb,  0x47478ec9,  0xf0f0fb0b,
+    0xadad41ec, 0xd4d4b367,  0xa2a25ffd,  0xafaf45ea,
+    0x9c9c23bf, 0xa4a453f7,  0x7272e496,  0xc0c09b5b,
+    0xb7b775c2, 0xfdfde11c,  0x93933dae,  0x26264c6a,
+    0x36366c5a, 0x3f3f7e41,  0xf7f7f502,  0xcccc834f,
+    0x3434685c, 0xa5a551f4,  0xe5e5d134,  0xf1f1f908,
+    0x7171e293, 0xd8d8ab73,  0x31316253,  0x15152a3f,
+    0x404080c,  0xc7c79552,  0x23234665,  0xc3c39d5e,
+    0x18183028, 0x969637a1,  0x5050a0f,   0x9a9a2fb5,
+    0x7070e09,  0x12122436,  0x80801b9b,  0xe2e2df3d,
+    0xebebcd26, 0x27274e69,  0xb2b27fcd,  0x7575ea9f,
+    0x909121b,  0x83831d9e,  0x2c2c5874,  0x1a1a342e,
+    0x1b1b362d, 0x6e6edcb2,  0x5a5ab4ee,  0xa0a05bfb,
+    0x5252a4f6, 0x3b3b764d,  0xd6d6b761,  0xb3b37dce,
+    0x2929527b, 0xe3e3dd3e,  0x2f2f5e71,  0x84841397,
+    0x5353a6f5, 0xd1d1b968,  0x00000000,  0xededc12c,
+    0x20204060, 0xfcfce31f,  0xb1b179c8,  0x5b5bb6ed,
+    0x6a6ad4be, 0xcbcb8d46,  0xbebe67d9,  0x3939724b,
+    0x4a4a94de, 0x4c4c98d4,  0x5858b0e8,  0xcfcf854a,
+    0xd0d0bb6b, 0xefefc52a,  0xaaaa4fe5,  0xfbfbed16,
+    0x434386c5, 0x4d4d9ad7,  0x33336655,  0x85851194,
+    0x45458acf, 0xf9f9e910,  0x2020406,   0x7f7ffe81,
+    0x5050a0f0, 0x3c3c7844,  0x9f9f25ba,  0xa8a84be3,
+    0x5151a2f3, 0xa3a35dfe,  0x404080c0,  0x8f8f058a,
+    0x92923fad, 0x9d9d21bc,  0x38387048,  0xf5f5f104,
+    0xbcbc63df, 0xb6b677c1,  0xdadaaf75,  0x21214263,
+    0x10102030, 0xffffe51a,  0xf3f3fd0e,  0xd2d2bf6d,
+    0xcdcd814c, 0xc0c1814,   0x13132635,  0xececc32f,
+    0x5f5fbee1, 0x979735a2,  0x444488cc,  0x17172e39,
+    0xc4c49357, 0xa7a755f2,  0x7e7efc82,  0x3d3d7a47,
+    0x6464c8ac, 0x5d5dbae7,  0x1919322b,  0x7373e695,
+    0x6060c0a0, 0x81811998,  0x4f4f9ed1,  0xdcdca37f,
+    0x22224466, 0x2a2a547e,  0x90903bab,  0x88880b83,
+    0x46468cca, 0xeeeec729,  0xb8b86bd3,  0x1414283c,
+    0xdedea779, 0x5e5ebce2,  0xb0b161d,   0xdbdbad76,
+    0xe0e0db3b, 0x32326456,  0x3a3a744e,  0xa0a141e,
+    0x494992db, 0x6060c0a,   0x2424486c,  0x5c5cb8e4,
+    0xc2c29f5d, 0xd3d3bd6e,  0xacac43ef,  0x6262c4a6,
+    0x919139a8, 0x959531a4,  0xe4e4d337,  0x7979f28b,
+    0xe7e7d532, 0xc8c88b43,  0x37376e59,  0x6d6ddab7,
+    0x8d8d018c, 0xd5d5b164,  0x4e4e9cd2,  0xa9a949e0,
+    0x6c6cd8b4, 0x5656acfa,  0xf4f4f307,  0xeaeacf25,
+    0x6565caaf, 0x7a7af48e,  0xaeae47e9,  0x8081018,
+    0xbaba6fd5, 0x7878f088,  0x25254a6f,  0x2e2e5c72,
+    0x1c1c3824, 0xa6a657f1,  0xb4b473c7,  0xc6c69751,
+    0xe8e8cb23, 0xdddda17c,  0x7474e89c,  0x1f1f3e21,
+    0x4b4b96dd, 0xbdbd61dc,  0x8b8b0d86,  0x8a8a0f85,
+    0x7070e090, 0x3e3e7c42,  0xb5b571c4,  0x6666ccaa,
+    0x484890d8, 0x3030605,   0xf6f6f701,  0xe0e1c12,
+    0x6161c2a3, 0x35356a5f,  0x5757aef9,  0xb9b969d0,
+    0x86861791, 0xc1c19958,  0x1d1d3a27,  0x9e9e27b9,
+    0xe1e1d938, 0xf8f8eb13,  0x98982bb3,  0x11112233,
+    0x6969d2bb, 0xd9d9a970,  0x8e8e0789,  0x949433a7,
+    0x9b9b2db6, 0x1e1e3c22,  0x87871592,  0xe9e9c920,
+    0xcece8749, 0x5555aaff,  0x28285078,  0xdfdfa57a,
+    0x8c8c038f, 0xa1a159f8,  0x89890980,  0xd0d1a17,
+    0xbfbf65da, 0xe6e6d731,  0x424284c6,  0x6868d0b8,
+    0x414182c3, 0x999929b0,  0x2d2d5a77,  0xf0f1e11,
+    0xb0b07bcb, 0x5454a8fc,  0xbbbb6dd6,  0x16162c3a,
+};
+/* clang-format on */
+
+/* clang-format off */
+static const uint32_t T2[256] = {
+    0x63c6a563, 0x7cf8847c,  0x77ee9977,  0x7bf68d7b,
+    0xf2ff0df2, 0x6bd6bd6b,  0x6fdeb16f,  0xc59154c5,
+    0x30605030, 0x1020301,   0x67cea967,  0x2b567d2b,
+    0xfee719fe, 0xd7b562d7,  0xab4de6ab,  0x76ec9a76,
+    0xca8f45ca, 0x821f9d82,  0xc98940c9,  0x7dfa877d,
+    0xfaef15fa, 0x59b2eb59,  0x478ec947,  0xf0fb0bf0,
+    0xad41ecad, 0xd4b367d4,  0xa25ffda2,  0xaf45eaaf,
+    0x9c23bf9c, 0xa453f7a4,  0x72e49672,  0xc09b5bc0,
+    0xb775c2b7, 0xfde11cfd,  0x933dae93,  0x264c6a26,
+    0x366c5a36, 0x3f7e413f,  0xf7f502f7,  0xcc834fcc,
+    0x34685c34, 0xa551f4a5,  0xe5d134e5,  0xf1f908f1,
+    0x71e29371, 0xd8ab73d8,  0x31625331,  0x152a3f15,
+    0x4080c04,  0xc79552c7,  0x23466523,  0xc39d5ec3,
+    0x18302818, 0x9637a196,  0x50a0f05,   0x9a2fb59a,
+    0x70e0907,  0x12243612,  0x801b9b80,  0xe2df3de2,
+    0xebcd26eb, 0x274e6927,  0xb27fcdb2,  0x75ea9f75,
+    0x9121b09,  0x831d9e83,  0x2c58742c,  0x1a342e1a,
+    0x1b362d1b, 0x6edcb26e,  0x5ab4ee5a,  0xa05bfba0,
+    0x52a4f652, 0x3b764d3b,  0xd6b761d6,  0xb37dceb3,
+    0x29527b29, 0xe3dd3ee3,  0x2f5e712f,  0x84139784,
+    0x53a6f553, 0xd1b968d1,  0x0,         0xedc12ced,
+    0x20406020, 0xfce31ffc,  0xb179c8b1,  0x5bb6ed5b,
+    0x6ad4be6a, 0xcb8d46cb,  0xbe67d9be,  0x39724b39,
+    0x4a94de4a, 0x4c98d44c,  0x58b0e858,  0xcf854acf,
+    0xd0bb6bd0, 0xefc52aef,  0xaa4fe5aa,  0xfbed16fb,
+    0x4386c543, 0x4d9ad74d,  0x33665533,  0x85119485,
+    0x458acf45, 0xf9e910f9,  0x2040602,   0x7ffe817f,
+    0x50a0f050, 0x3c78443c,  0x9f25ba9f,  0xa84be3a8,
+    0x51a2f351, 0xa35dfea3,  0x4080c040,  0x8f058a8f,
+    0x923fad92, 0x9d21bc9d,  0x38704838,  0xf5f104f5,
+    0xbc63dfbc, 0xb677c1b6,  0xdaaf75da,  0x21426321,
+    0x10203010, 0xffe51aff,  0xf3fd0ef3,  0xd2bf6dd2,
+    0xcd814ccd, 0xc18140c,   0x13263513,  0xecc32fec,
+    0x5fbee15f, 0x9735a297,  0x4488cc44,  0x172e3917,
+    0xc49357c4, 0xa755f2a7,  0x7efc827e,  0x3d7a473d,
+    0x64c8ac64, 0x5dbae75d,  0x19322b19,  0x73e69573,
+    0x60c0a060, 0x81199881,  0x4f9ed14f,  0xdca37fdc,
+    0x22446622, 0x2a547e2a,  0x903bab90,  0x880b8388,
+    0x468cca46, 0xeec729ee,  0xb86bd3b8,  0x14283c14,
+    0xdea779de, 0x5ebce25e,  0xb161d0b,   0xdbad76db,
+    0xe0db3be0, 0x32645632,  0x3a744e3a,  0xa141e0a,
+    0x4992db49, 0x60c0a06,   0x24486c24,  0x5cb8e45c,
+    0xc29f5dc2, 0xd3bd6ed3,  0xac43efac,  0x62c4a662,
+    0x9139a891, 0x9531a495,  0xe4d337e4,  0x79f28b79,
+    0xe7d532e7, 0xc88b43c8,  0x376e5937,  0x6ddab76d,
+    0x8d018c8d, 0xd5b164d5,  0x4e9cd24e,  0xa949e0a9,
+    0x6cd8b46c, 0x56acfa56,  0xf4f307f4,  0xeacf25ea,
+    0x65caaf65, 0x7af48e7a,  0xae47e9ae,  0x8101808,
+    0xba6fd5ba, 0x78f08878,  0x254a6f25,  0x2e5c722e,
+    0x1c38241c, 0xa657f1a6,  0xb473c7b4,  0xc69751c6,
+    0xe8cb23e8, 0xdda17cdd,  0x74e89c74,  0x1f3e211f,
+    0x4b96dd4b, 0xbd61dcbd,  0x8b0d868b,  0x8a0f858a,
+    0x70e09070, 0x3e7c423e,  0xb571c4b5,  0x66ccaa66,
+    0x4890d848, 0x3060503,   0xf6f701f6,  0xe1c120e,
+    0x61c2a361, 0x356a5f35,  0x57aef957,  0xb969d0b9,
+    0x86179186, 0xc19958c1,  0x1d3a271d,  0x9e27b99e,
+    0xe1d938e1, 0xf8eb13f8,  0x982bb398,  0x11223311,
+    0x69d2bb69, 0xd9a970d9,  0x8e07898e,  0x9433a794,
+    0x9b2db69b, 0x1e3c221e,  0x87159287,  0xe9c920e9,
+    0xce8749ce, 0x55aaff55,  0x28507828,  0xdfa57adf,
+    0x8c038f8c, 0xa159f8a1,  0x89098089,  0xd1a170d,
+    0xbf65dabf, 0xe6d731e6,  0x4284c642,  0x68d0b868,
+    0x4182c341, 0x9929b099,  0x2d5a772d,  0xf1e110f,
+    0xb07bcbb0, 0x54a8fc54,  0xbb6dd6bb,  0x162c3a16,
+};
+/* clang-format on */
+
+/* clang-format off */
+static const uint32_t T3[256] = {
+    0xc6a56363, 0xf8847c7c,  0xee997777,  0xf68d7b7b,
+    0xff0df2f2, 0xd6bd6b6b,  0xdeb16f6f,  0x9154c5c5,
+    0x60503030, 0x2030101,   0xcea96767,  0x567d2b2b,
+    0xe719fefe, 0xb562d7d7,  0x4de6abab,  0xec9a7676,
+    0x8f45caca, 0x1f9d8282,  0x8940c9c9,  0xfa877d7d,
+    0xef15fafa, 0xb2eb5959,  0x8ec94747,  0xfb0bf0f0,
+    0x41ecadad, 0xb367d4d4,  0x5ffda2a2,  0x45eaafaf,
+    0x23bf9c9c, 0x53f7a4a4,  0xe4967272,  0x9b5bc0c0,
+    0x75c2b7b7, 0xe11cfdfd,  0x3dae9393,  0x4c6a2626,
+    0x6c5a3636, 0x7e413f3f,  0xf502f7f7,  0x834fcccc,
+    0x685c3434, 0x51f4a5a5,  0xd134e5e5,  0xf908f1f1,
+    0xe2937171, 0xab73d8d8,  0x62533131,  0x2a3f1515,
+    0x80c0404,  0x9552c7c7,  0x46652323,  0x9d5ec3c3,
+    0x30281818, 0x37a19696,  0xa0f0505,   0x2fb59a9a,
+    0xe090707,  0x24361212,  0x1b9b8080,  0xdf3de2e2,
+    0xcd26ebeb, 0x4e692727,  0x7fcdb2b2,  0xea9f7575,
+    0x121b0909, 0x1d9e8383,  0x58742c2c,  0x342e1a1a,
+    0x362d1b1b, 0xdcb26e6e,  0xb4ee5a5a,  0x5bfba0a0,
+    0xa4f65252, 0x764d3b3b,  0xb761d6d6,  0x7dceb3b3,
+    0x527b2929, 0xdd3ee3e3,  0x5e712f2f,  0x13978484,
+    0xa6f55353, 0xb968d1d1,  0x0,         0xc12ceded,
+    0x40602020, 0xe31ffcfc,  0x79c8b1b1,  0xb6ed5b5b,
+    0xd4be6a6a, 0x8d46cbcb,  0x67d9bebe,  0x724b3939,
+    0x94de4a4a, 0x98d44c4c,  0xb0e85858,  0x854acfcf,
+    0xbb6bd0d0, 0xc52aefef,  0x4fe5aaaa,  0xed16fbfb,
+    0x86c54343, 0x9ad74d4d,  0x66553333,  0x11948585,
+    0x8acf4545, 0xe910f9f9,  0x4060202,   0xfe817f7f,
+    0xa0f05050, 0x78443c3c,  0x25ba9f9f,  0x4be3a8a8,
+    0xa2f35151, 0x5dfea3a3,  0x80c04040,  0x58a8f8f,
+    0x3fad9292, 0x21bc9d9d,  0x70483838,  0xf104f5f5,
+    0x63dfbcbc, 0x77c1b6b6,  0xaf75dada,  0x42632121,
+    0x20301010, 0xe51affff,  0xfd0ef3f3,  0xbf6dd2d2,
+    0x814ccdcd, 0x18140c0c,  0x26351313,  0xc32fecec,
+    0xbee15f5f, 0x35a29797,  0x88cc4444,  0x2e391717,
+    0x9357c4c4, 0x55f2a7a7,  0xfc827e7e,  0x7a473d3d,
+    0xc8ac6464, 0xbae75d5d,  0x322b1919,  0xe6957373,
+    0xc0a06060, 0x19988181,  0x9ed14f4f,  0xa37fdcdc,
+    0x44662222, 0x547e2a2a,  0x3bab9090,  0xb838888,
+    0x8cca4646, 0xc729eeee,  0x6bd3b8b8,  0x283c1414,
+    0xa779dede, 0xbce25e5e,  0x161d0b0b,  0xad76dbdb,
+    0xdb3be0e0, 0x64563232,  0x744e3a3a,  0x141e0a0a,
+    0x92db4949, 0xc0a0606,   0x486c2424,  0xb8e45c5c,
+    0x9f5dc2c2, 0xbd6ed3d3,  0x43efacac,  0xc4a66262,
+    0x39a89191, 0x31a49595,  0xd337e4e4,  0xf28b7979,
+    0xd532e7e7, 0x8b43c8c8,  0x6e593737,  0xdab76d6d,
+    0x18c8d8d,  0xb164d5d5,  0x9cd24e4e,  0x49e0a9a9,
+    0xd8b46c6c, 0xacfa5656,  0xf307f4f4,  0xcf25eaea,
+    0xcaaf6565, 0xf48e7a7a,  0x47e9aeae,  0x10180808,
+    0x6fd5baba, 0xf0887878,  0x4a6f2525,  0x5c722e2e,
+    0x38241c1c, 0x57f1a6a6,  0x73c7b4b4,  0x9751c6c6,
+    0xcb23e8e8, 0xa17cdddd,  0xe89c7474,  0x3e211f1f,
+    0x96dd4b4b, 0x61dcbdbd,  0xd868b8b,   0xf858a8a,
+    0xe0907070, 0x7c423e3e,  0x71c4b5b5,  0xccaa6666,
+    0x90d84848, 0x6050303,   0xf701f6f6,  0x1c120e0e,
+    0xc2a36161, 0x6a5f3535,  0xaef95757,  0x69d0b9b9,
+    0x17918686, 0x9958c1c1,  0x3a271d1d,  0x27b99e9e,
+    0xd938e1e1, 0xeb13f8f8,  0x2bb39898,  0x22331111,
+    0xd2bb6969, 0xa970d9d9,  0x7898e8e,   0x33a79494,
+    0x2db69b9b, 0x3c221e1e,  0x15928787,  0xc920e9e9,
+    0x8749cece, 0xaaff5555,  0x50782828,  0xa57adfdf,
+    0x38f8c8c,  0x59f8a1a1,  0x9808989,   0x1a170d0d,
+    0x65dabfbf, 0xd731e6e6,  0x84c64242,  0xd0b86868,
+    0x82c34141, 0x29b09999,  0x5a772d2d,  0x1e110f0f,
+    0x7bcbb0b0, 0xa8fc5454,  0x6dd6bbbb,  0x2c3a1616,
+};
+/* clang-format on */
+
+/* clang-format off */
+static const uint32_t U0[256] = {
+    0x50a7f451, 0x5365417e,  0xc3a4171a,  0x965e273a,
+    0xcb6bab3b, 0xf1459d1f,  0xab58faac,  0x9303e34b,
+    0x55fa3020, 0xf66d76ad,  0x9176cc88,  0x254c02f5,
+    0xfcd7e54f, 0xd7cb2ac5,  0x80443526,  0x8fa362b5,
+    0x495ab1de, 0x671bba25,  0x980eea45,  0xe1c0fe5d,
+    0x2752fc3,  0x12f04c81,  0xa397468d,  0xc6f9d36b,
+    0xe75f8f03, 0x959c9215,  0xeb7a6dbf,  0xda595295,
+    0x2d83bed4, 0xd3217458,  0x2969e049,  0x44c8c98e,
+    0x6a89c275, 0x78798ef4,  0x6b3e5899,  0xdd71b927,
+    0xb64fe1be, 0x17ad88f0,  0x66ac20c9,  0xb43ace7d,
+    0x184adf63, 0x82311ae5,  0x60335197,  0x457f5362,
+    0xe07764b1, 0x84ae6bbb,  0x1ca081fe,  0x942b08f9,
+    0x58684870, 0x19fd458f,  0x876cde94,  0xb7f87b52,
+    0x23d373ab, 0xe2024b72,  0x578f1fe3,  0x2aab5566,
+    0x728ebb2,  0x3c2b52f,   0x9a7bc586,  0xa50837d3,
+    0xf2872830, 0xb2a5bf23,  0xba6a0302,  0x5c8216ed,
+    0x2b1ccf8a, 0x92b479a7,  0xf0f207f3,  0xa1e2694e,
+    0xcdf4da65, 0xd5be0506,  0x1f6234d1,  0x8afea6c4,
+    0x9d532e34, 0xa055f3a2,  0x32e18a05,  0x75ebf6a4,
+    0x39ec830b, 0xaaef6040,  0x69f715e,   0x51106ebd,
+    0xf98a213e, 0x3d06dd96,  0xae053edd,  0x46bde64d,
+    0xb58d5491, 0x55dc471,   0x6fd40604,  0xff155060,
+    0x24fb9819, 0x97e9bdd6,  0xcc434089,  0x779ed967,
+    0xbd42e8b0, 0x888b8907,  0x385b19e7,  0xdbeec879,
+    0x470a7ca1, 0xe90f427c,  0xc91e84f8,  0x0,
+    0x83868009, 0x48ed2b32,  0xac70111e,  0x4e725a6c,
+    0xfbff0efd, 0x5638850f,  0x1ed5ae3d,  0x27392d36,
+    0x64d90f0a, 0x21a65c68,  0xd1545b9b,  0x3a2e3624,
+    0xb1670a0c, 0xfe75793,   0xd296eeb4,  0x9e919b1b,
+    0x4fc5c080, 0xa220dc61,  0x694b775a,  0x161a121c,
+    0xaba93e2,  0xe52aa0c0,  0x43e0223c,  0x1d171b12,
+    0xb0d090e,  0xadc78bf2,  0xb9a8b62d,  0xc8a91e14,
+    0x8519f157, 0x4c0775af,  0xbbdd99ee,  0xfd607fa3,
+    0x9f2601f7, 0xbcf5725c,  0xc53b6644,  0x347efb5b,
+    0x7629438b, 0xdcc623cb,  0x68fcedb6,  0x63f1e4b8,
+    0xcadc31d7, 0x10856342,  0x40229713,  0x2011c684,
+    0x7d244a85, 0xf83dbbd2,  0x1132f9ae,  0x6da129c7,
+    0x4b2f9e1d, 0xf330b2dc,  0xec52860d,  0xd0e3c177,
+    0x6c16b32b, 0x99b970a9,  0xfa489411,  0x2264e947,
+    0xc48cfca8, 0x1a3ff0a0,  0xd82c7d56,  0xef903322,
+    0xc74e4987, 0xc1d138d9,  0xfea2ca8c,  0x360bd498,
+    0xcf81f5a6, 0x28de7aa5,  0x268eb7da,  0xa4bfad3f,
+    0xe49d3a2c, 0xd927850,   0x9bcc5f6a,  0x62467e54,
+    0xc2138df6, 0xe8b8d890,  0x5ef7392e,  0xf5afc382,
+    0xbe805d9f, 0x7c93d069,  0xa92dd56f,  0xb31225cf,
+    0x3b99acc8, 0xa77d1810,  0x6e639ce8,  0x7bbb3bdb,
+    0x97826cd,  0xf418596e,  0x1b79aec,   0xa89a4f83,
+    0x656e95e6, 0x7ee6ffaa,  0x8cfbc21,   0xe6e815ef,
+    0xd99be7ba, 0xce366f4a,  0xd4099fea,  0xd67cb029,
+    0xafb2a431, 0x31233f2a,  0x3094a5c6,  0xc066a235,
+    0x37bc4e74, 0xa6ca82fc,  0xb0d090e0,  0x15d8a733,
+    0x4a9804f1, 0xf7daec41,  0xe50cd7f,   0x2ff69117,
+    0x8dd64d76, 0x4db0ef43,  0x544daacc,  0xdf0496e4,
+    0xe3b5d19e, 0x1b886a4c,  0xb81f2cc1,  0x7f516546,
+    0x4ea5e9d,  0x5d358c01,  0x737487fa,  0x2e410bfb,
+    0x5a1d67b3, 0x52d2db92,  0x335610e9,  0x1347d66d,
+    0x8c61d79a, 0x7a0ca137,  0x8e14f859,  0x893c13eb,
+    0xee27a9ce, 0x35c961b7,  0xede51ce1,  0x3cb1477a,
+    0x59dfd29c, 0x3f73f255,  0x79ce1418,  0xbf37c773,
+    0xeacdf753, 0x5baafd5f,  0x146f3ddf,  0x86db4478,
+    0x81f3afca, 0x3ec468b9,  0x2c342438,  0x5f40a3c2,
+    0x72c31d16, 0xc25e2bc,   0x8b493c28,  0x41950dff,
+    0x7101a839, 0xdeb30c08,  0x9ce4b4d8,  0x90c15664,
+    0x6184cb7b, 0x70b632d5,  0x745c6c48,  0x4257b8d0,
+};
+/* clang-format on */
+
+/* clang-format off */
+static const uint32_t U1[256] = {
+    0xa7f45150, 0x65417e53,  0xa4171ac3,  0x5e273a96,
+    0x6bab3bcb, 0x459d1ff1,  0x58faacab,  0x3e34b93,
+    0xfa302055, 0x6d76adf6,  0x76cc8891,  0x4c02f525,
+    0xd7e54ffc, 0xcb2ac5d7,  0x44352680,  0xa362b58f,
+    0x5ab1de49, 0x1bba2567,  0xeea4598,   0xc0fe5de1,
+    0x752fc302, 0xf04c8112,  0x97468da3,  0xf9d36bc6,
+    0x5f8f03e7, 0x9c921595,  0x7a6dbfeb,  0x595295da,
+    0x83bed42d, 0x217458d3,  0x69e04929,  0xc8c98e44,
+    0x89c2756a, 0x798ef478,  0x3e58996b,  0x71b927dd,
+    0x4fe1beb6, 0xad88f017,  0xac20c966,  0x3ace7db4,
+    0x4adf6318, 0x311ae582,  0x33519760,  0x7f536245,
+    0x7764b1e0, 0xae6bbb84,  0xa081fe1c,  0x2b08f994,
+    0x68487058, 0xfd458f19,  0x6cde9487,  0xf87b52b7,
+    0xd373ab23, 0x24b72e2,   0x8f1fe357,  0xab55662a,
+    0x28ebb207, 0xc2b52f03,  0x7bc5869a,  0x837d3a5,
+    0x872830f2, 0xa5bf23b2,  0x6a0302ba,  0x8216ed5c,
+    0x1ccf8a2b, 0xb479a792,  0xf207f3f0,  0xe2694ea1,
+    0xf4da65cd, 0xbe0506d5,  0x6234d11f,  0xfea6c48a,
+    0x532e349d, 0x55f3a2a0,  0xe18a0532,  0xebf6a475,
+    0xec830b39, 0xef6040aa,  0x9f715e06,  0x106ebd51,
+    0x8a213ef9, 0x6dd963d,   0x53eddae,   0xbde64d46,
+    0x8d5491b5, 0x5dc47105,  0xd406046f,  0x155060ff,
+    0xfb981924, 0xe9bdd697,  0x434089cc,  0x9ed96777,
+    0x42e8b0bd, 0x8b890788,  0x5b19e738,  0xeec879db,
+    0xa7ca147,  0xf427ce9,   0x1e84f8c9,  0x0,
+    0x86800983, 0xed2b3248,  0x70111eac,  0x725a6c4e,
+    0xff0efdfb, 0x38850f56,  0xd5ae3d1e,  0x392d3627,
+    0xd90f0a64, 0xa65c6821,  0x545b9bd1,  0x2e36243a,
+    0x670a0cb1, 0xe757930f,  0x96eeb4d2,  0x919b1b9e,
+    0xc5c0804f, 0x20dc61a2,  0x4b775a69,  0x1a121c16,
+    0xba93e20a, 0x2aa0c0e5,  0xe0223c43,  0x171b121d,
+    0xd090e0b,  0xc78bf2ad,  0xa8b62db9,  0xa91e14c8,
+    0x19f15785, 0x775af4c,   0xdd99eebb,  0x607fa3fd,
+    0x2601f79f, 0xf5725cbc,  0x3b6644c5,  0x7efb5b34,
+    0x29438b76, 0xc623cbdc,  0xfcedb668,  0xf1e4b863,
+    0xdc31d7ca, 0x85634210,  0x22971340,  0x11c68420,
+    0x244a857d, 0x3dbbd2f8,  0x32f9ae11,  0xa129c76d,
+    0x2f9e1d4b, 0x30b2dcf3,  0x52860dec,  0xe3c177d0,
+    0x16b32b6c, 0xb970a999,  0x489411fa,  0x64e94722,
+    0x8cfca8c4, 0x3ff0a01a,  0x2c7d56d8,  0x903322ef,
+    0x4e4987c7, 0xd138d9c1,  0xa2ca8cfe,  0xbd49836,
+    0x81f5a6cf, 0xde7aa528,  0x8eb7da26,  0xbfad3fa4,
+    0x9d3a2ce4, 0x9278500d,  0xcc5f6a9b,  0x467e5462,
+    0x138df6c2, 0xb8d890e8,  0xf7392e5e,  0xafc382f5,
+    0x805d9fbe, 0x93d0697c,  0x2dd56fa9,  0x1225cfb3,
+    0x99acc83b, 0x7d1810a7,  0x639ce86e,  0xbb3bdb7b,
+    0x7826cd09, 0x18596ef4,  0xb79aec01,  0x9a4f83a8,
+    0x6e95e665, 0xe6ffaa7e,  0xcfbc2108,  0xe815efe6,
+    0x9be7bad9, 0x366f4ace,  0x99fead4,   0x7cb029d6,
+    0xb2a431af, 0x233f2a31,  0x94a5c630,  0x66a235c0,
+    0xbc4e7437, 0xca82fca6,  0xd090e0b0,  0xd8a73315,
+    0x9804f14a, 0xdaec41f7,  0x50cd7f0e,  0xf691172f,
+    0xd64d768d, 0xb0ef434d,  0x4daacc54,  0x496e4df,
+    0xb5d19ee3, 0x886a4c1b,  0x1f2cc1b8,  0x5165467f,
+    0xea5e9d04, 0x358c015d,  0x7487fa73,  0x410bfb2e,
+    0x1d67b35a, 0xd2db9252,  0x5610e933,  0x47d66d13,
+    0x61d79a8c, 0xca1377a,   0x14f8598e,  0x3c13eb89,
+    0x27a9ceee, 0xc961b735,  0xe51ce1ed,  0xb1477a3c,
+    0xdfd29c59, 0x73f2553f,  0xce141879,  0x37c773bf,
+    0xcdf753ea, 0xaafd5f5b,  0x6f3ddf14,  0xdb447886,
+    0xf3afca81, 0xc468b93e,  0x3424382c,  0x40a3c25f,
+    0xc31d1672, 0x25e2bc0c,  0x493c288b,  0x950dff41,
+    0x1a83971,  0xb30c08de,  0xe4b4d89c,  0xc1566490,
+    0x84cb7b61, 0xb632d570,  0x5c6c4874,  0x57b8d042,
+};
+/* clang-format on */
+
+/* clang-format off */
+static const uint32_t U2[256] = {
+    0xf45150a7, 0x417e5365,  0x171ac3a4,  0x273a965e,
+    0xab3bcb6b, 0x9d1ff145,  0xfaacab58,  0xe34b9303,
+    0x302055fa, 0x76adf66d,  0xcc889176,  0x2f5254c,
+    0xe54ffcd7, 0x2ac5d7cb,  0x35268044,  0x62b58fa3,
+    0xb1de495a, 0xba25671b,  0xea45980e,  0xfe5de1c0,
+    0x2fc30275, 0x4c8112f0,  0x468da397,  0xd36bc6f9,
+    0x8f03e75f, 0x9215959c,  0x6dbfeb7a,  0x5295da59,
+    0xbed42d83, 0x7458d321,  0xe0492969,  0xc98e44c8,
+    0xc2756a89, 0x8ef47879,  0x58996b3e,  0xb927dd71,
+    0xe1beb64f, 0x88f017ad,  0x20c966ac,  0xce7db43a,
+    0xdf63184a, 0x1ae58231,  0x51976033,  0x5362457f,
+    0x64b1e077, 0x6bbb84ae,  0x81fe1ca0,  0x8f9942b,
+    0x48705868, 0x458f19fd,  0xde94876c,  0x7b52b7f8,
+    0x73ab23d3, 0x4b72e202,  0x1fe3578f,  0x55662aab,
+    0xebb20728, 0xb52f03c2,  0xc5869a7b,  0x37d3a508,
+    0x2830f287, 0xbf23b2a5,  0x302ba6a,   0x16ed5c82,
+    0xcf8a2b1c, 0x79a792b4,  0x7f3f0f2,   0x694ea1e2,
+    0xda65cdf4, 0x506d5be,   0x34d11f62,  0xa6c48afe,
+    0x2e349d53, 0xf3a2a055,  0x8a0532e1,  0xf6a475eb,
+    0x830b39ec, 0x6040aaef,  0x715e069f,  0x6ebd5110,
+    0x213ef98a, 0xdd963d06,  0x3eddae05,  0xe64d46bd,
+    0x5491b58d, 0xc471055d,  0x6046fd4,   0x5060ff15,
+    0x981924fb, 0xbdd697e9,  0x4089cc43,  0xd967779e,
+    0xe8b0bd42, 0x8907888b,  0x19e7385b,  0xc879dbee,
+    0x7ca1470a, 0x427ce90f,  0x84f8c91e,  0x0,
+    0x80098386, 0x2b3248ed,  0x111eac70,  0x5a6c4e72,
+    0xefdfbff,  0x850f5638,  0xae3d1ed5,  0x2d362739,
+    0xf0a64d9,  0x5c6821a6,  0x5b9bd154,  0x36243a2e,
+    0xa0cb167,  0x57930fe7,  0xeeb4d296,  0x9b1b9e91,
+    0xc0804fc5, 0xdc61a220,  0x775a694b,  0x121c161a,
+    0x93e20aba, 0xa0c0e52a,  0x223c43e0,  0x1b121d17,
+    0x90e0b0d,  0x8bf2adc7,  0xb62db9a8,  0x1e14c8a9,
+    0xf1578519, 0x75af4c07,  0x99eebbdd,  0x7fa3fd60,
+    0x1f79f26,  0x725cbcf5,  0x6644c53b,  0xfb5b347e,
+    0x438b7629, 0x23cbdcc6,  0xedb668fc,  0xe4b863f1,
+    0x31d7cadc, 0x63421085,  0x97134022,  0xc6842011,
+    0x4a857d24, 0xbbd2f83d,  0xf9ae1132,  0x29c76da1,
+    0x9e1d4b2f, 0xb2dcf330,  0x860dec52,  0xc177d0e3,
+    0xb32b6c16, 0x70a999b9,  0x9411fa48,  0xe9472264,
+    0xfca8c48c, 0xf0a01a3f,  0x7d56d82c,  0x3322ef90,
+    0x4987c74e, 0x38d9c1d1,  0xca8cfea2,  0xd498360b,
+    0xf5a6cf81, 0x7aa528de,  0xb7da268e,  0xad3fa4bf,
+    0x3a2ce49d, 0x78500d92,  0x5f6a9bcc,  0x7e546246,
+    0x8df6c213, 0xd890e8b8,  0x392e5ef7,  0xc382f5af,
+    0x5d9fbe80, 0xd0697c93,  0xd56fa92d,  0x25cfb312,
+    0xacc83b99, 0x1810a77d,  0x9ce86e63,  0x3bdb7bbb,
+    0x26cd0978, 0x596ef418,  0x9aec01b7,  0x4f83a89a,
+    0x95e6656e, 0xffaa7ee6,  0xbc2108cf,  0x15efe6e8,
+    0xe7bad99b, 0x6f4ace36,  0x9fead409,  0xb029d67c,
+    0xa431afb2, 0x3f2a3123,  0xa5c63094,  0xa235c066,
+    0x4e7437bc, 0x82fca6ca,  0x90e0b0d0,  0xa73315d8,
+    0x4f14a98,  0xec41f7da,  0xcd7f0e50,  0x91172ff6,
+    0x4d768dd6, 0xef434db0,  0xaacc544d,  0x96e4df04,
+    0xd19ee3b5, 0x6a4c1b88,  0x2cc1b81f,  0x65467f51,
+    0x5e9d04ea, 0x8c015d35,  0x87fa7374,  0xbfb2e41,
+    0x67b35a1d, 0xdb9252d2,  0x10e93356,  0xd66d1347,
+    0xd79a8c61, 0xa1377a0c,  0xf8598e14,  0x13eb893c,
+    0xa9ceee27, 0x61b735c9,  0x1ce1ede5,  0x477a3cb1,
+    0xd29c59df, 0xf2553f73,  0x141879ce,  0xc773bf37,
+    0xf753eacd, 0xfd5f5baa,  0x3ddf146f,  0x447886db,
+    0xafca81f3, 0x68b93ec4,  0x24382c34,  0xa3c25f40,
+    0x1d1672c3, 0xe2bc0c25,  0x3c288b49,  0xdff4195,
+    0xa8397101, 0xc08deb3,   0xb4d89ce4,  0x566490c1,
+    0xcb7b6184, 0x32d570b6,  0x6c48745c,  0xb8d04257,
+};
+/* clang-format on */
+
+/* clang-format off */
+static const uint32_t U3[256] = {
+    0x5150a7f4, 0x7e536541,  0x1ac3a417,  0x3a965e27,
+    0x3bcb6bab, 0x1ff1459d,  0xacab58fa,  0x4b9303e3,
+    0x2055fa30, 0xadf66d76,  0x889176cc,  0xf5254c02,
+    0x4ffcd7e5, 0xc5d7cb2a,  0x26804435,  0xb58fa362,
+    0xde495ab1, 0x25671bba,  0x45980eea,  0x5de1c0fe,
+    0xc302752f, 0x8112f04c,  0x8da39746,  0x6bc6f9d3,
+    0x3e75f8f,  0x15959c92,  0xbfeb7a6d,  0x95da5952,
+    0xd42d83be, 0x58d32174,  0x492969e0,  0x8e44c8c9,
+    0x756a89c2, 0xf478798e,  0x996b3e58,  0x27dd71b9,
+    0xbeb64fe1, 0xf017ad88,  0xc966ac20,  0x7db43ace,
+    0x63184adf, 0xe582311a,  0x97603351,  0x62457f53,
+    0xb1e07764, 0xbb84ae6b,  0xfe1ca081,  0xf9942b08,
+    0x70586848, 0x8f19fd45,  0x94876cde,  0x52b7f87b,
+    0xab23d373, 0x72e2024b,  0xe3578f1f,  0x662aab55,
+    0xb20728eb, 0x2f03c2b5,  0x869a7bc5,  0xd3a50837,
+    0x30f28728, 0x23b2a5bf,  0x2ba6a03,   0xed5c8216,
+    0x8a2b1ccf, 0xa792b479,  0xf3f0f207,  0x4ea1e269,
+    0x65cdf4da, 0x6d5be05,   0xd11f6234,  0xc48afea6,
+    0x349d532e, 0xa2a055f3,  0x532e18a,   0xa475ebf6,
+    0xb39ec83,  0x40aaef60,  0x5e069f71,  0xbd51106e,
+    0x3ef98a21, 0x963d06dd,  0xddae053e,  0x4d46bde6,
+    0x91b58d54, 0x71055dc4,  0x46fd406,   0x60ff1550,
+    0x1924fb98, 0xd697e9bd,  0x89cc4340,  0x67779ed9,
+    0xb0bd42e8, 0x7888b89,   0xe7385b19,  0x79dbeec8,
+    0xa1470a7c, 0x7ce90f42,  0xf8c91e84,  0x0,
+    0x9838680,  0x3248ed2b,  0x1eac7011,  0x6c4e725a,
+    0xfdfbff0e, 0xf563885,   0x3d1ed5ae,  0x3627392d,
+    0xa64d90f,  0x6821a65c,  0x9bd1545b,  0x243a2e36,
+    0xcb1670a,  0x930fe757,  0xb4d296ee,  0x1b9e919b,
+    0x804fc5c0, 0x61a220dc,  0x5a694b77,  0x1c161a12,
+    0xe20aba93, 0xc0e52aa0,  0x3c43e022,  0x121d171b,
+    0xe0b0d09,  0xf2adc78b,  0x2db9a8b6,  0x14c8a91e,
+    0x578519f1, 0xaf4c0775,  0xeebbdd99,  0xa3fd607f,
+    0xf79f2601, 0x5cbcf572,  0x44c53b66,  0x5b347efb,
+    0x8b762943, 0xcbdcc623,  0xb668fced,  0xb863f1e4,
+    0xd7cadc31, 0x42108563,  0x13402297,  0x842011c6,
+    0x857d244a, 0xd2f83dbb,  0xae1132f9,  0xc76da129,
+    0x1d4b2f9e, 0xdcf330b2,  0xdec5286,   0x77d0e3c1,
+    0x2b6c16b3, 0xa999b970,  0x11fa4894,  0x472264e9,
+    0xa8c48cfc, 0xa01a3ff0,  0x56d82c7d,  0x22ef9033,
+    0x87c74e49, 0xd9c1d138,  0x8cfea2ca,  0x98360bd4,
+    0xa6cf81f5, 0xa528de7a,  0xda268eb7,  0x3fa4bfad,
+    0x2ce49d3a, 0x500d9278,  0x6a9bcc5f,  0x5462467e,
+    0xf6c2138d, 0x90e8b8d8,  0x2e5ef739,  0x82f5afc3,
+    0x9fbe805d, 0x697c93d0,  0x6fa92dd5,  0xcfb31225,
+    0xc83b99ac, 0x10a77d18,  0xe86e639c,  0xdb7bbb3b,
+    0xcd097826, 0x6ef41859,  0xec01b79a,  0x83a89a4f,
+    0xe6656e95, 0xaa7ee6ff,  0x2108cfbc,  0xefe6e815,
+    0xbad99be7, 0x4ace366f,  0xead4099f,  0x29d67cb0,
+    0x31afb2a4, 0x2a31233f,  0xc63094a5,  0x35c066a2,
+    0x7437bc4e, 0xfca6ca82,  0xe0b0d090,  0x3315d8a7,
+    0xf14a9804, 0x41f7daec,  0x7f0e50cd,  0x172ff691,
+    0x768dd64d, 0x434db0ef,  0xcc544daa,  0xe4df0496,
+    0x9ee3b5d1, 0x4c1b886a,  0xc1b81f2c,  0x467f5165,
+    0x9d04ea5e, 0x15d358c,   0xfa737487,  0xfb2e410b,
+    0xb35a1d67, 0x9252d2db,  0xe9335610,  0x6d1347d6,
+    0x9a8c61d7, 0x377a0ca1,  0x598e14f8,  0xeb893c13,
+    0xceee27a9, 0xb735c961,  0xe1ede51c,  0x7a3cb147,
+    0x9c59dfd2, 0x553f73f2,  0x1879ce14,  0x73bf37c7,
+    0x53eacdf7, 0x5f5baafd,  0xdf146f3d,  0x7886db44,
+    0xca81f3af, 0xb93ec468,  0x382c3424,  0xc25f40a3,
+    0x1672c31d, 0xbc0c25e2,  0x288b493c,  0xff41950d,
+    0x397101a8, 0x8deb30c,   0xd89ce4b4,  0x6490c156,
+    0x7b6184cb, 0xd570b632,  0x48745c6c,  0xd04257b8,
+};
+/* clang-format on */
+
+#else /* assume big endian */
+/* clang-format off */
+static const uint32_t T0[256] = {
+    0xc66363a5, 0xf87c7c84,  0xee777799,  0xf67b7b8d,
+    0xfff2f20d, 0xd66b6bbd,  0xde6f6fb1,  0x91c5c554,
+    0x60303050, 0x2010103,   0xce6767a9,  0x562b2b7d,
+    0xe7fefe19, 0xb5d7d762,  0x4dababe6,  0xec76769a,
+    0x8fcaca45, 0x1f82829d,  0x89c9c940,  0xfa7d7d87,
+    0xeffafa15, 0xb25959eb,  0x8e4747c9,  0xfbf0f00b,
+    0x41adadec, 0xb3d4d467,  0x5fa2a2fd,  0x45afafea,
+    0x239c9cbf, 0x53a4a4f7,  0xe4727296,  0x9bc0c05b,
+    0x75b7b7c2, 0xe1fdfd1c,  0x3d9393ae,  0x4c26266a,
+    0x6c36365a, 0x7e3f3f41,  0xf5f7f702,  0x83cccc4f,
+    0x6834345c, 0x51a5a5f4,  0xd1e5e534,  0xf9f1f108,
+    0xe2717193, 0xabd8d873,  0x62313153,  0x2a15153f,
+    0x804040c,  0x95c7c752,  0x46232365,  0x9dc3c35e,
+    0x30181828, 0x379696a1,  0xa05050f,   0x2f9a9ab5,
+    0xe070709,  0x24121236,  0x1b80809b,  0xdfe2e23d,
+    0xcdebeb26, 0x4e272769,  0x7fb2b2cd,  0xea75759f,
+    0x1209091b, 0x1d83839e,  0x582c2c74,  0x341a1a2e,
+    0x361b1b2d, 0xdc6e6eb2,  0xb45a5aee,  0x5ba0a0fb,
+    0xa45252f6, 0x763b3b4d,  0xb7d6d661,  0x7db3b3ce,
+    0x5229297b, 0xdde3e33e,  0x5e2f2f71,  0x13848497,
+    0xa65353f5, 0xb9d1d168,  0x0,         0xc1eded2c,
+    0x40202060, 0xe3fcfc1f,  0x79b1b1c8,  0xb65b5bed,
+    0xd46a6abe, 0x8dcbcb46,  0x67bebed9,  0x7239394b,
+    0x944a4ade, 0x984c4cd4,  0xb05858e8,  0x85cfcf4a,
+    0xbbd0d06b, 0xc5efef2a,  0x4faaaae5,  0xedfbfb16,
+    0x864343c5, 0x9a4d4dd7,  0x66333355,  0x11858594,
+    0x8a4545cf, 0xe9f9f910,  0x4020206,   0xfe7f7f81,
+    0xa05050f0, 0x783c3c44,  0x259f9fba,  0x4ba8a8e3,
+    0xa25151f3, 0x5da3a3fe,  0x804040c0,  0x58f8f8a,
+    0x3f9292ad, 0x219d9dbc,  0x70383848,  0xf1f5f504,
+    0x63bcbcdf, 0x77b6b6c1,  0xafdada75,  0x42212163,
+    0x20101030, 0xe5ffff1a,  0xfdf3f30e,  0xbfd2d26d,
+    0x81cdcd4c, 0x180c0c14,  0x26131335,  0xc3ecec2f,
+    0xbe5f5fe1, 0x359797a2,  0x884444cc,  0x2e171739,
+    0x93c4c457, 0x55a7a7f2,  0xfc7e7e82,  0x7a3d3d47,
+    0xc86464ac, 0xba5d5de7,  0x3219192b,  0xe6737395,
+    0xc06060a0, 0x19818198,  0x9e4f4fd1,  0xa3dcdc7f,
+    0x44222266, 0x542a2a7e,  0x3b9090ab,  0xb888883,
+    0x8c4646ca, 0xc7eeee29,  0x6bb8b8d3,  0x2814143c,
+    0xa7dede79, 0xbc5e5ee2,  0x160b0b1d,  0xaddbdb76,
+    0xdbe0e03b, 0x64323256,  0x743a3a4e,  0x140a0a1e,
+    0x924949db, 0xc06060a,   0x4824246c,  0xb85c5ce4,
+    0x9fc2c25d, 0xbdd3d36e,  0x43acacef,  0xc46262a6,
+    0x399191a8, 0x319595a4,  0xd3e4e437,  0xf279798b,
+    0xd5e7e732, 0x8bc8c843,  0x6e373759,  0xda6d6db7,
+    0x18d8d8c,  0xb1d5d564,  0x9c4e4ed2,  0x49a9a9e0,
+    0xd86c6cb4, 0xac5656fa,  0xf3f4f407,  0xcfeaea25,
+    0xca6565af, 0xf47a7a8e,  0x47aeaee9,  0x10080818,
+    0x6fbabad5, 0xf0787888,  0x4a25256f,  0x5c2e2e72,
+    0x381c1c24, 0x57a6a6f1,  0x73b4b4c7,  0x97c6c651,
+    0xcbe8e823, 0xa1dddd7c,  0xe874749c,  0x3e1f1f21,
+    0x964b4bdd, 0x61bdbddc,  0xd8b8b86,   0xf8a8a85,
+    0xe0707090, 0x7c3e3e42,  0x71b5b5c4,  0xcc6666aa,
+    0x904848d8, 0x6030305,   0xf7f6f601,  0x1c0e0e12,
+    0xc26161a3, 0x6a35355f,  0xae5757f9,  0x69b9b9d0,
+    0x17868691, 0x99c1c158,  0x3a1d1d27,  0x279e9eb9,
+    0xd9e1e138, 0xebf8f813,  0x2b9898b3,  0x22111133,
+    0xd26969bb, 0xa9d9d970,  0x78e8e89,   0x339494a7,
+    0x2d9b9bb6, 0x3c1e1e22,  0x15878792,  0xc9e9e920,
+    0x87cece49, 0xaa5555ff,  0x50282878,  0xa5dfdf7a,
+    0x38c8c8f,  0x59a1a1f8,  0x9898980,   0x1a0d0d17,
+    0x65bfbfda, 0xd7e6e631,  0x844242c6,  0xd06868b8,
+    0x824141c3, 0x299999b0,  0x5a2d2d77,  0x1e0f0f11,
+    0x7bb0b0cb, 0xa85454fc,  0x6dbbbbd6,  0x2c16163a,
+};
+/* clang-format on */
+
+/* clang-format off */
+static const uint32_t T1[256] = {
+    0xa5c66363, 0x84f87c7c,  0x99ee7777,  0x8df67b7b,
+    0xdfff2f2,  0xbdd66b6b,  0xb1de6f6f,  0x5491c5c5,
+    0x50603030, 0x3020101,   0xa9ce6767,  0x7d562b2b,
+    0x19e7fefe, 0x62b5d7d7,  0xe64dabab,  0x9aec7676,
+    0x458fcaca, 0x9d1f8282,  0x4089c9c9,  0x87fa7d7d,
+    0x15effafa, 0xebb25959,  0xc98e4747,  0xbfbf0f0,
+    0xec41adad, 0x67b3d4d4,  0xfd5fa2a2,  0xea45afaf,
+    0xbf239c9c, 0xf753a4a4,  0x96e47272,  0x5b9bc0c0,
+    0xc275b7b7, 0x1ce1fdfd,  0xae3d9393,  0x6a4c2626,
+    0x5a6c3636, 0x417e3f3f,  0x2f5f7f7,   0x4f83cccc,
+    0x5c683434, 0xf451a5a5,  0x34d1e5e5,  0x8f9f1f1,
+    0x93e27171, 0x73abd8d8,  0x53623131,  0x3f2a1515,
+    0xc080404,  0x5295c7c7,  0x65462323,  0x5e9dc3c3,
+    0x28301818, 0xa1379696,  0xf0a0505,   0xb52f9a9a,
+    0x90e0707,  0x36241212,  0x9b1b8080,  0x3ddfe2e2,
+    0x26cdebeb, 0x694e2727,  0xcd7fb2b2,  0x9fea7575,
+    0x1b120909, 0x9e1d8383,  0x74582c2c,  0x2e341a1a,
+    0x2d361b1b, 0xb2dc6e6e,  0xeeb45a5a,  0xfb5ba0a0,
+    0xf6a45252, 0x4d763b3b,  0x61b7d6d6,  0xce7db3b3,
+    0x7b522929, 0x3edde3e3,  0x715e2f2f,  0x97138484,
+    0xf5a65353, 0x68b9d1d1,  0x0,         0x2cc1eded,
+    0x60402020, 0x1fe3fcfc,  0xc879b1b1,  0xedb65b5b,
+    0xbed46a6a, 0x468dcbcb,  0xd967bebe,  0x4b723939,
+    0xde944a4a, 0xd4984c4c,  0xe8b05858,  0x4a85cfcf,
+    0x6bbbd0d0, 0x2ac5efef,  0xe54faaaa,  0x16edfbfb,
+    0xc5864343, 0xd79a4d4d,  0x55663333,  0x94118585,
+    0xcf8a4545, 0x10e9f9f9,  0x6040202,   0x81fe7f7f,
+    0xf0a05050, 0x44783c3c,  0xba259f9f,  0xe34ba8a8,
+    0xf3a25151, 0xfe5da3a3,  0xc0804040,  0x8a058f8f,
+    0xad3f9292, 0xbc219d9d,  0x48703838,  0x4f1f5f5,
+    0xdf63bcbc, 0xc177b6b6,  0x75afdada,  0x63422121,
+    0x30201010, 0x1ae5ffff,  0xefdf3f3,   0x6dbfd2d2,
+    0x4c81cdcd, 0x14180c0c,  0x35261313,  0x2fc3ecec,
+    0xe1be5f5f, 0xa2359797,  0xcc884444,  0x392e1717,
+    0x5793c4c4, 0xf255a7a7,  0x82fc7e7e,  0x477a3d3d,
+    0xacc86464, 0xe7ba5d5d,  0x2b321919,  0x95e67373,
+    0xa0c06060, 0x98198181,  0xd19e4f4f,  0x7fa3dcdc,
+    0x66442222, 0x7e542a2a,  0xab3b9090,  0x830b8888,
+    0xca8c4646, 0x29c7eeee,  0xd36bb8b8,  0x3c281414,
+    0x79a7dede, 0xe2bc5e5e,  0x1d160b0b,  0x76addbdb,
+    0x3bdbe0e0, 0x56643232,  0x4e743a3a,  0x1e140a0a,
+    0xdb924949, 0xa0c0606,   0x6c482424,  0xe4b85c5c,
+    0x5d9fc2c2, 0x6ebdd3d3,  0xef43acac,  0xa6c46262,
+    0xa8399191, 0xa4319595,  0x37d3e4e4,  0x8bf27979,
+    0x32d5e7e7, 0x438bc8c8,  0x596e3737,  0xb7da6d6d,
+    0x8c018d8d, 0x64b1d5d5,  0xd29c4e4e,  0xe049a9a9,
+    0xb4d86c6c, 0xfaac5656,  0x7f3f4f4,   0x25cfeaea,
+    0xafca6565, 0x8ef47a7a,  0xe947aeae,  0x18100808,
+    0xd56fbaba, 0x88f07878,  0x6f4a2525,  0x725c2e2e,
+    0x24381c1c, 0xf157a6a6,  0xc773b4b4,  0x5197c6c6,
+    0x23cbe8e8, 0x7ca1dddd,  0x9ce87474,  0x213e1f1f,
+    0xdd964b4b, 0xdc61bdbd,  0x860d8b8b,  0x850f8a8a,
+    0x90e07070, 0x427c3e3e,  0xc471b5b5,  0xaacc6666,
+    0xd8904848, 0x5060303,   0x1f7f6f6,   0x121c0e0e,
+    0xa3c26161, 0x5f6a3535,  0xf9ae5757,  0xd069b9b9,
+    0x91178686, 0x5899c1c1,  0x273a1d1d,  0xb9279e9e,
+    0x38d9e1e1, 0x13ebf8f8,  0xb32b9898,  0x33221111,
+    0xbbd26969, 0x70a9d9d9,  0x89078e8e,  0xa7339494,
+    0xb62d9b9b, 0x223c1e1e,  0x92158787,  0x20c9e9e9,
+    0x4987cece, 0xffaa5555,  0x78502828,  0x7aa5dfdf,
+    0x8f038c8c, 0xf859a1a1,  0x80098989,  0x171a0d0d,
+    0xda65bfbf, 0x31d7e6e6,  0xc6844242,  0xb8d06868,
+    0xc3824141, 0xb0299999,  0x775a2d2d,  0x111e0f0f,
+    0xcb7bb0b0, 0xfca85454,  0xd66dbbbb,  0x3a2c1616,
+};
+/* clang-format on */
+
+/* clang-format off */
+static const uint32_t T2[256] = {
+    0x63a5c663, 0x7c84f87c,  0x7799ee77,  0x7b8df67b,
+    0xf20dfff2, 0x6bbdd66b,  0x6fb1de6f,  0xc55491c5,
+    0x30506030, 0x1030201,   0x67a9ce67,  0x2b7d562b,
+    0xfe19e7fe, 0xd762b5d7,  0xabe64dab,  0x769aec76,
+    0xca458fca, 0x829d1f82,  0xc94089c9,  0x7d87fa7d,
+    0xfa15effa, 0x59ebb259,  0x47c98e47,  0xf00bfbf0,
+    0xadec41ad, 0xd467b3d4,  0xa2fd5fa2,  0xafea45af,
+    0x9cbf239c, 0xa4f753a4,  0x7296e472,  0xc05b9bc0,
+    0xb7c275b7, 0xfd1ce1fd,  0x93ae3d93,  0x266a4c26,
+    0x365a6c36, 0x3f417e3f,  0xf702f5f7,  0xcc4f83cc,
+    0x345c6834, 0xa5f451a5,  0xe534d1e5,  0xf108f9f1,
+    0x7193e271, 0xd873abd8,  0x31536231,  0x153f2a15,
+    0x40c0804,  0xc75295c7,  0x23654623,  0xc35e9dc3,
+    0x18283018, 0x96a13796,  0x50f0a05,   0x9ab52f9a,
+    0x7090e07,  0x12362412,  0x809b1b80,  0xe23ddfe2,
+    0xeb26cdeb, 0x27694e27,  0xb2cd7fb2,  0x759fea75,
+    0x91b1209,  0x839e1d83,  0x2c74582c,  0x1a2e341a,
+    0x1b2d361b, 0x6eb2dc6e,  0x5aeeb45a,  0xa0fb5ba0,
+    0x52f6a452, 0x3b4d763b,  0xd661b7d6,  0xb3ce7db3,
+    0x297b5229, 0xe33edde3,  0x2f715e2f,  0x84971384,
+    0x53f5a653, 0xd168b9d1,  0x0,         0xed2cc1ed,
+    0x20604020, 0xfc1fe3fc,  0xb1c879b1,  0x5bedb65b,
+    0x6abed46a, 0xcb468dcb,  0xbed967be,  0x394b7239,
+    0x4ade944a, 0x4cd4984c,  0x58e8b058,  0xcf4a85cf,
+    0xd06bbbd0, 0xef2ac5ef,  0xaae54faa,  0xfb16edfb,
+    0x43c58643, 0x4dd79a4d,  0x33556633,  0x85941185,
+    0x45cf8a45, 0xf910e9f9,  0x2060402,   0x7f81fe7f,
+    0x50f0a050, 0x3c44783c,  0x9fba259f,  0xa8e34ba8,
+    0x51f3a251, 0xa3fe5da3,  0x40c08040,  0x8f8a058f,
+    0x92ad3f92, 0x9dbc219d,  0x38487038,  0xf504f1f5,
+    0xbcdf63bc, 0xb6c177b6,  0xda75afda,  0x21634221,
+    0x10302010, 0xff1ae5ff,  0xf30efdf3,  0xd26dbfd2,
+    0xcd4c81cd, 0xc14180c,   0x13352613,  0xec2fc3ec,
+    0x5fe1be5f, 0x97a23597,  0x44cc8844,  0x17392e17,
+    0xc45793c4, 0xa7f255a7,  0x7e82fc7e,  0x3d477a3d,
+    0x64acc864, 0x5de7ba5d,  0x192b3219,  0x7395e673,
+    0x60a0c060, 0x81981981,  0x4fd19e4f,  0xdc7fa3dc,
+    0x22664422, 0x2a7e542a,  0x90ab3b90,  0x88830b88,
+    0x46ca8c46, 0xee29c7ee,  0xb8d36bb8,  0x143c2814,
+    0xde79a7de, 0x5ee2bc5e,  0xb1d160b,   0xdb76addb,
+    0xe03bdbe0, 0x32566432,  0x3a4e743a,  0xa1e140a,
+    0x49db9249, 0x60a0c06,   0x246c4824,  0x5ce4b85c,
+    0xc25d9fc2, 0xd36ebdd3,  0xacef43ac,  0x62a6c462,
+    0x91a83991, 0x95a43195,  0xe437d3e4,  0x798bf279,
+    0xe732d5e7, 0xc8438bc8,  0x37596e37,  0x6db7da6d,
+    0x8d8c018d, 0xd564b1d5,  0x4ed29c4e,  0xa9e049a9,
+    0x6cb4d86c, 0x56faac56,  0xf407f3f4,  0xea25cfea,
+    0x65afca65, 0x7a8ef47a,  0xaee947ae,  0x8181008,
+    0xbad56fba, 0x7888f078,  0x256f4a25,  0x2e725c2e,
+    0x1c24381c, 0xa6f157a6,  0xb4c773b4,  0xc65197c6,
+    0xe823cbe8, 0xdd7ca1dd,  0x749ce874,  0x1f213e1f,
+    0x4bdd964b, 0xbddc61bd,  0x8b860d8b,  0x8a850f8a,
+    0x7090e070, 0x3e427c3e,  0xb5c471b5,  0x66aacc66,
+    0x48d89048, 0x3050603,   0xf601f7f6,  0xe121c0e,
+    0x61a3c261, 0x355f6a35,  0x57f9ae57,  0xb9d069b9,
+    0x86911786, 0xc15899c1,  0x1d273a1d,  0x9eb9279e,
+    0xe138d9e1, 0xf813ebf8,  0x98b32b98,  0x11332211,
+    0x69bbd269, 0xd970a9d9,  0x8e89078e,  0x94a73394,
+    0x9bb62d9b, 0x1e223c1e,  0x87921587,  0xe920c9e9,
+    0xce4987ce, 0x55ffaa55,  0x28785028,  0xdf7aa5df,
+    0x8c8f038c, 0xa1f859a1,  0x89800989,  0xd171a0d,
+    0xbfda65bf, 0xe631d7e6,  0x42c68442,  0x68b8d068,
+    0x41c38241, 0x99b02999,  0x2d775a2d,  0xf111e0f,
+    0xb0cb7bb0, 0x54fca854,  0xbbd66dbb,  0x163a2c16,
+};
+/* clang-format on */
+
+/* clang-format off */
+static const uint32_t T3[256] = {
+    0x6363a5c6, 0x7c7c84f8,  0x777799ee,  0x7b7b8df6,
+    0xf2f20dff, 0x6b6bbdd6,  0x6f6fb1de,  0xc5c55491,
+    0x30305060, 0x1010302,   0x6767a9ce,  0x2b2b7d56,
+    0xfefe19e7, 0xd7d762b5,  0xababe64d,  0x76769aec,
+    0xcaca458f, 0x82829d1f,  0xc9c94089,  0x7d7d87fa,
+    0xfafa15ef, 0x5959ebb2,  0x4747c98e,  0xf0f00bfb,
+    0xadadec41, 0xd4d467b3,  0xa2a2fd5f,  0xafafea45,
+    0x9c9cbf23, 0xa4a4f753,  0x727296e4,  0xc0c05b9b,
+    0xb7b7c275, 0xfdfd1ce1,  0x9393ae3d,  0x26266a4c,
+    0x36365a6c, 0x3f3f417e,  0xf7f702f5,  0xcccc4f83,
+    0x34345c68, 0xa5a5f451,  0xe5e534d1,  0xf1f108f9,
+    0x717193e2, 0xd8d873ab,  0x31315362,  0x15153f2a,
+    0x4040c08,  0xc7c75295,  0x23236546,  0xc3c35e9d,
+    0x18182830, 0x9696a137,  0x5050f0a,   0x9a9ab52f,
+    0x707090e,  0x12123624,  0x80809b1b,  0xe2e23ddf,
+    0xebeb26cd, 0x2727694e,  0xb2b2cd7f,  0x75759fea,
+    0x9091b12,  0x83839e1d,  0x2c2c7458,  0x1a1a2e34,
+    0x1b1b2d36, 0x6e6eb2dc,  0x5a5aeeb4,  0xa0a0fb5b,
+    0x5252f6a4, 0x3b3b4d76,  0xd6d661b7,  0xb3b3ce7d,
+    0x29297b52, 0xe3e33edd,  0x2f2f715e,  0x84849713,
+    0x5353f5a6, 0xd1d168b9,  0x0,         0xeded2cc1,
+    0x20206040, 0xfcfc1fe3,  0xb1b1c879,  0x5b5bedb6,
+    0x6a6abed4, 0xcbcb468d,  0xbebed967,  0x39394b72,
+    0x4a4ade94, 0x4c4cd498,  0x5858e8b0,  0xcfcf4a85,
+    0xd0d06bbb, 0xefef2ac5,  0xaaaae54f,  0xfbfb16ed,
+    0x4343c586, 0x4d4dd79a,  0x33335566,  0x85859411,
+    0x4545cf8a, 0xf9f910e9,  0x2020604,   0x7f7f81fe,
+    0x5050f0a0, 0x3c3c4478,  0x9f9fba25,  0xa8a8e34b,
+    0x5151f3a2, 0xa3a3fe5d,  0x4040c080,  0x8f8f8a05,
+    0x9292ad3f, 0x9d9dbc21,  0x38384870,  0xf5f504f1,
+    0xbcbcdf63, 0xb6b6c177,  0xdada75af,  0x21216342,
+    0x10103020, 0xffff1ae5,  0xf3f30efd,  0xd2d26dbf,
+    0xcdcd4c81, 0xc0c1418,   0x13133526,  0xecec2fc3,
+    0x5f5fe1be, 0x9797a235,  0x4444cc88,  0x1717392e,
+    0xc4c45793, 0xa7a7f255,  0x7e7e82fc,  0x3d3d477a,
+    0x6464acc8, 0x5d5de7ba,  0x19192b32,  0x737395e6,
+    0x6060a0c0, 0x81819819,  0x4f4fd19e,  0xdcdc7fa3,
+    0x22226644, 0x2a2a7e54,  0x9090ab3b,  0x8888830b,
+    0x4646ca8c, 0xeeee29c7,  0xb8b8d36b,  0x14143c28,
+    0xdede79a7, 0x5e5ee2bc,  0xb0b1d16,   0xdbdb76ad,
+    0xe0e03bdb, 0x32325664,  0x3a3a4e74,  0xa0a1e14,
+    0x4949db92, 0x6060a0c,   0x24246c48,  0x5c5ce4b8,
+    0xc2c25d9f, 0xd3d36ebd,  0xacacef43,  0x6262a6c4,
+    0x9191a839, 0x9595a431,  0xe4e437d3,  0x79798bf2,
+    0xe7e732d5, 0xc8c8438b,  0x3737596e,  0x6d6db7da,
+    0x8d8d8c01, 0xd5d564b1,  0x4e4ed29c,  0xa9a9e049,
+    0x6c6cb4d8, 0x5656faac,  0xf4f407f3,  0xeaea25cf,
+    0x6565afca, 0x7a7a8ef4,  0xaeaee947,  0x8081810,
+    0xbabad56f, 0x787888f0,  0x25256f4a,  0x2e2e725c,
+    0x1c1c2438, 0xa6a6f157,  0xb4b4c773,  0xc6c65197,
+    0xe8e823cb, 0xdddd7ca1,  0x74749ce8,  0x1f1f213e,
+    0x4b4bdd96, 0xbdbddc61,  0x8b8b860d,  0x8a8a850f,
+    0x707090e0, 0x3e3e427c,  0xb5b5c471,  0x6666aacc,
+    0x4848d890, 0x3030506,   0xf6f601f7,  0xe0e121c,
+    0x6161a3c2, 0x35355f6a,  0x5757f9ae,  0xb9b9d069,
+    0x86869117, 0xc1c15899,  0x1d1d273a,  0x9e9eb927,
+    0xe1e138d9, 0xf8f813eb,  0x9898b32b,  0x11113322,
+    0x6969bbd2, 0xd9d970a9,  0x8e8e8907,  0x9494a733,
+    0x9b9bb62d, 0x1e1e223c,  0x87879215,  0xe9e920c9,
+    0xcece4987, 0x5555ffaa,  0x28287850,  0xdfdf7aa5,
+    0x8c8c8f03, 0xa1a1f859,  0x89898009,  0xd0d171a,
+    0xbfbfda65, 0xe6e631d7,  0x4242c684,  0x6868b8d0,
+    0x4141c382, 0x9999b029,  0x2d2d775a,  0xf0f111e,
+    0xb0b0cb7b, 0x5454fca8,  0xbbbbd66d,  0x16163a2c,
+};
+/* clang-format on */
+
+/* clang-format off */
+static const uint32_t U0[256] = {
+    0x51f4a750, 0x7e416553,  0x1a17a4c3,  0x3a275e96,
+    0x3bab6bcb, 0x1f9d45f1,  0xacfa58ab,  0x4be30393,
+    0x2030fa55, 0xad766df6,  0x88cc7691,  0xf5024c25,
+    0x4fe5d7fc, 0xc52acbd7,  0x26354480,  0xb562a38f,
+    0xdeb15a49, 0x25ba1b67,  0x45ea0e98,  0x5dfec0e1,
+    0xc32f7502, 0x814cf012,  0x8d4697a3,  0x6bd3f9c6,
+    0x38f5fe7,  0x15929c95,  0xbf6d7aeb,  0x955259da,
+    0xd4be832d, 0x587421d3,  0x49e06929,  0x8ec9c844,
+    0x75c2896a, 0xf48e7978,  0x99583e6b,  0x27b971dd,
+    0xbee14fb6, 0xf088ad17,  0xc920ac66,  0x7dce3ab4,
+    0x63df4a18, 0xe51a3182,  0x97513360,  0x62537f45,
+    0xb16477e0, 0xbb6bae84,  0xfe81a01c,  0xf9082b94,
+    0x70486858, 0x8f45fd19,  0x94de6c87,  0x527bf8b7,
+    0xab73d323, 0x724b02e2,  0xe31f8f57,  0x6655ab2a,
+    0xb2eb2807, 0x2fb5c203,  0x86c57b9a,  0xd33708a5,
+    0x302887f2, 0x23bfa5b2,  0x2036aba,   0xed16825c,
+    0x8acf1c2b, 0xa779b492,  0xf307f2f0,  0x4e69e2a1,
+    0x65daf4cd, 0x605bed5,   0xd134621f,  0xc4a6fe8a,
+    0x342e539d, 0xa2f355a0,  0x58ae132,   0xa4f6eb75,
+    0xb83ec39,  0x4060efaa,  0x5e719f06,  0xbd6e1051,
+    0x3e218af9, 0x96dd063d,  0xdd3e05ae,  0x4de6bd46,
+    0x91548db5, 0x71c45d05,  0x406d46f,   0x605015ff,
+    0x1998fb24, 0xd6bde997,  0x894043cc,  0x67d99e77,
+    0xb0e842bd, 0x7898b88,   0xe7195b38,  0x79c8eedb,
+    0xa17c0a47, 0x7c420fe9,  0xf8841ec9,  0x0,
+    0x9808683,  0x322bed48,  0x1e1170ac,  0x6c5a724e,
+    0xfd0efffb, 0xf853856,   0x3daed51e,  0x362d3927,
+    0xa0fd964,  0x685ca621,  0x9b5b54d1,  0x24362e3a,
+    0xc0a67b1,  0x9357e70f,  0xb4ee96d2,  0x1b9b919e,
+    0x80c0c54f, 0x61dc20a2,  0x5a774b69,  0x1c121a16,
+    0xe293ba0a, 0xc0a02ae5,  0x3c22e043,  0x121b171d,
+    0xe090d0b,  0xf28bc7ad,  0x2db6a8b9,  0x141ea9c8,
+    0x57f11985, 0xaf75074c,  0xee99ddbb,  0xa37f60fd,
+    0xf701269f, 0x5c72f5bc,  0x44663bc5,  0x5bfb7e34,
+    0x8b432976, 0xcb23c6dc,  0xb6edfc68,  0xb8e4f163,
+    0xd731dcca, 0x42638510,  0x13972240,  0x84c61120,
+    0x854a247d, 0xd2bb3df8,  0xaef93211,  0xc729a16d,
+    0x1d9e2f4b, 0xdcb230f3,  0xd8652ec,   0x77c1e3d0,
+    0x2bb3166c, 0xa970b999,  0x119448fa,  0x47e96422,
+    0xa8fc8cc4, 0xa0f03f1a,  0x567d2cd8,  0x223390ef,
+    0x87494ec7, 0xd938d1c1,  0x8ccaa2fe,  0x98d40b36,
+    0xa6f581cf, 0xa57ade28,  0xdab78e26,  0x3fadbfa4,
+    0x2c3a9de4, 0x5078920d,  0x6a5fcc9b,  0x547e4662,
+    0xf68d13c2, 0x90d8b8e8,  0x2e39f75e,  0x82c3aff5,
+    0x9f5d80be, 0x69d0937c,  0x6fd52da9,  0xcf2512b3,
+    0xc8ac993b, 0x10187da7,  0xe89c636e,  0xdb3bbb7b,
+    0xcd267809, 0x6e5918f4,  0xec9ab701,  0x834f9aa8,
+    0xe6956e65, 0xaaffe67e,  0x21bccf08,  0xef15e8e6,
+    0xbae79bd9, 0x4a6f36ce,  0xea9f09d4,  0x29b07cd6,
+    0x31a4b2af, 0x2a3f2331,  0xc6a59430,  0x35a266c0,
+    0x744ebc37, 0xfc82caa6,  0xe090d0b0,  0x33a7d815,
+    0xf104984a, 0x41ecdaf7,  0x7fcd500e,  0x1791f62f,
+    0x764dd68d, 0x43efb04d,  0xccaa4d54,  0xe49604df,
+    0x9ed1b5e3, 0x4c6a881b,  0xc12c1fb8,  0x4665517f,
+    0x9d5eea04, 0x18c355d,   0xfa877473,  0xfb0b412e,
+    0xb3671d5a, 0x92dbd252,  0xe9105633,  0x6dd64713,
+    0x9ad7618c, 0x37a10c7a,  0x59f8148e,  0xeb133c89,
+    0xcea927ee, 0xb761c935,  0xe11ce5ed,  0x7a47b13c,
+    0x9cd2df59, 0x55f2733f,  0x1814ce79,  0x73c737bf,
+    0x53f7cdea, 0x5ffdaa5b,  0xdf3d6f14,  0x7844db86,
+    0xcaaff381, 0xb968c43e,  0x3824342c,  0xc2a3405f,
+    0x161dc372, 0xbce2250c,  0x283c498b,  0xff0d9541,
+    0x39a80171, 0x80cb3de,   0xd8b4e49c,  0x6456c190,
+    0x7bcb8461, 0xd532b670,  0x486c5c74,  0xd0b85742
+};
+/* clang-format on */
+
+/* clang-format off */
+static const uint32_t U1[256] = {
+    0x5051f4a7, 0x537e4165,  0xc31a17a4,  0x963a275e,
+    0xcb3bab6b, 0xf11f9d45,  0xabacfa58,  0x934be303,
+    0x552030fa, 0xf6ad766d,  0x9188cc76,  0x25f5024c,
+    0xfc4fe5d7, 0xd7c52acb,  0x80263544,  0x8fb562a3,
+    0x49deb15a, 0x6725ba1b,  0x9845ea0e,  0xe15dfec0,
+    0x2c32f75,  0x12814cf0,  0xa38d4697,  0xc66bd3f9,
+    0xe7038f5f, 0x9515929c,  0xebbf6d7a,  0xda955259,
+    0x2dd4be83, 0xd3587421,  0x2949e069,  0x448ec9c8,
+    0x6a75c289, 0x78f48e79,  0x6b99583e,  0xdd27b971,
+    0xb6bee14f, 0x17f088ad,  0x66c920ac,  0xb47dce3a,
+    0x1863df4a, 0x82e51a31,  0x60975133,  0x4562537f,
+    0xe0b16477, 0x84bb6bae,  0x1cfe81a0,  0x94f9082b,
+    0x58704868, 0x198f45fd,  0x8794de6c,  0xb7527bf8,
+    0x23ab73d3, 0xe2724b02,  0x57e31f8f,  0x2a6655ab,
+    0x7b2eb28,  0x32fb5c2,   0x9a86c57b,  0xa5d33708,
+    0xf2302887, 0xb223bfa5,  0xba02036a,  0x5ced1682,
+    0x2b8acf1c, 0x92a779b4,  0xf0f307f2,  0xa14e69e2,
+    0xcd65daf4, 0xd50605be,  0x1fd13462,  0x8ac4a6fe,
+    0x9d342e53, 0xa0a2f355,  0x32058ae1,  0x75a4f6eb,
+    0x390b83ec, 0xaa4060ef,  0x65e719f,   0x51bd6e10,
+    0xf93e218a, 0x3d96dd06,  0xaedd3e05,  0x464de6bd,
+    0xb591548d, 0x571c45d,   0x6f0406d4,  0xff605015,
+    0x241998fb, 0x97d6bde9,  0xcc894043,  0x7767d99e,
+    0xbdb0e842, 0x8807898b,  0x38e7195b,  0xdb79c8ee,
+    0x47a17c0a, 0xe97c420f,  0xc9f8841e,  0x0,
+    0x83098086, 0x48322bed,  0xac1e1170,  0x4e6c5a72,
+    0xfbfd0eff, 0x560f8538,  0x1e3daed5,  0x27362d39,
+    0x640a0fd9, 0x21685ca6,  0xd19b5b54,  0x3a24362e,
+    0xb10c0a67, 0xf9357e7,   0xd2b4ee96,  0x9e1b9b91,
+    0x4f80c0c5, 0xa261dc20,  0x695a774b,  0x161c121a,
+    0xae293ba,  0xe5c0a02a,  0x433c22e0,  0x1d121b17,
+    0xb0e090d,  0xadf28bc7,  0xb92db6a8,  0xc8141ea9,
+    0x8557f119, 0x4caf7507,  0xbbee99dd,  0xfda37f60,
+    0x9ff70126, 0xbc5c72f5,  0xc544663b,  0x345bfb7e,
+    0x768b4329, 0xdccb23c6,  0x68b6edfc,  0x63b8e4f1,
+    0xcad731dc, 0x10426385,  0x40139722,  0x2084c611,
+    0x7d854a24, 0xf8d2bb3d,  0x11aef932,  0x6dc729a1,
+    0x4b1d9e2f, 0xf3dcb230,  0xec0d8652,  0xd077c1e3,
+    0x6c2bb316, 0x99a970b9,  0xfa119448,  0x2247e964,
+    0xc4a8fc8c, 0x1aa0f03f,  0xd8567d2c,  0xef223390,
+    0xc787494e, 0xc1d938d1,  0xfe8ccaa2,  0x3698d40b,
+    0xcfa6f581, 0x28a57ade,  0x26dab78e,  0xa43fadbf,
+    0xe42c3a9d, 0xd507892,   0x9b6a5fcc,  0x62547e46,
+    0xc2f68d13, 0xe890d8b8,  0x5e2e39f7,  0xf582c3af,
+    0xbe9f5d80, 0x7c69d093,  0xa96fd52d,  0xb3cf2512,
+    0x3bc8ac99, 0xa710187d,  0x6ee89c63,  0x7bdb3bbb,
+    0x9cd2678,  0xf46e5918,  0x1ec9ab7,   0xa8834f9a,
+    0x65e6956e, 0x7eaaffe6,  0x821bccf,   0xe6ef15e8,
+    0xd9bae79b, 0xce4a6f36,  0xd4ea9f09,  0xd629b07c,
+    0xaf31a4b2, 0x312a3f23,  0x30c6a594,  0xc035a266,
+    0x37744ebc, 0xa6fc82ca,  0xb0e090d0,  0x1533a7d8,
+    0x4af10498, 0xf741ecda,  0xe7fcd50,   0x2f1791f6,
+    0x8d764dd6, 0x4d43efb0,  0x54ccaa4d,  0xdfe49604,
+    0xe39ed1b5, 0x1b4c6a88,  0xb8c12c1f,  0x7f466551,
+    0x49d5eea,  0x5d018c35,  0x73fa8774,  0x2efb0b41,
+    0x5ab3671d, 0x5292dbd2,  0x33e91056,  0x136dd647,
+    0x8c9ad761, 0x7a37a10c,  0x8e59f814,  0x89eb133c,
+    0xeecea927, 0x35b761c9,  0xede11ce5,  0x3c7a47b1,
+    0x599cd2df, 0x3f55f273,  0x791814ce,  0xbf73c737,
+    0xea53f7cd, 0x5b5ffdaa,  0x14df3d6f,  0x867844db,
+    0x81caaff3, 0x3eb968c4,  0x2c382434,  0x5fc2a340,
+    0x72161dc3, 0xcbce225,   0x8b283c49,  0x41ff0d95,
+    0x7139a801, 0xde080cb3,  0x9cd8b4e4,  0x906456c1,
+    0x617bcb84, 0x70d532b6,  0x74486c5c,  0x42d0b857
+};
+/* clang-format on */
+
+/* clang-format off */
+static const uint32_t U2[256] = {
+    0xa75051f4, 0x65537e41,  0xa4c31a17,  0x5e963a27,
+    0x6bcb3bab, 0x45f11f9d,  0x58abacfa,  0x3934be3,
+    0xfa552030, 0x6df6ad76,  0x769188cc,  0x4c25f502,
+    0xd7fc4fe5, 0xcbd7c52a,  0x44802635,  0xa38fb562,
+    0x5a49deb1, 0x1b6725ba,  0xe9845ea,   0xc0e15dfe,
+    0x7502c32f, 0xf012814c,  0x97a38d46,  0xf9c66bd3,
+    0x5fe7038f, 0x9c951592,  0x7aebbf6d,  0x59da9552,
+    0x832dd4be, 0x21d35874,  0x692949e0,  0xc8448ec9,
+    0x896a75c2, 0x7978f48e,  0x3e6b9958,  0x71dd27b9,
+    0x4fb6bee1, 0xad17f088,  0xac66c920,  0x3ab47dce,
+    0x4a1863df, 0x3182e51a,  0x33609751,  0x7f456253,
+    0x77e0b164, 0xae84bb6b,  0xa01cfe81,  0x2b94f908,
+    0x68587048, 0xfd198f45,  0x6c8794de,  0xf8b7527b,
+    0xd323ab73, 0x2e2724b,   0x8f57e31f,  0xab2a6655,
+    0x2807b2eb, 0xc2032fb5,  0x7b9a86c5,  0x8a5d337,
+    0x87f23028, 0xa5b223bf,  0x6aba0203,  0x825ced16,
+    0x1c2b8acf, 0xb492a779,  0xf2f0f307,  0xe2a14e69,
+    0xf4cd65da, 0xbed50605,  0x621fd134,  0xfe8ac4a6,
+    0x539d342e, 0x55a0a2f3,  0xe132058a,  0xeb75a4f6,
+    0xec390b83, 0xefaa4060,  0x9f065e71,  0x1051bd6e,
+    0x8af93e21, 0x63d96dd,   0x5aedd3e,   0xbd464de6,
+    0x8db59154, 0x5d0571c4,  0xd46f0406,  0x15ff6050,
+    0xfb241998, 0xe997d6bd,  0x43cc8940,  0x9e7767d9,
+    0x42bdb0e8, 0x8b880789,  0x5b38e719,  0xeedb79c8,
+    0xa47a17c,  0xfe97c42,   0x1ec9f884,  0x0,
+    0x86830980, 0xed48322b,  0x70ac1e11,  0x724e6c5a,
+    0xfffbfd0e, 0x38560f85,  0xd51e3dae,  0x3927362d,
+    0xd9640a0f, 0xa621685c,  0x54d19b5b,  0x2e3a2436,
+    0x67b10c0a, 0xe70f9357,  0x96d2b4ee,  0x919e1b9b,
+    0xc54f80c0, 0x20a261dc,  0x4b695a77,  0x1a161c12,
+    0xba0ae293, 0x2ae5c0a0,  0xe0433c22,  0x171d121b,
+    0xd0b0e09,  0xc7adf28b,  0xa8b92db6,  0xa9c8141e,
+    0x198557f1, 0x74caf75,   0xddbbee99,  0x60fda37f,
+    0x269ff701, 0xf5bc5c72,  0x3bc54466,  0x7e345bfb,
+    0x29768b43, 0xc6dccb23,  0xfc68b6ed,  0xf163b8e4,
+    0xdccad731, 0x85104263,  0x22401397,  0x112084c6,
+    0x247d854a, 0x3df8d2bb,  0x3211aef9,  0xa16dc729,
+    0x2f4b1d9e, 0x30f3dcb2,  0x52ec0d86,  0xe3d077c1,
+    0x166c2bb3, 0xb999a970,  0x48fa1194,  0x642247e9,
+    0x8cc4a8fc, 0x3f1aa0f0,  0x2cd8567d,  0x90ef2233,
+    0x4ec78749, 0xd1c1d938,  0xa2fe8cca,  0xb3698d4,
+    0x81cfa6f5, 0xde28a57a,  0x8e26dab7,  0xbfa43fad,
+    0x9de42c3a, 0x920d5078,  0xcc9b6a5f,  0x4662547e,
+    0x13c2f68d, 0xb8e890d8,  0xf75e2e39,  0xaff582c3,
+    0x80be9f5d, 0x937c69d0,  0x2da96fd5,  0x12b3cf25,
+    0x993bc8ac, 0x7da71018,  0x636ee89c,  0xbb7bdb3b,
+    0x7809cd26, 0x18f46e59,  0xb701ec9a,  0x9aa8834f,
+    0x6e65e695, 0xe67eaaff,  0xcf0821bc,  0xe8e6ef15,
+    0x9bd9bae7, 0x36ce4a6f,  0x9d4ea9f,   0x7cd629b0,
+    0xb2af31a4, 0x23312a3f,  0x9430c6a5,  0x66c035a2,
+    0xbc37744e, 0xcaa6fc82,  0xd0b0e090,  0xd81533a7,
+    0x984af104, 0xdaf741ec,  0x500e7fcd,  0xf62f1791,
+    0xd68d764d, 0xb04d43ef,  0x4d54ccaa,  0x4dfe496,
+    0xb5e39ed1, 0x881b4c6a,  0x1fb8c12c,  0x517f4665,
+    0xea049d5e, 0x355d018c,  0x7473fa87,  0x412efb0b,
+    0x1d5ab367, 0xd25292db,  0x5633e910,  0x47136dd6,
+    0x618c9ad7, 0xc7a37a1,   0x148e59f8,  0x3c89eb13,
+    0x27eecea9, 0xc935b761,  0xe5ede11c,  0xb13c7a47,
+    0xdf599cd2, 0x733f55f2,  0xce791814,  0x37bf73c7,
+    0xcdea53f7, 0xaa5b5ffd,  0x6f14df3d,  0xdb867844,
+    0xf381caaf, 0xc43eb968,  0x342c3824,  0x405fc2a3,
+    0xc372161d, 0x250cbce2,  0x498b283c,  0x9541ff0d,
+    0x17139a8,  0xb3de080c,  0xe49cd8b4,  0xc1906456,
+    0x84617bcb, 0xb670d532,  0x5c74486c,  0x5742d0b8
+};
+/* clang-format on */
+
+/* clang-format off */
+static const uint32_t U3[256] = {
+    0xf4a75051, 0x4165537e,  0x17a4c31a,  0x275e963a,
+    0xab6bcb3b, 0x9d45f11f,  0xfa58abac,  0xe303934b,
+    0x30fa5520, 0x766df6ad,  0xcc769188,  0x24c25f5,
+    0xe5d7fc4f, 0x2acbd7c5,  0x35448026,  0x62a38fb5,
+    0xb15a49de, 0xba1b6725,  0xea0e9845,  0xfec0e15d,
+    0x2f7502c3, 0x4cf01281,  0x4697a38d,  0xd3f9c66b,
+    0x8f5fe703, 0x929c9515,  0x6d7aebbf,  0x5259da95,
+    0xbe832dd4, 0x7421d358,  0xe0692949,  0xc9c8448e,
+    0xc2896a75, 0x8e7978f4,  0x583e6b99,  0xb971dd27,
+    0xe14fb6be, 0x88ad17f0,  0x20ac66c9,  0xce3ab47d,
+    0xdf4a1863, 0x1a3182e5,  0x51336097,  0x537f4562,
+    0x6477e0b1, 0x6bae84bb,  0x81a01cfe,  0x82b94f9,
+    0x48685870, 0x45fd198f,  0xde6c8794,  0x7bf8b752,
+    0x73d323ab, 0x4b02e272,  0x1f8f57e3,  0x55ab2a66,
+    0xeb2807b2, 0xb5c2032f,  0xc57b9a86,  0x3708a5d3,
+    0x2887f230, 0xbfa5b223,  0x36aba02,   0x16825ced,
+    0xcf1c2b8a, 0x79b492a7,  0x7f2f0f3,   0x69e2a14e,
+    0xdaf4cd65, 0x5bed506,   0x34621fd1,  0xa6fe8ac4,
+    0x2e539d34, 0xf355a0a2,  0x8ae13205,  0xf6eb75a4,
+    0x83ec390b, 0x60efaa40,  0x719f065e,  0x6e1051bd,
+    0x218af93e, 0xdd063d96,  0x3e05aedd,  0xe6bd464d,
+    0x548db591, 0xc45d0571,  0x6d46f04,   0x5015ff60,
+    0x98fb2419, 0xbde997d6,  0x4043cc89,  0xd99e7767,
+    0xe842bdb0, 0x898b8807,  0x195b38e7,  0xc8eedb79,
+    0x7c0a47a1, 0x420fe97c,  0x841ec9f8,  0x0,
+    0x80868309, 0x2bed4832,  0x1170ac1e,  0x5a724e6c,
+    0xefffbfd,  0x8538560f,  0xaed51e3d,  0x2d392736,
+    0xfd9640a,  0x5ca62168,  0x5b54d19b,  0x362e3a24,
+    0xa67b10c,  0x57e70f93,  0xee96d2b4,  0x9b919e1b,
+    0xc0c54f80, 0xdc20a261,  0x774b695a,  0x121a161c,
+    0x93ba0ae2, 0xa02ae5c0,  0x22e0433c,  0x1b171d12,
+    0x90d0b0e,  0x8bc7adf2,  0xb6a8b92d,  0x1ea9c814,
+    0xf1198557, 0x75074caf,  0x99ddbbee,  0x7f60fda3,
+    0x1269ff7,  0x72f5bc5c,  0x663bc544,  0xfb7e345b,
+    0x4329768b, 0x23c6dccb,  0xedfc68b6,  0xe4f163b8,
+    0x31dccad7, 0x63851042,  0x97224013,  0xc6112084,
+    0x4a247d85, 0xbb3df8d2,  0xf93211ae,  0x29a16dc7,
+    0x9e2f4b1d, 0xb230f3dc,  0x8652ec0d,  0xc1e3d077,
+    0xb3166c2b, 0x70b999a9,  0x9448fa11,  0xe9642247,
+    0xfc8cc4a8, 0xf03f1aa0,  0x7d2cd856,  0x3390ef22,
+    0x494ec787, 0x38d1c1d9,  0xcaa2fe8c,  0xd40b3698,
+    0xf581cfa6, 0x7ade28a5,  0xb78e26da,  0xadbfa43f,
+    0x3a9de42c, 0x78920d50,  0x5fcc9b6a,  0x7e466254,
+    0x8d13c2f6, 0xd8b8e890,  0x39f75e2e,  0xc3aff582,
+    0x5d80be9f, 0xd0937c69,  0xd52da96f,  0x2512b3cf,
+    0xac993bc8, 0x187da710,  0x9c636ee8,  0x3bbb7bdb,
+    0x267809cd, 0x5918f46e,  0x9ab701ec,  0x4f9aa883,
+    0x956e65e6, 0xffe67eaa,  0xbccf0821,  0x15e8e6ef,
+    0xe79bd9ba, 0x6f36ce4a,  0x9f09d4ea,  0xb07cd629,
+    0xa4b2af31, 0x3f23312a,  0xa59430c6,  0xa266c035,
+    0x4ebc3774, 0x82caa6fc,  0x90d0b0e0,  0xa7d81533,
+    0x4984af1,  0xecdaf741,  0xcd500e7f,  0x91f62f17,
+    0x4dd68d76, 0xefb04d43,  0xaa4d54cc,  0x9604dfe4,
+    0xd1b5e39e, 0x6a881b4c,  0x2c1fb8c1,  0x65517f46,
+    0x5eea049d, 0x8c355d01,  0x877473fa,  0xb412efb,
+    0x671d5ab3, 0xdbd25292,  0x105633e9,  0xd647136d,
+    0xd7618c9a, 0xa10c7a37,  0xf8148e59,  0x133c89eb,
+    0xa927eece, 0x61c935b7,  0x1ce5ede1,  0x47b13c7a,
+    0xd2df599c, 0xf2733f55,  0x14ce7918,  0xc737bf73,
+    0xf7cdea53, 0xfdaa5b5f,  0x3d6f14df,  0x44db8678,
+    0xaff381ca, 0x68c43eb9,  0x24342c38,  0xa3405fc2,
+    0x1dc37216, 0xe2250cbc,  0x3c498b28,  0xd9541ff,
+    0xa8017139, 0xcb3de08,   0xb4e49cd8,  0x56c19064,
+    0xcb84617b, 0x32b670d5,  0x6c5c7448,  0xb85742d0
+};
+/* clang-format on */
+#endif
+
+/*
+ * the following tables (aes_sbox, aes_inv_sbox, T4, U4) are
+ * endian-neutral
+ */
+/* clang-format off */
+static const uint8_t aes_sbox[256] = {
+    0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5,
+    0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
+    0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
+    0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
+    0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc,
+    0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
+    0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a,
+    0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
+    0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,
+    0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
+    0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b,
+    0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
+    0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85,
+    0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
+    0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,
+    0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
+    0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17,
+    0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
+    0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88,
+    0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
+    0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c,
+    0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
+    0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9,
+    0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
+    0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6,
+    0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
+    0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,
+    0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
+    0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94,
+    0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
+    0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68,
+    0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
+};
+/* clang-format on */
+
+#ifndef CPU_RISC
+/* clang-format off */
+static const uint8_t aes_inv_sbox[256] = {
+    0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38,
+    0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb,
+    0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87,
+    0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb,
+    0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d,
+    0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e,
+    0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2,
+    0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25,
+    0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16,
+    0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92,
+    0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda,
+    0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84,
+    0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a,
+    0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06,
+    0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02,
+    0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b,
+    0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea,
+    0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73,
+    0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85,
+    0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e,
+    0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89,
+    0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b,
+    0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20,
+    0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4,
+    0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31,
+    0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f,
+    0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d,
+    0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef,
+    0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0,
+    0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61,
+    0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26,
+    0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
+};
+/* clang-format on */
+#endif /* ! CPU_RISC */
+
+#ifdef CPU_RISC
+/* clang-format off */
+static const uint32_t T4[256] = {
+    0x63636363, 0x7c7c7c7c, 0x77777777, 0x7b7b7b7b,
+    0xf2f2f2f2, 0x6b6b6b6b, 0x6f6f6f6f, 0xc5c5c5c5,
+    0x30303030, 0x01010101, 0x67676767, 0x2b2b2b2b,
+    0xfefefefe, 0xd7d7d7d7, 0xabababab, 0x76767676,
+    0xcacacaca, 0x82828282, 0xc9c9c9c9, 0x7d7d7d7d,
+    0xfafafafa, 0x59595959, 0x47474747, 0xf0f0f0f0,
+    0xadadadad, 0xd4d4d4d4, 0xa2a2a2a2, 0xafafafaf,
+    0x9c9c9c9c, 0xa4a4a4a4, 0x72727272, 0xc0c0c0c0,
+    0xb7b7b7b7, 0xfdfdfdfd, 0x93939393, 0x26262626,
+    0x36363636, 0x3f3f3f3f, 0xf7f7f7f7, 0xcccccccc,
+    0x34343434, 0xa5a5a5a5, 0xe5e5e5e5, 0xf1f1f1f1,
+    0x71717171, 0xd8d8d8d8, 0x31313131, 0x15151515,
+    0x04040404, 0xc7c7c7c7, 0x23232323, 0xc3c3c3c3,
+    0x18181818, 0x96969696, 0x05050505, 0x9a9a9a9a,
+    0x07070707, 0x12121212, 0x80808080, 0xe2e2e2e2,
+    0xebebebeb, 0x27272727, 0xb2b2b2b2, 0x75757575,
+    0x09090909, 0x83838383, 0x2c2c2c2c, 0x1a1a1a1a,
+    0x1b1b1b1b, 0x6e6e6e6e, 0x5a5a5a5a, 0xa0a0a0a0,
+    0x52525252, 0x3b3b3b3b, 0xd6d6d6d6, 0xb3b3b3b3,
+    0x29292929, 0xe3e3e3e3, 0x2f2f2f2f, 0x84848484,
+    0x53535353, 0xd1d1d1d1, 0x00000000, 0xedededed,
+    0x20202020, 0xfcfcfcfc, 0xb1b1b1b1, 0x5b5b5b5b,
+    0x6a6a6a6a, 0xcbcbcbcb, 0xbebebebe, 0x39393939,
+    0x4a4a4a4a, 0x4c4c4c4c, 0x58585858, 0xcfcfcfcf,
+    0xd0d0d0d0, 0xefefefef, 0xaaaaaaaa, 0xfbfbfbfb,
+    0x43434343, 0x4d4d4d4d, 0x33333333, 0x85858585,
+    0x45454545, 0xf9f9f9f9, 0x02020202, 0x7f7f7f7f,
+    0x50505050, 0x3c3c3c3c, 0x9f9f9f9f, 0xa8a8a8a8,
+    0x51515151, 0xa3a3a3a3, 0x40404040, 0x8f8f8f8f,
+    0x92929292, 0x9d9d9d9d, 0x38383838, 0xf5f5f5f5,
+    0xbcbcbcbc, 0xb6b6b6b6, 0xdadadada, 0x21212121,
+    0x10101010, 0xffffffff, 0xf3f3f3f3, 0xd2d2d2d2,
+    0xcdcdcdcd, 0x0c0c0c0c, 0x13131313, 0xecececec,
+    0x5f5f5f5f, 0x97979797, 0x44444444, 0x17171717,
+    0xc4c4c4c4, 0xa7a7a7a7, 0x7e7e7e7e, 0x3d3d3d3d,
+    0x64646464, 0x5d5d5d5d, 0x19191919, 0x73737373,
+    0x60606060, 0x81818181, 0x4f4f4f4f, 0xdcdcdcdc,
+    0x22222222, 0x2a2a2a2a, 0x90909090, 0x88888888,
+    0x46464646, 0xeeeeeeee, 0xb8b8b8b8, 0x14141414,
+    0xdededede, 0x5e5e5e5e, 0x0b0b0b0b, 0xdbdbdbdb,
+    0xe0e0e0e0, 0x32323232, 0x3a3a3a3a, 0x0a0a0a0a,
+    0x49494949, 0x06060606, 0x24242424, 0x5c5c5c5c,
+    0xc2c2c2c2, 0xd3d3d3d3, 0xacacacac, 0x62626262,
+    0x91919191, 0x95959595, 0xe4e4e4e4, 0x79797979,
+    0xe7e7e7e7, 0xc8c8c8c8, 0x37373737, 0x6d6d6d6d,
+    0x8d8d8d8d, 0xd5d5d5d5, 0x4e4e4e4e, 0xa9a9a9a9,
+    0x6c6c6c6c, 0x56565656, 0xf4f4f4f4, 0xeaeaeaea,
+    0x65656565, 0x7a7a7a7a, 0xaeaeaeae, 0x08080808,
+    0xbabababa, 0x78787878, 0x25252525, 0x2e2e2e2e,
+    0x1c1c1c1c, 0xa6a6a6a6, 0xb4b4b4b4, 0xc6c6c6c6,
+    0xe8e8e8e8, 0xdddddddd, 0x74747474, 0x1f1f1f1f,
+    0x4b4b4b4b, 0xbdbdbdbd, 0x8b8b8b8b, 0x8a8a8a8a,
+    0x70707070, 0x3e3e3e3e, 0xb5b5b5b5, 0x66666666,
+    0x48484848, 0x03030303, 0xf6f6f6f6, 0x0e0e0e0e,
+    0x61616161, 0x35353535, 0x57575757, 0xb9b9b9b9,
+    0x86868686, 0xc1c1c1c1, 0x1d1d1d1d, 0x9e9e9e9e,
+    0xe1e1e1e1, 0xf8f8f8f8, 0x98989898, 0x11111111,
+    0x69696969, 0xd9d9d9d9, 0x8e8e8e8e, 0x94949494,
+    0x9b9b9b9b, 0x1e1e1e1e, 0x87878787, 0xe9e9e9e9,
+    0xcececece, 0x55555555, 0x28282828, 0xdfdfdfdf,
+    0x8c8c8c8c, 0xa1a1a1a1, 0x89898989, 0x0d0d0d0d,
+    0xbfbfbfbf, 0xe6e6e6e6, 0x42424242, 0x68686868,
+    0x41414141, 0x99999999, 0x2d2d2d2d, 0x0f0f0f0f,
+    0xb0b0b0b0, 0x54545454, 0xbbbbbbbb, 0x16161616
+};
+/* clang-format on */
+
+/* clang-format off */
+static const uint32_t U4[256] = {
+    0x52525252, 0x9090909,   0x6a6a6a6a,  0xd5d5d5d5,
+    0x30303030, 0x36363636,  0xa5a5a5a5,  0x38383838,
+    0xbfbfbfbf, 0x40404040,  0xa3a3a3a3,  0x9e9e9e9e,
+    0x81818181, 0xf3f3f3f3,  0xd7d7d7d7,  0xfbfbfbfb,
+    0x7c7c7c7c, 0xe3e3e3e3,  0x39393939,  0x82828282,
+    0x9b9b9b9b, 0x2f2f2f2f,  0xffffffff,  0x87878787,
+    0x34343434, 0x8e8e8e8e,  0x43434343,  0x44444444,
+    0xc4c4c4c4, 0xdededede,  0xe9e9e9e9,  0xcbcbcbcb,
+    0x54545454, 0x7b7b7b7b,  0x94949494,  0x32323232,
+    0xa6a6a6a6, 0xc2c2c2c2,  0x23232323,  0x3d3d3d3d,
+    0xeeeeeeee, 0x4c4c4c4c,  0x95959595,  0xb0b0b0b,
+    0x42424242, 0xfafafafa,  0xc3c3c3c3,  0x4e4e4e4e,
+    0x8080808,  0x2e2e2e2e,  0xa1a1a1a1,  0x66666666,
+    0x28282828, 0xd9d9d9d9,  0x24242424,  0xb2b2b2b2,
+    0x76767676, 0x5b5b5b5b,  0xa2a2a2a2,  0x49494949,
+    0x6d6d6d6d, 0x8b8b8b8b,  0xd1d1d1d1,  0x25252525,
+    0x72727272, 0xf8f8f8f8,  0xf6f6f6f6,  0x64646464,
+    0x86868686, 0x68686868,  0x98989898,  0x16161616,
+    0xd4d4d4d4, 0xa4a4a4a4,  0x5c5c5c5c,  0xcccccccc,
+    0x5d5d5d5d, 0x65656565,  0xb6b6b6b6,  0x92929292,
+    0x6c6c6c6c, 0x70707070,  0x48484848,  0x50505050,
+    0xfdfdfdfd, 0xedededed,  0xb9b9b9b9,  0xdadadada,
+    0x5e5e5e5e, 0x15151515,  0x46464646,  0x57575757,
+    0xa7a7a7a7, 0x8d8d8d8d,  0x9d9d9d9d,  0x84848484,
+    0x90909090, 0xd8d8d8d8,  0xabababab,  0x0,
+    0x8c8c8c8c, 0xbcbcbcbc,  0xd3d3d3d3,  0xa0a0a0a,
+    0xf7f7f7f7, 0xe4e4e4e4,  0x58585858,  0x5050505,
+    0xb8b8b8b8, 0xb3b3b3b3,  0x45454545,  0x6060606,
+    0xd0d0d0d0, 0x2c2c2c2c,  0x1e1e1e1e,  0x8f8f8f8f,
+    0xcacacaca, 0x3f3f3f3f,  0xf0f0f0f,   0x2020202,
+    0xc1c1c1c1, 0xafafafaf,  0xbdbdbdbd,  0x3030303,
+    0x1010101,  0x13131313,  0x8a8a8a8a,  0x6b6b6b6b,
+    0x3a3a3a3a, 0x91919191,  0x11111111,  0x41414141,
+    0x4f4f4f4f, 0x67676767,  0xdcdcdcdc,  0xeaeaeaea,
+    0x97979797, 0xf2f2f2f2,  0xcfcfcfcf,  0xcececece,
+    0xf0f0f0f0, 0xb4b4b4b4,  0xe6e6e6e6,  0x73737373,
+    0x96969696, 0xacacacac,  0x74747474,  0x22222222,
+    0xe7e7e7e7, 0xadadadad,  0x35353535,  0x85858585,
+    0xe2e2e2e2, 0xf9f9f9f9,  0x37373737,  0xe8e8e8e8,
+    0x1c1c1c1c, 0x75757575,  0xdfdfdfdf,  0x6e6e6e6e,
+    0x47474747, 0xf1f1f1f1,  0x1a1a1a1a,  0x71717171,
+    0x1d1d1d1d, 0x29292929,  0xc5c5c5c5,  0x89898989,
+    0x6f6f6f6f, 0xb7b7b7b7,  0x62626262,  0xe0e0e0e,
+    0xaaaaaaaa, 0x18181818,  0xbebebebe,  0x1b1b1b1b,
+    0xfcfcfcfc, 0x56565656,  0x3e3e3e3e,  0x4b4b4b4b,
+    0xc6c6c6c6, 0xd2d2d2d2,  0x79797979,  0x20202020,
+    0x9a9a9a9a, 0xdbdbdbdb,  0xc0c0c0c0,  0xfefefefe,
+    0x78787878, 0xcdcdcdcd,  0x5a5a5a5a,  0xf4f4f4f4,
+    0x1f1f1f1f, 0xdddddddd,  0xa8a8a8a8,  0x33333333,
+    0x88888888, 0x7070707,   0xc7c7c7c7,  0x31313131,
+    0xb1b1b1b1, 0x12121212,  0x10101010,  0x59595959,
+    0x27272727, 0x80808080,  0xecececec,  0x5f5f5f5f,
+    0x60606060, 0x51515151,  0x7f7f7f7f,  0xa9a9a9a9,
+    0x19191919, 0xb5b5b5b5,  0x4a4a4a4a,  0xd0d0d0d,
+    0x2d2d2d2d, 0xe5e5e5e5,  0x7a7a7a7a,  0x9f9f9f9f,
+    0x93939393, 0xc9c9c9c9,  0x9c9c9c9c,  0xefefefef,
+    0xa0a0a0a0, 0xe0e0e0e0,  0x3b3b3b3b,  0x4d4d4d4d,
+    0xaeaeaeae, 0x2a2a2a2a,  0xf5f5f5f5,  0xb0b0b0b0,
+    0xc8c8c8c8, 0xebebebeb,  0xbbbbbbbb,  0x3c3c3c3c,
+    0x83838383, 0x53535353,  0x99999999,  0x61616161,
+    0x17171717, 0x2b2b2b2b,  0x4040404,   0x7e7e7e7e,
+    0xbabababa, 0x77777777,  0xd6d6d6d6,  0x26262626,
+    0xe1e1e1e1, 0x69696969,  0x14141414,  0x63636363,
+    0x55555555, 0x21212121,  0xc0c0c0c,   0x7d7d7d7d
+};
+/* clang-format on */
+#endif /* CPU_RISC */
+
+#define gf2_8_field_polynomial 0x1B
+/*
+ * gf2_8_shift(z) returns the result of the GF(2^8) 'multiply by x'
+ * operation, using the field representation from AES; that is, the
+ * next gf2_8 value in the cyclic representation of that field.  The
+ * value z should be an uint8_t.
+ */
+#define gf2_8_shift(z)                                                         \
+    (((z)&128) ? (((z) << 1) ^ gf2_8_field_polynomial) : ((z) << 1))
+
+/* aes internals */
+
+static void aes_128_expand_encryption_key(const uint8_t *key,
+                                          srtp_aes_expanded_key_t *expanded_key)
+{
+    int i;
+    uint8_t rc;
+
+    /* initialize round constant */
+    rc = 1;
+
+    expanded_key->num_rounds = 10;
+
+    v128_copy_octet_string(&expanded_key->round[0], key);
+
+#if 0
+    debug_print(srtp_mod_aes_icm,
+                "expanded key[0]:  %s", v128_hex_string(&expanded_key->round[0]));
+#endif
+
+    /* loop over round keys */
+    for (i = 1; i < 11; i++) {
+        /* munge first word of round key */
+        expanded_key->round[i].v8[0] =
+            aes_sbox[expanded_key->round[i - 1].v8[13]] ^ rc;
+        expanded_key->round[i].v8[1] =
+            aes_sbox[expanded_key->round[i - 1].v8[14]];
+        expanded_key->round[i].v8[2] =
+            aes_sbox[expanded_key->round[i - 1].v8[15]];
+        expanded_key->round[i].v8[3] =
+            aes_sbox[expanded_key->round[i - 1].v8[12]];
+
+        expanded_key->round[i].v32[0] ^= expanded_key->round[i - 1].v32[0];
+
+        /* set remaining 32 bit words to the exor of the one previous with
+         * the one four words previous */
+
+        expanded_key->round[i].v32[1] =
+            expanded_key->round[i].v32[0] ^ expanded_key->round[i - 1].v32[1];
+
+        expanded_key->round[i].v32[2] =
+            expanded_key->round[i].v32[1] ^ expanded_key->round[i - 1].v32[2];
+
+        expanded_key->round[i].v32[3] =
+            expanded_key->round[i].v32[2] ^ expanded_key->round[i - 1].v32[3];
+
+#if 0
+        debug_print2(srtp_mod_aes_icm,
+                     "expanded key[%d]:  %s", i, v128_hex_string(&expanded_key->round[i]));
+#endif
+
+        /* modify round constant */
+        rc = gf2_8_shift(rc);
+    }
+}
+
+static void aes_256_expand_encryption_key(const unsigned char *key,
+                                          srtp_aes_expanded_key_t *expanded_key)
+{
+    int i;
+    uint8_t rc;
+
+    /* initialize round constant */
+    rc = 1;
+
+    expanded_key->num_rounds = 14;
+
+    v128_copy_octet_string(&expanded_key->round[0], key);
+    v128_copy_octet_string(&expanded_key->round[1], key + 16);
+
+#if 0
+    debug_print(srtp_mod_aes_icm,
+                "expanded key[0]:  %s", v128_hex_string(&expanded_key->round[0]));
+    debug_print(srtp_mod_aes_icm,
+                "expanded key[1]:  %s", v128_hex_string(&expanded_key->round[1]));
+#endif
+
+    /* loop over rest of round keys */
+    for (i = 2; i < 15; i++) {
+        /* munge first word of round key */
+        if ((i & 1) == 0) {
+            expanded_key->round[i].v8[0] =
+                aes_sbox[expanded_key->round[i - 1].v8[13]] ^ rc;
+            expanded_key->round[i].v8[1] =
+                aes_sbox[expanded_key->round[i - 1].v8[14]];
+            expanded_key->round[i].v8[2] =
+                aes_sbox[expanded_key->round[i - 1].v8[15]];
+            expanded_key->round[i].v8[3] =
+                aes_sbox[expanded_key->round[i - 1].v8[12]];
+
+            /* modify round constant */
+            rc = gf2_8_shift(rc);
+        } else {
+            expanded_key->round[i].v8[0] =
+                aes_sbox[expanded_key->round[i - 1].v8[12]];
+            expanded_key->round[i].v8[1] =
+                aes_sbox[expanded_key->round[i - 1].v8[13]];
+            expanded_key->round[i].v8[2] =
+                aes_sbox[expanded_key->round[i - 1].v8[14]];
+            expanded_key->round[i].v8[3] =
+                aes_sbox[expanded_key->round[i - 1].v8[15]];
+        }
+
+        expanded_key->round[i].v32[0] ^= expanded_key->round[i - 2].v32[0];
+
+        /* set remaining 32 bit words to the exor of the one previous with
+         * the one eight words previous */
+
+        expanded_key->round[i].v32[1] =
+            expanded_key->round[i].v32[0] ^ expanded_key->round[i - 2].v32[1];
+
+        expanded_key->round[i].v32[2] =
+            expanded_key->round[i].v32[1] ^ expanded_key->round[i - 2].v32[2];
+
+        expanded_key->round[i].v32[3] =
+            expanded_key->round[i].v32[2] ^ expanded_key->round[i - 2].v32[3];
+
+#if 0
+        debug_print2(srtp_mod_aes_icm,
+                     "expanded key[%d]:  %s", i, v128_hex_string(&expanded_key->round[i]));
+#endif
+    }
+}
+
+srtp_err_status_t srtp_aes_expand_encryption_key(
+    const uint8_t *key,
+    int key_len,
+    srtp_aes_expanded_key_t *expanded_key)
+{
+    if (key_len == 16) {
+        aes_128_expand_encryption_key(key, expanded_key);
+        return srtp_err_status_ok;
+    } else if (key_len == 24) {
+        /* AES-192 not yet supported */
+        return srtp_err_status_bad_param;
+    } else if (key_len == 32) {
+        aes_256_expand_encryption_key(key, expanded_key);
+        return srtp_err_status_ok;
+    } else {
+        return srtp_err_status_bad_param;
+    }
+}
+
+srtp_err_status_t srtp_aes_expand_decryption_key(
+    const uint8_t *key,
+    int key_len,
+    srtp_aes_expanded_key_t *expanded_key)
+{
+    int i;
+    srtp_err_status_t status;
+    int num_rounds = expanded_key->num_rounds;
+
+    status = srtp_aes_expand_encryption_key(key, key_len, expanded_key);
+    if (status) {
+        return status;
+    }
+
+    /* invert the order of the round keys */
+    for (i = 0; i < num_rounds / 2; i++) {
+        v128_t tmp;
+        v128_copy(&tmp, &expanded_key->round[num_rounds - i]);
+        v128_copy(&expanded_key->round[num_rounds - i],
+                  &expanded_key->round[i]);
+        v128_copy(&expanded_key->round[i], &tmp);
+    }
+
+    /*
+     * apply the inverse mixColumn transform to the round keys (except
+     * for the first and the last)
+     *
+     * mixColumn is implemented by using the tables U0, U1, U2, U3,
+     * followed by the T4 table (which cancels out the use of the sbox
+     * in the U-tables)
+     */
+    for (i = 1; i < num_rounds; i++) {
+#ifdef CPU_RISC
+        uint32_t tmp;
+
+#ifdef WORDS_BIGENDIAN
+        /* clang-format off */
+        tmp = expanded_key->round[i].v32[0];
+        expanded_key->round[i].v32[0] =
+            U0[T4[(tmp >> 24)       ] & 0xff] ^
+            U1[T4[(tmp >> 16) & 0xff] & 0xff] ^
+            U2[T4[(tmp >> 8)  & 0xff] & 0xff] ^
+            U3[T4[(tmp)       & 0xff] & 0xff];
+
+        tmp = expanded_key->round[i].v32[1];
+        expanded_key->round[i].v32[1] =
+            U0[T4[(tmp >> 24)       ] & 0xff] ^
+            U1[T4[(tmp >> 16) & 0xff] & 0xff] ^
+            U2[T4[(tmp >> 8)  & 0xff] & 0xff] ^
+            U3[T4[(tmp)       & 0xff] & 0xff];
+
+        tmp = expanded_key->round[i].v32[2];
+        expanded_key->round[i].v32[2] =
+            U0[T4[(tmp >> 24)       ] & 0xff] ^
+            U1[T4[(tmp >> 16) & 0xff] & 0xff] ^
+            U2[T4[(tmp >> 8)  & 0xff] & 0xff] ^
+            U3[T4[(tmp)       & 0xff] & 0xff];
+
+        tmp = expanded_key->round[i].v32[3];
+        expanded_key->round[i].v32[3] =
+            U0[T4[(tmp >> 24)       ] & 0xff] ^
+            U1[T4[(tmp >> 16) & 0xff] & 0xff] ^
+            U2[T4[(tmp >> 8)  & 0xff] & 0xff] ^
+            U3[T4[(tmp)       & 0xff] & 0xff];
+#else
+        tmp = expanded_key->round[i].v32[0];
+        expanded_key->round[i].v32[0] =
+            U3[T4[(tmp >> 24)       ] & 0xff] ^
+            U2[T4[(tmp >> 16) & 0xff] & 0xff] ^
+            U1[T4[(tmp >> 8)  & 0xff] & 0xff] ^
+            U0[T4[(tmp)       & 0xff] & 0xff];
+
+        tmp = expanded_key->round[i].v32[1];
+        expanded_key->round[i].v32[1] =
+            U3[T4[(tmp >> 24)       ] & 0xff] ^
+            U2[T4[(tmp >> 16) & 0xff] & 0xff] ^
+            U1[T4[(tmp >> 8)  & 0xff] & 0xff] ^
+            U0[T4[(tmp)       & 0xff] & 0xff];
+
+        tmp = expanded_key->round[i].v32[2];
+        expanded_key->round[i].v32[2] =
+            U3[T4[(tmp >> 24)       ] & 0xff] ^
+            U2[T4[(tmp >> 16) & 0xff] & 0xff] ^
+            U1[T4[(tmp >> 8)  & 0xff] & 0xff] ^
+            U0[T4[(tmp)       & 0xff] & 0xff];
+
+        tmp = expanded_key->round[i].v32[3];
+        expanded_key->round[i].v32[3] =
+            U3[T4[(tmp >> 24)       ] & 0xff] ^
+            U2[T4[(tmp >> 16) & 0xff] & 0xff] ^
+            U1[T4[(tmp >> 8)  & 0xff] & 0xff] ^
+            U0[T4[(tmp)       & 0xff] & 0xff];
+/* clang-format on */
+#endif /* WORDS_BIGENDIAN */
+
+#else /* assume CPU_CISC */
+
+        uint32_t c0, c1, c2, c3;
+
+        c0 = U0[aes_sbox[expanded_key->round[i].v8[0]]] ^
+             U1[aes_sbox[expanded_key->round[i].v8[1]]] ^
+             U2[aes_sbox[expanded_key->round[i].v8[2]]] ^
+             U3[aes_sbox[expanded_key->round[i].v8[3]]];
+
+        c1 = U0[aes_sbox[expanded_key->round[i].v8[4]]] ^
+             U1[aes_sbox[expanded_key->round[i].v8[5]]] ^
+             U2[aes_sbox[expanded_key->round[i].v8[6]]] ^
+             U3[aes_sbox[expanded_key->round[i].v8[7]]];
+
+        c2 = U0[aes_sbox[expanded_key->round[i].v8[8]]] ^
+             U1[aes_sbox[expanded_key->round[i].v8[9]]] ^
+             U2[aes_sbox[expanded_key->round[i].v8[10]]] ^
+             U3[aes_sbox[expanded_key->round[i].v8[11]]];
+
+        c3 = U0[aes_sbox[expanded_key->round[i].v8[12]]] ^
+             U1[aes_sbox[expanded_key->round[i].v8[13]]] ^
+             U2[aes_sbox[expanded_key->round[i].v8[14]]] ^
+             U3[aes_sbox[expanded_key->round[i].v8[15]]];
+
+        expanded_key->round[i].v32[0] = c0;
+        expanded_key->round[i].v32[1] = c1;
+        expanded_key->round[i].v32[2] = c2;
+        expanded_key->round[i].v32[3] = c3;
+
+#endif
+    }
+
+    return srtp_err_status_ok;
+}
+
+#ifdef CPU_CISC
+
+static inline void aes_round(v128_t *state, const v128_t *round_key)
+{
+    uint32_t column0, column1, column2, column3;
+
+    /* compute the columns of the output square in terms of the octets
+       of state, using the tables T0, T1, T2, T3 */
+
+    column0 = T0[state->v8[0]] ^ T1[state->v8[5]] ^ T2[state->v8[10]] ^
+              T3[state->v8[15]];
+
+    column1 = T0[state->v8[4]] ^ T1[state->v8[9]] ^ T2[state->v8[14]] ^
+              T3[state->v8[3]];
+
+    column2 = T0[state->v8[8]] ^ T1[state->v8[13]] ^ T2[state->v8[2]] ^
+              T3[state->v8[7]];
+
+    column3 = T0[state->v8[12]] ^ T1[state->v8[1]] ^ T2[state->v8[6]] ^
+              T3[state->v8[11]];
+
+    state->v32[0] = column0 ^ round_key->v32[0];
+    state->v32[1] = column1 ^ round_key->v32[1];
+    state->v32[2] = column2 ^ round_key->v32[2];
+    state->v32[3] = column3 ^ round_key->v32[3];
+}
+
+static inline void aes_inv_round(v128_t *state, const v128_t *round_key)
+{
+    uint32_t column0, column1, column2, column3;
+
+    /* compute the columns of the output square in terms of the octets
+       of state, using the tables U0, U1, U2, U3 */
+
+    column0 = U0[state->v8[0]] ^ U1[state->v8[13]] ^ U2[state->v8[10]] ^
+              U3[state->v8[7]];
+
+    column1 = U0[state->v8[4]] ^ U1[state->v8[1]] ^ U2[state->v8[14]] ^
+              U3[state->v8[11]];
+
+    column2 = U0[state->v8[8]] ^ U1[state->v8[5]] ^ U2[state->v8[2]] ^
+              U3[state->v8[15]];
+
+    column3 = U0[state->v8[12]] ^ U1[state->v8[9]] ^ U2[state->v8[6]] ^
+              U3[state->v8[3]];
+
+    state->v32[0] = column0 ^ round_key->v32[0];
+    state->v32[1] = column1 ^ round_key->v32[1];
+    state->v32[2] = column2 ^ round_key->v32[2];
+    state->v32[3] = column3 ^ round_key->v32[3];
+}
+
+static inline void aes_final_round(v128_t *state, const v128_t *round_key)
+{
+    uint8_t tmp;
+
+    /* byte substitutions and row shifts */
+    /* first row - no shift */
+    state->v8[0] = aes_sbox[state->v8[0]];
+    state->v8[4] = aes_sbox[state->v8[4]];
+    state->v8[8] = aes_sbox[state->v8[8]];
+    state->v8[12] = aes_sbox[state->v8[12]];
+
+    /* second row - shift one left */
+    tmp = aes_sbox[state->v8[1]];
+    state->v8[1] = aes_sbox[state->v8[5]];
+    state->v8[5] = aes_sbox[state->v8[9]];
+    state->v8[9] = aes_sbox[state->v8[13]];
+    state->v8[13] = tmp;
+
+    /* third row - shift two left */
+    tmp = aes_sbox[state->v8[10]];
+    state->v8[10] = aes_sbox[state->v8[2]];
+    state->v8[2] = tmp;
+    tmp = aes_sbox[state->v8[14]];
+    state->v8[14] = aes_sbox[state->v8[6]];
+    state->v8[6] = tmp;
+
+    /* fourth row - shift three left */
+    tmp = aes_sbox[state->v8[15]];
+    state->v8[15] = aes_sbox[state->v8[11]];
+    state->v8[11] = aes_sbox[state->v8[7]];
+    state->v8[7] = aes_sbox[state->v8[3]];
+    state->v8[3] = tmp;
+
+    v128_xor_eq(state, round_key);
+}
+
+static inline void aes_inv_final_round(v128_t *state, const v128_t *round_key)
+{
+    uint8_t tmp;
+
+    /* byte substitutions and row shifts */
+    /* first row - no shift */
+    state->v8[0] = aes_inv_sbox[state->v8[0]];
+    state->v8[4] = aes_inv_sbox[state->v8[4]];
+    state->v8[8] = aes_inv_sbox[state->v8[8]];
+    state->v8[12] = aes_inv_sbox[state->v8[12]];
+
+    /* second row - shift one right */
+    tmp = aes_inv_sbox[state->v8[13]];
+    state->v8[13] = aes_inv_sbox[state->v8[9]];
+    state->v8[9] = aes_inv_sbox[state->v8[5]];
+    state->v8[5] = aes_inv_sbox[state->v8[1]];
+    state->v8[1] = tmp;
+
+    /* third row - shift two right */
+    tmp = aes_inv_sbox[state->v8[2]];
+    state->v8[2] = aes_inv_sbox[state->v8[10]];
+    state->v8[10] = tmp;
+    tmp = aes_inv_sbox[state->v8[6]];
+    state->v8[6] = aes_inv_sbox[state->v8[14]];
+    state->v8[14] = tmp;
+
+    /* fourth row - shift three right */
+    tmp = aes_inv_sbox[state->v8[3]];
+    state->v8[3] = aes_inv_sbox[state->v8[7]];
+    state->v8[7] = aes_inv_sbox[state->v8[11]];
+    state->v8[11] = aes_inv_sbox[state->v8[15]];
+    state->v8[15] = tmp;
+
+    v128_xor_eq(state, round_key);
+}
+
+#elif CPU_RISC
+
+static inline void aes_round(v128_t *state, const v128_t *round_key)
+{
+    uint32_t column0, column1, column2, column3;
+
+/* compute the columns of the output square in terms of the octets
+   of state, using the tables T0, T1, T2, T3 */
+#ifdef WORDS_BIGENDIAN
+    column0 = T0[state->v32[0] >> 24] ^ T1[(state->v32[1] >> 16) & 0xff] ^
+              T2[(state->v32[2] >> 8) & 0xff] ^ T3[state->v32[3] & 0xff];
+
+    column1 = T0[state->v32[1] >> 24] ^ T1[(state->v32[2] >> 16) & 0xff] ^
+              T2[(state->v32[3] >> 8) & 0xff] ^ T3[state->v32[0] & 0xff];
+
+    column2 = T0[state->v32[2] >> 24] ^ T1[(state->v32[3] >> 16) & 0xff] ^
+              T2[(state->v32[0] >> 8) & 0xff] ^ T3[state->v32[1] & 0xff];
+
+    column3 = T0[state->v32[3] >> 24] ^ T1[(state->v32[0] >> 16) & 0xff] ^
+              T2[(state->v32[1] >> 8) & 0xff] ^ T3[state->v32[2] & 0xff];
+#else
+    column0 = T0[state->v32[0] & 0xff] ^ T1[(state->v32[1] >> 8) & 0xff] ^
+              T2[(state->v32[2] >> 16) & 0xff] ^ T3[state->v32[3] >> 24];
+
+    column1 = T0[state->v32[1] & 0xff] ^ T1[(state->v32[2] >> 8) & 0xff] ^
+              T2[(state->v32[3] >> 16) & 0xff] ^ T3[state->v32[0] >> 24];
+
+    column2 = T0[state->v32[2] & 0xff] ^ T1[(state->v32[3] >> 8) & 0xff] ^
+              T2[(state->v32[0] >> 16) & 0xff] ^ T3[state->v32[1] >> 24];
+
+    column3 = T0[state->v32[3] & 0xff] ^ T1[(state->v32[0] >> 8) & 0xff] ^
+              T2[(state->v32[1] >> 16) & 0xff] ^ T3[state->v32[2] >> 24];
+#endif /* WORDS_BIGENDIAN */
+
+    state->v32[0] = column0 ^ round_key->v32[0];
+    state->v32[1] = column1 ^ round_key->v32[1];
+    state->v32[2] = column2 ^ round_key->v32[2];
+    state->v32[3] = column3 ^ round_key->v32[3];
+}
+
+static inline void aes_inv_round(v128_t *state, const v128_t *round_key)
+{
+    uint32_t column0, column1, column2, column3;
+
+/* compute the columns of the output square in terms of the octets
+   of state, using the tables U0, U1, U2, U3 */
+
+#ifdef WORDS_BIGENDIAN
+    column0 = U0[state->v32[0] >> 24] ^ U1[(state->v32[3] >> 16) & 0xff] ^
+              U2[(state->v32[2] >> 8) & 0xff] ^ U3[state->v32[1] & 0xff];
+
+    column1 = U0[state->v32[1] >> 24] ^ U1[(state->v32[0] >> 16) & 0xff] ^
+              U2[(state->v32[3] >> 8) & 0xff] ^ U3[state->v32[2] & 0xff];
+
+    column2 = U0[state->v32[2] >> 24] ^ U1[(state->v32[1] >> 16) & 0xff] ^
+              U2[(state->v32[0] >> 8) & 0xff] ^ U3[state->v32[3] & 0xff];
+
+    column3 = U0[state->v32[3] >> 24] ^ U1[(state->v32[2] >> 16) & 0xff] ^
+              U2[(state->v32[1] >> 8) & 0xff] ^ U3[state->v32[0] & 0xff];
+#else
+    column0 = U0[state->v32[0] & 0xff] ^ U1[(state->v32[3] >> 8) & 0xff] ^
+              U2[(state->v32[2] >> 16) & 0xff] ^
+              U3[(state->v32[1] >> 24) & 0xff];
+
+    column1 = U0[state->v32[1] & 0xff] ^ U1[(state->v32[0] >> 8) & 0xff] ^
+              U2[(state->v32[3] >> 16) & 0xff] ^
+              U3[(state->v32[2] >> 24) & 0xff];
+
+    column2 = U0[state->v32[2] & 0xff] ^ U1[(state->v32[1] >> 8) & 0xff] ^
+              U2[(state->v32[0] >> 16) & 0xff] ^
+              U3[(state->v32[3] >> 24) & 0xff];
+
+    column3 = U0[state->v32[3] & 0xff] ^ U1[(state->v32[2] >> 8) & 0xff] ^
+              U2[(state->v32[1] >> 16) & 0xff] ^
+              U3[(state->v32[0] >> 24) & 0xff];
+#endif /* WORDS_BIGENDIAN */
+
+    state->v32[0] = column0 ^ round_key->v32[0];
+    state->v32[1] = column1 ^ round_key->v32[1];
+    state->v32[2] = column2 ^ round_key->v32[2];
+    state->v32[3] = column3 ^ round_key->v32[3];
+}
+
+static inline void aes_final_round(v128_t *state, const v128_t *round_key)
+{
+    uint32_t tmp0, tmp1, tmp2, tmp3;
+
+#ifdef WORDS_BIGENDIAN
+    /* clang-format off */
+    tmp0 = (T4[(state->v32[0] >> 24)]        & 0xff000000) ^
+           (T4[(state->v32[1] >> 16) & 0xff] & 0x00ff0000) ^
+           (T4[(state->v32[2] >>  8) & 0xff] & 0x0000ff00) ^
+           (T4[(state->v32[3]      ) & 0xff] & 0x000000ff) ^
+           round_key->v32[0];
+
+    tmp1 = (T4[(state->v32[1] >> 24)]        & 0xff000000) ^
+           (T4[(state->v32[2] >> 16) & 0xff] & 0x00ff0000) ^
+           (T4[(state->v32[3] >>  8) & 0xff] & 0x0000ff00) ^
+           (T4[(state->v32[0]      ) & 0xff] & 0x000000ff) ^
+           round_key->v32[1];
+
+    tmp2 = (T4[(state->v32[2] >> 24)]        & 0xff000000) ^
+           (T4[(state->v32[3] >> 16) & 0xff] & 0x00ff0000) ^
+           (T4[(state->v32[0] >>  8) & 0xff] & 0x0000ff00) ^
+           (T4[(state->v32[1]      ) & 0xff] & 0x000000ff) ^
+           round_key->v32[2];
+
+    tmp3 = (T4[(state->v32[3] >> 24)]        & 0xff000000) ^
+           (T4[(state->v32[0] >> 16) & 0xff] & 0x00ff0000) ^
+           (T4[(state->v32[1] >>  8) & 0xff] & 0x0000ff00) ^
+           (T4[(state->v32[2]      ) & 0xff] & 0x000000ff) ^
+           round_key->v32[3];
+#else
+    tmp0 = (T4[(state->v32[3] >> 24)]        & 0xff000000) ^
+           (T4[(state->v32[2] >> 16) & 0xff] & 0x00ff0000) ^
+           (T4[(state->v32[1] >>  8) & 0xff] & 0x0000ff00) ^
+           (T4[(state->v32[0]      ) & 0xff] & 0x000000ff) ^
+           round_key->v32[0];
+
+    tmp1 = (T4[(state->v32[0] >> 24)]        & 0xff000000) ^
+           (T4[(state->v32[3] >> 16) & 0xff] & 0x00ff0000) ^
+           (T4[(state->v32[2] >>  8) & 0xff] & 0x0000ff00) ^
+           (T4[(state->v32[1]      ) & 0xff] & 0x000000ff) ^
+           round_key->v32[1];
+
+    tmp2 = (T4[(state->v32[1] >> 24)]        & 0xff000000) ^
+           (T4[(state->v32[0] >> 16) & 0xff] & 0x00ff0000) ^
+           (T4[(state->v32[3] >>  8) & 0xff] & 0x0000ff00) ^
+           (T4[(state->v32[2]      ) & 0xff] & 0x000000ff) ^
+           round_key->v32[2];
+
+    tmp3 = (T4[(state->v32[2] >> 24)]        & 0xff000000) ^
+           (T4[(state->v32[1] >> 16) & 0xff] & 0x00ff0000) ^
+           (T4[(state->v32[0] >>  8) & 0xff] & 0x0000ff00) ^
+           (T4[(state->v32[3]      ) & 0xff] & 0x000000ff) ^
+           round_key->v32[3];
+/* clang-format on */
+#endif /* WORDS_BIGENDIAN */
+
+    state->v32[0] = tmp0;
+    state->v32[1] = tmp1;
+    state->v32[2] = tmp2;
+    state->v32[3] = tmp3;
+}
+
+static inline void aes_inv_final_round(v128_t *state, const v128_t *round_key)
+{
+    uint32_t tmp0, tmp1, tmp2, tmp3;
+
+#ifdef WORDS_BIGENDIAN
+    /* clang-format off */
+    tmp0 = (U4[(state->v32[0] >> 24)]        & 0xff000000) ^
+           (U4[(state->v32[3] >> 16) & 0xff] & 0x00ff0000) ^
+           (U4[(state->v32[2] >>  8) & 0xff] & 0x0000ff00) ^
+           (U4[(state->v32[1]      ) & 0xff] & 0x000000ff) ^
+           round_key->v32[0];
+
+    tmp1 = (U4[(state->v32[1] >> 24)]        & 0xff000000) ^
+           (U4[(state->v32[0] >> 16) & 0xff] & 0x00ff0000) ^
+           (U4[(state->v32[3] >>  8) & 0xff] & 0x0000ff00) ^
+           (U4[(state->v32[2]      ) & 0xff] & 0x000000ff) ^
+           round_key->v32[1];
+
+    tmp2 = (U4[(state->v32[2] >> 24)]        & 0xff000000) ^
+           (U4[(state->v32[1] >> 16) & 0xff] & 0x00ff0000) ^
+           (U4[(state->v32[0] >>  8) & 0xff] & 0x0000ff00) ^
+           (U4[(state->v32[3]      ) & 0xff] & 0x000000ff) ^
+           round_key->v32[2];
+
+    tmp3 = (U4[(state->v32[3] >> 24)]        & 0xff000000) ^
+           (U4[(state->v32[2] >> 16) & 0xff] & 0x00ff0000) ^
+           (U4[(state->v32[1] >>  8) & 0xff] & 0x0000ff00) ^
+           (U4[(state->v32[0]      ) & 0xff] & 0x000000ff) ^
+           round_key->v32[3];
+#else
+    tmp0 = (U4[(state->v32[1] >> 24)]        & 0xff000000) ^
+           (U4[(state->v32[2] >> 16) & 0xff] & 0x00ff0000) ^
+           (U4[(state->v32[3] >>  8) & 0xff] & 0x0000ff00) ^
+           (U4[(state->v32[0]      ) & 0xff] & 0x000000ff) ^
+           round_key->v32[0];
+
+    tmp1 = (U4[(state->v32[2] >> 24)]        & 0xff000000) ^
+           (U4[(state->v32[3] >> 16) & 0xff] & 0x00ff0000) ^
+           (U4[(state->v32[0] >>  8) & 0xff] & 0x0000ff00) ^
+           (U4[(state->v32[1]      ) & 0xff] & 0x000000ff) ^
+           round_key->v32[1];
+
+    tmp2 = (U4[(state->v32[3] >> 24)]        & 0xff000000) ^
+           (U4[(state->v32[0] >> 16) & 0xff] & 0x00ff0000) ^
+           (U4[(state->v32[1] >>  8) & 0xff] & 0x0000ff00) ^
+           (U4[(state->v32[2]      ) & 0xff] & 0x000000ff) ^
+           round_key->v32[2];
+
+    tmp3 = (U4[(state->v32[0] >> 24)]        & 0xff000000) ^
+           (U4[(state->v32[1] >> 16) & 0xff] & 0x00ff0000) ^
+           (U4[(state->v32[2] >>  8) & 0xff] & 0x0000ff00) ^
+           (U4[(state->v32[3]      ) & 0xff] & 0x000000ff) ^
+           round_key->v32[3];
+/* clang-format on */
+#endif /* WORDS_BIGENDIAN */
+
+    state->v32[0] = tmp0;
+    state->v32[1] = tmp1;
+    state->v32[2] = tmp2;
+    state->v32[3] = tmp3;
+}
+
+#elif CPU_16 /* assume 16-bit word size on processor */
+
+static inline void aes_round(v128_t *state, const v128_t *round_key)
+{
+    uint32_t column0, column1, column2, column3;
+    /* compute the columns of the output square in terms of the octets
+       of state, using the tables T0, T1, T2, T3 */
+
+    column0 = T0[state->v8[0]] ^ T1[state->v8[5]] ^ T2[state->v8[10]] ^
+              T3[state->v8[15]];
+
+    column1 = T0[state->v8[4]] ^ T1[state->v8[9]] ^ T2[state->v8[14]] ^
+              T3[state->v8[3]];
+
+    column2 = T0[state->v8[8]] ^ T1[state->v8[13]] ^ T2[state->v8[2]] ^
+              T3[state->v8[7]];
+
+    column3 = T0[state->v8[12]] ^ T1[state->v8[1]] ^ T2[state->v8[6]] ^
+              T3[state->v8[11]];
+
+    state->v32[0] = column0 ^ round_key->v32[0];
+    state->v32[1] = column1 ^ round_key->v32[1];
+    state->v32[2] = column2 ^ round_key->v32[2];
+    state->v32[3] = column3 ^ round_key->v32[3];
+}
+
+static inline void aes_inv_round(v128_t *state, const v128_t *round_key)
+{
+    uint32_t column0, column1, column2, column3;
+
+    /* compute the columns of the output square in terms of the octets
+       of state, using the tables U0, U1, U2, U3 */
+
+    column0 = U0[state->v8[0]] ^ U1[state->v8[5]] ^ U2[state->v8[10]] ^
+              U3[state->v8[15]];
+
+    column1 = U0[state->v8[4]] ^ U1[state->v8[9]] ^ U2[state->v8[14]] ^
+              U3[state->v8[3]];
+
+    column2 = U0[state->v8[8]] ^ U1[state->v8[13]] ^ U2[state->v8[2]] ^
+              U3[state->v8[7]];
+
+    column3 = U0[state->v8[12]] ^ U1[state->v8[1]] ^ U2[state->v8[6]] ^
+              U3[state->v8[11]];
+
+    state->v32[0] = column0 ^ round_key->v32[0];
+    state->v32[1] = column1 ^ round_key->v32[1];
+    state->v32[2] = column2 ^ round_key->v32[2];
+    state->v32[3] = column3 ^ round_key->v32[3];
+}
+
+static inline void aes_final_round(v128_t *state, const v128_t *round_key)
+{
+    uint8_t tmp;
+
+    /* byte substitutions and row shifts */
+    /* first row - no shift */
+    state->v8[0] = aes_sbox[state->v8[0]];
+    state->v8[4] = aes_sbox[state->v8[4]];
+    state->v8[8] = aes_sbox[state->v8[8]];
+    state->v8[12] = aes_sbox[state->v8[12]];
+
+    /* second row - shift one left */
+    tmp = aes_sbox[state->v8[1]];
+    state->v8[1] = aes_sbox[state->v8[5]];
+    state->v8[5] = aes_sbox[state->v8[9]];
+    state->v8[9] = aes_sbox[state->v8[13]];
+    state->v8[13] = tmp;
+
+    /* third row - shift two left */
+    tmp = aes_sbox[state->v8[10]];
+    state->v8[10] = aes_sbox[state->v8[2]];
+    state->v8[2] = tmp;
+    tmp = aes_sbox[state->v8[14]];
+    state->v8[14] = aes_sbox[state->v8[6]];
+    state->v8[6] = tmp;
+
+    /* fourth row - shift three left */
+    tmp = aes_sbox[state->v8[15]];
+    state->v8[15] = aes_sbox[state->v8[11]];
+    state->v8[11] = aes_sbox[state->v8[7]];
+    state->v8[7] = aes_sbox[state->v8[3]];
+    state->v8[3] = tmp;
+
+    v128_xor_eq(state, round_key);
+}
+
+static inline void aes_inv_final_round(v128_t *state, const v128_t *round_key)
+{
+    uint8_t tmp;
+
+    /* byte substitutions and row shifts */
+    /* first row - no shift */
+    state->v8[0] = aes_inv_sbox[state->v8[0]];
+    state->v8[4] = aes_inv_sbox[state->v8[4]];
+    state->v8[8] = aes_inv_sbox[state->v8[8]];
+    state->v8[12] = aes_inv_sbox[state->v8[12]];
+
+    /* second row - shift one left */
+    tmp = aes_inv_sbox[state->v8[1]];
+    state->v8[1] = aes_inv_sbox[state->v8[5]];
+    state->v8[5] = aes_inv_sbox[state->v8[9]];
+    state->v8[9] = aes_inv_sbox[state->v8[13]];
+    state->v8[13] = tmp;
+
+    /* third row - shift two left */
+    tmp = aes_inv_sbox[state->v8[10]];
+    state->v8[10] = aes_inv_sbox[state->v8[2]];
+    state->v8[2] = tmp;
+    tmp = aes_inv_sbox[state->v8[14]];
+    state->v8[14] = aes_inv_sbox[state->v8[6]];
+    state->v8[6] = tmp;
+
+    /* fourth row - shift three left */
+    tmp = aes_inv_sbox[state->v8[15]];
+    state->v8[15] = aes_inv_sbox[state->v8[11]];
+    state->v8[11] = aes_inv_sbox[state->v8[7]];
+    state->v8[7] = aes_inv_sbox[state->v8[3]];
+    state->v8[3] = tmp;
+
+    v128_xor_eq(state, round_key);
+}
+
+#endif /* CPU type */
+
+void srtp_aes_encrypt(v128_t *plaintext, const srtp_aes_expanded_key_t *exp_key)
+{
+    /* add in the subkey */
+    v128_xor_eq(plaintext, &exp_key->round[0]);
+
+    /* now do the rounds */
+    aes_round(plaintext, &exp_key->round[1]);
+    aes_round(plaintext, &exp_key->round[2]);
+    aes_round(plaintext, &exp_key->round[3]);
+    aes_round(plaintext, &exp_key->round[4]);
+    aes_round(plaintext, &exp_key->round[5]);
+    aes_round(plaintext, &exp_key->round[6]);
+    aes_round(plaintext, &exp_key->round[7]);
+    aes_round(plaintext, &exp_key->round[8]);
+    aes_round(plaintext, &exp_key->round[9]);
+    if (exp_key->num_rounds == 10) {
+        aes_final_round(plaintext, &exp_key->round[10]);
+    } else if (exp_key->num_rounds == 12) {
+        aes_round(plaintext, &exp_key->round[10]);
+        aes_round(plaintext, &exp_key->round[11]);
+        aes_final_round(plaintext, &exp_key->round[12]);
+    } else if (exp_key->num_rounds == 14) {
+        aes_round(plaintext, &exp_key->round[10]);
+        aes_round(plaintext, &exp_key->round[11]);
+        aes_round(plaintext, &exp_key->round[12]);
+        aes_round(plaintext, &exp_key->round[13]);
+        aes_final_round(plaintext, &exp_key->round[14]);
+    }
+}
+
+void srtp_aes_decrypt(v128_t *plaintext, const srtp_aes_expanded_key_t *exp_key)
+{
+    /* add in the subkey */
+    v128_xor_eq(plaintext, &exp_key->round[0]);
+
+    /* now do the rounds */
+    aes_inv_round(plaintext, &exp_key->round[1]);
+    aes_inv_round(plaintext, &exp_key->round[2]);
+    aes_inv_round(plaintext, &exp_key->round[3]);
+    aes_inv_round(plaintext, &exp_key->round[4]);
+    aes_inv_round(plaintext, &exp_key->round[5]);
+    aes_inv_round(plaintext, &exp_key->round[6]);
+    aes_inv_round(plaintext, &exp_key->round[7]);
+    aes_inv_round(plaintext, &exp_key->round[8]);
+    aes_inv_round(plaintext, &exp_key->round[9]);
+    if (exp_key->num_rounds == 10) {
+        aes_inv_final_round(plaintext, &exp_key->round[10]);
+    } else if (exp_key->num_rounds == 12) {
+        aes_inv_round(plaintext, &exp_key->round[10]);
+        aes_inv_round(plaintext, &exp_key->round[11]);
+        aes_inv_final_round(plaintext, &exp_key->round[12]);
+    } else if (exp_key->num_rounds == 14) {
+        aes_inv_round(plaintext, &exp_key->round[10]);
+        aes_inv_round(plaintext, &exp_key->round[11]);
+        aes_inv_round(plaintext, &exp_key->round[12]);
+        aes_inv_round(plaintext, &exp_key->round[13]);
+        aes_inv_final_round(plaintext, &exp_key->round[14]);
+    }
+}
diff --git a/trunk/3rdparty/libsrtp-2-fit/crypto/cipher/aes_gcm_nss.c b/trunk/3rdparty/libsrtp-2-fit/crypto/cipher/aes_gcm_nss.c
new file mode 100644
index 000000000..54547cd1c
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/crypto/cipher/aes_gcm_nss.c
@@ -0,0 +1,609 @@
+/*
+ * aes_gcm_nss.c
+ *
+ * AES Galois Counter Mode
+ *
+ * Richard L. Barnes
+ * Cisco Systems, Inc.
+ *
+ */
+
+/*
+ *
+ * Copyright (c) 2013-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include "aes_gcm.h"
+#include "alloc.h"
+#include "err.h" /* for srtp_debug */
+#include "crypto_types.h"
+#include "cipher_types.h"
+#include <secerr.h>
+#include <nspr.h>
+
+srtp_debug_module_t srtp_mod_aes_gcm = {
+    0,            /* debugging is off by default */
+    "aes gcm nss" /* printable module name       */
+};
+
+/*
+ * For now we only support 8 and 16 octet tags.  The spec allows for
+ * optional 12 byte tag, which may be supported in the future.
+ */
+#define GCM_IV_LEN 12
+#define GCM_AUTH_TAG_LEN 16
+#define GCM_AUTH_TAG_LEN_8 8
+
+/*
+ * This function allocates a new instance of this crypto engine.
+ * The key_len parameter should be one of 28 or 44 for
+ * AES-128-GCM or AES-256-GCM respectively.  Note that the
+ * key length includes the 14 byte salt value that is used when
+ * initializing the KDF.
+ */
+static srtp_err_status_t srtp_aes_gcm_nss_alloc(srtp_cipher_t **c,
+                                                int key_len,
+                                                int tlen)
+{
+    srtp_aes_gcm_ctx_t *gcm;
+    NSSInitContext *nss;
+
+    debug_print(srtp_mod_aes_gcm, "allocating cipher with key length %d",
+                key_len);
+    debug_print(srtp_mod_aes_gcm, "allocating cipher with tag length %d", tlen);
+
+    /*
+     * Verify the key_len is valid for one of: AES-128/256
+     */
+    if (key_len != SRTP_AES_GCM_128_KEY_LEN_WSALT &&
+        key_len != SRTP_AES_GCM_256_KEY_LEN_WSALT) {
+        return (srtp_err_status_bad_param);
+    }
+
+    if (tlen != GCM_AUTH_TAG_LEN && tlen != GCM_AUTH_TAG_LEN_8) {
+        return (srtp_err_status_bad_param);
+    }
+
+    /* Initialize NSS equiv of NSS_NoDB_Init(NULL) */
+    nss = NSS_InitContext("", "", "", "", NULL,
+                          NSS_INIT_READONLY | NSS_INIT_NOCERTDB |
+                              NSS_INIT_NOMODDB | NSS_INIT_FORCEOPEN |
+                              NSS_INIT_OPTIMIZESPACE);
+    if (!nss) {
+        return (srtp_err_status_cipher_fail);
+    }
+
+    /* allocate memory a cipher of type aes_gcm */
+    *c = (srtp_cipher_t *)srtp_crypto_alloc(sizeof(srtp_cipher_t));
+    if (*c == NULL) {
+        NSS_ShutdownContext(nss);
+        return (srtp_err_status_alloc_fail);
+    }
+
+    gcm = (srtp_aes_gcm_ctx_t *)srtp_crypto_alloc(sizeof(srtp_aes_gcm_ctx_t));
+    if (gcm == NULL) {
+        NSS_ShutdownContext(nss);
+        srtp_crypto_free(*c);
+        *c = NULL;
+        return (srtp_err_status_alloc_fail);
+    }
+
+    gcm->nss = nss;
+
+    /* set pointers */
+    (*c)->state = gcm;
+
+    /* setup cipher attributes */
+    switch (key_len) {
+    case SRTP_AES_GCM_128_KEY_LEN_WSALT:
+        (*c)->type = &srtp_aes_gcm_128;
+        (*c)->algorithm = SRTP_AES_GCM_128;
+        gcm->key_size = SRTP_AES_128_KEY_LEN;
+        gcm->tag_size = tlen;
+        gcm->params.ulTagBits = 8 * tlen;
+        break;
+    case SRTP_AES_GCM_256_KEY_LEN_WSALT:
+        (*c)->type = &srtp_aes_gcm_256;
+        (*c)->algorithm = SRTP_AES_GCM_256;
+        gcm->key_size = SRTP_AES_256_KEY_LEN;
+        gcm->tag_size = tlen;
+        gcm->params.ulTagBits = 8 * tlen;
+        break;
+    default:
+        /* this should never hit, but to be sure... */
+        return (srtp_err_status_bad_param);
+    }
+
+    /* set key size and tag size*/
+    (*c)->key_len = key_len;
+
+    return (srtp_err_status_ok);
+}
+
+/*
+ * This function deallocates a GCM session
+ */
+static srtp_err_status_t srtp_aes_gcm_nss_dealloc(srtp_cipher_t *c)
+{
+    srtp_aes_gcm_ctx_t *ctx;
+
+    ctx = (srtp_aes_gcm_ctx_t *)c->state;
+    if (ctx) {
+        /* release NSS resources */
+        if (ctx->key) {
+            PK11_FreeSymKey(ctx->key);
+        }
+
+        if (ctx->nss) {
+            NSS_ShutdownContext(ctx->nss);
+            ctx->nss = NULL;
+        }
+
+        /* zeroize the key material */
+        octet_string_set_to_zero(ctx, sizeof(srtp_aes_gcm_ctx_t));
+        srtp_crypto_free(ctx);
+    }
+
+    /* free memory */
+    srtp_crypto_free(c);
+
+    return (srtp_err_status_ok);
+}
+
+/*
+ * aes_gcm_nss_context_init(...) initializes the aes_gcm_context
+ * using the value in key[].
+ *
+ * the key is the secret key
+ */
+static srtp_err_status_t srtp_aes_gcm_nss_context_init(void *cv,
+                                                       const uint8_t *key)
+{
+    srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv;
+
+    c->dir = srtp_direction_any;
+
+    debug_print(srtp_mod_aes_gcm, "key:  %s",
+                srtp_octet_string_hex_string(key, c->key_size));
+
+    if (c->key) {
+        PK11_FreeSymKey(c->key);
+        c->key = NULL;
+    }
+
+    PK11SlotInfo *slot = PK11_GetBestSlot(CKM_AES_GCM, NULL);
+    if (!slot) {
+        return (srtp_err_status_cipher_fail);
+    }
+
+    SECItem key_item = { siBuffer, (unsigned char *)key, c->key_size };
+    c->key = PK11_ImportSymKey(slot, CKM_AES_GCM, PK11_OriginUnwrap,
+                               CKA_ENCRYPT, &key_item, NULL);
+    PK11_FreeSlot(slot);
+
+    if (!c->key) {
+        return (srtp_err_status_cipher_fail);
+    }
+
+    return (srtp_err_status_ok);
+}
+
+/*
+ * aes_gcm_nss_set_iv(c, iv) sets the counter value to the exor of iv with
+ * the offset
+ */
+static srtp_err_status_t srtp_aes_gcm_nss_set_iv(
+    void *cv,
+    uint8_t *iv,
+    srtp_cipher_direction_t direction)
+{
+    srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv;
+
+    if (direction != srtp_direction_encrypt &&
+        direction != srtp_direction_decrypt) {
+        return (srtp_err_status_bad_param);
+    }
+    c->dir = direction;
+
+    debug_print(srtp_mod_aes_gcm, "setting iv: %s",
+                srtp_octet_string_hex_string(iv, GCM_IV_LEN));
+
+    memcpy(c->iv, iv, GCM_IV_LEN);
+
+    return (srtp_err_status_ok);
+}
+
+/*
+ * This function processes the AAD
+ *
+ * Parameters:
+ *	c	Crypto context
+ *	aad	Additional data to process for AEAD cipher suites
+ *	aad_len	length of aad buffer
+ */
+static srtp_err_status_t srtp_aes_gcm_nss_set_aad(void *cv,
+                                                  const uint8_t *aad,
+                                                  uint32_t aad_len)
+{
+    srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv;
+
+    debug_print(srtp_mod_aes_gcm, "setting AAD: %s",
+                srtp_octet_string_hex_string(aad, aad_len));
+
+    if (aad_len + c->aad_size > MAX_AD_SIZE) {
+        return srtp_err_status_bad_param;
+    }
+
+    memcpy(c->aad + c->aad_size, aad, aad_len);
+    c->aad_size += aad_len;
+
+    return (srtp_err_status_ok);
+}
+
+static srtp_err_status_t srtp_aes_gcm_nss_do_crypto(void *cv,
+                                                    int encrypt,
+                                                    unsigned char *buf,
+                                                    unsigned int *enc_len)
+{
+    srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv;
+
+    c->params.pIv = c->iv;
+    c->params.ulIvLen = GCM_IV_LEN;
+    c->params.pAAD = c->aad;
+    c->params.ulAADLen = c->aad_size;
+
+    // Reset AAD
+    c->aad_size = 0;
+
+    int rv;
+    SECItem param = { siBuffer, (unsigned char *)&c->params,
+                      sizeof(CK_GCM_PARAMS) };
+    if (encrypt) {
+        rv = PK11_Encrypt(c->key, CKM_AES_GCM, &param, buf, enc_len,
+                          *enc_len + 16, buf, *enc_len);
+    } else {
+        rv = PK11_Decrypt(c->key, CKM_AES_GCM, &param, buf, enc_len, *enc_len,
+                          buf, *enc_len);
+    }
+
+    srtp_err_status_t status = (srtp_err_status_ok);
+    if (rv != SECSuccess) {
+        status = (srtp_err_status_cipher_fail);
+    }
+
+    return status;
+}
+
+/*
+ * This function encrypts a buffer using AES GCM mode
+ *
+ * XXX(rlb@ipv.sx): We're required to break off and cache the tag
+ * here, because the get_tag() method is separate and the tests expect
+ * encrypt() not to change the size of the plaintext.  It might be
+ * good to update the calling API so that this is cleaner.
+ *
+ * Parameters:
+ *	c	Crypto context
+ *	buf	data to encrypt
+ *	enc_len	length of encrypt buffer
+ */
+static srtp_err_status_t srtp_aes_gcm_nss_encrypt(void *cv,
+                                                  unsigned char *buf,
+                                                  unsigned int *enc_len)
+{
+    srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv;
+
+    // When we get a non-NULL buffer, we know that the caller is
+    // prepared to also take the tag.  When we get a NULL buffer,
+    // even though there's no data, we need to give NSS a buffer
+    // where it can write the tag.  We can't just use c->tag because
+    // memcpy has undefined behavior on overlapping ranges.
+    unsigned char tagbuf[16];
+    unsigned char *non_null_buf = buf;
+    if (!non_null_buf && (*enc_len == 0)) {
+        non_null_buf = tagbuf;
+    } else if (!non_null_buf) {
+        return srtp_err_status_bad_param;
+    }
+
+    srtp_err_status_t status =
+        srtp_aes_gcm_nss_do_crypto(cv, 1, non_null_buf, enc_len);
+    if (status != srtp_err_status_ok) {
+        return status;
+    }
+
+    memcpy(c->tag, non_null_buf + (*enc_len - c->tag_size), c->tag_size);
+    *enc_len -= c->tag_size;
+    return srtp_err_status_ok;
+}
+
+/*
+ * This function calculates and returns the GCM tag for a given context.
+ * This should be called after encrypting the data.  The *len value
+ * is increased by the tag size.  The caller must ensure that *buf has
+ * enough room to accept the appended tag.
+ *
+ * Parameters:
+ *	c	Crypto context
+ *	buf	data to encrypt
+ *	len	length of encrypt buffer
+ */
+static srtp_err_status_t srtp_aes_gcm_nss_get_tag(void *cv,
+                                                  uint8_t *buf,
+                                                  uint32_t *len)
+{
+    srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv;
+    *len = c->tag_size;
+    memcpy(buf, c->tag, c->tag_size);
+    return (srtp_err_status_ok);
+}
+
+/*
+ * This function decrypts a buffer using AES GCM mode
+ *
+ * Parameters:
+ *	c	Crypto context
+ *	buf	data to encrypt
+ *	enc_len	length of encrypt buffer
+ */
+static srtp_err_status_t srtp_aes_gcm_nss_decrypt(void *cv,
+                                                  unsigned char *buf,
+                                                  unsigned int *enc_len)
+{
+    srtp_err_status_t status = srtp_aes_gcm_nss_do_crypto(cv, 0, buf, enc_len);
+    if (status != srtp_err_status_ok) {
+        int err = PR_GetError();
+        if (err == SEC_ERROR_BAD_DATA) {
+            status = srtp_err_status_auth_fail;
+        }
+    }
+
+    return status;
+}
+
+/*
+ * Name of this crypto engine
+ */
+static const char srtp_aes_gcm_128_nss_description[] = "AES-128 GCM using NSS";
+static const char srtp_aes_gcm_256_nss_description[] = "AES-256 GCM using NSS";
+
+/*
+ * KAT values for AES self-test.  These
+ * values we're derived from independent test code
+ * using OpenSSL.
+ */
+/* clang-format off */
+static const uint8_t srtp_aes_gcm_test_case_0_key[SRTP_AES_GCM_128_KEY_LEN_WSALT] = {
+    0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
+    0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
+    0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+    0x09, 0x0a, 0x0b, 0x0c,
+};
+/* clang-format on */
+
+/* clang-format off */
+static uint8_t srtp_aes_gcm_test_case_0_iv[12] = {
+    0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
+    0xde, 0xca, 0xf8, 0x88
+};
+/* clang-format on */
+
+/* clang-format off */
+static const uint8_t srtp_aes_gcm_test_case_0_plaintext[60] =  {
+    0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
+    0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
+    0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
+    0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
+    0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
+    0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
+    0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
+    0xba, 0x63, 0x7b, 0x39
+};
+
+/* clang-format off */
+static const uint8_t srtp_aes_gcm_test_case_0_aad[20] = {
+    0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+    0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+    0xab, 0xad, 0xda, 0xd2
+};
+/* clang-format on */
+
+/* clang-format off */
+static const uint8_t srtp_aes_gcm_test_case_0_ciphertext[76] = {
+    0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
+    0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
+    0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
+    0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
+    0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
+    0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
+    0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
+    0x3d, 0x58, 0xe0, 0x91,
+    /* the last 16 bytes are the tag */
+    0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb,
+    0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47,
+};
+/* clang-format on */
+
+static const srtp_cipher_test_case_t srtp_aes_gcm_test_case_0a = {
+    SRTP_AES_GCM_128_KEY_LEN_WSALT,      /* octets in key            */
+    srtp_aes_gcm_test_case_0_key,        /* key                      */
+    srtp_aes_gcm_test_case_0_iv,         /* packet index             */
+    60,                                  /* octets in plaintext      */
+    srtp_aes_gcm_test_case_0_plaintext,  /* plaintext                */
+    68,                                  /* octets in ciphertext     */
+    srtp_aes_gcm_test_case_0_ciphertext, /* ciphertext  + tag        */
+    20,                                  /* octets in AAD            */
+    srtp_aes_gcm_test_case_0_aad,        /* AAD                      */
+    GCM_AUTH_TAG_LEN_8,                  /* */
+    NULL                                 /* pointer to next testcase */
+};
+
+static const srtp_cipher_test_case_t srtp_aes_gcm_test_case_0 = {
+    SRTP_AES_GCM_128_KEY_LEN_WSALT,      /* octets in key            */
+    srtp_aes_gcm_test_case_0_key,        /* key                      */
+    srtp_aes_gcm_test_case_0_iv,         /* packet index             */
+    60,                                  /* octets in plaintext      */
+    srtp_aes_gcm_test_case_0_plaintext,  /* plaintext                */
+    76,                                  /* octets in ciphertext     */
+    srtp_aes_gcm_test_case_0_ciphertext, /* ciphertext  + tag        */
+    20,                                  /* octets in AAD            */
+    srtp_aes_gcm_test_case_0_aad,        /* AAD                      */
+    GCM_AUTH_TAG_LEN,                    /* */
+    &srtp_aes_gcm_test_case_0a           /* pointer to next testcase */
+};
+
+/* clang-format off */
+static const uint8_t srtp_aes_gcm_test_case_1_key[SRTP_AES_GCM_256_KEY_LEN_WSALT] = {
+    0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
+    0xa5, 0x59, 0x09, 0xc5, 0x54, 0x66, 0x93, 0x1c,
+    0xaf, 0xf5, 0x26, 0x9a, 0x21, 0xd5, 0x14, 0xb2,
+    0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
+    0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+    0x09, 0x0a, 0x0b, 0x0c,
+};
+/* clang-format on */
+
+/* clang-format off */
+static uint8_t srtp_aes_gcm_test_case_1_iv[12] = {
+    0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
+    0xde, 0xca, 0xf8, 0x88
+};
+/* clang-format on */
+
+/* clang-format off */
+static const uint8_t srtp_aes_gcm_test_case_1_plaintext[60] =  {
+    0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
+    0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
+    0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
+    0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
+    0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
+    0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
+    0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
+    0xba, 0x63, 0x7b, 0x39
+};
+/* clang-format on */
+
+/* clang-format off */
+static const uint8_t srtp_aes_gcm_test_case_1_aad[20] = {
+    0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+    0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+    0xab, 0xad, 0xda, 0xd2
+};
+/* clang-format on */
+
+/* clang-format off */
+static const uint8_t srtp_aes_gcm_test_case_1_ciphertext[76] = {
+    0x0b, 0x11, 0xcf, 0xaf, 0x68, 0x4d, 0xae, 0x46,
+    0xc7, 0x90, 0xb8, 0x8e, 0xb7, 0x6a, 0x76, 0x2a,
+    0x94, 0x82, 0xca, 0xab, 0x3e, 0x39, 0xd7, 0x86,
+    0x1b, 0xc7, 0x93, 0xed, 0x75, 0x7f, 0x23, 0x5a,
+    0xda, 0xfd, 0xd3, 0xe2, 0x0e, 0x80, 0x87, 0xa9,
+    0x6d, 0xd7, 0xe2, 0x6a, 0x7d, 0x5f, 0xb4, 0x80,
+    0xef, 0xef, 0xc5, 0x29, 0x12, 0xd1, 0xaa, 0x10,
+    0x09, 0xc9, 0x86, 0xc1,
+    /* the last 16 bytes are the tag */
+    0x45, 0xbc, 0x03, 0xe6, 0xe1, 0xac, 0x0a, 0x9f,
+    0x81, 0xcb, 0x8e, 0x5b, 0x46, 0x65, 0x63, 0x1d,
+};
+/* clang-format on */
+
+static const srtp_cipher_test_case_t srtp_aes_gcm_test_case_1a = {
+    SRTP_AES_GCM_256_KEY_LEN_WSALT,      /* octets in key            */
+    srtp_aes_gcm_test_case_1_key,        /* key                      */
+    srtp_aes_gcm_test_case_1_iv,         /* packet index             */
+    60,                                  /* octets in plaintext      */
+    srtp_aes_gcm_test_case_1_plaintext,  /* plaintext                */
+    68,                                  /* octets in ciphertext     */
+    srtp_aes_gcm_test_case_1_ciphertext, /* ciphertext  + tag        */
+    20,                                  /* octets in AAD            */
+    srtp_aes_gcm_test_case_1_aad,        /* AAD                      */
+    GCM_AUTH_TAG_LEN_8,                  /* */
+    NULL                                 /* pointer to next testcase */
+};
+
+static const srtp_cipher_test_case_t srtp_aes_gcm_test_case_1 = {
+    SRTP_AES_GCM_256_KEY_LEN_WSALT,      /* octets in key            */
+    srtp_aes_gcm_test_case_1_key,        /* key                      */
+    srtp_aes_gcm_test_case_1_iv,         /* packet index             */
+    60,                                  /* octets in plaintext      */
+    srtp_aes_gcm_test_case_1_plaintext,  /* plaintext                */
+    76,                                  /* octets in ciphertext     */
+    srtp_aes_gcm_test_case_1_ciphertext, /* ciphertext  + tag        */
+    20,                                  /* octets in AAD            */
+    srtp_aes_gcm_test_case_1_aad,        /* AAD                      */
+    GCM_AUTH_TAG_LEN,                    /* */
+    &srtp_aes_gcm_test_case_1a           /* pointer to next testcase */
+};
+
+/*
+ * This is the vector function table for this crypto engine.
+ */
+/* clang-format off */
+const srtp_cipher_type_t srtp_aes_gcm_128 = {
+    srtp_aes_gcm_nss_alloc,
+    srtp_aes_gcm_nss_dealloc,
+    srtp_aes_gcm_nss_context_init,
+    srtp_aes_gcm_nss_set_aad,
+    srtp_aes_gcm_nss_encrypt,
+    srtp_aes_gcm_nss_decrypt,
+    srtp_aes_gcm_nss_set_iv,
+    srtp_aes_gcm_nss_get_tag,
+    srtp_aes_gcm_128_nss_description,
+    &srtp_aes_gcm_test_case_0,
+    SRTP_AES_GCM_128
+};
+/* clang-format on */
+
+/*
+ * This is the vector function table for this crypto engine.
+ */
+/* clang-format off */
+const srtp_cipher_type_t srtp_aes_gcm_256 = {
+    srtp_aes_gcm_nss_alloc,
+    srtp_aes_gcm_nss_dealloc,
+    srtp_aes_gcm_nss_context_init,
+    srtp_aes_gcm_nss_set_aad,
+    srtp_aes_gcm_nss_encrypt,
+    srtp_aes_gcm_nss_decrypt,
+    srtp_aes_gcm_nss_set_iv,
+    srtp_aes_gcm_nss_get_tag,
+    srtp_aes_gcm_256_nss_description,
+    &srtp_aes_gcm_test_case_1,
+    SRTP_AES_GCM_256
+};
+/* clang-format on */
diff --git a/trunk/3rdparty/libsrtp-2-fit/crypto/cipher/aes_gcm_ossl.c b/trunk/3rdparty/libsrtp-2-fit/crypto/cipher/aes_gcm_ossl.c
new file mode 100644
index 000000000..90d5e3b4e
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/crypto/cipher/aes_gcm_ossl.c
@@ -0,0 +1,583 @@
+/*
+ * aes_gcm_ossl.c
+ *
+ * AES Galois Counter Mode
+ *
+ * John A. Foley
+ * Cisco Systems, Inc.
+ *
+ */
+
+/*
+ *
+ * Copyright (c) 2013-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <openssl/evp.h>
+#include "aes_gcm.h"
+#include "alloc.h"
+#include "err.h" /* for srtp_debug */
+#include "crypto_types.h"
+#include "cipher_types.h"
+
+srtp_debug_module_t srtp_mod_aes_gcm = {
+    0,        /* debugging is off by default */
+    "aes gcm" /* printable module name       */
+};
+
+/*
+ * For now we only support 8 and 16 octet tags.  The spec allows for
+ * optional 12 byte tag, which may be supported in the future.
+ */
+#define GCM_AUTH_TAG_LEN 16
+#define GCM_AUTH_TAG_LEN_8 8
+
+/*
+ * This function allocates a new instance of this crypto engine.
+ * The key_len parameter should be one of 28 or 44 for
+ * AES-128-GCM or AES-256-GCM respectively.  Note that the
+ * key length includes the 14 byte salt value that is used when
+ * initializing the KDF.
+ */
+static srtp_err_status_t srtp_aes_gcm_openssl_alloc(srtp_cipher_t **c,
+                                                    int key_len,
+                                                    int tlen)
+{
+    srtp_aes_gcm_ctx_t *gcm;
+
+    debug_print(srtp_mod_aes_gcm, "allocating cipher with key length %d",
+                key_len);
+    debug_print(srtp_mod_aes_gcm, "allocating cipher with tag length %d", tlen);
+
+    /*
+     * Verify the key_len is valid for one of: AES-128/256
+     */
+    if (key_len != SRTP_AES_GCM_128_KEY_LEN_WSALT &&
+        key_len != SRTP_AES_GCM_256_KEY_LEN_WSALT) {
+        return (srtp_err_status_bad_param);
+    }
+
+    if (tlen != GCM_AUTH_TAG_LEN && tlen != GCM_AUTH_TAG_LEN_8) {
+        return (srtp_err_status_bad_param);
+    }
+
+    /* allocate memory a cipher of type aes_gcm */
+    *c = (srtp_cipher_t *)srtp_crypto_alloc(sizeof(srtp_cipher_t));
+    if (*c == NULL) {
+        return (srtp_err_status_alloc_fail);
+    }
+
+    gcm = (srtp_aes_gcm_ctx_t *)srtp_crypto_alloc(sizeof(srtp_aes_gcm_ctx_t));
+    if (gcm == NULL) {
+        srtp_crypto_free(*c);
+        *c = NULL;
+        return (srtp_err_status_alloc_fail);
+    }
+
+    gcm->ctx = EVP_CIPHER_CTX_new();
+    if (gcm->ctx == NULL) {
+        srtp_crypto_free(gcm);
+        srtp_crypto_free(*c);
+        *c = NULL;
+        return srtp_err_status_alloc_fail;
+    }
+
+    /* set pointers */
+    (*c)->state = gcm;
+
+    /* setup cipher attributes */
+    switch (key_len) {
+    case SRTP_AES_GCM_128_KEY_LEN_WSALT:
+        (*c)->type = &srtp_aes_gcm_128;
+        (*c)->algorithm = SRTP_AES_GCM_128;
+        gcm->key_size = SRTP_AES_128_KEY_LEN;
+        gcm->tag_len = tlen;
+        break;
+    case SRTP_AES_GCM_256_KEY_LEN_WSALT:
+        (*c)->type = &srtp_aes_gcm_256;
+        (*c)->algorithm = SRTP_AES_GCM_256;
+        gcm->key_size = SRTP_AES_256_KEY_LEN;
+        gcm->tag_len = tlen;
+        break;
+    }
+
+    /* set key size        */
+    (*c)->key_len = key_len;
+
+    return (srtp_err_status_ok);
+}
+
+/*
+ * This function deallocates a GCM session
+ */
+static srtp_err_status_t srtp_aes_gcm_openssl_dealloc(srtp_cipher_t *c)
+{
+    srtp_aes_gcm_ctx_t *ctx;
+
+    ctx = (srtp_aes_gcm_ctx_t *)c->state;
+    if (ctx) {
+        EVP_CIPHER_CTX_free(ctx->ctx);
+        /* zeroize the key material */
+        octet_string_set_to_zero(ctx, sizeof(srtp_aes_gcm_ctx_t));
+        srtp_crypto_free(ctx);
+    }
+
+    /* free memory */
+    srtp_crypto_free(c);
+
+    return (srtp_err_status_ok);
+}
+
+/*
+ * aes_gcm_openssl_context_init(...) initializes the aes_gcm_context
+ * using the value in key[].
+ *
+ * the key is the secret key
+ */
+static srtp_err_status_t srtp_aes_gcm_openssl_context_init(void *cv,
+                                                           const uint8_t *key)
+{
+    srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv;
+    const EVP_CIPHER *evp;
+
+    c->dir = srtp_direction_any;
+
+    debug_print(srtp_mod_aes_gcm, "key:  %s",
+                srtp_octet_string_hex_string(key, c->key_size));
+
+    switch (c->key_size) {
+    case SRTP_AES_256_KEY_LEN:
+        evp = EVP_aes_256_gcm();
+        break;
+    case SRTP_AES_128_KEY_LEN:
+        evp = EVP_aes_128_gcm();
+        break;
+    default:
+        return (srtp_err_status_bad_param);
+        break;
+    }
+
+    EVP_CIPHER_CTX_cleanup(c->ctx);
+    if (!EVP_CipherInit_ex(c->ctx, evp, NULL, key, NULL, 0)) {
+        return (srtp_err_status_init_fail);
+    }
+
+    return (srtp_err_status_ok);
+}
+
+/*
+ * aes_gcm_openssl_set_iv(c, iv) sets the counter value to the exor of iv with
+ * the offset
+ */
+static srtp_err_status_t srtp_aes_gcm_openssl_set_iv(
+    void *cv,
+    uint8_t *iv,
+    srtp_cipher_direction_t direction)
+{
+    srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv;
+
+    if (direction != srtp_direction_encrypt &&
+        direction != srtp_direction_decrypt) {
+        return (srtp_err_status_bad_param);
+    }
+    c->dir = direction;
+
+    debug_print(srtp_mod_aes_gcm, "setting iv: %s",
+                srtp_octet_string_hex_string(iv, 12));
+
+    if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0)) {
+        return (srtp_err_status_init_fail);
+    }
+
+    if (!EVP_CipherInit_ex(c->ctx, NULL, NULL, NULL, iv,
+                           (c->dir == srtp_direction_encrypt ? 1 : 0))) {
+        return (srtp_err_status_init_fail);
+    }
+
+    return (srtp_err_status_ok);
+}
+
+/*
+ * This function processes the AAD
+ *
+ * Parameters:
+ *	c	Crypto context
+ *	aad	Additional data to process for AEAD cipher suites
+ *	aad_len	length of aad buffer
+ */
+static srtp_err_status_t srtp_aes_gcm_openssl_set_aad(void *cv,
+                                                      const uint8_t *aad,
+                                                      uint32_t aad_len)
+{
+    srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv;
+    int rv;
+
+    debug_print(srtp_mod_aes_gcm, "setting AAD: %s",
+                srtp_octet_string_hex_string(aad, aad_len));
+
+    /*
+     * Set dummy tag, OpenSSL requires the Tag to be set before
+     * processing AAD
+     */
+
+    /*
+     * OpenSSL never write to address pointed by the last parameter of
+     * EVP_CIPHER_CTX_ctrl while EVP_CTRL_GCM_SET_TAG (in reality,
+     * OpenSSL copy its content to the context), so we can make
+     * aad read-only in this function and all its wrappers.
+     */
+    unsigned char dummy_tag[GCM_AUTH_TAG_LEN];
+    memset(dummy_tag, 0x0, GCM_AUTH_TAG_LEN);
+    EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, &dummy_tag);
+
+    rv = EVP_Cipher(c->ctx, NULL, aad, aad_len);
+    if (rv != aad_len) {
+        return (srtp_err_status_algo_fail);
+    } else {
+        return (srtp_err_status_ok);
+    }
+}
+
+/*
+ * This function encrypts a buffer using AES GCM mode
+ *
+ * Parameters:
+ *	c	Crypto context
+ *	buf	data to encrypt
+ *	enc_len	length of encrypt buffer
+ */
+static srtp_err_status_t srtp_aes_gcm_openssl_encrypt(void *cv,
+                                                      unsigned char *buf,
+                                                      unsigned int *enc_len)
+{
+    srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv;
+    if (c->dir != srtp_direction_encrypt && c->dir != srtp_direction_decrypt) {
+        return (srtp_err_status_bad_param);
+    }
+
+    /*
+     * Encrypt the data
+     */
+    EVP_Cipher(c->ctx, buf, buf, *enc_len);
+
+    return (srtp_err_status_ok);
+}
+
+/*
+ * This function calculates and returns the GCM tag for a given context.
+ * This should be called after encrypting the data.  The *len value
+ * is increased by the tag size.  The caller must ensure that *buf has
+ * enough room to accept the appended tag.
+ *
+ * Parameters:
+ *	c	Crypto context
+ *	buf	data to encrypt
+ *	len	length of encrypt buffer
+ */
+static srtp_err_status_t srtp_aes_gcm_openssl_get_tag(void *cv,
+                                                      uint8_t *buf,
+                                                      uint32_t *len)
+{
+    srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv;
+    /*
+     * Calculate the tag
+     */
+    EVP_Cipher(c->ctx, NULL, NULL, 0);
+
+    /*
+     * Retreive the tag
+     */
+    EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_GET_TAG, c->tag_len, buf);
+
+    /*
+     * Increase encryption length by desired tag size
+     */
+    *len = c->tag_len;
+
+    return (srtp_err_status_ok);
+}
+
+/*
+ * This function decrypts a buffer using AES GCM mode
+ *
+ * Parameters:
+ *	c	Crypto context
+ *	buf	data to encrypt
+ *	enc_len	length of encrypt buffer
+ */
+static srtp_err_status_t srtp_aes_gcm_openssl_decrypt(void *cv,
+                                                      unsigned char *buf,
+                                                      unsigned int *enc_len)
+{
+    srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv;
+    if (c->dir != srtp_direction_encrypt && c->dir != srtp_direction_decrypt) {
+        return (srtp_err_status_bad_param);
+    }
+
+    /*
+     * Set the tag before decrypting
+     */
+    EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len,
+                        buf + (*enc_len - c->tag_len));
+    EVP_Cipher(c->ctx, buf, buf, *enc_len - c->tag_len);
+
+    /*
+     * Check the tag
+     */
+    if (EVP_Cipher(c->ctx, NULL, NULL, 0)) {
+        return (srtp_err_status_auth_fail);
+    }
+
+    /*
+     * Reduce the buffer size by the tag length since the tag
+     * is not part of the original payload
+     */
+    *enc_len -= c->tag_len;
+
+    return (srtp_err_status_ok);
+}
+
+/*
+ * Name of this crypto engine
+ */
+static const char srtp_aes_gcm_128_openssl_description[] =
+    "AES-128 GCM using openssl";
+static const char srtp_aes_gcm_256_openssl_description[] =
+    "AES-256 GCM using openssl";
+
+/*
+ * KAT values for AES self-test.  These
+ * values we're derived from independent test code
+ * using OpenSSL.
+ */
+/* clang-format off */
+static const uint8_t srtp_aes_gcm_test_case_0_key[SRTP_AES_GCM_128_KEY_LEN_WSALT] = {
+    0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
+    0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
+    0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+    0x09, 0x0a, 0x0b, 0x0c,
+};
+/* clang-format on */
+
+/* clang-format off */
+static uint8_t srtp_aes_gcm_test_case_0_iv[12] = {
+    0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
+    0xde, 0xca, 0xf8, 0x88
+};
+/* clang-format on */
+
+/* clang-format off */
+static const uint8_t srtp_aes_gcm_test_case_0_plaintext[60] =  {
+    0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
+    0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
+    0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
+    0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
+    0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
+    0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
+    0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
+    0xba, 0x63, 0x7b, 0x39
+};
+
+/* clang-format off */
+static const uint8_t srtp_aes_gcm_test_case_0_aad[20] = {
+    0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+    0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+    0xab, 0xad, 0xda, 0xd2
+};
+/* clang-format on */
+
+/* clang-format off */
+static const uint8_t srtp_aes_gcm_test_case_0_ciphertext[76] = {
+    0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
+    0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
+    0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
+    0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
+    0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
+    0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
+    0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
+    0x3d, 0x58, 0xe0, 0x91,
+    /* the last 16 bytes are the tag */
+    0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb,
+    0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47,
+};
+/* clang-format on */
+
+static const srtp_cipher_test_case_t srtp_aes_gcm_test_case_0a = {
+    SRTP_AES_GCM_128_KEY_LEN_WSALT,      /* octets in key            */
+    srtp_aes_gcm_test_case_0_key,        /* key                      */
+    srtp_aes_gcm_test_case_0_iv,         /* packet index             */
+    60,                                  /* octets in plaintext      */
+    srtp_aes_gcm_test_case_0_plaintext,  /* plaintext                */
+    68,                                  /* octets in ciphertext     */
+    srtp_aes_gcm_test_case_0_ciphertext, /* ciphertext  + tag        */
+    20,                                  /* octets in AAD            */
+    srtp_aes_gcm_test_case_0_aad,        /* AAD                      */
+    GCM_AUTH_TAG_LEN_8,                  /* */
+    NULL                                 /* pointer to next testcase */
+};
+
+static const srtp_cipher_test_case_t srtp_aes_gcm_test_case_0 = {
+    SRTP_AES_GCM_128_KEY_LEN_WSALT,      /* octets in key            */
+    srtp_aes_gcm_test_case_0_key,        /* key                      */
+    srtp_aes_gcm_test_case_0_iv,         /* packet index             */
+    60,                                  /* octets in plaintext      */
+    srtp_aes_gcm_test_case_0_plaintext,  /* plaintext                */
+    76,                                  /* octets in ciphertext     */
+    srtp_aes_gcm_test_case_0_ciphertext, /* ciphertext  + tag        */
+    20,                                  /* octets in AAD            */
+    srtp_aes_gcm_test_case_0_aad,        /* AAD                      */
+    GCM_AUTH_TAG_LEN,                    /* */
+    &srtp_aes_gcm_test_case_0a           /* pointer to next testcase */
+};
+
+/* clang-format off */
+static const uint8_t srtp_aes_gcm_test_case_1_key[SRTP_AES_GCM_256_KEY_LEN_WSALT] = {
+    0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
+    0xa5, 0x59, 0x09, 0xc5, 0x54, 0x66, 0x93, 0x1c,
+    0xaf, 0xf5, 0x26, 0x9a, 0x21, 0xd5, 0x14, 0xb2,
+    0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
+    0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+    0x09, 0x0a, 0x0b, 0x0c,
+};
+/* clang-format on */
+
+/* clang-format off */
+static uint8_t srtp_aes_gcm_test_case_1_iv[12] = {
+    0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
+    0xde, 0xca, 0xf8, 0x88
+};
+/* clang-format on */
+
+/* clang-format off */
+static const uint8_t srtp_aes_gcm_test_case_1_plaintext[60] =  {
+    0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
+    0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
+    0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
+    0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
+    0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
+    0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
+    0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
+    0xba, 0x63, 0x7b, 0x39
+};
+/* clang-format on */
+
+/* clang-format off */
+static const uint8_t srtp_aes_gcm_test_case_1_aad[20] = {
+    0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+    0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+    0xab, 0xad, 0xda, 0xd2
+};
+/* clang-format on */
+
+/* clang-format off */
+static const uint8_t srtp_aes_gcm_test_case_1_ciphertext[76] = {
+    0x0b, 0x11, 0xcf, 0xaf, 0x68, 0x4d, 0xae, 0x46,
+    0xc7, 0x90, 0xb8, 0x8e, 0xb7, 0x6a, 0x76, 0x2a,
+    0x94, 0x82, 0xca, 0xab, 0x3e, 0x39, 0xd7, 0x86,
+    0x1b, 0xc7, 0x93, 0xed, 0x75, 0x7f, 0x23, 0x5a,
+    0xda, 0xfd, 0xd3, 0xe2, 0x0e, 0x80, 0x87, 0xa9,
+    0x6d, 0xd7, 0xe2, 0x6a, 0x7d, 0x5f, 0xb4, 0x80,
+    0xef, 0xef, 0xc5, 0x29, 0x12, 0xd1, 0xaa, 0x10,
+    0x09, 0xc9, 0x86, 0xc1,
+    /* the last 16 bytes are the tag */
+    0x45, 0xbc, 0x03, 0xe6, 0xe1, 0xac, 0x0a, 0x9f,
+    0x81, 0xcb, 0x8e, 0x5b, 0x46, 0x65, 0x63, 0x1d,
+};
+/* clang-format on */
+
+static const srtp_cipher_test_case_t srtp_aes_gcm_test_case_1a = {
+    SRTP_AES_GCM_256_KEY_LEN_WSALT,      /* octets in key            */
+    srtp_aes_gcm_test_case_1_key,        /* key                      */
+    srtp_aes_gcm_test_case_1_iv,         /* packet index             */
+    60,                                  /* octets in plaintext      */
+    srtp_aes_gcm_test_case_1_plaintext,  /* plaintext                */
+    68,                                  /* octets in ciphertext     */
+    srtp_aes_gcm_test_case_1_ciphertext, /* ciphertext  + tag        */
+    20,                                  /* octets in AAD            */
+    srtp_aes_gcm_test_case_1_aad,        /* AAD                      */
+    GCM_AUTH_TAG_LEN_8,                  /* */
+    NULL                                 /* pointer to next testcase */
+};
+
+static const srtp_cipher_test_case_t srtp_aes_gcm_test_case_1 = {
+    SRTP_AES_GCM_256_KEY_LEN_WSALT,      /* octets in key            */
+    srtp_aes_gcm_test_case_1_key,        /* key                      */
+    srtp_aes_gcm_test_case_1_iv,         /* packet index             */
+    60,                                  /* octets in plaintext      */
+    srtp_aes_gcm_test_case_1_plaintext,  /* plaintext                */
+    76,                                  /* octets in ciphertext     */
+    srtp_aes_gcm_test_case_1_ciphertext, /* ciphertext  + tag        */
+    20,                                  /* octets in AAD            */
+    srtp_aes_gcm_test_case_1_aad,        /* AAD                      */
+    GCM_AUTH_TAG_LEN,                    /* */
+    &srtp_aes_gcm_test_case_1a           /* pointer to next testcase */
+};
+
+/*
+ * This is the vector function table for this crypto engine.
+ */
+const srtp_cipher_type_t srtp_aes_gcm_128 = {
+    srtp_aes_gcm_openssl_alloc,
+    srtp_aes_gcm_openssl_dealloc,
+    srtp_aes_gcm_openssl_context_init,
+    srtp_aes_gcm_openssl_set_aad,
+    srtp_aes_gcm_openssl_encrypt,
+    srtp_aes_gcm_openssl_decrypt,
+    srtp_aes_gcm_openssl_set_iv,
+    srtp_aes_gcm_openssl_get_tag,
+    srtp_aes_gcm_128_openssl_description,
+    &srtp_aes_gcm_test_case_0,
+    SRTP_AES_GCM_128
+};
+
+/*
+ * This is the vector function table for this crypto engine.
+ */
+const srtp_cipher_type_t srtp_aes_gcm_256 = {
+    srtp_aes_gcm_openssl_alloc,
+    srtp_aes_gcm_openssl_dealloc,
+    srtp_aes_gcm_openssl_context_init,
+    srtp_aes_gcm_openssl_set_aad,
+    srtp_aes_gcm_openssl_encrypt,
+    srtp_aes_gcm_openssl_decrypt,
+    srtp_aes_gcm_openssl_set_iv,
+    srtp_aes_gcm_openssl_get_tag,
+    srtp_aes_gcm_256_openssl_description,
+    &srtp_aes_gcm_test_case_1,
+    SRTP_AES_GCM_256
+};
diff --git a/trunk/3rdparty/libsrtp-2-fit/crypto/cipher/aes_icm.c b/trunk/3rdparty/libsrtp-2-fit/crypto/cipher/aes_icm.c
new file mode 100644
index 000000000..7551c7514
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/crypto/cipher/aes_icm.c
@@ -0,0 +1,530 @@
+/*
+ * aes_icm.c
+ *
+ * AES Integer Counter Mode
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ */
+
+/*
+ *
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#define ALIGN_32 0
+
+#include "aes_icm.h"
+#include "alloc.h"
+#include "cipher_types.h"
+
+srtp_debug_module_t srtp_mod_aes_icm = {
+    0,        /* debugging is off by default */
+    "aes icm" /* printable module name       */
+};
+
+/*
+ * integer counter mode works as follows:
+ *
+ * 16 bits
+ * <----->
+ * +------+------+------+------+------+------+------+------+
+ * |           nonce           |    pakcet index    |  ctr |---+
+ * +------+------+------+------+------+------+------+------+   |
+ *                                                             |
+ * +------+------+------+------+------+------+------+------+   v
+ * |                      salt                      |000000|->(+)
+ * +------+------+------+------+------+------+------+------+   |
+ *                                                             |
+ *                                                        +---------+
+ *							  | encrypt |
+ *							  +---------+
+ *							       |
+ * +------+------+------+------+------+------+------+------+   |
+ * |                    keystream block                    |<--+
+ * +------+------+------+------+------+------+------+------+
+ *
+ * All fields are big-endian
+ *
+ * ctr is the block counter, which increments from zero for
+ * each packet (16 bits wide)
+ *
+ * packet index is distinct for each packet (48 bits wide)
+ *
+ * nonce can be distinct across many uses of the same key, or
+ * can be a fixed value per key, or can be per-packet randomness
+ * (64 bits)
+ *
+ */
+
+static srtp_err_status_t srtp_aes_icm_alloc(srtp_cipher_t **c,
+                                            int key_len,
+                                            int tlen)
+{
+    srtp_aes_icm_ctx_t *icm;
+
+    debug_print(srtp_mod_aes_icm, "allocating cipher with key length %d",
+                key_len);
+
+    /*
+     * The check for key_len = 30/46 does not apply. Our usage
+     * of aes functions with key_len = values other than 30
+     * has not broken anything. Don't know what would be the
+     * effect of skipping this check for srtp in general.
+     */
+    if (key_len != SRTP_AES_ICM_128_KEY_LEN_WSALT &&
+        key_len != SRTP_AES_ICM_256_KEY_LEN_WSALT) {
+        return srtp_err_status_bad_param;
+    }
+
+    /* allocate memory a cipher of type aes_icm */
+    *c = (srtp_cipher_t *)srtp_crypto_alloc(sizeof(srtp_cipher_t));
+    if (*c == NULL) {
+        return srtp_err_status_alloc_fail;
+    }
+
+    icm = (srtp_aes_icm_ctx_t *)srtp_crypto_alloc(sizeof(srtp_aes_icm_ctx_t));
+    if (icm == NULL) {
+        srtp_crypto_free(*c);
+        *c = NULL;
+        return srtp_err_status_alloc_fail;
+    }
+
+    /* set pointers */
+    (*c)->state = icm;
+
+    switch (key_len) {
+    case SRTP_AES_ICM_256_KEY_LEN_WSALT:
+        (*c)->algorithm = SRTP_AES_ICM_256;
+        (*c)->type = &srtp_aes_icm_256;
+        break;
+    default:
+        (*c)->algorithm = SRTP_AES_ICM_128;
+        (*c)->type = &srtp_aes_icm_128;
+        break;
+    }
+
+    /* set key size        */
+    icm->key_size = key_len;
+    (*c)->key_len = key_len;
+
+    return srtp_err_status_ok;
+}
+
+static srtp_err_status_t srtp_aes_icm_dealloc(srtp_cipher_t *c)
+{
+    srtp_aes_icm_ctx_t *ctx;
+
+    if (c == NULL) {
+        return srtp_err_status_bad_param;
+    }
+
+    ctx = (srtp_aes_icm_ctx_t *)c->state;
+    if (ctx) {
+        /* zeroize the key material */
+        octet_string_set_to_zero(ctx, sizeof(srtp_aes_icm_ctx_t));
+        srtp_crypto_free(ctx);
+    }
+
+    /* free the cipher context */
+    srtp_crypto_free(c);
+
+    return srtp_err_status_ok;
+}
+
+/*
+ * aes_icm_context_init(...) initializes the aes_icm_context
+ * using the value in key[].
+ *
+ * the key is the secret key
+ *
+ * the salt is unpredictable (but not necessarily secret) data which
+ * randomizes the starting point in the keystream
+ */
+
+static srtp_err_status_t srtp_aes_icm_context_init(void *cv, const uint8_t *key)
+{
+    srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv;
+    srtp_err_status_t status;
+    int base_key_len, copy_len;
+
+    if (c->key_size == SRTP_AES_ICM_128_KEY_LEN_WSALT ||
+        c->key_size == SRTP_AES_ICM_256_KEY_LEN_WSALT) {
+        base_key_len = c->key_size - SRTP_SALT_LEN;
+    } else {
+        return srtp_err_status_bad_param;
+    }
+
+    /*
+     * set counter and initial values to 'offset' value, being careful not to
+     * go past the end of the key buffer
+     */
+    v128_set_to_zero(&c->counter);
+    v128_set_to_zero(&c->offset);
+
+    copy_len = c->key_size - base_key_len;
+    /* force last two octets of the offset to be left zero (for srtp
+     * compatibility) */
+    if (copy_len > SRTP_SALT_LEN) {
+        copy_len = SRTP_SALT_LEN;
+    }
+
+    memcpy(&c->counter, key + base_key_len, copy_len);
+    memcpy(&c->offset, key + base_key_len, copy_len);
+
+    debug_print(srtp_mod_aes_icm, "key:  %s",
+                srtp_octet_string_hex_string(key, base_key_len));
+    debug_print(srtp_mod_aes_icm, "offset: %s", v128_hex_string(&c->offset));
+
+    /* expand key */
+    status =
+        srtp_aes_expand_encryption_key(key, base_key_len, &c->expanded_key);
+    if (status) {
+        v128_set_to_zero(&c->counter);
+        v128_set_to_zero(&c->offset);
+        return status;
+    }
+
+    /* indicate that the keystream_buffer is empty */
+    c->bytes_in_buffer = 0;
+
+    return srtp_err_status_ok;
+}
+
+/*
+ * aes_icm_set_iv(c, iv) sets the counter value to the exor of iv with
+ * the offset
+ */
+
+static srtp_err_status_t srtp_aes_icm_set_iv(void *cv,
+                                             uint8_t *iv,
+                                             srtp_cipher_direction_t direction)
+{
+    srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv;
+    v128_t nonce;
+
+    /* set nonce (for alignment) */
+    v128_copy_octet_string(&nonce, iv);
+
+    debug_print(srtp_mod_aes_icm, "setting iv: %s", v128_hex_string(&nonce));
+
+    v128_xor(&c->counter, &c->offset, &nonce);
+
+    debug_print(srtp_mod_aes_icm, "set_counter: %s",
+                v128_hex_string(&c->counter));
+
+    /* indicate that the keystream_buffer is empty */
+    c->bytes_in_buffer = 0;
+
+    return srtp_err_status_ok;
+}
+
+/*
+ * aes_icm_advance(...) refills the keystream_buffer and
+ * advances the block index of the sicm_context forward by one
+ *
+ * this is an internal, hopefully inlined function
+ */
+static void srtp_aes_icm_advance(srtp_aes_icm_ctx_t *c)
+{
+    /* fill buffer with new keystream */
+    v128_copy(&c->keystream_buffer, &c->counter);
+    srtp_aes_encrypt(&c->keystream_buffer, &c->expanded_key);
+    c->bytes_in_buffer = sizeof(v128_t);
+
+    debug_print(srtp_mod_aes_icm, "counter:    %s",
+                v128_hex_string(&c->counter));
+    debug_print(srtp_mod_aes_icm, "ciphertext: %s",
+                v128_hex_string(&c->keystream_buffer));
+
+    /* clock counter forward */
+    if (!++(c->counter.v8[15])) {
+        ++(c->counter.v8[14]);
+    }
+}
+
+/*
+ * icm_encrypt deals with the following cases:
+ *
+ * bytes_to_encr < bytes_in_buffer
+ *  - add keystream into data
+ *
+ * bytes_to_encr > bytes_in_buffer
+ *  - add keystream into data until keystream_buffer is depleted
+ *  - loop over blocks, filling keystream_buffer and then
+ *    adding keystream into data
+ *  - fill buffer then add in remaining (< 16) bytes of keystream
+ */
+
+static srtp_err_status_t srtp_aes_icm_encrypt(void *cv,
+                                              unsigned char *buf,
+                                              unsigned int *enc_len)
+{
+    srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv;
+    unsigned int bytes_to_encr = *enc_len;
+    unsigned int i;
+    uint32_t *b;
+
+    /* check that there's enough segment left*/
+    if ((bytes_to_encr + htons(c->counter.v16[7])) > 0xffff) {
+        return srtp_err_status_terminus;
+    }
+
+    debug_print(srtp_mod_aes_icm, "block index: %d", htons(c->counter.v16[7]));
+    if (bytes_to_encr <= (unsigned int)c->bytes_in_buffer) {
+        /* deal with odd case of small bytes_to_encr */
+        for (i = (sizeof(v128_t) - c->bytes_in_buffer);
+             i < (sizeof(v128_t) - c->bytes_in_buffer + bytes_to_encr); i++) {
+            *buf++ ^= c->keystream_buffer.v8[i];
+        }
+
+        c->bytes_in_buffer -= bytes_to_encr;
+
+        /* return now to avoid the main loop */
+        return srtp_err_status_ok;
+
+    } else {
+        /* encrypt bytes until the remaining data is 16-byte aligned */
+        for (i = (sizeof(v128_t) - c->bytes_in_buffer); i < sizeof(v128_t);
+             i++) {
+            *buf++ ^= c->keystream_buffer.v8[i];
+        }
+
+        bytes_to_encr -= c->bytes_in_buffer;
+        c->bytes_in_buffer = 0;
+    }
+
+    /* now loop over entire 16-byte blocks of keystream */
+    for (i = 0; i < (bytes_to_encr / sizeof(v128_t)); i++) {
+        /* fill buffer with new keystream */
+        srtp_aes_icm_advance(c);
+
+/*
+ * add keystream into the data buffer (this would be a lot faster
+ * if we could assume 32-bit alignment!)
+ */
+
+#if ALIGN_32
+        b = (uint32_t *)buf;
+        *b++ ^= c->keystream_buffer.v32[0];
+        *b++ ^= c->keystream_buffer.v32[1];
+        *b++ ^= c->keystream_buffer.v32[2];
+        *b++ ^= c->keystream_buffer.v32[3];
+        buf = (uint8_t *)b;
+#else
+        if ((((uintptr_t)buf) & 0x03) != 0) {
+            *buf++ ^= c->keystream_buffer.v8[0];
+            *buf++ ^= c->keystream_buffer.v8[1];
+            *buf++ ^= c->keystream_buffer.v8[2];
+            *buf++ ^= c->keystream_buffer.v8[3];
+            *buf++ ^= c->keystream_buffer.v8[4];
+            *buf++ ^= c->keystream_buffer.v8[5];
+            *buf++ ^= c->keystream_buffer.v8[6];
+            *buf++ ^= c->keystream_buffer.v8[7];
+            *buf++ ^= c->keystream_buffer.v8[8];
+            *buf++ ^= c->keystream_buffer.v8[9];
+            *buf++ ^= c->keystream_buffer.v8[10];
+            *buf++ ^= c->keystream_buffer.v8[11];
+            *buf++ ^= c->keystream_buffer.v8[12];
+            *buf++ ^= c->keystream_buffer.v8[13];
+            *buf++ ^= c->keystream_buffer.v8[14];
+            *buf++ ^= c->keystream_buffer.v8[15];
+        } else {
+            b = (uint32_t *)buf;
+            *b++ ^= c->keystream_buffer.v32[0];
+            *b++ ^= c->keystream_buffer.v32[1];
+            *b++ ^= c->keystream_buffer.v32[2];
+            *b++ ^= c->keystream_buffer.v32[3];
+            buf = (uint8_t *)b;
+        }
+#endif /* #if ALIGN_32 */
+    }
+
+    /* if there is a tail end of the data, process it */
+    if ((bytes_to_encr & 0xf) != 0) {
+        /* fill buffer with new keystream */
+        srtp_aes_icm_advance(c);
+
+        for (i = 0; i < (bytes_to_encr & 0xf); i++) {
+            *buf++ ^= c->keystream_buffer.v8[i];
+        }
+
+        /* reset the keystream buffer size to right value */
+        c->bytes_in_buffer = sizeof(v128_t) - i;
+    } else {
+        /* no tail, so just reset the keystream buffer size to zero */
+        c->bytes_in_buffer = 0;
+    }
+
+    return srtp_err_status_ok;
+}
+
+static const char srtp_aes_icm_128_description[] =
+    "AES-128 integer counter mode";
+static const char srtp_aes_icm_256_description[] =
+    "AES-256 integer counter mode";
+
+/* clang-format off */
+static const uint8_t srtp_aes_icm_128_test_case_0_key[SRTP_AES_ICM_128_KEY_LEN_WSALT] = {
+    0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
+    0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c,
+    0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+    0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd
+};
+/* clang-format on */
+
+/* clang-format off */
+static uint8_t srtp_aes_icm_128_test_case_0_nonce[16] = {
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+/* clang-format on */
+
+/* clang-format off */
+static const uint8_t srtp_aes_icm_128_test_case_0_plaintext[32] =  {
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+};
+/* clang-format on */
+
+/* clang-format off */
+static const uint8_t srtp_aes_icm_128_test_case_0_ciphertext[32] = {
+    0xe0, 0x3e, 0xad, 0x09, 0x35, 0xc9, 0x5e, 0x80,
+    0xe1, 0x66, 0xb1, 0x6d, 0xd9, 0x2b, 0x4e, 0xb4,
+    0xd2, 0x35, 0x13, 0x16, 0x2b, 0x02, 0xd0, 0xf7,
+    0x2a, 0x43, 0xa2, 0xfe, 0x4a, 0x5f, 0x97, 0xab
+};
+/* clang-format on */
+
+static const srtp_cipher_test_case_t srtp_aes_icm_128_test_case_0 = {
+    SRTP_AES_ICM_128_KEY_LEN_WSALT,          /* octets in key            */
+    srtp_aes_icm_128_test_case_0_key,        /* key                      */
+    srtp_aes_icm_128_test_case_0_nonce,      /* packet index             */
+    32,                                      /* octets in plaintext      */
+    srtp_aes_icm_128_test_case_0_plaintext,  /* plaintext                */
+    32,                                      /* octets in ciphertext     */
+    srtp_aes_icm_128_test_case_0_ciphertext, /* ciphertext               */
+    0,                                       /* */
+    NULL,                                    /* */
+    0,                                       /* */
+    NULL                                     /* pointer to next testcase */
+};
+
+/* clang-format off */
+static const uint8_t srtp_aes_icm_256_test_case_0_key[SRTP_AES_ICM_256_KEY_LEN_WSALT] = {
+    0x57, 0xf8, 0x2f, 0xe3, 0x61, 0x3f, 0xd1, 0x70,
+    0xa8, 0x5e, 0xc9, 0x3c, 0x40, 0xb1, 0xf0, 0x92,
+    0x2e, 0xc4, 0xcb, 0x0d, 0xc0, 0x25, 0xb5, 0x82,
+    0x72, 0x14, 0x7c, 0xc4, 0x38, 0x94, 0x4a, 0x98,
+    0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+    0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd
+};
+/* clang-format on */
+
+/* clang-format off */
+static uint8_t srtp_aes_icm_256_test_case_0_nonce[16] = {
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+/* clang-format on */
+
+/* clang-format off */
+static const uint8_t srtp_aes_icm_256_test_case_0_plaintext[32] =  {
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+};
+/* clang-format on */
+
+/* clang-format off */
+static const uint8_t srtp_aes_icm_256_test_case_0_ciphertext[32] = {
+    0x92, 0xbd, 0xd2, 0x8a, 0x93, 0xc3, 0xf5, 0x25,
+    0x11, 0xc6, 0x77, 0xd0, 0x8b, 0x55, 0x15, 0xa4,
+    0x9d, 0xa7, 0x1b, 0x23, 0x78, 0xa8, 0x54, 0xf6,
+    0x70, 0x50, 0x75, 0x6d, 0xed, 0x16, 0x5b, 0xac
+};
+/* clang-format on */
+
+static const srtp_cipher_test_case_t srtp_aes_icm_256_test_case_0 = {
+    SRTP_AES_ICM_256_KEY_LEN_WSALT,          /* octets in key            */
+    srtp_aes_icm_256_test_case_0_key,        /* key                      */
+    srtp_aes_icm_256_test_case_0_nonce,      /* packet index             */
+    32,                                      /* octets in plaintext      */
+    srtp_aes_icm_256_test_case_0_plaintext,  /* plaintext                */
+    32,                                      /* octets in ciphertext     */
+    srtp_aes_icm_256_test_case_0_ciphertext, /* ciphertext               */
+    0,                                       /* */
+    NULL,                                    /* */
+    0,                                       /* */
+    NULL,                                    /* pointer to next testcase */
+};
+
+/*
+ * note: the encrypt function is identical to the decrypt function
+ */
+
+const srtp_cipher_type_t srtp_aes_icm_128 = {
+    srtp_aes_icm_alloc,            /* */
+    srtp_aes_icm_dealloc,          /* */
+    srtp_aes_icm_context_init,     /* */
+    0,                             /* set_aad */
+    srtp_aes_icm_encrypt,          /* */
+    srtp_aes_icm_encrypt,          /* */
+    srtp_aes_icm_set_iv,           /* */
+    0,                             /* get_tag */
+    srtp_aes_icm_128_description,  /* */
+    &srtp_aes_icm_128_test_case_0, /* */
+    SRTP_AES_ICM_128               /* */
+};
+
+const srtp_cipher_type_t srtp_aes_icm_256 = {
+    srtp_aes_icm_alloc,            /* */
+    srtp_aes_icm_dealloc,          /* */
+    srtp_aes_icm_context_init,     /* */
+    0,                             /* set_aad */
+    srtp_aes_icm_encrypt,          /* */
+    srtp_aes_icm_encrypt,          /* */
+    srtp_aes_icm_set_iv,           /* */
+    0,                             /* get_tag */
+    srtp_aes_icm_256_description,  /* */
+    &srtp_aes_icm_256_test_case_0, /* */
+    SRTP_AES_ICM_256               /* */
+};
diff --git a/trunk/3rdparty/libsrtp-2-fit/crypto/cipher/aes_icm_nss.c b/trunk/3rdparty/libsrtp-2-fit/crypto/cipher/aes_icm_nss.c
new file mode 100644
index 000000000..d161b8f56
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/crypto/cipher/aes_icm_nss.c
@@ -0,0 +1,562 @@
+/*
+ * aes_icm_nss.c
+ *
+ * AES Integer Counter Mode
+ *
+ * Richard L. Barnes
+ * Cisco Systems, Inc.
+ */
+
+/*
+ *
+ * Copyright (c) 2013-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include "aes_icm_ext.h"
+#include "crypto_types.h"
+#include "err.h" /* for srtp_debug */
+#include "alloc.h"
+#include "cipher_types.h"
+
+srtp_debug_module_t srtp_mod_aes_icm = {
+    0,            /* debugging is off by default */
+    "aes icm nss" /* printable module name       */
+};
+
+/*
+ * integer counter mode works as follows:
+ *
+ * 16 bits
+ * <----->
+ * +------+------+------+------+------+------+------+------+
+ * |           nonce           |    packet index    |  ctr |---+
+ * +------+------+------+------+------+------+------+------+   |
+ *                                                             |
+ * +------+------+------+------+------+------+------+------+   v
+ * |                      salt                      |000000|->(+)
+ * +------+------+------+------+------+------+------+------+   |
+ *                                                             |
+ *                                                        +---------+
+ *                                                        | encrypt |
+ *                                                        +---------+
+ *                                                             |
+ * +------+------+------+------+------+------+------+------+   |
+ * |                    keystream block                    |<--+
+ * +------+------+------+------+------+------+------+------+
+ *
+ * All fields are big-endian
+ *
+ * ctr is the block counter, which increments from zero for
+ * each packet (16 bits wide)
+ *
+ * packet index is distinct for each packet (48 bits wide)
+ *
+ * nonce can be distinct across many uses of the same key, or
+ * can be a fixed value per key, or can be per-packet randomness
+ * (64 bits)
+ *
+ */
+
+/*
+ * This function allocates a new instance of this crypto engine.
+ * The key_len parameter should be one of 30, 38, or 46 for
+ * AES-128, AES-192, and AES-256 respectively.  Note, this key_len
+ * value is inflated, as it also accounts for the 112 bit salt
+ * value.  The tlen argument is for the AEAD tag length, which
+ * isn't used in counter mode.
+ */
+static srtp_err_status_t srtp_aes_icm_nss_alloc(srtp_cipher_t **c,
+                                                int key_len,
+                                                int tlen)
+{
+    srtp_aes_icm_ctx_t *icm;
+    NSSInitContext *nss;
+
+    debug_print(srtp_mod_aes_icm, "allocating cipher with key length %d",
+                key_len);
+
+    /*
+     * Verify the key_len is valid for one of: AES-128/192/256
+     */
+    if (key_len != SRTP_AES_ICM_128_KEY_LEN_WSALT &&
+        key_len != SRTP_AES_ICM_192_KEY_LEN_WSALT &&
+        key_len != SRTP_AES_ICM_256_KEY_LEN_WSALT) {
+        return srtp_err_status_bad_param;
+    }
+
+    /* Initialize NSS equiv of NSS_NoDB_Init(NULL) */
+    nss = NSS_InitContext("", "", "", "", NULL,
+                          NSS_INIT_READONLY | NSS_INIT_NOCERTDB |
+                              NSS_INIT_NOMODDB | NSS_INIT_FORCEOPEN |
+                              NSS_INIT_OPTIMIZESPACE);
+    if (!nss) {
+        return (srtp_err_status_cipher_fail);
+    }
+
+    /* allocate memory a cipher of type aes_icm */
+    *c = (srtp_cipher_t *)srtp_crypto_alloc(sizeof(srtp_cipher_t));
+    if (*c == NULL) {
+        NSS_ShutdownContext(nss);
+        return srtp_err_status_alloc_fail;
+    }
+
+    icm = (srtp_aes_icm_ctx_t *)srtp_crypto_alloc(sizeof(srtp_aes_icm_ctx_t));
+    if (icm == NULL) {
+        NSS_ShutdownContext(nss);
+        srtp_crypto_free(*c);
+        *c = NULL;
+        return srtp_err_status_alloc_fail;
+    }
+
+    icm->key = NULL;
+    icm->ctx = NULL;
+    icm->nss = nss;
+
+    /* set pointers */
+    (*c)->state = icm;
+
+    /* setup cipher parameters */
+    switch (key_len) {
+    case SRTP_AES_ICM_128_KEY_LEN_WSALT:
+        (*c)->algorithm = SRTP_AES_ICM_128;
+        (*c)->type = &srtp_aes_icm_128;
+        icm->key_size = SRTP_AES_128_KEY_LEN;
+        break;
+    case SRTP_AES_ICM_192_KEY_LEN_WSALT:
+        (*c)->algorithm = SRTP_AES_ICM_192;
+        (*c)->type = &srtp_aes_icm_192;
+        icm->key_size = SRTP_AES_192_KEY_LEN;
+        break;
+    case SRTP_AES_ICM_256_KEY_LEN_WSALT:
+        (*c)->algorithm = SRTP_AES_ICM_256;
+        (*c)->type = &srtp_aes_icm_256;
+        icm->key_size = SRTP_AES_256_KEY_LEN;
+        break;
+    }
+
+    /* set key size        */
+    (*c)->key_len = key_len;
+
+    return srtp_err_status_ok;
+}
+
+/*
+ * This function deallocates an instance of this engine
+ */
+static srtp_err_status_t srtp_aes_icm_nss_dealloc(srtp_cipher_t *c)
+{
+    srtp_aes_icm_ctx_t *ctx;
+
+    ctx = (srtp_aes_icm_ctx_t *)c->state;
+    if (ctx) {
+        /* free any PK11 values that have been created */
+        if (ctx->key) {
+            PK11_FreeSymKey(ctx->key);
+            ctx->key = NULL;
+        }
+
+        if (ctx->ctx) {
+            PK11_DestroyContext(ctx->ctx, PR_TRUE);
+            ctx->ctx = NULL;
+        }
+
+        if (ctx->nss) {
+            NSS_ShutdownContext(ctx->nss);
+            ctx->nss = NULL;
+        }
+
+        /* zeroize everything */
+        octet_string_set_to_zero(ctx, sizeof(srtp_aes_icm_ctx_t));
+        srtp_crypto_free(ctx);
+    }
+
+    /* free memory */
+    srtp_crypto_free(c);
+
+    return (srtp_err_status_ok);
+}
+
+/*
+ * aes_icm_nss_context_init(...) initializes the aes_icm_context
+ * using the value in key[].
+ *
+ * the key is the secret key
+ *
+ * the salt is unpredictable (but not necessarily secret) data which
+ * randomizes the starting point in the keystream
+ */
+static srtp_err_status_t srtp_aes_icm_nss_context_init(void *cv,
+                                                       const uint8_t *key)
+{
+    srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv;
+
+    /*
+     * set counter and initial values to 'offset' value, being careful not to
+     * go past the end of the key buffer
+     */
+    v128_set_to_zero(&c->counter);
+    v128_set_to_zero(&c->offset);
+    memcpy(&c->counter, key + c->key_size, SRTP_SALT_LEN);
+    memcpy(&c->offset, key + c->key_size, SRTP_SALT_LEN);
+
+    /* force last two octets of the offset to zero (for srtp compatibility) */
+    c->offset.v8[SRTP_SALT_LEN] = c->offset.v8[SRTP_SALT_LEN + 1] = 0;
+    c->counter.v8[SRTP_SALT_LEN] = c->counter.v8[SRTP_SALT_LEN + 1] = 0;
+
+    debug_print(srtp_mod_aes_icm, "key:  %s",
+                srtp_octet_string_hex_string(key, c->key_size));
+    debug_print(srtp_mod_aes_icm, "offset: %s", v128_hex_string(&c->offset));
+
+    if (c->key) {
+        PK11_FreeSymKey(c->key);
+        c->key = NULL;
+    }
+
+    PK11SlotInfo *slot = PK11_GetBestSlot(CKM_AES_CTR, NULL);
+    if (!slot) {
+        return srtp_err_status_bad_param;
+    }
+
+    SECItem keyItem = { siBuffer, (unsigned char *)key, c->key_size };
+    c->key = PK11_ImportSymKey(slot, CKM_AES_CTR, PK11_OriginUnwrap,
+                               CKA_ENCRYPT, &keyItem, NULL);
+    PK11_FreeSlot(slot);
+
+    if (!c->key) {
+        return srtp_err_status_cipher_fail;
+    }
+
+    return (srtp_err_status_ok);
+}
+
+/*
+ * aes_icm_set_iv(c, iv) sets the counter value to the exor of iv with
+ * the offset
+ */
+static srtp_err_status_t srtp_aes_icm_nss_set_iv(void *cv,
+                                                 uint8_t *iv,
+                                                 srtp_cipher_direction_t dir)
+{
+    srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv;
+    v128_t nonce;
+
+    /* set nonce (for alignment) */
+    v128_copy_octet_string(&nonce, iv);
+
+    debug_print(srtp_mod_aes_icm, "setting iv: %s", v128_hex_string(&nonce));
+
+    v128_xor(&c->counter, &c->offset, &nonce);
+
+    debug_print(srtp_mod_aes_icm, "set_counter: %s",
+                v128_hex_string(&c->counter));
+
+    /* set up the PK11 context now that we have all the info */
+    CK_AES_CTR_PARAMS param;
+    param.ulCounterBits = 16;
+    memcpy(param.cb, &c->counter, 16);
+
+    if (!c->key) {
+        return srtp_err_status_bad_param;
+    }
+
+    if (c->ctx) {
+        PK11_DestroyContext(c->ctx, PR_TRUE);
+    }
+
+    SECItem paramItem = { siBuffer, (unsigned char *)&param,
+                          sizeof(CK_AES_CTR_PARAMS) };
+    c->ctx = PK11_CreateContextBySymKey(CKM_AES_CTR, CKA_ENCRYPT, c->key,
+                                        &paramItem);
+    if (!c->ctx) {
+        return srtp_err_status_cipher_fail;
+    }
+
+    return srtp_err_status_ok;
+}
+
+/*
+ * This function encrypts a buffer using AES CTR mode
+ *
+ * Parameters:
+ *	c	Crypto context
+ *	buf	data to encrypt
+ *	enc_len	length of encrypt buffer
+ */
+static srtp_err_status_t srtp_aes_icm_nss_encrypt(void *cv,
+                                                  unsigned char *buf,
+                                                  unsigned int *enc_len)
+{
+    srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv;
+
+    if (!c->ctx) {
+        return srtp_err_status_bad_param;
+    }
+
+    int rv =
+        PK11_CipherOp(c->ctx, buf, (int *)enc_len, *enc_len, buf, *enc_len);
+
+    srtp_err_status_t status = (srtp_err_status_ok);
+    if (rv != SECSuccess) {
+        status = (srtp_err_status_cipher_fail);
+    }
+
+    return status;
+}
+
+/*
+ * Name of this crypto engine
+ */
+static const char srtp_aes_icm_128_nss_description[] =
+    "AES-128 counter mode using NSS";
+static const char srtp_aes_icm_192_nss_description[] =
+    "AES-192 counter mode using NSS";
+static const char srtp_aes_icm_256_nss_description[] =
+    "AES-256 counter mode using NSS";
+
+/*
+ * KAT values for AES self-test.  These
+ * values came from the legacy libsrtp code.
+ */
+/* clang-format off */
+static const uint8_t srtp_aes_icm_128_test_case_0_key[SRTP_AES_ICM_128_KEY_LEN_WSALT] = {
+    0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
+    0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c,
+    0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+    0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd
+};
+/* clang-format on */
+
+/* clang-format off */
+static uint8_t srtp_aes_icm_128_test_case_0_nonce[16] = {
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+/* clang-format on */
+
+/* clang-format off */
+static const uint8_t srtp_aes_icm_128_test_case_0_plaintext[32] =  {
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+};
+/* clang-format on */
+
+/* clang-format off */
+static const uint8_t srtp_aes_icm_128_test_case_0_ciphertext[32] = {
+    0xe0, 0x3e, 0xad, 0x09, 0x35, 0xc9, 0x5e, 0x80,
+    0xe1, 0x66, 0xb1, 0x6d, 0xd9, 0x2b, 0x4e, 0xb4,
+    0xd2, 0x35, 0x13, 0x16, 0x2b, 0x02, 0xd0, 0xf7,
+    0x2a, 0x43, 0xa2, 0xfe, 0x4a, 0x5f, 0x97, 0xab
+};
+/* clang-format on */
+
+static const srtp_cipher_test_case_t srtp_aes_icm_128_test_case_0 = {
+    SRTP_AES_ICM_128_KEY_LEN_WSALT,          /* octets in key            */
+    srtp_aes_icm_128_test_case_0_key,        /* key                      */
+    srtp_aes_icm_128_test_case_0_nonce,      /* packet index             */
+    32,                                      /* octets in plaintext      */
+    srtp_aes_icm_128_test_case_0_plaintext,  /* plaintext                */
+    32,                                      /* octets in ciphertext     */
+    srtp_aes_icm_128_test_case_0_ciphertext, /* ciphertext               */
+    0,                                       /* */
+    NULL,                                    /* */
+    0,                                       /* */
+    NULL                                     /* pointer to next testcase */
+};
+
+/*
+ * KAT values for AES-192-CTR self-test.  These
+ * values came from section 7 of RFC 6188.
+ */
+/* clang-format off */
+static const uint8_t srtp_aes_icm_192_test_case_0_key[SRTP_AES_ICM_192_KEY_LEN_WSALT] = {
+    0xea, 0xb2, 0x34, 0x76, 0x4e, 0x51, 0x7b, 0x2d,
+    0x3d, 0x16, 0x0d, 0x58, 0x7d, 0x8c, 0x86, 0x21,
+    0x97, 0x40, 0xf6, 0x5f, 0x99, 0xb6, 0xbc, 0xf7,
+    0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+    0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd
+};
+/* clang-format on */
+
+/* clang-format off */
+static uint8_t srtp_aes_icm_192_test_case_0_nonce[16] = {
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+/* clang-format on */
+
+/* clang-format off */
+static const uint8_t srtp_aes_icm_192_test_case_0_plaintext[32] =  {
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+};
+/* clang-format on */
+
+/* clang-format off */
+static const uint8_t srtp_aes_icm_192_test_case_0_ciphertext[32] = {
+    0x35, 0x09, 0x6c, 0xba, 0x46, 0x10, 0x02, 0x8d,
+    0xc1, 0xb5, 0x75, 0x03, 0x80, 0x4c, 0xe3, 0x7c,
+    0x5d, 0xe9, 0x86, 0x29, 0x1d, 0xcc, 0xe1, 0x61,
+    0xd5, 0x16, 0x5e, 0xc4, 0x56, 0x8f, 0x5c, 0x9a
+};
+/* clang-format on */
+
+static const srtp_cipher_test_case_t srtp_aes_icm_192_test_case_0 = {
+    SRTP_AES_ICM_192_KEY_LEN_WSALT,          /* octets in key            */
+    srtp_aes_icm_192_test_case_0_key,        /* key                      */
+    srtp_aes_icm_192_test_case_0_nonce,      /* packet index             */
+    32,                                      /* octets in plaintext      */
+    srtp_aes_icm_192_test_case_0_plaintext,  /* plaintext                */
+    32,                                      /* octets in ciphertext     */
+    srtp_aes_icm_192_test_case_0_ciphertext, /* ciphertext               */
+    0,                                       /* */
+    NULL,                                    /* */
+    0,                                       /* */
+    NULL                                     /* pointer to next testcase */
+};
+
+/*
+ * KAT values for AES-256-CTR self-test.  These
+ * values came from section 7 of RFC 6188.
+ */
+/* clang-format off */
+static const uint8_t srtp_aes_icm_256_test_case_0_key[SRTP_AES_ICM_256_KEY_LEN_WSALT] = {
+    0x57, 0xf8, 0x2f, 0xe3, 0x61, 0x3f, 0xd1, 0x70,
+    0xa8, 0x5e, 0xc9, 0x3c, 0x40, 0xb1, 0xf0, 0x92,
+    0x2e, 0xc4, 0xcb, 0x0d, 0xc0, 0x25, 0xb5, 0x82,
+    0x72, 0x14, 0x7c, 0xc4, 0x38, 0x94, 0x4a, 0x98,
+    0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+    0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd
+};
+/* clang-format on */
+
+/* clang-format off */
+static uint8_t srtp_aes_icm_256_test_case_0_nonce[16] = {
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+/* clang-format on */
+
+/* clang-format off */
+static const uint8_t srtp_aes_icm_256_test_case_0_plaintext[32] =  {
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+};
+/* clang-format on */
+
+/* clang-format off */
+static const uint8_t srtp_aes_icm_256_test_case_0_ciphertext[32] = {
+    0x92, 0xbd, 0xd2, 0x8a, 0x93, 0xc3, 0xf5, 0x25,
+    0x11, 0xc6, 0x77, 0xd0, 0x8b, 0x55, 0x15, 0xa4,
+    0x9d, 0xa7, 0x1b, 0x23, 0x78, 0xa8, 0x54, 0xf6,
+    0x70, 0x50, 0x75, 0x6d, 0xed, 0x16, 0x5b, 0xac
+};
+/* clang-format on */
+
+static const srtp_cipher_test_case_t srtp_aes_icm_256_test_case_0 = {
+    SRTP_AES_ICM_256_KEY_LEN_WSALT,          /* octets in key            */
+    srtp_aes_icm_256_test_case_0_key,        /* key                      */
+    srtp_aes_icm_256_test_case_0_nonce,      /* packet index             */
+    32,                                      /* octets in plaintext      */
+    srtp_aes_icm_256_test_case_0_plaintext,  /* plaintext                */
+    32,                                      /* octets in ciphertext     */
+    srtp_aes_icm_256_test_case_0_ciphertext, /* ciphertext               */
+    0,                                       /* */
+    NULL,                                    /* */
+    0,                                       /* */
+    NULL                                     /* pointer to next testcase */
+};
+
+/*
+ * This is the function table for this crypto engine.
+ * note: the encrypt function is identical to the decrypt function
+ */
+const srtp_cipher_type_t srtp_aes_icm_128 = {
+    srtp_aes_icm_nss_alloc,           /* */
+    srtp_aes_icm_nss_dealloc,         /* */
+    srtp_aes_icm_nss_context_init,    /* */
+    0,                                /* set_aad */
+    srtp_aes_icm_nss_encrypt,         /* */
+    srtp_aes_icm_nss_encrypt,         /* */
+    srtp_aes_icm_nss_set_iv,          /* */
+    0,                                /* get_tag */
+    srtp_aes_icm_128_nss_description, /* */
+    &srtp_aes_icm_128_test_case_0,    /* */
+    SRTP_AES_ICM_128                  /* */
+};
+
+/*
+ * This is the function table for this crypto engine.
+ * note: the encrypt function is identical to the decrypt function
+ */
+const srtp_cipher_type_t srtp_aes_icm_192 = {
+    srtp_aes_icm_nss_alloc,           /* */
+    srtp_aes_icm_nss_dealloc,         /* */
+    srtp_aes_icm_nss_context_init,    /* */
+    0,                                /* set_aad */
+    srtp_aes_icm_nss_encrypt,         /* */
+    srtp_aes_icm_nss_encrypt,         /* */
+    srtp_aes_icm_nss_set_iv,          /* */
+    0,                                /* get_tag */
+    srtp_aes_icm_192_nss_description, /* */
+    &srtp_aes_icm_192_test_case_0,    /* */
+    SRTP_AES_ICM_192                  /* */
+};
+
+/*
+ * This is the function table for this crypto engine.
+ * note: the encrypt function is identical to the decrypt function
+ */
+const srtp_cipher_type_t srtp_aes_icm_256 = {
+    srtp_aes_icm_nss_alloc,           /* */
+    srtp_aes_icm_nss_dealloc,         /* */
+    srtp_aes_icm_nss_context_init,    /* */
+    0,                                /* set_aad */
+    srtp_aes_icm_nss_encrypt,         /* */
+    srtp_aes_icm_nss_encrypt,         /* */
+    srtp_aes_icm_nss_set_iv,          /* */
+    0,                                /* get_tag */
+    srtp_aes_icm_256_nss_description, /* */
+    &srtp_aes_icm_256_test_case_0,    /* */
+    SRTP_AES_ICM_256                  /* */
+};
diff --git a/trunk/3rdparty/libsrtp-2-fit/crypto/cipher/aes_icm_ossl.c b/trunk/3rdparty/libsrtp-2-fit/crypto/cipher/aes_icm_ossl.c
new file mode 100644
index 000000000..451cd18c0
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/crypto/cipher/aes_icm_ossl.c
@@ -0,0 +1,541 @@
+/*
+ * aes_icm_ossl.c
+ *
+ * AES Integer Counter Mode
+ *
+ * John A. Foley
+ * Cisco Systems, Inc.
+ *
+ * 2/24/2012:  This module was modified to use CiscoSSL for AES counter
+ *             mode.  Eddy Lem contributed the code to allow this.
+ *
+ * 12/20/2012: Added support for AES-192 and AES-256.
+ */
+
+/*
+ *
+ * Copyright (c) 2013-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <openssl/evp.h>
+#include "aes_icm_ext.h"
+#include "crypto_types.h"
+#include "err.h" /* for srtp_debug */
+#include "alloc.h"
+#include "cipher_types.h"
+
+srtp_debug_module_t srtp_mod_aes_icm = {
+    0,             /* debugging is off by default */
+    "aes icm ossl" /* printable module name       */
+};
+
+/*
+ * integer counter mode works as follows:
+ *
+ * 16 bits
+ * <----->
+ * +------+------+------+------+------+------+------+------+
+ * |           nonce           |    packet index    |  ctr |---+
+ * +------+------+------+------+------+------+------+------+   |
+ *                                                             |
+ * +------+------+------+------+------+------+------+------+   v
+ * |                      salt                      |000000|->(+)
+ * +------+------+------+------+------+------+------+------+   |
+ *                                                             |
+ *                                                        +---------+
+ *                                                        | encrypt |
+ *                                                        +---------+
+ *                                                             |
+ * +------+------+------+------+------+------+------+------+   |
+ * |                    keystream block                    |<--+
+ * +------+------+------+------+------+------+------+------+
+ *
+ * All fields are big-endian
+ *
+ * ctr is the block counter, which increments from zero for
+ * each packet (16 bits wide)
+ *
+ * packet index is distinct for each packet (48 bits wide)
+ *
+ * nonce can be distinct across many uses of the same key, or
+ * can be a fixed value per key, or can be per-packet randomness
+ * (64 bits)
+ *
+ */
+
+/*
+ * This function allocates a new instance of this crypto engine.
+ * The key_len parameter should be one of 30, 38, or 46 for
+ * AES-128, AES-192, and AES-256 respectively.  Note, this key_len
+ * value is inflated, as it also accounts for the 112 bit salt
+ * value.  The tlen argument is for the AEAD tag length, which
+ * isn't used in counter mode.
+ */
+static srtp_err_status_t srtp_aes_icm_openssl_alloc(srtp_cipher_t **c,
+                                                    int key_len,
+                                                    int tlen)
+{
+    srtp_aes_icm_ctx_t *icm;
+
+    debug_print(srtp_mod_aes_icm, "allocating cipher with key length %d",
+                key_len);
+
+    /*
+     * Verify the key_len is valid for one of: AES-128/192/256
+     */
+    if (key_len != SRTP_AES_ICM_128_KEY_LEN_WSALT &&
+        key_len != SRTP_AES_ICM_192_KEY_LEN_WSALT &&
+        key_len != SRTP_AES_ICM_256_KEY_LEN_WSALT) {
+        return srtp_err_status_bad_param;
+    }
+
+    /* allocate memory a cipher of type aes_icm */
+    *c = (srtp_cipher_t *)srtp_crypto_alloc(sizeof(srtp_cipher_t));
+    if (*c == NULL) {
+        return srtp_err_status_alloc_fail;
+    }
+
+    icm = (srtp_aes_icm_ctx_t *)srtp_crypto_alloc(sizeof(srtp_aes_icm_ctx_t));
+    if (icm == NULL) {
+        srtp_crypto_free(*c);
+        *c = NULL;
+        return srtp_err_status_alloc_fail;
+    }
+
+    icm->ctx = EVP_CIPHER_CTX_new();
+    if (icm->ctx == NULL) {
+        srtp_crypto_free(icm);
+        srtp_crypto_free(*c);
+        *c = NULL;
+        return srtp_err_status_alloc_fail;
+    }
+
+    /* set pointers */
+    (*c)->state = icm;
+
+    /* setup cipher parameters */
+    switch (key_len) {
+    case SRTP_AES_ICM_128_KEY_LEN_WSALT:
+        (*c)->algorithm = SRTP_AES_ICM_128;
+        (*c)->type = &srtp_aes_icm_128;
+        icm->key_size = SRTP_AES_128_KEY_LEN;
+        break;
+    case SRTP_AES_ICM_192_KEY_LEN_WSALT:
+        (*c)->algorithm = SRTP_AES_ICM_192;
+        (*c)->type = &srtp_aes_icm_192;
+        icm->key_size = SRTP_AES_192_KEY_LEN;
+        break;
+    case SRTP_AES_ICM_256_KEY_LEN_WSALT:
+        (*c)->algorithm = SRTP_AES_ICM_256;
+        (*c)->type = &srtp_aes_icm_256;
+        icm->key_size = SRTP_AES_256_KEY_LEN;
+        break;
+    }
+
+    /* set key size        */
+    (*c)->key_len = key_len;
+
+    return srtp_err_status_ok;
+}
+
+/*
+ * This function deallocates an instance of this engine
+ */
+static srtp_err_status_t srtp_aes_icm_openssl_dealloc(srtp_cipher_t *c)
+{
+    srtp_aes_icm_ctx_t *ctx;
+
+    if (c == NULL) {
+        return srtp_err_status_bad_param;
+    }
+
+    /*
+     * Free the EVP context
+     */
+    ctx = (srtp_aes_icm_ctx_t *)c->state;
+    if (ctx != NULL) {
+        EVP_CIPHER_CTX_free(ctx->ctx);
+        /* zeroize the key material */
+        octet_string_set_to_zero(ctx, sizeof(srtp_aes_icm_ctx_t));
+        srtp_crypto_free(ctx);
+    }
+
+    /* free memory */
+    srtp_crypto_free(c);
+
+    return srtp_err_status_ok;
+}
+
+/*
+ * aes_icm_openssl_context_init(...) initializes the aes_icm_context
+ * using the value in key[].
+ *
+ * the key is the secret key
+ *
+ * the salt is unpredictable (but not necessarily secret) data which
+ * randomizes the starting point in the keystream
+ */
+static srtp_err_status_t srtp_aes_icm_openssl_context_init(void *cv,
+                                                           const uint8_t *key)
+{
+    srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv;
+    const EVP_CIPHER *evp;
+
+    /*
+     * set counter and initial values to 'offset' value, being careful not to
+     * go past the end of the key buffer
+     */
+    v128_set_to_zero(&c->counter);
+    v128_set_to_zero(&c->offset);
+    memcpy(&c->counter, key + c->key_size, SRTP_SALT_LEN);
+    memcpy(&c->offset, key + c->key_size, SRTP_SALT_LEN);
+
+    /* force last two octets of the offset to zero (for srtp compatibility) */
+    c->offset.v8[SRTP_SALT_LEN] = c->offset.v8[SRTP_SALT_LEN + 1] = 0;
+    c->counter.v8[SRTP_SALT_LEN] = c->counter.v8[SRTP_SALT_LEN + 1] = 0;
+
+    debug_print(srtp_mod_aes_icm, "key:  %s",
+                srtp_octet_string_hex_string(key, c->key_size));
+    debug_print(srtp_mod_aes_icm, "offset: %s", v128_hex_string(&c->offset));
+
+    switch (c->key_size) {
+    case SRTP_AES_256_KEY_LEN:
+        evp = EVP_aes_256_ctr();
+        break;
+    case SRTP_AES_192_KEY_LEN:
+        evp = EVP_aes_192_ctr();
+        break;
+    case SRTP_AES_128_KEY_LEN:
+        evp = EVP_aes_128_ctr();
+        break;
+    default:
+        return srtp_err_status_bad_param;
+        break;
+    }
+
+    EVP_CIPHER_CTX_cleanup(c->ctx);
+    if (!EVP_EncryptInit_ex(c->ctx, evp, NULL, key, NULL)) {
+        return srtp_err_status_fail;
+    } else {
+        return srtp_err_status_ok;
+    }
+
+    return srtp_err_status_ok;
+}
+
+/*
+ * aes_icm_set_iv(c, iv) sets the counter value to the exor of iv with
+ * the offset
+ */
+static srtp_err_status_t srtp_aes_icm_openssl_set_iv(
+    void *cv,
+    uint8_t *iv,
+    srtp_cipher_direction_t dir)
+{
+    srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv;
+    v128_t nonce;
+
+    /* set nonce (for alignment) */
+    v128_copy_octet_string(&nonce, iv);
+
+    debug_print(srtp_mod_aes_icm, "setting iv: %s", v128_hex_string(&nonce));
+
+    v128_xor(&c->counter, &c->offset, &nonce);
+
+    debug_print(srtp_mod_aes_icm, "set_counter: %s",
+                v128_hex_string(&c->counter));
+
+    if (!EVP_EncryptInit_ex(c->ctx, NULL, NULL, NULL, c->counter.v8)) {
+        return srtp_err_status_fail;
+    } else {
+        return srtp_err_status_ok;
+    }
+}
+
+/*
+ * This function encrypts a buffer using AES CTR mode
+ *
+ * Parameters:
+ *	c	Crypto context
+ *	buf	data to encrypt
+ *	enc_len	length of encrypt buffer
+ */
+static srtp_err_status_t srtp_aes_icm_openssl_encrypt(void *cv,
+                                                      unsigned char *buf,
+                                                      unsigned int *enc_len)
+{
+    srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv;
+    int len = 0;
+
+    debug_print(srtp_mod_aes_icm, "rs0: %s", v128_hex_string(&c->counter));
+
+    if (!EVP_EncryptUpdate(c->ctx, buf, &len, buf, *enc_len)) {
+        return srtp_err_status_cipher_fail;
+    }
+    *enc_len = len;
+
+    if (!EVP_EncryptFinal_ex(c->ctx, buf + len, &len)) {
+        return srtp_err_status_cipher_fail;
+    }
+    *enc_len += len;
+
+    return srtp_err_status_ok;
+}
+
+/*
+ * Name of this crypto engine
+ */
+static const char srtp_aes_icm_128_openssl_description[] =
+    "AES-128 counter mode using openssl";
+static const char srtp_aes_icm_192_openssl_description[] =
+    "AES-192 counter mode using openssl";
+static const char srtp_aes_icm_256_openssl_description[] =
+    "AES-256 counter mode using openssl";
+
+/*
+ * KAT values for AES self-test.  These
+ * values came from the legacy libsrtp code.
+ */
+/* clang-format off */
+static const uint8_t srtp_aes_icm_128_test_case_0_key[SRTP_AES_ICM_128_KEY_LEN_WSALT] = {
+    0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
+    0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c,
+    0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+    0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd
+};
+/* clang-format on */
+
+/* clang-format off */
+static uint8_t srtp_aes_icm_128_test_case_0_nonce[16] = {
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+/* clang-format on */
+
+/* clang-format off */
+static const uint8_t srtp_aes_icm_128_test_case_0_plaintext[32] =  {
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+};
+/* clang-format on */
+
+/* clang-format off */
+static const uint8_t srtp_aes_icm_128_test_case_0_ciphertext[32] = {
+    0xe0, 0x3e, 0xad, 0x09, 0x35, 0xc9, 0x5e, 0x80,
+    0xe1, 0x66, 0xb1, 0x6d, 0xd9, 0x2b, 0x4e, 0xb4,
+    0xd2, 0x35, 0x13, 0x16, 0x2b, 0x02, 0xd0, 0xf7,
+    0x2a, 0x43, 0xa2, 0xfe, 0x4a, 0x5f, 0x97, 0xab
+};
+/* clang-format on */
+
+static const srtp_cipher_test_case_t srtp_aes_icm_128_test_case_0 = {
+    SRTP_AES_ICM_128_KEY_LEN_WSALT,          /* octets in key            */
+    srtp_aes_icm_128_test_case_0_key,        /* key                      */
+    srtp_aes_icm_128_test_case_0_nonce,      /* packet index             */
+    32,                                      /* octets in plaintext      */
+    srtp_aes_icm_128_test_case_0_plaintext,  /* plaintext                */
+    32,                                      /* octets in ciphertext     */
+    srtp_aes_icm_128_test_case_0_ciphertext, /* ciphertext               */
+    0,                                       /* */
+    NULL,                                    /* */
+    0,                                       /* */
+    NULL                                     /* pointer to next testcase */
+};
+
+/*
+ * KAT values for AES-192-CTR self-test.  These
+ * values came from section 7 of RFC 6188.
+ */
+/* clang-format off */
+static const uint8_t srtp_aes_icm_192_test_case_0_key[SRTP_AES_ICM_192_KEY_LEN_WSALT] = {
+    0xea, 0xb2, 0x34, 0x76, 0x4e, 0x51, 0x7b, 0x2d,
+    0x3d, 0x16, 0x0d, 0x58, 0x7d, 0x8c, 0x86, 0x21,
+    0x97, 0x40, 0xf6, 0x5f, 0x99, 0xb6, 0xbc, 0xf7,
+    0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+    0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd
+};
+/* clang-format on */
+
+/* clang-format off */
+static uint8_t srtp_aes_icm_192_test_case_0_nonce[16] = {
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+/* clang-format on */
+
+/* clang-format off */
+static const uint8_t srtp_aes_icm_192_test_case_0_plaintext[32] =  {
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+};
+/* clang-format on */
+
+/* clang-format off */
+static const uint8_t srtp_aes_icm_192_test_case_0_ciphertext[32] = {
+    0x35, 0x09, 0x6c, 0xba, 0x46, 0x10, 0x02, 0x8d,
+    0xc1, 0xb5, 0x75, 0x03, 0x80, 0x4c, 0xe3, 0x7c,
+    0x5d, 0xe9, 0x86, 0x29, 0x1d, 0xcc, 0xe1, 0x61,
+    0xd5, 0x16, 0x5e, 0xc4, 0x56, 0x8f, 0x5c, 0x9a
+};
+/* clang-format on */
+
+static const srtp_cipher_test_case_t srtp_aes_icm_192_test_case_0 = {
+    SRTP_AES_ICM_192_KEY_LEN_WSALT,          /* octets in key            */
+    srtp_aes_icm_192_test_case_0_key,        /* key                      */
+    srtp_aes_icm_192_test_case_0_nonce,      /* packet index             */
+    32,                                      /* octets in plaintext      */
+    srtp_aes_icm_192_test_case_0_plaintext,  /* plaintext                */
+    32,                                      /* octets in ciphertext     */
+    srtp_aes_icm_192_test_case_0_ciphertext, /* ciphertext               */
+    0,                                       /* */
+    NULL,                                    /* */
+    0,                                       /* */
+    NULL                                     /* pointer to next testcase */
+};
+
+/*
+ * KAT values for AES-256-CTR self-test.  These
+ * values came from section 7 of RFC 6188.
+ */
+/* clang-format off */
+static const uint8_t srtp_aes_icm_256_test_case_0_key[SRTP_AES_ICM_256_KEY_LEN_WSALT] = {
+    0x57, 0xf8, 0x2f, 0xe3, 0x61, 0x3f, 0xd1, 0x70,
+    0xa8, 0x5e, 0xc9, 0x3c, 0x40, 0xb1, 0xf0, 0x92,
+    0x2e, 0xc4, 0xcb, 0x0d, 0xc0, 0x25, 0xb5, 0x82,
+    0x72, 0x14, 0x7c, 0xc4, 0x38, 0x94, 0x4a, 0x98,
+    0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+    0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd
+};
+/* clang-format on */
+
+/* clang-format off */
+static uint8_t srtp_aes_icm_256_test_case_0_nonce[16] = {
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+/* clang-format on */
+
+/* clang-format off */
+static const uint8_t srtp_aes_icm_256_test_case_0_plaintext[32] =  {
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+};
+/* clang-format on */
+
+/* clang-format off */
+static const uint8_t srtp_aes_icm_256_test_case_0_ciphertext[32] = {
+    0x92, 0xbd, 0xd2, 0x8a, 0x93, 0xc3, 0xf5, 0x25,
+    0x11, 0xc6, 0x77, 0xd0, 0x8b, 0x55, 0x15, 0xa4,
+    0x9d, 0xa7, 0x1b, 0x23, 0x78, 0xa8, 0x54, 0xf6,
+    0x70, 0x50, 0x75, 0x6d, 0xed, 0x16, 0x5b, 0xac
+};
+/* clang-format on */
+
+static const srtp_cipher_test_case_t srtp_aes_icm_256_test_case_0 = {
+    SRTP_AES_ICM_256_KEY_LEN_WSALT,          /* octets in key            */
+    srtp_aes_icm_256_test_case_0_key,        /* key                      */
+    srtp_aes_icm_256_test_case_0_nonce,      /* packet index             */
+    32,                                      /* octets in plaintext      */
+    srtp_aes_icm_256_test_case_0_plaintext,  /* plaintext                */
+    32,                                      /* octets in ciphertext     */
+    srtp_aes_icm_256_test_case_0_ciphertext, /* ciphertext               */
+    0,                                       /* */
+    NULL,                                    /* */
+    0,                                       /* */
+    NULL                                     /* pointer to next testcase */
+};
+
+/*
+ * This is the function table for this crypto engine.
+ * note: the encrypt function is identical to the decrypt function
+ */
+const srtp_cipher_type_t srtp_aes_icm_128 = {
+    srtp_aes_icm_openssl_alloc,           /* */
+    srtp_aes_icm_openssl_dealloc,         /* */
+    srtp_aes_icm_openssl_context_init,    /* */
+    0,                                    /* set_aad */
+    srtp_aes_icm_openssl_encrypt,         /* */
+    srtp_aes_icm_openssl_encrypt,         /* */
+    srtp_aes_icm_openssl_set_iv,          /* */
+    0,                                    /* get_tag */
+    srtp_aes_icm_128_openssl_description, /* */
+    &srtp_aes_icm_128_test_case_0,        /* */
+    SRTP_AES_ICM_128                      /* */
+};
+
+/*
+ * This is the function table for this crypto engine.
+ * note: the encrypt function is identical to the decrypt function
+ */
+const srtp_cipher_type_t srtp_aes_icm_192 = {
+    srtp_aes_icm_openssl_alloc,           /* */
+    srtp_aes_icm_openssl_dealloc,         /* */
+    srtp_aes_icm_openssl_context_init,    /* */
+    0,                                    /* set_aad */
+    srtp_aes_icm_openssl_encrypt,         /* */
+    srtp_aes_icm_openssl_encrypt,         /* */
+    srtp_aes_icm_openssl_set_iv,          /* */
+    0,                                    /* get_tag */
+    srtp_aes_icm_192_openssl_description, /* */
+    &srtp_aes_icm_192_test_case_0,        /* */
+    SRTP_AES_ICM_192                      /* */
+};
+
+/*
+ * This is the function table for this crypto engine.
+ * note: the encrypt function is identical to the decrypt function
+ */
+const srtp_cipher_type_t srtp_aes_icm_256 = {
+    srtp_aes_icm_openssl_alloc,           /* */
+    srtp_aes_icm_openssl_dealloc,         /* */
+    srtp_aes_icm_openssl_context_init,    /* */
+    0,                                    /* set_aad */
+    srtp_aes_icm_openssl_encrypt,         /* */
+    srtp_aes_icm_openssl_encrypt,         /* */
+    srtp_aes_icm_openssl_set_iv,          /* */
+    0,                                    /* get_tag */
+    srtp_aes_icm_256_openssl_description, /* */
+    &srtp_aes_icm_256_test_case_0,        /* */
+    SRTP_AES_ICM_256                      /* */
+};
diff --git a/trunk/3rdparty/libsrtp-2-fit/crypto/cipher/cipher.c b/trunk/3rdparty/libsrtp-2-fit/crypto/cipher/cipher.c
new file mode 100644
index 000000000..de93bc90d
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/crypto/cipher/cipher.c
@@ -0,0 +1,664 @@
+/*
+ * cipher.c
+ *
+ * cipher meta-functions
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ *
+ */
+
+/*
+ *
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include "cipher.h"
+#include "cipher_priv.h"
+#include "crypto_types.h"
+#include "err.h"   /* for srtp_debug */
+#include "alloc.h" /* for crypto_alloc(), crypto_free()  */
+
+srtp_debug_module_t srtp_mod_cipher = {
+    0,       /* debugging is off by default */
+    "cipher" /* printable module name       */
+};
+
+srtp_err_status_t srtp_cipher_type_alloc(const srtp_cipher_type_t *ct,
+                                         srtp_cipher_t **c,
+                                         int key_len,
+                                         int tlen)
+{
+    if (!ct || !ct->alloc) {
+        return (srtp_err_status_bad_param);
+    }
+    return ((ct)->alloc((c), (key_len), (tlen)));
+}
+
+srtp_err_status_t srtp_cipher_dealloc(srtp_cipher_t *c)
+{
+    if (!c || !c->type) {
+        return (srtp_err_status_bad_param);
+    }
+    return (((c)->type)->dealloc(c));
+}
+
+srtp_err_status_t srtp_cipher_init(srtp_cipher_t *c, const uint8_t *key)
+{
+    if (!c || !c->type || !c->state) {
+        return (srtp_err_status_bad_param);
+    }
+    return (((c)->type)->init(((c)->state), (key)));
+}
+
+srtp_err_status_t srtp_cipher_set_iv(srtp_cipher_t *c,
+                                     uint8_t *iv,
+                                     int direction)
+{
+    if (!c || !c->type || !c->state) {
+        return (srtp_err_status_bad_param);
+    }
+
+    return (((c)->type)->set_iv(((c)->state), iv, direction));
+}
+
+srtp_err_status_t srtp_cipher_output(srtp_cipher_t *c,
+                                     uint8_t *buffer,
+                                     uint32_t *num_octets_to_output)
+{
+    /* zeroize the buffer */
+    octet_string_set_to_zero(buffer, *num_octets_to_output);
+
+    /* exor keystream into buffer */
+    return (((c)->type)->encrypt(((c)->state), buffer, num_octets_to_output));
+}
+
+srtp_err_status_t srtp_cipher_encrypt(srtp_cipher_t *c,
+                                      uint8_t *buffer,
+                                      uint32_t *num_octets_to_output)
+{
+    if (!c || !c->type || !c->state) {
+        return (srtp_err_status_bad_param);
+    }
+
+    return (((c)->type)->encrypt(((c)->state), buffer, num_octets_to_output));
+}
+
+srtp_err_status_t srtp_cipher_decrypt(srtp_cipher_t *c,
+                                      uint8_t *buffer,
+                                      uint32_t *num_octets_to_output)
+{
+    if (!c || !c->type || !c->state) {
+        return (srtp_err_status_bad_param);
+    }
+
+    return (((c)->type)->decrypt(((c)->state), buffer, num_octets_to_output));
+}
+
+srtp_err_status_t srtp_cipher_get_tag(srtp_cipher_t *c,
+                                      uint8_t *buffer,
+                                      uint32_t *tag_len)
+{
+    if (!c || !c->type || !c->state) {
+        return (srtp_err_status_bad_param);
+    }
+    if (!((c)->type)->get_tag) {
+        return (srtp_err_status_no_such_op);
+    }
+
+    return (((c)->type)->get_tag(((c)->state), buffer, tag_len));
+}
+
+srtp_err_status_t srtp_cipher_set_aad(srtp_cipher_t *c,
+                                      const uint8_t *aad,
+                                      uint32_t aad_len)
+{
+    if (!c || !c->type || !c->state) {
+        return (srtp_err_status_bad_param);
+    }
+    if (!((c)->type)->set_aad) {
+        return (srtp_err_status_no_such_op);
+    }
+
+    return (((c)->type)->set_aad(((c)->state), aad, aad_len));
+}
+
+/* some bookkeeping functions */
+
+int srtp_cipher_get_key_length(const srtp_cipher_t *c)
+{
+    return c->key_len;
+}
+
+/*
+ * A trivial platform independent random source.
+ * For use in test only.
+ */
+void srtp_cipher_rand_for_tests(void *dest, uint32_t len)
+{
+    /* Generic C-library (rand()) version */
+    /* This is a random source of last resort */
+    uint8_t *dst = (uint8_t *)dest;
+    while (len) {
+        int val = rand();
+        /* rand() returns 0-32767 (ugh) */
+        /* Is this a good enough way to get random bytes?
+           It is if it passes FIPS-140... */
+        *dst++ = val & 0xff;
+        len--;
+    }
+}
+
+/*
+ * A trivial platform independent 32 bit random number.
+ * For use in test only.
+ */
+uint32_t srtp_cipher_rand_u32_for_tests(void)
+{
+    uint32_t r;
+    srtp_cipher_rand_for_tests(&r, sizeof(r));
+    return r;
+}
+
+#define SELF_TEST_BUF_OCTETS 128
+#define NUM_RAND_TESTS 128
+#define MAX_KEY_LEN 64
+/*
+ * srtp_cipher_type_test(ct, test_data) tests a cipher of type ct against
+ * test cases provided in a list test_data of values of key, salt, iv,
+ * plaintext, and ciphertext that is known to be good
+ */
+srtp_err_status_t srtp_cipher_type_test(
+    const srtp_cipher_type_t *ct,
+    const srtp_cipher_test_case_t *test_data)
+{
+    const srtp_cipher_test_case_t *test_case = test_data;
+    srtp_cipher_t *c;
+    srtp_err_status_t status;
+    uint8_t buffer[SELF_TEST_BUF_OCTETS];
+    uint8_t buffer2[SELF_TEST_BUF_OCTETS];
+    uint32_t tag_len;
+    unsigned int len;
+    int i, j, case_num = 0;
+    unsigned k = 0;
+
+    debug_print(srtp_mod_cipher, "running self-test for cipher %s",
+                ct->description);
+
+    /*
+     * check to make sure that we have at least one test case, and
+     * return an error if we don't - we need to be paranoid here
+     */
+    if (test_case == NULL) {
+        return srtp_err_status_cant_check;
+    }
+
+    /*
+     * loop over all test cases, perform known-answer tests of both the
+     * encryption and decryption functions
+     */
+    while (test_case != NULL) {
+        /* allocate cipher */
+        status = srtp_cipher_type_alloc(ct, &c, test_case->key_length_octets,
+                                        test_case->tag_length_octets);
+        if (status) {
+            return status;
+        }
+
+        /*
+         * test the encrypt function
+         */
+        debug_print0(srtp_mod_cipher, "testing encryption");
+
+        /* initialize cipher */
+        status = srtp_cipher_init(c, test_case->key);
+        if (status) {
+            srtp_cipher_dealloc(c);
+            return status;
+        }
+
+        /* copy plaintext into test buffer */
+        if (test_case->ciphertext_length_octets > SELF_TEST_BUF_OCTETS) {
+            srtp_cipher_dealloc(c);
+            return srtp_err_status_bad_param;
+        }
+        for (k = 0; k < test_case->plaintext_length_octets; k++) {
+            buffer[k] = test_case->plaintext[k];
+        }
+
+        debug_print(srtp_mod_cipher, "plaintext:    %s",
+                    srtp_octet_string_hex_string(
+                        buffer, test_case->plaintext_length_octets));
+
+        /* set the initialization vector */
+        status = srtp_cipher_set_iv(c, (uint8_t *)test_case->idx,
+                                    srtp_direction_encrypt);
+        if (status) {
+            srtp_cipher_dealloc(c);
+            return status;
+        }
+
+        if (c->algorithm == SRTP_AES_GCM_128 ||
+            c->algorithm == SRTP_AES_GCM_256) {
+            debug_print(srtp_mod_cipher, "IV:    %s",
+                        srtp_octet_string_hex_string(test_case->idx, 12));
+
+            /*
+             * Set the AAD
+             */
+            status = srtp_cipher_set_aad(c, test_case->aad,
+                                         test_case->aad_length_octets);
+            if (status) {
+                srtp_cipher_dealloc(c);
+                return status;
+            }
+            debug_print(srtp_mod_cipher, "AAD:    %s",
+                        srtp_octet_string_hex_string(
+                            test_case->aad, test_case->aad_length_octets));
+        }
+
+        /* encrypt */
+        len = test_case->plaintext_length_octets;
+        status = srtp_cipher_encrypt(c, buffer, &len);
+        if (status) {
+            srtp_cipher_dealloc(c);
+            return status;
+        }
+
+        if (c->algorithm == SRTP_AES_GCM_128 ||
+            c->algorithm == SRTP_AES_GCM_256) {
+            /*
+             * Get the GCM tag
+             */
+            status = srtp_cipher_get_tag(c, buffer + len, &tag_len);
+            if (status) {
+                srtp_cipher_dealloc(c);
+                return status;
+            }
+            len += tag_len;
+        }
+
+        debug_print(srtp_mod_cipher, "ciphertext:   %s",
+                    srtp_octet_string_hex_string(
+                        buffer, test_case->ciphertext_length_octets));
+
+        /* compare the resulting ciphertext with that in the test case */
+        if (len != test_case->ciphertext_length_octets) {
+            srtp_cipher_dealloc(c);
+            return srtp_err_status_algo_fail;
+        }
+        status = srtp_err_status_ok;
+        for (k = 0; k < test_case->ciphertext_length_octets; k++) {
+            if (buffer[k] != test_case->ciphertext[k]) {
+                status = srtp_err_status_algo_fail;
+                debug_print(srtp_mod_cipher, "test case %d failed", case_num);
+                debug_print(srtp_mod_cipher, "(failure at byte %u)", k);
+                break;
+            }
+        }
+        if (status) {
+            debug_print(srtp_mod_cipher, "c computed: %s",
+                        srtp_octet_string_hex_string(
+                            buffer, 2 * test_case->plaintext_length_octets));
+            debug_print(srtp_mod_cipher, "c expected: %s",
+                        srtp_octet_string_hex_string(
+                            test_case->ciphertext,
+                            2 * test_case->plaintext_length_octets));
+
+            srtp_cipher_dealloc(c);
+            return srtp_err_status_algo_fail;
+        }
+
+        /*
+         * test the decrypt function
+         */
+        debug_print0(srtp_mod_cipher, "testing decryption");
+
+        /* re-initialize cipher for decryption */
+        status = srtp_cipher_init(c, test_case->key);
+        if (status) {
+            srtp_cipher_dealloc(c);
+            return status;
+        }
+
+        /* copy ciphertext into test buffer */
+        if (test_case->ciphertext_length_octets > SELF_TEST_BUF_OCTETS) {
+            srtp_cipher_dealloc(c);
+            return srtp_err_status_bad_param;
+        }
+        for (k = 0; k < test_case->ciphertext_length_octets; k++) {
+            buffer[k] = test_case->ciphertext[k];
+        }
+
+        debug_print(srtp_mod_cipher, "ciphertext:    %s",
+                    srtp_octet_string_hex_string(
+                        buffer, test_case->plaintext_length_octets));
+
+        /* set the initialization vector */
+        status = srtp_cipher_set_iv(c, (uint8_t *)test_case->idx,
+                                    srtp_direction_decrypt);
+        if (status) {
+            srtp_cipher_dealloc(c);
+            return status;
+        }
+
+        if (c->algorithm == SRTP_AES_GCM_128 ||
+            c->algorithm == SRTP_AES_GCM_256) {
+            /*
+             * Set the AAD
+             */
+            status = srtp_cipher_set_aad(c, test_case->aad,
+                                         test_case->aad_length_octets);
+            if (status) {
+                srtp_cipher_dealloc(c);
+                return status;
+            }
+            debug_print(srtp_mod_cipher, "AAD:    %s",
+                        srtp_octet_string_hex_string(
+                            test_case->aad, test_case->aad_length_octets));
+        }
+
+        /* decrypt */
+        len = test_case->ciphertext_length_octets;
+        status = srtp_cipher_decrypt(c, buffer, &len);
+        if (status) {
+            srtp_cipher_dealloc(c);
+            return status;
+        }
+
+        debug_print(srtp_mod_cipher, "plaintext:   %s",
+                    srtp_octet_string_hex_string(
+                        buffer, test_case->plaintext_length_octets));
+
+        /* compare the resulting plaintext with that in the test case */
+        if (len != test_case->plaintext_length_octets) {
+            srtp_cipher_dealloc(c);
+            return srtp_err_status_algo_fail;
+        }
+        status = srtp_err_status_ok;
+        for (k = 0; k < test_case->plaintext_length_octets; k++) {
+            if (buffer[k] != test_case->plaintext[k]) {
+                status = srtp_err_status_algo_fail;
+                debug_print(srtp_mod_cipher, "test case %d failed", case_num);
+                debug_print(srtp_mod_cipher, "(failure at byte %u)", k);
+            }
+        }
+        if (status) {
+            debug_print(srtp_mod_cipher, "p computed: %s",
+                        srtp_octet_string_hex_string(
+                            buffer, 2 * test_case->plaintext_length_octets));
+            debug_print(srtp_mod_cipher, "p expected: %s",
+                        srtp_octet_string_hex_string(
+                            test_case->plaintext,
+                            2 * test_case->plaintext_length_octets));
+
+            srtp_cipher_dealloc(c);
+            return srtp_err_status_algo_fail;
+        }
+
+        /* deallocate the cipher */
+        status = srtp_cipher_dealloc(c);
+        if (status) {
+            return status;
+        }
+
+        /*
+         * the cipher passed the test case, so move on to the next test
+         * case in the list; if NULL, we'l proceed to the next test
+         */
+        test_case = test_case->next_test_case;
+        ++case_num;
+    }
+
+    /* now run some random invertibility tests */
+
+    /* allocate cipher, using paramaters from the first test case */
+    test_case = test_data;
+    status = srtp_cipher_type_alloc(ct, &c, test_case->key_length_octets,
+                                    test_case->tag_length_octets);
+    if (status) {
+        return status;
+    }
+
+    for (j = 0; j < NUM_RAND_TESTS; j++) {
+        unsigned int length;
+        unsigned int plaintext_len;
+        uint8_t key[MAX_KEY_LEN];
+        uint8_t iv[MAX_KEY_LEN];
+
+        /* choose a length at random (leaving room for IV and padding) */
+        length = srtp_cipher_rand_u32_for_tests() % (SELF_TEST_BUF_OCTETS - 64);
+        debug_print(srtp_mod_cipher, "random plaintext length %d\n", length);
+        srtp_cipher_rand_for_tests(buffer, length);
+
+        debug_print(srtp_mod_cipher, "plaintext:    %s",
+                    srtp_octet_string_hex_string(buffer, length));
+
+        /* copy plaintext into second buffer */
+        for (i = 0; (unsigned int)i < length; i++) {
+            buffer2[i] = buffer[i];
+        }
+
+        /* choose a key at random */
+        if (test_case->key_length_octets > MAX_KEY_LEN) {
+            srtp_cipher_dealloc(c);
+            return srtp_err_status_cant_check;
+        }
+        srtp_cipher_rand_for_tests(key, test_case->key_length_octets);
+
+        /* chose a random initialization vector */
+        srtp_cipher_rand_for_tests(iv, MAX_KEY_LEN);
+
+        /* initialize cipher */
+        status = srtp_cipher_init(c, key);
+        if (status) {
+            srtp_cipher_dealloc(c);
+            return status;
+        }
+
+        /* set initialization vector */
+        status = srtp_cipher_set_iv(c, (uint8_t *)test_case->idx,
+                                    srtp_direction_encrypt);
+        if (status) {
+            srtp_cipher_dealloc(c);
+            return status;
+        }
+
+        if (c->algorithm == SRTP_AES_GCM_128 ||
+            c->algorithm == SRTP_AES_GCM_256) {
+            /*
+             * Set the AAD
+             */
+            status = srtp_cipher_set_aad(c, test_case->aad,
+                                         test_case->aad_length_octets);
+            if (status) {
+                srtp_cipher_dealloc(c);
+                return status;
+            }
+            debug_print(srtp_mod_cipher, "AAD:    %s",
+                        srtp_octet_string_hex_string(
+                            test_case->aad, test_case->aad_length_octets));
+        }
+
+        /* encrypt buffer with cipher */
+        plaintext_len = length;
+        status = srtp_cipher_encrypt(c, buffer, &length);
+        if (status) {
+            srtp_cipher_dealloc(c);
+            return status;
+        }
+        if (c->algorithm == SRTP_AES_GCM_128 ||
+            c->algorithm == SRTP_AES_GCM_256) {
+            /*
+             * Get the GCM tag
+             */
+            status = srtp_cipher_get_tag(c, buffer + length, &tag_len);
+            if (status) {
+                srtp_cipher_dealloc(c);
+                return status;
+            }
+            length += tag_len;
+        }
+        debug_print(srtp_mod_cipher, "ciphertext:   %s",
+                    srtp_octet_string_hex_string(buffer, length));
+
+        /*
+         * re-initialize cipher for decryption, re-set the iv, then
+         * decrypt the ciphertext
+         */
+        status = srtp_cipher_init(c, key);
+        if (status) {
+            srtp_cipher_dealloc(c);
+            return status;
+        }
+        status = srtp_cipher_set_iv(c, (uint8_t *)test_case->idx,
+                                    srtp_direction_decrypt);
+        if (status) {
+            srtp_cipher_dealloc(c);
+            return status;
+        }
+        if (c->algorithm == SRTP_AES_GCM_128 ||
+            c->algorithm == SRTP_AES_GCM_256) {
+            /*
+             * Set the AAD
+             */
+            status = srtp_cipher_set_aad(c, test_case->aad,
+                                         test_case->aad_length_octets);
+            if (status) {
+                srtp_cipher_dealloc(c);
+                return status;
+            }
+            debug_print(srtp_mod_cipher, "AAD:    %s",
+                        srtp_octet_string_hex_string(
+                            test_case->aad, test_case->aad_length_octets));
+        }
+        status = srtp_cipher_decrypt(c, buffer, &length);
+        if (status) {
+            srtp_cipher_dealloc(c);
+            return status;
+        }
+
+        debug_print(srtp_mod_cipher, "plaintext[2]: %s",
+                    srtp_octet_string_hex_string(buffer, length));
+
+        /* compare the resulting plaintext with the original one */
+        if (length != plaintext_len) {
+            srtp_cipher_dealloc(c);
+            return srtp_err_status_algo_fail;
+        }
+        status = srtp_err_status_ok;
+        for (k = 0; k < plaintext_len; k++) {
+            if (buffer[k] != buffer2[k]) {
+                status = srtp_err_status_algo_fail;
+                debug_print(srtp_mod_cipher, "random test case %d failed",
+                            case_num);
+                debug_print(srtp_mod_cipher, "(failure at byte %u)", k);
+            }
+        }
+        if (status) {
+            srtp_cipher_dealloc(c);
+            return srtp_err_status_algo_fail;
+        }
+    }
+
+    status = srtp_cipher_dealloc(c);
+    if (status) {
+        return status;
+    }
+
+    return srtp_err_status_ok;
+}
+
+/*
+ * srtp_cipher_type_self_test(ct) performs srtp_cipher_type_test on ct's
+ * internal list of test data.
+ */
+srtp_err_status_t srtp_cipher_type_self_test(const srtp_cipher_type_t *ct)
+{
+    return srtp_cipher_type_test(ct, ct->test_data);
+}
+
+/*
+ * cipher_bits_per_second(c, l, t) computes (an estimate of) the
+ * number of bits that a cipher implementation can encrypt in a second
+ *
+ * c is a cipher (which MUST be allocated and initialized already), l
+ * is the length in octets of the test data to be encrypted, and t is
+ * the number of trials
+ *
+ * if an error is encountered, the value 0 is returned
+ */
+uint64_t srtp_cipher_bits_per_second(srtp_cipher_t *c,
+                                     int octets_in_buffer,
+                                     int num_trials)
+{
+    int i;
+    v128_t nonce;
+    clock_t timer;
+    unsigned char *enc_buf;
+    unsigned int len = octets_in_buffer;
+
+    enc_buf = (unsigned char *)srtp_crypto_alloc(octets_in_buffer);
+    if (enc_buf == NULL) {
+        return 0; /* indicate bad parameters by returning null */
+    }
+    /* time repeated trials */
+    v128_set_to_zero(&nonce);
+    timer = clock();
+    for (i = 0; i < num_trials; i++, nonce.v32[3] = i) {
+        if (srtp_cipher_set_iv(c, (uint8_t *)&nonce, srtp_direction_encrypt) !=
+            srtp_err_status_ok) {
+            srtp_crypto_free(enc_buf);
+            return 0;
+        }
+        if (srtp_cipher_encrypt(c, enc_buf, &len) != srtp_err_status_ok) {
+            srtp_crypto_free(enc_buf);
+            return 0;
+        }
+    }
+    timer = clock() - timer;
+
+    srtp_crypto_free(enc_buf);
+
+    if (timer == 0) {
+        /* Too fast! */
+        return 0;
+    }
+
+    return (uint64_t)CLOCKS_PER_SEC * num_trials * 8 * octets_in_buffer / timer;
+}
diff --git a/trunk/3rdparty/libsrtp-2-fit/crypto/cipher/null_cipher.c b/trunk/3rdparty/libsrtp-2-fit/crypto/cipher/null_cipher.c
new file mode 100644
index 000000000..969724611
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/crypto/cipher/null_cipher.c
@@ -0,0 +1,153 @@
+/*
+ * null_cipher.c
+ *
+ * A null cipher implementation.  This cipher leaves the plaintext
+ * unchanged.
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ */
+
+/*
+ *
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include "datatypes.h"
+#include "null_cipher.h"
+#include "err.h" /* for srtp_debug */
+#include "alloc.h"
+#include "cipher_types.h"
+
+static srtp_err_status_t srtp_null_cipher_alloc(srtp_cipher_t **c,
+                                                int key_len,
+                                                int tlen)
+{
+    extern const srtp_cipher_type_t srtp_null_cipher;
+
+    debug_print(srtp_mod_cipher, "allocating cipher with key length %d",
+                key_len);
+
+    /* allocate memory a cipher of type null_cipher */
+    *c = (srtp_cipher_t *)srtp_crypto_alloc(sizeof(srtp_cipher_t));
+    if (*c == NULL) {
+        return srtp_err_status_alloc_fail;
+    }
+
+    /* set pointers */
+    (*c)->algorithm = SRTP_NULL_CIPHER;
+    (*c)->type = &srtp_null_cipher;
+    (*c)->state = (void *)0x1; /* The null cipher does not maintain state */
+
+    /* set key size */
+    (*c)->key_len = key_len;
+
+    return srtp_err_status_ok;
+}
+
+static srtp_err_status_t srtp_null_cipher_dealloc(srtp_cipher_t *c)
+{
+    extern const srtp_cipher_type_t srtp_null_cipher;
+
+    /* zeroize entire state*/
+    octet_string_set_to_zero(c, sizeof(srtp_cipher_t));
+
+    /* free memory of type null_cipher */
+    srtp_crypto_free(c);
+
+    return srtp_err_status_ok;
+}
+
+static srtp_err_status_t srtp_null_cipher_init(void *cv, const uint8_t *key)
+{
+    /* srtp_null_cipher_ctx_t *c = (srtp_null_cipher_ctx_t *)cv; */
+
+    debug_print0(srtp_mod_cipher, "initializing null cipher");
+
+    return srtp_err_status_ok;
+}
+
+static srtp_err_status_t srtp_null_cipher_set_iv(void *cv,
+                                                 uint8_t *iv,
+                                                 srtp_cipher_direction_t dir)
+{
+    /* srtp_null_cipher_ctx_t *c = (srtp_null_cipher_ctx_t *)cv; */
+    return srtp_err_status_ok;
+}
+
+static srtp_err_status_t srtp_null_cipher_encrypt(void *cv,
+                                                  unsigned char *buf,
+                                                  unsigned int *bytes_to_encr)
+{
+    /* srtp_null_cipher_ctx_t *c = (srtp_null_cipher_ctx_t *)cv; */
+    return srtp_err_status_ok;
+}
+
+static const char srtp_null_cipher_description[] = "null cipher";
+
+static const srtp_cipher_test_case_t srtp_null_cipher_test_0 = {
+    0,    /* octets in key            */
+    NULL, /* key                      */
+    0,    /* packet index             */
+    0,    /* octets in plaintext      */
+    NULL, /* plaintext                */
+    0,    /* octets in plaintext      */
+    NULL, /* ciphertext               */
+    0,    /* */
+    NULL, /* */
+    0,    /* */
+    NULL  /* pointer to next testcase */
+};
+
+/*
+ * note: the decrypt function is idential to the encrypt function
+ */
+
+const srtp_cipher_type_t srtp_null_cipher = {
+    srtp_null_cipher_alloc,       /* */
+    srtp_null_cipher_dealloc,     /* */
+    srtp_null_cipher_init,        /* */
+    0,                            /* set_aad */
+    srtp_null_cipher_encrypt,     /* */
+    srtp_null_cipher_encrypt,     /* */
+    srtp_null_cipher_set_iv,      /* */
+    0,                            /* get_tag */
+    srtp_null_cipher_description, /* */
+    &srtp_null_cipher_test_0,     /* */
+    SRTP_NULL_CIPHER              /* */
+};
diff --git a/trunk/3rdparty/libsrtp-2-fit/crypto/hash/auth.c b/trunk/3rdparty/libsrtp-2-fit/crypto/hash/auth.c
new file mode 100644
index 000000000..f19327dc8
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/crypto/hash/auth.c
@@ -0,0 +1,187 @@
+/*
+ * auth.c
+ *
+ * some bookkeeping functions for authentication functions
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ */
+
+/*
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include "auth.h"
+#include "err.h"       /* for srtp_debug */
+#include "datatypes.h" /* for octet_string */
+
+/* the debug module for authentiation */
+
+srtp_debug_module_t srtp_mod_auth = {
+    0,          /* debugging is off by default */
+    "auth func" /* printable name for module   */
+};
+
+int srtp_auth_get_key_length(const srtp_auth_t *a)
+{
+    return a->key_len;
+}
+
+int srtp_auth_get_tag_length(const srtp_auth_t *a)
+{
+    return a->out_len;
+}
+
+int srtp_auth_get_prefix_length(const srtp_auth_t *a)
+{
+    return a->prefix_len;
+}
+
+/*
+ * srtp_auth_type_test() tests an auth function of type ct against
+ * test cases provided in a list test_data of values of key, data, and tag
+ * that is known to be good
+ */
+
+/* should be big enough for most occasions */
+#define SELF_TEST_TAG_BUF_OCTETS 32
+
+srtp_err_status_t srtp_auth_type_test(const srtp_auth_type_t *at,
+                                      const srtp_auth_test_case_t *test_data)
+{
+    const srtp_auth_test_case_t *test_case = test_data;
+    srtp_auth_t *a;
+    srtp_err_status_t status;
+    uint8_t tag[SELF_TEST_TAG_BUF_OCTETS];
+    int i, case_num = 0;
+
+    debug_print(srtp_mod_auth, "running self-test for auth function %s",
+                at->description);
+
+    /*
+     * check to make sure that we have at least one test case, and
+     * return an error if we don't - we need to be paranoid here
+     */
+    if (test_case == NULL) {
+        return srtp_err_status_cant_check;
+    }
+
+    /* loop over all test cases */
+    while (test_case != NULL) {
+        /* check test case parameters */
+        if (test_case->tag_length_octets > SELF_TEST_TAG_BUF_OCTETS) {
+            return srtp_err_status_bad_param;
+        }
+
+        /* allocate auth */
+        status = srtp_auth_type_alloc(at, &a, test_case->key_length_octets,
+                                      test_case->tag_length_octets);
+        if (status) {
+            return status;
+        }
+
+        /* initialize auth */
+        status = srtp_auth_init(a, test_case->key);
+        if (status) {
+            srtp_auth_dealloc(a);
+            return status;
+        }
+
+        /* zeroize tag then compute */
+        octet_string_set_to_zero(tag, test_case->tag_length_octets);
+        status = srtp_auth_compute(a, test_case->data,
+                                   test_case->data_length_octets, tag);
+        if (status) {
+            srtp_auth_dealloc(a);
+            return status;
+        }
+
+        debug_print(srtp_mod_auth, "key: %s",
+                    srtp_octet_string_hex_string(test_case->key,
+                                                 test_case->key_length_octets));
+        debug_print(srtp_mod_auth, "data: %s",
+                    srtp_octet_string_hex_string(
+                        test_case->data, test_case->data_length_octets));
+        debug_print(
+            srtp_mod_auth, "tag computed: %s",
+            srtp_octet_string_hex_string(tag, test_case->tag_length_octets));
+        debug_print(srtp_mod_auth, "tag expected: %s",
+                    srtp_octet_string_hex_string(test_case->tag,
+                                                 test_case->tag_length_octets));
+
+        /* check the result */
+        status = srtp_err_status_ok;
+        for (i = 0; i < test_case->tag_length_octets; i++) {
+            if (tag[i] != test_case->tag[i]) {
+                status = srtp_err_status_algo_fail;
+                debug_print(srtp_mod_auth, "test case %d failed", case_num);
+                debug_print(srtp_mod_auth, "  (mismatch at octet %d)", i);
+            }
+        }
+        if (status) {
+            srtp_auth_dealloc(a);
+            return srtp_err_status_algo_fail;
+        }
+
+        /* deallocate the auth function */
+        status = srtp_auth_dealloc(a);
+        if (status) {
+            return status;
+        }
+
+        /*
+         * the auth function passed the test case, so move on to the next test
+         * case in the list; if NULL, we'll quit and return an OK
+         */
+        test_case = test_case->next_test_case;
+        ++case_num;
+    }
+
+    return srtp_err_status_ok;
+}
+
+/*
+ * srtp_auth_type_self_test(at) performs srtp_auth_type_test on at's internal
+ * list of test data.
+ */
+
+srtp_err_status_t srtp_auth_type_self_test(const srtp_auth_type_t *at)
+{
+    return srtp_auth_type_test(at, at->test_data);
+}
diff --git a/trunk/3rdparty/libsrtp-2-fit/crypto/hash/hmac.c b/trunk/3rdparty/libsrtp-2-fit/crypto/hash/hmac.c
new file mode 100644
index 000000000..6e91468f3
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/crypto/hash/hmac.c
@@ -0,0 +1,283 @@
+/*
+ * hmac.c
+ *
+ * implementation of hmac srtp_auth_type_t
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ */
+/*
+ *
+ * Copyright(c) 2001-2017 Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include "hmac.h"
+#include "alloc.h"
+#include "cipher_types.h"
+
+/* the debug module for authentiation */
+
+srtp_debug_module_t srtp_mod_hmac = {
+    0,           /* debugging is off by default */
+    "hmac sha-1" /* printable name for module   */
+};
+
+static srtp_err_status_t srtp_hmac_alloc(srtp_auth_t **a,
+                                         int key_len,
+                                         int out_len)
+{
+    extern const srtp_auth_type_t srtp_hmac;
+    uint8_t *pointer;
+
+    debug_print(srtp_mod_hmac, "allocating auth func with key length %d",
+                key_len);
+    debug_print(srtp_mod_hmac, "                          tag length %d",
+                out_len);
+
+    /*
+     * check key length - note that we don't support keys larger
+     * than 20 bytes yet
+     */
+    if (key_len > 20) {
+        return srtp_err_status_bad_param;
+    }
+
+    /* check output length - should be less than 20 bytes */
+    if (out_len > 20) {
+        return srtp_err_status_bad_param;
+    }
+
+    /* allocate memory for auth and srtp_hmac_ctx_t structures */
+    pointer = (uint8_t *)srtp_crypto_alloc(sizeof(srtp_hmac_ctx_t) +
+                                           sizeof(srtp_auth_t));
+    if (pointer == NULL) {
+        return srtp_err_status_alloc_fail;
+    }
+
+    /* set pointers */
+    *a = (srtp_auth_t *)pointer;
+    (*a)->type = &srtp_hmac;
+    (*a)->state = pointer + sizeof(srtp_auth_t);
+    (*a)->out_len = out_len;
+    (*a)->key_len = key_len;
+    (*a)->prefix_len = 0;
+
+    return srtp_err_status_ok;
+}
+
+static srtp_err_status_t srtp_hmac_dealloc(srtp_auth_t *a)
+{
+    /* zeroize entire state*/
+    octet_string_set_to_zero(a, sizeof(srtp_hmac_ctx_t) + sizeof(srtp_auth_t));
+
+    /* free memory */
+    srtp_crypto_free(a);
+
+    return srtp_err_status_ok;
+}
+
+static srtp_err_status_t srtp_hmac_init(void *statev,
+                                        const uint8_t *key,
+                                        int key_len)
+{
+    srtp_hmac_ctx_t *state = (srtp_hmac_ctx_t *)statev;
+    int i;
+    uint8_t ipad[64];
+
+    /*
+     * check key length - note that we don't support keys larger
+     * than 20 bytes yet
+     */
+    if (key_len > 20) {
+        return srtp_err_status_bad_param;
+    }
+
+    /*
+     * set values of ipad and opad by exoring the key into the
+     * appropriate constant values
+     */
+    for (i = 0; i < key_len; i++) {
+        ipad[i] = key[i] ^ 0x36;
+        state->opad[i] = key[i] ^ 0x5c;
+    }
+    /* set the rest of ipad, opad to constant values */
+    for (; i < 64; i++) {
+        ipad[i] = 0x36;
+        ((uint8_t *)state->opad)[i] = 0x5c;
+    }
+
+    debug_print(srtp_mod_hmac, "ipad: %s",
+                srtp_octet_string_hex_string(ipad, 64));
+
+    /* initialize sha1 context */
+    srtp_sha1_init(&state->init_ctx);
+
+    /* hash ipad ^ key */
+    srtp_sha1_update(&state->init_ctx, ipad, 64);
+    memcpy(&state->ctx, &state->init_ctx, sizeof(srtp_sha1_ctx_t));
+
+    return srtp_err_status_ok;
+}
+
+static srtp_err_status_t srtp_hmac_start(void *statev)
+{
+    srtp_hmac_ctx_t *state = (srtp_hmac_ctx_t *)statev;
+
+    memcpy(&state->ctx, &state->init_ctx, sizeof(srtp_sha1_ctx_t));
+
+    return srtp_err_status_ok;
+}
+
+static srtp_err_status_t srtp_hmac_update(void *statev,
+                                          const uint8_t *message,
+                                          int msg_octets)
+{
+    srtp_hmac_ctx_t *state = (srtp_hmac_ctx_t *)statev;
+
+    debug_print(srtp_mod_hmac, "input: %s",
+                srtp_octet_string_hex_string(message, msg_octets));
+
+    /* hash message into sha1 context */
+    srtp_sha1_update(&state->ctx, message, msg_octets);
+
+    return srtp_err_status_ok;
+}
+
+static srtp_err_status_t srtp_hmac_compute(void *statev,
+                                           const uint8_t *message,
+                                           int msg_octets,
+                                           int tag_len,
+                                           uint8_t *result)
+{
+    srtp_hmac_ctx_t *state = (srtp_hmac_ctx_t *)statev;
+    uint32_t hash_value[5];
+    uint32_t H[5];
+    int i;
+
+    /* check tag length, return error if we can't provide the value expected */
+    if (tag_len > 20) {
+        return srtp_err_status_bad_param;
+    }
+
+    /* hash message, copy output into H */
+    srtp_hmac_update(state, message, msg_octets);
+    srtp_sha1_final(&state->ctx, H);
+
+    /*
+     * note that we don't need to debug_print() the input, since the
+     * function hmac_update() already did that for us
+     */
+    debug_print(srtp_mod_hmac, "intermediate state: %s",
+                srtp_octet_string_hex_string((uint8_t *)H, 20));
+
+    /* re-initialize hash context */
+    srtp_sha1_init(&state->ctx);
+
+    /* hash opad ^ key  */
+    srtp_sha1_update(&state->ctx, (uint8_t *)state->opad, 64);
+
+    /* hash the result of the inner hash */
+    srtp_sha1_update(&state->ctx, (uint8_t *)H, 20);
+
+    /* the result is returned in the array hash_value[] */
+    srtp_sha1_final(&state->ctx, hash_value);
+
+    /* copy hash_value to *result */
+    for (i = 0; i < tag_len; i++) {
+        result[i] = ((uint8_t *)hash_value)[i];
+    }
+
+    debug_print(srtp_mod_hmac, "output: %s",
+                srtp_octet_string_hex_string((uint8_t *)hash_value, tag_len));
+
+    return srtp_err_status_ok;
+}
+
+/* begin test case 0 */
+/* clang-format off */
+static const uint8_t srtp_hmac_test_case_0_key[20] = {
+    0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+    0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+    0x0b, 0x0b, 0x0b, 0x0b
+};
+/* clang-format on */
+
+/* clang-format off */
+static const uint8_t srtp_hmac_test_case_0_data[8] = {
+    0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65 /* "Hi There" */
+};
+/* clang-format on */
+
+/* clang-format off */
+static const uint8_t srtp_hmac_test_case_0_tag[20] = {
+    0xb6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64,
+    0xe2, 0x8b, 0xc0, 0xb6, 0xfb, 0x37, 0x8c, 0x8e,
+    0xf1, 0x46, 0xbe, 0x00
+};
+/* clang-format on */
+
+static const srtp_auth_test_case_t srtp_hmac_test_case_0 = {
+    20,                         /* octets in key            */
+    srtp_hmac_test_case_0_key,  /* key                      */
+    8,                          /* octets in data           */
+    srtp_hmac_test_case_0_data, /* data                     */
+    20,                         /* octets in tag            */
+    srtp_hmac_test_case_0_tag,  /* tag                      */
+    NULL                        /* pointer to next testcase */
+};
+
+/* end test case 0 */
+
+static const char srtp_hmac_description[] =
+    "hmac sha-1 authentication function";
+
+/*
+ * srtp_auth_type_t hmac is the hmac metaobject
+ */
+
+const srtp_auth_type_t srtp_hmac = {
+    srtp_hmac_alloc,        /* */
+    srtp_hmac_dealloc,      /* */
+    srtp_hmac_init,         /* */
+    srtp_hmac_compute,      /* */
+    srtp_hmac_update,       /* */
+    srtp_hmac_start,        /* */
+    srtp_hmac_description,  /* */
+    &srtp_hmac_test_case_0, /* */
+    SRTP_HMAC_SHA1          /* */
+};
diff --git a/trunk/3rdparty/libsrtp-2-fit/crypto/hash/hmac_ossl.c b/trunk/3rdparty/libsrtp-2-fit/crypto/hash/hmac_ossl.c
new file mode 100644
index 000000000..8146438b0
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/crypto/hash/hmac_ossl.c
@@ -0,0 +1,273 @@
+/*
+ * hmac_ossl.c
+ *
+ * Implementation of hmac srtp_auth_type_t that leverages OpenSSL
+ *
+ * John A. Foley
+ * Cisco Systems, Inc.
+ */
+/*
+ *
+ * Copyright(c) 2013-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include "auth.h"
+#include "alloc.h"
+#include "err.h" /* for srtp_debug */
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+
+#define SHA1_DIGEST_SIZE 20
+
+/* the debug module for authentiation */
+
+srtp_debug_module_t srtp_mod_hmac = {
+    0,                   /* debugging is off by default */
+    "hmac sha-1 openssl" /* printable name for module   */
+};
+
+static srtp_err_status_t srtp_hmac_alloc(srtp_auth_t **a,
+                                         int key_len,
+                                         int out_len)
+{
+    extern const srtp_auth_type_t srtp_hmac;
+
+    debug_print(srtp_mod_hmac, "allocating auth func with key length %d",
+                key_len);
+    debug_print(srtp_mod_hmac, "                          tag length %d",
+                out_len);
+
+    /* check output length - should be less than 20 bytes */
+    if (out_len > SHA1_DIGEST_SIZE) {
+        return srtp_err_status_bad_param;
+    }
+
+/* OpenSSL 1.1.0 made HMAC_CTX an opaque structure, which must be allocated
+   using HMAC_CTX_new.  But this function doesn't exist in OpenSSL 1.0.x. */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || LIBRESSL_VERSION_NUMBER
+    {
+        /* allocate memory for auth and HMAC_CTX structures */
+        uint8_t *pointer;
+        HMAC_CTX *new_hmac_ctx;
+        pointer = (uint8_t *)srtp_crypto_alloc(sizeof(HMAC_CTX) +
+                                               sizeof(srtp_auth_t));
+        if (pointer == NULL) {
+            return srtp_err_status_alloc_fail;
+        }
+        *a = (srtp_auth_t *)pointer;
+        (*a)->state = pointer + sizeof(srtp_auth_t);
+        new_hmac_ctx = (HMAC_CTX *)((*a)->state);
+
+        HMAC_CTX_init(new_hmac_ctx);
+    }
+
+#else
+    *a = (srtp_auth_t *)srtp_crypto_alloc(sizeof(srtp_auth_t));
+    if (*a == NULL) {
+        return srtp_err_status_alloc_fail;
+    }
+
+    (*a)->state = HMAC_CTX_new();
+    if ((*a)->state == NULL) {
+        srtp_crypto_free(*a);
+        *a = NULL;
+        return srtp_err_status_alloc_fail;
+    }
+#endif
+
+    /* set pointers */
+    (*a)->type = &srtp_hmac;
+    (*a)->out_len = out_len;
+    (*a)->key_len = key_len;
+    (*a)->prefix_len = 0;
+
+    return srtp_err_status_ok;
+}
+
+static srtp_err_status_t srtp_hmac_dealloc(srtp_auth_t *a)
+{
+    HMAC_CTX *hmac_ctx;
+
+    hmac_ctx = (HMAC_CTX *)a->state;
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || LIBRESSL_VERSION_NUMBER
+    HMAC_CTX_cleanup(hmac_ctx);
+
+    /* zeroize entire state*/
+    octet_string_set_to_zero(a, sizeof(HMAC_CTX) + sizeof(srtp_auth_t));
+
+#else
+    HMAC_CTX_free(hmac_ctx);
+
+    /* zeroize entire state*/
+    octet_string_set_to_zero(a, sizeof(srtp_auth_t));
+#endif
+
+    /* free memory */
+    srtp_crypto_free(a);
+
+    return srtp_err_status_ok;
+}
+
+static srtp_err_status_t srtp_hmac_start(void *statev)
+{
+    HMAC_CTX *state = (HMAC_CTX *)statev;
+
+    if (HMAC_Init_ex(state, NULL, 0, NULL, NULL) == 0)
+        return srtp_err_status_auth_fail;
+
+    return srtp_err_status_ok;
+}
+
+static srtp_err_status_t srtp_hmac_init(void *statev,
+                                        const uint8_t *key,
+                                        int key_len)
+{
+    HMAC_CTX *state = (HMAC_CTX *)statev;
+
+    if (HMAC_Init_ex(state, key, key_len, EVP_sha1(), NULL) == 0)
+        return srtp_err_status_auth_fail;
+
+    return srtp_err_status_ok;
+}
+
+static srtp_err_status_t srtp_hmac_update(void *statev,
+                                          const uint8_t *message,
+                                          int msg_octets)
+{
+    HMAC_CTX *state = (HMAC_CTX *)statev;
+
+    debug_print(srtp_mod_hmac, "input: %s",
+                srtp_octet_string_hex_string(message, msg_octets));
+
+    if (HMAC_Update(state, message, msg_octets) == 0)
+        return srtp_err_status_auth_fail;
+
+    return srtp_err_status_ok;
+}
+
+static srtp_err_status_t srtp_hmac_compute(void *statev,
+                                           const uint8_t *message,
+                                           int msg_octets,
+                                           int tag_len,
+                                           uint8_t *result)
+{
+    HMAC_CTX *state = (HMAC_CTX *)statev;
+    uint8_t hash_value[SHA1_DIGEST_SIZE];
+    int i;
+    unsigned int len;
+
+    /* check tag length, return error if we can't provide the value expected */
+    if (tag_len > SHA1_DIGEST_SIZE) {
+        return srtp_err_status_bad_param;
+    }
+
+    /* hash message, copy output into H */
+    if (HMAC_Update(state, message, msg_octets) == 0)
+        return srtp_err_status_auth_fail;
+
+    if (HMAC_Final(state, hash_value, &len) == 0)
+        return srtp_err_status_auth_fail;
+
+    if (len < tag_len)
+        return srtp_err_status_auth_fail;
+
+    /* copy hash_value to *result */
+    for (i = 0; i < tag_len; i++) {
+        result[i] = hash_value[i];
+    }
+
+    debug_print(srtp_mod_hmac, "output: %s",
+                srtp_octet_string_hex_string(hash_value, tag_len));
+
+    return srtp_err_status_ok;
+}
+
+/* begin test case 0 */
+/* clang-format off */
+static const uint8_t srtp_hmac_test_case_0_key[SHA1_DIGEST_SIZE] = {
+    0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+    0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+    0x0b, 0x0b, 0x0b, 0x0b
+};
+/* clang-format on */
+
+/* clang-format off */
+static const uint8_t srtp_hmac_test_case_0_data[8] = {
+    0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65 /* "Hi There" */
+};
+/* clang-format on */
+
+/* clang-format off */
+static const uint8_t srtp_hmac_test_case_0_tag[SHA1_DIGEST_SIZE] = {
+    0xb6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64,
+    0xe2, 0x8b, 0xc0, 0xb6, 0xfb, 0x37, 0x8c, 0x8e,
+    0xf1, 0x46, 0xbe, 0x00
+};
+/* clang-format on */
+
+static const srtp_auth_test_case_t srtp_hmac_test_case_0 = {
+    sizeof(srtp_hmac_test_case_0_key),  /* octets in key            */
+    srtp_hmac_test_case_0_key,          /* key                      */
+    sizeof(srtp_hmac_test_case_0_data), /* octets in data           */
+    srtp_hmac_test_case_0_data,         /* data                     */
+    sizeof(srtp_hmac_test_case_0_tag),  /* octets in tag            */
+    srtp_hmac_test_case_0_tag,          /* tag                      */
+    NULL                                /* pointer to next testcase */
+};
+
+/* end test case 0 */
+
+static const char srtp_hmac_description[] =
+    "hmac sha-1 authentication function";
+
+/*
+ * srtp_auth_type_t hmac is the hmac metaobject
+ */
+
+const srtp_auth_type_t srtp_hmac = {
+    srtp_hmac_alloc,        /* */
+    srtp_hmac_dealloc,      /* */
+    srtp_hmac_init,         /* */
+    srtp_hmac_compute,      /* */
+    srtp_hmac_update,       /* */
+    srtp_hmac_start,        /* */
+    srtp_hmac_description,  /* */
+    &srtp_hmac_test_case_0, /* */
+    SRTP_HMAC_SHA1          /* */
+};
diff --git a/trunk/3rdparty/libsrtp-2-fit/crypto/hash/null_auth.c b/trunk/3rdparty/libsrtp-2-fit/crypto/hash/null_auth.c
new file mode 100644
index 000000000..5194417ca
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/crypto/hash/null_auth.c
@@ -0,0 +1,168 @@
+/*
+ * null_auth.c
+ *
+ * implements the do-nothing auth algorithm
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ *
+ */
+
+/*
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include "null_auth.h"
+#include "err.h" /* for srtp_debug */
+#include "alloc.h"
+#include "cipher_types.h"
+
+static srtp_err_status_t srtp_null_auth_alloc(srtp_auth_t **a,
+                                              int key_len,
+                                              int out_len)
+{
+    extern const srtp_auth_type_t srtp_null_auth;
+    uint8_t *pointer;
+
+    debug_print(srtp_mod_auth, "allocating auth func with key length %d",
+                key_len);
+    debug_print(srtp_mod_auth, "                          tag length %d",
+                out_len);
+
+    /* allocate memory for auth and srtp_null_auth_ctx_t structures */
+    pointer = (uint8_t *)srtp_crypto_alloc(sizeof(srtp_null_auth_ctx_t) +
+                                           sizeof(srtp_auth_t));
+    if (pointer == NULL) {
+        return srtp_err_status_alloc_fail;
+    }
+
+    /* set pointers */
+    *a = (srtp_auth_t *)pointer;
+    (*a)->type = &srtp_null_auth;
+    (*a)->state = pointer + sizeof(srtp_auth_t);
+    (*a)->out_len = out_len;
+    (*a)->prefix_len = out_len;
+    (*a)->key_len = key_len;
+
+    return srtp_err_status_ok;
+}
+
+static srtp_err_status_t srtp_null_auth_dealloc(srtp_auth_t *a)
+{
+    extern const srtp_auth_type_t srtp_null_auth;
+
+    /* zeroize entire state*/
+    octet_string_set_to_zero(a, sizeof(srtp_null_auth_ctx_t) +
+                                    sizeof(srtp_auth_t));
+
+    /* free memory */
+    srtp_crypto_free(a);
+
+    return srtp_err_status_ok;
+}
+
+static srtp_err_status_t srtp_null_auth_init(void *statev,
+                                             const uint8_t *key,
+                                             int key_len)
+{
+    /* srtp_null_auth_ctx_t *state = (srtp_null_auth_ctx_t *)statev; */
+    /* accept any length of key, and do nothing */
+
+    return srtp_err_status_ok;
+}
+
+static srtp_err_status_t srtp_null_auth_compute(void *statev,
+                                                const uint8_t *message,
+                                                int msg_octets,
+                                                int tag_len,
+                                                uint8_t *result)
+{
+    /* srtp_null_auth_ctx_t *state = (srtp_null_auth_ctx_t *)statev; */
+
+    return srtp_err_status_ok;
+}
+
+static srtp_err_status_t srtp_null_auth_update(void *statev,
+                                               const uint8_t *message,
+                                               int msg_octets)
+{
+    /* srtp_null_auth_ctx_t *state = (srtp_null_auth_ctx_t *)statev; */
+
+    return srtp_err_status_ok;
+}
+
+static srtp_err_status_t srtp_null_auth_start(void *statev)
+{
+    /* srtp_null_auth_ctx_t *state = (srtp_null_auth_ctx_t *)statev; */
+
+    return srtp_err_status_ok;
+}
+
+/*
+ * srtp_auth_type_t - defines description, test case, and null_auth
+ * metaobject
+ */
+
+/* begin test case 0 */
+
+static const srtp_auth_test_case_t srtp_null_auth_test_case_0 = {
+    0,    /* octets in key            */
+    NULL, /* key                      */
+    0,    /* octets in data           */
+    NULL, /* data                     */
+    0,    /* octets in tag            */
+    NULL, /* tag                      */
+    NULL  /* pointer to next testcase */
+};
+
+/* end test case 0 */
+
+static const char srtp_null_auth_description[] = "null authentication function";
+
+const srtp_auth_type_t srtp_null_auth = {
+    srtp_null_auth_alloc,        /* */
+    srtp_null_auth_dealloc,      /* */
+    srtp_null_auth_init,         /* */
+    srtp_null_auth_compute,      /* */
+    srtp_null_auth_update,       /* */
+    srtp_null_auth_start,        /* */
+    srtp_null_auth_description,  /* */
+    &srtp_null_auth_test_case_0, /* */
+    SRTP_NULL_AUTH               /* */
+};
diff --git a/trunk/3rdparty/libsrtp-2-fit/crypto/hash/sha1.c b/trunk/3rdparty/libsrtp-2-fit/crypto/hash/sha1.c
new file mode 100644
index 000000000..36c049ef8
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/crypto/hash/sha1.c
@@ -0,0 +1,472 @@
+/*
+ * sha1.c
+ *
+ * an implementation of the Secure Hash Algorithm v.1 (SHA-1),
+ * specified in FIPS 180-1
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ */
+
+/*
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include "sha1.h"
+
+srtp_debug_module_t srtp_mod_sha1 = {
+    0,      /* debugging is off by default */
+    "sha-1" /* printable module name       */
+};
+
+/* SN == Rotate left N bits */
+#define S1(X) ((X << 1) | (X >> 31))
+#define S5(X) ((X << 5) | (X >> 27))
+#define S30(X) ((X << 30) | (X >> 2))
+
+#define f0(B, C, D) ((B & C) | (~B & D))
+#define f1(B, C, D) (B ^ C ^ D)
+#define f2(B, C, D) ((B & C) | (B & D) | (C & D))
+#define f3(B, C, D) (B ^ C ^ D)
+
+/*
+ * nota bene: the variable K0 appears in the curses library, so we
+ * give longer names to these variables to avoid spurious warnings
+ * on systems that uses curses
+ */
+
+uint32_t SHA_K0 = 0x5A827999; /* Kt for 0  <= t <= 19 */
+uint32_t SHA_K1 = 0x6ED9EBA1; /* Kt for 20 <= t <= 39 */
+uint32_t SHA_K2 = 0x8F1BBCDC; /* Kt for 40 <= t <= 59 */
+uint32_t SHA_K3 = 0xCA62C1D6; /* Kt for 60 <= t <= 79 */
+
+void srtp_sha1(const uint8_t *msg, int octets_in_msg, uint32_t hash_value[5])
+{
+    srtp_sha1_ctx_t ctx;
+
+    srtp_sha1_init(&ctx);
+    srtp_sha1_update(&ctx, msg, octets_in_msg);
+    srtp_sha1_final(&ctx, hash_value);
+}
+
+/*
+ *  srtp_sha1_core(M, H) computes the core compression function, where M is
+ *  the next part of the message (in network byte order) and H is the
+ *  intermediate state { H0, H1, ...} (in host byte order)
+ *
+ *  this function does not do any of the padding required in the
+ *  complete SHA1 function
+ *
+ *  this function is used in the SEAL 3.0 key setup routines
+ *  (crypto/cipher/seal.c)
+ */
+
+void srtp_sha1_core(const uint32_t M[16], uint32_t hash_value[5])
+{
+    uint32_t H0;
+    uint32_t H1;
+    uint32_t H2;
+    uint32_t H3;
+    uint32_t H4;
+    uint32_t W[80];
+    uint32_t A, B, C, D, E, TEMP;
+    int t;
+
+    /* copy hash_value into H0, H1, H2, H3, H4 */
+    H0 = hash_value[0];
+    H1 = hash_value[1];
+    H2 = hash_value[2];
+    H3 = hash_value[3];
+    H4 = hash_value[4];
+
+    /* copy/xor message into array */
+
+    W[0] = be32_to_cpu(M[0]);
+    W[1] = be32_to_cpu(M[1]);
+    W[2] = be32_to_cpu(M[2]);
+    W[3] = be32_to_cpu(M[3]);
+    W[4] = be32_to_cpu(M[4]);
+    W[5] = be32_to_cpu(M[5]);
+    W[6] = be32_to_cpu(M[6]);
+    W[7] = be32_to_cpu(M[7]);
+    W[8] = be32_to_cpu(M[8]);
+    W[9] = be32_to_cpu(M[9]);
+    W[10] = be32_to_cpu(M[10]);
+    W[11] = be32_to_cpu(M[11]);
+    W[12] = be32_to_cpu(M[12]);
+    W[13] = be32_to_cpu(M[13]);
+    W[14] = be32_to_cpu(M[14]);
+    W[15] = be32_to_cpu(M[15]);
+    TEMP = W[13] ^ W[8] ^ W[2] ^ W[0];
+    W[16] = S1(TEMP);
+    TEMP = W[14] ^ W[9] ^ W[3] ^ W[1];
+    W[17] = S1(TEMP);
+    TEMP = W[15] ^ W[10] ^ W[4] ^ W[2];
+    W[18] = S1(TEMP);
+    TEMP = W[16] ^ W[11] ^ W[5] ^ W[3];
+    W[19] = S1(TEMP);
+    TEMP = W[17] ^ W[12] ^ W[6] ^ W[4];
+    W[20] = S1(TEMP);
+    TEMP = W[18] ^ W[13] ^ W[7] ^ W[5];
+    W[21] = S1(TEMP);
+    TEMP = W[19] ^ W[14] ^ W[8] ^ W[6];
+    W[22] = S1(TEMP);
+    TEMP = W[20] ^ W[15] ^ W[9] ^ W[7];
+    W[23] = S1(TEMP);
+    TEMP = W[21] ^ W[16] ^ W[10] ^ W[8];
+    W[24] = S1(TEMP);
+    TEMP = W[22] ^ W[17] ^ W[11] ^ W[9];
+    W[25] = S1(TEMP);
+    TEMP = W[23] ^ W[18] ^ W[12] ^ W[10];
+    W[26] = S1(TEMP);
+    TEMP = W[24] ^ W[19] ^ W[13] ^ W[11];
+    W[27] = S1(TEMP);
+    TEMP = W[25] ^ W[20] ^ W[14] ^ W[12];
+    W[28] = S1(TEMP);
+    TEMP = W[26] ^ W[21] ^ W[15] ^ W[13];
+    W[29] = S1(TEMP);
+    TEMP = W[27] ^ W[22] ^ W[16] ^ W[14];
+    W[30] = S1(TEMP);
+    TEMP = W[28] ^ W[23] ^ W[17] ^ W[15];
+    W[31] = S1(TEMP);
+
+    /* process the remainder of the array */
+    for (t = 32; t < 80; t++) {
+        TEMP = W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16];
+        W[t] = S1(TEMP);
+    }
+
+    A = H0;
+    B = H1;
+    C = H2;
+    D = H3;
+    E = H4;
+
+    for (t = 0; t < 20; t++) {
+        TEMP = S5(A) + f0(B, C, D) + E + W[t] + SHA_K0;
+        E = D;
+        D = C;
+        C = S30(B);
+        B = A;
+        A = TEMP;
+    }
+    for (; t < 40; t++) {
+        TEMP = S5(A) + f1(B, C, D) + E + W[t] + SHA_K1;
+        E = D;
+        D = C;
+        C = S30(B);
+        B = A;
+        A = TEMP;
+    }
+    for (; t < 60; t++) {
+        TEMP = S5(A) + f2(B, C, D) + E + W[t] + SHA_K2;
+        E = D;
+        D = C;
+        C = S30(B);
+        B = A;
+        A = TEMP;
+    }
+    for (; t < 80; t++) {
+        TEMP = S5(A) + f3(B, C, D) + E + W[t] + SHA_K3;
+        E = D;
+        D = C;
+        C = S30(B);
+        B = A;
+        A = TEMP;
+    }
+
+    hash_value[0] = H0 + A;
+    hash_value[1] = H1 + B;
+    hash_value[2] = H2 + C;
+    hash_value[3] = H3 + D;
+    hash_value[4] = H4 + E;
+
+    return;
+}
+
+void srtp_sha1_init(srtp_sha1_ctx_t *ctx)
+{
+    /* initialize state vector */
+    ctx->H[0] = 0x67452301;
+    ctx->H[1] = 0xefcdab89;
+    ctx->H[2] = 0x98badcfe;
+    ctx->H[3] = 0x10325476;
+    ctx->H[4] = 0xc3d2e1f0;
+
+    /* indicate that message buffer is empty */
+    ctx->octets_in_buffer = 0;
+
+    /* reset message bit-count to zero */
+    ctx->num_bits_in_msg = 0;
+}
+
+void srtp_sha1_update(srtp_sha1_ctx_t *ctx,
+                      const uint8_t *msg,
+                      int octets_in_msg)
+{
+    int i;
+    uint8_t *buf = (uint8_t *)ctx->M;
+
+    /* update message bit-count */
+    ctx->num_bits_in_msg += octets_in_msg * 8;
+
+    /* loop over 16-word blocks of M */
+    while (octets_in_msg > 0) {
+        if (octets_in_msg + ctx->octets_in_buffer >= 64) {
+            /*
+             * copy words of M into msg buffer until that buffer is full,
+             * converting them into host byte order as needed
+             */
+            octets_in_msg -= (64 - ctx->octets_in_buffer);
+            for (i = ctx->octets_in_buffer; i < 64; i++) {
+                buf[i] = *msg++;
+            }
+            ctx->octets_in_buffer = 0;
+
+            /* process a whole block */
+
+            debug_print0(srtp_mod_sha1, "(update) running srtp_sha1_core()");
+
+            srtp_sha1_core(ctx->M, ctx->H);
+
+        } else {
+            debug_print0(srtp_mod_sha1,
+                         "(update) not running srtp_sha1_core()");
+
+            for (i = ctx->octets_in_buffer;
+                 i < (ctx->octets_in_buffer + octets_in_msg); i++) {
+                buf[i] = *msg++;
+            }
+            ctx->octets_in_buffer += octets_in_msg;
+            octets_in_msg = 0;
+        }
+    }
+}
+
+/*
+ * srtp_sha1_final(ctx, output) computes the result for ctx and copies it
+ * into the twenty octets located at *output
+ */
+
+void srtp_sha1_final(srtp_sha1_ctx_t *ctx, uint32_t *output)
+{
+    uint32_t A, B, C, D, E, TEMP;
+    uint32_t W[80];
+    int i, t;
+
+    /*
+     * process the remaining octets_in_buffer, padding and terminating as
+     * necessary
+     */
+    {
+        int tail = ctx->octets_in_buffer % 4;
+
+        /* copy/xor message into array */
+        for (i = 0; i < (ctx->octets_in_buffer + 3) / 4; i++) {
+            W[i] = be32_to_cpu(ctx->M[i]);
+        }
+
+        /* set the high bit of the octet immediately following the message */
+        switch (tail) {
+        case (3):
+            W[i - 1] = (be32_to_cpu(ctx->M[i - 1]) & 0xffffff00) | 0x80;
+            W[i] = 0x0;
+            break;
+        case (2):
+            W[i - 1] = (be32_to_cpu(ctx->M[i - 1]) & 0xffff0000) | 0x8000;
+            W[i] = 0x0;
+            break;
+        case (1):
+            W[i - 1] = (be32_to_cpu(ctx->M[i - 1]) & 0xff000000) | 0x800000;
+            W[i] = 0x0;
+            break;
+        case (0):
+            W[i] = 0x80000000;
+            break;
+        }
+
+        /* zeroize remaining words */
+        for (i++; i < 15; i++) {
+            W[i] = 0x0;
+        }
+
+        /*
+         * if there is room at the end of the word array, then set the
+         * last word to the bit-length of the message; otherwise, set that
+         * word to zero and then we need to do one more run of the
+         * compression algo.
+         */
+        if (ctx->octets_in_buffer < 56) {
+            W[15] = ctx->num_bits_in_msg;
+        } else if (ctx->octets_in_buffer < 60) {
+            W[15] = 0x0;
+        }
+
+        /* process the word array */
+        for (t = 16; t < 80; t++) {
+            TEMP = W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16];
+            W[t] = S1(TEMP);
+        }
+
+        A = ctx->H[0];
+        B = ctx->H[1];
+        C = ctx->H[2];
+        D = ctx->H[3];
+        E = ctx->H[4];
+
+        for (t = 0; t < 20; t++) {
+            TEMP = S5(A) + f0(B, C, D) + E + W[t] + SHA_K0;
+            E = D;
+            D = C;
+            C = S30(B);
+            B = A;
+            A = TEMP;
+        }
+        for (; t < 40; t++) {
+            TEMP = S5(A) + f1(B, C, D) + E + W[t] + SHA_K1;
+            E = D;
+            D = C;
+            C = S30(B);
+            B = A;
+            A = TEMP;
+        }
+        for (; t < 60; t++) {
+            TEMP = S5(A) + f2(B, C, D) + E + W[t] + SHA_K2;
+            E = D;
+            D = C;
+            C = S30(B);
+            B = A;
+            A = TEMP;
+        }
+        for (; t < 80; t++) {
+            TEMP = S5(A) + f3(B, C, D) + E + W[t] + SHA_K3;
+            E = D;
+            D = C;
+            C = S30(B);
+            B = A;
+            A = TEMP;
+        }
+
+        ctx->H[0] += A;
+        ctx->H[1] += B;
+        ctx->H[2] += C;
+        ctx->H[3] += D;
+        ctx->H[4] += E;
+    }
+
+    debug_print0(srtp_mod_sha1, "(final) running srtp_sha1_core()");
+
+    if (ctx->octets_in_buffer >= 56) {
+        debug_print0(srtp_mod_sha1, "(final) running srtp_sha1_core() again");
+
+        /* we need to do one final run of the compression algo */
+
+        /*
+         * set initial part of word array to zeros, and set the
+         * final part to the number of bits in the message
+         */
+        for (i = 0; i < 15; i++) {
+            W[i] = 0x0;
+        }
+        W[15] = ctx->num_bits_in_msg;
+
+        /* process the word array */
+        for (t = 16; t < 80; t++) {
+            TEMP = W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16];
+            W[t] = S1(TEMP);
+        }
+
+        A = ctx->H[0];
+        B = ctx->H[1];
+        C = ctx->H[2];
+        D = ctx->H[3];
+        E = ctx->H[4];
+
+        for (t = 0; t < 20; t++) {
+            TEMP = S5(A) + f0(B, C, D) + E + W[t] + SHA_K0;
+            E = D;
+            D = C;
+            C = S30(B);
+            B = A;
+            A = TEMP;
+        }
+        for (; t < 40; t++) {
+            TEMP = S5(A) + f1(B, C, D) + E + W[t] + SHA_K1;
+            E = D;
+            D = C;
+            C = S30(B);
+            B = A;
+            A = TEMP;
+        }
+        for (; t < 60; t++) {
+            TEMP = S5(A) + f2(B, C, D) + E + W[t] + SHA_K2;
+            E = D;
+            D = C;
+            C = S30(B);
+            B = A;
+            A = TEMP;
+        }
+        for (; t < 80; t++) {
+            TEMP = S5(A) + f3(B, C, D) + E + W[t] + SHA_K3;
+            E = D;
+            D = C;
+            C = S30(B);
+            B = A;
+            A = TEMP;
+        }
+
+        ctx->H[0] += A;
+        ctx->H[1] += B;
+        ctx->H[2] += C;
+        ctx->H[3] += D;
+        ctx->H[4] += E;
+    }
+
+    /* copy result into output buffer */
+    output[0] = be32_to_cpu(ctx->H[0]);
+    output[1] = be32_to_cpu(ctx->H[1]);
+    output[2] = be32_to_cpu(ctx->H[2]);
+    output[3] = be32_to_cpu(ctx->H[3]);
+    output[4] = be32_to_cpu(ctx->H[4]);
+
+    /* indicate that message buffer in context is empty */
+    ctx->octets_in_buffer = 0;
+
+    return;
+}
diff --git a/trunk/3rdparty/libsrtp-2-fit/crypto/include/aes.h b/trunk/3rdparty/libsrtp-2-fit/crypto/include/aes.h
new file mode 100644
index 000000000..779c3ac74
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/crypto/include/aes.h
@@ -0,0 +1,83 @@
+/*
+ * aes.h
+ *
+ * header file for the AES block cipher
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ */
+
+/*
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef AES_H
+#define AES_H
+
+#include "datatypes.h"
+#include "err.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* aes internals */
+
+typedef struct {
+    v128_t round[15];
+    int num_rounds;
+} srtp_aes_expanded_key_t;
+
+srtp_err_status_t srtp_aes_expand_encryption_key(
+    const uint8_t *key,
+    int key_len,
+    srtp_aes_expanded_key_t *expanded_key);
+
+srtp_err_status_t srtp_aes_expand_decryption_key(
+    const uint8_t *key,
+    int key_len,
+    srtp_aes_expanded_key_t *expanded_key);
+
+void srtp_aes_encrypt(v128_t *plaintext,
+                      const srtp_aes_expanded_key_t *exp_key);
+
+void srtp_aes_decrypt(v128_t *plaintext,
+                      const srtp_aes_expanded_key_t *exp_key);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* AES_H */
diff --git a/trunk/3rdparty/libsrtp-2-fit/crypto/include/aes_gcm.h b/trunk/3rdparty/libsrtp-2-fit/crypto/include/aes_gcm.h
new file mode 100644
index 000000000..4d6031f4b
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/crypto/include/aes_gcm.h
@@ -0,0 +1,89 @@
+/*
+ * aes_gcm.h
+ *
+ * Header for AES Galois Counter Mode.
+ *
+ * John A. Foley
+ * Cisco Systems, Inc.
+ *
+ */
+/*
+ *
+ * Copyright (c) 2013-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef AES_GCM_H
+#define AES_GCM_H
+
+#include "cipher.h"
+#include "srtp.h"
+#include "datatypes.h"
+
+#ifdef OPENSSL
+
+#include <openssl/evp.h>
+#include <openssl/aes.h>
+
+typedef struct {
+    int key_size;
+    int tag_len;
+    EVP_CIPHER_CTX *ctx;
+    srtp_cipher_direction_t dir;
+} srtp_aes_gcm_ctx_t;
+
+#endif /* OPENSSL */
+
+#ifdef NSS
+
+#include <nss.h>
+#include <pk11pub.h>
+
+#define MAX_AD_SIZE 2048
+
+typedef struct {
+    int key_size;
+    int tag_size;
+    srtp_cipher_direction_t dir;
+    NSSInitContext *nss;
+    PK11SymKey *key;
+    uint8_t iv[12];
+    uint8_t aad[MAX_AD_SIZE];
+    int aad_size;
+    CK_GCM_PARAMS params;
+    uint8_t tag[16];
+} srtp_aes_gcm_ctx_t;
+
+#endif /* NSS */
+
+#endif /* AES_GCM_H */
diff --git a/trunk/3rdparty/libsrtp-2-fit/crypto/include/aes_icm.h b/trunk/3rdparty/libsrtp-2-fit/crypto/include/aes_icm.h
new file mode 100644
index 000000000..8ded156a2
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/crypto/include/aes_icm.h
@@ -0,0 +1,62 @@
+/*
+ * aes_icm.h
+ *
+ * Header for AES Integer Counter Mode.
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ *
+ */
+
+/*
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef AES_ICM_H
+#define AES_ICM_H
+
+#include "aes.h"
+#include "cipher.h"
+
+typedef struct {
+    v128_t counter;                       /* holds the counter value          */
+    v128_t offset;                        /* initial offset value             */
+    v128_t keystream_buffer;              /* buffers bytes of keystream       */
+    srtp_aes_expanded_key_t expanded_key; /* the cipher key                   */
+    int bytes_in_buffer;                  /* number of unused bytes in buffer */
+    int key_size;                         /* AES key size + 14 byte SALT */
+} srtp_aes_icm_ctx_t;
+
+#endif /* AES_ICM_H */
diff --git a/trunk/3rdparty/libsrtp-2-fit/crypto/include/aes_icm_ext.h b/trunk/3rdparty/libsrtp-2-fit/crypto/include/aes_icm_ext.h
new file mode 100644
index 000000000..ad306ddca
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/crypto/include/aes_icm_ext.h
@@ -0,0 +1,83 @@
+/*
+ * aes_icm.h
+ *
+ * Header for AES Integer Counter Mode.
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ *
+ */
+/*
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef AES_ICM_H
+#define AES_ICM_H
+
+#include "cipher.h"
+#include "datatypes.h"
+
+#ifdef OPENSSL
+
+#include <openssl/evp.h>
+#include <openssl/aes.h>
+
+typedef struct {
+    v128_t counter; /* holds the counter value          */
+    v128_t offset;  /* initial offset value             */
+    int key_size;
+    EVP_CIPHER_CTX *ctx;
+} srtp_aes_icm_ctx_t;
+
+#endif /* OPENSSL */
+
+#ifdef NSS
+
+#include <nss.h>
+#include <pk11pub.h>
+
+typedef struct {
+    v128_t counter;
+    v128_t offset;
+    int key_size;
+    uint8_t iv[16];
+    NSSInitContext *nss;
+    PK11SymKey *key;
+    PK11Context *ctx;
+} srtp_aes_icm_ctx_t;
+
+#endif /* NSS */
+
+#endif /* AES_ICM_H */
diff --git a/trunk/3rdparty/libsrtp-2-fit/crypto/include/alloc.h b/trunk/3rdparty/libsrtp-2-fit/crypto/include/alloc.h
new file mode 100644
index 000000000..1fc041014
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/crypto/include/alloc.h
@@ -0,0 +1,76 @@
+/*
+ * alloc.h
+ *
+ * interface to memory allocation and deallocation, with optional debugging
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ */
+/*
+ *
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef CRYPTO_ALLOC_H
+#define CRYPTO_ALLOC_H
+
+#include "datatypes.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * srtp_crypto_alloc
+ *
+ * Allocates a block of memory  of given size. The memory will be
+ * initialized to zero's. Free the memory with a call to srtp_crypto_free.
+ *
+ * returns pointer to memory on success or else NULL
+ */
+void *srtp_crypto_alloc(size_t size);
+
+/*
+ * srtp_crypto_free
+ *
+ * Frees the block of memory  ptr previously  allocated with
+ * srtp_crypto_alloc
+ */
+void srtp_crypto_free(void *ptr);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* CRYPTO_ALLOC_H */
diff --git a/trunk/3rdparty/libsrtp-2-fit/crypto/include/auth.h b/trunk/3rdparty/libsrtp-2-fit/crypto/include/auth.h
new file mode 100644
index 000000000..774ea1687
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/crypto/include/auth.h
@@ -0,0 +1,173 @@
+/*
+ * auth.h
+ *
+ * common interface to authentication functions
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ */
+
+/*
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef SRTP_AUTH_H
+#define SRTP_AUTH_H
+
+#include "srtp.h"
+#include "crypto_types.h" /* for values of auth_type_id_t */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef const struct srtp_auth_type_t *srtp_auth_type_pointer;
+typedef struct srtp_auth_t *srtp_auth_pointer_t;
+
+typedef srtp_err_status_t (*srtp_auth_alloc_func)(srtp_auth_pointer_t *ap,
+                                                  int key_len,
+                                                  int out_len);
+
+typedef srtp_err_status_t (*srtp_auth_init_func)(void *state,
+                                                 const uint8_t *key,
+                                                 int key_len);
+
+typedef srtp_err_status_t (*srtp_auth_dealloc_func)(srtp_auth_pointer_t ap);
+
+typedef srtp_err_status_t (*srtp_auth_compute_func)(void *state,
+                                                    const uint8_t *buffer,
+                                                    int octets_to_auth,
+                                                    int tag_len,
+                                                    uint8_t *tag);
+
+typedef srtp_err_status_t (*srtp_auth_update_func)(void *state,
+                                                   const uint8_t *buffer,
+                                                   int octets_to_auth);
+
+typedef srtp_err_status_t (*srtp_auth_start_func)(void *state);
+
+/* some syntactic sugar on these function types */
+#define srtp_auth_type_alloc(at, a, klen, outlen)                              \
+    ((at)->alloc((a), (klen), (outlen)))
+
+#define srtp_auth_init(a, key)                                                 \
+    (((a)->type)->init((a)->state, (key), ((a)->key_len)))
+
+#define srtp_auth_compute(a, buf, len, res)                                    \
+    (((a)->type)->compute((a)->state, (buf), (len), (a)->out_len, (res)))
+
+#define srtp_auth_update(a, buf, len)                                          \
+    (((a)->type)->update((a)->state, (buf), (len)))
+
+#define srtp_auth_start(a) (((a)->type)->start((a)->state))
+
+#define srtp_auth_dealloc(c) (((c)->type)->dealloc(c))
+
+/* functions to get information about a particular auth_t */
+int srtp_auth_get_key_length(const struct srtp_auth_t *a);
+
+int srtp_auth_get_tag_length(const struct srtp_auth_t *a);
+
+int srtp_auth_get_prefix_length(const struct srtp_auth_t *a);
+
+/*
+ * srtp_auth_test_case_t is a (list of) key/message/tag values that are
+ * known to be correct for a particular cipher.  this data can be used
+ * to test an implementation in an on-the-fly self test of the
+ * correctness of the implementation.  (see the srtp_auth_type_self_test()
+ * function below)
+ */
+typedef struct srtp_auth_test_case_t {
+    int key_length_octets;  /* octets in key            */
+    const uint8_t *key;     /* key                      */
+    int data_length_octets; /* octets in data           */
+    const uint8_t *data;    /* data                     */
+    int tag_length_octets;  /* octets in tag            */
+    const uint8_t *tag;     /* tag                      */
+    const struct srtp_auth_test_case_t
+        *next_test_case; /* pointer to next testcase */
+} srtp_auth_test_case_t;
+
+/* srtp_auth_type_t */
+typedef struct srtp_auth_type_t {
+    srtp_auth_alloc_func alloc;
+    srtp_auth_dealloc_func dealloc;
+    srtp_auth_init_func init;
+    srtp_auth_compute_func compute;
+    srtp_auth_update_func update;
+    srtp_auth_start_func start;
+    const char *description;
+    const srtp_auth_test_case_t *test_data;
+    srtp_auth_type_id_t id;
+} srtp_auth_type_t;
+
+typedef struct srtp_auth_t {
+    const srtp_auth_type_t *type;
+    void *state;
+    int out_len;    /* length of output tag in octets */
+    int key_len;    /* length of key in octets        */
+    int prefix_len; /* length of keystream prefix     */
+} srtp_auth_t;
+
+/*
+ * srtp_auth_type_self_test() tests an auth_type against test cases
+ * provided in an array of values of key/message/tag that is known to
+ * be good
+ */
+srtp_err_status_t srtp_auth_type_self_test(const srtp_auth_type_t *at);
+
+/*
+ * srtp_auth_type_test() tests an auth_type against external test cases
+ * provided in an array of values of key/message/tag that is known to
+ * be good
+ */
+srtp_err_status_t srtp_auth_type_test(const srtp_auth_type_t *at,
+                                      const srtp_auth_test_case_t *test_data);
+
+/*
+ * srtp_replace_auth_type(ct, id)
+ *
+ * replaces srtp's kernel's auth type implementation for the auth_type id
+ * with a new one passed in externally.  The new auth type must pass all the
+ * existing auth_type's self tests as well as its own.
+ */
+srtp_err_status_t srtp_replace_auth_type(const srtp_auth_type_t *ct,
+                                         srtp_auth_type_id_t id);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* SRTP_AUTH_H */
diff --git a/trunk/3rdparty/libsrtp-2-fit/crypto/include/cipher.h b/trunk/3rdparty/libsrtp-2-fit/crypto/include/cipher.h
new file mode 100644
index 000000000..4f14e3560
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/crypto/include/cipher.h
@@ -0,0 +1,248 @@
+/*
+ * cipher.h
+ *
+ * common interface to ciphers
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ */
+/*
+ *
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef SRTP_CIPHER_H
+#define SRTP_CIPHER_H
+
+#include "srtp.h"
+#include "crypto_types.h" /* for values of cipher_type_id_t */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * srtp_cipher_direction_t defines a particular cipher operation.
+ *
+ * A srtp_cipher_direction_t is an enum that describes a particular cipher
+ * operation, i.e. encryption or decryption.  For some ciphers, this
+ * distinction does not matter, but for others, it is essential.
+ */
+typedef enum {
+    srtp_direction_encrypt, /**< encryption (convert plaintext to ciphertext) */
+    srtp_direction_decrypt, /**< decryption (convert ciphertext to plaintext) */
+    srtp_direction_any      /**< encryption or decryption                     */
+} srtp_cipher_direction_t;
+
+/*
+ * the srtp_cipher_pointer_t definition is needed
+ * as srtp_cipher_t is not yet defined
+ */
+typedef struct srtp_cipher_t *srtp_cipher_pointer_t;
+
+/*
+ *  a srtp_cipher_alloc_func_t allocates (but does not initialize) a
+ * srtp_cipher_t
+ */
+typedef srtp_err_status_t (*srtp_cipher_alloc_func_t)(srtp_cipher_pointer_t *cp,
+                                                      int key_len,
+                                                      int tag_len);
+
+/*
+ * a srtp_cipher_init_func_t [re-]initializes a cipher_t with a given key
+ */
+typedef srtp_err_status_t (*srtp_cipher_init_func_t)(void *state,
+                                                     const uint8_t *key);
+
+/* a srtp_cipher_dealloc_func_t de-allocates a cipher_t */
+typedef srtp_err_status_t (*srtp_cipher_dealloc_func_t)(
+    srtp_cipher_pointer_t cp);
+
+/*
+ * a srtp_cipher_set_aad_func_t processes the AAD data for AEAD ciphers
+ */
+typedef srtp_err_status_t (*srtp_cipher_set_aad_func_t)(void *state,
+                                                        const uint8_t *aad,
+                                                        uint32_t aad_len);
+
+/* a srtp_cipher_encrypt_func_t encrypts data in-place */
+typedef srtp_err_status_t (*srtp_cipher_encrypt_func_t)(
+    void *state,
+    uint8_t *buffer,
+    unsigned int *octets_to_encrypt);
+
+/* a srtp_cipher_decrypt_func_t decrypts data in-place */
+typedef srtp_err_status_t (*srtp_cipher_decrypt_func_t)(
+    void *state,
+    uint8_t *buffer,
+    unsigned int *octets_to_decrypt);
+
+/*
+ * a srtp_cipher_set_iv_func_t function sets the current initialization vector
+ */
+typedef srtp_err_status_t (*srtp_cipher_set_iv_func_t)(
+    void *state,
+    uint8_t *iv,
+    srtp_cipher_direction_t direction);
+
+/*
+ * a cipher_get_tag_func_t function is used to get the authentication
+ * tag that was calculated by an AEAD cipher.
+ */
+typedef srtp_err_status_t (*srtp_cipher_get_tag_func_t)(void *state,
+                                                        uint8_t *tag,
+                                                        uint32_t *len);
+
+/*
+ * srtp_cipher_test_case_t is a (list of) key, salt, plaintext, ciphertext,
+ * and aad values that are known to be correct for a
+ * particular cipher.  this data can be used to test an implementation
+ * in an on-the-fly self test of the correctness of the implementation.
+ * (see the srtp_cipher_type_self_test() function below)
+ */
+typedef struct srtp_cipher_test_case_t {
+    int key_length_octets;                 /* octets in key            */
+    const uint8_t *key;                    /* key                      */
+    uint8_t *idx;                          /* packet index             */
+    unsigned int plaintext_length_octets;  /* octets in plaintext      */
+    const uint8_t *plaintext;              /* plaintext                */
+    unsigned int ciphertext_length_octets; /* octets in plaintext      */
+    const uint8_t *ciphertext;             /* ciphertext               */
+    int aad_length_octets;                 /* octets in AAD            */
+    const uint8_t *aad;                    /* AAD                      */
+    int tag_length_octets;                 /* Length of AEAD tag       */
+    const struct srtp_cipher_test_case_t
+        *next_test_case; /* pointer to next testcase */
+} srtp_cipher_test_case_t;
+
+/* srtp_cipher_type_t defines the 'metadata' for a particular cipher type */
+typedef struct srtp_cipher_type_t {
+    srtp_cipher_alloc_func_t alloc;
+    srtp_cipher_dealloc_func_t dealloc;
+    srtp_cipher_init_func_t init;
+    srtp_cipher_set_aad_func_t set_aad;
+    srtp_cipher_encrypt_func_t encrypt;
+    srtp_cipher_encrypt_func_t decrypt;
+    srtp_cipher_set_iv_func_t set_iv;
+    srtp_cipher_get_tag_func_t get_tag;
+    const char *description;
+    const srtp_cipher_test_case_t *test_data;
+    srtp_cipher_type_id_t id;
+} srtp_cipher_type_t;
+
+/*
+ * srtp_cipher_t defines an instantiation of a particular cipher, with fixed
+ * key length, key and salt values
+ */
+typedef struct srtp_cipher_t {
+    const srtp_cipher_type_t *type;
+    void *state;
+    int key_len;
+    int algorithm;
+} srtp_cipher_t;
+
+/* some bookkeeping functions */
+int srtp_cipher_get_key_length(const srtp_cipher_t *c);
+
+/*
+ * srtp_cipher_type_self_test() tests a cipher against test cases provided in
+ * an array of values of key/srtp_xtd_seq_num_t/plaintext/ciphertext
+ * that is known to be good
+ */
+srtp_err_status_t srtp_cipher_type_self_test(const srtp_cipher_type_t *ct);
+
+/*
+ * srtp_cipher_type_test() tests a cipher against external test cases provided
+ * in
+ * an array of values of key/srtp_xtd_seq_num_t/plaintext/ciphertext
+ * that is known to be good
+ */
+srtp_err_status_t srtp_cipher_type_test(
+    const srtp_cipher_type_t *ct,
+    const srtp_cipher_test_case_t *test_data);
+
+/*
+ * srtp_cipher_bits_per_second(c, l, t) computes (an estimate of) the
+ * number of bits that a cipher implementation can encrypt in a second
+ *
+ * c is a cipher (which MUST be allocated and initialized already), l
+ * is the length in octets of the test data to be encrypted, and t is
+ * the number of trials
+ *
+ * if an error is encountered, then the value 0 is returned
+ */
+uint64_t srtp_cipher_bits_per_second(srtp_cipher_t *c,
+                                     int octets_in_buffer,
+                                     int num_trials);
+
+srtp_err_status_t srtp_cipher_type_alloc(const srtp_cipher_type_t *ct,
+                                         srtp_cipher_t **c,
+                                         int key_len,
+                                         int tlen);
+srtp_err_status_t srtp_cipher_dealloc(srtp_cipher_t *c);
+srtp_err_status_t srtp_cipher_init(srtp_cipher_t *c, const uint8_t *key);
+srtp_err_status_t srtp_cipher_set_iv(srtp_cipher_t *c,
+                                     uint8_t *iv,
+                                     int direction);
+srtp_err_status_t srtp_cipher_output(srtp_cipher_t *c,
+                                     uint8_t *buffer,
+                                     uint32_t *num_octets_to_output);
+srtp_err_status_t srtp_cipher_encrypt(srtp_cipher_t *c,
+                                      uint8_t *buffer,
+                                      uint32_t *num_octets_to_output);
+srtp_err_status_t srtp_cipher_decrypt(srtp_cipher_t *c,
+                                      uint8_t *buffer,
+                                      uint32_t *num_octets_to_output);
+srtp_err_status_t srtp_cipher_get_tag(srtp_cipher_t *c,
+                                      uint8_t *buffer,
+                                      uint32_t *tag_len);
+srtp_err_status_t srtp_cipher_set_aad(srtp_cipher_t *c,
+                                      const uint8_t *aad,
+                                      uint32_t aad_len);
+
+/*
+ * srtp_replace_cipher_type(ct, id)
+ *
+ * replaces srtp's existing cipher implementation for the cipher_type id
+ * with a new one passed in externally.  The new cipher must pass all the
+ * existing cipher_type's self tests as well as its own.
+ */
+srtp_err_status_t srtp_replace_cipher_type(const srtp_cipher_type_t *ct,
+                                           srtp_cipher_type_id_t id);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* SRTP_CIPHER_H */
diff --git a/trunk/3rdparty/libsrtp-2-fit/crypto/include/cipher_priv.h b/trunk/3rdparty/libsrtp-2-fit/crypto/include/cipher_priv.h
new file mode 100644
index 000000000..46848ea7c
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/crypto/include/cipher_priv.h
@@ -0,0 +1,62 @@
+/*
+ *
+ * Copyright(c) 2001-2017 Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef SRTP_CIHPER_PRIV_H
+#define SRTP_CIHPER_PRIV_H
+
+#include "cipher.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * A trivial platform independent random source.
+ * For use in test only.
+ */
+void srtp_cipher_rand_for_tests(void *dest, uint32_t len);
+
+/*
+ * A trivial platform independent 32 bit random number.
+ * For use in test only.
+ */
+uint32_t srtp_cipher_rand_u32_for_tests(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* SRTP_CIPHER_PRIV_H */
diff --git a/trunk/3rdparty/libsrtp-2-fit/crypto/include/cipher_types.h b/trunk/3rdparty/libsrtp-2-fit/crypto/include/cipher_types.h
new file mode 100644
index 000000000..18f0328fb
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/crypto/include/cipher_types.h
@@ -0,0 +1,84 @@
+/*
+ *
+ * Copyright(c) 2001-2017 Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef CIHPER_TYPES_H
+#define CIHPER_TYPES_H
+
+#include "cipher.h"
+#include "auth.h"
+
+/*
+ * cipher types that can be included in the kernel
+ */
+
+extern const srtp_cipher_type_t srtp_null_cipher;
+extern const srtp_cipher_type_t srtp_aes_icm_128;
+extern const srtp_cipher_type_t srtp_aes_icm_256;
+#ifdef GCM
+extern const srtp_cipher_type_t srtp_aes_icm_192;
+extern const srtp_cipher_type_t srtp_aes_gcm_128;
+extern const srtp_cipher_type_t srtp_aes_gcm_256;
+#endif
+
+/*
+ * auth func types that can be included in the kernel
+ */
+
+extern const srtp_auth_type_t srtp_null_auth;
+extern const srtp_auth_type_t srtp_hmac;
+
+/*
+ * other generic debug modules that can be included in the kernel
+ */
+
+extern srtp_debug_module_t srtp_mod_auth;
+extern srtp_debug_module_t srtp_mod_cipher;
+extern srtp_debug_module_t srtp_mod_stat;
+extern srtp_debug_module_t srtp_mod_alloc;
+
+/* debug modules for cipher types */
+extern srtp_debug_module_t srtp_mod_aes_icm;
+#ifdef OPENSSL
+extern srtp_debug_module_t srtp_mod_aes_gcm;
+#endif
+#ifdef NSS
+extern srtp_debug_module_t srtp_mod_aes_gcm;
+#endif
+
+/* debug modules for auth types */
+extern srtp_debug_module_t srtp_mod_hmac;
+
+#endif
diff --git a/trunk/3rdparty/libsrtp-2-fit/crypto/include/crypto_kernel.h b/trunk/3rdparty/libsrtp-2-fit/crypto/include/crypto_kernel.h
new file mode 100644
index 000000000..1f8dfa771
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/crypto/include/crypto_kernel.h
@@ -0,0 +1,215 @@
+/*
+ * crypto_kernel.h
+ *
+ * header for the cryptographic kernel
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ */
+/*
+ *
+ * Copyright(c) 2001-2017 Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef CRYPTO_KERNEL
+#define CRYPTO_KERNEL
+
+#include "cipher.h"
+#include "auth.h"
+#include "err.h"
+#include "crypto_types.h"
+#include "key.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * crypto_kernel_state_t defines the possible states:
+ *
+ *    insecure - not yet initialized
+ *    secure   - initialized and passed self-tests
+ */
+typedef enum {
+    srtp_crypto_kernel_state_insecure,
+    srtp_crypto_kernel_state_secure
+} srtp_crypto_kernel_state_t;
+
+/*
+ * linked list of cipher types
+ */
+typedef struct srtp_kernel_cipher_type {
+    srtp_cipher_type_id_t id;
+    const srtp_cipher_type_t *cipher_type;
+    struct srtp_kernel_cipher_type *next;
+} srtp_kernel_cipher_type_t;
+
+/*
+ * linked list of auth types
+ */
+typedef struct srtp_kernel_auth_type {
+    srtp_auth_type_id_t id;
+    const srtp_auth_type_t *auth_type;
+    struct srtp_kernel_auth_type *next;
+} srtp_kernel_auth_type_t;
+
+/*
+ * linked list of debug modules
+ */
+typedef struct srtp_kernel_debug_module {
+    srtp_debug_module_t *mod;
+    struct srtp_kernel_debug_module *next;
+} srtp_kernel_debug_module_t;
+
+/*
+ * crypto_kernel_t is the data structure for the crypto kernel
+ *
+ * note that there is *exactly one* instance of this data type,
+ * a global variable defined in crypto_kernel.c
+ */
+typedef struct {
+    srtp_crypto_kernel_state_t state; /* current state of kernel     */
+    srtp_kernel_cipher_type_t *cipher_type_list; /* list of all cipher types */
+    srtp_kernel_auth_type_t *auth_type_list; /* list of all auth func types */
+    srtp_kernel_debug_module_t
+        *debug_module_list; /* list of all debug modules   */
+} srtp_crypto_kernel_t;
+
+/*
+ * srtp_crypto_kernel_t external api
+ */
+
+/*
+ * The function srtp_crypto_kernel_init() initialized the crypto kernel and
+ * runs the self-test operations on the random number generators and
+ * crypto algorithms.  Possible return values are:
+ *
+ *    srtp_err_status_ok    initialization successful
+ *    <other>               init failure
+ *
+ * If any value other than srtp_err_status_ok is returned, the
+ * crypto_kernel MUST NOT be used.
+ */
+srtp_err_status_t srtp_crypto_kernel_init(void);
+
+/*
+ * The function srtp_crypto_kernel_shutdown() de-initializes the
+ * crypto_kernel, zeroizes keys and other cryptographic material, and
+ * deallocates any dynamically allocated memory.  Possible return
+ * values are:
+ *
+ *    srtp_err_status_ok     shutdown successful
+ *    <other>                shutdown failure
+ *
+ */
+srtp_err_status_t srtp_crypto_kernel_shutdown(void);
+
+/*
+ * The function srtp_crypto_kernel_stats() checks the the crypto_kernel,
+ * running tests on the ciphers, auth funcs, and rng, and prints out a
+ * status report.  Possible return values are:
+ *
+ *    srtp_err_status_ok     all tests were passed
+ *    <other>                a test failed
+ *
+ */
+srtp_err_status_t srtp_crypto_kernel_status(void);
+
+/*
+ * srtp_crypto_kernel_list_debug_modules() outputs a list of debugging modules
+ *
+ */
+srtp_err_status_t srtp_crypto_kernel_list_debug_modules(void);
+
+/*
+ * srtp_crypto_kernel_load_cipher_type()
+ *
+ */
+srtp_err_status_t srtp_crypto_kernel_load_cipher_type(
+    const srtp_cipher_type_t *ct,
+    srtp_cipher_type_id_t id);
+
+srtp_err_status_t srtp_crypto_kernel_load_auth_type(const srtp_auth_type_t *ct,
+                                                    srtp_auth_type_id_t id);
+
+srtp_err_status_t srtp_crypto_kernel_load_debug_module(
+    srtp_debug_module_t *new_dm);
+
+/*
+ * srtp_crypto_kernel_alloc_cipher(id, cp, key_len);
+ *
+ * allocates a cipher of type id at location *cp, with key length
+ * key_len octets.  Return values are:
+ *
+ *    srtp_err_status_ok           no problems
+ *    srtp_err_status_alloc_fail   an allocation failure occured
+ *    srtp_err_status_fail         couldn't find cipher with identifier 'id'
+ */
+srtp_err_status_t srtp_crypto_kernel_alloc_cipher(srtp_cipher_type_id_t id,
+                                                  srtp_cipher_pointer_t *cp,
+                                                  int key_len,
+                                                  int tag_len);
+
+/*
+ * srtp_crypto_kernel_alloc_auth(id, ap, key_len, tag_len);
+ *
+ * allocates an auth function of type id at location *ap, with key
+ * length key_len octets and output tag length of tag_len.  Return
+ * values are:
+ *
+ *    srtp_err_status_ok           no problems
+ *    srtp_err_status_alloc_fail   an allocation failure occured
+ *    srtp_err_status_fail         couldn't find auth with identifier 'id'
+ */
+srtp_err_status_t srtp_crypto_kernel_alloc_auth(srtp_auth_type_id_t id,
+                                                srtp_auth_pointer_t *ap,
+                                                int key_len,
+                                                int tag_len);
+
+/*
+ * srtp_crypto_kernel_set_debug_module(mod_name, v)
+ *
+ * sets dynamic debugging to the value v (0 for off, 1 for on) for the
+ * debug module with the name mod_name
+ *
+ * returns srtp_err_status_ok on success, srtp_err_status_fail otherwise
+ */
+srtp_err_status_t srtp_crypto_kernel_set_debug_module(const char *mod_name,
+                                                      int v);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* CRYPTO_KERNEL */
diff --git a/trunk/3rdparty/libsrtp-2-fit/crypto/include/crypto_types.h b/trunk/3rdparty/libsrtp-2-fit/crypto/include/crypto_types.h
new file mode 100644
index 000000000..7fd3178b0
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/crypto/include/crypto_types.h
@@ -0,0 +1,116 @@
+/*
+ * crypto_types.h
+ *
+ * constants for cipher types and auth func types
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ */
+/*
+ *
+ * Copyright(c) 2001-2017 Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef SRTP_CRYPTO_TYPES_H
+#define SRTP_CRYPTO_TYPES_H
+
+/*
+ * The null cipher performs no encryption.
+ *
+ * The SRTP_NULL_CIPHER leaves its inputs unaltered, during both the
+ * encryption and decryption operations.  This cipher can be chosen
+ * to indicate that no encryption is to be performed.
+ */
+#define SRTP_NULL_CIPHER 0
+
+/*
+ * AES-128 Integer Counter Mode (AES ICM)
+ *
+ * AES-128 ICM is the variant of counter mode that is used by
+ * Secure RTP.  This cipher uses a 16-octet key concatenated with a
+ * 14-octet offset (or salt) value.
+ */
+#define SRTP_AES_ICM_128 1
+
+/*
+ * AES-192 Integer Counter Mode (AES ICM)
+ *
+ * AES-128 ICM is the variant of counter mode that is used by
+ * Secure RTP.  This cipher uses a 24-octet key concatenated with a
+ * 14-octet offset (or salt) value.
+ */
+#define SRTP_AES_ICM_192 4
+
+/*
+ * AES-256 Integer Counter Mode (AES ICM)
+ *
+ * AES-128 ICM is the variant of counter mode that is used by
+ * Secure RTP.  This cipher uses a 32-octet key concatenated with a
+ * 14-octet offset (or salt) value.
+ */
+#define SRTP_AES_ICM_256 5
+
+/*
+ * AES-128_GCM Galois Counter Mode (AES GCM)
+ *
+ * AES-128 GCM is the variant of galois counter mode that is used by
+ * Secure RTP.  This cipher uses a 16-octet key.
+ */
+#define SRTP_AES_GCM_128 6
+
+/*
+ * AES-256_GCM Galois Counter Mode (AES GCM)
+ *
+ * AES-256 GCM is the variant of galois counter mode that is used by
+ * Secure RTP.  This cipher uses a 32-octet key.
+ */
+#define SRTP_AES_GCM_256 7
+
+/*
+ * The null authentication function performs no authentication.
+ *
+ * The NULL_AUTH function does nothing, and can be selected to indicate
+ * that authentication should not be performed.
+ */
+#define SRTP_NULL_AUTH 0
+
+/*
+ * HMAC-SHA1
+ *
+ * SRTP_HMAC_SHA1 implements the Hash-based MAC using the NIST Secure
+ * Hash Algorithm version 1 (SHA1).
+ */
+#define SRTP_HMAC_SHA1 3
+
+#endif /* SRTP_CRYPTO_TYPES_H */
diff --git a/trunk/3rdparty/libsrtp-2-fit/crypto/include/datatypes.h b/trunk/3rdparty/libsrtp-2-fit/crypto/include/datatypes.h
new file mode 100644
index 000000000..6a588d0e9
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/crypto/include/datatypes.h
@@ -0,0 +1,378 @@
+/*
+ * datatypes.h
+ *
+ * data types for bit vectors and finite fields
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ */
+
+/*
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef DATATYPES_H
+#define DATATYPES_H
+
+#include "integers.h" /* definitions of uint32_t, et cetera   */
+#include "alloc.h"
+
+#include <stdarg.h>
+
+#include <stdio.h>
+#include <string.h>
+#include <time.h>
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#elif defined HAVE_WINSOCK2_H
+#include <winsock2.h>
+#else
+#error "Platform not recognized"
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* if DATATYPES_USE_MACROS is defined, then little functions are macros */
+#define DATATYPES_USE_MACROS
+
+typedef union {
+    uint8_t v8[2];
+    uint16_t value;
+} v16_t;
+
+typedef union {
+    uint8_t v8[4];
+    uint16_t v16[2];
+    uint32_t value;
+} v32_t;
+
+typedef union {
+    uint8_t v8[8];
+    uint16_t v16[4];
+    uint32_t v32[2];
+    uint64_t value;
+} v64_t;
+
+typedef union {
+    uint8_t v8[16];
+    uint16_t v16[8];
+    uint32_t v32[4];
+    uint64_t v64[2];
+} v128_t;
+
+typedef union {
+    uint8_t v8[32];
+    uint16_t v16[16];
+    uint32_t v32[8];
+    uint64_t v64[4];
+} v256_t;
+
+/* some useful and simple math functions */
+
+#define pow_2(X) ((unsigned int)1 << (X)) /* 2^X     */
+
+#define pow_minus_one(X) ((X) ? -1 : 1) /* (-1)^X  */
+
+/*
+ * octet_get_weight(x) returns the hamming weight (number of bits equal to
+ * one) in the octet x
+ */
+
+int octet_get_weight(uint8_t octet);
+
+#define MAX_PRINT_STRING_LEN 1024
+
+char *srtp_octet_string_hex_string(const void *str, int length);
+
+char *v128_bit_string(v128_t *x);
+
+char *v128_hex_string(v128_t *x);
+
+void v128_copy_octet_string(v128_t *x, const uint8_t s[16]);
+
+void v128_left_shift(v128_t *x, int shift_index);
+
+void v128_right_shift(v128_t *x, int shift_index);
+
+/*
+ * the following macros define the data manipulation functions
+ *
+ * If DATATYPES_USE_MACROS is defined, then these macros are used
+ * directly (and function call overhead is avoided).  Otherwise,
+ * the macros are used through the functions defined in datatypes.c
+ * (and the compiler provides better warnings).
+ */
+
+#define _v128_set_to_zero(x)                                                   \
+    ((x)->v32[0] = 0, (x)->v32[1] = 0, (x)->v32[2] = 0, (x)->v32[3] = 0)
+
+#define _v128_copy(x, y)                                                       \
+    ((x)->v32[0] = (y)->v32[0], (x)->v32[1] = (y)->v32[1],                     \
+     (x)->v32[2] = (y)->v32[2], (x)->v32[3] = (y)->v32[3])
+
+#define _v128_xor(z, x, y)                                                     \
+    ((z)->v32[0] = (x)->v32[0] ^ (y)->v32[0],                                  \
+     (z)->v32[1] = (x)->v32[1] ^ (y)->v32[1],                                  \
+     (z)->v32[2] = (x)->v32[2] ^ (y)->v32[2],                                  \
+     (z)->v32[3] = (x)->v32[3] ^ (y)->v32[3])
+
+#define _v128_and(z, x, y)                                                     \
+    ((z)->v32[0] = (x)->v32[0] & (y)->v32[0],                                  \
+     (z)->v32[1] = (x)->v32[1] & (y)->v32[1],                                  \
+     (z)->v32[2] = (x)->v32[2] & (y)->v32[2],                                  \
+     (z)->v32[3] = (x)->v32[3] & (y)->v32[3])
+
+#define _v128_or(z, x, y)                                                      \
+    ((z)->v32[0] = (x)->v32[0] | (y)->v32[0],                                  \
+     (z)->v32[1] = (x)->v32[1] | (y)->v32[1],                                  \
+     (z)->v32[2] = (x)->v32[2] | (y)->v32[2],                                  \
+     (z)->v32[3] = (x)->v32[3] | (y)->v32[3])
+
+#define _v128_complement(x)                                                    \
+    ((x)->v32[0] = ~(x)->v32[0], (x)->v32[1] = ~(x)->v32[1],                   \
+     (x)->v32[2] = ~(x)->v32[2], (x)->v32[3] = ~(x)->v32[3])
+
+/* ok for NO_64BIT_MATH if it can compare uint64_t's (even as structures) */
+#define _v128_is_eq(x, y)                                                      \
+    (((x)->v64[0] == (y)->v64[0]) && ((x)->v64[1] == (y)->v64[1]))
+
+#ifdef NO_64BIT_MATH
+#define _v128_xor_eq(z, x)                                                     \
+    ((z)->v32[0] ^= (x)->v32[0], (z)->v32[1] ^= (x)->v32[1],                   \
+     (z)->v32[2] ^= (x)->v32[2], (z)->v32[3] ^= (x)->v32[3])
+#else
+#define _v128_xor_eq(z, x)                                                     \
+    ((z)->v64[0] ^= (x)->v64[0], (z)->v64[1] ^= (x)->v64[1])
+#endif
+
+/* NOTE!  This assumes an odd ordering! */
+/* This will not be compatible directly with math on some processors */
+/* bit 0 is first 32-bit word, low order bit. in little-endian, that's
+   the first byte of the first 32-bit word.  In big-endian, that's
+   the 3rd byte of the first 32-bit word */
+/* The get/set bit code is used by the replay code ONLY, and it doesn't
+   really care which bit is which.  AES does care which bit is which, but
+   doesn't use the 128-bit get/set or 128-bit shifts  */
+
+#define _v128_get_bit(x, bit) (((((x)->v32[(bit) >> 5]) >> ((bit)&31)) & 1))
+
+#define _v128_set_bit(x, bit)                                                  \
+    ((((x)->v32[(bit) >> 5]) |= ((uint32_t)1 << ((bit)&31))))
+
+#define _v128_clear_bit(x, bit)                                                \
+    ((((x)->v32[(bit) >> 5]) &= ~((uint32_t)1 << ((bit)&31))))
+
+#define _v128_set_bit_to(x, bit, value)                                        \
+    ((value) ? _v128_set_bit(x, bit) : _v128_clear_bit(x, bit))
+
+#ifdef DATATYPES_USE_MACROS /* little functions are really macros */
+
+#define v128_set_to_zero(z) _v128_set_to_zero(z)
+#define v128_copy(z, x) _v128_copy(z, x)
+#define v128_xor(z, x, y) _v128_xor(z, x, y)
+#define v128_and(z, x, y) _v128_and(z, x, y)
+#define v128_or(z, x, y) _v128_or(z, x, y)
+#define v128_complement(x) _v128_complement(x)
+#define v128_is_eq(x, y) _v128_is_eq(x, y)
+#define v128_xor_eq(x, y) _v128_xor_eq(x, y)
+#define v128_get_bit(x, i) _v128_get_bit(x, i)
+#define v128_set_bit(x, i) _v128_set_bit(x, i)
+#define v128_clear_bit(x, i) _v128_clear_bit(x, i)
+#define v128_set_bit_to(x, i, y) _v128_set_bit_to(x, i, y)
+
+#else
+
+void v128_set_to_zero(v128_t *x);
+
+int v128_is_eq(const v128_t *x, const v128_t *y);
+
+void v128_copy(v128_t *x, const v128_t *y);
+
+void v128_xor(v128_t *z, v128_t *x, v128_t *y);
+
+void v128_and(v128_t *z, v128_t *x, v128_t *y);
+
+void v128_or(v128_t *z, v128_t *x, v128_t *y);
+
+void v128_complement(v128_t *x);
+
+int v128_get_bit(const v128_t *x, int i);
+
+void v128_set_bit(v128_t *x, int i);
+
+void v128_clear_bit(v128_t *x, int i);
+
+void v128_set_bit_to(v128_t *x, int i, int y);
+
+#endif /* DATATYPES_USE_MACROS */
+
+/*
+ * srtp_octet_string_is_eq(a, b, len) returns 1 if the length len strings
+ * a and b are not equal. It returns 0 otherwise. The running time of the
+ * comparison depends only on len, making this safe to use for (e.g.)
+ * verifying authentication tags.
+ */
+
+int srtp_octet_string_is_eq(uint8_t *a, uint8_t *b, int len);
+
+/*
+ * A portable way to zero out memory as recommended by
+ * https://cryptocoding.net/index.php/Coding_rules#Clean_memory_of_secret_data
+ * This is used to zero memory when OPENSSL_cleanse() is not available.
+ */
+void srtp_cleanse(void *s, size_t len);
+
+/*
+ * Functions as a wrapper that delegates to either srtp_cleanse() or
+ * OPENSSL_cleanse() if available to zero memory.
+ */
+void octet_string_set_to_zero(void *s, size_t len);
+
+#if defined(HAVE_CONFIG_H)
+
+/*
+ * Convert big endian integers to CPU byte order.
+ */
+#ifdef WORDS_BIGENDIAN
+/* Nothing to do. */
+#define be32_to_cpu(x) (x)
+#define be64_to_cpu(x) (x)
+#elif defined(HAVE_BYTESWAP_H)
+/* We have (hopefully) optimized versions in byteswap.h */
+#include <byteswap.h>
+#define be32_to_cpu(x) bswap_32((x))
+#define be64_to_cpu(x) bswap_64((x))
+#else /* WORDS_BIGENDIAN */
+
+#if defined(__GNUC__) && defined(HAVE_X86)
+/* Fall back. */
+static inline uint32_t be32_to_cpu(uint32_t v)
+{
+    /* optimized for x86. */
+    asm("bswap %0" : "=r"(v) : "0"(v));
+    return v;
+}
+#else /* HAVE_X86 */
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#elif defined HAVE_WINSOCK2_H
+#include <winsock2.h>
+#endif /* HAVE_NETINET_IN_H */
+#define be32_to_cpu(x) ntohl((x))
+#endif /* HAVE_X86 */
+
+static inline uint64_t be64_to_cpu(uint64_t v)
+{
+#ifdef NO_64BIT_MATH
+    /* use the make64 functions to do 64-bit math */
+    v = make64(htonl(low32(v)), htonl(high32(v)));
+#else  /* NO_64BIT_MATH */
+    /* use the native 64-bit math */
+    v = (uint64_t)((be32_to_cpu((uint32_t)(v >> 32))) |
+                   (((uint64_t)be32_to_cpu((uint32_t)v)) << 32));
+#endif /* NO_64BIT_MATH */
+    return v;
+}
+
+#endif /* WORDS_BIGENDIAN */
+
+#endif /* HAVE_CONFIG_H */
+
+/*
+ * functions manipulating bitvector_t
+ *
+ * A bitvector_t consists of an array of words and an integer
+ * representing the number of significant bits stored in the array.
+ * The bits are packed as follows: the least significant bit is that
+ * of word[0], while the most significant bit is the nth most
+ * significant bit of word[m], where length = bits_per_word * m + n.
+ *
+ */
+
+#define bits_per_word 32
+#define bytes_per_word 4
+
+typedef struct {
+    uint32_t length;
+    uint32_t *word;
+} bitvector_t;
+
+#define _bitvector_get_bit(v, bit_index)                                       \
+    (((((v)->word[((bit_index) >> 5)]) >> ((bit_index)&31)) & 1))
+
+#define _bitvector_set_bit(v, bit_index)                                       \
+    ((((v)->word[((bit_index) >> 5)] |= ((uint32_t)1 << ((bit_index)&31)))))
+
+#define _bitvector_clear_bit(v, bit_index)                                     \
+    ((((v)->word[((bit_index) >> 5)] &= ~((uint32_t)1 << ((bit_index)&31)))))
+
+#define _bitvector_get_length(v) (((v)->length))
+
+#ifdef DATATYPES_USE_MACROS /* little functions are really macros */
+
+#define bitvector_get_bit(v, bit_index) _bitvector_get_bit(v, bit_index)
+#define bitvector_set_bit(v, bit_index) _bitvector_set_bit(v, bit_index)
+#define bitvector_clear_bit(v, bit_index) _bitvector_clear_bit(v, bit_index)
+#define bitvector_get_length(v) _bitvector_get_length(v)
+
+#else
+
+int bitvector_get_bit(const bitvector_t *v, int bit_index);
+
+void bitvector_set_bit(bitvector_t *v, int bit_index);
+
+void bitvector_clear_bit(bitvector_t *v, int bit_index);
+
+unsigned long bitvector_get_length(const bitvector_t *v);
+
+#endif
+
+int bitvector_alloc(bitvector_t *v, unsigned long length);
+
+void bitvector_dealloc(bitvector_t *v);
+
+void bitvector_set_to_zero(bitvector_t *x);
+
+void bitvector_left_shift(bitvector_t *x, int index);
+
+char *bitvector_bit_string(bitvector_t *x, char *buf, int len);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* DATATYPES_H */
diff --git a/trunk/3rdparty/libsrtp-2-fit/crypto/include/err.h b/trunk/3rdparty/libsrtp-2-fit/crypto/include/err.h
new file mode 100644
index 000000000..326f5e96b
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/crypto/include/err.h
@@ -0,0 +1,139 @@
+/*
+ * err.h
+ *
+ * error status codes
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ */
+/*
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef ERR_H
+#define ERR_H
+
+#include <stdio.h>
+#include <stdarg.h>
+#include "srtp.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @defgroup Error Error Codes
+ *
+ * Error status codes are represented by the enumeration srtp_err_status_t.
+ *
+ * @{
+ */
+
+/**
+ * @}
+ */
+
+typedef enum {
+    srtp_err_level_error,
+    srtp_err_level_warning,
+    srtp_err_level_info,
+    srtp_err_level_debug
+} srtp_err_reporting_level_t;
+
+/*
+ * err_reporting_init prepares the error system.  If
+ * ERR_REPORTING_STDOUT is defined, it will log to stdout.
+ *
+ */
+
+srtp_err_status_t srtp_err_reporting_init(void);
+
+typedef void(srtp_err_report_handler_func_t)(srtp_err_reporting_level_t level,
+                                             const char *msg);
+
+srtp_err_status_t srtp_install_err_report_handler(
+    srtp_err_report_handler_func_t func);
+
+/*
+ * srtp_err_report reports a 'printf' formatted error
+ * string, followed by a an arg list.  The level argument
+ * is one of srtp_err_reporting_level_t.
+ *
+ * Errors will be reported to stdout, if ERR_REPORTING_STDOUT
+ * is defined.
+ *
+ */
+
+void srtp_err_report(srtp_err_reporting_level_t level, const char *format, ...);
+
+/*
+ * debug_module_t defines a debug module
+ */
+
+typedef struct {
+    int on;           /* 1 if debugging is on, 0 if it is off */
+    const char *name; /* printable name for debug module      */
+} srtp_debug_module_t;
+
+#ifdef ENABLE_DEBUG_LOGGING
+
+#define debug_print0(mod, format)                                              \
+    srtp_err_report(srtp_err_level_debug, ("%s: " format "\n"), mod.name)
+#define debug_print(mod, format, arg)                                          \
+    srtp_err_report(srtp_err_level_debug, ("%s: " format "\n"), mod.name, arg)
+#define debug_print2(mod, format, arg1, arg2)                                  \
+    srtp_err_report(srtp_err_level_debug, ("%s: " format "\n"), mod.name,      \
+                    arg1, arg2)
+
+#else
+
+#define debug_print0(mod, format)                                              \
+    if (mod.on)                                                                \
+    srtp_err_report(srtp_err_level_debug, ("%s: " format "\n"), mod.name)
+#define debug_print(mod, format, arg)                                          \
+    if (mod.on)                                                                \
+    srtp_err_report(srtp_err_level_debug, ("%s: " format "\n"), mod.name, arg)
+#define debug_print2(mod, format, arg1, arg2)                                  \
+    if (mod.on)                                                                \
+    srtp_err_report(srtp_err_level_debug, ("%s: " format "\n"), mod.name,      \
+                    arg1, arg2)
+
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* ERR_H */
diff --git a/trunk/3rdparty/libsrtp-2-fit/crypto/include/hmac.h b/trunk/3rdparty/libsrtp-2-fit/crypto/include/hmac.h
new file mode 100644
index 000000000..148818122
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/crypto/include/hmac.h
@@ -0,0 +1,58 @@
+/*
+ * hmac.h
+ *
+ * interface to hmac srtp_auth_type_t
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ *
+ */
+/*
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef HMAC_H
+#define HMAC_H
+
+#include "auth.h"
+#include "sha1.h"
+
+typedef struct {
+    uint8_t opad[64];
+    srtp_sha1_ctx_t ctx;
+    srtp_sha1_ctx_t init_ctx;
+} srtp_hmac_ctx_t;
+
+#endif /* HMAC_H */
diff --git a/trunk/3rdparty/libsrtp-2-fit/crypto/include/integers.h b/trunk/3rdparty/libsrtp-2-fit/crypto/include/integers.h
new file mode 100644
index 000000000..f2cd7c064
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/crypto/include/integers.h
@@ -0,0 +1,146 @@
+/*
+ * integers.h
+ *
+ * defines integer types (or refers to their definitions)
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ */
+
+/*
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef INTEGERS_H
+#define INTEGERS_H
+
+/* use standard integer definitions, if they're available  */
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+#ifdef HAVE_STDINT_H
+#include <stdint.h>
+#endif
+#ifdef HAVE_INTTYPES_H
+#include <inttypes.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_INT_TYPES_H
+#include <sys/int_types.h> /* this exists on Sun OS */
+#endif
+#ifdef HAVE_MACHINE_TYPES_H
+#include <machine/types.h>
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Can we do 64 bit integers? */
+#if !defined(HAVE_UINT64_T)
+#if SIZEOF_UNSIGNED_LONG == 8
+typedef unsigned long uint64_t;
+#elif SIZEOF_UNSIGNED_LONG_LONG == 8
+typedef unsigned long long uint64_t;
+#else
+#define NO_64BIT_MATH 1
+#endif
+#endif
+
+/* Reasonable defaults for 32 bit machines - you may need to
+ * edit these definitions for your own machine. */
+#ifndef HAVE_UINT8_T
+typedef unsigned char uint8_t;
+#endif
+#ifndef HAVE_UINT16_T
+typedef unsigned short int uint16_t;
+#endif
+#ifndef HAVE_UINT32_T
+typedef unsigned int uint32_t;
+#endif
+#ifndef HAVE_INT32_T
+typedef int int32_t;
+#endif
+
+#if defined(NO_64BIT_MATH) && defined(HAVE_CONFIG_H)
+typedef double uint64_t;
+/* assert that sizeof(double) == 8 */
+extern uint64_t make64(uint32_t high, uint32_t low);
+extern uint32_t high32(uint64_t value);
+extern uint32_t low32(uint64_t value);
+#endif
+
+/* These macros are to load and store 32-bit values from un-aligned
+   addresses.  This is required for processors that do not allow unaligned
+   loads. */
+#ifdef ALIGNMENT_32BIT_REQUIRED
+/* Note that if it's in a variable, you can memcpy it */
+#ifdef WORDS_BIGENDIAN
+#define PUT_32(addr, value)                                                    \
+    {                                                                          \
+        ((unsigned char *)(addr))[0] = (value >> 24);                          \
+        ((unsigned char *)(addr))[1] = (value >> 16) & 0xff;                   \
+        ((unsigned char *)(addr))[2] = (value >> 8) & 0xff;                    \
+        ((unsigned char *)(addr))[3] = (value)&0xff;                           \
+    }
+#define GET_32(addr)                                                           \
+    ((((unsigned char *)(addr))[0] << 24) |                                    \
+     (((unsigned char *)(addr))[1] << 16) |                                    \
+     (((unsigned char *)(addr))[2] << 8) | (((unsigned char *)(addr))[3]))
+#else
+#define PUT_32(addr, value)                                                    \
+    {                                                                          \
+        ((unsigned char *)(addr))[3] = (value >> 24);                          \
+        ((unsigned char *)(addr))[2] = (value >> 16) & 0xff;                   \
+        ((unsigned char *)(addr))[1] = (value >> 8) & 0xff;                    \
+        ((unsigned char *)(addr))[0] = (value)&0xff;                           \
+    }
+#define GET_32(addr)                                                           \
+    ((((unsigned char *)(addr))[3] << 24) |                                    \
+     (((unsigned char *)(addr))[2] << 16) |                                    \
+     (((unsigned char *)(addr))[1] << 8) | (((unsigned char *)(addr))[0]))
+#endif // WORDS_BIGENDIAN
+#else
+#define PUT_32(addr, value) *(((uint32_t *) (addr)) = (value)
+#define GET_32(addr) (*(((uint32_t *) (addr)))
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* INTEGERS_H */
diff --git a/trunk/3rdparty/libsrtp-2-fit/crypto/include/key.h b/trunk/3rdparty/libsrtp-2-fit/crypto/include/key.h
new file mode 100644
index 000000000..3498114b0
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/crypto/include/key.h
@@ -0,0 +1,88 @@
+/*
+ * key.h
+ *
+ * key usage limits enforcement
+ *
+ * David A. Mcgrew
+ * Cisco Systems, Inc.
+ */
+/*
+ *
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef KEY_H
+#define KEY_H
+
+#include "rdbx.h" /* for srtp_xtd_seq_num_t */
+#include "err.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct srtp_key_limit_ctx_t *srtp_key_limit_t;
+
+typedef enum {
+    srtp_key_event_normal,
+    srtp_key_event_soft_limit,
+    srtp_key_event_hard_limit
+} srtp_key_event_t;
+
+srtp_err_status_t srtp_key_limit_set(srtp_key_limit_t key,
+                                     const srtp_xtd_seq_num_t s);
+
+srtp_err_status_t srtp_key_limit_clone(srtp_key_limit_t original,
+                                       srtp_key_limit_t *new_key);
+
+srtp_err_status_t srtp_key_limit_check(const srtp_key_limit_t key);
+
+srtp_key_event_t srtp_key_limit_update(srtp_key_limit_t key);
+
+typedef enum {
+    srtp_key_state_normal,
+    srtp_key_state_past_soft_limit,
+    srtp_key_state_expired
+} srtp_key_state_t;
+
+typedef struct srtp_key_limit_ctx_t {
+    srtp_xtd_seq_num_t num_left;
+    srtp_key_state_t state;
+} srtp_key_limit_ctx_t;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* KEY_H */
diff --git a/trunk/3rdparty/libsrtp-2-fit/crypto/include/null_auth.h b/trunk/3rdparty/libsrtp-2-fit/crypto/include/null_auth.h
new file mode 100644
index 000000000..490dd7bc0
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/crypto/include/null_auth.h
@@ -0,0 +1,73 @@
+/*
+ * null-auth.h
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ *
+ */
+
+/*
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef NULL_AUTH_H
+#define NULL_AUTH_H
+
+#include "auth.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct {
+    char foo;
+} srtp_null_auth_ctx_t;
+
+#if 0
+srtp_err_status_t srtp_null_auth_alloc(srtp_auth_t **a, int key_len, int out_len);
+
+srtp_err_status_t srtp_null_auth_dealloc(srtp_auth_t *a);
+
+srtp_err_status_t srtp_null_auth_init(srtp_null_auth_ctx_t *state, const uint8_t *key, int key_len);
+
+srtp_err_status_t srtp_null_auth_compute(srtp_null_auth_ctx_t *state, uint8_t *message, int msg_octets, int tag_len, uint8_t *result);
+
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* NULL_AUTH_H */
diff --git a/trunk/3rdparty/libsrtp-2-fit/crypto/include/null_cipher.h b/trunk/3rdparty/libsrtp-2-fit/crypto/include/null_cipher.h
new file mode 100644
index 000000000..5e8c91c13
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/crypto/include/null_cipher.h
@@ -0,0 +1,57 @@
+/*
+ * null-cipher.h
+ *
+ * header file for the null cipher
+ *
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ */
+
+/*
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef NULL_CIPHER_H
+#define NULL_CIPHER_H
+
+#include "datatypes.h"
+#include "cipher.h"
+
+typedef struct {
+    char foo; /* empty, for now */
+} srtp_null_cipher_ctx_t;
+
+#endif /* NULL_CIPHER_H */
diff --git a/trunk/3rdparty/libsrtp-2-fit/crypto/include/rdb.h b/trunk/3rdparty/libsrtp-2-fit/crypto/include/rdb.h
new file mode 100644
index 000000000..98314c1f3
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/crypto/include/rdb.h
@@ -0,0 +1,125 @@
+/*
+ * replay-database.h
+ *
+ * interface for a replay database for packet security
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ */
+
+/*
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef REPLAY_DB_H
+#define REPLAY_DB_H
+
+#include "integers.h"  /* for uint32_t     */
+#include "datatypes.h" /* for v128_t       */
+#include "err.h"       /* for srtp_err_status_t */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * if the ith least significant bit is one, then the packet index
+ * window_end-i is in the database
+ */
+
+typedef struct {
+    uint32_t window_start; /* packet index of the first bit in bitmask */
+    v128_t bitmask;
+} srtp_rdb_t;
+
+#define rdb_bits_in_bitmask (8 * sizeof(v128_t))
+
+/*
+ * srtp_rdb_init
+ *
+ * initalizes rdb
+ *
+ * returns srtp_err_status_ok on success, srtp_err_status_t_fail otherwise
+ */
+srtp_err_status_t srtp_rdb_init(srtp_rdb_t *rdb);
+
+/*
+ * srtp_rdb_check
+ *
+ * checks to see if index appears in rdb
+ *
+ * returns srtp_err_status_fail if the index already appears in rdb,
+ * returns srtp_err_status_ok otherwise
+ */
+srtp_err_status_t srtp_rdb_check(const srtp_rdb_t *rdb, uint32_t rdb_index);
+
+/*
+ * srtp_rdb_add_index
+ *
+ * adds index to srtp_rdb_t (and does *not* check if index appears in db)
+ *
+ * returns srtp_err_status_ok on success, srtp_err_status_fail otherwise
+ *
+ */
+srtp_err_status_t srtp_rdb_add_index(srtp_rdb_t *rdb, uint32_t rdb_index);
+
+/*
+ * the functions srtp_rdb_increment() and srtp_rdb_get_value() are for use by
+ * senders, not receivers - DO NOT use these functions on the same
+ * srtp_rdb_t upon which srtp_rdb_add_index is used!
+ */
+
+/*
+ * srtp_rdb_increment(db) increments the sequence number in db, if it is
+ * not too high
+ *
+ * return values:
+ *
+ *    srtp_err_status_ok            no problem
+ *    srtp_err_status_key_expired   sequence number too high
+ *
+ */
+srtp_err_status_t srtp_rdb_increment(srtp_rdb_t *rdb);
+
+/*
+ * srtp_rdb_get_value(db) returns the current sequence number of db
+ */
+uint32_t srtp_rdb_get_value(const srtp_rdb_t *rdb);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* REPLAY_DB_H */
diff --git a/trunk/3rdparty/libsrtp-2-fit/crypto/include/rdbx.h b/trunk/3rdparty/libsrtp-2-fit/crypto/include/rdbx.h
new file mode 100644
index 000000000..2194178ee
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/crypto/include/rdbx.h
@@ -0,0 +1,209 @@
+/*
+ * rdbx.h
+ *
+ * replay database with extended packet indices, using a rollover counter
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ *
+ */
+
+/*
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef RDBX_H
+#define RDBX_H
+
+#include "datatypes.h"
+#include "err.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* #define ROC_TEST */
+
+#ifndef ROC_TEST
+
+typedef uint16_t srtp_sequence_number_t;  /* 16 bit sequence number  */
+typedef uint32_t srtp_rollover_counter_t; /* 32 bit rollover counter */
+
+#else /* use small seq_num and roc datatypes for testing purposes */
+
+typedef unsigned char srtp_sequence_number_t; /* 8 bit sequence number   */
+typedef uint16_t srtp_rollover_counter_t;     /* 16 bit rollover counter */
+
+#endif
+
+#define seq_num_median (1 << (8 * sizeof(srtp_sequence_number_t) - 1))
+#define seq_num_max (1 << (8 * sizeof(srtp_sequence_number_t)))
+
+/*
+ * An rtp_xtd_seq_num_t is a 64-bit unsigned integer used as an 'extended'
+ * sequence number.
+ */
+typedef uint64_t srtp_xtd_seq_num_t;
+
+/*
+ * An srtp_rdbx_t is a replay database with extended range; it uses an
+ * xtd_seq_num_t and a bitmask of recently received indices.
+ */
+typedef struct {
+    srtp_xtd_seq_num_t index;
+    bitvector_t bitmask;
+} srtp_rdbx_t;
+
+/*
+ * srtp_rdbx_init(rdbx_ptr, ws)
+ *
+ * initializes the rdbx pointed to by its argument with the window size ws,
+ * setting the rollover counter and sequence number to zero
+ */
+srtp_err_status_t srtp_rdbx_init(srtp_rdbx_t *rdbx, unsigned long ws);
+
+/*
+ * srtp_rdbx_dealloc(rdbx_ptr)
+ *
+ * frees memory associated with the rdbx
+ */
+srtp_err_status_t srtp_rdbx_dealloc(srtp_rdbx_t *rdbx);
+
+/*
+ * srtp_rdbx_estimate_index(rdbx, guess, s)
+ *
+ * given an rdbx and a sequence number s (from a newly arrived packet),
+ * sets the contents of *guess to contain the best guess of the packet
+ * index to which s corresponds, and returns the difference between
+ * *guess and the locally stored synch info
+ */
+int32_t srtp_rdbx_estimate_index(const srtp_rdbx_t *rdbx,
+                                 srtp_xtd_seq_num_t *guess,
+                                 srtp_sequence_number_t s);
+
+/*
+ * srtp_rdbx_check(rdbx, delta);
+ *
+ * srtp_rdbx_check(&r, delta) checks to see if the xtd_seq_num_t
+ * which is at rdbx->window_start + delta is in the rdb
+ *
+ */
+srtp_err_status_t srtp_rdbx_check(const srtp_rdbx_t *rdbx, int difference);
+
+/*
+ * srtp_replay_add_index(rdbx, delta)
+ *
+ * adds the srtp_xtd_seq_num_t at rdbx->window_start + delta to replay_db
+ * (and does *not* check if that xtd_seq_num_t appears in db)
+ *
+ * this function should be called *only* after replay_check has
+ * indicated that the index does not appear in the rdbx, and a mutex
+ * should protect the rdbx between these calls if necessary.
+ */
+srtp_err_status_t srtp_rdbx_add_index(srtp_rdbx_t *rdbx, int delta);
+
+/*
+ * srtp_rdbx_set_roc(rdbx, roc) initalizes the srtp_rdbx_t at the location rdbx
+ * to have the rollover counter value roc.  If that value is less than
+ * the current rollover counter value, then the function returns
+ * srtp_err_status_replay_old; otherwise, srtp_err_status_ok is returned.
+ *
+ */
+srtp_err_status_t srtp_rdbx_set_roc(srtp_rdbx_t *rdbx, uint32_t roc);
+
+/*
+ * srtp_rdbx_get_packet_index(rdbx) returns the value of the rollover counter
+ * for
+ * the srtp_rdbx_t pointed to by rdbx
+ *
+ */
+srtp_xtd_seq_num_t srtp_rdbx_get_packet_index(const srtp_rdbx_t *rdbx);
+
+/*
+ * srtp_xtd_seq_num_t functions - these are *internal* functions of rdbx, and
+ * shouldn't be used to manipulate rdbx internal values.  use the rdbx
+ * api instead!
+ */
+
+/*
+ * srtp_rdbx_get_ws(rdbx_ptr)
+ *
+ * gets the window size which was used to initialize the rdbx
+ */
+unsigned long srtp_rdbx_get_window_size(const srtp_rdbx_t *rdbx);
+
+/* index_init(&pi) initializes a packet index pi (sets it to zero) */
+void srtp_index_init(srtp_xtd_seq_num_t *pi);
+
+/* index_advance(&pi, s) advances a xtd_seq_num_t forward by s */
+void srtp_index_advance(srtp_xtd_seq_num_t *pi, srtp_sequence_number_t s);
+
+/*
+ * srtp_index_guess(local, guess, s)
+ *
+ * given a srtp_xtd_seq_num_t local (which represents the highest
+ * known-to-be-good index) and a sequence number s (from a newly
+ * arrived packet), sets the contents of *guess to contain the best
+ * guess of the packet index to which s corresponds, and returns the
+ * difference between *guess and *local
+ */
+int32_t srtp_index_guess(const srtp_xtd_seq_num_t *local,
+                         srtp_xtd_seq_num_t *guess,
+                         srtp_sequence_number_t s);
+
+/*
+ * srtp_rdbx_get_roc(rdbx)
+ *
+ * Get the current rollover counter
+ *
+ */
+uint32_t srtp_rdbx_get_roc(const srtp_rdbx_t *rdbx);
+
+/*
+ * srtp_rdbx_set_roc_seq(rdbx, roc, seq) initalizes the srtp_rdbx_t at the
+ * location rdbx to have the rollover counter value roc and packet sequence
+ * number seq.  If the new rollover counter value is less than the current
+ * rollover counter value, then the function returns
+ * srtp_err_status_replay_old, otherwise, srtp_err_status_ok is returned.
+ */
+srtp_err_status_t srtp_rdbx_set_roc_seq(srtp_rdbx_t *rdbx,
+                                        uint32_t roc,
+                                        uint16_t seq);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* RDBX_H */
diff --git a/trunk/3rdparty/libsrtp-2-fit/crypto/include/sha1.h b/trunk/3rdparty/libsrtp-2-fit/crypto/include/sha1.h
new file mode 100644
index 000000000..933c1466a
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/crypto/include/sha1.h
@@ -0,0 +1,184 @@
+/*
+ * sha1.h
+ *
+ * interface to the Secure Hash Algorithm v.1 (SHA-1), specified in
+ * FIPS 180-1
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ */
+
+/*
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef SHA1_H
+#define SHA1_H
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include "err.h"
+#ifdef OPENSSL
+#include <openssl/evp.h>
+#include <stdint.h>
+#else
+#include "datatypes.h"
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifdef OPENSSL
+
+/*
+ * srtp_sha1_init(&ctx) initializes the SHA1 context ctx
+ *
+ * srtp_sha1_update(&ctx, msg, len) hashes the len octets starting at msg
+ * into the SHA1 context
+ *
+ * srtp_sha1_final(&ctx, output) performs the final processing of the SHA1
+ * context and writes the result to the 20 octets at output
+ *
+ * Return values are ignored on the EVP functions since all three
+ * of these functions return void.
+ *
+ */
+
+/* OpenSSL 1.1.0 made EVP_MD_CTX an opaque structure, which must be allocated
+   using EVP_MD_CTX_new. But this function doesn't exist in OpenSSL 1.0.x. */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || LIBRESSL_VERSION_NUMBER
+
+typedef EVP_MD_CTX srtp_sha1_ctx_t;
+
+static inline void srtp_sha1_init(srtp_sha1_ctx_t *ctx)
+{
+    EVP_MD_CTX_init(ctx);
+    EVP_DigestInit(ctx, EVP_sha1());
+}
+
+static inline void srtp_sha1_update(srtp_sha1_ctx_t *ctx,
+                                    const uint8_t *M,
+                                    int octets_in_msg)
+{
+    EVP_DigestUpdate(ctx, M, octets_in_msg);
+}
+
+static inline void srtp_sha1_final(srtp_sha1_ctx_t *ctx, uint32_t *output)
+{
+    unsigned int len = 0;
+
+    EVP_DigestFinal(ctx, (unsigned char *)output, &len);
+    EVP_MD_CTX_cleanup(ctx);
+}
+
+#else
+
+typedef EVP_MD_CTX *srtp_sha1_ctx_t;
+
+static inline void srtp_sha1_init(srtp_sha1_ctx_t *ctx)
+{
+    *ctx = EVP_MD_CTX_new();
+    EVP_DigestInit(*ctx, EVP_sha1());
+}
+
+static inline void srtp_sha1_update(srtp_sha1_ctx_t *ctx,
+                                    const uint8_t *M,
+                                    int octets_in_msg)
+{
+    EVP_DigestUpdate(*ctx, M, octets_in_msg);
+}
+
+static inline void srtp_sha1_final(srtp_sha1_ctx_t *ctx, uint32_t *output)
+{
+    unsigned int len = 0;
+
+    EVP_DigestFinal(*ctx, (unsigned char *)output, &len);
+    EVP_MD_CTX_free(*ctx);
+}
+#endif
+
+#else
+
+typedef struct {
+    uint32_t H[5];            /* state vector                    */
+    uint32_t M[16];           /* message buffer                  */
+    int octets_in_buffer;     /* octets of message in buffer     */
+    uint32_t num_bits_in_msg; /* total number of bits in message */
+} srtp_sha1_ctx_t;
+
+/*
+ * srtp_sha1_init(&ctx) initializes the SHA1 context ctx
+ *
+ * srtp_sha1_update(&ctx, msg, len) hashes the len octets starting at msg
+ * into the SHA1 context
+ *
+ * srtp_sha1_final(&ctx, output) performs the final processing of the SHA1
+ * context and writes the result to the 20 octets at output
+ *
+ */
+void srtp_sha1_init(srtp_sha1_ctx_t *ctx);
+
+void srtp_sha1_update(srtp_sha1_ctx_t *ctx,
+                      const uint8_t *M,
+                      int octets_in_msg);
+
+void srtp_sha1_final(srtp_sha1_ctx_t *ctx, uint32_t output[5]);
+
+/*
+ * The srtp_sha1_core function is INTERNAL to SHA-1, but it is declared
+ * here because it is also used by the cipher SEAL 3.0 in its key
+ * setup algorithm.
+ */
+
+/*
+ *  srtp_sha1_core(M, H) computes the core sha1 compression function, where M is
+ *  the next part of the message and H is the intermediate state {H0,
+ *  H1, ...}
+ *
+ *  this function does not do any of the padding required in the
+ *  complete sha1 function
+ */
+void srtp_sha1_core(const uint32_t M[16], uint32_t hash_value[5]);
+
+#endif /* else OPENSSL */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* SHA1_H */
diff --git a/trunk/3rdparty/libsrtp-2-fit/crypto/include/stat.h b/trunk/3rdparty/libsrtp-2-fit/crypto/include/stat.h
new file mode 100644
index 000000000..1894e041a
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/crypto/include/stat.h
@@ -0,0 +1,66 @@
+/*
+ * stats.h
+ *
+ * interface to statistical test functions
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ */
+
+/*
+ *
+ * Copyright(c) 2001-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef STAT_H
+#define STAT_H
+
+#include "datatypes.h" /* for uint8_t                       */
+#include "err.h"       /* for srtp_err_status_t             */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+srtp_err_status_t stat_test_monobit(uint8_t *data);
+
+srtp_err_status_t stat_test_poker(uint8_t *data);
+
+srtp_err_status_t stat_test_runs(uint8_t *data);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* STAT_H */
diff --git a/trunk/3rdparty/libsrtp-2-fit/crypto/kernel/alloc.c b/trunk/3rdparty/libsrtp-2-fit/crypto/kernel/alloc.c
new file mode 100644
index 000000000..3ebc31525
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/crypto/kernel/alloc.c
@@ -0,0 +1,101 @@
+/*
+ * alloc.c
+ *
+ * memory allocation and deallocation
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ */
+/*
+ *
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include "alloc.h"
+#include "crypto_kernel.h"
+
+/* the debug module for memory allocation */
+
+srtp_debug_module_t srtp_mod_alloc = {
+    0,      /* debugging is off by default */
+    "alloc" /* printable name for module   */
+};
+
+/*
+ * Nota bene: the debugging statements for srtp_crypto_alloc() and
+ * srtp_crypto_free() have identical prefixes, which include the addresses
+ * of the memory locations on which they are operating.  This fact can
+ * be used to locate memory leaks, by turning on memory debugging,
+ * grepping for 'alloc', then matching alloc and free calls by
+ * address.
+ */
+
+#if defined(HAVE_STDLIB_H)
+
+void *srtp_crypto_alloc(size_t size)
+{
+    void *ptr;
+
+    if (!size) {
+        return NULL;
+    }
+
+    ptr = calloc(1, size);
+
+    if (ptr) {
+        debug_print(srtp_mod_alloc, "(location: %p) allocated", ptr);
+    } else {
+        debug_print(srtp_mod_alloc, "allocation failed (asked for %zu bytes)\n",
+                    size);
+    }
+
+    return ptr;
+}
+
+void srtp_crypto_free(void *ptr)
+{
+    debug_print(srtp_mod_alloc, "(location: %p) freed", ptr);
+
+    free(ptr);
+}
+
+#else /* we need to define our own memory allocation routines */
+
+#error no memory allocation defined yet
+
+#endif
diff --git a/trunk/3rdparty/libsrtp-2-fit/crypto/kernel/crypto_kernel.c b/trunk/3rdparty/libsrtp-2-fit/crypto/kernel/crypto_kernel.c
new file mode 100644
index 000000000..df6af7da8
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/crypto/kernel/crypto_kernel.c
@@ -0,0 +1,561 @@
+/*
+ * crypto_kernel.c
+ *
+ * header for the cryptographic kernel
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ */
+/*
+ *
+ * Copyright(c) 2001-2017 Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include "alloc.h"
+
+#include "crypto_kernel.h"
+#include "cipher_types.h"
+
+/* the debug module for the crypto_kernel */
+
+srtp_debug_module_t srtp_mod_crypto_kernel = {
+    0,              /* debugging is off by default */
+    "crypto kernel" /* printable name for module   */
+};
+
+/* crypto_kernel is a global variable, the only one of its datatype */
+
+srtp_crypto_kernel_t crypto_kernel = {
+    srtp_crypto_kernel_state_insecure, /* start off in insecure state */
+    NULL,                              /* no cipher types yet         */
+    NULL,                              /* no auth types yet           */
+    NULL                               /* no debug modules yet        */
+};
+
+#define MAX_RNG_TRIALS 25
+
+srtp_err_status_t srtp_crypto_kernel_init()
+{
+    srtp_err_status_t status;
+
+    /* check the security state */
+    if (crypto_kernel.state == srtp_crypto_kernel_state_secure) {
+        /*
+         * we're already in the secure state, but we've been asked to
+         * re-initialize, so we just re-run the self-tests and then return
+         */
+        return srtp_crypto_kernel_status();
+    }
+
+    /* initialize error reporting system */
+    status = srtp_err_reporting_init();
+    if (status) {
+        return status;
+    }
+
+    /* load debug modules */
+    status = srtp_crypto_kernel_load_debug_module(&srtp_mod_crypto_kernel);
+    if (status) {
+        return status;
+    }
+    status = srtp_crypto_kernel_load_debug_module(&srtp_mod_auth);
+    if (status) {
+        return status;
+    }
+    status = srtp_crypto_kernel_load_debug_module(&srtp_mod_cipher);
+    if (status) {
+        return status;
+    }
+    status = srtp_crypto_kernel_load_debug_module(&srtp_mod_stat);
+    if (status) {
+        return status;
+    }
+    status = srtp_crypto_kernel_load_debug_module(&srtp_mod_alloc);
+    if (status) {
+        return status;
+    }
+
+    /* load cipher types */
+    status = srtp_crypto_kernel_load_cipher_type(&srtp_null_cipher,
+                                                 SRTP_NULL_CIPHER);
+    if (status) {
+        return status;
+    }
+    status = srtp_crypto_kernel_load_cipher_type(&srtp_aes_icm_128,
+                                                 SRTP_AES_ICM_128);
+    if (status) {
+        return status;
+    }
+    status = srtp_crypto_kernel_load_cipher_type(&srtp_aes_icm_256,
+                                                 SRTP_AES_ICM_256);
+    if (status) {
+        return status;
+    }
+    status = srtp_crypto_kernel_load_debug_module(&srtp_mod_aes_icm);
+    if (status) {
+        return status;
+    }
+#ifdef GCM
+    status = srtp_crypto_kernel_load_cipher_type(&srtp_aes_icm_192,
+                                                 SRTP_AES_ICM_192);
+    if (status) {
+        return status;
+    }
+    status = srtp_crypto_kernel_load_cipher_type(&srtp_aes_gcm_128,
+                                                 SRTP_AES_GCM_128);
+    if (status) {
+        return status;
+    }
+    status = srtp_crypto_kernel_load_cipher_type(&srtp_aes_gcm_256,
+                                                 SRTP_AES_GCM_256);
+    if (status) {
+        return status;
+    }
+    status = srtp_crypto_kernel_load_debug_module(&srtp_mod_aes_gcm);
+    if (status) {
+        return status;
+    }
+#endif
+
+    /* load auth func types */
+    status = srtp_crypto_kernel_load_auth_type(&srtp_null_auth, SRTP_NULL_AUTH);
+    if (status) {
+        return status;
+    }
+    status = srtp_crypto_kernel_load_auth_type(&srtp_hmac, SRTP_HMAC_SHA1);
+    if (status) {
+        return status;
+    }
+    status = srtp_crypto_kernel_load_debug_module(&srtp_mod_hmac);
+    if (status) {
+        return status;
+    }
+
+    /* change state to secure */
+    crypto_kernel.state = srtp_crypto_kernel_state_secure;
+
+    return srtp_err_status_ok;
+}
+
+srtp_err_status_t srtp_crypto_kernel_status()
+{
+    srtp_err_status_t status;
+    srtp_kernel_cipher_type_t *ctype = crypto_kernel.cipher_type_list;
+    srtp_kernel_auth_type_t *atype = crypto_kernel.auth_type_list;
+
+    /* for each cipher type, describe and test */
+    while (ctype != NULL) {
+        srtp_err_report(srtp_err_level_info, "cipher: %s\n",
+                        ctype->cipher_type->description);
+        srtp_err_report(srtp_err_level_info, "  self-test: ");
+        status = srtp_cipher_type_self_test(ctype->cipher_type);
+        if (status) {
+            srtp_err_report(srtp_err_level_error, "failed with error code %d\n",
+                            status);
+            exit(status);
+        }
+        srtp_err_report(srtp_err_level_info, "passed\n");
+        ctype = ctype->next;
+    }
+
+    /* for each auth type, describe and test */
+    while (atype != NULL) {
+        srtp_err_report(srtp_err_level_info, "auth func: %s\n",
+                        atype->auth_type->description);
+        srtp_err_report(srtp_err_level_info, "  self-test: ");
+        status = srtp_auth_type_self_test(atype->auth_type);
+        if (status) {
+            srtp_err_report(srtp_err_level_error, "failed with error code %d\n",
+                            status);
+            exit(status);
+        }
+        srtp_err_report(srtp_err_level_info, "passed\n");
+        atype = atype->next;
+    }
+
+    srtp_crypto_kernel_list_debug_modules();
+
+    return srtp_err_status_ok;
+}
+
+srtp_err_status_t srtp_crypto_kernel_list_debug_modules()
+{
+    srtp_kernel_debug_module_t *dm = crypto_kernel.debug_module_list;
+
+    /* describe each debug module */
+    srtp_err_report(srtp_err_level_info, "debug modules loaded:\n");
+    while (dm != NULL) {
+        srtp_err_report(srtp_err_level_info, "  %s ", dm->mod->name);
+        if (dm->mod->on) {
+            srtp_err_report(srtp_err_level_info, "(on)\n");
+        } else {
+            srtp_err_report(srtp_err_level_info, "(off)\n");
+        }
+        dm = dm->next;
+    }
+
+    return srtp_err_status_ok;
+}
+
+srtp_err_status_t srtp_crypto_kernel_shutdown()
+{
+    /*
+     * free dynamic memory used in crypto_kernel at present
+     */
+
+    /* walk down cipher type list, freeing memory */
+    while (crypto_kernel.cipher_type_list != NULL) {
+        srtp_kernel_cipher_type_t *ctype = crypto_kernel.cipher_type_list;
+        crypto_kernel.cipher_type_list = ctype->next;
+        debug_print(srtp_mod_crypto_kernel, "freeing memory for cipher %s",
+                    ctype->cipher_type->description);
+        srtp_crypto_free(ctype);
+    }
+
+    /* walk down authetication module list, freeing memory */
+    while (crypto_kernel.auth_type_list != NULL) {
+        srtp_kernel_auth_type_t *atype = crypto_kernel.auth_type_list;
+        crypto_kernel.auth_type_list = atype->next;
+        debug_print(srtp_mod_crypto_kernel,
+                    "freeing memory for authentication %s",
+                    atype->auth_type->description);
+        srtp_crypto_free(atype);
+    }
+
+    /* walk down debug module list, freeing memory */
+    while (crypto_kernel.debug_module_list != NULL) {
+        srtp_kernel_debug_module_t *kdm = crypto_kernel.debug_module_list;
+        crypto_kernel.debug_module_list = kdm->next;
+        debug_print(srtp_mod_crypto_kernel,
+                    "freeing memory for debug module %s", kdm->mod->name);
+        srtp_crypto_free(kdm);
+    }
+
+    /* return to insecure state */
+    crypto_kernel.state = srtp_crypto_kernel_state_insecure;
+
+    return srtp_err_status_ok;
+}
+
+static inline srtp_err_status_t srtp_crypto_kernel_do_load_cipher_type(
+    const srtp_cipher_type_t *new_ct,
+    srtp_cipher_type_id_t id,
+    int replace)
+{
+    srtp_kernel_cipher_type_t *ctype, *new_ctype;
+    srtp_err_status_t status;
+
+    /* defensive coding */
+    if (new_ct == NULL) {
+        return srtp_err_status_bad_param;
+    }
+
+    if (new_ct->id != id) {
+        return srtp_err_status_bad_param;
+    }
+
+    /* check cipher type by running self-test */
+    status = srtp_cipher_type_self_test(new_ct);
+    if (status) {
+        return status;
+    }
+
+    /* walk down list, checking if this type is in the list already  */
+    ctype = crypto_kernel.cipher_type_list;
+    while (ctype != NULL) {
+        if (id == ctype->id) {
+            if (!replace) {
+                return srtp_err_status_bad_param;
+            }
+            status =
+                srtp_cipher_type_test(new_ct, ctype->cipher_type->test_data);
+            if (status) {
+                return status;
+            }
+            new_ctype = ctype;
+            break;
+        } else if (new_ct == ctype->cipher_type) {
+            return srtp_err_status_bad_param;
+        }
+        ctype = ctype->next;
+    }
+
+    /* if not found, put new_ct at the head of the list */
+    if (ctype == NULL) {
+        /* allocate memory */
+        new_ctype = (srtp_kernel_cipher_type_t *)srtp_crypto_alloc(
+            sizeof(srtp_kernel_cipher_type_t));
+        if (new_ctype == NULL) {
+            return srtp_err_status_alloc_fail;
+        }
+        new_ctype->next = crypto_kernel.cipher_type_list;
+
+        /* set head of list to new cipher type */
+        crypto_kernel.cipher_type_list = new_ctype;
+    }
+
+    /* set fields */
+    new_ctype->cipher_type = new_ct;
+    new_ctype->id = id;
+
+    return srtp_err_status_ok;
+}
+
+srtp_err_status_t srtp_crypto_kernel_load_cipher_type(
+    const srtp_cipher_type_t *new_ct,
+    srtp_cipher_type_id_t id)
+{
+    return srtp_crypto_kernel_do_load_cipher_type(new_ct, id, 0);
+}
+
+srtp_err_status_t srtp_replace_cipher_type(const srtp_cipher_type_t *new_ct,
+                                           srtp_cipher_type_id_t id)
+{
+    return srtp_crypto_kernel_do_load_cipher_type(new_ct, id, 1);
+}
+
+srtp_err_status_t srtp_crypto_kernel_do_load_auth_type(
+    const srtp_auth_type_t *new_at,
+    srtp_auth_type_id_t id,
+    int replace)
+{
+    srtp_kernel_auth_type_t *atype, *new_atype;
+    srtp_err_status_t status;
+
+    /* defensive coding */
+    if (new_at == NULL) {
+        return srtp_err_status_bad_param;
+    }
+
+    if (new_at->id != id) {
+        return srtp_err_status_bad_param;
+    }
+
+    /* check auth type by running self-test */
+    status = srtp_auth_type_self_test(new_at);
+    if (status) {
+        return status;
+    }
+
+    /* walk down list, checking if this type is in the list already  */
+    atype = crypto_kernel.auth_type_list;
+    while (atype != NULL) {
+        if (id == atype->id) {
+            if (!replace) {
+                return srtp_err_status_bad_param;
+            }
+            status = srtp_auth_type_test(new_at, atype->auth_type->test_data);
+            if (status) {
+                return status;
+            }
+            new_atype = atype;
+            break;
+        } else if (new_at == atype->auth_type) {
+            return srtp_err_status_bad_param;
+        }
+        atype = atype->next;
+    }
+
+    /* if not found, put new_at at the head of the list */
+    if (atype == NULL) {
+        /* allocate memory */
+        new_atype = (srtp_kernel_auth_type_t *)srtp_crypto_alloc(
+            sizeof(srtp_kernel_auth_type_t));
+        if (new_atype == NULL) {
+            return srtp_err_status_alloc_fail;
+        }
+
+        new_atype->next = crypto_kernel.auth_type_list;
+        /* set head of list to new auth type */
+        crypto_kernel.auth_type_list = new_atype;
+    }
+
+    /* set fields */
+    new_atype->auth_type = new_at;
+    new_atype->id = id;
+
+    return srtp_err_status_ok;
+}
+
+srtp_err_status_t srtp_crypto_kernel_load_auth_type(
+    const srtp_auth_type_t *new_at,
+    srtp_auth_type_id_t id)
+{
+    return srtp_crypto_kernel_do_load_auth_type(new_at, id, 0);
+}
+
+srtp_err_status_t srtp_replace_auth_type(const srtp_auth_type_t *new_at,
+                                         srtp_auth_type_id_t id)
+{
+    return srtp_crypto_kernel_do_load_auth_type(new_at, id, 1);
+}
+
+const srtp_cipher_type_t *srtp_crypto_kernel_get_cipher_type(
+    srtp_cipher_type_id_t id)
+{
+    srtp_kernel_cipher_type_t *ctype;
+
+    /* walk down list, looking for id  */
+    ctype = crypto_kernel.cipher_type_list;
+    while (ctype != NULL) {
+        if (id == ctype->id) {
+            return ctype->cipher_type;
+        }
+        ctype = ctype->next;
+    }
+
+    /* haven't found the right one, indicate failure by returning NULL */
+    return NULL;
+}
+
+srtp_err_status_t srtp_crypto_kernel_alloc_cipher(srtp_cipher_type_id_t id,
+                                                  srtp_cipher_pointer_t *cp,
+                                                  int key_len,
+                                                  int tag_len)
+{
+    const srtp_cipher_type_t *ct;
+
+    /*
+     * if the crypto_kernel is not yet initialized, we refuse to allocate
+     * any ciphers - this is a bit extra-paranoid
+     */
+    if (crypto_kernel.state != srtp_crypto_kernel_state_secure) {
+        return srtp_err_status_init_fail;
+    }
+
+    ct = srtp_crypto_kernel_get_cipher_type(id);
+    if (!ct) {
+        return srtp_err_status_fail;
+    }
+
+    return ((ct)->alloc(cp, key_len, tag_len));
+}
+
+const srtp_auth_type_t *srtp_crypto_kernel_get_auth_type(srtp_auth_type_id_t id)
+{
+    srtp_kernel_auth_type_t *atype;
+
+    /* walk down list, looking for id  */
+    atype = crypto_kernel.auth_type_list;
+    while (atype != NULL) {
+        if (id == atype->id) {
+            return atype->auth_type;
+        }
+        atype = atype->next;
+    }
+
+    /* haven't found the right one, indicate failure by returning NULL */
+    return NULL;
+}
+
+srtp_err_status_t srtp_crypto_kernel_alloc_auth(srtp_auth_type_id_t id,
+                                                srtp_auth_pointer_t *ap,
+                                                int key_len,
+                                                int tag_len)
+{
+    const srtp_auth_type_t *at;
+
+    /*
+     * if the crypto_kernel is not yet initialized, we refuse to allocate
+     * any auth functions - this is a bit extra-paranoid
+     */
+    if (crypto_kernel.state != srtp_crypto_kernel_state_secure) {
+        return srtp_err_status_init_fail;
+    }
+
+    at = srtp_crypto_kernel_get_auth_type(id);
+    if (!at) {
+        return srtp_err_status_fail;
+    }
+
+    return ((at)->alloc(ap, key_len, tag_len));
+}
+
+srtp_err_status_t srtp_crypto_kernel_load_debug_module(
+    srtp_debug_module_t *new_dm)
+{
+    srtp_kernel_debug_module_t *kdm, *new;
+
+    /* defensive coding */
+    if (new_dm == NULL || new_dm->name == NULL) {
+        return srtp_err_status_bad_param;
+    }
+
+    /* walk down list, checking if this type is in the list already  */
+    kdm = crypto_kernel.debug_module_list;
+    while (kdm != NULL) {
+        if (strncmp(new_dm->name, kdm->mod->name, 64) == 0) {
+            return srtp_err_status_bad_param;
+        }
+        kdm = kdm->next;
+    }
+
+    /* put new_dm at the head of the list */
+    /* allocate memory */
+    new = (srtp_kernel_debug_module_t *)srtp_crypto_alloc(
+        sizeof(srtp_kernel_debug_module_t));
+    if (new == NULL) {
+        return srtp_err_status_alloc_fail;
+    }
+
+    /* set fields */
+    new->mod = new_dm;
+    new->next = crypto_kernel.debug_module_list;
+
+    /* set head of list to new cipher type */
+    crypto_kernel.debug_module_list = new;
+
+    return srtp_err_status_ok;
+}
+
+srtp_err_status_t srtp_crypto_kernel_set_debug_module(const char *name, int on)
+{
+    srtp_kernel_debug_module_t *kdm;
+
+    /* walk down list, checking if this type is in the list already  */
+    kdm = crypto_kernel.debug_module_list;
+    while (kdm != NULL) {
+        if (strncmp(name, kdm->mod->name, 64) == 0) {
+            kdm->mod->on = on;
+            return srtp_err_status_ok;
+        }
+        kdm = kdm->next;
+    }
+
+    return srtp_err_status_fail;
+}
diff --git a/trunk/3rdparty/libsrtp-2-fit/crypto/kernel/err.c b/trunk/3rdparty/libsrtp-2-fit/crypto/kernel/err.c
new file mode 100644
index 000000000..9db5bfb43
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/crypto/kernel/err.c
@@ -0,0 +1,108 @@
+/*
+ * err.c
+ *
+ * error status reporting functions
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ */
+/*
+ *
+ * Copyright(c) 2001-2017 Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include "err.h"
+#include "datatypes.h"
+#include <string.h>
+
+/* srtp_err_file is the FILE to which errors are reported */
+
+static FILE *srtp_err_file = NULL;
+
+srtp_err_status_t srtp_err_reporting_init()
+{
+#ifdef ERR_REPORTING_STDOUT
+    srtp_err_file = stdout;
+#elif defined(ERR_REPORTING_FILE)
+    /* open file for error reporting */
+    srtp_err_file = fopen(ERR_REPORTING_FILE, "w");
+    if (srtp_err_file == NULL) {
+        return srtp_err_status_init_fail;
+    }
+#endif
+
+    return srtp_err_status_ok;
+}
+
+static srtp_err_report_handler_func_t *srtp_err_report_handler = NULL;
+
+srtp_err_status_t srtp_install_err_report_handler(
+    srtp_err_report_handler_func_t func)
+{
+    srtp_err_report_handler = func;
+    return srtp_err_status_ok;
+}
+
+void srtp_err_report(srtp_err_reporting_level_t level, const char *format, ...)
+{
+    char msg[512];
+    va_list args;
+    if (srtp_err_file != NULL) {
+        va_start(args, format);
+        vfprintf(srtp_err_file, format, args);
+        va_end(args);
+    }
+    if (srtp_err_report_handler != NULL) {
+        va_start(args, format);
+        if (vsnprintf(msg, sizeof(msg), format, args) > 0) {
+            /* strip trailing \n, callback should not have one */
+            size_t l = strlen(msg);
+            if (l && msg[l - 1] == '\n') {
+                msg[l - 1] = '\0';
+            }
+            srtp_err_report_handler(level, msg);
+            /*
+             * NOTE, need to be carefull, there is a potential that
+             * octet_string_set_to_zero() could
+             * call srtp_err_report() in the future, leading to recursion
+             */
+            octet_string_set_to_zero(msg, sizeof(msg));
+        }
+        va_end(args);
+    }
+}
diff --git a/trunk/3rdparty/libsrtp-2-fit/crypto/kernel/key.c b/trunk/3rdparty/libsrtp-2-fit/crypto/kernel/key.c
new file mode 100644
index 000000000..046619504
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/crypto/kernel/key.c
@@ -0,0 +1,122 @@
+/*
+ * key.c
+ *
+ * key usage limits enforcement
+ *
+ * David A. Mcgrew
+ * Cisco Systems, Inc.
+ */
+/*
+ *
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include "key.h"
+
+#define soft_limit 0x10000
+
+srtp_err_status_t srtp_key_limit_set(srtp_key_limit_t key,
+                                     const srtp_xtd_seq_num_t s)
+{
+#ifdef NO_64BIT_MATH
+    if (high32(s) == 0 && low32(s) < soft_limit) {
+        return srtp_err_status_bad_param;
+    }
+#else
+    if (s < soft_limit) {
+        return srtp_err_status_bad_param;
+    }
+#endif
+    key->num_left = s;
+    key->state = srtp_key_state_normal;
+    return srtp_err_status_ok;
+}
+
+srtp_err_status_t srtp_key_limit_clone(srtp_key_limit_t original,
+                                       srtp_key_limit_t *new_key)
+{
+    if (original == NULL) {
+        return srtp_err_status_bad_param;
+    }
+    *new_key = original;
+    return srtp_err_status_ok;
+}
+
+srtp_err_status_t srtp_key_limit_check(const srtp_key_limit_t key)
+{
+    if (key->state == srtp_key_state_expired) {
+        return srtp_err_status_key_expired;
+    }
+    return srtp_err_status_ok;
+}
+
+srtp_key_event_t srtp_key_limit_update(srtp_key_limit_t key)
+{
+#ifdef NO_64BIT_MATH
+    if (low32(key->num_left) == 0) {
+        // carry
+        key->num_left =
+            make64(high32(key->num_left) - 1, low32(key->num_left) - 1);
+    } else {
+        // no carry
+        key->num_left = make64(high32(key->num_left), low32(key->num_left) - 1);
+    }
+    if (high32(key->num_left) != 0 || low32(key->num_left) >= soft_limit) {
+        return srtp_key_event_normal; /* we're above the soft limit */
+    }
+#else
+    key->num_left--;
+    if (key->num_left >= soft_limit) {
+        return srtp_key_event_normal; /* we're above the soft limit */
+    }
+#endif
+    if (key->state == srtp_key_state_normal) {
+        /* we just passed the soft limit, so change the state */
+        key->state = srtp_key_state_past_soft_limit;
+    }
+#ifdef NO_64BIT_MATH
+    if (low32(key->num_left) == 0 && high32(key->num_left == 0))
+#else
+    if (key->num_left < 1)
+#endif
+    { /* we just hit the hard limit */
+        key->state = srtp_key_state_expired;
+        return srtp_key_event_hard_limit;
+    }
+    return srtp_key_event_soft_limit;
+}
diff --git a/trunk/3rdparty/libsrtp-2-fit/crypto/math/datatypes.c b/trunk/3rdparty/libsrtp-2-fit/crypto/math/datatypes.c
new file mode 100644
index 000000000..001584c1b
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/crypto/math/datatypes.c
@@ -0,0 +1,490 @@
+/*
+ * datatypes.c
+ *
+ * data types for finite fields and functions for input, output, and
+ * manipulation
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ */
+/*
+ *
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#ifdef OPENSSL
+#include <openssl/crypto.h>
+#endif
+
+#include "datatypes.h"
+
+static const int8_t octet_weight[256] = {
+    0, 1, 1, 2, 1, 2, 2, 3, 1, 2, 2, 3, 2, 3, 3, 4, 1, 2, 2, 3, 2, 3, 3, 4,
+    2, 3, 3, 4, 3, 4, 4, 5, 1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,
+    2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6, 1, 2, 2, 3, 2, 3, 3, 4,
+    2, 3, 3, 4, 3, 4, 4, 5, 2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,
+    2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6, 3, 4, 4, 5, 4, 5, 5, 6,
+    4, 5, 5, 6, 5, 6, 6, 7, 1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,
+    2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6, 2, 3, 3, 4, 3, 4, 4, 5,
+    3, 4, 4, 5, 4, 5, 5, 6, 3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,
+    2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6, 3, 4, 4, 5, 4, 5, 5, 6,
+    4, 5, 5, 6, 5, 6, 6, 7, 3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,
+    4, 5, 5, 6, 5, 6, 6, 7, 5, 6, 6, 7, 6, 7, 7, 8
+};
+
+int octet_get_weight(uint8_t octet)
+{
+    return (int)octet_weight[octet];
+}
+
+/*
+ * bit_string is a buffer that is used to hold output strings, e.g.
+ * for printing.
+ */
+
+/* the value MAX_PRINT_STRING_LEN is defined in datatypes.h */
+
+char bit_string[MAX_PRINT_STRING_LEN];
+
+uint8_t srtp_nibble_to_hex_char(uint8_t nibble)
+{
+    char buf[16] = { '0', '1', '2', '3', '4', '5', '6', '7',
+                     '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };
+    return buf[nibble & 0xF];
+}
+
+char *srtp_octet_string_hex_string(const void *s, int length)
+{
+    const uint8_t *str = (const uint8_t *)s;
+    int i;
+
+    /* double length, since one octet takes two hex characters */
+    length *= 2;
+
+    /* truncate string if it would be too long */
+    if (length > MAX_PRINT_STRING_LEN)
+        length = MAX_PRINT_STRING_LEN - 2;
+
+    for (i = 0; i < length; i += 2) {
+        bit_string[i] = srtp_nibble_to_hex_char(*str >> 4);
+        bit_string[i + 1] = srtp_nibble_to_hex_char(*str++ & 0xF);
+    }
+    bit_string[i] = 0; /* null terminate string */
+    return bit_string;
+}
+
+char *v128_hex_string(v128_t *x)
+{
+    int i, j;
+
+    for (i = j = 0; i < 16; i++) {
+        bit_string[j++] = srtp_nibble_to_hex_char(x->v8[i] >> 4);
+        bit_string[j++] = srtp_nibble_to_hex_char(x->v8[i] & 0xF);
+    }
+
+    bit_string[j] = 0; /* null terminate string */
+    return bit_string;
+}
+
+char *v128_bit_string(v128_t *x)
+{
+    int j, i;
+    uint32_t mask;
+
+    for (j = i = 0; j < 4; j++) {
+        for (mask = 0x80000000; mask > 0; mask >>= 1) {
+            if (x->v32[j] & mask)
+                bit_string[i] = '1';
+            else
+                bit_string[i] = '0';
+            ++i;
+        }
+    }
+    bit_string[128] = 0; /* null terminate string */
+
+    return bit_string;
+}
+
+void v128_copy_octet_string(v128_t *x, const uint8_t s[16])
+{
+#ifdef ALIGNMENT_32BIT_REQUIRED
+    if ((((uint32_t)&s[0]) & 0x3) != 0)
+#endif
+    {
+        x->v8[0] = s[0];
+        x->v8[1] = s[1];
+        x->v8[2] = s[2];
+        x->v8[3] = s[3];
+        x->v8[4] = s[4];
+        x->v8[5] = s[5];
+        x->v8[6] = s[6];
+        x->v8[7] = s[7];
+        x->v8[8] = s[8];
+        x->v8[9] = s[9];
+        x->v8[10] = s[10];
+        x->v8[11] = s[11];
+        x->v8[12] = s[12];
+        x->v8[13] = s[13];
+        x->v8[14] = s[14];
+        x->v8[15] = s[15];
+    }
+#ifdef ALIGNMENT_32BIT_REQUIRED
+    else {
+        v128_t *v = (v128_t *)&s[0];
+
+        v128_copy(x, v);
+    }
+#endif
+}
+
+#ifndef DATATYPES_USE_MACROS /* little functions are not macros */
+
+void v128_set_to_zero(v128_t *x)
+{
+    _v128_set_to_zero(x);
+}
+
+void v128_copy(v128_t *x, const v128_t *y)
+{
+    _v128_copy(x, y);
+}
+
+void v128_xor(v128_t *z, v128_t *x, v128_t *y)
+{
+    _v128_xor(z, x, y);
+}
+
+void v128_and(v128_t *z, v128_t *x, v128_t *y)
+{
+    _v128_and(z, x, y);
+}
+
+void v128_or(v128_t *z, v128_t *x, v128_t *y)
+{
+    _v128_or(z, x, y);
+}
+
+void v128_complement(v128_t *x)
+{
+    _v128_complement(x);
+}
+
+int v128_is_eq(const v128_t *x, const v128_t *y)
+{
+    return _v128_is_eq(x, y);
+}
+
+int v128_xor_eq(v128_t *x, const v128_t *y)
+{
+    return _v128_xor_eq(x, y);
+}
+
+int v128_get_bit(const v128_t *x, int i)
+{
+    return _v128_get_bit(x, i);
+}
+
+void v128_set_bit(v128_t *x, int i)
+{
+    _v128_set_bit(x, i);
+}
+
+void v128_clear_bit(v128_t *x, int i)
+{
+    _v128_clear_bit(x, i);
+}
+
+void v128_set_bit_to(v128_t *x, int i, int y)
+{
+    _v128_set_bit_to(x, i, y);
+}
+
+#endif /* DATATYPES_USE_MACROS */
+
+void v128_right_shift(v128_t *x, int shift)
+{
+    const int base_index = shift >> 5;
+    const int bit_index = shift & 31;
+    int i, from;
+    uint32_t b;
+
+    if (shift > 127) {
+        v128_set_to_zero(x);
+        return;
+    }
+
+    if (bit_index == 0) {
+        /* copy each word from left size to right side */
+        x->v32[4 - 1] = x->v32[4 - 1 - base_index];
+        for (i = 4 - 1; i > base_index; i--)
+            x->v32[i - 1] = x->v32[i - 1 - base_index];
+
+    } else {
+        /* set each word to the "or" of the two bit-shifted words */
+        for (i = 4; i > base_index; i--) {
+            from = i - 1 - base_index;
+            b = x->v32[from] << bit_index;
+            if (from > 0)
+                b |= x->v32[from - 1] >> (32 - bit_index);
+            x->v32[i - 1] = b;
+        }
+    }
+
+    /* now wrap up the final portion */
+    for (i = 0; i < base_index; i++)
+        x->v32[i] = 0;
+}
+
+void v128_left_shift(v128_t *x, int shift)
+{
+    int i;
+    const int base_index = shift >> 5;
+    const int bit_index = shift & 31;
+
+    if (shift > 127) {
+        v128_set_to_zero(x);
+        return;
+    }
+
+    if (bit_index == 0) {
+        for (i = 0; i < 4 - base_index; i++)
+            x->v32[i] = x->v32[i + base_index];
+    } else {
+        for (i = 0; i < 4 - base_index - 1; i++)
+            x->v32[i] = (x->v32[i + base_index] >> bit_index) ^
+                        (x->v32[i + base_index + 1] << (32 - bit_index));
+        x->v32[4 - base_index - 1] = x->v32[4 - 1] >> bit_index;
+    }
+
+    /* now wrap up the final portion */
+    for (i = 4 - base_index; i < 4; i++)
+        x->v32[i] = 0;
+}
+
+/* functions manipulating bitvector_t */
+
+#ifndef DATATYPES_USE_MACROS /* little functions are not macros */
+
+int bitvector_get_bit(const bitvector_t *v, int bit_index)
+{
+    return _bitvector_get_bit(v, bit_index);
+}
+
+void bitvector_set_bit(bitvector_t *v, int bit_index)
+{
+    _bitvector_set_bit(v, bit_index);
+}
+
+void bitvector_clear_bit(bitvector_t *v, int bit_index)
+{
+    _bitvector_clear_bit(v, bit_index);
+}
+
+#endif /* DATATYPES_USE_MACROS */
+
+int bitvector_alloc(bitvector_t *v, unsigned long length)
+{
+    unsigned long l;
+
+    /* Round length up to a multiple of bits_per_word */
+    length =
+        (length + bits_per_word - 1) & ~(unsigned long)((bits_per_word - 1));
+
+    l = length / bits_per_word * bytes_per_word;
+
+    /* allocate memory, then set parameters */
+    if (l == 0) {
+        v->word = NULL;
+        v->length = 0;
+        return -1;
+    } else {
+        v->word = (uint32_t *)srtp_crypto_alloc(l);
+        if (v->word == NULL) {
+            v->length = 0;
+            return -1;
+        }
+    }
+    v->length = length;
+
+    /* initialize bitvector to zero */
+    bitvector_set_to_zero(v);
+
+    return 0;
+}
+
+void bitvector_dealloc(bitvector_t *v)
+{
+    if (v->word != NULL)
+        srtp_crypto_free(v->word);
+    v->word = NULL;
+    v->length = 0;
+}
+
+void bitvector_set_to_zero(bitvector_t *x)
+{
+    /* C99 guarantees that memset(0) will set the value 0 for uint32_t */
+    memset(x->word, 0, x->length >> 3);
+}
+
+char *bitvector_bit_string(bitvector_t *x, char *buf, int len)
+{
+    int j, i;
+    uint32_t mask;
+
+    for (j = i = 0; j < (int)(x->length >> 5) && i < len - 1; j++) {
+        for (mask = 0x80000000; mask > 0; mask >>= 1) {
+            if (x->word[j] & mask)
+                buf[i] = '1';
+            else
+                buf[i] = '0';
+            ++i;
+            if (i >= len - 1)
+                break;
+        }
+    }
+    buf[i] = 0; /* null terminate string */
+
+    return buf;
+}
+
+void bitvector_left_shift(bitvector_t *x, int shift)
+{
+    int i;
+    const int base_index = shift >> 5;
+    const int bit_index = shift & 31;
+    const int word_length = x->length >> 5;
+
+    if (shift >= (int)x->length) {
+        bitvector_set_to_zero(x);
+        return;
+    }
+
+    if (bit_index == 0) {
+        for (i = 0; i < word_length - base_index; i++)
+            x->word[i] = x->word[i + base_index];
+    } else {
+        for (i = 0; i < word_length - base_index - 1; i++)
+            x->word[i] = (x->word[i + base_index] >> bit_index) ^
+                         (x->word[i + base_index + 1] << (32 - bit_index));
+        x->word[word_length - base_index - 1] =
+            x->word[word_length - 1] >> bit_index;
+    }
+
+    /* now wrap up the final portion */
+    for (i = word_length - base_index; i < word_length; i++)
+        x->word[i] = 0;
+}
+
+int srtp_octet_string_is_eq(uint8_t *a, uint8_t *b, int len)
+{
+    uint8_t *end = b + len;
+    uint8_t accumulator = 0;
+
+    /*
+     * We use this somewhat obscure implementation to try to ensure the running
+     * time only depends on len, even accounting for compiler optimizations.
+     * The accumulator ends up zero iff the strings are equal.
+     */
+    while (b < end)
+        accumulator |= (*a++ ^ *b++);
+
+    /* Return 1 if *not* equal. */
+    return accumulator != 0;
+}
+
+void srtp_cleanse(void *s, size_t len)
+{
+    volatile unsigned char *p = (volatile unsigned char *)s;
+    while (len--)
+        *p++ = 0;
+}
+
+void octet_string_set_to_zero(void *s, size_t len)
+{
+#if defined(OPENSSL) && !defined(OPENSSL_CLEANSE_BROKEN)
+    OPENSSL_cleanse(s, len);
+#else
+    srtp_cleanse(s, len);
+#endif
+}
+
+#ifdef TESTAPP_SOURCE
+
+static const char b64chars[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+                               "abcdefghijklmnopqrstuvwxyz0123456789+/";
+
+static int base64_block_to_octet_triple(char *out, char *in)
+{
+    unsigned char sextets[4] = { 0 };
+    int j = 0;
+    int i;
+
+    for (i = 0; i < 4; i++) {
+        char *p = strchr(b64chars, in[i]);
+        if (p != NULL)
+            sextets[i] = p - b64chars;
+        else
+            j++;
+    }
+
+    out[0] = (sextets[0] << 2) | (sextets[1] >> 4);
+    if (j < 2)
+        out[1] = (sextets[1] << 4) | (sextets[2] >> 2);
+    if (j < 1)
+        out[2] = (sextets[2] << 6) | sextets[3];
+    return j;
+}
+
+int base64_string_to_octet_string(char *out, int *pad, char *in, int len)
+{
+    int k = 0;
+    int i = 0;
+    int j = 0;
+    if (len % 4 != 0)
+        return 0;
+
+    while (i < len && j == 0) {
+        j = base64_block_to_octet_triple(out + k, in + i);
+        k += 3;
+        i += 4;
+    }
+    *pad = j;
+    return i;
+}
+
+#endif
diff --git a/trunk/3rdparty/libsrtp-2-fit/crypto/math/stat.c b/trunk/3rdparty/libsrtp-2-fit/crypto/math/stat.c
new file mode 100644
index 000000000..d30045357
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/crypto/math/stat.c
@@ -0,0 +1,213 @@
+/*
+ * stats.c
+ *
+ * statistical tests
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ */
+
+/*
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include "stat.h"
+
+srtp_debug_module_t srtp_mod_stat = {
+    0,                  /* debugging is off by default */
+    (char *)"stat test" /* printable module name       */
+};
+
+/*
+ * each test assumes that 20,000 bits (2500 octets) of data is
+ * provided as input
+ */
+
+#define STAT_TEST_DATA_LEN 2500
+
+srtp_err_status_t stat_test_monobit(uint8_t *data)
+{
+    uint8_t *data_end = data + STAT_TEST_DATA_LEN;
+    uint16_t ones_count;
+
+    ones_count = 0;
+    while (data < data_end) {
+        ones_count += octet_get_weight(*data);
+        data++;
+    }
+
+    debug_print(srtp_mod_stat, "bit count: %d", ones_count);
+
+    if ((ones_count < 9725) || (ones_count > 10275))
+        return srtp_err_status_algo_fail;
+
+    return srtp_err_status_ok;
+}
+
+srtp_err_status_t stat_test_poker(uint8_t *data)
+{
+    int i;
+    uint8_t *data_end = data + STAT_TEST_DATA_LEN;
+    double poker;
+    uint16_t f[16] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
+
+    while (data < data_end) {
+        f[*data & 0x0f]++; /* increment freq. count for low nibble  */
+        f[(*data) >> 4]++; /* increment freq. count for high nibble */
+        data++;
+    }
+
+    poker = 0.0;
+    for (i = 0; i < 16; i++)
+        poker += (double)f[i] * f[i];
+
+    poker *= (16.0 / 5000.0);
+    poker -= 5000.0;
+
+    debug_print(srtp_mod_stat, "poker test: %f\n", poker);
+
+    if ((poker < 2.16) || (poker > 46.17))
+        return srtp_err_status_algo_fail;
+
+    return srtp_err_status_ok;
+}
+
+/*
+ * runs[i] holds the number of runs of size (i-1)
+ */
+
+srtp_err_status_t stat_test_runs(uint8_t *data)
+{
+    uint8_t *data_end = data + STAT_TEST_DATA_LEN;
+    uint16_t runs[6] = { 0, 0, 0, 0, 0, 0 };
+    uint16_t gaps[6] = { 0, 0, 0, 0, 0, 0 };
+    uint16_t lo_value[6] = { 2315, 1114, 527, 240, 103, 103 };
+    uint16_t hi_value[6] = { 2685, 1386, 723, 384, 209, 209 };
+    int state = 0;
+    uint16_t mask;
+    int i;
+
+    /*
+     * the state variable holds the number of bits in the
+     * current run (or gap, if negative)
+     */
+
+    while (data < data_end) {
+        /* loop over the bits of this byte */
+        for (mask = 1; mask < 256; mask <<= 1) {
+            if (*data & mask) {
+                /* next bit is a one  */
+                if (state > 0) {
+                    /* prefix is a run, so increment the run-count  */
+                    state++;
+
+                    /* check for long runs */
+                    if (state > 25) {
+                        debug_print(srtp_mod_stat, ">25 runs: %d", state);
+                        return srtp_err_status_algo_fail;
+                    }
+
+                } else if (state < 0) {
+                    /* prefix is a gap  */
+                    if (state < -25) {
+                        debug_print(srtp_mod_stat, ">25 gaps: %d", state);
+                        return srtp_err_status_algo_fail; /* long-runs test
+                                                             failed   */
+                    }
+                    if (state < -6) {
+                        state = -6; /* group together gaps > 5 */
+                    }
+                    gaps[-1 - state]++; /* increment gap count      */
+                    state = 1;          /* set state at one set bit */
+                } else {
+                    /* state is zero; this happens only at initialization */
+                    state = 1;
+                }
+            } else {
+                /* next bit is a zero  */
+                if (state > 0) {
+                    /* prefix is a run */
+                    if (state > 25) {
+                        debug_print(srtp_mod_stat, ">25 runs (2): %d", state);
+                        return srtp_err_status_algo_fail; /* long-runs test
+                                                             failed   */
+                    }
+                    if (state > 6) {
+                        state = 6; /* group together runs > 5 */
+                    }
+                    runs[state - 1]++; /* increment run count       */
+                    state = -1;        /* set state at one zero bit */
+                } else if (state < 0) {
+                    /* prefix is a gap, so increment gap-count (decrement state)
+                     */
+                    state--;
+
+                    /* check for long gaps */
+                    if (state < -25) {
+                        debug_print(srtp_mod_stat, ">25 gaps (2): %d", state);
+                        return srtp_err_status_algo_fail;
+                    }
+
+                } else {
+                    /* state is zero; this happens only at initialization */
+                    state = -1;
+                }
+            }
+        }
+
+        /* move along to next octet */
+        data++;
+    }
+
+    if (srtp_mod_stat.on) {
+        debug_print0(srtp_mod_stat, "runs test");
+        for (i = 0; i < 6; i++)
+            debug_print(srtp_mod_stat, "  runs[]: %d", runs[i]);
+        for (i = 0; i < 6; i++)
+            debug_print(srtp_mod_stat, "  gaps[]: %d", gaps[i]);
+    }
+
+    /* check run and gap counts against the fixed limits */
+    for (i = 0; i < 6; i++)
+        if ((runs[i] < lo_value[i]) || (runs[i] > hi_value[i]) ||
+            (gaps[i] < lo_value[i]) || (gaps[i] > hi_value[i]))
+            return srtp_err_status_algo_fail;
+
+    return srtp_err_status_ok;
+}
diff --git a/trunk/3rdparty/libsrtp-2-fit/crypto/replay/rdb.c b/trunk/3rdparty/libsrtp-2-fit/crypto/replay/rdb.c
new file mode 100644
index 000000000..ab1c7b55b
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/crypto/replay/rdb.c
@@ -0,0 +1,137 @@
+/*
+ * rdb.c
+ *
+ * Implements a replay database for packet security
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ */
+
+/*
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include "rdb.h"
+
+/*
+ * this implementation of a replay database works as follows:
+ *
+ * window_start is the index of the first packet in the window
+ * bitmask      a bit-buffer, containing the most recently entered
+ *              index as the leftmost bit
+ *
+ */
+
+/* srtp_rdb_init initalizes rdb */
+srtp_err_status_t srtp_rdb_init(srtp_rdb_t *rdb)
+{
+    v128_set_to_zero(&rdb->bitmask);
+    rdb->window_start = 0;
+    return srtp_err_status_ok;
+}
+
+/*
+ * srtp_rdb_check checks to see if index appears in rdb
+ */
+srtp_err_status_t srtp_rdb_check(const srtp_rdb_t *rdb, uint32_t p_index)
+{
+    /* if the index appears after (or at very end of) the window, its good */
+    if (p_index >= rdb->window_start + rdb_bits_in_bitmask) {
+        return srtp_err_status_ok;
+    }
+
+    /* if the index appears before the window, its bad */
+    if (p_index < rdb->window_start) {
+        return srtp_err_status_replay_old;
+    }
+
+    /* otherwise, the index appears within the window, so check the bitmask */
+    if (v128_get_bit(&rdb->bitmask, (p_index - rdb->window_start)) == 1) {
+        return srtp_err_status_replay_fail;
+    }
+
+    /* otherwise, the index is okay */
+    return srtp_err_status_ok;
+}
+
+/*
+ * srtp_rdb_add_index adds index to srtp_rdb_t (and does *not* check if
+ * index appears in db)
+ *
+ * this function should be called only after srtp_rdb_check has
+ * indicated that the index does not appear in the rdb, e.g., a mutex
+ * should protect the rdb between these calls
+ */
+srtp_err_status_t srtp_rdb_add_index(srtp_rdb_t *rdb, uint32_t p_index)
+{
+    unsigned int delta;
+
+    if (p_index < rdb->window_start)
+        return srtp_err_status_replay_fail;
+
+    delta = (p_index - rdb->window_start);
+    if (delta < rdb_bits_in_bitmask) {
+        /* if the p_index is within the window, set the appropriate bit */
+        v128_set_bit(&rdb->bitmask, delta);
+
+    } else {
+        delta -= rdb_bits_in_bitmask - 1;
+
+        /* shift the window forward by delta bits*/
+        v128_left_shift(&rdb->bitmask, delta);
+        v128_set_bit(&rdb->bitmask, rdb_bits_in_bitmask - 1);
+        rdb->window_start += delta;
+    }
+
+    return srtp_err_status_ok;
+}
+
+srtp_err_status_t srtp_rdb_increment(srtp_rdb_t *rdb)
+{
+    if (rdb->window_start >= 0x7fffffff) {
+        return srtp_err_status_key_expired;
+    }
+    ++rdb->window_start;
+    return srtp_err_status_ok;
+}
+
+uint32_t srtp_rdb_get_value(const srtp_rdb_t *rdb)
+{
+    return rdb->window_start;
+}
diff --git a/trunk/3rdparty/libsrtp-2-fit/crypto/replay/rdbx.c b/trunk/3rdparty/libsrtp-2-fit/crypto/replay/rdbx.c
new file mode 100644
index 000000000..40cba01a1
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/crypto/replay/rdbx.c
@@ -0,0 +1,386 @@
+/*
+ * rdbx.c
+ *
+ * a replay database with extended range, using a rollover counter
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ */
+
+/*
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include "rdbx.h"
+
+/*
+ * from RFC 3711:
+ *
+ * A receiver reconstructs the index i of a packet with sequence
+ *  number SEQ using the estimate
+ *
+ * i = 2^16 * v + SEQ,
+ *
+ * where v is chosen from the set { ROC-1, ROC, ROC+1 } such that i is
+ * closest to the value 2^16 * ROC + s_l.  If the value r+1 is used,
+ * then the rollover counter r in the cryptographic context is
+ * incremented by one (if the packet containing s is authentic).
+ */
+
+/*
+ * rdbx implementation notes
+ *
+ * A srtp_xtd_seq_num_t is essentially a sequence number for which some of
+ * the data on the wire are implicit.  It logically consists of a
+ * rollover counter and a sequence number; the sequence number is the
+ * explicit part, and the rollover counter is the implicit part.
+ *
+ * Upon receiving a sequence_number (e.g. in a newly received SRTP
+ * packet), the complete srtp_xtd_seq_num_t can be estimated by using a
+ * local srtp_xtd_seq_num_t as a basis.  This is done using the function
+ * srtp_index_guess(&local, &guess, seq_from_packet).  This function
+ * returns the difference of the guess and the local value.  The local
+ * srtp_xtd_seq_num_t can be moved forward to the guess using the function
+ * srtp_index_advance(&guess, delta), where delta is the difference.
+ *
+ *
+ * A srtp_rdbx_t consists of a srtp_xtd_seq_num_t and a bitmask.  The index is
+ * highest sequence number that has been received, and the bitmask indicates
+ * which of the recent indicies have been received as well.  The
+ * highest bit in the bitmask corresponds to the index in the bitmask.
+ */
+
+void srtp_index_init(srtp_xtd_seq_num_t *pi)
+{
+#ifdef NO_64BIT_MATH
+    *pi = make64(0, 0);
+#else
+    *pi = 0;
+#endif
+}
+
+void srtp_index_advance(srtp_xtd_seq_num_t *pi, srtp_sequence_number_t s)
+{
+#ifdef NO_64BIT_MATH
+    /* a > ~b means a+b will generate a carry */
+    /* s is uint16 here */
+    *pi = make64(high32(*pi) + (s > ~low32(*pi) ? 1 : 0), low32(*pi) + s);
+#else
+    *pi += s;
+#endif
+}
+
+/*
+ * srtp_index_guess(local, guess, s)
+ *
+ * given a srtp_xtd_seq_num_t local (which represents the last
+ * known-to-be-good received srtp_xtd_seq_num_t) and a sequence number s
+ * (from a newly arrived packet), sets the contents of *guess to
+ * contain the best guess of the packet index to which s corresponds,
+ * and returns the difference between *guess and *local
+ *
+ * nota bene - the output is a signed integer, DON'T cast it to a
+ * unsigned integer!
+ */
+
+int32_t srtp_index_guess(const srtp_xtd_seq_num_t *local,
+                         srtp_xtd_seq_num_t *guess,
+                         srtp_sequence_number_t s)
+{
+#ifdef NO_64BIT_MATH
+    uint32_t local_roc = ((high32(*local) << 16) | (low32(*local) >> 16));
+    uint16_t local_seq = (uint16_t)(low32(*local));
+#else
+    uint32_t local_roc = (uint32_t)(*local >> 16);
+    uint16_t local_seq = (uint16_t)*local;
+#endif
+    uint32_t guess_roc;
+    uint16_t guess_seq;
+    int32_t difference;
+
+    if (local_seq < seq_num_median) {
+        if (s - local_seq > seq_num_median) {
+            guess_roc = local_roc - 1;
+            difference = s - local_seq - seq_num_max;
+        } else {
+            guess_roc = local_roc;
+            difference = s - local_seq;
+        }
+    } else {
+        if (local_seq - seq_num_median > s) {
+            guess_roc = local_roc + 1;
+            difference = s - local_seq + seq_num_max;
+        } else {
+            guess_roc = local_roc;
+            difference = s - local_seq;
+        }
+    }
+    guess_seq = s;
+
+/* Note: guess_roc is 32 bits, so this generates a 48-bit result! */
+#ifdef NO_64BIT_MATH
+    *guess = make64(guess_roc >> 16, (guess_roc << 16) | guess_seq);
+#else
+    *guess = (((uint64_t)guess_roc) << 16) | guess_seq;
+#endif
+
+    return difference;
+}
+
+/*
+ * rdbx
+ *
+ */
+
+/*
+ *  srtp_rdbx_init(&r, ws) initializes the srtp_rdbx_t pointed to by r with
+ * window size ws
+ */
+srtp_err_status_t srtp_rdbx_init(srtp_rdbx_t *rdbx, unsigned long ws)
+{
+    if (ws == 0) {
+        return srtp_err_status_bad_param;
+    }
+
+    if (bitvector_alloc(&rdbx->bitmask, ws) != 0) {
+        return srtp_err_status_alloc_fail;
+    }
+
+    srtp_index_init(&rdbx->index);
+
+    return srtp_err_status_ok;
+}
+
+/*
+ *  srtp_rdbx_dealloc(&r) frees memory for the srtp_rdbx_t pointed to by r
+ */
+srtp_err_status_t srtp_rdbx_dealloc(srtp_rdbx_t *rdbx)
+{
+    bitvector_dealloc(&rdbx->bitmask);
+
+    return srtp_err_status_ok;
+}
+
+/*
+ * srtp_rdbx_set_roc(rdbx, roc) initalizes the srtp_rdbx_t at the location rdbx
+ * to have the rollover counter value roc.  If that value is less than
+ * the current rollover counter value, then the function returns
+ * srtp_err_status_replay_old; otherwise, srtp_err_status_ok is returned.
+ *
+ */
+srtp_err_status_t srtp_rdbx_set_roc(srtp_rdbx_t *rdbx, uint32_t roc)
+{
+    bitvector_set_to_zero(&rdbx->bitmask);
+
+#ifdef NO_64BIT_MATH
+#error not yet implemented
+#else
+
+    /* make sure that we're not moving backwards */
+    if (roc < (rdbx->index >> 16)) {
+        return srtp_err_status_replay_old;
+    }
+
+    rdbx->index &= 0xffff;                /* retain lowest 16 bits */
+    rdbx->index |= ((uint64_t)roc) << 16; /* set ROC */
+#endif
+
+    return srtp_err_status_ok;
+}
+
+/*
+ * srtp_rdbx_get_packet_index(rdbx) returns the value of the packet index
+ * for the srtp_rdbx_t pointed to by rdbx
+ *
+ */
+srtp_xtd_seq_num_t srtp_rdbx_get_packet_index(const srtp_rdbx_t *rdbx)
+{
+    return rdbx->index;
+}
+
+/*
+ * srtp_rdbx_get_window_size(rdbx) returns the value of the window size
+ * for the srtp_rdbx_t pointed to by rdbx
+ *
+ */
+unsigned long srtp_rdbx_get_window_size(const srtp_rdbx_t *rdbx)
+{
+    return bitvector_get_length(&rdbx->bitmask);
+}
+
+/*
+ * srtp_rdbx_check(&r, delta) checks to see if the srtp_xtd_seq_num_t
+ * which is at rdbx->index + delta is in the rdb
+ */
+srtp_err_status_t srtp_rdbx_check(const srtp_rdbx_t *rdbx, int delta)
+{
+    if (delta > 0) { /* if delta is positive, it's good */
+        return srtp_err_status_ok;
+    } else if ((int)(bitvector_get_length(&rdbx->bitmask) - 1) + delta < 0) {
+        /* if delta is lower than the bitmask, it's bad */
+        return srtp_err_status_replay_old;
+    } else if (bitvector_get_bit(
+                   &rdbx->bitmask,
+                   (int)(bitvector_get_length(&rdbx->bitmask) - 1) + delta) ==
+               1) {
+        /* delta is within the window, so check the bitmask */
+        return srtp_err_status_replay_fail;
+    }
+    /* otherwise, the index is okay */
+
+    return srtp_err_status_ok;
+}
+
+/*
+ * srtp_rdbx_add_index adds the srtp_xtd_seq_num_t at rdbx->window_start + d to
+ * replay_db (and does *not* check if that srtp_xtd_seq_num_t appears in db)
+ *
+ * this function should be called only after replay_check has
+ * indicated that the index does not appear in the rdbx, e.g., a mutex
+ * should protect the rdbx between these calls if need be
+ */
+srtp_err_status_t srtp_rdbx_add_index(srtp_rdbx_t *rdbx, int delta)
+{
+    if (delta > 0) {
+        /* shift forward by delta */
+        srtp_index_advance(&rdbx->index, delta);
+        bitvector_left_shift(&rdbx->bitmask, delta);
+        bitvector_set_bit(&rdbx->bitmask,
+                          bitvector_get_length(&rdbx->bitmask) - 1);
+    } else {
+        /* delta is in window */
+        bitvector_set_bit(&rdbx->bitmask,
+                          bitvector_get_length(&rdbx->bitmask) - 1 + delta);
+    }
+
+    /* note that we need not consider the case that delta == 0 */
+
+    return srtp_err_status_ok;
+}
+
+/*
+ * srtp_rdbx_estimate_index(rdbx, guess, s)
+ *
+ * given an rdbx and a sequence number s (from a newly arrived packet),
+ * sets the contents of *guess to contain the best guess of the packet
+ * index to which s corresponds, and returns the difference between
+ * *guess and the locally stored synch info
+ */
+int32_t srtp_rdbx_estimate_index(const srtp_rdbx_t *rdbx,
+                                 srtp_xtd_seq_num_t *guess,
+                                 srtp_sequence_number_t s)
+{
+/*
+ * if the sequence number and rollover counter in the rdbx are
+ * non-zero, then use the srtp_index_guess(...) function, otherwise, just
+ * set the rollover counter to zero (since the srtp_index_guess(...)
+ * function might incorrectly guess that the rollover counter is
+ * 0xffffffff)
+ */
+
+#ifdef NO_64BIT_MATH
+    /* seq_num_median = 0x8000 */
+    if (high32(rdbx->index) > 0 || low32(rdbx->index) > seq_num_median)
+#else
+    if (rdbx->index > seq_num_median)
+#endif
+    {
+        return srtp_index_guess(&rdbx->index, guess, s);
+    }
+
+#ifdef NO_64BIT_MATH
+    *guess = make64(0, (uint32_t)s);
+#else
+    *guess = s;
+#endif
+
+#ifdef NO_64BIT_MATH
+    return s - (uint16_t)low32(rdbx->index);
+#else
+    return s - (uint16_t)rdbx->index;
+#endif
+}
+
+/*
+ * srtp_rdbx_get_roc(rdbx)
+ *
+ * Get the current rollover counter
+ *
+ */
+uint32_t srtp_rdbx_get_roc(const srtp_rdbx_t *rdbx)
+{
+    uint32_t roc;
+
+#ifdef NO_64BIT_MATH
+    roc = ((high32(rdbx->index) << 16) | (low32(rdbx->index) >> 16));
+#else
+    roc = (uint32_t)(rdbx->index >> 16);
+#endif
+
+    return roc;
+}
+
+/*
+ * srtp_rdbx_set_roc_seq(rdbx, roc, seq) initalizes the srtp_rdbx_t at the
+ * location rdbx to have the rollover counter value roc and packet sequence
+ * number seq.  If the new rollover counter value is less than the current
+ * rollover counter value, then the function returns
+ * srtp_err_status_replay_old, otherwise, srtp_err_status_ok is returned.
+ */
+srtp_err_status_t srtp_rdbx_set_roc_seq(srtp_rdbx_t *rdbx,
+                                        uint32_t roc,
+                                        uint16_t seq)
+{
+#ifdef NO_64BIT_MATH
+#error not yet implemented
+#else
+
+    /* make sure that we're not moving backwards */
+    if (roc < (rdbx->index >> 16)) {
+        return srtp_err_status_replay_old;
+    }
+
+    rdbx->index = seq;
+    rdbx->index |= ((uint64_t)roc) << 16; /* set ROC */
+#endif
+
+    bitvector_set_to_zero(&rdbx->bitmask);
+
+    return srtp_err_status_ok;
+}
diff --git a/trunk/3rdparty/libsrtp-2-fit/crypto/replay/ut_sim.c b/trunk/3rdparty/libsrtp-2-fit/crypto/replay/ut_sim.c
new file mode 100644
index 000000000..2825b68df
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/crypto/replay/ut_sim.c
@@ -0,0 +1,107 @@
+/*
+ * ut_sim.c
+ *
+ * an unreliable transport simulator
+ * (for testing replay databases and suchlike)
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ */
+
+/*
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include "ut_sim.h"
+#include "cipher_priv.h"
+
+int ut_compar(const void *a, const void *b)
+{
+    uint8_t r;
+    srtp_cipher_rand_for_tests(&r, sizeof(r));
+    return r > (UINT8_MAX / 2) ? -1 : 1;
+}
+
+void ut_init(ut_connection *utc)
+{
+    int i;
+    utc->index = 0;
+
+    for (i = 0; i < UT_BUF; i++)
+        utc->buffer[i] = i;
+
+    qsort(utc->buffer, UT_BUF, sizeof(uint32_t), ut_compar);
+
+    utc->index = UT_BUF - 1;
+}
+
+uint32_t ut_next_index(ut_connection *utc)
+{
+    uint32_t tmp;
+
+    tmp = utc->buffer[0];
+    utc->index++;
+    utc->buffer[0] = utc->index;
+
+    qsort(utc->buffer, UT_BUF, sizeof(uint32_t), ut_compar);
+
+    return tmp;
+}
+
+#ifdef UT_TEST
+
+#include <stdio.h>
+
+int main()
+{
+    uint32_t i, irecvd, idiff;
+    ut_connection utc;
+
+    ut_init(&utc);
+
+    for (i = 0; i < 1000; i++) {
+        irecvd = ut_next_index(&utc);
+        idiff = i - irecvd;
+        printf("%lu\t%lu\t%d\n", i, irecvd, idiff);
+    }
+
+    return 0;
+}
+
+#endif
diff --git a/trunk/3rdparty/libsrtp-2-fit/crypto/test/aes_calc.c b/trunk/3rdparty/libsrtp-2-fit/crypto/test/aes_calc.c
new file mode 100644
index 000000000..b362fd57f
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/crypto/test/aes_calc.c
@@ -0,0 +1,157 @@
+/*
+ * aes_calc.c
+ *
+ * A simple AES calculator for generating AES encryption values
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ */
+
+/*
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+/*
+
+ Example usage (with first NIST FIPS 197 test case):
+
+ [sh]$ test/aes_calc 000102030405060708090a0b0c0d0e0f \
+       00112233445566778899aabbccddeeff -v
+
+ plaintext:      00112233445566778899aabbccddeeff
+ key:            000102030405060708090a0b0c0d0e0f
+ ciphertext:     69c4e0d86a7b0430d8cdb78070b4c55a
+
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include "aes.h"
+#include <stdio.h>
+#include <string.h>
+#include "util.h"
+
+void usage(char *prog_name)
+{
+    printf("usage: %s <key> <plaintext> [-v]\n", prog_name);
+    exit(255);
+}
+
+#define AES_MAX_KEY_LEN 32
+
+int main(int argc, char *argv[])
+{
+    v128_t data;
+    uint8_t key[AES_MAX_KEY_LEN];
+    srtp_aes_expanded_key_t exp_key;
+    int key_len, len;
+    int verbose = 0;
+    srtp_err_status_t status;
+
+    if (argc == 3) {
+        /* we're not in verbose mode */
+        verbose = 0;
+    } else if (argc == 4) {
+        if (strncmp(argv[3], "-v", 2) == 0) {
+            /* we're in verbose mode */
+            verbose = 1;
+        } else {
+            /* unrecognized flag, complain and exit */
+            usage(argv[0]);
+        }
+    } else {
+        /* we've been fed the wrong number of arguments - compain and exit */
+        usage(argv[0]);
+    }
+
+    /* read in key, checking length */
+    if (strlen(argv[1]) > AES_MAX_KEY_LEN * 2) {
+        fprintf(stderr, "error: too many digits in key "
+                        "(should be at most %d hexadecimal digits, found %u)\n",
+                AES_MAX_KEY_LEN * 2, (unsigned)strlen(argv[1]));
+        exit(1);
+    }
+    len = hex_string_to_octet_string((char *)key, argv[1], AES_MAX_KEY_LEN * 2);
+    /* check that hex string is the right length */
+    if (len != 32 && len != 48 && len != 64) {
+        fprintf(stderr, "error: bad number of digits in key "
+                        "(should be 32/48/64 hexadecimal digits, found %d)\n",
+                len);
+        exit(1);
+    }
+    key_len = len / 2;
+
+    /* read in plaintext, checking length */
+    if (strlen(argv[2]) > 16 * 2) {
+        fprintf(stderr, "error: too many digits in plaintext "
+                        "(should be %d hexadecimal digits, found %u)\n",
+                16 * 2, (unsigned)strlen(argv[2]));
+        exit(1);
+    }
+    len = hex_string_to_octet_string((char *)(&data), argv[2], 16 * 2);
+    /* check that hex string is the right length */
+    if (len < 16 * 2) {
+        fprintf(stderr, "error: too few digits in plaintext "
+                        "(should be %d hexadecimal digits, found %d)\n",
+                16 * 2, len);
+        exit(1);
+    }
+
+    if (verbose) {
+        /* print out plaintext */
+        printf("plaintext:\t%s\n",
+               octet_string_hex_string((uint8_t *)&data, 16));
+    }
+
+    /* encrypt plaintext */
+    status = srtp_aes_expand_encryption_key(key, key_len, &exp_key);
+    if (status) {
+        fprintf(stderr, "error: AES key expansion failed.\n");
+        exit(1);
+    }
+
+    srtp_aes_encrypt(&data, &exp_key);
+
+    /* write ciphertext to output */
+    if (verbose) {
+        printf("key:\t\t%s\n", octet_string_hex_string(key, key_len));
+        printf("ciphertext:\t");
+    }
+    printf("%s\n", v128_hex_string(&data));
+
+    return 0;
+}
diff --git a/trunk/3rdparty/libsrtp-2-fit/crypto/test/cipher_driver.c b/trunk/3rdparty/libsrtp-2-fit/crypto/test/cipher_driver.c
new file mode 100644
index 000000000..8219a0618
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/crypto/test/cipher_driver.c
@@ -0,0 +1,603 @@
+/*
+ * cipher_driver.c
+ *
+ * A driver for the generic cipher type
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ */
+
+/*
+ *
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h> /* for printf() */
+#include "getopt_s.h"
+#include "cipher.h"
+#include "cipher_priv.h"
+#ifdef GCM
+#include "aes_icm_ext.h"
+#include "aes_gcm.h"
+#else
+#include "aes_icm.h"
+#endif
+
+#define PRINT_DEBUG 0
+
+void cipher_driver_test_throughput(srtp_cipher_t *c);
+
+srtp_err_status_t cipher_driver_self_test(srtp_cipher_type_t *ct);
+
+/*
+ * cipher_driver_test_buffering(ct) tests the cipher's output
+ * buffering for correctness by checking the consistency of succesive
+ * calls
+ */
+
+srtp_err_status_t cipher_driver_test_buffering(srtp_cipher_t *c);
+
+/*
+ * functions for testing cipher cache thrash
+ */
+srtp_err_status_t cipher_driver_test_array_throughput(srtp_cipher_type_t *ct,
+                                                      int klen,
+                                                      int num_cipher);
+
+void cipher_array_test_throughput(srtp_cipher_t *ca[], int num_cipher);
+
+uint64_t cipher_array_bits_per_second(srtp_cipher_t *cipher_array[],
+                                      int num_cipher,
+                                      unsigned octets_in_buffer,
+                                      int num_trials);
+
+srtp_err_status_t cipher_array_delete(srtp_cipher_t *cipher_array[],
+                                      int num_cipher);
+
+srtp_err_status_t cipher_array_alloc_init(srtp_cipher_t ***cipher_array,
+                                          int num_ciphers,
+                                          srtp_cipher_type_t *ctype,
+                                          int klen);
+
+void usage(char *prog_name)
+{
+    printf("usage: %s [ -t | -v | -a ]\n", prog_name);
+    exit(255);
+}
+
+void check_status(srtp_err_status_t s)
+{
+    if (s) {
+        printf("error (code %d)\n", s);
+        exit(s);
+    }
+    return;
+}
+
+/*
+ * null_cipher and srtp_aes_icm are the cipher meta-objects
+ * defined in the files in crypto/cipher subdirectory.  these are
+ * declared external so that we can use these cipher types here
+ */
+
+extern srtp_cipher_type_t srtp_null_cipher;
+extern srtp_cipher_type_t srtp_aes_icm_128;
+extern srtp_cipher_type_t srtp_aes_icm_256;
+#ifdef GCM
+extern srtp_cipher_type_t srtp_aes_icm_192;
+extern srtp_cipher_type_t srtp_aes_gcm_128;
+extern srtp_cipher_type_t srtp_aes_gcm_256;
+#endif
+
+int main(int argc, char *argv[])
+{
+    srtp_cipher_t *c = NULL;
+    srtp_err_status_t status;
+    /* clang-format off */
+    unsigned char test_key[48] = {
+        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+        0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+        0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+        0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+        0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+        0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+    };
+    /* clang-format on */
+    int q;
+    unsigned do_timing_test = 0;
+    unsigned do_validation = 0;
+    unsigned do_array_timing_test = 0;
+
+    /* process input arguments */
+    while (1) {
+        q = getopt_s(argc, argv, "tva");
+        if (q == -1)
+            break;
+        switch (q) {
+        case 't':
+            do_timing_test = 1;
+            break;
+        case 'v':
+            do_validation = 1;
+            break;
+        case 'a':
+            do_array_timing_test = 1;
+            break;
+        default:
+            usage(argv[0]);
+        }
+    }
+
+    printf("cipher test driver\n"
+           "David A. McGrew\n"
+           "Cisco Systems, Inc.\n");
+
+    if (!do_validation && !do_timing_test && !do_array_timing_test)
+        usage(argv[0]);
+
+    /* arry timing (cache thrash) test */
+    if (do_array_timing_test) {
+        int max_num_cipher = 1 << 16; /* number of ciphers in cipher_array */
+        int num_cipher;
+
+        for (num_cipher = 1; num_cipher < max_num_cipher; num_cipher *= 8)
+            cipher_driver_test_array_throughput(&srtp_null_cipher, 0,
+                                                num_cipher);
+
+        for (num_cipher = 1; num_cipher < max_num_cipher; num_cipher *= 8)
+            cipher_driver_test_array_throughput(
+                &srtp_aes_icm_128, SRTP_AES_ICM_128_KEY_LEN_WSALT, num_cipher);
+
+        for (num_cipher = 1; num_cipher < max_num_cipher; num_cipher *= 8)
+            cipher_driver_test_array_throughput(
+                &srtp_aes_icm_256, SRTP_AES_ICM_256_KEY_LEN_WSALT, num_cipher);
+
+#ifdef GCM
+        for (num_cipher = 1; num_cipher < max_num_cipher; num_cipher *= 8)
+            cipher_driver_test_array_throughput(
+                &srtp_aes_icm_192, SRTP_AES_ICM_192_KEY_LEN_WSALT, num_cipher);
+
+        for (num_cipher = 1; num_cipher < max_num_cipher; num_cipher *= 8) {
+            cipher_driver_test_array_throughput(
+                &srtp_aes_gcm_128, SRTP_AES_GCM_128_KEY_LEN_WSALT, num_cipher);
+        }
+
+        for (num_cipher = 1; num_cipher < max_num_cipher; num_cipher *= 8) {
+            cipher_driver_test_array_throughput(
+                &srtp_aes_gcm_256, SRTP_AES_GCM_256_KEY_LEN_WSALT, num_cipher);
+        }
+#endif
+    }
+
+    if (do_validation) {
+        cipher_driver_self_test(&srtp_null_cipher);
+        cipher_driver_self_test(&srtp_aes_icm_128);
+        cipher_driver_self_test(&srtp_aes_icm_256);
+#ifdef GCM
+        cipher_driver_self_test(&srtp_aes_icm_192);
+        cipher_driver_self_test(&srtp_aes_gcm_128);
+        cipher_driver_self_test(&srtp_aes_gcm_256);
+#endif
+    }
+
+    /* do timing and/or buffer_test on srtp_null_cipher */
+    status = srtp_cipher_type_alloc(&srtp_null_cipher, &c, 0, 0);
+    check_status(status);
+
+    status = srtp_cipher_init(c, NULL);
+    check_status(status);
+
+    if (do_timing_test)
+        cipher_driver_test_throughput(c);
+    if (do_validation) {
+        status = cipher_driver_test_buffering(c);
+        check_status(status);
+    }
+    status = srtp_cipher_dealloc(c);
+    check_status(status);
+
+    /* run the throughput test on the aes_icm cipher (128-bit key) */
+    status = srtp_cipher_type_alloc(&srtp_aes_icm_128, &c,
+                                    SRTP_AES_ICM_128_KEY_LEN_WSALT, 0);
+    if (status) {
+        fprintf(stderr, "error: can't allocate cipher\n");
+        exit(status);
+    }
+
+    status = srtp_cipher_init(c, test_key);
+    check_status(status);
+
+    if (do_timing_test)
+        cipher_driver_test_throughput(c);
+
+    if (do_validation) {
+        status = cipher_driver_test_buffering(c);
+        check_status(status);
+    }
+
+    status = srtp_cipher_dealloc(c);
+    check_status(status);
+
+    /* repeat the tests with 256-bit keys */
+    status = srtp_cipher_type_alloc(&srtp_aes_icm_256, &c,
+                                    SRTP_AES_ICM_256_KEY_LEN_WSALT, 0);
+    if (status) {
+        fprintf(stderr, "error: can't allocate cipher\n");
+        exit(status);
+    }
+
+    status = srtp_cipher_init(c, test_key);
+    check_status(status);
+
+    if (do_timing_test)
+        cipher_driver_test_throughput(c);
+
+    if (do_validation) {
+        status = cipher_driver_test_buffering(c);
+        check_status(status);
+    }
+
+    status = srtp_cipher_dealloc(c);
+    check_status(status);
+
+#ifdef GCM
+    /* run the throughput test on the aes_gcm_128 cipher */
+    status = srtp_cipher_type_alloc(&srtp_aes_gcm_128, &c,
+                                    SRTP_AES_GCM_128_KEY_LEN_WSALT, 8);
+    if (status) {
+        fprintf(stderr, "error: can't allocate GCM 128 cipher\n");
+        exit(status);
+    }
+    status = srtp_cipher_init(c, test_key);
+    check_status(status);
+    if (do_timing_test) {
+        cipher_driver_test_throughput(c);
+    }
+
+    // GCM ciphers don't do buffering; they're "one shot"
+
+    status = srtp_cipher_dealloc(c);
+    check_status(status);
+
+    /* run the throughput test on the aes_gcm_256 cipher */
+    status = srtp_cipher_type_alloc(&srtp_aes_gcm_256, &c,
+                                    SRTP_AES_GCM_256_KEY_LEN_WSALT, 16);
+    if (status) {
+        fprintf(stderr, "error: can't allocate GCM 256 cipher\n");
+        exit(status);
+    }
+    status = srtp_cipher_init(c, test_key);
+    check_status(status);
+    if (do_timing_test) {
+        cipher_driver_test_throughput(c);
+    }
+
+    // GCM ciphers don't do buffering; they're "one shot"
+
+    status = srtp_cipher_dealloc(c);
+    check_status(status);
+#endif
+
+    return 0;
+}
+
+void cipher_driver_test_throughput(srtp_cipher_t *c)
+{
+    int i;
+    int min_enc_len = 32;
+    int max_enc_len = 2048; /* should be a power of two */
+    int num_trials = 1000000;
+
+    printf("timing %s throughput, key length %d:\n", c->type->description,
+           c->key_len);
+    fflush(stdout);
+    for (i = min_enc_len; i <= max_enc_len; i = i * 2)
+        printf("msg len: %d\tgigabits per second: %f\n", i,
+               srtp_cipher_bits_per_second(c, i, num_trials) / 1e9);
+}
+
+srtp_err_status_t cipher_driver_self_test(srtp_cipher_type_t *ct)
+{
+    srtp_err_status_t status;
+
+    printf("running cipher self-test for %s...", ct->description);
+    status = srtp_cipher_type_self_test(ct);
+    if (status) {
+        printf("failed with error code %d\n", status);
+        exit(status);
+    }
+    printf("passed\n");
+
+    return srtp_err_status_ok;
+}
+
+/*
+ * cipher_driver_test_buffering(ct) tests the cipher's output
+ * buffering for correctness by checking the consistency of succesive
+ * calls
+ */
+
+#define INITIAL_BUFLEN 1024
+srtp_err_status_t cipher_driver_test_buffering(srtp_cipher_t *c)
+{
+    int i, j, num_trials = 1000;
+    unsigned len, buflen = INITIAL_BUFLEN;
+    uint8_t buffer0[INITIAL_BUFLEN], buffer1[INITIAL_BUFLEN], *current, *end;
+    uint8_t idx[16] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0x34 };
+    srtp_err_status_t status;
+
+    printf("testing output buffering for cipher %s...", c->type->description);
+
+    for (i = 0; i < num_trials; i++) {
+        /* set buffers to zero */
+        for (j = 0; j < (int)buflen; j++) {
+            buffer0[j] = buffer1[j] = 0;
+        }
+
+        /* initialize cipher  */
+        status = srtp_cipher_set_iv(c, (uint8_t *)idx, srtp_direction_encrypt);
+        if (status)
+            return status;
+
+        /* generate 'reference' value by encrypting all at once */
+        status = srtp_cipher_encrypt(c, buffer0, &buflen);
+        if (status)
+            return status;
+
+        /* re-initialize cipher */
+        status = srtp_cipher_set_iv(c, (uint8_t *)idx, srtp_direction_encrypt);
+        if (status)
+            return status;
+
+        /* now loop over short lengths until buffer1 is encrypted */
+        current = buffer1;
+        end = buffer1 + buflen;
+        while (current < end) {
+            /* choose a short length */
+            len = srtp_cipher_rand_u32_for_tests() & 0x01f;
+
+            /* make sure that len doesn't cause us to overreach the buffer */
+            if (current + len > end)
+                len = end - current;
+
+            status = srtp_cipher_encrypt(c, current, &len);
+            if (status)
+                return status;
+
+            /* advance pointer into buffer1 to reflect encryption */
+            current += len;
+
+            /* if buffer1 is all encrypted, break out of loop */
+            if (current == end)
+                break;
+        }
+
+        /* compare buffers */
+        for (j = 0; j < (int)buflen; j++) {
+            if (buffer0[j] != buffer1[j]) {
+#if PRINT_DEBUG
+                printf("test case %d failed at byte %d\n", i, j);
+                printf("computed: %s\n",
+                       octet_string_hex_string(buffer1, buflen));
+                printf("expected: %s\n",
+                       octet_string_hex_string(buffer0, buflen));
+#endif
+                return srtp_err_status_algo_fail;
+            }
+        }
+    }
+
+    printf("passed\n");
+
+    return srtp_err_status_ok;
+}
+
+/*
+ * The function cipher_test_throughput_array() tests the effect of CPU
+ * cache thrash on cipher throughput.
+ *
+ * cipher_array_alloc_init(ctype, array, num_ciphers) creates an array
+ * of srtp_cipher_t of type ctype
+ */
+
+srtp_err_status_t cipher_array_alloc_init(srtp_cipher_t ***ca,
+                                          int num_ciphers,
+                                          srtp_cipher_type_t *ctype,
+                                          int klen)
+{
+    int i, j;
+    srtp_err_status_t status;
+    uint8_t *key;
+    srtp_cipher_t **cipher_array;
+    /* pad klen allocation, to handle aes_icm reading 16 bytes for the
+       14-byte salt */
+    int klen_pad = ((klen + 15) >> 4) << 4;
+
+    /* allocate array of pointers to ciphers */
+    cipher_array = (srtp_cipher_t **)srtp_crypto_alloc(sizeof(srtp_cipher_t *) *
+                                                       num_ciphers);
+    if (cipher_array == NULL)
+        return srtp_err_status_alloc_fail;
+
+    /* set ca to location of cipher_array */
+    *ca = cipher_array;
+
+    /* allocate key */
+    key = srtp_crypto_alloc(klen_pad);
+    if (key == NULL) {
+        srtp_crypto_free(cipher_array);
+        return srtp_err_status_alloc_fail;
+    }
+
+    /* allocate and initialize an array of ciphers */
+    for (i = 0; i < num_ciphers; i++) {
+        /* allocate cipher */
+        status = srtp_cipher_type_alloc(ctype, cipher_array, klen, 16);
+        if (status)
+            return status;
+
+        /* generate random key and initialize cipher */
+        srtp_cipher_rand_for_tests(key, klen);
+        for (j = klen; j < klen_pad; j++)
+            key[j] = 0;
+        status = srtp_cipher_init(*cipher_array, key);
+        if (status)
+            return status;
+
+        /*     printf("%dth cipher is at %p\n", i, *cipher_array); */
+        /*     printf("%dth cipher description: %s\n", i,  */
+        /* 	   (*cipher_array)->type->description); */
+
+        /* advance cipher array pointer */
+        cipher_array++;
+    }
+
+    srtp_crypto_free(key);
+
+    return srtp_err_status_ok;
+}
+
+srtp_err_status_t cipher_array_delete(srtp_cipher_t *cipher_array[],
+                                      int num_cipher)
+{
+    int i;
+
+    for (i = 0; i < num_cipher; i++) {
+        srtp_cipher_dealloc(cipher_array[i]);
+    }
+
+    srtp_crypto_free(cipher_array);
+
+    return srtp_err_status_ok;
+}
+
+/*
+ * cipher_array_bits_per_second(c, l, t) computes (an estimate of) the
+ * number of bits that a cipher implementation can encrypt in a second
+ * when distinct keys are used to encrypt distinct messages
+ *
+ * c is a cipher (which MUST be allocated an initialized already), l
+ * is the length in octets of the test data to be encrypted, and t is
+ * the number of trials
+ *
+ * if an error is encountered, the value 0 is returned
+ */
+
+uint64_t cipher_array_bits_per_second(srtp_cipher_t *cipher_array[],
+                                      int num_cipher,
+                                      unsigned octets_in_buffer,
+                                      int num_trials)
+{
+    int i;
+    v128_t nonce;
+    clock_t timer;
+    unsigned char *enc_buf;
+    int cipher_index = srtp_cipher_rand_u32_for_tests() % num_cipher;
+
+    /* Over-alloc, for NIST CBC padding */
+    enc_buf = srtp_crypto_alloc(octets_in_buffer + 17);
+    if (enc_buf == NULL)
+        return 0; /* indicate bad parameters by returning null */
+
+    /* time repeated trials */
+    v128_set_to_zero(&nonce);
+    timer = clock();
+    for (i = 0; i < num_trials; i++, nonce.v32[3] = i) {
+        /* length parameter to srtp_cipher_encrypt is in/out -- out is total,
+         * padded
+         * length -- so reset it each time. */
+        unsigned octets_to_encrypt = octets_in_buffer;
+
+        /* encrypt buffer with cipher */
+        srtp_cipher_set_iv(cipher_array[cipher_index], (uint8_t *)&nonce,
+                           srtp_direction_encrypt);
+        srtp_cipher_encrypt(cipher_array[cipher_index], enc_buf,
+                            &octets_to_encrypt);
+
+        /* choose a cipher at random from the array*/
+        cipher_index = (*((uint32_t *)enc_buf)) % num_cipher;
+    }
+    timer = clock() - timer;
+
+    srtp_crypto_free(enc_buf);
+
+    if (timer == 0) {
+        /* Too fast! */
+        return 0;
+    }
+
+    return (uint64_t)CLOCKS_PER_SEC * num_trials * 8 * octets_in_buffer / timer;
+}
+
+void cipher_array_test_throughput(srtp_cipher_t *ca[], int num_cipher)
+{
+    int i;
+    int min_enc_len = 16;
+    int max_enc_len = 2048; /* should be a power of two */
+    int num_trials = 1000000;
+
+    printf("timing %s throughput with key length %d, array size %d:\n",
+           (ca[0])->type->description, (ca[0])->key_len, num_cipher);
+    fflush(stdout);
+    for (i = min_enc_len; i <= max_enc_len; i = i * 4)
+        printf("msg len: %d\tgigabits per second: %f\n", i,
+               cipher_array_bits_per_second(ca, num_cipher, i, num_trials) /
+                   1e9);
+}
+
+srtp_err_status_t cipher_driver_test_array_throughput(srtp_cipher_type_t *ct,
+                                                      int klen,
+                                                      int num_cipher)
+{
+    srtp_cipher_t **ca = NULL;
+    srtp_err_status_t status;
+
+    status = cipher_array_alloc_init(&ca, num_cipher, ct, klen);
+    if (status) {
+        printf("error: cipher_array_alloc_init() failed with error code %d\n",
+               status);
+        return status;
+    }
+
+    cipher_array_test_throughput(ca, num_cipher);
+
+    cipher_array_delete(ca, num_cipher);
+
+    return srtp_err_status_ok;
+}
diff --git a/trunk/3rdparty/libsrtp-2-fit/crypto/test/datatypes_driver.c b/trunk/3rdparty/libsrtp-2-fit/crypto/test/datatypes_driver.c
new file mode 100644
index 000000000..96379befe
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/crypto/test/datatypes_driver.c
@@ -0,0 +1,256 @@
+/*
+ * datatypes_driver.c
+ *
+ * a test driver for crypto/math datatypes
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ */
+
+/*
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>  /* for printf() */
+#include <string.h> /* for strlen() */
+#include "datatypes.h"
+#include "util.h"
+
+void byte_order(void);
+
+void test_hex_string_funcs(void);
+
+void print_string(char *s);
+
+void test_bswap(void);
+
+void test_set_to_zero(void);
+
+int main(void)
+{
+    /*
+     * this program includes various and sundry tests for fundamental
+     * datatypes.  it's a grab-bag of throwaway code, retained only in
+     * case of future problems
+     */
+
+    int i, j;
+    v128_t x;
+    char *r = "The Moving Finger writes; and, having writ,\n"
+              "Moves on: nor all thy Piety nor Wit\n"
+              "Shall lure it back to cancel half a Line,\n"
+              "Nor all thy Tears wash out a Word of it.";
+    char *s = "incomplet";
+
+    print_string(r);
+    print_string(s);
+
+    byte_order();
+    test_hex_string_funcs();
+
+    for (j = 0; j < 128; j++) {
+        v128_set_to_zero(&x);
+        /*      x.v32[0] = (1 << j); */
+        v128_set_bit(&x, j);
+        printf("%s\n", v128_bit_string(&x));
+        v128_clear_bit(&x, j);
+        printf("%s\n", v128_bit_string(&x));
+    }
+
+    printf("----------------------------------------------\n");
+    v128_set_to_zero(&x);
+    for (i = 0; i < 128; i++) {
+        v128_set_bit(&x, i);
+    }
+    printf("%s\n", v128_bit_string(&x));
+
+    printf("----------------------------------------------\n");
+    v128_set_to_zero(&x);
+    v128_set_bit(&x, 0);
+    for (i = 0; i < 128; i++) {
+        printf("%s\n", v128_bit_string(&x));
+        v128_right_shift(&x, 1);
+    }
+    printf("----------------------------------------------\n");
+    v128_set_to_zero(&x);
+    v128_set_bit(&x, 127);
+    for (i = 0; i < 128; i++) {
+        printf("%s\n", v128_bit_string(&x));
+        v128_left_shift(&x, 1);
+    }
+    printf("----------------------------------------------\n");
+    for (i = 0; i < 128; i++) {
+        v128_set_to_zero(&x);
+        v128_set_bit(&x, 127);
+        v128_left_shift(&x, i);
+        printf("%s\n", v128_bit_string(&x));
+    }
+    printf("----------------------------------------------\n");
+    v128_set_to_zero(&x);
+    for (i = 0; i < 128; i += 2) {
+        v128_set_bit(&x, i);
+    }
+    printf("bit_string: { %s }\n", v128_bit_string(&x));
+    printf("get_bit:    { ");
+    for (i = 0; i < 128; i++) {
+        if (v128_get_bit(&x, i) == 1)
+            printf("1");
+        else
+            printf("0");
+    }
+    printf(" } \n");
+
+    test_bswap();
+    test_set_to_zero();
+
+    return 0;
+}
+
+/* byte_order() prints out byte ordering of datatypes */
+
+void byte_order(void)
+{
+    int i;
+    v128_t e;
+#if 0
+  v16_t b;
+  v32_t c;
+  v64_t d;
+
+  for (i=0; i < sizeof(b); i++)
+    b.octet[i] = i;
+  for (i=0; i < sizeof(c); i++)
+    c.octet[i] = i;
+  for (i=0; i < sizeof(d); i++)
+    d.octet[i] = i;
+  
+  printf("v128_t:\t%s\n", v128_hex_string(&e));
+  printf("v64_t:\t%s\n", v64_hex_string(&d));
+  printf("v32_t:\t%s\n", v32_hex_string(c));
+  printf("v16_t:\t%s\n", v16_hex_string(b));
+
+  c.value = 0x01020304;
+  printf("v32_t:\t%s\n", v32_hex_string(c));
+  b.value = 0x0102;
+  printf("v16_t:\t%s\n", v16_hex_string(b));
+
+  printf("uint16_t ordering:\n");
+
+  c.value = 0x00010002;
+  printf("v32_t:\t%x%x\n", c.v16[0], c.v16[1]);
+#endif
+
+    printf("byte ordering of crypto/math datatypes:\n");
+    for (i = 0; i < sizeof(e); i++)
+        e.v8[i] = i;
+    printf("v128_t: %s\n", v128_hex_string(&e));
+}
+
+void test_hex_string_funcs(void)
+{
+    char hex1[] = "abadcafe";
+    char hex2[] = "0123456789abcdefqqqqq";
+    char raw[10];
+    int len;
+
+    len = hex_string_to_octet_string(raw, hex1, strlen(hex1));
+    printf("computed length: %d\tstring: %s\n", len,
+           octet_string_hex_string(raw, len / 2));
+    printf("expected length: %u\tstring: %s\n", (unsigned)strlen(hex1), hex1);
+
+    len = hex_string_to_octet_string(raw, hex2, strlen(hex2));
+    printf("computed length: %d\tstring: %s\n", len,
+           octet_string_hex_string(raw, len / 2));
+    printf("expected length: %d\tstring: %s\n", 16, "0123456789abcdef");
+}
+
+void print_string(char *s)
+{
+    size_t i;
+    printf("%s\n", s);
+    printf("strlen(s) = %u\n", (unsigned)strlen(s));
+    printf("{ ");
+    for (i = 0; i < strlen(s); i++) {
+        printf("0x%x, ", s[i]);
+        if (((i + 1) % 8) == 0)
+            printf("\n   ");
+    }
+    printf("}\n");
+}
+
+void test_bswap(void)
+{
+    uint32_t x = 0x11223344;
+    uint64_t y = 0x1122334455667788LL;
+
+    printf("before: %0x\nafter:  %0x\n", x, (unsigned int)be32_to_cpu(x));
+    printf("before: %0llx\nafter:  %0llx\n", (unsigned long long)y,
+           (unsigned long long)be64_to_cpu(y));
+
+    y = 1234;
+
+    printf("1234: %0llx\n", (unsigned long long)y);
+    printf("as octet string: %s\n", octet_string_hex_string((uint8_t *)&y, 8));
+    y = be64_to_cpu(y);
+    printf("bswapped octet string: %s\n",
+           octet_string_hex_string((uint8_t *)&y, 8));
+}
+
+void test_set_to_zero(void)
+{
+#define BUFFER_SIZE (16)
+    uint8_t buffer[BUFFER_SIZE];
+    size_t i;
+
+    for (i = 0; i < BUFFER_SIZE; i++) {
+        buffer[i] = i & 0xff;
+    }
+    printf("Buffer before: %s\n", octet_string_hex_string(buffer, BUFFER_SIZE));
+    octet_string_set_to_zero(buffer, BUFFER_SIZE);
+    printf("Buffer after: %s\n", octet_string_hex_string(buffer, BUFFER_SIZE));
+    for (i = 0; i < BUFFER_SIZE; i++) {
+        if (buffer[i]) {
+            fprintf(stderr,
+                    "Buffer contents not zero at position %zu (is %d)\n", i,
+                    buffer[i]);
+            abort();
+        }
+    }
+#undef BUFFER_SIZE
+}
diff --git a/trunk/3rdparty/libsrtp-2-fit/crypto/test/env.c b/trunk/3rdparty/libsrtp-2-fit/crypto/test/env.c
new file mode 100644
index 000000000..8c3f4edfa
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/crypto/test/env.c
@@ -0,0 +1,89 @@
+/*
+ * env.c
+ *
+ * prints out a brief report on the build environment
+ *
+ * David McGrew
+ * Cisco Systems, Inc.
+ */
+/*
+ *
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <stdio.h>
+#include <string.h> /* for srtcmp() */
+#include "config.h"
+
+int main(void)
+{
+    int err_count = 0;
+
+#ifdef WORDS_BIGENDIAN
+    printf("CPU set to big-endian\t\t\t(WORDS_BIGENDIAN == 1)\n");
+#else
+    printf("CPU set to little-endian\t\t(WORDS_BIGENDIAN == 0)\n");
+#endif
+
+#ifdef CPU_RISC
+    printf("CPU set to RISC\t\t\t\t(CPU_RISC == 1)\n");
+#elif defined(CPU_CISC)
+    printf("CPU set to CISC\t\t\t\t(CPU_CISC == 1)\n");
+#else
+    printf(
+        "CPU set to an unknown type, probably due to a configuration error\n");
+    err_count++;
+#endif
+
+#ifdef CPU_ALTIVEC
+    printf("CPU set to ALTIVEC\t\t\t\t(CPU_ALTIVEC == 0)\n");
+#endif
+
+#ifndef NO_64BIT_MATH
+    printf("using native 64-bit type\t\t(NO_64_BIT_MATH == 0)\n");
+#else
+    printf("using built-in 64-bit math\t\t(NO_64_BIT_MATH == 1)\n");
+#endif
+
+#ifdef ERR_REPORTING_STDOUT
+    printf("using stdout for error reporting\t(ERR_REPORTING_STDOUT == 1)\n");
+#endif
+
+    if (err_count)
+        printf("warning: configuration is probably in error "
+               "(found %d problems)\n",
+               err_count);
+
+    return err_count;
+}
diff --git a/trunk/3rdparty/libsrtp-2-fit/crypto/test/kernel_driver.c b/trunk/3rdparty/libsrtp-2-fit/crypto/test/kernel_driver.c
new file mode 100644
index 000000000..d29405a97
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/crypto/test/kernel_driver.c
@@ -0,0 +1,127 @@
+/*
+ * kernel_driver.c
+ *
+ * a test driver for the crypto_kernel
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ */
+/*
+ *
+ * Copyright(c) 2001-2017 Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h> /* for printf() */
+#include "getopt_s.h"
+#include "crypto_kernel.h"
+
+void usage(char *prog_name)
+{
+    printf("usage: %s [ -v ][ -d debug_module ]*\n", prog_name);
+    exit(255);
+}
+
+int main(int argc, char *argv[])
+{
+    int q;
+    int do_validation = 0;
+    srtp_err_status_t status;
+
+    if (argc == 1)
+        usage(argv[0]);
+
+    /* initialize kernel - we need to do this before anything else */
+    status = srtp_crypto_kernel_init();
+    if (status) {
+        printf("error: srtp_crypto_kernel init failed\n");
+        exit(1);
+    }
+    printf("srtp_crypto_kernel successfully initalized\n");
+
+    /* process input arguments */
+    while (1) {
+        q = getopt_s(argc, argv, "vd:");
+        if (q == -1)
+            break;
+        switch (q) {
+        case 'v':
+            do_validation = 1;
+            break;
+        case 'd':
+            status = srtp_crypto_kernel_set_debug_module(optarg_s, 1);
+            if (status) {
+                printf("error: set debug module (%s) failed\n", optarg_s);
+                exit(1);
+            }
+            break;
+        default:
+            usage(argv[0]);
+        }
+    }
+
+    if (do_validation) {
+        printf("checking srtp_crypto_kernel status...\n");
+        status = srtp_crypto_kernel_status();
+        if (status) {
+            printf("failed\n");
+            exit(1);
+        }
+        printf("srtp_crypto_kernel passed self-tests\n");
+    }
+
+    status = srtp_crypto_kernel_shutdown();
+    if (status) {
+        printf("error: srtp_crypto_kernel shutdown failed\n");
+        exit(1);
+    }
+    printf("srtp_crypto_kernel successfully shut down\n");
+
+    return 0;
+}
+
+/*
+ * crypto_kernel_cipher_test() is a test of the cipher interface
+ * of the crypto_kernel
+ */
+
+srtp_err_status_t crypto_kernel_cipher_test(void)
+{
+    /* not implemented yet! */
+
+    return srtp_err_status_ok;
+}
diff --git a/trunk/3rdparty/libsrtp-2-fit/crypto/test/sha1_driver.c b/trunk/3rdparty/libsrtp-2-fit/crypto/test/sha1_driver.c
new file mode 100644
index 000000000..c64b000f8
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/crypto/test/sha1_driver.c
@@ -0,0 +1,387 @@
+/*
+ * sha1_driver.c
+ *
+ * a test driver for SHA-1
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ */
+
+/*
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#include "sha1.h"
+#include "util.h"
+
+#define SHA_PASS 0
+#define SHA_FAIL 1
+
+#define MAX_HASH_DATA_LEN 1024
+#define MAX_HASH_OUT_LEN 20
+
+typedef struct hash_test_case_t {
+    unsigned data_len;               /* number of octets in data        */
+    unsigned hash_len;               /* number of octets output by hash */
+    uint8_t data[MAX_HASH_DATA_LEN]; /* message data                    */
+    uint8_t hash[MAX_HASH_OUT_LEN];  /* expected hash output            */
+    struct hash_test_case_t *next_test_case;
+} hash_test_case_t;
+
+hash_test_case_t *sha1_test_case_list;
+
+srtp_err_status_t hash_test_case_add(hash_test_case_t **list_ptr,
+                                     char *hex_data,
+                                     unsigned data_len,
+                                     char *hex_hash,
+                                     unsigned hash_len)
+{
+    hash_test_case_t *list_head = *list_ptr;
+    hash_test_case_t *test_case;
+    unsigned tmp_len;
+
+    test_case = malloc(sizeof(hash_test_case_t));
+    if (test_case == NULL)
+        return srtp_err_status_alloc_fail;
+
+    tmp_len = hex_string_to_octet_string((char *)test_case->data, hex_data,
+                                         data_len * 2);
+    if (tmp_len != data_len * 2) {
+        free(test_case);
+        return srtp_err_status_parse_err;
+    }
+
+    tmp_len = hex_string_to_octet_string((char *)test_case->hash, hex_hash,
+                                         hash_len * 2);
+    if (tmp_len != hash_len * 2) {
+        free(test_case);
+        return srtp_err_status_parse_err;
+    }
+
+    test_case->data_len = data_len;
+    test_case->hash_len = hash_len;
+
+    /* add the new test case to the head of the list */
+    test_case->next_test_case = list_head;
+    *list_ptr = test_case;
+
+    return srtp_err_status_ok;
+}
+
+srtp_err_status_t sha1_test_case_validate(const hash_test_case_t *test_case)
+{
+    srtp_sha1_ctx_t ctx;
+    uint32_t hash_value[5];
+
+    if (test_case == NULL)
+        return srtp_err_status_bad_param;
+
+    if (test_case->hash_len != 20)
+        return srtp_err_status_bad_param;
+    if (test_case->data_len > MAX_HASH_DATA_LEN)
+        return srtp_err_status_bad_param;
+
+    srtp_sha1_init(&ctx);
+    srtp_sha1_update(&ctx, test_case->data, test_case->data_len);
+    srtp_sha1_final(&ctx, hash_value);
+    if (0 == memcmp(test_case->hash, hash_value, 20)) {
+#if VERBOSE
+        printf("PASSED: reference value: %s\n",
+               octet_string_hex_string((const uint8_t *)test_case->hash, 20));
+        printf("PASSED: computed value:  %s\n",
+               octet_string_hex_string((const uint8_t *)hash_value, 20));
+#endif
+        return srtp_err_status_ok;
+    }
+
+    printf("reference value: %s\n",
+           octet_string_hex_string((const uint8_t *)test_case->hash, 20));
+    printf("computed value:  %s\n",
+           octet_string_hex_string((const uint8_t *)hash_value, 20));
+
+    return srtp_err_status_algo_fail;
+}
+
+struct hex_sha1_test_case_t {
+    unsigned bit_len;
+    char hex_data[MAX_HASH_DATA_LEN * 2];
+    char hex_hash[40];
+};
+
+srtp_err_status_t sha1_add_test_cases(void)
+{
+    int i;
+    srtp_err_status_t err;
+
+    /*
+     * these test cases are taken from the "SHA-1 Sample Vectors"
+     * provided by NIST at http://csrc.nist.gov/cryptval/shs.html
+     */
+
+    struct hex_sha1_test_case_t tc[] = {
+        { 0, "", "da39a3ee5e6b4b0d3255bfef95601890afd80709" },
+        { 8, "a8", "99f2aa95e36f95c2acb0eaf23998f030638f3f15" },
+        { 16, "3000", "f944dcd635f9801f7ac90a407fbc479964dec024" },
+        { 24, "42749e", "a444319e9b6cc1e8464c511ec0969c37d6bb2619" },
+        { 32, "9fc3fe08", "16a0ff84fcc156fd5d3ca3a744f20a232d172253" },
+        { 40, "b5c1c6f1af", "fec9deebfcdedaf66dda525e1be43597a73a1f93" },
+        { 48, "e47571e5022e", "8ce051181f0ed5e9d0c498f6bc4caf448d20deb5" },
+        { 56, "3e1b28839fb758", "67da53837d89e03bf652ef09c369a3415937cfd3" },
+        { 64, "a81350cbb224cb90", "305e4ff9888ad855a78573cddf4c5640cce7e946" },
+        { 72, "c243d167923dec3ce1",
+          "5902b77b3265f023f9bbc396ba1a93fa3509bde7" },
+        { 80, "50ac18c59d6a37a29bf4",
+          "fcade5f5d156bf6f9af97bdfa9c19bccfb4ff6ab" },
+        { 88, "98e2b611ad3b1cccf634f6",
+          "1d20fbe00533c10e3cbd6b27088a5de0c632c4b5" },
+        { 96, "73fe9afb68e1e8712e5d4eec",
+          "7e1b7e0f7a8f3455a9c03e9580fd63ae205a2d93" },
+        { 104, "9e701ed7d412a9226a2a130e66",
+          "706f0677146307b20bb0e8d6311e329966884d13" },
+        { 112, "6d3ee90413b0a7cbf69e5e6144ca",
+          "a7241a703aaf0d53fe142f86bf2e849251fa8dff" },
+        { 120, "fae24d56514efcb530fd4802f5e71f",
+          "400f53546916d33ad01a5e6df66822dfbdc4e9e6" },
+        { 128, "c5a22dd6eda3fe2bdc4ddb3ce6b35fd1",
+          "fac8ab93c1ae6c16f0311872b984f729dc928ccd" },
+        { 136, "d98cded2adabf08fda356445c781802d95",
+          "fba6d750c18da58f6e2aab10112b9a5ef3301b3b" },
+        { 144, "bcc6d7087a84f00103ccb32e5f5487a751a2",
+          "29d27c2d44c205c8107f0351b05753ac708226b6" },
+        { 152, "36ecacb1055434190dbbc556c48bafcb0feb0d",
+          "b971bfc1ebd6f359e8d74cb7ecfe7f898d0ba845" },
+        { 160, "5ff9edb69e8f6bbd498eb4537580b7fba7ad31d0",
+          "96d08c430094b9fcc164ad2fb6f72d0a24268f68" },
+        { 168, "c95b441d8270822a46a798fae5defcf7b26abace36",
+          "a287ea752a593d5209e287881a09c49fa3f0beb1" },
+        { 176, "83104c1d8a55b28f906f1b72cb53f68cbb097b44f860",
+          "a06c713779cbd88519ed4a585ac0cb8a5e9d612b" },
+        { 184, "755175528d55c39c56493d697b790f099a5ce741f7754b",
+          "bff7d52c13a3688132a1d407b1ab40f5b5ace298" },
+        { 192, "088fc38128bbdb9fd7d65228b3184b3faac6c8715f07272f",
+          "c7566b91d7b6f56bdfcaa9781a7b6841aacb17e9" },
+        { 200, "a4a586eb9245a6c87e3adf1009ac8a49f46c07e14185016895",
+          "ffa30c0b5c550ea4b1e34f8a60ec9295a1e06ac1" },
+        { 208, "8e7c555270c006092c2a3189e2a526b873e2e269f0fb28245256",
+          "29e66ed23e914351e872aa761df6e4f1a07f4b81" },
+        { 216, "a5f3bfa6bb0ba3b59f6b9cbdef8a558ec565e8aa3121f405e7f2f0",
+          "b28cf5e5b806a01491d41f69bd9248765c5dc292" },
+        { 224, "589054f0d2bd3c2c85b466bfd8ce18e6ec3e0b87d944cd093ba36469",
+          "60224fb72c46069652cd78bcd08029ef64da62f3" },
+        { 232, "a0abb12083b5bbc78128601bf1cbdbc0fdf4b862b24d899953d8da0ff3",
+          "b72c4a86f72608f24c05f3b9088ef92fba431df7" },
+        { 240, "82143f4cea6fadbf998e128a8811dc75301cf1db4f079501ea568da68eeb",
+          "73779ad5d6b71b9b8328ef7220ff12eb167076ac" },
+        { 248, "9f1231dd6df1ff7bc0b0d4f989d048672683ce35d956d2f57913046267e6f3",
+          "a09671d4452d7cf50015c914a1e31973d20cc1a0" },
+        { 256,
+          "041c512b5eed791f80d3282f3a28df263bb1df95e1239a7650e5670fc2187919",
+          "e88cdcd233d99184a6fd260b8fca1b7f7687aee0" },
+        { 264,
+          "17e81f6ae8c2e5579d69dafa6e070e7111461552d314b691e7a3e7a4feb3fae418",
+          "010def22850deb1168d525e8c84c28116cb8a269" },
+        { 272, "d15976b23a1d712ad28fad04d805f572026b54dd64961fda94d5355a0cc9862"
+               "0cf77",
+          "aeaa40ba1717ed5439b1e6ea901b294ba500f9ad" },
+        { 280, "09fce4d434f6bd32a44e04b848ff50ec9f642a8a85b37a264dc73f130f22838"
+               "443328f",
+          "c6433791238795e34f080a5f1f1723f065463ca0" },
+        { 288, "f17af27d776ec82a257d8d46d2b46b639462c56984cc1be9c1222eadb8b2659"
+               "4a25c709d",
+          "e21e22b89c1bb944a32932e6b2a2f20d491982c3" },
+        { 296, "b13ce635d6f8758143ffb114f2f601cb20b6276951416a2f94fbf4ad081779d"
+               "79f4f195b22",
+          "575323a9661f5d28387964d2ba6ab92c17d05a8a" },
+        { 304, "5498793f60916ff1c918dde572cdea76da8629ba4ead6d065de3dfb48de94d2"
+               "34cc1c5002910",
+          "feb44494af72f245bfe68e86c4d7986d57c11db7" },
+        { 312, "498a1e0b39fa49582ae688cd715c86fbaf8a81b8b11b4d1594c49c902d197c8"
+               "ba8a621fd6e3be5",
+          "cff2290b3648ba2831b98dde436a72f9ebf51eee" },
+        { 320, "3a36ae71521f9af628b3e34dcb0d4513f84c78ee49f10416a98857150b8b15c"
+               "b5c83afb4b570376e",
+          "9b4efe9d27b965905b0c3dab67b8d7c9ebacd56c" },
+        { 328, "dcc76b40ae0ea3ba253e92ac50fcde791662c5b6c948538cffc2d95e9de99ca"
+               "c34dfca38910db2678f",
+          "afedb0ff156205bcd831cbdbda43db8b0588c113" },
+        { 336, "5b5ec6ec4fd3ad9c4906f65c747fd4233c11a1736b6b228b92e90cddabb0c7c"
+               "2fcf9716d3fad261dff33",
+          "8deb1e858f88293a5e5e4d521a34b2a4efa70fc4" },
+        { 344, "df48a37b29b1d6de4e94717d60cdb4293fcf170bba388bddf7a9035a15d433f"
+               "20fd697c3e4c8b8c5f590ab",
+          "95cbdac0f74afa69cebd0e5c7defbc6faf0cbeaf" },
+        { 352, "1f179b3b82250a65e1b0aee949e218e2f45c7a8dbfd6ba08de05c55acfc226b"
+               "48c68d7f7057e5675cd96fcfc",
+          "f0307bcb92842e5ae0cd4f4f14f3df7f877fbef2" },
+        { 360, "ee3d72da3a44d971578972a8e6780ce64941267e0f7d0179b214fa97855e179"
+               "0e888e09fbe3a70412176cb3b54",
+          "7b13bb0dbf14964bd63b133ac85e22100542ef55" },
+        { 368, "d4d4c7843d312b30f610b3682254c8be96d5f6684503f8fbfbcd15774fc1b08"
+               "4d3741afb8d24aaa8ab9c104f7258",
+          "c314d2b6cf439be678d2a74e890d96cfac1c02ed" },
+        { 376, "32c094944f5936a190a0877fb9178a7bf60ceae36fd530671c5b38c5dbd5e6a"
+               "6c0d615c2ac8ad04b213cc589541cf6",
+          "4d0be361e410b47a9d67d8ce0bb6a8e01c53c078" },
+        { 384, "e5d3180c14bf27a5409fa12b104a8fd7e9639609bfde6ee82bbf9648be2546d"
+               "29688a65e2e3f3da47a45ac14343c9c02",
+          "e5353431ffae097f675cbf498869f6fbb6e1c9f2" },
+        { 392, "e7b6e4b69f724327e41e1188a37f4fe38b1dba19cbf5a7311d6e32f1038e97a"
+               "b506ee05aebebc1eed09fc0e357109818b9",
+          "b8720a7068a085c018ab18961de2765aa6cd9ac4" },
+        { 400, "bc880cb83b8ac68ef2fedc2da95e7677ce2aa18b0e2d8b322701f67af7d5e7a"
+               "0d96e9e33326ccb7747cfff0852b961bfd475",
+          "b0732181568543ba85f2b6da602b4b065d9931aa" },
+        { 408, "235ea9c2ba7af25400f2e98a47a291b0bccdaad63faa2475721fda5510cc7da"
+               "d814bce8dabb611790a6abe56030b798b75c944",
+          "9c22674cf3222c3ba921672694aafee4ce67b96b" },
+        { 416, "07e3e29fed63104b8410f323b975fd9fba53f636af8c4e68a53fb202ca35dd9"
+               "ee07cb169ec5186292e44c27e5696a967f5e67709",
+          "d128335f4cecca9066cdae08958ce656ff0b4cfc" },
+        { 424, "65d2a1dd60a517eb27bfbf530cf6a5458f9d5f4730058bd9814379547f34241"
+               "822bf67e6335a6d8b5ed06abf8841884c636a25733f",
+          "0b67c57ac578de88a2ae055caeaec8bb9b0085a0" },
+        { 432, "dcc86b3bd461615bab739d8daafac231c0f462e819ad29f9f14058f3ab5b759"
+               "41d4241ea2f17ebb8a458831b37a9b16dead4a76a9b0e",
+          "c766f912a89d4ccda88e0cce6a713ef5f178b596" },
+        { 440, "4627d54f0568dc126b62a8c35fb46a9ac5024400f2995e51635636e1afc4373"
+               "dbb848eb32df23914230560b82477e9c3572647a7f2bb92",
+          "9aa3925a9dcb177b15ccff9b78e70cf344858779" },
+        { 448, "ba531affd4381168ef24d8b275a84d9254c7f5cc55fded53aa8024b2c5c5c8a"
+               "a7146fe1d1b83d62b70467e9a2e2cb67b3361830adbab28d7",
+          "4811fa30042fc076acf37c8e2274d025307e5943" },
+        { 456, "8764dcbcf89dcf4282eb644e3d568bdccb4b13508bfa7bfe0ffc05efd1390be"
+               "22109969262992d377691eb4f77f3d59ea8466a74abf57b2ef4",
+          "6743018450c9730761ee2b130df9b91c1e118150" },
+        { 464, "497d9df9ddb554f3d17870b1a31986c1be277bc44feff713544217a9f579623"
+               "d18b5ffae306c25a45521d2759a72c0459b58957255ab592f3be4",
+          "71ad4a19d37d92a5e6ef3694ddbeb5aa61ada645" },
+        { 472, "72c3c2e065aefa8d9f7a65229e818176eef05da83f835107ba90ec2e95472e7"
+               "3e538f783b416c04654ba8909f26a12db6e5c4e376b7615e4a25819",
+          "a7d9dc68dacefb7d6116186048cb355cc548e11d" },
+        { 480, "7cc9894454d0055ab5069a33984e2f712bef7e3124960d33559f5f3b81906bb"
+               "66fe64da13c153ca7f5cabc89667314c32c01036d12ecaf5f9a78de98",
+          "142e429f0522ba5abf5131fa81df82d355b96909" },
+        { 488, "74e8404d5a453c5f4d306f2cfa338ca65501c840ddab3fb82117933483afd69"
+               "13c56aaf8a0a0a6b2a342fc3d9dc7599f4a850dfa15d06c61966d74ea59",
+          "ef72db70dcbcab991e9637976c6faf00d22caae9" },
+        { 496, "46fe5ed326c8fe376fcc92dc9e2714e2240d3253b105adfbb256ff7a19bc409"
+               "75c604ad7c0071c4fd78a7cb64786e1bece548fa4833c04065fe593f6fb10",
+          "f220a7457f4588d639dc21407c942e9843f8e26b" },
+        { 504, "836dfa2524d621cf07c3d2908835de859e549d35030433c796b81272fd8bc03"
+               "48e8ddbc7705a5ad1fdf2155b6bc48884ac0cd376925f069a37849c089c864"
+               "5",
+          "ddd2117b6e309c233ede85f962a0c2fc215e5c69" },
+        { 512, "7e3a4c325cb9c52b88387f93d01ae86d42098f5efa7f9457388b5e74b6d28b2"
+               "438d42d8b64703324d4aa25ab6aad153ae30cd2b2af4d5e5c00a8a2d0220c61"
+               "16",
+          "a3054427cdb13f164a610b348702724c808a0dcc" }
+    };
+
+    for (i = 0; i < 65; i++) {
+        err = hash_test_case_add(&sha1_test_case_list, tc[i].hex_data,
+                                 tc[i].bit_len / 8, tc[i].hex_hash, 20);
+        if (err) {
+            printf("error adding hash test case (code %d)\n", err);
+            return err;
+        }
+    }
+
+    return srtp_err_status_ok;
+}
+
+srtp_err_status_t sha1_dealloc_test_cases(void)
+{
+    hash_test_case_t *t, *next;
+
+    for (t = sha1_test_case_list; t != NULL; t = next) {
+        next = t->next_test_case;
+        free(t);
+    }
+
+    sha1_test_case_list = NULL;
+
+    return srtp_err_status_ok;
+}
+
+srtp_err_status_t sha1_validate(void)
+{
+    hash_test_case_t *test_case;
+    srtp_err_status_t err;
+
+    err = sha1_add_test_cases();
+    if (err) {
+        printf("error adding SHA1 test cases (error code %d)\n", err);
+        return err;
+    }
+
+    if (sha1_test_case_list == NULL)
+        return srtp_err_status_cant_check;
+
+    test_case = sha1_test_case_list;
+    while (test_case != NULL) {
+        err = sha1_test_case_validate(test_case);
+        if (err) {
+            printf("error validating hash test case (error code %d)\n", err);
+            return err;
+        }
+        test_case = test_case->next_test_case;
+    }
+
+    sha1_dealloc_test_cases();
+
+    return srtp_err_status_ok;
+}
+
+int main(void)
+{
+    srtp_err_status_t err;
+
+    printf("sha1 test driver\n");
+
+    err = sha1_validate();
+    if (err) {
+        printf("SHA1 did not pass validation testing\n");
+        return 1;
+    }
+    printf("SHA1 passed validation tests\n");
+
+    return 0;
+}
diff --git a/trunk/3rdparty/libsrtp-2-fit/crypto/test/stat_driver.c b/trunk/3rdparty/libsrtp-2-fit/crypto/test/stat_driver.c
new file mode 100644
index 000000000..9a3d918aa
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/crypto/test/stat_driver.c
@@ -0,0 +1,252 @@
+/*
+ * stat-driver.c
+ *
+ * test driver for the stat_test functions
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ */
+
+/*
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h> /* for printf() */
+
+#include "err.h"
+#include "stat.h"
+#include "srtp.h"
+
+#include "cipher.h"
+#include "cipher_priv.h"
+
+void err_check(srtp_err_status_t s)
+{
+    if (s) {
+        printf("error (code %d)\n", s);
+        exit(1);
+    }
+}
+
+int main(int argc, char *argv[])
+{
+    uint8_t buffer[2532];
+    unsigned int buf_len = 2500;
+    int i, j;
+    extern srtp_cipher_type_t srtp_aes_icm_128;
+    extern srtp_cipher_type_t srtp_aes_icm_256;
+#ifdef GCM
+    extern srtp_cipher_type_t srtp_aes_gcm_128;
+    extern srtp_cipher_type_t srtp_aes_gcm_256;
+#endif
+    srtp_cipher_t *c;
+    /* clang-format off */
+    uint8_t key[46] = {
+        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+        0x00, 0x01, 0x02, 0x03, 0x04, 0x05
+    };
+    /* clang-format on */
+    v128_t nonce;
+    int num_trials = 500;
+    int num_fail;
+
+    printf("statistical tests driver\n");
+
+    v128_set_to_zero(&nonce);
+    for (i = 0; i < 2500; i++)
+        buffer[i] = 0;
+
+    /* run tests */
+    printf("running stat_tests on all-null buffer, expecting failure\n");
+    printf("monobit %d\n", stat_test_monobit(buffer));
+    printf("poker   %d\n", stat_test_poker(buffer));
+    printf("runs    %d\n", stat_test_runs(buffer));
+
+    srtp_cipher_rand_for_tests(buffer, 2500);
+    printf("running stat_tests on rand(), expecting success\n");
+    printf("monobit %d\n", stat_test_monobit(buffer));
+    printf("poker   %d\n", stat_test_poker(buffer));
+    printf("runs    %d\n", stat_test_runs(buffer));
+
+    printf("running stat_tests on AES-128-ICM, expecting success\n");
+    /* set buffer to cipher output */
+    for (i = 0; i < 2500; i++)
+        buffer[i] = 0;
+    err_check(srtp_cipher_type_alloc(&srtp_aes_icm_128, &c,
+                                     SRTP_AES_ICM_128_KEY_LEN_WSALT, 0));
+    err_check(srtp_cipher_init(c, key));
+    err_check(srtp_cipher_set_iv(c, (uint8_t *)&nonce, srtp_direction_encrypt));
+    err_check(srtp_cipher_encrypt(c, buffer, &buf_len));
+    /* run tests on cipher outout */
+    printf("monobit %d\n", stat_test_monobit(buffer));
+    printf("poker   %d\n", stat_test_poker(buffer));
+    printf("runs    %d\n", stat_test_runs(buffer));
+
+    printf("runs test (please be patient): ");
+    fflush(stdout);
+    num_fail = 0;
+    v128_set_to_zero(&nonce);
+    for (j = 0; j < num_trials; j++) {
+        for (i = 0; i < 2500; i++)
+            buffer[i] = 0;
+        nonce.v32[3] = i;
+        err_check(
+            srtp_cipher_set_iv(c, (uint8_t *)&nonce, srtp_direction_encrypt));
+        err_check(srtp_cipher_encrypt(c, buffer, &buf_len));
+        if (stat_test_runs(buffer)) {
+            num_fail++;
+        }
+    }
+
+    printf("%d failures in %d tests\n", num_fail, num_trials);
+    printf("(nota bene: a small fraction of stat_test failures does not \n"
+           "indicate that the random source is invalid)\n");
+
+    err_check(srtp_cipher_dealloc(c));
+
+    printf("running stat_tests on AES-256-ICM, expecting success\n");
+    /* set buffer to cipher output */
+    for (i = 0; i < 2500; i++)
+        buffer[i] = 0;
+    err_check(srtp_cipher_type_alloc(&srtp_aes_icm_256, &c,
+                                     SRTP_AES_ICM_256_KEY_LEN_WSALT, 0));
+    err_check(srtp_cipher_init(c, key));
+    err_check(srtp_cipher_set_iv(c, (uint8_t *)&nonce, srtp_direction_encrypt));
+    err_check(srtp_cipher_encrypt(c, buffer, &buf_len));
+    /* run tests on cipher outout */
+    printf("monobit %d\n", stat_test_monobit(buffer));
+    printf("poker   %d\n", stat_test_poker(buffer));
+    printf("runs    %d\n", stat_test_runs(buffer));
+
+    printf("runs test (please be patient): ");
+    fflush(stdout);
+    num_fail = 0;
+    v128_set_to_zero(&nonce);
+    for (j = 0; j < num_trials; j++) {
+        for (i = 0; i < 2500; i++)
+            buffer[i] = 0;
+        nonce.v32[3] = i;
+        err_check(
+            srtp_cipher_set_iv(c, (uint8_t *)&nonce, srtp_direction_encrypt));
+        err_check(srtp_cipher_encrypt(c, buffer, &buf_len));
+        if (stat_test_runs(buffer)) {
+            num_fail++;
+        }
+    }
+
+#ifdef GCM
+    {
+        printf("running stat_tests on AES-128-GCM, expecting success\n");
+        /* set buffer to cipher output */
+        for (i = 0; i < 2500; i++) {
+            buffer[i] = 0;
+        }
+        err_check(srtp_cipher_type_alloc(&srtp_aes_gcm_128, &c,
+                                         SRTP_AES_GCM_128_KEY_LEN_WSALT, 8));
+        err_check(srtp_cipher_init(c, key));
+        err_check(
+            srtp_cipher_set_iv(c, (uint8_t *)&nonce, srtp_direction_encrypt));
+        err_check(srtp_cipher_encrypt(c, buffer, &buf_len));
+        /* run tests on cipher outout */
+        printf("monobit %d\n", stat_test_monobit(buffer));
+        printf("poker   %d\n", stat_test_poker(buffer));
+        printf("runs    %d\n", stat_test_runs(buffer));
+        fflush(stdout);
+        num_fail = 0;
+        v128_set_to_zero(&nonce);
+        for (j = 0; j < num_trials; j++) {
+            for (i = 0; i < 2500; i++) {
+                buffer[i] = 0;
+            }
+            nonce.v32[3] = i;
+            err_check(srtp_cipher_set_iv(c, (uint8_t *)&nonce,
+                                         srtp_direction_encrypt));
+            err_check(srtp_cipher_encrypt(c, buffer, &buf_len));
+            buf_len = 2500;
+            if (stat_test_runs(buffer)) {
+                num_fail++;
+            }
+        }
+
+        printf("running stat_tests on AES-256-GCM, expecting success\n");
+        /* set buffer to cipher output */
+        for (i = 0; i < 2500; i++) {
+            buffer[i] = 0;
+        }
+        err_check(srtp_cipher_type_alloc(&srtp_aes_gcm_256, &c,
+                                         SRTP_AES_GCM_256_KEY_LEN_WSALT, 16));
+        err_check(srtp_cipher_init(c, key));
+        err_check(
+            srtp_cipher_set_iv(c, (uint8_t *)&nonce, srtp_direction_encrypt));
+        err_check(srtp_cipher_encrypt(c, buffer, &buf_len));
+        /* run tests on cipher outout */
+        printf("monobit %d\n", stat_test_monobit(buffer));
+        printf("poker   %d\n", stat_test_poker(buffer));
+        printf("runs    %d\n", stat_test_runs(buffer));
+        fflush(stdout);
+        num_fail = 0;
+        v128_set_to_zero(&nonce);
+        for (j = 0; j < num_trials; j++) {
+            for (i = 0; i < 2500; i++) {
+                buffer[i] = 0;
+            }
+            nonce.v32[3] = i;
+            err_check(srtp_cipher_set_iv(c, (uint8_t *)&nonce,
+                                         srtp_direction_encrypt));
+            err_check(srtp_cipher_encrypt(c, buffer, &buf_len));
+            buf_len = 2500;
+            if (stat_test_runs(buffer)) {
+                num_fail++;
+            }
+        }
+    }
+#endif
+
+    printf("%d failures in %d tests\n", num_fail, num_trials);
+    printf("(nota bene: a small fraction of stat_test failures does not \n"
+           "indicate that the random source is invalid)\n");
+
+    err_check(srtp_cipher_dealloc(c));
+
+    return 0;
+}
diff --git a/trunk/3rdparty/libsrtp-2-fit/doc/Makefile.in b/trunk/3rdparty/libsrtp-2-fit/doc/Makefile.in
new file mode 100644
index 000000000..830ccbbbd
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/doc/Makefile.in
@@ -0,0 +1,32 @@
+# Makefile for libSRTP documentation
+#
+# David A. McGrew
+# Cisco Systems, Inc.
+#
+# This makefile does not use the autoconf system; we don't really need
+# it. We just run doxygen.
+# The most up to date documentation can be found at www.github.com/cisco/libsrtp
+
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+top_builddir = @top_builddir@
+VPATH = @srcdir@
+
+# Determine the version of the library
+
+version = $(shell cat $(top_srcdir)/VERSION)
+
+.PHONY: libsrtpdoc clean
+libsrtpdoc:
+	@if test ! -e Doxyfile.in; then \
+		echo "*** Sorry, can't build doc outside source dir"; exit 1; \
+	fi
+	sed 's/LIBSRTPVERSIONNUMBER/$(version)/' Doxyfile.in > Doxyfile
+	doxygen
+
+clean:
+
+	rm -rf html/ Doxyfile
+	for a in * ; do							\
+			  if [ -f "$$a~" ] ; then rm -f $$a~; fi;	\
+		done;
diff --git a/trunk/3rdparty/libsrtp-2-fit/format.sh b/trunk/3rdparty/libsrtp-2-fit/format.sh
new file mode 100755
index 000000000..fdf23ef3c
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/format.sh
@@ -0,0 +1,35 @@
+#!/bin/sh
+#
+# format.sh
+#
+# run clang-format on each .c & .h file
+#
+# assumes git tree is clean when reporting status
+
+if [ -z "${CLANG_FORMAT}" ]; then
+    CLANG_FORMAT=clang-format
+fi
+
+a=`git ls-files '*.h' '*.c'`
+for x in $a; do
+    if [ $x != "config_in.h" ]; then
+        $CLANG_FORMAT -i -style=file $x
+    fi
+done
+
+m=`git ls-files -m`
+if [ -n "$m" ]; then
+    v=`$CLANG_FORMAT -version`
+    echo "Fromatting required when checking with $v"
+    echo
+    echo "The following files required formatting:"
+    for f in $m; do
+        echo $f
+    done
+    if [ "$1" = "-d" ]; then
+        echo
+        git diff
+    fi
+    exit 1
+fi
+exit 0
diff --git a/trunk/3rdparty/libsrtp-2-fit/fuzzer/Makefile.in b/trunk/3rdparty/libsrtp-2-fit/fuzzer/Makefile.in
new file mode 100644
index 000000000..cd107faa9
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/fuzzer/Makefile.in
@@ -0,0 +1,34 @@
+# Makefile for libSRTP fuzzer
+
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+top_builddir = @top_builddir@
+VPATH = @srcdir@
+
+CC	= @CC@
+CXX	= @CXX@
+INCDIR	= -Iinclude -I$(srcdir)/include -I$(top_srcdir)/include -I$(top_srcdir)/crypto/include/
+DEFS	= @DEFS@
+CPPFLAGS= @CPPFLAGS@ -g
+CXXFLAGS= @CXXFLAGS@ -g
+CFLAGS	= @CFLAGS@ -g
+LIBS	= @LIBS@
+COMPILE = $(CC) $(DEFS) $(INCDIR) $(CPPFLAGS) $(CFLAGS)
+COMPILECXX = $(CXX) $(DEFS) $(INCDIR) $(CPPFLAGS) $(CXXFLAGS)
+CRYPTOLIB = -lsrtp2
+
+.PHONY: clean
+
+all : srtp-fuzzer
+
+mt19937.o: mt19937.cpp
+	$(COMPILECXX) -c -std=c++11 mt19937.cpp -o mt19937.o
+fuzzer.o: fuzzer.c fuzzer.h testmem.h
+	$(COMPILE) fuzzer.c -c -o fuzzer.o
+testmem.o: testmem.c
+	$(COMPILE) -O0 testmem.c -c -o testmem.o
+srtp-fuzzer: fuzzer.o mt19937.o testmem.o
+	$(COMPILECXX) -L. -L.. fuzzer.o mt19937.o testmem.o $(LIBFUZZER) $(CRYPTOLIB) $(LIBS) -o srtp-fuzzer
+
+clean:
+	rm -rf srtp-fuzzer *.o
diff --git a/trunk/3rdparty/libsrtp-2-fit/fuzzer/README.md b/trunk/3rdparty/libsrtp-2-fit/fuzzer/README.md
new file mode 100644
index 000000000..eee957976
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/fuzzer/README.md
@@ -0,0 +1,88 @@
+# libsrt fuzzer
+
+By Guido Vranken <guidovranken@gmail.com> -- https://guidovranken.wordpress.com/
+
+This is an advanced fuzzer for libSRTP (https://github.com/cisco/libsrtp). It implements several special techniques, described below, that are not often found in fuzzers or elsewhere. All are encouraged to transpose these ideas to their own fuzzers for the betterment of software security.
+
+Feel free to contact me for business enquiries.
+
+## Building
+
+From the repository's root directory:
+
+```sh
+CC=clang CXX=clang++ CXXFLAGS="-fsanitize=fuzzer-no-link,address,undefined -g -O3" CFLAGS="-fsanitize=fuzzer-no-link,address,undefined -g -O3" LDFLAGS="-fsanitize=fuzzer-no-link,address,undefined" ./configure
+LIBFUZZER="-fsanitize=fuzzer" make srtp-fuzzer
+```
+
+## Features
+
+### Portable PRNG
+
+```mt19937.c``` exports the C++11 Mersenne Twister implementaton. Hence, a modern C++ compiler is required to compile this file.
+
+This approach has the following advantages:
+
+- rand() is fickle -- its behavior eg. the sequence of numbers that it generates for a given seed, may differ across systems and libc's.
+- C++11 mt19937 is portable, meaning that its behavior will be consistent across platforms. This is important to keep the fuzzing corpus portable.
+- No need to implement a portable PRNG ourselves, or risk license incompatability by importing it from other projects.
+
+### Size 0 allocations
+
+To test whether allocations of size 0 eg. ```malloc(0)``` are ever dereferenced and written to, the custom allocater will return an intentionally invalid pointer pointer address for these requests.
+
+For more information, see the comments in ```fuzz_alloc()```.
+
+### Random allocation failures
+
+The custom allocator will periodically return ```NULL``` for heap requests. This tests the library's resilience and correct operation in the event of global memory shortages.
+
+The interval of ```NULL``` return values is deterministic as it relies on the PRNG, so for a given fuzzer input (that encodes the PRNG seed as well), behavior of that input with regards to allocator behaviour is consistent, allowing for reliable reproduction of bugs.
+
+### Detecting inadequate pointer arithmetic
+
+This feature is only available on 32 bit builds.
+
+Unless the ```--no_mmap``` flag is given, the fuzzer will use a special allocation technique for some of the allocation requests. It will use ```mmap()``` to reserve memory at the extremities of the virtual address space -- sometimes at 0x00010000 and sometimes at 0xFFFF0000. This approach can assist in detecting invalid or inadequate pointer arithmetic. For example, consider the following code:
+
+```c
+if ( start + n < end ) {
+    memset(start, 0, n);
+}
+```
+
+where ```start``` and ```end``` demarcate a memory region, and ```n``` is some positive integer.
+If ```n``` is a sufficiently large value, a pointer addition overflow will occur, leading to a page fault. By routinely placing allocations at the high virtual address ```0xFFFF0000```, the chances of detecting this bug are increased. So let's say ```start``` was previously allocated at ```0xFFFF0000```, and ```end``` is ```0xFFFF1000```, and ```n``` is 0xFFFFF. Then the expression effectively becomes:
+
+```c
+if ( 0xFFFF0000 + 0x000FFFFF < 0xFFFF1000 ) {
+    memset(0xFFFF0000, 0, 0x000FFFF);
+}
+```
+
+The addition ```0xFFFF0000 + 0x000FFFFF``` overflows so the result is ```0x000EFFFF```. Hence:
+
+```c
+if ( 0x000EFFFF < 0xFFFF1000 ) { // Expression resolves as true !
+```
+
+The subsequent ```memset``` is executed contrary to the programmer's intentions, and a segmentation fault will occur.
+
+While this is a corner case, it can not be ruled out that it might occur in a production environment. What's more, the analyst examining the crash can reason about how the value of ```n``` comes about in the first place, and concoct a crafted input that leads to a very high ```n``` value, making the "exploit" succeed even with average virtual addresses.
+
+Aside from using ```mmap``` to allocate at address ```0xFFFF0000```, the fuzzer will also place allocations at the low virtual address ```0x00010000``` to detect invalid pointer arithmetic involving subtraction:
+
+```c
+if ( end - n > start ) {
+```
+
+### Output memory testing
+
+```testmem.c``` exports ```fuzz_testmem```. All this function does is copy the input buffer to a newly allocated heap region, and then free that heap region. If AddressSanitizer is enabled, this ensures that the input buffer to ```fuzz_testmem``` is a legal memory region.
+If MemorySanitizer is enabled, then ``fuzz_testmem``` calls ```fuzz_testmem_msan````. The latter function writes the data at hand to ```/dev/null```. This is an nice trick to make MemorySanitizer evaluate this data, and crash if it contains uninitialized bytes.
+This function has been implemented in a separate file for a reason: from the perspective of an optimizing compiler, this is a meaningless operation, and as such it might be optimized away. Hence, this file must be compiled without optimizations (```-O0``` flag).
+
+## Contributing
+
+When extending the current fuzzer, use variable types whose width is consistent across systems where possible. This is necessary to retain corpus portability. For example, use ```uint64_t``` rather than ```unsigned long```.
+
diff --git a/trunk/3rdparty/libsrtp-2-fit/fuzzer/fuzzer.c b/trunk/3rdparty/libsrtp-2-fit/fuzzer/fuzzer.c
new file mode 100644
index 000000000..1863e3475
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/fuzzer/fuzzer.c
@@ -0,0 +1,936 @@
+/* By Guido Vranken <guidovranken@gmail.com> --
+ * https://guidovranken.wordpress.com/ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <stdbool.h>
+#include <limits.h>
+#include "srtp.h"
+#include "srtp_priv.h"
+#include "ekt.h"
+#include "fuzzer.h"
+#include "mt19937.h"
+#include "testmem.h"
+
+/* Global variables */
+static bool g_no_align = false; /* Can be enabled with --no_align */
+static bool g_post_init =
+    false; /* Set to true once past initialization phase */
+static bool g_write_input = false;
+
+#ifdef FUZZ_32BIT
+#include <sys/mman.h>
+static bool g_no_mmap = false; /* Can be enabled with --no_mmap */
+static void *g_mmap_allocation =
+    NULL; /* Keeps current mmap() allocation address */
+static size_t g_mmap_allocation_size =
+    0; /* Keeps current mmap() allocation size */
+#endif
+
+/* Custom allocator functions */
+
+static void *fuzz_alloc(const size_t size, const bool do_zero)
+{
+    void *ret = NULL;
+#ifdef FUZZ_32BIT
+    bool do_malloc = true;
+#endif
+    bool do_mmap, mmap_high = true;
+
+    if (size == 0) {
+        size_t ret;
+        /* Allocations of size 0 are not illegal, but are a bad practice, since
+         * writing just a single byte to this region constitutes undefined
+         * behavior per the C spec. glibc will return a small, valid memory
+         * region
+         * whereas OpenBSD will crash upon writing to it.
+         * Intentionally return a pointer to an invalid page to detect
+         * unsound code efficiently.
+         * fuzz_free is aware of this pointer range and will not attempt
+         * to free()/munmap() it.
+         */
+        ret = 0x01 + (fuzz_mt19937_get() % 1024);
+        return (void *)ret;
+    }
+
+    /* Don't do mmap()-based allocations during initialization */
+    if (g_post_init == true) {
+        /* Even extract these values if --no_mmap is specified.
+         * This keeps the PRNG output stream consistent across
+         * fuzzer configurations.
+         */
+        do_mmap = (fuzz_mt19937_get() % 64) == 0 ? true : false;
+        if (do_mmap == true) {
+            mmap_high = (fuzz_mt19937_get() % 2) == 0 ? true : false;
+        }
+    } else {
+        do_mmap = false;
+    }
+
+#ifdef FUZZ_32BIT
+    /* g_mmap_allocation must be NULL because we only support a single
+     * concurrent mmap allocation at a time
+     */
+    if (g_mmap_allocation == NULL && g_no_mmap == false && do_mmap == true) {
+        void *mmap_address;
+        if (mmap_high == true) {
+            mmap_address = (void *)0xFFFF0000;
+        } else {
+            mmap_address = (void *)0x00010000;
+        }
+        g_mmap_allocation_size = size;
+
+        ret = mmap(mmap_address, g_mmap_allocation_size, PROT_READ | PROT_WRITE,
+                   MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
+
+        if (ret == MAP_FAILED) {
+            /* That's okay -- just return NULL to the caller */
+
+            ret = NULL;
+
+            /* Reset this for the sake of cleanliness */
+            g_mmap_allocation_size = 0;
+        }
+        /* ret not being MAP_FAILED does not mean that ret is the requested
+         * address (mmap_address). That's okay. We're not going to perform
+         * a munmap() on it and call malloc() instead. It won't gain us
+         * anything.
+         */
+
+        g_mmap_allocation = ret;
+        do_malloc = false;
+    }
+
+    if (do_malloc == true)
+#endif
+    {
+        ret = malloc(size);
+    }
+
+    /* Mimic calloc() if so requested */
+    if (ret != NULL && do_zero) {
+        memset(ret, 0, size);
+    }
+
+    return ret;
+}
+
+/* Internal allocations by this fuzzer must on one hand (sometimes)
+ * receive memory from mmap(), but on the other hand these requests for
+ * memory may not fail. By calling this function, the allocation is
+ * guaranteed to succeed; it first tries with fuzz_alloc(), which may
+ * fail if it uses mmap(), and if that is the case, memory is allocated
+ * via the libc allocator (malloc, calloc) which should always succeed */
+static void *fuzz_alloc_succeed(const size_t size, const bool do_zero)
+{
+    void *ret = fuzz_alloc(size, do_zero);
+    if (ret == NULL) {
+        if (do_zero == false) {
+            ret = malloc(size);
+        } else {
+            ret = calloc(1, size);
+        }
+    }
+
+    return ret;
+}
+
+void *fuzz_calloc(const size_t nmemb, const size_t size)
+{
+    /* We must be past srtp_init() to prevent that that function fails */
+    if (g_post_init == true) {
+        /* Fail 1 in 64 allocations on average to test whether the library
+         * can deal with this properly.
+         */
+        if ((fuzz_mt19937_get() % 64) == 0) {
+            return NULL;
+        }
+    }
+
+    return fuzz_alloc(nmemb * size, true);
+}
+
+static bool fuzz_is_special_pointer(void *ptr)
+{
+    /* Special, invalid pointers introduced when code attempted
+     * to do size = 0 allocations.
+     */
+    if ((size_t)ptr >= 0x01 && (size_t)ptr < (0x01 + 1024)) {
+        return true;
+    } else {
+        return false;
+    }
+}
+
+void fuzz_free(void *ptr)
+{
+    if (fuzz_is_special_pointer(ptr) == true) {
+        return;
+    }
+
+#ifdef FUZZ_32BIT
+    if (g_post_init == true && ptr != NULL && ptr == g_mmap_allocation) {
+        if (munmap(g_mmap_allocation, g_mmap_allocation_size) == -1) {
+            /* Shouldn't happen */
+            abort();
+        }
+        g_mmap_allocation = NULL;
+    } else
+#endif
+    {
+        free(ptr);
+    }
+}
+
+static srtp_err_status_t fuzz_srtp_protect(srtp_t srtp_sender,
+                                           void *hdr,
+                                           int *len,
+                                           uint8_t use_mki,
+                                           unsigned int mki)
+{
+    return srtp_protect(srtp_sender, hdr, len);
+}
+
+static srtp_err_status_t fuzz_srtp_unprotect(srtp_t srtp_sender,
+                                             void *hdr,
+                                             int *len,
+                                             uint8_t use_mki,
+                                             unsigned int mki)
+{
+    return srtp_unprotect(srtp_sender, hdr, len);
+}
+
+static srtp_err_status_t fuzz_srtp_protect_rtcp(srtp_t srtp_sender,
+                                                void *hdr,
+                                                int *len,
+                                                uint8_t use_mki,
+                                                unsigned int mki)
+{
+    return srtp_protect_rtcp(srtp_sender, hdr, len);
+}
+
+static srtp_err_status_t fuzz_srtp_unprotect_rtcp(srtp_t srtp_sender,
+                                                  void *hdr,
+                                                  int *len,
+                                                  uint8_t use_mki,
+                                                  unsigned int mki)
+{
+    return srtp_unprotect_rtcp(srtp_sender, hdr, len);
+}
+
+static srtp_err_status_t fuzz_srtp_protect_mki(srtp_t srtp_sender,
+                                               void *hdr,
+                                               int *len,
+                                               uint8_t use_mki,
+                                               unsigned int mki)
+{
+    return srtp_protect_mki(srtp_sender, hdr, len, use_mki, mki);
+}
+
+static srtp_err_status_t fuzz_srtp_protect_rtcp_mki(srtp_t srtp_sender,
+                                                    void *hdr,
+                                                    int *len,
+                                                    uint8_t use_mki,
+                                                    unsigned int mki)
+{
+    return srtp_protect_rtcp_mki(srtp_sender, hdr, len, use_mki, mki);
+}
+
+static srtp_err_status_t fuzz_srtp_unprotect_mki(srtp_t srtp_sender,
+                                                 void *hdr,
+                                                 int *len,
+                                                 uint8_t use_mki,
+                                                 unsigned int mki)
+{
+    return srtp_unprotect_mki(srtp_sender, hdr, len, use_mki);
+}
+
+static srtp_err_status_t fuzz_srtp_unprotect_rtcp_mki(srtp_t srtp_sender,
+                                                      void *hdr,
+                                                      int *len,
+                                                      uint8_t use_mki,
+                                                      unsigned int mki)
+{
+    return srtp_unprotect_rtcp_mki(srtp_sender, hdr, len, use_mki);
+}
+
+/* Get protect length functions */
+
+static srtp_err_status_t fuzz_srtp_get_protect_length(const srtp_t srtp_ctx,
+                                                      uint8_t use_mki,
+                                                      unsigned int mki,
+                                                      uint32_t *length)
+{
+    return srtp_get_protect_trailer_length(srtp_ctx, 0, 0, length);
+}
+
+static srtp_err_status_t fuzz_srtp_get_protect_rtcp_length(
+    const srtp_t srtp_ctx,
+    uint8_t use_mki,
+    unsigned int mki,
+    uint32_t *length)
+{
+    return srtp_get_protect_rtcp_trailer_length(srtp_ctx, 0, 0, length);
+}
+
+static srtp_err_status_t fuzz_srtp_get_protect_mki_length(const srtp_t srtp_ctx,
+                                                          uint8_t use_mki,
+                                                          unsigned int mki,
+                                                          uint32_t *length)
+{
+    return srtp_get_protect_trailer_length(srtp_ctx, use_mki, mki, length);
+}
+
+static srtp_err_status_t fuzz_srtp_get_protect_rtcp_mki_length(
+    const srtp_t srtp_ctx,
+    uint8_t use_mki,
+    unsigned int mki,
+    uint32_t *length)
+{
+    return srtp_get_protect_rtcp_trailer_length(srtp_ctx, use_mki, mki, length);
+}
+
+static uint8_t *extract_key(const uint8_t **data,
+                            size_t *size,
+                            const size_t key_size)
+{
+    uint8_t *ret;
+    if (*size < key_size) {
+        return NULL;
+    }
+
+    ret = fuzz_alloc_succeed(key_size, false);
+    EXTRACT(ret, *data, *size, key_size);
+
+    return ret;
+}
+
+static srtp_master_key_t *extract_master_key(const uint8_t **data,
+                                             size_t *size,
+                                             const size_t key_size,
+                                             bool simulate,
+                                             bool *success)
+{
+    srtp_master_key_t *ret = NULL;
+    uint16_t mki_id_size;
+
+    if (simulate == true) {
+        *success = false;
+    }
+
+    EXTRACT_IF(&mki_id_size, *data, *size, sizeof(mki_id_size));
+
+    if (*size < key_size + mki_id_size) {
+        goto end;
+    }
+
+    if (simulate == true) {
+        *data += key_size + mki_id_size;
+        *size -= key_size + mki_id_size;
+        *success = true;
+        goto end;
+    }
+
+    ret = fuzz_alloc_succeed(sizeof(srtp_master_key_t), false);
+    ret->key = fuzz_alloc_succeed(key_size, false);
+
+    ret->mki_id = fuzz_alloc_succeed(mki_id_size, false);
+
+    EXTRACT(ret->key, *data, *size, key_size);
+    EXTRACT(ret->mki_id, *data, *size, mki_id_size);
+    ret->mki_size = mki_id_size;
+end:
+    return ret;
+}
+
+static srtp_master_key_t **extract_master_keys(const uint8_t **data,
+                                               size_t *size,
+                                               const size_t key_size,
+                                               unsigned long *num_master_keys)
+{
+    const uint8_t *data_orig = *data;
+    size_t size_orig = *size;
+    size_t i = 0;
+
+    srtp_master_key_t **ret = NULL;
+
+    *num_master_keys = 0;
+
+    /* First pass -- dry run, determine how many keys we want and can extract */
+    while (1) {
+        uint8_t do_extract_master_key;
+        bool success;
+        if (*size < sizeof(do_extract_master_key)) {
+            goto next;
+        }
+        EXTRACT(&do_extract_master_key, *data, *size,
+                sizeof(do_extract_master_key));
+
+        /* Decide whether to extract another key */
+        if ((do_extract_master_key % 2) == 0) {
+            break;
+        }
+
+        extract_master_key(data, size, key_size, true, &success);
+
+        if (success == false) {
+            break;
+        }
+
+        (*num_master_keys)++;
+    }
+
+next:
+    *data = data_orig;
+    *size = size_orig;
+
+    /* Allocate array of pointers */
+    ret = fuzz_alloc_succeed(*num_master_keys * sizeof(srtp_master_key_t *),
+                             false);
+
+    /* Second pass -- perform the actual extractions */
+    for (i = 0; i < *num_master_keys; i++) {
+        uint8_t do_extract_master_key;
+        EXTRACT_IF(&do_extract_master_key, *data, *size,
+                   sizeof(do_extract_master_key));
+
+        if ((do_extract_master_key % 2) == 0) {
+            break;
+        }
+
+        ret[i] = extract_master_key(data, size, key_size, false, NULL);
+
+        if (ret[i] == NULL) {
+            /* Shouldn't happen */
+            abort();
+        }
+    }
+
+end:
+    return ret;
+}
+
+static srtp_ekt_policy_t extract_ekt_policy(const uint8_t **data, size_t *size)
+{
+    srtp_ekt_policy_t ret = NULL;
+    struct {
+        srtp_ekt_spi_t spi;
+        uint8_t key[16];
+
+    } params;
+
+    EXTRACT_IF(&params, *data, *size, sizeof(params));
+
+    ret = fuzz_alloc_succeed(sizeof(struct srtp_ekt_policy_ctx_t), false);
+
+    ret->spi = params.spi;
+
+    /* The only supported cipher type */
+    ret->ekt_cipher_type = SRTP_EKT_CIPHER_AES_128_ECB;
+
+    ret->ekt_key = fuzz_alloc_succeed(sizeof(params.key), false);
+    memcpy(ret->ekt_key, params.key, sizeof(params.key));
+
+    ret->next_ekt_policy = NULL;
+
+end:
+    return ret;
+}
+
+static srtp_policy_t *extract_policy(const uint8_t **data, size_t *size)
+{
+    srtp_policy_t *policy = NULL;
+    struct {
+        uint8_t srtp_crypto_policy_func;
+        uint64_t window_size;
+        uint8_t allow_repeat_tx;
+        uint8_t ssrc_type;
+        uint32_t ssrc_value;
+        uint8_t num_xtn_hdr;
+        uint8_t with_ekt;
+        srtp_ekt_spi_t ekt_spi;
+        uint8_t do_extract_key;
+        uint8_t do_extract_master_keys;
+    } params;
+
+    EXTRACT_IF(&params, *data, *size, sizeof(params));
+
+    params.srtp_crypto_policy_func %= sizeof(fuzz_srtp_crypto_policies) /
+                                      sizeof(fuzz_srtp_crypto_policies[0]);
+    params.allow_repeat_tx %= 2;
+    params.ssrc_type %=
+        sizeof(fuzz_ssrc_type_map) / sizeof(fuzz_ssrc_type_map[0]);
+    params.with_ekt %= 2;
+
+    policy = fuzz_alloc_succeed(sizeof(*policy), true);
+
+    fuzz_srtp_crypto_policies[params.srtp_crypto_policy_func]
+        .crypto_policy_func(&policy->rtp);
+    fuzz_srtp_crypto_policies[params.srtp_crypto_policy_func]
+        .crypto_policy_func(&policy->rtcp);
+
+    if (policy->rtp.cipher_key_len > MAX_KEY_LEN) {
+        /* Shouldn't happen */
+        abort();
+    }
+
+    policy->ssrc.type = fuzz_ssrc_type_map[params.ssrc_type].srtp_ssrc_type;
+    policy->ssrc.value = params.ssrc_value;
+
+    if ((params.do_extract_key % 2) == 0) {
+        policy->key = extract_key(data, size, policy->rtp.cipher_key_len);
+
+        if (policy->key == NULL) {
+            fuzz_free(policy);
+            return NULL;
+        }
+    }
+
+    if (params.num_xtn_hdr != 0) {
+        const size_t xtn_hdr_size = params.num_xtn_hdr * sizeof(int);
+        if (*size < xtn_hdr_size) {
+            fuzz_free(policy->key);
+            fuzz_free(policy);
+            return NULL;
+        }
+        policy->enc_xtn_hdr = fuzz_alloc_succeed(xtn_hdr_size, false);
+        EXTRACT(policy->enc_xtn_hdr, *data, *size, xtn_hdr_size);
+        policy->enc_xtn_hdr_count = params.num_xtn_hdr;
+    }
+
+    if ((params.do_extract_master_keys % 2) == 0) {
+        policy->keys = extract_master_keys(
+            data, size, policy->rtp.cipher_key_len, &policy->num_master_keys);
+        if (policy->keys == NULL) {
+            fuzz_free(policy->key);
+            fuzz_free(policy->enc_xtn_hdr);
+            fuzz_free(policy);
+            return NULL;
+        }
+    }
+
+    if (params.with_ekt) {
+        policy->ekt = extract_ekt_policy(data, size);
+    }
+
+    policy->window_size = params.window_size;
+    policy->allow_repeat_tx = params.allow_repeat_tx;
+    policy->next = NULL;
+
+end:
+    return policy;
+}
+
+static srtp_policy_t *extract_policies(const uint8_t **data, size_t *size)
+{
+    srtp_policy_t *curpolicy = NULL, *policy_chain = NULL;
+
+    curpolicy = extract_policy(data, size);
+    if (curpolicy == NULL) {
+        return NULL;
+    }
+
+    policy_chain = curpolicy;
+
+    while (1) {
+        uint8_t do_extract_policy;
+        EXTRACT_IF(&do_extract_policy, *data, *size, sizeof(do_extract_policy));
+
+        /* Decide whether to extract another policy */
+        if ((do_extract_policy % 2) == 0) {
+            break;
+        }
+
+        curpolicy->next = extract_policy(data, size);
+        if (curpolicy->next == NULL) {
+            break;
+        }
+        curpolicy = curpolicy->next;
+    }
+
+end:
+    return policy_chain;
+}
+
+static uint32_t *extract_remove_stream_ssrc(const uint8_t **data,
+                                            size_t *size,
+                                            uint8_t *num_remove_stream)
+{
+    uint32_t *ret = NULL;
+    uint8_t _num_remove_stream;
+    size_t total_size;
+
+    *num_remove_stream = 0;
+
+    EXTRACT_IF(&_num_remove_stream, *data, *size, sizeof(_num_remove_stream));
+
+    if (_num_remove_stream == 0) {
+        goto end;
+    }
+
+    total_size = _num_remove_stream * sizeof(uint32_t);
+
+    if (*size < total_size) {
+        goto end;
+    }
+
+    ret = fuzz_alloc_succeed(total_size, false);
+    EXTRACT(ret, *data, *size, total_size);
+
+    *num_remove_stream = _num_remove_stream;
+
+end:
+    return ret;
+}
+
+static uint32_t *extract_set_roc(const uint8_t **data,
+                                 size_t *size,
+                                 uint8_t *num_set_roc)
+{
+    uint32_t *ret = NULL;
+    uint8_t _num_set_roc;
+    size_t total_size;
+
+    *num_set_roc = 0;
+    EXTRACT_IF(&_num_set_roc, *data, *size, sizeof(_num_set_roc));
+    if (_num_set_roc == 0) {
+        goto end;
+    }
+
+    /* Tuples of 2 uint32_t's */
+    total_size = _num_set_roc * sizeof(uint32_t) * 2;
+
+    if (*size < total_size) {
+        goto end;
+    }
+
+    ret = fuzz_alloc_succeed(total_size, false);
+    EXTRACT(ret, *data, *size, total_size);
+
+    *num_set_roc = _num_set_roc;
+
+end:
+    return ret;
+}
+
+static void free_policies(srtp_policy_t *curpolicy)
+{
+    size_t i;
+    while (curpolicy) {
+        srtp_policy_t *next = curpolicy->next;
+
+        fuzz_free(curpolicy->key);
+
+        for (i = 0; i < curpolicy->num_master_keys; i++) {
+            fuzz_free(curpolicy->keys[i]->key);
+            fuzz_free(curpolicy->keys[i]->mki_id);
+            fuzz_free(curpolicy->keys[i]);
+        }
+
+        fuzz_free(curpolicy->keys);
+        fuzz_free(curpolicy->enc_xtn_hdr);
+
+        if (curpolicy->ekt) {
+            fuzz_free(curpolicy->ekt->ekt_key);
+            fuzz_free(curpolicy->ekt);
+        }
+
+        fuzz_free(curpolicy);
+
+        curpolicy = next;
+    }
+}
+
+static uint8_t *run_srtp_func(const srtp_t srtp_ctx,
+                              const uint8_t **data,
+                              size_t *size)
+{
+    uint8_t *ret = NULL;
+    uint8_t *copy = NULL, *copy_2 = NULL;
+
+    struct {
+        uint16_t size;
+        uint8_t srtp_func;
+        uint8_t use_mki;
+        uint32_t mki;
+        uint8_t stretch;
+    } params_1;
+
+    struct {
+        uint8_t srtp_func;
+        uint8_t use_mki;
+        uint32_t mki;
+    } params_2;
+    int ret_size;
+
+    EXTRACT_IF(&params_1, *data, *size, sizeof(params_1));
+    params_1.srtp_func %= sizeof(srtp_funcs) / sizeof(srtp_funcs[0]);
+    params_1.use_mki %= 2;
+
+    if (*size < params_1.size) {
+        goto end;
+    }
+
+    /* Enforce 4 byte alignment */
+    if (g_no_align == false) {
+        params_1.size -= params_1.size % 4;
+    }
+
+    if (params_1.size == 0) {
+        goto end;
+    }
+
+    ret_size = params_1.size;
+    if (srtp_funcs[params_1.srtp_func].protect == true) {
+        /* Intentionally not initialized to trigger MemorySanitizer, if
+         * applicable */
+        uint32_t alloc_size;
+
+        if (srtp_funcs[params_1.srtp_func].get_length(
+                srtp_ctx, params_1.use_mki, params_1.mki, &alloc_size) !=
+            srtp_err_status_ok) {
+            goto end;
+        }
+
+        copy = fuzz_alloc_succeed(ret_size + alloc_size, false);
+    } else {
+        copy = fuzz_alloc_succeed(ret_size, false);
+    }
+
+    EXTRACT(copy, *data, *size, params_1.size);
+
+    if (srtp_funcs[params_1.srtp_func].srtp_func(
+            srtp_ctx, copy, &ret_size, params_1.use_mki, params_1.mki) !=
+        srtp_err_status_ok) {
+        fuzz_free(copy);
+        goto end;
+    }
+    // fuzz_free(copy);
+
+    fuzz_testmem(copy, ret_size);
+
+    ret = copy;
+
+    EXTRACT_IF(&params_2, *data, *size, sizeof(params_2));
+    params_2.srtp_func %= sizeof(srtp_funcs) / sizeof(srtp_funcs[0]);
+    params_2.use_mki %= 2;
+
+    if (ret_size == 0) {
+        goto end;
+    }
+
+    if (srtp_funcs[params_2.srtp_func].protect == true) {
+        /* Intentionally not initialized to trigger MemorySanitizer, if
+         * applicable */
+        uint32_t alloc_size;
+
+        if (srtp_funcs[params_2.srtp_func].get_length(
+                srtp_ctx, params_2.use_mki, params_2.mki, &alloc_size) !=
+            srtp_err_status_ok) {
+            goto end;
+        }
+
+        copy_2 = fuzz_alloc_succeed(ret_size + alloc_size, false);
+    } else {
+        copy_2 = fuzz_alloc_succeed(ret_size, false);
+    }
+
+    memcpy(copy_2, copy, ret_size);
+    fuzz_free(copy);
+    copy = copy_2;
+
+    if (srtp_funcs[params_2.srtp_func].srtp_func(
+            srtp_ctx, copy, &ret_size, params_2.use_mki, params_2.mki) !=
+        srtp_err_status_ok) {
+        fuzz_free(copy);
+        ret = NULL;
+        goto end;
+    }
+
+    fuzz_testmem(copy, ret_size);
+
+    ret = copy;
+
+end:
+    return ret;
+}
+
+void fuzz_srtp_event_handler(srtp_event_data_t *data)
+{
+    fuzz_testmem(data, sizeof(srtp_event_data_t));
+    if (data->session != NULL) {
+        fuzz_testmem(data->session, sizeof(*data->session));
+    }
+}
+
+static void fuzz_write_input(const uint8_t *data, size_t size)
+{
+    FILE *fp = fopen("input.bin", "wb");
+
+    if (fp == NULL) {
+        /* Shouldn't happen */
+        abort();
+    }
+
+    if (size != 0 && fwrite(data, size, 1, fp) != 1) {
+        printf("Cannot write\n");
+        /* Shouldn't happen */
+        abort();
+    }
+
+    fclose(fp);
+}
+
+int LLVMFuzzerInitialize(int *argc, char ***argv)
+{
+    char **_argv = *argv;
+    int i;
+    bool no_custom_event_handler = false;
+
+    if (srtp_init() != srtp_err_status_ok) {
+        /* Shouldn't happen */
+        abort();
+    }
+
+    for (i = 0; i < *argc; i++) {
+        if (strcmp("--no_align", _argv[i]) == 0) {
+            g_no_align = true;
+        } else if (strcmp("--no_custom_event_handler", _argv[i]) == 0) {
+            no_custom_event_handler = true;
+        } else if (strcmp("--write_input", _argv[i]) == 0) {
+            g_write_input = true;
+        }
+#ifdef FUZZ_32BIT
+        else if (strcmp("--no_mmap", _argv[i]) == 0) {
+            g_no_mmap = true;
+        }
+#endif
+        else if (strncmp("--", _argv[i], 2) == 0) {
+            printf("Invalid argument: %s\n", _argv[i]);
+            exit(0);
+        }
+    }
+
+    if (no_custom_event_handler == false) {
+        if (srtp_install_event_handler(fuzz_srtp_event_handler) !=
+            srtp_err_status_ok) {
+            /* Shouldn't happen */
+            abort();
+        }
+    }
+
+    /* Fully initialized -- past this point, simulated allocation failures
+     * are allowed to occur */
+    g_post_init = true;
+
+    return 0;
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+    uint8_t num_remove_stream;
+    uint32_t *remove_stream_ssrc = NULL;
+    uint8_t num_set_roc;
+    uint32_t *set_roc = NULL;
+    srtp_t srtp_ctx = NULL;
+    srtp_policy_t *policy_chain = NULL, *policy_chain_2 = NULL;
+    uint32_t randseed;
+    static bool firstrun = true;
+
+    if (firstrun == true) {
+        /* TODO version check etc and send it to MSAN */
+    }
+
+#ifdef FUZZ_32BIT
+    /* Free the mmap allocation made during the previous iteration, if
+     * applicable */
+    fuzz_free(g_mmap_allocation);
+#endif
+
+    if (g_write_input == true) {
+        fuzz_write_input(data, size);
+    }
+
+    EXTRACT_IF(&randseed, data, size, sizeof(randseed));
+    fuzz_mt19937_init(randseed);
+    srand(randseed);
+
+    /* policy_chain is used to initialize the srtp context with */
+    if ((policy_chain = extract_policies(&data, &size)) == NULL) {
+        goto end;
+    }
+    /* policy_chain_2 is used as an argument to srtp_update later on */
+    if ((policy_chain_2 = extract_policies(&data, &size)) == NULL) {
+        goto end;
+    }
+
+    /* Create context */
+    if (srtp_create(&srtp_ctx, policy_chain) != srtp_err_status_ok) {
+        goto end;
+    }
+
+    // free_policies(policy_chain);
+    // policy_chain = NULL;
+
+    /* Don't check for NULL result -- no extractions is fine */
+    remove_stream_ssrc =
+        extract_remove_stream_ssrc(&data, &size, &num_remove_stream);
+
+    /* Don't check for NULL result -- no extractions is fine */
+    set_roc = extract_set_roc(&data, &size, &num_set_roc);
+
+    {
+        uint8_t *ret;
+        int i = 0, j = 0;
+
+        while ((ret = run_srtp_func(srtp_ctx, &data, &size)) != NULL) {
+            fuzz_free(ret);
+
+            /* Keep removing streams until the set of SSRCs extracted from the
+             * fuzzer input is exhausted */
+            if (i < num_remove_stream) {
+                if (srtp_remove_stream(srtp_ctx, remove_stream_ssrc[i]) !=
+                    srtp_err_status_ok) {
+                    goto end;
+                }
+                i++;
+            }
+
+            /* Keep setting and getting ROCs until the set of SSRC/ROC tuples
+             * extracted from the fuzzer input is exhausted */
+            if (j < num_set_roc * 2) {
+                uint32_t roc;
+                if (srtp_set_stream_roc(srtp_ctx, set_roc[j], set_roc[j + 1]) !=
+                    srtp_err_status_ok) {
+                    goto end;
+                }
+                if (srtp_get_stream_roc(srtp_ctx, set_roc[j + 1], &roc) !=
+                    srtp_err_status_ok) {
+                    goto end;
+                }
+                j += 2;
+            }
+
+            if (policy_chain_2 != NULL) {
+                /* TODO srtp_update(srtp_ctx, policy_chain_2); */
+
+                /* Discard after using once */
+                free_policies(policy_chain_2);
+                policy_chain_2 = NULL;
+            }
+        }
+    }
+
+end:
+    free_policies(policy_chain);
+    free_policies(policy_chain_2);
+    fuzz_free(remove_stream_ssrc);
+    fuzz_free(set_roc);
+    if (srtp_ctx != NULL) {
+        srtp_dealloc(srtp_ctx);
+    }
+    fuzz_mt19937_destroy();
+
+    return 0;
+}
diff --git a/trunk/3rdparty/libsrtp-2-fit/fuzzer/fuzzer.h b/trunk/3rdparty/libsrtp-2-fit/fuzzer/fuzzer.h
new file mode 100644
index 000000000..ce1f8d689
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/fuzzer/fuzzer.h
@@ -0,0 +1,176 @@
+#define MAX_KEY_LEN 46
+#define EXTRACT(dest, src, srcsize, copysize)                                  \
+    {                                                                          \
+        memcpy((dest), (src), (copysize));                                     \
+        (src) += (copysize);                                                   \
+        (srcsize) -= (copysize);                                               \
+    }
+
+/* Extract data if src contains sufficient bytes, otherwise go to end */
+#define EXTRACT_IF(dest, src, srcsize, copysize)                               \
+    {                                                                          \
+        if ((srcsize) < (copysize)) {                                          \
+            goto end;                                                          \
+        } else {                                                               \
+            EXTRACT((dest), (src), (srcsize), (copysize));                     \
+        }                                                                      \
+    }
+#include <stdint.h>
+#if UINTPTR_MAX == 0xffffffff
+#define FUZZ_32BIT
+#elif UINTPTR_MAX == 0xffffffffffffffff
+#else
+#error "Cannot detect word size"
+#endif
+
+typedef srtp_err_status_t (
+    *fuzz_srtp_func)(srtp_t, void *, int *, uint8_t, unsigned int);
+typedef void (*fuzz_srtp_crypto_policy_func)(srtp_crypto_policy_t *);
+typedef srtp_err_status_t (*fuzz_srtp_get_length_func)(const srtp_t,
+                                                       uint8_t,
+                                                       unsigned int,
+                                                       uint32_t *);
+
+struct fuzz_srtp_params {
+    uint8_t srtp_func;
+    uint8_t srtp_crypto_policy_func;
+    uint16_t window_size;
+    uint8_t allow_repeat_tx;
+    uint8_t ssrc_type;
+    unsigned int ssrc_value;
+    uint8_t key[MAX_KEY_LEN];
+    uint8_t mki;
+};
+
+static srtp_err_status_t fuzz_srtp_protect(srtp_t srtp_sender,
+                                           void *hdr,
+                                           int *len,
+                                           uint8_t use_mki,
+                                           unsigned int mki);
+static srtp_err_status_t fuzz_srtp_unprotect(srtp_t srtp_sender,
+                                             void *hdr,
+                                             int *len,
+                                             uint8_t use_mki,
+                                             unsigned int mki);
+static srtp_err_status_t fuzz_srtp_protect_rtcp(srtp_t srtp_sender,
+                                                void *hdr,
+                                                int *len,
+                                                uint8_t use_mki,
+                                                unsigned int mki);
+static srtp_err_status_t fuzz_srtp_unprotect_rtcp(srtp_t srtp_sender,
+                                                  void *hdr,
+                                                  int *len,
+                                                  uint8_t use_mki,
+                                                  unsigned int mki);
+static srtp_err_status_t fuzz_srtp_protect_mki(srtp_t srtp_sender,
+                                               void *hdr,
+                                               int *len,
+                                               uint8_t use_mki,
+                                               unsigned int mki);
+static srtp_err_status_t fuzz_srtp_protect_rtcp_mki(srtp_t srtp_sender,
+                                                    void *hdr,
+                                                    int *len,
+                                                    uint8_t use_mki,
+                                                    unsigned int mki);
+static srtp_err_status_t fuzz_srtp_unprotect_mki(srtp_t srtp_sender,
+                                                 void *hdr,
+                                                 int *len,
+                                                 uint8_t use_mki,
+                                                 unsigned int mki);
+static srtp_err_status_t fuzz_srtp_unprotect_rtcp_mki(srtp_t srtp_sender,
+                                                      void *hdr,
+                                                      int *len,
+                                                      uint8_t use_mki,
+                                                      unsigned int mki);
+
+static srtp_err_status_t fuzz_srtp_get_protect_length(const srtp_t srtp_ctx,
+                                                      uint8_t use_mki,
+                                                      unsigned int mki,
+                                                      uint32_t *length);
+static srtp_err_status_t fuzz_srtp_get_protect_mki_length(const srtp_t srtp_ctx,
+                                                          uint8_t use_mki,
+                                                          unsigned int mki,
+                                                          uint32_t *length);
+static srtp_err_status_t fuzz_srtp_get_protect_rtcp_length(
+    const srtp_t srtp_ctx,
+    uint8_t use_mki,
+    unsigned int mki,
+    uint32_t *length);
+static srtp_err_status_t fuzz_srtp_get_protect_rtcp_mki_length(
+    const srtp_t srtp_ctx,
+    uint8_t use_mki,
+    unsigned int mki,
+    uint32_t *length);
+
+struct fuzz_srtp_func_ext {
+    fuzz_srtp_func srtp_func;
+    bool protect;
+    fuzz_srtp_get_length_func get_length;
+};
+
+const struct fuzz_srtp_func_ext srtp_funcs[] = {
+    { fuzz_srtp_protect, true, fuzz_srtp_get_protect_length },
+    { fuzz_srtp_unprotect, false, NULL },
+    { fuzz_srtp_protect_rtcp, true, fuzz_srtp_get_protect_rtcp_length },
+    { fuzz_srtp_unprotect_rtcp, false, NULL },
+    { fuzz_srtp_protect_mki, true, fuzz_srtp_get_protect_mki_length },
+    { fuzz_srtp_unprotect_mki, false, NULL },
+    { fuzz_srtp_protect_rtcp_mki, true, fuzz_srtp_get_protect_rtcp_mki_length },
+    { fuzz_srtp_unprotect_rtcp_mki, false, NULL }
+};
+
+struct fuzz_srtp_crypto_policy_func_ext {
+    fuzz_srtp_crypto_policy_func crypto_policy_func;
+    const char *name;
+};
+
+const struct fuzz_srtp_crypto_policy_func_ext fuzz_srtp_crypto_policies[] = {
+    { srtp_crypto_policy_set_rtp_default, "" },
+    { srtp_crypto_policy_set_rtcp_default, "" },
+    { srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32,
+      "srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32" },
+    { srtp_crypto_policy_set_aes_cm_128_null_auth,
+      "srtp_crypto_policy_set_aes_cm_128_null_auth" },
+    { srtp_crypto_policy_set_aes_cm_256_hmac_sha1_32,
+      "srtp_crypto_policy_set_aes_cm_256_hmac_sha1_32" },
+    { srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80,
+      "srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80" },
+    { srtp_crypto_policy_set_aes_cm_256_null_auth,
+      "srtp_crypto_policy_set_aes_cm_256_null_auth" },
+    { srtp_crypto_policy_set_null_cipher_hmac_null,
+      "srtp_crypto_policy_set_null_cipher_hmac_null" },
+    { srtp_crypto_policy_set_null_cipher_hmac_sha1_80,
+      "srtp_crypto_policy_set_null_cipher_hmac_sha1_80" },
+#ifdef OPENSSL
+    { srtp_crypto_policy_set_aes_cm_192_hmac_sha1_32,
+      "srtp_crypto_policy_set_aes_cm_192_hmac_sha1_32" },
+    { srtp_crypto_policy_set_aes_cm_192_hmac_sha1_80,
+      "srtp_crypto_policy_set_aes_cm_192_hmac_sha1_80" },
+    { srtp_crypto_policy_set_aes_cm_192_null_auth,
+      "srtp_crypto_policy_set_aes_cm_192_null_auth" },
+    { srtp_crypto_policy_set_aes_gcm_128_16_auth,
+      "srtp_crypto_policy_set_aes_gcm_128_16_auth" },
+    { srtp_crypto_policy_set_aes_gcm_128_8_auth,
+      "srtp_crypto_policy_set_aes_gcm_128_8_auth" },
+    { srtp_crypto_policy_set_aes_gcm_128_8_only_auth,
+      "srtp_crypto_policy_set_aes_gcm_128_8_only_auth" },
+    { srtp_crypto_policy_set_aes_gcm_256_16_auth,
+      "srtp_crypto_policy_set_aes_gcm_256_16_auth" },
+    { srtp_crypto_policy_set_aes_gcm_256_8_auth,
+      "srtp_crypto_policy_set_aes_gcm_256_8_auth" },
+    { srtp_crypto_policy_set_aes_gcm_256_8_only_auth,
+      "srtp_crypto_policy_set_aes_gcm_256_8_only_auth" },
+#endif
+};
+
+struct fuzz_srtp_ssrc_type_ext {
+    srtp_ssrc_type_t srtp_ssrc_type;
+    const char *name;
+};
+
+const struct fuzz_srtp_ssrc_type_ext fuzz_ssrc_type_map[] = {
+    { ssrc_undefined, "ssrc_undefined" },
+    { ssrc_specific, "ssrc_specific" },
+    { ssrc_any_inbound, "ssrc_any_inbound" },
+    { ssrc_any_outbound, "ssrc_any_outbound" },
+};
diff --git a/trunk/3rdparty/libsrtp-2-fit/fuzzer/mt19937.cpp b/trunk/3rdparty/libsrtp-2-fit/fuzzer/mt19937.cpp
new file mode 100644
index 000000000..984f1fb54
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/fuzzer/mt19937.cpp
@@ -0,0 +1,17 @@
+#include <random>
+#include <cstdint>
+
+std::mt19937* mt_rand = NULL;
+
+extern "C" void fuzz_mt19937_init(uint32_t seed) {
+    mt_rand = new std::mt19937(seed);
+}
+
+extern "C" uint32_t fuzz_mt19937_get(void) {
+    return (*mt_rand)();
+}
+
+extern "C" void fuzz_mt19937_destroy(void) {
+    delete mt_rand;
+    mt_rand = NULL;
+}
diff --git a/trunk/3rdparty/libsrtp-2-fit/fuzzer/mt19937.h b/trunk/3rdparty/libsrtp-2-fit/fuzzer/mt19937.h
new file mode 100644
index 000000000..cda11819a
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/fuzzer/mt19937.h
@@ -0,0 +1,4 @@
+#include <stdint.h>
+void fuzz_mt19937_init(uint32_t seed);
+uint32_t fuzz_mt19937_get(void);
+void fuzz_mt19937_destroy(void);
diff --git a/trunk/3rdparty/libsrtp-2-fit/fuzzer/testmem.c b/trunk/3rdparty/libsrtp-2-fit/fuzzer/testmem.c
new file mode 100644
index 000000000..52370a423
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/fuzzer/testmem.c
@@ -0,0 +1,25 @@
+#include <stdint.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <string.h>
+
+#ifdef FUZZ_MSAN
+#include <stdio.h>
+static void fuzz_testmem_msan(void *data, size_t size)
+{
+    /* This is a trick to force MemorySanitizer to evaluate the data at hand */
+    FILE *fp = fopen("/dev/null", "wb");
+    fwrite(data, size, 1, fp);
+    fclose(fp);
+}
+#endif
+
+void fuzz_testmem(void *data, size_t size)
+{
+#ifdef FUZZ_MSAN
+    fuzz_testmem_msan(data, size);
+#endif
+    uint8_t *copy = malloc(size);
+    memcpy(copy, data, size);
+    free(copy);
+}
diff --git a/trunk/3rdparty/libsrtp-2-fit/fuzzer/testmem.h b/trunk/3rdparty/libsrtp-2-fit/fuzzer/testmem.h
new file mode 100644
index 000000000..b00f30952
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/fuzzer/testmem.h
@@ -0,0 +1,3 @@
+#include <stdint.h>
+#include <stddef.h>
+void fuzz_testmem(void *data, size_t size);
diff --git a/trunk/3rdparty/libsrtp-2-fit/include/ekt.h b/trunk/3rdparty/libsrtp-2-fit/include/ekt.h
new file mode 100644
index 000000000..a289a53da
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/include/ekt.h
@@ -0,0 +1,181 @@
+/*
+ * ekt.h
+ *
+ * interface to Encrypted Key Transport for SRTP
+ *
+ * David McGrew
+ * Cisco Systems, Inc.
+ */
+/*
+ *
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+/*
+ * EKT implementation strategy
+ *
+ * use stream_template approach
+ *
+ * in srtp_unprotect, when a new stream appears, check if template has
+ * EKT defined, and if it does, then apply EKT processing
+ *
+ * question: will we want to allow key-sharing templates in addition
+ * to EKT templates?  could define a new ssrc_type_t that's associated
+ * with an EKT, e.g.  ssrc_any_ekt.
+ *
+ *
+ */
+
+#ifndef SRTP_EKT_H
+#define SRTP_EKT_H
+
+// left in commented out as reminder to not include private headers
+//#include "srtp_priv.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define SRTP_EKT_CIPHER_DEFAULT 1
+#define SRTP_EKT_CIPHER_AES_128_ECB 1
+#define SRTP_EKT_CIPHER_AES_192_KEY_WRAP 2
+#define SRTP_EKT_CIPHER_AES_256_KEY_WRAP 3
+
+typedef uint16_t srtp_ekt_spi_t;
+
+unsigned srtp_ekt_octets_after_base_tag(srtp_ekt_stream_t ekt);
+
+/*
+ * an srtp_policy_t structure can contain a pointer to an
+ * srtp_ekt_policy_t structure
+ *
+ * this structure holds all of the high level EKT information, and it
+ * is passed into libsrtp to indicate what policy should be in effect
+ */
+
+typedef struct srtp_ekt_policy_ctx_t {
+    srtp_ekt_spi_t spi; /* security parameter index */
+    uint8_t ekt_cipher_type;
+    uint8_t *ekt_key;
+    struct srtp_ekt_policy_ctx_t *next_ekt_policy;
+} srtp_ekt_policy_ctx_t;
+
+/*
+ * an srtp_ekt_data_t structure holds the data corresponding to an ekt key,
+ * spi, and so on
+ */
+
+typedef struct srtp_ekt_data_t {
+    srtp_ekt_spi_t spi;
+    uint8_t ekt_cipher_type;
+    srtp_aes_expanded_key_t ekt_enc_key;
+    srtp_aes_expanded_key_t ekt_dec_key;
+    struct ekt_data_t *next_ekt_data;
+} srtp_ekt_data_t;
+
+/*
+ * an srtp_stream_ctx_t can contain an srtp_ekt_stream_ctx_t
+ *
+ * an srtp_ekt_stream_ctx_t structure holds all of the EKT information for
+ * a specific SRTP stream
+ */
+
+typedef struct srtp_ekt_stream_ctx_t {
+    srtp_ekt_data_t *data;
+    uint16_t isn; /* initial sequence number  */
+    uint8_t encrypted_master_key[SRTP_MAX_KEY_LEN];
+} srtp_ekt_stream_ctx_t;
+
+srtp_err_status_t srtp_ekt_alloc(srtp_ekt_stream_t *stream_data,
+                                 srtp_ekt_policy_t policy);
+
+srtp_err_status_t srtp_ekt_stream_init(srtp_ekt_stream_t e,
+                                       srtp_ekt_spi_t spi,
+                                       void *ekt_key,
+                                       unsigned ekt_cipher_type);
+
+srtp_err_status_t srtp_ekt_stream_init_from_policy(srtp_ekt_stream_t e,
+                                                   srtp_ekt_policy_t p);
+
+srtp_err_status_t srtp_stream_init_from_ekt(srtp_stream_t stream,
+                                            const void *srtcp_hdr,
+                                            unsigned pkt_octet_len);
+
+void srtp_ekt_write_data(srtp_ekt_stream_t ekt,
+                         uint8_t *base_tag,
+                         unsigned base_tag_len,
+                         int *packet_len,
+                         srtp_xtd_seq_num_t pkt_index);
+
+/*
+ * We handle EKT by performing some additional steps before
+ * authentication (copying the auth tag into a temporary location,
+ * zeroizing the "base tag" field in the packet)
+ *
+ * With EKT, the tag_len parameter is actually the base tag
+ * length
+ */
+srtp_err_status_t srtp_ekt_tag_verification_preproces(uint8_t *pkt_tag,
+                                                      uint8_t *pkt_tag_copy,
+                                                      unsigned tag_len);
+
+srtp_err_status_t srtp_ekt_tag_verification_postproces(uint8_t *pkt_tag,
+                                                       uint8_t *pkt_tag_copy,
+                                                       unsigned tag_len);
+
+/*
+ * @brief EKT pre-processing for srtcp tag generation
+ *
+ * This function does the pre-processing of the SRTCP authentication
+ * tag format.  When EKT is used, it consists of writing the Encrypted
+ * Master Key, the SRTP ROC, the Initial Sequence Number, and SPI
+ * fields.  The Base Authentication Tag field is set to the all-zero
+ * value
+ *
+ * When EKT is not used, this function is a no-op.
+ *
+ */
+srtp_err_status_t srtp_stream_srtcp_auth_tag_generation_preprocess(
+    const srtp_stream_t *s,
+    uint8_t *pkt_tag,
+    unsigned pkt_octet_len);
+
+/* it's not clear that a tag_generation_postprocess function is needed */
+srtp_err_status_t srtcp_auth_tag_generation_postprocess(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* SRTP_EKT_H */
diff --git a/trunk/3rdparty/libsrtp-2-fit/include/getopt_s.h b/trunk/3rdparty/libsrtp-2-fit/include/getopt_s.h
new file mode 100644
index 000000000..53fb25ba7
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/include/getopt_s.h
@@ -0,0 +1,67 @@
+/*
+ * getopt.h
+ *
+ * interface to a minimal implementation of the getopt() function,
+ * written so that test applications that use that function can run on
+ * non-POSIX platforms
+ *
+ */
+/*
+ *
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef GETOPT_S_H
+#define GETOPT_S_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * getopt_s(), optarg_s, and optind_s are small, locally defined
+ * versions of the POSIX standard getopt() interface.
+ */
+
+int getopt_s(int argc, char *const argv[], const char *optstring);
+
+extern char *optarg_s; /* defined in getopt.c */
+
+extern int optind_s; /* defined in getopt.c */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* GETOPT_S_H */
diff --git a/trunk/3rdparty/libsrtp-2-fit/include/srtp.h b/trunk/3rdparty/libsrtp-2-fit/include/srtp.h
new file mode 100644
index 000000000..c86b9ee74
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/include/srtp.h
@@ -0,0 +1,1759 @@
+/*
+ * srtp.h
+ *
+ * interface to libsrtp
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ */
+/*
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef SRTP_SRTP_H
+#define SRTP_SRTP_H
+
+#include <stdint.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @defgroup SRTP Secure RTP
+ *
+ * @brief libSRTP provides functions for protecting RTP and RTCP.  See
+ * Section @ref Overview for an introduction to the use of the library.
+ *
+ * @{
+ */
+
+/*
+ * SRTP_MASTER_KEY_LEN is the nominal master key length supported by libSRTP
+ */
+
+#define SRTP_MASTER_KEY_LEN 30
+
+/*
+ * SRTP_MAX_KEY_LEN is the maximum key length supported by libSRTP
+ */
+#define SRTP_MAX_KEY_LEN 64
+
+/*
+ * SRTP_MAX_TAG_LEN is the maximum tag length supported by libSRTP
+ */
+
+#define SRTP_MAX_TAG_LEN 16
+
+/**
+ * SRTP_MAX_MKI_LEN is the maximum size the MKI could be which is
+ * 128 bytes
+ */
+#define SRTP_MAX_MKI_LEN 128
+
+/**
+ * SRTP_MAX_TRAILER_LEN is the maximum length of the SRTP trailer
+ * (authentication tag and MKI) supported by libSRTP.  This value is
+ * the maixmum number of octets that will be added to an RTP packet by
+ * srtp_protect().
+ *
+ * @brief the maximum number of octets added by srtp_protect().
+ */
+#define SRTP_MAX_TRAILER_LEN (SRTP_MAX_TAG_LEN + SRTP_MAX_MKI_LEN)
+
+/**
+ * SRTP_MAX_NUM_MASTER_KEYS is the maximum number of Master keys for
+ * MKI supported by libSRTP.
+ *
+ */
+#define SRTP_MAX_NUM_MASTER_KEYS 16
+
+#define SRTP_SALT_LEN 14
+
+/*
+ * SRTP_AEAD_SALT_LEN is the length of the SALT values used with
+ * GCM mode.  GCM mode requires an IV.  The SALT value is used
+ * as part of the IV formation logic applied to each RTP packet.
+ */
+#define SRTP_AEAD_SALT_LEN 12
+
+#define SRTP_AES_128_KEY_LEN 16
+#define SRTP_AES_192_KEY_LEN 24
+#define SRTP_AES_256_KEY_LEN 32
+
+#define SRTP_AES_ICM_128_KEY_LEN_WSALT (SRTP_SALT_LEN + SRTP_AES_128_KEY_LEN)
+#define SRTP_AES_ICM_192_KEY_LEN_WSALT (SRTP_SALT_LEN + SRTP_AES_192_KEY_LEN)
+#define SRTP_AES_ICM_256_KEY_LEN_WSALT (SRTP_SALT_LEN + SRTP_AES_256_KEY_LEN)
+
+#define SRTP_AES_GCM_128_KEY_LEN_WSALT                                         \
+    (SRTP_AEAD_SALT_LEN + SRTP_AES_128_KEY_LEN)
+#define SRTP_AES_GCM_192_KEY_LEN_WSALT                                         \
+    (SRTP_AEAD_SALT_LEN + SRTP_AES_192_KEY_LEN)
+#define SRTP_AES_GCM_256_KEY_LEN_WSALT                                         \
+    (SRTP_AEAD_SALT_LEN + SRTP_AES_256_KEY_LEN)
+
+/**
+ *  @brief A srtp_cipher_type_id_t is an identifier for a particular cipher
+ *  type.
+ *
+ *  A srtp_cipher_type_id_t is an integer that represents a particular
+ *  cipher type, e.g. the Advanced Encryption Standard (AES).  A
+ *  SRTP_NULL_CIPHER is avaliable; this cipher leaves the data unchanged,
+ *  and can be selected to indicate that no encryption is to take
+ *  place.
+ *
+ *  @ingroup Ciphers
+ */
+typedef uint32_t srtp_cipher_type_id_t;
+
+/**
+ *  @brief An srtp_auth_type_id_t is an identifier for a particular
+ * authentication
+ *   function.
+ *
+ *  An srtp_auth_type_id_t is an integer that represents a particular
+ *  authentication function type, e.g. HMAC-SHA1.  A SRTP_NULL_AUTH is
+ *  avaliable; this authentication function performs no computation,
+ *  and can be selected to indicate that no authentication is to take
+ *  place.
+ *
+ *  @ingroup Authentication
+ */
+typedef uint32_t srtp_auth_type_id_t;
+
+/**
+ * @brief srtp_err_status_t defines error codes.
+ *
+ * The enumeration srtp_err_status_t defines error codes.  Note that the
+ * value of srtp_err_status_ok is equal to zero, which can simplify error
+ * checking somewhat.
+ *
+ */
+typedef enum {
+    srtp_err_status_ok = 0,             /**< nothing to report               */
+    srtp_err_status_fail = 1,           /**< unspecified failure             */
+    srtp_err_status_bad_param = 2,      /**< unsupported parameter           */
+    srtp_err_status_alloc_fail = 3,     /**< couldn't allocate memory        */
+    srtp_err_status_dealloc_fail = 4,   /**< couldn't deallocate properly    */
+    srtp_err_status_init_fail = 5,      /**< couldn't initialize             */
+    srtp_err_status_terminus = 6,       /**< can't process as much data as   */
+                                        /**< requested                       */
+    srtp_err_status_auth_fail = 7,      /**< authentication failure          */
+    srtp_err_status_cipher_fail = 8,    /**< cipher failure                  */
+    srtp_err_status_replay_fail = 9,    /**< replay check failed (bad index) */
+    srtp_err_status_replay_old = 10,    /**< replay check failed (index too  */
+                                        /**< old)                            */
+    srtp_err_status_algo_fail = 11,     /**< algorithm failed test routine   */
+    srtp_err_status_no_such_op = 12,    /**< unsupported operation           */
+    srtp_err_status_no_ctx = 13,        /**< no appropriate context found    */
+    srtp_err_status_cant_check = 14,    /**< unable to perform desired       */
+                                        /**< validation                      */
+    srtp_err_status_key_expired = 15,   /**< can't use key any more          */
+    srtp_err_status_socket_err = 16,    /**< error in use of socket          */
+    srtp_err_status_signal_err = 17,    /**< error in use POSIX signals      */
+    srtp_err_status_nonce_bad = 18,     /**< nonce check failed              */
+    srtp_err_status_read_fail = 19,     /**< couldn't read data              */
+    srtp_err_status_write_fail = 20,    /**< couldn't write data             */
+    srtp_err_status_parse_err = 21,     /**< error parsing data              */
+    srtp_err_status_encode_err = 22,    /**< error encoding data             */
+    srtp_err_status_semaphore_err = 23, /**< error while using semaphores    */
+    srtp_err_status_pfkey_err = 24,     /**< error while using pfkey         */
+    srtp_err_status_bad_mki = 25,       /**< error MKI present in packet is  */
+                                        /**< invalid                         */
+    srtp_err_status_pkt_idx_old = 26,   /**< packet index is too old to      */
+                                        /**< consider                        */
+    srtp_err_status_pkt_idx_adv = 27    /**< packet index advanced, reset    */
+                                        /**< needed                          */
+} srtp_err_status_t;
+
+typedef struct srtp_ctx_t_ srtp_ctx_t;
+
+/**
+ * @brief srtp_sec_serv_t describes a set of security services.
+ *
+ * A srtp_sec_serv_t enumeration is used to describe the particular
+ * security services that will be applied by a particular crypto
+ * policy (or other mechanism).
+ */
+typedef enum {
+    sec_serv_none = 0,         /**< no services                        */
+    sec_serv_conf = 1,         /**< confidentiality                    */
+    sec_serv_auth = 2,         /**< authentication                     */
+    sec_serv_conf_and_auth = 3 /**< confidentiality and authentication */
+} srtp_sec_serv_t;
+
+/**
+ * @brief srtp_crypto_policy_t describes a particular crypto policy that
+ * can be applied to an SRTP stream.
+ *
+ * A srtp_crypto_policy_t describes a particular cryptographic policy that
+ * can be applied to an SRTP or SRTCP stream.  An SRTP session policy
+ * consists of a list of these policies, one for each SRTP stream
+ * in the session.
+ */
+typedef struct srtp_crypto_policy_t {
+    srtp_cipher_type_id_t cipher_type; /**< An integer representing          */
+                                       /**< the type of cipher.              */
+    int cipher_key_len;                /**< The length of the cipher key     */
+                                       /**< in octets.                       */
+    srtp_auth_type_id_t auth_type;     /**< An integer representing the      */
+                                       /**< authentication function.         */
+    int auth_key_len;                  /**< The length of the authentication */
+                                       /**< function key in octets.          */
+    int auth_tag_len;                  /**< The length of the authentication */
+                                       /**< tag in octets.                   */
+    srtp_sec_serv_t sec_serv;          /**< The flag indicating the security */
+                                       /**< services to be applied.          */
+} srtp_crypto_policy_t;
+
+/**
+ * @brief srtp_ssrc_type_t describes the type of an SSRC.
+ *
+ * An srtp_ssrc_type_t enumeration is used to indicate a type of SSRC.  See
+ * @ref srtp_policy_t for more informataion.
+ */
+typedef enum {
+    ssrc_undefined = 0,   /**< Indicates an undefined SSRC type.    */
+    ssrc_specific = 1,    /**< Indicates a specific SSRC value      */
+    ssrc_any_inbound = 2, /**< Indicates any inbound SSRC value     */
+                          /**< (i.e. a value that is used in the    */
+                          /**< function srtp_unprotect())           */
+    ssrc_any_outbound = 3 /**< Indicates any outbound SSRC value    */
+                          /**< (i.e. a value that is used in the    */
+                          /**< function srtp_protect())             */
+} srtp_ssrc_type_t;
+
+/**
+ * @brief An srtp_ssrc_t represents a particular SSRC value, or a `wildcard'
+ * SSRC.
+ *
+ * An srtp_ssrc_t represents a particular SSRC value (if its type is
+ * ssrc_specific), or a wildcard SSRC value that will match all
+ * outbound SSRCs (if its type is ssrc_any_outbound) or all inbound
+ * SSRCs (if its type is ssrc_any_inbound).
+ */
+typedef struct {
+    srtp_ssrc_type_t type; /**< The type of this particular SSRC */
+    unsigned int value;    /**< The value of this SSRC, if it is not a */
+                           /**< wildcard */
+} srtp_ssrc_t;
+
+/**
+ * @brief points to an EKT policy
+ */
+typedef struct srtp_ekt_policy_ctx_t *srtp_ekt_policy_t;
+
+/**
+ * @brief points to EKT stream data
+ */
+typedef struct srtp_ekt_stream_ctx_t *srtp_ekt_stream_t;
+
+/**
+ * @brief srtp_master_key_t represents a master key.  There will
+ * be a Master Key Index and the Master Key associated with the
+ * Master Key Index.  Need to also keep track of the Master Key
+ * Index Size to correctly read it from a packet.
+ */
+typedef struct srtp_master_key_t {
+    unsigned char *key;
+    unsigned char *mki_id;
+    unsigned int mki_size;
+} srtp_master_key_t;
+
+/**
+ * @brief represents the policy for an SRTP session.
+ *
+ * A single srtp_policy_t struct represents the policy for a single
+ * SRTP stream, and a linked list of these elements represents the
+ * policy for an entire SRTP session.  Each element contains the SRTP
+ * and SRTCP crypto policies for that stream, a pointer to the SRTP
+ * master key for that stream, the SSRC describing that stream, or a
+ * flag indicating a `wildcard' SSRC value, and a `next' field that
+ * holds a pointer to the next element in the list of policy elements,
+ * or NULL if it is the last element.
+ *
+ * The wildcard value SSRC_ANY_INBOUND matches any SSRC from an
+ * inbound stream that for which there is no explicit SSRC entry in
+ * another policy element.  Similarly, the value SSRC_ANY_OUTBOUND
+ * will matches any SSRC from an outbound stream that does not appear
+ * in another policy element.  Note that wildcard SSRCs &b cannot be
+ * used to match both inbound and outbound traffic.  This restriction
+ * is intentional, and it allows libSRTP to ensure that no security
+ * lapses result from accidental re-use of SSRC values during key
+ * sharing.
+ *
+ * @warning The final element of the list @b must have its `next' pointer
+ *          set to NULL.
+ */
+
+typedef struct srtp_policy_t {
+    srtp_ssrc_t ssrc;              /**< The SSRC value of stream, or the    */
+                                   /**< flags SSRC_ANY_INBOUND or           */
+                                   /**< SSRC_ANY_OUTBOUND if key sharing    */
+                                   /**< is used for this policy element.    */
+    srtp_crypto_policy_t rtp;      /**< SRTP crypto policy.                 */
+    srtp_crypto_policy_t rtcp;     /**< SRTCP crypto policy.                */
+    unsigned char *key;            /**< Pointer to the SRTP master key for  */
+                                   /**< this stream.                        */
+    srtp_master_key_t **keys;      /** Array of Master Key structures       */
+    unsigned long num_master_keys; /** Number of master keys                */
+    srtp_ekt_policy_t ekt;         /**< Pointer to the EKT policy structure */
+                                   /**< for this stream (if any)            */
+    unsigned long window_size;     /**< The window size to use for replay   */
+                                   /**< protection.                         */
+    int allow_repeat_tx;           /**< Whether retransmissions of          */
+                                   /**< packets with the same sequence      */
+                                   /**< number are allowed.                 */
+                                   /**< (Note that such repeated            */
+                                   /**< transmissions must have the same    */
+                                   /**< RTP payload, or a severe security   */
+                                   /**< weakness is introduced!)            */
+    int *enc_xtn_hdr;              /**< List of header ids to encrypt.      */
+    int enc_xtn_hdr_count;         /**< Number of entries in list of header */
+                                   /**<  ids.                               */
+    struct srtp_policy_t *next;    /**< Pointer to next stream policy.      */
+} srtp_policy_t;
+
+/**
+ * @brief An srtp_t points to an SRTP session structure.
+ *
+ * The typedef srtp_t is a pointer to a structure that represents
+ * an SRTP session.  This datatype is intentially opaque in
+ * order to separate the interface from the implementation.
+ *
+ * An SRTP session consists of all of the traffic sent to the RTP and
+ * RTCP destination transport addresses, using the RTP/SAVP (Secure
+ * Audio/Video Profile).  A session can be viewed as a set of SRTP
+ * streams, each of which originates with a different participant.
+ */
+typedef srtp_ctx_t *srtp_t;
+
+/**
+ * @brief srtp_init() initializes the srtp library.
+ *
+ * @warning This function @b must be called before any other srtp
+ * functions.
+ */
+srtp_err_status_t srtp_init(void);
+
+/**
+ * @brief srtp_shutdown() de-initializes the srtp library.
+ *
+ * @warning No srtp functions may be called after calling this function.
+ */
+srtp_err_status_t srtp_shutdown(void);
+
+/**
+ * @brief srtp_protect() is the Secure RTP sender-side packet processing
+ * function.
+ *
+ * The function call srtp_protect(ctx, rtp_hdr, len_ptr) applies SRTP
+ * protection to the RTP packet rtp_hdr (which has length *len_ptr) using
+ * the SRTP context ctx.  If srtp_err_status_ok is returned, then rtp_hdr
+ * points to the resulting SRTP packet and *len_ptr is the number of
+ * octets in that packet; otherwise, no assumptions should be made
+ * about the value of either data elements.
+ *
+ * The sequence numbers of the RTP packets presented to this function
+ * need not be consecutive, but they @b must be out of order by less
+ * than 2^15 = 32,768 packets.
+ *
+ * @warning This function assumes that it can write the authentication
+ * tag into the location in memory immediately following the RTP
+ * packet, and assumes that the RTP packet is aligned on a 32-bit
+ * boundary.
+ *
+ * @warning This function assumes that it can write SRTP_MAX_TRAILER_LEN
+ * into the location in memory immediately following the RTP packet.
+ * Callers MUST ensure that this much writable memory is available in
+ * the buffer that holds the RTP packet.
+ *
+ * @param ctx is the SRTP context to use in processing the packet.
+ *
+ * @param rtp_hdr is a pointer to the RTP packet (before the call); after
+ * the function returns, it points to the srtp packet.
+ *
+ * @param len_ptr is a pointer to the length in octets of the complete
+ * RTP packet (header and body) before the function call, and of the
+ * complete SRTP packet after the call, if srtp_err_status_ok was returned.
+ * Otherwise, the value of the data to which it points is undefined.
+ *
+ * @return
+ *    - srtp_err_status_ok            no problems
+ *    - srtp_err_status_replay_fail   rtp sequence number was non-increasing
+ *    - @e other                 failure in cryptographic mechanisms
+ */
+srtp_err_status_t srtp_protect(srtp_t ctx, void *rtp_hdr, int *len_ptr);
+
+/**
+ * @brief srtp_protect_mki() is the Secure RTP sender-side packet processing
+ * function that can utilize MKI.
+ *
+ * The function call srtp_protect(ctx, rtp_hdr, len_ptr) applies SRTP
+ * protection to the RTP packet rtp_hdr (which has length *len_ptr) using
+ * the SRTP context ctx.  If srtp_err_status_ok is returned, then rtp_hdr
+ * points to the resulting SRTP packet and *len_ptr is the number of
+ * octets in that packet; otherwise, no assumptions should be made
+ * about the value of either data elements.
+ *
+ * The sequence numbers of the RTP packets presented to this function
+ * need not be consecutive, but they @b must be out of order by less
+ * than 2^15 = 32,768 packets.
+ *
+ * @warning This function assumes that it can write the authentication
+ * tag into the location in memory immediately following the RTP
+ * packet, and assumes that the RTP packet is aligned on a 32-bit
+ * boundary.
+ *
+ * @warning This function assumes that it can write SRTP_MAX_TRAILER_LEN
+ * into the location in memory immediately following the RTP packet.
+ * Callers MUST ensure that this much writable memory is available in
+ * the buffer that holds the RTP packet.
+ *
+ * @param ctx is the SRTP context to use in processing the packet.
+ *
+ * @param rtp_hdr is a pointer to the RTP packet (before the call); after
+ * the function returns, it points to the srtp packet.
+ *
+ * @param pkt_octet_len is a pointer to the length in octets of the complete
+ * RTP packet (header and body) before the function call, and of the
+ * complete SRTP packet after the call, if srtp_err_status_ok was returned.
+ * Otherwise, the value of the data to which it points is undefined.
+ *
+ * @param use_mki is a boolean to tell the system if mki is being used.  If
+ * set to false then will use the first set of session keys.  If set to true
+ * will
+ * use the session keys identified by the mki_index
+ *
+ * @param mki_index integer value specifying which set of session keys should be
+ * used if use_mki is set to true.
+ *
+ * @return
+ *    - srtp_err_status_ok            no problems
+ *    - srtp_err_status_replay_fail   rtp sequence number was non-increasing
+ *    - @e other                 failure in cryptographic mechanisms
+ */
+srtp_err_status_t srtp_protect_mki(srtp_ctx_t *ctx,
+                                   void *rtp_hdr,
+                                   int *pkt_octet_len,
+                                   unsigned int use_mki,
+                                   unsigned int mki_index);
+
+/**
+ * @brief srtp_unprotect() is the Secure RTP receiver-side packet
+ * processing function.
+ *
+ * The function call srtp_unprotect(ctx, srtp_hdr, len_ptr) verifies
+ * the Secure RTP protection of the SRTP packet pointed to by srtp_hdr
+ * (which has length *len_ptr), using the SRTP context ctx.  If
+ * srtp_err_status_ok is returned, then srtp_hdr points to the resulting
+ * RTP packet and *len_ptr is the number of octets in that packet;
+ * otherwise, no assumptions should be made about the value of either
+ * data elements.
+ *
+ * The sequence numbers of the RTP packets presented to this function
+ * need not be consecutive, but they @b must be out of order by less
+ * than 2^15 = 32,768 packets.
+ *
+ * @warning This function assumes that the SRTP packet is aligned on a
+ * 32-bit boundary.
+ *
+ * @param ctx is the SRTP session which applies to the particular packet.
+ *
+ * @param srtp_hdr is a pointer to the header of the SRTP packet
+ * (before the call).  after the function returns, it points to the
+ * rtp packet if srtp_err_status_ok was returned; otherwise, the value of
+ * the data to which it points is undefined.
+ *
+ * @param len_ptr is a pointer to the length in octets of the complete
+ * srtp packet (header and body) before the function call, and of the
+ * complete rtp packet after the call, if srtp_err_status_ok was returned.
+ * Otherwise, the value of the data to which it points is undefined.
+ *
+ * @return
+ *    - srtp_err_status_ok          if the RTP packet is valid.
+ *    - srtp_err_status_auth_fail   if the SRTP packet failed the message
+ *                                  authentication check.
+ *    - srtp_err_status_replay_fail if the SRTP packet is a replay (e.g. packet
+ *                                  has already been processed and accepted).
+ *    - [other]  if there has been an error in the cryptographic mechanisms.
+ *
+ */
+srtp_err_status_t srtp_unprotect(srtp_t ctx, void *srtp_hdr, int *len_ptr);
+
+/**
+ * @brief srtp_unprotect_mki() is the Secure RTP receiver-side packet
+ * processing function that checks for MKI.
+ *
+ * The function call srtp_unprotect(ctx, srtp_hdr, len_ptr) verifies
+ * the Secure RTP protection of the SRTP packet pointed to by srtp_hdr
+ * (which has length *len_ptr), using the SRTP context ctx.  If
+ * srtp_err_status_ok is returned, then srtp_hdr points to the resulting
+ * RTP packet and *len_ptr is the number of octets in that packet;
+ * otherwise, no assumptions should be made about the value of either
+ * data elements.
+ *
+ * The sequence numbers of the RTP packets presented to this function
+ * need not be consecutive, but they @b must be out of order by less
+ * than 2^15 = 32,768 packets.
+ *
+ * @warning This function assumes that the SRTP packet is aligned on a
+ * 32-bit boundary.
+ *
+ * @param ctx is the SRTP session which applies to the particular packet.
+ *
+ * @param srtp_hdr is a pointer to the header of the SRTP packet
+ * (before the call).  after the function returns, it points to the
+ * rtp packet if srtp_err_status_ok was returned; otherwise, the value of
+ * the data to which it points is undefined.
+ *
+ * @param len_ptr is a pointer to the length in octets of the complete
+ * srtp packet (header and body) before the function call, and of the
+ * complete rtp packet after the call, if srtp_err_status_ok was returned.
+ * Otherwise, the value of the data to which it points is undefined.
+ *
+ * @param use_mki is a boolean to tell the system if mki is being used.  If
+ * set to false then will use the first set of session keys.  If set to true
+ * will
+ * use the session keys identified by the mki_index
+ *
+ * @return
+ *    - srtp_err_status_ok          if the RTP packet is valid.
+ *    - srtp_err_status_auth_fail   if the SRTP packet failed the message
+ *                                  authentication check.
+ *    - srtp_err_status_replay_fail if the SRTP packet is a replay (e.g. packet
+ *                                  has already been processed and accepted).
+ *    - srtp_err_status_bad_mki if the MKI in the packet is not a known MKI id
+ *    - [other]  if there has been an error in the cryptographic mechanisms.
+ *
+ */
+srtp_err_status_t srtp_unprotect_mki(srtp_t ctx,
+                                     void *srtp_hdr,
+                                     int *len_ptr,
+                                     unsigned int use_mki);
+
+/**
+ * @brief srtp_create() allocates and initializes an SRTP session.
+
+ * The function call srtp_create(session, policy) allocates and
+ * initializes an SRTP session context, applying the given policy.
+ *
+ * @param session is a pointer to the SRTP session to which the policy is
+ * to be added.
+ *
+ * @param policy is the srtp_policy_t struct that describes the policy
+ * for the session.  The struct may be a single element, or it may be
+ * the head of a list, in which case each element of the list is
+ * processed.  It may also be NULL, in which case streams should be added
+ * later using srtp_add_stream().  The final element of the list @b must
+ * have its `next' field set to NULL.
+ *
+ * @return
+ *    - srtp_err_status_ok           if creation succeded.
+ *    - srtp_err_status_alloc_fail   if allocation failed.
+ *    - srtp_err_status_init_fail    if initialization failed.
+ */
+srtp_err_status_t srtp_create(srtp_t *session, const srtp_policy_t *policy);
+
+/**
+ * @brief srtp_add_stream() allocates and initializes an SRTP stream
+ * within a given SRTP session.
+ *
+ * The function call srtp_add_stream(session, policy) allocates and
+ * initializes a new SRTP stream within a given, previously created
+ * session, applying the policy given as the other argument to that
+ * stream.
+ *
+ * @return values:
+ *    - srtp_err_status_ok           if stream creation succeded.
+ *    - srtp_err_status_alloc_fail   if stream allocation failed
+ *    - srtp_err_status_init_fail    if stream initialization failed.
+ */
+srtp_err_status_t srtp_add_stream(srtp_t session, const srtp_policy_t *policy);
+
+/**
+ * @brief srtp_remove_stream() deallocates an SRTP stream.
+ *
+ * The function call srtp_remove_stream(session, ssrc) removes
+ * the SRTP stream with the SSRC value ssrc from the SRTP session
+ * context given by the argument session.
+ *
+ * @param session is the SRTP session from which the stream
+ *        will be removed.
+ *
+ * @param ssrc is the SSRC value of the stream to be removed
+ *             in network byte order.
+ *
+ * @warning Wildcard SSRC values cannot be removed from a
+ *          session.
+ *
+ * @return
+ *    - srtp_err_status_ok     if the stream deallocation succeded.
+ *    - [other]           otherwise.
+ *
+ */
+srtp_err_status_t srtp_remove_stream(srtp_t session, unsigned int ssrc);
+
+/**
+ * @brief srtp_update() udpates all streams in the session.
+ *
+ * The function call srtp_update(session, policy) updates
+ * all the streams in the session applying the given policy
+ * and key. The exsisting ROC value of all streams will be
+ * preserved.
+ *
+ * @param session is the SRTP session that contains the streams
+ *        to be updated.
+ *
+ * @param policy is the srtp_policy_t struct that describes the policy
+ * for the session.  The struct may be a single element, or it may be
+ * the head of a list, in which case each element of the list is
+ * processed. The final element of the list @b must
+ * have its `next' field set to NULL.
+ *
+ * @return
+ *    - srtp_err_status_ok           if stream creation succeded.
+ *    - srtp_err_status_alloc_fail   if stream allocation failed
+ *    - srtp_err_status_init_fail    if stream initialization failed.
+ *    - [other]                 otherwise.
+ *
+ */
+srtp_err_status_t srtp_update(srtp_t session, const srtp_policy_t *policy);
+
+/**
+ * @brief srtp_update_stream() udpates a SRTP stream.
+ *
+ * The function call srtp_update_stream(session, policy) updates
+ * the stream(s) in the session that match applying the given
+ * policy and key. The exsisting ROC value of all stream(s) will
+ * be preserved.
+ *
+ * @param session is the SRTP session that contains the streams
+ *        to be updated.
+ *
+ * @param policy is the srtp_policy_t struct that describes the policy
+ * for the session.
+ *
+ * @return
+ *    - srtp_err_status_ok           if stream creation succeded.
+ *    - srtp_err_status_alloc_fail   if stream allocation failed
+ *    - srtp_err_status_init_fail    if stream initialization failed.
+ *    - [other]                      otherwise.
+ *
+ */
+srtp_err_status_t srtp_update_stream(srtp_t session,
+                                     const srtp_policy_t *policy);
+
+/**
+ * @brief srtp_crypto_policy_set_rtp_default() sets a crypto policy
+ * structure to the SRTP default policy for RTP protection.
+ *
+ * @param p is a pointer to the policy structure to be set
+ *
+ * The function call srtp_crypto_policy_set_rtp_default(&p) sets the
+ * srtp_crypto_policy_t at location p to the SRTP default policy for RTP
+ * protection, as defined in the specification.  This function is a
+ * convenience that helps to avoid dealing directly with the policy
+ * data structure.  You are encouraged to initialize policy elements
+ * with this function call.  Doing so may allow your code to be
+ * forward compatible with later versions of libSRTP that include more
+ * elements in the srtp_crypto_policy_t datatype.
+ *
+ * @return void.
+ *
+ */
+void srtp_crypto_policy_set_rtp_default(srtp_crypto_policy_t *p);
+
+/**
+ * @brief srtp_crypto_policy_set_rtcp_default() sets a crypto policy
+ * structure to the SRTP default policy for RTCP protection.
+ *
+ * @param p is a pointer to the policy structure to be set
+ *
+ * The function call srtp_crypto_policy_set_rtcp_default(&p) sets the
+ * srtp_crypto_policy_t at location p to the SRTP default policy for RTCP
+ * protection, as defined in the specification.  This function is a
+ * convenience that helps to avoid dealing directly with the policy
+ * data structure.  You are encouraged to initialize policy elements
+ * with this function call.  Doing so may allow your code to be
+ * forward compatible with later versions of libSRTP that include more
+ * elements in the srtp_crypto_policy_t datatype.
+ *
+ * @return void.
+ *
+ */
+void srtp_crypto_policy_set_rtcp_default(srtp_crypto_policy_t *p);
+
+/**
+ * @brief srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80() sets a crypto
+ * policy structure to the SRTP default policy for RTP protection.
+ *
+ * @param p is a pointer to the policy structure to be set
+ *
+ * The function srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80() is a
+ * synonym for srtp_crypto_policy_set_rtp_default().  It conforms to the
+ * naming convention used in RFC 4568 (SDP Security Descriptions for
+ * Media Streams).
+ *
+ * @return void.
+ *
+ */
+#define srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(p)                      \
+    srtp_crypto_policy_set_rtp_default(p)
+
+/**
+ * @brief srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32() sets a crypto
+ * policy structure to a short-authentication tag policy
+ *
+ * @param p is a pointer to the policy structure to be set
+ *
+ * The function call srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(&p)
+ * sets the srtp_crypto_policy_t at location p to use policy
+ * AES_CM_128_HMAC_SHA1_32 as defined in RFC 4568.
+ * This policy uses AES-128
+ * Counter Mode encryption and HMAC-SHA1 authentication, with an
+ * authentication tag that is only 32 bits long.  This length is
+ * considered adequate only for protecting audio and video media that
+ * use a stateless playback function.  See Section 7.5 of RFC 3711
+ * (http://www.ietf.org/rfc/rfc3711.txt).
+ *
+ * This function is a convenience that helps to avoid dealing directly
+ * with the policy data structure.  You are encouraged to initialize
+ * policy elements with this function call.  Doing so may allow your
+ * code to be forward compatible with later versions of libSRTP that
+ * include more elements in the srtp_crypto_policy_t datatype.
+ *
+ * @warning This crypto policy is intended for use in SRTP, but not in
+ * SRTCP.  It is recommended that a policy that uses longer
+ * authentication tags be used for SRTCP.  See Section 7.5 of RFC 3711
+ * (http://www.ietf.org/rfc/rfc3711.txt).
+ *
+ * @return void.
+ *
+ */
+void srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(srtp_crypto_policy_t *p);
+
+/**
+ * @brief srtp_crypto_policy_set_aes_cm_128_null_auth() sets a crypto
+ * policy structure to an encryption-only policy
+ *
+ * @param p is a pointer to the policy structure to be set
+ *
+ * The function call srtp_crypto_policy_set_aes_cm_128_null_auth(&p) sets
+ * the srtp_crypto_policy_t at location p to use the SRTP default cipher
+ * (AES-128 Counter Mode), but to use no authentication method.  This
+ * policy is NOT RECOMMENDED unless it is unavoidable; see Section 7.5
+ * of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt).
+ *
+ * This function is a convenience that helps to avoid dealing directly
+ * with the policy data structure.  You are encouraged to initialize
+ * policy elements with this function call.  Doing so may allow your
+ * code to be forward compatible with later versions of libSRTP that
+ * include more elements in the srtp_crypto_policy_t datatype.
+ *
+ * @warning This policy is NOT RECOMMENDED for SRTP unless it is
+ * unavoidable, and it is NOT RECOMMENDED at all for SRTCP; see
+ * Section 7.5 of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt).
+ *
+ * @return void.
+ *
+ */
+void srtp_crypto_policy_set_aes_cm_128_null_auth(srtp_crypto_policy_t *p);
+
+/**
+ * @brief srtp_crypto_policy_set_null_cipher_hmac_sha1_80() sets a crypto
+ * policy structure to an authentication-only policy
+ *
+ * @param p is a pointer to the policy structure to be set
+ *
+ * The function call srtp_crypto_policy_set_null_cipher_hmac_sha1_80(&p)
+ * sets the srtp_crypto_policy_t at location p to use HMAC-SHA1 with an 80
+ * bit authentication tag to provide message authentication, but to
+ * use no encryption.  This policy is NOT RECOMMENDED for SRTP unless
+ * there is a requirement to forego encryption.
+ *
+ * This function is a convenience that helps to avoid dealing directly
+ * with the policy data structure.  You are encouraged to initialize
+ * policy elements with this function call.  Doing so may allow your
+ * code to be forward compatible with later versions of libSRTP that
+ * include more elements in the srtp_crypto_policy_t datatype.
+ *
+ * @warning This policy is NOT RECOMMENDED for SRTP unless there is a
+ * requirement to forego encryption.
+ *
+ * @return void.
+ *
+ */
+void srtp_crypto_policy_set_null_cipher_hmac_sha1_80(srtp_crypto_policy_t *p);
+
+/**
+ * @brief srtp_crypto_policy_set_null_cipher_hmac_null() sets a crypto
+ * policy structure to use no encryption or authentication.
+ *
+ * @param p is a pointer to the policy structure to be set
+ *
+ * The function call srtp_crypto_policy_set_null_cipher_hmac_null(&p)
+ * sets the srtp_crypto_policy_t at location p to use no encryption and
+ * no authentication.  This policy should only be used for testing and
+ * troubleshootingl.
+ *
+ * This function is a convenience that helps to avoid dealing directly
+ * with the policy data structure.  You are encouraged to initialize
+ * policy elements with this function call.  Doing so may allow your
+ * code to be forward compatible with later versions of libSRTP that
+ * include more elements in the srtp_crypto_policy_t datatype.
+ *
+ * @warning This policy is NOT RECOMMENDED for SRTP unless there is a
+ * requirement to forego encryption and authentication.
+ *
+ * @return void.
+ *
+ */
+void srtp_crypto_policy_set_null_cipher_hmac_null(srtp_crypto_policy_t *p);
+
+/**
+ * @brief srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80() sets a crypto
+ * policy structure to a encryption and authentication policy using AES-256
+ * for RTP protection.
+ *
+ * @param p is a pointer to the policy structure to be set
+ *
+ * The function call srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(&p)
+ * sets the srtp_crypto_policy_t at location p to use policy
+ * AES_CM_256_HMAC_SHA1_80 as defined in RFC 6188.  This policy uses AES-256
+ * Counter Mode encryption and HMAC-SHA1 authentication, with an 80 bit
+ * authentication tag.
+ *
+ * This function is a convenience that helps to avoid dealing directly
+ * with the policy data structure.  You are encouraged to initialize
+ * policy elements with this function call.  Doing so may allow your
+ * code to be forward compatible with later versions of libSRTP that
+ * include more elements in the srtp_crypto_policy_t datatype.
+ *
+ * @return void.
+ *
+ */
+void srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(srtp_crypto_policy_t *p);
+
+/**
+ * @brief srtp_crypto_policy_set_aes_cm_256_hmac_sha1_32() sets a crypto
+ * policy structure to a short-authentication tag policy using AES-256
+ * encryption.
+ *
+ * @param p is a pointer to the policy structure to be set
+ *
+ * The function call srtp_crypto_policy_set_aes_cm_256_hmac_sha1_32(&p)
+ * sets the srtp_crypto_policy_t at location p to use policy
+ * AES_CM_256_HMAC_SHA1_32 as defined in RFC 6188.  This policy uses AES-256
+ * Counter Mode encryption and HMAC-SHA1 authentication, with an
+ * authentication tag that is only 32 bits long.  This length is
+ * considered adequate only for protecting audio and video media that
+ * use a stateless playback function.  See Section 7.5 of RFC 3711
+ * (http://www.ietf.org/rfc/rfc3711.txt).
+ *
+ * This function is a convenience that helps to avoid dealing directly
+ * with the policy data structure.  You are encouraged to initialize
+ * policy elements with this function call.  Doing so may allow your
+ * code to be forward compatible with later versions of libSRTP that
+ * include more elements in the srtp_crypto_policy_t datatype.
+ *
+ * @warning This crypto policy is intended for use in SRTP, but not in
+ * SRTCP.  It is recommended that a policy that uses longer
+ * authentication tags be used for SRTCP.  See Section 7.5 of RFC 3711
+ * (http://www.ietf.org/rfc/rfc3711.txt).
+ *
+ * @return void.
+ *
+ */
+void srtp_crypto_policy_set_aes_cm_256_hmac_sha1_32(srtp_crypto_policy_t *p);
+
+/**
+ * @brief srtp_crypto_policy_set_aes_cm_256_null_auth() sets a crypto
+ * policy structure to an encryption-only policy
+ *
+ * @param p is a pointer to the policy structure to be set
+ *
+ * The function call srtp_crypto_policy_set_aes_cm_256_null_auth(&p) sets
+ * the srtp_crypto_policy_t at location p to use the SRTP default cipher
+ * (AES-256 Counter Mode), but to use no authentication method.  This
+ * policy is NOT RECOMMENDED unless it is unavoidable; see Section 7.5
+ * of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt).
+ *
+ * This function is a convenience that helps to avoid dealing directly
+ * with the policy data structure.  You are encouraged to initialize
+ * policy elements with this function call.  Doing so may allow your
+ * code to be forward compatible with later versions of libSRTP that
+ * include more elements in the srtp_crypto_policy_t datatype.
+ *
+ * @warning This policy is NOT RECOMMENDED for SRTP unless it is
+ * unavoidable, and it is NOT RECOMMENDED at all for SRTCP; see
+ * Section 7.5 of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt).
+ *
+ * @return void.
+ *
+ */
+void srtp_crypto_policy_set_aes_cm_256_null_auth(srtp_crypto_policy_t *p);
+
+/**
+ * @brief srtp_crypto_policy_set_aes_cm_192_hmac_sha1_80() sets a crypto
+ * policy structure to a encryption and authentication policy using AES-192
+ * for RTP protection.
+ *
+ * @param p is a pointer to the policy structure to be set
+ *
+ * The function call srtp_crypto_policy_set_aes_cm_192_hmac_sha1_80(&p)
+ * sets the srtp_crypto_policy_t at location p to use policy
+ * AES_CM_192_HMAC_SHA1_80 as defined in RFC 6188.  This policy uses AES-192
+ * Counter Mode encryption and HMAC-SHA1 authentication, with an 80 bit
+ * authentication tag.
+ *
+ * This function is a convenience that helps to avoid dealing directly
+ * with the policy data structure.  You are encouraged to initialize
+ * policy elements with this function call.  Doing so may allow your
+ * code to be forward compatible with later versions of libSRTP that
+ * include more elements in the srtp_crypto_policy_t datatype.
+ *
+ * @return void.
+ *
+ */
+void srtp_crypto_policy_set_aes_cm_192_hmac_sha1_80(srtp_crypto_policy_t *p);
+
+/**
+ * @brief srtp_crypto_policy_set_aes_cm_192_hmac_sha1_32() sets a crypto
+ * policy structure to a short-authentication tag policy using AES-192
+ * encryption.
+ *
+ * @param p is a pointer to the policy structure to be set
+ *
+ * The function call srtp_crypto_policy_set_aes_cm_192_hmac_sha1_32(&p)
+ * sets the srtp_crypto_policy_t at location p to use policy
+ * AES_CM_192_HMAC_SHA1_32 as defined in RFC 6188.  This policy uses AES-192
+ * Counter Mode encryption and HMAC-SHA1 authentication, with an
+ * authentication tag that is only 32 bits long.  This length is
+ * considered adequate only for protecting audio and video media that
+ * use a stateless playback function.  See Section 7.5 of RFC 3711
+ * (http://www.ietf.org/rfc/rfc3711.txt).
+ *
+ * This function is a convenience that helps to avoid dealing directly
+ * with the policy data structure.  You are encouraged to initialize
+ * policy elements with this function call.  Doing so may allow your
+ * code to be forward compatible with later versions of libSRTP that
+ * include more elements in the srtp_crypto_policy_t datatype.
+ *
+ * @warning This crypto policy is intended for use in SRTP, but not in
+ * SRTCP.  It is recommended that a policy that uses longer
+ * authentication tags be used for SRTCP.  See Section 7.5 of RFC 3711
+ * (http://www.ietf.org/rfc/rfc3711.txt).
+ *
+ * @return void.
+ *
+ */
+void srtp_crypto_policy_set_aes_cm_192_hmac_sha1_32(srtp_crypto_policy_t *p);
+
+/**
+ * @brief srtp_crypto_policy_set_aes_cm_192_null_auth() sets a crypto
+ * policy structure to an encryption-only policy
+ *
+ * @param p is a pointer to the policy structure to be set
+ *
+ * The function call srtp_crypto_policy_set_aes_cm_192_null_auth(&p) sets
+ * the srtp_crypto_policy_t at location p to use the SRTP default cipher
+ * (AES-192 Counter Mode), but to use no authentication method.  This
+ * policy is NOT RECOMMENDED unless it is unavoidable; see Section 7.5
+ * of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt).
+ *
+ * This function is a convenience that helps to avoid dealing directly
+ * with the policy data structure.  You are encouraged to initialize
+ * policy elements with this function call.  Doing so may allow your
+ * code to be forward compatible with later versions of libSRTP that
+ * include more elements in the srtp_crypto_policy_t datatype.
+ *
+ * @warning This policy is NOT RECOMMENDED for SRTP unless it is
+ * unavoidable, and it is NOT RECOMMENDED at all for SRTCP; see
+ * Section 7.5 of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt).
+ *
+ * @return void.
+ *
+ */
+void srtp_crypto_policy_set_aes_cm_192_null_auth(srtp_crypto_policy_t *p);
+
+/**
+ * @brief srtp_crypto_policy_set_aes_gcm_128_8_auth() sets a crypto
+ * policy structure to an AEAD encryption policy.
+ *
+ * @param p is a pointer to the policy structure to be set
+ *
+ * The function call srtp_crypto_policy_set_aes_gcm_128_8_auth(&p) sets
+ * the srtp_crypto_policy_t at location p to use the SRTP default cipher
+ * (AES-128 Galois Counter Mode) with 8 octet auth tag.  This
+ * policy applies confidentiality and authentication to both the
+ * RTP and RTCP packets.
+ *
+ * This function is a convenience that helps to avoid dealing directly
+ * with the policy data structure.  You are encouraged to initialize
+ * policy elements with this function call.  Doing so may allow your
+ * code to be forward compatible with later versions of libSRTP that
+ * include more elements in the srtp_crypto_policy_t datatype.
+ *
+ * @return void.
+ *
+ */
+void srtp_crypto_policy_set_aes_gcm_128_8_auth(srtp_crypto_policy_t *p);
+
+/**
+ * @brief srtp_crypto_policy_set_aes_gcm_256_8_auth() sets a crypto
+ * policy structure to an AEAD encryption policy
+ *
+ * @param p is a pointer to the policy structure to be set
+ *
+ * The function call srtp_crypto_policy_set_aes_gcm_256_8_auth(&p) sets
+ * the srtp_crypto_policy_t at location p to use the SRTP default cipher
+ * (AES-256 Galois Counter Mode) with 8 octet auth tag.  This
+ * policy applies confidentiality and authentication to both the
+ * RTP and RTCP packets.
+ *
+ * This function is a convenience that helps to avoid dealing directly
+ * with the policy data structure.  You are encouraged to initialize
+ * policy elements with this function call.  Doing so may allow your
+ * code to be forward compatible with later versions of libSRTP that
+ * include more elements in the srtp_crypto_policy_t datatype.
+ *
+ * @return void.
+ *
+ */
+void srtp_crypto_policy_set_aes_gcm_256_8_auth(srtp_crypto_policy_t *p);
+
+/**
+ * @brief srtp_crypto_policy_set_aes_gcm_128_8_only_auth() sets a crypto
+ * policy structure to an AEAD authentication-only policy
+ *
+ * @param p is a pointer to the policy structure to be set
+ *
+ * The function call srtp_crypto_policy_set_aes_gcm_128_8_only_auth(&p) sets
+ * the srtp_crypto_policy_t at location p to use the SRTP default cipher
+ * (AES-128 Galois Counter Mode) with 8 octet auth tag.  This policy
+ * applies confidentiality and authentication to the RTP packets,
+ * but only authentication to the RTCP packets.
+ *
+ * This function is a convenience that helps to avoid dealing directly
+ * with the policy data structure.  You are encouraged to initialize
+ * policy elements with this function call.  Doing so may allow your
+ * code to be forward compatible with later versions of libSRTP that
+ * include more elements in the srtp_crypto_policy_t datatype.
+ *
+ * @return void.
+ *
+ */
+void srtp_crypto_policy_set_aes_gcm_128_8_only_auth(srtp_crypto_policy_t *p);
+
+/**
+ * @brief srtp_crypto_policy_set_aes_gcm_256_8_only_auth() sets a crypto
+ * policy structure to an AEAD authentication-only policy
+ *
+ * @param p is a pointer to the policy structure to be set
+ *
+ * The function call srtp_crypto_policy_set_aes_gcm_256_8_only_auth(&p) sets
+ * the srtp_crypto_policy_t at location p to use the SRTP default cipher
+ * (AES-256 Galois Counter Mode) with 8 octet auth tag.  This policy
+ * applies confidentiality and authentication to the RTP packets,
+ * but only authentication to the RTCP packets.
+ *
+ * This function is a convenience that helps to avoid dealing directly
+ * with the policy data structure.  You are encouraged to initialize
+ * policy elements with this function call.  Doing so may allow your
+ * code to be forward compatible with later versions of libSRTP that
+ * include more elements in the srtp_crypto_policy_t datatype.
+ *
+ * @return void.
+ *
+ */
+void srtp_crypto_policy_set_aes_gcm_256_8_only_auth(srtp_crypto_policy_t *p);
+
+/**
+ * @brief srtp_crypto_policy_set_aes_gcm_128_16_auth() sets a crypto
+ * policy structure to an AEAD encryption policy.
+ *
+ * @param p is a pointer to the policy structure to be set
+ *
+ * The function call srtp_crypto_policy_set_aes_gcm_128_16_auth(&p) sets
+ * the srtp_crypto_policy_t at location p to use the SRTP default cipher
+ * (AES-128 Galois Counter Mode) with 16 octet auth tag.  This
+ * policy applies confidentiality and authentication to both the
+ * RTP and RTCP packets.
+ *
+ * This function is a convenience that helps to avoid dealing directly
+ * with the policy data structure.  You are encouraged to initialize
+ * policy elements with this function call.  Doing so may allow your
+ * code to be forward compatible with later versions of libSRTP that
+ * include more elements in the srtp_crypto_policy_t datatype.
+ *
+ * @return void.
+ *
+ */
+void srtp_crypto_policy_set_aes_gcm_128_16_auth(srtp_crypto_policy_t *p);
+
+/**
+ * @brief srtp_crypto_policy_set_aes_gcm_256_16_auth() sets a crypto
+ * policy structure to an AEAD encryption policy
+ *
+ * @param p is a pointer to the policy structure to be set
+ *
+ * The function call srtp_crypto_policy_set_aes_gcm_256_16_auth(&p) sets
+ * the srtp_crypto_policy_t at location p to use the SRTP default cipher
+ * (AES-256 Galois Counter Mode) with 16 octet auth tag.  This
+ * policy applies confidentiality and authentication to both the
+ * RTP and RTCP packets.
+ *
+ * This function is a convenience that helps to avoid dealing directly
+ * with the policy data structure.  You are encouraged to initialize
+ * policy elements with this function call.  Doing so may allow your
+ * code to be forward compatible with later versions of libSRTP that
+ * include more elements in the srtp_crypto_policy_t datatype.
+ *
+ * @return void.
+ *
+ */
+void srtp_crypto_policy_set_aes_gcm_256_16_auth(srtp_crypto_policy_t *p);
+
+/**
+ * @brief srtp_dealloc() deallocates storage for an SRTP session
+ * context.
+ *
+ * The function call srtp_dealloc(s) deallocates storage for the
+ * SRTP session context s.  This function should be called no more
+ * than one time for each of the contexts allocated by the function
+ * srtp_create().
+ *
+ * @param s is the srtp_t for the session to be deallocated.
+ *
+ * @return
+ *    - srtp_err_status_ok             if there no problems.
+ *    - srtp_err_status_dealloc_fail   a memory deallocation failure occured.
+ */
+srtp_err_status_t srtp_dealloc(srtp_t s);
+
+/*
+ * @brief identifies a particular SRTP profile
+ *
+ * An srtp_profile_t enumeration is used to identify a particular SRTP
+ * profile (that is, a set of algorithms and parameters). These profiles
+ * are defined for DTLS-SRTP:
+ * https://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml
+ */
+typedef enum {
+    srtp_profile_reserved = 0,
+    srtp_profile_aes128_cm_sha1_80 = 1,
+    srtp_profile_aes128_cm_sha1_32 = 2,
+    srtp_profile_null_sha1_80 = 5,
+    srtp_profile_null_sha1_32 = 6,
+    srtp_profile_aead_aes_128_gcm = 7,
+    srtp_profile_aead_aes_256_gcm = 8,
+} srtp_profile_t;
+
+/**
+ * @brief srtp_crypto_policy_set_from_profile_for_rtp() sets a crypto policy
+ * structure to the appropriate value for RTP based on an srtp_profile_t
+ *
+ * @param policy is a pointer to the policy structure to be set
+ *
+ * @param profile is an enumeration for the policy to be set
+ *
+ * The function call srtp_crypto_policy_set_rtp_default(&policy, profile)
+ * sets the srtp_crypto_policy_t at location policy to the policy for RTP
+ * protection, as defined by the srtp_profile_t profile.
+ *
+ * This function is a convenience that helps to avoid dealing directly
+ * with the policy data structure.  You are encouraged to initialize
+ * policy elements with this function call.  Doing so may allow your
+ * code to be forward compatible with later versions of libSRTP that
+ * include more elements in the srtp_crypto_policy_t datatype.
+ *
+ * @return values
+ *     - srtp_err_status_ok         no problems were encountered
+ *     - srtp_err_status_bad_param  the profile is not supported
+ *
+ */
+srtp_err_status_t srtp_crypto_policy_set_from_profile_for_rtp(
+    srtp_crypto_policy_t *policy,
+    srtp_profile_t profile);
+
+/**
+ * @brief srtp_crypto_policy_set_from_profile_for_rtcp() sets a crypto policy
+ * structure to the appropriate value for RTCP based on an srtp_profile_t
+ *
+ * @param policy is a pointer to the policy structure to be set
+ *
+ * @param profile is an enumeration for the policy to be set
+ *
+ * The function call srtp_crypto_policy_set_rtcp_default(&policy, profile)
+ * sets the srtp_crypto_policy_t at location policy to the policy for RTCP
+ * protection, as defined by the srtp_profile_t profile.
+ *
+ * This function is a convenience that helps to avoid dealing directly
+ * with the policy data structure.  You are encouraged to initialize
+ * policy elements with this function call.  Doing so may allow your
+ * code to be forward compatible with later versions of libSRTP that
+ * include more elements in the srtp_crypto_policy_t datatype.
+ *
+ * @return values
+ *     - srtp_err_status_ok         no problems were encountered
+ *     - srtp_err_status_bad_param  the profile is not supported
+ *
+ */
+srtp_err_status_t srtp_crypto_policy_set_from_profile_for_rtcp(
+    srtp_crypto_policy_t *policy,
+    srtp_profile_t profile);
+
+/**
+ * @brief returns the master key length for a given SRTP profile
+ */
+unsigned int srtp_profile_get_master_key_length(srtp_profile_t profile);
+
+/**
+ * @brief returns the master salt length for a given SRTP profile
+ */
+unsigned int srtp_profile_get_master_salt_length(srtp_profile_t profile);
+
+/**
+ * @brief appends the salt to the key
+ *
+ * The function call srtp_append_salt_to_key(k, klen, s, slen)
+ * copies the string s to the location at klen bytes following
+ * the location k.
+ *
+ * @warning There must be at least bytes_in_salt + bytes_in_key bytes
+ *          available at the location pointed to by key.
+ *
+ */
+void srtp_append_salt_to_key(unsigned char *key,
+                             unsigned int bytes_in_key,
+                             unsigned char *salt,
+                             unsigned int bytes_in_salt);
+
+/**
+ * @}
+ */
+
+/**
+ * @defgroup SRTCP Secure RTCP
+ * @ingroup  SRTP
+ *
+ * @brief Secure RTCP functions are used to protect RTCP traffic.
+ *
+ * RTCP is the control protocol for RTP.  libSRTP protects RTCP
+ * traffic in much the same way as it does RTP traffic.  The function
+ * srtp_protect_rtcp() applies cryptographic protections to outbound
+ * RTCP packets, and srtp_unprotect_rtcp() verifies the protections on
+ * inbound RTCP packets.
+ *
+ * A note on the naming convention: srtp_protect_rtcp() has an srtp_t
+ * as its first argument, and thus has `srtp_' as its prefix.  The
+ * trailing `_rtcp' indicates the protocol on which it acts.
+ *
+ * @{
+ */
+
+/**
+ * @brief srtp_protect_rtcp() is the Secure RTCP sender-side packet
+ * processing function.
+ *
+ * The function call srtp_protect_rtcp(ctx, rtp_hdr, len_ptr) applies
+ * SRTCP protection to the RTCP packet rtcp_hdr (which has length
+ * *len_ptr) using the SRTP session context ctx.  If srtp_err_status_ok is
+ * returned, then rtp_hdr points to the resulting SRTCP packet and
+ * *len_ptr is the number of octets in that packet; otherwise, no
+ * assumptions should be made about the value of either data elements.
+ *
+ * @warning This function assumes that it can write the authentication
+ * tag into the location in memory immediately following the RTCP
+ * packet, and assumes that the RTCP packet is aligned on a 32-bit
+ * boundary.
+ *
+ * @warning This function assumes that it can write SRTP_MAX_TRAILER_LEN+4
+ * into the location in memory immediately following the RTCP packet.
+ * Callers MUST ensure that this much writable memory is available in
+ * the buffer that holds the RTCP packet.
+ *
+ * @param ctx is the SRTP context to use in processing the packet.
+ *
+ * @param rtcp_hdr is a pointer to the RTCP packet (before the call); after
+ * the function returns, it points to the srtp packet.
+ *
+ * @param pkt_octet_len is a pointer to the length in octets of the
+ * complete RTCP packet (header and body) before the function call,
+ * and of the complete SRTCP packet after the call, if srtp_err_status_ok
+ * was returned.  Otherwise, the value of the data to which it points
+ * is undefined.
+ *
+ * @return
+ *    - srtp_err_status_ok            if there were no problems.
+ *    - [other]                  if there was a failure in
+ *                               the cryptographic mechanisms.
+ */
+srtp_err_status_t srtp_protect_rtcp(srtp_t ctx,
+                                    void *rtcp_hdr,
+                                    int *pkt_octet_len);
+
+/**
+ * @brief srtp_protect_rtcp_mki() is the Secure RTCP sender-side packet
+ * processing function that can utilize mki.
+ *
+ * The function call srtp_protect_rtcp(ctx, rtp_hdr, len_ptr) applies
+ * SRTCP protection to the RTCP packet rtcp_hdr (which has length
+ * *len_ptr) using the SRTP session context ctx.  If srtp_err_status_ok is
+ * returned, then rtp_hdr points to the resulting SRTCP packet and
+ * *len_ptr is the number of octets in that packet; otherwise, no
+ * assumptions should be made about the value of either data elements.
+ *
+ * @warning This function assumes that it can write the authentication
+ * tag into the location in memory immediately following the RTCP
+ * packet, and assumes that the RTCP packet is aligned on a 32-bit
+ * boundary.
+ *
+ * @warning This function assumes that it can write SRTP_MAX_TRAILER_LEN+4
+ * into the location in memory immediately following the RTCP packet.
+ * Callers MUST ensure that this much writable memory is available in
+ * the buffer that holds the RTCP packet.
+ *
+ * @param ctx is the SRTP context to use in processing the packet.
+ *
+ * @param rtcp_hdr is a pointer to the RTCP packet (before the call); after
+ * the function returns, it points to the srtp packet.
+ *
+ * @param pkt_octet_len is a pointer to the length in octets of the
+ * complete RTCP packet (header and body) before the function call,
+ * and of the complete SRTCP packet after the call, if srtp_err_status_ok
+ * was returned.  Otherwise, the value of the data to which it points
+ * is undefined.
+ *
+ * @param use_mki is a boolean to tell the system if mki is being used.  If
+ * set to false then will use the first set of session keys.  If set to true
+ * will
+ * use the session keys identified by the mki_index
+ *
+ * @param mki_index integer value specifying which set of session kesy should be
+ * used if use_mki is set to true.
+ *
+ * @return
+ *    - srtp_err_status_ok            if there were no problems.
+ *    - [other]                  if there was a failure in
+ *                               the cryptographic mechanisms.
+ */
+srtp_err_status_t srtp_protect_rtcp_mki(srtp_t ctx,
+                                        void *rtcp_hdr,
+                                        int *pkt_octet_len,
+                                        unsigned int use_mki,
+                                        unsigned int mki_index);
+
+/**
+ * @brief srtp_unprotect_rtcp() is the Secure RTCP receiver-side packet
+ * processing function.
+ *
+ * The function call srtp_unprotect_rtcp(ctx, srtp_hdr, len_ptr)
+ * verifies the Secure RTCP protection of the SRTCP packet pointed to
+ * by srtcp_hdr (which has length *len_ptr), using the SRTP session
+ * context ctx.  If srtp_err_status_ok is returned, then srtcp_hdr points
+ * to the resulting RTCP packet and *len_ptr is the number of octets
+ * in that packet; otherwise, no assumptions should be made about the
+ * value of either data elements.
+ *
+ * @warning This function assumes that the SRTCP packet is aligned on a
+ * 32-bit boundary.
+ *
+ * @param ctx is a pointer to the srtp_t which applies to the
+ * particular packet.
+ *
+ * @param srtcp_hdr is a pointer to the header of the SRTCP packet
+ * (before the call).  After the function returns, it points to the
+ * rtp packet if srtp_err_status_ok was returned; otherwise, the value of
+ * the data to which it points is undefined.
+ *
+ * @param pkt_octet_len is a pointer to the length in octets of the
+ * complete SRTCP packet (header and body) before the function call,
+ * and of the complete rtp packet after the call, if srtp_err_status_ok was
+ * returned.  Otherwise, the value of the data to which it points is
+ * undefined.
+ *
+ * @return
+ *    - srtp_err_status_ok          if the RTCP packet is valid.
+ *    - srtp_err_status_auth_fail   if the SRTCP packet failed the message
+ *                             authentication check.
+ *    - srtp_err_status_replay_fail if the SRTCP packet is a replay (e.g. has
+ *                             already been processed and accepted).
+ *    - [other]  if there has been an error in the cryptographic mechanisms.
+ *
+ */
+srtp_err_status_t srtp_unprotect_rtcp(srtp_t ctx,
+                                      void *srtcp_hdr,
+                                      int *pkt_octet_len);
+
+/**
+ * @brief srtp_unprotect_rtcp() is the Secure RTCP receiver-side packet
+ * processing function.
+ *
+ * The function call srtp_unprotect_rtcp(ctx, srtp_hdr, len_ptr)
+ * verifies the Secure RTCP protection of the SRTCP packet pointed to
+ * by srtcp_hdr (which has length *len_ptr), using the SRTP session
+ * context ctx.  If srtp_err_status_ok is returned, then srtcp_hdr points
+ * to the resulting RTCP packet and *len_ptr is the number of octets
+ * in that packet; otherwise, no assumptions should be made about the
+ * value of either data elements.
+ *
+ * @warning This function assumes that the SRTCP packet is aligned on a
+ * 32-bit boundary.
+ *
+ * @param ctx is a pointer to the srtp_t which applies to the
+ * particular packet.
+ *
+ * @param srtcp_hdr is a pointer to the header of the SRTCP packet
+ * (before the call).  After the function returns, it points to the
+ * rtp packet if srtp_err_status_ok was returned; otherwise, the value of
+ * the data to which it points is undefined.
+ *
+ * @param pkt_octet_len is a pointer to the length in octets of the
+ * complete SRTCP packet (header and body) before the function call,
+ * and of the complete rtp packet after the call, if srtp_err_status_ok was
+ * returned.  Otherwise, the value of the data to which it points is
+ * undefined.
+ *
+ * @param use_mki is a boolean to tell the system if mki is being used.  If
+ * set to false then will use the first set of session keys.  If set to true
+ * will use the session keys identified by the mki_index
+ *
+ * @return
+ *    - srtp_err_status_ok          if the RTCP packet is valid.
+ *    - srtp_err_status_auth_fail   if the SRTCP packet failed the message
+ *                                  authentication check.
+ *    - srtp_err_status_replay_fail if the SRTCP packet is a replay (e.g. has
+ *                                  already been processed and accepted).
+ *    - srtp_err_status_bad_mki     if the MKI in the packet is not a known MKI
+ *                                  id
+ *    - [other]                     if there has been an error in the
+ *                                  cryptographic mechanisms.
+ *
+ */
+srtp_err_status_t srtp_unprotect_rtcp_mki(srtp_t ctx,
+                                          void *srtcp_hdr,
+                                          int *pkt_octet_len,
+                                          unsigned int use_mki);
+
+/**
+ * @}
+ */
+
+/**
+ * @defgroup User data associated to a SRTP session.
+ * @ingroup  SRTP
+ *
+ * @brief Store custom user data within a SRTP session.
+ *
+ * @{
+ */
+
+/**
+ * @brief srtp_set_user_data() stores the given pointer into the SRTP
+ * session for later retrieval.
+ *
+ * @param ctx is the srtp_t context in which the given data pointer is
+ * stored.
+ *
+ * @param data is a pointer to the custom information (struct, function,
+ * etc) associated with the SRTP session.
+ *
+ * @return void.
+ *
+ */
+void srtp_set_user_data(srtp_t ctx, void *data);
+
+/**
+ * @brief srtp_get_user_data() retrieves the pointer to the custom data
+ * previously stored with srtp_set_user_data().
+ *
+ * This function is mostly useful for retrieving data associated to a
+ * SRTP session when an event fires. The user can then get such a custom
+ * data by calling this function with the session field of the
+ * srtp_event_data_t struct as argument.
+ *
+ * @param ctx is the srtp_t context in which the given data pointer was
+ * stored.
+ *
+ * @return void* pointer to the user data.
+ *
+ */
+void *srtp_get_user_data(srtp_t ctx);
+
+/**
+ * @}
+ */
+
+/**
+ * @defgroup SRTPevents SRTP events and callbacks
+ * @ingroup  SRTP
+ *
+ * @brief libSRTP can use a user-provided callback function to
+ * handle events.
+ *
+ *
+ * libSRTP allows a user to provide a callback function to handle
+ * events that need to be dealt with outside of the data plane (see
+ * the enum srtp_event_t for a description of these events).  Dealing
+ * with these events is not a strict necessity; they are not
+ * security-critical, but the application may suffer if they are not
+ * handled.  The function srtp_set_event_handler() is used to provide
+ * the callback function.
+ *
+ * A default event handler that merely reports on the events as they
+ * happen is included.  It is also possible to set the event handler
+ * function to NULL, in which case all events will just be silently
+ * ignored.
+ *
+ * @{
+ */
+
+/**
+ * @brief srtp_event_t defines events that need to be handled
+ *
+ * The enum srtp_event_t defines events that need to be handled
+ * outside the `data plane', such as SSRC collisions and
+ * key expirations.
+ *
+ * When a key expires or the maximum number of packets has been
+ * reached, an SRTP stream will enter an `expired' state in which no
+ * more packets can be protected or unprotected.  When this happens,
+ * it is likely that you will want to either deallocate the stream
+ * (using srtp_remove_stream()), and possibly allocate a new one.
+ *
+ * When an SRTP stream expires, the other streams in the same session
+ * are unaffected, unless key sharing is used by that stream.  In the
+ * latter case, all of the streams in the session will expire.
+ */
+typedef enum {
+    event_ssrc_collision,    /**< An SSRC collision occured.            */
+    event_key_soft_limit,    /**< An SRTP stream reached the soft key   */
+                             /**< usage limit and will expire soon.     */
+    event_key_hard_limit,    /**< An SRTP stream reached the hard       */
+                             /**< key usage limit and has expired.      */
+    event_packet_index_limit /**< An SRTP stream reached the hard       */
+                             /**< packet limit (2^48 packets).          */
+} srtp_event_t;
+
+/**
+ * @brief srtp_event_data_t is the structure passed as a callback to
+ * the event handler function
+ *
+ * The struct srtp_event_data_t holds the data passed to the event
+ * handler function.
+ */
+typedef struct srtp_event_data_t {
+    srtp_t session;     /**< The session in which the event happend.        */
+    uint32_t ssrc;      /**< The ssrc in host order of the stream in which  */
+                        /**< the event happend                              */
+    srtp_event_t event; /**< An enum indicating the type of event.          */
+} srtp_event_data_t;
+
+/**
+ * @brief srtp_event_handler_func_t is the function prototype for
+ * the event handler.
+ *
+ * The typedef srtp_event_handler_func_t is the prototype for the
+ * event handler function.  It has as its only argument an
+ * srtp_event_data_t which describes the event that needs to be handled.
+ * There can only be a single, global handler for all events in
+ * libSRTP.
+ */
+typedef void(srtp_event_handler_func_t)(srtp_event_data_t *data);
+
+/**
+ * @brief sets the event handler to the function supplied by the caller.
+ *
+ * The function call srtp_install_event_handler(func) sets the event
+ * handler function to the value func.  The value NULL is acceptable
+ * as an argument; in this case, events will be ignored rather than
+ * handled.
+ *
+ * @param func is a pointer to a fuction that takes an srtp_event_data_t
+ *             pointer as an argument and returns void.  This function
+ *             will be used by libSRTP to handle events.
+ */
+srtp_err_status_t srtp_install_event_handler(srtp_event_handler_func_t func);
+
+/**
+ * @brief Returns the version string of the library.
+ *
+ */
+const char *srtp_get_version_string(void);
+
+/**
+ * @brief Returns the numeric representation of the library version.
+ *
+ */
+unsigned int srtp_get_version(void);
+
+/**
+ * @brief srtp_set_debug_module(mod_name, v)
+ *
+ * sets dynamic debugging to the value v (0 for off, 1 for on) for the
+ * debug module with the name mod_name
+ *
+ * returns err_status_ok on success, err_status_fail otherwise
+ */
+srtp_err_status_t srtp_set_debug_module(const char *mod_name, int v);
+
+/**
+ * @brief srtp_list_debug_modules() outputs a list of debugging modules
+ *
+ */
+srtp_err_status_t srtp_list_debug_modules(void);
+
+/**
+ * @brief srtp_log_level_t defines log levels.
+ *
+ * The enumeration srtp_log_level_t defines log levels reported
+ * in the srtp_log_handler_func_t.
+ *
+ */
+typedef enum {
+    srtp_log_level_error,   /**< log level is reporting an error message  */
+    srtp_log_level_warning, /**< log level is reporting a warning message */
+    srtp_log_level_info,    /**< log level is reporting an info message   */
+    srtp_log_level_debug    /**< log level is reporting a debug message   */
+} srtp_log_level_t;
+
+/**
+ * @brief srtp_log_handler_func_t is the function prototype for
+ * the log handler.
+ *
+ * The typedef srtp_event_handler_func_t is the prototype for the
+ * event handler function.  It has as srtp_log_level_t, log
+ * message and data as arguments.
+ * There can only be a single, global handler for all log messages in
+ * libSRTP.
+ */
+typedef void(srtp_log_handler_func_t)(srtp_log_level_t level,
+                                      const char *msg,
+                                      void *data);
+
+/**
+ * @brief sets the log handler to the function supplied by the caller.
+ *
+ * The function call srtp_install_log_handler(func) sets the log
+ * handler function to the value func.  The value NULL is acceptable
+ * as an argument; in this case, log messages will be ignored.
+ * This function can be called before srtp_init() inorder to capture
+ * any logging during start up.
+ *
+ * @param func is a pointer to a fuction of type srtp_log_handler_func_t.
+ *             This function will be used by libSRTP to output log messages.
+ * @param data is a user pointer that will be returned as the data argument in
+ * func.
+ */
+srtp_err_status_t srtp_install_log_handler(srtp_log_handler_func_t func,
+                                           void *data);
+
+/**
+ * @brief srtp_get_protect_trailer_length(session, use_mki, mki_index, length)
+ *
+ * Determines the length of the amount of data Lib SRTP will add to the
+ * packet during the protect process. The length is returned in the length
+ * parameter
+ *
+ * returns err_status_ok on success, err_status_bad_mki if the MKI index is
+ * invalid
+ *
+ */
+srtp_err_status_t srtp_get_protect_trailer_length(srtp_t session,
+                                                  uint32_t use_mki,
+                                                  uint32_t mki_index,
+                                                  uint32_t *length);
+
+/**
+ * @brief srtp_get_protect_rtcp_trailer_length(session, use_mki, mki_index,
+ * length)
+ *
+ * Determines the length of the amount of data Lib SRTP will add to the
+ * packet during the protect process. The length is returned in the length
+ * parameter
+ *
+ * returns err_status_ok on success, err_status_bad_mki if the MKI index is
+ * invalid
+ *
+ */
+srtp_err_status_t srtp_get_protect_rtcp_trailer_length(srtp_t session,
+                                                       uint32_t use_mki,
+                                                       uint32_t mki_index,
+                                                       uint32_t *length);
+
+/**
+ * @brief srtp_set_stream_roc(session, ssrc, roc)
+ *
+ * Set the roll-over-counter on a session for a given SSRC
+ *
+ * returns err_status_ok on success, srtp_err_status_bad_param if there is no
+ * stream found
+ *
+ */
+srtp_err_status_t srtp_set_stream_roc(srtp_t session,
+                                      uint32_t ssrc,
+                                      uint32_t roc);
+
+/**
+ * @brief srtp_get_stream_roc(session, ssrc, roc)
+ *
+ * Get the roll-over-counter on a session for a given SSRC
+ *
+ * returns err_status_ok on success, srtp_err_status_bad_param if there is no
+ * stream found
+ *
+ */
+srtp_err_status_t srtp_get_stream_roc(srtp_t session,
+                                      uint32_t ssrc,
+                                      uint32_t *roc);
+
+/**
+ * @}
+ */
+
+/* in host order, so outside the #if */
+#define SRTCP_E_BIT 0x80000000
+
+/* for byte-access */
+#define SRTCP_E_BYTE_BIT 0x80
+#define SRTCP_INDEX_MASK 0x7fffffff
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* SRTP_SRTP_H */
diff --git a/trunk/3rdparty/libsrtp-2-fit/include/srtp_priv.h b/trunk/3rdparty/libsrtp-2-fit/include/srtp_priv.h
new file mode 100644
index 000000000..d449f2a4e
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/include/srtp_priv.h
@@ -0,0 +1,280 @@
+/*
+ * srtp_priv.h
+ *
+ * private internal data structures and functions for libSRTP
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ */
+/*
+ *
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef SRTP_PRIV_H
+#define SRTP_PRIV_H
+
+// Leave this as the top level import. Ensures the existence of defines
+#include "config.h"
+
+#include "srtp.h"
+#include "rdbx.h"
+#include "rdb.h"
+#include "integers.h"
+#include "cipher.h"
+#include "auth.h"
+#include "aes.h"
+#include "key.h"
+#include "crypto_kernel.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define SRTP_VER_STRING PACKAGE_STRING
+#define SRTP_VERSION PACKAGE_VERSION
+
+typedef struct srtp_stream_ctx_t_ srtp_stream_ctx_t;
+typedef srtp_stream_ctx_t *srtp_stream_t;
+
+/*
+ * the following declarations are libSRTP internal functions
+ */
+
+/*
+ * srtp_get_stream(ssrc) returns a pointer to the stream corresponding
+ * to ssrc, or NULL if no stream exists for that ssrc
+ */
+srtp_stream_t srtp_get_stream(srtp_t srtp, uint32_t ssrc);
+
+/*
+ * srtp_stream_init_keys(s, k) (re)initializes the srtp_stream_t s by
+ * deriving all of the needed keys using the KDF and the key k.
+ */
+srtp_err_status_t srtp_stream_init_keys(srtp_stream_ctx_t *srtp,
+                                        srtp_master_key_t *master_key,
+                                        const unsigned int current_mki_index);
+
+/*
+ * srtp_stream_init_all_master_keys(s, k, m) (re)initializes the srtp_stream_t s
+ * by deriving all of the needed keys for all the master keys using the KDF and
+ * the keys from k.
+ */
+srtp_err_status_t srtp_steam_init_all_master_keys(
+    srtp_stream_ctx_t *srtp,
+    unsigned char *key,
+    srtp_master_key_t **keys,
+    const unsigned int max_master_keys);
+
+/*
+ * srtp_stream_init(s, p) initializes the srtp_stream_t s to
+ * use the policy at the location p
+ */
+srtp_err_status_t srtp_stream_init(srtp_stream_t srtp, const srtp_policy_t *p);
+
+/*
+ * libsrtp internal datatypes
+ */
+typedef enum direction_t {
+    dir_unknown = 0,
+    dir_srtp_sender = 1,
+    dir_srtp_receiver = 2
+} direction_t;
+
+/*
+ * srtp_session_keys_t will contain the encryption, hmac, salt keys
+ * for both SRTP and SRTCP.  The session keys will also contain the
+ * MKI ID which is used to identify the session keys.
+ */
+typedef struct srtp_session_keys_t {
+    srtp_cipher_t *rtp_cipher;
+    srtp_cipher_t *rtp_xtn_hdr_cipher;
+    srtp_auth_t *rtp_auth;
+    srtp_cipher_t *rtcp_cipher;
+    srtp_auth_t *rtcp_auth;
+    uint8_t salt[SRTP_AEAD_SALT_LEN];
+    uint8_t c_salt[SRTP_AEAD_SALT_LEN];
+    uint8_t *mki_id;
+    unsigned int mki_size;
+    srtp_key_limit_ctx_t *limit;
+} srtp_session_keys_t;
+
+/*
+ * an srtp_stream_t has its own SSRC, encryption key, authentication
+ * key, sequence number, and replay database
+ *
+ * note that the keys might not actually be unique, in which case the
+ * srtp_cipher_t and srtp_auth_t pointers will point to the same structures
+ */
+typedef struct srtp_stream_ctx_t_ {
+    uint32_t ssrc;
+    srtp_session_keys_t *session_keys;
+    unsigned int num_master_keys;
+    srtp_rdbx_t rtp_rdbx;
+    srtp_sec_serv_t rtp_services;
+    srtp_rdb_t rtcp_rdb;
+    srtp_sec_serv_t rtcp_services;
+    direction_t direction;
+    int allow_repeat_tx;
+    srtp_ekt_stream_t ekt;
+    int *enc_xtn_hdr;
+    int enc_xtn_hdr_count;
+    uint32_t pending_roc;
+    struct srtp_stream_ctx_t_ *next; /* linked list of streams */
+} strp_stream_ctx_t_;
+
+/*
+ * an srtp_ctx_t holds a stream list and a service description
+ */
+typedef struct srtp_ctx_t_ {
+    struct srtp_stream_ctx_t_ *stream_list;     /* linked list of streams     */
+    struct srtp_stream_ctx_t_ *stream_template; /* act as template for other  */
+                                                /* streams                    */
+    void *user_data;                            /* user custom data           */
+} srtp_ctx_t_;
+
+/*
+ * srtp_hdr_t represents an RTP or SRTP header.  The bit-fields in
+ * this structure should be declared "unsigned int" instead of
+ * "unsigned char", but doing so causes the MS compiler to not
+ * fully pack the bit fields.
+ *
+ * In this implementation, an srtp_hdr_t is assumed to be 32-bit aligned
+ *
+ * (note that this definition follows that of RFC 1889 Appendix A, but
+ * is not identical)
+ */
+
+#ifndef WORDS_BIGENDIAN
+
+typedef struct {
+    unsigned char cc : 4;      /* CSRC count             */
+    unsigned char x : 1;       /* header extension flag  */
+    unsigned char p : 1;       /* padding flag           */
+    unsigned char version : 2; /* protocol version       */
+    unsigned char pt : 7;      /* payload type           */
+    unsigned char m : 1;       /* marker bit             */
+    uint16_t seq;              /* sequence number        */
+    uint32_t ts;               /* timestamp              */
+    uint32_t ssrc;             /* synchronization source */
+} srtp_hdr_t;
+
+#else /*  BIG_ENDIAN */
+
+typedef struct {
+    unsigned char version : 2; /* protocol version       */
+    unsigned char p : 1;       /* padding flag           */
+    unsigned char x : 1;       /* header extension flag  */
+    unsigned char cc : 4;      /* CSRC count             */
+    unsigned char m : 1;       /* marker bit             */
+    unsigned char pt : 7;      /* payload type           */
+    uint16_t seq;              /* sequence number        */
+    uint32_t ts;               /* timestamp              */
+    uint32_t ssrc;             /* synchronization source */
+} srtp_hdr_t;
+
+#endif
+
+typedef struct {
+    uint16_t profile_specific; /* profile-specific info               */
+    uint16_t length;           /* number of 32-bit words in extension */
+} srtp_hdr_xtnd_t;
+
+/*
+ * srtcp_hdr_t represents a secure rtcp header
+ *
+ * in this implementation, an srtcp header is assumed to be 32-bit
+ * aligned
+ */
+
+#ifndef WORDS_BIGENDIAN
+
+typedef struct {
+    unsigned char rc : 5;      /* reception report count */
+    unsigned char p : 1;       /* padding flag           */
+    unsigned char version : 2; /* protocol version       */
+    unsigned char pt : 8;      /* payload type           */
+    uint16_t len;              /* length                 */
+    uint32_t ssrc;             /* synchronization source */
+} srtcp_hdr_t;
+
+typedef struct {
+    unsigned int index : 31; /* srtcp packet index in network order!  */
+    unsigned int e : 1;      /* encrypted? 1=yes                      */
+                             /* optional mikey/etc go here            */
+                             /* and then the variable-length auth tag */
+} srtcp_trailer_t;
+
+#else /*  BIG_ENDIAN */
+
+typedef struct {
+    unsigned char version : 2; /* protocol version       */
+    unsigned char p : 1;       /* padding flag           */
+    unsigned char rc : 5;      /* reception report count */
+    unsigned char pt : 8;      /* payload type           */
+    uint16_t len;              /* length                 */
+    uint32_t ssrc;             /* synchronization source */
+} srtcp_hdr_t;
+
+typedef struct {
+    unsigned int e : 1;      /* encrypted? 1=yes                      */
+    unsigned int index : 31; /* srtcp packet index                    */
+                             /* optional mikey/etc go here            */
+                             /* and then the variable-length auth tag */
+} srtcp_trailer_t;
+
+#endif
+
+/*
+ * srtp_handle_event(srtp, srtm, evnt) calls the event handling
+ * function, if there is one.
+ *
+ * This macro is not included in the documentation as it is
+ * an internal-only function.
+ */
+
+#define srtp_handle_event(srtp, strm, evnt)                                    \
+    if (srtp_event_handler) {                                                  \
+        srtp_event_data_t data;                                                \
+        data.session = srtp;                                                   \
+        data.ssrc = ntohl(strm->ssrc);                                         \
+        data.event = evnt;                                                     \
+        srtp_event_handler(&data);                                             \
+    }
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* SRTP_PRIV_H */
diff --git a/trunk/3rdparty/libsrtp-2-fit/include/ut_sim.h b/trunk/3rdparty/libsrtp-2-fit/include/ut_sim.h
new file mode 100644
index 000000000..e678b5fdf
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/include/ut_sim.h
@@ -0,0 +1,83 @@
+/*
+ * ut-sim.h
+ *
+ * an unreliable transport simulator
+ * (for testing replay databases and suchlike)
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ */
+
+/*
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef UT_SIM_H
+#define UT_SIM_H
+
+#include "integers.h" /* for uint32_t */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define UT_BUF 160 /* maximum amount of packet reorder */
+
+typedef struct {
+    uint32_t index;
+    uint32_t buffer[UT_BUF];
+} ut_connection;
+
+/*
+ * ut_init(&u) initializes the ut_connection
+ *
+ * this function should always be the first one called on a new
+ * ut_connection
+ */
+
+void ut_init(ut_connection *utc);
+
+/*
+ * ut_next_index(&u) returns the next index from the simulated
+ * unreliable connection
+ */
+
+uint32_t ut_next_index(ut_connection *utc);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* UT_SIM_H */
diff --git a/trunk/3rdparty/libsrtp-2-fit/install-sh b/trunk/3rdparty/libsrtp-2-fit/install-sh
new file mode 100755
index 000000000..0b0fdcbba
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/install-sh
@@ -0,0 +1,501 @@
+#!/bin/sh
+# install - install a program, script, or datafile
+
+scriptversion=2013-12-25.23; # UTC
+
+# This originates from X11R5 (mit/util/scripts/install.sh), which was
+# later released in X11R6 (xc/config/util/install.sh) with the
+# following copyright and license.
+#
+# Copyright (C) 1994 X Consortium
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
+# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
+# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+# Except as contained in this notice, the name of the X Consortium shall not
+# be used in advertising or otherwise to promote the sale, use or other deal-
+# ings in this Software without prior written authorization from the X Consor-
+# tium.
+#
+#
+# FSF changes to this file are in the public domain.
+#
+# Calling this script install-sh is preferred over install.sh, to prevent
+# 'make' implicit rules from creating a file called install from it
+# when there is no Makefile.
+#
+# This script is compatible with the BSD install script, but was written
+# from scratch.
+
+tab='	'
+nl='
+'
+IFS=" $tab$nl"
+
+# Set DOITPROG to "echo" to test this script.
+
+doit=${DOITPROG-}
+doit_exec=${doit:-exec}
+
+# Put in absolute file names if you don't have them in your path;
+# or use environment vars.
+
+chgrpprog=${CHGRPPROG-chgrp}
+chmodprog=${CHMODPROG-chmod}
+chownprog=${CHOWNPROG-chown}
+cmpprog=${CMPPROG-cmp}
+cpprog=${CPPROG-cp}
+mkdirprog=${MKDIRPROG-mkdir}
+mvprog=${MVPROG-mv}
+rmprog=${RMPROG-rm}
+stripprog=${STRIPPROG-strip}
+
+posix_mkdir=
+
+# Desired mode of installed file.
+mode=0755
+
+chgrpcmd=
+chmodcmd=$chmodprog
+chowncmd=
+mvcmd=$mvprog
+rmcmd="$rmprog -f"
+stripcmd=
+
+src=
+dst=
+dir_arg=
+dst_arg=
+
+copy_on_change=false
+is_target_a_directory=possibly
+
+usage="\
+Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
+   or: $0 [OPTION]... SRCFILES... DIRECTORY
+   or: $0 [OPTION]... -t DIRECTORY SRCFILES...
+   or: $0 [OPTION]... -d DIRECTORIES...
+
+In the 1st form, copy SRCFILE to DSTFILE.
+In the 2nd and 3rd, copy all SRCFILES to DIRECTORY.
+In the 4th, create DIRECTORIES.
+
+Options:
+     --help     display this help and exit.
+     --version  display version info and exit.
+
+  -c            (ignored)
+  -C            install only if different (preserve the last data modification time)
+  -d            create directories instead of installing files.
+  -g GROUP      $chgrpprog installed files to GROUP.
+  -m MODE       $chmodprog installed files to MODE.
+  -o USER       $chownprog installed files to USER.
+  -s            $stripprog installed files.
+  -t DIRECTORY  install into DIRECTORY.
+  -T            report an error if DSTFILE is a directory.
+
+Environment variables override the default commands:
+  CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG
+  RMPROG STRIPPROG
+"
+
+while test $# -ne 0; do
+  case $1 in
+    -c) ;;
+
+    -C) copy_on_change=true;;
+
+    -d) dir_arg=true;;
+
+    -g) chgrpcmd="$chgrpprog $2"
+        shift;;
+
+    --help) echo "$usage"; exit $?;;
+
+    -m) mode=$2
+        case $mode in
+          *' '* | *"$tab"* | *"$nl"* | *'*'* | *'?'* | *'['*)
+            echo "$0: invalid mode: $mode" >&2
+            exit 1;;
+        esac
+        shift;;
+
+    -o) chowncmd="$chownprog $2"
+        shift;;
+
+    -s) stripcmd=$stripprog;;
+
+    -t)
+        is_target_a_directory=always
+        dst_arg=$2
+        # Protect names problematic for 'test' and other utilities.
+        case $dst_arg in
+          -* | [=\(\)!]) dst_arg=./$dst_arg;;
+        esac
+        shift;;
+
+    -T) is_target_a_directory=never;;
+
+    --version) echo "$0 $scriptversion"; exit $?;;
+
+    --) shift
+        break;;
+
+    -*) echo "$0: invalid option: $1" >&2
+        exit 1;;
+
+    *)  break;;
+  esac
+  shift
+done
+
+# We allow the use of options -d and -T together, by making -d
+# take the precedence; this is for compatibility with GNU install.
+
+if test -n "$dir_arg"; then
+  if test -n "$dst_arg"; then
+    echo "$0: target directory not allowed when installing a directory." >&2
+    exit 1
+  fi
+fi
+
+if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then
+  # When -d is used, all remaining arguments are directories to create.
+  # When -t is used, the destination is already specified.
+  # Otherwise, the last argument is the destination.  Remove it from $@.
+  for arg
+  do
+    if test -n "$dst_arg"; then
+      # $@ is not empty: it contains at least $arg.
+      set fnord "$@" "$dst_arg"
+      shift # fnord
+    fi
+    shift # arg
+    dst_arg=$arg
+    # Protect names problematic for 'test' and other utilities.
+    case $dst_arg in
+      -* | [=\(\)!]) dst_arg=./$dst_arg;;
+    esac
+  done
+fi
+
+if test $# -eq 0; then
+  if test -z "$dir_arg"; then
+    echo "$0: no input file specified." >&2
+    exit 1
+  fi
+  # It's OK to call 'install-sh -d' without argument.
+  # This can happen when creating conditional directories.
+  exit 0
+fi
+
+if test -z "$dir_arg"; then
+  if test $# -gt 1 || test "$is_target_a_directory" = always; then
+    if test ! -d "$dst_arg"; then
+      echo "$0: $dst_arg: Is not a directory." >&2
+      exit 1
+    fi
+  fi
+fi
+
+if test -z "$dir_arg"; then
+  do_exit='(exit $ret); exit $ret'
+  trap "ret=129; $do_exit" 1
+  trap "ret=130; $do_exit" 2
+  trap "ret=141; $do_exit" 13
+  trap "ret=143; $do_exit" 15
+
+  # Set umask so as not to create temps with too-generous modes.
+  # However, 'strip' requires both read and write access to temps.
+  case $mode in
+    # Optimize common cases.
+    *644) cp_umask=133;;
+    *755) cp_umask=22;;
+
+    *[0-7])
+      if test -z "$stripcmd"; then
+        u_plus_rw=
+      else
+        u_plus_rw='% 200'
+      fi
+      cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;;
+    *)
+      if test -z "$stripcmd"; then
+        u_plus_rw=
+      else
+        u_plus_rw=,u+rw
+      fi
+      cp_umask=$mode$u_plus_rw;;
+  esac
+fi
+
+for src
+do
+  # Protect names problematic for 'test' and other utilities.
+  case $src in
+    -* | [=\(\)!]) src=./$src;;
+  esac
+
+  if test -n "$dir_arg"; then
+    dst=$src
+    dstdir=$dst
+    test -d "$dstdir"
+    dstdir_status=$?
+  else
+
+    # Waiting for this to be detected by the "$cpprog $src $dsttmp" command
+    # might cause directories to be created, which would be especially bad
+    # if $src (and thus $dsttmp) contains '*'.
+    if test ! -f "$src" && test ! -d "$src"; then
+      echo "$0: $src does not exist." >&2
+      exit 1
+    fi
+
+    if test -z "$dst_arg"; then
+      echo "$0: no destination specified." >&2
+      exit 1
+    fi
+    dst=$dst_arg
+
+    # If destination is a directory, append the input filename; won't work
+    # if double slashes aren't ignored.
+    if test -d "$dst"; then
+      if test "$is_target_a_directory" = never; then
+        echo "$0: $dst_arg: Is a directory" >&2
+        exit 1
+      fi
+      dstdir=$dst
+      dst=$dstdir/`basename "$src"`
+      dstdir_status=0
+    else
+      dstdir=`dirname "$dst"`
+      test -d "$dstdir"
+      dstdir_status=$?
+    fi
+  fi
+
+  obsolete_mkdir_used=false
+
+  if test $dstdir_status != 0; then
+    case $posix_mkdir in
+      '')
+        # Create intermediate dirs using mode 755 as modified by the umask.
+        # This is like FreeBSD 'install' as of 1997-10-28.
+        umask=`umask`
+        case $stripcmd.$umask in
+          # Optimize common cases.
+          *[2367][2367]) mkdir_umask=$umask;;
+          .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
+
+          *[0-7])
+            mkdir_umask=`expr $umask + 22 \
+              - $umask % 100 % 40 + $umask % 20 \
+              - $umask % 10 % 4 + $umask % 2
+            `;;
+          *) mkdir_umask=$umask,go-w;;
+        esac
+
+        # With -d, create the new directory with the user-specified mode.
+        # Otherwise, rely on $mkdir_umask.
+        if test -n "$dir_arg"; then
+          mkdir_mode=-m$mode
+        else
+          mkdir_mode=
+        fi
+
+        posix_mkdir=false
+        case $umask in
+          *[123567][0-7][0-7])
+            # POSIX mkdir -p sets u+wx bits regardless of umask, which
+            # is incompatible with FreeBSD 'install' when (umask & 300) != 0.
+            ;;
+          *)
+            tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
+            trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0
+
+            if (umask $mkdir_umask &&
+                exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1
+            then
+              if test -z "$dir_arg" || {
+                   # Check for POSIX incompatibilities with -m.
+                   # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
+                   # other-writable bit of parent directory when it shouldn't.
+                   # FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
+                   ls_ld_tmpdir=`ls -ld "$tmpdir"`
+                   case $ls_ld_tmpdir in
+                     d????-?r-*) different_mode=700;;
+                     d????-?--*) different_mode=755;;
+                     *) false;;
+                   esac &&
+                   $mkdirprog -m$different_mode -p -- "$tmpdir" && {
+                     ls_ld_tmpdir_1=`ls -ld "$tmpdir"`
+                     test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
+                   }
+                 }
+              then posix_mkdir=:
+              fi
+              rmdir "$tmpdir/d" "$tmpdir"
+            else
+              # Remove any dirs left behind by ancient mkdir implementations.
+              rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null
+            fi
+            trap '' 0;;
+        esac;;
+    esac
+
+    if
+      $posix_mkdir && (
+        umask $mkdir_umask &&
+        $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
+      )
+    then :
+    else
+
+      # The umask is ridiculous, or mkdir does not conform to POSIX,
+      # or it failed possibly due to a race condition.  Create the
+      # directory the slow way, step by step, checking for races as we go.
+
+      case $dstdir in
+        /*) prefix='/';;
+        [-=\(\)!]*) prefix='./';;
+        *)  prefix='';;
+      esac
+
+      oIFS=$IFS
+      IFS=/
+      set -f
+      set fnord $dstdir
+      shift
+      set +f
+      IFS=$oIFS
+
+      prefixes=
+
+      for d
+      do
+        test X"$d" = X && continue
+
+        prefix=$prefix$d
+        if test -d "$prefix"; then
+          prefixes=
+        else
+          if $posix_mkdir; then
+            (umask=$mkdir_umask &&
+             $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
+            # Don't fail if two instances are running concurrently.
+            test -d "$prefix" || exit 1
+          else
+            case $prefix in
+              *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
+              *) qprefix=$prefix;;
+            esac
+            prefixes="$prefixes '$qprefix'"
+          fi
+        fi
+        prefix=$prefix/
+      done
+
+      if test -n "$prefixes"; then
+        # Don't fail if two instances are running concurrently.
+        (umask $mkdir_umask &&
+         eval "\$doit_exec \$mkdirprog $prefixes") ||
+          test -d "$dstdir" || exit 1
+        obsolete_mkdir_used=true
+      fi
+    fi
+  fi
+
+  if test -n "$dir_arg"; then
+    { test -z "$chowncmd" || $doit $chowncmd "$dst"; } &&
+    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } &&
+    { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false ||
+      test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1
+  else
+
+    # Make a couple of temp file names in the proper directory.
+    dsttmp=$dstdir/_inst.$$_
+    rmtmp=$dstdir/_rm.$$_
+
+    # Trap to clean up those temp files at exit.
+    trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
+
+    # Copy the file name to the temp name.
+    (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") &&
+
+    # and set any options; do chmod last to preserve setuid bits.
+    #
+    # If any of these fail, we abort the whole thing.  If we want to
+    # ignore errors from any of these, just make sure not to ignore
+    # errors from the above "$doit $cpprog $src $dsttmp" command.
+    #
+    { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } &&
+    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } &&
+    { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } &&
+    { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } &&
+
+    # If -C, don't bother to copy if it wouldn't change the file.
+    if $copy_on_change &&
+       old=`LC_ALL=C ls -dlL "$dst"     2>/dev/null` &&
+       new=`LC_ALL=C ls -dlL "$dsttmp"  2>/dev/null` &&
+       set -f &&
+       set X $old && old=:$2:$4:$5:$6 &&
+       set X $new && new=:$2:$4:$5:$6 &&
+       set +f &&
+       test "$old" = "$new" &&
+       $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1
+    then
+      rm -f "$dsttmp"
+    else
+      # Rename the file to the real destination.
+      $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null ||
+
+      # The rename failed, perhaps because mv can't rename something else
+      # to itself, or perhaps because mv is so ancient that it does not
+      # support -f.
+      {
+        # Now remove or move aside any old file at destination location.
+        # We try this two ways since rm can't unlink itself on some
+        # systems and the destination file might be busy for other
+        # reasons.  In this case, the final cleanup might fail but the new
+        # file should still install successfully.
+        {
+          test ! -f "$dst" ||
+          $doit $rmcmd -f "$dst" 2>/dev/null ||
+          { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
+            { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
+          } ||
+          { echo "$0: cannot unlink or rename $dst" >&2
+            (exit 1); exit 1
+          }
+        } &&
+
+        # Now rename the file to the real destination.
+        $doit $mvcmd "$dsttmp" "$dst"
+      }
+    fi || exit 1
+
+    trap '' 0
+  fi
+done
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
+# End:
diff --git a/trunk/3rdparty/libsrtp-2-fit/install-win.bat b/trunk/3rdparty/libsrtp-2-fit/install-win.bat
new file mode 100644
index 000000000..a4fc0eb7a
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/install-win.bat
@@ -0,0 +1,35 @@
+:: Installs from srtp windows build directory to directory specified on
+:: command line
+
+
+@if "%1"=="" (
+	echo "Usage: %~nx0 destdir"
+	exit /b 1
+) else (
+	set destdir=%1
+)
+
+@if not exist %destdir% (
+   echo %destdir% not found
+   exit /b 1
+)
+
+@for %%d in (include\srtp.h crypto\include\cipher.h Debug\srtp2.lib Release\srtp2.lib x64\Debug\srtp2.lib x64\Release\srtp2.lib) do (
+	if not exist "%%d" (
+	   echo "%%d not found: are you in the right directory?"
+	   exit /b 1
+	)
+)
+
+mkdir %destdir%\include
+mkdir %destdir%\include\srtp2
+mkdir %destdir%\lib
+mkdir %destdir%\lib\x64
+
+@for %%d in (include\srtp.h include\ekt.h crypto\include\cipher.h crypto\include\auth.h crypto\include\crypto_types.h) do (
+	 copy %%d %destdir%\include\srtp2
+)
+copy Release\srtp2.lib %destdir%\lib\srtp2.lib
+copy Debug\srtp2.lib %destdir%\lib\srtp2d.lib
+copy x64\Release\srtp2.lib %destdir%\lib\x64\srtp2.lib
+copy x64\Debug\srtp2.lib %destdir%\lib\x64\srtp2d.lib
diff --git a/trunk/3rdparty/libsrtp-2-fit/libsrtp2.pc.in b/trunk/3rdparty/libsrtp-2-fit/libsrtp2.pc.in
new file mode 100644
index 000000000..fcb86528c
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/libsrtp2.pc.in
@@ -0,0 +1,11 @@
+prefix=@prefix@
+exec_prefix=@prefix@
+libdir=@libdir@
+includedir=@includedir@
+
+Name: @PACKAGE_NAME@
+Version: @PACKAGE_VERSION@
+Description: Library for SRTP (Secure Realtime Transport Protocol)
+
+Libs: -L${libdir} -lsrtp2 @LIBS@
+Cflags: -I${includedir}
diff --git a/trunk/3rdparty/libsrtp-2-fit/srtp/ekt.c b/trunk/3rdparty/libsrtp-2-fit/srtp/ekt.c
new file mode 100644
index 000000000..24af93bd9
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/srtp/ekt.c
@@ -0,0 +1,281 @@
+/*
+ * ekt.c
+ *
+ * Encrypted Key Transport for SRTP
+ *
+ * David McGrew
+ * Cisco Systems, Inc.
+ */
+/*
+ *
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include "srtp_priv.h"
+#include "err.h"
+#include "ekt.h"
+
+extern srtp_debug_module_t mod_srtp;
+
+/*
+ *  The EKT Authentication Tag format.
+ *
+ *    0                   1                   2                   3
+ *    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *   :                   Base Authentication Tag                     :
+ *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *   :                     Encrypted Master Key                      :
+ *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *   |                       Rollover Counter                        |
+ *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *   |    Initial Sequence Number    |   Security Parameter Index    |
+ *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *
+ */
+
+#define EKT_OCTETS_AFTER_BASE_TAG 24
+#define EKT_OCTETS_AFTER_EMK 8
+#define EKT_OCTETS_AFTER_ROC 4
+#define EKT_SPI_LEN 2
+
+unsigned srtp_ekt_octets_after_base_tag(srtp_ekt_stream_t ekt)
+{
+    /*
+     * if the pointer ekt is NULL, then EKT is not in effect, so we
+     * indicate this by returning zero
+     */
+    if (!ekt)
+        return 0;
+
+    switch (ekt->data->ekt_cipher_type) {
+    case SRTP_EKT_CIPHER_AES_128_ECB:
+        return 16 + EKT_OCTETS_AFTER_EMK;
+        break;
+    default:
+        break;
+    }
+    return 0;
+}
+
+static inline srtp_ekt_spi_t srtcp_packet_get_ekt_spi(
+    const uint8_t *packet_start,
+    unsigned pkt_octet_len)
+{
+    const uint8_t *spi_location;
+
+    spi_location = packet_start + (pkt_octet_len - EKT_SPI_LEN);
+
+    return *((const srtp_ekt_spi_t *)spi_location);
+}
+
+static inline uint32_t srtcp_packet_get_ekt_roc(const uint8_t *packet_start,
+                                                unsigned pkt_octet_len)
+{
+    const uint8_t *roc_location;
+
+    roc_location = packet_start + (pkt_octet_len - EKT_OCTETS_AFTER_ROC);
+
+    return *((const uint32_t *)roc_location);
+}
+
+static inline const uint8_t *srtcp_packet_get_emk_location(
+    const uint8_t *packet_start,
+    unsigned pkt_octet_len)
+{
+    const uint8_t *location;
+
+    location = packet_start + (pkt_octet_len - EKT_OCTETS_AFTER_BASE_TAG);
+
+    return location;
+}
+
+srtp_err_status_t srtp_ekt_alloc(srtp_ekt_stream_t *stream_data,
+                                 srtp_ekt_policy_t policy)
+{
+    /*
+     * if the policy pointer is NULL, then EKT is not in use
+     * so we just set the EKT stream data pointer to NULL
+     */
+    if (!policy) {
+        *stream_data = NULL;
+        return srtp_err_status_ok;
+    }
+
+    /* TODO */
+    *stream_data = NULL;
+
+    return srtp_err_status_ok;
+}
+
+srtp_err_status_t srtp_ekt_stream_init_from_policy(
+    srtp_ekt_stream_t stream_data,
+    srtp_ekt_policy_t policy)
+{
+    if (!stream_data)
+        return srtp_err_status_ok;
+
+    return srtp_err_status_ok;
+}
+
+void aes_decrypt_with_raw_key(void *ciphertext, const void *key, int key_len)
+{
+#ifndef GCM
+    // FIXME: need to get this working through the crypto module interface
+    srtp_aes_expanded_key_t expanded_key;
+
+    srtp_aes_expand_decryption_key(key, key_len, &expanded_key);
+    srtp_aes_decrypt(ciphertext, &expanded_key);
+#endif
+}
+
+/*
+ * The function srtp_stream_init_from_ekt() initializes a stream using
+ * the EKT data from an SRTCP trailer.
+ */
+
+srtp_err_status_t srtp_stream_init_from_ekt(srtp_stream_t stream,
+                                            const void *srtcp_hdr,
+                                            unsigned pkt_octet_len)
+{
+    srtp_err_status_t err;
+    const uint8_t *master_key;
+    srtp_policy_t srtp_policy;
+    uint32_t roc;
+
+    /*
+     * NOTE: at present, we only support a single ekt_policy at a time.
+     */
+    if (stream->ekt->data->spi !=
+        srtcp_packet_get_ekt_spi(srtcp_hdr, pkt_octet_len))
+        return srtp_err_status_no_ctx;
+
+    if (stream->ekt->data->ekt_cipher_type != SRTP_EKT_CIPHER_AES_128_ECB)
+        return srtp_err_status_bad_param;
+
+    /* decrypt the Encrypted Master Key field */
+    master_key = srtcp_packet_get_emk_location(srtcp_hdr, pkt_octet_len);
+    /* FIX!? This decrypts the master key in-place, and never uses it */
+    /* FIX!? It's also passing to ekt_dec_key (which is an aes_expanded_key_t)
+     * to a function which expects a raw (unexpanded) key */
+    aes_decrypt_with_raw_key((void *)master_key,
+                             &stream->ekt->data->ekt_dec_key, 16);
+
+    /* set the SRTP ROC */
+    roc = srtcp_packet_get_ekt_roc(srtcp_hdr, pkt_octet_len);
+    err = srtp_rdbx_set_roc(&stream->rtp_rdbx, roc);
+    if (err)
+        return err;
+
+    err = srtp_stream_init(stream, &srtp_policy);
+    if (err)
+        return err;
+
+    return srtp_err_status_ok;
+}
+
+void srtp_ekt_write_data(srtp_ekt_stream_t ekt,
+                         uint8_t *base_tag,
+                         unsigned base_tag_len,
+                         int *packet_len,
+                         srtp_xtd_seq_num_t pkt_index)
+{
+    uint32_t roc;
+    uint16_t isn;
+    unsigned emk_len;
+    uint8_t *packet;
+
+    /* if the pointer ekt is NULL, then EKT is not in effect */
+    if (!ekt) {
+        debug_print0(mod_srtp, "EKT not in use");
+        return;
+    }
+
+    /* write zeros into the location of the base tag */
+    octet_string_set_to_zero(base_tag, base_tag_len);
+    packet = base_tag + base_tag_len;
+
+    /* copy encrypted master key into packet */
+    emk_len = srtp_ekt_octets_after_base_tag(ekt);
+    memcpy(packet, ekt->encrypted_master_key, emk_len);
+    debug_print(mod_srtp, "writing EKT EMK: %s,",
+                srtp_octet_string_hex_string(packet, emk_len));
+    packet += emk_len;
+
+    /* copy ROC into packet */
+    roc = (uint32_t)(pkt_index >> 16);
+    *((uint32_t *)packet) = be32_to_cpu(roc);
+    debug_print(mod_srtp, "writing EKT ROC: %s,",
+                srtp_octet_string_hex_string(packet, sizeof(roc)));
+    packet += sizeof(roc);
+
+    /* copy ISN into packet */
+    isn = (uint16_t)pkt_index;
+    *((uint16_t *)packet) = htons(isn);
+    debug_print(mod_srtp, "writing EKT ISN: %s,",
+                srtp_octet_string_hex_string(packet, sizeof(isn)));
+    packet += sizeof(isn);
+
+    /* copy SPI into packet */
+    *((uint16_t *)packet) = htons(ekt->data->spi);
+    debug_print(mod_srtp, "writing EKT SPI: %s,",
+                srtp_octet_string_hex_string(packet, sizeof(ekt->data->spi)));
+
+    /* increase packet length appropriately */
+    *packet_len += EKT_OCTETS_AFTER_EMK + emk_len;
+}
+
+/*
+ * The function call srtcp_ekt_trailer(ekt, auth_len, auth_tag   )
+ *
+ * If the pointer ekt is NULL, then the other inputs are unaffected.
+ *
+ * auth_tag is a pointer to the pointer to the location of the
+ * authentication tag in the packet.  If EKT is in effect, then the
+ * auth_tag pointer is set to the location
+ */
+
+void srtcp_ekt_trailer(srtp_ekt_stream_t ekt,
+                       unsigned *auth_len,
+                       void **auth_tag,
+                       void *tag_copy)
+{
+    /*
+     * if there is no EKT policy, then the other inputs are unaffected
+     */
+    if (!ekt)
+        return;
+
+    /* copy auth_tag into temporary location */
+}
diff --git a/trunk/3rdparty/libsrtp-2-fit/srtp/srtp.c b/trunk/3rdparty/libsrtp-2-fit/srtp/srtp.c
new file mode 100644
index 000000000..b45cee0fa
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/srtp/srtp.c
@@ -0,0 +1,4727 @@
+/*
+ * srtp.c
+ *
+ * the secure real-time transport protocol
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ */
+/*
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+// Leave this as the top level import. Ensures the existence of defines
+#include "config.h"
+
+#include "srtp_priv.h"
+#include "crypto_types.h"
+#include "err.h"
+#include "ekt.h"   /* for SRTP Encrypted Key Transport */
+#include "alloc.h" /* for srtp_crypto_alloc() */
+
+#ifdef GCM
+#include "aes_gcm.h" /* for AES GCM mode */
+#endif
+
+#ifdef OPENSSL_KDF
+#include <openssl/kdf.h>
+#include "aes_icm_ext.h"
+#endif
+
+#include <limits.h>
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#elif defined(HAVE_WINSOCK2_H)
+#include <winsock2.h>
+#endif
+
+/* the debug module for srtp */
+srtp_debug_module_t mod_srtp = {
+    0,     /* debugging is off by default */
+    "srtp" /* printable name for module */
+};
+
+#define octets_in_rtp_header 12
+#define uint32s_in_rtp_header 3
+#define octets_in_rtcp_header 8
+#define uint32s_in_rtcp_header 2
+#define octets_in_rtp_extn_hdr 4
+
+static srtp_err_status_t srtp_validate_rtp_header(void *rtp_hdr,
+                                                  int *pkt_octet_len)
+{
+    srtp_hdr_t *hdr = (srtp_hdr_t *)rtp_hdr;
+    int rtp_header_len;
+
+    if (*pkt_octet_len < octets_in_rtp_header)
+        return srtp_err_status_bad_param;
+
+    /* Check RTP header length */
+    rtp_header_len = octets_in_rtp_header + 4 * hdr->cc;
+    if (hdr->x == 1)
+        rtp_header_len += octets_in_rtp_extn_hdr;
+
+    if (*pkt_octet_len < rtp_header_len)
+        return srtp_err_status_bad_param;
+
+    /* Verifing profile length. */
+    if (hdr->x == 1) {
+        srtp_hdr_xtnd_t *xtn_hdr =
+            (srtp_hdr_xtnd_t *)((uint32_t *)hdr + uint32s_in_rtp_header +
+                                hdr->cc);
+        int profile_len = ntohs(xtn_hdr->length);
+        rtp_header_len += profile_len * 4;
+        /* profile length counts the number of 32-bit words */
+        if (*pkt_octet_len < rtp_header_len)
+            return srtp_err_status_bad_param;
+    }
+    return srtp_err_status_ok;
+}
+
+const char *srtp_get_version_string()
+{
+    /*
+     * Simply return the autotools generated string
+     */
+    return SRTP_VER_STRING;
+}
+
+unsigned int srtp_get_version()
+{
+    unsigned int major = 0, minor = 0, micro = 0;
+    unsigned int rv = 0;
+    int parse_rv;
+
+    /*
+     * Parse the autotools generated version
+     */
+    parse_rv = sscanf(SRTP_VERSION, "%u.%u.%u", &major, &minor, &micro);
+    if (parse_rv != 3) {
+        /*
+         * We're expected to parse all 3 version levels.
+         * If not, then this must not be an official release.
+         * Return all zeros on the version
+         */
+        return (0);
+    }
+
+    /*
+     * We allow 8 bits for the major and minor, while
+     * allowing 16 bits for the micro.  16 bits for the micro
+     * may be beneficial for a continuous delivery model
+     * in the future.
+     */
+    rv |= (major & 0xFF) << 24;
+    rv |= (minor & 0xFF) << 16;
+    rv |= micro & 0xFF;
+    return rv;
+}
+
+srtp_err_status_t srtp_stream_dealloc(srtp_stream_ctx_t *stream,
+                                      const srtp_stream_ctx_t *stream_template)
+{
+    srtp_err_status_t status;
+    unsigned int i = 0;
+    srtp_session_keys_t *session_keys = NULL;
+    srtp_session_keys_t *template_session_keys = NULL;
+
+    /*
+     * we use a conservative deallocation strategy - if any deallocation
+     * fails, then we report that fact without trying to deallocate
+     * anything else
+     */
+    if (stream->session_keys) {
+        for (i = 0; i < stream->num_master_keys; i++) {
+            session_keys = &stream->session_keys[i];
+
+            if (stream_template &&
+                stream->num_master_keys == stream_template->num_master_keys) {
+                template_session_keys = &stream_template->session_keys[i];
+            } else {
+                template_session_keys = NULL;
+            }
+
+            /*
+            * deallocate cipher, if it is not the same as that in template
+            */
+            if (template_session_keys &&
+                session_keys->rtp_cipher == template_session_keys->rtp_cipher) {
+                /* do nothing */
+            } else if (session_keys->rtp_cipher) {
+                status = srtp_cipher_dealloc(session_keys->rtp_cipher);
+                if (status)
+                    return status;
+            }
+
+            /*
+             * deallocate auth function, if it is not the same as that in
+             * template
+             */
+            if (template_session_keys &&
+                session_keys->rtp_auth == template_session_keys->rtp_auth) {
+                /* do nothing */
+            } else if (session_keys->rtp_auth) {
+                status = srtp_auth_dealloc(session_keys->rtp_auth);
+                if (status)
+                    return status;
+            }
+
+            if (template_session_keys &&
+                session_keys->rtp_xtn_hdr_cipher ==
+                    template_session_keys->rtp_xtn_hdr_cipher) {
+                /* do nothing */
+            } else if (session_keys->rtp_xtn_hdr_cipher) {
+                status = srtp_cipher_dealloc(session_keys->rtp_xtn_hdr_cipher);
+                if (status)
+                    return status;
+            }
+
+            /*
+             * deallocate rtcp cipher, if it is not the same as that in
+             * template
+             */
+            if (template_session_keys &&
+                session_keys->rtcp_cipher ==
+                    template_session_keys->rtcp_cipher) {
+                /* do nothing */
+            } else if (session_keys->rtcp_cipher) {
+                status = srtp_cipher_dealloc(session_keys->rtcp_cipher);
+                if (status)
+                    return status;
+            }
+
+            /*
+             * deallocate rtcp auth function, if it is not the same as that in
+             * template
+             */
+            if (template_session_keys &&
+                session_keys->rtcp_auth == template_session_keys->rtcp_auth) {
+                /* do nothing */
+            } else if (session_keys->rtcp_auth) {
+                status = srtp_auth_dealloc(session_keys->rtcp_auth);
+                if (status)
+                    return status;
+            }
+
+            /*
+             * zeroize the salt value
+             */
+            octet_string_set_to_zero(session_keys->salt, SRTP_AEAD_SALT_LEN);
+            octet_string_set_to_zero(session_keys->c_salt, SRTP_AEAD_SALT_LEN);
+
+            if (session_keys->mki_id) {
+                octet_string_set_to_zero(session_keys->mki_id,
+                                         session_keys->mki_size);
+                srtp_crypto_free(session_keys->mki_id);
+                session_keys->mki_id = NULL;
+            }
+
+            /*
+             * deallocate key usage limit, if it is not the same as that in
+             * template
+             */
+            if (template_session_keys &&
+                session_keys->limit == template_session_keys->limit) {
+                /* do nothing */
+            } else if (session_keys->limit) {
+                srtp_crypto_free(session_keys->limit);
+            }
+        }
+        srtp_crypto_free(stream->session_keys);
+    }
+
+    status = srtp_rdbx_dealloc(&stream->rtp_rdbx);
+    if (status)
+        return status;
+
+    /* DAM - need to deallocate EKT here */
+
+    if (stream_template &&
+        stream->enc_xtn_hdr == stream_template->enc_xtn_hdr) {
+        /* do nothing */
+    } else if (stream->enc_xtn_hdr) {
+        srtp_crypto_free(stream->enc_xtn_hdr);
+    }
+
+    /* deallocate srtp stream context */
+    srtp_crypto_free(stream);
+
+    return srtp_err_status_ok;
+}
+
+srtp_err_status_t srtp_stream_alloc(srtp_stream_ctx_t **str_ptr,
+                                    const srtp_policy_t *p)
+{
+    srtp_stream_ctx_t *str;
+    srtp_err_status_t stat;
+    unsigned int i = 0;
+    srtp_session_keys_t *session_keys = NULL;
+
+    /*
+     * This function allocates the stream context, rtp and rtcp ciphers
+     * and auth functions, and key limit structure.  If there is a
+     * failure during allocation, we free all previously allocated
+     * memory and return a failure code.  The code could probably
+     * be improved, but it works and should be clear.
+     */
+
+    /* allocate srtp stream and set str_ptr */
+    str = (srtp_stream_ctx_t *)srtp_crypto_alloc(sizeof(srtp_stream_ctx_t));
+    if (str == NULL)
+        return srtp_err_status_alloc_fail;
+
+    *str_ptr = str;
+
+    /*
+     *To keep backwards API compatible if someone is using multiple master
+     * keys then key should be set to NULL
+     */
+    if (p->key != NULL) {
+        str->num_master_keys = 1;
+    } else {
+        str->num_master_keys = p->num_master_keys;
+    }
+
+    str->session_keys = (srtp_session_keys_t *)srtp_crypto_alloc(
+        sizeof(srtp_session_keys_t) * str->num_master_keys);
+
+    if (str->session_keys == NULL) {
+        srtp_stream_dealloc(str, NULL);
+        return srtp_err_status_alloc_fail;
+    }
+
+    for (i = 0; i < str->num_master_keys; i++) {
+        session_keys = &str->session_keys[i];
+
+        /* allocate cipher */
+        stat = srtp_crypto_kernel_alloc_cipher(
+            p->rtp.cipher_type, &session_keys->rtp_cipher,
+            p->rtp.cipher_key_len, p->rtp.auth_tag_len);
+        if (stat) {
+            srtp_stream_dealloc(str, NULL);
+            return stat;
+        }
+
+        /* allocate auth function */
+        stat = srtp_crypto_kernel_alloc_auth(
+            p->rtp.auth_type, &session_keys->rtp_auth, p->rtp.auth_key_len,
+            p->rtp.auth_tag_len);
+        if (stat) {
+            srtp_stream_dealloc(str, NULL);
+            return stat;
+        }
+
+        /*
+         * ...and now the RTCP-specific initialization - first, allocate
+         * the cipher
+         */
+        stat = srtp_crypto_kernel_alloc_cipher(
+            p->rtcp.cipher_type, &session_keys->rtcp_cipher,
+            p->rtcp.cipher_key_len, p->rtcp.auth_tag_len);
+        if (stat) {
+            srtp_stream_dealloc(str, NULL);
+            return stat;
+        }
+
+        /* allocate auth function */
+        stat = srtp_crypto_kernel_alloc_auth(
+            p->rtcp.auth_type, &session_keys->rtcp_auth, p->rtcp.auth_key_len,
+            p->rtcp.auth_tag_len);
+        if (stat) {
+            srtp_stream_dealloc(str, NULL);
+            return stat;
+        }
+
+        session_keys->mki_id = NULL;
+
+        /* allocate key limit structure */
+        session_keys->limit = (srtp_key_limit_ctx_t *)srtp_crypto_alloc(
+            sizeof(srtp_key_limit_ctx_t));
+        if (session_keys->limit == NULL) {
+            srtp_stream_dealloc(str, NULL);
+            return srtp_err_status_alloc_fail;
+        }
+    }
+
+    /* allocate ekt data associated with stream */
+    stat = srtp_ekt_alloc(&str->ekt, p->ekt);
+    if (stat) {
+        srtp_stream_dealloc(str, NULL);
+        return stat;
+    }
+
+    if (p->enc_xtn_hdr && p->enc_xtn_hdr_count > 0) {
+        srtp_cipher_type_id_t enc_xtn_hdr_cipher_type;
+        int enc_xtn_hdr_cipher_key_len;
+
+        str->enc_xtn_hdr = (int *)srtp_crypto_alloc(p->enc_xtn_hdr_count *
+                                                    sizeof(p->enc_xtn_hdr[0]));
+        if (!str->enc_xtn_hdr) {
+            srtp_stream_dealloc(str, NULL);
+            return srtp_err_status_alloc_fail;
+        }
+        memcpy(str->enc_xtn_hdr, p->enc_xtn_hdr,
+               p->enc_xtn_hdr_count * sizeof(p->enc_xtn_hdr[0]));
+        str->enc_xtn_hdr_count = p->enc_xtn_hdr_count;
+
+        /*
+         * For GCM ciphers, the corresponding ICM cipher is used for header
+         * extensions encryption.
+         */
+        switch (p->rtp.cipher_type) {
+        case SRTP_AES_GCM_128:
+            enc_xtn_hdr_cipher_type = SRTP_AES_ICM_128;
+            enc_xtn_hdr_cipher_key_len = SRTP_AES_ICM_128_KEY_LEN_WSALT;
+            break;
+        case SRTP_AES_GCM_256:
+            enc_xtn_hdr_cipher_type = SRTP_AES_ICM_256;
+            enc_xtn_hdr_cipher_key_len = SRTP_AES_ICM_256_KEY_LEN_WSALT;
+            break;
+        default:
+            enc_xtn_hdr_cipher_type = p->rtp.cipher_type;
+            enc_xtn_hdr_cipher_key_len = p->rtp.cipher_key_len;
+            break;
+        }
+
+        for (i = 0; i < str->num_master_keys; i++) {
+            session_keys = &str->session_keys[i];
+
+            /* allocate cipher for extensions header encryption */
+            stat = srtp_crypto_kernel_alloc_cipher(
+                enc_xtn_hdr_cipher_type, &session_keys->rtp_xtn_hdr_cipher,
+                enc_xtn_hdr_cipher_key_len, 0);
+            if (stat) {
+                srtp_stream_dealloc(str, NULL);
+                return stat;
+            }
+        }
+    } else {
+        for (i = 0; i < str->num_master_keys; i++) {
+            session_keys = &str->session_keys[i];
+            session_keys->rtp_xtn_hdr_cipher = NULL;
+        }
+
+        str->enc_xtn_hdr = NULL;
+        str->enc_xtn_hdr_count = 0;
+    }
+
+    return srtp_err_status_ok;
+}
+
+/*
+ * srtp_stream_clone(stream_template, new) allocates a new stream and
+ * initializes it using the cipher and auth of the stream_template
+ *
+ * the only unique data in a cloned stream is the replay database and
+ * the SSRC
+ */
+
+srtp_err_status_t srtp_stream_clone(const srtp_stream_ctx_t *stream_template,
+                                    uint32_t ssrc,
+                                    srtp_stream_ctx_t **str_ptr)
+{
+    srtp_err_status_t status;
+    srtp_stream_ctx_t *str;
+    unsigned int i = 0;
+    srtp_session_keys_t *session_keys = NULL;
+    const srtp_session_keys_t *template_session_keys = NULL;
+
+    debug_print(mod_srtp, "cloning stream (SSRC: 0x%08x)", ntohl(ssrc));
+
+    /* allocate srtp stream and set str_ptr */
+    str = (srtp_stream_ctx_t *)srtp_crypto_alloc(sizeof(srtp_stream_ctx_t));
+    if (str == NULL)
+        return srtp_err_status_alloc_fail;
+    *str_ptr = str;
+
+    str->num_master_keys = stream_template->num_master_keys;
+    str->session_keys = (srtp_session_keys_t *)srtp_crypto_alloc(
+        sizeof(srtp_session_keys_t) * str->num_master_keys);
+
+    if (str->session_keys == NULL) {
+        srtp_stream_dealloc(*str_ptr, stream_template);
+        *str_ptr = NULL;
+        return srtp_err_status_alloc_fail;
+    }
+
+    for (i = 0; i < stream_template->num_master_keys; i++) {
+        session_keys = &str->session_keys[i];
+        template_session_keys = &stream_template->session_keys[i];
+
+        /* set cipher and auth pointers to those of the template */
+        session_keys->rtp_cipher = template_session_keys->rtp_cipher;
+        session_keys->rtp_auth = template_session_keys->rtp_auth;
+        session_keys->rtp_xtn_hdr_cipher =
+            template_session_keys->rtp_xtn_hdr_cipher;
+        session_keys->rtcp_cipher = template_session_keys->rtcp_cipher;
+        session_keys->rtcp_auth = template_session_keys->rtcp_auth;
+        session_keys->mki_size = template_session_keys->mki_size;
+
+        if (template_session_keys->mki_size == 0) {
+            session_keys->mki_id = NULL;
+        } else {
+            session_keys->mki_id =
+                srtp_crypto_alloc(template_session_keys->mki_size);
+
+            if (session_keys->mki_id == NULL) {
+                srtp_stream_dealloc(*str_ptr, stream_template);
+                *str_ptr = NULL;
+                return srtp_err_status_init_fail;
+            }
+            memcpy(session_keys->mki_id, template_session_keys->mki_id,
+                   session_keys->mki_size);
+        }
+        /* Copy the salt values */
+        memcpy(session_keys->salt, template_session_keys->salt,
+               SRTP_AEAD_SALT_LEN);
+        memcpy(session_keys->c_salt, template_session_keys->c_salt,
+               SRTP_AEAD_SALT_LEN);
+
+        /* set key limit to point to that of the template */
+        status = srtp_key_limit_clone(template_session_keys->limit,
+                                      &session_keys->limit);
+        if (status) {
+            srtp_stream_dealloc(*str_ptr, stream_template);
+            *str_ptr = NULL;
+            return status;
+        }
+    }
+
+    /* initialize replay databases */
+    status = srtp_rdbx_init(
+        &str->rtp_rdbx, srtp_rdbx_get_window_size(&stream_template->rtp_rdbx));
+    if (status) {
+        srtp_stream_dealloc(*str_ptr, stream_template);
+        *str_ptr = NULL;
+        return status;
+    }
+    srtp_rdb_init(&str->rtcp_rdb);
+    str->allow_repeat_tx = stream_template->allow_repeat_tx;
+
+    /* set ssrc to that provided */
+    str->ssrc = ssrc;
+
+    /* reset pending ROC */
+    str->pending_roc = 0;
+
+    /* set direction and security services */
+    str->direction = stream_template->direction;
+    str->rtp_services = stream_template->rtp_services;
+    str->rtcp_services = stream_template->rtcp_services;
+
+    /* set pointer to EKT data associated with stream */
+    str->ekt = stream_template->ekt;
+
+    /* copy information about extensions header encryption */
+    str->enc_xtn_hdr = stream_template->enc_xtn_hdr;
+    str->enc_xtn_hdr_count = stream_template->enc_xtn_hdr_count;
+
+    /* defensive coding */
+    str->next = NULL;
+    return srtp_err_status_ok;
+}
+
+/*
+ * key derivation functions, internal to libSRTP
+ *
+ * srtp_kdf_t is a key derivation context
+ *
+ * srtp_kdf_init(&kdf, cipher_id, k, keylen) initializes kdf to use cipher
+ * described by cipher_id, with the master key k with length in octets keylen.
+ *
+ * srtp_kdf_generate(&kdf, l, kl, keylen) derives the key
+ * corresponding to label l and puts it into kl; the length
+ * of the key in octets is provided as keylen.  this function
+ * should be called once for each subkey that is derived.
+ *
+ * srtp_kdf_clear(&kdf) zeroizes and deallocates the kdf state
+ */
+
+typedef enum {
+    label_rtp_encryption = 0x00,
+    label_rtp_msg_auth = 0x01,
+    label_rtp_salt = 0x02,
+    label_rtcp_encryption = 0x03,
+    label_rtcp_msg_auth = 0x04,
+    label_rtcp_salt = 0x05,
+    label_rtp_header_encryption = 0x06,
+    label_rtp_header_salt = 0x07
+} srtp_prf_label;
+
+#define MAX_SRTP_KEY_LEN 256
+
+#if defined(OPENSSL) && defined(OPENSSL_KDF)
+#define MAX_SRTP_AESKEY_LEN 32
+#define MAX_SRTP_SALT_LEN 14
+
+/*
+ * srtp_kdf_t represents a key derivation function.  The SRTP
+ * default KDF is the only one implemented at present.
+ */
+typedef struct {
+    uint8_t master_key[MAX_SRTP_AESKEY_LEN];
+    uint8_t master_salt[MAX_SRTP_SALT_LEN];
+    const EVP_CIPHER *evp;
+} srtp_kdf_t;
+
+static srtp_err_status_t srtp_kdf_init(srtp_kdf_t *kdf,
+                                       const uint8_t *key,
+                                       int key_len,
+                                       int salt_len)
+{
+    memset(kdf, 0x0, sizeof(srtp_kdf_t));
+
+    /* The NULL cipher has zero key length */
+    if (key_len == 0)
+        return srtp_err_status_ok;
+
+    if ((key_len > MAX_SRTP_AESKEY_LEN) || (salt_len > MAX_SRTP_SALT_LEN)) {
+        return srtp_err_status_bad_param;
+    }
+    switch (key_len) {
+    case SRTP_AES_256_KEYSIZE:
+        kdf->evp = EVP_aes_256_ctr();
+        break;
+    case SRTP_AES_192_KEYSIZE:
+        kdf->evp = EVP_aes_192_ctr();
+        break;
+    case SRTP_AES_128_KEYSIZE:
+        kdf->evp = EVP_aes_128_ctr();
+        break;
+    default:
+        return srtp_err_status_bad_param;
+        break;
+    }
+    memcpy(kdf->master_key, key, key_len);
+    memcpy(kdf->master_salt, key + key_len, salt_len);
+    return srtp_err_status_ok;
+}
+
+static srtp_err_status_t srtp_kdf_generate(srtp_kdf_t *kdf,
+                                           srtp_prf_label label,
+                                           uint8_t *key,
+                                           unsigned int length)
+{
+    int ret;
+
+    /* The NULL cipher will not have an EVP */
+    if (!kdf->evp)
+        return srtp_err_status_ok;
+    octet_string_set_to_zero(key, length);
+
+    /*
+     * Invoke the OpenSSL SRTP KDF function
+     * This is useful if OpenSSL is in FIPS mode and FIP
+     * compliance is required for SRTP.
+     */
+    ret = kdf_srtp(kdf->evp, (char *)&kdf->master_key,
+                   (char *)&kdf->master_salt, NULL, NULL, label, (char *)key);
+    if (ret == -1) {
+        return (srtp_err_status_algo_fail);
+    }
+
+    return srtp_err_status_ok;
+}
+
+static srtp_err_status_t srtp_kdf_clear(srtp_kdf_t *kdf)
+{
+    octet_string_set_to_zero(kdf->master_key, MAX_SRTP_AESKEY_LEN);
+    octet_string_set_to_zero(kdf->master_salt, MAX_SRTP_SALT_LEN);
+    kdf->evp = NULL;
+
+    return srtp_err_status_ok;
+}
+
+#else  /* if OPENSSL_KDF */
+
+/*
+ * srtp_kdf_t represents a key derivation function.  The SRTP
+ * default KDF is the only one implemented at present.
+ */
+typedef struct {
+    srtp_cipher_t *cipher; /* cipher used for key derivation  */
+} srtp_kdf_t;
+
+static srtp_err_status_t srtp_kdf_init(srtp_kdf_t *kdf,
+                                       const uint8_t *key,
+                                       int key_len)
+{
+    srtp_cipher_type_id_t cipher_id;
+    srtp_err_status_t stat;
+
+    switch (key_len) {
+    case SRTP_AES_ICM_256_KEY_LEN_WSALT:
+        cipher_id = SRTP_AES_ICM_256;
+        break;
+    case SRTP_AES_ICM_192_KEY_LEN_WSALT:
+        cipher_id = SRTP_AES_ICM_192;
+        break;
+    case SRTP_AES_ICM_128_KEY_LEN_WSALT:
+        cipher_id = SRTP_AES_ICM_128;
+        break;
+    default:
+        return srtp_err_status_bad_param;
+        break;
+    }
+
+    stat = srtp_crypto_kernel_alloc_cipher(cipher_id, &kdf->cipher, key_len, 0);
+    if (stat)
+        return stat;
+
+    stat = srtp_cipher_init(kdf->cipher, key);
+    if (stat) {
+        srtp_cipher_dealloc(kdf->cipher);
+        return stat;
+    }
+    return srtp_err_status_ok;
+}
+
+static srtp_err_status_t srtp_kdf_generate(srtp_kdf_t *kdf,
+                                           srtp_prf_label label,
+                                           uint8_t *key,
+                                           unsigned int length)
+{
+    srtp_err_status_t status;
+    v128_t nonce;
+
+    /* set eigth octet of nonce to <label>, set the rest of it to zero */
+    v128_set_to_zero(&nonce);
+    nonce.v8[7] = label;
+
+    status = srtp_cipher_set_iv(kdf->cipher, (uint8_t *)&nonce,
+                                srtp_direction_encrypt);
+    if (status)
+        return status;
+
+    /* generate keystream output */
+    octet_string_set_to_zero(key, length);
+    status = srtp_cipher_encrypt(kdf->cipher, key, &length);
+    if (status)
+        return status;
+
+    return srtp_err_status_ok;
+}
+
+static srtp_err_status_t srtp_kdf_clear(srtp_kdf_t *kdf)
+{
+    srtp_err_status_t status;
+    status = srtp_cipher_dealloc(kdf->cipher);
+    if (status)
+        return status;
+    kdf->cipher = NULL;
+    return srtp_err_status_ok;
+}
+#endif /* else OPENSSL_KDF */
+
+/*
+ *  end of key derivation functions
+ */
+
+/* Get the base key length corresponding to a given combined key+salt
+ * length for the given cipher.
+ * TODO: key and salt lengths should be separate fields in the policy.  */
+static inline int base_key_length(const srtp_cipher_type_t *cipher,
+                                  int key_length)
+{
+    switch (cipher->id) {
+    case SRTP_AES_ICM_128:
+    case SRTP_AES_ICM_192:
+    case SRTP_AES_ICM_256:
+        /* The legacy modes are derived from
+         * the configured key length on the policy */
+        return key_length - SRTP_SALT_LEN;
+        break;
+    case SRTP_AES_GCM_128:
+        return key_length - SRTP_AEAD_SALT_LEN;
+        break;
+    case SRTP_AES_GCM_256:
+        return key_length - SRTP_AEAD_SALT_LEN;
+        break;
+    default:
+        return key_length;
+        break;
+    }
+}
+
+unsigned int srtp_validate_policy_master_keys(const srtp_policy_t *policy)
+{
+    unsigned long i = 0;
+
+    if (policy->key == NULL) {
+        if (policy->num_master_keys <= 0)
+            return 0;
+
+        if (policy->num_master_keys > SRTP_MAX_NUM_MASTER_KEYS)
+            return 0;
+
+        for (i = 0; i < policy->num_master_keys; i++) {
+            if (policy->keys[i]->key == NULL)
+                return 0;
+            if (policy->keys[i]->mki_size > SRTP_MAX_MKI_LEN)
+                return 0;
+        }
+    }
+
+    return 1;
+}
+
+srtp_session_keys_t *srtp_get_session_keys_with_mki_index(
+    srtp_stream_ctx_t *stream,
+    unsigned int use_mki,
+    unsigned int mki_index)
+{
+    if (use_mki) {
+        if (mki_index >= stream->num_master_keys) {
+            return NULL;
+        }
+        return &stream->session_keys[mki_index];
+    }
+
+    return &stream->session_keys[0];
+}
+
+unsigned int srtp_inject_mki(uint8_t *mki_tag_location,
+                             srtp_session_keys_t *session_keys,
+                             unsigned int use_mki)
+{
+    unsigned int mki_size = 0;
+
+    if (use_mki) {
+        mki_size = session_keys->mki_size;
+
+        if (mki_size != 0) {
+            // Write MKI into memory
+            memcpy(mki_tag_location, session_keys->mki_id, mki_size);
+        }
+    }
+
+    return mki_size;
+}
+
+srtp_err_status_t srtp_stream_init_all_master_keys(
+    srtp_stream_ctx_t *srtp,
+    unsigned char *key,
+    srtp_master_key_t **keys,
+    const unsigned int max_master_keys)
+{
+    unsigned int i = 0;
+    srtp_err_status_t status = srtp_err_status_ok;
+    srtp_master_key_t single_master_key;
+
+    if (key != NULL) {
+        srtp->num_master_keys = 1;
+        single_master_key.key = key;
+        single_master_key.mki_id = NULL;
+        single_master_key.mki_size = 0;
+        status = srtp_stream_init_keys(srtp, &single_master_key, 0);
+    } else {
+        srtp->num_master_keys = max_master_keys;
+
+        for (i = 0; i < srtp->num_master_keys && i < SRTP_MAX_NUM_MASTER_KEYS;
+             i++) {
+            status = srtp_stream_init_keys(srtp, keys[i], i);
+
+            if (status) {
+                return status;
+            }
+        }
+    }
+
+    return status;
+}
+
+srtp_err_status_t srtp_stream_init_keys(srtp_stream_ctx_t *srtp,
+                                        srtp_master_key_t *master_key,
+                                        const unsigned int current_mki_index)
+{
+    srtp_err_status_t stat;
+    srtp_kdf_t kdf;
+    uint8_t tmp_key[MAX_SRTP_KEY_LEN];
+    int kdf_keylen = 30, rtp_keylen, rtcp_keylen;
+    int rtp_base_key_len, rtp_salt_len;
+    int rtcp_base_key_len, rtcp_salt_len;
+    srtp_session_keys_t *session_keys = NULL;
+    unsigned char *key = master_key->key;
+
+    /* If RTP or RTCP have a key length > AES-128, assume matching kdf. */
+    /* TODO: kdf algorithm, master key length, and master salt length should
+     * be part of srtp_policy_t.
+    */
+    session_keys = &srtp->session_keys[current_mki_index];
+
+/* initialize key limit to maximum value */
+#ifdef NO_64BIT_MATH
+    {
+        uint64_t temp;
+        temp = make64(UINT_MAX, UINT_MAX);
+        srtp_key_limit_set(session_keys->limit, temp);
+    }
+#else
+    srtp_key_limit_set(session_keys->limit, 0xffffffffffffLL);
+#endif
+
+    if (master_key->mki_size != 0) {
+        session_keys->mki_id = srtp_crypto_alloc(master_key->mki_size);
+
+        if (session_keys->mki_id == NULL) {
+            return srtp_err_status_init_fail;
+        }
+        memcpy(session_keys->mki_id, master_key->mki_id, master_key->mki_size);
+    } else {
+        session_keys->mki_id = NULL;
+    }
+
+    session_keys->mki_size = master_key->mki_size;
+
+    rtp_keylen = srtp_cipher_get_key_length(session_keys->rtp_cipher);
+    rtcp_keylen = srtp_cipher_get_key_length(session_keys->rtcp_cipher);
+    rtp_base_key_len =
+        base_key_length(session_keys->rtp_cipher->type, rtp_keylen);
+    rtp_salt_len = rtp_keylen - rtp_base_key_len;
+
+    if (rtp_keylen > kdf_keylen) {
+        kdf_keylen = 46; /* AES-CTR mode is always used for KDF */
+    }
+
+    if (rtcp_keylen > kdf_keylen) {
+        kdf_keylen = 46; /* AES-CTR mode is always used for KDF */
+    }
+
+    debug_print(mod_srtp, "srtp key len: %d", rtp_keylen);
+    debug_print(mod_srtp, "srtcp key len: %d", rtcp_keylen);
+    debug_print(mod_srtp, "base key len: %d", rtp_base_key_len);
+    debug_print(mod_srtp, "kdf key len: %d", kdf_keylen);
+    debug_print(mod_srtp, "rtp salt len: %d", rtp_salt_len);
+
+    /*
+     * Make sure the key given to us is 'zero' appended.  GCM
+     * mode uses a shorter master SALT (96 bits), but still relies on
+     * the legacy CTR mode KDF, which uses a 112 bit master SALT.
+     */
+    memset(tmp_key, 0x0, MAX_SRTP_KEY_LEN);
+    memcpy(tmp_key, key, (rtp_base_key_len + rtp_salt_len));
+
+/* initialize KDF state     */
+#if defined(OPENSSL) && defined(OPENSSL_KDF)
+    stat = srtp_kdf_init(&kdf, (const uint8_t *)tmp_key, rtp_base_key_len,
+                         rtp_salt_len);
+#else
+    stat = srtp_kdf_init(&kdf, (const uint8_t *)tmp_key, kdf_keylen);
+#endif
+    if (stat) {
+        /* zeroize temp buffer */
+        octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
+        return srtp_err_status_init_fail;
+    }
+
+    /* generate encryption key  */
+    stat = srtp_kdf_generate(&kdf, label_rtp_encryption, tmp_key,
+                             rtp_base_key_len);
+    if (stat) {
+        /* zeroize temp buffer */
+        octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
+        return srtp_err_status_init_fail;
+    }
+    debug_print(mod_srtp, "cipher key: %s",
+                srtp_octet_string_hex_string(tmp_key, rtp_base_key_len));
+
+    /*
+     * if the cipher in the srtp context uses a salt, then we need
+     * to generate the salt value
+     */
+    if (rtp_salt_len > 0) {
+        debug_print0(mod_srtp, "found rtp_salt_len > 0, generating salt");
+
+        /* generate encryption salt, put after encryption key */
+        stat = srtp_kdf_generate(&kdf, label_rtp_salt,
+                                 tmp_key + rtp_base_key_len, rtp_salt_len);
+        if (stat) {
+            /* zeroize temp buffer */
+            octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
+            return srtp_err_status_init_fail;
+        }
+        memcpy(session_keys->salt, tmp_key + rtp_base_key_len,
+               SRTP_AEAD_SALT_LEN);
+    }
+    if (rtp_salt_len > 0) {
+        debug_print(mod_srtp, "cipher salt: %s",
+                    srtp_octet_string_hex_string(tmp_key + rtp_base_key_len,
+                                                 rtp_salt_len));
+    }
+
+    /* initialize cipher */
+    stat = srtp_cipher_init(session_keys->rtp_cipher, tmp_key);
+    if (stat) {
+        /* zeroize temp buffer */
+        octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
+        return srtp_err_status_init_fail;
+    }
+
+    if (session_keys->rtp_xtn_hdr_cipher) {
+        /* generate extensions header encryption key  */
+        int rtp_xtn_hdr_keylen;
+        int rtp_xtn_hdr_base_key_len;
+        int rtp_xtn_hdr_salt_len;
+        srtp_kdf_t tmp_kdf;
+        srtp_kdf_t *xtn_hdr_kdf;
+
+        if (session_keys->rtp_xtn_hdr_cipher->type !=
+            session_keys->rtp_cipher->type) {
+            /*
+             * With GCM ciphers, the header extensions are still encrypted using
+             * the corresponding ICM cipher.
+             * See https://tools.ietf.org/html/rfc7714#section-8.3
+             */
+            uint8_t tmp_xtn_hdr_key[MAX_SRTP_KEY_LEN];
+            rtp_xtn_hdr_keylen =
+                srtp_cipher_get_key_length(session_keys->rtp_xtn_hdr_cipher);
+            rtp_xtn_hdr_base_key_len = base_key_length(
+                session_keys->rtp_xtn_hdr_cipher->type, rtp_xtn_hdr_keylen);
+            rtp_xtn_hdr_salt_len =
+                rtp_xtn_hdr_keylen - rtp_xtn_hdr_base_key_len;
+            if (rtp_xtn_hdr_salt_len > rtp_salt_len) {
+                switch (session_keys->rtp_cipher->type->id) {
+                case SRTP_AES_GCM_128:
+                case SRTP_AES_GCM_256:
+                    /*
+                     * The shorter GCM salt is padded to the required ICM salt
+                     * length.
+                     */
+                    rtp_xtn_hdr_salt_len = rtp_salt_len;
+                    break;
+                default:
+                    /* zeroize temp buffer */
+                    octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
+                    return srtp_err_status_bad_param;
+                }
+            }
+            memset(tmp_xtn_hdr_key, 0x0, MAX_SRTP_KEY_LEN);
+            memcpy(tmp_xtn_hdr_key, key,
+                   (rtp_xtn_hdr_base_key_len + rtp_xtn_hdr_salt_len));
+            xtn_hdr_kdf = &tmp_kdf;
+
+/* initialize KDF state */
+#if defined(OPENSSL) && defined(OPENSSL_KDF)
+            stat =
+                srtp_kdf_init(xtn_hdr_kdf, (const uint8_t *)tmp_xtn_hdr_key,
+                              rtp_xtn_hdr_base_key_len, rtp_xtn_hdr_salt_len);
+#else
+            stat = srtp_kdf_init(xtn_hdr_kdf, (const uint8_t *)tmp_xtn_hdr_key,
+                                 kdf_keylen);
+#endif
+            octet_string_set_to_zero(tmp_xtn_hdr_key, MAX_SRTP_KEY_LEN);
+            if (stat) {
+                /* zeroize temp buffer */
+                octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
+                return srtp_err_status_init_fail;
+            }
+        } else {
+            /* Reuse main KDF. */
+            rtp_xtn_hdr_keylen = rtp_keylen;
+            rtp_xtn_hdr_base_key_len = rtp_base_key_len;
+            rtp_xtn_hdr_salt_len = rtp_salt_len;
+            xtn_hdr_kdf = &kdf;
+        }
+
+        stat = srtp_kdf_generate(xtn_hdr_kdf, label_rtp_header_encryption,
+                                 tmp_key, rtp_xtn_hdr_base_key_len);
+        if (stat) {
+            /* zeroize temp buffer */
+            octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
+            return srtp_err_status_init_fail;
+        }
+        debug_print(
+            mod_srtp, "extensions cipher key: %s",
+            srtp_octet_string_hex_string(tmp_key, rtp_xtn_hdr_base_key_len));
+
+        /*
+         * if the cipher in the srtp context uses a salt, then we need
+         * to generate the salt value
+         */
+        if (rtp_xtn_hdr_salt_len > 0) {
+            debug_print0(mod_srtp,
+                         "found rtp_xtn_hdr_salt_len > 0, generating salt");
+
+            /* generate encryption salt, put after encryption key */
+            stat = srtp_kdf_generate(xtn_hdr_kdf, label_rtp_header_salt,
+                                     tmp_key + rtp_xtn_hdr_base_key_len,
+                                     rtp_xtn_hdr_salt_len);
+            if (stat) {
+                /* zeroize temp buffer */
+                octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
+                return srtp_err_status_init_fail;
+            }
+        }
+        if (rtp_xtn_hdr_salt_len > 0) {
+            debug_print(
+                mod_srtp, "extensions cipher salt: %s",
+                srtp_octet_string_hex_string(tmp_key + rtp_xtn_hdr_base_key_len,
+                                             rtp_xtn_hdr_salt_len));
+        }
+
+        /* initialize extensions header cipher */
+        stat = srtp_cipher_init(session_keys->rtp_xtn_hdr_cipher, tmp_key);
+        if (stat) {
+            /* zeroize temp buffer */
+            octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
+            return srtp_err_status_init_fail;
+        }
+
+        if (xtn_hdr_kdf != &kdf) {
+            /* release memory for custom header extension encryption kdf */
+            stat = srtp_kdf_clear(xtn_hdr_kdf);
+            if (stat) {
+                /* zeroize temp buffer */
+                octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
+                return srtp_err_status_init_fail;
+            }
+        }
+    }
+
+    /* generate authentication key */
+    stat = srtp_kdf_generate(&kdf, label_rtp_msg_auth, tmp_key,
+                             srtp_auth_get_key_length(session_keys->rtp_auth));
+    if (stat) {
+        /* zeroize temp buffer */
+        octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
+        return srtp_err_status_init_fail;
+    }
+    debug_print(mod_srtp, "auth key:   %s",
+                srtp_octet_string_hex_string(
+                    tmp_key, srtp_auth_get_key_length(session_keys->rtp_auth)));
+
+    /* initialize auth function */
+    stat = srtp_auth_init(session_keys->rtp_auth, tmp_key);
+    if (stat) {
+        /* zeroize temp buffer */
+        octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
+        return srtp_err_status_init_fail;
+    }
+
+    /*
+     * ...now initialize SRTCP keys
+     */
+
+    rtcp_base_key_len =
+        base_key_length(session_keys->rtcp_cipher->type, rtcp_keylen);
+    rtcp_salt_len = rtcp_keylen - rtcp_base_key_len;
+    debug_print(mod_srtp, "rtcp salt len: %d", rtcp_salt_len);
+
+    /* generate encryption key  */
+    stat = srtp_kdf_generate(&kdf, label_rtcp_encryption, tmp_key,
+                             rtcp_base_key_len);
+    if (stat) {
+        /* zeroize temp buffer */
+        octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
+        return srtp_err_status_init_fail;
+    }
+
+    /*
+     * if the cipher in the srtp context uses a salt, then we need
+     * to generate the salt value
+     */
+    if (rtcp_salt_len > 0) {
+        debug_print0(mod_srtp, "found rtcp_salt_len > 0, generating rtcp salt");
+
+        /* generate encryption salt, put after encryption key */
+        stat = srtp_kdf_generate(&kdf, label_rtcp_salt,
+                                 tmp_key + rtcp_base_key_len, rtcp_salt_len);
+        if (stat) {
+            /* zeroize temp buffer */
+            octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
+            return srtp_err_status_init_fail;
+        }
+        memcpy(session_keys->c_salt, tmp_key + rtcp_base_key_len,
+               SRTP_AEAD_SALT_LEN);
+    }
+    debug_print(mod_srtp, "rtcp cipher key: %s",
+                srtp_octet_string_hex_string(tmp_key, rtcp_base_key_len));
+    if (rtcp_salt_len > 0) {
+        debug_print(mod_srtp, "rtcp cipher salt: %s",
+                    srtp_octet_string_hex_string(tmp_key + rtcp_base_key_len,
+                                                 rtcp_salt_len));
+    }
+
+    /* initialize cipher */
+    stat = srtp_cipher_init(session_keys->rtcp_cipher, tmp_key);
+    if (stat) {
+        /* zeroize temp buffer */
+        octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
+        return srtp_err_status_init_fail;
+    }
+
+    /* generate authentication key */
+    stat = srtp_kdf_generate(&kdf, label_rtcp_msg_auth, tmp_key,
+                             srtp_auth_get_key_length(session_keys->rtcp_auth));
+    if (stat) {
+        /* zeroize temp buffer */
+        octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
+        return srtp_err_status_init_fail;
+    }
+
+    debug_print(
+        mod_srtp, "rtcp auth key:   %s",
+        srtp_octet_string_hex_string(
+            tmp_key, srtp_auth_get_key_length(session_keys->rtcp_auth)));
+
+    /* initialize auth function */
+    stat = srtp_auth_init(session_keys->rtcp_auth, tmp_key);
+    if (stat) {
+        /* zeroize temp buffer */
+        octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
+        return srtp_err_status_init_fail;
+    }
+
+    /* clear memory then return */
+    stat = srtp_kdf_clear(&kdf);
+    octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
+    if (stat)
+        return srtp_err_status_init_fail;
+
+    return srtp_err_status_ok;
+}
+
+srtp_err_status_t srtp_stream_init(srtp_stream_ctx_t *srtp,
+                                   const srtp_policy_t *p)
+{
+    srtp_err_status_t err;
+
+    debug_print(mod_srtp, "initializing stream (SSRC: 0x%08x)", p->ssrc.value);
+
+    /* initialize replay database */
+    /*
+     * window size MUST be at least 64.  MAY be larger.  Values more than
+     * 2^15 aren't meaningful due to how extended sequence numbers are
+     * calculated.
+     * Let a window size of 0 imply the default value.
+     */
+
+    if (p->window_size != 0 &&
+        (p->window_size < 64 || p->window_size >= 0x8000))
+        return srtp_err_status_bad_param;
+
+    if (p->window_size != 0)
+        err = srtp_rdbx_init(&srtp->rtp_rdbx, p->window_size);
+    else
+        err = srtp_rdbx_init(&srtp->rtp_rdbx, 128);
+    if (err)
+        return err;
+
+    /* set the SSRC value */
+    srtp->ssrc = htonl(p->ssrc.value);
+
+    /* reset pending ROC */
+    srtp->pending_roc = 0;
+
+    /* set the security service flags */
+    srtp->rtp_services = p->rtp.sec_serv;
+    srtp->rtcp_services = p->rtcp.sec_serv;
+
+    /*
+     * set direction to unknown - this flag gets checked in srtp_protect(),
+     * srtp_unprotect(), srtp_protect_rtcp(), and srtp_unprotect_rtcp(), and
+     * gets set appropriately if it is set to unknown.
+     */
+    srtp->direction = dir_unknown;
+
+    /* initialize SRTCP replay database */
+    srtp_rdb_init(&srtp->rtcp_rdb);
+
+    /* initialize allow_repeat_tx */
+    /* guard against uninitialized memory: allow only 0 or 1 here */
+    if (p->allow_repeat_tx != 0 && p->allow_repeat_tx != 1) {
+        srtp_rdbx_dealloc(&srtp->rtp_rdbx);
+        return srtp_err_status_bad_param;
+    }
+    srtp->allow_repeat_tx = p->allow_repeat_tx;
+
+    /* DAM - no RTCP key limit at present */
+
+    /* initialize keys */
+    err = srtp_stream_init_all_master_keys(srtp, p->key, p->keys,
+                                           p->num_master_keys);
+    if (err) {
+        srtp_rdbx_dealloc(&srtp->rtp_rdbx);
+        return err;
+    }
+
+    /*
+     * if EKT is in use, then initialize the EKT data associated with
+     * the stream
+     */
+    err = srtp_ekt_stream_init_from_policy(srtp->ekt, p->ekt);
+    if (err) {
+        srtp_rdbx_dealloc(&srtp->rtp_rdbx);
+        return err;
+    }
+
+    return srtp_err_status_ok;
+}
+
+/*
+ * srtp_event_reporter is an event handler function that merely
+ * reports the events that are reported by the callbacks
+ */
+
+void srtp_event_reporter(srtp_event_data_t *data)
+{
+    srtp_err_report(srtp_err_level_warning, "srtp: in stream 0x%x: ",
+                    data->ssrc);
+
+    switch (data->event) {
+    case event_ssrc_collision:
+        srtp_err_report(srtp_err_level_warning, "\tSSRC collision\n");
+        break;
+    case event_key_soft_limit:
+        srtp_err_report(srtp_err_level_warning,
+                        "\tkey usage soft limit reached\n");
+        break;
+    case event_key_hard_limit:
+        srtp_err_report(srtp_err_level_warning,
+                        "\tkey usage hard limit reached\n");
+        break;
+    case event_packet_index_limit:
+        srtp_err_report(srtp_err_level_warning,
+                        "\tpacket index limit reached\n");
+        break;
+    default:
+        srtp_err_report(srtp_err_level_warning,
+                        "\tunknown event reported to handler\n");
+    }
+}
+
+/*
+ * srtp_event_handler is a global variable holding a pointer to the
+ * event handler function; this function is called for any unexpected
+ * event that needs to be handled out of the SRTP data path.  see
+ * srtp_event_t in srtp.h for more info
+ *
+ * it is okay to set srtp_event_handler to NULL, but we set
+ * it to the srtp_event_reporter.
+ */
+
+static srtp_event_handler_func_t *srtp_event_handler = srtp_event_reporter;
+
+srtp_err_status_t srtp_install_event_handler(srtp_event_handler_func_t func)
+{
+    /*
+     * note that we accept NULL arguments intentionally - calling this
+     * function with a NULL arguments removes an event handler that's
+     * been previously installed
+     */
+
+    /* set global event handling function */
+    srtp_event_handler = func;
+    return srtp_err_status_ok;
+}
+
+/*
+ * Check if the given extension header id is / should be encrypted.
+ * Returns 1 if yes, otherwise 0.
+ */
+static int srtp_protect_extension_header(srtp_stream_ctx_t *stream, int id)
+{
+    int *enc_xtn_hdr = stream->enc_xtn_hdr;
+    int count = stream->enc_xtn_hdr_count;
+
+    if (!enc_xtn_hdr || count <= 0) {
+        return 0;
+    }
+
+    while (count > 0) {
+        if (*enc_xtn_hdr == id) {
+            return 1;
+        }
+
+        enc_xtn_hdr++;
+        count--;
+    }
+    return 0;
+}
+
+/*
+ * extensions header encryption RFC 6904
+ */
+static srtp_err_status_t srtp_process_header_encryption(
+    srtp_stream_ctx_t *stream,
+    srtp_hdr_xtnd_t *xtn_hdr,
+    srtp_session_keys_t *session_keys)
+{
+    srtp_err_status_t status;
+    uint8_t keystream[257]; /* Maximum 2 bytes header + 255 bytes data. */
+    int keystream_pos;
+    uint8_t *xtn_hdr_data = ((uint8_t *)xtn_hdr) + octets_in_rtp_extn_hdr;
+    uint8_t *xtn_hdr_end =
+        xtn_hdr_data + (ntohs(xtn_hdr->length) * sizeof(uint32_t));
+
+    if (ntohs(xtn_hdr->profile_specific) == 0xbede) {
+        /* RFC 5285, section 4.2. One-Byte Header */
+        while (xtn_hdr_data < xtn_hdr_end) {
+            uint8_t xid = (*xtn_hdr_data & 0xf0) >> 4;
+            unsigned int xlen = (*xtn_hdr_data & 0x0f) + 1;
+            uint32_t xlen_with_header = 1 + xlen;
+            xtn_hdr_data++;
+
+            if (xtn_hdr_data + xlen > xtn_hdr_end)
+                return srtp_err_status_parse_err;
+
+            if (xid == 15) {
+                /* found header 15, stop further processing. */
+                break;
+            }
+
+            status = srtp_cipher_output(session_keys->rtp_xtn_hdr_cipher,
+                                        keystream, &xlen_with_header);
+            if (status)
+                return srtp_err_status_cipher_fail;
+
+            if (srtp_protect_extension_header(stream, xid)) {
+                keystream_pos = 1;
+                while (xlen > 0) {
+                    *xtn_hdr_data ^= keystream[keystream_pos++];
+                    xtn_hdr_data++;
+                    xlen--;
+                }
+            } else {
+                xtn_hdr_data += xlen;
+            }
+
+            /* skip padding bytes. */
+            while (xtn_hdr_data < xtn_hdr_end && *xtn_hdr_data == 0) {
+                xtn_hdr_data++;
+            }
+        }
+    } else if ((ntohs(xtn_hdr->profile_specific) & 0x1fff) == 0x100) {
+        /* RFC 5285, section 4.3. Two-Byte Header */
+        while (xtn_hdr_data + 1 < xtn_hdr_end) {
+            uint8_t xid = *xtn_hdr_data;
+            unsigned int xlen = *(xtn_hdr_data + 1);
+            uint32_t xlen_with_header = 2 + xlen;
+            xtn_hdr_data += 2;
+
+            if (xtn_hdr_data + xlen > xtn_hdr_end)
+                return srtp_err_status_parse_err;
+
+            status = srtp_cipher_output(session_keys->rtp_xtn_hdr_cipher,
+                                        keystream, &xlen_with_header);
+            if (status)
+                return srtp_err_status_cipher_fail;
+
+            if (xlen > 0 && srtp_protect_extension_header(stream, xid)) {
+                keystream_pos = 2;
+                while (xlen > 0) {
+                    *xtn_hdr_data ^= keystream[keystream_pos++];
+                    xtn_hdr_data++;
+                    xlen--;
+                }
+            } else {
+                xtn_hdr_data += xlen;
+            }
+
+            /* skip padding bytes. */
+            while (xtn_hdr_data < xtn_hdr_end && *xtn_hdr_data == 0) {
+                xtn_hdr_data++;
+            }
+        }
+    } else {
+        /* unsupported extension header format. */
+        return srtp_err_status_parse_err;
+    }
+
+    return srtp_err_status_ok;
+}
+
+/*
+ * AEAD uses a new IV formation method.  This function implements
+ * section 8.1. (SRTP IV Formation for AES-GCM) of RFC7714.
+ * The calculation is defined as, where (+) is the xor operation:
+ *
+ *
+ *              0  0  0  0  0  0  0  0  0  0  1  1
+ *              0  1  2  3  4  5  6  7  8  9  0  1
+ *            +--+--+--+--+--+--+--+--+--+--+--+--+
+ *            |00|00|    SSRC   |     ROC   | SEQ |---+
+ *            +--+--+--+--+--+--+--+--+--+--+--+--+   |
+ *                                                    |
+ *            +--+--+--+--+--+--+--+--+--+--+--+--+   |
+ *            |         Encryption Salt           |->(+)
+ *            +--+--+--+--+--+--+--+--+--+--+--+--+   |
+ *                                                    |
+ *            +--+--+--+--+--+--+--+--+--+--+--+--+   |
+ *            |       Initialization Vector       |<--+
+ *            +--+--+--+--+--+--+--+--+--+--+--+--+*
+ *
+ * Input:  *session_keys - pointer to SRTP stream context session keys,
+ *                         used to retrieve the SALT
+ *         *iv     - Pointer to receive the calculated IV
+ *         *seq    - The ROC and SEQ value to use for the
+ *                   IV calculation.
+ *         *hdr    - The RTP header, used to get the SSRC value
+ *
+ */
+
+static void srtp_calc_aead_iv(srtp_session_keys_t *session_keys,
+                              v128_t *iv,
+                              srtp_xtd_seq_num_t *seq,
+                              srtp_hdr_t *hdr)
+{
+    v128_t in;
+    v128_t salt;
+
+#ifdef NO_64BIT_MATH
+    uint32_t local_roc = ((high32(*seq) << 16) | (low32(*seq) >> 16));
+    uint16_t local_seq = (uint16_t)(low32(*seq));
+#else
+    uint32_t local_roc = (uint32_t)(*seq >> 16);
+    uint16_t local_seq = (uint16_t)*seq;
+#endif
+
+    memset(&in, 0, sizeof(v128_t));
+    memset(&salt, 0, sizeof(v128_t));
+
+    in.v16[5] = htons(local_seq);
+    local_roc = htonl(local_roc);
+    memcpy(&in.v16[3], &local_roc, sizeof(local_roc));
+
+    /*
+     * Copy in the RTP SSRC value
+     */
+    memcpy(&in.v8[2], &hdr->ssrc, 4);
+    debug_print(mod_srtp, "Pre-salted RTP IV = %s\n", v128_hex_string(&in));
+
+    /*
+     * Get the SALT value from the context
+     */
+    memcpy(salt.v8, session_keys->salt, SRTP_AEAD_SALT_LEN);
+    debug_print(mod_srtp, "RTP SALT = %s\n", v128_hex_string(&salt));
+
+    /*
+     * Finally, apply tyhe SALT to the input
+     */
+    v128_xor(iv, &in, &salt);
+}
+
+srtp_session_keys_t *srtp_get_session_keys(srtp_stream_ctx_t *stream,
+                                           uint8_t *hdr,
+                                           const unsigned int *pkt_octet_len,
+                                           unsigned int *mki_size)
+{
+    unsigned int base_mki_start_location = *pkt_octet_len;
+    unsigned int mki_start_location = 0;
+    unsigned int tag_len = 0;
+    unsigned int i = 0;
+
+    // Determine the authentication tag size
+    if (stream->session_keys[0].rtp_cipher->algorithm == SRTP_AES_GCM_128 ||
+        stream->session_keys[0].rtp_cipher->algorithm == SRTP_AES_GCM_256) {
+        tag_len = 0;
+    } else {
+        tag_len = srtp_auth_get_tag_length(stream->session_keys[0].rtp_auth);
+    }
+
+    if (tag_len > base_mki_start_location) {
+        *mki_size = 0;
+        return NULL;
+    }
+
+    base_mki_start_location -= tag_len;
+
+    for (i = 0; i < stream->num_master_keys; i++) {
+        if (stream->session_keys[i].mki_size != 0 &&
+            stream->session_keys[i].mki_size <= base_mki_start_location) {
+            *mki_size = stream->session_keys[i].mki_size;
+            mki_start_location = base_mki_start_location - *mki_size;
+
+            if (memcmp(hdr + mki_start_location, stream->session_keys[i].mki_id,
+                       *mki_size) == 0) {
+                return &stream->session_keys[i];
+            }
+        }
+    }
+
+    *mki_size = 0;
+    return NULL;
+}
+
+static srtp_err_status_t srtp_estimate_index(srtp_rdbx_t *rdbx,
+                                             uint32_t roc,
+                                             srtp_xtd_seq_num_t *est,
+                                             srtp_sequence_number_t seq,
+                                             int *delta)
+{
+#ifdef NO_64BIT_MATH
+    uint32_t internal_pkt_idx_reduced;
+    uint32_t external_pkt_idx_reduced;
+    uint32_t internal_roc;
+    uint32_t roc_difference;
+#endif
+
+#ifdef NO_64BIT_MATH
+    *est = (srtp_xtd_seq_num_t)make64(roc >> 16, (roc << 16) | seq);
+    *delta = low32(est) - rdbx->index;
+#else
+    *est = (srtp_xtd_seq_num_t)(((uint64_t)roc) << 16) | seq;
+    *delta = (int)(*est - rdbx->index);
+#endif
+
+    if (*est > rdbx->index) {
+#ifdef NO_64BIT_MATH
+        internal_roc = (uint32_t)(rdbx->index >> 16);
+        roc_difference = roc - internal_roc;
+        if (roc_difference > 1) {
+            *delta = 0;
+            return srtp_err_status_pkt_idx_adv;
+        }
+
+        internal_pkt_idx_reduced = (uint32_t)(rdbx->index & 0xFFFF);
+        external_pkt_idx_reduced = (uint32_t)((roc_difference << 16) | seq);
+
+        if (external_pkt_idx_reduced - internal_pkt_idx_reduced >
+            seq_num_median) {
+            *delta = 0;
+            return srtp_err_status_pkt_idx_adv;
+        }
+#else
+        if (*est - rdbx->index > seq_num_median) {
+            *delta = 0;
+            return srtp_err_status_pkt_idx_adv;
+        }
+#endif
+    } else if (*est < rdbx->index) {
+#ifdef NO_64BIT_MATH
+
+        internal_roc = (uint32_t)(rdbx->index >> 16);
+        roc_difference = internal_roc - roc;
+        if (roc_difference > 1) {
+            *delta = 0;
+            return srtp_err_status_pkt_idx_adv;
+        }
+
+        internal_pkt_idx_reduced =
+            (uint32_t)((roc_difference << 16) | rdbx->index & 0xFFFF);
+        external_pkt_idx_reduced = (uint32_t)(seq);
+
+        if (internal_pkt_idx_reduced - external_pkt_idx_reduced >
+            seq_num_median) {
+            *delta = 0;
+            return srtp_err_status_pkt_idx_old;
+        }
+#else
+        if (rdbx->index - *est > seq_num_median) {
+            *delta = 0;
+            return srtp_err_status_pkt_idx_old;
+        }
+#endif
+    }
+
+    return srtp_err_status_ok;
+}
+
+static srtp_err_status_t srtp_get_est_pkt_index(srtp_hdr_t *hdr,
+                                                srtp_stream_ctx_t *stream,
+                                                srtp_xtd_seq_num_t *est,
+                                                int *delta)
+{
+    srtp_err_status_t result = srtp_err_status_ok;
+
+    if (stream->pending_roc) {
+        result = srtp_estimate_index(&stream->rtp_rdbx, stream->pending_roc,
+                                     est, ntohs(hdr->seq), delta);
+    } else {
+        /* estimate packet index from seq. num. in header */
+        *delta =
+            srtp_rdbx_estimate_index(&stream->rtp_rdbx, est, ntohs(hdr->seq));
+    }
+
+#ifdef NO_64BIT_MATH
+    debug_print2(mod_srtp, "estimated u_packet index: %08x%08x", high32(*est),
+                 low32(*est));
+#else
+    debug_print(mod_srtp, "estimated u_packet index: %016" PRIx64, *est);
+#endif
+    return result;
+}
+
+/*
+ * This function handles outgoing SRTP packets while in AEAD mode,
+ * which currently supports AES-GCM encryption.  All packets are
+ * encrypted and authenticated.
+ */
+static srtp_err_status_t srtp_protect_aead(srtp_ctx_t *ctx,
+                                           srtp_stream_ctx_t *stream,
+                                           void *rtp_hdr,
+                                           unsigned int *pkt_octet_len,
+                                           srtp_session_keys_t *session_keys,
+                                           unsigned int use_mki)
+{
+    srtp_hdr_t *hdr = (srtp_hdr_t *)rtp_hdr;
+    uint32_t *enc_start;    /* pointer to start of encrypted portion  */
+    int enc_octet_len = 0;  /* number of octets in encrypted portion  */
+    srtp_xtd_seq_num_t est; /* estimated xtd_seq_num_t of *hdr        */
+    int delta;              /* delta of local pkt idx and that in hdr */
+    srtp_err_status_t status;
+    uint32_t tag_len;
+    v128_t iv;
+    unsigned int aad_len;
+    srtp_hdr_xtnd_t *xtn_hdr = NULL;
+    unsigned int mki_size = 0;
+    uint8_t *mki_location = NULL;
+
+    debug_print0(mod_srtp, "function srtp_protect_aead");
+
+    /*
+     * update the key usage limit, and check it to make sure that we
+     * didn't just hit either the soft limit or the hard limit, and call
+     * the event handler if we hit either.
+     */
+    switch (srtp_key_limit_update(session_keys->limit)) {
+    case srtp_key_event_normal:
+        break;
+    case srtp_key_event_hard_limit:
+        srtp_handle_event(ctx, stream, event_key_hard_limit);
+        return srtp_err_status_key_expired;
+    case srtp_key_event_soft_limit:
+    default:
+        srtp_handle_event(ctx, stream, event_key_soft_limit);
+        break;
+    }
+
+    /* get tag length from stream */
+    tag_len = srtp_auth_get_tag_length(session_keys->rtp_auth);
+
+    /*
+     * find starting point for encryption and length of data to be
+     * encrypted - the encrypted portion starts after the rtp header
+     * extension, if present; otherwise, it starts after the last csrc,
+     * if any are present
+     */
+    enc_start = (uint32_t *)hdr + uint32s_in_rtp_header + hdr->cc;
+    if (hdr->x == 1) {
+        xtn_hdr = (srtp_hdr_xtnd_t *)enc_start;
+        enc_start += (ntohs(xtn_hdr->length) + 1);
+    }
+    /* note: the passed size is without the auth tag */
+    if (!((uint8_t *)enc_start <= (uint8_t *)hdr + *pkt_octet_len))
+        return srtp_err_status_parse_err;
+    enc_octet_len =
+        (int)(*pkt_octet_len - ((uint8_t *)enc_start - (uint8_t *)hdr));
+    if (enc_octet_len < 0)
+        return srtp_err_status_parse_err;
+
+    /*
+     * estimate the packet index using the start of the replay window
+     * and the sequence number from the header
+     */
+    delta = srtp_rdbx_estimate_index(&stream->rtp_rdbx, &est, ntohs(hdr->seq));
+    status = srtp_rdbx_check(&stream->rtp_rdbx, delta);
+    if (status) {
+        if (status != srtp_err_status_replay_fail || !stream->allow_repeat_tx) {
+            return status; /* we've been asked to reuse an index */
+        }
+    } else {
+        srtp_rdbx_add_index(&stream->rtp_rdbx, delta);
+    }
+
+#ifdef NO_64BIT_MATH
+    debug_print2(mod_srtp, "estimated packet index: %08x%08x", high32(est),
+                 low32(est));
+#else
+    debug_print(mod_srtp, "estimated packet index: %016" PRIx64, est);
+#endif
+
+    /*
+     * AEAD uses a new IV formation method
+     */
+    srtp_calc_aead_iv(session_keys, &iv, &est, hdr);
+/* shift est, put into network byte order */
+#ifdef NO_64BIT_MATH
+    est = be64_to_cpu(
+        make64((high32(est) << 16) | (low32(est) >> 16), low32(est) << 16));
+#else
+    est = be64_to_cpu(est << 16);
+#endif
+
+    status = srtp_cipher_set_iv(session_keys->rtp_cipher, (uint8_t *)&iv,
+                                srtp_direction_encrypt);
+    if (!status && session_keys->rtp_xtn_hdr_cipher) {
+        iv.v32[0] = 0;
+        iv.v32[1] = hdr->ssrc;
+        iv.v64[1] = est;
+        status = srtp_cipher_set_iv(session_keys->rtp_xtn_hdr_cipher,
+                                    (uint8_t *)&iv, srtp_direction_encrypt);
+    }
+    if (status) {
+        return srtp_err_status_cipher_fail;
+    }
+
+    if (xtn_hdr && session_keys->rtp_xtn_hdr_cipher) {
+        /*
+         * extensions header encryption RFC 6904
+         */
+        status = srtp_process_header_encryption(stream, xtn_hdr, session_keys);
+        if (status) {
+            return status;
+        }
+    }
+
+    /*
+     * Set the AAD over the RTP header
+     */
+    aad_len = (uint8_t *)enc_start - (uint8_t *)hdr;
+    status =
+        srtp_cipher_set_aad(session_keys->rtp_cipher, (uint8_t *)hdr, aad_len);
+    if (status) {
+        return (srtp_err_status_cipher_fail);
+    }
+
+    /* Encrypt the payload  */
+    status = srtp_cipher_encrypt(session_keys->rtp_cipher, (uint8_t *)enc_start,
+                                 (unsigned int *)&enc_octet_len);
+    if (status) {
+        return srtp_err_status_cipher_fail;
+    }
+    /*
+     * If we're doing GCM, we need to get the tag
+     * and append that to the output
+     */
+    status =
+        srtp_cipher_get_tag(session_keys->rtp_cipher,
+                            (uint8_t *)enc_start + enc_octet_len, &tag_len);
+    if (status) {
+        return (srtp_err_status_cipher_fail);
+    }
+
+    mki_location = (uint8_t *)hdr + *pkt_octet_len + tag_len;
+    mki_size = srtp_inject_mki(mki_location, session_keys, use_mki);
+
+    /* increase the packet length by the length of the auth tag */
+    *pkt_octet_len += tag_len;
+
+    /* increase the packet length by the length of the mki_size */
+    *pkt_octet_len += mki_size;
+
+    return srtp_err_status_ok;
+}
+
+/*
+ * This function handles incoming SRTP packets while in AEAD mode,
+ * which currently supports AES-GCM encryption.  All packets are
+ * encrypted and authenticated.  Note, the auth tag is at the end
+ * of the packet stream and is automatically checked by GCM
+ * when decrypting the payload.
+ */
+static srtp_err_status_t srtp_unprotect_aead(srtp_ctx_t *ctx,
+                                             srtp_stream_ctx_t *stream,
+                                             int delta,
+                                             srtp_xtd_seq_num_t est,
+                                             void *srtp_hdr,
+                                             unsigned int *pkt_octet_len,
+                                             srtp_session_keys_t *session_keys,
+                                             unsigned int mki_size)
+{
+    srtp_hdr_t *hdr = (srtp_hdr_t *)srtp_hdr;
+    uint32_t *enc_start;            /* pointer to start of encrypted portion  */
+    unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */
+    v128_t iv;
+    srtp_err_status_t status;
+    int tag_len;
+    unsigned int aad_len;
+    srtp_hdr_xtnd_t *xtn_hdr = NULL;
+
+    debug_print0(mod_srtp, "function srtp_unprotect_aead");
+
+#ifdef NO_64BIT_MATH
+    debug_print2(mod_srtp, "estimated u_packet index: %08x%08x", high32(est),
+                 low32(est));
+#else
+    debug_print(mod_srtp, "estimated u_packet index: %016" PRIx64, est);
+#endif
+
+    /* get tag length from stream */
+    tag_len = srtp_auth_get_tag_length(session_keys->rtp_auth);
+
+    /*
+     * AEAD uses a new IV formation method
+     */
+    srtp_calc_aead_iv(session_keys, &iv, &est, hdr);
+    status = srtp_cipher_set_iv(session_keys->rtp_cipher, (uint8_t *)&iv,
+                                srtp_direction_decrypt);
+    if (!status && session_keys->rtp_xtn_hdr_cipher) {
+        iv.v32[0] = 0;
+        iv.v32[1] = hdr->ssrc;
+#ifdef NO_64BIT_MATH
+        iv.v64[1] = be64_to_cpu(
+            make64((high32(est) << 16) | (low32(est) >> 16), low32(est) << 16));
+#else
+        iv.v64[1] = be64_to_cpu(est << 16);
+#endif
+        status = srtp_cipher_set_iv(session_keys->rtp_xtn_hdr_cipher,
+                                    (uint8_t *)&iv, srtp_direction_encrypt);
+    }
+    if (status) {
+        return srtp_err_status_cipher_fail;
+    }
+
+    /*
+     * find starting point for decryption and length of data to be
+     * decrypted - the encrypted portion starts after the rtp header
+     * extension, if present; otherwise, it starts after the last csrc,
+     * if any are present
+     */
+    enc_start = (uint32_t *)hdr + uint32s_in_rtp_header + hdr->cc;
+    if (hdr->x == 1) {
+        xtn_hdr = (srtp_hdr_xtnd_t *)enc_start;
+        enc_start += (ntohs(xtn_hdr->length) + 1);
+    }
+    if (!((uint8_t *)enc_start <=
+          (uint8_t *)hdr + (*pkt_octet_len - tag_len - mki_size)))
+        return srtp_err_status_parse_err;
+    /*
+     * We pass the tag down to the cipher when doing GCM mode
+     */
+    enc_octet_len = (unsigned int)(*pkt_octet_len - mki_size -
+                                   ((uint8_t *)enc_start - (uint8_t *)hdr));
+
+    /*
+     * Sanity check the encrypted payload length against
+     * the tag size.  It must always be at least as large
+     * as the tag length.
+     */
+    if (enc_octet_len < (unsigned int)tag_len) {
+        return srtp_err_status_cipher_fail;
+    }
+
+    /*
+     * update the key usage limit, and check it to make sure that we
+     * didn't just hit either the soft limit or the hard limit, and call
+     * the event handler if we hit either.
+     */
+    switch (srtp_key_limit_update(session_keys->limit)) {
+    case srtp_key_event_normal:
+        break;
+    case srtp_key_event_soft_limit:
+        srtp_handle_event(ctx, stream, event_key_soft_limit);
+        break;
+    case srtp_key_event_hard_limit:
+        srtp_handle_event(ctx, stream, event_key_hard_limit);
+        return srtp_err_status_key_expired;
+    default:
+        break;
+    }
+
+    /*
+     * Set the AAD for AES-GCM, which is the RTP header
+     */
+    aad_len = (uint8_t *)enc_start - (uint8_t *)hdr;
+    status =
+        srtp_cipher_set_aad(session_keys->rtp_cipher, (uint8_t *)hdr, aad_len);
+    if (status) {
+        return (srtp_err_status_cipher_fail);
+    }
+
+    /* Decrypt the ciphertext.  This also checks the auth tag based
+     * on the AAD we just specified above */
+    status = srtp_cipher_decrypt(session_keys->rtp_cipher, (uint8_t *)enc_start,
+                                 &enc_octet_len);
+    if (status) {
+        return status;
+    }
+
+    if (xtn_hdr && session_keys->rtp_xtn_hdr_cipher) {
+        /*
+         * extensions header encryption RFC 6904
+         */
+        status = srtp_process_header_encryption(stream, xtn_hdr, session_keys);
+        if (status) {
+            return status;
+        }
+    }
+
+    /*
+     * verify that stream is for received traffic - this check will
+     * detect SSRC collisions, since a stream that appears in both
+     * srtp_protect() and srtp_unprotect() will fail this test in one of
+     * those functions.
+     *
+     * we do this check *after* the authentication check, so that the
+     * latter check will catch any attempts to fool us into thinking
+     * that we've got a collision
+     */
+    if (stream->direction != dir_srtp_receiver) {
+        if (stream->direction == dir_unknown) {
+            stream->direction = dir_srtp_receiver;
+        } else {
+            srtp_handle_event(ctx, stream, event_ssrc_collision);
+        }
+    }
+
+    /*
+     * if the stream is a 'provisional' one, in which the template context
+     * is used, then we need to allocate a new stream at this point, since
+     * the authentication passed
+     */
+    if (stream == ctx->stream_template) {
+        srtp_stream_ctx_t *new_stream;
+
+        /*
+         * allocate and initialize a new stream
+         *
+         * note that we indicate failure if we can't allocate the new
+         * stream, and some implementations will want to not return
+         * failure here
+         */
+        status =
+            srtp_stream_clone(ctx->stream_template, hdr->ssrc, &new_stream);
+        if (status) {
+            return status;
+        }
+
+        /* add new stream to the head of the stream_list */
+        new_stream->next = ctx->stream_list;
+        ctx->stream_list = new_stream;
+
+        /* set stream (the pointer used in this function) */
+        stream = new_stream;
+    }
+
+    /*
+     * the message authentication function passed, so add the packet
+     * index into the replay database
+     */
+    srtp_rdbx_add_index(&stream->rtp_rdbx, delta);
+
+    /* decrease the packet length by the length of the auth tag */
+    *pkt_octet_len -= tag_len;
+
+    /* decrease the packet length by the length of the mki_size */
+    *pkt_octet_len -= mki_size;
+
+    return srtp_err_status_ok;
+}
+
+srtp_err_status_t srtp_protect(srtp_ctx_t *ctx,
+                               void *rtp_hdr,
+                               int *pkt_octet_len)
+{
+    return srtp_protect_mki(ctx, rtp_hdr, pkt_octet_len, 0, 0);
+}
+
+srtp_err_status_t srtp_protect_mki(srtp_ctx_t *ctx,
+                                   void *rtp_hdr,
+                                   int *pkt_octet_len,
+                                   unsigned int use_mki,
+                                   unsigned int mki_index)
+{
+    srtp_hdr_t *hdr = (srtp_hdr_t *)rtp_hdr;
+    uint32_t *enc_start;      /* pointer to start of encrypted portion  */
+    uint32_t *auth_start;     /* pointer to start of auth. portion      */
+    int enc_octet_len = 0;    /* number of octets in encrypted portion  */
+    srtp_xtd_seq_num_t est;   /* estimated xtd_seq_num_t of *hdr        */
+    int delta;                /* delta of local pkt idx and that in hdr */
+    uint8_t *auth_tag = NULL; /* location of auth_tag within packet     */
+    srtp_err_status_t status;
+    int tag_len;
+    srtp_stream_ctx_t *stream;
+    uint32_t prefix_len;
+    srtp_hdr_xtnd_t *xtn_hdr = NULL;
+    unsigned int mki_size = 0;
+    srtp_session_keys_t *session_keys = NULL;
+    uint8_t *mki_location = NULL;
+    int advance_packet_index = 0;
+
+    debug_print0(mod_srtp, "function srtp_protect");
+
+    /* we assume the hdr is 32-bit aligned to start */
+
+    /* Verify RTP header */
+    status = srtp_validate_rtp_header(rtp_hdr, pkt_octet_len);
+    if (status)
+        return status;
+
+    /* check the packet length - it must at least contain a full header */
+    if (*pkt_octet_len < octets_in_rtp_header)
+        return srtp_err_status_bad_param;
+
+    /*
+     * look up ssrc in srtp_stream list, and process the packet with
+     * the appropriate stream.  if we haven't seen this stream before,
+     * there's a template key for this srtp_session, and the cipher
+     * supports key-sharing, then we assume that a new stream using
+     * that key has just started up
+     */
+    stream = srtp_get_stream(ctx, hdr->ssrc);
+    if (stream == NULL) {
+        if (ctx->stream_template != NULL) {
+            srtp_stream_ctx_t *new_stream;
+
+            /* allocate and initialize a new stream */
+            status =
+                srtp_stream_clone(ctx->stream_template, hdr->ssrc, &new_stream);
+            if (status)
+                return status;
+
+            /* add new stream to the head of the stream_list */
+            new_stream->next = ctx->stream_list;
+            ctx->stream_list = new_stream;
+
+            /* set direction to outbound */
+            new_stream->direction = dir_srtp_sender;
+
+            /* set stream (the pointer used in this function) */
+            stream = new_stream;
+        } else {
+            /* no template stream, so we return an error */
+            return srtp_err_status_no_ctx;
+        }
+    }
+
+    /*
+     * verify that stream is for sending traffic - this check will
+     * detect SSRC collisions, since a stream that appears in both
+     * srtp_protect() and srtp_unprotect() will fail this test in one of
+     * those functions.
+     */
+
+    if (stream->direction != dir_srtp_sender) {
+        if (stream->direction == dir_unknown) {
+            stream->direction = dir_srtp_sender;
+        } else {
+            srtp_handle_event(ctx, stream, event_ssrc_collision);
+        }
+    }
+
+    session_keys =
+        srtp_get_session_keys_with_mki_index(stream, use_mki, mki_index);
+
+    if (session_keys == NULL)
+        return srtp_err_status_bad_mki;
+
+    /*
+     * Check if this is an AEAD stream (GCM mode).  If so, then dispatch
+     * the request to our AEAD handler.
+     */
+    if (session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_128 ||
+        session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_256) {
+        return srtp_protect_aead(ctx, stream, rtp_hdr,
+                                 (unsigned int *)pkt_octet_len, session_keys,
+                                 use_mki);
+    }
+
+    /*
+     * update the key usage limit, and check it to make sure that we
+     * didn't just hit either the soft limit or the hard limit, and call
+     * the event handler if we hit either.
+     */
+    switch (srtp_key_limit_update(session_keys->limit)) {
+    case srtp_key_event_normal:
+        break;
+    case srtp_key_event_soft_limit:
+        srtp_handle_event(ctx, stream, event_key_soft_limit);
+        break;
+    case srtp_key_event_hard_limit:
+        srtp_handle_event(ctx, stream, event_key_hard_limit);
+        return srtp_err_status_key_expired;
+    default:
+        break;
+    }
+
+    /* get tag length from stream */
+    tag_len = srtp_auth_get_tag_length(session_keys->rtp_auth);
+
+    /*
+     * find starting point for encryption and length of data to be
+     * encrypted - the encrypted portion starts after the rtp header
+     * extension, if present; otherwise, it starts after the last csrc,
+     * if any are present
+     *
+     * if we're not providing confidentiality, set enc_start to NULL
+     */
+    if (stream->rtp_services & sec_serv_conf) {
+        enc_start = (uint32_t *)hdr + uint32s_in_rtp_header + hdr->cc;
+        if (hdr->x == 1) {
+            xtn_hdr = (srtp_hdr_xtnd_t *)enc_start;
+            enc_start += (ntohs(xtn_hdr->length) + 1);
+        }
+        /* note: the passed size is without the auth tag */
+        if (!((uint8_t *)enc_start <= (uint8_t *)hdr + *pkt_octet_len))
+            return srtp_err_status_parse_err;
+        enc_octet_len =
+            (int)(*pkt_octet_len - ((uint8_t *)enc_start - (uint8_t *)hdr));
+        if (enc_octet_len < 0)
+            return srtp_err_status_parse_err;
+    } else {
+        enc_start = NULL;
+    }
+
+    mki_location = (uint8_t *)hdr + *pkt_octet_len;
+    mki_size = srtp_inject_mki(mki_location, session_keys, use_mki);
+
+    /*
+     * if we're providing authentication, set the auth_start and auth_tag
+     * pointers to the proper locations; otherwise, set auth_start to NULL
+     * to indicate that no authentication is needed
+     */
+    if (stream->rtp_services & sec_serv_auth) {
+        auth_start = (uint32_t *)hdr;
+        auth_tag = (uint8_t *)hdr + *pkt_octet_len + mki_size;
+    } else {
+        auth_start = NULL;
+        auth_tag = NULL;
+    }
+
+    /*
+     * estimate the packet index using the start of the replay window
+     * and the sequence number from the header
+     */
+    status = srtp_get_est_pkt_index(hdr, stream, &est, &delta);
+
+    if (status && (status != srtp_err_status_pkt_idx_adv))
+        return status;
+
+    if (status == srtp_err_status_pkt_idx_adv)
+        advance_packet_index = 1;
+
+    if (advance_packet_index) {
+        srtp_rdbx_set_roc_seq(&stream->rtp_rdbx, (uint32_t)(est >> 16),
+                              (uint16_t)(est & 0xFFFF));
+        stream->pending_roc = 0;
+        srtp_rdbx_add_index(&stream->rtp_rdbx, 0);
+    } else {
+        status = srtp_rdbx_check(&stream->rtp_rdbx, delta);
+        if (status) {
+            if (status != srtp_err_status_replay_fail ||
+                !stream->allow_repeat_tx)
+                return status; /* we've been asked to reuse an index */
+        }
+        srtp_rdbx_add_index(&stream->rtp_rdbx, delta);
+    }
+
+#ifdef NO_64BIT_MATH
+    debug_print2(mod_srtp, "estimated packet index: %08x%08x", high32(est),
+                 low32(est));
+#else
+    debug_print(mod_srtp, "estimated packet index: %016" PRIx64, est);
+#endif
+
+    /*
+     * if we're using rindael counter mode, set nonce and seq
+     */
+    if (session_keys->rtp_cipher->type->id == SRTP_AES_ICM_128 ||
+        session_keys->rtp_cipher->type->id == SRTP_AES_ICM_192 ||
+        session_keys->rtp_cipher->type->id == SRTP_AES_ICM_256) {
+        v128_t iv;
+
+        iv.v32[0] = 0;
+        iv.v32[1] = hdr->ssrc;
+#ifdef NO_64BIT_MATH
+        iv.v64[1] = be64_to_cpu(
+            make64((high32(est) << 16) | (low32(est) >> 16), low32(est) << 16));
+#else
+        iv.v64[1] = be64_to_cpu(est << 16);
+#endif
+        status = srtp_cipher_set_iv(session_keys->rtp_cipher, (uint8_t *)&iv,
+                                    srtp_direction_encrypt);
+        if (!status && session_keys->rtp_xtn_hdr_cipher) {
+            status = srtp_cipher_set_iv(session_keys->rtp_xtn_hdr_cipher,
+                                        (uint8_t *)&iv, srtp_direction_encrypt);
+        }
+    } else {
+        v128_t iv;
+
+/* otherwise, set the index to est */
+#ifdef NO_64BIT_MATH
+        iv.v32[0] = 0;
+        iv.v32[1] = 0;
+#else
+        iv.v64[0] = 0;
+#endif
+        iv.v64[1] = be64_to_cpu(est);
+        status = srtp_cipher_set_iv(session_keys->rtp_cipher, (uint8_t *)&iv,
+                                    srtp_direction_encrypt);
+        if (!status && session_keys->rtp_xtn_hdr_cipher) {
+            status = srtp_cipher_set_iv(session_keys->rtp_xtn_hdr_cipher,
+                                        (uint8_t *)&iv, srtp_direction_encrypt);
+        }
+    }
+    if (status)
+        return srtp_err_status_cipher_fail;
+
+/* shift est, put into network byte order */
+#ifdef NO_64BIT_MATH
+    est = be64_to_cpu(
+        make64((high32(est) << 16) | (low32(est) >> 16), low32(est) << 16));
+#else
+    est = be64_to_cpu(est << 16);
+#endif
+
+    /*
+     * if we're authenticating using a universal hash, put the keystream
+     * prefix into the authentication tag
+     */
+    if (auth_start) {
+        prefix_len = srtp_auth_get_prefix_length(session_keys->rtp_auth);
+        if (prefix_len) {
+            status = srtp_cipher_output(session_keys->rtp_cipher, auth_tag,
+                                        &prefix_len);
+            if (status)
+                return srtp_err_status_cipher_fail;
+            debug_print(mod_srtp, "keystream prefix: %s",
+                        srtp_octet_string_hex_string(auth_tag, prefix_len));
+        }
+    }
+
+    if (xtn_hdr && session_keys->rtp_xtn_hdr_cipher) {
+        /*
+         * extensions header encryption RFC 6904
+         */
+        status = srtp_process_header_encryption(stream, xtn_hdr, session_keys);
+        if (status) {
+            return status;
+        }
+    }
+
+    /* if we're encrypting, exor keystream into the message */
+    if (enc_start) {
+        status =
+            srtp_cipher_encrypt(session_keys->rtp_cipher, (uint8_t *)enc_start,
+                                (unsigned int *)&enc_octet_len);
+        if (status)
+            return srtp_err_status_cipher_fail;
+    }
+
+    /*
+     *  if we're authenticating, run authentication function and put result
+     *  into the auth_tag
+     */
+    if (auth_start) {
+        /* initialize auth func context */
+        status = srtp_auth_start(session_keys->rtp_auth);
+        if (status)
+            return status;
+
+        /* run auth func over packet */
+        status = srtp_auth_update(session_keys->rtp_auth, (uint8_t *)auth_start,
+                                  *pkt_octet_len);
+        if (status)
+            return status;
+
+        /* run auth func over ROC, put result into auth_tag */
+        debug_print(mod_srtp, "estimated packet index: %016" PRIx64, est);
+        status = srtp_auth_compute(session_keys->rtp_auth, (uint8_t *)&est, 4,
+                                   auth_tag);
+        debug_print(mod_srtp, "srtp auth tag:    %s",
+                    srtp_octet_string_hex_string(auth_tag, tag_len));
+        if (status)
+            return srtp_err_status_auth_fail;
+    }
+
+    if (auth_tag) {
+        /* increase the packet length by the length of the auth tag */
+        *pkt_octet_len += tag_len;
+    }
+
+    if (use_mki) {
+        /* increate the packet length by the mki size */
+        *pkt_octet_len += mki_size;
+    }
+
+    return srtp_err_status_ok;
+}
+
+srtp_err_status_t srtp_unprotect(srtp_ctx_t *ctx,
+                                 void *srtp_hdr,
+                                 int *pkt_octet_len)
+{
+    return srtp_unprotect_mki(ctx, srtp_hdr, pkt_octet_len, 0);
+}
+
+srtp_err_status_t srtp_unprotect_mki(srtp_ctx_t *ctx,
+                                     void *srtp_hdr,
+                                     int *pkt_octet_len,
+                                     unsigned int use_mki)
+{
+    srtp_hdr_t *hdr = (srtp_hdr_t *)srtp_hdr;
+    uint32_t *enc_start;            /* pointer to start of encrypted portion  */
+    uint32_t *auth_start;           /* pointer to start of auth. portion      */
+    unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */
+    uint8_t *auth_tag = NULL;       /* location of auth_tag within packet     */
+    srtp_xtd_seq_num_t est;         /* estimated xtd_seq_num_t of *hdr        */
+    int delta;                      /* delta of local pkt idx and that in hdr */
+    v128_t iv;
+    srtp_err_status_t status;
+    srtp_stream_ctx_t *stream;
+    uint8_t tmp_tag[SRTP_MAX_TAG_LEN];
+    uint32_t tag_len, prefix_len;
+    srtp_hdr_xtnd_t *xtn_hdr = NULL;
+    unsigned int mki_size = 0;
+    srtp_session_keys_t *session_keys = NULL;
+    int advance_packet_index = 0;
+    uint32_t roc_to_set = 0;
+    uint16_t seq_to_set = 0;
+
+    debug_print0(mod_srtp, "function srtp_unprotect");
+
+    /* we assume the hdr is 32-bit aligned to start */
+
+    /* Verify RTP header */
+    status = srtp_validate_rtp_header(srtp_hdr, pkt_octet_len);
+    if (status)
+        return status;
+
+    /* check the packet length - it must at least contain a full header */
+    if (*pkt_octet_len < octets_in_rtp_header)
+        return srtp_err_status_bad_param;
+
+    /*
+     * look up ssrc in srtp_stream list, and process the packet with
+     * the appropriate stream.  if we haven't seen this stream before,
+     * there's only one key for this srtp_session, and the cipher
+     * supports key-sharing, then we assume that a new stream using
+     * that key has just started up
+     */
+    stream = srtp_get_stream(ctx, hdr->ssrc);
+    if (stream == NULL) {
+        if (ctx->stream_template != NULL) {
+            stream = ctx->stream_template;
+            debug_print(mod_srtp, "using provisional stream (SSRC: 0x%08x)",
+                        ntohl(hdr->ssrc));
+
+/*
+ * set estimated packet index to sequence number from header,
+ * and set delta equal to the same value
+ */
+#ifdef NO_64BIT_MATH
+            est = (srtp_xtd_seq_num_t)make64(0, ntohs(hdr->seq));
+            delta = low32(est);
+#else
+            est = (srtp_xtd_seq_num_t)ntohs(hdr->seq);
+            delta = (int)est;
+#endif
+        } else {
+            /*
+             * no stream corresponding to SSRC found, and we don't do
+             * key-sharing, so return an error
+             */
+            return srtp_err_status_no_ctx;
+        }
+    } else {
+        status = srtp_get_est_pkt_index(hdr, stream, &est, &delta);
+
+        if (status && (status != srtp_err_status_pkt_idx_adv))
+            return status;
+
+        if (status == srtp_err_status_pkt_idx_adv) {
+            advance_packet_index = 1;
+            roc_to_set = (uint32_t)(est >> 16);
+            seq_to_set = (uint16_t)(est & 0xFFFF);
+        }
+
+        /* check replay database */
+        if (!advance_packet_index) {
+            status = srtp_rdbx_check(&stream->rtp_rdbx, delta);
+            if (status)
+                return status;
+        }
+    }
+
+#ifdef NO_64BIT_MATH
+    debug_print2(mod_srtp, "estimated u_packet index: %08x%08x", high32(est),
+                 low32(est));
+#else
+    debug_print(mod_srtp, "estimated u_packet index: %016" PRIx64, est);
+#endif
+
+    /* Determine if MKI is being used and what session keys should be used */
+    if (use_mki) {
+        session_keys = srtp_get_session_keys(
+            stream, (uint8_t *)hdr, (const unsigned int *)pkt_octet_len,
+            &mki_size);
+
+        if (session_keys == NULL)
+            return srtp_err_status_bad_mki;
+    } else {
+        session_keys = &stream->session_keys[0];
+    }
+
+    /*
+     * Check if this is an AEAD stream (GCM mode).  If so, then dispatch
+     * the request to our AEAD handler.
+     */
+    if (session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_128 ||
+        session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_256) {
+        return srtp_unprotect_aead(ctx, stream, delta, est, srtp_hdr,
+                                   (unsigned int *)pkt_octet_len, session_keys,
+                                   mki_size);
+    }
+
+    /* get tag length from stream */
+    tag_len = srtp_auth_get_tag_length(session_keys->rtp_auth);
+
+    /*
+     * set the cipher's IV properly, depending on whatever cipher we
+     * happen to be using
+     */
+    if (session_keys->rtp_cipher->type->id == SRTP_AES_ICM_128 ||
+        session_keys->rtp_cipher->type->id == SRTP_AES_ICM_192 ||
+        session_keys->rtp_cipher->type->id == SRTP_AES_ICM_256) {
+        /* aes counter mode */
+        iv.v32[0] = 0;
+        iv.v32[1] = hdr->ssrc; /* still in network order */
+#ifdef NO_64BIT_MATH
+        iv.v64[1] = be64_to_cpu(
+            make64((high32(est) << 16) | (low32(est) >> 16), low32(est) << 16));
+#else
+        iv.v64[1] = be64_to_cpu(est << 16);
+#endif
+        status = srtp_cipher_set_iv(session_keys->rtp_cipher, (uint8_t *)&iv,
+                                    srtp_direction_decrypt);
+        if (!status && session_keys->rtp_xtn_hdr_cipher) {
+            status = srtp_cipher_set_iv(session_keys->rtp_xtn_hdr_cipher,
+                                        (uint8_t *)&iv, srtp_direction_decrypt);
+        }
+    } else {
+/* no particular format - set the iv to the pakcet index */
+#ifdef NO_64BIT_MATH
+        iv.v32[0] = 0;
+        iv.v32[1] = 0;
+#else
+        iv.v64[0] = 0;
+#endif
+        iv.v64[1] = be64_to_cpu(est);
+        status = srtp_cipher_set_iv(session_keys->rtp_cipher, (uint8_t *)&iv,
+                                    srtp_direction_decrypt);
+        if (!status && session_keys->rtp_xtn_hdr_cipher) {
+            status = srtp_cipher_set_iv(session_keys->rtp_xtn_hdr_cipher,
+                                        (uint8_t *)&iv, srtp_direction_decrypt);
+        }
+    }
+    if (status)
+        return srtp_err_status_cipher_fail;
+
+/* shift est, put into network byte order */
+#ifdef NO_64BIT_MATH
+    est = be64_to_cpu(
+        make64((high32(est) << 16) | (low32(est) >> 16), low32(est) << 16));
+#else
+    est = be64_to_cpu(est << 16);
+#endif
+
+    /*
+     * find starting point for decryption and length of data to be
+     * decrypted - the encrypted portion starts after the rtp header
+     * extension, if present; otherwise, it starts after the last csrc,
+     * if any are present
+     *
+     * if we're not providing confidentiality, set enc_start to NULL
+     */
+    if (stream->rtp_services & sec_serv_conf) {
+        enc_start = (uint32_t *)hdr + uint32s_in_rtp_header + hdr->cc;
+        if (hdr->x == 1) {
+            xtn_hdr = (srtp_hdr_xtnd_t *)enc_start;
+            enc_start += (ntohs(xtn_hdr->length) + 1);
+        }
+        if (!((uint8_t *)enc_start <=
+              (uint8_t *)hdr + (*pkt_octet_len - tag_len - mki_size)))
+            return srtp_err_status_parse_err;
+        enc_octet_len = (uint32_t)(*pkt_octet_len - tag_len - mki_size -
+                                   ((uint8_t *)enc_start - (uint8_t *)hdr));
+    } else {
+        enc_start = NULL;
+    }
+
+    /*
+     * if we're providing authentication, set the auth_start and auth_tag
+     * pointers to the proper locations; otherwise, set auth_start to NULL
+     * to indicate that no authentication is needed
+     */
+    if (stream->rtp_services & sec_serv_auth) {
+        auth_start = (uint32_t *)hdr;
+        auth_tag = (uint8_t *)hdr + *pkt_octet_len - tag_len;
+    } else {
+        auth_start = NULL;
+        auth_tag = NULL;
+    }
+
+    /*
+     * if we expect message authentication, run the authentication
+     * function and compare the result with the value of the auth_tag
+     */
+    if (auth_start) {
+        /*
+         * if we're using a universal hash, then we need to compute the
+         * keystream prefix for encrypting the universal hash output
+         *
+         * if the keystream prefix length is zero, then we know that
+         * the authenticator isn't using a universal hash function
+         */
+        if (session_keys->rtp_auth->prefix_len != 0) {
+            prefix_len = srtp_auth_get_prefix_length(session_keys->rtp_auth);
+            status = srtp_cipher_output(session_keys->rtp_cipher, tmp_tag,
+                                        &prefix_len);
+            debug_print(mod_srtp, "keystream prefix: %s",
+                        srtp_octet_string_hex_string(tmp_tag, prefix_len));
+            if (status)
+                return srtp_err_status_cipher_fail;
+        }
+
+        /* initialize auth func context */
+        status = srtp_auth_start(session_keys->rtp_auth);
+        if (status)
+            return status;
+
+        /* now compute auth function over packet */
+        status = srtp_auth_update(session_keys->rtp_auth, (uint8_t *)auth_start,
+                                  *pkt_octet_len - tag_len - mki_size);
+
+        /* run auth func over ROC, then write tmp tag */
+        status = srtp_auth_compute(session_keys->rtp_auth, (uint8_t *)&est, 4,
+                                   tmp_tag);
+
+        debug_print(mod_srtp, "computed auth tag:    %s",
+                    srtp_octet_string_hex_string(tmp_tag, tag_len));
+        debug_print(mod_srtp, "packet auth tag:      %s",
+                    srtp_octet_string_hex_string(auth_tag, tag_len));
+        if (status)
+            return srtp_err_status_auth_fail;
+
+        if (srtp_octet_string_is_eq(tmp_tag, auth_tag, tag_len))
+            return srtp_err_status_auth_fail;
+    }
+
+    /*
+     * update the key usage limit, and check it to make sure that we
+     * didn't just hit either the soft limit or the hard limit, and call
+     * the event handler if we hit either.
+     */
+    switch (srtp_key_limit_update(session_keys->limit)) {
+    case srtp_key_event_normal:
+        break;
+    case srtp_key_event_soft_limit:
+        srtp_handle_event(ctx, stream, event_key_soft_limit);
+        break;
+    case srtp_key_event_hard_limit:
+        srtp_handle_event(ctx, stream, event_key_hard_limit);
+        return srtp_err_status_key_expired;
+    default:
+        break;
+    }
+
+    if (xtn_hdr && session_keys->rtp_xtn_hdr_cipher) {
+        /* extensions header encryption RFC 6904 */
+        status = srtp_process_header_encryption(stream, xtn_hdr, session_keys);
+        if (status) {
+            return status;
+        }
+    }
+
+    /* if we're decrypting, add keystream into ciphertext */
+    if (enc_start) {
+        status = srtp_cipher_decrypt(session_keys->rtp_cipher,
+                                     (uint8_t *)enc_start, &enc_octet_len);
+        if (status)
+            return srtp_err_status_cipher_fail;
+    }
+
+    /*
+     * verify that stream is for received traffic - this check will
+     * detect SSRC collisions, since a stream that appears in both
+     * srtp_protect() and srtp_unprotect() will fail this test in one of
+     * those functions.
+     *
+     * we do this check *after* the authentication check, so that the
+     * latter check will catch any attempts to fool us into thinking
+     * that we've got a collision
+     */
+    if (stream->direction != dir_srtp_receiver) {
+        if (stream->direction == dir_unknown) {
+            stream->direction = dir_srtp_receiver;
+        } else {
+            srtp_handle_event(ctx, stream, event_ssrc_collision);
+        }
+    }
+
+    /*
+     * if the stream is a 'provisional' one, in which the template context
+     * is used, then we need to allocate a new stream at this point, since
+     * the authentication passed
+     */
+    if (stream == ctx->stream_template) {
+        srtp_stream_ctx_t *new_stream;
+
+        /*
+         * allocate and initialize a new stream
+         *
+         * note that we indicate failure if we can't allocate the new
+         * stream, and some implementations will want to not return
+         * failure here
+         */
+        status =
+            srtp_stream_clone(ctx->stream_template, hdr->ssrc, &new_stream);
+        if (status)
+            return status;
+
+        /* add new stream to the head of the stream_list */
+        new_stream->next = ctx->stream_list;
+        ctx->stream_list = new_stream;
+
+        /* set stream (the pointer used in this function) */
+        stream = new_stream;
+    }
+
+    /*
+     * the message authentication function passed, so add the packet
+     * index into the replay database
+     */
+    if (advance_packet_index) {
+        srtp_rdbx_set_roc_seq(&stream->rtp_rdbx, roc_to_set, seq_to_set);
+        stream->pending_roc = 0;
+        srtp_rdbx_add_index(&stream->rtp_rdbx, 0);
+    } else {
+        srtp_rdbx_add_index(&stream->rtp_rdbx, delta);
+    }
+
+    /* decrease the packet length by the length of the auth tag */
+    *pkt_octet_len -= tag_len;
+
+    /* decrease the packet length by the mki size */
+    *pkt_octet_len -= mki_size;
+
+    return srtp_err_status_ok;
+}
+
+srtp_err_status_t srtp_init()
+{
+    srtp_err_status_t status;
+
+    /* initialize crypto kernel */
+    status = srtp_crypto_kernel_init();
+    if (status)
+        return status;
+
+    /* load srtp debug module into the kernel */
+    status = srtp_crypto_kernel_load_debug_module(&mod_srtp);
+    if (status)
+        return status;
+
+    return srtp_err_status_ok;
+}
+
+srtp_err_status_t srtp_shutdown()
+{
+    srtp_err_status_t status;
+
+    /* shut down crypto kernel */
+    status = srtp_crypto_kernel_shutdown();
+    if (status)
+        return status;
+
+    /* shutting down crypto kernel frees the srtp debug module as well */
+
+    return srtp_err_status_ok;
+}
+
+/*
+ * The following code is under consideration for removal.  See
+ * SRTP_MAX_TRAILER_LEN
+ */
+#if 0
+
+/*
+ * srtp_get_trailer_length(&a) returns the number of octets that will
+ * be added to an RTP packet by the SRTP processing.  This value
+ * is constant for a given srtp_stream_t (i.e. between initializations).
+ */
+
+int
+srtp_get_trailer_length(const srtp_stream_t s) {
+  return srtp_auth_get_tag_length(s->rtp_auth);
+}
+
+#endif
+
+/*
+ * srtp_get_stream(ssrc) returns a pointer to the stream corresponding
+ * to ssrc, or NULL if no stream exists for that ssrc
+ *
+ * this is an internal function
+ */
+
+srtp_stream_ctx_t *srtp_get_stream(srtp_t srtp, uint32_t ssrc)
+{
+    srtp_stream_ctx_t *stream;
+
+    /* walk down list until ssrc is found */
+    stream = srtp->stream_list;
+    while (stream != NULL) {
+        if (stream->ssrc == ssrc)
+            return stream;
+        stream = stream->next;
+    }
+
+    /* we haven't found our ssrc, so return a null */
+    return NULL;
+}
+
+srtp_err_status_t srtp_dealloc(srtp_t session)
+{
+    srtp_stream_ctx_t *stream;
+    srtp_err_status_t status;
+
+    /*
+     * we take a conservative deallocation strategy - if we encounter an
+     * error deallocating a stream, then we stop trying to deallocate
+     * memory and just return an error
+     */
+
+    /* walk list of streams, deallocating as we go */
+    stream = session->stream_list;
+    while (stream != NULL) {
+        srtp_stream_t next = stream->next;
+        status = srtp_stream_dealloc(stream, session->stream_template);
+        if (status)
+            return status;
+        stream = next;
+    }
+
+    /* deallocate stream template, if there is one */
+    if (session->stream_template != NULL) {
+        status = srtp_stream_dealloc(session->stream_template, NULL);
+        if (status)
+            return status;
+    }
+
+    /* deallocate session context */
+    srtp_crypto_free(session);
+
+    return srtp_err_status_ok;
+}
+
+srtp_err_status_t srtp_add_stream(srtp_t session, const srtp_policy_t *policy)
+{
+    srtp_err_status_t status;
+    srtp_stream_t tmp;
+
+    /* sanity check arguments */
+    if ((session == NULL) || (policy == NULL) ||
+        (!srtp_validate_policy_master_keys(policy)))
+        return srtp_err_status_bad_param;
+
+    /* allocate stream  */
+    status = srtp_stream_alloc(&tmp, policy);
+    if (status) {
+        return status;
+    }
+
+    /* initialize stream  */
+    status = srtp_stream_init(tmp, policy);
+    if (status) {
+        srtp_stream_dealloc(tmp, NULL);
+        return status;
+    }
+
+    /*
+     * set the head of the stream list or the template to point to the
+     * stream that we've just alloced and init'ed, depending on whether
+     * or not it has a wildcard SSRC value or not
+     *
+     * if the template stream has already been set, then the policy is
+     * inconsistent, so we return a bad_param error code
+     */
+    switch (policy->ssrc.type) {
+    case (ssrc_any_outbound):
+        if (session->stream_template) {
+            srtp_stream_dealloc(tmp, NULL);
+            return srtp_err_status_bad_param;
+        }
+        session->stream_template = tmp;
+        session->stream_template->direction = dir_srtp_sender;
+        break;
+    case (ssrc_any_inbound):
+        if (session->stream_template) {
+            srtp_stream_dealloc(tmp, NULL);
+            return srtp_err_status_bad_param;
+        }
+        session->stream_template = tmp;
+        session->stream_template->direction = dir_srtp_receiver;
+        break;
+    case (ssrc_specific):
+        tmp->next = session->stream_list;
+        session->stream_list = tmp;
+        break;
+    case (ssrc_undefined):
+    default:
+        srtp_stream_dealloc(tmp, NULL);
+        return srtp_err_status_bad_param;
+    }
+
+    return srtp_err_status_ok;
+}
+
+srtp_err_status_t srtp_create(srtp_t *session, /* handle for session     */
+                              const srtp_policy_t *policy)
+{ /* SRTP policy (list)     */
+    srtp_err_status_t stat;
+    srtp_ctx_t *ctx;
+
+    /* sanity check arguments */
+    if (session == NULL)
+        return srtp_err_status_bad_param;
+
+    /* allocate srtp context and set ctx_ptr */
+    ctx = (srtp_ctx_t *)srtp_crypto_alloc(sizeof(srtp_ctx_t));
+    if (ctx == NULL)
+        return srtp_err_status_alloc_fail;
+    *session = ctx;
+
+    /*
+     * loop over elements in the policy list, allocating and
+     * initializing a stream for each element
+     */
+    ctx->stream_template = NULL;
+    ctx->stream_list = NULL;
+    ctx->user_data = NULL;
+    while (policy != NULL) {
+        stat = srtp_add_stream(ctx, policy);
+        if (stat) {
+            /* clean up everything */
+            srtp_dealloc(*session);
+            *session = NULL;
+            return stat;
+        }
+
+        /* set policy to next item in list  */
+        policy = policy->next;
+    }
+
+    return srtp_err_status_ok;
+}
+
+srtp_err_status_t srtp_remove_stream(srtp_t session, uint32_t ssrc)
+{
+    srtp_stream_ctx_t *stream, *last_stream;
+    srtp_err_status_t status;
+
+    /* sanity check arguments */
+    if (session == NULL)
+        return srtp_err_status_bad_param;
+
+    /* find stream in list; complain if not found */
+    last_stream = stream = session->stream_list;
+    while ((stream != NULL) && (ssrc != stream->ssrc)) {
+        last_stream = stream;
+        stream = stream->next;
+    }
+    if (stream == NULL)
+        return srtp_err_status_no_ctx;
+
+    /* remove stream from the list */
+    if (last_stream == stream)
+        /* stream was first in list */
+        session->stream_list = stream->next;
+    else
+        last_stream->next = stream->next;
+
+    /* deallocate the stream */
+    status = srtp_stream_dealloc(stream, session->stream_template);
+    if (status)
+        return status;
+
+    return srtp_err_status_ok;
+}
+
+srtp_err_status_t srtp_update(srtp_t session, const srtp_policy_t *policy)
+{
+    srtp_err_status_t stat;
+
+    /* sanity check arguments */
+    if ((session == NULL) || (policy == NULL) ||
+        (!srtp_validate_policy_master_keys(policy))) {
+        return srtp_err_status_bad_param;
+    }
+
+    while (policy != NULL) {
+        stat = srtp_update_stream(session, policy);
+        if (stat) {
+            return stat;
+        }
+
+        /* set policy to next item in list  */
+        policy = policy->next;
+    }
+    return srtp_err_status_ok;
+}
+
+static srtp_err_status_t update_template_streams(srtp_t session,
+                                                 const srtp_policy_t *policy)
+{
+    srtp_err_status_t status;
+    srtp_stream_t new_stream_template;
+    srtp_stream_t new_stream_list = NULL;
+
+    if (session->stream_template == NULL) {
+        return srtp_err_status_bad_param;
+    }
+
+    /* allocate new template stream  */
+    status = srtp_stream_alloc(&new_stream_template, policy);
+    if (status) {
+        return status;
+    }
+
+    /* initialize new template stream  */
+    status = srtp_stream_init(new_stream_template, policy);
+    if (status) {
+        srtp_crypto_free(new_stream_template);
+        return status;
+    }
+
+    /* for all old templated streams */
+    for (;;) {
+        srtp_stream_t stream;
+        uint32_t ssrc;
+        srtp_xtd_seq_num_t old_index;
+        srtp_rdb_t old_rtcp_rdb;
+
+        stream = session->stream_list;
+        while ((stream != NULL) &&
+               (stream->session_keys[0].rtp_auth !=
+                session->stream_template->session_keys[0].rtp_auth)) {
+            stream = stream->next;
+        }
+        if (stream == NULL) {
+            /* no more templated streams */
+            break;
+        }
+
+        /* save old extendard seq */
+        ssrc = stream->ssrc;
+        old_index = stream->rtp_rdbx.index;
+        old_rtcp_rdb = stream->rtcp_rdb;
+
+        /* remove stream */
+        status = srtp_remove_stream(session, ssrc);
+        if (status) {
+            /* free new allocations */
+            while (new_stream_list != NULL) {
+                srtp_stream_t next = new_stream_list->next;
+                srtp_stream_dealloc(new_stream_list, new_stream_template);
+                new_stream_list = next;
+            }
+            srtp_stream_dealloc(new_stream_template, NULL);
+            return status;
+        }
+
+        /* allocate and initialize a new stream */
+        status = srtp_stream_clone(new_stream_template, ssrc, &stream);
+        if (status) {
+            /* free new allocations */
+            while (new_stream_list != NULL) {
+                srtp_stream_t next = new_stream_list->next;
+                srtp_stream_dealloc(new_stream_list, new_stream_template);
+                new_stream_list = next;
+            }
+            srtp_stream_dealloc(new_stream_template, NULL);
+            return status;
+        }
+
+        /* add new stream to the head of the new_stream_list */
+        stream->next = new_stream_list;
+        new_stream_list = stream;
+
+        /* restore old extended seq */
+        stream->rtp_rdbx.index = old_index;
+        stream->rtcp_rdb = old_rtcp_rdb;
+    }
+    /* dealloc old template */
+    srtp_stream_dealloc(session->stream_template, NULL);
+    /* set new template */
+    session->stream_template = new_stream_template;
+    /* add new list */
+    if (new_stream_list) {
+        srtp_stream_t tail = new_stream_list;
+        while (tail->next) {
+            tail = tail->next;
+        }
+        tail->next = session->stream_list;
+        session->stream_list = new_stream_list;
+    }
+    return status;
+}
+
+static srtp_err_status_t update_stream(srtp_t session,
+                                       const srtp_policy_t *policy)
+{
+    srtp_err_status_t status;
+    srtp_xtd_seq_num_t old_index;
+    srtp_rdb_t old_rtcp_rdb;
+    srtp_stream_t stream;
+
+    stream = srtp_get_stream(session, htonl(policy->ssrc.value));
+    if (stream == NULL) {
+        return srtp_err_status_bad_param;
+    }
+
+    /* save old extendard seq */
+    old_index = stream->rtp_rdbx.index;
+    old_rtcp_rdb = stream->rtcp_rdb;
+
+    status = srtp_remove_stream(session, htonl(policy->ssrc.value));
+    if (status) {
+        return status;
+    }
+
+    status = srtp_add_stream(session, policy);
+    if (status) {
+        return status;
+    }
+
+    stream = srtp_get_stream(session, htonl(policy->ssrc.value));
+    if (stream == NULL) {
+        return srtp_err_status_fail;
+    }
+
+    /* restore old extended seq */
+    stream->rtp_rdbx.index = old_index;
+    stream->rtcp_rdb = old_rtcp_rdb;
+
+    return srtp_err_status_ok;
+}
+
+srtp_err_status_t srtp_update_stream(srtp_t session,
+                                     const srtp_policy_t *policy)
+{
+    srtp_err_status_t status;
+
+    /* sanity check arguments */
+    if ((session == NULL) || (policy == NULL) ||
+        (!srtp_validate_policy_master_keys(policy)))
+        return srtp_err_status_bad_param;
+
+    switch (policy->ssrc.type) {
+    case (ssrc_any_outbound):
+    case (ssrc_any_inbound):
+        status = update_template_streams(session, policy);
+        break;
+    case (ssrc_specific):
+        status = update_stream(session, policy);
+        break;
+    case (ssrc_undefined):
+    default:
+        return srtp_err_status_bad_param;
+    }
+
+    return status;
+}
+
+/*
+ * The default policy - provides a convenient way for callers to use
+ * the default security policy
+ *
+ * The default policy is defined in RFC 3711
+ * (Section 5. Default and mandatory-to-implement Transforms)
+ *
+ */
+
+/*
+ * NOTE: cipher_key_len is really key len (128 bits) plus salt len
+ *  (112 bits)
+ */
+/* There are hard-coded 16's for base_key_len in the key generation code */
+
+void srtp_crypto_policy_set_rtp_default(srtp_crypto_policy_t *p)
+{
+    p->cipher_type = SRTP_AES_ICM_128;
+    p->cipher_key_len =
+        SRTP_AES_ICM_128_KEY_LEN_WSALT; /* default 128 bits per RFC 3711 */
+    p->auth_type = SRTP_HMAC_SHA1;
+    p->auth_key_len = 20; /* default 160 bits per RFC 3711 */
+    p->auth_tag_len = 10; /* default 80 bits per RFC 3711 */
+    p->sec_serv = sec_serv_conf_and_auth;
+}
+
+void srtp_crypto_policy_set_rtcp_default(srtp_crypto_policy_t *p)
+{
+    p->cipher_type = SRTP_AES_ICM_128;
+    p->cipher_key_len =
+        SRTP_AES_ICM_128_KEY_LEN_WSALT; /* default 128 bits per RFC 3711 */
+    p->auth_type = SRTP_HMAC_SHA1;
+    p->auth_key_len = 20; /* default 160 bits per RFC 3711 */
+    p->auth_tag_len = 10; /* default 80 bits per RFC 3711 */
+    p->sec_serv = sec_serv_conf_and_auth;
+}
+
+void srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(srtp_crypto_policy_t *p)
+{
+    /*
+     * corresponds to RFC 4568
+     *
+     * note that this crypto policy is intended for SRTP, but not SRTCP
+     */
+
+    p->cipher_type = SRTP_AES_ICM_128;
+    p->cipher_key_len =
+        SRTP_AES_ICM_128_KEY_LEN_WSALT; /* 128 bit key, 112 bit salt */
+    p->auth_type = SRTP_HMAC_SHA1;
+    p->auth_key_len = 20; /* 160 bit key               */
+    p->auth_tag_len = 4;  /* 32 bit tag                */
+    p->sec_serv = sec_serv_conf_and_auth;
+}
+
+void srtp_crypto_policy_set_aes_cm_128_null_auth(srtp_crypto_policy_t *p)
+{
+    /*
+     * corresponds to RFC 4568
+     *
+     * note that this crypto policy is intended for SRTP, but not SRTCP
+     */
+
+    p->cipher_type = SRTP_AES_ICM_128;
+    p->cipher_key_len =
+        SRTP_AES_ICM_128_KEY_LEN_WSALT; /* 128 bit key, 112 bit salt */
+    p->auth_type = SRTP_NULL_AUTH;
+    p->auth_key_len = 0;
+    p->auth_tag_len = 0;
+    p->sec_serv = sec_serv_conf;
+}
+
+void srtp_crypto_policy_set_null_cipher_hmac_sha1_80(srtp_crypto_policy_t *p)
+{
+    /*
+     * corresponds to RFC 4568
+     */
+
+    p->cipher_type = SRTP_NULL_CIPHER;
+    p->cipher_key_len = 0;
+    p->auth_type = SRTP_HMAC_SHA1;
+    p->auth_key_len = 20;
+    p->auth_tag_len = 10;
+    p->sec_serv = sec_serv_auth;
+}
+
+void srtp_crypto_policy_set_null_cipher_hmac_null(srtp_crypto_policy_t *p)
+{
+    /*
+     * Should only be used for testing
+     */
+
+    p->cipher_type = SRTP_NULL_CIPHER;
+    p->cipher_key_len = 0;
+    p->auth_type = SRTP_NULL_AUTH;
+    p->auth_key_len = 0;
+    p->auth_tag_len = 0;
+    p->sec_serv = sec_serv_none;
+}
+
+void srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(srtp_crypto_policy_t *p)
+{
+    /*
+     * corresponds to RFC 6188
+     */
+
+    p->cipher_type = SRTP_AES_ICM_256;
+    p->cipher_key_len = SRTP_AES_ICM_256_KEY_LEN_WSALT;
+    p->auth_type = SRTP_HMAC_SHA1;
+    p->auth_key_len = 20; /* default 160 bits per RFC 3711 */
+    p->auth_tag_len = 10; /* default 80 bits per RFC 3711 */
+    p->sec_serv = sec_serv_conf_and_auth;
+}
+
+void srtp_crypto_policy_set_aes_cm_256_hmac_sha1_32(srtp_crypto_policy_t *p)
+{
+    /*
+     * corresponds to RFC 6188
+     *
+     * note that this crypto policy is intended for SRTP, but not SRTCP
+     */
+
+    p->cipher_type = SRTP_AES_ICM_256;
+    p->cipher_key_len = SRTP_AES_ICM_256_KEY_LEN_WSALT;
+    p->auth_type = SRTP_HMAC_SHA1;
+    p->auth_key_len = 20; /* default 160 bits per RFC 3711 */
+    p->auth_tag_len = 4;  /* default 80 bits per RFC 3711 */
+    p->sec_serv = sec_serv_conf_and_auth;
+}
+
+/*
+ * AES-256 with no authentication.
+ */
+void srtp_crypto_policy_set_aes_cm_256_null_auth(srtp_crypto_policy_t *p)
+{
+    p->cipher_type = SRTP_AES_ICM_256;
+    p->cipher_key_len = SRTP_AES_ICM_256_KEY_LEN_WSALT;
+    p->auth_type = SRTP_NULL_AUTH;
+    p->auth_key_len = 0;
+    p->auth_tag_len = 0;
+    p->sec_serv = sec_serv_conf;
+}
+
+void srtp_crypto_policy_set_aes_cm_192_hmac_sha1_80(srtp_crypto_policy_t *p)
+{
+    /*
+     * corresponds to RFC 6188
+     */
+
+    p->cipher_type = SRTP_AES_ICM_192;
+    p->cipher_key_len = SRTP_AES_ICM_192_KEY_LEN_WSALT;
+    p->auth_type = SRTP_HMAC_SHA1;
+    p->auth_key_len = 20; /* default 160 bits per RFC 3711 */
+    p->auth_tag_len = 10; /* default 80 bits per RFC 3711 */
+    p->sec_serv = sec_serv_conf_and_auth;
+}
+
+void srtp_crypto_policy_set_aes_cm_192_hmac_sha1_32(srtp_crypto_policy_t *p)
+{
+    /*
+     * corresponds to RFC 6188
+     *
+     * note that this crypto policy is intended for SRTP, but not SRTCP
+     */
+
+    p->cipher_type = SRTP_AES_ICM_192;
+    p->cipher_key_len = SRTP_AES_ICM_192_KEY_LEN_WSALT;
+    p->auth_type = SRTP_HMAC_SHA1;
+    p->auth_key_len = 20; /* default 160 bits per RFC 3711 */
+    p->auth_tag_len = 4;  /* default 80 bits per RFC 3711 */
+    p->sec_serv = sec_serv_conf_and_auth;
+}
+
+/*
+ * AES-192 with no authentication.
+ */
+void srtp_crypto_policy_set_aes_cm_192_null_auth(srtp_crypto_policy_t *p)
+{
+    p->cipher_type = SRTP_AES_ICM_192;
+    p->cipher_key_len = SRTP_AES_ICM_192_KEY_LEN_WSALT;
+    p->auth_type = SRTP_NULL_AUTH;
+    p->auth_key_len = 0;
+    p->auth_tag_len = 0;
+    p->sec_serv = sec_serv_conf;
+}
+
+/*
+ * AES-128 GCM mode with 8 octet auth tag.
+ */
+void srtp_crypto_policy_set_aes_gcm_128_8_auth(srtp_crypto_policy_t *p)
+{
+    p->cipher_type = SRTP_AES_GCM_128;
+    p->cipher_key_len = SRTP_AES_GCM_128_KEY_LEN_WSALT;
+    p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */
+    p->auth_key_len = 0;
+    p->auth_tag_len = 8; /* 8 octet tag length */
+    p->sec_serv = sec_serv_conf_and_auth;
+}
+
+/*
+ * AES-256 GCM mode with 8 octet auth tag.
+ */
+void srtp_crypto_policy_set_aes_gcm_256_8_auth(srtp_crypto_policy_t *p)
+{
+    p->cipher_type = SRTP_AES_GCM_256;
+    p->cipher_key_len = SRTP_AES_GCM_256_KEY_LEN_WSALT;
+    p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */
+    p->auth_key_len = 0;
+    p->auth_tag_len = 8; /* 8 octet tag length */
+    p->sec_serv = sec_serv_conf_and_auth;
+}
+
+/*
+ * AES-128 GCM mode with 8 octet auth tag, no RTCP encryption.
+ */
+void srtp_crypto_policy_set_aes_gcm_128_8_only_auth(srtp_crypto_policy_t *p)
+{
+    p->cipher_type = SRTP_AES_GCM_128;
+    p->cipher_key_len = SRTP_AES_GCM_128_KEY_LEN_WSALT;
+    p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */
+    p->auth_key_len = 0;
+    p->auth_tag_len = 8;         /* 8 octet tag length */
+    p->sec_serv = sec_serv_auth; /* This only applies to RTCP */
+}
+
+/*
+ * AES-256 GCM mode with 8 octet auth tag, no RTCP encryption.
+ */
+void srtp_crypto_policy_set_aes_gcm_256_8_only_auth(srtp_crypto_policy_t *p)
+{
+    p->cipher_type = SRTP_AES_GCM_256;
+    p->cipher_key_len = SRTP_AES_GCM_256_KEY_LEN_WSALT;
+    p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */
+    p->auth_key_len = 0;
+    p->auth_tag_len = 8;         /* 8 octet tag length */
+    p->sec_serv = sec_serv_auth; /* This only applies to RTCP */
+}
+
+/*
+ * AES-128 GCM mode with 16 octet auth tag.
+ */
+void srtp_crypto_policy_set_aes_gcm_128_16_auth(srtp_crypto_policy_t *p)
+{
+    p->cipher_type = SRTP_AES_GCM_128;
+    p->cipher_key_len = SRTP_AES_GCM_128_KEY_LEN_WSALT;
+    p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */
+    p->auth_key_len = 0;
+    p->auth_tag_len = 16; /* 16 octet tag length */
+    p->sec_serv = sec_serv_conf_and_auth;
+}
+
+/*
+ * AES-256 GCM mode with 16 octet auth tag.
+ */
+void srtp_crypto_policy_set_aes_gcm_256_16_auth(srtp_crypto_policy_t *p)
+{
+    p->cipher_type = SRTP_AES_GCM_256;
+    p->cipher_key_len = SRTP_AES_GCM_256_KEY_LEN_WSALT;
+    p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */
+    p->auth_key_len = 0;
+    p->auth_tag_len = 16; /* 16 octet tag length */
+    p->sec_serv = sec_serv_conf_and_auth;
+}
+
+/*
+ * secure rtcp functions
+ */
+
+/*
+ * AEAD uses a new IV formation method.  This function implements
+ * section 9.1 (SRTCP IV Formation for AES-GCM) from RFC7714.
+ * The calculation is defined as, where (+) is the xor operation:
+ *
+ *                0  1  2  3  4  5  6  7  8  9 10 11
+ *               +--+--+--+--+--+--+--+--+--+--+--+--+
+ *               |00|00|    SSRC   |00|00|0+SRTCP Idx|---+
+ *               +--+--+--+--+--+--+--+--+--+--+--+--+   |
+ *                                                       |
+ *               +--+--+--+--+--+--+--+--+--+--+--+--+   |
+ *               |         Encryption Salt           |->(+)
+ *               +--+--+--+--+--+--+--+--+--+--+--+--+   |
+ *                                                       |
+ *               +--+--+--+--+--+--+--+--+--+--+--+--+   |
+ *               |       Initialization Vector       |<--+
+ *               +--+--+--+--+--+--+--+--+--+--+--+--+*
+ *
+ * Input:  *session_keys - pointer to SRTP stream context session keys,
+ *                        used to retrieve the SALT
+ *         *iv           - Pointer to recieve the calculated IV
+ *         seq_num       - The SEQ value to use for the IV calculation.
+ *         *hdr          - The RTP header, used to get the SSRC value
+ *
+ * Returns: srtp_err_status_ok if no error or srtp_err_status_bad_param
+ *          if seq_num is invalid
+ *
+ */
+static srtp_err_status_t srtp_calc_aead_iv_srtcp(
+    srtp_session_keys_t *session_keys,
+    v128_t *iv,
+    uint32_t seq_num,
+    srtcp_hdr_t *hdr)
+{
+    v128_t in;
+    v128_t salt;
+
+    memset(&in, 0, sizeof(v128_t));
+    memset(&salt, 0, sizeof(v128_t));
+
+    in.v16[0] = 0;
+    memcpy(&in.v16[1], &hdr->ssrc, 4); /* still in network order! */
+    in.v16[3] = 0;
+
+    /*
+     *  The SRTCP index (seq_num) spans bits 0 through 30 inclusive.
+     *  The most significant bit should be zero.
+     */
+    if (seq_num & 0x80000000UL) {
+        return srtp_err_status_bad_param;
+    }
+    in.v32[2] = htonl(seq_num);
+
+    debug_print(mod_srtp, "Pre-salted RTCP IV = %s\n", v128_hex_string(&in));
+
+    /*
+     * Get the SALT value from the context
+     */
+    memcpy(salt.v8, session_keys->c_salt, 12);
+    debug_print(mod_srtp, "RTCP SALT = %s\n", v128_hex_string(&salt));
+
+    /*
+     * Finally, apply the SALT to the input
+     */
+    v128_xor(iv, &in, &salt);
+
+    return srtp_err_status_ok;
+}
+
+/*
+ * This code handles AEAD ciphers for outgoing RTCP.  We currently support
+ * AES-GCM mode with 128 or 256 bit keys.
+ */
+static srtp_err_status_t srtp_protect_rtcp_aead(
+    srtp_t ctx,
+    srtp_stream_ctx_t *stream,
+    void *rtcp_hdr,
+    unsigned int *pkt_octet_len,
+    srtp_session_keys_t *session_keys,
+    unsigned int use_mki)
+{
+    srtcp_hdr_t *hdr = (srtcp_hdr_t *)rtcp_hdr;
+    uint32_t *enc_start;            /* pointer to start of encrypted portion  */
+    uint32_t *trailer_p;            /* pointer to start of trailer            */
+    uint32_t trailer;               /* trailer value                          */
+    unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */
+    uint8_t *auth_tag = NULL;       /* location of auth_tag within packet     */
+    srtp_err_status_t status;
+    uint32_t tag_len;
+    uint32_t seq_num;
+    v128_t iv;
+    uint32_t tseq;
+    unsigned int mki_size = 0;
+
+    /* get tag length from stream context */
+    tag_len = srtp_auth_get_tag_length(session_keys->rtcp_auth);
+
+    /*
+     * set encryption start and encryption length - if we're not
+     * providing confidentiality, set enc_start to NULL
+     */
+    enc_start = (uint32_t *)hdr + uint32s_in_rtcp_header;
+    enc_octet_len = *pkt_octet_len - octets_in_rtcp_header;
+
+    /* NOTE: hdr->length is not usable - it refers to only the first
+     * RTCP report in the compound packet!
+     */
+    trailer_p = (uint32_t *)((char *)enc_start + enc_octet_len + tag_len);
+
+    if (stream->rtcp_services & sec_serv_conf) {
+        trailer = htonl(SRTCP_E_BIT); /* set encrypt bit */
+    } else {
+        enc_start = NULL;
+        enc_octet_len = 0;
+        /* 0 is network-order independant */
+        trailer = 0x00000000; /* set encrypt bit */
+    }
+
+    mki_size = srtp_inject_mki((uint8_t *)hdr + *pkt_octet_len + tag_len +
+                                   sizeof(srtcp_trailer_t),
+                               session_keys, use_mki);
+
+    /*
+     * set the auth_tag pointer to the proper location, which is after
+     * the payload, but before the trailer
+     * (note that srtpc *always* provides authentication, unlike srtp)
+     */
+    /* Note: This would need to change for optional mikey data */
+    auth_tag = (uint8_t *)hdr + *pkt_octet_len;
+
+    /*
+     * check sequence number for overruns, and copy it into the packet
+     * if its value isn't too big
+     */
+    status = srtp_rdb_increment(&stream->rtcp_rdb);
+    if (status) {
+        return status;
+    }
+    seq_num = srtp_rdb_get_value(&stream->rtcp_rdb);
+    trailer |= htonl(seq_num);
+    debug_print(mod_srtp, "srtcp index: %x", seq_num);
+
+    memcpy(trailer_p, &trailer, sizeof(trailer));
+
+    /*
+     * Calculate and set the IV
+     */
+    status = srtp_calc_aead_iv_srtcp(session_keys, &iv, seq_num, hdr);
+    if (status) {
+        return srtp_err_status_cipher_fail;
+    }
+    status = srtp_cipher_set_iv(session_keys->rtcp_cipher, (uint8_t *)&iv,
+                                srtp_direction_encrypt);
+    if (status) {
+        return srtp_err_status_cipher_fail;
+    }
+
+    /*
+     * Set the AAD for GCM mode
+     */
+    if (enc_start) {
+        /*
+         * If payload encryption is enabled, then the AAD consist of
+         * the RTCP header and the seq# at the end of the packet
+         */
+        status = srtp_cipher_set_aad(session_keys->rtcp_cipher, (uint8_t *)hdr,
+                                     octets_in_rtcp_header);
+        if (status) {
+            return (srtp_err_status_cipher_fail);
+        }
+    } else {
+        /*
+         * Since payload encryption is not enabled, we must authenticate
+         * the entire packet as described in RFC 7714 (Section 9.3. Data
+         * Types in Unencrypted SRTCP Compound Packets)
+         */
+        status = srtp_cipher_set_aad(session_keys->rtcp_cipher, (uint8_t *)hdr,
+                                     *pkt_octet_len);
+        if (status) {
+            return (srtp_err_status_cipher_fail);
+        }
+    }
+    /*
+     * Process the sequence# as AAD
+     */
+    tseq = trailer;
+    status = srtp_cipher_set_aad(session_keys->rtcp_cipher, (uint8_t *)&tseq,
+                                 sizeof(srtcp_trailer_t));
+    if (status) {
+        return (srtp_err_status_cipher_fail);
+    }
+
+    /* if we're encrypting, exor keystream into the message */
+    if (enc_start) {
+        status = srtp_cipher_encrypt(session_keys->rtcp_cipher,
+                                     (uint8_t *)enc_start, &enc_octet_len);
+        if (status) {
+            return srtp_err_status_cipher_fail;
+        }
+        /*
+         * Get the tag and append that to the output
+         */
+        status = srtp_cipher_get_tag(session_keys->rtcp_cipher,
+                                     (uint8_t *)auth_tag, &tag_len);
+        if (status) {
+            return (srtp_err_status_cipher_fail);
+        }
+        enc_octet_len += tag_len;
+    } else {
+        /*
+         * Even though we're not encrypting the payload, we need
+         * to run the cipher to get the auth tag.
+         */
+        unsigned int nolen = 0;
+        status = srtp_cipher_encrypt(session_keys->rtcp_cipher, NULL, &nolen);
+        if (status) {
+            return srtp_err_status_cipher_fail;
+        }
+        /*
+         * Get the tag and append that to the output
+         */
+        status = srtp_cipher_get_tag(session_keys->rtcp_cipher,
+                                     (uint8_t *)auth_tag, &tag_len);
+        if (status) {
+            return (srtp_err_status_cipher_fail);
+        }
+        enc_octet_len += tag_len;
+    }
+
+    /* increase the packet length by the length of the auth tag and seq_num*/
+    *pkt_octet_len += (tag_len + sizeof(srtcp_trailer_t));
+
+    /* increase the packet by the mki_size */
+    *pkt_octet_len += mki_size;
+
+    return srtp_err_status_ok;
+}
+
+/*
+ * This function handles incoming SRTCP packets while in AEAD mode,
+ * which currently supports AES-GCM encryption.  Note, the auth tag is
+ * at the end of the packet stream and is automatically checked by GCM
+ * when decrypting the payload.
+ */
+static srtp_err_status_t srtp_unprotect_rtcp_aead(
+    srtp_t ctx,
+    srtp_stream_ctx_t *stream,
+    void *srtcp_hdr,
+    unsigned int *pkt_octet_len,
+    srtp_session_keys_t *session_keys,
+    unsigned int use_mki)
+{
+    srtcp_hdr_t *hdr = (srtcp_hdr_t *)srtcp_hdr;
+    uint32_t *enc_start;            /* pointer to start of encrypted portion  */
+    uint32_t *trailer_p;            /* pointer to start of trailer            */
+    uint32_t trailer;               /* trailer value                          */
+    unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */
+    uint8_t *auth_tag = NULL;       /* location of auth_tag within packet     */
+    srtp_err_status_t status;
+    int tag_len;
+    unsigned int tmp_len;
+    uint32_t seq_num;
+    v128_t iv;
+    uint32_t tseq;
+    unsigned int mki_size = 0;
+
+    /* get tag length from stream context */
+    tag_len = srtp_auth_get_tag_length(session_keys->rtcp_auth);
+
+    if (use_mki) {
+        mki_size = session_keys->mki_size;
+    }
+
+    /*
+     * set encryption start, encryption length, and trailer
+     */
+    /* index & E (encryption) bit follow normal data. hdr->len is the number of
+     * words (32-bit) in the normal packet minus 1
+     */
+    /* This should point trailer to the word past the end of the normal data. */
+    /* This would need to be modified for optional mikey data */
+    trailer_p = (uint32_t *)((char *)hdr + *pkt_octet_len -
+                             sizeof(srtcp_trailer_t) - mki_size);
+    memcpy(&trailer, trailer_p, sizeof(trailer));
+
+    /*
+     * We pass the tag down to the cipher when doing GCM mode
+     */
+    enc_octet_len = *pkt_octet_len - (octets_in_rtcp_header +
+                                      sizeof(srtcp_trailer_t) + mki_size);
+    auth_tag = (uint8_t *)hdr + *pkt_octet_len - tag_len - mki_size -
+               sizeof(srtcp_trailer_t);
+
+    if (*((unsigned char *)trailer_p) & SRTCP_E_BYTE_BIT) {
+        enc_start = (uint32_t *)hdr + uint32s_in_rtcp_header;
+    } else {
+        enc_octet_len = 0;
+        enc_start = NULL; /* this indicates that there's no encryption */
+    }
+
+    /*
+     * check the sequence number for replays
+     */
+    /* this is easier than dealing with bitfield access */
+    seq_num = ntohl(trailer) & SRTCP_INDEX_MASK;
+    debug_print(mod_srtp, "srtcp index: %x", seq_num);
+    status = srtp_rdb_check(&stream->rtcp_rdb, seq_num);
+    if (status) {
+        return status;
+    }
+
+    /*
+     * Calculate and set the IV
+     */
+    status = srtp_calc_aead_iv_srtcp(session_keys, &iv, seq_num, hdr);
+    if (status) {
+        return srtp_err_status_cipher_fail;
+    }
+    status = srtp_cipher_set_iv(session_keys->rtcp_cipher, (uint8_t *)&iv,
+                                srtp_direction_decrypt);
+    if (status) {
+        return srtp_err_status_cipher_fail;
+    }
+
+    /*
+     * Set the AAD for GCM mode
+     */
+    if (enc_start) {
+        /*
+         * If payload encryption is enabled, then the AAD consist of
+         * the RTCP header and the seq# at the end of the packet
+         */
+        status = srtp_cipher_set_aad(session_keys->rtcp_cipher, (uint8_t *)hdr,
+                                     octets_in_rtcp_header);
+        if (status) {
+            return (srtp_err_status_cipher_fail);
+        }
+    } else {
+        /*
+         * Since payload encryption is not enabled, we must authenticate
+         * the entire packet as described in RFC 7714 (Section 9.3. Data
+         * Types in Unencrypted SRTCP Compound Packets)
+         */
+        status = srtp_cipher_set_aad(
+            session_keys->rtcp_cipher, (uint8_t *)hdr,
+            (*pkt_octet_len - tag_len - sizeof(srtcp_trailer_t) - mki_size));
+        if (status) {
+            return (srtp_err_status_cipher_fail);
+        }
+    }
+
+    /*
+     * Process the sequence# as AAD
+     */
+    tseq = trailer;
+    status = srtp_cipher_set_aad(session_keys->rtcp_cipher, (uint8_t *)&tseq,
+                                 sizeof(srtcp_trailer_t));
+    if (status) {
+        return (srtp_err_status_cipher_fail);
+    }
+
+    /* if we're decrypting, exor keystream into the message */
+    if (enc_start) {
+        status = srtp_cipher_decrypt(session_keys->rtcp_cipher,
+                                     (uint8_t *)enc_start, &enc_octet_len);
+        if (status) {
+            return status;
+        }
+    } else {
+        /*
+         * Still need to run the cipher to check the tag
+         */
+        tmp_len = tag_len;
+        status = srtp_cipher_decrypt(session_keys->rtcp_cipher,
+                                     (uint8_t *)auth_tag, &tmp_len);
+        if (status) {
+            return status;
+        }
+    }
+
+    /* decrease the packet length by the length of the auth tag and seq_num*/
+    *pkt_octet_len -= (tag_len + sizeof(srtcp_trailer_t) + mki_size);
+
+    /*
+     * verify that stream is for received traffic - this check will
+     * detect SSRC collisions, since a stream that appears in both
+     * srtp_protect() and srtp_unprotect() will fail this test in one of
+     * those functions.
+     *
+     * we do this check *after* the authentication check, so that the
+     * latter check will catch any attempts to fool us into thinking
+     * that we've got a collision
+     */
+    if (stream->direction != dir_srtp_receiver) {
+        if (stream->direction == dir_unknown) {
+            stream->direction = dir_srtp_receiver;
+        } else {
+            srtp_handle_event(ctx, stream, event_ssrc_collision);
+        }
+    }
+
+    /*
+     * if the stream is a 'provisional' one, in which the template context
+     * is used, then we need to allocate a new stream at this point, since
+     * the authentication passed
+     */
+    if (stream == ctx->stream_template) {
+        srtp_stream_ctx_t *new_stream;
+
+        /*
+         * allocate and initialize a new stream
+         *
+         * note that we indicate failure if we can't allocate the new
+         * stream, and some implementations will want to not return
+         * failure here
+         */
+        status =
+            srtp_stream_clone(ctx->stream_template, hdr->ssrc, &new_stream);
+        if (status) {
+            return status;
+        }
+
+        /* add new stream to the head of the stream_list */
+        new_stream->next = ctx->stream_list;
+        ctx->stream_list = new_stream;
+
+        /* set stream (the pointer used in this function) */
+        stream = new_stream;
+    }
+
+    /* we've passed the authentication check, so add seq_num to the rdb */
+    srtp_rdb_add_index(&stream->rtcp_rdb, seq_num);
+
+    return srtp_err_status_ok;
+}
+
+srtp_err_status_t srtp_protect_rtcp(srtp_t ctx,
+                                    void *rtcp_hdr,
+                                    int *pkt_octet_len)
+{
+    return srtp_protect_rtcp_mki(ctx, rtcp_hdr, pkt_octet_len, 0, 0);
+}
+
+srtp_err_status_t srtp_protect_rtcp_mki(srtp_t ctx,
+                                        void *rtcp_hdr,
+                                        int *pkt_octet_len,
+                                        unsigned int use_mki,
+                                        unsigned int mki_index)
+{
+    srtcp_hdr_t *hdr = (srtcp_hdr_t *)rtcp_hdr;
+    uint32_t *enc_start;            /* pointer to start of encrypted portion  */
+    uint32_t *auth_start;           /* pointer to start of auth. portion      */
+    uint32_t *trailer_p;            /* pointer to start of trailer            */
+    uint32_t trailer;               /* trailer value                          */
+    unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */
+    uint8_t *auth_tag = NULL;       /* location of auth_tag within packet     */
+    srtp_err_status_t status;
+    int tag_len;
+    srtp_stream_ctx_t *stream;
+    uint32_t prefix_len;
+    uint32_t seq_num;
+    unsigned int mki_size = 0;
+    srtp_session_keys_t *session_keys = NULL;
+
+    /* we assume the hdr is 32-bit aligned to start */
+
+    /* check the packet length - it must at least contain a full header */
+    if (*pkt_octet_len < octets_in_rtcp_header)
+        return srtp_err_status_bad_param;
+
+    /*
+     * look up ssrc in srtp_stream list, and process the packet with
+     * the appropriate stream.  if we haven't seen this stream before,
+     * there's only one key for this srtp_session, and the cipher
+     * supports key-sharing, then we assume that a new stream using
+     * that key has just started up
+     */
+    stream = srtp_get_stream(ctx, hdr->ssrc);
+    if (stream == NULL) {
+        if (ctx->stream_template != NULL) {
+            srtp_stream_ctx_t *new_stream;
+
+            /* allocate and initialize a new stream */
+            status =
+                srtp_stream_clone(ctx->stream_template, hdr->ssrc, &new_stream);
+            if (status)
+                return status;
+
+            /* add new stream to the head of the stream_list */
+            new_stream->next = ctx->stream_list;
+            ctx->stream_list = new_stream;
+
+            /* set stream (the pointer used in this function) */
+            stream = new_stream;
+        } else {
+            /* no template stream, so we return an error */
+            return srtp_err_status_no_ctx;
+        }
+    }
+
+    /*
+     * verify that stream is for sending traffic - this check will
+     * detect SSRC collisions, since a stream that appears in both
+     * srtp_protect() and srtp_unprotect() will fail this test in one of
+     * those functions.
+     */
+    if (stream->direction != dir_srtp_sender) {
+        if (stream->direction == dir_unknown) {
+            stream->direction = dir_srtp_sender;
+        } else {
+            srtp_handle_event(ctx, stream, event_ssrc_collision);
+        }
+    }
+
+    session_keys =
+        srtp_get_session_keys_with_mki_index(stream, use_mki, mki_index);
+
+    if (session_keys == NULL)
+        return srtp_err_status_bad_mki;
+
+    /*
+     * Check if this is an AEAD stream (GCM mode).  If so, then dispatch
+     * the request to our AEAD handler.
+     */
+    if (session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_128 ||
+        session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_256) {
+        return srtp_protect_rtcp_aead(ctx, stream, rtcp_hdr,
+                                      (unsigned int *)pkt_octet_len,
+                                      session_keys, use_mki);
+    }
+
+    /* get tag length from stream context */
+    tag_len = srtp_auth_get_tag_length(session_keys->rtcp_auth);
+
+    /*
+     * set encryption start and encryption length - if we're not
+     * providing confidentiality, set enc_start to NULL
+     */
+    enc_start = (uint32_t *)hdr + uint32s_in_rtcp_header;
+    enc_octet_len = *pkt_octet_len - octets_in_rtcp_header;
+
+    /* all of the packet, except the header, gets encrypted */
+    /*
+     * NOTE: hdr->length is not usable - it refers to only the first RTCP report
+     * in the compound packet!
+     */
+    trailer_p = (uint32_t *)((char *)enc_start + enc_octet_len);
+
+    if (stream->rtcp_services & sec_serv_conf) {
+        trailer = htonl(SRTCP_E_BIT); /* set encrypt bit */
+    } else {
+        enc_start = NULL;
+        enc_octet_len = 0;
+        /* 0 is network-order independant */
+        trailer = 0x00000000; /* set encrypt bit */
+    }
+
+    mki_size = srtp_inject_mki((uint8_t *)hdr + *pkt_octet_len +
+                                   sizeof(srtcp_trailer_t),
+                               session_keys, use_mki);
+
+    /*
+     * set the auth_start and auth_tag pointers to the proper locations
+     * (note that srtpc *always* provides authentication, unlike srtp)
+     */
+    /* Note: This would need to change for optional mikey data */
+    auth_start = (uint32_t *)hdr;
+    auth_tag =
+        (uint8_t *)hdr + *pkt_octet_len + sizeof(srtcp_trailer_t) + mki_size;
+
+    /* perform EKT processing if needed */
+    srtp_ekt_write_data(stream->ekt, auth_tag, tag_len, pkt_octet_len,
+                        srtp_rdbx_get_packet_index(&stream->rtp_rdbx));
+
+    /*
+     * check sequence number for overruns, and copy it into the packet
+     * if its value isn't too big
+     */
+    status = srtp_rdb_increment(&stream->rtcp_rdb);
+    if (status)
+        return status;
+    seq_num = srtp_rdb_get_value(&stream->rtcp_rdb);
+    trailer |= htonl(seq_num);
+    debug_print(mod_srtp, "srtcp index: %x", seq_num);
+
+    memcpy(trailer_p, &trailer, sizeof(trailer));
+
+    /*
+     * if we're using rindael counter mode, set nonce and seq
+     */
+    if (session_keys->rtcp_cipher->type->id == SRTP_AES_ICM_128 ||
+        session_keys->rtcp_cipher->type->id == SRTP_AES_ICM_192 ||
+        session_keys->rtcp_cipher->type->id == SRTP_AES_ICM_256) {
+        v128_t iv;
+
+        iv.v32[0] = 0;
+        iv.v32[1] = hdr->ssrc; /* still in network order! */
+        iv.v32[2] = htonl(seq_num >> 16);
+        iv.v32[3] = htonl(seq_num << 16);
+        status = srtp_cipher_set_iv(session_keys->rtcp_cipher, (uint8_t *)&iv,
+                                    srtp_direction_encrypt);
+
+    } else {
+        v128_t iv;
+
+        /* otherwise, just set the index to seq_num */
+        iv.v32[0] = 0;
+        iv.v32[1] = 0;
+        iv.v32[2] = 0;
+        iv.v32[3] = htonl(seq_num);
+        status = srtp_cipher_set_iv(session_keys->rtcp_cipher, (uint8_t *)&iv,
+                                    srtp_direction_encrypt);
+    }
+    if (status)
+        return srtp_err_status_cipher_fail;
+
+    /*
+     * if we're authenticating using a universal hash, put the keystream
+     * prefix into the authentication tag
+     */
+
+    /* if auth_start is non-null, then put keystream into tag  */
+    if (auth_start) {
+        /* put keystream prefix into auth_tag */
+        prefix_len = srtp_auth_get_prefix_length(session_keys->rtcp_auth);
+        status = srtp_cipher_output(session_keys->rtcp_cipher, auth_tag,
+                                    &prefix_len);
+
+        debug_print(mod_srtp, "keystream prefix: %s",
+                    srtp_octet_string_hex_string(auth_tag, prefix_len));
+
+        if (status)
+            return srtp_err_status_cipher_fail;
+    }
+
+    /* if we're encrypting, exor keystream into the message */
+    if (enc_start) {
+        status = srtp_cipher_encrypt(session_keys->rtcp_cipher,
+                                     (uint8_t *)enc_start, &enc_octet_len);
+        if (status)
+            return srtp_err_status_cipher_fail;
+    }
+
+    /* initialize auth func context */
+    srtp_auth_start(session_keys->rtcp_auth);
+
+    /*
+     * run auth func over packet (including trailer), and write the
+     * result at auth_tag
+     */
+    status =
+        srtp_auth_compute(session_keys->rtcp_auth, (uint8_t *)auth_start,
+                          (*pkt_octet_len) + sizeof(srtcp_trailer_t), auth_tag);
+    debug_print(mod_srtp, "srtcp auth tag:    %s",
+                srtp_octet_string_hex_string(auth_tag, tag_len));
+    if (status)
+        return srtp_err_status_auth_fail;
+
+    /* increase the packet length by the length of the auth tag and seq_num*/
+    *pkt_octet_len += (tag_len + sizeof(srtcp_trailer_t));
+
+    /* increase the packet by the mki_size */
+    *pkt_octet_len += mki_size;
+
+    return srtp_err_status_ok;
+}
+
+srtp_err_status_t srtp_unprotect_rtcp(srtp_t ctx,
+                                      void *srtcp_hdr,
+                                      int *pkt_octet_len)
+{
+    return srtp_unprotect_rtcp_mki(ctx, srtcp_hdr, pkt_octet_len, 0);
+}
+
+srtp_err_status_t srtp_unprotect_rtcp_mki(srtp_t ctx,
+                                          void *srtcp_hdr,
+                                          int *pkt_octet_len,
+                                          unsigned int use_mki)
+{
+    srtcp_hdr_t *hdr = (srtcp_hdr_t *)srtcp_hdr;
+    uint32_t *enc_start;            /* pointer to start of encrypted portion  */
+    uint32_t *auth_start;           /* pointer to start of auth. portion      */
+    uint32_t *trailer_p;            /* pointer to start of trailer            */
+    uint32_t trailer;               /* trailer value                          */
+    unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */
+    uint8_t *auth_tag = NULL;       /* location of auth_tag within packet     */
+    uint8_t tmp_tag[SRTP_MAX_TAG_LEN];
+    uint8_t tag_copy[SRTP_MAX_TAG_LEN];
+    srtp_err_status_t status;
+    unsigned int auth_len;
+    int tag_len;
+    srtp_stream_ctx_t *stream;
+    uint32_t prefix_len;
+    uint32_t seq_num;
+    int e_bit_in_packet; /* whether the E-bit was found in the packet */
+    int sec_serv_confidentiality; /* whether confidentiality was requested */
+    unsigned int mki_size = 0;
+    srtp_session_keys_t *session_keys = NULL;
+
+    /* we assume the hdr is 32-bit aligned to start */
+
+    if (*pkt_octet_len < 0)
+        return srtp_err_status_bad_param;
+
+    /*
+     * check that the length value is sane; we'll check again once we
+     * know the tag length, but we at least want to know that it is
+     * a positive value
+     */
+    if ((unsigned int)(*pkt_octet_len) <
+        octets_in_rtcp_header + sizeof(srtcp_trailer_t))
+        return srtp_err_status_bad_param;
+
+    /*
+     * look up ssrc in srtp_stream list, and process the packet with
+     * the appropriate stream.  if we haven't seen this stream before,
+     * there's only one key for this srtp_session, and the cipher
+     * supports key-sharing, then we assume that a new stream using
+     * that key has just started up
+     */
+    stream = srtp_get_stream(ctx, hdr->ssrc);
+    if (stream == NULL) {
+        if (ctx->stream_template != NULL) {
+            stream = ctx->stream_template;
+
+            /*
+             * check to see if stream_template has an EKT data structure, in
+             * which case we initialize the template using the EKT policy
+             * referenced by that data (which consists of decrypting the
+             * master key from the EKT field)
+             *
+             * this function initializes a *provisional* stream, and this
+             * stream should not be accepted until and unless the packet
+             * passes its authentication check
+             */
+            if (stream->ekt != NULL) {
+                status = srtp_stream_init_from_ekt(stream, srtcp_hdr,
+                                                   *pkt_octet_len);
+                if (status)
+                    return status;
+            }
+
+            debug_print(mod_srtp,
+                        "srtcp using provisional stream (SSRC: 0x%08x)",
+                        ntohl(hdr->ssrc));
+        } else {
+            /* no template stream, so we return an error */
+            return srtp_err_status_no_ctx;
+        }
+    }
+
+    /*
+     * Determine if MKI is being used and what session keys should be used
+     */
+    if (use_mki) {
+        session_keys = srtp_get_session_keys(
+            stream, (uint8_t *)hdr, (const unsigned int *)pkt_octet_len,
+            &mki_size);
+
+        if (session_keys == NULL)
+            return srtp_err_status_bad_mki;
+    } else {
+        session_keys = &stream->session_keys[0];
+    }
+
+    /* get tag length from stream context */
+    tag_len = srtp_auth_get_tag_length(session_keys->rtcp_auth);
+
+    /* check the packet length - it must contain at least a full RTCP
+       header, an auth tag (if applicable), and the SRTCP encrypted flag
+       and 31-bit index value */
+    if (*pkt_octet_len < (int)(octets_in_rtcp_header + tag_len + mki_size +
+                               sizeof(srtcp_trailer_t))) {
+        return srtp_err_status_bad_param;
+    }
+
+    /*
+     * Check if this is an AEAD stream (GCM mode).  If so, then dispatch
+     * the request to our AEAD handler.
+     */
+    if (session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_128 ||
+        session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_256) {
+        return srtp_unprotect_rtcp_aead(ctx, stream, srtcp_hdr,
+                                        (unsigned int *)pkt_octet_len,
+                                        session_keys, mki_size);
+    }
+
+    sec_serv_confidentiality = stream->rtcp_services == sec_serv_conf ||
+                               stream->rtcp_services == sec_serv_conf_and_auth;
+
+    /*
+     * set encryption start, encryption length, and trailer
+     */
+    enc_octet_len = *pkt_octet_len - (octets_in_rtcp_header + tag_len +
+                                      mki_size + sizeof(srtcp_trailer_t));
+    /*
+     *index & E (encryption) bit follow normal data. hdr->len is the number of
+     * words (32-bit) in the normal packet minus 1
+     */
+    /* This should point trailer to the word past the end of the normal data. */
+    /* This would need to be modified for optional mikey data */
+    trailer_p = (uint32_t *)((char *)hdr + *pkt_octet_len -
+                             (tag_len + mki_size + sizeof(srtcp_trailer_t)));
+    memcpy(&trailer, trailer_p, sizeof(trailer));
+
+    e_bit_in_packet =
+        (*((unsigned char *)trailer_p) & SRTCP_E_BYTE_BIT) == SRTCP_E_BYTE_BIT;
+    if (e_bit_in_packet != sec_serv_confidentiality) {
+        return srtp_err_status_cant_check;
+    }
+    if (sec_serv_confidentiality) {
+        enc_start = (uint32_t *)hdr + uint32s_in_rtcp_header;
+    } else {
+        enc_octet_len = 0;
+        enc_start = NULL; /* this indicates that there's no encryption */
+    }
+
+    /*
+     * set the auth_start and auth_tag pointers to the proper locations
+     * (note that srtcp *always* uses authentication, unlike srtp)
+     */
+    auth_start = (uint32_t *)hdr;
+
+    /*
+     * The location of the auth tag in the packet needs to know MKI
+     * could be present.  The data needed to calculate the Auth tag
+     * must not include the MKI
+     */
+    auth_len = *pkt_octet_len - tag_len - mki_size;
+    auth_tag = (uint8_t *)hdr + auth_len + mki_size;
+
+    /*
+     * if EKT is in use, then we make a copy of the tag from the packet,
+     * and then zeroize the location of the base tag
+     *
+     * we first re-position the auth_tag pointer so that it points to
+     * the base tag
+     */
+    if (stream->ekt) {
+        auth_tag -= srtp_ekt_octets_after_base_tag(stream->ekt);
+        memcpy(tag_copy, auth_tag, tag_len);
+        octet_string_set_to_zero(auth_tag, tag_len);
+        auth_tag = tag_copy;
+        auth_len += tag_len;
+    }
+
+    /*
+     * check the sequence number for replays
+     */
+    /* this is easier than dealing with bitfield access */
+    seq_num = ntohl(trailer) & SRTCP_INDEX_MASK;
+    debug_print(mod_srtp, "srtcp index: %x", seq_num);
+    status = srtp_rdb_check(&stream->rtcp_rdb, seq_num);
+    if (status)
+        return status;
+
+    /*
+     * if we're using aes counter mode, set nonce and seq
+     */
+    if (session_keys->rtcp_cipher->type->id == SRTP_AES_ICM_128 ||
+        session_keys->rtcp_cipher->type->id == SRTP_AES_ICM_192 ||
+        session_keys->rtcp_cipher->type->id == SRTP_AES_ICM_256) {
+        v128_t iv;
+
+        iv.v32[0] = 0;
+        iv.v32[1] = hdr->ssrc; /* still in network order! */
+        iv.v32[2] = htonl(seq_num >> 16);
+        iv.v32[3] = htonl(seq_num << 16);
+        status = srtp_cipher_set_iv(session_keys->rtcp_cipher, (uint8_t *)&iv,
+                                    srtp_direction_decrypt);
+
+    } else {
+        v128_t iv;
+
+        /* otherwise, just set the index to seq_num */
+        iv.v32[0] = 0;
+        iv.v32[1] = 0;
+        iv.v32[2] = 0;
+        iv.v32[3] = htonl(seq_num);
+        status = srtp_cipher_set_iv(session_keys->rtcp_cipher, (uint8_t *)&iv,
+                                    srtp_direction_decrypt);
+    }
+    if (status)
+        return srtp_err_status_cipher_fail;
+
+    /* initialize auth func context */
+    srtp_auth_start(session_keys->rtcp_auth);
+
+    /* run auth func over packet, put result into tmp_tag */
+    status = srtp_auth_compute(session_keys->rtcp_auth, (uint8_t *)auth_start,
+                               auth_len, tmp_tag);
+    debug_print(mod_srtp, "srtcp computed tag:       %s",
+                srtp_octet_string_hex_string(tmp_tag, tag_len));
+    if (status)
+        return srtp_err_status_auth_fail;
+
+    /* compare the tag just computed with the one in the packet */
+    debug_print(mod_srtp, "srtcp tag from packet:    %s",
+                srtp_octet_string_hex_string(auth_tag, tag_len));
+    if (srtp_octet_string_is_eq(tmp_tag, auth_tag, tag_len))
+        return srtp_err_status_auth_fail;
+
+    /*
+     * if we're authenticating using a universal hash, put the keystream
+     * prefix into the authentication tag
+     */
+    prefix_len = srtp_auth_get_prefix_length(session_keys->rtcp_auth);
+    if (prefix_len) {
+        status = srtp_cipher_output(session_keys->rtcp_cipher, auth_tag,
+                                    &prefix_len);
+        debug_print(mod_srtp, "keystream prefix: %s",
+                    srtp_octet_string_hex_string(auth_tag, prefix_len));
+        if (status)
+            return srtp_err_status_cipher_fail;
+    }
+
+    /* if we're decrypting, exor keystream into the message */
+    if (enc_start) {
+        status = srtp_cipher_decrypt(session_keys->rtcp_cipher,
+                                     (uint8_t *)enc_start, &enc_octet_len);
+        if (status)
+            return srtp_err_status_cipher_fail;
+    }
+
+    /* decrease the packet length by the length of the auth tag and seq_num */
+    *pkt_octet_len -= (tag_len + sizeof(srtcp_trailer_t));
+
+    /* decrease the packet length by the length of the mki_size */
+    *pkt_octet_len -= mki_size;
+
+    /*
+     * if EKT is in effect, subtract the EKT data out of the packet
+     * length
+     */
+    *pkt_octet_len -= srtp_ekt_octets_after_base_tag(stream->ekt);
+
+    /*
+     * verify that stream is for received traffic - this check will
+     * detect SSRC collisions, since a stream that appears in both
+     * srtp_protect() and srtp_unprotect() will fail this test in one of
+     * those functions.
+     *
+     * we do this check *after* the authentication check, so that the
+     * latter check will catch any attempts to fool us into thinking
+     * that we've got a collision
+     */
+    if (stream->direction != dir_srtp_receiver) {
+        if (stream->direction == dir_unknown) {
+            stream->direction = dir_srtp_receiver;
+        } else {
+            srtp_handle_event(ctx, stream, event_ssrc_collision);
+        }
+    }
+
+    /*
+     * if the stream is a 'provisional' one, in which the template context
+     * is used, then we need to allocate a new stream at this point, since
+     * the authentication passed
+     */
+    if (stream == ctx->stream_template) {
+        srtp_stream_ctx_t *new_stream;
+
+        /*
+         * allocate and initialize a new stream
+         *
+         * note that we indicate failure if we can't allocate the new
+         * stream, and some implementations will want to not return
+         * failure here
+         */
+        status =
+            srtp_stream_clone(ctx->stream_template, hdr->ssrc, &new_stream);
+        if (status)
+            return status;
+
+        /* add new stream to the head of the stream_list */
+        new_stream->next = ctx->stream_list;
+        ctx->stream_list = new_stream;
+
+        /* set stream (the pointer used in this function) */
+        stream = new_stream;
+    }
+
+    /* we've passed the authentication check, so add seq_num to the rdb */
+    srtp_rdb_add_index(&stream->rtcp_rdb, seq_num);
+
+    return srtp_err_status_ok;
+}
+
+/*
+ * user data within srtp_t context
+ */
+
+void srtp_set_user_data(srtp_t ctx, void *data)
+{
+    ctx->user_data = data;
+}
+
+void *srtp_get_user_data(srtp_t ctx)
+{
+    return ctx->user_data;
+}
+
+/*
+ * dtls keying for srtp
+ */
+
+srtp_err_status_t srtp_crypto_policy_set_from_profile_for_rtp(
+    srtp_crypto_policy_t *policy,
+    srtp_profile_t profile)
+{
+    /* set SRTP policy from the SRTP profile in the key set */
+    switch (profile) {
+    case srtp_profile_aes128_cm_sha1_80:
+        srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
+        break;
+    case srtp_profile_aes128_cm_sha1_32:
+        srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(policy);
+        break;
+    case srtp_profile_null_sha1_80:
+        srtp_crypto_policy_set_null_cipher_hmac_sha1_80(policy);
+        break;
+#ifdef GCM
+    case srtp_profile_aead_aes_128_gcm:
+        srtp_crypto_policy_set_aes_gcm_128_16_auth(policy);
+        break;
+    case srtp_profile_aead_aes_256_gcm:
+        srtp_crypto_policy_set_aes_gcm_256_16_auth(policy);
+        break;
+#endif
+    /* the following profiles are not (yet) supported */
+    case srtp_profile_null_sha1_32:
+    default:
+        return srtp_err_status_bad_param;
+    }
+
+    return srtp_err_status_ok;
+}
+
+srtp_err_status_t srtp_crypto_policy_set_from_profile_for_rtcp(
+    srtp_crypto_policy_t *policy,
+    srtp_profile_t profile)
+{
+    /* set SRTP policy from the SRTP profile in the key set */
+    switch (profile) {
+    case srtp_profile_aes128_cm_sha1_80:
+        srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
+        break;
+    case srtp_profile_aes128_cm_sha1_32:
+        /* We do not honor the 32-bit auth tag request since
+         * this is not compliant with RFC 3711 */
+        srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
+        break;
+    case srtp_profile_null_sha1_80:
+        srtp_crypto_policy_set_null_cipher_hmac_sha1_80(policy);
+        break;
+#ifdef GCM
+    case srtp_profile_aead_aes_128_gcm:
+        srtp_crypto_policy_set_aes_gcm_128_16_auth(policy);
+        break;
+    case srtp_profile_aead_aes_256_gcm:
+        srtp_crypto_policy_set_aes_gcm_256_16_auth(policy);
+        break;
+#endif
+    /* the following profiles are not (yet) supported */
+    case srtp_profile_null_sha1_32:
+    default:
+        return srtp_err_status_bad_param;
+    }
+
+    return srtp_err_status_ok;
+}
+
+void srtp_append_salt_to_key(uint8_t *key,
+                             unsigned int bytes_in_key,
+                             uint8_t *salt,
+                             unsigned int bytes_in_salt)
+{
+    memcpy(key + bytes_in_key, salt, bytes_in_salt);
+}
+
+unsigned int srtp_profile_get_master_key_length(srtp_profile_t profile)
+{
+    switch (profile) {
+    case srtp_profile_aes128_cm_sha1_80:
+        return SRTP_AES_128_KEY_LEN;
+        break;
+    case srtp_profile_aes128_cm_sha1_32:
+        return SRTP_AES_128_KEY_LEN;
+        break;
+    case srtp_profile_null_sha1_80:
+        return SRTP_AES_128_KEY_LEN;
+        break;
+    case srtp_profile_aead_aes_128_gcm:
+        return SRTP_AES_128_KEY_LEN;
+        break;
+    case srtp_profile_aead_aes_256_gcm:
+        return SRTP_AES_256_KEY_LEN;
+        break;
+    /* the following profiles are not (yet) supported */
+    case srtp_profile_null_sha1_32:
+    default:
+        return 0; /* indicate error by returning a zero */
+    }
+}
+
+unsigned int srtp_profile_get_master_salt_length(srtp_profile_t profile)
+{
+    switch (profile) {
+    case srtp_profile_aes128_cm_sha1_80:
+        return SRTP_SALT_LEN;
+        break;
+    case srtp_profile_aes128_cm_sha1_32:
+        return SRTP_SALT_LEN;
+        break;
+    case srtp_profile_null_sha1_80:
+        return SRTP_SALT_LEN;
+        break;
+    case srtp_profile_aead_aes_128_gcm:
+        return SRTP_AEAD_SALT_LEN;
+        break;
+    case srtp_profile_aead_aes_256_gcm:
+        return SRTP_AEAD_SALT_LEN;
+        break;
+    /* the following profiles are not (yet) supported */
+    case srtp_profile_null_sha1_32:
+    default:
+        return 0; /* indicate error by returning a zero */
+    }
+}
+
+srtp_err_status_t stream_get_protect_trailer_length(srtp_stream_ctx_t *stream,
+                                                    uint32_t is_rtp,
+                                                    uint32_t use_mki,
+                                                    uint32_t mki_index,
+                                                    uint32_t *length)
+{
+    srtp_session_keys_t *session_key;
+
+    *length = 0;
+
+    if (use_mki) {
+        if (mki_index >= stream->num_master_keys) {
+            return srtp_err_status_bad_mki;
+        }
+        session_key = &stream->session_keys[mki_index];
+
+        *length += session_key->mki_size;
+
+    } else {
+        session_key = &stream->session_keys[0];
+    }
+    if (is_rtp) {
+        *length += srtp_auth_get_tag_length(session_key->rtp_auth);
+    } else {
+        *length += srtp_auth_get_tag_length(session_key->rtcp_auth);
+        *length += sizeof(srtcp_trailer_t);
+    }
+
+    return srtp_err_status_ok;
+}
+
+srtp_err_status_t get_protect_trailer_length(srtp_t session,
+                                             uint32_t is_rtp,
+                                             uint32_t use_mki,
+                                             uint32_t mki_index,
+                                             uint32_t *length)
+{
+    srtp_stream_ctx_t *stream;
+
+    if (session == NULL) {
+        return srtp_err_status_bad_param;
+    }
+
+    if (session->stream_template == NULL && session->stream_list == NULL) {
+        return srtp_err_status_bad_param;
+    }
+
+    *length = 0;
+
+    stream = session->stream_template;
+
+    if (stream != NULL) {
+        stream_get_protect_trailer_length(stream, is_rtp, use_mki, mki_index,
+                                          length);
+    }
+
+    stream = session->stream_list;
+
+    while (stream != NULL) {
+        uint32_t temp_length;
+        if (stream_get_protect_trailer_length(stream, is_rtp, use_mki,
+                                              mki_index, &temp_length) ==
+            srtp_err_status_ok) {
+            if (temp_length > *length) {
+                *length = temp_length;
+            }
+        }
+        stream = stream->next;
+    }
+
+    return srtp_err_status_ok;
+}
+
+srtp_err_status_t srtp_get_protect_trailer_length(srtp_t session,
+                                                  uint32_t use_mki,
+                                                  uint32_t mki_index,
+                                                  uint32_t *length)
+{
+    return get_protect_trailer_length(session, 1, use_mki, mki_index, length);
+}
+
+srtp_err_status_t srtp_get_protect_rtcp_trailer_length(srtp_t session,
+                                                       uint32_t use_mki,
+                                                       uint32_t mki_index,
+                                                       uint32_t *length)
+{
+    return get_protect_trailer_length(session, 0, use_mki, mki_index, length);
+}
+
+/*
+ * SRTP debug interface
+ */
+srtp_err_status_t srtp_set_debug_module(const char *mod_name, int v)
+{
+    return srtp_crypto_kernel_set_debug_module(mod_name, v);
+}
+
+srtp_err_status_t srtp_list_debug_modules(void)
+{
+    return srtp_crypto_kernel_list_debug_modules();
+}
+
+/*
+ * srtp_log_handler is a global variable holding a pointer to the
+ * log handler function; this function is called for any log
+ * output.
+ */
+
+static srtp_log_handler_func_t *srtp_log_handler = NULL;
+static void *srtp_log_handler_data = NULL;
+
+void srtp_err_handler(srtp_err_reporting_level_t level, const char *msg)
+{
+    if (srtp_log_handler) {
+        srtp_log_level_t log_level = srtp_log_level_error;
+        switch (level) {
+        case srtp_err_level_error:
+            log_level = srtp_log_level_error;
+            break;
+        case srtp_err_level_warning:
+            log_level = srtp_log_level_warning;
+            break;
+        case srtp_err_level_info:
+            log_level = srtp_log_level_info;
+            break;
+        case srtp_err_level_debug:
+            log_level = srtp_log_level_debug;
+            break;
+        }
+
+        srtp_log_handler(log_level, msg, srtp_log_handler_data);
+    }
+}
+
+srtp_err_status_t srtp_install_log_handler(srtp_log_handler_func_t func,
+                                           void *data)
+{
+    /*
+     * note that we accept NULL arguments intentionally - calling this
+     * function with a NULL arguments removes a log handler that's
+     * been previously installed
+     */
+
+    if (srtp_log_handler) {
+        srtp_install_err_report_handler(NULL);
+    }
+    srtp_log_handler = func;
+    srtp_log_handler_data = data;
+    if (srtp_log_handler) {
+        srtp_install_err_report_handler(srtp_err_handler);
+    }
+    return srtp_err_status_ok;
+}
+
+srtp_err_status_t srtp_set_stream_roc(srtp_t session,
+                                      uint32_t ssrc,
+                                      uint32_t roc)
+{
+    srtp_stream_t stream;
+
+    stream = srtp_get_stream(session, htonl(ssrc));
+    if (stream == NULL)
+        return srtp_err_status_bad_param;
+
+    stream->pending_roc = roc;
+
+    return srtp_err_status_ok;
+}
+
+srtp_err_status_t srtp_get_stream_roc(srtp_t session,
+                                      uint32_t ssrc,
+                                      uint32_t *roc)
+{
+    srtp_stream_t stream;
+
+    stream = srtp_get_stream(session, htonl(ssrc));
+    if (stream == NULL)
+        return srtp_err_status_bad_param;
+
+    *roc = srtp_rdbx_get_roc(&stream->rtp_rdbx);
+
+    return srtp_err_status_ok;
+}
diff --git a/trunk/3rdparty/libsrtp-2-fit/test/cutest.h b/trunk/3rdparty/libsrtp-2-fit/test/cutest.h
new file mode 100644
index 000000000..f46626d39
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/test/cutest.h
@@ -0,0 +1,713 @@
+/*
+ * CUTest -- C/C++ Unit Test facility
+ * <http://github.com/mity/cutest>
+ *
+ * Copyright (c) 2013-2017 Martin Mitas
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+ * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+ * IN THE SOFTWARE.
+ */
+
+#ifndef CUTEST_H__
+#define CUTEST_H__
+
+/************************
+ *** Public interface ***
+ ************************/
+
+/* By default, <cutest.h> provides the main program entry point (function
+ * main()). However, if the test suite is composed of multiple source files
+ * which include <cutest.h>, then this causes a problem of multiple main()
+ * definitions. To avoid this problem, #define macro TEST_NO_MAIN in all
+ * compilation units but one.
+ */
+
+/* Macro to specify list of unit tests in the suite.
+ * The unit test implementation MUST provide list of unit tests it implements
+ * with this macro:
+ *
+ *   TEST_LIST = {
+ *       { "test1_name", test1_func_ptr },
+ *       { "test2_name", test2_func_ptr },
+ *       ...
+ *       { 0 }
+ *   };
+ *
+ * The list specifies names of each test (must be unique) and pointer to
+ * a function implementing it. The function does not take any arguments
+ * and has no return values, i.e. every test function has tp be compatible
+ * with this prototype:
+ *
+ *   void test_func(void);
+ */
+#define TEST_LIST const struct test__ test_list__[]
+
+/* Macros for testing whether an unit test succeeds or fails. These macros
+ * can be used arbitrarily in functions implementing the unit tests.
+ *
+ * If any condition fails throughout execution of a test, the test fails.
+ *
+ * TEST_CHECK takes only one argument (the condition), TEST_CHECK_ allows
+ * also to specify an error message to print out if the condition fails.
+ * (It expects printf-like format string and its parameters). The macros
+ * return non-zero (condition passes) or 0 (condition fails).
+ *
+ * That can be useful when more conditions should be checked only if some
+ * preceding condition passes, as illustrated in this code snippet:
+ *
+ *   SomeStruct* ptr = allocate_some_struct();
+ *   if(TEST_CHECK(ptr != NULL)) {
+ *       TEST_CHECK(ptr->member1 < 100);
+ *       TEST_CHECK(ptr->member2 > 200);
+ *   }
+ */
+#define TEST_CHECK_(cond, ...)                                                 \
+    test_check__((cond), __FILE__, __LINE__, __VA_ARGS__)
+#define TEST_CHECK(cond) test_check__((cond), __FILE__, __LINE__, "%s", #cond)
+
+/**********************
+ *** Implementation ***
+ **********************/
+
+/* The unit test files should not rely on anything below. */
+
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#if defined(unix) || defined(__unix__) || defined(__unix) || defined(__APPLE__)
+#define CUTEST_UNIX__ 1
+#include <errno.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <signal.h>
+#endif
+
+#if defined(_WIN32) || defined(__WIN32__) || defined(__WINDOWS__)
+#define CUTEST_WIN__ 1
+#include <windows.h>
+#include <io.h>
+#endif
+
+#ifdef __cplusplus
+#include <exception>
+#endif
+
+/* Note our global private identifiers end with '__' to mitigate risk of clash
+ * with the unit tests implementation. */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct test__ {
+    const char *name;
+    void (*func)(void);
+};
+
+extern const struct test__ test_list__[];
+
+int test_check__(int cond, const char *file, int line, const char *fmt, ...);
+
+#ifndef TEST_NO_MAIN
+
+static char *test_argv0__ = NULL;
+static int test_count__ = 0;
+static int test_no_exec__ = 0;
+static int test_no_summary__ = 0;
+static int test_skip_mode__ = 0;
+
+static int test_stat_failed_units__ = 0;
+static int test_stat_run_units__ = 0;
+
+static const struct test__ *test_current_unit__ = NULL;
+static int test_current_already_logged__ = 0;
+static int test_verbose_level__ = 2;
+static int test_current_failures__ = 0;
+static int test_colorize__ = 0;
+
+#define CUTEST_COLOR_DEFAULT__ 0
+#define CUTEST_COLOR_GREEN__ 1
+#define CUTEST_COLOR_RED__ 2
+#define CUTEST_COLOR_DEFAULT_INTENSIVE__ 3
+#define CUTEST_COLOR_GREEN_INTENSIVE__ 4
+#define CUTEST_COLOR_RED_INTENSIVE__ 5
+
+static size_t test_print_in_color__(int color, const char *fmt, ...)
+{
+    va_list args;
+    char buffer[256];
+    size_t n;
+
+    va_start(args, fmt);
+    vsnprintf(buffer, sizeof(buffer), fmt, args);
+    va_end(args);
+    buffer[sizeof(buffer) - 1] = '\0';
+
+    if (!test_colorize__) {
+        return printf("%s", buffer);
+    }
+
+#if defined CUTEST_UNIX__
+    {
+        const char *col_str;
+        switch (color) {
+        case CUTEST_COLOR_GREEN__:
+            col_str = "\033[0;32m";
+            break;
+        case CUTEST_COLOR_RED__:
+            col_str = "\033[0;31m";
+            break;
+        case CUTEST_COLOR_GREEN_INTENSIVE__:
+            col_str = "\033[1;32m";
+            break;
+        case CUTEST_COLOR_RED_INTENSIVE__:
+            col_str = "\033[1;30m";
+            break;
+        case CUTEST_COLOR_DEFAULT_INTENSIVE__:
+            col_str = "\033[1m";
+            break;
+        default:
+            col_str = "\033[0m";
+            break;
+        }
+        printf("%s", col_str);
+        n = printf("%s", buffer);
+        printf("\033[0m");
+        return n;
+    }
+#elif defined CUTEST_WIN__
+    {
+        HANDLE h;
+        CONSOLE_SCREEN_BUFFER_INFO info;
+        WORD attr;
+
+        h = GetStdHandle(STD_OUTPUT_HANDLE);
+        GetConsoleScreenBufferInfo(h, &info);
+
+        switch (color) {
+        case CUTEST_COLOR_GREEN__:
+            attr = FOREGROUND_GREEN;
+            break;
+        case CUTEST_COLOR_RED__:
+            attr = FOREGROUND_RED;
+            break;
+        case CUTEST_COLOR_GREEN_INTENSIVE__:
+            attr = FOREGROUND_GREEN | FOREGROUND_INTENSITY;
+            break;
+        case CUTEST_COLOR_RED_INTENSIVE__:
+            attr = FOREGROUND_RED | FOREGROUND_INTENSITY;
+            break;
+        case CUTEST_COLOR_DEFAULT_INTENSIVE__:
+            attr = FOREGROUND_BLUE | FOREGROUND_GREEN | FOREGROUND_RED |
+                   FOREGROUND_INTENSITY;
+            break;
+        default:
+            attr = 0;
+            break;
+        }
+        if (attr != 0)
+            SetConsoleTextAttribute(h, attr);
+        n = printf("%s", buffer);
+        SetConsoleTextAttribute(h, info.wAttributes);
+        return n;
+    }
+#else
+    n = printf("%s", buffer);
+    return n;
+#endif
+}
+
+int test_check__(int cond, const char *file, int line, const char *fmt, ...)
+{
+    const char *result_str;
+    int result_color;
+    int verbose_level;
+
+    if (cond) {
+        result_str = "ok";
+        result_color = CUTEST_COLOR_GREEN__;
+        verbose_level = 3;
+    } else {
+        if (!test_current_already_logged__ && test_current_unit__ != NULL) {
+            printf("[ ");
+            test_print_in_color__(CUTEST_COLOR_RED_INTENSIVE__, "FAILED");
+            printf(" ]\n");
+        }
+        result_str = "failed";
+        result_color = CUTEST_COLOR_RED__;
+        verbose_level = 2;
+        test_current_failures__++;
+        test_current_already_logged__++;
+    }
+
+    if (test_verbose_level__ >= verbose_level) {
+        size_t n = 0;
+        va_list args;
+
+        printf("  ");
+
+        if (file != NULL)
+            n += printf("%s:%d: Check ", file, line);
+
+        va_start(args, fmt);
+        n += vprintf(fmt, args);
+        va_end(args);
+
+        printf("... ");
+        test_print_in_color__(result_color, result_str);
+        printf("\n");
+        test_current_already_logged__++;
+    }
+
+    return (cond != 0);
+}
+
+static void test_list_names__(void)
+{
+    const struct test__ *test;
+
+    printf("Unit tests:\n");
+    for (test = &test_list__[0]; test->func != NULL; test++)
+        printf("  %s\n", test->name);
+}
+
+static const struct test__ *test_by_name__(const char *name)
+{
+    const struct test__ *test;
+
+    for (test = &test_list__[0]; test->func != NULL; test++) {
+        if (strcmp(test->name, name) == 0)
+            return test;
+    }
+
+    return NULL;
+}
+
+/* Call directly the given test unit function. */
+static int test_do_run__(const struct test__ *test)
+{
+    test_current_unit__ = test;
+    test_current_failures__ = 0;
+    test_current_already_logged__ = 0;
+
+    if (test_verbose_level__ >= 3) {
+        test_print_in_color__(CUTEST_COLOR_DEFAULT_INTENSIVE__, "Test %s:\n",
+                              test->name);
+        test_current_already_logged__++;
+    } else if (test_verbose_level__ >= 1) {
+        size_t n;
+        char spaces[32];
+
+        n = test_print_in_color__(CUTEST_COLOR_DEFAULT_INTENSIVE__,
+                                  "Test %s... ", test->name);
+        memset(spaces, ' ', sizeof(spaces));
+        if (n < sizeof(spaces))
+            printf("%.*s", (int)(sizeof(spaces) - n), spaces);
+    } else {
+        test_current_already_logged__ = 1;
+    }
+
+#ifdef __cplusplus
+    try {
+#endif
+
+        /* This is good to do for case the test unit e.g. crashes. */
+        fflush(stdout);
+        fflush(stderr);
+
+        test->func();
+
+#ifdef __cplusplus
+    } catch (std::exception &e) {
+        const char *what = e.what();
+        if (what != NULL)
+            test_check__(0, NULL, 0, "Threw std::exception: %s", what);
+        else
+            test_check__(0, NULL, 0, "Threw std::exception");
+    } catch (...) {
+        test_check__(0, NULL, 0, "Threw an exception");
+    }
+#endif
+
+    if (test_verbose_level__ >= 3) {
+        switch (test_current_failures__) {
+        case 0:
+            test_print_in_color__(CUTEST_COLOR_GREEN_INTENSIVE__,
+                                  "  All conditions have passed.\n\n");
+            break;
+        case 1:
+            test_print_in_color__(CUTEST_COLOR_RED_INTENSIVE__,
+                                  "  One condition has FAILED.\n\n");
+            break;
+        default:
+            test_print_in_color__(CUTEST_COLOR_RED_INTENSIVE__,
+                                  "  %d conditions have FAILED.\n\n",
+                                  test_current_failures__);
+            break;
+        }
+    } else if (test_verbose_level__ >= 1 && test_current_failures__ == 0) {
+        printf("[   ");
+        test_print_in_color__(CUTEST_COLOR_GREEN_INTENSIVE__, "OK");
+        printf("   ]\n");
+    }
+
+    test_current_unit__ = NULL;
+    return (test_current_failures__ == 0) ? 0 : -1;
+}
+
+#if defined(CUTEST_UNIX__) || defined(CUTEST_WIN__)
+/* Called if anything goes bad in cutest, or if the unit test ends in other
+ * way then by normal returning from its function (e.g. exception or some
+ * abnormal child process termination). */
+static void test_error__(const char *fmt, ...)
+{
+    va_list args;
+
+    if (test_verbose_level__ == 0)
+        return;
+
+    if (test_verbose_level__ <= 2 && !test_current_already_logged__ &&
+        test_current_unit__ != NULL) {
+        printf("[ ");
+        test_print_in_color__(CUTEST_COLOR_RED_INTENSIVE__, "FAILED");
+        printf(" ]\n");
+    }
+
+    if (test_verbose_level__ >= 2) {
+        test_print_in_color__(CUTEST_COLOR_RED_INTENSIVE__, "  Error: ");
+        va_start(args, fmt);
+        vprintf(fmt, args);
+        va_end(args);
+        printf("\n");
+    }
+}
+#endif
+
+/* Trigger the unit test. If possible (and not suppressed) it starts a child
+ * process who calls test_do_run__(), otherwise it calls test_do_run__()
+ * directly. */
+static void test_run__(const struct test__ *test)
+{
+    int failed = 1;
+
+    test_current_unit__ = test;
+    test_current_already_logged__ = 0;
+
+    if (!test_no_exec__) {
+#if defined(CUTEST_UNIX__)
+
+        pid_t pid;
+        int exit_code;
+
+        pid = fork();
+        if (pid == (pid_t)-1) {
+            test_error__("Cannot fork. %s [%d]", strerror(errno), errno);
+            failed = 1;
+        } else if (pid == 0) {
+            /* Child: Do the test. */
+            failed = (test_do_run__(test) != 0);
+            exit(failed ? 1 : 0);
+        } else {
+            /* Parent: Wait until child terminates and analyze its exit code. */
+            waitpid(pid, &exit_code, 0);
+            if (WIFEXITED(exit_code)) {
+                switch (WEXITSTATUS(exit_code)) {
+                case 0:
+                    failed = 0;
+                    break; /* test has passed. */
+                case 1:    /* noop */
+                    break; /* "normal" failure. */
+                default:
+                    test_error__("Unexpected exit code [%d]",
+                                 WEXITSTATUS(exit_code));
+                }
+            } else if (WIFSIGNALED(exit_code)) {
+                char tmp[32];
+                const char *signame;
+                switch (WTERMSIG(exit_code)) {
+                case SIGINT:
+                    signame = "SIGINT";
+                    break;
+                case SIGHUP:
+                    signame = "SIGHUP";
+                    break;
+                case SIGQUIT:
+                    signame = "SIGQUIT";
+                    break;
+                case SIGABRT:
+                    signame = "SIGABRT";
+                    break;
+                case SIGKILL:
+                    signame = "SIGKILL";
+                    break;
+                case SIGSEGV:
+                    signame = "SIGSEGV";
+                    break;
+                case SIGILL:
+                    signame = "SIGILL";
+                    break;
+                case SIGTERM:
+                    signame = "SIGTERM";
+                    break;
+                default:
+                    sprintf(tmp, "signal %d", WTERMSIG(exit_code));
+                    signame = tmp;
+                    break;
+                }
+                test_error__("Test interrupted by %s", signame);
+            } else {
+                test_error__("Test ended in an unexpected way [%d]", exit_code);
+            }
+        }
+
+#elif defined(CUTEST_WIN__)
+
+        char buffer[512] = { 0 };
+        STARTUPINFOA startupInfo = { 0 };
+        PROCESS_INFORMATION processInfo;
+        DWORD exitCode;
+
+        /* Windows has no fork(). So we propagate all info into the child
+         * through a command line arguments. */
+        _snprintf(buffer, sizeof(buffer) - 1,
+                  "%s --no-exec --no-summary --verbose=%d --color=%s -- \"%s\"",
+                  test_argv0__, test_verbose_level__,
+                  test_colorize__ ? "always" : "never", test->name);
+        startupInfo.cb = sizeof(STARTUPINFO);
+        if (CreateProcessA(NULL, buffer, NULL, NULL, FALSE, 0, NULL, NULL,
+                           &startupInfo, &processInfo)) {
+            WaitForSingleObject(processInfo.hProcess, INFINITE);
+            GetExitCodeProcess(processInfo.hProcess, &exitCode);
+            CloseHandle(processInfo.hThread);
+            CloseHandle(processInfo.hProcess);
+            failed = (exitCode != 0);
+        } else {
+            test_error__("Cannot create unit test subprocess [%ld].",
+                         GetLastError());
+            failed = 1;
+        }
+
+#else
+
+        /* A platform where we don't know how to run child process. */
+        failed = (test_do_run__(test) != 0);
+
+#endif
+
+    } else {
+        /* Child processes suppressed through --no-exec. */
+        failed = (test_do_run__(test) != 0);
+    }
+
+    test_current_unit__ = NULL;
+
+    test_stat_run_units__++;
+    if (failed)
+        test_stat_failed_units__++;
+}
+
+#if defined(CUTEST_WIN__)
+/* Callback for SEH events. */
+static LONG CALLBACK test_exception_filter__(EXCEPTION_POINTERS *ptrs)
+{
+    test_error__("Unhandled SEH exception %08lx at %p.",
+                 ptrs->ExceptionRecord->ExceptionCode,
+                 ptrs->ExceptionRecord->ExceptionAddress);
+    fflush(stdout);
+    fflush(stderr);
+    return EXCEPTION_EXECUTE_HANDLER;
+}
+#endif
+
+static void test_help__(void)
+{
+    printf("Usage: %s [options] [test...]\n", test_argv0__);
+    printf("Run the specified unit tests; or if the option '--skip' is used, "
+           "run all\n");
+    printf("tests in the suite but those listed.  By default, if no tests are "
+           "specified\n");
+    printf("on the command line, all unit tests in the suite are run.\n");
+    printf("\n");
+    printf("Options:\n");
+    printf(
+        "  -s, --skip            Execute all unit tests but the listed ones\n");
+    printf("      --no-exec         Do not execute unit tests as child "
+           "processes\n");
+    printf(
+        "      --no-summary      Suppress printing of test results summary\n");
+    printf("  -l, --list            List unit tests in the suite and exit\n");
+    printf("  -v, --verbose         Enable more verbose output\n");
+    printf("      --verbose=LEVEL   Set verbose level to LEVEL:\n");
+    printf("                          0 ... Be silent\n");
+    printf("                          1 ... Output one line per test (and "
+           "summary)\n");
+    printf("                          2 ... As 1 and failed conditions (this "
+           "is default)\n");
+    printf("                          3 ... As 1 and all conditions (and "
+           "extended summary)\n");
+    printf("      --color=WHEN      Enable colorized output (WHEN is one of "
+           "'auto', 'always', 'never')\n");
+    printf("  -h, --help            Display this help and exit\n");
+    printf("\n");
+    test_list_names__();
+}
+
+int main(int argc, char **argv)
+{
+    const struct test__ **tests = NULL;
+    int i, j, n = 0;
+    int seen_double_dash = 0;
+
+    test_argv0__ = argv[0];
+
+#if defined CUTEST_UNIX__
+    test_colorize__ = isatty(STDOUT_FILENO);
+#elif defined CUTEST_WIN__
+    test_colorize__ = _isatty(_fileno(stdout));
+#else
+    test_colorize__ = 0;
+#endif
+
+    /* Parse options */
+    for (i = 1; i < argc; i++) {
+        if (seen_double_dash || argv[i][0] != '-') {
+            tests = (const struct test__ **)realloc(
+                (void *)tests, (n + 1) * sizeof(const struct test__ *));
+            if (tests == NULL) {
+                fprintf(stderr, "Out of memory.\n");
+                exit(2);
+            }
+            tests[n] = test_by_name__(argv[i]);
+            if (tests[n] == NULL) {
+                fprintf(stderr, "%s: Unrecognized unit test '%s'\n", argv[0],
+                        argv[i]);
+                fprintf(stderr, "Try '%s --list' for list of unit tests.\n",
+                        argv[0]);
+                exit(2);
+            }
+            n++;
+        } else if (strcmp(argv[i], "--") == 0) {
+            seen_double_dash = 1;
+        } else if (strcmp(argv[i], "--help") == 0 ||
+                   strcmp(argv[i], "-h") == 0) {
+            test_help__();
+            exit(0);
+        } else if (strcmp(argv[i], "--verbose") == 0 ||
+                   strcmp(argv[i], "-v") == 0) {
+            test_verbose_level__++;
+        } else if (strncmp(argv[i], "--verbose=", 10) == 0) {
+            test_verbose_level__ = atoi(argv[i] + 10);
+        } else if (strcmp(argv[i], "--color=auto") == 0) {
+            /* noop (set from above) */
+        } else if (strcmp(argv[i], "--color=always") == 0 ||
+                   strcmp(argv[i], "--color") == 0) {
+            test_colorize__ = 1;
+        } else if (strcmp(argv[i], "--color=never") == 0) {
+            test_colorize__ = 0;
+        } else if (strcmp(argv[i], "--skip") == 0 ||
+                   strcmp(argv[i], "-s") == 0) {
+            test_skip_mode__ = 1;
+        } else if (strcmp(argv[i], "--no-exec") == 0) {
+            test_no_exec__ = 1;
+        } else if (strcmp(argv[i], "--no-summary") == 0) {
+            test_no_summary__ = 1;
+        } else if (strcmp(argv[i], "--list") == 0 ||
+                   strcmp(argv[i], "-l") == 0) {
+            test_list_names__();
+            exit(0);
+        } else {
+            fprintf(stderr, "%s: Unrecognized option '%s'\n", argv[0], argv[i]);
+            fprintf(stderr, "Try '%s --help' for more information.\n", argv[0]);
+            exit(2);
+        }
+    }
+
+#if defined(CUTEST_WIN__)
+    SetUnhandledExceptionFilter(test_exception_filter__);
+#endif
+
+    /* Count all test units */
+    test_count__ = 0;
+    for (i = 0; test_list__[i].func != NULL; i++)
+        test_count__++;
+
+    /* Run the tests */
+    if (n == 0) {
+        /* Run all tests */
+        for (i = 0; test_list__[i].func != NULL; i++)
+            test_run__(&test_list__[i]);
+    } else if (!test_skip_mode__) {
+        /* Run the listed tests */
+        for (i = 0; i < n; i++)
+            test_run__(tests[i]);
+    } else {
+        /* Run all tests except those listed */
+        for (i = 0; test_list__[i].func != NULL; i++) {
+            int want_skip = 0;
+            for (j = 0; j < n; j++) {
+                if (tests[j] == &test_list__[i]) {
+                    want_skip = 1;
+                    break;
+                }
+            }
+            if (!want_skip)
+                test_run__(&test_list__[i]);
+        }
+    }
+
+    /* Write a summary */
+    if (!test_no_summary__ && test_verbose_level__ >= 1) {
+        test_print_in_color__(CUTEST_COLOR_DEFAULT_INTENSIVE__, "\nSummary:\n");
+
+        if (test_verbose_level__ >= 3) {
+            printf("  Count of all unit tests:     %4d\n", test_count__);
+            printf("  Count of run unit tests:     %4d\n",
+                   test_stat_run_units__);
+            printf("  Count of failed unit tests:  %4d\n",
+                   test_stat_failed_units__);
+            printf("  Count of skipped unit tests: %4d\n",
+                   test_count__ - test_stat_run_units__);
+        }
+
+        if (test_stat_failed_units__ == 0) {
+            test_print_in_color__(CUTEST_COLOR_GREEN_INTENSIVE__,
+                                  "  SUCCESS: All unit tests have passed.\n");
+        } else {
+            test_print_in_color__(
+                CUTEST_COLOR_RED_INTENSIVE__,
+                "  FAILED: %d of %d unit tests have failed.\n",
+                test_stat_failed_units__, test_stat_run_units__);
+        }
+    }
+
+    if (tests != NULL)
+        free((void *)tests);
+
+    return (test_stat_failed_units__ == 0) ? 0 : 1;
+}
+
+#endif /* #ifndef TEST_NO_MAIN */
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
+#endif /* #ifndef CUTEST_H__ */
diff --git a/trunk/3rdparty/libsrtp-2-fit/test/dtls_srtp_driver.c b/trunk/3rdparty/libsrtp-2-fit/test/dtls_srtp_driver.c
new file mode 100644
index 000000000..4f4d0a39b
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/test/dtls_srtp_driver.c
@@ -0,0 +1,261 @@
+/*
+ * dtls_srtp_driver.c
+ *
+ * test driver for DTLS-SRTP functions
+ *
+ * David McGrew
+ * Cisco Systems, Inc.
+ */
+/*
+ *
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <stdio.h>    /* for printf()          */
+#include "getopt_s.h" /* for local getopt()    */
+#include "srtp_priv.h"
+
+srtp_err_status_t test_dtls_srtp(void);
+
+srtp_hdr_t *srtp_create_test_packet(int pkt_octet_len, uint32_t ssrc);
+
+void usage(char *prog_name)
+{
+    printf("usage: %s [ -t ][ -c ][ -v ][-d <debug_module> ]* [ -l ]\n"
+           "  -d <mod>   turn on debugging module <mod>\n"
+           "  -l         list debugging modules\n",
+           prog_name);
+    exit(1);
+}
+
+int main(int argc, char *argv[])
+{
+    unsigned do_list_mods = 0;
+    int q;
+    srtp_err_status_t err;
+
+    printf("dtls_srtp_driver\n");
+
+    /* initialize srtp library */
+    err = srtp_init();
+    if (err) {
+        printf("error: srtp init failed with error code %d\n", err);
+        exit(1);
+    }
+
+    /* process input arguments */
+    while (1) {
+        q = getopt_s(argc, argv, "ld:");
+        if (q == -1)
+            break;
+        switch (q) {
+        case 'l':
+            do_list_mods = 1;
+            break;
+        case 'd':
+            err = srtp_crypto_kernel_set_debug_module(optarg_s, 1);
+            if (err) {
+                printf("error: set debug module (%s) failed\n", optarg_s);
+                exit(1);
+            }
+            break;
+        default:
+            usage(argv[0]);
+        }
+    }
+
+    if (do_list_mods) {
+        err = srtp_crypto_kernel_list_debug_modules();
+        if (err) {
+            printf("error: list of debug modules failed\n");
+            exit(1);
+        }
+    }
+
+    printf("testing dtls_srtp...");
+    err = test_dtls_srtp();
+    if (err) {
+        printf("\nerror (code %d)\n", err);
+        exit(1);
+    }
+    printf("passed\n");
+
+    /* shut down srtp library */
+    err = srtp_shutdown();
+    if (err) {
+        printf("error: srtp shutdown failed with error code %d\n", err);
+        exit(1);
+    }
+
+    return 0;
+}
+
+srtp_err_status_t test_dtls_srtp(void)
+{
+    srtp_hdr_t *test_packet;
+    int test_packet_len = 80;
+    srtp_t s;
+    srtp_policy_t policy;
+    uint8_t key[SRTP_MAX_KEY_LEN];
+    uint8_t salt[SRTP_MAX_KEY_LEN];
+    unsigned int key_len, salt_len;
+    srtp_profile_t profile;
+    srtp_err_status_t err;
+
+    memset(&policy, 0x0, sizeof(srtp_policy_t));
+
+    /* create a 'null' SRTP session */
+    err = srtp_create(&s, NULL);
+    if (err)
+        return err;
+
+    /*
+     * verify that packet-processing functions behave properly - we
+     * expect that these functions will return srtp_err_status_no_ctx
+     */
+    test_packet = srtp_create_test_packet(80, 0xa5a5a5a5);
+    if (test_packet == NULL)
+        return srtp_err_status_alloc_fail;
+
+    err = srtp_protect(s, test_packet, &test_packet_len);
+    if (err != srtp_err_status_no_ctx) {
+        printf("wrong return value from srtp_protect() (got code %d)\n", err);
+        return srtp_err_status_fail;
+    }
+
+    err = srtp_unprotect(s, test_packet, &test_packet_len);
+    if (err != srtp_err_status_no_ctx) {
+        printf("wrong return value from srtp_unprotect() (got code %d)\n", err);
+        return srtp_err_status_fail;
+    }
+
+    err = srtp_protect_rtcp(s, test_packet, &test_packet_len);
+    if (err != srtp_err_status_no_ctx) {
+        printf("wrong return value from srtp_protect_rtcp() (got code %d)\n",
+               err);
+        return srtp_err_status_fail;
+    }
+
+    err = srtp_unprotect_rtcp(s, test_packet, &test_packet_len);
+    if (err != srtp_err_status_no_ctx) {
+        printf("wrong return value from srtp_unprotect_rtcp() (got code %d)\n",
+               err);
+        return srtp_err_status_fail;
+    }
+
+    /*
+     * set keys to known values for testing
+     */
+    profile = srtp_profile_aes128_cm_sha1_80;
+    key_len = srtp_profile_get_master_key_length(profile);
+    salt_len = srtp_profile_get_master_salt_length(profile);
+    memset(key, 0xff, key_len);
+    memset(salt, 0xee, salt_len);
+    srtp_append_salt_to_key(key, key_len, salt, salt_len);
+    policy.key = key;
+
+    /* initialize SRTP policy from profile  */
+    err = srtp_crypto_policy_set_from_profile_for_rtp(&policy.rtp, profile);
+    if (err)
+        return err;
+    err = srtp_crypto_policy_set_from_profile_for_rtcp(&policy.rtcp, profile);
+    if (err)
+        return err;
+    policy.ssrc.type = ssrc_any_inbound;
+    policy.ekt = NULL;
+    policy.window_size = 128;
+    policy.allow_repeat_tx = 0;
+    policy.next = NULL;
+
+    err = srtp_add_stream(s, &policy);
+    if (err)
+        return err;
+
+    err = srtp_dealloc(s);
+    if (err)
+        return err;
+
+    free(test_packet);
+
+    return srtp_err_status_ok;
+}
+
+/*
+ * srtp_create_test_packet(len, ssrc) returns a pointer to a
+ * (malloced) example RTP packet whose data field has the length given
+ * by pkt_octet_len and the SSRC value ssrc.  The total length of the
+ * packet is twelve octets longer, since the header is at the
+ * beginning.  There is room at the end of the packet for a trailer,
+ * and the four octets following the packet are filled with 0xff
+ * values to enable testing for overwrites.
+ *
+ * note that the location of the test packet can (and should) be
+ * deallocated with the free() call once it is no longer needed.
+ */
+
+srtp_hdr_t *srtp_create_test_packet(int pkt_octet_len, uint32_t ssrc)
+{
+    int i;
+    uint8_t *buffer;
+    srtp_hdr_t *hdr;
+    int bytes_in_hdr = 12;
+
+    /* allocate memory for test packet */
+    hdr = malloc(pkt_octet_len + bytes_in_hdr + SRTP_MAX_TRAILER_LEN + 4);
+    if (!hdr)
+        return NULL;
+
+    hdr->version = 2;            /* RTP version two     */
+    hdr->p = 0;                  /* no padding needed   */
+    hdr->x = 0;                  /* no header extension */
+    hdr->cc = 0;                 /* no CSRCs            */
+    hdr->m = 0;                  /* marker bit          */
+    hdr->pt = 0xf;               /* payload type        */
+    hdr->seq = htons(0x1234);    /* sequence number     */
+    hdr->ts = htonl(0xdecafbad); /* timestamp           */
+    hdr->ssrc = htonl(ssrc);     /* synch. source       */
+
+    buffer = (uint8_t *)hdr;
+    buffer += bytes_in_hdr;
+
+    /* set RTP data to 0xab */
+    for (i = 0; i < pkt_octet_len; i++)
+        *buffer++ = 0xab;
+
+    /* set post-data value to 0xffff to enable overrun checking */
+    for (i = 0; i < SRTP_MAX_TRAILER_LEN + 4; i++)
+        *buffer++ = 0xff;
+
+    return hdr;
+}
diff --git a/trunk/3rdparty/libsrtp-2-fit/test/getopt_s.c b/trunk/3rdparty/libsrtp-2-fit/test/getopt_s.c
new file mode 100644
index 000000000..e0bd7f77e
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/test/getopt_s.c
@@ -0,0 +1,109 @@
+/*
+ * getopt.c
+ *
+ * a minimal implementation of the getopt() function, written so that
+ * test applications that use that function can run on non-POSIX
+ * platforms
+ *
+ */
+/*
+ *
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <stdlib.h> /* for NULL */
+
+int optind_s = 0;
+
+char *optarg_s;
+
+#define GETOPT_FOUND_WITHOUT_ARGUMENT 2
+#define GETOPT_FOUND_WITH_ARGUMENT 1
+#define GETOPT_NOT_FOUND 0
+
+static int getopt_check_character(char c, const char *string)
+{
+    unsigned int max_string_len = 128;
+
+    while (*string != 0) {
+        if (max_string_len == 0) {
+            return GETOPT_NOT_FOUND;
+        }
+        max_string_len--;
+        if (*string++ == c) {
+            if (*string == ':') {
+                return GETOPT_FOUND_WITH_ARGUMENT;
+            } else {
+                return GETOPT_FOUND_WITHOUT_ARGUMENT;
+            }
+        }
+    }
+    return GETOPT_NOT_FOUND;
+}
+
+int getopt_s(int argc, char *const argv[], const char *optstring)
+{
+    while (optind_s + 1 < argc) {
+        char *string;
+
+        /* move 'string' on to next argument */
+        optind_s++;
+        string = argv[optind_s];
+
+        if (string == NULL)
+            return '?'; /* NULL argument string */
+
+        if (string[0] != '-')
+            return -1; /* found an unexpected character */
+
+        switch (getopt_check_character(string[1], optstring)) {
+        case GETOPT_FOUND_WITH_ARGUMENT:
+            if (optind_s + 1 < argc) {
+                optind_s++;
+                optarg_s = argv[optind_s];
+                return string[1];
+            } else {
+                return '?'; /* argument missing */
+            }
+        case GETOPT_FOUND_WITHOUT_ARGUMENT:
+            return string[1];
+        case GETOPT_NOT_FOUND:
+        default:
+            return '?'; /* didn't find expected character */
+            break;
+        }
+    }
+
+    return -1;
+}
diff --git a/trunk/3rdparty/libsrtp-2-fit/test/rdbx_driver.c b/trunk/3rdparty/libsrtp-2-fit/test/rdbx_driver.c
new file mode 100644
index 000000000..df434a022
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/test/rdbx_driver.c
@@ -0,0 +1,360 @@
+/*
+ * rdbx_driver.c
+ *
+ * driver for the rdbx implementation (replay database with extended range)
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ */
+/*
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>    /* for printf()          */
+#include "getopt_s.h" /* for local getopt()    */
+
+#include "rdbx.h"
+#include "cipher_priv.h"
+
+#ifdef ROC_TEST
+#error "srtp_rdbx_t won't work with ROC_TEST - bitmask same size as seq_median"
+#endif
+
+#include "ut_sim.h"
+
+srtp_err_status_t test_replay_dbx(int num_trials, unsigned long ws);
+
+double rdbx_check_adds_per_second(int num_trials, unsigned long ws);
+
+void usage(char *prog_name)
+{
+    printf("usage: %s [ -t | -v ]\n", prog_name);
+    exit(255);
+}
+
+int main(int argc, char *argv[])
+{
+    double rate;
+    srtp_err_status_t status;
+    int q;
+    unsigned do_timing_test = 0;
+    unsigned do_validation = 0;
+
+    /* process input arguments */
+    while (1) {
+        q = getopt_s(argc, argv, "tv");
+        if (q == -1)
+            break;
+        switch (q) {
+        case 't':
+            do_timing_test = 1;
+            break;
+        case 'v':
+            do_validation = 1;
+            break;
+        default:
+            usage(argv[0]);
+        }
+    }
+
+    printf("rdbx (replay database w/ extended range) test driver\n"
+           "David A. McGrew\n"
+           "Cisco Systems, Inc.\n");
+
+    if (!do_validation && !do_timing_test)
+        usage(argv[0]);
+
+    if (do_validation) {
+        printf("testing srtp_rdbx_t (ws=128)...\n");
+
+        status = test_replay_dbx(1 << 12, 128);
+        if (status) {
+            printf("failed\n");
+            exit(1);
+        }
+        printf("passed\n");
+
+        printf("testing srtp_rdbx_t (ws=1024)...\n");
+
+        status = test_replay_dbx(1 << 12, 1024);
+        if (status) {
+            printf("failed\n");
+            exit(1);
+        }
+        printf("passed\n");
+    }
+
+    if (do_timing_test) {
+        rate = rdbx_check_adds_per_second(1 << 18, 128);
+        printf("rdbx_check/replay_adds per second (ws=128): %e\n", rate);
+        rate = rdbx_check_adds_per_second(1 << 18, 1024);
+        printf("rdbx_check/replay_adds per second (ws=1024): %e\n", rate);
+    }
+
+    return 0;
+}
+
+void print_rdbx(srtp_rdbx_t *rdbx)
+{
+    char buf[2048];
+    printf("rdbx: {%llu, %s}\n", (unsigned long long)(rdbx->index),
+           bitvector_bit_string(&rdbx->bitmask, buf, sizeof(buf)));
+}
+
+/*
+ * rdbx_check_add(rdbx, idx) checks a known-to-be-good idx against
+ * rdbx, then adds it.  if a failure is detected (i.e., the check
+ * indicates that the value is already in rdbx) then
+ * srtp_err_status_algo_fail is returned.
+ *
+ */
+
+srtp_err_status_t rdbx_check_add(srtp_rdbx_t *rdbx, uint32_t idx)
+{
+    int delta;
+    srtp_xtd_seq_num_t est;
+
+    delta = srtp_index_guess(&rdbx->index, &est, idx);
+
+    if (srtp_rdbx_check(rdbx, delta) != srtp_err_status_ok) {
+        printf("replay_check failed at index %u\n", idx);
+        return srtp_err_status_algo_fail;
+    }
+
+    /*
+     * in practice, we'd authenticate the packet containing idx, using
+     * the estimated value est, at this point
+     */
+
+    if (srtp_rdbx_add_index(rdbx, delta) != srtp_err_status_ok) {
+        printf("rdbx_add_index failed at index %u\n", idx);
+        return srtp_err_status_algo_fail;
+    }
+
+    return srtp_err_status_ok;
+}
+
+/*
+ * rdbx_check_expect_failure(srtp_rdbx_t *rdbx, uint32_t idx)
+ *
+ * checks that a sequence number idx is in the replay database
+ * and thus will be rejected
+ */
+
+srtp_err_status_t rdbx_check_expect_failure(srtp_rdbx_t *rdbx, uint32_t idx)
+{
+    int delta;
+    srtp_xtd_seq_num_t est;
+    srtp_err_status_t status;
+
+    delta = srtp_index_guess(&rdbx->index, &est, idx);
+
+    status = srtp_rdbx_check(rdbx, delta);
+    if (status == srtp_err_status_ok) {
+        printf("delta: %d ", delta);
+        printf("replay_check failed at index %u (false positive)\n", idx);
+        return srtp_err_status_algo_fail;
+    }
+
+    return srtp_err_status_ok;
+}
+
+srtp_err_status_t rdbx_check_add_unordered(srtp_rdbx_t *rdbx, uint32_t idx)
+{
+    int delta;
+    srtp_xtd_seq_num_t est;
+    srtp_err_status_t rstat;
+
+    delta = srtp_index_guess(&rdbx->index, &est, idx);
+
+    rstat = srtp_rdbx_check(rdbx, delta);
+    if ((rstat != srtp_err_status_ok) &&
+        (rstat != srtp_err_status_replay_old)) {
+        printf("replay_check_add_unordered failed at index %u\n", idx);
+        return srtp_err_status_algo_fail;
+    }
+    if (rstat == srtp_err_status_replay_old) {
+        return srtp_err_status_ok;
+    }
+    if (srtp_rdbx_add_index(rdbx, delta) != srtp_err_status_ok) {
+        printf("rdbx_add_index failed at index %u\n", idx);
+        return srtp_err_status_algo_fail;
+    }
+
+    return srtp_err_status_ok;
+}
+
+srtp_err_status_t test_replay_dbx(int num_trials, unsigned long ws)
+{
+    srtp_rdbx_t rdbx;
+    uint32_t idx, ircvd;
+    ut_connection utc;
+    srtp_err_status_t status;
+    int num_fp_trials;
+
+    status = srtp_rdbx_init(&rdbx, ws);
+    if (status) {
+        printf("replay_init failed with error code %d\n", status);
+        exit(1);
+    }
+
+    /*
+     *  test sequential insertion
+     */
+    printf("\ttesting sequential insertion...");
+    for (idx = 0; (int)idx < num_trials; idx++) {
+        status = rdbx_check_add(&rdbx, idx);
+        if (status)
+            return status;
+    }
+    printf("passed\n");
+
+    /*
+     *  test for false positives by checking all of the index
+     *  values which we've just added
+     *
+     * note that we limit the number of trials here, since allowing the
+     * rollover counter to roll over would defeat this test
+     */
+    num_fp_trials = num_trials % 0x10000;
+    if (num_fp_trials == 0) {
+        printf("warning: no false positive tests performed\n");
+    }
+    printf("\ttesting for false positives...");
+    for (idx = 0; (int)idx < num_fp_trials; idx++) {
+        status = rdbx_check_expect_failure(&rdbx, idx);
+        if (status)
+            return status;
+    }
+    printf("passed\n");
+
+    /* re-initialize */
+    srtp_rdbx_dealloc(&rdbx);
+
+    if (srtp_rdbx_init(&rdbx, ws) != srtp_err_status_ok) {
+        printf("replay_init failed\n");
+        return srtp_err_status_init_fail;
+    }
+
+    /*
+     * test non-sequential insertion
+     *
+     * this test covers only fase negatives, since the values returned
+     * by ut_next_index(...) are distinct
+     */
+    ut_init(&utc);
+
+    printf("\ttesting non-sequential insertion...");
+    for (idx = 0; (int)idx < num_trials; idx++) {
+        ircvd = ut_next_index(&utc);
+        status = rdbx_check_add_unordered(&rdbx, ircvd);
+        if (status)
+            return status;
+        status = rdbx_check_expect_failure(&rdbx, ircvd);
+        if (status)
+            return status;
+    }
+    printf("passed\n");
+
+    /* re-initialize */
+    srtp_rdbx_dealloc(&rdbx);
+
+    if (srtp_rdbx_init(&rdbx, ws) != srtp_err_status_ok) {
+        printf("replay_init failed\n");
+        return srtp_err_status_init_fail;
+    }
+
+    /*
+     * test insertion with large gaps.
+     * check for false positives for each insertion.
+     */
+    printf("\ttesting insertion with large gaps...");
+    for (idx = 0, ircvd = 0; (int)idx < num_trials;
+         idx++, ircvd += (1 << (srtp_cipher_rand_u32_for_tests() % 12))) {
+        status = rdbx_check_add(&rdbx, ircvd);
+        if (status)
+            return status;
+        status = rdbx_check_expect_failure(&rdbx, ircvd);
+        if (status)
+            return status;
+    }
+    printf("passed\n");
+
+    srtp_rdbx_dealloc(&rdbx);
+
+    return srtp_err_status_ok;
+}
+
+#include <time.h> /* for clock()  */
+
+double rdbx_check_adds_per_second(int num_trials, unsigned long ws)
+{
+    uint32_t i;
+    int delta;
+    srtp_rdbx_t rdbx;
+    srtp_xtd_seq_num_t est;
+    clock_t timer;
+    int failures; /* count number of failures */
+
+    if (srtp_rdbx_init(&rdbx, ws) != srtp_err_status_ok) {
+        printf("replay_init failed\n");
+        exit(1);
+    }
+
+    failures = 0;
+    timer = clock();
+    for (i = 0; (int)i < num_trials; i++) {
+        delta = srtp_index_guess(&rdbx.index, &est, i);
+
+        if (srtp_rdbx_check(&rdbx, delta) != srtp_err_status_ok)
+            ++failures;
+        else if (srtp_rdbx_add_index(&rdbx, delta) != srtp_err_status_ok)
+            ++failures;
+    }
+    timer = clock() - timer;
+    if (timer < 1) {
+        timer = 1;
+    }
+
+    printf("number of failures: %d \n", failures);
+
+    srtp_rdbx_dealloc(&rdbx);
+
+    return (double)CLOCKS_PER_SEC * num_trials / timer;
+}
diff --git a/trunk/3rdparty/libsrtp-2-fit/test/replay_driver.c b/trunk/3rdparty/libsrtp-2-fit/test/replay_driver.c
new file mode 100644
index 000000000..e0808b685
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/test/replay_driver.c
@@ -0,0 +1,285 @@
+/*
+ * replay_driver.c
+ *
+ * A driver for the replay_database implementation
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ */
+
+/*
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+
+#include "rdb.h"
+#include "ut_sim.h"
+
+#include "cipher_priv.h"
+
+/*
+ * num_trials defines the number of trials that are used in the
+ * validation functions below
+ */
+
+unsigned num_trials = 1 << 16;
+
+srtp_err_status_t test_rdb_db(void);
+
+double rdb_check_adds_per_second(void);
+
+int main(void)
+{
+    srtp_err_status_t err;
+
+    printf("testing anti-replay database (srtp_rdb_t)...\n");
+    err = test_rdb_db();
+    if (err) {
+        printf("failed\n");
+        exit(1);
+    }
+    printf("done\n");
+
+    printf("rdb_check/rdb_adds per second: %e\n", rdb_check_adds_per_second());
+
+    return 0;
+}
+
+void print_rdb(srtp_rdb_t *rdb)
+{
+    printf("rdb: {%u, %s}\n", rdb->window_start,
+           v128_bit_string(&rdb->bitmask));
+}
+
+srtp_err_status_t rdb_check_add(srtp_rdb_t *rdb, uint32_t idx)
+{
+    if (srtp_rdb_check(rdb, idx) != srtp_err_status_ok) {
+        printf("rdb_check failed at index %u\n", idx);
+        return srtp_err_status_fail;
+    }
+    if (srtp_rdb_add_index(rdb, idx) != srtp_err_status_ok) {
+        printf("rdb_add_index failed at index %u\n", idx);
+        return srtp_err_status_fail;
+    }
+
+    return srtp_err_status_ok;
+}
+
+srtp_err_status_t rdb_check_expect_failure(srtp_rdb_t *rdb, uint32_t idx)
+{
+    srtp_err_status_t err;
+
+    err = srtp_rdb_check(rdb, idx);
+    if ((err != srtp_err_status_replay_old) &&
+        (err != srtp_err_status_replay_fail)) {
+        printf("rdb_check failed at index %u (false positive)\n", idx);
+        return srtp_err_status_fail;
+    }
+
+    return srtp_err_status_ok;
+}
+
+srtp_err_status_t rdb_check_add_unordered(srtp_rdb_t *rdb, uint32_t idx)
+{
+    srtp_err_status_t rstat;
+
+    /* printf("index: %u\n", idx); */
+    rstat = srtp_rdb_check(rdb, idx);
+    if ((rstat != srtp_err_status_ok) &&
+        (rstat != srtp_err_status_replay_old)) {
+        printf("rdb_check_add_unordered failed at index %u\n", idx);
+        return rstat;
+    }
+    if (rstat == srtp_err_status_replay_old) {
+        return srtp_err_status_ok;
+    }
+    if (srtp_rdb_add_index(rdb, idx) != srtp_err_status_ok) {
+        printf("rdb_add_index failed at index %u\n", idx);
+        return srtp_err_status_fail;
+    }
+
+    return srtp_err_status_ok;
+}
+
+srtp_err_status_t test_rdb_db()
+{
+    srtp_rdb_t rdb;
+    uint32_t idx, ircvd;
+    ut_connection utc;
+    srtp_err_status_t err;
+
+    if (srtp_rdb_init(&rdb) != srtp_err_status_ok) {
+        printf("rdb_init failed\n");
+        return srtp_err_status_init_fail;
+    }
+
+    /* test sequential insertion */
+    for (idx = 0; idx < num_trials; idx++) {
+        err = rdb_check_add(&rdb, idx);
+        if (err)
+            return err;
+    }
+
+    /* test for false positives */
+    for (idx = 0; idx < num_trials; idx++) {
+        err = rdb_check_expect_failure(&rdb, idx);
+        if (err)
+            return err;
+    }
+
+    /* re-initialize */
+    if (srtp_rdb_init(&rdb) != srtp_err_status_ok) {
+        printf("rdb_init failed\n");
+        return srtp_err_status_fail;
+    }
+
+    /* test non-sequential insertion */
+    ut_init(&utc);
+
+    for (idx = 0; idx < num_trials; idx++) {
+        ircvd = ut_next_index(&utc);
+        err = rdb_check_add_unordered(&rdb, ircvd);
+        if (err)
+            return err;
+        err = rdb_check_expect_failure(&rdb, ircvd);
+        if (err)
+            return err;
+    }
+
+    /* re-initialize */
+    if (srtp_rdb_init(&rdb) != srtp_err_status_ok) {
+        printf("rdb_init failed\n");
+        return srtp_err_status_fail;
+    }
+
+    /* test insertion with large gaps */
+    for (idx = 0, ircvd = 0; idx < num_trials;
+         idx++, ircvd += (1 << (srtp_cipher_rand_u32_for_tests() % 10))) {
+        err = rdb_check_add(&rdb, ircvd);
+        if (err)
+            return err;
+        err = rdb_check_expect_failure(&rdb, ircvd);
+        if (err)
+            return err;
+    }
+
+    /* re-initialize */
+    if (srtp_rdb_init(&rdb) != srtp_err_status_ok) {
+        printf("rdb_init failed\n");
+        return srtp_err_status_fail;
+    }
+
+    /* test loss of first 513 packets */
+    for (idx = 0; idx < num_trials; idx++) {
+        err = rdb_check_add(&rdb, idx + 513);
+        if (err)
+            return err;
+    }
+
+    /* test for false positives */
+    for (idx = 0; idx < num_trials + 513; idx++) {
+        err = rdb_check_expect_failure(&rdb, idx);
+        if (err)
+            return err;
+    }
+
+    /* test for key expired */
+    if (srtp_rdb_init(&rdb) != srtp_err_status_ok) {
+        printf("rdb_init failed\n");
+        return srtp_err_status_fail;
+    }
+    rdb.window_start = 0x7ffffffe;
+    if (srtp_rdb_increment(&rdb) != srtp_err_status_ok) {
+        printf("srtp_rdb_increment of 0x7ffffffe failed\n");
+        return srtp_err_status_fail;
+    }
+    if (srtp_rdb_get_value(&rdb) != 0x7fffffff) {
+        printf("rdb valiue was not 0x7fffffff\n");
+        return srtp_err_status_fail;
+    }
+    if (srtp_rdb_increment(&rdb) != srtp_err_status_key_expired) {
+        printf("srtp_rdb_increment of 0x7fffffff did not return "
+               "srtp_err_status_key_expired\n");
+        return srtp_err_status_fail;
+    }
+    if (srtp_rdb_get_value(&rdb) != 0x7fffffff) {
+        printf("rdb valiue was not 0x7fffffff\n");
+        return srtp_err_status_fail;
+    }
+
+    return srtp_err_status_ok;
+}
+
+#include <time.h>   /* for clock()  */
+#include <stdlib.h> /* for random() */
+
+#define REPLAY_NUM_TRIALS 10000000
+
+double rdb_check_adds_per_second(void)
+{
+    uint32_t i;
+    srtp_rdb_t rdb;
+    clock_t timer;
+    int failures = 0; /* count number of failures        */
+
+    if (srtp_rdb_init(&rdb) != srtp_err_status_ok) {
+        printf("rdb_init failed\n");
+        exit(1);
+    }
+
+    timer = clock();
+    for (i = 0; i < REPLAY_NUM_TRIALS; i += 3) {
+        if (srtp_rdb_check(&rdb, i + 2) != srtp_err_status_ok)
+            ++failures;
+        if (srtp_rdb_add_index(&rdb, i + 2) != srtp_err_status_ok)
+            ++failures;
+        if (srtp_rdb_check(&rdb, i + 1) != srtp_err_status_ok)
+            ++failures;
+        if (srtp_rdb_add_index(&rdb, i + 1) != srtp_err_status_ok)
+            ++failures;
+        if (srtp_rdb_check(&rdb, i) != srtp_err_status_ok)
+            ++failures;
+        if (srtp_rdb_add_index(&rdb, i) != srtp_err_status_ok)
+            ++failures;
+    }
+    timer = clock() - timer;
+
+    return (double)CLOCKS_PER_SEC * REPLAY_NUM_TRIALS / timer;
+}
diff --git a/trunk/3rdparty/libsrtp-2-fit/test/roc_driver.c b/trunk/3rdparty/libsrtp-2-fit/test/roc_driver.c
new file mode 100644
index 000000000..439862039
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/test/roc_driver.c
@@ -0,0 +1,170 @@
+/*
+ * roc_driver.c
+ *
+ * test driver for rollover counter replay implementation
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ */
+
+/*
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+
+/*
+ * defining ROC_TEST causes small datatypes to be used in
+ * srtp_xtd_seq_num_t - this allows the functions to be exhaustively tested.
+ */
+#if ROC_NEEDS_TO_BE_TESTED
+#define ROC_TEST
+#endif
+
+#include "rdbx.h"
+#include "ut_sim.h"
+
+srtp_err_status_t roc_test(int num_trials);
+
+int main(void)
+{
+    srtp_err_status_t status;
+
+    printf("rollover counter test driver\n"
+           "David A. McGrew\n"
+           "Cisco Systems, Inc.\n");
+
+    printf("testing index functions...");
+    status = roc_test(1 << 18);
+    if (status) {
+        printf("failed\n");
+        exit(status);
+    }
+    printf("passed\n");
+    return 0;
+}
+
+#define ROC_VERBOSE 0
+
+srtp_err_status_t roc_test(int num_trials)
+{
+    srtp_xtd_seq_num_t local, est, ref;
+    ut_connection utc;
+    int i, num_bad_est = 0;
+    int delta;
+    uint32_t ircvd;
+    double failure_rate;
+
+    srtp_index_init(&local);
+    srtp_index_init(&ref);
+    srtp_index_init(&est);
+
+    printf("\n\ttesting sequential insertion...");
+    for (i = 0; i < 2048; i++) {
+        srtp_index_guess(&local, &est, (uint16_t)ref);
+#if ROC_VERBOSE
+        printf("%lld, %lld, %d\n", ref, est, i);
+#endif
+        if (ref != est) {
+#if ROC_VERBOSE
+            printf(" *bad estimate*\n");
+#endif
+            ++num_bad_est;
+        }
+        srtp_index_advance(&ref, 1);
+    }
+    failure_rate = (double)num_bad_est / num_trials;
+    if (failure_rate > 0.01) {
+        printf("error: failure rate too high (%d bad estimates in %d trials)\n",
+               num_bad_est, num_trials);
+        return srtp_err_status_algo_fail;
+    }
+    printf("done\n");
+
+    printf("\ttesting non-sequential insertion...");
+    srtp_index_init(&local);
+    srtp_index_init(&ref);
+    srtp_index_init(&est);
+    ut_init(&utc);
+
+    for (i = 0; i < num_trials; i++) {
+        /* get next seq num from unreliable transport simulator */
+        ircvd = ut_next_index(&utc);
+
+        /* set ref to value of ircvd */
+        ref = ircvd;
+
+        /* estimate index based on low bits of ircvd */
+        delta = srtp_index_guess(&local, &est, (uint16_t)ref);
+#if ROC_VERBOSE
+        printf("ref: %lld, local: %lld, est: %lld, ircvd: %d, delta: %d\n", ref,
+               local, est, ircvd, delta);
+#endif
+
+        if (local + delta != est) {
+            printf(" *bad delta*: local %llu + delta %d != est %llu\n",
+                   (unsigned long long)local, delta, (unsigned long long)est);
+            return srtp_err_status_algo_fail;
+        }
+
+        /* now update local srtp_xtd_seq_num_t as necessary */
+        if (delta > 0)
+            srtp_index_advance(&local, delta);
+
+        if (ref != est) {
+#if ROC_VERBOSE
+            printf(" *bad estimate*\n");
+#endif
+            /* record failure event */
+            ++num_bad_est;
+
+            /* reset local value to correct value */
+            local = ref;
+        }
+    }
+    failure_rate = (double)num_bad_est / num_trials;
+    if (failure_rate > 0.01) {
+        printf("error: failure rate too high (%d bad estimates in %d trials)\n",
+               num_bad_est, num_trials);
+        return srtp_err_status_algo_fail;
+    }
+    printf("done\n");
+
+    return srtp_err_status_ok;
+}
diff --git a/trunk/3rdparty/libsrtp-2-fit/test/rtp.c b/trunk/3rdparty/libsrtp-2-fit/test/rtp.c
new file mode 100644
index 000000000..70248ee2b
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/test/rtp.c
@@ -0,0 +1,229 @@
+/*
+ * rtp.c
+ *
+ * library functions for the real-time transport protocol
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ */
+
+/*
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include "rtp.h"
+
+#include <stdio.h>
+#include <string.h>
+
+#include <sys/types.h>
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+
+#include "cipher_priv.h"
+
+#define PRINT_DEBUG 0   /* set to 1 to print out debugging data */
+#define VERBOSE_DEBUG 0 /* set to 1 to print out more data      */
+
+int rtp_sendto(rtp_sender_t sender, const void *msg, int len)
+{
+    int octets_sent;
+    srtp_err_status_t stat;
+    int pkt_len = len + RTP_HEADER_LEN;
+
+    /* marshal data */
+    strncpy(sender->message.body, msg, len);
+
+    /* update header */
+    sender->message.header.seq = ntohs(sender->message.header.seq) + 1;
+    sender->message.header.seq = htons(sender->message.header.seq);
+    sender->message.header.ts = ntohl(sender->message.header.ts) + 1;
+    sender->message.header.ts = htonl(sender->message.header.ts);
+
+    /* apply srtp */
+    stat = srtp_protect(sender->srtp_ctx, &sender->message.header, &pkt_len);
+    if (stat) {
+#if PRINT_DEBUG
+        fprintf(stderr, "error: srtp protection failed with code %d\n", stat);
+#endif
+        return -1;
+    }
+#if VERBOSE_DEBUG
+    srtp_print_packet(&sender->message.header, pkt_len);
+#endif
+    octets_sent =
+        sendto(sender->socket, (void *)&sender->message, pkt_len, 0,
+               (struct sockaddr *)&sender->addr, sizeof(struct sockaddr_in));
+
+    if (octets_sent != pkt_len) {
+#if PRINT_DEBUG
+        fprintf(stderr, "error: couldn't send message %s", (char *)msg);
+        perror("");
+#endif
+    }
+
+    return octets_sent;
+}
+
+int rtp_recvfrom(rtp_receiver_t receiver, void *msg, int *len)
+{
+    int octets_recvd;
+    srtp_err_status_t stat;
+
+    octets_recvd = recvfrom(receiver->socket, (void *)&receiver->message, *len,
+                            0, (struct sockaddr *)NULL, 0);
+
+    if (octets_recvd == -1) {
+        *len = 0;
+        return -1;
+    }
+
+    /* verify rtp header */
+    if (receiver->message.header.version != 2) {
+        *len = 0;
+        return -1;
+    }
+
+#if PRINT_DEBUG
+    fprintf(stderr, "%d octets received from SSRC %u\n", octets_recvd,
+            receiver->message.header.ssrc);
+#endif
+#if VERBOSE_DEBUG
+    srtp_print_packet(&receiver->message.header, octets_recvd);
+#endif
+
+    /* apply srtp */
+    stat = srtp_unprotect(receiver->srtp_ctx, &receiver->message.header,
+                          &octets_recvd);
+    if (stat) {
+        fprintf(stderr, "error: srtp unprotection failed with code %d%s\n",
+                stat,
+                stat == srtp_err_status_replay_fail
+                    ? " (replay check failed)"
+                    : stat == srtp_err_status_auth_fail ? " (auth check failed)"
+                                                        : "");
+        return -1;
+    }
+    strncpy(msg, receiver->message.body, octets_recvd);
+
+    return octets_recvd;
+}
+
+int rtp_sender_init(rtp_sender_t sender,
+                    int sock,
+                    struct sockaddr_in addr,
+                    unsigned int ssrc)
+{
+    /* set header values */
+    sender->message.header.ssrc = htonl(ssrc);
+    sender->message.header.ts = 0;
+    sender->message.header.seq = (uint16_t)srtp_cipher_rand_u32_for_tests();
+    sender->message.header.m = 0;
+    sender->message.header.pt = 0x1;
+    sender->message.header.version = 2;
+    sender->message.header.p = 0;
+    sender->message.header.x = 0;
+    sender->message.header.cc = 0;
+
+    /* set other stuff */
+    sender->socket = sock;
+    sender->addr = addr;
+
+    return 0;
+}
+
+int rtp_receiver_init(rtp_receiver_t rcvr,
+                      int sock,
+                      struct sockaddr_in addr,
+                      unsigned int ssrc)
+{
+    /* set header values */
+    rcvr->message.header.ssrc = htonl(ssrc);
+    rcvr->message.header.ts = 0;
+    rcvr->message.header.seq = 0;
+    rcvr->message.header.m = 0;
+    rcvr->message.header.pt = 0x1;
+    rcvr->message.header.version = 2;
+    rcvr->message.header.p = 0;
+    rcvr->message.header.x = 0;
+    rcvr->message.header.cc = 0;
+
+    /* set other stuff */
+    rcvr->socket = sock;
+    rcvr->addr = addr;
+
+    return 0;
+}
+
+int rtp_sender_init_srtp(rtp_sender_t sender, const srtp_policy_t *policy)
+{
+    return srtp_create(&sender->srtp_ctx, policy);
+}
+
+int rtp_sender_deinit_srtp(rtp_sender_t sender)
+{
+    return srtp_dealloc(sender->srtp_ctx);
+}
+
+int rtp_receiver_init_srtp(rtp_receiver_t sender, const srtp_policy_t *policy)
+{
+    return srtp_create(&sender->srtp_ctx, policy);
+}
+
+int rtp_receiver_deinit_srtp(rtp_receiver_t sender)
+{
+    return srtp_dealloc(sender->srtp_ctx);
+}
+
+rtp_sender_t rtp_sender_alloc(void)
+{
+    return (rtp_sender_t)malloc(sizeof(rtp_sender_ctx_t));
+}
+
+void rtp_sender_dealloc(rtp_sender_t rtp_ctx)
+{
+    free(rtp_ctx);
+}
+
+rtp_receiver_t rtp_receiver_alloc(void)
+{
+    return (rtp_receiver_t)malloc(sizeof(rtp_receiver_ctx_t));
+}
+
+void rtp_receiver_dealloc(rtp_receiver_t rtp_ctx)
+{
+    free(rtp_ctx);
+}
diff --git a/trunk/3rdparty/libsrtp-2-fit/test/rtp.h b/trunk/3rdparty/libsrtp-2-fit/test/rtp.h
new file mode 100644
index 000000000..37921a665
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/test/rtp.h
@@ -0,0 +1,155 @@
+/*
+ * rtp.h
+ *
+ * rtp interface for srtp reference implementation
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ *
+ * data types:
+ *
+ * rtp_msg_t       an rtp message (the data that goes on the wire)
+ * rtp_sender_t    sender side socket and rtp info
+ * rtp_receiver_t  receiver side socket and rtp info
+ *
+ */
+
+/*
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef SRTP_RTP_H
+#define SRTP_RTP_H
+
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#elif defined HAVE_WINSOCK2_H
+#include <winsock2.h>
+#endif
+
+#include "srtp_priv.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * RTP_HEADER_LEN indicates the size of an RTP header
+ */
+#define RTP_HEADER_LEN 12
+
+/*
+ * RTP_MAX_BUF_LEN defines the largest RTP packet in the rtp.c implementation
+ */
+#define RTP_MAX_BUF_LEN 16384
+
+typedef srtp_hdr_t rtp_hdr_t;
+
+typedef struct {
+    srtp_hdr_t header;
+    char body[RTP_MAX_BUF_LEN];
+} rtp_msg_t;
+
+typedef struct rtp_sender_ctx_t {
+    rtp_msg_t message;
+    int socket;
+    srtp_ctx_t *srtp_ctx;
+    struct sockaddr_in addr; /* reciever's address */
+} rtp_sender_ctx_t;
+
+typedef struct rtp_receiver_ctx_t {
+    rtp_msg_t message;
+    int socket;
+    srtp_ctx_t *srtp_ctx;
+    struct sockaddr_in addr; /* receiver's address */
+} rtp_receiver_ctx_t;
+
+typedef struct rtp_sender_ctx_t *rtp_sender_t;
+
+typedef struct rtp_receiver_ctx_t *rtp_receiver_t;
+
+int rtp_sendto(rtp_sender_t sender, const void *msg, int len);
+
+int rtp_recvfrom(rtp_receiver_t receiver, void *msg, int *len);
+
+int rtp_receiver_init(rtp_receiver_t rcvr,
+                      int sock,
+                      struct sockaddr_in addr,
+                      unsigned int ssrc);
+
+int rtp_sender_init(rtp_sender_t sender,
+                    int sock,
+                    struct sockaddr_in addr,
+                    unsigned int ssrc);
+
+/*
+ * srtp_sender_init(...) initializes an rtp_sender_t
+ */
+
+int srtp_sender_init(
+    rtp_sender_t rtp_ctx,              /* structure to be init'ed */
+    struct sockaddr_in name,           /* socket name             */
+    srtp_sec_serv_t security_services, /* sec. servs. to be used  */
+    unsigned char *input_key           /* master key/salt in hex  */
+    );
+
+int srtp_receiver_init(
+    rtp_receiver_t rtp_ctx,            /* structure to be init'ed */
+    struct sockaddr_in name,           /* socket name             */
+    srtp_sec_serv_t security_services, /* sec. servs. to be used  */
+    unsigned char *input_key           /* master key/salt in hex  */
+    );
+
+int rtp_sender_init_srtp(rtp_sender_t sender, const srtp_policy_t *policy);
+
+int rtp_sender_deinit_srtp(rtp_sender_t sender);
+
+int rtp_receiver_init_srtp(rtp_receiver_t sender, const srtp_policy_t *policy);
+
+int rtp_receiver_deinit_srtp(rtp_receiver_t sender);
+
+rtp_sender_t rtp_sender_alloc(void);
+
+void rtp_sender_dealloc(rtp_sender_t rtp_ctx);
+
+rtp_receiver_t rtp_receiver_alloc(void);
+
+void rtp_receiver_dealloc(rtp_receiver_t rtp_ctx);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* SRTP_RTP_H */
diff --git a/trunk/3rdparty/libsrtp-2-fit/test/rtp_decoder.c b/trunk/3rdparty/libsrtp-2-fit/test/rtp_decoder.c
new file mode 100644
index 000000000..8c89a2c10
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/test/rtp_decoder.c
@@ -0,0 +1,785 @@
+/*
+ * rtp_decoder.c
+ *
+ * decoder structures and functions for SRTP pcap decoder
+ *
+ * Example:
+ * $ wget --no-check-certificate \
+ *     https://raw.githubusercontent.com/gteissier/srtp-decrypt/master/marseillaise-srtp.pcap
+ * $ ./test/rtp_decoder -a -t 10 -e 128 -b \
+ *     aSBrbm93IGFsbCB5b3VyIGxpdHRsZSBzZWNyZXRz \
+ *         < ~/marseillaise-srtp.pcap \
+ *         | text2pcap -t "%M:%S." -u 10000,10000 - - \
+ *         > ./marseillaise-rtp.pcap
+ *
+ * There is also a different way of setting up key size and tag size
+ * based upon RFC 4568 crypto suite specification, i.e.:
+ *
+ * $ ./test/rtp_decoder -s AES_CM_128_HMAC_SHA1_80 -b \
+ *     aSBrbm93IGFsbCB5b3VyIGxpdHRsZSBzZWNyZXRz ...
+ *
+ * Audio can be extracted using extractaudio utility from the RTPproxy
+ * package:
+ *
+ * $ extractaudio -A ./marseillaise-rtp.pcap ./marseillaise-out.wav
+ *
+ * Bernardo Torres <bernardo@torresautomacao.com.br>
+ *
+ * Some structure and code from https://github.com/gteissier/srtp-decrypt
+ */
+/*
+ *
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+#include "getopt_s.h" /* for local getopt()  */
+#include <assert.h>   /* for assert()  */
+
+#include <pcap.h>
+#include "rtp_decoder.h"
+#include "util.h"
+
+#ifndef timersub
+#define timersub(a, b, result)                                                 \
+    do {                                                                       \
+        (result)->tv_sec = (a)->tv_sec - (b)->tv_sec;                          \
+        (result)->tv_usec = (a)->tv_usec - (b)->tv_usec;                       \
+        if ((result)->tv_usec < 0) {                                           \
+            --(result)->tv_sec;                                                \
+            (result)->tv_usec += 1000000;                                      \
+        }                                                                      \
+    } while (0)
+#endif
+
+#define MAX_KEY_LEN 96
+#define MAX_FILTER 256
+#define MAX_FILE 255
+
+struct srtp_crypto_suite {
+    const char *can_name;
+    int gcm_on;
+    int key_size;
+    int tag_size;
+};
+
+static struct srtp_crypto_suite srtp_crypto_suites[] = {
+#if 0
+  {.can_name = "F8_128_HMAC_SHA1_32", .gcm_on = 0, .key_size = 128, .tag_size = 4},
+#endif
+    {.can_name = "AES_CM_128_HMAC_SHA1_32",
+     .gcm_on = 0,
+     .key_size = 128,
+     .tag_size = 4 },
+    {.can_name = "AES_CM_128_HMAC_SHA1_80",
+     .gcm_on = 0,
+     .key_size = 128,
+     .tag_size = 10 },
+    {.can_name = "AES_192_CM_HMAC_SHA1_32",
+     .gcm_on = 0,
+     .key_size = 192,
+     .tag_size = 4 },
+    {.can_name = "AES_192_CM_HMAC_SHA1_80",
+     .gcm_on = 0,
+     .key_size = 192,
+     .tag_size = 10 },
+    {.can_name = "AES_256_CM_HMAC_SHA1_32",
+     .gcm_on = 0,
+     .key_size = 256,
+     .tag_size = 4 },
+    {.can_name = "AES_256_CM_HMAC_SHA1_80",
+     .gcm_on = 0,
+     .key_size = 256,
+     .tag_size = 10 },
+    {.can_name = "AEAD_AES_128_GCM",
+     .gcm_on = 1,
+     .key_size = 128,
+     .tag_size = 16 },
+    {.can_name = "AEAD_AES_256_GCM",
+     .gcm_on = 1,
+     .key_size = 256,
+     .tag_size = 16 },
+    {.can_name = NULL }
+};
+
+void rtp_decoder_srtp_log_handler(srtp_log_level_t level,
+                                  const char *msg,
+                                  void *data)
+{
+    char level_char = '?';
+    switch (level) {
+    case srtp_log_level_error:
+        level_char = 'e';
+        break;
+    case srtp_log_level_warning:
+        level_char = 'w';
+        break;
+    case srtp_log_level_info:
+        level_char = 'i';
+        break;
+    case srtp_log_level_debug:
+        level_char = 'd';
+        break;
+    }
+    fprintf(stderr, "SRTP-LOG [%c]: %s\n", level_char, msg);
+}
+
+int main(int argc, char *argv[])
+{
+    char errbuf[PCAP_ERRBUF_SIZE];
+    bpf_u_int32 pcap_net = 0;
+    pcap_t *pcap_handle;
+#if BEW
+    struct sockaddr_in local;
+#endif
+    srtp_sec_serv_t sec_servs = sec_serv_none;
+    int c;
+    struct srtp_crypto_suite scs, *i_scsp;
+    scs.key_size = 128;
+    scs.tag_size = 0;
+    int gcm_on = 0;
+    char *input_key = NULL;
+    int b64_input = 0;
+    char key[MAX_KEY_LEN];
+    struct bpf_program fp;
+    char filter_exp[MAX_FILTER] = "";
+    char pcap_file[MAX_FILE] = "-";
+    int rtp_packet_offset = DEFAULT_RTP_OFFSET;
+    rtp_decoder_t dec;
+    srtp_policy_t policy = { { 0 } };
+    rtp_decoder_mode_t mode = mode_rtp;
+    srtp_err_status_t status;
+    int len;
+    int expected_len;
+    int do_list_mods = 0;
+
+    fprintf(stderr, "Using %s [0x%x]\n", srtp_get_version_string(),
+            srtp_get_version());
+
+    /* initialize srtp library */
+    status = srtp_init();
+    if (status) {
+        fprintf(stderr,
+                "error: srtp initialization failed with error code %d\n",
+                status);
+        exit(1);
+    }
+
+    status = srtp_install_log_handler(rtp_decoder_srtp_log_handler, NULL);
+    if (status) {
+        fprintf(stderr, "error: install log handler failed\n");
+        exit(1);
+    }
+
+    /* check args */
+    while (1) {
+        c = getopt_s(argc, argv, "b:k:gt:ae:ld:f:s:m:p:o:");
+        if (c == -1) {
+            break;
+        }
+        switch (c) {
+        case 'b':
+            b64_input = 1;
+        /* fall thru */
+        case 'k':
+            input_key = optarg_s;
+            break;
+        case 'e':
+            scs.key_size = atoi(optarg_s);
+            if (scs.key_size != 128 && scs.key_size != 192 &&
+                scs.key_size != 256) {
+                fprintf(
+                    stderr,
+                    "error: encryption key size must be 128, 192 or 256 (%d)\n",
+                    scs.key_size);
+                exit(1);
+            }
+            input_key = malloc(scs.key_size);
+            sec_servs |= sec_serv_conf;
+            break;
+        case 't':
+            scs.tag_size = atoi(optarg_s);
+            break;
+        case 'a':
+            sec_servs |= sec_serv_auth;
+            break;
+        case 'g':
+            gcm_on = 1;
+            sec_servs |= sec_serv_auth;
+            break;
+        case 'd':
+            status = srtp_set_debug_module(optarg_s, 1);
+            if (status) {
+                fprintf(stderr, "error: set debug module (%s) failed\n",
+                        optarg_s);
+                exit(1);
+            }
+            break;
+        case 'f':
+            if (strlen(optarg_s) > MAX_FILTER) {
+                fprintf(stderr, "error: filter bigger than %d characters\n",
+                        MAX_FILTER);
+                exit(1);
+            }
+            fprintf(stderr, "Setting filter as %s\n", optarg_s);
+            strcpy(filter_exp, optarg_s);
+            break;
+        case 'l':
+            do_list_mods = 1;
+            break;
+        case 's':
+            for (i_scsp = &srtp_crypto_suites[0]; i_scsp->can_name != NULL;
+                 i_scsp++) {
+                if (strcasecmp(i_scsp->can_name, optarg_s) == 0) {
+                    break;
+                }
+            }
+            if (i_scsp->can_name == NULL) {
+                fprintf(stderr, "Unknown/unsupported crypto suite name %s\n",
+                        optarg_s);
+                exit(1);
+            }
+            scs = *i_scsp;
+            input_key = malloc(scs.key_size);
+            sec_servs |= sec_serv_conf | sec_serv_auth;
+            gcm_on = scs.gcm_on;
+            break;
+        case 'm':
+            if (strcasecmp("rtp", optarg_s) == 0) {
+                mode = mode_rtp;
+            } else if (strcasecmp("rtcp", optarg_s) == 0) {
+                mode = mode_rtcp;
+            } else if (strcasecmp("rtcp-mux", optarg_s) == 0) {
+                mode = mode_rtcp_mux;
+            } else {
+                fprintf(stderr, "Unknown/unsupported mode %s\n", optarg_s);
+                exit(1);
+            }
+            break;
+        case 'p':
+            if (strlen(optarg_s) > MAX_FILE) {
+                fprintf(stderr,
+                        "error: pcap file path bigger than %d characters\n",
+                        MAX_FILE);
+                exit(1);
+            }
+            strcpy(pcap_file, optarg_s);
+            break;
+        case 'o':
+            rtp_packet_offset = atoi(optarg_s);
+            break;
+        default:
+            usage(argv[0]);
+        }
+    }
+
+    if (scs.tag_size == 0) {
+        if (gcm_on) {
+            scs.tag_size = 16;
+        } else {
+            scs.tag_size = 10;
+        }
+    }
+
+    if (gcm_on && scs.tag_size != 8 && scs.tag_size != 16) {
+        fprintf(stderr, "error: GCM tag size must be 8 or 16 (%d)\n",
+                scs.tag_size);
+        exit(1);
+    }
+
+    if (!gcm_on && scs.tag_size != 4 && scs.tag_size != 10) {
+        fprintf(stderr, "error: non GCM tag size must be 4 or 10 (%d)\n",
+                scs.tag_size);
+        exit(1);
+    }
+
+    if (do_list_mods) {
+        status = srtp_list_debug_modules();
+        if (status) {
+            fprintf(stderr, "error: list of debug modules failed\n");
+            exit(1);
+        }
+        return 0;
+    }
+
+    if ((sec_servs && !input_key) || (!sec_servs && input_key)) {
+        /*
+         * a key must be provided if and only if security services have
+         * been requested
+         */
+        if (input_key == NULL) {
+            fprintf(stderr, "key not provided\n");
+        }
+        if (!sec_servs) {
+            fprintf(stderr, "no secservs\n");
+        }
+        fprintf(stderr, "provided\n");
+        usage(argv[0]);
+    }
+
+    /* report security services selected on the command line */
+    fprintf(stderr, "security services: ");
+    if (sec_servs & sec_serv_conf)
+        fprintf(stderr, "confidentiality ");
+    if (sec_servs & sec_serv_auth)
+        fprintf(stderr, "message authentication");
+    if (sec_servs == sec_serv_none)
+        fprintf(stderr, "none");
+    fprintf(stderr, "\n");
+
+    /* set up the srtp policy and master key */
+    if (sec_servs) {
+        /*
+         * create policy structure, using the default mechanisms but
+         * with only the security services requested on the command line,
+         * using the right SSRC value
+         */
+        switch (sec_servs) {
+        case sec_serv_conf_and_auth:
+            if (gcm_on) {
+#ifdef OPENSSL
+                switch (scs.key_size) {
+                case 128:
+                    if (scs.tag_size == 16) {
+                        srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtp);
+                        srtp_crypto_policy_set_aes_gcm_128_16_auth(
+                            &policy.rtcp);
+                    } else {
+                        srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtp);
+                        srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtcp);
+                    }
+                    break;
+                case 256:
+                    if (scs.tag_size == 16) {
+                        srtp_crypto_policy_set_aes_gcm_256_16_auth(&policy.rtp);
+                        srtp_crypto_policy_set_aes_gcm_256_16_auth(
+                            &policy.rtcp);
+                    } else {
+                        srtp_crypto_policy_set_aes_gcm_256_8_auth(&policy.rtp);
+                        srtp_crypto_policy_set_aes_gcm_256_8_auth(&policy.rtcp);
+                    }
+                    break;
+                }
+#else
+                fprintf(stderr, "error: GCM mode only supported when using the "
+                                "OpenSSL crypto engine.\n");
+                return 0;
+#endif
+            } else {
+                switch (scs.key_size) {
+                case 128:
+                    if (scs.tag_size == 4) {
+                        srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(
+                            &policy.rtp);
+                        srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(
+                            &policy.rtcp);
+                    } else {
+                        srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(
+                            &policy.rtp);
+                        srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(
+                            &policy.rtcp);
+                    }
+                    break;
+                case 192:
+#ifdef OPENSSL
+                    if (scs.tag_size == 4) {
+                        srtp_crypto_policy_set_aes_cm_192_hmac_sha1_32(
+                            &policy.rtp);
+                        srtp_crypto_policy_set_aes_cm_192_hmac_sha1_80(
+                            &policy.rtcp);
+                    } else {
+                        srtp_crypto_policy_set_aes_cm_192_hmac_sha1_80(
+                            &policy.rtp);
+                        srtp_crypto_policy_set_aes_cm_192_hmac_sha1_80(
+                            &policy.rtcp);
+                    }
+#else
+                    fprintf(stderr,
+                            "error: AES 192 mode only supported when using the "
+                            "OpenSSL crypto engine.\n");
+                    return 0;
+
+#endif
+                    break;
+                case 256:
+                    if (scs.tag_size == 4) {
+                        srtp_crypto_policy_set_aes_cm_256_hmac_sha1_32(
+                            &policy.rtp);
+                        srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(
+                            &policy.rtcp);
+                    } else {
+                        srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(
+                            &policy.rtp);
+                        srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(
+                            &policy.rtcp);
+                    }
+                    break;
+                }
+            }
+            break;
+        case sec_serv_conf:
+            if (gcm_on) {
+                fprintf(
+                    stderr,
+                    "error: GCM mode must always be used with auth enabled\n");
+                return -1;
+            } else {
+                switch (scs.key_size) {
+                case 128:
+                    srtp_crypto_policy_set_aes_cm_128_null_auth(&policy.rtp);
+                    srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(
+                        &policy.rtcp);
+                    break;
+                case 192:
+#ifdef OPENSSL
+                    srtp_crypto_policy_set_aes_cm_192_null_auth(&policy.rtp);
+                    srtp_crypto_policy_set_aes_cm_192_hmac_sha1_80(
+                        &policy.rtcp);
+#else
+                    fprintf(stderr,
+                            "error: AES 192 mode only supported when using the "
+                            "OpenSSL crypto engine.\n");
+                    return 0;
+
+#endif
+                    break;
+                case 256:
+                    srtp_crypto_policy_set_aes_cm_256_null_auth(&policy.rtp);
+                    srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(
+                        &policy.rtcp);
+                    break;
+                }
+            }
+            break;
+        case sec_serv_auth:
+            if (gcm_on) {
+#ifdef OPENSSL
+                switch (scs.key_size) {
+                case 128:
+                    srtp_crypto_policy_set_aes_gcm_128_8_only_auth(&policy.rtp);
+                    srtp_crypto_policy_set_aes_gcm_128_8_only_auth(
+                        &policy.rtcp);
+                    break;
+                case 256:
+                    srtp_crypto_policy_set_aes_gcm_256_8_only_auth(&policy.rtp);
+                    srtp_crypto_policy_set_aes_gcm_256_8_only_auth(
+                        &policy.rtcp);
+                    break;
+                }
+#else
+                printf("error: GCM mode only supported when using the OpenSSL "
+                       "crypto engine.\n");
+                return 0;
+#endif
+            } else {
+                srtp_crypto_policy_set_null_cipher_hmac_sha1_80(&policy.rtp);
+                srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
+            }
+            break;
+        default:
+            fprintf(stderr, "error: unknown security service requested\n");
+            return -1;
+        }
+
+        policy.key = (uint8_t *)key;
+        policy.ekt = NULL;
+        policy.next = NULL;
+        policy.window_size = 128;
+        policy.allow_repeat_tx = 0;
+        policy.rtp.sec_serv = sec_servs;
+        policy.rtcp.sec_serv =
+            sec_servs; // sec_serv_none;  /* we don't do RTCP anyway */
+        fprintf(stderr, "setting tag len %d\n", scs.tag_size);
+        policy.rtp.auth_tag_len = scs.tag_size;
+
+        if (gcm_on && scs.tag_size != 8) {
+            fprintf(stderr, "set tag len %d\n", scs.tag_size);
+            policy.rtp.auth_tag_len = scs.tag_size;
+        }
+
+        /*
+         * read key from hexadecimal or base64 on command line into an octet
+         * string
+         */
+        if (b64_input) {
+            int pad;
+            expected_len = policy.rtp.cipher_key_len * 4 / 3;
+            len = base64_string_to_octet_string(key, &pad, input_key,
+                                                strlen(input_key));
+        } else {
+            expected_len = policy.rtp.cipher_key_len * 2;
+            len = hex_string_to_octet_string(key, input_key, expected_len);
+        }
+        /* check that hex string is the right length */
+        if (len < expected_len) {
+            fprintf(stderr, "error: too few digits in key/salt "
+                            "(should be %d digits, found %d)\n",
+                    expected_len, len);
+            exit(1);
+        }
+        if (strlen(input_key) > policy.rtp.cipher_key_len * 2) {
+            fprintf(stderr, "error: too many digits in key/salt "
+                            "(should be %d hexadecimal digits, found %u)\n",
+                    policy.rtp.cipher_key_len * 2, (unsigned)strlen(input_key));
+            exit(1);
+        }
+
+        int key_octets = (scs.key_size / 8);
+        int salt_octets = policy.rtp.cipher_key_len - key_octets;
+        fprintf(stderr, "set master key/salt to %s/",
+                octet_string_hex_string(key, key_octets));
+        fprintf(stderr, "%s\n",
+                octet_string_hex_string(key + key_octets, salt_octets));
+
+    } else {
+        fprintf(stderr,
+                "error: neither encryption or authentication were selected\n");
+        exit(1);
+    }
+
+    pcap_handle = pcap_open_offline(pcap_file, errbuf);
+
+    if (!pcap_handle) {
+        fprintf(stderr, "libpcap failed to open file '%s'\n", errbuf);
+        exit(1);
+    }
+    assert(pcap_handle != NULL);
+    if ((pcap_compile(pcap_handle, &fp, filter_exp, 1, pcap_net)) == -1) {
+        fprintf(stderr, "Couldn't parse filter %s: %s\n", filter_exp,
+                pcap_geterr(pcap_handle));
+        return (2);
+    }
+    if (pcap_setfilter(pcap_handle, &fp) == -1) {
+        fprintf(stderr, "couldn't install filter %s: %s\n", filter_exp,
+                pcap_geterr(pcap_handle));
+        return (2);
+    }
+    dec = rtp_decoder_alloc();
+    if (dec == NULL) {
+        fprintf(stderr, "error: malloc() failed\n");
+        exit(1);
+    }
+    fprintf(stderr, "Starting decoder\n");
+    if (rtp_decoder_init(dec, policy, mode, rtp_packet_offset)) {
+        fprintf(stderr, "error: init failed\n");
+        exit(1);
+    }
+
+    pcap_loop(pcap_handle, 0, rtp_decoder_handle_pkt, (u_char *)dec);
+
+    if (dec->mode == mode_rtp || dec->mode == mode_rtcp_mux) {
+        fprintf(stderr, "RTP packets decoded: %d\n", dec->rtp_cnt);
+    }
+    if (dec->mode == mode_rtcp || dec->mode == mode_rtcp_mux) {
+        fprintf(stderr, "RTCP packets decoded: %d\n", dec->rtcp_cnt);
+    }
+    fprintf(stderr, "Packet decode errors: %d\n", dec->error_cnt);
+
+    rtp_decoder_deinit(dec);
+    rtp_decoder_dealloc(dec);
+
+    status = srtp_shutdown();
+    if (status) {
+        fprintf(stderr, "error: srtp shutdown failed with error code %d\n",
+                status);
+        exit(1);
+    }
+
+    return 0;
+}
+
+void usage(char *string)
+{
+    fprintf(
+        stderr,
+        "usage: %s [-d <debug>]* [[-k][-b] <key>] [-a][-t][-e] [-s "
+        "<srtp-crypto-suite>] [-m <mode>]\n"
+        "or     %s -l\n"
+        "where  -a use message authentication\n"
+        "       -e <key size> use encryption (use 128 or 256 for key size)\n"
+        "       -g Use AES-GCM mode (must be used with -e)\n"
+        "       -t <tag size> Tag size to use (in GCM mode use 8 or 16)\n"
+        "       -k <key>  sets the srtp master key given in hexadecimal\n"
+        "       -b <key>  sets the srtp master key given in base64\n"
+        "       -l list debug modules\n"
+        "       -f \"<pcap filter>\" to filter only the desired SRTP packets\n"
+        "       -d <debug> turn on debugging for module <debug>\n"
+        "       -s \"<srtp-crypto-suite>\" to set both key and tag size based\n"
+        "          on RFC4568-style crypto suite specification\n"
+        "       -m <mode> set the mode to be one of [rtp]|rtcp|rtcp-mux\n"
+        "       -p <pcap file> path to pcap file (defaults to stdin)\n"
+        "       -o byte offset of RTP packet in capture (defaults to 42)\n",
+        string, string);
+    exit(1);
+}
+
+rtp_decoder_t rtp_decoder_alloc(void)
+{
+    return (rtp_decoder_t)malloc(sizeof(rtp_decoder_ctx_t));
+}
+
+void rtp_decoder_dealloc(rtp_decoder_t rtp_ctx)
+{
+    free(rtp_ctx);
+}
+
+int rtp_decoder_deinit(rtp_decoder_t decoder)
+{
+    if (decoder->srtp_ctx) {
+        return srtp_dealloc(decoder->srtp_ctx);
+    }
+    return 0;
+}
+
+int rtp_decoder_init(rtp_decoder_t dcdr,
+                     srtp_policy_t policy,
+                     rtp_decoder_mode_t mode,
+                     int rtp_packet_offset)
+{
+    dcdr->rtp_offset = rtp_packet_offset;
+    dcdr->srtp_ctx = NULL;
+    dcdr->start_tv.tv_usec = 0;
+    dcdr->start_tv.tv_sec = 0;
+    dcdr->frame_nr = -1;
+    dcdr->error_cnt = 0;
+    dcdr->rtp_cnt = 0;
+    dcdr->rtcp_cnt = 0;
+    dcdr->mode = mode;
+    dcdr->policy = policy;
+    dcdr->policy.ssrc.type = ssrc_any_inbound;
+
+    if (srtp_create(&dcdr->srtp_ctx, &dcdr->policy)) {
+        return 1;
+    }
+    return 0;
+}
+
+/*
+ * decodes key as base64
+ */
+
+void hexdump(const void *ptr, size_t size)
+{
+    int i, j;
+    const unsigned char *cptr = ptr;
+
+    for (i = 0; i < size; i += 16) {
+        fprintf(stdout, "%04x ", i);
+        for (j = 0; j < 16 && i + j < size; j++) {
+            fprintf(stdout, "%02x ", cptr[i + j]);
+        }
+        fprintf(stdout, "\n");
+    }
+}
+
+void rtp_decoder_handle_pkt(u_char *arg,
+                            const struct pcap_pkthdr *hdr,
+                            const u_char *bytes)
+{
+    rtp_decoder_t dcdr = (rtp_decoder_t)arg;
+    rtp_msg_t message;
+    int rtp;
+    int pktsize;
+    struct timeval delta;
+    int octets_recvd;
+    srtp_err_status_t status;
+    dcdr->frame_nr++;
+
+    if ((dcdr->start_tv.tv_sec == 0) && (dcdr->start_tv.tv_usec == 0)) {
+        dcdr->start_tv = hdr->ts;
+    }
+
+    if (hdr->caplen < dcdr->rtp_offset) {
+        return;
+    }
+    const void *rtp_packet = bytes + dcdr->rtp_offset;
+
+    memcpy((void *)&message, rtp_packet, hdr->caplen - dcdr->rtp_offset);
+    pktsize = hdr->caplen - dcdr->rtp_offset;
+    octets_recvd = pktsize;
+
+    if (octets_recvd == -1) {
+        return;
+    }
+
+    if (dcdr->mode == mode_rtp) {
+        rtp = 1;
+    } else if (dcdr->mode == mode_rtcp) {
+        rtp = 0;
+    } else {
+        rtp = 1;
+        if (octets_recvd >= 2) {
+            /* rfc5761 */
+            u_char payload_type = *(bytes + dcdr->rtp_offset + 1) & 0x7f;
+            rtp = payload_type < 64 || payload_type > 95;
+        }
+    }
+
+    if (rtp) {
+        /* verify rtp header */
+        if (message.header.version != 2) {
+            return;
+        }
+
+        status = srtp_unprotect(dcdr->srtp_ctx, &message, &octets_recvd);
+        if (status) {
+            dcdr->error_cnt++;
+            return;
+        }
+        dcdr->rtp_cnt++;
+    } else {
+        status = srtp_unprotect_rtcp(dcdr->srtp_ctx, &message, &octets_recvd);
+        if (status) {
+            dcdr->error_cnt++;
+            return;
+        }
+        dcdr->rtcp_cnt++;
+    }
+    timersub(&hdr->ts, &dcdr->start_tv, &delta);
+    fprintf(stdout, "%02ld:%02ld.%06ld\n", delta.tv_sec / 60, delta.tv_sec % 60,
+            (long)delta.tv_usec);
+    hexdump(&message, octets_recvd);
+}
+
+void rtp_print_error(srtp_err_status_t status, char *message)
+{
+    // clang-format off
+    fprintf(stderr,
+            "error: %s %d%s\n", message, status,
+            status == srtp_err_status_replay_fail ? " (replay check failed)" :
+            status == srtp_err_status_bad_param ? " (bad param)" :
+            status == srtp_err_status_no_ctx ? " (no context)" :
+            status == srtp_err_status_cipher_fail ? " (cipher failed)" :
+            status == srtp_err_status_key_expired ? " (key expired)" :
+            status == srtp_err_status_auth_fail ? " (auth check failed)" : "");
+    // clang-format on
+}
diff --git a/trunk/3rdparty/libsrtp-2-fit/test/rtp_decoder.h b/trunk/3rdparty/libsrtp-2-fit/test/rtp_decoder.h
new file mode 100644
index 000000000..27e8880f2
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/test/rtp_decoder.h
@@ -0,0 +1,122 @@
+/*
+ * rtp_decoder.h
+ *
+ * decoder structures and functions for SRTP pcap decoder
+ *
+ * Bernardo Torres <bernardo@torresautomacao.com.br>
+ *
+ * Some structure and code from https://github.com/gteissier/srtp-decrypt
+ *
+ */
+/*
+ *
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef RTP_DECODER_H
+#define RTP_DECODER_H
+
+#include "srtp_priv.h"
+#include "rtp.h"
+
+#define DEFAULT_RTP_OFFSET 42
+
+typedef enum {
+    mode_rtp = 0,
+    mode_rtcp,
+    mode_rtcp_mux,
+} rtp_decoder_mode_t;
+
+typedef struct rtp_decoder_ctx_t {
+    srtp_policy_t policy;
+    srtp_ctx_t *srtp_ctx;
+    rtp_decoder_mode_t mode;
+    int rtp_offset;
+    struct timeval start_tv;
+    int frame_nr;
+    int error_cnt;
+    int rtp_cnt;
+    int rtcp_cnt;
+} rtp_decoder_ctx_t;
+
+typedef struct rtp_decoder_ctx_t *rtp_decoder_t;
+
+/*
+ * error to string
+ */
+void rtp_print_error(srtp_err_status_t status, char *message);
+
+/*
+ * prints the output of a random buffer in hexadecimal
+ */
+void hexdump(const void *ptr, size_t size);
+
+/*
+ * the function usage() prints an error message describing how this
+ * program should be called, then calls exit()
+ */
+void usage(char *prog_name);
+
+/*
+ * transforms base64 key into octet
+ */
+char *decode_sdes(char *in, char *out);
+
+/*
+ * pcap handling
+ */
+void rtp_decoder_handle_pkt(u_char *arg,
+                            const struct pcap_pkthdr *hdr,
+                            const u_char *bytes);
+
+rtp_decoder_t rtp_decoder_alloc(void);
+
+void rtp_decoder_dealloc(rtp_decoder_t rtp_ctx);
+
+int rtp_decoder_init(rtp_decoder_t dcdr,
+                     srtp_policy_t policy,
+                     rtp_decoder_mode_t mode,
+                     int rtp_packet_offset);
+
+int rtp_decoder_deinit(rtp_decoder_t decoder);
+
+void rtp_decoder_srtp_log_handler(srtp_log_level_t level,
+                                  const char *msg,
+                                  void *data);
+
+void rtp_decoder_srtp_log_handler(srtp_log_level_t level,
+                                  const char *msg,
+                                  void *data);
+
+#endif /* RTP_DECODER_H */
diff --git a/trunk/3rdparty/libsrtp-2-fit/test/rtpw.c b/trunk/3rdparty/libsrtp-2-fit/test/rtpw.c
new file mode 100644
index 000000000..901816e46
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/test/rtpw.c
@@ -0,0 +1,701 @@
+/*
+ * rtpw.c
+ *
+ * rtp word sender/receiver
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ *
+ * This app is a simple RTP application intended only for testing
+ * libsrtp.  It reads one word at a time from words.txt (or
+ * whatever file is specified as DICT_FILE or with -w), and sends one word out
+ * each USEC_RATE microseconds.  Secure RTP protections can be
+ * applied.  See the usage() function for more details.
+ *
+ */
+
+/*
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include "getopt_s.h" /* for local getopt()  */
+
+#include <stdio.h>  /* for printf, fprintf */
+#include <stdlib.h> /* for atoi()          */
+#include <errno.h>
+#include <signal.h> /* for signal()        */
+
+#include <string.h> /* for strncpy()       */
+#include <time.h>   /* for usleep()        */
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h> /* for close()         */
+#elif defined(_MSC_VER)
+#include <io.h> /* for _close()        */
+#define close _close
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#elif defined HAVE_WINSOCK2_H
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#define RTPW_USE_WINSOCK2 1
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+
+#include "srtp.h"
+#include "rtp.h"
+#include "util.h"
+
+#define DICT_FILE "words.txt"
+#define USEC_RATE (5e5)
+#define MAX_WORD_LEN 128
+#define ADDR_IS_MULTICAST(a) IN_MULTICAST(htonl(a))
+#define MAX_KEY_LEN 96
+
+#ifndef HAVE_USLEEP
+#ifdef HAVE_WINDOWS_H
+#define usleep(us) Sleep((us) / 1000)
+#else
+#define usleep(us) sleep((us) / 1000000)
+#endif
+#endif
+
+/*
+ * the function usage() prints an error message describing how this
+ * program should be called, then calls exit()
+ */
+
+void usage(char *prog_name);
+
+/*
+ * leave_group(...) de-registers from a multicast group
+ */
+
+void leave_group(int sock, struct ip_mreq mreq, char *name);
+
+/*
+ * setup_signal_handler() sets up a signal handler to trigger
+ * cleanups after an interrupt
+ */
+int setup_signal_handler(char *name);
+
+/*
+ * handle_signal(...) handles interrupt signal to trigger cleanups
+ */
+
+volatile int interrupted = 0;
+
+/*
+ * program_type distinguishes the [s]rtp sender and receiver cases
+ */
+
+typedef enum { sender, receiver, unknown } program_type;
+
+int main(int argc, char *argv[])
+{
+    char *dictfile = DICT_FILE;
+    FILE *dict;
+    char word[MAX_WORD_LEN];
+    int sock, ret;
+    struct in_addr rcvr_addr;
+    struct sockaddr_in name;
+    struct ip_mreq mreq;
+#if BEW
+    struct sockaddr_in local;
+#endif
+    program_type prog_type = unknown;
+    srtp_sec_serv_t sec_servs = sec_serv_none;
+    unsigned char ttl = 5;
+    int c;
+    int key_size = 128;
+    int tag_size = 8;
+    int gcm_on = 0;
+    char *input_key = NULL;
+    int b64_input = 0;
+    char *address = NULL;
+    char key[MAX_KEY_LEN];
+    unsigned short port = 0;
+    rtp_sender_t snd;
+    srtp_policy_t policy;
+    srtp_err_status_t status;
+    int len;
+    int expected_len;
+    int do_list_mods = 0;
+    uint32_t ssrc = 0xdeadbeef; /* ssrc value hardcoded for now */
+#ifdef RTPW_USE_WINSOCK2
+    WORD wVersionRequested = MAKEWORD(2, 0);
+    WSADATA wsaData;
+
+    ret = WSAStartup(wVersionRequested, &wsaData);
+    if (ret != 0) {
+        fprintf(stderr, "error: WSAStartup() failed: %d\n", ret);
+        exit(1);
+    }
+#endif
+
+    memset(&policy, 0x0, sizeof(srtp_policy_t));
+
+    printf("Using %s [0x%x]\n", srtp_get_version_string(), srtp_get_version());
+
+    if (setup_signal_handler(argv[0]) != 0) {
+        exit(1);
+    }
+
+    /* initialize srtp library */
+    status = srtp_init();
+    if (status) {
+        printf("error: srtp initialization failed with error code %d\n",
+               status);
+        exit(1);
+    }
+
+    /* check args */
+    while (1) {
+        c = getopt_s(argc, argv, "b:k:rsgt:ae:ld:w:");
+        if (c == -1) {
+            break;
+        }
+        switch (c) {
+        case 'b':
+            b64_input = 1;
+        /* fall thru */
+        case 'k':
+            input_key = optarg_s;
+            break;
+        case 'e':
+            key_size = atoi(optarg_s);
+            if (key_size != 128 && key_size != 256) {
+                printf("error: encryption key size must be 128 or 256 (%d)\n",
+                       key_size);
+                exit(1);
+            }
+            sec_servs |= sec_serv_conf;
+            break;
+        case 't':
+            tag_size = atoi(optarg_s);
+            if (tag_size != 8 && tag_size != 16) {
+                printf("error: GCM tag size must be 8 or 16 (%d)\n", tag_size);
+                exit(1);
+            }
+            break;
+        case 'a':
+            sec_servs |= sec_serv_auth;
+            break;
+        case 'g':
+            gcm_on = 1;
+            sec_servs |= sec_serv_auth;
+            break;
+        case 'r':
+            prog_type = receiver;
+            break;
+        case 's':
+            prog_type = sender;
+            break;
+        case 'd':
+            status = srtp_set_debug_module(optarg_s, 1);
+            if (status) {
+                printf("error: set debug module (%s) failed\n", optarg_s);
+                exit(1);
+            }
+            break;
+        case 'l':
+            do_list_mods = 1;
+            break;
+        case 'w':
+            dictfile = optarg_s;
+            break;
+        default:
+            usage(argv[0]);
+        }
+    }
+
+    if (prog_type == unknown) {
+        if (do_list_mods) {
+            status = srtp_list_debug_modules();
+            if (status) {
+                printf("error: list of debug modules failed\n");
+                exit(1);
+            }
+            return 0;
+        } else {
+            printf("error: neither sender [-s] nor receiver [-r] specified\n");
+            usage(argv[0]);
+        }
+    }
+
+    if ((sec_servs && !input_key) || (!sec_servs && input_key)) {
+        /*
+         * a key must be provided if and only if security services have
+         * been requested
+         */
+        usage(argv[0]);
+    }
+
+    if (argc != optind_s + 2) {
+        /* wrong number of arguments */
+        usage(argv[0]);
+    }
+
+    /* get address from arg */
+    address = argv[optind_s++];
+
+    /* get port from arg */
+    port = atoi(argv[optind_s++]);
+
+/* set address */
+#ifdef HAVE_INET_ATON
+    if (0 == inet_aton(address, &rcvr_addr)) {
+        fprintf(stderr, "%s: cannot parse IP v4 address %s\n", argv[0],
+                address);
+        exit(1);
+    }
+    if (rcvr_addr.s_addr == INADDR_NONE) {
+        fprintf(stderr, "%s: address error", argv[0]);
+        exit(1);
+    }
+#else
+    rcvr_addr.s_addr = inet_addr(address);
+    if (0xffffffff == rcvr_addr.s_addr) {
+        fprintf(stderr, "%s: cannot parse IP v4 address %s\n", argv[0],
+                address);
+        exit(1);
+    }
+#endif
+
+    /* open socket */
+    sock = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP);
+    if (sock < 0) {
+        int err;
+#ifdef RTPW_USE_WINSOCK2
+        err = WSAGetLastError();
+#else
+        err = errno;
+#endif
+        fprintf(stderr, "%s: couldn't open socket: %d\n", argv[0], err);
+        exit(1);
+    }
+
+    memset(&name, 0, sizeof(struct sockaddr_in));
+    name.sin_addr = rcvr_addr;
+    name.sin_family = PF_INET;
+    name.sin_port = htons(port);
+
+    if (ADDR_IS_MULTICAST(rcvr_addr.s_addr)) {
+        if (prog_type == sender) {
+            ret = setsockopt(sock, IPPROTO_IP, IP_MULTICAST_TTL, &ttl,
+                             sizeof(ttl));
+            if (ret < 0) {
+                fprintf(stderr, "%s: Failed to set TTL for multicast group",
+                        argv[0]);
+                perror("");
+                exit(1);
+            }
+        }
+
+        mreq.imr_multiaddr.s_addr = rcvr_addr.s_addr;
+        mreq.imr_interface.s_addr = htonl(INADDR_ANY);
+        ret = setsockopt(sock, IPPROTO_IP, IP_ADD_MEMBERSHIP, (void *)&mreq,
+                         sizeof(mreq));
+        if (ret < 0) {
+            fprintf(stderr, "%s: Failed to join multicast group", argv[0]);
+            perror("");
+            exit(1);
+        }
+    }
+
+    /* report security services selected on the command line */
+    printf("security services: ");
+    if (sec_servs & sec_serv_conf)
+        printf("confidentiality ");
+    if (sec_servs & sec_serv_auth)
+        printf("message authentication");
+    if (sec_servs == sec_serv_none)
+        printf("none");
+    printf("\n");
+
+    /* set up the srtp policy and master key */
+    if (sec_servs) {
+        /*
+         * create policy structure, using the default mechanisms but
+         * with only the security services requested on the command line,
+         * using the right SSRC value
+         */
+        switch (sec_servs) {
+        case sec_serv_conf_and_auth:
+            if (gcm_on) {
+#ifdef GCM
+                switch (key_size) {
+                case 128:
+                    srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtp);
+                    srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtcp);
+                    break;
+                case 256:
+                    srtp_crypto_policy_set_aes_gcm_256_8_auth(&policy.rtp);
+                    srtp_crypto_policy_set_aes_gcm_256_8_auth(&policy.rtcp);
+                    break;
+                }
+#else
+                printf("error: GCM mode only supported when using the OpenSSL "
+                       "or NSS crypto engine.\n");
+                return 0;
+#endif
+            } else {
+                switch (key_size) {
+                case 128:
+                    srtp_crypto_policy_set_rtp_default(&policy.rtp);
+                    srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
+                    break;
+                case 256:
+                    srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy.rtp);
+                    srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
+                    break;
+                }
+            }
+            break;
+        case sec_serv_conf:
+            if (gcm_on) {
+                printf(
+                    "error: GCM mode must always be used with auth enabled\n");
+                return -1;
+            } else {
+                switch (key_size) {
+                case 128:
+                    srtp_crypto_policy_set_aes_cm_128_null_auth(&policy.rtp);
+                    srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
+                    break;
+                case 256:
+                    srtp_crypto_policy_set_aes_cm_256_null_auth(&policy.rtp);
+                    srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
+                    break;
+                }
+            }
+            break;
+        case sec_serv_auth:
+            if (gcm_on) {
+#ifdef GCM
+                switch (key_size) {
+                case 128:
+                    srtp_crypto_policy_set_aes_gcm_128_8_only_auth(&policy.rtp);
+                    srtp_crypto_policy_set_aes_gcm_128_8_only_auth(
+                        &policy.rtcp);
+                    break;
+                case 256:
+                    srtp_crypto_policy_set_aes_gcm_256_8_only_auth(&policy.rtp);
+                    srtp_crypto_policy_set_aes_gcm_256_8_only_auth(
+                        &policy.rtcp);
+                    break;
+                }
+#else
+                printf("error: GCM mode only supported when using the OpenSSL "
+                       "crypto engine.\n");
+                return 0;
+#endif
+            } else {
+                srtp_crypto_policy_set_null_cipher_hmac_sha1_80(&policy.rtp);
+                srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
+            }
+            break;
+        default:
+            printf("error: unknown security service requested\n");
+            return -1;
+        }
+        policy.ssrc.type = ssrc_specific;
+        policy.ssrc.value = ssrc;
+        policy.key = (uint8_t *)key;
+        policy.ekt = NULL;
+        policy.next = NULL;
+        policy.window_size = 128;
+        policy.allow_repeat_tx = 0;
+        policy.rtp.sec_serv = sec_servs;
+        policy.rtcp.sec_serv = sec_serv_none; /* we don't do RTCP anyway */
+
+        if (gcm_on && tag_size != 8) {
+            policy.rtp.auth_tag_len = tag_size;
+        }
+
+        /*
+         * read key from hexadecimal or base64 on command line into an octet
+         * string
+         */
+        if (b64_input) {
+            int pad;
+            expected_len = (policy.rtp.cipher_key_len * 4) / 3;
+            len = base64_string_to_octet_string(key, &pad, input_key,
+                                                expected_len);
+            if (pad != 0) {
+                fprintf(stderr, "error: padding in base64 unexpected\n");
+                exit(1);
+            }
+        } else {
+            expected_len = policy.rtp.cipher_key_len * 2;
+            len = hex_string_to_octet_string(key, input_key, expected_len);
+        }
+        /* check that hex string is the right length */
+        if (len < expected_len) {
+            fprintf(stderr, "error: too few digits in key/salt "
+                            "(should be %d digits, found %d)\n",
+                    expected_len, len);
+            exit(1);
+        }
+        if ((int)strlen(input_key) > policy.rtp.cipher_key_len * 2) {
+            fprintf(stderr, "error: too many digits in key/salt "
+                            "(should be %d hexadecimal digits, found %u)\n",
+                    policy.rtp.cipher_key_len * 2, (unsigned)strlen(input_key));
+            exit(1);
+        }
+
+        printf("set master key/salt to %s/", octet_string_hex_string(key, 16));
+        printf("%s\n", octet_string_hex_string(key + 16, 14));
+
+    } else {
+        /*
+         * we're not providing security services, so set the policy to the
+         * null policy
+         *
+         * Note that this policy does not conform to the SRTP
+         * specification, since RTCP authentication is required.  However,
+         * the effect of this policy is to turn off SRTP, so that this
+         * application is now a vanilla-flavored RTP application.
+         */
+        srtp_crypto_policy_set_null_cipher_hmac_null(&policy.rtp);
+        srtp_crypto_policy_set_null_cipher_hmac_null(&policy.rtcp);
+        policy.key = (uint8_t *)key;
+        policy.ssrc.type = ssrc_specific;
+        policy.ssrc.value = ssrc;
+        policy.window_size = 0;
+        policy.allow_repeat_tx = 0;
+        policy.ekt = NULL;
+        policy.next = NULL;
+    }
+
+    if (prog_type == sender) {
+#if BEW
+        /* bind to local socket (to match crypto policy, if need be) */
+        memset(&local, 0, sizeof(struct sockaddr_in));
+        local.sin_addr.s_addr = htonl(INADDR_ANY);
+        local.sin_port = htons(port);
+        ret = bind(sock, (struct sockaddr *)&local, sizeof(struct sockaddr_in));
+        if (ret < 0) {
+            fprintf(stderr, "%s: bind failed\n", argv[0]);
+            perror("");
+            exit(1);
+        }
+#endif /* BEW */
+
+        /* initialize sender's rtp and srtp contexts */
+        snd = rtp_sender_alloc();
+        if (snd == NULL) {
+            fprintf(stderr, "error: malloc() failed\n");
+            exit(1);
+        }
+        rtp_sender_init(snd, sock, name, ssrc);
+        status = rtp_sender_init_srtp(snd, &policy);
+        if (status) {
+            fprintf(stderr, "error: srtp_create() failed with code %d\n",
+                    status);
+            exit(1);
+        }
+
+        /* open dictionary */
+        dict = fopen(dictfile, "r");
+        if (dict == NULL) {
+            fprintf(stderr, "%s: couldn't open file %s\n", argv[0], dictfile);
+            if (ADDR_IS_MULTICAST(rcvr_addr.s_addr)) {
+                leave_group(sock, mreq, argv[0]);
+            }
+            exit(1);
+        }
+
+        /* read words from dictionary, then send them off */
+        while (!interrupted && fgets(word, MAX_WORD_LEN, dict) != NULL) {
+            len = strlen(word) + 1; /* plus one for null */
+
+            if (len > MAX_WORD_LEN)
+                printf("error: word %s too large to send\n", word);
+            else {
+                rtp_sendto(snd, word, len);
+                printf("sending word: %s", word);
+            }
+            usleep(USEC_RATE);
+        }
+
+        rtp_sender_deinit_srtp(snd);
+        rtp_sender_dealloc(snd);
+
+        fclose(dict);
+    } else { /* prog_type == receiver */
+        rtp_receiver_t rcvr;
+
+        if (bind(sock, (struct sockaddr *)&name, sizeof(name)) < 0) {
+            close(sock);
+            fprintf(stderr, "%s: socket bind error\n", argv[0]);
+            perror(NULL);
+            if (ADDR_IS_MULTICAST(rcvr_addr.s_addr)) {
+                leave_group(sock, mreq, argv[0]);
+            }
+            exit(1);
+        }
+
+        rcvr = rtp_receiver_alloc();
+        if (rcvr == NULL) {
+            fprintf(stderr, "error: malloc() failed\n");
+            exit(1);
+        }
+        rtp_receiver_init(rcvr, sock, name, ssrc);
+        status = rtp_receiver_init_srtp(rcvr, &policy);
+        if (status) {
+            fprintf(stderr, "error: srtp_create() failed with code %d\n",
+                    status);
+            exit(1);
+        }
+
+        /* get next word and loop */
+        while (!interrupted) {
+            len = MAX_WORD_LEN;
+            if (rtp_recvfrom(rcvr, word, &len) > -1)
+                printf("\tword: %s\n", word);
+        }
+
+        rtp_receiver_deinit_srtp(rcvr);
+        rtp_receiver_dealloc(rcvr);
+    }
+
+    if (ADDR_IS_MULTICAST(rcvr_addr.s_addr)) {
+        leave_group(sock, mreq, argv[0]);
+    }
+
+#ifdef RTPW_USE_WINSOCK2
+    ret = closesocket(sock);
+#else
+    ret = close(sock);
+#endif
+    if (ret < 0) {
+        fprintf(stderr, "%s: Failed to close socket", argv[0]);
+        perror("");
+    }
+
+    status = srtp_shutdown();
+    if (status) {
+        printf("error: srtp shutdown failed with error code %d\n", status);
+        exit(1);
+    }
+
+#ifdef RTPW_USE_WINSOCK2
+    WSACleanup();
+#endif
+
+    return 0;
+}
+
+void usage(char *string)
+{
+    printf("usage: %s [-d <debug>]* [-k <key> [-a][-e]] "
+           "[-s | -r] dest_ip dest_port\n"
+           "or     %s -l\n"
+           "where  -a use message authentication\n"
+           "       -e <key size> use encryption (use 128 or 256 for key size)\n"
+           "       -g Use AES-GCM mode (must be used with -e)\n"
+           "       -t <tag size> Tag size to use in GCM mode (use 8 or 16)\n"
+           "       -k <key>  sets the srtp master key given in hexadecimal\n"
+           "       -b <key>  sets the srtp master key given in base64\n"
+           "       -s act as rtp sender\n"
+           "       -r act as rtp receiver\n"
+           "       -l list debug modules\n"
+           "       -d <debug> turn on debugging for module <debug>\n"
+           "       -w <wordsfile> use <wordsfile> for input, rather than %s\n",
+           string, string, DICT_FILE);
+    exit(1);
+}
+
+void leave_group(int sock, struct ip_mreq mreq, char *name)
+{
+    int ret;
+
+    ret = setsockopt(sock, IPPROTO_IP, IP_DROP_MEMBERSHIP, (void *)&mreq,
+                     sizeof(mreq));
+    if (ret < 0) {
+        fprintf(stderr, "%s: Failed to leave multicast group", name);
+        perror("");
+    }
+}
+
+void handle_signal(int signum)
+{
+    interrupted = 1;
+    /* Reset handler explicitly, in case we don't have sigaction() (and signal()
+       has BSD semantics), or we don't have SA_RESETHAND */
+    signal(signum, SIG_DFL);
+}
+
+int setup_signal_handler(char *name)
+{
+#if HAVE_SIGACTION
+    struct sigaction act;
+    memset(&act, 0, sizeof(act));
+
+    act.sa_handler = handle_signal;
+    sigemptyset(&act.sa_mask);
+#if defined(SA_RESETHAND)
+    act.sa_flags = SA_RESETHAND;
+#else
+    act.sa_flags = 0;
+#endif
+    /* Note that we're not setting SA_RESTART; we want recvfrom to return
+     * EINTR when we signal the receiver. */
+
+    if (sigaction(SIGTERM, &act, NULL) != 0) {
+        fprintf(stderr, "%s: error setting up signal handler", name);
+        perror("");
+        return -1;
+    }
+#else
+    if (signal(SIGTERM, handle_signal) == SIG_ERR) {
+        fprintf(stderr, "%s: error setting up signal handler", name);
+        perror("");
+        return -1;
+    }
+#endif
+    return 0;
+}
diff --git a/trunk/3rdparty/libsrtp-2-fit/test/rtpw_test.sh b/trunk/3rdparty/libsrtp-2-fit/test/rtpw_test.sh
new file mode 100755
index 000000000..158a39312
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/test/rtpw_test.sh
@@ -0,0 +1,176 @@
+#!/bin/sh
+# 
+# usage: rtpw_test <rtpw_commands>
+# 
+# tests the rtpw sender and receiver functions
+#
+# Copyright (c) 2001-2017, Cisco Systems, Inc.
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 
+#   Redistributions of source code must retain the above copyright
+#   notice, this list of conditions and the following disclaimer.
+# 
+#   Redistributions in binary form must reproduce the above
+#   copyright notice, this list of conditions and the following
+#   disclaimer in the documentation and/or other materials provided
+#   with the distribution.
+# 
+#   Neither the name of the Cisco Systems, Inc. nor the names of its
+#   contributors may be used to endorse or promote products derived
+#   from this software without specific prior written permission.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+
+case $(uname -s) in
+    *CYGWIN*|*MINGW*)
+        EXE=".exe"
+        ;;
+    *Linux*)
+        EXE=""
+        export LD_LIBRARY_PATH=$CRYPTO_LIBDIR
+        ;;
+    *Darwin*)
+        EXE=""
+        export DYLD_LIBRARY_PATH=$CRYPTO_LIBDIR
+        ;;
+esac
+
+RTPW=./rtpw$EXE
+DEST_PORT=9999
+DURATION=3
+
+key=Ky7cUDT2GnI0XKWYbXv9AYmqbcLsqzL9mvdN9t/G
+
+ARGS="-b $key -a -e 128"
+
+# First, we run "killall" to get rid of all existing rtpw processes.
+# This step also enables this script to clean up after itself; if this
+# script is interrupted after the rtpw processes are started but before
+# they are killed, those processes will linger.  Re-running the script
+# will get rid of them.
+
+killall rtpw 2>/dev/null
+
+if test -x $RTPW; then
+
+echo  $0 ": starting rtpw receiver process... "
+
+$RTPW $* $ARGS -r 0.0.0.0 $DEST_PORT  &
+
+receiver_pid=$!
+
+echo $0 ": receiver PID = $receiver_pid"
+
+sleep 1 
+
+# verify that the background job is running
+ps -e | grep -q $receiver_pid
+retval=$?
+echo $retval
+if [ $retval != 0 ]; then
+    echo $0 ": error"
+    exit 254
+fi
+
+echo  $0 ": starting rtpw sender process..."
+
+$RTPW $* $ARGS -s 127.0.0.1 $DEST_PORT  &
+
+sender_pid=$!
+
+echo $0 ": sender PID = $sender_pid"
+
+# verify that the background job is running
+ps -e | grep -q $sender_pid
+retval=$?
+echo $retval
+if [ $retval != 0 ]; then
+    echo $0 ": error"
+    exit 255
+fi
+
+sleep $DURATION
+
+kill $receiver_pid
+kill $sender_pid
+
+wait $receiver_pid 2>/dev/null
+wait $sender_pid 2>/dev/null
+
+
+key=033490ba9e82994fc21013395739038992b2edc5034f61a72345ca598d7bfd0189aa6dc2ecab32fd9af74df6dfc6
+
+ARGS="-k $key -a -e 256"
+
+echo  $0 ": starting rtpw receiver process... "
+
+$RTPW $* $ARGS -r 0.0.0.0 $DEST_PORT  &
+
+receiver_pid=$!
+
+echo $0 ": receiver PID = $receiver_pid"
+
+sleep 1 
+
+# verify that the background job is running
+ps -e | grep -q $receiver_pid
+retval=$?
+echo $retval
+if [ $retval != 0 ]; then
+    echo $0 ": error"
+    exit 254
+fi
+
+echo  $0 ": starting rtpw sender process..."
+
+$RTPW $* $ARGS -s 127.0.0.1 $DEST_PORT  &
+
+sender_pid=$!
+
+echo $0 ": sender PID = $sender_pid"
+
+# verify that the background job is running
+ps -e | grep -q $sender_pid
+retval=$?
+echo $retval
+if [ $retval != 0 ]; then
+    echo $0 ": error"
+    exit 255
+fi
+
+sleep $DURATION
+
+kill $receiver_pid
+kill $sender_pid
+
+wait $receiver_pid 2>/dev/null
+wait $sender_pid 2>/dev/null
+
+echo $0 ": done (test passed)"
+
+else 
+
+echo "error: can't find executable" $RTPW
+exit 1
+
+fi
+
+# EOF
+
+
diff --git a/trunk/3rdparty/libsrtp-2-fit/test/rtpw_test_gcm.sh b/trunk/3rdparty/libsrtp-2-fit/test/rtpw_test_gcm.sh
new file mode 100755
index 000000000..644255e1a
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/test/rtpw_test_gcm.sh
@@ -0,0 +1,260 @@
+#!/bin/sh
+# 
+# usage: rtpw_test <rtpw_commands>
+# 
+# tests the rtpw sender and receiver functions
+#
+# Copyright (c) 2001-2017, Cisco Systems, Inc.
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 
+#   Redistributions of source code must retain the above copyright
+#   notice, this list of conditions and the following disclaimer.
+# 
+#   Redistributions in binary form must reproduce the above
+#   copyright notice, this list of conditions and the following
+#   disclaimer in the documentation and/or other materials provided
+#   with the distribution.
+# 
+#   Neither the name of the Cisco Systems, Inc. nor the names of its
+#   contributors may be used to endorse or promote products derived
+#   from this software without specific prior written permission.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+
+case $(uname -s) in
+    *CYGWIN*|*MINGW*)
+        EXE=".exe"
+        ;;
+    *Linux*)
+        EXE=""
+        export LD_LIBRARY_PATH=$CRYPTO_LIBDIR
+        ;;
+    *Darwin*)
+        EXE=""
+        export DYLD_LIBRARY_PATH=$CRYPTO_LIBDIR
+        ;;
+esac
+
+RTPW=./rtpw$EXE
+DEST_PORT=9999
+DURATION=3
+
+# First, we run "killall" to get rid of all existing rtpw processes.
+# This step also enables this script to clean up after itself; if this
+# script is interrupted after the rtpw processes are started but before
+# they are killed, those processes will linger.  Re-running the script
+# will get rid of them.
+
+killall rtpw 2>/dev/null
+
+if test -x $RTPW; then
+
+GCMARGS128="-k 01234567890123456789012345678901234567890123456789012345 -g -e 128"
+echo  $0 ": starting GCM mode 128-bit rtpw receiver process... "
+
+exec $RTPW $* $GCMARGS128 -r 127.0.0.1 $DEST_PORT &
+
+receiver_pid=$!
+
+echo $0 ": receiver PID = $receiver_pid"
+
+sleep 1 
+
+# verify that the background job is running
+ps -e | grep -q $receiver_pid
+retval=$?
+echo $retval
+if [ $retval != 0 ]; then
+    echo $0 ": error"
+    exit 254
+fi
+
+echo  $0 ": starting GCM 128-bit rtpw sender process..."
+
+exec $RTPW $* $GCMARGS128 -s 127.0.0.1 $DEST_PORT  &
+
+sender_pid=$!
+
+echo $0 ": sender PID = $sender_pid"
+
+# verify that the background job is running
+ps -e | grep -q $sender_pid
+retval=$?
+echo $retval
+if [ $retval != 0 ]; then
+    echo $0 ": error"
+    exit 255
+fi
+
+sleep $DURATION
+
+kill $receiver_pid
+kill $sender_pid
+
+wait $receiver_pid 2>/dev/null
+wait $sender_pid 2>/dev/null
+
+GCMARGS128="-k 01234567890123456789012345678901234567890123456789012345 -g -t 16 -e 128"
+echo  $0 ": starting GCM mode 128-bit (16 byte tag) rtpw receiver process... "
+
+exec $RTPW $* $GCMARGS128 -r 127.0.0.1 $DEST_PORT &
+
+receiver_pid=$!
+
+echo $0 ": receiver PID = $receiver_pid"
+
+sleep 1 
+
+# verify that the background job is running
+ps -e | grep -q $receiver_pid
+retval=$?
+echo $retval
+if [ $retval != 0 ]; then
+    echo $0 ": error"
+    exit 254
+fi
+
+echo  $0 ": starting GCM 128-bit (16 byte tag) rtpw sender process..."
+
+exec $RTPW $* $GCMARGS128 -s 127.0.0.1 $DEST_PORT  &
+
+sender_pid=$!
+
+echo $0 ": sender PID = $sender_pid"
+
+# verify that the background job is running
+ps -e | grep -q $sender_pid
+retval=$?
+echo $retval
+if [ $retval != 0 ]; then
+    echo $0 ": error"
+    exit 255
+fi
+
+sleep $DURATION
+
+kill $receiver_pid
+kill $sender_pid
+
+wait $receiver_pid 2>/dev/null
+wait $sender_pid 2>/dev/null
+
+
+GCMARGS256="-k 0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567 -g -e 256"
+echo  $0 ": starting GCM mode 256-bit rtpw receiver process... "
+
+exec $RTPW $* $GCMARGS256 -r 127.0.0.1 $DEST_PORT &
+
+receiver_pid=$!
+
+echo $0 ": receiver PID = $receiver_pid"
+
+sleep 1 
+
+# verify that the background job is running
+ps -e | grep -q $receiver_pid
+retval=$?
+echo $retval
+if [ $retval != 0 ]; then
+    echo $0 ": error"
+    exit 254
+fi
+
+echo  $0 ": starting GCM 256-bit rtpw sender process..."
+
+exec $RTPW $* $GCMARGS256 -s 127.0.0.1 $DEST_PORT  &
+
+sender_pid=$!
+
+echo $0 ": sender PID = $sender_pid"
+
+# verify that the background job is running
+ps -e | grep -q $sender_pid
+retval=$?
+echo $retval
+if [ $retval != 0 ]; then
+    echo $0 ": error"
+    exit 255
+fi
+
+sleep $DURATION
+
+kill $receiver_pid
+kill $sender_pid
+
+wait $receiver_pid 2>/dev/null
+wait $sender_pid 2>/dev/null
+
+GCMARGS256="-k a123456789012345678901234567890123456789012345678901234567890123456789012345678901234567 -g -t 16 -e 256"
+echo  $0 ": starting GCM mode 256-bit (16 byte tag) rtpw receiver process... "
+
+exec $RTPW $* $GCMARGS256 -r 127.0.0.1 $DEST_PORT &
+
+receiver_pid=$!
+
+echo $0 ": receiver PID = $receiver_pid"
+
+sleep 1 
+
+# verify that the background job is running
+ps -e | grep -q $receiver_pid
+retval=$?
+echo $retval
+if [ $retval != 0 ]; then
+    echo $0 ": error"
+    exit 254
+fi
+
+echo  $0 ": starting GCM 256-bit (16 byte tag) rtpw sender process..."
+
+exec $RTPW $* $GCMARGS256 -s 127.0.0.1 $DEST_PORT  &
+
+sender_pid=$!
+
+echo $0 ": sender PID = $sender_pid"
+
+# verify that the background job is running
+ps -e | grep -q $sender_pid
+retval=$?
+echo $retval
+if [ $retval != 0 ]; then
+    echo $0 ": error"
+    exit 255
+fi
+
+sleep $DURATION
+
+kill $receiver_pid
+kill $sender_pid
+
+wait $receiver_pid 2>/dev/null
+wait $sender_pid 2>/dev/null
+
+echo $0 ": done (test passed)"
+
+else 
+
+echo "error: can't find executable" $RTPW
+exit 1
+
+fi
+
+# EOF
+
+
diff --git a/trunk/3rdparty/libsrtp-2-fit/test/srtp_driver.c b/trunk/3rdparty/libsrtp-2-fit/test/srtp_driver.c
new file mode 100644
index 000000000..133554060
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/test/srtp_driver.c
@@ -0,0 +1,3837 @@
+/*
+ * srtp_driver.c
+ *
+ * a test driver for libSRTP
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ */
+/*
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <string.h>   /* for memcpy()          */
+#include <time.h>     /* for clock()           */
+#include <stdlib.h>   /* for malloc(), free()  */
+#include <stdio.h>    /* for print(), fflush() */
+#include "getopt_s.h" /* for local getopt()    */
+
+#include "srtp_priv.h"
+#include "util.h"
+
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#elif defined HAVE_WINSOCK2_H
+#include <winsock2.h>
+#endif
+
+#define PRINT_REFERENCE_PACKET 1
+
+srtp_err_status_t srtp_validate(void);
+
+#ifdef GCM
+srtp_err_status_t srtp_validate_gcm(void);
+#endif
+
+srtp_err_status_t srtp_validate_encrypted_extensions_headers(void);
+
+#ifdef GCM
+srtp_err_status_t srtp_validate_encrypted_extensions_headers_gcm(void);
+#endif
+
+srtp_err_status_t srtp_validate_aes_256(void);
+
+srtp_err_status_t srtp_create_big_policy(srtp_policy_t **list);
+
+srtp_err_status_t srtp_dealloc_big_policy(srtp_policy_t *list);
+
+srtp_err_status_t srtp_test_empty_payload(void);
+
+#ifdef GCM
+srtp_err_status_t srtp_test_empty_payload_gcm(void);
+#endif
+
+srtp_err_status_t srtp_test_remove_stream(void);
+
+srtp_err_status_t srtp_test_update(void);
+
+srtp_err_status_t srtp_test_protect_trailer_length(void);
+
+srtp_err_status_t srtp_test_protect_rtcp_trailer_length(void);
+
+srtp_err_status_t srtp_test_get_roc(void);
+
+srtp_err_status_t srtp_test_set_receiver_roc(void);
+
+srtp_err_status_t srtp_test_set_sender_roc(void);
+
+double srtp_bits_per_second(int msg_len_octets, const srtp_policy_t *policy);
+
+double srtp_rejections_per_second(int msg_len_octets,
+                                  const srtp_policy_t *policy);
+
+void srtp_do_timing(const srtp_policy_t *policy);
+
+void srtp_do_rejection_timing(const srtp_policy_t *policy);
+
+srtp_err_status_t srtp_test(const srtp_policy_t *policy,
+                            int extension_header,
+                            int mki_index);
+
+srtp_err_status_t srtcp_test(const srtp_policy_t *policy, int mki_index);
+
+srtp_err_status_t srtp_session_print_policy(srtp_t srtp);
+
+srtp_err_status_t srtp_print_policy(const srtp_policy_t *policy);
+
+char *srtp_packet_to_string(srtp_hdr_t *hdr, int packet_len);
+
+double mips_estimate(int num_trials, int *ignore);
+
+#define TEST_MKI_ID_SIZE 4
+
+extern uint8_t test_key[46];
+extern uint8_t test_key_2[46];
+extern uint8_t test_mki_id[TEST_MKI_ID_SIZE];
+extern uint8_t test_mki_id_2[TEST_MKI_ID_SIZE];
+
+// clang-format off
+srtp_master_key_t master_key_1 = {
+    test_key,
+    test_mki_id,
+    TEST_MKI_ID_SIZE
+};
+
+srtp_master_key_t master_key_2 = {
+    test_key_2,
+    test_mki_id_2,
+    TEST_MKI_ID_SIZE
+};
+
+srtp_master_key_t *test_keys[2] = {
+    &master_key_1,
+    &master_key_2
+};
+// clang-format on
+
+void usage(char *prog_name)
+{
+    printf("usage: %s [ -t ][ -c ][ -v ][ -o ][-d <debug_module> ]* [ -l ]\n"
+           "  -t         run timing test\n"
+           "  -r         run rejection timing test\n"
+           "  -c         run codec timing test\n"
+           "  -v         run validation tests\n"
+           "  -o         output logging to stdout\n"
+           "  -d <mod>   turn on debugging module <mod>\n"
+           "  -l         list debugging modules\n",
+           prog_name);
+    exit(1);
+}
+
+void log_handler(srtp_log_level_t level, const char *msg, void *data)
+{
+    char level_char = '?';
+    switch (level) {
+    case srtp_log_level_error:
+        level_char = 'e';
+        break;
+    case srtp_log_level_warning:
+        level_char = 'w';
+        break;
+    case srtp_log_level_info:
+        level_char = 'i';
+        break;
+    case srtp_log_level_debug:
+        level_char = 'd';
+        break;
+    }
+    printf("SRTP-LOG [%c]: %s\n", level_char, msg);
+}
+
+/*
+ * The policy_array is a null-terminated array of policy structs. it
+ * is declared at the end of this file
+ */
+
+extern const srtp_policy_t *policy_array[];
+
+/* the wildcard_policy is declared below; it has a wildcard ssrc */
+
+extern const srtp_policy_t wildcard_policy;
+
+/*
+ * mod_driver debug module - debugging module for this test driver
+ *
+ * we use the crypto_kernel debugging system in this driver, which
+ * makes the interface uniform and increases portability
+ */
+
+srtp_debug_module_t mod_driver = {
+    0,       /* debugging is off by default */
+    "driver" /* printable name for module   */
+};
+
+int main(int argc, char *argv[])
+{
+    int q;
+    unsigned do_timing_test = 0;
+    unsigned do_rejection_test = 0;
+    unsigned do_codec_timing = 0;
+    unsigned do_validation = 0;
+    unsigned do_list_mods = 0;
+    unsigned do_log_stdout = 0;
+    srtp_err_status_t status;
+
+    /*
+     * verify that the compiler has interpreted the header data
+     * structure srtp_hdr_t correctly
+     */
+    if (sizeof(srtp_hdr_t) != 12) {
+        printf("error: srtp_hdr_t has incorrect size"
+               "(size is %ld bytes, expected 12)\n",
+               (long)sizeof(srtp_hdr_t));
+        exit(1);
+    }
+
+    /* initialize srtp library */
+    status = srtp_init();
+    if (status) {
+        printf("error: srtp init failed with error code %d\n", status);
+        exit(1);
+    }
+
+    /*  load srtp_driver debug module */
+    status = srtp_crypto_kernel_load_debug_module(&mod_driver);
+    if (status) {
+        printf("error: load of srtp_driver debug module failed "
+               "with error code %d\n",
+               status);
+        exit(1);
+    }
+
+    /* process input arguments */
+    while (1) {
+        q = getopt_s(argc, argv, "trcvold:");
+        if (q == -1) {
+            break;
+        }
+        switch (q) {
+        case 't':
+            do_timing_test = 1;
+            break;
+        case 'r':
+            do_rejection_test = 1;
+            break;
+        case 'c':
+            do_codec_timing = 1;
+            break;
+        case 'v':
+            do_validation = 1;
+            break;
+        case 'o':
+            do_log_stdout = 1;
+            break;
+        case 'l':
+            do_list_mods = 1;
+            break;
+        case 'd':
+            status = srtp_set_debug_module(optarg_s, 1);
+            if (status) {
+                printf("error: set debug module (%s) failed\n", optarg_s);
+                exit(1);
+            }
+            break;
+        default:
+            usage(argv[0]);
+        }
+    }
+
+    if (!do_validation && !do_timing_test && !do_codec_timing &&
+        !do_list_mods && !do_rejection_test) {
+        usage(argv[0]);
+    }
+
+    if (do_log_stdout) {
+        status = srtp_install_log_handler(log_handler, NULL);
+        if (status) {
+            printf("error: install log handler failed\n");
+            exit(1);
+        }
+    }
+
+    if (do_list_mods) {
+        status = srtp_list_debug_modules();
+        if (status) {
+            printf("error: list of debug modules failed\n");
+            exit(1);
+        }
+    }
+
+    if (do_validation) {
+        const srtp_policy_t **policy = policy_array;
+        srtp_policy_t *big_policy;
+
+        /* loop over policy array, testing srtp and srtcp for each policy */
+        while (*policy != NULL) {
+            printf("testing srtp_protect and srtp_unprotect\n");
+            if (srtp_test(*policy, 0, -1) == srtp_err_status_ok) {
+                printf("passed\n\n");
+            } else {
+                printf("failed\n");
+                exit(1);
+            }
+
+            printf("testing srtp_protect and srtp_unprotect with encrypted "
+                   "extensions headers\n");
+            if (srtp_test(*policy, 1, -1) == srtp_err_status_ok) {
+                printf("passed\n\n");
+            } else {
+                printf("failed\n");
+                exit(1);
+            }
+            printf("testing srtp_protect_rtcp and srtp_unprotect_rtcp\n");
+            if (srtcp_test(*policy, -1) == srtp_err_status_ok) {
+                printf("passed\n\n");
+            } else {
+                printf("failed\n");
+                exit(1);
+            }
+            printf("testing srtp_protect_rtp and srtp_unprotect_rtp with MKI "
+                   "index set to 0\n");
+            if (srtp_test(*policy, 0, 0) == srtp_err_status_ok) {
+                printf("passed\n\n");
+            } else {
+                printf("failed\n");
+                exit(1);
+            }
+            printf("testing srtp_protect_rtp and srtp_unprotect_rtp with MKI "
+                   "index set to 1\n");
+            if (srtp_test(*policy, 0, 1) == srtp_err_status_ok) {
+                printf("passed\n\n");
+            } else {
+                printf("failed\n");
+                exit(1);
+            }
+
+            printf("testing srtp_protect_rtcp and srtp_unprotect_rtcp with MKI "
+                   "index set to 0\n");
+            if (srtcp_test(*policy, 0) == srtp_err_status_ok) {
+                printf("passed\n\n");
+            } else {
+                printf("failed\n");
+                exit(1);
+            }
+            printf("testing srtp_protect_rtcp and srtp_unprotect_rtcp with MKI "
+                   "index set to 1\n");
+            if (srtcp_test(*policy, 1) == srtp_err_status_ok) {
+                printf("passed\n\n");
+            } else {
+                printf("failed\n");
+                exit(1);
+            }
+            policy++;
+        }
+
+        /* create a big policy list and run tests on it */
+        status = srtp_create_big_policy(&big_policy);
+        if (status) {
+            printf("unexpected failure with error code %d\n", status);
+            exit(1);
+        }
+        printf("testing srtp_protect and srtp_unprotect with big policy\n");
+        if (srtp_test(big_policy, 0, -1) == srtp_err_status_ok) {
+            printf("passed\n\n");
+        } else {
+            printf("failed\n");
+            exit(1);
+        }
+        printf("testing srtp_protect and srtp_unprotect with big policy and "
+               "encrypted extensions headers\n");
+        if (srtp_test(big_policy, 1, -1) == srtp_err_status_ok) {
+            printf("passed\n\n");
+        } else {
+            printf("failed\n");
+            exit(1);
+        }
+        status = srtp_dealloc_big_policy(big_policy);
+        if (status) {
+            printf("unexpected failure with error code %d\n", status);
+            exit(1);
+        }
+
+        /* run test on wildcard policy */
+        printf("testing srtp_protect and srtp_unprotect on "
+               "wildcard ssrc policy\n");
+        if (srtp_test(&wildcard_policy, 0, -1) == srtp_err_status_ok) {
+            printf("passed\n\n");
+        } else {
+            printf("failed\n");
+            exit(1);
+        }
+        printf("testing srtp_protect and srtp_unprotect on "
+               "wildcard ssrc policy and encrypted extensions headers\n");
+        if (srtp_test(&wildcard_policy, 1, -1) == srtp_err_status_ok) {
+            printf("passed\n\n");
+        } else {
+            printf("failed\n");
+            exit(1);
+        }
+
+        /*
+         * run validation test against the reference packets - note
+         * that this test only covers the default policy
+         */
+        printf("testing srtp_protect and srtp_unprotect against "
+               "reference packet\n");
+        if (srtp_validate() == srtp_err_status_ok) {
+            printf("passed\n\n");
+        } else {
+            printf("failed\n");
+            exit(1);
+        }
+
+#ifdef GCM
+        printf("testing srtp_protect and srtp_unprotect against "
+               "reference packet using GCM\n");
+        if (srtp_validate_gcm() == srtp_err_status_ok) {
+            printf("passed\n\n");
+        } else {
+            printf("failed\n");
+            exit(1);
+        }
+#endif
+
+        printf("testing srtp_protect and srtp_unprotect against "
+               "reference packet with encrypted extensions headers\n");
+        if (srtp_validate_encrypted_extensions_headers() == srtp_err_status_ok)
+            printf("passed\n\n");
+        else {
+            printf("failed\n");
+            exit(1);
+        }
+
+#ifdef GCM
+        printf("testing srtp_protect and srtp_unprotect against "
+               "reference packet with encrypted extension headers (GCM)\n");
+        if (srtp_validate_encrypted_extensions_headers_gcm() ==
+            srtp_err_status_ok) {
+            printf("passed\n\n");
+        } else {
+            printf("failed\n");
+            exit(1);
+        }
+#endif
+
+        /*
+         * run validation test against the reference packets for
+         * AES-256
+         */
+        printf("testing srtp_protect and srtp_unprotect against "
+               "reference packet (AES-256)\n");
+        if (srtp_validate_aes_256() == srtp_err_status_ok) {
+            printf("passed\n\n");
+        } else {
+            printf("failed\n");
+            exit(1);
+        }
+
+        /*
+         * test packets with empty payload
+         */
+        printf("testing srtp_protect and srtp_unprotect against "
+               "packet with empty payload\n");
+        if (srtp_test_empty_payload() == srtp_err_status_ok) {
+            printf("passed\n");
+        } else {
+            printf("failed\n");
+            exit(1);
+        }
+#ifdef GCM
+        printf("testing srtp_protect and srtp_unprotect against "
+               "packet with empty payload (GCM)\n");
+        if (srtp_test_empty_payload_gcm() == srtp_err_status_ok) {
+            printf("passed\n");
+        } else {
+            printf("failed\n");
+            exit(1);
+        }
+#endif
+
+        /*
+         * test the function srtp_remove_stream()
+         */
+        printf("testing srtp_remove_stream()...");
+        if (srtp_test_remove_stream() == srtp_err_status_ok) {
+            printf("passed\n");
+        } else {
+            printf("failed\n");
+            exit(1);
+        }
+
+        /*
+         * test the function srtp_update()
+         */
+        printf("testing srtp_update()...");
+        if (srtp_test_update() == srtp_err_status_ok) {
+            printf("passed\n");
+        } else {
+            printf("failed\n");
+            exit(1);
+        }
+
+        /*
+         * test the functions srtp_get_protect_trailer_length
+         * and srtp_get_protect_rtcp_trailer_length
+         */
+        printf("testing srtp_get_protect_trailer_length()...");
+        if (srtp_test_protect_trailer_length() == srtp_err_status_ok) {
+            printf("passed\n");
+        } else {
+            printf("failed\n");
+            exit(1);
+        }
+
+        printf("testing srtp_get_protect_rtcp_trailer_length()...");
+        if (srtp_test_protect_rtcp_trailer_length() == srtp_err_status_ok) {
+            printf("passed\n");
+        } else {
+            printf("failed\n");
+            exit(1);
+        }
+
+        printf("testing srtp_test_get_roc()...");
+        if (srtp_test_get_roc() == srtp_err_status_ok) {
+            printf("passed\n");
+        } else {
+            printf("failed\n");
+            exit(1);
+        }
+
+        printf("testing srtp_test_set_receiver_roc()...");
+        if (srtp_test_set_receiver_roc() == srtp_err_status_ok) {
+            printf("passed\n");
+        } else {
+            printf("failed\n");
+            exit(1);
+        }
+
+        printf("testing srtp_test_set_sender_roc()...");
+        if (srtp_test_set_sender_roc() == srtp_err_status_ok) {
+            printf("passed\n");
+        } else {
+            printf("failed\n");
+            exit(1);
+        }
+    }
+
+    if (do_timing_test) {
+        const srtp_policy_t **policy = policy_array;
+
+        /* loop over policies, run timing test for each */
+        while (*policy != NULL) {
+            srtp_print_policy(*policy);
+            srtp_do_timing(*policy);
+            policy++;
+        }
+    }
+
+    if (do_rejection_test) {
+        const srtp_policy_t **policy = policy_array;
+
+        /* loop over policies, run rejection timing test for each */
+        while (*policy != NULL) {
+            srtp_print_policy(*policy);
+            srtp_do_rejection_timing(*policy);
+            policy++;
+        }
+    }
+
+    if (do_codec_timing) {
+        srtp_policy_t policy;
+        int ignore;
+        double mips_value = mips_estimate(1000000000, &ignore);
+
+        memset(&policy, 0, sizeof(policy));
+        srtp_crypto_policy_set_rtp_default(&policy.rtp);
+        srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
+        policy.ssrc.type = ssrc_specific;
+        policy.ssrc.value = 0xdecafbad;
+        policy.key = test_key;
+        policy.ekt = NULL;
+        policy.window_size = 128;
+        policy.allow_repeat_tx = 0;
+        policy.next = NULL;
+
+        printf("mips estimate: %e\n", mips_value);
+
+        printf("testing srtp processing time for voice codecs:\n");
+        printf("codec\t\tlength (octets)\t\tsrtp instructions/second\n");
+        printf("G.711\t\t%d\t\t\t%e\n", 80,
+               (double)mips_value * (80 * 8) /
+                   srtp_bits_per_second(80, &policy) / .01);
+        printf("G.711\t\t%d\t\t\t%e\n", 160,
+               (double)mips_value * (160 * 8) /
+                   srtp_bits_per_second(160, &policy) / .02);
+        printf("G.726-32\t%d\t\t\t%e\n", 40,
+               (double)mips_value * (40 * 8) /
+                   srtp_bits_per_second(40, &policy) / .01);
+        printf("G.726-32\t%d\t\t\t%e\n", 80,
+               (double)mips_value * (80 * 8) /
+                   srtp_bits_per_second(80, &policy) / .02);
+        printf("G.729\t\t%d\t\t\t%e\n", 10,
+               (double)mips_value * (10 * 8) /
+                   srtp_bits_per_second(10, &policy) / .01);
+        printf("G.729\t\t%d\t\t\t%e\n", 20,
+               (double)mips_value * (20 * 8) /
+                   srtp_bits_per_second(20, &policy) / .02);
+        printf("Wideband\t%d\t\t\t%e\n", 320,
+               (double)mips_value * (320 * 8) /
+                   srtp_bits_per_second(320, &policy) / .01);
+        printf("Wideband\t%d\t\t\t%e\n", 640,
+               (double)mips_value * (640 * 8) /
+                   srtp_bits_per_second(640, &policy) / .02);
+    }
+
+    status = srtp_shutdown();
+    if (status) {
+        printf("error: srtp shutdown failed with error code %d\n", status);
+        exit(1);
+    }
+
+    return 0;
+}
+
+/*
+ * srtp_create_test_packet(len, ssrc) returns a pointer to a
+ * (malloced) example RTP packet whose data field has the length given
+ * by pkt_octet_len and the SSRC value ssrc.  The total length of the
+ * packet is twelve octets longer, since the header is at the
+ * beginning.  There is room at the end of the packet for a trailer,
+ * and the four octets following the packet are filled with 0xff
+ * values to enable testing for overwrites.
+ *
+ * note that the location of the test packet can (and should) be
+ * deallocated with the free() call once it is no longer needed.
+ */
+
+srtp_hdr_t *srtp_create_test_packet(int pkt_octet_len,
+                                    uint32_t ssrc,
+                                    int *pkt_len)
+{
+    int i;
+    uint8_t *buffer;
+    srtp_hdr_t *hdr;
+    int bytes_in_hdr = 12;
+
+    /* allocate memory for test packet */
+    hdr = (srtp_hdr_t *)malloc(pkt_octet_len + bytes_in_hdr +
+                               SRTP_MAX_TRAILER_LEN + 4);
+    if (!hdr) {
+        return NULL;
+    }
+
+    hdr->version = 2;            /* RTP version two     */
+    hdr->p = 0;                  /* no padding needed   */
+    hdr->x = 0;                  /* no header extension */
+    hdr->cc = 0;                 /* no CSRCs            */
+    hdr->m = 0;                  /* marker bit          */
+    hdr->pt = 0xf;               /* payload type        */
+    hdr->seq = htons(0x1234);    /* sequence number     */
+    hdr->ts = htonl(0xdecafbad); /* timestamp           */
+    hdr->ssrc = htonl(ssrc);     /* synch. source       */
+
+    buffer = (uint8_t *)hdr;
+    buffer += bytes_in_hdr;
+
+    /* set RTP data to 0xab */
+    for (i = 0; i < pkt_octet_len; i++) {
+        *buffer++ = 0xab;
+    }
+
+    /* set post-data value to 0xffff to enable overrun checking */
+    for (i = 0; i < SRTP_MAX_TRAILER_LEN + 4; i++) {
+        *buffer++ = 0xff;
+    }
+
+    *pkt_len = bytes_in_hdr + pkt_octet_len;
+
+    return hdr;
+}
+
+static srtp_hdr_t *srtp_create_test_packet_extended(int pkt_octet_len,
+                                                    uint32_t ssrc,
+                                                    uint16_t seq,
+                                                    uint32_t ts,
+                                                    int *pkt_len)
+{
+    srtp_hdr_t *hdr;
+
+    hdr = srtp_create_test_packet(pkt_octet_len, ssrc, pkt_len);
+    if (hdr == NULL)
+        return hdr;
+
+    hdr->seq = htons(seq);
+    hdr->ts = htonl(ts);
+    return hdr;
+}
+
+srtp_hdr_t *srtp_create_test_packet_ext_hdr(int pkt_octet_len,
+                                            uint32_t ssrc,
+                                            int *pkt_len)
+{
+    int i;
+    uint8_t *buffer;
+    srtp_hdr_t *hdr;
+    int bytes_in_hdr = 12;
+    uint8_t extension_header[12] = { /* one-byte header */
+                                     0xbe, 0xde,
+                                     /* size */
+                                     0x00, 0x02,
+                                     /* id 1, length 1 (i.e. 2 bytes) */
+                                     0x11,
+                                     /* payload */
+                                     0xca, 0xfe,
+                                     /* padding */
+                                     0x00,
+                                     /* id 2, length 0 (i.e. 1 byte) */
+                                     0x20,
+                                     /* payload */
+                                     0xba,
+                                     /* padding */
+                                     0x00, 0x00
+    };
+
+    /* allocate memory for test packet */
+    hdr = (srtp_hdr_t *)malloc(pkt_octet_len + bytes_in_hdr +
+                               sizeof(extension_header) + SRTP_MAX_TRAILER_LEN +
+                               4);
+    if (!hdr)
+        return NULL;
+
+    hdr->version = 2;            /* RTP version two     */
+    hdr->p = 0;                  /* no padding needed   */
+    hdr->x = 1;                  /* no header extension */
+    hdr->cc = 0;                 /* no CSRCs            */
+    hdr->m = 0;                  /* marker bit          */
+    hdr->pt = 0xf;               /* payload type        */
+    hdr->seq = htons(0x1234);    /* sequence number     */
+    hdr->ts = htonl(0xdecafbad); /* timestamp           */
+    hdr->ssrc = htonl(ssrc);     /* synch. source       */
+
+    buffer = (uint8_t *)hdr;
+    buffer += bytes_in_hdr;
+
+    memcpy(buffer, extension_header, sizeof(extension_header));
+    buffer += sizeof(extension_header);
+
+    /* set RTP data to 0xab */
+    for (i = 0; i < pkt_octet_len; i++)
+        *buffer++ = 0xab;
+
+    /* set post-data value to 0xffff to enable overrun checking */
+    for (i = 0; i < SRTP_MAX_TRAILER_LEN + 4; i++)
+        *buffer++ = 0xff;
+
+    *pkt_len = bytes_in_hdr + sizeof(extension_header) + pkt_octet_len;
+
+    return hdr;
+}
+
+void srtp_do_timing(const srtp_policy_t *policy)
+{
+    int len;
+
+    /*
+     * note: the output of this function is formatted so that it
+     * can be used in gnuplot.  '#' indicates a comment, and "\r\n"
+     * terminates a record
+     */
+
+    printf("# testing srtp throughput:\r\n");
+    printf("# mesg length (octets)\tthroughput (megabits per second)\r\n");
+
+    for (len = 16; len <= 2048; len *= 2) {
+        printf("%d\t\t\t%f\r\n", len,
+               srtp_bits_per_second(len, policy) / 1.0E6);
+    }
+
+    /* these extra linefeeds let gnuplot know that a dataset is done */
+    printf("\r\n\r\n");
+}
+
+void srtp_do_rejection_timing(const srtp_policy_t *policy)
+{
+    int len;
+
+    /*
+     * note: the output of this function is formatted so that it
+     * can be used in gnuplot.  '#' indicates a comment, and "\r\n"
+     * terminates a record
+     */
+
+    printf("# testing srtp rejection throughput:\r\n");
+    printf("# mesg length (octets)\trejections per second\r\n");
+
+    for (len = 8; len <= 2048; len *= 2) {
+        printf("%d\t\t\t%e\r\n", len, srtp_rejections_per_second(len, policy));
+    }
+
+    /* these extra linefeeds let gnuplot know that a dataset is done */
+    printf("\r\n\r\n");
+}
+
+#define MAX_MSG_LEN 1024
+
+double srtp_bits_per_second(int msg_len_octets, const srtp_policy_t *policy)
+{
+    srtp_t srtp;
+    srtp_hdr_t *mesg;
+    int i;
+    clock_t timer;
+    int num_trials = 100000;
+    int input_len, len;
+    uint32_t ssrc;
+    srtp_err_status_t status;
+
+    /*
+     * allocate and initialize an srtp session
+     */
+    status = srtp_create(&srtp, policy);
+    if (status) {
+        printf("error: srtp_create() failed with error code %d\n", status);
+        exit(1);
+    }
+
+    /*
+     * if the ssrc is unspecified, use a predetermined one
+     */
+    if (policy->ssrc.type != ssrc_specific) {
+        ssrc = 0xdeadbeef;
+    } else {
+        ssrc = policy->ssrc.value;
+    }
+
+    /*
+     * create a test packet
+     */
+    mesg = srtp_create_test_packet(msg_len_octets, ssrc, &input_len);
+    if (mesg == NULL) {
+        return 0.0; /* indicate failure by returning zero */
+    }
+    timer = clock();
+    for (i = 0; i < num_trials; i++) {
+        len = input_len;
+        /* srtp protect message */
+        status = srtp_protect(srtp, mesg, &len);
+        if (status) {
+            printf("error: srtp_protect() failed with error code %d\n", status);
+            exit(1);
+        }
+
+        /* increment message number */
+        {
+            /* hack sequence to avoid problems with macros for htons/ntohs on
+             * some systems */
+            short new_seq = ntohs(mesg->seq) + 1;
+            mesg->seq = htons(new_seq);
+        }
+    }
+    timer = clock() - timer;
+
+    free(mesg);
+
+    status = srtp_dealloc(srtp);
+    if (status) {
+        printf("error: srtp_dealloc() failed with error code %d\n", status);
+        exit(1);
+    }
+
+    return (double)(msg_len_octets)*8 * num_trials * CLOCKS_PER_SEC / timer;
+}
+
+double srtp_rejections_per_second(int msg_len_octets,
+                                  const srtp_policy_t *policy)
+{
+    srtp_ctx_t *srtp;
+    srtp_hdr_t *mesg;
+    int i;
+    int len;
+    clock_t timer;
+    int num_trials = 1000000;
+    uint32_t ssrc = policy->ssrc.value;
+    srtp_err_status_t status;
+
+    /*
+     * allocate and initialize an srtp session
+     */
+    status = srtp_create(&srtp, policy);
+    if (status) {
+        printf("error: srtp_create() failed with error code %d\n", status);
+        exit(1);
+    }
+
+    mesg = srtp_create_test_packet(msg_len_octets, ssrc, &len);
+    if (mesg == NULL) {
+        return 0.0; /* indicate failure by returning zero */
+    }
+    srtp_protect(srtp, (srtp_hdr_t *)mesg, &len);
+
+    timer = clock();
+    for (i = 0; i < num_trials; i++) {
+        len = msg_len_octets;
+        srtp_unprotect(srtp, (srtp_hdr_t *)mesg, &len);
+    }
+    timer = clock() - timer;
+
+    free(mesg);
+
+    status = srtp_dealloc(srtp);
+    if (status) {
+        printf("error: srtp_dealloc() failed with error code %d\n", status);
+        exit(1);
+    }
+
+    return (double)num_trials * CLOCKS_PER_SEC / timer;
+}
+
+void err_check(srtp_err_status_t s)
+{
+    if (s == srtp_err_status_ok) {
+        return;
+    } else {
+        fprintf(stderr, "error: unexpected srtp failure (code %d)\n", s);
+    }
+    exit(1);
+}
+
+srtp_err_status_t srtp_test_call_protect(srtp_t srtp_sender,
+                                         srtp_hdr_t *hdr,
+                                         int *len,
+                                         int mki_index)
+{
+    if (mki_index == -1) {
+        return srtp_protect(srtp_sender, hdr, len);
+    } else {
+        return srtp_protect_mki(srtp_sender, hdr, len, 1, mki_index);
+    }
+}
+
+srtp_err_status_t srtp_test_call_protect_rtcp(srtp_t srtp_sender,
+                                              srtp_hdr_t *hdr,
+                                              int *len,
+                                              int mki_index)
+{
+    if (mki_index == -1) {
+        return srtp_protect_rtcp(srtp_sender, hdr, len);
+    } else {
+        return srtp_protect_rtcp_mki(srtp_sender, hdr, len, 1, mki_index);
+    }
+}
+
+srtp_err_status_t srtp_test_call_unprotect(srtp_t srtp_sender,
+                                           srtp_hdr_t *hdr,
+                                           int *len,
+                                           int use_mki)
+{
+    if (use_mki == -1) {
+        return srtp_unprotect(srtp_sender, hdr, len);
+    } else {
+        return srtp_unprotect_mki(srtp_sender, hdr, len, use_mki);
+    }
+}
+
+srtp_err_status_t srtp_test_call_unprotect_rtcp(srtp_t srtp_sender,
+                                                srtp_hdr_t *hdr,
+                                                int *len,
+                                                int use_mki)
+{
+    if (use_mki == -1) {
+        return srtp_unprotect_rtcp(srtp_sender, hdr, len);
+    } else {
+        return srtp_unprotect_rtcp_mki(srtp_sender, hdr, len, use_mki);
+    }
+}
+
+srtp_err_status_t srtp_test(const srtp_policy_t *policy,
+                            int extension_header,
+                            int mki_index)
+{
+    int i;
+    srtp_t srtp_sender;
+    srtp_t srtp_rcvr;
+    srtp_err_status_t status = srtp_err_status_ok;
+    srtp_hdr_t *hdr, *hdr2;
+    uint8_t hdr_enc[64];
+    uint8_t *pkt_end;
+    int msg_len_octets, msg_len_enc, msg_len;
+    int len, len2;
+    uint32_t tag_length;
+    uint32_t ssrc;
+    srtp_policy_t *rcvr_policy;
+    srtp_policy_t tmp_policy;
+    int header = 1;
+    int use_mki = 0;
+
+    if (mki_index >= 0)
+        use_mki = 1;
+
+    if (extension_header) {
+        memcpy(&tmp_policy, policy, sizeof(srtp_policy_t));
+        tmp_policy.enc_xtn_hdr = &header;
+        tmp_policy.enc_xtn_hdr_count = 1;
+        err_check(srtp_create(&srtp_sender, &tmp_policy));
+    } else {
+        err_check(srtp_create(&srtp_sender, policy));
+    }
+
+    /* print out policy */
+    err_check(srtp_session_print_policy(srtp_sender));
+
+    /*
+     * initialize data buffer, using the ssrc in the policy unless that
+     * value is a wildcard, in which case we'll just use an arbitrary
+     * one
+     */
+    if (policy->ssrc.type != ssrc_specific) {
+        ssrc = 0xdecafbad;
+    } else {
+        ssrc = policy->ssrc.value;
+    }
+    msg_len_octets = 28;
+    if (extension_header) {
+        hdr = srtp_create_test_packet_ext_hdr(msg_len_octets, ssrc, &len);
+        hdr2 = srtp_create_test_packet_ext_hdr(msg_len_octets, ssrc, &len2);
+    } else {
+        hdr = srtp_create_test_packet(msg_len_octets, ssrc, &len);
+        hdr2 = srtp_create_test_packet(msg_len_octets, ssrc, &len2);
+    }
+
+    /* save original msg len */
+    msg_len = len;
+
+    if (hdr == NULL) {
+        free(hdr2);
+        return srtp_err_status_alloc_fail;
+    }
+    if (hdr2 == NULL) {
+        free(hdr);
+        return srtp_err_status_alloc_fail;
+    }
+
+    debug_print(mod_driver, "before protection:\n%s",
+                srtp_packet_to_string(hdr, len));
+
+#if PRINT_REFERENCE_PACKET
+    debug_print(mod_driver, "reference packet before protection:\n%s",
+                octet_string_hex_string((uint8_t *)hdr, len));
+#endif
+    err_check(srtp_test_call_protect(srtp_sender, hdr, &len, mki_index));
+
+    debug_print(mod_driver, "after protection:\n%s",
+                srtp_packet_to_string(hdr, len));
+#if PRINT_REFERENCE_PACKET
+    debug_print(mod_driver, "after protection:\n%s",
+                octet_string_hex_string((uint8_t *)hdr, len));
+#endif
+
+    /* save protected message and length */
+    memcpy(hdr_enc, hdr, len);
+    msg_len_enc = len;
+
+    /*
+     * check for overrun of the srtp_protect() function
+     *
+     * The packet is followed by a value of 0xfffff; if the value of the
+     * data following the packet is different, then we know that the
+     * protect function is overwriting the end of the packet.
+     */
+    err_check(srtp_get_protect_trailer_length(srtp_sender, use_mki, mki_index,
+                                              &tag_length));
+    pkt_end = (uint8_t *)hdr + msg_len + tag_length;
+    for (i = 0; i < 4; i++) {
+        if (pkt_end[i] != 0xff) {
+            fprintf(stdout, "overwrite in srtp_protect() function "
+                            "(expected %x, found %x in trailing octet %d)\n",
+                    0xff, ((uint8_t *)hdr)[i], i);
+            free(hdr);
+            free(hdr2);
+            return srtp_err_status_algo_fail;
+        }
+    }
+
+    /*
+     * if the policy includes confidentiality, check that ciphertext is
+     * different than plaintext
+     *
+     * Note that this check will give false negatives, with some small
+     * probability, especially if the packets are short.  For that
+     * reason, we skip this check if the plaintext is less than four
+     * octets long.
+     */
+    if ((policy->rtp.sec_serv & sec_serv_conf) && (msg_len_octets >= 4)) {
+        printf("testing that ciphertext is distinct from plaintext...");
+        status = srtp_err_status_algo_fail;
+        for (i = 12; i < msg_len_octets + 12; i++) {
+            if (((uint8_t *)hdr)[i] != ((uint8_t *)hdr2)[i]) {
+                status = srtp_err_status_ok;
+            }
+        }
+        if (status) {
+            printf("failed\n");
+            free(hdr);
+            free(hdr2);
+            return status;
+        }
+        printf("passed\n");
+    }
+
+    /*
+     * if the policy uses a 'wildcard' ssrc, then we need to make a copy
+     * of the policy that changes the direction to inbound
+     *
+     * we always copy the policy into the rcvr_policy, since otherwise
+     * the compiler would fret about the constness of the policy
+     */
+    rcvr_policy = (srtp_policy_t *)malloc(sizeof(srtp_policy_t));
+    if (rcvr_policy == NULL) {
+        free(hdr);
+        free(hdr2);
+        return srtp_err_status_alloc_fail;
+    }
+    if (extension_header) {
+        memcpy(rcvr_policy, &tmp_policy, sizeof(srtp_policy_t));
+        if (tmp_policy.ssrc.type == ssrc_any_outbound) {
+            rcvr_policy->ssrc.type = ssrc_any_inbound;
+        }
+    } else {
+        memcpy(rcvr_policy, policy, sizeof(srtp_policy_t));
+        if (policy->ssrc.type == ssrc_any_outbound) {
+            rcvr_policy->ssrc.type = ssrc_any_inbound;
+        }
+    }
+
+    err_check(srtp_create(&srtp_rcvr, rcvr_policy));
+
+    err_check(srtp_test_call_unprotect(srtp_rcvr, hdr, &len, use_mki));
+
+    debug_print(mod_driver, "after unprotection:\n%s",
+                srtp_packet_to_string(hdr, len));
+
+    /* verify that the unprotected packet matches the origial one */
+    for (i = 0; i < len; i++) {
+        if (((uint8_t *)hdr)[i] != ((uint8_t *)hdr2)[i]) {
+            fprintf(stdout, "mismatch at octet %d\n", i);
+            status = srtp_err_status_algo_fail;
+        }
+    }
+    if (status) {
+        free(hdr);
+        free(hdr2);
+        free(rcvr_policy);
+        return status;
+    }
+
+    /*
+     * if the policy includes authentication, then test for false positives
+     */
+    if (policy->rtp.sec_serv & sec_serv_auth) {
+        char *data = ((char *)hdr) + (extension_header ? 24 : 12);
+
+        printf("testing for false positives in replay check...");
+
+        /* unprotect a second time - should fail with a replay error */
+        status =
+            srtp_test_call_unprotect(srtp_rcvr, hdr, &msg_len_enc, use_mki);
+        if (status != srtp_err_status_replay_fail) {
+            printf("failed with error code %d\n", status);
+            free(hdr);
+            free(hdr2);
+            free(rcvr_policy);
+            return status;
+        } else {
+            printf("passed\n");
+        }
+
+        printf("testing for false positives in auth check...");
+
+        /* increment sequence number in header */
+        hdr->seq++;
+
+        /* apply protection */
+        err_check(srtp_test_call_protect(srtp_sender, hdr, &len, mki_index));
+
+        /* flip bits in packet */
+        data[0] ^= 0xff;
+
+        /* unprotect, and check for authentication failure */
+        status = srtp_test_call_unprotect(srtp_rcvr, hdr, &len, use_mki);
+        if (status != srtp_err_status_auth_fail) {
+            printf("failed\n");
+            free(hdr);
+            free(hdr2);
+            free(rcvr_policy);
+            return status;
+        } else {
+            printf("passed\n");
+        }
+    }
+
+    err_check(srtp_dealloc(srtp_sender));
+    err_check(srtp_dealloc(srtp_rcvr));
+
+    free(hdr);
+    free(hdr2);
+    free(rcvr_policy);
+    return srtp_err_status_ok;
+}
+
+srtp_err_status_t srtcp_test(const srtp_policy_t *policy, int mki_index)
+{
+    int i;
+    srtp_t srtcp_sender;
+    srtp_t srtcp_rcvr;
+    srtp_err_status_t status = srtp_err_status_ok;
+    srtp_hdr_t *hdr, *hdr2;
+    uint8_t hdr_enc[64];
+    uint8_t *pkt_end;
+    int msg_len_octets, msg_len_enc, msg_len;
+    int len, len2;
+    uint32_t tag_length;
+    uint32_t ssrc;
+    srtp_policy_t *rcvr_policy;
+    int use_mki = 0;
+
+    if (mki_index >= 0)
+        use_mki = 1;
+
+    err_check(srtp_create(&srtcp_sender, policy));
+
+    /* print out policy */
+    err_check(srtp_session_print_policy(srtcp_sender));
+
+    /*
+     * initialize data buffer, using the ssrc in the policy unless that
+     * value is a wildcard, in which case we'll just use an arbitrary
+     * one
+     */
+    if (policy->ssrc.type != ssrc_specific) {
+        ssrc = 0xdecafbad;
+    } else {
+        ssrc = policy->ssrc.value;
+    }
+    msg_len_octets = 28;
+    hdr = srtp_create_test_packet(msg_len_octets, ssrc, &len);
+    /* save message len */
+    msg_len = len;
+
+    if (hdr == NULL) {
+        return srtp_err_status_alloc_fail;
+    }
+    hdr2 = srtp_create_test_packet(msg_len_octets, ssrc, &len2);
+    if (hdr2 == NULL) {
+        free(hdr);
+        return srtp_err_status_alloc_fail;
+    }
+
+    debug_print(mod_driver, "before protection:\n%s",
+                srtp_packet_to_string(hdr, len));
+
+#if PRINT_REFERENCE_PACKET
+    debug_print(mod_driver, "reference packet before protection:\n%s",
+                octet_string_hex_string((uint8_t *)hdr, len));
+#endif
+    err_check(srtp_test_call_protect_rtcp(srtcp_sender, hdr, &len, mki_index));
+
+    debug_print(mod_driver, "after protection:\n%s",
+                srtp_packet_to_string(hdr, len));
+#if PRINT_REFERENCE_PACKET
+    debug_print(mod_driver, "after protection:\n%s",
+                octet_string_hex_string((uint8_t *)hdr, len));
+#endif
+
+    /* save protected message and length */
+    memcpy(hdr_enc, hdr, len);
+    msg_len_enc = len;
+
+    /*
+     * check for overrun of the srtp_protect() function
+     *
+     * The packet is followed by a value of 0xfffff; if the value of the
+     * data following the packet is different, then we know that the
+     * protect function is overwriting the end of the packet.
+     */
+    srtp_get_protect_rtcp_trailer_length(srtcp_sender, use_mki, mki_index,
+                                         &tag_length);
+    pkt_end = (uint8_t *)hdr + msg_len + tag_length;
+    for (i = 0; i < 4; i++) {
+        if (pkt_end[i] != 0xff) {
+            fprintf(stdout, "overwrite in srtp_protect_rtcp() function "
+                            "(expected %x, found %x in trailing octet %d)\n",
+                    0xff, ((uint8_t *)hdr)[i], i);
+            free(hdr);
+            free(hdr2);
+            return srtp_err_status_algo_fail;
+        }
+    }
+
+    /*
+     * if the policy includes confidentiality, check that ciphertext is
+     * different than plaintext
+     *
+     * Note that this check will give false negatives, with some small
+     * probability, especially if the packets are short.  For that
+     * reason, we skip this check if the plaintext is less than four
+     * octets long.
+     */
+    if ((policy->rtcp.sec_serv & sec_serv_conf) && (msg_len_octets >= 4)) {
+        printf("testing that ciphertext is distinct from plaintext...");
+        status = srtp_err_status_algo_fail;
+        for (i = 12; i < msg_len_octets + 12; i++) {
+            if (((uint8_t *)hdr)[i] != ((uint8_t *)hdr2)[i]) {
+                status = srtp_err_status_ok;
+            }
+        }
+        if (status) {
+            printf("failed\n");
+            free(hdr);
+            free(hdr2);
+            return status;
+        }
+        printf("passed\n");
+    }
+
+    /*
+     * if the policy uses a 'wildcard' ssrc, then we need to make a copy
+     * of the policy that changes the direction to inbound
+     *
+     * we always copy the policy into the rcvr_policy, since otherwise
+     * the compiler would fret about the constness of the policy
+     */
+    rcvr_policy = (srtp_policy_t *)malloc(sizeof(srtp_policy_t));
+    if (rcvr_policy == NULL) {
+        free(hdr);
+        free(hdr2);
+        return srtp_err_status_alloc_fail;
+    }
+    memcpy(rcvr_policy, policy, sizeof(srtp_policy_t));
+    if (policy->ssrc.type == ssrc_any_outbound) {
+        rcvr_policy->ssrc.type = ssrc_any_inbound;
+    }
+
+    err_check(srtp_create(&srtcp_rcvr, rcvr_policy));
+
+    err_check(srtp_test_call_unprotect_rtcp(srtcp_rcvr, hdr, &len, use_mki));
+
+    debug_print(mod_driver, "after unprotection:\n%s",
+                srtp_packet_to_string(hdr, len));
+
+    /* verify that the unprotected packet matches the origial one */
+    for (i = 0; i < len; i++) {
+        if (((uint8_t *)hdr)[i] != ((uint8_t *)hdr2)[i]) {
+            fprintf(stdout, "mismatch at octet %d\n", i);
+            status = srtp_err_status_algo_fail;
+        }
+    }
+    if (status) {
+        free(hdr);
+        free(hdr2);
+        free(rcvr_policy);
+        return status;
+    }
+
+    /*
+     * if the policy includes authentication, then test for false positives
+     */
+    if (policy->rtp.sec_serv & sec_serv_auth) {
+        char *data = ((char *)hdr) + 12;
+
+        printf("testing for false positives in replay check...");
+
+        /* unprotect a second time - should fail with a replay error */
+        status = srtp_test_call_unprotect_rtcp(srtcp_rcvr, hdr, &msg_len_enc,
+                                               use_mki);
+        if (status != srtp_err_status_replay_fail) {
+            printf("failed with error code %d\n", status);
+            free(hdr);
+            free(hdr2);
+            free(rcvr_policy);
+            return status;
+        } else {
+            printf("passed\n");
+        }
+
+        printf("testing for false positives in auth check...");
+
+        /* increment sequence number in header */
+        hdr->seq++;
+
+        /* apply protection */
+        err_check(
+            srtp_test_call_protect_rtcp(srtcp_sender, hdr, &len, mki_index));
+
+        /* flip bits in packet */
+        data[0] ^= 0xff;
+
+        /* unprotect, and check for authentication failure */
+        status = srtp_test_call_unprotect_rtcp(srtcp_rcvr, hdr, &len, use_mki);
+        if (status != srtp_err_status_auth_fail) {
+            printf("failed\n");
+            free(hdr);
+            free(hdr2);
+            free(rcvr_policy);
+            return status;
+        } else {
+            printf("passed\n");
+        }
+    }
+
+    err_check(srtp_dealloc(srtcp_sender));
+    err_check(srtp_dealloc(srtcp_rcvr));
+
+    free(hdr);
+    free(hdr2);
+    free(rcvr_policy);
+    return srtp_err_status_ok;
+}
+
+srtp_err_status_t srtp_session_print_policy(srtp_t srtp)
+{
+    char *serv_descr[4] = { "none", "confidentiality", "authentication",
+                            "confidentiality and authentication" };
+    char *direction[3] = { "unknown", "outbound", "inbound" };
+    srtp_stream_t stream;
+    srtp_session_keys_t *session_keys = NULL;
+
+    /* sanity checking */
+    if (srtp == NULL) {
+        return srtp_err_status_fail;
+    }
+
+    /* if there's a template stream, print it out */
+    if (srtp->stream_template != NULL) {
+        stream = srtp->stream_template;
+        session_keys = &stream->session_keys[0];
+        printf("# SSRC:          any %s\r\n"
+               "# rtp cipher:    %s\r\n"
+               "# rtp auth:      %s\r\n"
+               "# rtp services:  %s\r\n"
+               "# rtcp cipher:   %s\r\n"
+               "# rtcp auth:     %s\r\n"
+               "# rtcp services: %s\r\n"
+               "# window size:   %lu\r\n"
+               "# tx rtx allowed:%s\r\n",
+               direction[stream->direction],
+               session_keys->rtp_cipher->type->description,
+               session_keys->rtp_auth->type->description,
+               serv_descr[stream->rtp_services],
+               session_keys->rtcp_cipher->type->description,
+               session_keys->rtcp_auth->type->description,
+               serv_descr[stream->rtcp_services],
+               srtp_rdbx_get_window_size(&stream->rtp_rdbx),
+               stream->allow_repeat_tx ? "true" : "false");
+
+        printf("# Encrypted extension headers: ");
+        if (stream->enc_xtn_hdr && stream->enc_xtn_hdr_count > 0) {
+            int *enc_xtn_hdr = stream->enc_xtn_hdr;
+            int count = stream->enc_xtn_hdr_count;
+            while (count > 0) {
+                printf("%d ", *enc_xtn_hdr);
+                enc_xtn_hdr++;
+                count--;
+            }
+            printf("\n");
+        } else {
+            printf("none\n");
+        }
+    }
+
+    /* loop over streams in session, printing the policy of each */
+    stream = srtp->stream_list;
+    while (stream != NULL) {
+        if (stream->rtp_services > sec_serv_conf_and_auth) {
+            return srtp_err_status_bad_param;
+        }
+        session_keys = &stream->session_keys[0];
+
+        printf("# SSRC:          0x%08x\r\n"
+               "# rtp cipher:    %s\r\n"
+               "# rtp auth:      %s\r\n"
+               "# rtp services:  %s\r\n"
+               "# rtcp cipher:   %s\r\n"
+               "# rtcp auth:     %s\r\n"
+               "# rtcp services: %s\r\n"
+               "# window size:   %lu\r\n"
+               "# tx rtx allowed:%s\r\n",
+               stream->ssrc, session_keys->rtp_cipher->type->description,
+               session_keys->rtp_auth->type->description,
+               serv_descr[stream->rtp_services],
+               session_keys->rtcp_cipher->type->description,
+               session_keys->rtcp_auth->type->description,
+               serv_descr[stream->rtcp_services],
+               srtp_rdbx_get_window_size(&stream->rtp_rdbx),
+               stream->allow_repeat_tx ? "true" : "false");
+
+        printf("# Encrypted extension headers: ");
+        if (stream->enc_xtn_hdr && stream->enc_xtn_hdr_count > 0) {
+            int *enc_xtn_hdr = stream->enc_xtn_hdr;
+            int count = stream->enc_xtn_hdr_count;
+            while (count > 0) {
+                printf("%d ", *enc_xtn_hdr);
+                enc_xtn_hdr++;
+                count--;
+            }
+            printf("\n");
+        } else {
+            printf("none\n");
+        }
+
+        /* advance to next stream in the list */
+        stream = stream->next;
+    }
+    return srtp_err_status_ok;
+}
+
+srtp_err_status_t srtp_print_policy(const srtp_policy_t *policy)
+{
+    srtp_err_status_t status;
+    srtp_t session;
+
+    status = srtp_create(&session, policy);
+    if (status) {
+        return status;
+    }
+    status = srtp_session_print_policy(session);
+    if (status) {
+        return status;
+    }
+    status = srtp_dealloc(session);
+    if (status) {
+        return status;
+    }
+    return srtp_err_status_ok;
+}
+
+/*
+ * srtp_print_packet(...) is for debugging only
+ * it prints an RTP packet to the stdout
+ *
+ * note that this function is *not* threadsafe
+ */
+
+#include <stdio.h>
+
+#define MTU 2048
+
+char packet_string[MTU];
+
+char *srtp_packet_to_string(srtp_hdr_t *hdr, int pkt_octet_len)
+{
+    int octets_in_rtp_header = 12;
+    uint8_t *data = ((uint8_t *)hdr) + octets_in_rtp_header;
+    int hex_len = pkt_octet_len - octets_in_rtp_header;
+
+    /* sanity checking */
+    if ((hdr == NULL) || (pkt_octet_len > MTU)) {
+        return NULL;
+    }
+
+    /* write packet into string */
+    sprintf(packet_string, "(s)rtp packet: {\n"
+                           "   version:\t%d\n"
+                           "   p:\t\t%d\n"
+                           "   x:\t\t%d\n"
+                           "   cc:\t\t%d\n"
+                           "   m:\t\t%d\n"
+                           "   pt:\t\t%x\n"
+                           "   seq:\t\t%x\n"
+                           "   ts:\t\t%x\n"
+                           "   ssrc:\t%x\n"
+                           "   data:\t%s\n"
+                           "} (%d octets in total)\n",
+            hdr->version, hdr->p, hdr->x, hdr->cc, hdr->m, hdr->pt, hdr->seq,
+            hdr->ts, hdr->ssrc, octet_string_hex_string(data, hex_len),
+            pkt_octet_len);
+
+    return packet_string;
+}
+
+/*
+ * mips_estimate() is a simple function to estimate the number of
+ * instructions per second that the host can perform.  note that this
+ * function can be grossly wrong; you may want to have a manual sanity
+ * check of its output!
+ *
+ * the 'ignore' pointer is there to convince the compiler to not just
+ * optimize away the function
+ */
+
+double mips_estimate(int num_trials, int *ignore)
+{
+    clock_t t;
+    volatile int i, sum;
+
+    sum = 0;
+    t = clock();
+    for (i = 0; i < num_trials; i++) {
+        sum += i;
+    }
+    t = clock() - t;
+    if (t < 1) {
+        t = 1;
+    }
+
+    /*   printf("%d\n", sum); */
+    *ignore = sum;
+
+    return (double)num_trials * CLOCKS_PER_SEC / t;
+}
+
+/*
+ * srtp_validate() verifies the correctness of libsrtp by comparing
+ * some computed packets against some pre-computed reference values.
+ * These packets were made with the default SRTP policy.
+ */
+
+srtp_err_status_t srtp_validate()
+{
+    // clang-format off
+    uint8_t srtp_plaintext_ref[28] = {
+        0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
+        0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab,
+        0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+        0xab, 0xab, 0xab, 0xab
+    };
+    uint8_t srtp_plaintext[38] = {
+        0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
+        0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab,
+        0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+        0xab, 0xab, 0xab, 0xab, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+    };
+    uint8_t srtp_ciphertext[38] = {
+        0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
+        0xca, 0xfe, 0xba, 0xbe, 0x4e, 0x55, 0xdc, 0x4c,
+        0xe7, 0x99, 0x78, 0xd8, 0x8c, 0xa4, 0xd2, 0x15,
+        0x94, 0x9d, 0x24, 0x02, 0xb7, 0x8d, 0x6a, 0xcc,
+        0x99, 0xea, 0x17, 0x9b, 0x8d, 0xbb
+    };
+    uint8_t rtcp_plaintext_ref[24] = {
+        0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe,
+        0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+        0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+    };
+    uint8_t rtcp_plaintext[38] = {
+        0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe,
+        0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+        0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+    };
+    uint8_t srtcp_ciphertext[38] = {
+        0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe,
+        0x71, 0x28, 0x03, 0x5b, 0xe4, 0x87, 0xb9, 0xbd,
+        0xbe, 0xf8, 0x90, 0x41, 0xf9, 0x77, 0xa5, 0xa8,
+        0x80, 0x00, 0x00, 0x01, 0x99, 0x3e, 0x08, 0xcd,
+        0x54, 0xd6, 0xc1, 0x23, 0x07, 0x98
+    };
+    // clang-format on
+
+    srtp_t srtp_snd, srtp_recv;
+    srtp_err_status_t status;
+    int len;
+    srtp_policy_t policy;
+
+    /*
+     * create a session with a single stream using the default srtp
+     * policy and with the SSRC value 0xcafebabe
+     */
+    memset(&policy, 0, sizeof(policy));
+    srtp_crypto_policy_set_rtp_default(&policy.rtp);
+    srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
+    policy.ssrc.type = ssrc_specific;
+    policy.ssrc.value = 0xcafebabe;
+    policy.key = test_key;
+    policy.ekt = NULL;
+    policy.window_size = 128;
+    policy.allow_repeat_tx = 0;
+    policy.next = NULL;
+
+    status = srtp_create(&srtp_snd, &policy);
+    if (status) {
+        return status;
+    }
+
+    /*
+     * protect plaintext, then compare with ciphertext
+     */
+    len = 28;
+    status = srtp_protect(srtp_snd, srtp_plaintext, &len);
+    if (status || (len != 38)) {
+        return srtp_err_status_fail;
+    }
+
+    debug_print(mod_driver, "ciphertext:\n  %s",
+                octet_string_hex_string(srtp_plaintext, len));
+    debug_print(mod_driver, "ciphertext reference:\n  %s",
+                octet_string_hex_string(srtp_ciphertext, len));
+
+    if (srtp_octet_string_is_eq(srtp_plaintext, srtp_ciphertext, len)) {
+        return srtp_err_status_fail;
+    }
+
+    /*
+     * protect plaintext rtcp, then compare with srtcp ciphertext
+     */
+    len = 24;
+    status = srtp_protect_rtcp(srtp_snd, rtcp_plaintext, &len);
+    if (status || (len != 38)) {
+        return srtp_err_status_fail;
+    }
+
+    debug_print(mod_driver, "srtcp ciphertext:\n  %s",
+                octet_string_hex_string(rtcp_plaintext, len));
+    debug_print(mod_driver, "srtcp ciphertext reference:\n  %s",
+                octet_string_hex_string(srtcp_ciphertext, len));
+
+    if (srtp_octet_string_is_eq(rtcp_plaintext, srtcp_ciphertext, len)) {
+        return srtp_err_status_fail;
+    }
+
+    /*
+     * create a receiver session context comparable to the one created
+     * above - we need to do this so that the replay checking doesn't
+     * complain
+     */
+    status = srtp_create(&srtp_recv, &policy);
+    if (status) {
+        return status;
+    }
+
+    /*
+     * unprotect ciphertext, then compare with plaintext
+     */
+    status = srtp_unprotect(srtp_recv, srtp_ciphertext, &len);
+    if (status || (len != 28)) {
+        return status;
+    }
+
+    if (srtp_octet_string_is_eq(srtp_ciphertext, srtp_plaintext_ref, len)) {
+        return srtp_err_status_fail;
+    }
+
+    /*
+     * unprotect srtcp ciphertext, then compare with rtcp plaintext
+     */
+    len = 38;
+    status = srtp_unprotect_rtcp(srtp_recv, srtcp_ciphertext, &len);
+    if (status || (len != 24)) {
+        return status;
+    }
+
+    if (srtp_octet_string_is_eq(srtcp_ciphertext, rtcp_plaintext_ref, len)) {
+        return srtp_err_status_fail;
+    }
+
+    status = srtp_dealloc(srtp_snd);
+    if (status) {
+        return status;
+    }
+
+    status = srtp_dealloc(srtp_recv);
+    if (status) {
+        return status;
+    }
+
+    return srtp_err_status_ok;
+}
+
+#ifdef GCM
+/*
+ * srtp_validate_gcm() verifies the correctness of libsrtp by comparing
+ * an computed packet against the known ciphertext for the plaintext.
+ */
+srtp_err_status_t srtp_validate_gcm()
+{
+    // clang-format off
+    unsigned char test_key_gcm[28] = {
+        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+        0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+        0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
+        0xa8, 0xa9, 0xaa, 0xab
+    };
+    uint8_t rtp_plaintext_ref[28] = {
+        0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
+        0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab,
+        0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+        0xab, 0xab, 0xab, 0xab
+    };
+    uint8_t rtp_plaintext[44] = {
+        0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
+        0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab,
+        0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+        0xab, 0xab, 0xab, 0xab, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00
+    };
+    uint8_t srtp_ciphertext[44] = {
+        0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
+        0xca, 0xfe, 0xba, 0xbe, 0xc5, 0x00, 0x2e, 0xde,
+        0x04, 0xcf, 0xdd, 0x2e, 0xb9, 0x11, 0x59, 0xe0,
+        0x88, 0x0a, 0xa0, 0x6e, 0xd2, 0x97, 0x68, 0x26,
+        0xf7, 0x96, 0xb2, 0x01, 0xdf, 0x31, 0x31, 0xa1,
+        0x27, 0xe8, 0xa3, 0x92
+    };
+    uint8_t rtcp_plaintext_ref[24] = {
+        0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe,
+        0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+        0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+    };
+    uint8_t rtcp_plaintext[44] = {
+        0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe,
+        0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+        0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00
+    };
+    uint8_t srtcp_ciphertext[44] = {
+        0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe,
+        0xc9, 0x8b, 0x8b, 0x5d, 0xf0, 0x39, 0x2a, 0x55,
+        0x85, 0x2b, 0x6c, 0x21, 0xac, 0x8e, 0x70, 0x25,
+        0xc5, 0x2c, 0x6f, 0xbe, 0xa2, 0xb3, 0xb4, 0x46,
+        0xea, 0x31, 0x12, 0x3b, 0xa8, 0x8c, 0xe6, 0x1e,
+        0x80, 0x00, 0x00, 0x01
+    };
+    // clang-format on
+
+    srtp_t srtp_snd, srtp_recv;
+    srtp_err_status_t status;
+    int len;
+    srtp_policy_t policy;
+
+    /*
+     * create a session with a single stream using the default srtp
+     * policy and with the SSRC value 0xcafebabe
+     */
+    memset(&policy, 0, sizeof(policy));
+    srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtp);
+    srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtcp);
+    policy.ssrc.type = ssrc_specific;
+    policy.ssrc.value = 0xcafebabe;
+    policy.key = test_key_gcm;
+    policy.ekt = NULL;
+    policy.window_size = 128;
+    policy.allow_repeat_tx = 0;
+    policy.next = NULL;
+
+    status = srtp_create(&srtp_snd, &policy);
+    if (status) {
+        return status;
+    }
+
+    /*
+     * protect plaintext rtp, then compare with srtp ciphertext
+     */
+    len = 28;
+    status = srtp_protect(srtp_snd, rtp_plaintext, &len);
+    if (status || (len != 44)) {
+        return srtp_err_status_fail;
+    }
+
+    debug_print(mod_driver, "srtp ciphertext:\n  %s",
+                octet_string_hex_string(rtp_plaintext, len));
+    debug_print(mod_driver, "srtp ciphertext reference:\n  %s",
+                octet_string_hex_string(srtp_ciphertext, len));
+
+    if (srtp_octet_string_is_eq(rtp_plaintext, srtp_ciphertext, len)) {
+        return srtp_err_status_fail;
+    }
+
+    /*
+     * protect plaintext rtcp, then compare with srtcp ciphertext
+     */
+    len = 24;
+    status = srtp_protect_rtcp(srtp_snd, rtcp_plaintext, &len);
+    if (status || (len != 44)) {
+        return srtp_err_status_fail;
+    }
+
+    debug_print(mod_driver, "srtcp ciphertext:\n  %s",
+                octet_string_hex_string(rtcp_plaintext, len));
+    debug_print(mod_driver, "srtcp ciphertext reference:\n  %s",
+                octet_string_hex_string(srtcp_ciphertext, len));
+
+    if (srtp_octet_string_is_eq(rtcp_plaintext, srtcp_ciphertext, len)) {
+        return srtp_err_status_fail;
+    }
+
+    /*
+     * create a receiver session context comparable to the one created
+     * above - we need to do this so that the replay checking doesn't
+     * complain
+     */
+    status = srtp_create(&srtp_recv, &policy);
+    if (status) {
+        return status;
+    }
+
+    /*
+     * unprotect srtp ciphertext, then compare with rtp plaintext
+     */
+    len = 44;
+    status = srtp_unprotect(srtp_recv, srtp_ciphertext, &len);
+    if (status || (len != 28)) {
+        return status;
+    }
+
+    if (srtp_octet_string_is_eq(srtp_ciphertext, rtp_plaintext_ref, len)) {
+        return srtp_err_status_fail;
+    }
+
+    /*
+     * unprotect srtcp ciphertext, then compare with rtcp plaintext
+     */
+    len = 44;
+    status = srtp_unprotect_rtcp(srtp_recv, srtcp_ciphertext, &len);
+    if (status || (len != 24)) {
+        return status;
+    }
+
+    if (srtp_octet_string_is_eq(srtcp_ciphertext, rtcp_plaintext_ref, len)) {
+        return srtp_err_status_fail;
+    }
+
+    status = srtp_dealloc(srtp_snd);
+    if (status) {
+        return status;
+    }
+
+    status = srtp_dealloc(srtp_recv);
+    if (status) {
+        return status;
+    }
+
+    return srtp_err_status_ok;
+}
+#endif
+
+/*
+ * Test vectors taken from RFC 6904, Appendix A
+ */
+srtp_err_status_t srtp_validate_encrypted_extensions_headers()
+{
+    // clang-format off
+    unsigned char test_key_ext_headers[30] = {
+        0xe1, 0xf9, 0x7a, 0x0d, 0x3e, 0x01, 0x8b, 0xe0,
+        0xd6, 0x4f, 0xa3, 0x2c, 0x06, 0xde, 0x41, 0x39,
+        0x0e, 0xc6, 0x75, 0xad, 0x49, 0x8a, 0xfe, 0xeb,
+        0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6
+    };
+    uint8_t srtp_plaintext_ref[56] = {
+        0x90, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
+        0xca, 0xfe, 0xba, 0xbe, 0xBE, 0xDE, 0x00, 0x06,
+        0x17, 0x41, 0x42, 0x73, 0xA4, 0x75, 0x26, 0x27,
+        0x48, 0x22, 0x00, 0x00, 0xC8, 0x30, 0x8E, 0x46,
+        0x55, 0x99, 0x63, 0x86, 0xB3, 0x95, 0xFB, 0x00,
+        0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+        0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab
+    };
+    uint8_t srtp_plaintext[66] = {
+        0x90, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
+        0xca, 0xfe, 0xba, 0xbe, 0xBE, 0xDE, 0x00, 0x06,
+        0x17, 0x41, 0x42, 0x73, 0xA4, 0x75, 0x26, 0x27,
+        0x48, 0x22, 0x00, 0x00, 0xC8, 0x30, 0x8E, 0x46,
+        0x55, 0x99, 0x63, 0x86, 0xB3, 0x95, 0xFB, 0x00,
+        0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+        0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00
+    };
+    uint8_t srtp_ciphertext[66] = {
+        0x90, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
+        0xca, 0xfe, 0xba, 0xbe, 0xBE, 0xDE, 0x00, 0x06,
+        0x17, 0x58, 0x8A, 0x92, 0x70, 0xF4, 0xE1, 0x5E,
+        0x1C, 0x22, 0x00, 0x00, 0xC8, 0x30, 0x95, 0x46,
+        0xA9, 0x94, 0xF0, 0xBC, 0x54, 0x78, 0x97, 0x00,
+        0x4e, 0x55, 0xdc, 0x4c, 0xe7, 0x99, 0x78, 0xd8,
+        0x8c, 0xa4, 0xd2, 0x15, 0x94, 0x9d, 0x24, 0x02,
+        0x5a, 0x46, 0xb3, 0xca, 0x35, 0xc5, 0x35, 0xa8,
+        0x91, 0xc7
+    };
+    // clang-format on
+
+    srtp_t srtp_snd, srtp_recv;
+    srtp_err_status_t status;
+    int len;
+    srtp_policy_t policy;
+    int headers[3] = { 1, 3, 4 };
+
+    /*
+     * create a session with a single stream using the default srtp
+     * policy and with the SSRC value 0xcafebabe
+     */
+    memset(&policy, 0, sizeof(policy));
+    srtp_crypto_policy_set_rtp_default(&policy.rtp);
+    srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
+    policy.ssrc.type = ssrc_specific;
+    policy.ssrc.value = 0xcafebabe;
+    policy.key = test_key_ext_headers;
+    policy.ekt = NULL;
+    policy.window_size = 128;
+    policy.allow_repeat_tx = 0;
+    policy.enc_xtn_hdr = headers;
+    policy.enc_xtn_hdr_count = sizeof(headers) / sizeof(headers[0]);
+    policy.next = NULL;
+
+    status = srtp_create(&srtp_snd, &policy);
+    if (status)
+        return status;
+
+    /*
+     * protect plaintext, then compare with ciphertext
+     */
+    len = sizeof(srtp_plaintext_ref);
+    status = srtp_protect(srtp_snd, srtp_plaintext, &len);
+    if (status || (len != sizeof(srtp_plaintext)))
+        return srtp_err_status_fail;
+
+    debug_print(mod_driver, "ciphertext:\n  %s",
+                srtp_octet_string_hex_string(srtp_plaintext, len));
+    debug_print(mod_driver, "ciphertext reference:\n  %s",
+                srtp_octet_string_hex_string(srtp_ciphertext, len));
+
+    if (srtp_octet_string_is_eq(srtp_plaintext, srtp_ciphertext, len))
+        return srtp_err_status_fail;
+
+    /*
+     * create a receiver session context comparable to the one created
+     * above - we need to do this so that the replay checking doesn't
+     * complain
+     */
+    status = srtp_create(&srtp_recv, &policy);
+    if (status)
+        return status;
+
+    /*
+     * unprotect ciphertext, then compare with plaintext
+     */
+    status = srtp_unprotect(srtp_recv, srtp_ciphertext, &len);
+    if (status) {
+        return status;
+    } else if (len != sizeof(srtp_plaintext_ref)) {
+        return srtp_err_status_fail;
+    }
+
+    if (srtp_octet_string_is_eq(srtp_ciphertext, srtp_plaintext_ref, len))
+        return srtp_err_status_fail;
+
+    status = srtp_dealloc(srtp_snd);
+    if (status)
+        return status;
+
+    status = srtp_dealloc(srtp_recv);
+    if (status)
+        return status;
+
+    return srtp_err_status_ok;
+}
+
+#ifdef GCM
+
+/*
+ * Headers of test vectors taken from RFC 6904, Appendix A
+ */
+srtp_err_status_t srtp_validate_encrypted_extensions_headers_gcm()
+{
+    // clang-format off
+    unsigned char test_key_ext_headers[30] = {
+        0xe1, 0xf9, 0x7a, 0x0d, 0x3e, 0x01, 0x8b, 0xe0,
+        0xd6, 0x4f, 0xa3, 0x2c, 0x06, 0xde, 0x41, 0x39,
+        0x0e, 0xc6, 0x75, 0xad, 0x49, 0x8a, 0xfe, 0xeb,
+        0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6
+    };
+    uint8_t srtp_plaintext_ref[56] = {
+        0x90, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
+        0xca, 0xfe, 0xba, 0xbe, 0xBE, 0xDE, 0x00, 0x06,
+        0x17, 0x41, 0x42, 0x73, 0xA4, 0x75, 0x26, 0x27,
+        0x48, 0x22, 0x00, 0x00, 0xC8, 0x30, 0x8E, 0x46,
+        0x55, 0x99, 0x63, 0x86, 0xB3, 0x95, 0xFB, 0x00,
+        0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+        0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab
+    };
+    uint8_t srtp_plaintext[64] = {
+        0x90, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
+        0xca, 0xfe, 0xba, 0xbe, 0xBE, 0xDE, 0x00, 0x06,
+        0x17, 0x41, 0x42, 0x73, 0xA4, 0x75, 0x26, 0x27,
+        0x48, 0x22, 0x00, 0x00, 0xC8, 0x30, 0x8E, 0x46,
+        0x55, 0x99, 0x63, 0x86, 0xB3, 0x95, 0xFB, 0x00,
+        0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+        0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+    };
+    uint8_t srtp_ciphertext[64] = {
+        0x90, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
+        0xca, 0xfe, 0xba, 0xbe, 0xBE, 0xDE, 0x00, 0x06,
+        0x17, 0x12, 0xe0, 0x20, 0x5b, 0xfa, 0x94, 0x9b,
+        0x1C, 0x22, 0x00, 0x00, 0xC8, 0x30, 0xbb, 0x46,
+        0x73, 0x27, 0x78, 0xd9, 0x92, 0x9a, 0xab, 0x00,
+        0x0e, 0xca, 0x0c, 0xf9, 0x5e, 0xe9, 0x55, 0xb2,
+        0x6c, 0xd3, 0xd2, 0x88, 0xb4, 0x9f, 0x6c, 0xa9,
+        0xf4, 0xb1, 0xb7, 0x59, 0x71, 0x9e, 0xb5, 0xbc
+    };
+    // clang-format on
+
+    srtp_t srtp_snd, srtp_recv;
+    srtp_err_status_t status;
+    int len;
+    srtp_policy_t policy;
+    int headers[3] = { 1, 3, 4 };
+
+    /*
+     * create a session with a single stream using the default srtp
+     * policy and with the SSRC value 0xcafebabe
+     */
+    memset(&policy, 0, sizeof(policy));
+    srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtp);
+    srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtcp);
+    policy.ssrc.type = ssrc_specific;
+    policy.ssrc.value = 0xcafebabe;
+    policy.key = test_key_ext_headers;
+    policy.ekt = NULL;
+    policy.window_size = 128;
+    policy.allow_repeat_tx = 0;
+    policy.enc_xtn_hdr = headers;
+    policy.enc_xtn_hdr_count = sizeof(headers) / sizeof(headers[0]);
+    policy.next = NULL;
+
+    status = srtp_create(&srtp_snd, &policy);
+    if (status)
+        return status;
+
+    /*
+     * protect plaintext, then compare with ciphertext
+     */
+    len = sizeof(srtp_plaintext_ref);
+    status = srtp_protect(srtp_snd, srtp_plaintext, &len);
+    if (status || (len != sizeof(srtp_plaintext)))
+        return srtp_err_status_fail;
+
+    debug_print(mod_driver, "ciphertext:\n  %s",
+                srtp_octet_string_hex_string(srtp_plaintext, len));
+    debug_print(mod_driver, "ciphertext reference:\n  %s",
+                srtp_octet_string_hex_string(srtp_ciphertext, len));
+
+    if (srtp_octet_string_is_eq(srtp_plaintext, srtp_ciphertext, len))
+        return srtp_err_status_fail;
+
+    /*
+     * create a receiver session context comparable to the one created
+     * above - we need to do this so that the replay checking doesn't
+     * complain
+     */
+    status = srtp_create(&srtp_recv, &policy);
+    if (status)
+        return status;
+
+    /*
+     * unprotect ciphertext, then compare with plaintext
+     */
+    status = srtp_unprotect(srtp_recv, srtp_ciphertext, &len);
+    if (status) {
+        return status;
+    } else if (len != sizeof(srtp_plaintext_ref)) {
+        return srtp_err_status_fail;
+    }
+
+    if (srtp_octet_string_is_eq(srtp_ciphertext, srtp_plaintext_ref, len))
+        return srtp_err_status_fail;
+
+    status = srtp_dealloc(srtp_snd);
+    if (status)
+        return status;
+
+    status = srtp_dealloc(srtp_recv);
+    if (status)
+        return status;
+
+    return srtp_err_status_ok;
+}
+#endif
+
+/*
+ * srtp_validate_aes_256() verifies the correctness of libsrtp by comparing
+ * some computed packets against some pre-computed reference values.
+ * These packets were made with the AES-CM-256/HMAC-SHA-1-80 policy.
+ */
+
+srtp_err_status_t srtp_validate_aes_256()
+{
+    // clang-format off
+    unsigned char aes_256_test_key[46] = {
+        0xf0, 0xf0, 0x49, 0x14, 0xb5, 0x13, 0xf2, 0x76,
+        0x3a, 0x1b, 0x1f, 0xa1, 0x30, 0xf1, 0x0e, 0x29,
+        0x98, 0xf6, 0xf6, 0xe4, 0x3e, 0x43, 0x09, 0xd1,
+        0xe6, 0x22, 0xa0, 0xe3, 0x32, 0xb9, 0xf1, 0xb6,
+
+        0x3b, 0x04, 0x80, 0x3d, 0xe5, 0x1e, 0xe7, 0xc9,
+        0x64, 0x23, 0xab, 0x5b, 0x78, 0xd2
+    };
+    uint8_t srtp_plaintext_ref[28] = {
+        0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
+        0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab,
+        0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+        0xab, 0xab, 0xab, 0xab
+    };
+    uint8_t srtp_plaintext[38] = {
+        0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
+        0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab,
+        0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+        0xab, 0xab, 0xab, 0xab, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+    };
+    uint8_t srtp_ciphertext[38] = {
+        0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
+        0xca, 0xfe, 0xba, 0xbe, 0xf1, 0xd9, 0xde, 0x17,
+        0xff, 0x25, 0x1f, 0xf1, 0xaa, 0x00, 0x77, 0x74,
+        0xb0, 0xb4, 0xb4, 0x0d, 0xa0, 0x8d, 0x9d, 0x9a,
+        0x5b, 0x3a, 0x55, 0xd8, 0x87, 0x3b
+    };
+    // clang-format on
+
+    srtp_t srtp_snd, srtp_recv;
+    srtp_err_status_t status;
+    int len;
+    srtp_policy_t policy;
+
+    /*
+     * create a session with a single stream using the default srtp
+     * policy and with the SSRC value 0xcafebabe
+     */
+    memset(&policy, 0, sizeof(policy));
+    srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy.rtp);
+    srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy.rtcp);
+    policy.ssrc.type = ssrc_specific;
+    policy.ssrc.value = 0xcafebabe;
+    policy.key = aes_256_test_key;
+    policy.ekt = NULL;
+    policy.window_size = 128;
+    policy.allow_repeat_tx = 0;
+    policy.next = NULL;
+
+    status = srtp_create(&srtp_snd, &policy);
+    if (status) {
+        return status;
+    }
+
+    /*
+     * protect plaintext, then compare with ciphertext
+     */
+    len = 28;
+    status = srtp_protect(srtp_snd, srtp_plaintext, &len);
+    if (status || (len != 38)) {
+        return srtp_err_status_fail;
+    }
+
+    debug_print(mod_driver, "ciphertext:\n  %s",
+                octet_string_hex_string(srtp_plaintext, len));
+    debug_print(mod_driver, "ciphertext reference:\n  %s",
+                octet_string_hex_string(srtp_ciphertext, len));
+
+    if (srtp_octet_string_is_eq(srtp_plaintext, srtp_ciphertext, len)) {
+        return srtp_err_status_fail;
+    }
+
+    /*
+     * create a receiver session context comparable to the one created
+     * above - we need to do this so that the replay checking doesn't
+     * complain
+     */
+    status = srtp_create(&srtp_recv, &policy);
+    if (status) {
+        return status;
+    }
+
+    /*
+     * unprotect ciphertext, then compare with plaintext
+     */
+    status = srtp_unprotect(srtp_recv, srtp_ciphertext, &len);
+    if (status || (len != 28)) {
+        return status;
+    }
+
+    if (srtp_octet_string_is_eq(srtp_ciphertext, srtp_plaintext_ref, len)) {
+        return srtp_err_status_fail;
+    }
+
+    status = srtp_dealloc(srtp_snd);
+    if (status) {
+        return status;
+    }
+
+    status = srtp_dealloc(srtp_recv);
+    if (status) {
+        return status;
+    }
+
+    return srtp_err_status_ok;
+}
+
+srtp_err_status_t srtp_create_big_policy(srtp_policy_t **list)
+{
+    extern const srtp_policy_t *policy_array[];
+    srtp_policy_t *p, *tmp;
+    int i = 0;
+    uint32_t ssrc = 0;
+
+    /* sanity checking */
+    if ((list == NULL) || (policy_array[0] == NULL)) {
+        return srtp_err_status_bad_param;
+    }
+
+    /*
+     * loop over policy list, mallocing a new list and copying values
+     * into it (and incrementing the SSRC value as we go along)
+     */
+    tmp = NULL;
+    while (policy_array[i] != NULL) {
+        p = (srtp_policy_t *)malloc(sizeof(srtp_policy_t));
+        if (p == NULL) {
+            return srtp_err_status_bad_param;
+        }
+        memcpy(p, policy_array[i], sizeof(srtp_policy_t));
+        p->ssrc.type = ssrc_specific;
+        p->ssrc.value = ssrc++;
+        p->next = tmp;
+        tmp = p;
+        i++;
+    }
+    *list = p;
+
+    return srtp_err_status_ok;
+}
+
+srtp_err_status_t srtp_dealloc_big_policy(srtp_policy_t *list)
+{
+    srtp_policy_t *p, *next;
+
+    for (p = list; p != NULL; p = next) {
+        next = p->next;
+        free(p);
+    }
+
+    return srtp_err_status_ok;
+}
+
+srtp_err_status_t srtp_test_empty_payload()
+{
+    srtp_t srtp_snd, srtp_recv;
+    srtp_err_status_t status;
+    int len;
+    srtp_policy_t policy;
+    srtp_hdr_t *mesg;
+
+    /*
+     * create a session with a single stream using the default srtp
+     * policy and with the SSRC value 0xcafebabe
+     */
+    memset(&policy, 0, sizeof(policy));
+    srtp_crypto_policy_set_rtp_default(&policy.rtp);
+    srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
+    policy.ssrc.type = ssrc_specific;
+    policy.ssrc.value = 0xcafebabe;
+    policy.key = test_key;
+    policy.ekt = NULL;
+    policy.window_size = 128;
+    policy.allow_repeat_tx = 0;
+    policy.next = NULL;
+
+    status = srtp_create(&srtp_snd, &policy);
+    if (status) {
+        return status;
+    }
+
+    mesg = srtp_create_test_packet(0, policy.ssrc.value, &len);
+    if (mesg == NULL) {
+        return srtp_err_status_fail;
+    }
+
+    status = srtp_protect(srtp_snd, mesg, &len);
+    if (status) {
+        return status;
+    } else if (len != 12 + 10) {
+        return srtp_err_status_fail;
+    }
+
+    /*
+     * create a receiver session context comparable to the one created
+     * above - we need to do this so that the replay checking doesn't
+     * complain
+     */
+    status = srtp_create(&srtp_recv, &policy);
+    if (status) {
+        return status;
+    }
+
+    /*
+     * unprotect ciphertext, then compare with plaintext
+     */
+    status = srtp_unprotect(srtp_recv, mesg, &len);
+    if (status) {
+        return status;
+    } else if (len != 12) {
+        return srtp_err_status_fail;
+    }
+
+    status = srtp_dealloc(srtp_snd);
+    if (status) {
+        return status;
+    }
+
+    status = srtp_dealloc(srtp_recv);
+    if (status) {
+        return status;
+    }
+
+    free(mesg);
+
+    return srtp_err_status_ok;
+}
+
+#ifdef GCM
+srtp_err_status_t srtp_test_empty_payload_gcm()
+{
+    srtp_t srtp_snd, srtp_recv;
+    srtp_err_status_t status;
+    int len;
+    srtp_policy_t policy;
+    srtp_hdr_t *mesg;
+
+    /*
+     * create a session with a single stream using the default srtp
+     * policy and with the SSRC value 0xcafebabe
+     */
+    memset(&policy, 0, sizeof(policy));
+    srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtp);
+    srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtcp);
+    policy.ssrc.type = ssrc_specific;
+    policy.ssrc.value = 0xcafebabe;
+    policy.key = test_key;
+    policy.ekt = NULL;
+    policy.window_size = 128;
+    policy.allow_repeat_tx = 0;
+    policy.next = NULL;
+
+    status = srtp_create(&srtp_snd, &policy);
+    if (status) {
+        return status;
+    }
+
+    mesg = srtp_create_test_packet(0, policy.ssrc.value, &len);
+    if (mesg == NULL) {
+        return srtp_err_status_fail;
+    }
+
+    status = srtp_protect(srtp_snd, mesg, &len);
+    if (status) {
+        return status;
+    } else if (len != 12 + 8) {
+        return srtp_err_status_fail;
+    }
+
+    /*
+     * create a receiver session context comparable to the one created
+     * above - we need to do this so that the replay checking doesn't
+     * complain
+     */
+    status = srtp_create(&srtp_recv, &policy);
+    if (status) {
+        return status;
+    }
+
+    /*
+     * unprotect ciphertext, then compare with plaintext
+     */
+    status = srtp_unprotect(srtp_recv, mesg, &len);
+    if (status) {
+        return status;
+    } else if (len != 12) {
+        return srtp_err_status_fail;
+    }
+
+    status = srtp_dealloc(srtp_snd);
+    if (status) {
+        return status;
+    }
+
+    status = srtp_dealloc(srtp_recv);
+    if (status) {
+        return status;
+    }
+
+    free(mesg);
+
+    return srtp_err_status_ok;
+}
+#endif // GCM
+
+srtp_err_status_t srtp_test_remove_stream()
+{
+    srtp_err_status_t status;
+    srtp_policy_t *policy_list, policy;
+    srtp_t session;
+    srtp_stream_t stream;
+
+    /*
+     * srtp_get_stream() is a libSRTP internal function that we declare
+     * here so that we can use it to verify the correct operation of the
+     * library
+     */
+    extern srtp_stream_t srtp_get_stream(srtp_t srtp, uint32_t ssrc);
+
+    status = srtp_create_big_policy(&policy_list);
+    if (status) {
+        return status;
+    }
+
+    status = srtp_create(&session, policy_list);
+    if (status) {
+        return status;
+    }
+
+    /*
+     * check for false positives by trying to remove a stream that's not
+     * in the session
+     */
+    status = srtp_remove_stream(session, htonl(0xaaaaaaaa));
+    if (status != srtp_err_status_no_ctx) {
+        return srtp_err_status_fail;
+    }
+
+    /*
+     * check for false negatives by removing stream 0x1, then
+     * searching for streams 0x0 and 0x2
+     */
+    status = srtp_remove_stream(session, htonl(0x1));
+    if (status != srtp_err_status_ok) {
+        return srtp_err_status_fail;
+    }
+    stream = srtp_get_stream(session, htonl(0x0));
+    if (stream == NULL) {
+        return srtp_err_status_fail;
+    }
+    stream = srtp_get_stream(session, htonl(0x2));
+    if (stream == NULL) {
+        return srtp_err_status_fail;
+    }
+
+    status = srtp_dealloc(session);
+    if (status != srtp_err_status_ok) {
+        return status;
+    }
+
+    status = srtp_dealloc_big_policy(policy_list);
+    if (status != srtp_err_status_ok) {
+        return status;
+    }
+
+    /* Now test adding and removing a single stream */
+    memset(&policy, 0, sizeof(policy));
+    srtp_crypto_policy_set_rtp_default(&policy.rtp);
+    srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
+    policy.ssrc.type = ssrc_specific;
+    policy.ssrc.value = 0xcafebabe;
+    policy.key = test_key;
+    policy.ekt = NULL;
+    policy.window_size = 128;
+    policy.allow_repeat_tx = 0;
+    policy.next = NULL;
+
+    status = srtp_create(&session, NULL);
+    if (status != srtp_err_status_ok) {
+        return status;
+    }
+
+    status = srtp_add_stream(session, &policy);
+    if (status != srtp_err_status_ok) {
+        return status;
+    }
+
+    status = srtp_remove_stream(session, htonl(0xcafebabe));
+    if (status != srtp_err_status_ok) {
+        return status;
+    }
+
+    status = srtp_dealloc(session);
+    if (status != srtp_err_status_ok) {
+        return status;
+    }
+
+    return srtp_err_status_ok;
+}
+
+// clang-format off
+unsigned char test_alt_key[46] = {
+  0xe5, 0x19, 0x6f, 0x01, 0x5e, 0xf1, 0x9b, 0xe1,
+  0xd7, 0x47, 0xa7, 0x27, 0x07, 0xd7, 0x47, 0x33,
+  0x01, 0xc2, 0x35, 0x4d, 0x59, 0x6a, 0xf7, 0x84,
+  0x96, 0x98, 0xeb, 0xaa, 0xac, 0xf6, 0xa1, 0x45,
+  0xc7, 0x15, 0xe2, 0xea, 0xfe, 0x55, 0x67, 0x96,
+  0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6
+};
+// clang-format on
+
+/*
+ * srtp_test_update() verifies updating/rekeying exsisting streams.
+ * As stated in https://tools.ietf.org/html/rfc3711#section-3.3.1
+ * the value of the ROC must not be reset after a rekey, this test
+ * atempts to prove that srtp_update does not reset the ROC.
+ */
+
+srtp_err_status_t srtp_test_update()
+{
+    srtp_err_status_t status;
+    uint32_t ssrc = 0x12121212;
+    int msg_len_octets = 32;
+    int protected_msg_len_octets;
+    srtp_hdr_t *msg;
+    srtp_t srtp_snd, srtp_recv;
+    srtp_policy_t policy;
+
+    memset(&policy, 0, sizeof(policy));
+    srtp_crypto_policy_set_rtp_default(&policy.rtp);
+    srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
+    policy.ekt = NULL;
+    policy.window_size = 128;
+    policy.allow_repeat_tx = 0;
+    policy.next = NULL;
+    policy.ssrc.type = ssrc_any_outbound;
+    policy.key = test_key;
+
+    /* create a send and recive ctx with defualt profile and test_key */
+    status = srtp_create(&srtp_recv, &policy);
+    if (status)
+        return status;
+
+    policy.ssrc.type = ssrc_any_inbound;
+    status = srtp_create(&srtp_snd, &policy);
+    if (status)
+        return status;
+
+    /* protect and unprotect two msg's that will cause the ROC to be equal to 1
+     */
+    msg = srtp_create_test_packet(msg_len_octets, ssrc,
+                                  &protected_msg_len_octets);
+    if (msg == NULL)
+        return srtp_err_status_alloc_fail;
+    msg->seq = htons(65535);
+
+    status = srtp_protect(srtp_snd, msg, &protected_msg_len_octets);
+    if (status)
+        return srtp_err_status_fail;
+
+    status = srtp_unprotect(srtp_recv, msg, &protected_msg_len_octets);
+    if (status)
+        return status;
+
+    free(msg);
+
+    msg = srtp_create_test_packet(msg_len_octets, ssrc,
+                                  &protected_msg_len_octets);
+    if (msg == NULL)
+        return srtp_err_status_alloc_fail;
+    msg->seq = htons(1);
+
+    status = srtp_protect(srtp_snd, msg, &protected_msg_len_octets);
+    if (status)
+        return srtp_err_status_fail;
+
+    status = srtp_unprotect(srtp_recv, msg, &protected_msg_len_octets);
+    if (status)
+        return status;
+
+    free(msg);
+
+    /* update send ctx with same test_key t verify update works*/
+    policy.ssrc.type = ssrc_any_outbound;
+    policy.key = test_key;
+    status = srtp_update(srtp_snd, &policy);
+    if (status)
+        return status;
+
+    msg = srtp_create_test_packet(msg_len_octets, ssrc,
+                                  &protected_msg_len_octets);
+    if (msg == NULL)
+        return srtp_err_status_alloc_fail;
+    msg->seq = htons(2);
+
+    status = srtp_protect(srtp_snd, msg, &protected_msg_len_octets);
+    if (status)
+        return srtp_err_status_fail;
+
+    status = srtp_unprotect(srtp_recv, msg, &protected_msg_len_octets);
+    if (status)
+        return status;
+
+    free(msg);
+
+    /* update send ctx to use test_alt_key */
+    policy.ssrc.type = ssrc_any_outbound;
+    policy.key = test_alt_key;
+    status = srtp_update(srtp_snd, &policy);
+    if (status)
+        return status;
+
+    /* create and protect msg with new key and ROC still equal to 1 */
+    msg = srtp_create_test_packet(msg_len_octets, ssrc,
+                                  &protected_msg_len_octets);
+    if (msg == NULL)
+        return srtp_err_status_alloc_fail;
+    msg->seq = htons(3);
+
+    status = srtp_protect(srtp_snd, msg, &protected_msg_len_octets);
+    if (status)
+        return srtp_err_status_fail;
+
+    /* verify that recive ctx will fail to unprotect as it still uses test_key
+     */
+    status = srtp_unprotect(srtp_recv, msg, &protected_msg_len_octets);
+    if (status == srtp_err_status_ok)
+        return srtp_err_status_fail;
+
+    /* create a new recvieve ctx with test_alt_key but since it is new it will
+     * have ROC equal to 1
+     * and therefore should fail to unprotected */
+    {
+        srtp_t srtp_recv_roc_0;
+
+        policy.ssrc.type = ssrc_any_inbound;
+        policy.key = test_alt_key;
+        status = srtp_create(&srtp_recv_roc_0, &policy);
+        if (status)
+            return status;
+
+        status =
+            srtp_unprotect(srtp_recv_roc_0, msg, &protected_msg_len_octets);
+        if (status == srtp_err_status_ok)
+            return srtp_err_status_fail;
+
+        status = srtp_dealloc(srtp_recv_roc_0);
+        if (status)
+            return status;
+    }
+
+    /* update recive ctx to use test_alt_key */
+    policy.ssrc.type = ssrc_any_inbound;
+    policy.key = test_alt_key;
+    status = srtp_update(srtp_recv, &policy);
+    if (status)
+        return status;
+
+    /* verify that can still unprotect, therfore key is updated and ROC value is
+     * preserved */
+    status = srtp_unprotect(srtp_recv, msg, &protected_msg_len_octets);
+    if (status)
+        return status;
+
+    free(msg);
+
+    status = srtp_dealloc(srtp_snd);
+    if (status)
+        return status;
+
+    status = srtp_dealloc(srtp_recv);
+    if (status)
+        return status;
+
+    return srtp_err_status_ok;
+}
+
+srtp_err_status_t srtp_test_setup_protect_trailer_streams(
+    srtp_t *srtp_send,
+    srtp_t *srtp_send_mki,
+    srtp_t *srtp_send_aes_gcm,
+    srtp_t *srtp_send_aes_gcm_mki)
+{
+    srtp_err_status_t status;
+    srtp_policy_t policy;
+    srtp_policy_t policy_mki;
+
+#ifdef GCM
+    srtp_policy_t policy_aes_gcm;
+    srtp_policy_t policy_aes_gcm_mki;
+#endif // GCM
+
+    memset(&policy, 0, sizeof(policy));
+    srtp_crypto_policy_set_rtp_default(&policy.rtp);
+    srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
+    policy.ekt = NULL;
+    policy.window_size = 128;
+    policy.allow_repeat_tx = 0;
+    policy.next = NULL;
+    policy.ssrc.type = ssrc_any_outbound;
+    policy.key = test_key;
+
+    memset(&policy_mki, 0, sizeof(policy_mki));
+    srtp_crypto_policy_set_rtp_default(&policy_mki.rtp);
+    srtp_crypto_policy_set_rtcp_default(&policy_mki.rtcp);
+    policy_mki.ekt = NULL;
+    policy_mki.window_size = 128;
+    policy_mki.allow_repeat_tx = 0;
+    policy_mki.next = NULL;
+    policy_mki.ssrc.type = ssrc_any_outbound;
+    policy_mki.key = NULL;
+    policy_mki.keys = test_keys;
+    policy_mki.num_master_keys = 2;
+
+#ifdef GCM
+    memset(&policy_aes_gcm, 0, sizeof(policy_aes_gcm));
+    srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy_aes_gcm.rtp);
+    srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy_aes_gcm.rtcp);
+    policy_aes_gcm.ekt = NULL;
+    policy_aes_gcm.window_size = 128;
+    policy_aes_gcm.allow_repeat_tx = 0;
+    policy_aes_gcm.next = NULL;
+    policy_aes_gcm.ssrc.type = ssrc_any_outbound;
+    policy_aes_gcm.key = test_key;
+
+    memset(&policy_aes_gcm_mki, 0, sizeof(policy_aes_gcm_mki));
+    srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy_aes_gcm_mki.rtp);
+    srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy_aes_gcm_mki.rtcp);
+    policy_aes_gcm_mki.ekt = NULL;
+    policy_aes_gcm_mki.window_size = 128;
+    policy_aes_gcm_mki.allow_repeat_tx = 0;
+    policy_aes_gcm_mki.next = NULL;
+    policy_aes_gcm_mki.ssrc.type = ssrc_any_outbound;
+    policy_aes_gcm_mki.key = NULL;
+    policy_aes_gcm_mki.keys = test_keys;
+    policy_aes_gcm_mki.num_master_keys = 2;
+#endif // GCM
+
+    /* create a send ctx with defualt profile and test_key */
+    status = srtp_create(srtp_send, &policy);
+    if (status)
+        return status;
+
+    status = srtp_create(srtp_send_mki, &policy_mki);
+    if (status)
+        return status;
+
+#ifdef GCM
+    status = srtp_create(srtp_send_aes_gcm, &policy_aes_gcm);
+    if (status)
+        return status;
+
+    status = srtp_create(srtp_send_aes_gcm_mki, &policy_aes_gcm_mki);
+    if (status)
+        return status;
+#endif // GCM
+
+    return srtp_err_status_ok;
+}
+
+srtp_err_status_t srtp_test_protect_trailer_length()
+{
+    srtp_t srtp_send;
+    srtp_t srtp_send_mki;
+    srtp_t srtp_send_aes_gcm;
+    srtp_t srtp_send_aes_gcm_mki;
+    uint32_t length = 0;
+    srtp_err_status_t status;
+
+    srtp_test_setup_protect_trailer_streams(
+        &srtp_send, &srtp_send_mki, &srtp_send_aes_gcm, &srtp_send_aes_gcm_mki);
+
+    status = srtp_get_protect_trailer_length(srtp_send, 0, 0, &length);
+    if (status)
+        return status;
+
+    /*  TAG Length: 10 bytes */
+    if (length != 10)
+        return srtp_err_status_fail;
+
+    status = srtp_get_protect_trailer_length(srtp_send_mki, 1, 1, &length);
+    if (status)
+        return status;
+
+    /*  TAG Length: 10 bytes + MKI length: 4 bytes*/
+    if (length != 14)
+        return srtp_err_status_fail;
+
+#ifdef GCM
+    status = srtp_get_protect_trailer_length(srtp_send_aes_gcm, 0, 0, &length);
+    if (status)
+        return status;
+
+    /*  TAG Length: 16 bytes */
+    if (length != 16)
+        return srtp_err_status_fail;
+
+    status =
+        srtp_get_protect_trailer_length(srtp_send_aes_gcm_mki, 1, 1, &length);
+    if (status)
+        return status;
+
+    /*  TAG Length: 16 bytes + MKI length: 4 bytes*/
+    if (length != 20)
+        return srtp_err_status_fail;
+#endif // GCM
+
+    srtp_dealloc(srtp_send);
+    srtp_dealloc(srtp_send_mki);
+#ifdef GCM
+    srtp_dealloc(srtp_send_aes_gcm);
+    srtp_dealloc(srtp_send_aes_gcm_mki);
+#endif
+
+    return srtp_err_status_ok;
+}
+
+srtp_err_status_t srtp_test_protect_rtcp_trailer_length()
+{
+    srtp_t srtp_send;
+    srtp_t srtp_send_mki;
+    srtp_t srtp_send_aes_gcm;
+    srtp_t srtp_send_aes_gcm_mki;
+    uint32_t length = 0;
+    srtp_err_status_t status;
+
+    srtp_test_setup_protect_trailer_streams(
+        &srtp_send, &srtp_send_mki, &srtp_send_aes_gcm, &srtp_send_aes_gcm_mki);
+
+    status = srtp_get_protect_rtcp_trailer_length(srtp_send, 0, 0, &length);
+    if (status)
+        return status;
+
+    /*  TAG Length: 10 bytes + SRTCP Trailer 4 bytes*/
+    if (length != 14)
+        return srtp_err_status_fail;
+
+    status = srtp_get_protect_rtcp_trailer_length(srtp_send_mki, 1, 1, &length);
+    if (status)
+        return status;
+
+    /*  TAG Length: 10 bytes + SRTCP Trailer 4 bytes + MKI 4 bytes*/
+    if (length != 18)
+        return srtp_err_status_fail;
+
+#ifdef GCM
+    status =
+        srtp_get_protect_rtcp_trailer_length(srtp_send_aes_gcm, 0, 0, &length);
+    if (status)
+        return status;
+
+    /*  TAG Length: 16 bytes + SRTCP Trailer 4 bytes*/
+    if (length != 20)
+        return srtp_err_status_fail;
+
+    status = srtp_get_protect_rtcp_trailer_length(srtp_send_aes_gcm_mki, 1, 1,
+                                                  &length);
+    if (status)
+        return status;
+
+    /*  TAG Length: 16 bytes + SRTCP Trailer 4 bytes + MKI 4 bytes*/
+    if (length != 24)
+        return srtp_err_status_fail;
+#endif // GCM
+
+    srtp_dealloc(srtp_send);
+    srtp_dealloc(srtp_send_mki);
+#ifdef GCM
+    srtp_dealloc(srtp_send_aes_gcm);
+    srtp_dealloc(srtp_send_aes_gcm_mki);
+#endif
+
+    return srtp_err_status_ok;
+}
+
+srtp_err_status_t srtp_test_get_roc()
+{
+    srtp_err_status_t status;
+    srtp_policy_t policy;
+    srtp_t session;
+    srtp_hdr_t *pkt;
+    uint32_t i;
+    uint32_t roc;
+    uint32_t ts;
+    uint16_t seq;
+
+    int msg_len_octets = 32;
+    int protected_msg_len_octets;
+
+    memset(&policy, 0, sizeof(policy));
+    srtp_crypto_policy_set_rtp_default(&policy.rtp);
+    srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
+    policy.ssrc.type = ssrc_specific;
+    policy.ssrc.value = 0xcafebabe;
+    policy.key = test_key;
+    policy.window_size = 128;
+
+    /* Create a sender session */
+    status = srtp_create(&session, &policy);
+    if (status) {
+        return status;
+    }
+
+    /* Set start sequence so we roll over */
+    seq = 65535;
+    ts = 0;
+
+    for (i = 0; i < 2; i++) {
+        pkt = srtp_create_test_packet_extended(msg_len_octets,
+                                               policy.ssrc.value, seq, ts,
+                                               &protected_msg_len_octets);
+        status = srtp_protect(session, pkt, &protected_msg_len_octets);
+        free(pkt);
+        if (status) {
+            return status;
+        }
+
+        status = srtp_get_stream_roc(session, policy.ssrc.value, &roc);
+        if (status) {
+            return status;
+        }
+
+        if (roc != i) {
+            return srtp_err_status_fail;
+        }
+
+        seq++;
+        ts++;
+    }
+
+    /* Cleanup */
+    status = srtp_dealloc(session);
+    if (status) {
+        return status;
+    }
+
+    return srtp_err_status_ok;
+}
+
+static srtp_err_status_t test_set_receiver_roc(uint32_t packets,
+                                               uint32_t roc_to_set)
+{
+    srtp_err_status_t status;
+
+    srtp_policy_t sender_policy;
+    srtp_t sender_session;
+
+    srtp_policy_t receiver_policy;
+    srtp_t receiver_session;
+
+    srtp_hdr_t *pkt_1;
+    unsigned char *recv_pkt_1;
+
+    srtp_hdr_t *pkt_2;
+    unsigned char *recv_pkt_2;
+
+    uint32_t i;
+    uint32_t ts;
+    uint16_t seq;
+
+    int msg_len_octets = 32;
+    int protected_msg_len_octets_1;
+    int protected_msg_len_octets_2;
+
+    /* Create sender */
+    memset(&sender_policy, 0, sizeof(sender_policy));
+    srtp_crypto_policy_set_rtp_default(&sender_policy.rtp);
+    srtp_crypto_policy_set_rtcp_default(&sender_policy.rtcp);
+    sender_policy.ssrc.type = ssrc_specific;
+    sender_policy.ssrc.value = 0xcafebabe;
+    sender_policy.key = test_key;
+    sender_policy.window_size = 128;
+
+    status = srtp_create(&sender_session, &sender_policy);
+    if (status) {
+        return status;
+    }
+
+    /* Create and protect packets */
+    seq = 0;
+    ts = 0;
+    for (i = 0; i < packets; i++) {
+        srtp_hdr_t *tmp_pkt;
+        int tmp_len;
+
+        tmp_pkt = srtp_create_test_packet_extended(
+            msg_len_octets, sender_policy.ssrc.value, seq, ts, &tmp_len);
+        status = srtp_protect(sender_session, tmp_pkt, &tmp_len);
+        free(tmp_pkt);
+        if (status) {
+            return status;
+        }
+
+        seq++;
+        ts++;
+    }
+
+    /* Create the first packet to decrypt and test for ROC change */
+    pkt_1 = srtp_create_test_packet_extended(msg_len_octets,
+                                             sender_policy.ssrc.value, seq, ts,
+                                             &protected_msg_len_octets_1);
+    status = srtp_protect(sender_session, pkt_1, &protected_msg_len_octets_1);
+    if (status) {
+        return status;
+    }
+
+    /* Create the second packet to decrypt and test for ROC change */
+    seq++;
+    ts++;
+    pkt_2 = srtp_create_test_packet_extended(msg_len_octets,
+                                             sender_policy.ssrc.value, seq, ts,
+                                             &protected_msg_len_octets_2);
+    status = srtp_protect(sender_session, pkt_2, &protected_msg_len_octets_2);
+    if (status) {
+        return status;
+    }
+
+    /* Create the receiver */
+    memset(&receiver_policy, 0, sizeof(receiver_policy));
+    srtp_crypto_policy_set_rtp_default(&receiver_policy.rtp);
+    srtp_crypto_policy_set_rtcp_default(&receiver_policy.rtcp);
+    receiver_policy.ssrc.type = ssrc_specific;
+    receiver_policy.ssrc.value = sender_policy.ssrc.value;
+    receiver_policy.key = test_key;
+    receiver_policy.window_size = 128;
+
+    status = srtp_create(&receiver_session, &receiver_policy);
+    if (status) {
+        return status;
+    }
+
+    /* Make a copy of the first sent protected packet */
+    recv_pkt_1 = malloc(protected_msg_len_octets_1);
+    if (recv_pkt_1 == NULL) {
+        return srtp_err_status_fail;
+    }
+    memcpy(recv_pkt_1, pkt_1, protected_msg_len_octets_1);
+
+    /* Make a copy of the second sent protected packet */
+    recv_pkt_2 = malloc(protected_msg_len_octets_2);
+    if (recv_pkt_2 == NULL) {
+        return srtp_err_status_fail;
+    }
+    memcpy(recv_pkt_2, pkt_2, protected_msg_len_octets_2);
+
+    /* Set the ROC to the wanted value */
+    status = srtp_set_stream_roc(receiver_session, receiver_policy.ssrc.value,
+                                 roc_to_set);
+    if (status) {
+        return status;
+    }
+
+    /* Unprotect the first packet */
+    status = srtp_unprotect(receiver_session, recv_pkt_1,
+                            &protected_msg_len_octets_1);
+    if (status) {
+        return status;
+    }
+
+    /* Unprotect the second packet */
+    status = srtp_unprotect(receiver_session, recv_pkt_2,
+                            &protected_msg_len_octets_2);
+    if (status) {
+        return status;
+    }
+
+    /* Cleanup */
+    status = srtp_dealloc(sender_session);
+    if (status) {
+        return status;
+    }
+
+    status = srtp_dealloc(receiver_session);
+    if (status) {
+        return status;
+    }
+
+    free(pkt_1);
+    free(recv_pkt_1);
+    free(pkt_2);
+    free(recv_pkt_2);
+
+    return srtp_err_status_ok;
+}
+
+static srtp_err_status_t test_set_sender_roc(uint16_t seq, uint32_t roc_to_set)
+{
+    srtp_err_status_t status;
+
+    srtp_policy_t sender_policy;
+    srtp_t sender_session;
+
+    srtp_policy_t receiver_policy;
+    srtp_t receiver_session;
+
+    srtp_hdr_t *pkt;
+    unsigned char *recv_pkt;
+
+    uint32_t ts;
+
+    int msg_len_octets = 32;
+    int protected_msg_len_octets;
+
+    /* Create sender */
+    memset(&sender_policy, 0, sizeof(sender_policy));
+    srtp_crypto_policy_set_rtp_default(&sender_policy.rtp);
+    srtp_crypto_policy_set_rtcp_default(&sender_policy.rtcp);
+    sender_policy.ssrc.type = ssrc_specific;
+    sender_policy.ssrc.value = 0xcafebabe;
+    sender_policy.key = test_key;
+    sender_policy.window_size = 128;
+
+    status = srtp_create(&sender_session, &sender_policy);
+    if (status) {
+        return status;
+    }
+
+    /* Set the ROC before encrypting the first packet */
+    status = srtp_set_stream_roc(sender_session, sender_policy.ssrc.value,
+                                 roc_to_set);
+    if (status != srtp_err_status_ok) {
+        return status;
+    }
+
+    /* Create the packet to decrypt */
+    ts = 0;
+    pkt = srtp_create_test_packet_extended(msg_len_octets,
+                                           sender_policy.ssrc.value, seq, ts,
+                                           &protected_msg_len_octets);
+    status = srtp_protect(sender_session, pkt, &protected_msg_len_octets);
+    if (status) {
+        return status;
+    }
+
+    /* Create the receiver */
+    memset(&receiver_policy, 0, sizeof(receiver_policy));
+    srtp_crypto_policy_set_rtp_default(&receiver_policy.rtp);
+    srtp_crypto_policy_set_rtcp_default(&receiver_policy.rtcp);
+    receiver_policy.ssrc.type = ssrc_specific;
+    receiver_policy.ssrc.value = sender_policy.ssrc.value;
+    receiver_policy.key = test_key;
+    receiver_policy.window_size = 128;
+
+    status = srtp_create(&receiver_session, &receiver_policy);
+    if (status) {
+        return status;
+    }
+
+    /* Make a copy of the sent protected packet */
+    recv_pkt = malloc(protected_msg_len_octets);
+    if (recv_pkt == NULL) {
+        return srtp_err_status_fail;
+    }
+    memcpy(recv_pkt, pkt, protected_msg_len_octets);
+
+    /* Set the ROC to the wanted value */
+    status = srtp_set_stream_roc(receiver_session, receiver_policy.ssrc.value,
+                                 roc_to_set);
+    if (status) {
+        return status;
+    }
+
+    status =
+        srtp_unprotect(receiver_session, recv_pkt, &protected_msg_len_octets);
+    if (status) {
+        return status;
+    }
+
+    /* Cleanup */
+    status = srtp_dealloc(sender_session);
+    if (status) {
+        return status;
+    }
+
+    status = srtp_dealloc(receiver_session);
+    if (status) {
+        return status;
+    }
+
+    free(pkt);
+    free(recv_pkt);
+
+    return srtp_err_status_ok;
+}
+
+srtp_err_status_t srtp_test_set_receiver_roc()
+{
+    int packets;
+    uint32_t roc;
+    srtp_err_status_t status;
+
+    /* First test does not rollover */
+    packets = 1;
+    roc = 0;
+
+    status = test_set_receiver_roc(packets - 1, roc);
+    if (status) {
+        return status;
+    }
+
+    status = test_set_receiver_roc(packets, roc);
+    if (status) {
+        return status;
+    }
+
+    status = test_set_receiver_roc(packets + 1, roc);
+    if (status) {
+        return status;
+    }
+
+    status = test_set_receiver_roc(packets + 60000, roc);
+    if (status) {
+        return status;
+    }
+
+    /* Second test should rollover */
+    packets = 65535;
+    roc = 0;
+
+    status = test_set_receiver_roc(packets - 1, roc);
+    if (status) {
+        return status;
+    }
+
+    status = test_set_receiver_roc(packets, roc);
+    if (status) {
+        return status;
+    }
+
+    /* Now the rollover counter should be 1 */
+    roc = 1;
+    status = test_set_receiver_roc(packets + 1, roc);
+    if (status) {
+        return status;
+    }
+
+    status = test_set_receiver_roc(packets + 60000, roc);
+    if (status) {
+        return status;
+    }
+
+    return srtp_err_status_ok;
+}
+
+srtp_err_status_t srtp_test_set_sender_roc()
+{
+    uint32_t roc;
+    uint16_t seq;
+    srtp_err_status_t status;
+
+    seq = 43210;
+    roc = 0;
+    status = test_set_sender_roc(seq, roc);
+    if (status) {
+        return status;
+    }
+
+    roc = 65535;
+    status = test_set_sender_roc(seq, roc);
+    if (status) {
+        return status;
+    }
+
+    roc = 0xffff;
+    status = test_set_sender_roc(seq, roc);
+    if (status) {
+        return status;
+    }
+
+    roc = 0xffff00;
+    status = test_set_sender_roc(seq, roc);
+    if (status) {
+        return status;
+    }
+
+    roc = 0xfffffff0;
+    status = test_set_sender_roc(seq, roc);
+    if (status) {
+        return status;
+    }
+
+    return srtp_err_status_ok;
+}
+
+/*
+ * srtp policy definitions - these definitions are used above
+ */
+
+// clang-format off
+unsigned char test_key[46] = {
+    0xe1, 0xf9, 0x7a, 0x0d, 0x3e, 0x01, 0x8b, 0xe0,
+    0xd6, 0x4f, 0xa3, 0x2c, 0x06, 0xde, 0x41, 0x39,
+    0x0e, 0xc6, 0x75, 0xad, 0x49, 0x8a, 0xfe, 0xeb,
+    0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6, 0xc1, 0x73,
+    0xc3, 0x17, 0xf2, 0xda, 0xbe, 0x35, 0x77, 0x93,
+    0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6
+};
+
+unsigned char test_key_2[46] = {
+    0xf0, 0xf0, 0x49, 0x14, 0xb5, 0x13, 0xf2, 0x76,
+    0x3a, 0x1b, 0x1f, 0xa1, 0x30, 0xf1, 0x0e, 0x29,
+    0x98, 0xf6, 0xf6, 0xe4, 0x3e, 0x43, 0x09, 0xd1,
+    0xe6, 0x22, 0xa0, 0xe3, 0x32, 0xb9, 0xf1, 0xb6,
+    0xc3, 0x17, 0xf2, 0xda, 0xbe, 0x35, 0x77, 0x93,
+    0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6
+};
+
+unsigned char test_mki_id[TEST_MKI_ID_SIZE] = {
+    0xe1, 0xf9, 0x7a, 0x0d
+};
+
+unsigned char test_mki_id_2[TEST_MKI_ID_SIZE] = {
+    0xf3, 0xa1, 0x46, 0x71
+};
+// clang-format on
+
+const srtp_policy_t default_policy = {
+    { ssrc_any_outbound, 0 }, /* SSRC */
+    {
+        /* SRTP policy */
+        SRTP_AES_ICM_128,               /* cipher type                 */
+        SRTP_AES_ICM_128_KEY_LEN_WSALT, /* cipher key length in octets */
+        SRTP_HMAC_SHA1,                 /* authentication func type    */
+        16,                             /* auth key length in octets   */
+        10,                             /* auth tag length in octets   */
+        sec_serv_conf_and_auth          /* security services flag      */
+    },
+    {
+        /* SRTCP policy */
+        SRTP_AES_ICM_128,               /* cipher type                 */
+        SRTP_AES_ICM_128_KEY_LEN_WSALT, /* cipher key length in octets */
+        SRTP_HMAC_SHA1,                 /* authentication func type    */
+        16,                             /* auth key length in octets   */
+        10,                             /* auth tag length in octets   */
+        sec_serv_conf_and_auth          /* security services flag      */
+    },
+    NULL,
+    (srtp_master_key_t **)test_keys,
+    2,    /* indicates the number of Master keys          */
+    NULL, /* indicates that EKT is not in use             */
+    128,  /* replay window size                           */
+    0,    /* retransmission not allowed                   */
+    NULL, /* no encrypted extension headers               */
+    0,    /* list of encrypted extension headers is empty */
+    NULL
+};
+
+const srtp_policy_t aes_only_policy = {
+    { ssrc_any_outbound, 0 }, /* SSRC                        */
+    {
+        SRTP_AES_ICM_128,               /* cipher type                 */
+        SRTP_AES_ICM_128_KEY_LEN_WSALT, /* cipher key length in octets */
+        SRTP_NULL_AUTH,                 /* authentication func type    */
+        0,                              /* auth key length in octets   */
+        0,                              /* auth tag length in octets   */
+        sec_serv_conf                   /* security services flag      */
+    },
+    {
+        SRTP_AES_ICM_128,               /* cipher type                 */
+        SRTP_AES_ICM_128_KEY_LEN_WSALT, /* cipher key length in octets */
+        SRTP_NULL_AUTH,                 /* authentication func type    */
+        0,                              /* auth key length in octets   */
+        0,                              /* auth tag length in octets   */
+        sec_serv_conf                   /* security services flag      */
+    },
+    NULL,
+    (srtp_master_key_t **)test_keys,
+    2,    /* indicates the number of Master keys          */
+    NULL, /* indicates that EKT is not in use             */
+    128,  /* replay window size                           */
+    0,    /* retransmission not allowed                   */
+    NULL, /* no encrypted extension headers               */
+    0,    /* list of encrypted extension headers is empty */
+    NULL
+};
+
+const srtp_policy_t hmac_only_policy = {
+    { ssrc_any_outbound, 0 }, /* SSRC */
+    {
+        SRTP_NULL_CIPHER, /* cipher type                 */
+        0,                /* cipher key length in octets */
+        SRTP_HMAC_SHA1,   /* authentication func type    */
+        20,               /* auth key length in octets   */
+        4,                /* auth tag length in octets   */
+        sec_serv_auth     /* security services flag      */
+    },
+    {
+        SRTP_NULL_CIPHER, /* cipher type                 */
+        0,                /* cipher key length in octets */
+        SRTP_HMAC_SHA1,   /* authentication func type    */
+        20,               /* auth key length in octets   */
+        4,                /* auth tag length in octets   */
+        sec_serv_auth     /* security services flag      */
+    },
+    NULL,
+    (srtp_master_key_t **)test_keys,
+    2,    /* Number of Master keys associated with the policy */
+    NULL, /* indicates that EKT is not in use                 */
+    128,  /* replay window size                               */
+    0,    /* retransmission not allowed                       */
+    NULL, /* no encrypted extension headers                   */
+    0,    /* list of encrypted extension headers is empty     */
+    NULL
+};
+
+#ifdef GCM
+const srtp_policy_t aes128_gcm_8_policy = {
+    { ssrc_any_outbound, 0 }, /* SSRC */
+    {
+        /* SRTP policy */
+        SRTP_AES_GCM_128,               /* cipher type                 */
+        SRTP_AES_GCM_128_KEY_LEN_WSALT, /* cipher key length in octets */
+        SRTP_NULL_AUTH,                 /* authentication func type    */
+        0,                              /* auth key length in octets   */
+        8,                              /* auth tag length in octets   */
+        sec_serv_conf_and_auth          /* security services flag      */
+    },
+    {
+        /* SRTCP policy */
+        SRTP_AES_GCM_128,               /* cipher type                 */
+        SRTP_AES_GCM_128_KEY_LEN_WSALT, /* cipher key length in octets */
+        SRTP_NULL_AUTH,                 /* authentication func type    */
+        0,                              /* auth key length in octets   */
+        8,                              /* auth tag length in octets   */
+        sec_serv_conf_and_auth          /* security services flag      */
+    },
+    NULL,
+    (srtp_master_key_t **)test_keys,
+    2,    /* indicates the number of Master keys          */
+    NULL, /* indicates that EKT is not in use             */
+    128,  /* replay window size                           */
+    0,    /* retransmission not allowed                   */
+    NULL, /* no encrypted extension headers               */
+    0,    /* list of encrypted extension headers is empty */
+    NULL
+};
+
+const srtp_policy_t aes128_gcm_8_cauth_policy = {
+    { ssrc_any_outbound, 0 }, /* SSRC */
+    {
+        /* SRTP policy */
+        SRTP_AES_GCM_128,               /* cipher type                 */
+        SRTP_AES_GCM_128_KEY_LEN_WSALT, /* cipher key length in octets */
+        SRTP_NULL_AUTH,                 /* authentication func type    */
+        0,                              /* auth key length in octets   */
+        8,                              /* auth tag length in octets   */
+        sec_serv_conf_and_auth          /* security services flag      */
+    },
+    {
+        /* SRTCP policy */
+        SRTP_AES_GCM_128,               /* cipher type                 */
+        SRTP_AES_GCM_128_KEY_LEN_WSALT, /* cipher key length in octets */
+        SRTP_NULL_AUTH,                 /* authentication func type    */
+        0,                              /* auth key length in octets   */
+        8,                              /* auth tag length in octets   */
+        sec_serv_auth                   /* security services flag      */
+    },
+    NULL,
+    (srtp_master_key_t **)test_keys,
+    2,    /* indicates the number of Master keys          */
+    NULL, /* indicates that EKT is not in use             */
+    128,  /* replay window size                           */
+    0,    /* retransmission not allowed                   */
+    NULL, /* no encrypted extension headers               */
+    0,    /* list of encrypted extension headers is empty */
+    NULL
+};
+
+const srtp_policy_t aes256_gcm_8_policy = {
+    { ssrc_any_outbound, 0 }, /* SSRC */
+    {
+        /* SRTP policy */
+        SRTP_AES_GCM_256,               /* cipher type                 */
+        SRTP_AES_GCM_256_KEY_LEN_WSALT, /* cipher key length in octets */
+        SRTP_NULL_AUTH,                 /* authentication func type    */
+        0,                              /* auth key length in octets   */
+        8,                              /* auth tag length in octets   */
+        sec_serv_conf_and_auth          /* security services flag      */
+    },
+    {
+        /* SRTCP policy */
+        SRTP_AES_GCM_256,               /* cipher type                 */
+        SRTP_AES_GCM_256_KEY_LEN_WSALT, /* cipher key length in octets */
+        SRTP_NULL_AUTH,                 /* authentication func type    */
+        0,                              /* auth key length in octets   */
+        8,                              /* auth tag length in octets   */
+        sec_serv_conf_and_auth          /* security services flag      */
+    },
+    NULL,
+    (srtp_master_key_t **)test_keys,
+    2,    /* indicates the number of Master keys          */
+    NULL, /* indicates that EKT is not in use             */
+    128,  /* replay window size                           */
+    0,    /* retransmission not allowed                   */
+    NULL, /* no encrypted extension headers               */
+    0,    /* list of encrypted extension headers is empty */
+    NULL
+};
+
+const srtp_policy_t aes256_gcm_8_cauth_policy = {
+    { ssrc_any_outbound, 0 }, /* SSRC */
+    {
+        /* SRTP policy */
+        SRTP_AES_GCM_256,               /* cipher type                 */
+        SRTP_AES_GCM_256_KEY_LEN_WSALT, /* cipher key length in octets */
+        SRTP_NULL_AUTH,                 /* authentication func type    */
+        0,                              /* auth key length in octets   */
+        8,                              /* auth tag length in octets   */
+        sec_serv_conf_and_auth          /* security services flag      */
+    },
+    {
+        /* SRTCP policy */
+        SRTP_AES_GCM_256,               /* cipher type                 */
+        SRTP_AES_GCM_256_KEY_LEN_WSALT, /* cipher key length in octets */
+        SRTP_NULL_AUTH,                 /* authentication func type    */
+        0,                              /* auth key length in octets   */
+        8,                              /* auth tag length in octets   */
+        sec_serv_auth                   /* security services flag      */
+    },
+    NULL,
+    (srtp_master_key_t **)test_keys,
+    2,    /* indicates the number of Master keys          */
+    NULL, /* indicates that EKT is not in use             */
+    128,  /* replay window size                           */
+    0,    /* retransmission not allowed                   */
+    NULL, /* no encrypted extension headers               */
+    0,    /* list of encrypted extension headers is empty */
+    NULL
+};
+#endif
+
+const srtp_policy_t null_policy = {
+    { ssrc_any_outbound, 0 }, /* SSRC */
+    {
+        SRTP_NULL_CIPHER, /* cipher type                 */
+        0,                /* cipher key length in octets */
+        SRTP_NULL_AUTH,   /* authentication func type    */
+        0,                /* auth key length in octets   */
+        0,                /* auth tag length in octets   */
+        sec_serv_none     /* security services flag      */
+    },
+    {
+        SRTP_NULL_CIPHER, /* cipher type                 */
+        0,                /* cipher key length in octets */
+        SRTP_NULL_AUTH,   /* authentication func type    */
+        0,                /* auth key length in octets   */
+        0,                /* auth tag length in octets   */
+        sec_serv_none     /* security services flag      */
+    },
+    NULL,
+    (srtp_master_key_t **)test_keys,
+    2,    /* indicates the number of Master keys          */
+    NULL, /* indicates that EKT is not in use             */
+    128,  /* replay window size                           */
+    0,    /* retransmission not allowed                   */
+    NULL, /* no encrypted extension headers               */
+    0,    /* list of encrypted extension headers is empty */
+    NULL
+};
+
+// clang-format off
+unsigned char test_256_key[46] = {
+    0xf0, 0xf0, 0x49, 0x14, 0xb5, 0x13, 0xf2, 0x76,
+    0x3a, 0x1b, 0x1f, 0xa1, 0x30, 0xf1, 0x0e, 0x29,
+    0x98, 0xf6, 0xf6, 0xe4, 0x3e, 0x43, 0x09, 0xd1,
+    0xe6, 0x22, 0xa0, 0xe3, 0x32, 0xb9, 0xf1, 0xb6,
+
+    0x3b, 0x04, 0x80, 0x3d, 0xe5, 0x1e, 0xe7, 0xc9,
+    0x64, 0x23, 0xab, 0x5b, 0x78, 0xd2
+};
+
+unsigned char test_256_key_2[46] = {
+    0xe1, 0xf9, 0x7a, 0x0d, 0x3e, 0x01, 0x8b, 0xe0,
+    0xd6, 0x4f, 0xa3, 0x2c, 0x06, 0xde, 0x41, 0x39,
+    0x0e, 0xc6, 0x75, 0xad, 0x49, 0x8a, 0xfe, 0xeb,
+    0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6, 0xc1, 0x73,
+    0x3b, 0x04, 0x80, 0x3d, 0xe5, 0x1e, 0xe7, 0xc9,
+    0x64, 0x23, 0xab, 0x5b, 0x78, 0xd2
+};
+
+srtp_master_key_t master_256_key_1 = {
+    test_256_key,
+    test_mki_id,
+    TEST_MKI_ID_SIZE
+};
+
+srtp_master_key_t master_256_key_2 = {
+    test_256_key_2,
+    test_mki_id_2,
+    TEST_MKI_ID_SIZE
+};
+
+srtp_master_key_t *test_256_keys[2] = {
+    &master_key_1,
+    &master_key_2
+};
+// clang-format on
+
+const srtp_policy_t aes_256_hmac_policy = {
+    { ssrc_any_outbound, 0 }, /* SSRC */
+    {
+        /* SRTP policy */
+        SRTP_AES_ICM_256,               /* cipher type                 */
+        SRTP_AES_ICM_256_KEY_LEN_WSALT, /* cipher key length in octets */
+        SRTP_HMAC_SHA1,                 /* authentication func type    */
+        20,                             /* auth key length in octets   */
+        10,                             /* auth tag length in octets   */
+        sec_serv_conf_and_auth          /* security services flag      */
+    },
+    {
+        /* SRTCP policy */
+        SRTP_AES_ICM_256,               /* cipher type                 */
+        SRTP_AES_ICM_256_KEY_LEN_WSALT, /* cipher key length in octets */
+        SRTP_HMAC_SHA1,                 /* authentication func type    */
+        20,                             /* auth key length in octets   */
+        10,                             /* auth tag length in octets   */
+        sec_serv_conf_and_auth          /* security services flag      */
+    },
+    NULL,
+    (srtp_master_key_t **)test_256_keys,
+    2,    /* indicates the number of Master keys          */
+    NULL, /* indicates that EKT is not in use             */
+    128,  /* replay window size                           */
+    0,    /* retransmission not allowed                   */
+    NULL, /* no encrypted extension headers               */
+    0,    /* list of encrypted extension headers is empty */
+    NULL
+};
+
+// clang-format off
+uint8_t ekt_test_key[16] = {
+    0x77, 0x26, 0x9d, 0xac, 0x16, 0xa3, 0x28, 0xca,
+    0x8e, 0xc9, 0x68, 0x4b, 0xcc, 0xc4, 0xd2, 0x1b
+};
+// clang-format on
+
+#include "ekt.h"
+
+// clang-format off
+srtp_ekt_policy_ctx_t ekt_test_policy = {
+    0xa5a5,                     /* SPI */
+    SRTP_EKT_CIPHER_AES_128_ECB,
+    ekt_test_key,
+    NULL
+};
+// clang-format on
+
+const srtp_policy_t hmac_only_with_ekt_policy = {
+    { ssrc_any_outbound, 0 }, /* SSRC */
+    {
+        SRTP_NULL_CIPHER, /* cipher type                 */
+        0,                /* cipher key length in octets */
+        SRTP_HMAC_SHA1,   /* authentication func type    */
+        20,               /* auth key length in octets   */
+        4,                /* auth tag length in octets   */
+        sec_serv_auth     /* security services flag      */
+    },
+    {
+        SRTP_NULL_CIPHER, /* cipher type                 */
+        0,                /* cipher key length in octets */
+        SRTP_HMAC_SHA1,   /* authentication func type    */
+        20,               /* auth key length in octets   */
+        4,                /* auth tag length in octets   */
+        sec_serv_auth     /* security services flag      */
+    },
+    NULL,
+    (srtp_master_key_t **)test_keys,
+    2,                /* indicates the number of Master keys          */
+    &ekt_test_policy, /* indicates that EKT is not in use             */
+    128,              /* replay window size                           */
+    0,                /* retransmission not allowed                   */
+    NULL,             /* no encrypted extension headers               */
+    0,                /* list of encrypted extension headers is empty */
+    NULL
+};
+
+/*
+ * an array of pointers to the policies listed above
+ *
+ * This array is used to test various aspects of libSRTP for
+ * different cryptographic policies.  The order of the elements
+ * matters - the timing test generates output that can be used
+ * in a plot (see the gnuplot script file 'timing').  If you
+ * add to this list, you should do it at the end.
+ */
+
+// clang-format off
+const srtp_policy_t *policy_array[] = {
+    &hmac_only_policy,
+    &aes_only_policy,
+    &default_policy,
+#ifdef GCM
+    &aes128_gcm_8_policy,
+    &aes128_gcm_8_cauth_policy,
+    &aes256_gcm_8_policy,
+    &aes256_gcm_8_cauth_policy,
+#endif
+    &null_policy,
+    &aes_256_hmac_policy,
+    &hmac_only_with_ekt_policy,
+    NULL
+};
+// clang-format on
+
+const srtp_policy_t wildcard_policy = {
+    { ssrc_any_outbound, 0 }, /* SSRC */
+    {
+        /* SRTP policy */
+        SRTP_AES_ICM_128,               /* cipher type                 */
+        SRTP_AES_ICM_128_KEY_LEN_WSALT, /* cipher key length in octets */
+        SRTP_HMAC_SHA1,                 /* authentication func type    */
+        16,                             /* auth key length in octets   */
+        10,                             /* auth tag length in octets   */
+        sec_serv_conf_and_auth          /* security services flag      */
+    },
+    {
+        /* SRTCP policy */
+        SRTP_AES_ICM_128,               /* cipher type                 */
+        SRTP_AES_ICM_128_KEY_LEN_WSALT, /* cipher key length in octets */
+        SRTP_HMAC_SHA1,                 /* authentication func type    */
+        16,                             /* auth key length in octets   */
+        10,                             /* auth tag length in octets   */
+        sec_serv_conf_and_auth          /* security services flag      */
+    },
+    test_key,
+    NULL,
+    0,
+    NULL,
+    128,  /* replay window size                           */
+    0,    /* retransmission not allowed                   */
+    NULL, /* no encrypted extension headers               */
+    0,    /* list of encrypted extension headers is empty */
+    NULL
+};
diff --git a/trunk/3rdparty/libsrtp-2-fit/test/test_srtp.c b/trunk/3rdparty/libsrtp-2-fit/test/test_srtp.c
new file mode 100644
index 000000000..0cea1f3c3
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/test/test_srtp.c
@@ -0,0 +1,185 @@
+/*
+ * test_srtp.c
+ *
+ * Unit tests for internal srtp functions
+ *
+ * Cisco Systems, Inc.
+ *
+ */
+
+/*
+ *
+ * Copyright (c) 2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+/*
+ * libSRTP specific.
+ */
+#include "../srtp/srtp.c" // Get access to static functions
+
+/*
+ * Test specific.
+ */
+#include "cutest.h"
+
+/*
+ * Standard library.
+ */
+
+/*
+ * Forward declarations for all tests.
+ */
+
+void srtp_calc_aead_iv_srtcp_all_zero_input_yield_zero_output(void);
+void srtp_calc_aead_iv_srtcp_seq_num_over_0x7FFFFFFF_bad_param(void);
+void srtp_calc_aead_iv_srtcp_distinct_iv_per_sequence_number(void);
+
+/*
+ * NULL terminated array of tests.
+ * The first item in the array is a char[] which give some information about
+ * what is being tested and is displayed to the user during runtime, the second
+ * item is the test function.
+ */
+
+TEST_LIST = { { "srtp_calc_aead_iv_srtcp_all_zero_input_yield_zero_output()",
+                srtp_calc_aead_iv_srtcp_all_zero_input_yield_zero_output },
+              { "srtp_calc_aead_iv_srtcp_seq_num_over_0x7FFFFFFF_bad_param()",
+                srtp_calc_aead_iv_srtcp_seq_num_over_0x7FFFFFFF_bad_param },
+              { "srtp_calc_aead_iv_srtcp_distinct_iv_per_sequence_number()",
+                srtp_calc_aead_iv_srtcp_distinct_iv_per_sequence_number },
+              { NULL } /* End of tests */ };
+
+/*
+ * Implementation.
+ */
+
+void srtp_calc_aead_iv_srtcp_all_zero_input_yield_zero_output()
+{
+    // Preconditions
+    srtp_session_keys_t session_keys;
+    v128_t init_vector;
+    srtcp_hdr_t header;
+    uint32_t sequence_num;
+
+    // Postconditions
+    srtp_err_status_t status;
+    const v128_t zero_vector;
+    memset((v128_t *)&zero_vector, 0, sizeof(v128_t));
+
+    // Given
+    memset(&session_keys, 0, sizeof(srtp_session_keys_t));
+    memset(&init_vector, 0, sizeof(v128_t));
+    memset(&header, 0, sizeof(srtcp_hdr_t));
+    sequence_num = 0x0UL;
+
+    // When
+    status = srtp_calc_aead_iv_srtcp(&session_keys, &init_vector, sequence_num,
+                                     &header);
+
+    // Then
+    TEST_CHECK(status == srtp_err_status_ok);
+    TEST_CHECK(memcmp(&zero_vector, &init_vector, sizeof(v128_t)) == 0);
+}
+
+void srtp_calc_aead_iv_srtcp_seq_num_over_0x7FFFFFFF_bad_param()
+{
+    // Preconditions
+    srtp_session_keys_t session_keys;
+    v128_t init_vector;
+    srtcp_hdr_t header;
+    uint32_t sequence_num;
+
+    // Postconditions
+    srtp_err_status_t status;
+
+    // Given
+    memset(&session_keys, 0, sizeof(srtp_session_keys_t));
+    memset(&init_vector, 0, sizeof(v128_t));
+    memset(&header, 0, sizeof(srtcp_hdr_t));
+    sequence_num = 0x7FFFFFFFUL + 0x1UL;
+
+    // When
+    status = srtp_calc_aead_iv_srtcp(&session_keys, &init_vector, sequence_num,
+                                     &header);
+
+    // Then
+    TEST_CHECK(status == srtp_err_status_bad_param);
+}
+
+/*
+ * Regression test for issue #256:
+ * Srtcp IV calculation incorrectly masks high bit of sequence number for
+ * little-endian platforms.
+ * Ensure that for each valid sequence number where the most significant bit is
+ * high that we get an expected and unique IV.
+ */
+void srtp_calc_aead_iv_srtcp_distinct_iv_per_sequence_number()
+{
+#define SAMPLE_COUNT (3)
+    // Preconditions
+    // Test each significant bit high in each full byte.
+    srtp_session_keys_t session_keys;
+    srtcp_hdr_t header;
+    v128_t output_iv[SAMPLE_COUNT];
+    uint32_t sequence_num[SAMPLE_COUNT];
+    v128_t final_iv[SAMPLE_COUNT];
+    size_t i = 0;
+    memset(&output_iv, 0, SAMPLE_COUNT * sizeof(v128_t));
+    sequence_num[0] = 0xFF;
+    sequence_num[1] = 0xFF00;
+    sequence_num[2] = 0xFF0000;
+
+    // Postconditions
+    memset(&final_iv, 0, SAMPLE_COUNT * sizeof(v128_t));
+    final_iv[0].v8[11] = 0xFF;
+    final_iv[1].v8[10] = 0xFF;
+    final_iv[2].v8[9] = 0xFF;
+
+    // Given
+    memset(&session_keys, 0, sizeof(srtp_session_keys_t));
+    memset(&header, 0, sizeof(srtcp_hdr_t));
+
+    // When
+    for (i = 0; i < SAMPLE_COUNT; i++) {
+        TEST_CHECK(srtp_calc_aead_iv_srtcp(&session_keys, &output_iv[i],
+                                           sequence_num[i],
+                                           &header) == srtp_err_status_ok);
+    }
+
+    // Then all IVs are as expected
+    for (i = 0; i < SAMPLE_COUNT; i++) {
+        TEST_CHECK(memcmp(&final_iv[i], &output_iv[i], sizeof(v128_t)) == 0);
+    }
+#undef SAMPLE_COUNT
+}
diff --git a/trunk/3rdparty/libsrtp-2-fit/test/util.c b/trunk/3rdparty/libsrtp-2-fit/test/util.c
new file mode 100644
index 000000000..2abc28e7f
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/test/util.c
@@ -0,0 +1,212 @@
+/*
+ * util.c
+ *
+ * Utilities used by the test apps
+ *
+ * John A. Foley
+ * Cisco Systems, Inc.
+ */
+/*
+ *
+ * Copyright (c) 2014-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include "config.h"
+#include "util.h"
+
+#include <string.h>
+#include <stdint.h>
+
+/* include space for null terminator */
+char bit_string[MAX_PRINT_STRING_LEN + 1];
+
+static inline int hex_char_to_nibble(uint8_t c)
+{
+    switch (c) {
+    case ('0'):
+        return 0x0;
+    case ('1'):
+        return 0x1;
+    case ('2'):
+        return 0x2;
+    case ('3'):
+        return 0x3;
+    case ('4'):
+        return 0x4;
+    case ('5'):
+        return 0x5;
+    case ('6'):
+        return 0x6;
+    case ('7'):
+        return 0x7;
+    case ('8'):
+        return 0x8;
+    case ('9'):
+        return 0x9;
+    case ('a'):
+        return 0xa;
+    case ('A'):
+        return 0xa;
+    case ('b'):
+        return 0xb;
+    case ('B'):
+        return 0xb;
+    case ('c'):
+        return 0xc;
+    case ('C'):
+        return 0xc;
+    case ('d'):
+        return 0xd;
+    case ('D'):
+        return 0xd;
+    case ('e'):
+        return 0xe;
+    case ('E'):
+        return 0xe;
+    case ('f'):
+        return 0xf;
+    case ('F'):
+        return 0xf;
+    default:
+        return -1; /* this flags an error */
+    }
+    /* NOTREACHED */
+    return -1; /* this keeps compilers from complaining */
+}
+
+uint8_t nibble_to_hex_char(uint8_t nibble)
+{
+    char buf[16] = { '0', '1', '2', '3', '4', '5', '6', '7',
+                     '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };
+
+    return buf[nibble & 0xF];
+}
+
+/*
+ * hex_string_to_octet_string converts a hexadecimal string
+ * of length 2 * len to a raw octet string of length len
+ */
+int hex_string_to_octet_string(char *raw, char *hex, int len)
+{
+    uint8_t x;
+    int tmp;
+    int hex_len;
+
+    hex_len = 0;
+    while (hex_len < len) {
+        tmp = hex_char_to_nibble(hex[0]);
+        if (tmp == -1) {
+            return hex_len;
+        }
+        x = (tmp << 4);
+        hex_len++;
+        tmp = hex_char_to_nibble(hex[1]);
+        if (tmp == -1) {
+            return hex_len;
+        }
+        x |= (tmp & 0xff);
+        hex_len++;
+        *raw++ = x;
+        hex += 2;
+    }
+    return hex_len;
+}
+
+char *octet_string_hex_string(const void *s, int length)
+{
+    const uint8_t *str = (const uint8_t *)s;
+    int i;
+
+    /* double length, since one octet takes two hex characters */
+    length *= 2;
+
+    /* truncate string if it would be too long */
+    if (length > MAX_PRINT_STRING_LEN) {
+        length = MAX_PRINT_STRING_LEN;
+    }
+
+    for (i = 0; i < length; i += 2) {
+        bit_string[i] = nibble_to_hex_char(*str >> 4);
+        bit_string[i + 1] = nibble_to_hex_char(*str++ & 0xF);
+    }
+    bit_string[i] = 0; /* null terminate string */
+    return bit_string;
+}
+
+static const char b64chars[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+                               "abcdefghijklmnopqrstuvwxyz0123456789+/";
+
+static int base64_block_to_octet_triple(char *out, char *in)
+{
+    unsigned char sextets[4] = { 0 };
+    int j = 0;
+    int i;
+
+    for (i = 0; i < 4; i++) {
+        char *p = strchr(b64chars, in[i]);
+        if (p != NULL) {
+            sextets[i] = p - b64chars;
+        } else {
+            j++;
+        }
+    }
+
+    out[0] = (sextets[0] << 2) | (sextets[1] >> 4);
+    if (j < 2) {
+        out[1] = (sextets[1] << 4) | (sextets[2] >> 2);
+    }
+    if (j < 1) {
+        out[2] = (sextets[2] << 6) | sextets[3];
+    }
+    return j;
+}
+
+int base64_string_to_octet_string(char *out, int *pad, char *in, int len)
+{
+    int k = 0;
+    int i = 0;
+    int j = 0;
+
+    if (len % 4 != 0) {
+        return 0;
+    }
+
+    while (i < len && j == 0) {
+        j = base64_block_to_octet_triple(out + k, in + i);
+        k += 3;
+        i += 4;
+    }
+    *pad = j;
+    return i;
+}
diff --git a/trunk/3rdparty/libsrtp-2-fit/test/util.h b/trunk/3rdparty/libsrtp-2-fit/test/util.h
new file mode 100644
index 000000000..d04b279b3
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/test/util.h
@@ -0,0 +1,53 @@
+/*
+ * util.h
+ *
+ * Utilities used by the test apps
+ *
+ * John A. Foley
+ * Cisco Systems, Inc.
+ */
+/*
+ *
+ * Copyright (c) 2014-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+#ifndef SRTP_TEST_UTIL_H
+#define SRTP_TEST_UTIL_H
+
+#define MAX_PRINT_STRING_LEN 1024
+
+int hex_string_to_octet_string(char *raw, char *hex, int len);
+char *octet_string_hex_string(const void *s, int length);
+int base64_string_to_octet_string(char *raw, int *pad, char *base64, int len);
+
+#endif
diff --git a/trunk/3rdparty/libsrtp-2-fit/test/words.txt b/trunk/3rdparty/libsrtp-2-fit/test/words.txt
new file mode 100644
index 000000000..fe99c2d46
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/test/words.txt
@@ -0,0 +1,250 @@
+abducing
+acidheads
+acidness
+actons
+admixtures
+affidavit
+agelastic
+alated
+alimentary
+alleviated
+allseed
+annexure
+arragonite
+atonements
+autacoid
+axe
+axon
+ayres
+beathing
+blazonry
+bottom
+braising
+brehon
+brindisi
+broadcasts
+buds
+bulnbulns
+bushcraft
+calamander
+calipee
+casing
+caveat
+chaffings
+citifies
+clappers
+claques
+clavate
+colonial
+colonials
+commonalty
+compares
+consequent
+consumed
+contango
+courtierly
+creamery
+cruddiest
+cue
+cultish
+cumin
+cyclus
+dahlias
+dentitions
+derailers
+devitrify
+dibs
+diphysite
+disjunes
+drolleries
+dubitated
+dupion
+earliness
+eductor
+elenctic
+empresses
+entames
+epaulettes
+epicanthic
+epochal
+estated
+eurhythmic
+exfoliated
+extremity
+fayence
+figgery
+flaming
+foes
+forelays
+forewings
+forfeits
+fratches
+gardened
+gentile
+glumpish
+glyph
+goatherd
+grow
+gulden
+gumming
+hackling
+hanapers
+hared
+hatters
+hectare
+hedger
+heel
+heterodox
+hidden
+histologic
+howe
+inglobe
+inliers
+inuredness
+iotacism
+japed
+jelled
+jiffy
+jollies
+judgeship
+karite
+kart
+kenophobia
+kittens
+lactarian
+lancets
+leasable
+leep
+leming
+licorice
+listing
+lividly
+lobectomy
+lysosome
+madders
+maderizing
+manacle
+mangels
+marshiest
+maulstick
+meliorates
+mercy
+mikados
+monarchise
+moultings
+mucro
+munnions
+mystic
+myxoedemic
+nointing
+nong
+nonsense
+ochidore
+octuor
+officering
+opaqued
+oragious
+outtell
+oxeye
+pads
+palamae
+pansophy
+parazoa
+pepsines
+perimetric
+pheasant
+phonotypy
+pitarah
+plaintful
+poinders
+poke
+politer
+poonces
+populism
+pouty
+praedial
+presence
+prompter
+pummelled
+punishing
+quippish
+radicality
+radiuses
+rebuffing
+recorded
+redips
+regulators
+replay
+retrocedes
+rigors
+risen
+rootstocks
+rotenone
+rudenesses
+ruggedest
+runabout
+ruthfully
+sagacious
+scapes
+sclera
+sclerotium
+scumbering
+secondi
+serial
+shampoo
+showed
+sights
+sirenised
+sized
+slave
+socle
+solidness
+some
+spetches
+spiels
+squiring
+staminode
+stay
+stewpot
+stunsails
+subhumid
+subprogram
+supawn
+surplusage
+swimming
+swineherd
+tabun
+talliths
+taroks
+tensed
+thinnings
+three
+tipper
+toko
+tomahawks
+tombolos
+torpefy
+torulae
+touns
+travails
+tsarist
+unbeseems
+unblamably
+unbooked
+unnailed
+updates
+valorise
+viability
+virtue
+vulturns
+vulvate
+warran
+weakness
+westernise
+whingeings
+wrenching
+written
+yak
+yate
+yaupon
+zendiks
diff --git a/trunk/3rdparty/libsrtp-2-fit/timing b/trunk/3rdparty/libsrtp-2-fit/timing
new file mode 100644
index 000000000..66b00c452
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/timing
@@ -0,0 +1 @@
+# timing.plt
# 
# gnuplot script file for plotting the output generated by srtp_driver -t
# 
# David A. McGrew
# Cisco Systems, Inc.
#
set xrange [0:2500]
set term pict "Times-Roman" 9
#
# plot authentication-only data
#
set title "Authentication Only"
set ylabel "Megabits per second"
set xlabel "Octets in packet"
set yrange [0:2000]
set output "plot-auth.pict"
plot "timing.dat" index 0 title "HMAC SHA1" with lines, "timing.dat" index 1 title "TMMH/AES" with lines, "timing.dat" index 2 title "TMMH/SEAL" with lines
#
# plot encryption-only data
#
set title "Encryption Only"
set ylabel "Megabits per second"
set xlabel "Octets in packet"
set output "plot-enc.pict"
set yrange [0:1200]
plot "timing.dat" index 3 title "SEAL" with lines, "timing.dat" index 4 title "AES ICM" with lines
#
# plot encryption and authentication data
#
set title "Encryption and Authentication"
set ylabel "Megabits per second"
set xlabel "Octets in packet"
set yrange [0:1000]
set output "plot-enc-auth.pict"
plot "timing.dat" index 5 title "TMMH/SEAL" with lines, "timing.dat" index 6 title "TMMH/AES" with lines, "timing.dat" index 7 title "HMAC/AES" with lines
\ No newline at end of file
diff --git a/trunk/3rdparty/libsrtp-2-fit/undos.sh b/trunk/3rdparty/libsrtp-2-fit/undos.sh
new file mode 100755
index 000000000..db1206496
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/undos.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+# 
+# usage: undos <file>
+# 
+# strips CRs from a file - useful when moving DOS-created files
+# onto UN*X machines
+
+cat $1 | tr -d "\r" > $1.tmp
+mv $1.tmp $1
+
diff --git a/trunk/3rdparty/libsrtp-2-fit/update.sh b/trunk/3rdparty/libsrtp-2-fit/update.sh
new file mode 100755
index 000000000..595b647f3
--- /dev/null
+++ b/trunk/3rdparty/libsrtp-2-fit/update.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+#
+# update.sh
+#
+# update copyright dates in files
+
+a=`find . -name "*.[ch]"`
+for x in $a; do 
+    sed 's/(c) 2001-2005/(c) 2001-2006/' $x > $x.tmp; 
+    mv $x.tmp $x; 
+done
+
+
+
+ 
diff --git a/trunk/3rdparty/libsrtp-2.0.0.zip b/trunk/3rdparty/libsrtp-2.0.0.zip
deleted file mode 100644
index e0f7c414d..000000000
Binary files a/trunk/3rdparty/libsrtp-2.0.0.zip and /dev/null differ
diff --git a/trunk/3rdparty/openssl-1.1-fit/Configurations/00-base-templates.conf b/trunk/3rdparty/openssl-1.1-fit/Configurations/00-base-templates.conf
new file mode 100644
index 000000000..5fd995cb3
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/Configurations/00-base-templates.conf
@@ -0,0 +1,356 @@
+# -*- Mode: perl -*-
+my %targets=(
+    DEFAULTS => {
+	template	=> 1,
+
+	cflags		=> "",
+	cppflags	=> "",
+	lflags		=> "",
+	defines		=> [],
+	includes	=> [],
+	lib_cflags	=> "",
+	lib_cppflags	=> "",
+	lib_defines	=> [],
+	thread_scheme	=> "(unknown)", # Assume we don't know
+	thread_defines	=> [],
+
+	apps_aux_src	=> "",
+	apps_init_src	=> "",
+	cpuid_asm_src	=> "mem_clr.c",
+	uplink_aux_src	=> "",
+	bn_asm_src	=> "bn_asm.c",
+	ec_asm_src	=> "",
+	des_asm_src	=> "des_enc.c fcrypt_b.c",
+	aes_asm_src	=> "aes_core.c aes_cbc.c",
+	bf_asm_src	=> "bf_enc.c",
+	md5_asm_src	=> "",
+	cast_asm_src	=> "c_enc.c",
+	rc4_asm_src	=> "rc4_enc.c rc4_skey.c",
+	rmd160_asm_src	=> "",
+	rc5_asm_src	=> "rc5_enc.c",
+	wp_asm_src	=> "wp_block.c",
+	cmll_asm_src	=> "camellia.c cmll_misc.c cmll_cbc.c",
+	modes_asm_src	=> "",
+	padlock_asm_src	=> "",
+	chacha_asm_src	=> "chacha_enc.c",
+	poly1305_asm_src	=> "",
+	keccak1600_asm_src	=> "keccak1600.c",
+
+	unistd		=> "<unistd.h>",
+	shared_target	=> "",
+	shared_cflag	=> "",
+	shared_defines	=> [],
+	shared_ldflag	=> "",
+	shared_rcflag	=> "",
+	shared_extension	=> "",
+
+	#### Defaults for the benefit of the config targets who don't inherit
+	#### a BASE and assume Unix defaults
+	#### THESE WILL DISAPPEAR IN OpenSSL 1.2
+	build_scheme	=> [ "unified", "unix" ],
+	build_file	=> "Makefile",
+
+	AR		=> "ar",
+	ARFLAGS		=> "r",
+	CC		=> "cc",
+	HASHBANGPERL	=> "/usr/bin/env perl",
+	RANLIB		=> sub { which("$config{cross_compile_prefix}ranlib")
+                                     ? "ranlib" : "" },
+	RC		=> "windres",
+
+	#### THESE WILL BE ENABLED IN OpenSSL 1.2
+	#HASHBANGPERL	=> "PERL", # Only Unix actually cares
+    },
+
+    BASE_common => {
+	template	=> 1,
+
+	enable		=> [],
+	disable		=> [],
+
+	defines		=>
+	    sub {
+                my @defs = ();
+                push @defs, "ZLIB" unless $disabled{zlib};
+                push @defs, "ZLIB_SHARED" unless $disabled{"zlib-dynamic"};
+                return [ @defs ];
+            },
+        includes        =>
+            sub {
+                my @incs = ();
+                push @incs, $withargs{zlib_include}
+                    if !$disabled{zlib} && $withargs{zlib_include};
+                return [ @incs ];
+            },
+    },
+
+    BASE_unix => {
+        inherit_from    => [ "BASE_common" ],
+        template        => 1,
+
+        AR              => "ar",
+        ARFLAGS         => "r",
+        CC              => "cc",
+        lflags          =>
+            sub { $withargs{zlib_lib} ? "-L".$withargs{zlib_lib} : () },
+        ex_libs         =>
+            sub { !defined($disabled{zlib})
+                  && defined($disabled{"zlib-dynamic"})
+                  ? "-lz" : () },
+        HASHBANGPERL    => "/usr/bin/env perl", # Only Unix actually cares
+        RANLIB          => sub { which("$config{cross_compile_prefix}ranlib")
+                                     ? "ranlib" : "" },
+        RC              => "windres",
+
+        shared_extension => ".so",
+
+        build_scheme    => [ "unified", "unix" ],
+        build_file      => "Makefile",
+    },
+
+    BASE_Windows => {
+        inherit_from    => [ "BASE_common" ],
+        template        => 1,
+
+        lib_defines      =>
+            sub {
+                my @defs = ();
+                unless ($disabled{"zlib-dynamic"}) {
+                    my $zlib = $withargs{zlib_lib} // "ZLIB1";
+                    push @defs, 'LIBZ=' . (quotify("perl", $zlib))[0];
+                }
+                return [ @defs ];
+            },
+        ex_libs         =>
+            sub {
+                unless ($disabled{zlib}) {
+                    if (defined($disabled{"zlib-dynamic"})) {
+                        return $withargs{zlib_lib} // "ZLIB1";
+                    }
+                }
+                return ();
+            },
+
+        LD              => "link",
+        LDFLAGS         => "/nologo",
+        ldoutflag       => "/out:",
+        AR              => "lib",
+        ARFLAGS         => "/nologo",
+        aroutflag       => "/out:",
+        RC               => "rc",
+        rcoutflag        => "/fo",
+        MT              => "mt",
+        MTFLAGS         => "-nologo",
+        mtinflag        => "-manifest ",
+        mtoutflag       => "-outputresource:",
+
+        shared_extension => ".dll",
+
+        build_file      => "makefile",
+        build_scheme    => [ "unified", "windows" ],
+    },
+
+    BASE_VMS => {
+        inherit_from    => [ "BASE_common" ],
+        template        => 1,
+
+        includes        =>
+            add(sub {
+                    my @incs = ();
+                    # GNV$ZLIB_INCLUDE is the standard logical name for later
+                    # zlib incarnations.
+                    push @incs, 'GNV$ZLIB_INCLUDE:'
+                        if !$disabled{zlib} && !$withargs{zlib_include};
+                    return [ @incs ];
+                }),
+
+        shared_extension => ".exe",
+
+        build_file       => "descrip.mms",
+        build_scheme     => [ "unified", "VMS" ],
+    },
+
+    uplink_common => {
+	template	=> 1,
+	apps_init_src	=> add("../ms/applink.c"),
+	uplink_aux_src	=> add("../ms/uplink.c"),
+	defines		=> add("OPENSSL_USE_APPLINK"),
+    },
+    x86_uplink => {
+	inherit_from	=> [ "uplink_common" ],
+	template	=> 1,
+	uplink_aux_src	=> add("uplink-x86.s"),
+    },
+    x86_64_uplink => {
+	inherit_from	=> [ "uplink_common" ],
+	template	=> 1,
+	uplink_aux_src	=> add("uplink-x86_64.s"),
+    },
+    ia64_uplink => {
+	inherit_from	=> [ "uplink_common" ],
+	template	=> 1,
+	uplink_aux_src	=> add("uplink-ia64.s"),
+    },
+
+    x86_asm => {
+	template	=> 1,
+	cpuid_asm_src	=> "x86cpuid.s",
+	bn_asm_src	=> "bn-586.s co-586.s x86-mont.s x86-gf2m.s",
+	ec_asm_src	=> "ecp_nistz256.c ecp_nistz256-x86.s",
+	des_asm_src	=> "des-586.s crypt586.s",
+	aes_asm_src	=> "aes-586.s vpaes-x86.s aesni-x86.s",
+	bf_asm_src	=> "bf-586.s",
+	md5_asm_src	=> "md5-586.s",
+	cast_asm_src	=> "cast-586.s",
+	sha1_asm_src	=> "sha1-586.s sha256-586.s sha512-586.s",
+	rc4_asm_src	=> "rc4-586.s",
+	rmd160_asm_src	=> "rmd-586.s",
+	rc5_asm_src	=> "rc5-586.s",
+	wp_asm_src	=> "wp_block.c wp-mmx.s",
+	cmll_asm_src	=> "cmll-x86.s",
+	modes_asm_src	=> "ghash-x86.s",
+	padlock_asm_src	=> "e_padlock-x86.s",
+	chacha_asm_src	=> "chacha-x86.s",
+	poly1305_asm_src=> "poly1305-x86.s",
+    },
+    x86_elf_asm => {
+	template	=> 1,
+	inherit_from	=> [ "x86_asm" ],
+	perlasm_scheme	=> "elf"
+    },
+    x86_64_asm => {
+	template	=> 1,
+	cpuid_asm_src   => "x86_64cpuid.s",
+	bn_asm_src      => "asm/x86_64-gcc.c x86_64-mont.s x86_64-mont5.s x86_64-gf2m.s rsaz_exp.c rsaz-x86_64.s rsaz-avx2.s",
+	ec_asm_src      => "ecp_nistz256.c ecp_nistz256-x86_64.s x25519-x86_64.s",
+	aes_asm_src     => "aes-x86_64.s vpaes-x86_64.s bsaes-x86_64.s aesni-x86_64.s aesni-sha1-x86_64.s aesni-sha256-x86_64.s aesni-mb-x86_64.s",
+	md5_asm_src     => "md5-x86_64.s",
+	sha1_asm_src    => "sha1-x86_64.s sha256-x86_64.s sha512-x86_64.s sha1-mb-x86_64.s sha256-mb-x86_64.s",
+	rc4_asm_src     => "rc4-x86_64.s rc4-md5-x86_64.s",
+	wp_asm_src      => "wp-x86_64.s",
+	cmll_asm_src    => "cmll-x86_64.s cmll_misc.c",
+	modes_asm_src   => "ghash-x86_64.s aesni-gcm-x86_64.s",
+	padlock_asm_src => "e_padlock-x86_64.s",
+	chacha_asm_src	=> "chacha-x86_64.s",
+	poly1305_asm_src=> "poly1305-x86_64.s",
+	keccak1600_asm_src	=> "keccak1600-x86_64.s",
+    },
+    ia64_asm => {
+	template	=> 1,
+	cpuid_asm_src   => "ia64cpuid.s",
+	bn_asm_src      => "bn-ia64.s ia64-mont.s",
+	aes_asm_src     => "aes_core.c aes_cbc.c aes-ia64.s",
+	sha1_asm_src    => "sha1-ia64.s sha256-ia64.s sha512-ia64.s",
+	modes_asm_src   => "ghash-ia64.s",
+	perlasm_scheme	=> "void"
+    },
+    sparcv9_asm => {
+	template	=> 1,
+	cpuid_asm_src   => "sparcv9cap.c sparccpuid.S",
+	bn_asm_src      => "asm/sparcv8plus.S sparcv9-mont.S sparcv9a-mont.S vis3-mont.S sparct4-mont.S sparcv9-gf2m.S",
+	ec_asm_src      => "ecp_nistz256.c ecp_nistz256-sparcv9.S",
+	des_asm_src     => "des_enc-sparc.S fcrypt_b.c dest4-sparcv9.S",
+	aes_asm_src     => "aes_core.c aes_cbc.c aes-sparcv9.S aest4-sparcv9.S aesfx-sparcv9.S",
+	md5_asm_src     => "md5-sparcv9.S",
+	sha1_asm_src    => "sha1-sparcv9.S sha256-sparcv9.S sha512-sparcv9.S",
+	cmll_asm_src    => "camellia.c cmll_misc.c cmll_cbc.c cmllt4-sparcv9.S",
+	modes_asm_src   => "ghash-sparcv9.S",
+	poly1305_asm_src=> "poly1305-sparcv9.S",
+	perlasm_scheme	=> "void"
+    },
+    sparcv8_asm => {
+	template	=> 1,
+	cpuid_asm_src   => "",
+	bn_asm_src      => "asm/sparcv8.S",
+	des_asm_src     => "des_enc-sparc.S fcrypt_b.c",
+	perlasm_scheme	=> "void"
+    },
+    alpha_asm => {
+	template	=> 1,
+	cpuid_asm_src   => "alphacpuid.s",
+	bn_asm_src      => "bn_asm.c alpha-mont.S",
+	sha1_asm_src    => "sha1-alpha.S",
+	modes_asm_src   => "ghash-alpha.S",
+	perlasm_scheme	=> "void"
+    },
+    mips32_asm => {
+	template	=> 1,
+	bn_asm_src      => "bn-mips.S mips-mont.S",
+	aes_asm_src     => "aes_cbc.c aes-mips.S",
+	sha1_asm_src    => "sha1-mips.S sha256-mips.S",
+    },
+    mips64_asm => {
+	inherit_from	=> [ "mips32_asm" ],
+	template	=> 1,
+	sha1_asm_src    => add("sha512-mips.S"),
+	poly1305_asm_src=> "poly1305-mips.S",
+    },
+    s390x_asm => {
+	template	=> 1,
+	cpuid_asm_src   => "s390xcap.c s390xcpuid.S",
+	bn_asm_src      => "asm/s390x.S s390x-mont.S s390x-gf2m.s",
+	aes_asm_src     => "aes-s390x.S aes-ctr.fake aes-xts.fake",
+	sha1_asm_src    => "sha1-s390x.S sha256-s390x.S sha512-s390x.S",
+	rc4_asm_src     => "rc4-s390x.s",
+	modes_asm_src   => "ghash-s390x.S",
+	chacha_asm_src  => "chacha-s390x.S",
+	poly1305_asm_src=> "poly1305-s390x.S",
+	keccak1600_asm_src	=> "keccak1600-s390x.S",
+    },
+    armv4_asm => {
+	template	=> 1,
+	cpuid_asm_src   => "armcap.c armv4cpuid.S",
+	bn_asm_src      => "bn_asm.c armv4-mont.S armv4-gf2m.S",
+	ec_asm_src      => "ecp_nistz256.c ecp_nistz256-armv4.S",
+	aes_asm_src     => "aes_cbc.c aes-armv4.S bsaes-armv7.S aesv8-armx.S",
+	sha1_asm_src    => "sha1-armv4-large.S sha256-armv4.S sha512-armv4.S",
+	modes_asm_src   => "ghash-armv4.S ghashv8-armx.S",
+	chacha_asm_src  => "chacha-armv4.S",
+	poly1305_asm_src=> "poly1305-armv4.S",
+	keccak1600_asm_src	=> "keccak1600-armv4.S",
+	perlasm_scheme	=> "void"
+    },
+    aarch64_asm => {
+	template	=> 1,
+	cpuid_asm_src   => "armcap.c arm64cpuid.S",
+	ec_asm_src      => "ecp_nistz256.c ecp_nistz256-armv8.S",
+	bn_asm_src      => "bn_asm.c armv8-mont.S",
+	aes_asm_src     => "aes_core.c aes_cbc.c aesv8-armx.S vpaes-armv8.S",
+	sha1_asm_src    => "sha1-armv8.S sha256-armv8.S sha512-armv8.S",
+	modes_asm_src   => "ghashv8-armx.S",
+	chacha_asm_src  => "chacha-armv8.S",
+	poly1305_asm_src=> "poly1305-armv8.S",
+	keccak1600_asm_src	=> "keccak1600-armv8.S",
+    },
+    parisc11_asm => {
+	template	=> 1,
+	cpuid_asm_src   => "pariscid.s",
+	bn_asm_src      => "bn_asm.c parisc-mont.s",
+	aes_asm_src     => "aes_core.c aes_cbc.c aes-parisc.s",
+	sha1_asm_src    => "sha1-parisc.s sha256-parisc.s sha512-parisc.s",
+	rc4_asm_src     => "rc4-parisc.s",
+	modes_asm_src   => "ghash-parisc.s",
+	perlasm_scheme	=> "32"
+    },
+    parisc20_64_asm => {
+	template	=> 1,
+	inherit_from	=> [ "parisc11_asm" ],
+	perlasm_scheme	=> "64",
+    },
+    ppc32_asm => {
+	template	=> 1,
+	cpuid_asm_src   => "ppccpuid.s ppccap.c",
+	bn_asm_src      => "bn-ppc.s ppc-mont.s",
+	aes_asm_src     => "aes_core.c aes_cbc.c aes-ppc.s vpaes-ppc.s aesp8-ppc.s",
+	sha1_asm_src    => "sha1-ppc.s sha256-ppc.s sha512-ppc.s sha256p8-ppc.s sha512p8-ppc.s",
+	modes_asm_src   => "ghashp8-ppc.s",
+	chacha_asm_src	=> "chacha-ppc.s",
+	poly1305_asm_src=> "poly1305-ppc.s poly1305-ppcfp.s",
+    },
+    ppc64_asm => {
+	inherit_from	=> [ "ppc32_asm" ],
+	template	=> 1,
+	ec_asm_src	=> "ecp_nistz256.c ecp_nistz256-ppc64.s x25519-ppc64.s",
+	keccak1600_asm_src	=> "keccak1600-ppc64.s",
+    },
+);
diff --git a/trunk/3rdparty/openssl-1.1-fit/Configurations/10-main.conf b/trunk/3rdparty/openssl-1.1-fit/Configurations/10-main.conf
new file mode 100644
index 000000000..930f2d3c9
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/Configurations/10-main.conf
@@ -0,0 +1,1802 @@
+## -*- mode: perl; -*-
+## Standard openssl configuration targets.
+
+# Helper functions for the Windows configs
+my $vc_win64a_info = {};
+sub vc_win64a_info {
+    unless (%$vc_win64a_info) {
+        if (`nasm -v 2>NUL` =~ /NASM version ([0-9]+\.[0-9]+)/ && $1 >= 2.0) {
+            $vc_win64a_info = { AS        => "nasm",
+                                ASFLAGS   => "-g",
+                                asflags   => "-Ox -f win64 -DNEAR",
+                                asoutflag => "-o " };
+        } elsif ($disabled{asm}) {
+            # assembler is still used to compile uplink shim
+            $vc_win64a_info = { AS        => "ml64",
+                                ASFLAGS   => "/nologo /Zi",
+                                asflags   => "/c /Cp /Cx",
+                                asoutflag => "/Fo" };
+        } else {
+            $die->("NASM not found - make sure it's installed and available on %PATH%\n");
+            $vc_win64a_info = { AS        => "{unknown}",
+                                ASFLAGS   => "",
+                                asflags   => "",
+                                asoutflag => "" };
+        }
+    }
+    return $vc_win64a_info;
+}
+
+my $vc_win32_info = {};
+sub vc_win32_info {
+    unless (%$vc_win32_info) {
+        my $ver=`nasm -v 2>NUL`;
+        my $vew=`nasmw -v 2>NUL`;
+        if ($ver ne "" || $vew ne "") {
+            $vc_win32_info = { AS        => $ver ge $vew ? "nasm" : "nasmw",
+                               ASFLAGS   => "",
+                               asflags   => "-f win32",
+                               asoutflag => "-o ",
+                               perlasm_scheme => "win32n" };
+        } elsif ($disabled{asm}) {
+            # not actually used, uplink shim is inlined into C code
+            $vc_win32_info = { AS        => "ml",
+                               ASFLAGS   => "/nologo /Zi",
+                               asflags   => "/Cp /coff /c /Cx",
+                               asoutflag => "/Fo",
+                               perlasm_scheme => "win32" };
+        } else {
+            $die->("NASM not found - make sure it's installed and available on %PATH%\n");
+            $vc_win32_info = { AS        => "{unknown}",
+                               ASFLAGS   => "",
+                               asflags   => "",
+                               asoutflag => "",
+                               perlasm_scheme => "win32" };
+        }
+    }
+    return $vc_win32_info;
+}
+
+my $vc_wince_info = {};
+sub vc_wince_info {
+    unless (%$vc_wince_info) {
+        # sanity check
+        $die->('%OSVERSION% is not defined') if (!defined(env('OSVERSION')));
+        $die->('%PLATFORM% is not defined')  if (!defined(env('PLATFORM')));
+        $die->('%TARGETCPU% is not defined') if (!defined(env('TARGETCPU')));
+
+        #
+        # Idea behind this is to mimic flags set by eVC++ IDE...
+        #
+        my $wcevers = env('OSVERSION');                     # WCENNN
+	my $wcevernum;
+	my $wceverdotnum;
+	if ($wcevers =~ /^WCE([1-9])([0-9]{2})$/) {
+	    $wcevernum = "$1$2";
+	    $wceverdotnum = "$1.$2";
+	} else {
+	    $die->('%OSVERSION% value is insane');
+	    $wcevernum = "{unknown}";
+	    $wceverdotnum = "{unknown}";
+	}
+        my $wcecdefs = "-D_WIN32_WCE=$wcevernum -DUNDER_CE=$wcevernum"; # -D_WIN32_WCE=NNN
+        my $wcelflag = "/subsystem:windowsce,$wceverdotnum";        # ...,N.NN
+
+        my $wceplatf =  env('PLATFORM');
+
+        $wceplatf =~ tr/a-z0-9 /A-Z0-9_/;
+        $wcecdefs .= " -DWCE_PLATFORM_$wceplatf";
+
+        my $wcetgt = env('TARGETCPU');                      # just shorter name...
+      SWITCH: for($wcetgt) {
+          /^X86/        && do { $wcecdefs.=" -Dx86 -D_X86_ -D_i386_ -Di_386_";
+                                $wcelflag.=" /machine:X86";     last; };
+          /^ARMV4[IT]/  && do { $wcecdefs.=" -DARM -D_ARM_ -D$wcetgt";
+                                $wcecdefs.=" -DTHUMB -D_THUMB_" if($wcetgt=~/T$/);
+                                $wcecdefs.=" -QRarch4T -QRinterwork-return";
+                                $wcelflag.=" /machine:THUMB";   last; };
+          /^ARM/        && do { $wcecdefs.=" -DARM -D_ARM_ -D$wcetgt";
+                                $wcelflag.=" /machine:ARM";     last; };
+          /^MIPSIV/     && do { $wcecdefs.=" -DMIPS -D_MIPS_ -DR4000 -D$wcetgt";
+                                $wcecdefs.=" -D_MIPS64 -QMmips4 -QMn32";
+                                $wcelflag.=" /machine:MIPSFPU"; last; };
+          /^MIPS16/     && do { $wcecdefs.=" -DMIPS -D_MIPS_ -DR4000 -D$wcetgt";
+                                $wcecdefs.=" -DMIPSII -QMmips16";
+                                $wcelflag.=" /machine:MIPS16";  last; };
+          /^MIPSII/     && do { $wcecdefs.=" -DMIPS -D_MIPS_ -DR4000 -D$wcetgt";
+                                $wcecdefs.=" -QMmips2";
+                                $wcelflag.=" /machine:MIPS";    last; };
+          /^R4[0-9]{3}/ && do { $wcecdefs.=" -DMIPS -D_MIPS_ -DR4000";
+                                $wcelflag.=" /machine:MIPS";    last; };
+          /^SH[0-9]/    && do { $wcecdefs.=" -D$wcetgt -D_${wcetgt}_ -DSHx";
+                                $wcecdefs.=" -Qsh4" if ($wcetgt =~ /^SH4/);
+                                $wcelflag.=" /machine:$wcetgt"; last; };
+          { $wcecdefs.=" -D$wcetgt -D_${wcetgt}_";
+            $wcelflag.=" /machine:$wcetgt";                     last; };
+      }
+
+        $vc_wince_info = { cppflags => $wcecdefs,
+                           lflags => $wcelflag };
+    }
+    return $vc_wince_info;
+}
+
+# Helper functions for the VMS configs
+my $vms_info = {};
+sub vms_info {
+    my $pointer_size_str = $config{target} =~ m|-p(\d+)$| ? $1 : "";
+
+    # For the case where Configure iterate through all config targets, such
+    # as when listing them and their details, we reset info if the pointer
+    # size changes.
+    if (%$vms_info && $vms_info->{pointer_size} ne $pointer_size_str) {
+        $vms_info = {};
+    }
+
+    unless (%$vms_info) {
+        $vms_info->{disable_warns} = [ ];
+        $vms_info->{pointer_size} = $pointer_size_str;
+        if ($pointer_size_str eq "64") {
+            `PIPE CC /NOCROSS_REFERENCE /NOLIST /NOOBJECT /WARNINGS = DISABLE = ( MAYLOSEDATA3, EMPTYFILE ) NL: 2> NL:`;
+            if ($? == 0) {
+                push @{$vms_info->{disable_warns}}, "MAYLOSEDATA3";
+            }
+        }
+
+        unless ($disabled{zlib}) {
+            my $default_zlib = 'GNV$LIBZSHR' . $pointer_size_str;
+            if (defined($disabled{"zlib-dynamic"})) {
+                $vms_info->{zlib} = $withargs{zlib_lib} || "$default_zlib/SHARE";
+            } else {
+                $vms_info->{def_zlib} = $withargs{zlib_lib} || $default_zlib;
+                # In case the --with-zlib-lib value contains something like
+                # /SHARE or /LIB or so at the end, remove it.
+                $vms_info->{def_zlib} =~ s|/.*$||g;
+            }
+        }
+
+        if ($config{target} =~ /-ia64/) {
+            `PIPE ias -H 2> NL:`;
+            if ($? == 0) {
+                $vms_info->{AS} = "ias";
+                $vms_info->{ASFLAGS} = '-d debug';
+                $vms_info->{asflags} = '"-N" vms_upcase';
+                $vms_info->{asoutflag} = "-o ";
+                $vms_info->{perlasm_scheme} = "ias";
+            }
+        }
+    }
+    return $vms_info;
+}
+
+my %targets = (
+
+#### Basic configs that should work on any 32-bit box
+    "gcc" => {
+        inherit_from     => [ "BASE_unix" ],
+        CC               => "gcc",
+        CFLAGS           => picker(debug   => "-O0 -g",
+                                   release => "-O3"),
+        thread_scheme    => "(unknown)",
+        bn_ops           => "BN_LLONG",
+    },
+    "cc" => {
+        inherit_from     => [ "BASE_unix" ],
+        CC               => "cc",
+        CFLAGS           => "-O",
+        thread_scheme    => "(unknown)",
+    },
+
+#### VOS Configurations
+    "vos-gcc" => {
+        inherit_from     => [ "BASE_unix" ],
+        CC               => "gcc",
+        CFLAGS           => picker(default => "-Wall",
+                                   debug   => "-O0 -g",
+                                   release => "-O3"),
+        cppflags         => "-D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES",
+        lib_cppflags     => "-DB_ENDIAN",
+        thread_scheme    => "(unknown)",
+        sys_id           => "VOS",
+        lflags           => add("-Wl,-map"),
+        bn_ops           => "BN_LLONG",
+        shared_extension => ".so",
+    },
+
+#### Solaris configurations
+    "solaris-common" => {
+        inherit_from     => [ "BASE_unix" ],
+        template         => 1,
+        lib_cppflags     => "-DFILIO_H",
+        ex_libs          => add("-lsocket -lnsl -ldl"),
+        dso_scheme       => "dlfcn",
+        thread_scheme    => "pthreads",
+        shared_target    => "self",
+        shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)",
+        shared_ldflag    => "-Wl,-Bsymbolic",
+        shared_defflag   => "-Wl,-M,",
+        shared_sonameflag=> "-Wl,-h,",
+    },
+#### Solaris x86 with GNU C setups
+    "solaris-x86-gcc" => {
+        # NB. GNU C has to be configured to use GNU assembler, and not
+        # /usr/ccs/bin/as. Failure to comply will result in compile
+        # failures [at least] in 32-bit build.
+        inherit_from     => [ "solaris-common", asm("x86_elf_asm") ],
+        CC               => "gcc",
+        CFLAGS           => add_before(picker(default => "-Wall",
+                                              debug   => "-O0 -g",
+                                              release => "-O3 -fomit-frame-pointer")),
+        cflags           => add(threads("-pthread")),
+        lib_cppflags     => add("-DL_ENDIAN"),
+        ex_libs          => add(threads("-pthread")),
+        bn_ops           => "BN_LLONG",
+        shared_cflag     => "-fPIC",
+        shared_ldflag    => add_before("-shared -static-libgcc"),
+    },
+    "solaris64-x86_64-gcc" => {
+        # -shared -static-libgcc might appear controversial, but modules
+        # taken from static libgcc do not have relocations and linking
+        # them into our shared objects doesn't have any negative side
+        # effects. On the contrary, doing so makes it possible to use
+        # gcc shared build with Sun C. Given that gcc generates faster
+        # code [thanks to inline assembler], I would actually recommend
+        # to consider using gcc shared build even with vendor compiler:-)
+        #                        -- <appro@openssl.org>
+        inherit_from     => [ "solaris-common", asm("x86_64_asm") ],
+        CC               => "gcc",
+        CFLAGS           => add_before(picker(default => "-Wall",
+                                              debug   => "-O0 -g",
+                                              release => "-O3")),
+        cflags           => add_before("-m64", threads("-pthread")),
+        lib_cppflags     => add("-DL_ENDIAN"),
+        ex_libs          => add(threads("-pthread")),
+        bn_ops           => "SIXTY_FOUR_BIT_LONG",
+        perlasm_scheme   => "elf",
+        shared_cflag     => "-fPIC",
+        shared_ldflag    => add_before("-shared -static-libgcc"),
+        multilib         => "/64",
+    },
+
+#### Solaris x86 with Sun C setups
+    # There used to be solaris-x86-cc target, but it was removed,
+    # primarily because vendor assembler can't assemble our modules
+    # with -KPIC flag. As result it, assembly support, was not even
+    # available as option. But its lack means lack of side-channel
+    # resistant code, which is incompatible with security by todays
+    # standards. Fortunately gcc is readily available prepackaged
+    # option, which we can firmly point at...
+    #
+    # On related note, solaris64-x86_64-cc target won't compile code
+    # paths utilizing AVX and post-Haswell instruction extensions.
+    # Consider switching to solaris64-x86_64-gcc even here...
+    #
+    "solaris64-x86_64-cc" => {
+        inherit_from     => [ "solaris-common", asm("x86_64_asm") ],
+        CC               => "cc",
+        CFLAGS           => add_before(picker(debug   => "-g",
+                                              release => "-xO5 -xdepend -xbuiltin")),
+        cflags           => add_before("-xarch=generic64 -xstrconst -Xa"),
+        cppflags         => add(threads("-D_REENTRANT")),
+        lib_cppflags     => add("-DL_ENDIAN"),
+        thread_scheme    => "pthreads",
+        lflags           => add(threads("-mt")),
+        ex_libs          => add(threads("-lpthread")),
+        bn_ops           => "SIXTY_FOUR_BIT_LONG",
+        perlasm_scheme   => "elf",
+        shared_cflag     => "-KPIC",
+        shared_ldflag    => add_before("-G -dy -z text"),
+        multilib         => "/64",
+    },
+
+#### SPARC Solaris with GNU C setups
+    "solaris-sparcv7-gcc" => {
+        inherit_from     => [ "solaris-common" ],
+        CC               => "gcc",
+        CFLAGS           => add_before(picker(default => "-Wall",
+                                              debug   => "-O0 -g",
+                                              release => "-O3")),
+        cflags           => add(threads("-pthread")),
+        lib_cppflags     => add("-DB_ENDIAN -DBN_DIV2W"),
+        ex_libs          => add(threads("-pthread")),
+        bn_ops           => "BN_LLONG RC4_CHAR",
+        shared_cflag     => "-fPIC",
+        shared_ldflag    => add_before("-shared"),
+    },
+    "solaris-sparcv8-gcc" => {
+        inherit_from     => [ "solaris-sparcv7-gcc", asm("sparcv8_asm") ],
+        cflags           => add_before("-mcpu=v8"),
+    },
+    "solaris-sparcv9-gcc" => {
+        # -m32 should be safe to add as long as driver recognizes
+        # -mcpu=ultrasparc
+        inherit_from     => [ "solaris-sparcv7-gcc", asm("sparcv9_asm") ],
+        cflags           => add_before("-m32 -mcpu=ultrasparc"),
+    },
+    "solaris64-sparcv9-gcc" => {
+        inherit_from     => [ "solaris-sparcv9-gcc" ],
+        cflags           => sub { my $f=join(" ",@_); $f =~ s/\-m32/-m64/; $f; },
+        bn_ops           => "BN_LLONG RC4_CHAR",
+        multilib         => "/64",
+    },
+
+#### SPARC Solaris with Sun C setups
+# SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2.
+# SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8
+# SC5.0 note: Compiler common patch 107357-01 or later is required!
+    "solaris-sparcv7-cc" => {
+        inherit_from     => [ "solaris-common" ],
+        CC               => "cc",
+        CFLAGS           => add_before(picker(debug   => "-g",
+                                              release => "-xO5 -xdepend")),
+        cflags           => add_before("-xstrconst -Xa"),
+        cppflags         => add(threads("-D_REENTRANT")),
+        lib_cppflags     => add("-DB_ENDIAN -DBN_DIV2W"),
+        lflags           => add(threads("-mt")),
+        ex_libs          => add(threads("-lpthread")),
+        bn_ops           => "BN_LLONG RC4_CHAR",
+        shared_cflag     => "-KPIC",
+        shared_ldflag    => add_before("-G -dy -z text"),
+    },
+####
+    "solaris-sparcv8-cc" => {
+        inherit_from     => [ "solaris-sparcv7-cc", asm("sparcv8_asm") ],
+        cflags           => add_before("-xarch=v8"),
+    },
+    "solaris-sparcv9-cc" => {
+        inherit_from     => [ "solaris-sparcv7-cc", asm("sparcv9_asm") ],
+        cflags           => add_before("-xarch=v8plus"),
+    },
+    "solaris64-sparcv9-cc" => {
+        inherit_from     => [ "solaris-sparcv7-cc", asm("sparcv9_asm") ],
+        cflags           => add_before("-xarch=v9"),
+        bn_ops           => "BN_LLONG RC4_CHAR",
+        multilib         => "/64",
+    },
+
+#### IRIX 6.x configs
+# Only N32 and N64 ABIs are supported.
+    "irix-common" => {
+        inherit_from     => [ "BASE_unix" ],
+        template         => 1,
+        cppflags         => threads("-D_SGI_MP_SOURCE"),
+        lib_cppflags     => "-DB_ENDIAN",
+        ex_libs          => add(threads("-lpthread")),
+        thread_scheme    => "pthreads",
+        dso_scheme       => "dlfcn",
+        shared_target    => "self",
+        shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)",
+        shared_ldflag    => "-shared -Wl,-Bsymbolic",
+        shared_sonameflag=> "-Wl,-soname,",
+    },
+    "irix-mips3-gcc" => {
+        inherit_from     => [ "irix-common", asm("mips64_asm") ],
+        CC               => "gcc",
+        CFLAGS           => picker(debug   => "-g -O0",
+                                   release => "-O3"),
+        LDFLAGS          => "-static-libgcc",
+        cflags           => "-mabi=n32",
+        bn_ops           => "RC4_CHAR SIXTY_FOUR_BIT",
+        perlasm_scheme   => "n32",
+        multilib         => "32",
+    },
+    "irix-mips3-cc" => {
+        inherit_from     => [ "irix-common", asm("mips64_asm") ],
+        CC               => "cc",
+        CFLAGS           => picker(debug   => "-g -O0",
+                                   release => "-O2"),
+        cflags           => "-n32 -mips3 -use_readonly_const -G0 -rdata_shared",
+        bn_ops           => "RC4_CHAR SIXTY_FOUR_BIT",
+        perlasm_scheme   => "n32",
+        multilib         => "32",
+    },
+    # N64 ABI builds.
+    "irix64-mips4-gcc" => {
+        inherit_from     => [ "irix-common", asm("mips64_asm") ],
+        CC               => "gcc",
+        CFLAGS           => picker(debug   => "-g -O0",
+                                   release => "-O3"),
+        LDFLAGS          => "-static-libgcc",
+        cflags           => "-mabi=64 -mips4",
+        bn_ops           => "RC4_CHAR SIXTY_FOUR_BIT_LONG",
+        perlasm_scheme   => "64",
+        multilib         => "64",
+    },
+    "irix64-mips4-cc" => {
+        inherit_from     => [ "irix-common", asm("mips64_asm") ],
+        CC               => "cc",
+        CFLAGS           => picker(debug   => "-g -O0",
+                                   release => "-O2"),
+        cflags           => "-64 -mips4 -use_readonly_const -G0 -rdata_shared",
+        bn_ops           => "RC4_CHAR SIXTY_FOUR_BIT_LONG",
+        perlasm_scheme   => "64",
+        multilib         => "64",
+    },
+
+#### Unified HP-UX ANSI C configs.
+# Special notes:
+# - Originally we were optimizing at +O4 level. It should be noted
+#   that the only difference between +O3 and +O4 is global inter-
+#   procedural analysis. As it has to be performed during the link
+#   stage the compiler leaves behind certain pseudo-code in lib*.a
+#   which might be release or even patch level specific. Generating
+#   the machine code for and analyzing the *whole* program appears
+#   to be *extremely* memory demanding while the performance gain is
+#   actually questionable. The situation is intensified by the default
+#   HP-UX data set size limit (infamous 'maxdsiz' tunable) of 64MB
+#   which is way too low for +O4. In other words, doesn't +O3 make
+#   more sense?
+# - Keep in mind that the HP compiler by default generates code
+#   suitable for execution on the host you're currently compiling at.
+#   If the toolkit is meant to be used on various PA-RISC processors
+#   consider './Configure hpux-parisc-[g]cc +DAportable'.
+# - -DMD32_XARRAY triggers workaround for compiler bug we ran into in
+#   32-bit message digests. (For the moment of this writing) HP C
+#   doesn't seem to "digest" too many local variables (they make "him"
+#   chew forever:-). For more details look-up MD32_XARRAY comment in
+#   crypto/sha/sha_lcl.h.
+# - originally there were 32-bit hpux-parisc2-* targets. They were
+#   scrapped, because a) they were not interchangeable with other 32-bit
+#   targets; b) performance-critical 32-bit assembly modules implement
+#   even PA-RISC 2.0-specific code paths, which are chosen at run-time,
+#   thus adequate performance is provided even with PA-RISC 1.1 build.
+    "hpux-common" => {
+        inherit_from     => [ "BASE_unix" ],
+        template         => 1,
+        defines          => add("_XOPEN_SOURCE", "_XOPEN_SOURCE_EXTENDED",
+                                "_HPUX_ALT_XOPEN_SOCKET_API"),
+        lib_cppflags     => "-DB_ENDIAN",
+        thread_scheme    => "pthreads",
+        dso_scheme       => "dlfcn",    # overridden in 32-bit PA-RISC builds
+        shared_target    => "self",
+        bin_lflags       => "-Wl,+s,+cdp,../:,+cdp,./:",
+        shared_ldflag    => "-Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+cdp,../:,+cdp,./:",
+        shared_sonameflag=> "-Wl,+h,",
+    },
+    "hpux-parisc-gcc" => {
+        inherit_from     => [ "hpux-common" ],
+        CC               => "gcc",
+        CFLAGS           => picker(debug   => "-O0 -g",
+                                   release => "-O3"),
+        cflags           => add(threads("-pthread")),
+        lib_cppflags     => add("-DBN_DIV2W"),
+        ex_libs          => add("-ldld", threads("-pthread")),
+        bn_ops           => "BN_LLONG RC4_CHAR",
+        dso_scheme       => "dl",
+        shared_cflag     => "-fPIC",
+        shared_ldflag    => add_before("-shared"),
+        shared_extension => ".sl.\$(SHLIB_VERSION_NUMBER)",
+    },
+    "hpux-parisc1_1-gcc" => {
+        inherit_from     => [ "hpux-parisc-gcc", asm("parisc11_asm") ],
+        multilib         => "/pa1.1",
+    },
+    "hpux64-parisc2-gcc" => {
+        inherit_from     => [ "hpux-common", asm("parisc20_64_asm") ],
+        CC               => "gcc",
+        CFLAGS           => combine(picker(debug   => "-O0 -g",
+                                           release => "-O3")),
+        cflags           => add(threads("-pthread")),
+        ex_libs          => add("-ldl", threads("-pthread")),
+        bn_ops           => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
+        shared_cflag     => "-fpic",
+        shared_ldflag    => add_before("-shared"),
+        shared_extension => ".sl.\$(SHLIB_VERSION_NUMBER)",
+        multilib         => "/pa20_64",
+    },
+
+    # More attempts at unified 10.X and 11.X targets for HP C compiler.
+    "hpux-parisc-cc" => {
+        inherit_from     => [ "hpux-common" ],
+        CC               => "cc",
+        CFLAGS           => picker(debug   => "+O0 +d -g",
+                                   release => "+O3"),
+        cflags           => "+Optrs_strongly_typed -Ae +ESlit",
+        cppflags         => threads("-D_REENTRANT"),
+        lib_cppflags     => add("-DBN_DIV2W -DMD32_XARRAY"),
+        ex_libs          => add("-ldld", threads("-lpthread")),
+        bn_ops           => "RC4_CHAR",
+        dso_scheme       => "dl",
+        shared_cflag     => "+Z",
+        shared_ldflag    => add_before("-b"),
+        shared_extension => ".sl.\$(SHLIB_VERSION_NUMBER)",
+    },
+    "hpux-parisc1_1-cc" => {
+        inherit_from     => [ "hpux-parisc-cc", asm("parisc11_asm") ],
+        cflags           => add_before("+DA1.1"),
+        multilib         => "/pa1.1",
+    },
+    "hpux64-parisc2-cc" => {
+        inherit_from     => [ "hpux-common", asm("parisc20_64_asm") ],
+        CC               => "cc",
+        CFLAGS           => picker(debug   => "+O0 +d -g",
+                                   release => "+O3") ,
+        cflags           => "+DD64 +Optrs_strongly_typed -Ae +ESlit",
+        cppflags         => threads("-D_REENTRANT") ,
+        lib_cppflags     => add("-DMD32_XARRAY"),
+        ex_libs          => add("-ldl", threads("-lpthread")),
+        bn_ops           => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
+        shared_cflag     => "+Z",
+        shared_ldflag    => add_before("-b"),
+        shared_extension => ".sl.\$(SHLIB_VERSION_NUMBER)",
+        multilib         => "/pa20_64",
+    },
+
+    # HP/UX IA-64 targets
+    "hpux-ia64-cc" => {
+        inherit_from     => [ "hpux-common", asm("ia64_asm") ],
+        CC               => "cc",
+        CFLAGS           => picker(debug   => "+O0 +d -g",
+                                   release => "+O2"),
+        cflags           => "-Ae +DD32 +Olit=all -z",
+        cppflags         => add(threads("-D_REENTRANT")),
+        ex_libs          => add("-ldl", threads("-lpthread")),
+        bn_ops           => "SIXTY_FOUR_BIT",
+        shared_cflag     => "+Z",
+        shared_ldflag    => add_before("-b"),
+        shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)",
+        multilib         => "/hpux32",
+    },
+    "hpux64-ia64-cc" => {
+        inherit_from     => [ "hpux-common", asm("ia64_asm") ],
+        CC               => "cc",
+        CFLAGS           => picker(debug   => "+O0 +d -g",
+                                   release => "+O3"),
+        cflags           => "-Ae +DD64 +Olit=all -z",
+        cppflags         => threads("-D_REENTRANT"),
+        ex_libs          => add("-ldl", threads("-lpthread")),
+        bn_ops           => "SIXTY_FOUR_BIT_LONG",
+        shared_cflag     => "+Z",
+        shared_ldflag    => add_before("-b"),
+        shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)",
+        multilib         => "/hpux64",
+    },
+    # GCC builds...
+    "hpux-ia64-gcc" => {
+        inherit_from     => [ "hpux-common", asm("ia64_asm") ],
+        CC               => "gcc",
+        CFLAGS           => picker(debug   => "-O0 -g",
+                                   release => "-O3"),
+        cflags           => add(threads("-pthread")),
+        ex_libs          => add("-ldl", threads("-pthread")),
+        bn_ops           => "SIXTY_FOUR_BIT",
+        shared_cflag     => "-fpic",
+        shared_ldflag    => add_before("-shared"),
+        shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)",
+        multilib         => "/hpux32",
+    },
+    "hpux64-ia64-gcc" => {
+        inherit_from     => [ "hpux-common", asm("ia64_asm") ],
+        CC               => "gcc",
+        CFLAGS           => picker(debug   => "-O0 -g",
+                                   release => "-O3"),
+        cflags           => combine("-mlp64", threads("-pthread")),
+        ex_libs          => add("-ldl", threads("-pthread")),
+        bn_ops           => "SIXTY_FOUR_BIT_LONG",
+        shared_cflag     => "-fpic",
+        shared_ldflag    => add_before("-shared"),
+        shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)",
+        multilib         => "/hpux64",
+    },
+
+#### HP MPE/iX http://jazz.external.hp.com/src/openssl/
+    "MPE/iX-gcc" => {
+        inherit_from     => [ "BASE_unix" ],
+        CC               => "gcc",
+        CFLAGS           => "-O3",
+        cppflags         => "-D_POSIX_SOURCE -D_SOCKET_SOURCE",
+        includes         => [ "/SYSLOG/PUB" ],
+        lib_cppflags     => "-DBN_DIV2W",
+        sys_id           => "MPE",
+        lflags           => add("-L/SYSLOG/PUB"),
+        ex_libs          => add("-lsyslog -lsocket -lcurses"),
+        thread_scheme    => "(unknown)",
+        bn_ops           => "BN_LLONG",
+    },
+
+#### DEC Alpha Tru64 targets. Tru64 is marketing name for OSF/1 version 4
+#### and forward. In reality 'uname -s' still returns "OSF1". Originally
+#### there were even osf1-* configs targeting prior versions provided,
+#### but not anymore...
+    "tru64-alpha-gcc" => {
+        inherit_from     => [ "BASE_unix", asm("alpha_asm") ],
+        CC               => "gcc",
+        CFLAGS           => "-O3",
+        cflags           => add("-std=c9x", threads("-pthread")),
+        cppflags         => "-D_XOPEN_SOURCE=500 -D_OSF_SOURCE",
+        ex_libs          => add("-lrt", threads("-pthread")), # for mlock(2)
+        bn_ops           => "SIXTY_FOUR_BIT_LONG",
+        thread_scheme    => "pthreads",
+        dso_scheme       => "dlfcn",
+        shared_target    => "alpha-osf1-shared",
+        shared_extension => ".so",
+    },
+    "tru64-alpha-cc" => {
+        inherit_from     => [ "BASE_unix", asm("alpha_asm") ],
+        CC               => "cc",
+        CFLAGS           => "-tune host -fast",
+        cflags           => add("-std1 -readonly_strings",
+                                threads("-pthread")),
+        cppflags         => "-D_XOPEN_SOURCE=500 -D_OSF_SOURCE",
+        ex_libs          => add("-lrt", threads("-pthread")), # for mlock(2)
+        bn_ops           => "SIXTY_FOUR_BIT_LONG",
+        thread_scheme    => "pthreads",
+        dso_scheme       => "dlfcn",
+        shared_target    => "alpha-osf1-shared",
+        shared_ldflag    => "-msym",
+        shared_extension => ".so",
+    },
+
+####
+#### Variety of LINUX:-)
+####
+# *-generic* is endian-neutral target, but ./config is free to
+# throw in -D[BL]_ENDIAN, whichever appropriate...
+    "linux-generic32" => {
+        inherit_from     => [ "BASE_unix" ],
+        CC               => "gcc",
+        CXX              => "g++",
+        CFLAGS           => picker(default => "-Wall",
+                                   debug   => "-O0 -g",
+                                   release => "-O3"),
+        CXXFLAGS         => picker(default => "-Wall",
+                                   debug   => "-O0 -g",
+                                   release => "-O3"),
+        cflags           => threads("-pthread"),
+        cxxflags         => combine("-std=c++11", threads("-pthread")),
+        lib_cppflags     => "-DOPENSSL_USE_NODELETE",
+        ex_libs          => add("-ldl", threads("-pthread")),
+        bn_ops           => "BN_LLONG RC4_CHAR",
+        thread_scheme    => "pthreads",
+        dso_scheme       => "dlfcn",
+        shared_target    => "linux-shared",
+        shared_cflag     => "-fPIC",
+        shared_ldflag    => sub { $disabled{pinshared} ? () : "-Wl,-znodelete" },
+        shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)",
+        enable           => [ "afalgeng" ],
+    },
+    "linux-generic64" => {
+        inherit_from     => [ "linux-generic32" ],
+        bn_ops           => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
+    },
+
+    "linux-ppc" => {
+        inherit_from     => [ "linux-generic32", asm("ppc32_asm") ],
+        perlasm_scheme   => "linux32",
+    },
+    "linux-ppc64" => {
+        inherit_from     => [ "linux-generic64", asm("ppc64_asm") ],
+        cflags           => add("-m64"),
+        cxxflags         => add("-m64"),
+        lib_cppflags     => add("-DB_ENDIAN"),
+        perlasm_scheme   => "linux64",
+        multilib         => "64",
+    },
+    "linux-ppc64le" => {
+        inherit_from     => [ "linux-generic64", asm("ppc64_asm") ],
+        cflags           => add("-m64"),
+        cxxflags         => add("-m64"),
+        lib_cppflags     => add("-DL_ENDIAN"),
+        perlasm_scheme   => "linux64le",
+    },
+
+    "linux-armv4" => {
+        ################################################################
+        # Note that -march is not among compiler options in linux-armv4
+        # target description. Not specifying one is intentional to give
+        # you choice to:
+        #
+        # a) rely on your compiler default by not specifying one;
+        # b) specify your target platform explicitly for optimal
+        # performance, e.g. -march=armv6 or -march=armv7-a;
+        # c) build "universal" binary that targets *range* of platforms
+        # by specifying minimum and maximum supported architecture;
+        #
+        # As for c) option. It actually makes no sense to specify
+        # maximum to be less than ARMv7, because it's the least
+        # requirement for run-time switch between platform-specific
+        # code paths. And without run-time switch performance would be
+        # equivalent to one for minimum. Secondly, there are some
+        # natural limitations that you'd have to accept and respect.
+        # Most notably you can *not* build "universal" binary for
+        # big-endian platform. This is because ARMv7 processor always
+        # picks instructions in little-endian order. Another similar
+        # limitation is that -mthumb can't "cross" -march=armv6t2
+        # boundary, because that's where it became Thumb-2. Well, this
+        # limitation is a bit artificial, because it's not really
+        # impossible, but it's deemed too tricky to support. And of
+        # course you have to be sure that your binutils are actually
+        # up to the task of handling maximum target platform. With all
+        # this in mind here is an example of how to configure
+        # "universal" build:
+        #
+        # ./Configure linux-armv4 -march=armv6 -D__ARM_MAX_ARCH__=8
+        #
+        inherit_from     => [ "linux-generic32", asm("armv4_asm") ],
+        perlasm_scheme   => "linux32",
+    },
+    "linux-aarch64" => {
+        inherit_from     => [ "linux-generic64", asm("aarch64_asm") ],
+        perlasm_scheme   => "linux64",
+    },
+    "linux-arm64ilp32" => {  # https://wiki.linaro.org/Platform/arm64-ilp32
+        inherit_from     => [ "linux-generic32", asm("aarch64_asm") ],
+        cflags           => add("-mabi=ilp32"),
+        cxxflags         => add("-mabi=ilp32"),
+        bn_ops           => "SIXTY_FOUR_BIT RC4_CHAR",
+        perlasm_scheme   => "linux64",
+    },
+
+    "linux-mips32" => {
+        # Configure script adds minimally required -march for assembly
+        # support, if no -march was specified at command line.
+        inherit_from     => [ "linux-generic32", asm("mips32_asm") ],
+        cflags           => add("-mabi=32"),
+        cxxflags         => add("-mabi=32"),
+        perlasm_scheme   => "o32",
+    },
+    # mips32 and mips64 below refer to contemporary MIPS Architecture
+    # specifications, MIPS32 and MIPS64, rather than to kernel bitness.
+    "linux-mips64" => {
+        inherit_from     => [ "linux-generic32", asm("mips64_asm") ],
+        cflags           => add("-mabi=n32"),
+        cxxflags         => add("-mabi=n32"),
+        bn_ops           => "SIXTY_FOUR_BIT RC4_CHAR",
+        perlasm_scheme   => "n32",
+        multilib         => "32",
+    },
+    "linux64-mips64" => {
+        inherit_from     => [ "linux-generic64", asm("mips64_asm") ],
+        cflags           => add("-mabi=64"),
+        cxxflags         => add("-mabi=64"),
+        perlasm_scheme   => "64",
+        multilib         => "64",
+    },
+
+    #### IA-32 targets...
+    #### These two targets are a bit aged and are to be used on older Linux
+    #### machines where gcc doesn't understand -m32 and -m64
+    "linux-elf" => {
+        inherit_from     => [ "linux-generic32", asm("x86_elf_asm") ],
+        CFLAGS           => add(picker(release => "-fomit-frame-pointer")),
+        lib_cppflags     => add("-DL_ENDIAN"),
+        bn_ops           => "BN_LLONG",
+    },
+    "linux-aout" => {
+        inherit_from     => [ "BASE_unix", asm("x86_asm") ],
+        CC               => "gcc",
+        CFLAGS           => add(picker(default => "-Wall",
+                                       debug   => "-O0 -g",
+                                       release => "-O3 -fomit-frame-pointer")),
+        lib_cppflags     => add("-DL_ENDIAN"),
+        bn_ops           => "BN_LLONG",
+        thread_scheme    => "(unknown)",
+        perlasm_scheme   => "a.out",
+    },
+
+    #### X86 / X86_64 targets
+    "linux-x86" => {
+        inherit_from     => [ "linux-generic32", asm("x86_asm") ],
+        CFLAGS           => add(picker(release => "-fomit-frame-pointer")),
+        cflags           => add("-m32"),
+        cxxflags         => add("-m32"),
+        lib_cppflags     => add("-DL_ENDIAN"),
+        bn_ops           => "BN_LLONG",
+        perlasm_scheme   => "elf",
+    },
+    "linux-x86-clang" => {
+        inherit_from     => [ "linux-x86" ],
+        CC               => "clang",
+        CXX              => "clang++",
+    },
+    "linux-x86_64" => {
+        inherit_from     => [ "linux-generic64", asm("x86_64_asm") ],
+        cflags           => add("-m64"),
+        cxxflags         => add("-m64"),
+        lib_cppflags     => add("-DL_ENDIAN"),
+        bn_ops           => "SIXTY_FOUR_BIT_LONG",
+        perlasm_scheme   => "elf",
+        multilib         => "64",
+    },
+    "linux-x86_64-clang" => {
+        inherit_from     => [ "linux-x86_64" ],
+        CC               => "clang",
+        CXX              => "clang++",
+    },
+    "linux-x32" => {
+        inherit_from     => [ "linux-generic32", asm("x86_64_asm") ],
+        cflags           => add("-mx32"),
+        cxxflags         => add("-mx32"),
+        lib_cppflags     => add("-DL_ENDIAN"),
+        bn_ops           => "SIXTY_FOUR_BIT",
+        perlasm_scheme   => "elf32",
+        multilib         => "x32",
+    },
+
+    "linux-ia64" => {
+        inherit_from     => [ "linux-generic64", asm("ia64_asm") ],
+        bn_ops           => "SIXTY_FOUR_BIT_LONG",
+    },
+
+    "linux64-s390x" => {
+        inherit_from     => [ "linux-generic64", asm("s390x_asm") ],
+        cflags           => add("-m64"),
+        cxxflags         => add("-m64"),
+        lib_cppflags     => add("-DB_ENDIAN"),
+        perlasm_scheme   => "64",
+        multilib         => "64",
+    },
+    "linux32-s390x" => {
+        #### So called "highgprs" target for z/Architecture CPUs
+        # "Highgprs" is kernel feature first implemented in Linux
+        # 2.6.32, see /proc/cpuinfo. The idea is to preserve most
+        # significant bits of general purpose registers not only
+        # upon 32-bit process context switch, but even on
+        # asynchronous signal delivery to such process. This makes
+        # it possible to deploy 64-bit instructions even in legacy
+        # application context and achieve better [or should we say
+        # adequate] performance. The build is binary compatible with
+        # linux-generic32, and the idea is to be able to install the
+        # resulting libcrypto.so alongside generic one, e.g. as
+        # /lib/highgprs/libcrypto.so.x.y, for ldconfig and run-time
+        # linker to autodiscover. Unfortunately it doesn't work just
+        # yet, because of couple of bugs in glibc
+        # sysdeps/s390/dl-procinfo.c affecting ldconfig and ld.so.1...
+        #
+        inherit_from     => [ "linux-generic32", asm("s390x_asm") ],
+        cflags           => add("-m31 -Wa,-mzarch"),
+        cxxflags         => add("-m31 -Wa,-mzarch"),
+        lib_cppflags     => add("-DB_ENDIAN"),
+        bn_asm_src       => sub { my $r=join(" ",@_); $r=~s|asm/s390x\.S|bn_asm.c|; $r; },
+        perlasm_scheme   => "31",
+        multilib         => "/highgprs",
+    },
+
+    #### SPARC Linux setups
+    "linux-sparcv8" => {
+        inherit_from     => [ "linux-generic32", asm("sparcv8_asm") ],
+        cflags           => add("-mcpu=v8"),
+        cxxflags         => add("-mcpu=v8"),
+        lib_cppflags     => add("-DB_ENDIAN -DBN_DIV2W"),
+    },
+    "linux-sparcv9" => {
+        # it's a real mess with -mcpu=ultrasparc option under Linux,
+        # but -Wa,-Av8plus should do the trick no matter what.
+        inherit_from     => [ "linux-generic32", asm("sparcv9_asm") ],
+        cflags           => add("-m32 -mcpu=ultrasparc -Wa,-Av8plus"),
+        cxxflags         => add("-m32 -mcpu=ultrasparc -Wa,-Av8plus"),
+        lib_cppflags     => add("-DB_ENDIAN -DBN_DIV2W"),
+    },
+    "linux64-sparcv9" => {
+        # GCC 3.1 is a requirement
+        inherit_from     => [ "linux-generic64", asm("sparcv9_asm") ],
+        cflags           => add("-m64 -mcpu=ultrasparc"),
+        cxxflags         => add("-m64 -mcpu=ultrasparc"),
+        lib_cppflags     => add("-DB_ENDIAN"),
+        bn_ops           => "BN_LLONG RC4_CHAR",
+        multilib         => "64",
+    },
+
+    "linux-alpha-gcc" => {
+        inherit_from     => [ "linux-generic64", asm("alpha_asm") ],
+        lib_cppflags     => add("-DL_ENDIAN"),
+        bn_ops           => "SIXTY_FOUR_BIT_LONG",
+    },
+    "linux-c64xplus" => {
+        inherit_from     => [ "BASE_unix" ],
+        # TI_CGT_C6000_7.3.x is a requirement
+        CC               => "cl6x",
+        CFLAGS           => "-o2 -ox -ms",
+        cflags           => "--linux -ea=.s -eo=.o -mv6400+ -pden",
+        cxxflags         => "--linux -ea=.s -eo=.o -mv6400+ -pden",
+        cppflags         => combine("-DOPENSSL_SMALL_FOOTPRINT",
+                                    threads("-D_REENTRANT")),
+        bn_ops           => "BN_LLONG",
+        cpuid_asm_src    => "c64xpluscpuid.s",
+        bn_asm_src       => "asm/bn-c64xplus.asm c64xplus-gf2m.s",
+        aes_asm_src      => "aes-c64xplus.s aes_cbc.c aes-ctr.fake",
+        sha1_asm_src     => "sha1-c64xplus.s sha256-c64xplus.s sha512-c64xplus.s",
+        rc4_asm_src      => "rc4-c64xplus.s",
+        modes_asm_src    => "ghash-c64xplus.s",
+        chacha_asm_src   => "chacha-c64xplus.s",
+        poly1305_asm_src => "poly1305-c64xplus.s",
+        thread_scheme    => "pthreads",
+        perlasm_scheme   => "void",
+        dso_scheme       => "dlfcn",
+        shared_target    => "linux-shared",
+        shared_cflag     => "--pic",
+        shared_ldflag    => add("-z --sysv --shared"),
+        shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)",
+        ranlib           => "true",
+    },
+
+#### *BSD
+    "BSD-generic32" => {
+        # As for thread cflag. Idea is to maintain "collective" set of
+        # flags, which would cover all BSD flavors. -pthread applies
+        # to them all, but is treated differently. OpenBSD expands is
+        # as -D_POSIX_THREAD -lc_r, which is sufficient. FreeBSD 4.x
+        # expands it as -lc_r, which has to be accompanied by explicit
+        # -D_THREAD_SAFE and sometimes -D_REENTRANT. FreeBSD 5.x
+        # expands it as -lc_r, which seems to be sufficient?
+        inherit_from     => [ "BASE_unix" ],
+        CC               => "cc",
+        CFLAGS           => picker(default => "-Wall",
+                                   debug   => "-O0 -g",
+                                   release => "-O3"),
+        cflags           => threads("-pthread"),
+        cppflags         => threads("-D_THREAD_SAFE -D_REENTRANT"),
+        ex_libs          => add(threads("-pthread")),
+        enable           => add("devcryptoeng"),
+        bn_ops           => "BN_LLONG",
+        thread_scheme    => "pthreads",
+        dso_scheme       => "dlfcn",
+        shared_target    => "bsd-gcc-shared",
+        shared_cflag     => "-fPIC",
+        shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)",
+    },
+    "BSD-generic64" => {
+        inherit_from     => [ "BSD-generic32" ],
+        bn_ops           => "SIXTY_FOUR_BIT_LONG",
+    },
+
+    "BSD-x86" => {
+        inherit_from     => [ "BSD-generic32", asm("x86_asm") ],
+        CFLAGS           => add(picker(release => "-fomit-frame-pointer")),
+        lib_cppflags     => add("-DL_ENDIAN"),
+        bn_ops           => "BN_LLONG",
+        shared_target    => "bsd-shared",
+        perlasm_scheme   => "a.out",
+    },
+    "BSD-x86-elf" => {
+        inherit_from     => [ "BSD-x86" ],
+        perlasm_scheme   => "elf",
+    },
+
+    "BSD-sparcv8" => {
+        inherit_from     => [ "BSD-generic32", asm("sparcv8_asm") ],
+        cflags           => add("-mcpu=v8"),
+        lib_cppflags     => add("-DB_ENDIAN"),
+    },
+    "BSD-sparc64" => {
+        # -DMD32_REG_T=int doesn't actually belong in sparc64 target, it
+        # simply *happens* to work around a compiler bug in gcc 3.3.3,
+        # triggered by RIPEMD160 code.
+        inherit_from     => [ "BSD-generic64", asm("sparcv9_asm") ],
+        lib_cppflags     => add("-DB_ENDIAN -DMD32_REG_T=int"),
+        bn_ops           => "BN_LLONG",
+    },
+
+    "BSD-ia64" => {
+        inherit_from     => [ "BSD-generic64", asm("ia64_asm") ],
+        lib_cppflags     => add("-DL_ENDIAN"),
+        bn_ops           => "SIXTY_FOUR_BIT_LONG",
+    },
+
+    "BSD-x86_64" => {
+        inherit_from     => [ "BSD-generic64", asm("x86_64_asm") ],
+        lib_cppflags     => add("-DL_ENDIAN"),
+        bn_ops           => "SIXTY_FOUR_BIT_LONG",
+        perlasm_scheme   => "elf",
+    },
+
+    "bsdi-elf-gcc" => {
+        inherit_from     => [ "BASE_unix", asm("x86_elf_asm") ],
+        CC               => "gcc",
+        CFLAGS           => "-fomit-frame-pointer -O3 -Wall",
+        lib_cppflags     => "-DPERL5 -DL_ENDIAN",
+        ex_libs          => add("-ldl"),
+        bn_ops           => "BN_LLONG",
+        thread_scheme    => "(unknown)",
+        dso_scheme       => "dlfcn",
+        shared_target    => "bsd-gcc-shared",
+        shared_cflag     => "-fPIC",
+        shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)",
+    },
+
+    "nextstep" => {
+        inherit_from     => [ "BASE_unix" ],
+        CC               => "cc",
+        CFLAGS           => "-O -Wall",
+        unistd           => "<libc.h>",
+        bn_ops           => "BN_LLONG",
+        thread_scheme    => "(unknown)",
+    },
+    "nextstep3.3" => {
+        inherit_from     => [ "BASE_unix" ],
+        CC               => "cc",
+        CFLAGS           => "-O3 -Wall",
+        unistd           => "<libc.h>",
+        bn_ops           => "BN_LLONG",
+        thread_scheme    => "(unknown)",
+    },
+
+#### SCO/Caldera targets.
+#
+# Originally we had like unixware-*, unixware-*-pentium, unixware-*-p6, etc.
+# Now we only have blended unixware-* as it's the only one used by ./config.
+# If you want to optimize for particular microarchitecture, bypass ./config
+# and './Configure unixware-7 -Kpentium_pro' or whatever appropriate.
+# Note that not all targets include assembler support. Mostly because of
+# lack of motivation to support out-of-date platforms with out-of-date
+# compiler drivers and assemblers.
+#
+# UnixWare 2.0x fails destest with -O.
+    "unixware-2.0" => {
+        inherit_from     => [ "BASE_unix" ],
+        CC               => "cc",
+        cflags           => threads("-Kthread"),
+        lib_cppflags     => "-DFILIO_H -DNO_STRINGS_H",
+        ex_libs          => add("-lsocket -lnsl -lresolv -lx"),
+        thread_scheme    => "uithreads",
+    },
+    "unixware-2.1" => {
+        inherit_from     => [ "BASE_unix" ],
+        CC               => "cc",
+        CFLAGS           => "-O",
+        cflags           => threads("-Kthread"),
+        lib_cppflags     => "-DFILIO_H",
+        ex_libs          => add("-lsocket -lnsl -lresolv -lx"),
+        thread_scheme    => "uithreads",
+    },
+    "unixware-7" => {
+        inherit_from     => [ "BASE_unix", asm("x86_elf_asm") ],
+        CC               => "cc",
+        CFLAGS           => "-O",
+        cflags           => combine("-Kalloca", threads("-Kthread")),
+        lib_cppflags     => "-DFILIO_H",
+        ex_libs          => add("-lsocket -lnsl"),
+        thread_scheme    => "uithreads",
+        bn_ops           => "BN_LLONG",
+        perlasm_scheme   => "elf-1",
+        dso_scheme       => "dlfcn",
+        shared_target    => "svr5-shared",
+        shared_cflag     => "-Kpic",
+        shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)",
+    },
+    "unixware-7-gcc" => {
+        inherit_from     => [ "BASE_unix", asm("x86_elf_asm") ],
+        CC               => "gcc",
+        CFLAGS           => "-O3 -fomit-frame-pointer -Wall",
+        cppflags         => add(threads("-D_REENTRANT")),
+        lib_cppflags     => add("-DL_ENDIAN -DFILIO_H"),
+        ex_libs          => add("-lsocket -lnsl"),
+        bn_ops           => "BN_LLONG",
+        thread_scheme    => "pthreads",
+        perlasm_scheme   => "elf-1",
+        dso_scheme       => "dlfcn",
+        shared_target    => "gnu-shared",
+        shared_cflag     => "-fPIC",
+        shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)",
+    },
+# SCO 5 - Ben Laurie says the -O breaks the SCO cc.
+    "sco5-cc" => {
+        inherit_from     => [ "BASE_unix", asm("x86_elf_asm") ],
+        cc               => "cc",
+        cflags           => "-belf",
+        ex_libs          => add("-lsocket -lnsl"),
+        thread_scheme    => "(unknown)",
+        perlasm_scheme   => "elf-1",
+        dso_scheme       => "dlfcn",
+        shared_target    => "svr3-shared",
+        shared_cflag     => "-Kpic",
+        shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)",
+    },
+    "sco5-gcc" => {
+        inherit_from     => [ "BASE_unix", asm("x86_elf_asm") ],
+        cc               => "gcc",
+        cflags           => "-O3 -fomit-frame-pointer",
+        ex_libs          => add("-lsocket -lnsl"),
+        bn_ops           => "BN_LLONG",
+        thread_scheme    => "(unknown)",
+        perlasm_scheme   => "elf-1",
+        dso_scheme       => "dlfcn",
+        shared_target    => "svr3-shared",
+        shared_cflag     => "-fPIC",
+        shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)",
+    },
+
+#### IBM's AIX.
+    # Below targets assume AIX >=5. Caveat lector. If you are accustomed
+    # to control compilation "bitness" by setting $OBJECT_MODE environment
+    # variable, then you should know that in OpenSSL case it's considered
+    # only in ./config. Once configured, build procedure remains "deaf" to
+    # current value of $OBJECT_MODE.
+    "aix-common" => {
+        inherit_from     => [ "BASE_unix" ],
+        template         => 1,
+        sys_id           => "AIX",
+        lib_cppflags     => "-DB_ENDIAN",
+        lflags           => "-Wl,-bsvr4",
+        thread_scheme    => "pthreads",
+        dso_scheme       => "dlfcn",
+        shared_target    => "self",
+        module_ldflags   => "-Wl,-G,-bsymbolic,-bexpall",
+        shared_ldflag    => "-Wl,-G,-bsymbolic,-bnoentry",
+        shared_defflag   => "-Wl,-bE:",
+        shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)",
+        dso_extension    => ".so",
+        lib_extension    => shared("_a.a"),
+        shared_extension_simple => shared(".a"),
+    },
+    "aix-gcc" => {
+        inherit_from     => [ "aix-common", asm("ppc32_asm") ],
+        CC               => "gcc",
+        CFLAGS           => picker(debug   => "-O0 -g",
+                                   release => "-O"),
+        cflags           => add(threads("-pthread")),
+        ex_libs          => threads("-pthread"),
+        bn_ops           => "BN_LLONG RC4_CHAR",
+        perlasm_scheme   => "aix32",
+        shared_ldflag    => add_before("-shared -static-libgcc"),
+        AR               => add("-X32"),
+        RANLIB           => add("-X32"),
+    },
+    "aix64-gcc" => {
+        inherit_from     => [ "aix-common", asm("ppc64_asm") ],
+        CC               => "gcc",
+        CFLAGS           => picker(debug   => "-O0 -g",
+                                   release => "-O"),
+        cflags           => combine("-maix64", threads("-pthread")),
+        ex_libs          => threads("-pthread"),
+        bn_ops           => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
+        perlasm_scheme   => "aix64",
+        shared_ldflag    => add_before("-shared -static-libgcc"),
+        shared_extension => "64.so.\$(SHLIB_VERSION_NUMBER)",
+        AR               => add("-X64"),
+        RANLIB           => add("-X64"),
+    },
+    "aix-cc" => {
+        inherit_from     => [ "aix-common", asm("ppc32_asm") ],
+        CC               => "cc",
+        CFLAGS           => picker(debug   => "-O0 -g",
+                                   release => "-O"),
+        cflags           => combine("-q32 -qmaxmem=16384 -qro -qroconst",
+                                    threads("-qthreaded")),
+        cppflags         => threads("-D_THREAD_SAFE"),
+        ex_libs          => threads("-lpthreads"),
+        bn_ops           => "BN_LLONG RC4_CHAR",
+        perlasm_scheme   => "aix32",
+        shared_cflag     => "-qpic",
+        AR               => add("-X32"),
+        RANLIB           => add("-X32"),
+    },
+    "aix64-cc" => {
+        inherit_from     => [ "aix-common", asm("ppc64_asm") ],
+        CC               => "cc",
+        CFLAGS           => picker(debug   => "-O0 -g",
+                                   release => "-O"),
+        cflags           => combine("-q64 -qmaxmem=16384 -qro -qroconst",
+                                    threads("-qthreaded")),
+        cppflags         => threads("-D_THREAD_SAFE"),
+        ex_libs          => threads("-lpthreads"),
+        bn_ops           => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
+        perlasm_scheme   => "aix64",
+        dso_scheme       => "dlfcn",
+        shared_cflag     => "-qpic",
+        shared_extension => "64.so.\$(SHLIB_VERSION_NUMBER)",
+        AR               => add("-X64"),
+        RANLIB           => add("-X64"),
+    },
+
+# SIEMENS BS2000/OSD: an EBCDIC-based mainframe
+    "BS2000-OSD" => {
+        inherit_from     => [ "BASE_unix" ],
+        CC               => "c89",
+        CFLAGS           => "-O",
+        cflags           => "-XLLML -XLLMK -XL",
+        cppflags         => "-DCHARSET_EBCDIC",
+        lib_cppflags     => "-DB_ENDIAN",
+        ex_libs          => add("-lsocket -lnsl"),
+        bn_ops           => "THIRTY_TWO_BIT RC4_CHAR",
+        thread_scheme    => "(unknown)",
+    },
+
+#### Visual C targets
+#
+# Win64 targets, WIN64I denotes IA-64/Itanium and WIN64A - AMD64
+#
+# Note about /wd4090, disable warning C4090. This warning returns false
+# positives in some situations. Disabling it altogether masks both
+# legitimate and false cases, but as we compile on multiple platforms,
+# we rely on other compilers to catch legitimate cases.
+#
+# Also note that we force threads no matter what.  Configuring "no-threads"
+# is ignored.
+#
+# UNICODE is defined in VC-common and applies to all targets. It used to
+# be an opt-in option for VC-WIN32, but not anymore. The original reason
+# was because ANSI API was *native* system interface for no longer
+# supported Windows 9x. Keep in mind that UNICODE only affects how
+# OpenSSL libraries interact with underlying OS, it doesn't affect API
+# that OpenSSL presents to application.
+
+    "VC-common" => {
+        inherit_from     => [ "BASE_Windows" ],
+        template         => 1,
+        CC               => "cl",
+        CPP              => '$(CC) /EP /C',
+        CFLAGS           => "/W3 /wd4090 /nologo",
+        LDFLAGS          => add("/debug"),
+        coutflag         => "/Fo",
+        defines          => add("OPENSSL_SYS_WIN32", "WIN32_LEAN_AND_MEAN",
+                                "UNICODE", "_UNICODE",
+                                "_CRT_SECURE_NO_DEPRECATE",
+                                "_WINSOCK_DEPRECATED_NO_WARNINGS"),
+        lib_cflags       => add("/Zi /Fdossl_static.pdb"),
+        lib_defines      => add("L_ENDIAN"),
+        dso_cflags       => "/Zi /Fddso.pdb",
+        bin_cflags       => "/Zi /Fdapp.pdb",
+        shared_ldflag    => "/dll",
+        shared_target    => "win-shared", # meaningless except it gives Configure a hint
+        thread_scheme    => "winthreads",
+        dso_scheme       => "win32",
+        apps_aux_src     => add("win32_init.c"),
+        bn_ops           => "EXPORT_VAR_AS_FN",
+        # additional parameter to build_scheme denotes install-path "flavour"
+        build_scheme     => add("VC-common", { separator => undef }),
+    },
+    "VC-noCE-common" => {
+        inherit_from     => [ "VC-common" ],
+        template         => 1,
+        CFLAGS           => add(picker(debug   => '/Od',
+                                       release => '/O2')),
+        cflags           => add(picker(default => '/Gs0 /GF /Gy',
+                                       debug   =>
+                                       sub {
+                                           ($disabled{shared} ? "" : "/MDd");
+                                       },
+                                       release =>
+                                       sub {
+                                           ($disabled{shared} ? "" : "/MD");
+                                       })),
+        defines          => add(picker(default => [], # works as type cast
+                                       debug   => [ "DEBUG", "_DEBUG" ])),
+        lib_cflags       => add(sub { $disabled{shared} ? "/MT /Zl" : () }),
+        # Following might/should appears controversial, i.e. defining
+        # /MDd without evaluating $disabled{shared}. It works in
+        # non-shared build because static library is compiled with /Zl
+        # and bares no reference to specific RTL. And it works in
+        # shared build because multiple /MDd options are not prohibited.
+        # But why /MDd in static build? Well, basically this is just a
+        # reference point, which allows to catch eventual errors that
+        # would prevent those who want to wrap OpenSSL into own .DLL.
+        # Why not /MD in release build then? Well, some are likely to
+        # prefer [non-debug] openssl.exe to be free from Micorosoft RTL
+        # redistributable.
+        bin_cflags       => add(picker(debug   => "/MDd",
+                                       release => sub { $disabled{shared} ? "/MT" : () },
+                                      )),
+        bin_lflags       => add("/subsystem:console /opt:ref"),
+        ex_libs          => add(sub {
+            my @ex_libs = ();
+            push @ex_libs, 'ws2_32.lib' unless $disabled{sock};
+            push @ex_libs, 'gdi32.lib advapi32.lib crypt32.lib user32.lib';
+            return join(" ", @ex_libs);
+        }),
+    },
+    "VC-WIN64-common" => {
+        inherit_from     => [ "VC-noCE-common" ],
+        template         => 1,
+        ex_libs          => add(sub {
+            my @ex_libs = ();
+            push @ex_libs, 'bufferoverflowu.lib' if (`cl 2>&1` =~ /14\.00\.4[0-9]{4}\./);
+            return join(" ", @_, @ex_libs);
+        }),
+        bn_ops           => add("SIXTY_FOUR_BIT"),
+    },
+    "VC-WIN64I" => {
+        inherit_from     => [ "VC-WIN64-common", asm("ia64_asm"),
+                              sub { $disabled{shared} ? () : "ia64_uplink" } ],
+        AS               => "ias",
+        ASFLAGS          => "-d debug",
+        asoutflag        => "-o ",
+        sys_id           => "WIN64I",
+        bn_asm_src       => sub { return undef unless @_;
+                                  my $r=join(" ",@_); $r=~s|bn-ia64.s|bn_asm.c|; $r; },
+        perlasm_scheme   => "ias",
+        multilib         => "-ia64",
+    },
+    "VC-WIN64A" => {
+        inherit_from     => [ "VC-WIN64-common", asm("x86_64_asm"),
+                              sub { $disabled{shared} ? () : "x86_64_uplink" } ],
+        AS               => sub { vc_win64a_info()->{AS} },
+        ASFLAGS          => sub { vc_win64a_info()->{ASFLAGS} },
+        asoutflag        => sub { vc_win64a_info()->{asoutflag} },
+        asflags          => sub { vc_win64a_info()->{asflags} },
+        sys_id           => "WIN64A",
+        bn_asm_src       => sub { return undef unless @_;
+                                  my $r=join(" ",@_); $r=~s|asm/x86_64-gcc|bn_asm|; $r; },
+        perlasm_scheme   => "auto",
+        multilib         => "-x64",
+    },
+    "VC-WIN32" => {
+        inherit_from     => [ "VC-noCE-common", asm("x86_asm"),
+                              sub { $disabled{shared} ? () : "uplink_common" } ],
+        CFLAGS           => add("/WX"),
+        AS               => sub { vc_win32_info()->{AS} },
+        ASFLAGS          => sub { vc_win32_info()->{ASFLAGS} },
+        asoutflag        => sub { vc_win32_info()->{asoutflag} },
+        asflags          => sub { vc_win32_info()->{asflags} },
+        sys_id           => "WIN32",
+        bn_ops           => add("BN_LLONG"),
+        perlasm_scheme   => sub { vc_win32_info()->{perlasm_scheme} },
+        # "WOW" stands for "Windows on Windows", and "VC-WOW" engages
+        # some installation path heuristics in windows-makefile.tmpl...
+        build_scheme     => add("VC-WOW", { separator => undef }),
+    },
+    "VC-CE" => {
+        inherit_from     => [ "VC-common" ],
+        CFLAGS           => add(picker(debug   => "/Od",
+                                       release => "/O1i")),
+        CPPDEFINES       => picker(debug   => [ "DEBUG", "_DEBUG" ]),
+        LDFLAGS          => add("/nologo /opt:ref"),
+        cflags           =>
+            combine('/GF /Gy',
+                    sub { vc_wince_info()->{cflags}; },
+                    sub { `cl 2>&1` =~ /Version ([0-9]+)\./ && $1>=14
+                              ? ($disabled{shared} ? " /MT" : " /MD")
+                              : " /MC"; }),
+        cppflags         => sub { vc_wince_info()->{cppflags}; },
+        lib_defines      => add("NO_CHMOD", "OPENSSL_SMALL_FOOTPRINT"),
+        lib_cppflags     => sub { vc_wince_info()->{cppflags}; },
+        includes         =>
+            add(combine(sub { defined(env('WCECOMPAT'))
+                              ? '$(WCECOMPAT)/include' : (); },
+                        sub { defined(env('PORTSDK_LIBPATH'))
+                                  ? '$(PORTSDK_LIBPATH)/../../include'
+                                  : (); })),
+        lflags           => add(combine(sub { vc_wince_info()->{lflags}; },
+                                        sub { defined(env('PORTSDK_LIBPATH'))
+                                                  ? "/entry:mainCRTstartup" : (); })),
+        sys_id           => "WINCE",
+        bn_ops           => add("BN_LLONG"),
+        ex_libs          => add(sub {
+            my @ex_libs = ();
+            push @ex_libs, 'ws2.lib' unless $disabled{sock};
+            push @ex_libs, 'crypt32.lib';
+            if (defined(env('WCECOMPAT'))) {
+                my $x = '$(WCECOMPAT)/lib';
+                if (-f "$x/env('TARGETCPU')/wcecompatex.lib") {
+                    $x .= '/$(TARGETCPU)/wcecompatex.lib';
+                } else {
+                    $x .= '/wcecompatex.lib';
+                }
+                push @ex_libs, $x;
+            }
+            push @ex_libs, '$(PORTSDK_LIBPATH)/portlib.lib'
+                if (defined(env('PORTSDK_LIBPATH')));
+            push @ex_libs, ' /nodefaultlib coredll.lib corelibc.lib'
+                if (env('TARGETCPU') eq "X86");
+            return @ex_libs;
+        }),
+    },
+
+#### MinGW
+    "mingw" => {
+        inherit_from     => [ "BASE_unix", asm("x86_asm"),
+                              sub { $disabled{shared} ? () : "x86_uplink" } ],
+        CC               => "gcc",
+        CFLAGS           => picker(default => "-Wall",
+                                   debug   => "-g -O0",
+                                   release => "-O3 -fomit-frame-pointer"),
+        cflags           => "-m32",
+        cppflags         => combine("-DUNICODE -D_UNICODE -DWIN32_LEAN_AND_MEAN",
+                                    threads("-D_MT")),
+        lib_cppflags     => "-DL_ENDIAN",
+        sys_id           => "MINGW32",
+        ex_libs          => add("-lws2_32 -lgdi32 -lcrypt32"),
+        bn_ops           => "BN_LLONG EXPORT_VAR_AS_FN",
+        thread_scheme    => "winthreads",
+        perlasm_scheme   => "coff",
+        dso_scheme       => "win32",
+        shared_target    => "mingw-shared",
+        shared_cppflags  => add("_WINDLL"),
+        shared_ldflag    => "-static-libgcc",
+        shared_rcflag    => "--target=pe-i386",
+        shared_extension => ".dll",
+        multilib         => "",
+        apps_aux_src     => add("win32_init.c"),
+    },
+    "mingw64" => {
+        # As for OPENSSL_USE_APPLINK. Applink makes it possible to use
+        # .dll compiled with one compiler with application compiled with
+        # another compiler. It's possible to engage Applink support in
+        # mingw64 build, but it's not done, because till mingw64
+        # supports structured exception handling, one can't seriously
+        # consider its binaries for using with non-mingw64 run-time
+        # environment. And as mingw64 is always consistent with itself,
+        # Applink is never engaged and can as well be omitted.
+        inherit_from     => [ "BASE_unix", asm("x86_64_asm") ],
+        CC               => "gcc",
+        CFLAGS           => picker(default => "-Wall",
+                                   debug   => "-g -O0",
+                                   release => "-O3"),
+        cflags           => "-m64",
+        cppflags         => combine("-DUNICODE -D_UNICODE -DWIN32_LEAN_AND_MEAN",
+                                    threads("-D_MT")),
+        lib_cppflags     => "-DL_ENDIAN",
+        sys_id           => "MINGW64",
+        ex_libs          => add("-lws2_32 -lgdi32 -lcrypt32"),
+        bn_ops           => "SIXTY_FOUR_BIT EXPORT_VAR_AS_FN",
+        thread_scheme    => "winthreads",
+        perlasm_scheme   => "mingw64",
+        dso_scheme       => "win32",
+        shared_target    => "mingw-shared",
+        shared_cppflags  => add("_WINDLL"),
+        shared_ldflag    => "-static-libgcc",
+        shared_rcflag    => "--target=pe-x86-64",
+        shared_extension => ".dll",
+        multilib         => "64",
+        apps_aux_src     => add("win32_init.c"),
+    },
+
+#### UEFI
+    "UEFI" => {
+        inherit_from     => [ "BASE_unix" ],
+        CC               => "cc",
+        CFLAGS           => "-O",
+        lib_cppflags     => "-DL_ENDIAN",
+        sys_id           => "UEFI",
+    },
+
+#### UWIN
+    "UWIN" => {
+        inherit_from     => [ "BASE_unix" ],
+        CC               => "cc",
+        CFLAGS           => "-O -Wall",
+        lib_cppflags     => "-DTERMIOS -DL_ENDIAN",
+        sys_id           => "UWIN",
+        bn_ops           => "BN_LLONG",
+        dso_scheme       => "win32",
+    },
+
+#### Cygwin
+    "Cygwin-x86" => {
+        inherit_from     => [ "BASE_unix", asm("x86_asm") ],
+        CC               => "gcc",
+        CFLAGS           => picker(default => "-Wall",
+                                   debug   => "-g -O0",
+                                   release => "-O3 -fomit-frame-pointer"),
+        lib_cppflags     => "-DTERMIOS -DL_ENDIAN",
+        sys_id           => "CYGWIN",
+        bn_ops           => "BN_LLONG",
+        thread_scheme    => "pthread",
+        perlasm_scheme   => "coff",
+        dso_scheme       => "dlfcn",
+        shared_target    => "cygwin-shared",
+        shared_cppflags  => "-D_WINDLL",
+        shared_extension => ".dll",
+    },
+    "Cygwin-x86_64" => {
+        inherit_from     => [ "BASE_unix", asm("x86_64_asm") ],
+        CC               => "gcc",
+        CFLAGS           => picker(default => "-Wall",
+                                   debug   => "-g -O0",
+                                   release => "-O3"),
+        lib_cppflags     => "-DTERMIOS -DL_ENDIAN",
+        sys_id           => "CYGWIN",
+        bn_ops           => "SIXTY_FOUR_BIT_LONG",
+        thread_scheme    => "pthread",
+        perlasm_scheme   => "mingw64",
+        dso_scheme       => "dlfcn",
+        shared_target    => "cygwin-shared",
+        shared_cppflags  => "-D_WINDLL",
+        shared_extension => ".dll",
+    },
+    # Backward compatibility for those using this target
+    "Cygwin" => {
+	inherit_from     => [ "Cygwin-x86" ]
+    },
+    # In case someone constructs the Cygwin target name themself
+    "Cygwin-i386" => {
+	inherit_from     => [ "Cygwin-x86" ]
+    },
+    "Cygwin-i486" => {
+	inherit_from     => [ "Cygwin-x86" ]
+    },
+    "Cygwin-i586" => {
+	inherit_from     => [ "Cygwin-x86" ]
+    },
+    "Cygwin-i686" => {
+	inherit_from     => [ "Cygwin-x86" ]
+    },
+
+##### MacOS X (a.k.a. Darwin) setup
+    "darwin-common" => {
+        inherit_from     => [ "BASE_unix" ],
+        template         => 1,
+        CC               => "cc",
+        CFLAGS           => picker(debug   => "-g -O0",
+                                   release => "-O3"),
+        cppflags         => threads("-D_REENTRANT"),
+        lflags           => "-Wl,-search_paths_first",
+        sys_id           => "MACOSX",
+        bn_ops           => "BN_LLONG RC4_CHAR",
+        thread_scheme    => "pthreads",
+        perlasm_scheme   => "osx32",
+        dso_scheme       => "dlfcn",
+        ranlib           => "ranlib -c",
+        shared_target    => "darwin-shared",
+        shared_cflag     => "-fPIC",
+        shared_extension => ".\$(SHLIB_VERSION_NUMBER).dylib",
+    },
+    # Option "freeze" such as -std=gnu9x can't negatively interfere
+    # with future defaults for below two targets, because MacOS X
+    # for PPC has no future, it was discontinued by vendor in 2009.
+    "darwin-ppc-cc" => {
+        inherit_from     => [ "darwin-common", asm("ppc32_asm") ],
+        cflags           => add("-arch ppc -std=gnu9x -Wa,-force_cpusubtype_ALL"),
+        lib_cppflags     => add("-DB_ENDIAN"),
+        shared_cflag     => add("-fno-common"),
+        perlasm_scheme   => "osx32",
+    },
+    "darwin64-ppc-cc" => {
+        inherit_from     => [ "darwin-common", asm("ppc64_asm") ],
+        cflags           => add("-arch ppc64 -std=gnu9x"),
+        lib_cppflags     => add("-DB_ENDIAN"),
+        bn_ops           => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
+        perlasm_scheme   => "osx64",
+    },
+    "darwin-i386-cc" => {
+        inherit_from     => [ "darwin-common", asm("x86_asm") ],
+        CFLAGS           => add(picker(release => "-fomit-frame-pointer")),
+        cflags           => add("-arch i386"),
+        lib_cppflags     => add("-DL_ENDIAN"),
+        bn_ops           => "BN_LLONG RC4_INT",
+        perlasm_scheme   => "macosx",
+    },
+    "darwin64-x86_64-cc" => {
+        inherit_from     => [ "darwin-common", asm("x86_64_asm") ],
+        CFLAGS           => add("-Wall"),
+        cflags           => add("-arch x86_64"),
+        lib_cppflags     => add("-DL_ENDIAN"),
+        bn_ops           => "SIXTY_FOUR_BIT_LONG",
+        perlasm_scheme   => "macosx",
+    },
+
+##### GNU Hurd
+    "hurd-x86" => {
+        inherit_from     => [ "BASE_unix" ],
+        inherit_from     => [ asm("x86_elf_asm") ],
+        CC               => "gcc",
+        CFLAGS           => "-O3 -fomit-frame-pointer -Wall",
+        cflags           => threads("-pthread"),
+        lib_cppflags     => "-DL_ENDIAN",
+        ex_libs          => add("-ldl", threads("-pthread")),
+        bn_ops           => "BN_LLONG",
+        thread_scheme    => "pthreads",
+        dso_scheme       => "dlfcn",
+        shared_target    => "linux-shared",
+        shared_cflag     => "-fPIC",
+        shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)",
+    },
+
+##### VxWorks for various targets
+    "vxworks-ppc60x" => {
+        inherit_from     => [ "BASE_unix" ],
+        CC               => "ccppc",
+        CFLAGS           => "-O2 -Wall -fstrength-reduce",
+        cflags           => "-mrtp -mhard-float -mstrict-align -fno-implicit-fp -fno-builtin -fno-strict-aliasing",
+        cppflags         => combine("-D_REENTRANT -DPPC32_fp60x -DCPU=PPC32",
+                                    "_DTOOL_FAMILY=gnu -DTOOL=gnu",
+                                    "-I\$(WIND_BASE)/target/usr/h",
+                                    "-I\$(WIND_BASE)/target/usr/h/wrn/coreip"),
+        sys_id           => "VXWORKS",
+        lflags           => add("-L \$(WIND_BASE)/target/usr/lib/ppc/PPC32/common"),
+        ex_libs          => add("-Wl,--defsym,__wrs_rtp_base=0xe0000000"),
+    },
+    "vxworks-ppcgen" => {
+        inherit_from     => [ "BASE_unix" ],
+        CC               => "ccppc",
+        CFLAGS           => "-O1 -Wall",
+        cflags           => "-mrtp -msoft-float -mstrict-align -fno-builtin -fno-strict-aliasing",
+        cppflags         => combine("-D_REENTRANT -DPPC32 -DCPU=PPC32",
+                                    "-DTOOL_FAMILY=gnu -DTOOL=gnu",
+                                    "-I\$(WIND_BASE)/target/usr/h",
+                                    "-I\$(WIND_BASE)/target/usr/h/wrn/coreip"),
+        sys_id           => "VXWORKS",
+        lflags           => add("-L \$(WIND_BASE)/target/usr/lib/ppc/PPC32/sfcommon"),
+        ex_libs          => add("-Wl,--defsym,__wrs_rtp_base=0xe0000000"),
+    },
+    "vxworks-ppc405" => {
+        inherit_from     => [ "BASE_unix" ],
+        CC               => "ccppc",
+        CFLAGS           => "-g",
+        cflags           => "-msoft-float -mlongcall",
+        cppflags         => combine("-D_REENTRANT -DPPC32 -DCPU=PPC405",
+                                    "-DTOOL_FAMILY=gnu -DTOOL=gnu",
+                                    "-I\$(WIND_BASE)/target/h"),
+        sys_id           => "VXWORKS",
+        lflags           => add("-r"),
+    },
+    "vxworks-ppc750" => {
+        inherit_from     => [ "BASE_unix" ],
+        CC               => "ccppc",
+        CFLAGS           => "-ansi -fvolatile -Wall \$(DEBUG_FLAG)",
+        cflags           => "-nostdinc -fno-builtin -fno-for-scope -fsigned-char -msoft-float -mlongcall",
+        cppflags         => combine("-DPPC750 -D_REENTRANT -DCPU=PPC604",
+                                    "-I\$(WIND_BASE)/target/h"),
+        sys_id           => "VXWORKS",
+        lflags           => add("-r"),
+    },
+    "vxworks-ppc750-debug" => {
+        inherit_from     => [ "BASE_unix" ],
+        CC               => "ccppc",
+        CFLAGS           => "-ansi -fvolatile -Wall -g",
+        cflags           => "-nostdinc -fno-builtin -fno-for-scope -fsigned-char -msoft-float -mlongcall",
+        cppflags         => combine("-DPPC750 -D_REENTRANT -DCPU=PPC604",
+                                    "-DPEDANTIC -DDEBUG",
+                                    "-I\$(WIND_BASE)/target/h"),
+        sys_id           => "VXWORKS",
+        lflags           => add("-r"),
+    },
+    "vxworks-ppc860" => {
+        inherit_from     => [ "BASE_unix" ],
+        CC               => "ccppc",
+        cflags           => "-nostdinc -msoft-float",
+        cppflags         => combine("-DCPU=PPC860 -DNO_STRINGS_H",
+                                    "-I\$(WIND_BASE)/target/h"),
+        sys_id           => "VXWORKS",
+        lflags           => add("-r"),
+    },
+    "vxworks-simlinux" => {
+        inherit_from     => [ "BASE_unix" ],
+        CC               => "ccpentium",
+        cflags           => "-B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -fno-builtin -fno-defer-pop",
+        cppflags         => combine("-D_VSB_CONFIG_FILE=\"\$(WIND_BASE)/target/lib/h/config/vsbConfig.h\"",
+                                    "-DL_ENDIAN -DCPU=SIMLINUX -DNO_STRINGS_H",
+                                    "-DTOOL_FAMILY=gnu -DTOOL=gnu",
+                                    "-DOPENSSL_NO_HW_PADLOCK",
+                                    "-I\$(WIND_BASE)/target/h",
+                                    "-I\$(WIND_BASE)/target/h/wrn/coreip"),
+        sys_id           => "VXWORKS",
+        lflags           => add("-r"),
+        ranlib           => "ranlibpentium",
+    },
+    "vxworks-mips" => {
+        inherit_from     => [ "BASE_unix", asm("mips32_asm") ],
+        CC               => "ccmips",
+        CFLAGS           => "-O -G 0",
+        cflags           => "-mrtp -mips2 -B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -msoft-float -mno-branch-likely -fno-builtin -fno-defer-pop",
+        cppflags         => combine("-D_VSB_CONFIG_FILE=\"\$(WIND_BASE)/target/lib/h/config/vsbConfig.h\"",
+                                    "-DCPU=MIPS32 -DNO_STRINGS_H",
+                                    "-DTOOL_FAMILY=gnu -DTOOL=gnu",
+                                    "-DOPENSSL_NO_HW_PADLOCK",
+                                    threads("-D_REENTRANT"),
+                                    "-I\$(WIND_BASE)/target/h",
+                                    "-I\$(WIND_BASE)/target/h/wrn/coreip"),
+        sys_id           => "VXWORKS",
+        lflags           => add("-L \$(WIND_BASE)/target/usr/lib/mips/MIPSI32/sfcommon"),
+        ex_libs          => add("-Wl,--defsym,__wrs_rtp_base=0xe0000000"),
+        thread_scheme    => "pthreads",
+        perlasm_scheme   => "o32",
+        ranlib           => "ranlibmips",
+    },
+
+#### uClinux
+    "uClinux-dist" => {
+        inherit_from     => [ "BASE_unix" ],
+        CC               => sub { env('CC') },
+        cppflags         => threads("-D_REENTRANT"),
+        ex_libs          => add("\$(LDLIBS)"),
+        bn_ops           => "BN_LLONG",
+        thread_scheme    => "pthreads",
+        dso_scheme       => sub { env('LIBSSL_dlfcn') },
+        shared_target    => "linux-shared",
+        shared_cflag     => "-fPIC",
+        shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)",
+        ranlib           => sub { env('RANLIB') },
+    },
+    "uClinux-dist64" => {
+        inherit_from     => [ "BASE_unix" ],
+        CC               => sub { env('CC') },
+        cppflags         => threads("-D_REENTRANT"),
+        ex_libs          => add("\$(LDLIBS)"),
+        bn_ops           => "SIXTY_FOUR_BIT_LONG",
+        thread_scheme    => "pthreads",
+        dso_scheme       => sub { env('LIBSSL_dlfcn') },
+        shared_target    => "linux-shared",
+        shared_cflag     => "-fPIC",
+        shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)",
+        ranlib           => sub { env('RANLIB') },
+    },
+
+    ##### VMS
+    # Most things happen in vms-generic.
+    # Note that vms_info extracts the pointer size from the end of
+    # the target name, and will assume that anything matching /-p\d+$/
+    # indicates the pointer size setting for the desired target.
+    "vms-generic" => {
+        inherit_from     => [ "BASE_VMS" ],
+        template         => 1,
+        CC               => "CC/DECC",
+        CPP              => '$(CC)/PREPROCESS_ONLY=SYS$OUTPUT:',
+        CFLAGS           =>
+            combine(picker(default => "/STANDARD=(ISOC94,RELAXED)/NOLIST/PREFIX=ALL",
+                           debug   => "/NOOPTIMIZE/DEBUG",
+                           release => "/OPTIMIZE/NODEBUG"),
+                    sub { my @warnings =
+                              @{vms_info()->{disable_warns}};
+                          @warnings
+                              ? "/WARNINGS=DISABLE=(".join(",",@warnings).")" : (); }),
+        lib_defines      =>
+            add("OPENSSL_USE_NODELETE",
+                sub {
+                    return vms_info()->{def_zlib}
+                        ? "LIBZ=\"\"\"".vms_info()->{def_zlib}."\"\"\"" : ();
+                }),
+        lflags           => picker(default => "/MAP='F\$PARSE(\".MAP\",\"\$\@\")'",
+                                   debug   => "/DEBUG/TRACEBACK",
+                                   release => "/NODEBUG/NOTRACEBACK"),
+        lib_cflags       => add("/NAMES=(AS_IS,SHORTENED)/EXTERN_MODEL=STRICT_REFDEF"),
+        # no_inst_lib_cflags is used instead of lib_cflags by descrip.mms.tmpl
+        # for object files belonging to selected internal libraries
+        no_inst_lib_cflags => "",
+        ex_libs          => add(sub { return vms_info()->{zlib} || (); }),
+        shared_target    => "vms-shared",
+        dso_scheme       => "vms",
+        thread_scheme    => "pthreads",
+
+        AS               => sub { vms_info()->{AS} },
+        ASFLAGS          => sub { vms_info()->{ASFLAGS} },
+        asoutflag        => sub { vms_info()->{asoutflag} },
+        asflags          => sub { vms_info()->{asflags} },
+        perlasm_scheme   => sub { vms_info()->{perlasm_scheme} },
+
+        disable          => add('pinshared'),
+
+        apps_aux_src     => "vms_term_sock.c",
+        apps_init_src    => "vms_decc_init.c",
+    },
+
+    # From HELP CC/POINTER_SIZE:
+    #
+    # ----------
+    # LONG[=ARGV] The compiler assumes 64-bit pointers. If the ARGV option to
+    #             LONG or 64 is present, the main argument argv will be an
+    #             array of long pointers instead of an array of short pointers.
+    #
+    # 64[=ARGV]   Same as LONG.
+    # ----------
+    #
+    # We don't want the hassle of dealing with 32-bit pointers with argv, so
+    # we force it to have 64-bit pointers, see the added cflags in the -p64
+    # config targets below.
+
+    "vms-alpha" => {
+        inherit_from     => [ "vms-generic" ],
+        bn_ops           => "SIXTY_FOUR_BIT RC4_INT",
+        pointer_size     => "",
+    },
+    "vms-alpha-p32" => {
+        inherit_from     => [ "vms-alpha" ],
+        cflags           => add("/POINTER_SIZE=32"),
+        pointer_size     => "32",
+    },
+    "vms-alpha-p64" => {
+        inherit_from     => [ "vms-alpha" ],
+        cflags           => add("/POINTER_SIZE=64=ARGV"),
+        pointer_size     => "64",
+    },
+    "vms-ia64" => {
+        inherit_from     => [ "vms-generic",
+                              sub { vms_info()->{AS}
+                                        ? asm("ia64_asm")->() : () } ],
+        bn_ops           => "SIXTY_FOUR_BIT RC4_INT",
+        pointer_size     => "",
+
+        modes_asm_src    => "", # Because ghash-ia64.s doesn't work on VMS
+    },
+    "vms-ia64-p32" => {
+        inherit_from     => [ "vms-ia64" ],
+        cflags           => add("/POINTER_SIZE=32"),
+        pointer_size     => "32",
+    },
+    "vms-ia64-p64" => {
+        inherit_from     => [ "vms-ia64" ],
+        cflags           => add("/POINTER_SIZE=64=ARGV"),
+        pointer_size     => "64",
+    },
+
+);
diff --git a/trunk/3rdparty/openssl-1.1-fit/Configurations/15-android.conf b/trunk/3rdparty/openssl-1.1-fit/Configurations/15-android.conf
new file mode 100644
index 000000000..7b496a452
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/Configurations/15-android.conf
@@ -0,0 +1,261 @@
+#### Android...
+#
+# See NOTES.ANDROID for details, and don't miss platform-specific
+# comments below...
+
+{
+    use File::Spec::Functions;
+
+    my $android_ndk = {};
+    my %triplet = (
+        arm    => "arm-linux-androideabi",
+        arm64  => "aarch64-linux-android",
+        mips   => "mipsel-linux-android",
+        mips64 => "mips64el-linux-android",
+        x86    => "i686-linux-android",
+        x86_64 => "x86_64-linux-android",
+    );
+
+    sub android_ndk {
+        unless (%$android_ndk) {
+            if ($now_printing =~ m|^android|) {
+                return $android_ndk = { bn_ops => "BN_AUTO" };
+            }
+
+            my $ndk_var;
+            my $ndk;
+            foreach (qw(ANDROID_NDK_HOME ANDROID_NDK)) {
+                $ndk_var = $_;
+                $ndk = $ENV{$ndk_var};
+                last if defined $ndk;
+            }
+            die "\$ANDROID_NDK_HOME is not defined"  if (!$ndk);
+            if (!-d "$ndk/platforms" && !-f "$ndk/AndroidVersion.txt") {
+                # $ndk/platforms is traditional "all-inclusive" NDK, while
+                # $ndk/AndroidVersion.txt is so-called standalone toolchain
+                # tailored for specific target down to API level.
+                die "\$ANDROID_NDK_HOME=$ndk is invalid";
+            }
+            $ndk = canonpath($ndk);
+
+            my $ndkver = undef;
+
+            if (open my $fh, "<$ndk/source.properties") {
+                local $_;
+                while(<$fh>) {
+                    if (m|Pkg\.Revision\s*=\s*([0-9]+)|) {
+                        $ndkver = $1;
+                        last;
+                    }
+                }
+                close $fh;
+            }
+
+            my ($sysroot, $api, $arch);
+
+            $config{target} =~ m|[^-]+-([^-]+)$|;	# split on dash
+            $arch = $1;
+
+            if ($sysroot = $ENV{CROSS_SYSROOT}) {
+                $sysroot =~ m|/android-([0-9]+)/arch-(\w+)/?$|;
+                ($api, $arch) = ($1, $2);
+            } elsif (-f "$ndk/AndroidVersion.txt") {
+                $sysroot = "$ndk/sysroot";
+            } else {
+                $api = "*";
+
+                # see if user passed -D__ANDROID_API__=N
+                foreach (@{$useradd{CPPDEFINES}}, @{$user{CPPFLAGS}}) {
+                    if (m|__ANDROID_API__=([0-9]+)|) {
+                        $api = $1;
+                        last;
+                    }
+                }
+
+                # list available platforms (numerically)
+                my @platforms = sort { $a =~ m/-([0-9]+)$/; my $aa = $1;
+                                       $b =~ m/-([0-9]+)$/; $aa <=> $1;
+                                     } glob("$ndk/platforms/android-$api");
+                die "no $ndk/platforms/android-$api" if ($#platforms < 0);
+
+                $sysroot = "@platforms[$#platforms]/arch-$arch";
+                $sysroot =~ m|/android-([0-9]+)/arch-$arch|;
+                $api = $1;
+            }
+            die "no sysroot=$sysroot"   if (!-d $sysroot);
+
+            my $triarch = $triplet{$arch};
+            my $cflags;
+            my $cppflags;
+
+            # see if there is NDK clang on $PATH, "universal" or "standalone"
+            if (which("clang") =~ m|^$ndk/.*/prebuilt/([^/]+)/|) {
+                my $host=$1;
+                # harmonize with gcc default
+                my $arm = $ndkver > 16 ? "armv7a" : "armv5te";
+                (my $tridefault = $triarch) =~ s/^arm-/$arm-/;
+                (my $tritools   = $triarch) =~ s/(?:x|i6)86(_64)?-.*/x86$1/;
+                $cflags .= " -target $tridefault "
+                        .  "-gcc-toolchain \$($ndk_var)/toolchains"
+                        .  "/$tritools-4.9/prebuilt/$host";
+                $user{CC} = "clang" if ($user{CC} !~ m|clang|);
+                $user{CROSS_COMPILE} = undef;
+                if (which("llvm-ar") =~ m|^$ndk/.*/prebuilt/([^/]+)/|) {
+                    $user{AR} = "llvm-ar";
+                    $user{ARFLAGS} = [ "rs" ];
+                    $user{RANLIB} = ":";
+                }
+            } elsif (-f "$ndk/AndroidVersion.txt") {    #"standalone toolchain"
+                my $cc = $user{CC} // "clang";
+                # One can probably argue that both clang and gcc should be
+                # probed, but support for "standalone toolchain" was added
+                # *after* announcement that gcc is being phased out, so
+                # favouring clang is considered adequate. Those who insist
+                # have option to enforce test for gcc with CC=gcc.
+                if (which("$triarch-$cc") !~ m|^$ndk|) {
+                    die "no NDK $triarch-$cc on \$PATH";
+                }
+                $user{CC} = $cc;
+                $user{CROSS_COMPILE} = "$triarch-";
+            } elsif ($user{CC} eq "clang") {
+                die "no NDK clang on \$PATH";
+            } else {
+                if (which("$triarch-gcc") !~ m|^$ndk/.*/prebuilt/([^/]+)/|) {
+                    die "no NDK $triarch-gcc on \$PATH";
+                }
+                $cflags .= " -mandroid";
+                $user{CROSS_COMPILE} = "$triarch-";
+            }
+
+            if (!-d "$sysroot/usr/include") {
+                my $incroot = "$ndk/sysroot/usr/include";
+                die "no $incroot"          if (!-d $incroot);
+                die "no $incroot/$triarch" if (!-d "$incroot/$triarch");
+                $incroot =~ s|^$ndk/||;
+                $cppflags  = "-D__ANDROID_API__=$api";
+                $cppflags .= " -isystem \$($ndk_var)/$incroot/$triarch";
+                $cppflags .= " -isystem \$($ndk_var)/$incroot";
+            }
+
+            $sysroot =~ s|^$ndk/||;
+            $android_ndk = {
+                cflags   => "$cflags --sysroot=\$($ndk_var)/$sysroot",
+                cppflags => $cppflags,
+                bn_ops   => $arch =~ m/64$/ ? "SIXTY_FOUR_BIT_LONG"
+                                            : "BN_LLONG",
+            };
+        }
+
+        return $android_ndk;
+    }
+}
+
+my %targets = (
+    "android" => {
+        inherit_from     => [ "linux-generic32" ],
+        template         => 1,
+        ################################################################
+        # Special note about -pie. The underlying reason is that
+        # Lollipop refuses to run non-PIE. But what about older systems
+        # and NDKs? -fPIC was never problem, so the only concern is -pie.
+        # Older toolchains, e.g. r4, appear to handle it and binaries
+        # turn out mostly functional. "Mostly" means that oldest
+        # Androids, such as Froyo, fail to handle executable, but newer
+        # systems are perfectly capable of executing binaries targeting
+        # Froyo. Keep in mind that in the nutshell Android builds are
+        # about JNI, i.e. shared libraries, not applications.
+        cflags           => add(sub { android_ndk()->{cflags} }),
+        cppflags         => add(sub { android_ndk()->{cppflags} }),
+        cxxflags         => add(sub { android_ndk()->{cflags} }),
+        bn_ops           => sub { android_ndk()->{bn_ops} },
+        bin_cflags       => "-pie",
+        enable           => [ ],
+    },
+    "android-arm" => {
+        ################################################################
+        # Contemporary Android applications can provide multiple JNI
+        # providers in .apk, targeting multiple architectures. Among
+        # them there is "place" for two ARM flavours: generic eabi and
+        # armv7-a/hard-float. However, it should be noted that OpenSSL's
+        # ability to engage NEON is not constrained by ABI choice, nor
+        # is your ability to call OpenSSL from your application code
+        # compiled with floating-point ABI other than default 'soft'.
+        # (Latter thanks to __attribute__((pcs("aapcs"))) declaration.)
+        # This means that choice of ARM libraries you provide in .apk
+        # is driven by application needs. For example if application
+        # itself benefits from NEON or is floating-point intensive, then
+        # it might be appropriate to provide both libraries. Otherwise
+        # just generic eabi would do. But in latter case it would be
+        # appropriate to
+        #
+        #   ./Configure android-arm -D__ARM_MAX_ARCH__=8
+        #
+        # in order to build "universal" binary and allow OpenSSL take
+        # advantage of NEON when it's available.
+        #
+        # Keep in mind that (just like with linux-armv4) we rely on
+        # compiler defaults, which is not necessarily what you had
+        # in mind, in which case you would have to pass additional
+        # -march and/or -mfloat-abi flags. NDK defaults to armv5te.
+        # Newer NDK versions reportedly require additional -latomic.
+        #
+        inherit_from     => [ "android", asm("armv4_asm") ],
+        bn_ops           => add("RC4_CHAR"),
+    },
+    "android-arm64" => {
+        inherit_from     => [ "android", asm("aarch64_asm") ],
+        bn_ops           => add("RC4_CHAR"),
+        perlasm_scheme   => "linux64",
+    },
+
+    "android-mips" => {
+        inherit_from     => [ "android", asm("mips32_asm") ],
+        bn_ops           => add("RC4_CHAR"),
+        perlasm_scheme   => "o32",
+    },
+    "android-mips64" => {
+        ################################################################
+        # You are more than likely have to specify target processor
+        # on ./Configure command line. Trouble is that toolchain's
+        # default is MIPS64r6 (at least in r10d), but there are no
+        # such processors around (or they are too rare to spot one).
+        # Actual problem is that MIPS64r6 is binary incompatible
+        # with previous MIPS ISA versions, in sense that unlike
+        # prior versions original MIPS binary code will fail.
+        #
+        inherit_from     => [ "android", asm("mips64_asm") ],
+        bn_ops           => add("RC4_CHAR"),
+        perlasm_scheme   => "64",
+    },
+
+    "android-x86" => {
+        inherit_from     => [ "android", asm("x86_asm") ],
+        CFLAGS           => add(picker(release => "-fomit-frame-pointer")),
+        bn_ops           => add("RC4_INT"),
+        perlasm_scheme   => "android",
+    },
+    "android-x86_64" => {
+        inherit_from     => [ "android", asm("x86_64_asm") ],
+        bn_ops           => add("RC4_INT"),
+        perlasm_scheme   => "elf",
+    },
+
+    ####################################################################
+    # Backward compatible targets, (might) requre $CROSS_SYSROOT
+    #
+    "android-armeabi" => {
+        inherit_from     => [ "android-arm" ],
+    },
+    "android64" => {
+        inherit_from     => [ "android" ],
+    },
+    "android64-aarch64" => {
+        inherit_from     => [ "android-arm64" ],
+    },
+    "android64-x86_64" => {
+        inherit_from     => [ "android-x86_64" ],
+    },
+    "android64-mips64" => {
+        inherit_from     => [ "android-mips64" ],
+    },
+);
diff --git a/trunk/3rdparty/openssl-1.1-fit/Configurations/15-ios.conf b/trunk/3rdparty/openssl-1.1-fit/Configurations/15-ios.conf
new file mode 100644
index 000000000..1bb9f48d0
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/Configurations/15-ios.conf
@@ -0,0 +1,62 @@
+#### iPhoneOS/iOS
+#
+# It takes recent enough XCode to use following two targets. It shouldn't
+# be a problem by now, but if they don't work, original targets below
+# that depend on manual definition of environment variables should still
+# work...
+#
+my %targets = (
+    "ios-common" => {
+        template         => 1,
+        inherit_from     => [ "darwin-common" ],
+        sys_id           => "iOS",
+        disable          => [ "engine", "async" ],
+    },
+    "ios-xcrun" => {
+        inherit_from     => [ "ios-common", asm("armv4_asm") ],
+        # It should be possible to go below iOS 6 and even add -arch armv6,
+        # thus targeting iPhone pre-3GS, but it's assumed to be irrelevant
+        # at this point.
+        CC               => "xcrun -sdk iphoneos cc",
+        cflags           => add("-arch armv7 -mios-version-min=6.0.0 -fno-common"),
+        perlasm_scheme   => "ios32",
+    },
+    "ios64-xcrun" => {
+        inherit_from     => [ "ios-common", asm("aarch64_asm") ],
+        CC               => "xcrun -sdk iphoneos cc",
+        cflags           => add("-arch arm64 -mios-version-min=7.0.0 -fno-common"),
+        bn_ops           => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
+        perlasm_scheme   => "ios64",
+    },
+    "iossimulator-xcrun" => {
+        inherit_from     => [ "ios-common" ],
+        CC               => "xcrun -sdk iphonesimulator cc",
+    },
+# It takes three prior-set environment variables to make it work:
+#
+# CROSS_COMPILE=/where/toolchain/is/usr/bin/ [note ending slash]
+# CROSS_TOP=/where/SDKs/are
+# CROSS_SDK=iPhoneOSx.y.sdk
+#
+# Exact paths vary with Xcode releases, but for couple of last ones
+# they would look like this:
+#
+# CROSS_COMPILE=`xcode-select --print-path`/Toolchains/XcodeDefault.xctoolchain/usr/bin/
+# CROSS_TOP=`xcode-select --print-path`/Platforms/iPhoneOS.platform/Developer
+# CROSS_SDK=iPhoneOS.sdk
+#
+    "iphoneos-cross" => {
+        inherit_from     => [ "ios-common" ],
+        cflags           => add("-isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fno-common"),
+    },
+    "ios-cross" => {
+        inherit_from     => [ "ios-xcrun" ],
+        CC               => "cc",
+        cflags           => add("-isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK)"),
+    },
+    "ios64-cross" => {
+        inherit_from     => [ "ios64-xcrun" ],
+        CC               => "cc",
+        cflags           => add("-isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK)"),
+    },
+);
diff --git a/trunk/3rdparty/openssl-1.1-fit/Configurations/50-djgpp.conf b/trunk/3rdparty/openssl-1.1-fit/Configurations/50-djgpp.conf
new file mode 100644
index 000000000..a8853a81a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/Configurations/50-djgpp.conf
@@ -0,0 +1,17 @@
+# We can't make any commitment to support the DJGPP platform,
+# and rely entirely on the OpenSSL community to help is fine
+# tune and test.
+
+my %targets = (
+    "DJGPP" => {
+        inherit_from     => [ asm("x86_asm") ],
+        CC               => "gcc",
+        CFLAGS           => "-fomit-frame-pointer -O2 -Wall",
+        cflags           => "-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN",
+        sys_id           => "MSDOS",
+        lflags           => add("-L/dev/env/WATT_ROOT/lib"),
+        ex_libs          => add("-lwatt"),
+        bn_ops           => "BN_LLONG",
+        perlasm_scheme   => "a.out",
+    },
+);
diff --git a/trunk/3rdparty/openssl-1.1-fit/Configurations/50-haiku.conf b/trunk/3rdparty/openssl-1.1-fit/Configurations/50-haiku.conf
new file mode 100644
index 000000000..cd6d10e5f
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/Configurations/50-haiku.conf
@@ -0,0 +1,30 @@
+my %targets = (
+    "haiku-common" => {
+        template         => 1,
+        CC               => "cc",
+        CFLAGS           => add_before(picker(default => "-Wall",
+                                              debug   => "-g -O0",
+                                              release => "-O2")),
+        cflags           => add_before("-DL_ENDIAN -include \$(SRCDIR)/os-dep/haiku.h",
+                                       threads("-D_REENTRANT")),
+        sys_id           => "HAIKU",
+        ex_libs          => "-lnetwork",
+        perlasm_scheme   => "elf",
+        thread_scheme    => "pthreads",
+        dso_scheme       => "dlfcn",
+        shared_target    => "gnu-shared",
+        shared_cflag     => "-fPIC",
+        shared_ldflag    => "-shared",
+        shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)",
+    },
+    "haiku-x86" => {
+        inherit_from     => [ "haiku-common", asm("x86_elf_asm") ],
+        CFLAGS           => add(picker(release => "-fomit-frame-pointer")),
+        bn_ops           => "BN_LLONG",
+    },
+    "haiku-x86_64" => {
+        inherit_from     => [ "haiku-common" ],
+        cflags           => add("-m64"),
+        bn_ops           => "SIXTY_FOUR_BIT_LONG",
+    },
+);
diff --git a/trunk/3rdparty/openssl-1.1-fit/Configurations/50-masm.conf b/trunk/3rdparty/openssl-1.1-fit/Configurations/50-masm.conf
new file mode 100644
index 000000000..2c55dddc2
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/Configurations/50-masm.conf
@@ -0,0 +1,23 @@
+# We can't make commitment to supporting Microsoft assembler,
+# because it would mean supporting all masm versions. This in
+# in turn is because masm is not really an interchangeable option,
+# while users tend to have reasons to stick with specific Visual
+# Studio versions. It's usually lesser hassle to make it work
+# with latest assembler, but tweaking for older versions had
+# proven to be daunting task. This is experimental target, for
+# production builds stick with [up-to-date version of] nasm.
+
+my %targets = (
+    "VC-WIN64A-masm" => {
+        inherit_from    => [ "VC-WIN64-common", asm("x86_64_asm"),
+                             sub { $disabled{shared} ? () : "x86_64_uplink" } ],
+        AS              => "ml64",
+        ASFLAGS         => "/nologo /Zi",
+        asoutflag       => "/Fo",
+        asflags         => "/c /Cp /Cx",
+        sys_id          => "WIN64A",
+        bn_asm_src      => sub { return undef unless @_;
+                                 my $r=join(" ",@_); $r=~s|asm/x86_64-gcc|bn_asm|; $r; },
+        perlasm_scheme   => "masm",
+    },
+);
diff --git a/trunk/3rdparty/openssl-1.1-fit/Configurations/50-win-onecore.conf b/trunk/3rdparty/openssl-1.1-fit/Configurations/50-win-onecore.conf
new file mode 100644
index 000000000..51cb3819c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/Configurations/50-win-onecore.conf
@@ -0,0 +1,64 @@
+# Windows OneCore targets.
+#
+# OneCore is new API stability "contract" that transends Desktop, IoT and
+# Mobile[?] Windows editions. It's a set up "umbrella" libraries that
+# export subset of Win32 API that are common to all Windows 10 devices.
+#
+# OneCore Configuration temporarly dedicated for console applications
+# due to disabled event logging, which is incompatible with one core.
+# Error messages are provided via standard error only.
+# TODO: extend error handling to use ETW based eventing
+# (Or rework whole error messaging)
+
+my %targets = (
+    "VC-WIN32-ONECORE" => {
+        inherit_from    => [ "VC-WIN32" ],
+        # /NODEFAULTLIB:kernel32.lib is needed, because MSVCRT.LIB has
+        # hidden reference to kernel32.lib, but we don't actually want
+        # it in "onecore" build.
+        lflags          => add("/NODEFAULTLIB:kernel32.lib"),
+        defines         => add("OPENSSL_SYS_WIN_CORE"),
+        ex_libs         => "onecore.lib",
+    },
+    "VC-WIN64A-ONECORE" => {
+        inherit_from    => [ "VC-WIN64A" ],
+        lflags          => add("/NODEFAULTLIB:kernel32.lib"),
+        defines         => add("OPENSSL_SYS_WIN_CORE"),
+        ex_libs         => "onecore.lib",
+    },
+
+    # Windows on ARM targets. ARM compilers are additional components in
+    # VS2017, i.e. they are not installed by default. And when installed,
+    # there are no "ARM Tool Command Prompt"s on Start menu, you have
+    # to locate vcvarsall.bat and act accordingly. VC-WIN32-ARM has
+    # received limited testing with evp_test.exe on Windows 10 IoT Core,
+    # but not VC-WIN64-ARM, no hardware... In other words they are not
+    # actually supported...
+    #
+    # Another thing to keep in mind [in cross-compilation scenario such
+    # as this one] is that target's file system has nothing to do with
+    # compilation system's one. This means that you're are likely to use
+    # --prefix and --openssldir with target-specific values. 'nmake install'
+    # step is effectively meaningless in cross-compilation case, though
+    # it might be useful to 'nmake install DESTDIR=S:\ome\where' where you
+    # can point Visual Studio to when compiling custom application code.
+
+    "VC-WIN32-ARM" => {
+        inherit_from    => [ "VC-noCE-common" ],
+        defines         => add("_ARM_WINAPI_PARTITION_DESKTOP_SDK_AVAILABLE",
+                               "OPENSSL_SYS_WIN_CORE"),
+        bn_ops          => "BN_LLONG RC4_CHAR EXPORT_VAR_AS_FN",
+        lflags          => add("/NODEFAULTLIB:kernel32.lib"),
+        ex_libs         => "onecore.lib",
+        multilib        => "-arm",
+    },
+    "VC-WIN64-ARM" => {
+        inherit_from    => [ "VC-noCE-common" ],
+        defines         => add("_ARM_WINAPI_PARTITION_DESKTOP_SDK_AVAILABLE",
+                               "OPENSSL_SYS_WIN_CORE"),
+        bn_ops          => "SIXTY_FOUR_BIT RC4_CHAR EXPORT_VAR_AS_FN",
+        lflags          => add("/NODEFAULTLIB:kernel32.lib"),
+        ex_libs         => "onecore.lib",
+        multilib        => "-arm64",
+    },
+);
diff --git a/trunk/3rdparty/openssl-1.1-fit/Configurations/INTERNALS.Configure b/trunk/3rdparty/openssl-1.1-fit/Configurations/INTERNALS.Configure
new file mode 100644
index 000000000..b28305dec
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/Configurations/INTERNALS.Configure
@@ -0,0 +1,136 @@
+Configure Internals
+===================
+
+[ note: this file uses markdown for formatting ]
+
+Intro
+-----
+
+This is a collection of notes that are hopefully of interest to those
+who decide to dive into Configure and what it does.  This is a living
+document and anyone is encouraged to add to it and submit changes.
+There's no claim for this document to be complete at any time, but it
+will hopefully reach such a point in time.
+
+
+----------------------------------------------------------------------
+
+Parsing build.info files, processing conditions
+-----------------------------------------------
+
+Processing conditions in build.info files is done with the help of a
+condition stack that tell if a build.info should be processed or if it
+should just be skipped over.  The possible states of the stack top are
+expressed in the following comment from Configure:
+
+    # The top item of this stack has the following values
+    # -2 positive already run and we found ELSE (following ELSIF should fail)
+    # -1 positive already run (skip until ENDIF)
+    # 0 negatives so far (if we're at a condition, check it)
+    # 1 last was positive (don't skip lines until next ELSE, ELSIF or ENDIF)
+    # 2 positive ELSE (following ELSIF should fail)
+
+Ground rule is that non-condition lines are skipped over if the
+stack top is > 0.  Condition lines (IF, ELSIF, ELSE and ENDIF
+statements) need to be processed either way to keep track of the skip
+stack states, so they are a little more intricate.
+
+Instead of trying to describe in words, here are some example of what
+the skip stack should look like after each line is processed:
+
+Example 1:
+
+| IF[1]                     |  1        |                               |
+|   ... whatever ...        |           | this line is processed        |
+|   IF[1]                   |  1  1     |                               |
+|     ... whatever ...      |           | this line is processed        |
+|   ELSIF[1]                |  1 -1     |                               |
+|     ... whatever ...      |           | this line is skipped over     |
+|   ELSE                    |  1 -2     |                               |
+|     ... whatever ...      |           | this line is skipped over     |
+|   ENDIF                   |  1        |                               |
+|   ... whatever ...        |           | this line is processed        |
+| ELSIF[1]                  | -1        |                               |
+|   ... whatever ...        |           | this line is skipped over     |
+|   IF[1]                   | -1 -1     |                               |
+|     ... whatever ...      |           | this line is skipped over     |
+|   ELSIF[1]                | -1 -1     |                               |
+|     ... whatever ...      |           | this line is skipped over     |
+|   ELSE                    | -1 -2     |                               |
+|     ... whatever ...      |           | this line is skipped over     |
+|   ENDIF                   | -1        |                               |
+|   ... whatever ...        |           | this line is skipped over     |
+| ENDIF                     |           |                               |
+
+Example 2:
+
+| IF[0]                     |  0        |                               |
+|   ... whatever ...        |           | this line is skipped over     |
+|   IF[1]                   |  0 -1     |                               |
+|     ... whatever ...      |           | this line is skipped over     |
+|   ELSIF[1]                |  0 -1     |                               |
+|     ... whatever ...      |           | this line is skipped over     |
+|   ELSE                    |  0 -2     |                               |
+|     ... whatever ...      |           | this line is skipped over     |
+|   ENDIF                   |  0        |                               |
+|   ... whatever ...        |           | this line is skipped over     |
+| ELSIF[1]                  |  1        |                               |
+|   ... whatever ...        |           | this line is processed        |
+|   IF[1]                   |  1  1     |                               |
+|     ... whatever ...      |           | this line is processed        |
+|   ELSIF[1]                |  1 -1     |                               |
+|     ... whatever ...      |           | this line is skipped over     |
+|   ELSE                    |  1 -2     |                               |
+|     ... whatever ...      |           | this line is skipped over     |
+|   ENDIF                   |  1        |                               |
+|   ... whatever ...        |           | this line is processed        |
+| ENDIF                     |           |                               |
+
+Example 3:
+
+| IF[0]                     |  0        |                               |
+|   ... whatever ...        |           | this line is skipped over     |
+|   IF[0]                   |  0 -1     |                               |
+|     ... whatever ...      |           | this line is skipped over     |
+|   ELSIF[1]                |  0 -1     |                               |
+|     ... whatever ...      |           | this line is skipped over     |
+|   ELSE                    |  0 -2     |                               |
+|     ... whatever ...      |           | this line is skipped over     |
+|   ENDIF                   |  0        |                               |
+|   ... whatever ...        |           | this line is skipped over     |
+| ELSIF[1]                  |  1        |                               |
+|   ... whatever ...        |           | this line is processed        |
+|   IF[0]                   |  1  0     |                               |
+|     ... whatever ...      |           | this line is skipped over     |
+|   ELSIF[1]                |  1  1     |                               |
+|     ... whatever ...      |           | this line is processed        |
+|   ELSE                    |  1 -2     |                               |
+|     ... whatever ...      |           | this line is skipped over     |
+|   ENDIF                   |  1        |                               |
+|   ... whatever ...        |           | this line is processed        |
+| ENDIF                     |           |                               |
+
+Example 4:
+
+| IF[0]                     |  0        |                               |
+|   ... whatever ...        |           | this line is skipped over     |
+|   IF[0]                   |  0 -1     |                               |
+|     ... whatever ...      |           | this line is skipped over     |
+|   ELSIF[0]                |  0 -1     |                               |
+|     ... whatever ...      |           | this line is skipped over     |
+|   ELSE                    |  0 -2     |                               |
+|     ... whatever ...      |           | this line is skipped over     |
+|   ENDIF                   |  0        |                               |
+|   ... whatever ...        |           | this line is skipped over     |
+| ELSIF[1]                  |  1        |                               |
+|   ... whatever ...        |           | this line is processed        |
+|   IF[0]                   |  1  0     |                               |
+|     ... whatever ...      |           | this line is skipped over     |
+|   ELSIF[0]                |  1  0     |                               |
+|     ... whatever ...      |           | this line is skipped over     |
+|   ELSE                    |  1  2     |                               |
+|     ... whatever ...      |           | this line is processed        |
+|   ENDIF                   |  1        |                               |
+|   ... whatever ...        |           | this line is processed        |
+| ENDIF                     |           |                               |
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/Configurations/README b/trunk/3rdparty/openssl-1.1-fit/Configurations/README
new file mode 100644
index 000000000..0b856284d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/Configurations/README
@@ -0,0 +1,763 @@
+Intro
+=====
+
+This directory contains a few sets of files that are used for
+configuration in diverse ways:
+
+    *.conf      Target platform configurations, please read
+                'Configurations of OpenSSL target platforms' for more
+                information.
+    *.tmpl      Build file templates, please read 'Build-file
+                programming with the "unified" build system' as well
+                as 'Build info files' for more information.
+    *.pm        Helper scripts / modules for the main `Configure`
+                script.  See 'Configure helper scripts for more
+                information.
+
+
+Configurations of OpenSSL target platforms
+==========================================
+
+Configuration targets are a collection of facts that we know about
+different platforms and their capabilities.  We organise them in a
+hash table, where each entry represent a specific target.
+
+Note that configuration target names must be unique across all config
+files.  The Configure script does check that a config file doesn't
+have config targets that shadow config targets from other files.
+
+In each table entry, the following keys are significant:
+
+        inherit_from    => Other targets to inherit values from.
+                           Explained further below. [1]
+        template        => Set to 1 if this isn't really a platform
+                           target.  Instead, this target is a template
+                           upon which other targets can be built.
+                           Explained further below.  [1]
+
+        sys_id          => System identity for systems where that
+                           is difficult to determine automatically.
+
+        enable          => Enable specific configuration features.
+                           This MUST be an array of words.
+        disable         => Disable specific configuration features.
+                           This MUST be an array of words.
+                           Note: if the same feature is both enabled
+                           and disabled, disable wins.
+
+        as              => The assembler command.  This is not always
+                           used (for example on Unix, where the C
+                           compiler is used instead).
+        asflags         => Default assembler command flags [4].
+        cpp             => The C preprocessor command, normally not
+                           given, as the build file defaults are
+                           usually good enough.
+        cppflags        => Default C preprocessor flags [4].
+        defines         => As an alternative, macro definitions may be
+                           given here instead of in `cppflags' [4].
+                           If given here, they MUST be as an array of
+                           the string such as "MACRO=value", or just
+                           "MACRO" for definitions without value.
+        includes        => As an alternative, inclusion directories
+                           may be given here instead of in `cppflags'
+                           [4].  If given here, the MUST be an array
+                           of strings, one directory specification
+                           each.
+        cc              => The C compiler command, usually one of "cc",
+                           "gcc" or "clang".  This command is normally
+                           also used to link object files and
+                           libraries into the final program.
+        cxx             => The C++ compiler command, usually one of
+                           "c++", "g++" or "clang++".  This command is
+                           also used when linking a program where at
+                           least one of the object file is made from
+                           C++ source.
+        cflags          => Defaults C compiler flags [4].
+        cxxflags        => Default  C++ compiler flags [4].  If unset,
+                           it gets the same value as cflags.
+
+        (linking is a complex thing, see [3] below)
+        ld              => Linker command, usually not defined
+                           (meaning the compiler command is used
+                           instead).
+                           (NOTE: this is here for future use, it's
+                           not implemented yet)
+        lflags          => Default flags used when linking apps,
+                           shared libraries or DSOs [4].
+        ex_libs         => Extra libraries that are needed when
+                           linking shared libraries, DSOs or programs.
+                           The value is also assigned to Libs.private
+                           in $(libdir)/pkgconfig/libcrypto.pc.
+
+        shared_cppflags => Extra C preprocessor flags used when
+                           processing C files for shared libraries.
+        shared_cflag    => Extra C compiler flags used when compiling
+                           for shared libraries, typically something
+                           like "-fPIC".
+        shared_ldflag   => Extra linking flags used when linking
+                           shared libraries.
+        module_cppflags
+        module_cflags
+        module_ldflags  => Has the same function as the corresponding
+                           `shared_' attributes, but for building DSOs.
+                           When unset, they get the same values as the
+                           corresponding `shared_' attributes.
+
+        ar              => The library archive command, the default is
+                           "ar".
+                           (NOTE: this is here for future use, it's
+                           not implemented yet)
+        arflags         => Flags to be used with the library archive
+                           command.  On Unix, this includes the
+                           command letter, 'r' by default.
+
+        ranlib          => The library archive indexing command, the
+                           default is 'ranlib' it it exists.
+
+        unistd          => An alternative header to the typical
+                           '<unistd.h>'.  This is very rarely needed.
+
+        shared_extension => File name extension used for shared
+                            libraries.
+        obj_extension   => File name extension used for object files.
+                           On unix, this defaults to ".o" (NOTE: this
+                           is here for future use, it's not
+                           implemented yet)
+        exe_extension   => File name extension used for executable
+                           files.  On unix, this defaults to "" (NOTE:
+                           this is here for future use, it's not
+                           implemented yet)
+        shlib_variant   => A "variant" identifier inserted between the base
+                           shared library name and the extension.  On "unixy"
+                           platforms (BSD, Linux, Solaris, MacOS/X, ...) this
+                           supports installation of custom OpenSSL libraries
+                           that don't conflict with other builds of OpenSSL
+                           installed on the system.  The variant identifier
+                           becomes part of the SONAME of the library and also
+                           any symbol versions (symbol versions are not used or
+                           needed with MacOS/X).  For example, on a system
+                           where a default build would normally create the SSL
+                           shared library as 'libssl.so -> libssl.so.1.1' with
+                           the value of the symlink as the SONAME, a target
+                           definition that sets 'shlib_variant => "-abc"' will
+                           create 'libssl.so -> libssl-abc.so.1.1', again with
+                           an SONAME equal to the value of the symlink.  The
+                           symbol versions associated with the variant library
+                           would then be 'OPENSSL_ABC_<version>' rather than
+                           the default 'OPENSSL_<version>'. The string inserted
+                           into symbol versions is obtained by mapping all
+                           letters in the "variant" identifier to upper case
+                           and all non-alphanumeric characters to '_'.
+
+        thread_scheme   => The type of threads is used on the
+                           configured platform.  Currently known
+                           values are "(unknown)", "pthreads",
+                           "uithreads" (a.k.a solaris threads) and
+                           "winthreads".  Except for "(unknown)", the
+                           actual value is currently ignored but may
+                           be used in the future.  See further notes
+                           below [2].
+        dso_scheme      => The type of dynamic shared objects to build
+                           for.  This mostly comes into play with
+                           engines, but can be used for other purposes
+                           as well.  Valid values are "DLFCN"
+                           (dlopen() et al), "DLFCN_NO_H" (for systems
+                           that use dlopen() et al but do not have
+                           fcntl.h), "DL" (shl_load() et al), "WIN32"
+                           and "VMS".
+        perlasm_scheme  => The perlasm method used to create the
+                           assembler files used when compiling with
+                           assembler implementations.
+        shared_target   => The shared library building method used.
+                           This is a target found in Makefile.shared.
+        build_scheme    => The scheme used to build up a Makefile.
+                           In its simplest form, the value is a string
+                           with the name of the build scheme.
+                           The value may also take the form of a list
+                           of strings, if the build_scheme is to have
+                           some options.  In this case, the first
+                           string in the list is the name of the build
+                           scheme.
+                           Currently recognised build scheme is "unified".
+                           For the "unified" build scheme, this item
+                           *must* be an array with the first being the
+                           word "unified" and the second being a word
+                           to identify the platform family.
+
+        multilib        => On systems that support having multiple
+                           implementations of a library (typically a
+                           32-bit and a 64-bit variant), this is used
+                           to have the different variants in different
+                           directories.
+
+        bn_ops          => Building options (was just bignum options in
+                           the earlier history of this option, hence the
+                           name). This is a string of words that describe
+                           algorithms' implementation parameters that
+                           are optimal for the designated target platform,
+                           such as the type of integers used to build up
+                           the bignum, different ways to implement certain
+                           ciphers and so on. To fully comprehend the
+                           meaning, the best is to read the affected
+                           source.
+                           The valid words are:
+
+                           THIRTY_TWO_BIT       bignum limbs are 32 bits,
+                                                this is default if no
+                                                option is specified, it
+                                                works on any supported
+                                                system [unless "wider"
+                                                limb size is implied in
+                                                assembly code];
+                           BN_LLONG             bignum limbs are 32 bits,
+                                                but 64-bit 'unsigned long
+                                                long' is used internally
+                                                in calculations;
+                           SIXTY_FOUR_BIT_LONG  bignum limbs are 64 bits
+                                                and sizeof(long) is 8;
+                           SIXTY_FOUR_BIT       bignums limbs are 64 bits,
+                                                but execution environment
+                                                is ILP32;
+                           RC4_CHAR             RC4 key schedule is made
+                                                up of 'unsigned char's;
+                           RC4_INT              RC4 key schedule is made
+                                                up of 'unsigned int's;
+                           EXPORT_VAR_AS_FN     for shared libraries,
+                                                export vars as
+                                                accessor functions.
+
+        apps_aux_src    => Extra source to build apps/openssl and other
+                           apps, as needed by the target and that can be
+                           collected in a library.
+        apps_init_src   => Init source to build apps/openssl and other
+                           apps, as needed by the target.  This code
+                           cannot be placed in a library, as the rest
+                           of the code isn't expected to link to it
+                           explicitly.
+        cpuid_asm_src   => assembler implementation of cpuid code as
+                           well as OPENSSL_cleanse().
+                           Default to mem_clr.c
+        bn_asm_src      => Assembler implementation of core bignum
+                           functions.
+                           Defaults to bn_asm.c
+        ec_asm_src      => Assembler implementation of core EC
+                           functions.
+        des_asm_src     => Assembler implementation of core DES
+                           encryption functions.
+                           Defaults to 'des_enc.c fcrypt_b.c'
+        aes_asm_src     => Assembler implementation of core AES
+                           functions.
+                           Defaults to 'aes_core.c aes_cbc.c'
+        bf_asm_src      => Assembler implementation of core BlowFish
+                           functions.
+                           Defaults to 'bf_enc.c'
+        md5_asm_src     => Assembler implementation of core MD5
+                           functions.
+        sha1_asm_src    => Assembler implementation of core SHA1,
+                           functions, and also possibly SHA256 and
+                           SHA512 ones.
+        cast_asm_src    => Assembler implementation of core CAST
+                           functions.
+                           Defaults to 'c_enc.c'
+        rc4_asm_src     => Assembler implementation of core RC4
+                           functions.
+                           Defaults to 'rc4_enc.c rc4_skey.c'
+        rmd160_asm_src  => Assembler implementation of core RMD160
+                           functions.
+        rc5_asm_src     => Assembler implementation of core RC5
+                           functions.
+                           Defaults to 'rc5_enc.c'
+        wp_asm_src      => Assembler implementation of core WHIRLPOOL
+                           functions.
+        cmll_asm_src    => Assembler implementation of core CAMELLIA
+                           functions.
+                           Defaults to 'camellia.c cmll_misc.c cmll_cbc.c'
+        modes_asm_src   => Assembler implementation of cipher modes,
+                           currently the functions gcm_gmult_4bit and
+                           gcm_ghash_4bit.
+        padlock_asm_src => Assembler implementation of core parts of
+                           the padlock engine.  This is mandatory on
+                           any platform where the padlock engine might
+                           actually be built.
+
+
+[1] as part of the target configuration, one can have a key called
+    'inherit_from' that indicate what other configurations to inherit
+    data from.  These are resolved recursively.
+
+    Inheritance works as a set of default values that can be overridden
+    by corresponding key values in the inheriting configuration.
+
+    Note 1: any configuration table can be used as a template.
+    Note 2: pure templates have the attribute 'template => 1' and
+            cannot be used as build targets.
+
+    If several configurations are given in the 'inherit_from' array,
+    the values of same attribute are concatenated with space
+    separation.  With this, it's possible to have several smaller
+    templates for different configuration aspects that can be combined
+    into a complete configuration.
+
+    instead of a scalar value or an array, a value can be a code block
+    of the form 'sub { /* your code here */ }'.  This code block will
+    be called with the list of inherited values for that key as
+    arguments.  In fact, the concatenation of strings is really done
+    by using 'sub { join(" ",@_) }' on the list of inherited values.
+
+    An example:
+
+        "foo" => {
+                template => 1,
+                haha => "ha ha",
+                hoho => "ho",
+                ignored => "This should not appear in the end result",
+        },
+        "bar" => {
+                template => 1,
+                haha => "ah",
+                hoho => "haho",
+                hehe => "hehe"
+        },
+        "laughter" => {
+                inherit_from => [ "foo", "bar" ],
+                hehe => sub { join(" ",(@_,"!!!")) },
+                ignored => "",
+        }
+
+        The entry for "laughter" will become as follows after processing:
+
+        "laughter" => {
+                haha => "ha ha ah",
+                hoho => "ho haho",
+                hehe => "hehe !!!",
+                ignored => ""
+        }
+
+[2] OpenSSL is built with threading capabilities unless the user
+    specifies 'no-threads'.  The value of the key 'thread_scheme' may
+    be "(unknown)", in which case the user MUST give some compilation
+    flags to Configure.
+
+[3] OpenSSL has three types of things to link from object files or
+    static libraries:
+
+    - shared libraries; that would be libcrypto and libssl.
+    - shared objects (sometimes called dynamic libraries);  that would
+      be the engines.
+    - applications; those are apps/openssl and all the test apps.
+
+    Very roughly speaking, linking is done like this (words in braces
+    represent the configuration settings documented at the beginning
+    of this file):
+
+    shared libraries:
+        {ld} $(CFLAGS) {lflags} {shared_ldflag} -o libfoo.so \
+            foo/something.o foo/somethingelse.o {ex_libs}
+
+    shared objects:
+        {ld} $(CFLAGS) {lflags} {module_ldflags} -o libeng.so \
+            blah1.o blah2.o -lcrypto {ex_libs}
+
+    applications:
+        {ld} $(CFLAGS) {lflags} -o app \
+            app1.o utils.o -lssl -lcrypto {ex_libs}
+
+[4] There are variants of these attribute, prefixed with `lib_',
+    `dso_' or `bin_'.  Those variants replace the unprefixed attribute
+    when building library, DSO or program modules specifically.
+
+Historically, the target configurations came in form of a string with
+values separated by colons.  This use is deprecated.  The string form
+looked like this:
+
+   "target" => "{cc}:{cflags}:{unistd}:{thread_cflag}:{sys_id}:{lflags}:{bn_ops}:{cpuid_obj}:{bn_obj}:{ec_obj}:{des_obj}:{aes_obj}:{bf_obj}:{md5_obj}:{sha1_obj}:{cast_obj}:{rc4_obj}:{rmd160_obj}:{rc5_obj}:{wp_obj}:{cmll_obj}:{modes_obj}:{padlock_obj}:{perlasm_scheme}:{dso_scheme}:{shared_target}:{shared_cflag}:{shared_ldflag}:{shared_extension}:{ranlib}:{arflags}:{multilib}"
+
+
+Build info files
+================
+
+The build.info files that are spread over the source tree contain the
+minimum information needed to build and distribute OpenSSL.  It uses a
+simple and yet fairly powerful language to determine what needs to be
+built, from what sources, and other relationships between files.
+
+For every build.info file, all file references are relative to the
+directory of the build.info file for source files, and the
+corresponding build directory for built files if the build tree
+differs from the source tree.
+
+When processed, every line is processed with the perl module
+Text::Template, using the delimiters "{-" and "-}".  The hashes
+%config and %target are passed to the perl fragments, along with
+$sourcedir and $builddir, which are the locations of the source
+directory for the current build.info file and the corresponding build
+directory, all relative to the top of the build tree.
+
+To begin with, things to be built are declared by setting specific
+variables:
+
+    PROGRAMS=foo bar
+    LIBS=libsomething
+    ENGINES=libeng
+    SCRIPTS=myhack
+    EXTRA=file1 file2
+
+Note that the files mentioned for PROGRAMS, LIBS and ENGINES *must* be
+without extensions.  The build file templates will figure them out.
+
+For each thing to be built, it is then possible to say what sources
+they are built from:
+
+    PROGRAMS=foo bar
+    SOURCE[foo]=foo.c common.c
+    SOURCE[bar]=bar.c extra.c common.c
+
+It's also possible to tell some other dependencies:
+
+    DEPEND[foo]=libsomething
+    DEPEND[libbar]=libsomethingelse
+
+(it could be argued that 'libsomething' and 'libsomethingelse' are
+source as well.  However, the files given through SOURCE are expected
+to be located in the source tree while files given through DEPEND are
+expected to be located in the build tree)
+
+It's also possible to depend on static libraries explicitly:
+
+    DEPEND[foo]=libsomething.a
+    DEPEND[libbar]=libsomethingelse.a
+
+This should be rarely used, and care should be taken to make sure it's
+only used when supported.  For example, native Windows build doesn't
+support building static libraries and DLLs at the same time, so using
+static libraries on Windows can only be done when configured
+'no-shared'.
+
+One some platforms, shared libraries come with a name that's different
+from their static counterpart.  That's declared as follows:
+
+    SHARED_NAME[libfoo]=cygfoo-{- $config{shlibver} -}
+
+The example is from Cygwin, which has a required naming convention.
+
+Sometimes, it makes sense to rename an output file, for example a
+library:
+
+    RENAME[libfoo]=libbar
+
+That line has "libfoo" renamed to "libbar".  While it makes no
+sense at all to just have a rename like that (why not just use
+"libbar" everywhere?), it does make sense when it can be used
+conditionally.  See a little further below for an example.
+
+In some cases, it's desirable to include some source files in the
+shared form of a library only:
+
+    SHARED_SOURCE[libfoo]=dllmain.c
+
+For any file to be built, it's also possible to tell what extra
+include paths the build of their source files should use:
+
+    INCLUDE[foo]=include
+
+In some cases, one might want to generate some source files from
+others, that's done as follows:
+
+    GENERATE[foo.s]=asm/something.pl $(CFLAGS)
+    GENERATE[bar.s]=asm/bar.S
+
+The value of each GENERATE line is a command line or part of it.
+Configure places no rules on the command line, except that the first
+item must be the generator file.  It is, however, entirely up to the
+build file template to define exactly how those command lines should
+be handled, how the output is captured and so on.
+
+Sometimes, the generator file itself depends on other files, for
+example if it is a perl script that depends on other perl modules.
+This can be expressed using DEPEND like this:
+
+    DEPEND[asm/something.pl]=../perlasm/Foo.pm
+
+There may also be cases where the exact file isn't easily specified,
+but an inclusion directory still needs to be specified.  INCLUDE can
+be used in that case:
+
+    INCLUDE[asm/something.pl]=../perlasm
+
+NOTE: GENERATE lines are limited to one command only per GENERATE.
+
+As a last resort, it's possible to have raw build file lines, between
+BEGINRAW and ENDRAW lines as follows:
+
+    BEGINRAW[Makefile(unix)]
+    haha.h: {- $builddir -}/Makefile
+        echo "/* haha */" > haha.h
+    ENDRAW[Makefile(unix)]
+
+The word within square brackets is the build_file configuration item
+or the build_file configuration item followed by the second word in the
+build_scheme configuration item for the configured target within
+parenthesis as shown above.  For example, with the following relevant
+configuration items:
+
+   build_file   => "build.ninja"
+   build_scheme => [ "unified", "unix" ]
+
+... these lines will be considered:
+
+   BEGINRAW[build.ninja]
+   build haha.h: echo "/* haha */" > haha.h
+   ENDRAW[build.ninja]
+
+   BEGINRAW[build.ninja(unix)]
+   build hoho.h: echo "/* hoho */" > hoho.h
+   ENDRAW[build.ninja(unix)]
+
+Should it be needed because the recipes within a RAW section might
+clash with those generated by Configure, it's possible to tell it
+not to generate them with the use of OVERRIDES, for example:
+
+    SOURCE[libfoo]=foo.c bar.c
+
+    OVERRIDES=bar.o
+    BEGINRAW[Makefile(unix)]
+    bar.o: bar.c
+    	$(CC) $(CFLAGS) -DSPECIAL -c -o $@ $<
+    ENDRAW[Makefile(unix)]
+
+See the documentation further up for more information on configuration
+items.
+
+Finally, you can have some simple conditional use of the build.info
+information, looking like this:
+
+    IF[1]
+     something
+    ELSIF[2]
+     something other
+    ELSE
+     something else
+    ENDIF
+
+The expression in square brackets is interpreted as a string in perl,
+and will be seen as true if perl thinks it is, otherwise false.  For
+example, the above would have "something" used, since 1 is true.
+
+Together with the use of Text::Template, this can be used as
+conditions based on something in the passed variables, for example:
+
+    IF[{- $disabled{shared} -}]
+      LIBS=libcrypto
+      SOURCE[libcrypto]=...
+    ELSE
+      LIBS=libfoo
+      SOURCE[libfoo]=...
+    ENDIF
+
+or:
+
+    # VMS has a cultural standard where all libraries are prefixed.
+    # For OpenSSL, the choice is 'ossl_'
+    IF[{- $config{target} =~ /^vms/ -}]
+     RENAME[libcrypto]=ossl_libcrypto
+     RENAME[libssl]=ossl_libssl
+    ENDIF
+
+
+Build-file programming with the "unified" build system
+======================================================
+
+"Build files" are called "Makefile" on Unix-like operating systems,
+"descrip.mms" for MMS on VMS, "makefile" for nmake on Windows, etc.
+
+To use the "unified" build system, the target configuration needs to
+set the three items 'build_scheme', 'build_file' and 'build_command'.
+In the rest of this section, we will assume that 'build_scheme' is set
+to "unified" (see the configurations documentation above for the
+details).
+
+For any name given by 'build_file', the "unified" system expects a
+template file in Configurations/ named like the build file, with
+".tmpl" appended, or in case of possible ambiguity, a combination of
+the second 'build_scheme' list item and the 'build_file' name.  For
+example, if 'build_file' is set to "Makefile", the template could be
+Configurations/Makefile.tmpl or Configurations/unix-Makefile.tmpl.
+In case both Configurations/unix-Makefile.tmpl and
+Configurations/Makefile.tmpl are present, the former takes
+precedence.
+
+The build-file template is processed with the perl module
+Text::Template, using "{-" and "-}" as delimiters that enclose the
+perl code fragments that generate configuration-dependent content.
+Those perl fragments have access to all the hash variables from
+configdata.pem.
+
+The build-file template is expected to define at least the following
+perl functions in a perl code fragment enclosed with "{-" and "-}".
+They are all expected to return a string with the lines they produce.
+
+    generatesrc - function that produces build file lines to generate
+                  a source file from some input.
+
+                  It's called like this:
+
+                        generatesrc(src => "PATH/TO/tobegenerated",
+                                    generator => [ "generatingfile", ... ]
+                                    generator_incs => [ "INCL/PATH", ... ]
+                                    generator_deps => [ "dep1", ... ]
+                                    generator => [ "generatingfile", ... ]
+                                    incs => [ "INCL/PATH", ... ],
+                                    deps => [ "dep1", ... ],
+                                    intent => one of "libs", "dso", "bin" );
+
+                  'src' has the name of the file to be generated.
+                  'generator' is the command or part of command to
+                  generate the file, of which the first item is
+                  expected to be the file to generate from.
+                  generatesrc() is expected to analyse and figure out
+                  exactly how to apply that file and how to capture
+                  the result.  'generator_incs' and 'generator_deps'
+                  are include directories and files that the generator
+                  file itself depends on.  'incs' and 'deps' are
+                  include directories and files that are used if $(CC)
+                  is used as an intermediary step when generating the
+                  end product (the file indicated by 'src').  'intent'
+                  indicates what the generated file is going to be
+                  used for.
+
+    src2obj     - function that produces build file lines to build an
+                  object file from source files and associated data.
+
+                  It's called like this:
+
+                        src2obj(obj => "PATH/TO/objectfile",
+                                srcs => [ "PATH/TO/sourcefile", ... ],
+                                deps => [ "dep1", ... ],
+                                incs => [ "INCL/PATH", ... ]
+                                intent => one of "lib", "dso", "bin" );
+
+                  'obj' has the intended object file *without*
+                  extension, src2obj() is expected to add that.
+                  'srcs' has the list of source files to build the
+                  object file, with the first item being the source
+                  file that directly corresponds to the object file.
+                  'deps' is a list of explicit dependencies.  'incs'
+                  is a list of include file directories.  Finally,
+                  'intent' indicates what this object file is going
+                  to be used for.
+
+    obj2lib     - function that produces build file lines to build a
+                  static library file ("libfoo.a" in Unix terms) from
+                  object files.
+
+                  called like this:
+
+                        obj2lib(lib => "PATH/TO/libfile",
+                                objs => [ "PATH/TO/objectfile", ... ]);
+
+                  'lib' has the intended library file name *without*
+                  extension, obj2lib is expected to add that.  'objs'
+                  has the list of object files (also *without*
+                  extension) to build this library.
+
+    libobj2shlib - function that produces build file lines to build a
+                  shareable object library file ("libfoo.so" in Unix
+                  terms) from the corresponding static library file
+                  or object files.
+
+                  called like this:
+
+                        libobj2shlib(shlib => "PATH/TO/shlibfile",
+                                     lib => "PATH/TO/libfile",
+                                     objs => [ "PATH/TO/objectfile", ... ],
+                                     deps => [ "PATH/TO/otherlibfile", ... ]);
+
+                  'lib' has the intended library file name *without*
+                  extension, libobj2shlib is expected to add that.
+                  'shlib' has the corresponding shared library name
+                  *without* extension.  'deps' has the list of other
+                  libraries (also *without* extension) this library
+                  needs to be linked with.  'objs' has the list of
+                  object files (also *without* extension) to build
+                  this library.
+
+                  This function has a choice; it can use the
+                  corresponding static library as input to make the
+                  shared library, or the list of object files.
+
+    obj2dso     - function that produces build file lines to build a
+                  dynamic shared object file from object files.
+
+                  called like this:
+
+                        obj2dso(lib => "PATH/TO/libfile",
+                                objs => [ "PATH/TO/objectfile", ... ],
+                                deps => [ "PATH/TO/otherlibfile",
+                                ... ]);
+
+                  This is almost the same as libobj2shlib, but the
+                  intent is to build a shareable library that can be
+                  loaded in runtime (a "plugin"...).  The differences
+                  are subtle, one of the most visible ones is that the
+                  resulting shareable library is produced from object
+                  files only.
+
+    obj2bin     - function that produces build file lines to build an
+                  executable file from object files.
+
+                  called like this:
+
+                        obj2bin(bin => "PATH/TO/binfile",
+                                objs => [ "PATH/TO/objectfile", ... ],
+                                deps => [ "PATH/TO/libfile", ... ]);
+
+                  'bin' has the intended executable file name
+                  *without* extension, obj2bin is expected to add
+                  that.  'objs' has the list of object files (also
+                  *without* extension) to build this library.  'deps'
+                  has the list of library files (also *without*
+                  extension) that the programs needs to be linked
+                  with.
+
+    in2script   - function that produces build file lines to build a
+                  script file from some input.
+
+                  called like this:
+
+                        in2script(script => "PATH/TO/scriptfile",
+                                  sources => [ "PATH/TO/infile", ... ]);
+
+                  'script' has the intended script file name.
+                  'sources' has the list of source files to build the
+                  resulting script from.
+
+In all cases, file file paths are relative to the build tree top, and
+the build file actions run with the build tree top as current working
+directory.
+
+Make sure to end the section with these functions with a string that
+you thing is appropriate for the resulting build file.  If nothing
+else, end it like this:
+
+      "";       # Make sure no lingering values end up in the Makefile
+    -}
+
+
+Configure helper scripts
+========================
+
+Configure uses helper scripts in this directory:
+
+Checker scripts
+---------------
+
+These scripts are per platform family, to check the integrity of the
+tools used for configuration and building.  The checker script used is
+either {build_platform}-{build_file}-checker.pm or
+{build_platform}-checker.pm, where {build_platform} is the second
+'build_scheme' list element from the configuration target data, and
+{build_file} is 'build_file' from the same target data.
+
+If the check succeeds, the script is expected to end with a non-zero
+expression.  If the check fails, the script can end with a zero, or
+with a `die`.
diff --git a/trunk/3rdparty/openssl-1.1-fit/Configurations/README.design b/trunk/3rdparty/openssl-1.1-fit/Configurations/README.design
new file mode 100644
index 000000000..5fb2737c2
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/Configurations/README.design
@@ -0,0 +1,623 @@
+Design document for the unified scheme data
+===========================================
+
+How are things connected?
+-------------------------
+
+The unified scheme takes all its data from the build.info files seen
+throughout the source tree.  These files hold the minimum information
+needed to build end product files from diverse sources.  See the
+section on build.info files below.
+
+From the information in build.info files, Configure builds up an
+information database as a hash table called %unified_info, which is
+stored in configdata.pm, found at the top of the build tree (which may
+or may not be the same as the source tree).
+
+Configurations/common.tmpl uses the data from %unified_info to
+generate the rules for building end product files as well as
+intermediary files with the help of a few functions found in the
+build-file templates.  See the section on build-file templates further
+down for more information.
+
+build.info files
+----------------
+
+As mentioned earlier, build.info files are meant to hold the minimum
+information needed to build output files, and therefore only (with a
+few possible exceptions [1]) have information about end products (such
+as scripts, library files and programs) and source files (such as C
+files, C header files, assembler files, etc).  Intermediate files such
+as object files are rarely directly referred to in build.info files (and
+when they are, it's always with the file name extension .o), they are
+inferred by Configure.  By the same rule of minimalism, end product
+file name extensions (such as .so, .a, .exe, etc) are never mentioned
+in build.info.  Their file name extensions will be inferred by the
+build-file templates, adapted for the platform they are meant for (see
+sections on %unified_info and build-file templates further down).
+
+The variables PROGRAMS, LIBS, ENGINES and SCRIPTS are used to declare
+end products.  There are variants for them with '_NO_INST' as suffix
+(PROGRAM_NO_INST etc) to specify end products that shouldn't get
+installed.
+
+The variables SOURCE, DEPEND and INCLUDE are indexed by a produced
+file, and their values are the source used to produce that particular
+produced file, extra dependencies, and include directories needed.
+
+All their values in all the build.info throughout the source tree are
+collected together and form a set of programs, libraries, engines and
+scripts to be produced, source files, dependencies, etc etc etc.
+
+Let's have a pretend example, a very limited contraption of OpenSSL,
+composed of the program 'apps/openssl', the libraries 'libssl' and
+'libcrypto', an engine 'engines/ossltest' and their sources and
+dependencies.
+
+    # build.info
+    LIBS=libcrypto libssl
+    INCLUDE[libcrypto]=include
+    INCLUDE[libssl]=include
+    DEPEND[libssl]=libcrypto
+
+This is the top directory build.info file, and it tells us that two
+libraries are to be built, the include directory 'include/' shall be
+used throughout when building anything that will end up in each
+library, and that the library 'libssl' depend on the library
+'libcrypto' to function properly.
+
+    # apps/build.info
+    PROGRAMS=openssl
+    SOURCE[openssl]=openssl.c
+    INCLUDE[openssl]=.. ../include
+    DEPEND[openssl]=../libssl
+
+This is the build.info file in 'apps/', one may notice that all file
+paths mentioned are relative to the directory the build.info file is
+located in.  This one tells us that there's a program to be built
+called 'apps/openssl' (the file name extension will depend on the
+platform and is therefore not mentioned in the build.info file).  It's
+built from one source file, 'apps/openssl.c', and building it requires
+the use of '.' and 'include' include directories (both are declared
+from the point of view of the 'apps/' directory), and that the program
+depends on the library 'libssl' to function properly.
+
+    # crypto/build.info
+    LIBS=../libcrypto
+    SOURCE[../libcrypto]=aes.c evp.c cversion.c
+    DEPEND[cversion.o]=buildinf.h
+
+    GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)"
+    DEPEND[buildinf.h]=../Makefile
+    DEPEND[../util/mkbuildinf.pl]=../util/Foo.pm
+
+This is the build.info file in 'crypto', and it tells us a little more
+about what's needed to produce 'libcrypto'.  LIBS is used again to
+declare that 'libcrypto' is to be produced.  This declaration is
+really unnecessary as it's already mentioned in the top build.info
+file, but can make the info file easier to understand.  This is to
+show that duplicate information isn't an issue.
+
+This build.info file informs us that 'libcrypto' is built from a few
+source files, 'crypto/aes.c', 'crypto/evp.c' and 'crypto/cversion.c'.
+It also shows us that building the object file inferred from
+'crypto/cversion.c' depends on 'crypto/buildinf.h'.  Finally, it
+also shows the possibility to declare how some files are generated
+using some script, in this case a perl script, and how such scripts
+can be declared to depend on other files, in this case a perl module.
+
+Two things are worth an extra note:
+
+'DEPEND[cversion.o]' mentions an object file.  DEPEND indexes is the
+only location where it's valid to mention them
+
+Lines in 'BEGINRAW'..'ENDRAW' sections must always mention files as
+seen from the top directory, no exception.
+
+    # ssl/build.info
+    LIBS=../libssl
+    SOURCE[../libssl]=tls.c
+
+This is the build.info file in 'ssl/', and it tells us that the
+library 'libssl' is built from the source file 'ssl/tls.c'.
+
+    # engines/build.info
+    ENGINES=dasync
+    SOURCE[dasync]=e_dasync.c
+    DEPEND[dasync]=../libcrypto
+    INCLUDE[dasync]=../include
+
+    ENGINES_NO_INST=ossltest
+    SOURCE[ossltest]=e_ossltest.c
+    DEPEND[ossltest]=../libcrypto.a
+    INCLUDE[ossltest]=../include
+
+This is the build.info file in 'engines/', telling us that two engines
+called 'engines/dasync' and 'engines/ossltest' shall be built, that
+dasync's source is 'engines/e_dasync.c' and ossltest's source is
+'engines/e_ossltest.c' and that the include directory 'include/' may
+be used when building anything that will be part of these engines.
+Also, both engines depend on the library 'libcrypto' to function
+properly.  ossltest is explicitly linked with the static variant of
+the library 'libcrypto'.  Finally, only dasync is being installed, as
+ossltest is only for internal testing.
+
+When Configure digests these build.info files, the accumulated
+information comes down to this:
+
+    LIBS=libcrypto libssl
+    SOURCE[libcrypto]=crypto/aes.c crypto/evp.c crypto/cversion.c
+    DEPEND[crypto/cversion.o]=crypto/buildinf.h
+    INCLUDE[libcrypto]=include
+    SOURCE[libssl]=ssl/tls.c
+    INCLUDE[libssl]=include
+    DEPEND[libssl]=libcrypto
+
+    PROGRAMS=apps/openssl
+    SOURCE[apps/openssl]=apps/openssl.c
+    INCLUDE[apps/openssl]=. include
+    DEPEND[apps/openssl]=libssl
+
+    ENGINES=engines/dasync
+    SOURCE[engines/dasync]=engines/e_dasync.c
+    DEPEND[engines/dasync]=libcrypto
+    INCLUDE[engines/dasync]=include
+
+    ENGINES_NO_INST=engines/ossltest
+    SOURCE[engines/ossltest]=engines/e_ossltest.c
+    DEPEND[engines/ossltest]=libcrypto.a
+    INCLUDE[engines/ossltest]=include
+
+    GENERATE[crypto/buildinf.h]=util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)"
+    DEPEND[crypto/buildinf.h]=Makefile
+    DEPEND[util/mkbuildinf.pl]=util/Foo.pm
+
+
+A few notes worth mentioning:
+
+LIBS may be used to declare routine libraries only.
+
+PROGRAMS may be used to declare programs only.
+
+ENGINES may be used to declare engines only.
+
+The indexes for SOURCE must only be end product files, such as
+libraries, programs or engines.  The values of SOURCE variables must
+only be source files (possibly generated).
+
+INCLUDE and DEPEND shows a relationship between different files
+(usually produced files) or between files and directories, such as a
+program depending on a library, or between an object file and some
+extra source file.
+
+When Configure processes the build.info files, it will take it as
+truth without question, and will therefore perform very few checks.
+If the build tree is separate from the source tree, it will assume
+that all built files and up in the build directory and that all source
+files are to be found in the source tree, if they can be found there.
+Configure will assume that source files that can't be found in the
+source tree (such as 'crypto/bildinf.h' in the example above) are
+generated and will be found in the build tree.
+
+
+The %unified_info database
+--------------------------
+
+The information in all the build.info get digested by Configure and
+collected into the %unified_info database, divided into the following
+indexes:
+
+  depends   => a hash table containing 'file' => [ 'dependency' ... ]
+               pairs.  These are directly inferred from the DEPEND
+               variables in build.info files.
+
+  engines   => a list of engines.  These are directly inferred from
+               the ENGINES variable in build.info files.
+
+  generate  => a hash table containing 'file' => [ 'generator' ... ]
+               pairs.  These are directly inferred from the GENERATE
+               variables in build.info files.
+
+  includes  => a hash table containing 'file' => [ 'include' ... ]
+               pairs.  These are directly inferred from the INCLUDE
+               variables in build.info files.
+
+  install   => a hash table containing 'type' => [ 'file' ... ] pairs.
+               The types are 'programs', 'libraries', 'engines' and
+               'scripts', and the array of files list the files of
+               that type that should be installed.
+
+  libraries => a list of libraries.  These are directly inferred from
+               the LIBS variable in build.info files.
+
+  programs  => a list of programs.  These are directly inferred from
+               the PROGRAMS variable in build.info files.
+
+  rawlines  => a list of build-file lines.  These are a direct copy of
+               the BEGINRAW..ENDRAW lines in build.info files.  Note:
+               only the BEGINRAW..ENDRAW section for the current
+               platform are copied, the rest are ignored.
+
+  scripts   => a list of scripts.  There are directly inferred from
+               the SCRIPTS variable in build.info files.
+
+  sources   => a hash table containing 'file' => [ 'sourcefile' ... ]
+               pairs.  These are indirectly inferred from the SOURCE
+               variables in build.info files.  Object files are
+               mentioned in this hash table, with source files from
+               SOURCE variables, and AS source files for programs and
+               libraries.
+
+  shared_sources =>
+               a hash table just like 'sources', but only as source
+               files (object files) for building shared libraries.
+
+As an example, here is how the build.info files example from the
+section above would be digested into a %unified_info table:
+
+    our %unified_info = (
+        "depends" =>
+            {
+                "apps/openssl" =>
+                    [
+                        "libssl",
+                    ],
+                "crypto/buildinf.h" =>
+                    [
+                        "Makefile",
+                    ],
+                "crypto/cversion.o" =>
+                    [
+                        "crypto/buildinf.h",
+                    ],
+                "engines/dasync" =>
+                    [
+                        "libcrypto",
+                    ],
+                "engines/ossltest" =>
+                    [
+                        "libcrypto.a",
+                    ],
+                "libssl" =>
+                    [
+                        "libcrypto",
+                    ],
+                "util/mkbuildinf.pl" =>
+                    [
+                        "util/Foo.pm",
+                    ],
+            },
+        "engines" =>
+            [
+                "engines/dasync",
+                "engines/ossltest",
+            ],
+        "generate" =>
+            {
+                "crypto/buildinf.h" =>
+                    [
+                        "util/mkbuildinf.pl",
+                        "\"\$(CC)",
+                        "\$(CFLAGS)\"",
+                        "\"$(PLATFORM)\"",
+                    ],
+            },
+        "includes" =>
+            {
+                "apps/openssl" =>
+                    [
+                        ".",
+                        "include",
+                    ],
+                "engines/ossltest" =>
+                    [
+                        "include"
+                    ],
+                "libcrypto" =>
+                    [
+                        "include",
+                    ],
+                "libssl" =>
+                    [
+                        "include",
+                    ],
+                "util/mkbuildinf.pl" =>
+                    [
+                        "util",
+                    ],
+            }
+        "install" =>
+            {
+                "engines" =>
+                    [
+                        "engines/dasync",
+                    ],
+                "libraries" =>
+                    [
+                        "libcrypto",
+                        "libssl",
+                    ],
+                "programs" =>
+                    [
+                        "apps/openssl",
+                    ],
+           },
+        "libraries" =>
+            [
+                "libcrypto",
+                "libssl",
+            ],
+        "programs" =>
+            [
+                "apps/openssl",
+            ],
+        "rawlines" =>
+            [
+            ],
+        "sources" =>
+            {
+                "apps/openssl" =>
+                    [
+                        "apps/openssl.o",
+                    ],
+                "apps/openssl.o" =>
+                    [
+                        "apps/openssl.c",
+                    ],
+                "crypto/aes.o" =>
+                    [
+                        "crypto/aes.c",
+                    ],
+                "crypto/cversion.o" =>
+                    [
+                        "crypto/cversion.c",
+                    ],
+                "crypto/evp.o" =>
+                    [
+                        "crypto/evp.c",
+                    ],
+                "engines/e_dasync.o" =>
+                    [
+                        "engines/e_dasync.c",
+                    ],
+                "engines/dasync" =>
+                    [
+                        "engines/e_dasync.o",
+                    ],
+                "engines/e_ossltest.o" =>
+                    [
+                        "engines/e_ossltest.c",
+                    ],
+                "engines/ossltest" =>
+                    [
+                        "engines/e_ossltest.o",
+                    ],
+                "libcrypto" =>
+                    [
+                        "crypto/aes.c",
+                        "crypto/cversion.c",
+                        "crypto/evp.c",
+                    ],
+                "libssl" =>
+                    [
+                        "ssl/tls.c",
+                    ],
+                "ssl/tls.o" =>
+                    [
+                        "ssl/tls.c",
+                    ],
+            },
+    );
+
+As can be seen, everything in %unified_info is fairly simple suggest
+of information.  Still, it tells us that to build all programs, we
+must build 'apps/openssl', and to build the latter, we will need to
+build all its sources ('apps/openssl.o' in this case) and all the
+other things it depends on (such as 'libssl').  All those dependencies
+need to be built as well, using the same logic, so to build 'libssl',
+we need to build 'ssl/tls.o' as well as 'libcrypto', and to build the
+latter...
+
+
+Build-file templates
+--------------------
+
+Build-file templates are essentially build-files (such as Makefile on
+Unix) with perl code fragments mixed in.  Those perl code fragment
+will generate all the configuration dependent data, including all the
+rules needed to build end product files and intermediary files alike.
+At a minimum, there must be a perl code fragment that defines a set of
+functions that are used to generates specific build-file rules, to
+build static libraries from object files, to build shared libraries
+from static libraries, to programs from object files and libraries,
+etc.
+
+    generatesrc - function that produces build file lines to generate
+                  a source file from some input.
+
+                  It's called like this:
+
+                        generatesrc(src => "PATH/TO/tobegenerated",
+                                    generator => [ "generatingfile", ... ]
+                                    generator_incs => [ "INCL/PATH", ... ]
+                                    generator_deps => [ "dep1", ... ]
+                                    incs => [ "INCL/PATH", ... ],
+                                    deps => [ "dep1", ... ],
+                                    intent => one of "libs", "dso", "bin" );
+
+                  'src' has the name of the file to be generated.
+                  'generator' is the command or part of command to
+                  generate the file, of which the first item is
+                  expected to be the file to generate from.
+                  generatesrc() is expected to analyse and figure out
+                  exactly how to apply that file and how to capture
+                  the result.  'generator_incs' and 'generator_deps'
+                  are include directories and files that the generator
+                  file itself depends on.  'incs' and 'deps' are
+                  include directories and files that are used if $(CC)
+                  is used as an intermediary step when generating the
+                  end product (the file indicated by 'src').  'intent'
+                  indicates what the generated file is going to be
+                  used for.
+
+    src2obj     - function that produces build file lines to build an
+                  object file from source files and associated data.
+
+                  It's called like this:
+
+                        src2obj(obj => "PATH/TO/objectfile",
+                                srcs => [ "PATH/TO/sourcefile", ... ],
+                                deps => [ "dep1", ... ],
+                                incs => [ "INCL/PATH", ... ]
+                                intent => one of "lib", "dso", "bin" );
+
+                  'obj' has the intended object file *without*
+                  extension, src2obj() is expected to add that.
+                  'srcs' has the list of source files to build the
+                  object file, with the first item being the source
+                  file that directly corresponds to the object file.
+                  'deps' is a list of explicit dependencies.  'incs'
+                  is a list of include file directories.  Finally,
+                  'intent' indicates what this object file is going
+                  to be used for.
+
+    obj2lib     - function that produces build file lines to build a
+                  static library file ("libfoo.a" in Unix terms) from
+                  object files.
+
+                  called like this:
+
+                        obj2lib(lib => "PATH/TO/libfile",
+                                objs => [ "PATH/TO/objectfile", ... ]);
+
+                  'lib' has the intended library file name *without*
+                  extension, obj2lib is expected to add that.  'objs'
+                  has the list of object files (also *without*
+                  extension) to build this library.
+
+    libobj2shlib - function that produces build file lines to build a
+                  shareable object library file ("libfoo.so" in Unix
+                  terms) from the corresponding static library file
+                  or object files.
+
+                  called like this:
+
+                        libobj2shlib(shlib => "PATH/TO/shlibfile",
+                                     lib => "PATH/TO/libfile",
+                                     objs => [ "PATH/TO/objectfile", ... ],
+                                     deps => [ "PATH/TO/otherlibfile", ... ]);
+
+                  'lib' has the intended library file name *without*
+                  extension, libobj2shlib is expected to add that.
+                  'shlib' has the corresponding shared library name
+                  *without* extension.  'deps' has the list of other
+                  libraries (also *without* extension) this library
+                  needs to be linked with.  'objs' has the list of
+                  object files (also *without* extension) to build
+                  this library.
+
+                  This function has a choice; it can use the
+                  corresponding static library as input to make the
+                  shared library, or the list of object files.
+
+    obj2dynlib  - function that produces build file lines to build a
+                  dynamically loadable library file ("libfoo.so" on
+                  Unix) from object files.
+
+                  called like this:
+
+                        obj2dynlib(lib => "PATH/TO/libfile",
+                                   objs => [ "PATH/TO/objectfile", ... ],
+                                   deps => [ "PATH/TO/otherlibfile",
+                                   ... ]);
+
+                  This is almost the same as libobj2shlib, but the
+                  intent is to build a shareable library that can be
+                  loaded in runtime (a "plugin"...).  The differences
+                  are subtle, one of the most visible ones is that the
+                  resulting shareable library is produced from object
+                  files only.
+
+    obj2bin     - function that produces build file lines to build an
+                  executable file from object files.
+
+                  called like this:
+
+                        obj2bin(bin => "PATH/TO/binfile",
+                                objs => [ "PATH/TO/objectfile", ... ],
+                                deps => [ "PATH/TO/libfile", ... ]);
+
+                  'bin' has the intended executable file name
+                  *without* extension, obj2bin is expected to add
+                  that.  'objs' has the list of object files (also
+                  *without* extension) to build this library.  'deps'
+                  has the list of library files (also *without*
+                  extension) that the programs needs to be linked
+                  with.
+
+    in2script   - function that produces build file lines to build a
+                  script file from some input.
+
+                  called like this:
+
+                        in2script(script => "PATH/TO/scriptfile",
+                                  sources => [ "PATH/TO/infile", ... ]);
+
+                  'script' has the intended script file name.
+                  'sources' has the list of source files to build the
+                  resulting script from.
+
+Along with the build-file templates is the driving engine
+Configurations/common.tmpl, which looks through all the information in
+%unified_info and generates all the rulesets to build libraries,
+programs and all intermediate files, using the rule generating
+functions defined in the build-file template.
+
+As an example with the smaller build.info set we've seen as an
+example, producing the rules to build 'libcrypto' would result in the
+following calls:
+
+    # Note: libobj2shlib will only be called if shared libraries are
+    # to be produced.
+    # Note 2: libobj2shlib gets both the name of the static library
+    # and the names of all the object files that go into it.  It's up
+    # to the implementation to decide which to use as input.
+    # Note 3: common.tmpl peals off the ".o" extension from all object
+    # files, as the platform at hand may have a different one.
+    libobj2shlib(shlib => "libcrypto",
+                 lib => "libcrypto",
+                 objs => [ "crypto/aes", "crypto/evp", "crypto/cversion" ],
+                 deps => [  ]);
+
+    obj2lib(lib => "libcrypto"
+            objs => [ "crypto/aes", "crypto/evp", "crypto/cversion" ]);
+
+    src2obj(obj => "crypto/aes"
+            srcs => [ "crypto/aes.c" ],
+            deps => [ ],
+            incs => [ "include" ],
+            intent => "lib");
+
+    src2obj(obj => "crypto/evp"
+            srcs => [ "crypto/evp.c" ],
+            deps => [ ],
+            incs => [ "include" ],
+            intent => "lib");
+
+    src2obj(obj => "crypto/cversion"
+            srcs => [ "crypto/cversion.c" ],
+            deps => [ "crypto/buildinf.h" ],
+            incs => [ "include" ],
+            intent => "lib");
+
+    generatesrc(src => "crypto/buildinf.h",
+                generator => [ "util/mkbuildinf.pl", "\"$(CC)",
+                               "$(CFLAGS)\"", "\"$(PLATFORM)\"" ],
+                generator_incs => [ "util" ],
+                generator_deps => [ "util/Foo.pm" ],
+                incs => [ ],
+                deps => [ ],
+                intent => "lib");
+
+The returned strings from all those calls are then concatenated
+together and written to the resulting build-file.
diff --git a/trunk/3rdparty/openssl-1.1-fit/Configurations/common.tmpl b/trunk/3rdparty/openssl-1.1-fit/Configurations/common.tmpl
new file mode 100644
index 000000000..3a466eeb6
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/Configurations/common.tmpl
@@ -0,0 +1,221 @@
+{- # -*- Mode: perl -*-
+
+ use File::Basename;
+
+ # A cache of objects for which a recipe has already been generated
+ my %cache;
+
+ # resolvedepends and reducedepends work in tandem to make sure
+ # there are no duplicate dependencies and that they are in the
+ # right order.  This is especially used to sort the list of
+ # libraries that a build depends on.
+ sub extensionlesslib {
+     my @result = map { $_ =~ /(\.a)?$/; $` } @_;
+     return @result if wantarray;
+     return $result[0];
+ }
+ sub resolvedepends {
+     my $thing = shift;
+     my $extensionlessthing = extensionlesslib($thing);
+     my @listsofar = @_;    # to check if we're looping
+     my @list = @{$unified_info{depends}->{$thing} //
+                      $unified_info{depends}->{$extensionlessthing}};
+     my @newlist = ();
+     if (scalar @list) {
+         foreach my $item (@list) {
+             my $extensionlessitem = extensionlesslib($item);
+             # It's time to break off when the dependency list starts looping
+             next if grep { extensionlesslib($_) eq $extensionlessitem } @listsofar;
+             push @newlist, $item, resolvedepends($item, @listsofar, $item);
+         }
+     }
+     @newlist;
+ }
+ sub reducedepends {
+     my @list = @_;
+     my @newlist = ();
+     my %replace = ();
+     while (@list) {
+         my $item = shift @list;
+         my $extensionlessitem = extensionlesslib($item);
+         if (grep { $extensionlessitem eq extensionlesslib($_) } @list) {
+             if ($item ne $extensionlessitem) {
+                 # If this instance of the library is explicitly static, we
+                 # prefer that to any shared library name, since it must have
+                 # been done on purpose.
+                 $replace{$extensionlessitem} = $item;
+             }
+         } else {
+             push @newlist, $item;
+         }
+     }
+     map { $replace{$_} // $_; } @newlist;
+ }
+
+ # is_installed checks if a given file will be installed (i.e. they are
+ # not defined _NO_INST in build.info)
+ sub is_installed {
+     my $product = shift;
+     if (grep { $product eq $_ }
+         map { (@{$unified_info{install}->{$_}}) }
+         keys %{$unified_info{install}}) {
+         return 1;
+     }
+     return 0;
+ }
+
+ # dogenerate is responsible for producing all the recipes that build
+ # generated source files.  It recurses in case a dependency is also a
+ # generated source file.
+ sub dogenerate {
+     my $src = shift;
+     return "" if $cache{$src};
+     my $obj = shift;
+     my $bin = shift;
+     my %opts = @_;
+     if ($unified_info{generate}->{$src}) {
+         die "$src is generated by Configure, should not appear in build file\n"
+             if ref $unified_info{generate}->{$src} eq "";
+         my $script = $unified_info{generate}->{$src}->[0];
+         $OUT .= generatesrc(src => $src,
+                             generator => $unified_info{generate}->{$src},
+                             generator_incs => $unified_info{includes}->{$script},
+                             generator_deps => $unified_info{depends}->{$script},
+                             deps => $unified_info{depends}->{$src},
+                             incs => $unified_info{includes}->{$obj},
+                             %opts);
+         foreach (@{$unified_info{depends}->{$src}}) {
+             dogenerate($_, $obj, $bin, %opts);
+         }
+     }
+     $cache{$src} = 1;
+ }
+
+ # doobj is responsible for producing all the recipes that build
+ # object files as well as dependency files.
+ sub doobj {
+     my $obj = shift;
+     return "" if $cache{$obj};
+     my $bin = shift;
+     my %opts = @_;
+     if (@{$unified_info{sources}->{$obj}}) {
+         $OUT .= src2obj(obj => $obj,
+                         product => $bin,
+                         srcs => $unified_info{sources}->{$obj},
+                         deps => $unified_info{depends}->{$obj},
+                         incs => $unified_info{includes}->{$obj},
+                         %opts);
+         foreach ((@{$unified_info{sources}->{$obj}},
+                   @{$unified_info{depends}->{$obj}})) {
+             dogenerate($_, $obj, $bin, %opts);
+         }
+     }
+     $cache{$obj} = 1;
+ }
+
+ # dolib is responsible for building libraries.  It will call
+ # libobj2shlib is shared libraries are produced, and obj2lib in all
+ # cases.  It also makes sure all object files for the library are
+ # built.
+ sub dolib {
+     my $lib = shift;
+     return "" if $cache{$lib};
+     unless ($disabled{shared} || $lib =~ /\.a$/) {
+         $OUT .= libobj2shlib(shlib => $unified_info{sharednames}->{$lib},
+                              lib => $lib,
+                              objs => [ @{$unified_info{shared_sources}->{$lib}},
+                                        @{$unified_info{sources}->{$lib}} ],
+                              deps => [ reducedepends(resolvedepends($lib)) ],
+                              installed => is_installed($lib));
+         foreach ((@{$unified_info{shared_sources}->{$lib}},
+                   @{$unified_info{sources}->{$lib}})) {
+             # If this is somehow a compiled object, take care of it that way
+             # Otherwise, it might simply be generated
+             if (defined $unified_info{sources}->{$_}) {
+                 doobj($_, $lib, intent => "lib", installed => is_installed($lib));
+             } else {
+                 dogenerate($_, undef, undef, intent => "lib");
+             }
+         }
+     }
+     $OUT .= obj2lib(lib => $lib,
+                     objs => [ @{$unified_info{sources}->{$lib}} ]);
+     foreach (@{$unified_info{sources}->{$lib}}) {
+         doobj($_, $lib, intent => "lib", installed => is_installed($lib));
+     }
+     $cache{$lib} = 1;
+ }
+
+ # doengine is responsible for building engines.  It will call
+ # obj2dso, and also makes sure all object files for the library
+ # are built.
+ sub doengine {
+     my $lib = shift;
+     return "" if $cache{$lib};
+     $OUT .= obj2dso(lib => $lib,
+                     objs => [ @{$unified_info{sources}->{$lib}},
+                               @{$unified_info{shared_sources}->{$lib}} ],
+                     deps => [ resolvedepends($lib) ],
+                     installed => is_installed($lib));
+     foreach ((@{$unified_info{sources}->{$lib}},
+               @{$unified_info{shared_sources}->{$lib}})) {
+         doobj($_, $lib, intent => "dso", installed => is_installed($lib));
+     }
+     $cache{$lib} = 1;
+ }
+
+ # dobin is responsible for building programs.  It will call obj2bin,
+ # and also makes sure all object files for the library are built.
+ sub dobin {
+     my $bin = shift;
+     return "" if $cache{$bin};
+     my $deps = [ reducedepends(resolvedepends($bin)) ];
+     $OUT .= obj2bin(bin => $bin,
+                     objs => [ @{$unified_info{sources}->{$bin}} ],
+                     deps => $deps,
+                     installed => is_installed($bin));
+     foreach (@{$unified_info{sources}->{$bin}}) {
+         doobj($_, $bin, intent => "bin", installed => is_installed($bin));
+     }
+     $cache{$bin} = 1;
+ }
+
+ # dobin is responsible for building scripts from templates.  It will
+ # call in2script.
+ sub doscript {
+     my $script = shift;
+     return "" if $cache{$script};
+     $OUT .= in2script(script => $script,
+                       sources => $unified_info{sources}->{$script},
+                       installed => is_installed($script));
+     $cache{$script} = 1;
+ }
+
+ sub dodir {
+     my $dir = shift;
+     return "" if !exists(&generatedir) or $cache{$dir};
+     $OUT .= generatedir(dir => $dir,
+                         deps => $unified_info{dirinfo}->{$dir}->{deps},
+                         %{$unified_info{dirinfo}->{$_}->{products}});
+     $cache{$dir} = 1;
+ }
+
+ # Start with populating the cache with all the overrides
+ %cache = map { $_ => 1 } @{$unified_info{overrides}};
+
+ # Build mandatory generated headers
+ foreach (@{$unified_info{depends}->{""}}) { dogenerate($_); }
+
+ # Build all known libraries, engines, programs and scripts.
+ # Everything else will be handled as a consequence.
+ foreach (@{$unified_info{libraries}}) { dolib($_);    }
+ foreach (@{$unified_info{engines}})   { doengine($_); }
+ foreach (@{$unified_info{programs}})  { dobin($_);    }
+ foreach (@{$unified_info{scripts}})   { doscript($_); }
+
+ foreach (sort keys %{$unified_info{dirinfo}})  { dodir($_); }
+
+ # Finally, should there be any applicable BEGINRAW/ENDRAW sections,
+ # they are added here.
+ $OUT .= $_."\n" foreach @{$unified_info{rawlines}};
+-}
diff --git a/trunk/3rdparty/openssl-1.1-fit/Configurations/common0.tmpl b/trunk/3rdparty/openssl-1.1-fit/Configurations/common0.tmpl
new file mode 100644
index 000000000..03acb3e0b
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/Configurations/common0.tmpl
@@ -0,0 +1,31 @@
+{- # -*- Mode: perl -*-
+
+ # Commonly used list of generated files
+ # The reason for the complexity is that the build.info files provide
+ # GENERATE rules for *all* platforms without discrimination, while the
+ # build files only want those for a particular build.  Therefore, we
+ # need to extrapolate exactly what we need to generate.  The way to do
+ # that is to extract all possible source files from diverse tables and
+ # filter out all that are not generated
+ my %generatables =
+     map { $_ => 1 }
+     ( # The sources of stuff may be generated
+         ( map { @{$unified_info{sources}->{$_}} }
+               keys %{$unified_info{sources}} ),
+         $disabled{shared}
+             ? ()
+             : ( map { @{$unified_info{shared_sources}->{$_}} }
+                 keys %{$unified_info{shared_sources}} ),
+         # Things we explicitly depend on are usually generated
+         ( map { $_ eq "" ? () : @{$unified_info{depends}->{$_}} }
+               keys %{$unified_info{depends}} ));
+ our @generated =
+     sort ( ( grep { defined $unified_info{generate}->{$_} }
+              sort keys %generatables ),
+            # Scripts are assumed to be generated, so add thhem too
+            ( grep { defined $unified_info{sources}->{$_} }
+              @{$unified_info{scripts}} ) );
+
+ # Avoid strange output
+ "";
+-}
diff --git a/trunk/3rdparty/openssl-1.1-fit/Configurations/descrip.mms.tmpl b/trunk/3rdparty/openssl-1.1-fit/Configurations/descrip.mms.tmpl
new file mode 100644
index 000000000..0ccd5f075
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/Configurations/descrip.mms.tmpl
@@ -0,0 +1,1125 @@
+## descrip.mms to build OpenSSL on OpenVMS
+##
+## {- join("\n## ", @autowarntext) -}
+{-
+  use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs/;
+  use File::Basename;
+
+  # Our prefix, claimed when speaking with the VSI folks Tuesday
+  # January 26th 2016
+  our $osslprefix = 'OSSL$';
+  (our $osslprefix_q = $osslprefix) =~ s/\$/\\\$/;
+
+  our $sover_dirname = sprintf "%02d%02d", split(/\./, $config{shlib_version_number});
+  our $osslver = sprintf "%02d%02d", split(/\./, $config{version});
+
+  our $sourcedir = $config{sourcedir};
+  our $builddir = $config{builddir};
+  sub sourcefile {
+      catfile($sourcedir, @_);
+  }
+  sub buildfile {
+      catfile($builddir, @_);
+  }
+  sub sourcedir {
+      catdir($sourcedir, @_);
+  }
+  sub builddir {
+      catdir($builddir, @_);
+  }
+  sub tree {
+      (my $x = shift) =~ s|\]$|...]|;
+      $x
+  }
+  sub move {
+      my $f = catdir(@_);
+      my $b = abs2rel(rel2abs("."),rel2abs($f));
+      $sourcedir = catdir($b,$sourcedir)
+          if !file_name_is_absolute($sourcedir);
+      $builddir = catdir($b,$builddir)
+          if !file_name_is_absolute($builddir);
+      "";
+  }
+
+  # Because we need to make two computations of these data,
+  # we store them in arrays for reuse
+  our @libs =
+      map { (my $x = $_) =~ s/\.a$//; $x }
+      @{$unified_info{libraries}};
+  our @shlibs =
+      map { $unified_info{sharednames}->{$_} || () }
+      grep(!/\.a$/, @{$unified_info{libraries}});
+  our @install_libs =
+      map { (my $x = $_) =~ s/\.a$//; $x }
+      @{$unified_info{install}->{libraries}};
+  our @install_shlibs =
+      map { $unified_info{sharednames}->{$_} || () }
+      grep(!/\.a$/, @{$unified_info{install}->{libraries}});
+
+  # This is a horrible hack, but is needed because recursive inclusion of files
+  # in different directories does not work well with HP C.
+  my $sd = sourcedir("crypto", "async", "arch");
+  foreach (grep /\[\.crypto\.async\.arch\].*\.o$/, keys %{$unified_info{sources}}) {
+      (my $x = $_) =~ s|\.o$|.OBJ|;
+      $unified_info{before}->{$x}
+          = qq(arch_include = F\$PARSE("$sd","A.;",,,"SYNTAX_ONLY") - "A.;"
+        define arch 'arch_include');
+      $unified_info{after}->{$x}
+          = qq(deassign arch);
+  }
+  my $sd1 = sourcedir("ssl","record");
+  my $sd2 = sourcedir("ssl","statem");
+  my @ssl_locl_users = grep(/^\[\.(?:ssl\.(?:record|statem)|test)\].*\.o$/,
+                            keys %{$unified_info{sources}});
+  foreach (@ssl_locl_users) {
+      (my $x = $_) =~ s|\.o$|.OBJ|;
+      $unified_info{before}->{$x}
+          = qq(record_include = F\$PARSE("$sd1","A.;",,,"SYNTAX_ONLY") - "A.;"
+        define record 'record_include'
+        statem_include = F\$PARSE("$sd2","A.;",,,"SYNTAX_ONLY") - "A.;"
+        define statem 'statem_include');
+      $unified_info{after}->{$x}
+          = qq(deassign statem
+        deassign record);
+  }
+  # This makes sure things get built in the order they need
+  # to. You're welcome.
+  sub dependmagic {
+      my $target = shift;
+
+      return "$target : build_generated\n\t\pipe \$(MMS) \$(MMSQUALIFIERS) depend && \$(MMS) \$(MMSQUALIFIERS) _$target\n_$target";
+  }
+  #use Data::Dumper;
+  #print STDERR "DEBUG: before:\n", Dumper($unified_info{before});
+  #print STDERR "DEBUG: after:\n", Dumper($unified_info{after});
+  "";
+-}
+PLATFORM={- $config{target} -}
+OPTIONS={- $config{options} -}
+CONFIGURE_ARGS=({- join(", ",quotify_l(@{$config{perlargv}})) -})
+SRCDIR={- $config{sourcedir} -}
+BLDDIR={- $config{builddir} -}
+
+# Allow both V and VERBOSE to indicate verbosity.  This only applies
+# to testing.
+VERBOSE=$(V)
+
+VERSION={- $config{version} -}
+MAJOR={- $config{major} -}
+MINOR={- $config{minor} -}
+SHLIB_VERSION_NUMBER={- $config{shlib_version_number} -}
+SHLIB_VERSION_HISTORY={- $config{shlib_version_history} -}
+SHLIB_MAJOR={- $config{shlib_major} -}
+SHLIB_MINOR={- $config{shlib_minor} -}
+SHLIB_TARGET={- $target{shared_target} -}
+
+EXE_EXT=.EXE
+LIB_EXT=.OLB
+SHLIB_EXT=.EXE
+OBJ_EXT=.OBJ
+DEP_EXT=.D
+
+LIBS={- join(", ", map { "-\n\t".$_.".OLB" } @libs) -}
+SHLIBS={- join(", ", map { "-\n\t".$_.".EXE" } @shlibs) -}
+ENGINES={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{engines}}) -}
+PROGRAMS={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{programs}}) -}
+SCRIPTS={- join(", ", map { "-\n\t".$_ } @{$unified_info{scripts}}) -}
+{- output_off() if $disabled{makedepend}; "" -}
+DEPS={- our @deps = map { (my $x = $_) =~ s|\.o$|\$(DEP_EXT)|; $x; }
+                    grep { $unified_info{sources}->{$_}->[0] =~ /\.c$/ }
+                    keys %{$unified_info{sources}};
+        join(", ", map { "-\n\t".$_ } @deps); -}
+{- output_on() if $disabled{makedepend}; "" -}
+GENERATED_MANDATORY={- join(", ", map { "-\n\t".$_ } @{$unified_info{depends}->{""}} ) -}
+GENERATED={- # common0.tmpl provides @generated
+             join(", ", map { (my $x = $_) =~ s|\.[sS]$|.asm|; "-\n\t".$x }
+                        @generated) -}
+
+INSTALL_LIBS={- join(", ", map { "-\n\t".$_.".OLB" } @install_libs) -}
+INSTALL_SHLIBS={- join(", ", map { "-\n\t".$_.".EXE" } @install_shlibs) -}
+INSTALL_ENGINES={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{install}->{engines}}) -}
+INSTALL_PROGRAMS={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{install}->{programs}}) -}
+{- output_off() if $disabled{apps}; "" -}
+BIN_SCRIPTS=[.tools]c_rehash.pl
+MISC_SCRIPTS=[.apps]CA.pl, [.apps]tsget.pl
+{- output_on() if $disabled{apps}; "" -}
+
+APPS_OPENSSL={- use File::Spec::Functions;
+                catfile("apps","openssl") -}
+
+# DESTDIR is for package builders so that they can configure for, say,
+# SYS$COMMON:[OPENSSL] and yet have everything installed in STAGING:[USER].
+# In that case, configure with --prefix=SYS$COMMON:[OPENSSL] and then run
+# MMS with /MACROS=(DESTDIR=STAGING:[USER]).  The result will end up in
+# STAGING:[USER.OPENSSL].
+# Normally it is left empty.
+DESTDIR=
+
+# Do not edit this manually. Use Configure --prefix=DIR to change this!
+INSTALLTOP={- our $installtop =
+                  catdir($config{prefix}) || "SYS\$COMMON:[OPENSSL]";
+              $installtop -}
+SYSTARTUP={- catdir($installtop, '[.SYS$STARTUP]'); -}
+# This is the standard central area to store certificates, private keys...
+OPENSSLDIR={- catdir($config{openssldir}) or
+              $config{prefix} ? catdir($config{prefix},"COMMON")
+                              : "SYS\$COMMON:[OPENSSL-COMMON]" -}
+# The same, but for C
+OPENSSLDIR_C={- $osslprefix -}DATAROOT:[000000]
+# Where installed engines reside, for C
+ENGINESDIR_C={- $osslprefix -}ENGINES{- $sover_dirname.$target{pointer_size} -}:
+
+##### User defined commands and flags ################################
+
+CC={- $config{CC} -}
+CPP={- $config{CPP} -}
+DEFINES={- our $defines1 = join('', map { ",$_" } @{$config{CPPDEFINES}}) -}
+INCLUDES={- our $includes1 = join(',', @{$config{CPPINCLUDES}}) -}
+CPPFLAGS={- our $cppflags1 = join('', @{$config{CPPFLAGS}}) -}
+CFLAGS={- join('', @{$config{CFLAGS}}) -}
+LDFLAGS={- join('', @{$config{LFLAGS}}) -}
+EX_LIBS={- join('', map { ",$_" } @{$config{LDLIBS}}) -}
+
+PERL={- $config{PERL} -}
+
+AS={- $config{AS} -}
+ASFLAGS={- join(' ', @{$config{ASFLAGS}}) -}
+
+##### Special command flags ##########################################
+
+ASOUTFLAG={- $target{asoutflag} -}$(OSSL_EMPTY)
+
+##### Project flags ##################################################
+
+# Variables starting with CNF_ are common variables for all product types
+
+CNF_ASFLAGS={- join('', $target{asflags} || (),
+                        @{$config{asflags}}) -}
+CNF_DEFINES={- our $defines2 = join('', map { ",$_" } @{$target{defines}},
+                                                      @{$config{defines}}) -}
+CNF_INCLUDES={- our $includes2 = join(',', @{$target{includes}},
+                                           @{$config{includes}}) -}
+CNF_CPPFLAGS={- our $cppflags2 = join('', $target{cppflags} || (),
+                                          @{$config{cppflags}}) -}
+CNF_CFLAGS={- join('', $target{cflags} || (),
+                       @{$config{cflags}}) -}
+CNF_CXXFLAGS={- join('', $target{cxxflags} || (),
+                         @{$config{cxxflags}}) -}
+CNF_LDFLAGS={- join('', $target{lflags} || (),
+                        @{$config{lflags}}) -}
+CNF_EX_LIBS={- join('', map{ ",$_" } @{$target{ex_libs}},
+                                     @{$config{ex_libs}}) -}
+
+# Variables starting with LIB_ are used to build library object files
+# and shared libraries.
+# Variables starting with DSO_ are used to build DSOs and their object files.
+# Variables starting with BIN_ are used to build programs and their object
+# files.
+
+LIB_ASFLAGS={- join(' ', $target{lib_asflags} || (),
+                         @{$config{lib_asflags}},
+                         '$(CNF_ASFLAGS)', '$(ASFLAGS)') -}
+LIB_DEFINES={- our $lib_defines =
+               join('', (map { ",$_" } @{$target{lib_defines}},
+                                       @{$target{shared_defines}},
+                                       @{$config{lib_defines}},
+                                       @{$config{shared_defines}}));
+               join('', $lib_defines,
+                        (map { ",$_" } 'OPENSSLDIR="""$(OPENSSLDIR_C)"""',
+                                       'ENGINESDIR="""$(ENGINESDIR_C)"""'),
+                        '$(CNF_DEFINES)', '$(DEFINES)') -}
+LIB_INCLUDES={- our $lib_includes =
+                join(',', @{$target{lib_includes}},
+                          @{$target{shared_includes}},
+                          @{$config{lib_includes}},
+                          @{$config{shared_includes}}) -}
+LIB_CPPFLAGS={- our $lib_cppflags =
+                join('', $target{lib_cppflags} || (),
+                         $target{shared_cppflags} || (),
+                         @{$config{lib_cppflags}},
+                         @{$config{shared_cppflag}});
+                join('', "'qual_includes'",
+                         '/DEFINE=(__dummy$(LIB_DEFINES))',
+                         $lib_cppflags,
+                         '$(CNF_CPPFLAGS)', '$(CPPFLAGS)') -}
+LIB_CFLAGS={- join('', $target{lib_cflags} || (),
+                       $target{shared_cflag} || (),
+                       @{$config{lib_cflags}},
+                       @{$config{shared_cflag}},
+                       '$(CNF_CFLAGS)', '$(CFLAGS)') -}
+LIB_LDFLAGS={- join('', $target{lib_lflags} || (),
+                        $target{shared_ldflag} || (),
+                        @{$config{lib_lflags}},
+                        @{$config{shared_ldflag}},
+                        '$(CNF_LDFLAGS)', '$(LDFLAGS)') -}
+LIB_EX_LIBS=$(CNF_EX_LIBS)$(EX_LIBS)
+DSO_ASFLAGS={- join(' ', $target{dso_asflags} || (),
+                         $target{module_asflags} || (),
+                         @{$config{dso_asflags}},
+                         @{$config{module_asflags}},
+                         '$(CNF_ASFLAGS)', '$(ASFLAGS)') -}
+DSO_DEFINES={- join('', (map { ",$_" } @{$target{dso_defines}},
+                                       @{$target{module_defines}},
+                                       @{$config{dso_defines}},
+                                       @{$config{module_defines}}),
+                        '$(CNF_DEFINES)', '$(DEFINES)') -}
+DSO_INCLUDES={- join(',', @{$target{dso_includes}},
+                          @{$target{module_includes}},
+                          @{$config{dso_includes}},
+                          @{$config{module_includes}}) -}
+DSO_CPPFLAGS={- join('', "'qual_includes'",
+                         '/DEFINE=(__dummy$(DSO_DEFINES))',
+                         $target{dso_cppflags} || (),
+                         $target{module_cppflags} || (),
+                         @{$config{dso_cppflags}},
+                         @{$config{module_cppflags}},
+                         '$(CNF_CPPFLAGS)', '$(CPPFLAGS)') -}
+DSO_CFLAGS={- join('', $target{dso_cflags} || (),
+                       $target{module_cflags} || (),
+                       @{$config{dso_cflags}},
+                       @{$config{module_cflags}},
+                       '$(CNF_CFLAGS)', '$(CFLAGS)') -}
+DSO_LDFLAGS={- join('', $target{dso_lflags} || (),
+                        $target{module_ldflags} || (),
+                        @{$config{dso_lflags}},
+                        @{$config{module_ldflags}},
+                        '$(CNF_LDFLAGS)', '$(LDFLAGS)') -}
+DSO_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS)
+BIN_ASFLAGS={- join(' ', $target{bin_asflags} || (),
+                         @{$config{bin_asflags}},
+                         '$(CNF_ASFLAGS)', '$(ASFLAGS)') -}
+BIN_DEFINES={- join('', (map { ",$_" } @{$target{bin_defines}},
+                                       @{$config{bin_defines}}),
+                        '$(CNF_DEFINES)', '$(DEFINES)') -}
+BIN_INCLUDES={- join(',', @{$target{bin_includes}},
+                          @{$config{bin_includes}}) -}
+BIN_CPPFLAGS={- join('', "'qual_includes'",
+                         '/DEFINE=(__dummy$(DSO_DEFINES))',
+                         $target{bin_cppflags} || (),
+                         @{$config{bin_cppflag}},
+                         '$(CNF_CPPFLAGS)', '$(CPPFLAGS)') -}
+BIN_CFLAGS={- join('', $target{bin_cflag} || (),
+                       @{$config{bin_cflag}},
+                       '$(CNF_CFLAGS)', '$(CFLAGS)') -}
+BIN_LDFLAGS={- join('', $target{bin_lflags} || (),
+                        @{$config{bin_lflags}} || (),
+                        '$(CNF_LDFLAGS)', '$(LDFLAGS)') -}
+BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS)
+NO_INST_LIB_CFLAGS={- join('', $target{no_inst_lib_cflags}
+                               // $target{lib_cflags}
+                               // (),
+                               $target{shared_cflag} || (),
+                               @{$config{lib_cflags}},
+                               @{$config{shared_cflag}},
+                               '$(CNF_CFLAGS)', '$(CFLAGS)') -}
+NO_INST_DSO_CFLAGS={- join('', $target{no_inst_lib_cflags}
+                               // $target{lib_cflags}
+                               // (),
+                               $target{dso_cflags} || (),
+                               @{$config{lib_cflags}},
+                               @{$config{dso_cflags}},
+                               '$(CNF_CFLAGS)', '$(CFLAGS)') -}
+NO_INST_BIN_CFLAGS={- join('', $target{no_inst_bin_cflags}
+                               // $target{bin_cflags}
+                               // (),
+                               @{$config{bin_cflags}},
+                               '$(CNF_CFLAGS)', '$(CFLAGS)') -}
+
+PERLASM_SCHEME={- $target{perlasm_scheme} -}
+
+# CPPFLAGS_Q is used for one thing only: to build up buildinf.h
+CPPFLAGS_Q={- (my $c = $lib_cppflags.$cppflags2.$cppflags1) =~ s|"|""|g;
+              (my $d = $lib_defines.$defines2.$defines1) =~ s|"|""|g;
+              my $i = join(',', $lib_includes || (), $includes2 || (),
+                                $includes1 || ());
+              my $x = $c;
+              $x .= "/INCLUDE=($i)" if $i;
+              $x .= "/DEFINE=($d)" if $d;
+              $x; -}
+
+# .FIRST and .LAST are special targets with MMS and MMK.
+# The defines in there are for C.  includes that look like
+# this:
+#
+#    #include <openssl/foo.h>
+#    #include "internal/bar.h"
+#
+# will use the logical names to find the files.  Expecting
+# DECompHP C to find files in subdirectories of whatever was
+# given with /INCLUDE is a fantasy, unfortunately.
+NODEBUG=@
+.FIRST :
+        $(NODEBUG) openssl_inc1 = F$PARSE("[.include.openssl]","A.;",,,"syntax_only") - "A.;"
+        $(NODEBUG) openssl_inc2 = F$PARSE("{- catdir($config{sourcedir},"[.include.openssl]") -}","A.;",,,"SYNTAX_ONLY") - "A.;"
+        $(NODEBUG) internal_inc1 = F$PARSE("[.crypto.include.internal]","A.;",,,"SYNTAX_ONLY") - "A.;"
+        $(NODEBUG) internal_inc2 = F$PARSE("{- catdir($config{sourcedir},"[.include.internal]") -}","A.;",,,"SYNTAX_ONLY") - "A.;"
+        $(NODEBUG) internal_inc3 = F$PARSE("{- catdir($config{sourcedir},"[.crypto.include.internal]") -}","A.;",,,"SYNTAX_ONLY") - "A.;"
+        $(NODEBUG) DEFINE openssl 'openssl_inc1','openssl_inc2'
+        $(NODEBUG) DEFINE internal 'internal_inc1','internal_inc2','internal_inc3'
+        $(NODEBUG) staging_dir = "$(DESTDIR)"
+        $(NODEBUG) staging_instdir = ""
+        $(NODEBUG) staging_datadir = ""
+        $(NODEBUG) IF staging_dir .NES. "" THEN -
+                staging_instdir = F$PARSE("A.;",staging_dir,"[]",,"SYNTAX_ONLY")
+        $(NODEBUG) IF staging_instdir - "]A.;" .NES. staging_instdir THEN -
+                staging_instdir = staging_instdir - "]A.;" + ".OPENSSL-INSTALL]"
+        $(NODEBUG) IF staging_instdir - "A.;" .NES. staging_instdir THEN -
+                staging_instdir = staging_instdir - "A.;" + "[OPENSSL-INSTALL]"
+        $(NODEBUG) IF staging_dir .NES. "" THEN -
+                staging_datadir = F$PARSE("A.;",staging_dir,"[]",,"SYNTAX_ONLY")
+        $(NODEBUG) IF staging_datadir - "]A.;" .NES. staging_datadir THEN -
+                staging_datadir = staging_datadir - "]A.;" + ".OPENSSL-COMMON]"
+        $(NODEBUG) IF staging_datadir - "A.;" .NES. staging_datadir THEN -
+                staging_datadir = staging_datadir - "A.;" + "[OPENSSL-COMMON]"
+        $(NODEBUG) !
+        $(NODEBUG) ! Installation logical names
+        $(NODEBUG) !
+        $(NODEBUG) installtop = F$PARSE(staging_instdir,"$(INSTALLTOP)","[]A.;",,"SYNTAX_ONLY,NO_CONCEAL") - ".][000000" - "[000000." - "][" - "]A.;" + ".]"
+        $(NODEBUG) datatop = F$PARSE(staging_datadir,"$(OPENSSLDIR)","[]A.;",,"SYNTAX_ONLY,NO_CONCEAL") - ".][000000" - "[000000." - "][" - "]A.;" + ".]"
+        $(NODEBUG) DEFINE ossl_installroot 'installtop'
+        $(NODEBUG) DEFINE ossl_dataroot 'datatop'
+        $(NODEBUG) !
+        $(NODEBUG) ! Figure out the architecture
+        $(NODEBUG) !
+        $(NODEBUG) arch = f$edit( f$getsyi( "arch_name"), "upcase")
+        $(NODEBUG) !
+        $(NODEBUG) ! Set up logical names for the libraries, so LINK and
+        $(NODEBUG) ! running programs can use them.
+        $(NODEBUG) !
+        $(NODEBUG) {- join("\n\t\$(NODEBUG) ", map { "DEFINE ".uc($_)." 'F\$ENV(\"DEFAULT\")'".uc($_)."\$(SHLIB_EXT)" } @shlibs) || "!" -}
+
+.LAST :
+        $(NODEBUG) {- join("\n\t\$(NODEBUG) ", map { "DEASSIGN ".uc($_) } @shlibs) || "!" -}
+        $(NODEBUG) DEASSIGN ossl_dataroot
+        $(NODEBUG) DEASSIGN ossl_installroot
+        $(NODEBUG) DEASSIGN internal
+        $(NODEBUG) DEASSIGN openssl
+.DEFAULT :
+        @ ! MMS cannot handle no actions...
+
+# The main targets ###################################################
+
+{- dependmagic('all'); -} : build_libs_nodep, build_engines_nodep, build_programs_nodep
+{- dependmagic('build_libs'); -} : build_libs_nodep
+{- dependmagic('build_engines'); -} : build_engines_nodep
+{- dependmagic('build_programs'); -} : build_programs_nodep
+
+build_generated : $(GENERATED_MANDATORY)
+build_libs_nodep : $(LIBS), $(SHLIBS)
+build_engines_nodep : $(ENGINES)
+build_programs_nodep : $(PROGRAMS), $(SCRIPTS)
+
+# Kept around for backward compatibility
+build_apps build_tests : build_programs
+
+# Convenience target to prebuild all generated files, not just the mandatory
+# ones
+build_all_generated : $(GENERATED_MANDATORY) $(GENERATED)
+	@ ! {- output_off() if $disabled{makedepend}; "" -}
+	@ WRITE SYS$OUTPUT "Warning: consider configuring with no-makedepend, because if"
+	@ WRITE SYS$OUTPUT "         target system doesn't have $(PERL),"
+	@ WRITE SYS$OUTPUT "         then make will fail..."
+	@ ! {- output_on() if $disabled{makedepend}; "" -}
+
+test : tests
+{- dependmagic('tests'); -} : build_programs_nodep, build_engines_nodep
+        @ ! {- output_off() if $disabled{tests}; "" -}
+        SET DEFAULT [.test]{- move("test") -}
+        CREATE/DIR [.test-runs]
+        DEFINE SRCTOP {- sourcedir() -}
+        DEFINE BLDTOP {- builddir() -}
+        DEFINE RESULT_D {- builddir(qw(test test-runs)) -}
+        DEFINE OPENSSL_ENGINES {- builddir("engines") -}
+        DEFINE OPENSSL_DEBUG_MEMORY "on"
+        IF "$(VERBOSE)" .NES. "" THEN DEFINE VERBOSE "$(VERBOSE)"
+        $(PERL) {- sourcefile("test", "run_tests.pl") -} $(TESTS)
+        DEASSIGN OPENSSL_DEBUG_MEMORY
+        DEASSIGN OPENSSL_ENGINES
+        DEASSIGN BLDTOP
+        DEASSIGN SRCTOP
+        SET DEFAULT [-]{- move("..") -}
+        @ ! {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}
+        @ WRITE SYS$OUTPUT "Tests are not supported with your chosen Configure options"
+        @ ! {- output_on() if !$disabled{tests}; "" -}
+
+list-tests :
+        @ ! {- output_off() if $disabled{tests}; "" -}
+        @ DEFINE SRCTOP {- sourcedir() -}
+        @ $(PERL) {- sourcefile("test", "run_tests.pl") -} list
+        @ DEASSIGN SRCTOP
+        @ ! {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}
+        @ WRITE SYS$OUTPUT "Tests are not supported with your chosen Configure options"
+        @ ! {- output_on() if !$disabled{tests}; "" -}
+
+install : install_sw install_ssldirs install_docs
+        @ WRITE SYS$OUTPUT ""
+        @ WRITE SYS$OUTPUT "######################################################################"
+        @ WRITE SYS$OUTPUT ""
+        @ IF "$(DESTDIR)" .EQS. "" THEN -
+             PIPE ( WRITE SYS$OUTPUT "Installation complete" ; -
+                    WRITE SYS$OUTPUT "" ; -
+                    WRITE SYS$OUTPUT "Run @$(SYSTARTUP)openssl_startup{- $osslver -} to set up logical names" ; -
+                    WRITE SYS$OUTPUT "then run @$(SYSTARTUP)openssl_utils{- $osslver -} to define commands" ; -
+                    WRITE SYS$OUTPUT "" )
+        @ IF "$(DESTDIR)" .NES. "" THEN -
+             PIPE ( WRITE SYS$OUTPUT "Staging installation complete" ; -
+                    WRITE SYS$OUTPUT "" ; -
+                    WRITE SYS$OUTPUT "Finish or package in such a way that the contents of the directory tree" ; -
+                    WRITE SYS$OUTPUT staging_instdir ; -
+                    WRITE SYS$OUTPUT "ends up in $(INSTALLTOP)," ; -
+                    WRITE SYS$OUTPUT "and that the contents of the contents of the directory tree" ; -
+                    WRITE SYS$OUTPUT staging_datadir ; -
+                    WRITE SYS$OUTPUT "ends up in $(OPENSSLDIR)" ; -
+                    WRITE SYS$OUTPUT "" ; -
+                    WRITE SYS$OUTPUT "When in its final destination," ; -
+                    WRITE SYS$OUTPUT "Run @$(SYSTARTUP)openssl_startup{- $osslver -} to set up logical names" ; -
+                    WRITE SYS$OUTPUT "then run @$(SYSTARTUP)openssl_utils{- $osslver -} to define commands" ; -
+                    WRITE SYS$OUTPUT "" )
+
+check_install :
+        spawn/nolog @ossl_installroot:[SYSTEST]openssl_ivp{- $osslver -}.com
+
+uninstall : uninstall_docs uninstall_sw
+
+# Because VMS wants the generation number (or *) to delete files, we can't
+# use $(LIBS), $(PROGRAMS), $(GENERATED) and $(ENGINES)directly.
+libclean :
+        {- join("\n\t", map { "- DELETE $_.OLB;*" } @libs) || "@ !" -}
+        {- join("\n\t", map { "- DELETE $_.EXE;*,$_.MAP;*" } @shlibs) || "@ !" -}
+
+clean : libclean
+        {- join("\n\t", map { "- DELETE $_.EXE;*,$_.OPT;*" } @{$unified_info{programs}}) || "@ !" -}
+        {- join("\n\t", map { "- DELETE $_.EXE;*,$_.OPT;*" } @{$unified_info{engines}}) || "@ !" -}
+        {- join("\n\t", map { "- DELETE $_;*" } @{$unified_info{scripts}}) || "@ !" -}
+        {- join("\n\t", map { "- DELETE $_;*" } @{$unified_info{depends}->{""}}) || "@ !" -}
+        {- join("\n\t", map { "- DELETE $_;*" } @generated) || "@ !" -}
+        - DELETE [...]*.MAP;*
+        - DELETE [...]*.D;*
+        - DELETE [...]*.OBJ;*,*.LIS;*
+        - DELETE []CXX$DEMANGLER_DB.;*
+        - DELETE [.VMS]openssl_startup.com;*
+        - DELETE [.VMS]openssl_shutdown.com;*
+        - DELETE []vmsconfig.pm;*
+
+distclean : clean
+        - DELETE configdata.pm;*
+        - DELETE descrip.mms;*
+
+depend : descrip.mms
+descrip.mms : FORCE
+	@ ! {- output_off() if $disabled{makedepend}; "" -}
+	@ $(PERL) {- sourcefile("util", "add-depends.pl") -} "VMS C"
+	@ ! {- output_on() if $disabled{makedepend}; "" -}
+
+# Install helper targets #############################################
+
+install_sw : install_dev install_engines install_runtime -
+             install_startup install_ivp
+
+uninstall_sw : uninstall_dev uninstall_engines uninstall_runtime -
+               uninstall_startup uninstall_ivp
+
+install_docs : install_html_docs
+
+uninstall_docs : uninstall_html_docs
+
+install_ssldirs : check_INSTALLTOP
+        - CREATE/DIR/PROT=(S:RWED,O:RWE,G:RE,W:RE) OSSL_DATAROOT:[000000]
+        IF F$SEARCH("OSSL_DATAROOT:[000000]CERTS.DIR;1") .EQS. "" THEN -
+                CREATE/DIR/PROT=(S:RWED,O:RWE,G:RE,W:RE) OSSL_DATAROOT:[CERTS]
+        IF F$SEARCH("OSSL_DATAROOT:[000000]PRIVATE.DIR;1") .EQS. "" THEN -
+                CREATE/DIR/PROT=(S:RWED,O:RWE,G,W) OSSL_DATAROOT:[PRIVATE]
+        IF F$SEARCH("OSSL_DATAROOT:[000000]MISC.DIR;1") .EQS. "" THEN -
+                CREATE/DIR/PROT=(S:RWED,O:RWE,G,W) OSSL_DATAROOT:[MISC]
+        COPY/PROT=W:RE $(MISC_SCRIPTS) OSSL_DATAROOT:[MISC]
+        @ ! Install configuration file
+        COPY/PROT=W:R {- sourcefile("apps", "openssl-vms.cnf") -} -
+                ossl_dataroot:[000000]openssl.cnf-dist
+        IF F$SEARCH("OSSL_DATAROOT:[000000]openssl.cnf") .EQS. "" THEN -
+                COPY/PROT=W:R {- sourcefile("apps", "openssl-vms.cnf") -} -
+                        ossl_dataroot:[000000]openssl.cnf
+        @ ! Install CTLOG configuration file
+        COPY/PROT=W:R {- sourcefile("apps", "ct_log_list.cnf") -} -
+                ossl_dataroot:[000000]ct_log_list.cnf-dist
+        IF F$SEARCH("OSSL_DATAROOT:[000000]ct_log_list.cnf") .EQS. "" THEN -
+                COPY/PROT=W:R {- sourcefile("apps", "ct_log_list.cnf") -} -
+                        ossl_dataroot:[000000]ct_log_list.cnf
+
+install_dev : check_INSTALLTOP install_runtime_libs
+        @ WRITE SYS$OUTPUT "*** Installing development files"
+        @ ! Install header files
+        - CREATE/DIR ossl_installroot:[include.openssl]
+        COPY/PROT=W:R openssl:*.h ossl_installroot:[include.openssl]
+        @ ! Install static (development) libraries
+        - CREATE/DIR ossl_installroot:[LIB.'arch']
+        {- join("\n        ",
+                map { "COPY/PROT=W:R $_.OLB ossl_installroot:[LIB.'arch']" }
+                @install_libs) -}
+
+install_engines : check_INSTALLTOP install_runtime_libs build_engines
+        @ {- output_off() unless scalar @{$unified_info{engines}}; "" -} !
+        @ WRITE SYS$OUTPUT "*** Installing engines"
+        - CREATE/DIR ossl_installroot:[ENGINES{- $sover_dirname.$target{pointer_size} -}.'arch']
+        {- join("\n        ",
+                map { "COPY/PROT=W:RE $_.EXE ossl_installroot:[ENGINES$sover_dirname$target{pointer_size}.'arch']" }
+                @{$unified_info{install}->{engines}}) -}
+        @ {- output_on() unless scalar @{$unified_info{engines}}; "" -} !
+
+install_runtime : install_programs
+
+install_runtime_libs : check_INSTALLTOP build_libs
+        @ {- output_off() if $disabled{shared}; "" -} !
+        @ WRITE SYS$OUTPUT "*** Installing shareable images"
+        @ ! Install shared (runtime) libraries
+        - CREATE/DIR ossl_installroot:[LIB.'arch']
+        {- join("\n        ",
+                map { "COPY/PROT=W:R $_.EXE ossl_installroot:[LIB.'arch']" }
+                @install_shlibs) -}
+        @ {- output_on() if $disabled{shared}; "" -} !
+
+install_programs : check_INSTALLTOP install_runtime_libs build_programs
+        @ {- output_off() if $disabled{apps}; "" -} !
+        @ ! Install the main program
+        - CREATE/DIR ossl_installroot:[EXE.'arch']
+        COPY/PROT=W:RE [.APPS]openssl.EXE -
+                ossl_installroot:[EXE.'arch']openssl{- $osslver -}.EXE
+        @ ! Install scripts
+        COPY/PROT=W:RE $(BIN_SCRIPTS) ossl_installroot:[EXE]
+        @ ! {- output_on() if $disabled{apps}; "" -}
+
+install_startup : [.VMS]openssl_startup.com [.VMS]openssl_shutdown.com -
+                 [.VMS]openssl_utils.com, check_INSTALLTOP
+        - CREATE/DIR ossl_installroot:[SYS$STARTUP]
+        COPY/PROT=W:RE [.VMS]openssl_startup.com -
+                ossl_installroot:[SYS$STARTUP]openssl_startup{- $osslver -}.com
+        COPY/PROT=W:RE [.VMS]openssl_shutdown.com -
+                ossl_installroot:[SYS$STARTUP]openssl_shutdown{- $osslver -}.com
+        COPY/PROT=W:RE [.VMS]openssl_utils.com -
+                ossl_installroot:[SYS$STARTUP]openssl_utils{- $osslver -}.com
+
+install_ivp : [.VMS]openssl_ivp.com check_INSTALLTOP
+        - CREATE/DIR ossl_installroot:[SYSTEST]
+        COPY/PROT=W:RE [.VMS]openssl_ivp.com -
+                ossl_installroot:[SYSTEST]openssl_ivp{- $osslver -}.com
+
+[.VMS]openssl_startup.com : vmsconfig.pm {- sourcefile("VMS", "openssl_startup.com.in") -}
+        - CREATE/DIR [.VMS]
+        $(PERL) "-I." "-Mvmsconfig" {- sourcefile("util", "dofile.pl") -} -
+                {- sourcefile("VMS", "openssl_startup.com.in") -} -
+                > [.VMS]openssl_startup.com
+
+[.VMS]openssl_utils.com : vmsconfig.pm {- sourcefile("VMS", "openssl_utils.com.in") -}
+        - CREATE/DIR [.VMS]
+        $(PERL) "-I." "-Mvmsconfig" {- sourcefile("util", "dofile.pl") -} -
+                {- sourcefile("VMS", "openssl_utils.com.in") -} -
+                > [.VMS]openssl_utils.com
+
+[.VMS]openssl_shutdown.com : vmsconfig.pm {- sourcefile("VMS", "openssl_shutdown.com.in") -}
+        - CREATE/DIR [.VMS]
+        $(PERL) "-I." "-Mvmsconfig" {- sourcefile("util", "dofile.pl") -} -
+                {- sourcefile("VMS", "openssl_shutdown.com.in") -} -
+                > [.VMS]openssl_shutdown.com
+
+[.VMS]openssl_ivp.com : vmsconfig.pm {- sourcefile("VMS", "openssl_ivp.com.in") -}
+        - CREATE/DIR [.VMS]
+        $(PERL) "-I." "-Mvmsconfig" {- sourcefile("util", "dofile.pl") -} -
+                {- sourcefile("VMS", "openssl_ivp.com.in") -} -
+                > [.VMS]openssl_ivp.com
+
+vmsconfig.pm : configdata.pm
+        OPEN/WRITE/SHARE=READ CONFIG []vmsconfig.pm
+        WRITE CONFIG "package vmsconfig;"
+        WRITE CONFIG "use strict; use warnings;"
+        WRITE CONFIG "use Exporter;"
+        WRITE CONFIG "our @ISA = qw(Exporter);"
+        WRITE CONFIG "our @EXPORT = qw(%config %target %withargs %unified_info %disabled);"
+        WRITE CONFIG "our %config = ("
+        WRITE CONFIG "  target => '","{- $config{target} -}","',"
+        WRITE CONFIG "  version => '","{- $config{version} -}","',"
+        WRITE CONFIG "  shlib_version_number => '","{- $config{shlib_version_number} -}","',"
+        WRITE CONFIG "  shlib_major => '","{- $config{shlib_major} -}","',"
+        WRITE CONFIG "  shlib_minor => '","{- $config{shlib_minor} -}","',"
+        WRITE CONFIG "  no_shared => '","{- $disabled{shared} -}","',"
+        WRITE CONFIG "  INSTALLTOP => '$(INSTALLTOP)',"
+        WRITE CONFIG "  OPENSSLDIR => '$(OPENSSLDIR)',"
+        WRITE CONFIG "  pointer_size => '","{- $target{pointer_size} -}","',"
+        WRITE CONFIG ");"
+        WRITE CONFIG "our %target = ();"
+        WRITE CONFIG "our %disabled = ();"
+        WRITE CONFIG "our %withargs = ();"
+        WRITE CONFIG "our %unified_info = ();"
+        WRITE CONFIG "1;"
+        CLOSE CONFIG
+
+install_html_docs : check_INSTALLTOP
+        sourcedir = F$PARSE("{- $sourcedir -}A.;","[]") - "]A.;" + ".DOC]"
+        $(PERL) {- sourcefile("util", "process_docs.pl") -} -
+                --sourcedir='sourcedir' --destdir=ossl_installroot:[HTML] -
+                --type=html
+
+check_INSTALLTOP :
+        @ IF "$(INSTALLTOP)" .EQS. "" THEN -
+                WRITE SYS$ERROR "INSTALLTOP should not be empty"
+        @ IF "$(INSTALLTOP)" .EQS. "" THEN -
+                EXIT %x10000002
+
+# Helper targets #####################################################
+
+# Developer targets ##################################################
+
+debug_logicals :
+        SH LOGICAL/PROC openssl,internal,ossl_installroot,ossl_dataroot
+
+# Building targets ###################################################
+
+configdata.pm : $(SRCDIR)Configure $(SRCDIR)config.com {- join(" ", @{$config{build_file_templates}}, @{$config{build_infos}}, @{$config{conf_files}}) -}
+        perl configdata.pm -r
+        @ WRITE SYS$OUTPUT "*************************************************"
+        @ WRITE SYS$OUTPUT "***                                           ***"
+        @ WRITE SYS$OUTPUT "***   Please run the same mms command again   ***"
+        @ WRITE SYS$OUTPUT "***                                           ***"
+        @ WRITE SYS$OUTPUT "*************************************************"
+        @ PIPE ( EXIT %X10000000 )
+
+reconfigure reconf :
+	perl configdata.pm -r
+
+{-
+  use File::Basename;
+  use File::Spec::Functions qw/abs2rel rel2abs catfile catdir/;
+
+  # Helper function to figure out dependencies on libraries
+  # It takes a list of library names and outputs a list of dependencies
+  sub compute_lib_depends {
+      if ($disabled{shared}) {
+          return map { $_ =~ /\.a$/ ? $`.".OLB" : $_.".OLB" } @_;
+      }
+      return map { $_ =~ /\.a$/
+                   ? $`.".OLB"
+                   : $unified_info{sharednames}->{$_}.".EXE" } @_;
+  }
+
+  # Helper function to deal with inclusion directory specs.
+  # We have to deal with two things:
+  # 1. comma separation and no possibility of trailing comma
+  # 2. no inclusion directories given at all
+  # 3. long compiler command lines
+  # To resolve 1, we need to iterate through the sources of inclusion
+  # directories, and only add a comma when needed.
+  # To resolve 2, we need to have a variable that will hold the whole
+  # inclusion qualifier, or be the empty string if there are no inclusion
+  # directories.  That's the symbol 'qual_includes' that's used in CPPFLAGS
+  # To resolve 3, we creata a logical name TMP_INCLUDES: to hold the list
+  # of inclusion directories.
+  #
+  # This function returns a list of two lists, one being the collection of
+  # commands to execute before the compiler is called, and the other being
+  # the collection of commands to execute after.  It takes as arguments the
+  # collection of strings to include as directory specs.
+  sub includes {
+      my @stuff = ( @_ );
+      my @before = (
+          'qual_includes :=',
+      );
+      my @after = (
+          'DELETE/SYMBOL/LOCAL qual_includes',
+      );
+
+      if (scalar @stuff > 0) {
+          push @before, 'tmp_includes := '.shift(@stuff);
+          while (@stuff) {
+              push @before, 'tmp_add := '.shift(@stuff);
+              push @before, 'IF tmp_includes .NES. "" .AND. tmp_add .NES. "" THEN tmp_includes = tmp_includes + ","';
+              push @before, 'tmp_includes = tmp_includes + tmp_add';
+          }
+          push @before, "IF tmp_includes .NES. \"\" THEN DEFINE tmp_includes 'tmp_includes'";
+          push @before, 'IF tmp_includes .NES. "" THEN qual_includes := /INCLUDE=(tmp_includes:)';
+          push @before, 'DELETE/SYMBOL/LOCAL tmp_includes';
+          push @before, 'DELETE/SYMBOL/LOCAL tmp_add';
+          push @after, 'DEASSIGN tmp_includes:'
+      }
+      return ([ @before ], [ @after ]);
+  }
+
+  sub generatesrc {
+      my %args = @_;
+      (my $target = $args{src}) =~ s/\.[sS]$/.asm/;
+      my $generator = join(" ", @{$args{generator}});
+      my $generator_incs = join("", map { ' "-I'.$_.'"' } @{$args{generator_incs}});
+      my $deps = join(", -\n\t\t", @{$args{generator_deps}}, @{$args{deps}});
+
+      if ($target !~ /\.asm$/) {
+          if ($args{generator}->[0] =~ m|^.*\.in$|) {
+	      my $dofile = abs2rel(rel2abs(catfile($config{sourcedir},
+                                                   "util", "dofile.pl")),
+                                   rel2abs($config{builddir}));
+              return <<"EOF";
+$target : $args{generator}->[0] $deps
+	\$(PERL) "-I\$(BLDDIR)" "-Mconfigdata" $dofile \\
+	    "-o$target{build_file}" $generator > \$\@
+EOF
+	  } else {
+              return <<"EOF";
+$target : $args{generator}->[0] $deps
+	\$(PERL)$generator_incs $generator > \$\@
+EOF
+	  }
+      } else {
+          if ($args{generator}->[0] =~ /\.pl$/) {
+              $generator = '$(PERL)'.$generator_incs.' '.$generator;
+          } elsif ($args{generator}->[0] =~ /\.S$/) {
+              $generator = undef;
+          } else {
+              die "Generator type for $src unknown: $generator\n";
+          }
+
+          my $cppflags = {
+              lib => '$(LIB_CFLAGS) $(LIB_CPPFLAGS)',
+              dso => '$(DSO_CFLAGS) $(DSO_CPPFLAGS)',
+              bin => '$(BIN_CFLAGS) $(BIN_CPPFLAGS)'
+          } -> {$args{intent}};
+          my @incs_cmds = includes({ lib => '$(LIB_INCLUDES)',
+                                     dso => '$(DSO_INCLUDES)',
+                                     bin => '$(BIN_INCLUDES)' } -> {$args{intent}},
+                                   '$(CNF_INCLUDES)',
+                                   '$(INCLUDES)',
+                                   @{$args{incs}});
+          my $incs_on = join("\n\t\@ ", @{$incs_cmds[0]}) || '!';
+          my $incs_off = join("\n\t\@ ", @{$incs_cmds[1]}) || '!';
+          if (defined($generator)) {
+              # If the target is named foo.S in build.info, we want to
+              # end up generating foo.s in two steps.
+              if ($args{src} =~ /\.S$/) {
+                   return <<"EOF";
+$target : $args{generator}->[0] $deps
+	$generator \$\@-S
+        \@ $incs_on
+	PIPE \$(CPP) $cppflags \$\@-S | -
+             \$(PERL) -ne "/^#(\\s*line)?\\s*[0-9]+\\s+""/ or print" > \$\@-i
+        \@ $incs_off
+        RENAME \$\@-i \$\@
+        DELETE \$\@-S;
+EOF
+              }
+              # Otherwise....
+              return <<"EOF";
+$target : $args{generator}->[0] $deps
+	$generator \$\@
+EOF
+          }
+          return <<"EOF";
+$target : $args{generator}->[0] $deps
+        \@ $incs_on
+        SHOW SYMBOL qual_includes
+        PIPE \$(CPP) $cppflags $args{generator}->[0] | -
+        \$(PERL) "-ne" "/^#(\\s*line)?\\s*[0-9]+\\s+""/ or print" > \$\@
+        \@ $incs_off
+EOF
+      }
+  }
+
+  sub src2obj {
+      my %args = @_;
+      my @srcs = map { (my $x = $_) =~ s/\.s$/.asm/; $x
+                     } ( @{$args{srcs}} );
+      (my $obj = $args{obj}) =~ s|\.o$||;
+      my $deps = join(", -\n\t\t", @srcs, @{$args{deps}});
+
+      # Because VMS C isn't very good at combining a /INCLUDE path with
+      # #includes having a relative directory (like '#include "../foo.h"),
+      # the best choice is to move to the first source file's intended
+      # directory before compiling, and make sure to write the object file
+      # in the correct position (important when the object tree is other
+      # than the source tree).
+      my $forward = dirname($args{srcs}->[0]);
+      my $backward = abs2rel(rel2abs("."), rel2abs($forward));
+      my $objd = abs2rel(rel2abs(dirname($obj)), rel2abs($forward));
+      my $objn = basename($obj);
+      my $srcs =
+          join(", ", map { abs2rel(rel2abs($_), rel2abs($forward)) } @srcs);
+      my $before = $unified_info{before}->{$obj.".OBJ"} || "\@ !";
+      my $after = $unified_info{after}->{$obj.".OBJ"} || "\@ !";
+
+      my $cflags;
+      if ($args{installed}) {
+          $cflags = { lib => '$(LIB_CFLAGS)',
+                      dso => '$(DSO_CFLAGS)',
+                      bin => '$(BIN_CFLAGS)' } -> {$args{intent}};
+      } else {
+          $cflags = { lib => '$(NO_INST_LIB_CFLAGS)',
+                      dso => '$(NO_INST_DSO_CFLAGS)',
+                      bin => '$(NO_INST_BIN_CFLAGS)' } -> {$args{intent}};
+      }
+      $cflags .= { lib => '$(LIB_CPPFLAGS)',
+		   dso => '$(DSO_CPPFLAGS)',
+		   bin => '$(BIN_CPPFLAGS)' } -> {$args{intent}};
+      my $asflags = { lib => ' $(LIB_ASFLAGS)',
+		      dso => ' $(DSO_ASFLAGS)',
+		      bin => ' $(BIN_ASFLAGS)' } -> {$args{intent}};
+
+      my @incs_cmds = includes({ lib => '$(LIB_INCLUDES)',
+                                 dso => '$(DSO_INCLUDES)',
+                                 bin => '$(BIN_INCLUDES)' } -> {$args{intent}},
+                               '$(INCLUDES)',
+                               map {
+                                   file_name_is_absolute($_)
+                                   ? $_ : catdir($backward,$_)
+                               } @{$args{incs}});
+      my $incs_on = join("\n\t\@ ", @{$incs_cmds[0]}) || '!';
+      my $incs_off = join("\n\t\@ ", @{$incs_cmds[1]}) || '!';
+
+      if ($srcs[0] =~ /\.asm$/) {
+          return <<"EOF";
+$obj.OBJ : $deps
+        ${before}
+        SET DEFAULT $forward
+        \$(AS) $asflags \$(ASOUTFLAG)${objd}${objn}.OBJ $srcs
+        SET DEFAULT $backward
+        ${after}
+        - PURGE $obj.OBJ
+EOF
+      } elsif ($srcs[0] =~ /.S$/) {
+         return <<"EOF";
+$obj.OBJ : $deps
+        ${before}
+        SET DEFAULT $forward
+        \@ $incs_on
+        PIPE \$(CPP) ${cflags} $srcs | -
+             \$(PERL) -ne "/^#(\\s*line)?\\s*[0-9]+\\s+""/ or print" -
+             > ${objd}${objn}.asm
+        \@ $incs_off
+        SET DEFAULT $backward
+        ${after}
+        \$(AS) $asflags \$(ASOUTFLAG)$obj.OBJ $obj.asm
+        - PURGE $obj.OBJ
+EOF
+      }
+
+      my $depbuild = $disabled{makedepend} ? ""
+          : " /MMS=(FILE=${objd}${objn}.D,TARGET=$obj.OBJ)";
+
+      return <<"EOF";
+$obj.OBJ : $deps
+        ${before}
+        SET DEFAULT $forward
+        \@ $incs_on
+        \$(CC) ${cflags}${depbuild} /OBJECT=${objd}${objn}.OBJ /REPOSITORY=$backward $srcs
+        \@ $incs_off
+        SET DEFAULT $backward
+        ${after}
+        - PURGE $obj.OBJ
+EOF
+  }
+  sub libobj2shlib {
+      my %args = @_;
+      my $lib = $args{lib};
+      my $shlib = $args{shlib};
+      my $libd = dirname($lib);
+      my $libn = basename($lib);
+      my @objs = map { (my $x = $_) =~ s|\.o$|.OBJ|; $x }
+                 grep { $_ =~ m|\.o$| }
+                 @{$args{objs}};
+      my @defs = grep { $_ =~ /\.opt$/ } @{$args{objs}};
+      my @deps = compute_lib_depends(@{$args{deps}});
+      die "More than one symbol vector" if scalar @defs > 1;
+      my $deps = join(", -\n\t\t", @defs, @deps);
+      my $shlib_target = $disabled{shared} ? "" : $target{shared_target};
+      my $translatesyms_pl = abs2rel(rel2abs(catfile($config{sourcedir},
+                                                     "VMS", "translatesyms.pl")),
+                                     rel2abs($config{builddir}));
+      # The "[]" hack is because in .OPT files, each line inherits the
+      # previous line's file spec as default, so if no directory spec
+      # is present in the current line and the previous line has one that
+      # doesn't apply, you're in for a surprise.
+      my $write_opt1 =
+          join(",-\"\n\t", map { my $x = $_ =~ /\[/ ? $_ : "[]".$_;
+                                 "WRITE OPT_FILE \"$x" } @objs).
+          "\"";
+      my $write_opt2 =
+          join("\n\t", map { my $x = $_ =~ /\[/ ? $_ : "[]".$_;
+                             $x =~ s|(\.EXE)|$1/SHARE|;
+                             $x =~ s|(\.OLB)|$1/LIB|;
+                             "WRITE OPT_FILE \"$x\"" } @deps)
+          || "\@ !";
+      return <<"EOF"
+$shlib.EXE : $lib.OLB $deps
+        \$(PERL) $translatesyms_pl \$(BLDDIR)CXX\$DEMANGLER_DB. < $defs[0] > $defs[0]-translated
+        OPEN/WRITE/SHARE=READ OPT_FILE $lib-components.OPT
+        $write_opt1
+        $write_opt2
+        CLOSE OPT_FILE
+        LINK \$(LIB_LDFLAGS)/SHARE=\$\@ $defs[0]-translated/OPT,-
+                $lib-components.OPT/OPT \$(LIB_EX_LIBS)
+        DELETE $defs[0]-translated;*,$lib-components.OPT;*
+        PURGE $shlib.EXE,$shlib.MAP
+EOF
+        . ($config{target} =~ m|alpha| ? "" : <<"EOF"
+        SET IMAGE/FLAGS=(NOCALL_DEBUG) \$\@
+EOF
+        );
+  }
+  sub obj2dso {
+      my %args = @_;
+      my $lib = $args{lib};
+      my $libd = dirname($lib);
+      my $libn = basename($lib);
+      (my $libn_nolib = $libn) =~ s/^lib//;
+      my @objs = map { (my $x = $_) =~ s|\.o$|.OBJ|; $x } @{$args{objs}};
+      my @deps = compute_lib_depends(@{$args{deps}});
+      my $deps = join(", -\n\t\t", @objs, @deps);
+      my $shlib_target = $disabled{shared} ? "" : $target{shared_target};
+      my $engine_opt = abs2rel(rel2abs(catfile($config{sourcedir},
+                                               "VMS", "engine.opt")),
+                               rel2abs($config{builddir}));
+      # The "[]" hack is because in .OPT files, each line inherits the
+      # previous line's file spec as default, so if no directory spec
+      # is present in the current line and the previous line has one that
+      # doesn't apply, you're in for a surprise.
+      my $write_opt1 =
+          join(",-\"\n\t", map { my $x = $_ =~ /\[/ ? $_ : "[]".$_;
+                                 "WRITE OPT_FILE \"$x" } @objs).
+          "\"";
+      my $write_opt2 =
+          join("\n\t", map { my $x = $_ =~ /\[/ ? $_ : "[]".$_;
+                             $x =~ s|(\.EXE)|$1/SHARE|;
+                             $x =~ s|(\.OLB)|$1/LIB|;
+                             "WRITE OPT_FILE \"$x\"" } @deps)
+          || "\@ !";
+      return <<"EOF"
+$lib.EXE : $deps
+        OPEN/WRITE/SHARE=READ OPT_FILE $lib.OPT
+        TYPE $engine_opt /OUTPUT=OPT_FILE:
+        $write_opt1
+        $write_opt2
+        CLOSE OPT_FILE
+        LINK \$(DSO_LDFLAGS)/SHARE=\$\@ $lib.OPT/OPT \$(DSO_EX_LIBS)
+        - PURGE $lib.EXE,$lib.OPT,$lib.MAP
+EOF
+        . ($config{target} =~ m|alpha| ? "" : <<"EOF"
+        SET IMAGE/FLAGS=(NOCALL_DEBUG) \$\@
+EOF
+        );
+  }
+  sub obj2lib {
+      my %args = @_;
+      (my $lib = $args{lib}) =~ s/\.a$//;
+      my @objs = map { (my $x = $_) =~ s|\.o$|.OBJ|; $x } @{$args{objs}};
+      my $objs = join(", -\n\t\t", @objs);
+      my $fill_lib = join("\n\t", (map { "LIBRARY/REPLACE $lib.OLB $_" }
+                                   @objs));
+      return <<"EOF";
+$lib.OLB : $objs
+        LIBRARY/CREATE/OBJECT $lib.OLB
+        $fill_lib
+        - PURGE $lib.OLB
+EOF
+  }
+  sub obj2bin {
+      my %args = @_;
+      my $bin = $args{bin};
+      my $bind = dirname($bin);
+      my $binn = basename($bin);
+      my @objs = map { (my $x = $_) =~ s|\.o$|.OBJ|; $x } @{$args{objs}};
+      my $objs = join(",", @objs);
+      my @deps = compute_lib_depends(@{$args{deps}});
+      my $deps = join(", -\n\t\t", @objs, @deps);
+
+      my $olb_count = scalar grep(m|\.OLB$|, @deps);
+      my $analyse_objs = "@ !";
+      if ($olb_count > 0) {
+          my $analyse_quals =
+              $config{target} =~ m|alpha| ? "/GSD" : "/SECTIONS=SYMTAB";
+          $analyse_objs = "- pipe ANALYSE/OBJECT$analyse_quals $objs | SEARCH SYS\$INPUT \"\"\"main\"\"\" ; nomain = \$severity .NE. 1"
+      }
+      # The "[]" hack is because in .OPT files, each line inherits the
+      # previous line's file spec as default, so if no directory spec
+      # is present in the current line and the previous line has one that
+      # doesn't apply, you're in for a surprise.
+      my $write_opt1 =
+          join(",-\"\n\t", map { my $x = $_ =~ /\[/ ? $_ : "[]".$_;
+                                 "\@ WRITE OPT_FILE \"$x" } @objs).
+          "\"";
+      my $write_opt2 =
+          join("\n\t", map { my @lines = ();
+                             my $x = $_ =~ /\[/ ? $_ : "[]".$_;
+                             if ($x =~ m|\.EXE$|) {
+                                 push @lines, "\@ WRITE OPT_FILE \"$x/SHARE\"";
+                             } elsif ($x =~ m|\.OLB$|) {
+                                 (my $l = $x) =~ s/\W/_/g;
+                                 push @lines,
+                                     "\@ IF nomain THEN WRITE OPT_FILE \"$x/LIB\$(INCLUDE_MAIN_$l)\"",
+                                     "\@ IF .NOT. nomain THEN WRITE OPT_FILE \"$x/LIB\""
+                             }
+                             @lines
+                           } @deps)
+          || "\@ !";
+      # The linking commands looks a bit complex, but it's for good reason.
+      # When you link, say, foo.obj, bar.obj and libsomething.exe/share, and
+      # bar.obj happens to have a symbol that also exists in libsomething.exe,
+      # the linker will warn about it, loudly, and will then choose to pick
+      # the first copy encountered (the one in bar.obj in this example).
+      # On Unix and on Windows, the corresponding maneuvre goes through
+      # silently with the same effect.
+      # With some test programs, made for checking the internals of OpenSSL,
+      # we do this kind of linking deliberately, picking a few specific object
+      # files from within [.crypto] or [.ssl] so we can reach symbols that are
+      # otherwise unreachable (since the shareable images only exports the
+      # symbols listed in [.util]*.num), and then with the shared libraries
+      # themselves.  So we need to silence the warning about multiply defined
+      # symbols, to mimic the way linking work on Unix and Windows, and so
+      # the build isn't interrupted (MMS stops when warnings are signaled,
+      # by default), and so someone building doesn't have to worry where it
+      # isn't necessary.  If there are other warnings, however, we show them
+      # and let it break the build.
+      return <<"EOF"
+$bin.EXE : $deps
+        $analyse_objs
+        @ OPEN/WRITE/SHARE=READ OPT_FILE $bin.OPT
+        $write_opt1
+        $write_opt2
+        @ CLOSE OPT_FILE
+        TYPE $bin.opt ! For debugging
+        - pipe SPAWN/WAIT/NOLOG/OUT=$bin.LINKLOG -
+                    LINK \$(BIN_LDFLAGS)/EXEC=\$\@ $bin.OPT/OPT \$(BIN_EX_LIBS) ; -
+               link_status = \$status ; link_severity = link_status .AND. 7
+        @ search_severity = 1
+        -@ IF link_severity .EQ. 0 THEN -
+                pipe SEARCH $bin.LINKLOG "%","-"/MATCH=AND | -
+                     SPAWN/WAIT/NOLOG/OUT=NLA0: -
+                          SEARCH SYS\$INPUT: "-W-MULDEF,"/MATCH=NOR ; -
+                     search_severity = \$severity
+        @ ! search_severity is 3 when the last search didn't find any matching
+        @ ! string: %SEARCH-I-NOMATCHES, no strings matched
+        @ ! If that was the result, we pretend linking got through without
+        @ ! fault or warning.
+        @ IF search_severity .EQ. 3 THEN link_severity = 1
+        @ ! At this point, if link_severity shows that there was a fault
+        @ ! or warning, make sure to restore the linking status.
+        -@ IF .NOT. link_severity THEN TYPE $bin.LINKLOG
+        -@ DELETE $bin.LINKLOG;*
+        @ IF .NOT. link_severity THEN SPAWN/WAIT/NOLOG EXIT 'link_status'
+        - PURGE $bin.EXE,$bin.OPT
+EOF
+      . ($config{target} =~ m|alpha| ? "" : <<"EOF"
+        SET IMAGE/FLAGS=(NOCALL_DEBUG) \$\@
+EOF
+        );
+  }
+  sub in2script {
+      my %args = @_;
+      my $script = $args{script};
+      return "" if grep { $_ eq $script } @{$args{sources}}; # No overwrite!
+      my $sources = join(" ", @{$args{sources}});
+      my $dofile = abs2rel(rel2abs(catfile($config{sourcedir},
+                                           "util", "dofile.pl")),
+                           rel2abs($config{builddir}));
+      return <<"EOF";
+$script : $sources
+        \$(PERL) "-I\$(BLDDIR)" "-Mconfigdata" $dofile -
+	    "-o$target{build_file}" $sources > $script
+        SET FILE/PROT=(S:RWED,O:RWED,G:RE,W:RE) $script
+        PURGE $script
+EOF
+  }
+  ""    # Important!  This becomes part of the template result.
+-}
diff --git a/trunk/3rdparty/openssl-1.1-fit/Configurations/shared-info.pl b/trunk/3rdparty/openssl-1.1-fit/Configurations/shared-info.pl
new file mode 100644
index 000000000..47eddd683
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/Configurations/shared-info.pl
@@ -0,0 +1,82 @@
+#! /usr/bin/env perl
+# -*- mode: perl; -*-
+# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# This is a collection of extra attributes to be used as input for creating
+# shared libraries, currently on any Unix variant, including Unix like
+# environments on Windows.
+
+sub detect_gnu_ld {
+    my @lines =
+        `$config{CROSS_COMPILE}$config{CC} -Wl,-V /dev/null 2>&1`;
+    return grep /^GNU ld/, @lines;
+}
+sub detect_gnu_cc {
+    my @lines =
+        `$config{CROSS_COMPILE}$config{CC} -v 2>&1`;
+    return grep /gcc/, @lines;
+}
+
+my %shared_info;
+%shared_info = (
+    'gnu-shared' => {
+        shared_ldflag         => '-shared -Wl,-Bsymbolic',
+        shared_sonameflag     => '-Wl,-soname=',
+    },
+    'linux-shared' => sub {
+        return {
+            %{$shared_info{'gnu-shared'}},
+            shared_defflag    => '-Wl,--version-script=',
+        };
+    },
+    'bsd-gcc-shared' => sub { return $shared_info{'linux-shared'}; },
+    'bsd-shared' => sub {
+        return $shared_info{'gnu-shared'} if detect_gnu_ld();
+        return {
+            shared_ldflag     => '-shared -nostdlib',
+        };
+    },
+    'darwin-shared' => {
+        module_ldflags        => '-bundle',
+        shared_ldflag         => '-dynamiclib -current_version $(SHLIB_VERSION_NUMBER) -compatibility_version $(SHLIB_VERSION_NUMBER)',
+        shared_sonameflag     => '-install_name $(INSTALLTOP)/$(LIBDIR)/',
+    },
+    'cygwin-shared' => {
+        shared_ldflag         => '-shared -Wl,--enable-auto-image-base',
+        shared_impflag        => '-Wl,--out-implib=',
+    },
+    'mingw-shared' => sub {
+        return {
+            %{$shared_info{'cygwin-shared'}},
+            # def_flag made to empty string so  it still generates
+            # something
+            shared_defflag    => '',
+        };
+    },
+    'alpha-osf1-shared' => sub {
+        return $shared_info{'gnu-shared'} if detect_gnu_ld();
+        return {
+            module_ldflags    => '-shared -Wl,-Bsymbolic',
+            shared_ldflag     => '-shared -Wl,-Bsymbolic -set_version $(SHLIB_VERSION_NUMBER)',
+        };
+    },
+    'svr3-shared' => sub {
+        return $shared_info{'gnu-shared'} if detect_gnu_ld();
+        return {
+            shared_ldflag     => '-G',
+            shared_sonameflag => '-h ',
+        };
+    },
+    'svr5-shared' => sub {
+        return $shared_info{'gnu-shared'} if detect_gnu_ld();
+        return {
+            shared_ldflag     => detect_gnu_cc() ? '-shared' : '-G',
+            shared_sonameflag => '-h ',
+        };
+    },
+);
diff --git a/trunk/3rdparty/openssl-1.1-fit/Configurations/unix-Makefile.tmpl b/trunk/3rdparty/openssl-1.1-fit/Configurations/unix-Makefile.tmpl
new file mode 100644
index 000000000..288b79202
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/Configurations/unix-Makefile.tmpl
@@ -0,0 +1,1253 @@
+##
+## Makefile for OpenSSL
+##
+## {- join("\n## ", @autowarntext) -}
+{-
+     our $objext = $target{obj_extension} || ".o";
+     our $depext = $target{dep_extension} || ".d";
+     our $exeext = $target{exe_extension} || "";
+     our $libext = $target{lib_extension} || ".a";
+     our $shlibext = $target{shared_extension} || ".so";
+     our $shlibvariant = $target{shlib_variant} || "";
+     our $shlibextsimple = $target{shared_extension_simple} || ".so";
+     our $shlibextimport = $target{shared_import_extension} || "";
+     our $dsoext = $target{dso_extension} || ".so";
+     our $makedepprog = $disabled{makedepend} ? undef : $config{makedepprog};
+
+     sub windowsdll { $config{target} =~ /^(?:Cygwin|mingw)/ }
+
+     # Shared AIX support is special. We put libcrypto[64].so.ver into
+     # libcrypto.a and use libcrypto_a.a as static one.
+     sub sharedaix  { !$disabled{shared} && $config{target} =~ /^aix/ }
+
+     our $sover_dirname = $config{shlib_version_number};
+     $sover_dirname =~ s|\.|_|g
+         if $config{target} =~ /^mingw/;
+
+     # shlib and shlib_simple both take a static library name and figure
+     # out what the shlib name should be.
+     #
+     # When OpenSSL is configured "no-shared", these functions will just
+     # return empty lists, making them suitable to join().
+     #
+     # With Windows DLL producers, shlib($libname) will return the shared
+     # library name (which usually is different from the static library
+     # name) with the default shared extension appended to it, while
+     # shlib_simple($libname) will return the static library name with
+     # the shared extension followed by ".a" appended to it.  The former
+     # result is used as the runtime shared library while the latter is
+     # used as the DLL import library.
+     #
+     # On all Unix systems, shlib($libname) will return the library name
+     # with the default shared extension, while shlib_simple($libname)
+     # will return the name from shlib($libname) with any SO version number
+     # removed.  On some systems, they may therefore return the exact same
+     # string.
+     sub shlib {
+         my $lib = shift;
+         return () if $disabled{shared} || $lib =~ /\.a$/;
+         return $unified_info{sharednames}->{$lib}. $shlibvariant. '$(SHLIB_EXT)';
+     }
+     sub shlib_simple {
+         my $lib = shift;
+         return () if $disabled{shared} || $lib =~ /\.a$/;
+
+         if (windowsdll()) {
+             return $lib . '$(SHLIB_EXT_IMPORT)';
+         }
+         return $lib .  '$(SHLIB_EXT_SIMPLE)';
+     }
+
+     # Easy fixing of static library names
+     sub lib {
+         (my $lib = shift) =~ s/\.a$//;
+         return $lib . $libext;
+     }
+
+     # dso is a complement to shlib / shlib_simple that returns the
+     # given libname with the simple shared extension (possible SO version
+     # removed).  This differs from shlib_simple() by being unconditional.
+     sub dso {
+         my $engine = shift;
+
+         return $engine . $dsoext;
+     }
+     # This makes sure things get built in the order they need
+     # to. You're welcome.
+     sub dependmagic {
+         my $target = shift;
+
+         return "$target: build_generated\n\t\$(MAKE) depend && \$(MAKE) _$target\n_$target";
+     }
+     '';
+-}
+PLATFORM={- $config{target} -}
+OPTIONS={- $config{options} -}
+CONFIGURE_ARGS=({- join(", ",quotify_l(@{$config{perlargv}})) -})
+SRCDIR={- $config{sourcedir} -}
+BLDDIR={- $config{builddir} -}
+
+VERSION={- $config{version} -}
+MAJOR={- $config{major} -}
+MINOR={- $config{minor} -}
+SHLIB_VERSION_NUMBER={- $config{shlib_version_number} -}
+SHLIB_VERSION_HISTORY={- $config{shlib_version_history} -}
+SHLIB_MAJOR={- $config{shlib_major} -}
+SHLIB_MINOR={- $config{shlib_minor} -}
+SHLIB_TARGET={- $target{shared_target} -}
+SHLIB_EXT={- $shlibext -}
+SHLIB_EXT_SIMPLE={- $shlibextsimple -}
+SHLIB_EXT_IMPORT={- $shlibextimport -}
+
+LIBS={- join(" ", map { lib($_) } @{$unified_info{libraries}}) -}
+SHLIBS={- join(" ", map { shlib($_) } @{$unified_info{libraries}}) -}
+SHLIB_INFO={- join(" ", map { "\"".shlib($_).";".shlib_simple($_)."\"" } @{$unified_info{libraries}}) -}
+ENGINES={- join(" ", map { dso($_) } @{$unified_info{engines}}) -}
+PROGRAMS={- join(" ", map { $_.$exeext } @{$unified_info{programs}}) -}
+SCRIPTS={- join(" ", @{$unified_info{scripts}}) -}
+{- output_off() if $disabled{makedepend}; "" -}
+DEPS={- join(" ", map { (my $x = $_) =~ s|\.o$|$depext|; $x; }
+                  grep { $unified_info{sources}->{$_}->[0] =~ /\.c$/ }
+                  keys %{$unified_info{sources}}); -}
+{- output_on() if $disabled{makedepend}; "" -}
+GENERATED_MANDATORY={- join(" ", @{$unified_info{depends}->{""}}) -}
+GENERATED={- # common0.tmpl provides @generated
+             join(" ", @generated ) -}
+
+INSTALL_LIBS={- join(" ", map { lib($_) } @{$unified_info{install}->{libraries}}) -}
+INSTALL_SHLIBS={- join(" ", map { shlib($_) } @{$unified_info{install}->{libraries}}) -}
+INSTALL_SHLIB_INFO={- join(" ", map { "\"".shlib($_).";".shlib_simple($_)."\"" } @{$unified_info{install}->{libraries}}) -}
+INSTALL_ENGINES={- join(" ", map { dso($_) } @{$unified_info{install}->{engines}}) -}
+INSTALL_PROGRAMS={- join(" ", map { $_.$exeext } @{$unified_info{install}->{programs}}) -}
+{- output_off() if $disabled{apps}; "" -}
+BIN_SCRIPTS=$(BLDDIR)/tools/c_rehash
+MISC_SCRIPTS=$(BLDDIR)/apps/CA.pl $(BLDDIR)/apps/tsget.pl:tsget
+{- output_on() if $disabled{apps}; "" -}
+
+APPS_OPENSSL={- use File::Spec::Functions;
+                catfile("apps","openssl") -}
+
+# DESTDIR is for package builders so that they can configure for, say,
+# /usr/ and yet have everything installed to /tmp/somedir/usr/.
+# Normally it is left empty.
+DESTDIR=
+
+# Do not edit these manually. Use Configure with --prefix or --openssldir
+# to change this!  Short explanation in the top comment in Configure
+INSTALLTOP={- # $prefix is used in the OPENSSLDIR perl snippet
+	      #
+	      our $prefix = $config{prefix} || "/usr/local";
+              $prefix -}
+OPENSSLDIR={- #
+	      # The logic here is that if no --openssldir was given,
+	      # OPENSSLDIR will get the value from $prefix plus "/ssl".
+	      # If --openssldir was given and the value is an absolute
+	      # path, OPENSSLDIR will get its value without change.
+	      # If the value from --openssldir is a relative path,
+	      # OPENSSLDIR will get $prefix with the --openssldir
+	      # value appended as a subdirectory.
+	      #
+              use File::Spec::Functions;
+              our $openssldir =
+                  $config{openssldir} ?
+                      (file_name_is_absolute($config{openssldir}) ?
+                           $config{openssldir}
+                           : catdir($prefix, $config{openssldir}))
+                      : catdir($prefix, "ssl");
+              $openssldir -}
+LIBDIR={- our $libdir = $config{libdir};
+          unless ($libdir) {
+              #
+              # if $prefix/lib$target{multilib} is not an existing
+              # directory, then assume that it's not searched by linker
+              # automatically, in which case adding $target{multilib} suffix
+              # causes more grief than we're ready to tolerate, so don't...
+              our $multilib =
+                  -d "$prefix/lib$target{multilib}" ? $target{multilib} : "";
+              $libdir = "lib$multilib";
+          }
+          file_name_is_absolute($libdir) ? "" : $libdir -}
+# $(libdir) is chosen to be compatible with the GNU coding standards
+libdir={- file_name_is_absolute($libdir)
+          ? $libdir : '$(INSTALLTOP)/$(LIBDIR)' -}
+ENGINESDIR=$(libdir)/engines-{- $sover_dirname -}
+
+# Convenience variable for those who want to set the rpath in shared
+# libraries and applications
+LIBRPATH=$(libdir)
+
+MANDIR=$(INSTALLTOP)/share/man
+DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME)
+HTMLDIR=$(DOCDIR)/html
+
+# MANSUFFIX is for the benefit of anyone who may want to have a suffix
+# appended after the manpage file section number.  "ssl" is popular,
+# resulting in files such as config.5ssl rather than config.5.
+MANSUFFIX=
+HTMLSUFFIX=html
+
+# For "optional" echo messages, to get "real" silence
+ECHO = echo
+
+##### User defined commands and flags ################################
+
+# We let the C compiler driver to take care of .s files. This is done in
+# order to be excused from maintaining a separate set of architecture
+# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
+# gcc, then the driver will automatically translate it to -xarch=v8plus
+# and pass it down to assembler.  In any case, we do not define AS or
+# ASFLAGS for this reason.
+
+CROSS_COMPILE={- $config{CROSS_COMPILE} -}
+CC=$(CROSS_COMPILE){- $config{CC} -}
+CXX={- $config{CXX} ? "\$(CROSS_COMPILE)$config{CXX}" : '' -}
+CPPFLAGS={- our $cppflags1 = join(" ",
+                                  (map { "-D".$_} @{$config{CPPDEFINES}}),
+                                  (map { "-I".$_} @{$config{CPPINCLUDES}}),
+                                  @{$config{CPPFLAGS}}) -}
+CFLAGS={- join(' ', @{$config{CFLAGS}}) -}
+CXXFLAGS={- join(' ', @{$config{CXXFLAGS}}) -}
+LDFLAGS= {- join(' ', @{$config{LDFLAGS}}) -}
+EX_LIBS= {- join(' ', @{$config{LDLIBS}}) -}
+
+MAKEDEPEND={- $config{makedepprog} -}
+
+PERL={- $config{PERL} -}
+
+AR=$(CROSS_COMPILE){- $config{AR} -}
+ARFLAGS= {- join(' ', @{$config{ARFLAGS}}) -}
+RANLIB={- $config{RANLIB} ? "\$(CROSS_COMPILE)$config{RANLIB}" : "true"; -}
+RC= $(CROSS_COMPILE){- $config{RC} -}
+RCFLAGS={- join(' ', @{$config{RCFLAGS}}) -} {- $target{shared_rcflag} -}
+
+RM= rm -f
+RMDIR= rmdir
+TAR= {- $target{TAR} || "tar" -}
+TARFLAGS= {- $target{TARFLAGS} -}
+
+BASENAME=       openssl
+NAME=           $(BASENAME)-$(VERSION)
+# Relative to $(SRCDIR)
+TARFILE=        ../$(NAME).tar
+
+##### Project flags ##################################################
+
+# Variables starting with CNF_ are common variables for all product types
+
+CNF_CPPFLAGS={- our $cppflags2 =
+                    join(' ', $target{cppflags} || (),
+                              (map { "-D".$_} @{$target{defines}},
+                                              @{$config{defines}}),
+                              (map { "-I".$_} @{$target{includes}},
+                                              @{$config{includes}}),
+                              @{$config{cppflags}}) -}
+CNF_CFLAGS={- join(' ', $target{cflags} || (),
+                        @{$config{cflags}}) -}
+CNF_CXXFLAGS={- join(' ', $target{cxxflags} || (),
+                          @{$config{cxxflags}}) -}
+CNF_LDFLAGS={- join(' ', $target{lflags} || (),
+                         @{$config{lflags}}) -}
+CNF_EX_LIBS={- join(' ', $target{ex_libs} || (),
+                         @{$config{ex_libs}}) -}
+
+# Variables starting with LIB_ are used to build library object files
+# and shared libraries.
+# Variables starting with DSO_ are used to build DSOs and their object files.
+# Variables starting with BIN_ are used to build programs and their object
+# files.
+
+LIB_CPPFLAGS={- our $lib_cppflags =
+                join(' ', $target{lib_cppflags} || (),
+                          $target{shared_cppflag} || (),
+                          (map { '-D'.$_ }
+                               @{$config{lib_defines}},
+                               @{$config{shared_defines}}),
+                          @{$config{lib_cppflags}},
+                          @{$config{shared_cppflag}});
+                join(' ', $lib_cppflags,
+                          (map { '-D'.$_ }
+                               'OPENSSLDIR="\"$(OPENSSLDIR)\""',
+                               'ENGINESDIR="\"$(ENGINESDIR)\""'),
+                          '$(CNF_CPPFLAGS)', '$(CPPFLAGS)') -}
+LIB_CFLAGS={- join(' ', $target{lib_cflags} || (),
+                        $target{shared_cflag} || (),
+                        @{$config{lib_cflags}},
+                        @{$config{shared_cflag}},
+                        '$(CNF_CFLAGS)', '$(CFLAGS)') -}
+LIB_CXXFLAGS={- join(' ', $target{lib_cxxflags} || (),
+                          $target{shared_cxxflag} || (),
+                          @{$config{lib_cxxflags}},
+                          @{$config{shared_cxxflag}},
+                          '$(CNF_CXXFLAGS)', '$(CXXFLAGS)') -}
+LIB_LDFLAGS={- join(' ', $target{shared_ldflag} || (),
+                         $config{shared_ldflag} || (),
+                         '$(CNF_LDFLAGS)', '$(LDFLAGS)') -}
+LIB_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS)
+DSO_CPPFLAGS={- join(' ', $target{dso_cppflags} || (),
+                          $target{module_cppflags} || (),
+                          @{$config{dso_cppflags}},
+                          @{$config{module_cppflags}},
+                          '$(CNF_CPPFLAGS)', '$(CPPFLAGS)') -}
+DSO_CFLAGS={- join(' ', $target{dso_cflags} || (),
+                        $target{module_cflags} || (),
+                        @{$config{dso_cflags}},
+                        @{$config{module_cflags}},
+                        '$(CNF_CFLAGS)', '$(CFLAGS)') -}
+DSO_CXXFLAGS={- join(' ', $target{dso_cxxflags} || (),
+                          $target{module_cxxflags} || (),
+                          @{$config{dso_cxxflags}},
+                          @{$config{module_cxxflag}},
+                          '$(CNF_CXXFLAGS)', '$(CXXFLAGS)') -}
+DSO_LDFLAGS={- join(' ', $target{dso_ldflags} || (),
+                         $target{module_ldflags} || (),
+                         @{$config{dso_ldflags}},
+                         @{$config{module_ldflags}},
+                         '$(CNF_LDFLAGS)', '$(LDFLAGS)') -}
+DSO_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS)
+BIN_CPPFLAGS={- join(' ', $target{bin_cppflags} || (),
+                          @{$config{bin_cppflags}},
+                          '$(CNF_CPPFLAGS)', '$(CPPFLAGS)') -}
+BIN_CFLAGS={- join(' ', $target{bin_cflags} || (),
+                        @{$config{bin_cflags}},
+                        '$(CNF_CFLAGS)', '$(CFLAGS)') -}
+BIN_CXXFLAGS={- join(' ', $target{bin_cxxflags} || (),
+                          @{$config{bin_cxxflags}},
+                          '$(CNF_CXXFLAGS)', '$(CXXFLAGS)') -}
+BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (),
+                         @{$config{bin_lflags}},
+                         '$(CNF_LDFLAGS)', '$(LDFLAGS)') -}
+BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS)
+
+# CPPFLAGS_Q is used for one thing only: to build up buildinf.h
+CPPFLAGS_Q={- $cppflags1 =~ s|([\\"])|\\$1|g;
+              $cppflags2 =~ s|([\\"])|\\$1|g;
+              $lib_cppflags =~ s|([\\"])|\\$1|g;
+              join(' ', $lib_cppflags || (), $cppflags2 || (),
+                        $cppflags1 || ()) -}
+
+PERLASM_SCHEME= {- $target{perlasm_scheme} -}
+
+# For x86 assembler: Set PROCESSOR to 386 if you want to support
+# the 80386.
+PROCESSOR= {- $config{processor} -}
+
+# We want error [and other] messages in English. Trouble is that make(1)
+# doesn't pass macros down as environment variables unless there already
+# was corresponding variable originally set. In other words we can only
+# reassign environment variables, but not set new ones, not in portable
+# manner that is. That's why we reassign several, just to be sure...
+LC_ALL=C
+LC_MESSAGES=C
+LANG=C
+
+# The main targets ###################################################
+
+{- dependmagic('all'); -}: build_libs_nodep build_engines_nodep build_programs_nodep link-utils
+{- dependmagic('build_libs'); -}: build_libs_nodep
+{- dependmagic('build_engines'); -}: build_engines_nodep
+{- dependmagic('build_programs'); -}: build_programs_nodep
+
+build_generated: $(GENERATED_MANDATORY)
+build_libs_nodep: libcrypto.pc libssl.pc openssl.pc
+build_engines_nodep: $(ENGINES)
+build_programs_nodep: $(PROGRAMS) $(SCRIPTS)
+
+# Kept around for backward compatibility
+build_apps build_tests: build_programs
+
+# Convenience target to prebuild all generated files, not just the mandatory
+# ones
+build_all_generated: $(GENERATED_MANDATORY) $(GENERATED)
+	@ : {- output_off() if $disabled{makedepend}; "" -}
+	@echo "Warning: consider configuring with no-makedepend, because if"
+	@echo "         target system doesn't have $(PERL),"
+	@echo "         then make will fail..."
+	@ : {- output_on() if $disabled{makedepend}; "" -}
+
+test: tests
+{- dependmagic('tests'); -}: build_programs_nodep build_engines_nodep link-utils
+	@ : {- output_off() if $disabled{tests}; "" -}
+	( cd test; \
+	  mkdir -p test-runs; \
+	  SRCTOP=../$(SRCDIR) \
+	  BLDTOP=../$(BLDDIR) \
+	  RESULT_D=test-runs \
+	  PERL="$(PERL)" \
+	  EXE_EXT={- $exeext -} \
+	  OPENSSL_ENGINES=`cd ../$(BLDDIR)/engines 2>/dev/null && pwd` \
+	  OPENSSL_DEBUG_MEMORY=on \
+	    $(PERL) ../$(SRCDIR)/test/run_tests.pl $(TESTS) )
+	@ : {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}
+	@echo "Tests are not supported with your chosen Configure options"
+	@ : {- output_on() if !$disabled{tests}; "" -}
+
+list-tests:
+	@ : {- output_off() if $disabled{tests}; "" -}
+	@SRCTOP="$(SRCDIR)" \
+	 $(PERL) $(SRCDIR)/test/run_tests.pl list
+	@ : {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}
+	@echo "Tests are not supported with your chosen Configure options"
+	@ : {- output_on() if !$disabled{tests}; "" -}
+
+install: install_sw install_ssldirs install_docs
+
+uninstall: uninstall_docs uninstall_sw
+
+libclean:
+	@set -e; for s in $(SHLIB_INFO); do \
+		if [ "$$s" = ";" ]; then continue; fi; \
+		s1=`echo "$$s" | cut -f1 -d";"`; \
+		s2=`echo "$$s" | cut -f2 -d";"`; \
+		$(ECHO) $(RM) $$s1; {- output_off() unless windowsdll(); "" -}\
+		$(RM) apps/$$s1; \
+		$(RM) test/$$s1; \
+		$(RM) fuzz/$$s1; {- output_on() unless windowsdll(); "" -}\
+		$(RM) $$s1; \
+		if [ "$$s1" != "$$s2" ]; then \
+			$(ECHO) $(RM) $$s2; \
+			$(RM) $$s2; \
+		fi; \
+	done
+	$(RM) $(LIBS)
+	$(RM) *.map
+
+clean: libclean
+	$(RM) $(PROGRAMS) $(TESTPROGS) $(ENGINES) $(SCRIPTS)
+	$(RM) $(GENERATED_MANDATORY) $(GENERATED)
+	-$(RM) `find . -name .git -prune -o -name '*{- $depext -}' -print`
+	-$(RM) `find . -name .git -prune -o -name '*{- $objext -}' -print`
+	$(RM) core
+	$(RM) tags TAGS doc-nits
+	$(RM) -r test/test-runs
+	$(RM) openssl.pc libcrypto.pc libssl.pc
+	-$(RM) `find . -name .git -prune -o -type l -print`
+	$(RM) $(TARFILE)
+
+distclean: clean
+	$(RM) configdata.pm
+	$(RM) Makefile
+
+# We check if any depfile is newer than Makefile and decide to
+# concatenate only if that is true.
+depend:
+	@: {- output_off() if $disabled{makedepend}; "" -}
+	@$(PERL) $(SRCDIR)/util/add-depends.pl {-
+		 defined $makedepprog  && $makedepprog =~ /\/makedepend/
+                 ? 'makedepend' : 'gcc' -}
+	@: {- output_on() if $disabled{makedepend}; "" -}
+
+# Install helper targets #############################################
+
+install_sw: install_dev install_engines install_runtime
+
+uninstall_sw: uninstall_runtime uninstall_engines uninstall_dev
+
+install_docs: install_man_docs install_html_docs
+
+uninstall_docs: uninstall_man_docs uninstall_html_docs
+	$(RM) -r -v $(DESTDIR)$(DOCDIR)
+
+install_ssldirs:
+	@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR)/certs
+	@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR)/private
+	@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR)/misc
+	@set -e; for x in dummy $(MISC_SCRIPTS); do \
+		if [ "$$x" = "dummy" ]; then continue; fi; \
+		x1=`echo "$$x" | cut -f1 -d:`; \
+		x2=`echo "$$x" | cut -f2 -d:`; \
+		fn=`basename $$x1`; \
+		$(ECHO) "install $$x1 -> $(DESTDIR)$(OPENSSLDIR)/misc/$$fn"; \
+		cp $$x1 $(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new; \
+		chmod 755 $(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new; \
+		mv -f $(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new \
+		      $(DESTDIR)$(OPENSSLDIR)/misc/$$fn; \
+		if [ "$$x1" != "$$x2" ]; then \
+			ln=`basename "$$x2"`; \
+			: {- output_off() unless windowsdll(); "" -}; \
+			$(ECHO) "copy $(DESTDIR)$(OPENSSLDIR)/misc/$$ln -> $(DESTDIR)$(OPENSSLDIR)/misc/$$fn"; \
+			cp $(DESTDIR)$(OPENSSLDIR)/misc/$$fn $(DESTDIR)$(OPENSSLDIR)/misc/$$ln; \
+			: {- output_on() unless windowsdll();
+			     output_off() if windowsdll(); "" -}; \
+			$(ECHO) "link $(DESTDIR)$(OPENSSLDIR)/misc/$$ln -> $(DESTDIR)$(OPENSSLDIR)/misc/$$fn"; \
+			ln -sf $$fn $(DESTDIR)$(OPENSSLDIR)/misc/$$ln; \
+			: {- output_on() if windowsdll(); "" -}; \
+		fi; \
+	done
+	@$(ECHO) "install $(SRCDIR)/apps/openssl.cnf -> $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.dist"
+	@cp $(SRCDIR)/apps/openssl.cnf $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new
+	@chmod 644 $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new
+	@mv -f  $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.dist
+	@if [ ! -f "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf" ]; then \
+		$(ECHO) "install $(SRCDIR)/apps/openssl.cnf -> $(DESTDIR)$(OPENSSLDIR)/openssl.cnf"; \
+		cp $(SRCDIR)/apps/openssl.cnf $(DESTDIR)$(OPENSSLDIR)/openssl.cnf; \
+		chmod 644 $(DESTDIR)$(OPENSSLDIR)/openssl.cnf; \
+	fi
+	@$(ECHO) "install $(SRCDIR)/apps/ct_log_list.cnf -> $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.dist"
+	@cp $(SRCDIR)/apps/ct_log_list.cnf $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.new
+	@chmod 644 $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.new
+	@mv -f  $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.new $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.dist
+	@if [ ! -f "$(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf" ]; then \
+		$(ECHO) "install $(SRCDIR)/apps/ct_log_list.cnf -> $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf"; \
+		cp $(SRCDIR)/apps/ct_log_list.cnf $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf; \
+		chmod 644 $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf; \
+	fi
+
+install_dev: install_runtime_libs
+	@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
+	@$(ECHO) "*** Installing development files"
+	@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/include/openssl
+	@ : {- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "" -}
+	@$(ECHO) "install $(SRCDIR)/ms/applink.c -> $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c"
+	@cp $(SRCDIR)/ms/applink.c $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c
+	@chmod 644 $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c
+	@ : {- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "" -}
+	@set -e; for i in $(SRCDIR)/include/openssl/*.h \
+			  $(BLDDIR)/include/openssl/*.h; do \
+		fn=`basename $$i`; \
+		$(ECHO) "install $$i -> $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn"; \
+		cp $$i $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn; \
+		chmod 644 $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn; \
+	done
+	@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(libdir)
+	@set -e; for l in $(INSTALL_LIBS); do \
+		fn=`basename $$l`; \
+		$(ECHO) "install $$l -> $(DESTDIR)$(libdir)/$$fn"; \
+		cp $$l $(DESTDIR)$(libdir)/$$fn.new; \
+		$(RANLIB) $(DESTDIR)$(libdir)/$$fn.new; \
+		chmod 644 $(DESTDIR)$(libdir)/$$fn.new; \
+		mv -f $(DESTDIR)$(libdir)/$$fn.new \
+		      $(DESTDIR)$(libdir)/$$fn; \
+	done
+	@ : {- output_off() if $disabled{shared}; "" -}
+	@set -e; for s in $(INSTALL_SHLIB_INFO); do \
+		s1=`echo "$$s" | cut -f1 -d";"`; \
+		s2=`echo "$$s" | cut -f2 -d";"`; \
+		fn1=`basename $$s1`; \
+		fn2=`basename $$s2`; \
+		: {- output_off(); output_on() unless windowsdll() or sharedaix(); "" -}; \
+		if [ "$$fn1" != "$$fn2" ]; then \
+			$(ECHO) "link $(DESTDIR)$(libdir)/$$fn2 -> $(DESTDIR)$(libdir)/$$fn1"; \
+			ln -sf $$fn1 $(DESTDIR)$(libdir)/$$fn2; \
+		fi; \
+		: {- output_off() unless windowsdll() or sharedaix(); output_on() if windowsdll(); "" -}; \
+		$(ECHO) "install $$s2 -> $(DESTDIR)$(libdir)/$$fn2"; \
+		cp $$s2 $(DESTDIR)$(libdir)/$$fn2.new; \
+		chmod 755 $(DESTDIR)$(libdir)/$$fn2.new; \
+		mv -f $(DESTDIR)$(libdir)/$$fn2.new \
+		      $(DESTDIR)$(libdir)/$$fn2; \
+		: {- output_off() if windowsdll(); output_on() if sharedaix(); "" -}; \
+		a=$(DESTDIR)$(libdir)/$$fn2; \
+		$(ECHO) "install $$s1 -> $$a"; \
+		if [ -f $$a ]; then ( trap "rm -rf /tmp/ar.$$$$" INT 0; \
+			mkdir /tmp/ar.$$$$; ( cd /tmp/ar.$$$$; \
+			cp -f $$a $$a.new; \
+			for so in `$(AR) t $$a`; do \
+				$(AR) x $$a $$so; \
+				chmod u+w $$so; \
+				strip -X32_64 -e $$so; \
+				$(AR) r $$a.new $$so; \
+			done; \
+		)); fi; \
+		$(AR) r $$a.new $$s1; \
+		mv -f $$a.new $$a; \
+		: {- output_off() if sharedaix(); output_on(); "" -}; \
+	done
+	@ : {- output_on() if $disabled{shared}; "" -}
+	@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(libdir)/pkgconfig
+	@$(ECHO) "install libcrypto.pc -> $(DESTDIR)$(libdir)/pkgconfig/libcrypto.pc"
+	@cp libcrypto.pc $(DESTDIR)$(libdir)/pkgconfig
+	@chmod 644 $(DESTDIR)$(libdir)/pkgconfig/libcrypto.pc
+	@$(ECHO) "install libssl.pc -> $(DESTDIR)$(libdir)/pkgconfig/libssl.pc"
+	@cp libssl.pc $(DESTDIR)$(libdir)/pkgconfig
+	@chmod 644 $(DESTDIR)$(libdir)/pkgconfig/libssl.pc
+	@$(ECHO) "install openssl.pc -> $(DESTDIR)$(libdir)/pkgconfig/openssl.pc"
+	@cp openssl.pc $(DESTDIR)$(libdir)/pkgconfig
+	@chmod 644 $(DESTDIR)$(libdir)/pkgconfig/openssl.pc
+
+uninstall_dev: uninstall_runtime_libs
+	@$(ECHO) "*** Uninstalling development files"
+	@ : {- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "" -}
+	@$(ECHO) "$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c"
+	@$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c
+	@ : {- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "" -}
+	@set -e; for i in $(SRCDIR)/include/openssl/*.h \
+			  $(BLDDIR)/include/openssl/*.h; do \
+		fn=`basename $$i`; \
+		$(ECHO) "$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn"; \
+		$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn; \
+	done
+	-$(RMDIR) $(DESTDIR)$(INSTALLTOP)/include/openssl
+	-$(RMDIR) $(DESTDIR)$(INSTALLTOP)/include
+	@set -e; for l in $(INSTALL_LIBS); do \
+		fn=`basename $$l`; \
+		$(ECHO) "$(RM) $(DESTDIR)$(libdir)/$$fn"; \
+		$(RM) $(DESTDIR)$(libdir)/$$fn; \
+	done
+	@ : {- output_off() if $disabled{shared}; "" -}
+	@set -e; for s in $(INSTALL_SHLIB_INFO); do \
+		s1=`echo "$$s" | cut -f1 -d";"`; \
+		s2=`echo "$$s" | cut -f2 -d";"`; \
+		fn1=`basename $$s1`; \
+		fn2=`basename $$s2`; \
+		: {- output_off() if windowsdll(); "" -}; \
+		$(ECHO) "$(RM) $(DESTDIR)$(libdir)/$$fn2"; \
+		$(RM) $(DESTDIR)$(libdir)/$$fn2; \
+		if [ "$$fn1" != "$$fn2" -a -f "$(DESTDIR)$(libdir)/$$fn1" ]; then \
+			$(ECHO) "$(RM) $(DESTDIR)$(libdir)/$$fn1"; \
+			$(RM) $(DESTDIR)$(libdir)/$$fn1; \
+		fi; \
+		: {- output_on() if windowsdll(); "" -}{- output_off() unless windowsdll(); "" -}; \
+		$(ECHO) "$(RM) $(DESTDIR)$(libdir)/$$fn2"; \
+		$(RM) $(DESTDIR)$(libdir)/$$fn2; \
+		: {- output_on() unless windowsdll(); "" -}; \
+	done
+	@ : {- output_on() if $disabled{shared}; "" -}
+	$(RM) $(DESTDIR)$(libdir)/pkgconfig/libcrypto.pc
+	$(RM) $(DESTDIR)$(libdir)/pkgconfig/libssl.pc
+	$(RM) $(DESTDIR)$(libdir)/pkgconfig/openssl.pc
+	-$(RMDIR) $(DESTDIR)$(libdir)/pkgconfig
+	-$(RMDIR) $(DESTDIR)$(libdir)
+
+install_engines: install_runtime_libs build_engines
+	@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
+	@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(ENGINESDIR)/
+	@$(ECHO) "*** Installing engines"
+	@set -e; for e in dummy $(INSTALL_ENGINES); do \
+		if [ "$$e" = "dummy" ]; then continue; fi; \
+		fn=`basename $$e`; \
+		$(ECHO) "install $$e -> $(DESTDIR)$(ENGINESDIR)/$$fn"; \
+		cp $$e $(DESTDIR)$(ENGINESDIR)/$$fn.new; \
+		chmod 755 $(DESTDIR)$(ENGINESDIR)/$$fn.new; \
+		mv -f $(DESTDIR)$(ENGINESDIR)/$$fn.new \
+		      $(DESTDIR)$(ENGINESDIR)/$$fn; \
+	done
+
+uninstall_engines:
+	@$(ECHO) "*** Uninstalling engines"
+	@set -e; for e in dummy $(INSTALL_ENGINES); do \
+		if [ "$$e" = "dummy" ]; then continue; fi; \
+		fn=`basename $$e`; \
+		if [ "$$fn" = '{- dso("ossltest") -}' ]; then \
+			continue; \
+		fi; \
+		$(ECHO) "$(RM) $(DESTDIR)$(ENGINESDIR)/$$fn"; \
+		$(RM) $(DESTDIR)$(ENGINESDIR)/$$fn; \
+	done
+	-$(RMDIR) $(DESTDIR)$(ENGINESDIR)
+
+install_runtime: install_programs
+
+install_runtime_libs: build_libs
+	@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
+	@ : {- output_off() if windowsdll(); "" -}
+	@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(libdir)
+	@ : {- output_on() if windowsdll(); output_off() unless windowsdll(); "" -}
+	@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/bin
+	@ : {- output_on() unless windowsdll(); "" -}
+	@$(ECHO) "*** Installing runtime libraries"
+	@set -e; for s in dummy $(INSTALL_SHLIBS); do \
+		if [ "$$s" = "dummy" ]; then continue; fi; \
+		fn=`basename $$s`; \
+		: {- output_off() unless windowsdll(); "" -}; \
+		$(ECHO) "install $$s -> $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
+		cp $$s $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \
+		chmod 755 $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \
+		mv -f $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new \
+		      $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \
+		: {- output_on() unless windowsdll(); "" -}{- output_off() if windowsdll(); "" -}; \
+		$(ECHO) "install $$s -> $(DESTDIR)$(libdir)/$$fn"; \
+		cp $$s $(DESTDIR)$(libdir)/$$fn.new; \
+		chmod 755 $(DESTDIR)$(libdir)/$$fn.new; \
+		mv -f $(DESTDIR)$(libdir)/$$fn.new \
+		      $(DESTDIR)$(libdir)/$$fn; \
+		: {- output_on() if windowsdll(); "" -}; \
+	done
+
+install_programs: install_runtime_libs build_programs
+	@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
+	@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/bin
+	@$(ECHO) "*** Installing runtime programs"
+	@set -e; for x in dummy $(INSTALL_PROGRAMS); do \
+		if [ "$$x" = "dummy" ]; then continue; fi; \
+		fn=`basename $$x`; \
+		$(ECHO) "install $$x -> $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
+		cp $$x $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \
+		chmod 755 $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \
+		mv -f $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new \
+		      $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \
+	done
+	@set -e; for x in dummy $(BIN_SCRIPTS); do \
+		if [ "$$x" = "dummy" ]; then continue; fi; \
+		fn=`basename $$x`; \
+		$(ECHO) "install $$x -> $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
+		cp $$x $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \
+		chmod 755 $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \
+		mv -f $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new \
+		      $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \
+	done
+
+uninstall_runtime: uninstall_programs uninstall_runtime_libs
+
+uninstall_programs:
+	@$(ECHO) "*** Uninstalling runtime programs"
+	@set -e; for x in dummy $(INSTALL_PROGRAMS); \
+	do  \
+		if [ "$$x" = "dummy" ]; then continue; fi; \
+		fn=`basename $$x`; \
+		$(ECHO) "$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
+		$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \
+	done;
+	@set -e; for x in dummy $(BIN_SCRIPTS); \
+	do  \
+		if [ "$$x" = "dummy" ]; then continue; fi; \
+		fn=`basename $$x`; \
+		$(ECHO) "$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
+		$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \
+	done
+	-$(RMDIR) $(DESTDIR)$(INSTALLTOP)/bin
+
+uninstall_runtime_libs:
+	@$(ECHO) "*** Uninstalling runtime libraries"
+	@ : {- output_off() unless windowsdll(); "" -}
+	@set -e; for s in dummy $(INSTALL_SHLIBS); do \
+		if [ "$$s" = "dummy" ]; then continue; fi; \
+		fn=`basename $$s`; \
+		$(ECHO) "$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
+		$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \
+	done
+	@ : {- output_on() unless windowsdll(); "" -}
+
+
+install_man_docs:
+	@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
+	@$(ECHO) "*** Installing manpages"
+	$(PERL) $(SRCDIR)/util/process_docs.pl \
+		--destdir=$(DESTDIR)$(MANDIR) --type=man --suffix=$(MANSUFFIX)
+
+uninstall_man_docs:
+	@$(ECHO) "*** Uninstalling manpages"
+	$(PERL) $(SRCDIR)/util/process_docs.pl \
+		--destdir=$(DESTDIR)$(MANDIR) --type=man --suffix=$(MANSUFFIX) \
+		--remove
+
+install_html_docs:
+	@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
+	@$(ECHO) "*** Installing HTML manpages"
+	$(PERL) $(SRCDIR)/util/process_docs.pl \
+		--destdir=$(DESTDIR)$(HTMLDIR) --type=html
+
+uninstall_html_docs:
+	@$(ECHO) "*** Uninstalling manpages"
+	$(PERL) $(SRCDIR)/util/process_docs.pl \
+		--destdir=$(DESTDIR)$(HTMLDIR) --type=html --remove
+
+
+# Developer targets (note: these are only available on Unix) #########
+
+update: generate errors ordinals
+
+generate: generate_apps generate_crypto_bn generate_crypto_objects \
+          generate_crypto_conf generate_crypto_asn1 generate_fuzz_oids
+
+.PHONY: doc-nits
+doc-nits:
+	(cd $(SRCDIR); $(PERL) util/find-doc-nits -n -p ) >doc-nits
+	@if [ -s doc-nits ] ; then cat doc-nits ; exit 1; \
+	else echo 'doc-nits: no errors.'; rm doc-nits ; fi
+
+# Test coverage is a good idea for the future
+#coverage: $(PROGRAMS) $(TESTPROGRAMS)
+#	...
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRCS)
+
+generate_apps:
+	( cd $(SRCDIR); $(PERL) VMS/VMSify-conf.pl \
+				< apps/openssl.cnf > apps/openssl-vms.cnf )
+
+generate_crypto_bn:
+	( cd $(SRCDIR); $(PERL) crypto/bn/bn_prime.pl > crypto/bn/bn_prime.h )
+
+generate_crypto_objects:
+	( cd $(SRCDIR); $(PERL) crypto/objects/objects.pl -n \
+				crypto/objects/objects.txt \
+				crypto/objects/obj_mac.num \
+				> crypto/objects/obj_mac.new && \
+	    mv crypto/objects/obj_mac.new crypto/objects/obj_mac.num )
+	( cd $(SRCDIR); $(PERL) crypto/objects/objects.pl \
+				crypto/objects/objects.txt \
+				crypto/objects/obj_mac.num \
+				> include/openssl/obj_mac.h )
+	( cd $(SRCDIR); $(PERL) crypto/objects/obj_dat.pl \
+				include/openssl/obj_mac.h \
+				> crypto/objects/obj_dat.h )
+	( cd $(SRCDIR); $(PERL) crypto/objects/objxref.pl \
+				crypto/objects/obj_mac.num \
+				crypto/objects/obj_xref.txt \
+				> crypto/objects/obj_xref.h )
+
+generate_crypto_conf:
+	( cd $(SRCDIR); $(PERL) crypto/conf/keysets.pl \
+			        > crypto/conf/conf_def.h )
+
+generate_crypto_asn1:
+	( cd $(SRCDIR); $(PERL) crypto/asn1/charmap.pl \
+			        > crypto/asn1/charmap.h )
+
+generate_fuzz_oids:
+	( cd $(SRCDIR); $(PERL) fuzz/mkfuzzoids.pl \
+				crypto/objects/obj_dat.h \
+				> fuzz/oids.txt )
+
+# Set to -force to force a rebuild
+ERROR_REBUILD=
+errors:
+	( b=`pwd`; set -e; cd $(SRCDIR); \
+          $(PERL) util/ck_errf.pl -strict -internal; \
+          $(PERL) -I$$b util/mkerr.pl $(ERROR_REBUILD) -internal )
+	( b=`pwd`; set -e; cd $(SRCDIR)/engines; \
+          for E in *.ec ; do \
+              $(PERL) ../util/ck_errf.pl -strict \
+                -conf $$E `basename $$E .ec`.c; \
+              $(PERL) -I$$b ../util/mkerr.pl $(ERROR_REBUILD) -static \
+                -conf $$E `basename $$E .ec`.c ; \
+          done )
+
+ordinals:
+	( b=`pwd`; cd $(SRCDIR); $(PERL) -I$$b util/mkdef.pl crypto update )
+	( b=`pwd`; cd $(SRCDIR); $(PERL) -I$$b util/mkdef.pl ssl update )
+
+test_ordinals:
+	( cd test; \
+	  SRCTOP=../$(SRCDIR) \
+	  BLDTOP=../$(BLDDIR) \
+	    $(PERL) ../$(SRCDIR)/test/run_tests.pl test_ordinals )
+
+tags TAGS: FORCE
+	rm -f TAGS tags
+	-ctags -R .
+	-etags `find . -name '*.[ch]' -o -name '*.pm'`
+
+# Release targets (note: only available on Unix) #####################
+
+tar:
+	(cd $(SRCDIR); ./util/mktar.sh --name='$(NAME)' --tarfile='$(TARFILE)')
+
+# Helper targets #####################################################
+
+link-utils: $(BLDDIR)/util/opensslwrap.sh
+
+$(BLDDIR)/util/opensslwrap.sh: configdata.pm
+	@if [ "$(SRCDIR)" != "$(BLDDIR)" ]; then \
+	    mkdir -p "$(BLDDIR)/util"; \
+	    ln -sf "../$(SRCDIR)/util/opensslwrap.sh" "$(BLDDIR)/util"; \
+	fi
+
+FORCE:
+
+# Building targets ###################################################
+
+libcrypto.pc libssl.pc openssl.pc: configdata.pm $(LIBS) {- join(" ",map { shlib_simple($_) } @{$unified_info{libraries}}) -}
+libcrypto.pc:
+	@ ( echo 'prefix=$(INSTALLTOP)'; \
+	    echo 'exec_prefix=$${prefix}'; \
+	    if [ -n "$(LIBDIR)" ]; then \
+	        echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
+	    else \
+	        echo 'libdir=$(libdir)'; \
+	    fi; \
+	    echo 'includedir=$${prefix}/include'; \
+	    echo 'enginesdir=$${libdir}/engines-{- $sover_dirname -}'; \
+	    echo ''; \
+	    echo 'Name: OpenSSL-libcrypto'; \
+	    echo 'Description: OpenSSL cryptography library'; \
+	    echo 'Version: '$(VERSION); \
+	    echo 'Libs: -L$${libdir} -lcrypto'; \
+	    echo 'Libs.private: $(LIB_EX_LIBS)'; \
+	    echo 'Cflags: -I$${includedir}' ) > libcrypto.pc
+
+libssl.pc:
+	@ ( echo 'prefix=$(INSTALLTOP)'; \
+	    echo 'exec_prefix=$${prefix}'; \
+	    if [ -n "$(LIBDIR)" ]; then \
+	        echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
+	    else \
+	        echo 'libdir=$(libdir)'; \
+	    fi; \
+	    echo 'includedir=$${prefix}/include'; \
+	    echo ''; \
+	    echo 'Name: OpenSSL-libssl'; \
+	    echo 'Description: Secure Sockets Layer and cryptography libraries'; \
+	    echo 'Version: '$(VERSION); \
+	    echo 'Requires.private: libcrypto'; \
+	    echo 'Libs: -L$${libdir} -lssl'; \
+	    echo 'Cflags: -I$${includedir}' ) > libssl.pc
+
+openssl.pc:
+	@ ( echo 'prefix=$(INSTALLTOP)'; \
+	    echo 'exec_prefix=$${prefix}'; \
+	    if [ -n "$(LIBDIR)" ]; then \
+	        echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
+	    else \
+	        echo 'libdir=$(libdir)'; \
+	    fi; \
+	    echo 'includedir=$${prefix}/include'; \
+	    echo ''; \
+	    echo 'Name: OpenSSL'; \
+	    echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
+	    echo 'Version: '$(VERSION); \
+	    echo 'Requires: libssl libcrypto' ) > openssl.pc
+
+configdata.pm: $(SRCDIR)/Configure $(SRCDIR)/config {- join(" ", @{$config{build_file_templates}}, @{$config{build_infos}}, @{$config{conf_files}}) -}
+	@echo "Detected changed: $?"
+	$(PERL) configdata.pm -r
+	@echo "**************************************************"
+	@echo "***                                            ***"
+	@echo "***   Please run the same make command again   ***"
+	@echo "***                                            ***"
+	@echo "**************************************************"
+	@false
+
+reconfigure reconf:
+	$(PERL) configdata.pm -r
+
+{-
+  use File::Basename;
+  use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs/;
+
+  # Helper function to figure out dependencies on libraries
+  # It takes a list of library names and outputs a list of dependencies
+  sub compute_lib_depends {
+      if ($disabled{shared}) {
+          return map { lib($_) } @_;
+      }
+
+      # Depending on shared libraries:
+      # On Windows POSIX layers, we depend on {libname}.dll.a
+      # On Unix platforms, we depend on {shlibname}.so
+      return map { $_ =~ /\.a$/ ? $`.$libext : shlib_simple($_) } @_;
+  }
+
+  sub generatesrc {
+      my %args = @_;
+      my $generator = join(" ", @{$args{generator}});
+      my $generator_incs = join("", map { " -I".$_ } @{$args{generator_incs}});
+      my $incs = join("", map { " -I".$_ } @{$args{incs}});
+      my $deps = join(" ", @{$args{generator_deps}}, @{$args{deps}});
+
+      if ($args{src} !~ /\.[sS]$/) {
+          if ($args{generator}->[0] =~ m|^.*\.in$|) {
+              my $dofile = abs2rel(rel2abs(catfile($config{sourcedir},
+                                                   "util", "dofile.pl")),
+                                   rel2abs($config{builddir}));
+              return <<"EOF";
+$args{src}: $args{generator}->[0] $deps
+	\$(PERL) "-I\$(BLDDIR)" -Mconfigdata "$dofile" \\
+	    "-o$target{build_file}" $generator > \$@
+EOF
+	  } else {
+              return <<"EOF";
+$args{src}: $args{generator}->[0] $deps
+	\$(PERL)$generator_incs $generator > \$@
+EOF
+	  }
+      } else {
+          if ($args{generator}->[0] =~ /\.pl$/) {
+              $generator = 'CC="$(CC)" $(PERL)'.$generator_incs.' '.$generator;
+          } elsif ($args{generator}->[0] =~ /\.m4$/) {
+              $generator = 'm4 -B 8192'.$generator_incs.' '.$generator.' >'
+          } elsif ($args{generator}->[0] =~ /\.S$/) {
+              $generator = undef;
+          } else {
+              die "Generator type for $args{src} unknown: $generator\n";
+          }
+
+          my $cppflags = {
+              lib => '$(LIB_CFLAGS) $(LIB_CPPFLAGS)',
+              dso => '$(DSO_CFLAGS) $(DSO_CPPFLAGS)',
+              bin => '$(BIN_CFLAGS) $(BIN_CPPFLAGS)'
+          } -> {$args{intent}};
+          if (defined($generator)) {
+              return <<"EOF";
+$args{src}: $args{generator}->[0] $deps
+	$generator \$@
+EOF
+          }
+          return <<"EOF";
+$args{src}: $args{generator}->[0] $deps
+	\$(CC) $incs $cppflags -E $args{generator}->[0] | \\
+	\$(PERL) -ne '/^#(line)?\\s*[0-9]+/ or print' > \$@
+EOF
+      }
+  }
+
+  # Should one wonder about the end of the Perl snippet, it's because this
+  # second regexp eats up line endings as well, if the removed path is the
+  # last in the line.  We may therefore need to put back a line ending.
+  sub src2obj {
+      my %args = @_;
+      (my $obj = $args{obj}) =~ s|\.o$||;
+      my @srcs = @{$args{srcs}};
+      my $srcs = join(" ",  @srcs);
+      my $deps = join(" ", @srcs, @{$args{deps}});
+      my $incs = join("", map { " -I".$_ } @{$args{incs}});
+      my $cmd;
+      my $cmdflags;
+      my $cmdcompile;
+      if (grep /\.rc$/, @srcs) {
+          $cmd = '$(RC)';
+          $cmdflags = '$(RCFLAGS)';
+          $cmdcompile = '';
+      } elsif (grep /\.(cc|cpp)$/, @srcs) {
+          $cmd = '$(CXX)';
+          $cmdcompile = ' -c';
+          $cmdflags = {
+              lib => '$(LIB_CXXFLAGS) $(LIB_CPPFLAGS)',
+              dso => '$(DSO_CXXFLAGS) $(DSO_CPPFLAGS)',
+              bin => '$(BIN_CXXFLAGS) $(BIN_CPPFLAGS)'
+          } -> {$args{intent}};
+      } else {
+          $cmd = '$(CC)';
+          $cmdcompile = ' -c';
+          $cmdflags = {
+              lib => '$(LIB_CFLAGS) $(LIB_CPPFLAGS)',
+              dso => '$(DSO_CFLAGS) $(DSO_CPPFLAGS)',
+              bin => '$(BIN_CFLAGS) $(BIN_CPPFLAGS)'
+          } -> {$args{intent}};
+      }
+      my $recipe;
+      # extension-specific rules
+      if (grep /\.s$/, @srcs) {
+          $recipe .= <<"EOF";
+$obj$objext: $deps
+	$cmd $cmdflags -c -o \$\@ $srcs
+EOF
+      } elsif (grep /\.S$/, @srcs) {
+          # Originally there was mutli-step rule with $(CC) -E file.S
+          # followed by $(CC) -c file.s. It compensated for one of
+          # legacy platform compiler's inability to handle .S files.
+          # The platform is long discontinued by vendor so there is
+          # hardly a point to drag it along...
+          $recipe .= <<"EOF";
+$obj$objext: $deps
+	$cmd $incs $cmdflags -c -o \$\@ $srcs
+EOF
+      } elsif (defined $makedepprog && $makedepprog !~ /\/makedepend/
+               && !grep /\.rc$/, @srcs) {
+          $recipe .= <<"EOF";
+$obj$objext: $deps
+	$cmd $incs $cmdflags -MMD -MF $obj$depext.tmp -MT \$\@ -c -o \$\@ $srcs
+	\@touch $obj$depext.tmp
+	\@if cmp $obj$depext.tmp $obj$depext > /dev/null 2> /dev/null; then \\
+		rm -f $obj$depext.tmp; \\
+	else \\
+		mv $obj$depext.tmp $obj$depext; \\
+	fi
+EOF
+      } else {
+          $recipe .= <<"EOF";
+$obj$objext: $deps
+	$cmd $incs $cmdflags $cmdcompile -o \$\@ $srcs
+EOF
+          if (defined $makedepprog  && $makedepprog =~ /\/makedepend/) {
+              $recipe .= <<"EOF";
+	\$(MAKEDEPEND) -f- -Y -- $incs $cmdflags -- $srcs 2>/dev/null \\
+	    > $obj$depext
+EOF
+          }
+      }
+      return $recipe;
+  }
+  # We *know* this routine is only called when we've configure 'shared'.
+  sub libobj2shlib {
+      my %args = @_;
+      my $lib = $args{lib};
+      my $shlib = $args{shlib};
+      my $libd = dirname($lib);
+      my $libn = basename($lib);
+      (my $libname = $libn) =~ s/^lib//;
+      my @linkdirs = ();
+      foreach (@{args{deps}}) {
+          my $d = dirname($_);
+          push @linkdirs, $d unless grep { $d eq $_ } @linkdirs;
+      }
+      my $linkflags = join("", map { "-L$_ " } @linkdirs);
+      my $linklibs = join("", map { my $f = basename($_);
+                                    (my $l = $f) =~ s/^lib//;
+                                    " -l$l" } @{$args{deps}});
+      my @objs = map { (my $x = $_) =~ s|\.o$||; "$x$objext" }
+                 grep { $_ !~ m/\.(?:def|map)$/ }
+                 @{$args{objs}};
+      my @defs = grep { $_ =~ /\.(?:def|map)$/ } @{$args{objs}};
+      my @deps = compute_lib_depends(@{$args{deps}});
+      die "More than one exported symbol map" if scalar @defs > 1;
+      my $objs = join(" ", @objs);
+      my $deps = join(" ", @objs, @defs, @deps);
+      my $simple = shlib_simple($lib);
+      my $full = shlib($lib);
+      my $target = "$simple $full";
+      my $shared_soname = "";
+      $shared_soname .= ' '.$target{shared_sonameflag}.basename($full)
+          if defined $target{shared_sonameflag};
+      my $shared_imp = "";
+      $shared_imp .= ' '.$target{shared_impflag}.basename($simple)
+          if defined $target{shared_impflag};
+      my $shared_def = join("", map { ' '.$target{shared_defflag}.$_ } @defs);
+      my $recipe = <<"EOF";
+$target: $deps
+	\$(CC) \$(LIB_CFLAGS) $linkflags\$(LIB_LDFLAGS)$shared_soname$shared_imp \\
+		-o $full$shared_def $objs \\
+                $linklibs \$(LIB_EX_LIBS)
+EOF
+      if (windowsdll()) {
+          $recipe .= <<"EOF";
+	rm -f apps/$shlib'\$(SHLIB_EXT)'
+	rm -f test/$shlib'\$(SHLIB_EXT)'
+	rm -f fuzz/$shlib'\$(SHLIB_EXT)'
+	cp -p $shlib'\$(SHLIB_EXT)' apps/
+	cp -p $shlib'\$(SHLIB_EXT)' test/
+	cp -p $shlib'\$(SHLIB_EXT)' fuzz/
+EOF
+      } elsif (sharedaix()) {
+          $recipe .= <<"EOF";
+	rm -f $simple && \\
+	\$(AR) r $simple $full
+EOF
+      } else {
+          $recipe .= <<"EOF";
+	if [ '$simple' != '$full' ]; then \\
+		rm -f $simple; \\
+		ln -s $full $simple; \\
+	fi
+EOF
+      }
+  }
+  sub obj2dso {
+      my %args = @_;
+      my $dso = $args{lib};
+      my $dsod = dirname($dso);
+      my $dson = basename($dso);
+      my @linkdirs = ();
+      foreach (@{args{deps}}) {
+          my $d = dirname($_);
+          push @linkdirs, $d unless grep { $d eq $_ } @linkdirs;
+      }
+      my $linkflags = join("", map { "-L$_ " } @linkdirs);
+      my $linklibs = join("", map { my $f = basename($_);
+                                    (my $l = $f) =~ s/^lib//;
+                                    " -l$l" } @{$args{deps}});
+      my @objs = map { (my $x = $_) =~ s|\.o$||; "$x$objext" }
+                 grep { $_ !~ m/\.(?:def|map)$/ }
+                 @{$args{objs}};
+      my @deps = compute_lib_depends(@{$args{deps}});
+      my $objs = join(" ", @objs);
+      my $deps = join(" ", @deps);
+      my $target = dso($dso);
+      return <<"EOF";
+$target: $objs $deps
+	\$(CC) \$(DSO_CFLAGS) $linkflags\$(DSO_LDFLAGS) \\
+		-o $target $objs \\
+                $linklibs \$(DSO_EX_LIBS)
+EOF
+  }
+  sub obj2lib {
+      my %args = @_;
+      (my $lib = $args{lib}) =~ s/\.a$//;
+      my @objs = map { (my $x = $_) =~ s|\.o$|$objext|; $x } @{$args{objs}};
+      my $objs = join(" ", @objs);
+      return <<"EOF";
+$lib$libext: $objs
+	\$(AR) \$(ARFLAGS) \$\@ \$\?
+	\$(RANLIB) \$\@ || echo Never mind.
+EOF
+  }
+  sub obj2bin {
+      my %args = @_;
+      my $bin = $args{bin};
+      my $bind = dirname($bin);
+      my $binn = basename($bin);
+      my $objs = join(" ", map { (my $x = $_) =~ s|\.o$||; "$x$objext" }
+                           @{$args{objs}});
+      my $deps = join(" ",compute_lib_depends(@{$args{deps}}));
+      my @linkdirs = ();
+      foreach (@{args{deps}}) {
+          next if $_ =~ /\.a$/;
+          my $d = dirname($_);
+          push @linkdirs, $d unless grep { $d eq $_ } @linkdirs;
+      }
+      my $linkflags = join("", map { "-L$_ " } @linkdirs);
+      my $linklibs = join("", map { if ($_ =~ s/\.a$//) {
+                                        " $_$libext";
+                                    } else {
+                                        my $f = basename($_);
+                                        (my $l = $f) =~ s/^lib//;
+                                        " -l$l"
+                                    }
+                                  } @{$args{deps}});
+      my $cmd = '$(CC)';
+      my $cmdflags = '$(BIN_CFLAGS)';
+      if (grep /_cc\.o$/, @{$args{objs}}) {
+          $cmd = '$(CXX)';
+          $cmdflags = '$(BIN_CXXFLAGS)';
+      }
+      return <<"EOF";
+$bin$exeext: $objs $deps
+	rm -f $bin$exeext
+	\$\${LDCMD:-$cmd} $cmdflags $linkflags\$(BIN_LDFLAGS) \\
+		-o $bin$exeext $objs \\
+		$linklibs \$(BIN_EX_LIBS)
+EOF
+  }
+  sub in2script {
+      my %args = @_;
+      my $script = $args{script};
+      my $sources = join(" ", @{$args{sources}});
+      my $dofile = abs2rel(rel2abs(catfile($config{sourcedir},
+                                           "util", "dofile.pl")),
+                           rel2abs($config{builddir}));
+      return <<"EOF";
+$script: $sources
+	\$(PERL) "-I\$(BLDDIR)" -Mconfigdata "$dofile" \\
+	    "-o$target{build_file}" $sources > "$script"
+	chmod a+x $script
+EOF
+  }
+  sub generatedir {
+      my %args = @_;
+      my $dir = $args{dir};
+      my @deps = map { s|\.o$|$objext|; $_ } @{$args{deps}};
+      my @actions = ();
+      my %extinfo = ( dso => $dsoext,
+                      lib => $libext,
+                      bin => $exeext );
+
+      # We already have a 'test' target, and the top directory is just plain
+      # silly
+      return if $dir eq "test" || $dir eq ".";
+
+      foreach my $type (("dso", "lib", "bin", "script")) {
+          next unless defined($unified_info{dirinfo}->{$dir}->{products}->{$type});
+          # For lib object files, we could update the library.  However, it
+          # was decided that it's enough to build the directory local object
+          # files, so we don't need to add any actions, and the dependencies
+          # are already taken care of.
+          if ($type ne "lib") {
+              foreach my $prod (@{$unified_info{dirinfo}->{$dir}->{products}->{$type}}) {
+                  if (dirname($prod) eq $dir) {
+                      push @deps, $prod.$extinfo{$type};
+                  } else {
+                      push @actions, "\t@ : No support to produce $type ".join(", ", @{$unified_info{dirinfo}->{$dir}->{products}->{$type}});
+                  }
+              }
+          }
+      }
+
+      my $deps = join(" ", @deps);
+      my $actions = join("\n", "", @actions);
+      return <<"EOF";
+$dir $dir/: $deps$actions
+EOF
+  }
+  ""    # Important!  This becomes part of the template result.
+-}
diff --git a/trunk/3rdparty/openssl-1.1-fit/Configurations/unix-checker.pm b/trunk/3rdparty/openssl-1.1-fit/Configurations/unix-checker.pm
new file mode 100644
index 000000000..b39b0eb7c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/Configurations/unix-checker.pm
@@ -0,0 +1,22 @@
+#! /usr/bin/perl
+
+use Config;
+
+# Check that the perl implementation file modules generate paths that
+# we expect for the platform
+use File::Spec::Functions qw(:DEFAULT rel2abs);
+
+if (rel2abs('.') !~ m|/|) {
+    die <<EOF;
+
+******************************************************************************
+This perl implementation doesn't produce Unix like paths (with forward slash
+directory separators).  Please use an implementation that matches your
+building platform.
+
+This Perl version: $Config{version} for $Config{archname}
+******************************************************************************
+EOF
+}
+
+1;
diff --git a/trunk/3rdparty/openssl-1.1-fit/Configurations/windows-checker.pm b/trunk/3rdparty/openssl-1.1-fit/Configurations/windows-checker.pm
new file mode 100644
index 000000000..4b7105df3
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/Configurations/windows-checker.pm
@@ -0,0 +1,22 @@
+#! /usr/bin/perl
+
+use Config;
+
+# Check that the perl implementation file modules generate paths that
+# we expect for the platform
+use File::Spec::Functions qw(:DEFAULT rel2abs);
+
+if (!$ENV{CONFIGURE_INSIST} && rel2abs('.') !~ m|\\|) {
+    die <<EOF;
+
+******************************************************************************
+This perl implementation doesn't produce Windows like paths (with backward
+slash directory separators).  Please use an implementation that matches your
+building platform.
+
+This Perl version: $Config{version} for $Config{archname}
+******************************************************************************
+EOF
+}
+
+1;
diff --git a/trunk/3rdparty/openssl-1.1-fit/Configurations/windows-makefile.tmpl b/trunk/3rdparty/openssl-1.1-fit/Configurations/windows-makefile.tmpl
new file mode 100644
index 000000000..d420bfff3
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/Configurations/windows-makefile.tmpl
@@ -0,0 +1,760 @@
+##
+## Makefile for OpenSSL
+##
+## {- join("\n## ", @autowarntext) -}
+{-
+ our $objext = $target{obj_extension} || ".obj";
+ our $resext = $target{res_extension} || ".res";
+ our $depext = $target{dep_extension} || ".d";
+ our $exeext = $target{exe_extension} || ".exe";
+ our $libext = $target{lib_extension} || ".lib";
+ our $shlibext = $target{shared_extension} || ".dll";
+ our $shlibextimport = $target{shared_import_extension} || ".lib";
+ our $dsoext = $target{dso_extension} || ".dll";
+
+ (our $sover_dirname = $config{shlib_version_number}) =~ s|\.|_|g;
+
+ my $build_scheme = $target{build_scheme};
+ my $install_flavour = $build_scheme->[$#$build_scheme]; # last element
+ my $win_installenv =
+     $install_flavour eq "VC-WOW" ? "ProgramFiles(x86)"
+                                  : "ProgramW6432";
+ my $win_commonenv =
+     $install_flavour eq "VC-WOW" ? "CommonProgramFiles(x86)"
+                                  : "CommonProgramW6432";
+ our $win_installroot =
+     defined($ENV{$win_installenv}) ? $win_installenv : 'ProgramFiles';
+ our $win_commonroot =
+     defined($ENV{$win_commonenv}) ? $win_commonenv : 'CommonProgramFiles';
+
+ # expand variables early
+ $win_installroot = $ENV{$win_installroot};
+ $win_commonroot = $ENV{$win_commonroot};
+
+ sub shlib {
+     my $lib = shift;
+     return () if $disabled{shared} || $lib =~ /\.a$/;
+     return () unless defined $unified_info{sharednames}->{$lib};
+     return $unified_info{sharednames}->{$lib} . $shlibext;
+ }
+
+ sub lib {
+     (my $lib = shift) =~ s/\.a$//;
+     $lib .= '_static'
+         if (defined $unified_info{sharednames}->{$lib});
+     return $lib . $libext;
+ }
+
+ sub shlib_import {
+     my $lib = shift;
+     return () if $disabled{shared} || $lib =~ /\.a$/;
+     return $lib . $shlibextimport;
+ }
+
+ sub dso {
+     my $dso = shift;
+
+     return $dso . $dsoext;
+ }
+ # This makes sure things get built in the order they need
+ # to. You're welcome.
+ sub dependmagic {
+     my $target = shift;
+
+     return "$target: build_generated\n\t\$(MAKE) /\$(MAKEFLAGS) depend && \$(MAKE) /\$(MAKEFLAGS) _$target\n_$target";
+ }
+ '';
+-}
+
+PLATFORM={- $config{target} -}
+SRCDIR={- $config{sourcedir} -}
+BLDDIR={- $config{builddir} -}
+
+VERSION={- $config{version} -}
+MAJOR={- $config{major} -}
+MINOR={- $config{minor} -}
+
+SHLIB_VERSION_NUMBER={- $config{shlib_version_number} -}
+
+LIBS={- join(" ", map { ( shlib_import($_), lib($_) ) } @{$unified_info{libraries}}) -}
+SHLIBS={- join(" ", map { shlib($_) } @{$unified_info{libraries}}) -}
+SHLIBPDBS={- join(" ", map { local $shlibext = ".pdb"; shlib($_) } @{$unified_info{libraries}}) -}
+ENGINES={- join(" ", map { dso($_) } @{$unified_info{engines}}) -}
+ENGINEPDBS={- join(" ", map { local $dsoext = ".pdb"; dso($_) } @{$unified_info{engines}}) -}
+PROGRAMS={- our @PROGRAMS = map { $_.$exeext } @{$unified_info{programs}}; join(" ", @PROGRAMS) -}
+PROGRAMPDBS={- join(" ", map { $_.".pdb" } @{$unified_info{programs}}) -}
+SCRIPTS={- join(" ", @{$unified_info{scripts}}) -}
+{- output_off() if $disabled{makedepend}; "" -}
+DEPS={- join(" ", map { (my $x = $_) =~ s|\.o$|$depext|; $x; }
+                  grep { $unified_info{sources}->{$_}->[0] =~ /\.c$/ }
+                  keys %{$unified_info{sources}}); -}
+{- output_on() if $disabled{makedepend}; "" -}
+GENERATED_MANDATORY={- join(" ", @{$unified_info{depends}->{""}} ) -}
+GENERATED={- # common0.tmpl provides @generated
+             join(" ", map { (my $x = $_) =~ s|\.[sS]$|.asm|; $x }
+                       @generated) -}
+
+INSTALL_LIBS={- join(" ", map { quotify1(shlib_import($_) or lib($_)) } @{$unified_info{install}->{libraries}}) -}
+INSTALL_SHLIBS={- join(" ", map { quotify_l(shlib($_)) } @{$unified_info{install}->{libraries}}) -}
+INSTALL_SHLIBPDBS={- join(" ", map { local $shlibext = ".pdb"; quotify_l(shlib($_)) } @{$unified_info{install}->{libraries}}) -}
+INSTALL_ENGINES={- join(" ", map { quotify1(dso($_)) } @{$unified_info{install}->{engines}}) -}
+INSTALL_ENGINEPDBS={- join(" ", map { local $dsoext = ".pdb"; quotify1(dso($_)) } @{$unified_info{install}->{engines}}) -}
+INSTALL_PROGRAMS={- join(" ", map { quotify1($_.$exeext) } grep { !m|^test\\| } @{$unified_info{install}->{programs}}) -}
+INSTALL_PROGRAMPDBS={- join(" ", map { quotify1($_.".pdb") } grep { !m|^test\\| } @{$unified_info{install}->{programs}}) -}
+{- output_off() if $disabled{apps}; "" -}
+BIN_SCRIPTS="$(BLDDIR)\tools\c_rehash.pl"
+MISC_SCRIPTS="$(BLDDIR)\apps\CA.pl" "$(BLDDIR)\apps\tsget.pl"
+{- output_on() if $disabled{apps}; "" -}
+
+APPS_OPENSSL={- use File::Spec::Functions;
+                "\"".catfile("apps","openssl")."\"" -}
+
+# Do not edit these manually. Use Configure with --prefix or --openssldir
+# to change this!  Short explanation in the top comment in Configure
+INSTALLTOP_dev={- # $prefix is used in the OPENSSLDIR perl snippet
+                  #
+                  use File::Spec::Functions qw(:DEFAULT splitpath);
+                  our $prefix = canonpath($config{prefix}
+                                          || "$win_installroot\\OpenSSL");
+                  our ($prefix_dev, $prefix_dir, $prefix_file) =
+                      splitpath($prefix, 1);
+                  $prefix_dev -}
+INSTALLTOP_dir={- canonpath($prefix_dir) -}
+OPENSSLDIR_dev={- #
+                  # The logic here is that if no --openssldir was given,
+                  # OPENSSLDIR will get the value "$win_commonroot\\SSL".
+                  # If --openssldir was given and the value is an absolute
+                  # path, OPENSSLDIR will get its value without change.
+                  # If the value from --openssldir is a relative path,
+                  # OPENSSLDIR will get $prefix with the --openssldir
+                  # value appended as a subdirectory.
+                  #
+                  use File::Spec::Functions qw(:DEFAULT splitpath);
+                  our $openssldir =
+                      $config{openssldir} ?
+                          (file_name_is_absolute($config{openssldir}) ?
+                               canonpath($config{openssldir})
+                               : catdir($prefix, $config{openssldir}))
+                          : canonpath("$win_commonroot\\SSL");
+                  our ($openssldir_dev, $openssldir_dir, $openssldir_file) =
+                      splitpath($openssldir, 1);
+                  $openssldir_dev -}
+OPENSSLDIR_dir={- canonpath($openssldir_dir) -}
+LIBDIR={- our $libdir = $config{libdir} || "lib";
+          file_name_is_absolute($libdir) ? "" : $libdir -}
+ENGINESDIR_dev={- use File::Spec::Functions qw(:DEFAULT splitpath);
+                  our $enginesdir = catdir($prefix,$libdir,"engines-$sover_dirname");
+                  our ($enginesdir_dev, $enginesdir_dir, $enginesdir_file) =
+                      splitpath($enginesdir, 1);
+                  $enginesdir_dev -}
+ENGINESDIR_dir={- canonpath($enginesdir_dir) -}
+!IF "$(DESTDIR)" != ""
+INSTALLTOP=$(DESTDIR)$(INSTALLTOP_dir)
+OPENSSLDIR=$(DESTDIR)$(OPENSSLDIR_dir)
+ENGINESDIR=$(DESTDIR)$(ENGINESDIR_dir)
+!ELSE
+INSTALLTOP=$(INSTALLTOP_dev)$(INSTALLTOP_dir)
+OPENSSLDIR=$(OPENSSLDIR_dev)$(OPENSSLDIR_dir)
+ENGINESDIR=$(ENGINESDIR_dev)$(ENGINESDIR_dir)
+!ENDIF
+
+# $(libdir) is chosen to be compatible with the GNU coding standards
+libdir={- file_name_is_absolute($libdir)
+          ? $libdir : '$(INSTALLTOP)\$(LIBDIR)' -}
+
+##### User defined commands and flags ################################
+
+CC={- $config{CC} -}
+CPP={- $config{CPP} -}
+CPPFLAGS={- our $cppflags1 = join(" ",
+                                  (map { "-D".$_} @{$config{CPPDEFINES}}),
+                                  (map { " /I ".$_} @{$config{CPPINCLUDES}}),
+                                  @{$config{CPPFLAGS}}) -}
+CFLAGS={- join(' ', @{$config{CFLAGS}}) -}
+LD={- $config{LD} -}
+LDFLAGS={- join(' ', @{$config{LDFLAGS}}) -}
+EX_LIBS={- join(' ', @{$config{LDLIBS}}) -}
+
+PERL={- $config{PERL} -}
+
+AR={- $config{AR} -}
+ARFLAGS= {- join(' ', @{$config{ARFLAGS}}) -}
+
+MT={- $config{MT} -}
+MTFLAGS= {- join(' ', @{$config{MTFLAGS}}) -}
+
+AS={- $config{AS} -}
+ASFLAGS={- join(' ', @{$config{ASFLAGS}}) -}
+
+RC={- $config{RC} -}
+
+ECHO="$(PERL)" "$(SRCDIR)\util\echo.pl"
+
+##### Special command flags ##########################################
+
+COUTFLAG={- $target{coutflag} -}$(OSSL_EMPTY)
+LDOUTFLAG={- $target{ldoutflag} -}$(OSSL_EMPTY)
+AROUTFLAG={- $target{aroutflag} -}$(OSSL_EMPTY)
+MTINFLAG={- $target{mtinflag} -}$(OSSL_EMPTY)
+MTOUTFLAG={- $target{mtoutflag} -}$(OSSL_EMPTY)
+ASOUTFLAG={- $target{asoutflag} -}$(OSSL_EMPTY)
+RCOUTFLAG={- $target{rcoutflag} -}$(OSSL_EMPTY)
+
+##### Project flags ##################################################
+
+# Variables starting with CNF_ are common variables for all product types
+
+CNF_ASFLAGS={- join(' ', $target{asflags} || (),
+                         @{$config{asflags}}) -}
+CNF_CPPFLAGS={- our $cppfags2 =
+                    join(' ', $target{cppflags} || (),
+                              (map { '-D'.quotify1($_) } @{$target{defines}},
+                                                         @{$config{defines}}),
+                              (map { '-I'.quotify1($_) } @{$target{includes}},
+                                                         @{$config{includes}}),
+                              @{$config{cppflags}}) -}
+CNF_CFLAGS={- join(' ', $target{cflags} || (),
+                        @{$config{cflags}}) -}
+CNF_CXXFLAGS={- join(' ', $target{cxxflags} || (),
+                          @{$config{cxxflags}}) -}
+CNF_LDFLAGS={- join(' ', $target{lflags} || (),
+                         @{$config{lflags}}) -}
+CNF_EX_LIBS={- join(' ', $target{ex_libs} || (),
+                         @{$config{ex_libs}}) -}
+
+# Variables starting with LIB_ are used to build library object files
+# and shared libraries.
+# Variables starting with DSO_ are used to build DSOs and their object files.
+# Variables starting with BIN_ are used to build programs and their object
+# files.
+
+LIB_ASFLAGS={- join(' ', $target{lib_asflags} || (),
+                         @{$config{lib_asflags}},
+                         '$(CNF_ASFLAGS)', '$(ASFLAGS)') -}
+LIB_CPPFLAGS={- our $lib_cppflags =
+                join(' ', $target{lib_cppflags} || (),
+                          $target{shared_cppflag} || (),
+                          (map { '-D'.quotify1($_) }
+                               @{$target{lib_defines}},
+                               @{$target{shared_defines}},
+                               @{$config{lib_defines}},
+                               @{$config{shared_defines}}),
+                          (map { '-I'.quotify1($_) }
+                               @{$target{lib_includes}},
+                               @{$target{shared_includes}},
+                               @{$config{lib_includes}},
+                               @{$config{shared_includes}}),
+                          @{$config{lib_cppflags}},
+                          @{$config{shared_cppflag}});
+                join(' ', $lib_cppflags,
+                          (map { '-D'.quotify1($_) }
+                               "OPENSSLDIR=\"$openssldir\"",
+                               "ENGINESDIR=\"$enginesdir\""),
+                          '$(CNF_CPPFLAGS)', '$(CPPFLAGS)') -}
+LIB_CFLAGS={- join(' ', $target{lib_cflags} || (),
+                        $target{shared_cflag} || (),
+                        @{$config{lib_cflags}},
+                        @{$config{shared_cflag}},
+                        '$(CNF_CFLAGS)', '$(CFLAGS)') -}
+LIB_LDFLAGS={- join(' ', $target{shared_ldflag} || (),
+                         $config{shared_ldflag} || (),
+                         '$(CNF_LDFLAGS)', '$(LDFLAGS)') -}
+LIB_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS)
+DSO_ASFLAGS={- join(' ', $target{dso_asflags} || (),
+                         $target{module_asflags} || (),
+                         @{$config{dso_asflags}},
+                         @{$config{module_asflags}},
+                         '$(CNF_ASFLAGS)', '$(ASFLAGS)') -}
+DSO_CPPFLAGS={- join(' ', $target{dso_cppflags} || (),
+                          $target{module_cppflags} || (),
+                          @{$config{dso_cppflags}},
+                          @{$config{module_cppflags}},
+                          '$(CNF_CPPFLAGS)', '$(CPPFLAGS)') -}
+DSO_CFLAGS={- join(' ', $target{dso_cflags} || (),
+                        $target{module_cflags} || (),
+                        @{$config{dso_cflags}},
+                        @{$config{module_cflags}},
+                        '$(CNF_CFLAGS)', '$(CFLAGS)') -}
+DSO_LDFLAGS={- join(' ', $target{dso_lflags} || (),
+                         $target{module_ldflags} || (),
+                         @{$config{dso_lflags}},
+                         @{$config{module_ldflags}},
+                         '$(CNF_LDFLAGS)', '$(LDFLAGS)') -}
+DSO_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS)
+BIN_ASFLAGS={- join(' ', $target{bin_asflags} || (),
+                         @{$config{bin_asflags}},
+                         '$(CNF_ASFLAGS)', '$(ASFLAGS)') -}
+BIN_CPPFLAGS={- join(' ', $target{bin_cppflags} || (),
+                          @{$config{bin_cppflags}},
+                          '$(CNF_CPPFLAGS)', '$(CPPFLAGS)') -}
+BIN_CFLAGS={- join(' ', $target{bin_cflags} || (),
+                        @{$config{bin_cflags}},
+                        '$(CNF_CFLAGS)', '$(CFLAGS)') -}
+BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (),
+                         @{$config{bin_lflags}},
+                         '$(CNF_LDFLAGS)', '$(LDFLAGS)') -}
+BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS)
+
+# CPPFLAGS_Q is used for one thing only: to build up buildinf.h
+CPPFLAGS_Q={- $cppflags1 =~ s|([\\"])|\\$1|g;
+              $cppflags2 =~ s|([\\"])|\\$1|g;
+              join(' ', $lib_cppflags || (), $cppflags2 || (),
+                        $cppflags1 || ()) -}
+
+PERLASM_SCHEME= {- $target{perlasm_scheme} -}
+
+PROCESSOR= {- $config{processor} -}
+
+# The main targets ###################################################
+
+{- dependmagic('all'); -}: build_libs_nodep build_engines_nodep build_programs_nodep
+{- dependmagic('build_libs'); -}: build_libs_nodep
+{- dependmagic('build_engines'); -}: build_engines_nodep
+{- dependmagic('build_programs'); -}: build_programs_nodep
+
+build_generated: $(GENERATED_MANDATORY)
+build_libs_nodep: $(LIBS) {- join(" ",map { shlib_import($_) } @{$unified_info{libraries}}) -}
+build_engines_nodep: $(ENGINES)
+build_programs_nodep: $(PROGRAMS) $(SCRIPTS)
+
+# Kept around for backward compatibility
+build_apps build_tests: build_programs
+
+# Convenience target to prebuild all generated files, not just the mandatory
+# ones
+build_all_generated: $(GENERATED_MANDATORY) $(GENERATED)
+	@{- output_off() if $disabled{makedepend}; "" -}
+	@$(ECHO) "Warning: consider configuring with no-makedepend, because if"
+	@$(ECHO) "         target system doesn't have $(PERL),"
+	@$(ECHO) "         then make will fail..."
+	@{- output_on() if $disabled{makedepend}; "" -}
+
+test: tests
+{- dependmagic('tests'); -}: build_programs_nodep build_engines_nodep
+	@{- output_off() if $disabled{tests}; "" -}
+	-mkdir $(BLDDIR)\test\test-runs
+	set SRCTOP=$(SRCDIR)
+	set BLDTOP=$(BLDDIR)
+	set RESULT_D=$(BLDDIR)\test\test-runs
+	set PERL=$(PERL)
+	set OPENSSL_ENGINES=$(MAKEDIR)\engines
+	set OPENSSL_DEBUG_MEMORY=on
+	"$(PERL)" "$(SRCDIR)\test\run_tests.pl" $(TESTS)
+	@{- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}
+	@$(ECHO) "Tests are not supported with your chosen Configure options"
+	@{- output_on() if !$disabled{tests}; "" -}
+
+list-tests:
+	@{- output_off() if $disabled{tests}; "" -}
+	@set SRCTOP=$(SRCDIR)
+	@"$(PERL)" "$(SRCDIR)\test\run_tests.pl" list
+	@{- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}
+	@$(ECHO) "Tests are not supported with your chosen Configure options"
+	@{- output_on() if !$disabled{tests}; "" -}
+
+install: install_sw install_ssldirs install_docs
+
+uninstall: uninstall_docs uninstall_sw
+
+libclean:
+	"$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """{.,apps,test,fuzz}/$$1.*"""; } @ARGV" $(SHLIBS)
+	-del /Q /F $(LIBS) libcrypto.* libssl.* ossl_static.pdb
+
+clean: libclean
+	{- join("\n\t", map { "-del /Q /F $_" } @PROGRAMS) -}
+	-del /Q /F $(ENGINES)
+	-del /Q /F $(SCRIPTS)
+	-del /Q /F $(GENERATED_MANDATORY)
+	-del /Q /F $(GENERATED)
+	-del /Q /S /F *.d *.obj *.pdb *.ilk *.manifest
+	-del /Q /S /F engines\*.lib engines\*.exp
+	-del /Q /S /F apps\*.lib apps\*.rc apps\*.res apps\*.exp
+	-del /Q /S /F test\*.exp
+	-rmdir /Q /S test\test-runs
+
+distclean: clean
+	-del /Q /F configdata.pm
+	-del /Q /F makefile
+
+depend:
+	@ {- output_off() if $disabled{makedepend}; "" -}
+	@ "$(PERL)" "$(SRCDIR)\util\add-depends.pl" "VC"
+	@ {- output_on() if $disabled{makedepend}; "" -}
+
+# Install helper targets #############################################
+
+install_sw: install_dev install_engines install_runtime
+
+uninstall_sw: uninstall_runtime uninstall_engines uninstall_dev
+
+install_docs: install_html_docs
+
+uninstall_docs: uninstall_html_docs
+
+install_ssldirs:
+	@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(OPENSSLDIR)\certs"
+	@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(OPENSSLDIR)\private"
+	@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(OPENSSLDIR)\misc"
+	@"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\apps\openssl.cnf" \
+                                        "$(OPENSSLDIR)\openssl.cnf.dist"
+	@IF NOT EXIST "$(OPENSSLDIR)\openssl.cnf" \
+         "$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\apps\openssl.cnf" \
+                                        "$(OPENSSLDIR)\openssl.cnf"
+	@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(MISC_SCRIPTS) \
+                                        "$(OPENSSLDIR)\misc"
+	@"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\apps\ct_log_list.cnf" \
+                                        "$(OPENSSLDIR)\ct_log_list.cnf.dist"
+	@IF NOT EXIST "$(OPENSSLDIR)\ct_log_list.cnf" \
+         "$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\apps\ct_log_list.cnf" \
+                                        "$(OPENSSLDIR)\ct_log_list.cnf"
+
+install_dev: install_runtime_libs
+	@if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 )
+	@$(ECHO) "*** Installing development files"
+	@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\include\openssl"
+	@{- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "" -}
+	@"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\ms\applink.c" \
+				       "$(INSTALLTOP)\include\openssl"
+	@{- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "" -}
+	@"$(PERL)" "$(SRCDIR)\util\copy.pl" "-exclude_re=/__DECC_" \
+				       "$(SRCDIR)\include\openssl\*.h" \
+				       "$(INSTALLTOP)\include\openssl"
+	@"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(BLDDIR)\include\openssl\*.h" \
+				       "$(INSTALLTOP)\include\openssl"
+	@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(libdir)"
+	@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_LIBS) "$(libdir)"
+	@if "$(SHLIBS)"=="" \
+	 "$(PERL)" "$(SRCDIR)\util\copy.pl" ossl_static.pdb "$(libdir)"
+
+uninstall_dev:
+
+install_engines: install_runtime_libs build_engines
+	@if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 )
+	@$(ECHO) "*** Installing engines"
+	@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(ENGINESDIR)"
+	@if not "$(ENGINES)"=="" \
+	 "$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_ENGINES) "$(ENGINESDIR)"
+	@if not "$(ENGINES)"=="" \
+	 "$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_ENGINEPDBS) "$(ENGINESDIR)"
+
+uninstall_engines:
+
+install_runtime: install_programs
+
+install_runtime_libs: build_libs
+	@if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 )
+	@$(ECHO) "*** Installing runtime libraries"
+	@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\bin"
+	@if not "$(SHLIBS)"=="" \
+	 "$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_SHLIBS) "$(INSTALLTOP)\bin"
+	@if not "$(SHLIBS)"=="" \
+	 "$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_SHLIBPDBS) \
+                                        "$(INSTALLTOP)\bin"
+
+install_programs: install_runtime_libs build_programs
+	@if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 )
+	@$(ECHO) "*** Installing runtime programs"
+	@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\bin"
+	@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_PROGRAMS) \
+                                        "$(INSTALLTOP)\bin"
+	@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_PROGRAMPDBS) \
+                                        "$(INSTALLTOP)\bin"
+	@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(BIN_SCRIPTS) \
+                                        "$(INSTALLTOP)\bin"
+
+uninstall_runtime:
+
+install_html_docs:
+        "$(PERL)" "$(SRCDIR)\util\process_docs.pl" \
+                "--destdir=$(INSTALLTOP)\html" --type=html
+
+uninstall_html_docs:
+
+# Building targets ###################################################
+
+configdata.pm: "$(SRCDIR)\Configure" {- join(" ", map { '"'.$_.'"' } @{$config{build_file_templates}}, @{$config{build_infos}}, @{$config{conf_files}}) -}
+	@$(ECHO) "Detected changed: $?"
+	"$(PERL)" configdata.pm -r
+	@$(ECHO) "**************************************************"
+	@$(ECHO) "***                                            ***"
+	@$(ECHO) "***   Please run the same make command again   ***"
+	@$(ECHO) "***                                            ***"
+	@$(ECHO) "**************************************************"
+	@exit 1
+
+reconfigure reconf:
+	"$(PERL)" configdata.pm -r
+
+{-
+ use File::Basename;
+ use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs/;
+
+ # Helper function to figure out dependencies on libraries
+ # It takes a list of library names and outputs a list of dependencies
+ sub compute_lib_depends {
+     if ($disabled{shared}) {
+	 return map { lib($_) } @_;
+     }
+     return map { shlib_import($_) or lib($_) } @_;
+ }
+
+  sub generatesrc {
+      my %args = @_;
+      (my $target = $args{src}) =~ s/\.[sS]$/.asm/;
+      my ($gen0, @gens) = @{$args{generator}};
+      my $generator = '"'.$gen0.'"'.join('', map { " $_" } @gens);
+      my $generator_incs = join("", map { " -I \"$_\"" } @{$args{generator_incs}});
+      my $incs = join("", map { " /I \"$_\"" } @{$args{incs}});
+      my $deps = @{$args{deps}} ?
+          '"'.join('" "', @{$args{generator_deps}}, @{$args{deps}}).'"' : '';
+
+      if ($target !~ /\.asm$/) {
+          if ($args{generator}->[0] =~ m|^.*\.in$|) {
+              my $dofile = abs2rel(rel2abs(catfile($config{sourcedir},
+                                                   "util", "dofile.pl")),
+                                   rel2abs($config{builddir}));
+              return <<"EOF";
+$target: "$args{generator}->[0]" $deps
+	"\$(PERL)" "-I\$(BLDDIR)" -Mconfigdata "$dofile" \\
+	    "-o$target{build_file}" $generator > \$@
+EOF
+	  } else {
+              return <<"EOF";
+$target: "$args{generator}->[0]" $deps
+	"\$(PERL)"$generator_incs $generator > \$@
+EOF
+	  }
+      } else {
+          if ($args{generator}->[0] =~ /\.pl$/) {
+              $generator = '"$(PERL)"'.$generator_incs.' '.$generator;
+          } elsif ($args{generator}->[0] =~ /\.S$/) {
+              $generator = undef;
+          } else {
+              die "Generator type for $src unknown: $generator\n";
+          }
+
+          my $cppflags = $incs;
+          $cppflags .= {
+              lib => ' $(LIB_CFLAGS) $(LIB_CPPFLAGS)',
+              dso => ' $(DSO_CFLAGS) $(DSO_CPPFLAGS)',
+              bin => ' $(BIN_CFLAGS) $(BIN_CPPFLAGS)'
+          } -> {$args{intent}};
+          if (defined($generator)) {
+              # If the target is named foo.S in build.info, we want to
+              # end up generating foo.s in two steps.
+              if ($args{src} =~ /\.S$/) {
+                   return <<"EOF";
+$target: "$args{generator}->[0]" $deps
+	set ASM=\$(AS)
+	$generator \$@.S
+	\$(CPP) $cppflags \$@.S > \$@.i && move /Y \$@.i \$@
+        del /Q \$@.S
+EOF
+              }
+              # Otherwise....
+              return <<"EOF";
+$target: "$args{generator}->[0]" $deps
+	set ASM=\$(AS)
+	$generator \$@
+EOF
+          }
+          return <<"EOF";
+$target: "$args{generator}->[0]" $deps
+	\$(CPP) $incs $cppflags "$args{generator}->[0]" > \$@.i && move /Y \$@.i \$@
+EOF
+      }
+  }
+
+ sub src2obj {
+     my %args = @_;
+     my @srcs = map { (my $x = $_) =~ s/\.s$/.asm/; $x
+                    } ( @{$args{srcs}} );
+     my $srcs = '"'.join('" "',  @srcs).'"';
+     my $deps = '"'.join('" "', @srcs, @{$args{deps}}).'"';
+     my $incs = join("", map { ' /I "'.$_.'"' } @{$args{incs}});
+     my $cflags = { lib => ' $(LIB_CFLAGS)',
+		    dso => ' $(DSO_CFLAGS)',
+		    bin => ' $(BIN_CFLAGS)' } -> {$args{intent}};
+     $cflags .= $incs;
+     $cflags .= { lib => ' $(LIB_CPPFLAGS)',
+		  dso => ' $(DSO_CPPFLAGS)',
+		  bin => ' $(BIN_CPPFLAGS)' } -> {$args{intent}};
+     my $asflags = { lib => ' $(LIB_ASFLAGS)',
+		     dso => ' $(DSO_ASFLAGS)',
+		     bin => ' $(BIN_ASFLAGS)' } -> {$args{intent}};
+     my $makedepprog = $config{makedepprog};
+     if ($srcs[0] =~ /\.rc$/) {
+         return <<"EOF";
+$args{obj}: $deps
+	\$(RC) \$(RCOUTFLAG)\$\@ $srcs
+EOF
+     }
+     (my $obj = $args{obj}) =~ s|\.o$||;
+     if ($srcs[0] =~ /\.asm$/) {
+         return <<"EOF";
+$obj$objext: $deps
+	\$(AS) $asflags \$(ASOUTFLAG)\$\@ $srcs
+EOF
+     } elsif ($srcs[0] =~ /.S$/) {
+         return <<"EOF";
+$obj$objext: $deps
+	\$(CC) /EP /D__ASSEMBLER__ $cflags $srcs > \$@.asm && \$(AS) $asflags \$(ASOUTFLAG)\$\@ \$@.asm
+EOF
+     }
+     my $recipe = <<"EOF";
+$obj$objext: $deps
+	\$(CC) $cflags -c \$(COUTFLAG)\$\@ $srcs
+EOF
+     $recipe .= <<"EOF"	unless $disabled{makedepend};
+	\$(CC) $cflags /Zs /showIncludes $srcs 2>&1 > $obj$depext
+EOF
+     return $recipe;
+ }
+
+ # We *know* this routine is only called when we've configure 'shared'.
+ # Also, note that even though the import library built here looks like
+ # a static library, it really isn't.
+ sub libobj2shlib {
+     my %args = @_;
+     my $lib = $args{lib};
+     my @objs = map { (my $x = $_) =~ s|\.o$|$objext|; $x }
+                grep { $_ =~ m/\.(?:o|res)$/ }
+                @{$args{objs}};
+     my @defs = grep { $_ =~ /\.def$/ } @{$args{objs}};
+     my @deps = compute_lib_depends(@{$args{deps}});
+     die "More than one exported symbols list" if scalar @defs > 1;
+     my $linklibs = join("", map { "$_\n" } @deps);
+     my $objs = join("\n", @objs);
+     my $deps = join(" ", @objs, @defs, @deps);
+     my $import = shlib_import($lib);
+     my $dll =  shlib($lib);
+     my $shared_def = join("", map { " /def:$_" } @defs);
+     return <<"EOF"
+# The import library may look like a static library, but it is not.
+# We MUST make the import library depend on the DLL, in case someone
+# mistakenly removes the latter.
+$import: $dll
+$dll: $deps
+	IF EXIST $full.manifest DEL /F /Q $full.manifest
+	IF EXIST \$@ DEL /F /Q \$@
+	\$(LD) \$(LDFLAGS) \$(LIB_LDFLAGS) \\
+		/implib:$import \$(LDOUTFLAG)$dll$shared_def @<< || (DEL /Q \$(\@B).* $import && EXIT 1)
+$objs
+$linklibs\$(LIB_EX_LIBS)
+<<
+	IF EXIST $dll.manifest \\
+	   \$(MT) \$(MTFLAGS) \$(MTINFLAG)$dll.manifest \$(MTOUTFLAG)$dll
+	IF EXIST apps\\$dll DEL /Q /F apps\\$dll
+	IF EXIST test\\$dll DEL /Q /F test\\$dll
+	IF EXIST fuzz\\$dll DEL /Q /F fuzz\\$dll
+	COPY $dll apps
+	COPY $dll test
+	COPY $dll fuzz
+EOF
+ }
+ sub obj2dso {
+     my %args = @_;
+     my $dso = $args{lib};
+     my $dso_n = basename($dso);
+     my @objs = map { (my $x = $_) =~ s|\.o$|$objext|; $x } @{$args{objs}};
+     my @deps = compute_lib_depends(@{$args{deps}});
+     my $objs = join("\n", @objs);
+     my $linklibs = join("", map { "$_\n" } @deps);
+     my $deps = join(" ", @objs, @deps);
+     return <<"EOF";
+$dso$dsoext: $deps
+	IF EXIST $dso$dsoext.manifest DEL /F /Q $dso$dsoext.manifest
+	\$(LD) \$(LDFLAGS) \$(DSO_LDFLAGS) \$(LDOUTFLAG)$dso$dsoext /def:<< @<<
+LIBRARY         $dso_n
+EXPORTS
+    bind_engine		@1
+    v_check		@2
+<<
+$objs
+$linklibs \$(DSO_EX_LIBS)
+<<
+	IF EXIST $dso$dsoext.manifest \\
+	   \$(MT) \$(MTFLAGS) \$(MTINFLAG)$dso$dsoext.manifest \$(MTOUTFLAG)$dso$dsoext
+EOF
+ }
+ sub obj2lib {
+     my %args = @_;
+     my $lib = lib($args{lib});
+     my @objs = map { (my $x = $_) =~ s|\.o$|$objext|; $x } @{$args{objs}};
+     my $objs = join("\n", @objs);
+     my $deps = join(" ", @objs);
+     return <<"EOF";
+$lib: $deps
+	\$(AR) \$(ARFLAGS) \$(AROUTFLAG)$lib @<<
+$objs
+<<
+EOF
+ }
+ sub obj2bin {
+     my %args = @_;
+     my $bin = $args{bin};
+     my @objs = map { (my $x = $_) =~ s|\.o$|$objext|; $x } @{$args{objs}};
+     my @deps = compute_lib_depends(@{$args{deps}});
+     my $objs = join("\n", @objs);
+     my $linklibs = join("", map { "$_\n" } @deps);
+     my $deps = join(" ", @objs, @deps);
+     return <<"EOF";
+$bin$exeext: $deps
+	IF EXIST $bin$exeext.manifest DEL /F /Q $bin$exeext.manifest
+	\$(LD) \$(LDFLAGS) \$(BIN_LDFLAGS) \$(LDOUTFLAG)$bin$exeext @<<
+$objs
+setargv.obj
+$linklibs\$(BIN_EX_LIBS)
+<<
+	IF EXIST $bin$exeext.manifest \\
+	   \$(MT) \$(MTFLAGS) \$(MTINFLAG)$bin$exeext.manifest \$(MTOUTFLAG)$bin$exeext
+EOF
+  }
+  sub in2script {
+      my %args = @_;
+      my $script = $args{script};
+      my $sources = '"'.join('" "', @{$args{sources}}).'"';
+      my $dofile = abs2rel(rel2abs(catfile($config{sourcedir},
+                                           "util", "dofile.pl")),
+                           rel2abs($config{builddir}));
+      return <<"EOF";
+$script: $sources
+	"\$(PERL)" "-I\$(BLDDIR)" -Mconfigdata "$dofile" \\
+	    "-o$target{build_file}" $sources > "$script"
+EOF
+  }
+  sub generatedir {
+      my %args = @_;
+      my $dir = $args{dir};
+      my @deps = map { s|\.o$|$objext|; $_ } @{$args{deps}};
+      my @actions = ();
+      my %extinfo = ( dso => $dsoext,
+                      lib => $libext,
+                      bin => $exeext );
+
+      # We already have a 'test' target, and the top directory is just plain
+      # silly
+      return if $dir eq "test" || $dir eq ".";
+
+      foreach my $type (("dso", "lib", "bin", "script")) {
+          next unless defined($unified_info{dirinfo}->{$dir}->{products}->{$type});
+          # For lib object files, we could update the library.  However,
+          # LIB on Windows doesn't work that way, so we won't create any
+          # actions for it, and the dependencies are already taken care of.
+          if ($type ne "lib") {
+              foreach my $prod (@{$unified_info{dirinfo}->{$dir}->{products}->{$type}}) {
+                  if (dirname($prod) eq $dir) {
+                      push @deps, $prod.$extinfo{$type};
+                  }
+              }
+          }
+      }
+
+      my $deps = join(" ", @deps);
+      my $actions = join("\n", "", @actions);
+      return <<"EOF";
+$dir $dir\\ : $deps$actions
+EOF
+  }
+  ""    # Important!  This becomes part of the template result.
+-}
diff --git a/trunk/3rdparty/openssl-1.1-fit/Configure b/trunk/3rdparty/openssl-1.1-fit/Configure
new file mode 100755
index 000000000..608012225
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/Configure
@@ -0,0 +1,3519 @@
+#! /usr/bin/env perl
+# -*- mode: perl; -*-
+# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+##  Configure -- OpenSSL source tree configuration script
+
+use 5.10.0;
+use strict;
+use Config;
+use FindBin;
+use lib "$FindBin::Bin/util/perl";
+use File::Basename;
+use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs/;
+use File::Path qw/mkpath/;
+use OpenSSL::Glob;
+
+# see INSTALL for instructions.
+
+my $orig_death_handler = $SIG{__DIE__};
+$SIG{__DIE__} = \&death_handler;
+
+my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
+
+# Options:
+#
+# --config      add the given configuration file, which will be read after
+#               any "Configurations*" files that are found in the same
+#               directory as this script.
+# --prefix      prefix for the OpenSSL installation, which includes the
+#               directories bin, lib, include, share/man, share/doc/openssl
+#               This becomes the value of INSTALLTOP in Makefile
+#               (Default: /usr/local)
+# --openssldir  OpenSSL data area, such as openssl.cnf, certificates and keys.
+#               If it's a relative directory, it will be added on the directory
+#               given with --prefix.
+#               This becomes the value of OPENSSLDIR in Makefile and in C.
+#               (Default: PREFIX/ssl)
+#
+# --cross-compile-prefix Add specified prefix to binutils components.
+#
+# --api         One of 0.9.8, 1.0.0 or 1.1.0.  Do not compile support for
+#               interfaces deprecated as of the specified OpenSSL version.
+#
+# no-hw-xxx     do not compile support for specific crypto hardware.
+#               Generic OpenSSL-style methods relating to this support
+#               are always compiled but return NULL if the hardware
+#               support isn't compiled.
+# no-hw         do not compile support for any crypto hardware.
+# [no-]threads  [don't] try to create a library that is suitable for
+#               multithreaded applications (default is "threads" if we
+#               know how to do it)
+# [no-]shared	[don't] try to create shared libraries when supported.
+# [no-]pic      [don't] try to build position independent code when supported.
+#               If disabled, it also disables shared and dynamic-engine.
+# no-asm        do not use assembler
+# no-dso        do not compile in any native shared-library methods. This
+#               will ensure that all methods just return NULL.
+# no-egd        do not compile support for the entropy-gathering daemon APIs
+# [no-]zlib     [don't] compile support for zlib compression.
+# zlib-dynamic	Like "zlib", but the zlib library is expected to be a shared
+#		library and will be loaded in run-time by the OpenSSL library.
+# sctp          include SCTP support
+# enable-weak-ssl-ciphers
+#               Enable weak ciphers that are disabled by default.
+# 386           generate 80386 code in assembly modules
+# no-sse2       disables IA-32 SSE2 code in assembly modules, the above
+#               mentioned '386' option implies this one
+# no-<cipher>   build without specified algorithm (rsa, idea, rc5, ...)
+# -<xxx> +<xxx> compiler options are passed through
+# -static       while -static is also a pass-through compiler option (and
+#               as such is limited to environments where it's actually
+#               meaningful), it triggers a number configuration options,
+#               namely no-dso, no-pic, no-shared and no-threads. It is
+#               argued that the only reason to produce statically linked
+#               binaries (and in context it means executables linked with
+#               -static flag, and not just executables linked with static
+#               libcrypto.a) is to eliminate dependency on specific run-time,
+#               a.k.a. libc version. The mentioned config options are meant
+#               to achieve just that. Unfortunately on Linux it's impossible
+#               to eliminate the dependency completely for openssl executable
+#               because of getaddrinfo and gethostbyname calls, which can
+#               invoke dynamically loadable library facility anyway to meet
+#               the lookup requests. For this reason on Linux statically
+#               linked openssl executable has rather debugging value than
+#               production quality.
+#
+# DEBUG_SAFESTACK use type-safe stacks to enforce type-safety on stack items
+#		provided to stack calls. Generates unique stack functions for
+#		each possible stack type.
+# BN_LLONG	use the type 'long long' in crypto/bn/bn.h
+# RC4_CHAR	use 'char' instead of 'int' for RC4_INT in crypto/rc4/rc4.h
+# Following are set automatically by this script
+#
+# MD5_ASM	use some extra md5 assembler,
+# SHA1_ASM	use some extra sha1 assembler, must define L_ENDIAN for x86
+# RMD160_ASM	use some extra ripemd160 assembler,
+# SHA256_ASM	sha256_block is implemented in assembler
+# SHA512_ASM	sha512_block is implemented in assembler
+# AES_ASM	AES_[en|de]crypt is implemented in assembler
+
+# Minimum warning options... any contributions to OpenSSL should at least get
+# past these.
+
+# DEBUG_UNUSED enables __owur (warn unused result) checks.
+# -DPEDANTIC complements -pedantic and is meant to mask code that
+# is not strictly standard-compliant and/or implementation-specific,
+# e.g. inline assembly, disregards to alignment requirements, such
+# that -pedantic would complain about. Incidentally -DPEDANTIC has
+# to be used even in sanitized builds, because sanitizer too is
+# supposed to and does take notice of non-standard behaviour. Then
+# -pedantic with pre-C9x compiler would also complain about 'long
+# long' not being supported. As 64-bit algorithms are common now,
+# it grew impossible to resolve this without sizeable additional
+# code, so we just tell compiler to be pedantic about everything
+# but 'long long' type.
+
+my $gcc_devteam_warn = "-DDEBUG_UNUSED"
+        . " -DPEDANTIC -pedantic -Wno-long-long"
+        . " -Wall"
+        . " -Wextra"
+        . " -Wno-unused-parameter"
+        . " -Wno-missing-field-initializers"
+        . " -Wswitch"
+        . " -Wsign-compare"
+        . " -Wmissing-prototypes"
+        . " -Wstrict-prototypes"
+        . " -Wshadow"
+        . " -Wformat"
+        . " -Wtype-limits"
+        . " -Wundef"
+        . " -Werror"
+        ;
+
+# These are used in addition to $gcc_devteam_warn when the compiler is clang.
+# TODO(openssl-team): fix problems and investigate if (at least) the
+# following warnings can also be enabled:
+#       -Wcast-align
+#       -Wunreachable-code -- no, too ugly/compiler-specific
+#       -Wlanguage-extension-token -- no, we use asm()
+#       -Wunused-macros -- no, too tricky for BN and _XOPEN_SOURCE etc
+#       -Wextended-offsetof -- no, needed in CMS ASN1 code
+#       -Wunused-function -- no, it forces header use of safestack et al
+#                            DEFINE macros
+my $clang_devteam_warn = ""
+        . " -Wswitch-default"
+        . " -Wno-parentheses-equality"
+        . " -Wno-language-extension-token"
+        . " -Wno-extended-offsetof"
+        . " -Wconditional-uninitialized"
+        . " -Wincompatible-pointer-types-discards-qualifiers"
+        . " -Wmissing-variable-declarations"
+        . " -Wno-unknown-warning-option"
+        . " -Wno-unused-function"
+        ;
+
+# This adds backtrace information to the memory leak info.  Is only used
+# when crypto-mdebug-backtrace is enabled.
+my $memleak_devteam_backtrace = "-rdynamic";
+
+my $strict_warnings = 0;
+
+# As for $BSDthreads. Idea is to maintain "collective" set of flags,
+# which would cover all BSD flavors. -pthread applies to them all,
+# but is treated differently. OpenBSD expands is as -D_POSIX_THREAD
+# -lc_r, which is sufficient. FreeBSD 4.x expands it as -lc_r,
+# which has to be accompanied by explicit -D_THREAD_SAFE and
+# sometimes -D_REENTRANT. FreeBSD 5.x expands it as -lc_r, which
+# seems to be sufficient?
+our $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT";
+
+#
+# API compatibility name to version number mapping.
+#
+my $maxapi = "1.1.0";           # API for "no-deprecated" builds
+my $apitable = {
+    "1.1.0" => "0x10100000L",
+    "1.0.0" => "0x10000000L",
+    "0.9.8" => "0x00908000L",
+};
+
+our %table = ();
+our %config = ();
+our %withargs = ();
+our $now_printing;      # set to current entry's name in print_table_entry
+                        # (todo: right thing would be to encapsulate name
+                        # into %target [class] and make print_table_entry
+                        # a method)
+
+# Forward declarations ###############################################
+
+# read_config(filename)
+#
+# Reads a configuration file and populates %table with the contents
+# (which the configuration file places in %targets).
+sub read_config;
+
+# resolve_config(target)
+#
+# Resolves all the late evaluations, inheritances and so on for the
+# chosen target and any target it inherits from.
+sub resolve_config;
+
+
+# Information collection #############################################
+
+# Unified build supports separate build dir
+my $srcdir = catdir(absolutedir(dirname($0))); # catdir ensures local syntax
+my $blddir = catdir(absolutedir("."));         # catdir ensures local syntax
+my $dofile = abs2rel(catfile($srcdir, "util/dofile.pl"));
+
+my $local_config_envname = 'OPENSSL_LOCAL_CONFIG_DIR';
+
+$config{sourcedir} = abs2rel($srcdir);
+$config{builddir} = abs2rel($blddir);
+
+# Collect reconfiguration information if needed
+my @argvcopy=@ARGV;
+
+if (grep /^reconf(igure)?$/, @argvcopy) {
+    die "reconfiguring with other arguments present isn't supported"
+        if scalar @argvcopy > 1;
+    if (-f "./configdata.pm") {
+	my $file = "./configdata.pm";
+	unless (my $return = do $file) {
+	    die "couldn't parse $file: $@" if $@;
+            die "couldn't do $file: $!"    unless defined $return;
+            die "couldn't run $file"       unless $return;
+	}
+
+	@argvcopy = defined($configdata::config{perlargv}) ?
+	    @{$configdata::config{perlargv}} : ();
+	die "Incorrect data to reconfigure, please do a normal configuration\n"
+	    if (grep(/^reconf/,@argvcopy));
+	$config{perlenv} = $configdata::config{perlenv} // {};
+    } else {
+	die "Insufficient data to reconfigure, please do a normal configuration\n";
+    }
+}
+
+$config{perlargv} = [ @argvcopy ];
+
+# Collect version numbers
+$config{version} = "unknown";
+$config{version_num} = "unknown";
+$config{shlib_version_number} = "unknown";
+$config{shlib_version_history} = "unknown";
+
+collect_information(
+    collect_from_file(catfile($srcdir,'include/openssl/opensslv.h')),
+    qr/OPENSSL.VERSION.TEXT.*OpenSSL (\S+) / => sub { $config{version} = $1; },
+    qr/OPENSSL.VERSION.NUMBER.*(0x\S+)/	     => sub { $config{version_num}=$1 },
+    qr/SHLIB_VERSION_NUMBER *"([^"]+)"/	     => sub { $config{shlib_version_number}=$1 },
+    qr/SHLIB_VERSION_HISTORY *"([^"]*)"/     => sub { $config{shlib_version_history}=$1 }
+    );
+if ($config{shlib_version_history} ne "") { $config{shlib_version_history} .= ":"; }
+
+($config{major}, $config{minor})
+    = ($config{version} =~ /^([0-9]+)\.([0-9\.]+)/);
+($config{shlib_major}, $config{shlib_minor})
+    = ($config{shlib_version_number} =~ /^([0-9]+)\.([0-9\.]+)/);
+die "erroneous version information in opensslv.h: ",
+    "$config{major}, $config{minor}, $config{shlib_major}, $config{shlib_minor}\n"
+    if ($config{major} eq "" || $config{minor} eq ""
+	|| $config{shlib_major} eq "" ||  $config{shlib_minor} eq "");
+
+# Collect target configurations
+
+my $pattern = catfile(dirname($0), "Configurations", "*.conf");
+foreach (sort glob($pattern)) {
+    &read_config($_);
+}
+
+if (defined env($local_config_envname)) {
+    if ($^O eq 'VMS') {
+        # VMS environment variables are logical names,
+        # which can be used as is
+        $pattern = $local_config_envname . ':' . '*.conf';
+    } else {
+        $pattern = catfile(env($local_config_envname), '*.conf');
+    }
+
+    foreach (sort glob($pattern)) {
+        &read_config($_);
+    }
+}
+
+# Save away perl command information
+$config{perl_cmd} = $^X;
+$config{perl_version} = $Config{version};
+$config{perl_archname} = $Config{archname};
+
+$config{prefix}="";
+$config{openssldir}="";
+$config{processor}="";
+$config{libdir}="";
+my $auto_threads=1;    # enable threads automatically? true by default
+my $default_ranlib;
+
+# Top level directories to build
+$config{dirs} = [ "crypto", "ssl", "engines", "apps", "test", "util", "tools", "fuzz" ];
+# crypto/ subdirectories to build
+$config{sdirs} = [
+    "objects",
+    "md2", "md4", "md5", "sha", "mdc2", "hmac", "ripemd", "whrlpool", "poly1305", "blake2", "siphash", "sm3",
+    "des", "aes", "rc2", "rc4", "rc5", "idea", "aria", "bf", "cast", "camellia", "seed", "sm4", "chacha", "modes",
+    "bn", "ec", "rsa", "dsa", "dh", "sm2", "dso", "engine",
+    "buffer", "bio", "stack", "lhash", "rand", "err",
+    "evp", "asn1", "pem", "x509", "x509v3", "conf", "txt_db", "pkcs7", "pkcs12", "comp", "ocsp", "ui",
+    "cms", "ts", "srp", "cmac", "ct", "async", "kdf", "store"
+    ];
+# test/ subdirectories to build
+$config{tdirs} = [ "ossl_shim" ];
+
+# Known TLS and DTLS protocols
+my @tls = qw(ssl3 tls1 tls1_1 tls1_2 tls1_3);
+my @dtls = qw(dtls1 dtls1_2);
+
+# Explicitly known options that are possible to disable.  They can
+# be regexps, and will be used like this: /^no-${option}$/
+# For developers: keep it sorted alphabetically
+
+my @disablables = (
+    "afalgeng",
+    "aria",
+    "asan",
+    "asm",
+    "async",
+    "autoalginit",
+    "autoerrinit",
+    "autoload-config",
+    "bf",
+    "blake2",
+    "camellia",
+    "capieng",
+    "cast",
+    "chacha",
+    "cmac",
+    "cms",
+    "comp",
+    "crypto-mdebug",
+    "crypto-mdebug-backtrace",
+    "ct",
+    "deprecated",
+    "des",
+    "devcryptoeng",
+    "dgram",
+    "dh",
+    "dsa",
+    "dso",
+    "dtls",
+    "dynamic-engine",
+    "ec",
+    "ec2m",
+    "ecdh",
+    "ecdsa",
+    "ec_nistp_64_gcc_128",
+    "egd",
+    "engine",
+    "err",
+    "external-tests",
+    "filenames",
+    "fuzz-libfuzzer",
+    "fuzz-afl",
+    "gost",
+    "heartbeats",
+    "hw(-.+)?",
+    "idea",
+    "makedepend",
+    "md2",
+    "md4",
+    "mdc2",
+    "msan",
+    "multiblock",
+    "nextprotoneg",
+    "pinshared",
+    "ocb",
+    "ocsp",
+    "pic",
+    "poly1305",
+    "posix-io",
+    "psk",
+    "rc2",
+    "rc4",
+    "rc5",
+    "rdrand",
+    "rfc3779",
+    "rmd160",
+    "scrypt",
+    "sctp",
+    "seed",
+    "shared",
+    "siphash",
+    "sm2",
+    "sm3",
+    "sm4",
+    "sock",
+    "srp",
+    "srtp",
+    "sse2",
+    "ssl",
+    "ssl-trace",
+    "static-engine",
+    "stdio",
+    "tests",
+    "threads",
+    "tls",
+    "ts",
+    "ubsan",
+    "ui-console",
+    "unit-test",
+    "whirlpool",
+    "weak-ssl-ciphers",
+    "zlib",
+    "zlib-dynamic",
+    );
+foreach my $proto ((@tls, @dtls))
+	{
+	push(@disablables, $proto);
+	push(@disablables, "$proto-method") unless $proto eq "tls1_3";
+	}
+
+my %deprecated_disablables = (
+    "ssl2" => undef,
+    "buf-freelists" => undef,
+    "ripemd" => "rmd160",
+    "ui" => "ui-console",
+    );
+
+# All of the following are disabled by default:
+
+our %disabled = ( # "what"         => "comment"
+		  "asan"		=> "default",
+		  "crypto-mdebug"       => "default",
+		  "crypto-mdebug-backtrace" => "default",
+		  "devcryptoeng"	=> "default",
+		  "ec_nistp_64_gcc_128" => "default",
+		  "egd"                 => "default",
+		  "external-tests"	=> "default",
+		  "fuzz-libfuzzer"	=> "default",
+		  "fuzz-afl"		=> "default",
+		  "heartbeats"          => "default",
+		  "md2"                 => "default",
+                  "msan"                => "default",
+		  "rc5"                 => "default",
+		  "sctp"                => "default",
+		  "ssl-trace"           => "default",
+		  "ssl3"                => "default",
+		  "ssl3-method"         => "default",
+                  "ubsan"		=> "default",
+		  "unit-test"           => "default",
+		  "weak-ssl-ciphers"    => "default",
+		  "zlib"                => "default",
+		  "zlib-dynamic"        => "default",
+		);
+
+# Note: => pair form used for aesthetics, not to truly make a hash table
+my @disable_cascades = (
+    # "what"		=> [ "cascade", ... ]
+    sub { $config{processor} eq "386" }
+			=> [ "sse2" ],
+    "ssl"		=> [ "ssl3" ],
+    "ssl3-method"	=> [ "ssl3" ],
+    "zlib"		=> [ "zlib-dynamic" ],
+    "des"		=> [ "mdc2" ],
+    "ec"		=> [ "ecdsa", "ecdh" ],
+
+    "dgram"		=> [ "dtls", "sctp" ],
+    "sock"		=> [ "dgram" ],
+    "dtls"		=> [ @dtls ],
+    sub { 0 == scalar grep { !$disabled{$_} } @dtls }
+			=> [ "dtls" ],
+
+    "tls"		=> [ @tls ],
+    sub { 0 == scalar grep { !$disabled{$_} } @tls }
+			=> [ "tls" ],
+
+    "crypto-mdebug"     => [ "crypto-mdebug-backtrace" ],
+
+    # Without DSO, we can't load dynamic engines, so don't build them dynamic
+    "dso"               => [ "dynamic-engine" ],
+
+    # Without position independent code, there can be no shared libraries or DSOs
+    "pic"               => [ "shared" ],
+    "shared"            => [ "dynamic-engine" ],
+    "engine"            => [ "afalgeng", "devcryptoeng" ],
+
+    # no-autoalginit is only useful when building non-shared
+    "autoalginit"       => [ "shared", "apps" ],
+
+    "stdio"             => [ "apps", "capieng", "egd" ],
+    "apps"              => [ "tests" ],
+    "tests"             => [ "external-tests" ],
+    "comp"              => [ "zlib" ],
+    "ec"                => [ "tls1_3", "sm2" ],
+    "sm3"               => [ "sm2" ],
+    sub { !$disabled{"unit-test"} } => [ "heartbeats" ],
+
+    sub { !$disabled{"msan"} } => [ "asm" ],
+    );
+
+# Avoid protocol support holes.  Also disable all versions below N, if version
+# N is disabled while N+1 is enabled.
+#
+my @list = (reverse @tls);
+while ((my $first, my $second) = (shift @list, shift @list)) {
+    last unless @list;
+    push @disable_cascades, ( sub { !$disabled{$first} && $disabled{$second} }
+			      => [ @list ] );
+    unshift @list, $second;
+}
+my @list = (reverse @dtls);
+while ((my $first, my $second) = (shift @list, shift @list)) {
+    last unless @list;
+    push @disable_cascades, ( sub { !$disabled{$first} && $disabled{$second} }
+			      => [ @list ] );
+    unshift @list, $second;
+}
+
+# Explicit "no-..." options will be collected in %disabled along with the defaults.
+# To remove something from %disabled, use "enable-foo".
+# For symmetry, "disable-foo" is a synonym for "no-foo".
+
+&usage if ($#ARGV < 0);
+
+# For the "make variables" CINCLUDES and CDEFINES, we support lists with
+# platform specific list separators.  Users from those platforms should
+# recognise those separators from how you set up the PATH to find executables.
+# The default is the Unix like separator, :, but as an exception, we also
+# support the space as separator.
+my $list_separator_re =
+    { VMS           => qr/(?<!\^),/,
+      MSWin32       => qr/(?<!\\);/ } -> {$^O} // qr/(?<!\\)[:\s]/;
+# All the "make variables" we support
+# Some get pre-populated for the sake of backward compatibility
+# (we supported those before the change to "make variable" support.
+my %user = (
+    AR          => env('AR'),
+    ARFLAGS     => [],
+    AS          => undef,
+    ASFLAGS     => [],
+    CC          => env('CC'),
+    CFLAGS      => [],
+    CXX         => env('CXX'),
+    CXXFLAGS    => [],
+    CPP         => undef,
+    CPPFLAGS    => [],  # -D, -I, -Wp,
+    CPPDEFINES  => [],  # Alternative for -D
+    CPPINCLUDES => [],  # Alternative for -I
+    CROSS_COMPILE => env('CROSS_COMPILE'),
+    HASHBANGPERL=> env('HASHBANGPERL') || env('PERL'),
+    LD          => undef,
+    LDFLAGS     => [],  # -L, -Wl,
+    LDLIBS      => [],  # -l
+    MT          => undef,
+    MTFLAGS     => [],
+    PERL        => env('PERL') || ($^O ne "VMS" ? $^X : "perl"),
+    RANLIB      => env('RANLIB'),
+    RC          => env('RC') || env('WINDRES'),
+    RCFLAGS     => [],
+    RM          => undef,
+   );
+# Info about what "make variables" may be prefixed with the cross compiler
+# prefix.  This should NEVER mention any such variable with a list for value.
+my @user_crossable = qw ( AR AS CC CXX CPP LD MT RANLIB RC );
+# The same but for flags given as Configure options.  These are *additional*
+# input, as opposed to the VAR=string option that override the corresponding
+# config target attributes
+my %useradd = (
+    CPPDEFINES  => [],
+    CPPINCLUDES => [],
+    CPPFLAGS    => [],
+    CFLAGS      => [],
+    CXXFLAGS    => [],
+    LDFLAGS     => [],
+    LDLIBS      => [],
+   );
+
+my %user_synonyms = (
+    HASHBANGPERL=> 'PERL',
+    RC          => 'WINDRES',
+   );
+
+# Some target attributes have been renamed, this is the translation table
+my %target_attr_translate =(
+    ar          => 'AR',
+    as          => 'AS',
+    cc          => 'CC',
+    cxx         => 'CXX',
+    cpp         => 'CPP',
+    hashbangperl => 'HASHBANGPERL',
+    ld          => 'LD',
+    mt          => 'MT',
+    ranlib      => 'RANLIB',
+    rc          => 'RC',
+    rm          => 'RM',
+   );
+
+# Initialisers coming from 'config' scripts
+$config{defines} = [ split(/$list_separator_re/, env('__CNF_CPPDEFINES')) ];
+$config{includes} = [ split(/$list_separator_re/, env('__CNF_CPPINCLUDES')) ];
+$config{cppflags} = [ env('__CNF_CPPFLAGS') || () ];
+$config{cflags} = [ env('__CNF_CFLAGS') || () ];
+$config{cxxflags} = [ env('__CNF_CXXFLAGS') || () ];
+$config{lflags} = [ env('__CNF_LDFLAGS') || () ];
+$config{ex_libs} = [ env('__CNF_LDLIBS') || () ];
+
+$config{openssl_api_defines}=[];
+$config{openssl_algorithm_defines}=[];
+$config{openssl_thread_defines}=[];
+$config{openssl_sys_defines}=[];
+$config{openssl_other_defines}=[];
+$config{options}="";
+$config{build_type} = "release";
+my $target="";
+
+my %cmdvars = ();               # Stores FOO='blah' type arguments
+my %unsupported_options = ();
+my %deprecated_options = ();
+# If you change this, update apps/version.c
+my @known_seed_sources = qw(getrandom devrandom os egd none rdcpu librandom);
+my @seed_sources = ();
+while (@argvcopy)
+	{
+	$_ = shift @argvcopy;
+
+	# Support env variable assignments among the options
+	if (m|^(\w+)=(.+)?$|)
+		{
+		$cmdvars{$1} = $2;
+		# Every time a variable is given as a configuration argument,
+		# it acts as a reset if the variable.
+		if (exists $user{$1})
+			{
+			$user{$1} = ref $user{$1} eq "ARRAY" ? [] : undef;
+			}
+		#if (exists $useradd{$1})
+		#	{
+		#	$useradd{$1} = [];
+		#	}
+		next;
+		}
+
+	# VMS is a case insensitive environment, and depending on settings
+	# out of our control, we may receive options uppercased.  Let's
+	# downcase at least the part before any equal sign.
+	if ($^O eq "VMS")
+		{
+		s/^([^=]*)/lc($1)/e;
+		}
+
+	# some people just can't read the instructions, clang people have to...
+	s/^-no-(?!integrated-as)/no-/;
+
+	# rewrite some options in "enable-..." form
+	s /^-?-?shared$/enable-shared/;
+	s /^sctp$/enable-sctp/;
+	s /^threads$/enable-threads/;
+	s /^zlib$/enable-zlib/;
+	s /^zlib-dynamic$/enable-zlib-dynamic/;
+
+        if (/^(no|disable|enable)-(.+)$/)
+                {
+                my $word = $2;
+                if (!exists $deprecated_disablables{$word}
+                        && !grep { $word =~ /^${_}$/ } @disablables)
+                        {
+                        $unsupported_options{$_} = 1;
+                        next;
+                        }
+                }
+        if (/^no-(.+)$/ || /^disable-(.+)$/)
+                {
+                foreach my $proto ((@tls, @dtls))
+                        {
+                        if ($1 eq "$proto-method")
+                                {
+                                $disabled{"$proto"} = "option($proto-method)";
+                                last;
+                                }
+                        }
+                if ($1 eq "dtls")
+                        {
+                        foreach my $proto (@dtls)
+                                {
+                                $disabled{$proto} = "option(dtls)";
+                                }
+                        $disabled{"dtls"} = "option(dtls)";
+                        }
+                elsif ($1 eq "ssl")
+                        {
+                        # Last one of its kind
+                        $disabled{"ssl3"} = "option(ssl)";
+                        }
+                elsif ($1 eq "tls")
+                        {
+                        # XXX: Tests will fail if all SSL/TLS
+                        # protocols are disabled.
+                        foreach my $proto (@tls)
+                                {
+                                $disabled{$proto} = "option(tls)";
+                                }
+                        }
+                elsif ($1 eq "static-engine")
+                        {
+                        delete $disabled{"dynamic-engine"};
+                        }
+                elsif ($1 eq "dynamic-engine")
+                        {
+                        $disabled{"dynamic-engine"} = "option";
+                        }
+                elsif (exists $deprecated_disablables{$1})
+                        {
+                        $deprecated_options{$_} = 1;
+                        if (defined $deprecated_disablables{$1})
+                                {
+                                $disabled{$deprecated_disablables{$1}} = "option";
+                                }
+                        }
+                else
+                        {
+                        $disabled{$1} = "option";
+                        }
+		# No longer an automatic choice
+		$auto_threads = 0 if ($1 eq "threads");
+		}
+	elsif (/^enable-(.+)$/)
+		{
+                if ($1 eq "static-engine")
+                        {
+                        $disabled{"dynamic-engine"} = "option";
+                        }
+                elsif ($1 eq "dynamic-engine")
+                        {
+                        delete $disabled{"dynamic-engine"};
+                        }
+                elsif ($1 eq "zlib-dynamic")
+                        {
+                        delete $disabled{"zlib"};
+                        }
+		my $algo = $1;
+		delete $disabled{$algo};
+
+		# No longer an automatic choice
+		$auto_threads = 0 if ($1 eq "threads");
+		}
+	elsif (/^--strict-warnings$/)
+		{
+		$strict_warnings = 1;
+		}
+	elsif (/^--debug$/)
+		{
+		$config{build_type} = "debug";
+		}
+	elsif (/^--release$/)
+		{
+		$config{build_type} = "release";
+		}
+	elsif (/^386$/)
+		{ $config{processor}=386; }
+	elsif (/^fips$/)
+		{
+		die "FIPS mode not supported\n";
+		}
+	elsif (/^rsaref$/)
+		{
+		# No RSAref support any more since it's not needed.
+		# The check for the option is there so scripts aren't
+		# broken
+		}
+	elsif (/^nofipscanistercheck$/)
+		{
+		die "FIPS mode not supported\n";
+		}
+	elsif (/^[-+]/)
+		{
+		if (/^--prefix=(.*)$/)
+			{
+			$config{prefix}=$1;
+			die "Directory given with --prefix MUST be absolute\n"
+				unless file_name_is_absolute($config{prefix});
+			}
+		elsif (/^--api=(.*)$/)
+			{
+			$config{api}=$1;
+			}
+		elsif (/^--libdir=(.*)$/)
+			{
+			$config{libdir}=$1;
+			}
+		elsif (/^--openssldir=(.*)$/)
+			{
+			$config{openssldir}=$1;
+			}
+		elsif (/^--with-zlib-lib=(.*)$/)
+			{
+			$withargs{zlib_lib}=$1;
+			}
+		elsif (/^--with-zlib-include=(.*)$/)
+			{
+			$withargs{zlib_include}=$1;
+			}
+		elsif (/^--with-fuzzer-lib=(.*)$/)
+			{
+			$withargs{fuzzer_lib}=$1;
+			}
+		elsif (/^--with-fuzzer-include=(.*)$/)
+			{
+			$withargs{fuzzer_include}=$1;
+			}
+		elsif (/^--with-rand-seed=(.*)$/)
+			{
+			foreach my $x (split(m|,|, $1))
+			    {
+			    die "Unknown --with-rand-seed choice $x\n"
+				if ! grep { $x eq $_ } @known_seed_sources;
+			    push @seed_sources, $x;
+			    }
+                        }
+		elsif (/^--cross-compile-prefix=(.*)$/)
+			{
+			$user{CROSS_COMPILE}=$1;
+			}
+		elsif (/^--config=(.*)$/)
+			{
+			read_config $1;
+			}
+		elsif (/^-l(.*)$/)
+			{
+			push @{$useradd{LDLIBS}}, $_;
+			}
+		elsif (/^-framework$/)
+			{
+			push @{$useradd{LDLIBS}}, $_, shift(@argvcopy);
+			}
+		elsif (/^-L(.*)$/ or /^-Wl,/)
+			{
+			push @{$useradd{LDFLAGS}}, $_;
+			}
+		elsif (/^-rpath$/ or /^-R$/)
+			# -rpath is the OSF1 rpath flag
+			# -R is the old Solaris rpath flag
+			{
+			my $rpath = shift(@argvcopy) || "";
+			$rpath .= " " if $rpath ne "";
+			push @{$useradd{LDFLAGS}}, $_, $rpath;
+			}
+		elsif (/^-static$/)
+			{
+			push @{$useradd{LDFLAGS}}, $_;
+			$disabled{"dso"} = "forced";
+			$disabled{"pic"} = "forced";
+			$disabled{"shared"} = "forced";
+			$disabled{"threads"} = "forced";
+			}
+		elsif (/^-D(.*)$/)
+			{
+			push @{$useradd{CPPDEFINES}}, $1;
+			}
+		elsif (/^-I(.*)$/)
+			{
+			push @{$useradd{CPPINCLUDES}}, $1;
+			}
+		elsif (/^-Wp,$/)
+			{
+			push @{$useradd{CPPFLAGS}}, $1;
+			}
+		else	# common if (/^[-+]/), just pass down...
+			{
+			$_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei;
+			push @{$useradd{CFLAGS}}, $_;
+			push @{$useradd{CXXFLAGS}}, $_;
+			}
+		}
+	else
+		{
+		die "target already defined - $target (offending arg: $_)\n" if ($target ne "");
+		$target=$_;
+		}
+	unless ($_ eq $target || /^no-/ || /^disable-/)
+		{
+		# "no-..." follows later after implied deactivations
+		# have been derived.  (Don't take this too seriously,
+		# we really only write OPTIONS to the Makefile out of
+		# nostalgia.)
+
+		if ($config{options} eq "")
+			{ $config{options} = $_; }
+		else
+			{ $config{options} .= " ".$_; }
+		}
+	}
+
+if (defined($config{api}) && !exists $apitable->{$config{api}}) {
+	die "***** Unsupported api compatibility level: $config{api}\n",
+}
+
+if (keys %deprecated_options)
+	{
+	warn "***** Deprecated options: ",
+		join(", ", keys %deprecated_options), "\n";
+	}
+if (keys %unsupported_options)
+	{
+	die "***** Unsupported options: ",
+		join(", ", keys %unsupported_options), "\n";
+	}
+
+# If any %useradd entry has been set, we must check that the "make
+# variables" haven't been set.  We start by checking of any %useradd entry
+# is set.
+if (grep { scalar @$_ > 0 } values %useradd) {
+    # Hash of env / make variables names.  The possible values are:
+    # 1 - "make vars"
+    # 2 - %useradd entry set
+    # 3 - both set
+    my %detected_vars =
+        map { my $v = 0;
+              $v += 1 if $cmdvars{$_};
+              $v += 2 if @{$useradd{$_}};
+              $_ => $v }
+        keys %useradd;
+
+    # If any of the corresponding "make variables" is set, we error
+    if (grep { $_ & 1 } values %detected_vars) {
+        my $names = join(', ', grep { $detected_vars{$_} > 0 }
+                               sort keys %detected_vars);
+        die <<"_____";
+***** Mixing make variables and additional compiler/linker flags as
+***** configure command line option is not permitted.
+***** Affected make variables: $names
+_____
+    }
+}
+
+# Check through all supported command line variables to see if any of them
+# were set, and canonicalise the values we got.  If no compiler or linker
+# flag or anything else that affects %useradd was set, we also check the
+# environment for values.
+my $anyuseradd =
+    grep { defined $_ && (ref $_ ne 'ARRAY' || @$_) } values %useradd;
+foreach (keys %user) {
+    my $value = $cmdvars{$_};
+    $value //= env($_) unless $anyuseradd;
+    $value //=
+        defined $user_synonyms{$_} ? $cmdvars{$user_synonyms{$_}} : undef;
+    $value //= defined $user_synonyms{$_} ? env($user_synonyms{$_}) : undef
+        unless $anyuseradd;
+
+    if (defined $value) {
+        if (ref $user{$_} eq 'ARRAY') {
+            $user{$_} = [ split /$list_separator_re/, $value ];
+        } elsif (!defined $user{$_}) {
+            $user{$_} = $value;
+        }
+    }
+}
+
+if (grep { /-rpath\b/ } ($user{LDFLAGS} ? @{$user{LDFLAGS}} : ())
+    && !$disabled{shared}
+    && !($disabled{asan} && $disabled{msan} && $disabled{ubsan})) {
+    die "***** Cannot simultaneously use -rpath, shared libraries, and\n",
+	"***** any of asan, msan or ubsan\n";
+}
+
+my @tocheckfor = (keys %disabled);
+while (@tocheckfor) {
+    my %new_tocheckfor = ();
+    my @cascade_copy = (@disable_cascades);
+    while (@cascade_copy) {
+	my ($test, $descendents) = (shift @cascade_copy, shift @cascade_copy);
+	if (ref($test) eq "CODE" ? $test->() : defined($disabled{$test})) {
+	    foreach(grep { !defined($disabled{$_}) } @$descendents) {
+		$new_tocheckfor{$_} = 1; $disabled{$_} = "forced";
+	    }
+	}
+    }
+    @tocheckfor = (keys %new_tocheckfor);
+}
+
+our $die = sub { die @_; };
+if ($target eq "TABLE") {
+    local $die = sub { warn @_; };
+    foreach (sort keys %table) {
+	print_table_entry($_, "TABLE");
+    }
+    exit 0;
+}
+
+if ($target eq "LIST") {
+    foreach (sort keys %table) {
+	print $_,"\n" unless $table{$_}->{template};
+    }
+    exit 0;
+}
+
+if ($target eq "HASH") {
+    local $die = sub { warn @_; };
+    print "%table = (\n";
+    foreach (sort keys %table) {
+	print_table_entry($_, "HASH");
+    }
+    exit 0;
+}
+
+print "Configuring OpenSSL version $config{version} ($config{version_num}) ";
+print "for $target\n";
+
+if (scalar(@seed_sources) == 0) {
+    print "Using os-specific seed configuration\n";
+    push @seed_sources, 'os';
+}
+if (scalar(grep { $_ eq 'none' } @seed_sources) > 0) {
+    die "Cannot seed with none and anything else" if scalar(@seed_sources) > 1;
+    warn <<_____ if scalar(@seed_sources) == 1;
+
+============================== WARNING ===============================
+You have selected the --with-rand-seed=none option, which effectively
+disables automatic reseeding of the OpenSSL random generator.
+All operations depending on the random generator such as creating keys
+will not work unless the random generator is seeded manually by the
+application.
+
+Please read the 'Note on random number generation' section in the
+INSTALL instructions and the RAND_DRBG(7) manual page for more details.
+============================== WARNING ===============================
+
+_____
+}
+push @{$config{openssl_other_defines}},
+     map { (my $x = $_) =~ tr|[\-a-z]|[_A-Z]|; "OPENSSL_RAND_SEED_$x" }
+	@seed_sources;
+
+# Backward compatibility?
+if ($target =~ m/^CygWin32(-.*)$/) {
+    $target = "Cygwin".$1;
+}
+
+# Support for legacy targets having a name starting with 'debug-'
+my ($d, $t) = $target =~ m/^(debug-)?(.*)$/;
+if ($d) {
+    $config{build_type} = "debug";
+
+    # If we do not find debug-foo in the table, the target is set to foo.
+    if (!$table{$target}) {
+	$target = $t;
+    }
+}
+
+&usage if !$table{$target} || $table{$target}->{template};
+
+$config{target} = $target;
+my %target = resolve_config($target);
+
+foreach (keys %target_attr_translate) {
+    $target{$target_attr_translate{$_}} = $target{$_}
+        if $target{$_};
+    delete $target{$_};
+}
+
+%target = ( %{$table{DEFAULTS}}, %target );
+
+# Make the flags to build DSOs the same as for shared libraries unless they
+# are already defined
+$target{module_cflags} = $target{shared_cflag} unless defined $target{module_cflags};
+$target{module_cxxflags} = $target{shared_cxxflag} unless defined $target{module_cxxflags};
+$target{module_ldflags} = $target{shared_ldflag} unless defined $target{module_ldflags};
+{
+    my $shared_info_pl =
+        catfile(dirname($0), "Configurations", "shared-info.pl");
+    my %shared_info = read_eval_file($shared_info_pl);
+    push @{$target{_conf_fname_int}}, $shared_info_pl;
+    my $si = $target{shared_target};
+    while (ref $si ne "HASH") {
+        last if ! defined $si;
+        if (ref $si eq "CODE") {
+            $si = $si->();
+        } else {
+            $si = $shared_info{$si};
+        }
+    }
+
+    # Some of the 'shared_target' values don't have any entried in
+    # %shared_info.  That's perfectly fine, AS LONG AS the build file
+    # template knows how to handle this.  That is currently the case for
+    # Windows and VMS.
+    if (defined $si) {
+        # Just as above, copy certain shared_* attributes to the corresponding
+        # module_ attribute unless the latter is already defined
+        $si->{module_cflags} = $si->{shared_cflag} unless defined $si->{module_cflags};
+        $si->{module_cxxflags} = $si->{shared_cxxflag} unless defined $si->{module_cxxflags};
+        $si->{module_ldflags} = $si->{shared_ldflag} unless defined $si->{module_ldflags};
+        foreach (sort keys %$si) {
+            $target{$_} = defined $target{$_}
+                ? add($si->{$_})->($target{$_})
+                : $si->{$_};
+        }
+    }
+}
+
+my %conf_files = map { $_ => 1 } (@{$target{_conf_fname_int}});
+$config{conf_files} = [ sort keys %conf_files ];
+
+foreach my $feature (@{$target{disable}}) {
+    if (exists $deprecated_disablables{$feature}) {
+        warn "***** config $target disables deprecated feature $feature\n";
+    } elsif (!grep { $feature eq $_ } @disablables) {
+        die "***** config $target disables unknown feature $feature\n";
+    }
+    $disabled{$feature} = 'config';
+}
+foreach my $feature (@{$target{enable}}) {
+    if ("default" eq ($disabled{$feature} // "")) {
+        if (exists $deprecated_disablables{$feature}) {
+            warn "***** config $target enables deprecated feature $feature\n";
+        } elsif (!grep { $feature eq $_ } @disablables) {
+            die "***** config $target enables unknown feature $feature\n";
+        }
+        delete $disabled{$feature};
+    }
+}
+
+$target{CXXFLAGS}//=$target{CFLAGS} if $target{CXX};
+$target{cxxflags}//=$target{cflags} if $target{CXX};
+$target{exe_extension}="";
+$target{exe_extension}=".exe" if ($config{target} eq "DJGPP"
+                                  || $config{target} =~ /^(?:Cygwin|mingw)/);
+$target{exe_extension}=".pm"  if ($config{target} =~ /vos/);
+
+($target{shared_extension_simple}=$target{shared_extension})
+    =~ s|\.\$\(SHLIB_VERSION_NUMBER\)||
+    unless defined($target{shared_extension_simple});
+$target{dso_extension}//=$target{shared_extension_simple};
+($target{shared_import_extension}=$target{shared_extension_simple}.".a")
+    if ($config{target} =~ /^(?:Cygwin|mingw)/);
+
+# Fill %config with values from %user, and in case those are undefined or
+# empty, use values from %target (acting as a default).
+foreach (keys %user) {
+    my $ref_type = ref $user{$_};
+
+    # Temporary function.  Takes an intended ref type (empty string or "ARRAY")
+    # and a value that's to be coerced into that type.
+    my $mkvalue = sub {
+        my $type = shift;
+        my $value = shift;
+        my $undef_p = shift;
+
+        die "Too many arguments for \$mkvalue" if @_;
+
+        while (ref $value eq 'CODE') {
+            $value = $value->();
+        }
+
+        if ($type eq 'ARRAY') {
+            return undef unless defined $value;
+            return undef if ref $value ne 'ARRAY' && !$value;
+            return undef if ref $value eq 'ARRAY' && !@$value;
+            return [ $value ] unless ref $value eq 'ARRAY';
+        }
+        return undef unless $value;
+        return $value;
+    };
+
+    $config{$_} =
+        $mkvalue->($ref_type, $user{$_})
+        || $mkvalue->($ref_type, $target{$_});
+    delete $config{$_} unless defined $config{$_};
+}
+
+# Allow overriding the build file name
+$config{build_file} = env('BUILDFILE') || $target{build_file} || "Makefile";
+
+my %disabled_info = ();         # For configdata.pm
+foreach my $what (sort keys %disabled) {
+    $config{options} .= " no-$what";
+
+    if (!grep { $what eq $_ } ( 'dso', 'threads', 'shared', 'pic',
+                                'dynamic-engine', 'makedepend',
+                                'zlib-dynamic', 'zlib', 'sse2' )) {
+        (my $WHAT = uc $what) =~ s|-|_|g;
+
+        # Fix up C macro end names
+        $WHAT = "RMD160" if $what eq "ripemd";
+
+        # fix-up crypto/directory name(s)
+        $what = "ripemd" if $what eq "rmd160";
+        $what = "whrlpool" if $what eq "whirlpool";
+
+        my $macro = $disabled_info{$what}->{macro} = "OPENSSL_NO_$WHAT";
+
+        if ((grep { $what eq $_ } @{$config{sdirs}})
+                && $what ne 'async' && $what ne 'err') {
+            @{$config{sdirs}} = grep { $what ne $_} @{$config{sdirs}};
+            $disabled_info{$what}->{skipped} = [ catdir('crypto', $what) ];
+
+            if ($what ne 'engine') {
+                push @{$config{openssl_algorithm_defines}}, $macro;
+            } else {
+                @{$config{dirs}} = grep !/^engines$/, @{$config{dirs}};
+                push @{$disabled_info{engine}->{skipped}}, catdir('engines');
+                push @{$config{openssl_other_defines}}, $macro;
+            }
+        } else {
+            push @{$config{openssl_other_defines}}, $macro;
+        }
+
+    }
+}
+
+# Make sure build_scheme is consistent.
+$target{build_scheme} = [ $target{build_scheme} ]
+    if ref($target{build_scheme}) ne "ARRAY";
+
+my ($builder, $builder_platform, @builder_opts) =
+    @{$target{build_scheme}};
+
+foreach my $checker (($builder_platform."-".$target{build_file}."-checker.pm",
+                      $builder_platform."-checker.pm")) {
+    my $checker_path = catfile($srcdir, "Configurations", $checker);
+    if (-f $checker_path) {
+        my $fn = $ENV{CONFIGURE_CHECKER_WARN}
+            ? sub { warn $@; } : sub { die $@; };
+        if (! do $checker_path) {
+            if ($@) {
+                $fn->($@);
+            } elsif ($!) {
+                $fn->($!);
+            } else {
+                $fn->("The detected tools didn't match the platform\n");
+            }
+        }
+        last;
+    }
+}
+
+push @{$config{defines}}, "NDEBUG"    if $config{build_type} eq "release";
+
+if ($target =~ /^mingw/ && `$config{CC} --target-help 2>&1` =~ m/-mno-cygwin/m)
+	{
+	push @{$config{cflags}}, "-mno-cygwin";
+	push @{$config{cxxflags}}, "-mno-cygwin" if $config{CXX};
+	push @{$config{shared_ldflag}}, "-mno-cygwin";
+	}
+
+if ($target =~ /linux.*-mips/ && !$disabled{asm}
+        && !grep { $_ !~ /-m(ips|arch=)/ } (@{$user{CFLAGS}},
+                                            @{$useradd{CFLAGS}})) {
+	# minimally required architecture flags for assembly modules
+	my $value;
+	$value = '-mips2' if ($target =~ /mips32/);
+	$value = '-mips3' if ($target =~ /mips64/);
+	unshift @{$config{cflags}}, $value;
+	unshift @{$config{cxxflags}}, $value if $config{CXX};
+}
+
+# If threads aren't disabled, check how possible they are
+unless ($disabled{threads}) {
+    if ($auto_threads) {
+        # Enabled by default, disable it forcibly if unavailable
+        if ($target{thread_scheme} eq "(unknown)") {
+            $disabled{threads} = "unavailable";
+        }
+    } else {
+        # The user chose to enable threads explicitly, let's see
+        # if there's a chance that's possible
+        if ($target{thread_scheme} eq "(unknown)") {
+            # If the user asked for "threads" and we don't have internal
+            # knowledge how to do it, [s]he is expected to provide any
+            # system-dependent compiler options that are necessary.  We
+            # can't truly check that the given options are correct, but
+            # we expect the user to know what [s]He is doing.
+            if (!@{$user{CFLAGS}} && !@{$useradd{CFLAGS}}
+                    && !@{$user{CPPDEFINES}} && !@{$useradd{CPPDEFINES}}) {
+                die "You asked for multi-threading support, but didn't\n"
+                    ,"provide any system-specific compiler options\n";
+            }
+        }
+    }
+}
+
+# If threads still aren't disabled, add a C macro to ensure the source
+# code knows about it.  Any other flag is taken care of by the configs.
+unless($disabled{threads}) {
+    push @{$config{openssl_thread_defines}}, "OPENSSL_THREADS";
+}
+
+# With "deprecated" disable all deprecated features.
+if (defined($disabled{"deprecated"})) {
+        $config{api} = $maxapi;
+}
+
+my $no_shared_warn=0;
+if ($target{shared_target} eq "")
+	{
+	$no_shared_warn = 1
+	    if (!$disabled{shared} || !$disabled{"dynamic-engine"});
+	$disabled{shared} = "no-shared-target";
+	$disabled{pic} = $disabled{shared} = $disabled{"dynamic-engine"} =
+	    "no-shared-target";
+	}
+
+if ($disabled{"dynamic-engine"}) {
+        push @{$config{openssl_other_defines}}, "OPENSSL_NO_DYNAMIC_ENGINE";
+        $config{dynamic_engines} = 0;
+} else {
+        push @{$config{openssl_other_defines}}, "OPENSSL_NO_STATIC_ENGINE";
+        $config{dynamic_engines} = 1;
+}
+
+unless ($disabled{asan}) {
+    push @{$config{cflags}}, "-fsanitize=address";
+    push @{$config{cxxflags}}, "-fsanitize=address" if $config{CXX};
+}
+
+unless ($disabled{ubsan}) {
+    # -DPEDANTIC or -fnosanitize=alignment may also be required on some
+    # platforms.
+    push @{$config{cflags}}, "-fsanitize=undefined", "-fno-sanitize-recover=all";
+    push @{$config{cxxflags}}, "-fsanitize=undefined", "-fno-sanitize-recover=all"
+        if $config{CXX};
+}
+
+unless ($disabled{msan}) {
+  push @{$config{cflags}}, "-fsanitize=memory";
+  push @{$config{cxxflags}}, "-fsanitize=memory" if $config{CXX};
+}
+
+unless ($disabled{"fuzz-libfuzzer"} && $disabled{"fuzz-afl"}
+        && $disabled{asan} && $disabled{ubsan} && $disabled{msan}) {
+    push @{$config{cflags}}, "-fno-omit-frame-pointer", "-g";
+    push @{$config{cxxflags}}, "-fno-omit-frame-pointer", "-g" if $config{CXX};
+}
+#
+# Platform fix-ups
+#
+
+# This saves the build files from having to check
+if ($disabled{pic})
+	{
+	foreach (qw(shared_cflag shared_cxxflag shared_cppflag
+		    shared_defines shared_includes shared_ldflag
+		    module_cflags module_cxxflags module_cppflags
+		    module_defines module_includes module_lflags))
+		{
+		delete $config{$_};
+		$target{$_} = "";
+		}
+	}
+else
+	{
+	push @{$config{lib_defines}}, "OPENSSL_PIC";
+	}
+
+if ($target{sys_id} ne "")
+	{
+	push @{$config{openssl_sys_defines}}, "OPENSSL_SYS_$target{sys_id}";
+	}
+
+unless ($disabled{asm}) {
+    $target{cpuid_asm_src}=$table{DEFAULTS}->{cpuid_asm_src} if ($config{processor} eq "386");
+    push @{$config{lib_defines}}, "OPENSSL_CPUID_OBJ" if ($target{cpuid_asm_src} ne "mem_clr.c");
+
+    $target{bn_asm_src} =~ s/\w+-gf2m.c// if (defined($disabled{ec2m}));
+
+    # bn-586 is the only one implementing bn_*_part_words
+    push @{$config{lib_defines}}, "OPENSSL_BN_ASM_PART_WORDS" if ($target{bn_asm_src} =~ /bn-586/);
+    push @{$config{lib_defines}}, "OPENSSL_IA32_SSE2" if (!$disabled{sse2} && $target{bn_asm_src} =~ /86/);
+
+    push @{$config{lib_defines}}, "OPENSSL_BN_ASM_MONT" if ($target{bn_asm_src} =~ /-mont/);
+    push @{$config{lib_defines}}, "OPENSSL_BN_ASM_MONT5" if ($target{bn_asm_src} =~ /-mont5/);
+    push @{$config{lib_defines}}, "OPENSSL_BN_ASM_GF2m" if ($target{bn_asm_src} =~ /-gf2m/);
+    push @{$config{lib_defines}}, "BN_DIV3W" if ($target{bn_asm_src} =~ /-div3w/);
+
+    if ($target{sha1_asm_src}) {
+	push @{$config{lib_defines}}, "SHA1_ASM"   if ($target{sha1_asm_src} =~ /sx86/ || $target{sha1_asm_src} =~ /sha1/);
+	push @{$config{lib_defines}}, "SHA256_ASM" if ($target{sha1_asm_src} =~ /sha256/);
+	push @{$config{lib_defines}}, "SHA512_ASM" if ($target{sha1_asm_src} =~ /sha512/);
+    }
+    if ($target{keccak1600_asm_src} ne $table{DEFAULTS}->{keccak1600_asm_src}) {
+	push @{$config{lib_defines}}, "KECCAK1600_ASM";
+    }
+    if ($target{rc4_asm_src} ne $table{DEFAULTS}->{rc4_asm_src}) {
+	push @{$config{lib_defines}}, "RC4_ASM";
+    }
+    if ($target{md5_asm_src}) {
+	push @{$config{lib_defines}}, "MD5_ASM";
+    }
+    $target{cast_asm_src}=$table{DEFAULTS}->{cast_asm_src} unless $disabled{pic}; # CAST assembler is not PIC
+    if ($target{rmd160_asm_src}) {
+	push @{$config{lib_defines}}, "RMD160_ASM";
+    }
+    if ($target{aes_asm_src}) {
+	push @{$config{lib_defines}}, "AES_ASM" if ($target{aes_asm_src} =~ m/\baes-/);;
+	# aes-ctr.fake is not a real file, only indication that assembler
+	# module implements AES_ctr32_encrypt...
+	push @{$config{lib_defines}}, "AES_CTR_ASM" if ($target{aes_asm_src} =~ s/\s*aes-ctr\.fake//);
+	# aes-xts.fake indicates presence of AES_xts_[en|de]crypt...
+	push @{$config{lib_defines}}, "AES_XTS_ASM" if ($target{aes_asm_src} =~ s/\s*aes-xts\.fake//);
+	$target{aes_asm_src} =~ s/\s*(vpaes|aesni)-x86\.s//g if ($disabled{sse2});
+	push @{$config{lib_defines}}, "VPAES_ASM" if ($target{aes_asm_src} =~ m/vpaes/);
+	push @{$config{lib_defines}}, "BSAES_ASM" if ($target{aes_asm_src} =~ m/bsaes/);
+    }
+    if ($target{wp_asm_src} =~ /mmx/) {
+        if ($config{processor} eq "386") {
+	    $target{wp_asm_src}=$table{DEFAULTS}->{wp_asm_src};
+	} elsif (!$disabled{"whirlpool"}) {
+	    push @{$config{lib_defines}}, "WHIRLPOOL_ASM";
+	}
+    }
+    if ($target{modes_asm_src} =~ /ghash-/) {
+	push @{$config{lib_defines}}, "GHASH_ASM";
+    }
+    if ($target{ec_asm_src} =~ /ecp_nistz256/) {
+	push @{$config{lib_defines}}, "ECP_NISTZ256_ASM";
+    }
+    if ($target{ec_asm_src} =~ /x25519/) {
+	push @{$config{lib_defines}}, "X25519_ASM";
+    }
+    if ($target{padlock_asm_src} ne $table{DEFAULTS}->{padlock_asm_src}) {
+	push @{$config{lib_defines}}, "PADLOCK_ASM";
+    }
+    if ($target{poly1305_asm_src} ne "") {
+	push @{$config{lib_defines}}, "POLY1305_ASM";
+    }
+}
+
+my %predefined = compiler_predefined($config{CROSS_COMPILE}.$config{CC});
+
+# Check for makedepend capabilities.
+if (!$disabled{makedepend}) {
+    if ($config{target} =~ /^(VC|vms)-/) {
+        # For VC- and vms- targets, there's nothing more to do here.  The
+        # functionality is hard coded in the corresponding build files for
+        # cl (Windows) and CC/DECC (VMS).
+    } elsif (($predefined{__GNUC__} // -1) >= 3
+	     && !($predefined{__APPLE_CC__} && !$predefined{__clang__})) {
+        # We know that GNU C version 3 and up as well as all clang
+        # versions support dependency generation, but Xcode did not
+        # handle $cc -M before clang support (but claims __GNUC__ = 3)
+        $config{makedepprog} = "\$(CROSS_COMPILE)$config{CC}";
+    } else {
+        # In all other cases, we look for 'makedepend', and disable the
+        # capability if not found.
+        $config{makedepprog} = which('makedepend');
+        $disabled{makedepend} = "unavailable" unless $config{makedepprog};
+    }
+}
+
+if (!$disabled{asm} && !$predefined{__MACH__} && $^O ne 'VMS') {
+    # probe for -Wa,--noexecstack option...
+    if ($predefined{__clang__}) {
+        # clang has builtin assembler, which doesn't recognize --help,
+        # but it apparently recognizes the option in question on all
+        # supported platforms even when it's meaningless. In other words
+        # probe would fail, but probed option always accepted...
+        push @{$config{cflags}}, "-Wa,--noexecstack", "-Qunused-arguments";
+    } else {
+        my $cc = $config{CROSS_COMPILE}.$config{CC};
+        open(PIPE, "$cc -Wa,--help -c -o null.$$.o -x assembler /dev/null 2>&1 |");
+        while(<PIPE>) {
+            if (m/--noexecstack/) {
+                push @{$config{cflags}}, "-Wa,--noexecstack";
+                last;
+            }
+        }
+        close(PIPE);
+        unlink("null.$$.o");
+    }
+}
+
+# Deal with bn_ops ###################################################
+
+$config{bn_ll}			=0;
+$config{export_var_as_fn}	=0;
+my $def_int="unsigned int";
+$config{rc4_int}		=$def_int;
+($config{b64l},$config{b64},$config{b32})=(0,0,1);
+
+my $count = 0;
+foreach (sort split(/\s+/,$target{bn_ops})) {
+    $count++ if /SIXTY_FOUR_BIT|SIXTY_FOUR_BIT_LONG|THIRTY_TWO_BIT/;
+    $config{export_var_as_fn}=1                 if $_ eq 'EXPORT_VAR_AS_FN';
+    $config{bn_ll}=1				if $_ eq 'BN_LLONG';
+    $config{rc4_int}="unsigned char"		if $_ eq 'RC4_CHAR';
+    ($config{b64l},$config{b64},$config{b32})
+	=(0,1,0)				if $_ eq 'SIXTY_FOUR_BIT';
+    ($config{b64l},$config{b64},$config{b32})
+	=(1,0,0)				if $_ eq 'SIXTY_FOUR_BIT_LONG';
+    ($config{b64l},$config{b64},$config{b32})
+	=(0,0,1)				if $_ eq 'THIRTY_TWO_BIT';
+}
+die "Exactly one of SIXTY_FOUR_BIT|SIXTY_FOUR_BIT_LONG|THIRTY_TWO_BIT can be set in bn_ops\n"
+    if $count > 1;
+
+
+# Hack cflags for better warnings (dev option) #######################
+
+# "Stringify" the C and C++ flags string.  This permits it to be made part of
+# a string and works as well on command lines.
+$config{cflags} = [ map { (my $x = $_) =~ s/([\\\"])/\\$1/g; $x }
+                        @{$config{cflags}} ];
+$config{cxxflags} = [ map { (my $x = $_) =~ s/([\\\"])/\\$1/g; $x }
+                          @{$config{cxxflags}} ] if $config{CXX};
+
+if (defined($config{api})) {
+    $config{openssl_api_defines} = [ "OPENSSL_MIN_API=".$apitable->{$config{api}} ];
+    my $apiflag = sprintf("OPENSSL_API_COMPAT=%s", $apitable->{$config{api}});
+    push @{$config{defines}}, $apiflag;
+}
+
+if ($strict_warnings)
+	{
+	my $wopt;
+	my $gccver = $predefined{__GNUC__} // -1;
+
+	die "ERROR --strict-warnings requires gcc[>=4] or gcc-alike"
+            unless $gccver >= 4;
+	foreach $wopt (split /\s+/, $gcc_devteam_warn)
+		{
+		push @{$config{cflags}}, $wopt
+			unless grep { $_ eq $wopt } @{$config{cflags}};
+		push @{$config{cxxflags}}, $wopt
+			if ($config{CXX}
+			    && !grep { $_ eq $wopt } @{$config{cxxflags}});
+		}
+	if (defined($predefined{__clang__}))
+		{
+		foreach $wopt (split /\s+/, $clang_devteam_warn)
+			{
+			push @{$config{cflags}}, $wopt
+				unless grep { $_ eq $wopt } @{$config{cflags}};
+			push @{$config{cxxflags}}, $wopt
+				if ($config{CXX}
+				    && !grep { $_ eq $wopt } @{$config{cxxflags}});
+			}
+		}
+	}
+
+unless ($disabled{"crypto-mdebug-backtrace"})
+	{
+	foreach my $wopt (split /\s+/, $memleak_devteam_backtrace)
+		{
+		push @{$config{cflags}}, $wopt
+			unless grep { $_ eq $wopt } @{$config{cflags}};
+		push @{$config{cxxflags}}, $wopt
+			if ($config{CXX}
+			    && !grep { $_ eq $wopt } @{$config{cxxflags}});
+		}
+	if ($target =~ /^BSD-/)
+		{
+		push @{$config{ex_libs}}, "-lexecinfo";
+		}
+	}
+
+unless ($disabled{afalgeng}) {
+    $config{afalgeng}="";
+    if (grep { $_ eq 'afalgeng' } @{$target{enable}}) {
+        my $minver = 4*10000 + 1*100 + 0;
+        if ($config{CROSS_COMPILE} eq "") {
+            my $verstr = `uname -r`;
+            my ($ma, $mi1, $mi2) = split("\\.", $verstr);
+            ($mi2) = $mi2 =~ /(\d+)/;
+            my $ver = $ma*10000 + $mi1*100 + $mi2;
+            if ($ver < $minver) {
+                $disabled{afalgeng} = "too-old-kernel";
+            } else {
+                push @{$config{engdirs}}, "afalg";
+            }
+        } else {
+            $disabled{afalgeng} = "cross-compiling";
+        }
+    } else {
+        $disabled{afalgeng}  = "not-linux";
+    }
+}
+
+push @{$config{openssl_other_defines}}, "OPENSSL_NO_AFALGENG" if ($disabled{afalgeng});
+
+# Finish up %config by appending things the user gave us on the command line
+# apart from "make variables"
+foreach (keys %useradd) {
+    # The must all be lists, so we assert that here
+    die "internal error: \$useradd{$_} isn't an ARRAY\n"
+        unless ref $useradd{$_} eq 'ARRAY';
+
+    if (defined $config{$_}) {
+        push @{$config{$_}}, @{$useradd{$_}};
+    } else {
+        $config{$_} = [ @{$useradd{$_}} ];
+    }
+}
+
+# ALL MODIFICATIONS TO %config and %target MUST BE DONE FROM HERE ON
+
+# If we use the unified build, collect information from build.info files
+my %unified_info = ();
+
+my $buildinfo_debug = defined($ENV{CONFIGURE_DEBUG_BUILDINFO});
+if ($builder eq "unified") {
+    use with_fallback qw(Text::Template);
+
+    sub cleandir {
+        my $base = shift;
+        my $dir = shift;
+        my $relativeto = shift || ".";
+
+        $dir = catdir($base,$dir) unless isabsolute($dir);
+
+        # Make sure the directories we're building in exists
+        mkpath($dir);
+
+        my $res = abs2rel(absolutedir($dir), rel2abs($relativeto));
+        #print STDERR "DEBUG[cleandir]: $dir , $base => $res\n";
+        return $res;
+    }
+
+    sub cleanfile {
+        my $base = shift;
+        my $file = shift;
+        my $relativeto = shift || ".";
+
+        $file = catfile($base,$file) unless isabsolute($file);
+
+        my $d = dirname($file);
+        my $f = basename($file);
+
+        # Make sure the directories we're building in exists
+        mkpath($d);
+
+        my $res = abs2rel(catfile(absolutedir($d), $f), rel2abs($relativeto));
+        #print STDERR "DEBUG[cleanfile]: $d , $f => $res\n";
+        return $res;
+    }
+
+    # Store the name of the template file we will build the build file from
+    # in %config.  This may be useful for the build file itself.
+    my @build_file_template_names =
+	( $builder_platform."-".$target{build_file}.".tmpl",
+	  $target{build_file}.".tmpl" );
+    my @build_file_templates = ();
+
+    # First, look in the user provided directory, if given
+    if (defined env($local_config_envname)) {
+	@build_file_templates =
+	    map {
+		if ($^O eq 'VMS') {
+		    # VMS environment variables are logical names,
+		    # which can be used as is
+		    $local_config_envname . ':' . $_;
+		} else {
+		    catfile(env($local_config_envname), $_);
+		}
+	    }
+	    @build_file_template_names;
+    }
+    # Then, look in our standard directory
+    push @build_file_templates,
+	( map { cleanfile($srcdir, catfile("Configurations", $_), $blddir) }
+	  @build_file_template_names );
+
+    my $build_file_template;
+    for $_ (@build_file_templates) {
+	$build_file_template = $_;
+        last if -f $build_file_template;
+
+        $build_file_template = undef;
+    }
+    if (!defined $build_file_template) {
+	die "*** Couldn't find any of:\n", join("\n", @build_file_templates), "\n";
+    }
+    $config{build_file_templates}
+      = [ cleanfile($srcdir, catfile("Configurations", "common0.tmpl"),
+                    $blddir),
+          $build_file_template,
+          cleanfile($srcdir, catfile("Configurations", "common.tmpl"),
+                    $blddir) ];
+
+    my @build_infos = ( [ ".", "build.info" ] );
+    foreach (@{$config{dirs}}) {
+        push @build_infos, [ $_, "build.info" ]
+            if (-f catfile($srcdir, $_, "build.info"));
+    }
+    foreach (@{$config{sdirs}}) {
+        push @build_infos, [ catdir("crypto", $_), "build.info" ]
+            if (-f catfile($srcdir, "crypto", $_, "build.info"));
+    }
+    foreach (@{$config{engdirs}}) {
+        push @build_infos, [ catdir("engines", $_), "build.info" ]
+            if (-f catfile($srcdir, "engines", $_, "build.info"));
+    }
+    foreach (@{$config{tdirs}}) {
+        push @build_infos, [ catdir("test", $_), "build.info" ]
+            if (-f catfile($srcdir, "test", $_, "build.info"));
+    }
+
+    $config{build_infos} = [ ];
+
+    my %ordinals = ();
+    foreach (@build_infos) {
+        my $sourced = catdir($srcdir, $_->[0]);
+        my $buildd = catdir($blddir, $_->[0]);
+
+        mkpath($buildd);
+
+        my $f = $_->[1];
+        # The basic things we're trying to build
+        my @programs = ();
+        my @programs_install = ();
+        my @libraries = ();
+        my @libraries_install = ();
+        my @engines = ();
+        my @engines_install = ();
+        my @scripts = ();
+        my @scripts_install = ();
+        my @extra = ();
+        my @overrides = ();
+        my @intermediates = ();
+        my @rawlines = ();
+
+        my %sources = ();
+        my %shared_sources = ();
+        my %includes = ();
+        my %depends = ();
+        my %renames = ();
+        my %sharednames = ();
+        my %generate = ();
+
+        # We want to detect configdata.pm in the source tree, so we
+        # don't use it if the build tree is different.
+        my $src_configdata = cleanfile($srcdir, "configdata.pm", $blddir);
+
+        push @{$config{build_infos}}, catfile(abs2rel($sourced, $blddir), $f);
+        my $template =
+            Text::Template->new(TYPE => 'FILE',
+                                SOURCE => catfile($sourced, $f),
+                                PREPEND => qq{use lib "$FindBin::Bin/util/perl";});
+        die "Something went wrong with $sourced/$f: $!\n" unless $template;
+        my @text =
+            split /^/m,
+            $template->fill_in(HASH => { config => \%config,
+                                         target => \%target,
+                                         disabled => \%disabled,
+                                         withargs => \%withargs,
+                                         builddir => abs2rel($buildd, $blddir),
+                                         sourcedir => abs2rel($sourced, $blddir),
+                                         buildtop => abs2rel($blddir, $blddir),
+                                         sourcetop => abs2rel($srcdir, $blddir) },
+                               DELIMITERS => [ "{-", "-}" ]);
+
+        # The top item of this stack has the following values
+        # -2 positive already run and we found ELSE (following ELSIF should fail)
+        # -1 positive already run (skip until ENDIF)
+        # 0 negatives so far (if we're at a condition, check it)
+        # 1 last was positive (don't skip lines until next ELSE, ELSIF or ENDIF)
+        # 2 positive ELSE (following ELSIF should fail)
+        my @skip = ();
+        collect_information(
+            collect_from_array([ @text ],
+                               qr/\\$/ => sub { my $l1 = shift; my $l2 = shift;
+                                                $l1 =~ s/\\$//; $l1.$l2 }),
+            # Info we're looking for
+            qr/^\s*IF\[((?:\\.|[^\\\]])*)\]\s*$/
+            => sub {
+                if (! @skip || $skip[$#skip] > 0) {
+                    push @skip, !! $1;
+                } else {
+                    push @skip, -1;
+                }
+            },
+            qr/^\s*ELSIF\[((?:\\.|[^\\\]])*)\]\s*$/
+            => sub { die "ELSIF out of scope" if ! @skip;
+                     die "ELSIF following ELSE" if abs($skip[$#skip]) == 2;
+                     $skip[$#skip] = -1 if $skip[$#skip] != 0;
+                     $skip[$#skip] = !! $1
+                         if $skip[$#skip] == 0; },
+            qr/^\s*ELSE\s*$/
+            => sub { die "ELSE out of scope" if ! @skip;
+                     $skip[$#skip] = -2 if $skip[$#skip] != 0;
+                     $skip[$#skip] = 2 if $skip[$#skip] == 0; },
+            qr/^\s*ENDIF\s*$/
+            => sub { die "ENDIF out of scope" if ! @skip;
+                     pop @skip; },
+            qr/^\s*PROGRAMS(_NO_INST)?\s*=\s*(.*)\s*$/
+            => sub {
+                if (!@skip || $skip[$#skip] > 0) {
+                    my $install = $1;
+                    my @x = tokenize($2);
+                    push @programs, @x;
+                    push @programs_install, @x unless $install;
+                }
+            },
+            qr/^\s*LIBS(_NO_INST)?\s*=\s*(.*)\s*$/
+            => sub {
+                if (!@skip || $skip[$#skip] > 0) {
+                    my $install = $1;
+                    my @x = tokenize($2);
+                    push @libraries, @x;
+                    push @libraries_install, @x unless $install;
+                }
+            },
+            qr/^\s*ENGINES(_NO_INST)?\s*=\s*(.*)\s*$/
+            => sub {
+                if (!@skip || $skip[$#skip] > 0) {
+                    my $install = $1;
+                    my @x = tokenize($2);
+                    push @engines, @x;
+                    push @engines_install, @x unless $install;
+                }
+            },
+            qr/^\s*SCRIPTS(_NO_INST)?\s*=\s*(.*)\s*$/
+            => sub {
+                if (!@skip || $skip[$#skip] > 0) {
+                    my $install = $1;
+                    my @x = tokenize($2);
+                    push @scripts, @x;
+                    push @scripts_install, @x unless $install;
+                }
+            },
+            qr/^\s*EXTRA\s*=\s*(.*)\s*$/
+            => sub { push @extra, tokenize($1)
+                         if !@skip || $skip[$#skip] > 0 },
+            qr/^\s*OVERRIDES\s*=\s*(.*)\s*$/
+            => sub { push @overrides, tokenize($1)
+                         if !@skip || $skip[$#skip] > 0 },
+
+            qr/^\s*ORDINALS\[((?:\\.|[^\\\]])+)\]\s*=\s*(.*)\s*$/,
+            => sub { push @{$ordinals{$1}}, tokenize($2)
+                         if !@skip || $skip[$#skip] > 0 },
+            qr/^\s*SOURCE\[((?:\\.|[^\\\]])+)\]\s*=\s*(.*)\s*$/
+            => sub { push @{$sources{$1}}, tokenize($2)
+                         if !@skip || $skip[$#skip] > 0 },
+            qr/^\s*SHARED_SOURCE\[((?:\\.|[^\\\]])+)\]\s*=\s*(.*)\s*$/
+            => sub { push @{$shared_sources{$1}}, tokenize($2)
+                         if !@skip || $skip[$#skip] > 0 },
+            qr/^\s*INCLUDE\[((?:\\.|[^\\\]])+)\]\s*=\s*(.*)\s*$/
+            => sub { push @{$includes{$1}}, tokenize($2)
+                         if !@skip || $skip[$#skip] > 0 },
+            qr/^\s*DEPEND\[((?:\\.|[^\\\]])*)\]\s*=\s*(.*)\s*$/
+            => sub { push @{$depends{$1}}, tokenize($2)
+                         if !@skip || $skip[$#skip] > 0 },
+            qr/^\s*GENERATE\[((?:\\.|[^\\\]])+)\]\s*=\s*(.*)\s*$/
+            => sub { push @{$generate{$1}}, $2
+                         if !@skip || $skip[$#skip] > 0 },
+            qr/^\s*RENAME\[((?:\\.|[^\\\]])+)\]\s*=\s*(.*)\s*$/
+            => sub { push @{$renames{$1}}, tokenize($2)
+                         if !@skip || $skip[$#skip] > 0 },
+            qr/^\s*SHARED_NAME\[((?:\\.|[^\\\]])+)\]\s*=\s*(.*)\s*$/
+            => sub { push @{$sharednames{$1}}, tokenize($2)
+                         if !@skip || $skip[$#skip] > 0 },
+            qr/^\s*BEGINRAW\[((?:\\.|[^\\\]])+)\]\s*$/
+            => sub {
+                my $lineiterator = shift;
+                my $target_kind = $1;
+                while (defined $lineiterator->()) {
+                    s|\R$||;
+                    if (/^\s*ENDRAW\[((?:\\.|[^\\\]])+)\]\s*$/) {
+                        die "ENDRAW doesn't match BEGINRAW"
+                            if $1 ne $target_kind;
+                        last;
+                    }
+                    next if @skip && $skip[$#skip] <= 0;
+                    push @rawlines,  $_
+                        if ($target_kind eq $target{build_file}
+                            || $target_kind eq $target{build_file}."(".$builder_platform.")");
+                }
+            },
+            qr/^\s*(?:#.*)?$/ => sub { },
+            "OTHERWISE" => sub { die "Something wrong with this line:\n$_\nat $sourced/$f" },
+            "BEFORE" => sub {
+                if ($buildinfo_debug) {
+                    print STDERR "DEBUG: Parsing ",join(" ", @_),"\n";
+                    print STDERR "DEBUG: ... before parsing, skip stack is ",join(" ", map { int($_) } @skip),"\n";
+                }
+            },
+            "AFTER" => sub {
+                if ($buildinfo_debug) {
+                    print STDERR "DEBUG: .... after parsing, skip stack is ",join(" ", map { int($_) } @skip),"\n";
+                }
+            },
+            );
+        die "runaway IF?" if (@skip);
+
+        foreach (keys %renames) {
+            die "$_ renamed to more than one thing: "
+                ,join(" ", @{$renames{$_}}),"\n"
+                if scalar @{$renames{$_}} > 1;
+            my $dest = cleanfile($buildd, $_, $blddir);
+            my $to = cleanfile($buildd, $renames{$_}->[0], $blddir);
+            die "$dest renamed to more than one thing: "
+                ,$unified_info{rename}->{$dest}, $to
+                unless !defined($unified_info{rename}->{$dest})
+                or $unified_info{rename}->{$dest} eq $to;
+            $unified_info{rename}->{$dest} = $to;
+        }
+
+        foreach (@programs) {
+            my $program = cleanfile($buildd, $_, $blddir);
+            if ($unified_info{rename}->{$program}) {
+                $program = $unified_info{rename}->{$program};
+            }
+            $unified_info{programs}->{$program} = 1;
+        }
+
+        foreach (@programs_install) {
+            my $program = cleanfile($buildd, $_, $blddir);
+            if ($unified_info{rename}->{$program}) {
+                $program = $unified_info{rename}->{$program};
+            }
+            $unified_info{install}->{programs}->{$program} = 1;
+        }
+
+        foreach (@libraries) {
+            my $library = cleanfile($buildd, $_, $blddir);
+            if ($unified_info{rename}->{$library}) {
+                $library = $unified_info{rename}->{$library};
+            }
+            $unified_info{libraries}->{$library} = 1;
+        }
+
+        foreach (@libraries_install) {
+            my $library = cleanfile($buildd, $_, $blddir);
+            if ($unified_info{rename}->{$library}) {
+                $library = $unified_info{rename}->{$library};
+            }
+            $unified_info{install}->{libraries}->{$library} = 1;
+        }
+
+        die <<"EOF" if scalar @engines and !$config{dynamic_engines};
+ENGINES can only be used if configured with 'dynamic-engine'.
+This is usually a fault in a build.info file.
+EOF
+        foreach (@engines) {
+            my $library = cleanfile($buildd, $_, $blddir);
+            if ($unified_info{rename}->{$library}) {
+                $library = $unified_info{rename}->{$library};
+            }
+            $unified_info{engines}->{$library} = 1;
+        }
+
+        foreach (@engines_install) {
+            my $library = cleanfile($buildd, $_, $blddir);
+            if ($unified_info{rename}->{$library}) {
+                $library = $unified_info{rename}->{$library};
+            }
+            $unified_info{install}->{engines}->{$library} = 1;
+        }
+
+        foreach (@scripts) {
+            my $script = cleanfile($buildd, $_, $blddir);
+            if ($unified_info{rename}->{$script}) {
+                $script = $unified_info{rename}->{$script};
+            }
+            $unified_info{scripts}->{$script} = 1;
+        }
+
+        foreach (@scripts_install) {
+            my $script = cleanfile($buildd, $_, $blddir);
+            if ($unified_info{rename}->{$script}) {
+                $script = $unified_info{rename}->{$script};
+            }
+            $unified_info{install}->{scripts}->{$script} = 1;
+        }
+
+        foreach (@extra) {
+            my $extra = cleanfile($buildd, $_, $blddir);
+            $unified_info{extra}->{$extra} = 1;
+        }
+
+        foreach (@overrides) {
+            my $override = cleanfile($buildd, $_, $blddir);
+            $unified_info{overrides}->{$override} = 1;
+        }
+
+        push @{$unified_info{rawlines}}, @rawlines;
+
+        unless ($disabled{shared}) {
+            # Check sharednames.
+            foreach (keys %sharednames) {
+                my $dest = cleanfile($buildd, $_, $blddir);
+                if ($unified_info{rename}->{$dest}) {
+                    $dest = $unified_info{rename}->{$dest};
+                }
+                die "shared_name for $dest with multiple values: "
+                    ,join(" ", @{$sharednames{$_}}),"\n"
+                    if scalar @{$sharednames{$_}} > 1;
+                my $to = cleanfile($buildd, $sharednames{$_}->[0], $blddir);
+                die "shared_name found for a library $dest that isn't defined\n"
+                    unless $unified_info{libraries}->{$dest};
+                die "shared_name for $dest with multiple values: "
+                    ,$unified_info{sharednames}->{$dest}, ", ", $to
+                    unless !defined($unified_info{sharednames}->{$dest})
+                    or $unified_info{sharednames}->{$dest} eq $to;
+                $unified_info{sharednames}->{$dest} = $to;
+            }
+
+            # Additionally, we set up sharednames for libraries that don't
+            # have any, as themselves.  Only for libraries that aren't
+            # explicitly static.
+            foreach (grep !/\.a$/, keys %{$unified_info{libraries}}) {
+                if (!defined $unified_info{sharednames}->{$_}) {
+                    $unified_info{sharednames}->{$_} = $_
+                }
+            }
+
+            # Check that we haven't defined any library as both shared and
+            # explicitly static.  That is forbidden.
+            my @doubles = ();
+            foreach (grep /\.a$/, keys %{$unified_info{libraries}}) {
+                (my $l = $_) =~ s/\.a$//;
+                push @doubles, $l if defined $unified_info{sharednames}->{$l};
+            }
+            die "these libraries are both explicitly static and shared:\n  ",
+                join(" ", @doubles), "\n"
+                if @doubles;
+        }
+
+        foreach (keys %sources) {
+            my $dest = $_;
+            my $ddest = cleanfile($buildd, $_, $blddir);
+            if ($unified_info{rename}->{$ddest}) {
+                $ddest = $unified_info{rename}->{$ddest};
+            }
+            foreach (@{$sources{$dest}}) {
+                my $s = cleanfile($sourced, $_, $blddir);
+
+                # If it isn't in the source tree, we assume it's generated
+                # in the build tree
+                if ($s eq $src_configdata || ! -f $s || $generate{$_}) {
+                    $s = cleanfile($buildd, $_, $blddir);
+                }
+                # We recognise C++, C and asm files
+                if ($s =~ /\.(cc|cpp|c|s|S)$/) {
+                    my $o = $_;
+                    $o =~ s/\.[csS]$/.o/; # C and assembler
+                    $o =~ s/\.(cc|cpp)$/_cc.o/; # C++
+                    $o = cleanfile($buildd, $o, $blddir);
+                    $unified_info{sources}->{$ddest}->{$o} = 1;
+                    $unified_info{sources}->{$o}->{$s} = 1;
+                } elsif ($s =~ /\.rc$/) {
+                    # We also recognise resource files
+                    my $o = $_;
+                    $o =~ s/\.rc$/.res/; # Resource configuration
+                    my $o = cleanfile($buildd, $o, $blddir);
+                    $unified_info{sources}->{$ddest}->{$o} = 1;
+                    $unified_info{sources}->{$o}->{$s} = 1;
+                } else {
+                    $unified_info{sources}->{$ddest}->{$s} = 1;
+                }
+            }
+        }
+
+        foreach (keys %shared_sources) {
+            my $dest = $_;
+            my $ddest = cleanfile($buildd, $_, $blddir);
+            if ($unified_info{rename}->{$ddest}) {
+                $ddest = $unified_info{rename}->{$ddest};
+            }
+            foreach (@{$shared_sources{$dest}}) {
+                my $s = cleanfile($sourced, $_, $blddir);
+
+                # If it isn't in the source tree, we assume it's generated
+                # in the build tree
+                if ($s eq $src_configdata || ! -f $s || $generate{$_}) {
+                    $s = cleanfile($buildd, $_, $blddir);
+                }
+
+                if ($s =~ /\.(cc|cpp|c|s|S)$/) {
+                    # We recognise C++, C and asm files
+                    my $o = $_;
+                    $o =~ s/\.[csS]$/.o/; # C and assembler
+                    $o =~ s/\.(cc|cpp)$/_cc.o/; # C++
+                    $o = cleanfile($buildd, $o, $blddir);
+                    $unified_info{shared_sources}->{$ddest}->{$o} = 1;
+                    $unified_info{sources}->{$o}->{$s} = 1;
+                } elsif ($s =~ /\.rc$/) {
+                    # We also recognise resource files
+                    my $o = $_;
+                    $o =~ s/\.rc$/.res/; # Resource configuration
+                    my $o = cleanfile($buildd, $o, $blddir);
+                    $unified_info{shared_sources}->{$ddest}->{$o} = 1;
+                    $unified_info{sources}->{$o}->{$s} = 1;
+                } elsif ($s =~ /\.(def|map|opt)$/) {
+                    # We also recognise .def / .map / .opt files
+                    # We know they are generated files
+                    my $def = cleanfile($buildd, $s, $blddir);
+                    $unified_info{shared_sources}->{$ddest}->{$def} = 1;
+                } else {
+                    die "unrecognised source file type for shared library: $s\n";
+                }
+            }
+        }
+
+        foreach (keys %generate) {
+            my $dest = $_;
+            my $ddest = cleanfile($buildd, $_, $blddir);
+            if ($unified_info{rename}->{$ddest}) {
+                $ddest = $unified_info{rename}->{$ddest};
+            }
+            die "more than one generator for $dest: "
+                    ,join(" ", @{$generate{$_}}),"\n"
+                    if scalar @{$generate{$_}} > 1;
+            my @generator = split /\s+/, $generate{$dest}->[0];
+            $generator[0] = cleanfile($sourced, $generator[0], $blddir),
+            $unified_info{generate}->{$ddest} = [ @generator ];
+        }
+
+        foreach (keys %depends) {
+            my $dest = $_;
+            my $ddest = $dest eq "" ? "" : cleanfile($sourced, $_, $blddir);
+
+            # If the destination doesn't exist in source, it can only be
+            # a generated file in the build tree.
+            if ($ddest ne "" && ($ddest eq $src_configdata || ! -f $ddest)) {
+                $ddest = cleanfile($buildd, $_, $blddir);
+                if ($unified_info{rename}->{$ddest}) {
+                    $ddest = $unified_info{rename}->{$ddest};
+                }
+            }
+            foreach (@{$depends{$dest}}) {
+                my $d = cleanfile($sourced, $_, $blddir);
+
+                # If we know it's generated, or assume it is because we can't
+                # find it in the source tree, we set file we depend on to be
+                # in the build tree rather than the source tree, and assume
+                # and that there are lines to build it in a BEGINRAW..ENDRAW
+                # section or in the Makefile template.
+                if ($d eq $src_configdata
+                    || ! -f $d
+                    || (grep { $d eq $_ }
+                        map { cleanfile($srcdir, $_, $blddir) }
+                        grep { /\.h$/ } keys %{$unified_info{generate}})) {
+                    $d = cleanfile($buildd, $_, $blddir);
+                }
+                # Take note if the file to depend on is being renamed
+                # Take extra care with files ending with .a, they should
+                # be treated without that extension, and the extension
+                # should be added back after treatment.
+                $d =~ /(\.a)?$/;
+                my $e = $1 // "";
+                $d = $`;
+                if ($unified_info{rename}->{$d}) {
+                    $d = $unified_info{rename}->{$d};
+                }
+                $d .= $e;
+                $unified_info{depends}->{$ddest}->{$d} = 1;
+            }
+        }
+
+        foreach (keys %includes) {
+            my $dest = $_;
+            my $ddest = cleanfile($sourced, $_, $blddir);
+
+            # If the destination doesn't exist in source, it can only be
+            # a generated file in the build tree.
+            if ($ddest eq $src_configdata || ! -f $ddest) {
+                $ddest = cleanfile($buildd, $_, $blddir);
+                if ($unified_info{rename}->{$ddest}) {
+                    $ddest = $unified_info{rename}->{$ddest};
+                }
+            }
+            foreach (@{$includes{$dest}}) {
+                my $is = cleandir($sourced, $_, $blddir);
+                my $ib = cleandir($buildd, $_, $blddir);
+                push @{$unified_info{includes}->{$ddest}->{source}}, $is
+                    unless grep { $_ eq $is } @{$unified_info{includes}->{$ddest}->{source}};
+                push @{$unified_info{includes}->{$ddest}->{build}}, $ib
+                    unless grep { $_ eq $ib } @{$unified_info{includes}->{$ddest}->{build}};
+            }
+        }
+    }
+
+    my $ordinals_text = join(', ', sort keys %ordinals);
+    warn <<"EOF" if $ordinals_text;
+
+WARNING: ORDINALS were specified for $ordinals_text
+They are ignored and should be replaced with a combination of GENERATE,
+DEPEND and SHARED_SOURCE.
+EOF
+
+    # Massage the result
+
+    # If the user configured no-shared, we allow no shared sources
+    if ($disabled{shared}) {
+        foreach (keys %{$unified_info{shared_sources}}) {
+            foreach (keys %{$unified_info{shared_sources}->{$_}}) {
+                delete $unified_info{sources}->{$_};
+            }
+        }
+        $unified_info{shared_sources} = {};
+    }
+
+    # If we depend on a header file or a perl module, add an inclusion of
+    # its directory to allow smoothe inclusion
+    foreach my $dest (keys %{$unified_info{depends}}) {
+        next if $dest eq "";
+        foreach my $d (keys %{$unified_info{depends}->{$dest}}) {
+            next unless $d =~ /\.(h|pm)$/;
+            my $i = dirname($d);
+            my $spot =
+                $d eq "configdata.pm" || defined($unified_info{generate}->{$d})
+                ? 'build' : 'source';
+            push @{$unified_info{includes}->{$dest}->{$spot}}, $i
+                unless grep { $_ eq $i } @{$unified_info{includes}->{$dest}->{$spot}};
+        }
+    }
+
+    # Trickle down includes placed on libraries, engines and programs to
+    # their sources (i.e. object files)
+    foreach my $dest (keys %{$unified_info{engines}},
+                      keys %{$unified_info{libraries}},
+                      keys %{$unified_info{programs}}) {
+        foreach my $k (("source", "build")) {
+            next unless defined($unified_info{includes}->{$dest}->{$k});
+            my @incs = reverse @{$unified_info{includes}->{$dest}->{$k}};
+            foreach my $obj (grep /\.o$/,
+                             (keys %{$unified_info{sources}->{$dest} // {}},
+                              keys %{$unified_info{shared_sources}->{$dest} // {}})) {
+                foreach my $inc (@incs) {
+                    unshift @{$unified_info{includes}->{$obj}->{$k}}, $inc
+                        unless grep { $_ eq $inc } @{$unified_info{includes}->{$obj}->{$k}};
+                }
+            }
+        }
+        delete $unified_info{includes}->{$dest};
+    }
+
+    ### Make unified_info a bit more efficient
+    # One level structures
+    foreach (("programs", "libraries", "engines", "scripts", "extra", "overrides")) {
+        $unified_info{$_} = [ sort keys %{$unified_info{$_}} ];
+    }
+    # Two level structures
+    foreach my $l1 (("install", "sources", "shared_sources", "ldadd", "depends")) {
+        foreach my $l2 (sort keys %{$unified_info{$l1}}) {
+            $unified_info{$l1}->{$l2} =
+                [ sort keys %{$unified_info{$l1}->{$l2}} ];
+        }
+    }
+    # Includes
+    foreach my $dest (sort keys %{$unified_info{includes}}) {
+        if (defined($unified_info{includes}->{$dest}->{build})) {
+            my @source_includes = ();
+            @source_includes = ( @{$unified_info{includes}->{$dest}->{source}} )
+                if defined($unified_info{includes}->{$dest}->{source});
+            $unified_info{includes}->{$dest} =
+                [ @{$unified_info{includes}->{$dest}->{build}} ];
+            foreach my $inc (@source_includes) {
+                push @{$unified_info{includes}->{$dest}}, $inc
+                    unless grep { $_ eq $inc } @{$unified_info{includes}->{$dest}};
+            }
+        } else {
+            $unified_info{includes}->{$dest} =
+                [ @{$unified_info{includes}->{$dest}->{source}} ];
+        }
+    }
+
+    # For convenience collect information regarding directories where
+    # files are generated, those generated files and the end product
+    # they end up in where applicable.  Then, add build rules for those
+    # directories
+    my %loopinfo = ( "lib" => [ @{$unified_info{libraries}} ],
+                     "dso" => [ @{$unified_info{engines}} ],
+                     "bin" => [ @{$unified_info{programs}} ],
+                     "script" => [ @{$unified_info{scripts}} ] );
+    foreach my $type (keys %loopinfo) {
+        foreach my $product (@{$loopinfo{$type}}) {
+            my %dirs = ();
+            my $pd = dirname($product);
+
+            foreach (@{$unified_info{sources}->{$product} // []},
+                     @{$unified_info{shared_sources}->{$product} // []}) {
+                my $d = dirname($_);
+
+                # We don't want to create targets for source directories
+                # when building out of source
+                next if ($config{sourcedir} ne $config{builddir}
+                             && $d =~ m|^\Q$config{sourcedir}\E|);
+                # We already have a "test" target, and the current directory
+                # is just silly to make a target for
+                next if $d eq "test" || $d eq ".";
+
+                $dirs{$d} = 1;
+                push @{$unified_info{dirinfo}->{$d}->{deps}}, $_
+                    if $d ne $pd;
+            }
+            foreach (keys %dirs) {
+                push @{$unified_info{dirinfo}->{$_}->{products}->{$type}},
+                    $product;
+            }
+        }
+    }
+}
+
+# For the schemes that need it, we provide the old *_obj configs
+# from the *_asm_obj ones
+foreach (grep /_(asm|aux)_src$/, keys %target) {
+    my $src = $_;
+    (my $obj = $_) =~ s/_(asm|aux)_src$/_obj/;
+    $target{$obj} = $target{$src};
+    $target{$obj} =~ s/\.[csS]\b/.o/g; # C and assembler
+    $target{$obj} =~ s/\.(cc|cpp)\b/_cc.o/g; # C++
+}
+
+# Write down our configuration where it fits #########################
+
+print "Creating configdata.pm\n";
+open(OUT,">configdata.pm") || die "unable to create configdata.pm: $!\n";
+print OUT <<"EOF";
+#! $config{HASHBANGPERL}
+
+package configdata;
+
+use strict;
+use warnings;
+
+use Exporter;
+#use vars qw(\@ISA \@EXPORT);
+our \@ISA = qw(Exporter);
+our \@EXPORT = qw(\%config \%target \%disabled \%withargs \%unified_info \@disablables);
+
+EOF
+print OUT "our %config = (\n";
+foreach (sort keys %config) {
+    if (ref($config{$_}) eq "ARRAY") {
+	print OUT "  ", $_, " => [ ", join(", ",
+					   map { quotify("perl", $_) }
+					   @{$config{$_}}), " ],\n";
+    } elsif (ref($config{$_}) eq "HASH") {
+	print OUT "  ", $_, " => {";
+        if (scalar keys %{$config{$_}} > 0) {
+            print OUT "\n";
+            foreach my $key (sort keys %{$config{$_}}) {
+                print OUT "      ",
+                    join(" => ",
+                         quotify("perl", $key),
+                         defined $config{$_}->{$key}
+                             ? quotify("perl", $config{$_}->{$key})
+                             : "undef");
+                print OUT ",\n";
+            }
+            print OUT "  ";
+        }
+        print OUT "},\n";
+    } else {
+	print OUT "  ", $_, " => ", quotify("perl", $config{$_}), ",\n"
+    }
+}
+print OUT <<"EOF";
+);
+
+EOF
+print OUT "our %target = (\n";
+foreach (sort keys %target) {
+    if (ref($target{$_}) eq "ARRAY") {
+	print OUT "  ", $_, " => [ ", join(", ",
+					   map { quotify("perl", $_) }
+					   @{$target{$_}}), " ],\n";
+    } else {
+	print OUT "  ", $_, " => ", quotify("perl", $target{$_}), ",\n"
+    }
+}
+print OUT <<"EOF";
+);
+
+EOF
+print OUT "our \%available_protocols = (\n";
+print OUT "  tls => [ ", join(", ", map { quotify("perl", $_) } @tls), " ],\n";
+print OUT "  dtls => [ ", join(", ", map { quotify("perl", $_) } @dtls), " ],\n";
+print OUT <<"EOF";
+);
+
+EOF
+print OUT "our \@disablables = (\n";
+foreach (@disablables) {
+    print OUT "  ", quotify("perl", $_), ",\n";
+}
+print OUT <<"EOF";
+);
+
+EOF
+print OUT "our \%disabled = (\n";
+foreach (sort keys %disabled) {
+    print OUT "  ", quotify("perl", $_), " => ", quotify("perl", $disabled{$_}), ",\n";
+}
+print OUT <<"EOF";
+);
+
+EOF
+print OUT "our %withargs = (\n";
+foreach (sort keys %withargs) {
+    if (ref($withargs{$_}) eq "ARRAY") {
+	print OUT "  ", $_, " => [ ", join(", ",
+					   map { quotify("perl", $_) }
+					   @{$withargs{$_}}), " ],\n";
+    } else {
+	print OUT "  ", $_, " => ", quotify("perl", $withargs{$_}), ",\n"
+    }
+}
+print OUT <<"EOF";
+);
+
+EOF
+if ($builder eq "unified") {
+    my $recurse;
+    $recurse = sub {
+        my $indent = shift;
+        foreach (@_) {
+            if (ref $_ eq "ARRAY") {
+                print OUT " "x$indent, "[\n";
+                foreach (@$_) {
+                    $recurse->($indent + 4, $_);
+                }
+                print OUT " "x$indent, "],\n";
+            } elsif (ref $_ eq "HASH") {
+                my %h = %$_;
+                print OUT " "x$indent, "{\n";
+                foreach (sort keys %h) {
+                    if (ref $h{$_} eq "") {
+                        print OUT " "x($indent + 4), quotify("perl", $_), " => ", quotify("perl", $h{$_}), ",\n";
+                    } else {
+                        print OUT " "x($indent + 4), quotify("perl", $_), " =>\n";
+                        $recurse->($indent + 8, $h{$_});
+                    }
+                }
+                print OUT " "x$indent, "},\n";
+            } else {
+                print OUT " "x$indent, quotify("perl", $_), ",\n";
+            }
+        }
+    };
+    print OUT "our %unified_info = (\n";
+    foreach (sort keys %unified_info) {
+        if (ref $unified_info{$_} eq "") {
+            print OUT " "x4, quotify("perl", $_), " => ", quotify("perl", $unified_info{$_}), ",\n";
+        } else {
+            print OUT " "x4, quotify("perl", $_), " =>\n";
+            $recurse->(8, $unified_info{$_});
+        }
+    }
+    print OUT <<"EOF";
+);
+
+EOF
+}
+print OUT
+    "# The following data is only used when this files is use as a script\n";
+print OUT "my \@makevars = (\n";
+foreach (sort keys %user) {
+    print OUT "    '",$_,"',\n";
+}
+print OUT ");\n";
+print OUT "my \%disabled_info = (\n";
+foreach my $what (sort keys %disabled_info) {
+    print OUT "    '$what' => {\n";
+    foreach my $info (sort keys %{$disabled_info{$what}}) {
+        if (ref $disabled_info{$what}->{$info} eq 'ARRAY') {
+            print OUT "        $info => [ ",
+                join(', ', map { "'$_'" } @{$disabled_info{$what}->{$info}}),
+                " ],\n";
+        } else {
+            print OUT "        $info => '", $disabled_info{$what}->{$info},
+                "',\n";
+        }
+    }
+    print OUT "    },\n";
+}
+print OUT ");\n";
+print OUT 'my @user_crossable = qw( ', join (' ', @user_crossable), " );\n";
+print OUT << 'EOF';
+# If run directly, we can give some answers, and even reconfigure
+unless (caller) {
+    use Getopt::Long;
+    use File::Spec::Functions;
+    use File::Basename;
+    use Pod::Usage;
+
+    my $here = dirname($0);
+
+    my $dump = undef;
+    my $cmdline = undef;
+    my $options = undef;
+    my $target = undef;
+    my $envvars = undef;
+    my $makevars = undef;
+    my $buildparams = undef;
+    my $reconf = undef;
+    my $verbose = undef;
+    my $help = undef;
+    my $man = undef;
+    GetOptions('dump|d'                 => \$dump,
+               'command-line|c'         => \$cmdline,
+               'options|o'              => \$options,
+               'target|t'               => \$target,
+               'environment|e'          => \$envvars,
+               'make-variables|m'       => \$makevars,
+               'build-parameters|b'     => \$buildparams,
+               'reconfigure|reconf|r'   => \$reconf,
+               'verbose|v'              => \$verbose,
+               'help'                   => \$help,
+               'man'                    => \$man)
+        or die "Errors in command line arguments\n";
+
+    unless ($dump || $cmdline || $options || $target || $envvars || $makevars
+            || $buildparams || $reconf || $verbose || $help || $man) {
+        print STDERR <<"_____";
+You must give at least one option.
+For more information, do '$0 --help'
+_____
+        exit(2);
+    }
+
+    if ($help) {
+        pod2usage(-exitval => 0,
+                  -verbose => 1);
+    }
+    if ($man) {
+        pod2usage(-exitval => 0,
+                  -verbose => 2);
+    }
+    if ($dump || $cmdline) {
+        print "\nCommand line (with current working directory = $here):\n\n";
+        print '    ',join(' ',
+                          $config{PERL},
+                          catfile($config{sourcedir}, 'Configure'),
+                          @{$config{perlargv}}), "\n";
+        print "\nPerl information:\n\n";
+        print '    ',$config{perl_cmd},"\n";
+        print '    ',$config{perl_version},' for ',$config{perl_archname},"\n";
+    }
+    if ($dump || $options) {
+        my $longest = 0;
+        my $longest2 = 0;
+        foreach my $what (@disablables) {
+            $longest = length($what) if $longest < length($what);
+            $longest2 = length($disabled{$what})
+                if $disabled{$what} && $longest2 < length($disabled{$what});
+        }
+        print "\nEnabled features:\n\n";
+        foreach my $what (@disablables) {
+            print "    $what\n" unless $disabled{$what};
+        }
+        print "\nDisabled features:\n\n";
+        foreach my $what (@disablables) {
+            if ($disabled{$what}) {
+                print "    $what", ' ' x ($longest - length($what) + 1),
+                    "[$disabled{$what}]", ' ' x ($longest2 - length($disabled{$what}) + 1);
+                print $disabled_info{$what}->{macro}
+                    if $disabled_info{$what}->{macro};
+                print ' (skip ',
+                    join(', ', @{$disabled_info{$what}->{skipped}}),
+                    ')'
+                    if $disabled_info{$what}->{skipped};
+                print "\n";
+            }
+        }
+    }
+    if ($dump || $target) {
+        print "\nConfig target attributes:\n\n";
+        foreach (sort keys %target) {
+            next if $_ =~ m|^_| || $_ eq 'template';
+            my $quotify = sub {
+                map { (my $x = $_) =~ s|([\\\$\@"])|\\$1|g; "\"$x\""} @_;
+            };
+            print '    ', $_, ' => ';
+            if (ref($target{$_}) eq "ARRAY") {
+                print '[ ', join(', ', $quotify->(@{$target{$_}})), " ],\n";
+            } else {
+                print $quotify->($target{$_}), ",\n"
+            }
+        }
+    }
+    if ($dump || $envvars) {
+        print "\nRecorded environment:\n\n";
+        foreach (sort keys %{$config{perlenv}}) {
+            print '    ',$_,' = ',($config{perlenv}->{$_} || ''),"\n";
+        }
+    }
+    if ($dump || $makevars) {
+        print "\nMakevars:\n\n";
+        foreach my $var (@makevars) {
+            my $prefix = '';
+            $prefix = $config{CROSS_COMPILE}
+                if grep { $var eq $_ } @user_crossable;
+            $prefix //= '';
+            print '    ',$var,' ' x (16 - length $var),'= ',
+                (ref $config{$var} eq 'ARRAY'
+                 ? join(' ', @{$config{$var}})
+                 : $prefix.$config{$var}),
+                "\n"
+                if defined $config{$var};
+        }
+
+        my @buildfile = ($config{builddir}, $config{build_file});
+        unshift @buildfile, $here
+            unless file_name_is_absolute($config{builddir});
+        my $buildfile = canonpath(catdir(@buildfile));
+        print <<"_____";
+
+NOTE: These variables only represent the configuration view.  The build file
+template may have processed these variables further, please have a look at the
+build file for more exact data:
+    $buildfile
+_____
+    }
+    if ($dump || $buildparams) {
+        my @buildfile = ($config{builddir}, $config{build_file});
+        unshift @buildfile, $here
+            unless file_name_is_absolute($config{builddir});
+        print "\nbuild file:\n\n";
+        print "    ", canonpath(catfile(@buildfile)),"\n";
+
+        print "\nbuild file templates:\n\n";
+        foreach (@{$config{build_file_templates}}) {
+            my @tmpl = ($_);
+            unshift @tmpl, $here
+                unless file_name_is_absolute($config{sourcedir});
+            print '    ',canonpath(catfile(@tmpl)),"\n";
+        }
+    }
+    if ($reconf) {
+        if ($verbose) {
+            print 'Reconfiguring with: ', join(' ',@{$config{perlargv}}), "\n";
+	    foreach (sort keys %{$config{perlenv}}) {
+	        print '    ',$_,' = ',($config{perlenv}->{$_} || ""),"\n";
+	    }
+        }
+
+        chdir $here;
+        exec $^X,catfile($config{sourcedir}, 'Configure'),'reconf';
+    }
+}
+
+1;
+
+__END__
+
+=head1 NAME
+
+configdata.pm - configuration data for OpenSSL builds
+
+=head1 SYNOPSIS
+
+Interactive:
+
+  perl configdata.pm [options]
+
+As data bank module:
+
+  use configdata;
+
+=head1 DESCRIPTION
+
+This module can be used in two modes, interactively and as a module containing
+all the data recorded by OpenSSL's Configure script.
+
+When used interactively, simply run it as any perl script, with at least one
+option, and you will get the information you ask for.  See L</OPTIONS> below.
+
+When loaded as a module, you get a few databanks with useful information to
+perform build related tasks.  The databanks are:
+
+    %config             Configured things.
+    %target             The OpenSSL config target with all inheritances
+                        resolved.
+    %disabled           The features that are disabled.
+    @disablables        The list of features that can be disabled.
+    %withargs           All data given through --with-THING options.
+    %unified_info       All information that was computed from the build.info
+                        files.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<--help>
+
+Print a brief help message and exit.
+
+=item B<--man>
+
+Print the manual page and exit.
+
+=item B<--dump> | B<-d>
+
+Print all relevant configuration data.  This is equivalent to B<--command-line>
+B<--options> B<--target> B<--environment> B<--make-variables>
+B<--build-parameters>.
+
+=item B<--command-line> | B<-c>
+
+Print the current configuration command line.
+
+=item B<--options> | B<-o>
+
+Print the features, both enabled and disabled, and display defined macro and
+skipped directories where applicable.
+
+=item B<--target> | B<-t>
+
+Print the config attributes for this config target.
+
+=item B<--environment> | B<-e>
+
+Print the environment variables and their values at the time of configuration.
+
+=item B<--make-variables> | B<-m>
+
+Print the main make variables generated in the current configuration
+
+=item B<--build-parameters> | B<-b>
+
+Print the build parameters, i.e. build file and build file templates.
+
+=item B<--reconfigure> | B<--reconf> | B<-r>
+
+Redo the configuration.
+
+=item B<--verbose> | B<-v>
+
+Verbose output.
+
+=back
+
+=cut
+
+EOF
+close(OUT);
+if ($builder_platform eq 'unix') {
+    my $mode = (0755 & ~umask);
+    chmod $mode, 'configdata.pm'
+        or warn sprintf("WARNING: Couldn't change mode for 'configdata.pm' to 0%03o: %s\n",$mode,$!);
+}
+
+my %builders = (
+    unified => sub {
+        print 'Creating ',$target{build_file},"\n";
+        run_dofile(catfile($blddir, $target{build_file}),
+                   @{$config{build_file_templates}});
+    },
+    );
+
+$builders{$builder}->($builder_platform, @builder_opts);
+
+$SIG{__DIE__} = $orig_death_handler;
+
+print <<"EOF" if ($disabled{threads} eq "unavailable");
+
+The library could not be configured for supporting multi-threaded
+applications as the compiler options required on this system are not known.
+See file INSTALL for details if you need multi-threading.
+EOF
+
+print <<"EOF" if ($no_shared_warn);
+
+The options 'shared', 'pic' and 'dynamic-engine' aren't supported on this
+platform, so we will pretend you gave the option 'no-pic', which also disables
+'shared' and 'dynamic-engine'.  If you know how to implement shared libraries
+or position independent code, please let us know (but please first make sure
+you have tried with a current version of OpenSSL).
+EOF
+
+print <<"EOF";
+
+**********************************************************************
+***                                                                ***
+***   OpenSSL has been successfully configured                     ***
+***                                                                ***
+***   If you encounter a problem while building, please open an    ***
+***   issue on GitHub <https://github.com/openssl/openssl/issues>  ***
+***   and include the output from the following command:           ***
+***                                                                ***
+***       perl configdata.pm --dump                                ***
+***                                                                ***
+***   (If you are new to OpenSSL, you might want to consult the    ***
+***   'Troubleshooting' section in the INSTALL file first)         ***
+***                                                                ***
+**********************************************************************
+EOF
+
+exit(0);
+
+######################################################################
+#
+# Helpers and utility functions
+#
+
+# Death handler, to print a helpful message in case of failure #######
+#
+sub death_handler {
+    die @_ if $^S;              # To prevent the added message in eval blocks
+    my $build_file = $target{build_file} // "build file";
+    my @message = ( <<"_____", @_ );
+
+Failure!  $build_file wasn't produced.
+Please read INSTALL and associated NOTES files.  You may also have to look over
+your available compiler tool chain or change your configuration.
+
+_____
+
+    # Dying is terminal, so it's ok to reset the signal handler here.
+    $SIG{__DIE__} = $orig_death_handler;
+    die @message;
+}
+
+# Configuration file reading #########################################
+
+# Note: All of the helper functions are for lazy evaluation.  They all
+# return a CODE ref, which will return the intended value when evaluated.
+# Thus, whenever there's mention of a returned value, it's about that
+# intended value.
+
+# Helper function to implement conditional inheritance depending on the
+# value of $disabled{asm}.  Used in inherit_from values as follows:
+#
+#      inherit_from => [ "template", asm("asm_tmpl") ]
+#
+sub asm {
+    my @x = @_;
+    sub {
+	$disabled{asm} ? () : @x;
+    }
+}
+
+# Helper function to implement conditional value variants, with a default
+# plus additional values based on the value of $config{build_type}.
+# Arguments are given in hash table form:
+#
+#       picker(default => "Basic string: ",
+#              debug   => "debug",
+#              release => "release")
+#
+# When configuring with --debug, the resulting string will be
+# "Basic string: debug", and when not, it will be "Basic string: release"
+#
+# This can be used to create variants of sets of flags according to the
+# build type:
+#
+#       cflags => picker(default => "-Wall",
+#                        debug   => "-g -O0",
+#                        release => "-O3")
+#
+sub picker {
+    my %opts = @_;
+    return sub { add($opts{default} || (),
+                     $opts{$config{build_type}} || ())->(); }
+}
+
+# Helper function to combine several values of different types into one.
+# This is useful if you want to combine a string with the result of a
+# lazy function, such as:
+#
+#       cflags => combine("-Wall", sub { $disabled{zlib} ? () : "-DZLIB" })
+#
+sub combine {
+    my @stuff = @_;
+    return sub { add(@stuff)->(); }
+}
+
+# Helper function to implement conditional values depending on the value
+# of $disabled{threads}.  Can be used as follows:
+#
+#       cflags => combine("-Wall", threads("-pthread"))
+#
+sub threads {
+    my @flags = @_;
+    return sub { add($disabled{threads} ? () : @flags)->(); }
+}
+
+sub shared {
+    my @flags = @_;
+    return sub { add($disabled{shared} ? () : @flags)->(); }
+}
+
+our $add_called = 0;
+# Helper function to implement adding values to already existing configuration
+# values.  It handles elements that are ARRAYs, CODEs and scalars
+sub _add {
+    my $separator = shift;
+
+    # If there's any ARRAY in the collection of values OR the separator
+    # is undef, we will return an ARRAY of combined values, otherwise a
+    # string of joined values with $separator as the separator.
+    my $found_array = !defined($separator);
+
+    my @values =
+	map {
+	    my $res = $_;
+	    while (ref($res) eq "CODE") {
+		$res = $res->();
+	    }
+	    if (defined($res)) {
+		if (ref($res) eq "ARRAY") {
+		    $found_array = 1;
+		    @$res;
+		} else {
+		    $res;
+		}
+	    } else {
+		();
+	    }
+    } (@_);
+
+    $add_called = 1;
+
+    if ($found_array) {
+	[ @values ];
+    } else {
+	join($separator, grep { defined($_) && $_ ne "" } @values);
+    }
+}
+sub add_before {
+    my $separator = " ";
+    if (ref($_[$#_]) eq "HASH") {
+        my $opts = pop;
+        $separator = $opts->{separator};
+    }
+    my @x = @_;
+    sub { _add($separator, @x, @_) };
+}
+sub add {
+    my $separator = " ";
+    if (ref($_[$#_]) eq "HASH") {
+        my $opts = pop;
+        $separator = $opts->{separator};
+    }
+    my @x = @_;
+    sub { _add($separator, @_, @x) };
+}
+
+sub read_eval_file {
+    my $fname = shift;
+    my $content;
+    my @result;
+
+    open F, "< $fname" or die "Can't open '$fname': $!\n";
+    {
+        undef local $/;
+        $content = <F>;
+    }
+    close F;
+    {
+        local $@;
+
+        @result = ( eval $content );
+        warn $@ if $@;
+    }
+    return wantarray ? @result : $result[0];
+}
+
+# configuration reader, evaluates the input file as a perl script and expects
+# it to fill %targets with target configurations.  Those are then added to
+# %table.
+sub read_config {
+    my $fname = shift;
+    my %targets;
+
+    {
+	# Protect certain tables from tampering
+	local %table = ();
+
+	%targets = read_eval_file($fname);
+    }
+    my %preexisting = ();
+    foreach (sort keys %targets) {
+        $preexisting{$_} = 1 if $table{$_};
+    }
+    die <<"EOF",
+The following config targets from $fname
+shadow pre-existing config targets with the same name:
+EOF
+        map { "  $_\n" } sort keys %preexisting
+        if %preexisting;
+
+
+    # For each target, check that it's configured with a hash table.
+    foreach (keys %targets) {
+	if (ref($targets{$_}) ne "HASH") {
+	    if (ref($targets{$_}) eq "") {
+		warn "Deprecated target configuration for $_, ignoring...\n";
+	    } else {
+		warn "Misconfigured target configuration for $_ (should be a hash table), ignoring...\n";
+	    }
+	    delete $targets{$_};
+	} else {
+            $targets{$_}->{_conf_fname_int} = add([ $fname ]);
+        }
+    }
+
+    %table = (%table, %targets);
+
+}
+
+# configuration resolver.  Will only resolve all the lazy evaluation
+# codeblocks for the chosen target and all those it inherits from,
+# recursively
+sub resolve_config {
+    my $target = shift;
+    my @breadcrumbs = @_;
+
+#    my $extra_checks = defined($ENV{CONFIGURE_EXTRA_CHECKS});
+
+    if (grep { $_ eq $target } @breadcrumbs) {
+	die "inherit_from loop!  target backtrace:\n  "
+	    ,$target,"\n  ",join("\n  ", @breadcrumbs),"\n";
+    }
+
+    if (!defined($table{$target})) {
+	warn "Warning! target $target doesn't exist!\n";
+	return ();
+    }
+    # Recurse through all inheritances.  They will be resolved on the
+    # fly, so when this operation is done, they will all just be a
+    # bunch of attributes with string values.
+    # What we get here, though, are keys with references to lists of
+    # the combined values of them all.  We will deal with lists after
+    # this stage is done.
+    my %combined_inheritance = ();
+    if ($table{$target}->{inherit_from}) {
+	my @inherit_from =
+	    map { ref($_) eq "CODE" ? $_->() : $_ } @{$table{$target}->{inherit_from}};
+	foreach (@inherit_from) {
+	    my %inherited_config = resolve_config($_, $target, @breadcrumbs);
+
+	    # 'template' is a marker that's considered private to
+	    # the config that had it.
+	    delete $inherited_config{template};
+
+	    foreach (keys %inherited_config) {
+		if (!$combined_inheritance{$_}) {
+		    $combined_inheritance{$_} = [];
+		}
+		push @{$combined_inheritance{$_}}, $inherited_config{$_};
+	    }
+	}
+    }
+
+    # We won't need inherit_from in this target any more, since we've
+    # resolved all the inheritances that lead to this
+    delete $table{$target}->{inherit_from};
+
+    # Now is the time to deal with those lists.  Here's the place to
+    # decide what shall be done with those lists, all based on the
+    # values of the target we're currently dealing with.
+    # - If a value is a coderef, it will be executed with the list of
+    #   inherited values as arguments.
+    # - If the corresponding key doesn't have a value at all or is the
+    #   empty string, the inherited value list will be run through the
+    #   default combiner (below), and the result becomes this target's
+    #   value.
+    # - Otherwise, this target's value is assumed to be a string that
+    #   will simply override the inherited list of values.
+    my $default_combiner = add();
+
+    my %all_keys =
+	map { $_ => 1 } (keys %combined_inheritance,
+			 keys %{$table{$target}});
+
+    sub process_values {
+	my $object    = shift;
+	my $inherited = shift;  # Always a [ list ]
+	my $target    = shift;
+	my $entry     = shift;
+
+        $add_called = 0;
+
+        while(ref($object) eq "CODE") {
+            $object = $object->(@$inherited);
+        }
+        if (!defined($object)) {
+            return ();
+        }
+        elsif (ref($object) eq "ARRAY") {
+            local $add_called;  # To make sure recursive calls don't affect it
+            return [ map { process_values($_, $inherited, $target, $entry) }
+                     @$object ];
+        } elsif (ref($object) eq "") {
+            return $object;
+        } else {
+            die "cannot handle reference type ",ref($object)
+                ," found in target ",$target," -> ",$entry,"\n";
+        }
+    }
+
+    foreach (sort keys %all_keys) {
+        my $previous = $combined_inheritance{$_};
+
+	# Current target doesn't have a value for the current key?
+	# Assign it the default combiner, the rest of this loop body
+	# will handle it just like any other coderef.
+	if (!exists $table{$target}->{$_}) {
+	    $table{$target}->{$_} = $default_combiner;
+	}
+
+	$table{$target}->{$_} = process_values($table{$target}->{$_},
+					       $combined_inheritance{$_},
+					       $target, $_);
+        unless(defined($table{$target}->{$_})) {
+            delete $table{$target}->{$_};
+        }
+#        if ($extra_checks &&
+#            $previous && !($add_called ||  $previous ~~ $table{$target}->{$_})) {
+#            warn "$_ got replaced in $target\n";
+#        }
+    }
+
+    # Finally done, return the result.
+    return %{$table{$target}};
+}
+
+sub usage
+	{
+	print STDERR $usage;
+	print STDERR "\npick os/compiler from:\n";
+	my $j=0;
+	my $i;
+        my $k=0;
+	foreach $i (sort keys %table)
+		{
+		next if $table{$i}->{template};
+		next if $i =~ /^debug/;
+		$k += length($i) + 1;
+		if ($k > 78)
+			{
+			print STDERR "\n";
+			$k=length($i);
+			}
+		print STDERR $i . " ";
+		}
+	foreach $i (sort keys %table)
+		{
+		next if $table{$i}->{template};
+		next if $i !~ /^debug/;
+		$k += length($i) + 1;
+		if ($k > 78)
+			{
+			print STDERR "\n";
+			$k=length($i);
+			}
+		print STDERR $i . " ";
+		}
+	print STDERR "\n\nNOTE: If in doubt, on Unix-ish systems use './config'.\n";
+	exit(1);
+	}
+
+sub run_dofile
+{
+    my $out = shift;
+    my @templates = @_;
+
+    unlink $out || warn "Can't remove $out, $!"
+        if -f $out;
+    foreach (@templates) {
+        die "Can't open $_, $!" unless -f $_;
+    }
+    my $perlcmd = (quotify("maybeshell", $config{PERL}))[0];
+    my $cmd = "$perlcmd \"-I.\" \"-Mconfigdata\" \"$dofile\" -o\"Configure\" \"".join("\" \"",@templates)."\" > \"$out.new\"";
+    #print STDERR "DEBUG[run_dofile]: \$cmd = $cmd\n";
+    system($cmd);
+    exit 1 if $? != 0;
+    rename("$out.new", $out) || die "Can't rename $out.new, $!";
+}
+
+sub compiler_predefined {
+    state %predefined;
+    my $cc = shift;
+
+    return () if $^O eq 'VMS';
+
+    die 'compiler_predefined called without a compiler command'
+        unless $cc;
+
+    if (! $predefined{$cc}) {
+
+        $predefined{$cc} = {};
+
+        # collect compiler pre-defines from gcc or gcc-alike...
+        open(PIPE, "$cc -dM -E -x c /dev/null 2>&1 |");
+        while (my $l = <PIPE>) {
+            $l =~ m/^#define\s+(\w+(?:\(\w+\))?)(?:\s+(.+))?/ or last;
+            $predefined{$cc}->{$1} = $2 // '';
+        }
+        close(PIPE);
+    }
+
+    return %{$predefined{$cc}};
+}
+
+sub which
+{
+    my ($name)=@_;
+
+    if (eval { require IPC::Cmd; 1; }) {
+        IPC::Cmd->import();
+        return scalar IPC::Cmd::can_run($name);
+    } else {
+        # if there is $directories component in splitpath,
+        # then it's not something to test with $PATH...
+        return $name if (File::Spec->splitpath($name))[1];
+
+        foreach (File::Spec->path()) {
+            my $fullpath = catfile($_, "$name$target{exe_extension}");
+            if (-f $fullpath and -x $fullpath) {
+                return $fullpath;
+            }
+        }
+    }
+}
+
+sub env
+{
+    my $name = shift;
+    my %opts = @_;
+
+    unless ($opts{cacheonly}) {
+        # Note that if $ENV{$name} doesn't exist or is undefined,
+        # $config{perlenv}->{$name} will be created with the value
+        # undef.  This is intentional.
+
+        $config{perlenv}->{$name} = $ENV{$name}
+            if ! exists $config{perlenv}->{$name};
+    }
+    return $config{perlenv}->{$name};
+}
+
+# Configuration printer ##############################################
+
+sub print_table_entry
+{
+    local $now_printing = shift;
+    my %target = resolve_config($now_printing);
+    my $type = shift;
+
+    # Don't print the templates
+    return if $target{template};
+
+    my @sequence = (
+	"sys_id",
+	"cpp",
+	"cppflags",
+	"defines",
+	"includes",
+	"cc",
+	"cflags",
+	"unistd",
+	"ld",
+	"lflags",
+	"loutflag",
+	"ex_libs",
+	"bn_ops",
+	"apps_aux_src",
+	"cpuid_asm_src",
+	"uplink_aux_src",
+	"bn_asm_src",
+	"ec_asm_src",
+	"des_asm_src",
+	"aes_asm_src",
+	"bf_asm_src",
+	"md5_asm_src",
+	"cast_asm_src",
+	"sha1_asm_src",
+	"rc4_asm_src",
+	"rmd160_asm_src",
+	"rc5_asm_src",
+	"wp_asm_src",
+	"cmll_asm_src",
+	"modes_asm_src",
+	"padlock_asm_src",
+	"chacha_asm_src",
+	"poly1035_asm_src",
+	"thread_scheme",
+	"perlasm_scheme",
+	"dso_scheme",
+	"shared_target",
+	"shared_cflag",
+	"shared_defines",
+	"shared_ldflag",
+	"shared_rcflag",
+	"shared_extension",
+	"dso_extension",
+	"obj_extension",
+	"exe_extension",
+	"ranlib",
+	"ar",
+	"arflags",
+	"aroutflag",
+	"rc",
+	"rcflags",
+	"rcoutflag",
+	"mt",
+	"mtflags",
+	"mtinflag",
+	"mtoutflag",
+	"multilib",
+	"build_scheme",
+	);
+
+    if ($type eq "TABLE") {
+	print "\n";
+	print "*** $now_printing\n";
+        foreach (@sequence) {
+            if (ref($target{$_}) eq "ARRAY") {
+                printf "\$%-12s = %s\n", $_, join(" ", @{$target{$_}});
+            } else {
+                printf "\$%-12s = %s\n", $_, $target{$_};
+            }
+        }
+    } elsif ($type eq "HASH") {
+	my $largest =
+	    length((sort { length($a) <=> length($b) } @sequence)[-1]);
+	print "    '$now_printing' => {\n";
+	foreach (@sequence) {
+	    if ($target{$_}) {
+                if (ref($target{$_}) eq "ARRAY") {
+                    print "      '",$_,"'"," " x ($largest - length($_))," => [ ",join(", ", map { "'$_'" } @{$target{$_}})," ],\n";
+                } else {
+                    print "      '",$_,"'"," " x ($largest - length($_))," => '",$target{$_},"',\n";
+                }
+	    }
+	}
+	print "    },\n";
+    }
+}
+
+# Utility routines ###################################################
+
+# On VMS, if the given file is a logical name, File::Spec::Functions
+# will consider it an absolute path.  There are cases when we want a
+# purely syntactic check without checking the environment.
+sub isabsolute {
+    my $file = shift;
+
+    # On non-platforms, we just use file_name_is_absolute().
+    return file_name_is_absolute($file) unless $^O eq "VMS";
+
+    # If the file spec includes a device or a directory spec,
+    # file_name_is_absolute() is perfectly safe.
+    return file_name_is_absolute($file) if $file =~ m|[:\[]|;
+
+    # Here, we know the given file spec isn't absolute
+    return 0;
+}
+
+# Makes a directory absolute and cleans out /../ in paths like foo/../bar
+# On some platforms, this uses rel2abs(), while on others, realpath() is used.
+# realpath() requires that at least all path components except the last is an
+# existing directory.  On VMS, the last component of the directory spec must
+# exist.
+sub absolutedir {
+    my $dir = shift;
+
+    # realpath() is quite buggy on VMS.  It uses LIB$FID_TO_NAME, which
+    # will return the volume name for the device, no matter what.  Also,
+    # it will return an incorrect directory spec if the argument is a
+    # directory that doesn't exist.
+    if ($^O eq "VMS") {
+        return rel2abs($dir);
+    }
+
+    # We use realpath() on Unix, since no other will properly clean out
+    # a directory spec.
+    use Cwd qw/realpath/;
+
+    return realpath($dir);
+}
+
+sub quotify {
+    my %processors = (
+	perl    => sub { my $x = shift;
+			 $x =~ s/([\\\$\@"])/\\$1/g;
+			 return '"'.$x.'"'; },
+	maybeshell => sub { my $x = shift;
+			    (my $y = $x) =~ s/([\\\"])/\\$1/g;
+			    if ($x ne $y || $x =~ m|\s|) {
+				return '"'.$y.'"';
+			    } else {
+				return $x;
+			    }
+			},
+	);
+    my $for = shift;
+    my $processor =
+	defined($processors{$for}) ? $processors{$for} : sub { shift; };
+
+    return map { $processor->($_); } @_;
+}
+
+# collect_from_file($filename, $line_concat_cond_re, $line_concat)
+# $filename is a file name to read from
+# $line_concat_cond_re is a regexp detecting a line continuation ending
+# $line_concat is a CODEref that takes care of concatenating two lines
+sub collect_from_file {
+    my $filename = shift;
+    my $line_concat_cond_re = shift;
+    my $line_concat = shift;
+
+    open my $fh, $filename || die "unable to read $filename: $!\n";
+    return sub {
+        my $saved_line = "";
+        $_ = "";
+        while (<$fh>) {
+            s|\R$||;
+            if (defined $line_concat) {
+                $_ = $line_concat->($saved_line, $_);
+                $saved_line = "";
+            }
+            if (defined $line_concat_cond_re && /$line_concat_cond_re/) {
+                $saved_line = $_;
+                next;
+            }
+            return $_;
+        }
+        die "$filename ending with continuation line\n" if $_;
+        close $fh;
+        return undef;
+    }
+}
+
+# collect_from_array($array, $line_concat_cond_re, $line_concat)
+# $array is an ARRAYref of lines
+# $line_concat_cond_re is a regexp detecting a line continuation ending
+# $line_concat is a CODEref that takes care of concatenating two lines
+sub collect_from_array {
+    my $array = shift;
+    my $line_concat_cond_re = shift;
+    my $line_concat = shift;
+    my @array = (@$array);
+
+    return sub {
+        my $saved_line = "";
+        $_ = "";
+        while (defined($_ = shift @array)) {
+            s|\R$||;
+            if (defined $line_concat) {
+                $_ = $line_concat->($saved_line, $_);
+                $saved_line = "";
+            }
+            if (defined $line_concat_cond_re && /$line_concat_cond_re/) {
+                $saved_line = $_;
+                next;
+            }
+            return $_;
+        }
+        die "input text ending with continuation line\n" if $_;
+        return undef;
+    }
+}
+
+# collect_information($lineiterator, $line_continue, $regexp => $CODEref, ...)
+# $lineiterator is a CODEref that delivers one line at a time.
+# All following arguments are regex/CODEref pairs, where the regexp detects a
+# line and the CODEref does something with the result of the regexp.
+sub collect_information {
+    my $lineiterator = shift;
+    my %collectors = @_;
+
+    while(defined($_ = $lineiterator->())) {
+        s|\R$||;
+        my $found = 0;
+        if ($collectors{"BEFORE"}) {
+            $collectors{"BEFORE"}->($_);
+        }
+        foreach my $re (keys %collectors) {
+            if ($re !~ /^OTHERWISE|BEFORE|AFTER$/ && /$re/) {
+                $collectors{$re}->($lineiterator);
+                $found = 1;
+            };
+        }
+        if ($collectors{"OTHERWISE"}) {
+            $collectors{"OTHERWISE"}->($lineiterator, $_)
+                unless $found || !defined $collectors{"OTHERWISE"};
+        }
+        if ($collectors{"AFTER"}) {
+            $collectors{"AFTER"}->($_);
+        }
+    }
+}
+
+# tokenize($line)
+# $line is a line of text to split up into tokens
+# returns a list of tokens
+#
+# Tokens are divided by spaces.  If the tokens include spaces, they
+# have to be quoted with single or double quotes.  Double quotes
+# inside a double quoted token must be escaped.  Escaping is done
+# with backslash.
+# Basically, the same quoting rules apply for " and ' as in any
+# Unix shell.
+sub tokenize {
+    my $line = my $debug_line = shift;
+    my @result = ();
+
+    while ($line =~ s|^\s+||, $line ne "") {
+        my $token = "";
+        while ($line ne "" && $line !~ m|^\s|) {
+            if ($line =~ m/^"((?:[^"\\]+|\\.)*)"/) {
+                $token .= $1;
+                $line = $';
+            } elsif ($line =~ m/^'([^']*)'/) {
+                $token .= $1;
+                $line = $';
+            } elsif ($line =~ m/^(\S+)/) {
+                $token .= $1;
+                $line = $';
+            }
+        }
+        push @result, $token;
+    }
+
+    if ($ENV{CONFIGURE_DEBUG_TOKENIZE}) {
+	print STDERR "DEBUG[tokenize]: Parsed '$debug_line' into:\n";
+	print STDERR "DEBUG[tokenize]: ('", join("', '", @result), "')\n";
+    }
+    return @result;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/LICENSE b/trunk/3rdparty/openssl-1.1-fit/LICENSE
new file mode 100644
index 000000000..9601ab435
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/LICENSE
@@ -0,0 +1,125 @@
+
+  LICENSE ISSUES
+  ==============
+
+  The OpenSSL toolkit stays under a double license, i.e. both the conditions of
+  the OpenSSL License and the original SSLeay license apply to the toolkit.
+  See below for the actual license texts.
+
+  OpenSSL License
+  ---------------
+
+/* ====================================================================
+ * Copyright (c) 1998-2019 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+ Original SSLeay License
+ -----------------------
+
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/CA.pl.in b/trunk/3rdparty/openssl-1.1-fit/apps/CA.pl.in
new file mode 100644
index 000000000..db3cc3831
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/CA.pl.in
@@ -0,0 +1,214 @@
+#!{- $config{HASHBANGPERL} -}
+# Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# Wrapper around the ca to make it easier to use
+#
+# {- join("\n# ", @autowarntext) -}
+
+use strict;
+use warnings;
+
+my $openssl = "openssl";
+if(defined $ENV{'OPENSSL'}) {
+    $openssl = $ENV{'OPENSSL'};
+} else {
+    $ENV{'OPENSSL'} = $openssl;
+}
+
+my $verbose = 1;
+
+my $OPENSSL_CONFIG = $ENV{"OPENSSL_CONFIG"} || "";
+my $DAYS = "-days 365";
+my $CADAYS = "-days 1095";	# 3 years
+my $REQ = "$openssl req $OPENSSL_CONFIG";
+my $CA = "$openssl ca $OPENSSL_CONFIG";
+my $VERIFY = "$openssl verify";
+my $X509 = "$openssl x509";
+my $PKCS12 = "$openssl pkcs12";
+
+# default openssl.cnf file has setup as per the following
+my $CATOP = "./demoCA";
+my $CAKEY = "cakey.pem";
+my $CAREQ = "careq.pem";
+my $CACERT = "cacert.pem";
+my $CACRL = "crl.pem";
+my $DIRMODE = 0777;
+
+my $NEWKEY = "newkey.pem";
+my $NEWREQ = "newreq.pem";
+my $NEWCERT = "newcert.pem";
+my $NEWP12 = "newcert.p12";
+my $RET = 0;
+my $WHAT = shift @ARGV || "";
+my @OPENSSL_CMDS = ("req", "ca", "pkcs12", "x509", "verify");
+my %EXTRA = extra_args(\@ARGV, "-extra-");
+my $FILE;
+
+sub extra_args {
+    my ($args_ref, $arg_prefix) = @_;
+    my %eargs = map {
+	if ($_ < $#$args_ref) {
+	    my ($arg, $value) = splice(@$args_ref, $_, 2);
+	    $arg =~ s/$arg_prefix//;
+	    ($arg, $value);
+	} else {
+	    ();
+	}
+    } reverse grep($$args_ref[$_] =~ /$arg_prefix/, 0..$#$args_ref);
+    my %empty = map { ($_, "") } @OPENSSL_CMDS;
+    return (%empty, %eargs);
+}
+
+# See if reason for a CRL entry is valid; exit if not.
+sub crl_reason_ok
+{
+    my $r = shift;
+
+    if ($r eq 'unspecified' || $r eq 'keyCompromise'
+        || $r eq 'CACompromise' || $r eq 'affiliationChanged'
+        || $r eq 'superseded' || $r eq 'cessationOfOperation'
+        || $r eq 'certificateHold' || $r eq 'removeFromCRL') {
+        return 1;
+    }
+    print STDERR "Invalid CRL reason; must be one of:\n";
+    print STDERR "    unspecified, keyCompromise, CACompromise,\n";
+    print STDERR "    affiliationChanged, superseded, cessationOfOperation\n";
+    print STDERR "    certificateHold, removeFromCRL";
+    exit 1;
+}
+
+# Copy a PEM-format file; return like exit status (zero means ok)
+sub copy_pemfile
+{
+    my ($infile, $outfile, $bound) = @_;
+    my $found = 0;
+
+    open IN, $infile || die "Cannot open $infile, $!";
+    open OUT, ">$outfile" || die "Cannot write to $outfile, $!";
+    while (<IN>) {
+        $found = 1 if /^-----BEGIN.*$bound/;
+        print OUT $_ if $found;
+        $found = 2, last if /^-----END.*$bound/;
+    }
+    close IN;
+    close OUT;
+    return $found == 2 ? 0 : 1;
+}
+
+# Wrapper around system; useful for debugging.  Returns just the exit status
+sub run
+{
+    my $cmd = shift;
+    print "====\n$cmd\n" if $verbose;
+    my $status = system($cmd);
+    print "==> $status\n====\n" if $verbose;
+    return $status >> 8;
+}
+
+
+if ( $WHAT =~ /^(-\?|-h|-help)$/ ) {
+    print STDERR "usage: CA.pl -newcert | -newreq | -newreq-nodes | -xsign | -sign | -signCA | -signcert | -crl | -newca [-extra-cmd extra-params]\n";
+    print STDERR "       CA.pl -pkcs12 [-extra-pkcs12 extra-params] [certname]\n";
+    print STDERR "       CA.pl -verify [-extra-verify extra-params] certfile ...\n";
+    print STDERR "       CA.pl -revoke [-extra-ca extra-params] certfile [reason]\n";
+    exit 0;
+}
+if ($WHAT eq '-newcert' ) {
+    # create a certificate
+    $RET = run("$REQ -new -x509 -keyout $NEWKEY -out $NEWCERT $DAYS $EXTRA{req}");
+    print "Cert is in $NEWCERT, private key is in $NEWKEY\n" if $RET == 0;
+} elsif ($WHAT eq '-precert' ) {
+    # create a pre-certificate
+    $RET = run("$REQ -x509 -precert -keyout $NEWKEY -out $NEWCERT $DAYS");
+    print "Pre-cert is in $NEWCERT, private key is in $NEWKEY\n" if $RET == 0;
+} elsif ($WHAT =~ /^\-newreq(\-nodes)?$/ ) {
+    # create a certificate request
+    $RET = run("$REQ -new $1 -keyout $NEWKEY -out $NEWREQ $DAYS $EXTRA{req}");
+    print "Request is in $NEWREQ, private key is in $NEWKEY\n" if $RET == 0;
+} elsif ($WHAT eq '-newca' ) {
+    # create the directory hierarchy
+    mkdir ${CATOP}, $DIRMODE;
+    mkdir "${CATOP}/certs", $DIRMODE;
+    mkdir "${CATOP}/crl", $DIRMODE ;
+    mkdir "${CATOP}/newcerts", $DIRMODE;
+    mkdir "${CATOP}/private", $DIRMODE;
+    open OUT, ">${CATOP}/index.txt";
+    close OUT;
+    open OUT, ">${CATOP}/crlnumber";
+    print OUT "01\n";
+    close OUT;
+    # ask user for existing CA certificate
+    print "CA certificate filename (or enter to create)\n";
+    $FILE = "" unless defined($FILE = <STDIN>);
+    $FILE =~ s{\R$}{};
+    if ($FILE ne "") {
+        copy_pemfile($FILE,"${CATOP}/private/$CAKEY", "PRIVATE");
+        copy_pemfile($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
+    } else {
+        print "Making CA certificate ...\n";
+        $RET = run("$REQ -new -keyout"
+                . " ${CATOP}/private/$CAKEY"
+                . " -out ${CATOP}/$CAREQ $EXTRA{req}");
+        $RET = run("$CA -create_serial"
+                . " -out ${CATOP}/$CACERT $CADAYS -batch"
+                . " -keyfile ${CATOP}/private/$CAKEY -selfsign"
+                . " -extensions v3_ca $EXTRA{ca}"
+                . " -infiles ${CATOP}/$CAREQ") if $RET == 0;
+        print "CA certificate is in ${CATOP}/$CACERT\n" if $RET == 0;
+    }
+} elsif ($WHAT eq '-pkcs12' ) {
+    my $cname = $ARGV[0];
+    $cname = "My Certificate" unless defined $cname;
+    $RET = run("$PKCS12 -in $NEWCERT -inkey $NEWKEY"
+            . " -certfile ${CATOP}/$CACERT"
+            . " -out $NEWP12"
+            . " -export -name \"$cname\" $EXTRA{pkcs12}");
+    print "PKCS #12 file is in $NEWP12\n" if $RET == 0;
+} elsif ($WHAT eq '-xsign' ) {
+    $RET = run("$CA -policy policy_anything $EXTRA{ca} -infiles $NEWREQ");
+} elsif ($WHAT eq '-sign' ) {
+    $RET = run("$CA -policy policy_anything -out $NEWCERT $EXTRA{ca} -infiles $NEWREQ");
+    print "Signed certificate is in $NEWCERT\n" if $RET == 0;
+} elsif ($WHAT eq '-signCA' ) {
+    $RET = run("$CA -policy policy_anything -out $NEWCERT"
+            . " -extensions v3_ca $EXTRA{ca} -infiles $NEWREQ");
+    print "Signed CA certificate is in $NEWCERT\n" if $RET == 0;
+} elsif ($WHAT eq '-signcert' ) {
+    $RET = run("$X509 -x509toreq -in $NEWREQ -signkey $NEWREQ"
+            . " -out tmp.pem $EXTRA{x509}");
+    $RET = run("$CA -policy policy_anything -out $NEWCERT"
+            . "$EXTRA{ca} -infiles tmp.pem") if $RET == 0;
+    print "Signed certificate is in $NEWCERT\n" if $RET == 0;
+} elsif ($WHAT eq '-verify' ) {
+    my @files = @ARGV ? @ARGV : ( $NEWCERT );
+    my $file;
+    foreach $file (@files) {
+        my $status = run("$VERIFY \"-CAfile\" ${CATOP}/$CACERT $file $EXTRA{verify}");
+        $RET = $status if $status != 0;
+    }
+} elsif ($WHAT eq '-crl' ) {
+    $RET = run("$CA -gencrl -out ${CATOP}/crl/$CACRL $EXTRA{ca}");
+    print "Generated CRL is in ${CATOP}/crl/$CACRL\n" if $RET == 0;
+} elsif ($WHAT eq '-revoke' ) {
+    my $cname = $ARGV[0];
+    if (!defined $cname) {
+        print "Certificate filename is required; reason optional.\n";
+        exit 1;
+    }
+    my $reason = $ARGV[1];
+    $reason = " -crl_reason $reason"
+        if defined $reason && crl_reason_ok($reason);
+    $RET = run("$CA -revoke \"$cname\"" . $reason . $EXTRA{ca});
+} else {
+    print STDERR "Unknown arg \"$WHAT\"\n";
+    print STDERR "Use -help for help.\n";
+    exit 1;
+}
+
+exit $RET;
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/app_rand.c b/trunk/3rdparty/openssl-1.1-fit/apps/app_rand.c
new file mode 100644
index 000000000..2b0bbde03
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/app_rand.c
@@ -0,0 +1,93 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#include <openssl/conf.h>
+
+static char *save_rand_file;
+
+void app_RAND_load_conf(CONF *c, const char *section)
+{
+    const char *randfile = NCONF_get_string(c, section, "RANDFILE");
+
+    if (randfile == NULL) {
+        ERR_clear_error();
+        return;
+    }
+    if (RAND_load_file(randfile, -1) < 0) {
+        BIO_printf(bio_err, "Can't load %s into RNG\n", randfile);
+        ERR_print_errors(bio_err);
+    }
+    if (save_rand_file == NULL)
+        save_rand_file = OPENSSL_strdup(randfile);
+}
+
+static int loadfiles(char *name)
+{
+    char *p;
+    int last, ret = 1;
+
+    for ( ; ; ) {
+        last = 0;
+        for (p = name; *p != '\0' && *p != LIST_SEPARATOR_CHAR; p++)
+            continue;
+        if (*p == '\0')
+            last = 1;
+        *p = '\0';
+        if (RAND_load_file(name, -1) < 0) {
+            BIO_printf(bio_err, "Can't load %s into RNG\n", name);
+            ERR_print_errors(bio_err);
+            ret = 0;
+        }
+        if (last)
+            break;
+        name = p + 1;
+        if (*name == '\0')
+            break;
+    }
+    return ret;
+}
+
+void app_RAND_write(void)
+{
+    if (save_rand_file == NULL)
+        return;
+    if (RAND_write_file(save_rand_file) == -1) {
+        BIO_printf(bio_err, "Cannot write random bytes:\n");
+        ERR_print_errors(bio_err);
+    }
+    OPENSSL_free(save_rand_file);
+    save_rand_file =  NULL;
+}
+
+
+/*
+ * See comments in opt_verify for explanation of this.
+ */
+enum r_range { OPT_R_ENUM };
+
+int opt_rand(int opt)
+{
+    switch ((enum r_range)opt) {
+    case OPT_R__FIRST:
+    case OPT_R__LAST:
+        break;
+    case OPT_R_RAND:
+        return loadfiles(opt_arg());
+        break;
+    case OPT_R_WRITERAND:
+        OPENSSL_free(save_rand_file);
+        save_rand_file = OPENSSL_strdup(opt_arg());
+        break;
+    }
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/apps.c b/trunk/3rdparty/openssl-1.1-fit/apps/apps.c
new file mode 100644
index 000000000..36cb0b278
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/apps.c
@@ -0,0 +1,2752 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
+/*
+ * On VMS, you need to define this to get the declaration of fileno().  The
+ * value 2 is to make sure no function defined in POSIX-2 is left undefined.
+ */
+# define _POSIX_C_SOURCE 2
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#ifndef OPENSSL_NO_POSIX_IO
+# include <sys/stat.h>
+# include <fcntl.h>
+#endif
+#include <ctype.h>
+#include <errno.h>
+#include <openssl/err.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/pem.h>
+#include <openssl/pkcs12.h>
+#include <openssl/ui.h>
+#include <openssl/safestack.h>
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+#endif
+#include <openssl/bn.h>
+#include <openssl/ssl.h>
+#include "s_apps.h"
+#include "apps.h"
+
+#ifdef _WIN32
+static int WIN32_rename(const char *from, const char *to);
+# define rename(from,to) WIN32_rename((from),(to))
+#endif
+
+typedef struct {
+    const char *name;
+    unsigned long flag;
+    unsigned long mask;
+} NAME_EX_TBL;
+
+static UI_METHOD *ui_method = NULL;
+static const UI_METHOD *ui_fallback_method = NULL;
+
+static int set_table_opts(unsigned long *flags, const char *arg,
+                          const NAME_EX_TBL * in_tbl);
+static int set_multi_opts(unsigned long *flags, const char *arg,
+                          const NAME_EX_TBL * in_tbl);
+
+int app_init(long mesgwin);
+
+int chopup_args(ARGS *arg, char *buf)
+{
+    int quoted;
+    char c = '\0', *p = NULL;
+
+    arg->argc = 0;
+    if (arg->size == 0) {
+        arg->size = 20;
+        arg->argv = app_malloc(sizeof(*arg->argv) * arg->size, "argv space");
+    }
+
+    for (p = buf;;) {
+        /* Skip whitespace. */
+        while (*p && isspace(_UC(*p)))
+            p++;
+        if (!*p)
+            break;
+
+        /* The start of something good :-) */
+        if (arg->argc >= arg->size) {
+            char **tmp;
+            arg->size += 20;
+            tmp = OPENSSL_realloc(arg->argv, sizeof(*arg->argv) * arg->size);
+            if (tmp == NULL)
+                return 0;
+            arg->argv = tmp;
+        }
+        quoted = *p == '\'' || *p == '"';
+        if (quoted)
+            c = *p++;
+        arg->argv[arg->argc++] = p;
+
+        /* now look for the end of this */
+        if (quoted) {
+            while (*p && *p != c)
+                p++;
+            *p++ = '\0';
+        } else {
+            while (*p && !isspace(_UC(*p)))
+                p++;
+            if (*p)
+                *p++ = '\0';
+        }
+    }
+    arg->argv[arg->argc] = NULL;
+    return 1;
+}
+
+#ifndef APP_INIT
+int app_init(long mesgwin)
+{
+    return 1;
+}
+#endif
+
+int ctx_set_verify_locations(SSL_CTX *ctx, const char *CAfile,
+                             const char *CApath, int noCAfile, int noCApath)
+{
+    if (CAfile == NULL && CApath == NULL) {
+        if (!noCAfile && SSL_CTX_set_default_verify_file(ctx) <= 0)
+            return 0;
+        if (!noCApath && SSL_CTX_set_default_verify_dir(ctx) <= 0)
+            return 0;
+
+        return 1;
+    }
+    return SSL_CTX_load_verify_locations(ctx, CAfile, CApath);
+}
+
+#ifndef OPENSSL_NO_CT
+
+int ctx_set_ctlog_list_file(SSL_CTX *ctx, const char *path)
+{
+    if (path == NULL)
+        return SSL_CTX_set_default_ctlog_list_file(ctx);
+
+    return SSL_CTX_set_ctlog_list_file(ctx, path);
+}
+
+#endif
+
+static unsigned long nmflag = 0;
+static char nmflag_set = 0;
+
+int set_nameopt(const char *arg)
+{
+    int ret = set_name_ex(&nmflag, arg);
+
+    if (ret)
+        nmflag_set = 1;
+
+    return ret;
+}
+
+unsigned long get_nameopt(void)
+{
+    return (nmflag_set) ? nmflag : XN_FLAG_ONELINE;
+}
+
+int dump_cert_text(BIO *out, X509 *x)
+{
+    print_name(out, "subject=", X509_get_subject_name(x), get_nameopt());
+    BIO_puts(out, "\n");
+    print_name(out, "issuer=", X509_get_issuer_name(x), get_nameopt());
+    BIO_puts(out, "\n");
+
+    return 0;
+}
+
+static int ui_open(UI *ui)
+{
+    int (*opener)(UI *ui) = UI_method_get_opener(ui_fallback_method);
+
+    if (opener)
+        return opener(ui);
+    return 1;
+}
+
+static int ui_read(UI *ui, UI_STRING *uis)
+{
+    int (*reader)(UI *ui, UI_STRING *uis) = NULL;
+
+    if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
+        && UI_get0_user_data(ui)) {
+        switch (UI_get_string_type(uis)) {
+        case UIT_PROMPT:
+        case UIT_VERIFY:
+            {
+                const char *password =
+                    ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
+                if (password && password[0] != '\0') {
+                    UI_set_result(ui, uis, password);
+                    return 1;
+                }
+            }
+            break;
+        case UIT_NONE:
+        case UIT_BOOLEAN:
+        case UIT_INFO:
+        case UIT_ERROR:
+            break;
+        }
+    }
+
+    reader = UI_method_get_reader(ui_fallback_method);
+    if (reader)
+        return reader(ui, uis);
+    return 1;
+}
+
+static int ui_write(UI *ui, UI_STRING *uis)
+{
+    int (*writer)(UI *ui, UI_STRING *uis) = NULL;
+
+    if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
+        && UI_get0_user_data(ui)) {
+        switch (UI_get_string_type(uis)) {
+        case UIT_PROMPT:
+        case UIT_VERIFY:
+            {
+                const char *password =
+                    ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
+                if (password && password[0] != '\0')
+                    return 1;
+            }
+            break;
+        case UIT_NONE:
+        case UIT_BOOLEAN:
+        case UIT_INFO:
+        case UIT_ERROR:
+            break;
+        }
+    }
+
+    writer = UI_method_get_writer(ui_fallback_method);
+    if (writer)
+        return writer(ui, uis);
+    return 1;
+}
+
+static int ui_close(UI *ui)
+{
+    int (*closer)(UI *ui) = UI_method_get_closer(ui_fallback_method);
+
+    if (closer)
+        return closer(ui);
+    return 1;
+}
+
+int setup_ui_method(void)
+{
+    ui_fallback_method = UI_null();
+#ifndef OPENSSL_NO_UI_CONSOLE
+    ui_fallback_method = UI_OpenSSL();
+#endif
+    ui_method = UI_create_method("OpenSSL application user interface");
+    UI_method_set_opener(ui_method, ui_open);
+    UI_method_set_reader(ui_method, ui_read);
+    UI_method_set_writer(ui_method, ui_write);
+    UI_method_set_closer(ui_method, ui_close);
+    return 0;
+}
+
+void destroy_ui_method(void)
+{
+    if (ui_method) {
+        UI_destroy_method(ui_method);
+        ui_method = NULL;
+    }
+}
+
+const UI_METHOD *get_ui_method(void)
+{
+    return ui_method;
+}
+
+int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
+{
+    int res = 0;
+    UI *ui = NULL;
+    PW_CB_DATA *cb_data = (PW_CB_DATA *)cb_tmp;
+
+    ui = UI_new_method(ui_method);
+    if (ui) {
+        int ok = 0;
+        char *buff = NULL;
+        int ui_flags = 0;
+        const char *prompt_info = NULL;
+        char *prompt;
+
+        if (cb_data != NULL && cb_data->prompt_info != NULL)
+            prompt_info = cb_data->prompt_info;
+        prompt = UI_construct_prompt(ui, "pass phrase", prompt_info);
+        if (!prompt) {
+            BIO_printf(bio_err, "Out of memory\n");
+            UI_free(ui);
+            return 0;
+        }
+
+        ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD;
+        UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
+
+        /* We know that there is no previous user data to return to us */
+        (void)UI_add_user_data(ui, cb_data);
+
+        ok = UI_add_input_string(ui, prompt, ui_flags, buf,
+                                 PW_MIN_LENGTH, bufsiz - 1);
+
+        if (ok >= 0 && verify) {
+            buff = app_malloc(bufsiz, "password buffer");
+            ok = UI_add_verify_string(ui, prompt, ui_flags, buff,
+                                      PW_MIN_LENGTH, bufsiz - 1, buf);
+        }
+        if (ok >= 0)
+            do {
+                ok = UI_process(ui);
+            } while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
+
+        OPENSSL_clear_free(buff, (unsigned int)bufsiz);
+
+        if (ok >= 0)
+            res = strlen(buf);
+        if (ok == -1) {
+            BIO_printf(bio_err, "User interface error\n");
+            ERR_print_errors(bio_err);
+            OPENSSL_cleanse(buf, (unsigned int)bufsiz);
+            res = 0;
+        }
+        if (ok == -2) {
+            BIO_printf(bio_err, "aborted!\n");
+            OPENSSL_cleanse(buf, (unsigned int)bufsiz);
+            res = 0;
+        }
+        UI_free(ui);
+        OPENSSL_free(prompt);
+    }
+    return res;
+}
+
+static char *app_get_pass(const char *arg, int keepbio);
+
+int app_passwd(const char *arg1, const char *arg2, char **pass1, char **pass2)
+{
+    int same;
+    if (arg2 == NULL || arg1 == NULL || strcmp(arg1, arg2))
+        same = 0;
+    else
+        same = 1;
+    if (arg1 != NULL) {
+        *pass1 = app_get_pass(arg1, same);
+        if (*pass1 == NULL)
+            return 0;
+    } else if (pass1 != NULL) {
+        *pass1 = NULL;
+    }
+    if (arg2 != NULL) {
+        *pass2 = app_get_pass(arg2, same ? 2 : 0);
+        if (*pass2 == NULL)
+            return 0;
+    } else if (pass2 != NULL) {
+        *pass2 = NULL;
+    }
+    return 1;
+}
+
+static char *app_get_pass(const char *arg, int keepbio)
+{
+    char *tmp, tpass[APP_PASS_LEN];
+    static BIO *pwdbio = NULL;
+    int i;
+
+    if (strncmp(arg, "pass:", 5) == 0)
+        return OPENSSL_strdup(arg + 5);
+    if (strncmp(arg, "env:", 4) == 0) {
+        tmp = getenv(arg + 4);
+        if (tmp == NULL) {
+            BIO_printf(bio_err, "Can't read environment variable %s\n", arg + 4);
+            return NULL;
+        }
+        return OPENSSL_strdup(tmp);
+    }
+    if (!keepbio || pwdbio == NULL) {
+        if (strncmp(arg, "file:", 5) == 0) {
+            pwdbio = BIO_new_file(arg + 5, "r");
+            if (pwdbio == NULL) {
+                BIO_printf(bio_err, "Can't open file %s\n", arg + 5);
+                return NULL;
+            }
+#if !defined(_WIN32)
+            /*
+             * Under _WIN32, which covers even Win64 and CE, file
+             * descriptors referenced by BIO_s_fd are not inherited
+             * by child process and therefore below is not an option.
+             * It could have been an option if bss_fd.c was operating
+             * on real Windows descriptors, such as those obtained
+             * with CreateFile.
+             */
+        } else if (strncmp(arg, "fd:", 3) == 0) {
+            BIO *btmp;
+            i = atoi(arg + 3);
+            if (i >= 0)
+                pwdbio = BIO_new_fd(i, BIO_NOCLOSE);
+            if ((i < 0) || !pwdbio) {
+                BIO_printf(bio_err, "Can't access file descriptor %s\n", arg + 3);
+                return NULL;
+            }
+            /*
+             * Can't do BIO_gets on an fd BIO so add a buffering BIO
+             */
+            btmp = BIO_new(BIO_f_buffer());
+            pwdbio = BIO_push(btmp, pwdbio);
+#endif
+        } else if (strcmp(arg, "stdin") == 0) {
+            pwdbio = dup_bio_in(FORMAT_TEXT);
+            if (!pwdbio) {
+                BIO_printf(bio_err, "Can't open BIO for stdin\n");
+                return NULL;
+            }
+        } else {
+            BIO_printf(bio_err, "Invalid password argument \"%s\"\n", arg);
+            return NULL;
+        }
+    }
+    i = BIO_gets(pwdbio, tpass, APP_PASS_LEN);
+    if (keepbio != 1) {
+        BIO_free_all(pwdbio);
+        pwdbio = NULL;
+    }
+    if (i <= 0) {
+        BIO_printf(bio_err, "Error reading password from BIO\n");
+        return NULL;
+    }
+    tmp = strchr(tpass, '\n');
+    if (tmp != NULL)
+        *tmp = 0;
+    return OPENSSL_strdup(tpass);
+}
+
+CONF *app_load_config_bio(BIO *in, const char *filename)
+{
+    long errorline = -1;
+    CONF *conf;
+    int i;
+
+    conf = NCONF_new(NULL);
+    i = NCONF_load_bio(conf, in, &errorline);
+    if (i > 0)
+        return conf;
+
+    if (errorline <= 0) {
+        BIO_printf(bio_err, "%s: Can't load ", opt_getprog());
+    } else {
+        BIO_printf(bio_err, "%s: Error on line %ld of ", opt_getprog(),
+                   errorline);
+    }
+    if (filename != NULL)
+        BIO_printf(bio_err, "config file \"%s\"\n", filename);
+    else
+        BIO_printf(bio_err, "config input");
+
+    NCONF_free(conf);
+    return NULL;
+}
+
+CONF *app_load_config(const char *filename)
+{
+    BIO *in;
+    CONF *conf;
+
+    in = bio_open_default(filename, 'r', FORMAT_TEXT);
+    if (in == NULL)
+        return NULL;
+
+    conf = app_load_config_bio(in, filename);
+    BIO_free(in);
+    return conf;
+}
+
+CONF *app_load_config_quiet(const char *filename)
+{
+    BIO *in;
+    CONF *conf;
+
+    in = bio_open_default_quiet(filename, 'r', FORMAT_TEXT);
+    if (in == NULL)
+        return NULL;
+
+    conf = app_load_config_bio(in, filename);
+    BIO_free(in);
+    return conf;
+}
+
+int app_load_modules(const CONF *config)
+{
+    CONF *to_free = NULL;
+
+    if (config == NULL)
+        config = to_free = app_load_config_quiet(default_config_file);
+    if (config == NULL)
+        return 1;
+
+    if (CONF_modules_load(config, NULL, 0) <= 0) {
+        BIO_printf(bio_err, "Error configuring OpenSSL modules\n");
+        ERR_print_errors(bio_err);
+        NCONF_free(to_free);
+        return 0;
+    }
+    NCONF_free(to_free);
+    return 1;
+}
+
+int add_oid_section(CONF *conf)
+{
+    char *p;
+    STACK_OF(CONF_VALUE) *sktmp;
+    CONF_VALUE *cnf;
+    int i;
+
+    if ((p = NCONF_get_string(conf, NULL, "oid_section")) == NULL) {
+        ERR_clear_error();
+        return 1;
+    }
+    if ((sktmp = NCONF_get_section(conf, p)) == NULL) {
+        BIO_printf(bio_err, "problem loading oid section %s\n", p);
+        return 0;
+    }
+    for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
+        cnf = sk_CONF_VALUE_value(sktmp, i);
+        if (OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
+            BIO_printf(bio_err, "problem creating object %s=%s\n",
+                       cnf->name, cnf->value);
+            return 0;
+        }
+    }
+    return 1;
+}
+
+static int load_pkcs12(BIO *in, const char *desc,
+                       pem_password_cb *pem_cb, void *cb_data,
+                       EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
+{
+    const char *pass;
+    char tpass[PEM_BUFSIZE];
+    int len, ret = 0;
+    PKCS12 *p12;
+    p12 = d2i_PKCS12_bio(in, NULL);
+    if (p12 == NULL) {
+        BIO_printf(bio_err, "Error loading PKCS12 file for %s\n", desc);
+        goto die;
+    }
+    /* See if an empty password will do */
+    if (PKCS12_verify_mac(p12, "", 0) || PKCS12_verify_mac(p12, NULL, 0)) {
+        pass = "";
+    } else {
+        if (!pem_cb)
+            pem_cb = (pem_password_cb *)password_callback;
+        len = pem_cb(tpass, PEM_BUFSIZE, 0, cb_data);
+        if (len < 0) {
+            BIO_printf(bio_err, "Passphrase callback error for %s\n", desc);
+            goto die;
+        }
+        if (len < PEM_BUFSIZE)
+            tpass[len] = 0;
+        if (!PKCS12_verify_mac(p12, tpass, len)) {
+            BIO_printf(bio_err,
+                       "Mac verify error (wrong password?) in PKCS12 file for %s\n",
+                       desc);
+            goto die;
+        }
+        pass = tpass;
+    }
+    ret = PKCS12_parse(p12, pass, pkey, cert, ca);
+ die:
+    PKCS12_free(p12);
+    return ret;
+}
+
+#if !defined(OPENSSL_NO_OCSP) && !defined(OPENSSL_NO_SOCK)
+static int load_cert_crl_http(const char *url, X509 **pcert, X509_CRL **pcrl)
+{
+    char *host = NULL, *port = NULL, *path = NULL;
+    BIO *bio = NULL;
+    OCSP_REQ_CTX *rctx = NULL;
+    int use_ssl, rv = 0;
+    if (!OCSP_parse_url(url, &host, &port, &path, &use_ssl))
+        goto err;
+    if (use_ssl) {
+        BIO_puts(bio_err, "https not supported\n");
+        goto err;
+    }
+    bio = BIO_new_connect(host);
+    if (!bio || !BIO_set_conn_port(bio, port))
+        goto err;
+    rctx = OCSP_REQ_CTX_new(bio, 1024);
+    if (rctx == NULL)
+        goto err;
+    if (!OCSP_REQ_CTX_http(rctx, "GET", path))
+        goto err;
+    if (!OCSP_REQ_CTX_add1_header(rctx, "Host", host))
+        goto err;
+    if (pcert) {
+        do {
+            rv = X509_http_nbio(rctx, pcert);
+        } while (rv == -1);
+    } else {
+        do {
+            rv = X509_CRL_http_nbio(rctx, pcrl);
+        } while (rv == -1);
+    }
+
+ err:
+    OPENSSL_free(host);
+    OPENSSL_free(path);
+    OPENSSL_free(port);
+    BIO_free_all(bio);
+    OCSP_REQ_CTX_free(rctx);
+    if (rv != 1) {
+        BIO_printf(bio_err, "Error loading %s from %s\n",
+                   pcert ? "certificate" : "CRL", url);
+        ERR_print_errors(bio_err);
+    }
+    return rv;
+}
+#endif
+
+X509 *load_cert(const char *file, int format, const char *cert_descrip)
+{
+    X509 *x = NULL;
+    BIO *cert;
+
+    if (format == FORMAT_HTTP) {
+#if !defined(OPENSSL_NO_OCSP) && !defined(OPENSSL_NO_SOCK)
+        load_cert_crl_http(file, &x, NULL);
+#endif
+        return x;
+    }
+
+    if (file == NULL) {
+        unbuffer(stdin);
+        cert = dup_bio_in(format);
+    } else {
+        cert = bio_open_default(file, 'r', format);
+    }
+    if (cert == NULL)
+        goto end;
+
+    if (format == FORMAT_ASN1) {
+        x = d2i_X509_bio(cert, NULL);
+    } else if (format == FORMAT_PEM) {
+        x = PEM_read_bio_X509_AUX(cert, NULL,
+                                  (pem_password_cb *)password_callback, NULL);
+    } else if (format == FORMAT_PKCS12) {
+        if (!load_pkcs12(cert, cert_descrip, NULL, NULL, NULL, &x, NULL))
+            goto end;
+    } else {
+        BIO_printf(bio_err, "bad input format specified for %s\n", cert_descrip);
+        goto end;
+    }
+ end:
+    if (x == NULL) {
+        BIO_printf(bio_err, "unable to load certificate\n");
+        ERR_print_errors(bio_err);
+    }
+    BIO_free(cert);
+    return x;
+}
+
+X509_CRL *load_crl(const char *infile, int format)
+{
+    X509_CRL *x = NULL;
+    BIO *in = NULL;
+
+    if (format == FORMAT_HTTP) {
+#if !defined(OPENSSL_NO_OCSP) && !defined(OPENSSL_NO_SOCK)
+        load_cert_crl_http(infile, NULL, &x);
+#endif
+        return x;
+    }
+
+    in = bio_open_default(infile, 'r', format);
+    if (in == NULL)
+        goto end;
+    if (format == FORMAT_ASN1) {
+        x = d2i_X509_CRL_bio(in, NULL);
+    } else if (format == FORMAT_PEM) {
+        x = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
+    } else {
+        BIO_printf(bio_err, "bad input format specified for input crl\n");
+        goto end;
+    }
+    if (x == NULL) {
+        BIO_printf(bio_err, "unable to load CRL\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+ end:
+    BIO_free(in);
+    return x;
+}
+
+EVP_PKEY *load_key(const char *file, int format, int maybe_stdin,
+                   const char *pass, ENGINE *e, const char *key_descrip)
+{
+    BIO *key = NULL;
+    EVP_PKEY *pkey = NULL;
+    PW_CB_DATA cb_data;
+
+    cb_data.password = pass;
+    cb_data.prompt_info = file;
+
+    if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE)) {
+        BIO_printf(bio_err, "no keyfile specified\n");
+        goto end;
+    }
+    if (format == FORMAT_ENGINE) {
+        if (e == NULL) {
+            BIO_printf(bio_err, "no engine specified\n");
+        } else {
+#ifndef OPENSSL_NO_ENGINE
+            if (ENGINE_init(e)) {
+                pkey = ENGINE_load_private_key(e, file, ui_method, &cb_data);
+                ENGINE_finish(e);
+            }
+            if (pkey == NULL) {
+                BIO_printf(bio_err, "cannot load %s from engine\n", key_descrip);
+                ERR_print_errors(bio_err);
+            }
+#else
+            BIO_printf(bio_err, "engines not supported\n");
+#endif
+        }
+        goto end;
+    }
+    if (file == NULL && maybe_stdin) {
+        unbuffer(stdin);
+        key = dup_bio_in(format);
+    } else {
+        key = bio_open_default(file, 'r', format);
+    }
+    if (key == NULL)
+        goto end;
+    if (format == FORMAT_ASN1) {
+        pkey = d2i_PrivateKey_bio(key, NULL);
+    } else if (format == FORMAT_PEM) {
+        pkey = PEM_read_bio_PrivateKey(key, NULL,
+                                       (pem_password_cb *)password_callback,
+                                       &cb_data);
+    } else if (format == FORMAT_PKCS12) {
+        if (!load_pkcs12(key, key_descrip,
+                         (pem_password_cb *)password_callback, &cb_data,
+                         &pkey, NULL, NULL))
+            goto end;
+#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA) && !defined (OPENSSL_NO_RC4)
+    } else if (format == FORMAT_MSBLOB) {
+        pkey = b2i_PrivateKey_bio(key);
+    } else if (format == FORMAT_PVK) {
+        pkey = b2i_PVK_bio(key, (pem_password_cb *)password_callback,
+                           &cb_data);
+#endif
+    } else {
+        BIO_printf(bio_err, "bad input format specified for key file\n");
+        goto end;
+    }
+ end:
+    BIO_free(key);
+    if (pkey == NULL) {
+        BIO_printf(bio_err, "unable to load %s\n", key_descrip);
+        ERR_print_errors(bio_err);
+    }
+    return pkey;
+}
+
+EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin,
+                      const char *pass, ENGINE *e, const char *key_descrip)
+{
+    BIO *key = NULL;
+    EVP_PKEY *pkey = NULL;
+    PW_CB_DATA cb_data;
+
+    cb_data.password = pass;
+    cb_data.prompt_info = file;
+
+    if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE)) {
+        BIO_printf(bio_err, "no keyfile specified\n");
+        goto end;
+    }
+    if (format == FORMAT_ENGINE) {
+        if (e == NULL) {
+            BIO_printf(bio_err, "no engine specified\n");
+        } else {
+#ifndef OPENSSL_NO_ENGINE
+            pkey = ENGINE_load_public_key(e, file, ui_method, &cb_data);
+            if (pkey == NULL) {
+                BIO_printf(bio_err, "cannot load %s from engine\n", key_descrip);
+                ERR_print_errors(bio_err);
+            }
+#else
+            BIO_printf(bio_err, "engines not supported\n");
+#endif
+        }
+        goto end;
+    }
+    if (file == NULL && maybe_stdin) {
+        unbuffer(stdin);
+        key = dup_bio_in(format);
+    } else {
+        key = bio_open_default(file, 'r', format);
+    }
+    if (key == NULL)
+        goto end;
+    if (format == FORMAT_ASN1) {
+        pkey = d2i_PUBKEY_bio(key, NULL);
+    } else if (format == FORMAT_ASN1RSA) {
+#ifndef OPENSSL_NO_RSA
+        RSA *rsa;
+        rsa = d2i_RSAPublicKey_bio(key, NULL);
+        if (rsa) {
+            pkey = EVP_PKEY_new();
+            if (pkey != NULL)
+                EVP_PKEY_set1_RSA(pkey, rsa);
+            RSA_free(rsa);
+        } else
+#else
+        BIO_printf(bio_err, "RSA keys not supported\n");
+#endif
+            pkey = NULL;
+    } else if (format == FORMAT_PEMRSA) {
+#ifndef OPENSSL_NO_RSA
+        RSA *rsa;
+        rsa = PEM_read_bio_RSAPublicKey(key, NULL,
+                                        (pem_password_cb *)password_callback,
+                                        &cb_data);
+        if (rsa != NULL) {
+            pkey = EVP_PKEY_new();
+            if (pkey != NULL)
+                EVP_PKEY_set1_RSA(pkey, rsa);
+            RSA_free(rsa);
+        } else
+#else
+        BIO_printf(bio_err, "RSA keys not supported\n");
+#endif
+            pkey = NULL;
+    } else if (format == FORMAT_PEM) {
+        pkey = PEM_read_bio_PUBKEY(key, NULL,
+                                   (pem_password_cb *)password_callback,
+                                   &cb_data);
+#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
+    } else if (format == FORMAT_MSBLOB) {
+        pkey = b2i_PublicKey_bio(key);
+#endif
+    }
+ end:
+    BIO_free(key);
+    if (pkey == NULL)
+        BIO_printf(bio_err, "unable to load %s\n", key_descrip);
+    return pkey;
+}
+
+static int load_certs_crls(const char *file, int format,
+                           const char *pass, const char *desc,
+                           STACK_OF(X509) **pcerts,
+                           STACK_OF(X509_CRL) **pcrls)
+{
+    int i;
+    BIO *bio;
+    STACK_OF(X509_INFO) *xis = NULL;
+    X509_INFO *xi;
+    PW_CB_DATA cb_data;
+    int rv = 0;
+
+    cb_data.password = pass;
+    cb_data.prompt_info = file;
+
+    if (format != FORMAT_PEM) {
+        BIO_printf(bio_err, "bad input format specified for %s\n", desc);
+        return 0;
+    }
+
+    bio = bio_open_default(file, 'r', FORMAT_PEM);
+    if (bio == NULL)
+        return 0;
+
+    xis = PEM_X509_INFO_read_bio(bio, NULL,
+                                 (pem_password_cb *)password_callback,
+                                 &cb_data);
+
+    BIO_free(bio);
+
+    if (pcerts != NULL && *pcerts == NULL) {
+        *pcerts = sk_X509_new_null();
+        if (*pcerts == NULL)
+            goto end;
+    }
+
+    if (pcrls != NULL && *pcrls == NULL) {
+        *pcrls = sk_X509_CRL_new_null();
+        if (*pcrls == NULL)
+            goto end;
+    }
+
+    for (i = 0; i < sk_X509_INFO_num(xis); i++) {
+        xi = sk_X509_INFO_value(xis, i);
+        if (xi->x509 != NULL && pcerts != NULL) {
+            if (!sk_X509_push(*pcerts, xi->x509))
+                goto end;
+            xi->x509 = NULL;
+        }
+        if (xi->crl != NULL && pcrls != NULL) {
+            if (!sk_X509_CRL_push(*pcrls, xi->crl))
+                goto end;
+            xi->crl = NULL;
+        }
+    }
+
+    if (pcerts != NULL && sk_X509_num(*pcerts) > 0)
+        rv = 1;
+
+    if (pcrls != NULL && sk_X509_CRL_num(*pcrls) > 0)
+        rv = 1;
+
+ end:
+
+    sk_X509_INFO_pop_free(xis, X509_INFO_free);
+
+    if (rv == 0) {
+        if (pcerts != NULL) {
+            sk_X509_pop_free(*pcerts, X509_free);
+            *pcerts = NULL;
+        }
+        if (pcrls != NULL) {
+            sk_X509_CRL_pop_free(*pcrls, X509_CRL_free);
+            *pcrls = NULL;
+        }
+        BIO_printf(bio_err, "unable to load %s\n",
+                   pcerts ? "certificates" : "CRLs");
+        ERR_print_errors(bio_err);
+    }
+    return rv;
+}
+
+void* app_malloc(int sz, const char *what)
+{
+    void *vp = OPENSSL_malloc(sz);
+
+    if (vp == NULL) {
+        BIO_printf(bio_err, "%s: Could not allocate %d bytes for %s\n",
+                opt_getprog(), sz, what);
+        ERR_print_errors(bio_err);
+        exit(1);
+    }
+    return vp;
+}
+
+/*
+ * Initialize or extend, if *certs != NULL, a certificate stack.
+ */
+int load_certs(const char *file, STACK_OF(X509) **certs, int format,
+               const char *pass, const char *desc)
+{
+    return load_certs_crls(file, format, pass, desc, certs, NULL);
+}
+
+/*
+ * Initialize or extend, if *crls != NULL, a certificate stack.
+ */
+int load_crls(const char *file, STACK_OF(X509_CRL) **crls, int format,
+              const char *pass, const char *desc)
+{
+    return load_certs_crls(file, format, pass, desc, NULL, crls);
+}
+
+#define X509V3_EXT_UNKNOWN_MASK         (0xfL << 16)
+/* Return error for unknown extensions */
+#define X509V3_EXT_DEFAULT              0
+/* Print error for unknown extensions */
+#define X509V3_EXT_ERROR_UNKNOWN        (1L << 16)
+/* ASN1 parse unknown extensions */
+#define X509V3_EXT_PARSE_UNKNOWN        (2L << 16)
+/* BIO_dump unknown extensions */
+#define X509V3_EXT_DUMP_UNKNOWN         (3L << 16)
+
+#define X509_FLAG_CA (X509_FLAG_NO_ISSUER | X509_FLAG_NO_PUBKEY | \
+                         X509_FLAG_NO_HEADER | X509_FLAG_NO_VERSION)
+
+int set_cert_ex(unsigned long *flags, const char *arg)
+{
+    static const NAME_EX_TBL cert_tbl[] = {
+        {"compatible", X509_FLAG_COMPAT, 0xffffffffl},
+        {"ca_default", X509_FLAG_CA, 0xffffffffl},
+        {"no_header", X509_FLAG_NO_HEADER, 0},
+        {"no_version", X509_FLAG_NO_VERSION, 0},
+        {"no_serial", X509_FLAG_NO_SERIAL, 0},
+        {"no_signame", X509_FLAG_NO_SIGNAME, 0},
+        {"no_validity", X509_FLAG_NO_VALIDITY, 0},
+        {"no_subject", X509_FLAG_NO_SUBJECT, 0},
+        {"no_issuer", X509_FLAG_NO_ISSUER, 0},
+        {"no_pubkey", X509_FLAG_NO_PUBKEY, 0},
+        {"no_extensions", X509_FLAG_NO_EXTENSIONS, 0},
+        {"no_sigdump", X509_FLAG_NO_SIGDUMP, 0},
+        {"no_aux", X509_FLAG_NO_AUX, 0},
+        {"no_attributes", X509_FLAG_NO_ATTRIBUTES, 0},
+        {"ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK},
+        {"ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
+        {"ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
+        {"ext_dump", X509V3_EXT_DUMP_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
+        {NULL, 0, 0}
+    };
+    return set_multi_opts(flags, arg, cert_tbl);
+}
+
+int set_name_ex(unsigned long *flags, const char *arg)
+{
+    static const NAME_EX_TBL ex_tbl[] = {
+        {"esc_2253", ASN1_STRFLGS_ESC_2253, 0},
+        {"esc_2254", ASN1_STRFLGS_ESC_2254, 0},
+        {"esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0},
+        {"esc_msb", ASN1_STRFLGS_ESC_MSB, 0},
+        {"use_quote", ASN1_STRFLGS_ESC_QUOTE, 0},
+        {"utf8", ASN1_STRFLGS_UTF8_CONVERT, 0},
+        {"ignore_type", ASN1_STRFLGS_IGNORE_TYPE, 0},
+        {"show_type", ASN1_STRFLGS_SHOW_TYPE, 0},
+        {"dump_all", ASN1_STRFLGS_DUMP_ALL, 0},
+        {"dump_nostr", ASN1_STRFLGS_DUMP_UNKNOWN, 0},
+        {"dump_der", ASN1_STRFLGS_DUMP_DER, 0},
+        {"compat", XN_FLAG_COMPAT, 0xffffffffL},
+        {"sep_comma_plus", XN_FLAG_SEP_COMMA_PLUS, XN_FLAG_SEP_MASK},
+        {"sep_comma_plus_space", XN_FLAG_SEP_CPLUS_SPC, XN_FLAG_SEP_MASK},
+        {"sep_semi_plus_space", XN_FLAG_SEP_SPLUS_SPC, XN_FLAG_SEP_MASK},
+        {"sep_multiline", XN_FLAG_SEP_MULTILINE, XN_FLAG_SEP_MASK},
+        {"dn_rev", XN_FLAG_DN_REV, 0},
+        {"nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK},
+        {"sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK},
+        {"lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK},
+        {"align", XN_FLAG_FN_ALIGN, 0},
+        {"oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK},
+        {"space_eq", XN_FLAG_SPC_EQ, 0},
+        {"dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0},
+        {"RFC2253", XN_FLAG_RFC2253, 0xffffffffL},
+        {"oneline", XN_FLAG_ONELINE, 0xffffffffL},
+        {"multiline", XN_FLAG_MULTILINE, 0xffffffffL},
+        {"ca_default", XN_FLAG_MULTILINE, 0xffffffffL},
+        {NULL, 0, 0}
+    };
+    if (set_multi_opts(flags, arg, ex_tbl) == 0)
+        return 0;
+    if (*flags != XN_FLAG_COMPAT
+        && (*flags & XN_FLAG_SEP_MASK) == 0)
+        *flags |= XN_FLAG_SEP_CPLUS_SPC;
+    return 1;
+}
+
+int set_ext_copy(int *copy_type, const char *arg)
+{
+    if (strcasecmp(arg, "none") == 0)
+        *copy_type = EXT_COPY_NONE;
+    else if (strcasecmp(arg, "copy") == 0)
+        *copy_type = EXT_COPY_ADD;
+    else if (strcasecmp(arg, "copyall") == 0)
+        *copy_type = EXT_COPY_ALL;
+    else
+        return 0;
+    return 1;
+}
+
+int copy_extensions(X509 *x, X509_REQ *req, int copy_type)
+{
+    STACK_OF(X509_EXTENSION) *exts = NULL;
+    X509_EXTENSION *ext, *tmpext;
+    ASN1_OBJECT *obj;
+    int i, idx, ret = 0;
+    if (!x || !req || (copy_type == EXT_COPY_NONE))
+        return 1;
+    exts = X509_REQ_get_extensions(req);
+
+    for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
+        ext = sk_X509_EXTENSION_value(exts, i);
+        obj = X509_EXTENSION_get_object(ext);
+        idx = X509_get_ext_by_OBJ(x, obj, -1);
+        /* Does extension exist? */
+        if (idx != -1) {
+            /* If normal copy don't override existing extension */
+            if (copy_type == EXT_COPY_ADD)
+                continue;
+            /* Delete all extensions of same type */
+            do {
+                tmpext = X509_get_ext(x, idx);
+                X509_delete_ext(x, idx);
+                X509_EXTENSION_free(tmpext);
+                idx = X509_get_ext_by_OBJ(x, obj, -1);
+            } while (idx != -1);
+        }
+        if (!X509_add_ext(x, ext, -1))
+            goto end;
+    }
+
+    ret = 1;
+
+ end:
+
+    sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
+
+    return ret;
+}
+
+static int set_multi_opts(unsigned long *flags, const char *arg,
+                          const NAME_EX_TBL * in_tbl)
+{
+    STACK_OF(CONF_VALUE) *vals;
+    CONF_VALUE *val;
+    int i, ret = 1;
+    if (!arg)
+        return 0;
+    vals = X509V3_parse_list(arg);
+    for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
+        val = sk_CONF_VALUE_value(vals, i);
+        if (!set_table_opts(flags, val->name, in_tbl))
+            ret = 0;
+    }
+    sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
+    return ret;
+}
+
+static int set_table_opts(unsigned long *flags, const char *arg,
+                          const NAME_EX_TBL * in_tbl)
+{
+    char c;
+    const NAME_EX_TBL *ptbl;
+    c = arg[0];
+
+    if (c == '-') {
+        c = 0;
+        arg++;
+    } else if (c == '+') {
+        c = 1;
+        arg++;
+    } else {
+        c = 1;
+    }
+
+    for (ptbl = in_tbl; ptbl->name; ptbl++) {
+        if (strcasecmp(arg, ptbl->name) == 0) {
+            *flags &= ~ptbl->mask;
+            if (c)
+                *flags |= ptbl->flag;
+            else
+                *flags &= ~ptbl->flag;
+            return 1;
+        }
+    }
+    return 0;
+}
+
+void print_name(BIO *out, const char *title, X509_NAME *nm,
+                unsigned long lflags)
+{
+    char *buf;
+    char mline = 0;
+    int indent = 0;
+
+    if (title)
+        BIO_puts(out, title);
+    if ((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
+        mline = 1;
+        indent = 4;
+    }
+    if (lflags == XN_FLAG_COMPAT) {
+        buf = X509_NAME_oneline(nm, 0, 0);
+        BIO_puts(out, buf);
+        BIO_puts(out, "\n");
+        OPENSSL_free(buf);
+    } else {
+        if (mline)
+            BIO_puts(out, "\n");
+        X509_NAME_print_ex(out, nm, indent, lflags);
+        BIO_puts(out, "\n");
+    }
+}
+
+void print_bignum_var(BIO *out, const BIGNUM *in, const char *var,
+                      int len, unsigned char *buffer)
+{
+    BIO_printf(out, "    static unsigned char %s_%d[] = {", var, len);
+    if (BN_is_zero(in)) {
+        BIO_printf(out, "\n        0x00");
+    } else {
+        int i, l;
+
+        l = BN_bn2bin(in, buffer);
+        for (i = 0; i < l; i++) {
+            BIO_printf(out, (i % 10) == 0 ? "\n        " : " ");
+            if (i < l - 1)
+                BIO_printf(out, "0x%02X,", buffer[i]);
+            else
+                BIO_printf(out, "0x%02X", buffer[i]);
+        }
+    }
+    BIO_printf(out, "\n    };\n");
+}
+
+void print_array(BIO *out, const char* title, int len, const unsigned char* d)
+{
+    int i;
+
+    BIO_printf(out, "unsigned char %s[%d] = {", title, len);
+    for (i = 0; i < len; i++) {
+        if ((i % 10) == 0)
+            BIO_printf(out, "\n    ");
+        if (i < len - 1)
+            BIO_printf(out, "0x%02X, ", d[i]);
+        else
+            BIO_printf(out, "0x%02X", d[i]);
+    }
+    BIO_printf(out, "\n};\n");
+}
+
+X509_STORE *setup_verify(const char *CAfile, const char *CApath, int noCAfile, int noCApath)
+{
+    X509_STORE *store = X509_STORE_new();
+    X509_LOOKUP *lookup;
+
+    if (store == NULL)
+        goto end;
+
+    if (CAfile != NULL || !noCAfile) {
+        lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
+        if (lookup == NULL)
+            goto end;
+        if (CAfile) {
+            if (!X509_LOOKUP_load_file(lookup, CAfile, X509_FILETYPE_PEM)) {
+                BIO_printf(bio_err, "Error loading file %s\n", CAfile);
+                goto end;
+            }
+        } else {
+            X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
+        }
+    }
+
+    if (CApath != NULL || !noCApath) {
+        lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
+        if (lookup == NULL)
+            goto end;
+        if (CApath) {
+            if (!X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM)) {
+                BIO_printf(bio_err, "Error loading directory %s\n", CApath);
+                goto end;
+            }
+        } else {
+            X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
+        }
+    }
+
+    ERR_clear_error();
+    return store;
+ end:
+    X509_STORE_free(store);
+    return NULL;
+}
+
+#ifndef OPENSSL_NO_ENGINE
+/* Try to load an engine in a shareable library */
+static ENGINE *try_load_engine(const char *engine)
+{
+    ENGINE *e = ENGINE_by_id("dynamic");
+    if (e) {
+        if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", engine, 0)
+            || !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0)) {
+            ENGINE_free(e);
+            e = NULL;
+        }
+    }
+    return e;
+}
+#endif
+
+ENGINE *setup_engine(const char *engine, int debug)
+{
+    ENGINE *e = NULL;
+
+#ifndef OPENSSL_NO_ENGINE
+    if (engine != NULL) {
+        if (strcmp(engine, "auto") == 0) {
+            BIO_printf(bio_err, "enabling auto ENGINE support\n");
+            ENGINE_register_all_complete();
+            return NULL;
+        }
+        if ((e = ENGINE_by_id(engine)) == NULL
+            && (e = try_load_engine(engine)) == NULL) {
+            BIO_printf(bio_err, "invalid engine \"%s\"\n", engine);
+            ERR_print_errors(bio_err);
+            return NULL;
+        }
+        if (debug) {
+            ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM, 0, bio_err, 0);
+        }
+        ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0, ui_method, 0, 1);
+        if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
+            BIO_printf(bio_err, "can't use that engine\n");
+            ERR_print_errors(bio_err);
+            ENGINE_free(e);
+            return NULL;
+        }
+
+        BIO_printf(bio_err, "engine \"%s\" set.\n", ENGINE_get_id(e));
+    }
+#endif
+    return e;
+}
+
+void release_engine(ENGINE *e)
+{
+#ifndef OPENSSL_NO_ENGINE
+    if (e != NULL)
+        /* Free our "structural" reference. */
+        ENGINE_free(e);
+#endif
+}
+
+static unsigned long index_serial_hash(const OPENSSL_CSTRING *a)
+{
+    const char *n;
+
+    n = a[DB_serial];
+    while (*n == '0')
+        n++;
+    return OPENSSL_LH_strhash(n);
+}
+
+static int index_serial_cmp(const OPENSSL_CSTRING *a,
+                            const OPENSSL_CSTRING *b)
+{
+    const char *aa, *bb;
+
+    for (aa = a[DB_serial]; *aa == '0'; aa++) ;
+    for (bb = b[DB_serial]; *bb == '0'; bb++) ;
+    return strcmp(aa, bb);
+}
+
+static int index_name_qual(char **a)
+{
+    return (a[0][0] == 'V');
+}
+
+static unsigned long index_name_hash(const OPENSSL_CSTRING *a)
+{
+    return OPENSSL_LH_strhash(a[DB_name]);
+}
+
+int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b)
+{
+    return strcmp(a[DB_name], b[DB_name]);
+}
+
+static IMPLEMENT_LHASH_HASH_FN(index_serial, OPENSSL_CSTRING)
+static IMPLEMENT_LHASH_COMP_FN(index_serial, OPENSSL_CSTRING)
+static IMPLEMENT_LHASH_HASH_FN(index_name, OPENSSL_CSTRING)
+static IMPLEMENT_LHASH_COMP_FN(index_name, OPENSSL_CSTRING)
+#undef BSIZE
+#define BSIZE 256
+BIGNUM *load_serial(const char *serialfile, int create, ASN1_INTEGER **retai)
+{
+    BIO *in = NULL;
+    BIGNUM *ret = NULL;
+    char buf[1024];
+    ASN1_INTEGER *ai = NULL;
+
+    ai = ASN1_INTEGER_new();
+    if (ai == NULL)
+        goto err;
+
+    in = BIO_new_file(serialfile, "r");
+    if (in == NULL) {
+        if (!create) {
+            perror(serialfile);
+            goto err;
+        }
+        ERR_clear_error();
+        ret = BN_new();
+        if (ret == NULL || !rand_serial(ret, ai))
+            BIO_printf(bio_err, "Out of memory\n");
+    } else {
+        if (!a2i_ASN1_INTEGER(in, ai, buf, 1024)) {
+            BIO_printf(bio_err, "unable to load number from %s\n",
+                       serialfile);
+            goto err;
+        }
+        ret = ASN1_INTEGER_to_BN(ai, NULL);
+        if (ret == NULL) {
+            BIO_printf(bio_err,
+                       "error converting number from bin to BIGNUM\n");
+            goto err;
+        }
+    }
+
+    if (ret && retai) {
+        *retai = ai;
+        ai = NULL;
+    }
+ err:
+    BIO_free(in);
+    ASN1_INTEGER_free(ai);
+    return ret;
+}
+
+int save_serial(const char *serialfile, const char *suffix, const BIGNUM *serial,
+                ASN1_INTEGER **retai)
+{
+    char buf[1][BSIZE];
+    BIO *out = NULL;
+    int ret = 0;
+    ASN1_INTEGER *ai = NULL;
+    int j;
+
+    if (suffix == NULL)
+        j = strlen(serialfile);
+    else
+        j = strlen(serialfile) + strlen(suffix) + 1;
+    if (j >= BSIZE) {
+        BIO_printf(bio_err, "file name too long\n");
+        goto err;
+    }
+
+    if (suffix == NULL)
+        OPENSSL_strlcpy(buf[0], serialfile, BSIZE);
+    else {
+#ifndef OPENSSL_SYS_VMS
+        j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, suffix);
+#else
+        j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, suffix);
+#endif
+    }
+    out = BIO_new_file(buf[0], "w");
+    if (out == NULL) {
+        ERR_print_errors(bio_err);
+        goto err;
+    }
+
+    if ((ai = BN_to_ASN1_INTEGER(serial, NULL)) == NULL) {
+        BIO_printf(bio_err, "error converting serial to ASN.1 format\n");
+        goto err;
+    }
+    i2a_ASN1_INTEGER(out, ai);
+    BIO_puts(out, "\n");
+    ret = 1;
+    if (retai) {
+        *retai = ai;
+        ai = NULL;
+    }
+ err:
+    BIO_free_all(out);
+    ASN1_INTEGER_free(ai);
+    return ret;
+}
+
+int rotate_serial(const char *serialfile, const char *new_suffix,
+                  const char *old_suffix)
+{
+    char buf[2][BSIZE];
+    int i, j;
+
+    i = strlen(serialfile) + strlen(old_suffix);
+    j = strlen(serialfile) + strlen(new_suffix);
+    if (i > j)
+        j = i;
+    if (j + 1 >= BSIZE) {
+        BIO_printf(bio_err, "file name too long\n");
+        goto err;
+    }
+#ifndef OPENSSL_SYS_VMS
+    j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, new_suffix);
+    j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", serialfile, old_suffix);
+#else
+    j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, new_suffix);
+    j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-%s", serialfile, old_suffix);
+#endif
+    if (rename(serialfile, buf[1]) < 0 && errno != ENOENT
+#ifdef ENOTDIR
+        && errno != ENOTDIR
+#endif
+        ) {
+        BIO_printf(bio_err,
+                   "unable to rename %s to %s\n", serialfile, buf[1]);
+        perror("reason");
+        goto err;
+    }
+    if (rename(buf[0], serialfile) < 0) {
+        BIO_printf(bio_err,
+                   "unable to rename %s to %s\n", buf[0], serialfile);
+        perror("reason");
+        rename(buf[1], serialfile);
+        goto err;
+    }
+    return 1;
+ err:
+    return 0;
+}
+
+int rand_serial(BIGNUM *b, ASN1_INTEGER *ai)
+{
+    BIGNUM *btmp;
+    int ret = 0;
+
+    btmp = b == NULL ? BN_new() : b;
+    if (btmp == NULL)
+        return 0;
+
+    if (!BN_rand(btmp, SERIAL_RAND_BITS, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY))
+        goto error;
+    if (ai && !BN_to_ASN1_INTEGER(btmp, ai))
+        goto error;
+
+    ret = 1;
+
+ error:
+
+    if (btmp != b)
+        BN_free(btmp);
+
+    return ret;
+}
+
+CA_DB *load_index(const char *dbfile, DB_ATTR *db_attr)
+{
+    CA_DB *retdb = NULL;
+    TXT_DB *tmpdb = NULL;
+    BIO *in;
+    CONF *dbattr_conf = NULL;
+    char buf[BSIZE];
+#ifndef OPENSSL_NO_POSIX_IO
+    FILE *dbfp;
+    struct stat dbst;
+#endif
+
+    in = BIO_new_file(dbfile, "r");
+    if (in == NULL) {
+        ERR_print_errors(bio_err);
+        goto err;
+    }
+
+#ifndef OPENSSL_NO_POSIX_IO
+    BIO_get_fp(in, &dbfp);
+    if (fstat(fileno(dbfp), &dbst) == -1) {
+        SYSerr(SYS_F_FSTAT, errno);
+        ERR_add_error_data(3, "fstat('", dbfile, "')");
+        ERR_print_errors(bio_err);
+        goto err;
+    }
+#endif
+
+    if ((tmpdb = TXT_DB_read(in, DB_NUMBER)) == NULL)
+        goto err;
+
+#ifndef OPENSSL_SYS_VMS
+    BIO_snprintf(buf, sizeof(buf), "%s.attr", dbfile);
+#else
+    BIO_snprintf(buf, sizeof(buf), "%s-attr", dbfile);
+#endif
+    dbattr_conf = app_load_config_quiet(buf);
+
+    retdb = app_malloc(sizeof(*retdb), "new DB");
+    retdb->db = tmpdb;
+    tmpdb = NULL;
+    if (db_attr)
+        retdb->attributes = *db_attr;
+    else {
+        retdb->attributes.unique_subject = 1;
+    }
+
+    if (dbattr_conf) {
+        char *p = NCONF_get_string(dbattr_conf, NULL, "unique_subject");
+        if (p) {
+            retdb->attributes.unique_subject = parse_yesno(p, 1);
+        }
+    }
+
+    retdb->dbfname = OPENSSL_strdup(dbfile);
+#ifndef OPENSSL_NO_POSIX_IO
+    retdb->dbst = dbst;
+#endif
+
+ err:
+    NCONF_free(dbattr_conf);
+    TXT_DB_free(tmpdb);
+    BIO_free_all(in);
+    return retdb;
+}
+
+/*
+ * Returns > 0 on success, <= 0 on error
+ */
+int index_index(CA_DB *db)
+{
+    if (!TXT_DB_create_index(db->db, DB_serial, NULL,
+                             LHASH_HASH_FN(index_serial),
+                             LHASH_COMP_FN(index_serial))) {
+        BIO_printf(bio_err,
+                   "error creating serial number index:(%ld,%ld,%ld)\n",
+                   db->db->error, db->db->arg1, db->db->arg2);
+        return 0;
+    }
+
+    if (db->attributes.unique_subject
+        && !TXT_DB_create_index(db->db, DB_name, index_name_qual,
+                                LHASH_HASH_FN(index_name),
+                                LHASH_COMP_FN(index_name))) {
+        BIO_printf(bio_err, "error creating name index:(%ld,%ld,%ld)\n",
+                   db->db->error, db->db->arg1, db->db->arg2);
+        return 0;
+    }
+    return 1;
+}
+
+int save_index(const char *dbfile, const char *suffix, CA_DB *db)
+{
+    char buf[3][BSIZE];
+    BIO *out;
+    int j;
+
+    j = strlen(dbfile) + strlen(suffix);
+    if (j + 6 >= BSIZE) {
+        BIO_printf(bio_err, "file name too long\n");
+        goto err;
+    }
+#ifndef OPENSSL_SYS_VMS
+    j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr", dbfile);
+    j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.attr.%s", dbfile, suffix);
+    j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, suffix);
+#else
+    j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s-attr", dbfile);
+    j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-attr-%s", dbfile, suffix);
+    j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", dbfile, suffix);
+#endif
+    out = BIO_new_file(buf[0], "w");
+    if (out == NULL) {
+        perror(dbfile);
+        BIO_printf(bio_err, "unable to open '%s'\n", dbfile);
+        goto err;
+    }
+    j = TXT_DB_write(out, db->db);
+    BIO_free(out);
+    if (j <= 0)
+        goto err;
+
+    out = BIO_new_file(buf[1], "w");
+    if (out == NULL) {
+        perror(buf[2]);
+        BIO_printf(bio_err, "unable to open '%s'\n", buf[2]);
+        goto err;
+    }
+    BIO_printf(out, "unique_subject = %s\n",
+               db->attributes.unique_subject ? "yes" : "no");
+    BIO_free(out);
+
+    return 1;
+ err:
+    return 0;
+}
+
+int rotate_index(const char *dbfile, const char *new_suffix,
+                 const char *old_suffix)
+{
+    char buf[5][BSIZE];
+    int i, j;
+
+    i = strlen(dbfile) + strlen(old_suffix);
+    j = strlen(dbfile) + strlen(new_suffix);
+    if (i > j)
+        j = i;
+    if (j + 6 >= BSIZE) {
+        BIO_printf(bio_err, "file name too long\n");
+        goto err;
+    }
+#ifndef OPENSSL_SYS_VMS
+    j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s.attr", dbfile);
+    j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s.attr.%s", dbfile, old_suffix);
+    j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr.%s", dbfile, new_suffix);
+    j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", dbfile, old_suffix);
+    j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, new_suffix);
+#else
+    j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s-attr", dbfile);
+    j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s-attr-%s", dbfile, old_suffix);
+    j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s-attr-%s", dbfile, new_suffix);
+    j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-%s", dbfile, old_suffix);
+    j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", dbfile, new_suffix);
+#endif
+    if (rename(dbfile, buf[1]) < 0 && errno != ENOENT
+#ifdef ENOTDIR
+        && errno != ENOTDIR
+#endif
+        ) {
+        BIO_printf(bio_err, "unable to rename %s to %s\n", dbfile, buf[1]);
+        perror("reason");
+        goto err;
+    }
+    if (rename(buf[0], dbfile) < 0) {
+        BIO_printf(bio_err, "unable to rename %s to %s\n", buf[0], dbfile);
+        perror("reason");
+        rename(buf[1], dbfile);
+        goto err;
+    }
+    if (rename(buf[4], buf[3]) < 0 && errno != ENOENT
+#ifdef ENOTDIR
+        && errno != ENOTDIR
+#endif
+        ) {
+        BIO_printf(bio_err, "unable to rename %s to %s\n", buf[4], buf[3]);
+        perror("reason");
+        rename(dbfile, buf[0]);
+        rename(buf[1], dbfile);
+        goto err;
+    }
+    if (rename(buf[2], buf[4]) < 0) {
+        BIO_printf(bio_err, "unable to rename %s to %s\n", buf[2], buf[4]);
+        perror("reason");
+        rename(buf[3], buf[4]);
+        rename(dbfile, buf[0]);
+        rename(buf[1], dbfile);
+        goto err;
+    }
+    return 1;
+ err:
+    return 0;
+}
+
+void free_index(CA_DB *db)
+{
+    if (db) {
+        TXT_DB_free(db->db);
+        OPENSSL_free(db->dbfname);
+        OPENSSL_free(db);
+    }
+}
+
+int parse_yesno(const char *str, int def)
+{
+    if (str) {
+        switch (*str) {
+        case 'f':              /* false */
+        case 'F':              /* FALSE */
+        case 'n':              /* no */
+        case 'N':              /* NO */
+        case '0':              /* 0 */
+            return 0;
+        case 't':              /* true */
+        case 'T':              /* TRUE */
+        case 'y':              /* yes */
+        case 'Y':              /* YES */
+        case '1':              /* 1 */
+            return 1;
+        }
+    }
+    return def;
+}
+
+/*
+ * name is expected to be in the format /type0=value0/type1=value1/type2=...
+ * where characters may be escaped by \
+ */
+X509_NAME *parse_name(const char *cp, long chtype, int canmulti)
+{
+    int nextismulti = 0;
+    char *work;
+    X509_NAME *n;
+
+    if (*cp++ != '/') {
+        BIO_printf(bio_err,
+                   "name is expected to be in the format "
+                   "/type0=value0/type1=value1/type2=... where characters may "
+                   "be escaped by \\. This name is not in that format: '%s'\n",
+                   --cp);
+        return NULL;
+    }
+
+    n = X509_NAME_new();
+    if (n == NULL)
+        return NULL;
+    work = OPENSSL_strdup(cp);
+    if (work == NULL)
+        goto err;
+
+    while (*cp) {
+        char *bp = work;
+        char *typestr = bp;
+        unsigned char *valstr;
+        int nid;
+        int ismulti = nextismulti;
+        nextismulti = 0;
+
+        /* Collect the type */
+        while (*cp && *cp != '=')
+            *bp++ = *cp++;
+        if (*cp == '\0') {
+            BIO_printf(bio_err,
+                    "%s: Hit end of string before finding the equals.\n",
+                    opt_getprog());
+            goto err;
+        }
+        *bp++ = '\0';
+        ++cp;
+
+        /* Collect the value. */
+        valstr = (unsigned char *)bp;
+        for (; *cp && *cp != '/'; *bp++ = *cp++) {
+            if (canmulti && *cp == '+') {
+                nextismulti = 1;
+                break;
+            }
+            if (*cp == '\\' && *++cp == '\0') {
+                BIO_printf(bio_err,
+                        "%s: escape character at end of string\n",
+                        opt_getprog());
+                goto err;
+            }
+        }
+        *bp++ = '\0';
+
+        /* If not at EOS (must be + or /), move forward. */
+        if (*cp)
+            ++cp;
+
+        /* Parse */
+        nid = OBJ_txt2nid(typestr);
+        if (nid == NID_undef) {
+            BIO_printf(bio_err, "%s: Skipping unknown attribute \"%s\"\n",
+                      opt_getprog(), typestr);
+            continue;
+        }
+        if (*valstr == '\0') {
+            BIO_printf(bio_err,
+                       "%s: No value provided for Subject Attribute %s, skipped\n",
+                       opt_getprog(), typestr);
+            continue;
+        }
+        if (!X509_NAME_add_entry_by_NID(n, nid, chtype,
+                                        valstr, strlen((char *)valstr),
+                                        -1, ismulti ? -1 : 0))
+            goto err;
+    }
+
+    OPENSSL_free(work);
+    return n;
+
+ err:
+    X509_NAME_free(n);
+    OPENSSL_free(work);
+    return NULL;
+}
+
+/*
+ * Read whole contents of a BIO into an allocated memory buffer and return
+ * it.
+ */
+
+int bio_to_mem(unsigned char **out, int maxlen, BIO *in)
+{
+    BIO *mem;
+    int len, ret;
+    unsigned char tbuf[1024];
+
+    mem = BIO_new(BIO_s_mem());
+    if (mem == NULL)
+        return -1;
+    for (;;) {
+        if ((maxlen != -1) && maxlen < 1024)
+            len = maxlen;
+        else
+            len = 1024;
+        len = BIO_read(in, tbuf, len);
+        if (len < 0) {
+            BIO_free(mem);
+            return -1;
+        }
+        if (len == 0)
+            break;
+        if (BIO_write(mem, tbuf, len) != len) {
+            BIO_free(mem);
+            return -1;
+        }
+        maxlen -= len;
+
+        if (maxlen == 0)
+            break;
+    }
+    ret = BIO_get_mem_data(mem, (char **)out);
+    BIO_set_flags(mem, BIO_FLAGS_MEM_RDONLY);
+    BIO_free(mem);
+    return ret;
+}
+
+int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value)
+{
+    int rv;
+    char *stmp, *vtmp = NULL;
+    stmp = OPENSSL_strdup(value);
+    if (!stmp)
+        return -1;
+    vtmp = strchr(stmp, ':');
+    if (vtmp) {
+        *vtmp = 0;
+        vtmp++;
+    }
+    rv = EVP_PKEY_CTX_ctrl_str(ctx, stmp, vtmp);
+    OPENSSL_free(stmp);
+    return rv;
+}
+
+static void nodes_print(const char *name, STACK_OF(X509_POLICY_NODE) *nodes)
+{
+    X509_POLICY_NODE *node;
+    int i;
+
+    BIO_printf(bio_err, "%s Policies:", name);
+    if (nodes) {
+        BIO_puts(bio_err, "\n");
+        for (i = 0; i < sk_X509_POLICY_NODE_num(nodes); i++) {
+            node = sk_X509_POLICY_NODE_value(nodes, i);
+            X509_POLICY_NODE_print(bio_err, node, 2);
+        }
+    } else {
+        BIO_puts(bio_err, " <empty>\n");
+    }
+}
+
+void policies_print(X509_STORE_CTX *ctx)
+{
+    X509_POLICY_TREE *tree;
+    int explicit_policy;
+    tree = X509_STORE_CTX_get0_policy_tree(ctx);
+    explicit_policy = X509_STORE_CTX_get_explicit_policy(ctx);
+
+    BIO_printf(bio_err, "Require explicit Policy: %s\n",
+               explicit_policy ? "True" : "False");
+
+    nodes_print("Authority", X509_policy_tree_get0_policies(tree));
+    nodes_print("User", X509_policy_tree_get0_user_policies(tree));
+}
+
+/*-
+ * next_protos_parse parses a comma separated list of strings into a string
+ * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
+ *   outlen: (output) set to the length of the resulting buffer on success.
+ *   err: (maybe NULL) on failure, an error message line is written to this BIO.
+ *   in: a NUL terminated string like "abc,def,ghi"
+ *
+ *   returns: a malloc'd buffer or NULL on failure.
+ */
+unsigned char *next_protos_parse(size_t *outlen, const char *in)
+{
+    size_t len;
+    unsigned char *out;
+    size_t i, start = 0;
+
+    len = strlen(in);
+    if (len >= 65535)
+        return NULL;
+
+    out = app_malloc(strlen(in) + 1, "NPN buffer");
+    for (i = 0; i <= len; ++i) {
+        if (i == len || in[i] == ',') {
+            if (i - start > 255) {
+                OPENSSL_free(out);
+                return NULL;
+            }
+            out[start] = (unsigned char)(i - start);
+            start = i + 1;
+        } else {
+            out[i + 1] = in[i];
+        }
+    }
+
+    *outlen = len + 1;
+    return out;
+}
+
+void print_cert_checks(BIO *bio, X509 *x,
+                       const char *checkhost,
+                       const char *checkemail, const char *checkip)
+{
+    if (x == NULL)
+        return;
+    if (checkhost) {
+        BIO_printf(bio, "Hostname %s does%s match certificate\n",
+                   checkhost,
+                   X509_check_host(x, checkhost, 0, 0, NULL) == 1
+                       ? "" : " NOT");
+    }
+
+    if (checkemail) {
+        BIO_printf(bio, "Email %s does%s match certificate\n",
+                   checkemail, X509_check_email(x, checkemail, 0, 0)
+                   ? "" : " NOT");
+    }
+
+    if (checkip) {
+        BIO_printf(bio, "IP %s does%s match certificate\n",
+                   checkip, X509_check_ip_asc(x, checkip, 0) ? "" : " NOT");
+    }
+}
+
+/* Get first http URL from a DIST_POINT structure */
+
+static const char *get_dp_url(DIST_POINT *dp)
+{
+    GENERAL_NAMES *gens;
+    GENERAL_NAME *gen;
+    int i, gtype;
+    ASN1_STRING *uri;
+    if (!dp->distpoint || dp->distpoint->type != 0)
+        return NULL;
+    gens = dp->distpoint->name.fullname;
+    for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
+        gen = sk_GENERAL_NAME_value(gens, i);
+        uri = GENERAL_NAME_get0_value(gen, &gtype);
+        if (gtype == GEN_URI && ASN1_STRING_length(uri) > 6) {
+            const char *uptr = (const char *)ASN1_STRING_get0_data(uri);
+            if (strncmp(uptr, "http://", 7) == 0)
+                return uptr;
+        }
+    }
+    return NULL;
+}
+
+/*
+ * Look through a CRLDP structure and attempt to find an http URL to
+ * downloads a CRL from.
+ */
+
+static X509_CRL *load_crl_crldp(STACK_OF(DIST_POINT) *crldp)
+{
+    int i;
+    const char *urlptr = NULL;
+    for (i = 0; i < sk_DIST_POINT_num(crldp); i++) {
+        DIST_POINT *dp = sk_DIST_POINT_value(crldp, i);
+        urlptr = get_dp_url(dp);
+        if (urlptr)
+            return load_crl(urlptr, FORMAT_HTTP);
+    }
+    return NULL;
+}
+
+/*
+ * Example of downloading CRLs from CRLDP: not usable for real world as it
+ * always downloads, doesn't support non-blocking I/O and doesn't cache
+ * anything.
+ */
+
+static STACK_OF(X509_CRL) *crls_http_cb(X509_STORE_CTX *ctx, X509_NAME *nm)
+{
+    X509 *x;
+    STACK_OF(X509_CRL) *crls = NULL;
+    X509_CRL *crl;
+    STACK_OF(DIST_POINT) *crldp;
+
+    crls = sk_X509_CRL_new_null();
+    if (!crls)
+        return NULL;
+    x = X509_STORE_CTX_get_current_cert(ctx);
+    crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, NULL, NULL);
+    crl = load_crl_crldp(crldp);
+    sk_DIST_POINT_pop_free(crldp, DIST_POINT_free);
+    if (!crl) {
+        sk_X509_CRL_free(crls);
+        return NULL;
+    }
+    sk_X509_CRL_push(crls, crl);
+    /* Try to download delta CRL */
+    crldp = X509_get_ext_d2i(x, NID_freshest_crl, NULL, NULL);
+    crl = load_crl_crldp(crldp);
+    sk_DIST_POINT_pop_free(crldp, DIST_POINT_free);
+    if (crl)
+        sk_X509_CRL_push(crls, crl);
+    return crls;
+}
+
+void store_setup_crl_download(X509_STORE *st)
+{
+    X509_STORE_set_lookup_crls_cb(st, crls_http_cb);
+}
+
+/*
+ * Platform-specific sections
+ */
+#if defined(_WIN32)
+# ifdef fileno
+#  undef fileno
+#  define fileno(a) (int)_fileno(a)
+# endif
+
+# include <windows.h>
+# include <tchar.h>
+
+static int WIN32_rename(const char *from, const char *to)
+{
+    TCHAR *tfrom = NULL, *tto;
+    DWORD err;
+    int ret = 0;
+
+    if (sizeof(TCHAR) == 1) {
+        tfrom = (TCHAR *)from;
+        tto = (TCHAR *)to;
+    } else {                    /* UNICODE path */
+
+        size_t i, flen = strlen(from) + 1, tlen = strlen(to) + 1;
+        tfrom = malloc(sizeof(*tfrom) * (flen + tlen));
+        if (tfrom == NULL)
+            goto err;
+        tto = tfrom + flen;
+# if !defined(_WIN32_WCE) || _WIN32_WCE>=101
+        if (!MultiByteToWideChar(CP_ACP, 0, from, flen, (WCHAR *)tfrom, flen))
+# endif
+            for (i = 0; i < flen; i++)
+                tfrom[i] = (TCHAR)from[i];
+# if !defined(_WIN32_WCE) || _WIN32_WCE>=101
+        if (!MultiByteToWideChar(CP_ACP, 0, to, tlen, (WCHAR *)tto, tlen))
+# endif
+            for (i = 0; i < tlen; i++)
+                tto[i] = (TCHAR)to[i];
+    }
+
+    if (MoveFile(tfrom, tto))
+        goto ok;
+    err = GetLastError();
+    if (err == ERROR_ALREADY_EXISTS || err == ERROR_FILE_EXISTS) {
+        if (DeleteFile(tto) && MoveFile(tfrom, tto))
+            goto ok;
+        err = GetLastError();
+    }
+    if (err == ERROR_FILE_NOT_FOUND || err == ERROR_PATH_NOT_FOUND)
+        errno = ENOENT;
+    else if (err == ERROR_ACCESS_DENIED)
+        errno = EACCES;
+    else
+        errno = EINVAL;         /* we could map more codes... */
+ err:
+    ret = -1;
+ ok:
+    if (tfrom != NULL && tfrom != (TCHAR *)from)
+        free(tfrom);
+    return ret;
+}
+#endif
+
+/* app_tminterval section */
+#if defined(_WIN32)
+double app_tminterval(int stop, int usertime)
+{
+    FILETIME now;
+    double ret = 0;
+    static ULARGE_INTEGER tmstart;
+    static int warning = 1;
+# ifdef _WIN32_WINNT
+    static HANDLE proc = NULL;
+
+    if (proc == NULL) {
+        if (check_winnt())
+            proc = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE,
+                               GetCurrentProcessId());
+        if (proc == NULL)
+            proc = (HANDLE) - 1;
+    }
+
+    if (usertime && proc != (HANDLE) - 1) {
+        FILETIME junk;
+        GetProcessTimes(proc, &junk, &junk, &junk, &now);
+    } else
+# endif
+    {
+        SYSTEMTIME systime;
+
+        if (usertime && warning) {
+            BIO_printf(bio_err, "To get meaningful results, run "
+                       "this program on idle system.\n");
+            warning = 0;
+        }
+        GetSystemTime(&systime);
+        SystemTimeToFileTime(&systime, &now);
+    }
+
+    if (stop == TM_START) {
+        tmstart.u.LowPart = now.dwLowDateTime;
+        tmstart.u.HighPart = now.dwHighDateTime;
+    } else {
+        ULARGE_INTEGER tmstop;
+
+        tmstop.u.LowPart = now.dwLowDateTime;
+        tmstop.u.HighPart = now.dwHighDateTime;
+
+        ret = (__int64)(tmstop.QuadPart - tmstart.QuadPart) * 1e-7;
+    }
+
+    return ret;
+}
+#elif defined(OPENSSL_SYS_VXWORKS)
+# include <time.h>
+
+double app_tminterval(int stop, int usertime)
+{
+    double ret = 0;
+# ifdef CLOCK_REALTIME
+    static struct timespec tmstart;
+    struct timespec now;
+# else
+    static unsigned long tmstart;
+    unsigned long now;
+# endif
+    static int warning = 1;
+
+    if (usertime && warning) {
+        BIO_printf(bio_err, "To get meaningful results, run "
+                   "this program on idle system.\n");
+        warning = 0;
+    }
+# ifdef CLOCK_REALTIME
+    clock_gettime(CLOCK_REALTIME, &now);
+    if (stop == TM_START)
+        tmstart = now;
+    else
+        ret = ((now.tv_sec + now.tv_nsec * 1e-9)
+               - (tmstart.tv_sec + tmstart.tv_nsec * 1e-9));
+# else
+    now = tickGet();
+    if (stop == TM_START)
+        tmstart = now;
+    else
+        ret = (now - tmstart) / (double)sysClkRateGet();
+# endif
+    return ret;
+}
+
+#elif defined(OPENSSL_SYSTEM_VMS)
+# include <time.h>
+# include <times.h>
+
+double app_tminterval(int stop, int usertime)
+{
+    static clock_t tmstart;
+    double ret = 0;
+    clock_t now;
+# ifdef __TMS
+    struct tms rus;
+
+    now = times(&rus);
+    if (usertime)
+        now = rus.tms_utime;
+# else
+    if (usertime)
+        now = clock();          /* sum of user and kernel times */
+    else {
+        struct timeval tv;
+        gettimeofday(&tv, NULL);
+        now = (clock_t)((unsigned long long)tv.tv_sec * CLK_TCK +
+                        (unsigned long long)tv.tv_usec * (1000000 / CLK_TCK)
+            );
+    }
+# endif
+    if (stop == TM_START)
+        tmstart = now;
+    else
+        ret = (now - tmstart) / (double)(CLK_TCK);
+
+    return ret;
+}
+
+#elif defined(_SC_CLK_TCK)      /* by means of unistd.h */
+# include <sys/times.h>
+
+double app_tminterval(int stop, int usertime)
+{
+    double ret = 0;
+    struct tms rus;
+    clock_t now = times(&rus);
+    static clock_t tmstart;
+
+    if (usertime)
+        now = rus.tms_utime;
+
+    if (stop == TM_START) {
+        tmstart = now;
+    } else {
+        long int tck = sysconf(_SC_CLK_TCK);
+        ret = (now - tmstart) / (double)tck;
+    }
+
+    return ret;
+}
+
+#else
+# include <sys/time.h>
+# include <sys/resource.h>
+
+double app_tminterval(int stop, int usertime)
+{
+    double ret = 0;
+    struct rusage rus;
+    struct timeval now;
+    static struct timeval tmstart;
+
+    if (usertime)
+        getrusage(RUSAGE_SELF, &rus), now = rus.ru_utime;
+    else
+        gettimeofday(&now, NULL);
+
+    if (stop == TM_START)
+        tmstart = now;
+    else
+        ret = ((now.tv_sec + now.tv_usec * 1e-6)
+               - (tmstart.tv_sec + tmstart.tv_usec * 1e-6));
+
+    return ret;
+}
+#endif
+
+int app_access(const char* name, int flag)
+{
+#ifdef _WIN32
+    return _access(name, flag);
+#else
+    return access(name, flag);
+#endif
+}
+
+/* app_isdir section */
+#ifdef _WIN32
+int app_isdir(const char *name)
+{
+    DWORD attr;
+# if defined(UNICODE) || defined(_UNICODE)
+    size_t i, len_0 = strlen(name) + 1;
+    WCHAR tempname[MAX_PATH];
+
+    if (len_0 > MAX_PATH)
+        return -1;
+
+#  if !defined(_WIN32_WCE) || _WIN32_WCE>=101
+    if (!MultiByteToWideChar(CP_ACP, 0, name, len_0, tempname, MAX_PATH))
+#  endif
+        for (i = 0; i < len_0; i++)
+            tempname[i] = (WCHAR)name[i];
+
+    attr = GetFileAttributes(tempname);
+# else
+    attr = GetFileAttributes(name);
+# endif
+    if (attr == INVALID_FILE_ATTRIBUTES)
+        return -1;
+    return ((attr & FILE_ATTRIBUTE_DIRECTORY) != 0);
+}
+#else
+# include <sys/stat.h>
+# ifndef S_ISDIR
+#  if defined(_S_IFMT) && defined(_S_IFDIR)
+#   define S_ISDIR(a)   (((a) & _S_IFMT) == _S_IFDIR)
+#  else
+#   define S_ISDIR(a)   (((a) & S_IFMT) == S_IFDIR)
+#  endif
+# endif
+
+int app_isdir(const char *name)
+{
+# if defined(S_ISDIR)
+    struct stat st;
+
+    if (stat(name, &st) == 0)
+        return S_ISDIR(st.st_mode);
+    else
+        return -1;
+# else
+    return -1;
+# endif
+}
+#endif
+
+/* raw_read|write section */
+#if defined(__VMS)
+# include "vms_term_sock.h"
+static int stdin_sock = -1;
+
+static void close_stdin_sock(void)
+{
+    TerminalSocket (TERM_SOCK_DELETE, &stdin_sock);
+}
+
+int fileno_stdin(void)
+{
+    if (stdin_sock == -1) {
+        TerminalSocket(TERM_SOCK_CREATE, &stdin_sock);
+        atexit(close_stdin_sock);
+    }
+
+    return stdin_sock;
+}
+#else
+int fileno_stdin(void)
+{
+    return fileno(stdin);
+}
+#endif
+
+int fileno_stdout(void)
+{
+    return fileno(stdout);
+}
+
+#if defined(_WIN32) && defined(STD_INPUT_HANDLE)
+int raw_read_stdin(void *buf, int siz)
+{
+    DWORD n;
+    if (ReadFile(GetStdHandle(STD_INPUT_HANDLE), buf, siz, &n, NULL))
+        return n;
+    else
+        return -1;
+}
+#elif defined(__VMS)
+# include <sys/socket.h>
+
+int raw_read_stdin(void *buf, int siz)
+{
+    return recv(fileno_stdin(), buf, siz, 0);
+}
+#else
+int raw_read_stdin(void *buf, int siz)
+{
+    return read(fileno_stdin(), buf, siz);
+}
+#endif
+
+#if defined(_WIN32) && defined(STD_OUTPUT_HANDLE)
+int raw_write_stdout(const void *buf, int siz)
+{
+    DWORD n;
+    if (WriteFile(GetStdHandle(STD_OUTPUT_HANDLE), buf, siz, &n, NULL))
+        return n;
+    else
+        return -1;
+}
+#else
+int raw_write_stdout(const void *buf, int siz)
+{
+    return write(fileno_stdout(), buf, siz);
+}
+#endif
+
+/*
+ * Centralized handling if input and output files with format specification
+ * The format is meant to show what the input and output is supposed to be,
+ * and is therefore a show of intent more than anything else.  However, it
+ * does impact behavior on some platform, such as differentiating between
+ * text and binary input/output on non-Unix platforms
+ */
+static int istext(int format)
+{
+    return (format & B_FORMAT_TEXT) == B_FORMAT_TEXT;
+}
+
+BIO *dup_bio_in(int format)
+{
+    return BIO_new_fp(stdin,
+                      BIO_NOCLOSE | (istext(format) ? BIO_FP_TEXT : 0));
+}
+
+static BIO_METHOD *prefix_method = NULL;
+
+BIO *dup_bio_out(int format)
+{
+    BIO *b = BIO_new_fp(stdout,
+                        BIO_NOCLOSE | (istext(format) ? BIO_FP_TEXT : 0));
+    void *prefix = NULL;
+
+#ifdef OPENSSL_SYS_VMS
+    if (istext(format))
+        b = BIO_push(BIO_new(BIO_f_linebuffer()), b);
+#endif
+
+    if (istext(format) && (prefix = getenv("HARNESS_OSSL_PREFIX")) != NULL) {
+        if (prefix_method == NULL)
+            prefix_method = apps_bf_prefix();
+        b = BIO_push(BIO_new(prefix_method), b);
+        BIO_ctrl(b, PREFIX_CTRL_SET_PREFIX, 0, prefix);
+    }
+
+    return b;
+}
+
+BIO *dup_bio_err(int format)
+{
+    BIO *b = BIO_new_fp(stderr,
+                        BIO_NOCLOSE | (istext(format) ? BIO_FP_TEXT : 0));
+#ifdef OPENSSL_SYS_VMS
+    if (istext(format))
+        b = BIO_push(BIO_new(BIO_f_linebuffer()), b);
+#endif
+    return b;
+}
+
+void destroy_prefix_method(void)
+{
+    BIO_meth_free(prefix_method);
+    prefix_method = NULL;
+}
+
+void unbuffer(FILE *fp)
+{
+/*
+ * On VMS, setbuf() will only take 32-bit pointers, and a compilation
+ * with /POINTER_SIZE=64 will give off a MAYLOSEDATA2 warning here.
+ * However, we trust that the C RTL will never give us a FILE pointer
+ * above the first 4 GB of memory, so we simply turn off the warning
+ * temporarily.
+ */
+#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
+# pragma environment save
+# pragma message disable maylosedata2
+#endif
+    setbuf(fp, NULL);
+#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
+# pragma environment restore
+#endif
+}
+
+static const char *modestr(char mode, int format)
+{
+    OPENSSL_assert(mode == 'a' || mode == 'r' || mode == 'w');
+
+    switch (mode) {
+    case 'a':
+        return istext(format) ? "a" : "ab";
+    case 'r':
+        return istext(format) ? "r" : "rb";
+    case 'w':
+        return istext(format) ? "w" : "wb";
+    }
+    /* The assert above should make sure we never reach this point */
+    return NULL;
+}
+
+static const char *modeverb(char mode)
+{
+    switch (mode) {
+    case 'a':
+        return "appending";
+    case 'r':
+        return "reading";
+    case 'w':
+        return "writing";
+    }
+    return "(doing something)";
+}
+
+/*
+ * Open a file for writing, owner-read-only.
+ */
+BIO *bio_open_owner(const char *filename, int format, int private)
+{
+    FILE *fp = NULL;
+    BIO *b = NULL;
+    int fd = -1, bflags, mode, textmode;
+
+    if (!private || filename == NULL || strcmp(filename, "-") == 0)
+        return bio_open_default(filename, 'w', format);
+
+    mode = O_WRONLY;
+#ifdef O_CREAT
+    mode |= O_CREAT;
+#endif
+#ifdef O_TRUNC
+    mode |= O_TRUNC;
+#endif
+    textmode = istext(format);
+    if (!textmode) {
+#ifdef O_BINARY
+        mode |= O_BINARY;
+#elif defined(_O_BINARY)
+        mode |= _O_BINARY;
+#endif
+    }
+
+#ifdef OPENSSL_SYS_VMS
+    /* VMS doesn't have O_BINARY, it just doesn't make sense.  But,
+     * it still needs to know that we're going binary, or fdopen()
+     * will fail with "invalid argument"...  so we tell VMS what the
+     * context is.
+     */
+    if (!textmode)
+        fd = open(filename, mode, 0600, "ctx=bin");
+    else
+#endif
+        fd = open(filename, mode, 0600);
+    if (fd < 0)
+        goto err;
+    fp = fdopen(fd, modestr('w', format));
+    if (fp == NULL)
+        goto err;
+    bflags = BIO_CLOSE;
+    if (textmode)
+        bflags |= BIO_FP_TEXT;
+    b = BIO_new_fp(fp, bflags);
+    if (b)
+        return b;
+
+ err:
+    BIO_printf(bio_err, "%s: Can't open \"%s\" for writing, %s\n",
+               opt_getprog(), filename, strerror(errno));
+    ERR_print_errors(bio_err);
+    /* If we have fp, then fdopen took over fd, so don't close both. */
+    if (fp)
+        fclose(fp);
+    else if (fd >= 0)
+        close(fd);
+    return NULL;
+}
+
+static BIO *bio_open_default_(const char *filename, char mode, int format,
+                              int quiet)
+{
+    BIO *ret;
+
+    if (filename == NULL || strcmp(filename, "-") == 0) {
+        ret = mode == 'r' ? dup_bio_in(format) : dup_bio_out(format);
+        if (quiet) {
+            ERR_clear_error();
+            return ret;
+        }
+        if (ret != NULL)
+            return ret;
+        BIO_printf(bio_err,
+                   "Can't open %s, %s\n",
+                   mode == 'r' ? "stdin" : "stdout", strerror(errno));
+    } else {
+        ret = BIO_new_file(filename, modestr(mode, format));
+        if (quiet) {
+            ERR_clear_error();
+            return ret;
+        }
+        if (ret != NULL)
+            return ret;
+        BIO_printf(bio_err,
+                   "Can't open %s for %s, %s\n",
+                   filename, modeverb(mode), strerror(errno));
+    }
+    ERR_print_errors(bio_err);
+    return NULL;
+}
+
+BIO *bio_open_default(const char *filename, char mode, int format)
+{
+    return bio_open_default_(filename, mode, format, 0);
+}
+
+BIO *bio_open_default_quiet(const char *filename, char mode, int format)
+{
+    return bio_open_default_(filename, mode, format, 1);
+}
+
+void wait_for_async(SSL *s)
+{
+    /* On Windows select only works for sockets, so we simply don't wait  */
+#ifndef OPENSSL_SYS_WINDOWS
+    int width = 0;
+    fd_set asyncfds;
+    OSSL_ASYNC_FD *fds;
+    size_t numfds;
+    size_t i;
+
+    if (!SSL_get_all_async_fds(s, NULL, &numfds))
+        return;
+    if (numfds == 0)
+        return;
+    fds = app_malloc(sizeof(OSSL_ASYNC_FD) * numfds, "allocate async fds");
+    if (!SSL_get_all_async_fds(s, fds, &numfds)) {
+        OPENSSL_free(fds);
+        return;
+    }
+
+    FD_ZERO(&asyncfds);
+    for (i = 0; i < numfds; i++) {
+        if (width <= (int)fds[i])
+            width = (int)fds[i] + 1;
+        openssl_fdset((int)fds[i], &asyncfds);
+    }
+    select(width, (void *)&asyncfds, NULL, NULL, NULL);
+    OPENSSL_free(fds);
+#endif
+}
+
+/* if OPENSSL_SYS_WINDOWS is defined then so is OPENSSL_SYS_MSDOS */
+#if defined(OPENSSL_SYS_MSDOS)
+int has_stdin_waiting(void)
+{
+# if defined(OPENSSL_SYS_WINDOWS)
+    HANDLE inhand = GetStdHandle(STD_INPUT_HANDLE);
+    DWORD events = 0;
+    INPUT_RECORD inputrec;
+    DWORD insize = 1;
+    BOOL peeked;
+
+    if (inhand == INVALID_HANDLE_VALUE) {
+        return 0;
+    }
+
+    peeked = PeekConsoleInput(inhand, &inputrec, insize, &events);
+    if (!peeked) {
+        /* Probably redirected input? _kbhit() does not work in this case */
+        if (!feof(stdin)) {
+            return 1;
+        }
+        return 0;
+    }
+# endif
+    return _kbhit();
+}
+#endif
+
+/* Corrupt a signature by modifying final byte */
+void corrupt_signature(const ASN1_STRING *signature)
+{
+        unsigned char *s = signature->data;
+        s[signature->length - 1] ^= 0x1;
+}
+
+int set_cert_times(X509 *x, const char *startdate, const char *enddate,
+                   int days)
+{
+    if (startdate == NULL || strcmp(startdate, "today") == 0) {
+        if (X509_gmtime_adj(X509_getm_notBefore(x), 0) == NULL)
+            return 0;
+    } else {
+        if (!ASN1_TIME_set_string_X509(X509_getm_notBefore(x), startdate))
+            return 0;
+    }
+    if (enddate == NULL) {
+        if (X509_time_adj_ex(X509_getm_notAfter(x), days, 0, NULL)
+            == NULL)
+            return 0;
+    } else if (!ASN1_TIME_set_string_X509(X509_getm_notAfter(x), enddate)) {
+        return 0;
+    }
+    return 1;
+}
+
+void make_uppercase(char *string)
+{
+    int i;
+
+    for (i = 0; string[i] != '\0'; i++)
+        string[i] = toupper((unsigned char)string[i]);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/apps.h b/trunk/3rdparty/openssl-1.1-fit/apps/apps.h
new file mode 100644
index 000000000..d9eb650eb
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/apps.h
@@ -0,0 +1,634 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_APPS_H
+# define HEADER_APPS_H
+
+# include "e_os.h" /* struct timeval for DTLS */
+# include "internal/nelem.h"
+# include <assert.h>
+
+# include <sys/types.h>
+# ifndef OPENSSL_NO_POSIX_IO
+#  include <sys/stat.h>
+#  include <fcntl.h>
+# endif
+
+# include <openssl/e_os2.h>
+# include <openssl/ossl_typ.h>
+# include <openssl/bio.h>
+# include <openssl/x509.h>
+# include <openssl/conf.h>
+# include <openssl/txt_db.h>
+# include <openssl/engine.h>
+# include <openssl/ocsp.h>
+# include <signal.h>
+
+# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINCE)
+#  define openssl_fdset(a,b) FD_SET((unsigned int)a, b)
+# else
+#  define openssl_fdset(a,b) FD_SET(a, b)
+# endif
+
+/*
+ * quick macro when you need to pass an unsigned char instead of a char.
+ * this is true for some implementations of the is*() functions, for
+ * example.
+ */
+#define _UC(c) ((unsigned char)(c))
+
+void app_RAND_load_conf(CONF *c, const char *section);
+void app_RAND_write(void);
+
+extern char *default_config_file;
+extern BIO *bio_in;
+extern BIO *bio_out;
+extern BIO *bio_err;
+extern const unsigned char tls13_aes128gcmsha256_id[];
+extern const unsigned char tls13_aes256gcmsha384_id[];
+extern BIO_ADDR *ourpeer;
+
+BIO_METHOD *apps_bf_prefix(void);
+/*
+ * The control used to set the prefix with BIO_ctrl()
+ * We make it high enough so the chance of ever clashing with the BIO library
+ * remains unlikely for the foreseeable future and beyond.
+ */
+#define PREFIX_CTRL_SET_PREFIX  (1 << 15)
+/*
+ * apps_bf_prefix() returns a dynamically created BIO_METHOD, which we
+ * need to destroy at some point.  When created internally, it's stored
+ * in an internal pointer which can be freed with the following function
+ */
+void destroy_prefix_method(void);
+
+BIO *dup_bio_in(int format);
+BIO *dup_bio_out(int format);
+BIO *dup_bio_err(int format);
+BIO *bio_open_owner(const char *filename, int format, int private);
+BIO *bio_open_default(const char *filename, char mode, int format);
+BIO *bio_open_default_quiet(const char *filename, char mode, int format);
+CONF *app_load_config_bio(BIO *in, const char *filename);
+CONF *app_load_config(const char *filename);
+CONF *app_load_config_quiet(const char *filename);
+int app_load_modules(const CONF *config);
+void unbuffer(FILE *fp);
+void wait_for_async(SSL *s);
+# if defined(OPENSSL_SYS_MSDOS)
+int has_stdin_waiting(void);
+# endif
+
+void corrupt_signature(const ASN1_STRING *signature);
+int set_cert_times(X509 *x, const char *startdate, const char *enddate,
+                   int days);
+
+/*
+ * Common verification options.
+ */
+# define OPT_V_ENUM \
+        OPT_V__FIRST=2000, \
+        OPT_V_POLICY, OPT_V_PURPOSE, OPT_V_VERIFY_NAME, OPT_V_VERIFY_DEPTH, \
+        OPT_V_ATTIME, OPT_V_VERIFY_HOSTNAME, OPT_V_VERIFY_EMAIL, \
+        OPT_V_VERIFY_IP, OPT_V_IGNORE_CRITICAL, OPT_V_ISSUER_CHECKS, \
+        OPT_V_CRL_CHECK, OPT_V_CRL_CHECK_ALL, OPT_V_POLICY_CHECK, \
+        OPT_V_EXPLICIT_POLICY, OPT_V_INHIBIT_ANY, OPT_V_INHIBIT_MAP, \
+        OPT_V_X509_STRICT, OPT_V_EXTENDED_CRL, OPT_V_USE_DELTAS, \
+        OPT_V_POLICY_PRINT, OPT_V_CHECK_SS_SIG, OPT_V_TRUSTED_FIRST, \
+        OPT_V_SUITEB_128_ONLY, OPT_V_SUITEB_128, OPT_V_SUITEB_192, \
+        OPT_V_PARTIAL_CHAIN, OPT_V_NO_ALT_CHAINS, OPT_V_NO_CHECK_TIME, \
+        OPT_V_VERIFY_AUTH_LEVEL, OPT_V_ALLOW_PROXY_CERTS, \
+        OPT_V__LAST
+
+# define OPT_V_OPTIONS \
+        { "policy", OPT_V_POLICY, 's', "adds policy to the acceptable policy set"}, \
+        { "purpose", OPT_V_PURPOSE, 's', \
+            "certificate chain purpose"}, \
+        { "verify_name", OPT_V_VERIFY_NAME, 's', "verification policy name"}, \
+        { "verify_depth", OPT_V_VERIFY_DEPTH, 'n', \
+            "chain depth limit" }, \
+        { "auth_level", OPT_V_VERIFY_AUTH_LEVEL, 'n', \
+            "chain authentication security level" }, \
+        { "attime", OPT_V_ATTIME, 'M', "verification epoch time" }, \
+        { "verify_hostname", OPT_V_VERIFY_HOSTNAME, 's', \
+            "expected peer hostname" }, \
+        { "verify_email", OPT_V_VERIFY_EMAIL, 's', \
+            "expected peer email" }, \
+        { "verify_ip", OPT_V_VERIFY_IP, 's', \
+            "expected peer IP address" }, \
+        { "ignore_critical", OPT_V_IGNORE_CRITICAL, '-', \
+            "permit unhandled critical extensions"}, \
+        { "issuer_checks", OPT_V_ISSUER_CHECKS, '-', "(deprecated)"}, \
+        { "crl_check", OPT_V_CRL_CHECK, '-', "check leaf certificate revocation" }, \
+        { "crl_check_all", OPT_V_CRL_CHECK_ALL, '-', "check full chain revocation" }, \
+        { "policy_check", OPT_V_POLICY_CHECK, '-', "perform rfc5280 policy checks"}, \
+        { "explicit_policy", OPT_V_EXPLICIT_POLICY, '-', \
+            "set policy variable require-explicit-policy"}, \
+        { "inhibit_any", OPT_V_INHIBIT_ANY, '-', \
+            "set policy variable inhibit-any-policy"}, \
+        { "inhibit_map", OPT_V_INHIBIT_MAP, '-', \
+            "set policy variable inhibit-policy-mapping"}, \
+        { "x509_strict", OPT_V_X509_STRICT, '-', \
+            "disable certificate compatibility work-arounds"}, \
+        { "extended_crl", OPT_V_EXTENDED_CRL, '-', \
+            "enable extended CRL features"}, \
+        { "use_deltas", OPT_V_USE_DELTAS, '-', \
+            "use delta CRLs"}, \
+        { "policy_print", OPT_V_POLICY_PRINT, '-', \
+            "print policy processing diagnostics"}, \
+        { "check_ss_sig", OPT_V_CHECK_SS_SIG, '-', \
+            "check root CA self-signatures"}, \
+        { "trusted_first", OPT_V_TRUSTED_FIRST, '-', \
+            "search trust store first (default)" }, \
+        { "suiteB_128_only", OPT_V_SUITEB_128_ONLY, '-', "Suite B 128-bit-only mode"}, \
+        { "suiteB_128", OPT_V_SUITEB_128, '-', \
+            "Suite B 128-bit mode allowing 192-bit algorithms"}, \
+        { "suiteB_192", OPT_V_SUITEB_192, '-', "Suite B 192-bit-only mode" }, \
+        { "partial_chain", OPT_V_PARTIAL_CHAIN, '-', \
+            "accept chains anchored by intermediate trust-store CAs"}, \
+        { "no_alt_chains", OPT_V_NO_ALT_CHAINS, '-', "(deprecated)" }, \
+        { "no_check_time", OPT_V_NO_CHECK_TIME, '-', "ignore certificate validity time" }, \
+        { "allow_proxy_certs", OPT_V_ALLOW_PROXY_CERTS, '-', "allow the use of proxy certificates" }
+
+# define OPT_V_CASES \
+        OPT_V__FIRST: case OPT_V__LAST: break; \
+        case OPT_V_POLICY: \
+        case OPT_V_PURPOSE: \
+        case OPT_V_VERIFY_NAME: \
+        case OPT_V_VERIFY_DEPTH: \
+        case OPT_V_VERIFY_AUTH_LEVEL: \
+        case OPT_V_ATTIME: \
+        case OPT_V_VERIFY_HOSTNAME: \
+        case OPT_V_VERIFY_EMAIL: \
+        case OPT_V_VERIFY_IP: \
+        case OPT_V_IGNORE_CRITICAL: \
+        case OPT_V_ISSUER_CHECKS: \
+        case OPT_V_CRL_CHECK: \
+        case OPT_V_CRL_CHECK_ALL: \
+        case OPT_V_POLICY_CHECK: \
+        case OPT_V_EXPLICIT_POLICY: \
+        case OPT_V_INHIBIT_ANY: \
+        case OPT_V_INHIBIT_MAP: \
+        case OPT_V_X509_STRICT: \
+        case OPT_V_EXTENDED_CRL: \
+        case OPT_V_USE_DELTAS: \
+        case OPT_V_POLICY_PRINT: \
+        case OPT_V_CHECK_SS_SIG: \
+        case OPT_V_TRUSTED_FIRST: \
+        case OPT_V_SUITEB_128_ONLY: \
+        case OPT_V_SUITEB_128: \
+        case OPT_V_SUITEB_192: \
+        case OPT_V_PARTIAL_CHAIN: \
+        case OPT_V_NO_ALT_CHAINS: \
+        case OPT_V_NO_CHECK_TIME: \
+        case OPT_V_ALLOW_PROXY_CERTS
+
+/*
+ * Common "extended validation" options.
+ */
+# define OPT_X_ENUM \
+        OPT_X__FIRST=1000, \
+        OPT_X_KEY, OPT_X_CERT, OPT_X_CHAIN, OPT_X_CHAIN_BUILD, \
+        OPT_X_CERTFORM, OPT_X_KEYFORM, \
+        OPT_X__LAST
+
+# define OPT_X_OPTIONS \
+        { "xkey", OPT_X_KEY, '<', "key for Extended certificates"}, \
+        { "xcert", OPT_X_CERT, '<', "cert for Extended certificates"}, \
+        { "xchain", OPT_X_CHAIN, '<', "chain for Extended certificates"}, \
+        { "xchain_build", OPT_X_CHAIN_BUILD, '-', \
+            "build certificate chain for the extended certificates"}, \
+        { "xcertform", OPT_X_CERTFORM, 'F', \
+            "format of Extended certificate (PEM or DER) PEM default " }, \
+        { "xkeyform", OPT_X_KEYFORM, 'F', \
+            "format of Extended certificate's key (PEM or DER) PEM default"}
+
+# define OPT_X_CASES \
+        OPT_X__FIRST: case OPT_X__LAST: break; \
+        case OPT_X_KEY: \
+        case OPT_X_CERT: \
+        case OPT_X_CHAIN: \
+        case OPT_X_CHAIN_BUILD: \
+        case OPT_X_CERTFORM: \
+        case OPT_X_KEYFORM
+
+/*
+ * Common SSL options.
+ * Any changes here must be coordinated with ../ssl/ssl_conf.c
+ */
+# define OPT_S_ENUM \
+        OPT_S__FIRST=3000, \
+        OPT_S_NOSSL3, OPT_S_NOTLS1, OPT_S_NOTLS1_1, OPT_S_NOTLS1_2, \
+        OPT_S_NOTLS1_3, OPT_S_BUGS, OPT_S_NO_COMP, OPT_S_NOTICKET, \
+        OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_LEGACYCONN, \
+        OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_ALLOW_NO_DHE_KEX, \
+        OPT_S_PRIORITIZE_CHACHA, \
+        OPT_S_STRICT, OPT_S_SIGALGS, OPT_S_CLIENTSIGALGS, OPT_S_GROUPS, \
+        OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, OPT_S_CIPHERSUITES, \
+        OPT_S_RECORD_PADDING, OPT_S_DEBUGBROKE, OPT_S_COMP, \
+        OPT_S_MINPROTO, OPT_S_MAXPROTO, \
+        OPT_S_NO_RENEGOTIATION, OPT_S_NO_MIDDLEBOX, OPT_S__LAST
+
+# define OPT_S_OPTIONS \
+        {"no_ssl3", OPT_S_NOSSL3, '-',"Just disable SSLv3" }, \
+        {"no_tls1", OPT_S_NOTLS1, '-', "Just disable TLSv1"}, \
+        {"no_tls1_1", OPT_S_NOTLS1_1, '-', "Just disable TLSv1.1" }, \
+        {"no_tls1_2", OPT_S_NOTLS1_2, '-', "Just disable TLSv1.2"}, \
+        {"no_tls1_3", OPT_S_NOTLS1_3, '-', "Just disable TLSv1.3"}, \
+        {"bugs", OPT_S_BUGS, '-', "Turn on SSL bug compatibility"}, \
+        {"no_comp", OPT_S_NO_COMP, '-', "Disable SSL/TLS compression (default)" }, \
+        {"comp", OPT_S_COMP, '-', "Use SSL/TLS-level compression" }, \
+        {"no_ticket", OPT_S_NOTICKET, '-', \
+            "Disable use of TLS session tickets"}, \
+        {"serverpref", OPT_S_SERVERPREF, '-', "Use server's cipher preferences"}, \
+        {"legacy_renegotiation", OPT_S_LEGACYRENEG, '-', \
+            "Enable use of legacy renegotiation (dangerous)"}, \
+        {"no_renegotiation", OPT_S_NO_RENEGOTIATION, '-', \
+            "Disable all renegotiation."}, \
+        {"legacy_server_connect", OPT_S_LEGACYCONN, '-', \
+            "Allow initial connection to servers that don't support RI"}, \
+        {"no_resumption_on_reneg", OPT_S_ONRESUMP, '-', \
+            "Disallow session resumption on renegotiation"}, \
+        {"no_legacy_server_connect", OPT_S_NOLEGACYCONN, '-', \
+            "Disallow initial connection to servers that don't support RI"}, \
+        {"allow_no_dhe_kex", OPT_S_ALLOW_NO_DHE_KEX, '-', \
+            "In TLSv1.3 allow non-(ec)dhe based key exchange on resumption"}, \
+        {"prioritize_chacha", OPT_S_PRIORITIZE_CHACHA, '-', \
+            "Prioritize ChaCha ciphers when preferred by clients"}, \
+        {"strict", OPT_S_STRICT, '-', \
+            "Enforce strict certificate checks as per TLS standard"}, \
+        {"sigalgs", OPT_S_SIGALGS, 's', \
+            "Signature algorithms to support (colon-separated list)" }, \
+        {"client_sigalgs", OPT_S_CLIENTSIGALGS, 's', \
+            "Signature algorithms to support for client certificate" \
+            " authentication (colon-separated list)" }, \
+        {"groups", OPT_S_GROUPS, 's', \
+            "Groups to advertise (colon-separated list)" }, \
+        {"curves", OPT_S_CURVES, 's', \
+            "Groups to advertise (colon-separated list)" }, \
+        {"named_curve", OPT_S_NAMEDCURVE, 's', \
+            "Elliptic curve used for ECDHE (server-side only)" }, \
+        {"cipher", OPT_S_CIPHER, 's', "Specify TLSv1.2 and below cipher list to be used"}, \
+        {"ciphersuites", OPT_S_CIPHERSUITES, 's', "Specify TLSv1.3 ciphersuites to be used"}, \
+        {"min_protocol", OPT_S_MINPROTO, 's', "Specify the minimum protocol version to be used"}, \
+        {"max_protocol", OPT_S_MAXPROTO, 's', "Specify the maximum protocol version to be used"}, \
+        {"record_padding", OPT_S_RECORD_PADDING, 's', \
+            "Block size to pad TLS 1.3 records to."}, \
+        {"debug_broken_protocol", OPT_S_DEBUGBROKE, '-', \
+            "Perform all sorts of protocol violations for testing purposes"}, \
+        {"no_middlebox", OPT_S_NO_MIDDLEBOX, '-', \
+            "Disable TLSv1.3 middlebox compat mode" }
+
+# define OPT_S_CASES \
+        OPT_S__FIRST: case OPT_S__LAST: break; \
+        case OPT_S_NOSSL3: \
+        case OPT_S_NOTLS1: \
+        case OPT_S_NOTLS1_1: \
+        case OPT_S_NOTLS1_2: \
+        case OPT_S_NOTLS1_3: \
+        case OPT_S_BUGS: \
+        case OPT_S_NO_COMP: \
+        case OPT_S_COMP: \
+        case OPT_S_NOTICKET: \
+        case OPT_S_SERVERPREF: \
+        case OPT_S_LEGACYRENEG: \
+        case OPT_S_LEGACYCONN: \
+        case OPT_S_ONRESUMP: \
+        case OPT_S_NOLEGACYCONN: \
+        case OPT_S_ALLOW_NO_DHE_KEX: \
+        case OPT_S_PRIORITIZE_CHACHA: \
+        case OPT_S_STRICT: \
+        case OPT_S_SIGALGS: \
+        case OPT_S_CLIENTSIGALGS: \
+        case OPT_S_GROUPS: \
+        case OPT_S_CURVES: \
+        case OPT_S_NAMEDCURVE: \
+        case OPT_S_CIPHER: \
+        case OPT_S_CIPHERSUITES: \
+        case OPT_S_RECORD_PADDING: \
+        case OPT_S_NO_RENEGOTIATION: \
+        case OPT_S_MINPROTO: \
+        case OPT_S_MAXPROTO: \
+        case OPT_S_DEBUGBROKE: \
+        case OPT_S_NO_MIDDLEBOX
+
+#define IS_NO_PROT_FLAG(o) \
+ (o == OPT_S_NOSSL3 || o == OPT_S_NOTLS1 || o == OPT_S_NOTLS1_1 \
+  || o == OPT_S_NOTLS1_2 || o == OPT_S_NOTLS1_3)
+
+/*
+ * Random state options.
+ */
+# define OPT_R_ENUM \
+        OPT_R__FIRST=1500, OPT_R_RAND, OPT_R_WRITERAND, OPT_R__LAST
+
+# define OPT_R_OPTIONS \
+    {"rand", OPT_R_RAND, 's', "Load the file(s) into the random number generator"}, \
+    {"writerand", OPT_R_WRITERAND, '>', "Write random data to the specified file"}
+
+# define OPT_R_CASES \
+        OPT_R__FIRST: case OPT_R__LAST: break; \
+        case OPT_R_RAND: case OPT_R_WRITERAND
+
+/*
+ * Option parsing.
+ */
+extern const char OPT_HELP_STR[];
+extern const char OPT_MORE_STR[];
+typedef struct options_st {
+    const char *name;
+    int retval;
+    /*
+     * value type: - no value (also the value zero), n number, p positive
+     * number, u unsigned, l long, s string, < input file, > output file,
+     * f any format, F der/pem format, E der/pem/engine format identifier.
+     * l, n and u include zero; p does not.
+     */
+    int valtype;
+    const char *helpstr;
+} OPTIONS;
+
+/*
+ * A string/int pairing; widely use for option value lookup, hence the
+ * name OPT_PAIR. But that name is misleading in s_cb.c, so we also use
+ * the "generic" name STRINT_PAIR.
+ */
+typedef struct string_int_pair_st {
+    const char *name;
+    int retval;
+} OPT_PAIR, STRINT_PAIR;
+
+/* Flags to pass into opt_format; see FORMAT_xxx, below. */
+# define OPT_FMT_PEMDER          (1L <<  1)
+# define OPT_FMT_PKCS12          (1L <<  2)
+# define OPT_FMT_SMIME           (1L <<  3)
+# define OPT_FMT_ENGINE          (1L <<  4)
+# define OPT_FMT_MSBLOB          (1L <<  5)
+/* (1L <<  6) was OPT_FMT_NETSCAPE, but wasn't used */
+# define OPT_FMT_NSS             (1L <<  7)
+# define OPT_FMT_TEXT            (1L <<  8)
+# define OPT_FMT_HTTP            (1L <<  9)
+# define OPT_FMT_PVK             (1L << 10)
+# define OPT_FMT_PDE     (OPT_FMT_PEMDER | OPT_FMT_ENGINE)
+# define OPT_FMT_PDS     (OPT_FMT_PEMDER | OPT_FMT_SMIME)
+# define OPT_FMT_ANY     ( \
+        OPT_FMT_PEMDER | OPT_FMT_PKCS12 | OPT_FMT_SMIME | \
+        OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NSS   | \
+        OPT_FMT_TEXT   | OPT_FMT_HTTP   | OPT_FMT_PVK)
+
+char *opt_progname(const char *argv0);
+char *opt_getprog(void);
+char *opt_init(int ac, char **av, const OPTIONS * o);
+int opt_next(void);
+int opt_format(const char *s, unsigned long flags, int *result);
+int opt_int(const char *arg, int *result);
+int opt_ulong(const char *arg, unsigned long *result);
+int opt_long(const char *arg, long *result);
+#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \
+    defined(INTMAX_MAX) && defined(UINTMAX_MAX)
+int opt_imax(const char *arg, intmax_t *result);
+int opt_umax(const char *arg, uintmax_t *result);
+#else
+# define opt_imax opt_long
+# define opt_umax opt_ulong
+# define intmax_t long
+# define uintmax_t unsigned long
+#endif
+int opt_pair(const char *arg, const OPT_PAIR * pairs, int *result);
+int opt_cipher(const char *name, const EVP_CIPHER **cipherp);
+int opt_md(const char *name, const EVP_MD **mdp);
+char *opt_arg(void);
+char *opt_flag(void);
+char *opt_unknown(void);
+char **opt_rest(void);
+int opt_num_rest(void);
+int opt_verify(int i, X509_VERIFY_PARAM *vpm);
+int opt_rand(int i);
+void opt_help(const OPTIONS * list);
+int opt_format_error(const char *s, unsigned long flags);
+
+typedef struct args_st {
+    int size;
+    int argc;
+    char **argv;
+} ARGS;
+
+/*
+ * VMS C only for now, implemented in vms_decc_init.c
+ * If other C compilers forget to terminate argv with NULL, this function
+ * can be re-used.
+ */
+char **copy_argv(int *argc, char *argv[]);
+/*
+ * Win32-specific argv initialization that splits OS-supplied UNICODE
+ * command line string to array of UTF8-encoded strings.
+ */
+void win32_utf8argv(int *argc, char **argv[]);
+
+
+# define PW_MIN_LENGTH 4
+typedef struct pw_cb_data {
+    const void *password;
+    const char *prompt_info;
+} PW_CB_DATA;
+
+int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_data);
+
+int setup_ui_method(void);
+void destroy_ui_method(void);
+const UI_METHOD *get_ui_method(void);
+
+int chopup_args(ARGS *arg, char *buf);
+# ifdef HEADER_X509_H
+int dump_cert_text(BIO *out, X509 *x);
+void print_name(BIO *out, const char *title, X509_NAME *nm,
+                unsigned long lflags);
+# endif
+void print_bignum_var(BIO *, const BIGNUM *, const char*,
+                      int, unsigned char *);
+void print_array(BIO *, const char *, int, const unsigned char *);
+int set_nameopt(const char *arg);
+unsigned long get_nameopt(void);
+int set_cert_ex(unsigned long *flags, const char *arg);
+int set_name_ex(unsigned long *flags, const char *arg);
+int set_ext_copy(int *copy_type, const char *arg);
+int copy_extensions(X509 *x, X509_REQ *req, int copy_type);
+int app_passwd(const char *arg1, const char *arg2, char **pass1, char **pass2);
+int add_oid_section(CONF *conf);
+X509 *load_cert(const char *file, int format, const char *cert_descrip);
+X509_CRL *load_crl(const char *infile, int format);
+EVP_PKEY *load_key(const char *file, int format, int maybe_stdin,
+                   const char *pass, ENGINE *e, const char *key_descrip);
+EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin,
+                      const char *pass, ENGINE *e, const char *key_descrip);
+int load_certs(const char *file, STACK_OF(X509) **certs, int format,
+               const char *pass, const char *cert_descrip);
+int load_crls(const char *file, STACK_OF(X509_CRL) **crls, int format,
+              const char *pass, const char *cert_descrip);
+X509_STORE *setup_verify(const char *CAfile, const char *CApath,
+                         int noCAfile, int noCApath);
+__owur int ctx_set_verify_locations(SSL_CTX *ctx, const char *CAfile,
+                                    const char *CApath, int noCAfile,
+                                    int noCApath);
+
+#ifndef OPENSSL_NO_CT
+
+/*
+ * Sets the file to load the Certificate Transparency log list from.
+ * If path is NULL, loads from the default file path.
+ * Returns 1 on success, 0 otherwise.
+ */
+__owur int ctx_set_ctlog_list_file(SSL_CTX *ctx, const char *path);
+
+#endif
+
+ENGINE *setup_engine(const char *engine, int debug);
+void release_engine(ENGINE *e);
+
+# ifndef OPENSSL_NO_OCSP
+OCSP_RESPONSE *process_responder(OCSP_REQUEST *req,
+                                 const char *host, const char *path,
+                                 const char *port, int use_ssl,
+                                 STACK_OF(CONF_VALUE) *headers,
+                                 int req_timeout);
+# endif
+
+/* Functions defined in ca.c and also used in ocsp.c */
+int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
+                   ASN1_GENERALIZEDTIME **pinvtm, const char *str);
+
+# define DB_type         0
+# define DB_exp_date     1
+# define DB_rev_date     2
+# define DB_serial       3      /* index - unique */
+# define DB_file         4
+# define DB_name         5      /* index - unique when active and not
+                                 * disabled */
+# define DB_NUMBER       6
+
+# define DB_TYPE_REV     'R'    /* Revoked  */
+# define DB_TYPE_EXP     'E'    /* Expired  */
+# define DB_TYPE_VAL     'V'    /* Valid ; inserted with: ca ... -valid */
+# define DB_TYPE_SUSP    'S'    /* Suspended  */
+
+typedef struct db_attr_st {
+    int unique_subject;
+} DB_ATTR;
+typedef struct ca_db_st {
+    DB_ATTR attributes;
+    TXT_DB *db;
+    char *dbfname;
+# ifndef OPENSSL_NO_POSIX_IO
+    struct stat dbst;
+# endif
+} CA_DB;
+
+void* app_malloc(int sz, const char *what);
+BIGNUM *load_serial(const char *serialfile, int create, ASN1_INTEGER **retai);
+int save_serial(const char *serialfile, const char *suffix, const BIGNUM *serial,
+                ASN1_INTEGER **retai);
+int rotate_serial(const char *serialfile, const char *new_suffix,
+                  const char *old_suffix);
+int rand_serial(BIGNUM *b, ASN1_INTEGER *ai);
+CA_DB *load_index(const char *dbfile, DB_ATTR *dbattr);
+int index_index(CA_DB *db);
+int save_index(const char *dbfile, const char *suffix, CA_DB *db);
+int rotate_index(const char *dbfile, const char *new_suffix,
+                 const char *old_suffix);
+void free_index(CA_DB *db);
+# define index_name_cmp_noconst(a, b) \
+        index_name_cmp((const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, a), \
+        (const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, b))
+int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b);
+int parse_yesno(const char *str, int def);
+
+X509_NAME *parse_name(const char *str, long chtype, int multirdn);
+void policies_print(X509_STORE_CTX *ctx);
+int bio_to_mem(unsigned char **out, int maxlen, BIO *in);
+int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value);
+int init_gen_str(EVP_PKEY_CTX **pctx,
+                 const char *algname, ENGINE *e, int do_param);
+int do_X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md,
+                 STACK_OF(OPENSSL_STRING) *sigopts);
+int do_X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md,
+                     STACK_OF(OPENSSL_STRING) *sigopts);
+int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md,
+                     STACK_OF(OPENSSL_STRING) *sigopts);
+
+extern char *psk_key;
+
+
+unsigned char *next_protos_parse(size_t *outlen, const char *in);
+
+void print_cert_checks(BIO *bio, X509 *x,
+                       const char *checkhost,
+                       const char *checkemail, const char *checkip);
+
+void store_setup_crl_download(X509_STORE *st);
+
+/* See OPT_FMT_xxx, above. */
+/* On some platforms, it's important to distinguish between text and binary
+ * files.  On some, there might even be specific file formats for different
+ * contents.  The FORMAT_xxx macros are meant to express an intent with the
+ * file being read or created.
+ */
+# define B_FORMAT_TEXT   0x8000
+# define FORMAT_UNDEF    0
+# define FORMAT_TEXT    (1 | B_FORMAT_TEXT)     /* Generic text */
+# define FORMAT_BINARY   2                      /* Generic binary */
+# define FORMAT_BASE64  (3 | B_FORMAT_TEXT)     /* Base64 */
+# define FORMAT_ASN1     4                      /* ASN.1/DER */
+# define FORMAT_PEM     (5 | B_FORMAT_TEXT)
+# define FORMAT_PKCS12   6
+# define FORMAT_SMIME   (7 | B_FORMAT_TEXT)
+# define FORMAT_ENGINE   8                      /* Not really a file format */
+# define FORMAT_PEMRSA  (9 | B_FORMAT_TEXT)     /* PEM RSAPubicKey format */
+# define FORMAT_ASN1RSA  10                     /* DER RSAPubicKey format */
+# define FORMAT_MSBLOB   11                     /* MS Key blob format */
+# define FORMAT_PVK      12                     /* MS PVK file format */
+# define FORMAT_HTTP     13                     /* Download using HTTP */
+# define FORMAT_NSS      14                     /* NSS keylog format */
+
+# define EXT_COPY_NONE   0
+# define EXT_COPY_ADD    1
+# define EXT_COPY_ALL    2
+
+# define NETSCAPE_CERT_HDR       "certificate"
+
+# define APP_PASS_LEN    1024
+
+/*
+ * IETF RFC 5280 says serial number must be <= 20 bytes. Use 159 bits
+ * so that the first bit will never be one, so that the DER encoding
+ * rules won't force a leading octet.
+ */
+# define SERIAL_RAND_BITS        159
+
+int app_isdir(const char *);
+int app_access(const char *, int flag);
+int fileno_stdin(void);
+int fileno_stdout(void);
+int raw_read_stdin(void *, int);
+int raw_write_stdout(const void *, int);
+
+# define TM_START        0
+# define TM_STOP         1
+double app_tminterval(int stop, int usertime);
+
+void make_uppercase(char *string);
+
+typedef struct verify_options_st {
+    int depth;
+    int quiet;
+    int error;
+    int return_error;
+} VERIFY_CB_ARGS;
+
+extern VERIFY_CB_ARGS verify_args;
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/asn1pars.c b/trunk/3rdparty/openssl-1.1-fit/apps/asn1pars.c
new file mode 100644
index 000000000..62c70b9cc
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/asn1pars.c
@@ -0,0 +1,357 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/asn1t.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_INFORM, OPT_IN, OPT_OUT, OPT_INDENT, OPT_NOOUT,
+    OPT_OID, OPT_OFFSET, OPT_LENGTH, OPT_DUMP, OPT_DLIMIT,
+    OPT_STRPARSE, OPT_GENSTR, OPT_GENCONF, OPT_STRICTPEM,
+    OPT_ITEM
+} OPTION_CHOICE;
+
+const OPTIONS asn1parse_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"inform", OPT_INFORM, 'F', "input format - one of DER PEM"},
+    {"in", OPT_IN, '<', "input file"},
+    {"out", OPT_OUT, '>', "output file (output format is always DER)"},
+    {"i", OPT_INDENT, 0, "indents the output"},
+    {"noout", OPT_NOOUT, 0, "do not produce any output"},
+    {"offset", OPT_OFFSET, 'p', "offset into file"},
+    {"length", OPT_LENGTH, 'p', "length of section in file"},
+    {"oid", OPT_OID, '<', "file of extra oid definitions"},
+    {"dump", OPT_DUMP, 0, "unknown data in hex form"},
+    {"dlimit", OPT_DLIMIT, 'p',
+     "dump the first arg bytes of unknown data in hex form"},
+    {"strparse", OPT_STRPARSE, 'p',
+     "offset; a series of these can be used to 'dig'"},
+    {OPT_MORE_STR, 0, 0, "into multiple ASN1 blob wrappings"},
+    {"genstr", OPT_GENSTR, 's', "string to generate ASN1 structure from"},
+    {"genconf", OPT_GENCONF, 's', "file to generate ASN1 structure from"},
+    {OPT_MORE_STR, 0, 0, "(-inform  will be ignored)"},
+    {"strictpem", OPT_STRICTPEM, 0,
+     "do not attempt base64 decode outside PEM markers"},
+    {"item", OPT_ITEM, 's', "item to parse and print"},
+    {NULL}
+};
+
+static int do_generate(char *genstr, const char *genconf, BUF_MEM *buf);
+
+int asn1parse_main(int argc, char **argv)
+{
+    ASN1_TYPE *at = NULL;
+    BIO *in = NULL, *b64 = NULL, *derout = NULL;
+    BUF_MEM *buf = NULL;
+    STACK_OF(OPENSSL_STRING) *osk = NULL;
+    char *genstr = NULL, *genconf = NULL;
+    char *infile = NULL, *oidfile = NULL, *derfile = NULL;
+    unsigned char *str = NULL;
+    char *name = NULL, *header = NULL, *prog;
+    const unsigned char *ctmpbuf;
+    int indent = 0, noout = 0, dump = 0, strictpem = 0, informat = FORMAT_PEM;
+    int offset = 0, ret = 1, i, j;
+    long num, tmplen;
+    unsigned char *tmpbuf;
+    unsigned int length = 0;
+    OPTION_CHOICE o;
+    const ASN1_ITEM *it = NULL;
+
+    prog = opt_init(argc, argv, asn1parse_options);
+
+    if ((osk = sk_OPENSSL_STRING_new_null()) == NULL) {
+        BIO_printf(bio_err, "%s: Memory allocation failure\n", prog);
+        goto end;
+    }
+
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(asn1parse_options);
+            ret = 0;
+            goto end;
+        case OPT_INFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
+                goto opthelp;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUT:
+            derfile = opt_arg();
+            break;
+        case OPT_INDENT:
+            indent = 1;
+            break;
+        case OPT_NOOUT:
+            noout = 1;
+            break;
+        case OPT_OID:
+            oidfile = opt_arg();
+            break;
+        case OPT_OFFSET:
+            offset = strtol(opt_arg(), NULL, 0);
+            break;
+        case OPT_LENGTH:
+            length = strtol(opt_arg(), NULL, 0);
+            break;
+        case OPT_DUMP:
+            dump = -1;
+            break;
+        case OPT_DLIMIT:
+            dump = strtol(opt_arg(), NULL, 0);
+            break;
+        case OPT_STRPARSE:
+            sk_OPENSSL_STRING_push(osk, opt_arg());
+            break;
+        case OPT_GENSTR:
+            genstr = opt_arg();
+            break;
+        case OPT_GENCONF:
+            genconf = opt_arg();
+            break;
+        case OPT_STRICTPEM:
+            strictpem = 1;
+            informat = FORMAT_PEM;
+            break;
+        case OPT_ITEM:
+            it = ASN1_ITEM_lookup(opt_arg());
+            if (it == NULL) {
+                size_t tmp;
+
+                BIO_printf(bio_err, "Unknown item name %s\n", opt_arg());
+                BIO_puts(bio_err, "Supported types:\n");
+                for (tmp = 0;; tmp++) {
+                    it = ASN1_ITEM_get(tmp);
+                    if (it == NULL)
+                        break;
+                    BIO_printf(bio_err, "    %s\n", it->sname);
+                }
+                goto end;
+            }
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    if (oidfile != NULL) {
+        in = bio_open_default(oidfile, 'r', FORMAT_TEXT);
+        if (in == NULL)
+            goto end;
+        OBJ_create_objects(in);
+        BIO_free(in);
+    }
+
+    if ((in = bio_open_default(infile, 'r', informat)) == NULL)
+        goto end;
+
+    if (derfile && (derout = bio_open_default(derfile, 'w', FORMAT_ASN1)) == NULL)
+        goto end;
+
+    if (strictpem) {
+        if (PEM_read_bio(in, &name, &header, &str, &num) !=
+            1) {
+            BIO_printf(bio_err, "Error reading PEM file\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    } else {
+
+        if ((buf = BUF_MEM_new()) == NULL)
+            goto end;
+        if (!BUF_MEM_grow(buf, BUFSIZ * 8))
+            goto end;           /* Pre-allocate :-) */
+
+        if (genstr || genconf) {
+            num = do_generate(genstr, genconf, buf);
+            if (num < 0) {
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+        } else {
+
+            if (informat == FORMAT_PEM) {
+                BIO *tmp;
+
+                if ((b64 = BIO_new(BIO_f_base64())) == NULL)
+                    goto end;
+                BIO_push(b64, in);
+                tmp = in;
+                in = b64;
+                b64 = tmp;
+            }
+
+            num = 0;
+            for (;;) {
+                if (!BUF_MEM_grow(buf, num + BUFSIZ))
+                    goto end;
+                i = BIO_read(in, &(buf->data[num]), BUFSIZ);
+                if (i <= 0)
+                    break;
+                num += i;
+            }
+        }
+        str = (unsigned char *)buf->data;
+
+    }
+
+    /* If any structs to parse go through in sequence */
+
+    if (sk_OPENSSL_STRING_num(osk)) {
+        tmpbuf = str;
+        tmplen = num;
+        for (i = 0; i < sk_OPENSSL_STRING_num(osk); i++) {
+            ASN1_TYPE *atmp;
+            int typ;
+            j = strtol(sk_OPENSSL_STRING_value(osk, i), NULL, 0);
+            if (j <= 0 || j >= tmplen) {
+                BIO_printf(bio_err, "'%s' is out of range\n",
+                           sk_OPENSSL_STRING_value(osk, i));
+                continue;
+            }
+            tmpbuf += j;
+            tmplen -= j;
+            atmp = at;
+            ctmpbuf = tmpbuf;
+            at = d2i_ASN1_TYPE(NULL, &ctmpbuf, tmplen);
+            ASN1_TYPE_free(atmp);
+            if (!at) {
+                BIO_printf(bio_err, "Error parsing structure\n");
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+            typ = ASN1_TYPE_get(at);
+            if ((typ == V_ASN1_OBJECT)
+                || (typ == V_ASN1_BOOLEAN)
+                || (typ == V_ASN1_NULL)) {
+                BIO_printf(bio_err, "Can't parse %s type\n", ASN1_tag2str(typ));
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+            /* hmm... this is a little evil but it works */
+            tmpbuf = at->value.asn1_string->data;
+            tmplen = at->value.asn1_string->length;
+        }
+        str = tmpbuf;
+        num = tmplen;
+    }
+
+    if (offset < 0 || offset >= num) {
+        BIO_printf(bio_err, "Error: offset out of range\n");
+        goto end;
+    }
+
+    num -= offset;
+
+    if (length == 0 || length > (unsigned int)num)
+        length = (unsigned int)num;
+    if (derout != NULL) {
+        if (BIO_write(derout, str + offset, length) != (int)length) {
+            BIO_printf(bio_err, "Error writing output\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+    if (!noout) {
+        const unsigned char *p = str + offset;
+
+        if (it != NULL) {
+            ASN1_VALUE *value = ASN1_item_d2i(NULL, &p, length, it);
+            if (value == NULL) {
+                BIO_printf(bio_err, "Error parsing item %s\n", it->sname);
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+            ASN1_item_print(bio_out, value, 0, it, NULL);
+            ASN1_item_free(value, it);
+        } else {
+            if (!ASN1_parse_dump(bio_out, p, length, indent, dump)) {
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+        }
+    }
+    ret = 0;
+ end:
+    BIO_free(derout);
+    BIO_free(in);
+    BIO_free(b64);
+    if (ret != 0)
+        ERR_print_errors(bio_err);
+    BUF_MEM_free(buf);
+    OPENSSL_free(name);
+    OPENSSL_free(header);
+    if (strictpem)
+        OPENSSL_free(str);
+    ASN1_TYPE_free(at);
+    sk_OPENSSL_STRING_free(osk);
+    return ret;
+}
+
+static int do_generate(char *genstr, const char *genconf, BUF_MEM *buf)
+{
+    CONF *cnf = NULL;
+    int len;
+    unsigned char *p;
+    ASN1_TYPE *atyp = NULL;
+
+    if (genconf != NULL) {
+        if ((cnf = app_load_config(genconf)) == NULL)
+            goto err;
+        if (genstr == NULL)
+            genstr = NCONF_get_string(cnf, "default", "asn1");
+        if (genstr == NULL) {
+            BIO_printf(bio_err, "Can't find 'asn1' in '%s'\n", genconf);
+            goto err;
+        }
+    }
+
+    atyp = ASN1_generate_nconf(genstr, cnf);
+    NCONF_free(cnf);
+    cnf = NULL;
+
+    if (atyp == NULL)
+        return -1;
+
+    len = i2d_ASN1_TYPE(atyp, NULL);
+
+    if (len <= 0)
+        goto err;
+
+    if (!BUF_MEM_grow(buf, len))
+        goto err;
+
+    p = (unsigned char *)buf->data;
+
+    i2d_ASN1_TYPE(atyp, &p);
+
+    ASN1_TYPE_free(atyp);
+    return len;
+
+ err:
+    NCONF_free(cnf);
+    ASN1_TYPE_free(atyp);
+    return -1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/bf_prefix.c b/trunk/3rdparty/openssl-1.1-fit/apps/bf_prefix.c
new file mode 100644
index 000000000..bae3c91bf
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/bf_prefix.c
@@ -0,0 +1,177 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+#include <openssl/bio.h>
+#include "apps.h"
+
+static int prefix_write(BIO *b, const char *out, size_t outl,
+                        size_t *numwritten);
+static int prefix_read(BIO *b, char *buf, size_t size, size_t *numread);
+static int prefix_puts(BIO *b, const char *str);
+static int prefix_gets(BIO *b, char *str, int size);
+static long prefix_ctrl(BIO *b, int cmd, long arg1, void *arg2);
+static int prefix_create(BIO *b);
+static int prefix_destroy(BIO *b);
+static long prefix_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp);
+
+static BIO_METHOD *prefix_meth = NULL;
+
+BIO_METHOD *apps_bf_prefix(void)
+{
+    if (prefix_meth == NULL) {
+        if ((prefix_meth =
+             BIO_meth_new(BIO_TYPE_FILTER, "Prefix filter")) == NULL
+            || !BIO_meth_set_create(prefix_meth, prefix_create)
+            || !BIO_meth_set_destroy(prefix_meth, prefix_destroy)
+            || !BIO_meth_set_write_ex(prefix_meth, prefix_write)
+            || !BIO_meth_set_read_ex(prefix_meth, prefix_read)
+            || !BIO_meth_set_puts(prefix_meth, prefix_puts)
+            || !BIO_meth_set_gets(prefix_meth, prefix_gets)
+            || !BIO_meth_set_ctrl(prefix_meth, prefix_ctrl)
+            || !BIO_meth_set_callback_ctrl(prefix_meth, prefix_callback_ctrl)) {
+            BIO_meth_free(prefix_meth);
+            prefix_meth = NULL;
+        }
+    }
+    return prefix_meth;
+}
+
+typedef struct prefix_ctx_st {
+    char *prefix;
+    int linestart;               /* flag to indicate we're at the line start */
+} PREFIX_CTX;
+
+static int prefix_create(BIO *b)
+{
+    PREFIX_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
+
+    if (ctx == NULL)
+        return 0;
+
+    ctx->prefix = NULL;
+    ctx->linestart = 1;
+    BIO_set_data(b, ctx);
+    BIO_set_init(b, 1);
+    return 1;
+}
+
+static int prefix_destroy(BIO *b)
+{
+    PREFIX_CTX *ctx = BIO_get_data(b);
+
+    OPENSSL_free(ctx->prefix);
+    OPENSSL_free(ctx);
+    return 1;
+}
+
+static int prefix_read(BIO *b, char *in, size_t size, size_t *numread)
+{
+    return BIO_read_ex(BIO_next(b), in, size, numread);
+}
+
+static int prefix_write(BIO *b, const char *out, size_t outl,
+                        size_t *numwritten)
+{
+    PREFIX_CTX *ctx = BIO_get_data(b);
+
+    if (ctx == NULL)
+        return 0;
+
+    /* If no prefix is set or if it's empty, we've got nothing to do here */
+    if (ctx->prefix == NULL || *ctx->prefix == '\0') {
+        /* We do note if what comes next will be a new line, though */
+        if (outl > 0)
+            ctx->linestart = (out[outl-1] == '\n');
+        return BIO_write_ex(BIO_next(b), out, outl, numwritten);
+    }
+
+    *numwritten = 0;
+
+    while (outl > 0) {
+        size_t i;
+        char c;
+
+        /* If we know that we're at the start of the line, output the prefix */
+        if (ctx->linestart) {
+            size_t dontcare;
+
+            if (!BIO_write_ex(BIO_next(b), ctx->prefix, strlen(ctx->prefix),
+                              &dontcare))
+                return 0;
+            ctx->linestart = 0;
+        }
+
+        /* Now, go look for the next LF, or the end of the string */
+        for (i = 0, c = '\0'; i < outl && (c = out[i]) != '\n'; i++)
+            continue;
+        if (c == '\n')
+            i++;
+
+        /* Output what we found so far */
+        while (i > 0) {
+            size_t num = 0;
+
+            if (!BIO_write_ex(BIO_next(b), out, i, &num))
+                return 0;
+            out += num;
+            outl -= num;
+            *numwritten += num;
+            i -= num;
+        }
+
+        /* If we found a LF, what follows is a new line, so take note */
+        if (c == '\n')
+            ctx->linestart = 1;
+    }
+
+    return 1;
+}
+
+static long prefix_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    long ret = 0;
+
+    switch (cmd) {
+    case PREFIX_CTRL_SET_PREFIX:
+        {
+            PREFIX_CTX *ctx = BIO_get_data(b);
+
+            if (ctx == NULL)
+                break;
+
+            OPENSSL_free(ctx->prefix);
+            ctx->prefix = OPENSSL_strdup((const char *)ptr);
+            ret = ctx->prefix != NULL;
+        }
+        break;
+    default:
+        if (BIO_next(b) != NULL)
+            ret = BIO_ctrl(BIO_next(b), cmd, num, ptr);
+        break;
+    }
+    return ret;
+}
+
+static long prefix_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
+{
+    return BIO_callback_ctrl(BIO_next(b), cmd, fp);
+}
+
+static int prefix_gets(BIO *b, char *buf, int size)
+{
+    return BIO_gets(BIO_next(b), buf, size);
+}
+
+static int prefix_puts(BIO *b, const char *str)
+{
+    return BIO_write(b, str, strlen(str));
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/build.info b/trunk/3rdparty/openssl-1.1-fit/apps/build.info
new file mode 100644
index 000000000..751d8da82
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/build.info
@@ -0,0 +1,38 @@
+{- our @apps_openssl_src =
+       qw(openssl.c
+          asn1pars.c ca.c ciphers.c cms.c crl.c crl2p7.c dgst.c dhparam.c
+          dsa.c dsaparam.c ec.c ecparam.c enc.c engine.c errstr.c gendsa.c
+          genpkey.c genrsa.c nseq.c ocsp.c passwd.c pkcs12.c pkcs7.c pkcs8.c
+          pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c rsa.c rsautl.c
+          s_client.c s_server.c s_time.c sess_id.c smime.c speed.c spkac.c
+          srp.c ts.c verify.c version.c x509.c rehash.c storeutl.c);
+   our @apps_lib_src =
+       ( qw(apps.c opt.c s_cb.c s_socket.c app_rand.c bf_prefix.c),
+         split(/\s+/, $target{apps_aux_src}) );
+   our @apps_init_src = split(/\s+/, $target{apps_init_src});
+   "" -}
+IF[{- !$disabled{apps} -}]
+  LIBS_NO_INST=libapps.a
+  SOURCE[libapps.a]={- join(" ", @apps_lib_src) -}
+  INCLUDE[libapps.a]=.. ../include
+
+  PROGRAMS=openssl
+  SOURCE[openssl]={- join(" ", @apps_init_src) -}
+  SOURCE[openssl]={- join(" ", @apps_openssl_src) -}
+  INCLUDE[openssl]=.. ../include
+  DEPEND[openssl]=libapps.a ../libssl
+
+IF[{- $config{target} =~ /^(?:Cygwin|mingw|VC-)/ -}]
+  GENERATE[openssl.rc]=../util/mkrc.pl openssl
+  SOURCE[openssl]=openssl.rc
+ENDIF
+
+  {- join("\n  ", map { (my $x = $_) =~ s|\.c$|.o|; "DEPEND[$x]=progs.h" }
+                  @apps_openssl_src) -}
+  GENERATE[progs.h]=progs.pl $(APPS_OPENSSL)
+  DEPEND[progs.h]=../configdata.pm
+
+  SCRIPTS=CA.pl tsget.pl
+  SOURCE[CA.pl]=CA.pl.in
+  SOURCE[tsget.pl]=tsget.in
+ENDIF
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/ca-cert.srl b/trunk/3rdparty/openssl-1.1-fit/apps/ca-cert.srl
new file mode 100644
index 000000000..2c7456e3e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/ca-cert.srl
@@ -0,0 +1 @@
+07
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/ca-key.pem b/trunk/3rdparty/openssl-1.1-fit/apps/ca-key.pem
new file mode 100644
index 000000000..4e7424906
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/ca-key.pem
@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAL4tQNyKy4U2zX6l
+IZvORB1edmwMwIgSB4cgoFECrG5pixzYxKauZkAwKG9/+L4DB8qXRjfXWcvafcOU
+DlYpRROykJ7wGkiqmqbZyrxY8DWjk5ZZQXiSuhYOAJB+Fyfb11JZV6+CvBQX/1g+
+vhJr39Gmp6oAesoYrj90ecozClmnAgMBAAECgYA3j6sSg+5f9hnldUMzbPjTh8Sb
+XsJlPrc6UFrmMBzGiUleXSpe9Dbla+x0XvQCN4pwMvAN4nnWp/f0Su5BV/9Y93nb
+im5ijGNrfN9i6QrnqGCr+MMute+4E8HR2pCScX0mBLDDf40SmDvMzCaxtd21keyr
+9DqHgInQZNEi6NKlkQJBAPCbUTFg6iQ6VTCQ8CsEf5q2xHhuTK23fJ999lvWVxN7
+QsvWb9RP9Ng34HVtvB7Pl6P7FyHLQYiDJhhvYR0L0+kCQQDKV/09Kt6Wjf5Omp1I
+wd3A+tFnipdqnPw+qNHGjevv0hYiEIWQOYbx00zXgaX+WN/pzV9eeNN2XAxlNJ++
+dxcPAkBrzeuPKFFAcjKBVC+H1rgl5gYZv7Hzk+buv02G0H6rZ+sB0c7BXiHiTwbv
+Fn/XfkP/YR14Ms3mEH0dLaphjU8hAkEAh3Ar/rRiN04mCcEuRFQXtaNtZSv8PA2G
+Pf7MI2Y9pdHupLCAZlBLRjTUO2/5hu1AO4QPMPIZQSFN3rRBtMCL+wJAMp/m2hvI
+TmtbMp/IrKGfma09e3yFiCmoNn7cHLJ7jLvXcacV2XNzpr9YHfBxiZo0g9FqZKvv
+PZoQ5B2XJ7bhTQ==
+-----END PRIVATE KEY-----
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/ca-req.pem b/trunk/3rdparty/openssl-1.1-fit/apps/ca-req.pem
new file mode 100644
index 000000000..84c6dbb68
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/ca-req.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBmzCCAQQCAQAwWzELMAkGA1UEBhMCQVUxEzARBgNVBAgMClF1ZWVuc2xhbmQx
+GjAYBgNVBAoMEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDDBJUZXN0IENBICgx
+MDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL4tQNyKy4U2zX6l
+IZvORB1edmwMwIgSB4cgoFECrG5pixzYxKauZkAwKG9/+L4DB8qXRjfXWcvafcOU
+DlYpRROykJ7wGkiqmqbZyrxY8DWjk5ZZQXiSuhYOAJB+Fyfb11JZV6+CvBQX/1g+
+vhJr39Gmp6oAesoYrj90ecozClmnAgMBAAGgADANBgkqhkiG9w0BAQsFAAOBgQCo
+2jE7J1SNV7kyRm9m8CoPw8xYsuVcVFxPheBymYp8BlO0/rSdYygRjobpYnLVRUPZ
+pV792wzT1Rp4sXfZWO10lkFY4yi0pH2cdK2RX7qedibV1Xu9vt/yYANFBKVpA4dy
+PRyTQwi3In1N8hdfddpYR8f5MIUYRe5poFMIJcf8JA==
+-----END CERTIFICATE REQUEST-----
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/ca.c b/trunk/3rdparty/openssl-1.1-fit/apps/ca.c
new file mode 100644
index 000000000..69207c066
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/ca.c
@@ -0,0 +1,2606 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <sys/types.h>
+#include <openssl/conf.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/txt_db.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/objects.h>
+#include <openssl/ocsp.h>
+#include <openssl/pem.h>
+
+#ifndef W_OK
+# ifdef OPENSSL_SYS_VMS
+#  include <unistd.h>
+# elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS)
+#  include <sys/file.h>
+# endif
+#endif
+
+#include "apps.h"
+#include "progs.h"
+
+#ifndef W_OK
+# define F_OK 0
+# define W_OK 2
+# define R_OK 4
+#endif
+
+#ifndef PATH_MAX
+# define PATH_MAX 4096
+#endif
+
+#define BASE_SECTION            "ca"
+
+#define ENV_DEFAULT_CA          "default_ca"
+
+#define STRING_MASK             "string_mask"
+#define UTF8_IN                 "utf8"
+
+#define ENV_NEW_CERTS_DIR       "new_certs_dir"
+#define ENV_CERTIFICATE         "certificate"
+#define ENV_SERIAL              "serial"
+#define ENV_RAND_SERIAL         "rand_serial"
+#define ENV_CRLNUMBER           "crlnumber"
+#define ENV_PRIVATE_KEY         "private_key"
+#define ENV_DEFAULT_DAYS        "default_days"
+#define ENV_DEFAULT_STARTDATE   "default_startdate"
+#define ENV_DEFAULT_ENDDATE     "default_enddate"
+#define ENV_DEFAULT_CRL_DAYS    "default_crl_days"
+#define ENV_DEFAULT_CRL_HOURS   "default_crl_hours"
+#define ENV_DEFAULT_MD          "default_md"
+#define ENV_DEFAULT_EMAIL_DN    "email_in_dn"
+#define ENV_PRESERVE            "preserve"
+#define ENV_POLICY              "policy"
+#define ENV_EXTENSIONS          "x509_extensions"
+#define ENV_CRLEXT              "crl_extensions"
+#define ENV_MSIE_HACK           "msie_hack"
+#define ENV_NAMEOPT             "name_opt"
+#define ENV_CERTOPT             "cert_opt"
+#define ENV_EXTCOPY             "copy_extensions"
+#define ENV_UNIQUE_SUBJECT      "unique_subject"
+
+#define ENV_DATABASE            "database"
+
+/* Additional revocation information types */
+typedef enum {
+    REV_VALID             = -1, /* Valid (not-revoked) status */
+    REV_NONE              = 0, /* No additional information */
+    REV_CRL_REASON        = 1, /* Value is CRL reason code */
+    REV_HOLD              = 2, /* Value is hold instruction */
+    REV_KEY_COMPROMISE    = 3, /* Value is cert key compromise time */
+    REV_CA_COMPROMISE     = 4  /* Value is CA key compromise time */
+} REVINFO_TYPE;
+
+static char *lookup_conf(const CONF *conf, const char *group, const char *tag);
+
+static int certify(X509 **xret, const char *infile, EVP_PKEY *pkey, X509 *x509,
+                   const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
+                   STACK_OF(CONF_VALUE) *policy, CA_DB *db,
+                   BIGNUM *serial, const char *subj, unsigned long chtype,
+                   int multirdn, int email_dn, const char *startdate,
+                   const char *enddate,
+                   long days, int batch, const char *ext_sect, CONF *conf,
+                   int verbose, unsigned long certopt, unsigned long nameopt,
+                   int default_op, int ext_copy, int selfsign);
+static int certify_cert(X509 **xret, const char *infile, EVP_PKEY *pkey, X509 *x509,
+                        const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
+                        STACK_OF(CONF_VALUE) *policy, CA_DB *db,
+                        BIGNUM *serial, const char *subj, unsigned long chtype,
+                        int multirdn, int email_dn, const char *startdate,
+                        const char *enddate, long days, int batch, const char *ext_sect,
+                        CONF *conf, int verbose, unsigned long certopt,
+                        unsigned long nameopt, int default_op, int ext_copy);
+static int certify_spkac(X509 **xret, const char *infile, EVP_PKEY *pkey,
+                         X509 *x509, const EVP_MD *dgst,
+                         STACK_OF(OPENSSL_STRING) *sigopts,
+                         STACK_OF(CONF_VALUE) *policy, CA_DB *db,
+                         BIGNUM *serial, const char *subj, unsigned long chtype,
+                         int multirdn, int email_dn, const char *startdate,
+                         const char *enddate, long days, const char *ext_sect, CONF *conf,
+                         int verbose, unsigned long certopt,
+                         unsigned long nameopt, int default_op, int ext_copy);
+static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
+                   const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
+                   STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,
+                   const char *subj, unsigned long chtype, int multirdn,
+                   int email_dn, const char *startdate, const char *enddate, long days,
+                   int batch, int verbose, X509_REQ *req, const char *ext_sect,
+                   CONF *conf, unsigned long certopt, unsigned long nameopt,
+                   int default_op, int ext_copy, int selfsign);
+static int get_certificate_status(const char *ser_status, CA_DB *db);
+static int do_updatedb(CA_DB *db);
+static int check_time_format(const char *str);
+static int do_revoke(X509 *x509, CA_DB *db, REVINFO_TYPE rev_type,
+                     const char *extval);
+static char *make_revocation_str(REVINFO_TYPE rev_type, const char *rev_arg);
+static int make_revoked(X509_REVOKED *rev, const char *str);
+static int old_entry_print(const ASN1_OBJECT *obj, const ASN1_STRING *str);
+static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext);
+
+static CONF *extconf = NULL;
+static int preserve = 0;
+static int msie_hack = 0;
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_ENGINE, OPT_VERBOSE, OPT_CONFIG, OPT_NAME, OPT_SUBJ, OPT_UTF8,
+    OPT_CREATE_SERIAL, OPT_MULTIVALUE_RDN, OPT_STARTDATE, OPT_ENDDATE,
+    OPT_DAYS, OPT_MD, OPT_POLICY, OPT_KEYFILE, OPT_KEYFORM, OPT_PASSIN,
+    OPT_KEY, OPT_CERT, OPT_SELFSIGN, OPT_IN, OPT_OUT, OPT_OUTDIR,
+    OPT_SIGOPT, OPT_NOTEXT, OPT_BATCH, OPT_PRESERVEDN, OPT_NOEMAILDN,
+    OPT_GENCRL, OPT_MSIE_HACK, OPT_CRLDAYS, OPT_CRLHOURS, OPT_CRLSEC,
+    OPT_INFILES, OPT_SS_CERT, OPT_SPKAC, OPT_REVOKE, OPT_VALID,
+    OPT_EXTENSIONS, OPT_EXTFILE, OPT_STATUS, OPT_UPDATEDB, OPT_CRLEXTS,
+    OPT_RAND_SERIAL,
+    OPT_R_ENUM,
+    /* Do not change the order here; see related case statements below */
+    OPT_CRL_REASON, OPT_CRL_HOLD, OPT_CRL_COMPROMISE, OPT_CRL_CA_COMPROMISE
+} OPTION_CHOICE;
+
+const OPTIONS ca_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"verbose", OPT_VERBOSE, '-', "Verbose output during processing"},
+    {"config", OPT_CONFIG, 's', "A config file"},
+    {"name", OPT_NAME, 's', "The particular CA definition to use"},
+    {"subj", OPT_SUBJ, 's', "Use arg instead of request's subject"},
+    {"utf8", OPT_UTF8, '-', "Input characters are UTF8 (default ASCII)"},
+    {"create_serial", OPT_CREATE_SERIAL, '-',
+     "If reading serial fails, create a new random serial"},
+    {"rand_serial", OPT_RAND_SERIAL, '-',
+     "Always create a random serial; do not store it"},
+    {"multivalue-rdn", OPT_MULTIVALUE_RDN, '-',
+     "Enable support for multivalued RDNs"},
+    {"startdate", OPT_STARTDATE, 's', "Cert notBefore, YYMMDDHHMMSSZ"},
+    {"enddate", OPT_ENDDATE, 's',
+     "YYMMDDHHMMSSZ cert notAfter (overrides -days)"},
+    {"days", OPT_DAYS, 'p', "Number of days to certify the cert for"},
+    {"md", OPT_MD, 's', "md to use; one of md2, md5, sha or sha1"},
+    {"policy", OPT_POLICY, 's', "The CA 'policy' to support"},
+    {"keyfile", OPT_KEYFILE, 's', "Private key"},
+    {"keyform", OPT_KEYFORM, 'f', "Private key file format (PEM or ENGINE)"},
+    {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+    {"key", OPT_KEY, 's', "Key to decode the private key if it is encrypted"},
+    {"cert", OPT_CERT, '<', "The CA cert"},
+    {"selfsign", OPT_SELFSIGN, '-',
+     "Sign a cert with the key associated with it"},
+    {"in", OPT_IN, '<', "The input PEM encoded cert request(s)"},
+    {"out", OPT_OUT, '>', "Where to put the output file(s)"},
+    {"outdir", OPT_OUTDIR, '/', "Where to put output cert"},
+    {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
+    {"notext", OPT_NOTEXT, '-', "Do not print the generated certificate"},
+    {"batch", OPT_BATCH, '-', "Don't ask questions"},
+    {"preserveDN", OPT_PRESERVEDN, '-', "Don't re-order the DN"},
+    {"noemailDN", OPT_NOEMAILDN, '-', "Don't add the EMAIL field to the DN"},
+    {"gencrl", OPT_GENCRL, '-', "Generate a new CRL"},
+    {"msie_hack", OPT_MSIE_HACK, '-',
+     "msie modifications to handle all those universal strings"},
+    {"crldays", OPT_CRLDAYS, 'p', "Days until the next CRL is due"},
+    {"crlhours", OPT_CRLHOURS, 'p', "Hours until the next CRL is due"},
+    {"crlsec", OPT_CRLSEC, 'p', "Seconds until the next CRL is due"},
+    {"infiles", OPT_INFILES, '-', "The last argument, requests to process"},
+    {"ss_cert", OPT_SS_CERT, '<', "File contains a self signed cert to sign"},
+    {"spkac", OPT_SPKAC, '<',
+     "File contains DN and signed public key and challenge"},
+    {"revoke", OPT_REVOKE, '<', "Revoke a cert (given in file)"},
+    {"valid", OPT_VALID, 's',
+     "Add a Valid(not-revoked) DB entry about a cert (given in file)"},
+    {"extensions", OPT_EXTENSIONS, 's',
+     "Extension section (override value in config file)"},
+    {"extfile", OPT_EXTFILE, '<',
+     "Configuration file with X509v3 extensions to add"},
+    {"status", OPT_STATUS, 's', "Shows cert status given the serial number"},
+    {"updatedb", OPT_UPDATEDB, '-', "Updates db for expired cert"},
+    {"crlexts", OPT_CRLEXTS, 's',
+     "CRL extension section (override value in config file)"},
+    {"crl_reason", OPT_CRL_REASON, 's', "revocation reason"},
+    {"crl_hold", OPT_CRL_HOLD, 's',
+     "the hold instruction, an OID. Sets revocation reason to certificateHold"},
+    {"crl_compromise", OPT_CRL_COMPROMISE, 's',
+     "sets compromise time to val and the revocation reason to keyCompromise"},
+    {"crl_CA_compromise", OPT_CRL_CA_COMPROMISE, 's',
+     "sets compromise time to val and the revocation reason to CACompromise"},
+    OPT_R_OPTIONS,
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+    {NULL}
+};
+
+int ca_main(int argc, char **argv)
+{
+    CONF *conf = NULL;
+    ENGINE *e = NULL;
+    BIGNUM *crlnumber = NULL, *serial = NULL;
+    EVP_PKEY *pkey = NULL;
+    BIO *in = NULL, *out = NULL, *Sout = NULL;
+    ASN1_INTEGER *tmpser;
+    ASN1_TIME *tmptm;
+    CA_DB *db = NULL;
+    DB_ATTR db_attr;
+    STACK_OF(CONF_VALUE) *attribs = NULL;
+    STACK_OF(OPENSSL_STRING) *sigopts = NULL;
+    STACK_OF(X509) *cert_sk = NULL;
+    X509_CRL *crl = NULL;
+    const EVP_MD *dgst = NULL;
+    char *configfile = default_config_file, *section = NULL;
+    char *md = NULL, *policy = NULL, *keyfile = NULL;
+    char *certfile = NULL, *crl_ext = NULL, *crlnumberfile = NULL, *key = NULL;
+    const char *infile = NULL, *spkac_file = NULL, *ss_cert_file = NULL;
+    const char *extensions = NULL, *extfile = NULL, *passinarg = NULL;
+    char *outdir = NULL, *outfile = NULL, *rev_arg = NULL, *ser_status = NULL;
+    const char *serialfile = NULL, *subj = NULL;
+    char *prog, *startdate = NULL, *enddate = NULL;
+    char *dbfile = NULL, *f;
+    char new_cert[PATH_MAX];
+    char tmp[10 + 1] = "\0";
+    char *const *pp;
+    const char *p;
+    size_t outdirlen = 0;
+    int create_ser = 0, free_key = 0, total = 0, total_done = 0;
+    int batch = 0, default_op = 1, doupdatedb = 0, ext_copy = EXT_COPY_NONE;
+    int keyformat = FORMAT_PEM, multirdn = 0, notext = 0, output_der = 0;
+    int ret = 1, email_dn = 1, req = 0, verbose = 0, gencrl = 0, dorevoke = 0;
+    int rand_ser = 0, i, j, selfsign = 0, def_nid, def_ret;
+    long crldays = 0, crlhours = 0, crlsec = 0, days = 0;
+    unsigned long chtype = MBSTRING_ASC, certopt = 0;
+    X509 *x509 = NULL, *x509p = NULL, *x = NULL;
+    REVINFO_TYPE rev_type = REV_NONE;
+    X509_REVOKED *r = NULL;
+    OPTION_CHOICE o;
+
+    prog = opt_init(argc, argv, ca_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(ca_options);
+            ret = 0;
+            goto end;
+        case OPT_IN:
+            req = 1;
+            infile = opt_arg();
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_VERBOSE:
+            verbose = 1;
+            break;
+        case OPT_CONFIG:
+            configfile = opt_arg();
+            break;
+        case OPT_NAME:
+            section = opt_arg();
+            break;
+        case OPT_SUBJ:
+            subj = opt_arg();
+            /* preserve=1; */
+            break;
+        case OPT_UTF8:
+            chtype = MBSTRING_UTF8;
+            break;
+        case OPT_RAND_SERIAL:
+            rand_ser = 1;
+            break;
+        case OPT_CREATE_SERIAL:
+            create_ser = 1;
+            break;
+        case OPT_MULTIVALUE_RDN:
+            multirdn = 1;
+            break;
+        case OPT_STARTDATE:
+            startdate = opt_arg();
+            break;
+        case OPT_ENDDATE:
+            enddate = opt_arg();
+            break;
+        case OPT_DAYS:
+            days = atoi(opt_arg());
+            break;
+        case OPT_MD:
+            md = opt_arg();
+            break;
+        case OPT_POLICY:
+            policy = opt_arg();
+            break;
+        case OPT_KEYFILE:
+            keyfile = opt_arg();
+            break;
+        case OPT_KEYFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyformat))
+                goto opthelp;
+            break;
+        case OPT_PASSIN:
+            passinarg = opt_arg();
+            break;
+        case OPT_R_CASES:
+            if (!opt_rand(o))
+                goto end;
+            break;
+        case OPT_KEY:
+            key = opt_arg();
+            break;
+        case OPT_CERT:
+            certfile = opt_arg();
+            break;
+        case OPT_SELFSIGN:
+            selfsign = 1;
+            break;
+        case OPT_OUTDIR:
+            outdir = opt_arg();
+            break;
+        case OPT_SIGOPT:
+            if (sigopts == NULL)
+                sigopts = sk_OPENSSL_STRING_new_null();
+            if (sigopts == NULL || !sk_OPENSSL_STRING_push(sigopts, opt_arg()))
+                goto end;
+            break;
+        case OPT_NOTEXT:
+            notext = 1;
+            break;
+        case OPT_BATCH:
+            batch = 1;
+            break;
+        case OPT_PRESERVEDN:
+            preserve = 1;
+            break;
+        case OPT_NOEMAILDN:
+            email_dn = 0;
+            break;
+        case OPT_GENCRL:
+            gencrl = 1;
+            break;
+        case OPT_MSIE_HACK:
+            msie_hack = 1;
+            break;
+        case OPT_CRLDAYS:
+            crldays = atol(opt_arg());
+            break;
+        case OPT_CRLHOURS:
+            crlhours = atol(opt_arg());
+            break;
+        case OPT_CRLSEC:
+            crlsec = atol(opt_arg());
+            break;
+        case OPT_INFILES:
+            req = 1;
+            goto end_of_options;
+        case OPT_SS_CERT:
+            ss_cert_file = opt_arg();
+            req = 1;
+            break;
+        case OPT_SPKAC:
+            spkac_file = opt_arg();
+            req = 1;
+            break;
+        case OPT_REVOKE:
+            infile = opt_arg();
+            dorevoke = 1;
+            break;
+        case OPT_VALID:
+            infile = opt_arg();
+            dorevoke = 2;
+            break;
+        case OPT_EXTENSIONS:
+            extensions = opt_arg();
+            break;
+        case OPT_EXTFILE:
+            extfile = opt_arg();
+            break;
+        case OPT_STATUS:
+            ser_status = opt_arg();
+            break;
+        case OPT_UPDATEDB:
+            doupdatedb = 1;
+            break;
+        case OPT_CRLEXTS:
+            crl_ext = opt_arg();
+            break;
+        case OPT_CRL_REASON:   /* := REV_CRL_REASON */
+        case OPT_CRL_HOLD:
+        case OPT_CRL_COMPROMISE:
+        case OPT_CRL_CA_COMPROMISE:
+            rev_arg = opt_arg();
+            rev_type = (o - OPT_CRL_REASON) + REV_CRL_REASON;
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        }
+    }
+end_of_options:
+    argc = opt_num_rest();
+    argv = opt_rest();
+
+    BIO_printf(bio_err, "Using configuration from %s\n", configfile);
+
+    if ((conf = app_load_config(configfile)) == NULL)
+        goto end;
+    if (configfile != default_config_file && !app_load_modules(conf))
+        goto end;
+
+    /* Lets get the config section we are using */
+    if (section == NULL
+        && (section = lookup_conf(conf, BASE_SECTION, ENV_DEFAULT_CA)) == NULL)
+        goto end;
+
+    p = NCONF_get_string(conf, NULL, "oid_file");
+    if (p == NULL)
+        ERR_clear_error();
+    if (p != NULL) {
+        BIO *oid_bio = BIO_new_file(p, "r");
+
+        if (oid_bio == NULL) {
+            ERR_clear_error();
+        } else {
+            OBJ_create_objects(oid_bio);
+            BIO_free(oid_bio);
+        }
+    }
+    if (!add_oid_section(conf)) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    app_RAND_load_conf(conf, BASE_SECTION);
+
+    f = NCONF_get_string(conf, section, STRING_MASK);
+    if (f == NULL)
+        ERR_clear_error();
+
+    if (f != NULL && !ASN1_STRING_set_default_mask_asc(f)) {
+        BIO_printf(bio_err, "Invalid global string mask setting %s\n", f);
+        goto end;
+    }
+
+    if (chtype != MBSTRING_UTF8) {
+        f = NCONF_get_string(conf, section, UTF8_IN);
+        if (f == NULL)
+            ERR_clear_error();
+        else if (strcmp(f, "yes") == 0)
+            chtype = MBSTRING_UTF8;
+    }
+
+    db_attr.unique_subject = 1;
+    p = NCONF_get_string(conf, section, ENV_UNIQUE_SUBJECT);
+    if (p != NULL)
+        db_attr.unique_subject = parse_yesno(p, 1);
+    else
+        ERR_clear_error();
+
+    /*****************************************************************/
+    /* report status of cert with serial number given on command line */
+    if (ser_status) {
+        dbfile = lookup_conf(conf, section, ENV_DATABASE);
+        if (dbfile == NULL)
+            goto end;
+
+        db = load_index(dbfile, &db_attr);
+        if (db == NULL)
+            goto end;
+
+        if (index_index(db) <= 0)
+            goto end;
+
+        if (get_certificate_status(ser_status, db) != 1)
+            BIO_printf(bio_err, "Error verifying serial %s!\n", ser_status);
+        goto end;
+    }
+
+    /*****************************************************************/
+    /* we definitely need a private key, so let's get it */
+
+    if (keyfile == NULL
+        && (keyfile = lookup_conf(conf, section, ENV_PRIVATE_KEY)) == NULL)
+        goto end;
+
+    if (key == NULL) {
+        free_key = 1;
+        if (!app_passwd(passinarg, NULL, &key, NULL)) {
+            BIO_printf(bio_err, "Error getting password\n");
+            goto end;
+        }
+    }
+    pkey = load_key(keyfile, keyformat, 0, key, e, "CA private key");
+    if (key != NULL)
+        OPENSSL_cleanse(key, strlen(key));
+    if (pkey == NULL)
+        /* load_key() has already printed an appropriate message */
+        goto end;
+
+    /*****************************************************************/
+    /* we need a certificate */
+    if (!selfsign || spkac_file || ss_cert_file || gencrl) {
+        if (certfile == NULL
+            && (certfile = lookup_conf(conf, section, ENV_CERTIFICATE)) == NULL)
+            goto end;
+
+        x509 = load_cert(certfile, FORMAT_PEM, "CA certificate");
+        if (x509 == NULL)
+            goto end;
+
+        if (!X509_check_private_key(x509, pkey)) {
+            BIO_printf(bio_err,
+                       "CA certificate and CA private key do not match\n");
+            goto end;
+        }
+    }
+    if (!selfsign)
+        x509p = x509;
+
+    f = NCONF_get_string(conf, BASE_SECTION, ENV_PRESERVE);
+    if (f == NULL)
+        ERR_clear_error();
+    if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
+        preserve = 1;
+    f = NCONF_get_string(conf, BASE_SECTION, ENV_MSIE_HACK);
+    if (f == NULL)
+        ERR_clear_error();
+    if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
+        msie_hack = 1;
+
+    f = NCONF_get_string(conf, section, ENV_NAMEOPT);
+
+    if (f != NULL) {
+        if (!set_nameopt(f)) {
+            BIO_printf(bio_err, "Invalid name options: \"%s\"\n", f);
+            goto end;
+        }
+        default_op = 0;
+    }
+
+    f = NCONF_get_string(conf, section, ENV_CERTOPT);
+
+    if (f != NULL) {
+        if (!set_cert_ex(&certopt, f)) {
+            BIO_printf(bio_err, "Invalid certificate options: \"%s\"\n", f);
+            goto end;
+        }
+        default_op = 0;
+    } else {
+        ERR_clear_error();
+    }
+
+    f = NCONF_get_string(conf, section, ENV_EXTCOPY);
+
+    if (f != NULL) {
+        if (!set_ext_copy(&ext_copy, f)) {
+            BIO_printf(bio_err, "Invalid extension copy option: \"%s\"\n", f);
+            goto end;
+        }
+    } else {
+        ERR_clear_error();
+    }
+
+    /*****************************************************************/
+    /* lookup where to write new certificates */
+    if ((outdir == NULL) && (req)) {
+
+        outdir = NCONF_get_string(conf, section, ENV_NEW_CERTS_DIR);
+        if (outdir == NULL) {
+            BIO_printf(bio_err,
+                       "there needs to be defined a directory for new certificate to be placed in\n");
+            goto end;
+        }
+#ifndef OPENSSL_SYS_VMS
+        /*
+         * outdir is a directory spec, but access() for VMS demands a
+         * filename.  We could use the DEC C routine to convert the
+         * directory syntax to Unix, and give that to app_isdir,
+         * but for now the fopen will catch the error if it's not a
+         * directory
+         */
+        if (app_isdir(outdir) <= 0) {
+            BIO_printf(bio_err, "%s: %s is not a directory\n", prog, outdir);
+            perror(outdir);
+            goto end;
+        }
+#endif
+    }
+
+    /*****************************************************************/
+    /* we need to load the database file */
+    dbfile = lookup_conf(conf, section, ENV_DATABASE);
+    if (dbfile == NULL)
+        goto end;
+
+    db = load_index(dbfile, &db_attr);
+    if (db == NULL)
+        goto end;
+
+    /* Lets check some fields */
+    for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
+        pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
+        if ((pp[DB_type][0] != DB_TYPE_REV) && (pp[DB_rev_date][0] != '\0')) {
+            BIO_printf(bio_err,
+                       "entry %d: not revoked yet, but has a revocation date\n",
+                       i + 1);
+            goto end;
+        }
+        if ((pp[DB_type][0] == DB_TYPE_REV) &&
+            !make_revoked(NULL, pp[DB_rev_date])) {
+            BIO_printf(bio_err, " in entry %d\n", i + 1);
+            goto end;
+        }
+        if (!check_time_format((char *)pp[DB_exp_date])) {
+            BIO_printf(bio_err, "entry %d: invalid expiry date\n", i + 1);
+            goto end;
+        }
+        p = pp[DB_serial];
+        j = strlen(p);
+        if (*p == '-') {
+            p++;
+            j--;
+        }
+        if ((j & 1) || (j < 2)) {
+            BIO_printf(bio_err, "entry %d: bad serial number length (%d)\n",
+                       i + 1, j);
+            goto end;
+        }
+        for ( ; *p; p++) {
+            if (!isxdigit(_UC(*p))) {
+                BIO_printf(bio_err,
+                           "entry %d: bad char 0%o '%c' in serial number\n",
+                           i + 1, *p, *p);
+                goto end;
+            }
+        }
+    }
+    if (verbose) {
+        TXT_DB_write(bio_out, db->db);
+        BIO_printf(bio_err, "%d entries loaded from the database\n",
+                   sk_OPENSSL_PSTRING_num(db->db->data));
+        BIO_printf(bio_err, "generating index\n");
+    }
+
+    if (index_index(db) <= 0)
+        goto end;
+
+    /*****************************************************************/
+    /* Update the db file for expired certificates */
+    if (doupdatedb) {
+        if (verbose)
+            BIO_printf(bio_err, "Updating %s ...\n", dbfile);
+
+        i = do_updatedb(db);
+        if (i == -1) {
+            BIO_printf(bio_err, "Malloc failure\n");
+            goto end;
+        } else if (i == 0) {
+            if (verbose)
+                BIO_printf(bio_err, "No entries found to mark expired\n");
+        } else {
+            if (!save_index(dbfile, "new", db))
+                goto end;
+
+            if (!rotate_index(dbfile, "new", "old"))
+                goto end;
+
+            if (verbose)
+                BIO_printf(bio_err, "Done. %d entries marked as expired\n", i);
+        }
+    }
+
+    /*****************************************************************/
+    /* Read extensions config file                                   */
+    if (extfile) {
+        if ((extconf = app_load_config(extfile)) == NULL) {
+            ret = 1;
+            goto end;
+        }
+
+        if (verbose)
+            BIO_printf(bio_err, "Successfully loaded extensions file %s\n",
+                       extfile);
+
+        /* We can have sections in the ext file */
+        if (extensions == NULL) {
+            extensions = NCONF_get_string(extconf, "default", "extensions");
+            if (extensions == NULL)
+                extensions = "default";
+        }
+    }
+
+    /*****************************************************************/
+    if (req || gencrl) {
+        if (spkac_file != NULL) {
+            output_der = 1;
+            batch = 1;
+        }
+    }
+
+    def_ret = EVP_PKEY_get_default_digest_nid(pkey, &def_nid);
+    /*
+     * EVP_PKEY_get_default_digest_nid() returns 2 if the digest is
+     * mandatory for this algorithm.
+     */
+    if (def_ret == 2 && def_nid == NID_undef) {
+        /* The signing algorithm requires there to be no digest */
+        dgst = EVP_md_null();
+    } else if (md == NULL
+               && (md = lookup_conf(conf, section, ENV_DEFAULT_MD)) == NULL) {
+        goto end;
+    } else {
+        if (strcmp(md, "default") == 0) {
+            if (def_ret <= 0) {
+                BIO_puts(bio_err, "no default digest\n");
+                goto end;
+            }
+            md = (char *)OBJ_nid2sn(def_nid);
+        }
+
+        if (!opt_md(md, &dgst))
+            goto end;
+    }
+
+    if (req) {
+        if (email_dn == 1) {
+            char *tmp_email_dn = NULL;
+
+            tmp_email_dn = NCONF_get_string(conf, section, ENV_DEFAULT_EMAIL_DN);
+            if (tmp_email_dn != NULL && strcmp(tmp_email_dn, "no") == 0)
+                email_dn = 0;
+        }
+        if (verbose)
+            BIO_printf(bio_err, "message digest is %s\n",
+                       OBJ_nid2ln(EVP_MD_type(dgst)));
+        if (policy == NULL
+            && (policy = lookup_conf(conf, section, ENV_POLICY)) == NULL)
+            goto end;
+
+        if (verbose)
+            BIO_printf(bio_err, "policy is %s\n", policy);
+
+        if (NCONF_get_string(conf, section, ENV_RAND_SERIAL) != NULL) {
+            rand_ser = 1;
+        } else {
+            serialfile = lookup_conf(conf, section, ENV_SERIAL);
+            if (serialfile == NULL)
+                goto end;
+        }
+
+        if (extconf == NULL) {
+            /*
+             * no '-extfile' option, so we look for extensions in the main
+             * configuration file
+             */
+            if (extensions == NULL) {
+                extensions = NCONF_get_string(conf, section, ENV_EXTENSIONS);
+                if (extensions == NULL)
+                    ERR_clear_error();
+            }
+            if (extensions != NULL) {
+                /* Check syntax of file */
+                X509V3_CTX ctx;
+                X509V3_set_ctx_test(&ctx);
+                X509V3_set_nconf(&ctx, conf);
+                if (!X509V3_EXT_add_nconf(conf, &ctx, extensions, NULL)) {
+                    BIO_printf(bio_err,
+                               "Error Loading extension section %s\n",
+                               extensions);
+                    ret = 1;
+                    goto end;
+                }
+            }
+        }
+
+        if (startdate == NULL) {
+            startdate = NCONF_get_string(conf, section, ENV_DEFAULT_STARTDATE);
+            if (startdate == NULL)
+                ERR_clear_error();
+        }
+        if (startdate != NULL && !ASN1_TIME_set_string_X509(NULL, startdate)) {
+            BIO_printf(bio_err,
+                       "start date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n");
+            goto end;
+        }
+        if (startdate == NULL)
+            startdate = "today";
+
+        if (enddate == NULL) {
+            enddate = NCONF_get_string(conf, section, ENV_DEFAULT_ENDDATE);
+            if (enddate == NULL)
+                ERR_clear_error();
+        }
+        if (enddate != NULL && !ASN1_TIME_set_string_X509(NULL, enddate)) {
+            BIO_printf(bio_err,
+                       "end date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n");
+            goto end;
+        }
+
+        if (days == 0) {
+            if (!NCONF_get_number(conf, section, ENV_DEFAULT_DAYS, &days))
+                days = 0;
+        }
+        if (enddate == NULL && days == 0) {
+            BIO_printf(bio_err, "cannot lookup how many days to certify for\n");
+            goto end;
+        }
+
+        if (rand_ser) {
+            if ((serial = BN_new()) == NULL || !rand_serial(serial, NULL)) {
+                BIO_printf(bio_err, "error generating serial number\n");
+                goto end;
+            }
+        } else {
+            if ((serial = load_serial(serialfile, create_ser, NULL)) == NULL) {
+                BIO_printf(bio_err, "error while loading serial number\n");
+                goto end;
+            }
+            if (verbose) {
+                if (BN_is_zero(serial)) {
+                    BIO_printf(bio_err, "next serial number is 00\n");
+                } else {
+                    if ((f = BN_bn2hex(serial)) == NULL)
+                        goto end;
+                    BIO_printf(bio_err, "next serial number is %s\n", f);
+                    OPENSSL_free(f);
+                }
+            }
+        }
+
+        if ((attribs = NCONF_get_section(conf, policy)) == NULL) {
+            BIO_printf(bio_err, "unable to find 'section' for %s\n", policy);
+            goto end;
+        }
+
+        if ((cert_sk = sk_X509_new_null()) == NULL) {
+            BIO_printf(bio_err, "Memory allocation failure\n");
+            goto end;
+        }
+        if (spkac_file != NULL) {
+            total++;
+            j = certify_spkac(&x, spkac_file, pkey, x509, dgst, sigopts,
+                              attribs, db, serial, subj, chtype, multirdn,
+                              email_dn, startdate, enddate, days, extensions,
+                              conf, verbose, certopt, get_nameopt(), default_op,
+                              ext_copy);
+            if (j < 0)
+                goto end;
+            if (j > 0) {
+                total_done++;
+                BIO_printf(bio_err, "\n");
+                if (!BN_add_word(serial, 1))
+                    goto end;
+                if (!sk_X509_push(cert_sk, x)) {
+                    BIO_printf(bio_err, "Memory allocation failure\n");
+                    goto end;
+                }
+            }
+        }
+        if (ss_cert_file != NULL) {
+            total++;
+            j = certify_cert(&x, ss_cert_file, pkey, x509, dgst, sigopts,
+                             attribs,
+                             db, serial, subj, chtype, multirdn, email_dn,
+                             startdate, enddate, days, batch, extensions,
+                             conf, verbose, certopt, get_nameopt(), default_op,
+                             ext_copy);
+            if (j < 0)
+                goto end;
+            if (j > 0) {
+                total_done++;
+                BIO_printf(bio_err, "\n");
+                if (!BN_add_word(serial, 1))
+                    goto end;
+                if (!sk_X509_push(cert_sk, x)) {
+                    BIO_printf(bio_err, "Memory allocation failure\n");
+                    goto end;
+                }
+            }
+        }
+        if (infile != NULL) {
+            total++;
+            j = certify(&x, infile, pkey, x509p, dgst, sigopts, attribs, db,
+                        serial, subj, chtype, multirdn, email_dn, startdate,
+                        enddate, days, batch, extensions, conf, verbose,
+                        certopt, get_nameopt(), default_op, ext_copy, selfsign);
+            if (j < 0)
+                goto end;
+            if (j > 0) {
+                total_done++;
+                BIO_printf(bio_err, "\n");
+                if (!BN_add_word(serial, 1))
+                    goto end;
+                if (!sk_X509_push(cert_sk, x)) {
+                    BIO_printf(bio_err, "Memory allocation failure\n");
+                    goto end;
+                }
+            }
+        }
+        for (i = 0; i < argc; i++) {
+            total++;
+            j = certify(&x, argv[i], pkey, x509p, dgst, sigopts, attribs, db,
+                        serial, subj, chtype, multirdn, email_dn, startdate,
+                        enddate, days, batch, extensions, conf, verbose,
+                        certopt, get_nameopt(), default_op, ext_copy, selfsign);
+            if (j < 0)
+                goto end;
+            if (j > 0) {
+                total_done++;
+                BIO_printf(bio_err, "\n");
+                if (!BN_add_word(serial, 1)) {
+                    X509_free(x);
+                    goto end;
+                }
+                if (!sk_X509_push(cert_sk, x)) {
+                    BIO_printf(bio_err, "Memory allocation failure\n");
+                    X509_free(x);
+                    goto end;
+                }
+            }
+        }
+        /*
+         * we have a stack of newly certified certificates and a data base
+         * and serial number that need updating
+         */
+
+        if (sk_X509_num(cert_sk) > 0) {
+            if (!batch) {
+                BIO_printf(bio_err,
+                           "\n%d out of %d certificate requests certified, commit? [y/n]",
+                           total_done, total);
+                (void)BIO_flush(bio_err);
+                tmp[0] = '\0';
+                if (fgets(tmp, sizeof(tmp), stdin) == NULL) {
+                    BIO_printf(bio_err, "CERTIFICATION CANCELED: I/O error\n");
+                    ret = 0;
+                    goto end;
+                }
+                if (tmp[0] != 'y' && tmp[0] != 'Y') {
+                    BIO_printf(bio_err, "CERTIFICATION CANCELED\n");
+                    ret = 0;
+                    goto end;
+                }
+            }
+
+            BIO_printf(bio_err, "Write out database with %d new entries\n",
+                       sk_X509_num(cert_sk));
+
+            if (serialfile != NULL
+                    && !save_serial(serialfile, "new", serial, NULL))
+                goto end;
+
+            if (!save_index(dbfile, "new", db))
+                goto end;
+        }
+
+        outdirlen = OPENSSL_strlcpy(new_cert, outdir, sizeof(new_cert));
+#ifndef OPENSSL_SYS_VMS
+        outdirlen = OPENSSL_strlcat(new_cert, "/", sizeof(new_cert));
+#endif
+
+        if (verbose)
+            BIO_printf(bio_err, "writing new certificates\n");
+
+        for (i = 0; i < sk_X509_num(cert_sk); i++) {
+            BIO *Cout = NULL;
+            X509 *xi = sk_X509_value(cert_sk, i);
+            ASN1_INTEGER *serialNumber = X509_get_serialNumber(xi);
+            const unsigned char *psn = ASN1_STRING_get0_data(serialNumber);
+            const int snl = ASN1_STRING_length(serialNumber);
+            const int filen_len = 2 * (snl > 0 ? snl : 1) + sizeof(".pem");
+            char *n = new_cert + outdirlen;
+
+            if (outdirlen + filen_len > PATH_MAX) {
+                BIO_printf(bio_err, "certificate file name too long\n");
+                goto end;
+            }
+
+            if (snl > 0) {
+                static const char HEX_DIGITS[] = "0123456789ABCDEF";
+
+                for (j = 0; j < snl; j++, psn++) {
+                    *n++ = HEX_DIGITS[*psn >> 4];
+                    *n++ = HEX_DIGITS[*psn & 0x0F];
+                }
+            } else {
+                *(n++) = '0';
+                *(n++) = '0';
+            }
+            *(n++) = '.';
+            *(n++) = 'p';
+            *(n++) = 'e';
+            *(n++) = 'm';
+            *n = '\0';          /* closing new_cert */
+            if (verbose)
+                BIO_printf(bio_err, "writing %s\n", new_cert);
+
+            Sout = bio_open_default(outfile, 'w',
+                                    output_der ? FORMAT_ASN1 : FORMAT_TEXT);
+            if (Sout == NULL)
+                goto end;
+
+            Cout = BIO_new_file(new_cert, "w");
+            if (Cout == NULL) {
+                perror(new_cert);
+                goto end;
+            }
+            write_new_certificate(Cout, xi, 0, notext);
+            write_new_certificate(Sout, xi, output_der, notext);
+            BIO_free_all(Cout);
+            BIO_free_all(Sout);
+            Sout = NULL;
+        }
+
+        if (sk_X509_num(cert_sk)) {
+            /* Rename the database and the serial file */
+            if (serialfile != NULL
+                    && !rotate_serial(serialfile, "new", "old"))
+                goto end;
+
+            if (!rotate_index(dbfile, "new", "old"))
+                goto end;
+
+            BIO_printf(bio_err, "Data Base Updated\n");
+        }
+    }
+
+    /*****************************************************************/
+    if (gencrl) {
+        int crl_v2 = 0;
+        if (crl_ext == NULL) {
+            crl_ext = NCONF_get_string(conf, section, ENV_CRLEXT);
+            if (crl_ext == NULL)
+                ERR_clear_error();
+        }
+        if (crl_ext != NULL) {
+            /* Check syntax of file */
+            X509V3_CTX ctx;
+            X509V3_set_ctx_test(&ctx);
+            X509V3_set_nconf(&ctx, conf);
+            if (!X509V3_EXT_add_nconf(conf, &ctx, crl_ext, NULL)) {
+                BIO_printf(bio_err,
+                           "Error Loading CRL extension section %s\n", crl_ext);
+                ret = 1;
+                goto end;
+            }
+        }
+
+        if ((crlnumberfile = NCONF_get_string(conf, section, ENV_CRLNUMBER))
+            != NULL)
+            if ((crlnumber = load_serial(crlnumberfile, 0, NULL)) == NULL) {
+                BIO_printf(bio_err, "error while loading CRL number\n");
+                goto end;
+            }
+
+        if (!crldays && !crlhours && !crlsec) {
+            if (!NCONF_get_number(conf, section,
+                                  ENV_DEFAULT_CRL_DAYS, &crldays))
+                crldays = 0;
+            if (!NCONF_get_number(conf, section,
+                                  ENV_DEFAULT_CRL_HOURS, &crlhours))
+                crlhours = 0;
+            ERR_clear_error();
+        }
+        if ((crldays == 0) && (crlhours == 0) && (crlsec == 0)) {
+            BIO_printf(bio_err,
+                       "cannot lookup how long until the next CRL is issued\n");
+            goto end;
+        }
+
+        if (verbose)
+            BIO_printf(bio_err, "making CRL\n");
+        if ((crl = X509_CRL_new()) == NULL)
+            goto end;
+        if (!X509_CRL_set_issuer_name(crl, X509_get_subject_name(x509)))
+            goto end;
+
+        tmptm = ASN1_TIME_new();
+        if (tmptm == NULL
+                || X509_gmtime_adj(tmptm, 0) == NULL
+                || !X509_CRL_set1_lastUpdate(crl, tmptm)
+                || X509_time_adj_ex(tmptm, crldays, crlhours * 60 * 60 + crlsec,
+                                    NULL) == NULL) {
+            BIO_puts(bio_err, "error setting CRL nextUpdate\n");
+            ASN1_TIME_free(tmptm);
+            goto end;
+        }
+        X509_CRL_set1_nextUpdate(crl, tmptm);
+
+        ASN1_TIME_free(tmptm);
+
+        for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
+            pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
+            if (pp[DB_type][0] == DB_TYPE_REV) {
+                if ((r = X509_REVOKED_new()) == NULL)
+                    goto end;
+                j = make_revoked(r, pp[DB_rev_date]);
+                if (!j)
+                    goto end;
+                if (j == 2)
+                    crl_v2 = 1;
+                if (!BN_hex2bn(&serial, pp[DB_serial]))
+                    goto end;
+                tmpser = BN_to_ASN1_INTEGER(serial, NULL);
+                BN_free(serial);
+                serial = NULL;
+                if (!tmpser)
+                    goto end;
+                X509_REVOKED_set_serialNumber(r, tmpser);
+                ASN1_INTEGER_free(tmpser);
+                X509_CRL_add0_revoked(crl, r);
+            }
+        }
+
+        /*
+         * sort the data so it will be written in serial number order
+         */
+        X509_CRL_sort(crl);
+
+        /* we now have a CRL */
+        if (verbose)
+            BIO_printf(bio_err, "signing CRL\n");
+
+        /* Add any extensions asked for */
+
+        if (crl_ext != NULL || crlnumberfile != NULL) {
+            X509V3_CTX crlctx;
+            X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0);
+            X509V3_set_nconf(&crlctx, conf);
+
+            if (crl_ext != NULL)
+                if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx, crl_ext, crl))
+                    goto end;
+            if (crlnumberfile != NULL) {
+                tmpser = BN_to_ASN1_INTEGER(crlnumber, NULL);
+                if (!tmpser)
+                    goto end;
+                X509_CRL_add1_ext_i2d(crl, NID_crl_number, tmpser, 0, 0);
+                ASN1_INTEGER_free(tmpser);
+                crl_v2 = 1;
+                if (!BN_add_word(crlnumber, 1))
+                    goto end;
+            }
+        }
+        if (crl_ext != NULL || crl_v2) {
+            if (!X509_CRL_set_version(crl, 1))
+                goto end;       /* version 2 CRL */
+        }
+
+        /* we have a CRL number that need updating */
+        if (crlnumberfile != NULL
+                && !save_serial(crlnumberfile, "new", crlnumber, NULL))
+            goto end;
+
+        BN_free(crlnumber);
+        crlnumber = NULL;
+
+        if (!do_X509_CRL_sign(crl, pkey, dgst, sigopts))
+            goto end;
+
+        Sout = bio_open_default(outfile, 'w',
+                                output_der ? FORMAT_ASN1 : FORMAT_TEXT);
+        if (Sout == NULL)
+            goto end;
+
+        PEM_write_bio_X509_CRL(Sout, crl);
+
+        /* Rename the crlnumber file */
+        if (crlnumberfile != NULL
+                && !rotate_serial(crlnumberfile, "new", "old"))
+            goto end;
+
+    }
+    /*****************************************************************/
+    if (dorevoke) {
+        if (infile == NULL) {
+            BIO_printf(bio_err, "no input files\n");
+            goto end;
+        } else {
+            X509 *revcert;
+            revcert = load_cert(infile, FORMAT_PEM, infile);
+            if (revcert == NULL)
+                goto end;
+            if (dorevoke == 2)
+                rev_type = REV_VALID;
+            j = do_revoke(revcert, db, rev_type, rev_arg);
+            if (j <= 0)
+                goto end;
+            X509_free(revcert);
+
+            if (!save_index(dbfile, "new", db))
+                goto end;
+
+            if (!rotate_index(dbfile, "new", "old"))
+                goto end;
+
+            BIO_printf(bio_err, "Data Base Updated\n");
+        }
+    }
+    ret = 0;
+
+ end:
+    if (ret)
+        ERR_print_errors(bio_err);
+    BIO_free_all(Sout);
+    BIO_free_all(out);
+    BIO_free_all(in);
+    sk_X509_pop_free(cert_sk, X509_free);
+
+    if (free_key)
+        OPENSSL_free(key);
+    BN_free(serial);
+    BN_free(crlnumber);
+    free_index(db);
+    sk_OPENSSL_STRING_free(sigopts);
+    EVP_PKEY_free(pkey);
+    X509_free(x509);
+    X509_CRL_free(crl);
+    NCONF_free(conf);
+    NCONF_free(extconf);
+    release_engine(e);
+    return ret;
+}
+
+static char *lookup_conf(const CONF *conf, const char *section, const char *tag)
+{
+    char *entry = NCONF_get_string(conf, section, tag);
+    if (entry == NULL)
+        BIO_printf(bio_err, "variable lookup failed for %s::%s\n", section, tag);
+    return entry;
+}
+
+static int certify(X509 **xret, const char *infile, EVP_PKEY *pkey, X509 *x509,
+                   const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
+                   STACK_OF(CONF_VALUE) *policy, CA_DB *db,
+                   BIGNUM *serial, const char *subj, unsigned long chtype,
+                   int multirdn, int email_dn, const char *startdate,
+                   const char *enddate,
+                   long days, int batch, const char *ext_sect, CONF *lconf,
+                   int verbose, unsigned long certopt, unsigned long nameopt,
+                   int default_op, int ext_copy, int selfsign)
+{
+    X509_REQ *req = NULL;
+    BIO *in = NULL;
+    EVP_PKEY *pktmp = NULL;
+    int ok = -1, i;
+
+    in = BIO_new_file(infile, "r");
+    if (in == NULL) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+    if ((req = PEM_read_bio_X509_REQ(in, NULL, NULL, NULL)) == NULL) {
+        BIO_printf(bio_err, "Error reading certificate request in %s\n",
+                   infile);
+        goto end;
+    }
+    if (verbose)
+        X509_REQ_print_ex(bio_err, req, nameopt, X509_FLAG_COMPAT);
+
+    BIO_printf(bio_err, "Check that the request matches the signature\n");
+
+    if (selfsign && !X509_REQ_check_private_key(req, pkey)) {
+        BIO_printf(bio_err,
+                   "Certificate request and CA private key do not match\n");
+        ok = 0;
+        goto end;
+    }
+    if ((pktmp = X509_REQ_get0_pubkey(req)) == NULL) {
+        BIO_printf(bio_err, "error unpacking public key\n");
+        goto end;
+    }
+    i = X509_REQ_verify(req, pktmp);
+    pktmp = NULL;
+    if (i < 0) {
+        ok = 0;
+        BIO_printf(bio_err, "Signature verification problems....\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+    if (i == 0) {
+        ok = 0;
+        BIO_printf(bio_err,
+                   "Signature did not match the certificate request\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    } else {
+        BIO_printf(bio_err, "Signature ok\n");
+    }
+
+    ok = do_body(xret, pkey, x509, dgst, sigopts, policy, db, serial, subj,
+                 chtype, multirdn, email_dn, startdate, enddate, days, batch,
+                 verbose, req, ext_sect, lconf, certopt, nameopt, default_op,
+                 ext_copy, selfsign);
+
+ end:
+    X509_REQ_free(req);
+    BIO_free(in);
+    return ok;
+}
+
+static int certify_cert(X509 **xret, const char *infile, EVP_PKEY *pkey, X509 *x509,
+                        const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
+                        STACK_OF(CONF_VALUE) *policy, CA_DB *db,
+                        BIGNUM *serial, const char *subj, unsigned long chtype,
+                        int multirdn, int email_dn, const char *startdate,
+                        const char *enddate, long days, int batch, const char *ext_sect,
+                        CONF *lconf, int verbose, unsigned long certopt,
+                        unsigned long nameopt, int default_op, int ext_copy)
+{
+    X509 *req = NULL;
+    X509_REQ *rreq = NULL;
+    EVP_PKEY *pktmp = NULL;
+    int ok = -1, i;
+
+    if ((req = load_cert(infile, FORMAT_PEM, infile)) == NULL)
+        goto end;
+    if (verbose)
+        X509_print(bio_err, req);
+
+    BIO_printf(bio_err, "Check that the request matches the signature\n");
+
+    if ((pktmp = X509_get0_pubkey(req)) == NULL) {
+        BIO_printf(bio_err, "error unpacking public key\n");
+        goto end;
+    }
+    i = X509_verify(req, pktmp);
+    if (i < 0) {
+        ok = 0;
+        BIO_printf(bio_err, "Signature verification problems....\n");
+        goto end;
+    }
+    if (i == 0) {
+        ok = 0;
+        BIO_printf(bio_err, "Signature did not match the certificate\n");
+        goto end;
+    } else {
+        BIO_printf(bio_err, "Signature ok\n");
+    }
+
+    if ((rreq = X509_to_X509_REQ(req, NULL, NULL)) == NULL)
+        goto end;
+
+    ok = do_body(xret, pkey, x509, dgst, sigopts, policy, db, serial, subj,
+                 chtype, multirdn, email_dn, startdate, enddate, days, batch,
+                 verbose, rreq, ext_sect, lconf, certopt, nameopt, default_op,
+                 ext_copy, 0);
+
+ end:
+    X509_REQ_free(rreq);
+    X509_free(req);
+    return ok;
+}
+
+static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
+                   const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
+                   STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,
+                   const char *subj, unsigned long chtype, int multirdn,
+                   int email_dn, const char *startdate, const char *enddate, long days,
+                   int batch, int verbose, X509_REQ *req, const char *ext_sect,
+                   CONF *lconf, unsigned long certopt, unsigned long nameopt,
+                   int default_op, int ext_copy, int selfsign)
+{
+    X509_NAME *name = NULL, *CAname = NULL, *subject = NULL;
+    const ASN1_TIME *tm;
+    ASN1_STRING *str, *str2;
+    ASN1_OBJECT *obj;
+    X509 *ret = NULL;
+    X509_NAME_ENTRY *ne, *tne;
+    EVP_PKEY *pktmp;
+    int ok = -1, i, j, last, nid;
+    const char *p;
+    CONF_VALUE *cv;
+    OPENSSL_STRING row[DB_NUMBER];
+    OPENSSL_STRING *irow = NULL;
+    OPENSSL_STRING *rrow = NULL;
+    char buf[25];
+
+    for (i = 0; i < DB_NUMBER; i++)
+        row[i] = NULL;
+
+    if (subj) {
+        X509_NAME *n = parse_name(subj, chtype, multirdn);
+
+        if (!n) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        X509_REQ_set_subject_name(req, n);
+        X509_NAME_free(n);
+    }
+
+    if (default_op)
+        BIO_printf(bio_err, "The Subject's Distinguished Name is as follows\n");
+
+    name = X509_REQ_get_subject_name(req);
+    for (i = 0; i < X509_NAME_entry_count(name); i++) {
+        ne = X509_NAME_get_entry(name, i);
+        str = X509_NAME_ENTRY_get_data(ne);
+        obj = X509_NAME_ENTRY_get_object(ne);
+        nid = OBJ_obj2nid(obj);
+
+        if (msie_hack) {
+            /* assume all type should be strings */
+
+            if (str->type == V_ASN1_UNIVERSALSTRING)
+                ASN1_UNIVERSALSTRING_to_string(str);
+
+            if (str->type == V_ASN1_IA5STRING && nid != NID_pkcs9_emailAddress)
+                str->type = V_ASN1_T61STRING;
+
+            if (nid == NID_pkcs9_emailAddress
+                && str->type == V_ASN1_PRINTABLESTRING)
+                str->type = V_ASN1_IA5STRING;
+        }
+
+        /* If no EMAIL is wanted in the subject */
+        if (nid == NID_pkcs9_emailAddress && !email_dn)
+            continue;
+
+        /* check some things */
+        if (nid == NID_pkcs9_emailAddress && str->type != V_ASN1_IA5STRING) {
+            BIO_printf(bio_err,
+                       "\nemailAddress type needs to be of type IA5STRING\n");
+            goto end;
+        }
+        if (str->type != V_ASN1_BMPSTRING && str->type != V_ASN1_UTF8STRING) {
+            j = ASN1_PRINTABLE_type(str->data, str->length);
+            if ((j == V_ASN1_T61STRING && str->type != V_ASN1_T61STRING) ||
+                (j == V_ASN1_IA5STRING && str->type == V_ASN1_PRINTABLESTRING))
+            {
+                BIO_printf(bio_err,
+                           "\nThe string contains characters that are illegal for the ASN.1 type\n");
+                goto end;
+            }
+        }
+
+        if (default_op)
+            old_entry_print(obj, str);
+    }
+
+    /* Ok, now we check the 'policy' stuff. */
+    if ((subject = X509_NAME_new()) == NULL) {
+        BIO_printf(bio_err, "Memory allocation failure\n");
+        goto end;
+    }
+
+    /* take a copy of the issuer name before we mess with it. */
+    if (selfsign)
+        CAname = X509_NAME_dup(name);
+    else
+        CAname = X509_NAME_dup(X509_get_subject_name(x509));
+    if (CAname == NULL)
+        goto end;
+    str = str2 = NULL;
+
+    for (i = 0; i < sk_CONF_VALUE_num(policy); i++) {
+        cv = sk_CONF_VALUE_value(policy, i); /* get the object id */
+        if ((j = OBJ_txt2nid(cv->name)) == NID_undef) {
+            BIO_printf(bio_err,
+                       "%s:unknown object type in 'policy' configuration\n",
+                       cv->name);
+            goto end;
+        }
+        obj = OBJ_nid2obj(j);
+
+        last = -1;
+        for (;;) {
+            X509_NAME_ENTRY *push = NULL;
+
+            /* lookup the object in the supplied name list */
+            j = X509_NAME_get_index_by_OBJ(name, obj, last);
+            if (j < 0) {
+                if (last != -1)
+                    break;
+                tne = NULL;
+            } else {
+                tne = X509_NAME_get_entry(name, j);
+            }
+            last = j;
+
+            /* depending on the 'policy', decide what to do. */
+            if (strcmp(cv->value, "optional") == 0) {
+                if (tne != NULL)
+                    push = tne;
+            } else if (strcmp(cv->value, "supplied") == 0) {
+                if (tne == NULL) {
+                    BIO_printf(bio_err,
+                               "The %s field needed to be supplied and was missing\n",
+                               cv->name);
+                    goto end;
+                } else {
+                    push = tne;
+                }
+            } else if (strcmp(cv->value, "match") == 0) {
+                int last2;
+
+                if (tne == NULL) {
+                    BIO_printf(bio_err,
+                               "The mandatory %s field was missing\n",
+                               cv->name);
+                    goto end;
+                }
+
+                last2 = -1;
+
+ again2:
+                j = X509_NAME_get_index_by_OBJ(CAname, obj, last2);
+                if ((j < 0) && (last2 == -1)) {
+                    BIO_printf(bio_err,
+                               "The %s field does not exist in the CA certificate,\n"
+                               "the 'policy' is misconfigured\n", cv->name);
+                    goto end;
+                }
+                if (j >= 0) {
+                    push = X509_NAME_get_entry(CAname, j);
+                    str = X509_NAME_ENTRY_get_data(tne);
+                    str2 = X509_NAME_ENTRY_get_data(push);
+                    last2 = j;
+                    if (ASN1_STRING_cmp(str, str2) != 0)
+                        goto again2;
+                }
+                if (j < 0) {
+                    BIO_printf(bio_err,
+                               "The %s field is different between\n"
+                               "CA certificate (%s) and the request (%s)\n",
+                               cv->name,
+                               ((str2 == NULL) ? "NULL" : (char *)str2->data),
+                               ((str == NULL) ? "NULL" : (char *)str->data));
+                    goto end;
+                }
+            } else {
+                BIO_printf(bio_err,
+                           "%s:invalid type in 'policy' configuration\n",
+                           cv->value);
+                goto end;
+            }
+
+            if (push != NULL) {
+                if (!X509_NAME_add_entry(subject, push, -1, 0)) {
+                    BIO_printf(bio_err, "Memory allocation failure\n");
+                    goto end;
+                }
+            }
+            if (j < 0)
+                break;
+        }
+    }
+
+    if (preserve) {
+        X509_NAME_free(subject);
+        /* subject=X509_NAME_dup(X509_REQ_get_subject_name(req)); */
+        subject = X509_NAME_dup(name);
+        if (subject == NULL)
+            goto end;
+    }
+
+    /* We are now totally happy, lets make and sign the certificate */
+    if (verbose)
+        BIO_printf(bio_err,
+                   "Everything appears to be ok, creating and signing the certificate\n");
+
+    if ((ret = X509_new()) == NULL)
+        goto end;
+
+#ifdef X509_V3
+    /* Make it an X509 v3 certificate. */
+    if (!X509_set_version(ret, 2))
+        goto end;
+#endif
+
+    if (BN_to_ASN1_INTEGER(serial, X509_get_serialNumber(ret)) == NULL)
+        goto end;
+    if (selfsign) {
+        if (!X509_set_issuer_name(ret, subject))
+            goto end;
+    } else {
+        if (!X509_set_issuer_name(ret, X509_get_subject_name(x509)))
+            goto end;
+    }
+
+    if (!set_cert_times(ret, startdate, enddate, days))
+        goto end;
+
+    if (enddate != NULL) {
+        int tdays;
+
+        if (!ASN1_TIME_diff(&tdays, NULL, NULL, X509_get0_notAfter(ret)))
+            goto end;
+        days = tdays;
+    }
+
+    if (!X509_set_subject_name(ret, subject))
+        goto end;
+
+    pktmp = X509_REQ_get0_pubkey(req);
+    i = X509_set_pubkey(ret, pktmp);
+    if (!i)
+        goto end;
+
+    /* Lets add the extensions, if there are any */
+    if (ext_sect) {
+        X509V3_CTX ctx;
+
+        /* Initialize the context structure */
+        if (selfsign)
+            X509V3_set_ctx(&ctx, ret, ret, req, NULL, 0);
+        else
+            X509V3_set_ctx(&ctx, x509, ret, req, NULL, 0);
+
+        if (extconf != NULL) {
+            if (verbose)
+                BIO_printf(bio_err, "Extra configuration file found\n");
+
+            /* Use the extconf configuration db LHASH */
+            X509V3_set_nconf(&ctx, extconf);
+
+            /* Test the structure (needed?) */
+            /* X509V3_set_ctx_test(&ctx); */
+
+            /* Adds exts contained in the configuration file */
+            if (!X509V3_EXT_add_nconf(extconf, &ctx, ext_sect, ret)) {
+                BIO_printf(bio_err,
+                           "ERROR: adding extensions in section %s\n",
+                           ext_sect);
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+            if (verbose)
+                BIO_printf(bio_err,
+                           "Successfully added extensions from file.\n");
+        } else if (ext_sect) {
+            /* We found extensions to be set from config file */
+            X509V3_set_nconf(&ctx, lconf);
+
+            if (!X509V3_EXT_add_nconf(lconf, &ctx, ext_sect, ret)) {
+                BIO_printf(bio_err,
+                           "ERROR: adding extensions in section %s\n",
+                           ext_sect);
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+
+            if (verbose)
+                BIO_printf(bio_err,
+                           "Successfully added extensions from config\n");
+        }
+    }
+
+    /* Copy extensions from request (if any) */
+
+    if (!copy_extensions(ret, req, ext_copy)) {
+        BIO_printf(bio_err, "ERROR: adding extensions from request\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    {
+        const STACK_OF(X509_EXTENSION) *exts = X509_get0_extensions(ret);
+
+        if (exts != NULL && sk_X509_EXTENSION_num(exts) > 0)
+            /* Make it an X509 v3 certificate. */
+            if (!X509_set_version(ret, 2))
+                goto end;
+    }
+
+    if (verbose)
+        BIO_printf(bio_err,
+                   "The subject name appears to be ok, checking data base for clashes\n");
+
+    /* Build the correct Subject if no e-mail is wanted in the subject. */
+    if (!email_dn) {
+        X509_NAME_ENTRY *tmpne;
+        X509_NAME *dn_subject;
+
+        /*
+         * Its best to dup the subject DN and then delete any email addresses
+         * because this retains its structure.
+         */
+        if ((dn_subject = X509_NAME_dup(subject)) == NULL) {
+            BIO_printf(bio_err, "Memory allocation failure\n");
+            goto end;
+        }
+        i = -1;
+        while ((i = X509_NAME_get_index_by_NID(dn_subject,
+                                               NID_pkcs9_emailAddress,
+                                               i)) >= 0) {
+            tmpne = X509_NAME_delete_entry(dn_subject, i--);
+            X509_NAME_ENTRY_free(tmpne);
+        }
+
+        if (!X509_set_subject_name(ret, dn_subject)) {
+            X509_NAME_free(dn_subject);
+            goto end;
+        }
+        X509_NAME_free(dn_subject);
+    }
+
+    row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0);
+    if (row[DB_name] == NULL) {
+        BIO_printf(bio_err, "Memory allocation failure\n");
+        goto end;
+    }
+
+    if (BN_is_zero(serial))
+        row[DB_serial] = OPENSSL_strdup("00");
+    else
+        row[DB_serial] = BN_bn2hex(serial);
+    if (row[DB_serial] == NULL) {
+        BIO_printf(bio_err, "Memory allocation failure\n");
+        goto end;
+    }
+
+    if (row[DB_name][0] == '\0') {
+        /*
+         * An empty subject! We'll use the serial number instead. If
+         * unique_subject is in use then we don't want different entries with
+         * empty subjects matching each other.
+         */
+        OPENSSL_free(row[DB_name]);
+        row[DB_name] = OPENSSL_strdup(row[DB_serial]);
+        if (row[DB_name] == NULL) {
+            BIO_printf(bio_err, "Memory allocation failure\n");
+            goto end;
+        }
+    }
+
+    if (db->attributes.unique_subject) {
+        OPENSSL_STRING *crow = row;
+
+        rrow = TXT_DB_get_by_index(db->db, DB_name, crow);
+        if (rrow != NULL) {
+            BIO_printf(bio_err,
+                       "ERROR:There is already a certificate for %s\n",
+                       row[DB_name]);
+        }
+    }
+    if (rrow == NULL) {
+        rrow = TXT_DB_get_by_index(db->db, DB_serial, row);
+        if (rrow != NULL) {
+            BIO_printf(bio_err,
+                       "ERROR:Serial number %s has already been issued,\n",
+                       row[DB_serial]);
+            BIO_printf(bio_err,
+                       "      check the database/serial_file for corruption\n");
+        }
+    }
+
+    if (rrow != NULL) {
+        BIO_printf(bio_err, "The matching entry has the following details\n");
+        if (rrow[DB_type][0] == DB_TYPE_EXP)
+            p = "Expired";
+        else if (rrow[DB_type][0] == DB_TYPE_REV)
+            p = "Revoked";
+        else if (rrow[DB_type][0] == DB_TYPE_VAL)
+            p = "Valid";
+        else
+            p = "\ninvalid type, Data base error\n";
+        BIO_printf(bio_err, "Type          :%s\n", p);;
+        if (rrow[DB_type][0] == DB_TYPE_REV) {
+            p = rrow[DB_exp_date];
+            if (p == NULL)
+                p = "undef";
+            BIO_printf(bio_err, "Was revoked on:%s\n", p);
+        }
+        p = rrow[DB_exp_date];
+        if (p == NULL)
+            p = "undef";
+        BIO_printf(bio_err, "Expires on    :%s\n", p);
+        p = rrow[DB_serial];
+        if (p == NULL)
+            p = "undef";
+        BIO_printf(bio_err, "Serial Number :%s\n", p);
+        p = rrow[DB_file];
+        if (p == NULL)
+            p = "undef";
+        BIO_printf(bio_err, "File name     :%s\n", p);
+        p = rrow[DB_name];
+        if (p == NULL)
+            p = "undef";
+        BIO_printf(bio_err, "Subject Name  :%s\n", p);
+        ok = -1;                /* This is now a 'bad' error. */
+        goto end;
+    }
+
+    if (!default_op) {
+        BIO_printf(bio_err, "Certificate Details:\n");
+        /*
+         * Never print signature details because signature not present
+         */
+        certopt |= X509_FLAG_NO_SIGDUMP | X509_FLAG_NO_SIGNAME;
+        X509_print_ex(bio_err, ret, nameopt, certopt);
+    }
+
+    BIO_printf(bio_err, "Certificate is to be certified until ");
+    ASN1_TIME_print(bio_err, X509_get0_notAfter(ret));
+    if (days)
+        BIO_printf(bio_err, " (%ld days)", days);
+    BIO_printf(bio_err, "\n");
+
+    if (!batch) {
+
+        BIO_printf(bio_err, "Sign the certificate? [y/n]:");
+        (void)BIO_flush(bio_err);
+        buf[0] = '\0';
+        if (fgets(buf, sizeof(buf), stdin) == NULL) {
+            BIO_printf(bio_err,
+                       "CERTIFICATE WILL NOT BE CERTIFIED: I/O error\n");
+            ok = 0;
+            goto end;
+        }
+        if (!(buf[0] == 'y' || buf[0] == 'Y')) {
+            BIO_printf(bio_err, "CERTIFICATE WILL NOT BE CERTIFIED\n");
+            ok = 0;
+            goto end;
+        }
+    }
+
+    pktmp = X509_get0_pubkey(ret);
+    if (EVP_PKEY_missing_parameters(pktmp) &&
+        !EVP_PKEY_missing_parameters(pkey))
+        EVP_PKEY_copy_parameters(pktmp, pkey);
+
+    if (!do_X509_sign(ret, pkey, dgst, sigopts))
+        goto end;
+
+    /* We now just add it to the database as DB_TYPE_VAL('V') */
+    row[DB_type] = OPENSSL_strdup("V");
+    tm = X509_get0_notAfter(ret);
+    row[DB_exp_date] = app_malloc(tm->length + 1, "row expdate");
+    memcpy(row[DB_exp_date], tm->data, tm->length);
+    row[DB_exp_date][tm->length] = '\0';
+    row[DB_rev_date] = NULL;
+    row[DB_file] = OPENSSL_strdup("unknown");
+    if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
+        (row[DB_file] == NULL) || (row[DB_name] == NULL)) {
+        BIO_printf(bio_err, "Memory allocation failure\n");
+        goto end;
+    }
+
+    irow = app_malloc(sizeof(*irow) * (DB_NUMBER + 1), "row space");
+    for (i = 0; i < DB_NUMBER; i++)
+        irow[i] = row[i];
+    irow[DB_NUMBER] = NULL;
+
+    if (!TXT_DB_insert(db->db, irow)) {
+        BIO_printf(bio_err, "failed to update database\n");
+        BIO_printf(bio_err, "TXT_DB error number %ld\n", db->db->error);
+        goto end;
+    }
+    irow = NULL;
+    ok = 1;
+ end:
+    if (ok != 1) {
+        for (i = 0; i < DB_NUMBER; i++)
+            OPENSSL_free(row[i]);
+    }
+    OPENSSL_free(irow);
+
+    X509_NAME_free(CAname);
+    X509_NAME_free(subject);
+    if (ok <= 0)
+        X509_free(ret);
+    else
+        *xret = ret;
+    return ok;
+}
+
+static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext)
+{
+
+    if (output_der) {
+        (void)i2d_X509_bio(bp, x);
+        return;
+    }
+    if (!notext)
+        X509_print(bp, x);
+    PEM_write_bio_X509(bp, x);
+}
+
+static int certify_spkac(X509 **xret, const char *infile, EVP_PKEY *pkey,
+                         X509 *x509, const EVP_MD *dgst,
+                         STACK_OF(OPENSSL_STRING) *sigopts,
+                         STACK_OF(CONF_VALUE) *policy, CA_DB *db,
+                         BIGNUM *serial, const char *subj, unsigned long chtype,
+                         int multirdn, int email_dn, const char *startdate,
+                         const char *enddate, long days, const char *ext_sect,
+                         CONF *lconf, int verbose, unsigned long certopt,
+                         unsigned long nameopt, int default_op, int ext_copy)
+{
+    STACK_OF(CONF_VALUE) *sk = NULL;
+    LHASH_OF(CONF_VALUE) *parms = NULL;
+    X509_REQ *req = NULL;
+    CONF_VALUE *cv = NULL;
+    NETSCAPE_SPKI *spki = NULL;
+    char *type, *buf;
+    EVP_PKEY *pktmp = NULL;
+    X509_NAME *n = NULL;
+    X509_NAME_ENTRY *ne = NULL;
+    int ok = -1, i, j;
+    long errline;
+    int nid;
+
+    /*
+     * Load input file into a hash table.  (This is just an easy
+     * way to read and parse the file, then put it into a convenient
+     * STACK format).
+     */
+    parms = CONF_load(NULL, infile, &errline);
+    if (parms == NULL) {
+        BIO_printf(bio_err, "error on line %ld of %s\n", errline, infile);
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    sk = CONF_get_section(parms, "default");
+    if (sk_CONF_VALUE_num(sk) == 0) {
+        BIO_printf(bio_err, "no name/value pairs found in %s\n", infile);
+        goto end;
+    }
+
+    /*
+     * Now create a dummy X509 request structure.  We don't actually
+     * have an X509 request, but we have many of the components
+     * (a public key, various DN components).  The idea is that we
+     * put these components into the right X509 request structure
+     * and we can use the same code as if you had a real X509 request.
+     */
+    req = X509_REQ_new();
+    if (req == NULL) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    /*
+     * Build up the subject name set.
+     */
+    n = X509_REQ_get_subject_name(req);
+
+    for (i = 0;; i++) {
+        if (sk_CONF_VALUE_num(sk) <= i)
+            break;
+
+        cv = sk_CONF_VALUE_value(sk, i);
+        type = cv->name;
+        /*
+         * Skip past any leading X. X: X, etc to allow for multiple instances
+         */
+        for (buf = cv->name; *buf; buf++)
+            if ((*buf == ':') || (*buf == ',') || (*buf == '.')) {
+                buf++;
+                if (*buf)
+                    type = buf;
+                break;
+            }
+
+        buf = cv->value;
+        if ((nid = OBJ_txt2nid(type)) == NID_undef) {
+            if (strcmp(type, "SPKAC") == 0) {
+                spki = NETSCAPE_SPKI_b64_decode(cv->value, -1);
+                if (spki == NULL) {
+                    BIO_printf(bio_err,
+                               "unable to load Netscape SPKAC structure\n");
+                    ERR_print_errors(bio_err);
+                    goto end;
+                }
+            }
+            continue;
+        }
+
+        if (!X509_NAME_add_entry_by_NID(n, nid, chtype,
+                                        (unsigned char *)buf, -1, -1, 0))
+            goto end;
+    }
+    if (spki == NULL) {
+        BIO_printf(bio_err, "Netscape SPKAC structure not found in %s\n",
+                   infile);
+        goto end;
+    }
+
+    /*
+     * Now extract the key from the SPKI structure.
+     */
+
+    BIO_printf(bio_err, "Check that the SPKAC request matches the signature\n");
+
+    if ((pktmp = NETSCAPE_SPKI_get_pubkey(spki)) == NULL) {
+        BIO_printf(bio_err, "error unpacking SPKAC public key\n");
+        goto end;
+    }
+
+    j = NETSCAPE_SPKI_verify(spki, pktmp);
+    if (j <= 0) {
+        EVP_PKEY_free(pktmp);
+        BIO_printf(bio_err,
+                   "signature verification failed on SPKAC public key\n");
+        goto end;
+    }
+    BIO_printf(bio_err, "Signature ok\n");
+
+    X509_REQ_set_pubkey(req, pktmp);
+    EVP_PKEY_free(pktmp);
+    ok = do_body(xret, pkey, x509, dgst, sigopts, policy, db, serial, subj,
+                 chtype, multirdn, email_dn, startdate, enddate, days, 1,
+                 verbose, req, ext_sect, lconf, certopt, nameopt, default_op,
+                 ext_copy, 0);
+ end:
+    X509_REQ_free(req);
+    CONF_free(parms);
+    NETSCAPE_SPKI_free(spki);
+    X509_NAME_ENTRY_free(ne);
+
+    return ok;
+}
+
+static int check_time_format(const char *str)
+{
+    return ASN1_TIME_set_string(NULL, str);
+}
+
+static int do_revoke(X509 *x509, CA_DB *db, REVINFO_TYPE rev_type,
+                     const char *value)
+{
+    const ASN1_TIME *tm = NULL;
+    char *row[DB_NUMBER], **rrow, **irow;
+    char *rev_str = NULL;
+    BIGNUM *bn = NULL;
+    int ok = -1, i;
+
+    for (i = 0; i < DB_NUMBER; i++)
+        row[i] = NULL;
+    row[DB_name] = X509_NAME_oneline(X509_get_subject_name(x509), NULL, 0);
+    bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509), NULL);
+    if (!bn)
+        goto end;
+    if (BN_is_zero(bn))
+        row[DB_serial] = OPENSSL_strdup("00");
+    else
+        row[DB_serial] = BN_bn2hex(bn);
+    BN_free(bn);
+    if (row[DB_name] != NULL && row[DB_name][0] == '\0') {
+        /* Entries with empty Subjects actually use the serial number instead */
+        OPENSSL_free(row[DB_name]);
+        row[DB_name] = OPENSSL_strdup(row[DB_serial]);
+    }
+    if ((row[DB_name] == NULL) || (row[DB_serial] == NULL)) {
+        BIO_printf(bio_err, "Memory allocation failure\n");
+        goto end;
+    }
+    /*
+     * We have to lookup by serial number because name lookup skips revoked
+     * certs
+     */
+    rrow = TXT_DB_get_by_index(db->db, DB_serial, row);
+    if (rrow == NULL) {
+        BIO_printf(bio_err,
+                   "Adding Entry with serial number %s to DB for %s\n",
+                   row[DB_serial], row[DB_name]);
+
+        /* We now just add it to the database as DB_TYPE_REV('V') */
+        row[DB_type] = OPENSSL_strdup("V");
+        tm = X509_get0_notAfter(x509);
+        row[DB_exp_date] = app_malloc(tm->length + 1, "row exp_data");
+        memcpy(row[DB_exp_date], tm->data, tm->length);
+        row[DB_exp_date][tm->length] = '\0';
+        row[DB_rev_date] = NULL;
+        row[DB_file] = OPENSSL_strdup("unknown");
+
+        if (row[DB_type] == NULL || row[DB_file] == NULL) {
+            BIO_printf(bio_err, "Memory allocation failure\n");
+            goto end;
+        }
+
+        irow = app_malloc(sizeof(*irow) * (DB_NUMBER + 1), "row ptr");
+        for (i = 0; i < DB_NUMBER; i++)
+            irow[i] = row[i];
+        irow[DB_NUMBER] = NULL;
+
+        if (!TXT_DB_insert(db->db, irow)) {
+            BIO_printf(bio_err, "failed to update database\n");
+            BIO_printf(bio_err, "TXT_DB error number %ld\n", db->db->error);
+            OPENSSL_free(irow);
+            goto end;
+        }
+
+        for (i = 0; i < DB_NUMBER; i++)
+            row[i] = NULL;
+
+        /* Revoke Certificate */
+        if (rev_type == REV_VALID)
+            ok = 1;
+        else
+            /* Retry revocation after DB insertion */
+            ok = do_revoke(x509, db, rev_type, value);
+
+        goto end;
+
+    } else if (index_name_cmp_noconst(row, rrow)) {
+        BIO_printf(bio_err, "ERROR:name does not match %s\n", row[DB_name]);
+        goto end;
+    } else if (rev_type == REV_VALID) {
+        BIO_printf(bio_err, "ERROR:Already present, serial number %s\n",
+                   row[DB_serial]);
+        goto end;
+    } else if (rrow[DB_type][0] == DB_TYPE_REV) {
+        BIO_printf(bio_err, "ERROR:Already revoked, serial number %s\n",
+                   row[DB_serial]);
+        goto end;
+    } else {
+        BIO_printf(bio_err, "Revoking Certificate %s.\n", rrow[DB_serial]);
+        rev_str = make_revocation_str(rev_type, value);
+        if (!rev_str) {
+            BIO_printf(bio_err, "Error in revocation arguments\n");
+            goto end;
+        }
+        rrow[DB_type][0] = DB_TYPE_REV;
+        rrow[DB_type][1] = '\0';
+        rrow[DB_rev_date] = rev_str;
+    }
+    ok = 1;
+ end:
+    for (i = 0; i < DB_NUMBER; i++)
+        OPENSSL_free(row[i]);
+    return ok;
+}
+
+static int get_certificate_status(const char *serial, CA_DB *db)
+{
+    char *row[DB_NUMBER], **rrow;
+    int ok = -1, i;
+    size_t serial_len = strlen(serial);
+
+    /* Free Resources */
+    for (i = 0; i < DB_NUMBER; i++)
+        row[i] = NULL;
+
+    /* Malloc needed char spaces */
+    row[DB_serial] = app_malloc(serial_len + 2, "row serial#");
+
+    if (serial_len % 2) {
+        /*
+         * Set the first char to 0
+         */
+        row[DB_serial][0] = '0';
+
+        /* Copy String from serial to row[DB_serial] */
+        memcpy(row[DB_serial] + 1, serial, serial_len);
+        row[DB_serial][serial_len + 1] = '\0';
+    } else {
+        /* Copy String from serial to row[DB_serial] */
+        memcpy(row[DB_serial], serial, serial_len);
+        row[DB_serial][serial_len] = '\0';
+    }
+
+    /* Make it Upper Case */
+    make_uppercase(row[DB_serial]);
+
+    ok = 1;
+
+    /* Search for the certificate */
+    rrow = TXT_DB_get_by_index(db->db, DB_serial, row);
+    if (rrow == NULL) {
+        BIO_printf(bio_err, "Serial %s not present in db.\n", row[DB_serial]);
+        ok = -1;
+        goto end;
+    } else if (rrow[DB_type][0] == DB_TYPE_VAL) {
+        BIO_printf(bio_err, "%s=Valid (%c)\n",
+                   row[DB_serial], rrow[DB_type][0]);
+        goto end;
+    } else if (rrow[DB_type][0] == DB_TYPE_REV) {
+        BIO_printf(bio_err, "%s=Revoked (%c)\n",
+                   row[DB_serial], rrow[DB_type][0]);
+        goto end;
+    } else if (rrow[DB_type][0] == DB_TYPE_EXP) {
+        BIO_printf(bio_err, "%s=Expired (%c)\n",
+                   row[DB_serial], rrow[DB_type][0]);
+        goto end;
+    } else if (rrow[DB_type][0] == DB_TYPE_SUSP) {
+        BIO_printf(bio_err, "%s=Suspended (%c)\n",
+                   row[DB_serial], rrow[DB_type][0]);
+        goto end;
+    } else {
+        BIO_printf(bio_err, "%s=Unknown (%c).\n",
+                   row[DB_serial], rrow[DB_type][0]);
+        ok = -1;
+    }
+ end:
+    for (i = 0; i < DB_NUMBER; i++) {
+        OPENSSL_free(row[i]);
+    }
+    return ok;
+}
+
+static int do_updatedb(CA_DB *db)
+{
+    ASN1_UTCTIME *a_tm = NULL;
+    int i, cnt = 0;
+    int db_y2k, a_y2k;          /* flags = 1 if y >= 2000 */
+    char **rrow, *a_tm_s;
+
+    a_tm = ASN1_UTCTIME_new();
+    if (a_tm == NULL)
+        return -1;
+
+    /* get actual time and make a string */
+    if (X509_gmtime_adj(a_tm, 0) == NULL) {
+        ASN1_UTCTIME_free(a_tm);
+        return -1;
+    }
+    a_tm_s = app_malloc(a_tm->length + 1, "time string");
+
+    memcpy(a_tm_s, a_tm->data, a_tm->length);
+    a_tm_s[a_tm->length] = '\0';
+
+    if (strncmp(a_tm_s, "49", 2) <= 0)
+        a_y2k = 1;
+    else
+        a_y2k = 0;
+
+    for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
+        rrow = sk_OPENSSL_PSTRING_value(db->db->data, i);
+
+        if (rrow[DB_type][0] == DB_TYPE_VAL) {
+            /* ignore entries that are not valid */
+            if (strncmp(rrow[DB_exp_date], "49", 2) <= 0)
+                db_y2k = 1;
+            else
+                db_y2k = 0;
+
+            if (db_y2k == a_y2k) {
+                /* all on the same y2k side */
+                if (strcmp(rrow[DB_exp_date], a_tm_s) <= 0) {
+                    rrow[DB_type][0] = DB_TYPE_EXP;
+                    rrow[DB_type][1] = '\0';
+                    cnt++;
+
+                    BIO_printf(bio_err, "%s=Expired\n", rrow[DB_serial]);
+                }
+            } else if (db_y2k < a_y2k) {
+                rrow[DB_type][0] = DB_TYPE_EXP;
+                rrow[DB_type][1] = '\0';
+                cnt++;
+
+                BIO_printf(bio_err, "%s=Expired\n", rrow[DB_serial]);
+            }
+
+        }
+    }
+
+    ASN1_UTCTIME_free(a_tm);
+    OPENSSL_free(a_tm_s);
+    return cnt;
+}
+
+static const char *crl_reasons[] = {
+    /* CRL reason strings */
+    "unspecified",
+    "keyCompromise",
+    "CACompromise",
+    "affiliationChanged",
+    "superseded",
+    "cessationOfOperation",
+    "certificateHold",
+    "removeFromCRL",
+    /* Additional pseudo reasons */
+    "holdInstruction",
+    "keyTime",
+    "CAkeyTime"
+};
+
+#define NUM_REASONS OSSL_NELEM(crl_reasons)
+
+/*
+ * Given revocation information convert to a DB string. The format of the
+ * string is: revtime[,reason,extra]. Where 'revtime' is the revocation time
+ * (the current time). 'reason' is the optional CRL reason and 'extra' is any
+ * additional argument
+ */
+
+static char *make_revocation_str(REVINFO_TYPE rev_type, const char *rev_arg)
+{
+    char *str;
+    const char *reason = NULL, *other = NULL;
+    ASN1_OBJECT *otmp;
+    ASN1_UTCTIME *revtm = NULL;
+    int i;
+
+    switch (rev_type) {
+    case REV_NONE:
+    case REV_VALID:
+        break;
+
+    case REV_CRL_REASON:
+        for (i = 0; i < 8; i++) {
+            if (strcasecmp(rev_arg, crl_reasons[i]) == 0) {
+                reason = crl_reasons[i];
+                break;
+            }
+        }
+        if (reason == NULL) {
+            BIO_printf(bio_err, "Unknown CRL reason %s\n", rev_arg);
+            return NULL;
+        }
+        break;
+
+    case REV_HOLD:
+        /* Argument is an OID */
+        otmp = OBJ_txt2obj(rev_arg, 0);
+        ASN1_OBJECT_free(otmp);
+
+        if (otmp == NULL) {
+            BIO_printf(bio_err, "Invalid object identifier %s\n", rev_arg);
+            return NULL;
+        }
+
+        reason = "holdInstruction";
+        other = rev_arg;
+        break;
+
+    case REV_KEY_COMPROMISE:
+    case REV_CA_COMPROMISE:
+        /* Argument is the key compromise time  */
+        if (!ASN1_GENERALIZEDTIME_set_string(NULL, rev_arg)) {
+            BIO_printf(bio_err,
+                       "Invalid time format %s. Need YYYYMMDDHHMMSSZ\n",
+                       rev_arg);
+            return NULL;
+        }
+        other = rev_arg;
+        if (rev_type == REV_KEY_COMPROMISE)
+            reason = "keyTime";
+        else
+            reason = "CAkeyTime";
+
+        break;
+    }
+
+    revtm = X509_gmtime_adj(NULL, 0);
+
+    if (!revtm)
+        return NULL;
+
+    i = revtm->length + 1;
+
+    if (reason)
+        i += strlen(reason) + 1;
+    if (other)
+        i += strlen(other) + 1;
+
+    str = app_malloc(i, "revocation reason");
+    OPENSSL_strlcpy(str, (char *)revtm->data, i);
+    if (reason) {
+        OPENSSL_strlcat(str, ",", i);
+        OPENSSL_strlcat(str, reason, i);
+    }
+    if (other) {
+        OPENSSL_strlcat(str, ",", i);
+        OPENSSL_strlcat(str, other, i);
+    }
+    ASN1_UTCTIME_free(revtm);
+    return str;
+}
+
+/*-
+ * Convert revocation field to X509_REVOKED entry
+ * return code:
+ * 0 error
+ * 1 OK
+ * 2 OK and some extensions added (i.e. V2 CRL)
+ */
+
+static int make_revoked(X509_REVOKED *rev, const char *str)
+{
+    char *tmp = NULL;
+    int reason_code = -1;
+    int i, ret = 0;
+    ASN1_OBJECT *hold = NULL;
+    ASN1_GENERALIZEDTIME *comp_time = NULL;
+    ASN1_ENUMERATED *rtmp = NULL;
+
+    ASN1_TIME *revDate = NULL;
+
+    i = unpack_revinfo(&revDate, &reason_code, &hold, &comp_time, str);
+
+    if (i == 0)
+        goto end;
+
+    if (rev && !X509_REVOKED_set_revocationDate(rev, revDate))
+        goto end;
+
+    if (rev && (reason_code != OCSP_REVOKED_STATUS_NOSTATUS)) {
+        rtmp = ASN1_ENUMERATED_new();
+        if (rtmp == NULL || !ASN1_ENUMERATED_set(rtmp, reason_code))
+            goto end;
+        if (!X509_REVOKED_add1_ext_i2d(rev, NID_crl_reason, rtmp, 0, 0))
+            goto end;
+    }
+
+    if (rev && comp_time) {
+        if (!X509_REVOKED_add1_ext_i2d
+            (rev, NID_invalidity_date, comp_time, 0, 0))
+            goto end;
+    }
+    if (rev && hold) {
+        if (!X509_REVOKED_add1_ext_i2d
+            (rev, NID_hold_instruction_code, hold, 0, 0))
+            goto end;
+    }
+
+    if (reason_code != OCSP_REVOKED_STATUS_NOSTATUS)
+        ret = 2;
+    else
+        ret = 1;
+
+ end:
+
+    OPENSSL_free(tmp);
+    ASN1_OBJECT_free(hold);
+    ASN1_GENERALIZEDTIME_free(comp_time);
+    ASN1_ENUMERATED_free(rtmp);
+    ASN1_TIME_free(revDate);
+
+    return ret;
+}
+
+static int old_entry_print(const ASN1_OBJECT *obj, const ASN1_STRING *str)
+{
+    char buf[25], *pbuf;
+    const char *p;
+    int j;
+
+    j = i2a_ASN1_OBJECT(bio_err, obj);
+    pbuf = buf;
+    for (j = 22 - j; j > 0; j--)
+        *(pbuf++) = ' ';
+    *(pbuf++) = ':';
+    *(pbuf++) = '\0';
+    BIO_puts(bio_err, buf);
+
+    if (str->type == V_ASN1_PRINTABLESTRING)
+        BIO_printf(bio_err, "PRINTABLE:'");
+    else if (str->type == V_ASN1_T61STRING)
+        BIO_printf(bio_err, "T61STRING:'");
+    else if (str->type == V_ASN1_IA5STRING)
+        BIO_printf(bio_err, "IA5STRING:'");
+    else if (str->type == V_ASN1_UNIVERSALSTRING)
+        BIO_printf(bio_err, "UNIVERSALSTRING:'");
+    else
+        BIO_printf(bio_err, "ASN.1 %2d:'", str->type);
+
+    p = (const char *)str->data;
+    for (j = str->length; j > 0; j--) {
+        if ((*p >= ' ') && (*p <= '~'))
+            BIO_printf(bio_err, "%c", *p);
+        else if (*p & 0x80)
+            BIO_printf(bio_err, "\\0x%02X", *p);
+        else if ((unsigned char)*p == 0xf7)
+            BIO_printf(bio_err, "^?");
+        else
+            BIO_printf(bio_err, "^%c", *p + '@');
+        p++;
+    }
+    BIO_printf(bio_err, "'\n");
+    return 1;
+}
+
+int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
+                   ASN1_GENERALIZEDTIME **pinvtm, const char *str)
+{
+    char *tmp;
+    char *rtime_str, *reason_str = NULL, *arg_str = NULL, *p;
+    int reason_code = -1;
+    int ret = 0;
+    unsigned int i;
+    ASN1_OBJECT *hold = NULL;
+    ASN1_GENERALIZEDTIME *comp_time = NULL;
+
+    tmp = OPENSSL_strdup(str);
+    if (!tmp) {
+        BIO_printf(bio_err, "memory allocation failure\n");
+        goto end;
+    }
+
+    p = strchr(tmp, ',');
+
+    rtime_str = tmp;
+
+    if (p) {
+        *p = '\0';
+        p++;
+        reason_str = p;
+        p = strchr(p, ',');
+        if (p) {
+            *p = '\0';
+            arg_str = p + 1;
+        }
+    }
+
+    if (prevtm) {
+        *prevtm = ASN1_UTCTIME_new();
+        if (*prevtm == NULL) {
+            BIO_printf(bio_err, "memory allocation failure\n");
+            goto end;
+        }
+        if (!ASN1_UTCTIME_set_string(*prevtm, rtime_str)) {
+            BIO_printf(bio_err, "invalid revocation date %s\n", rtime_str);
+            goto end;
+        }
+    }
+    if (reason_str) {
+        for (i = 0; i < NUM_REASONS; i++) {
+            if (strcasecmp(reason_str, crl_reasons[i]) == 0) {
+                reason_code = i;
+                break;
+            }
+        }
+        if (reason_code == OCSP_REVOKED_STATUS_NOSTATUS) {
+            BIO_printf(bio_err, "invalid reason code %s\n", reason_str);
+            goto end;
+        }
+
+        if (reason_code == 7) {
+            reason_code = OCSP_REVOKED_STATUS_REMOVEFROMCRL;
+        } else if (reason_code == 8) { /* Hold instruction */
+            if (!arg_str) {
+                BIO_printf(bio_err, "missing hold instruction\n");
+                goto end;
+            }
+            reason_code = OCSP_REVOKED_STATUS_CERTIFICATEHOLD;
+            hold = OBJ_txt2obj(arg_str, 0);
+
+            if (!hold) {
+                BIO_printf(bio_err, "invalid object identifier %s\n", arg_str);
+                goto end;
+            }
+            if (phold)
+                *phold = hold;
+            else
+                ASN1_OBJECT_free(hold);
+        } else if ((reason_code == 9) || (reason_code == 10)) {
+            if (!arg_str) {
+                BIO_printf(bio_err, "missing compromised time\n");
+                goto end;
+            }
+            comp_time = ASN1_GENERALIZEDTIME_new();
+            if (comp_time == NULL) {
+                BIO_printf(bio_err, "memory allocation failure\n");
+                goto end;
+            }
+            if (!ASN1_GENERALIZEDTIME_set_string(comp_time, arg_str)) {
+                BIO_printf(bio_err, "invalid compromised time %s\n", arg_str);
+                goto end;
+            }
+            if (reason_code == 9)
+                reason_code = OCSP_REVOKED_STATUS_KEYCOMPROMISE;
+            else
+                reason_code = OCSP_REVOKED_STATUS_CACOMPROMISE;
+        }
+    }
+
+    if (preason)
+        *preason = reason_code;
+    if (pinvtm) {
+        *pinvtm = comp_time;
+        comp_time = NULL;
+    }
+
+    ret = 1;
+
+ end:
+
+    OPENSSL_free(tmp);
+    ASN1_GENERALIZEDTIME_free(comp_time);
+
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/cert.pem b/trunk/3rdparty/openssl-1.1-fit/apps/cert.pem
new file mode 100644
index 000000000..de4a77ac6
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/cert.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBoDCCAUoCAQAwDQYJKoZIhvcNAQEEBQAwYzELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSMwIQYD
+VQQDExpTZXJ2ZXIgdGVzdCBjZXJ0ICg1MTIgYml0KTAeFw05NzA5MDkwMzQxMjZa
+Fw05NzEwMDkwMzQxMjZaMF4xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0
+YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxFzAVBgNVBAMT
+DkVyaWMgdGhlIFlvdW5nMFEwCQYFKw4DAgwFAANEAAJBALVEqPODnpI4rShlY8S7
+tB713JNvabvn6Gned7zylwLLiXQAo/PAT6mfdWPTyCX9RlId/Aroh1ou893BA32Q
+sggwDQYJKoZIhvcNAQEEBQADQQCU5SSgapJSdRXJoX+CpCvFy+JVh9HpSjCpSNKO
+19raHv98hKAUJuP9HyM+SUsffO6mAIgitUaqW8/wDMePhEC3
+-----END CERTIFICATE-----
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/ciphers.c b/trunk/3rdparty/openssl-1.1-fit/apps/ciphers.c
new file mode 100644
index 000000000..0bb33a4ac
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/ciphers.c
@@ -0,0 +1,266 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_STDNAME,
+    OPT_CONVERT,
+    OPT_SSL3,
+    OPT_TLS1,
+    OPT_TLS1_1,
+    OPT_TLS1_2,
+    OPT_TLS1_3,
+    OPT_PSK,
+    OPT_SRP,
+    OPT_CIPHERSUITES,
+    OPT_V, OPT_UPPER_V, OPT_S
+} OPTION_CHOICE;
+
+const OPTIONS ciphers_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"v", OPT_V, '-', "Verbose listing of the SSL/TLS ciphers"},
+    {"V", OPT_UPPER_V, '-', "Even more verbose"},
+    {"s", OPT_S, '-', "Only supported ciphers"},
+#ifndef OPENSSL_NO_SSL3
+    {"ssl3", OPT_SSL3, '-', "SSL3 mode"},
+#endif
+#ifndef OPENSSL_NO_TLS1
+    {"tls1", OPT_TLS1, '-', "TLS1 mode"},
+#endif
+#ifndef OPENSSL_NO_TLS1_1
+    {"tls1_1", OPT_TLS1_1, '-', "TLS1.1 mode"},
+#endif
+#ifndef OPENSSL_NO_TLS1_2
+    {"tls1_2", OPT_TLS1_2, '-', "TLS1.2 mode"},
+#endif
+#ifndef OPENSSL_NO_TLS1_3
+    {"tls1_3", OPT_TLS1_3, '-', "TLS1.3 mode"},
+#endif
+    {"stdname", OPT_STDNAME, '-', "Show standard cipher names"},
+#ifndef OPENSSL_NO_PSK
+    {"psk", OPT_PSK, '-', "include ciphersuites requiring PSK"},
+#endif
+#ifndef OPENSSL_NO_SRP
+    {"srp", OPT_SRP, '-', "include ciphersuites requiring SRP"},
+#endif
+    {"convert", OPT_CONVERT, 's', "Convert standard name into OpenSSL name"},
+    {"ciphersuites", OPT_CIPHERSUITES, 's',
+     "Configure the TLSv1.3 ciphersuites to use"},
+    {NULL}
+};
+
+#ifndef OPENSSL_NO_PSK
+static unsigned int dummy_psk(SSL *ssl, const char *hint, char *identity,
+                              unsigned int max_identity_len,
+                              unsigned char *psk,
+                              unsigned int max_psk_len)
+{
+    return 0;
+}
+#endif
+#ifndef OPENSSL_NO_SRP
+static char *dummy_srp(SSL *ssl, void *arg)
+{
+    return "";
+}
+#endif
+
+int ciphers_main(int argc, char **argv)
+{
+    SSL_CTX *ctx = NULL;
+    SSL *ssl = NULL;
+    STACK_OF(SSL_CIPHER) *sk = NULL;
+    const SSL_METHOD *meth = TLS_server_method();
+    int ret = 1, i, verbose = 0, Verbose = 0, use_supported = 0;
+    int stdname = 0;
+#ifndef OPENSSL_NO_PSK
+    int psk = 0;
+#endif
+#ifndef OPENSSL_NO_SRP
+    int srp = 0;
+#endif
+    const char *p;
+    char *ciphers = NULL, *prog, *convert = NULL, *ciphersuites = NULL;
+    char buf[512];
+    OPTION_CHOICE o;
+    int min_version = 0, max_version = 0;
+
+    prog = opt_init(argc, argv, ciphers_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(ciphers_options);
+            ret = 0;
+            goto end;
+        case OPT_V:
+            verbose = 1;
+            break;
+        case OPT_UPPER_V:
+            verbose = Verbose = 1;
+            break;
+        case OPT_S:
+            use_supported = 1;
+            break;
+        case OPT_STDNAME:
+            stdname = verbose = 1;
+            break;
+        case OPT_CONVERT:
+            convert = opt_arg();
+            break;
+        case OPT_SSL3:
+            min_version = SSL3_VERSION;
+            max_version = SSL3_VERSION;
+            break;
+        case OPT_TLS1:
+            min_version = TLS1_VERSION;
+            max_version = TLS1_VERSION;
+            break;
+        case OPT_TLS1_1:
+            min_version = TLS1_1_VERSION;
+            max_version = TLS1_1_VERSION;
+            break;
+        case OPT_TLS1_2:
+            min_version = TLS1_2_VERSION;
+            max_version = TLS1_2_VERSION;
+            break;
+        case OPT_TLS1_3:
+            min_version = TLS1_3_VERSION;
+            max_version = TLS1_3_VERSION;
+            break;
+        case OPT_PSK:
+#ifndef OPENSSL_NO_PSK
+            psk = 1;
+#endif
+            break;
+        case OPT_SRP:
+#ifndef OPENSSL_NO_SRP
+            srp = 1;
+#endif
+            break;
+        case OPT_CIPHERSUITES:
+            ciphersuites = opt_arg();
+            break;
+        }
+    }
+    argv = opt_rest();
+    argc = opt_num_rest();
+
+    if (argc == 1)
+        ciphers = *argv;
+    else if (argc != 0)
+        goto opthelp;
+
+    if (convert != NULL) {
+        BIO_printf(bio_out, "OpenSSL cipher name: %s\n",
+                   OPENSSL_cipher_name(convert));
+        goto end;
+    }
+
+    ctx = SSL_CTX_new(meth);
+    if (ctx == NULL)
+        goto err;
+    if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0)
+        goto err;
+    if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0)
+        goto err;
+
+#ifndef OPENSSL_NO_PSK
+    if (psk)
+        SSL_CTX_set_psk_client_callback(ctx, dummy_psk);
+#endif
+#ifndef OPENSSL_NO_SRP
+    if (srp)
+        SSL_CTX_set_srp_client_pwd_callback(ctx, dummy_srp);
+#endif
+
+    if (ciphersuites != NULL && !SSL_CTX_set_ciphersuites(ctx, ciphersuites)) {
+        BIO_printf(bio_err, "Error setting TLSv1.3 ciphersuites\n");
+        goto err;
+    }
+
+    if (ciphers != NULL) {
+        if (!SSL_CTX_set_cipher_list(ctx, ciphers)) {
+            BIO_printf(bio_err, "Error in cipher list\n");
+            goto err;
+        }
+    }
+    ssl = SSL_new(ctx);
+    if (ssl == NULL)
+        goto err;
+
+    if (use_supported)
+        sk = SSL_get1_supported_ciphers(ssl);
+    else
+        sk = SSL_get_ciphers(ssl);
+
+    if (!verbose) {
+        for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
+            const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i);
+            p = SSL_CIPHER_get_name(c);
+            if (p == NULL)
+                break;
+            if (i != 0)
+                BIO_printf(bio_out, ":");
+            BIO_printf(bio_out, "%s", p);
+        }
+        BIO_printf(bio_out, "\n");
+    } else {
+
+        for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
+            const SSL_CIPHER *c;
+
+            c = sk_SSL_CIPHER_value(sk, i);
+
+            if (Verbose) {
+                unsigned long id = SSL_CIPHER_get_id(c);
+                int id0 = (int)(id >> 24);
+                int id1 = (int)((id >> 16) & 0xffL);
+                int id2 = (int)((id >> 8) & 0xffL);
+                int id3 = (int)(id & 0xffL);
+
+                if ((id & 0xff000000L) == 0x03000000L)
+                    BIO_printf(bio_out, "          0x%02X,0x%02X - ", id2, id3); /* SSL3
+                                                                                  * cipher */
+                else
+                    BIO_printf(bio_out, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */
+            }
+            if (stdname) {
+                const char *nm = SSL_CIPHER_standard_name(c);
+                if (nm == NULL)
+                    nm = "UNKNOWN";
+                BIO_printf(bio_out, "%s - ", nm);
+            }
+            BIO_puts(bio_out, SSL_CIPHER_description(c, buf, sizeof(buf)));
+        }
+    }
+
+    ret = 0;
+    goto end;
+ err:
+    ERR_print_errors(bio_err);
+ end:
+    if (use_supported)
+        sk_SSL_CIPHER_free(sk);
+    SSL_CTX_free(ctx);
+    SSL_free(ssl);
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/client.pem b/trunk/3rdparty/openssl-1.1-fit/apps/client.pem
new file mode 100644
index 000000000..e7a47a73f
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/client.pem
@@ -0,0 +1,52 @@
+subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Client Cert
+issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA
+-----BEGIN CERTIFICATE-----
+MIID5zCCAs+gAwIBAgIJALnu1NlVpZ6yMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
+BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT
+VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt
+ZWRpYXRlIENBMB4XDTExMTIwODE0MDE0OFoXDTIxMTAxNjE0MDE0OFowZDELMAkG
+A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU
+RVNUSU5HIFBVUlBPU0VTIE9OTFkxGTAXBgNVBAMMEFRlc3QgQ2xpZW50IENlcnQw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0ranbHRLcLVqN+0BzcZpY
++yOLqxzDWT1LD9eW1stC4NzXX9/DCtSIVyN7YIHdGLrIPr64IDdXXaMRzgZ2rOKs
+lmHCAiFpO/ja99gGCJRxH0xwQatqAULfJVHeUhs7OEGOZc2nWifjqKvGfNTilP7D
+nwi69ipQFq9oS19FmhwVHk2wg7KZGHI1qDyG04UrfCZMRitvS9+UVhPpIPjuiBi2
+x3/FZIpL5gXJvvFK6xHY63oq2asyzBATntBgnP4qJFWWcvRx24wF1PnZabxuVoL2
+bPnQ/KvONDrw3IdqkKhYNTul7jEcu3OlcZIMw+7DiaKJLAzKb/bBF5gm/pwW6As9
+AgMBAAGjgY8wgYwwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwLAYJYIZI
+AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
+BBSZHKyLoTh7Mb409Zn/mK1ceSDAjDAfBgNVHSMEGDAWgBQ2w2yI55X+sL3szj49
+hqshgYfa2jANBgkqhkiG9w0BAQUFAAOCAQEAD0mL7PtPYgCEuDyOQSbLpeND5hVS
+curxQdGnrJ6Acrhodb7E9ccATokeb0PLx6HBLQUicxhTZIQ9FbO43YkQcOU6C3BB
+IlwskqmtN6+VmrQzNolHCDzvxNZs9lYL2VbGPGqVRyjZeHpoAlf9cQr8PgDb4d4b
+vUx2KAhHQvV2nkmYvKyXcgnRuHggumF87mkxidriGAEFwH4qfOqetUg64WyxP7P2
+QLipm04SyQa7ONtIApfVXgHcE42Py4/f4arzCzMjKe3VyhGkS7nsT55X/fWgTaRm
+CQPkO+H94P958WTvQDt77bQ+D3IvYaVvfil8n6HJMOJfFT0LJuSUbpSXJg==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAtK2p2x0S3C1ajftAc3GaWPsji6scw1k9Sw/XltbLQuDc11/f
+wwrUiFcje2CB3Ri6yD6+uCA3V12jEc4GdqzirJZhwgIhaTv42vfYBgiUcR9McEGr
+agFC3yVR3lIbOzhBjmXNp1on46irxnzU4pT+w58IuvYqUBavaEtfRZocFR5NsIOy
+mRhyNag8htOFK3wmTEYrb0vflFYT6SD47ogYtsd/xWSKS+YFyb7xSusR2Ot6Ktmr
+MswQE57QYJz+KiRVlnL0cduMBdT52Wm8blaC9mz50PyrzjQ68NyHapCoWDU7pe4x
+HLtzpXGSDMPuw4miiSwMym/2wReYJv6cFugLPQIDAQABAoIBAAZOyc9MhIwLSU4L
+p4RgQvM4UVVe8/Id+3XTZ8NsXExJbWxXfIhiqGjaIfL8u4vsgRjcl+v1s/jo2/iT
+KMab4o4D8gXD7UavQVDjtjb/ta79WL3SjRl2Uc9YjjMkyq6WmDNQeo2NKDdafCTB
+1uzSJtLNipB8Z53ELPuHJhxX9QMHrMnuha49riQgXZ7buP9iQrHJFhImBjSzbxJx
+L+TI6rkyLSf9Wi0Pd3L27Ob3QWNfNRYNSeTE+08eSRChkur5W0RuXAcuAICdQlCl
+LBvWO/LmmvbzCqiDcgy/TliSb6CGGwgiNG7LJZmlkYNj8laGwalNlYZs3UrVv6NO
+Br2loAECgYEA2kvCvPGj0Dg/6g7WhXDvAkEbcaL1tSeCxBbNH+6HS2UWMWvyTtCn
+/bbD519QIdkvayy1QjEf32GV/UjUVmlULMLBcDy0DGjtL3+XpIhLKWDNxN1v1/ai
+1oz23ZJCOgnk6K4qtFtlRS1XtynjA+rBetvYvLP9SKeFrnpzCgaA2r0CgYEA0+KX
+1ACXDTNH5ySX3kMjSS9xdINf+OOw4CvPHFwbtc9aqk2HePlEsBTz5I/W3rKwXva3
+NqZ/bRqVVeZB/hHKFywgdUQk2Uc5z/S7Lw70/w1HubNTXGU06Ngb6zOFAo/o/TwZ
+zTP1BMIKSOB6PAZPS3l+aLO4FRIRotfFhgRHOoECgYEAmiZbqt8cJaJDB/5YYDzC
+mp3tSk6gIb936Q6M5VqkMYp9pIKsxhk0N8aDCnTU+kIK6SzWBpr3/d9Ecmqmfyq7
+5SvWO3KyVf0WWK9KH0abhOm2BKm2HBQvI0DB5u8sUx2/hsvOnjPYDISbZ11t0MtK
+u35Zy89yMYcSsIYJjG/ROCUCgYEAgI2P9G5PNxEP5OtMwOsW84Y3Xat/hPAQFlI+
+HES+AzbFGWJkeT8zL2nm95tVkFP1sggZ7Kxjz3w7cpx7GX0NkbWSE9O+T51pNASV
+tN1sQ3p5M+/a+cnlqgfEGJVvc7iAcXQPa3LEi5h2yPR49QYXAgG6cifn3dDSpmwn
+SUI7PQECgYEApGCIIpSRPLAEHTGmP87RBL1smurhwmy2s/pghkvUkWehtxg0sGHh
+kuaqDWcskogv+QC0sVdytiLSz8G0DwcEcsHK1Fkyb8A+ayiw6jWJDo2m9+IF4Fww
+1Te6jFPYDESnbhq7+TLGgHGhtwcu5cnb4vSuYXGXKupZGzoLOBbv1Zw=
+-----END RSA PRIVATE KEY-----
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/cms.c b/trunk/3rdparty/openssl-1.1-fit/apps/cms.c
new file mode 100644
index 000000000..e9d760c99
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/cms.c
@@ -0,0 +1,1289 @@
+/*
+ * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* CMS utility function */
+
+#include <stdio.h>
+#include <string.h>
+#include "apps.h"
+#include "progs.h"
+
+#ifndef OPENSSL_NO_CMS
+
+# include <openssl/crypto.h>
+# include <openssl/pem.h>
+# include <openssl/err.h>
+# include <openssl/x509_vfy.h>
+# include <openssl/x509v3.h>
+# include <openssl/cms.h>
+
+static int save_certs(char *signerfile, STACK_OF(X509) *signers);
+static int cms_cb(int ok, X509_STORE_CTX *ctx);
+static void receipt_request_print(CMS_ContentInfo *cms);
+static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING)
+                                                *rr_to, int rr_allorfirst, STACK_OF(OPENSSL_STRING)
+                                                *rr_from);
+static int cms_set_pkey_param(EVP_PKEY_CTX *pctx,
+                              STACK_OF(OPENSSL_STRING) *param);
+
+# define SMIME_OP        0x10
+# define SMIME_IP        0x20
+# define SMIME_SIGNERS   0x40
+# define SMIME_ENCRYPT           (1 | SMIME_OP)
+# define SMIME_DECRYPT           (2 | SMIME_IP)
+# define SMIME_SIGN              (3 | SMIME_OP | SMIME_SIGNERS)
+# define SMIME_VERIFY            (4 | SMIME_IP)
+# define SMIME_CMSOUT            (5 | SMIME_IP | SMIME_OP)
+# define SMIME_RESIGN            (6 | SMIME_IP | SMIME_OP | SMIME_SIGNERS)
+# define SMIME_DATAOUT           (7 | SMIME_IP)
+# define SMIME_DATA_CREATE       (8 | SMIME_OP)
+# define SMIME_DIGEST_VERIFY     (9 | SMIME_IP)
+# define SMIME_DIGEST_CREATE     (10 | SMIME_OP)
+# define SMIME_UNCOMPRESS        (11 | SMIME_IP)
+# define SMIME_COMPRESS          (12 | SMIME_OP)
+# define SMIME_ENCRYPTED_DECRYPT (13 | SMIME_IP)
+# define SMIME_ENCRYPTED_ENCRYPT (14 | SMIME_OP)
+# define SMIME_SIGN_RECEIPT      (15 | SMIME_IP | SMIME_OP)
+# define SMIME_VERIFY_RECEIPT    (16 | SMIME_IP)
+
+static int verify_err = 0;
+
+typedef struct cms_key_param_st cms_key_param;
+
+struct cms_key_param_st {
+    int idx;
+    STACK_OF(OPENSSL_STRING) *param;
+    cms_key_param *next;
+};
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_ENCRYPT,
+    OPT_DECRYPT, OPT_SIGN, OPT_SIGN_RECEIPT, OPT_RESIGN,
+    OPT_VERIFY, OPT_VERIFY_RETCODE, OPT_VERIFY_RECEIPT,
+    OPT_CMSOUT, OPT_DATA_OUT, OPT_DATA_CREATE, OPT_DIGEST_VERIFY,
+    OPT_DIGEST_CREATE, OPT_COMPRESS, OPT_UNCOMPRESS,
+    OPT_ED_DECRYPT, OPT_ED_ENCRYPT, OPT_DEBUG_DECRYPT, OPT_TEXT,
+    OPT_ASCIICRLF, OPT_NOINTERN, OPT_NOVERIFY, OPT_NOCERTS,
+    OPT_NOATTR, OPT_NODETACH, OPT_NOSMIMECAP, OPT_BINARY, OPT_KEYID,
+    OPT_NOSIGS, OPT_NO_CONTENT_VERIFY, OPT_NO_ATTR_VERIFY, OPT_INDEF,
+    OPT_NOINDEF, OPT_CRLFEOL, OPT_NOOUT, OPT_RR_PRINT,
+    OPT_RR_ALL, OPT_RR_FIRST, OPT_RCTFORM, OPT_CERTFILE, OPT_CAFILE,
+    OPT_CAPATH, OPT_NOCAPATH, OPT_NOCAFILE,OPT_CONTENT, OPT_PRINT,
+    OPT_SECRETKEY, OPT_SECRETKEYID, OPT_PWRI_PASSWORD, OPT_ECONTENT_TYPE,
+    OPT_PASSIN, OPT_TO, OPT_FROM, OPT_SUBJECT, OPT_SIGNER, OPT_RECIP,
+    OPT_CERTSOUT, OPT_MD, OPT_INKEY, OPT_KEYFORM, OPT_KEYOPT, OPT_RR_FROM,
+    OPT_RR_TO, OPT_AES128_WRAP, OPT_AES192_WRAP, OPT_AES256_WRAP,
+    OPT_3DES_WRAP, OPT_ENGINE,
+    OPT_R_ENUM,
+    OPT_V_ENUM,
+    OPT_CIPHER
+} OPTION_CHOICE;
+
+const OPTIONS cms_options[] = {
+    {OPT_HELP_STR, 1, '-', "Usage: %s [options] cert.pem...\n"},
+    {OPT_HELP_STR, 1, '-',
+        "  cert.pem... recipient certs for encryption\n"},
+    {OPT_HELP_STR, 1, '-', "Valid options are:\n"},
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"inform", OPT_INFORM, 'c', "Input format SMIME (default), PEM or DER"},
+    {"outform", OPT_OUTFORM, 'c',
+     "Output format SMIME (default), PEM or DER"},
+    {"in", OPT_IN, '<', "Input file"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"encrypt", OPT_ENCRYPT, '-', "Encrypt message"},
+    {"decrypt", OPT_DECRYPT, '-', "Decrypt encrypted message"},
+    {"sign", OPT_SIGN, '-', "Sign message"},
+    {"sign_receipt", OPT_SIGN_RECEIPT, '-', "Generate a signed receipt for the message"},
+    {"resign", OPT_RESIGN, '-', "Resign a signed message"},
+    {"verify", OPT_VERIFY, '-', "Verify signed message"},
+    {"verify_retcode", OPT_VERIFY_RETCODE, '-'},
+    {"verify_receipt", OPT_VERIFY_RECEIPT, '<'},
+    {"cmsout", OPT_CMSOUT, '-', "Output CMS structure"},
+    {"data_out", OPT_DATA_OUT, '-'},
+    {"data_create", OPT_DATA_CREATE, '-'},
+    {"digest_verify", OPT_DIGEST_VERIFY, '-'},
+    {"digest_create", OPT_DIGEST_CREATE, '-'},
+    {"compress", OPT_COMPRESS, '-'},
+    {"uncompress", OPT_UNCOMPRESS, '-'},
+    {"EncryptedData_decrypt", OPT_ED_DECRYPT, '-'},
+    {"EncryptedData_encrypt", OPT_ED_ENCRYPT, '-'},
+    {"debug_decrypt", OPT_DEBUG_DECRYPT, '-'},
+    {"text", OPT_TEXT, '-', "Include or delete text MIME headers"},
+    {"asciicrlf", OPT_ASCIICRLF, '-'},
+    {"nointern", OPT_NOINTERN, '-',
+     "Don't search certificates in message for signer"},
+    {"noverify", OPT_NOVERIFY, '-', "Don't verify signers certificate"},
+    {"nocerts", OPT_NOCERTS, '-',
+     "Don't include signers certificate when signing"},
+    {"noattr", OPT_NOATTR, '-', "Don't include any signed attributes"},
+    {"nodetach", OPT_NODETACH, '-', "Use opaque signing"},
+    {"nosmimecap", OPT_NOSMIMECAP, '-', "Omit the SMIMECapabilities attribute"},
+    {"binary", OPT_BINARY, '-', "Don't translate message to text"},
+    {"keyid", OPT_KEYID, '-', "Use subject key identifier"},
+    {"nosigs", OPT_NOSIGS, '-', "Don't verify message signature"},
+    {"no_content_verify", OPT_NO_CONTENT_VERIFY, '-'},
+    {"no_attr_verify", OPT_NO_ATTR_VERIFY, '-'},
+    {"stream", OPT_INDEF, '-', "Enable CMS streaming"},
+    {"indef", OPT_INDEF, '-', "Same as -stream"},
+    {"noindef", OPT_NOINDEF, '-', "Disable CMS streaming"},
+    {"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of CR only" },
+    {"noout", OPT_NOOUT, '-', "For the -cmsout operation do not output the parsed CMS structure"},
+    {"receipt_request_print", OPT_RR_PRINT, '-', "Print CMS Receipt Request" },
+    {"receipt_request_all", OPT_RR_ALL, '-'},
+    {"receipt_request_first", OPT_RR_FIRST, '-'},
+    {"rctform", OPT_RCTFORM, 'F', "Receipt file format"},
+    {"certfile", OPT_CERTFILE, '<', "Other certificates file"},
+    {"CAfile", OPT_CAFILE, '<', "Trusted certificates file"},
+    {"CApath", OPT_CAPATH, '/', "trusted certificates directory"},
+    {"no-CAfile", OPT_NOCAFILE, '-',
+     "Do not load the default certificates file"},
+    {"no-CApath", OPT_NOCAPATH, '-',
+     "Do not load certificates from the default certificates directory"},
+    {"content", OPT_CONTENT, '<',
+     "Supply or override content for detached signature"},
+    {"print", OPT_PRINT, '-',
+     "For the -cmsout operation print out all fields of the CMS structure"},
+    {"secretkey", OPT_SECRETKEY, 's'},
+    {"secretkeyid", OPT_SECRETKEYID, 's'},
+    {"pwri_password", OPT_PWRI_PASSWORD, 's'},
+    {"econtent_type", OPT_ECONTENT_TYPE, 's'},
+    {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+    {"to", OPT_TO, 's', "To address"},
+    {"from", OPT_FROM, 's', "From address"},
+    {"subject", OPT_SUBJECT, 's', "Subject"},
+    {"signer", OPT_SIGNER, 's', "Signer certificate file"},
+    {"recip", OPT_RECIP, '<', "Recipient cert file for decryption"},
+    {"certsout", OPT_CERTSOUT, '>', "Certificate output file"},
+    {"md", OPT_MD, 's', "Digest algorithm to use when signing or resigning"},
+    {"inkey", OPT_INKEY, 's',
+     "Input private key (if not signer or recipient)"},
+    {"keyform", OPT_KEYFORM, 'f', "Input private key format (PEM or ENGINE)"},
+    {"keyopt", OPT_KEYOPT, 's', "Set public key parameters as n:v pairs"},
+    {"receipt_request_from", OPT_RR_FROM, 's'},
+    {"receipt_request_to", OPT_RR_TO, 's'},
+    {"", OPT_CIPHER, '-', "Any supported cipher"},
+    OPT_R_OPTIONS,
+    OPT_V_OPTIONS,
+    {"aes128-wrap", OPT_AES128_WRAP, '-', "Use AES128 to wrap key"},
+    {"aes192-wrap", OPT_AES192_WRAP, '-', "Use AES192 to wrap key"},
+    {"aes256-wrap", OPT_AES256_WRAP, '-', "Use AES256 to wrap key"},
+# ifndef OPENSSL_NO_DES
+    {"des3-wrap", OPT_3DES_WRAP, '-', "Use 3DES-EDE to wrap key"},
+# endif
+# ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
+# endif
+    {NULL}
+};
+
+int cms_main(int argc, char **argv)
+{
+    ASN1_OBJECT *econtent_type = NULL;
+    BIO *in = NULL, *out = NULL, *indata = NULL, *rctin = NULL;
+    CMS_ContentInfo *cms = NULL, *rcms = NULL;
+    CMS_ReceiptRequest *rr = NULL;
+    ENGINE *e = NULL;
+    EVP_PKEY *key = NULL;
+    const EVP_CIPHER *cipher = NULL, *wrap_cipher = NULL;
+    const EVP_MD *sign_md = NULL;
+    STACK_OF(OPENSSL_STRING) *rr_to = NULL, *rr_from = NULL;
+    STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL;
+    STACK_OF(X509) *encerts = NULL, *other = NULL;
+    X509 *cert = NULL, *recip = NULL, *signer = NULL;
+    X509_STORE *store = NULL;
+    X509_VERIFY_PARAM *vpm = NULL;
+    char *certfile = NULL, *keyfile = NULL, *contfile = NULL;
+    const char *CAfile = NULL, *CApath = NULL;
+    char *certsoutfile = NULL;
+    int noCAfile = 0, noCApath = 0;
+    char *infile = NULL, *outfile = NULL, *rctfile = NULL;
+    char *passinarg = NULL, *passin = NULL, *signerfile = NULL, *recipfile = NULL;
+    char *to = NULL, *from = NULL, *subject = NULL, *prog;
+    cms_key_param *key_first = NULL, *key_param = NULL;
+    int flags = CMS_DETACHED, noout = 0, print = 0, keyidx = -1, vpmtouched = 0;
+    int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
+    int operation = 0, ret = 1, rr_print = 0, rr_allorfirst = -1;
+    int verify_retcode = 0, rctformat = FORMAT_SMIME, keyform = FORMAT_PEM;
+    size_t secret_keylen = 0, secret_keyidlen = 0;
+    unsigned char *pwri_pass = NULL, *pwri_tmp = NULL;
+    unsigned char *secret_key = NULL, *secret_keyid = NULL;
+    long ltmp;
+    const char *mime_eol = "\n";
+    OPTION_CHOICE o;
+
+    if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
+        return 1;
+
+    prog = opt_init(argc, argv, cms_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(cms_options);
+            ret = 0;
+            goto end;
+        case OPT_INFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PDS, &informat))
+                goto opthelp;
+            break;
+        case OPT_OUTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PDS, &outformat))
+                goto opthelp;
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_ENCRYPT:
+            operation = SMIME_ENCRYPT;
+            break;
+        case OPT_DECRYPT:
+            operation = SMIME_DECRYPT;
+            break;
+        case OPT_SIGN:
+            operation = SMIME_SIGN;
+            break;
+        case OPT_SIGN_RECEIPT:
+            operation = SMIME_SIGN_RECEIPT;
+            break;
+        case OPT_RESIGN:
+            operation = SMIME_RESIGN;
+            break;
+        case OPT_VERIFY:
+            operation = SMIME_VERIFY;
+            break;
+        case OPT_VERIFY_RETCODE:
+            verify_retcode = 1;
+            break;
+        case OPT_VERIFY_RECEIPT:
+            operation = SMIME_VERIFY_RECEIPT;
+            rctfile = opt_arg();
+            break;
+        case OPT_CMSOUT:
+            operation = SMIME_CMSOUT;
+            break;
+        case OPT_DATA_OUT:
+            operation = SMIME_DATAOUT;
+            break;
+        case OPT_DATA_CREATE:
+            operation = SMIME_DATA_CREATE;
+            break;
+        case OPT_DIGEST_VERIFY:
+            operation = SMIME_DIGEST_VERIFY;
+            break;
+        case OPT_DIGEST_CREATE:
+            operation = SMIME_DIGEST_CREATE;
+            break;
+        case OPT_COMPRESS:
+            operation = SMIME_COMPRESS;
+            break;
+        case OPT_UNCOMPRESS:
+            operation = SMIME_UNCOMPRESS;
+            break;
+        case OPT_ED_DECRYPT:
+            operation = SMIME_ENCRYPTED_DECRYPT;
+            break;
+        case OPT_ED_ENCRYPT:
+            operation = SMIME_ENCRYPTED_ENCRYPT;
+            break;
+        case OPT_DEBUG_DECRYPT:
+            flags |= CMS_DEBUG_DECRYPT;
+            break;
+        case OPT_TEXT:
+            flags |= CMS_TEXT;
+            break;
+        case OPT_ASCIICRLF:
+            flags |= CMS_ASCIICRLF;
+            break;
+        case OPT_NOINTERN:
+            flags |= CMS_NOINTERN;
+            break;
+        case OPT_NOVERIFY:
+            flags |= CMS_NO_SIGNER_CERT_VERIFY;
+            break;
+        case OPT_NOCERTS:
+            flags |= CMS_NOCERTS;
+            break;
+        case OPT_NOATTR:
+            flags |= CMS_NOATTR;
+            break;
+        case OPT_NODETACH:
+            flags &= ~CMS_DETACHED;
+            break;
+        case OPT_NOSMIMECAP:
+            flags |= CMS_NOSMIMECAP;
+            break;
+        case OPT_BINARY:
+            flags |= CMS_BINARY;
+            break;
+        case OPT_KEYID:
+            flags |= CMS_USE_KEYID;
+            break;
+        case OPT_NOSIGS:
+            flags |= CMS_NOSIGS;
+            break;
+        case OPT_NO_CONTENT_VERIFY:
+            flags |= CMS_NO_CONTENT_VERIFY;
+            break;
+        case OPT_NO_ATTR_VERIFY:
+            flags |= CMS_NO_ATTR_VERIFY;
+            break;
+        case OPT_INDEF:
+            flags |= CMS_STREAM;
+            break;
+        case OPT_NOINDEF:
+            flags &= ~CMS_STREAM;
+            break;
+        case OPT_CRLFEOL:
+            mime_eol = "\r\n";
+            flags |= CMS_CRLFEOL;
+            break;
+        case OPT_NOOUT:
+            noout = 1;
+            break;
+        case OPT_RR_PRINT:
+            rr_print = 1;
+            break;
+        case OPT_RR_ALL:
+            rr_allorfirst = 0;
+            break;
+        case OPT_RR_FIRST:
+            rr_allorfirst = 1;
+            break;
+        case OPT_RCTFORM:
+            if (rctformat == FORMAT_SMIME)
+                rcms = SMIME_read_CMS(rctin, NULL);
+            else if (rctformat == FORMAT_PEM)
+                rcms = PEM_read_bio_CMS(rctin, NULL, NULL, NULL);
+            else if (rctformat == FORMAT_ASN1)
+                if (!opt_format(opt_arg(),
+                                OPT_FMT_PEMDER | OPT_FMT_SMIME, &rctformat))
+                    goto opthelp;
+            break;
+        case OPT_CERTFILE:
+            certfile = opt_arg();
+            break;
+        case OPT_CAFILE:
+            CAfile = opt_arg();
+            break;
+        case OPT_CAPATH:
+            CApath = opt_arg();
+            break;
+        case OPT_NOCAFILE:
+            noCAfile = 1;
+            break;
+        case OPT_NOCAPATH:
+            noCApath = 1;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_CONTENT:
+            contfile = opt_arg();
+            break;
+        case OPT_RR_FROM:
+            if (rr_from == NULL
+                && (rr_from = sk_OPENSSL_STRING_new_null()) == NULL)
+                goto end;
+            sk_OPENSSL_STRING_push(rr_from, opt_arg());
+            break;
+        case OPT_RR_TO:
+            if (rr_to == NULL
+                && (rr_to = sk_OPENSSL_STRING_new_null()) == NULL)
+                goto end;
+            sk_OPENSSL_STRING_push(rr_to, opt_arg());
+            break;
+        case OPT_PRINT:
+            noout = print = 1;
+            break;
+        case OPT_SECRETKEY:
+            if (secret_key != NULL) {
+                BIO_printf(bio_err, "Invalid key (supplied twice) %s\n",
+                           opt_arg());
+                goto opthelp;
+            }
+            secret_key = OPENSSL_hexstr2buf(opt_arg(), &ltmp);
+            if (secret_key == NULL) {
+                BIO_printf(bio_err, "Invalid key %s\n", opt_arg());
+                goto end;
+            }
+            secret_keylen = (size_t)ltmp;
+            break;
+        case OPT_SECRETKEYID:
+            if (secret_keyid != NULL) {
+                BIO_printf(bio_err, "Invalid id (supplied twice) %s\n",
+                           opt_arg());
+                goto opthelp;
+            }
+            secret_keyid = OPENSSL_hexstr2buf(opt_arg(), &ltmp);
+            if (secret_keyid == NULL) {
+                BIO_printf(bio_err, "Invalid id %s\n", opt_arg());
+                goto opthelp;
+            }
+            secret_keyidlen = (size_t)ltmp;
+            break;
+        case OPT_PWRI_PASSWORD:
+            pwri_pass = (unsigned char *)opt_arg();
+            break;
+        case OPT_ECONTENT_TYPE:
+            if (econtent_type != NULL) {
+                BIO_printf(bio_err, "Invalid OID (supplied twice) %s\n",
+                           opt_arg());
+                goto opthelp;
+            }
+            econtent_type = OBJ_txt2obj(opt_arg(), 0);
+            if (econtent_type == NULL) {
+                BIO_printf(bio_err, "Invalid OID %s\n", opt_arg());
+                goto opthelp;
+            }
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_PASSIN:
+            passinarg = opt_arg();
+            break;
+        case OPT_TO:
+            to = opt_arg();
+            break;
+        case OPT_FROM:
+            from = opt_arg();
+            break;
+        case OPT_SUBJECT:
+            subject = opt_arg();
+            break;
+        case OPT_CERTSOUT:
+            certsoutfile = opt_arg();
+            break;
+        case OPT_MD:
+            if (!opt_md(opt_arg(), &sign_md))
+                goto end;
+            break;
+        case OPT_SIGNER:
+            /* If previous -signer argument add signer to list */
+            if (signerfile != NULL) {
+                if (sksigners == NULL
+                    && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
+                    goto end;
+                sk_OPENSSL_STRING_push(sksigners, signerfile);
+                if (keyfile == NULL)
+                    keyfile = signerfile;
+                if (skkeys == NULL
+                    && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
+                    goto end;
+                sk_OPENSSL_STRING_push(skkeys, keyfile);
+                keyfile = NULL;
+            }
+            signerfile = opt_arg();
+            break;
+        case OPT_INKEY:
+            /* If previous -inkey argument add signer to list */
+            if (keyfile != NULL) {
+                if (signerfile == NULL) {
+                    BIO_puts(bio_err, "Illegal -inkey without -signer\n");
+                    goto end;
+                }
+                if (sksigners == NULL
+                    && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
+                    goto end;
+                sk_OPENSSL_STRING_push(sksigners, signerfile);
+                signerfile = NULL;
+                if (skkeys == NULL
+                    && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
+                    goto end;
+                sk_OPENSSL_STRING_push(skkeys, keyfile);
+            }
+            keyfile = opt_arg();
+            break;
+        case OPT_KEYFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyform))
+                goto opthelp;
+            break;
+        case OPT_RECIP:
+            if (operation == SMIME_ENCRYPT) {
+                if (encerts == NULL && (encerts = sk_X509_new_null()) == NULL)
+                    goto end;
+                cert = load_cert(opt_arg(), FORMAT_PEM,
+                                 "recipient certificate file");
+                if (cert == NULL)
+                    goto end;
+                sk_X509_push(encerts, cert);
+                cert = NULL;
+            } else {
+                recipfile = opt_arg();
+            }
+            break;
+        case OPT_CIPHER:
+            if (!opt_cipher(opt_unknown(), &cipher))
+                goto end;
+            break;
+        case OPT_KEYOPT:
+            keyidx = -1;
+            if (operation == SMIME_ENCRYPT) {
+                if (encerts != NULL)
+                    keyidx += sk_X509_num(encerts);
+            } else {
+                if (keyfile != NULL || signerfile != NULL)
+                    keyidx++;
+                if (skkeys != NULL)
+                    keyidx += sk_OPENSSL_STRING_num(skkeys);
+            }
+            if (keyidx < 0) {
+                BIO_printf(bio_err, "No key specified\n");
+                goto opthelp;
+            }
+            if (key_param == NULL || key_param->idx != keyidx) {
+                cms_key_param *nparam;
+                nparam = app_malloc(sizeof(*nparam), "key param buffer");
+                nparam->idx = keyidx;
+                if ((nparam->param = sk_OPENSSL_STRING_new_null()) == NULL)
+                    goto end;
+                nparam->next = NULL;
+                if (key_first == NULL)
+                    key_first = nparam;
+                else
+                    key_param->next = nparam;
+                key_param = nparam;
+            }
+            sk_OPENSSL_STRING_push(key_param->param, opt_arg());
+            break;
+        case OPT_V_CASES:
+            if (!opt_verify(o, vpm))
+                goto end;
+            vpmtouched++;
+            break;
+        case OPT_R_CASES:
+            if (!opt_rand(o))
+                goto end;
+            break;
+        case OPT_3DES_WRAP:
+# ifndef OPENSSL_NO_DES
+            wrap_cipher = EVP_des_ede3_wrap();
+# endif
+            break;
+        case OPT_AES128_WRAP:
+            wrap_cipher = EVP_aes_128_wrap();
+            break;
+        case OPT_AES192_WRAP:
+            wrap_cipher = EVP_aes_192_wrap();
+            break;
+        case OPT_AES256_WRAP:
+            wrap_cipher = EVP_aes_256_wrap();
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    argv = opt_rest();
+
+    if ((rr_allorfirst != -1 || rr_from != NULL) && rr_to == NULL) {
+        BIO_puts(bio_err, "No Signed Receipts Recipients\n");
+        goto opthelp;
+    }
+
+    if (!(operation & SMIME_SIGNERS) && (rr_to != NULL || rr_from != NULL)) {
+        BIO_puts(bio_err, "Signed receipts only allowed with -sign\n");
+        goto opthelp;
+    }
+    if (!(operation & SMIME_SIGNERS) && (skkeys != NULL || sksigners != NULL)) {
+        BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
+        goto opthelp;
+    }
+
+    if (operation & SMIME_SIGNERS) {
+        if (keyfile != NULL && signerfile == NULL) {
+            BIO_puts(bio_err, "Illegal -inkey without -signer\n");
+            goto opthelp;
+        }
+        /* Check to see if any final signer needs to be appended */
+        if (signerfile != NULL) {
+            if (sksigners == NULL
+                && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
+                goto end;
+            sk_OPENSSL_STRING_push(sksigners, signerfile);
+            if (skkeys == NULL && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
+                goto end;
+            if (keyfile == NULL)
+                keyfile = signerfile;
+            sk_OPENSSL_STRING_push(skkeys, keyfile);
+        }
+        if (sksigners == NULL) {
+            BIO_printf(bio_err, "No signer certificate specified\n");
+            goto opthelp;
+        }
+        signerfile = NULL;
+        keyfile = NULL;
+    } else if (operation == SMIME_DECRYPT) {
+        if (recipfile == NULL && keyfile == NULL
+            && secret_key == NULL && pwri_pass == NULL) {
+            BIO_printf(bio_err,
+                       "No recipient certificate or key specified\n");
+            goto opthelp;
+        }
+    } else if (operation == SMIME_ENCRYPT) {
+        if (*argv == NULL && secret_key == NULL
+            && pwri_pass == NULL && encerts == NULL) {
+            BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
+            goto opthelp;
+        }
+    } else if (!operation) {
+        goto opthelp;
+    }
+
+    if (!app_passwd(passinarg, NULL, &passin, NULL)) {
+        BIO_printf(bio_err, "Error getting password\n");
+        goto end;
+    }
+
+    ret = 2;
+
+    if (!(operation & SMIME_SIGNERS))
+        flags &= ~CMS_DETACHED;
+
+    if (!(operation & SMIME_OP))
+        if (flags & CMS_BINARY)
+            outformat = FORMAT_BINARY;
+
+    if (!(operation & SMIME_IP))
+        if (flags & CMS_BINARY)
+            informat = FORMAT_BINARY;
+
+    if (operation == SMIME_ENCRYPT) {
+        if (!cipher) {
+# ifndef OPENSSL_NO_DES
+            cipher = EVP_des_ede3_cbc();
+# else
+            BIO_printf(bio_err, "No cipher selected\n");
+            goto end;
+# endif
+        }
+
+        if (secret_key && !secret_keyid) {
+            BIO_printf(bio_err, "No secret key id\n");
+            goto end;
+        }
+
+        if (*argv && encerts == NULL)
+            if ((encerts = sk_X509_new_null()) == NULL)
+                goto end;
+        while (*argv) {
+            if ((cert = load_cert(*argv, FORMAT_PEM,
+                                  "recipient certificate file")) == NULL)
+                goto end;
+            sk_X509_push(encerts, cert);
+            cert = NULL;
+            argv++;
+        }
+    }
+
+    if (certfile != NULL) {
+        if (!load_certs(certfile, &other, FORMAT_PEM, NULL,
+                        "certificate file")) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (recipfile != NULL && (operation == SMIME_DECRYPT)) {
+        if ((recip = load_cert(recipfile, FORMAT_PEM,
+                               "recipient certificate file")) == NULL) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (operation == SMIME_SIGN_RECEIPT) {
+        if ((signer = load_cert(signerfile, FORMAT_PEM,
+                                "receipt signer certificate file")) == NULL) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (operation == SMIME_DECRYPT) {
+        if (keyfile == NULL)
+            keyfile = recipfile;
+    } else if ((operation == SMIME_SIGN) || (operation == SMIME_SIGN_RECEIPT)) {
+        if (keyfile == NULL)
+            keyfile = signerfile;
+    } else {
+        keyfile = NULL;
+    }
+
+    if (keyfile != NULL) {
+        key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
+        if (key == NULL)
+            goto end;
+    }
+
+    in = bio_open_default(infile, 'r', informat);
+    if (in == NULL)
+        goto end;
+
+    if (operation & SMIME_IP) {
+        if (informat == FORMAT_SMIME) {
+            cms = SMIME_read_CMS(in, &indata);
+        } else if (informat == FORMAT_PEM) {
+            cms = PEM_read_bio_CMS(in, NULL, NULL, NULL);
+        } else if (informat == FORMAT_ASN1) {
+            cms = d2i_CMS_bio(in, NULL);
+        } else {
+            BIO_printf(bio_err, "Bad input format for CMS file\n");
+            goto end;
+        }
+
+        if (cms == NULL) {
+            BIO_printf(bio_err, "Error reading S/MIME message\n");
+            goto end;
+        }
+        if (contfile != NULL) {
+            BIO_free(indata);
+            if ((indata = BIO_new_file(contfile, "rb")) == NULL) {
+                BIO_printf(bio_err, "Can't read content file %s\n", contfile);
+                goto end;
+            }
+        }
+        if (certsoutfile != NULL) {
+            STACK_OF(X509) *allcerts;
+            allcerts = CMS_get1_certs(cms);
+            if (!save_certs(certsoutfile, allcerts)) {
+                BIO_printf(bio_err,
+                           "Error writing certs to %s\n", certsoutfile);
+                ret = 5;
+                goto end;
+            }
+            sk_X509_pop_free(allcerts, X509_free);
+        }
+    }
+
+    if (rctfile != NULL) {
+        char *rctmode = (rctformat == FORMAT_ASN1) ? "rb" : "r";
+        if ((rctin = BIO_new_file(rctfile, rctmode)) == NULL) {
+            BIO_printf(bio_err, "Can't open receipt file %s\n", rctfile);
+            goto end;
+        }
+
+        if (rctformat == FORMAT_SMIME) {
+            rcms = SMIME_read_CMS(rctin, NULL);
+        } else if (rctformat == FORMAT_PEM) {
+            rcms = PEM_read_bio_CMS(rctin, NULL, NULL, NULL);
+        } else if (rctformat == FORMAT_ASN1) {
+            rcms = d2i_CMS_bio(rctin, NULL);
+        } else {
+            BIO_printf(bio_err, "Bad input format for receipt\n");
+            goto end;
+        }
+
+        if (rcms == NULL) {
+            BIO_printf(bio_err, "Error reading receipt\n");
+            goto end;
+        }
+    }
+
+    out = bio_open_default(outfile, 'w', outformat);
+    if (out == NULL)
+        goto end;
+
+    if ((operation == SMIME_VERIFY) || (operation == SMIME_VERIFY_RECEIPT)) {
+        if ((store = setup_verify(CAfile, CApath, noCAfile, noCApath)) == NULL)
+            goto end;
+        X509_STORE_set_verify_cb(store, cms_cb);
+        if (vpmtouched)
+            X509_STORE_set1_param(store, vpm);
+    }
+
+    ret = 3;
+
+    if (operation == SMIME_DATA_CREATE) {
+        cms = CMS_data_create(in, flags);
+    } else if (operation == SMIME_DIGEST_CREATE) {
+        cms = CMS_digest_create(in, sign_md, flags);
+    } else if (operation == SMIME_COMPRESS) {
+        cms = CMS_compress(in, -1, flags);
+    } else if (operation == SMIME_ENCRYPT) {
+        int i;
+        flags |= CMS_PARTIAL;
+        cms = CMS_encrypt(NULL, in, cipher, flags);
+        if (cms == NULL)
+            goto end;
+        for (i = 0; i < sk_X509_num(encerts); i++) {
+            CMS_RecipientInfo *ri;
+            cms_key_param *kparam;
+            int tflags = flags;
+            X509 *x = sk_X509_value(encerts, i);
+            for (kparam = key_first; kparam; kparam = kparam->next) {
+                if (kparam->idx == i) {
+                    tflags |= CMS_KEY_PARAM;
+                    break;
+                }
+            }
+            ri = CMS_add1_recipient_cert(cms, x, tflags);
+            if (ri == NULL)
+                goto end;
+            if (kparam != NULL) {
+                EVP_PKEY_CTX *pctx;
+                pctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
+                if (!cms_set_pkey_param(pctx, kparam->param))
+                    goto end;
+            }
+            if (CMS_RecipientInfo_type(ri) == CMS_RECIPINFO_AGREE
+                && wrap_cipher) {
+                EVP_CIPHER_CTX *wctx;
+                wctx = CMS_RecipientInfo_kari_get0_ctx(ri);
+                EVP_EncryptInit_ex(wctx, wrap_cipher, NULL, NULL, NULL);
+            }
+        }
+
+        if (secret_key != NULL) {
+            if (!CMS_add0_recipient_key(cms, NID_undef,
+                                        secret_key, secret_keylen,
+                                        secret_keyid, secret_keyidlen,
+                                        NULL, NULL, NULL))
+                goto end;
+            /* NULL these because call absorbs them */
+            secret_key = NULL;
+            secret_keyid = NULL;
+        }
+        if (pwri_pass != NULL) {
+            pwri_tmp = (unsigned char *)OPENSSL_strdup((char *)pwri_pass);
+            if (pwri_tmp == NULL)
+                goto end;
+            if (CMS_add0_recipient_password(cms,
+                                            -1, NID_undef, NID_undef,
+                                            pwri_tmp, -1, NULL) == NULL)
+                goto end;
+            pwri_tmp = NULL;
+        }
+        if (!(flags & CMS_STREAM)) {
+            if (!CMS_final(cms, in, NULL, flags))
+                goto end;
+        }
+    } else if (operation == SMIME_ENCRYPTED_ENCRYPT) {
+        cms = CMS_EncryptedData_encrypt(in, cipher,
+                                        secret_key, secret_keylen, flags);
+
+    } else if (operation == SMIME_SIGN_RECEIPT) {
+        CMS_ContentInfo *srcms = NULL;
+        STACK_OF(CMS_SignerInfo) *sis;
+        CMS_SignerInfo *si;
+        sis = CMS_get0_SignerInfos(cms);
+        if (sis == NULL)
+            goto end;
+        si = sk_CMS_SignerInfo_value(sis, 0);
+        srcms = CMS_sign_receipt(si, signer, key, other, flags);
+        if (srcms == NULL)
+            goto end;
+        CMS_ContentInfo_free(cms);
+        cms = srcms;
+    } else if (operation & SMIME_SIGNERS) {
+        int i;
+        /*
+         * If detached data content we enable streaming if S/MIME output
+         * format.
+         */
+        if (operation == SMIME_SIGN) {
+
+            if (flags & CMS_DETACHED) {
+                if (outformat == FORMAT_SMIME)
+                    flags |= CMS_STREAM;
+            }
+            flags |= CMS_PARTIAL;
+            cms = CMS_sign(NULL, NULL, other, in, flags);
+            if (cms == NULL)
+                goto end;
+            if (econtent_type != NULL)
+                CMS_set1_eContentType(cms, econtent_type);
+
+            if (rr_to != NULL) {
+                rr = make_receipt_request(rr_to, rr_allorfirst, rr_from);
+                if (rr == NULL) {
+                    BIO_puts(bio_err,
+                             "Signed Receipt Request Creation Error\n");
+                    goto end;
+                }
+            }
+        } else {
+            flags |= CMS_REUSE_DIGEST;
+        }
+        for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) {
+            CMS_SignerInfo *si;
+            cms_key_param *kparam;
+            int tflags = flags;
+            signerfile = sk_OPENSSL_STRING_value(sksigners, i);
+            keyfile = sk_OPENSSL_STRING_value(skkeys, i);
+
+            signer = load_cert(signerfile, FORMAT_PEM, "signer certificate");
+            if (signer == NULL) {
+                ret = 2;
+                goto end;
+            }
+            key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
+            if (key == NULL) {
+                ret = 2;
+                goto end;
+            }
+            for (kparam = key_first; kparam; kparam = kparam->next) {
+                if (kparam->idx == i) {
+                    tflags |= CMS_KEY_PARAM;
+                    break;
+                }
+            }
+            si = CMS_add1_signer(cms, signer, key, sign_md, tflags);
+            if (si == NULL)
+                goto end;
+            if (kparam != NULL) {
+                EVP_PKEY_CTX *pctx;
+                pctx = CMS_SignerInfo_get0_pkey_ctx(si);
+                if (!cms_set_pkey_param(pctx, kparam->param))
+                    goto end;
+            }
+            if (rr != NULL && !CMS_add1_ReceiptRequest(si, rr))
+                goto end;
+            X509_free(signer);
+            signer = NULL;
+            EVP_PKEY_free(key);
+            key = NULL;
+        }
+        /* If not streaming or resigning finalize structure */
+        if ((operation == SMIME_SIGN) && !(flags & CMS_STREAM)) {
+            if (!CMS_final(cms, in, NULL, flags))
+                goto end;
+        }
+    }
+
+    if (cms == NULL) {
+        BIO_printf(bio_err, "Error creating CMS structure\n");
+        goto end;
+    }
+
+    ret = 4;
+    if (operation == SMIME_DECRYPT) {
+        if (flags & CMS_DEBUG_DECRYPT)
+            CMS_decrypt(cms, NULL, NULL, NULL, NULL, flags);
+
+        if (secret_key != NULL) {
+            if (!CMS_decrypt_set1_key(cms,
+                                      secret_key, secret_keylen,
+                                      secret_keyid, secret_keyidlen)) {
+                BIO_puts(bio_err, "Error decrypting CMS using secret key\n");
+                goto end;
+            }
+        }
+
+        if (key != NULL) {
+            if (!CMS_decrypt_set1_pkey(cms, key, recip)) {
+                BIO_puts(bio_err, "Error decrypting CMS using private key\n");
+                goto end;
+            }
+        }
+
+        if (pwri_pass != NULL) {
+            if (!CMS_decrypt_set1_password(cms, pwri_pass, -1)) {
+                BIO_puts(bio_err, "Error decrypting CMS using password\n");
+                goto end;
+            }
+        }
+
+        if (!CMS_decrypt(cms, NULL, NULL, indata, out, flags)) {
+            BIO_printf(bio_err, "Error decrypting CMS structure\n");
+            goto end;
+        }
+    } else if (operation == SMIME_DATAOUT) {
+        if (!CMS_data(cms, out, flags))
+            goto end;
+    } else if (operation == SMIME_UNCOMPRESS) {
+        if (!CMS_uncompress(cms, indata, out, flags))
+            goto end;
+    } else if (operation == SMIME_DIGEST_VERIFY) {
+        if (CMS_digest_verify(cms, indata, out, flags) > 0) {
+            BIO_printf(bio_err, "Verification successful\n");
+        } else {
+            BIO_printf(bio_err, "Verification failure\n");
+            goto end;
+        }
+    } else if (operation == SMIME_ENCRYPTED_DECRYPT) {
+        if (!CMS_EncryptedData_decrypt(cms, secret_key, secret_keylen,
+                                       indata, out, flags))
+            goto end;
+    } else if (operation == SMIME_VERIFY) {
+        if (CMS_verify(cms, other, store, indata, out, flags) > 0) {
+            BIO_printf(bio_err, "Verification successful\n");
+        } else {
+            BIO_printf(bio_err, "Verification failure\n");
+            if (verify_retcode)
+                ret = verify_err + 32;
+            goto end;
+        }
+        if (signerfile != NULL) {
+            STACK_OF(X509) *signers;
+            signers = CMS_get0_signers(cms);
+            if (!save_certs(signerfile, signers)) {
+                BIO_printf(bio_err,
+                           "Error writing signers to %s\n", signerfile);
+                ret = 5;
+                goto end;
+            }
+            sk_X509_free(signers);
+        }
+        if (rr_print)
+            receipt_request_print(cms);
+
+    } else if (operation == SMIME_VERIFY_RECEIPT) {
+        if (CMS_verify_receipt(rcms, cms, other, store, flags) > 0) {
+            BIO_printf(bio_err, "Verification successful\n");
+        } else {
+            BIO_printf(bio_err, "Verification failure\n");
+            goto end;
+        }
+    } else {
+        if (noout) {
+            if (print)
+                CMS_ContentInfo_print_ctx(out, cms, 0, NULL);
+        } else if (outformat == FORMAT_SMIME) {
+            if (to)
+                BIO_printf(out, "To: %s%s", to, mime_eol);
+            if (from)
+                BIO_printf(out, "From: %s%s", from, mime_eol);
+            if (subject)
+                BIO_printf(out, "Subject: %s%s", subject, mime_eol);
+            if (operation == SMIME_RESIGN)
+                ret = SMIME_write_CMS(out, cms, indata, flags);
+            else
+                ret = SMIME_write_CMS(out, cms, in, flags);
+        } else if (outformat == FORMAT_PEM) {
+            ret = PEM_write_bio_CMS_stream(out, cms, in, flags);
+        } else if (outformat == FORMAT_ASN1) {
+            ret = i2d_CMS_bio_stream(out, cms, in, flags);
+        } else {
+            BIO_printf(bio_err, "Bad output format for CMS file\n");
+            goto end;
+        }
+        if (ret <= 0) {
+            ret = 6;
+            goto end;
+        }
+    }
+    ret = 0;
+ end:
+    if (ret)
+        ERR_print_errors(bio_err);
+    sk_X509_pop_free(encerts, X509_free);
+    sk_X509_pop_free(other, X509_free);
+    X509_VERIFY_PARAM_free(vpm);
+    sk_OPENSSL_STRING_free(sksigners);
+    sk_OPENSSL_STRING_free(skkeys);
+    OPENSSL_free(secret_key);
+    OPENSSL_free(secret_keyid);
+    OPENSSL_free(pwri_tmp);
+    ASN1_OBJECT_free(econtent_type);
+    CMS_ReceiptRequest_free(rr);
+    sk_OPENSSL_STRING_free(rr_to);
+    sk_OPENSSL_STRING_free(rr_from);
+    for (key_param = key_first; key_param;) {
+        cms_key_param *tparam;
+        sk_OPENSSL_STRING_free(key_param->param);
+        tparam = key_param->next;
+        OPENSSL_free(key_param);
+        key_param = tparam;
+    }
+    X509_STORE_free(store);
+    X509_free(cert);
+    X509_free(recip);
+    X509_free(signer);
+    EVP_PKEY_free(key);
+    CMS_ContentInfo_free(cms);
+    CMS_ContentInfo_free(rcms);
+    release_engine(e);
+    BIO_free(rctin);
+    BIO_free(in);
+    BIO_free(indata);
+    BIO_free_all(out);
+    OPENSSL_free(passin);
+    return ret;
+}
+
+static int save_certs(char *signerfile, STACK_OF(X509) *signers)
+{
+    int i;
+    BIO *tmp;
+    if (signerfile == NULL)
+        return 1;
+    tmp = BIO_new_file(signerfile, "w");
+    if (tmp == NULL)
+        return 0;
+    for (i = 0; i < sk_X509_num(signers); i++)
+        PEM_write_bio_X509(tmp, sk_X509_value(signers, i));
+    BIO_free(tmp);
+    return 1;
+}
+
+/* Minimal callback just to output policy info (if any) */
+
+static int cms_cb(int ok, X509_STORE_CTX *ctx)
+{
+    int error;
+
+    error = X509_STORE_CTX_get_error(ctx);
+
+    verify_err = error;
+
+    if ((error != X509_V_ERR_NO_EXPLICIT_POLICY)
+        && ((error != X509_V_OK) || (ok != 2)))
+        return ok;
+
+    policies_print(ctx);
+
+    return ok;
+
+}
+
+static void gnames_stack_print(STACK_OF(GENERAL_NAMES) *gns)
+{
+    STACK_OF(GENERAL_NAME) *gens;
+    GENERAL_NAME *gen;
+    int i, j;
+
+    for (i = 0; i < sk_GENERAL_NAMES_num(gns); i++) {
+        gens = sk_GENERAL_NAMES_value(gns, i);
+        for (j = 0; j < sk_GENERAL_NAME_num(gens); j++) {
+            gen = sk_GENERAL_NAME_value(gens, j);
+            BIO_puts(bio_err, "    ");
+            GENERAL_NAME_print(bio_err, gen);
+            BIO_puts(bio_err, "\n");
+        }
+    }
+    return;
+}
+
+static void receipt_request_print(CMS_ContentInfo *cms)
+{
+    STACK_OF(CMS_SignerInfo) *sis;
+    CMS_SignerInfo *si;
+    CMS_ReceiptRequest *rr;
+    int allorfirst;
+    STACK_OF(GENERAL_NAMES) *rto, *rlist;
+    ASN1_STRING *scid;
+    int i, rv;
+    sis = CMS_get0_SignerInfos(cms);
+    for (i = 0; i < sk_CMS_SignerInfo_num(sis); i++) {
+        si = sk_CMS_SignerInfo_value(sis, i);
+        rv = CMS_get1_ReceiptRequest(si, &rr);
+        BIO_printf(bio_err, "Signer %d:\n", i + 1);
+        if (rv == 0) {
+            BIO_puts(bio_err, "  No Receipt Request\n");
+        } else if (rv < 0) {
+            BIO_puts(bio_err, "  Receipt Request Parse Error\n");
+            ERR_print_errors(bio_err);
+        } else {
+            const char *id;
+            int idlen;
+            CMS_ReceiptRequest_get0_values(rr, &scid, &allorfirst,
+                                           &rlist, &rto);
+            BIO_puts(bio_err, "  Signed Content ID:\n");
+            idlen = ASN1_STRING_length(scid);
+            id = (const char *)ASN1_STRING_get0_data(scid);
+            BIO_dump_indent(bio_err, id, idlen, 4);
+            BIO_puts(bio_err, "  Receipts From");
+            if (rlist != NULL) {
+                BIO_puts(bio_err, " List:\n");
+                gnames_stack_print(rlist);
+            } else if (allorfirst == 1) {
+                BIO_puts(bio_err, ": First Tier\n");
+            } else if (allorfirst == 0) {
+                BIO_puts(bio_err, ": All\n");
+            } else {
+                BIO_printf(bio_err, " Unknown (%d)\n", allorfirst);
+            }
+            BIO_puts(bio_err, "  Receipts To:\n");
+            gnames_stack_print(rto);
+        }
+        CMS_ReceiptRequest_free(rr);
+    }
+}
+
+static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(OPENSSL_STRING) *ns)
+{
+    int i;
+    STACK_OF(GENERAL_NAMES) *ret;
+    GENERAL_NAMES *gens = NULL;
+    GENERAL_NAME *gen = NULL;
+    ret = sk_GENERAL_NAMES_new_null();
+    if (ret == NULL)
+        goto err;
+    for (i = 0; i < sk_OPENSSL_STRING_num(ns); i++) {
+        char *str = sk_OPENSSL_STRING_value(ns, i);
+        gen = a2i_GENERAL_NAME(NULL, NULL, NULL, GEN_EMAIL, str, 0);
+        if (gen == NULL)
+            goto err;
+        gens = GENERAL_NAMES_new();
+        if (gens == NULL)
+            goto err;
+        if (!sk_GENERAL_NAME_push(gens, gen))
+            goto err;
+        gen = NULL;
+        if (!sk_GENERAL_NAMES_push(ret, gens))
+            goto err;
+        gens = NULL;
+    }
+
+    return ret;
+
+ err:
+    sk_GENERAL_NAMES_pop_free(ret, GENERAL_NAMES_free);
+    GENERAL_NAMES_free(gens);
+    GENERAL_NAME_free(gen);
+    return NULL;
+}
+
+static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING)
+                                                *rr_to, int rr_allorfirst, STACK_OF(OPENSSL_STRING)
+                                                *rr_from)
+{
+    STACK_OF(GENERAL_NAMES) *rct_to = NULL, *rct_from = NULL;
+    CMS_ReceiptRequest *rr;
+    rct_to = make_names_stack(rr_to);
+    if (rct_to == NULL)
+        goto err;
+    if (rr_from != NULL) {
+        rct_from = make_names_stack(rr_from);
+        if (rct_from == NULL)
+            goto err;
+    } else {
+        rct_from = NULL;
+    }
+    rr = CMS_ReceiptRequest_create0(NULL, -1, rr_allorfirst, rct_from,
+                                    rct_to);
+    return rr;
+ err:
+    sk_GENERAL_NAMES_pop_free(rct_to, GENERAL_NAMES_free);
+    return NULL;
+}
+
+static int cms_set_pkey_param(EVP_PKEY_CTX *pctx,
+                              STACK_OF(OPENSSL_STRING) *param)
+{
+    char *keyopt;
+    int i;
+    if (sk_OPENSSL_STRING_num(param) <= 0)
+        return 1;
+    for (i = 0; i < sk_OPENSSL_STRING_num(param); i++) {
+        keyopt = sk_OPENSSL_STRING_value(param, i);
+        if (pkey_ctrl_string(pctx, keyopt) <= 0) {
+            BIO_printf(bio_err, "parameter error \"%s\"\n", keyopt);
+            ERR_print_errors(bio_err);
+            return 0;
+        }
+    }
+    return 1;
+}
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/crl.c b/trunk/3rdparty/openssl-1.1-fit/apps/crl.c
new file mode 100644
index 000000000..031fada14
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/crl.c
@@ -0,0 +1,342 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/pem.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_INFORM, OPT_IN, OPT_OUTFORM, OPT_OUT, OPT_KEYFORM, OPT_KEY,
+    OPT_ISSUER, OPT_LASTUPDATE, OPT_NEXTUPDATE, OPT_FINGERPRINT,
+    OPT_CRLNUMBER, OPT_BADSIG, OPT_GENDELTA, OPT_CAPATH, OPT_CAFILE,
+    OPT_NOCAPATH, OPT_NOCAFILE, OPT_VERIFY, OPT_TEXT, OPT_HASH, OPT_HASH_OLD,
+    OPT_NOOUT, OPT_NAMEOPT, OPT_MD
+} OPTION_CHOICE;
+
+const OPTIONS crl_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"inform", OPT_INFORM, 'F', "Input format; default PEM"},
+    {"in", OPT_IN, '<', "Input file - default stdin"},
+    {"outform", OPT_OUTFORM, 'F', "Output format - default PEM"},
+    {"out", OPT_OUT, '>', "output file - default stdout"},
+    {"keyform", OPT_KEYFORM, 'F', "Private key file format (PEM or ENGINE)"},
+    {"key", OPT_KEY, '<', "CRL signing Private key to use"},
+    {"issuer", OPT_ISSUER, '-', "Print issuer DN"},
+    {"lastupdate", OPT_LASTUPDATE, '-', "Set lastUpdate field"},
+    {"nextupdate", OPT_NEXTUPDATE, '-', "Set nextUpdate field"},
+    {"noout", OPT_NOOUT, '-', "No CRL output"},
+    {"fingerprint", OPT_FINGERPRINT, '-', "Print the crl fingerprint"},
+    {"crlnumber", OPT_CRLNUMBER, '-', "Print CRL number"},
+    {"badsig", OPT_BADSIG, '-', "Corrupt last byte of loaded CRL signature (for test)" },
+    {"gendelta", OPT_GENDELTA, '<', "Other CRL to compare/diff to the Input one"},
+    {"CApath", OPT_CAPATH, '/', "Verify CRL using certificates in dir"},
+    {"CAfile", OPT_CAFILE, '<', "Verify CRL using certificates in file name"},
+    {"no-CAfile", OPT_NOCAFILE, '-',
+     "Do not load the default certificates file"},
+    {"no-CApath", OPT_NOCAPATH, '-',
+     "Do not load certificates from the default certificates directory"},
+    {"verify", OPT_VERIFY, '-', "Verify CRL signature"},
+    {"text", OPT_TEXT, '-', "Print out a text format version"},
+    {"hash", OPT_HASH, '-', "Print hash value"},
+    {"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"},
+    {"", OPT_MD, '-', "Any supported digest"},
+#ifndef OPENSSL_NO_MD5
+    {"hash_old", OPT_HASH_OLD, '-', "Print old-style (MD5) hash value"},
+#endif
+    {NULL}
+};
+
+int crl_main(int argc, char **argv)
+{
+    X509_CRL *x = NULL;
+    BIO *out = NULL;
+    X509_STORE *store = NULL;
+    X509_STORE_CTX *ctx = NULL;
+    X509_LOOKUP *lookup = NULL;
+    X509_OBJECT *xobj = NULL;
+    EVP_PKEY *pkey;
+    const EVP_MD *digest = EVP_sha1();
+    char *infile = NULL, *outfile = NULL, *crldiff = NULL, *keyfile = NULL;
+    const char *CAfile = NULL, *CApath = NULL, *prog;
+    OPTION_CHOICE o;
+    int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout = 0;
+    int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyformat = FORMAT_PEM;
+    int ret = 1, num = 0, badsig = 0, fingerprint = 0, crlnumber = 0;
+    int text = 0, do_ver = 0, noCAfile = 0, noCApath = 0;
+    int i;
+#ifndef OPENSSL_NO_MD5
+    int hash_old = 0;
+#endif
+
+    prog = opt_init(argc, argv, crl_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(crl_options);
+            ret = 0;
+            goto end;
+        case OPT_INFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
+                goto opthelp;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
+                goto opthelp;
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_KEYFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &keyformat))
+                goto opthelp;
+            break;
+        case OPT_KEY:
+            keyfile = opt_arg();
+            break;
+        case OPT_GENDELTA:
+            crldiff = opt_arg();
+            break;
+        case OPT_CAPATH:
+            CApath = opt_arg();
+            do_ver = 1;
+            break;
+        case OPT_CAFILE:
+            CAfile = opt_arg();
+            do_ver = 1;
+            break;
+        case OPT_NOCAPATH:
+            noCApath =  1;
+            break;
+        case OPT_NOCAFILE:
+            noCAfile =  1;
+            break;
+        case OPT_HASH_OLD:
+#ifndef OPENSSL_NO_MD5
+            hash_old = ++num;
+#endif
+            break;
+        case OPT_VERIFY:
+            do_ver = 1;
+            break;
+        case OPT_TEXT:
+            text = 1;
+            break;
+        case OPT_HASH:
+            hash = ++num;
+            break;
+        case OPT_ISSUER:
+            issuer = ++num;
+            break;
+        case OPT_LASTUPDATE:
+            lastupdate = ++num;
+            break;
+        case OPT_NEXTUPDATE:
+            nextupdate = ++num;
+            break;
+        case OPT_NOOUT:
+            noout = ++num;
+            break;
+        case OPT_FINGERPRINT:
+            fingerprint = ++num;
+            break;
+        case OPT_CRLNUMBER:
+            crlnumber = ++num;
+            break;
+        case OPT_BADSIG:
+            badsig = 1;
+            break;
+        case OPT_NAMEOPT:
+            if (!set_nameopt(opt_arg()))
+                goto opthelp;
+            break;
+        case OPT_MD:
+            if (!opt_md(opt_unknown(), &digest))
+                goto opthelp;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    x = load_crl(infile, informat);
+    if (x == NULL)
+        goto end;
+
+    if (do_ver) {
+        if ((store = setup_verify(CAfile, CApath, noCAfile, noCApath)) == NULL)
+            goto end;
+        lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
+        if (lookup == NULL)
+            goto end;
+        ctx = X509_STORE_CTX_new();
+        if (ctx == NULL || !X509_STORE_CTX_init(ctx, store, NULL, NULL)) {
+            BIO_printf(bio_err, "Error initialising X509 store\n");
+            goto end;
+        }
+
+        xobj = X509_STORE_CTX_get_obj_by_subject(ctx, X509_LU_X509,
+                                                 X509_CRL_get_issuer(x));
+        if (xobj == NULL) {
+            BIO_printf(bio_err, "Error getting CRL issuer certificate\n");
+            goto end;
+        }
+        pkey = X509_get_pubkey(X509_OBJECT_get0_X509(xobj));
+        X509_OBJECT_free(xobj);
+        if (!pkey) {
+            BIO_printf(bio_err, "Error getting CRL issuer public key\n");
+            goto end;
+        }
+        i = X509_CRL_verify(x, pkey);
+        EVP_PKEY_free(pkey);
+        if (i < 0)
+            goto end;
+        if (i == 0)
+            BIO_printf(bio_err, "verify failure\n");
+        else
+            BIO_printf(bio_err, "verify OK\n");
+    }
+
+    if (crldiff) {
+        X509_CRL *newcrl, *delta;
+        if (!keyfile) {
+            BIO_puts(bio_err, "Missing CRL signing key\n");
+            goto end;
+        }
+        newcrl = load_crl(crldiff, informat);
+        if (!newcrl)
+            goto end;
+        pkey = load_key(keyfile, keyformat, 0, NULL, NULL, "CRL signing key");
+        if (!pkey) {
+            X509_CRL_free(newcrl);
+            goto end;
+        }
+        delta = X509_CRL_diff(x, newcrl, pkey, digest, 0);
+        X509_CRL_free(newcrl);
+        EVP_PKEY_free(pkey);
+        if (delta) {
+            X509_CRL_free(x);
+            x = delta;
+        } else {
+            BIO_puts(bio_err, "Error creating delta CRL\n");
+            goto end;
+        }
+    }
+
+    if (badsig) {
+        const ASN1_BIT_STRING *sig;
+
+        X509_CRL_get0_signature(x, &sig, NULL);
+        corrupt_signature(sig);
+    }
+
+    if (num) {
+        for (i = 1; i <= num; i++) {
+            if (issuer == i) {
+                print_name(bio_out, "issuer=", X509_CRL_get_issuer(x),
+                           get_nameopt());
+            }
+            if (crlnumber == i) {
+                ASN1_INTEGER *crlnum;
+                crlnum = X509_CRL_get_ext_d2i(x, NID_crl_number, NULL, NULL);
+                BIO_printf(bio_out, "crlNumber=");
+                if (crlnum) {
+                    i2a_ASN1_INTEGER(bio_out, crlnum);
+                    ASN1_INTEGER_free(crlnum);
+                } else
+                    BIO_puts(bio_out, "<NONE>");
+                BIO_printf(bio_out, "\n");
+            }
+            if (hash == i) {
+                BIO_printf(bio_out, "%08lx\n",
+                           X509_NAME_hash(X509_CRL_get_issuer(x)));
+            }
+#ifndef OPENSSL_NO_MD5
+            if (hash_old == i) {
+                BIO_printf(bio_out, "%08lx\n",
+                           X509_NAME_hash_old(X509_CRL_get_issuer(x)));
+            }
+#endif
+            if (lastupdate == i) {
+                BIO_printf(bio_out, "lastUpdate=");
+                ASN1_TIME_print(bio_out, X509_CRL_get0_lastUpdate(x));
+                BIO_printf(bio_out, "\n");
+            }
+            if (nextupdate == i) {
+                BIO_printf(bio_out, "nextUpdate=");
+                if (X509_CRL_get0_nextUpdate(x))
+                    ASN1_TIME_print(bio_out, X509_CRL_get0_nextUpdate(x));
+                else
+                    BIO_printf(bio_out, "NONE");
+                BIO_printf(bio_out, "\n");
+            }
+            if (fingerprint == i) {
+                int j;
+                unsigned int n;
+                unsigned char md[EVP_MAX_MD_SIZE];
+
+                if (!X509_CRL_digest(x, digest, md, &n)) {
+                    BIO_printf(bio_err, "out of memory\n");
+                    goto end;
+                }
+                BIO_printf(bio_out, "%s Fingerprint=",
+                           OBJ_nid2sn(EVP_MD_type(digest)));
+                for (j = 0; j < (int)n; j++) {
+                    BIO_printf(bio_out, "%02X%c", md[j], (j + 1 == (int)n)
+                               ? '\n' : ':');
+                }
+            }
+        }
+    }
+    out = bio_open_default(outfile, 'w', outformat);
+    if (out == NULL)
+        goto end;
+
+    if (text)
+        X509_CRL_print_ex(out, x, get_nameopt());
+
+    if (noout) {
+        ret = 0;
+        goto end;
+    }
+
+    if (outformat == FORMAT_ASN1)
+        i = (int)i2d_X509_CRL_bio(out, x);
+    else
+        i = PEM_write_bio_X509_CRL(out, x);
+    if (!i) {
+        BIO_printf(bio_err, "unable to write CRL\n");
+        goto end;
+    }
+    ret = 0;
+
+ end:
+    if (ret != 0)
+        ERR_print_errors(bio_err);
+    BIO_free_all(out);
+    X509_CRL_free(x);
+    X509_STORE_CTX_free(ctx);
+    X509_STORE_free(store);
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/crl2p7.c b/trunk/3rdparty/openssl-1.1-fit/apps/crl2p7.c
new file mode 100644
index 000000000..88fabcb22
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/crl2p7.c
@@ -0,0 +1,217 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <sys/types.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pem.h>
+#include <openssl/objects.h>
+
+static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile);
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_NOCRL, OPT_CERTFILE
+} OPTION_CHOICE;
+
+const OPTIONS crl2pkcs7_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"inform", OPT_INFORM, 'F', "Input format - DER or PEM"},
+    {"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"},
+    {"in", OPT_IN, '<', "Input file"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"nocrl", OPT_NOCRL, '-', "No crl to load, just certs from '-certfile'"},
+    {"certfile", OPT_CERTFILE, '<',
+     "File of chain of certs to a trusted CA; can be repeated"},
+    {NULL}
+};
+
+int crl2pkcs7_main(int argc, char **argv)
+{
+    BIO *in = NULL, *out = NULL;
+    PKCS7 *p7 = NULL;
+    PKCS7_SIGNED *p7s = NULL;
+    STACK_OF(OPENSSL_STRING) *certflst = NULL;
+    STACK_OF(X509) *cert_stack = NULL;
+    STACK_OF(X509_CRL) *crl_stack = NULL;
+    X509_CRL *crl = NULL;
+    char *infile = NULL, *outfile = NULL, *prog, *certfile;
+    int i = 0, informat = FORMAT_PEM, outformat = FORMAT_PEM, ret = 1, nocrl =
+        0;
+    OPTION_CHOICE o;
+
+    prog = opt_init(argc, argv, crl2pkcs7_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(crl2pkcs7_options);
+            ret = 0;
+            goto end;
+        case OPT_INFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
+                goto opthelp;
+            break;
+        case OPT_OUTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
+                goto opthelp;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_NOCRL:
+            nocrl = 1;
+            break;
+        case OPT_CERTFILE:
+            if ((certflst == NULL)
+                && (certflst = sk_OPENSSL_STRING_new_null()) == NULL)
+                goto end;
+            if (!sk_OPENSSL_STRING_push(certflst, opt_arg()))
+                goto end;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    if (!nocrl) {
+        in = bio_open_default(infile, 'r', informat);
+        if (in == NULL)
+            goto end;
+
+        if (informat == FORMAT_ASN1)
+            crl = d2i_X509_CRL_bio(in, NULL);
+        else if (informat == FORMAT_PEM)
+            crl = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
+        if (crl == NULL) {
+            BIO_printf(bio_err, "unable to load CRL\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if ((p7 = PKCS7_new()) == NULL)
+        goto end;
+    if ((p7s = PKCS7_SIGNED_new()) == NULL)
+        goto end;
+    p7->type = OBJ_nid2obj(NID_pkcs7_signed);
+    p7->d.sign = p7s;
+    p7s->contents->type = OBJ_nid2obj(NID_pkcs7_data);
+
+    if (!ASN1_INTEGER_set(p7s->version, 1))
+        goto end;
+    if ((crl_stack = sk_X509_CRL_new_null()) == NULL)
+        goto end;
+    p7s->crl = crl_stack;
+    if (crl != NULL) {
+        sk_X509_CRL_push(crl_stack, crl);
+        crl = NULL;             /* now part of p7 for OPENSSL_freeing */
+    }
+
+    if ((cert_stack = sk_X509_new_null()) == NULL)
+        goto end;
+    p7s->cert = cert_stack;
+
+    if (certflst != NULL)
+        for (i = 0; i < sk_OPENSSL_STRING_num(certflst); i++) {
+            certfile = sk_OPENSSL_STRING_value(certflst, i);
+            if (add_certs_from_file(cert_stack, certfile) < 0) {
+                BIO_printf(bio_err, "error loading certificates\n");
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+        }
+
+    out = bio_open_default(outfile, 'w', outformat);
+    if (out == NULL)
+        goto end;
+
+    if (outformat == FORMAT_ASN1)
+        i = i2d_PKCS7_bio(out, p7);
+    else if (outformat == FORMAT_PEM)
+        i = PEM_write_bio_PKCS7(out, p7);
+    if (!i) {
+        BIO_printf(bio_err, "unable to write pkcs7 object\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+    ret = 0;
+ end:
+    sk_OPENSSL_STRING_free(certflst);
+    BIO_free(in);
+    BIO_free_all(out);
+    PKCS7_free(p7);
+    X509_CRL_free(crl);
+
+    return ret;
+}
+
+/*-
+ *----------------------------------------------------------------------
+ * int add_certs_from_file
+ *
+ *      Read a list of certificates to be checked from a file.
+ *
+ * Results:
+ *      number of certs added if successful, -1 if not.
+ *----------------------------------------------------------------------
+ */
+static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile)
+{
+    BIO *in = NULL;
+    int count = 0;
+    int ret = -1;
+    STACK_OF(X509_INFO) *sk = NULL;
+    X509_INFO *xi;
+
+    in = BIO_new_file(certfile, "r");
+    if (in == NULL) {
+        BIO_printf(bio_err, "error opening the file, %s\n", certfile);
+        goto end;
+    }
+
+    /* This loads from a file, a stack of x509/crl/pkey sets */
+    sk = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
+    if (sk == NULL) {
+        BIO_printf(bio_err, "error reading the file, %s\n", certfile);
+        goto end;
+    }
+
+    /* scan over it and pull out the CRL's */
+    while (sk_X509_INFO_num(sk)) {
+        xi = sk_X509_INFO_shift(sk);
+        if (xi->x509 != NULL) {
+            sk_X509_push(stack, xi->x509);
+            xi->x509 = NULL;
+            count++;
+        }
+        X509_INFO_free(xi);
+    }
+
+    ret = count;
+ end:
+    /* never need to OPENSSL_free x */
+    BIO_free(in);
+    sk_X509_INFO_free(sk);
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/ct_log_list.cnf b/trunk/3rdparty/openssl-1.1-fit/apps/ct_log_list.cnf
new file mode 100644
index 000000000..e643cfdbd
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/ct_log_list.cnf
@@ -0,0 +1,9 @@
+# This file specifies the Certificate Transparency logs
+# that are to be trusted.
+
+# Google's list of logs can be found here:
+#       www.certificate-transparency.org/known-logs
+# A Python program to convert the log list to OpenSSL's format can be
+# found here:
+#       https://github.com/google/certificate-transparency/blob/master/python/utilities/log_list/print_log_list.py
+# Use the "--openssl_output" flag.
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/demoSRP/srp_verifier.txt b/trunk/3rdparty/openssl-1.1-fit/apps/demoSRP/srp_verifier.txt
new file mode 100644
index 000000000..c2d5c6033
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/demoSRP/srp_verifier.txt
@@ -0,0 +1,6 @@
+# This is a file that will be filled by the openssl srp routine.
+# You can initialize the file with additional groups, these are
+# records starting with a I followed by the g and N values and the id.
+# The exact values ... you have to dig this out from the source of srp.c
+# or srp_vfy.c
+# The last value of an I is used as the default group for new users.
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/demoSRP/srp_verifier.txt.attr b/trunk/3rdparty/openssl-1.1-fit/apps/demoSRP/srp_verifier.txt.attr
new file mode 100644
index 000000000..8f7e63a34
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/demoSRP/srp_verifier.txt.attr
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/dgst.c b/trunk/3rdparty/openssl-1.1-fit/apps/dgst.c
new file mode 100644
index 000000000..d158a0ccb
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/dgst.c
@@ -0,0 +1,492 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/hmac.h>
+
+#undef BUFSIZE
+#define BUFSIZE 1024*8
+
+int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
+          EVP_PKEY *key, unsigned char *sigin, int siglen,
+          const char *sig_name, const char *md_name,
+          const char *file);
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_C, OPT_R, OPT_OUT, OPT_SIGN, OPT_PASSIN, OPT_VERIFY,
+    OPT_PRVERIFY, OPT_SIGNATURE, OPT_KEYFORM, OPT_ENGINE, OPT_ENGINE_IMPL,
+    OPT_HEX, OPT_BINARY, OPT_DEBUG, OPT_FIPS_FINGERPRINT,
+    OPT_HMAC, OPT_MAC, OPT_SIGOPT, OPT_MACOPT,
+    OPT_DIGEST,
+    OPT_R_ENUM
+} OPTION_CHOICE;
+
+const OPTIONS dgst_options[] = {
+    {OPT_HELP_STR, 1, '-', "Usage: %s [options] [file...]\n"},
+    {OPT_HELP_STR, 1, '-',
+        "  file... files to digest (default is stdin)\n"},
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"c", OPT_C, '-', "Print the digest with separating colons"},
+    {"r", OPT_R, '-', "Print the digest in coreutils format"},
+    {"out", OPT_OUT, '>', "Output to filename rather than stdout"},
+    {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+    {"sign", OPT_SIGN, 's', "Sign digest using private key"},
+    {"verify", OPT_VERIFY, 's',
+     "Verify a signature using public key"},
+    {"prverify", OPT_PRVERIFY, 's',
+     "Verify a signature using private key"},
+    {"signature", OPT_SIGNATURE, '<', "File with signature to verify"},
+    {"keyform", OPT_KEYFORM, 'f', "Key file format (PEM or ENGINE)"},
+    {"hex", OPT_HEX, '-', "Print as hex dump"},
+    {"binary", OPT_BINARY, '-', "Print in binary form"},
+    {"d", OPT_DEBUG, '-', "Print debug info"},
+    {"debug", OPT_DEBUG, '-', "Print debug info"},
+    {"fips-fingerprint", OPT_FIPS_FINGERPRINT, '-',
+     "Compute HMAC with the key used in OpenSSL-FIPS fingerprint"},
+    {"hmac", OPT_HMAC, 's', "Create hashed MAC with key"},
+    {"mac", OPT_MAC, 's', "Create MAC (not necessarily HMAC)"},
+    {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
+    {"macopt", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form or key"},
+    {"", OPT_DIGEST, '-', "Any supported digest"},
+    OPT_R_OPTIONS,
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
+    {"engine_impl", OPT_ENGINE_IMPL, '-',
+     "Also use engine given by -engine for digest operations"},
+#endif
+    {NULL}
+};
+
+int dgst_main(int argc, char **argv)
+{
+    BIO *in = NULL, *inp, *bmd = NULL, *out = NULL;
+    ENGINE *e = NULL, *impl = NULL;
+    EVP_PKEY *sigkey = NULL;
+    STACK_OF(OPENSSL_STRING) *sigopts = NULL, *macopts = NULL;
+    char *hmac_key = NULL;
+    char *mac_name = NULL;
+    char *passinarg = NULL, *passin = NULL;
+    const EVP_MD *md = NULL, *m;
+    const char *outfile = NULL, *keyfile = NULL, *prog = NULL;
+    const char *sigfile = NULL;
+    OPTION_CHOICE o;
+    int separator = 0, debug = 0, keyform = FORMAT_PEM, siglen = 0;
+    int i, ret = 1, out_bin = -1, want_pub = 0, do_verify = 0;
+    unsigned char *buf = NULL, *sigbuf = NULL;
+    int engine_impl = 0;
+
+    prog = opt_progname(argv[0]);
+    buf = app_malloc(BUFSIZE, "I/O buffer");
+    md = EVP_get_digestbyname(prog);
+
+    prog = opt_init(argc, argv, dgst_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(dgst_options);
+            ret = 0;
+            goto end;
+        case OPT_C:
+            separator = 1;
+            break;
+        case OPT_R:
+            separator = 2;
+            break;
+        case OPT_R_CASES:
+            if (!opt_rand(o))
+                goto end;
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_SIGN:
+            keyfile = opt_arg();
+            break;
+        case OPT_PASSIN:
+            passinarg = opt_arg();
+            break;
+        case OPT_VERIFY:
+            keyfile = opt_arg();
+            want_pub = do_verify = 1;
+            break;
+        case OPT_PRVERIFY:
+            keyfile = opt_arg();
+            do_verify = 1;
+            break;
+        case OPT_SIGNATURE:
+            sigfile = opt_arg();
+            break;
+        case OPT_KEYFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyform))
+                goto opthelp;
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_ENGINE_IMPL:
+            engine_impl = 1;
+            break;
+        case OPT_HEX:
+            out_bin = 0;
+            break;
+        case OPT_BINARY:
+            out_bin = 1;
+            break;
+        case OPT_DEBUG:
+            debug = 1;
+            break;
+        case OPT_FIPS_FINGERPRINT:
+            hmac_key = "etaonrishdlcupfm";
+            break;
+        case OPT_HMAC:
+            hmac_key = opt_arg();
+            break;
+        case OPT_MAC:
+            mac_name = opt_arg();
+            break;
+        case OPT_SIGOPT:
+            if (!sigopts)
+                sigopts = sk_OPENSSL_STRING_new_null();
+            if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, opt_arg()))
+                goto opthelp;
+            break;
+        case OPT_MACOPT:
+            if (!macopts)
+                macopts = sk_OPENSSL_STRING_new_null();
+            if (!macopts || !sk_OPENSSL_STRING_push(macopts, opt_arg()))
+                goto opthelp;
+            break;
+        case OPT_DIGEST:
+            if (!opt_md(opt_unknown(), &m))
+                goto opthelp;
+            md = m;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    argv = opt_rest();
+    if (keyfile != NULL && argc > 1) {
+        BIO_printf(bio_err, "%s: Can only sign or verify one file.\n", prog);
+        goto end;
+    }
+
+    if (do_verify && sigfile == NULL) {
+        BIO_printf(bio_err,
+                   "No signature to verify: use the -signature option\n");
+        goto end;
+    }
+    if (engine_impl)
+        impl = e;
+
+    in = BIO_new(BIO_s_file());
+    bmd = BIO_new(BIO_f_md());
+    if ((in == NULL) || (bmd == NULL)) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    if (debug) {
+        BIO_set_callback(in, BIO_debug_callback);
+        /* needed for windows 3.1 */
+        BIO_set_callback_arg(in, (char *)bio_err);
+    }
+
+    if (!app_passwd(passinarg, NULL, &passin, NULL)) {
+        BIO_printf(bio_err, "Error getting password\n");
+        goto end;
+    }
+
+    if (out_bin == -1) {
+        if (keyfile != NULL)
+            out_bin = 1;
+        else
+            out_bin = 0;
+    }
+
+    out = bio_open_default(outfile, 'w', out_bin ? FORMAT_BINARY : FORMAT_TEXT);
+    if (out == NULL)
+        goto end;
+
+    if ((!(mac_name == NULL) + !(keyfile == NULL) + !(hmac_key == NULL)) > 1) {
+        BIO_printf(bio_err, "MAC and Signing key cannot both be specified\n");
+        goto end;
+    }
+
+    if (keyfile != NULL) {
+        int type;
+
+        if (want_pub)
+            sigkey = load_pubkey(keyfile, keyform, 0, NULL, e, "key file");
+        else
+            sigkey = load_key(keyfile, keyform, 0, passin, e, "key file");
+        if (sigkey == NULL) {
+            /*
+             * load_[pub]key() has already printed an appropriate message
+             */
+            goto end;
+        }
+        type = EVP_PKEY_id(sigkey);
+        if (type == EVP_PKEY_ED25519 || type == EVP_PKEY_ED448) {
+            /*
+             * We implement PureEdDSA for these which doesn't have a separate
+             * digest, and only supports one shot.
+             */
+            BIO_printf(bio_err, "Key type not supported for this operation\n");
+            goto end;
+        }
+    }
+
+    if (mac_name != NULL) {
+        EVP_PKEY_CTX *mac_ctx = NULL;
+        int r = 0;
+        if (!init_gen_str(&mac_ctx, mac_name, impl, 0))
+            goto mac_end;
+        if (macopts != NULL) {
+            char *macopt;
+            for (i = 0; i < sk_OPENSSL_STRING_num(macopts); i++) {
+                macopt = sk_OPENSSL_STRING_value(macopts, i);
+                if (pkey_ctrl_string(mac_ctx, macopt) <= 0) {
+                    BIO_printf(bio_err,
+                               "MAC parameter error \"%s\"\n", macopt);
+                    ERR_print_errors(bio_err);
+                    goto mac_end;
+                }
+            }
+        }
+        if (EVP_PKEY_keygen(mac_ctx, &sigkey) <= 0) {
+            BIO_puts(bio_err, "Error generating key\n");
+            ERR_print_errors(bio_err);
+            goto mac_end;
+        }
+        r = 1;
+ mac_end:
+        EVP_PKEY_CTX_free(mac_ctx);
+        if (r == 0)
+            goto end;
+    }
+
+    if (hmac_key != NULL) {
+        sigkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, impl,
+                                              (unsigned char *)hmac_key, -1);
+        if (sigkey == NULL)
+            goto end;
+    }
+
+    if (sigkey != NULL) {
+        EVP_MD_CTX *mctx = NULL;
+        EVP_PKEY_CTX *pctx = NULL;
+        int r;
+        if (!BIO_get_md_ctx(bmd, &mctx)) {
+            BIO_printf(bio_err, "Error getting context\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        if (do_verify)
+            r = EVP_DigestVerifyInit(mctx, &pctx, md, impl, sigkey);
+        else
+            r = EVP_DigestSignInit(mctx, &pctx, md, impl, sigkey);
+        if (!r) {
+            BIO_printf(bio_err, "Error setting context\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        if (sigopts != NULL) {
+            char *sigopt;
+            for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) {
+                sigopt = sk_OPENSSL_STRING_value(sigopts, i);
+                if (pkey_ctrl_string(pctx, sigopt) <= 0) {
+                    BIO_printf(bio_err, "parameter error \"%s\"\n", sigopt);
+                    ERR_print_errors(bio_err);
+                    goto end;
+                }
+            }
+        }
+    }
+    /* we use md as a filter, reading from 'in' */
+    else {
+        EVP_MD_CTX *mctx = NULL;
+        if (!BIO_get_md_ctx(bmd, &mctx)) {
+            BIO_printf(bio_err, "Error getting context\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        if (md == NULL)
+            md = EVP_sha256();
+        if (!EVP_DigestInit_ex(mctx, md, impl)) {
+            BIO_printf(bio_err, "Error setting digest\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (sigfile != NULL && sigkey != NULL) {
+        BIO *sigbio = BIO_new_file(sigfile, "rb");
+        if (sigbio == NULL) {
+            BIO_printf(bio_err, "Error opening signature file %s\n", sigfile);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        siglen = EVP_PKEY_size(sigkey);
+        sigbuf = app_malloc(siglen, "signature buffer");
+        siglen = BIO_read(sigbio, sigbuf, siglen);
+        BIO_free(sigbio);
+        if (siglen <= 0) {
+            BIO_printf(bio_err, "Error reading signature file %s\n", sigfile);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+    inp = BIO_push(bmd, in);
+
+    if (md == NULL) {
+        EVP_MD_CTX *tctx;
+        BIO_get_md_ctx(bmd, &tctx);
+        md = EVP_MD_CTX_md(tctx);
+    }
+
+    if (argc == 0) {
+        BIO_set_fp(in, stdin, BIO_NOCLOSE);
+        ret = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf,
+                    siglen, NULL, NULL, "stdin");
+    } else {
+        const char *md_name = NULL, *sig_name = NULL;
+        if (!out_bin) {
+            if (sigkey != NULL) {
+                const EVP_PKEY_ASN1_METHOD *ameth;
+                ameth = EVP_PKEY_get0_asn1(sigkey);
+                if (ameth)
+                    EVP_PKEY_asn1_get0_info(NULL, NULL,
+                                            NULL, NULL, &sig_name, ameth);
+            }
+            if (md != NULL)
+                md_name = EVP_MD_name(md);
+        }
+        ret = 0;
+        for (i = 0; i < argc; i++) {
+            int r;
+            if (BIO_read_filename(in, argv[i]) <= 0) {
+                perror(argv[i]);
+                ret++;
+                continue;
+            } else {
+                r = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf,
+                          siglen, sig_name, md_name, argv[i]);
+            }
+            if (r)
+                ret = r;
+            (void)BIO_reset(bmd);
+        }
+    }
+ end:
+    OPENSSL_clear_free(buf, BUFSIZE);
+    BIO_free(in);
+    OPENSSL_free(passin);
+    BIO_free_all(out);
+    EVP_PKEY_free(sigkey);
+    sk_OPENSSL_STRING_free(sigopts);
+    sk_OPENSSL_STRING_free(macopts);
+    OPENSSL_free(sigbuf);
+    BIO_free(bmd);
+    release_engine(e);
+    return ret;
+}
+
+int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
+          EVP_PKEY *key, unsigned char *sigin, int siglen,
+          const char *sig_name, const char *md_name,
+          const char *file)
+{
+    size_t len;
+    int i;
+
+    for (;;) {
+        i = BIO_read(bp, (char *)buf, BUFSIZE);
+        if (i < 0) {
+            BIO_printf(bio_err, "Read Error in %s\n", file);
+            ERR_print_errors(bio_err);
+            return 1;
+        }
+        if (i == 0)
+            break;
+    }
+    if (sigin != NULL) {
+        EVP_MD_CTX *ctx;
+        BIO_get_md_ctx(bp, &ctx);
+        i = EVP_DigestVerifyFinal(ctx, sigin, (unsigned int)siglen);
+        if (i > 0) {
+            BIO_printf(out, "Verified OK\n");
+        } else if (i == 0) {
+            BIO_printf(out, "Verification Failure\n");
+            return 1;
+        } else {
+            BIO_printf(bio_err, "Error Verifying Data\n");
+            ERR_print_errors(bio_err);
+            return 1;
+        }
+        return 0;
+    }
+    if (key != NULL) {
+        EVP_MD_CTX *ctx;
+        BIO_get_md_ctx(bp, &ctx);
+        len = BUFSIZE;
+        if (!EVP_DigestSignFinal(ctx, buf, &len)) {
+            BIO_printf(bio_err, "Error Signing Data\n");
+            ERR_print_errors(bio_err);
+            return 1;
+        }
+    } else {
+        len = BIO_gets(bp, (char *)buf, BUFSIZE);
+        if ((int)len < 0) {
+            ERR_print_errors(bio_err);
+            return 1;
+        }
+    }
+
+    if (binout) {
+        BIO_write(out, buf, len);
+    } else if (sep == 2) {
+        for (i = 0; i < (int)len; i++)
+            BIO_printf(out, "%02x", buf[i]);
+        BIO_printf(out, " *%s\n", file);
+    } else {
+        if (sig_name != NULL) {
+            BIO_puts(out, sig_name);
+            if (md_name != NULL)
+                BIO_printf(out, "-%s", md_name);
+            BIO_printf(out, "(%s)= ", file);
+        } else if (md_name != NULL) {
+            BIO_printf(out, "%s(%s)= ", md_name, file);
+        } else {
+            BIO_printf(out, "(%s)= ", file);
+        }
+        for (i = 0; i < (int)len; i++) {
+            if (sep && (i != 0))
+                BIO_printf(out, ":");
+            BIO_printf(out, "%02x", buf[i]);
+        }
+        BIO_printf(out, "\n");
+    }
+    return 0;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/dh1024.pem b/trunk/3rdparty/openssl-1.1-fit/apps/dh1024.pem
new file mode 100644
index 000000000..813e8a4a4
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/dh1024.pem
@@ -0,0 +1,10 @@
+-----BEGIN DH PARAMETERS-----
+MIGHAoGBAP//////////yQ/aoiFowjTExmKLgNwc0SkCTgiKZ8x0Agu+pjsTmyJR
+Sgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP4TVtbVHCReSFtXZiXn7G9ExC6aY37WsL
+/1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJKGZR7OZTgf//////////AgEC
+-----END DH PARAMETERS-----
+
+These are the 1024-bit DH parameters from "Internet Key Exchange
+Protocol Version 2 (IKEv2)": https://tools.ietf.org/html/rfc5996
+
+See https://tools.ietf.org/html/rfc2412 for how they were generated.
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/dh2048.pem b/trunk/3rdparty/openssl-1.1-fit/apps/dh2048.pem
new file mode 100644
index 000000000..288a20997
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/dh2048.pem
@@ -0,0 +1,14 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb
+IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft
+awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT
+mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh
+fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq
+5RXSJhiY+gUQFXKOWoqsqmj//////////wIBAg==
+-----END DH PARAMETERS-----
+
+These are the 2048-bit DH parameters from "More Modular Exponential
+(MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)":
+https://tools.ietf.org/html/rfc3526
+
+See https://tools.ietf.org/html/rfc2412 for how they were generated.
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/dh4096.pem b/trunk/3rdparty/openssl-1.1-fit/apps/dh4096.pem
new file mode 100644
index 000000000..08560e128
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/dh4096.pem
@@ -0,0 +1,19 @@
+-----BEGIN DH PARAMETERS-----
+MIICCAKCAgEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb
+IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft
+awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT
+mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh
+fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq
+5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM
+fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq
+ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqSEI
+ARpyPBKnh+bXiHGaEL26WyaZwycYavTiPBqUaDS2FQvaJYPpyirUTOjbu8LbBN6O
++S6O/BQfvsqmKHxZR05rwF2ZspZPoJDDoiM7oYZRW+ftH2EpcM7i16+4G912IXBI
+HNAGkSfVsFqpk7TqmI2P3cGG/7fckKbAj030Nck0BjGZ//////////8CAQI=
+-----END DH PARAMETERS-----
+
+These are the 4096-bit DH parameters from "More Modular Exponential
+(MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)":
+https://tools.ietf.org/html/rfc3526
+
+See https://tools.ietf.org/html/rfc2412 for how they were generated.
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/dhparam.c b/trunk/3rdparty/openssl-1.1-fit/apps/dhparam.c
new file mode 100644
index 000000000..13f76754d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/dhparam.c
@@ -0,0 +1,379 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_DH
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <stdio.h>
+# include <stdlib.h>
+# include <time.h>
+# include <string.h>
+# include "apps.h"
+# include "progs.h"
+# include <openssl/bio.h>
+# include <openssl/err.h>
+# include <openssl/bn.h>
+# include <openssl/dh.h>
+# include <openssl/x509.h>
+# include <openssl/pem.h>
+
+# ifndef OPENSSL_NO_DSA
+#  include <openssl/dsa.h>
+# endif
+
+# define DEFBITS 2048
+
+static int dh_cb(int p, int n, BN_GENCB *cb);
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT,
+    OPT_ENGINE, OPT_CHECK, OPT_TEXT, OPT_NOOUT,
+    OPT_DSAPARAM, OPT_C, OPT_2, OPT_5,
+    OPT_R_ENUM
+} OPTION_CHOICE;
+
+const OPTIONS dhparam_options[] = {
+    {OPT_HELP_STR, 1, '-', "Usage: %s [flags] [numbits]\n"},
+    {OPT_HELP_STR, 1, '-', "Valid options are:\n"},
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"in", OPT_IN, '<', "Input file"},
+    {"inform", OPT_INFORM, 'F', "Input format, DER or PEM"},
+    {"outform", OPT_OUTFORM, 'F', "Output format, DER or PEM"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"check", OPT_CHECK, '-', "Check the DH parameters"},
+    {"text", OPT_TEXT, '-', "Print a text form of the DH parameters"},
+    {"noout", OPT_NOOUT, '-', "Don't output any DH parameters"},
+    OPT_R_OPTIONS,
+    {"C", OPT_C, '-', "Print C code"},
+    {"2", OPT_2, '-', "Generate parameters using 2 as the generator value"},
+    {"5", OPT_5, '-', "Generate parameters using 5 as the generator value"},
+# ifndef OPENSSL_NO_DSA
+    {"dsaparam", OPT_DSAPARAM, '-',
+     "Read or generate DSA parameters, convert to DH"},
+# endif
+# ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
+# endif
+    {NULL}
+};
+
+int dhparam_main(int argc, char **argv)
+{
+    BIO *in = NULL, *out = NULL;
+    DH *dh = NULL;
+    char *infile = NULL, *outfile = NULL, *prog;
+    ENGINE *e = NULL;
+#ifndef OPENSSL_NO_DSA
+    int dsaparam = 0;
+#endif
+    int i, text = 0, C = 0, ret = 1, num = 0, g = 0;
+    int informat = FORMAT_PEM, outformat = FORMAT_PEM, check = 0, noout = 0;
+    OPTION_CHOICE o;
+
+    prog = opt_init(argc, argv, dhparam_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(dhparam_options);
+            ret = 0;
+            goto end;
+        case OPT_INFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
+                goto opthelp;
+            break;
+        case OPT_OUTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
+                goto opthelp;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_CHECK:
+            check = 1;
+            break;
+        case OPT_TEXT:
+            text = 1;
+            break;
+        case OPT_DSAPARAM:
+#ifndef OPENSSL_NO_DSA
+            dsaparam = 1;
+#endif
+            break;
+        case OPT_C:
+            C = 1;
+            break;
+        case OPT_2:
+            g = 2;
+            break;
+        case OPT_5:
+            g = 5;
+            break;
+        case OPT_NOOUT:
+            noout = 1;
+            break;
+        case OPT_R_CASES:
+            if (!opt_rand(o))
+                goto end;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    argv = opt_rest();
+
+    if (argv[0] != NULL && (!opt_int(argv[0], &num) || num <= 0))
+        goto end;
+
+    if (g && !num)
+        num = DEFBITS;
+
+# ifndef OPENSSL_NO_DSA
+    if (dsaparam && g) {
+        BIO_printf(bio_err,
+                   "generator may not be chosen for DSA parameters\n");
+        goto end;
+    }
+# endif
+
+    out = bio_open_default(outfile, 'w', outformat);
+    if (out == NULL)
+        goto end;
+
+    /* DH parameters */
+    if (num && !g)
+        g = 2;
+
+    if (num) {
+
+        BN_GENCB *cb;
+        cb = BN_GENCB_new();
+        if (cb == NULL) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+
+        BN_GENCB_set(cb, dh_cb, bio_err);
+
+# ifndef OPENSSL_NO_DSA
+        if (dsaparam) {
+            DSA *dsa = DSA_new();
+
+            BIO_printf(bio_err,
+                       "Generating DSA parameters, %d bit long prime\n", num);
+            if (dsa == NULL
+                || !DSA_generate_parameters_ex(dsa, num, NULL, 0, NULL, NULL,
+                                               cb)) {
+                DSA_free(dsa);
+                BN_GENCB_free(cb);
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+
+            dh = DSA_dup_DH(dsa);
+            DSA_free(dsa);
+            if (dh == NULL) {
+                BN_GENCB_free(cb);
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+        } else
+# endif
+        {
+            dh = DH_new();
+            BIO_printf(bio_err,
+                       "Generating DH parameters, %d bit long safe prime, generator %d\n",
+                       num, g);
+            BIO_printf(bio_err, "This is going to take a long time\n");
+            if (dh == NULL || !DH_generate_parameters_ex(dh, num, g, cb)) {
+                BN_GENCB_free(cb);
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+        }
+
+        BN_GENCB_free(cb);
+    } else {
+
+        in = bio_open_default(infile, 'r', informat);
+        if (in == NULL)
+            goto end;
+
+# ifndef OPENSSL_NO_DSA
+        if (dsaparam) {
+            DSA *dsa;
+
+            if (informat == FORMAT_ASN1)
+                dsa = d2i_DSAparams_bio(in, NULL);
+            else                /* informat == FORMAT_PEM */
+                dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL);
+
+            if (dsa == NULL) {
+                BIO_printf(bio_err, "unable to load DSA parameters\n");
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+
+            dh = DSA_dup_DH(dsa);
+            DSA_free(dsa);
+            if (dh == NULL) {
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+        } else
+# endif
+        {
+            if (informat == FORMAT_ASN1) {
+                /*
+                 * We have no PEM header to determine what type of DH params it
+                 * is. We'll just try both.
+                 */
+                dh = d2i_DHparams_bio(in, NULL);
+                /* BIO_reset() returns 0 for success for file BIOs only!!! */
+                if (dh == NULL && BIO_reset(in) == 0)
+                    dh = d2i_DHxparams_bio(in, NULL);
+            } else {
+                /* informat == FORMAT_PEM */
+                dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
+            }
+
+            if (dh == NULL) {
+                BIO_printf(bio_err, "unable to load DH parameters\n");
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+        }
+
+        /* dh != NULL */
+    }
+
+    if (text) {
+        DHparams_print(out, dh);
+    }
+
+    if (check) {
+        if (!DH_check(dh, &i)) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        if (i & DH_CHECK_P_NOT_PRIME)
+            BIO_printf(bio_err, "WARNING: p value is not prime\n");
+        if (i & DH_CHECK_P_NOT_SAFE_PRIME)
+            BIO_printf(bio_err, "WARNING: p value is not a safe prime\n");
+        if (i & DH_CHECK_Q_NOT_PRIME)
+            BIO_printf(bio_err, "WARNING: q value is not a prime\n");
+        if (i & DH_CHECK_INVALID_Q_VALUE)
+            BIO_printf(bio_err, "WARNING: q value is invalid\n");
+        if (i & DH_CHECK_INVALID_J_VALUE)
+            BIO_printf(bio_err, "WARNING: j value is invalid\n");
+        if (i & DH_UNABLE_TO_CHECK_GENERATOR)
+            BIO_printf(bio_err,
+                       "WARNING: unable to check the generator value\n");
+        if (i & DH_NOT_SUITABLE_GENERATOR)
+            BIO_printf(bio_err, "WARNING: the g value is not a generator\n");
+        if (i == 0)
+            BIO_printf(bio_err, "DH parameters appear to be ok.\n");
+        if (num != 0 && i != 0) {
+            /*
+             * We have generated parameters but DH_check() indicates they are
+             * invalid! This should never happen!
+             */
+            BIO_printf(bio_err, "ERROR: Invalid parameters generated\n");
+            goto end;
+        }
+    }
+    if (C) {
+        unsigned char *data;
+        int len, bits;
+        const BIGNUM *pbn, *gbn;
+
+        len = DH_size(dh);
+        bits = DH_bits(dh);
+        DH_get0_pqg(dh, &pbn, NULL, &gbn);
+        data = app_malloc(len, "print a BN");
+
+        BIO_printf(out, "static DH *get_dh%d(void)\n{\n", bits);
+        print_bignum_var(out, pbn, "dhp", bits, data);
+        print_bignum_var(out, gbn, "dhg", bits, data);
+        BIO_printf(out, "    DH *dh = DH_new();\n"
+                        "    BIGNUM *p, *g;\n"
+                        "\n"
+                        "    if (dh == NULL)\n"
+                        "        return NULL;\n");
+        BIO_printf(out, "    p = BN_bin2bn(dhp_%d, sizeof(dhp_%d), NULL);\n",
+                   bits, bits);
+        BIO_printf(out, "    g = BN_bin2bn(dhg_%d, sizeof(dhg_%d), NULL);\n",
+                   bits, bits);
+        BIO_printf(out, "    if (p == NULL || g == NULL\n"
+                        "            || !DH_set0_pqg(dh, p, NULL, g)) {\n"
+                        "        DH_free(dh);\n"
+                        "        BN_free(p);\n"
+                        "        BN_free(g);\n"
+                        "        return NULL;\n"
+                        "    }\n");
+        if (DH_get_length(dh) > 0)
+            BIO_printf(out,
+                        "    if (!DH_set_length(dh, %ld)) {\n"
+                        "        DH_free(dh);\n"
+                        "        return NULL;\n"
+                        "    }\n", DH_get_length(dh));
+        BIO_printf(out, "    return dh;\n}\n");
+        OPENSSL_free(data);
+    }
+
+    if (!noout) {
+        const BIGNUM *q;
+        DH_get0_pqg(dh, NULL, &q, NULL);
+        if (outformat == FORMAT_ASN1) {
+            if (q != NULL)
+                i = i2d_DHxparams_bio(out, dh);
+            else
+                i = i2d_DHparams_bio(out, dh);
+        } else if (q != NULL) {
+            i = PEM_write_bio_DHxparams(out, dh);
+        } else {
+            i = PEM_write_bio_DHparams(out, dh);
+        }
+        if (!i) {
+            BIO_printf(bio_err, "unable to write DH parameters\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+    ret = 0;
+ end:
+    BIO_free(in);
+    BIO_free_all(out);
+    DH_free(dh);
+    release_engine(e);
+    return ret;
+}
+
+static int dh_cb(int p, int n, BN_GENCB *cb)
+{
+    static const char symbols[] = ".+*\n";
+    char c = (p >= 0 && (size_t)p < sizeof(symbols) - 1) ? symbols[p] : '?';
+
+    BIO_write(BN_GENCB_get_arg(cb), &c, 1);
+    (void)BIO_flush(BN_GENCB_get_arg(cb));
+    return 1;
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/dsa-ca.pem b/trunk/3rdparty/openssl-1.1-fit/apps/dsa-ca.pem
new file mode 100644
index 000000000..3ce8dc605
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/dsa-ca.pem
@@ -0,0 +1,47 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBugIBAAKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQ
+PnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtel
+u+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcH
+Me36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLso
+hkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbu
+SXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7Y
+Mu0OArgCgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuHvSLw9YUrJahcBHmbpvt4
+94lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUqAylOVFJJJXuirVJ+o+0T
+tOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u3enxhqnDGQIUB78dhW77
+J6zsFbSEHaQGUmfSeoM=
+-----END DSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE REQUEST-----
+MIICVjCCAhMCAQAwUjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
+ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDELMAkGA1UEAwwCQ0Ew
+ggG2MIIBKwYHKoZIzjgEATCCAR4CgYEApz9uhb9Bail98J9HGTCQmgkd2mozHsU9
+hpazFeBTLo/gWYJzkD51MZlHelL7heTZpns4m2iKhJuHxh61foZLU1tZz3FlGYhu
+zmaua4g2++wo3MLXpbvlLDkmS9qacBiVN5UQViP2Fe26BF7eOU/9t0MftaRlb82A
+EeRwlVtQzUkCFQD3BzHt+mwGA9WFihysnGXnUGZlbwKBgE3fTAOmkYr1GW9QRiWZ
+5WhvMONp4eWzXZi7KIZI/N6ZBD9fiAyccyQNIF25Kpo/GJYn5GKHwXt0YlP8YSeo
+epEJnbbxTZxUD1gG7kl0B85VfiPOFvbK3FphAX7JcbVN9tw0KYdo9l4gk7Pb9eQJ
+bEEXlZLrAbVzpWp+2DLtDgK4A4GEAAKBgBqmWXqKrP1etkWWTYYJVwH4qKHFacfs
+i4e9IvD1hSslqFwEeZum+3j3iUXiALnDdY8z69cmh9u6yTgahAQSxA0wNpqHibj2
+5SoDKU5UUkkle6KtUn6j7RO04UMhMQCX5hllquJc4Pu105I6X1Esw8Lr51ocpL17
+ry7d6fGGqcMZoAAwCwYJYIZIAWUDBAMCAzAAMC0CFCp7rUwGJNtxK6Aqo6k6US+S
+KP8sAhUAyfSi8Zs3QAvkJoFG0IMRaq8M03I=
+-----END CERTIFICATE REQUEST-----
+-----BEGIN CERTIFICATE-----
+MIIDMDCCAuygAwIBAgIBAjALBglghkgBZQMEAwIwUzELMAkGA1UEBhMCQVUxEzAR
+BgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5
+IEx0ZDEMMAoGA1UEAwwDUENBMCAXDTE2MDExMzIxNDE0OVoYDzMwMTUwNTE2MjE0
+MTQ5WjBSMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UE
+CgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQswCQYDVQQDDAJDQTCCAbYwggEr
+BgcqhkjOOAQBMIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMu
+j+BZgnOQPnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb7
+7Cjcwtelu+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DN
+SQIVAPcHMe36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh
+5bNdmLsohkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFN
+nFQPWAbuSXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusB
+tXOlan7YMu0OArgDgYQAAoGAGqZZeoqs/V62RZZNhglXAfioocVpx+yLh70i8PWF
+KyWoXAR5m6b7ePeJReIAucN1jzPr1yaH27rJOBqEBBLEDTA2moeJuPblKgMpTlRS
+SSV7oq1SfqPtE7ThQyExAJfmGWWq4lzg+7XTkjpfUSzDwuvnWhykvXuvLt3p8Yap
+wxmjUDBOMB0GA1UdDgQWBBTMZcORcBEVlqO/CD4pf4V6N1NM1zAfBgNVHSMEGDAW
+gBTGjwJ33uvjSa20RNrMKWoGptOLdDAMBgNVHRMEBTADAQH/MAsGCWCGSAFlAwQD
+AgMxADAuAhUA4V6MrHufG8R79E+AtVO02olPxK8CFQDkZyo/TWpavsUBRDJbCeD9
+jgjIkA==
+-----END CERTIFICATE-----
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/dsa-pca.pem b/trunk/3rdparty/openssl-1.1-fit/apps/dsa-pca.pem
new file mode 100644
index 000000000..a51a06ed1
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/dsa-pca.pem
@@ -0,0 +1,47 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBvAIBAAKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQ
+PnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtel
+u+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcH
+Me36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLso
+hkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbu
+SXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7Y
+Mu0OArgCgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk
+umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A
+29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUCFQDNvrBz
+6TicfImU7UFRn9h00j0lJQ==
+-----END DSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE REQUEST-----
+MIICWDCCAhUCAQAwUzELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
+ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UEAwwDUENB
+MIIBtzCCASsGByqGSM44BAEwggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7F
+PYaWsxXgUy6P4FmCc5A+dTGZR3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmI
+bs5mrmuINvvsKNzC16W75Sw5JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/N
+gBHkcJVbUM1JAhUA9wcx7fpsBgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYl
+meVobzDjaeHls12YuyiGSPzemQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEn
+qHqRCZ228U2cVA9YBu5JdAfOVX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/Xk
+CWxBF5WS6wG1c6Vqftgy7Q4CuAOBhQACgYEApu25HkB1b4gKMIV7aLGNSIknMzYg
+rB7o1kQxeDf34dDVRM9OZ8tkumz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQ
+lNnKvbtlmMDULpqkZJD0bO7A29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgT
+mvTPT2j9TPjq7RWgADALBglghkgBZQMEAwIDMAAwLQIVAPA6/jxCT1D2HgzE4iZR
+AEup/C7YAhRPLTQvQnAiS5FRrA+8SwBLvDAsaw==
+-----END CERTIFICATE REQUEST-----
+-----BEGIN CERTIFICATE-----
+MIIDMDCCAu6gAwIBAgIBATALBglghkgBZQMEAwIwUzELMAkGA1UEBhMCQVUxEzAR
+BgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5
+IEx0ZDEMMAoGA1UEAwwDUENBMCAXDTE2MDExMzIxNDE0OVoYDzMwMTUwNTE2MjE0
+MTQ5WjBTMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UE
+CgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQwwCgYDVQQDDANQQ0EwggG3MIIB
+KwYHKoZIzjgEATCCAR4CgYEApz9uhb9Bail98J9HGTCQmgkd2mozHsU9hpazFeBT
+Lo/gWYJzkD51MZlHelL7heTZpns4m2iKhJuHxh61foZLU1tZz3FlGYhuzmaua4g2
+++wo3MLXpbvlLDkmS9qacBiVN5UQViP2Fe26BF7eOU/9t0MftaRlb82AEeRwlVtQ
+zUkCFQD3BzHt+mwGA9WFihysnGXnUGZlbwKBgE3fTAOmkYr1GW9QRiWZ5WhvMONp
+4eWzXZi7KIZI/N6ZBD9fiAyccyQNIF25Kpo/GJYn5GKHwXt0YlP8YSeoepEJnbbx
+TZxUD1gG7kl0B85VfiPOFvbK3FphAX7JcbVN9tw0KYdo9l4gk7Pb9eQJbEEXlZLr
+AbVzpWp+2DLtDgK4A4GFAAKBgQCm7bkeQHVviAowhXtosY1IiSczNiCsHujWRDF4
+N/fh0NVEz05ny2S6bPq2X6JRw17kSjF2xhXUhdJ12M6LTws4uxmrsBCU2cq9u2WY
+wNQumqRkkPRs7sDb2eKwl8rLVRGoAEvDkOB9w+HVkte2YN9SAm+aOBOa9M9PaP1M
++OrtFaNQME4wHQYDVR0OBBYEFMaPAnfe6+NJrbRE2swpagam04t0MB8GA1UdIwQY
+MBaAFMaPAnfe6+NJrbRE2swpagam04t0MAwGA1UdEwQFMAMBAf8wCwYJYIZIAWUD
+BAMCAy8AMCwCFFhdz4fzQo9BBF20U1CHldYTi/D7AhQydDnDMj21y+U1UhDZJrvh
+lnt88g==
+-----END CERTIFICATE-----
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/dsa.c b/trunk/3rdparty/openssl-1.1-fit/apps/dsa.c
new file mode 100644
index 000000000..6022e64cd
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/dsa.c
@@ -0,0 +1,265 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_DSA
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <stdio.h>
+# include <stdlib.h>
+# include <string.h>
+# include <time.h>
+# include "apps.h"
+# include "progs.h"
+# include <openssl/bio.h>
+# include <openssl/err.h>
+# include <openssl/dsa.h>
+# include <openssl/evp.h>
+# include <openssl/x509.h>
+# include <openssl/pem.h>
+# include <openssl/bn.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_ENGINE,
+    /* Do not change the order here; see case statements below */
+    OPT_PVK_NONE, OPT_PVK_WEAK, OPT_PVK_STRONG,
+    OPT_NOOUT, OPT_TEXT, OPT_MODULUS, OPT_PUBIN,
+    OPT_PUBOUT, OPT_CIPHER, OPT_PASSIN, OPT_PASSOUT
+} OPTION_CHOICE;
+
+const OPTIONS dsa_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"inform", OPT_INFORM, 'f', "Input format, DER PEM PVK"},
+    {"outform", OPT_OUTFORM, 'f', "Output format, DER PEM PVK"},
+    {"in", OPT_IN, 's', "Input key"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"noout", OPT_NOOUT, '-', "Don't print key out"},
+    {"text", OPT_TEXT, '-', "Print the key in text"},
+    {"modulus", OPT_MODULUS, '-', "Print the DSA public value"},
+    {"pubin", OPT_PUBIN, '-', "Expect a public key in input file"},
+    {"pubout", OPT_PUBOUT, '-', "Output public key, not private"},
+    {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+    {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
+    {"", OPT_CIPHER, '-', "Any supported cipher"},
+# ifndef OPENSSL_NO_RC4
+    {"pvk-strong", OPT_PVK_STRONG, '-', "Enable 'Strong' PVK encoding level (default)"},
+    {"pvk-weak", OPT_PVK_WEAK, '-', "Enable 'Weak' PVK encoding level"},
+    {"pvk-none", OPT_PVK_NONE, '-', "Don't enforce PVK encoding"},
+# endif
+# ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
+# endif
+    {NULL}
+};
+
+int dsa_main(int argc, char **argv)
+{
+    BIO *out = NULL;
+    DSA *dsa = NULL;
+    ENGINE *e = NULL;
+    const EVP_CIPHER *enc = NULL;
+    char *infile = NULL, *outfile = NULL, *prog;
+    char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL;
+    OPTION_CHOICE o;
+    int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, noout = 0;
+    int i, modulus = 0, pubin = 0, pubout = 0, ret = 1;
+# ifndef OPENSSL_NO_RC4
+    int pvk_encr = 2;
+# endif
+    int private = 0;
+
+    prog = opt_init(argc, argv, dsa_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            ret = 0;
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(dsa_options);
+            ret = 0;
+            goto end;
+        case OPT_INFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_ANY, &informat))
+                goto opthelp;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_ANY, &outformat))
+                goto opthelp;
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_PASSIN:
+            passinarg = opt_arg();
+            break;
+        case OPT_PASSOUT:
+            passoutarg = opt_arg();
+            break;
+        case OPT_PVK_STRONG:    /* pvk_encr:= 2 */
+        case OPT_PVK_WEAK:      /* pvk_encr:= 1 */
+        case OPT_PVK_NONE:      /* pvk_encr:= 0 */
+#ifndef OPENSSL_NO_RC4
+            pvk_encr = (o - OPT_PVK_NONE);
+#endif
+            break;
+        case OPT_NOOUT:
+            noout = 1;
+            break;
+        case OPT_TEXT:
+            text = 1;
+            break;
+        case OPT_MODULUS:
+            modulus = 1;
+            break;
+        case OPT_PUBIN:
+            pubin = 1;
+            break;
+        case OPT_PUBOUT:
+            pubout = 1;
+            break;
+        case OPT_CIPHER:
+            if (!opt_cipher(opt_unknown(), &enc))
+                goto end;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    private = pubin || pubout ? 0 : 1;
+    if (text && !pubin)
+        private = 1;
+
+    if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
+        BIO_printf(bio_err, "Error getting passwords\n");
+        goto end;
+    }
+
+    BIO_printf(bio_err, "read DSA key\n");
+    {
+        EVP_PKEY *pkey;
+
+        if (pubin)
+            pkey = load_pubkey(infile, informat, 1, passin, e, "Public Key");
+        else
+            pkey = load_key(infile, informat, 1, passin, e, "Private Key");
+
+        if (pkey != NULL) {
+            dsa = EVP_PKEY_get1_DSA(pkey);
+            EVP_PKEY_free(pkey);
+        }
+    }
+    if (dsa == NULL) {
+        BIO_printf(bio_err, "unable to load Key\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    out = bio_open_owner(outfile, outformat, private);
+    if (out == NULL)
+        goto end;
+
+    if (text) {
+        assert(pubin || private);
+        if (!DSA_print(out, dsa, 0)) {
+            perror(outfile);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (modulus) {
+        const BIGNUM *pub_key = NULL;
+        DSA_get0_key(dsa, &pub_key, NULL);
+        BIO_printf(out, "Public Key=");
+        BN_print(out, pub_key);
+        BIO_printf(out, "\n");
+    }
+
+    if (noout) {
+        ret = 0;
+        goto end;
+    }
+    BIO_printf(bio_err, "writing DSA key\n");
+    if (outformat == FORMAT_ASN1) {
+        if (pubin || pubout) {
+            i = i2d_DSA_PUBKEY_bio(out, dsa);
+        } else {
+            assert(private);
+            i = i2d_DSAPrivateKey_bio(out, dsa);
+        }
+    } else if (outformat == FORMAT_PEM) {
+        if (pubin || pubout) {
+            i = PEM_write_bio_DSA_PUBKEY(out, dsa);
+        } else {
+            assert(private);
+            i = PEM_write_bio_DSAPrivateKey(out, dsa, enc,
+                                            NULL, 0, NULL, passout);
+        }
+# ifndef OPENSSL_NO_RSA
+    } else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
+        EVP_PKEY *pk;
+        pk = EVP_PKEY_new();
+        if (pk == NULL)
+           goto end;
+
+        EVP_PKEY_set1_DSA(pk, dsa);
+        if (outformat == FORMAT_PVK) {
+            if (pubin) {
+                BIO_printf(bio_err, "PVK form impossible with public key input\n");
+                EVP_PKEY_free(pk);
+                goto end;
+            }
+            assert(private);
+#  ifdef OPENSSL_NO_RC4
+            BIO_printf(bio_err, "PVK format not supported\n");
+            EVP_PKEY_free(pk);
+            goto end;
+#  else
+            i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout);
+#  endif
+        } else if (pubin || pubout) {
+            i = i2b_PublicKey_bio(out, pk);
+        } else {
+            assert(private);
+            i = i2b_PrivateKey_bio(out, pk);
+        }
+        EVP_PKEY_free(pk);
+# endif
+    } else {
+        BIO_printf(bio_err, "bad output format specified for outfile\n");
+        goto end;
+    }
+    if (i <= 0) {
+        BIO_printf(bio_err, "unable to write private key\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+    ret = 0;
+ end:
+    BIO_free_all(out);
+    DSA_free(dsa);
+    release_engine(e);
+    OPENSSL_free(passin);
+    OPENSSL_free(passout);
+    return ret;
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/dsa1024.pem b/trunk/3rdparty/openssl-1.1-fit/apps/dsa1024.pem
new file mode 100644
index 000000000..082dec389
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/dsa1024.pem
@@ -0,0 +1,9 @@
+-----BEGIN DSA PARAMETERS-----
+MIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQPnUx
+mUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtelu+Us
+OSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcHMe36
+bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLsohkj8
+3pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbuSXQH
+zlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7YMu0O
+Arg=
+-----END DSA PARAMETERS-----
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/dsa512.pem b/trunk/3rdparty/openssl-1.1-fit/apps/dsa512.pem
new file mode 100644
index 000000000..5f86d1a6e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/dsa512.pem
@@ -0,0 +1,6 @@
+-----BEGIN DSA PARAMETERS-----
+MIGdAkEAnRtpjibb8isRcBmG9hnI+BnyGFOURgbQYlAzSwI8UjADizv5X9EkBk97
+TLqqQJv9luQ3M7stWtdaEUBmonZ9MQIVAPtT71C0QJIxVoZTeuiLIppJ+3GPAkEA
+gz6I5cWJc847bAFJv7PHnwrqRJHlMKrZvltftxDXibeOdPvPKR7rqCxUUbgQ3qDO
+L8wka5B33qJoplISogOdIA==
+-----END DSA PARAMETERS-----
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/dsap.pem b/trunk/3rdparty/openssl-1.1-fit/apps/dsap.pem
new file mode 100644
index 000000000..d4dfdb305
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/dsap.pem
@@ -0,0 +1,6 @@
+-----BEGIN DSA PARAMETERS-----
+MIGcAkEA+ZiKEvZmc9MtnaFZh4NiZ3oZS4J1PHvPrm9MXj5ntVheDPkdmBDTncya
+GAJcMjwsyB/GvLDGd6yGCw/8eF+09wIVAK3VagOxGd/Q4Af5NbxR5FB7CXEjAkA2
+t/q7HgVLi0KeKvcDG8BRl3wuy7bCvpjgtWiJc/tpvcuzeuAayH89UofjAGueKjXD
+ADiRffvSdhrNw5dkqdql
+-----END DSA PARAMETERS-----
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/dsaparam.c b/trunk/3rdparty/openssl-1.1-fit/apps/dsaparam.c
new file mode 100644
index 000000000..b227b76a3
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/dsaparam.c
@@ -0,0 +1,258 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_DSA
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <stdio.h>
+# include <stdlib.h>
+# include <time.h>
+# include <string.h>
+# include "apps.h"
+# include "progs.h"
+# include <openssl/bio.h>
+# include <openssl/err.h>
+# include <openssl/bn.h>
+# include <openssl/dsa.h>
+# include <openssl/x509.h>
+# include <openssl/pem.h>
+
+static int dsa_cb(int p, int n, BN_GENCB *cb);
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_TEXT, OPT_C,
+    OPT_NOOUT, OPT_GENKEY, OPT_ENGINE, OPT_R_ENUM
+} OPTION_CHOICE;
+
+const OPTIONS dsaparam_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"inform", OPT_INFORM, 'F', "Input format - DER or PEM"},
+    {"in", OPT_IN, '<', "Input file"},
+    {"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"text", OPT_TEXT, '-', "Print as text"},
+    {"C", OPT_C, '-', "Output C code"},
+    {"noout", OPT_NOOUT, '-', "No output"},
+    {"genkey", OPT_GENKEY, '-', "Generate a DSA key"},
+    OPT_R_OPTIONS,
+# ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
+# endif
+    {NULL}
+};
+
+int dsaparam_main(int argc, char **argv)
+{
+    ENGINE *e = NULL;
+    DSA *dsa = NULL;
+    BIO *in = NULL, *out = NULL;
+    BN_GENCB *cb = NULL;
+    int numbits = -1, num = 0, genkey = 0;
+    int informat = FORMAT_PEM, outformat = FORMAT_PEM, noout = 0, C = 0;
+    int ret = 1, i, text = 0, private = 0;
+    char *infile = NULL, *outfile = NULL, *prog;
+    OPTION_CHOICE o;
+
+    prog = opt_init(argc, argv, dsaparam_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(dsaparam_options);
+            ret = 0;
+            goto end;
+        case OPT_INFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
+                goto opthelp;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
+                goto opthelp;
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_TEXT:
+            text = 1;
+            break;
+        case OPT_C:
+            C = 1;
+            break;
+        case OPT_GENKEY:
+            genkey = 1;
+            break;
+        case OPT_R_CASES:
+            if (!opt_rand(o))
+                goto end;
+            break;
+        case OPT_NOOUT:
+            noout = 1;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    argv = opt_rest();
+
+    if (argc == 1) {
+        if (!opt_int(argv[0], &num) || num < 0)
+            goto end;
+        /* generate a key */
+        numbits = num;
+    }
+    private = genkey ? 1 : 0;
+
+    in = bio_open_default(infile, 'r', informat);
+    if (in == NULL)
+        goto end;
+    out = bio_open_owner(outfile, outformat, private);
+    if (out == NULL)
+        goto end;
+
+    if (numbits > 0) {
+        if (numbits > OPENSSL_DSA_MAX_MODULUS_BITS)
+            BIO_printf(bio_err,
+                       "Warning: It is not recommended to use more than %d bit for DSA keys.\n"
+                       "         Your key size is %d! Larger key size may behave not as expected.\n",
+                       OPENSSL_DSA_MAX_MODULUS_BITS, numbits);
+
+        cb = BN_GENCB_new();
+        if (cb == NULL) {
+            BIO_printf(bio_err, "Error allocating BN_GENCB object\n");
+            goto end;
+        }
+        BN_GENCB_set(cb, dsa_cb, bio_err);
+        dsa = DSA_new();
+        if (dsa == NULL) {
+            BIO_printf(bio_err, "Error allocating DSA object\n");
+            goto end;
+        }
+        BIO_printf(bio_err, "Generating DSA parameters, %d bit long prime\n",
+                   num);
+        BIO_printf(bio_err, "This could take some time\n");
+        if (!DSA_generate_parameters_ex(dsa, num, NULL, 0, NULL, NULL, cb)) {
+            ERR_print_errors(bio_err);
+            BIO_printf(bio_err, "Error, DSA key generation failed\n");
+            goto end;
+        }
+    } else if (informat == FORMAT_ASN1) {
+        dsa = d2i_DSAparams_bio(in, NULL);
+    } else {
+        dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL);
+    }
+    if (dsa == NULL) {
+        BIO_printf(bio_err, "unable to load DSA parameters\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    if (text) {
+        DSAparams_print(out, dsa);
+    }
+
+    if (C) {
+        const BIGNUM *p = NULL, *q = NULL, *g = NULL;
+        unsigned char *data;
+        int len, bits_p;
+
+        DSA_get0_pqg(dsa, &p, &q, &g);
+        len = BN_num_bytes(p);
+        bits_p = BN_num_bits(p);
+
+        data = app_malloc(len + 20, "BN space");
+
+        BIO_printf(bio_out, "static DSA *get_dsa%d(void)\n{\n", bits_p);
+        print_bignum_var(bio_out, p, "dsap", bits_p, data);
+        print_bignum_var(bio_out, q, "dsaq", bits_p, data);
+        print_bignum_var(bio_out, g, "dsag", bits_p, data);
+        BIO_printf(bio_out, "    DSA *dsa = DSA_new();\n"
+                            "    BIGNUM *p, *q, *g;\n"
+                            "\n");
+        BIO_printf(bio_out, "    if (dsa == NULL)\n"
+                            "        return NULL;\n");
+        BIO_printf(bio_out, "    if (!DSA_set0_pqg(dsa, p = BN_bin2bn(dsap_%d, sizeof(dsap_%d), NULL),\n",
+                   bits_p, bits_p);
+        BIO_printf(bio_out, "                           q = BN_bin2bn(dsaq_%d, sizeof(dsaq_%d), NULL),\n",
+                   bits_p, bits_p);
+        BIO_printf(bio_out, "                           g = BN_bin2bn(dsag_%d, sizeof(dsag_%d), NULL))) {\n",
+                   bits_p, bits_p);
+        BIO_printf(bio_out, "        DSA_free(dsa);\n"
+                            "        BN_free(p);\n"
+                            "        BN_free(q);\n"
+                            "        BN_free(g);\n"
+                            "        return NULL;\n"
+                            "    }\n"
+                            "    return dsa;\n}\n");
+        OPENSSL_free(data);
+    }
+
+    if (outformat == FORMAT_ASN1 && genkey)
+        noout = 1;
+
+    if (!noout) {
+        if (outformat == FORMAT_ASN1)
+            i = i2d_DSAparams_bio(out, dsa);
+        else
+            i = PEM_write_bio_DSAparams(out, dsa);
+        if (!i) {
+            BIO_printf(bio_err, "unable to write DSA parameters\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+    if (genkey) {
+        DSA *dsakey;
+
+        if ((dsakey = DSAparams_dup(dsa)) == NULL)
+            goto end;
+        if (!DSA_generate_key(dsakey)) {
+            ERR_print_errors(bio_err);
+            DSA_free(dsakey);
+            goto end;
+        }
+        assert(private);
+        if (outformat == FORMAT_ASN1)
+            i = i2d_DSAPrivateKey_bio(out, dsakey);
+        else
+            i = PEM_write_bio_DSAPrivateKey(out, dsakey, NULL, NULL, 0, NULL,
+                                            NULL);
+        DSA_free(dsakey);
+    }
+    ret = 0;
+ end:
+    BN_GENCB_free(cb);
+    BIO_free(in);
+    BIO_free_all(out);
+    DSA_free(dsa);
+    release_engine(e);
+    return ret;
+}
+
+static int dsa_cb(int p, int n, BN_GENCB *cb)
+{
+    static const char symbols[] = ".+*\n";
+    char c = (p >= 0 && (size_t)p < sizeof(symbols) - 1) ? symbols[p] : '?';
+
+    BIO_write(BN_GENCB_get_arg(cb), &c, 1);
+    (void)BIO_flush(BN_GENCB_get_arg(cb));
+    return 1;
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/ec.c b/trunk/3rdparty/openssl-1.1-fit/apps/ec.c
new file mode 100644
index 000000000..03abb0068
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/ec.c
@@ -0,0 +1,283 @@
+/*
+ * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_EC
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <stdio.h>
+# include <stdlib.h>
+# include <string.h>
+# include "apps.h"
+# include "progs.h"
+# include <openssl/bio.h>
+# include <openssl/err.h>
+# include <openssl/evp.h>
+# include <openssl/pem.h>
+
+static OPT_PAIR conv_forms[] = {
+    {"compressed", POINT_CONVERSION_COMPRESSED},
+    {"uncompressed", POINT_CONVERSION_UNCOMPRESSED},
+    {"hybrid", POINT_CONVERSION_HYBRID},
+    {NULL}
+};
+
+static OPT_PAIR param_enc[] = {
+    {"named_curve", OPENSSL_EC_NAMED_CURVE},
+    {"explicit", 0},
+    {NULL}
+};
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_IN, OPT_OUT,
+    OPT_NOOUT, OPT_TEXT, OPT_PARAM_OUT, OPT_PUBIN, OPT_PUBOUT,
+    OPT_PASSIN, OPT_PASSOUT, OPT_PARAM_ENC, OPT_CONV_FORM, OPT_CIPHER,
+    OPT_NO_PUBLIC, OPT_CHECK
+} OPTION_CHOICE;
+
+const OPTIONS ec_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"in", OPT_IN, 's', "Input file"},
+    {"inform", OPT_INFORM, 'f', "Input format - DER or PEM"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"},
+    {"noout", OPT_NOOUT, '-', "Don't print key out"},
+    {"text", OPT_TEXT, '-', "Print the key"},
+    {"param_out", OPT_PARAM_OUT, '-', "Print the elliptic curve parameters"},
+    {"pubin", OPT_PUBIN, '-', "Expect a public key in input file"},
+    {"pubout", OPT_PUBOUT, '-', "Output public key, not private"},
+    {"no_public", OPT_NO_PUBLIC, '-', "exclude public key from private key"},
+    {"check", OPT_CHECK, '-', "check key consistency"},
+    {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+    {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
+    {"param_enc", OPT_PARAM_ENC, 's',
+     "Specifies the way the ec parameters are encoded"},
+    {"conv_form", OPT_CONV_FORM, 's', "Specifies the point conversion form "},
+    {"", OPT_CIPHER, '-', "Any supported cipher"},
+# ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+# endif
+    {NULL}
+};
+
+int ec_main(int argc, char **argv)
+{
+    BIO *in = NULL, *out = NULL;
+    ENGINE *e = NULL;
+    EC_KEY *eckey = NULL;
+    const EC_GROUP *group;
+    const EVP_CIPHER *enc = NULL;
+    point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
+    char *infile = NULL, *outfile = NULL, *prog;
+    char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL;
+    OPTION_CHOICE o;
+    int asn1_flag = OPENSSL_EC_NAMED_CURVE, new_form = 0, new_asn1_flag = 0;
+    int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, noout = 0;
+    int pubin = 0, pubout = 0, param_out = 0, i, ret = 1, private = 0;
+    int no_public = 0, check = 0;
+
+    prog = opt_init(argc, argv, ec_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(ec_options);
+            ret = 0;
+            goto end;
+        case OPT_INFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_ANY, &informat))
+                goto opthelp;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
+                goto opthelp;
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_NOOUT:
+            noout = 1;
+            break;
+        case OPT_TEXT:
+            text = 1;
+            break;
+        case OPT_PARAM_OUT:
+            param_out = 1;
+            break;
+        case OPT_PUBIN:
+            pubin = 1;
+            break;
+        case OPT_PUBOUT:
+            pubout = 1;
+            break;
+        case OPT_PASSIN:
+            passinarg = opt_arg();
+            break;
+        case OPT_PASSOUT:
+            passoutarg = opt_arg();
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_CIPHER:
+            if (!opt_cipher(opt_unknown(), &enc))
+                goto opthelp;
+            break;
+        case OPT_CONV_FORM:
+            if (!opt_pair(opt_arg(), conv_forms, &i))
+                goto opthelp;
+            new_form = 1;
+            form = i;
+            break;
+        case OPT_PARAM_ENC:
+            if (!opt_pair(opt_arg(), param_enc, &i))
+                goto opthelp;
+            new_asn1_flag = 1;
+            asn1_flag = i;
+            break;
+        case OPT_NO_PUBLIC:
+            no_public = 1;
+            break;
+        case OPT_CHECK:
+            check = 1;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    private = param_out || pubin || pubout ? 0 : 1;
+    if (text && !pubin)
+        private = 1;
+
+    if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
+        BIO_printf(bio_err, "Error getting passwords\n");
+        goto end;
+    }
+
+    if (informat != FORMAT_ENGINE) {
+        in = bio_open_default(infile, 'r', informat);
+        if (in == NULL)
+            goto end;
+    }
+
+    BIO_printf(bio_err, "read EC key\n");
+    if (informat == FORMAT_ASN1) {
+        if (pubin)
+            eckey = d2i_EC_PUBKEY_bio(in, NULL);
+        else
+            eckey = d2i_ECPrivateKey_bio(in, NULL);
+    } else if (informat == FORMAT_ENGINE) {
+        EVP_PKEY *pkey;
+        if (pubin)
+            pkey = load_pubkey(infile, informat, 1, passin, e, "Public Key");
+        else
+            pkey = load_key(infile, informat, 1, passin, e, "Private Key");
+        if (pkey != NULL) {
+            eckey = EVP_PKEY_get1_EC_KEY(pkey);
+            EVP_PKEY_free(pkey);
+        }
+    } else {
+        if (pubin)
+            eckey = PEM_read_bio_EC_PUBKEY(in, NULL, NULL, NULL);
+        else
+            eckey = PEM_read_bio_ECPrivateKey(in, NULL, NULL, passin);
+    }
+    if (eckey == NULL) {
+        BIO_printf(bio_err, "unable to load Key\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    out = bio_open_owner(outfile, outformat, private);
+    if (out == NULL)
+        goto end;
+
+    group = EC_KEY_get0_group(eckey);
+
+    if (new_form)
+        EC_KEY_set_conv_form(eckey, form);
+
+    if (new_asn1_flag)
+        EC_KEY_set_asn1_flag(eckey, asn1_flag);
+
+    if (no_public)
+        EC_KEY_set_enc_flags(eckey, EC_PKEY_NO_PUBKEY);
+
+    if (text) {
+        assert(pubin || private);
+        if (!EC_KEY_print(out, eckey, 0)) {
+            perror(outfile);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (check) {
+        if (EC_KEY_check_key(eckey) == 1) {
+            BIO_printf(bio_err, "EC Key valid.\n");
+        } else {
+            BIO_printf(bio_err, "EC Key Invalid!\n");
+            ERR_print_errors(bio_err);
+        }
+    }
+
+    if (noout) {
+        ret = 0;
+        goto end;
+    }
+
+    BIO_printf(bio_err, "writing EC key\n");
+    if (outformat == FORMAT_ASN1) {
+        if (param_out) {
+            i = i2d_ECPKParameters_bio(out, group);
+        } else if (pubin || pubout) {
+            i = i2d_EC_PUBKEY_bio(out, eckey);
+        } else {
+            assert(private);
+            i = i2d_ECPrivateKey_bio(out, eckey);
+        }
+    } else {
+        if (param_out) {
+            i = PEM_write_bio_ECPKParameters(out, group);
+        } else if (pubin || pubout) {
+            i = PEM_write_bio_EC_PUBKEY(out, eckey);
+        } else {
+            assert(private);
+            i = PEM_write_bio_ECPrivateKey(out, eckey, enc,
+                                           NULL, 0, NULL, passout);
+        }
+    }
+
+    if (!i) {
+        BIO_printf(bio_err, "unable to write private key\n");
+        ERR_print_errors(bio_err);
+    } else {
+        ret = 0;
+    }
+ end:
+    BIO_free(in);
+    BIO_free_all(out);
+    EC_KEY_free(eckey);
+    release_engine(e);
+    OPENSSL_free(passin);
+    OPENSSL_free(passout);
+    return ret;
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/ecparam.c b/trunk/3rdparty/openssl-1.1-fit/apps/ecparam.c
new file mode 100644
index 000000000..917f1a86b
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/ecparam.c
@@ -0,0 +1,450 @@
+/*
+ * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_EC
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <stdio.h>
+# include <stdlib.h>
+# include <time.h>
+# include <string.h>
+# include "apps.h"
+# include "progs.h"
+# include <openssl/bio.h>
+# include <openssl/err.h>
+# include <openssl/bn.h>
+# include <openssl/ec.h>
+# include <openssl/x509.h>
+# include <openssl/pem.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_TEXT, OPT_C,
+    OPT_CHECK, OPT_LIST_CURVES, OPT_NO_SEED, OPT_NOOUT, OPT_NAME,
+    OPT_CONV_FORM, OPT_PARAM_ENC, OPT_GENKEY, OPT_ENGINE,
+    OPT_R_ENUM
+} OPTION_CHOICE;
+
+const OPTIONS ecparam_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"inform", OPT_INFORM, 'F', "Input format - default PEM (DER or PEM)"},
+    {"outform", OPT_OUTFORM, 'F', "Output format - default PEM"},
+    {"in", OPT_IN, '<', "Input file  - default stdin"},
+    {"out", OPT_OUT, '>', "Output file - default stdout"},
+    {"text", OPT_TEXT, '-', "Print the ec parameters in text form"},
+    {"C", OPT_C, '-', "Print a 'C' function creating the parameters"},
+    {"check", OPT_CHECK, '-', "Validate the ec parameters"},
+    {"list_curves", OPT_LIST_CURVES, '-',
+     "Prints a list of all curve 'short names'"},
+    {"no_seed", OPT_NO_SEED, '-',
+     "If 'explicit' parameters are chosen do not use the seed"},
+    {"noout", OPT_NOOUT, '-', "Do not print the ec parameter"},
+    {"name", OPT_NAME, 's',
+     "Use the ec parameters with specified 'short name'"},
+    {"conv_form", OPT_CONV_FORM, 's', "Specifies the point conversion form "},
+    {"param_enc", OPT_PARAM_ENC, 's',
+     "Specifies the way the ec parameters are encoded"},
+    {"genkey", OPT_GENKEY, '-', "Generate ec key"},
+    OPT_R_OPTIONS,
+# ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+# endif
+    {NULL}
+};
+
+static OPT_PAIR forms[] = {
+    {"compressed", POINT_CONVERSION_COMPRESSED},
+    {"uncompressed", POINT_CONVERSION_UNCOMPRESSED},
+    {"hybrid", POINT_CONVERSION_HYBRID},
+    {NULL}
+};
+
+static OPT_PAIR encodings[] = {
+    {"named_curve", OPENSSL_EC_NAMED_CURVE},
+    {"explicit", 0},
+    {NULL}
+};
+
+int ecparam_main(int argc, char **argv)
+{
+    ENGINE *e = NULL;
+    BIGNUM *ec_gen = NULL, *ec_order = NULL, *ec_cofactor = NULL;
+    BIGNUM *ec_p = NULL, *ec_a = NULL, *ec_b = NULL;
+    BIO *in = NULL, *out = NULL;
+    EC_GROUP *group = NULL;
+    point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
+    char *curve_name = NULL;
+    char *infile = NULL, *outfile = NULL, *prog;
+    unsigned char *buffer = NULL;
+    OPTION_CHOICE o;
+    int asn1_flag = OPENSSL_EC_NAMED_CURVE, new_asn1_flag = 0;
+    int informat = FORMAT_PEM, outformat = FORMAT_PEM, noout = 0, C = 0;
+    int ret = 1, private = 0;
+    int list_curves = 0, no_seed = 0, check = 0, new_form = 0;
+    int text = 0, i, genkey = 0;
+
+    prog = opt_init(argc, argv, ecparam_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(ecparam_options);
+            ret = 0;
+            goto end;
+        case OPT_INFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
+                goto opthelp;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
+                goto opthelp;
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_TEXT:
+            text = 1;
+            break;
+        case OPT_C:
+            C = 1;
+            break;
+        case OPT_CHECK:
+            check = 1;
+            break;
+        case OPT_LIST_CURVES:
+            list_curves = 1;
+            break;
+        case OPT_NO_SEED:
+            no_seed = 1;
+            break;
+        case OPT_NOOUT:
+            noout = 1;
+            break;
+        case OPT_NAME:
+            curve_name = opt_arg();
+            break;
+        case OPT_CONV_FORM:
+            if (!opt_pair(opt_arg(), forms, &new_form))
+                goto opthelp;
+            form = new_form;
+            new_form = 1;
+            break;
+        case OPT_PARAM_ENC:
+            if (!opt_pair(opt_arg(), encodings, &asn1_flag))
+                goto opthelp;
+            new_asn1_flag = 1;
+            break;
+        case OPT_GENKEY:
+            genkey = 1;
+            break;
+        case OPT_R_CASES:
+            if (!opt_rand(o))
+                goto end;
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    private = genkey ? 1 : 0;
+
+    in = bio_open_default(infile, 'r', informat);
+    if (in == NULL)
+        goto end;
+    out = bio_open_owner(outfile, outformat, private);
+    if (out == NULL)
+        goto end;
+
+    if (list_curves) {
+        EC_builtin_curve *curves = NULL;
+        size_t crv_len = EC_get_builtin_curves(NULL, 0);
+        size_t n;
+
+        curves = app_malloc((int)sizeof(*curves) * crv_len, "list curves");
+        if (!EC_get_builtin_curves(curves, crv_len)) {
+            OPENSSL_free(curves);
+            goto end;
+        }
+
+        for (n = 0; n < crv_len; n++) {
+            const char *comment;
+            const char *sname;
+            comment = curves[n].comment;
+            sname = OBJ_nid2sn(curves[n].nid);
+            if (comment == NULL)
+                comment = "CURVE DESCRIPTION NOT AVAILABLE";
+            if (sname == NULL)
+                sname = "";
+
+            BIO_printf(out, "  %-10s: ", sname);
+            BIO_printf(out, "%s\n", comment);
+        }
+
+        OPENSSL_free(curves);
+        ret = 0;
+        goto end;
+    }
+
+    if (curve_name != NULL) {
+        int nid;
+
+        /*
+         * workaround for the SECG curve names secp192r1 and secp256r1 (which
+         * are the same as the curves prime192v1 and prime256v1 defined in
+         * X9.62)
+         */
+        if (strcmp(curve_name, "secp192r1") == 0) {
+            BIO_printf(bio_err, "using curve name prime192v1 "
+                       "instead of secp192r1\n");
+            nid = NID_X9_62_prime192v1;
+        } else if (strcmp(curve_name, "secp256r1") == 0) {
+            BIO_printf(bio_err, "using curve name prime256v1 "
+                       "instead of secp256r1\n");
+            nid = NID_X9_62_prime256v1;
+        } else {
+            nid = OBJ_sn2nid(curve_name);
+        }
+
+        if (nid == 0)
+            nid = EC_curve_nist2nid(curve_name);
+
+        if (nid == 0) {
+            BIO_printf(bio_err, "unknown curve name (%s)\n", curve_name);
+            goto end;
+        }
+
+        group = EC_GROUP_new_by_curve_name(nid);
+        if (group == NULL) {
+            BIO_printf(bio_err, "unable to create curve (%s)\n", curve_name);
+            goto end;
+        }
+        EC_GROUP_set_asn1_flag(group, asn1_flag);
+        EC_GROUP_set_point_conversion_form(group, form);
+    } else if (informat == FORMAT_ASN1) {
+        group = d2i_ECPKParameters_bio(in, NULL);
+    } else {
+        group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL);
+    }
+    if (group == NULL) {
+        BIO_printf(bio_err, "unable to load elliptic curve parameters\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    if (new_form)
+        EC_GROUP_set_point_conversion_form(group, form);
+
+    if (new_asn1_flag)
+        EC_GROUP_set_asn1_flag(group, asn1_flag);
+
+    if (no_seed) {
+        EC_GROUP_set_seed(group, NULL, 0);
+    }
+
+    if (text) {
+        if (!ECPKParameters_print(out, group, 0))
+            goto end;
+    }
+
+    if (check) {
+        BIO_printf(bio_err, "checking elliptic curve parameters: ");
+        if (!EC_GROUP_check(group, NULL)) {
+            BIO_printf(bio_err, "failed\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        BIO_printf(bio_err, "ok\n");
+
+    }
+
+    if (C) {
+        size_t buf_len = 0, tmp_len = 0;
+        const EC_POINT *point;
+        int is_prime, len = 0;
+        const EC_METHOD *meth = EC_GROUP_method_of(group);
+
+        if ((ec_p = BN_new()) == NULL
+                || (ec_a = BN_new()) == NULL
+                || (ec_b = BN_new()) == NULL
+                || (ec_gen = BN_new()) == NULL
+                || (ec_order = BN_new()) == NULL
+                || (ec_cofactor = BN_new()) == NULL) {
+            perror("Can't allocate BN");
+            goto end;
+        }
+
+        is_prime = (EC_METHOD_get_field_type(meth) == NID_X9_62_prime_field);
+        if (!is_prime) {
+            BIO_printf(bio_err, "Can only handle X9.62 prime fields\n");
+            goto end;
+        }
+
+        if (!EC_GROUP_get_curve(group, ec_p, ec_a, ec_b, NULL))
+            goto end;
+
+        if ((point = EC_GROUP_get0_generator(group)) == NULL)
+            goto end;
+        if (!EC_POINT_point2bn(group, point,
+                               EC_GROUP_get_point_conversion_form(group),
+                               ec_gen, NULL))
+            goto end;
+        if (!EC_GROUP_get_order(group, ec_order, NULL))
+            goto end;
+        if (!EC_GROUP_get_cofactor(group, ec_cofactor, NULL))
+            goto end;
+
+        if (!ec_p || !ec_a || !ec_b || !ec_gen || !ec_order || !ec_cofactor)
+            goto end;
+
+        len = BN_num_bits(ec_order);
+
+        if ((tmp_len = (size_t)BN_num_bytes(ec_p)) > buf_len)
+            buf_len = tmp_len;
+        if ((tmp_len = (size_t)BN_num_bytes(ec_a)) > buf_len)
+            buf_len = tmp_len;
+        if ((tmp_len = (size_t)BN_num_bytes(ec_b)) > buf_len)
+            buf_len = tmp_len;
+        if ((tmp_len = (size_t)BN_num_bytes(ec_gen)) > buf_len)
+            buf_len = tmp_len;
+        if ((tmp_len = (size_t)BN_num_bytes(ec_order)) > buf_len)
+            buf_len = tmp_len;
+        if ((tmp_len = (size_t)BN_num_bytes(ec_cofactor)) > buf_len)
+            buf_len = tmp_len;
+
+        buffer = app_malloc(buf_len, "BN buffer");
+
+        BIO_printf(out, "EC_GROUP *get_ec_group_%d(void)\n{\n", len);
+        print_bignum_var(out, ec_p, "ec_p", len, buffer);
+        print_bignum_var(out, ec_a, "ec_a", len, buffer);
+        print_bignum_var(out, ec_b, "ec_b", len, buffer);
+        print_bignum_var(out, ec_gen, "ec_gen", len, buffer);
+        print_bignum_var(out, ec_order, "ec_order", len, buffer);
+        print_bignum_var(out, ec_cofactor, "ec_cofactor", len, buffer);
+        BIO_printf(out, "    int ok = 0;\n"
+                        "    EC_GROUP *group = NULL;\n"
+                        "    EC_POINT *point = NULL;\n"
+                        "    BIGNUM *tmp_1 = NULL;\n"
+                        "    BIGNUM *tmp_2 = NULL;\n"
+                        "    BIGNUM *tmp_3 = NULL;\n"
+                        "\n");
+
+        BIO_printf(out, "    if ((tmp_1 = BN_bin2bn(ec_p_%d, sizeof(ec_p_%d), NULL)) == NULL)\n"
+                        "        goto err;\n", len, len);
+        BIO_printf(out, "    if ((tmp_2 = BN_bin2bn(ec_a_%d, sizeof(ec_a_%d), NULL)) == NULL)\n"
+                        "        goto err;\n", len, len);
+        BIO_printf(out, "    if ((tmp_3 = BN_bin2bn(ec_b_%d, sizeof(ec_b_%d), NULL)) == NULL)\n"
+                        "        goto err;\n", len, len);
+        BIO_printf(out, "    if ((group = EC_GROUP_new_curve_GFp(tmp_1, tmp_2, tmp_3, NULL)) == NULL)\n"
+                        "        goto err;\n"
+                        "\n");
+        BIO_printf(out, "    /* build generator */\n");
+        BIO_printf(out, "    if ((tmp_1 = BN_bin2bn(ec_gen_%d, sizeof(ec_gen_%d), tmp_1)) == NULL)\n"
+                        "        goto err;\n", len, len);
+        BIO_printf(out, "    point = EC_POINT_bn2point(group, tmp_1, NULL, NULL);\n");
+        BIO_printf(out, "    if (point == NULL)\n"
+                        "        goto err;\n");
+        BIO_printf(out, "    if ((tmp_2 = BN_bin2bn(ec_order_%d, sizeof(ec_order_%d), tmp_2)) == NULL)\n"
+                        "        goto err;\n", len, len);
+        BIO_printf(out, "    if ((tmp_3 = BN_bin2bn(ec_cofactor_%d, sizeof(ec_cofactor_%d), tmp_3)) == NULL)\n"
+                        "        goto err;\n", len, len);
+        BIO_printf(out, "    if (!EC_GROUP_set_generator(group, point, tmp_2, tmp_3))\n"
+                        "        goto err;\n"
+                        "ok = 1;"
+                        "\n");
+        BIO_printf(out, "err:\n"
+                        "    BN_free(tmp_1);\n"
+                        "    BN_free(tmp_2);\n"
+                        "    BN_free(tmp_3);\n"
+                        "    EC_POINT_free(point);\n"
+                        "    if (!ok) {\n"
+                        "        EC_GROUP_free(group);\n"
+                        "        return NULL;\n"
+                        "    }\n"
+                        "    return (group);\n"
+                        "}\n");
+    }
+
+    if (outformat == FORMAT_ASN1 && genkey)
+        noout = 1;
+
+    if (!noout) {
+        if (outformat == FORMAT_ASN1)
+            i = i2d_ECPKParameters_bio(out, group);
+        else
+            i = PEM_write_bio_ECPKParameters(out, group);
+        if (!i) {
+            BIO_printf(bio_err, "unable to write elliptic "
+                       "curve parameters\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (genkey) {
+        EC_KEY *eckey = EC_KEY_new();
+
+        if (eckey == NULL)
+            goto end;
+
+        if (EC_KEY_set_group(eckey, group) == 0) {
+            BIO_printf(bio_err, "unable to set group when generating key\n");
+            EC_KEY_free(eckey);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+
+        if (new_form)
+            EC_KEY_set_conv_form(eckey, form);
+
+        if (!EC_KEY_generate_key(eckey)) {
+            BIO_printf(bio_err, "unable to generate key\n");
+            EC_KEY_free(eckey);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        assert(private);
+        if (outformat == FORMAT_ASN1)
+            i = i2d_ECPrivateKey_bio(out, eckey);
+        else
+            i = PEM_write_bio_ECPrivateKey(out, eckey, NULL,
+                                           NULL, 0, NULL, NULL);
+        EC_KEY_free(eckey);
+    }
+
+    ret = 0;
+ end:
+    BN_free(ec_p);
+    BN_free(ec_a);
+    BN_free(ec_b);
+    BN_free(ec_gen);
+    BN_free(ec_order);
+    BN_free(ec_cofactor);
+    OPENSSL_free(buffer);
+    EC_GROUP_free(group);
+    release_engine(e);
+    BIO_free(in);
+    BIO_free_all(out);
+    return ret;
+}
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/enc.c b/trunk/3rdparty/openssl-1.1-fit/apps/enc.c
new file mode 100644
index 000000000..8e5a57d3e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/enc.c
@@ -0,0 +1,675 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <limits.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/rand.h>
+#include <openssl/pem.h>
+#ifndef OPENSSL_NO_COMP
+# include <openssl/comp.h>
+#endif
+#include <ctype.h>
+
+#undef SIZE
+#undef BSIZE
+#define SIZE    (512)
+#define BSIZE   (8*1024)
+
+static int set_hex(const char *in, unsigned char *out, int size);
+static void show_ciphers(const OBJ_NAME *name, void *bio_);
+
+struct doall_enc_ciphers {
+    BIO *bio;
+    int n;
+};
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_LIST,
+    OPT_E, OPT_IN, OPT_OUT, OPT_PASS, OPT_ENGINE, OPT_D, OPT_P, OPT_V,
+    OPT_NOPAD, OPT_SALT, OPT_NOSALT, OPT_DEBUG, OPT_UPPER_P, OPT_UPPER_A,
+    OPT_A, OPT_Z, OPT_BUFSIZE, OPT_K, OPT_KFILE, OPT_UPPER_K, OPT_NONE,
+    OPT_UPPER_S, OPT_IV, OPT_MD, OPT_ITER, OPT_PBKDF2, OPT_CIPHER,
+    OPT_R_ENUM
+} OPTION_CHOICE;
+
+const OPTIONS enc_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"ciphers", OPT_LIST, '-', "List ciphers"},
+    {"in", OPT_IN, '<', "Input file"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"pass", OPT_PASS, 's', "Passphrase source"},
+    {"e", OPT_E, '-', "Encrypt"},
+    {"d", OPT_D, '-', "Decrypt"},
+    {"p", OPT_P, '-', "Print the iv/key"},
+    {"P", OPT_UPPER_P, '-', "Print the iv/key and exit"},
+    {"v", OPT_V, '-', "Verbose output"},
+    {"nopad", OPT_NOPAD, '-', "Disable standard block padding"},
+    {"salt", OPT_SALT, '-', "Use salt in the KDF (default)"},
+    {"nosalt", OPT_NOSALT, '-', "Do not use salt in the KDF"},
+    {"debug", OPT_DEBUG, '-', "Print debug info"},
+    {"a", OPT_A, '-', "Base64 encode/decode, depending on encryption flag"},
+    {"base64", OPT_A, '-', "Same as option -a"},
+    {"A", OPT_UPPER_A, '-',
+     "Used with -[base64|a] to specify base64 buffer as a single line"},
+    {"bufsize", OPT_BUFSIZE, 's', "Buffer size"},
+    {"k", OPT_K, 's', "Passphrase"},
+    {"kfile", OPT_KFILE, '<', "Read passphrase from file"},
+    {"K", OPT_UPPER_K, 's', "Raw key, in hex"},
+    {"S", OPT_UPPER_S, 's', "Salt, in hex"},
+    {"iv", OPT_IV, 's', "IV in hex"},
+    {"md", OPT_MD, 's', "Use specified digest to create a key from the passphrase"},
+    {"iter", OPT_ITER, 'p', "Specify the iteration count and force use of PBKDF2"},
+    {"pbkdf2", OPT_PBKDF2, '-', "Use password-based key derivation function 2"},
+    {"none", OPT_NONE, '-', "Don't encrypt"},
+    {"", OPT_CIPHER, '-', "Any supported cipher"},
+    OPT_R_OPTIONS,
+#ifdef ZLIB
+    {"z", OPT_Z, '-', "Use zlib as the 'encryption'"},
+#endif
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+    {NULL}
+};
+
+int enc_main(int argc, char **argv)
+{
+    static char buf[128];
+    static const char magic[] = "Salted__";
+    ENGINE *e = NULL;
+    BIO *in = NULL, *out = NULL, *b64 = NULL, *benc = NULL, *rbio =
+        NULL, *wbio = NULL;
+    EVP_CIPHER_CTX *ctx = NULL;
+    const EVP_CIPHER *cipher = NULL, *c;
+    const EVP_MD *dgst = NULL;
+    char *hkey = NULL, *hiv = NULL, *hsalt = NULL, *p;
+    char *infile = NULL, *outfile = NULL, *prog;
+    char *str = NULL, *passarg = NULL, *pass = NULL, *strbuf = NULL;
+    char mbuf[sizeof(magic) - 1];
+    OPTION_CHOICE o;
+    int bsize = BSIZE, verbose = 0, debug = 0, olb64 = 0, nosalt = 0;
+    int enc = 1, printkey = 0, i, k;
+    int base64 = 0, informat = FORMAT_BINARY, outformat = FORMAT_BINARY;
+    int ret = 1, inl, nopad = 0;
+    unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
+    unsigned char *buff = NULL, salt[PKCS5_SALT_LEN];
+    int pbkdf2 = 0;
+    int iter = 0;
+    long n;
+    struct doall_enc_ciphers dec;
+#ifdef ZLIB
+    int do_zlib = 0;
+    BIO *bzl = NULL;
+#endif
+
+    /* first check the program name */
+    prog = opt_progname(argv[0]);
+    if (strcmp(prog, "base64") == 0) {
+        base64 = 1;
+#ifdef ZLIB
+    } else if (strcmp(prog, "zlib") == 0) {
+        do_zlib = 1;
+#endif
+    } else {
+        cipher = EVP_get_cipherbyname(prog);
+        if (cipher == NULL && strcmp(prog, "enc") != 0) {
+            BIO_printf(bio_err, "%s is not a known cipher\n", prog);
+            goto end;
+        }
+    }
+
+    prog = opt_init(argc, argv, enc_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(enc_options);
+            ret = 0;
+            goto end;
+        case OPT_LIST:
+            BIO_printf(bio_out, "Supported ciphers:\n");
+            dec.bio = bio_out;
+            dec.n = 0;
+            OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
+                                   show_ciphers, &dec);
+            BIO_printf(bio_out, "\n");
+            ret = 0;
+            goto end;
+        case OPT_E:
+            enc = 1;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_PASS:
+            passarg = opt_arg();
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_D:
+            enc = 0;
+            break;
+        case OPT_P:
+            printkey = 1;
+            break;
+        case OPT_V:
+            verbose = 1;
+            break;
+        case OPT_NOPAD:
+            nopad = 1;
+            break;
+        case OPT_SALT:
+            nosalt = 0;
+            break;
+        case OPT_NOSALT:
+            nosalt = 1;
+            break;
+        case OPT_DEBUG:
+            debug = 1;
+            break;
+        case OPT_UPPER_P:
+            printkey = 2;
+            break;
+        case OPT_UPPER_A:
+            olb64 = 1;
+            break;
+        case OPT_A:
+            base64 = 1;
+            break;
+        case OPT_Z:
+#ifdef ZLIB
+            do_zlib = 1;
+#endif
+            break;
+        case OPT_BUFSIZE:
+            p = opt_arg();
+            i = (int)strlen(p) - 1;
+            k = i >= 1 && p[i] == 'k';
+            if (k)
+                p[i] = '\0';
+            if (!opt_long(opt_arg(), &n)
+                    || n < 0 || (k && n >= LONG_MAX / 1024))
+                goto opthelp;
+            if (k)
+                n *= 1024;
+            bsize = (int)n;
+            break;
+        case OPT_K:
+            str = opt_arg();
+            break;
+        case OPT_KFILE:
+            in = bio_open_default(opt_arg(), 'r', FORMAT_TEXT);
+            if (in == NULL)
+                goto opthelp;
+            i = BIO_gets(in, buf, sizeof(buf));
+            BIO_free(in);
+            in = NULL;
+            if (i <= 0) {
+                BIO_printf(bio_err,
+                           "%s Can't read key from %s\n", prog, opt_arg());
+                goto opthelp;
+            }
+            while (--i > 0 && (buf[i] == '\r' || buf[i] == '\n'))
+                buf[i] = '\0';
+            if (i <= 0) {
+                BIO_printf(bio_err, "%s: zero length password\n", prog);
+                goto opthelp;
+            }
+            str = buf;
+            break;
+        case OPT_UPPER_K:
+            hkey = opt_arg();
+            break;
+        case OPT_UPPER_S:
+            hsalt = opt_arg();
+            break;
+        case OPT_IV:
+            hiv = opt_arg();
+            break;
+        case OPT_MD:
+            if (!opt_md(opt_arg(), &dgst))
+                goto opthelp;
+            break;
+        case OPT_CIPHER:
+            if (!opt_cipher(opt_unknown(), &c))
+                goto opthelp;
+            cipher = c;
+            break;
+        case OPT_ITER:
+            if (!opt_int(opt_arg(), &iter))
+                goto opthelp;
+            pbkdf2 = 1;
+            break;
+        case OPT_PBKDF2:
+            pbkdf2 = 1;
+            if (iter == 0)    /* do not overwrite a chosen value */
+                iter = 10000;
+            break;
+        case OPT_NONE:
+            cipher = NULL;
+            break;
+        case OPT_R_CASES:
+            if (!opt_rand(o))
+                goto end;
+            break;
+        }
+    }
+    if (opt_num_rest() != 0) {
+        BIO_printf(bio_err, "Extra arguments given.\n");
+        goto opthelp;
+    }
+
+    if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
+        BIO_printf(bio_err, "%s: AEAD ciphers not supported\n", prog);
+        goto end;
+    }
+
+    if (cipher && (EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE)) {
+        BIO_printf(bio_err, "%s XTS ciphers not supported\n", prog);
+        goto end;
+    }
+
+    if (dgst == NULL)
+        dgst = EVP_sha256();
+
+    if (iter == 0)
+        iter = 1;
+
+    /* It must be large enough for a base64 encoded line */
+    if (base64 && bsize < 80)
+        bsize = 80;
+    if (verbose)
+        BIO_printf(bio_err, "bufsize=%d\n", bsize);
+
+#ifdef ZLIB
+    if (!do_zlib)
+#endif
+        if (base64) {
+            if (enc)
+                outformat = FORMAT_BASE64;
+            else
+                informat = FORMAT_BASE64;
+        }
+
+    strbuf = app_malloc(SIZE, "strbuf");
+    buff = app_malloc(EVP_ENCODE_LENGTH(bsize), "evp buffer");
+
+    if (infile == NULL) {
+        in = dup_bio_in(informat);
+    } else {
+        in = bio_open_default(infile, 'r', informat);
+    }
+    if (in == NULL)
+        goto end;
+
+    if (str == NULL && passarg != NULL) {
+        if (!app_passwd(passarg, NULL, &pass, NULL)) {
+            BIO_printf(bio_err, "Error getting password\n");
+            goto end;
+        }
+        str = pass;
+    }
+
+    if ((str == NULL) && (cipher != NULL) && (hkey == NULL)) {
+        if (1) {
+#ifndef OPENSSL_NO_UI_CONSOLE
+            for (;;) {
+                char prompt[200];
+
+                BIO_snprintf(prompt, sizeof(prompt), "enter %s %s password:",
+                        OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
+                        (enc) ? "encryption" : "decryption");
+                strbuf[0] = '\0';
+                i = EVP_read_pw_string((char *)strbuf, SIZE, prompt, enc);
+                if (i == 0) {
+                    if (strbuf[0] == '\0') {
+                        ret = 1;
+                        goto end;
+                    }
+                    str = strbuf;
+                    break;
+                }
+                if (i < 0) {
+                    BIO_printf(bio_err, "bad password read\n");
+                    goto end;
+                }
+            }
+        } else {
+#endif
+            BIO_printf(bio_err, "password required\n");
+            goto end;
+        }
+    }
+
+    out = bio_open_default(outfile, 'w', outformat);
+    if (out == NULL)
+        goto end;
+
+    if (debug) {
+        BIO_set_callback(in, BIO_debug_callback);
+        BIO_set_callback(out, BIO_debug_callback);
+        BIO_set_callback_arg(in, (char *)bio_err);
+        BIO_set_callback_arg(out, (char *)bio_err);
+    }
+
+    rbio = in;
+    wbio = out;
+
+#ifdef ZLIB
+    if (do_zlib) {
+        if ((bzl = BIO_new(BIO_f_zlib())) == NULL)
+            goto end;
+        if (debug) {
+            BIO_set_callback(bzl, BIO_debug_callback);
+            BIO_set_callback_arg(bzl, (char *)bio_err);
+        }
+        if (enc)
+            wbio = BIO_push(bzl, wbio);
+        else
+            rbio = BIO_push(bzl, rbio);
+    }
+#endif
+
+    if (base64) {
+        if ((b64 = BIO_new(BIO_f_base64())) == NULL)
+            goto end;
+        if (debug) {
+            BIO_set_callback(b64, BIO_debug_callback);
+            BIO_set_callback_arg(b64, (char *)bio_err);
+        }
+        if (olb64)
+            BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
+        if (enc)
+            wbio = BIO_push(b64, wbio);
+        else
+            rbio = BIO_push(b64, rbio);
+    }
+
+    if (cipher != NULL) {
+        /*
+         * Note that str is NULL if a key was passed on the command line, so
+         * we get no salt in that case. Is this a bug?
+         */
+        if (str != NULL) {
+            /*
+             * Salt handling: if encrypting generate a salt and write to
+             * output BIO. If decrypting read salt from input BIO.
+             */
+            unsigned char *sptr;
+            size_t str_len = strlen(str);
+
+            if (nosalt) {
+                sptr = NULL;
+            } else {
+                if (enc) {
+                    if (hsalt) {
+                        if (!set_hex(hsalt, salt, sizeof(salt))) {
+                            BIO_printf(bio_err, "invalid hex salt value\n");
+                            goto end;
+                        }
+                    } else if (RAND_bytes(salt, sizeof(salt)) <= 0) {
+                        goto end;
+                    }
+                    /*
+                     * If -P option then don't bother writing
+                     */
+                    if ((printkey != 2)
+                        && (BIO_write(wbio, magic,
+                                      sizeof(magic) - 1) != sizeof(magic) - 1
+                            || BIO_write(wbio,
+                                         (char *)salt,
+                                         sizeof(salt)) != sizeof(salt))) {
+                        BIO_printf(bio_err, "error writing output file\n");
+                        goto end;
+                    }
+                } else if (BIO_read(rbio, mbuf, sizeof(mbuf)) != sizeof(mbuf)
+                           || BIO_read(rbio,
+                                       (unsigned char *)salt,
+                                       sizeof(salt)) != sizeof(salt)) {
+                    BIO_printf(bio_err, "error reading input file\n");
+                    goto end;
+                } else if (memcmp(mbuf, magic, sizeof(magic) - 1)) {
+                    BIO_printf(bio_err, "bad magic number\n");
+                    goto end;
+                }
+                sptr = salt;
+            }
+
+            if (pbkdf2 == 1) {
+                /*
+                * derive key and default iv
+                * concatenated into a temporary buffer
+                */
+                unsigned char tmpkeyiv[EVP_MAX_KEY_LENGTH + EVP_MAX_IV_LENGTH];
+                int iklen = EVP_CIPHER_key_length(cipher);
+                int ivlen = EVP_CIPHER_iv_length(cipher);
+                /* not needed if HASH_UPDATE() is fixed : */
+                int islen = (sptr != NULL ? sizeof(salt) : 0);
+                if (!PKCS5_PBKDF2_HMAC(str, str_len, sptr, islen,
+                                       iter, dgst, iklen+ivlen, tmpkeyiv)) {
+                    BIO_printf(bio_err, "PKCS5_PBKDF2_HMAC failed\n");
+                    goto end;
+                }
+                /* split and move data back to global buffer */
+                memcpy(key, tmpkeyiv, iklen);
+                memcpy(iv, tmpkeyiv+iklen, ivlen);
+            } else {
+                BIO_printf(bio_err, "*** WARNING : "
+                                    "deprecated key derivation used.\n"
+                                    "Using -iter or -pbkdf2 would be better.\n");
+                if (!EVP_BytesToKey(cipher, dgst, sptr,
+                                    (unsigned char *)str, str_len,
+                                    1, key, iv)) {
+                    BIO_printf(bio_err, "EVP_BytesToKey failed\n");
+                    goto end;
+                }
+            }
+            /*
+             * zero the complete buffer or the string passed from the command
+             * line.
+             */
+            if (str == strbuf)
+                OPENSSL_cleanse(str, SIZE);
+            else
+                OPENSSL_cleanse(str, str_len);
+        }
+        if (hiv != NULL) {
+            int siz = EVP_CIPHER_iv_length(cipher);
+            if (siz == 0) {
+                BIO_printf(bio_err, "warning: iv not use by this cipher\n");
+            } else if (!set_hex(hiv, iv, siz)) {
+                BIO_printf(bio_err, "invalid hex iv value\n");
+                goto end;
+            }
+        }
+        if ((hiv == NULL) && (str == NULL)
+            && EVP_CIPHER_iv_length(cipher) != 0) {
+            /*
+             * No IV was explicitly set and no IV was generated.
+             * Hence the IV is undefined, making correct decryption impossible.
+             */
+            BIO_printf(bio_err, "iv undefined\n");
+            goto end;
+        }
+        if (hkey != NULL) {
+            if (!set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) {
+                BIO_printf(bio_err, "invalid hex key value\n");
+                goto end;
+            }
+            /* wiping secret data as we no longer need it */
+            OPENSSL_cleanse(hkey, strlen(hkey));
+        }
+
+        if ((benc = BIO_new(BIO_f_cipher())) == NULL)
+            goto end;
+
+        /*
+         * Since we may be changing parameters work on the encryption context
+         * rather than calling BIO_set_cipher().
+         */
+
+        BIO_get_cipher_ctx(benc, &ctx);
+
+        if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) {
+            BIO_printf(bio_err, "Error setting cipher %s\n",
+                       EVP_CIPHER_name(cipher));
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+
+        if (nopad)
+            EVP_CIPHER_CTX_set_padding(ctx, 0);
+
+        if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) {
+            BIO_printf(bio_err, "Error setting cipher %s\n",
+                       EVP_CIPHER_name(cipher));
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+
+        if (debug) {
+            BIO_set_callback(benc, BIO_debug_callback);
+            BIO_set_callback_arg(benc, (char *)bio_err);
+        }
+
+        if (printkey) {
+            if (!nosalt) {
+                printf("salt=");
+                for (i = 0; i < (int)sizeof(salt); i++)
+                    printf("%02X", salt[i]);
+                printf("\n");
+            }
+            if (EVP_CIPHER_key_length(cipher) > 0) {
+                printf("key=");
+                for (i = 0; i < EVP_CIPHER_key_length(cipher); i++)
+                    printf("%02X", key[i]);
+                printf("\n");
+            }
+            if (EVP_CIPHER_iv_length(cipher) > 0) {
+                printf("iv =");
+                for (i = 0; i < EVP_CIPHER_iv_length(cipher); i++)
+                    printf("%02X", iv[i]);
+                printf("\n");
+            }
+            if (printkey == 2) {
+                ret = 0;
+                goto end;
+            }
+        }
+    }
+
+    /* Only encrypt/decrypt as we write the file */
+    if (benc != NULL)
+        wbio = BIO_push(benc, wbio);
+
+    for (;;) {
+        inl = BIO_read(rbio, (char *)buff, bsize);
+        if (inl <= 0)
+            break;
+        if (BIO_write(wbio, (char *)buff, inl) != inl) {
+            BIO_printf(bio_err, "error writing output file\n");
+            goto end;
+        }
+    }
+    if (!BIO_flush(wbio)) {
+        BIO_printf(bio_err, "bad decrypt\n");
+        goto end;
+    }
+
+    ret = 0;
+    if (verbose) {
+        BIO_printf(bio_err, "bytes read   : %8ju\n", BIO_number_read(in));
+        BIO_printf(bio_err, "bytes written: %8ju\n", BIO_number_written(out));
+    }
+ end:
+    ERR_print_errors(bio_err);
+    OPENSSL_free(strbuf);
+    OPENSSL_free(buff);
+    BIO_free(in);
+    BIO_free_all(out);
+    BIO_free(benc);
+    BIO_free(b64);
+#ifdef ZLIB
+    BIO_free(bzl);
+#endif
+    release_engine(e);
+    OPENSSL_free(pass);
+    return ret;
+}
+
+static void show_ciphers(const OBJ_NAME *name, void *arg)
+{
+    struct doall_enc_ciphers *dec = (struct doall_enc_ciphers *)arg;
+    const EVP_CIPHER *cipher;
+
+    if (!islower((unsigned char)*name->name))
+        return;
+
+    /* Filter out ciphers that we cannot use */
+    cipher = EVP_get_cipherbyname(name->name);
+    if (cipher == NULL ||
+            (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0 ||
+            EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE)
+        return;
+
+    BIO_printf(dec->bio, "-%-25s", name->name);
+    if (++dec->n == 3) {
+        BIO_printf(dec->bio, "\n");
+        dec->n = 0;
+    } else
+        BIO_printf(dec->bio, " ");
+}
+
+static int set_hex(const char *in, unsigned char *out, int size)
+{
+    int i, n;
+    unsigned char j;
+
+    i = size * 2;
+    n = strlen(in);
+    if (n > i) {
+        BIO_printf(bio_err, "hex string is too long, ignoring excess\n");
+        n = i; /* ignore exceeding part */
+    } else if (n < i) {
+        BIO_printf(bio_err, "hex string is too short, padding with zero bytes to length\n");
+    }
+
+    memset(out, 0, size);
+    for (i = 0; i < n; i++) {
+        j = (unsigned char)*in++;
+        if (!isxdigit(j)) {
+            BIO_printf(bio_err, "non-hex digit\n");
+            return 0;
+        }
+        j = (unsigned char)OPENSSL_hexchar2int(j);
+        if (i & 1)
+            out[i / 2] |= j;
+        else
+            out[i / 2] = (j << 4);
+    }
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/engine.c b/trunk/3rdparty/openssl-1.1-fit/apps/engine.c
new file mode 100644
index 000000000..83f9588a0
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/engine.c
@@ -0,0 +1,489 @@
+/*
+ * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_ENGINE
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include "apps.h"
+# include "progs.h"
+# include <stdio.h>
+# include <stdlib.h>
+# include <string.h>
+# include <openssl/err.h>
+# include <openssl/engine.h>
+# include <openssl/ssl.h>
+# include <openssl/store.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_C, OPT_T, OPT_TT, OPT_PRE, OPT_POST,
+    OPT_V = 100, OPT_VV, OPT_VVV, OPT_VVVV
+} OPTION_CHOICE;
+
+const OPTIONS engine_options[] = {
+    {OPT_HELP_STR, 1, '-', "Usage: %s [options] engine...\n"},
+    {OPT_HELP_STR, 1, '-',
+        "  engine... Engines to load\n"},
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"v", OPT_V, '-', "List 'control commands' For each specified engine"},
+    {"vv", OPT_VV, '-', "Also display each command's description"},
+    {"vvv", OPT_VVV, '-', "Also add the input flags for each command"},
+    {"vvvv", OPT_VVVV, '-', "Also show internal input flags"},
+    {"c", OPT_C, '-', "List the capabilities of specified engine"},
+    {"t", OPT_T, '-', "Check that specified engine is available"},
+    {"tt", OPT_TT, '-', "Display error trace for unavailable engines"},
+    {"pre", OPT_PRE, 's', "Run command against the ENGINE before loading it"},
+    {"post", OPT_POST, 's', "Run command against the ENGINE after loading it"},
+    {OPT_MORE_STR, OPT_EOF, 1,
+     "Commands are like \"SO_PATH:/lib/libdriver.so\""},
+    {NULL}
+};
+
+static int append_buf(char **buf, int *size, const char *s)
+{
+    const int expand = 256;
+    int len = strlen(s) + 1;
+    char *p = *buf;
+
+    if (p == NULL) {
+        *size = ((len + expand - 1) / expand) * expand;
+        p = *buf = app_malloc(*size, "engine buffer");
+    } else {
+        const int blen = strlen(p);
+
+        if (blen > 0)
+            len += 2 + blen;
+
+        if (len > *size) {
+            *size = ((len + expand - 1) / expand) * expand;
+            p = OPENSSL_realloc(p, *size);
+            if (p == NULL) {
+                OPENSSL_free(*buf);
+                *buf = NULL;
+                return 0;
+            }
+            *buf = p;
+        }
+
+        if (blen > 0) {
+            p += blen;
+            *p++ = ',';
+            *p++ = ' ';
+        }
+    }
+
+    strcpy(p, s);
+    return 1;
+}
+
+static int util_flags(BIO *out, unsigned int flags, const char *indent)
+{
+    int started = 0, err = 0;
+    /* Indent before displaying input flags */
+    BIO_printf(out, "%s%s(input flags): ", indent, indent);
+    if (flags == 0) {
+        BIO_printf(out, "<no flags>\n");
+        return 1;
+    }
+    /*
+     * If the object is internal, mark it in a way that shows instead of
+     * having it part of all the other flags, even if it really is.
+     */
+    if (flags & ENGINE_CMD_FLAG_INTERNAL) {
+        BIO_printf(out, "[Internal] ");
+    }
+
+    if (flags & ENGINE_CMD_FLAG_NUMERIC) {
+        BIO_printf(out, "NUMERIC");
+        started = 1;
+    }
+    /*
+     * Now we check that no combinations of the mutually exclusive NUMERIC,
+     * STRING, and NO_INPUT flags have been used. Future flags that can be
+     * OR'd together with these would need to added after these to preserve
+     * the testing logic.
+     */
+    if (flags & ENGINE_CMD_FLAG_STRING) {
+        if (started) {
+            BIO_printf(out, "|");
+            err = 1;
+        }
+        BIO_printf(out, "STRING");
+        started = 1;
+    }
+    if (flags & ENGINE_CMD_FLAG_NO_INPUT) {
+        if (started) {
+            BIO_printf(out, "|");
+            err = 1;
+        }
+        BIO_printf(out, "NO_INPUT");
+        started = 1;
+    }
+    /* Check for unknown flags */
+    flags = flags & ~ENGINE_CMD_FLAG_NUMERIC &
+        ~ENGINE_CMD_FLAG_STRING &
+        ~ENGINE_CMD_FLAG_NO_INPUT & ~ENGINE_CMD_FLAG_INTERNAL;
+    if (flags) {
+        if (started)
+            BIO_printf(out, "|");
+        BIO_printf(out, "<0x%04X>", flags);
+    }
+    if (err)
+        BIO_printf(out, "  <illegal flags!>");
+    BIO_printf(out, "\n");
+    return 1;
+}
+
+static int util_verbose(ENGINE *e, int verbose, BIO *out, const char *indent)
+{
+    static const int line_wrap = 78;
+    int num;
+    int ret = 0;
+    char *name = NULL;
+    char *desc = NULL;
+    int flags;
+    int xpos = 0;
+    STACK_OF(OPENSSL_STRING) *cmds = NULL;
+    if (!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) ||
+        ((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE,
+                            0, NULL, NULL)) <= 0)) {
+        return 1;
+    }
+
+    cmds = sk_OPENSSL_STRING_new_null();
+    if (cmds == NULL)
+        goto err;
+
+    do {
+        int len;
+        /* Get the command input flags */
+        if ((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num,
+                                 NULL, NULL)) < 0)
+            goto err;
+        if (!(flags & ENGINE_CMD_FLAG_INTERNAL) || verbose >= 4) {
+            /* Get the command name */
+            if ((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_LEN_FROM_CMD, num,
+                                   NULL, NULL)) <= 0)
+                goto err;
+            name = app_malloc(len + 1, "name buffer");
+            if (ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_FROM_CMD, num, name,
+                            NULL) <= 0)
+                goto err;
+            /* Get the command description */
+            if ((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_LEN_FROM_CMD, num,
+                                   NULL, NULL)) < 0)
+                goto err;
+            if (len > 0) {
+                desc = app_malloc(len + 1, "description buffer");
+                if (ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_FROM_CMD, num, desc,
+                                NULL) <= 0)
+                    goto err;
+            }
+            /* Now decide on the output */
+            if (xpos == 0)
+                /* Do an indent */
+                xpos = BIO_puts(out, indent);
+            else
+                /* Otherwise prepend a ", " */
+                xpos += BIO_printf(out, ", ");
+            if (verbose == 1) {
+                /*
+                 * We're just listing names, comma-delimited
+                 */
+                if ((xpos > (int)strlen(indent)) &&
+                    (xpos + (int)strlen(name) > line_wrap)) {
+                    BIO_printf(out, "\n");
+                    xpos = BIO_puts(out, indent);
+                }
+                xpos += BIO_printf(out, "%s", name);
+            } else {
+                /* We're listing names plus descriptions */
+                BIO_printf(out, "%s: %s\n", name,
+                           (desc == NULL) ? "<no description>" : desc);
+                /* ... and sometimes input flags */
+                if ((verbose >= 3) && !util_flags(out, flags, indent))
+                    goto err;
+                xpos = 0;
+            }
+        }
+        OPENSSL_free(name);
+        name = NULL;
+        OPENSSL_free(desc);
+        desc = NULL;
+        /* Move to the next command */
+        num = ENGINE_ctrl(e, ENGINE_CTRL_GET_NEXT_CMD_TYPE, num, NULL, NULL);
+    } while (num > 0);
+    if (xpos > 0)
+        BIO_printf(out, "\n");
+    ret = 1;
+ err:
+    sk_OPENSSL_STRING_free(cmds);
+    OPENSSL_free(name);
+    OPENSSL_free(desc);
+    return ret;
+}
+
+static void util_do_cmds(ENGINE *e, STACK_OF(OPENSSL_STRING) *cmds,
+                         BIO *out, const char *indent)
+{
+    int loop, res, num = sk_OPENSSL_STRING_num(cmds);
+
+    if (num < 0) {
+        BIO_printf(out, "[Error]: internal stack error\n");
+        return;
+    }
+    for (loop = 0; loop < num; loop++) {
+        char buf[256];
+        const char *cmd, *arg;
+        cmd = sk_OPENSSL_STRING_value(cmds, loop);
+        res = 1;                /* assume success */
+        /* Check if this command has no ":arg" */
+        if ((arg = strstr(cmd, ":")) == NULL) {
+            if (!ENGINE_ctrl_cmd_string(e, cmd, NULL, 0))
+                res = 0;
+        } else {
+            if ((int)(arg - cmd) > 254) {
+                BIO_printf(out, "[Error]: command name too long\n");
+                return;
+            }
+            memcpy(buf, cmd, (int)(arg - cmd));
+            buf[arg - cmd] = '\0';
+            arg++;              /* Move past the ":" */
+            /* Call the command with the argument */
+            if (!ENGINE_ctrl_cmd_string(e, buf, arg, 0))
+                res = 0;
+        }
+        if (res) {
+            BIO_printf(out, "[Success]: %s\n", cmd);
+        } else {
+            BIO_printf(out, "[Failure]: %s\n", cmd);
+            ERR_print_errors(out);
+        }
+    }
+}
+
+struct util_store_cap_data {
+    ENGINE *engine;
+    char **cap_buf;
+    int *cap_size;
+    int ok;
+};
+static void util_store_cap(const OSSL_STORE_LOADER *loader, void *arg)
+{
+    struct util_store_cap_data *ctx = arg;
+
+    if (OSSL_STORE_LOADER_get0_engine(loader) == ctx->engine) {
+        char buf[256];
+        BIO_snprintf(buf, sizeof(buf), "STORE(%s)",
+                     OSSL_STORE_LOADER_get0_scheme(loader));
+        if (!append_buf(ctx->cap_buf, ctx->cap_size, buf))
+            ctx->ok = 0;
+    }
+}
+
+int engine_main(int argc, char **argv)
+{
+    int ret = 1, i;
+    int verbose = 0, list_cap = 0, test_avail = 0, test_avail_noise = 0;
+    ENGINE *e;
+    STACK_OF(OPENSSL_CSTRING) *engines = sk_OPENSSL_CSTRING_new_null();
+    STACK_OF(OPENSSL_STRING) *pre_cmds = sk_OPENSSL_STRING_new_null();
+    STACK_OF(OPENSSL_STRING) *post_cmds = sk_OPENSSL_STRING_new_null();
+    BIO *out;
+    const char *indent = "     ";
+    OPTION_CHOICE o;
+    char *prog;
+    char *argv1;
+
+    out = dup_bio_out(FORMAT_TEXT);
+    if (engines == NULL || pre_cmds == NULL || post_cmds == NULL)
+        goto end;
+
+    /* Remember the original command name, parse/skip any leading engine
+     * names, and then setup to parse the rest of the line as flags. */
+    prog = argv[0];
+    while ((argv1 = argv[1]) != NULL && *argv1 != '-') {
+        sk_OPENSSL_CSTRING_push(engines, argv1);
+        argc--;
+        argv++;
+    }
+    argv[0] = prog;
+    opt_init(argc, argv, engine_options);
+
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(engine_options);
+            ret = 0;
+            goto end;
+        case OPT_VVVV:
+        case OPT_VVV:
+        case OPT_VV:
+        case OPT_V:
+            /* Convert to an integer from one to four. */
+            i = (int)(o - OPT_V) + 1;
+            if (verbose < i)
+                verbose = i;
+            break;
+        case OPT_C:
+            list_cap = 1;
+            break;
+        case OPT_TT:
+            test_avail_noise++;
+            /* fall thru */
+        case OPT_T:
+            test_avail++;
+            break;
+        case OPT_PRE:
+            sk_OPENSSL_STRING_push(pre_cmds, opt_arg());
+            break;
+        case OPT_POST:
+            sk_OPENSSL_STRING_push(post_cmds, opt_arg());
+            break;
+        }
+    }
+
+    /* Allow any trailing parameters as engine names. */
+    argc = opt_num_rest();
+    argv = opt_rest();
+    for ( ; *argv; argv++) {
+        if (**argv == '-') {
+            BIO_printf(bio_err, "%s: Cannot mix flags and engine names.\n",
+                       prog);
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        }
+        sk_OPENSSL_CSTRING_push(engines, *argv);
+    }
+
+    if (sk_OPENSSL_CSTRING_num(engines) == 0) {
+        for (e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e)) {
+            sk_OPENSSL_CSTRING_push(engines, ENGINE_get_id(e));
+        }
+    }
+
+    ret = 0;
+    for (i = 0; i < sk_OPENSSL_CSTRING_num(engines); i++) {
+        const char *id = sk_OPENSSL_CSTRING_value(engines, i);
+        if ((e = ENGINE_by_id(id)) != NULL) {
+            const char *name = ENGINE_get_name(e);
+            /*
+             * Do "id" first, then "name". Easier to auto-parse.
+             */
+            BIO_printf(out, "(%s) %s\n", id, name);
+            util_do_cmds(e, pre_cmds, out, indent);
+            if (strcmp(ENGINE_get_id(e), id) != 0) {
+                BIO_printf(out, "Loaded: (%s) %s\n",
+                           ENGINE_get_id(e), ENGINE_get_name(e));
+            }
+            if (list_cap) {
+                int cap_size = 256;
+                char *cap_buf = NULL;
+                int k, n;
+                const int *nids;
+                ENGINE_CIPHERS_PTR fn_c;
+                ENGINE_DIGESTS_PTR fn_d;
+                ENGINE_PKEY_METHS_PTR fn_pk;
+
+                if (ENGINE_get_RSA(e) != NULL
+                    && !append_buf(&cap_buf, &cap_size, "RSA"))
+                    goto end;
+                if (ENGINE_get_DSA(e) != NULL
+                    && !append_buf(&cap_buf, &cap_size, "DSA"))
+                    goto end;
+                if (ENGINE_get_DH(e) != NULL
+                    && !append_buf(&cap_buf, &cap_size, "DH"))
+                    goto end;
+                if (ENGINE_get_RAND(e) != NULL
+                    && !append_buf(&cap_buf, &cap_size, "RAND"))
+                    goto end;
+
+                fn_c = ENGINE_get_ciphers(e);
+                if (fn_c == NULL)
+                    goto skip_ciphers;
+                n = fn_c(e, NULL, &nids, 0);
+                for (k = 0; k < n; ++k)
+                    if (!append_buf(&cap_buf, &cap_size, OBJ_nid2sn(nids[k])))
+                        goto end;
+
+ skip_ciphers:
+                fn_d = ENGINE_get_digests(e);
+                if (fn_d == NULL)
+                    goto skip_digests;
+                n = fn_d(e, NULL, &nids, 0);
+                for (k = 0; k < n; ++k)
+                    if (!append_buf(&cap_buf, &cap_size, OBJ_nid2sn(nids[k])))
+                        goto end;
+
+ skip_digests:
+                fn_pk = ENGINE_get_pkey_meths(e);
+                if (fn_pk == NULL)
+                    goto skip_pmeths;
+                n = fn_pk(e, NULL, &nids, 0);
+                for (k = 0; k < n; ++k)
+                    if (!append_buf(&cap_buf, &cap_size, OBJ_nid2sn(nids[k])))
+                        goto end;
+ skip_pmeths:
+                {
+                    struct util_store_cap_data store_ctx;
+
+                    store_ctx.engine = e;
+                    store_ctx.cap_buf = &cap_buf;
+                    store_ctx.cap_size = &cap_size;
+                    store_ctx.ok = 1;
+
+                    OSSL_STORE_do_all_loaders(util_store_cap, &store_ctx);
+                    if (!store_ctx.ok)
+                        goto end;
+                }
+                if (cap_buf != NULL && (*cap_buf != '\0'))
+                    BIO_printf(out, " [%s]\n", cap_buf);
+
+                OPENSSL_free(cap_buf);
+            }
+            if (test_avail) {
+                BIO_printf(out, "%s", indent);
+                if (ENGINE_init(e)) {
+                    BIO_printf(out, "[ available ]\n");
+                    util_do_cmds(e, post_cmds, out, indent);
+                    ENGINE_finish(e);
+                } else {
+                    BIO_printf(out, "[ unavailable ]\n");
+                    if (test_avail_noise)
+                        ERR_print_errors_fp(stdout);
+                    ERR_clear_error();
+                }
+            }
+            if ((verbose > 0) && !util_verbose(e, verbose, out, indent))
+                goto end;
+            ENGINE_free(e);
+        } else {
+            ERR_print_errors(bio_err);
+            /* because exit codes above 127 have special meaning on Unix */
+            if (++ret > 127)
+                ret = 127;
+        }
+    }
+
+ end:
+
+    ERR_print_errors(bio_err);
+    sk_OPENSSL_CSTRING_free(engines);
+    sk_OPENSSL_STRING_free(pre_cmds);
+    sk_OPENSSL_STRING_free(post_cmds);
+    BIO_free_all(out);
+    return ret;
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/errstr.c b/trunk/3rdparty/openssl-1.1-fit/apps/errstr.c
new file mode 100644
index 000000000..3ef01f076
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/errstr.c
@@ -0,0 +1,67 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP
+} OPTION_CHOICE;
+
+const OPTIONS errstr_options[] = {
+    {OPT_HELP_STR, 1, '-', "Usage: %s [options] errnum...\n"},
+    {OPT_HELP_STR, 1, '-', "  errnum  Error number\n"},
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {NULL}
+};
+
+int errstr_main(int argc, char **argv)
+{
+    OPTION_CHOICE o;
+    char buf[256], *prog;
+    int ret = 1;
+    unsigned long l;
+
+    prog = opt_init(argc, argv, errstr_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(errstr_options);
+            ret = 0;
+            goto end;
+        }
+    }
+
+    ret = 0;
+    for (argv = opt_rest(); *argv; argv++) {
+        if (sscanf(*argv, "%lx", &l) == 0) {
+            ret++;
+        } else {
+            /* We're not really an SSL application so this won't auto-init, but
+             * we're still interested in SSL error strings
+             */
+            OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS
+                             | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+            ERR_error_string_n(l, buf, sizeof(buf));
+            BIO_printf(bio_out, "%s\n", buf);
+        }
+    }
+ end:
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/gendsa.c b/trunk/3rdparty/openssl-1.1-fit/apps/gendsa.c
new file mode 100644
index 000000000..401375420
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/gendsa.c
@@ -0,0 +1,146 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_DSA
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <stdio.h>
+# include <string.h>
+# include <sys/types.h>
+# include <sys/stat.h>
+# include "apps.h"
+# include "progs.h"
+# include <openssl/bio.h>
+# include <openssl/err.h>
+# include <openssl/bn.h>
+# include <openssl/dsa.h>
+# include <openssl/x509.h>
+# include <openssl/pem.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_OUT, OPT_PASSOUT, OPT_ENGINE, OPT_CIPHER,
+    OPT_R_ENUM
+} OPTION_CHOICE;
+
+const OPTIONS gendsa_options[] = {
+    {OPT_HELP_STR, 1, '-', "Usage: %s [args] dsaparam-file\n"},
+    {OPT_HELP_STR, 1, '-', "Valid options are:\n"},
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"out", OPT_OUT, '>', "Output the key to the specified file"},
+    {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
+    OPT_R_OPTIONS,
+    {"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},
+# ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+# endif
+    {NULL}
+};
+
+int gendsa_main(int argc, char **argv)
+{
+    ENGINE *e = NULL;
+    BIO *out = NULL, *in = NULL;
+    DSA *dsa = NULL;
+    const EVP_CIPHER *enc = NULL;
+    char *dsaparams = NULL;
+    char *outfile = NULL, *passoutarg = NULL, *passout = NULL, *prog;
+    OPTION_CHOICE o;
+    int ret = 1, private = 0;
+    const BIGNUM *p = NULL;
+
+    prog = opt_init(argc, argv, gendsa_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            ret = 0;
+            opt_help(gendsa_options);
+            goto end;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_PASSOUT:
+            passoutarg = opt_arg();
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_R_CASES:
+            if (!opt_rand(o))
+                goto end;
+            break;
+        case OPT_CIPHER:
+            if (!opt_cipher(opt_unknown(), &enc))
+                goto end;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    argv = opt_rest();
+    private = 1;
+
+    if (argc != 1)
+        goto opthelp;
+    dsaparams = *argv;
+
+    if (!app_passwd(NULL, passoutarg, NULL, &passout)) {
+        BIO_printf(bio_err, "Error getting password\n");
+        goto end;
+    }
+
+    in = bio_open_default(dsaparams, 'r', FORMAT_PEM);
+    if (in == NULL)
+        goto end2;
+
+    if ((dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL)) == NULL) {
+        BIO_printf(bio_err, "unable to load DSA parameter file\n");
+        goto end;
+    }
+    BIO_free(in);
+    in = NULL;
+
+    out = bio_open_owner(outfile, FORMAT_PEM, private);
+    if (out == NULL)
+        goto end2;
+
+    DSA_get0_pqg(dsa, &p, NULL, NULL);
+
+    if (BN_num_bits(p) > OPENSSL_DSA_MAX_MODULUS_BITS)
+        BIO_printf(bio_err,
+                   "Warning: It is not recommended to use more than %d bit for DSA keys.\n"
+                   "         Your key size is %d! Larger key size may behave not as expected.\n",
+                   OPENSSL_DSA_MAX_MODULUS_BITS, BN_num_bits(p));
+
+    BIO_printf(bio_err, "Generating DSA key, %d bits\n", BN_num_bits(p));
+    if (!DSA_generate_key(dsa))
+        goto end;
+
+    assert(private);
+    if (!PEM_write_bio_DSAPrivateKey(out, dsa, enc, NULL, 0, NULL, passout))
+        goto end;
+    ret = 0;
+ end:
+    if (ret != 0)
+        ERR_print_errors(bio_err);
+ end2:
+    BIO_free(in);
+    BIO_free_all(out);
+    DSA_free(dsa);
+    release_engine(e);
+    OPENSSL_free(passout);
+    return ret;
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/genpkey.c b/trunk/3rdparty/openssl-1.1-fit/apps/genpkey.c
new file mode 100644
index 000000000..39fa73c91
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/genpkey.c
@@ -0,0 +1,322 @@
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+
+static int init_keygen_file(EVP_PKEY_CTX **pctx, const char *file, ENGINE *e);
+static int genpkey_cb(EVP_PKEY_CTX *ctx);
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_ENGINE, OPT_OUTFORM, OPT_OUT, OPT_PASS, OPT_PARAMFILE,
+    OPT_ALGORITHM, OPT_PKEYOPT, OPT_GENPARAM, OPT_TEXT, OPT_CIPHER
+} OPTION_CHOICE;
+
+const OPTIONS genpkey_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"outform", OPT_OUTFORM, 'F', "output format (DER or PEM)"},
+    {"pass", OPT_PASS, 's', "Output file pass phrase source"},
+    {"paramfile", OPT_PARAMFILE, '<', "Parameters file"},
+    {"algorithm", OPT_ALGORITHM, 's', "The public key algorithm"},
+    {"pkeyopt", OPT_PKEYOPT, 's',
+     "Set the public key algorithm option as opt:value"},
+    {"genparam", OPT_GENPARAM, '-', "Generate parameters, not key"},
+    {"text", OPT_TEXT, '-', "Print the in text"},
+    {"", OPT_CIPHER, '-', "Cipher to use to encrypt the key"},
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+    /* This is deliberately last. */
+    {OPT_HELP_STR, 1, 1,
+     "Order of options may be important!  See the documentation.\n"},
+    {NULL}
+};
+
+int genpkey_main(int argc, char **argv)
+{
+    BIO *in = NULL, *out = NULL;
+    ENGINE *e = NULL;
+    EVP_PKEY *pkey = NULL;
+    EVP_PKEY_CTX *ctx = NULL;
+    char *outfile = NULL, *passarg = NULL, *pass = NULL, *prog;
+    const EVP_CIPHER *cipher = NULL;
+    OPTION_CHOICE o;
+    int outformat = FORMAT_PEM, text = 0, ret = 1, rv, do_param = 0;
+    int private = 0;
+
+    prog = opt_init(argc, argv, genpkey_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            ret = 0;
+            opt_help(genpkey_options);
+            goto end;
+        case OPT_OUTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
+                goto opthelp;
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_PASS:
+            passarg = opt_arg();
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_PARAMFILE:
+            if (do_param == 1)
+                goto opthelp;
+            if (!init_keygen_file(&ctx, opt_arg(), e))
+                goto end;
+            break;
+        case OPT_ALGORITHM:
+            if (!init_gen_str(&ctx, opt_arg(), e, do_param))
+                goto end;
+            break;
+        case OPT_PKEYOPT:
+            if (ctx == NULL) {
+                BIO_printf(bio_err, "%s: No keytype specified.\n", prog);
+                goto opthelp;
+            }
+            if (pkey_ctrl_string(ctx, opt_arg()) <= 0) {
+                BIO_printf(bio_err,
+                           "%s: Error setting %s parameter:\n",
+                           prog, opt_arg());
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+            break;
+        case OPT_GENPARAM:
+            if (ctx != NULL)
+                goto opthelp;
+            do_param = 1;
+            break;
+        case OPT_TEXT:
+            text = 1;
+            break;
+        case OPT_CIPHER:
+            if (!opt_cipher(opt_unknown(), &cipher)
+                || do_param == 1)
+                goto opthelp;
+            if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE ||
+                EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE ||
+                EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE ||
+                EVP_CIPHER_mode(cipher) == EVP_CIPH_OCB_MODE) {
+                BIO_printf(bio_err, "%s: cipher mode not supported\n", prog);
+                goto end;
+            }
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    private = do_param ? 0 : 1;
+
+    if (ctx == NULL)
+        goto opthelp;
+
+    if (!app_passwd(passarg, NULL, &pass, NULL)) {
+        BIO_puts(bio_err, "Error getting password\n");
+        goto end;
+    }
+
+    out = bio_open_owner(outfile, outformat, private);
+    if (out == NULL)
+        goto end;
+
+    EVP_PKEY_CTX_set_cb(ctx, genpkey_cb);
+    EVP_PKEY_CTX_set_app_data(ctx, bio_err);
+
+    if (do_param) {
+        if (EVP_PKEY_paramgen(ctx, &pkey) <= 0) {
+            BIO_puts(bio_err, "Error generating parameters\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    } else {
+        if (EVP_PKEY_keygen(ctx, &pkey) <= 0) {
+            BIO_puts(bio_err, "Error generating key\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (do_param) {
+        rv = PEM_write_bio_Parameters(out, pkey);
+    } else if (outformat == FORMAT_PEM) {
+        assert(private);
+        rv = PEM_write_bio_PrivateKey(out, pkey, cipher, NULL, 0, NULL, pass);
+    } else if (outformat == FORMAT_ASN1) {
+        assert(private);
+        rv = i2d_PrivateKey_bio(out, pkey);
+    } else {
+        BIO_printf(bio_err, "Bad format specified for key\n");
+        goto end;
+    }
+
+    if (rv <= 0) {
+        BIO_puts(bio_err, "Error writing key\n");
+        ERR_print_errors(bio_err);
+    }
+
+    if (text) {
+        if (do_param)
+            rv = EVP_PKEY_print_params(out, pkey, 0, NULL);
+        else
+            rv = EVP_PKEY_print_private(out, pkey, 0, NULL);
+
+        if (rv <= 0) {
+            BIO_puts(bio_err, "Error printing key\n");
+            ERR_print_errors(bio_err);
+        }
+    }
+
+    ret = 0;
+
+ end:
+    EVP_PKEY_free(pkey);
+    EVP_PKEY_CTX_free(ctx);
+    BIO_free_all(out);
+    BIO_free(in);
+    release_engine(e);
+    OPENSSL_free(pass);
+    return ret;
+}
+
+static int init_keygen_file(EVP_PKEY_CTX **pctx, const char *file, ENGINE *e)
+{
+    BIO *pbio;
+    EVP_PKEY *pkey = NULL;
+    EVP_PKEY_CTX *ctx = NULL;
+    if (*pctx) {
+        BIO_puts(bio_err, "Parameters already set!\n");
+        return 0;
+    }
+
+    pbio = BIO_new_file(file, "r");
+    if (!pbio) {
+        BIO_printf(bio_err, "Can't open parameter file %s\n", file);
+        return 0;
+    }
+
+    pkey = PEM_read_bio_Parameters(pbio, NULL);
+    BIO_free(pbio);
+
+    if (!pkey) {
+        BIO_printf(bio_err, "Error reading parameter file %s\n", file);
+        return 0;
+    }
+
+    ctx = EVP_PKEY_CTX_new(pkey, e);
+    if (ctx == NULL)
+        goto err;
+    if (EVP_PKEY_keygen_init(ctx) <= 0)
+        goto err;
+    EVP_PKEY_free(pkey);
+    *pctx = ctx;
+    return 1;
+
+ err:
+    BIO_puts(bio_err, "Error initializing context\n");
+    ERR_print_errors(bio_err);
+    EVP_PKEY_CTX_free(ctx);
+    EVP_PKEY_free(pkey);
+    return 0;
+
+}
+
+int init_gen_str(EVP_PKEY_CTX **pctx,
+                 const char *algname, ENGINE *e, int do_param)
+{
+    EVP_PKEY_CTX *ctx = NULL;
+    const EVP_PKEY_ASN1_METHOD *ameth;
+    ENGINE *tmpeng = NULL;
+    int pkey_id;
+
+    if (*pctx) {
+        BIO_puts(bio_err, "Algorithm already set!\n");
+        return 0;
+    }
+
+    ameth = EVP_PKEY_asn1_find_str(&tmpeng, algname, -1);
+
+#ifndef OPENSSL_NO_ENGINE
+    if (!ameth && e)
+        ameth = ENGINE_get_pkey_asn1_meth_str(e, algname, -1);
+#endif
+
+    if (!ameth) {
+        BIO_printf(bio_err, "Algorithm %s not found\n", algname);
+        return 0;
+    }
+
+    ERR_clear_error();
+
+    EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth);
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_finish(tmpeng);
+#endif
+    ctx = EVP_PKEY_CTX_new_id(pkey_id, e);
+
+    if (!ctx)
+        goto err;
+    if (do_param) {
+        if (EVP_PKEY_paramgen_init(ctx) <= 0)
+            goto err;
+    } else {
+        if (EVP_PKEY_keygen_init(ctx) <= 0)
+            goto err;
+    }
+
+    *pctx = ctx;
+    return 1;
+
+ err:
+    BIO_printf(bio_err, "Error initializing %s context\n", algname);
+    ERR_print_errors(bio_err);
+    EVP_PKEY_CTX_free(ctx);
+    return 0;
+
+}
+
+static int genpkey_cb(EVP_PKEY_CTX *ctx)
+{
+    char c = '*';
+    BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
+    int p;
+    p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
+    if (p == 0)
+        c = '.';
+    if (p == 1)
+        c = '+';
+    if (p == 2)
+        c = '*';
+    if (p == 3)
+        c = '\n';
+    BIO_write(b, &c, 1);
+    (void)BIO_flush(b);
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/genrsa.c b/trunk/3rdparty/openssl-1.1-fit/apps/genrsa.c
new file mode 100644
index 000000000..c17cd1471
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/genrsa.c
@@ -0,0 +1,201 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_RSA
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <stdio.h>
+# include <string.h>
+# include <sys/types.h>
+# include <sys/stat.h>
+# include "apps.h"
+# include "progs.h"
+# include <openssl/bio.h>
+# include <openssl/err.h>
+# include <openssl/bn.h>
+# include <openssl/rsa.h>
+# include <openssl/evp.h>
+# include <openssl/x509.h>
+# include <openssl/pem.h>
+# include <openssl/rand.h>
+
+# define DEFBITS 2048
+# define DEFPRIMES 2
+
+static int genrsa_cb(int p, int n, BN_GENCB *cb);
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_3, OPT_F4, OPT_ENGINE,
+    OPT_OUT, OPT_PASSOUT, OPT_CIPHER, OPT_PRIMES,
+    OPT_R_ENUM
+} OPTION_CHOICE;
+
+const OPTIONS genrsa_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"3", OPT_3, '-', "Use 3 for the E value"},
+    {"F4", OPT_F4, '-', "Use F4 (0x10001) for the E value"},
+    {"f4", OPT_F4, '-', "Use F4 (0x10001) for the E value"},
+    {"out", OPT_OUT, '>', "Output the key to specified file"},
+    OPT_R_OPTIONS,
+    {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
+    {"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},
+# ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+# endif
+    {"primes", OPT_PRIMES, 'p', "Specify number of primes"},
+    {NULL}
+};
+
+int genrsa_main(int argc, char **argv)
+{
+    BN_GENCB *cb = BN_GENCB_new();
+    PW_CB_DATA cb_data;
+    ENGINE *eng = NULL;
+    BIGNUM *bn = BN_new();
+    BIO *out = NULL;
+    const BIGNUM *e;
+    RSA *rsa = NULL;
+    const EVP_CIPHER *enc = NULL;
+    int ret = 1, num = DEFBITS, private = 0, primes = DEFPRIMES;
+    unsigned long f4 = RSA_F4;
+    char *outfile = NULL, *passoutarg = NULL, *passout = NULL;
+    char *prog, *hexe, *dece;
+    OPTION_CHOICE o;
+
+    if (bn == NULL || cb == NULL)
+        goto end;
+
+    BN_GENCB_set(cb, genrsa_cb, bio_err);
+
+    prog = opt_init(argc, argv, genrsa_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            ret = 0;
+            opt_help(genrsa_options);
+            goto end;
+        case OPT_3:
+            f4 = 3;
+            break;
+        case OPT_F4:
+            f4 = RSA_F4;
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_ENGINE:
+            eng = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_R_CASES:
+            if (!opt_rand(o))
+                goto end;
+            break;
+        case OPT_PASSOUT:
+            passoutarg = opt_arg();
+            break;
+        case OPT_CIPHER:
+            if (!opt_cipher(opt_unknown(), &enc))
+                goto end;
+            break;
+        case OPT_PRIMES:
+            if (!opt_int(opt_arg(), &primes))
+                goto end;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    argv = opt_rest();
+
+    if (argc == 1) {
+        if (!opt_int(argv[0], &num) || num <= 0)
+            goto end;
+        if (num > OPENSSL_RSA_MAX_MODULUS_BITS)
+            BIO_printf(bio_err,
+                       "Warning: It is not recommended to use more than %d bit for RSA keys.\n"
+                       "         Your key size is %d! Larger key size may behave not as expected.\n",
+                       OPENSSL_RSA_MAX_MODULUS_BITS, num);
+    } else if (argc > 0) {
+        BIO_printf(bio_err, "Extra arguments given.\n");
+        goto opthelp;
+    }
+
+    private = 1;
+    if (!app_passwd(NULL, passoutarg, NULL, &passout)) {
+        BIO_printf(bio_err, "Error getting password\n");
+        goto end;
+    }
+
+    out = bio_open_owner(outfile, FORMAT_PEM, private);
+    if (out == NULL)
+        goto end;
+
+    BIO_printf(bio_err, "Generating RSA private key, %d bit long modulus (%d primes)\n",
+               num, primes);
+    rsa = eng ? RSA_new_method(eng) : RSA_new();
+    if (rsa == NULL)
+        goto end;
+
+    if (!BN_set_word(bn, f4)
+        || !RSA_generate_multi_prime_key(rsa, num, primes, bn, cb))
+        goto end;
+
+    RSA_get0_key(rsa, NULL, &e, NULL);
+    hexe = BN_bn2hex(e);
+    dece = BN_bn2dec(e);
+    if (hexe && dece) {
+        BIO_printf(bio_err, "e is %s (0x%s)\n", dece, hexe);
+    }
+    OPENSSL_free(hexe);
+    OPENSSL_free(dece);
+    cb_data.password = passout;
+    cb_data.prompt_info = outfile;
+    assert(private);
+    if (!PEM_write_bio_RSAPrivateKey(out, rsa, enc, NULL, 0,
+                                     (pem_password_cb *)password_callback,
+                                     &cb_data))
+        goto end;
+
+    ret = 0;
+ end:
+    BN_free(bn);
+    BN_GENCB_free(cb);
+    RSA_free(rsa);
+    BIO_free_all(out);
+    release_engine(eng);
+    OPENSSL_free(passout);
+    if (ret != 0)
+        ERR_print_errors(bio_err);
+    return ret;
+}
+
+static int genrsa_cb(int p, int n, BN_GENCB *cb)
+{
+    char c = '*';
+
+    if (p == 0)
+        c = '.';
+    if (p == 1)
+        c = '+';
+    if (p == 2)
+        c = '*';
+    if (p == 3)
+        c = '\n';
+    BIO_write(BN_GENCB_get_arg(cb), &c, 1);
+    (void)BIO_flush(BN_GENCB_get_arg(cb));
+    return 1;
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/nseq.c b/trunk/3rdparty/openssl-1.1-fit/apps/nseq.c
new file mode 100644
index 000000000..a067c9159
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/nseq.c
@@ -0,0 +1,114 @@
+/*
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/pem.h>
+#include <openssl/err.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_TOSEQ, OPT_IN, OPT_OUT
+} OPTION_CHOICE;
+
+const OPTIONS nseq_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"toseq", OPT_TOSEQ, '-', "Output NS Sequence file"},
+    {"in", OPT_IN, '<', "Input file"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {NULL}
+};
+
+int nseq_main(int argc, char **argv)
+{
+    BIO *in = NULL, *out = NULL;
+    X509 *x509 = NULL;
+    NETSCAPE_CERT_SEQUENCE *seq = NULL;
+    OPTION_CHOICE o;
+    int toseq = 0, ret = 1, i;
+    char *infile = NULL, *outfile = NULL, *prog;
+
+    prog = opt_init(argc, argv, nseq_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            ret = 0;
+            opt_help(nseq_options);
+            goto end;
+        case OPT_TOSEQ:
+            toseq = 1;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    in = bio_open_default(infile, 'r', FORMAT_PEM);
+    if (in == NULL)
+        goto end;
+    out = bio_open_default(outfile, 'w', FORMAT_PEM);
+    if (out == NULL)
+        goto end;
+
+    if (toseq) {
+        seq = NETSCAPE_CERT_SEQUENCE_new();
+        if (seq == NULL)
+            goto end;
+        seq->certs = sk_X509_new_null();
+        if (seq->certs == NULL)
+            goto end;
+        while ((x509 = PEM_read_bio_X509(in, NULL, NULL, NULL)))
+            sk_X509_push(seq->certs, x509);
+
+        if (!sk_X509_num(seq->certs)) {
+            BIO_printf(bio_err, "%s: Error reading certs file %s\n",
+                       prog, infile);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        PEM_write_bio_NETSCAPE_CERT_SEQUENCE(out, seq);
+        ret = 0;
+        goto end;
+    }
+
+    seq = PEM_read_bio_NETSCAPE_CERT_SEQUENCE(in, NULL, NULL, NULL);
+    if (seq == NULL) {
+        BIO_printf(bio_err, "%s: Error reading sequence file %s\n",
+                   prog, infile);
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    for (i = 0; i < sk_X509_num(seq->certs); i++) {
+        x509 = sk_X509_value(seq->certs, i);
+        dump_cert_text(out, x509);
+        PEM_write_bio_X509(out, x509);
+    }
+    ret = 0;
+ end:
+    BIO_free(in);
+    BIO_free_all(out);
+    NETSCAPE_CERT_SEQUENCE_free(seq);
+
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/ocsp.c b/trunk/3rdparty/openssl-1.1-fit/apps/ocsp.c
new file mode 100644
index 000000000..e8aeb11cc
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/ocsp.c
@@ -0,0 +1,1621 @@
+/*
+ * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+
+#ifdef OPENSSL_NO_OCSP
+NON_EMPTY_TRANSLATION_UNIT
+#else
+# ifdef OPENSSL_SYS_VMS
+#  define _XOPEN_SOURCE_EXTENDED/* So fd_set and friends get properly defined
+                                 * on OpenVMS */
+# endif
+
+# include <stdio.h>
+# include <stdlib.h>
+# include <string.h>
+# include <time.h>
+# include <ctype.h>
+
+/* Needs to be included before the openssl headers */
+# include "apps.h"
+# include "progs.h"
+# include "internal/sockets.h"
+# include <openssl/e_os2.h>
+# include <openssl/crypto.h>
+# include <openssl/err.h>
+# include <openssl/ssl.h>
+# include <openssl/evp.h>
+# include <openssl/bn.h>
+# include <openssl/x509v3.h>
+# include <openssl/rand.h>
+
+#ifndef HAVE_FORK
+# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS)
+#  define HAVE_FORK 0
+# else
+#  define HAVE_FORK 1
+# endif
+#endif
+
+#if HAVE_FORK
+# undef NO_FORK
+#else
+# define NO_FORK
+#endif
+
+# if !defined(NO_FORK) && !defined(OPENSSL_NO_SOCK) \
+     && !defined(OPENSSL_NO_POSIX_IO)
+#  define OCSP_DAEMON
+#  include <sys/types.h>
+#  include <sys/wait.h>
+#  include <syslog.h>
+#  include <signal.h>
+#  define MAXERRLEN 1000 /* limit error text sent to syslog to 1000 bytes */
+# else
+#  undef LOG_INFO
+#  undef LOG_WARNING
+#  undef LOG_ERR
+#  define LOG_INFO      0
+#  define LOG_WARNING   1
+#  define LOG_ERR       2
+# endif
+
+# if defined(OPENSSL_SYS_VXWORKS)
+/* not supported */
+int setpgid(pid_t pid, pid_t pgid)
+{
+    errno = ENOSYS;
+    return 0;
+}
+/* not supported */
+pid_t fork(void)
+{
+    errno = ENOSYS;
+    return (pid_t) -1;
+}
+# endif
+/* Maximum leeway in validity period: default 5 minutes */
+# define MAX_VALIDITY_PERIOD    (5 * 60)
+
+static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert,
+                         const EVP_MD *cert_id_md, X509 *issuer,
+                         STACK_OF(OCSP_CERTID) *ids);
+static int add_ocsp_serial(OCSP_REQUEST **req, char *serial,
+                           const EVP_MD *cert_id_md, X509 *issuer,
+                           STACK_OF(OCSP_CERTID) *ids);
+static void print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
+                              STACK_OF(OPENSSL_STRING) *names,
+                              STACK_OF(OCSP_CERTID) *ids, long nsec,
+                              long maxage);
+static void make_ocsp_response(BIO *err, OCSP_RESPONSE **resp, OCSP_REQUEST *req,
+                              CA_DB *db, STACK_OF(X509) *ca, X509 *rcert,
+                              EVP_PKEY *rkey, const EVP_MD *md,
+                              STACK_OF(OPENSSL_STRING) *sigopts,
+                              STACK_OF(X509) *rother, unsigned long flags,
+                              int nmin, int ndays, int badsig);
+
+static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser);
+static BIO *init_responder(const char *port);
+static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, int timeout);
+static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp);
+static void log_message(int level, const char *fmt, ...);
+static char *prog;
+static int multi = 0;
+
+# ifdef OCSP_DAEMON
+static int acfd = (int) INVALID_SOCKET;
+static int index_changed(CA_DB *);
+static void spawn_loop(void);
+static int print_syslog(const char *str, size_t len, void *levPtr);
+static void sock_timeout(int signum);
+# endif
+
+# ifndef OPENSSL_NO_SOCK
+static OCSP_RESPONSE *query_responder(BIO *cbio, const char *host,
+                                      const char *path,
+                                      const STACK_OF(CONF_VALUE) *headers,
+                                      OCSP_REQUEST *req, int req_timeout);
+# endif
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_OUTFILE, OPT_TIMEOUT, OPT_URL, OPT_HOST, OPT_PORT,
+    OPT_IGNORE_ERR, OPT_NOVERIFY, OPT_NONCE, OPT_NO_NONCE,
+    OPT_RESP_NO_CERTS, OPT_RESP_KEY_ID, OPT_NO_CERTS,
+    OPT_NO_SIGNATURE_VERIFY, OPT_NO_CERT_VERIFY, OPT_NO_CHAIN,
+    OPT_NO_CERT_CHECKS, OPT_NO_EXPLICIT, OPT_TRUST_OTHER,
+    OPT_NO_INTERN, OPT_BADSIG, OPT_TEXT, OPT_REQ_TEXT, OPT_RESP_TEXT,
+    OPT_REQIN, OPT_RESPIN, OPT_SIGNER, OPT_VAFILE, OPT_SIGN_OTHER,
+    OPT_VERIFY_OTHER, OPT_CAFILE, OPT_CAPATH, OPT_NOCAFILE, OPT_NOCAPATH,
+    OPT_VALIDITY_PERIOD, OPT_STATUS_AGE, OPT_SIGNKEY, OPT_REQOUT,
+    OPT_RESPOUT, OPT_PATH, OPT_ISSUER, OPT_CERT, OPT_SERIAL,
+    OPT_INDEX, OPT_CA, OPT_NMIN, OPT_REQUEST, OPT_NDAYS, OPT_RSIGNER,
+    OPT_RKEY, OPT_ROTHER, OPT_RMD, OPT_RSIGOPT, OPT_HEADER,
+    OPT_V_ENUM,
+    OPT_MD,
+    OPT_MULTI
+} OPTION_CHOICE;
+
+const OPTIONS ocsp_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"out", OPT_OUTFILE, '>', "Output filename"},
+    {"timeout", OPT_TIMEOUT, 'p',
+     "Connection timeout (in seconds) to the OCSP responder"},
+    {"url", OPT_URL, 's', "Responder URL"},
+    {"host", OPT_HOST, 's', "TCP/IP hostname:port to connect to"},
+    {"port", OPT_PORT, 'p', "Port to run responder on"},
+    {"ignore_err", OPT_IGNORE_ERR, '-',
+     "Ignore error on OCSP request or response and continue running"},
+    {"noverify", OPT_NOVERIFY, '-', "Don't verify response at all"},
+    {"nonce", OPT_NONCE, '-', "Add OCSP nonce to request"},
+    {"no_nonce", OPT_NO_NONCE, '-', "Don't add OCSP nonce to request"},
+    {"resp_no_certs", OPT_RESP_NO_CERTS, '-',
+     "Don't include any certificates in response"},
+    {"resp_key_id", OPT_RESP_KEY_ID, '-',
+     "Identify response by signing certificate key ID"},
+# ifdef OCSP_DAEMON
+    {"multi", OPT_MULTI, 'p', "run multiple responder processes"},
+# endif
+    {"no_certs", OPT_NO_CERTS, '-',
+     "Don't include any certificates in signed request"},
+    {"no_signature_verify", OPT_NO_SIGNATURE_VERIFY, '-',
+     "Don't check signature on response"},
+    {"no_cert_verify", OPT_NO_CERT_VERIFY, '-',
+     "Don't check signing certificate"},
+    {"no_chain", OPT_NO_CHAIN, '-', "Don't chain verify response"},
+    {"no_cert_checks", OPT_NO_CERT_CHECKS, '-',
+     "Don't do additional checks on signing certificate"},
+    {"no_explicit", OPT_NO_EXPLICIT, '-',
+     "Do not explicitly check the chain, just verify the root"},
+    {"trust_other", OPT_TRUST_OTHER, '-',
+     "Don't verify additional certificates"},
+    {"no_intern", OPT_NO_INTERN, '-',
+     "Don't search certificates contained in response for signer"},
+    {"badsig", OPT_BADSIG, '-',
+        "Corrupt last byte of loaded OSCP response signature (for test)"},
+    {"text", OPT_TEXT, '-', "Print text form of request and response"},
+    {"req_text", OPT_REQ_TEXT, '-', "Print text form of request"},
+    {"resp_text", OPT_RESP_TEXT, '-', "Print text form of response"},
+    {"reqin", OPT_REQIN, 's', "File with the DER-encoded request"},
+    {"respin", OPT_RESPIN, 's', "File with the DER-encoded response"},
+    {"signer", OPT_SIGNER, '<', "Certificate to sign OCSP request with"},
+    {"VAfile", OPT_VAFILE, '<', "Validator certificates file"},
+    {"sign_other", OPT_SIGN_OTHER, '<',
+     "Additional certificates to include in signed request"},
+    {"verify_other", OPT_VERIFY_OTHER, '<',
+     "Additional certificates to search for signer"},
+    {"CAfile", OPT_CAFILE, '<', "Trusted certificates file"},
+    {"CApath", OPT_CAPATH, '<', "Trusted certificates directory"},
+    {"no-CAfile", OPT_NOCAFILE, '-',
+     "Do not load the default certificates file"},
+    {"no-CApath", OPT_NOCAPATH, '-',
+     "Do not load certificates from the default certificates directory"},
+    {"validity_period", OPT_VALIDITY_PERIOD, 'u',
+     "Maximum validity discrepancy in seconds"},
+    {"status_age", OPT_STATUS_AGE, 'p', "Maximum status age in seconds"},
+    {"signkey", OPT_SIGNKEY, 's', "Private key to sign OCSP request with"},
+    {"reqout", OPT_REQOUT, 's', "Output file for the DER-encoded request"},
+    {"respout", OPT_RESPOUT, 's', "Output file for the DER-encoded response"},
+    {"path", OPT_PATH, 's', "Path to use in OCSP request"},
+    {"issuer", OPT_ISSUER, '<', "Issuer certificate"},
+    {"cert", OPT_CERT, '<', "Certificate to check"},
+    {"serial", OPT_SERIAL, 's', "Serial number to check"},
+    {"index", OPT_INDEX, '<', "Certificate status index file"},
+    {"CA", OPT_CA, '<', "CA certificate"},
+    {"nmin", OPT_NMIN, 'p', "Number of minutes before next update"},
+    {"nrequest", OPT_REQUEST, 'p',
+     "Number of requests to accept (default unlimited)"},
+    {"ndays", OPT_NDAYS, 'p', "Number of days before next update"},
+    {"rsigner", OPT_RSIGNER, '<',
+     "Responder certificate to sign responses with"},
+    {"rkey", OPT_RKEY, '<', "Responder key to sign responses with"},
+    {"rother", OPT_ROTHER, '<', "Other certificates to include in response"},
+    {"rmd", OPT_RMD, 's', "Digest Algorithm to use in signature of OCSP response"},
+    {"rsigopt", OPT_RSIGOPT, 's', "OCSP response signature parameter in n:v form"},
+    {"header", OPT_HEADER, 's', "key=value header to add"},
+    {"", OPT_MD, '-', "Any supported digest algorithm (sha1,sha256, ... )"},
+    OPT_V_OPTIONS,
+    {NULL}
+};
+
+int ocsp_main(int argc, char **argv)
+{
+    BIO *acbio = NULL, *cbio = NULL, *derbio = NULL, *out = NULL;
+    const EVP_MD *cert_id_md = NULL, *rsign_md = NULL;
+    STACK_OF(OPENSSL_STRING) *rsign_sigopts = NULL;
+    int trailing_md = 0;
+    CA_DB *rdb = NULL;
+    EVP_PKEY *key = NULL, *rkey = NULL;
+    OCSP_BASICRESP *bs = NULL;
+    OCSP_REQUEST *req = NULL;
+    OCSP_RESPONSE *resp = NULL;
+    STACK_OF(CONF_VALUE) *headers = NULL;
+    STACK_OF(OCSP_CERTID) *ids = NULL;
+    STACK_OF(OPENSSL_STRING) *reqnames = NULL;
+    STACK_OF(X509) *sign_other = NULL, *verify_other = NULL, *rother = NULL;
+    STACK_OF(X509) *issuers = NULL;
+    X509 *issuer = NULL, *cert = NULL;
+    STACK_OF(X509) *rca_cert = NULL;
+    X509 *signer = NULL, *rsigner = NULL;
+    X509_STORE *store = NULL;
+    X509_VERIFY_PARAM *vpm = NULL;
+    const char *CAfile = NULL, *CApath = NULL;
+    char *header, *value;
+    char *host = NULL, *port = NULL, *path = "/", *outfile = NULL;
+    char *rca_filename = NULL, *reqin = NULL, *respin = NULL;
+    char *reqout = NULL, *respout = NULL, *ridx_filename = NULL;
+    char *rsignfile = NULL, *rkeyfile = NULL;
+    char *sign_certfile = NULL, *verify_certfile = NULL, *rcertfile = NULL;
+    char *signfile = NULL, *keyfile = NULL;
+    char *thost = NULL, *tport = NULL, *tpath = NULL;
+    int noCAfile = 0, noCApath = 0;
+    int accept_count = -1, add_nonce = 1, noverify = 0, use_ssl = -1;
+    int vpmtouched = 0, badsig = 0, i, ignore_err = 0, nmin = 0, ndays = -1;
+    int req_text = 0, resp_text = 0, ret = 1;
+    int req_timeout = -1;
+    long nsec = MAX_VALIDITY_PERIOD, maxage = -1;
+    unsigned long sign_flags = 0, verify_flags = 0, rflags = 0;
+    OPTION_CHOICE o;
+
+    reqnames = sk_OPENSSL_STRING_new_null();
+    if (reqnames == NULL)
+        goto end;
+    ids = sk_OCSP_CERTID_new_null();
+    if (ids == NULL)
+        goto end;
+    if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
+        return 1;
+
+    prog = opt_init(argc, argv, ocsp_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            ret = 0;
+            opt_help(ocsp_options);
+            goto end;
+        case OPT_OUTFILE:
+            outfile = opt_arg();
+            break;
+        case OPT_TIMEOUT:
+#ifndef OPENSSL_NO_SOCK
+            req_timeout = atoi(opt_arg());
+#endif
+            break;
+        case OPT_URL:
+            OPENSSL_free(thost);
+            OPENSSL_free(tport);
+            OPENSSL_free(tpath);
+            thost = tport = tpath = NULL;
+            if (!OCSP_parse_url(opt_arg(), &host, &port, &path, &use_ssl)) {
+                BIO_printf(bio_err, "%s Error parsing URL\n", prog);
+                goto end;
+            }
+            thost = host;
+            tport = port;
+            tpath = path;
+            break;
+        case OPT_HOST:
+            host = opt_arg();
+            break;
+        case OPT_PORT:
+            port = opt_arg();
+            break;
+        case OPT_IGNORE_ERR:
+            ignore_err = 1;
+            break;
+        case OPT_NOVERIFY:
+            noverify = 1;
+            break;
+        case OPT_NONCE:
+            add_nonce = 2;
+            break;
+        case OPT_NO_NONCE:
+            add_nonce = 0;
+            break;
+        case OPT_RESP_NO_CERTS:
+            rflags |= OCSP_NOCERTS;
+            break;
+        case OPT_RESP_KEY_ID:
+            rflags |= OCSP_RESPID_KEY;
+            break;
+        case OPT_NO_CERTS:
+            sign_flags |= OCSP_NOCERTS;
+            break;
+        case OPT_NO_SIGNATURE_VERIFY:
+            verify_flags |= OCSP_NOSIGS;
+            break;
+        case OPT_NO_CERT_VERIFY:
+            verify_flags |= OCSP_NOVERIFY;
+            break;
+        case OPT_NO_CHAIN:
+            verify_flags |= OCSP_NOCHAIN;
+            break;
+        case OPT_NO_CERT_CHECKS:
+            verify_flags |= OCSP_NOCHECKS;
+            break;
+        case OPT_NO_EXPLICIT:
+            verify_flags |= OCSP_NOEXPLICIT;
+            break;
+        case OPT_TRUST_OTHER:
+            verify_flags |= OCSP_TRUSTOTHER;
+            break;
+        case OPT_NO_INTERN:
+            verify_flags |= OCSP_NOINTERN;
+            break;
+        case OPT_BADSIG:
+            badsig = 1;
+            break;
+        case OPT_TEXT:
+            req_text = resp_text = 1;
+            break;
+        case OPT_REQ_TEXT:
+            req_text = 1;
+            break;
+        case OPT_RESP_TEXT:
+            resp_text = 1;
+            break;
+        case OPT_REQIN:
+            reqin = opt_arg();
+            break;
+        case OPT_RESPIN:
+            respin = opt_arg();
+            break;
+        case OPT_SIGNER:
+            signfile = opt_arg();
+            break;
+        case OPT_VAFILE:
+            verify_certfile = opt_arg();
+            verify_flags |= OCSP_TRUSTOTHER;
+            break;
+        case OPT_SIGN_OTHER:
+            sign_certfile = opt_arg();
+            break;
+        case OPT_VERIFY_OTHER:
+            verify_certfile = opt_arg();
+            break;
+        case OPT_CAFILE:
+            CAfile = opt_arg();
+            break;
+        case OPT_CAPATH:
+            CApath = opt_arg();
+            break;
+        case OPT_NOCAFILE:
+            noCAfile = 1;
+            break;
+        case OPT_NOCAPATH:
+            noCApath = 1;
+            break;
+        case OPT_V_CASES:
+            if (!opt_verify(o, vpm))
+                goto end;
+            vpmtouched++;
+            break;
+        case OPT_VALIDITY_PERIOD:
+            opt_long(opt_arg(), &nsec);
+            break;
+        case OPT_STATUS_AGE:
+            opt_long(opt_arg(), &maxage);
+            break;
+        case OPT_SIGNKEY:
+            keyfile = opt_arg();
+            break;
+        case OPT_REQOUT:
+            reqout = opt_arg();
+            break;
+        case OPT_RESPOUT:
+            respout = opt_arg();
+            break;
+        case OPT_PATH:
+            path = opt_arg();
+            break;
+        case OPT_ISSUER:
+            issuer = load_cert(opt_arg(), FORMAT_PEM, "issuer certificate");
+            if (issuer == NULL)
+                goto end;
+            if (issuers == NULL) {
+                if ((issuers = sk_X509_new_null()) == NULL)
+                    goto end;
+            }
+            sk_X509_push(issuers, issuer);
+            break;
+        case OPT_CERT:
+            X509_free(cert);
+            cert = load_cert(opt_arg(), FORMAT_PEM, "certificate");
+            if (cert == NULL)
+                goto end;
+            if (cert_id_md == NULL)
+                cert_id_md = EVP_sha1();
+            if (!add_ocsp_cert(&req, cert, cert_id_md, issuer, ids))
+                goto end;
+            if (!sk_OPENSSL_STRING_push(reqnames, opt_arg()))
+                goto end;
+            trailing_md = 0;
+            break;
+        case OPT_SERIAL:
+            if (cert_id_md == NULL)
+                cert_id_md = EVP_sha1();
+            if (!add_ocsp_serial(&req, opt_arg(), cert_id_md, issuer, ids))
+                goto end;
+            if (!sk_OPENSSL_STRING_push(reqnames, opt_arg()))
+                goto end;
+            trailing_md = 0;
+            break;
+        case OPT_INDEX:
+            ridx_filename = opt_arg();
+            break;
+        case OPT_CA:
+            rca_filename = opt_arg();
+            break;
+        case OPT_NMIN:
+            opt_int(opt_arg(), &nmin);
+            if (ndays == -1)
+                ndays = 0;
+            break;
+        case OPT_REQUEST:
+            opt_int(opt_arg(), &accept_count);
+            break;
+        case OPT_NDAYS:
+            ndays = atoi(opt_arg());
+            break;
+        case OPT_RSIGNER:
+            rsignfile = opt_arg();
+            break;
+        case OPT_RKEY:
+            rkeyfile = opt_arg();
+            break;
+        case OPT_ROTHER:
+            rcertfile = opt_arg();
+            break;
+        case OPT_RMD:   /* Response MessageDigest */
+            if (!opt_md(opt_arg(), &rsign_md))
+                goto end;
+            break;
+        case OPT_RSIGOPT:
+            if (rsign_sigopts == NULL)
+                rsign_sigopts = sk_OPENSSL_STRING_new_null();
+            if (rsign_sigopts == NULL || !sk_OPENSSL_STRING_push(rsign_sigopts, opt_arg()))
+                goto end;
+            break;
+        case OPT_HEADER:
+            header = opt_arg();
+            value = strchr(header, '=');
+            if (value == NULL) {
+                BIO_printf(bio_err, "Missing = in header key=value\n");
+                goto opthelp;
+            }
+            *value++ = '\0';
+            if (!X509V3_add_value(header, value, &headers))
+                goto end;
+            break;
+        case OPT_MD:
+            if (trailing_md) {
+                BIO_printf(bio_err,
+                           "%s: Digest must be before -cert or -serial\n",
+                           prog);
+                goto opthelp;
+            }
+            if (!opt_md(opt_unknown(), &cert_id_md))
+                goto opthelp;
+            trailing_md = 1;
+            break;
+        case OPT_MULTI:
+# ifdef OCSP_DAEMON
+            multi = atoi(opt_arg());
+# endif
+            break;
+        }
+    }
+    if (trailing_md) {
+        BIO_printf(bio_err, "%s: Digest must be before -cert or -serial\n",
+                   prog);
+        goto opthelp;
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    /* Have we anything to do? */
+    if (req == NULL && reqin == NULL
+        && respin == NULL && !(port != NULL && ridx_filename != NULL))
+        goto opthelp;
+
+    out = bio_open_default(outfile, 'w', FORMAT_TEXT);
+    if (out == NULL)
+        goto end;
+
+    if (req == NULL && (add_nonce != 2))
+        add_nonce = 0;
+
+    if (req == NULL && reqin != NULL) {
+        derbio = bio_open_default(reqin, 'r', FORMAT_ASN1);
+        if (derbio == NULL)
+            goto end;
+        req = d2i_OCSP_REQUEST_bio(derbio, NULL);
+        BIO_free(derbio);
+        if (req == NULL) {
+            BIO_printf(bio_err, "Error reading OCSP request\n");
+            goto end;
+        }
+    }
+
+    if (req == NULL && port != NULL) {
+        acbio = init_responder(port);
+        if (acbio == NULL)
+            goto end;
+    }
+
+    if (rsignfile != NULL) {
+        if (rkeyfile == NULL)
+            rkeyfile = rsignfile;
+        rsigner = load_cert(rsignfile, FORMAT_PEM, "responder certificate");
+        if (rsigner == NULL) {
+            BIO_printf(bio_err, "Error loading responder certificate\n");
+            goto end;
+        }
+        if (!load_certs(rca_filename, &rca_cert, FORMAT_PEM,
+                        NULL, "CA certificate"))
+            goto end;
+        if (rcertfile != NULL) {
+            if (!load_certs(rcertfile, &rother, FORMAT_PEM, NULL,
+                            "responder other certificates"))
+                goto end;
+        }
+        rkey = load_key(rkeyfile, FORMAT_PEM, 0, NULL, NULL,
+                        "responder private key");
+        if (rkey == NULL)
+            goto end;
+    }
+
+    if (ridx_filename != NULL
+        && (rkey == NULL || rsigner == NULL || rca_cert == NULL)) {
+        BIO_printf(bio_err,
+                   "Responder mode requires certificate, key, and CA.\n");
+        goto end;
+    }
+
+    if (ridx_filename != NULL) {
+        rdb = load_index(ridx_filename, NULL);
+        if (rdb == NULL || index_index(rdb) <= 0) {
+            ret = 1;
+            goto end;
+        }
+    }
+
+# ifdef OCSP_DAEMON
+    if (multi && acbio != NULL)
+        spawn_loop();
+    if (acbio != NULL && req_timeout > 0)
+        signal(SIGALRM, sock_timeout);
+#endif
+
+    if (acbio != NULL)
+        log_message(LOG_INFO, "waiting for OCSP client connections...");
+
+redo_accept:
+
+    if (acbio != NULL) {
+# ifdef OCSP_DAEMON
+        if (index_changed(rdb)) {
+            CA_DB *newrdb = load_index(ridx_filename, NULL);
+
+            if (newrdb != NULL && index_index(newrdb) > 0) {
+                free_index(rdb);
+                rdb = newrdb;
+            } else {
+                free_index(newrdb);
+                log_message(LOG_ERR, "error reloading updated index: %s",
+                            ridx_filename);
+            }
+        }
+# endif
+
+        req = NULL;
+        if (!do_responder(&req, &cbio, acbio, req_timeout))
+            goto redo_accept;
+
+        if (req == NULL) {
+            resp =
+                OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST,
+                                     NULL);
+            send_ocsp_response(cbio, resp);
+            goto done_resp;
+        }
+    }
+
+    if (req == NULL
+        && (signfile != NULL || reqout != NULL
+            || host != NULL || add_nonce || ridx_filename != NULL)) {
+        BIO_printf(bio_err, "Need an OCSP request for this operation!\n");
+        goto end;
+    }
+
+    if (req != NULL && add_nonce)
+        OCSP_request_add1_nonce(req, NULL, -1);
+
+    if (signfile != NULL) {
+        if (keyfile == NULL)
+            keyfile = signfile;
+        signer = load_cert(signfile, FORMAT_PEM, "signer certificate");
+        if (signer == NULL) {
+            BIO_printf(bio_err, "Error loading signer certificate\n");
+            goto end;
+        }
+        if (sign_certfile != NULL) {
+            if (!load_certs(sign_certfile, &sign_other, FORMAT_PEM, NULL,
+                            "signer certificates"))
+                goto end;
+        }
+        key = load_key(keyfile, FORMAT_PEM, 0, NULL, NULL,
+                       "signer private key");
+        if (key == NULL)
+            goto end;
+
+        if (!OCSP_request_sign
+            (req, signer, key, NULL, sign_other, sign_flags)) {
+            BIO_printf(bio_err, "Error signing OCSP request\n");
+            goto end;
+        }
+    }
+
+    if (req_text && req != NULL)
+        OCSP_REQUEST_print(out, req, 0);
+
+    if (reqout != NULL) {
+        derbio = bio_open_default(reqout, 'w', FORMAT_ASN1);
+        if (derbio == NULL)
+            goto end;
+        i2d_OCSP_REQUEST_bio(derbio, req);
+        BIO_free(derbio);
+    }
+
+    if (rdb != NULL) {
+        make_ocsp_response(bio_err, &resp, req, rdb, rca_cert, rsigner, rkey,
+                               rsign_md, rsign_sigopts, rother, rflags, nmin, ndays, badsig);
+        if (cbio != NULL)
+            send_ocsp_response(cbio, resp);
+    } else if (host != NULL) {
+# ifndef OPENSSL_NO_SOCK
+        resp = process_responder(req, host, path,
+                                 port, use_ssl, headers, req_timeout);
+        if (resp == NULL)
+            goto end;
+# else
+        BIO_printf(bio_err,
+                   "Error creating connect BIO - sockets not supported.\n");
+        goto end;
+# endif
+    } else if (respin != NULL) {
+        derbio = bio_open_default(respin, 'r', FORMAT_ASN1);
+        if (derbio == NULL)
+            goto end;
+        resp = d2i_OCSP_RESPONSE_bio(derbio, NULL);
+        BIO_free(derbio);
+        if (resp == NULL) {
+            BIO_printf(bio_err, "Error reading OCSP response\n");
+            goto end;
+        }
+    } else {
+        ret = 0;
+        goto end;
+    }
+
+ done_resp:
+
+    if (respout != NULL) {
+        derbio = bio_open_default(respout, 'w', FORMAT_ASN1);
+        if (derbio == NULL)
+            goto end;
+        i2d_OCSP_RESPONSE_bio(derbio, resp);
+        BIO_free(derbio);
+    }
+
+    i = OCSP_response_status(resp);
+    if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
+        BIO_printf(out, "Responder Error: %s (%d)\n",
+                   OCSP_response_status_str(i), i);
+        if (!ignore_err)
+                goto end;
+    }
+
+    if (resp_text)
+        OCSP_RESPONSE_print(out, resp, 0);
+
+    /* If running as responder don't verify our own response */
+    if (cbio != NULL) {
+        /* If not unlimited, see if we took all we should. */
+        if (accept_count != -1 && --accept_count <= 0) {
+            ret = 0;
+            goto end;
+        }
+        BIO_free_all(cbio);
+        cbio = NULL;
+        OCSP_REQUEST_free(req);
+        req = NULL;
+        OCSP_RESPONSE_free(resp);
+        resp = NULL;
+        goto redo_accept;
+    }
+    if (ridx_filename != NULL) {
+        ret = 0;
+        goto end;
+    }
+
+    if (store == NULL) {
+        store = setup_verify(CAfile, CApath, noCAfile, noCApath);
+        if (!store)
+            goto end;
+    }
+    if (vpmtouched)
+        X509_STORE_set1_param(store, vpm);
+    if (verify_certfile != NULL) {
+        if (!load_certs(verify_certfile, &verify_other, FORMAT_PEM, NULL,
+                        "validator certificate"))
+            goto end;
+    }
+
+    bs = OCSP_response_get1_basic(resp);
+    if (bs == NULL) {
+        BIO_printf(bio_err, "Error parsing response\n");
+        goto end;
+    }
+
+    ret = 0;
+
+    if (!noverify) {
+        if (req != NULL && ((i = OCSP_check_nonce(req, bs)) <= 0)) {
+            if (i == -1)
+                BIO_printf(bio_err, "WARNING: no nonce in response\n");
+            else {
+                BIO_printf(bio_err, "Nonce Verify error\n");
+                ret = 1;
+                goto end;
+            }
+        }
+
+        i = OCSP_basic_verify(bs, verify_other, store, verify_flags);
+        if (i <= 0 && issuers) {
+            i = OCSP_basic_verify(bs, issuers, store, OCSP_TRUSTOTHER);
+            if (i > 0)
+                ERR_clear_error();
+        }
+        if (i <= 0) {
+            BIO_printf(bio_err, "Response Verify Failure\n");
+            ERR_print_errors(bio_err);
+            ret = 1;
+        } else {
+            BIO_printf(bio_err, "Response verify OK\n");
+        }
+    }
+
+    print_ocsp_summary(out, bs, req, reqnames, ids, nsec, maxage);
+
+ end:
+    ERR_print_errors(bio_err);
+    X509_free(signer);
+    X509_STORE_free(store);
+    X509_VERIFY_PARAM_free(vpm);
+    sk_OPENSSL_STRING_free(rsign_sigopts);
+    EVP_PKEY_free(key);
+    EVP_PKEY_free(rkey);
+    X509_free(cert);
+    sk_X509_pop_free(issuers, X509_free);
+    X509_free(rsigner);
+    sk_X509_pop_free(rca_cert, X509_free);
+    free_index(rdb);
+    BIO_free_all(cbio);
+    BIO_free_all(acbio);
+    BIO_free_all(out);
+    OCSP_REQUEST_free(req);
+    OCSP_RESPONSE_free(resp);
+    OCSP_BASICRESP_free(bs);
+    sk_OPENSSL_STRING_free(reqnames);
+    sk_OCSP_CERTID_free(ids);
+    sk_X509_pop_free(sign_other, X509_free);
+    sk_X509_pop_free(verify_other, X509_free);
+    sk_CONF_VALUE_pop_free(headers, X509V3_conf_free);
+    OPENSSL_free(thost);
+    OPENSSL_free(tport);
+    OPENSSL_free(tpath);
+
+    return ret;
+}
+
+static void
+log_message(int level, const char *fmt, ...)
+{
+    va_list ap;
+
+    va_start(ap, fmt);
+# ifdef OCSP_DAEMON
+    if (multi) {
+        char buf[1024];
+        if (vsnprintf(buf, sizeof(buf), fmt, ap) > 0) {
+            syslog(level, "%s", buf);
+        }
+        if (level >= LOG_ERR)
+            ERR_print_errors_cb(print_syslog, &level);
+    }
+# endif
+    if (!multi) {
+        BIO_printf(bio_err, "%s: ", prog);
+        BIO_vprintf(bio_err, fmt, ap);
+        BIO_printf(bio_err, "\n");
+    }
+    va_end(ap);
+}
+
+# ifdef OCSP_DAEMON
+
+static int print_syslog(const char *str, size_t len, void *levPtr)
+{
+    int level = *(int *)levPtr;
+    int ilen = (len > MAXERRLEN) ? MAXERRLEN : len;
+
+    syslog(level, "%.*s", ilen, str);
+
+    return ilen;
+}
+
+static int index_changed(CA_DB *rdb)
+{
+    struct stat sb;
+
+    if (rdb != NULL && stat(rdb->dbfname, &sb) != -1) {
+        if (rdb->dbst.st_mtime != sb.st_mtime
+            || rdb->dbst.st_ctime != sb.st_ctime
+            || rdb->dbst.st_ino != sb.st_ino
+            || rdb->dbst.st_dev != sb.st_dev) {
+            syslog(LOG_INFO, "index file changed, reloading");
+            return 1;
+        }
+    }
+    return 0;
+}
+
+static void killall(int ret, pid_t *kidpids)
+{
+    int i;
+
+    for (i = 0; i < multi; ++i)
+        if (kidpids[i] != 0)
+            (void)kill(kidpids[i], SIGTERM);
+    OPENSSL_free(kidpids);
+    sleep(1);
+    exit(ret);
+}
+
+static int termsig = 0;
+
+static void noteterm (int sig)
+{
+    termsig = sig;
+}
+
+/*
+ * Loop spawning up to `multi` child processes, only child processes return
+ * from this function.  The parent process loops until receiving a termination
+ * signal, kills extant children and exits without returning.
+ */
+static void spawn_loop(void)
+{
+    pid_t *kidpids = NULL;
+    int status;
+    int procs = 0;
+    int i;
+
+    openlog(prog, LOG_PID, LOG_DAEMON);
+
+    if (setpgid(0, 0)) {
+        syslog(LOG_ERR, "fatal: error detaching from parent process group: %s",
+               strerror(errno));
+        exit(1);
+    }
+    kidpids = app_malloc(multi * sizeof(*kidpids), "child PID array");
+    for (i = 0; i < multi; ++i)
+        kidpids[i] = 0;
+
+    signal(SIGINT, noteterm);
+    signal(SIGTERM, noteterm);
+
+    while (termsig == 0) {
+        pid_t fpid;
+
+        /*
+         * Wait for a child to replace when we're at the limit.
+         * Slow down if a child exited abnormally or waitpid() < 0
+         */
+        while (termsig == 0 && procs >= multi) {
+            if ((fpid = waitpid(-1, &status, 0)) > 0) {
+                for (i = 0; i < procs; ++i) {
+                    if (kidpids[i] == fpid) {
+                        kidpids[i] = 0;
+                        --procs;
+                        break;
+                    }
+                }
+                if (i >= multi) {
+                    syslog(LOG_ERR, "fatal: internal error: "
+                           "no matching child slot for pid: %ld",
+                           (long) fpid);
+                    killall(1, kidpids);
+                }
+                if (status != 0) {
+                    if (WIFEXITED(status))
+                        syslog(LOG_WARNING, "child process: %ld, exit status: %d",
+                               (long)fpid, WEXITSTATUS(status));
+                    else if (WIFSIGNALED(status))
+                        syslog(LOG_WARNING, "child process: %ld, term signal %d%s",
+                               (long)fpid, WTERMSIG(status),
+#ifdef WCOREDUMP
+                               WCOREDUMP(status) ? " (core dumped)" :
+#endif
+                               "");
+                    sleep(1);
+                }
+                break;
+            } else if (errno != EINTR) {
+                syslog(LOG_ERR, "fatal: waitpid(): %s", strerror(errno));
+                killall(1, kidpids);
+            }
+        }
+        if (termsig)
+            break;
+
+        switch(fpid = fork()) {
+        case -1:            /* error */
+            /* System critically low on memory, pause and try again later */
+            sleep(30);
+            break;
+        case 0:             /* child */
+            OPENSSL_free(kidpids);
+            signal(SIGINT, SIG_DFL);
+            signal(SIGTERM, SIG_DFL);
+            if (termsig)
+                _exit(0);
+            if (RAND_poll() <= 0) {
+                syslog(LOG_ERR, "fatal: RAND_poll() failed");
+                _exit(1);
+            }
+            return;
+        default:            /* parent */
+            for (i = 0; i < multi; ++i) {
+                if (kidpids[i] == 0) {
+                    kidpids[i] = fpid;
+                    procs++;
+                    break;
+                }
+            }
+            if (i >= multi) {
+                syslog(LOG_ERR, "fatal: internal error: no free child slots");
+                killall(1, kidpids);
+            }
+            break;
+        }
+    }
+
+    /* The loop above can only break on termsig */
+    syslog(LOG_INFO, "terminating on signal: %d", termsig);
+    killall(0, kidpids);
+}
+# endif
+
+static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert,
+                         const EVP_MD *cert_id_md, X509 *issuer,
+                         STACK_OF(OCSP_CERTID) *ids)
+{
+    OCSP_CERTID *id;
+
+    if (issuer == NULL) {
+        BIO_printf(bio_err, "No issuer certificate specified\n");
+        return 0;
+    }
+    if (*req == NULL)
+        *req = OCSP_REQUEST_new();
+    if (*req == NULL)
+        goto err;
+    id = OCSP_cert_to_id(cert_id_md, cert, issuer);
+    if (id == NULL || !sk_OCSP_CERTID_push(ids, id))
+        goto err;
+    if (!OCSP_request_add0_id(*req, id))
+        goto err;
+    return 1;
+
+ err:
+    BIO_printf(bio_err, "Error Creating OCSP request\n");
+    return 0;
+}
+
+static int add_ocsp_serial(OCSP_REQUEST **req, char *serial,
+                           const EVP_MD *cert_id_md, X509 *issuer,
+                           STACK_OF(OCSP_CERTID) *ids)
+{
+    OCSP_CERTID *id;
+    X509_NAME *iname;
+    ASN1_BIT_STRING *ikey;
+    ASN1_INTEGER *sno;
+
+    if (issuer == NULL) {
+        BIO_printf(bio_err, "No issuer certificate specified\n");
+        return 0;
+    }
+    if (*req == NULL)
+        *req = OCSP_REQUEST_new();
+    if (*req == NULL)
+        goto err;
+    iname = X509_get_subject_name(issuer);
+    ikey = X509_get0_pubkey_bitstr(issuer);
+    sno = s2i_ASN1_INTEGER(NULL, serial);
+    if (sno == NULL) {
+        BIO_printf(bio_err, "Error converting serial number %s\n", serial);
+        return 0;
+    }
+    id = OCSP_cert_id_new(cert_id_md, iname, ikey, sno);
+    ASN1_INTEGER_free(sno);
+    if (id == NULL || !sk_OCSP_CERTID_push(ids, id))
+        goto err;
+    if (!OCSP_request_add0_id(*req, id))
+        goto err;
+    return 1;
+
+ err:
+    BIO_printf(bio_err, "Error Creating OCSP request\n");
+    return 0;
+}
+
+static void print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
+                              STACK_OF(OPENSSL_STRING) *names,
+                              STACK_OF(OCSP_CERTID) *ids, long nsec,
+                              long maxage)
+{
+    OCSP_CERTID *id;
+    const char *name;
+    int i, status, reason;
+    ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd;
+
+    if (bs == NULL || req == NULL || !sk_OPENSSL_STRING_num(names)
+        || !sk_OCSP_CERTID_num(ids))
+        return;
+
+    for (i = 0; i < sk_OCSP_CERTID_num(ids); i++) {
+        id = sk_OCSP_CERTID_value(ids, i);
+        name = sk_OPENSSL_STRING_value(names, i);
+        BIO_printf(out, "%s: ", name);
+
+        if (!OCSP_resp_find_status(bs, id, &status, &reason,
+                                   &rev, &thisupd, &nextupd)) {
+            BIO_puts(out, "ERROR: No Status found.\n");
+            continue;
+        }
+
+        /*
+         * Check validity: if invalid write to output BIO so we know which
+         * response this refers to.
+         */
+        if (!OCSP_check_validity(thisupd, nextupd, nsec, maxage)) {
+            BIO_puts(out, "WARNING: Status times invalid.\n");
+            ERR_print_errors(out);
+        }
+        BIO_printf(out, "%s\n", OCSP_cert_status_str(status));
+
+        BIO_puts(out, "\tThis Update: ");
+        ASN1_GENERALIZEDTIME_print(out, thisupd);
+        BIO_puts(out, "\n");
+
+        if (nextupd) {
+            BIO_puts(out, "\tNext Update: ");
+            ASN1_GENERALIZEDTIME_print(out, nextupd);
+            BIO_puts(out, "\n");
+        }
+
+        if (status != V_OCSP_CERTSTATUS_REVOKED)
+            continue;
+
+        if (reason != -1)
+            BIO_printf(out, "\tReason: %s\n", OCSP_crl_reason_str(reason));
+
+        BIO_puts(out, "\tRevocation Time: ");
+        ASN1_GENERALIZEDTIME_print(out, rev);
+        BIO_puts(out, "\n");
+    }
+}
+
+static void make_ocsp_response(BIO *err, OCSP_RESPONSE **resp, OCSP_REQUEST *req,
+                              CA_DB *db, STACK_OF(X509) *ca, X509 *rcert,
+                              EVP_PKEY *rkey, const EVP_MD *rmd,
+                              STACK_OF(OPENSSL_STRING) *sigopts,
+                              STACK_OF(X509) *rother, unsigned long flags,
+                              int nmin, int ndays, int badsig)
+{
+    ASN1_TIME *thisupd = NULL, *nextupd = NULL;
+    OCSP_CERTID *cid;
+    OCSP_BASICRESP *bs = NULL;
+    int i, id_count;
+    EVP_MD_CTX *mctx = NULL;
+    EVP_PKEY_CTX *pkctx = NULL;
+
+    id_count = OCSP_request_onereq_count(req);
+
+    if (id_count <= 0) {
+        *resp =
+            OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL);
+        goto end;
+    }
+
+    bs = OCSP_BASICRESP_new();
+    thisupd = X509_gmtime_adj(NULL, 0);
+    if (ndays != -1)
+        nextupd = X509_time_adj_ex(NULL, ndays, nmin * 60, NULL);
+
+    /* Examine each certificate id in the request */
+    for (i = 0; i < id_count; i++) {
+        OCSP_ONEREQ *one;
+        ASN1_INTEGER *serial;
+        char **inf;
+        int jj;
+        int found = 0;
+        ASN1_OBJECT *cert_id_md_oid;
+        const EVP_MD *cert_id_md;
+        one = OCSP_request_onereq_get0(req, i);
+        cid = OCSP_onereq_get0_id(one);
+
+        OCSP_id_get0_info(NULL, &cert_id_md_oid, NULL, NULL, cid);
+
+        cert_id_md = EVP_get_digestbyobj(cert_id_md_oid);
+        if (cert_id_md == NULL) {
+            *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR,
+                                         NULL);
+            goto end;
+        }
+        for (jj = 0; jj < sk_X509_num(ca) && !found; jj++) {
+            X509 *ca_cert = sk_X509_value(ca, jj);
+            OCSP_CERTID *ca_id = OCSP_cert_to_id(cert_id_md, NULL, ca_cert);
+
+            if (OCSP_id_issuer_cmp(ca_id, cid) == 0)
+                found = 1;
+
+            OCSP_CERTID_free(ca_id);
+        }
+
+        if (!found) {
+            OCSP_basic_add1_status(bs, cid,
+                                   V_OCSP_CERTSTATUS_UNKNOWN,
+                                   0, NULL, thisupd, nextupd);
+            continue;
+        }
+        OCSP_id_get0_info(NULL, NULL, NULL, &serial, cid);
+        inf = lookup_serial(db, serial);
+        if (inf == NULL) {
+            OCSP_basic_add1_status(bs, cid,
+                                   V_OCSP_CERTSTATUS_UNKNOWN,
+                                   0, NULL, thisupd, nextupd);
+        } else if (inf[DB_type][0] == DB_TYPE_VAL) {
+            OCSP_basic_add1_status(bs, cid,
+                                   V_OCSP_CERTSTATUS_GOOD,
+                                   0, NULL, thisupd, nextupd);
+        } else if (inf[DB_type][0] == DB_TYPE_REV) {
+            ASN1_OBJECT *inst = NULL;
+            ASN1_TIME *revtm = NULL;
+            ASN1_GENERALIZEDTIME *invtm = NULL;
+            OCSP_SINGLERESP *single;
+            int reason = -1;
+            unpack_revinfo(&revtm, &reason, &inst, &invtm, inf[DB_rev_date]);
+            single = OCSP_basic_add1_status(bs, cid,
+                                            V_OCSP_CERTSTATUS_REVOKED,
+                                            reason, revtm, thisupd, nextupd);
+            if (invtm != NULL)
+                OCSP_SINGLERESP_add1_ext_i2d(single, NID_invalidity_date,
+                                             invtm, 0, 0);
+            else if (inst != NULL)
+                OCSP_SINGLERESP_add1_ext_i2d(single,
+                                             NID_hold_instruction_code, inst,
+                                             0, 0);
+            ASN1_OBJECT_free(inst);
+            ASN1_TIME_free(revtm);
+            ASN1_GENERALIZEDTIME_free(invtm);
+        }
+    }
+
+    OCSP_copy_nonce(bs, req);
+
+    mctx = EVP_MD_CTX_new();
+    if ( mctx == NULL || !EVP_DigestSignInit(mctx, &pkctx, rmd, NULL, rkey)) {
+        *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR, NULL);
+        goto end;
+    }
+    for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) {
+        char *sigopt = sk_OPENSSL_STRING_value(sigopts, i);
+
+        if (pkey_ctrl_string(pkctx, sigopt) <= 0) {
+            BIO_printf(err, "parameter error \"%s\"\n", sigopt);
+            ERR_print_errors(bio_err);
+            *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR,
+                                         NULL);
+            goto end;
+        }
+    }
+    OCSP_basic_sign_ctx(bs, rcert, mctx, rother, flags);
+
+    if (badsig) {
+        const ASN1_OCTET_STRING *sig = OCSP_resp_get0_signature(bs);
+        corrupt_signature(sig);
+    }
+
+    *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, bs);
+
+ end:
+    EVP_MD_CTX_free(mctx);
+    ASN1_TIME_free(thisupd);
+    ASN1_TIME_free(nextupd);
+    OCSP_BASICRESP_free(bs);
+}
+
+static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser)
+{
+    int i;
+    BIGNUM *bn = NULL;
+    char *itmp, *row[DB_NUMBER], **rrow;
+    for (i = 0; i < DB_NUMBER; i++)
+        row[i] = NULL;
+    bn = ASN1_INTEGER_to_BN(ser, NULL);
+    OPENSSL_assert(bn);         /* FIXME: should report an error at this
+                                 * point and abort */
+    if (BN_is_zero(bn))
+        itmp = OPENSSL_strdup("00");
+    else
+        itmp = BN_bn2hex(bn);
+    row[DB_serial] = itmp;
+    BN_free(bn);
+    rrow = TXT_DB_get_by_index(db->db, DB_serial, row);
+    OPENSSL_free(itmp);
+    return rrow;
+}
+
+/* Quick and dirty OCSP server: read in and parse input request */
+
+static BIO *init_responder(const char *port)
+{
+# ifdef OPENSSL_NO_SOCK
+    BIO_printf(bio_err,
+               "Error setting up accept BIO - sockets not supported.\n");
+    return NULL;
+# else
+    BIO *acbio = NULL, *bufbio = NULL;
+
+    bufbio = BIO_new(BIO_f_buffer());
+    if (bufbio == NULL)
+        goto err;
+    acbio = BIO_new(BIO_s_accept());
+    if (acbio == NULL
+        || BIO_set_bind_mode(acbio, BIO_BIND_REUSEADDR) < 0
+        || BIO_set_accept_port(acbio, port) < 0) {
+        log_message(LOG_ERR, "Error setting up accept BIO");
+        goto err;
+    }
+
+    BIO_set_accept_bios(acbio, bufbio);
+    bufbio = NULL;
+    if (BIO_do_accept(acbio) <= 0) {
+        log_message(LOG_ERR, "Error starting accept");
+        goto err;
+    }
+
+    return acbio;
+
+ err:
+    BIO_free_all(acbio);
+    BIO_free(bufbio);
+    return NULL;
+# endif
+}
+
+# ifndef OPENSSL_NO_SOCK
+/*
+ * Decode %xx URL-decoding in-place. Ignores mal-formed sequences.
+ */
+static int urldecode(char *p)
+{
+    unsigned char *out = (unsigned char *)p;
+    unsigned char *save = out;
+
+    for (; *p; p++) {
+        if (*p != '%')
+            *out++ = *p;
+        else if (isxdigit(_UC(p[1])) && isxdigit(_UC(p[2]))) {
+            /* Don't check, can't fail because of ixdigit() call. */
+            *out++ = (OPENSSL_hexchar2int(p[1]) << 4)
+                   | OPENSSL_hexchar2int(p[2]);
+            p += 2;
+        }
+        else
+            return -1;
+    }
+    *out = '\0';
+    return (int)(out - save);
+}
+# endif
+
+# ifdef OCSP_DAEMON
+static void sock_timeout(int signum)
+{
+    if (acfd != (int)INVALID_SOCKET)
+        (void)shutdown(acfd, SHUT_RD);
+}
+# endif
+
+static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio,
+                        int timeout)
+{
+# ifdef OPENSSL_NO_SOCK
+    return 0;
+# else
+    int len;
+    OCSP_REQUEST *req = NULL;
+    char inbuf[2048], reqbuf[2048];
+    char *p, *q;
+    BIO *cbio = NULL, *getbio = NULL, *b64 = NULL;
+    const char *client;
+
+    *preq = NULL;
+
+    /* Connection loss before accept() is routine, ignore silently */
+    if (BIO_do_accept(acbio) <= 0)
+        return 0;
+
+    cbio = BIO_pop(acbio);
+    *pcbio = cbio;
+    client = BIO_get_peer_name(cbio);
+
+#  ifdef OCSP_DAEMON
+    if (timeout > 0) {
+        (void) BIO_get_fd(cbio, &acfd);
+        alarm(timeout);
+    }
+#  endif
+
+    /* Read the request line. */
+    len = BIO_gets(cbio, reqbuf, sizeof(reqbuf));
+    if (len <= 0)
+        goto out;
+
+    if (strncmp(reqbuf, "GET ", 4) == 0) {
+        /* Expecting GET {sp} /URL {sp} HTTP/1.x */
+        for (p = reqbuf + 4; *p == ' '; ++p)
+            continue;
+        if (*p != '/') {
+            log_message(LOG_INFO, "Invalid request -- bad URL: %s", client);
+            goto out;
+        }
+        p++;
+
+        /* Splice off the HTTP version identifier. */
+        for (q = p; *q; q++)
+            if (*q == ' ')
+                break;
+        if (strncmp(q, " HTTP/1.", 8) != 0) {
+            log_message(LOG_INFO,
+                        "Invalid request -- bad HTTP version: %s", client);
+            goto out;
+        }
+        *q = '\0';
+
+        /*
+         * Skip "GET / HTTP..." requests often used by load-balancers
+         */
+        if (p[1] == '\0')
+            goto out;
+
+        len = urldecode(p);
+        if (len <= 0) {
+            log_message(LOG_INFO,
+                        "Invalid request -- bad URL encoding: %s", client);
+            goto out;
+        }
+        if ((getbio = BIO_new_mem_buf(p, len)) == NULL
+            || (b64 = BIO_new(BIO_f_base64())) == NULL) {
+            log_message(LOG_ERR, "Could not allocate base64 bio: %s", client);
+            goto out;
+        }
+        BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
+        getbio = BIO_push(b64, getbio);
+    } else if (strncmp(reqbuf, "POST ", 5) != 0) {
+        log_message(LOG_INFO, "Invalid request -- bad HTTP verb: %s", client);
+        goto out;
+    }
+
+    /* Read and skip past the headers. */
+    for (;;) {
+        len = BIO_gets(cbio, inbuf, sizeof(inbuf));
+        if (len <= 0)
+            goto out;
+        if ((inbuf[0] == '\r') || (inbuf[0] == '\n'))
+            break;
+    }
+
+#  ifdef OCSP_DAEMON
+    /* Clear alarm before we close the client socket */
+    alarm(0);
+    timeout = 0;
+#  endif
+
+    /* Try to read OCSP request */
+    if (getbio != NULL) {
+        req = d2i_OCSP_REQUEST_bio(getbio, NULL);
+        BIO_free_all(getbio);
+    } else {
+        req = d2i_OCSP_REQUEST_bio(cbio, NULL);
+    }
+
+    if (req == NULL)
+        log_message(LOG_ERR, "Error parsing OCSP request");
+
+    *preq = req;
+
+out:
+#  ifdef OCSP_DAEMON
+    if (timeout > 0)
+        alarm(0);
+    acfd = (int)INVALID_SOCKET;
+#  endif
+    return 1;
+# endif
+}
+
+static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp)
+{
+    char http_resp[] =
+        "HTTP/1.0 200 OK\r\nContent-type: application/ocsp-response\r\n"
+        "Content-Length: %d\r\n\r\n";
+    if (cbio == NULL)
+        return 0;
+    BIO_printf(cbio, http_resp, i2d_OCSP_RESPONSE(resp, NULL));
+    i2d_OCSP_RESPONSE_bio(cbio, resp);
+    (void)BIO_flush(cbio);
+    return 1;
+}
+
+# ifndef OPENSSL_NO_SOCK
+static OCSP_RESPONSE *query_responder(BIO *cbio, const char *host,
+                                      const char *path,
+                                      const STACK_OF(CONF_VALUE) *headers,
+                                      OCSP_REQUEST *req, int req_timeout)
+{
+    int fd;
+    int rv;
+    int i;
+    int add_host = 1;
+    OCSP_REQ_CTX *ctx = NULL;
+    OCSP_RESPONSE *rsp = NULL;
+    fd_set confds;
+    struct timeval tv;
+
+    if (req_timeout != -1)
+        BIO_set_nbio(cbio, 1);
+
+    rv = BIO_do_connect(cbio);
+
+    if ((rv <= 0) && ((req_timeout == -1) || !BIO_should_retry(cbio))) {
+        BIO_puts(bio_err, "Error connecting BIO\n");
+        return NULL;
+    }
+
+    if (BIO_get_fd(cbio, &fd) < 0) {
+        BIO_puts(bio_err, "Can't get connection fd\n");
+        goto err;
+    }
+
+    if (req_timeout != -1 && rv <= 0) {
+        FD_ZERO(&confds);
+        openssl_fdset(fd, &confds);
+        tv.tv_usec = 0;
+        tv.tv_sec = req_timeout;
+        rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv);
+        if (rv == 0) {
+            BIO_puts(bio_err, "Timeout on connect\n");
+            return NULL;
+        }
+    }
+
+    ctx = OCSP_sendreq_new(cbio, path, NULL, -1);
+    if (ctx == NULL)
+        return NULL;
+
+    for (i = 0; i < sk_CONF_VALUE_num(headers); i++) {
+        CONF_VALUE *hdr = sk_CONF_VALUE_value(headers, i);
+        if (add_host == 1 && strcasecmp("host", hdr->name) == 0)
+            add_host = 0;
+        if (!OCSP_REQ_CTX_add1_header(ctx, hdr->name, hdr->value))
+            goto err;
+    }
+
+    if (add_host == 1 && OCSP_REQ_CTX_add1_header(ctx, "Host", host) == 0)
+        goto err;
+
+    if (!OCSP_REQ_CTX_set1_req(ctx, req))
+        goto err;
+
+    for (;;) {
+        rv = OCSP_sendreq_nbio(&rsp, ctx);
+        if (rv != -1)
+            break;
+        if (req_timeout == -1)
+            continue;
+        FD_ZERO(&confds);
+        openssl_fdset(fd, &confds);
+        tv.tv_usec = 0;
+        tv.tv_sec = req_timeout;
+        if (BIO_should_read(cbio)) {
+            rv = select(fd + 1, (void *)&confds, NULL, NULL, &tv);
+        } else if (BIO_should_write(cbio)) {
+            rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv);
+        } else {
+            BIO_puts(bio_err, "Unexpected retry condition\n");
+            goto err;
+        }
+        if (rv == 0) {
+            BIO_puts(bio_err, "Timeout on request\n");
+            break;
+        }
+        if (rv == -1) {
+            BIO_puts(bio_err, "Select error\n");
+            break;
+        }
+
+    }
+ err:
+    OCSP_REQ_CTX_free(ctx);
+
+    return rsp;
+}
+
+OCSP_RESPONSE *process_responder(OCSP_REQUEST *req,
+                                 const char *host, const char *path,
+                                 const char *port, int use_ssl,
+                                 STACK_OF(CONF_VALUE) *headers,
+                                 int req_timeout)
+{
+    BIO *cbio = NULL;
+    SSL_CTX *ctx = NULL;
+    OCSP_RESPONSE *resp = NULL;
+
+    cbio = BIO_new_connect(host);
+    if (cbio == NULL) {
+        BIO_printf(bio_err, "Error creating connect BIO\n");
+        goto end;
+    }
+    if (port != NULL)
+        BIO_set_conn_port(cbio, port);
+    if (use_ssl == 1) {
+        BIO *sbio;
+        ctx = SSL_CTX_new(TLS_client_method());
+        if (ctx == NULL) {
+            BIO_printf(bio_err, "Error creating SSL context.\n");
+            goto end;
+        }
+        SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
+        sbio = BIO_new_ssl(ctx, 1);
+        cbio = BIO_push(sbio, cbio);
+    }
+
+    resp = query_responder(cbio, host, path, headers, req, req_timeout);
+    if (resp == NULL)
+        BIO_printf(bio_err, "Error querying OCSP responder\n");
+ end:
+    BIO_free_all(cbio);
+    SSL_CTX_free(ctx);
+    return resp;
+}
+# endif
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/openssl-vms.cnf b/trunk/3rdparty/openssl-1.1-fit/apps/openssl-vms.cnf
new file mode 100644
index 000000000..e64cc9f3a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/openssl-vms.cnf
@@ -0,0 +1,350 @@
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# Note that you can include other files from the main configuration
+# file using the .include directive.
+#.include filename
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+# Policies used by the TSA examples.
+tsa_policy1 = 1.2.3.4.1
+tsa_policy2 = 1.2.3.4.5.6
+tsa_policy3 = 1.2.3.4.5.7
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= sys\$disk:[.demoCA		# Where everything is kept
+certs		= $dir.certs]		# Where the issued certs are kept
+crl_dir		= $dir.crl]		# Where the issued crl are kept
+database	= $dir]index.txt	# database index file.
+#unique_subject	= no			# Set to 'no' to allow creation of
+					# several certs with same subject.
+new_certs_dir	= $dir.newcerts]		# default place for new certs.
+
+certificate	= $dir]cacert.pem 	# The CA certificate
+serial		= $dir]serial. 		# The current serial number
+crlnumber	= $dir]crlnumber.	# the current crl number
+					# must be commented out to leave a V1 CRL
+crl		= $dir]crl.pem 		# The current CRL
+private_key	= $dir.private]cakey.pem# The private key
+
+x509_extensions	= usr_cert		# The extensions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt 	= ca_default		# Subject Name options
+cert_opt 	= ca_default		# Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 365			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= default		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= 2048
+default_keyfile 	= privkey.pem
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extensions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation before 2004)
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
+string_mask = utf8only
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= AU
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= Some-State
+
+localityName			= Locality Name (eg, city)
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= Internet Widgits Pty Ltd
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (e.g. server FQDN or YOUR name)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_max		= 64
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This is required for TSA certificates.
+# extendedKeyUsage = critical,timeStamping
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer
+
+basicConstraints = critical,CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
+
+####################################################################
+[ tsa ]
+
+default_tsa = tsa_config1	# the default TSA section
+
+[ tsa_config1 ]
+
+# These are used by the TSA reply generation only.
+dir		= sys\$disk:[.demoCA		# TSA root directory
+serial		= $dir]tsaserial.	# The current serial number (mandatory)
+crypto_device	= builtin		# OpenSSL engine to use for signing
+signer_cert	= $dir/tsacert.pem 	# The TSA signing certificate
+					# (optional)
+certs		= $dir.cacert.pem]	# Certificate chain to include in reply
+					# (optional)
+signer_key	= $dir/private/tsakey.pem # The TSA private key (optional)
+signer_digest  = sha256			# Signing digest to use. (Optional)
+default_policy	= tsa_policy1		# Policy if request did not specify it
+					# (optional)
+other_policies	= tsa_policy2, tsa_policy3	# acceptable policies (optional)
+digests     = sha1, sha256, sha384, sha512  # Acceptable message digests (mandatory)
+accuracy	= secs:1, millisecs:500, microsecs:100	# (optional)
+clock_precision_digits  = 0	# number of digits after dot. (optional)
+ordering		= yes	# Is ordering defined for timestamps?
+				# (optional, default: no)
+tsa_name		= yes	# Must the TSA name be included in the reply?
+				# (optional, default: no)
+ess_cert_id_chain	= no	# Must the ESS cert id chain be included?
+				# (optional, default: no)
+ess_cert_id_alg		= sha1	# algorithm to compute certificate
+				# identifier (optional, default: sha1)
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/openssl.c b/trunk/3rdparty/openssl-1.1-fit/apps/openssl.c
new file mode 100644
index 000000000..a872e2c5e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/openssl.c
@@ -0,0 +1,826 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <internal/cryptlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <openssl/bio.h>
+#include <openssl/crypto.h>
+#include <openssl/lhash.h>
+#include <openssl/conf.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/ssl.h>
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+#include <openssl/err.h>
+#include "s_apps.h"
+/* Needed to get the other O_xxx flags. */
+#ifdef OPENSSL_SYS_VMS
+# include <unixio.h>
+#endif
+#include "apps.h"
+#define INCLUDE_FUNCTION_TABLE
+#include "progs.h"
+
+/* Structure to hold the number of columns to be displayed and the
+ * field width used to display them.
+ */
+typedef struct {
+    int columns;
+    int width;
+} DISPLAY_COLUMNS;
+
+/* Special sentinel to exit the program. */
+#define EXIT_THE_PROGRAM (-1)
+
+/*
+ * The LHASH callbacks ("hash" & "cmp") have been replaced by functions with
+ * the base prototypes (we cast each variable inside the function to the
+ * required type of "FUNCTION*"). This removes the necessity for
+ * macro-generated wrapper functions.
+ */
+static LHASH_OF(FUNCTION) *prog_init(void);
+static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[]);
+static void list_pkey(void);
+static void list_pkey_meth(void);
+static void list_type(FUNC_TYPE ft, int one);
+static void list_disabled(void);
+char *default_config_file = NULL;
+
+BIO *bio_in = NULL;
+BIO *bio_out = NULL;
+BIO *bio_err = NULL;
+
+static void calculate_columns(DISPLAY_COLUMNS *dc)
+{
+    FUNCTION *f;
+    int len, maxlen = 0;
+
+    for (f = functions; f->name != NULL; ++f)
+        if (f->type == FT_general || f->type == FT_md || f->type == FT_cipher)
+            if ((len = strlen(f->name)) > maxlen)
+                maxlen = len;
+
+    dc->width = maxlen + 2;
+    dc->columns = (80 - 1) / dc->width;
+}
+
+static int apps_startup(void)
+{
+#ifdef SIGPIPE
+    signal(SIGPIPE, SIG_IGN);
+#endif
+
+    /* Set non-default library initialisation settings */
+    if (!OPENSSL_init_ssl(OPENSSL_INIT_ENGINE_ALL_BUILTIN
+                          | OPENSSL_INIT_LOAD_CONFIG, NULL))
+        return 0;
+
+    setup_ui_method();
+
+    return 1;
+}
+
+static void apps_shutdown(void)
+{
+    destroy_ui_method();
+    destroy_prefix_method();
+}
+
+static char *make_config_name(void)
+{
+    const char *t;
+    size_t len;
+    char *p;
+
+    if ((t = getenv("OPENSSL_CONF")) != NULL)
+        return OPENSSL_strdup(t);
+
+    t = X509_get_default_cert_area();
+    len = strlen(t) + 1 + strlen(OPENSSL_CONF) + 1;
+    p = app_malloc(len, "config filename buffer");
+    strcpy(p, t);
+#ifndef OPENSSL_SYS_VMS
+    strcat(p, "/");
+#endif
+    strcat(p, OPENSSL_CONF);
+
+    return p;
+}
+
+int main(int argc, char *argv[])
+{
+    FUNCTION f, *fp;
+    LHASH_OF(FUNCTION) *prog = NULL;
+    char **copied_argv = NULL;
+    char *p, *pname;
+    char buf[1024];
+    const char *prompt;
+    ARGS arg;
+    int first, n, i, ret = 0;
+
+    arg.argv = NULL;
+    arg.size = 0;
+
+    /* Set up some of the environment. */
+    default_config_file = make_config_name();
+    bio_in = dup_bio_in(FORMAT_TEXT);
+    bio_out = dup_bio_out(FORMAT_TEXT);
+    bio_err = dup_bio_err(FORMAT_TEXT);
+
+#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
+    copied_argv = argv = copy_argv(&argc, argv);
+#elif defined(_WIN32)
+    /*
+     * Replace argv[] with UTF-8 encoded strings.
+     */
+    win32_utf8argv(&argc, &argv);
+#endif
+
+    p = getenv("OPENSSL_DEBUG_MEMORY");
+    if (p != NULL && strcmp(p, "on") == 0)
+        CRYPTO_set_mem_debug(1);
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+    if (getenv("OPENSSL_FIPS")) {
+        BIO_printf(bio_err, "FIPS mode not supported.\n");
+        return 1;
+    }
+
+    if (!apps_startup()) {
+        BIO_printf(bio_err,
+                   "FATAL: Startup failure (dev note: apps_startup() failed)\n");
+        ERR_print_errors(bio_err);
+        ret = 1;
+        goto end;
+    }
+
+    prog = prog_init();
+    pname = opt_progname(argv[0]);
+
+    /* first check the program name */
+    f.name = pname;
+    fp = lh_FUNCTION_retrieve(prog, &f);
+    if (fp != NULL) {
+        argv[0] = pname;
+        ret = fp->func(argc, argv);
+        goto end;
+    }
+
+    /* If there is stuff on the command line, run with that. */
+    if (argc != 1) {
+        argc--;
+        argv++;
+        ret = do_cmd(prog, argc, argv);
+        if (ret < 0)
+            ret = 0;
+        goto end;
+    }
+
+    /* ok, lets enter interactive mode */
+    for (;;) {
+        ret = 0;
+        /* Read a line, continue reading if line ends with \ */
+        for (p = buf, n = sizeof(buf), i = 0, first = 1; n > 0; first = 0) {
+            prompt = first ? "OpenSSL> " : "> ";
+            p[0] = '\0';
+#ifndef READLINE
+            fputs(prompt, stdout);
+            fflush(stdout);
+            if (!fgets(p, n, stdin))
+                goto end;
+            if (p[0] == '\0')
+                goto end;
+            i = strlen(p);
+            if (i <= 1)
+                break;
+            if (p[i - 2] != '\\')
+                break;
+            i -= 2;
+            p += i;
+            n -= i;
+#else
+            {
+                extern char *readline(const char *);
+                extern void add_history(const char *cp);
+                char *text;
+
+                text = readline(prompt);
+                if (text == NULL)
+                    goto end;
+                i = strlen(text);
+                if (i == 0 || i > n)
+                    break;
+                if (text[i - 1] != '\\') {
+                    p += strlen(strcpy(p, text));
+                    free(text);
+                    add_history(buf);
+                    break;
+                }
+
+                text[i - 1] = '\0';
+                p += strlen(strcpy(p, text));
+                free(text);
+                n -= i;
+            }
+#endif
+        }
+
+        if (!chopup_args(&arg, buf)) {
+            BIO_printf(bio_err, "Can't parse (no memory?)\n");
+            break;
+        }
+
+        ret = do_cmd(prog, arg.argc, arg.argv);
+        if (ret == EXIT_THE_PROGRAM) {
+            ret = 0;
+            goto end;
+        }
+        if (ret != 0)
+            BIO_printf(bio_err, "error in %s\n", arg.argv[0]);
+        (void)BIO_flush(bio_out);
+        (void)BIO_flush(bio_err);
+    }
+    ret = 1;
+ end:
+    OPENSSL_free(copied_argv);
+    OPENSSL_free(default_config_file);
+    lh_FUNCTION_free(prog);
+    OPENSSL_free(arg.argv);
+    app_RAND_write();
+
+    BIO_free(bio_in);
+    BIO_free_all(bio_out);
+    apps_shutdown();
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    if (CRYPTO_mem_leaks(bio_err) <= 0)
+        ret = 1;
+#endif
+    BIO_free(bio_err);
+    EXIT(ret);
+}
+
+static void list_cipher_fn(const EVP_CIPHER *c,
+                           const char *from, const char *to, void *arg)
+{
+    if (c != NULL) {
+        BIO_printf(arg, "%s\n", EVP_CIPHER_name(c));
+    } else {
+        if (from == NULL)
+            from = "<undefined>";
+        if (to == NULL)
+            to = "<undefined>";
+        BIO_printf(arg, "%s => %s\n", from, to);
+    }
+}
+
+static void list_md_fn(const EVP_MD *m,
+                       const char *from, const char *to, void *arg)
+{
+    if (m != NULL) {
+        BIO_printf(arg, "%s\n", EVP_MD_name(m));
+    } else {
+        if (from == NULL)
+            from = "<undefined>";
+        if (to == NULL)
+            to = "<undefined>";
+        BIO_printf((BIO *)arg, "%s => %s\n", from, to);
+    }
+}
+
+static void list_missing_help(void)
+{
+    const FUNCTION *fp;
+    const OPTIONS *o;
+
+    for (fp = functions; fp->name != NULL; fp++) {
+        if ((o = fp->help) != NULL) {
+            /* If there is help, list what flags are not documented. */
+            for ( ; o->name != NULL; o++) {
+                if (o->helpstr == NULL)
+                    BIO_printf(bio_out, "%s %s\n", fp->name, o->name);
+            }
+        } else if (fp->func != dgst_main) {
+            /* If not aliased to the dgst command, */
+            BIO_printf(bio_out, "%s *\n", fp->name);
+        }
+    }
+}
+
+static void list_options_for_command(const char *command)
+{
+    const FUNCTION *fp;
+    const OPTIONS *o;
+
+    for (fp = functions; fp->name != NULL; fp++)
+        if (strcmp(fp->name, command) == 0)
+            break;
+    if (fp->name == NULL) {
+        BIO_printf(bio_err, "Invalid command '%s'; type \"help\" for a list.\n",
+                command);
+        return;
+    }
+
+    if ((o = fp->help) == NULL)
+        return;
+
+    for ( ; o->name != NULL; o++) {
+        if (o->name == OPT_HELP_STR
+                || o->name == OPT_MORE_STR
+                || o->name[0] == '\0')
+            continue;
+        BIO_printf(bio_out, "%s %c\n", o->name, o->valtype);
+    }
+}
+
+
+/* Unified enum for help and list commands. */
+typedef enum HELPLIST_CHOICE {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_ONE,
+    OPT_COMMANDS, OPT_DIGEST_COMMANDS, OPT_OPTIONS,
+    OPT_DIGEST_ALGORITHMS, OPT_CIPHER_COMMANDS, OPT_CIPHER_ALGORITHMS,
+    OPT_PK_ALGORITHMS, OPT_PK_METHOD, OPT_DISABLED, OPT_MISSING_HELP
+} HELPLIST_CHOICE;
+
+const OPTIONS list_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"1", OPT_ONE, '-', "List in one column"},
+    {"commands", OPT_COMMANDS, '-', "List of standard commands"},
+    {"digest-commands", OPT_DIGEST_COMMANDS, '-',
+     "List of message digest commands"},
+    {"digest-algorithms", OPT_DIGEST_ALGORITHMS, '-',
+     "List of message digest algorithms"},
+    {"cipher-commands", OPT_CIPHER_COMMANDS, '-', "List of cipher commands"},
+    {"cipher-algorithms", OPT_CIPHER_ALGORITHMS, '-',
+     "List of cipher algorithms"},
+    {"public-key-algorithms", OPT_PK_ALGORITHMS, '-',
+     "List of public key algorithms"},
+    {"public-key-methods", OPT_PK_METHOD, '-',
+     "List of public key methods"},
+    {"disabled", OPT_DISABLED, '-',
+     "List of disabled features"},
+    {"missing-help", OPT_MISSING_HELP, '-',
+     "List missing detailed help strings"},
+    {"options", OPT_OPTIONS, 's',
+     "List options for specified command"},
+    {NULL}
+};
+
+int list_main(int argc, char **argv)
+{
+    char *prog;
+    HELPLIST_CHOICE o;
+    int one = 0, done = 0;
+
+    prog = opt_init(argc, argv, list_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:  /* Never hit, but suppresses warning */
+        case OPT_ERR:
+opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            return 1;
+        case OPT_HELP:
+            opt_help(list_options);
+            break;
+        case OPT_ONE:
+            one = 1;
+            break;
+        case OPT_COMMANDS:
+            list_type(FT_general, one);
+            break;
+        case OPT_DIGEST_COMMANDS:
+            list_type(FT_md, one);
+            break;
+        case OPT_DIGEST_ALGORITHMS:
+            EVP_MD_do_all_sorted(list_md_fn, bio_out);
+            break;
+        case OPT_CIPHER_COMMANDS:
+            list_type(FT_cipher, one);
+            break;
+        case OPT_CIPHER_ALGORITHMS:
+            EVP_CIPHER_do_all_sorted(list_cipher_fn, bio_out);
+            break;
+        case OPT_PK_ALGORITHMS:
+            list_pkey();
+            break;
+        case OPT_PK_METHOD:
+            list_pkey_meth();
+            break;
+        case OPT_DISABLED:
+            list_disabled();
+            break;
+        case OPT_MISSING_HELP:
+            list_missing_help();
+            break;
+        case OPT_OPTIONS:
+            list_options_for_command(opt_arg());
+            break;
+        }
+        done = 1;
+    }
+    if (opt_num_rest() != 0) {
+        BIO_printf(bio_err, "Extra arguments given.\n");
+        goto opthelp;
+    }
+
+    if (!done)
+        goto opthelp;
+
+    return 0;
+}
+
+typedef enum HELP_CHOICE {
+    OPT_hERR = -1, OPT_hEOF = 0, OPT_hHELP
+} HELP_CHOICE;
+
+const OPTIONS help_options[] = {
+    {OPT_HELP_STR, 1, '-', "Usage: help [options]\n"},
+    {OPT_HELP_STR, 1, '-', "       help [command]\n"},
+    {"help", OPT_hHELP, '-', "Display this summary"},
+    {NULL}
+};
+
+
+int help_main(int argc, char **argv)
+{
+    FUNCTION *fp;
+    int i, nl;
+    FUNC_TYPE tp;
+    char *prog;
+    HELP_CHOICE o;
+    DISPLAY_COLUMNS dc;
+
+    prog = opt_init(argc, argv, help_options);
+    while ((o = opt_next()) != OPT_hEOF) {
+        switch (o) {
+        case OPT_hERR:
+        case OPT_hEOF:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            return 1;
+        case OPT_hHELP:
+            opt_help(help_options);
+            return 0;
+        }
+    }
+
+    if (opt_num_rest() == 1) {
+        char *new_argv[3];
+
+        new_argv[0] = opt_rest()[0];
+        new_argv[1] = "--help";
+        new_argv[2] = NULL;
+        return do_cmd(prog_init(), 2, new_argv);
+    }
+    if (opt_num_rest() != 0) {
+        BIO_printf(bio_err, "Usage: %s\n", prog);
+        return 1;
+    }
+
+    calculate_columns(&dc);
+    BIO_printf(bio_err, "Standard commands");
+    i = 0;
+    tp = FT_none;
+    for (fp = functions; fp->name != NULL; fp++) {
+        nl = 0;
+        if (i++ % dc.columns == 0) {
+            BIO_printf(bio_err, "\n");
+            nl = 1;
+        }
+        if (fp->type != tp) {
+            tp = fp->type;
+            if (!nl)
+                BIO_printf(bio_err, "\n");
+            if (tp == FT_md) {
+                i = 1;
+                BIO_printf(bio_err,
+                           "\nMessage Digest commands (see the `dgst' command for more details)\n");
+            } else if (tp == FT_cipher) {
+                i = 1;
+                BIO_printf(bio_err,
+                           "\nCipher commands (see the `enc' command for more details)\n");
+            }
+        }
+        BIO_printf(bio_err, "%-*s", dc.width, fp->name);
+    }
+    BIO_printf(bio_err, "\n\n");
+    return 0;
+}
+
+static void list_type(FUNC_TYPE ft, int one)
+{
+    FUNCTION *fp;
+    int i = 0;
+    DISPLAY_COLUMNS dc = {0};
+
+    if (!one)
+        calculate_columns(&dc);
+
+    for (fp = functions; fp->name != NULL; fp++) {
+        if (fp->type != ft)
+            continue;
+        if (one) {
+            BIO_printf(bio_out, "%s\n", fp->name);
+        } else {
+            if (i % dc.columns == 0 && i > 0)
+                BIO_printf(bio_out, "\n");
+            BIO_printf(bio_out, "%-*s", dc.width, fp->name);
+            i++;
+        }
+    }
+    if (!one)
+        BIO_printf(bio_out, "\n\n");
+}
+
+static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[])
+{
+    FUNCTION f, *fp;
+
+    if (argc <= 0 || argv[0] == NULL)
+        return 0;
+    f.name = argv[0];
+    fp = lh_FUNCTION_retrieve(prog, &f);
+    if (fp == NULL) {
+        if (EVP_get_digestbyname(argv[0])) {
+            f.type = FT_md;
+            f.func = dgst_main;
+            fp = &f;
+        } else if (EVP_get_cipherbyname(argv[0])) {
+            f.type = FT_cipher;
+            f.func = enc_main;
+            fp = &f;
+        }
+    }
+    if (fp != NULL) {
+        return fp->func(argc, argv);
+    }
+    if ((strncmp(argv[0], "no-", 3)) == 0) {
+        /*
+         * User is asking if foo is unsupported, by trying to "run" the
+         * no-foo command.  Strange.
+         */
+        f.name = argv[0] + 3;
+        if (lh_FUNCTION_retrieve(prog, &f) == NULL) {
+            BIO_printf(bio_out, "%s\n", argv[0]);
+            return 0;
+        }
+        BIO_printf(bio_out, "%s\n", argv[0] + 3);
+        return 1;
+    }
+    if (strcmp(argv[0], "quit") == 0 || strcmp(argv[0], "q") == 0 ||
+        strcmp(argv[0], "exit") == 0 || strcmp(argv[0], "bye") == 0)
+        /* Special value to mean "exit the program. */
+        return EXIT_THE_PROGRAM;
+
+    BIO_printf(bio_err, "Invalid command '%s'; type \"help\" for a list.\n",
+               argv[0]);
+    return 1;
+}
+
+static void list_pkey(void)
+{
+    int i;
+
+    for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) {
+        const EVP_PKEY_ASN1_METHOD *ameth;
+        int pkey_id, pkey_base_id, pkey_flags;
+        const char *pinfo, *pem_str;
+        ameth = EVP_PKEY_asn1_get0(i);
+        EVP_PKEY_asn1_get0_info(&pkey_id, &pkey_base_id, &pkey_flags,
+                                &pinfo, &pem_str, ameth);
+        if (pkey_flags & ASN1_PKEY_ALIAS) {
+            BIO_printf(bio_out, "Name: %s\n", OBJ_nid2ln(pkey_id));
+            BIO_printf(bio_out, "\tAlias for: %s\n",
+                       OBJ_nid2ln(pkey_base_id));
+        } else {
+            BIO_printf(bio_out, "Name: %s\n", pinfo);
+            BIO_printf(bio_out, "\tType: %s Algorithm\n",
+                       pkey_flags & ASN1_PKEY_DYNAMIC ?
+                       "External" : "Builtin");
+            BIO_printf(bio_out, "\tOID: %s\n", OBJ_nid2ln(pkey_id));
+            if (pem_str == NULL)
+                pem_str = "(none)";
+            BIO_printf(bio_out, "\tPEM string: %s\n", pem_str);
+        }
+
+    }
+}
+
+static void list_pkey_meth(void)
+{
+    size_t i;
+    size_t meth_count = EVP_PKEY_meth_get_count();
+
+    for (i = 0; i < meth_count; i++) {
+        const EVP_PKEY_METHOD *pmeth = EVP_PKEY_meth_get0(i);
+        int pkey_id, pkey_flags;
+
+        EVP_PKEY_meth_get0_info(&pkey_id, &pkey_flags, pmeth);
+        BIO_printf(bio_out, "%s\n", OBJ_nid2ln(pkey_id));
+        BIO_printf(bio_out, "\tType: %s Algorithm\n",
+                   pkey_flags & ASN1_PKEY_DYNAMIC ?  "External" : "Builtin");
+    }
+}
+
+static int function_cmp(const FUNCTION * a, const FUNCTION * b)
+{
+    return strncmp(a->name, b->name, 8);
+}
+
+static unsigned long function_hash(const FUNCTION * a)
+{
+    return OPENSSL_LH_strhash(a->name);
+}
+
+static int SortFnByName(const void *_f1, const void *_f2)
+{
+    const FUNCTION *f1 = _f1;
+    const FUNCTION *f2 = _f2;
+
+    if (f1->type != f2->type)
+        return f1->type - f2->type;
+    return strcmp(f1->name, f2->name);
+}
+
+static void list_disabled(void)
+{
+    BIO_puts(bio_out, "Disabled algorithms:\n");
+#ifdef OPENSSL_NO_ARIA
+    BIO_puts(bio_out, "ARIA\n");
+#endif
+#ifdef OPENSSL_NO_BF
+    BIO_puts(bio_out, "BF\n");
+#endif
+#ifdef OPENSSL_NO_BLAKE2
+    BIO_puts(bio_out, "BLAKE2\n");
+#endif
+#ifdef OPENSSL_NO_CAMELLIA
+    BIO_puts(bio_out, "CAMELLIA\n");
+#endif
+#ifdef OPENSSL_NO_CAST
+    BIO_puts(bio_out, "CAST\n");
+#endif
+#ifdef OPENSSL_NO_CMAC
+    BIO_puts(bio_out, "CMAC\n");
+#endif
+#ifdef OPENSSL_NO_CMS
+    BIO_puts(bio_out, "CMS\n");
+#endif
+#ifdef OPENSSL_NO_COMP
+    BIO_puts(bio_out, "COMP\n");
+#endif
+#ifdef OPENSSL_NO_DES
+    BIO_puts(bio_out, "DES\n");
+#endif
+#ifdef OPENSSL_NO_DGRAM
+    BIO_puts(bio_out, "DGRAM\n");
+#endif
+#ifdef OPENSSL_NO_DH
+    BIO_puts(bio_out, "DH\n");
+#endif
+#ifdef OPENSSL_NO_DSA
+    BIO_puts(bio_out, "DSA\n");
+#endif
+#if defined(OPENSSL_NO_DTLS)
+    BIO_puts(bio_out, "DTLS\n");
+#endif
+#if defined(OPENSSL_NO_DTLS1)
+    BIO_puts(bio_out, "DTLS1\n");
+#endif
+#if defined(OPENSSL_NO_DTLS1_2)
+    BIO_puts(bio_out, "DTLS1_2\n");
+#endif
+#ifdef OPENSSL_NO_EC
+    BIO_puts(bio_out, "EC\n");
+#endif
+#ifdef OPENSSL_NO_EC2M
+    BIO_puts(bio_out, "EC2M\n");
+#endif
+#ifdef OPENSSL_NO_ENGINE
+    BIO_puts(bio_out, "ENGINE\n");
+#endif
+#ifdef OPENSSL_NO_GOST
+    BIO_puts(bio_out, "GOST\n");
+#endif
+#ifdef OPENSSL_NO_HEARTBEATS
+    BIO_puts(bio_out, "HEARTBEATS\n");
+#endif
+#ifdef OPENSSL_NO_IDEA
+    BIO_puts(bio_out, "IDEA\n");
+#endif
+#ifdef OPENSSL_NO_MD2
+    BIO_puts(bio_out, "MD2\n");
+#endif
+#ifdef OPENSSL_NO_MD4
+    BIO_puts(bio_out, "MD4\n");
+#endif
+#ifdef OPENSSL_NO_MD5
+    BIO_puts(bio_out, "MD5\n");
+#endif
+#ifdef OPENSSL_NO_MDC2
+    BIO_puts(bio_out, "MDC2\n");
+#endif
+#ifdef OPENSSL_NO_OCB
+    BIO_puts(bio_out, "OCB\n");
+#endif
+#ifdef OPENSSL_NO_OCSP
+    BIO_puts(bio_out, "OCSP\n");
+#endif
+#ifdef OPENSSL_NO_PSK
+    BIO_puts(bio_out, "PSK\n");
+#endif
+#ifdef OPENSSL_NO_RC2
+    BIO_puts(bio_out, "RC2\n");
+#endif
+#ifdef OPENSSL_NO_RC4
+    BIO_puts(bio_out, "RC4\n");
+#endif
+#ifdef OPENSSL_NO_RC5
+    BIO_puts(bio_out, "RC5\n");
+#endif
+#ifdef OPENSSL_NO_RMD160
+    BIO_puts(bio_out, "RMD160\n");
+#endif
+#ifdef OPENSSL_NO_RSA
+    BIO_puts(bio_out, "RSA\n");
+#endif
+#ifdef OPENSSL_NO_SCRYPT
+    BIO_puts(bio_out, "SCRYPT\n");
+#endif
+#ifdef OPENSSL_NO_SCTP
+    BIO_puts(bio_out, "SCTP\n");
+#endif
+#ifdef OPENSSL_NO_SEED
+    BIO_puts(bio_out, "SEED\n");
+#endif
+#ifdef OPENSSL_NO_SM2
+    BIO_puts(bio_out, "SM2\n");
+#endif
+#ifdef OPENSSL_NO_SM3
+    BIO_puts(bio_out, "SM3\n");
+#endif
+#ifdef OPENSSL_NO_SM4
+    BIO_puts(bio_out, "SM4\n");
+#endif
+#ifdef OPENSSL_NO_SOCK
+    BIO_puts(bio_out, "SOCK\n");
+#endif
+#ifdef OPENSSL_NO_SRP
+    BIO_puts(bio_out, "SRP\n");
+#endif
+#ifdef OPENSSL_NO_SRTP
+    BIO_puts(bio_out, "SRTP\n");
+#endif
+#ifdef OPENSSL_NO_SSL3
+    BIO_puts(bio_out, "SSL3\n");
+#endif
+#ifdef OPENSSL_NO_TLS1
+    BIO_puts(bio_out, "TLS1\n");
+#endif
+#ifdef OPENSSL_NO_TLS1_1
+    BIO_puts(bio_out, "TLS1_1\n");
+#endif
+#ifdef OPENSSL_NO_TLS1_2
+    BIO_puts(bio_out, "TLS1_2\n");
+#endif
+#ifdef OPENSSL_NO_WHIRLPOOL
+    BIO_puts(bio_out, "WHIRLPOOL\n");
+#endif
+#ifndef ZLIB
+    BIO_puts(bio_out, "ZLIB\n");
+#endif
+}
+
+static LHASH_OF(FUNCTION) *prog_init(void)
+{
+    static LHASH_OF(FUNCTION) *ret = NULL;
+    static int prog_inited = 0;
+    FUNCTION *f;
+    size_t i;
+
+    if (prog_inited)
+        return ret;
+
+    prog_inited = 1;
+
+    /* Sort alphabetically within category. For nicer help displays. */
+    for (i = 0, f = functions; f->name != NULL; ++f, ++i)
+        ;
+    qsort(functions, i, sizeof(*functions), SortFnByName);
+
+    if ((ret = lh_FUNCTION_new(function_hash, function_cmp)) == NULL)
+        return NULL;
+
+    for (f = functions; f->name != NULL; f++)
+        (void)lh_FUNCTION_insert(ret, f);
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/openssl.cnf b/trunk/3rdparty/openssl-1.1-fit/apps/openssl.cnf
new file mode 100644
index 000000000..4acca4b04
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/openssl.cnf
@@ -0,0 +1,350 @@
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# Note that you can include other files from the main configuration
+# file using the .include directive.
+#.include filename
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+# Policies used by the TSA examples.
+tsa_policy1 = 1.2.3.4.1
+tsa_policy2 = 1.2.3.4.5.6
+tsa_policy3 = 1.2.3.4.5.7
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= ./demoCA		# Where everything is kept
+certs		= $dir/certs		# Where the issued certs are kept
+crl_dir		= $dir/crl		# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+#unique_subject	= no			# Set to 'no' to allow creation of
+					# several certs with same subject.
+new_certs_dir	= $dir/newcerts		# default place for new certs.
+
+certificate	= $dir/cacert.pem 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crlnumber	= $dir/crlnumber	# the current crl number
+					# must be commented out to leave a V1 CRL
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/private/cakey.pem# The private key
+
+x509_extensions	= usr_cert		# The extensions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt 	= ca_default		# Subject Name options
+cert_opt 	= ca_default		# Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 365			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= default		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= 2048
+default_keyfile 	= privkey.pem
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extensions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation before 2004)
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
+string_mask = utf8only
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= AU
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= Some-State
+
+localityName			= Locality Name (eg, city)
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= Internet Widgits Pty Ltd
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (e.g. server FQDN or YOUR name)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_max		= 64
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This is required for TSA certificates.
+# extendedKeyUsage = critical,timeStamping
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer
+
+basicConstraints = critical,CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
+
+####################################################################
+[ tsa ]
+
+default_tsa = tsa_config1	# the default TSA section
+
+[ tsa_config1 ]
+
+# These are used by the TSA reply generation only.
+dir		= ./demoCA		# TSA root directory
+serial		= $dir/tsaserial	# The current serial number (mandatory)
+crypto_device	= builtin		# OpenSSL engine to use for signing
+signer_cert	= $dir/tsacert.pem 	# The TSA signing certificate
+					# (optional)
+certs		= $dir/cacert.pem	# Certificate chain to include in reply
+					# (optional)
+signer_key	= $dir/private/tsakey.pem # The TSA private key (optional)
+signer_digest  = sha256			# Signing digest to use. (Optional)
+default_policy	= tsa_policy1		# Policy if request did not specify it
+					# (optional)
+other_policies	= tsa_policy2, tsa_policy3	# acceptable policies (optional)
+digests     = sha1, sha256, sha384, sha512  # Acceptable message digests (mandatory)
+accuracy	= secs:1, millisecs:500, microsecs:100	# (optional)
+clock_precision_digits  = 0	# number of digits after dot. (optional)
+ordering		= yes	# Is ordering defined for timestamps?
+				# (optional, default: no)
+tsa_name		= yes	# Must the TSA name be included in the reply?
+				# (optional, default: no)
+ess_cert_id_chain	= no	# Must the ESS cert id chain be included?
+				# (optional, default: no)
+ess_cert_id_alg		= sha1	# algorithm to compute certificate
+				# identifier (optional, default: sha1)
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/opt.c b/trunk/3rdparty/openssl-1.1-fit/apps/opt.c
new file mode 100644
index 000000000..666856535
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/opt.c
@@ -0,0 +1,898 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+#include "apps.h"
+#include <string.h>
+#if !defined(OPENSSL_SYS_MSDOS)
+# include OPENSSL_UNISTD
+#endif
+
+#include <stdlib.h>
+#include <errno.h>
+#include <ctype.h>
+#include <limits.h>
+#include <openssl/bio.h>
+#include <openssl/x509v3.h>
+
+#define MAX_OPT_HELP_WIDTH 30
+const char OPT_HELP_STR[] = "--";
+const char OPT_MORE_STR[] = "---";
+
+/* Our state */
+static char **argv;
+static int argc;
+static int opt_index;
+static char *arg;
+static char *flag;
+static char *dunno;
+static const OPTIONS *unknown;
+static const OPTIONS *opts;
+static char prog[40];
+
+/*
+ * Return the simple name of the program; removing various platform gunk.
+ */
+#if defined(OPENSSL_SYS_WIN32)
+char *opt_progname(const char *argv0)
+{
+    size_t i, n;
+    const char *p;
+    char *q;
+
+    /* find the last '/', '\' or ':' */
+    for (p = argv0 + strlen(argv0); --p > argv0;)
+        if (*p == '/' || *p == '\\' || *p == ':') {
+            p++;
+            break;
+        }
+
+    /* Strip off trailing nonsense. */
+    n = strlen(p);
+    if (n > 4 &&
+        (strcmp(&p[n - 4], ".exe") == 0 || strcmp(&p[n - 4], ".EXE") == 0))
+        n -= 4;
+
+    /* Copy over the name, in lowercase. */
+    if (n > sizeof(prog) - 1)
+        n = sizeof(prog) - 1;
+    for (q = prog, i = 0; i < n; i++, p++)
+        *q++ = tolower((unsigned char)*p);
+    *q = '\0';
+    return prog;
+}
+
+#elif defined(OPENSSL_SYS_VMS)
+
+char *opt_progname(const char *argv0)
+{
+    const char *p, *q;
+
+    /* Find last special character sys:[foo.bar]openssl */
+    for (p = argv0 + strlen(argv0); --p > argv0;)
+        if (*p == ':' || *p == ']' || *p == '>') {
+            p++;
+            break;
+        }
+
+    q = strrchr(p, '.');
+    strncpy(prog, p, sizeof(prog) - 1);
+    prog[sizeof(prog) - 1] = '\0';
+    if (q != NULL && q - p < sizeof(prog))
+        prog[q - p] = '\0';
+    return prog;
+}
+
+#else
+
+char *opt_progname(const char *argv0)
+{
+    const char *p;
+
+    /* Could use strchr, but this is like the ones above. */
+    for (p = argv0 + strlen(argv0); --p > argv0;)
+        if (*p == '/') {
+            p++;
+            break;
+        }
+    strncpy(prog, p, sizeof(prog) - 1);
+    prog[sizeof(prog) - 1] = '\0';
+    return prog;
+}
+#endif
+
+char *opt_getprog(void)
+{
+    return prog;
+}
+
+/* Set up the arg parsing. */
+char *opt_init(int ac, char **av, const OPTIONS *o)
+{
+    /* Store state. */
+    argc = ac;
+    argv = av;
+    opt_index = 1;
+    opts = o;
+    opt_progname(av[0]);
+    unknown = NULL;
+
+    for (; o->name; ++o) {
+#ifndef NDEBUG
+        const OPTIONS *next;
+        int duplicated, i;
+#endif
+
+        if (o->name == OPT_HELP_STR || o->name == OPT_MORE_STR)
+            continue;
+#ifndef NDEBUG
+        i = o->valtype;
+
+        /* Make sure options are legit. */
+        assert(o->name[0] != '-');
+        assert(o->retval > 0);
+        switch (i) {
+        case   0: case '-': case '/': case '<': case '>': case 'E': case 'F':
+        case 'M': case 'U': case 'f': case 'l': case 'n': case 'p': case 's':
+        case 'u': case 'c':
+            break;
+        default:
+            assert(0);
+        }
+
+        /* Make sure there are no duplicates. */
+        for (next = o + 1; next->name; ++next) {
+            /*
+             * Some compilers inline strcmp and the assert string is too long.
+             */
+            duplicated = strcmp(o->name, next->name) == 0;
+            assert(!duplicated);
+        }
+#endif
+        if (o->name[0] == '\0') {
+            assert(unknown == NULL);
+            unknown = o;
+            assert(unknown->valtype == 0 || unknown->valtype == '-');
+        }
+    }
+    return prog;
+}
+
+static OPT_PAIR formats[] = {
+    {"PEM/DER", OPT_FMT_PEMDER},
+    {"pkcs12", OPT_FMT_PKCS12},
+    {"smime", OPT_FMT_SMIME},
+    {"engine", OPT_FMT_ENGINE},
+    {"msblob", OPT_FMT_MSBLOB},
+    {"nss", OPT_FMT_NSS},
+    {"text", OPT_FMT_TEXT},
+    {"http", OPT_FMT_HTTP},
+    {"pvk", OPT_FMT_PVK},
+    {NULL}
+};
+
+/* Print an error message about a failed format parse. */
+int opt_format_error(const char *s, unsigned long flags)
+{
+    OPT_PAIR *ap;
+
+    if (flags == OPT_FMT_PEMDER) {
+        BIO_printf(bio_err, "%s: Bad format \"%s\"; must be pem or der\n",
+                   prog, s);
+    } else {
+        BIO_printf(bio_err, "%s: Bad format \"%s\"; must be one of:\n",
+                   prog, s);
+        for (ap = formats; ap->name; ap++)
+            if (flags & ap->retval)
+                BIO_printf(bio_err, "   %s\n", ap->name);
+    }
+    return 0;
+}
+
+/* Parse a format string, put it into *result; return 0 on failure, else 1. */
+int opt_format(const char *s, unsigned long flags, int *result)
+{
+    switch (*s) {
+    default:
+        return 0;
+    case 'D':
+    case 'd':
+        if ((flags & OPT_FMT_PEMDER) == 0)
+            return opt_format_error(s, flags);
+        *result = FORMAT_ASN1;
+        break;
+    case 'T':
+    case 't':
+        if ((flags & OPT_FMT_TEXT) == 0)
+            return opt_format_error(s, flags);
+        *result = FORMAT_TEXT;
+        break;
+    case 'N':
+    case 'n':
+        if ((flags & OPT_FMT_NSS) == 0)
+            return opt_format_error(s, flags);
+        if (strcmp(s, "NSS") != 0 && strcmp(s, "nss") != 0)
+            return opt_format_error(s, flags);
+        *result = FORMAT_NSS;
+        break;
+    case 'S':
+    case 's':
+        if ((flags & OPT_FMT_SMIME) == 0)
+            return opt_format_error(s, flags);
+        *result = FORMAT_SMIME;
+        break;
+    case 'M':
+    case 'm':
+        if ((flags & OPT_FMT_MSBLOB) == 0)
+            return opt_format_error(s, flags);
+        *result = FORMAT_MSBLOB;
+        break;
+    case 'E':
+    case 'e':
+        if ((flags & OPT_FMT_ENGINE) == 0)
+            return opt_format_error(s, flags);
+        *result = FORMAT_ENGINE;
+        break;
+    case 'H':
+    case 'h':
+        if ((flags & OPT_FMT_HTTP) == 0)
+            return opt_format_error(s, flags);
+        *result = FORMAT_HTTP;
+        break;
+    case '1':
+        if ((flags & OPT_FMT_PKCS12) == 0)
+            return opt_format_error(s, flags);
+        *result = FORMAT_PKCS12;
+        break;
+    case 'P':
+    case 'p':
+        if (s[1] == '\0' || strcmp(s, "PEM") == 0 || strcmp(s, "pem") == 0) {
+            if ((flags & OPT_FMT_PEMDER) == 0)
+                return opt_format_error(s, flags);
+            *result = FORMAT_PEM;
+        } else if (strcmp(s, "PVK") == 0 || strcmp(s, "pvk") == 0) {
+            if ((flags & OPT_FMT_PVK) == 0)
+                return opt_format_error(s, flags);
+            *result = FORMAT_PVK;
+        } else if (strcmp(s, "P12") == 0 || strcmp(s, "p12") == 0
+                   || strcmp(s, "PKCS12") == 0 || strcmp(s, "pkcs12") == 0) {
+            if ((flags & OPT_FMT_PKCS12) == 0)
+                return opt_format_error(s, flags);
+            *result = FORMAT_PKCS12;
+        } else {
+            return 0;
+        }
+        break;
+    }
+    return 1;
+}
+
+/* Parse a cipher name, put it in *EVP_CIPHER; return 0 on failure, else 1. */
+int opt_cipher(const char *name, const EVP_CIPHER **cipherp)
+{
+    *cipherp = EVP_get_cipherbyname(name);
+    if (*cipherp != NULL)
+        return 1;
+    BIO_printf(bio_err, "%s: Unrecognized flag %s\n", prog, name);
+    return 0;
+}
+
+/*
+ * Parse message digest name, put it in *EVP_MD; return 0 on failure, else 1.
+ */
+int opt_md(const char *name, const EVP_MD **mdp)
+{
+    *mdp = EVP_get_digestbyname(name);
+    if (*mdp != NULL)
+        return 1;
+    BIO_printf(bio_err, "%s: Unrecognized flag %s\n", prog, name);
+    return 0;
+}
+
+/* Look through a list of name/value pairs. */
+int opt_pair(const char *name, const OPT_PAIR* pairs, int *result)
+{
+    const OPT_PAIR *pp;
+
+    for (pp = pairs; pp->name; pp++)
+        if (strcmp(pp->name, name) == 0) {
+            *result = pp->retval;
+            return 1;
+        }
+    BIO_printf(bio_err, "%s: Value must be one of:\n", prog);
+    for (pp = pairs; pp->name; pp++)
+        BIO_printf(bio_err, "\t%s\n", pp->name);
+    return 0;
+}
+
+/* Parse an int, put it into *result; return 0 on failure, else 1. */
+int opt_int(const char *value, int *result)
+{
+    long l;
+
+    if (!opt_long(value, &l))
+        return 0;
+    *result = (int)l;
+    if (*result != l) {
+        BIO_printf(bio_err, "%s: Value \"%s\" outside integer range\n",
+                   prog, value);
+        return 0;
+    }
+    return 1;
+}
+
+static void opt_number_error(const char *v)
+{
+    size_t i = 0;
+    struct strstr_pair_st {
+        char *prefix;
+        char *name;
+    } b[] = {
+        {"0x", "a hexadecimal"},
+        {"0X", "a hexadecimal"},
+        {"0", "an octal"}
+    };
+
+    for (i = 0; i < OSSL_NELEM(b); i++) {
+        if (strncmp(v, b[i].prefix, strlen(b[i].prefix)) == 0) {
+            BIO_printf(bio_err,
+                       "%s: Can't parse \"%s\" as %s number\n",
+                       prog, v, b[i].name);
+            return;
+        }
+    }
+    BIO_printf(bio_err, "%s: Can't parse \"%s\" as a number\n", prog, v);
+    return;
+}
+
+/* Parse a long, put it into *result; return 0 on failure, else 1. */
+int opt_long(const char *value, long *result)
+{
+    int oerrno = errno;
+    long l;
+    char *endp;
+
+    errno = 0;
+    l = strtol(value, &endp, 0);
+    if (*endp
+            || endp == value
+            || ((l == LONG_MAX || l == LONG_MIN) && errno == ERANGE)
+            || (l == 0 && errno != 0)) {
+        opt_number_error(value);
+        errno = oerrno;
+        return 0;
+    }
+    *result = l;
+    errno = oerrno;
+    return 1;
+}
+
+#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \
+    defined(INTMAX_MAX) && defined(UINTMAX_MAX)
+
+/* Parse an intmax_t, put it into *result; return 0 on failure, else 1. */
+int opt_imax(const char *value, intmax_t *result)
+{
+    int oerrno = errno;
+    intmax_t m;
+    char *endp;
+
+    errno = 0;
+    m = strtoimax(value, &endp, 0);
+    if (*endp
+            || endp == value
+            || ((m == INTMAX_MAX || m == INTMAX_MIN) && errno == ERANGE)
+            || (m == 0 && errno != 0)) {
+        opt_number_error(value);
+        errno = oerrno;
+        return 0;
+    }
+    *result = m;
+    errno = oerrno;
+    return 1;
+}
+
+/* Parse a uintmax_t, put it into *result; return 0 on failure, else 1. */
+int opt_umax(const char *value, uintmax_t *result)
+{
+    int oerrno = errno;
+    uintmax_t m;
+    char *endp;
+
+    errno = 0;
+    m = strtoumax(value, &endp, 0);
+    if (*endp
+            || endp == value
+            || (m == UINTMAX_MAX && errno == ERANGE)
+            || (m == 0 && errno != 0)) {
+        opt_number_error(value);
+        errno = oerrno;
+        return 0;
+    }
+    *result = m;
+    errno = oerrno;
+    return 1;
+}
+#endif
+
+/*
+ * Parse an unsigned long, put it into *result; return 0 on failure, else 1.
+ */
+int opt_ulong(const char *value, unsigned long *result)
+{
+    int oerrno = errno;
+    char *endptr;
+    unsigned long l;
+
+    errno = 0;
+    l = strtoul(value, &endptr, 0);
+    if (*endptr
+            || endptr == value
+            || ((l == ULONG_MAX) && errno == ERANGE)
+            || (l == 0 && errno != 0)) {
+        opt_number_error(value);
+        errno = oerrno;
+        return 0;
+    }
+    *result = l;
+    errno = oerrno;
+    return 1;
+}
+
+/*
+ * We pass opt as an int but cast it to "enum range" so that all the
+ * items in the OPT_V_ENUM enumeration are caught; this makes -Wswitch
+ * in gcc do the right thing.
+ */
+enum range { OPT_V_ENUM };
+
+int opt_verify(int opt, X509_VERIFY_PARAM *vpm)
+{
+    int i;
+    ossl_intmax_t t = 0;
+    ASN1_OBJECT *otmp;
+    X509_PURPOSE *xptmp;
+    const X509_VERIFY_PARAM *vtmp;
+
+    assert(vpm != NULL);
+    assert(opt > OPT_V__FIRST);
+    assert(opt < OPT_V__LAST);
+
+    switch ((enum range)opt) {
+    case OPT_V__FIRST:
+    case OPT_V__LAST:
+        return 0;
+    case OPT_V_POLICY:
+        otmp = OBJ_txt2obj(opt_arg(), 0);
+        if (otmp == NULL) {
+            BIO_printf(bio_err, "%s: Invalid Policy %s\n", prog, opt_arg());
+            return 0;
+        }
+        X509_VERIFY_PARAM_add0_policy(vpm, otmp);
+        break;
+    case OPT_V_PURPOSE:
+        /* purpose name -> purpose index */
+        i = X509_PURPOSE_get_by_sname(opt_arg());
+        if (i < 0) {
+            BIO_printf(bio_err, "%s: Invalid purpose %s\n", prog, opt_arg());
+            return 0;
+        }
+
+        /* purpose index -> purpose object */
+        xptmp = X509_PURPOSE_get0(i);
+
+        /* purpose object -> purpose value */
+        i = X509_PURPOSE_get_id(xptmp);
+
+        if (!X509_VERIFY_PARAM_set_purpose(vpm, i)) {
+            BIO_printf(bio_err,
+                       "%s: Internal error setting purpose %s\n",
+                       prog, opt_arg());
+            return 0;
+        }
+        break;
+    case OPT_V_VERIFY_NAME:
+        vtmp = X509_VERIFY_PARAM_lookup(opt_arg());
+        if (vtmp == NULL) {
+            BIO_printf(bio_err, "%s: Invalid verify name %s\n",
+                       prog, opt_arg());
+            return 0;
+        }
+        X509_VERIFY_PARAM_set1(vpm, vtmp);
+        break;
+    case OPT_V_VERIFY_DEPTH:
+        i = atoi(opt_arg());
+        if (i >= 0)
+            X509_VERIFY_PARAM_set_depth(vpm, i);
+        break;
+    case OPT_V_VERIFY_AUTH_LEVEL:
+        i = atoi(opt_arg());
+        if (i >= 0)
+            X509_VERIFY_PARAM_set_auth_level(vpm, i);
+        break;
+    case OPT_V_ATTIME:
+        if (!opt_imax(opt_arg(), &t))
+            return 0;
+        if (t != (time_t)t) {
+            BIO_printf(bio_err, "%s: epoch time out of range %s\n",
+                       prog, opt_arg());
+            return 0;
+        }
+        X509_VERIFY_PARAM_set_time(vpm, (time_t)t);
+        break;
+    case OPT_V_VERIFY_HOSTNAME:
+        if (!X509_VERIFY_PARAM_set1_host(vpm, opt_arg(), 0))
+            return 0;
+        break;
+    case OPT_V_VERIFY_EMAIL:
+        if (!X509_VERIFY_PARAM_set1_email(vpm, opt_arg(), 0))
+            return 0;
+        break;
+    case OPT_V_VERIFY_IP:
+        if (!X509_VERIFY_PARAM_set1_ip_asc(vpm, opt_arg()))
+            return 0;
+        break;
+    case OPT_V_IGNORE_CRITICAL:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_IGNORE_CRITICAL);
+        break;
+    case OPT_V_ISSUER_CHECKS:
+        /* NOP, deprecated */
+        break;
+    case OPT_V_CRL_CHECK:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_CRL_CHECK);
+        break;
+    case OPT_V_CRL_CHECK_ALL:
+        X509_VERIFY_PARAM_set_flags(vpm,
+                                    X509_V_FLAG_CRL_CHECK |
+                                    X509_V_FLAG_CRL_CHECK_ALL);
+        break;
+    case OPT_V_POLICY_CHECK:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_POLICY_CHECK);
+        break;
+    case OPT_V_EXPLICIT_POLICY:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_EXPLICIT_POLICY);
+        break;
+    case OPT_V_INHIBIT_ANY:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_INHIBIT_ANY);
+        break;
+    case OPT_V_INHIBIT_MAP:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_INHIBIT_MAP);
+        break;
+    case OPT_V_X509_STRICT:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_X509_STRICT);
+        break;
+    case OPT_V_EXTENDED_CRL:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_EXTENDED_CRL_SUPPORT);
+        break;
+    case OPT_V_USE_DELTAS:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_USE_DELTAS);
+        break;
+    case OPT_V_POLICY_PRINT:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_NOTIFY_POLICY);
+        break;
+    case OPT_V_CHECK_SS_SIG:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_CHECK_SS_SIGNATURE);
+        break;
+    case OPT_V_TRUSTED_FIRST:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_TRUSTED_FIRST);
+        break;
+    case OPT_V_SUITEB_128_ONLY:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_SUITEB_128_LOS_ONLY);
+        break;
+    case OPT_V_SUITEB_128:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_SUITEB_128_LOS);
+        break;
+    case OPT_V_SUITEB_192:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_SUITEB_192_LOS);
+        break;
+    case OPT_V_PARTIAL_CHAIN:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_PARTIAL_CHAIN);
+        break;
+    case OPT_V_NO_ALT_CHAINS:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_NO_ALT_CHAINS);
+        break;
+    case OPT_V_NO_CHECK_TIME:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_NO_CHECK_TIME);
+        break;
+    case OPT_V_ALLOW_PROXY_CERTS:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_ALLOW_PROXY_CERTS);
+        break;
+    }
+    return 1;
+
+}
+
+/*
+ * Parse the next flag (and value if specified), return 0 if done, -1 on
+ * error, otherwise the flag's retval.
+ */
+int opt_next(void)
+{
+    char *p;
+    const OPTIONS *o;
+    int ival;
+    long lval;
+    unsigned long ulval;
+    ossl_intmax_t imval;
+    ossl_uintmax_t umval;
+
+    /* Look at current arg; at end of the list? */
+    arg = NULL;
+    p = argv[opt_index];
+    if (p == NULL)
+        return 0;
+
+    /* If word doesn't start with a -, we're done. */
+    if (*p != '-')
+        return 0;
+
+    /* Hit "--" ? We're done. */
+    opt_index++;
+    if (strcmp(p, "--") == 0)
+        return 0;
+
+    /* Allow -nnn and --nnn */
+    if (*++p == '-')
+        p++;
+    flag = p - 1;
+
+    /* If we have --flag=foo, snip it off */
+    if ((arg = strchr(p, '=')) != NULL)
+        *arg++ = '\0';
+    for (o = opts; o->name; ++o) {
+        /* If not this option, move on to the next one. */
+        if (strcmp(p, o->name) != 0)
+            continue;
+
+        /* If it doesn't take a value, make sure none was given. */
+        if (o->valtype == 0 || o->valtype == '-') {
+            if (arg) {
+                BIO_printf(bio_err,
+                           "%s: Option -%s does not take a value\n", prog, p);
+                return -1;
+            }
+            return o->retval;
+        }
+
+        /* Want a value; get the next param if =foo not used. */
+        if (arg == NULL) {
+            if (argv[opt_index] == NULL) {
+                BIO_printf(bio_err,
+                           "%s: Option -%s needs a value\n", prog, o->name);
+                return -1;
+            }
+            arg = argv[opt_index++];
+        }
+
+        /* Syntax-check value. */
+        switch (o->valtype) {
+        default:
+        case 's':
+            /* Just a string. */
+            break;
+        case '/':
+            if (app_isdir(arg) > 0)
+                break;
+            BIO_printf(bio_err, "%s: Not a directory: %s\n", prog, arg);
+            return -1;
+        case '<':
+            /* Input file. */
+            break;
+        case '>':
+            /* Output file. */
+            break;
+        case 'p':
+        case 'n':
+            if (!opt_int(arg, &ival)
+                    || (o->valtype == 'p' && ival <= 0)) {
+                BIO_printf(bio_err,
+                           "%s: Non-positive number \"%s\" for -%s\n",
+                           prog, arg, o->name);
+                return -1;
+            }
+            break;
+        case 'M':
+            if (!opt_imax(arg, &imval)) {
+                BIO_printf(bio_err,
+                           "%s: Invalid number \"%s\" for -%s\n",
+                           prog, arg, o->name);
+                return -1;
+            }
+            break;
+        case 'U':
+            if (!opt_umax(arg, &umval)) {
+                BIO_printf(bio_err,
+                           "%s: Invalid number \"%s\" for -%s\n",
+                           prog, arg, o->name);
+                return -1;
+            }
+            break;
+        case 'l':
+            if (!opt_long(arg, &lval)) {
+                BIO_printf(bio_err,
+                           "%s: Invalid number \"%s\" for -%s\n",
+                           prog, arg, o->name);
+                return -1;
+            }
+            break;
+        case 'u':
+            if (!opt_ulong(arg, &ulval)) {
+                BIO_printf(bio_err,
+                           "%s: Invalid number \"%s\" for -%s\n",
+                           prog, arg, o->name);
+                return -1;
+            }
+            break;
+        case 'c':
+        case 'E':
+        case 'F':
+        case 'f':
+            if (opt_format(arg,
+                           o->valtype == 'c' ? OPT_FMT_PDS :
+                           o->valtype == 'E' ? OPT_FMT_PDE :
+                           o->valtype == 'F' ? OPT_FMT_PEMDER
+                           : OPT_FMT_ANY, &ival))
+                break;
+            BIO_printf(bio_err,
+                       "%s: Invalid format \"%s\" for -%s\n",
+                       prog, arg, o->name);
+            return -1;
+        }
+
+        /* Return the flag value. */
+        return o->retval;
+    }
+    if (unknown != NULL) {
+        dunno = p;
+        return unknown->retval;
+    }
+    BIO_printf(bio_err, "%s: Option unknown option -%s\n", prog, p);
+    return -1;
+}
+
+/* Return the most recent flag parameter. */
+char *opt_arg(void)
+{
+    return arg;
+}
+
+/* Return the most recent flag. */
+char *opt_flag(void)
+{
+    return flag;
+}
+
+/* Return the unknown option. */
+char *opt_unknown(void)
+{
+    return dunno;
+}
+
+/* Return the rest of the arguments after parsing flags. */
+char **opt_rest(void)
+{
+    return &argv[opt_index];
+}
+
+/* How many items in remaining args? */
+int opt_num_rest(void)
+{
+    int i = 0;
+    char **pp;
+
+    for (pp = opt_rest(); *pp; pp++, i++)
+        continue;
+    return i;
+}
+
+/* Return a string describing the parameter type. */
+static const char *valtype2param(const OPTIONS *o)
+{
+    switch (o->valtype) {
+    case 0:
+    case '-':
+        return "";
+    case 's':
+        return "val";
+    case '/':
+        return "dir";
+    case '<':
+        return "infile";
+    case '>':
+        return "outfile";
+    case 'p':
+        return "+int";
+    case 'n':
+        return "int";
+    case 'l':
+        return "long";
+    case 'u':
+        return "ulong";
+    case 'E':
+        return "PEM|DER|ENGINE";
+    case 'F':
+        return "PEM|DER";
+    case 'f':
+        return "format";
+    case 'M':
+        return "intmax";
+    case 'U':
+        return "uintmax";
+    }
+    return "parm";
+}
+
+void opt_help(const OPTIONS *list)
+{
+    const OPTIONS *o;
+    int i;
+    int standard_prolog;
+    int width = 5;
+    char start[80 + 1];
+    char *p;
+    const char *help;
+
+    /* Starts with its own help message? */
+    standard_prolog = list[0].name != OPT_HELP_STR;
+
+    /* Find the widest help. */
+    for (o = list; o->name; o++) {
+        if (o->name == OPT_MORE_STR)
+            continue;
+        i = 2 + (int)strlen(o->name);
+        if (o->valtype != '-')
+            i += 1 + strlen(valtype2param(o));
+        if (i < MAX_OPT_HELP_WIDTH && i > width)
+            width = i;
+        assert(i < (int)sizeof(start));
+    }
+
+    if (standard_prolog)
+        BIO_printf(bio_err, "Usage: %s [options]\nValid options are:\n",
+                   prog);
+
+    /* Now let's print. */
+    for (o = list; o->name; o++) {
+        help = o->helpstr ? o->helpstr : "(No additional info)";
+        if (o->name == OPT_HELP_STR) {
+            BIO_printf(bio_err, help, prog);
+            continue;
+        }
+
+        /* Pad out prefix */
+        memset(start, ' ', sizeof(start) - 1);
+        start[sizeof(start) - 1] = '\0';
+
+        if (o->name == OPT_MORE_STR) {
+            /* Continuation of previous line; pad and print. */
+            start[width] = '\0';
+            BIO_printf(bio_err, "%s  %s\n", start, help);
+            continue;
+        }
+
+        /* Build up the "-flag [param]" part. */
+        p = start;
+        *p++ = ' ';
+        *p++ = '-';
+        if (o->name[0])
+            p += strlen(strcpy(p, o->name));
+        else
+            *p++ = '*';
+        if (o->valtype != '-') {
+            *p++ = ' ';
+            p += strlen(strcpy(p, valtype2param(o)));
+        }
+        *p = ' ';
+        if ((int)(p - start) >= MAX_OPT_HELP_WIDTH) {
+            *p = '\0';
+            BIO_printf(bio_err, "%s\n", start);
+            memset(start, ' ', sizeof(start));
+        }
+        start[width] = '\0';
+        BIO_printf(bio_err, "%s  %s\n", start, help);
+    }
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/passwd.c b/trunk/3rdparty/openssl-1.1-fit/apps/passwd.c
new file mode 100644
index 000000000..aa516c874
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/passwd.c
@@ -0,0 +1,853 @@
+/*
+ * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+
+#include "apps.h"
+#include "progs.h"
+
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#ifndef OPENSSL_NO_DES
+# include <openssl/des.h>
+#endif
+#include <openssl/md5.h>
+#include <openssl/sha.h>
+
+static unsigned const char cov_2char[64] = {
+    /* from crypto/des/fcrypt.c */
+    0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35,
+    0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44,
+    0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C,
+    0x4D, 0x4E, 0x4F, 0x50, 0x51, 0x52, 0x53, 0x54,
+    0x55, 0x56, 0x57, 0x58, 0x59, 0x5A, 0x61, 0x62,
+    0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6A,
+    0x6B, 0x6C, 0x6D, 0x6E, 0x6F, 0x70, 0x71, 0x72,
+    0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7A
+};
+
+static const char ascii_dollar[] = { 0x24, 0x00 };
+
+typedef enum {
+    passwd_unset = 0,
+    passwd_crypt,
+    passwd_md5,
+    passwd_apr1,
+    passwd_sha256,
+    passwd_sha512,
+    passwd_aixmd5
+} passwd_modes;
+
+static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
+                     char *passwd, BIO *out, int quiet, int table,
+                     int reverse, size_t pw_maxlen, passwd_modes mode);
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_IN,
+    OPT_NOVERIFY, OPT_QUIET, OPT_TABLE, OPT_REVERSE, OPT_APR1,
+    OPT_1, OPT_5, OPT_6, OPT_CRYPT, OPT_AIXMD5, OPT_SALT, OPT_STDIN,
+    OPT_R_ENUM
+} OPTION_CHOICE;
+
+const OPTIONS passwd_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"in", OPT_IN, '<', "Read passwords from file"},
+    {"noverify", OPT_NOVERIFY, '-',
+     "Never verify when reading password from terminal"},
+    {"quiet", OPT_QUIET, '-', "No warnings"},
+    {"table", OPT_TABLE, '-', "Format output as table"},
+    {"reverse", OPT_REVERSE, '-', "Switch table columns"},
+    {"salt", OPT_SALT, 's', "Use provided salt"},
+    {"stdin", OPT_STDIN, '-', "Read passwords from stdin"},
+    {"6", OPT_6, '-', "SHA512-based password algorithm"},
+    {"5", OPT_5, '-', "SHA256-based password algorithm"},
+    {"apr1", OPT_APR1, '-', "MD5-based password algorithm, Apache variant"},
+    {"1", OPT_1, '-', "MD5-based password algorithm"},
+    {"aixmd5", OPT_AIXMD5, '-', "AIX MD5-based password algorithm"},
+#ifndef OPENSSL_NO_DES
+    {"crypt", OPT_CRYPT, '-', "Standard Unix password algorithm (default)"},
+#endif
+    OPT_R_OPTIONS,
+    {NULL}
+};
+
+int passwd_main(int argc, char **argv)
+{
+    BIO *in = NULL;
+    char *infile = NULL, *salt = NULL, *passwd = NULL, **passwds = NULL;
+    char *salt_malloc = NULL, *passwd_malloc = NULL, *prog;
+    OPTION_CHOICE o;
+    int in_stdin = 0, pw_source_defined = 0;
+#ifndef OPENSSL_NO_UI_CONSOLE
+    int in_noverify = 0;
+#endif
+    int passed_salt = 0, quiet = 0, table = 0, reverse = 0;
+    int ret = 1;
+    passwd_modes mode = passwd_unset;
+    size_t passwd_malloc_size = 0;
+    size_t pw_maxlen = 256; /* arbitrary limit, should be enough for most
+                             * passwords */
+
+    prog = opt_init(argc, argv, passwd_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(passwd_options);
+            ret = 0;
+            goto end;
+        case OPT_IN:
+            if (pw_source_defined)
+                goto opthelp;
+            infile = opt_arg();
+            pw_source_defined = 1;
+            break;
+        case OPT_NOVERIFY:
+#ifndef OPENSSL_NO_UI_CONSOLE
+            in_noverify = 1;
+#endif
+            break;
+        case OPT_QUIET:
+            quiet = 1;
+            break;
+        case OPT_TABLE:
+            table = 1;
+            break;
+        case OPT_REVERSE:
+            reverse = 1;
+            break;
+        case OPT_1:
+            if (mode != passwd_unset)
+                goto opthelp;
+            mode = passwd_md5;
+            break;
+        case OPT_5:
+            if (mode != passwd_unset)
+                goto opthelp;
+            mode = passwd_sha256;
+            break;
+        case OPT_6:
+            if (mode != passwd_unset)
+                goto opthelp;
+            mode = passwd_sha512;
+            break;
+        case OPT_APR1:
+            if (mode != passwd_unset)
+                goto opthelp;
+            mode = passwd_apr1;
+            break;
+        case OPT_AIXMD5:
+            if (mode != passwd_unset)
+                goto opthelp;
+            mode = passwd_aixmd5;
+            break;
+        case OPT_CRYPT:
+#ifndef OPENSSL_NO_DES
+            if (mode != passwd_unset)
+                goto opthelp;
+            mode = passwd_crypt;
+#endif
+            break;
+        case OPT_SALT:
+            passed_salt = 1;
+            salt = opt_arg();
+            break;
+        case OPT_STDIN:
+            if (pw_source_defined)
+                goto opthelp;
+            in_stdin = 1;
+            pw_source_defined = 1;
+            break;
+        case OPT_R_CASES:
+            if (!opt_rand(o))
+                goto end;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    argv = opt_rest();
+
+    if (*argv != NULL) {
+        if (pw_source_defined)
+            goto opthelp;
+        pw_source_defined = 1;
+        passwds = argv;
+    }
+
+    if (mode == passwd_unset) {
+        /* use default */
+        mode = passwd_crypt;
+    }
+
+#ifdef OPENSSL_NO_DES
+    if (mode == passwd_crypt)
+        goto opthelp;
+#endif
+
+    if (infile != NULL && in_stdin) {
+        BIO_printf(bio_err, "%s: Can't combine -in and -stdin\n", prog);
+        goto end;
+    }
+
+    if (infile != NULL || in_stdin) {
+        /*
+         * If in_stdin is true, we know that infile is NULL, and that
+         * bio_open_default() will give us back an alias for stdin.
+         */
+        in = bio_open_default(infile, 'r', FORMAT_TEXT);
+        if (in == NULL)
+            goto end;
+    }
+
+    if (mode == passwd_crypt)
+        pw_maxlen = 8;
+
+    if (passwds == NULL) {
+        /* no passwords on the command line */
+
+        passwd_malloc_size = pw_maxlen + 2;
+        /* longer than necessary so that we can warn about truncation */
+        passwd = passwd_malloc =
+            app_malloc(passwd_malloc_size, "password buffer");
+    }
+
+    if ((in == NULL) && (passwds == NULL)) {
+        /*
+         * we use the following method to make sure what
+         * in the 'else' section is always compiled, to
+         * avoid rot of not-frequently-used code.
+         */
+        if (1) {
+#ifndef OPENSSL_NO_UI_CONSOLE
+            /* build a null-terminated list */
+            static char *passwds_static[2] = { NULL, NULL };
+
+            passwds = passwds_static;
+            if (in == NULL) {
+                if (EVP_read_pw_string
+                    (passwd_malloc, passwd_malloc_size, "Password: ",
+                     !(passed_salt || in_noverify)) != 0)
+                    goto end;
+            }
+            passwds[0] = passwd_malloc;
+        } else {
+#endif
+            BIO_printf(bio_err, "password required\n");
+            goto end;
+        }
+    }
+
+    if (in == NULL) {
+        assert(passwds != NULL);
+        assert(*passwds != NULL);
+
+        do {                    /* loop over list of passwords */
+            passwd = *passwds++;
+            if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, bio_out,
+                           quiet, table, reverse, pw_maxlen, mode))
+                goto end;
+        } while (*passwds != NULL);
+    } else {
+        /* in != NULL */
+        int done;
+
+        assert(passwd != NULL);
+        do {
+            int r = BIO_gets(in, passwd, pw_maxlen + 1);
+            if (r > 0) {
+                char *c = (strchr(passwd, '\n'));
+                if (c != NULL) {
+                    *c = 0;     /* truncate at newline */
+                } else {
+                    /* ignore rest of line */
+                    char trash[BUFSIZ];
+                    do
+                        r = BIO_gets(in, trash, sizeof(trash));
+                    while ((r > 0) && (!strchr(trash, '\n')));
+                }
+
+                if (!do_passwd
+                    (passed_salt, &salt, &salt_malloc, passwd, bio_out, quiet,
+                     table, reverse, pw_maxlen, mode))
+                    goto end;
+            }
+            done = (r <= 0);
+        } while (!done);
+    }
+    ret = 0;
+
+ end:
+#if 0
+    ERR_print_errors(bio_err);
+#endif
+    OPENSSL_free(salt_malloc);
+    OPENSSL_free(passwd_malloc);
+    BIO_free(in);
+    return ret;
+}
+
+/*
+ * MD5-based password algorithm (should probably be available as a library
+ * function; then the static buffer would not be acceptable). For magic
+ * string "1", this should be compatible to the MD5-based BSD password
+ * algorithm. For 'magic' string "apr1", this is compatible to the MD5-based
+ * Apache password algorithm. (Apparently, the Apache password algorithm is
+ * identical except that the 'magic' string was changed -- the laziest
+ * application of the NIH principle I've ever encountered.)
+ */
+static char *md5crypt(const char *passwd, const char *magic, const char *salt)
+{
+    /* "$apr1$..salt..$.......md5hash..........\0" */
+    static char out_buf[6 + 9 + 24 + 2];
+    unsigned char buf[MD5_DIGEST_LENGTH];
+    char ascii_magic[5];         /* "apr1" plus '\0' */
+    char ascii_salt[9];          /* Max 8 chars plus '\0' */
+    char *ascii_passwd = NULL;
+    char *salt_out;
+    int n;
+    unsigned int i;
+    EVP_MD_CTX *md = NULL, *md2 = NULL;
+    size_t passwd_len, salt_len, magic_len;
+
+    passwd_len = strlen(passwd);
+
+    out_buf[0] = 0;
+    magic_len = strlen(magic);
+    OPENSSL_strlcpy(ascii_magic, magic, sizeof(ascii_magic));
+#ifdef CHARSET_EBCDIC
+    if ((magic[0] & 0x80) != 0)    /* High bit is 1 in EBCDIC alnums */
+        ebcdic2ascii(ascii_magic, ascii_magic, magic_len);
+#endif
+
+    /* The salt gets truncated to 8 chars */
+    OPENSSL_strlcpy(ascii_salt, salt, sizeof(ascii_salt));
+    salt_len = strlen(ascii_salt);
+#ifdef CHARSET_EBCDIC
+    ebcdic2ascii(ascii_salt, ascii_salt, salt_len);
+#endif
+
+#ifdef CHARSET_EBCDIC
+    ascii_passwd = OPENSSL_strdup(passwd);
+    if (ascii_passwd == NULL)
+        return NULL;
+    ebcdic2ascii(ascii_passwd, ascii_passwd, passwd_len);
+    passwd = ascii_passwd;
+#endif
+
+    if (magic_len > 0) {
+        OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf));
+
+        if (magic_len > 4)    /* assert it's  "1" or "apr1" */
+            goto err;
+
+        OPENSSL_strlcat(out_buf, ascii_magic, sizeof(out_buf));
+        OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf));
+    }
+
+    OPENSSL_strlcat(out_buf, ascii_salt, sizeof(out_buf));
+
+    if (strlen(out_buf) > 6 + 8) /* assert "$apr1$..salt.." */
+        goto err;
+
+    salt_out = out_buf;
+    if (magic_len > 0)
+        salt_out += 2 + magic_len;
+
+    if (salt_len > 8)
+        goto err;
+
+    md = EVP_MD_CTX_new();
+    if (md == NULL
+        || !EVP_DigestInit_ex(md, EVP_md5(), NULL)
+        || !EVP_DigestUpdate(md, passwd, passwd_len))
+        goto err;
+
+    if (magic_len > 0)
+        if (!EVP_DigestUpdate(md, ascii_dollar, 1)
+            || !EVP_DigestUpdate(md, ascii_magic, magic_len)
+            || !EVP_DigestUpdate(md, ascii_dollar, 1))
+          goto err;
+
+    if (!EVP_DigestUpdate(md, ascii_salt, salt_len))
+        goto err;
+
+    md2 = EVP_MD_CTX_new();
+    if (md2 == NULL
+        || !EVP_DigestInit_ex(md2, EVP_md5(), NULL)
+        || !EVP_DigestUpdate(md2, passwd, passwd_len)
+        || !EVP_DigestUpdate(md2, ascii_salt, salt_len)
+        || !EVP_DigestUpdate(md2, passwd, passwd_len)
+        || !EVP_DigestFinal_ex(md2, buf, NULL))
+        goto err;
+
+    for (i = passwd_len; i > sizeof(buf); i -= sizeof(buf)) {
+        if (!EVP_DigestUpdate(md, buf, sizeof(buf)))
+            goto err;
+    }
+    if (!EVP_DigestUpdate(md, buf, i))
+        goto err;
+
+    n = passwd_len;
+    while (n) {
+        if (!EVP_DigestUpdate(md, (n & 1) ? "\0" : passwd, 1))
+            goto err;
+        n >>= 1;
+    }
+    if (!EVP_DigestFinal_ex(md, buf, NULL))
+        return NULL;
+
+    for (i = 0; i < 1000; i++) {
+        if (!EVP_DigestInit_ex(md2, EVP_md5(), NULL))
+            goto err;
+        if (!EVP_DigestUpdate(md2,
+                              (i & 1) ? (unsigned const char *)passwd : buf,
+                              (i & 1) ? passwd_len : sizeof(buf)))
+            goto err;
+        if (i % 3) {
+            if (!EVP_DigestUpdate(md2, ascii_salt, salt_len))
+                goto err;
+        }
+        if (i % 7) {
+            if (!EVP_DigestUpdate(md2, passwd, passwd_len))
+                goto err;
+        }
+        if (!EVP_DigestUpdate(md2,
+                              (i & 1) ? buf : (unsigned const char *)passwd,
+                              (i & 1) ? sizeof(buf) : passwd_len))
+                goto err;
+        if (!EVP_DigestFinal_ex(md2, buf, NULL))
+                goto err;
+    }
+    EVP_MD_CTX_free(md2);
+    EVP_MD_CTX_free(md);
+    md2 = NULL;
+    md = NULL;
+
+    {
+        /* transform buf into output string */
+        unsigned char buf_perm[sizeof(buf)];
+        int dest, source;
+        char *output;
+
+        /* silly output permutation */
+        for (dest = 0, source = 0; dest < 14;
+             dest++, source = (source + 6) % 17)
+            buf_perm[dest] = buf[source];
+        buf_perm[14] = buf[5];
+        buf_perm[15] = buf[11];
+# ifndef PEDANTIC              /* Unfortunately, this generates a "no
+                                 * effect" warning */
+        assert(16 == sizeof(buf_perm));
+# endif
+
+        output = salt_out + salt_len;
+        assert(output == out_buf + strlen(out_buf));
+
+        *output++ = ascii_dollar[0];
+
+        for (i = 0; i < 15; i += 3) {
+            *output++ = cov_2char[buf_perm[i + 2] & 0x3f];
+            *output++ = cov_2char[((buf_perm[i + 1] & 0xf) << 2) |
+                                  (buf_perm[i + 2] >> 6)];
+            *output++ = cov_2char[((buf_perm[i] & 3) << 4) |
+                                  (buf_perm[i + 1] >> 4)];
+            *output++ = cov_2char[buf_perm[i] >> 2];
+        }
+        assert(i == 15);
+        *output++ = cov_2char[buf_perm[i] & 0x3f];
+        *output++ = cov_2char[buf_perm[i] >> 6];
+        *output = 0;
+        assert(strlen(out_buf) < sizeof(out_buf));
+#ifdef CHARSET_EBCDIC
+        ascii2ebcdic(out_buf, out_buf, strlen(out_buf));
+#endif
+    }
+
+    return out_buf;
+
+ err:
+    OPENSSL_free(ascii_passwd);
+    EVP_MD_CTX_free(md2);
+    EVP_MD_CTX_free(md);
+    return NULL;
+}
+
+/*
+ * SHA based password algorithm, describe by Ulrich Drepper here:
+ * https://www.akkadia.org/drepper/SHA-crypt.txt
+ * (note that it's in the public domain)
+ */
+static char *shacrypt(const char *passwd, const char *magic, const char *salt)
+{
+    /* Prefix for optional rounds specification.  */
+    static const char rounds_prefix[] = "rounds=";
+    /* Maximum salt string length.  */
+# define SALT_LEN_MAX 16
+    /* Default number of rounds if not explicitly specified.  */
+# define ROUNDS_DEFAULT 5000
+    /* Minimum number of rounds.  */
+# define ROUNDS_MIN 1000
+    /* Maximum number of rounds.  */
+# define ROUNDS_MAX 999999999
+
+    /* "$6$rounds=<N>$......salt......$...shahash(up to 86 chars)...\0" */
+    static char out_buf[3 + 17 + 17 + 86 + 1];
+    unsigned char buf[SHA512_DIGEST_LENGTH];
+    unsigned char temp_buf[SHA512_DIGEST_LENGTH];
+    size_t buf_size = 0;
+    char ascii_magic[2];
+    char ascii_salt[17];          /* Max 16 chars plus '\0' */
+    char *ascii_passwd = NULL;
+    size_t n;
+    EVP_MD_CTX *md = NULL, *md2 = NULL;
+    const EVP_MD *sha = NULL;
+    size_t passwd_len, salt_len, magic_len;
+    unsigned int rounds = 5000;        /* Default */
+    char rounds_custom = 0;
+    char *p_bytes = NULL;
+    char *s_bytes = NULL;
+    char *cp = NULL;
+
+    passwd_len = strlen(passwd);
+    magic_len = strlen(magic);
+
+    /* assert it's "5" or "6" */
+    if (magic_len != 1)
+        return NULL;
+
+    switch (magic[0]) {
+    case '5':
+        sha = EVP_sha256();
+        buf_size = 32;
+        break;
+    case '6':
+        sha = EVP_sha512();
+        buf_size = 64;
+        break;
+    default:
+        return NULL;
+    }
+
+    if (strncmp(salt, rounds_prefix, sizeof(rounds_prefix) - 1) == 0) {
+        const char *num = salt + sizeof(rounds_prefix) - 1;
+        char *endp;
+        unsigned long int srounds = strtoul (num, &endp, 10);
+        if (*endp == '$') {
+            salt = endp + 1;
+            if (srounds > ROUNDS_MAX)
+                rounds = ROUNDS_MAX;
+            else if (srounds < ROUNDS_MIN)
+                rounds = ROUNDS_MIN;
+            else
+                rounds = (unsigned int)srounds;
+            rounds_custom = 1;
+        } else {
+            return NULL;
+        }
+    }
+
+    OPENSSL_strlcpy(ascii_magic, magic, sizeof(ascii_magic));
+#ifdef CHARSET_EBCDIC
+    if ((magic[0] & 0x80) != 0)    /* High bit is 1 in EBCDIC alnums */
+        ebcdic2ascii(ascii_magic, ascii_magic, magic_len);
+#endif
+
+    /* The salt gets truncated to 16 chars */
+    OPENSSL_strlcpy(ascii_salt, salt, sizeof(ascii_salt));
+    salt_len = strlen(ascii_salt);
+#ifdef CHARSET_EBCDIC
+    ebcdic2ascii(ascii_salt, ascii_salt, salt_len);
+#endif
+
+#ifdef CHARSET_EBCDIC
+    ascii_passwd = OPENSSL_strdup(passwd);
+    if (ascii_passwd == NULL)
+        return NULL;
+    ebcdic2ascii(ascii_passwd, ascii_passwd, passwd_len);
+    passwd = ascii_passwd;
+#endif
+
+    out_buf[0] = 0;
+    OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf));
+    OPENSSL_strlcat(out_buf, ascii_magic, sizeof(out_buf));
+    OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf));
+    if (rounds_custom) {
+        char tmp_buf[80]; /* "rounds=999999999" */
+        sprintf(tmp_buf, "rounds=%u", rounds);
+#ifdef CHARSET_EBCDIC
+        /* In case we're really on a ASCII based platform and just pretend */
+        if (tmp_buf[0] != 0x72)  /* ASCII 'r' */
+            ebcdic2ascii(tmp_buf, tmp_buf, strlen(tmp_buf));
+#endif
+        OPENSSL_strlcat(out_buf, tmp_buf, sizeof(out_buf));
+        OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf));
+    }
+    OPENSSL_strlcat(out_buf, ascii_salt, sizeof(out_buf));
+
+    /* assert "$5$rounds=999999999$......salt......" */
+    if (strlen(out_buf) > 3 + 17 * rounds_custom + salt_len )
+        goto err;
+
+    md = EVP_MD_CTX_new();
+    if (md == NULL
+        || !EVP_DigestInit_ex(md, sha, NULL)
+        || !EVP_DigestUpdate(md, passwd, passwd_len)
+        || !EVP_DigestUpdate(md, ascii_salt, salt_len))
+        goto err;
+
+    md2 = EVP_MD_CTX_new();
+    if (md2 == NULL
+        || !EVP_DigestInit_ex(md2, sha, NULL)
+        || !EVP_DigestUpdate(md2, passwd, passwd_len)
+        || !EVP_DigestUpdate(md2, ascii_salt, salt_len)
+        || !EVP_DigestUpdate(md2, passwd, passwd_len)
+        || !EVP_DigestFinal_ex(md2, buf, NULL))
+        goto err;
+
+    for (n = passwd_len; n > buf_size; n -= buf_size) {
+        if (!EVP_DigestUpdate(md, buf, buf_size))
+            goto err;
+    }
+    if (!EVP_DigestUpdate(md, buf, n))
+        goto err;
+
+    n = passwd_len;
+    while (n) {
+        if (!EVP_DigestUpdate(md,
+                              (n & 1) ? buf : (unsigned const char *)passwd,
+                              (n & 1) ? buf_size : passwd_len))
+            goto err;
+        n >>= 1;
+    }
+    if (!EVP_DigestFinal_ex(md, buf, NULL))
+        return NULL;
+
+    /* P sequence */
+    if (!EVP_DigestInit_ex(md2, sha, NULL))
+        goto err;
+
+    for (n = passwd_len; n > 0; n--)
+        if (!EVP_DigestUpdate(md2, passwd, passwd_len))
+            goto err;
+
+    if (!EVP_DigestFinal_ex(md2, temp_buf, NULL))
+        return NULL;
+
+    if ((p_bytes = OPENSSL_zalloc(passwd_len)) == NULL)
+        goto err;
+    for (cp = p_bytes, n = passwd_len; n > buf_size; n -= buf_size, cp += buf_size)
+        memcpy(cp, temp_buf, buf_size);
+    memcpy(cp, temp_buf, n);
+
+    /* S sequence */
+    if (!EVP_DigestInit_ex(md2, sha, NULL))
+        goto err;
+
+    for (n = 16 + buf[0]; n > 0; n--)
+        if (!EVP_DigestUpdate(md2, ascii_salt, salt_len))
+            goto err;
+
+    if (!EVP_DigestFinal_ex(md2, temp_buf, NULL))
+        return NULL;
+
+    if ((s_bytes = OPENSSL_zalloc(salt_len)) == NULL)
+        goto err;
+    for (cp = s_bytes, n = salt_len; n > buf_size; n -= buf_size, cp += buf_size)
+        memcpy(cp, temp_buf, buf_size);
+    memcpy(cp, temp_buf, n);
+
+    for (n = 0; n < rounds; n++) {
+        if (!EVP_DigestInit_ex(md2, sha, NULL))
+            goto err;
+        if (!EVP_DigestUpdate(md2,
+                              (n & 1) ? (unsigned const char *)p_bytes : buf,
+                              (n & 1) ? passwd_len : buf_size))
+            goto err;
+        if (n % 3) {
+            if (!EVP_DigestUpdate(md2, s_bytes, salt_len))
+                goto err;
+        }
+        if (n % 7) {
+            if (!EVP_DigestUpdate(md2, p_bytes, passwd_len))
+                goto err;
+        }
+        if (!EVP_DigestUpdate(md2,
+                              (n & 1) ? buf : (unsigned const char *)p_bytes,
+                              (n & 1) ? buf_size : passwd_len))
+                goto err;
+        if (!EVP_DigestFinal_ex(md2, buf, NULL))
+                goto err;
+    }
+    EVP_MD_CTX_free(md2);
+    EVP_MD_CTX_free(md);
+    md2 = NULL;
+    md = NULL;
+    OPENSSL_free(p_bytes);
+    OPENSSL_free(s_bytes);
+    p_bytes = NULL;
+    s_bytes = NULL;
+
+    cp = out_buf + strlen(out_buf);
+    *cp++ = ascii_dollar[0];
+
+# define b64_from_24bit(B2, B1, B0, N)                                   \
+    do {                                                                \
+        unsigned int w = ((B2) << 16) | ((B1) << 8) | (B0);             \
+        int i = (N);                                                    \
+        while (i-- > 0)                                                 \
+            {                                                           \
+                *cp++ = cov_2char[w & 0x3f];                            \
+                w >>= 6;                                                \
+            }                                                           \
+    } while (0)
+
+    switch (magic[0]) {
+    case '5':
+        b64_from_24bit (buf[0], buf[10], buf[20], 4);
+        b64_from_24bit (buf[21], buf[1], buf[11], 4);
+        b64_from_24bit (buf[12], buf[22], buf[2], 4);
+        b64_from_24bit (buf[3], buf[13], buf[23], 4);
+        b64_from_24bit (buf[24], buf[4], buf[14], 4);
+        b64_from_24bit (buf[15], buf[25], buf[5], 4);
+        b64_from_24bit (buf[6], buf[16], buf[26], 4);
+        b64_from_24bit (buf[27], buf[7], buf[17], 4);
+        b64_from_24bit (buf[18], buf[28], buf[8], 4);
+        b64_from_24bit (buf[9], buf[19], buf[29], 4);
+        b64_from_24bit (0, buf[31], buf[30], 3);
+        break;
+    case '6':
+        b64_from_24bit (buf[0], buf[21], buf[42], 4);
+        b64_from_24bit (buf[22], buf[43], buf[1], 4);
+        b64_from_24bit (buf[44], buf[2], buf[23], 4);
+        b64_from_24bit (buf[3], buf[24], buf[45], 4);
+        b64_from_24bit (buf[25], buf[46], buf[4], 4);
+        b64_from_24bit (buf[47], buf[5], buf[26], 4);
+        b64_from_24bit (buf[6], buf[27], buf[48], 4);
+        b64_from_24bit (buf[28], buf[49], buf[7], 4);
+        b64_from_24bit (buf[50], buf[8], buf[29], 4);
+        b64_from_24bit (buf[9], buf[30], buf[51], 4);
+        b64_from_24bit (buf[31], buf[52], buf[10], 4);
+        b64_from_24bit (buf[53], buf[11], buf[32], 4);
+        b64_from_24bit (buf[12], buf[33], buf[54], 4);
+        b64_from_24bit (buf[34], buf[55], buf[13], 4);
+        b64_from_24bit (buf[56], buf[14], buf[35], 4);
+        b64_from_24bit (buf[15], buf[36], buf[57], 4);
+        b64_from_24bit (buf[37], buf[58], buf[16], 4);
+        b64_from_24bit (buf[59], buf[17], buf[38], 4);
+        b64_from_24bit (buf[18], buf[39], buf[60], 4);
+        b64_from_24bit (buf[40], buf[61], buf[19], 4);
+        b64_from_24bit (buf[62], buf[20], buf[41], 4);
+        b64_from_24bit (0, 0, buf[63], 2);
+        break;
+    default:
+        goto err;
+    }
+    *cp = '\0';
+#ifdef CHARSET_EBCDIC
+    ascii2ebcdic(out_buf, out_buf, strlen(out_buf));
+#endif
+
+    return out_buf;
+
+ err:
+    EVP_MD_CTX_free(md2);
+    EVP_MD_CTX_free(md);
+    OPENSSL_free(p_bytes);
+    OPENSSL_free(s_bytes);
+    OPENSSL_free(ascii_passwd);
+    return NULL;
+}
+
+static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
+                     char *passwd, BIO *out, int quiet, int table,
+                     int reverse, size_t pw_maxlen, passwd_modes mode)
+{
+    char *hash = NULL;
+
+    assert(salt_p != NULL);
+    assert(salt_malloc_p != NULL);
+
+    /* first make sure we have a salt */
+    if (!passed_salt) {
+        size_t saltlen = 0;
+        size_t i;
+
+#ifndef OPENSSL_NO_DES
+        if (mode == passwd_crypt)
+            saltlen = 2;
+#endif                         /* !OPENSSL_NO_DES */
+
+        if (mode == passwd_md5 || mode == passwd_apr1 || mode == passwd_aixmd5)
+            saltlen = 8;
+
+        if (mode == passwd_sha256 || mode == passwd_sha512)
+            saltlen = 16;
+
+        assert(saltlen != 0);
+
+        if (*salt_malloc_p == NULL)
+            *salt_p = *salt_malloc_p = app_malloc(saltlen + 1, "salt buffer");
+        if (RAND_bytes((unsigned char *)*salt_p, saltlen) <= 0)
+            goto end;
+
+        for (i = 0; i < saltlen; i++)
+            (*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */
+        (*salt_p)[i] = 0;
+# ifdef CHARSET_EBCDIC
+        /* The password encryption funtion will convert back to ASCII */
+        ascii2ebcdic(*salt_p, *salt_p, saltlen);
+# endif
+    }
+
+    assert(*salt_p != NULL);
+
+    /* truncate password if necessary */
+    if ((strlen(passwd) > pw_maxlen)) {
+        if (!quiet)
+            /*
+             * XXX: really we should know how to print a size_t, not cast it
+             */
+            BIO_printf(bio_err,
+                       "Warning: truncating password to %u characters\n",
+                       (unsigned)pw_maxlen);
+        passwd[pw_maxlen] = 0;
+    }
+    assert(strlen(passwd) <= pw_maxlen);
+
+    /* now compute password hash */
+#ifndef OPENSSL_NO_DES
+    if (mode == passwd_crypt)
+        hash = DES_crypt(passwd, *salt_p);
+#endif
+    if (mode == passwd_md5 || mode == passwd_apr1)
+        hash = md5crypt(passwd, (mode == passwd_md5 ? "1" : "apr1"), *salt_p);
+    if (mode == passwd_aixmd5)
+        hash = md5crypt(passwd, "", *salt_p);
+    if (mode == passwd_sha256 || mode == passwd_sha512)
+        hash = shacrypt(passwd, (mode == passwd_sha256 ? "5" : "6"), *salt_p);
+    assert(hash != NULL);
+
+    if (table && !reverse)
+        BIO_printf(out, "%s\t%s\n", passwd, hash);
+    else if (table && reverse)
+        BIO_printf(out, "%s\t%s\n", hash, passwd);
+    else
+        BIO_printf(out, "%s\n", hash);
+    return 1;
+
+ end:
+    return 0;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/pca-cert.srl b/trunk/3rdparty/openssl-1.1-fit/apps/pca-cert.srl
new file mode 100644
index 000000000..2c7456e3e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/pca-cert.srl
@@ -0,0 +1 @@
+07
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/pca-key.pem b/trunk/3rdparty/openssl-1.1-fit/apps/pca-key.pem
new file mode 100644
index 000000000..c6ad0e92d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/pca-key.pem
@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALYYjjtpLs/lfkPF
+xAFZ4V3He5mZFbsEakK9bA2fQaryreRwyfhbXbDJHyBV+c4xI5fbmmVd2t/us4k4
+rMhGsBtL89SqCEHhPJpLFywiQVmJTAjANYrWkZK5uR/++YmZyzuLfPHLButuK6cF
+GKXw3NNToxjYooMf0mad2rPX3cKTAgMBAAECgYBvrJ+Nz/Pli9jjt2V9bqHH4Y7r
+o/avuwVv6Ltbn0+mhy4d6w3yQhYzVSTBr/iDe59YglUt1WFl8/4nKZrNOIzHJlav
+Sw4hd3fYBHxbT+DgZMQ9ikjHECWRdDffrnlTLsSJAcxnpMJBPe3dKCRDMUrqWUvB
+IIKaxyqmXJms5Y/wAQJBAPFL9NMKJcWBftMKXCasxsV0ZGjgqHGZODYjtGFN9jJO
+6AbZrxfCcapTWG4RCC2o/EDEMN8aArEhfdrYY3lhXGsCQQDBMRzFevkD7SYXTw5G
+NA/gJOAsFMYbt7tebcCRsHT7t3ymVfO2QwK7ZF0f/SYvi7cMAPraHvO7s3kFdGTB
+kDx5AkAHBICASsFCdzurA5gef9PgFjx9WFtNwnkCChPK6KuKVwUkfdw7wqnvnDDs
+Mo6cVVfQwmPxeR4u7JxuavCprQ01AkEAp5ZGAh1J9Jj9CQ1AMbAp8WOrvzGKJTM9
+641Dll4/LLif/d7j2kDJFuvaSMyeGnKVqGkVMq/U+QeYPR4Z5TuM6QJAWK05qFed
+wYgTZyVN0MY53ZOMAIWwjz0cr24TvDfmsZqIvguGL616GKQZKdKDZQyQHg+dCzqJ
+HgIoacuFDKz5CA==
+-----END PRIVATE KEY-----
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/pca-req.pem b/trunk/3rdparty/openssl-1.1-fit/apps/pca-req.pem
new file mode 100644
index 000000000..5a8c5cbf1
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/pca-req.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBnDCCAQUCAQAwXDELMAkGA1UEBhMCQVUxEzARBgNVBAgMClF1ZWVuc2xhbmQx
+GjAYBgNVBAoMEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDDBNUZXN0IFBDQSAo
+MTAyNCBiaXQpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2GI47aS7P5X5D
+xcQBWeFdx3uZmRW7BGpCvWwNn0Gq8q3kcMn4W12wyR8gVfnOMSOX25plXdrf7rOJ
+OKzIRrAbS/PUqghB4TyaSxcsIkFZiUwIwDWK1pGSubkf/vmJmcs7i3zxywbrbiun
+BRil8NzTU6MY2KKDH9Jmndqz193CkwIDAQABoAAwDQYJKoZIhvcNAQELBQADgYEA
+eJdCB0nHnFK0hek4biAxX0GuJXkknuUy46NKEhv3GBwt4gtO29bfkbQTGOsBBKNs
+KptlnkItscOXY+0lSva9K3XlwD9do7k2IZFtXJVayZVw1GcKybIY0l7B6kcSxG7T
+f3CsO+ifdrsJKtyoZNs96lBMrtXyGybt3mgQNdZauQU=
+-----END CERTIFICATE REQUEST-----
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/pkcs12.c b/trunk/3rdparty/openssl-1.1-fit/apps/pkcs12.c
new file mode 100644
index 000000000..719a309a8
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/pkcs12.c
@@ -0,0 +1,968 @@
+/*
+ * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#if defined(OPENSSL_NO_DES)
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <stdio.h>
+# include <stdlib.h>
+# include <string.h>
+# include "apps.h"
+# include "progs.h"
+# include <openssl/crypto.h>
+# include <openssl/err.h>
+# include <openssl/pem.h>
+# include <openssl/pkcs12.h>
+
+# define NOKEYS          0x1
+# define NOCERTS         0x2
+# define INFO            0x4
+# define CLCERTS         0x8
+# define CACERTS         0x10
+
+#define PASSWD_BUF_SIZE 2048
+
+static int get_cert_chain(X509 *cert, X509_STORE *store,
+                          STACK_OF(X509) **chain);
+int dump_certs_keys_p12(BIO *out, const PKCS12 *p12,
+                        const char *pass, int passlen, int options,
+                        char *pempass, const EVP_CIPHER *enc);
+int dump_certs_pkeys_bags(BIO *out, const STACK_OF(PKCS12_SAFEBAG) *bags,
+                          const char *pass, int passlen, int options,
+                          char *pempass, const EVP_CIPHER *enc);
+int dump_certs_pkeys_bag(BIO *out, const PKCS12_SAFEBAG *bags,
+                         const char *pass, int passlen,
+                         int options, char *pempass, const EVP_CIPHER *enc);
+int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst,
+                  const char *name);
+void hex_prin(BIO *out, unsigned char *buf, int len);
+static int alg_print(const X509_ALGOR *alg);
+int cert_load(BIO *in, STACK_OF(X509) *sk);
+static int set_pbe(int *ppbe, const char *str);
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_CIPHER, OPT_NOKEYS, OPT_KEYEX, OPT_KEYSIG, OPT_NOCERTS, OPT_CLCERTS,
+    OPT_CACERTS, OPT_NOOUT, OPT_INFO, OPT_CHAIN, OPT_TWOPASS, OPT_NOMACVER,
+    OPT_DESCERT, OPT_EXPORT, OPT_NOITER, OPT_MACITER, OPT_NOMACITER,
+    OPT_NOMAC, OPT_LMK, OPT_NODES, OPT_MACALG, OPT_CERTPBE, OPT_KEYPBE,
+    OPT_INKEY, OPT_CERTFILE, OPT_NAME, OPT_CSP, OPT_CANAME,
+    OPT_IN, OPT_OUT, OPT_PASSIN, OPT_PASSOUT, OPT_PASSWORD, OPT_CAPATH,
+    OPT_CAFILE, OPT_NOCAPATH, OPT_NOCAFILE, OPT_ENGINE,
+    OPT_R_ENUM
+} OPTION_CHOICE;
+
+const OPTIONS pkcs12_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"nokeys", OPT_NOKEYS, '-', "Don't output private keys"},
+    {"keyex", OPT_KEYEX, '-', "Set MS key exchange type"},
+    {"keysig", OPT_KEYSIG, '-', "Set MS key signature type"},
+    {"nocerts", OPT_NOCERTS, '-', "Don't output certificates"},
+    {"clcerts", OPT_CLCERTS, '-', "Only output client certificates"},
+    {"cacerts", OPT_CACERTS, '-', "Only output CA certificates"},
+    {"noout", OPT_NOOUT, '-', "Don't output anything, just verify"},
+    {"info", OPT_INFO, '-', "Print info about PKCS#12 structure"},
+    {"chain", OPT_CHAIN, '-', "Add certificate chain"},
+    {"twopass", OPT_TWOPASS, '-', "Separate MAC, encryption passwords"},
+    {"nomacver", OPT_NOMACVER, '-', "Don't verify MAC"},
+# ifndef OPENSSL_NO_RC2
+    {"descert", OPT_DESCERT, '-',
+     "Encrypt output with 3DES (default RC2-40)"},
+    {"certpbe", OPT_CERTPBE, 's',
+     "Certificate PBE algorithm (default RC2-40)"},
+# else
+    {"descert", OPT_DESCERT, '-', "Encrypt output with 3DES (the default)"},
+    {"certpbe", OPT_CERTPBE, 's', "Certificate PBE algorithm (default 3DES)"},
+# endif
+    {"export", OPT_EXPORT, '-', "Output PKCS12 file"},
+    {"noiter", OPT_NOITER, '-', "Don't use encryption iteration"},
+    {"maciter", OPT_MACITER, '-', "Use MAC iteration"},
+    {"nomaciter", OPT_NOMACITER, '-', "Don't use MAC iteration"},
+    {"nomac", OPT_NOMAC, '-', "Don't generate MAC"},
+    {"LMK", OPT_LMK, '-',
+     "Add local machine keyset attribute to private key"},
+    {"nodes", OPT_NODES, '-', "Don't encrypt private keys"},
+    {"macalg", OPT_MACALG, 's',
+     "Digest algorithm used in MAC (default SHA1)"},
+    {"keypbe", OPT_KEYPBE, 's', "Private key PBE algorithm (default 3DES)"},
+    OPT_R_OPTIONS,
+    {"inkey", OPT_INKEY, 's', "Private key if not infile"},
+    {"certfile", OPT_CERTFILE, '<', "Load certs from file"},
+    {"name", OPT_NAME, 's', "Use name as friendly name"},
+    {"CSP", OPT_CSP, 's', "Microsoft CSP name"},
+    {"caname", OPT_CANAME, 's',
+     "Use name as CA friendly name (can be repeated)"},
+    {"in", OPT_IN, '<', "Input filename"},
+    {"out", OPT_OUT, '>', "Output filename"},
+    {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+    {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
+    {"password", OPT_PASSWORD, 's', "Set import/export password source"},
+    {"CApath", OPT_CAPATH, '/', "PEM-format directory of CA's"},
+    {"CAfile", OPT_CAFILE, '<', "PEM-format file of CA's"},
+    {"no-CAfile", OPT_NOCAFILE, '-',
+     "Do not load the default certificates file"},
+    {"no-CApath", OPT_NOCAPATH, '-',
+     "Do not load certificates from the default certificates directory"},
+    {"", OPT_CIPHER, '-', "Any supported cipher"},
+# ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+# endif
+    {NULL}
+};
+
+int pkcs12_main(int argc, char **argv)
+{
+    char *infile = NULL, *outfile = NULL, *keyname = NULL, *certfile = NULL;
+    char *name = NULL, *csp_name = NULL;
+    char pass[PASSWD_BUF_SIZE] = "", macpass[PASSWD_BUF_SIZE] = "";
+    int export_cert = 0, options = 0, chain = 0, twopass = 0, keytype = 0;
+    int iter = PKCS12_DEFAULT_ITER, maciter = PKCS12_DEFAULT_ITER;
+# ifndef OPENSSL_NO_RC2
+    int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
+# else
+    int cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+# endif
+    int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+    int ret = 1, macver = 1, add_lmk = 0, private = 0;
+    int noprompt = 0;
+    char *passinarg = NULL, *passoutarg = NULL, *passarg = NULL;
+    char *passin = NULL, *passout = NULL, *macalg = NULL;
+    char *cpass = NULL, *mpass = NULL, *badpass = NULL;
+    const char *CApath = NULL, *CAfile = NULL, *prog;
+    int noCApath = 0, noCAfile = 0;
+    ENGINE *e = NULL;
+    BIO *in = NULL, *out = NULL;
+    PKCS12 *p12 = NULL;
+    STACK_OF(OPENSSL_STRING) *canames = NULL;
+    const EVP_CIPHER *enc = EVP_des_ede3_cbc();
+    OPTION_CHOICE o;
+
+    prog = opt_init(argc, argv, pkcs12_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(pkcs12_options);
+            ret = 0;
+            goto end;
+        case OPT_NOKEYS:
+            options |= NOKEYS;
+            break;
+        case OPT_KEYEX:
+            keytype = KEY_EX;
+            break;
+        case OPT_KEYSIG:
+            keytype = KEY_SIG;
+            break;
+        case OPT_NOCERTS:
+            options |= NOCERTS;
+            break;
+        case OPT_CLCERTS:
+            options |= CLCERTS;
+            break;
+        case OPT_CACERTS:
+            options |= CACERTS;
+            break;
+        case OPT_NOOUT:
+            options |= (NOKEYS | NOCERTS);
+            break;
+        case OPT_INFO:
+            options |= INFO;
+            break;
+        case OPT_CHAIN:
+            chain = 1;
+            break;
+        case OPT_TWOPASS:
+            twopass = 1;
+            break;
+        case OPT_NOMACVER:
+            macver = 0;
+            break;
+        case OPT_DESCERT:
+            cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+            break;
+        case OPT_EXPORT:
+            export_cert = 1;
+            break;
+        case OPT_CIPHER:
+            if (!opt_cipher(opt_unknown(), &enc))
+                goto opthelp;
+            break;
+        case OPT_NOITER:
+            iter = 1;
+            break;
+        case OPT_MACITER:
+            maciter = PKCS12_DEFAULT_ITER;
+            break;
+        case OPT_NOMACITER:
+            maciter = 1;
+            break;
+        case OPT_NOMAC:
+            maciter = -1;
+            break;
+        case OPT_MACALG:
+            macalg = opt_arg();
+            break;
+        case OPT_NODES:
+            enc = NULL;
+            break;
+        case OPT_CERTPBE:
+            if (!set_pbe(&cert_pbe, opt_arg()))
+                goto opthelp;
+            break;
+        case OPT_KEYPBE:
+            if (!set_pbe(&key_pbe, opt_arg()))
+                goto opthelp;
+            break;
+        case OPT_R_CASES:
+            if (!opt_rand(o))
+                goto end;
+            break;
+        case OPT_INKEY:
+            keyname = opt_arg();
+            break;
+        case OPT_CERTFILE:
+            certfile = opt_arg();
+            break;
+        case OPT_NAME:
+            name = opt_arg();
+            break;
+        case OPT_LMK:
+            add_lmk = 1;
+            break;
+        case OPT_CSP:
+            csp_name = opt_arg();
+            break;
+        case OPT_CANAME:
+            if (canames == NULL
+                && (canames = sk_OPENSSL_STRING_new_null()) == NULL)
+                goto end;
+            sk_OPENSSL_STRING_push(canames, opt_arg());
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_PASSIN:
+            passinarg = opt_arg();
+            break;
+        case OPT_PASSOUT:
+            passoutarg = opt_arg();
+            break;
+        case OPT_PASSWORD:
+            passarg = opt_arg();
+            break;
+        case OPT_CAPATH:
+            CApath = opt_arg();
+            break;
+        case OPT_CAFILE:
+            CAfile = opt_arg();
+            break;
+        case OPT_NOCAPATH:
+            noCApath = 1;
+            break;
+        case OPT_NOCAFILE:
+            noCAfile = 1;
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    private = 1;
+
+    if (passarg != NULL) {
+        if (export_cert)
+            passoutarg = passarg;
+        else
+            passinarg = passarg;
+    }
+
+    if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
+        BIO_printf(bio_err, "Error getting passwords\n");
+        goto end;
+    }
+
+    if (cpass == NULL) {
+        if (export_cert)
+            cpass = passout;
+        else
+            cpass = passin;
+    }
+
+    if (cpass != NULL) {
+        mpass = cpass;
+        noprompt = 1;
+        if (twopass) {
+            if (export_cert)
+                BIO_printf(bio_err, "Option -twopass cannot be used with -passout or -password\n");
+            else
+                BIO_printf(bio_err, "Option -twopass cannot be used with -passin or -password\n");
+            goto end;
+        }
+    } else {
+        cpass = pass;
+        mpass = macpass;
+    }
+
+    if (twopass) {
+        /* To avoid bit rot */
+        if (1) {
+#ifndef OPENSSL_NO_UI_CONSOLE
+            if (EVP_read_pw_string(
+                macpass, sizeof(macpass), "Enter MAC Password:", export_cert)) {
+                BIO_printf(bio_err, "Can't read Password\n");
+                goto end;
+            }
+        } else {
+#endif
+            BIO_printf(bio_err, "Unsupported option -twopass\n");
+            goto end;
+        }
+    }
+
+    if (export_cert) {
+        EVP_PKEY *key = NULL;
+        X509 *ucert = NULL, *x = NULL;
+        STACK_OF(X509) *certs = NULL;
+        const EVP_MD *macmd = NULL;
+        unsigned char *catmp = NULL;
+        int i;
+
+        if ((options & (NOCERTS | NOKEYS)) == (NOCERTS | NOKEYS)) {
+            BIO_printf(bio_err, "Nothing to do!\n");
+            goto export_end;
+        }
+
+        if (options & NOCERTS)
+            chain = 0;
+
+        if (!(options & NOKEYS)) {
+            key = load_key(keyname ? keyname : infile,
+                           FORMAT_PEM, 1, passin, e, "private key");
+            if (key == NULL)
+                goto export_end;
+        }
+
+        /* Load in all certs in input file */
+        if (!(options & NOCERTS)) {
+            if (!load_certs(infile, &certs, FORMAT_PEM, NULL,
+                            "certificates"))
+                goto export_end;
+
+            if (key != NULL) {
+                /* Look for matching private key */
+                for (i = 0; i < sk_X509_num(certs); i++) {
+                    x = sk_X509_value(certs, i);
+                    if (X509_check_private_key(x, key)) {
+                        ucert = x;
+                        /* Zero keyid and alias */
+                        X509_keyid_set1(ucert, NULL, 0);
+                        X509_alias_set1(ucert, NULL, 0);
+                        /* Remove from list */
+                        (void)sk_X509_delete(certs, i);
+                        break;
+                    }
+                }
+                if (ucert == NULL) {
+                    BIO_printf(bio_err,
+                               "No certificate matches private key\n");
+                    goto export_end;
+                }
+            }
+
+        }
+
+        /* Add any more certificates asked for */
+        if (certfile != NULL) {
+            if (!load_certs(certfile, &certs, FORMAT_PEM, NULL,
+                            "certificates from certfile"))
+                goto export_end;
+        }
+
+        /* If chaining get chain from user cert */
+        if (chain) {
+            int vret;
+            STACK_OF(X509) *chain2;
+            X509_STORE *store;
+            if ((store = setup_verify(CAfile, CApath, noCAfile, noCApath))
+                    == NULL)
+                goto export_end;
+
+            vret = get_cert_chain(ucert, store, &chain2);
+            X509_STORE_free(store);
+
+            if (vret == X509_V_OK) {
+                /* Exclude verified certificate */
+                for (i = 1; i < sk_X509_num(chain2); i++)
+                    sk_X509_push(certs, sk_X509_value(chain2, i));
+                /* Free first certificate */
+                X509_free(sk_X509_value(chain2, 0));
+                sk_X509_free(chain2);
+            } else {
+                if (vret != X509_V_ERR_UNSPECIFIED)
+                    BIO_printf(bio_err, "Error %s getting chain.\n",
+                               X509_verify_cert_error_string(vret));
+                else
+                    ERR_print_errors(bio_err);
+                goto export_end;
+            }
+        }
+
+        /* Add any CA names */
+
+        for (i = 0; i < sk_OPENSSL_STRING_num(canames); i++) {
+            catmp = (unsigned char *)sk_OPENSSL_STRING_value(canames, i);
+            X509_alias_set1(sk_X509_value(certs, i), catmp, -1);
+        }
+
+        if (csp_name != NULL && key != NULL)
+            EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name,
+                                      MBSTRING_ASC, (unsigned char *)csp_name,
+                                      -1);
+
+        if (add_lmk && key != NULL)
+            EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, -1);
+
+        if (!noprompt) {
+            /* To avoid bit rot */
+            if (1) {
+#ifndef OPENSSL_NO_UI_CONSOLE
+                if (EVP_read_pw_string(pass, sizeof(pass),
+                                       "Enter Export Password:", 1)) {
+                    BIO_printf(bio_err, "Can't read Password\n");
+                    goto export_end;
+                }
+            } else {
+#endif
+                BIO_printf(bio_err, "Password required\n");
+                goto export_end;
+            }
+        }
+
+        if (!twopass)
+            OPENSSL_strlcpy(macpass, pass, sizeof(macpass));
+
+        p12 = PKCS12_create(cpass, name, key, ucert, certs,
+                            key_pbe, cert_pbe, iter, -1, keytype);
+
+        if (!p12) {
+            ERR_print_errors(bio_err);
+            goto export_end;
+        }
+
+        if (macalg) {
+            if (!opt_md(macalg, &macmd))
+                goto opthelp;
+        }
+
+        if (maciter != -1)
+            PKCS12_set_mac(p12, mpass, -1, NULL, 0, maciter, macmd);
+
+        assert(private);
+
+        out = bio_open_owner(outfile, FORMAT_PKCS12, private);
+        if (out == NULL)
+            goto end;
+
+        i2d_PKCS12_bio(out, p12);
+
+        ret = 0;
+
+ export_end:
+
+        EVP_PKEY_free(key);
+        sk_X509_pop_free(certs, X509_free);
+        X509_free(ucert);
+
+        goto end;
+
+    }
+
+    in = bio_open_default(infile, 'r', FORMAT_PKCS12);
+    if (in == NULL)
+        goto end;
+    out = bio_open_owner(outfile, FORMAT_PEM, private);
+    if (out == NULL)
+        goto end;
+
+    if ((p12 = d2i_PKCS12_bio(in, NULL)) == NULL) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    if (!noprompt) {
+        if (1) {
+#ifndef OPENSSL_NO_UI_CONSOLE
+            if (EVP_read_pw_string(pass, sizeof(pass), "Enter Import Password:",
+                                   0)) {
+                BIO_printf(bio_err, "Can't read Password\n");
+                goto end;
+            }
+        } else {
+#endif
+            BIO_printf(bio_err, "Password required\n");
+            goto end;
+        }
+    }
+
+    if (!twopass)
+        OPENSSL_strlcpy(macpass, pass, sizeof(macpass));
+
+    if ((options & INFO) && PKCS12_mac_present(p12)) {
+        const ASN1_INTEGER *tmaciter;
+        const X509_ALGOR *macalgid;
+        const ASN1_OBJECT *macobj;
+        const ASN1_OCTET_STRING *tmac;
+        const ASN1_OCTET_STRING *tsalt;
+
+        PKCS12_get0_mac(&tmac, &macalgid, &tsalt, &tmaciter, p12);
+        /* current hash algorithms do not use parameters so extract just name,
+           in future alg_print() may be needed */
+        X509_ALGOR_get0(&macobj, NULL, NULL, macalgid);
+        BIO_puts(bio_err, "MAC: ");
+        i2a_ASN1_OBJECT(bio_err, macobj);
+        BIO_printf(bio_err, ", Iteration %ld\n",
+                   tmaciter != NULL ? ASN1_INTEGER_get(tmaciter) : 1L);
+        BIO_printf(bio_err, "MAC length: %ld, salt length: %ld\n",
+                   tmac != NULL ? ASN1_STRING_length(tmac) : 0L,
+                   tsalt != NULL ? ASN1_STRING_length(tsalt) : 0L);
+    }
+    if (macver) {
+        /* If we enter empty password try no password first */
+        if (!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) {
+            /* If mac and crypto pass the same set it to NULL too */
+            if (!twopass)
+                cpass = NULL;
+        } else if (!PKCS12_verify_mac(p12, mpass, -1)) {
+            /*
+             * May be UTF8 from previous version of OpenSSL:
+             * convert to a UTF8 form which will translate
+             * to the same Unicode password.
+             */
+            unsigned char *utmp;
+            int utmplen;
+            utmp = OPENSSL_asc2uni(mpass, -1, NULL, &utmplen);
+            if (utmp == NULL)
+                goto end;
+            badpass = OPENSSL_uni2utf8(utmp, utmplen);
+            OPENSSL_free(utmp);
+            if (!PKCS12_verify_mac(p12, badpass, -1)) {
+                BIO_printf(bio_err, "Mac verify error: invalid password?\n");
+                ERR_print_errors(bio_err);
+                goto end;
+            } else {
+                BIO_printf(bio_err, "Warning: using broken algorithm\n");
+                if (!twopass)
+                    cpass = badpass;
+            }
+        }
+    }
+
+    assert(private);
+    if (!dump_certs_keys_p12(out, p12, cpass, -1, options, passout, enc)) {
+        BIO_printf(bio_err, "Error outputting keys and certificates\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+    ret = 0;
+ end:
+    PKCS12_free(p12);
+    release_engine(e);
+    BIO_free(in);
+    BIO_free_all(out);
+    sk_OPENSSL_STRING_free(canames);
+    OPENSSL_free(badpass);
+    OPENSSL_free(passin);
+    OPENSSL_free(passout);
+    return ret;
+}
+
+int dump_certs_keys_p12(BIO *out, const PKCS12 *p12, const char *pass,
+                        int passlen, int options, char *pempass,
+                        const EVP_CIPHER *enc)
+{
+    STACK_OF(PKCS7) *asafes = NULL;
+    STACK_OF(PKCS12_SAFEBAG) *bags;
+    int i, bagnid;
+    int ret = 0;
+    PKCS7 *p7;
+
+    if ((asafes = PKCS12_unpack_authsafes(p12)) == NULL)
+        return 0;
+    for (i = 0; i < sk_PKCS7_num(asafes); i++) {
+        p7 = sk_PKCS7_value(asafes, i);
+        bagnid = OBJ_obj2nid(p7->type);
+        if (bagnid == NID_pkcs7_data) {
+            bags = PKCS12_unpack_p7data(p7);
+            if (options & INFO)
+                BIO_printf(bio_err, "PKCS7 Data\n");
+        } else if (bagnid == NID_pkcs7_encrypted) {
+            if (options & INFO) {
+                BIO_printf(bio_err, "PKCS7 Encrypted data: ");
+                alg_print(p7->d.encrypted->enc_data->algorithm);
+            }
+            bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
+        } else {
+            continue;
+        }
+        if (!bags)
+            goto err;
+        if (!dump_certs_pkeys_bags(out, bags, pass, passlen,
+                                   options, pempass, enc)) {
+            sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+            goto err;
+        }
+        sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+        bags = NULL;
+    }
+    ret = 1;
+
+ err:
+    sk_PKCS7_pop_free(asafes, PKCS7_free);
+    return ret;
+}
+
+int dump_certs_pkeys_bags(BIO *out, const STACK_OF(PKCS12_SAFEBAG) *bags,
+                          const char *pass, int passlen, int options,
+                          char *pempass, const EVP_CIPHER *enc)
+{
+    int i;
+    for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
+        if (!dump_certs_pkeys_bag(out,
+                                  sk_PKCS12_SAFEBAG_value(bags, i),
+                                  pass, passlen, options, pempass, enc))
+            return 0;
+    }
+    return 1;
+}
+
+int dump_certs_pkeys_bag(BIO *out, const PKCS12_SAFEBAG *bag,
+                         const char *pass, int passlen, int options,
+                         char *pempass, const EVP_CIPHER *enc)
+{
+    EVP_PKEY *pkey;
+    PKCS8_PRIV_KEY_INFO *p8;
+    const PKCS8_PRIV_KEY_INFO *p8c;
+    X509 *x509;
+    const STACK_OF(X509_ATTRIBUTE) *attrs;
+    int ret = 0;
+
+    attrs = PKCS12_SAFEBAG_get0_attrs(bag);
+
+    switch (PKCS12_SAFEBAG_get_nid(bag)) {
+    case NID_keyBag:
+        if (options & INFO)
+            BIO_printf(bio_err, "Key bag\n");
+        if (options & NOKEYS)
+            return 1;
+        print_attribs(out, attrs, "Bag Attributes");
+        p8c = PKCS12_SAFEBAG_get0_p8inf(bag);
+        if ((pkey = EVP_PKCS82PKEY(p8c)) == NULL)
+            return 0;
+        print_attribs(out, PKCS8_pkey_get0_attrs(p8c), "Key Attributes");
+        ret = PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, pempass);
+        EVP_PKEY_free(pkey);
+        break;
+
+    case NID_pkcs8ShroudedKeyBag:
+        if (options & INFO) {
+            const X509_SIG *tp8;
+            const X509_ALGOR *tp8alg;
+
+            BIO_printf(bio_err, "Shrouded Keybag: ");
+            tp8 = PKCS12_SAFEBAG_get0_pkcs8(bag);
+            X509_SIG_get0(tp8, &tp8alg, NULL);
+            alg_print(tp8alg);
+        }
+        if (options & NOKEYS)
+            return 1;
+        print_attribs(out, attrs, "Bag Attributes");
+        if ((p8 = PKCS12_decrypt_skey(bag, pass, passlen)) == NULL)
+            return 0;
+        if ((pkey = EVP_PKCS82PKEY(p8)) == NULL) {
+            PKCS8_PRIV_KEY_INFO_free(p8);
+            return 0;
+        }
+        print_attribs(out, PKCS8_pkey_get0_attrs(p8), "Key Attributes");
+        PKCS8_PRIV_KEY_INFO_free(p8);
+        ret = PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, pempass);
+        EVP_PKEY_free(pkey);
+        break;
+
+    case NID_certBag:
+        if (options & INFO)
+            BIO_printf(bio_err, "Certificate bag\n");
+        if (options & NOCERTS)
+            return 1;
+        if (PKCS12_SAFEBAG_get0_attr(bag, NID_localKeyID)) {
+            if (options & CACERTS)
+                return 1;
+        } else if (options & CLCERTS)
+            return 1;
+        print_attribs(out, attrs, "Bag Attributes");
+        if (PKCS12_SAFEBAG_get_bag_nid(bag) != NID_x509Certificate)
+            return 1;
+        if ((x509 = PKCS12_SAFEBAG_get1_cert(bag)) == NULL)
+            return 0;
+        dump_cert_text(out, x509);
+        ret = PEM_write_bio_X509(out, x509);
+        X509_free(x509);
+        break;
+
+    case NID_safeContentsBag:
+        if (options & INFO)
+            BIO_printf(bio_err, "Safe Contents bag\n");
+        print_attribs(out, attrs, "Bag Attributes");
+        return dump_certs_pkeys_bags(out, PKCS12_SAFEBAG_get0_safes(bag),
+                                     pass, passlen, options, pempass, enc);
+
+    default:
+        BIO_printf(bio_err, "Warning unsupported bag type: ");
+        i2a_ASN1_OBJECT(bio_err, PKCS12_SAFEBAG_get0_type(bag));
+        BIO_printf(bio_err, "\n");
+        return 1;
+    }
+    return ret;
+}
+
+/* Given a single certificate return a verified chain or NULL if error */
+
+static int get_cert_chain(X509 *cert, X509_STORE *store,
+                          STACK_OF(X509) **chain)
+{
+    X509_STORE_CTX *store_ctx = NULL;
+    STACK_OF(X509) *chn = NULL;
+    int i = 0;
+
+    store_ctx = X509_STORE_CTX_new();
+    if (store_ctx == NULL) {
+        i =  X509_V_ERR_UNSPECIFIED;
+        goto end;
+    }
+    if (!X509_STORE_CTX_init(store_ctx, store, cert, NULL)) {
+        i =  X509_V_ERR_UNSPECIFIED;
+        goto end;
+    }
+
+
+    if (X509_verify_cert(store_ctx) > 0)
+        chn = X509_STORE_CTX_get1_chain(store_ctx);
+    else if ((i = X509_STORE_CTX_get_error(store_ctx)) == 0)
+        i = X509_V_ERR_UNSPECIFIED;
+
+end:
+    X509_STORE_CTX_free(store_ctx);
+    *chain = chn;
+    return i;
+}
+
+static int alg_print(const X509_ALGOR *alg)
+{
+    int pbenid, aparamtype;
+    const ASN1_OBJECT *aoid;
+    const void *aparam;
+    PBEPARAM *pbe = NULL;
+
+    X509_ALGOR_get0(&aoid, &aparamtype, &aparam, alg);
+
+    pbenid = OBJ_obj2nid(aoid);
+
+    BIO_printf(bio_err, "%s", OBJ_nid2ln(pbenid));
+
+    /*
+     * If PBE algorithm is PBES2 decode algorithm parameters
+     * for additional details.
+     */
+    if (pbenid == NID_pbes2) {
+        PBE2PARAM *pbe2 = NULL;
+        int encnid;
+        if (aparamtype == V_ASN1_SEQUENCE)
+            pbe2 = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(PBE2PARAM));
+        if (pbe2 == NULL) {
+            BIO_puts(bio_err, ", <unsupported parameters>");
+            goto done;
+        }
+        X509_ALGOR_get0(&aoid, &aparamtype, &aparam, pbe2->keyfunc);
+        pbenid = OBJ_obj2nid(aoid);
+        X509_ALGOR_get0(&aoid, NULL, NULL, pbe2->encryption);
+        encnid = OBJ_obj2nid(aoid);
+        BIO_printf(bio_err, ", %s, %s", OBJ_nid2ln(pbenid),
+                   OBJ_nid2sn(encnid));
+        /* If KDF is PBKDF2 decode parameters */
+        if (pbenid == NID_id_pbkdf2) {
+            PBKDF2PARAM *kdf = NULL;
+            int prfnid;
+            if (aparamtype == V_ASN1_SEQUENCE)
+                kdf = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(PBKDF2PARAM));
+            if (kdf == NULL) {
+                BIO_puts(bio_err, ", <unsupported parameters>");
+                goto done;
+            }
+
+            if (kdf->prf == NULL) {
+                prfnid = NID_hmacWithSHA1;
+            } else {
+                X509_ALGOR_get0(&aoid, NULL, NULL, kdf->prf);
+                prfnid = OBJ_obj2nid(aoid);
+            }
+            BIO_printf(bio_err, ", Iteration %ld, PRF %s",
+                       ASN1_INTEGER_get(kdf->iter), OBJ_nid2sn(prfnid));
+            PBKDF2PARAM_free(kdf);
+#ifndef OPENSSL_NO_SCRYPT
+        } else if (pbenid == NID_id_scrypt) {
+            SCRYPT_PARAMS *kdf = NULL;
+
+            if (aparamtype == V_ASN1_SEQUENCE)
+                kdf = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(SCRYPT_PARAMS));
+            if (kdf == NULL) {
+                BIO_puts(bio_err, ", <unsupported parameters>");
+                goto done;
+            }
+            BIO_printf(bio_err, ", Salt length: %d, Cost(N): %ld, "
+                       "Block size(r): %ld, Paralelizm(p): %ld",
+                       ASN1_STRING_length(kdf->salt),
+                       ASN1_INTEGER_get(kdf->costParameter),
+                       ASN1_INTEGER_get(kdf->blockSize),
+                       ASN1_INTEGER_get(kdf->parallelizationParameter));
+            SCRYPT_PARAMS_free(kdf);
+#endif
+        }
+        PBE2PARAM_free(pbe2);
+    } else {
+        if (aparamtype == V_ASN1_SEQUENCE)
+            pbe = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(PBEPARAM));
+        if (pbe == NULL) {
+            BIO_puts(bio_err, ", <unsupported parameters>");
+            goto done;
+        }
+        BIO_printf(bio_err, ", Iteration %ld", ASN1_INTEGER_get(pbe->iter));
+        PBEPARAM_free(pbe);
+    }
+ done:
+    BIO_puts(bio_err, "\n");
+    return 1;
+}
+
+/* Load all certificates from a given file */
+
+int cert_load(BIO *in, STACK_OF(X509) *sk)
+{
+    int ret;
+    X509 *cert;
+    ret = 0;
+    while ((cert = PEM_read_bio_X509(in, NULL, NULL, NULL))) {
+        ret = 1;
+        sk_X509_push(sk, cert);
+    }
+    if (ret)
+        ERR_clear_error();
+    return ret;
+}
+
+/* Generalised attribute print: handle PKCS#8 and bag attributes */
+
+int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst,
+                  const char *name)
+{
+    X509_ATTRIBUTE *attr;
+    ASN1_TYPE *av;
+    char *value;
+    int i, attr_nid;
+    if (!attrlst) {
+        BIO_printf(out, "%s: <No Attributes>\n", name);
+        return 1;
+    }
+    if (!sk_X509_ATTRIBUTE_num(attrlst)) {
+        BIO_printf(out, "%s: <Empty Attributes>\n", name);
+        return 1;
+    }
+    BIO_printf(out, "%s\n", name);
+    for (i = 0; i < sk_X509_ATTRIBUTE_num(attrlst); i++) {
+        ASN1_OBJECT *attr_obj;
+        attr = sk_X509_ATTRIBUTE_value(attrlst, i);
+        attr_obj = X509_ATTRIBUTE_get0_object(attr);
+        attr_nid = OBJ_obj2nid(attr_obj);
+        BIO_printf(out, "    ");
+        if (attr_nid == NID_undef) {
+            i2a_ASN1_OBJECT(out, attr_obj);
+            BIO_printf(out, ": ");
+        } else {
+            BIO_printf(out, "%s: ", OBJ_nid2ln(attr_nid));
+        }
+
+        if (X509_ATTRIBUTE_count(attr)) {
+            av = X509_ATTRIBUTE_get0_type(attr, 0);
+            switch (av->type) {
+            case V_ASN1_BMPSTRING:
+                value = OPENSSL_uni2asc(av->value.bmpstring->data,
+                                        av->value.bmpstring->length);
+                BIO_printf(out, "%s\n", value);
+                OPENSSL_free(value);
+                break;
+
+            case V_ASN1_OCTET_STRING:
+                hex_prin(out, av->value.octet_string->data,
+                         av->value.octet_string->length);
+                BIO_printf(out, "\n");
+                break;
+
+            case V_ASN1_BIT_STRING:
+                hex_prin(out, av->value.bit_string->data,
+                         av->value.bit_string->length);
+                BIO_printf(out, "\n");
+                break;
+
+            default:
+                BIO_printf(out, "<Unsupported tag %d>\n", av->type);
+                break;
+            }
+        } else {
+            BIO_printf(out, "<No Values>\n");
+        }
+    }
+    return 1;
+}
+
+void hex_prin(BIO *out, unsigned char *buf, int len)
+{
+    int i;
+    for (i = 0; i < len; i++)
+        BIO_printf(out, "%02X ", buf[i]);
+}
+
+static int set_pbe(int *ppbe, const char *str)
+{
+    if (!str)
+        return 0;
+    if (strcmp(str, "NONE") == 0) {
+        *ppbe = -1;
+        return 1;
+    }
+    *ppbe = OBJ_txt2nid(str);
+    if (*ppbe == NID_undef) {
+        BIO_printf(bio_err, "Unknown PBE algorithm %s\n", str);
+        return 0;
+    }
+    return 1;
+}
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/pkcs7.c b/trunk/3rdparty/openssl-1.1-fit/apps/pkcs7.c
new file mode 100644
index 000000000..c3e9f5c69
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/pkcs7.c
@@ -0,0 +1,198 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/err.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pem.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_NOOUT,
+    OPT_TEXT, OPT_PRINT, OPT_PRINT_CERTS, OPT_ENGINE
+} OPTION_CHOICE;
+
+const OPTIONS pkcs7_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"inform", OPT_INFORM, 'F', "Input format - DER or PEM"},
+    {"in", OPT_IN, '<', "Input file"},
+    {"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"noout", OPT_NOOUT, '-', "Don't output encoded data"},
+    {"text", OPT_TEXT, '-', "Print full details of certificates"},
+    {"print", OPT_PRINT, '-', "Print out all fields of the PKCS7 structure"},
+    {"print_certs", OPT_PRINT_CERTS, '-',
+     "Print_certs  print any certs or crl in the input"},
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+    {NULL}
+};
+
+int pkcs7_main(int argc, char **argv)
+{
+    ENGINE *e = NULL;
+    PKCS7 *p7 = NULL;
+    BIO *in = NULL, *out = NULL;
+    int informat = FORMAT_PEM, outformat = FORMAT_PEM;
+    char *infile = NULL, *outfile = NULL, *prog;
+    int i, print_certs = 0, text = 0, noout = 0, p7_print = 0, ret = 1;
+    OPTION_CHOICE o;
+
+    prog = opt_init(argc, argv, pkcs7_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(pkcs7_options);
+            ret = 0;
+            goto end;
+        case OPT_INFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
+                goto opthelp;
+            break;
+        case OPT_OUTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
+                goto opthelp;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_NOOUT:
+            noout = 1;
+            break;
+        case OPT_TEXT:
+            text = 1;
+            break;
+        case OPT_PRINT:
+            p7_print = 1;
+            break;
+        case OPT_PRINT_CERTS:
+            print_certs = 1;
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    in = bio_open_default(infile, 'r', informat);
+    if (in == NULL)
+        goto end;
+
+    if (informat == FORMAT_ASN1)
+        p7 = d2i_PKCS7_bio(in, NULL);
+    else
+        p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
+    if (p7 == NULL) {
+        BIO_printf(bio_err, "unable to load PKCS7 object\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    out = bio_open_default(outfile, 'w', outformat);
+    if (out == NULL)
+        goto end;
+
+    if (p7_print)
+        PKCS7_print_ctx(out, p7, 0, NULL);
+
+    if (print_certs) {
+        STACK_OF(X509) *certs = NULL;
+        STACK_OF(X509_CRL) *crls = NULL;
+
+        i = OBJ_obj2nid(p7->type);
+        switch (i) {
+        case NID_pkcs7_signed:
+            if (p7->d.sign != NULL) {
+                certs = p7->d.sign->cert;
+                crls = p7->d.sign->crl;
+            }
+            break;
+        case NID_pkcs7_signedAndEnveloped:
+            if (p7->d.signed_and_enveloped != NULL) {
+                certs = p7->d.signed_and_enveloped->cert;
+                crls = p7->d.signed_and_enveloped->crl;
+            }
+            break;
+        default:
+            break;
+        }
+
+        if (certs != NULL) {
+            X509 *x;
+
+            for (i = 0; i < sk_X509_num(certs); i++) {
+                x = sk_X509_value(certs, i);
+                if (text)
+                    X509_print(out, x);
+                else
+                    dump_cert_text(out, x);
+
+                if (!noout)
+                    PEM_write_bio_X509(out, x);
+                BIO_puts(out, "\n");
+            }
+        }
+        if (crls != NULL) {
+            X509_CRL *crl;
+
+            for (i = 0; i < sk_X509_CRL_num(crls); i++) {
+                crl = sk_X509_CRL_value(crls, i);
+
+                X509_CRL_print_ex(out, crl, get_nameopt());
+
+                if (!noout)
+                    PEM_write_bio_X509_CRL(out, crl);
+                BIO_puts(out, "\n");
+            }
+        }
+
+        ret = 0;
+        goto end;
+    }
+
+    if (!noout) {
+        if (outformat == FORMAT_ASN1)
+            i = i2d_PKCS7_bio(out, p7);
+        else
+            i = PEM_write_bio_PKCS7(out, p7);
+
+        if (!i) {
+            BIO_printf(bio_err, "unable to write pkcs7 object\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+    ret = 0;
+ end:
+    PKCS7_free(p7);
+    release_engine(e);
+    BIO_free(in);
+    BIO_free_all(out);
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/pkcs8.c b/trunk/3rdparty/openssl-1.1-fit/apps/pkcs8.c
new file mode 100644
index 000000000..205536560
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/pkcs8.c
@@ -0,0 +1,359 @@
+/*
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/pkcs12.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_IN, OPT_OUT,
+    OPT_TOPK8, OPT_NOITER, OPT_NOCRYPT,
+#ifndef OPENSSL_NO_SCRYPT
+    OPT_SCRYPT, OPT_SCRYPT_N, OPT_SCRYPT_R, OPT_SCRYPT_P,
+#endif
+    OPT_V2, OPT_V1, OPT_V2PRF, OPT_ITER, OPT_PASSIN, OPT_PASSOUT,
+    OPT_TRADITIONAL,
+    OPT_R_ENUM
+} OPTION_CHOICE;
+
+const OPTIONS pkcs8_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"inform", OPT_INFORM, 'F', "Input format (DER or PEM)"},
+    {"outform", OPT_OUTFORM, 'F', "Output format (DER or PEM)"},
+    {"in", OPT_IN, '<', "Input file"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"topk8", OPT_TOPK8, '-', "Output PKCS8 file"},
+    {"noiter", OPT_NOITER, '-', "Use 1 as iteration count"},
+    {"nocrypt", OPT_NOCRYPT, '-', "Use or expect unencrypted private key"},
+    OPT_R_OPTIONS,
+    {"v2", OPT_V2, 's', "Use PKCS#5 v2.0 and cipher"},
+    {"v1", OPT_V1, 's', "Use PKCS#5 v1.5 and cipher"},
+    {"v2prf", OPT_V2PRF, 's', "Set the PRF algorithm to use with PKCS#5 v2.0"},
+    {"iter", OPT_ITER, 'p', "Specify the iteration count"},
+    {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+    {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
+    {"traditional", OPT_TRADITIONAL, '-', "use traditional format private key"},
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+#ifndef OPENSSL_NO_SCRYPT
+    {"scrypt", OPT_SCRYPT, '-', "Use scrypt algorithm"},
+    {"scrypt_N", OPT_SCRYPT_N, 's', "Set scrypt N parameter"},
+    {"scrypt_r", OPT_SCRYPT_R, 's', "Set scrypt r parameter"},
+    {"scrypt_p", OPT_SCRYPT_P, 's', "Set scrypt p parameter"},
+#endif
+    {NULL}
+};
+
+int pkcs8_main(int argc, char **argv)
+{
+    BIO *in = NULL, *out = NULL;
+    ENGINE *e = NULL;
+    EVP_PKEY *pkey = NULL;
+    PKCS8_PRIV_KEY_INFO *p8inf = NULL;
+    X509_SIG *p8 = NULL;
+    const EVP_CIPHER *cipher = NULL;
+    char *infile = NULL, *outfile = NULL;
+    char *passinarg = NULL, *passoutarg = NULL, *prog;
+#ifndef OPENSSL_NO_UI_CONSOLE
+    char pass[APP_PASS_LEN];
+#endif
+    char *passin = NULL, *passout = NULL, *p8pass = NULL;
+    OPTION_CHOICE o;
+    int nocrypt = 0, ret = 1, iter = PKCS12_DEFAULT_ITER;
+    int informat = FORMAT_PEM, outformat = FORMAT_PEM, topk8 = 0, pbe_nid = -1;
+    int private = 0, traditional = 0;
+#ifndef OPENSSL_NO_SCRYPT
+    long scrypt_N = 0, scrypt_r = 0, scrypt_p = 0;
+#endif
+
+    prog = opt_init(argc, argv, pkcs8_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(pkcs8_options);
+            ret = 0;
+            goto end;
+        case OPT_INFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
+                goto opthelp;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
+                goto opthelp;
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_TOPK8:
+            topk8 = 1;
+            break;
+        case OPT_NOITER:
+            iter = 1;
+            break;
+        case OPT_NOCRYPT:
+            nocrypt = 1;
+            break;
+        case OPT_R_CASES:
+            if (!opt_rand(o))
+                goto end;
+            break;
+        case OPT_TRADITIONAL:
+            traditional = 1;
+            break;
+        case OPT_V2:
+            if (!opt_cipher(opt_arg(), &cipher))
+                goto opthelp;
+            break;
+        case OPT_V1:
+            pbe_nid = OBJ_txt2nid(opt_arg());
+            if (pbe_nid == NID_undef) {
+                BIO_printf(bio_err,
+                           "%s: Unknown PBE algorithm %s\n", prog, opt_arg());
+                goto opthelp;
+            }
+            break;
+        case OPT_V2PRF:
+            pbe_nid = OBJ_txt2nid(opt_arg());
+            if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, pbe_nid, NULL, NULL, 0)) {
+                BIO_printf(bio_err,
+                           "%s: Unknown PRF algorithm %s\n", prog, opt_arg());
+                goto opthelp;
+            }
+            if (cipher == NULL)
+                cipher = EVP_aes_256_cbc();
+            break;
+        case OPT_ITER:
+            if (!opt_int(opt_arg(), &iter))
+                goto opthelp;
+            break;
+        case OPT_PASSIN:
+            passinarg = opt_arg();
+            break;
+        case OPT_PASSOUT:
+            passoutarg = opt_arg();
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+#ifndef OPENSSL_NO_SCRYPT
+        case OPT_SCRYPT:
+            scrypt_N = 16384;
+            scrypt_r = 8;
+            scrypt_p = 1;
+            if (cipher == NULL)
+                cipher = EVP_aes_256_cbc();
+            break;
+        case OPT_SCRYPT_N:
+            if (!opt_long(opt_arg(), &scrypt_N) || scrypt_N <= 0)
+                goto opthelp;
+            break;
+        case OPT_SCRYPT_R:
+            if (!opt_long(opt_arg(), &scrypt_r) || scrypt_r <= 0)
+                goto opthelp;
+            break;
+        case OPT_SCRYPT_P:
+            if (!opt_long(opt_arg(), &scrypt_p) || scrypt_p <= 0)
+                goto opthelp;
+            break;
+#endif
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    private = 1;
+
+    if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
+        BIO_printf(bio_err, "Error getting passwords\n");
+        goto end;
+    }
+
+    if ((pbe_nid == -1) && cipher == NULL)
+        cipher = EVP_aes_256_cbc();
+
+    in = bio_open_default(infile, 'r', informat);
+    if (in == NULL)
+        goto end;
+    out = bio_open_owner(outfile, outformat, private);
+    if (out == NULL)
+        goto end;
+
+    if (topk8) {
+        pkey = load_key(infile, informat, 1, passin, e, "key");
+        if (pkey == NULL)
+            goto end;
+        if ((p8inf = EVP_PKEY2PKCS8(pkey)) == NULL) {
+            BIO_printf(bio_err, "Error converting key\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        if (nocrypt) {
+            assert(private);
+            if (outformat == FORMAT_PEM) {
+                PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf);
+            } else if (outformat == FORMAT_ASN1) {
+                i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf);
+            } else {
+                BIO_printf(bio_err, "Bad format specified for key\n");
+                goto end;
+            }
+        } else {
+            X509_ALGOR *pbe;
+            if (cipher) {
+#ifndef OPENSSL_NO_SCRYPT
+                if (scrypt_N && scrypt_r && scrypt_p)
+                    pbe = PKCS5_pbe2_set_scrypt(cipher, NULL, 0, NULL,
+                                                scrypt_N, scrypt_r, scrypt_p);
+                else
+#endif
+                    pbe = PKCS5_pbe2_set_iv(cipher, iter, NULL, 0, NULL,
+                                            pbe_nid);
+            } else {
+                pbe = PKCS5_pbe_set(pbe_nid, iter, NULL, 0);
+            }
+            if (pbe == NULL) {
+                BIO_printf(bio_err, "Error setting PBE algorithm\n");
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+            if (passout != NULL) {
+                p8pass = passout;
+            } else if (1) {
+                /* To avoid bit rot */
+#ifndef OPENSSL_NO_UI_CONSOLE
+                p8pass = pass;
+                if (EVP_read_pw_string
+                    (pass, sizeof(pass), "Enter Encryption Password:", 1)) {
+                    X509_ALGOR_free(pbe);
+                    goto end;
+                }
+            } else {
+#endif
+                BIO_printf(bio_err, "Password required\n");
+                goto end;
+            }
+            p8 = PKCS8_set0_pbe(p8pass, strlen(p8pass), p8inf, pbe);
+            if (p8 == NULL) {
+                X509_ALGOR_free(pbe);
+                BIO_printf(bio_err, "Error encrypting key\n");
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+            assert(private);
+            if (outformat == FORMAT_PEM)
+                PEM_write_bio_PKCS8(out, p8);
+            else if (outformat == FORMAT_ASN1)
+                i2d_PKCS8_bio(out, p8);
+            else {
+                BIO_printf(bio_err, "Bad format specified for key\n");
+                goto end;
+            }
+        }
+
+        ret = 0;
+        goto end;
+    }
+
+    if (nocrypt) {
+        if (informat == FORMAT_PEM) {
+            p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in, NULL, NULL, NULL);
+        } else if (informat == FORMAT_ASN1) {
+            p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL);
+        } else {
+            BIO_printf(bio_err, "Bad format specified for key\n");
+            goto end;
+        }
+    } else {
+        if (informat == FORMAT_PEM) {
+            p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL);
+        } else if (informat == FORMAT_ASN1) {
+            p8 = d2i_PKCS8_bio(in, NULL);
+        } else {
+            BIO_printf(bio_err, "Bad format specified for key\n");
+            goto end;
+        }
+
+        if (p8 == NULL) {
+            BIO_printf(bio_err, "Error reading key\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        if (passin != NULL) {
+            p8pass = passin;
+        } else if (1) {
+#ifndef OPENSSL_NO_UI_CONSOLE
+            p8pass = pass;
+            if (EVP_read_pw_string(pass, sizeof(pass), "Enter Password:", 0)) {
+                BIO_printf(bio_err, "Can't read Password\n");
+                goto end;
+            }
+        } else {
+#endif
+            BIO_printf(bio_err, "Password required\n");
+            goto end;
+        }
+        p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass));
+    }
+
+    if (p8inf == NULL) {
+        BIO_printf(bio_err, "Error decrypting key\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    if ((pkey = EVP_PKCS82PKEY(p8inf)) == NULL) {
+        BIO_printf(bio_err, "Error converting key\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    assert(private);
+    if (outformat == FORMAT_PEM) {
+        if (traditional)
+            PEM_write_bio_PrivateKey_traditional(out, pkey, NULL, NULL, 0,
+                                                 NULL, passout);
+        else
+            PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout);
+    } else if (outformat == FORMAT_ASN1) {
+        i2d_PrivateKey_bio(out, pkey);
+    } else {
+        BIO_printf(bio_err, "Bad format specified for key\n");
+        goto end;
+    }
+    ret = 0;
+
+ end:
+    X509_SIG_free(p8);
+    PKCS8_PRIV_KEY_INFO_free(p8inf);
+    EVP_PKEY_free(pkey);
+    release_engine(e);
+    BIO_free_all(out);
+    BIO_free(in);
+    OPENSSL_free(passin);
+    OPENSSL_free(passout);
+
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/pkey.c b/trunk/3rdparty/openssl-1.1-fit/apps/pkey.c
new file mode 100644
index 000000000..0dd5590bd
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/pkey.c
@@ -0,0 +1,243 @@
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_INFORM, OPT_OUTFORM, OPT_PASSIN, OPT_PASSOUT, OPT_ENGINE,
+    OPT_IN, OPT_OUT, OPT_PUBIN, OPT_PUBOUT, OPT_TEXT_PUB,
+    OPT_TEXT, OPT_NOOUT, OPT_MD, OPT_TRADITIONAL, OPT_CHECK, OPT_PUB_CHECK
+} OPTION_CHOICE;
+
+const OPTIONS pkey_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"inform", OPT_INFORM, 'f', "Input format (DER or PEM)"},
+    {"outform", OPT_OUTFORM, 'F', "Output format (DER or PEM)"},
+    {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+    {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
+    {"in", OPT_IN, 's', "Input key"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"pubin", OPT_PUBIN, '-',
+     "Read public key from input (default is private key)"},
+    {"pubout", OPT_PUBOUT, '-', "Output public key, not private"},
+    {"text_pub", OPT_TEXT_PUB, '-', "Only output public key components"},
+    {"text", OPT_TEXT, '-', "Output in plaintext as well"},
+    {"noout", OPT_NOOUT, '-', "Don't output the key"},
+    {"", OPT_MD, '-', "Any supported cipher"},
+    {"traditional", OPT_TRADITIONAL, '-',
+     "Use traditional format for private keys"},
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+    {"check", OPT_CHECK, '-', "Check key consistency"},
+    {"pubcheck", OPT_PUB_CHECK, '-', "Check public key consistency"},
+    {NULL}
+};
+
+int pkey_main(int argc, char **argv)
+{
+    BIO *in = NULL, *out = NULL;
+    ENGINE *e = NULL;
+    EVP_PKEY *pkey = NULL;
+    const EVP_CIPHER *cipher = NULL;
+    char *infile = NULL, *outfile = NULL, *passin = NULL, *passout = NULL;
+    char *passinarg = NULL, *passoutarg = NULL, *prog;
+    OPTION_CHOICE o;
+    int informat = FORMAT_PEM, outformat = FORMAT_PEM;
+    int pubin = 0, pubout = 0, pubtext = 0, text = 0, noout = 0, ret = 1;
+    int private = 0, traditional = 0, check = 0, pub_check = 0;
+
+    prog = opt_init(argc, argv, pkey_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(pkey_options);
+            ret = 0;
+            goto end;
+        case OPT_INFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_ANY, &informat))
+                goto opthelp;
+            break;
+        case OPT_OUTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
+                goto opthelp;
+            break;
+        case OPT_PASSIN:
+            passinarg = opt_arg();
+            break;
+        case OPT_PASSOUT:
+            passoutarg = opt_arg();
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_PUBIN:
+            pubin = pubout = pubtext = 1;
+            break;
+        case OPT_PUBOUT:
+            pubout = 1;
+            break;
+        case OPT_TEXT_PUB:
+            pubtext = text = 1;
+            break;
+        case OPT_TEXT:
+            text = 1;
+            break;
+        case OPT_NOOUT:
+            noout = 1;
+            break;
+        case OPT_TRADITIONAL:
+            traditional = 1;
+            break;
+        case OPT_CHECK:
+            check = 1;
+            break;
+        case OPT_PUB_CHECK:
+            pub_check = 1;
+            break;
+        case OPT_MD:
+            if (!opt_cipher(opt_unknown(), &cipher))
+                goto opthelp;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    private = !noout && !pubout ? 1 : 0;
+    if (text && !pubtext)
+        private = 1;
+
+    if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
+        BIO_printf(bio_err, "Error getting passwords\n");
+        goto end;
+    }
+
+    out = bio_open_owner(outfile, outformat, private);
+    if (out == NULL)
+        goto end;
+
+    if (pubin)
+        pkey = load_pubkey(infile, informat, 1, passin, e, "Public Key");
+    else
+        pkey = load_key(infile, informat, 1, passin, e, "key");
+    if (pkey == NULL)
+        goto end;
+
+    if (check || pub_check) {
+        int r;
+        EVP_PKEY_CTX *ctx;
+
+        ctx = EVP_PKEY_CTX_new(pkey, e);
+        if (ctx == NULL) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+
+        if (check)
+            r = EVP_PKEY_check(ctx);
+        else
+            r = EVP_PKEY_public_check(ctx);
+
+        if (r == 1) {
+            BIO_printf(out, "Key is valid\n");
+        } else {
+            /*
+             * Note: at least for RSA keys if this function returns
+             * -1, there will be no error reasons.
+             */
+            unsigned long err;
+
+            BIO_printf(out, "Key is invalid\n");
+
+            while ((err = ERR_peek_error()) != 0) {
+                BIO_printf(out, "Detailed error: %s\n",
+                           ERR_reason_error_string(err));
+                ERR_get_error(); /* remove err from error stack */
+            }
+        }
+        EVP_PKEY_CTX_free(ctx);
+    }
+
+    if (!noout) {
+        if (outformat == FORMAT_PEM) {
+            if (pubout) {
+                if (!PEM_write_bio_PUBKEY(out, pkey))
+                    goto end;
+            } else {
+                assert(private);
+                if (traditional) {
+                    if (!PEM_write_bio_PrivateKey_traditional(out, pkey, cipher,
+                                                              NULL, 0, NULL,
+                                                              passout))
+                        goto end;
+                } else {
+                    if (!PEM_write_bio_PrivateKey(out, pkey, cipher,
+                                                  NULL, 0, NULL, passout))
+                        goto end;
+                }
+            }
+        } else if (outformat == FORMAT_ASN1) {
+            if (pubout) {
+                if (!i2d_PUBKEY_bio(out, pkey))
+                    goto end;
+            } else {
+                assert(private);
+                if (!i2d_PrivateKey_bio(out, pkey))
+                    goto end;
+            }
+        } else {
+            BIO_printf(bio_err, "Bad format specified for key\n");
+            goto end;
+        }
+    }
+
+    if (text) {
+        if (pubtext) {
+            if (EVP_PKEY_print_public(out, pkey, 0, NULL) <= 0)
+                goto end;
+        } else {
+            assert(private);
+            if (EVP_PKEY_print_private(out, pkey, 0, NULL) <= 0)
+                goto end;
+        }
+    }
+
+    ret = 0;
+
+ end:
+    if (ret != 0)
+        ERR_print_errors(bio_err);
+    EVP_PKEY_free(pkey);
+    release_engine(e);
+    BIO_free_all(out);
+    BIO_free(in);
+    OPENSSL_free(passin);
+    OPENSSL_free(passout);
+
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/pkeyparam.c b/trunk/3rdparty/openssl-1.1-fit/apps/pkeyparam.c
new file mode 100644
index 000000000..41c3f532b
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/pkeyparam.c
@@ -0,0 +1,142 @@
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_IN, OPT_OUT, OPT_TEXT, OPT_NOOUT,
+    OPT_ENGINE, OPT_CHECK
+} OPTION_CHOICE;
+
+const OPTIONS pkeyparam_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"in", OPT_IN, '<', "Input file"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"text", OPT_TEXT, '-', "Print parameters as text"},
+    {"noout", OPT_NOOUT, '-', "Don't output encoded parameters"},
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+    {"check", OPT_CHECK, '-', "Check key param consistency"},
+    {NULL}
+};
+
+int pkeyparam_main(int argc, char **argv)
+{
+    ENGINE *e = NULL;
+    BIO *in = NULL, *out = NULL;
+    EVP_PKEY *pkey = NULL;
+    int text = 0, noout = 0, ret = 1, check = 0;
+    OPTION_CHOICE o;
+    char *infile = NULL, *outfile = NULL, *prog;
+
+    prog = opt_init(argc, argv, pkeyparam_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(pkeyparam_options);
+            ret = 0;
+            goto end;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_TEXT:
+            text = 1;
+            break;
+        case OPT_NOOUT:
+            noout = 1;
+            break;
+        case OPT_CHECK:
+            check = 1;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    in = bio_open_default(infile, 'r', FORMAT_PEM);
+    if (in == NULL)
+        goto end;
+    out = bio_open_default(outfile, 'w', FORMAT_PEM);
+    if (out == NULL)
+        goto end;
+    pkey = PEM_read_bio_Parameters(in, NULL);
+    if (pkey == NULL) {
+        BIO_printf(bio_err, "Error reading parameters\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    if (check) {
+        int r;
+        EVP_PKEY_CTX *ctx;
+
+        ctx = EVP_PKEY_CTX_new(pkey, e);
+        if (ctx == NULL) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+
+        r = EVP_PKEY_param_check(ctx);
+
+        if (r == 1) {
+            BIO_printf(out, "Parameters are valid\n");
+        } else {
+            /*
+             * Note: at least for RSA keys if this function returns
+             * -1, there will be no error reasons.
+             */
+            unsigned long err;
+
+            BIO_printf(out, "Parameters are invalid\n");
+
+            while ((err = ERR_peek_error()) != 0) {
+                BIO_printf(out, "Detailed error: %s\n",
+                           ERR_reason_error_string(err));
+                ERR_get_error(); /* remove err from error stack */
+            }
+        }
+        EVP_PKEY_CTX_free(ctx);
+    }
+
+    if (!noout)
+        PEM_write_bio_Parameters(out, pkey);
+
+    if (text)
+        EVP_PKEY_print_params(out, pkey, 0, NULL);
+
+    ret = 0;
+
+ end:
+    EVP_PKEY_free(pkey);
+    release_engine(e);
+    BIO_free_all(out);
+    BIO_free(in);
+
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/pkeyutl.c b/trunk/3rdparty/openssl-1.1-fit/apps/pkeyutl.c
new file mode 100644
index 000000000..2c4e524b6
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/pkeyutl.c
@@ -0,0 +1,525 @@
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "apps.h"
+#include "progs.h"
+#include <string.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/evp.h>
+
+#define KEY_NONE        0
+#define KEY_PRIVKEY     1
+#define KEY_PUBKEY      2
+#define KEY_CERT        3
+
+static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
+                              const char *keyfile, int keyform, int key_type,
+                              char *passinarg, int pkey_op, ENGINE *e,
+                              const int impl);
+
+static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file,
+                      ENGINE *e);
+
+static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
+                    unsigned char *out, size_t *poutlen,
+                    const unsigned char *in, size_t inlen);
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_ENGINE, OPT_ENGINE_IMPL, OPT_IN, OPT_OUT,
+    OPT_PUBIN, OPT_CERTIN, OPT_ASN1PARSE, OPT_HEXDUMP, OPT_SIGN,
+    OPT_VERIFY, OPT_VERIFYRECOVER, OPT_REV, OPT_ENCRYPT, OPT_DECRYPT,
+    OPT_DERIVE, OPT_SIGFILE, OPT_INKEY, OPT_PEERKEY, OPT_PASSIN,
+    OPT_PEERFORM, OPT_KEYFORM, OPT_PKEYOPT, OPT_KDF, OPT_KDFLEN,
+    OPT_R_ENUM
+} OPTION_CHOICE;
+
+const OPTIONS pkeyutl_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"in", OPT_IN, '<', "Input file - default stdin"},
+    {"out", OPT_OUT, '>', "Output file - default stdout"},
+    {"pubin", OPT_PUBIN, '-', "Input is a public key"},
+    {"certin", OPT_CERTIN, '-', "Input is a cert with a public key"},
+    {"asn1parse", OPT_ASN1PARSE, '-', "asn1parse the output data"},
+    {"hexdump", OPT_HEXDUMP, '-', "Hex dump output"},
+    {"sign", OPT_SIGN, '-', "Sign input data with private key"},
+    {"verify", OPT_VERIFY, '-', "Verify with public key"},
+    {"verifyrecover", OPT_VERIFYRECOVER, '-',
+     "Verify with public key, recover original data"},
+    {"rev", OPT_REV, '-', "Reverse the order of the input buffer"},
+    {"encrypt", OPT_ENCRYPT, '-', "Encrypt input data with public key"},
+    {"decrypt", OPT_DECRYPT, '-', "Decrypt input data with private key"},
+    {"derive", OPT_DERIVE, '-', "Derive shared secret"},
+    {"kdf", OPT_KDF, 's', "Use KDF algorithm"},
+    {"kdflen", OPT_KDFLEN, 'p', "KDF algorithm output length"},
+    {"sigfile", OPT_SIGFILE, '<', "Signature file (verify operation only)"},
+    {"inkey", OPT_INKEY, 's', "Input private key file"},
+    {"peerkey", OPT_PEERKEY, 's', "Peer key file used in key derivation"},
+    {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+    {"peerform", OPT_PEERFORM, 'E', "Peer key format - default PEM"},
+    {"keyform", OPT_KEYFORM, 'E', "Private key format - default PEM"},
+    {"pkeyopt", OPT_PKEYOPT, 's', "Public key options as opt:value"},
+    OPT_R_OPTIONS,
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+    {"engine_impl", OPT_ENGINE_IMPL, '-',
+     "Also use engine given by -engine for crypto operations"},
+#endif
+    {NULL}
+};
+
+int pkeyutl_main(int argc, char **argv)
+{
+    BIO *in = NULL, *out = NULL;
+    ENGINE *e = NULL;
+    EVP_PKEY_CTX *ctx = NULL;
+    char *infile = NULL, *outfile = NULL, *sigfile = NULL, *passinarg = NULL;
+    char hexdump = 0, asn1parse = 0, rev = 0, *prog;
+    unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL;
+    OPTION_CHOICE o;
+    int buf_inlen = 0, siglen = -1, keyform = FORMAT_PEM, peerform = FORMAT_PEM;
+    int keysize = -1, pkey_op = EVP_PKEY_OP_SIGN, key_type = KEY_PRIVKEY;
+    int engine_impl = 0;
+    int ret = 1, rv = -1;
+    size_t buf_outlen;
+    const char *inkey = NULL;
+    const char *peerkey = NULL;
+    const char *kdfalg = NULL;
+    int kdflen = 0;
+    STACK_OF(OPENSSL_STRING) *pkeyopts = NULL;
+
+    prog = opt_init(argc, argv, pkeyutl_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(pkeyutl_options);
+            ret = 0;
+            goto end;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_SIGFILE:
+            sigfile = opt_arg();
+            break;
+        case OPT_ENGINE_IMPL:
+            engine_impl = 1;
+            break;
+        case OPT_INKEY:
+            inkey = opt_arg();
+            break;
+        case OPT_PEERKEY:
+            peerkey = opt_arg();
+            break;
+        case OPT_PASSIN:
+            passinarg = opt_arg();
+            break;
+        case OPT_PEERFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PDE, &peerform))
+                goto opthelp;
+            break;
+        case OPT_KEYFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PDE, &keyform))
+                goto opthelp;
+            break;
+        case OPT_R_CASES:
+            if (!opt_rand(o))
+                goto end;
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_PUBIN:
+            key_type = KEY_PUBKEY;
+            break;
+        case OPT_CERTIN:
+            key_type = KEY_CERT;
+            break;
+        case OPT_ASN1PARSE:
+            asn1parse = 1;
+            break;
+        case OPT_HEXDUMP:
+            hexdump = 1;
+            break;
+        case OPT_SIGN:
+            pkey_op = EVP_PKEY_OP_SIGN;
+            break;
+        case OPT_VERIFY:
+            pkey_op = EVP_PKEY_OP_VERIFY;
+            break;
+        case OPT_VERIFYRECOVER:
+            pkey_op = EVP_PKEY_OP_VERIFYRECOVER;
+            break;
+        case OPT_ENCRYPT:
+            pkey_op = EVP_PKEY_OP_ENCRYPT;
+            break;
+        case OPT_DECRYPT:
+            pkey_op = EVP_PKEY_OP_DECRYPT;
+            break;
+        case OPT_DERIVE:
+            pkey_op = EVP_PKEY_OP_DERIVE;
+            break;
+        case OPT_KDF:
+            pkey_op = EVP_PKEY_OP_DERIVE;
+            key_type = KEY_NONE;
+            kdfalg = opt_arg();
+            break;
+        case OPT_KDFLEN:
+            kdflen = atoi(opt_arg());
+            break;
+        case OPT_REV:
+            rev = 1;
+            break;
+        case OPT_PKEYOPT:
+            if ((pkeyopts == NULL &&
+                 (pkeyopts = sk_OPENSSL_STRING_new_null()) == NULL) ||
+                sk_OPENSSL_STRING_push(pkeyopts, opt_arg()) == 0) {
+                BIO_puts(bio_err, "out of memory\n");
+                goto end;
+            }
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    if (kdfalg != NULL) {
+        if (kdflen == 0) {
+            BIO_printf(bio_err,
+                       "%s: no KDF length given (-kdflen parameter).\n", prog);
+            goto opthelp;
+        }
+    } else if (inkey == NULL) {
+        BIO_printf(bio_err,
+                   "%s: no private key given (-inkey parameter).\n", prog);
+        goto opthelp;
+    } else if (peerkey != NULL && pkey_op != EVP_PKEY_OP_DERIVE) {
+        BIO_printf(bio_err,
+                   "%s: no peer key given (-peerkey parameter).\n", prog);
+        goto opthelp;
+    }
+    ctx = init_ctx(kdfalg, &keysize, inkey, keyform, key_type,
+                   passinarg, pkey_op, e, engine_impl);
+    if (ctx == NULL) {
+        BIO_printf(bio_err, "%s: Error initializing context\n", prog);
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+    if (peerkey != NULL && !setup_peer(ctx, peerform, peerkey, e)) {
+        BIO_printf(bio_err, "%s: Error setting up peer key\n", prog);
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+    if (pkeyopts != NULL) {
+        int num = sk_OPENSSL_STRING_num(pkeyopts);
+        int i;
+
+        for (i = 0; i < num; ++i) {
+            const char *opt = sk_OPENSSL_STRING_value(pkeyopts, i);
+
+            if (pkey_ctrl_string(ctx, opt) <= 0) {
+                BIO_printf(bio_err, "%s: Can't set parameter \"%s\":\n",
+                           prog, opt);
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+        }
+    }
+
+    if (sigfile != NULL && (pkey_op != EVP_PKEY_OP_VERIFY)) {
+        BIO_printf(bio_err,
+                   "%s: Signature file specified for non verify\n", prog);
+        goto end;
+    }
+
+    if (sigfile == NULL && (pkey_op == EVP_PKEY_OP_VERIFY)) {
+        BIO_printf(bio_err,
+                   "%s: No signature file specified for verify\n", prog);
+        goto end;
+    }
+
+    if (pkey_op != EVP_PKEY_OP_DERIVE) {
+        in = bio_open_default(infile, 'r', FORMAT_BINARY);
+        if (in == NULL)
+            goto end;
+    }
+    out = bio_open_default(outfile, 'w', FORMAT_BINARY);
+    if (out == NULL)
+        goto end;
+
+    if (sigfile != NULL) {
+        BIO *sigbio = BIO_new_file(sigfile, "rb");
+
+        if (sigbio == NULL) {
+            BIO_printf(bio_err, "Can't open signature file %s\n", sigfile);
+            goto end;
+        }
+        siglen = bio_to_mem(&sig, keysize * 10, sigbio);
+        BIO_free(sigbio);
+        if (siglen < 0) {
+            BIO_printf(bio_err, "Error reading signature data\n");
+            goto end;
+        }
+    }
+
+    if (in != NULL) {
+        /* Read the input data */
+        buf_inlen = bio_to_mem(&buf_in, keysize * 10, in);
+        if (buf_inlen < 0) {
+            BIO_printf(bio_err, "Error reading input Data\n");
+            goto end;
+        }
+        if (rev) {
+            size_t i;
+            unsigned char ctmp;
+            size_t l = (size_t)buf_inlen;
+            for (i = 0; i < l / 2; i++) {
+                ctmp = buf_in[i];
+                buf_in[i] = buf_in[l - 1 - i];
+                buf_in[l - 1 - i] = ctmp;
+            }
+        }
+    }
+
+    /* Sanity check the input */
+    if (buf_inlen > EVP_MAX_MD_SIZE
+            && (pkey_op == EVP_PKEY_OP_SIGN
+                || pkey_op == EVP_PKEY_OP_VERIFY
+                || pkey_op == EVP_PKEY_OP_VERIFYRECOVER)) {
+        BIO_printf(bio_err,
+                   "Error: The input data looks too long to be a hash\n");
+        goto end;
+    }
+
+    if (pkey_op == EVP_PKEY_OP_VERIFY) {
+        rv = EVP_PKEY_verify(ctx, sig, (size_t)siglen,
+                             buf_in, (size_t)buf_inlen);
+        if (rv == 1) {
+            BIO_puts(out, "Signature Verified Successfully\n");
+            ret = 0;
+        } else {
+            BIO_puts(out, "Signature Verification Failure\n");
+        }
+        goto end;
+    }
+    if (kdflen != 0) {
+        buf_outlen = kdflen;
+        rv = 1;
+    } else {
+        rv = do_keyop(ctx, pkey_op, NULL, (size_t *)&buf_outlen,
+                      buf_in, (size_t)buf_inlen);
+    }
+    if (rv > 0 && buf_outlen != 0) {
+        buf_out = app_malloc(buf_outlen, "buffer output");
+        rv = do_keyop(ctx, pkey_op,
+                      buf_out, (size_t *)&buf_outlen,
+                      buf_in, (size_t)buf_inlen);
+    }
+    if (rv <= 0) {
+        if (pkey_op != EVP_PKEY_OP_DERIVE) {
+            BIO_puts(bio_err, "Public Key operation error\n");
+        } else {
+            BIO_puts(bio_err, "Key derivation failed\n");
+        }
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+    ret = 0;
+
+    if (asn1parse) {
+        if (!ASN1_parse_dump(out, buf_out, buf_outlen, 1, -1))
+            ERR_print_errors(bio_err);
+    } else if (hexdump) {
+        BIO_dump(out, (char *)buf_out, buf_outlen);
+    } else {
+        BIO_write(out, buf_out, buf_outlen);
+    }
+
+ end:
+    EVP_PKEY_CTX_free(ctx);
+    release_engine(e);
+    BIO_free(in);
+    BIO_free_all(out);
+    OPENSSL_free(buf_in);
+    OPENSSL_free(buf_out);
+    OPENSSL_free(sig);
+    sk_OPENSSL_STRING_free(pkeyopts);
+    return ret;
+}
+
+static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
+                              const char *keyfile, int keyform, int key_type,
+                              char *passinarg, int pkey_op, ENGINE *e,
+                              const int engine_impl)
+{
+    EVP_PKEY *pkey = NULL;
+    EVP_PKEY_CTX *ctx = NULL;
+    ENGINE *impl = NULL;
+    char *passin = NULL;
+    int rv = -1;
+    X509 *x;
+    if (((pkey_op == EVP_PKEY_OP_SIGN) || (pkey_op == EVP_PKEY_OP_DECRYPT)
+         || (pkey_op == EVP_PKEY_OP_DERIVE))
+        && (key_type != KEY_PRIVKEY && kdfalg == NULL)) {
+        BIO_printf(bio_err, "A private key is needed for this operation\n");
+        goto end;
+    }
+    if (!app_passwd(passinarg, NULL, &passin, NULL)) {
+        BIO_printf(bio_err, "Error getting password\n");
+        goto end;
+    }
+    switch (key_type) {
+    case KEY_PRIVKEY:
+        pkey = load_key(keyfile, keyform, 0, passin, e, "Private Key");
+        break;
+
+    case KEY_PUBKEY:
+        pkey = load_pubkey(keyfile, keyform, 0, NULL, e, "Public Key");
+        break;
+
+    case KEY_CERT:
+        x = load_cert(keyfile, keyform, "Certificate");
+        if (x) {
+            pkey = X509_get_pubkey(x);
+            X509_free(x);
+        }
+        break;
+
+    case KEY_NONE:
+        break;
+
+    }
+
+#ifndef OPENSSL_NO_ENGINE
+    if (engine_impl)
+        impl = e;
+#endif
+
+    if (kdfalg != NULL) {
+        int kdfnid = OBJ_sn2nid(kdfalg);
+
+        if (kdfnid == NID_undef) {
+            kdfnid = OBJ_ln2nid(kdfalg);
+            if (kdfnid == NID_undef) {
+                BIO_printf(bio_err, "The given KDF \"%s\" is unknown.\n",
+                           kdfalg);
+                goto end;
+            }
+        }
+        ctx = EVP_PKEY_CTX_new_id(kdfnid, impl);
+    } else {
+        if (pkey == NULL)
+            goto end;
+        *pkeysize = EVP_PKEY_size(pkey);
+        ctx = EVP_PKEY_CTX_new(pkey, impl);
+        EVP_PKEY_free(pkey);
+    }
+
+    if (ctx == NULL)
+        goto end;
+
+    switch (pkey_op) {
+    case EVP_PKEY_OP_SIGN:
+        rv = EVP_PKEY_sign_init(ctx);
+        break;
+
+    case EVP_PKEY_OP_VERIFY:
+        rv = EVP_PKEY_verify_init(ctx);
+        break;
+
+    case EVP_PKEY_OP_VERIFYRECOVER:
+        rv = EVP_PKEY_verify_recover_init(ctx);
+        break;
+
+    case EVP_PKEY_OP_ENCRYPT:
+        rv = EVP_PKEY_encrypt_init(ctx);
+        break;
+
+    case EVP_PKEY_OP_DECRYPT:
+        rv = EVP_PKEY_decrypt_init(ctx);
+        break;
+
+    case EVP_PKEY_OP_DERIVE:
+        rv = EVP_PKEY_derive_init(ctx);
+        break;
+    }
+
+    if (rv <= 0) {
+        EVP_PKEY_CTX_free(ctx);
+        ctx = NULL;
+    }
+
+ end:
+    OPENSSL_free(passin);
+    return ctx;
+
+}
+
+static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file,
+                      ENGINE *e)
+{
+    EVP_PKEY *peer = NULL;
+    ENGINE *engine = NULL;
+    int ret;
+
+    if (peerform == FORMAT_ENGINE)
+        engine = e;
+    peer = load_pubkey(file, peerform, 0, NULL, engine, "Peer Key");
+    if (peer == NULL) {
+        BIO_printf(bio_err, "Error reading peer key %s\n", file);
+        ERR_print_errors(bio_err);
+        return 0;
+    }
+
+    ret = EVP_PKEY_derive_set_peer(ctx, peer);
+
+    EVP_PKEY_free(peer);
+    if (ret <= 0)
+        ERR_print_errors(bio_err);
+    return ret;
+}
+
+static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
+                    unsigned char *out, size_t *poutlen,
+                    const unsigned char *in, size_t inlen)
+{
+    int rv = 0;
+    switch (pkey_op) {
+    case EVP_PKEY_OP_VERIFYRECOVER:
+        rv = EVP_PKEY_verify_recover(ctx, out, poutlen, in, inlen);
+        break;
+
+    case EVP_PKEY_OP_SIGN:
+        rv = EVP_PKEY_sign(ctx, out, poutlen, in, inlen);
+        break;
+
+    case EVP_PKEY_OP_ENCRYPT:
+        rv = EVP_PKEY_encrypt(ctx, out, poutlen, in, inlen);
+        break;
+
+    case EVP_PKEY_OP_DECRYPT:
+        rv = EVP_PKEY_decrypt(ctx, out, poutlen, in, inlen);
+        break;
+
+    case EVP_PKEY_OP_DERIVE:
+        rv = EVP_PKEY_derive(ctx, out, poutlen);
+        break;
+
+    }
+    return rv;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/prime.c b/trunk/3rdparty/openssl-1.1-fit/apps/prime.c
new file mode 100644
index 000000000..694479764
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/prime.c
@@ -0,0 +1,133 @@
+/*
+ * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+
+#include "apps.h"
+#include "progs.h"
+#include <openssl/bn.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_HEX, OPT_GENERATE, OPT_BITS, OPT_SAFE, OPT_CHECKS
+} OPTION_CHOICE;
+
+const OPTIONS prime_options[] = {
+    {OPT_HELP_STR, 1, '-', "Usage: %s [options] [number...]\n"},
+    {OPT_HELP_STR, 1, '-',
+        "  number Number to check for primality\n"},
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"hex", OPT_HEX, '-', "Hex output"},
+    {"generate", OPT_GENERATE, '-', "Generate a prime"},
+    {"bits", OPT_BITS, 'p', "Size of number in bits"},
+    {"safe", OPT_SAFE, '-',
+     "When used with -generate, generate a safe prime"},
+    {"checks", OPT_CHECKS, 'p', "Number of checks"},
+    {NULL}
+};
+
+int prime_main(int argc, char **argv)
+{
+    BIGNUM *bn = NULL;
+    int hex = 0, checks = 20, generate = 0, bits = 0, safe = 0, ret = 1;
+    char *prog;
+    OPTION_CHOICE o;
+
+    prog = opt_init(argc, argv, prime_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(prime_options);
+            ret = 0;
+            goto end;
+        case OPT_HEX:
+            hex = 1;
+            break;
+        case OPT_GENERATE:
+            generate = 1;
+            break;
+        case OPT_BITS:
+            bits = atoi(opt_arg());
+            break;
+        case OPT_SAFE:
+            safe = 1;
+            break;
+        case OPT_CHECKS:
+            checks = atoi(opt_arg());
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    argv = opt_rest();
+
+    if (generate) {
+        if (argc != 0) {
+            BIO_printf(bio_err, "Extra arguments given.\n");
+            goto opthelp;
+        }
+    } else if (argc == 0) {
+        BIO_printf(bio_err, "%s: No prime specified\n", prog);
+        goto opthelp;
+    }
+
+    if (generate) {
+        char *s;
+
+        if (!bits) {
+            BIO_printf(bio_err, "Specify the number of bits.\n");
+            goto end;
+        }
+        bn = BN_new();
+        if (bn == NULL) {
+            BIO_printf(bio_err, "Out of memory.\n");
+            goto end;
+        }
+        if (!BN_generate_prime_ex(bn, bits, safe, NULL, NULL, NULL)) {
+            BIO_printf(bio_err, "Failed to generate prime.\n");
+            goto end;
+        }
+        s = hex ? BN_bn2hex(bn) : BN_bn2dec(bn);
+        if (s == NULL) {
+            BIO_printf(bio_err, "Out of memory.\n");
+            goto end;
+        }
+        BIO_printf(bio_out, "%s\n", s);
+        OPENSSL_free(s);
+    } else {
+        for ( ; *argv; argv++) {
+            int r;
+
+            if (hex)
+                r = BN_hex2bn(&bn, argv[0]);
+            else
+                r = BN_dec2bn(&bn, argv[0]);
+
+            if (!r) {
+                BIO_printf(bio_err, "Failed to process value (%s)\n", argv[0]);
+                goto end;
+            }
+
+            BN_print(bio_out, bn);
+            BIO_printf(bio_out, " (%s) %s prime\n",
+                       argv[0],
+                       BN_is_prime_ex(bn, checks, NULL, NULL)
+                           ? "is" : "is not");
+        }
+    }
+
+    ret = 0;
+ end:
+    BN_free(bn);
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/privkey.pem b/trunk/3rdparty/openssl-1.1-fit/apps/privkey.pem
new file mode 100644
index 000000000..02f34981e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/privkey.pem
@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAMo7DFNMqywUA1O/
+qvWqCOm6rGrUAcR+dKsSXw6y2qiKO7APDDyotc0b4Mxwqjga98npex2RBIwUoCGJ
+iEmMXo/a8RbXVUZ+ZwcAX7PC+XeXVC5qoajaBBkd2MvYmib/2PqnNrgvhHsUL5dO
+xhC7cRqxLM/g45k3Yyw+nGa+WkTdAgMBAAECgYBMBT5w4dVG0I8foGFnz+9hzWab
+Ee9IKjE5TcKmB93ilXQyjrWO5+zPmbc7ou6aAKk9IaPCTY1kCyzW7pho7Xdt+RFq
+TgVXGZZfqtixO7f2/5oqZAkd00eOn9ZrhBpVMu4yXbbDvhDyFe4/oy0HGDjRUhxa
+Lf6ZlBuTherxm4eFkQJBAPBQwRs9UtqaMAQlagA9pV5UsQjV1WT4IxDURMPfXgCd
+ETNkB6pP0SmxQm5xhv9N2HY1UtoWpug9s0OU5IJB15sCQQDXbfbjiujNbuOxCFNw
+68JZaCFVdNovyOWORkpenQLNEjVkmTCS9OayK09ADEYtsdpUGKeF+2EYBNkFr5px
+CajnAkBMYI4PNz1HBuwt1SpMa0tMoMQnV7bbwVV7usskKbC5pzHZUHhzM6z5gEHp
+0iEisT4Ty7zKXZqsgzefSgoaMAzzAkEAoCIaUhtwXzwdPfvNYnOs3J6doJMimECB
++lbfcyLM8TimvadtRt+KGEg/OYGmLNM2UiqdY+duzdbUpvhYGcwvYwJAQvaoi9z2
+CkiwSs/PFrLaNlfLJmXRsUBzmiWYoh6+IQJJorEXz7ewI72ee9RBO4s746cgUFwH
+Ri+qO+HhZFUBqQ==
+-----END PRIVATE KEY-----
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/progs.pl b/trunk/3rdparty/openssl-1.1-fit/apps/progs.pl
new file mode 100644
index 000000000..57671405d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/progs.pl
@@ -0,0 +1,181 @@
+#! /usr/bin/env perl
+# Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# Generate progs.h file by looking for command mains in list of C files
+# passed on the command line.
+
+use strict;
+use warnings;
+use lib '.';
+use configdata qw/@disablables %unified_info/;
+
+my %commands     = ();
+my $cmdre        = qr/^\s*int\s+([a-z_][a-z0-9_]*)_main\(\s*int\s+argc\s*,/;
+my $apps_openssl = shift @ARGV;
+my $YEAR         = [localtime()]->[5] + 1900;
+
+# because the program apps/openssl has object files as sources, and
+# they then have the corresponding C files as source, we need to chain
+# the lookups in %unified_info
+my @openssl_source =
+    map { @{$unified_info{sources}->{$_}} }
+    grep { /\.o$/ }
+        @{$unified_info{sources}->{$apps_openssl}};
+
+foreach my $filename (@openssl_source) {
+    open F, $filename or die "Couldn't open $filename: $!\n";
+    foreach ( grep /$cmdre/, <F> ) {
+        my @foo = /$cmdre/;
+        $commands{$1} = 1;
+    }
+    close F;
+}
+
+@ARGV = sort keys %commands;
+
+print <<"EOF";
+/*
+ * WARNING: do not edit!
+ * Generated by apps/progs.pl
+ *
+ * Copyright 1995-$YEAR The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+typedef enum FUNC_TYPE {
+    FT_none, FT_general, FT_md, FT_cipher, FT_pkey,
+    FT_md_alg, FT_cipher_alg
+} FUNC_TYPE;
+
+typedef struct function_st {
+    FUNC_TYPE type;
+    const char *name;
+    int (*func)(int argc, char *argv[]);
+    const OPTIONS *help;
+} FUNCTION;
+
+DEFINE_LHASH_OF(FUNCTION);
+
+EOF
+
+foreach (@ARGV) {
+    printf "extern int %s_main(int argc, char *argv[]);\n", $_;
+}
+print "\n";
+
+foreach (@ARGV) {
+    printf "extern const OPTIONS %s_options[];\n", $_;
+}
+print "\n";
+
+my %cmd_disabler = (
+    ciphers  => "sock",
+    genrsa   => "rsa",
+    rsautl   => "rsa",
+    gendsa   => "dsa",
+    dsaparam => "dsa",
+    gendh    => "dh",
+    dhparam  => "dh",
+    ecparam  => "ec",
+    pkcs12   => "des",
+);
+
+print "#ifdef INCLUDE_FUNCTION_TABLE\n";
+print "static FUNCTION functions[] = {\n";
+foreach my $cmd ( @ARGV ) {
+    my $str = "    {FT_general, \"$cmd\", ${cmd}_main, ${cmd}_options},\n";
+    if ($cmd =~ /^s_/) {
+        print "#ifndef OPENSSL_NO_SOCK\n${str}#endif\n";
+    } elsif (grep { $cmd eq $_ } @disablables) {
+        print "#ifndef OPENSSL_NO_" . uc($cmd) . "\n${str}#endif\n";
+    } elsif (my $disabler = $cmd_disabler{$cmd}) {
+        print "#ifndef OPENSSL_NO_" . uc($disabler) . "\n${str}#endif\n";
+    } else {
+        print $str;
+    }
+}
+
+my %md_disabler = (
+    blake2b512 => "blake2",
+    blake2s256 => "blake2",
+);
+foreach my $cmd (
+    "md2", "md4", "md5",
+    "gost",
+    "sha1", "sha224", "sha256", "sha384",
+    "sha512", "sha512-224", "sha512-256",
+    "sha3-224", "sha3-256", "sha3-384", "sha3-512",
+    "shake128", "shake256",
+    "mdc2", "rmd160", "blake2b512", "blake2s256",
+    "sm3"
+) {
+    my $str = "    {FT_md, \"$cmd\", dgst_main},\n";
+    if (grep { $cmd eq $_ } @disablables) {
+        print "#ifndef OPENSSL_NO_" . uc($cmd) . "\n${str}#endif\n";
+    } elsif (my $disabler = $md_disabler{$cmd}) {
+        print "#ifndef OPENSSL_NO_" . uc($disabler) . "\n${str}#endif\n";
+    } else {
+        print $str;
+    }
+}
+
+my %cipher_disabler = (
+    des3  => "des",
+    desx  => "des",
+    cast5 => "cast",
+);
+foreach my $cmd (
+    "aes-128-cbc", "aes-128-ecb",
+    "aes-192-cbc", "aes-192-ecb",
+    "aes-256-cbc", "aes-256-ecb",
+    "aria-128-cbc", "aria-128-cfb",
+    "aria-128-ctr", "aria-128-ecb", "aria-128-ofb",
+    "aria-128-cfb1", "aria-128-cfb8",
+    "aria-192-cbc", "aria-192-cfb",
+    "aria-192-ctr", "aria-192-ecb", "aria-192-ofb",
+    "aria-192-cfb1", "aria-192-cfb8",
+    "aria-256-cbc", "aria-256-cfb",
+    "aria-256-ctr", "aria-256-ecb", "aria-256-ofb",
+    "aria-256-cfb1", "aria-256-cfb8",
+    "camellia-128-cbc", "camellia-128-ecb",
+    "camellia-192-cbc", "camellia-192-ecb",
+    "camellia-256-cbc", "camellia-256-ecb",
+    "base64", "zlib",
+    "des", "des3", "desx", "idea", "seed", "rc4", "rc4-40",
+    "rc2", "bf", "cast", "rc5",
+    "des-ecb", "des-ede", "des-ede3",
+    "des-cbc", "des-ede-cbc","des-ede3-cbc",
+    "des-cfb", "des-ede-cfb","des-ede3-cfb",
+    "des-ofb", "des-ede-ofb","des-ede3-ofb",
+    "idea-cbc","idea-ecb", "idea-cfb", "idea-ofb",
+    "seed-cbc","seed-ecb", "seed-cfb", "seed-ofb",
+    "rc2-cbc", "rc2-ecb", "rc2-cfb","rc2-ofb", "rc2-64-cbc", "rc2-40-cbc",
+    "bf-cbc", "bf-ecb", "bf-cfb", "bf-ofb",
+    "cast5-cbc","cast5-ecb", "cast5-cfb","cast5-ofb",
+    "cast-cbc", "rc5-cbc", "rc5-ecb", "rc5-cfb", "rc5-ofb",
+    "sm4-cbc", "sm4-ecb", "sm4-cfb", "sm4-ofb", "sm4-ctr"
+) {
+    my $str = "    {FT_cipher, \"$cmd\", enc_main, enc_options},\n";
+    (my $algo = $cmd) =~ s/-.*//g;
+    if ($cmd eq "zlib") {
+        print "#ifdef ZLIB\n${str}#endif\n";
+    } elsif (grep { $algo eq $_ } @disablables) {
+        print "#ifndef OPENSSL_NO_" . uc($algo) . "\n${str}#endif\n";
+    } elsif (my $disabler = $cipher_disabler{$algo}) {
+        print "#ifndef OPENSSL_NO_" . uc($disabler) . "\n${str}#endif\n";
+    } else {
+        print $str;
+    }
+}
+
+print "    {0, NULL, NULL}\n};\n";
+print "#endif\n";
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/rand.c b/trunk/3rdparty/openssl-1.1-fit/apps/rand.c
new file mode 100644
index 000000000..4c6181507
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/rand.c
@@ -0,0 +1,133 @@
+/*
+ * Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "apps.h"
+#include "progs.h"
+
+#include <ctype.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_OUT, OPT_ENGINE, OPT_BASE64, OPT_HEX,
+    OPT_R_ENUM
+} OPTION_CHOICE;
+
+const OPTIONS rand_options[] = {
+    {OPT_HELP_STR, 1, '-', "Usage: %s [flags] num\n"},
+    {OPT_HELP_STR, 1, '-', "Valid options are:\n"},
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"out", OPT_OUT, '>', "Output file"},
+    OPT_R_OPTIONS,
+    {"base64", OPT_BASE64, '-', "Base64 encode output"},
+    {"hex", OPT_HEX, '-', "Hex encode output"},
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+    {NULL}
+};
+
+int rand_main(int argc, char **argv)
+{
+    ENGINE *e = NULL;
+    BIO *out = NULL;
+    char *outfile = NULL, *prog;
+    OPTION_CHOICE o;
+    int format = FORMAT_BINARY, i, num = -1, r, ret = 1;
+
+    prog = opt_init(argc, argv, rand_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(rand_options);
+            ret = 0;
+            goto end;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_R_CASES:
+            if (!opt_rand(o))
+                goto end;
+            break;
+        case OPT_BASE64:
+            format = FORMAT_BASE64;
+            break;
+        case OPT_HEX:
+            format = FORMAT_TEXT;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    argv = opt_rest();
+    if (argc == 1) {
+        if (!opt_int(argv[0], &num) || num <= 0)
+            goto end;
+    } else if (argc > 0) {
+        BIO_printf(bio_err, "Extra arguments given.\n");
+        goto opthelp;
+    }
+
+    out = bio_open_default(outfile, 'w', format);
+    if (out == NULL)
+        goto end;
+
+    if (format == FORMAT_BASE64) {
+        BIO *b64 = BIO_new(BIO_f_base64());
+        if (b64 == NULL)
+            goto end;
+        out = BIO_push(b64, out);
+    }
+
+    while (num > 0) {
+        unsigned char buf[4096];
+        int chunk;
+
+        chunk = num;
+        if (chunk > (int)sizeof(buf))
+            chunk = sizeof(buf);
+        r = RAND_bytes(buf, chunk);
+        if (r <= 0)
+            goto end;
+        if (format != FORMAT_TEXT) {
+            if (BIO_write(out, buf, chunk) != chunk)
+                goto end;
+        } else {
+            for (i = 0; i < chunk; i++)
+                if (BIO_printf(out, "%02x", buf[i]) != 2)
+                    goto end;
+        }
+        num -= chunk;
+    }
+    if (format == FORMAT_TEXT)
+        BIO_puts(out, "\n");
+    if (BIO_flush(out) <= 0)
+        goto end;
+
+    ret = 0;
+
+ end:
+    if (ret != 0)
+        ERR_print_errors(bio_err);
+    release_engine(e);
+    BIO_free_all(out);
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/rehash.c b/trunk/3rdparty/openssl-1.1-fit/apps/rehash.c
new file mode 100644
index 000000000..2b769fbce
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/rehash.c
@@ -0,0 +1,532 @@
+/*
+ * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2013-2014 Timo Teräs <timo.teras@gmail.com>
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "apps.h"
+#include "progs.h"
+
+#if defined(OPENSSL_SYS_UNIX) || defined(__APPLE__) || \
+    (defined(__VMS) && defined(__DECC) && __CRTL_VER >= 80300000)
+# include <unistd.h>
+# include <stdio.h>
+# include <limits.h>
+# include <errno.h>
+# include <string.h>
+# include <ctype.h>
+# include <sys/stat.h>
+
+/*
+ * Make sure that the processing of symbol names is treated the same as when
+ * libcrypto is built.  This is done automatically for public headers (see
+ * include/openssl/__DECC_INCLUDE_PROLOGUE.H and __DECC_INCLUDE_EPILOGUE.H),
+ * but not for internal headers.
+ */
+# ifdef __VMS
+#  pragma names save
+#  pragma names as_is,shortened
+# endif
+
+# include "internal/o_dir.h"
+
+# ifdef __VMS
+#  pragma names restore
+# endif
+
+# include <openssl/evp.h>
+# include <openssl/pem.h>
+# include <openssl/x509.h>
+
+
+# ifndef PATH_MAX
+#  define PATH_MAX 4096
+# endif
+# ifndef NAME_MAX
+#  define NAME_MAX 255
+# endif
+# define MAX_COLLISIONS  256
+
+# if defined(OPENSSL_SYS_VXWORKS)
+/*
+ * VxWorks has no symbolic links
+ */
+
+#  define lstat(path, buf) stat(path, buf)
+
+int symlink(const char *target, const char *linkpath)
+{
+    errno = ENOSYS;
+    return -1;
+}
+
+ssize_t readlink(const char *pathname, char *buf, size_t bufsiz)
+{
+    errno = ENOSYS;
+    return -1;
+}
+# endif
+
+typedef struct hentry_st {
+    struct hentry_st *next;
+    char *filename;
+    unsigned short old_id;
+    unsigned char need_symlink;
+    unsigned char digest[EVP_MAX_MD_SIZE];
+} HENTRY;
+
+typedef struct bucket_st {
+    struct bucket_st *next;
+    HENTRY *first_entry, *last_entry;
+    unsigned int hash;
+    unsigned short type;
+    unsigned short num_needed;
+} BUCKET;
+
+enum Type {
+    /* Keep in sync with |suffixes|, below. */
+    TYPE_CERT=0, TYPE_CRL=1
+};
+
+enum Hash {
+    HASH_OLD, HASH_NEW, HASH_BOTH
+};
+
+
+static int evpmdsize;
+static const EVP_MD *evpmd;
+static int remove_links = 1;
+static int verbose = 0;
+static BUCKET *hash_table[257];
+
+static const char *suffixes[] = { "", "r" };
+static const char *extensions[] = { "pem", "crt", "cer", "crl" };
+
+
+static void bit_set(unsigned char *set, unsigned int bit)
+{
+    set[bit >> 3] |= 1 << (bit & 0x7);
+}
+
+static int bit_isset(unsigned char *set, unsigned int bit)
+{
+    return set[bit >> 3] & (1 << (bit & 0x7));
+}
+
+
+/*
+ * Process an entry; return number of errors.
+ */
+static int add_entry(enum Type type, unsigned int hash, const char *filename,
+                      const unsigned char *digest, int need_symlink,
+                      unsigned short old_id)
+{
+    static BUCKET nilbucket;
+    static HENTRY nilhentry;
+    BUCKET *bp;
+    HENTRY *ep, *found = NULL;
+    unsigned int ndx = (type + hash) % OSSL_NELEM(hash_table);
+
+    for (bp = hash_table[ndx]; bp; bp = bp->next)
+        if (bp->type == type && bp->hash == hash)
+            break;
+    if (bp == NULL) {
+        bp = app_malloc(sizeof(*bp), "hash bucket");
+        *bp = nilbucket;
+        bp->next = hash_table[ndx];
+        bp->type = type;
+        bp->hash = hash;
+        hash_table[ndx] = bp;
+    }
+
+    for (ep = bp->first_entry; ep; ep = ep->next) {
+        if (digest && memcmp(digest, ep->digest, evpmdsize) == 0) {
+            BIO_printf(bio_err,
+                       "%s: warning: skipping duplicate %s in %s\n",
+                       opt_getprog(),
+                       type == TYPE_CERT ? "certificate" : "CRL", filename);
+            return 0;
+        }
+        if (strcmp(filename, ep->filename) == 0) {
+            found = ep;
+            if (digest == NULL)
+                break;
+        }
+    }
+    ep = found;
+    if (ep == NULL) {
+        if (bp->num_needed >= MAX_COLLISIONS) {
+            BIO_printf(bio_err,
+                       "%s: error: hash table overflow for %s\n",
+                       opt_getprog(), filename);
+            return 1;
+        }
+        ep = app_malloc(sizeof(*ep), "collision bucket");
+        *ep = nilhentry;
+        ep->old_id = ~0;
+        ep->filename = OPENSSL_strdup(filename);
+        if (bp->last_entry)
+            bp->last_entry->next = ep;
+        if (bp->first_entry == NULL)
+            bp->first_entry = ep;
+        bp->last_entry = ep;
+    }
+
+    if (old_id < ep->old_id)
+        ep->old_id = old_id;
+    if (need_symlink && !ep->need_symlink) {
+        ep->need_symlink = 1;
+        bp->num_needed++;
+        memcpy(ep->digest, digest, evpmdsize);
+    }
+    return 0;
+}
+
+/*
+ * Check if a symlink goes to the right spot; return 0 if okay.
+ * This can be -1 if bad filename, or an error count.
+ */
+static int handle_symlink(const char *filename, const char *fullpath)
+{
+    unsigned int hash = 0;
+    int i, type, id;
+    unsigned char ch;
+    char linktarget[PATH_MAX], *endptr;
+    ossl_ssize_t n;
+
+    for (i = 0; i < 8; i++) {
+        ch = filename[i];
+        if (!isxdigit(ch))
+            return -1;
+        hash <<= 4;
+        hash += OPENSSL_hexchar2int(ch);
+    }
+    if (filename[i++] != '.')
+        return -1;
+    for (type = OSSL_NELEM(suffixes) - 1; type > 0; type--) {
+        const char *suffix = suffixes[type];
+        if (strncasecmp(suffix, &filename[i], strlen(suffix)) == 0)
+            break;
+    }
+    i += strlen(suffixes[type]);
+
+    id = strtoul(&filename[i], &endptr, 10);
+    if (*endptr != '\0')
+        return -1;
+
+    n = readlink(fullpath, linktarget, sizeof(linktarget));
+    if (n < 0 || n >= (int)sizeof(linktarget))
+        return -1;
+    linktarget[n] = 0;
+
+    return add_entry(type, hash, linktarget, NULL, 0, id);
+}
+
+/*
+ * process a file, return number of errors.
+ */
+static int do_file(const char *filename, const char *fullpath, enum Hash h)
+{
+    STACK_OF (X509_INFO) *inf = NULL;
+    X509_INFO *x;
+    X509_NAME *name = NULL;
+    BIO *b;
+    const char *ext;
+    unsigned char digest[EVP_MAX_MD_SIZE];
+    int type, errs = 0;
+    size_t i;
+
+    /* Does it end with a recognized extension? */
+    if ((ext = strrchr(filename, '.')) == NULL)
+        goto end;
+    for (i = 0; i < OSSL_NELEM(extensions); i++) {
+        if (strcasecmp(extensions[i], ext + 1) == 0)
+            break;
+    }
+    if (i >= OSSL_NELEM(extensions))
+        goto end;
+
+    /* Does it have X.509 data in it? */
+    if ((b = BIO_new_file(fullpath, "r")) == NULL) {
+        BIO_printf(bio_err, "%s: error: skipping %s, cannot open file\n",
+                   opt_getprog(), filename);
+        errs++;
+        goto end;
+    }
+    inf = PEM_X509_INFO_read_bio(b, NULL, NULL, NULL);
+    BIO_free(b);
+    if (inf == NULL)
+        goto end;
+
+    if (sk_X509_INFO_num(inf) != 1) {
+        BIO_printf(bio_err,
+                   "%s: warning: skipping %s,"
+                   "it does not contain exactly one certificate or CRL\n",
+                   opt_getprog(), filename);
+        /* This is not an error. */
+        goto end;
+    }
+    x = sk_X509_INFO_value(inf, 0);
+    if (x->x509 != NULL) {
+        type = TYPE_CERT;
+        name = X509_get_subject_name(x->x509);
+        X509_digest(x->x509, evpmd, digest, NULL);
+    } else if (x->crl != NULL) {
+        type = TYPE_CRL;
+        name = X509_CRL_get_issuer(x->crl);
+        X509_CRL_digest(x->crl, evpmd, digest, NULL);
+    } else {
+        ++errs;
+        goto end;
+    }
+    if (name != NULL) {
+        if ((h == HASH_NEW) || (h == HASH_BOTH))
+            errs += add_entry(type, X509_NAME_hash(name), filename, digest, 1, ~0);
+        if ((h == HASH_OLD) || (h == HASH_BOTH))
+            errs += add_entry(type, X509_NAME_hash_old(name), filename, digest, 1, ~0);
+    }
+
+end:
+    sk_X509_INFO_pop_free(inf, X509_INFO_free);
+    return errs;
+}
+
+static void str_free(char *s)
+{
+    OPENSSL_free(s);
+}
+
+static int ends_with_dirsep(const char *path)
+{
+    if (*path != '\0')
+        path += strlen(path) - 1;
+# if defined __VMS
+    if (*path == ']' || *path == '>' || *path == ':')
+        return 1;
+# elif defined _WIN32
+    if (*path == '\\')
+        return 1;
+# endif
+    return *path == '/';
+}
+
+/*
+ * Process a directory; return number of errors found.
+ */
+static int do_dir(const char *dirname, enum Hash h)
+{
+    BUCKET *bp, *nextbp;
+    HENTRY *ep, *nextep;
+    OPENSSL_DIR_CTX *d = NULL;
+    struct stat st;
+    unsigned char idmask[MAX_COLLISIONS / 8];
+    int n, numfiles, nextid, buflen, errs = 0;
+    size_t i;
+    const char *pathsep;
+    const char *filename;
+    char *buf, *copy = NULL;
+    STACK_OF(OPENSSL_STRING) *files = NULL;
+
+    if (app_access(dirname, W_OK) < 0) {
+        BIO_printf(bio_err, "Skipping %s, can't write\n", dirname);
+        return 1;
+    }
+    buflen = strlen(dirname);
+    pathsep = (buflen && !ends_with_dirsep(dirname)) ? "/": "";
+    buflen += NAME_MAX + 1 + 1;
+    buf = app_malloc(buflen, "filename buffer");
+
+    if (verbose)
+        BIO_printf(bio_out, "Doing %s\n", dirname);
+
+    if ((files = sk_OPENSSL_STRING_new_null()) == NULL) {
+        BIO_printf(bio_err, "Skipping %s, out of memory\n", dirname);
+        errs = 1;
+        goto err;
+    }
+    while ((filename = OPENSSL_DIR_read(&d, dirname)) != NULL) {
+        if ((copy = OPENSSL_strdup(filename)) == NULL
+                || sk_OPENSSL_STRING_push(files, copy) == 0) {
+            OPENSSL_free(copy);
+            BIO_puts(bio_err, "out of memory\n");
+            errs = 1;
+            goto err;
+        }
+    }
+    OPENSSL_DIR_end(&d);
+    sk_OPENSSL_STRING_sort(files);
+
+    numfiles = sk_OPENSSL_STRING_num(files);
+    for (n = 0; n < numfiles; ++n) {
+        filename = sk_OPENSSL_STRING_value(files, n);
+        if (BIO_snprintf(buf, buflen, "%s%s%s",
+                         dirname, pathsep, filename) >= buflen)
+            continue;
+        if (lstat(buf, &st) < 0)
+            continue;
+        if (S_ISLNK(st.st_mode) && handle_symlink(filename, buf) == 0)
+            continue;
+        errs += do_file(filename, buf, h);
+    }
+
+    for (i = 0; i < OSSL_NELEM(hash_table); i++) {
+        for (bp = hash_table[i]; bp; bp = nextbp) {
+            nextbp = bp->next;
+            nextid = 0;
+            memset(idmask, 0, (bp->num_needed + 7) / 8);
+            for (ep = bp->first_entry; ep; ep = ep->next)
+                if (ep->old_id < bp->num_needed)
+                    bit_set(idmask, ep->old_id);
+
+            for (ep = bp->first_entry; ep; ep = nextep) {
+                nextep = ep->next;
+                if (ep->old_id < bp->num_needed) {
+                    /* Link exists, and is used as-is */
+                    BIO_snprintf(buf, buflen, "%08x.%s%d", bp->hash,
+                                 suffixes[bp->type], ep->old_id);
+                    if (verbose)
+                        BIO_printf(bio_out, "link %s -> %s\n",
+                                   ep->filename, buf);
+                } else if (ep->need_symlink) {
+                    /* New link needed (it may replace something) */
+                    while (bit_isset(idmask, nextid))
+                        nextid++;
+
+                    BIO_snprintf(buf, buflen, "%s%s%n%08x.%s%d",
+                                 dirname, pathsep, &n, bp->hash,
+                                 suffixes[bp->type], nextid);
+                    if (verbose)
+                        BIO_printf(bio_out, "link %s -> %s\n",
+                                   ep->filename, &buf[n]);
+                    if (unlink(buf) < 0 && errno != ENOENT) {
+                        BIO_printf(bio_err,
+                                   "%s: Can't unlink %s, %s\n",
+                                   opt_getprog(), buf, strerror(errno));
+                        errs++;
+                    }
+                    if (symlink(ep->filename, buf) < 0) {
+                        BIO_printf(bio_err,
+                                   "%s: Can't symlink %s, %s\n",
+                                   opt_getprog(), ep->filename,
+                                   strerror(errno));
+                        errs++;
+                    }
+                    bit_set(idmask, nextid);
+                } else if (remove_links) {
+                    /* Link to be deleted */
+                    BIO_snprintf(buf, buflen, "%s%s%n%08x.%s%d",
+                                 dirname, pathsep, &n, bp->hash,
+                                 suffixes[bp->type], ep->old_id);
+                    if (verbose)
+                        BIO_printf(bio_out, "unlink %s\n",
+                                   &buf[n]);
+                    if (unlink(buf) < 0 && errno != ENOENT) {
+                        BIO_printf(bio_err,
+                                   "%s: Can't unlink %s, %s\n",
+                                   opt_getprog(), buf, strerror(errno));
+                        errs++;
+                    }
+                }
+                OPENSSL_free(ep->filename);
+                OPENSSL_free(ep);
+            }
+            OPENSSL_free(bp);
+        }
+        hash_table[i] = NULL;
+    }
+
+ err:
+    sk_OPENSSL_STRING_pop_free(files, str_free);
+    OPENSSL_free(buf);
+    return errs;
+}
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_COMPAT, OPT_OLD, OPT_N, OPT_VERBOSE
+} OPTION_CHOICE;
+
+const OPTIONS rehash_options[] = {
+    {OPT_HELP_STR, 1, '-', "Usage: %s [options] [cert-directory...]\n"},
+    {OPT_HELP_STR, 1, '-', "Valid options are:\n"},
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"h", OPT_HELP, '-', "Display this summary"},
+    {"compat", OPT_COMPAT, '-', "Create both new- and old-style hash links"},
+    {"old", OPT_OLD, '-', "Use old-style hash to generate links"},
+    {"n", OPT_N, '-', "Do not remove existing links"},
+    {"v", OPT_VERBOSE, '-', "Verbose output"},
+    {NULL}
+};
+
+
+int rehash_main(int argc, char **argv)
+{
+    const char *env, *prog;
+    char *e, *m;
+    int errs = 0;
+    OPTION_CHOICE o;
+    enum Hash h = HASH_NEW;
+
+    prog = opt_init(argc, argv, rehash_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(rehash_options);
+            goto end;
+        case OPT_COMPAT:
+            h = HASH_BOTH;
+            break;
+        case OPT_OLD:
+            h = HASH_OLD;
+            break;
+        case OPT_N:
+            remove_links = 0;
+            break;
+        case OPT_VERBOSE:
+            verbose = 1;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    argv = opt_rest();
+
+    evpmd = EVP_sha1();
+    evpmdsize = EVP_MD_size(evpmd);
+
+    if (*argv != NULL) {
+        while (*argv != NULL)
+            errs += do_dir(*argv++, h);
+    } else if ((env = getenv(X509_get_default_cert_dir_env())) != NULL) {
+        char lsc[2] = { LIST_SEPARATOR_CHAR, '\0' };
+        m = OPENSSL_strdup(env);
+        for (e = strtok(m, lsc); e != NULL; e = strtok(NULL, lsc))
+            errs += do_dir(e, h);
+        OPENSSL_free(m);
+    } else {
+        errs += do_dir(X509_get_default_cert_dir(), h);
+    }
+
+ end:
+    return errs;
+}
+
+#else
+const OPTIONS rehash_options[] = {
+    {NULL}
+};
+
+int rehash_main(int argc, char **argv)
+{
+    BIO_printf(bio_err, "Not available; use c_rehash script\n");
+    return 1;
+}
+
+#endif /* defined(OPENSSL_SYS_UNIX) || defined(__APPLE__) */
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/req.c b/trunk/3rdparty/openssl-1.1-fit/apps/req.c
new file mode 100644
index 000000000..6fd28a2ab
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/req.c
@@ -0,0 +1,1664 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+#include <string.h>
+#include <ctype.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/conf.h>
+#include <openssl/err.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/objects.h>
+#include <openssl/pem.h>
+#include <openssl/bn.h>
+#include <openssl/lhash.h>
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+# include <openssl/dsa.h>
+#endif
+
+#define SECTION         "req"
+
+#define BITS            "default_bits"
+#define KEYFILE         "default_keyfile"
+#define PROMPT          "prompt"
+#define DISTINGUISHED_NAME      "distinguished_name"
+#define ATTRIBUTES      "attributes"
+#define V3_EXTENSIONS   "x509_extensions"
+#define REQ_EXTENSIONS  "req_extensions"
+#define STRING_MASK     "string_mask"
+#define UTF8_IN         "utf8"
+
+#define DEFAULT_KEY_LENGTH      2048
+#define MIN_KEY_LENGTH          512
+
+static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *dn, int mutlirdn,
+                    int attribs, unsigned long chtype);
+static int build_subject(X509_REQ *req, const char *subj, unsigned long chtype,
+                         int multirdn);
+static int prompt_info(X509_REQ *req,
+                       STACK_OF(CONF_VALUE) *dn_sk, const char *dn_sect,
+                       STACK_OF(CONF_VALUE) *attr_sk, const char *attr_sect,
+                       int attribs, unsigned long chtype);
+static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *sk,
+                     STACK_OF(CONF_VALUE) *attr, int attribs,
+                     unsigned long chtype);
+static int add_attribute_object(X509_REQ *req, char *text, const char *def,
+                                char *value, int nid, int n_min, int n_max,
+                                unsigned long chtype);
+static int add_DN_object(X509_NAME *n, char *text, const char *def,
+                         char *value, int nid, int n_min, int n_max,
+                         unsigned long chtype, int mval);
+static int genpkey_cb(EVP_PKEY_CTX *ctx);
+static int build_data(char *text, const char *def,
+                      char *value, int n_min, int n_max,
+                      char *buf, const int buf_size,
+                      const char *desc1, const char *desc2
+                      );
+static int req_check_len(int len, int n_min, int n_max);
+static int check_end(const char *str, const char *end);
+static int join(char buf[], size_t buf_size, const char *name,
+                const char *tail, const char *desc);
+static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr,
+                                    int *pkey_type, long *pkeylen,
+                                    char **palgnam, ENGINE *keygen_engine);
+static CONF *req_conf = NULL;
+static CONF *addext_conf = NULL;
+static int batch = 0;
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_KEYGEN_ENGINE, OPT_KEY,
+    OPT_PUBKEY, OPT_NEW, OPT_CONFIG, OPT_KEYFORM, OPT_IN, OPT_OUT,
+    OPT_KEYOUT, OPT_PASSIN, OPT_PASSOUT, OPT_NEWKEY,
+    OPT_PKEYOPT, OPT_SIGOPT, OPT_BATCH, OPT_NEWHDR, OPT_MODULUS,
+    OPT_VERIFY, OPT_NODES, OPT_NOOUT, OPT_VERBOSE, OPT_UTF8,
+    OPT_NAMEOPT, OPT_REQOPT, OPT_SUBJ, OPT_SUBJECT, OPT_TEXT, OPT_X509,
+    OPT_MULTIVALUE_RDN, OPT_DAYS, OPT_SET_SERIAL, OPT_ADDEXT, OPT_EXTENSIONS,
+    OPT_REQEXTS, OPT_PRECERT, OPT_MD,
+    OPT_R_ENUM
+} OPTION_CHOICE;
+
+const OPTIONS req_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"inform", OPT_INFORM, 'F', "Input format - DER or PEM"},
+    {"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"},
+    {"in", OPT_IN, '<', "Input file"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"key", OPT_KEY, 's', "Private key to use"},
+    {"keyform", OPT_KEYFORM, 'f', "Key file format"},
+    {"pubkey", OPT_PUBKEY, '-', "Output public key"},
+    {"new", OPT_NEW, '-', "New request"},
+    {"config", OPT_CONFIG, '<', "Request template file"},
+    {"keyout", OPT_KEYOUT, '>', "File to send the key to"},
+    {"passin", OPT_PASSIN, 's', "Private key password source"},
+    {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
+    OPT_R_OPTIONS,
+    {"newkey", OPT_NEWKEY, 's', "Specify as type:bits"},
+    {"pkeyopt", OPT_PKEYOPT, 's', "Public key options as opt:value"},
+    {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
+    {"batch", OPT_BATCH, '-',
+     "Do not ask anything during request generation"},
+    {"newhdr", OPT_NEWHDR, '-', "Output \"NEW\" in the header lines"},
+    {"modulus", OPT_MODULUS, '-', "RSA modulus"},
+    {"verify", OPT_VERIFY, '-', "Verify signature on REQ"},
+    {"nodes", OPT_NODES, '-', "Don't encrypt the output key"},
+    {"noout", OPT_NOOUT, '-', "Do not output REQ"},
+    {"verbose", OPT_VERBOSE, '-', "Verbose output"},
+    {"utf8", OPT_UTF8, '-', "Input characters are UTF8 (default ASCII)"},
+    {"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"},
+    {"reqopt", OPT_REQOPT, 's', "Various request text options"},
+    {"text", OPT_TEXT, '-', "Text form of request"},
+    {"x509", OPT_X509, '-',
+     "Output a x509 structure instead of a cert request"},
+    {OPT_MORE_STR, 1, 1, "(Required by some CA's)"},
+    {"subj", OPT_SUBJ, 's', "Set or modify request subject"},
+    {"subject", OPT_SUBJECT, '-', "Output the request's subject"},
+    {"multivalue-rdn", OPT_MULTIVALUE_RDN, '-',
+     "Enable support for multivalued RDNs"},
+    {"days", OPT_DAYS, 'p', "Number of days cert is valid for"},
+    {"set_serial", OPT_SET_SERIAL, 's', "Serial number to use"},
+    {"addext", OPT_ADDEXT, 's',
+     "Additional cert extension key=value pair (may be given more than once)"},
+    {"extensions", OPT_EXTENSIONS, 's',
+     "Cert extension section (override value in config file)"},
+    {"reqexts", OPT_REQEXTS, 's',
+     "Request extension section (override value in config file)"},
+    {"precert", OPT_PRECERT, '-', "Add a poison extension (implies -new)"},
+    {"", OPT_MD, '-', "Any supported digest"},
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+    {"keygen_engine", OPT_KEYGEN_ENGINE, 's',
+     "Specify engine to be used for key generation operations"},
+#endif
+    {NULL}
+};
+
+
+/*
+ * An LHASH of strings, where each string is an extension name.
+ */
+static unsigned long ext_name_hash(const OPENSSL_STRING *a)
+{
+    return OPENSSL_LH_strhash((const char *)a);
+}
+
+static int ext_name_cmp(const OPENSSL_STRING *a, const OPENSSL_STRING *b)
+{
+    return strcmp((const char *)a, (const char *)b);
+}
+
+static void exts_cleanup(OPENSSL_STRING *x)
+{
+    OPENSSL_free((char *)x);
+}
+
+/*
+ * Is the |kv| key already duplicated?  This is remarkably tricky to get
+ * right.  Return 0 if unique, -1 on runtime error; 1 if found or a syntax
+ * error.
+ */
+static int duplicated(LHASH_OF(OPENSSL_STRING) *addexts, char *kv)
+{
+    char *p;
+    size_t off;
+
+    /* Check syntax. */
+    /* Skip leading whitespace, make a copy. */
+    while (*kv && isspace(*kv))
+        if (*++kv == '\0')
+            return 1;
+    if ((p = strchr(kv, '=')) == NULL)
+        return 1;
+    off = p - kv;
+    if ((kv = OPENSSL_strdup(kv)) == NULL)
+        return -1;
+
+    /* Skip trailing space before the equal sign. */
+    for (p = kv + off; p > kv; --p)
+        if (!isspace(p[-1]))
+            break;
+    if (p == kv) {
+        OPENSSL_free(kv);
+        return 1;
+    }
+    *p = '\0';
+
+    /* Finally have a clean "key"; see if it's there [by attempt to add it]. */
+    if ((p = (char *)lh_OPENSSL_STRING_insert(addexts, (OPENSSL_STRING*)kv))
+        != NULL || lh_OPENSSL_STRING_error(addexts)) {
+        OPENSSL_free(p != NULL ? p : kv);
+        return -1;
+    }
+
+    return 0;
+}
+
+int req_main(int argc, char **argv)
+{
+    ASN1_INTEGER *serial = NULL;
+    BIO *in = NULL, *out = NULL;
+    ENGINE *e = NULL, *gen_eng = NULL;
+    EVP_PKEY *pkey = NULL;
+    EVP_PKEY_CTX *genctx = NULL;
+    STACK_OF(OPENSSL_STRING) *pkeyopts = NULL, *sigopts = NULL;
+    LHASH_OF(OPENSSL_STRING) *addexts = NULL;
+    X509 *x509ss = NULL;
+    X509_REQ *req = NULL;
+    const EVP_CIPHER *cipher = NULL;
+    const EVP_MD *md_alg = NULL, *digest = NULL;
+    BIO *addext_bio = NULL;
+    char *extensions = NULL, *infile = NULL;
+    char *outfile = NULL, *keyfile = NULL;
+    char *keyalgstr = NULL, *p, *prog, *passargin = NULL, *passargout = NULL;
+    char *passin = NULL, *passout = NULL;
+    char *nofree_passin = NULL, *nofree_passout = NULL;
+    char *req_exts = NULL, *subj = NULL;
+    char *template = default_config_file, *keyout = NULL;
+    const char *keyalg = NULL;
+    OPTION_CHOICE o;
+    int ret = 1, x509 = 0, days = 0, i = 0, newreq = 0, verbose = 0;
+    int pkey_type = -1, private = 0;
+    int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyform = FORMAT_PEM;
+    int modulus = 0, multirdn = 0, verify = 0, noout = 0, text = 0;
+    int nodes = 0, newhdr = 0, subject = 0, pubkey = 0, precert = 0;
+    long newkey = -1;
+    unsigned long chtype = MBSTRING_ASC, reqflag = 0;
+
+#ifndef OPENSSL_NO_DES
+    cipher = EVP_des_ede3_cbc();
+#endif
+
+    prog = opt_init(argc, argv, req_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(req_options);
+            ret = 0;
+            goto end;
+        case OPT_INFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
+                goto opthelp;
+            break;
+        case OPT_OUTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
+                goto opthelp;
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_KEYGEN_ENGINE:
+#ifndef OPENSSL_NO_ENGINE
+            gen_eng = ENGINE_by_id(opt_arg());
+            if (gen_eng == NULL) {
+                BIO_printf(bio_err, "Can't find keygen engine %s\n", *argv);
+                goto opthelp;
+            }
+#endif
+            break;
+        case OPT_KEY:
+            keyfile = opt_arg();
+            break;
+        case OPT_PUBKEY:
+            pubkey = 1;
+            break;
+        case OPT_NEW:
+            newreq = 1;
+            break;
+        case OPT_CONFIG:
+            template = opt_arg();
+            break;
+        case OPT_KEYFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyform))
+                goto opthelp;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_KEYOUT:
+            keyout = opt_arg();
+            break;
+        case OPT_PASSIN:
+            passargin = opt_arg();
+            break;
+        case OPT_PASSOUT:
+            passargout = opt_arg();
+            break;
+        case OPT_R_CASES:
+            if (!opt_rand(o))
+                goto end;
+            break;
+        case OPT_NEWKEY:
+            keyalg = opt_arg();
+            newreq = 1;
+            break;
+        case OPT_PKEYOPT:
+            if (!pkeyopts)
+                pkeyopts = sk_OPENSSL_STRING_new_null();
+            if (!pkeyopts || !sk_OPENSSL_STRING_push(pkeyopts, opt_arg()))
+                goto opthelp;
+            break;
+        case OPT_SIGOPT:
+            if (!sigopts)
+                sigopts = sk_OPENSSL_STRING_new_null();
+            if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, opt_arg()))
+                goto opthelp;
+            break;
+        case OPT_BATCH:
+            batch = 1;
+            break;
+        case OPT_NEWHDR:
+            newhdr = 1;
+            break;
+        case OPT_MODULUS:
+            modulus = 1;
+            break;
+        case OPT_VERIFY:
+            verify = 1;
+            break;
+        case OPT_NODES:
+            nodes = 1;
+            break;
+        case OPT_NOOUT:
+            noout = 1;
+            break;
+        case OPT_VERBOSE:
+            verbose = 1;
+            break;
+        case OPT_UTF8:
+            chtype = MBSTRING_UTF8;
+            break;
+        case OPT_NAMEOPT:
+            if (!set_nameopt(opt_arg()))
+                goto opthelp;
+            break;
+        case OPT_REQOPT:
+            if (!set_cert_ex(&reqflag, opt_arg()))
+                goto opthelp;
+            break;
+        case OPT_TEXT:
+            text = 1;
+            break;
+        case OPT_X509:
+            x509 = 1;
+            break;
+        case OPT_DAYS:
+            days = atoi(opt_arg());
+            break;
+        case OPT_SET_SERIAL:
+            if (serial != NULL) {
+                BIO_printf(bio_err, "Serial number supplied twice\n");
+                goto opthelp;
+            }
+            serial = s2i_ASN1_INTEGER(NULL, opt_arg());
+            if (serial == NULL)
+                goto opthelp;
+            break;
+        case OPT_SUBJECT:
+            subject = 1;
+            break;
+        case OPT_SUBJ:
+            subj = opt_arg();
+            break;
+        case OPT_MULTIVALUE_RDN:
+            multirdn = 1;
+            break;
+        case OPT_ADDEXT:
+            p = opt_arg();
+            if (addexts == NULL) {
+                addexts = lh_OPENSSL_STRING_new(ext_name_hash, ext_name_cmp);
+                addext_bio = BIO_new(BIO_s_mem());
+                if (addexts == NULL || addext_bio == NULL)
+                    goto end;
+            }
+            i = duplicated(addexts, p);
+            if (i == 1)
+                goto opthelp;
+            if (i < 0 || BIO_printf(addext_bio, "%s\n", opt_arg()) < 0)
+                goto end;
+            break;
+        case OPT_EXTENSIONS:
+            extensions = opt_arg();
+            break;
+        case OPT_REQEXTS:
+            req_exts = opt_arg();
+            break;
+        case OPT_PRECERT:
+            newreq = precert = 1;
+            break;
+        case OPT_MD:
+            if (!opt_md(opt_unknown(), &md_alg))
+                goto opthelp;
+            digest = md_alg;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    if (days && !x509)
+        BIO_printf(bio_err, "Ignoring -days; not generating a certificate\n");
+    if (x509 && infile == NULL)
+        newreq = 1;
+
+    /* TODO: simplify this as pkey is still always NULL here */
+    private = newreq && (pkey == NULL) ? 1 : 0;
+
+    if (!app_passwd(passargin, passargout, &passin, &passout)) {
+        BIO_printf(bio_err, "Error getting passwords\n");
+        goto end;
+    }
+
+    if (verbose)
+        BIO_printf(bio_err, "Using configuration from %s\n", template);
+    req_conf = app_load_config(template);
+    if (addext_bio) {
+        if (verbose)
+            BIO_printf(bio_err,
+                       "Using additional configuration from command line\n");
+        addext_conf = app_load_config_bio(addext_bio, NULL);
+    }
+    if (template != default_config_file && !app_load_modules(req_conf))
+        goto end;
+
+    if (req_conf != NULL) {
+        p = NCONF_get_string(req_conf, NULL, "oid_file");
+        if (p == NULL)
+            ERR_clear_error();
+        if (p != NULL) {
+            BIO *oid_bio;
+
+            oid_bio = BIO_new_file(p, "r");
+            if (oid_bio == NULL) {
+                /*-
+                BIO_printf(bio_err,"problems opening %s for extra oid's\n",p);
+                ERR_print_errors(bio_err);
+                */
+            } else {
+                OBJ_create_objects(oid_bio);
+                BIO_free(oid_bio);
+            }
+        }
+    }
+    if (!add_oid_section(req_conf))
+        goto end;
+
+    if (md_alg == NULL) {
+        p = NCONF_get_string(req_conf, SECTION, "default_md");
+        if (p == NULL) {
+            ERR_clear_error();
+        } else {
+            if (!opt_md(p, &md_alg))
+                goto opthelp;
+            digest = md_alg;
+        }
+    }
+
+    if (extensions == NULL) {
+        extensions = NCONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
+        if (extensions == NULL)
+            ERR_clear_error();
+    }
+    if (extensions != NULL) {
+        /* Check syntax of file */
+        X509V3_CTX ctx;
+        X509V3_set_ctx_test(&ctx);
+        X509V3_set_nconf(&ctx, req_conf);
+        if (!X509V3_EXT_add_nconf(req_conf, &ctx, extensions, NULL)) {
+            BIO_printf(bio_err,
+                       "Error Loading extension section %s\n", extensions);
+            goto end;
+        }
+    }
+    if (addext_conf != NULL) {
+        /* Check syntax of command line extensions */
+        X509V3_CTX ctx;
+        X509V3_set_ctx_test(&ctx);
+        X509V3_set_nconf(&ctx, addext_conf);
+        if (!X509V3_EXT_add_nconf(addext_conf, &ctx, "default", NULL)) {
+            BIO_printf(bio_err, "Error Loading command line extensions\n");
+            goto end;
+        }
+    }
+
+    if (passin == NULL) {
+        passin = nofree_passin =
+            NCONF_get_string(req_conf, SECTION, "input_password");
+        if (passin == NULL)
+            ERR_clear_error();
+    }
+
+    if (passout == NULL) {
+        passout = nofree_passout =
+            NCONF_get_string(req_conf, SECTION, "output_password");
+        if (passout == NULL)
+            ERR_clear_error();
+    }
+
+    p = NCONF_get_string(req_conf, SECTION, STRING_MASK);
+    if (p == NULL)
+        ERR_clear_error();
+
+    if (p != NULL && !ASN1_STRING_set_default_mask_asc(p)) {
+        BIO_printf(bio_err, "Invalid global string mask setting %s\n", p);
+        goto end;
+    }
+
+    if (chtype != MBSTRING_UTF8) {
+        p = NCONF_get_string(req_conf, SECTION, UTF8_IN);
+        if (p == NULL)
+            ERR_clear_error();
+        else if (strcmp(p, "yes") == 0)
+            chtype = MBSTRING_UTF8;
+    }
+
+    if (req_exts == NULL) {
+        req_exts = NCONF_get_string(req_conf, SECTION, REQ_EXTENSIONS);
+        if (req_exts == NULL)
+            ERR_clear_error();
+    }
+    if (req_exts != NULL) {
+        /* Check syntax of file */
+        X509V3_CTX ctx;
+        X509V3_set_ctx_test(&ctx);
+        X509V3_set_nconf(&ctx, req_conf);
+        if (!X509V3_EXT_add_nconf(req_conf, &ctx, req_exts, NULL)) {
+            BIO_printf(bio_err,
+                       "Error Loading request extension section %s\n",
+                       req_exts);
+            goto end;
+        }
+    }
+
+    if (keyfile != NULL) {
+        pkey = load_key(keyfile, keyform, 0, passin, e, "Private Key");
+        if (pkey == NULL) {
+            /* load_key() has already printed an appropriate message */
+            goto end;
+        } else {
+            app_RAND_load_conf(req_conf, SECTION);
+        }
+    }
+
+    if (newreq && (pkey == NULL)) {
+        app_RAND_load_conf(req_conf, SECTION);
+
+        if (!NCONF_get_number(req_conf, SECTION, BITS, &newkey)) {
+            newkey = DEFAULT_KEY_LENGTH;
+        }
+
+        if (keyalg != NULL) {
+            genctx = set_keygen_ctx(keyalg, &pkey_type, &newkey,
+                                    &keyalgstr, gen_eng);
+            if (genctx == NULL)
+                goto end;
+        }
+
+        if (newkey < MIN_KEY_LENGTH
+            && (pkey_type == EVP_PKEY_RSA || pkey_type == EVP_PKEY_DSA)) {
+            BIO_printf(bio_err, "private key length is too short,\n");
+            BIO_printf(bio_err, "it needs to be at least %d bits, not %ld\n",
+                       MIN_KEY_LENGTH, newkey);
+            goto end;
+        }
+
+        if (pkey_type == EVP_PKEY_RSA && newkey > OPENSSL_RSA_MAX_MODULUS_BITS)
+            BIO_printf(bio_err,
+                       "Warning: It is not recommended to use more than %d bit for RSA keys.\n"
+                       "         Your key size is %ld! Larger key size may behave not as expected.\n",
+                       OPENSSL_RSA_MAX_MODULUS_BITS, newkey);
+
+#ifndef OPENSSL_NO_DSA
+        if (pkey_type == EVP_PKEY_DSA && newkey > OPENSSL_DSA_MAX_MODULUS_BITS)
+            BIO_printf(bio_err,
+                       "Warning: It is not recommended to use more than %d bit for DSA keys.\n"
+                       "         Your key size is %ld! Larger key size may behave not as expected.\n",
+                       OPENSSL_DSA_MAX_MODULUS_BITS, newkey);
+#endif
+
+        if (genctx == NULL) {
+            genctx = set_keygen_ctx(NULL, &pkey_type, &newkey,
+                                    &keyalgstr, gen_eng);
+            if (!genctx)
+                goto end;
+        }
+
+        if (pkeyopts != NULL) {
+            char *genopt;
+            for (i = 0; i < sk_OPENSSL_STRING_num(pkeyopts); i++) {
+                genopt = sk_OPENSSL_STRING_value(pkeyopts, i);
+                if (pkey_ctrl_string(genctx, genopt) <= 0) {
+                    BIO_printf(bio_err, "parameter error \"%s\"\n", genopt);
+                    ERR_print_errors(bio_err);
+                    goto end;
+                }
+            }
+        }
+
+        if (pkey_type == EVP_PKEY_EC) {
+            BIO_printf(bio_err, "Generating an EC private key\n");
+        } else {
+            BIO_printf(bio_err, "Generating a %s private key\n", keyalgstr);
+        }
+
+        EVP_PKEY_CTX_set_cb(genctx, genpkey_cb);
+        EVP_PKEY_CTX_set_app_data(genctx, bio_err);
+
+        if (EVP_PKEY_keygen(genctx, &pkey) <= 0) {
+            BIO_puts(bio_err, "Error Generating Key\n");
+            goto end;
+        }
+
+        EVP_PKEY_CTX_free(genctx);
+        genctx = NULL;
+
+        if (keyout == NULL) {
+            keyout = NCONF_get_string(req_conf, SECTION, KEYFILE);
+            if (keyout == NULL)
+                ERR_clear_error();
+        }
+
+        if (keyout == NULL)
+            BIO_printf(bio_err, "writing new private key to stdout\n");
+        else
+            BIO_printf(bio_err, "writing new private key to '%s'\n", keyout);
+        out = bio_open_owner(keyout, outformat, private);
+        if (out == NULL)
+            goto end;
+
+        p = NCONF_get_string(req_conf, SECTION, "encrypt_rsa_key");
+        if (p == NULL) {
+            ERR_clear_error();
+            p = NCONF_get_string(req_conf, SECTION, "encrypt_key");
+            if (p == NULL)
+                ERR_clear_error();
+        }
+        if ((p != NULL) && (strcmp(p, "no") == 0))
+            cipher = NULL;
+        if (nodes)
+            cipher = NULL;
+
+        i = 0;
+ loop:
+        assert(private);
+        if (!PEM_write_bio_PrivateKey(out, pkey, cipher,
+                                      NULL, 0, NULL, passout)) {
+            if ((ERR_GET_REASON(ERR_peek_error()) ==
+                 PEM_R_PROBLEMS_GETTING_PASSWORD) && (i < 3)) {
+                ERR_clear_error();
+                i++;
+                goto loop;
+            }
+            goto end;
+        }
+        BIO_free(out);
+        out = NULL;
+        BIO_printf(bio_err, "-----\n");
+    }
+
+    if (!newreq) {
+        in = bio_open_default(infile, 'r', informat);
+        if (in == NULL)
+            goto end;
+
+        if (informat == FORMAT_ASN1)
+            req = d2i_X509_REQ_bio(in, NULL);
+        else
+            req = PEM_read_bio_X509_REQ(in, NULL, NULL, NULL);
+        if (req == NULL) {
+            BIO_printf(bio_err, "unable to load X509 request\n");
+            goto end;
+        }
+    }
+
+    if (newreq || x509) {
+        if (pkey == NULL) {
+            BIO_printf(bio_err, "you need to specify a private key\n");
+            goto end;
+        }
+
+        if (req == NULL) {
+            req = X509_REQ_new();
+            if (req == NULL) {
+                goto end;
+            }
+
+            i = make_REQ(req, pkey, subj, multirdn, !x509, chtype);
+            subj = NULL;        /* done processing '-subj' option */
+            if (!i) {
+                BIO_printf(bio_err, "problems making Certificate Request\n");
+                goto end;
+            }
+        }
+        if (x509) {
+            EVP_PKEY *tmppkey;
+            X509V3_CTX ext_ctx;
+            if ((x509ss = X509_new()) == NULL)
+                goto end;
+
+            /* Set version to V3 */
+            if ((extensions != NULL || addext_conf != NULL)
+                && !X509_set_version(x509ss, 2))
+                goto end;
+            if (serial != NULL) {
+                if (!X509_set_serialNumber(x509ss, serial))
+                    goto end;
+            } else {
+                if (!rand_serial(NULL, X509_get_serialNumber(x509ss)))
+                    goto end;
+            }
+
+            if (!X509_set_issuer_name(x509ss, X509_REQ_get_subject_name(req)))
+                goto end;
+            if (days == 0) {
+                /* set default days if it's not specified */
+                days = 30;
+            }
+            if (!set_cert_times(x509ss, NULL, NULL, days))
+                goto end;
+            if (!X509_set_subject_name
+                (x509ss, X509_REQ_get_subject_name(req)))
+                goto end;
+            tmppkey = X509_REQ_get0_pubkey(req);
+            if (!tmppkey || !X509_set_pubkey(x509ss, tmppkey))
+                goto end;
+
+            /* Set up V3 context struct */
+
+            X509V3_set_ctx(&ext_ctx, x509ss, x509ss, NULL, NULL, 0);
+            X509V3_set_nconf(&ext_ctx, req_conf);
+
+            /* Add extensions */
+            if (extensions != NULL && !X509V3_EXT_add_nconf(req_conf,
+                                                            &ext_ctx, extensions,
+                                                            x509ss)) {
+                BIO_printf(bio_err, "Error Loading extension section %s\n",
+                           extensions);
+                goto end;
+            }
+            if (addext_conf != NULL
+                && !X509V3_EXT_add_nconf(addext_conf, &ext_ctx, "default",
+                                         x509ss)) {
+                BIO_printf(bio_err, "Error Loading command line extensions\n");
+                goto end;
+            }
+
+            /* If a pre-cert was requested, we need to add a poison extension */
+            if (precert) {
+                if (X509_add1_ext_i2d(x509ss, NID_ct_precert_poison, NULL, 1, 0)
+                    != 1) {
+                    BIO_printf(bio_err, "Error adding poison extension\n");
+                    goto end;
+                }
+            }
+
+            i = do_X509_sign(x509ss, pkey, digest, sigopts);
+            if (!i) {
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+        } else {
+            X509V3_CTX ext_ctx;
+
+            /* Set up V3 context struct */
+
+            X509V3_set_ctx(&ext_ctx, NULL, NULL, req, NULL, 0);
+            X509V3_set_nconf(&ext_ctx, req_conf);
+
+            /* Add extensions */
+            if (req_exts != NULL
+                && !X509V3_EXT_REQ_add_nconf(req_conf, &ext_ctx,
+                                             req_exts, req)) {
+                BIO_printf(bio_err, "Error Loading extension section %s\n",
+                           req_exts);
+                goto end;
+            }
+            if (addext_conf != NULL
+                && !X509V3_EXT_REQ_add_nconf(addext_conf, &ext_ctx, "default",
+                                             req)) {
+                BIO_printf(bio_err, "Error Loading command line extensions\n");
+                goto end;
+            }
+            i = do_X509_REQ_sign(req, pkey, digest, sigopts);
+            if (!i) {
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+        }
+    }
+
+    if (subj && x509) {
+        BIO_printf(bio_err, "Cannot modify certificate subject\n");
+        goto end;
+    }
+
+    if (subj && !x509) {
+        if (verbose) {
+            BIO_printf(bio_err, "Modifying Request's Subject\n");
+            print_name(bio_err, "old subject=",
+                       X509_REQ_get_subject_name(req), get_nameopt());
+        }
+
+        if (build_subject(req, subj, chtype, multirdn) == 0) {
+            BIO_printf(bio_err, "ERROR: cannot modify subject\n");
+            ret = 1;
+            goto end;
+        }
+
+        if (verbose) {
+            print_name(bio_err, "new subject=",
+                       X509_REQ_get_subject_name(req), get_nameopt());
+        }
+    }
+
+    if (verify && !x509) {
+        EVP_PKEY *tpubkey = pkey;
+
+        if (tpubkey == NULL) {
+            tpubkey = X509_REQ_get0_pubkey(req);
+            if (tpubkey == NULL)
+                goto end;
+        }
+
+        i = X509_REQ_verify(req, tpubkey);
+
+        if (i < 0) {
+            goto end;
+        } else if (i == 0) {
+            BIO_printf(bio_err, "verify failure\n");
+            ERR_print_errors(bio_err);
+        } else {                 /* if (i > 0) */
+            BIO_printf(bio_err, "verify OK\n");
+        }
+    }
+
+    if (noout && !text && !modulus && !subject && !pubkey) {
+        ret = 0;
+        goto end;
+    }
+
+    out = bio_open_default(outfile,
+                           keyout != NULL && outfile != NULL &&
+                           strcmp(keyout, outfile) == 0 ? 'a' : 'w',
+                           outformat);
+    if (out == NULL)
+        goto end;
+
+    if (pubkey) {
+        EVP_PKEY *tpubkey = X509_REQ_get0_pubkey(req);
+
+        if (tpubkey == NULL) {
+            BIO_printf(bio_err, "Error getting public key\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        PEM_write_bio_PUBKEY(out, tpubkey);
+    }
+
+    if (text) {
+        if (x509)
+            X509_print_ex(out, x509ss, get_nameopt(), reqflag);
+        else
+            X509_REQ_print_ex(out, req, get_nameopt(), reqflag);
+    }
+
+    if (subject) {
+        if (x509)
+            print_name(out, "subject=", X509_get_subject_name(x509ss),
+                       get_nameopt());
+        else
+            print_name(out, "subject=", X509_REQ_get_subject_name(req),
+                       get_nameopt());
+    }
+
+    if (modulus) {
+        EVP_PKEY *tpubkey;
+
+        if (x509)
+            tpubkey = X509_get0_pubkey(x509ss);
+        else
+            tpubkey = X509_REQ_get0_pubkey(req);
+        if (tpubkey == NULL) {
+            fprintf(stdout, "Modulus=unavailable\n");
+            goto end;
+        }
+        fprintf(stdout, "Modulus=");
+#ifndef OPENSSL_NO_RSA
+        if (EVP_PKEY_base_id(tpubkey) == EVP_PKEY_RSA) {
+            const BIGNUM *n;
+            RSA_get0_key(EVP_PKEY_get0_RSA(tpubkey), &n, NULL, NULL);
+            BN_print(out, n);
+        } else
+#endif
+            fprintf(stdout, "Wrong Algorithm type");
+        fprintf(stdout, "\n");
+    }
+
+    if (!noout && !x509) {
+        if (outformat == FORMAT_ASN1)
+            i = i2d_X509_REQ_bio(out, req);
+        else if (newhdr)
+            i = PEM_write_bio_X509_REQ_NEW(out, req);
+        else
+            i = PEM_write_bio_X509_REQ(out, req);
+        if (!i) {
+            BIO_printf(bio_err, "unable to write X509 request\n");
+            goto end;
+        }
+    }
+    if (!noout && x509 && (x509ss != NULL)) {
+        if (outformat == FORMAT_ASN1)
+            i = i2d_X509_bio(out, x509ss);
+        else
+            i = PEM_write_bio_X509(out, x509ss);
+        if (!i) {
+            BIO_printf(bio_err, "unable to write X509 certificate\n");
+            goto end;
+        }
+    }
+    ret = 0;
+ end:
+    if (ret) {
+        ERR_print_errors(bio_err);
+    }
+    NCONF_free(req_conf);
+    NCONF_free(addext_conf);
+    BIO_free(addext_bio);
+    BIO_free(in);
+    BIO_free_all(out);
+    EVP_PKEY_free(pkey);
+    EVP_PKEY_CTX_free(genctx);
+    sk_OPENSSL_STRING_free(pkeyopts);
+    sk_OPENSSL_STRING_free(sigopts);
+    lh_OPENSSL_STRING_doall(addexts, exts_cleanup);
+    lh_OPENSSL_STRING_free(addexts);
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_free(gen_eng);
+#endif
+    OPENSSL_free(keyalgstr);
+    X509_REQ_free(req);
+    X509_free(x509ss);
+    ASN1_INTEGER_free(serial);
+    release_engine(e);
+    if (passin != nofree_passin)
+        OPENSSL_free(passin);
+    if (passout != nofree_passout)
+        OPENSSL_free(passout);
+    return ret;
+}
+
+static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int multirdn,
+                    int attribs, unsigned long chtype)
+{
+    int ret = 0, i;
+    char no_prompt = 0;
+    STACK_OF(CONF_VALUE) *dn_sk, *attr_sk = NULL;
+    char *tmp, *dn_sect, *attr_sect;
+
+    tmp = NCONF_get_string(req_conf, SECTION, PROMPT);
+    if (tmp == NULL)
+        ERR_clear_error();
+    if ((tmp != NULL) && strcmp(tmp, "no") == 0)
+        no_prompt = 1;
+
+    dn_sect = NCONF_get_string(req_conf, SECTION, DISTINGUISHED_NAME);
+    if (dn_sect == NULL) {
+        BIO_printf(bio_err, "unable to find '%s' in config\n",
+                   DISTINGUISHED_NAME);
+        goto err;
+    }
+    dn_sk = NCONF_get_section(req_conf, dn_sect);
+    if (dn_sk == NULL) {
+        BIO_printf(bio_err, "unable to get '%s' section\n", dn_sect);
+        goto err;
+    }
+
+    attr_sect = NCONF_get_string(req_conf, SECTION, ATTRIBUTES);
+    if (attr_sect == NULL) {
+        ERR_clear_error();
+        attr_sk = NULL;
+    } else {
+        attr_sk = NCONF_get_section(req_conf, attr_sect);
+        if (attr_sk == NULL) {
+            BIO_printf(bio_err, "unable to get '%s' section\n", attr_sect);
+            goto err;
+        }
+    }
+
+    /* setup version number */
+    if (!X509_REQ_set_version(req, 0L))
+        goto err;               /* version 1 */
+
+    if (subj)
+        i = build_subject(req, subj, chtype, multirdn);
+    else if (no_prompt)
+        i = auto_info(req, dn_sk, attr_sk, attribs, chtype);
+    else
+        i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs,
+                        chtype);
+    if (!i)
+        goto err;
+
+    if (!X509_REQ_set_pubkey(req, pkey))
+        goto err;
+
+    ret = 1;
+ err:
+    return ret;
+}
+
+/*
+ * subject is expected to be in the format /type0=value0/type1=value1/type2=...
+ * where characters may be escaped by \
+ */
+static int build_subject(X509_REQ *req, const char *subject, unsigned long chtype,
+                         int multirdn)
+{
+    X509_NAME *n;
+
+    if ((n = parse_name(subject, chtype, multirdn)) == NULL)
+        return 0;
+
+    if (!X509_REQ_set_subject_name(req, n)) {
+        X509_NAME_free(n);
+        return 0;
+    }
+    X509_NAME_free(n);
+    return 1;
+}
+
+static int prompt_info(X509_REQ *req,
+                       STACK_OF(CONF_VALUE) *dn_sk, const char *dn_sect,
+                       STACK_OF(CONF_VALUE) *attr_sk, const char *attr_sect,
+                       int attribs, unsigned long chtype)
+{
+    int i;
+    char *p, *q;
+    char buf[100];
+    int nid, mval;
+    long n_min, n_max;
+    char *type, *value;
+    const char *def;
+    CONF_VALUE *v;
+    X509_NAME *subj;
+    subj = X509_REQ_get_subject_name(req);
+
+    if (!batch) {
+        BIO_printf(bio_err,
+                   "You are about to be asked to enter information that will be incorporated\n");
+        BIO_printf(bio_err, "into your certificate request.\n");
+        BIO_printf(bio_err,
+                   "What you are about to enter is what is called a Distinguished Name or a DN.\n");
+        BIO_printf(bio_err,
+                   "There are quite a few fields but you can leave some blank\n");
+        BIO_printf(bio_err,
+                   "For some fields there will be a default value,\n");
+        BIO_printf(bio_err,
+                   "If you enter '.', the field will be left blank.\n");
+        BIO_printf(bio_err, "-----\n");
+    }
+
+    if (sk_CONF_VALUE_num(dn_sk)) {
+        i = -1;
+ start:
+        for ( ; ; ) {
+            i++;
+            if (sk_CONF_VALUE_num(dn_sk) <= i)
+                break;
+
+            v = sk_CONF_VALUE_value(dn_sk, i);
+            p = q = NULL;
+            type = v->name;
+            if (!check_end(type, "_min") || !check_end(type, "_max") ||
+                !check_end(type, "_default") || !check_end(type, "_value"))
+                continue;
+            /*
+             * Skip past any leading X. X: X, etc to allow for multiple
+             * instances
+             */
+            for (p = v->name; *p; p++)
+                if ((*p == ':') || (*p == ',') || (*p == '.')) {
+                    p++;
+                    if (*p)
+                        type = p;
+                    break;
+                }
+            if (*type == '+') {
+                mval = -1;
+                type++;
+            } else {
+                mval = 0;
+            }
+            /* If OBJ not recognised ignore it */
+            if ((nid = OBJ_txt2nid(type)) == NID_undef)
+                goto start;
+            if (!join(buf, sizeof(buf), v->name, "_default", "Name"))
+                return 0;
+            if ((def = NCONF_get_string(req_conf, dn_sect, buf)) == NULL) {
+                ERR_clear_error();
+                def = "";
+            }
+
+            if (!join(buf, sizeof(buf), v->name, "_value", "Name"))
+                return 0;
+            if ((value = NCONF_get_string(req_conf, dn_sect, buf)) == NULL) {
+                ERR_clear_error();
+                value = NULL;
+            }
+
+            if (!join(buf, sizeof(buf), v->name, "_min", "Name"))
+                return 0;
+            if (!NCONF_get_number(req_conf, dn_sect, buf, &n_min)) {
+                ERR_clear_error();
+                n_min = -1;
+            }
+
+
+            if (!join(buf, sizeof(buf), v->name, "_max", "Name"))
+                return 0;
+            if (!NCONF_get_number(req_conf, dn_sect, buf, &n_max)) {
+                ERR_clear_error();
+                n_max = -1;
+            }
+
+            if (!add_DN_object(subj, v->value, def, value, nid,
+                               n_min, n_max, chtype, mval))
+                return 0;
+        }
+        if (X509_NAME_entry_count(subj) == 0) {
+            BIO_printf(bio_err,
+                       "error, no objects specified in config file\n");
+            return 0;
+        }
+
+        if (attribs) {
+            if ((attr_sk != NULL) && (sk_CONF_VALUE_num(attr_sk) > 0)
+                && (!batch)) {
+                BIO_printf(bio_err,
+                           "\nPlease enter the following 'extra' attributes\n");
+                BIO_printf(bio_err,
+                           "to be sent with your certificate request\n");
+            }
+
+            i = -1;
+ start2:
+            for ( ; ; ) {
+                i++;
+                if ((attr_sk == NULL) || (sk_CONF_VALUE_num(attr_sk) <= i))
+                    break;
+
+                v = sk_CONF_VALUE_value(attr_sk, i);
+                type = v->name;
+                if ((nid = OBJ_txt2nid(type)) == NID_undef)
+                    goto start2;
+
+                if (!join(buf, sizeof(buf), type, "_default", "Name"))
+                    return 0;
+                if ((def = NCONF_get_string(req_conf, attr_sect, buf))
+                    == NULL) {
+                    ERR_clear_error();
+                    def = "";
+                }
+
+                if (!join(buf, sizeof(buf), type, "_value", "Name"))
+                    return 0;
+                if ((value = NCONF_get_string(req_conf, attr_sect, buf))
+                    == NULL) {
+                    ERR_clear_error();
+                    value = NULL;
+                }
+
+                if (!join(buf, sizeof(buf), type,"_min", "Name"))
+                    return 0;
+                if (!NCONF_get_number(req_conf, attr_sect, buf, &n_min)) {
+                    ERR_clear_error();
+                    n_min = -1;
+                }
+
+                if (!join(buf, sizeof(buf), type, "_max", "Name"))
+                    return 0;
+                if (!NCONF_get_number(req_conf, attr_sect, buf, &n_max)) {
+                    ERR_clear_error();
+                    n_max = -1;
+                }
+
+                if (!add_attribute_object(req,
+                                          v->value, def, value, nid, n_min,
+                                          n_max, chtype))
+                    return 0;
+            }
+        }
+    } else {
+        BIO_printf(bio_err, "No template, please set one up.\n");
+        return 0;
+    }
+
+    return 1;
+
+}
+
+static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
+                     STACK_OF(CONF_VALUE) *attr_sk, int attribs,
+                     unsigned long chtype)
+{
+    int i, spec_char, plus_char;
+    char *p, *q;
+    char *type;
+    CONF_VALUE *v;
+    X509_NAME *subj;
+
+    subj = X509_REQ_get_subject_name(req);
+
+    for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++) {
+        int mval;
+        v = sk_CONF_VALUE_value(dn_sk, i);
+        p = q = NULL;
+        type = v->name;
+        /*
+         * Skip past any leading X. X: X, etc to allow for multiple instances
+         */
+        for (p = v->name; *p; p++) {
+#ifndef CHARSET_EBCDIC
+            spec_char = ((*p == ':') || (*p == ',') || (*p == '.'));
+#else
+            spec_char = ((*p == os_toascii[':']) || (*p == os_toascii[','])
+                    || (*p == os_toascii['.']));
+#endif
+            if (spec_char) {
+                p++;
+                if (*p)
+                    type = p;
+                break;
+            }
+        }
+#ifndef CHARSET_EBCDIC
+        plus_char = (*type == '+');
+#else
+        plus_char = (*type == os_toascii['+']);
+#endif
+        if (plus_char) {
+            type++;
+            mval = -1;
+        } else {
+            mval = 0;
+        }
+        if (!X509_NAME_add_entry_by_txt(subj, type, chtype,
+                                        (unsigned char *)v->value, -1, -1,
+                                        mval))
+            return 0;
+
+    }
+
+    if (!X509_NAME_entry_count(subj)) {
+        BIO_printf(bio_err, "error, no objects specified in config file\n");
+        return 0;
+    }
+    if (attribs) {
+        for (i = 0; i < sk_CONF_VALUE_num(attr_sk); i++) {
+            v = sk_CONF_VALUE_value(attr_sk, i);
+            if (!X509_REQ_add1_attr_by_txt(req, v->name, chtype,
+                                           (unsigned char *)v->value, -1))
+                return 0;
+        }
+    }
+    return 1;
+}
+
+static int add_DN_object(X509_NAME *n, char *text, const char *def,
+                         char *value, int nid, int n_min, int n_max,
+                         unsigned long chtype, int mval)
+{
+    int ret = 0;
+    char buf[1024];
+
+    ret = build_data(text, def, value, n_min, n_max, buf, sizeof(buf),
+                     "DN value", "DN default");
+    if ((ret == 0) || (ret == 1))
+        return ret;
+    ret = 1;
+
+    if (!X509_NAME_add_entry_by_NID(n, nid, chtype,
+                                    (unsigned char *)buf, -1, -1, mval))
+        ret = 0;
+
+    return ret;
+}
+
+static int add_attribute_object(X509_REQ *req, char *text, const char *def,
+                                char *value, int nid, int n_min,
+                                int n_max, unsigned long chtype)
+{
+    int ret = 0;
+    char buf[1024];
+
+    ret = build_data(text, def, value, n_min, n_max, buf, sizeof(buf),
+                     "Attribute value", "Attribute default");
+    if ((ret == 0) || (ret == 1))
+        return ret;
+    ret = 1;
+
+    if (!X509_REQ_add1_attr_by_NID(req, nid, chtype,
+                                   (unsigned char *)buf, -1)) {
+        BIO_printf(bio_err, "Error adding attribute\n");
+        ERR_print_errors(bio_err);
+        ret = 0;
+    }
+
+    return ret;
+}
+
+
+static int build_data(char *text, const char *def,
+                         char *value, int n_min, int n_max,
+                         char *buf, const int buf_size,
+                         const char *desc1, const char *desc2
+                         )
+{
+    int i;
+ start:
+    if (!batch)
+        BIO_printf(bio_err, "%s [%s]:", text, def);
+    (void)BIO_flush(bio_err);
+    if (value != NULL) {
+        if (!join(buf, buf_size, value, "\n", desc1))
+            return 0;
+        BIO_printf(bio_err, "%s\n", value);
+    } else {
+        buf[0] = '\0';
+        if (!batch) {
+            if (!fgets(buf, buf_size, stdin))
+                return 0;
+        } else {
+            buf[0] = '\n';
+            buf[1] = '\0';
+        }
+    }
+
+    if (buf[0] == '\0')
+        return 0;
+    if (buf[0] == '\n') {
+        if ((def == NULL) || (def[0] == '\0'))
+            return 1;
+        if (!join(buf, buf_size, def, "\n", desc2))
+            return 0;
+    } else if ((buf[0] == '.') && (buf[1] == '\n')) {
+        return 1;
+    }
+
+    i = strlen(buf);
+    if (buf[i - 1] != '\n') {
+        BIO_printf(bio_err, "weird input :-(\n");
+        return 0;
+    }
+    buf[--i] = '\0';
+#ifdef CHARSET_EBCDIC
+    ebcdic2ascii(buf, buf, i);
+#endif
+    if (!req_check_len(i, n_min, n_max)) {
+        if (batch || value)
+            return 0;
+        goto start;
+    }
+    return 2;
+}
+
+static int req_check_len(int len, int n_min, int n_max)
+{
+    if ((n_min > 0) && (len < n_min)) {
+        BIO_printf(bio_err,
+                   "string is too short, it needs to be at least %d bytes long\n",
+                   n_min);
+        return 0;
+    }
+    if ((n_max >= 0) && (len > n_max)) {
+        BIO_printf(bio_err,
+                   "string is too long, it needs to be no more than %d bytes long\n",
+                   n_max);
+        return 0;
+    }
+    return 1;
+}
+
+/* Check if the end of a string matches 'end' */
+static int check_end(const char *str, const char *end)
+{
+    size_t elen, slen;
+    const char *tmp;
+
+    elen = strlen(end);
+    slen = strlen(str);
+    if (elen > slen)
+        return 1;
+    tmp = str + slen - elen;
+    return strcmp(tmp, end);
+}
+
+/*
+ * Merge the two strings together into the result buffer checking for
+ * overflow and producing an error message if there is.
+ */
+static int join(char buf[], size_t buf_size, const char *name,
+                const char *tail, const char *desc)
+{
+    const size_t name_len = strlen(name), tail_len = strlen(tail);
+
+    if (name_len + tail_len + 1 > buf_size) {
+        BIO_printf(bio_err, "%s '%s' too long\n", desc, name);
+        return 0;
+    }
+    memcpy(buf, name, name_len);
+    memcpy(buf + name_len, tail, tail_len + 1);
+    return 1;
+}
+
+static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr,
+                                    int *pkey_type, long *pkeylen,
+                                    char **palgnam, ENGINE *keygen_engine)
+{
+    EVP_PKEY_CTX *gctx = NULL;
+    EVP_PKEY *param = NULL;
+    long keylen = -1;
+    BIO *pbio = NULL;
+    const char *paramfile = NULL;
+
+    if (gstr == NULL) {
+        *pkey_type = EVP_PKEY_RSA;
+        keylen = *pkeylen;
+    } else if (gstr[0] >= '0' && gstr[0] <= '9') {
+        *pkey_type = EVP_PKEY_RSA;
+        keylen = atol(gstr);
+        *pkeylen = keylen;
+    } else if (strncmp(gstr, "param:", 6) == 0) {
+        paramfile = gstr + 6;
+    } else {
+        const char *p = strchr(gstr, ':');
+        int len;
+        ENGINE *tmpeng;
+        const EVP_PKEY_ASN1_METHOD *ameth;
+
+        if (p != NULL)
+            len = p - gstr;
+        else
+            len = strlen(gstr);
+        /*
+         * The lookup of a the string will cover all engines so keep a note
+         * of the implementation.
+         */
+
+        ameth = EVP_PKEY_asn1_find_str(&tmpeng, gstr, len);
+
+        if (ameth == NULL) {
+            BIO_printf(bio_err, "Unknown algorithm %.*s\n", len, gstr);
+            return NULL;
+        }
+
+        EVP_PKEY_asn1_get0_info(NULL, pkey_type, NULL, NULL, NULL, ameth);
+#ifndef OPENSSL_NO_ENGINE
+        ENGINE_finish(tmpeng);
+#endif
+        if (*pkey_type == EVP_PKEY_RSA) {
+            if (p != NULL) {
+                keylen = atol(p + 1);
+                *pkeylen = keylen;
+            } else {
+                keylen = *pkeylen;
+            }
+        } else if (p != NULL) {
+            paramfile = p + 1;
+        }
+    }
+
+    if (paramfile != NULL) {
+        pbio = BIO_new_file(paramfile, "r");
+        if (pbio == NULL) {
+            BIO_printf(bio_err, "Can't open parameter file %s\n", paramfile);
+            return NULL;
+        }
+        param = PEM_read_bio_Parameters(pbio, NULL);
+
+        if (param == NULL) {
+            X509 *x;
+
+            (void)BIO_reset(pbio);
+            x = PEM_read_bio_X509(pbio, NULL, NULL, NULL);
+            if (x != NULL) {
+                param = X509_get_pubkey(x);
+                X509_free(x);
+            }
+        }
+
+        BIO_free(pbio);
+
+        if (param == NULL) {
+            BIO_printf(bio_err, "Error reading parameter file %s\n", paramfile);
+            return NULL;
+        }
+        if (*pkey_type == -1) {
+            *pkey_type = EVP_PKEY_id(param);
+        } else if (*pkey_type != EVP_PKEY_base_id(param)) {
+            BIO_printf(bio_err, "Key Type does not match parameters\n");
+            EVP_PKEY_free(param);
+            return NULL;
+        }
+    }
+
+    if (palgnam != NULL) {
+        const EVP_PKEY_ASN1_METHOD *ameth;
+        ENGINE *tmpeng;
+        const char *anam;
+
+        ameth = EVP_PKEY_asn1_find(&tmpeng, *pkey_type);
+        if (ameth == NULL) {
+            BIO_puts(bio_err, "Internal error: can't find key algorithm\n");
+            return NULL;
+        }
+        EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL, &anam, ameth);
+        *palgnam = OPENSSL_strdup(anam);
+#ifndef OPENSSL_NO_ENGINE
+        ENGINE_finish(tmpeng);
+#endif
+    }
+
+    if (param != NULL) {
+        gctx = EVP_PKEY_CTX_new(param, keygen_engine);
+        *pkeylen = EVP_PKEY_bits(param);
+        EVP_PKEY_free(param);
+    } else {
+        gctx = EVP_PKEY_CTX_new_id(*pkey_type, keygen_engine);
+    }
+
+    if (gctx == NULL) {
+        BIO_puts(bio_err, "Error allocating keygen context\n");
+        ERR_print_errors(bio_err);
+        return NULL;
+    }
+
+    if (EVP_PKEY_keygen_init(gctx) <= 0) {
+        BIO_puts(bio_err, "Error initializing keygen context\n");
+        ERR_print_errors(bio_err);
+        EVP_PKEY_CTX_free(gctx);
+        return NULL;
+    }
+#ifndef OPENSSL_NO_RSA
+    if ((*pkey_type == EVP_PKEY_RSA) && (keylen != -1)) {
+        if (EVP_PKEY_CTX_set_rsa_keygen_bits(gctx, keylen) <= 0) {
+            BIO_puts(bio_err, "Error setting RSA keysize\n");
+            ERR_print_errors(bio_err);
+            EVP_PKEY_CTX_free(gctx);
+            return NULL;
+        }
+    }
+#endif
+
+    return gctx;
+}
+
+static int genpkey_cb(EVP_PKEY_CTX *ctx)
+{
+    char c = '*';
+    BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
+    int p;
+    p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
+    if (p == 0)
+        c = '.';
+    if (p == 1)
+        c = '+';
+    if (p == 2)
+        c = '*';
+    if (p == 3)
+        c = '\n';
+    BIO_write(b, &c, 1);
+    (void)BIO_flush(b);
+    return 1;
+}
+
+static int do_sign_init(EVP_MD_CTX *ctx, EVP_PKEY *pkey,
+                        const EVP_MD *md, STACK_OF(OPENSSL_STRING) *sigopts)
+{
+    EVP_PKEY_CTX *pkctx = NULL;
+    int i, def_nid;
+
+    if (ctx == NULL)
+        return 0;
+    /*
+     * EVP_PKEY_get_default_digest_nid() returns 2 if the digest is mandatory
+     * for this algorithm.
+     */
+    if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) == 2
+            && def_nid == NID_undef) {
+        /* The signing algorithm requires there to be no digest */
+        md = NULL;
+    }
+    if (!EVP_DigestSignInit(ctx, &pkctx, md, NULL, pkey))
+        return 0;
+    for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) {
+        char *sigopt = sk_OPENSSL_STRING_value(sigopts, i);
+        if (pkey_ctrl_string(pkctx, sigopt) <= 0) {
+            BIO_printf(bio_err, "parameter error \"%s\"\n", sigopt);
+            ERR_print_errors(bio_err);
+            return 0;
+        }
+    }
+    return 1;
+}
+
+int do_X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md,
+                 STACK_OF(OPENSSL_STRING) *sigopts)
+{
+    int rv;
+    EVP_MD_CTX *mctx = EVP_MD_CTX_new();
+
+    rv = do_sign_init(mctx, pkey, md, sigopts);
+    if (rv > 0)
+        rv = X509_sign_ctx(x, mctx);
+    EVP_MD_CTX_free(mctx);
+    return rv > 0 ? 1 : 0;
+}
+
+int do_X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md,
+                     STACK_OF(OPENSSL_STRING) *sigopts)
+{
+    int rv;
+    EVP_MD_CTX *mctx = EVP_MD_CTX_new();
+    rv = do_sign_init(mctx, pkey, md, sigopts);
+    if (rv > 0)
+        rv = X509_REQ_sign_ctx(x, mctx);
+    EVP_MD_CTX_free(mctx);
+    return rv > 0 ? 1 : 0;
+}
+
+int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md,
+                     STACK_OF(OPENSSL_STRING) *sigopts)
+{
+    int rv;
+    EVP_MD_CTX *mctx = EVP_MD_CTX_new();
+    rv = do_sign_init(mctx, pkey, md, sigopts);
+    if (rv > 0)
+        rv = X509_CRL_sign_ctx(x, mctx);
+    EVP_MD_CTX_free(mctx);
+    return rv > 0 ? 1 : 0;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/req.pem b/trunk/3rdparty/openssl-1.1-fit/apps/req.pem
new file mode 100644
index 000000000..5537df601
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/req.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBlzCCAVcCAQAwXjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
+ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEXMBUGA1UEAxMORXJp
+YyB0aGUgWW91bmcwge8wgaYGBSsOAwIMMIGcAkEA+ZiKEvZmc9MtnaFZh4NiZ3oZ
+S4J1PHvPrm9MXj5ntVheDPkdmBDTncyaGAJcMjwsyB/GvLDGd6yGCw/8eF+09wIV
+AK3VagOxGd/Q4Af5NbxR5FB7CXEjAkA2t/q7HgVLi0KeKvcDG8BRl3wuy7bCvpjg
+tWiJc/tpvcuzeuAayH89UofjAGueKjXDADiRffvSdhrNw5dkqdqlA0QAAkEAtUSo
+84OekjitKGVjxLu0HvXck29pu+foad53vPKXAsuJdACj88BPqZ91Y9PIJf1GUh38
+CuiHWi7z3cEDfZCyCKAAMAkGBSsOAwIbBQADLwAwLAIUTg8amKVBE9oqC5B75dDQ
+Chy3LdQCFHKodGEj3LjuTzdm/RTe2KZL9Uzf
+-----END CERTIFICATE REQUEST-----
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/rsa.c b/trunk/3rdparty/openssl-1.1-fit/apps/rsa.c
new file mode 100644
index 000000000..fdd02dce3
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/rsa.c
@@ -0,0 +1,316 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_RSA
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <stdio.h>
+# include <stdlib.h>
+# include <string.h>
+# include <time.h>
+# include "apps.h"
+# include "progs.h"
+# include <openssl/bio.h>
+# include <openssl/err.h>
+# include <openssl/rsa.h>
+# include <openssl/evp.h>
+# include <openssl/x509.h>
+# include <openssl/pem.h>
+# include <openssl/bn.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_IN, OPT_OUT,
+    OPT_PUBIN, OPT_PUBOUT, OPT_PASSOUT, OPT_PASSIN,
+    OPT_RSAPUBKEY_IN, OPT_RSAPUBKEY_OUT,
+    /* Do not change the order here; see case statements below */
+    OPT_PVK_NONE, OPT_PVK_WEAK, OPT_PVK_STRONG,
+    OPT_NOOUT, OPT_TEXT, OPT_MODULUS, OPT_CHECK, OPT_CIPHER
+} OPTION_CHOICE;
+
+const OPTIONS rsa_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"inform", OPT_INFORM, 'f', "Input format, one of DER PEM"},
+    {"outform", OPT_OUTFORM, 'f', "Output format, one of DER PEM PVK"},
+    {"in", OPT_IN, 's', "Input file"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"pubin", OPT_PUBIN, '-', "Expect a public key in input file"},
+    {"pubout", OPT_PUBOUT, '-', "Output a public key"},
+    {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
+    {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+    {"RSAPublicKey_in", OPT_RSAPUBKEY_IN, '-', "Input is an RSAPublicKey"},
+    {"RSAPublicKey_out", OPT_RSAPUBKEY_OUT, '-', "Output is an RSAPublicKey"},
+    {"noout", OPT_NOOUT, '-', "Don't print key out"},
+    {"text", OPT_TEXT, '-', "Print the key in text"},
+    {"modulus", OPT_MODULUS, '-', "Print the RSA key modulus"},
+    {"check", OPT_CHECK, '-', "Verify key consistency"},
+    {"", OPT_CIPHER, '-', "Any supported cipher"},
+# if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
+    {"pvk-strong", OPT_PVK_STRONG, '-', "Enable 'Strong' PVK encoding level (default)"},
+    {"pvk-weak", OPT_PVK_WEAK, '-', "Enable 'Weak' PVK encoding level"},
+    {"pvk-none", OPT_PVK_NONE, '-', "Don't enforce PVK encoding"},
+# endif
+# ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+# endif
+    {NULL}
+};
+
+int rsa_main(int argc, char **argv)
+{
+    ENGINE *e = NULL;
+    BIO *out = NULL;
+    RSA *rsa = NULL;
+    const EVP_CIPHER *enc = NULL;
+    char *infile = NULL, *outfile = NULL, *prog;
+    char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL;
+    int i, private = 0;
+    int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, check = 0;
+    int noout = 0, modulus = 0, pubin = 0, pubout = 0, ret = 1;
+# if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
+    int pvk_encr = 2;
+# endif
+    OPTION_CHOICE o;
+
+    prog = opt_init(argc, argv, rsa_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(rsa_options);
+            ret = 0;
+            goto end;
+        case OPT_INFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_ANY, &informat))
+                goto opthelp;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_ANY, &outformat))
+                goto opthelp;
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_PASSIN:
+            passinarg = opt_arg();
+            break;
+        case OPT_PASSOUT:
+            passoutarg = opt_arg();
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_PUBIN:
+            pubin = 1;
+            break;
+        case OPT_PUBOUT:
+            pubout = 1;
+            break;
+        case OPT_RSAPUBKEY_IN:
+            pubin = 2;
+            break;
+        case OPT_RSAPUBKEY_OUT:
+            pubout = 2;
+            break;
+        case OPT_PVK_STRONG:    /* pvk_encr:= 2 */
+        case OPT_PVK_WEAK:      /* pvk_encr:= 1 */
+        case OPT_PVK_NONE:      /* pvk_encr:= 0 */
+# if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
+            pvk_encr = (o - OPT_PVK_NONE);
+# endif
+            break;
+        case OPT_NOOUT:
+            noout = 1;
+            break;
+        case OPT_TEXT:
+            text = 1;
+            break;
+        case OPT_MODULUS:
+            modulus = 1;
+            break;
+        case OPT_CHECK:
+            check = 1;
+            break;
+        case OPT_CIPHER:
+            if (!opt_cipher(opt_unknown(), &enc))
+                goto opthelp;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    private = (text && !pubin) || (!pubout && !noout) ? 1 : 0;
+
+    if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
+        BIO_printf(bio_err, "Error getting passwords\n");
+        goto end;
+    }
+    if (check && pubin) {
+        BIO_printf(bio_err, "Only private keys can be checked\n");
+        goto end;
+    }
+
+    {
+        EVP_PKEY *pkey;
+
+        if (pubin) {
+            int tmpformat = -1;
+            if (pubin == 2) {
+                if (informat == FORMAT_PEM)
+                    tmpformat = FORMAT_PEMRSA;
+                else if (informat == FORMAT_ASN1)
+                    tmpformat = FORMAT_ASN1RSA;
+            } else {
+                tmpformat = informat;
+            }
+
+            pkey = load_pubkey(infile, tmpformat, 1, passin, e, "Public Key");
+        } else {
+            pkey = load_key(infile, informat, 1, passin, e, "Private Key");
+        }
+
+        if (pkey != NULL)
+            rsa = EVP_PKEY_get1_RSA(pkey);
+        EVP_PKEY_free(pkey);
+    }
+
+    if (rsa == NULL) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    out = bio_open_owner(outfile, outformat, private);
+    if (out == NULL)
+        goto end;
+
+    if (text) {
+        assert(pubin || private);
+        if (!RSA_print(out, rsa, 0)) {
+            perror(outfile);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (modulus) {
+        const BIGNUM *n;
+        RSA_get0_key(rsa, &n, NULL, NULL);
+        BIO_printf(out, "Modulus=");
+        BN_print(out, n);
+        BIO_printf(out, "\n");
+    }
+
+    if (check) {
+        int r = RSA_check_key_ex(rsa, NULL);
+
+        if (r == 1) {
+            BIO_printf(out, "RSA key ok\n");
+        } else if (r == 0) {
+            unsigned long err;
+
+            while ((err = ERR_peek_error()) != 0 &&
+                   ERR_GET_LIB(err) == ERR_LIB_RSA &&
+                   ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY_EX &&
+                   ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE) {
+                BIO_printf(out, "RSA key error: %s\n",
+                           ERR_reason_error_string(err));
+                ERR_get_error(); /* remove err from error stack */
+            }
+        } else if (r == -1) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (noout) {
+        ret = 0;
+        goto end;
+    }
+    BIO_printf(bio_err, "writing RSA key\n");
+    if (outformat == FORMAT_ASN1) {
+        if (pubout || pubin) {
+            if (pubout == 2)
+                i = i2d_RSAPublicKey_bio(out, rsa);
+            else
+                i = i2d_RSA_PUBKEY_bio(out, rsa);
+        } else {
+            assert(private);
+            i = i2d_RSAPrivateKey_bio(out, rsa);
+        }
+    } else if (outformat == FORMAT_PEM) {
+        if (pubout || pubin) {
+            if (pubout == 2)
+                i = PEM_write_bio_RSAPublicKey(out, rsa);
+            else
+                i = PEM_write_bio_RSA_PUBKEY(out, rsa);
+        } else {
+            assert(private);
+            i = PEM_write_bio_RSAPrivateKey(out, rsa,
+                                            enc, NULL, 0, NULL, passout);
+        }
+# ifndef OPENSSL_NO_DSA
+    } else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
+        EVP_PKEY *pk;
+        pk = EVP_PKEY_new();
+        if (pk == NULL)
+            goto end;
+
+        EVP_PKEY_set1_RSA(pk, rsa);
+        if (outformat == FORMAT_PVK) {
+            if (pubin) {
+                BIO_printf(bio_err, "PVK form impossible with public key input\n");
+                EVP_PKEY_free(pk);
+                goto end;
+            }
+            assert(private);
+#  ifdef OPENSSL_NO_RC4
+            BIO_printf(bio_err, "PVK format not supported\n");
+            EVP_PKEY_free(pk);
+            goto end;
+#  else
+            i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout);
+#  endif
+        } else if (pubin || pubout) {
+            i = i2b_PublicKey_bio(out, pk);
+        } else {
+            assert(private);
+            i = i2b_PrivateKey_bio(out, pk);
+        }
+        EVP_PKEY_free(pk);
+# endif
+    } else {
+        BIO_printf(bio_err, "bad output format specified for outfile\n");
+        goto end;
+    }
+    if (i <= 0) {
+        BIO_printf(bio_err, "unable to write key\n");
+        ERR_print_errors(bio_err);
+    } else {
+        ret = 0;
+    }
+ end:
+    release_engine(e);
+    BIO_free_all(out);
+    RSA_free(rsa);
+    OPENSSL_free(passin);
+    OPENSSL_free(passout);
+    return ret;
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/rsa8192.pem b/trunk/3rdparty/openssl-1.1-fit/apps/rsa8192.pem
new file mode 100644
index 000000000..946a6e543
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/rsa8192.pem
@@ -0,0 +1,101 @@
+-----BEGIN RSA PRIVATE KEY-----
+
+MIISKAIBAAKCBAEAiQ2f1X6Bte1DKD0OoCBKEikzPW+5w3oXk3WwnE97Wxzy6wJZ
+ebbZC3CZKKBnJeBMrysPf+lK+9+fP6Vm8bp1wvbcSIA59BDrX6irFSuM/bdnkbuF
+MFlDjt+uVrxwoyqfPi2IPot1HQg3l5mdyBqcTWvbOnU2L9HZxJfPUCjfzdTMPrMY
+55/A20XL7tlV2opEfwhy3uVlveQBM0DnZ3MUQfrk+lRRNWv7yE4ScbOfER9fjvOm
+yJc3ZbOa3e+AMGGU9OqJ/fyOl0SGYyP2k23omy/idBV4uOs8QWdnAvq8UOzDdua3
+tuf5Tn17XBurPJ8juwyPBNispkwwn8BjxAZVPhwUIcxFBg339IxJ9cW0WdVy4nNA
+LWo/8Ahlf+kZNnFNGCPFytU9gGMLMhab9w/rLrwa9qNe4L8Fmu1JxONn1WfhMOKE
+aFmycf2olJsYLgUIGYZrjnYu0p/7P3yhTOv8JIhmK+SzmA/I0xiQoF84rpaQzH2d
+PvxICOA9oQSowou0gLuBSZWm6LiXirg1DZCziU46v33ErQlWM1dSyNaUSzihcV59
+mVD0nmzboXH75lGiyiZlp8cLbozzoCwvk9rYqpUGSBzbAy0ECCpabGpzO2Ug+oDi
+71e5z4WMpeoR4IS8MaOG/GsJnwaXhiB/gNYfK+8pRADVk5StEAZDE2alSuCbDs0z
+d9zYr4/em5T9VZsLetxRE7pm/Es9yELuViz8/Tm0/8MVdmNYc/xZU1t6qYYFdyQ2
+wlGDTiNPsjR8yXCkmBjKwqnuleu1X6LaZu3VPhEkXGcyFAquQUkSiMv0Yu74qAe0
+bQ2v+jjZzP6AM9LUo89cW4Kd8SGD96BdNlAVPNMXoBcIOsZBwsOtETBd4KAyvkXE
+Ob17u+PLl4UPnSxm9ypKZunUNFRPxtKUyjySYnvlGL+kTjAXrIrZwKJqIn0uhnfa
+Ck3o7bU6yVMK22ODxy2/Vi3E0P6k5JLwnrF0VIOBqGhts66qo6mWDP8l6MZHARFd
+pU+nofssVmr8tLKmMmjYGMM5GmKIXRNBs0ksTwFnKRs9AmpE5owC8tTSVdTAkGuS
+os7QwLvyvNzq7BGJiVr0Iy3Dhsl1vzR35acNOrCsDl3DcCQONKJ2sVXV4pD3dBah
+mG3sR/jHgjasffJJ35uiGoAua9dbT7HG/+D0z1SHYaVqH8zO4VZSOnGJh/P9rtxx
+cckFDbiag/JMWig2lbnCjebTtp/BcUsK3TNaDOb7vb0LvbAeRJadd1EFu6PSlH3K
+LykSUPm4UedvUU3cWjqkSY5lITFJkVaIYOv/EljYtK7p7kFZFTaEwMAWxgsXU3pQ
+tTzVmq1gZ4vXPwcUq0zK50Frq0F7SQc21ZsunwIDAQABAoIEADuQAkDEpBausJsS
+PgL1RXuzECPJJJCBxTE+2qx0FoY4hJICCWTORHGmU8nGPE3Ht0wBiNDsULw6KXl9
+psmzYW6D3qRbpdQebky6fu/KZ5H0XTyGpJGomaXELH5hkwo2gdKB805LSXB+m7p0
+9o96kSdMkpBLVGtf5iZ8W4rY2LsZmlI9f7taQHSLVt/M8HTz1mTnBRU92QO3zZW6
+xVa+OrWaFl18u3ZeIaSh2X40tBK68cqstXVD0r2OWuXNKobcQeJW8/XABzBShZ0c
+ihL0lzyqiN4uXrLu+Nbr22b+FU2OODy6dGk3U6/69NvI4piMCPlHsfhHOnFjd1ZW
+RIVywyUlCtLNdcn11CchuRro+0J3c2Ba+i9Cl9r3qzT11xFEGF8/XLyUBBCB+uGf
+1dR/xJQhCA7cXWWLXyI/semxcvTaGpImP6kiIl1MAjHjXZTSdvyw4JmfXyYGhSjI
+P0mw3Xn7FXxJ/os9gOfNKz2nZHjr0q4sgWRYO+4vllkeL0GteZrg4oVaVpmZb7LH
+77afhodLylhijlEtV5skfkPujbBLQk6E5Ez3U/huEt2NLg6guADmwxMxfBRliZO4
+4Ex/td4cuggpEj3FGJV74qRvdvj/MF/uF7IxC/3WapPIsFBFH4zrJsUYt6u3L68I
+/KC/bfioDeUR/8ANw1DNh+UsnPV3GJIwDkIJKdppi2uXPahJyJQQ8Inps53nn8Gg
+GifS+HnOXNgMoKOJnZ9IDGjXpfjIs8dJNrGfDHF0mH30N2WARq2v/a3cNUC+f8Bq
+HSKQ9YrZopktMunsut8u7ZYbTmjIqJpXCaM0CCrSlzSMTDHFSj2tzLk6+qnxeGxB
+ZwIdShbdeK+0ETG91lE1e9RPQs/uXQP9+uCHJV0YpqQcA6pkCLYJfYpoSMu/Bafy
+AgfVZz6l5tyEnV0wCcbopsQShc1k9xtTbYNF1h9AQHknj6zeDW4iZMvmVeh3RovT
+52OA2R8oLyauF+QaG6x2wUjEx13SJlaBarJZ4seZIOJ+a8+oNzKsbgokXc2cyC9p
+5FAZz1OsOb68o93qD1Xvl7bY97fq2q55L7G1XHPPLtZE5lGiLGDtnAuwY8UPrdpr
+7Mv2yIxB7xVGurXyHb5PvusR88XED6HMPfLBG/55ENHTal7G5mRix+IWSBAIkxA5
+KZ0j8r5Ng4+wELZhqFQai39799bIAyiV6CEz4kyDXlo0kSSexp8o4iz5sPq5vp6h
+cCb7rdRw7uRnbXrHmXahxoB+ibXaurgV/6B2yurrU/UFoxEp2sHp8LXZGfF6ztY1
+dMhSQAACK2vGy5yNagbkTHLgVaHicG5zavJBqzCE+lbPlCqhOUQPdOIwvjHNjdS/
+DL3WV/ECggIBAMbW65wPk/i43nSyeZeYwcHtR1SUJqDXavYfBPC0VRhKz+7DVMFw
+Nwnocn6gITABc445W1yl7U3uww+LGuDlSlFnd8WuiXpVYud9/jeNu6Mu4wvNsnWr
+f4f4ua8CcS03GmqmcbROD2Z6by1AblCZ2UL1kv9cUX1FLVjPP1ESAGKoePt3BmZQ
+J1uJfK8HilNT8dcUlj/5CBi2uHxttDhoG0sxXE/SVsG9OD/Pjme0mj7gdzc6Ztd+
+TALuvpNQR4pRzfo5XWDZBcEYntcEE3PxYJB1+vnZ8509ew5/yLHTbLjFxIcx71zY
+fhH0gM36Sz7mz37r0+E/QkRkc5bVIDC4LDnWmjpAde6QUx0d218ShNx6sJo4kt5c
+Dd7tEVx8nuX8AIZYgwsOb382anLyFRkkmEdK3gRvwQ6SWR36Ez5L7/mHWODpLAX5
+mVBKSG4/ccFbc633/g0xHw0Nwajir/klckdakuYPlwF0yAxJSKDLhmNctDhRmxjC
+YP+fISkl5oTvFRzJH6HEyNu8M3ybRvmpPIjM5J5JpnB2IYbohYBR+T6/97C1DKrd
+mzL5PjlrWm0c1/d7LlDoP65fOShDMmj2zCiBAHHOM0Alokx+v5LmMd8NJumZIwGJ
+Rt5OpeMOhowz6j1AjYxYgV7PmJL6Ovpfb775od/aLaUbbwHz2uWIvfF7AoICAQCw
+c7NaO7oJVLJClhYw6OCvjT6oqtgNVWaennnDiJgzY9lv5HEgV0MAG0eYuB3hvj+w
+Y1P9DJxP1D+R+cshYrAFg8yU/3kaYVNI0Bl3ygX0eW1b/0HZTdocs+8kM/9PZQDR
+WrKQoU5lHvqRt99dXlD4NWGI2YQtzdZ8iet9QLqnjwRZabgE96mF01qKisMnFcsh
+KjT7ieheU4J15TZj/mdZRNK126d7e3q/rNj73e5EJ9tkYLcolSr4gpknUMJULSEi
+JH1/Qx7C/mTAMRsN5SkOthnGq0djCNWfPv/3JV0H67Uf5krFlnwLebrgfTYoPPdo
+yO7iBUNJzv6Qh22malLp4P8gzACkD7DGlSTnoB5cLwcjmDGg+i9WrUBbOiVTeQfZ
+kOj1o+Tz35ndpq/DDUVlqliB9krcxva+QHeJPH53EGI+YVg1nD+s/vUDZ3mQMGX9
+DQou2L8uU6RnWNv/BihGcL8QvS4Ty6QyPOUPpD3zc70JQAEcQk9BxQNaELgJX0IN
+22cYn22tYvElew9G41OpDqzBRcfbdJmKXQ2HcroShutYJQRGUpAXHk24fy6JVkIU
+ojF5U6cwextMja1ZIIZgh9eugIRUeIE7319nQNDzuXWjRCcoBLA25P7wnpHWDRpz
+D9ovXCIvdja74lL5psqobV6L5+fbLPkSgXoImKR0LQKCAgAIC9Jk8kxumCyIVGCP
+PeM5Uby9M3GMuKrfYsn0Y5e97+kSJF1dpojTodBgR2KQar6eVrvXt+8uZCcIjfx8
+dUrYmHNEUJfHl4T1ESgkX1vkcpVFeQFruZDjk7EP3+1sgvpSroGTZkVBRFsTXbQZ
+FuCv0Pgt1TKG+zGmklxhj3TsiRy8MEjWAxBUp++ftZJnZNI4feDGnfEx7tLwVhAg
+6DWSiWDO6hgQpvOLwX5lu+0x9itc1MQsnDO/OqIDnBAJDN5k7cVVkfKlqbVjxgpz
+eqUJs3yAd81f44kDQTCB4ahYocgeIGsrOqd/WoGL1EEPPo/O9wQP7VtlIRt8UwuG
+bS18+a4sBUfAa56xYu/pnPo7YcubsgZfcSIujzFQqMpVTClJRnOnEuJ4J1+PXzRz
+XAO9fs4VJ+CMEmgAyonUz4Xadxulnknlw//sO9VKgM69oFHCDHL/XamAAbqAdwvf
+7R/+uy+Ol7romC0wMhb6SsIZazrvvH2mNtduAKZ638nAP1x/WbQp+6iVG7yJok7w
+82Q7tO7baOePTXh12Rrt4mNPor0HLYxhra4GFgfqkumJ2Mz0esuZAozxJXFOq8ly
+beo9CVtXP5zbT6qNpeNismX6PLICaev8t+1iOZSE56WSLtefuuj/cOVrTMNDz1Rr
+pUkEVV2zjUSjlcScM538A9iL2QKCAgBLbBk0r6T0ihRsK9UucMxhnYEz/Vq+UEu9
+70Vi1AciqEJv9nh4d3Q3HnH7EHANZxG4Jqzm1DYYVUQa9GfkTFeq88xFv/GW2hUM
+YY8RSfRDrIeXNEOETCe37x2AHw25dRXlZtw+wARPau91y9+Y/FCl18NqCHfcUEin
+ERjsf/eI2bPlODAlR2tZvZ7M60VBdqpN8cmV3zvI3e88z43xLfQlDyr1+v7a5Evy
+lEJnXlSTI2o+vKxtl103vjMSwA1gh63K90gBVsJWXQDZueOzi8mB9UqNRfcMmOEe
+4YHttTXPxeu0x+4cCRfam9zKShsVFgI28vRQ/ijl6qmbQ5gV8wqf18GV1j1L4z0P
+lP6iVynDA4MMrug/w9DqPsHsfK0pwekeETfSj4y0xVXyjWZBfHG2ZBrS6mDTf+RG
+LC4sJgR0hjdILLnUqIX7PzuhieBHRrjBcopwvcryVWRHnI7kslAS0+yHjiWc5oW3
+x5mtlum4HzelNYuD9cAE/95P6CeSMfp9CyIE/KSX4VvsRm6gQVkoQRKMxnQIFQ3w
+O5gl1l88vhjoo2HxYScgCp70BsDwiUNTqIR3NM+ZBHYFweVf3Gwz5LzHZT2rEZtD
+6VXRP75Q/2wOLnqCO4bK4BUs6sqxcQZmOldruPkPynrY0oPfHHExjxZDvQu4/r80
+Ls3n0L8yvQKCAgEAnYWS6EikwaQNpJEfiUnOlglgFz4EE1eVkrDbBY4J3oPU+doz
+DrqmsvgpSZIAfd2MUbkN4pOMsMTjbeIYWDnZDa1RoctKs3FhwFPHwAjQpznab4mn
+Bp81FMHM40qyb0NaNuFRwghdXvoQvBBX1p8oEnFzDRvTiuS/vTPTA8KDY8IeRp8R
+oGzKHpfziNwq/URpqj7pwi9odNjGZvR2IwYw9jCLPIqaEbMoSOdI0mg4MoYyqP4q
+nm7d4wqSDwrYxiXZ6f3nYpkhEY1lb0Wbksp1ig8sKSF4nDZRGK1RSfE+6gjBp94H
+X/Wog6Zb6NC9ZpusTiDLvuIUXcyUJvmHiWjSNqiTv8jurlwEsgSwhziEQfqLrtdV
+QI3PRMolBkD1iCk+HFE53r05LMf1bp3r4MS+naaQrLbIrl1kgDNGwVdgS+SCM7Bg
+TwEgE67iOb2iIoUpon/NyP4LesMzvdpsu2JFlfz13PmmQ34mFI7tWvOb3NA5DP3c
+46C6SaWI0TD9B11nJbHGTYN3Si9n0EBgoDJEXUKeh3km9O47dgvkSug4WzhYsvrE
+rMlMLtKfp2w8HlMZpsUlToNCx6CI+tJrohzcs3BAVAbjFAXRKWGijB1rxwyDdHPv
+I+/wJTNaRNPQ1M0SwtEL/zJd21y3KSPn4eL+GP3efhlDSjtlDvZqkdAUsU8=
+-----END RSA PRIVATE KEY-----
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/rsautl.c b/trunk/3rdparty/openssl-1.1-fit/apps/rsautl.c
new file mode 100644
index 000000000..5da8504d3
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/rsautl.c
@@ -0,0 +1,282 @@
+/*
+ * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_RSA
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include "apps.h"
+# include "progs.h"
+# include <string.h>
+# include <openssl/err.h>
+# include <openssl/pem.h>
+# include <openssl/rsa.h>
+
+# define RSA_SIGN        1
+# define RSA_VERIFY      2
+# define RSA_ENCRYPT     3
+# define RSA_DECRYPT     4
+
+# define KEY_PRIVKEY     1
+# define KEY_PUBKEY      2
+# define KEY_CERT        3
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_ENGINE, OPT_IN, OPT_OUT, OPT_ASN1PARSE, OPT_HEXDUMP,
+    OPT_RAW, OPT_OAEP, OPT_SSL, OPT_PKCS, OPT_X931,
+    OPT_SIGN, OPT_VERIFY, OPT_REV, OPT_ENCRYPT, OPT_DECRYPT,
+    OPT_PUBIN, OPT_CERTIN, OPT_INKEY, OPT_PASSIN, OPT_KEYFORM,
+    OPT_R_ENUM
+} OPTION_CHOICE;
+
+const OPTIONS rsautl_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"in", OPT_IN, '<', "Input file"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"inkey", OPT_INKEY, 's', "Input key"},
+    {"keyform", OPT_KEYFORM, 'E', "Private key format - default PEM"},
+    {"pubin", OPT_PUBIN, '-', "Input is an RSA public"},
+    {"certin", OPT_CERTIN, '-', "Input is a cert carrying an RSA public key"},
+    {"ssl", OPT_SSL, '-', "Use SSL v2 padding"},
+    {"raw", OPT_RAW, '-', "Use no padding"},
+    {"pkcs", OPT_PKCS, '-', "Use PKCS#1 v1.5 padding (default)"},
+    {"oaep", OPT_OAEP, '-', "Use PKCS#1 OAEP"},
+    {"sign", OPT_SIGN, '-', "Sign with private key"},
+    {"verify", OPT_VERIFY, '-', "Verify with public key"},
+    {"asn1parse", OPT_ASN1PARSE, '-',
+     "Run output through asn1parse; useful with -verify"},
+    {"hexdump", OPT_HEXDUMP, '-', "Hex dump output"},
+    {"x931", OPT_X931, '-', "Use ANSI X9.31 padding"},
+    {"rev", OPT_REV, '-', "Reverse the order of the input buffer"},
+    {"encrypt", OPT_ENCRYPT, '-', "Encrypt with public key"},
+    {"decrypt", OPT_DECRYPT, '-', "Decrypt with private key"},
+    {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+    OPT_R_OPTIONS,
+# ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+# endif
+    {NULL}
+};
+
+int rsautl_main(int argc, char **argv)
+{
+    BIO *in = NULL, *out = NULL;
+    ENGINE *e = NULL;
+    EVP_PKEY *pkey = NULL;
+    RSA *rsa = NULL;
+    X509 *x;
+    char *infile = NULL, *outfile = NULL, *keyfile = NULL;
+    char *passinarg = NULL, *passin = NULL, *prog;
+    char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY;
+    unsigned char *rsa_in = NULL, *rsa_out = NULL, pad = RSA_PKCS1_PADDING;
+    int rsa_inlen, keyformat = FORMAT_PEM, keysize, ret = 1;
+    int rsa_outlen = 0, hexdump = 0, asn1parse = 0, need_priv = 0, rev = 0;
+    OPTION_CHOICE o;
+
+    prog = opt_init(argc, argv, rsautl_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(rsautl_options);
+            ret = 0;
+            goto end;
+        case OPT_KEYFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PDE, &keyformat))
+                goto opthelp;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_ASN1PARSE:
+            asn1parse = 1;
+            break;
+        case OPT_HEXDUMP:
+            hexdump = 1;
+            break;
+        case OPT_RAW:
+            pad = RSA_NO_PADDING;
+            break;
+        case OPT_OAEP:
+            pad = RSA_PKCS1_OAEP_PADDING;
+            break;
+        case OPT_SSL:
+            pad = RSA_SSLV23_PADDING;
+            break;
+        case OPT_PKCS:
+            pad = RSA_PKCS1_PADDING;
+            break;
+        case OPT_X931:
+            pad = RSA_X931_PADDING;
+            break;
+        case OPT_SIGN:
+            rsa_mode = RSA_SIGN;
+            need_priv = 1;
+            break;
+        case OPT_VERIFY:
+            rsa_mode = RSA_VERIFY;
+            break;
+        case OPT_REV:
+            rev = 1;
+            break;
+        case OPT_ENCRYPT:
+            rsa_mode = RSA_ENCRYPT;
+            break;
+        case OPT_DECRYPT:
+            rsa_mode = RSA_DECRYPT;
+            need_priv = 1;
+            break;
+        case OPT_PUBIN:
+            key_type = KEY_PUBKEY;
+            break;
+        case OPT_CERTIN:
+            key_type = KEY_CERT;
+            break;
+        case OPT_INKEY:
+            keyfile = opt_arg();
+            break;
+        case OPT_PASSIN:
+            passinarg = opt_arg();
+            break;
+        case OPT_R_CASES:
+            if (!opt_rand(o))
+                goto end;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    if (need_priv && (key_type != KEY_PRIVKEY)) {
+        BIO_printf(bio_err, "A private key is needed for this operation\n");
+        goto end;
+    }
+
+    if (!app_passwd(passinarg, NULL, &passin, NULL)) {
+        BIO_printf(bio_err, "Error getting password\n");
+        goto end;
+    }
+
+    switch (key_type) {
+    case KEY_PRIVKEY:
+        pkey = load_key(keyfile, keyformat, 0, passin, e, "Private Key");
+        break;
+
+    case KEY_PUBKEY:
+        pkey = load_pubkey(keyfile, keyformat, 0, NULL, e, "Public Key");
+        break;
+
+    case KEY_CERT:
+        x = load_cert(keyfile, keyformat, "Certificate");
+        if (x) {
+            pkey = X509_get_pubkey(x);
+            X509_free(x);
+        }
+        break;
+    }
+
+    if (pkey == NULL)
+        return 1;
+
+    rsa = EVP_PKEY_get1_RSA(pkey);
+    EVP_PKEY_free(pkey);
+
+    if (rsa == NULL) {
+        BIO_printf(bio_err, "Error getting RSA key\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    in = bio_open_default(infile, 'r', FORMAT_BINARY);
+    if (in == NULL)
+        goto end;
+    out = bio_open_default(outfile, 'w', FORMAT_BINARY);
+    if (out == NULL)
+        goto end;
+
+    keysize = RSA_size(rsa);
+
+    rsa_in = app_malloc(keysize * 2, "hold rsa key");
+    rsa_out = app_malloc(keysize, "output rsa key");
+
+    /* Read the input data */
+    rsa_inlen = BIO_read(in, rsa_in, keysize * 2);
+    if (rsa_inlen < 0) {
+        BIO_printf(bio_err, "Error reading input Data\n");
+        goto end;
+    }
+    if (rev) {
+        int i;
+        unsigned char ctmp;
+        for (i = 0; i < rsa_inlen / 2; i++) {
+            ctmp = rsa_in[i];
+            rsa_in[i] = rsa_in[rsa_inlen - 1 - i];
+            rsa_in[rsa_inlen - 1 - i] = ctmp;
+        }
+    }
+    switch (rsa_mode) {
+
+    case RSA_VERIFY:
+        rsa_outlen = RSA_public_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
+        break;
+
+    case RSA_SIGN:
+        rsa_outlen =
+            RSA_private_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
+        break;
+
+    case RSA_ENCRYPT:
+        rsa_outlen = RSA_public_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
+        break;
+
+    case RSA_DECRYPT:
+        rsa_outlen =
+            RSA_private_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
+        break;
+    }
+
+    if (rsa_outlen < 0) {
+        BIO_printf(bio_err, "RSA operation error\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+    ret = 0;
+    if (asn1parse) {
+        if (!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) {
+            ERR_print_errors(bio_err);
+        }
+    } else if (hexdump) {
+        BIO_dump(out, (char *)rsa_out, rsa_outlen);
+    } else {
+        BIO_write(out, rsa_out, rsa_outlen);
+    }
+ end:
+    RSA_free(rsa);
+    release_engine(e);
+    BIO_free(in);
+    BIO_free_all(out);
+    OPENSSL_free(rsa_in);
+    OPENSSL_free(rsa_out);
+    OPENSSL_free(passin);
+    return ret;
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/s1024key.pem b/trunk/3rdparty/openssl-1.1-fit/apps/s1024key.pem
new file mode 100644
index 000000000..19e040357
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/s1024key.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQCzEfU8E+ZGTGtHXV5XhvM2Lg32fXUIjydXb34BGVPX6oN7+aNV
+S9eWayvW/+9/vUb0aCqilJrpFesgItV2T8VhhjOE++XUz46uNpcMU7wHMEAXUufP
+pztpFm8ZEk2tFKvadkSSoN8lb11juvZVkSkPlB65pFhSe4QKSp6J4HrkYwIDAQAB
+AoGBAKy8jvb0Lzby8q11yNLf7+78wCVdYi7ugMHcYA1JVFK8+zb1WfSm44FLQo/0
+dSChAjgz36TTexeLODPYxleJndjVcOMVzsLJjSM8dLpXsTS4FCeMbhw2s2u+xqKY
+bbPWfk+HOTyJjfnkcC5Nbg44eOmruq0gSmBeUXVM5UntlTnxAkEA7TGCA3h7kx5E
+Bl4zl2pc3gPAGt+dyfk5Po9mGJUUXhF5p2zueGmYWW74TmOWB1kzt4QRdYMzFePq
+zfDNXEa1CwJBAMFErdY0xp0UJ13WwBbUTk8rujqQdHtjw0klhpbuKkjxu2hN0wwM
+6p0D9qxF7JHaghqVRI0fAW/EE0OzdHMR9QkCQQDNR26dMFXKsoPu+vItljj/UEGf
+QG7gERiQ4yxaFBPHgdpGo0kT31eh9x9hQGDkxTe0GNG/YSgCRvm8+C3TMcKXAkBD
+dhGn36wkUFCddMSAM4NSJ1VN8/Z0y5HzCmI8dM3VwGtGMUQlxKxwOl30LEQzdS5M
+0SWojNYXiT2gOBfBwtbhAkEAhafl5QEOIgUz+XazS/IlZ8goNKdDVfYgK3mHHjvv
+nY5G+AuGebdNkXJr4KSWxDcN+C2i47zuj4QXA16MAOandA==
+-----END RSA PRIVATE KEY-----
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/s1024req.pem b/trunk/3rdparty/openssl-1.1-fit/apps/s1024req.pem
new file mode 100644
index 000000000..bb75e7eeb
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/s1024req.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBojCCAQsCAQAwZDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx
+GjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSQwIgYDVQQDExtTZXJ2ZXIgdGVz
+dCBjZXJ0ICgxMDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALMR
+9TwT5kZMa0ddXleG8zYuDfZ9dQiPJ1dvfgEZU9fqg3v5o1VL15ZrK9b/73+9RvRo
+KqKUmukV6yAi1XZPxWGGM4T75dTPjq42lwxTvAcwQBdS58+nO2kWbxkSTa0Uq9p2
+RJKg3yVvXWO69lWRKQ+UHrmkWFJ7hApKnongeuRjAgMBAAEwDQYJKoZIhvcNAQEE
+BQADgYEAStHlk4pBbwiNeQ2/PKTPPXzITYC8Gn0XMbrU94e/6JIKiO7aArq9Espq
+nrBSvC14dHcNl6NNvnkEKdQ7hAkcACfBbnOXA/oQvMBd4GD78cH3k0jVDoVUEjil
+frLfWlckW6WzpTktt0ZPDdAjJCmKVh0ABHimi7Bo9FC3wIGIe5M=
+-----END CERTIFICATE REQUEST-----
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/s512-key.pem b/trunk/3rdparty/openssl-1.1-fit/apps/s512-key.pem
new file mode 100644
index 000000000..0e3ff2d37
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/s512-key.pem
@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD
+TGiXav6ooKXfX3j/7tdkuD8Ey2//Kv7+ue0CAwEAAQJAN6W31vDEP2DjdqhzCDDu
+OA4NACqoiFqyblo7yc2tM4h4xMbC3Yx5UKMN9ZkCtX0gzrz6DyF47bdKcWBzNWCj
+gQIhANEoojVt7hq+SQ6MCN6FTAysGgQf56Q3TYoJMoWvdiXVAiEAw3e3rc+VJpOz
+rHuDo6bgpjUAAXM+v3fcpsfZSNO6V7kCIQCtbVjanpUwvZkMI9by02oUk9taki3b
+PzPfAfNPYAbCJQIhAJXNQDWyqwn/lGmR11cqY2y9nZ1+5w3yHGatLrcDnQHxAiEA
+vnlEGo8K85u+KwIOimM48ZG8oTk7iFdkqLJR1utT3aU=
+-----END RSA PRIVATE KEY-----
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/s512-req.pem b/trunk/3rdparty/openssl-1.1-fit/apps/s512-req.pem
new file mode 100644
index 000000000..ea314be55
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/s512-req.pem
@@ -0,0 +1,8 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBGzCBxgIBADBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEa
+MBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0
+IGNlcnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8S
+MVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8E
+y2//Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAANBAAB+uQi+qwn6qRSHB8EUTvsm
+5TNTHzYDeN39nyIbZNX2s0se3Srn2Bxft5YCwD3moFZ9QoyDHxE0h6qLX5yjD+8=
+-----END CERTIFICATE REQUEST-----
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/s_apps.h b/trunk/3rdparty/openssl-1.1-fit/apps/s_apps.h
new file mode 100644
index 000000000..0a3bc9628
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/s_apps.h
@@ -0,0 +1,89 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
+# include <conio.h>
+#endif
+
+#if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32)
+# define _kbhit kbhit
+#endif
+
+#define PORT            "4433"
+#define PROTOCOL        "tcp"
+
+typedef int (*do_server_cb)(int s, int stype, int prot, unsigned char *context);
+int do_server(int *accept_sock, const char *host, const char *port,
+              int family, int type, int protocol, do_server_cb cb,
+              unsigned char *context, int naccept, BIO *bio_s_out);
+#ifdef HEADER_X509_H
+int verify_callback(int ok, X509_STORE_CTX *ctx);
+#endif
+#ifdef HEADER_SSL_H
+int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
+int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
+                       STACK_OF(X509) *chain, int build_chain);
+int ssl_print_sigalgs(BIO *out, SSL *s);
+int ssl_print_point_formats(BIO *out, SSL *s);
+int ssl_print_groups(BIO *out, SSL *s, int noshared);
+#endif
+int ssl_print_tmp_key(BIO *out, SSL *s);
+int init_client(int *sock, const char *host, const char *port,
+                const char *bindhost, const char *bindport,
+                int family, int type, int protocol);
+int should_retry(int i);
+
+long bio_dump_callback(BIO *bio, int cmd, const char *argp,
+                       int argi, long argl, long ret);
+
+#ifdef HEADER_SSL_H
+void apps_ssl_info_callback(const SSL *s, int where, int ret);
+void msg_cb(int write_p, int version, int content_type, const void *buf,
+            size_t len, SSL *ssl, void *arg);
+void tlsext_cb(SSL *s, int client_server, int type, const unsigned char *data,
+               int len, void *arg);
+#endif
+
+int generate_cookie_callback(SSL *ssl, unsigned char *cookie,
+                             unsigned int *cookie_len);
+int verify_cookie_callback(SSL *ssl, const unsigned char *cookie,
+                           unsigned int cookie_len);
+
+#ifdef __VMS                     /* 31 char symbol name limit */
+# define generate_stateless_cookie_callback      generate_stateless_cookie_cb
+# define verify_stateless_cookie_callback        verify_stateless_cookie_cb
+#endif
+
+int generate_stateless_cookie_callback(SSL *ssl, unsigned char *cookie,
+                                       size_t *cookie_len);
+int verify_stateless_cookie_callback(SSL *ssl, const unsigned char *cookie,
+                                     size_t cookie_len);
+
+typedef struct ssl_excert_st SSL_EXCERT;
+
+void ssl_ctx_set_excert(SSL_CTX *ctx, SSL_EXCERT *exc);
+void ssl_excert_free(SSL_EXCERT *exc);
+int args_excert(int option, SSL_EXCERT **pexc);
+int load_excert(SSL_EXCERT **pexc);
+void print_verify_detail(SSL *s, BIO *bio);
+void print_ssl_summary(SSL *s);
+#ifdef HEADER_SSL_H
+int config_ctx(SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str, SSL_CTX *ctx);
+int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls,
+                     int crl_download);
+int ssl_load_stores(SSL_CTX *ctx, const char *vfyCApath,
+                    const char *vfyCAfile, const char *chCApath,
+                    const char *chCAfile, STACK_OF(X509_CRL) *crls,
+                    int crl_download);
+void ssl_ctx_security_debug(SSL_CTX *ctx, int verbose);
+int set_keylog_file(SSL_CTX *ctx, const char *keylog_file);
+void print_ca_names(BIO *bio, SSL *s);
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/s_cb.c b/trunk/3rdparty/openssl-1.1-fit/apps/s_cb.c
new file mode 100644
index 000000000..d0e332a70
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/s_cb.c
@@ -0,0 +1,1481 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* callback functions used by s_client, s_server, and s_time */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h> /* for memcpy() and strcmp() */
+#include "apps.h"
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_DH
+# include <openssl/dh.h>
+#endif
+#include "s_apps.h"
+
+#define COOKIE_SECRET_LENGTH    16
+
+VERIFY_CB_ARGS verify_args = { -1, 0, X509_V_OK, 0 };
+
+#ifndef OPENSSL_NO_SOCK
+static unsigned char cookie_secret[COOKIE_SECRET_LENGTH];
+static int cookie_initialized = 0;
+#endif
+static BIO *bio_keylog = NULL;
+
+static const char *lookup(int val, const STRINT_PAIR* list, const char* def)
+{
+    for ( ; list->name; ++list)
+        if (list->retval == val)
+            return list->name;
+    return def;
+}
+
+int verify_callback(int ok, X509_STORE_CTX *ctx)
+{
+    X509 *err_cert;
+    int err, depth;
+
+    err_cert = X509_STORE_CTX_get_current_cert(ctx);
+    err = X509_STORE_CTX_get_error(ctx);
+    depth = X509_STORE_CTX_get_error_depth(ctx);
+
+    if (!verify_args.quiet || !ok) {
+        BIO_printf(bio_err, "depth=%d ", depth);
+        if (err_cert != NULL) {
+            X509_NAME_print_ex(bio_err,
+                               X509_get_subject_name(err_cert),
+                               0, get_nameopt());
+            BIO_puts(bio_err, "\n");
+        } else {
+            BIO_puts(bio_err, "<no cert>\n");
+        }
+    }
+    if (!ok) {
+        BIO_printf(bio_err, "verify error:num=%d:%s\n", err,
+                   X509_verify_cert_error_string(err));
+        if (verify_args.depth < 0 || verify_args.depth >= depth) {
+            if (!verify_args.return_error)
+                ok = 1;
+            verify_args.error = err;
+        } else {
+            ok = 0;
+            verify_args.error = X509_V_ERR_CERT_CHAIN_TOO_LONG;
+        }
+    }
+    switch (err) {
+    case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+        BIO_puts(bio_err, "issuer= ");
+        X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert),
+                           0, get_nameopt());
+        BIO_puts(bio_err, "\n");
+        break;
+    case X509_V_ERR_CERT_NOT_YET_VALID:
+    case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+        BIO_printf(bio_err, "notBefore=");
+        ASN1_TIME_print(bio_err, X509_get0_notBefore(err_cert));
+        BIO_printf(bio_err, "\n");
+        break;
+    case X509_V_ERR_CERT_HAS_EXPIRED:
+    case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+        BIO_printf(bio_err, "notAfter=");
+        ASN1_TIME_print(bio_err, X509_get0_notAfter(err_cert));
+        BIO_printf(bio_err, "\n");
+        break;
+    case X509_V_ERR_NO_EXPLICIT_POLICY:
+        if (!verify_args.quiet)
+            policies_print(ctx);
+        break;
+    }
+    if (err == X509_V_OK && ok == 2 && !verify_args.quiet)
+        policies_print(ctx);
+    if (ok && !verify_args.quiet)
+        BIO_printf(bio_err, "verify return:%d\n", ok);
+    return ok;
+}
+
+int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
+{
+    if (cert_file != NULL) {
+        if (SSL_CTX_use_certificate_file(ctx, cert_file,
+                                         SSL_FILETYPE_PEM) <= 0) {
+            BIO_printf(bio_err, "unable to get certificate from '%s'\n",
+                       cert_file);
+            ERR_print_errors(bio_err);
+            return 0;
+        }
+        if (key_file == NULL)
+            key_file = cert_file;
+        if (SSL_CTX_use_PrivateKey_file(ctx, key_file, SSL_FILETYPE_PEM) <= 0) {
+            BIO_printf(bio_err, "unable to get private key from '%s'\n",
+                       key_file);
+            ERR_print_errors(bio_err);
+            return 0;
+        }
+
+        /*
+         * If we are using DSA, we can copy the parameters from the private
+         * key
+         */
+
+        /*
+         * Now we know that a key and cert have been set against the SSL
+         * context
+         */
+        if (!SSL_CTX_check_private_key(ctx)) {
+            BIO_printf(bio_err,
+                       "Private key does not match the certificate public key\n");
+            return 0;
+        }
+    }
+    return 1;
+}
+
+int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
+                       STACK_OF(X509) *chain, int build_chain)
+{
+    int chflags = chain ? SSL_BUILD_CHAIN_FLAG_CHECK : 0;
+    if (cert == NULL)
+        return 1;
+    if (SSL_CTX_use_certificate(ctx, cert) <= 0) {
+        BIO_printf(bio_err, "error setting certificate\n");
+        ERR_print_errors(bio_err);
+        return 0;
+    }
+
+    if (SSL_CTX_use_PrivateKey(ctx, key) <= 0) {
+        BIO_printf(bio_err, "error setting private key\n");
+        ERR_print_errors(bio_err);
+        return 0;
+    }
+
+    /*
+     * Now we know that a key and cert have been set against the SSL context
+     */
+    if (!SSL_CTX_check_private_key(ctx)) {
+        BIO_printf(bio_err,
+                   "Private key does not match the certificate public key\n");
+        return 0;
+    }
+    if (chain && !SSL_CTX_set1_chain(ctx, chain)) {
+        BIO_printf(bio_err, "error setting certificate chain\n");
+        ERR_print_errors(bio_err);
+        return 0;
+    }
+    if (build_chain && !SSL_CTX_build_cert_chain(ctx, chflags)) {
+        BIO_printf(bio_err, "error building certificate chain\n");
+        ERR_print_errors(bio_err);
+        return 0;
+    }
+    return 1;
+}
+
+static STRINT_PAIR cert_type_list[] = {
+    {"RSA sign", TLS_CT_RSA_SIGN},
+    {"DSA sign", TLS_CT_DSS_SIGN},
+    {"RSA fixed DH", TLS_CT_RSA_FIXED_DH},
+    {"DSS fixed DH", TLS_CT_DSS_FIXED_DH},
+    {"ECDSA sign", TLS_CT_ECDSA_SIGN},
+    {"RSA fixed ECDH", TLS_CT_RSA_FIXED_ECDH},
+    {"ECDSA fixed ECDH", TLS_CT_ECDSA_FIXED_ECDH},
+    {"GOST01 Sign", TLS_CT_GOST01_SIGN},
+    {NULL}
+};
+
+static void ssl_print_client_cert_types(BIO *bio, SSL *s)
+{
+    const unsigned char *p;
+    int i;
+    int cert_type_num = SSL_get0_certificate_types(s, &p);
+    if (!cert_type_num)
+        return;
+    BIO_puts(bio, "Client Certificate Types: ");
+    for (i = 0; i < cert_type_num; i++) {
+        unsigned char cert_type = p[i];
+        const char *cname = lookup((int)cert_type, cert_type_list, NULL);
+
+        if (i)
+            BIO_puts(bio, ", ");
+        if (cname != NULL)
+            BIO_puts(bio, cname);
+        else
+            BIO_printf(bio, "UNKNOWN (%d),", cert_type);
+    }
+    BIO_puts(bio, "\n");
+}
+
+static const char *get_sigtype(int nid)
+{
+    switch (nid) {
+    case EVP_PKEY_RSA:
+        return "RSA";
+
+    case EVP_PKEY_RSA_PSS:
+        return "RSA-PSS";
+
+    case EVP_PKEY_DSA:
+        return "DSA";
+
+     case EVP_PKEY_EC:
+        return "ECDSA";
+
+     case NID_ED25519:
+        return "Ed25519";
+
+     case NID_ED448:
+        return "Ed448";
+
+     case NID_id_GostR3410_2001:
+        return "gost2001";
+
+     case NID_id_GostR3410_2012_256:
+        return "gost2012_256";
+
+     case NID_id_GostR3410_2012_512:
+        return "gost2012_512";
+
+    default:
+        return NULL;
+    }
+}
+
+static int do_print_sigalgs(BIO *out, SSL *s, int shared)
+{
+    int i, nsig, client;
+    client = SSL_is_server(s) ? 0 : 1;
+    if (shared)
+        nsig = SSL_get_shared_sigalgs(s, 0, NULL, NULL, NULL, NULL, NULL);
+    else
+        nsig = SSL_get_sigalgs(s, -1, NULL, NULL, NULL, NULL, NULL);
+    if (nsig == 0)
+        return 1;
+
+    if (shared)
+        BIO_puts(out, "Shared ");
+
+    if (client)
+        BIO_puts(out, "Requested ");
+    BIO_puts(out, "Signature Algorithms: ");
+    for (i = 0; i < nsig; i++) {
+        int hash_nid, sign_nid;
+        unsigned char rhash, rsign;
+        const char *sstr = NULL;
+        if (shared)
+            SSL_get_shared_sigalgs(s, i, &sign_nid, &hash_nid, NULL,
+                                   &rsign, &rhash);
+        else
+            SSL_get_sigalgs(s, i, &sign_nid, &hash_nid, NULL, &rsign, &rhash);
+        if (i)
+            BIO_puts(out, ":");
+        sstr = get_sigtype(sign_nid);
+        if (sstr)
+            BIO_printf(out, "%s", sstr);
+        else
+            BIO_printf(out, "0x%02X", (int)rsign);
+        if (hash_nid != NID_undef)
+            BIO_printf(out, "+%s", OBJ_nid2sn(hash_nid));
+        else if (sstr == NULL)
+            BIO_printf(out, "+0x%02X", (int)rhash);
+    }
+    BIO_puts(out, "\n");
+    return 1;
+}
+
+int ssl_print_sigalgs(BIO *out, SSL *s)
+{
+    int nid;
+    if (!SSL_is_server(s))
+        ssl_print_client_cert_types(out, s);
+    do_print_sigalgs(out, s, 0);
+    do_print_sigalgs(out, s, 1);
+    if (SSL_get_peer_signature_nid(s, &nid) && nid != NID_undef)
+        BIO_printf(out, "Peer signing digest: %s\n", OBJ_nid2sn(nid));
+    if (SSL_get_peer_signature_type_nid(s, &nid))
+        BIO_printf(out, "Peer signature type: %s\n", get_sigtype(nid));
+    return 1;
+}
+
+#ifndef OPENSSL_NO_EC
+int ssl_print_point_formats(BIO *out, SSL *s)
+{
+    int i, nformats;
+    const char *pformats;
+    nformats = SSL_get0_ec_point_formats(s, &pformats);
+    if (nformats <= 0)
+        return 1;
+    BIO_puts(out, "Supported Elliptic Curve Point Formats: ");
+    for (i = 0; i < nformats; i++, pformats++) {
+        if (i)
+            BIO_puts(out, ":");
+        switch (*pformats) {
+        case TLSEXT_ECPOINTFORMAT_uncompressed:
+            BIO_puts(out, "uncompressed");
+            break;
+
+        case TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime:
+            BIO_puts(out, "ansiX962_compressed_prime");
+            break;
+
+        case TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2:
+            BIO_puts(out, "ansiX962_compressed_char2");
+            break;
+
+        default:
+            BIO_printf(out, "unknown(%d)", (int)*pformats);
+            break;
+
+        }
+    }
+    BIO_puts(out, "\n");
+    return 1;
+}
+
+int ssl_print_groups(BIO *out, SSL *s, int noshared)
+{
+    int i, ngroups, *groups, nid;
+    const char *gname;
+
+    ngroups = SSL_get1_groups(s, NULL);
+    if (ngroups <= 0)
+        return 1;
+    groups = app_malloc(ngroups * sizeof(int), "groups to print");
+    SSL_get1_groups(s, groups);
+
+    BIO_puts(out, "Supported Elliptic Groups: ");
+    for (i = 0; i < ngroups; i++) {
+        if (i)
+            BIO_puts(out, ":");
+        nid = groups[i];
+        /* If unrecognised print out hex version */
+        if (nid & TLSEXT_nid_unknown) {
+            BIO_printf(out, "0x%04X", nid & 0xFFFF);
+        } else {
+            /* TODO(TLS1.3): Get group name here */
+            /* Use NIST name for curve if it exists */
+            gname = EC_curve_nid2nist(nid);
+            if (gname == NULL)
+                gname = OBJ_nid2sn(nid);
+            BIO_printf(out, "%s", gname);
+        }
+    }
+    OPENSSL_free(groups);
+    if (noshared) {
+        BIO_puts(out, "\n");
+        return 1;
+    }
+    BIO_puts(out, "\nShared Elliptic groups: ");
+    ngroups = SSL_get_shared_group(s, -1);
+    for (i = 0; i < ngroups; i++) {
+        if (i)
+            BIO_puts(out, ":");
+        nid = SSL_get_shared_group(s, i);
+        /* TODO(TLS1.3): Convert for DH groups */
+        gname = EC_curve_nid2nist(nid);
+        if (gname == NULL)
+            gname = OBJ_nid2sn(nid);
+        BIO_printf(out, "%s", gname);
+    }
+    if (ngroups == 0)
+        BIO_puts(out, "NONE");
+    BIO_puts(out, "\n");
+    return 1;
+}
+#endif
+
+int ssl_print_tmp_key(BIO *out, SSL *s)
+{
+    EVP_PKEY *key;
+
+    if (!SSL_get_peer_tmp_key(s, &key))
+        return 1;
+    BIO_puts(out, "Server Temp Key: ");
+    switch (EVP_PKEY_id(key)) {
+    case EVP_PKEY_RSA:
+        BIO_printf(out, "RSA, %d bits\n", EVP_PKEY_bits(key));
+        break;
+
+    case EVP_PKEY_DH:
+        BIO_printf(out, "DH, %d bits\n", EVP_PKEY_bits(key));
+        break;
+#ifndef OPENSSL_NO_EC
+    case EVP_PKEY_EC:
+        {
+            EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
+            int nid;
+            const char *cname;
+            nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
+            EC_KEY_free(ec);
+            cname = EC_curve_nid2nist(nid);
+            if (cname == NULL)
+                cname = OBJ_nid2sn(nid);
+            BIO_printf(out, "ECDH, %s, %d bits\n", cname, EVP_PKEY_bits(key));
+        }
+    break;
+#endif
+    default:
+        BIO_printf(out, "%s, %d bits\n", OBJ_nid2sn(EVP_PKEY_id(key)),
+                   EVP_PKEY_bits(key));
+    }
+    EVP_PKEY_free(key);
+    return 1;
+}
+
+long bio_dump_callback(BIO *bio, int cmd, const char *argp,
+                       int argi, long argl, long ret)
+{
+    BIO *out;
+
+    out = (BIO *)BIO_get_callback_arg(bio);
+    if (out == NULL)
+        return ret;
+
+    if (cmd == (BIO_CB_READ | BIO_CB_RETURN)) {
+        BIO_printf(out, "read from %p [%p] (%lu bytes => %ld (0x%lX))\n",
+                   (void *)bio, (void *)argp, (unsigned long)argi, ret, ret);
+        BIO_dump(out, argp, (int)ret);
+        return ret;
+    } else if (cmd == (BIO_CB_WRITE | BIO_CB_RETURN)) {
+        BIO_printf(out, "write to %p [%p] (%lu bytes => %ld (0x%lX))\n",
+                   (void *)bio, (void *)argp, (unsigned long)argi, ret, ret);
+        BIO_dump(out, argp, (int)ret);
+    }
+    return ret;
+}
+
+void apps_ssl_info_callback(const SSL *s, int where, int ret)
+{
+    const char *str;
+    int w;
+
+    w = where & ~SSL_ST_MASK;
+
+    if (w & SSL_ST_CONNECT)
+        str = "SSL_connect";
+    else if (w & SSL_ST_ACCEPT)
+        str = "SSL_accept";
+    else
+        str = "undefined";
+
+    if (where & SSL_CB_LOOP) {
+        BIO_printf(bio_err, "%s:%s\n", str, SSL_state_string_long(s));
+    } else if (where & SSL_CB_ALERT) {
+        str = (where & SSL_CB_READ) ? "read" : "write";
+        BIO_printf(bio_err, "SSL3 alert %s:%s:%s\n",
+                   str,
+                   SSL_alert_type_string_long(ret),
+                   SSL_alert_desc_string_long(ret));
+    } else if (where & SSL_CB_EXIT) {
+        if (ret == 0)
+            BIO_printf(bio_err, "%s:failed in %s\n",
+                       str, SSL_state_string_long(s));
+        else if (ret < 0)
+            BIO_printf(bio_err, "%s:error in %s\n",
+                       str, SSL_state_string_long(s));
+    }
+}
+
+static STRINT_PAIR ssl_versions[] = {
+    {"SSL 3.0", SSL3_VERSION},
+    {"TLS 1.0", TLS1_VERSION},
+    {"TLS 1.1", TLS1_1_VERSION},
+    {"TLS 1.2", TLS1_2_VERSION},
+    {"TLS 1.3", TLS1_3_VERSION},
+    {"DTLS 1.0", DTLS1_VERSION},
+    {"DTLS 1.0 (bad)", DTLS1_BAD_VER},
+    {NULL}
+};
+
+static STRINT_PAIR alert_types[] = {
+    {" close_notify", 0},
+    {" end_of_early_data", 1},
+    {" unexpected_message", 10},
+    {" bad_record_mac", 20},
+    {" decryption_failed", 21},
+    {" record_overflow", 22},
+    {" decompression_failure", 30},
+    {" handshake_failure", 40},
+    {" bad_certificate", 42},
+    {" unsupported_certificate", 43},
+    {" certificate_revoked", 44},
+    {" certificate_expired", 45},
+    {" certificate_unknown", 46},
+    {" illegal_parameter", 47},
+    {" unknown_ca", 48},
+    {" access_denied", 49},
+    {" decode_error", 50},
+    {" decrypt_error", 51},
+    {" export_restriction", 60},
+    {" protocol_version", 70},
+    {" insufficient_security", 71},
+    {" internal_error", 80},
+    {" inappropriate_fallback", 86},
+    {" user_canceled", 90},
+    {" no_renegotiation", 100},
+    {" missing_extension", 109},
+    {" unsupported_extension", 110},
+    {" certificate_unobtainable", 111},
+    {" unrecognized_name", 112},
+    {" bad_certificate_status_response", 113},
+    {" bad_certificate_hash_value", 114},
+    {" unknown_psk_identity", 115},
+    {" certificate_required", 116},
+    {NULL}
+};
+
+static STRINT_PAIR handshakes[] = {
+    {", HelloRequest", SSL3_MT_HELLO_REQUEST},
+    {", ClientHello", SSL3_MT_CLIENT_HELLO},
+    {", ServerHello", SSL3_MT_SERVER_HELLO},
+    {", HelloVerifyRequest", DTLS1_MT_HELLO_VERIFY_REQUEST},
+    {", NewSessionTicket", SSL3_MT_NEWSESSION_TICKET},
+    {", EndOfEarlyData", SSL3_MT_END_OF_EARLY_DATA},
+    {", EncryptedExtensions", SSL3_MT_ENCRYPTED_EXTENSIONS},
+    {", Certificate", SSL3_MT_CERTIFICATE},
+    {", ServerKeyExchange", SSL3_MT_SERVER_KEY_EXCHANGE},
+    {", CertificateRequest", SSL3_MT_CERTIFICATE_REQUEST},
+    {", ServerHelloDone", SSL3_MT_SERVER_DONE},
+    {", CertificateVerify", SSL3_MT_CERTIFICATE_VERIFY},
+    {", ClientKeyExchange", SSL3_MT_CLIENT_KEY_EXCHANGE},
+    {", Finished", SSL3_MT_FINISHED},
+    {", CertificateUrl", SSL3_MT_CERTIFICATE_URL},
+    {", CertificateStatus", SSL3_MT_CERTIFICATE_STATUS},
+    {", SupplementalData", SSL3_MT_SUPPLEMENTAL_DATA},
+    {", KeyUpdate", SSL3_MT_KEY_UPDATE},
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    {", NextProto", SSL3_MT_NEXT_PROTO},
+#endif
+    {", MessageHash", SSL3_MT_MESSAGE_HASH},
+    {NULL}
+};
+
+void msg_cb(int write_p, int version, int content_type, const void *buf,
+            size_t len, SSL *ssl, void *arg)
+{
+    BIO *bio = arg;
+    const char *str_write_p = write_p ? ">>>" : "<<<";
+    const char *str_version = lookup(version, ssl_versions, "???");
+    const char *str_content_type = "", *str_details1 = "", *str_details2 = "";
+    const unsigned char* bp = buf;
+
+    if (version == SSL3_VERSION ||
+        version == TLS1_VERSION ||
+        version == TLS1_1_VERSION ||
+        version == TLS1_2_VERSION ||
+        version == TLS1_3_VERSION ||
+        version == DTLS1_VERSION || version == DTLS1_BAD_VER) {
+        switch (content_type) {
+        case 20:
+            str_content_type = ", ChangeCipherSpec";
+            break;
+        case 21:
+            str_content_type = ", Alert";
+            str_details1 = ", ???";
+            if (len == 2) {
+                switch (bp[0]) {
+                case 1:
+                    str_details1 = ", warning";
+                    break;
+                case 2:
+                    str_details1 = ", fatal";
+                    break;
+                }
+                str_details2 = lookup((int)bp[1], alert_types, " ???");
+            }
+            break;
+        case 22:
+            str_content_type = ", Handshake";
+            str_details1 = "???";
+            if (len > 0)
+                str_details1 = lookup((int)bp[0], handshakes, "???");
+            break;
+        case 23:
+            str_content_type = ", ApplicationData";
+            break;
+#ifndef OPENSSL_NO_HEARTBEATS
+        case 24:
+            str_details1 = ", Heartbeat";
+
+            if (len > 0) {
+                switch (bp[0]) {
+                case 1:
+                    str_details1 = ", HeartbeatRequest";
+                    break;
+                case 2:
+                    str_details1 = ", HeartbeatResponse";
+                    break;
+                }
+            }
+            break;
+#endif
+        }
+    }
+
+    BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, str_version,
+               str_content_type, (unsigned long)len, str_details1,
+               str_details2);
+
+    if (len > 0) {
+        size_t num, i;
+
+        BIO_printf(bio, "   ");
+        num = len;
+        for (i = 0; i < num; i++) {
+            if (i % 16 == 0 && i > 0)
+                BIO_printf(bio, "\n   ");
+            BIO_printf(bio, " %02x", ((const unsigned char *)buf)[i]);
+        }
+        if (i < len)
+            BIO_printf(bio, " ...");
+        BIO_printf(bio, "\n");
+    }
+    (void)BIO_flush(bio);
+}
+
+static STRINT_PAIR tlsext_types[] = {
+    {"server name", TLSEXT_TYPE_server_name},
+    {"max fragment length", TLSEXT_TYPE_max_fragment_length},
+    {"client certificate URL", TLSEXT_TYPE_client_certificate_url},
+    {"trusted CA keys", TLSEXT_TYPE_trusted_ca_keys},
+    {"truncated HMAC", TLSEXT_TYPE_truncated_hmac},
+    {"status request", TLSEXT_TYPE_status_request},
+    {"user mapping", TLSEXT_TYPE_user_mapping},
+    {"client authz", TLSEXT_TYPE_client_authz},
+    {"server authz", TLSEXT_TYPE_server_authz},
+    {"cert type", TLSEXT_TYPE_cert_type},
+    {"supported_groups", TLSEXT_TYPE_supported_groups},
+    {"EC point formats", TLSEXT_TYPE_ec_point_formats},
+    {"SRP", TLSEXT_TYPE_srp},
+    {"signature algorithms", TLSEXT_TYPE_signature_algorithms},
+    {"use SRTP", TLSEXT_TYPE_use_srtp},
+    {"heartbeat", TLSEXT_TYPE_heartbeat},
+    {"session ticket", TLSEXT_TYPE_session_ticket},
+    {"renegotiation info", TLSEXT_TYPE_renegotiate},
+    {"signed certificate timestamps", TLSEXT_TYPE_signed_certificate_timestamp},
+    {"TLS padding", TLSEXT_TYPE_padding},
+#ifdef TLSEXT_TYPE_next_proto_neg
+    {"next protocol", TLSEXT_TYPE_next_proto_neg},
+#endif
+#ifdef TLSEXT_TYPE_encrypt_then_mac
+    {"encrypt-then-mac", TLSEXT_TYPE_encrypt_then_mac},
+#endif
+#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
+    {"application layer protocol negotiation",
+     TLSEXT_TYPE_application_layer_protocol_negotiation},
+#endif
+#ifdef TLSEXT_TYPE_extended_master_secret
+    {"extended master secret", TLSEXT_TYPE_extended_master_secret},
+#endif
+    {"key share", TLSEXT_TYPE_key_share},
+    {"supported versions", TLSEXT_TYPE_supported_versions},
+    {"psk", TLSEXT_TYPE_psk},
+    {"psk kex modes", TLSEXT_TYPE_psk_kex_modes},
+    {"certificate authorities", TLSEXT_TYPE_certificate_authorities},
+    {"post handshake auth", TLSEXT_TYPE_post_handshake_auth},
+    {NULL}
+};
+
+void tlsext_cb(SSL *s, int client_server, int type,
+               const unsigned char *data, int len, void *arg)
+{
+    BIO *bio = arg;
+    const char *extname = lookup(type, tlsext_types, "unknown");
+
+    BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n",
+               client_server ? "server" : "client", extname, type, len);
+    BIO_dump(bio, (const char *)data, len);
+    (void)BIO_flush(bio);
+}
+
+#ifndef OPENSSL_NO_SOCK
+int generate_cookie_callback(SSL *ssl, unsigned char *cookie,
+                             unsigned int *cookie_len)
+{
+    unsigned char *buffer;
+    size_t length = 0;
+    unsigned short port;
+    BIO_ADDR *lpeer = NULL, *peer = NULL;
+
+    /* Initialize a random secret */
+    if (!cookie_initialized) {
+        if (RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH) <= 0) {
+            BIO_printf(bio_err, "error setting random cookie secret\n");
+            return 0;
+        }
+        cookie_initialized = 1;
+    }
+
+    if (SSL_is_dtls(ssl)) {
+        lpeer = peer = BIO_ADDR_new();
+        if (peer == NULL) {
+            BIO_printf(bio_err, "memory full\n");
+            return 0;
+        }
+
+        /* Read peer information */
+        (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), peer);
+    } else {
+        peer = ourpeer;
+    }
+
+    /* Create buffer with peer's address and port */
+    if (!BIO_ADDR_rawaddress(peer, NULL, &length)) {
+        BIO_printf(bio_err, "Failed getting peer address\n");
+        return 0;
+    }
+    OPENSSL_assert(length != 0);
+    port = BIO_ADDR_rawport(peer);
+    length += sizeof(port);
+    buffer = app_malloc(length, "cookie generate buffer");
+
+    memcpy(buffer, &port, sizeof(port));
+    BIO_ADDR_rawaddress(peer, buffer + sizeof(port), NULL);
+
+    /* Calculate HMAC of buffer using the secret */
+    HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH,
+         buffer, length, cookie, cookie_len);
+
+    OPENSSL_free(buffer);
+    BIO_ADDR_free(lpeer);
+
+    return 1;
+}
+
+int verify_cookie_callback(SSL *ssl, const unsigned char *cookie,
+                           unsigned int cookie_len)
+{
+    unsigned char result[EVP_MAX_MD_SIZE];
+    unsigned int resultlength;
+
+    /* Note: we check cookie_initialized because if it's not,
+     * it cannot be valid */
+    if (cookie_initialized
+        && generate_cookie_callback(ssl, result, &resultlength)
+        && cookie_len == resultlength
+        && memcmp(result, cookie, resultlength) == 0)
+        return 1;
+
+    return 0;
+}
+
+int generate_stateless_cookie_callback(SSL *ssl, unsigned char *cookie,
+                                       size_t *cookie_len)
+{
+    unsigned int temp;
+    int res = generate_cookie_callback(ssl, cookie, &temp);
+    *cookie_len = temp;
+    return res;
+}
+
+int verify_stateless_cookie_callback(SSL *ssl, const unsigned char *cookie,
+                                     size_t cookie_len)
+{
+    return verify_cookie_callback(ssl, cookie, cookie_len);
+}
+
+#endif
+
+/*
+ * Example of extended certificate handling. Where the standard support of
+ * one certificate per algorithm is not sufficient an application can decide
+ * which certificate(s) to use at runtime based on whatever criteria it deems
+ * appropriate.
+ */
+
+/* Linked list of certificates, keys and chains */
+struct ssl_excert_st {
+    int certform;
+    const char *certfile;
+    int keyform;
+    const char *keyfile;
+    const char *chainfile;
+    X509 *cert;
+    EVP_PKEY *key;
+    STACK_OF(X509) *chain;
+    int build_chain;
+    struct ssl_excert_st *next, *prev;
+};
+
+static STRINT_PAIR chain_flags[] = {
+    {"Overall Validity", CERT_PKEY_VALID},
+    {"Sign with EE key", CERT_PKEY_SIGN},
+    {"EE signature", CERT_PKEY_EE_SIGNATURE},
+    {"CA signature", CERT_PKEY_CA_SIGNATURE},
+    {"EE key parameters", CERT_PKEY_EE_PARAM},
+    {"CA key parameters", CERT_PKEY_CA_PARAM},
+    {"Explicitly sign with EE key", CERT_PKEY_EXPLICIT_SIGN},
+    {"Issuer Name", CERT_PKEY_ISSUER_NAME},
+    {"Certificate Type", CERT_PKEY_CERT_TYPE},
+    {NULL}
+};
+
+static void print_chain_flags(SSL *s, int flags)
+{
+    STRINT_PAIR *pp;
+
+    for (pp = chain_flags; pp->name; ++pp)
+        BIO_printf(bio_err, "\t%s: %s\n",
+                   pp->name,
+                   (flags & pp->retval) ? "OK" : "NOT OK");
+    BIO_printf(bio_err, "\tSuite B: ");
+    if (SSL_set_cert_flags(s, 0) & SSL_CERT_FLAG_SUITEB_128_LOS)
+        BIO_puts(bio_err, flags & CERT_PKEY_SUITEB ? "OK\n" : "NOT OK\n");
+    else
+        BIO_printf(bio_err, "not tested\n");
+}
+
+/*
+ * Very basic selection callback: just use any certificate chain reported as
+ * valid. More sophisticated could prioritise according to local policy.
+ */
+static int set_cert_cb(SSL *ssl, void *arg)
+{
+    int i, rv;
+    SSL_EXCERT *exc = arg;
+#ifdef CERT_CB_TEST_RETRY
+    static int retry_cnt;
+    if (retry_cnt < 5) {
+        retry_cnt++;
+        BIO_printf(bio_err,
+                   "Certificate callback retry test: count %d\n",
+                   retry_cnt);
+        return -1;
+    }
+#endif
+    SSL_certs_clear(ssl);
+
+    if (exc == NULL)
+        return 1;
+
+    /*
+     * Go to end of list and traverse backwards since we prepend newer
+     * entries this retains the original order.
+     */
+    while (exc->next != NULL)
+        exc = exc->next;
+
+    i = 0;
+
+    while (exc != NULL) {
+        i++;
+        rv = SSL_check_chain(ssl, exc->cert, exc->key, exc->chain);
+        BIO_printf(bio_err, "Checking cert chain %d:\nSubject: ", i);
+        X509_NAME_print_ex(bio_err, X509_get_subject_name(exc->cert), 0,
+                           get_nameopt());
+        BIO_puts(bio_err, "\n");
+        print_chain_flags(ssl, rv);
+        if (rv & CERT_PKEY_VALID) {
+            if (!SSL_use_certificate(ssl, exc->cert)
+                    || !SSL_use_PrivateKey(ssl, exc->key)) {
+                return 0;
+            }
+            /*
+             * NB: we wouldn't normally do this as it is not efficient
+             * building chains on each connection better to cache the chain
+             * in advance.
+             */
+            if (exc->build_chain) {
+                if (!SSL_build_cert_chain(ssl, 0))
+                    return 0;
+            } else if (exc->chain != NULL) {
+                SSL_set1_chain(ssl, exc->chain);
+            }
+        }
+        exc = exc->prev;
+    }
+    return 1;
+}
+
+void ssl_ctx_set_excert(SSL_CTX *ctx, SSL_EXCERT *exc)
+{
+    SSL_CTX_set_cert_cb(ctx, set_cert_cb, exc);
+}
+
+static int ssl_excert_prepend(SSL_EXCERT **pexc)
+{
+    SSL_EXCERT *exc = app_malloc(sizeof(*exc), "prepend cert");
+
+    memset(exc, 0, sizeof(*exc));
+
+    exc->next = *pexc;
+    *pexc = exc;
+
+    if (exc->next) {
+        exc->certform = exc->next->certform;
+        exc->keyform = exc->next->keyform;
+        exc->next->prev = exc;
+    } else {
+        exc->certform = FORMAT_PEM;
+        exc->keyform = FORMAT_PEM;
+    }
+    return 1;
+
+}
+
+void ssl_excert_free(SSL_EXCERT *exc)
+{
+    SSL_EXCERT *curr;
+
+    if (exc == NULL)
+        return;
+    while (exc) {
+        X509_free(exc->cert);
+        EVP_PKEY_free(exc->key);
+        sk_X509_pop_free(exc->chain, X509_free);
+        curr = exc;
+        exc = exc->next;
+        OPENSSL_free(curr);
+    }
+}
+
+int load_excert(SSL_EXCERT **pexc)
+{
+    SSL_EXCERT *exc = *pexc;
+    if (exc == NULL)
+        return 1;
+    /* If nothing in list, free and set to NULL */
+    if (exc->certfile == NULL && exc->next == NULL) {
+        ssl_excert_free(exc);
+        *pexc = NULL;
+        return 1;
+    }
+    for (; exc; exc = exc->next) {
+        if (exc->certfile == NULL) {
+            BIO_printf(bio_err, "Missing filename\n");
+            return 0;
+        }
+        exc->cert = load_cert(exc->certfile, exc->certform,
+                              "Server Certificate");
+        if (exc->cert == NULL)
+            return 0;
+        if (exc->keyfile != NULL) {
+            exc->key = load_key(exc->keyfile, exc->keyform,
+                                0, NULL, NULL, "Server Key");
+        } else {
+            exc->key = load_key(exc->certfile, exc->certform,
+                                0, NULL, NULL, "Server Key");
+        }
+        if (exc->key == NULL)
+            return 0;
+        if (exc->chainfile != NULL) {
+            if (!load_certs(exc->chainfile, &exc->chain, FORMAT_PEM, NULL,
+                            "Server Chain"))
+                return 0;
+        }
+    }
+    return 1;
+}
+
+enum range { OPT_X_ENUM };
+
+int args_excert(int opt, SSL_EXCERT **pexc)
+{
+    SSL_EXCERT *exc = *pexc;
+
+    assert(opt > OPT_X__FIRST);
+    assert(opt < OPT_X__LAST);
+
+    if (exc == NULL) {
+        if (!ssl_excert_prepend(&exc)) {
+            BIO_printf(bio_err, " %s: Error initialising xcert\n",
+                       opt_getprog());
+            goto err;
+        }
+        *pexc = exc;
+    }
+
+    switch ((enum range)opt) {
+    case OPT_X__FIRST:
+    case OPT_X__LAST:
+        return 0;
+    case OPT_X_CERT:
+        if (exc->certfile != NULL && !ssl_excert_prepend(&exc)) {
+            BIO_printf(bio_err, "%s: Error adding xcert\n", opt_getprog());
+            goto err;
+        }
+        *pexc = exc;
+        exc->certfile = opt_arg();
+        break;
+    case OPT_X_KEY:
+        if (exc->keyfile != NULL) {
+            BIO_printf(bio_err, "%s: Key already specified\n", opt_getprog());
+            goto err;
+        }
+        exc->keyfile = opt_arg();
+        break;
+    case OPT_X_CHAIN:
+        if (exc->chainfile != NULL) {
+            BIO_printf(bio_err, "%s: Chain already specified\n",
+                       opt_getprog());
+            goto err;
+        }
+        exc->chainfile = opt_arg();
+        break;
+    case OPT_X_CHAIN_BUILD:
+        exc->build_chain = 1;
+        break;
+    case OPT_X_CERTFORM:
+        if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &exc->certform))
+            return 0;
+        break;
+    case OPT_X_KEYFORM:
+        if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &exc->keyform))
+            return 0;
+        break;
+    }
+    return 1;
+
+ err:
+    ERR_print_errors(bio_err);
+    ssl_excert_free(exc);
+    *pexc = NULL;
+    return 0;
+}
+
+static void print_raw_cipherlist(SSL *s)
+{
+    const unsigned char *rlist;
+    static const unsigned char scsv_id[] = { 0, 0xFF };
+    size_t i, rlistlen, num;
+    if (!SSL_is_server(s))
+        return;
+    num = SSL_get0_raw_cipherlist(s, NULL);
+    OPENSSL_assert(num == 2);
+    rlistlen = SSL_get0_raw_cipherlist(s, &rlist);
+    BIO_puts(bio_err, "Client cipher list: ");
+    for (i = 0; i < rlistlen; i += num, rlist += num) {
+        const SSL_CIPHER *c = SSL_CIPHER_find(s, rlist);
+        if (i)
+            BIO_puts(bio_err, ":");
+        if (c != NULL) {
+            BIO_puts(bio_err, SSL_CIPHER_get_name(c));
+        } else if (memcmp(rlist, scsv_id, num) == 0) {
+            BIO_puts(bio_err, "SCSV");
+        } else {
+            size_t j;
+            BIO_puts(bio_err, "0x");
+            for (j = 0; j < num; j++)
+                BIO_printf(bio_err, "%02X", rlist[j]);
+        }
+    }
+    BIO_puts(bio_err, "\n");
+}
+
+/*
+ * Hex encoder for TLSA RRdata, not ':' delimited.
+ */
+static char *hexencode(const unsigned char *data, size_t len)
+{
+    static const char *hex = "0123456789abcdef";
+    char *out;
+    char *cp;
+    size_t outlen = 2 * len + 1;
+    int ilen = (int) outlen;
+
+    if (outlen < len || ilen < 0 || outlen != (size_t)ilen) {
+        BIO_printf(bio_err, "%s: %zu-byte buffer too large to hexencode\n",
+                   opt_getprog(), len);
+        exit(1);
+    }
+    cp = out = app_malloc(ilen, "TLSA hex data buffer");
+
+    while (len-- > 0) {
+        *cp++ = hex[(*data >> 4) & 0x0f];
+        *cp++ = hex[*data++ & 0x0f];
+    }
+    *cp = '\0';
+    return out;
+}
+
+void print_verify_detail(SSL *s, BIO *bio)
+{
+    int mdpth;
+    EVP_PKEY *mspki;
+    long verify_err = SSL_get_verify_result(s);
+
+    if (verify_err == X509_V_OK) {
+        const char *peername = SSL_get0_peername(s);
+
+        BIO_printf(bio, "Verification: OK\n");
+        if (peername != NULL)
+            BIO_printf(bio, "Verified peername: %s\n", peername);
+    } else {
+        const char *reason = X509_verify_cert_error_string(verify_err);
+
+        BIO_printf(bio, "Verification error: %s\n", reason);
+    }
+
+    if ((mdpth = SSL_get0_dane_authority(s, NULL, &mspki)) >= 0) {
+        uint8_t usage, selector, mtype;
+        const unsigned char *data = NULL;
+        size_t dlen = 0;
+        char *hexdata;
+
+        mdpth = SSL_get0_dane_tlsa(s, &usage, &selector, &mtype, &data, &dlen);
+
+        /*
+         * The TLSA data field can be quite long when it is a certificate,
+         * public key or even a SHA2-512 digest.  Because the initial octets of
+         * ASN.1 certificates and public keys contain mostly boilerplate OIDs
+         * and lengths, we show the last 12 bytes of the data instead, as these
+         * are more likely to distinguish distinct TLSA records.
+         */
+#define TLSA_TAIL_SIZE 12
+        if (dlen > TLSA_TAIL_SIZE)
+            hexdata = hexencode(data + dlen - TLSA_TAIL_SIZE, TLSA_TAIL_SIZE);
+        else
+            hexdata = hexencode(data, dlen);
+        BIO_printf(bio, "DANE TLSA %d %d %d %s%s %s at depth %d\n",
+                   usage, selector, mtype,
+                   (dlen > TLSA_TAIL_SIZE) ? "..." : "", hexdata,
+                   (mspki != NULL) ? "signed the certificate" :
+                   mdpth ? "matched TA certificate" : "matched EE certificate",
+                   mdpth);
+        OPENSSL_free(hexdata);
+    }
+}
+
+void print_ssl_summary(SSL *s)
+{
+    const SSL_CIPHER *c;
+    X509 *peer;
+
+    BIO_printf(bio_err, "Protocol version: %s\n", SSL_get_version(s));
+    print_raw_cipherlist(s);
+    c = SSL_get_current_cipher(s);
+    BIO_printf(bio_err, "Ciphersuite: %s\n", SSL_CIPHER_get_name(c));
+    do_print_sigalgs(bio_err, s, 0);
+    peer = SSL_get_peer_certificate(s);
+    if (peer != NULL) {
+        int nid;
+
+        BIO_puts(bio_err, "Peer certificate: ");
+        X509_NAME_print_ex(bio_err, X509_get_subject_name(peer),
+                           0, get_nameopt());
+        BIO_puts(bio_err, "\n");
+        if (SSL_get_peer_signature_nid(s, &nid))
+            BIO_printf(bio_err, "Hash used: %s\n", OBJ_nid2sn(nid));
+        if (SSL_get_peer_signature_type_nid(s, &nid))
+            BIO_printf(bio_err, "Signature type: %s\n", get_sigtype(nid));
+        print_verify_detail(s, bio_err);
+    } else {
+        BIO_puts(bio_err, "No peer certificate\n");
+    }
+    X509_free(peer);
+#ifndef OPENSSL_NO_EC
+    ssl_print_point_formats(bio_err, s);
+    if (SSL_is_server(s))
+        ssl_print_groups(bio_err, s, 1);
+    else
+        ssl_print_tmp_key(bio_err, s);
+#else
+    if (!SSL_is_server(s))
+        ssl_print_tmp_key(bio_err, s);
+#endif
+}
+
+int config_ctx(SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str,
+               SSL_CTX *ctx)
+{
+    int i;
+
+    SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
+    for (i = 0; i < sk_OPENSSL_STRING_num(str); i += 2) {
+        const char *flag = sk_OPENSSL_STRING_value(str, i);
+        const char *arg = sk_OPENSSL_STRING_value(str, i + 1);
+        if (SSL_CONF_cmd(cctx, flag, arg) <= 0) {
+            if (arg != NULL)
+                BIO_printf(bio_err, "Error with command: \"%s %s\"\n",
+                           flag, arg);
+            else
+                BIO_printf(bio_err, "Error with command: \"%s\"\n", flag);
+            ERR_print_errors(bio_err);
+            return 0;
+        }
+    }
+    if (!SSL_CONF_CTX_finish(cctx)) {
+        BIO_puts(bio_err, "Error finishing context\n");
+        ERR_print_errors(bio_err);
+        return 0;
+    }
+    return 1;
+}
+
+static int add_crls_store(X509_STORE *st, STACK_OF(X509_CRL) *crls)
+{
+    X509_CRL *crl;
+    int i;
+    for (i = 0; i < sk_X509_CRL_num(crls); i++) {
+        crl = sk_X509_CRL_value(crls, i);
+        X509_STORE_add_crl(st, crl);
+    }
+    return 1;
+}
+
+int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls, int crl_download)
+{
+    X509_STORE *st;
+    st = SSL_CTX_get_cert_store(ctx);
+    add_crls_store(st, crls);
+    if (crl_download)
+        store_setup_crl_download(st);
+    return 1;
+}
+
+int ssl_load_stores(SSL_CTX *ctx,
+                    const char *vfyCApath, const char *vfyCAfile,
+                    const char *chCApath, const char *chCAfile,
+                    STACK_OF(X509_CRL) *crls, int crl_download)
+{
+    X509_STORE *vfy = NULL, *ch = NULL;
+    int rv = 0;
+    if (vfyCApath != NULL || vfyCAfile != NULL) {
+        vfy = X509_STORE_new();
+        if (vfy == NULL)
+            goto err;
+        if (!X509_STORE_load_locations(vfy, vfyCAfile, vfyCApath))
+            goto err;
+        add_crls_store(vfy, crls);
+        SSL_CTX_set1_verify_cert_store(ctx, vfy);
+        if (crl_download)
+            store_setup_crl_download(vfy);
+    }
+    if (chCApath != NULL || chCAfile != NULL) {
+        ch = X509_STORE_new();
+        if (ch == NULL)
+            goto err;
+        if (!X509_STORE_load_locations(ch, chCAfile, chCApath))
+            goto err;
+        SSL_CTX_set1_chain_cert_store(ctx, ch);
+    }
+    rv = 1;
+ err:
+    X509_STORE_free(vfy);
+    X509_STORE_free(ch);
+    return rv;
+}
+
+/* Verbose print out of security callback */
+
+typedef struct {
+    BIO *out;
+    int verbose;
+    int (*old_cb) (const SSL *s, const SSL_CTX *ctx, int op, int bits, int nid,
+                   void *other, void *ex);
+} security_debug_ex;
+
+static STRINT_PAIR callback_types[] = {
+    {"Supported Ciphersuite", SSL_SECOP_CIPHER_SUPPORTED},
+    {"Shared Ciphersuite", SSL_SECOP_CIPHER_SHARED},
+    {"Check Ciphersuite", SSL_SECOP_CIPHER_CHECK},
+#ifndef OPENSSL_NO_DH
+    {"Temp DH key bits", SSL_SECOP_TMP_DH},
+#endif
+    {"Supported Curve", SSL_SECOP_CURVE_SUPPORTED},
+    {"Shared Curve", SSL_SECOP_CURVE_SHARED},
+    {"Check Curve", SSL_SECOP_CURVE_CHECK},
+    {"Supported Signature Algorithm digest", SSL_SECOP_SIGALG_SUPPORTED},
+    {"Shared Signature Algorithm digest", SSL_SECOP_SIGALG_SHARED},
+    {"Check Signature Algorithm digest", SSL_SECOP_SIGALG_CHECK},
+    {"Signature Algorithm mask", SSL_SECOP_SIGALG_MASK},
+    {"Certificate chain EE key", SSL_SECOP_EE_KEY},
+    {"Certificate chain CA key", SSL_SECOP_CA_KEY},
+    {"Peer Chain EE key", SSL_SECOP_PEER_EE_KEY},
+    {"Peer Chain CA key", SSL_SECOP_PEER_CA_KEY},
+    {"Certificate chain CA digest", SSL_SECOP_CA_MD},
+    {"Peer chain CA digest", SSL_SECOP_PEER_CA_MD},
+    {"SSL compression", SSL_SECOP_COMPRESSION},
+    {"Session ticket", SSL_SECOP_TICKET},
+    {NULL}
+};
+
+static int security_callback_debug(const SSL *s, const SSL_CTX *ctx,
+                                   int op, int bits, int nid,
+                                   void *other, void *ex)
+{
+    security_debug_ex *sdb = ex;
+    int rv, show_bits = 1, cert_md = 0;
+    const char *nm;
+    rv = sdb->old_cb(s, ctx, op, bits, nid, other, ex);
+    if (rv == 1 && sdb->verbose < 2)
+        return 1;
+    BIO_puts(sdb->out, "Security callback: ");
+
+    nm = lookup(op, callback_types, NULL);
+    switch (op) {
+    case SSL_SECOP_TICKET:
+    case SSL_SECOP_COMPRESSION:
+        show_bits = 0;
+        nm = NULL;
+        break;
+    case SSL_SECOP_VERSION:
+        BIO_printf(sdb->out, "Version=%s", lookup(nid, ssl_versions, "???"));
+        show_bits = 0;
+        nm = NULL;
+        break;
+    case SSL_SECOP_CA_MD:
+    case SSL_SECOP_PEER_CA_MD:
+        cert_md = 1;
+        break;
+    }
+    if (nm != NULL)
+        BIO_printf(sdb->out, "%s=", nm);
+
+    switch (op & SSL_SECOP_OTHER_TYPE) {
+
+    case SSL_SECOP_OTHER_CIPHER:
+        BIO_puts(sdb->out, SSL_CIPHER_get_name(other));
+        break;
+
+#ifndef OPENSSL_NO_EC
+    case SSL_SECOP_OTHER_CURVE:
+        {
+            const char *cname;
+            cname = EC_curve_nid2nist(nid);
+            if (cname == NULL)
+                cname = OBJ_nid2sn(nid);
+            BIO_puts(sdb->out, cname);
+        }
+        break;
+#endif
+#ifndef OPENSSL_NO_DH
+    case SSL_SECOP_OTHER_DH:
+        {
+            DH *dh = other;
+            BIO_printf(sdb->out, "%d", DH_bits(dh));
+            break;
+        }
+#endif
+    case SSL_SECOP_OTHER_CERT:
+        {
+            if (cert_md) {
+                int sig_nid = X509_get_signature_nid(other);
+                BIO_puts(sdb->out, OBJ_nid2sn(sig_nid));
+            } else {
+                EVP_PKEY *pkey = X509_get0_pubkey(other);
+                const char *algname = "";
+                EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL,
+                                        &algname, EVP_PKEY_get0_asn1(pkey));
+                BIO_printf(sdb->out, "%s, bits=%d",
+                           algname, EVP_PKEY_bits(pkey));
+            }
+            break;
+        }
+    case SSL_SECOP_OTHER_SIGALG:
+        {
+            const unsigned char *salg = other;
+            const char *sname = NULL;
+            switch (salg[1]) {
+            case TLSEXT_signature_anonymous:
+                sname = "anonymous";
+                break;
+            case TLSEXT_signature_rsa:
+                sname = "RSA";
+                break;
+            case TLSEXT_signature_dsa:
+                sname = "DSA";
+                break;
+            case TLSEXT_signature_ecdsa:
+                sname = "ECDSA";
+                break;
+            }
+
+            BIO_puts(sdb->out, OBJ_nid2sn(nid));
+            if (sname)
+                BIO_printf(sdb->out, ", algorithm=%s", sname);
+            else
+                BIO_printf(sdb->out, ", algid=%d", salg[1]);
+            break;
+        }
+
+    }
+
+    if (show_bits)
+        BIO_printf(sdb->out, ", security bits=%d", bits);
+    BIO_printf(sdb->out, ": %s\n", rv ? "yes" : "no");
+    return rv;
+}
+
+void ssl_ctx_security_debug(SSL_CTX *ctx, int verbose)
+{
+    static security_debug_ex sdb;
+
+    sdb.out = bio_err;
+    sdb.verbose = verbose;
+    sdb.old_cb = SSL_CTX_get_security_callback(ctx);
+    SSL_CTX_set_security_callback(ctx, security_callback_debug);
+    SSL_CTX_set0_security_ex_data(ctx, &sdb);
+}
+
+static void keylog_callback(const SSL *ssl, const char *line)
+{
+    if (bio_keylog == NULL) {
+        BIO_printf(bio_err, "Keylog callback is invoked without valid file!\n");
+        return;
+    }
+
+    /*
+     * There might be concurrent writers to the keylog file, so we must ensure
+     * that the given line is written at once.
+     */
+    BIO_printf(bio_keylog, "%s\n", line);
+    (void)BIO_flush(bio_keylog);
+}
+
+int set_keylog_file(SSL_CTX *ctx, const char *keylog_file)
+{
+    /* Close any open files */
+    BIO_free_all(bio_keylog);
+    bio_keylog = NULL;
+
+    if (ctx == NULL || keylog_file == NULL) {
+        /* Keylogging is disabled, OK. */
+        return 0;
+    }
+
+    /*
+     * Append rather than write in order to allow concurrent modification.
+     * Furthermore, this preserves existing keylog files which is useful when
+     * the tool is run multiple times.
+     */
+    bio_keylog = BIO_new_file(keylog_file, "a");
+    if (bio_keylog == NULL) {
+        BIO_printf(bio_err, "Error writing keylog file %s\n", keylog_file);
+        return 1;
+    }
+
+    /* Write a header for seekable, empty files (this excludes pipes). */
+    if (BIO_tell(bio_keylog) == 0) {
+        BIO_puts(bio_keylog,
+                 "# SSL/TLS secrets log file, generated by OpenSSL\n");
+        (void)BIO_flush(bio_keylog);
+    }
+    SSL_CTX_set_keylog_callback(ctx, keylog_callback);
+    return 0;
+}
+
+void print_ca_names(BIO *bio, SSL *s)
+{
+    const char *cs = SSL_is_server(s) ? "server" : "client";
+    const STACK_OF(X509_NAME) *sk = SSL_get0_peer_CA_list(s);
+    int i;
+
+    if (sk == NULL || sk_X509_NAME_num(sk) == 0) {
+        BIO_printf(bio, "---\nNo %s certificate CA names sent\n", cs);
+        return;
+    }
+
+    BIO_printf(bio, "---\nAcceptable %s certificate CA names\n",cs);
+    for (i = 0; i < sk_X509_NAME_num(sk); i++) {
+        X509_NAME_print_ex(bio, sk_X509_NAME_value(sk, i), 0, get_nameopt());
+        BIO_write(bio, "\n", 1);
+    }
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/s_client.c b/trunk/3rdparty/openssl-1.1-fit/apps/s_client.c
new file mode 100644
index 000000000..4dd6e2fef
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/s_client.c
@@ -0,0 +1,3544 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include <ctype.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <openssl/e_os2.h>
+
+#ifndef OPENSSL_NO_SOCK
+
+/*
+ * With IPv6, it looks like Digital has mixed up the proper order of
+ * recursive header file inclusion, resulting in the compiler complaining
+ * that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is
+ * needed to have fileno() declared correctly...  So let's define u_int
+ */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
+# define __U_INT
+typedef unsigned int u_int;
+#endif
+
+#include "apps.h"
+#include "progs.h"
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/rand.h>
+#include <openssl/ocsp.h>
+#include <openssl/bn.h>
+#include <openssl/async.h>
+#ifndef OPENSSL_NO_SRP
+# include <openssl/srp.h>
+#endif
+#ifndef OPENSSL_NO_CT
+# include <openssl/ct.h>
+#endif
+#include "s_apps.h"
+#include "timeouts.h"
+#include "internal/sockets.h"
+
+#if defined(__has_feature)
+# if __has_feature(memory_sanitizer)
+#  include <sanitizer/msan_interface.h>
+# endif
+#endif
+
+#undef BUFSIZZ
+#define BUFSIZZ 1024*8
+#define S_CLIENT_IRC_READ_TIMEOUT 8
+
+static char *prog;
+static int c_debug = 0;
+static int c_showcerts = 0;
+static char *keymatexportlabel = NULL;
+static int keymatexportlen = 20;
+static BIO *bio_c_out = NULL;
+static int c_quiet = 0;
+static char *sess_out = NULL;
+static SSL_SESSION *psksess = NULL;
+
+static void print_stuff(BIO *berr, SSL *con, int full);
+#ifndef OPENSSL_NO_OCSP
+static int ocsp_resp_cb(SSL *s, void *arg);
+#endif
+static int ldap_ExtendedResponse_parse(const char *buf, long rem);
+static int is_dNS_name(const char *host);
+
+static int saved_errno;
+
+static void save_errno(void)
+{
+    saved_errno = errno;
+    errno = 0;
+}
+
+static int restore_errno(void)
+{
+    int ret = errno;
+    errno = saved_errno;
+    return ret;
+}
+
+static void do_ssl_shutdown(SSL *ssl)
+{
+    int ret;
+
+    do {
+        /* We only do unidirectional shutdown */
+        ret = SSL_shutdown(ssl);
+        if (ret < 0) {
+            switch (SSL_get_error(ssl, ret)) {
+            case SSL_ERROR_WANT_READ:
+            case SSL_ERROR_WANT_WRITE:
+            case SSL_ERROR_WANT_ASYNC:
+            case SSL_ERROR_WANT_ASYNC_JOB:
+                /* We just do busy waiting. Nothing clever */
+                continue;
+            }
+            ret = 0;
+        }
+    } while (ret < 0);
+}
+
+/* Default PSK identity and key */
+static char *psk_identity = "Client_identity";
+
+#ifndef OPENSSL_NO_PSK
+static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity,
+                                  unsigned int max_identity_len,
+                                  unsigned char *psk,
+                                  unsigned int max_psk_len)
+{
+    int ret;
+    long key_len;
+    unsigned char *key;
+
+    if (c_debug)
+        BIO_printf(bio_c_out, "psk_client_cb\n");
+    if (!hint) {
+        /* no ServerKeyExchange message */
+        if (c_debug)
+            BIO_printf(bio_c_out,
+                       "NULL received PSK identity hint, continuing anyway\n");
+    } else if (c_debug) {
+        BIO_printf(bio_c_out, "Received PSK identity hint '%s'\n", hint);
+    }
+
+    /*
+     * lookup PSK identity and PSK key based on the given identity hint here
+     */
+    ret = BIO_snprintf(identity, max_identity_len, "%s", psk_identity);
+    if (ret < 0 || (unsigned int)ret > max_identity_len)
+        goto out_err;
+    if (c_debug)
+        BIO_printf(bio_c_out, "created identity '%s' len=%d\n", identity,
+                   ret);
+
+    /* convert the PSK key to binary */
+    key = OPENSSL_hexstr2buf(psk_key, &key_len);
+    if (key == NULL) {
+        BIO_printf(bio_err, "Could not convert PSK key '%s' to buffer\n",
+                   psk_key);
+        return 0;
+    }
+    if (max_psk_len > INT_MAX || key_len > (long)max_psk_len) {
+        BIO_printf(bio_err,
+                   "psk buffer of callback is too small (%d) for key (%ld)\n",
+                   max_psk_len, key_len);
+        OPENSSL_free(key);
+        return 0;
+    }
+
+    memcpy(psk, key, key_len);
+    OPENSSL_free(key);
+
+    if (c_debug)
+        BIO_printf(bio_c_out, "created PSK len=%ld\n", key_len);
+
+    return key_len;
+ out_err:
+    if (c_debug)
+        BIO_printf(bio_err, "Error in PSK client callback\n");
+    return 0;
+}
+#endif
+
+const unsigned char tls13_aes128gcmsha256_id[] = { 0x13, 0x01 };
+const unsigned char tls13_aes256gcmsha384_id[] = { 0x13, 0x02 };
+
+static int psk_use_session_cb(SSL *s, const EVP_MD *md,
+                              const unsigned char **id, size_t *idlen,
+                              SSL_SESSION **sess)
+{
+    SSL_SESSION *usesess = NULL;
+    const SSL_CIPHER *cipher = NULL;
+
+    if (psksess != NULL) {
+        SSL_SESSION_up_ref(psksess);
+        usesess = psksess;
+    } else {
+        long key_len;
+        unsigned char *key = OPENSSL_hexstr2buf(psk_key, &key_len);
+
+        if (key == NULL) {
+            BIO_printf(bio_err, "Could not convert PSK key '%s' to buffer\n",
+                       psk_key);
+            return 0;
+        }
+
+        /* We default to SHA-256 */
+        cipher = SSL_CIPHER_find(s, tls13_aes128gcmsha256_id);
+        if (cipher == NULL) {
+            BIO_printf(bio_err, "Error finding suitable ciphersuite\n");
+            OPENSSL_free(key);
+            return 0;
+        }
+
+        usesess = SSL_SESSION_new();
+        if (usesess == NULL
+                || !SSL_SESSION_set1_master_key(usesess, key, key_len)
+                || !SSL_SESSION_set_cipher(usesess, cipher)
+                || !SSL_SESSION_set_protocol_version(usesess, TLS1_3_VERSION)) {
+            OPENSSL_free(key);
+            goto err;
+        }
+        OPENSSL_free(key);
+    }
+
+    cipher = SSL_SESSION_get0_cipher(usesess);
+    if (cipher == NULL)
+        goto err;
+
+    if (md != NULL && SSL_CIPHER_get_handshake_digest(cipher) != md) {
+        /* PSK not usable, ignore it */
+        *id = NULL;
+        *idlen = 0;
+        *sess = NULL;
+        SSL_SESSION_free(usesess);
+    } else {
+        *sess = usesess;
+        *id = (unsigned char *)psk_identity;
+        *idlen = strlen(psk_identity);
+    }
+
+    return 1;
+
+ err:
+    SSL_SESSION_free(usesess);
+    return 0;
+}
+
+/* This is a context that we pass to callbacks */
+typedef struct tlsextctx_st {
+    BIO *biodebug;
+    int ack;
+} tlsextctx;
+
+static int ssl_servername_cb(SSL *s, int *ad, void *arg)
+{
+    tlsextctx *p = (tlsextctx *) arg;
+    const char *hn = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
+    if (SSL_get_servername_type(s) != -1)
+        p->ack = !SSL_session_reused(s) && hn != NULL;
+    else
+        BIO_printf(bio_err, "Can't use SSL_get_servername\n");
+
+    return SSL_TLSEXT_ERR_OK;
+}
+
+#ifndef OPENSSL_NO_SRP
+
+/* This is a context that we pass to all callbacks */
+typedef struct srp_arg_st {
+    char *srppassin;
+    char *srplogin;
+    int msg;                    /* copy from c_msg */
+    int debug;                  /* copy from c_debug */
+    int amp;                    /* allow more groups */
+    int strength;               /* minimal size for N */
+} SRP_ARG;
+
+# define SRP_NUMBER_ITERATIONS_FOR_PRIME 64
+
+static int srp_Verify_N_and_g(const BIGNUM *N, const BIGNUM *g)
+{
+    BN_CTX *bn_ctx = BN_CTX_new();
+    BIGNUM *p = BN_new();
+    BIGNUM *r = BN_new();
+    int ret =
+        g != NULL && N != NULL && bn_ctx != NULL && BN_is_odd(N) &&
+        BN_is_prime_ex(N, SRP_NUMBER_ITERATIONS_FOR_PRIME, bn_ctx, NULL) == 1 &&
+        p != NULL && BN_rshift1(p, N) &&
+        /* p = (N-1)/2 */
+        BN_is_prime_ex(p, SRP_NUMBER_ITERATIONS_FOR_PRIME, bn_ctx, NULL) == 1 &&
+        r != NULL &&
+        /* verify g^((N-1)/2) == -1 (mod N) */
+        BN_mod_exp(r, g, p, N, bn_ctx) &&
+        BN_add_word(r, 1) && BN_cmp(r, N) == 0;
+
+    BN_free(r);
+    BN_free(p);
+    BN_CTX_free(bn_ctx);
+    return ret;
+}
+
+/*-
+ * This callback is used here for two purposes:
+ * - extended debugging
+ * - making some primality tests for unknown groups
+ * The callback is only called for a non default group.
+ *
+ * An application does not need the call back at all if
+ * only the standard groups are used.  In real life situations,
+ * client and server already share well known groups,
+ * thus there is no need to verify them.
+ * Furthermore, in case that a server actually proposes a group that
+ * is not one of those defined in RFC 5054, it is more appropriate
+ * to add the group to a static list and then compare since
+ * primality tests are rather cpu consuming.
+ */
+
+static int ssl_srp_verify_param_cb(SSL *s, void *arg)
+{
+    SRP_ARG *srp_arg = (SRP_ARG *)arg;
+    BIGNUM *N = NULL, *g = NULL;
+
+    if (((N = SSL_get_srp_N(s)) == NULL) || ((g = SSL_get_srp_g(s)) == NULL))
+        return 0;
+    if (srp_arg->debug || srp_arg->msg || srp_arg->amp == 1) {
+        BIO_printf(bio_err, "SRP parameters:\n");
+        BIO_printf(bio_err, "\tN=");
+        BN_print(bio_err, N);
+        BIO_printf(bio_err, "\n\tg=");
+        BN_print(bio_err, g);
+        BIO_printf(bio_err, "\n");
+    }
+
+    if (SRP_check_known_gN_param(g, N))
+        return 1;
+
+    if (srp_arg->amp == 1) {
+        if (srp_arg->debug)
+            BIO_printf(bio_err,
+                       "SRP param N and g are not known params, going to check deeper.\n");
+
+        /*
+         * The srp_moregroups is a real debugging feature. Implementors
+         * should rather add the value to the known ones. The minimal size
+         * has already been tested.
+         */
+        if (BN_num_bits(g) <= BN_BITS && srp_Verify_N_and_g(N, g))
+            return 1;
+    }
+    BIO_printf(bio_err, "SRP param N and g rejected.\n");
+    return 0;
+}
+
+# define PWD_STRLEN 1024
+
+static char *ssl_give_srp_client_pwd_cb(SSL *s, void *arg)
+{
+    SRP_ARG *srp_arg = (SRP_ARG *)arg;
+    char *pass = app_malloc(PWD_STRLEN + 1, "SRP password buffer");
+    PW_CB_DATA cb_tmp;
+    int l;
+
+    cb_tmp.password = (char *)srp_arg->srppassin;
+    cb_tmp.prompt_info = "SRP user";
+    if ((l = password_callback(pass, PWD_STRLEN, 0, &cb_tmp)) < 0) {
+        BIO_printf(bio_err, "Can't read Password\n");
+        OPENSSL_free(pass);
+        return NULL;
+    }
+    *(pass + l) = '\0';
+
+    return pass;
+}
+
+#endif
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+/* This the context that we pass to next_proto_cb */
+typedef struct tlsextnextprotoctx_st {
+    unsigned char *data;
+    size_t len;
+    int status;
+} tlsextnextprotoctx;
+
+static tlsextnextprotoctx next_proto;
+
+static int next_proto_cb(SSL *s, unsigned char **out, unsigned char *outlen,
+                         const unsigned char *in, unsigned int inlen,
+                         void *arg)
+{
+    tlsextnextprotoctx *ctx = arg;
+
+    if (!c_quiet) {
+        /* We can assume that |in| is syntactically valid. */
+        unsigned i;
+        BIO_printf(bio_c_out, "Protocols advertised by server: ");
+        for (i = 0; i < inlen;) {
+            if (i)
+                BIO_write(bio_c_out, ", ", 2);
+            BIO_write(bio_c_out, &in[i + 1], in[i]);
+            i += in[i] + 1;
+        }
+        BIO_write(bio_c_out, "\n", 1);
+    }
+
+    ctx->status =
+        SSL_select_next_proto(out, outlen, in, inlen, ctx->data, ctx->len);
+    return SSL_TLSEXT_ERR_OK;
+}
+#endif                         /* ndef OPENSSL_NO_NEXTPROTONEG */
+
+static int serverinfo_cli_parse_cb(SSL *s, unsigned int ext_type,
+                                   const unsigned char *in, size_t inlen,
+                                   int *al, void *arg)
+{
+    char pem_name[100];
+    unsigned char ext_buf[4 + 65536];
+
+    /* Reconstruct the type/len fields prior to extension data */
+    inlen &= 0xffff; /* for formal memcmpy correctness */
+    ext_buf[0] = (unsigned char)(ext_type >> 8);
+    ext_buf[1] = (unsigned char)(ext_type);
+    ext_buf[2] = (unsigned char)(inlen >> 8);
+    ext_buf[3] = (unsigned char)(inlen);
+    memcpy(ext_buf + 4, in, inlen);
+
+    BIO_snprintf(pem_name, sizeof(pem_name), "SERVERINFO FOR EXTENSION %d",
+                 ext_type);
+    PEM_write_bio(bio_c_out, pem_name, "", ext_buf, 4 + inlen);
+    return 1;
+}
+
+/*
+ * Hex decoder that tolerates optional whitespace.  Returns number of bytes
+ * produced, advances inptr to end of input string.
+ */
+static ossl_ssize_t hexdecode(const char **inptr, void *result)
+{
+    unsigned char **out = (unsigned char **)result;
+    const char *in = *inptr;
+    unsigned char *ret = app_malloc(strlen(in) / 2, "hexdecode");
+    unsigned char *cp = ret;
+    uint8_t byte;
+    int nibble = 0;
+
+    if (ret == NULL)
+        return -1;
+
+    for (byte = 0; *in; ++in) {
+        int x;
+
+        if (isspace(_UC(*in)))
+            continue;
+        x = OPENSSL_hexchar2int(*in);
+        if (x < 0) {
+            OPENSSL_free(ret);
+            return 0;
+        }
+        byte |= (char)x;
+        if ((nibble ^= 1) == 0) {
+            *cp++ = byte;
+            byte = 0;
+        } else {
+            byte <<= 4;
+        }
+    }
+    if (nibble != 0) {
+        OPENSSL_free(ret);
+        return 0;
+    }
+    *inptr = in;
+
+    return cp - (*out = ret);
+}
+
+/*
+ * Decode unsigned 0..255, returns 1 on success, <= 0 on failure. Advances
+ * inptr to next field skipping leading whitespace.
+ */
+static ossl_ssize_t checked_uint8(const char **inptr, void *out)
+{
+    uint8_t *result = (uint8_t *)out;
+    const char *in = *inptr;
+    char *endp;
+    long v;
+    int e;
+
+    save_errno();
+    v = strtol(in, &endp, 10);
+    e = restore_errno();
+
+    if (((v == LONG_MIN || v == LONG_MAX) && e == ERANGE) ||
+        endp == in || !isspace(_UC(*endp)) ||
+        v != (*result = (uint8_t) v)) {
+        return -1;
+    }
+    for (in = endp; isspace(_UC(*in)); ++in)
+        continue;
+
+    *inptr = in;
+    return 1;
+}
+
+struct tlsa_field {
+    void *var;
+    const char *name;
+    ossl_ssize_t (*parser)(const char **, void *);
+};
+
+static int tlsa_import_rr(SSL *con, const char *rrdata)
+{
+    /* Not necessary to re-init these values; the "parsers" do that. */
+    static uint8_t usage;
+    static uint8_t selector;
+    static uint8_t mtype;
+    static unsigned char *data;
+    static struct tlsa_field tlsa_fields[] = {
+        { &usage, "usage", checked_uint8 },
+        { &selector, "selector", checked_uint8 },
+        { &mtype, "mtype", checked_uint8 },
+        { &data, "data", hexdecode },
+        { NULL, }
+    };
+    struct tlsa_field *f;
+    int ret;
+    const char *cp = rrdata;
+    ossl_ssize_t len = 0;
+
+    for (f = tlsa_fields; f->var; ++f) {
+        /* Returns number of bytes produced, advances cp to next field */
+        if ((len = f->parser(&cp, f->var)) <= 0) {
+            BIO_printf(bio_err, "%s: warning: bad TLSA %s field in: %s\n",
+                       prog, f->name, rrdata);
+            return 0;
+        }
+    }
+    /* The data field is last, so len is its length */
+    ret = SSL_dane_tlsa_add(con, usage, selector, mtype, data, len);
+    OPENSSL_free(data);
+
+    if (ret == 0) {
+        ERR_print_errors(bio_err);
+        BIO_printf(bio_err, "%s: warning: unusable TLSA rrdata: %s\n",
+                   prog, rrdata);
+        return 0;
+    }
+    if (ret < 0) {
+        ERR_print_errors(bio_err);
+        BIO_printf(bio_err, "%s: warning: error loading TLSA rrdata: %s\n",
+                   prog, rrdata);
+        return 0;
+    }
+    return ret;
+}
+
+static int tlsa_import_rrset(SSL *con, STACK_OF(OPENSSL_STRING) *rrset)
+{
+    int num = sk_OPENSSL_STRING_num(rrset);
+    int count = 0;
+    int i;
+
+    for (i = 0; i < num; ++i) {
+        char *rrdata = sk_OPENSSL_STRING_value(rrset, i);
+        if (tlsa_import_rr(con, rrdata) > 0)
+            ++count;
+    }
+    return count > 0;
+}
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_4, OPT_6, OPT_HOST, OPT_PORT, OPT_CONNECT, OPT_BIND, OPT_UNIX,
+    OPT_XMPPHOST, OPT_VERIFY, OPT_NAMEOPT,
+    OPT_CERT, OPT_CRL, OPT_CRL_DOWNLOAD, OPT_SESS_OUT, OPT_SESS_IN,
+    OPT_CERTFORM, OPT_CRLFORM, OPT_VERIFY_RET_ERROR, OPT_VERIFY_QUIET,
+    OPT_BRIEF, OPT_PREXIT, OPT_CRLF, OPT_QUIET, OPT_NBIO,
+    OPT_SSL_CLIENT_ENGINE, OPT_IGN_EOF, OPT_NO_IGN_EOF,
+    OPT_DEBUG, OPT_TLSEXTDEBUG, OPT_STATUS, OPT_WDEBUG,
+    OPT_MSG, OPT_MSGFILE, OPT_ENGINE, OPT_TRACE, OPT_SECURITY_DEBUG,
+    OPT_SECURITY_DEBUG_VERBOSE, OPT_SHOWCERTS, OPT_NBIO_TEST, OPT_STATE,
+    OPT_PSK_IDENTITY, OPT_PSK, OPT_PSK_SESS,
+#ifndef OPENSSL_NO_SRP
+    OPT_SRPUSER, OPT_SRPPASS, OPT_SRP_STRENGTH, OPT_SRP_LATEUSER,
+    OPT_SRP_MOREGROUPS,
+#endif
+    OPT_SSL3, OPT_SSL_CONFIG,
+    OPT_TLS1_3, OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1,
+    OPT_DTLS1_2, OPT_SCTP, OPT_TIMEOUT, OPT_MTU, OPT_KEYFORM, OPT_PASS,
+    OPT_CERT_CHAIN, OPT_CAPATH, OPT_NOCAPATH, OPT_CHAINCAPATH, OPT_VERIFYCAPATH,
+    OPT_KEY, OPT_RECONNECT, OPT_BUILD_CHAIN, OPT_CAFILE, OPT_NOCAFILE,
+    OPT_CHAINCAFILE, OPT_VERIFYCAFILE, OPT_NEXTPROTONEG, OPT_ALPN,
+    OPT_SERVERINFO, OPT_STARTTLS, OPT_SERVERNAME, OPT_NOSERVERNAME, OPT_ASYNC,
+    OPT_USE_SRTP, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN, OPT_PROTOHOST,
+    OPT_MAXFRAGLEN, OPT_MAX_SEND_FRAG, OPT_SPLIT_SEND_FRAG, OPT_MAX_PIPELINES,
+    OPT_READ_BUF, OPT_KEYLOG_FILE, OPT_EARLY_DATA, OPT_REQCAFILE,
+    OPT_V_ENUM,
+    OPT_X_ENUM,
+    OPT_S_ENUM,
+    OPT_FALLBACKSCSV, OPT_NOCMDS, OPT_PROXY, OPT_DANE_TLSA_DOMAIN,
+#ifndef OPENSSL_NO_CT
+    OPT_CT, OPT_NOCT, OPT_CTLOG_FILE,
+#endif
+    OPT_DANE_TLSA_RRDATA, OPT_DANE_EE_NO_NAME,
+    OPT_ENABLE_PHA,
+    OPT_SCTP_LABEL_BUG,
+    OPT_R_ENUM
+} OPTION_CHOICE;
+
+const OPTIONS s_client_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"host", OPT_HOST, 's', "Use -connect instead"},
+    {"port", OPT_PORT, 'p', "Use -connect instead"},
+    {"connect", OPT_CONNECT, 's',
+     "TCP/IP where to connect (default is :" PORT ")"},
+    {"bind", OPT_BIND, 's', "bind local address for connection"},
+    {"proxy", OPT_PROXY, 's',
+     "Connect to via specified proxy to the real server"},
+#ifdef AF_UNIX
+    {"unix", OPT_UNIX, 's', "Connect over the specified Unix-domain socket"},
+#endif
+    {"4", OPT_4, '-', "Use IPv4 only"},
+#ifdef AF_INET6
+    {"6", OPT_6, '-', "Use IPv6 only"},
+#endif
+    {"verify", OPT_VERIFY, 'p', "Turn on peer certificate verification"},
+    {"cert", OPT_CERT, '<', "Certificate file to use, PEM format assumed"},
+    {"certform", OPT_CERTFORM, 'F',
+     "Certificate format (PEM or DER) PEM default"},
+    {"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"},
+    {"key", OPT_KEY, 's', "Private key file to use, if not in -cert file"},
+    {"keyform", OPT_KEYFORM, 'E', "Key format (PEM, DER or engine) PEM default"},
+    {"pass", OPT_PASS, 's', "Private key file pass phrase source"},
+    {"CApath", OPT_CAPATH, '/', "PEM format directory of CA's"},
+    {"CAfile", OPT_CAFILE, '<', "PEM format file of CA's"},
+    {"no-CAfile", OPT_NOCAFILE, '-',
+     "Do not load the default certificates file"},
+    {"no-CApath", OPT_NOCAPATH, '-',
+     "Do not load certificates from the default certificates directory"},
+    {"requestCAfile", OPT_REQCAFILE, '<',
+      "PEM format file of CA names to send to the server"},
+    {"dane_tlsa_domain", OPT_DANE_TLSA_DOMAIN, 's', "DANE TLSA base domain"},
+    {"dane_tlsa_rrdata", OPT_DANE_TLSA_RRDATA, 's',
+     "DANE TLSA rrdata presentation form"},
+    {"dane_ee_no_namechecks", OPT_DANE_EE_NO_NAME, '-',
+     "Disable name checks when matching DANE-EE(3) TLSA records"},
+    {"reconnect", OPT_RECONNECT, '-',
+     "Drop and re-make the connection with the same Session-ID"},
+    {"showcerts", OPT_SHOWCERTS, '-',
+     "Show all certificates sent by the server"},
+    {"debug", OPT_DEBUG, '-', "Extra output"},
+    {"msg", OPT_MSG, '-', "Show protocol messages"},
+    {"msgfile", OPT_MSGFILE, '>',
+     "File to send output of -msg or -trace, instead of stdout"},
+    {"nbio_test", OPT_NBIO_TEST, '-', "More ssl protocol testing"},
+    {"state", OPT_STATE, '-', "Print the ssl states"},
+    {"crlf", OPT_CRLF, '-', "Convert LF from terminal into CRLF"},
+    {"quiet", OPT_QUIET, '-', "No s_client output"},
+    {"ign_eof", OPT_IGN_EOF, '-', "Ignore input eof (default when -quiet)"},
+    {"no_ign_eof", OPT_NO_IGN_EOF, '-', "Don't ignore input eof"},
+    {"starttls", OPT_STARTTLS, 's',
+     "Use the appropriate STARTTLS command before starting TLS"},
+    {"xmpphost", OPT_XMPPHOST, 's',
+     "Alias of -name option for \"-starttls xmpp[-server]\""},
+    OPT_R_OPTIONS,
+    {"sess_out", OPT_SESS_OUT, '>', "File to write SSL session to"},
+    {"sess_in", OPT_SESS_IN, '<', "File to read SSL session from"},
+#ifndef OPENSSL_NO_SRTP
+    {"use_srtp", OPT_USE_SRTP, 's',
+     "Offer SRTP key management with a colon-separated profile list"},
+#endif
+    {"keymatexport", OPT_KEYMATEXPORT, 's',
+     "Export keying material using label"},
+    {"keymatexportlen", OPT_KEYMATEXPORTLEN, 'p',
+     "Export len bytes of keying material (default 20)"},
+    {"maxfraglen", OPT_MAXFRAGLEN, 'p',
+     "Enable Maximum Fragment Length Negotiation (len values: 512, 1024, 2048 and 4096)"},
+    {"fallback_scsv", OPT_FALLBACKSCSV, '-', "Send the fallback SCSV"},
+    {"name", OPT_PROTOHOST, 's',
+     "Hostname to use for \"-starttls lmtp\", \"-starttls smtp\" or \"-starttls xmpp[-server]\""},
+    {"CRL", OPT_CRL, '<', "CRL file to use"},
+    {"crl_download", OPT_CRL_DOWNLOAD, '-', "Download CRL from distribution points"},
+    {"CRLform", OPT_CRLFORM, 'F', "CRL format (PEM or DER) PEM is default"},
+    {"verify_return_error", OPT_VERIFY_RET_ERROR, '-',
+     "Close connection on verification error"},
+    {"verify_quiet", OPT_VERIFY_QUIET, '-', "Restrict verify output to errors"},
+    {"brief", OPT_BRIEF, '-',
+     "Restrict output to brief summary of connection parameters"},
+    {"prexit", OPT_PREXIT, '-',
+     "Print session information when the program exits"},
+    {"security_debug", OPT_SECURITY_DEBUG, '-',
+     "Enable security debug messages"},
+    {"security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-',
+     "Output more security debug output"},
+    {"cert_chain", OPT_CERT_CHAIN, '<',
+     "Certificate chain file (in PEM format)"},
+    {"chainCApath", OPT_CHAINCAPATH, '/',
+     "Use dir as certificate store path to build CA certificate chain"},
+    {"verifyCApath", OPT_VERIFYCAPATH, '/',
+     "Use dir as certificate store path to verify CA certificate"},
+    {"build_chain", OPT_BUILD_CHAIN, '-', "Build certificate chain"},
+    {"chainCAfile", OPT_CHAINCAFILE, '<',
+     "CA file for certificate chain (PEM format)"},
+    {"verifyCAfile", OPT_VERIFYCAFILE, '<',
+     "CA file for certificate verification (PEM format)"},
+    {"nocommands", OPT_NOCMDS, '-', "Do not use interactive command letters"},
+    {"servername", OPT_SERVERNAME, 's',
+     "Set TLS extension servername (SNI) in ClientHello (default)"},
+    {"noservername", OPT_NOSERVERNAME, '-',
+     "Do not send the server name (SNI) extension in the ClientHello"},
+    {"tlsextdebug", OPT_TLSEXTDEBUG, '-',
+     "Hex dump of all TLS extensions received"},
+#ifndef OPENSSL_NO_OCSP
+    {"status", OPT_STATUS, '-', "Request certificate status from server"},
+#endif
+    {"serverinfo", OPT_SERVERINFO, 's',
+     "types  Send empty ClientHello extensions (comma-separated numbers)"},
+    {"alpn", OPT_ALPN, 's',
+     "Enable ALPN extension, considering named protocols supported (comma-separated list)"},
+    {"async", OPT_ASYNC, '-', "Support asynchronous operation"},
+    {"ssl_config", OPT_SSL_CONFIG, 's', "Use specified configuration file"},
+    {"max_send_frag", OPT_MAX_SEND_FRAG, 'p', "Maximum Size of send frames "},
+    {"split_send_frag", OPT_SPLIT_SEND_FRAG, 'p',
+     "Size used to split data for encrypt pipelines"},
+    {"max_pipelines", OPT_MAX_PIPELINES, 'p',
+     "Maximum number of encrypt/decrypt pipelines to be used"},
+    {"read_buf", OPT_READ_BUF, 'p',
+     "Default read buffer size to be used for connections"},
+    OPT_S_OPTIONS,
+    OPT_V_OPTIONS,
+    OPT_X_OPTIONS,
+#ifndef OPENSSL_NO_SSL3
+    {"ssl3", OPT_SSL3, '-', "Just use SSLv3"},
+#endif
+#ifndef OPENSSL_NO_TLS1
+    {"tls1", OPT_TLS1, '-', "Just use TLSv1"},
+#endif
+#ifndef OPENSSL_NO_TLS1_1
+    {"tls1_1", OPT_TLS1_1, '-', "Just use TLSv1.1"},
+#endif
+#ifndef OPENSSL_NO_TLS1_2
+    {"tls1_2", OPT_TLS1_2, '-', "Just use TLSv1.2"},
+#endif
+#ifndef OPENSSL_NO_TLS1_3
+    {"tls1_3", OPT_TLS1_3, '-', "Just use TLSv1.3"},
+#endif
+#ifndef OPENSSL_NO_DTLS
+    {"dtls", OPT_DTLS, '-', "Use any version of DTLS"},
+    {"timeout", OPT_TIMEOUT, '-',
+     "Enable send/receive timeout on DTLS connections"},
+    {"mtu", OPT_MTU, 'p', "Set the link layer MTU"},
+#endif
+#ifndef OPENSSL_NO_DTLS1
+    {"dtls1", OPT_DTLS1, '-', "Just use DTLSv1"},
+#endif
+#ifndef OPENSSL_NO_DTLS1_2
+    {"dtls1_2", OPT_DTLS1_2, '-', "Just use DTLSv1.2"},
+#endif
+#ifndef OPENSSL_NO_SCTP
+    {"sctp", OPT_SCTP, '-', "Use SCTP"},
+    {"sctp_label_bug", OPT_SCTP_LABEL_BUG, '-', "Enable SCTP label length bug"},
+#endif
+#ifndef OPENSSL_NO_SSL_TRACE
+    {"trace", OPT_TRACE, '-', "Show trace output of protocol messages"},
+#endif
+#ifdef WATT32
+    {"wdebug", OPT_WDEBUG, '-', "WATT-32 tcp debugging"},
+#endif
+    {"nbio", OPT_NBIO, '-', "Use non-blocking IO"},
+    {"psk_identity", OPT_PSK_IDENTITY, 's', "PSK identity"},
+    {"psk", OPT_PSK, 's', "PSK in hex (without 0x)"},
+    {"psk_session", OPT_PSK_SESS, '<', "File to read PSK SSL session from"},
+#ifndef OPENSSL_NO_SRP
+    {"srpuser", OPT_SRPUSER, 's', "SRP authentication for 'user'"},
+    {"srppass", OPT_SRPPASS, 's', "Password for 'user'"},
+    {"srp_lateuser", OPT_SRP_LATEUSER, '-',
+     "SRP username into second ClientHello message"},
+    {"srp_moregroups", OPT_SRP_MOREGROUPS, '-',
+     "Tolerate other than the known g N values."},
+    {"srp_strength", OPT_SRP_STRENGTH, 'p', "Minimal length in bits for N"},
+#endif
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    {"nextprotoneg", OPT_NEXTPROTONEG, 's',
+     "Enable NPN extension, considering named protocols supported (comma-separated list)"},
+#endif
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+    {"ssl_client_engine", OPT_SSL_CLIENT_ENGINE, 's',
+     "Specify engine to be used for client certificate operations"},
+#endif
+#ifndef OPENSSL_NO_CT
+    {"ct", OPT_CT, '-', "Request and parse SCTs (also enables OCSP stapling)"},
+    {"noct", OPT_NOCT, '-', "Do not request or parse SCTs (default)"},
+    {"ctlogfile", OPT_CTLOG_FILE, '<', "CT log list CONF file"},
+#endif
+    {"keylogfile", OPT_KEYLOG_FILE, '>', "Write TLS secrets to file"},
+    {"early_data", OPT_EARLY_DATA, '<', "File to send as early data"},
+    {"enable_pha", OPT_ENABLE_PHA, '-', "Enable post-handshake-authentication"},
+    {NULL, OPT_EOF, 0x00, NULL}
+};
+
+typedef enum PROTOCOL_choice {
+    PROTO_OFF,
+    PROTO_SMTP,
+    PROTO_POP3,
+    PROTO_IMAP,
+    PROTO_FTP,
+    PROTO_TELNET,
+    PROTO_XMPP,
+    PROTO_XMPP_SERVER,
+    PROTO_CONNECT,
+    PROTO_IRC,
+    PROTO_MYSQL,
+    PROTO_POSTGRES,
+    PROTO_LMTP,
+    PROTO_NNTP,
+    PROTO_SIEVE,
+    PROTO_LDAP
+} PROTOCOL_CHOICE;
+
+static const OPT_PAIR services[] = {
+    {"smtp", PROTO_SMTP},
+    {"pop3", PROTO_POP3},
+    {"imap", PROTO_IMAP},
+    {"ftp", PROTO_FTP},
+    {"xmpp", PROTO_XMPP},
+    {"xmpp-server", PROTO_XMPP_SERVER},
+    {"telnet", PROTO_TELNET},
+    {"irc", PROTO_IRC},
+    {"mysql", PROTO_MYSQL},
+    {"postgres", PROTO_POSTGRES},
+    {"lmtp", PROTO_LMTP},
+    {"nntp", PROTO_NNTP},
+    {"sieve", PROTO_SIEVE},
+    {"ldap", PROTO_LDAP},
+    {NULL, 0}
+};
+
+#define IS_INET_FLAG(o) \
+ (o == OPT_4 || o == OPT_6 || o == OPT_HOST || o == OPT_PORT || o == OPT_CONNECT)
+#define IS_UNIX_FLAG(o) (o == OPT_UNIX)
+
+#define IS_PROT_FLAG(o) \
+ (o == OPT_SSL3 || o == OPT_TLS1 || o == OPT_TLS1_1 || o == OPT_TLS1_2 \
+  || o == OPT_TLS1_3 || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2)
+
+/* Free |*dest| and optionally set it to a copy of |source|. */
+static void freeandcopy(char **dest, const char *source)
+{
+    OPENSSL_free(*dest);
+    *dest = NULL;
+    if (source != NULL)
+        *dest = OPENSSL_strdup(source);
+}
+
+static int new_session_cb(SSL *s, SSL_SESSION *sess)
+{
+
+    if (sess_out != NULL) {
+        BIO *stmp = BIO_new_file(sess_out, "w");
+
+        if (stmp == NULL) {
+            BIO_printf(bio_err, "Error writing session file %s\n", sess_out);
+        } else {
+            PEM_write_bio_SSL_SESSION(stmp, sess);
+            BIO_free(stmp);
+        }
+    }
+
+    /*
+     * Session data gets dumped on connection for TLSv1.2 and below, and on
+     * arrival of the NewSessionTicket for TLSv1.3.
+     */
+    if (SSL_version(s) == TLS1_3_VERSION) {
+        BIO_printf(bio_c_out,
+                   "---\nPost-Handshake New Session Ticket arrived:\n");
+        SSL_SESSION_print(bio_c_out, sess);
+        BIO_printf(bio_c_out, "---\n");
+    }
+
+    /*
+     * We always return a "fail" response so that the session gets freed again
+     * because we haven't used the reference.
+     */
+    return 0;
+}
+
+int s_client_main(int argc, char **argv)
+{
+    BIO *sbio;
+    EVP_PKEY *key = NULL;
+    SSL *con = NULL;
+    SSL_CTX *ctx = NULL;
+    STACK_OF(X509) *chain = NULL;
+    X509 *cert = NULL;
+    X509_VERIFY_PARAM *vpm = NULL;
+    SSL_EXCERT *exc = NULL;
+    SSL_CONF_CTX *cctx = NULL;
+    STACK_OF(OPENSSL_STRING) *ssl_args = NULL;
+    char *dane_tlsa_domain = NULL;
+    STACK_OF(OPENSSL_STRING) *dane_tlsa_rrset = NULL;
+    int dane_ee_no_name = 0;
+    STACK_OF(X509_CRL) *crls = NULL;
+    const SSL_METHOD *meth = TLS_client_method();
+    const char *CApath = NULL, *CAfile = NULL;
+    char *cbuf = NULL, *sbuf = NULL;
+    char *mbuf = NULL, *proxystr = NULL, *connectstr = NULL, *bindstr = NULL;
+    char *cert_file = NULL, *key_file = NULL, *chain_file = NULL;
+    char *chCApath = NULL, *chCAfile = NULL, *host = NULL;
+    char *port = OPENSSL_strdup(PORT);
+    char *bindhost = NULL, *bindport = NULL;
+    char *passarg = NULL, *pass = NULL, *vfyCApath = NULL, *vfyCAfile = NULL;
+    char *ReqCAfile = NULL;
+    char *sess_in = NULL, *crl_file = NULL, *p;
+    const char *protohost = NULL;
+    struct timeval timeout, *timeoutp;
+    fd_set readfds, writefds;
+    int noCApath = 0, noCAfile = 0;
+    int build_chain = 0, cbuf_len, cbuf_off, cert_format = FORMAT_PEM;
+    int key_format = FORMAT_PEM, crlf = 0, full_log = 1, mbuf_len = 0;
+    int prexit = 0;
+    int sdebug = 0;
+    int reconnect = 0, verify = SSL_VERIFY_NONE, vpmtouched = 0;
+    int ret = 1, in_init = 1, i, nbio_test = 0, s = -1, k, width, state = 0;
+    int sbuf_len, sbuf_off, cmdletters = 1;
+    int socket_family = AF_UNSPEC, socket_type = SOCK_STREAM, protocol = 0;
+    int starttls_proto = PROTO_OFF, crl_format = FORMAT_PEM, crl_download = 0;
+    int write_tty, read_tty, write_ssl, read_ssl, tty_on, ssl_pending;
+#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS)
+    int at_eof = 0;
+#endif
+    int read_buf_len = 0;
+    int fallback_scsv = 0;
+    OPTION_CHOICE o;
+#ifndef OPENSSL_NO_DTLS
+    int enable_timeouts = 0;
+    long socket_mtu = 0;
+#endif
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE *ssl_client_engine = NULL;
+#endif
+    ENGINE *e = NULL;
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
+    struct timeval tv;
+#endif
+    const char *servername = NULL;
+    int noservername = 0;
+    const char *alpn_in = NULL;
+    tlsextctx tlsextcbp = { NULL, 0 };
+    const char *ssl_config = NULL;
+#define MAX_SI_TYPES 100
+    unsigned short serverinfo_types[MAX_SI_TYPES];
+    int serverinfo_count = 0, start = 0, len;
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    const char *next_proto_neg_in = NULL;
+#endif
+#ifndef OPENSSL_NO_SRP
+    char *srppass = NULL;
+    int srp_lateuser = 0;
+    SRP_ARG srp_arg = { NULL, NULL, 0, 0, 0, 1024 };
+#endif
+#ifndef OPENSSL_NO_SRTP
+    char *srtp_profiles = NULL;
+#endif
+#ifndef OPENSSL_NO_CT
+    char *ctlog_file = NULL;
+    int ct_validation = 0;
+#endif
+    int min_version = 0, max_version = 0, prot_opt = 0, no_prot_opt = 0;
+    int async = 0;
+    unsigned int max_send_fragment = 0;
+    unsigned int split_send_fragment = 0, max_pipelines = 0;
+    enum { use_inet, use_unix, use_unknown } connect_type = use_unknown;
+    int count4or6 = 0;
+    uint8_t maxfraglen = 0;
+    int c_nbio = 0, c_msg = 0, c_ign_eof = 0, c_brief = 0;
+    int c_tlsextdebug = 0;
+#ifndef OPENSSL_NO_OCSP
+    int c_status_req = 0;
+#endif
+    BIO *bio_c_msg = NULL;
+    const char *keylog_file = NULL, *early_data_file = NULL;
+#ifndef OPENSSL_NO_DTLS
+    int isdtls = 0;
+#endif
+    char *psksessf = NULL;
+    int enable_pha = 0;
+#ifndef OPENSSL_NO_SCTP
+    int sctp_label_bug = 0;
+#endif
+
+    FD_ZERO(&readfds);
+    FD_ZERO(&writefds);
+/* Known false-positive of MemorySanitizer. */
+#if defined(__has_feature)
+# if __has_feature(memory_sanitizer)
+    __msan_unpoison(&readfds, sizeof(readfds));
+    __msan_unpoison(&writefds, sizeof(writefds));
+# endif
+#endif
+
+    prog = opt_progname(argv[0]);
+    c_quiet = 0;
+    c_debug = 0;
+    c_showcerts = 0;
+    c_nbio = 0;
+    vpm = X509_VERIFY_PARAM_new();
+    cctx = SSL_CONF_CTX_new();
+
+    if (vpm == NULL || cctx == NULL) {
+        BIO_printf(bio_err, "%s: out of memory\n", prog);
+        goto end;
+    }
+
+    cbuf = app_malloc(BUFSIZZ, "cbuf");
+    sbuf = app_malloc(BUFSIZZ, "sbuf");
+    mbuf = app_malloc(BUFSIZZ, "mbuf");
+
+    SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT | SSL_CONF_FLAG_CMDLINE);
+
+    prog = opt_init(argc, argv, s_client_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        /* Check for intermixing flags. */
+        if (connect_type == use_unix && IS_INET_FLAG(o)) {
+            BIO_printf(bio_err,
+                       "%s: Intermixed protocol flags (unix and internet domains)\n",
+                       prog);
+            goto end;
+        }
+        if (connect_type == use_inet && IS_UNIX_FLAG(o)) {
+            BIO_printf(bio_err,
+                       "%s: Intermixed protocol flags (internet and unix domains)\n",
+                       prog);
+            goto end;
+        }
+
+        if (IS_PROT_FLAG(o) && ++prot_opt > 1) {
+            BIO_printf(bio_err, "Cannot supply multiple protocol flags\n");
+            goto end;
+        }
+        if (IS_NO_PROT_FLAG(o))
+            no_prot_opt++;
+        if (prot_opt == 1 && no_prot_opt) {
+            BIO_printf(bio_err,
+                       "Cannot supply both a protocol flag and '-no_<prot>'\n");
+            goto end;
+        }
+
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(s_client_options);
+            ret = 0;
+            goto end;
+        case OPT_4:
+            connect_type = use_inet;
+            socket_family = AF_INET;
+            count4or6++;
+            break;
+#ifdef AF_INET6
+        case OPT_6:
+            connect_type = use_inet;
+            socket_family = AF_INET6;
+            count4or6++;
+            break;
+#endif
+        case OPT_HOST:
+            connect_type = use_inet;
+            freeandcopy(&host, opt_arg());
+            break;
+        case OPT_PORT:
+            connect_type = use_inet;
+            freeandcopy(&port, opt_arg());
+            break;
+        case OPT_CONNECT:
+            connect_type = use_inet;
+            freeandcopy(&connectstr, opt_arg());
+            break;
+        case OPT_BIND:
+            freeandcopy(&bindstr, opt_arg());
+            break;
+        case OPT_PROXY:
+            proxystr = opt_arg();
+            starttls_proto = PROTO_CONNECT;
+            break;
+#ifdef AF_UNIX
+        case OPT_UNIX:
+            connect_type = use_unix;
+            socket_family = AF_UNIX;
+            freeandcopy(&host, opt_arg());
+            break;
+#endif
+        case OPT_XMPPHOST:
+            /* fall through, since this is an alias */
+        case OPT_PROTOHOST:
+            protohost = opt_arg();
+            break;
+        case OPT_VERIFY:
+            verify = SSL_VERIFY_PEER;
+            verify_args.depth = atoi(opt_arg());
+            if (!c_quiet)
+                BIO_printf(bio_err, "verify depth is %d\n", verify_args.depth);
+            break;
+        case OPT_CERT:
+            cert_file = opt_arg();
+            break;
+        case OPT_NAMEOPT:
+            if (!set_nameopt(opt_arg()))
+                goto end;
+            break;
+        case OPT_CRL:
+            crl_file = opt_arg();
+            break;
+        case OPT_CRL_DOWNLOAD:
+            crl_download = 1;
+            break;
+        case OPT_SESS_OUT:
+            sess_out = opt_arg();
+            break;
+        case OPT_SESS_IN:
+            sess_in = opt_arg();
+            break;
+        case OPT_CERTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &cert_format))
+                goto opthelp;
+            break;
+        case OPT_CRLFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &crl_format))
+                goto opthelp;
+            break;
+        case OPT_VERIFY_RET_ERROR:
+            verify = SSL_VERIFY_PEER;
+            verify_args.return_error = 1;
+            break;
+        case OPT_VERIFY_QUIET:
+            verify_args.quiet = 1;
+            break;
+        case OPT_BRIEF:
+            c_brief = verify_args.quiet = c_quiet = 1;
+            break;
+        case OPT_S_CASES:
+            if (ssl_args == NULL)
+                ssl_args = sk_OPENSSL_STRING_new_null();
+            if (ssl_args == NULL
+                || !sk_OPENSSL_STRING_push(ssl_args, opt_flag())
+                || !sk_OPENSSL_STRING_push(ssl_args, opt_arg())) {
+                BIO_printf(bio_err, "%s: Memory allocation failure\n", prog);
+                goto end;
+            }
+            break;
+        case OPT_V_CASES:
+            if (!opt_verify(o, vpm))
+                goto end;
+            vpmtouched++;
+            break;
+        case OPT_X_CASES:
+            if (!args_excert(o, &exc))
+                goto end;
+            break;
+        case OPT_PREXIT:
+            prexit = 1;
+            break;
+        case OPT_CRLF:
+            crlf = 1;
+            break;
+        case OPT_QUIET:
+            c_quiet = c_ign_eof = 1;
+            break;
+        case OPT_NBIO:
+            c_nbio = 1;
+            break;
+        case OPT_NOCMDS:
+            cmdletters = 0;
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 1);
+            break;
+        case OPT_SSL_CLIENT_ENGINE:
+#ifndef OPENSSL_NO_ENGINE
+            ssl_client_engine = ENGINE_by_id(opt_arg());
+            if (ssl_client_engine == NULL) {
+                BIO_printf(bio_err, "Error getting client auth engine\n");
+                goto opthelp;
+            }
+#endif
+            break;
+        case OPT_R_CASES:
+            if (!opt_rand(o))
+                goto end;
+            break;
+        case OPT_IGN_EOF:
+            c_ign_eof = 1;
+            break;
+        case OPT_NO_IGN_EOF:
+            c_ign_eof = 0;
+            break;
+        case OPT_DEBUG:
+            c_debug = 1;
+            break;
+        case OPT_TLSEXTDEBUG:
+            c_tlsextdebug = 1;
+            break;
+        case OPT_STATUS:
+#ifndef OPENSSL_NO_OCSP
+            c_status_req = 1;
+#endif
+            break;
+        case OPT_WDEBUG:
+#ifdef WATT32
+            dbug_init();
+#endif
+            break;
+        case OPT_MSG:
+            c_msg = 1;
+            break;
+        case OPT_MSGFILE:
+            bio_c_msg = BIO_new_file(opt_arg(), "w");
+            break;
+        case OPT_TRACE:
+#ifndef OPENSSL_NO_SSL_TRACE
+            c_msg = 2;
+#endif
+            break;
+        case OPT_SECURITY_DEBUG:
+            sdebug = 1;
+            break;
+        case OPT_SECURITY_DEBUG_VERBOSE:
+            sdebug = 2;
+            break;
+        case OPT_SHOWCERTS:
+            c_showcerts = 1;
+            break;
+        case OPT_NBIO_TEST:
+            nbio_test = 1;
+            break;
+        case OPT_STATE:
+            state = 1;
+            break;
+        case OPT_PSK_IDENTITY:
+            psk_identity = opt_arg();
+            break;
+        case OPT_PSK:
+            for (p = psk_key = opt_arg(); *p; p++) {
+                if (isxdigit(_UC(*p)))
+                    continue;
+                BIO_printf(bio_err, "Not a hex number '%s'\n", psk_key);
+                goto end;
+            }
+            break;
+        case OPT_PSK_SESS:
+            psksessf = opt_arg();
+            break;
+#ifndef OPENSSL_NO_SRP
+        case OPT_SRPUSER:
+            srp_arg.srplogin = opt_arg();
+            if (min_version < TLS1_VERSION)
+                min_version = TLS1_VERSION;
+            break;
+        case OPT_SRPPASS:
+            srppass = opt_arg();
+            if (min_version < TLS1_VERSION)
+                min_version = TLS1_VERSION;
+            break;
+        case OPT_SRP_STRENGTH:
+            srp_arg.strength = atoi(opt_arg());
+            BIO_printf(bio_err, "SRP minimal length for N is %d\n",
+                       srp_arg.strength);
+            if (min_version < TLS1_VERSION)
+                min_version = TLS1_VERSION;
+            break;
+        case OPT_SRP_LATEUSER:
+            srp_lateuser = 1;
+            if (min_version < TLS1_VERSION)
+                min_version = TLS1_VERSION;
+            break;
+        case OPT_SRP_MOREGROUPS:
+            srp_arg.amp = 1;
+            if (min_version < TLS1_VERSION)
+                min_version = TLS1_VERSION;
+            break;
+#endif
+        case OPT_SSL_CONFIG:
+            ssl_config = opt_arg();
+            break;
+        case OPT_SSL3:
+            min_version = SSL3_VERSION;
+            max_version = SSL3_VERSION;
+            break;
+        case OPT_TLS1_3:
+            min_version = TLS1_3_VERSION;
+            max_version = TLS1_3_VERSION;
+            break;
+        case OPT_TLS1_2:
+            min_version = TLS1_2_VERSION;
+            max_version = TLS1_2_VERSION;
+            break;
+        case OPT_TLS1_1:
+            min_version = TLS1_1_VERSION;
+            max_version = TLS1_1_VERSION;
+            break;
+        case OPT_TLS1:
+            min_version = TLS1_VERSION;
+            max_version = TLS1_VERSION;
+            break;
+        case OPT_DTLS:
+#ifndef OPENSSL_NO_DTLS
+            meth = DTLS_client_method();
+            socket_type = SOCK_DGRAM;
+            isdtls = 1;
+#endif
+            break;
+        case OPT_DTLS1:
+#ifndef OPENSSL_NO_DTLS1
+            meth = DTLS_client_method();
+            min_version = DTLS1_VERSION;
+            max_version = DTLS1_VERSION;
+            socket_type = SOCK_DGRAM;
+            isdtls = 1;
+#endif
+            break;
+        case OPT_DTLS1_2:
+#ifndef OPENSSL_NO_DTLS1_2
+            meth = DTLS_client_method();
+            min_version = DTLS1_2_VERSION;
+            max_version = DTLS1_2_VERSION;
+            socket_type = SOCK_DGRAM;
+            isdtls = 1;
+#endif
+            break;
+        case OPT_SCTP:
+#ifndef OPENSSL_NO_SCTP
+            protocol = IPPROTO_SCTP;
+#endif
+            break;
+        case OPT_SCTP_LABEL_BUG:
+#ifndef OPENSSL_NO_SCTP
+            sctp_label_bug = 1;
+#endif
+            break;
+        case OPT_TIMEOUT:
+#ifndef OPENSSL_NO_DTLS
+            enable_timeouts = 1;
+#endif
+            break;
+        case OPT_MTU:
+#ifndef OPENSSL_NO_DTLS
+            socket_mtu = atol(opt_arg());
+#endif
+            break;
+        case OPT_FALLBACKSCSV:
+            fallback_scsv = 1;
+            break;
+        case OPT_KEYFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PDE, &key_format))
+                goto opthelp;
+            break;
+        case OPT_PASS:
+            passarg = opt_arg();
+            break;
+        case OPT_CERT_CHAIN:
+            chain_file = opt_arg();
+            break;
+        case OPT_KEY:
+            key_file = opt_arg();
+            break;
+        case OPT_RECONNECT:
+            reconnect = 5;
+            break;
+        case OPT_CAPATH:
+            CApath = opt_arg();
+            break;
+        case OPT_NOCAPATH:
+            noCApath = 1;
+            break;
+        case OPT_CHAINCAPATH:
+            chCApath = opt_arg();
+            break;
+        case OPT_VERIFYCAPATH:
+            vfyCApath = opt_arg();
+            break;
+        case OPT_BUILD_CHAIN:
+            build_chain = 1;
+            break;
+        case OPT_REQCAFILE:
+            ReqCAfile = opt_arg();
+            break;
+        case OPT_CAFILE:
+            CAfile = opt_arg();
+            break;
+        case OPT_NOCAFILE:
+            noCAfile = 1;
+            break;
+#ifndef OPENSSL_NO_CT
+        case OPT_NOCT:
+            ct_validation = 0;
+            break;
+        case OPT_CT:
+            ct_validation = 1;
+            break;
+        case OPT_CTLOG_FILE:
+            ctlog_file = opt_arg();
+            break;
+#endif
+        case OPT_CHAINCAFILE:
+            chCAfile = opt_arg();
+            break;
+        case OPT_VERIFYCAFILE:
+            vfyCAfile = opt_arg();
+            break;
+        case OPT_DANE_TLSA_DOMAIN:
+            dane_tlsa_domain = opt_arg();
+            break;
+        case OPT_DANE_TLSA_RRDATA:
+            if (dane_tlsa_rrset == NULL)
+                dane_tlsa_rrset = sk_OPENSSL_STRING_new_null();
+            if (dane_tlsa_rrset == NULL ||
+                !sk_OPENSSL_STRING_push(dane_tlsa_rrset, opt_arg())) {
+                BIO_printf(bio_err, "%s: Memory allocation failure\n", prog);
+                goto end;
+            }
+            break;
+        case OPT_DANE_EE_NO_NAME:
+            dane_ee_no_name = 1;
+            break;
+        case OPT_NEXTPROTONEG:
+#ifndef OPENSSL_NO_NEXTPROTONEG
+            next_proto_neg_in = opt_arg();
+#endif
+            break;
+        case OPT_ALPN:
+            alpn_in = opt_arg();
+            break;
+        case OPT_SERVERINFO:
+            p = opt_arg();
+            len = strlen(p);
+            for (start = 0, i = 0; i <= len; ++i) {
+                if (i == len || p[i] == ',') {
+                    serverinfo_types[serverinfo_count] = atoi(p + start);
+                    if (++serverinfo_count == MAX_SI_TYPES)
+                        break;
+                    start = i + 1;
+                }
+            }
+            break;
+        case OPT_STARTTLS:
+            if (!opt_pair(opt_arg(), services, &starttls_proto))
+                goto end;
+            break;
+        case OPT_SERVERNAME:
+            servername = opt_arg();
+            break;
+        case OPT_NOSERVERNAME:
+            noservername = 1;
+            break;
+        case OPT_USE_SRTP:
+#ifndef OPENSSL_NO_SRTP
+            srtp_profiles = opt_arg();
+#endif
+            break;
+        case OPT_KEYMATEXPORT:
+            keymatexportlabel = opt_arg();
+            break;
+        case OPT_KEYMATEXPORTLEN:
+            keymatexportlen = atoi(opt_arg());
+            break;
+        case OPT_ASYNC:
+            async = 1;
+            break;
+        case OPT_MAXFRAGLEN:
+            len = atoi(opt_arg());
+            switch (len) {
+            case 512:
+                maxfraglen = TLSEXT_max_fragment_length_512;
+                break;
+            case 1024:
+                maxfraglen = TLSEXT_max_fragment_length_1024;
+                break;
+            case 2048:
+                maxfraglen = TLSEXT_max_fragment_length_2048;
+                break;
+            case 4096:
+                maxfraglen = TLSEXT_max_fragment_length_4096;
+                break;
+            default:
+                BIO_printf(bio_err,
+                           "%s: Max Fragment Len %u is out of permitted values",
+                           prog, len);
+                goto opthelp;
+            }
+            break;
+        case OPT_MAX_SEND_FRAG:
+            max_send_fragment = atoi(opt_arg());
+            break;
+        case OPT_SPLIT_SEND_FRAG:
+            split_send_fragment = atoi(opt_arg());
+            break;
+        case OPT_MAX_PIPELINES:
+            max_pipelines = atoi(opt_arg());
+            break;
+        case OPT_READ_BUF:
+            read_buf_len = atoi(opt_arg());
+            break;
+        case OPT_KEYLOG_FILE:
+            keylog_file = opt_arg();
+            break;
+        case OPT_EARLY_DATA:
+            early_data_file = opt_arg();
+            break;
+        case OPT_ENABLE_PHA:
+            enable_pha = 1;
+            break;
+        }
+    }
+    if (count4or6 >= 2) {
+        BIO_printf(bio_err, "%s: Can't use both -4 and -6\n", prog);
+        goto opthelp;
+    }
+    if (noservername) {
+        if (servername != NULL) {
+            BIO_printf(bio_err,
+                       "%s: Can't use -servername and -noservername together\n",
+                       prog);
+            goto opthelp;
+        }
+        if (dane_tlsa_domain != NULL) {
+            BIO_printf(bio_err,
+               "%s: Can't use -dane_tlsa_domain and -noservername together\n",
+               prog);
+            goto opthelp;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc == 1) {
+        /* If there's a positional argument, it's the equivalent of
+         * OPT_CONNECT.
+         * Don't allow -connect and a separate argument.
+         */
+        if (connectstr != NULL) {
+            BIO_printf(bio_err,
+                       "%s: must not provide both -connect option and target parameter\n",
+                       prog);
+            goto opthelp;
+        }
+        connect_type = use_inet;
+        freeandcopy(&connectstr, *opt_rest());
+    } else if (argc != 0) {
+        goto opthelp;
+    }
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    if (min_version == TLS1_3_VERSION && next_proto_neg_in != NULL) {
+        BIO_printf(bio_err, "Cannot supply -nextprotoneg with TLSv1.3\n");
+        goto opthelp;
+    }
+#endif
+    if (proxystr != NULL) {
+        int res;
+        char *tmp_host = host, *tmp_port = port;
+        if (connectstr == NULL) {
+            BIO_printf(bio_err, "%s: -proxy requires use of -connect or target parameter\n", prog);
+            goto opthelp;
+        }
+        res = BIO_parse_hostserv(proxystr, &host, &port, BIO_PARSE_PRIO_HOST);
+        if (tmp_host != host)
+            OPENSSL_free(tmp_host);
+        if (tmp_port != port)
+            OPENSSL_free(tmp_port);
+        if (!res) {
+            BIO_printf(bio_err,
+                       "%s: -proxy argument malformed or ambiguous\n", prog);
+            goto end;
+        }
+    } else {
+        int res = 1;
+        char *tmp_host = host, *tmp_port = port;
+        if (connectstr != NULL)
+            res = BIO_parse_hostserv(connectstr, &host, &port,
+                                     BIO_PARSE_PRIO_HOST);
+        if (tmp_host != host)
+            OPENSSL_free(tmp_host);
+        if (tmp_port != port)
+            OPENSSL_free(tmp_port);
+        if (!res) {
+            BIO_printf(bio_err,
+                       "%s: -connect argument or target parameter malformed or ambiguous\n",
+                       prog);
+            goto end;
+        }
+    }
+
+    if (bindstr != NULL) {
+        int res;
+        res = BIO_parse_hostserv(bindstr, &bindhost, &bindport,
+                                 BIO_PARSE_PRIO_HOST);
+        if (!res) {
+            BIO_printf(bio_err,
+                       "%s: -bind argument parameter malformed or ambiguous\n",
+                       prog);
+            goto end;
+        }
+    }
+
+#ifdef AF_UNIX
+    if (socket_family == AF_UNIX && socket_type != SOCK_STREAM) {
+        BIO_printf(bio_err,
+                   "Can't use unix sockets and datagrams together\n");
+        goto end;
+    }
+#endif
+
+#ifndef OPENSSL_NO_SCTP
+    if (protocol == IPPROTO_SCTP) {
+        if (socket_type != SOCK_DGRAM) {
+            BIO_printf(bio_err, "Can't use -sctp without DTLS\n");
+            goto end;
+        }
+        /* SCTP is unusual. It uses DTLS over a SOCK_STREAM protocol */
+        socket_type = SOCK_STREAM;
+    }
+#endif
+
+#if !defined(OPENSSL_NO_NEXTPROTONEG)
+    next_proto.status = -1;
+    if (next_proto_neg_in) {
+        next_proto.data =
+            next_protos_parse(&next_proto.len, next_proto_neg_in);
+        if (next_proto.data == NULL) {
+            BIO_printf(bio_err, "Error parsing -nextprotoneg argument\n");
+            goto end;
+        }
+    } else
+        next_proto.data = NULL;
+#endif
+
+    if (!app_passwd(passarg, NULL, &pass, NULL)) {
+        BIO_printf(bio_err, "Error getting password\n");
+        goto end;
+    }
+
+    if (key_file == NULL)
+        key_file = cert_file;
+
+    if (key_file != NULL) {
+        key = load_key(key_file, key_format, 0, pass, e,
+                       "client certificate private key file");
+        if (key == NULL) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (cert_file != NULL) {
+        cert = load_cert(cert_file, cert_format, "client certificate file");
+        if (cert == NULL) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (chain_file != NULL) {
+        if (!load_certs(chain_file, &chain, FORMAT_PEM, NULL,
+                        "client certificate chain"))
+            goto end;
+    }
+
+    if (crl_file != NULL) {
+        X509_CRL *crl;
+        crl = load_crl(crl_file, crl_format);
+        if (crl == NULL) {
+            BIO_puts(bio_err, "Error loading CRL\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        crls = sk_X509_CRL_new_null();
+        if (crls == NULL || !sk_X509_CRL_push(crls, crl)) {
+            BIO_puts(bio_err, "Error adding CRL\n");
+            ERR_print_errors(bio_err);
+            X509_CRL_free(crl);
+            goto end;
+        }
+    }
+
+    if (!load_excert(&exc))
+        goto end;
+
+    if (bio_c_out == NULL) {
+        if (c_quiet && !c_debug) {
+            bio_c_out = BIO_new(BIO_s_null());
+            if (c_msg && bio_c_msg == NULL)
+                bio_c_msg = dup_bio_out(FORMAT_TEXT);
+        } else if (bio_c_out == NULL)
+            bio_c_out = dup_bio_out(FORMAT_TEXT);
+    }
+#ifndef OPENSSL_NO_SRP
+    if (!app_passwd(srppass, NULL, &srp_arg.srppassin, NULL)) {
+        BIO_printf(bio_err, "Error getting password\n");
+        goto end;
+    }
+#endif
+
+    ctx = SSL_CTX_new(meth);
+    if (ctx == NULL) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    SSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY);
+
+    if (sdebug)
+        ssl_ctx_security_debug(ctx, sdebug);
+
+    if (!config_ctx(cctx, ssl_args, ctx))
+        goto end;
+
+    if (ssl_config != NULL) {
+        if (SSL_CTX_config(ctx, ssl_config) == 0) {
+            BIO_printf(bio_err, "Error using configuration \"%s\"\n",
+                       ssl_config);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+#ifndef OPENSSL_NO_SCTP
+    if (protocol == IPPROTO_SCTP && sctp_label_bug == 1)
+        SSL_CTX_set_mode(ctx, SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG);
+#endif
+
+    if (min_version != 0
+        && SSL_CTX_set_min_proto_version(ctx, min_version) == 0)
+        goto end;
+    if (max_version != 0
+        && SSL_CTX_set_max_proto_version(ctx, max_version) == 0)
+        goto end;
+
+    if (vpmtouched && !SSL_CTX_set1_param(ctx, vpm)) {
+        BIO_printf(bio_err, "Error setting verify params\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    if (async) {
+        SSL_CTX_set_mode(ctx, SSL_MODE_ASYNC);
+    }
+
+    if (max_send_fragment > 0
+        && !SSL_CTX_set_max_send_fragment(ctx, max_send_fragment)) {
+        BIO_printf(bio_err, "%s: Max send fragment size %u is out of permitted range\n",
+                   prog, max_send_fragment);
+        goto end;
+    }
+
+    if (split_send_fragment > 0
+        && !SSL_CTX_set_split_send_fragment(ctx, split_send_fragment)) {
+        BIO_printf(bio_err, "%s: Split send fragment size %u is out of permitted range\n",
+                   prog, split_send_fragment);
+        goto end;
+    }
+
+    if (max_pipelines > 0
+        && !SSL_CTX_set_max_pipelines(ctx, max_pipelines)) {
+        BIO_printf(bio_err, "%s: Max pipelines %u is out of permitted range\n",
+                   prog, max_pipelines);
+        goto end;
+    }
+
+    if (read_buf_len > 0) {
+        SSL_CTX_set_default_read_buffer_len(ctx, read_buf_len);
+    }
+
+    if (maxfraglen > 0
+            && !SSL_CTX_set_tlsext_max_fragment_length(ctx, maxfraglen)) {
+        BIO_printf(bio_err,
+                   "%s: Max Fragment Length code %u is out of permitted values"
+                   "\n", prog, maxfraglen);
+        goto end;
+    }
+
+    if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile,
+                         crls, crl_download)) {
+        BIO_printf(bio_err, "Error loading store locations\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+    if (ReqCAfile != NULL) {
+        STACK_OF(X509_NAME) *nm = sk_X509_NAME_new_null();
+
+        if (nm == NULL || !SSL_add_file_cert_subjects_to_stack(nm, ReqCAfile)) {
+            sk_X509_NAME_pop_free(nm, X509_NAME_free);
+            BIO_printf(bio_err, "Error loading CA names\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        SSL_CTX_set0_CA_list(ctx, nm);
+    }
+#ifndef OPENSSL_NO_ENGINE
+    if (ssl_client_engine) {
+        if (!SSL_CTX_set_client_cert_engine(ctx, ssl_client_engine)) {
+            BIO_puts(bio_err, "Error setting client auth engine\n");
+            ERR_print_errors(bio_err);
+            ENGINE_free(ssl_client_engine);
+            goto end;
+        }
+        ENGINE_free(ssl_client_engine);
+    }
+#endif
+
+#ifndef OPENSSL_NO_PSK
+    if (psk_key != NULL) {
+        if (c_debug)
+            BIO_printf(bio_c_out, "PSK key given, setting client callback\n");
+        SSL_CTX_set_psk_client_callback(ctx, psk_client_cb);
+    }
+#endif
+    if (psksessf != NULL) {
+        BIO *stmp = BIO_new_file(psksessf, "r");
+
+        if (stmp == NULL) {
+            BIO_printf(bio_err, "Can't open PSK session file %s\n", psksessf);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        psksess = PEM_read_bio_SSL_SESSION(stmp, NULL, 0, NULL);
+        BIO_free(stmp);
+        if (psksess == NULL) {
+            BIO_printf(bio_err, "Can't read PSK session file %s\n", psksessf);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+    if (psk_key != NULL || psksess != NULL)
+        SSL_CTX_set_psk_use_session_callback(ctx, psk_use_session_cb);
+
+#ifndef OPENSSL_NO_SRTP
+    if (srtp_profiles != NULL) {
+        /* Returns 0 on success! */
+        if (SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles) != 0) {
+            BIO_printf(bio_err, "Error setting SRTP profile\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+#endif
+
+    if (exc != NULL)
+        ssl_ctx_set_excert(ctx, exc);
+
+#if !defined(OPENSSL_NO_NEXTPROTONEG)
+    if (next_proto.data != NULL)
+        SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &next_proto);
+#endif
+    if (alpn_in) {
+        size_t alpn_len;
+        unsigned char *alpn = next_protos_parse(&alpn_len, alpn_in);
+
+        if (alpn == NULL) {
+            BIO_printf(bio_err, "Error parsing -alpn argument\n");
+            goto end;
+        }
+        /* Returns 0 on success! */
+        if (SSL_CTX_set_alpn_protos(ctx, alpn, alpn_len) != 0) {
+            BIO_printf(bio_err, "Error setting ALPN\n");
+            goto end;
+        }
+        OPENSSL_free(alpn);
+    }
+
+    for (i = 0; i < serverinfo_count; i++) {
+        if (!SSL_CTX_add_client_custom_ext(ctx,
+                                           serverinfo_types[i],
+                                           NULL, NULL, NULL,
+                                           serverinfo_cli_parse_cb, NULL)) {
+            BIO_printf(bio_err,
+                       "Warning: Unable to add custom extension %u, skipping\n",
+                       serverinfo_types[i]);
+        }
+    }
+
+    if (state)
+        SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback);
+
+#ifndef OPENSSL_NO_CT
+    /* Enable SCT processing, without early connection termination */
+    if (ct_validation &&
+        !SSL_CTX_enable_ct(ctx, SSL_CT_VALIDATION_PERMISSIVE)) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    if (!ctx_set_ctlog_list_file(ctx, ctlog_file)) {
+        if (ct_validation) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+
+        /*
+         * If CT validation is not enabled, the log list isn't needed so don't
+         * show errors or abort. We try to load it regardless because then we
+         * can show the names of the logs any SCTs came from (SCTs may be seen
+         * even with validation disabled).
+         */
+        ERR_clear_error();
+    }
+#endif
+
+    SSL_CTX_set_verify(ctx, verify, verify_callback);
+
+    if (!ctx_set_verify_locations(ctx, CAfile, CApath, noCAfile, noCApath)) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    ssl_ctx_add_crls(ctx, crls, crl_download);
+
+    if (!set_cert_key_stuff(ctx, cert, key, chain, build_chain))
+        goto end;
+
+    if (!noservername) {
+        tlsextcbp.biodebug = bio_err;
+        SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
+        SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);
+    }
+# ifndef OPENSSL_NO_SRP
+    if (srp_arg.srplogin) {
+        if (!srp_lateuser && !SSL_CTX_set_srp_username(ctx, srp_arg.srplogin)) {
+            BIO_printf(bio_err, "Unable to set SRP username\n");
+            goto end;
+        }
+        srp_arg.msg = c_msg;
+        srp_arg.debug = c_debug;
+        SSL_CTX_set_srp_cb_arg(ctx, &srp_arg);
+        SSL_CTX_set_srp_client_pwd_callback(ctx, ssl_give_srp_client_pwd_cb);
+        SSL_CTX_set_srp_strength(ctx, srp_arg.strength);
+        if (c_msg || c_debug || srp_arg.amp == 0)
+            SSL_CTX_set_srp_verify_param_callback(ctx,
+                                                  ssl_srp_verify_param_cb);
+    }
+# endif
+
+    if (dane_tlsa_domain != NULL) {
+        if (SSL_CTX_dane_enable(ctx) <= 0) {
+            BIO_printf(bio_err,
+                       "%s: Error enabling DANE TLSA authentication.\n",
+                       prog);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    /*
+     * In TLSv1.3 NewSessionTicket messages arrive after the handshake and can
+     * come at any time. Therefore we use a callback to write out the session
+     * when we know about it. This approach works for < TLSv1.3 as well.
+     */
+    SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_CLIENT
+                                        | SSL_SESS_CACHE_NO_INTERNAL_STORE);
+    SSL_CTX_sess_set_new_cb(ctx, new_session_cb);
+
+    if (set_keylog_file(ctx, keylog_file))
+        goto end;
+
+    con = SSL_new(ctx);
+    if (con == NULL)
+        goto end;
+
+    if (enable_pha)
+        SSL_set_post_handshake_auth(con, 1);
+
+    if (sess_in != NULL) {
+        SSL_SESSION *sess;
+        BIO *stmp = BIO_new_file(sess_in, "r");
+        if (stmp == NULL) {
+            BIO_printf(bio_err, "Can't open session file %s\n", sess_in);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        sess = PEM_read_bio_SSL_SESSION(stmp, NULL, 0, NULL);
+        BIO_free(stmp);
+        if (sess == NULL) {
+            BIO_printf(bio_err, "Can't open session file %s\n", sess_in);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        if (!SSL_set_session(con, sess)) {
+            BIO_printf(bio_err, "Can't set session\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+
+        SSL_SESSION_free(sess);
+    }
+
+    if (fallback_scsv)
+        SSL_set_mode(con, SSL_MODE_SEND_FALLBACK_SCSV);
+
+    if (!noservername && (servername != NULL || dane_tlsa_domain == NULL)) {
+        if (servername == NULL) {
+            if(host == NULL || is_dNS_name(host)) 
+                servername = (host == NULL) ? "localhost" : host;
+        }
+        if (servername != NULL && !SSL_set_tlsext_host_name(con, servername)) {
+            BIO_printf(bio_err, "Unable to set TLS servername extension.\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (dane_tlsa_domain != NULL) {
+        if (SSL_dane_enable(con, dane_tlsa_domain) <= 0) {
+            BIO_printf(bio_err, "%s: Error enabling DANE TLSA "
+                       "authentication.\n", prog);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        if (dane_tlsa_rrset == NULL) {
+            BIO_printf(bio_err, "%s: DANE TLSA authentication requires at "
+                       "least one -dane_tlsa_rrdata option.\n", prog);
+            goto end;
+        }
+        if (tlsa_import_rrset(con, dane_tlsa_rrset) <= 0) {
+            BIO_printf(bio_err, "%s: Failed to import any TLSA "
+                       "records.\n", prog);
+            goto end;
+        }
+        if (dane_ee_no_name)
+            SSL_dane_set_flags(con, DANE_FLAG_NO_DANE_EE_NAMECHECKS);
+    } else if (dane_tlsa_rrset != NULL) {
+        BIO_printf(bio_err, "%s: DANE TLSA authentication requires the "
+                   "-dane_tlsa_domain option.\n", prog);
+        goto end;
+    }
+
+ re_start:
+    if (init_client(&s, host, port, bindhost, bindport, socket_family,
+                    socket_type, protocol) == 0) {
+        BIO_printf(bio_err, "connect:errno=%d\n", get_last_socket_error());
+        BIO_closesocket(s);
+        goto end;
+    }
+    BIO_printf(bio_c_out, "CONNECTED(%08X)\n", s);
+
+    if (c_nbio) {
+        if (!BIO_socket_nbio(s, 1)) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        BIO_printf(bio_c_out, "Turned on non blocking io\n");
+    }
+#ifndef OPENSSL_NO_DTLS
+    if (isdtls) {
+        union BIO_sock_info_u peer_info;
+
+#ifndef OPENSSL_NO_SCTP
+        if (protocol == IPPROTO_SCTP)
+            sbio = BIO_new_dgram_sctp(s, BIO_NOCLOSE);
+        else
+#endif
+            sbio = BIO_new_dgram(s, BIO_NOCLOSE);
+
+        if ((peer_info.addr = BIO_ADDR_new()) == NULL) {
+            BIO_printf(bio_err, "memory allocation failure\n");
+            BIO_closesocket(s);
+            goto end;
+        }
+        if (!BIO_sock_info(s, BIO_SOCK_INFO_ADDRESS, &peer_info)) {
+            BIO_printf(bio_err, "getsockname:errno=%d\n",
+                       get_last_socket_error());
+            BIO_ADDR_free(peer_info.addr);
+            BIO_closesocket(s);
+            goto end;
+        }
+
+        (void)BIO_ctrl_set_connected(sbio, peer_info.addr);
+        BIO_ADDR_free(peer_info.addr);
+        peer_info.addr = NULL;
+
+        if (enable_timeouts) {
+            timeout.tv_sec = 0;
+            timeout.tv_usec = DGRAM_RCV_TIMEOUT;
+            BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
+
+            timeout.tv_sec = 0;
+            timeout.tv_usec = DGRAM_SND_TIMEOUT;
+            BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
+        }
+
+        if (socket_mtu) {
+            if (socket_mtu < DTLS_get_link_min_mtu(con)) {
+                BIO_printf(bio_err, "MTU too small. Must be at least %ld\n",
+                           DTLS_get_link_min_mtu(con));
+                BIO_free(sbio);
+                goto shut;
+            }
+            SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
+            if (!DTLS_set_link_mtu(con, socket_mtu)) {
+                BIO_printf(bio_err, "Failed to set MTU\n");
+                BIO_free(sbio);
+                goto shut;
+            }
+        } else {
+            /* want to do MTU discovery */
+            BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
+        }
+    } else
+#endif /* OPENSSL_NO_DTLS */
+        sbio = BIO_new_socket(s, BIO_NOCLOSE);
+
+    if (nbio_test) {
+        BIO *test;
+
+        test = BIO_new(BIO_f_nbio_test());
+        sbio = BIO_push(test, sbio);
+    }
+
+    if (c_debug) {
+        BIO_set_callback(sbio, bio_dump_callback);
+        BIO_set_callback_arg(sbio, (char *)bio_c_out);
+    }
+    if (c_msg) {
+#ifndef OPENSSL_NO_SSL_TRACE
+        if (c_msg == 2)
+            SSL_set_msg_callback(con, SSL_trace);
+        else
+#endif
+            SSL_set_msg_callback(con, msg_cb);
+        SSL_set_msg_callback_arg(con, bio_c_msg ? bio_c_msg : bio_c_out);
+    }
+
+    if (c_tlsextdebug) {
+        SSL_set_tlsext_debug_callback(con, tlsext_cb);
+        SSL_set_tlsext_debug_arg(con, bio_c_out);
+    }
+#ifndef OPENSSL_NO_OCSP
+    if (c_status_req) {
+        SSL_set_tlsext_status_type(con, TLSEXT_STATUSTYPE_ocsp);
+        SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb);
+        SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out);
+    }
+#endif
+
+    SSL_set_bio(con, sbio, sbio);
+    SSL_set_connect_state(con);
+
+    /* ok, lets connect */
+    if (fileno_stdin() > SSL_get_fd(con))
+        width = fileno_stdin() + 1;
+    else
+        width = SSL_get_fd(con) + 1;
+
+    read_tty = 1;
+    write_tty = 0;
+    tty_on = 0;
+    read_ssl = 1;
+    write_ssl = 1;
+
+    cbuf_len = 0;
+    cbuf_off = 0;
+    sbuf_len = 0;
+    sbuf_off = 0;
+
+    switch ((PROTOCOL_CHOICE) starttls_proto) {
+    case PROTO_OFF:
+        break;
+    case PROTO_LMTP:
+    case PROTO_SMTP:
+        {
+            /*
+             * This is an ugly hack that does a lot of assumptions. We do
+             * have to handle multi-line responses which may come in a single
+             * packet or not. We therefore have to use BIO_gets() which does
+             * need a buffering BIO. So during the initial chitchat we do
+             * push a buffering BIO into the chain that is removed again
+             * later on to not disturb the rest of the s_client operation.
+             */
+            int foundit = 0;
+            BIO *fbio = BIO_new(BIO_f_buffer());
+
+            BIO_push(fbio, sbio);
+            /* Wait for multi-line response to end from LMTP or SMTP */
+            do {
+                mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
+            } while (mbuf_len > 3 && mbuf[3] == '-');
+            if (protohost == NULL)
+                protohost = "mail.example.com";
+            if (starttls_proto == (int)PROTO_LMTP)
+                BIO_printf(fbio, "LHLO %s\r\n", protohost);
+            else
+                BIO_printf(fbio, "EHLO %s\r\n", protohost);
+            (void)BIO_flush(fbio);
+            /*
+             * Wait for multi-line response to end LHLO LMTP or EHLO SMTP
+             * response.
+             */
+            do {
+                mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
+                if (strstr(mbuf, "STARTTLS"))
+                    foundit = 1;
+            } while (mbuf_len > 3 && mbuf[3] == '-');
+            (void)BIO_flush(fbio);
+            BIO_pop(fbio);
+            BIO_free(fbio);
+            if (!foundit)
+                BIO_printf(bio_err,
+                           "Didn't find STARTTLS in server response,"
+                           " trying anyway...\n");
+            BIO_printf(sbio, "STARTTLS\r\n");
+            BIO_read(sbio, sbuf, BUFSIZZ);
+        }
+        break;
+    case PROTO_POP3:
+        {
+            BIO_read(sbio, mbuf, BUFSIZZ);
+            BIO_printf(sbio, "STLS\r\n");
+            mbuf_len = BIO_read(sbio, sbuf, BUFSIZZ);
+            if (mbuf_len < 0) {
+                BIO_printf(bio_err, "BIO_read failed\n");
+                goto end;
+            }
+        }
+        break;
+    case PROTO_IMAP:
+        {
+            int foundit = 0;
+            BIO *fbio = BIO_new(BIO_f_buffer());
+
+            BIO_push(fbio, sbio);
+            BIO_gets(fbio, mbuf, BUFSIZZ);
+            /* STARTTLS command requires CAPABILITY... */
+            BIO_printf(fbio, ". CAPABILITY\r\n");
+            (void)BIO_flush(fbio);
+            /* wait for multi-line CAPABILITY response */
+            do {
+                mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
+                if (strstr(mbuf, "STARTTLS"))
+                    foundit = 1;
+            }
+            while (mbuf_len > 3 && mbuf[0] != '.');
+            (void)BIO_flush(fbio);
+            BIO_pop(fbio);
+            BIO_free(fbio);
+            if (!foundit)
+                BIO_printf(bio_err,
+                           "Didn't find STARTTLS in server response,"
+                           " trying anyway...\n");
+            BIO_printf(sbio, ". STARTTLS\r\n");
+            BIO_read(sbio, sbuf, BUFSIZZ);
+        }
+        break;
+    case PROTO_FTP:
+        {
+            BIO *fbio = BIO_new(BIO_f_buffer());
+
+            BIO_push(fbio, sbio);
+            /* wait for multi-line response to end from FTP */
+            do {
+                mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
+            }
+            while (mbuf_len > 3 && mbuf[3] == '-');
+            (void)BIO_flush(fbio);
+            BIO_pop(fbio);
+            BIO_free(fbio);
+            BIO_printf(sbio, "AUTH TLS\r\n");
+            BIO_read(sbio, sbuf, BUFSIZZ);
+        }
+        break;
+    case PROTO_XMPP:
+    case PROTO_XMPP_SERVER:
+        {
+            int seen = 0;
+            BIO_printf(sbio, "<stream:stream "
+                       "xmlns:stream='http://etherx.jabber.org/streams' "
+                       "xmlns='jabber:%s' to='%s' version='1.0'>",
+                       starttls_proto == PROTO_XMPP ? "client" : "server",
+                       protohost ? protohost : host);
+            seen = BIO_read(sbio, mbuf, BUFSIZZ);
+            if (seen < 0) {
+                BIO_printf(bio_err, "BIO_read failed\n");
+                goto end;
+            }
+            mbuf[seen] = '\0';
+            while (!strstr
+                   (mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'")
+                   && !strstr(mbuf,
+                              "<starttls xmlns=\"urn:ietf:params:xml:ns:xmpp-tls\""))
+            {
+                seen = BIO_read(sbio, mbuf, BUFSIZZ);
+
+                if (seen <= 0)
+                    goto shut;
+
+                mbuf[seen] = '\0';
+            }
+            BIO_printf(sbio,
+                       "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>");
+            seen = BIO_read(sbio, sbuf, BUFSIZZ);
+            if (seen < 0) {
+                BIO_printf(bio_err, "BIO_read failed\n");
+                goto shut;
+            }
+            sbuf[seen] = '\0';
+            if (!strstr(sbuf, "<proceed"))
+                goto shut;
+            mbuf[0] = '\0';
+        }
+        break;
+    case PROTO_TELNET:
+        {
+            static const unsigned char tls_do[] = {
+                /* IAC    DO   START_TLS */
+                   255,   253, 46
+            };
+            static const unsigned char tls_will[] = {
+                /* IAC  WILL START_TLS */
+                   255, 251, 46
+            };
+            static const unsigned char tls_follows[] = {
+                /* IAC  SB   START_TLS FOLLOWS IAC  SE */
+                   255, 250, 46,       1,      255, 240
+            };
+            int bytes;
+
+            /* Telnet server should demand we issue START_TLS */
+            bytes = BIO_read(sbio, mbuf, BUFSIZZ);
+            if (bytes != 3 || memcmp(mbuf, tls_do, 3) != 0)
+                goto shut;
+            /* Agree to issue START_TLS and send the FOLLOWS sub-command */
+            BIO_write(sbio, tls_will, 3);
+            BIO_write(sbio, tls_follows, 6);
+            (void)BIO_flush(sbio);
+            /* Telnet server also sent the FOLLOWS sub-command */
+            bytes = BIO_read(sbio, mbuf, BUFSIZZ);
+            if (bytes != 6 || memcmp(mbuf, tls_follows, 6) != 0)
+                goto shut;
+        }
+        break;
+    case PROTO_CONNECT:
+        {
+            enum {
+                error_proto,     /* Wrong protocol, not even HTTP */
+                error_connect,   /* CONNECT failed */
+                success
+            } foundit = error_connect;
+            BIO *fbio = BIO_new(BIO_f_buffer());
+
+            BIO_push(fbio, sbio);
+            BIO_printf(fbio, "CONNECT %s HTTP/1.0\r\n\r\n", connectstr);
+            (void)BIO_flush(fbio);
+            /*
+             * The first line is the HTTP response.  According to RFC 7230,
+             * it's formated exactly like this:
+             *
+             * HTTP/d.d ddd Reason text\r\n
+             */
+            mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
+            if (mbuf_len < (int)strlen("HTTP/1.0 200")) {
+                BIO_printf(bio_err,
+                           "%s: HTTP CONNECT failed, insufficient response "
+                           "from proxy (got %d octets)\n", prog, mbuf_len);
+                (void)BIO_flush(fbio);
+                BIO_pop(fbio);
+                BIO_free(fbio);
+                goto shut;
+            }
+            if (mbuf[8] != ' ') {
+                BIO_printf(bio_err,
+                           "%s: HTTP CONNECT failed, incorrect response "
+                           "from proxy\n", prog);
+                foundit = error_proto;
+            } else if (mbuf[9] != '2') {
+                BIO_printf(bio_err, "%s: HTTP CONNECT failed: %s ", prog,
+                           &mbuf[9]);
+            } else {
+                foundit = success;
+            }
+            if (foundit != error_proto) {
+                /* Read past all following headers */
+                do {
+                    mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
+                } while (mbuf_len > 2);
+            }
+            (void)BIO_flush(fbio);
+            BIO_pop(fbio);
+            BIO_free(fbio);
+            if (foundit != success) {
+                goto shut;
+            }
+        }
+        break;
+    case PROTO_IRC:
+        {
+            int numeric;
+            BIO *fbio = BIO_new(BIO_f_buffer());
+
+            BIO_push(fbio, sbio);
+            BIO_printf(fbio, "STARTTLS\r\n");
+            (void)BIO_flush(fbio);
+            width = SSL_get_fd(con) + 1;
+
+            do {
+                numeric = 0;
+
+                FD_ZERO(&readfds);
+                openssl_fdset(SSL_get_fd(con), &readfds);
+                timeout.tv_sec = S_CLIENT_IRC_READ_TIMEOUT;
+                timeout.tv_usec = 0;
+                /*
+                 * If the IRCd doesn't respond within
+                 * S_CLIENT_IRC_READ_TIMEOUT seconds, assume
+                 * it doesn't support STARTTLS. Many IRCds
+                 * will not give _any_ sort of response to a
+                 * STARTTLS command when it's not supported.
+                 */
+                if (!BIO_get_buffer_num_lines(fbio)
+                    && !BIO_pending(fbio)
+                    && !BIO_pending(sbio)
+                    && select(width, (void *)&readfds, NULL, NULL,
+                              &timeout) < 1) {
+                    BIO_printf(bio_err,
+                               "Timeout waiting for response (%d seconds).\n",
+                               S_CLIENT_IRC_READ_TIMEOUT);
+                    break;
+                }
+
+                mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
+                if (mbuf_len < 1 || sscanf(mbuf, "%*s %d", &numeric) != 1)
+                    break;
+                /* :example.net 451 STARTTLS :You have not registered */
+                /* :example.net 421 STARTTLS :Unknown command */
+                if ((numeric == 451 || numeric == 421)
+                    && strstr(mbuf, "STARTTLS") != NULL) {
+                    BIO_printf(bio_err, "STARTTLS not supported: %s", mbuf);
+                    break;
+                }
+                if (numeric == 691) {
+                    BIO_printf(bio_err, "STARTTLS negotiation failed: ");
+                    ERR_print_errors(bio_err);
+                    break;
+                }
+            } while (numeric != 670);
+
+            (void)BIO_flush(fbio);
+            BIO_pop(fbio);
+            BIO_free(fbio);
+            if (numeric != 670) {
+                BIO_printf(bio_err, "Server does not support STARTTLS.\n");
+                ret = 1;
+                goto shut;
+            }
+        }
+        break;
+    case PROTO_MYSQL:
+        {
+            /* SSL request packet */
+            static const unsigned char ssl_req[] = {
+                /* payload_length,   sequence_id */
+                   0x20, 0x00, 0x00, 0x01,
+                /* payload */
+                /* capability flags, CLIENT_SSL always set */
+                   0x85, 0xae, 0x7f, 0x00,
+                /* max-packet size */
+                   0x00, 0x00, 0x00, 0x01,
+                /* character set */
+                   0x21,
+                /* string[23] reserved (all [0]) */
+                   0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                   0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                   0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+            };
+            int bytes = 0;
+            int ssl_flg = 0x800;
+            int pos;
+            const unsigned char *packet = (const unsigned char *)sbuf;
+
+            /* Receiving Initial Handshake packet. */
+            bytes = BIO_read(sbio, (void *)packet, BUFSIZZ);
+            if (bytes < 0) {
+                BIO_printf(bio_err, "BIO_read failed\n");
+                goto shut;
+            /* Packet length[3], Packet number[1] + minimum payload[17] */
+            } else if (bytes < 21) {
+                BIO_printf(bio_err, "MySQL packet too short.\n");
+                goto shut;
+            } else if (bytes != (4 + packet[0] +
+                                 (packet[1] << 8) +
+                                 (packet[2] << 16))) {
+                BIO_printf(bio_err, "MySQL packet length does not match.\n");
+                goto shut;
+            /* protocol version[1] */
+            } else if (packet[4] != 0xA) {
+                BIO_printf(bio_err,
+                           "Only MySQL protocol version 10 is supported.\n");
+                goto shut;
+            }
+
+            pos = 5;
+            /* server version[string+NULL] */
+            for (;;) {
+                if (pos >= bytes) {
+                    BIO_printf(bio_err, "Cannot confirm server version. ");
+                    goto shut;
+                } else if (packet[pos++] == '\0') {
+                    break;
+                }
+            }
+
+            /* make sure we have at least 15 bytes left in the packet */
+            if (pos + 15 > bytes) {
+                BIO_printf(bio_err,
+                           "MySQL server handshake packet is broken.\n");
+                goto shut;
+            }
+
+            pos += 12; /* skip over conn id[4] + SALT[8] */
+            if (packet[pos++] != '\0') { /* verify filler */
+                BIO_printf(bio_err,
+                           "MySQL packet is broken.\n");
+                goto shut;
+            }
+
+            /* capability flags[2] */
+            if (!((packet[pos] + (packet[pos + 1] << 8)) & ssl_flg)) {
+                BIO_printf(bio_err, "MySQL server does not support SSL.\n");
+                goto shut;
+            }
+
+            /* Sending SSL Handshake packet. */
+            BIO_write(sbio, ssl_req, sizeof(ssl_req));
+            (void)BIO_flush(sbio);
+        }
+        break;
+    case PROTO_POSTGRES:
+        {
+            static const unsigned char ssl_request[] = {
+                /* Length        SSLRequest */
+                   0, 0, 0, 8,   4, 210, 22, 47
+            };
+            int bytes;
+
+            /* Send SSLRequest packet */
+            BIO_write(sbio, ssl_request, 8);
+            (void)BIO_flush(sbio);
+
+            /* Reply will be a single S if SSL is enabled */
+            bytes = BIO_read(sbio, sbuf, BUFSIZZ);
+            if (bytes != 1 || sbuf[0] != 'S')
+                goto shut;
+        }
+        break;
+    case PROTO_NNTP:
+        {
+            int foundit = 0;
+            BIO *fbio = BIO_new(BIO_f_buffer());
+
+            BIO_push(fbio, sbio);
+            BIO_gets(fbio, mbuf, BUFSIZZ);
+            /* STARTTLS command requires CAPABILITIES... */
+            BIO_printf(fbio, "CAPABILITIES\r\n");
+            (void)BIO_flush(fbio);
+            /* wait for multi-line CAPABILITIES response */
+            do {
+                mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
+                if (strstr(mbuf, "STARTTLS"))
+                    foundit = 1;
+            } while (mbuf_len > 1 && mbuf[0] != '.');
+            (void)BIO_flush(fbio);
+            BIO_pop(fbio);
+            BIO_free(fbio);
+            if (!foundit)
+                BIO_printf(bio_err,
+                           "Didn't find STARTTLS in server response,"
+                           " trying anyway...\n");
+            BIO_printf(sbio, "STARTTLS\r\n");
+            mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ);
+            if (mbuf_len < 0) {
+                BIO_printf(bio_err, "BIO_read failed\n");
+                goto end;
+            }
+            mbuf[mbuf_len] = '\0';
+            if (strstr(mbuf, "382") == NULL) {
+                BIO_printf(bio_err, "STARTTLS failed: %s", mbuf);
+                goto shut;
+            }
+        }
+        break;
+    case PROTO_SIEVE:
+        {
+            int foundit = 0;
+            BIO *fbio = BIO_new(BIO_f_buffer());
+
+            BIO_push(fbio, sbio);
+            /* wait for multi-line response to end from Sieve */
+            do {
+                mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
+                /*
+                 * According to RFC 5804 § 1.7, capability
+                 * is case-insensitive, make it uppercase
+                 */
+                if (mbuf_len > 1 && mbuf[0] == '"') {
+                    make_uppercase(mbuf);
+                    if (strncmp(mbuf, "\"STARTTLS\"", 10) == 0)
+                        foundit = 1;
+                }
+            } while (mbuf_len > 1 && mbuf[0] == '"');
+            (void)BIO_flush(fbio);
+            BIO_pop(fbio);
+            BIO_free(fbio);
+            if (!foundit)
+                BIO_printf(bio_err,
+                           "Didn't find STARTTLS in server response,"
+                           " trying anyway...\n");
+            BIO_printf(sbio, "STARTTLS\r\n");
+            mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ);
+            if (mbuf_len < 0) {
+                BIO_printf(bio_err, "BIO_read failed\n");
+                goto end;
+            }
+            mbuf[mbuf_len] = '\0';
+            if (mbuf_len < 2) {
+                BIO_printf(bio_err, "STARTTLS failed: %s", mbuf);
+                goto shut;
+            }
+            /*
+             * According to RFC 5804 § 2.2, response codes are case-
+             * insensitive, make it uppercase but preserve the response.
+             */
+            strncpy(sbuf, mbuf, 2);
+            make_uppercase(sbuf);
+            if (strncmp(sbuf, "OK", 2) != 0) {
+                BIO_printf(bio_err, "STARTTLS not supported: %s", mbuf);
+                goto shut;
+            }
+        }
+        break;
+    case PROTO_LDAP:
+        {
+            /* StartTLS Operation according to RFC 4511 */
+            static char ldap_tls_genconf[] = "asn1=SEQUENCE:LDAPMessage\n"
+                "[LDAPMessage]\n"
+                "messageID=INTEGER:1\n"
+                "extendedReq=EXPLICIT:23A,IMPLICIT:0C,"
+                "FORMAT:ASCII,OCT:1.3.6.1.4.1.1466.20037\n";
+            long errline = -1;
+            char *genstr = NULL;
+            int result = -1;
+            ASN1_TYPE *atyp = NULL;
+            BIO *ldapbio = BIO_new(BIO_s_mem());
+            CONF *cnf = NCONF_new(NULL);
+
+            if (cnf == NULL) {
+                BIO_free(ldapbio);
+                goto end;
+            }
+            BIO_puts(ldapbio, ldap_tls_genconf);
+            if (NCONF_load_bio(cnf, ldapbio, &errline) <= 0) {
+                BIO_free(ldapbio);
+                NCONF_free(cnf);
+                if (errline <= 0) {
+                    BIO_printf(bio_err, "NCONF_load_bio failed\n");
+                    goto end;
+                } else {
+                    BIO_printf(bio_err, "Error on line %ld\n", errline);
+                    goto end;
+                }
+            }
+            BIO_free(ldapbio);
+            genstr = NCONF_get_string(cnf, "default", "asn1");
+            if (genstr == NULL) {
+                NCONF_free(cnf);
+                BIO_printf(bio_err, "NCONF_get_string failed\n");
+                goto end;
+            }
+            atyp = ASN1_generate_nconf(genstr, cnf);
+            if (atyp == NULL) {
+                NCONF_free(cnf);
+                BIO_printf(bio_err, "ASN1_generate_nconf failed\n");
+                goto end;
+            }
+            NCONF_free(cnf);
+
+            /* Send SSLRequest packet */
+            BIO_write(sbio, atyp->value.sequence->data,
+                      atyp->value.sequence->length);
+            (void)BIO_flush(sbio);
+            ASN1_TYPE_free(atyp);
+
+            mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ);
+            if (mbuf_len < 0) {
+                BIO_printf(bio_err, "BIO_read failed\n");
+                goto end;
+            }
+            result = ldap_ExtendedResponse_parse(mbuf, mbuf_len);
+            if (result < 0) {
+                BIO_printf(bio_err, "ldap_ExtendedResponse_parse failed\n");
+                goto shut;
+            } else if (result > 0) {
+                BIO_printf(bio_err, "STARTTLS failed, LDAP Result Code: %i\n",
+                           result);
+                goto shut;
+            }
+            mbuf_len = 0;
+        }
+        break;
+    }
+
+    if (early_data_file != NULL
+            && ((SSL_get0_session(con) != NULL
+                 && SSL_SESSION_get_max_early_data(SSL_get0_session(con)) > 0)
+                || (psksess != NULL
+                    && SSL_SESSION_get_max_early_data(psksess) > 0))) {
+        BIO *edfile = BIO_new_file(early_data_file, "r");
+        size_t readbytes, writtenbytes;
+        int finish = 0;
+
+        if (edfile == NULL) {
+            BIO_printf(bio_err, "Cannot open early data file\n");
+            goto shut;
+        }
+
+        while (!finish) {
+            if (!BIO_read_ex(edfile, cbuf, BUFSIZZ, &readbytes))
+                finish = 1;
+
+            while (!SSL_write_early_data(con, cbuf, readbytes, &writtenbytes)) {
+                switch (SSL_get_error(con, 0)) {
+                case SSL_ERROR_WANT_WRITE:
+                case SSL_ERROR_WANT_ASYNC:
+                case SSL_ERROR_WANT_READ:
+                    /* Just keep trying - busy waiting */
+                    continue;
+                default:
+                    BIO_printf(bio_err, "Error writing early data\n");
+                    BIO_free(edfile);
+                    ERR_print_errors(bio_err);
+                    goto shut;
+                }
+            }
+        }
+
+        BIO_free(edfile);
+    }
+
+    for (;;) {
+        FD_ZERO(&readfds);
+        FD_ZERO(&writefds);
+
+        if (SSL_is_dtls(con) && DTLSv1_get_timeout(con, &timeout))
+            timeoutp = &timeout;
+        else
+            timeoutp = NULL;
+
+        if (!SSL_is_init_finished(con) && SSL_total_renegotiations(con) == 0
+                && SSL_get_key_update_type(con) == SSL_KEY_UPDATE_NONE) {
+            in_init = 1;
+            tty_on = 0;
+        } else {
+            tty_on = 1;
+            if (in_init) {
+                in_init = 0;
+
+                if (c_brief) {
+                    BIO_puts(bio_err, "CONNECTION ESTABLISHED\n");
+                    print_ssl_summary(con);
+                }
+
+                print_stuff(bio_c_out, con, full_log);
+                if (full_log > 0)
+                    full_log--;
+
+                if (starttls_proto) {
+                    BIO_write(bio_err, mbuf, mbuf_len);
+                    /* We don't need to know any more */
+                    if (!reconnect)
+                        starttls_proto = PROTO_OFF;
+                }
+
+                if (reconnect) {
+                    reconnect--;
+                    BIO_printf(bio_c_out,
+                               "drop connection and then reconnect\n");
+                    do_ssl_shutdown(con);
+                    SSL_set_connect_state(con);
+                    BIO_closesocket(SSL_get_fd(con));
+                    goto re_start;
+                }
+            }
+        }
+
+        ssl_pending = read_ssl && SSL_has_pending(con);
+
+        if (!ssl_pending) {
+#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS)
+            if (tty_on) {
+                /*
+                 * Note that select() returns when read _would not block_,
+                 * and EOF satisfies that.  To avoid a CPU-hogging loop,
+                 * set the flag so we exit.
+                 */
+                if (read_tty && !at_eof)
+                    openssl_fdset(fileno_stdin(), &readfds);
+#if !defined(OPENSSL_SYS_VMS)
+                if (write_tty)
+                    openssl_fdset(fileno_stdout(), &writefds);
+#endif
+            }
+            if (read_ssl)
+                openssl_fdset(SSL_get_fd(con), &readfds);
+            if (write_ssl)
+                openssl_fdset(SSL_get_fd(con), &writefds);
+#else
+            if (!tty_on || !write_tty) {
+                if (read_ssl)
+                    openssl_fdset(SSL_get_fd(con), &readfds);
+                if (write_ssl)
+                    openssl_fdset(SSL_get_fd(con), &writefds);
+            }
+#endif
+
+            /*
+             * Note: under VMS with SOCKETSHR the second parameter is
+             * currently of type (int *) whereas under other systems it is
+             * (void *) if you don't have a cast it will choke the compiler:
+             * if you do have a cast then you can either go for (int *) or
+             * (void *).
+             */
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
+            /*
+             * Under Windows/DOS we make the assumption that we can always
+             * write to the tty: therefore if we need to write to the tty we
+             * just fall through. Otherwise we timeout the select every
+             * second and see if there are any keypresses. Note: this is a
+             * hack, in a proper Windows application we wouldn't do this.
+             */
+            i = 0;
+            if (!write_tty) {
+                if (read_tty) {
+                    tv.tv_sec = 1;
+                    tv.tv_usec = 0;
+                    i = select(width, (void *)&readfds, (void *)&writefds,
+                               NULL, &tv);
+                    if (!i && (!has_stdin_waiting() || !read_tty))
+                        continue;
+                } else
+                    i = select(width, (void *)&readfds, (void *)&writefds,
+                               NULL, timeoutp);
+            }
+#else
+            i = select(width, (void *)&readfds, (void *)&writefds,
+                       NULL, timeoutp);
+#endif
+            if (i < 0) {
+                BIO_printf(bio_err, "bad select %d\n",
+                           get_last_socket_error());
+                goto shut;
+            }
+        }
+
+        if (SSL_is_dtls(con) && DTLSv1_handle_timeout(con) > 0)
+            BIO_printf(bio_err, "TIMEOUT occurred\n");
+
+        if (!ssl_pending && FD_ISSET(SSL_get_fd(con), &writefds)) {
+            k = SSL_write(con, &(cbuf[cbuf_off]), (unsigned int)cbuf_len);
+            switch (SSL_get_error(con, k)) {
+            case SSL_ERROR_NONE:
+                cbuf_off += k;
+                cbuf_len -= k;
+                if (k <= 0)
+                    goto end;
+                /* we have done a  write(con,NULL,0); */
+                if (cbuf_len <= 0) {
+                    read_tty = 1;
+                    write_ssl = 0;
+                } else {        /* if (cbuf_len > 0) */
+
+                    read_tty = 0;
+                    write_ssl = 1;
+                }
+                break;
+            case SSL_ERROR_WANT_WRITE:
+                BIO_printf(bio_c_out, "write W BLOCK\n");
+                write_ssl = 1;
+                read_tty = 0;
+                break;
+            case SSL_ERROR_WANT_ASYNC:
+                BIO_printf(bio_c_out, "write A BLOCK\n");
+                wait_for_async(con);
+                write_ssl = 1;
+                read_tty = 0;
+                break;
+            case SSL_ERROR_WANT_READ:
+                BIO_printf(bio_c_out, "write R BLOCK\n");
+                write_tty = 0;
+                read_ssl = 1;
+                write_ssl = 0;
+                break;
+            case SSL_ERROR_WANT_X509_LOOKUP:
+                BIO_printf(bio_c_out, "write X BLOCK\n");
+                break;
+            case SSL_ERROR_ZERO_RETURN:
+                if (cbuf_len != 0) {
+                    BIO_printf(bio_c_out, "shutdown\n");
+                    ret = 0;
+                    goto shut;
+                } else {
+                    read_tty = 1;
+                    write_ssl = 0;
+                    break;
+                }
+
+            case SSL_ERROR_SYSCALL:
+                if ((k != 0) || (cbuf_len != 0)) {
+                    BIO_printf(bio_err, "write:errno=%d\n",
+                               get_last_socket_error());
+                    goto shut;
+                } else {
+                    read_tty = 1;
+                    write_ssl = 0;
+                }
+                break;
+            case SSL_ERROR_WANT_ASYNC_JOB:
+                /* This shouldn't ever happen in s_client - treat as an error */
+            case SSL_ERROR_SSL:
+                ERR_print_errors(bio_err);
+                goto shut;
+            }
+        }
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VMS)
+        /* Assume Windows/DOS/BeOS can always write */
+        else if (!ssl_pending && write_tty)
+#else
+        else if (!ssl_pending && FD_ISSET(fileno_stdout(), &writefds))
+#endif
+        {
+#ifdef CHARSET_EBCDIC
+            ascii2ebcdic(&(sbuf[sbuf_off]), &(sbuf[sbuf_off]), sbuf_len);
+#endif
+            i = raw_write_stdout(&(sbuf[sbuf_off]), sbuf_len);
+
+            if (i <= 0) {
+                BIO_printf(bio_c_out, "DONE\n");
+                ret = 0;
+                goto shut;
+            }
+
+            sbuf_len -= i;
+            sbuf_off += i;
+            if (sbuf_len <= 0) {
+                read_ssl = 1;
+                write_tty = 0;
+            }
+        } else if (ssl_pending || FD_ISSET(SSL_get_fd(con), &readfds)) {
+#ifdef RENEG
+            {
+                static int iiii;
+                if (++iiii == 52) {
+                    SSL_renegotiate(con);
+                    iiii = 0;
+                }
+            }
+#endif
+            k = SSL_read(con, sbuf, 1024 /* BUFSIZZ */ );
+
+            switch (SSL_get_error(con, k)) {
+            case SSL_ERROR_NONE:
+                if (k <= 0)
+                    goto end;
+                sbuf_off = 0;
+                sbuf_len = k;
+
+                read_ssl = 0;
+                write_tty = 1;
+                break;
+            case SSL_ERROR_WANT_ASYNC:
+                BIO_printf(bio_c_out, "read A BLOCK\n");
+                wait_for_async(con);
+                write_tty = 0;
+                read_ssl = 1;
+                if ((read_tty == 0) && (write_ssl == 0))
+                    write_ssl = 1;
+                break;
+            case SSL_ERROR_WANT_WRITE:
+                BIO_printf(bio_c_out, "read W BLOCK\n");
+                write_ssl = 1;
+                read_tty = 0;
+                break;
+            case SSL_ERROR_WANT_READ:
+                BIO_printf(bio_c_out, "read R BLOCK\n");
+                write_tty = 0;
+                read_ssl = 1;
+                if ((read_tty == 0) && (write_ssl == 0))
+                    write_ssl = 1;
+                break;
+            case SSL_ERROR_WANT_X509_LOOKUP:
+                BIO_printf(bio_c_out, "read X BLOCK\n");
+                break;
+            case SSL_ERROR_SYSCALL:
+                ret = get_last_socket_error();
+                if (c_brief)
+                    BIO_puts(bio_err, "CONNECTION CLOSED BY SERVER\n");
+                else
+                    BIO_printf(bio_err, "read:errno=%d\n", ret);
+                goto shut;
+            case SSL_ERROR_ZERO_RETURN:
+                BIO_printf(bio_c_out, "closed\n");
+                ret = 0;
+                goto shut;
+            case SSL_ERROR_WANT_ASYNC_JOB:
+                /* This shouldn't ever happen in s_client. Treat as an error */
+            case SSL_ERROR_SSL:
+                ERR_print_errors(bio_err);
+                goto shut;
+            }
+        }
+/* OPENSSL_SYS_MSDOS includes OPENSSL_SYS_WINDOWS */
+#if defined(OPENSSL_SYS_MSDOS)
+        else if (has_stdin_waiting())
+#else
+        else if (FD_ISSET(fileno_stdin(), &readfds))
+#endif
+        {
+            if (crlf) {
+                int j, lf_num;
+
+                i = raw_read_stdin(cbuf, BUFSIZZ / 2);
+                lf_num = 0;
+                /* both loops are skipped when i <= 0 */
+                for (j = 0; j < i; j++)
+                    if (cbuf[j] == '\n')
+                        lf_num++;
+                for (j = i - 1; j >= 0; j--) {
+                    cbuf[j + lf_num] = cbuf[j];
+                    if (cbuf[j] == '\n') {
+                        lf_num--;
+                        i++;
+                        cbuf[j + lf_num] = '\r';
+                    }
+                }
+                assert(lf_num == 0);
+            } else
+                i = raw_read_stdin(cbuf, BUFSIZZ);
+#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS)
+            if (i == 0)
+                at_eof = 1;
+#endif
+
+            if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q' && cmdletters))) {
+                BIO_printf(bio_err, "DONE\n");
+                ret = 0;
+                goto shut;
+            }
+
+            if ((!c_ign_eof) && (cbuf[0] == 'R' && cmdletters)) {
+                BIO_printf(bio_err, "RENEGOTIATING\n");
+                SSL_renegotiate(con);
+                cbuf_len = 0;
+	    } else if (!c_ign_eof && (cbuf[0] == 'K' || cbuf[0] == 'k' )
+                    && cmdletters) {
+                BIO_printf(bio_err, "KEYUPDATE\n");
+                SSL_key_update(con,
+                               cbuf[0] == 'K' ? SSL_KEY_UPDATE_REQUESTED
+                                              : SSL_KEY_UPDATE_NOT_REQUESTED);
+                cbuf_len = 0;
+            }
+#ifndef OPENSSL_NO_HEARTBEATS
+            else if ((!c_ign_eof) && (cbuf[0] == 'B' && cmdletters)) {
+                BIO_printf(bio_err, "HEARTBEATING\n");
+                SSL_heartbeat(con);
+                cbuf_len = 0;
+            }
+#endif
+            else {
+                cbuf_len = i;
+                cbuf_off = 0;
+#ifdef CHARSET_EBCDIC
+                ebcdic2ascii(cbuf, cbuf, i);
+#endif
+            }
+
+            write_ssl = 1;
+            read_tty = 0;
+        }
+    }
+
+    ret = 0;
+ shut:
+    if (in_init)
+        print_stuff(bio_c_out, con, full_log);
+    do_ssl_shutdown(con);
+
+    /*
+     * If we ended with an alert being sent, but still with data in the
+     * network buffer to be read, then calling BIO_closesocket() will
+     * result in a TCP-RST being sent. On some platforms (notably
+     * Windows) then this will result in the peer immediately abandoning
+     * the connection including any buffered alert data before it has
+     * had a chance to be read. Shutting down the sending side first,
+     * and then closing the socket sends TCP-FIN first followed by
+     * TCP-RST. This seems to allow the peer to read the alert data.
+     */
+    shutdown(SSL_get_fd(con), 1); /* SHUT_WR */
+    /*
+     * We just said we have nothing else to say, but it doesn't mean that
+     * the other side has nothing. It's even recommended to consume incoming
+     * data. [In testing context this ensures that alerts are passed on...]
+     */
+    timeout.tv_sec = 0;
+    timeout.tv_usec = 500000;  /* some extreme round-trip */
+    do {
+        FD_ZERO(&readfds);
+        openssl_fdset(s, &readfds);
+    } while (select(s + 1, &readfds, NULL, NULL, &timeout) > 0
+             && BIO_read(sbio, sbuf, BUFSIZZ) > 0);
+
+    BIO_closesocket(SSL_get_fd(con));
+ end:
+    if (con != NULL) {
+        if (prexit != 0)
+            print_stuff(bio_c_out, con, 1);
+        SSL_free(con);
+    }
+    SSL_SESSION_free(psksess);
+#if !defined(OPENSSL_NO_NEXTPROTONEG)
+    OPENSSL_free(next_proto.data);
+#endif
+    SSL_CTX_free(ctx);
+    set_keylog_file(NULL, NULL);
+    X509_free(cert);
+    sk_X509_CRL_pop_free(crls, X509_CRL_free);
+    EVP_PKEY_free(key);
+    sk_X509_pop_free(chain, X509_free);
+    OPENSSL_free(pass);
+#ifndef OPENSSL_NO_SRP
+    OPENSSL_free(srp_arg.srppassin);
+#endif
+    OPENSSL_free(connectstr);
+    OPENSSL_free(bindstr);
+    OPENSSL_free(host);
+    OPENSSL_free(port);
+    X509_VERIFY_PARAM_free(vpm);
+    ssl_excert_free(exc);
+    sk_OPENSSL_STRING_free(ssl_args);
+    sk_OPENSSL_STRING_free(dane_tlsa_rrset);
+    SSL_CONF_CTX_free(cctx);
+    OPENSSL_clear_free(cbuf, BUFSIZZ);
+    OPENSSL_clear_free(sbuf, BUFSIZZ);
+    OPENSSL_clear_free(mbuf, BUFSIZZ);
+    release_engine(e);
+    BIO_free(bio_c_out);
+    bio_c_out = NULL;
+    BIO_free(bio_c_msg);
+    bio_c_msg = NULL;
+    return ret;
+}
+
+static void print_stuff(BIO *bio, SSL *s, int full)
+{
+    X509 *peer = NULL;
+    STACK_OF(X509) *sk;
+    const SSL_CIPHER *c;
+    int i, istls13 = (SSL_version(s) == TLS1_3_VERSION);
+    long verify_result;
+#ifndef OPENSSL_NO_COMP
+    const COMP_METHOD *comp, *expansion;
+#endif
+    unsigned char *exportedkeymat;
+#ifndef OPENSSL_NO_CT
+    const SSL_CTX *ctx = SSL_get_SSL_CTX(s);
+#endif
+
+    if (full) {
+        int got_a_chain = 0;
+
+        sk = SSL_get_peer_cert_chain(s);
+        if (sk != NULL) {
+            got_a_chain = 1;
+
+            BIO_printf(bio, "---\nCertificate chain\n");
+            for (i = 0; i < sk_X509_num(sk); i++) {
+                BIO_printf(bio, "%2d s:", i);
+                X509_NAME_print_ex(bio, X509_get_subject_name(sk_X509_value(sk, i)), 0, get_nameopt());
+                BIO_puts(bio, "\n");
+                BIO_printf(bio, "   i:");
+                X509_NAME_print_ex(bio, X509_get_issuer_name(sk_X509_value(sk, i)), 0, get_nameopt());
+                BIO_puts(bio, "\n");
+                if (c_showcerts)
+                    PEM_write_bio_X509(bio, sk_X509_value(sk, i));
+            }
+        }
+
+        BIO_printf(bio, "---\n");
+        peer = SSL_get_peer_certificate(s);
+        if (peer != NULL) {
+            BIO_printf(bio, "Server certificate\n");
+
+            /* Redundant if we showed the whole chain */
+            if (!(c_showcerts && got_a_chain))
+                PEM_write_bio_X509(bio, peer);
+            dump_cert_text(bio, peer);
+        } else {
+            BIO_printf(bio, "no peer certificate available\n");
+        }
+        print_ca_names(bio, s);
+
+        ssl_print_sigalgs(bio, s);
+        ssl_print_tmp_key(bio, s);
+
+#ifndef OPENSSL_NO_CT
+        /*
+         * When the SSL session is anonymous, or resumed via an abbreviated
+         * handshake, no SCTs are provided as part of the handshake.  While in
+         * a resumed session SCTs may be present in the session's certificate,
+         * no callbacks are invoked to revalidate these, and in any case that
+         * set of SCTs may be incomplete.  Thus it makes little sense to
+         * attempt to display SCTs from a resumed session's certificate, and of
+         * course none are associated with an anonymous peer.
+         */
+        if (peer != NULL && !SSL_session_reused(s) && SSL_ct_is_enabled(s)) {
+            const STACK_OF(SCT) *scts = SSL_get0_peer_scts(s);
+            int sct_count = scts != NULL ? sk_SCT_num(scts) : 0;
+
+            BIO_printf(bio, "---\nSCTs present (%i)\n", sct_count);
+            if (sct_count > 0) {
+                const CTLOG_STORE *log_store = SSL_CTX_get0_ctlog_store(ctx);
+
+                BIO_printf(bio, "---\n");
+                for (i = 0; i < sct_count; ++i) {
+                    SCT *sct = sk_SCT_value(scts, i);
+
+                    BIO_printf(bio, "SCT validation status: %s\n",
+                               SCT_validation_status_string(sct));
+                    SCT_print(sct, bio, 0, log_store);
+                    if (i < sct_count - 1)
+                        BIO_printf(bio, "\n---\n");
+                }
+                BIO_printf(bio, "\n");
+            }
+        }
+#endif
+
+        BIO_printf(bio,
+                   "---\nSSL handshake has read %ju bytes "
+                   "and written %ju bytes\n",
+                   BIO_number_read(SSL_get_rbio(s)),
+                   BIO_number_written(SSL_get_wbio(s)));
+    }
+    print_verify_detail(s, bio);
+    BIO_printf(bio, (SSL_session_reused(s) ? "---\nReused, " : "---\nNew, "));
+    c = SSL_get_current_cipher(s);
+    BIO_printf(bio, "%s, Cipher is %s\n",
+               SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c));
+    if (peer != NULL) {
+        EVP_PKEY *pktmp;
+
+        pktmp = X509_get0_pubkey(peer);
+        BIO_printf(bio, "Server public key is %d bit\n",
+                   EVP_PKEY_bits(pktmp));
+    }
+    BIO_printf(bio, "Secure Renegotiation IS%s supported\n",
+               SSL_get_secure_renegotiation_support(s) ? "" : " NOT");
+#ifndef OPENSSL_NO_COMP
+    comp = SSL_get_current_compression(s);
+    expansion = SSL_get_current_expansion(s);
+    BIO_printf(bio, "Compression: %s\n",
+               comp ? SSL_COMP_get_name(comp) : "NONE");
+    BIO_printf(bio, "Expansion: %s\n",
+               expansion ? SSL_COMP_get_name(expansion) : "NONE");
+#endif
+
+#ifdef SSL_DEBUG
+    {
+        /* Print out local port of connection: useful for debugging */
+        int sock;
+        union BIO_sock_info_u info;
+
+        sock = SSL_get_fd(s);
+        if ((info.addr = BIO_ADDR_new()) != NULL
+            && BIO_sock_info(sock, BIO_SOCK_INFO_ADDRESS, &info)) {
+            BIO_printf(bio_c_out, "LOCAL PORT is %u\n",
+                       ntohs(BIO_ADDR_rawport(info.addr)));
+        }
+        BIO_ADDR_free(info.addr);
+    }
+#endif
+
+#if !defined(OPENSSL_NO_NEXTPROTONEG)
+    if (next_proto.status != -1) {
+        const unsigned char *proto;
+        unsigned int proto_len;
+        SSL_get0_next_proto_negotiated(s, &proto, &proto_len);
+        BIO_printf(bio, "Next protocol: (%d) ", next_proto.status);
+        BIO_write(bio, proto, proto_len);
+        BIO_write(bio, "\n", 1);
+    }
+#endif
+    {
+        const unsigned char *proto;
+        unsigned int proto_len;
+        SSL_get0_alpn_selected(s, &proto, &proto_len);
+        if (proto_len > 0) {
+            BIO_printf(bio, "ALPN protocol: ");
+            BIO_write(bio, proto, proto_len);
+            BIO_write(bio, "\n", 1);
+        } else
+            BIO_printf(bio, "No ALPN negotiated\n");
+    }
+
+#ifndef OPENSSL_NO_SRTP
+    {
+        SRTP_PROTECTION_PROFILE *srtp_profile =
+            SSL_get_selected_srtp_profile(s);
+
+        if (srtp_profile)
+            BIO_printf(bio, "SRTP Extension negotiated, profile=%s\n",
+                       srtp_profile->name);
+    }
+#endif
+
+    if (istls13) {
+        switch (SSL_get_early_data_status(s)) {
+        case SSL_EARLY_DATA_NOT_SENT:
+            BIO_printf(bio, "Early data was not sent\n");
+            break;
+
+        case SSL_EARLY_DATA_REJECTED:
+            BIO_printf(bio, "Early data was rejected\n");
+            break;
+
+        case SSL_EARLY_DATA_ACCEPTED:
+            BIO_printf(bio, "Early data was accepted\n");
+            break;
+
+        }
+
+        /*
+         * We also print the verify results when we dump session information,
+         * but in TLSv1.3 we may not get that right away (or at all) depending
+         * on when we get a NewSessionTicket. Therefore we print it now as well.
+         */
+        verify_result = SSL_get_verify_result(s);
+        BIO_printf(bio, "Verify return code: %ld (%s)\n", verify_result,
+                   X509_verify_cert_error_string(verify_result));
+    } else {
+        /* In TLSv1.3 we do this on arrival of a NewSessionTicket */
+        SSL_SESSION_print(bio, SSL_get_session(s));
+    }
+
+    if (SSL_get_session(s) != NULL && keymatexportlabel != NULL) {
+        BIO_printf(bio, "Keying material exporter:\n");
+        BIO_printf(bio, "    Label: '%s'\n", keymatexportlabel);
+        BIO_printf(bio, "    Length: %i bytes\n", keymatexportlen);
+        exportedkeymat = app_malloc(keymatexportlen, "export key");
+        if (!SSL_export_keying_material(s, exportedkeymat,
+                                        keymatexportlen,
+                                        keymatexportlabel,
+                                        strlen(keymatexportlabel),
+                                        NULL, 0, 0)) {
+            BIO_printf(bio, "    Error\n");
+        } else {
+            BIO_printf(bio, "    Keying material: ");
+            for (i = 0; i < keymatexportlen; i++)
+                BIO_printf(bio, "%02X", exportedkeymat[i]);
+            BIO_printf(bio, "\n");
+        }
+        OPENSSL_free(exportedkeymat);
+    }
+    BIO_printf(bio, "---\n");
+    X509_free(peer);
+    /* flush, or debugging output gets mixed with http response */
+    (void)BIO_flush(bio);
+}
+
+# ifndef OPENSSL_NO_OCSP
+static int ocsp_resp_cb(SSL *s, void *arg)
+{
+    const unsigned char *p;
+    int len;
+    OCSP_RESPONSE *rsp;
+    len = SSL_get_tlsext_status_ocsp_resp(s, &p);
+    BIO_puts(arg, "OCSP response: ");
+    if (p == NULL) {
+        BIO_puts(arg, "no response sent\n");
+        return 1;
+    }
+    rsp = d2i_OCSP_RESPONSE(NULL, &p, len);
+    if (rsp == NULL) {
+        BIO_puts(arg, "response parse error\n");
+        BIO_dump_indent(arg, (char *)p, len, 4);
+        return 0;
+    }
+    BIO_puts(arg, "\n======================================\n");
+    OCSP_RESPONSE_print(arg, rsp, 0);
+    BIO_puts(arg, "======================================\n");
+    OCSP_RESPONSE_free(rsp);
+    return 1;
+}
+# endif
+
+static int ldap_ExtendedResponse_parse(const char *buf, long rem)
+{
+    const unsigned char *cur, *end;
+    long len;
+    int tag, xclass, inf, ret = -1;
+
+    cur = (const unsigned char *)buf;
+    end = cur + rem;
+
+    /*
+     * From RFC 4511:
+     *
+     *    LDAPMessage ::= SEQUENCE {
+     *         messageID       MessageID,
+     *         protocolOp      CHOICE {
+     *              ...
+     *              extendedResp          ExtendedResponse,
+     *              ... },
+     *         controls       [0] Controls OPTIONAL }
+     *
+     *    ExtendedResponse ::= [APPLICATION 24] SEQUENCE {
+     *         COMPONENTS OF LDAPResult,
+     *         responseName     [10] LDAPOID OPTIONAL,
+     *         responseValue    [11] OCTET STRING OPTIONAL }
+     *
+     *    LDAPResult ::= SEQUENCE {
+     *         resultCode         ENUMERATED {
+     *              success                      (0),
+     *              ...
+     *              other                        (80),
+     *              ...  },
+     *         matchedDN          LDAPDN,
+     *         diagnosticMessage  LDAPString,
+     *         referral           [3] Referral OPTIONAL }
+     */
+
+    /* pull SEQUENCE */
+    inf = ASN1_get_object(&cur, &len, &tag, &xclass, rem);
+    if (inf != V_ASN1_CONSTRUCTED || tag != V_ASN1_SEQUENCE ||
+        (rem = end - cur, len > rem)) {
+        BIO_printf(bio_err, "Unexpected LDAP response\n");
+        goto end;
+    }
+
+    rem = len;  /* ensure that we don't overstep the SEQUENCE */
+
+    /* pull MessageID */
+    inf = ASN1_get_object(&cur, &len, &tag, &xclass, rem);
+    if (inf != V_ASN1_UNIVERSAL || tag != V_ASN1_INTEGER ||
+        (rem = end - cur, len > rem)) {
+        BIO_printf(bio_err, "No MessageID\n");
+        goto end;
+    }
+
+    cur += len; /* shall we check for MessageId match or just skip? */
+
+    /* pull [APPLICATION 24] */
+    rem = end - cur;
+    inf = ASN1_get_object(&cur, &len, &tag, &xclass, rem);
+    if (inf != V_ASN1_CONSTRUCTED || xclass != V_ASN1_APPLICATION ||
+        tag != 24) {
+        BIO_printf(bio_err, "Not ExtendedResponse\n");
+        goto end;
+    }
+
+    /* pull resultCode */
+    rem = end - cur;
+    inf = ASN1_get_object(&cur, &len, &tag, &xclass, rem);
+    if (inf != V_ASN1_UNIVERSAL || tag != V_ASN1_ENUMERATED || len == 0 ||
+        (rem = end - cur, len > rem)) {
+        BIO_printf(bio_err, "Not LDAPResult\n");
+        goto end;
+    }
+
+    /* len should always be one, but just in case... */
+    for (ret = 0, inf = 0; inf < len; inf++) {
+        ret <<= 8;
+        ret |= cur[inf];
+    }
+    /* There is more data, but we don't care... */
+ end:
+    return ret;
+}
+
+/*
+ * Host dNS Name verifier: used for checking that the hostname is in dNS format 
+ * before setting it as SNI
+ */
+static int is_dNS_name(const char *host)
+{
+    const size_t MAX_LABEL_LENGTH = 63;
+    size_t i;
+    int isdnsname = 0;
+    size_t length = strlen(host);
+    size_t label_length = 0;
+    int all_numeric = 1;
+
+    /*
+     * Deviation from strict DNS name syntax, also check names with '_'
+     * Check DNS name syntax, any '-' or '.' must be internal,
+     * and on either side of each '.' we can't have a '-' or '.'.
+     *
+     * If the name has just one label, we don't consider it a DNS name.
+     */
+    for (i = 0; i < length && label_length < MAX_LABEL_LENGTH; ++i) {
+        char c = host[i];
+
+        if ((c >= 'a' && c <= 'z')
+            || (c >= 'A' && c <= 'Z')
+            || c == '_') {
+            label_length += 1;
+            all_numeric = 0;
+            continue;
+        }
+
+        if (c >= '0' && c <= '9') {
+            label_length += 1;
+            continue;
+        }
+
+        /* Dot and hyphen cannot be first or last. */
+        if (i > 0 && i < length - 1) {
+            if (c == '-') {
+                label_length += 1;
+                continue;
+            }
+            /*
+             * Next to a dot the preceding and following characters must not be
+             * another dot or a hyphen.  Otherwise, record that the name is
+             * plausible, since it has two or more labels.
+             */
+            if (c == '.'
+                && host[i + 1] != '.'
+                && host[i - 1] != '-'
+                && host[i + 1] != '-') {
+                label_length = 0;
+                isdnsname = 1;
+                continue;
+            }
+        }
+        isdnsname = 0;
+        break;
+    }
+
+    /* dNS name must not be all numeric and labels must be shorter than 64 characters. */
+    isdnsname &= !all_numeric && !(label_length == MAX_LABEL_LENGTH);
+
+    return isdnsname;
+}
+#endif                          /* OPENSSL_NO_SOCK */
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/s_server.c b/trunk/3rdparty/openssl-1.1-fit/apps/s_server.c
new file mode 100644
index 000000000..929a08bd8
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/s_server.c
@@ -0,0 +1,3632 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <ctype.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#if defined(_WIN32)
+/* Included before async.h to avoid some warnings */
+# include <windows.h>
+#endif
+
+#include <openssl/e_os2.h>
+#include <openssl/async.h>
+#include <openssl/ssl.h>
+
+#ifndef OPENSSL_NO_SOCK
+
+/*
+ * With IPv6, it looks like Digital has mixed up the proper order of
+ * recursive header file inclusion, resulting in the compiler complaining
+ * that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is
+ * needed to have fileno() declared correctly...  So let's define u_int
+ */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
+# define __U_INT
+typedef unsigned int u_int;
+#endif
+
+#include <openssl/bn.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
+#include <openssl/rand.h>
+#include <openssl/ocsp.h>
+#ifndef OPENSSL_NO_DH
+# include <openssl/dh.h>
+#endif
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_SRP
+# include <openssl/srp.h>
+#endif
+#include "s_apps.h"
+#include "timeouts.h"
+#ifdef CHARSET_EBCDIC
+#include <openssl/ebcdic.h>
+#endif
+#include "internal/sockets.h"
+
+static int not_resumable_sess_cb(SSL *s, int is_forward_secure);
+static int sv_body(int s, int stype, int prot, unsigned char *context);
+static int www_body(int s, int stype, int prot, unsigned char *context);
+static int rev_body(int s, int stype, int prot, unsigned char *context);
+static void close_accept_socket(void);
+static int init_ssl_connection(SSL *s);
+static void print_stats(BIO *bp, SSL_CTX *ctx);
+static int generate_session_id(SSL *ssl, unsigned char *id,
+                               unsigned int *id_len);
+static void init_session_cache_ctx(SSL_CTX *sctx);
+static void free_sessions(void);
+#ifndef OPENSSL_NO_DH
+static DH *load_dh_param(const char *dhfile);
+#endif
+static void print_connection_info(SSL *con);
+
+static const int bufsize = 16 * 1024;
+static int accept_socket = -1;
+
+#define TEST_CERT       "server.pem"
+#define TEST_CERT2      "server2.pem"
+
+static int s_nbio = 0;
+static int s_nbio_test = 0;
+static int s_crlf = 0;
+static SSL_CTX *ctx = NULL;
+static SSL_CTX *ctx2 = NULL;
+static int www = 0;
+
+static BIO *bio_s_out = NULL;
+static BIO *bio_s_msg = NULL;
+static int s_debug = 0;
+static int s_tlsextdebug = 0;
+static int s_msg = 0;
+static int s_quiet = 0;
+static int s_ign_eof = 0;
+static int s_brief = 0;
+
+static char *keymatexportlabel = NULL;
+static int keymatexportlen = 20;
+
+static int async = 0;
+
+static const char *session_id_prefix = NULL;
+
+#ifndef OPENSSL_NO_DTLS
+static int enable_timeouts = 0;
+static long socket_mtu;
+#endif
+
+/*
+ * We define this but make it always be 0 in no-dtls builds to simplify the
+ * code.
+ */
+static int dtlslisten = 0;
+static int stateless = 0;
+
+static int early_data = 0;
+static SSL_SESSION *psksess = NULL;
+
+static char *psk_identity = "Client_identity";
+char *psk_key = NULL;           /* by default PSK is not used */
+
+#ifndef OPENSSL_NO_PSK
+static unsigned int psk_server_cb(SSL *ssl, const char *identity,
+                                  unsigned char *psk,
+                                  unsigned int max_psk_len)
+{
+    long key_len = 0;
+    unsigned char *key;
+
+    if (s_debug)
+        BIO_printf(bio_s_out, "psk_server_cb\n");
+    if (identity == NULL) {
+        BIO_printf(bio_err, "Error: client did not send PSK identity\n");
+        goto out_err;
+    }
+    if (s_debug)
+        BIO_printf(bio_s_out, "identity_len=%d identity=%s\n",
+                   (int)strlen(identity), identity);
+
+    /* here we could lookup the given identity e.g. from a database */
+    if (strcmp(identity, psk_identity) != 0) {
+        BIO_printf(bio_s_out, "PSK warning: client identity not what we expected"
+                   " (got '%s' expected '%s')\n", identity, psk_identity);
+    } else {
+      if (s_debug)
+        BIO_printf(bio_s_out, "PSK client identity found\n");
+    }
+
+    /* convert the PSK key to binary */
+    key = OPENSSL_hexstr2buf(psk_key, &key_len);
+    if (key == NULL) {
+        BIO_printf(bio_err, "Could not convert PSK key '%s' to buffer\n",
+                   psk_key);
+        return 0;
+    }
+    if (key_len > (int)max_psk_len) {
+        BIO_printf(bio_err,
+                   "psk buffer of callback is too small (%d) for key (%ld)\n",
+                   max_psk_len, key_len);
+        OPENSSL_free(key);
+        return 0;
+    }
+
+    memcpy(psk, key, key_len);
+    OPENSSL_free(key);
+
+    if (s_debug)
+        BIO_printf(bio_s_out, "fetched PSK len=%ld\n", key_len);
+    return key_len;
+ out_err:
+    if (s_debug)
+        BIO_printf(bio_err, "Error in PSK server callback\n");
+    (void)BIO_flush(bio_err);
+    (void)BIO_flush(bio_s_out);
+    return 0;
+}
+#endif
+
+#define TLS13_AES_128_GCM_SHA256_BYTES  ((const unsigned char *)"\x13\x01")
+#define TLS13_AES_256_GCM_SHA384_BYTES  ((const unsigned char *)"\x13\x02")
+
+static int psk_find_session_cb(SSL *ssl, const unsigned char *identity,
+                               size_t identity_len, SSL_SESSION **sess)
+{
+    SSL_SESSION *tmpsess = NULL;
+    unsigned char *key;
+    long key_len;
+    const SSL_CIPHER *cipher = NULL;
+
+    if (strlen(psk_identity) != identity_len
+            || memcmp(psk_identity, identity, identity_len) != 0) {
+        *sess = NULL;
+        return 1;
+    }
+
+    if (psksess != NULL) {
+        SSL_SESSION_up_ref(psksess);
+        *sess = psksess;
+        return 1;
+    }
+
+    key = OPENSSL_hexstr2buf(psk_key, &key_len);
+    if (key == NULL) {
+        BIO_printf(bio_err, "Could not convert PSK key '%s' to buffer\n",
+                   psk_key);
+        return 0;
+    }
+
+    /* We default to SHA256 */
+    cipher = SSL_CIPHER_find(ssl, tls13_aes128gcmsha256_id);
+    if (cipher == NULL) {
+        BIO_printf(bio_err, "Error finding suitable ciphersuite\n");
+        OPENSSL_free(key);
+        return 0;
+    }
+
+    tmpsess = SSL_SESSION_new();
+    if (tmpsess == NULL
+            || !SSL_SESSION_set1_master_key(tmpsess, key, key_len)
+            || !SSL_SESSION_set_cipher(tmpsess, cipher)
+            || !SSL_SESSION_set_protocol_version(tmpsess, SSL_version(ssl))) {
+        OPENSSL_free(key);
+        return 0;
+    }
+    OPENSSL_free(key);
+    *sess = tmpsess;
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_SRP
+/* This is a context that we pass to callbacks */
+typedef struct srpsrvparm_st {
+    char *login;
+    SRP_VBASE *vb;
+    SRP_user_pwd *user;
+} srpsrvparm;
+static srpsrvparm srp_callback_parm;
+
+/*
+ * This callback pretends to require some asynchronous logic in order to
+ * obtain a verifier. When the callback is called for a new connection we
+ * return with a negative value. This will provoke the accept etc to return
+ * with an LOOKUP_X509. The main logic of the reinvokes the suspended call
+ * (which would normally occur after a worker has finished) and we set the
+ * user parameters.
+ */
+static int ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
+{
+    srpsrvparm *p = (srpsrvparm *) arg;
+    int ret = SSL3_AL_FATAL;
+
+    if (p->login == NULL && p->user == NULL) {
+        p->login = SSL_get_srp_username(s);
+        BIO_printf(bio_err, "SRP username = \"%s\"\n", p->login);
+        return -1;
+    }
+
+    if (p->user == NULL) {
+        BIO_printf(bio_err, "User %s doesn't exist\n", p->login);
+        goto err;
+    }
+
+    if (SSL_set_srp_server_param
+        (s, p->user->N, p->user->g, p->user->s, p->user->v,
+         p->user->info) < 0) {
+        *ad = SSL_AD_INTERNAL_ERROR;
+        goto err;
+    }
+    BIO_printf(bio_err,
+               "SRP parameters set: username = \"%s\" info=\"%s\" \n",
+               p->login, p->user->info);
+    ret = SSL_ERROR_NONE;
+
+ err:
+    SRP_user_pwd_free(p->user);
+    p->user = NULL;
+    p->login = NULL;
+    return ret;
+}
+
+#endif
+
+static int local_argc = 0;
+static char **local_argv;
+
+#ifdef CHARSET_EBCDIC
+static int ebcdic_new(BIO *bi);
+static int ebcdic_free(BIO *a);
+static int ebcdic_read(BIO *b, char *out, int outl);
+static int ebcdic_write(BIO *b, const char *in, int inl);
+static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr);
+static int ebcdic_gets(BIO *bp, char *buf, int size);
+static int ebcdic_puts(BIO *bp, const char *str);
+
+# define BIO_TYPE_EBCDIC_FILTER  (18|0x0200)
+static BIO_METHOD *methods_ebcdic = NULL;
+
+/* This struct is "unwarranted chumminess with the compiler." */
+typedef struct {
+    size_t alloced;
+    char buff[1];
+} EBCDIC_OUTBUFF;
+
+static const BIO_METHOD *BIO_f_ebcdic_filter()
+{
+    if (methods_ebcdic == NULL) {
+        methods_ebcdic = BIO_meth_new(BIO_TYPE_EBCDIC_FILTER,
+                                      "EBCDIC/ASCII filter");
+        if (methods_ebcdic == NULL
+            || !BIO_meth_set_write(methods_ebcdic, ebcdic_write)
+            || !BIO_meth_set_read(methods_ebcdic, ebcdic_read)
+            || !BIO_meth_set_puts(methods_ebcdic, ebcdic_puts)
+            || !BIO_meth_set_gets(methods_ebcdic, ebcdic_gets)
+            || !BIO_meth_set_ctrl(methods_ebcdic, ebcdic_ctrl)
+            || !BIO_meth_set_create(methods_ebcdic, ebcdic_new)
+            || !BIO_meth_set_destroy(methods_ebcdic, ebcdic_free))
+            return NULL;
+    }
+    return methods_ebcdic;
+}
+
+static int ebcdic_new(BIO *bi)
+{
+    EBCDIC_OUTBUFF *wbuf;
+
+    wbuf = app_malloc(sizeof(*wbuf) + 1024, "ebcdic wbuf");
+    wbuf->alloced = 1024;
+    wbuf->buff[0] = '\0';
+
+    BIO_set_data(bi, wbuf);
+    BIO_set_init(bi, 1);
+    return 1;
+}
+
+static int ebcdic_free(BIO *a)
+{
+    EBCDIC_OUTBUFF *wbuf;
+
+    if (a == NULL)
+        return 0;
+    wbuf = BIO_get_data(a);
+    OPENSSL_free(wbuf);
+    BIO_set_data(a, NULL);
+    BIO_set_init(a, 0);
+
+    return 1;
+}
+
+static int ebcdic_read(BIO *b, char *out, int outl)
+{
+    int ret = 0;
+    BIO *next = BIO_next(b);
+
+    if (out == NULL || outl == 0)
+        return 0;
+    if (next == NULL)
+        return 0;
+
+    ret = BIO_read(next, out, outl);
+    if (ret > 0)
+        ascii2ebcdic(out, out, ret);
+    return ret;
+}
+
+static int ebcdic_write(BIO *b, const char *in, int inl)
+{
+    EBCDIC_OUTBUFF *wbuf;
+    BIO *next = BIO_next(b);
+    int ret = 0;
+    int num;
+
+    if ((in == NULL) || (inl <= 0))
+        return 0;
+    if (next == NULL)
+        return 0;
+
+    wbuf = (EBCDIC_OUTBUFF *) BIO_get_data(b);
+
+    if (inl > (num = wbuf->alloced)) {
+        num = num + num;        /* double the size */
+        if (num < inl)
+            num = inl;
+        OPENSSL_free(wbuf);
+        wbuf = app_malloc(sizeof(*wbuf) + num, "grow ebcdic wbuf");
+
+        wbuf->alloced = num;
+        wbuf->buff[0] = '\0';
+
+        BIO_set_data(b, wbuf);
+    }
+
+    ebcdic2ascii(wbuf->buff, in, inl);
+
+    ret = BIO_write(next, wbuf->buff, inl);
+
+    return ret;
+}
+
+static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    long ret;
+    BIO *next = BIO_next(b);
+
+    if (next == NULL)
+        return 0;
+    switch (cmd) {
+    case BIO_CTRL_DUP:
+        ret = 0L;
+        break;
+    default:
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    }
+    return ret;
+}
+
+static int ebcdic_gets(BIO *bp, char *buf, int size)
+{
+    int i, ret = 0;
+    BIO *next = BIO_next(bp);
+
+    if (next == NULL)
+        return 0;
+/*      return(BIO_gets(bp->next_bio,buf,size));*/
+    for (i = 0; i < size - 1; ++i) {
+        ret = ebcdic_read(bp, &buf[i], 1);
+        if (ret <= 0)
+            break;
+        else if (buf[i] == '\n') {
+            ++i;
+            break;
+        }
+    }
+    if (i < size)
+        buf[i] = '\0';
+    return (ret < 0 && i == 0) ? ret : i;
+}
+
+static int ebcdic_puts(BIO *bp, const char *str)
+{
+    if (BIO_next(bp) == NULL)
+        return 0;
+    return ebcdic_write(bp, str, strlen(str));
+}
+#endif
+
+/* This is a context that we pass to callbacks */
+typedef struct tlsextctx_st {
+    char *servername;
+    BIO *biodebug;
+    int extension_error;
+} tlsextctx;
+
+static int ssl_servername_cb(SSL *s, int *ad, void *arg)
+{
+    tlsextctx *p = (tlsextctx *) arg;
+    const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
+
+    if (servername != NULL && p->biodebug != NULL) {
+        const char *cp = servername;
+        unsigned char uc;
+
+        BIO_printf(p->biodebug, "Hostname in TLS extension: \"");
+        while ((uc = *cp++) != 0)
+            BIO_printf(p->biodebug,
+                       isascii(uc) && isprint(uc) ? "%c" : "\\x%02x", uc);
+        BIO_printf(p->biodebug, "\"\n");
+    }
+
+    if (p->servername == NULL)
+        return SSL_TLSEXT_ERR_NOACK;
+
+    if (servername != NULL) {
+        if (strcasecmp(servername, p->servername))
+            return p->extension_error;
+        if (ctx2 != NULL) {
+            BIO_printf(p->biodebug, "Switching server context.\n");
+            SSL_set_SSL_CTX(s, ctx2);
+        }
+    }
+    return SSL_TLSEXT_ERR_OK;
+}
+
+/* Structure passed to cert status callback */
+typedef struct tlsextstatusctx_st {
+    int timeout;
+    /* File to load OCSP Response from (or NULL if no file) */
+    char *respin;
+    /* Default responder to use */
+    char *host, *path, *port;
+    int use_ssl;
+    int verbose;
+} tlsextstatusctx;
+
+static tlsextstatusctx tlscstatp = { -1 };
+
+#ifndef OPENSSL_NO_OCSP
+
+/*
+ * Helper function to get an OCSP_RESPONSE from a responder. This is a
+ * simplified version. It examines certificates each time and makes one OCSP
+ * responder query for each request. A full version would store details such as
+ * the OCSP certificate IDs and minimise the number of OCSP responses by caching
+ * them until they were considered "expired".
+ */
+static int get_ocsp_resp_from_responder(SSL *s, tlsextstatusctx *srctx,
+                                        OCSP_RESPONSE **resp)
+{
+    char *host = NULL, *port = NULL, *path = NULL;
+    int use_ssl;
+    STACK_OF(OPENSSL_STRING) *aia = NULL;
+    X509 *x = NULL;
+    X509_STORE_CTX *inctx = NULL;
+    X509_OBJECT *obj;
+    OCSP_REQUEST *req = NULL;
+    OCSP_CERTID *id = NULL;
+    STACK_OF(X509_EXTENSION) *exts;
+    int ret = SSL_TLSEXT_ERR_NOACK;
+    int i;
+
+    /* Build up OCSP query from server certificate */
+    x = SSL_get_certificate(s);
+    aia = X509_get1_ocsp(x);
+    if (aia != NULL) {
+        if (!OCSP_parse_url(sk_OPENSSL_STRING_value(aia, 0),
+                            &host, &port, &path, &use_ssl)) {
+            BIO_puts(bio_err, "cert_status: can't parse AIA URL\n");
+            goto err;
+        }
+        if (srctx->verbose)
+            BIO_printf(bio_err, "cert_status: AIA URL: %s\n",
+                       sk_OPENSSL_STRING_value(aia, 0));
+    } else {
+        if (srctx->host == NULL) {
+            BIO_puts(bio_err,
+                     "cert_status: no AIA and no default responder URL\n");
+            goto done;
+        }
+        host = srctx->host;
+        path = srctx->path;
+        port = srctx->port;
+        use_ssl = srctx->use_ssl;
+    }
+
+    inctx = X509_STORE_CTX_new();
+    if (inctx == NULL)
+        goto err;
+    if (!X509_STORE_CTX_init(inctx,
+                             SSL_CTX_get_cert_store(SSL_get_SSL_CTX(s)),
+                             NULL, NULL))
+        goto err;
+    obj = X509_STORE_CTX_get_obj_by_subject(inctx, X509_LU_X509,
+                                            X509_get_issuer_name(x));
+    if (obj == NULL) {
+        BIO_puts(bio_err, "cert_status: Can't retrieve issuer certificate.\n");
+        goto done;
+    }
+    id = OCSP_cert_to_id(NULL, x, X509_OBJECT_get0_X509(obj));
+    X509_OBJECT_free(obj);
+    if (id == NULL)
+        goto err;
+    req = OCSP_REQUEST_new();
+    if (req == NULL)
+        goto err;
+    if (!OCSP_request_add0_id(req, id))
+        goto err;
+    id = NULL;
+    /* Add any extensions to the request */
+    SSL_get_tlsext_status_exts(s, &exts);
+    for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
+        X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i);
+        if (!OCSP_REQUEST_add_ext(req, ext, -1))
+            goto err;
+    }
+    *resp = process_responder(req, host, path, port, use_ssl, NULL,
+                             srctx->timeout);
+    if (*resp == NULL) {
+        BIO_puts(bio_err, "cert_status: error querying responder\n");
+        goto done;
+    }
+
+    ret = SSL_TLSEXT_ERR_OK;
+    goto done;
+
+ err:
+    ret = SSL_TLSEXT_ERR_ALERT_FATAL;
+ done:
+    /*
+     * If we parsed aia we need to free; otherwise they were copied and we
+     * don't
+     */
+    if (aia != NULL) {
+        OPENSSL_free(host);
+        OPENSSL_free(path);
+        OPENSSL_free(port);
+        X509_email_free(aia);
+    }
+    OCSP_CERTID_free(id);
+    OCSP_REQUEST_free(req);
+    X509_STORE_CTX_free(inctx);
+    return ret;
+}
+
+/*
+ * Certificate Status callback. This is called when a client includes a
+ * certificate status request extension. The response is either obtained from a
+ * file, or from an OCSP responder.
+ */
+static int cert_status_cb(SSL *s, void *arg)
+{
+    tlsextstatusctx *srctx = arg;
+    OCSP_RESPONSE *resp = NULL;
+    unsigned char *rspder = NULL;
+    int rspderlen;
+    int ret = SSL_TLSEXT_ERR_ALERT_FATAL;
+
+    if (srctx->verbose)
+        BIO_puts(bio_err, "cert_status: callback called\n");
+
+    if (srctx->respin != NULL) {
+        BIO *derbio = bio_open_default(srctx->respin, 'r', FORMAT_ASN1);
+        if (derbio == NULL) {
+            BIO_puts(bio_err, "cert_status: Cannot open OCSP response file\n");
+            goto err;
+        }
+        resp = d2i_OCSP_RESPONSE_bio(derbio, NULL);
+        BIO_free(derbio);
+        if (resp == NULL) {
+            BIO_puts(bio_err, "cert_status: Error reading OCSP response\n");
+            goto err;
+        }
+    } else {
+        ret = get_ocsp_resp_from_responder(s, srctx, &resp);
+        if (ret != SSL_TLSEXT_ERR_OK)
+            goto err;
+    }
+
+    rspderlen = i2d_OCSP_RESPONSE(resp, &rspder);
+    if (rspderlen <= 0)
+        goto err;
+
+    SSL_set_tlsext_status_ocsp_resp(s, rspder, rspderlen);
+    if (srctx->verbose) {
+        BIO_puts(bio_err, "cert_status: ocsp response sent:\n");
+        OCSP_RESPONSE_print(bio_err, resp, 2);
+    }
+
+    ret = SSL_TLSEXT_ERR_OK;
+
+ err:
+    if (ret != SSL_TLSEXT_ERR_OK)
+        ERR_print_errors(bio_err);
+
+    OCSP_RESPONSE_free(resp);
+
+    return ret;
+}
+#endif
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+/* This is the context that we pass to next_proto_cb */
+typedef struct tlsextnextprotoctx_st {
+    unsigned char *data;
+    size_t len;
+} tlsextnextprotoctx;
+
+static int next_proto_cb(SSL *s, const unsigned char **data,
+                         unsigned int *len, void *arg)
+{
+    tlsextnextprotoctx *next_proto = arg;
+
+    *data = next_proto->data;
+    *len = next_proto->len;
+
+    return SSL_TLSEXT_ERR_OK;
+}
+#endif                         /* ndef OPENSSL_NO_NEXTPROTONEG */
+
+/* This the context that we pass to alpn_cb */
+typedef struct tlsextalpnctx_st {
+    unsigned char *data;
+    size_t len;
+} tlsextalpnctx;
+
+static int alpn_cb(SSL *s, const unsigned char **out, unsigned char *outlen,
+                   const unsigned char *in, unsigned int inlen, void *arg)
+{
+    tlsextalpnctx *alpn_ctx = arg;
+
+    if (!s_quiet) {
+        /* We can assume that |in| is syntactically valid. */
+        unsigned int i;
+        BIO_printf(bio_s_out, "ALPN protocols advertised by the client: ");
+        for (i = 0; i < inlen;) {
+            if (i)
+                BIO_write(bio_s_out, ", ", 2);
+            BIO_write(bio_s_out, &in[i + 1], in[i]);
+            i += in[i] + 1;
+        }
+        BIO_write(bio_s_out, "\n", 1);
+    }
+
+    if (SSL_select_next_proto
+        ((unsigned char **)out, outlen, alpn_ctx->data, alpn_ctx->len, in,
+         inlen) != OPENSSL_NPN_NEGOTIATED) {
+        return SSL_TLSEXT_ERR_NOACK;
+    }
+
+    if (!s_quiet) {
+        BIO_printf(bio_s_out, "ALPN protocols selected: ");
+        BIO_write(bio_s_out, *out, *outlen);
+        BIO_write(bio_s_out, "\n", 1);
+    }
+
+    return SSL_TLSEXT_ERR_OK;
+}
+
+static int not_resumable_sess_cb(SSL *s, int is_forward_secure)
+{
+    /* disable resumption for sessions with forward secure ciphers */
+    return is_forward_secure;
+}
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_ENGINE,
+    OPT_4, OPT_6, OPT_ACCEPT, OPT_PORT, OPT_UNIX, OPT_UNLINK, OPT_NACCEPT,
+    OPT_VERIFY, OPT_NAMEOPT, OPT_UPPER_V_VERIFY, OPT_CONTEXT, OPT_CERT, OPT_CRL,
+    OPT_CRL_DOWNLOAD, OPT_SERVERINFO, OPT_CERTFORM, OPT_KEY, OPT_KEYFORM,
+    OPT_PASS, OPT_CERT_CHAIN, OPT_DHPARAM, OPT_DCERTFORM, OPT_DCERT,
+    OPT_DKEYFORM, OPT_DPASS, OPT_DKEY, OPT_DCERT_CHAIN, OPT_NOCERT,
+    OPT_CAPATH, OPT_NOCAPATH, OPT_CHAINCAPATH, OPT_VERIFYCAPATH, OPT_NO_CACHE,
+    OPT_EXT_CACHE, OPT_CRLFORM, OPT_VERIFY_RET_ERROR, OPT_VERIFY_QUIET,
+    OPT_BUILD_CHAIN, OPT_CAFILE, OPT_NOCAFILE, OPT_CHAINCAFILE,
+    OPT_VERIFYCAFILE, OPT_NBIO, OPT_NBIO_TEST, OPT_IGN_EOF, OPT_NO_IGN_EOF,
+    OPT_DEBUG, OPT_TLSEXTDEBUG, OPT_STATUS, OPT_STATUS_VERBOSE,
+    OPT_STATUS_TIMEOUT, OPT_STATUS_URL, OPT_STATUS_FILE, OPT_MSG, OPT_MSGFILE,
+    OPT_TRACE, OPT_SECURITY_DEBUG, OPT_SECURITY_DEBUG_VERBOSE, OPT_STATE,
+    OPT_CRLF, OPT_QUIET, OPT_BRIEF, OPT_NO_DHE,
+    OPT_NO_RESUME_EPHEMERAL, OPT_PSK_IDENTITY, OPT_PSK_HINT, OPT_PSK,
+    OPT_PSK_SESS, OPT_SRPVFILE, OPT_SRPUSERSEED, OPT_REV, OPT_WWW,
+    OPT_UPPER_WWW, OPT_HTTP, OPT_ASYNC, OPT_SSL_CONFIG,
+    OPT_MAX_SEND_FRAG, OPT_SPLIT_SEND_FRAG, OPT_MAX_PIPELINES, OPT_READ_BUF,
+    OPT_SSL3, OPT_TLS1_3, OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1,
+    OPT_DTLS1_2, OPT_SCTP, OPT_TIMEOUT, OPT_MTU, OPT_LISTEN, OPT_STATELESS,
+    OPT_ID_PREFIX, OPT_SERVERNAME, OPT_SERVERNAME_FATAL,
+    OPT_CERT2, OPT_KEY2, OPT_NEXTPROTONEG, OPT_ALPN,
+    OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN,
+    OPT_KEYLOG_FILE, OPT_MAX_EARLY, OPT_RECV_MAX_EARLY, OPT_EARLY_DATA,
+    OPT_S_NUM_TICKETS, OPT_ANTI_REPLAY, OPT_NO_ANTI_REPLAY, OPT_SCTP_LABEL_BUG,
+    OPT_R_ENUM,
+    OPT_S_ENUM,
+    OPT_V_ENUM,
+    OPT_X_ENUM
+} OPTION_CHOICE;
+
+const OPTIONS s_server_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"port", OPT_PORT, 'p',
+     "TCP/IP port to listen on for connections (default is " PORT ")"},
+    {"accept", OPT_ACCEPT, 's',
+     "TCP/IP optional host and port to listen on for connections (default is *:" PORT ")"},
+#ifdef AF_UNIX
+    {"unix", OPT_UNIX, 's', "Unix domain socket to accept on"},
+#endif
+    {"4", OPT_4, '-', "Use IPv4 only"},
+    {"6", OPT_6, '-', "Use IPv6 only"},
+#ifdef AF_UNIX
+    {"unlink", OPT_UNLINK, '-', "For -unix, unlink existing socket first"},
+#endif
+    {"context", OPT_CONTEXT, 's', "Set session ID context"},
+    {"verify", OPT_VERIFY, 'n', "Turn on peer certificate verification"},
+    {"Verify", OPT_UPPER_V_VERIFY, 'n',
+     "Turn on peer certificate verification, must have a cert"},
+    {"cert", OPT_CERT, '<', "Certificate file to use; default is " TEST_CERT},
+    {"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"},
+    {"naccept", OPT_NACCEPT, 'p', "Terminate after #num connections"},
+    {"serverinfo", OPT_SERVERINFO, 's',
+     "PEM serverinfo file for certificate"},
+    {"certform", OPT_CERTFORM, 'F',
+     "Certificate format (PEM or DER) PEM default"},
+    {"key", OPT_KEY, 's',
+     "Private Key if not in -cert; default is " TEST_CERT},
+    {"keyform", OPT_KEYFORM, 'f',
+     "Key format (PEM, DER or ENGINE) PEM default"},
+    {"pass", OPT_PASS, 's', "Private key file pass phrase source"},
+    {"dcert", OPT_DCERT, '<',
+     "Second certificate file to use (usually for DSA)"},
+    {"dhparam", OPT_DHPARAM, '<', "DH parameters file to use"},
+    {"dcertform", OPT_DCERTFORM, 'F',
+     "Second certificate format (PEM or DER) PEM default"},
+    {"dkey", OPT_DKEY, '<',
+     "Second private key file to use (usually for DSA)"},
+    {"dkeyform", OPT_DKEYFORM, 'F',
+     "Second key format (PEM, DER or ENGINE) PEM default"},
+    {"dpass", OPT_DPASS, 's', "Second private key file pass phrase source"},
+    {"nbio_test", OPT_NBIO_TEST, '-', "Test with the non-blocking test bio"},
+    {"crlf", OPT_CRLF, '-', "Convert LF from terminal into CRLF"},
+    {"debug", OPT_DEBUG, '-', "Print more output"},
+    {"msg", OPT_MSG, '-', "Show protocol messages"},
+    {"msgfile", OPT_MSGFILE, '>',
+     "File to send output of -msg or -trace, instead of stdout"},
+    {"state", OPT_STATE, '-', "Print the SSL states"},
+    {"CAfile", OPT_CAFILE, '<', "PEM format file of CA's"},
+    {"CApath", OPT_CAPATH, '/', "PEM format directory of CA's"},
+    {"no-CAfile", OPT_NOCAFILE, '-',
+     "Do not load the default certificates file"},
+    {"no-CApath", OPT_NOCAPATH, '-',
+     "Do not load certificates from the default certificates directory"},
+    {"nocert", OPT_NOCERT, '-', "Don't use any certificates (Anon-DH)"},
+    {"quiet", OPT_QUIET, '-', "No server output"},
+    {"no_resume_ephemeral", OPT_NO_RESUME_EPHEMERAL, '-',
+     "Disable caching and tickets if ephemeral (EC)DH is used"},
+    {"www", OPT_WWW, '-', "Respond to a 'GET /' with a status page"},
+    {"WWW", OPT_UPPER_WWW, '-', "Respond to a 'GET with the file ./path"},
+    {"servername", OPT_SERVERNAME, 's',
+     "Servername for HostName TLS extension"},
+    {"servername_fatal", OPT_SERVERNAME_FATAL, '-',
+     "mismatch send fatal alert (default warning alert)"},
+    {"cert2", OPT_CERT2, '<',
+     "Certificate file to use for servername; default is" TEST_CERT2},
+    {"key2", OPT_KEY2, '<',
+     "-Private Key file to use for servername if not in -cert2"},
+    {"tlsextdebug", OPT_TLSEXTDEBUG, '-',
+     "Hex dump of all TLS extensions received"},
+    {"HTTP", OPT_HTTP, '-', "Like -WWW but ./path includes HTTP headers"},
+    {"id_prefix", OPT_ID_PREFIX, 's',
+     "Generate SSL/TLS session IDs prefixed by arg"},
+    OPT_R_OPTIONS,
+    {"keymatexport", OPT_KEYMATEXPORT, 's',
+     "Export keying material using label"},
+    {"keymatexportlen", OPT_KEYMATEXPORTLEN, 'p',
+     "Export len bytes of keying material (default 20)"},
+    {"CRL", OPT_CRL, '<', "CRL file to use"},
+    {"crl_download", OPT_CRL_DOWNLOAD, '-',
+     "Download CRL from distribution points"},
+    {"cert_chain", OPT_CERT_CHAIN, '<',
+     "certificate chain file in PEM format"},
+    {"dcert_chain", OPT_DCERT_CHAIN, '<',
+     "second certificate chain file in PEM format"},
+    {"chainCApath", OPT_CHAINCAPATH, '/',
+     "use dir as certificate store path to build CA certificate chain"},
+    {"verifyCApath", OPT_VERIFYCAPATH, '/',
+     "use dir as certificate store path to verify CA certificate"},
+    {"no_cache", OPT_NO_CACHE, '-', "Disable session cache"},
+    {"ext_cache", OPT_EXT_CACHE, '-',
+     "Disable internal cache, setup and use external cache"},
+    {"CRLform", OPT_CRLFORM, 'F', "CRL format (PEM or DER) PEM is default"},
+    {"verify_return_error", OPT_VERIFY_RET_ERROR, '-',
+     "Close connection on verification error"},
+    {"verify_quiet", OPT_VERIFY_QUIET, '-',
+     "No verify output except verify errors"},
+    {"build_chain", OPT_BUILD_CHAIN, '-', "Build certificate chain"},
+    {"chainCAfile", OPT_CHAINCAFILE, '<',
+     "CA file for certificate chain (PEM format)"},
+    {"verifyCAfile", OPT_VERIFYCAFILE, '<',
+     "CA file for certificate verification (PEM format)"},
+    {"ign_eof", OPT_IGN_EOF, '-', "ignore input eof (default when -quiet)"},
+    {"no_ign_eof", OPT_NO_IGN_EOF, '-', "Do not ignore input eof"},
+#ifndef OPENSSL_NO_OCSP
+    {"status", OPT_STATUS, '-', "Request certificate status from server"},
+    {"status_verbose", OPT_STATUS_VERBOSE, '-',
+     "Print more output in certificate status callback"},
+    {"status_timeout", OPT_STATUS_TIMEOUT, 'n',
+     "Status request responder timeout"},
+    {"status_url", OPT_STATUS_URL, 's', "Status request fallback URL"},
+    {"status_file", OPT_STATUS_FILE, '<',
+     "File containing DER encoded OCSP Response"},
+#endif
+#ifndef OPENSSL_NO_SSL_TRACE
+    {"trace", OPT_TRACE, '-', "trace protocol messages"},
+#endif
+    {"security_debug", OPT_SECURITY_DEBUG, '-',
+     "Print output from SSL/TLS security framework"},
+    {"security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-',
+     "Print more output from SSL/TLS security framework"},
+    {"brief", OPT_BRIEF, '-',
+     "Restrict output to brief summary of connection parameters"},
+    {"rev", OPT_REV, '-',
+     "act as a simple test server which just sends back with the received text reversed"},
+    {"async", OPT_ASYNC, '-', "Operate in asynchronous mode"},
+    {"ssl_config", OPT_SSL_CONFIG, 's',
+     "Configure SSL_CTX using the configuration 'val'"},
+    {"max_send_frag", OPT_MAX_SEND_FRAG, 'p', "Maximum Size of send frames "},
+    {"split_send_frag", OPT_SPLIT_SEND_FRAG, 'p',
+     "Size used to split data for encrypt pipelines"},
+    {"max_pipelines", OPT_MAX_PIPELINES, 'p',
+     "Maximum number of encrypt/decrypt pipelines to be used"},
+    {"read_buf", OPT_READ_BUF, 'p',
+     "Default read buffer size to be used for connections"},
+    OPT_S_OPTIONS,
+    OPT_V_OPTIONS,
+    OPT_X_OPTIONS,
+    {"nbio", OPT_NBIO, '-', "Use non-blocking IO"},
+    {"psk_identity", OPT_PSK_IDENTITY, 's', "PSK identity to expect"},
+#ifndef OPENSSL_NO_PSK
+    {"psk_hint", OPT_PSK_HINT, 's', "PSK identity hint to use"},
+#endif
+    {"psk", OPT_PSK, 's', "PSK in hex (without 0x)"},
+    {"psk_session", OPT_PSK_SESS, '<', "File to read PSK SSL session from"},
+#ifndef OPENSSL_NO_SRP
+    {"srpvfile", OPT_SRPVFILE, '<', "The verifier file for SRP"},
+    {"srpuserseed", OPT_SRPUSERSEED, 's',
+     "A seed string for a default user salt"},
+#endif
+#ifndef OPENSSL_NO_SSL3
+    {"ssl3", OPT_SSL3, '-', "Just talk SSLv3"},
+#endif
+#ifndef OPENSSL_NO_TLS1
+    {"tls1", OPT_TLS1, '-', "Just talk TLSv1"},
+#endif
+#ifndef OPENSSL_NO_TLS1_1
+    {"tls1_1", OPT_TLS1_1, '-', "Just talk TLSv1.1"},
+#endif
+#ifndef OPENSSL_NO_TLS1_2
+    {"tls1_2", OPT_TLS1_2, '-', "just talk TLSv1.2"},
+#endif
+#ifndef OPENSSL_NO_TLS1_3
+    {"tls1_3", OPT_TLS1_3, '-', "just talk TLSv1.3"},
+#endif
+#ifndef OPENSSL_NO_DTLS
+    {"dtls", OPT_DTLS, '-', "Use any DTLS version"},
+    {"timeout", OPT_TIMEOUT, '-', "Enable timeouts"},
+    {"mtu", OPT_MTU, 'p', "Set link layer MTU"},
+    {"listen", OPT_LISTEN, '-',
+     "Listen for a DTLS ClientHello with a cookie and then connect"},
+#endif
+    {"stateless", OPT_STATELESS, '-', "Require TLSv1.3 cookies"},
+#ifndef OPENSSL_NO_DTLS1
+    {"dtls1", OPT_DTLS1, '-', "Just talk DTLSv1"},
+#endif
+#ifndef OPENSSL_NO_DTLS1_2
+    {"dtls1_2", OPT_DTLS1_2, '-', "Just talk DTLSv1.2"},
+#endif
+#ifndef OPENSSL_NO_SCTP
+    {"sctp", OPT_SCTP, '-', "Use SCTP"},
+    {"sctp_label_bug", OPT_SCTP_LABEL_BUG, '-', "Enable SCTP label length bug"},
+#endif
+#ifndef OPENSSL_NO_DH
+    {"no_dhe", OPT_NO_DHE, '-', "Disable ephemeral DH"},
+#endif
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    {"nextprotoneg", OPT_NEXTPROTONEG, 's',
+     "Set the advertised protocols for the NPN extension (comma-separated list)"},
+#endif
+#ifndef OPENSSL_NO_SRTP
+    {"use_srtp", OPT_SRTP_PROFILES, 's',
+     "Offer SRTP key management with a colon-separated profile list"},
+#endif
+    {"alpn", OPT_ALPN, 's',
+     "Set the advertised protocols for the ALPN extension (comma-separated list)"},
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+    {"keylogfile", OPT_KEYLOG_FILE, '>', "Write TLS secrets to file"},
+    {"max_early_data", OPT_MAX_EARLY, 'n',
+     "The maximum number of bytes of early data as advertised in tickets"},
+    {"recv_max_early_data", OPT_RECV_MAX_EARLY, 'n',
+     "The maximum number of bytes of early data (hard limit)"},
+    {"early_data", OPT_EARLY_DATA, '-', "Attempt to read early data"},
+    {"num_tickets", OPT_S_NUM_TICKETS, 'n',
+     "The number of TLSv1.3 session tickets that a server will automatically  issue" },
+    {"anti_replay", OPT_ANTI_REPLAY, '-', "Switch on anti-replay protection (default)"},
+    {"no_anti_replay", OPT_NO_ANTI_REPLAY, '-', "Switch off anti-replay protection"},
+    {NULL, OPT_EOF, 0, NULL}
+};
+
+#define IS_PROT_FLAG(o) \
+ (o == OPT_SSL3 || o == OPT_TLS1 || o == OPT_TLS1_1 || o == OPT_TLS1_2 \
+  || o == OPT_TLS1_3 || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2)
+
+int s_server_main(int argc, char *argv[])
+{
+    ENGINE *engine = NULL;
+    EVP_PKEY *s_key = NULL, *s_dkey = NULL;
+    SSL_CONF_CTX *cctx = NULL;
+    const SSL_METHOD *meth = TLS_server_method();
+    SSL_EXCERT *exc = NULL;
+    STACK_OF(OPENSSL_STRING) *ssl_args = NULL;
+    STACK_OF(X509) *s_chain = NULL, *s_dchain = NULL;
+    STACK_OF(X509_CRL) *crls = NULL;
+    X509 *s_cert = NULL, *s_dcert = NULL;
+    X509_VERIFY_PARAM *vpm = NULL;
+    const char *CApath = NULL, *CAfile = NULL, *chCApath = NULL, *chCAfile = NULL;
+    char *dpassarg = NULL, *dpass = NULL;
+    char *passarg = NULL, *pass = NULL, *vfyCApath = NULL, *vfyCAfile = NULL;
+    char *crl_file = NULL, *prog;
+#ifdef AF_UNIX
+    int unlink_unix_path = 0;
+#endif
+    do_server_cb server_cb;
+    int vpmtouched = 0, build_chain = 0, no_cache = 0, ext_cache = 0;
+#ifndef OPENSSL_NO_DH
+    char *dhfile = NULL;
+    int no_dhe = 0;
+#endif
+    int nocert = 0, ret = 1;
+    int noCApath = 0, noCAfile = 0;
+    int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
+    int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM;
+    int rev = 0, naccept = -1, sdebug = 0;
+    int socket_family = AF_UNSPEC, socket_type = SOCK_STREAM, protocol = 0;
+    int state = 0, crl_format = FORMAT_PEM, crl_download = 0;
+    char *host = NULL;
+    char *port = BUF_strdup(PORT);
+    unsigned char *context = NULL;
+    OPTION_CHOICE o;
+    EVP_PKEY *s_key2 = NULL;
+    X509 *s_cert2 = NULL;
+    tlsextctx tlsextcbp = { NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING };
+    const char *ssl_config = NULL;
+    int read_buf_len = 0;
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    const char *next_proto_neg_in = NULL;
+    tlsextnextprotoctx next_proto = { NULL, 0 };
+#endif
+    const char *alpn_in = NULL;
+    tlsextalpnctx alpn_ctx = { NULL, 0 };
+#ifndef OPENSSL_NO_PSK
+    /* by default do not send a PSK identity hint */
+    char *psk_identity_hint = NULL;
+#endif
+    char *p;
+#ifndef OPENSSL_NO_SRP
+    char *srpuserseed = NULL;
+    char *srp_verifier_file = NULL;
+#endif
+#ifndef OPENSSL_NO_SRTP
+    char *srtp_profiles = NULL;
+#endif
+    int min_version = 0, max_version = 0, prot_opt = 0, no_prot_opt = 0;
+    int s_server_verify = SSL_VERIFY_NONE;
+    int s_server_session_id_context = 1; /* anything will do */
+    const char *s_cert_file = TEST_CERT, *s_key_file = NULL, *s_chain_file = NULL;
+    const char *s_cert_file2 = TEST_CERT2, *s_key_file2 = NULL;
+    char *s_dcert_file = NULL, *s_dkey_file = NULL, *s_dchain_file = NULL;
+#ifndef OPENSSL_NO_OCSP
+    int s_tlsextstatus = 0;
+#endif
+    int no_resume_ephemeral = 0;
+    unsigned int max_send_fragment = 0;
+    unsigned int split_send_fragment = 0, max_pipelines = 0;
+    const char *s_serverinfo_file = NULL;
+    const char *keylog_file = NULL;
+    int max_early_data = -1, recv_max_early_data = -1;
+    char *psksessf = NULL;
+#ifndef OPENSSL_NO_SCTP
+    int sctp_label_bug = 0;
+#endif
+
+    /* Init of few remaining global variables */
+    local_argc = argc;
+    local_argv = argv;
+
+    ctx = ctx2 = NULL;
+    s_nbio = s_nbio_test = 0;
+    www = 0;
+    bio_s_out = NULL;
+    s_debug = 0;
+    s_msg = 0;
+    s_quiet = 0;
+    s_brief = 0;
+    async = 0;
+
+    cctx = SSL_CONF_CTX_new();
+    vpm = X509_VERIFY_PARAM_new();
+    if (cctx == NULL || vpm == NULL)
+        goto end;
+    SSL_CONF_CTX_set_flags(cctx,
+                           SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CMDLINE);
+
+    prog = opt_init(argc, argv, s_server_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        if (IS_PROT_FLAG(o) && ++prot_opt > 1) {
+            BIO_printf(bio_err, "Cannot supply multiple protocol flags\n");
+            goto end;
+        }
+        if (IS_NO_PROT_FLAG(o))
+            no_prot_opt++;
+        if (prot_opt == 1 && no_prot_opt) {
+            BIO_printf(bio_err,
+                       "Cannot supply both a protocol flag and '-no_<prot>'\n");
+            goto end;
+        }
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(s_server_options);
+            ret = 0;
+            goto end;
+
+        case OPT_4:
+#ifdef AF_UNIX
+            if (socket_family == AF_UNIX) {
+                OPENSSL_free(host); host = NULL;
+                OPENSSL_free(port); port = NULL;
+            }
+#endif
+            socket_family = AF_INET;
+            break;
+        case OPT_6:
+            if (1) {
+#ifdef AF_INET6
+#ifdef AF_UNIX
+                if (socket_family == AF_UNIX) {
+                    OPENSSL_free(host); host = NULL;
+                    OPENSSL_free(port); port = NULL;
+                }
+#endif
+                socket_family = AF_INET6;
+            } else {
+#endif
+                BIO_printf(bio_err, "%s: IPv6 domain sockets unsupported\n", prog);
+                goto end;
+            }
+            break;
+        case OPT_PORT:
+#ifdef AF_UNIX
+            if (socket_family == AF_UNIX) {
+                socket_family = AF_UNSPEC;
+            }
+#endif
+            OPENSSL_free(port); port = NULL;
+            OPENSSL_free(host); host = NULL;
+            if (BIO_parse_hostserv(opt_arg(), NULL, &port, BIO_PARSE_PRIO_SERV) < 1) {
+                BIO_printf(bio_err,
+                           "%s: -port argument malformed or ambiguous\n",
+                           port);
+                goto end;
+            }
+            break;
+        case OPT_ACCEPT:
+#ifdef AF_UNIX
+            if (socket_family == AF_UNIX) {
+                socket_family = AF_UNSPEC;
+            }
+#endif
+            OPENSSL_free(port); port = NULL;
+            OPENSSL_free(host); host = NULL;
+            if (BIO_parse_hostserv(opt_arg(), &host, &port, BIO_PARSE_PRIO_SERV) < 1) {
+                BIO_printf(bio_err,
+                           "%s: -accept argument malformed or ambiguous\n",
+                           port);
+                goto end;
+            }
+            break;
+#ifdef AF_UNIX
+        case OPT_UNIX:
+            socket_family = AF_UNIX;
+            OPENSSL_free(host); host = BUF_strdup(opt_arg());
+            OPENSSL_free(port); port = NULL;
+            break;
+        case OPT_UNLINK:
+            unlink_unix_path = 1;
+            break;
+#endif
+        case OPT_NACCEPT:
+            naccept = atol(opt_arg());
+            break;
+        case OPT_VERIFY:
+            s_server_verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
+            verify_args.depth = atoi(opt_arg());
+            if (!s_quiet)
+                BIO_printf(bio_err, "verify depth is %d\n", verify_args.depth);
+            break;
+        case OPT_UPPER_V_VERIFY:
+            s_server_verify =
+                SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT |
+                SSL_VERIFY_CLIENT_ONCE;
+            verify_args.depth = atoi(opt_arg());
+            if (!s_quiet)
+                BIO_printf(bio_err,
+                           "verify depth is %d, must return a certificate\n",
+                           verify_args.depth);
+            break;
+        case OPT_CONTEXT:
+            context = (unsigned char *)opt_arg();
+            break;
+        case OPT_CERT:
+            s_cert_file = opt_arg();
+            break;
+        case OPT_NAMEOPT:
+            if (!set_nameopt(opt_arg()))
+                goto end;
+            break;
+        case OPT_CRL:
+            crl_file = opt_arg();
+            break;
+        case OPT_CRL_DOWNLOAD:
+            crl_download = 1;
+            break;
+        case OPT_SERVERINFO:
+            s_serverinfo_file = opt_arg();
+            break;
+        case OPT_CERTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &s_cert_format))
+                goto opthelp;
+            break;
+        case OPT_KEY:
+            s_key_file = opt_arg();
+            break;
+        case OPT_KEYFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_ANY, &s_key_format))
+                goto opthelp;
+            break;
+        case OPT_PASS:
+            passarg = opt_arg();
+            break;
+        case OPT_CERT_CHAIN:
+            s_chain_file = opt_arg();
+            break;
+        case OPT_DHPARAM:
+#ifndef OPENSSL_NO_DH
+            dhfile = opt_arg();
+#endif
+            break;
+        case OPT_DCERTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &s_dcert_format))
+                goto opthelp;
+            break;
+        case OPT_DCERT:
+            s_dcert_file = opt_arg();
+            break;
+        case OPT_DKEYFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &s_dkey_format))
+                goto opthelp;
+            break;
+        case OPT_DPASS:
+            dpassarg = opt_arg();
+            break;
+        case OPT_DKEY:
+            s_dkey_file = opt_arg();
+            break;
+        case OPT_DCERT_CHAIN:
+            s_dchain_file = opt_arg();
+            break;
+        case OPT_NOCERT:
+            nocert = 1;
+            break;
+        case OPT_CAPATH:
+            CApath = opt_arg();
+            break;
+        case OPT_NOCAPATH:
+            noCApath = 1;
+            break;
+        case OPT_CHAINCAPATH:
+            chCApath = opt_arg();
+            break;
+        case OPT_VERIFYCAPATH:
+            vfyCApath = opt_arg();
+            break;
+        case OPT_NO_CACHE:
+            no_cache = 1;
+            break;
+        case OPT_EXT_CACHE:
+            ext_cache = 1;
+            break;
+        case OPT_CRLFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &crl_format))
+                goto opthelp;
+            break;
+        case OPT_S_CASES:
+        case OPT_S_NUM_TICKETS:
+        case OPT_ANTI_REPLAY:
+        case OPT_NO_ANTI_REPLAY:
+            if (ssl_args == NULL)
+                ssl_args = sk_OPENSSL_STRING_new_null();
+            if (ssl_args == NULL
+                || !sk_OPENSSL_STRING_push(ssl_args, opt_flag())
+                || !sk_OPENSSL_STRING_push(ssl_args, opt_arg())) {
+                BIO_printf(bio_err, "%s: Memory allocation failure\n", prog);
+                goto end;
+            }
+            break;
+        case OPT_V_CASES:
+            if (!opt_verify(o, vpm))
+                goto end;
+            vpmtouched++;
+            break;
+        case OPT_X_CASES:
+            if (!args_excert(o, &exc))
+                goto end;
+            break;
+        case OPT_VERIFY_RET_ERROR:
+            verify_args.return_error = 1;
+            break;
+        case OPT_VERIFY_QUIET:
+            verify_args.quiet = 1;
+            break;
+        case OPT_BUILD_CHAIN:
+            build_chain = 1;
+            break;
+        case OPT_CAFILE:
+            CAfile = opt_arg();
+            break;
+        case OPT_NOCAFILE:
+            noCAfile = 1;
+            break;
+        case OPT_CHAINCAFILE:
+            chCAfile = opt_arg();
+            break;
+        case OPT_VERIFYCAFILE:
+            vfyCAfile = opt_arg();
+            break;
+        case OPT_NBIO:
+            s_nbio = 1;
+            break;
+        case OPT_NBIO_TEST:
+            s_nbio = s_nbio_test = 1;
+            break;
+        case OPT_IGN_EOF:
+            s_ign_eof = 1;
+            break;
+        case OPT_NO_IGN_EOF:
+            s_ign_eof = 0;
+            break;
+        case OPT_DEBUG:
+            s_debug = 1;
+            break;
+        case OPT_TLSEXTDEBUG:
+            s_tlsextdebug = 1;
+            break;
+        case OPT_STATUS:
+#ifndef OPENSSL_NO_OCSP
+            s_tlsextstatus = 1;
+#endif
+            break;
+        case OPT_STATUS_VERBOSE:
+#ifndef OPENSSL_NO_OCSP
+            s_tlsextstatus = tlscstatp.verbose = 1;
+#endif
+            break;
+        case OPT_STATUS_TIMEOUT:
+#ifndef OPENSSL_NO_OCSP
+            s_tlsextstatus = 1;
+            tlscstatp.timeout = atoi(opt_arg());
+#endif
+            break;
+        case OPT_STATUS_URL:
+#ifndef OPENSSL_NO_OCSP
+            s_tlsextstatus = 1;
+            if (!OCSP_parse_url(opt_arg(),
+                                &tlscstatp.host,
+                                &tlscstatp.port,
+                                &tlscstatp.path, &tlscstatp.use_ssl)) {
+                BIO_printf(bio_err, "Error parsing URL\n");
+                goto end;
+            }
+#endif
+            break;
+        case OPT_STATUS_FILE:
+#ifndef OPENSSL_NO_OCSP
+            s_tlsextstatus = 1;
+            tlscstatp.respin = opt_arg();
+#endif
+            break;
+        case OPT_MSG:
+            s_msg = 1;
+            break;
+        case OPT_MSGFILE:
+            bio_s_msg = BIO_new_file(opt_arg(), "w");
+            break;
+        case OPT_TRACE:
+#ifndef OPENSSL_NO_SSL_TRACE
+            s_msg = 2;
+#endif
+            break;
+        case OPT_SECURITY_DEBUG:
+            sdebug = 1;
+            break;
+        case OPT_SECURITY_DEBUG_VERBOSE:
+            sdebug = 2;
+            break;
+        case OPT_STATE:
+            state = 1;
+            break;
+        case OPT_CRLF:
+            s_crlf = 1;
+            break;
+        case OPT_QUIET:
+            s_quiet = 1;
+            break;
+        case OPT_BRIEF:
+            s_quiet = s_brief = verify_args.quiet = 1;
+            break;
+        case OPT_NO_DHE:
+#ifndef OPENSSL_NO_DH
+            no_dhe = 1;
+#endif
+            break;
+        case OPT_NO_RESUME_EPHEMERAL:
+            no_resume_ephemeral = 1;
+            break;
+        case OPT_PSK_IDENTITY:
+            psk_identity = opt_arg();
+            break;
+        case OPT_PSK_HINT:
+#ifndef OPENSSL_NO_PSK
+            psk_identity_hint = opt_arg();
+#endif
+            break;
+        case OPT_PSK:
+            for (p = psk_key = opt_arg(); *p; p++) {
+                if (isxdigit(_UC(*p)))
+                    continue;
+                BIO_printf(bio_err, "Not a hex number '%s'\n", psk_key);
+                goto end;
+            }
+            break;
+        case OPT_PSK_SESS:
+            psksessf = opt_arg();
+            break;
+        case OPT_SRPVFILE:
+#ifndef OPENSSL_NO_SRP
+            srp_verifier_file = opt_arg();
+            if (min_version < TLS1_VERSION)
+                min_version = TLS1_VERSION;
+#endif
+            break;
+        case OPT_SRPUSERSEED:
+#ifndef OPENSSL_NO_SRP
+            srpuserseed = opt_arg();
+            if (min_version < TLS1_VERSION)
+                min_version = TLS1_VERSION;
+#endif
+            break;
+        case OPT_REV:
+            rev = 1;
+            break;
+        case OPT_WWW:
+            www = 1;
+            break;
+        case OPT_UPPER_WWW:
+            www = 2;
+            break;
+        case OPT_HTTP:
+            www = 3;
+            break;
+        case OPT_SSL_CONFIG:
+            ssl_config = opt_arg();
+            break;
+        case OPT_SSL3:
+            min_version = SSL3_VERSION;
+            max_version = SSL3_VERSION;
+            break;
+        case OPT_TLS1_3:
+            min_version = TLS1_3_VERSION;
+            max_version = TLS1_3_VERSION;
+            break;
+        case OPT_TLS1_2:
+            min_version = TLS1_2_VERSION;
+            max_version = TLS1_2_VERSION;
+            break;
+        case OPT_TLS1_1:
+            min_version = TLS1_1_VERSION;
+            max_version = TLS1_1_VERSION;
+            break;
+        case OPT_TLS1:
+            min_version = TLS1_VERSION;
+            max_version = TLS1_VERSION;
+            break;
+        case OPT_DTLS:
+#ifndef OPENSSL_NO_DTLS
+            meth = DTLS_server_method();
+            socket_type = SOCK_DGRAM;
+#endif
+            break;
+        case OPT_DTLS1:
+#ifndef OPENSSL_NO_DTLS
+            meth = DTLS_server_method();
+            min_version = DTLS1_VERSION;
+            max_version = DTLS1_VERSION;
+            socket_type = SOCK_DGRAM;
+#endif
+            break;
+        case OPT_DTLS1_2:
+#ifndef OPENSSL_NO_DTLS
+            meth = DTLS_server_method();
+            min_version = DTLS1_2_VERSION;
+            max_version = DTLS1_2_VERSION;
+            socket_type = SOCK_DGRAM;
+#endif
+            break;
+        case OPT_SCTP:
+#ifndef OPENSSL_NO_SCTP
+            protocol = IPPROTO_SCTP;
+#endif
+            break;
+        case OPT_SCTP_LABEL_BUG:
+#ifndef OPENSSL_NO_SCTP
+            sctp_label_bug = 1;
+#endif
+            break;
+        case OPT_TIMEOUT:
+#ifndef OPENSSL_NO_DTLS
+            enable_timeouts = 1;
+#endif
+            break;
+        case OPT_MTU:
+#ifndef OPENSSL_NO_DTLS
+            socket_mtu = atol(opt_arg());
+#endif
+            break;
+        case OPT_LISTEN:
+#ifndef OPENSSL_NO_DTLS
+            dtlslisten = 1;
+#endif
+            break;
+        case OPT_STATELESS:
+            stateless = 1;
+            break;
+        case OPT_ID_PREFIX:
+            session_id_prefix = opt_arg();
+            break;
+        case OPT_ENGINE:
+            engine = setup_engine(opt_arg(), 1);
+            break;
+        case OPT_R_CASES:
+            if (!opt_rand(o))
+                goto end;
+            break;
+        case OPT_SERVERNAME:
+            tlsextcbp.servername = opt_arg();
+            break;
+        case OPT_SERVERNAME_FATAL:
+            tlsextcbp.extension_error = SSL_TLSEXT_ERR_ALERT_FATAL;
+            break;
+        case OPT_CERT2:
+            s_cert_file2 = opt_arg();
+            break;
+        case OPT_KEY2:
+            s_key_file2 = opt_arg();
+            break;
+        case OPT_NEXTPROTONEG:
+# ifndef OPENSSL_NO_NEXTPROTONEG
+            next_proto_neg_in = opt_arg();
+#endif
+            break;
+        case OPT_ALPN:
+            alpn_in = opt_arg();
+            break;
+        case OPT_SRTP_PROFILES:
+#ifndef OPENSSL_NO_SRTP
+            srtp_profiles = opt_arg();
+#endif
+            break;
+        case OPT_KEYMATEXPORT:
+            keymatexportlabel = opt_arg();
+            break;
+        case OPT_KEYMATEXPORTLEN:
+            keymatexportlen = atoi(opt_arg());
+            break;
+        case OPT_ASYNC:
+            async = 1;
+            break;
+        case OPT_MAX_SEND_FRAG:
+            max_send_fragment = atoi(opt_arg());
+            break;
+        case OPT_SPLIT_SEND_FRAG:
+            split_send_fragment = atoi(opt_arg());
+            break;
+        case OPT_MAX_PIPELINES:
+            max_pipelines = atoi(opt_arg());
+            break;
+        case OPT_READ_BUF:
+            read_buf_len = atoi(opt_arg());
+            break;
+        case OPT_KEYLOG_FILE:
+            keylog_file = opt_arg();
+            break;
+        case OPT_MAX_EARLY:
+            max_early_data = atoi(opt_arg());
+            if (max_early_data < 0) {
+                BIO_printf(bio_err, "Invalid value for max_early_data\n");
+                goto end;
+            }
+            break;
+        case OPT_RECV_MAX_EARLY:
+            recv_max_early_data = atoi(opt_arg());
+            if (recv_max_early_data < 0) {
+                BIO_printf(bio_err, "Invalid value for recv_max_early_data\n");
+                goto end;
+            }
+            break;
+        case OPT_EARLY_DATA:
+            early_data = 1;
+            if (max_early_data == -1)
+                max_early_data = SSL3_RT_MAX_PLAIN_LENGTH;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    argv = opt_rest();
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    if (min_version == TLS1_3_VERSION && next_proto_neg_in != NULL) {
+        BIO_printf(bio_err, "Cannot supply -nextprotoneg with TLSv1.3\n");
+        goto opthelp;
+    }
+#endif
+#ifndef OPENSSL_NO_DTLS
+    if (www && socket_type == SOCK_DGRAM) {
+        BIO_printf(bio_err, "Can't use -HTTP, -www or -WWW with DTLS\n");
+        goto end;
+    }
+
+    if (dtlslisten && socket_type != SOCK_DGRAM) {
+        BIO_printf(bio_err, "Can only use -listen with DTLS\n");
+        goto end;
+    }
+#endif
+
+    if (stateless && socket_type != SOCK_STREAM) {
+        BIO_printf(bio_err, "Can only use --stateless with TLS\n");
+        goto end;
+    }
+
+#ifdef AF_UNIX
+    if (socket_family == AF_UNIX && socket_type != SOCK_STREAM) {
+        BIO_printf(bio_err,
+                   "Can't use unix sockets and datagrams together\n");
+        goto end;
+    }
+#endif
+    if (early_data && (www > 0 || rev)) {
+        BIO_printf(bio_err,
+                   "Can't use -early_data in combination with -www, -WWW, -HTTP, or -rev\n");
+        goto end;
+    }
+
+#ifndef OPENSSL_NO_SCTP
+    if (protocol == IPPROTO_SCTP) {
+        if (socket_type != SOCK_DGRAM) {
+            BIO_printf(bio_err, "Can't use -sctp without DTLS\n");
+            goto end;
+        }
+        /* SCTP is unusual. It uses DTLS over a SOCK_STREAM protocol */
+        socket_type = SOCK_STREAM;
+    }
+#endif
+
+    if (!app_passwd(passarg, dpassarg, &pass, &dpass)) {
+        BIO_printf(bio_err, "Error getting password\n");
+        goto end;
+    }
+
+    if (s_key_file == NULL)
+        s_key_file = s_cert_file;
+
+    if (s_key_file2 == NULL)
+        s_key_file2 = s_cert_file2;
+
+    if (!load_excert(&exc))
+        goto end;
+
+    if (nocert == 0) {
+        s_key = load_key(s_key_file, s_key_format, 0, pass, engine,
+                         "server certificate private key file");
+        if (s_key == NULL) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+
+        s_cert = load_cert(s_cert_file, s_cert_format,
+                           "server certificate file");
+
+        if (s_cert == NULL) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        if (s_chain_file != NULL) {
+            if (!load_certs(s_chain_file, &s_chain, FORMAT_PEM, NULL,
+                            "server certificate chain"))
+                goto end;
+        }
+
+        if (tlsextcbp.servername != NULL) {
+            s_key2 = load_key(s_key_file2, s_key_format, 0, pass, engine,
+                              "second server certificate private key file");
+            if (s_key2 == NULL) {
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+
+            s_cert2 = load_cert(s_cert_file2, s_cert_format,
+                                "second server certificate file");
+
+            if (s_cert2 == NULL) {
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+        }
+    }
+#if !defined(OPENSSL_NO_NEXTPROTONEG)
+    if (next_proto_neg_in) {
+        next_proto.data = next_protos_parse(&next_proto.len, next_proto_neg_in);
+        if (next_proto.data == NULL)
+            goto end;
+    }
+#endif
+    alpn_ctx.data = NULL;
+    if (alpn_in) {
+        alpn_ctx.data = next_protos_parse(&alpn_ctx.len, alpn_in);
+        if (alpn_ctx.data == NULL)
+            goto end;
+    }
+
+    if (crl_file != NULL) {
+        X509_CRL *crl;
+        crl = load_crl(crl_file, crl_format);
+        if (crl == NULL) {
+            BIO_puts(bio_err, "Error loading CRL\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        crls = sk_X509_CRL_new_null();
+        if (crls == NULL || !sk_X509_CRL_push(crls, crl)) {
+            BIO_puts(bio_err, "Error adding CRL\n");
+            ERR_print_errors(bio_err);
+            X509_CRL_free(crl);
+            goto end;
+        }
+    }
+
+    if (s_dcert_file != NULL) {
+
+        if (s_dkey_file == NULL)
+            s_dkey_file = s_dcert_file;
+
+        s_dkey = load_key(s_dkey_file, s_dkey_format,
+                          0, dpass, engine, "second certificate private key file");
+        if (s_dkey == NULL) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+
+        s_dcert = load_cert(s_dcert_file, s_dcert_format,
+                            "second server certificate file");
+
+        if (s_dcert == NULL) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        if (s_dchain_file != NULL) {
+            if (!load_certs(s_dchain_file, &s_dchain, FORMAT_PEM, NULL,
+                            "second server certificate chain"))
+                goto end;
+        }
+
+    }
+
+    if (bio_s_out == NULL) {
+        if (s_quiet && !s_debug) {
+            bio_s_out = BIO_new(BIO_s_null());
+            if (s_msg && bio_s_msg == NULL)
+                bio_s_msg = dup_bio_out(FORMAT_TEXT);
+        } else {
+            if (bio_s_out == NULL)
+                bio_s_out = dup_bio_out(FORMAT_TEXT);
+        }
+    }
+#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
+    if (nocert)
+#endif
+    {
+        s_cert_file = NULL;
+        s_key_file = NULL;
+        s_dcert_file = NULL;
+        s_dkey_file = NULL;
+        s_cert_file2 = NULL;
+        s_key_file2 = NULL;
+    }
+
+    ctx = SSL_CTX_new(meth);
+    if (ctx == NULL) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    SSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY);
+
+    if (sdebug)
+        ssl_ctx_security_debug(ctx, sdebug);
+
+    if (!config_ctx(cctx, ssl_args, ctx))
+        goto end;
+
+    if (ssl_config) {
+        if (SSL_CTX_config(ctx, ssl_config) == 0) {
+            BIO_printf(bio_err, "Error using configuration \"%s\"\n",
+                       ssl_config);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+#ifndef OPENSSL_NO_SCTP
+    if (protocol == IPPROTO_SCTP && sctp_label_bug == 1)
+        SSL_CTX_set_mode(ctx, SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG);
+#endif
+
+    if (min_version != 0
+        && SSL_CTX_set_min_proto_version(ctx, min_version) == 0)
+        goto end;
+    if (max_version != 0
+        && SSL_CTX_set_max_proto_version(ctx, max_version) == 0)
+        goto end;
+
+    if (session_id_prefix) {
+        if (strlen(session_id_prefix) >= 32)
+            BIO_printf(bio_err,
+                       "warning: id_prefix is too long, only one new session will be possible\n");
+        if (!SSL_CTX_set_generate_session_id(ctx, generate_session_id)) {
+            BIO_printf(bio_err, "error setting 'id_prefix'\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        BIO_printf(bio_err, "id_prefix '%s' set.\n", session_id_prefix);
+    }
+    SSL_CTX_set_quiet_shutdown(ctx, 1);
+    if (exc != NULL)
+        ssl_ctx_set_excert(ctx, exc);
+
+    if (state)
+        SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback);
+    if (no_cache)
+        SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
+    else if (ext_cache)
+        init_session_cache_ctx(ctx);
+    else
+        SSL_CTX_sess_set_cache_size(ctx, 128);
+
+    if (async) {
+        SSL_CTX_set_mode(ctx, SSL_MODE_ASYNC);
+    }
+
+    if (max_send_fragment > 0
+        && !SSL_CTX_set_max_send_fragment(ctx, max_send_fragment)) {
+        BIO_printf(bio_err, "%s: Max send fragment size %u is out of permitted range\n",
+                   prog, max_send_fragment);
+        goto end;
+    }
+
+    if (split_send_fragment > 0
+        && !SSL_CTX_set_split_send_fragment(ctx, split_send_fragment)) {
+        BIO_printf(bio_err, "%s: Split send fragment size %u is out of permitted range\n",
+                   prog, split_send_fragment);
+        goto end;
+    }
+    if (max_pipelines > 0
+        && !SSL_CTX_set_max_pipelines(ctx, max_pipelines)) {
+        BIO_printf(bio_err, "%s: Max pipelines %u is out of permitted range\n",
+                   prog, max_pipelines);
+        goto end;
+    }
+
+    if (read_buf_len > 0) {
+        SSL_CTX_set_default_read_buffer_len(ctx, read_buf_len);
+    }
+#ifndef OPENSSL_NO_SRTP
+    if (srtp_profiles != NULL) {
+        /* Returns 0 on success! */
+        if (SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles) != 0) {
+            BIO_printf(bio_err, "Error setting SRTP profile\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+#endif
+
+    if (!ctx_set_verify_locations(ctx, CAfile, CApath, noCAfile, noCApath)) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+    if (vpmtouched && !SSL_CTX_set1_param(ctx, vpm)) {
+        BIO_printf(bio_err, "Error setting verify params\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    ssl_ctx_add_crls(ctx, crls, 0);
+
+    if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile,
+                         crls, crl_download)) {
+        BIO_printf(bio_err, "Error loading store locations\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    if (s_cert2) {
+        ctx2 = SSL_CTX_new(meth);
+        if (ctx2 == NULL) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (ctx2 != NULL) {
+        BIO_printf(bio_s_out, "Setting secondary ctx parameters\n");
+
+        if (sdebug)
+            ssl_ctx_security_debug(ctx, sdebug);
+
+        if (session_id_prefix) {
+            if (strlen(session_id_prefix) >= 32)
+                BIO_printf(bio_err,
+                           "warning: id_prefix is too long, only one new session will be possible\n");
+            if (!SSL_CTX_set_generate_session_id(ctx2, generate_session_id)) {
+                BIO_printf(bio_err, "error setting 'id_prefix'\n");
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+            BIO_printf(bio_err, "id_prefix '%s' set.\n", session_id_prefix);
+        }
+        SSL_CTX_set_quiet_shutdown(ctx2, 1);
+        if (exc != NULL)
+            ssl_ctx_set_excert(ctx2, exc);
+
+        if (state)
+            SSL_CTX_set_info_callback(ctx2, apps_ssl_info_callback);
+
+        if (no_cache)
+            SSL_CTX_set_session_cache_mode(ctx2, SSL_SESS_CACHE_OFF);
+        else if (ext_cache)
+            init_session_cache_ctx(ctx2);
+        else
+            SSL_CTX_sess_set_cache_size(ctx2, 128);
+
+        if (async)
+            SSL_CTX_set_mode(ctx2, SSL_MODE_ASYNC);
+
+        if (!ctx_set_verify_locations(ctx2, CAfile, CApath, noCAfile,
+                                      noCApath)) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        if (vpmtouched && !SSL_CTX_set1_param(ctx2, vpm)) {
+            BIO_printf(bio_err, "Error setting verify params\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+
+        ssl_ctx_add_crls(ctx2, crls, 0);
+        if (!config_ctx(cctx, ssl_args, ctx2))
+            goto end;
+    }
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    if (next_proto.data)
+        SSL_CTX_set_next_protos_advertised_cb(ctx, next_proto_cb,
+                                              &next_proto);
+#endif
+    if (alpn_ctx.data)
+        SSL_CTX_set_alpn_select_cb(ctx, alpn_cb, &alpn_ctx);
+
+#ifndef OPENSSL_NO_DH
+    if (!no_dhe) {
+        DH *dh = NULL;
+
+        if (dhfile != NULL)
+            dh = load_dh_param(dhfile);
+        else if (s_cert_file != NULL)
+            dh = load_dh_param(s_cert_file);
+
+        if (dh != NULL) {
+            BIO_printf(bio_s_out, "Setting temp DH parameters\n");
+        } else {
+            BIO_printf(bio_s_out, "Using default temp DH parameters\n");
+        }
+        (void)BIO_flush(bio_s_out);
+
+        if (dh == NULL) {
+            SSL_CTX_set_dh_auto(ctx, 1);
+        } else if (!SSL_CTX_set_tmp_dh(ctx, dh)) {
+            BIO_puts(bio_err, "Error setting temp DH parameters\n");
+            ERR_print_errors(bio_err);
+            DH_free(dh);
+            goto end;
+        }
+
+        if (ctx2 != NULL) {
+            if (!dhfile) {
+                DH *dh2 = load_dh_param(s_cert_file2);
+                if (dh2 != NULL) {
+                    BIO_printf(bio_s_out, "Setting temp DH parameters\n");
+                    (void)BIO_flush(bio_s_out);
+
+                    DH_free(dh);
+                    dh = dh2;
+                }
+            }
+            if (dh == NULL) {
+                SSL_CTX_set_dh_auto(ctx2, 1);
+            } else if (!SSL_CTX_set_tmp_dh(ctx2, dh)) {
+                BIO_puts(bio_err, "Error setting temp DH parameters\n");
+                ERR_print_errors(bio_err);
+                DH_free(dh);
+                goto end;
+            }
+        }
+        DH_free(dh);
+    }
+#endif
+
+    if (!set_cert_key_stuff(ctx, s_cert, s_key, s_chain, build_chain))
+        goto end;
+
+    if (s_serverinfo_file != NULL
+        && !SSL_CTX_use_serverinfo_file(ctx, s_serverinfo_file)) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    if (ctx2 != NULL
+        && !set_cert_key_stuff(ctx2, s_cert2, s_key2, NULL, build_chain))
+        goto end;
+
+    if (s_dcert != NULL) {
+        if (!set_cert_key_stuff(ctx, s_dcert, s_dkey, s_dchain, build_chain))
+            goto end;
+    }
+
+    if (no_resume_ephemeral) {
+        SSL_CTX_set_not_resumable_session_callback(ctx,
+                                                   not_resumable_sess_cb);
+
+        if (ctx2 != NULL)
+            SSL_CTX_set_not_resumable_session_callback(ctx2,
+                                                       not_resumable_sess_cb);
+    }
+#ifndef OPENSSL_NO_PSK
+    if (psk_key != NULL) {
+        if (s_debug)
+            BIO_printf(bio_s_out, "PSK key given, setting server callback\n");
+        SSL_CTX_set_psk_server_callback(ctx, psk_server_cb);
+    }
+
+    if (!SSL_CTX_use_psk_identity_hint(ctx, psk_identity_hint)) {
+        BIO_printf(bio_err, "error setting PSK identity hint to context\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+#endif
+    if (psksessf != NULL) {
+        BIO *stmp = BIO_new_file(psksessf, "r");
+
+        if (stmp == NULL) {
+            BIO_printf(bio_err, "Can't open PSK session file %s\n", psksessf);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        psksess = PEM_read_bio_SSL_SESSION(stmp, NULL, 0, NULL);
+        BIO_free(stmp);
+        if (psksess == NULL) {
+            BIO_printf(bio_err, "Can't read PSK session file %s\n", psksessf);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+
+    }
+
+    if (psk_key != NULL || psksess != NULL)
+        SSL_CTX_set_psk_find_session_callback(ctx, psk_find_session_cb);
+
+    SSL_CTX_set_verify(ctx, s_server_verify, verify_callback);
+    if (!SSL_CTX_set_session_id_context(ctx,
+                                        (void *)&s_server_session_id_context,
+                                        sizeof(s_server_session_id_context))) {
+        BIO_printf(bio_err, "error setting session id context\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    /* Set DTLS cookie generation and verification callbacks */
+    SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback);
+    SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback);
+
+    /* Set TLS1.3 cookie generation and verification callbacks */
+    SSL_CTX_set_stateless_cookie_generate_cb(ctx, generate_stateless_cookie_callback);
+    SSL_CTX_set_stateless_cookie_verify_cb(ctx, verify_stateless_cookie_callback);
+
+    if (ctx2 != NULL) {
+        SSL_CTX_set_verify(ctx2, s_server_verify, verify_callback);
+        if (!SSL_CTX_set_session_id_context(ctx2,
+                    (void *)&s_server_session_id_context,
+                    sizeof(s_server_session_id_context))) {
+            BIO_printf(bio_err, "error setting session id context\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        tlsextcbp.biodebug = bio_s_out;
+        SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb);
+        SSL_CTX_set_tlsext_servername_arg(ctx2, &tlsextcbp);
+        SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
+        SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);
+    }
+
+#ifndef OPENSSL_NO_SRP
+    if (srp_verifier_file != NULL) {
+        srp_callback_parm.vb = SRP_VBASE_new(srpuserseed);
+        srp_callback_parm.user = NULL;
+        srp_callback_parm.login = NULL;
+        if ((ret =
+             SRP_VBASE_init(srp_callback_parm.vb,
+                            srp_verifier_file)) != SRP_NO_ERROR) {
+            BIO_printf(bio_err,
+                       "Cannot initialize SRP verifier file \"%s\":ret=%d\n",
+                       srp_verifier_file, ret);
+            goto end;
+        }
+        SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, verify_callback);
+        SSL_CTX_set_srp_cb_arg(ctx, &srp_callback_parm);
+        SSL_CTX_set_srp_username_callback(ctx, ssl_srp_server_param_cb);
+    } else
+#endif
+    if (CAfile != NULL) {
+        SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile));
+
+        if (ctx2)
+            SSL_CTX_set_client_CA_list(ctx2, SSL_load_client_CA_file(CAfile));
+    }
+#ifndef OPENSSL_NO_OCSP
+    if (s_tlsextstatus) {
+        SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb);
+        SSL_CTX_set_tlsext_status_arg(ctx, &tlscstatp);
+        if (ctx2) {
+            SSL_CTX_set_tlsext_status_cb(ctx2, cert_status_cb);
+            SSL_CTX_set_tlsext_status_arg(ctx2, &tlscstatp);
+        }
+    }
+#endif
+    if (set_keylog_file(ctx, keylog_file))
+        goto end;
+
+    if (max_early_data >= 0)
+        SSL_CTX_set_max_early_data(ctx, max_early_data);
+    if (recv_max_early_data >= 0)
+        SSL_CTX_set_recv_max_early_data(ctx, recv_max_early_data);
+
+    if (rev)
+        server_cb = rev_body;
+    else if (www)
+        server_cb = www_body;
+    else
+        server_cb = sv_body;
+#ifdef AF_UNIX
+    if (socket_family == AF_UNIX
+        && unlink_unix_path)
+        unlink(host);
+#endif
+    do_server(&accept_socket, host, port, socket_family, socket_type, protocol,
+              server_cb, context, naccept, bio_s_out);
+    print_stats(bio_s_out, ctx);
+    ret = 0;
+ end:
+    SSL_CTX_free(ctx);
+    SSL_SESSION_free(psksess);
+    set_keylog_file(NULL, NULL);
+    X509_free(s_cert);
+    sk_X509_CRL_pop_free(crls, X509_CRL_free);
+    X509_free(s_dcert);
+    EVP_PKEY_free(s_key);
+    EVP_PKEY_free(s_dkey);
+    sk_X509_pop_free(s_chain, X509_free);
+    sk_X509_pop_free(s_dchain, X509_free);
+    OPENSSL_free(pass);
+    OPENSSL_free(dpass);
+    OPENSSL_free(host);
+    OPENSSL_free(port);
+    X509_VERIFY_PARAM_free(vpm);
+    free_sessions();
+    OPENSSL_free(tlscstatp.host);
+    OPENSSL_free(tlscstatp.port);
+    OPENSSL_free(tlscstatp.path);
+    SSL_CTX_free(ctx2);
+    X509_free(s_cert2);
+    EVP_PKEY_free(s_key2);
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    OPENSSL_free(next_proto.data);
+#endif
+    OPENSSL_free(alpn_ctx.data);
+    ssl_excert_free(exc);
+    sk_OPENSSL_STRING_free(ssl_args);
+    SSL_CONF_CTX_free(cctx);
+    release_engine(engine);
+    BIO_free(bio_s_out);
+    bio_s_out = NULL;
+    BIO_free(bio_s_msg);
+    bio_s_msg = NULL;
+#ifdef CHARSET_EBCDIC
+    BIO_meth_free(methods_ebcdic);
+#endif
+    return ret;
+}
+
+static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
+{
+    BIO_printf(bio, "%4ld items in the session cache\n",
+               SSL_CTX_sess_number(ssl_ctx));
+    BIO_printf(bio, "%4ld client connects (SSL_connect())\n",
+               SSL_CTX_sess_connect(ssl_ctx));
+    BIO_printf(bio, "%4ld client renegotiates (SSL_connect())\n",
+               SSL_CTX_sess_connect_renegotiate(ssl_ctx));
+    BIO_printf(bio, "%4ld client connects that finished\n",
+               SSL_CTX_sess_connect_good(ssl_ctx));
+    BIO_printf(bio, "%4ld server accepts (SSL_accept())\n",
+               SSL_CTX_sess_accept(ssl_ctx));
+    BIO_printf(bio, "%4ld server renegotiates (SSL_accept())\n",
+               SSL_CTX_sess_accept_renegotiate(ssl_ctx));
+    BIO_printf(bio, "%4ld server accepts that finished\n",
+               SSL_CTX_sess_accept_good(ssl_ctx));
+    BIO_printf(bio, "%4ld session cache hits\n", SSL_CTX_sess_hits(ssl_ctx));
+    BIO_printf(bio, "%4ld session cache misses\n",
+               SSL_CTX_sess_misses(ssl_ctx));
+    BIO_printf(bio, "%4ld session cache timeouts\n",
+               SSL_CTX_sess_timeouts(ssl_ctx));
+    BIO_printf(bio, "%4ld callback cache hits\n",
+               SSL_CTX_sess_cb_hits(ssl_ctx));
+    BIO_printf(bio, "%4ld cache full overflows (%ld allowed)\n",
+               SSL_CTX_sess_cache_full(ssl_ctx),
+               SSL_CTX_sess_get_cache_size(ssl_ctx));
+}
+
+static int sv_body(int s, int stype, int prot, unsigned char *context)
+{
+    char *buf = NULL;
+    fd_set readfds;
+    int ret = 1, width;
+    int k, i;
+    unsigned long l;
+    SSL *con = NULL;
+    BIO *sbio;
+    struct timeval timeout;
+#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS))
+    struct timeval *timeoutp;
+#endif
+#ifndef OPENSSL_NO_DTLS
+# ifndef OPENSSL_NO_SCTP
+    int isdtls = (stype == SOCK_DGRAM || prot == IPPROTO_SCTP);
+# else
+    int isdtls = (stype == SOCK_DGRAM);
+# endif
+#endif
+
+    buf = app_malloc(bufsize, "server buffer");
+    if (s_nbio) {
+        if (!BIO_socket_nbio(s, 1))
+            ERR_print_errors(bio_err);
+        else if (!s_quiet)
+            BIO_printf(bio_err, "Turned on non blocking io\n");
+    }
+
+    con = SSL_new(ctx);
+    if (con == NULL) {
+        ret = -1;
+        goto err;
+    }
+
+    if (s_tlsextdebug) {
+        SSL_set_tlsext_debug_callback(con, tlsext_cb);
+        SSL_set_tlsext_debug_arg(con, bio_s_out);
+    }
+
+    if (context != NULL
+        && !SSL_set_session_id_context(con, context,
+                                       strlen((char *)context))) {
+        BIO_printf(bio_err, "Error setting session id context\n");
+        ret = -1;
+        goto err;
+    }
+
+    if (!SSL_clear(con)) {
+        BIO_printf(bio_err, "Error clearing SSL connection\n");
+        ret = -1;
+        goto err;
+    }
+#ifndef OPENSSL_NO_DTLS
+    if (isdtls) {
+# ifndef OPENSSL_NO_SCTP
+        if (prot == IPPROTO_SCTP)
+            sbio = BIO_new_dgram_sctp(s, BIO_NOCLOSE);
+        else
+# endif
+            sbio = BIO_new_dgram(s, BIO_NOCLOSE);
+
+        if (enable_timeouts) {
+            timeout.tv_sec = 0;
+            timeout.tv_usec = DGRAM_RCV_TIMEOUT;
+            BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
+
+            timeout.tv_sec = 0;
+            timeout.tv_usec = DGRAM_SND_TIMEOUT;
+            BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
+        }
+
+        if (socket_mtu) {
+            if (socket_mtu < DTLS_get_link_min_mtu(con)) {
+                BIO_printf(bio_err, "MTU too small. Must be at least %ld\n",
+                           DTLS_get_link_min_mtu(con));
+                ret = -1;
+                BIO_free(sbio);
+                goto err;
+            }
+            SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
+            if (!DTLS_set_link_mtu(con, socket_mtu)) {
+                BIO_printf(bio_err, "Failed to set MTU\n");
+                ret = -1;
+                BIO_free(sbio);
+                goto err;
+            }
+        } else
+            /* want to do MTU discovery */
+            BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
+
+# ifndef OPENSSL_NO_SCTP
+        if (prot != IPPROTO_SCTP)
+# endif
+            /* Turn on cookie exchange. Not necessary for SCTP */
+            SSL_set_options(con, SSL_OP_COOKIE_EXCHANGE);
+    } else
+#endif
+        sbio = BIO_new_socket(s, BIO_NOCLOSE);
+
+    if (sbio == NULL) {
+        BIO_printf(bio_err, "Unable to create BIO\n");
+        ERR_print_errors(bio_err);
+        goto err;
+    }
+
+    if (s_nbio_test) {
+        BIO *test;
+
+        test = BIO_new(BIO_f_nbio_test());
+        sbio = BIO_push(test, sbio);
+    }
+
+    SSL_set_bio(con, sbio, sbio);
+    SSL_set_accept_state(con);
+    /* SSL_set_fd(con,s); */
+
+    if (s_debug) {
+        BIO_set_callback(SSL_get_rbio(con), bio_dump_callback);
+        BIO_set_callback_arg(SSL_get_rbio(con), (char *)bio_s_out);
+    }
+    if (s_msg) {
+#ifndef OPENSSL_NO_SSL_TRACE
+        if (s_msg == 2)
+            SSL_set_msg_callback(con, SSL_trace);
+        else
+#endif
+            SSL_set_msg_callback(con, msg_cb);
+        SSL_set_msg_callback_arg(con, bio_s_msg ? bio_s_msg : bio_s_out);
+    }
+
+    if (s_tlsextdebug) {
+        SSL_set_tlsext_debug_callback(con, tlsext_cb);
+        SSL_set_tlsext_debug_arg(con, bio_s_out);
+    }
+
+    if (early_data) {
+        int write_header = 1, edret = SSL_READ_EARLY_DATA_ERROR;
+        size_t readbytes;
+
+        while (edret != SSL_READ_EARLY_DATA_FINISH) {
+            for (;;) {
+                edret = SSL_read_early_data(con, buf, bufsize, &readbytes);
+                if (edret != SSL_READ_EARLY_DATA_ERROR)
+                    break;
+
+                switch (SSL_get_error(con, 0)) {
+                case SSL_ERROR_WANT_WRITE:
+                case SSL_ERROR_WANT_ASYNC:
+                case SSL_ERROR_WANT_READ:
+                    /* Just keep trying - busy waiting */
+                    continue;
+                default:
+                    BIO_printf(bio_err, "Error reading early data\n");
+                    ERR_print_errors(bio_err);
+                    goto err;
+                }
+            }
+            if (readbytes > 0) {
+                if (write_header) {
+                    BIO_printf(bio_s_out, "Early data received:\n");
+                    write_header = 0;
+                }
+                raw_write_stdout(buf, (unsigned int)readbytes);
+                (void)BIO_flush(bio_s_out);
+            }
+        }
+        if (write_header) {
+            if (SSL_get_early_data_status(con) == SSL_EARLY_DATA_NOT_SENT)
+                BIO_printf(bio_s_out, "No early data received\n");
+            else
+                BIO_printf(bio_s_out, "Early data was rejected\n");
+        } else {
+            BIO_printf(bio_s_out, "\nEnd of early data\n");
+        }
+        if (SSL_is_init_finished(con))
+            print_connection_info(con);
+    }
+
+    if (fileno_stdin() > s)
+        width = fileno_stdin() + 1;
+    else
+        width = s + 1;
+    for (;;) {
+        int read_from_terminal;
+        int read_from_sslcon;
+
+        read_from_terminal = 0;
+        read_from_sslcon = SSL_has_pending(con)
+                           || (async && SSL_waiting_for_async(con));
+
+        if (!read_from_sslcon) {
+            FD_ZERO(&readfds);
+#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS)
+            openssl_fdset(fileno_stdin(), &readfds);
+#endif
+            openssl_fdset(s, &readfds);
+            /*
+             * Note: under VMS with SOCKETSHR the second parameter is
+             * currently of type (int *) whereas under other systems it is
+             * (void *) if you don't have a cast it will choke the compiler:
+             * if you do have a cast then you can either go for (int *) or
+             * (void *).
+             */
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
+            /*
+             * Under DOS (non-djgpp) and Windows we can't select on stdin:
+             * only on sockets. As a workaround we timeout the select every
+             * second and check for any keypress. In a proper Windows
+             * application we wouldn't do this because it is inefficient.
+             */
+            timeout.tv_sec = 1;
+            timeout.tv_usec = 0;
+            i = select(width, (void *)&readfds, NULL, NULL, &timeout);
+            if (has_stdin_waiting())
+                read_from_terminal = 1;
+            if ((i < 0) || (!i && !read_from_terminal))
+                continue;
+#else
+            if (SSL_is_dtls(con) && DTLSv1_get_timeout(con, &timeout))
+                timeoutp = &timeout;
+            else
+                timeoutp = NULL;
+
+            i = select(width, (void *)&readfds, NULL, NULL, timeoutp);
+
+            if ((SSL_is_dtls(con)) && DTLSv1_handle_timeout(con) > 0)
+                BIO_printf(bio_err, "TIMEOUT occurred\n");
+
+            if (i <= 0)
+                continue;
+            if (FD_ISSET(fileno_stdin(), &readfds))
+                read_from_terminal = 1;
+#endif
+            if (FD_ISSET(s, &readfds))
+                read_from_sslcon = 1;
+        }
+        if (read_from_terminal) {
+            if (s_crlf) {
+                int j, lf_num;
+
+                i = raw_read_stdin(buf, bufsize / 2);
+                lf_num = 0;
+                /* both loops are skipped when i <= 0 */
+                for (j = 0; j < i; j++)
+                    if (buf[j] == '\n')
+                        lf_num++;
+                for (j = i - 1; j >= 0; j--) {
+                    buf[j + lf_num] = buf[j];
+                    if (buf[j] == '\n') {
+                        lf_num--;
+                        i++;
+                        buf[j + lf_num] = '\r';
+                    }
+                }
+                assert(lf_num == 0);
+            } else {
+                i = raw_read_stdin(buf, bufsize);
+            }
+
+            if (!s_quiet && !s_brief) {
+                if ((i <= 0) || (buf[0] == 'Q')) {
+                    BIO_printf(bio_s_out, "DONE\n");
+                    (void)BIO_flush(bio_s_out);
+                    BIO_closesocket(s);
+                    close_accept_socket();
+                    ret = -11;
+                    goto err;
+                }
+                if ((i <= 0) || (buf[0] == 'q')) {
+                    BIO_printf(bio_s_out, "DONE\n");
+                    (void)BIO_flush(bio_s_out);
+                    if (SSL_version(con) != DTLS1_VERSION)
+                        BIO_closesocket(s);
+                    /*
+                     * close_accept_socket(); ret= -11;
+                     */
+                    goto err;
+                }
+#ifndef OPENSSL_NO_HEARTBEATS
+                if ((buf[0] == 'B') && ((buf[1] == '\n') || (buf[1] == '\r'))) {
+                    BIO_printf(bio_err, "HEARTBEATING\n");
+                    SSL_heartbeat(con);
+                    i = 0;
+                    continue;
+                }
+#endif
+                if ((buf[0] == 'r') && ((buf[1] == '\n') || (buf[1] == '\r'))) {
+                    SSL_renegotiate(con);
+                    i = SSL_do_handshake(con);
+                    printf("SSL_do_handshake -> %d\n", i);
+                    i = 0;      /* 13; */
+                    continue;
+                }
+                if ((buf[0] == 'R') && ((buf[1] == '\n') || (buf[1] == '\r'))) {
+                    SSL_set_verify(con,
+                                   SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE,
+                                   NULL);
+                    SSL_renegotiate(con);
+                    i = SSL_do_handshake(con);
+                    printf("SSL_do_handshake -> %d\n", i);
+                    i = 0;      /* 13; */
+                    continue;
+                }
+                if ((buf[0] == 'K' || buf[0] == 'k')
+                        && ((buf[1] == '\n') || (buf[1] == '\r'))) {
+                    SSL_key_update(con, buf[0] == 'K' ?
+                                        SSL_KEY_UPDATE_REQUESTED
+                                        : SSL_KEY_UPDATE_NOT_REQUESTED);
+                    i = SSL_do_handshake(con);
+                    printf("SSL_do_handshake -> %d\n", i);
+                    i = 0;
+                    continue;
+                }
+                if (buf[0] == 'c' && ((buf[1] == '\n') || (buf[1] == '\r'))) {
+                    SSL_set_verify(con, SSL_VERIFY_PEER, NULL);
+                    i = SSL_verify_client_post_handshake(con);
+                    if (i == 0) {
+                        printf("Failed to initiate request\n");
+                        ERR_print_errors(bio_err);
+                    } else {
+                        i = SSL_do_handshake(con);
+                        printf("SSL_do_handshake -> %d\n", i);
+                        i = 0;
+                    }
+                    continue;
+                }
+                if (buf[0] == 'P') {
+                    static const char *str = "Lets print some clear text\n";
+                    BIO_write(SSL_get_wbio(con), str, strlen(str));
+                }
+                if (buf[0] == 'S') {
+                    print_stats(bio_s_out, SSL_get_SSL_CTX(con));
+                }
+            }
+#ifdef CHARSET_EBCDIC
+            ebcdic2ascii(buf, buf, i);
+#endif
+            l = k = 0;
+            for (;;) {
+                /* should do a select for the write */
+#ifdef RENEG
+                static count = 0;
+                if (++count == 100) {
+                    count = 0;
+                    SSL_renegotiate(con);
+                }
+#endif
+                k = SSL_write(con, &(buf[l]), (unsigned int)i);
+#ifndef OPENSSL_NO_SRP
+                while (SSL_get_error(con, k) == SSL_ERROR_WANT_X509_LOOKUP) {
+                    BIO_printf(bio_s_out, "LOOKUP renego during write\n");
+                    SRP_user_pwd_free(srp_callback_parm.user);
+                    srp_callback_parm.user =
+                        SRP_VBASE_get1_by_user(srp_callback_parm.vb,
+                                               srp_callback_parm.login);
+                    if (srp_callback_parm.user)
+                        BIO_printf(bio_s_out, "LOOKUP done %s\n",
+                                   srp_callback_parm.user->info);
+                    else
+                        BIO_printf(bio_s_out, "LOOKUP not successful\n");
+                    k = SSL_write(con, &(buf[l]), (unsigned int)i);
+                }
+#endif
+                switch (SSL_get_error(con, k)) {
+                case SSL_ERROR_NONE:
+                    break;
+                case SSL_ERROR_WANT_ASYNC:
+                    BIO_printf(bio_s_out, "Write BLOCK (Async)\n");
+                    (void)BIO_flush(bio_s_out);
+                    wait_for_async(con);
+                    break;
+                case SSL_ERROR_WANT_WRITE:
+                case SSL_ERROR_WANT_READ:
+                case SSL_ERROR_WANT_X509_LOOKUP:
+                    BIO_printf(bio_s_out, "Write BLOCK\n");
+                    (void)BIO_flush(bio_s_out);
+                    break;
+                case SSL_ERROR_WANT_ASYNC_JOB:
+                    /*
+                     * This shouldn't ever happen in s_server. Treat as an error
+                     */
+                case SSL_ERROR_SYSCALL:
+                case SSL_ERROR_SSL:
+                    BIO_printf(bio_s_out, "ERROR\n");
+                    (void)BIO_flush(bio_s_out);
+                    ERR_print_errors(bio_err);
+                    ret = 1;
+                    goto err;
+                    /* break; */
+                case SSL_ERROR_ZERO_RETURN:
+                    BIO_printf(bio_s_out, "DONE\n");
+                    (void)BIO_flush(bio_s_out);
+                    ret = 1;
+                    goto err;
+                }
+                if (k > 0) {
+                    l += k;
+                    i -= k;
+                }
+                if (i <= 0)
+                    break;
+            }
+        }
+        if (read_from_sslcon) {
+            /*
+             * init_ssl_connection handles all async events itself so if we're
+             * waiting for async then we shouldn't go back into
+             * init_ssl_connection
+             */
+            if ((!async || !SSL_waiting_for_async(con))
+                    && !SSL_is_init_finished(con)) {
+                i = init_ssl_connection(con);
+
+                if (i < 0) {
+                    ret = 0;
+                    goto err;
+                } else if (i == 0) {
+                    ret = 1;
+                    goto err;
+                }
+            } else {
+ again:
+                i = SSL_read(con, (char *)buf, bufsize);
+#ifndef OPENSSL_NO_SRP
+                while (SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
+                    BIO_printf(bio_s_out, "LOOKUP renego during read\n");
+                    SRP_user_pwd_free(srp_callback_parm.user);
+                    srp_callback_parm.user =
+                        SRP_VBASE_get1_by_user(srp_callback_parm.vb,
+                                               srp_callback_parm.login);
+                    if (srp_callback_parm.user)
+                        BIO_printf(bio_s_out, "LOOKUP done %s\n",
+                                   srp_callback_parm.user->info);
+                    else
+                        BIO_printf(bio_s_out, "LOOKUP not successful\n");
+                    i = SSL_read(con, (char *)buf, bufsize);
+                }
+#endif
+                switch (SSL_get_error(con, i)) {
+                case SSL_ERROR_NONE:
+#ifdef CHARSET_EBCDIC
+                    ascii2ebcdic(buf, buf, i);
+#endif
+                    raw_write_stdout(buf, (unsigned int)i);
+                    (void)BIO_flush(bio_s_out);
+                    if (SSL_has_pending(con))
+                        goto again;
+                    break;
+                case SSL_ERROR_WANT_ASYNC:
+                    BIO_printf(bio_s_out, "Read BLOCK (Async)\n");
+                    (void)BIO_flush(bio_s_out);
+                    wait_for_async(con);
+                    break;
+                case SSL_ERROR_WANT_WRITE:
+                case SSL_ERROR_WANT_READ:
+                    BIO_printf(bio_s_out, "Read BLOCK\n");
+                    (void)BIO_flush(bio_s_out);
+                    break;
+                case SSL_ERROR_WANT_ASYNC_JOB:
+                    /*
+                     * This shouldn't ever happen in s_server. Treat as an error
+                     */
+                case SSL_ERROR_SYSCALL:
+                case SSL_ERROR_SSL:
+                    BIO_printf(bio_s_out, "ERROR\n");
+                    (void)BIO_flush(bio_s_out);
+                    ERR_print_errors(bio_err);
+                    ret = 1;
+                    goto err;
+                case SSL_ERROR_ZERO_RETURN:
+                    BIO_printf(bio_s_out, "DONE\n");
+                    (void)BIO_flush(bio_s_out);
+                    ret = 1;
+                    goto err;
+                }
+            }
+        }
+    }
+ err:
+    if (con != NULL) {
+        BIO_printf(bio_s_out, "shutting down SSL\n");
+        SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
+        SSL_free(con);
+    }
+    BIO_printf(bio_s_out, "CONNECTION CLOSED\n");
+    OPENSSL_clear_free(buf, bufsize);
+    return ret;
+}
+
+static void close_accept_socket(void)
+{
+    BIO_printf(bio_err, "shutdown accept socket\n");
+    if (accept_socket >= 0) {
+        BIO_closesocket(accept_socket);
+    }
+}
+
+static int is_retryable(SSL *con, int i)
+{
+    int err = SSL_get_error(con, i);
+
+    /* If it's not a fatal error, it must be retryable */
+    return (err != SSL_ERROR_SSL)
+           && (err != SSL_ERROR_SYSCALL)
+           && (err != SSL_ERROR_ZERO_RETURN);
+}
+
+static int init_ssl_connection(SSL *con)
+{
+    int i;
+    long verify_err;
+    int retry = 0;
+
+    if (dtlslisten || stateless) {
+        BIO_ADDR *client = NULL;
+
+        if (dtlslisten) {
+            if ((client = BIO_ADDR_new()) == NULL) {
+                BIO_printf(bio_err, "ERROR - memory\n");
+                return 0;
+            }
+            i = DTLSv1_listen(con, client);
+        } else {
+            i = SSL_stateless(con);
+        }
+        if (i > 0) {
+            BIO *wbio;
+            int fd = -1;
+
+            if (dtlslisten) {
+                wbio = SSL_get_wbio(con);
+                if (wbio) {
+                    BIO_get_fd(wbio, &fd);
+                }
+
+                if (!wbio || BIO_connect(fd, client, 0) == 0) {
+                    BIO_printf(bio_err, "ERROR - unable to connect\n");
+                    BIO_ADDR_free(client);
+                    return 0;
+                }
+
+                (void)BIO_ctrl_set_connected(wbio, client);
+                BIO_ADDR_free(client);
+                dtlslisten = 0;
+            } else {
+                stateless = 0;
+            }
+            i = SSL_accept(con);
+        } else {
+            BIO_ADDR_free(client);
+        }
+    } else {
+        do {
+            i = SSL_accept(con);
+
+            if (i <= 0)
+                retry = is_retryable(con, i);
+#ifdef CERT_CB_TEST_RETRY
+            {
+                while (i <= 0
+                        && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP
+                        && SSL_get_state(con) == TLS_ST_SR_CLNT_HELLO) {
+                    BIO_printf(bio_err,
+                               "LOOKUP from certificate callback during accept\n");
+                    i = SSL_accept(con);
+                    if (i <= 0)
+                        retry = is_retryable(con, i);
+                }
+            }
+#endif
+
+#ifndef OPENSSL_NO_SRP
+            while (i <= 0
+                   && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
+                BIO_printf(bio_s_out, "LOOKUP during accept %s\n",
+                           srp_callback_parm.login);
+                SRP_user_pwd_free(srp_callback_parm.user);
+                srp_callback_parm.user =
+                    SRP_VBASE_get1_by_user(srp_callback_parm.vb,
+                                           srp_callback_parm.login);
+                if (srp_callback_parm.user)
+                    BIO_printf(bio_s_out, "LOOKUP done %s\n",
+                               srp_callback_parm.user->info);
+                else
+                    BIO_printf(bio_s_out, "LOOKUP not successful\n");
+                i = SSL_accept(con);
+                if (i <= 0)
+                    retry = is_retryable(con, i);
+            }
+#endif
+        } while (i < 0 && SSL_waiting_for_async(con));
+    }
+
+    if (i <= 0) {
+        if (((dtlslisten || stateless) && i == 0)
+                || (!dtlslisten && !stateless && retry)) {
+            BIO_printf(bio_s_out, "DELAY\n");
+            return 1;
+        }
+
+        BIO_printf(bio_err, "ERROR\n");
+
+        verify_err = SSL_get_verify_result(con);
+        if (verify_err != X509_V_OK) {
+            BIO_printf(bio_err, "verify error:%s\n",
+                       X509_verify_cert_error_string(verify_err));
+        }
+        /* Always print any error messages */
+        ERR_print_errors(bio_err);
+        return 0;
+    }
+
+    print_connection_info(con);
+    return 1;
+}
+
+static void print_connection_info(SSL *con)
+{
+    const char *str;
+    X509 *peer;
+    char buf[BUFSIZ];
+#if !defined(OPENSSL_NO_NEXTPROTONEG)
+    const unsigned char *next_proto_neg;
+    unsigned next_proto_neg_len;
+#endif
+    unsigned char *exportedkeymat;
+    int i;
+
+    if (s_brief)
+        print_ssl_summary(con);
+
+    PEM_write_bio_SSL_SESSION(bio_s_out, SSL_get_session(con));
+
+    peer = SSL_get_peer_certificate(con);
+    if (peer != NULL) {
+        BIO_printf(bio_s_out, "Client certificate\n");
+        PEM_write_bio_X509(bio_s_out, peer);
+        dump_cert_text(bio_s_out, peer);
+        X509_free(peer);
+        peer = NULL;
+    }
+
+    if (SSL_get_shared_ciphers(con, buf, sizeof(buf)) != NULL)
+        BIO_printf(bio_s_out, "Shared ciphers:%s\n", buf);
+    str = SSL_CIPHER_get_name(SSL_get_current_cipher(con));
+    ssl_print_sigalgs(bio_s_out, con);
+#ifndef OPENSSL_NO_EC
+    ssl_print_point_formats(bio_s_out, con);
+    ssl_print_groups(bio_s_out, con, 0);
+#endif
+    print_ca_names(bio_s_out, con);
+    BIO_printf(bio_s_out, "CIPHER is %s\n", (str != NULL) ? str : "(NONE)");
+
+#if !defined(OPENSSL_NO_NEXTPROTONEG)
+    SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len);
+    if (next_proto_neg) {
+        BIO_printf(bio_s_out, "NEXTPROTO is ");
+        BIO_write(bio_s_out, next_proto_neg, next_proto_neg_len);
+        BIO_printf(bio_s_out, "\n");
+    }
+#endif
+#ifndef OPENSSL_NO_SRTP
+    {
+        SRTP_PROTECTION_PROFILE *srtp_profile
+            = SSL_get_selected_srtp_profile(con);
+
+        if (srtp_profile)
+            BIO_printf(bio_s_out, "SRTP Extension negotiated, profile=%s\n",
+                       srtp_profile->name);
+    }
+#endif
+    if (SSL_session_reused(con))
+        BIO_printf(bio_s_out, "Reused session-id\n");
+    BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n",
+               SSL_get_secure_renegotiation_support(con) ? "" : " NOT");
+    if ((SSL_get_options(con) & SSL_OP_NO_RENEGOTIATION))
+        BIO_printf(bio_s_out, "Renegotiation is DISABLED\n");
+
+    if (keymatexportlabel != NULL) {
+        BIO_printf(bio_s_out, "Keying material exporter:\n");
+        BIO_printf(bio_s_out, "    Label: '%s'\n", keymatexportlabel);
+        BIO_printf(bio_s_out, "    Length: %i bytes\n", keymatexportlen);
+        exportedkeymat = app_malloc(keymatexportlen, "export key");
+        if (!SSL_export_keying_material(con, exportedkeymat,
+                                        keymatexportlen,
+                                        keymatexportlabel,
+                                        strlen(keymatexportlabel),
+                                        NULL, 0, 0)) {
+            BIO_printf(bio_s_out, "    Error\n");
+        } else {
+            BIO_printf(bio_s_out, "    Keying material: ");
+            for (i = 0; i < keymatexportlen; i++)
+                BIO_printf(bio_s_out, "%02X", exportedkeymat[i]);
+            BIO_printf(bio_s_out, "\n");
+        }
+        OPENSSL_free(exportedkeymat);
+    }
+
+    (void)BIO_flush(bio_s_out);
+}
+
+#ifndef OPENSSL_NO_DH
+static DH *load_dh_param(const char *dhfile)
+{
+    DH *ret = NULL;
+    BIO *bio;
+
+    if ((bio = BIO_new_file(dhfile, "r")) == NULL)
+        goto err;
+    ret = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
+ err:
+    BIO_free(bio);
+    return ret;
+}
+#endif
+
+static int www_body(int s, int stype, int prot, unsigned char *context)
+{
+    char *buf = NULL;
+    int ret = 1;
+    int i, j, k, dot;
+    SSL *con;
+    const SSL_CIPHER *c;
+    BIO *io, *ssl_bio, *sbio;
+#ifdef RENEG
+    int total_bytes = 0;
+#endif
+    int width;
+    fd_set readfds;
+
+    /* Set width for a select call if needed */
+    width = s + 1;
+
+    buf = app_malloc(bufsize, "server www buffer");
+    io = BIO_new(BIO_f_buffer());
+    ssl_bio = BIO_new(BIO_f_ssl());
+    if ((io == NULL) || (ssl_bio == NULL))
+        goto err;
+
+    if (s_nbio) {
+        if (!BIO_socket_nbio(s, 1))
+            ERR_print_errors(bio_err);
+        else if (!s_quiet)
+            BIO_printf(bio_err, "Turned on non blocking io\n");
+    }
+
+    /* lets make the output buffer a reasonable size */
+    if (!BIO_set_write_buffer_size(io, bufsize))
+        goto err;
+
+    if ((con = SSL_new(ctx)) == NULL)
+        goto err;
+
+    if (s_tlsextdebug) {
+        SSL_set_tlsext_debug_callback(con, tlsext_cb);
+        SSL_set_tlsext_debug_arg(con, bio_s_out);
+    }
+
+    if (context != NULL
+        && !SSL_set_session_id_context(con, context,
+                                       strlen((char *)context))) {
+        SSL_free(con);
+        goto err;
+    }
+
+    sbio = BIO_new_socket(s, BIO_NOCLOSE);
+    if (s_nbio_test) {
+        BIO *test;
+
+        test = BIO_new(BIO_f_nbio_test());
+        sbio = BIO_push(test, sbio);
+    }
+    SSL_set_bio(con, sbio, sbio);
+    SSL_set_accept_state(con);
+
+    /* No need to free |con| after this. Done by BIO_free(ssl_bio) */
+    BIO_set_ssl(ssl_bio, con, BIO_CLOSE);
+    BIO_push(io, ssl_bio);
+#ifdef CHARSET_EBCDIC
+    io = BIO_push(BIO_new(BIO_f_ebcdic_filter()), io);
+#endif
+
+    if (s_debug) {
+        BIO_set_callback(SSL_get_rbio(con), bio_dump_callback);
+        BIO_set_callback_arg(SSL_get_rbio(con), (char *)bio_s_out);
+    }
+    if (s_msg) {
+#ifndef OPENSSL_NO_SSL_TRACE
+        if (s_msg == 2)
+            SSL_set_msg_callback(con, SSL_trace);
+        else
+#endif
+            SSL_set_msg_callback(con, msg_cb);
+        SSL_set_msg_callback_arg(con, bio_s_msg ? bio_s_msg : bio_s_out);
+    }
+
+    for (;;) {
+        i = BIO_gets(io, buf, bufsize - 1);
+        if (i < 0) {            /* error */
+            if (!BIO_should_retry(io) && !SSL_waiting_for_async(con)) {
+                if (!s_quiet)
+                    ERR_print_errors(bio_err);
+                goto err;
+            } else {
+                BIO_printf(bio_s_out, "read R BLOCK\n");
+#ifndef OPENSSL_NO_SRP
+                if (BIO_should_io_special(io)
+                    && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) {
+                    BIO_printf(bio_s_out, "LOOKUP renego during read\n");
+                    SRP_user_pwd_free(srp_callback_parm.user);
+                    srp_callback_parm.user =
+                        SRP_VBASE_get1_by_user(srp_callback_parm.vb,
+                                               srp_callback_parm.login);
+                    if (srp_callback_parm.user)
+                        BIO_printf(bio_s_out, "LOOKUP done %s\n",
+                                   srp_callback_parm.user->info);
+                    else
+                        BIO_printf(bio_s_out, "LOOKUP not successful\n");
+                    continue;
+                }
+#endif
+#if !defined(OPENSSL_SYS_MSDOS)
+                sleep(1);
+#endif
+                continue;
+            }
+        } else if (i == 0) {    /* end of input */
+            ret = 1;
+            goto end;
+        }
+
+        /* else we have data */
+        if (((www == 1) && (strncmp("GET ", buf, 4) == 0)) ||
+            ((www == 2) && (strncmp("GET /stats ", buf, 11) == 0))) {
+            char *p;
+            X509 *peer = NULL;
+            STACK_OF(SSL_CIPHER) *sk;
+            static const char *space = "                          ";
+
+            if (www == 1 && strncmp("GET /reneg", buf, 10) == 0) {
+                if (strncmp("GET /renegcert", buf, 14) == 0)
+                    SSL_set_verify(con,
+                                   SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE,
+                                   NULL);
+                i = SSL_renegotiate(con);
+                BIO_printf(bio_s_out, "SSL_renegotiate -> %d\n", i);
+                /* Send the HelloRequest */
+                i = SSL_do_handshake(con);
+                if (i <= 0) {
+                    BIO_printf(bio_s_out, "SSL_do_handshake() Retval %d\n",
+                               SSL_get_error(con, i));
+                    ERR_print_errors(bio_err);
+                    goto err;
+                }
+                /* Wait for a ClientHello to come back */
+                FD_ZERO(&readfds);
+                openssl_fdset(s, &readfds);
+                i = select(width, (void *)&readfds, NULL, NULL, NULL);
+                if (i <= 0 || !FD_ISSET(s, &readfds)) {
+                    BIO_printf(bio_s_out,
+                               "Error waiting for client response\n");
+                    ERR_print_errors(bio_err);
+                    goto err;
+                }
+                /*
+                 * We're not actually expecting any data here and we ignore
+                 * any that is sent. This is just to force the handshake that
+                 * we're expecting to come from the client. If they haven't
+                 * sent one there's not much we can do.
+                 */
+                BIO_gets(io, buf, bufsize - 1);
+            }
+
+            BIO_puts(io,
+                     "HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
+            BIO_puts(io, "<HTML><BODY BGCOLOR=\"#ffffff\">\n");
+            BIO_puts(io, "<pre>\n");
+            /* BIO_puts(io, OpenSSL_version(OPENSSL_VERSION)); */
+            BIO_puts(io, "\n");
+            for (i = 0; i < local_argc; i++) {
+                const char *myp;
+                for (myp = local_argv[i]; *myp; myp++)
+                    switch (*myp) {
+                    case '<':
+                        BIO_puts(io, "&lt;");
+                        break;
+                    case '>':
+                        BIO_puts(io, "&gt;");
+                        break;
+                    case '&':
+                        BIO_puts(io, "&amp;");
+                        break;
+                    default:
+                        BIO_write(io, myp, 1);
+                        break;
+                    }
+                BIO_write(io, " ", 1);
+            }
+            BIO_puts(io, "\n");
+
+            BIO_printf(io,
+                       "Secure Renegotiation IS%s supported\n",
+                       SSL_get_secure_renegotiation_support(con) ?
+                       "" : " NOT");
+
+            /*
+             * The following is evil and should not really be done
+             */
+            BIO_printf(io, "Ciphers supported in s_server binary\n");
+            sk = SSL_get_ciphers(con);
+            j = sk_SSL_CIPHER_num(sk);
+            for (i = 0; i < j; i++) {
+                c = sk_SSL_CIPHER_value(sk, i);
+                BIO_printf(io, "%-11s:%-25s ",
+                           SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c));
+                if ((((i + 1) % 2) == 0) && (i + 1 != j))
+                    BIO_puts(io, "\n");
+            }
+            BIO_puts(io, "\n");
+            p = SSL_get_shared_ciphers(con, buf, bufsize);
+            if (p != NULL) {
+                BIO_printf(io,
+                           "---\nCiphers common between both SSL end points:\n");
+                j = i = 0;
+                while (*p) {
+                    if (*p == ':') {
+                        BIO_write(io, space, 26 - j);
+                        i++;
+                        j = 0;
+                        BIO_write(io, ((i % 3) ? " " : "\n"), 1);
+                    } else {
+                        BIO_write(io, p, 1);
+                        j++;
+                    }
+                    p++;
+                }
+                BIO_puts(io, "\n");
+            }
+            ssl_print_sigalgs(io, con);
+#ifndef OPENSSL_NO_EC
+            ssl_print_groups(io, con, 0);
+#endif
+            print_ca_names(io, con);
+            BIO_printf(io, (SSL_session_reused(con)
+                            ? "---\nReused, " : "---\nNew, "));
+            c = SSL_get_current_cipher(con);
+            BIO_printf(io, "%s, Cipher is %s\n",
+                       SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c));
+            SSL_SESSION_print(io, SSL_get_session(con));
+            BIO_printf(io, "---\n");
+            print_stats(io, SSL_get_SSL_CTX(con));
+            BIO_printf(io, "---\n");
+            peer = SSL_get_peer_certificate(con);
+            if (peer != NULL) {
+                BIO_printf(io, "Client certificate\n");
+                X509_print(io, peer);
+                PEM_write_bio_X509(io, peer);
+                X509_free(peer);
+                peer = NULL;
+            } else {
+                BIO_puts(io, "no client certificate available\n");
+            }
+            BIO_puts(io, "</pre></BODY></HTML>\r\n\r\n");
+            break;
+        } else if ((www == 2 || www == 3)
+                   && (strncmp("GET /", buf, 5) == 0)) {
+            BIO *file;
+            char *p, *e;
+            static const char *text =
+                "HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n";
+
+            /* skip the '/' */
+            p = &(buf[5]);
+
+            dot = 1;
+            for (e = p; *e != '\0'; e++) {
+                if (e[0] == ' ')
+                    break;
+
+                switch (dot) {
+                case 1:
+                    dot = (e[0] == '.') ? 2 : 0;
+                    break;
+                case 2:
+                    dot = (e[0] == '.') ? 3 : 0;
+                    break;
+                case 3:
+                    dot = (e[0] == '/') ? -1 : 0;
+                    break;
+                }
+                if (dot == 0)
+                    dot = (e[0] == '/') ? 1 : 0;
+            }
+            dot = (dot == 3) || (dot == -1); /* filename contains ".."
+                                              * component */
+
+            if (*e == '\0') {
+                BIO_puts(io, text);
+                BIO_printf(io, "'%s' is an invalid file name\r\n", p);
+                break;
+            }
+            *e = '\0';
+
+            if (dot) {
+                BIO_puts(io, text);
+                BIO_printf(io, "'%s' contains '..' reference\r\n", p);
+                break;
+            }
+
+            if (*p == '/') {
+                BIO_puts(io, text);
+                BIO_printf(io, "'%s' is an invalid path\r\n", p);
+                break;
+            }
+
+            /* if a directory, do the index thang */
+            if (app_isdir(p) > 0) {
+                BIO_puts(io, text);
+                BIO_printf(io, "'%s' is a directory\r\n", p);
+                break;
+            }
+
+            if ((file = BIO_new_file(p, "r")) == NULL) {
+                BIO_puts(io, text);
+                BIO_printf(io, "Error opening '%s'\r\n", p);
+                ERR_print_errors(io);
+                break;
+            }
+
+            if (!s_quiet)
+                BIO_printf(bio_err, "FILE:%s\n", p);
+
+            if (www == 2) {
+                i = strlen(p);
+                if (((i > 5) && (strcmp(&(p[i - 5]), ".html") == 0)) ||
+                    ((i > 4) && (strcmp(&(p[i - 4]), ".php") == 0)) ||
+                    ((i > 4) && (strcmp(&(p[i - 4]), ".htm") == 0)))
+                    BIO_puts(io,
+                             "HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
+                else
+                    BIO_puts(io,
+                             "HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n");
+            }
+            /* send the file */
+            for (;;) {
+                i = BIO_read(file, buf, bufsize);
+                if (i <= 0)
+                    break;
+
+#ifdef RENEG
+                total_bytes += i;
+                BIO_printf(bio_err, "%d\n", i);
+                if (total_bytes > 3 * 1024) {
+                    total_bytes = 0;
+                    BIO_printf(bio_err, "RENEGOTIATE\n");
+                    SSL_renegotiate(con);
+                }
+#endif
+
+                for (j = 0; j < i;) {
+#ifdef RENEG
+                    static count = 0;
+                    if (++count == 13) {
+                        SSL_renegotiate(con);
+                    }
+#endif
+                    k = BIO_write(io, &(buf[j]), i - j);
+                    if (k <= 0) {
+                        if (!BIO_should_retry(io)
+                            && !SSL_waiting_for_async(con))
+                            goto write_error;
+                        else {
+                            BIO_printf(bio_s_out, "rwrite W BLOCK\n");
+                        }
+                    } else {
+                        j += k;
+                    }
+                }
+            }
+ write_error:
+            BIO_free(file);
+            break;
+        }
+    }
+
+    for (;;) {
+        i = (int)BIO_flush(io);
+        if (i <= 0) {
+            if (!BIO_should_retry(io))
+                break;
+        } else
+            break;
+    }
+ end:
+    /* make sure we re-use sessions */
+    SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
+
+ err:
+    OPENSSL_free(buf);
+    BIO_free_all(io);
+    return ret;
+}
+
+static int rev_body(int s, int stype, int prot, unsigned char *context)
+{
+    char *buf = NULL;
+    int i;
+    int ret = 1;
+    SSL *con;
+    BIO *io, *ssl_bio, *sbio;
+
+    buf = app_malloc(bufsize, "server rev buffer");
+    io = BIO_new(BIO_f_buffer());
+    ssl_bio = BIO_new(BIO_f_ssl());
+    if ((io == NULL) || (ssl_bio == NULL))
+        goto err;
+
+    /* lets make the output buffer a reasonable size */
+    if (!BIO_set_write_buffer_size(io, bufsize))
+        goto err;
+
+    if ((con = SSL_new(ctx)) == NULL)
+        goto err;
+
+    if (s_tlsextdebug) {
+        SSL_set_tlsext_debug_callback(con, tlsext_cb);
+        SSL_set_tlsext_debug_arg(con, bio_s_out);
+    }
+    if (context != NULL
+        && !SSL_set_session_id_context(con, context,
+                                       strlen((char *)context))) {
+        SSL_free(con);
+        ERR_print_errors(bio_err);
+        goto err;
+    }
+
+    sbio = BIO_new_socket(s, BIO_NOCLOSE);
+    SSL_set_bio(con, sbio, sbio);
+    SSL_set_accept_state(con);
+
+    /* No need to free |con| after this. Done by BIO_free(ssl_bio) */
+    BIO_set_ssl(ssl_bio, con, BIO_CLOSE);
+    BIO_push(io, ssl_bio);
+#ifdef CHARSET_EBCDIC
+    io = BIO_push(BIO_new(BIO_f_ebcdic_filter()), io);
+#endif
+
+    if (s_debug) {
+        BIO_set_callback(SSL_get_rbio(con), bio_dump_callback);
+        BIO_set_callback_arg(SSL_get_rbio(con), (char *)bio_s_out);
+    }
+    if (s_msg) {
+#ifndef OPENSSL_NO_SSL_TRACE
+        if (s_msg == 2)
+            SSL_set_msg_callback(con, SSL_trace);
+        else
+#endif
+            SSL_set_msg_callback(con, msg_cb);
+        SSL_set_msg_callback_arg(con, bio_s_msg ? bio_s_msg : bio_s_out);
+    }
+
+    for (;;) {
+        i = BIO_do_handshake(io);
+        if (i > 0)
+            break;
+        if (!BIO_should_retry(io)) {
+            BIO_puts(bio_err, "CONNECTION FAILURE\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+#ifndef OPENSSL_NO_SRP
+        if (BIO_should_io_special(io)
+            && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) {
+            BIO_printf(bio_s_out, "LOOKUP renego during accept\n");
+            SRP_user_pwd_free(srp_callback_parm.user);
+            srp_callback_parm.user =
+                SRP_VBASE_get1_by_user(srp_callback_parm.vb,
+                                       srp_callback_parm.login);
+            if (srp_callback_parm.user)
+                BIO_printf(bio_s_out, "LOOKUP done %s\n",
+                           srp_callback_parm.user->info);
+            else
+                BIO_printf(bio_s_out, "LOOKUP not successful\n");
+            continue;
+        }
+#endif
+    }
+    BIO_printf(bio_err, "CONNECTION ESTABLISHED\n");
+    print_ssl_summary(con);
+
+    for (;;) {
+        i = BIO_gets(io, buf, bufsize - 1);
+        if (i < 0) {            /* error */
+            if (!BIO_should_retry(io)) {
+                if (!s_quiet)
+                    ERR_print_errors(bio_err);
+                goto err;
+            } else {
+                BIO_printf(bio_s_out, "read R BLOCK\n");
+#ifndef OPENSSL_NO_SRP
+                if (BIO_should_io_special(io)
+                    && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) {
+                    BIO_printf(bio_s_out, "LOOKUP renego during read\n");
+                    SRP_user_pwd_free(srp_callback_parm.user);
+                    srp_callback_parm.user =
+                        SRP_VBASE_get1_by_user(srp_callback_parm.vb,
+                                               srp_callback_parm.login);
+                    if (srp_callback_parm.user)
+                        BIO_printf(bio_s_out, "LOOKUP done %s\n",
+                                   srp_callback_parm.user->info);
+                    else
+                        BIO_printf(bio_s_out, "LOOKUP not successful\n");
+                    continue;
+                }
+#endif
+#if !defined(OPENSSL_SYS_MSDOS)
+                sleep(1);
+#endif
+                continue;
+            }
+        } else if (i == 0) {    /* end of input */
+            ret = 1;
+            BIO_printf(bio_err, "CONNECTION CLOSED\n");
+            goto end;
+        } else {
+            char *p = buf + i - 1;
+            while (i && (*p == '\n' || *p == '\r')) {
+                p--;
+                i--;
+            }
+            if (!s_ign_eof && (i == 5) && (strncmp(buf, "CLOSE", 5) == 0)) {
+                ret = 1;
+                BIO_printf(bio_err, "CONNECTION CLOSED\n");
+                goto end;
+            }
+            BUF_reverse((unsigned char *)buf, NULL, i);
+            buf[i] = '\n';
+            BIO_write(io, buf, i + 1);
+            for (;;) {
+                i = BIO_flush(io);
+                if (i > 0)
+                    break;
+                if (!BIO_should_retry(io))
+                    goto end;
+            }
+        }
+    }
+ end:
+    /* make sure we re-use sessions */
+    SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
+
+ err:
+
+    OPENSSL_free(buf);
+    BIO_free_all(io);
+    return ret;
+}
+
+#define MAX_SESSION_ID_ATTEMPTS 10
+static int generate_session_id(SSL *ssl, unsigned char *id,
+                               unsigned int *id_len)
+{
+    unsigned int count = 0;
+    do {
+        if (RAND_bytes(id, *id_len) <= 0)
+            return 0;
+        /*
+         * Prefix the session_id with the required prefix. NB: If our prefix
+         * is too long, clip it - but there will be worse effects anyway, eg.
+         * the server could only possibly create 1 session ID (ie. the
+         * prefix!) so all future session negotiations will fail due to
+         * conflicts.
+         */
+        memcpy(id, session_id_prefix,
+               (strlen(session_id_prefix) < *id_len) ?
+               strlen(session_id_prefix) : *id_len);
+    }
+    while (SSL_has_matching_session_id(ssl, id, *id_len) &&
+           (++count < MAX_SESSION_ID_ATTEMPTS));
+    if (count >= MAX_SESSION_ID_ATTEMPTS)
+        return 0;
+    return 1;
+}
+
+/*
+ * By default s_server uses an in-memory cache which caches SSL_SESSION
+ * structures without any serialisation. This hides some bugs which only
+ * become apparent in deployed servers. By implementing a basic external
+ * session cache some issues can be debugged using s_server.
+ */
+
+typedef struct simple_ssl_session_st {
+    unsigned char *id;
+    unsigned int idlen;
+    unsigned char *der;
+    int derlen;
+    struct simple_ssl_session_st *next;
+} simple_ssl_session;
+
+static simple_ssl_session *first = NULL;
+
+static int add_session(SSL *ssl, SSL_SESSION *session)
+{
+    simple_ssl_session *sess = app_malloc(sizeof(*sess), "get session");
+    unsigned char *p;
+
+    SSL_SESSION_get_id(session, &sess->idlen);
+    sess->derlen = i2d_SSL_SESSION(session, NULL);
+    if (sess->derlen < 0) {
+        BIO_printf(bio_err, "Error encoding session\n");
+        OPENSSL_free(sess);
+        return 0;
+    }
+
+    sess->id = OPENSSL_memdup(SSL_SESSION_get_id(session, NULL), sess->idlen);
+    sess->der = app_malloc(sess->derlen, "get session buffer");
+    if (!sess->id) {
+        BIO_printf(bio_err, "Out of memory adding to external cache\n");
+        OPENSSL_free(sess->id);
+        OPENSSL_free(sess->der);
+        OPENSSL_free(sess);
+        return 0;
+    }
+    p = sess->der;
+
+    /* Assume it still works. */
+    if (i2d_SSL_SESSION(session, &p) != sess->derlen) {
+        BIO_printf(bio_err, "Unexpected session encoding length\n");
+        OPENSSL_free(sess->id);
+        OPENSSL_free(sess->der);
+        OPENSSL_free(sess);
+        return 0;
+    }
+
+    sess->next = first;
+    first = sess;
+    BIO_printf(bio_err, "New session added to external cache\n");
+    return 0;
+}
+
+static SSL_SESSION *get_session(SSL *ssl, const unsigned char *id, int idlen,
+                                int *do_copy)
+{
+    simple_ssl_session *sess;
+    *do_copy = 0;
+    for (sess = first; sess; sess = sess->next) {
+        if (idlen == (int)sess->idlen && !memcmp(sess->id, id, idlen)) {
+            const unsigned char *p = sess->der;
+            BIO_printf(bio_err, "Lookup session: cache hit\n");
+            return d2i_SSL_SESSION(NULL, &p, sess->derlen);
+        }
+    }
+    BIO_printf(bio_err, "Lookup session: cache miss\n");
+    return NULL;
+}
+
+static void del_session(SSL_CTX *sctx, SSL_SESSION *session)
+{
+    simple_ssl_session *sess, *prev = NULL;
+    const unsigned char *id;
+    unsigned int idlen;
+    id = SSL_SESSION_get_id(session, &idlen);
+    for (sess = first; sess; sess = sess->next) {
+        if (idlen == sess->idlen && !memcmp(sess->id, id, idlen)) {
+            if (prev)
+                prev->next = sess->next;
+            else
+                first = sess->next;
+            OPENSSL_free(sess->id);
+            OPENSSL_free(sess->der);
+            OPENSSL_free(sess);
+            return;
+        }
+        prev = sess;
+    }
+}
+
+static void init_session_cache_ctx(SSL_CTX *sctx)
+{
+    SSL_CTX_set_session_cache_mode(sctx,
+                                   SSL_SESS_CACHE_NO_INTERNAL |
+                                   SSL_SESS_CACHE_SERVER);
+    SSL_CTX_sess_set_new_cb(sctx, add_session);
+    SSL_CTX_sess_set_get_cb(sctx, get_session);
+    SSL_CTX_sess_set_remove_cb(sctx, del_session);
+}
+
+static void free_sessions(void)
+{
+    simple_ssl_session *sess, *tsess;
+    for (sess = first; sess;) {
+        OPENSSL_free(sess->id);
+        OPENSSL_free(sess->der);
+        tsess = sess;
+        sess = sess->next;
+        OPENSSL_free(tsess);
+    }
+    first = NULL;
+}
+
+#endif                          /* OPENSSL_NO_SOCK */
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/s_socket.c b/trunk/3rdparty/openssl-1.1-fit/apps/s_socket.c
new file mode 100644
index 000000000..76f928900
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/s_socket.c
@@ -0,0 +1,395 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* socket-related functions used by s_client and s_server */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <signal.h>
+#include <openssl/opensslconf.h>
+
+/*
+ * With IPv6, it looks like Digital has mixed up the proper order of
+ * recursive header file inclusion, resulting in the compiler complaining
+ * that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is
+ * needed to have fileno() declared correctly...  So let's define u_int
+ */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
+# define __U_INT
+typedef unsigned int u_int;
+#endif
+
+#ifndef OPENSSL_NO_SOCK
+
+# include "apps.h"
+# include "s_apps.h"
+# include "internal/sockets.h"
+
+# include <openssl/bio.h>
+# include <openssl/err.h>
+
+/* Keep track of our peer's address for the cookie callback */
+BIO_ADDR *ourpeer = NULL;
+
+/*
+ * init_client - helper routine to set up socket communication
+ * @sock: pointer to storage of resulting socket.
+ * @host: the host name or path (for AF_UNIX) to connect to.
+ * @port: the port to connect to (ignored for AF_UNIX).
+ * @bindhost: source host or path (for AF_UNIX).
+ * @bindport: source port (ignored for AF_UNIX).
+ * @family: desired socket family, may be AF_INET, AF_INET6, AF_UNIX or
+ *  AF_UNSPEC
+ * @type: socket type, must be SOCK_STREAM or SOCK_DGRAM
+ * @protocol: socket protocol, e.g. IPPROTO_TCP or IPPROTO_UDP (or 0 for any)
+ *
+ * This will create a socket and use it to connect to a host:port, or if
+ * family == AF_UNIX, to the path found in host.
+ *
+ * If the host has more than one address, it will try them one by one until
+ * a successful connection is established.  The resulting socket will be
+ * found in *sock on success, it will be given INVALID_SOCKET otherwise.
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int init_client(int *sock, const char *host, const char *port,
+                const char *bindhost, const char *bindport,
+                int family, int type, int protocol)
+{
+    BIO_ADDRINFO *res = NULL;
+    BIO_ADDRINFO *bindaddr = NULL;
+    const BIO_ADDRINFO *ai = NULL;
+    const BIO_ADDRINFO *bi = NULL;
+    int found = 0;
+    int ret;
+
+    if (BIO_sock_init() != 1)
+        return 0;
+
+    ret = BIO_lookup_ex(host, port, BIO_LOOKUP_CLIENT, family, type, protocol,
+                        &res);
+    if (ret == 0) {
+        ERR_print_errors(bio_err);
+        return 0;
+    }
+
+    if (bindhost != NULL || bindport != NULL) {
+        ret = BIO_lookup_ex(bindhost, bindport, BIO_LOOKUP_CLIENT,
+                            family, type, protocol, &bindaddr);
+        if (ret == 0) {
+            ERR_print_errors (bio_err);
+            goto out;
+        }
+    }
+
+    ret = 0;
+    for (ai = res; ai != NULL; ai = BIO_ADDRINFO_next(ai)) {
+        /* Admittedly, these checks are quite paranoid, we should not get
+         * anything in the BIO_ADDRINFO chain that we haven't
+         * asked for. */
+        OPENSSL_assert((family == AF_UNSPEC
+                        || family == BIO_ADDRINFO_family(ai))
+                       && (type == 0 || type == BIO_ADDRINFO_socktype(ai))
+                       && (protocol == 0
+                           || protocol == BIO_ADDRINFO_protocol(ai)));
+
+        if (bindaddr != NULL) {
+            for (bi = bindaddr; bi != NULL; bi = BIO_ADDRINFO_next(bi)) {
+                if (BIO_ADDRINFO_family(bi) == BIO_ADDRINFO_family(ai))
+                    break;
+            }
+            if (bi == NULL)
+                continue;
+            ++found;
+        }
+
+        *sock = BIO_socket(BIO_ADDRINFO_family(ai), BIO_ADDRINFO_socktype(ai),
+                           BIO_ADDRINFO_protocol(ai), 0);
+        if (*sock == INVALID_SOCKET) {
+            /* Maybe the kernel doesn't support the socket family, even if
+             * BIO_lookup() added it in the returned result...
+             */
+            continue;
+        }
+
+        if (bi != NULL) {
+            if (!BIO_bind(*sock, BIO_ADDRINFO_address(bi),
+                          BIO_SOCK_REUSEADDR)) {
+                BIO_closesocket(*sock);
+                *sock = INVALID_SOCKET;
+                break;
+            }
+        }
+
+#ifndef OPENSSL_NO_SCTP
+        if (protocol == IPPROTO_SCTP) {
+            /*
+             * For SCTP we have to set various options on the socket prior to
+             * connecting. This is done automatically by BIO_new_dgram_sctp().
+             * We don't actually need the created BIO though so we free it again
+             * immediately.
+             */
+            BIO *tmpbio = BIO_new_dgram_sctp(*sock, BIO_NOCLOSE);
+
+            if (tmpbio == NULL) {
+                ERR_print_errors(bio_err);
+                return 0;
+            }
+            BIO_free(tmpbio);
+        }
+#endif
+
+        if (!BIO_connect(*sock, BIO_ADDRINFO_address(ai),
+                         protocol == IPPROTO_TCP ? BIO_SOCK_NODELAY : 0)) {
+            BIO_closesocket(*sock);
+            *sock = INVALID_SOCKET;
+            continue;
+        }
+
+        /* Success, don't try any more addresses */
+        break;
+    }
+
+    if (*sock == INVALID_SOCKET) {
+        if (bindaddr != NULL && !found) {
+            BIO_printf(bio_err, "Can't bind %saddress for %s%s%s\n",
+                       BIO_ADDRINFO_family(res) == AF_INET6 ? "IPv6 " :
+                       BIO_ADDRINFO_family(res) == AF_INET ? "IPv4 " :
+                       BIO_ADDRINFO_family(res) == AF_UNIX ? "unix " : "",
+                       bindhost != NULL ? bindhost : "",
+                       bindport != NULL ? ":" : "",
+                       bindport != NULL ? bindport : "");
+            ERR_clear_error();
+            ret = 0;
+        }
+        ERR_print_errors(bio_err);
+    } else {
+        /* Remove any stale errors from previous connection attempts */
+        ERR_clear_error();
+        ret = 1;
+    }
+out:
+    if (bindaddr != NULL) {
+        BIO_ADDRINFO_free (bindaddr);
+    }
+    BIO_ADDRINFO_free(res);
+    return ret;
+}
+
+/*
+ * do_server - helper routine to perform a server operation
+ * @accept_sock: pointer to storage of resulting socket.
+ * @host: the host name or path (for AF_UNIX) to connect to.
+ * @port: the port to connect to (ignored for AF_UNIX).
+ * @family: desired socket family, may be AF_INET, AF_INET6, AF_UNIX or
+ *  AF_UNSPEC
+ * @type: socket type, must be SOCK_STREAM or SOCK_DGRAM
+ * @cb: pointer to a function that receives the accepted socket and
+ *  should perform the communication with the connecting client.
+ * @context: pointer to memory that's passed verbatim to the cb function.
+ * @naccept: number of times an incoming connect should be accepted.  If -1,
+ *  unlimited number.
+ *
+ * This will create a socket and use it to listen to a host:port, or if
+ * family == AF_UNIX, to the path found in host, then start accepting
+ * incoming connections and run cb on the resulting socket.
+ *
+ * 0 on failure, something other on success.
+ */
+int do_server(int *accept_sock, const char *host, const char *port,
+              int family, int type, int protocol, do_server_cb cb,
+              unsigned char *context, int naccept, BIO *bio_s_out)
+{
+    int asock = 0;
+    int sock;
+    int i;
+    BIO_ADDRINFO *res = NULL;
+    const BIO_ADDRINFO *next;
+    int sock_family, sock_type, sock_protocol, sock_port;
+    const BIO_ADDR *sock_address;
+    int sock_options = BIO_SOCK_REUSEADDR;
+    int ret = 0;
+
+    if (BIO_sock_init() != 1)
+        return 0;
+
+    if (!BIO_lookup_ex(host, port, BIO_LOOKUP_SERVER, family, type, protocol,
+                       &res)) {
+        ERR_print_errors(bio_err);
+        return 0;
+    }
+
+    /* Admittedly, these checks are quite paranoid, we should not get
+     * anything in the BIO_ADDRINFO chain that we haven't asked for */
+    OPENSSL_assert((family == AF_UNSPEC || family == BIO_ADDRINFO_family(res))
+                   && (type == 0 || type == BIO_ADDRINFO_socktype(res))
+                   && (protocol == 0 || protocol == BIO_ADDRINFO_protocol(res)));
+
+    sock_family = BIO_ADDRINFO_family(res);
+    sock_type = BIO_ADDRINFO_socktype(res);
+    sock_protocol = BIO_ADDRINFO_protocol(res);
+    sock_address = BIO_ADDRINFO_address(res);
+    next = BIO_ADDRINFO_next(res);
+    if (sock_family == AF_INET6)
+        sock_options |= BIO_SOCK_V6_ONLY;
+    if (next != NULL
+            && BIO_ADDRINFO_socktype(next) == sock_type
+            && BIO_ADDRINFO_protocol(next) == sock_protocol) {
+        if (sock_family == AF_INET
+                && BIO_ADDRINFO_family(next) == AF_INET6) {
+            sock_family = AF_INET6;
+            sock_address = BIO_ADDRINFO_address(next);
+        } else if (sock_family == AF_INET6
+                   && BIO_ADDRINFO_family(next) == AF_INET) {
+            sock_options &= ~BIO_SOCK_V6_ONLY;
+        }
+    }
+
+    asock = BIO_socket(sock_family, sock_type, sock_protocol, 0);
+    if (asock == INVALID_SOCKET
+        || !BIO_listen(asock, sock_address, sock_options)) {
+        BIO_ADDRINFO_free(res);
+        ERR_print_errors(bio_err);
+        if (asock != INVALID_SOCKET)
+            BIO_closesocket(asock);
+        goto end;
+    }
+
+#ifndef OPENSSL_NO_SCTP
+    if (protocol == IPPROTO_SCTP) {
+        /*
+         * For SCTP we have to set various options on the socket prior to
+         * accepting. This is done automatically by BIO_new_dgram_sctp().
+         * We don't actually need the created BIO though so we free it again
+         * immediately.
+         */
+        BIO *tmpbio = BIO_new_dgram_sctp(asock, BIO_NOCLOSE);
+
+        if (tmpbio == NULL) {
+            BIO_closesocket(asock);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        BIO_free(tmpbio);
+    }
+#endif
+
+    sock_port = BIO_ADDR_rawport(sock_address);
+
+    BIO_ADDRINFO_free(res);
+    res = NULL;
+
+    if (sock_port == 0) {
+        /* dynamically allocated port, report which one */
+        union BIO_sock_info_u info;
+        char *hostname = NULL;
+        char *service = NULL;
+        int success = 0;
+
+        if ((info.addr = BIO_ADDR_new()) != NULL
+            && BIO_sock_info(asock, BIO_SOCK_INFO_ADDRESS, &info)
+            && (hostname = BIO_ADDR_hostname_string(info.addr, 1)) != NULL
+            && (service = BIO_ADDR_service_string(info.addr, 1)) != NULL
+            && BIO_printf(bio_s_out,
+                          strchr(hostname, ':') == NULL
+                          ? /* IPv4 */ "ACCEPT %s:%s\n"
+                          : /* IPv6 */ "ACCEPT [%s]:%s\n",
+                          hostname, service) > 0)
+            success = 1;
+
+        (void)BIO_flush(bio_s_out);
+        OPENSSL_free(hostname);
+        OPENSSL_free(service);
+        BIO_ADDR_free(info.addr);
+        if (!success) {
+            BIO_closesocket(asock);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    } else {
+        (void)BIO_printf(bio_s_out, "ACCEPT\n");
+        (void)BIO_flush(bio_s_out);
+    }
+
+    if (accept_sock != NULL)
+        *accept_sock = asock;
+    for (;;) {
+        char sink[64];
+        struct timeval timeout;
+        fd_set readfds;
+
+        if (type == SOCK_STREAM) {
+            BIO_ADDR_free(ourpeer);
+            ourpeer = BIO_ADDR_new();
+            if (ourpeer == NULL) {
+                BIO_closesocket(asock);
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+            do {
+                sock = BIO_accept_ex(asock, ourpeer, 0);
+            } while (sock < 0 && BIO_sock_should_retry(sock));
+            if (sock < 0) {
+                ERR_print_errors(bio_err);
+                BIO_closesocket(asock);
+                break;
+            }
+            BIO_set_tcp_ndelay(sock, 1);
+            i = (*cb)(sock, type, protocol, context);
+
+            /*
+             * If we ended with an alert being sent, but still with data in the
+             * network buffer to be read, then calling BIO_closesocket() will
+             * result in a TCP-RST being sent. On some platforms (notably
+             * Windows) then this will result in the peer immediately abandoning
+             * the connection including any buffered alert data before it has
+             * had a chance to be read. Shutting down the sending side first,
+             * and then closing the socket sends TCP-FIN first followed by
+             * TCP-RST. This seems to allow the peer to read the alert data.
+             */
+            shutdown(sock, 1); /* SHUT_WR */
+            /*
+             * We just said we have nothing else to say, but it doesn't mean
+             * that the other side has nothing. It's even recommended to
+             * consume incoming data. [In testing context this ensures that
+             * alerts are passed on...]
+             */
+            timeout.tv_sec = 0;
+            timeout.tv_usec = 500000;  /* some extreme round-trip */
+            do {
+                FD_ZERO(&readfds);
+                openssl_fdset(sock, &readfds);
+            } while (select(sock + 1, &readfds, NULL, NULL, &timeout) > 0
+                     && readsocket(sock, sink, sizeof(sink)) > 0);
+
+            BIO_closesocket(sock);
+        } else {
+            i = (*cb)(asock, type, protocol, context);
+        }
+
+        if (naccept != -1)
+            naccept--;
+        if (i < 0 || naccept == 0) {
+            BIO_closesocket(asock);
+            ret = i;
+            break;
+        }
+    }
+ end:
+# ifdef AF_UNIX
+    if (family == AF_UNIX)
+        unlink(host);
+# endif
+    BIO_ADDR_free(ourpeer);
+    ourpeer = NULL;
+    return ret;
+}
+
+#endif  /* OPENSSL_NO_SOCK */
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/s_time.c b/trunk/3rdparty/openssl-1.1-fit/apps/s_time.c
new file mode 100644
index 000000000..82d40a5a5
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/s_time.c
@@ -0,0 +1,405 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/opensslconf.h>
+
+#ifndef OPENSSL_NO_SOCK
+
+#include "apps.h"
+#include "progs.h"
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
+#include <openssl/pem.h>
+#include "s_apps.h"
+#include <openssl/err.h>
+#include <internal/sockets.h>
+#if !defined(OPENSSL_SYS_MSDOS)
+# include OPENSSL_UNISTD
+#endif
+
+#define SSL_CONNECT_NAME        "localhost:4433"
+
+#define SECONDS 30
+#define SECONDSSTR "30"
+
+static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx);
+
+/*
+ * Define a HTTP get command globally.
+ * Also define the size of the command, this is two bytes less than
+ * the size of the string because the %s is replaced by the URL.
+ */
+static const char fmt_http_get_cmd[] = "GET %s HTTP/1.0\r\n\r\n";
+static const size_t fmt_http_get_cmd_size = sizeof(fmt_http_get_cmd) - 2;
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_CONNECT, OPT_CIPHER, OPT_CIPHERSUITES, OPT_CERT, OPT_NAMEOPT, OPT_KEY,
+    OPT_CAPATH, OPT_CAFILE, OPT_NOCAPATH, OPT_NOCAFILE, OPT_NEW, OPT_REUSE,
+    OPT_BUGS, OPT_VERIFY, OPT_TIME, OPT_SSL3,
+    OPT_WWW
+} OPTION_CHOICE;
+
+const OPTIONS s_time_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"connect", OPT_CONNECT, 's',
+     "Where to connect as post:port (default is " SSL_CONNECT_NAME ")"},
+    {"cipher", OPT_CIPHER, 's', "TLSv1.2 and below cipher list to be used"},
+    {"ciphersuites", OPT_CIPHERSUITES, 's',
+     "Specify TLSv1.3 ciphersuites to be used"},
+    {"cert", OPT_CERT, '<', "Cert file to use, PEM format assumed"},
+    {"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"},
+    {"key", OPT_KEY, '<', "File with key, PEM; default is -cert file"},
+    {"CApath", OPT_CAPATH, '/', "PEM format directory of CA's"},
+    {"cafile", OPT_CAFILE, '<', "PEM format file of CA's"},
+    {"no-CAfile", OPT_NOCAFILE, '-',
+     "Do not load the default certificates file"},
+    {"no-CApath", OPT_NOCAPATH, '-',
+     "Do not load certificates from the default certificates directory"},
+    {"new", OPT_NEW, '-', "Just time new connections"},
+    {"reuse", OPT_REUSE, '-', "Just time connection reuse"},
+    {"bugs", OPT_BUGS, '-', "Turn on SSL bug compatibility"},
+    {"verify", OPT_VERIFY, 'p',
+     "Turn on peer certificate verification, set depth"},
+    {"time", OPT_TIME, 'p', "Seconds to collect data, default " SECONDSSTR},
+    {"www", OPT_WWW, 's', "Fetch specified page from the site"},
+#ifndef OPENSSL_NO_SSL3
+    {"ssl3", OPT_SSL3, '-', "Just use SSLv3"},
+#endif
+    {NULL}
+};
+
+#define START   0
+#define STOP    1
+
+static double tm_Time_F(int s)
+{
+    return app_tminterval(s, 1);
+}
+
+int s_time_main(int argc, char **argv)
+{
+    char buf[1024 * 8];
+    SSL *scon = NULL;
+    SSL_CTX *ctx = NULL;
+    const SSL_METHOD *meth = NULL;
+    char *CApath = NULL, *CAfile = NULL, *cipher = NULL, *ciphersuites = NULL;
+    char *www_path = NULL;
+    char *host = SSL_CONNECT_NAME, *certfile = NULL, *keyfile = NULL, *prog;
+    double totalTime = 0.0;
+    int noCApath = 0, noCAfile = 0;
+    int maxtime = SECONDS, nConn = 0, perform = 3, ret = 1, i, st_bugs = 0;
+    long bytes_read = 0, finishtime = 0;
+    OPTION_CHOICE o;
+    int max_version = 0, ver, buf_len;
+    size_t buf_size;
+
+    meth = TLS_client_method();
+
+    prog = opt_init(argc, argv, s_time_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(s_time_options);
+            ret = 0;
+            goto end;
+        case OPT_CONNECT:
+            host = opt_arg();
+            break;
+        case OPT_REUSE:
+            perform = 2;
+            break;
+        case OPT_NEW:
+            perform = 1;
+            break;
+        case OPT_VERIFY:
+            if (!opt_int(opt_arg(), &verify_args.depth))
+                goto opthelp;
+            BIO_printf(bio_err, "%s: verify depth is %d\n",
+                       prog, verify_args.depth);
+            break;
+        case OPT_CERT:
+            certfile = opt_arg();
+            break;
+        case OPT_NAMEOPT:
+            if (!set_nameopt(opt_arg()))
+                goto end;
+            break;
+        case OPT_KEY:
+            keyfile = opt_arg();
+            break;
+        case OPT_CAPATH:
+            CApath = opt_arg();
+            break;
+        case OPT_CAFILE:
+            CAfile = opt_arg();
+            break;
+        case OPT_NOCAPATH:
+            noCApath = 1;
+            break;
+        case OPT_NOCAFILE:
+            noCAfile = 1;
+            break;
+        case OPT_CIPHER:
+            cipher = opt_arg();
+            break;
+        case OPT_CIPHERSUITES:
+            ciphersuites = opt_arg();
+            break;
+        case OPT_BUGS:
+            st_bugs = 1;
+            break;
+        case OPT_TIME:
+            if (!opt_int(opt_arg(), &maxtime))
+                goto opthelp;
+            break;
+        case OPT_WWW:
+            www_path = opt_arg();
+            buf_size = strlen(www_path) + fmt_http_get_cmd_size;
+            if (buf_size > sizeof(buf)) {
+                BIO_printf(bio_err, "%s: -www option is too long\n", prog);
+                goto end;
+            }
+            break;
+        case OPT_SSL3:
+            max_version = SSL3_VERSION;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    if (cipher == NULL)
+        cipher = getenv("SSL_CIPHER");
+
+    if ((ctx = SSL_CTX_new(meth)) == NULL)
+        goto end;
+
+    SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
+    SSL_CTX_set_quiet_shutdown(ctx, 1);
+    if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0)
+        goto end;
+
+    if (st_bugs)
+        SSL_CTX_set_options(ctx, SSL_OP_ALL);
+    if (cipher != NULL && !SSL_CTX_set_cipher_list(ctx, cipher))
+        goto end;
+    if (ciphersuites != NULL && !SSL_CTX_set_ciphersuites(ctx, ciphersuites))
+        goto end;
+    if (!set_cert_stuff(ctx, certfile, keyfile))
+        goto end;
+
+    if (!ctx_set_verify_locations(ctx, CAfile, CApath, noCAfile, noCApath)) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+    if (!(perform & 1))
+        goto next;
+    printf("Collecting connection statistics for %d seconds\n", maxtime);
+
+    /* Loop and time how long it takes to make connections */
+
+    bytes_read = 0;
+    finishtime = (long)time(NULL) + maxtime;
+    tm_Time_F(START);
+    for (;;) {
+        if (finishtime < (long)time(NULL))
+            break;
+
+        if ((scon = doConnection(NULL, host, ctx)) == NULL)
+            goto end;
+
+        if (www_path != NULL) {
+            buf_len = BIO_snprintf(buf, sizeof(buf), fmt_http_get_cmd,
+                                   www_path);
+            if (buf_len <= 0 || SSL_write(scon, buf, buf_len) <= 0)
+                goto end;
+            while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
+                bytes_read += i;
+        }
+        SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
+        BIO_closesocket(SSL_get_fd(scon));
+
+        nConn += 1;
+        if (SSL_session_reused(scon)) {
+            ver = 'r';
+        } else {
+            ver = SSL_version(scon);
+            if (ver == TLS1_VERSION)
+                ver = 't';
+            else if (ver == SSL3_VERSION)
+                ver = '3';
+            else
+                ver = '*';
+        }
+        fputc(ver, stdout);
+        fflush(stdout);
+
+        SSL_free(scon);
+        scon = NULL;
+    }
+    totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
+
+    i = (int)((long)time(NULL) - finishtime + maxtime);
+    printf
+        ("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n",
+         nConn, totalTime, ((double)nConn / totalTime), bytes_read);
+    printf
+        ("%d connections in %ld real seconds, %ld bytes read per connection\n",
+         nConn, (long)time(NULL) - finishtime + maxtime, bytes_read / nConn);
+
+    /*
+     * Now loop and time connections using the same session id over and over
+     */
+
+ next:
+    if (!(perform & 2))
+        goto end;
+    printf("\n\nNow timing with session id reuse.\n");
+
+    /* Get an SSL object so we can reuse the session id */
+    if ((scon = doConnection(NULL, host, ctx)) == NULL) {
+        BIO_printf(bio_err, "Unable to get connection\n");
+        goto end;
+    }
+
+    if (www_path != NULL) {
+        buf_len = BIO_snprintf(buf, sizeof(buf), fmt_http_get_cmd, www_path);
+        if (buf_len <= 0 || SSL_write(scon, buf, buf_len) <= 0)
+            goto end;
+        while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
+            continue;
+    }
+    SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
+    BIO_closesocket(SSL_get_fd(scon));
+
+    nConn = 0;
+    totalTime = 0.0;
+
+    finishtime = (long)time(NULL) + maxtime;
+
+    printf("starting\n");
+    bytes_read = 0;
+    tm_Time_F(START);
+
+    for (;;) {
+        if (finishtime < (long)time(NULL))
+            break;
+
+        if ((doConnection(scon, host, ctx)) == NULL)
+            goto end;
+
+        if (www_path != NULL) {
+            buf_len = BIO_snprintf(buf, sizeof(buf), fmt_http_get_cmd,
+                                   www_path);
+            if (buf_len <= 0 || SSL_write(scon, buf, buf_len) <= 0)
+                goto end;
+            while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
+                bytes_read += i;
+        }
+        SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
+        BIO_closesocket(SSL_get_fd(scon));
+
+        nConn += 1;
+        if (SSL_session_reused(scon)) {
+            ver = 'r';
+        } else {
+            ver = SSL_version(scon);
+            if (ver == TLS1_VERSION)
+                ver = 't';
+            else if (ver == SSL3_VERSION)
+                ver = '3';
+            else
+                ver = '*';
+        }
+        fputc(ver, stdout);
+        fflush(stdout);
+    }
+    totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
+
+    printf
+        ("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n",
+         nConn, totalTime, ((double)nConn / totalTime), bytes_read);
+    printf
+        ("%d connections in %ld real seconds, %ld bytes read per connection\n",
+         nConn, (long)time(NULL) - finishtime + maxtime, bytes_read / nConn);
+
+    ret = 0;
+
+ end:
+    SSL_free(scon);
+    SSL_CTX_free(ctx);
+    return ret;
+}
+
+/*-
+ * doConnection - make a connection
+ */
+static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx)
+{
+    BIO *conn;
+    SSL *serverCon;
+    int i;
+
+    if ((conn = BIO_new(BIO_s_connect())) == NULL)
+        return NULL;
+
+    BIO_set_conn_hostname(conn, host);
+    BIO_set_conn_mode(conn, BIO_SOCK_NODELAY);
+
+    if (scon == NULL)
+        serverCon = SSL_new(ctx);
+    else {
+        serverCon = scon;
+        SSL_set_connect_state(serverCon);
+    }
+
+    SSL_set_bio(serverCon, conn, conn);
+
+    /* ok, lets connect */
+    i = SSL_connect(serverCon);
+    if (i <= 0) {
+        BIO_printf(bio_err, "ERROR\n");
+        if (verify_args.error != X509_V_OK)
+            BIO_printf(bio_err, "verify error:%s\n",
+                       X509_verify_cert_error_string(verify_args.error));
+        else
+            ERR_print_errors(bio_err);
+        if (scon == NULL)
+            SSL_free(serverCon);
+        return NULL;
+    }
+
+#if defined(SOL_SOCKET) && defined(SO_LINGER)
+    {
+        struct linger no_linger;
+        int fd;
+
+        no_linger.l_onoff  = 1;
+        no_linger.l_linger = 0;
+        fd = SSL_get_fd(serverCon);
+        if (fd >= 0)
+            (void)setsockopt(fd, SOL_SOCKET, SO_LINGER, (char*)&no_linger,
+                             sizeof(no_linger));
+    }
+#endif
+
+    return serverCon;
+}
+#endif /* OPENSSL_NO_SOCK */
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/server.pem b/trunk/3rdparty/openssl-1.1-fit/apps/server.pem
new file mode 100644
index 000000000..d0fc265f0
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/server.pem
@@ -0,0 +1,52 @@
+subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Server Cert
+issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA
+-----BEGIN CERTIFICATE-----
+MIID5zCCAs+gAwIBAgIJALnu1NlVpZ6zMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
+BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT
+VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt
+ZWRpYXRlIENBMB4XDTExMTIwODE0MDE0OFoXDTIxMTAxNjE0MDE0OFowZDELMAkG
+A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU
+RVNUSU5HIFBVUlBPU0VTIE9OTFkxGTAXBgNVBAMMEFRlc3QgU2VydmVyIENlcnQw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzhPOSNtyyRspmeuUpxfNJ
+KCLTuf7g3uQ4zu4iHOmRO5TQci+HhVlLZrHF9XqFXcIP0y4pWDbMSGuiorUmzmfi
+R7bfSdI/+qIQt8KXRH6HNG1t8ou0VSvWId5TS5Dq/er5ODUr9OaaDva7EquHIcMv
+vPQGuI+OEAcnleVCy9HVEIySrO4P3CNIicnGkwwiAud05yUAq/gPXBC1hTtmlPD7
+TVcGVSEiJdvzqqlgv02qedGrkki6GY4S7GjZxrrf7Foc2EP+51LJzwLQx3/JfrCU
+41NEWAsu/Sl0tQabXESN+zJ1pDqoZ3uHMgpQjeGiE0olr+YcsSW/tJmiU9OiAr8R
+AgMBAAGjgY8wgYwwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwLAYJYIZI
+AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
+BBSCvM8AABPR9zklmifnr9LvIBturDAfBgNVHSMEGDAWgBQ2w2yI55X+sL3szj49
+hqshgYfa2jANBgkqhkiG9w0BAQUFAAOCAQEAqb1NV0B0/pbpK9Z4/bNjzPQLTRLK
+WnSNm/Jh5v0GEUOE/Beg7GNjNrmeNmqxAlpqWz9qoeoFZax+QBpIZYjROU3TS3fp
+yLsrnlr0CDQ5R7kCCDGa8dkXxemmpZZLbUCpW2Uoy8sAA4JjN9OtsZY7dvUXFgJ7
+vVNTRnI01ghknbtD+2SxSQd3CWF6QhcRMAzZJ1z1cbbwGDDzfvGFPzJ+Sq+zEPds
+xoVLLSetCiBc+40ZcDS5dV98h9XD7JMTQfxzA7mNGv73JoZJA6nFgj+ADSlJsY/t
+JBv+z1iQRueoh9Qeee+ZbRifPouCB8FDx+AltvHTANdAq0t/K3o+pplMVA==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA84TzkjbcskbKZnrlKcXzSSgi07n+4N7kOM7uIhzpkTuU0HIv
+h4VZS2axxfV6hV3CD9MuKVg2zEhroqK1Js5n4ke230nSP/qiELfCl0R+hzRtbfKL
+tFUr1iHeU0uQ6v3q+Tg1K/Tmmg72uxKrhyHDL7z0BriPjhAHJ5XlQsvR1RCMkqzu
+D9wjSInJxpMMIgLndOclAKv4D1wQtYU7ZpTw+01XBlUhIiXb86qpYL9NqnnRq5JI
+uhmOEuxo2ca63+xaHNhD/udSyc8C0Md/yX6wlONTRFgLLv0pdLUGm1xEjfsydaQ6
+qGd7hzIKUI3hohNKJa/mHLElv7SZolPTogK/EQIDAQABAoIBAADq9FwNtuE5IRQn
+zGtO4q7Y5uCzZ8GDNYr9RKp+P2cbuWDbvVAecYq2NV9QoIiWJOAYZKklOvekIju3
+r0UZLA0PRiIrTg6NrESx3JrjWDK8QNlUO7CPTZ39/K+FrmMkV9lem9yxjJjyC34D
+AQB+YRTx+l14HppjdxNwHjAVQpIx/uO2F5xAMuk32+3K+pq9CZUtrofe1q4Agj9R
+5s8mSy9pbRo9kW9wl5xdEotz1LivFOEiqPUJTUq5J5PeMKao3vdK726XI4Z455Nm
+W2/MA0YV0ug2FYinHcZdvKM6dimH8GLfa3X8xKRfzjGjTiMSwsdjgMa4awY3tEHH
+674jhAECgYEA/zqMrc0zsbNk83sjgaYIug5kzEpN4ic020rSZsmQxSCerJTgNhmg
+utKSCt0Re09Jt3LqG48msahX8ycqDsHNvlEGPQSbMu9IYeO3Wr3fAm75GEtFWePY
+BhM73I7gkRt4s8bUiUepMG/wY45c5tRF23xi8foReHFFe9MDzh8fJFECgYEA9EFX
+4qAik1pOJGNei9BMwmx0I0gfVEIgu0tzeVqT45vcxbxr7RkTEaDoAG6PlbWP6D9a
+WQNLp4gsgRM90ZXOJ4up5DsAWDluvaF4/omabMA+MJJ5kGZ0gCj5rbZbKqUws7x8
+bp+6iBfUPJUbcqNqFmi/08Yt7vrDnMnyMw2A/sECgYEAiiuRMxnuzVm34hQcsbhH
+6ymVqf7j0PW2qK0F4H1ocT9qhzWFd+RB3kHWrCjnqODQoI6GbGr/4JepHUpre1ex
+4UEN5oSS3G0ru0rC3U4C59dZ5KwDHFm7ffZ1pr52ljfQDUsrjjIMRtuiwNK2OoRa
+WSsqiaL+SDzSB+nBmpnAizECgYBdt/y6rerWUx4MhDwwtTnel7JwHyo2MDFS6/5g
+n8qC2Lj6/fMDRE22w+CA2esp7EJNQJGv+b27iFpbJEDh+/Lf5YzIT4MwVskQ5bYB
+JFcmRxUVmf4e09D7o705U/DjCgMH09iCsbLmqQ38ONIRSHZaJtMDtNTHD1yi+jF+
+OT43gQKBgQC/2OHZoko6iRlNOAQ/tMVFNq7fL81GivoQ9F1U0Qr+DH3ZfaH8eIkX
+xT0ToMPJUzWAn8pZv0snA0um6SIgvkCuxO84OkANCVbttzXImIsL7pFzfcwV/ERK
+UM6j0ZuSMFOCr/lGPAoOQU0fskidGEHi1/kW+suSr28TqsyYZpwBDQ==
+-----END RSA PRIVATE KEY-----
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/server.srl b/trunk/3rdparty/openssl-1.1-fit/apps/server.srl
new file mode 100644
index 000000000..8a0f05e16
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/server.srl
@@ -0,0 +1 @@
+01
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/server2.pem b/trunk/3rdparty/openssl-1.1-fit/apps/server2.pem
new file mode 100644
index 000000000..a3927cf78
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/server2.pem
@@ -0,0 +1,52 @@
+subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Server Cert #2
+issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA
+-----BEGIN CERTIFICATE-----
+MIID6jCCAtKgAwIBAgIJALnu1NlVpZ60MA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
+BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT
+VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt
+ZWRpYXRlIENBMB4XDTExMTIwODE0MDE0OFoXDTIxMTAxNjE0MDE0OFowZzELMAkG
+A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU
+RVNUSU5HIFBVUlBPU0VTIE9OTFkxHDAaBgNVBAMME1Rlc3QgU2VydmVyIENlcnQg
+IzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDrdi7j9yctG+L4EjBy
+gjPmEqZzOJEQba26MoQGzglU7e5Xf59Rb/hgVQuKAoiZe7/R8rK4zJ4W7iXdXw0L
+qBpyG8B5aGKeI32w+A9TcBApoXXL2CrYQEQjZwUIpLlYBIi2NkJj3nVkq5dgl1gO
+ALiQ+W8jg3kzg5Ec9rimp9r93N8wsSL3awsafurmYCvOf7leHaMP1WJ/zDRGUNHG
+/WtDjXc8ZUG1+6EXU9Jc2Fs+2Omf7fcN0l00AK/wPg8OaNS0rKyGq9JdIT9FRGV1
+bXe/rx58FaE5CItdwCSYhJvF/O95LWQoxJXye5bCFLmvDTEyVq9FMSCptfsmbXjE
+ZGsXAgMBAAGjgY8wgYwwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwLAYJ
+YIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1Ud
+DgQWBBR52UaWWTKzZGDH/X4mWNcuqeQVazAfBgNVHSMEGDAWgBQ2w2yI55X+sL3s
+zj49hqshgYfa2jANBgkqhkiG9w0BAQUFAAOCAQEANBW+XYLlHBqVY/31ie+3gRlS
+LPfy4SIqn0t3RJjagT29MXprblBO2cbMO8VGjkQdKGpmMXjxbht2arOOUXRHX4n/
+XTyn/QHEf0bcwIITMReO3DZUPAEw8hSjn9xEOM0IRVOCP+mH5fi74QzzQaZVCyYg
+5VtLKdww/+sc0nCbKl2KWgDluriH0nfVx95qgW3mg9dhXRr0zmf1w2zkBHYpARYL
+Dew6Z8EE4tS3HJu8/qM6meWzNtrfonQ3eiiMxjZBxzV46jchBwa2z9XYhP6AmpPb
+oeTSzcQNbWsxaGYzWo46oLDUZmJOwSBawbS31bZNMCoPIY6ukoesCzFSsUKZww==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEA63Yu4/cnLRvi+BIwcoIz5hKmcziREG2tujKEBs4JVO3uV3+f
+UW/4YFULigKImXu/0fKyuMyeFu4l3V8NC6gachvAeWhiniN9sPgPU3AQKaF1y9gq
+2EBEI2cFCKS5WASItjZCY951ZKuXYJdYDgC4kPlvI4N5M4ORHPa4pqfa/dzfMLEi
+92sLGn7q5mArzn+5Xh2jD9Vif8w0RlDRxv1rQ413PGVBtfuhF1PSXNhbPtjpn+33
+DdJdNACv8D4PDmjUtKyshqvSXSE/RURldW13v68efBWhOQiLXcAkmISbxfzveS1k
+KMSV8nuWwhS5rw0xMlavRTEgqbX7Jm14xGRrFwIDAQABAoIBAHLsTPihIfLnYIE5
+x4GsQQ5zXeBw5ITDM37ktwHnQDC+rIzyUl1aLD1AZRBoKinXd4lOTqLZ4/NHKx4A
+DYr58mZtWyUmqLOMmQVuHXTZBlp7XtYuXMMNovQwjQlp9LicBeoBU6gQ5PVMtubD
+F4xGF89Sn0cTHW3iMkqTtQ5KcR1j57OcJO0FEb1vPvk2MXI5ZyAatUYE7YacbEzd
+rg02uIwx3FqNSkuSI79uz4hMdV5TPtuhxx9nTwj9aLUhXFeZ0mn2PVgVzEnnMoJb
++znlsZDgzDlJqdaD744YGWh8Z3OEssB35KfzFcdOeO6yH8lmv2Zfznk7pNPT7LTb
+Lae9VgkCgYEA92p1qnAB3NtJtNcaW53i0S5WJgS1hxWKvUDx3lTB9s8X9fHpqL1a
+E94fDfWzp/hax6FefUKIvBOukPLQ6bYjTMiFoOHzVirghAIuIUoMI5VtLhwD1hKs
+Lr7l/dptMgKb1nZHyXoKHRBthsy3K4+udsPi8TzMvYElgEqyQIe/Rk0CgYEA86GL
+8HC6zLszzKERDPBxrboRmoFvVUCTQDhsfj1M8aR3nQ8V5LkdIJc7Wqm/Ggfk9QRf
+rJ8M2WUMlU5CNnCn/KCrKzCNZIReze3fV+HnKdbcXGLvgbHPrhnz8yYehUFG+RGq
+bVyDWRU94T38izy2s5qMYrMJWZEYyXncSPbfcPMCgYAtaXfxcZ+V5xYPQFARMtiX
+5nZfggvDoJuXgx0h3tK/N2HBfcaSdzbaYLG4gTmZggc/jwnl2dl5E++9oSPhUdIG
+3ONSFUbxsOsGr9PBvnKd8WZZyUCXAVRjPBzAzF+whzQNWCZy/5htnz9LN7YDI9s0
+5113Q96cheDZPFydZY0hHQKBgQDVbEhNukM5xCiNcu+f2SaMnLp9EjQ4h5g3IvaP
+5B16daw/Dw8LzcohWboqIxeAsze0GD/D1ZUJAEd0qBjC3g+a9BjefervCjKOzXng
+38mEUm+6EwVjJSQcjSmycEs+Sr/kwr/8i5WYvU32+jk4tFgMoC+o6tQe/Uesf68k
+z/dPVwKBgGbF7Vv1/3SmhlOy+zYyvJ0CrWtKxH9QP6tLIEgEpd8x7YTSuCH94yok
+kToMXYA3sWNPt22GbRDZ+rcp4c7HkDx6I6vpdP9aQEwJTp0EPy0sgWr2XwYmreIQ
+NFmkk8Itn9EY2R9VBaP7GLv5kvwxDdLAnmwGmzVtbmaVdxCaBwUk
+-----END RSA PRIVATE KEY-----
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/sess_id.c b/trunk/3rdparty/openssl-1.1-fit/apps/sess_id.c
new file mode 100644
index 000000000..8fd584f3b
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/sess_id.c
@@ -0,0 +1,191 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/ssl.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT,
+    OPT_TEXT, OPT_CERT, OPT_NOOUT, OPT_CONTEXT
+} OPTION_CHOICE;
+
+const OPTIONS sess_id_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"inform", OPT_INFORM, 'F', "Input format - default PEM (DER or PEM)"},
+    {"outform", OPT_OUTFORM, 'f',
+     "Output format - default PEM (PEM, DER or NSS)"},
+    {"in", OPT_IN, 's', "Input file - default stdin"},
+    {"out", OPT_OUT, '>', "Output file - default stdout"},
+    {"text", OPT_TEXT, '-', "Print ssl session id details"},
+    {"cert", OPT_CERT, '-', "Output certificate "},
+    {"noout", OPT_NOOUT, '-', "Don't output the encoded session info"},
+    {"context", OPT_CONTEXT, 's', "Set the session ID context"},
+    {NULL}
+};
+
+static SSL_SESSION *load_sess_id(char *file, int format);
+
+int sess_id_main(int argc, char **argv)
+{
+    SSL_SESSION *x = NULL;
+    X509 *peer = NULL;
+    BIO *out = NULL;
+    char *infile = NULL, *outfile = NULL, *context = NULL, *prog;
+    int informat = FORMAT_PEM, outformat = FORMAT_PEM;
+    int cert = 0, noout = 0, text = 0, ret = 1, i, num = 0;
+    OPTION_CHOICE o;
+
+    prog = opt_init(argc, argv, sess_id_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(sess_id_options);
+            ret = 0;
+            goto end;
+        case OPT_INFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
+                goto opthelp;
+            break;
+        case OPT_OUTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER | OPT_FMT_NSS,
+                            &outformat))
+                goto opthelp;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_TEXT:
+            text = ++num;
+            break;
+        case OPT_CERT:
+            cert = ++num;
+            break;
+        case OPT_NOOUT:
+            noout = ++num;
+            break;
+        case OPT_CONTEXT:
+            context = opt_arg();
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    x = load_sess_id(infile, informat);
+    if (x == NULL) {
+        goto end;
+    }
+    peer = SSL_SESSION_get0_peer(x);
+
+    if (context != NULL) {
+        size_t ctx_len = strlen(context);
+        if (ctx_len > SSL_MAX_SID_CTX_LENGTH) {
+            BIO_printf(bio_err, "Context too long\n");
+            goto end;
+        }
+        if (!SSL_SESSION_set1_id_context(x, (unsigned char *)context,
+                                         ctx_len)) {
+            BIO_printf(bio_err, "Error setting id context\n");
+            goto end;
+        }
+    }
+
+    if (!noout || text) {
+        out = bio_open_default(outfile, 'w', outformat);
+        if (out == NULL)
+            goto end;
+    }
+
+    if (text) {
+        SSL_SESSION_print(out, x);
+
+        if (cert) {
+            if (peer == NULL)
+                BIO_puts(out, "No certificate present\n");
+            else
+                X509_print(out, peer);
+        }
+    }
+
+    if (!noout && !cert) {
+        if (outformat == FORMAT_ASN1) {
+            i = i2d_SSL_SESSION_bio(out, x);
+        } else if (outformat == FORMAT_PEM) {
+            i = PEM_write_bio_SSL_SESSION(out, x);
+        } else if (outformat == FORMAT_NSS) {
+            i = SSL_SESSION_print_keylog(out, x);
+        } else {
+            BIO_printf(bio_err, "bad output format specified for outfile\n");
+            goto end;
+        }
+        if (!i) {
+            BIO_printf(bio_err, "unable to write SSL_SESSION\n");
+            goto end;
+        }
+    } else if (!noout && (peer != NULL)) { /* just print the certificate */
+        if (outformat == FORMAT_ASN1) {
+            i = (int)i2d_X509_bio(out, peer);
+        } else if (outformat == FORMAT_PEM) {
+            i = PEM_write_bio_X509(out, peer);
+        } else {
+            BIO_printf(bio_err, "bad output format specified for outfile\n");
+            goto end;
+        }
+        if (!i) {
+            BIO_printf(bio_err, "unable to write X509\n");
+            goto end;
+        }
+    }
+    ret = 0;
+ end:
+    BIO_free_all(out);
+    SSL_SESSION_free(x);
+    return ret;
+}
+
+static SSL_SESSION *load_sess_id(char *infile, int format)
+{
+    SSL_SESSION *x = NULL;
+    BIO *in = NULL;
+
+    in = bio_open_default(infile, 'r', format);
+    if (in == NULL)
+        goto end;
+    if (format == FORMAT_ASN1)
+        x = d2i_SSL_SESSION_bio(in, NULL);
+    else
+        x = PEM_read_bio_SSL_SESSION(in, NULL, NULL, NULL);
+    if (x == NULL) {
+        BIO_printf(bio_err, "unable to load SSL_SESSION\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+ end:
+    BIO_free(in);
+    return x;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/smime.c b/trunk/3rdparty/openssl-1.1-fit/apps/smime.c
new file mode 100644
index 000000000..6fd473775
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/smime.c
@@ -0,0 +1,647 @@
+/*
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* S/MIME utility function */
+
+#include <stdio.h>
+#include <string.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/crypto.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/x509_vfy.h>
+#include <openssl/x509v3.h>
+
+static int save_certs(char *signerfile, STACK_OF(X509) *signers);
+static int smime_cb(int ok, X509_STORE_CTX *ctx);
+
+#define SMIME_OP        0x10
+#define SMIME_IP        0x20
+#define SMIME_SIGNERS   0x40
+#define SMIME_ENCRYPT   (1 | SMIME_OP)
+#define SMIME_DECRYPT   (2 | SMIME_IP)
+#define SMIME_SIGN      (3 | SMIME_OP | SMIME_SIGNERS)
+#define SMIME_VERIFY    (4 | SMIME_IP)
+#define SMIME_PK7OUT    (5 | SMIME_IP | SMIME_OP)
+#define SMIME_RESIGN    (6 | SMIME_IP | SMIME_OP | SMIME_SIGNERS)
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_ENCRYPT, OPT_DECRYPT, OPT_SIGN, OPT_RESIGN, OPT_VERIFY,
+    OPT_PK7OUT, OPT_TEXT, OPT_NOINTERN, OPT_NOVERIFY, OPT_NOCHAIN,
+    OPT_NOCERTS, OPT_NOATTR, OPT_NODETACH, OPT_NOSMIMECAP,
+    OPT_BINARY, OPT_NOSIGS, OPT_STREAM, OPT_INDEF, OPT_NOINDEF,
+    OPT_CRLFEOL, OPT_ENGINE, OPT_PASSIN,
+    OPT_TO, OPT_FROM, OPT_SUBJECT, OPT_SIGNER, OPT_RECIP, OPT_MD,
+    OPT_CIPHER, OPT_INKEY, OPT_KEYFORM, OPT_CERTFILE, OPT_CAFILE,
+    OPT_R_ENUM,
+    OPT_V_ENUM,
+    OPT_CAPATH, OPT_NOCAFILE, OPT_NOCAPATH, OPT_IN, OPT_INFORM, OPT_OUT,
+    OPT_OUTFORM, OPT_CONTENT
+} OPTION_CHOICE;
+
+const OPTIONS smime_options[] = {
+    {OPT_HELP_STR, 1, '-', "Usage: %s [options] cert.pem...\n"},
+    {OPT_HELP_STR, 1, '-',
+        "  cert.pem... recipient certs for encryption\n"},
+    {OPT_HELP_STR, 1, '-', "Valid options are:\n"},
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"encrypt", OPT_ENCRYPT, '-', "Encrypt message"},
+    {"decrypt", OPT_DECRYPT, '-', "Decrypt encrypted message"},
+    {"sign", OPT_SIGN, '-', "Sign message"},
+    {"verify", OPT_VERIFY, '-', "Verify signed message"},
+    {"pk7out", OPT_PK7OUT, '-', "Output PKCS#7 structure"},
+    {"nointern", OPT_NOINTERN, '-',
+     "Don't search certificates in message for signer"},
+    {"nosigs", OPT_NOSIGS, '-', "Don't verify message signature"},
+    {"noverify", OPT_NOVERIFY, '-', "Don't verify signers certificate"},
+    {"nocerts", OPT_NOCERTS, '-',
+     "Don't include signers certificate when signing"},
+    {"nodetach", OPT_NODETACH, '-', "Use opaque signing"},
+    {"noattr", OPT_NOATTR, '-', "Don't include any signed attributes"},
+    {"binary", OPT_BINARY, '-', "Don't translate message to text"},
+    {"certfile", OPT_CERTFILE, '<', "Other certificates file"},
+    {"signer", OPT_SIGNER, 's', "Signer certificate file"},
+    {"recip", OPT_RECIP, '<', "Recipient certificate file for decryption"},
+    {"in", OPT_IN, '<', "Input file"},
+    {"inform", OPT_INFORM, 'c', "Input format SMIME (default), PEM or DER"},
+    {"inkey", OPT_INKEY, 's',
+     "Input private key (if not signer or recipient)"},
+    {"keyform", OPT_KEYFORM, 'f', "Input private key format (PEM or ENGINE)"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"outform", OPT_OUTFORM, 'c',
+     "Output format SMIME (default), PEM or DER"},
+    {"content", OPT_CONTENT, '<',
+     "Supply or override content for detached signature"},
+    {"to", OPT_TO, 's', "To address"},
+    {"from", OPT_FROM, 's', "From address"},
+    {"subject", OPT_SUBJECT, 's', "Subject"},
+    {"text", OPT_TEXT, '-', "Include or delete text MIME headers"},
+    {"CApath", OPT_CAPATH, '/', "Trusted certificates directory"},
+    {"CAfile", OPT_CAFILE, '<', "Trusted certificates file"},
+    {"no-CAfile", OPT_NOCAFILE, '-',
+     "Do not load the default certificates file"},
+    {"no-CApath", OPT_NOCAPATH, '-',
+     "Do not load certificates from the default certificates directory"},
+    {"resign", OPT_RESIGN, '-', "Resign a signed message"},
+    {"nochain", OPT_NOCHAIN, '-',
+     "set PKCS7_NOCHAIN so certificates contained in the message are not used as untrusted CAs" },
+    {"nosmimecap", OPT_NOSMIMECAP, '-', "Omit the SMIMECapabilities attribute"},
+    {"stream", OPT_STREAM, '-', "Enable CMS streaming" },
+    {"indef", OPT_INDEF, '-', "Same as -stream" },
+    {"noindef", OPT_NOINDEF, '-', "Disable CMS streaming"},
+    {"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of CR only"},
+    OPT_R_OPTIONS,
+    {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+    {"md", OPT_MD, 's', "Digest algorithm to use when signing or resigning"},
+    {"", OPT_CIPHER, '-', "Any supported cipher"},
+    OPT_V_OPTIONS,
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+    {NULL}
+};
+
+int smime_main(int argc, char **argv)
+{
+    BIO *in = NULL, *out = NULL, *indata = NULL;
+    EVP_PKEY *key = NULL;
+    PKCS7 *p7 = NULL;
+    STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL;
+    STACK_OF(X509) *encerts = NULL, *other = NULL;
+    X509 *cert = NULL, *recip = NULL, *signer = NULL;
+    X509_STORE *store = NULL;
+    X509_VERIFY_PARAM *vpm = NULL;
+    const EVP_CIPHER *cipher = NULL;
+    const EVP_MD *sign_md = NULL;
+    const char *CAfile = NULL, *CApath = NULL, *prog = NULL;
+    char *certfile = NULL, *keyfile = NULL, *contfile = NULL;
+    char *infile = NULL, *outfile = NULL, *signerfile = NULL, *recipfile = NULL;
+    char *passinarg = NULL, *passin = NULL, *to = NULL, *from = NULL, *subject = NULL;
+    OPTION_CHOICE o;
+    int noCApath = 0, noCAfile = 0;
+    int flags = PKCS7_DETACHED, operation = 0, ret = 0, indef = 0;
+    int informat = FORMAT_SMIME, outformat = FORMAT_SMIME, keyform =
+        FORMAT_PEM;
+    int vpmtouched = 0, rv = 0;
+    ENGINE *e = NULL;
+    const char *mime_eol = "\n";
+
+    if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
+        return 1;
+
+    prog = opt_init(argc, argv, smime_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(smime_options);
+            ret = 0;
+            goto end;
+        case OPT_INFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PDS, &informat))
+                goto opthelp;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PDS, &outformat))
+                goto opthelp;
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_ENCRYPT:
+            operation = SMIME_ENCRYPT;
+            break;
+        case OPT_DECRYPT:
+            operation = SMIME_DECRYPT;
+            break;
+        case OPT_SIGN:
+            operation = SMIME_SIGN;
+            break;
+        case OPT_RESIGN:
+            operation = SMIME_RESIGN;
+            break;
+        case OPT_VERIFY:
+            operation = SMIME_VERIFY;
+            break;
+        case OPT_PK7OUT:
+            operation = SMIME_PK7OUT;
+            break;
+        case OPT_TEXT:
+            flags |= PKCS7_TEXT;
+            break;
+        case OPT_NOINTERN:
+            flags |= PKCS7_NOINTERN;
+            break;
+        case OPT_NOVERIFY:
+            flags |= PKCS7_NOVERIFY;
+            break;
+        case OPT_NOCHAIN:
+            flags |= PKCS7_NOCHAIN;
+            break;
+        case OPT_NOCERTS:
+            flags |= PKCS7_NOCERTS;
+            break;
+        case OPT_NOATTR:
+            flags |= PKCS7_NOATTR;
+            break;
+        case OPT_NODETACH:
+            flags &= ~PKCS7_DETACHED;
+            break;
+        case OPT_NOSMIMECAP:
+            flags |= PKCS7_NOSMIMECAP;
+            break;
+        case OPT_BINARY:
+            flags |= PKCS7_BINARY;
+            break;
+        case OPT_NOSIGS:
+            flags |= PKCS7_NOSIGS;
+            break;
+        case OPT_STREAM:
+        case OPT_INDEF:
+            indef = 1;
+            break;
+        case OPT_NOINDEF:
+            indef = 0;
+            break;
+        case OPT_CRLFEOL:
+            flags |= PKCS7_CRLFEOL;
+            mime_eol = "\r\n";
+            break;
+        case OPT_R_CASES:
+            if (!opt_rand(o))
+                goto end;
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_PASSIN:
+            passinarg = opt_arg();
+            break;
+        case OPT_TO:
+            to = opt_arg();
+            break;
+        case OPT_FROM:
+            from = opt_arg();
+            break;
+        case OPT_SUBJECT:
+            subject = opt_arg();
+            break;
+        case OPT_SIGNER:
+            /* If previous -signer argument add signer to list */
+            if (signerfile != NULL) {
+                if (sksigners == NULL
+                    && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
+                    goto end;
+                sk_OPENSSL_STRING_push(sksigners, signerfile);
+                if (keyfile == NULL)
+                    keyfile = signerfile;
+                if (skkeys == NULL
+                    && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
+                    goto end;
+                sk_OPENSSL_STRING_push(skkeys, keyfile);
+                keyfile = NULL;
+            }
+            signerfile = opt_arg();
+            break;
+        case OPT_RECIP:
+            recipfile = opt_arg();
+            break;
+        case OPT_MD:
+            if (!opt_md(opt_arg(), &sign_md))
+                goto opthelp;
+            break;
+        case OPT_CIPHER:
+            if (!opt_cipher(opt_unknown(), &cipher))
+                goto opthelp;
+            break;
+        case OPT_INKEY:
+            /* If previous -inkey argument add signer to list */
+            if (keyfile != NULL) {
+                if (signerfile == NULL) {
+                    BIO_printf(bio_err,
+                               "%s: Must have -signer before -inkey\n", prog);
+                    goto opthelp;
+                }
+                if (sksigners == NULL
+                    && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
+                    goto end;
+                sk_OPENSSL_STRING_push(sksigners, signerfile);
+                signerfile = NULL;
+                if (skkeys == NULL
+                    && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
+                    goto end;
+                sk_OPENSSL_STRING_push(skkeys, keyfile);
+            }
+            keyfile = opt_arg();
+            break;
+        case OPT_KEYFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyform))
+                goto opthelp;
+            break;
+        case OPT_CERTFILE:
+            certfile = opt_arg();
+            break;
+        case OPT_CAFILE:
+            CAfile = opt_arg();
+            break;
+        case OPT_CAPATH:
+            CApath = opt_arg();
+            break;
+        case OPT_NOCAFILE:
+            noCAfile = 1;
+            break;
+        case OPT_NOCAPATH:
+            noCApath = 1;
+            break;
+        case OPT_CONTENT:
+            contfile = opt_arg();
+            break;
+        case OPT_V_CASES:
+            if (!opt_verify(o, vpm))
+                goto opthelp;
+            vpmtouched++;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    argv = opt_rest();
+
+    if (!(operation & SMIME_SIGNERS) && (skkeys != NULL || sksigners != NULL)) {
+        BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
+        goto opthelp;
+    }
+
+    if (operation & SMIME_SIGNERS) {
+        /* Check to see if any final signer needs to be appended */
+        if (keyfile && !signerfile) {
+            BIO_puts(bio_err, "Illegal -inkey without -signer\n");
+            goto opthelp;
+        }
+        if (signerfile != NULL) {
+            if (sksigners == NULL
+                && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
+                goto end;
+            sk_OPENSSL_STRING_push(sksigners, signerfile);
+            if (!skkeys && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
+                goto end;
+            if (!keyfile)
+                keyfile = signerfile;
+            sk_OPENSSL_STRING_push(skkeys, keyfile);
+        }
+        if (sksigners == NULL) {
+            BIO_printf(bio_err, "No signer certificate specified\n");
+            goto opthelp;
+        }
+        signerfile = NULL;
+        keyfile = NULL;
+    } else if (operation == SMIME_DECRYPT) {
+        if (recipfile == NULL && keyfile == NULL) {
+            BIO_printf(bio_err,
+                       "No recipient certificate or key specified\n");
+            goto opthelp;
+        }
+    } else if (operation == SMIME_ENCRYPT) {
+        if (argc == 0) {
+            BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
+            goto opthelp;
+        }
+    } else if (!operation) {
+        goto opthelp;
+    }
+
+    if (!app_passwd(passinarg, NULL, &passin, NULL)) {
+        BIO_printf(bio_err, "Error getting password\n");
+        goto end;
+    }
+
+    ret = 2;
+
+    if (!(operation & SMIME_SIGNERS))
+        flags &= ~PKCS7_DETACHED;
+
+    if (!(operation & SMIME_OP)) {
+        if (flags & PKCS7_BINARY)
+            outformat = FORMAT_BINARY;
+    }
+
+    if (!(operation & SMIME_IP)) {
+        if (flags & PKCS7_BINARY)
+            informat = FORMAT_BINARY;
+    }
+
+    if (operation == SMIME_ENCRYPT) {
+        if (cipher == NULL) {
+#ifndef OPENSSL_NO_DES
+            cipher = EVP_des_ede3_cbc();
+#else
+            BIO_printf(bio_err, "No cipher selected\n");
+            goto end;
+#endif
+        }
+        encerts = sk_X509_new_null();
+        if (encerts == NULL)
+            goto end;
+        while (*argv != NULL) {
+            cert = load_cert(*argv, FORMAT_PEM,
+                             "recipient certificate file");
+            if (cert == NULL)
+                goto end;
+            sk_X509_push(encerts, cert);
+            cert = NULL;
+            argv++;
+        }
+    }
+
+    if (certfile != NULL) {
+        if (!load_certs(certfile, &other, FORMAT_PEM, NULL,
+                        "certificate file")) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (recipfile != NULL && (operation == SMIME_DECRYPT)) {
+        if ((recip = load_cert(recipfile, FORMAT_PEM,
+                               "recipient certificate file")) == NULL) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (operation == SMIME_DECRYPT) {
+        if (keyfile == NULL)
+            keyfile = recipfile;
+    } else if (operation == SMIME_SIGN) {
+        if (keyfile == NULL)
+            keyfile = signerfile;
+    } else {
+        keyfile = NULL;
+    }
+
+    if (keyfile != NULL) {
+        key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
+        if (key == NULL)
+            goto end;
+    }
+
+    in = bio_open_default(infile, 'r', informat);
+    if (in == NULL)
+        goto end;
+
+    if (operation & SMIME_IP) {
+        if (informat == FORMAT_SMIME) {
+            p7 = SMIME_read_PKCS7(in, &indata);
+        } else if (informat == FORMAT_PEM) {
+            p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
+        } else if (informat == FORMAT_ASN1) {
+            p7 = d2i_PKCS7_bio(in, NULL);
+        } else {
+            BIO_printf(bio_err, "Bad input format for PKCS#7 file\n");
+            goto end;
+        }
+
+        if (p7 == NULL) {
+            BIO_printf(bio_err, "Error reading S/MIME message\n");
+            goto end;
+        }
+        if (contfile != NULL) {
+            BIO_free(indata);
+            if ((indata = BIO_new_file(contfile, "rb")) == NULL) {
+                BIO_printf(bio_err, "Can't read content file %s\n", contfile);
+                goto end;
+            }
+        }
+    }
+
+    out = bio_open_default(outfile, 'w', outformat);
+    if (out == NULL)
+        goto end;
+
+    if (operation == SMIME_VERIFY) {
+        if ((store = setup_verify(CAfile, CApath, noCAfile, noCApath)) == NULL)
+            goto end;
+        X509_STORE_set_verify_cb(store, smime_cb);
+        if (vpmtouched)
+            X509_STORE_set1_param(store, vpm);
+    }
+
+    ret = 3;
+
+    if (operation == SMIME_ENCRYPT) {
+        if (indef)
+            flags |= PKCS7_STREAM;
+        p7 = PKCS7_encrypt(encerts, in, cipher, flags);
+    } else if (operation & SMIME_SIGNERS) {
+        int i;
+        /*
+         * If detached data content we only enable streaming if S/MIME output
+         * format.
+         */
+        if (operation == SMIME_SIGN) {
+            if (flags & PKCS7_DETACHED) {
+                if (outformat == FORMAT_SMIME)
+                    flags |= PKCS7_STREAM;
+            } else if (indef) {
+                flags |= PKCS7_STREAM;
+            }
+            flags |= PKCS7_PARTIAL;
+            p7 = PKCS7_sign(NULL, NULL, other, in, flags);
+            if (p7 == NULL)
+                goto end;
+            if (flags & PKCS7_NOCERTS) {
+                for (i = 0; i < sk_X509_num(other); i++) {
+                    X509 *x = sk_X509_value(other, i);
+                    PKCS7_add_certificate(p7, x);
+                }
+            }
+        } else {
+            flags |= PKCS7_REUSE_DIGEST;
+        }
+        for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) {
+            signerfile = sk_OPENSSL_STRING_value(sksigners, i);
+            keyfile = sk_OPENSSL_STRING_value(skkeys, i);
+            signer = load_cert(signerfile, FORMAT_PEM,
+                               "signer certificate");
+            if (signer == NULL)
+                goto end;
+            key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
+            if (key == NULL)
+                goto end;
+            if (!PKCS7_sign_add_signer(p7, signer, key, sign_md, flags))
+                goto end;
+            X509_free(signer);
+            signer = NULL;
+            EVP_PKEY_free(key);
+            key = NULL;
+        }
+        /* If not streaming or resigning finalize structure */
+        if ((operation == SMIME_SIGN) && !(flags & PKCS7_STREAM)) {
+            if (!PKCS7_final(p7, in, flags))
+                goto end;
+        }
+    }
+
+    if (p7 == NULL) {
+        BIO_printf(bio_err, "Error creating PKCS#7 structure\n");
+        goto end;
+    }
+
+    ret = 4;
+    if (operation == SMIME_DECRYPT) {
+        if (!PKCS7_decrypt(p7, key, recip, out, flags)) {
+            BIO_printf(bio_err, "Error decrypting PKCS#7 structure\n");
+            goto end;
+        }
+    } else if (operation == SMIME_VERIFY) {
+        STACK_OF(X509) *signers;
+        if (PKCS7_verify(p7, other, store, indata, out, flags))
+            BIO_printf(bio_err, "Verification successful\n");
+        else {
+            BIO_printf(bio_err, "Verification failure\n");
+            goto end;
+        }
+        signers = PKCS7_get0_signers(p7, other, flags);
+        if (!save_certs(signerfile, signers)) {
+            BIO_printf(bio_err, "Error writing signers to %s\n", signerfile);
+            ret = 5;
+            goto end;
+        }
+        sk_X509_free(signers);
+    } else if (operation == SMIME_PK7OUT) {
+        PEM_write_bio_PKCS7(out, p7);
+    } else {
+        if (to)
+            BIO_printf(out, "To: %s%s", to, mime_eol);
+        if (from)
+            BIO_printf(out, "From: %s%s", from, mime_eol);
+        if (subject)
+            BIO_printf(out, "Subject: %s%s", subject, mime_eol);
+        if (outformat == FORMAT_SMIME) {
+            if (operation == SMIME_RESIGN)
+                rv = SMIME_write_PKCS7(out, p7, indata, flags);
+            else
+                rv = SMIME_write_PKCS7(out, p7, in, flags);
+        } else if (outformat == FORMAT_PEM) {
+            rv = PEM_write_bio_PKCS7_stream(out, p7, in, flags);
+        } else if (outformat == FORMAT_ASN1) {
+            rv = i2d_PKCS7_bio_stream(out, p7, in, flags);
+        } else {
+            BIO_printf(bio_err, "Bad output format for PKCS#7 file\n");
+            goto end;
+        }
+        if (rv == 0) {
+            BIO_printf(bio_err, "Error writing output\n");
+            ret = 3;
+            goto end;
+        }
+    }
+    ret = 0;
+ end:
+    if (ret)
+        ERR_print_errors(bio_err);
+    sk_X509_pop_free(encerts, X509_free);
+    sk_X509_pop_free(other, X509_free);
+    X509_VERIFY_PARAM_free(vpm);
+    sk_OPENSSL_STRING_free(sksigners);
+    sk_OPENSSL_STRING_free(skkeys);
+    X509_STORE_free(store);
+    X509_free(cert);
+    X509_free(recip);
+    X509_free(signer);
+    EVP_PKEY_free(key);
+    PKCS7_free(p7);
+    release_engine(e);
+    BIO_free(in);
+    BIO_free(indata);
+    BIO_free_all(out);
+    OPENSSL_free(passin);
+    return ret;
+}
+
+static int save_certs(char *signerfile, STACK_OF(X509) *signers)
+{
+    int i;
+    BIO *tmp;
+
+    if (signerfile == NULL)
+        return 1;
+    tmp = BIO_new_file(signerfile, "w");
+    if (tmp == NULL)
+        return 0;
+    for (i = 0; i < sk_X509_num(signers); i++)
+        PEM_write_bio_X509(tmp, sk_X509_value(signers, i));
+    BIO_free(tmp);
+    return 1;
+}
+
+/* Minimal callback just to output policy info (if any) */
+
+static int smime_cb(int ok, X509_STORE_CTX *ctx)
+{
+    int error;
+
+    error = X509_STORE_CTX_get_error(ctx);
+
+    if ((error != X509_V_ERR_NO_EXPLICIT_POLICY)
+        && ((error != X509_V_OK) || (ok != 2)))
+        return ok;
+
+    policies_print(ctx);
+
+    return ok;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/speed.c b/trunk/3rdparty/openssl-1.1-fit/apps/speed.c
new file mode 100644
index 000000000..506737d05
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/speed.c
@@ -0,0 +1,3691 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#undef SECONDS
+#define SECONDS                 3
+#define RSA_SECONDS             10
+#define DSA_SECONDS             10
+#define ECDSA_SECONDS   10
+#define ECDH_SECONDS    10
+#define EdDSA_SECONDS   10
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <math.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/crypto.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/async.h>
+#if !defined(OPENSSL_SYS_MSDOS)
+# include OPENSSL_UNISTD
+#endif
+
+#if defined(_WIN32)
+# include <windows.h>
+#endif
+
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_DES
+# include <openssl/des.h>
+#endif
+#include <openssl/aes.h>
+#ifndef OPENSSL_NO_CAMELLIA
+# include <openssl/camellia.h>
+#endif
+#ifndef OPENSSL_NO_MD2
+# include <openssl/md2.h>
+#endif
+#ifndef OPENSSL_NO_MDC2
+# include <openssl/mdc2.h>
+#endif
+#ifndef OPENSSL_NO_MD4
+# include <openssl/md4.h>
+#endif
+#ifndef OPENSSL_NO_MD5
+# include <openssl/md5.h>
+#endif
+#include <openssl/hmac.h>
+#include <openssl/sha.h>
+#ifndef OPENSSL_NO_RMD160
+# include <openssl/ripemd.h>
+#endif
+#ifndef OPENSSL_NO_WHIRLPOOL
+# include <openssl/whrlpool.h>
+#endif
+#ifndef OPENSSL_NO_RC4
+# include <openssl/rc4.h>
+#endif
+#ifndef OPENSSL_NO_RC5
+# include <openssl/rc5.h>
+#endif
+#ifndef OPENSSL_NO_RC2
+# include <openssl/rc2.h>
+#endif
+#ifndef OPENSSL_NO_IDEA
+# include <openssl/idea.h>
+#endif
+#ifndef OPENSSL_NO_SEED
+# include <openssl/seed.h>
+#endif
+#ifndef OPENSSL_NO_BF
+# include <openssl/blowfish.h>
+#endif
+#ifndef OPENSSL_NO_CAST
+# include <openssl/cast.h>
+#endif
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+# include "./testrsa.h"
+#endif
+#include <openssl/x509.h>
+#ifndef OPENSSL_NO_DSA
+# include <openssl/dsa.h>
+# include "./testdsa.h"
+#endif
+#ifndef OPENSSL_NO_EC
+# include <openssl/ec.h>
+#endif
+#include <openssl/modes.h>
+
+#ifndef HAVE_FORK
+# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_VXWORKS)
+#  define HAVE_FORK 0
+# else
+#  define HAVE_FORK 1
+# endif
+#endif
+
+#if HAVE_FORK
+# undef NO_FORK
+#else
+# define NO_FORK
+#endif
+
+#define MAX_MISALIGNMENT 63
+#define MAX_ECDH_SIZE   256
+#define MISALIGN        64
+
+typedef struct openssl_speed_sec_st {
+    int sym;
+    int rsa;
+    int dsa;
+    int ecdsa;
+    int ecdh;
+    int eddsa;
+} openssl_speed_sec_t;
+
+static volatile int run = 0;
+
+static int mr = 0;
+static int usertime = 1;
+
+#ifndef OPENSSL_NO_MD2
+static int EVP_Digest_MD2_loop(void *args);
+#endif
+
+#ifndef OPENSSL_NO_MDC2
+static int EVP_Digest_MDC2_loop(void *args);
+#endif
+#ifndef OPENSSL_NO_MD4
+static int EVP_Digest_MD4_loop(void *args);
+#endif
+#ifndef OPENSSL_NO_MD5
+static int MD5_loop(void *args);
+static int HMAC_loop(void *args);
+#endif
+static int SHA1_loop(void *args);
+static int SHA256_loop(void *args);
+static int SHA512_loop(void *args);
+#ifndef OPENSSL_NO_WHIRLPOOL
+static int WHIRLPOOL_loop(void *args);
+#endif
+#ifndef OPENSSL_NO_RMD160
+static int EVP_Digest_RMD160_loop(void *args);
+#endif
+#ifndef OPENSSL_NO_RC4
+static int RC4_loop(void *args);
+#endif
+#ifndef OPENSSL_NO_DES
+static int DES_ncbc_encrypt_loop(void *args);
+static int DES_ede3_cbc_encrypt_loop(void *args);
+#endif
+static int AES_cbc_128_encrypt_loop(void *args);
+static int AES_cbc_192_encrypt_loop(void *args);
+static int AES_ige_128_encrypt_loop(void *args);
+static int AES_cbc_256_encrypt_loop(void *args);
+static int AES_ige_192_encrypt_loop(void *args);
+static int AES_ige_256_encrypt_loop(void *args);
+static int CRYPTO_gcm128_aad_loop(void *args);
+static int RAND_bytes_loop(void *args);
+static int EVP_Update_loop(void *args);
+static int EVP_Update_loop_ccm(void *args);
+static int EVP_Update_loop_aead(void *args);
+static int EVP_Digest_loop(void *args);
+#ifndef OPENSSL_NO_RSA
+static int RSA_sign_loop(void *args);
+static int RSA_verify_loop(void *args);
+#endif
+#ifndef OPENSSL_NO_DSA
+static int DSA_sign_loop(void *args);
+static int DSA_verify_loop(void *args);
+#endif
+#ifndef OPENSSL_NO_EC
+static int ECDSA_sign_loop(void *args);
+static int ECDSA_verify_loop(void *args);
+static int EdDSA_sign_loop(void *args);
+static int EdDSA_verify_loop(void *args);
+#endif
+
+static double Time_F(int s);
+static void print_message(const char *s, long num, int length, int tm);
+static void pkey_print_message(const char *str, const char *str2,
+                               long num, unsigned int bits, int sec);
+static void print_result(int alg, int run_no, int count, double time_used);
+#ifndef NO_FORK
+static int do_multi(int multi, int size_num);
+#endif
+
+static const int lengths_list[] = {
+    16, 64, 256, 1024, 8 * 1024, 16 * 1024
+};
+static const int *lengths = lengths_list;
+
+static const int aead_lengths_list[] = {
+    2, 31, 136, 1024, 8 * 1024, 16 * 1024
+};
+
+#define START   0
+#define STOP    1
+
+#ifdef SIGALRM
+
+static void alarmed(int sig)
+{
+    signal(SIGALRM, alarmed);
+    run = 0;
+}
+
+static double Time_F(int s)
+{
+    double ret = app_tminterval(s, usertime);
+    if (s == STOP)
+        alarm(0);
+    return ret;
+}
+
+#elif defined(_WIN32)
+
+# define SIGALRM -1
+
+static unsigned int lapse;
+static volatile unsigned int schlock;
+static void alarm_win32(unsigned int secs)
+{
+    lapse = secs * 1000;
+}
+
+# define alarm alarm_win32
+
+static DWORD WINAPI sleepy(VOID * arg)
+{
+    schlock = 1;
+    Sleep(lapse);
+    run = 0;
+    return 0;
+}
+
+static double Time_F(int s)
+{
+    double ret;
+    static HANDLE thr;
+
+    if (s == START) {
+        schlock = 0;
+        thr = CreateThread(NULL, 4096, sleepy, NULL, 0, NULL);
+        if (thr == NULL) {
+            DWORD err = GetLastError();
+            BIO_printf(bio_err, "unable to CreateThread (%lu)", err);
+            ExitProcess(err);
+        }
+        while (!schlock)
+            Sleep(0);           /* scheduler spinlock */
+        ret = app_tminterval(s, usertime);
+    } else {
+        ret = app_tminterval(s, usertime);
+        if (run)
+            TerminateThread(thr, 0);
+        CloseHandle(thr);
+    }
+
+    return ret;
+}
+#else
+static double Time_F(int s)
+{
+    return app_tminterval(s, usertime);
+}
+#endif
+
+static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single,
+                             const openssl_speed_sec_t *seconds);
+
+#define found(value, pairs, result)\
+    opt_found(value, result, pairs, OSSL_NELEM(pairs))
+static int opt_found(const char *name, unsigned int *result,
+                     const OPT_PAIR pairs[], unsigned int nbelem)
+{
+    unsigned int idx;
+
+    for (idx = 0; idx < nbelem; ++idx, pairs++)
+        if (strcmp(name, pairs->name) == 0) {
+            *result = pairs->retval;
+            return 1;
+        }
+    return 0;
+}
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_ELAPSED, OPT_EVP, OPT_DECRYPT, OPT_ENGINE, OPT_MULTI,
+    OPT_MR, OPT_MB, OPT_MISALIGN, OPT_ASYNCJOBS, OPT_R_ENUM,
+    OPT_PRIMES, OPT_SECONDS, OPT_BYTES, OPT_AEAD
+} OPTION_CHOICE;
+
+const OPTIONS speed_options[] = {
+    {OPT_HELP_STR, 1, '-', "Usage: %s [options] ciphers...\n"},
+    {OPT_HELP_STR, 1, '-', "Valid options are:\n"},
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"evp", OPT_EVP, 's', "Use EVP-named cipher or digest"},
+    {"decrypt", OPT_DECRYPT, '-',
+     "Time decryption instead of encryption (only EVP)"},
+    {"aead", OPT_AEAD, '-',
+     "Benchmark EVP-named AEAD cipher in TLS-like sequence"},
+    {"mb", OPT_MB, '-',
+     "Enable (tls1>=1) multi-block mode on EVP-named cipher"},
+    {"mr", OPT_MR, '-', "Produce machine readable output"},
+#ifndef NO_FORK
+    {"multi", OPT_MULTI, 'p', "Run benchmarks in parallel"},
+#endif
+#ifndef OPENSSL_NO_ASYNC
+    {"async_jobs", OPT_ASYNCJOBS, 'p',
+     "Enable async mode and start specified number of jobs"},
+#endif
+    OPT_R_OPTIONS,
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+    {"elapsed", OPT_ELAPSED, '-',
+     "Use wall-clock time instead of CPU user time as divisor"},
+    {"primes", OPT_PRIMES, 'p', "Specify number of primes (for RSA only)"},
+    {"seconds", OPT_SECONDS, 'p',
+     "Run benchmarks for specified amount of seconds"},
+    {"bytes", OPT_BYTES, 'p',
+     "Run [non-PKI] benchmarks on custom-sized buffer"},
+    {"misalign", OPT_MISALIGN, 'p',
+     "Use specified offset to mis-align buffers"},
+    {NULL}
+};
+
+#define D_MD2           0
+#define D_MDC2          1
+#define D_MD4           2
+#define D_MD5           3
+#define D_HMAC          4
+#define D_SHA1          5
+#define D_RMD160        6
+#define D_RC4           7
+#define D_CBC_DES       8
+#define D_EDE3_DES      9
+#define D_CBC_IDEA      10
+#define D_CBC_SEED      11
+#define D_CBC_RC2       12
+#define D_CBC_RC5       13
+#define D_CBC_BF        14
+#define D_CBC_CAST      15
+#define D_CBC_128_AES   16
+#define D_CBC_192_AES   17
+#define D_CBC_256_AES   18
+#define D_CBC_128_CML   19
+#define D_CBC_192_CML   20
+#define D_CBC_256_CML   21
+#define D_EVP           22
+#define D_SHA256        23
+#define D_SHA512        24
+#define D_WHIRLPOOL     25
+#define D_IGE_128_AES   26
+#define D_IGE_192_AES   27
+#define D_IGE_256_AES   28
+#define D_GHASH         29
+#define D_RAND          30
+/* name of algorithms to test */
+static const char *names[] = {
+    "md2", "mdc2", "md4", "md5", "hmac(md5)", "sha1", "rmd160", "rc4",
+    "des cbc", "des ede3", "idea cbc", "seed cbc",
+    "rc2 cbc", "rc5-32/12 cbc", "blowfish cbc", "cast cbc",
+    "aes-128 cbc", "aes-192 cbc", "aes-256 cbc",
+    "camellia-128 cbc", "camellia-192 cbc", "camellia-256 cbc",
+    "evp", "sha256", "sha512", "whirlpool",
+    "aes-128 ige", "aes-192 ige", "aes-256 ige", "ghash",
+    "rand"
+};
+#define ALGOR_NUM       OSSL_NELEM(names)
+
+/* list of configured algorithm (remaining) */
+static const OPT_PAIR doit_choices[] = {
+#ifndef OPENSSL_NO_MD2
+    {"md2", D_MD2},
+#endif
+#ifndef OPENSSL_NO_MDC2
+    {"mdc2", D_MDC2},
+#endif
+#ifndef OPENSSL_NO_MD4
+    {"md4", D_MD4},
+#endif
+#ifndef OPENSSL_NO_MD5
+    {"md5", D_MD5},
+    {"hmac", D_HMAC},
+#endif
+    {"sha1", D_SHA1},
+    {"sha256", D_SHA256},
+    {"sha512", D_SHA512},
+#ifndef OPENSSL_NO_WHIRLPOOL
+    {"whirlpool", D_WHIRLPOOL},
+#endif
+#ifndef OPENSSL_NO_RMD160
+    {"ripemd", D_RMD160},
+    {"rmd160", D_RMD160},
+    {"ripemd160", D_RMD160},
+#endif
+#ifndef OPENSSL_NO_RC4
+    {"rc4", D_RC4},
+#endif
+#ifndef OPENSSL_NO_DES
+    {"des-cbc", D_CBC_DES},
+    {"des-ede3", D_EDE3_DES},
+#endif
+    {"aes-128-cbc", D_CBC_128_AES},
+    {"aes-192-cbc", D_CBC_192_AES},
+    {"aes-256-cbc", D_CBC_256_AES},
+    {"aes-128-ige", D_IGE_128_AES},
+    {"aes-192-ige", D_IGE_192_AES},
+    {"aes-256-ige", D_IGE_256_AES},
+#ifndef OPENSSL_NO_RC2
+    {"rc2-cbc", D_CBC_RC2},
+    {"rc2", D_CBC_RC2},
+#endif
+#ifndef OPENSSL_NO_RC5
+    {"rc5-cbc", D_CBC_RC5},
+    {"rc5", D_CBC_RC5},
+#endif
+#ifndef OPENSSL_NO_IDEA
+    {"idea-cbc", D_CBC_IDEA},
+    {"idea", D_CBC_IDEA},
+#endif
+#ifndef OPENSSL_NO_SEED
+    {"seed-cbc", D_CBC_SEED},
+    {"seed", D_CBC_SEED},
+#endif
+#ifndef OPENSSL_NO_BF
+    {"bf-cbc", D_CBC_BF},
+    {"blowfish", D_CBC_BF},
+    {"bf", D_CBC_BF},
+#endif
+#ifndef OPENSSL_NO_CAST
+    {"cast-cbc", D_CBC_CAST},
+    {"cast", D_CBC_CAST},
+    {"cast5", D_CBC_CAST},
+#endif
+    {"ghash", D_GHASH},
+    {"rand", D_RAND}
+};
+
+static double results[ALGOR_NUM][OSSL_NELEM(lengths_list)];
+
+#ifndef OPENSSL_NO_DSA
+# define R_DSA_512       0
+# define R_DSA_1024      1
+# define R_DSA_2048      2
+static const OPT_PAIR dsa_choices[] = {
+    {"dsa512", R_DSA_512},
+    {"dsa1024", R_DSA_1024},
+    {"dsa2048", R_DSA_2048}
+};
+# define DSA_NUM         OSSL_NELEM(dsa_choices)
+
+static double dsa_results[DSA_NUM][2];  /* 2 ops: sign then verify */
+#endif  /* OPENSSL_NO_DSA */
+
+#define R_RSA_512       0
+#define R_RSA_1024      1
+#define R_RSA_2048      2
+#define R_RSA_3072      3
+#define R_RSA_4096      4
+#define R_RSA_7680      5
+#define R_RSA_15360     6
+#ifndef OPENSSL_NO_RSA
+static const OPT_PAIR rsa_choices[] = {
+    {"rsa512", R_RSA_512},
+    {"rsa1024", R_RSA_1024},
+    {"rsa2048", R_RSA_2048},
+    {"rsa3072", R_RSA_3072},
+    {"rsa4096", R_RSA_4096},
+    {"rsa7680", R_RSA_7680},
+    {"rsa15360", R_RSA_15360}
+};
+# define RSA_NUM OSSL_NELEM(rsa_choices)
+
+static double rsa_results[RSA_NUM][2];  /* 2 ops: sign then verify */
+#endif /* OPENSSL_NO_RSA */
+
+#define R_EC_P160    0
+#define R_EC_P192    1
+#define R_EC_P224    2
+#define R_EC_P256    3
+#define R_EC_P384    4
+#define R_EC_P521    5
+#define R_EC_K163    6
+#define R_EC_K233    7
+#define R_EC_K283    8
+#define R_EC_K409    9
+#define R_EC_K571    10
+#define R_EC_B163    11
+#define R_EC_B233    12
+#define R_EC_B283    13
+#define R_EC_B409    14
+#define R_EC_B571    15
+#define R_EC_BRP256R1  16
+#define R_EC_BRP256T1  17
+#define R_EC_BRP384R1  18
+#define R_EC_BRP384T1  19
+#define R_EC_BRP512R1  20
+#define R_EC_BRP512T1  21
+#define R_EC_X25519  22
+#define R_EC_X448    23
+#ifndef OPENSSL_NO_EC
+static OPT_PAIR ecdsa_choices[] = {
+    {"ecdsap160", R_EC_P160},
+    {"ecdsap192", R_EC_P192},
+    {"ecdsap224", R_EC_P224},
+    {"ecdsap256", R_EC_P256},
+    {"ecdsap384", R_EC_P384},
+    {"ecdsap521", R_EC_P521},
+    {"ecdsak163", R_EC_K163},
+    {"ecdsak233", R_EC_K233},
+    {"ecdsak283", R_EC_K283},
+    {"ecdsak409", R_EC_K409},
+    {"ecdsak571", R_EC_K571},
+    {"ecdsab163", R_EC_B163},
+    {"ecdsab233", R_EC_B233},
+    {"ecdsab283", R_EC_B283},
+    {"ecdsab409", R_EC_B409},
+    {"ecdsab571", R_EC_B571},
+    {"ecdsabrp256r1", R_EC_BRP256R1},
+    {"ecdsabrp256t1", R_EC_BRP256T1},
+    {"ecdsabrp384r1", R_EC_BRP384R1},
+    {"ecdsabrp384t1", R_EC_BRP384T1},
+    {"ecdsabrp512r1", R_EC_BRP512R1},
+    {"ecdsabrp512t1", R_EC_BRP512T1}
+};
+# define ECDSA_NUM       OSSL_NELEM(ecdsa_choices)
+
+static double ecdsa_results[ECDSA_NUM][2];    /* 2 ops: sign then verify */
+
+static const OPT_PAIR ecdh_choices[] = {
+    {"ecdhp160", R_EC_P160},
+    {"ecdhp192", R_EC_P192},
+    {"ecdhp224", R_EC_P224},
+    {"ecdhp256", R_EC_P256},
+    {"ecdhp384", R_EC_P384},
+    {"ecdhp521", R_EC_P521},
+    {"ecdhk163", R_EC_K163},
+    {"ecdhk233", R_EC_K233},
+    {"ecdhk283", R_EC_K283},
+    {"ecdhk409", R_EC_K409},
+    {"ecdhk571", R_EC_K571},
+    {"ecdhb163", R_EC_B163},
+    {"ecdhb233", R_EC_B233},
+    {"ecdhb283", R_EC_B283},
+    {"ecdhb409", R_EC_B409},
+    {"ecdhb571", R_EC_B571},
+    {"ecdhbrp256r1", R_EC_BRP256R1},
+    {"ecdhbrp256t1", R_EC_BRP256T1},
+    {"ecdhbrp384r1", R_EC_BRP384R1},
+    {"ecdhbrp384t1", R_EC_BRP384T1},
+    {"ecdhbrp512r1", R_EC_BRP512R1},
+    {"ecdhbrp512t1", R_EC_BRP512T1},
+    {"ecdhx25519", R_EC_X25519},
+    {"ecdhx448", R_EC_X448}
+};
+# define EC_NUM       OSSL_NELEM(ecdh_choices)
+
+static double ecdh_results[EC_NUM][1];  /* 1 op: derivation */
+
+#define R_EC_Ed25519    0
+#define R_EC_Ed448      1
+static OPT_PAIR eddsa_choices[] = {
+    {"ed25519", R_EC_Ed25519},
+    {"ed448", R_EC_Ed448}
+};
+# define EdDSA_NUM       OSSL_NELEM(eddsa_choices)
+
+static double eddsa_results[EdDSA_NUM][2];    /* 2 ops: sign then verify */
+#endif /* OPENSSL_NO_EC */
+
+#ifndef SIGALRM
+# define COND(d) (count < (d))
+# define COUNT(d) (d)
+#else
+# define COND(unused_cond) (run && count<0x7fffffff)
+# define COUNT(d) (count)
+#endif                          /* SIGALRM */
+
+typedef struct loopargs_st {
+    ASYNC_JOB *inprogress_job;
+    ASYNC_WAIT_CTX *wait_ctx;
+    unsigned char *buf;
+    unsigned char *buf2;
+    unsigned char *buf_malloc;
+    unsigned char *buf2_malloc;
+    unsigned char *key;
+    unsigned int siglen;
+    size_t sigsize;
+#ifndef OPENSSL_NO_RSA
+    RSA *rsa_key[RSA_NUM];
+#endif
+#ifndef OPENSSL_NO_DSA
+    DSA *dsa_key[DSA_NUM];
+#endif
+#ifndef OPENSSL_NO_EC
+    EC_KEY *ecdsa[ECDSA_NUM];
+    EVP_PKEY_CTX *ecdh_ctx[EC_NUM];
+    EVP_MD_CTX *eddsa_ctx[EdDSA_NUM];
+    unsigned char *secret_a;
+    unsigned char *secret_b;
+    size_t outlen[EC_NUM];
+#endif
+    EVP_CIPHER_CTX *ctx;
+    HMAC_CTX *hctx;
+    GCM128_CONTEXT *gcm_ctx;
+} loopargs_t;
+static int run_benchmark(int async_jobs, int (*loop_function) (void *),
+                         loopargs_t * loopargs);
+
+static unsigned int testnum;
+
+/* Nb of iterations to do per algorithm and key-size */
+static long c[ALGOR_NUM][OSSL_NELEM(lengths_list)];
+
+#ifndef OPENSSL_NO_MD2
+static int EVP_Digest_MD2_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    unsigned char md2[MD2_DIGEST_LENGTH];
+    int count;
+
+    for (count = 0; COND(c[D_MD2][testnum]); count++) {
+        if (!EVP_Digest(buf, (size_t)lengths[testnum], md2, NULL, EVP_md2(),
+                        NULL))
+            return -1;
+    }
+    return count;
+}
+#endif
+
+#ifndef OPENSSL_NO_MDC2
+static int EVP_Digest_MDC2_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    unsigned char mdc2[MDC2_DIGEST_LENGTH];
+    int count;
+
+    for (count = 0; COND(c[D_MDC2][testnum]); count++) {
+        if (!EVP_Digest(buf, (size_t)lengths[testnum], mdc2, NULL, EVP_mdc2(),
+                        NULL))
+            return -1;
+    }
+    return count;
+}
+#endif
+
+#ifndef OPENSSL_NO_MD4
+static int EVP_Digest_MD4_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    unsigned char md4[MD4_DIGEST_LENGTH];
+    int count;
+
+    for (count = 0; COND(c[D_MD4][testnum]); count++) {
+        if (!EVP_Digest(buf, (size_t)lengths[testnum], md4, NULL, EVP_md4(),
+                        NULL))
+            return -1;
+    }
+    return count;
+}
+#endif
+
+#ifndef OPENSSL_NO_MD5
+static int MD5_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    unsigned char md5[MD5_DIGEST_LENGTH];
+    int count;
+    for (count = 0; COND(c[D_MD5][testnum]); count++)
+        MD5(buf, lengths[testnum], md5);
+    return count;
+}
+
+static int HMAC_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    HMAC_CTX *hctx = tempargs->hctx;
+    unsigned char hmac[MD5_DIGEST_LENGTH];
+    int count;
+
+    for (count = 0; COND(c[D_HMAC][testnum]); count++) {
+        HMAC_Init_ex(hctx, NULL, 0, NULL, NULL);
+        HMAC_Update(hctx, buf, lengths[testnum]);
+        HMAC_Final(hctx, hmac, NULL);
+    }
+    return count;
+}
+#endif
+
+static int SHA1_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    unsigned char sha[SHA_DIGEST_LENGTH];
+    int count;
+    for (count = 0; COND(c[D_SHA1][testnum]); count++)
+        SHA1(buf, lengths[testnum], sha);
+    return count;
+}
+
+static int SHA256_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    unsigned char sha256[SHA256_DIGEST_LENGTH];
+    int count;
+    for (count = 0; COND(c[D_SHA256][testnum]); count++)
+        SHA256(buf, lengths[testnum], sha256);
+    return count;
+}
+
+static int SHA512_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    unsigned char sha512[SHA512_DIGEST_LENGTH];
+    int count;
+    for (count = 0; COND(c[D_SHA512][testnum]); count++)
+        SHA512(buf, lengths[testnum], sha512);
+    return count;
+}
+
+#ifndef OPENSSL_NO_WHIRLPOOL
+static int WHIRLPOOL_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    unsigned char whirlpool[WHIRLPOOL_DIGEST_LENGTH];
+    int count;
+    for (count = 0; COND(c[D_WHIRLPOOL][testnum]); count++)
+        WHIRLPOOL(buf, lengths[testnum], whirlpool);
+    return count;
+}
+#endif
+
+#ifndef OPENSSL_NO_RMD160
+static int EVP_Digest_RMD160_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    unsigned char rmd160[RIPEMD160_DIGEST_LENGTH];
+    int count;
+    for (count = 0; COND(c[D_RMD160][testnum]); count++) {
+        if (!EVP_Digest(buf, (size_t)lengths[testnum], &(rmd160[0]),
+                        NULL, EVP_ripemd160(), NULL))
+            return -1;
+    }
+    return count;
+}
+#endif
+
+#ifndef OPENSSL_NO_RC4
+static RC4_KEY rc4_ks;
+static int RC4_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    int count;
+    for (count = 0; COND(c[D_RC4][testnum]); count++)
+        RC4(&rc4_ks, (size_t)lengths[testnum], buf, buf);
+    return count;
+}
+#endif
+
+#ifndef OPENSSL_NO_DES
+static unsigned char DES_iv[8];
+static DES_key_schedule sch;
+static DES_key_schedule sch2;
+static DES_key_schedule sch3;
+static int DES_ncbc_encrypt_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    int count;
+    for (count = 0; COND(c[D_CBC_DES][testnum]); count++)
+        DES_ncbc_encrypt(buf, buf, lengths[testnum], &sch,
+                         &DES_iv, DES_ENCRYPT);
+    return count;
+}
+
+static int DES_ede3_cbc_encrypt_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    int count;
+    for (count = 0; COND(c[D_EDE3_DES][testnum]); count++)
+        DES_ede3_cbc_encrypt(buf, buf, lengths[testnum],
+                             &sch, &sch2, &sch3, &DES_iv, DES_ENCRYPT);
+    return count;
+}
+#endif
+
+#define MAX_BLOCK_SIZE 128
+
+static unsigned char iv[2 * MAX_BLOCK_SIZE / 8];
+static AES_KEY aes_ks1, aes_ks2, aes_ks3;
+static int AES_cbc_128_encrypt_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    int count;
+    for (count = 0; COND(c[D_CBC_128_AES][testnum]); count++)
+        AES_cbc_encrypt(buf, buf,
+                        (size_t)lengths[testnum], &aes_ks1, iv, AES_ENCRYPT);
+    return count;
+}
+
+static int AES_cbc_192_encrypt_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    int count;
+    for (count = 0; COND(c[D_CBC_192_AES][testnum]); count++)
+        AES_cbc_encrypt(buf, buf,
+                        (size_t)lengths[testnum], &aes_ks2, iv, AES_ENCRYPT);
+    return count;
+}
+
+static int AES_cbc_256_encrypt_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    int count;
+    for (count = 0; COND(c[D_CBC_256_AES][testnum]); count++)
+        AES_cbc_encrypt(buf, buf,
+                        (size_t)lengths[testnum], &aes_ks3, iv, AES_ENCRYPT);
+    return count;
+}
+
+static int AES_ige_128_encrypt_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    unsigned char *buf2 = tempargs->buf2;
+    int count;
+    for (count = 0; COND(c[D_IGE_128_AES][testnum]); count++)
+        AES_ige_encrypt(buf, buf2,
+                        (size_t)lengths[testnum], &aes_ks1, iv, AES_ENCRYPT);
+    return count;
+}
+
+static int AES_ige_192_encrypt_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    unsigned char *buf2 = tempargs->buf2;
+    int count;
+    for (count = 0; COND(c[D_IGE_192_AES][testnum]); count++)
+        AES_ige_encrypt(buf, buf2,
+                        (size_t)lengths[testnum], &aes_ks2, iv, AES_ENCRYPT);
+    return count;
+}
+
+static int AES_ige_256_encrypt_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    unsigned char *buf2 = tempargs->buf2;
+    int count;
+    for (count = 0; COND(c[D_IGE_256_AES][testnum]); count++)
+        AES_ige_encrypt(buf, buf2,
+                        (size_t)lengths[testnum], &aes_ks3, iv, AES_ENCRYPT);
+    return count;
+}
+
+static int CRYPTO_gcm128_aad_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    GCM128_CONTEXT *gcm_ctx = tempargs->gcm_ctx;
+    int count;
+    for (count = 0; COND(c[D_GHASH][testnum]); count++)
+        CRYPTO_gcm128_aad(gcm_ctx, buf, lengths[testnum]);
+    return count;
+}
+
+static int RAND_bytes_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    int count;
+
+    for (count = 0; COND(c[D_RAND][testnum]); count++)
+        RAND_bytes(buf, lengths[testnum]);
+    return count;
+}
+
+static long save_count = 0;
+static int decrypt = 0;
+static int EVP_Update_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    EVP_CIPHER_CTX *ctx = tempargs->ctx;
+    int outl, count, rc;
+#ifndef SIGALRM
+    int nb_iter = save_count * 4 * lengths[0] / lengths[testnum];
+#endif
+    if (decrypt) {
+        for (count = 0; COND(nb_iter); count++) {
+            rc = EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
+            if (rc != 1) {
+                /* reset iv in case of counter overflow */
+                EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, -1);
+            }
+        }
+    } else {
+        for (count = 0; COND(nb_iter); count++) {
+            rc = EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
+            if (rc != 1) {
+                /* reset iv in case of counter overflow */
+                EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, -1);
+            }
+        }
+    }
+    if (decrypt)
+        EVP_DecryptFinal_ex(ctx, buf, &outl);
+    else
+        EVP_EncryptFinal_ex(ctx, buf, &outl);
+    return count;
+}
+
+/*
+ * CCM does not support streaming. For the purpose of performance measurement,
+ * each message is encrypted using the same (key,iv)-pair. Do not use this
+ * code in your application.
+ */
+static int EVP_Update_loop_ccm(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    EVP_CIPHER_CTX *ctx = tempargs->ctx;
+    int outl, count;
+    unsigned char tag[12];
+#ifndef SIGALRM
+    int nb_iter = save_count * 4 * lengths[0] / lengths[testnum];
+#endif
+    if (decrypt) {
+        for (count = 0; COND(nb_iter); count++) {
+            EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(tag), tag);
+            /* reset iv */
+            EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv);
+            /* counter is reset on every update */
+            EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
+        }
+    } else {
+        for (count = 0; COND(nb_iter); count++) {
+            /* restore iv length field */
+            EVP_EncryptUpdate(ctx, NULL, &outl, NULL, lengths[testnum]);
+            /* counter is reset on every update */
+            EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
+        }
+    }
+    if (decrypt)
+        EVP_DecryptFinal_ex(ctx, buf, &outl);
+    else
+        EVP_EncryptFinal_ex(ctx, buf, &outl);
+    return count;
+}
+
+/*
+ * To make AEAD benchmarking more relevant perform TLS-like operations,
+ * 13-byte AAD followed by payload. But don't use TLS-formatted AAD, as
+ * payload length is not actually limited by 16KB...
+ */
+static int EVP_Update_loop_aead(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    EVP_CIPHER_CTX *ctx = tempargs->ctx;
+    int outl, count;
+    unsigned char aad[13] = { 0xcc };
+    unsigned char faketag[16] = { 0xcc };
+#ifndef SIGALRM
+    int nb_iter = save_count * 4 * lengths[0] / lengths[testnum];
+#endif
+    if (decrypt) {
+        for (count = 0; COND(nb_iter); count++) {
+            EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv);
+            EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
+                                sizeof(faketag), faketag);
+            EVP_DecryptUpdate(ctx, NULL, &outl, aad, sizeof(aad));
+            EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
+            EVP_DecryptFinal_ex(ctx, buf + outl, &outl);
+        }
+    } else {
+        for (count = 0; COND(nb_iter); count++) {
+            EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv);
+            EVP_EncryptUpdate(ctx, NULL, &outl, aad, sizeof(aad));
+            EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
+            EVP_EncryptFinal_ex(ctx, buf + outl, &outl);
+        }
+    }
+    return count;
+}
+
+static const EVP_MD *evp_md = NULL;
+static int EVP_Digest_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    unsigned char md[EVP_MAX_MD_SIZE];
+    int count;
+#ifndef SIGALRM
+    int nb_iter = save_count * 4 * lengths[0] / lengths[testnum];
+#endif
+
+    for (count = 0; COND(nb_iter); count++) {
+        if (!EVP_Digest(buf, lengths[testnum], md, NULL, evp_md, NULL))
+            return -1;
+    }
+    return count;
+}
+
+#ifndef OPENSSL_NO_RSA
+static long rsa_c[RSA_NUM][2];  /* # RSA iteration test */
+
+static int RSA_sign_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    unsigned char *buf2 = tempargs->buf2;
+    unsigned int *rsa_num = &tempargs->siglen;
+    RSA **rsa_key = tempargs->rsa_key;
+    int ret, count;
+    for (count = 0; COND(rsa_c[testnum][0]); count++) {
+        ret = RSA_sign(NID_md5_sha1, buf, 36, buf2, rsa_num, rsa_key[testnum]);
+        if (ret == 0) {
+            BIO_printf(bio_err, "RSA sign failure\n");
+            ERR_print_errors(bio_err);
+            count = -1;
+            break;
+        }
+    }
+    return count;
+}
+
+static int RSA_verify_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    unsigned char *buf2 = tempargs->buf2;
+    unsigned int rsa_num = tempargs->siglen;
+    RSA **rsa_key = tempargs->rsa_key;
+    int ret, count;
+    for (count = 0; COND(rsa_c[testnum][1]); count++) {
+        ret =
+            RSA_verify(NID_md5_sha1, buf, 36, buf2, rsa_num, rsa_key[testnum]);
+        if (ret <= 0) {
+            BIO_printf(bio_err, "RSA verify failure\n");
+            ERR_print_errors(bio_err);
+            count = -1;
+            break;
+        }
+    }
+    return count;
+}
+#endif
+
+#ifndef OPENSSL_NO_DSA
+static long dsa_c[DSA_NUM][2];
+static int DSA_sign_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    unsigned char *buf2 = tempargs->buf2;
+    DSA **dsa_key = tempargs->dsa_key;
+    unsigned int *siglen = &tempargs->siglen;
+    int ret, count;
+    for (count = 0; COND(dsa_c[testnum][0]); count++) {
+        ret = DSA_sign(0, buf, 20, buf2, siglen, dsa_key[testnum]);
+        if (ret == 0) {
+            BIO_printf(bio_err, "DSA sign failure\n");
+            ERR_print_errors(bio_err);
+            count = -1;
+            break;
+        }
+    }
+    return count;
+}
+
+static int DSA_verify_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    unsigned char *buf2 = tempargs->buf2;
+    DSA **dsa_key = tempargs->dsa_key;
+    unsigned int siglen = tempargs->siglen;
+    int ret, count;
+    for (count = 0; COND(dsa_c[testnum][1]); count++) {
+        ret = DSA_verify(0, buf, 20, buf2, siglen, dsa_key[testnum]);
+        if (ret <= 0) {
+            BIO_printf(bio_err, "DSA verify failure\n");
+            ERR_print_errors(bio_err);
+            count = -1;
+            break;
+        }
+    }
+    return count;
+}
+#endif
+
+#ifndef OPENSSL_NO_EC
+static long ecdsa_c[ECDSA_NUM][2];
+static int ECDSA_sign_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    EC_KEY **ecdsa = tempargs->ecdsa;
+    unsigned char *ecdsasig = tempargs->buf2;
+    unsigned int *ecdsasiglen = &tempargs->siglen;
+    int ret, count;
+    for (count = 0; COND(ecdsa_c[testnum][0]); count++) {
+        ret = ECDSA_sign(0, buf, 20, ecdsasig, ecdsasiglen, ecdsa[testnum]);
+        if (ret == 0) {
+            BIO_printf(bio_err, "ECDSA sign failure\n");
+            ERR_print_errors(bio_err);
+            count = -1;
+            break;
+        }
+    }
+    return count;
+}
+
+static int ECDSA_verify_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    EC_KEY **ecdsa = tempargs->ecdsa;
+    unsigned char *ecdsasig = tempargs->buf2;
+    unsigned int ecdsasiglen = tempargs->siglen;
+    int ret, count;
+    for (count = 0; COND(ecdsa_c[testnum][1]); count++) {
+        ret = ECDSA_verify(0, buf, 20, ecdsasig, ecdsasiglen, ecdsa[testnum]);
+        if (ret != 1) {
+            BIO_printf(bio_err, "ECDSA verify failure\n");
+            ERR_print_errors(bio_err);
+            count = -1;
+            break;
+        }
+    }
+    return count;
+}
+
+/* ******************************************************************** */
+static long ecdh_c[EC_NUM][1];
+
+static int ECDH_EVP_derive_key_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    EVP_PKEY_CTX *ctx = tempargs->ecdh_ctx[testnum];
+    unsigned char *derived_secret = tempargs->secret_a;
+    int count;
+    size_t *outlen = &(tempargs->outlen[testnum]);
+
+    for (count = 0; COND(ecdh_c[testnum][0]); count++)
+        EVP_PKEY_derive(ctx, derived_secret, outlen);
+
+    return count;
+}
+
+static long eddsa_c[EdDSA_NUM][2];
+static int EdDSA_sign_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    EVP_MD_CTX **edctx = tempargs->eddsa_ctx;
+    unsigned char *eddsasig = tempargs->buf2;
+    size_t *eddsasigsize = &tempargs->sigsize;
+    int ret, count;
+
+    for (count = 0; COND(eddsa_c[testnum][0]); count++) {
+        ret = EVP_DigestSign(edctx[testnum], eddsasig, eddsasigsize, buf, 20);
+        if (ret == 0) {
+            BIO_printf(bio_err, "EdDSA sign failure\n");
+            ERR_print_errors(bio_err);
+            count = -1;
+            break;
+        }
+    }
+    return count;
+}
+
+static int EdDSA_verify_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    EVP_MD_CTX **edctx = tempargs->eddsa_ctx;
+    unsigned char *eddsasig = tempargs->buf2;
+    size_t eddsasigsize = tempargs->sigsize;
+    int ret, count;
+
+    for (count = 0; COND(eddsa_c[testnum][1]); count++) {
+        ret = EVP_DigestVerify(edctx[testnum], eddsasig, eddsasigsize, buf, 20);
+        if (ret != 1) {
+            BIO_printf(bio_err, "EdDSA verify failure\n");
+            ERR_print_errors(bio_err);
+            count = -1;
+            break;
+        }
+    }
+    return count;
+}
+#endif                          /* OPENSSL_NO_EC */
+
+static int run_benchmark(int async_jobs,
+                         int (*loop_function) (void *), loopargs_t * loopargs)
+{
+    int job_op_count = 0;
+    int total_op_count = 0;
+    int num_inprogress = 0;
+    int error = 0, i = 0, ret = 0;
+    OSSL_ASYNC_FD job_fd = 0;
+    size_t num_job_fds = 0;
+
+    run = 1;
+
+    if (async_jobs == 0) {
+        return loop_function((void *)&loopargs);
+    }
+
+    for (i = 0; i < async_jobs && !error; i++) {
+        loopargs_t *looparg_item = loopargs + i;
+
+        /* Copy pointer content (looparg_t item address) into async context */
+        ret = ASYNC_start_job(&loopargs[i].inprogress_job, loopargs[i].wait_ctx,
+                              &job_op_count, loop_function,
+                              (void *)&looparg_item, sizeof(looparg_item));
+        switch (ret) {
+        case ASYNC_PAUSE:
+            ++num_inprogress;
+            break;
+        case ASYNC_FINISH:
+            if (job_op_count == -1) {
+                error = 1;
+            } else {
+                total_op_count += job_op_count;
+            }
+            break;
+        case ASYNC_NO_JOBS:
+        case ASYNC_ERR:
+            BIO_printf(bio_err, "Failure in the job\n");
+            ERR_print_errors(bio_err);
+            error = 1;
+            break;
+        }
+    }
+
+    while (num_inprogress > 0) {
+#if defined(OPENSSL_SYS_WINDOWS)
+        DWORD avail = 0;
+#elif defined(OPENSSL_SYS_UNIX)
+        int select_result = 0;
+        OSSL_ASYNC_FD max_fd = 0;
+        fd_set waitfdset;
+
+        FD_ZERO(&waitfdset);
+
+        for (i = 0; i < async_jobs && num_inprogress > 0; i++) {
+            if (loopargs[i].inprogress_job == NULL)
+                continue;
+
+            if (!ASYNC_WAIT_CTX_get_all_fds
+                (loopargs[i].wait_ctx, NULL, &num_job_fds)
+                || num_job_fds > 1) {
+                BIO_printf(bio_err, "Too many fds in ASYNC_WAIT_CTX\n");
+                ERR_print_errors(bio_err);
+                error = 1;
+                break;
+            }
+            ASYNC_WAIT_CTX_get_all_fds(loopargs[i].wait_ctx, &job_fd,
+                                       &num_job_fds);
+            FD_SET(job_fd, &waitfdset);
+            if (job_fd > max_fd)
+                max_fd = job_fd;
+        }
+
+        if (max_fd >= (OSSL_ASYNC_FD)FD_SETSIZE) {
+            BIO_printf(bio_err,
+                       "Error: max_fd (%d) must be smaller than FD_SETSIZE (%d). "
+                       "Decrease the value of async_jobs\n",
+                       max_fd, FD_SETSIZE);
+            ERR_print_errors(bio_err);
+            error = 1;
+            break;
+        }
+
+        select_result = select(max_fd + 1, &waitfdset, NULL, NULL, NULL);
+        if (select_result == -1 && errno == EINTR)
+            continue;
+
+        if (select_result == -1) {
+            BIO_printf(bio_err, "Failure in the select\n");
+            ERR_print_errors(bio_err);
+            error = 1;
+            break;
+        }
+
+        if (select_result == 0)
+            continue;
+#endif
+
+        for (i = 0; i < async_jobs; i++) {
+            if (loopargs[i].inprogress_job == NULL)
+                continue;
+
+            if (!ASYNC_WAIT_CTX_get_all_fds
+                (loopargs[i].wait_ctx, NULL, &num_job_fds)
+                || num_job_fds > 1) {
+                BIO_printf(bio_err, "Too many fds in ASYNC_WAIT_CTX\n");
+                ERR_print_errors(bio_err);
+                error = 1;
+                break;
+            }
+            ASYNC_WAIT_CTX_get_all_fds(loopargs[i].wait_ctx, &job_fd,
+                                       &num_job_fds);
+
+#if defined(OPENSSL_SYS_UNIX)
+            if (num_job_fds == 1 && !FD_ISSET(job_fd, &waitfdset))
+                continue;
+#elif defined(OPENSSL_SYS_WINDOWS)
+            if (num_job_fds == 1
+                && !PeekNamedPipe(job_fd, NULL, 0, NULL, &avail, NULL)
+                && avail > 0)
+                continue;
+#endif
+
+            ret = ASYNC_start_job(&loopargs[i].inprogress_job,
+                                  loopargs[i].wait_ctx, &job_op_count,
+                                  loop_function, (void *)(loopargs + i),
+                                  sizeof(loopargs_t));
+            switch (ret) {
+            case ASYNC_PAUSE:
+                break;
+            case ASYNC_FINISH:
+                if (job_op_count == -1) {
+                    error = 1;
+                } else {
+                    total_op_count += job_op_count;
+                }
+                --num_inprogress;
+                loopargs[i].inprogress_job = NULL;
+                break;
+            case ASYNC_NO_JOBS:
+            case ASYNC_ERR:
+                --num_inprogress;
+                loopargs[i].inprogress_job = NULL;
+                BIO_printf(bio_err, "Failure in the job\n");
+                ERR_print_errors(bio_err);
+                error = 1;
+                break;
+            }
+        }
+    }
+
+    return error ? -1 : total_op_count;
+}
+
+int speed_main(int argc, char **argv)
+{
+    ENGINE *e = NULL;
+    loopargs_t *loopargs = NULL;
+    const char *prog;
+    const char *engine_id = NULL;
+    const EVP_CIPHER *evp_cipher = NULL;
+    double d = 0.0;
+    OPTION_CHOICE o;
+    int async_init = 0, multiblock = 0, pr_header = 0;
+    int doit[ALGOR_NUM] = { 0 };
+    int ret = 1, misalign = 0, lengths_single = 0, aead = 0;
+    long count = 0;
+    unsigned int size_num = OSSL_NELEM(lengths_list);
+    unsigned int i, k, loop, loopargs_len = 0, async_jobs = 0;
+    int keylen;
+    int buflen;
+#ifndef NO_FORK
+    int multi = 0;
+#endif
+#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) \
+    || !defined(OPENSSL_NO_EC)
+    long rsa_count = 1;
+#endif
+    openssl_speed_sec_t seconds = { SECONDS, RSA_SECONDS, DSA_SECONDS,
+                                    ECDSA_SECONDS, ECDH_SECONDS,
+                                    EdDSA_SECONDS };
+
+    /* What follows are the buffers and key material. */
+#ifndef OPENSSL_NO_RC5
+    RC5_32_KEY rc5_ks;
+#endif
+#ifndef OPENSSL_NO_RC2
+    RC2_KEY rc2_ks;
+#endif
+#ifndef OPENSSL_NO_IDEA
+    IDEA_KEY_SCHEDULE idea_ks;
+#endif
+#ifndef OPENSSL_NO_SEED
+    SEED_KEY_SCHEDULE seed_ks;
+#endif
+#ifndef OPENSSL_NO_BF
+    BF_KEY bf_ks;
+#endif
+#ifndef OPENSSL_NO_CAST
+    CAST_KEY cast_ks;
+#endif
+    static const unsigned char key16[16] = {
+        0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
+        0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12
+    };
+    static const unsigned char key24[24] = {
+        0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
+        0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
+        0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34
+    };
+    static const unsigned char key32[32] = {
+        0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
+        0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
+        0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34,
+        0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34, 0x56
+    };
+#ifndef OPENSSL_NO_CAMELLIA
+    static const unsigned char ckey24[24] = {
+        0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
+        0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
+        0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34
+    };
+    static const unsigned char ckey32[32] = {
+        0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
+        0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
+        0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34,
+        0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34, 0x56
+    };
+    CAMELLIA_KEY camellia_ks1, camellia_ks2, camellia_ks3;
+#endif
+#ifndef OPENSSL_NO_DES
+    static DES_cblock key = {
+        0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0
+    };
+    static DES_cblock key2 = {
+        0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12
+    };
+    static DES_cblock key3 = {
+        0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34
+    };
+#endif
+#ifndef OPENSSL_NO_RSA
+    static const unsigned int rsa_bits[RSA_NUM] = {
+        512, 1024, 2048, 3072, 4096, 7680, 15360
+    };
+    static const unsigned char *rsa_data[RSA_NUM] = {
+        test512, test1024, test2048, test3072, test4096, test7680, test15360
+    };
+    static const int rsa_data_length[RSA_NUM] = {
+        sizeof(test512), sizeof(test1024),
+        sizeof(test2048), sizeof(test3072),
+        sizeof(test4096), sizeof(test7680),
+        sizeof(test15360)
+    };
+    int rsa_doit[RSA_NUM] = { 0 };
+    int primes = RSA_DEFAULT_PRIME_NUM;
+#endif
+#ifndef OPENSSL_NO_DSA
+    static const unsigned int dsa_bits[DSA_NUM] = { 512, 1024, 2048 };
+    int dsa_doit[DSA_NUM] = { 0 };
+#endif
+#ifndef OPENSSL_NO_EC
+    /*
+     * We only test over the following curves as they are representative, To
+     * add tests over more curves, simply add the curve NID and curve name to
+     * the following arrays and increase the |ecdh_choices| list accordingly.
+     */
+    static const struct {
+        const char *name;
+        unsigned int nid;
+        unsigned int bits;
+    } test_curves[] = {
+        /* Prime Curves */
+        {"secp160r1", NID_secp160r1, 160},
+        {"nistp192", NID_X9_62_prime192v1, 192},
+        {"nistp224", NID_secp224r1, 224},
+        {"nistp256", NID_X9_62_prime256v1, 256},
+        {"nistp384", NID_secp384r1, 384},
+        {"nistp521", NID_secp521r1, 521},
+        /* Binary Curves */
+        {"nistk163", NID_sect163k1, 163},
+        {"nistk233", NID_sect233k1, 233},
+        {"nistk283", NID_sect283k1, 283},
+        {"nistk409", NID_sect409k1, 409},
+        {"nistk571", NID_sect571k1, 571},
+        {"nistb163", NID_sect163r2, 163},
+        {"nistb233", NID_sect233r1, 233},
+        {"nistb283", NID_sect283r1, 283},
+        {"nistb409", NID_sect409r1, 409},
+        {"nistb571", NID_sect571r1, 571},
+        {"brainpoolP256r1", NID_brainpoolP256r1, 256},
+        {"brainpoolP256t1", NID_brainpoolP256t1, 256},
+        {"brainpoolP384r1", NID_brainpoolP384r1, 384},
+        {"brainpoolP384t1", NID_brainpoolP384t1, 384},
+        {"brainpoolP512r1", NID_brainpoolP512r1, 512},
+        {"brainpoolP512t1", NID_brainpoolP512t1, 512},
+        /* Other and ECDH only ones */
+        {"X25519", NID_X25519, 253},
+        {"X448", NID_X448, 448}
+    };
+    static const struct {
+        const char *name;
+        unsigned int nid;
+        unsigned int bits;
+        size_t sigsize;
+    } test_ed_curves[] = {
+        /* EdDSA */
+        {"Ed25519", NID_ED25519, 253, 64},
+        {"Ed448", NID_ED448, 456, 114}
+    };
+    int ecdsa_doit[ECDSA_NUM] = { 0 };
+    int ecdh_doit[EC_NUM] = { 0 };
+    int eddsa_doit[EdDSA_NUM] = { 0 };
+    OPENSSL_assert(OSSL_NELEM(test_curves) >= EC_NUM);
+    OPENSSL_assert(OSSL_NELEM(test_ed_curves) >= EdDSA_NUM);
+#endif                          /* ndef OPENSSL_NO_EC */
+
+    prog = opt_init(argc, argv, speed_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opterr:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(speed_options);
+            ret = 0;
+            goto end;
+        case OPT_ELAPSED:
+            usertime = 0;
+            break;
+        case OPT_EVP:
+            evp_md = NULL;
+            evp_cipher = EVP_get_cipherbyname(opt_arg());
+            if (evp_cipher == NULL)
+                evp_md = EVP_get_digestbyname(opt_arg());
+            if (evp_cipher == NULL && evp_md == NULL) {
+                BIO_printf(bio_err,
+                           "%s: %s is an unknown cipher or digest\n",
+                           prog, opt_arg());
+                goto end;
+            }
+            doit[D_EVP] = 1;
+            break;
+        case OPT_DECRYPT:
+            decrypt = 1;
+            break;
+        case OPT_ENGINE:
+            /*
+             * In a forked execution, an engine might need to be
+             * initialised by each child process, not by the parent.
+             * So store the name here and run setup_engine() later on.
+             */
+            engine_id = opt_arg();
+            break;
+        case OPT_MULTI:
+#ifndef NO_FORK
+            multi = atoi(opt_arg());
+#endif
+            break;
+        case OPT_ASYNCJOBS:
+#ifndef OPENSSL_NO_ASYNC
+            async_jobs = atoi(opt_arg());
+            if (!ASYNC_is_capable()) {
+                BIO_printf(bio_err,
+                           "%s: async_jobs specified but async not supported\n",
+                           prog);
+                goto opterr;
+            }
+            if (async_jobs > 99999) {
+                BIO_printf(bio_err, "%s: too many async_jobs\n", prog);
+                goto opterr;
+            }
+#endif
+            break;
+        case OPT_MISALIGN:
+            if (!opt_int(opt_arg(), &misalign))
+                goto end;
+            if (misalign > MISALIGN) {
+                BIO_printf(bio_err,
+                           "%s: Maximum offset is %d\n", prog, MISALIGN);
+                goto opterr;
+            }
+            break;
+        case OPT_MR:
+            mr = 1;
+            break;
+        case OPT_MB:
+            multiblock = 1;
+#ifdef OPENSSL_NO_MULTIBLOCK
+            BIO_printf(bio_err,
+                       "%s: -mb specified but multi-block support is disabled\n",
+                       prog);
+            goto end;
+#endif
+            break;
+        case OPT_R_CASES:
+            if (!opt_rand(o))
+                goto end;
+            break;
+        case OPT_PRIMES:
+            if (!opt_int(opt_arg(), &primes))
+                goto end;
+            break;
+        case OPT_SECONDS:
+            seconds.sym = seconds.rsa = seconds.dsa = seconds.ecdsa
+                        = seconds.ecdh = seconds.eddsa = atoi(opt_arg());
+            break;
+        case OPT_BYTES:
+            lengths_single = atoi(opt_arg());
+            lengths = &lengths_single;
+            size_num = 1;
+            break;
+        case OPT_AEAD:
+            aead = 1;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    argv = opt_rest();
+
+    /* Remaining arguments are algorithms. */
+    for (; *argv; argv++) {
+        if (found(*argv, doit_choices, &i)) {
+            doit[i] = 1;
+            continue;
+        }
+#ifndef OPENSSL_NO_DES
+        if (strcmp(*argv, "des") == 0) {
+            doit[D_CBC_DES] = doit[D_EDE3_DES] = 1;
+            continue;
+        }
+#endif
+        if (strcmp(*argv, "sha") == 0) {
+            doit[D_SHA1] = doit[D_SHA256] = doit[D_SHA512] = 1;
+            continue;
+        }
+#ifndef OPENSSL_NO_RSA
+        if (strcmp(*argv, "openssl") == 0)
+            continue;
+        if (strcmp(*argv, "rsa") == 0) {
+            for (loop = 0; loop < OSSL_NELEM(rsa_doit); loop++)
+                rsa_doit[loop] = 1;
+            continue;
+        }
+        if (found(*argv, rsa_choices, &i)) {
+            rsa_doit[i] = 1;
+            continue;
+        }
+#endif
+#ifndef OPENSSL_NO_DSA
+        if (strcmp(*argv, "dsa") == 0) {
+            dsa_doit[R_DSA_512] = dsa_doit[R_DSA_1024] =
+                dsa_doit[R_DSA_2048] = 1;
+            continue;
+        }
+        if (found(*argv, dsa_choices, &i)) {
+            dsa_doit[i] = 2;
+            continue;
+        }
+#endif
+        if (strcmp(*argv, "aes") == 0) {
+            doit[D_CBC_128_AES] = doit[D_CBC_192_AES] = doit[D_CBC_256_AES] = 1;
+            continue;
+        }
+#ifndef OPENSSL_NO_CAMELLIA
+        if (strcmp(*argv, "camellia") == 0) {
+            doit[D_CBC_128_CML] = doit[D_CBC_192_CML] = doit[D_CBC_256_CML] = 1;
+            continue;
+        }
+#endif
+#ifndef OPENSSL_NO_EC
+        if (strcmp(*argv, "ecdsa") == 0) {
+            for (loop = 0; loop < OSSL_NELEM(ecdsa_doit); loop++)
+                ecdsa_doit[loop] = 1;
+            continue;
+        }
+        if (found(*argv, ecdsa_choices, &i)) {
+            ecdsa_doit[i] = 2;
+            continue;
+        }
+        if (strcmp(*argv, "ecdh") == 0) {
+            for (loop = 0; loop < OSSL_NELEM(ecdh_doit); loop++)
+                ecdh_doit[loop] = 1;
+            continue;
+        }
+        if (found(*argv, ecdh_choices, &i)) {
+            ecdh_doit[i] = 2;
+            continue;
+        }
+        if (strcmp(*argv, "eddsa") == 0) {
+            for (loop = 0; loop < OSSL_NELEM(eddsa_doit); loop++)
+                eddsa_doit[loop] = 1;
+            continue;
+        }
+        if (found(*argv, eddsa_choices, &i)) {
+            eddsa_doit[i] = 2;
+            continue;
+        }
+#endif
+        BIO_printf(bio_err, "%s: Unknown algorithm %s\n", prog, *argv);
+        goto end;
+    }
+
+    /* Sanity checks */
+    if (aead) {
+        if (evp_cipher == NULL) {
+            BIO_printf(bio_err, "-aead can be used only with an AEAD cipher\n");
+            goto end;
+        } else if (!(EVP_CIPHER_flags(evp_cipher) &
+                     EVP_CIPH_FLAG_AEAD_CIPHER)) {
+            BIO_printf(bio_err, "%s is not an AEAD cipher\n",
+                       OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher)));
+            goto end;
+        }
+    }
+    if (multiblock) {
+        if (evp_cipher == NULL) {
+            BIO_printf(bio_err,"-mb can be used only with a multi-block"
+                               " capable cipher\n");
+            goto end;
+        } else if (!(EVP_CIPHER_flags(evp_cipher) &
+                     EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) {
+            BIO_printf(bio_err, "%s is not a multi-block capable\n",
+                       OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher)));
+            goto end;
+        } else if (async_jobs > 0) {
+            BIO_printf(bio_err, "Async mode is not supported with -mb");
+            goto end;
+        }
+    }
+
+    /* Initialize the job pool if async mode is enabled */
+    if (async_jobs > 0) {
+        async_init = ASYNC_init_thread(async_jobs, async_jobs);
+        if (!async_init) {
+            BIO_printf(bio_err, "Error creating the ASYNC job pool\n");
+            goto end;
+        }
+    }
+
+    loopargs_len = (async_jobs == 0 ? 1 : async_jobs);
+    loopargs =
+        app_malloc(loopargs_len * sizeof(loopargs_t), "array of loopargs");
+    memset(loopargs, 0, loopargs_len * sizeof(loopargs_t));
+
+    for (i = 0; i < loopargs_len; i++) {
+        if (async_jobs > 0) {
+            loopargs[i].wait_ctx = ASYNC_WAIT_CTX_new();
+            if (loopargs[i].wait_ctx == NULL) {
+                BIO_printf(bio_err, "Error creating the ASYNC_WAIT_CTX\n");
+                goto end;
+            }
+        }
+
+        buflen = lengths[size_num - 1];
+        if (buflen < 36)    /* size of random vector in RSA bencmark */
+            buflen = 36;
+        buflen += MAX_MISALIGNMENT + 1;
+        loopargs[i].buf_malloc = app_malloc(buflen, "input buffer");
+        loopargs[i].buf2_malloc = app_malloc(buflen, "input buffer");
+        memset(loopargs[i].buf_malloc, 0, buflen);
+        memset(loopargs[i].buf2_malloc, 0, buflen);
+
+        /* Align the start of buffers on a 64 byte boundary */
+        loopargs[i].buf = loopargs[i].buf_malloc + misalign;
+        loopargs[i].buf2 = loopargs[i].buf2_malloc + misalign;
+#ifndef OPENSSL_NO_EC
+        loopargs[i].secret_a = app_malloc(MAX_ECDH_SIZE, "ECDH secret a");
+        loopargs[i].secret_b = app_malloc(MAX_ECDH_SIZE, "ECDH secret b");
+#endif
+    }
+
+#ifndef NO_FORK
+    if (multi && do_multi(multi, size_num))
+        goto show_res;
+#endif
+
+    /* Initialize the engine after the fork */
+    e = setup_engine(engine_id, 0);
+
+    /* No parameters; turn on everything. */
+    if ((argc == 0) && !doit[D_EVP]) {
+        for (i = 0; i < ALGOR_NUM; i++)
+            if (i != D_EVP)
+                doit[i] = 1;
+#ifndef OPENSSL_NO_RSA
+        for (i = 0; i < RSA_NUM; i++)
+            rsa_doit[i] = 1;
+#endif
+#ifndef OPENSSL_NO_DSA
+        for (i = 0; i < DSA_NUM; i++)
+            dsa_doit[i] = 1;
+#endif
+#ifndef OPENSSL_NO_EC
+        for (loop = 0; loop < OSSL_NELEM(ecdsa_doit); loop++)
+            ecdsa_doit[loop] = 1;
+        for (loop = 0; loop < OSSL_NELEM(ecdh_doit); loop++)
+            ecdh_doit[loop] = 1;
+        for (loop = 0; loop < OSSL_NELEM(eddsa_doit); loop++)
+            eddsa_doit[loop] = 1;
+#endif
+    }
+    for (i = 0; i < ALGOR_NUM; i++)
+        if (doit[i])
+            pr_header++;
+
+    if (usertime == 0 && !mr)
+        BIO_printf(bio_err,
+                   "You have chosen to measure elapsed time "
+                   "instead of user CPU time.\n");
+
+#ifndef OPENSSL_NO_RSA
+    for (i = 0; i < loopargs_len; i++) {
+        if (primes > RSA_DEFAULT_PRIME_NUM) {
+            /* for multi-prime RSA, skip this */
+            break;
+        }
+        for (k = 0; k < RSA_NUM; k++) {
+            const unsigned char *p;
+
+            p = rsa_data[k];
+            loopargs[i].rsa_key[k] =
+                d2i_RSAPrivateKey(NULL, &p, rsa_data_length[k]);
+            if (loopargs[i].rsa_key[k] == NULL) {
+                BIO_printf(bio_err,
+                           "internal error loading RSA key number %d\n", k);
+                goto end;
+            }
+        }
+    }
+#endif
+#ifndef OPENSSL_NO_DSA
+    for (i = 0; i < loopargs_len; i++) {
+        loopargs[i].dsa_key[0] = get_dsa(512);
+        loopargs[i].dsa_key[1] = get_dsa(1024);
+        loopargs[i].dsa_key[2] = get_dsa(2048);
+    }
+#endif
+#ifndef OPENSSL_NO_DES
+    DES_set_key_unchecked(&key, &sch);
+    DES_set_key_unchecked(&key2, &sch2);
+    DES_set_key_unchecked(&key3, &sch3);
+#endif
+    AES_set_encrypt_key(key16, 128, &aes_ks1);
+    AES_set_encrypt_key(key24, 192, &aes_ks2);
+    AES_set_encrypt_key(key32, 256, &aes_ks3);
+#ifndef OPENSSL_NO_CAMELLIA
+    Camellia_set_key(key16, 128, &camellia_ks1);
+    Camellia_set_key(ckey24, 192, &camellia_ks2);
+    Camellia_set_key(ckey32, 256, &camellia_ks3);
+#endif
+#ifndef OPENSSL_NO_IDEA
+    IDEA_set_encrypt_key(key16, &idea_ks);
+#endif
+#ifndef OPENSSL_NO_SEED
+    SEED_set_key(key16, &seed_ks);
+#endif
+#ifndef OPENSSL_NO_RC4
+    RC4_set_key(&rc4_ks, 16, key16);
+#endif
+#ifndef OPENSSL_NO_RC2
+    RC2_set_key(&rc2_ks, 16, key16, 128);
+#endif
+#ifndef OPENSSL_NO_RC5
+    RC5_32_set_key(&rc5_ks, 16, key16, 12);
+#endif
+#ifndef OPENSSL_NO_BF
+    BF_set_key(&bf_ks, 16, key16);
+#endif
+#ifndef OPENSSL_NO_CAST
+    CAST_set_key(&cast_ks, 16, key16);
+#endif
+#ifndef SIGALRM
+# ifndef OPENSSL_NO_DES
+    BIO_printf(bio_err, "First we calculate the approximate speed ...\n");
+    count = 10;
+    do {
+        long it;
+        count *= 2;
+        Time_F(START);
+        for (it = count; it; it--)
+            DES_ecb_encrypt((DES_cblock *)loopargs[0].buf,
+                            (DES_cblock *)loopargs[0].buf, &sch, DES_ENCRYPT);
+        d = Time_F(STOP);
+    } while (d < 3);
+    save_count = count;
+    c[D_MD2][0] = count / 10;
+    c[D_MDC2][0] = count / 10;
+    c[D_MD4][0] = count;
+    c[D_MD5][0] = count;
+    c[D_HMAC][0] = count;
+    c[D_SHA1][0] = count;
+    c[D_RMD160][0] = count;
+    c[D_RC4][0] = count * 5;
+    c[D_CBC_DES][0] = count;
+    c[D_EDE3_DES][0] = count / 3;
+    c[D_CBC_IDEA][0] = count;
+    c[D_CBC_SEED][0] = count;
+    c[D_CBC_RC2][0] = count;
+    c[D_CBC_RC5][0] = count;
+    c[D_CBC_BF][0] = count;
+    c[D_CBC_CAST][0] = count;
+    c[D_CBC_128_AES][0] = count;
+    c[D_CBC_192_AES][0] = count;
+    c[D_CBC_256_AES][0] = count;
+    c[D_CBC_128_CML][0] = count;
+    c[D_CBC_192_CML][0] = count;
+    c[D_CBC_256_CML][0] = count;
+    c[D_SHA256][0] = count;
+    c[D_SHA512][0] = count;
+    c[D_WHIRLPOOL][0] = count;
+    c[D_IGE_128_AES][0] = count;
+    c[D_IGE_192_AES][0] = count;
+    c[D_IGE_256_AES][0] = count;
+    c[D_GHASH][0] = count;
+    c[D_RAND][0] = count;
+
+    for (i = 1; i < size_num; i++) {
+        long l0, l1;
+
+        l0 = (long)lengths[0];
+        l1 = (long)lengths[i];
+
+        c[D_MD2][i] = c[D_MD2][0] * 4 * l0 / l1;
+        c[D_MDC2][i] = c[D_MDC2][0] * 4 * l0 / l1;
+        c[D_MD4][i] = c[D_MD4][0] * 4 * l0 / l1;
+        c[D_MD5][i] = c[D_MD5][0] * 4 * l0 / l1;
+        c[D_HMAC][i] = c[D_HMAC][0] * 4 * l0 / l1;
+        c[D_SHA1][i] = c[D_SHA1][0] * 4 * l0 / l1;
+        c[D_RMD160][i] = c[D_RMD160][0] * 4 * l0 / l1;
+        c[D_SHA256][i] = c[D_SHA256][0] * 4 * l0 / l1;
+        c[D_SHA512][i] = c[D_SHA512][0] * 4 * l0 / l1;
+        c[D_WHIRLPOOL][i] = c[D_WHIRLPOOL][0] * 4 * l0 / l1;
+        c[D_GHASH][i] = c[D_GHASH][0] * 4 * l0 / l1;
+        c[D_RAND][i] = c[D_RAND][0] * 4 * l0 / l1;
+
+        l0 = (long)lengths[i - 1];
+
+        c[D_RC4][i] = c[D_RC4][i - 1] * l0 / l1;
+        c[D_CBC_DES][i] = c[D_CBC_DES][i - 1] * l0 / l1;
+        c[D_EDE3_DES][i] = c[D_EDE3_DES][i - 1] * l0 / l1;
+        c[D_CBC_IDEA][i] = c[D_CBC_IDEA][i - 1] * l0 / l1;
+        c[D_CBC_SEED][i] = c[D_CBC_SEED][i - 1] * l0 / l1;
+        c[D_CBC_RC2][i] = c[D_CBC_RC2][i - 1] * l0 / l1;
+        c[D_CBC_RC5][i] = c[D_CBC_RC5][i - 1] * l0 / l1;
+        c[D_CBC_BF][i] = c[D_CBC_BF][i - 1] * l0 / l1;
+        c[D_CBC_CAST][i] = c[D_CBC_CAST][i - 1] * l0 / l1;
+        c[D_CBC_128_AES][i] = c[D_CBC_128_AES][i - 1] * l0 / l1;
+        c[D_CBC_192_AES][i] = c[D_CBC_192_AES][i - 1] * l0 / l1;
+        c[D_CBC_256_AES][i] = c[D_CBC_256_AES][i - 1] * l0 / l1;
+        c[D_CBC_128_CML][i] = c[D_CBC_128_CML][i - 1] * l0 / l1;
+        c[D_CBC_192_CML][i] = c[D_CBC_192_CML][i - 1] * l0 / l1;
+        c[D_CBC_256_CML][i] = c[D_CBC_256_CML][i - 1] * l0 / l1;
+        c[D_IGE_128_AES][i] = c[D_IGE_128_AES][i - 1] * l0 / l1;
+        c[D_IGE_192_AES][i] = c[D_IGE_192_AES][i - 1] * l0 / l1;
+        c[D_IGE_256_AES][i] = c[D_IGE_256_AES][i - 1] * l0 / l1;
+    }
+
+#  ifndef OPENSSL_NO_RSA
+    rsa_c[R_RSA_512][0] = count / 2000;
+    rsa_c[R_RSA_512][1] = count / 400;
+    for (i = 1; i < RSA_NUM; i++) {
+        rsa_c[i][0] = rsa_c[i - 1][0] / 8;
+        rsa_c[i][1] = rsa_c[i - 1][1] / 4;
+        if (rsa_doit[i] <= 1 && rsa_c[i][0] == 0)
+            rsa_doit[i] = 0;
+        else {
+            if (rsa_c[i][0] == 0) {
+                rsa_c[i][0] = 1; /* Set minimum iteration Nb to 1. */
+                rsa_c[i][1] = 20;
+            }
+        }
+    }
+#  endif
+
+#  ifndef OPENSSL_NO_DSA
+    dsa_c[R_DSA_512][0] = count / 1000;
+    dsa_c[R_DSA_512][1] = count / 1000 / 2;
+    for (i = 1; i < DSA_NUM; i++) {
+        dsa_c[i][0] = dsa_c[i - 1][0] / 4;
+        dsa_c[i][1] = dsa_c[i - 1][1] / 4;
+        if (dsa_doit[i] <= 1 && dsa_c[i][0] == 0)
+            dsa_doit[i] = 0;
+        else {
+            if (dsa_c[i][0] == 0) {
+                dsa_c[i][0] = 1; /* Set minimum iteration Nb to 1. */
+                dsa_c[i][1] = 1;
+            }
+        }
+    }
+#  endif
+
+#  ifndef OPENSSL_NO_EC
+    ecdsa_c[R_EC_P160][0] = count / 1000;
+    ecdsa_c[R_EC_P160][1] = count / 1000 / 2;
+    for (i = R_EC_P192; i <= R_EC_P521; i++) {
+        ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2;
+        ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2;
+        if (ecdsa_doit[i] <= 1 && ecdsa_c[i][0] == 0)
+            ecdsa_doit[i] = 0;
+        else {
+            if (ecdsa_c[i][0] == 0) {
+                ecdsa_c[i][0] = 1;
+                ecdsa_c[i][1] = 1;
+            }
+        }
+    }
+    ecdsa_c[R_EC_K163][0] = count / 1000;
+    ecdsa_c[R_EC_K163][1] = count / 1000 / 2;
+    for (i = R_EC_K233; i <= R_EC_K571; i++) {
+        ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2;
+        ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2;
+        if (ecdsa_doit[i] <= 1 && ecdsa_c[i][0] == 0)
+            ecdsa_doit[i] = 0;
+        else {
+            if (ecdsa_c[i][0] == 0) {
+                ecdsa_c[i][0] = 1;
+                ecdsa_c[i][1] = 1;
+            }
+        }
+    }
+    ecdsa_c[R_EC_B163][0] = count / 1000;
+    ecdsa_c[R_EC_B163][1] = count / 1000 / 2;
+    for (i = R_EC_B233; i <= R_EC_B571; i++) {
+        ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2;
+        ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2;
+        if (ecdsa_doit[i] <= 1 && ecdsa_c[i][0] == 0)
+            ecdsa_doit[i] = 0;
+        else {
+            if (ecdsa_c[i][0] == 0) {
+                ecdsa_c[i][0] = 1;
+                ecdsa_c[i][1] = 1;
+            }
+        }
+    }
+
+    ecdh_c[R_EC_P160][0] = count / 1000;
+    for (i = R_EC_P192; i <= R_EC_P521; i++) {
+        ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
+        if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0)
+            ecdh_doit[i] = 0;
+        else {
+            if (ecdh_c[i][0] == 0) {
+                ecdh_c[i][0] = 1;
+            }
+        }
+    }
+    ecdh_c[R_EC_K163][0] = count / 1000;
+    for (i = R_EC_K233; i <= R_EC_K571; i++) {
+        ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
+        if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0)
+            ecdh_doit[i] = 0;
+        else {
+            if (ecdh_c[i][0] == 0) {
+                ecdh_c[i][0] = 1;
+            }
+        }
+    }
+    ecdh_c[R_EC_B163][0] = count / 1000;
+    for (i = R_EC_B233; i <= R_EC_B571; i++) {
+        ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
+        if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0)
+            ecdh_doit[i] = 0;
+        else {
+            if (ecdh_c[i][0] == 0) {
+                ecdh_c[i][0] = 1;
+            }
+        }
+    }
+    /* repeated code good to factorize */
+    ecdh_c[R_EC_BRP256R1][0] = count / 1000;
+    for (i = R_EC_BRP384R1; i <= R_EC_BRP512R1; i += 2) {
+        ecdh_c[i][0] = ecdh_c[i - 2][0] / 2;
+        if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0)
+            ecdh_doit[i] = 0;
+        else {
+            if (ecdh_c[i][0] == 0) {
+                ecdh_c[i][0] = 1;
+            }
+        }
+    }
+    ecdh_c[R_EC_BRP256T1][0] = count / 1000;
+    for (i = R_EC_BRP384T1; i <= R_EC_BRP512T1; i += 2) {
+        ecdh_c[i][0] = ecdh_c[i - 2][0] / 2;
+        if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0)
+            ecdh_doit[i] = 0;
+        else {
+            if (ecdh_c[i][0] == 0) {
+                ecdh_c[i][0] = 1;
+            }
+        }
+    }
+    /* default iteration count for the last two EC Curves */
+    ecdh_c[R_EC_X25519][0] = count / 1800;
+    ecdh_c[R_EC_X448][0] = count / 7200;
+
+    eddsa_c[R_EC_Ed25519][0] = count / 1800;
+    eddsa_c[R_EC_Ed448][0] = count / 7200;
+#  endif
+
+# else
+/* not worth fixing */
+#  error "You cannot disable DES on systems without SIGALRM."
+# endif                         /* OPENSSL_NO_DES */
+#elif SIGALRM > 0
+    signal(SIGALRM, alarmed);
+#endif                          /* SIGALRM */
+
+#ifndef OPENSSL_NO_MD2
+    if (doit[D_MD2]) {
+        for (testnum = 0; testnum < size_num; testnum++) {
+            print_message(names[D_MD2], c[D_MD2][testnum], lengths[testnum],
+                          seconds.sym);
+            Time_F(START);
+            count = run_benchmark(async_jobs, EVP_Digest_MD2_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_MD2, testnum, count, d);
+        }
+    }
+#endif
+#ifndef OPENSSL_NO_MDC2
+    if (doit[D_MDC2]) {
+        for (testnum = 0; testnum < size_num; testnum++) {
+            print_message(names[D_MDC2], c[D_MDC2][testnum], lengths[testnum],
+                          seconds.sym);
+            Time_F(START);
+            count = run_benchmark(async_jobs, EVP_Digest_MDC2_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_MDC2, testnum, count, d);
+        }
+    }
+#endif
+
+#ifndef OPENSSL_NO_MD4
+    if (doit[D_MD4]) {
+        for (testnum = 0; testnum < size_num; testnum++) {
+            print_message(names[D_MD4], c[D_MD4][testnum], lengths[testnum],
+                          seconds.sym);
+            Time_F(START);
+            count = run_benchmark(async_jobs, EVP_Digest_MD4_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_MD4, testnum, count, d);
+        }
+    }
+#endif
+
+#ifndef OPENSSL_NO_MD5
+    if (doit[D_MD5]) {
+        for (testnum = 0; testnum < size_num; testnum++) {
+            print_message(names[D_MD5], c[D_MD5][testnum], lengths[testnum],
+                          seconds.sym);
+            Time_F(START);
+            count = run_benchmark(async_jobs, MD5_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_MD5, testnum, count, d);
+        }
+    }
+
+    if (doit[D_HMAC]) {
+        static const char hmac_key[] = "This is a key...";
+        int len = strlen(hmac_key);
+
+        for (i = 0; i < loopargs_len; i++) {
+            loopargs[i].hctx = HMAC_CTX_new();
+            if (loopargs[i].hctx == NULL) {
+                BIO_printf(bio_err, "HMAC malloc failure, exiting...");
+                exit(1);
+            }
+
+            HMAC_Init_ex(loopargs[i].hctx, hmac_key, len, EVP_md5(), NULL);
+        }
+        for (testnum = 0; testnum < size_num; testnum++) {
+            print_message(names[D_HMAC], c[D_HMAC][testnum], lengths[testnum],
+                          seconds.sym);
+            Time_F(START);
+            count = run_benchmark(async_jobs, HMAC_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_HMAC, testnum, count, d);
+        }
+        for (i = 0; i < loopargs_len; i++) {
+            HMAC_CTX_free(loopargs[i].hctx);
+        }
+    }
+#endif
+    if (doit[D_SHA1]) {
+        for (testnum = 0; testnum < size_num; testnum++) {
+            print_message(names[D_SHA1], c[D_SHA1][testnum], lengths[testnum],
+                          seconds.sym);
+            Time_F(START);
+            count = run_benchmark(async_jobs, SHA1_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_SHA1, testnum, count, d);
+        }
+    }
+    if (doit[D_SHA256]) {
+        for (testnum = 0; testnum < size_num; testnum++) {
+            print_message(names[D_SHA256], c[D_SHA256][testnum],
+                          lengths[testnum], seconds.sym);
+            Time_F(START);
+            count = run_benchmark(async_jobs, SHA256_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_SHA256, testnum, count, d);
+        }
+    }
+    if (doit[D_SHA512]) {
+        for (testnum = 0; testnum < size_num; testnum++) {
+            print_message(names[D_SHA512], c[D_SHA512][testnum],
+                          lengths[testnum], seconds.sym);
+            Time_F(START);
+            count = run_benchmark(async_jobs, SHA512_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_SHA512, testnum, count, d);
+        }
+    }
+#ifndef OPENSSL_NO_WHIRLPOOL
+    if (doit[D_WHIRLPOOL]) {
+        for (testnum = 0; testnum < size_num; testnum++) {
+            print_message(names[D_WHIRLPOOL], c[D_WHIRLPOOL][testnum],
+                          lengths[testnum], seconds.sym);
+            Time_F(START);
+            count = run_benchmark(async_jobs, WHIRLPOOL_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_WHIRLPOOL, testnum, count, d);
+        }
+    }
+#endif
+
+#ifndef OPENSSL_NO_RMD160
+    if (doit[D_RMD160]) {
+        for (testnum = 0; testnum < size_num; testnum++) {
+            print_message(names[D_RMD160], c[D_RMD160][testnum],
+                          lengths[testnum], seconds.sym);
+            Time_F(START);
+            count = run_benchmark(async_jobs, EVP_Digest_RMD160_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_RMD160, testnum, count, d);
+        }
+    }
+#endif
+#ifndef OPENSSL_NO_RC4
+    if (doit[D_RC4]) {
+        for (testnum = 0; testnum < size_num; testnum++) {
+            print_message(names[D_RC4], c[D_RC4][testnum], lengths[testnum],
+                          seconds.sym);
+            Time_F(START);
+            count = run_benchmark(async_jobs, RC4_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_RC4, testnum, count, d);
+        }
+    }
+#endif
+#ifndef OPENSSL_NO_DES
+    if (doit[D_CBC_DES]) {
+        for (testnum = 0; testnum < size_num; testnum++) {
+            print_message(names[D_CBC_DES], c[D_CBC_DES][testnum],
+                          lengths[testnum], seconds.sym);
+            Time_F(START);
+            count = run_benchmark(async_jobs, DES_ncbc_encrypt_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_CBC_DES, testnum, count, d);
+        }
+    }
+
+    if (doit[D_EDE3_DES]) {
+        for (testnum = 0; testnum < size_num; testnum++) {
+            print_message(names[D_EDE3_DES], c[D_EDE3_DES][testnum],
+                          lengths[testnum], seconds.sym);
+            Time_F(START);
+            count =
+                run_benchmark(async_jobs, DES_ede3_cbc_encrypt_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_EDE3_DES, testnum, count, d);
+        }
+    }
+#endif
+
+    if (doit[D_CBC_128_AES]) {
+        for (testnum = 0; testnum < size_num; testnum++) {
+            print_message(names[D_CBC_128_AES], c[D_CBC_128_AES][testnum],
+                          lengths[testnum], seconds.sym);
+            Time_F(START);
+            count =
+                run_benchmark(async_jobs, AES_cbc_128_encrypt_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_CBC_128_AES, testnum, count, d);
+        }
+    }
+    if (doit[D_CBC_192_AES]) {
+        for (testnum = 0; testnum < size_num; testnum++) {
+            print_message(names[D_CBC_192_AES], c[D_CBC_192_AES][testnum],
+                          lengths[testnum], seconds.sym);
+            Time_F(START);
+            count =
+                run_benchmark(async_jobs, AES_cbc_192_encrypt_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_CBC_192_AES, testnum, count, d);
+        }
+    }
+    if (doit[D_CBC_256_AES]) {
+        for (testnum = 0; testnum < size_num; testnum++) {
+            print_message(names[D_CBC_256_AES], c[D_CBC_256_AES][testnum],
+                          lengths[testnum], seconds.sym);
+            Time_F(START);
+            count =
+                run_benchmark(async_jobs, AES_cbc_256_encrypt_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_CBC_256_AES, testnum, count, d);
+        }
+    }
+
+    if (doit[D_IGE_128_AES]) {
+        for (testnum = 0; testnum < size_num; testnum++) {
+            print_message(names[D_IGE_128_AES], c[D_IGE_128_AES][testnum],
+                          lengths[testnum], seconds.sym);
+            Time_F(START);
+            count =
+                run_benchmark(async_jobs, AES_ige_128_encrypt_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_IGE_128_AES, testnum, count, d);
+        }
+    }
+    if (doit[D_IGE_192_AES]) {
+        for (testnum = 0; testnum < size_num; testnum++) {
+            print_message(names[D_IGE_192_AES], c[D_IGE_192_AES][testnum],
+                          lengths[testnum], seconds.sym);
+            Time_F(START);
+            count =
+                run_benchmark(async_jobs, AES_ige_192_encrypt_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_IGE_192_AES, testnum, count, d);
+        }
+    }
+    if (doit[D_IGE_256_AES]) {
+        for (testnum = 0; testnum < size_num; testnum++) {
+            print_message(names[D_IGE_256_AES], c[D_IGE_256_AES][testnum],
+                          lengths[testnum], seconds.sym);
+            Time_F(START);
+            count =
+                run_benchmark(async_jobs, AES_ige_256_encrypt_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_IGE_256_AES, testnum, count, d);
+        }
+    }
+    if (doit[D_GHASH]) {
+        for (i = 0; i < loopargs_len; i++) {
+            loopargs[i].gcm_ctx =
+                CRYPTO_gcm128_new(&aes_ks1, (block128_f) AES_encrypt);
+            CRYPTO_gcm128_setiv(loopargs[i].gcm_ctx,
+                                (unsigned char *)"0123456789ab", 12);
+        }
+
+        for (testnum = 0; testnum < size_num; testnum++) {
+            print_message(names[D_GHASH], c[D_GHASH][testnum],
+                          lengths[testnum], seconds.sym);
+            Time_F(START);
+            count = run_benchmark(async_jobs, CRYPTO_gcm128_aad_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_GHASH, testnum, count, d);
+        }
+        for (i = 0; i < loopargs_len; i++)
+            CRYPTO_gcm128_release(loopargs[i].gcm_ctx);
+    }
+#ifndef OPENSSL_NO_CAMELLIA
+    if (doit[D_CBC_128_CML]) {
+        if (async_jobs > 0) {
+            BIO_printf(bio_err, "Async mode is not supported with %s\n",
+                       names[D_CBC_128_CML]);
+            doit[D_CBC_128_CML] = 0;
+        }
+        for (testnum = 0; testnum < size_num && async_init == 0; testnum++) {
+            print_message(names[D_CBC_128_CML], c[D_CBC_128_CML][testnum],
+                          lengths[testnum], seconds.sym);
+            Time_F(START);
+            for (count = 0, run = 1; COND(c[D_CBC_128_CML][testnum]); count++)
+                Camellia_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
+                                     (size_t)lengths[testnum], &camellia_ks1,
+                                     iv, CAMELLIA_ENCRYPT);
+            d = Time_F(STOP);
+            print_result(D_CBC_128_CML, testnum, count, d);
+        }
+    }
+    if (doit[D_CBC_192_CML]) {
+        if (async_jobs > 0) {
+            BIO_printf(bio_err, "Async mode is not supported with %s\n",
+                       names[D_CBC_192_CML]);
+            doit[D_CBC_192_CML] = 0;
+        }
+        for (testnum = 0; testnum < size_num && async_init == 0; testnum++) {
+            print_message(names[D_CBC_192_CML], c[D_CBC_192_CML][testnum],
+                          lengths[testnum], seconds.sym);
+            if (async_jobs > 0) {
+                BIO_printf(bio_err, "Async mode is not supported, exiting...");
+                exit(1);
+            }
+            Time_F(START);
+            for (count = 0, run = 1; COND(c[D_CBC_192_CML][testnum]); count++)
+                Camellia_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
+                                     (size_t)lengths[testnum], &camellia_ks2,
+                                     iv, CAMELLIA_ENCRYPT);
+            d = Time_F(STOP);
+            print_result(D_CBC_192_CML, testnum, count, d);
+        }
+    }
+    if (doit[D_CBC_256_CML]) {
+        if (async_jobs > 0) {
+            BIO_printf(bio_err, "Async mode is not supported with %s\n",
+                       names[D_CBC_256_CML]);
+            doit[D_CBC_256_CML] = 0;
+        }
+        for (testnum = 0; testnum < size_num && async_init == 0; testnum++) {
+            print_message(names[D_CBC_256_CML], c[D_CBC_256_CML][testnum],
+                          lengths[testnum], seconds.sym);
+            Time_F(START);
+            for (count = 0, run = 1; COND(c[D_CBC_256_CML][testnum]); count++)
+                Camellia_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
+                                     (size_t)lengths[testnum], &camellia_ks3,
+                                     iv, CAMELLIA_ENCRYPT);
+            d = Time_F(STOP);
+            print_result(D_CBC_256_CML, testnum, count, d);
+        }
+    }
+#endif
+#ifndef OPENSSL_NO_IDEA
+    if (doit[D_CBC_IDEA]) {
+        if (async_jobs > 0) {
+            BIO_printf(bio_err, "Async mode is not supported with %s\n",
+                       names[D_CBC_IDEA]);
+            doit[D_CBC_IDEA] = 0;
+        }
+        for (testnum = 0; testnum < size_num && async_init == 0; testnum++) {
+            print_message(names[D_CBC_IDEA], c[D_CBC_IDEA][testnum],
+                          lengths[testnum], seconds.sym);
+            Time_F(START);
+            for (count = 0, run = 1; COND(c[D_CBC_IDEA][testnum]); count++)
+                IDEA_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
+                                 (size_t)lengths[testnum], &idea_ks,
+                                 iv, IDEA_ENCRYPT);
+            d = Time_F(STOP);
+            print_result(D_CBC_IDEA, testnum, count, d);
+        }
+    }
+#endif
+#ifndef OPENSSL_NO_SEED
+    if (doit[D_CBC_SEED]) {
+        if (async_jobs > 0) {
+            BIO_printf(bio_err, "Async mode is not supported with %s\n",
+                       names[D_CBC_SEED]);
+            doit[D_CBC_SEED] = 0;
+        }
+        for (testnum = 0; testnum < size_num && async_init == 0; testnum++) {
+            print_message(names[D_CBC_SEED], c[D_CBC_SEED][testnum],
+                          lengths[testnum], seconds.sym);
+            Time_F(START);
+            for (count = 0, run = 1; COND(c[D_CBC_SEED][testnum]); count++)
+                SEED_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
+                                 (size_t)lengths[testnum], &seed_ks, iv, 1);
+            d = Time_F(STOP);
+            print_result(D_CBC_SEED, testnum, count, d);
+        }
+    }
+#endif
+#ifndef OPENSSL_NO_RC2
+    if (doit[D_CBC_RC2]) {
+        if (async_jobs > 0) {
+            BIO_printf(bio_err, "Async mode is not supported with %s\n",
+                       names[D_CBC_RC2]);
+            doit[D_CBC_RC2] = 0;
+        }
+        for (testnum = 0; testnum < size_num && async_init == 0; testnum++) {
+            print_message(names[D_CBC_RC2], c[D_CBC_RC2][testnum],
+                          lengths[testnum], seconds.sym);
+            if (async_jobs > 0) {
+                BIO_printf(bio_err, "Async mode is not supported, exiting...");
+                exit(1);
+            }
+            Time_F(START);
+            for (count = 0, run = 1; COND(c[D_CBC_RC2][testnum]); count++)
+                RC2_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
+                                (size_t)lengths[testnum], &rc2_ks,
+                                iv, RC2_ENCRYPT);
+            d = Time_F(STOP);
+            print_result(D_CBC_RC2, testnum, count, d);
+        }
+    }
+#endif
+#ifndef OPENSSL_NO_RC5
+    if (doit[D_CBC_RC5]) {
+        if (async_jobs > 0) {
+            BIO_printf(bio_err, "Async mode is not supported with %s\n",
+                       names[D_CBC_RC5]);
+            doit[D_CBC_RC5] = 0;
+        }
+        for (testnum = 0; testnum < size_num && async_init == 0; testnum++) {
+            print_message(names[D_CBC_RC5], c[D_CBC_RC5][testnum],
+                          lengths[testnum], seconds.sym);
+            if (async_jobs > 0) {
+                BIO_printf(bio_err, "Async mode is not supported, exiting...");
+                exit(1);
+            }
+            Time_F(START);
+            for (count = 0, run = 1; COND(c[D_CBC_RC5][testnum]); count++)
+                RC5_32_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
+                                   (size_t)lengths[testnum], &rc5_ks,
+                                   iv, RC5_ENCRYPT);
+            d = Time_F(STOP);
+            print_result(D_CBC_RC5, testnum, count, d);
+        }
+    }
+#endif
+#ifndef OPENSSL_NO_BF
+    if (doit[D_CBC_BF]) {
+        if (async_jobs > 0) {
+            BIO_printf(bio_err, "Async mode is not supported with %s\n",
+                       names[D_CBC_BF]);
+            doit[D_CBC_BF] = 0;
+        }
+        for (testnum = 0; testnum < size_num && async_init == 0; testnum++) {
+            print_message(names[D_CBC_BF], c[D_CBC_BF][testnum],
+                          lengths[testnum], seconds.sym);
+            Time_F(START);
+            for (count = 0, run = 1; COND(c[D_CBC_BF][testnum]); count++)
+                BF_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
+                               (size_t)lengths[testnum], &bf_ks,
+                               iv, BF_ENCRYPT);
+            d = Time_F(STOP);
+            print_result(D_CBC_BF, testnum, count, d);
+        }
+    }
+#endif
+#ifndef OPENSSL_NO_CAST
+    if (doit[D_CBC_CAST]) {
+        if (async_jobs > 0) {
+            BIO_printf(bio_err, "Async mode is not supported with %s\n",
+                       names[D_CBC_CAST]);
+            doit[D_CBC_CAST] = 0;
+        }
+        for (testnum = 0; testnum < size_num && async_init == 0; testnum++) {
+            print_message(names[D_CBC_CAST], c[D_CBC_CAST][testnum],
+                          lengths[testnum], seconds.sym);
+            Time_F(START);
+            for (count = 0, run = 1; COND(c[D_CBC_CAST][testnum]); count++)
+                CAST_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
+                                 (size_t)lengths[testnum], &cast_ks,
+                                 iv, CAST_ENCRYPT);
+            d = Time_F(STOP);
+            print_result(D_CBC_CAST, testnum, count, d);
+        }
+    }
+#endif
+    if (doit[D_RAND]) {
+        for (testnum = 0; testnum < size_num; testnum++) {
+            print_message(names[D_RAND], c[D_RAND][testnum], lengths[testnum],
+                          seconds.sym);
+            Time_F(START);
+            count = run_benchmark(async_jobs, RAND_bytes_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_RAND, testnum, count, d);
+        }
+    }
+
+    if (doit[D_EVP]) {
+        if (evp_cipher != NULL) {
+            int (*loopfunc)(void *args) = EVP_Update_loop;
+
+            if (multiblock && (EVP_CIPHER_flags(evp_cipher) &
+                               EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) {
+                multiblock_speed(evp_cipher, lengths_single, &seconds);
+                ret = 0;
+                goto end;
+            }
+
+            names[D_EVP] = OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher));
+
+            if (EVP_CIPHER_mode(evp_cipher) == EVP_CIPH_CCM_MODE) {
+                loopfunc = EVP_Update_loop_ccm;
+            } else if (aead && (EVP_CIPHER_flags(evp_cipher) &
+                                EVP_CIPH_FLAG_AEAD_CIPHER)) {
+                loopfunc = EVP_Update_loop_aead;
+                if (lengths == lengths_list) {
+                    lengths = aead_lengths_list;
+                    size_num = OSSL_NELEM(aead_lengths_list);
+                }
+            }
+
+            for (testnum = 0; testnum < size_num; testnum++) {
+                print_message(names[D_EVP], save_count, lengths[testnum],
+                              seconds.sym);
+
+                for (k = 0; k < loopargs_len; k++) {
+                    loopargs[k].ctx = EVP_CIPHER_CTX_new();
+                    EVP_CipherInit_ex(loopargs[k].ctx, evp_cipher, NULL, NULL,
+                                      iv, decrypt ? 0 : 1);
+
+                    EVP_CIPHER_CTX_set_padding(loopargs[k].ctx, 0);
+
+                    keylen = EVP_CIPHER_CTX_key_length(loopargs[k].ctx);
+                    loopargs[k].key = app_malloc(keylen, "evp_cipher key");
+                    EVP_CIPHER_CTX_rand_key(loopargs[k].ctx, loopargs[k].key);
+                    EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL,
+                                      loopargs[k].key, NULL, -1);
+                    OPENSSL_clear_free(loopargs[k].key, keylen);
+                }
+
+                Time_F(START);
+                count = run_benchmark(async_jobs, loopfunc, loopargs);
+                d = Time_F(STOP);
+                for (k = 0; k < loopargs_len; k++) {
+                    EVP_CIPHER_CTX_free(loopargs[k].ctx);
+                }
+                print_result(D_EVP, testnum, count, d);
+            }
+        } else if (evp_md != NULL) {
+            names[D_EVP] = OBJ_nid2ln(EVP_MD_type(evp_md));
+
+            for (testnum = 0; testnum < size_num; testnum++) {
+                print_message(names[D_EVP], save_count, lengths[testnum],
+                              seconds.sym);
+                Time_F(START);
+                count = run_benchmark(async_jobs, EVP_Digest_loop, loopargs);
+                d = Time_F(STOP);
+                print_result(D_EVP, testnum, count, d);
+            }
+        }
+    }
+
+    for (i = 0; i < loopargs_len; i++)
+        if (RAND_bytes(loopargs[i].buf, 36) <= 0)
+            goto end;
+
+#ifndef OPENSSL_NO_RSA
+    for (testnum = 0; testnum < RSA_NUM; testnum++) {
+        int st = 0;
+        if (!rsa_doit[testnum])
+            continue;
+        for (i = 0; i < loopargs_len; i++) {
+            if (primes > 2) {
+                /* we haven't set keys yet,  generate multi-prime RSA keys */
+                BIGNUM *bn = BN_new();
+
+                if (bn == NULL)
+                    goto end;
+                if (!BN_set_word(bn, RSA_F4)) {
+                    BN_free(bn);
+                    goto end;
+                }
+
+                BIO_printf(bio_err, "Generate multi-prime RSA key for %s\n",
+                           rsa_choices[testnum].name);
+
+                loopargs[i].rsa_key[testnum] = RSA_new();
+                if (loopargs[i].rsa_key[testnum] == NULL) {
+                    BN_free(bn);
+                    goto end;
+                }
+
+                if (!RSA_generate_multi_prime_key(loopargs[i].rsa_key[testnum],
+                                                  rsa_bits[testnum],
+                                                  primes, bn, NULL)) {
+                    BN_free(bn);
+                    goto end;
+                }
+                BN_free(bn);
+            }
+            st = RSA_sign(NID_md5_sha1, loopargs[i].buf, 36, loopargs[i].buf2,
+                          &loopargs[i].siglen, loopargs[i].rsa_key[testnum]);
+            if (st == 0)
+                break;
+        }
+        if (st == 0) {
+            BIO_printf(bio_err,
+                       "RSA sign failure.  No RSA sign will be done.\n");
+            ERR_print_errors(bio_err);
+            rsa_count = 1;
+        } else {
+            pkey_print_message("private", "rsa",
+                               rsa_c[testnum][0], rsa_bits[testnum],
+                               seconds.rsa);
+            /* RSA_blinding_on(rsa_key[testnum],NULL); */
+            Time_F(START);
+            count = run_benchmark(async_jobs, RSA_sign_loop, loopargs);
+            d = Time_F(STOP);
+            BIO_printf(bio_err,
+                       mr ? "+R1:%ld:%d:%.2f\n"
+                       : "%ld %u bits private RSA's in %.2fs\n",
+                       count, rsa_bits[testnum], d);
+            rsa_results[testnum][0] = (double)count / d;
+            rsa_count = count;
+        }
+
+        for (i = 0; i < loopargs_len; i++) {
+            st = RSA_verify(NID_md5_sha1, loopargs[i].buf, 36, loopargs[i].buf2,
+                            loopargs[i].siglen, loopargs[i].rsa_key[testnum]);
+            if (st <= 0)
+                break;
+        }
+        if (st <= 0) {
+            BIO_printf(bio_err,
+                       "RSA verify failure.  No RSA verify will be done.\n");
+            ERR_print_errors(bio_err);
+            rsa_doit[testnum] = 0;
+        } else {
+            pkey_print_message("public", "rsa",
+                               rsa_c[testnum][1], rsa_bits[testnum],
+                               seconds.rsa);
+            Time_F(START);
+            count = run_benchmark(async_jobs, RSA_verify_loop, loopargs);
+            d = Time_F(STOP);
+            BIO_printf(bio_err,
+                       mr ? "+R2:%ld:%d:%.2f\n"
+                       : "%ld %u bits public RSA's in %.2fs\n",
+                       count, rsa_bits[testnum], d);
+            rsa_results[testnum][1] = (double)count / d;
+        }
+
+        if (rsa_count <= 1) {
+            /* if longer than 10s, don't do any more */
+            for (testnum++; testnum < RSA_NUM; testnum++)
+                rsa_doit[testnum] = 0;
+        }
+    }
+#endif                          /* OPENSSL_NO_RSA */
+
+    for (i = 0; i < loopargs_len; i++)
+        if (RAND_bytes(loopargs[i].buf, 36) <= 0)
+            goto end;
+
+#ifndef OPENSSL_NO_DSA
+    for (testnum = 0; testnum < DSA_NUM; testnum++) {
+        int st = 0;
+        if (!dsa_doit[testnum])
+            continue;
+
+        /* DSA_generate_key(dsa_key[testnum]); */
+        /* DSA_sign_setup(dsa_key[testnum],NULL); */
+        for (i = 0; i < loopargs_len; i++) {
+            st = DSA_sign(0, loopargs[i].buf, 20, loopargs[i].buf2,
+                          &loopargs[i].siglen, loopargs[i].dsa_key[testnum]);
+            if (st == 0)
+                break;
+        }
+        if (st == 0) {
+            BIO_printf(bio_err,
+                       "DSA sign failure.  No DSA sign will be done.\n");
+            ERR_print_errors(bio_err);
+            rsa_count = 1;
+        } else {
+            pkey_print_message("sign", "dsa",
+                               dsa_c[testnum][0], dsa_bits[testnum],
+                               seconds.dsa);
+            Time_F(START);
+            count = run_benchmark(async_jobs, DSA_sign_loop, loopargs);
+            d = Time_F(STOP);
+            BIO_printf(bio_err,
+                       mr ? "+R3:%ld:%u:%.2f\n"
+                       : "%ld %u bits DSA signs in %.2fs\n",
+                       count, dsa_bits[testnum], d);
+            dsa_results[testnum][0] = (double)count / d;
+            rsa_count = count;
+        }
+
+        for (i = 0; i < loopargs_len; i++) {
+            st = DSA_verify(0, loopargs[i].buf, 20, loopargs[i].buf2,
+                            loopargs[i].siglen, loopargs[i].dsa_key[testnum]);
+            if (st <= 0)
+                break;
+        }
+        if (st <= 0) {
+            BIO_printf(bio_err,
+                       "DSA verify failure.  No DSA verify will be done.\n");
+            ERR_print_errors(bio_err);
+            dsa_doit[testnum] = 0;
+        } else {
+            pkey_print_message("verify", "dsa",
+                               dsa_c[testnum][1], dsa_bits[testnum],
+                               seconds.dsa);
+            Time_F(START);
+            count = run_benchmark(async_jobs, DSA_verify_loop, loopargs);
+            d = Time_F(STOP);
+            BIO_printf(bio_err,
+                       mr ? "+R4:%ld:%u:%.2f\n"
+                       : "%ld %u bits DSA verify in %.2fs\n",
+                       count, dsa_bits[testnum], d);
+            dsa_results[testnum][1] = (double)count / d;
+        }
+
+        if (rsa_count <= 1) {
+            /* if longer than 10s, don't do any more */
+            for (testnum++; testnum < DSA_NUM; testnum++)
+                dsa_doit[testnum] = 0;
+        }
+    }
+#endif                          /* OPENSSL_NO_DSA */
+
+#ifndef OPENSSL_NO_EC
+    for (testnum = 0; testnum < ECDSA_NUM; testnum++) {
+        int st = 1;
+
+        if (!ecdsa_doit[testnum])
+            continue;           /* Ignore Curve */
+        for (i = 0; i < loopargs_len; i++) {
+            loopargs[i].ecdsa[testnum] =
+                EC_KEY_new_by_curve_name(test_curves[testnum].nid);
+            if (loopargs[i].ecdsa[testnum] == NULL) {
+                st = 0;
+                break;
+            }
+        }
+        if (st == 0) {
+            BIO_printf(bio_err, "ECDSA failure.\n");
+            ERR_print_errors(bio_err);
+            rsa_count = 1;
+        } else {
+            for (i = 0; i < loopargs_len; i++) {
+                EC_KEY_precompute_mult(loopargs[i].ecdsa[testnum], NULL);
+                /* Perform ECDSA signature test */
+                EC_KEY_generate_key(loopargs[i].ecdsa[testnum]);
+                st = ECDSA_sign(0, loopargs[i].buf, 20, loopargs[i].buf2,
+                                &loopargs[i].siglen,
+                                loopargs[i].ecdsa[testnum]);
+                if (st == 0)
+                    break;
+            }
+            if (st == 0) {
+                BIO_printf(bio_err,
+                           "ECDSA sign failure.  No ECDSA sign will be done.\n");
+                ERR_print_errors(bio_err);
+                rsa_count = 1;
+            } else {
+                pkey_print_message("sign", "ecdsa",
+                                   ecdsa_c[testnum][0],
+                                   test_curves[testnum].bits, seconds.ecdsa);
+                Time_F(START);
+                count = run_benchmark(async_jobs, ECDSA_sign_loop, loopargs);
+                d = Time_F(STOP);
+
+                BIO_printf(bio_err,
+                           mr ? "+R5:%ld:%u:%.2f\n" :
+                           "%ld %u bits ECDSA signs in %.2fs \n",
+                           count, test_curves[testnum].bits, d);
+                ecdsa_results[testnum][0] = (double)count / d;
+                rsa_count = count;
+            }
+
+            /* Perform ECDSA verification test */
+            for (i = 0; i < loopargs_len; i++) {
+                st = ECDSA_verify(0, loopargs[i].buf, 20, loopargs[i].buf2,
+                                  loopargs[i].siglen,
+                                  loopargs[i].ecdsa[testnum]);
+                if (st != 1)
+                    break;
+            }
+            if (st != 1) {
+                BIO_printf(bio_err,
+                           "ECDSA verify failure.  No ECDSA verify will be done.\n");
+                ERR_print_errors(bio_err);
+                ecdsa_doit[testnum] = 0;
+            } else {
+                pkey_print_message("verify", "ecdsa",
+                                   ecdsa_c[testnum][1],
+                                   test_curves[testnum].bits, seconds.ecdsa);
+                Time_F(START);
+                count = run_benchmark(async_jobs, ECDSA_verify_loop, loopargs);
+                d = Time_F(STOP);
+                BIO_printf(bio_err,
+                           mr ? "+R6:%ld:%u:%.2f\n"
+                           : "%ld %u bits ECDSA verify in %.2fs\n",
+                           count, test_curves[testnum].bits, d);
+                ecdsa_results[testnum][1] = (double)count / d;
+            }
+
+            if (rsa_count <= 1) {
+                /* if longer than 10s, don't do any more */
+                for (testnum++; testnum < ECDSA_NUM; testnum++)
+                    ecdsa_doit[testnum] = 0;
+            }
+        }
+    }
+
+    for (testnum = 0; testnum < EC_NUM; testnum++) {
+        int ecdh_checks = 1;
+
+        if (!ecdh_doit[testnum])
+            continue;
+
+        for (i = 0; i < loopargs_len; i++) {
+            EVP_PKEY_CTX *kctx = NULL;
+            EVP_PKEY_CTX *test_ctx = NULL;
+            EVP_PKEY_CTX *ctx = NULL;
+            EVP_PKEY *key_A = NULL;
+            EVP_PKEY *key_B = NULL;
+            size_t outlen;
+            size_t test_outlen;
+
+            /* Ensure that the error queue is empty */
+            if (ERR_peek_error()) {
+                BIO_printf(bio_err,
+                           "WARNING: the error queue contains previous unhandled errors.\n");
+                ERR_print_errors(bio_err);
+            }
+
+            /* Let's try to create a ctx directly from the NID: this works for
+             * curves like Curve25519 that are not implemented through the low
+             * level EC interface.
+             * If this fails we try creating a EVP_PKEY_EC generic param ctx,
+             * then we set the curve by NID before deriving the actual keygen
+             * ctx for that specific curve. */
+            kctx = EVP_PKEY_CTX_new_id(test_curves[testnum].nid, NULL); /* keygen ctx from NID */
+            if (!kctx) {
+                EVP_PKEY_CTX *pctx = NULL;
+                EVP_PKEY *params = NULL;
+
+                /* If we reach this code EVP_PKEY_CTX_new_id() failed and a
+                 * "int_ctx_new:unsupported algorithm" error was added to the
+                 * error queue.
+                 * We remove it from the error queue as we are handling it. */
+                unsigned long error = ERR_peek_error(); /* peek the latest error in the queue */
+                if (error == ERR_peek_last_error() && /* oldest and latest errors match */
+                    /* check that the error origin matches */
+                    ERR_GET_LIB(error) == ERR_LIB_EVP &&
+                    ERR_GET_FUNC(error) == EVP_F_INT_CTX_NEW &&
+                    ERR_GET_REASON(error) == EVP_R_UNSUPPORTED_ALGORITHM)
+                    ERR_get_error(); /* pop error from queue */
+                if (ERR_peek_error()) {
+                    BIO_printf(bio_err,
+                               "Unhandled error in the error queue during ECDH init.\n");
+                    ERR_print_errors(bio_err);
+                    rsa_count = 1;
+                    break;
+                }
+
+                if (            /* Create the context for parameter generation */
+                       !(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL)) ||
+                       /* Initialise the parameter generation */
+                       !EVP_PKEY_paramgen_init(pctx) ||
+                       /* Set the curve by NID */
+                       !EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx,
+                                                               test_curves
+                                                               [testnum].nid) ||
+                       /* Create the parameter object params */
+                       !EVP_PKEY_paramgen(pctx, &params)) {
+                    ecdh_checks = 0;
+                    BIO_printf(bio_err, "ECDH EC params init failure.\n");
+                    ERR_print_errors(bio_err);
+                    rsa_count = 1;
+                    break;
+                }
+                /* Create the context for the key generation */
+                kctx = EVP_PKEY_CTX_new(params, NULL);
+
+                EVP_PKEY_free(params);
+                params = NULL;
+                EVP_PKEY_CTX_free(pctx);
+                pctx = NULL;
+            }
+            if (kctx == NULL ||      /* keygen ctx is not null */
+                !EVP_PKEY_keygen_init(kctx) /* init keygen ctx */ ) {
+                ecdh_checks = 0;
+                BIO_printf(bio_err, "ECDH keygen failure.\n");
+                ERR_print_errors(bio_err);
+                rsa_count = 1;
+                break;
+            }
+
+            if (!EVP_PKEY_keygen(kctx, &key_A) || /* generate secret key A */
+                !EVP_PKEY_keygen(kctx, &key_B) || /* generate secret key B */
+                !(ctx = EVP_PKEY_CTX_new(key_A, NULL)) || /* derivation ctx from skeyA */
+                !EVP_PKEY_derive_init(ctx) || /* init derivation ctx */
+                !EVP_PKEY_derive_set_peer(ctx, key_B) || /* set peer pubkey in ctx */
+                !EVP_PKEY_derive(ctx, NULL, &outlen) || /* determine max length */
+                outlen == 0 ||  /* ensure outlen is a valid size */
+                outlen > MAX_ECDH_SIZE /* avoid buffer overflow */ ) {
+                ecdh_checks = 0;
+                BIO_printf(bio_err, "ECDH key generation failure.\n");
+                ERR_print_errors(bio_err);
+                rsa_count = 1;
+                break;
+            }
+
+            /* Here we perform a test run, comparing the output of a*B and b*A;
+             * we try this here and assume that further EVP_PKEY_derive calls
+             * never fail, so we can skip checks in the actually benchmarked
+             * code, for maximum performance. */
+            if (!(test_ctx = EVP_PKEY_CTX_new(key_B, NULL)) || /* test ctx from skeyB */
+                !EVP_PKEY_derive_init(test_ctx) || /* init derivation test_ctx */
+                !EVP_PKEY_derive_set_peer(test_ctx, key_A) || /* set peer pubkey in test_ctx */
+                !EVP_PKEY_derive(test_ctx, NULL, &test_outlen) || /* determine max length */
+                !EVP_PKEY_derive(ctx, loopargs[i].secret_a, &outlen) || /* compute a*B */
+                !EVP_PKEY_derive(test_ctx, loopargs[i].secret_b, &test_outlen) || /* compute b*A */
+                test_outlen != outlen /* compare output length */ ) {
+                ecdh_checks = 0;
+                BIO_printf(bio_err, "ECDH computation failure.\n");
+                ERR_print_errors(bio_err);
+                rsa_count = 1;
+                break;
+            }
+
+            /* Compare the computation results: CRYPTO_memcmp() returns 0 if equal */
+            if (CRYPTO_memcmp(loopargs[i].secret_a,
+                              loopargs[i].secret_b, outlen)) {
+                ecdh_checks = 0;
+                BIO_printf(bio_err, "ECDH computations don't match.\n");
+                ERR_print_errors(bio_err);
+                rsa_count = 1;
+                break;
+            }
+
+            loopargs[i].ecdh_ctx[testnum] = ctx;
+            loopargs[i].outlen[testnum] = outlen;
+
+            EVP_PKEY_free(key_A);
+            EVP_PKEY_free(key_B);
+            EVP_PKEY_CTX_free(kctx);
+            kctx = NULL;
+            EVP_PKEY_CTX_free(test_ctx);
+            test_ctx = NULL;
+        }
+        if (ecdh_checks != 0) {
+            pkey_print_message("", "ecdh",
+                               ecdh_c[testnum][0],
+                               test_curves[testnum].bits, seconds.ecdh);
+            Time_F(START);
+            count =
+                run_benchmark(async_jobs, ECDH_EVP_derive_key_loop, loopargs);
+            d = Time_F(STOP);
+            BIO_printf(bio_err,
+                       mr ? "+R7:%ld:%d:%.2f\n" :
+                       "%ld %u-bits ECDH ops in %.2fs\n", count,
+                       test_curves[testnum].bits, d);
+            ecdh_results[testnum][0] = (double)count / d;
+            rsa_count = count;
+        }
+
+        if (rsa_count <= 1) {
+            /* if longer than 10s, don't do any more */
+            for (testnum++; testnum < OSSL_NELEM(ecdh_doit); testnum++)
+                ecdh_doit[testnum] = 0;
+        }
+    }
+
+    for (testnum = 0; testnum < EdDSA_NUM; testnum++) {
+        int st = 1;
+        EVP_PKEY *ed_pkey = NULL;
+        EVP_PKEY_CTX *ed_pctx = NULL;
+
+        if (!eddsa_doit[testnum])
+            continue;           /* Ignore Curve */
+        for (i = 0; i < loopargs_len; i++) {
+            loopargs[i].eddsa_ctx[testnum] = EVP_MD_CTX_new();
+            if (loopargs[i].eddsa_ctx[testnum] == NULL) {
+                st = 0;
+                break;
+            }
+
+            if ((ed_pctx = EVP_PKEY_CTX_new_id(test_ed_curves[testnum].nid, NULL))
+                    == NULL
+                || !EVP_PKEY_keygen_init(ed_pctx)
+                || !EVP_PKEY_keygen(ed_pctx, &ed_pkey)) {
+                st = 0;
+                EVP_PKEY_CTX_free(ed_pctx);
+                break;
+            }
+            EVP_PKEY_CTX_free(ed_pctx);
+
+            if (!EVP_DigestSignInit(loopargs[i].eddsa_ctx[testnum], NULL, NULL,
+                                    NULL, ed_pkey)) {
+                st = 0;
+                EVP_PKEY_free(ed_pkey);
+                break;
+            }
+            EVP_PKEY_free(ed_pkey);
+        }
+        if (st == 0) {
+            BIO_printf(bio_err, "EdDSA failure.\n");
+            ERR_print_errors(bio_err);
+            rsa_count = 1;
+        } else {
+            for (i = 0; i < loopargs_len; i++) {
+                /* Perform EdDSA signature test */
+                loopargs[i].sigsize = test_ed_curves[testnum].sigsize;
+                st = EVP_DigestSign(loopargs[i].eddsa_ctx[testnum],
+                                    loopargs[i].buf2, &loopargs[i].sigsize,
+                                    loopargs[i].buf, 20);
+                if (st == 0)
+                    break;
+            }
+            if (st == 0) {
+                BIO_printf(bio_err,
+                           "EdDSA sign failure.  No EdDSA sign will be done.\n");
+                ERR_print_errors(bio_err);
+                rsa_count = 1;
+            } else {
+                pkey_print_message("sign", test_ed_curves[testnum].name,
+                                   eddsa_c[testnum][0],
+                                   test_ed_curves[testnum].bits, seconds.eddsa);
+                Time_F(START);
+                count = run_benchmark(async_jobs, EdDSA_sign_loop, loopargs);
+                d = Time_F(STOP);
+
+                BIO_printf(bio_err,
+                           mr ? "+R8:%ld:%u:%s:%.2f\n" :
+                           "%ld %u bits %s signs in %.2fs \n",
+                           count, test_ed_curves[testnum].bits,
+                           test_ed_curves[testnum].name, d);
+                eddsa_results[testnum][0] = (double)count / d;
+                rsa_count = count;
+            }
+
+            /* Perform EdDSA verification test */
+            for (i = 0; i < loopargs_len; i++) {
+                st = EVP_DigestVerify(loopargs[i].eddsa_ctx[testnum],
+                                      loopargs[i].buf2, loopargs[i].sigsize,
+                                      loopargs[i].buf, 20);
+                if (st != 1)
+                    break;
+            }
+            if (st != 1) {
+                BIO_printf(bio_err,
+                           "EdDSA verify failure.  No EdDSA verify will be done.\n");
+                ERR_print_errors(bio_err);
+                eddsa_doit[testnum] = 0;
+            } else {
+                pkey_print_message("verify", test_ed_curves[testnum].name,
+                                   eddsa_c[testnum][1],
+                                   test_ed_curves[testnum].bits, seconds.eddsa);
+                Time_F(START);
+                count = run_benchmark(async_jobs, EdDSA_verify_loop, loopargs);
+                d = Time_F(STOP);
+                BIO_printf(bio_err,
+                           mr ? "+R9:%ld:%u:%s:%.2f\n"
+                           : "%ld %u bits %s verify in %.2fs\n",
+                           count, test_ed_curves[testnum].bits,
+                           test_ed_curves[testnum].name, d);
+                eddsa_results[testnum][1] = (double)count / d;
+            }
+
+            if (rsa_count <= 1) {
+                /* if longer than 10s, don't do any more */
+                for (testnum++; testnum < EdDSA_NUM; testnum++)
+                    eddsa_doit[testnum] = 0;
+            }
+        }
+    }
+
+#endif                          /* OPENSSL_NO_EC */
+#ifndef NO_FORK
+ show_res:
+#endif
+    if (!mr) {
+        printf("%s\n", OpenSSL_version(OPENSSL_VERSION));
+        printf("%s\n", OpenSSL_version(OPENSSL_BUILT_ON));
+        printf("options:");
+        printf("%s ", BN_options());
+#ifndef OPENSSL_NO_MD2
+        printf("%s ", MD2_options());
+#endif
+#ifndef OPENSSL_NO_RC4
+        printf("%s ", RC4_options());
+#endif
+#ifndef OPENSSL_NO_DES
+        printf("%s ", DES_options());
+#endif
+        printf("%s ", AES_options());
+#ifndef OPENSSL_NO_IDEA
+        printf("%s ", IDEA_options());
+#endif
+#ifndef OPENSSL_NO_BF
+        printf("%s ", BF_options());
+#endif
+        printf("\n%s\n", OpenSSL_version(OPENSSL_CFLAGS));
+    }
+
+    if (pr_header) {
+        if (mr)
+            printf("+H");
+        else {
+            printf
+                ("The 'numbers' are in 1000s of bytes per second processed.\n");
+            printf("type        ");
+        }
+        for (testnum = 0; testnum < size_num; testnum++)
+            printf(mr ? ":%d" : "%7d bytes", lengths[testnum]);
+        printf("\n");
+    }
+
+    for (k = 0; k < ALGOR_NUM; k++) {
+        if (!doit[k])
+            continue;
+        if (mr)
+            printf("+F:%u:%s", k, names[k]);
+        else
+            printf("%-13s", names[k]);
+        for (testnum = 0; testnum < size_num; testnum++) {
+            if (results[k][testnum] > 10000 && !mr)
+                printf(" %11.2fk", results[k][testnum] / 1e3);
+            else
+                printf(mr ? ":%.2f" : " %11.2f ", results[k][testnum]);
+        }
+        printf("\n");
+    }
+#ifndef OPENSSL_NO_RSA
+    testnum = 1;
+    for (k = 0; k < RSA_NUM; k++) {
+        if (!rsa_doit[k])
+            continue;
+        if (testnum && !mr) {
+            printf("%18ssign    verify    sign/s verify/s\n", " ");
+            testnum = 0;
+        }
+        if (mr)
+            printf("+F2:%u:%u:%f:%f\n",
+                   k, rsa_bits[k], rsa_results[k][0], rsa_results[k][1]);
+        else
+            printf("rsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
+                   rsa_bits[k], 1.0 / rsa_results[k][0], 1.0 / rsa_results[k][1],
+                   rsa_results[k][0], rsa_results[k][1]);
+    }
+#endif
+#ifndef OPENSSL_NO_DSA
+    testnum = 1;
+    for (k = 0; k < DSA_NUM; k++) {
+        if (!dsa_doit[k])
+            continue;
+        if (testnum && !mr) {
+            printf("%18ssign    verify    sign/s verify/s\n", " ");
+            testnum = 0;
+        }
+        if (mr)
+            printf("+F3:%u:%u:%f:%f\n",
+                   k, dsa_bits[k], dsa_results[k][0], dsa_results[k][1]);
+        else
+            printf("dsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
+                   dsa_bits[k], 1.0 / dsa_results[k][0], 1.0 / dsa_results[k][1],
+                   dsa_results[k][0], dsa_results[k][1]);
+    }
+#endif
+#ifndef OPENSSL_NO_EC
+    testnum = 1;
+    for (k = 0; k < OSSL_NELEM(ecdsa_doit); k++) {
+        if (!ecdsa_doit[k])
+            continue;
+        if (testnum && !mr) {
+            printf("%30ssign    verify    sign/s verify/s\n", " ");
+            testnum = 0;
+        }
+
+        if (mr)
+            printf("+F4:%u:%u:%f:%f\n",
+                   k, test_curves[k].bits,
+                   ecdsa_results[k][0], ecdsa_results[k][1]);
+        else
+            printf("%4u bits ecdsa (%s) %8.4fs %8.4fs %8.1f %8.1f\n",
+                   test_curves[k].bits, test_curves[k].name,
+                   1.0 / ecdsa_results[k][0], 1.0 / ecdsa_results[k][1],
+                   ecdsa_results[k][0], ecdsa_results[k][1]);
+    }
+
+    testnum = 1;
+    for (k = 0; k < EC_NUM; k++) {
+        if (!ecdh_doit[k])
+            continue;
+        if (testnum && !mr) {
+            printf("%30sop      op/s\n", " ");
+            testnum = 0;
+        }
+        if (mr)
+            printf("+F5:%u:%u:%f:%f\n",
+                   k, test_curves[k].bits,
+                   ecdh_results[k][0], 1.0 / ecdh_results[k][0]);
+
+        else
+            printf("%4u bits ecdh (%s) %8.4fs %8.1f\n",
+                   test_curves[k].bits, test_curves[k].name,
+                   1.0 / ecdh_results[k][0], ecdh_results[k][0]);
+    }
+
+    testnum = 1;
+    for (k = 0; k < OSSL_NELEM(eddsa_doit); k++) {
+        if (!eddsa_doit[k])
+            continue;
+        if (testnum && !mr) {
+            printf("%30ssign    verify    sign/s verify/s\n", " ");
+            testnum = 0;
+        }
+
+        if (mr)
+            printf("+F6:%u:%u:%s:%f:%f\n",
+                   k, test_ed_curves[k].bits, test_ed_curves[k].name,
+                   eddsa_results[k][0], eddsa_results[k][1]);
+        else
+            printf("%4u bits EdDSA (%s) %8.4fs %8.4fs %8.1f %8.1f\n",
+                   test_ed_curves[k].bits, test_ed_curves[k].name,
+                   1.0 / eddsa_results[k][0], 1.0 / eddsa_results[k][1],
+                   eddsa_results[k][0], eddsa_results[k][1]);
+    }
+#endif
+
+    ret = 0;
+
+ end:
+    ERR_print_errors(bio_err);
+    for (i = 0; i < loopargs_len; i++) {
+        OPENSSL_free(loopargs[i].buf_malloc);
+        OPENSSL_free(loopargs[i].buf2_malloc);
+
+#ifndef OPENSSL_NO_RSA
+        for (k = 0; k < RSA_NUM; k++)
+            RSA_free(loopargs[i].rsa_key[k]);
+#endif
+#ifndef OPENSSL_NO_DSA
+        for (k = 0; k < DSA_NUM; k++)
+            DSA_free(loopargs[i].dsa_key[k]);
+#endif
+#ifndef OPENSSL_NO_EC
+        for (k = 0; k < ECDSA_NUM; k++)
+            EC_KEY_free(loopargs[i].ecdsa[k]);
+        for (k = 0; k < EC_NUM; k++)
+            EVP_PKEY_CTX_free(loopargs[i].ecdh_ctx[k]);
+        for (k = 0; k < EdDSA_NUM; k++)
+            EVP_MD_CTX_free(loopargs[i].eddsa_ctx[k]);
+        OPENSSL_free(loopargs[i].secret_a);
+        OPENSSL_free(loopargs[i].secret_b);
+#endif
+    }
+
+    if (async_jobs > 0) {
+        for (i = 0; i < loopargs_len; i++)
+            ASYNC_WAIT_CTX_free(loopargs[i].wait_ctx);
+    }
+
+    if (async_init) {
+        ASYNC_cleanup_thread();
+    }
+    OPENSSL_free(loopargs);
+    release_engine(e);
+    return ret;
+}
+
+static void print_message(const char *s, long num, int length, int tm)
+{
+#ifdef SIGALRM
+    BIO_printf(bio_err,
+               mr ? "+DT:%s:%d:%d\n"
+               : "Doing %s for %ds on %d size blocks: ", s, tm, length);
+    (void)BIO_flush(bio_err);
+    alarm(tm);
+#else
+    BIO_printf(bio_err,
+               mr ? "+DN:%s:%ld:%d\n"
+               : "Doing %s %ld times on %d size blocks: ", s, num, length);
+    (void)BIO_flush(bio_err);
+#endif
+}
+
+static void pkey_print_message(const char *str, const char *str2, long num,
+                               unsigned int bits, int tm)
+{
+#ifdef SIGALRM
+    BIO_printf(bio_err,
+               mr ? "+DTP:%d:%s:%s:%d\n"
+               : "Doing %u bits %s %s's for %ds: ", bits, str, str2, tm);
+    (void)BIO_flush(bio_err);
+    alarm(tm);
+#else
+    BIO_printf(bio_err,
+               mr ? "+DNP:%ld:%d:%s:%s\n"
+               : "Doing %ld %u bits %s %s's: ", num, bits, str, str2);
+    (void)BIO_flush(bio_err);
+#endif
+}
+
+static void print_result(int alg, int run_no, int count, double time_used)
+{
+    if (count == -1) {
+        BIO_puts(bio_err, "EVP error!\n");
+        exit(1);
+    }
+    BIO_printf(bio_err,
+               mr ? "+R:%d:%s:%f\n"
+               : "%d %s's in %.2fs\n", count, names[alg], time_used);
+    results[alg][run_no] = ((double)count) / time_used * lengths[run_no];
+}
+
+#ifndef NO_FORK
+static char *sstrsep(char **string, const char *delim)
+{
+    char isdelim[256];
+    char *token = *string;
+
+    if (**string == 0)
+        return NULL;
+
+    memset(isdelim, 0, sizeof(isdelim));
+    isdelim[0] = 1;
+
+    while (*delim) {
+        isdelim[(unsigned char)(*delim)] = 1;
+        delim++;
+    }
+
+    while (!isdelim[(unsigned char)(**string)]) {
+        (*string)++;
+    }
+
+    if (**string) {
+        **string = 0;
+        (*string)++;
+    }
+
+    return token;
+}
+
+static int do_multi(int multi, int size_num)
+{
+    int n;
+    int fd[2];
+    int *fds;
+    static char sep[] = ":";
+
+    fds = app_malloc(sizeof(*fds) * multi, "fd buffer for do_multi");
+    for (n = 0; n < multi; ++n) {
+        if (pipe(fd) == -1) {
+            BIO_printf(bio_err, "pipe failure\n");
+            exit(1);
+        }
+        fflush(stdout);
+        (void)BIO_flush(bio_err);
+        if (fork()) {
+            close(fd[1]);
+            fds[n] = fd[0];
+        } else {
+            close(fd[0]);
+            close(1);
+            if (dup(fd[1]) == -1) {
+                BIO_printf(bio_err, "dup failed\n");
+                exit(1);
+            }
+            close(fd[1]);
+            mr = 1;
+            usertime = 0;
+            free(fds);
+            return 0;
+        }
+        printf("Forked child %d\n", n);
+    }
+
+    /* for now, assume the pipe is long enough to take all the output */
+    for (n = 0; n < multi; ++n) {
+        FILE *f;
+        char buf[1024];
+        char *p;
+
+        f = fdopen(fds[n], "r");
+        while (fgets(buf, sizeof(buf), f)) {
+            p = strchr(buf, '\n');
+            if (p)
+                *p = '\0';
+            if (buf[0] != '+') {
+                BIO_printf(bio_err,
+                           "Don't understand line '%s' from child %d\n", buf,
+                           n);
+                continue;
+            }
+            printf("Got: %s from %d\n", buf, n);
+            if (strncmp(buf, "+F:", 3) == 0) {
+                int alg;
+                int j;
+
+                p = buf + 3;
+                alg = atoi(sstrsep(&p, sep));
+                sstrsep(&p, sep);
+                for (j = 0; j < size_num; ++j)
+                    results[alg][j] += atof(sstrsep(&p, sep));
+            } else if (strncmp(buf, "+F2:", 4) == 0) {
+                int k;
+                double d;
+
+                p = buf + 4;
+                k = atoi(sstrsep(&p, sep));
+                sstrsep(&p, sep);
+
+                d = atof(sstrsep(&p, sep));
+                rsa_results[k][0] += d;
+
+                d = atof(sstrsep(&p, sep));
+                rsa_results[k][1] += d;
+            }
+# ifndef OPENSSL_NO_DSA
+            else if (strncmp(buf, "+F3:", 4) == 0) {
+                int k;
+                double d;
+
+                p = buf + 4;
+                k = atoi(sstrsep(&p, sep));
+                sstrsep(&p, sep);
+
+                d = atof(sstrsep(&p, sep));
+                dsa_results[k][0] += d;
+
+                d = atof(sstrsep(&p, sep));
+                dsa_results[k][1] += d;
+            }
+# endif
+# ifndef OPENSSL_NO_EC
+            else if (strncmp(buf, "+F4:", 4) == 0) {
+                int k;
+                double d;
+
+                p = buf + 4;
+                k = atoi(sstrsep(&p, sep));
+                sstrsep(&p, sep);
+
+                d = atof(sstrsep(&p, sep));
+                ecdsa_results[k][0] += d;
+
+                d = atof(sstrsep(&p, sep));
+                ecdsa_results[k][1] += d;
+            } else if (strncmp(buf, "+F5:", 4) == 0) {
+                int k;
+                double d;
+
+                p = buf + 4;
+                k = atoi(sstrsep(&p, sep));
+                sstrsep(&p, sep);
+
+                d = atof(sstrsep(&p, sep));
+                ecdh_results[k][0] += d;
+            } else if (strncmp(buf, "+F6:", 4) == 0) {
+                int k;
+                double d;
+
+                p = buf + 4;
+                k = atoi(sstrsep(&p, sep));
+                sstrsep(&p, sep);
+
+                d = atof(sstrsep(&p, sep));
+                eddsa_results[k][0] += d;
+
+                d = atof(sstrsep(&p, sep));
+                eddsa_results[k][1] += d;
+            }
+# endif
+
+            else if (strncmp(buf, "+H:", 3) == 0) {
+                ;
+            } else
+                BIO_printf(bio_err, "Unknown type '%s' from child %d\n", buf,
+                           n);
+        }
+
+        fclose(f);
+    }
+    free(fds);
+    return 1;
+}
+#endif
+
+static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single,
+                             const openssl_speed_sec_t *seconds)
+{
+    static const int mblengths_list[] =
+        { 8 * 1024, 2 * 8 * 1024, 4 * 8 * 1024, 8 * 8 * 1024, 8 * 16 * 1024 };
+    const int *mblengths = mblengths_list;
+    int j, count, keylen, num = OSSL_NELEM(mblengths_list);
+    const char *alg_name;
+    unsigned char *inp, *out, *key, no_key[32], no_iv[16];
+    EVP_CIPHER_CTX *ctx;
+    double d = 0.0;
+
+    if (lengths_single) {
+        mblengths = &lengths_single;
+        num = 1;
+    }
+
+    inp = app_malloc(mblengths[num - 1], "multiblock input buffer");
+    out = app_malloc(mblengths[num - 1] + 1024, "multiblock output buffer");
+    ctx = EVP_CIPHER_CTX_new();
+    EVP_EncryptInit_ex(ctx, evp_cipher, NULL, NULL, no_iv);
+
+    keylen = EVP_CIPHER_CTX_key_length(ctx);
+    key = app_malloc(keylen, "evp_cipher key");
+    EVP_CIPHER_CTX_rand_key(ctx, key);
+    EVP_EncryptInit_ex(ctx, NULL, NULL, key, NULL);
+    OPENSSL_clear_free(key, keylen);
+
+    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY, sizeof(no_key), no_key);
+    alg_name = OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher));
+
+    for (j = 0; j < num; j++) {
+        print_message(alg_name, 0, mblengths[j], seconds->sym);
+        Time_F(START);
+        for (count = 0, run = 1; run && count < 0x7fffffff; count++) {
+            unsigned char aad[EVP_AEAD_TLS1_AAD_LEN];
+            EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param;
+            size_t len = mblengths[j];
+            int packlen;
+
+            memset(aad, 0, 8);  /* avoid uninitialized values */
+            aad[8] = 23;        /* SSL3_RT_APPLICATION_DATA */
+            aad[9] = 3;         /* version */
+            aad[10] = 2;
+            aad[11] = 0;        /* length */
+            aad[12] = 0;
+            mb_param.out = NULL;
+            mb_param.inp = aad;
+            mb_param.len = len;
+            mb_param.interleave = 8;
+
+            packlen = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_TLS1_1_MULTIBLOCK_AAD,
+                                          sizeof(mb_param), &mb_param);
+
+            if (packlen > 0) {
+                mb_param.out = out;
+                mb_param.inp = inp;
+                mb_param.len = len;
+                EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT,
+                                    sizeof(mb_param), &mb_param);
+            } else {
+                int pad;
+
+                RAND_bytes(out, 16);
+                len += 16;
+                aad[11] = (unsigned char)(len >> 8);
+                aad[12] = (unsigned char)(len);
+                pad = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_TLS1_AAD,
+                                          EVP_AEAD_TLS1_AAD_LEN, aad);
+                EVP_Cipher(ctx, out, inp, len + pad);
+            }
+        }
+        d = Time_F(STOP);
+        BIO_printf(bio_err, mr ? "+R:%d:%s:%f\n"
+                   : "%d %s's in %.2fs\n", count, "evp", d);
+        results[D_EVP][j] = ((double)count) / d * mblengths[j];
+    }
+
+    if (mr) {
+        fprintf(stdout, "+H");
+        for (j = 0; j < num; j++)
+            fprintf(stdout, ":%d", mblengths[j]);
+        fprintf(stdout, "\n");
+        fprintf(stdout, "+F:%d:%s", D_EVP, alg_name);
+        for (j = 0; j < num; j++)
+            fprintf(stdout, ":%.2f", results[D_EVP][j]);
+        fprintf(stdout, "\n");
+    } else {
+        fprintf(stdout,
+                "The 'numbers' are in 1000s of bytes per second processed.\n");
+        fprintf(stdout, "type                    ");
+        for (j = 0; j < num; j++)
+            fprintf(stdout, "%7d bytes", mblengths[j]);
+        fprintf(stdout, "\n");
+        fprintf(stdout, "%-24s", alg_name);
+
+        for (j = 0; j < num; j++) {
+            if (results[D_EVP][j] > 10000)
+                fprintf(stdout, " %11.2fk", results[D_EVP][j] / 1e3);
+            else
+                fprintf(stdout, " %11.2f ", results[D_EVP][j]);
+        }
+        fprintf(stdout, "\n");
+    }
+
+    OPENSSL_free(inp);
+    OPENSSL_free(out);
+    EVP_CIPHER_CTX_free(ctx);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/spkac.c b/trunk/3rdparty/openssl-1.1-fit/apps/spkac.c
new file mode 100644
index 000000000..f384af6eb
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/spkac.c
@@ -0,0 +1,202 @@
+/*
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/bio.h>
+#include <openssl/conf.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_NOOUT, OPT_PUBKEY, OPT_VERIFY, OPT_IN, OPT_OUT,
+    OPT_ENGINE, OPT_KEY, OPT_CHALLENGE, OPT_PASSIN, OPT_SPKAC,
+    OPT_SPKSECT, OPT_KEYFORM
+} OPTION_CHOICE;
+
+const OPTIONS spkac_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"in", OPT_IN, '<', "Input file"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"key", OPT_KEY, '<', "Create SPKAC using private key"},
+    {"keyform", OPT_KEYFORM, 'f', "Private key file format - default PEM (PEM, DER, or ENGINE)"},
+    {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+    {"challenge", OPT_CHALLENGE, 's', "Challenge string"},
+    {"spkac", OPT_SPKAC, 's', "Alternative SPKAC name"},
+    {"noout", OPT_NOOUT, '-', "Don't print SPKAC"},
+    {"pubkey", OPT_PUBKEY, '-', "Output public key"},
+    {"verify", OPT_VERIFY, '-', "Verify SPKAC signature"},
+    {"spksect", OPT_SPKSECT, 's',
+     "Specify the name of an SPKAC-dedicated section of configuration"},
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+    {NULL}
+};
+
+int spkac_main(int argc, char **argv)
+{
+    BIO *out = NULL;
+    CONF *conf = NULL;
+    ENGINE *e = NULL;
+    EVP_PKEY *pkey = NULL;
+    NETSCAPE_SPKI *spki = NULL;
+    char *challenge = NULL, *keyfile = NULL;
+    char *infile = NULL, *outfile = NULL, *passinarg = NULL, *passin = NULL;
+    char *spkstr = NULL, *prog;
+    const char *spkac = "SPKAC", *spksect = "default";
+    int i, ret = 1, verify = 0, noout = 0, pubkey = 0;
+    int keyformat = FORMAT_PEM;
+    OPTION_CHOICE o;
+
+    prog = opt_init(argc, argv, spkac_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(spkac_options);
+            ret = 0;
+            goto end;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_NOOUT:
+            noout = 1;
+            break;
+        case OPT_PUBKEY:
+            pubkey = 1;
+            break;
+        case OPT_VERIFY:
+            verify = 1;
+            break;
+        case OPT_PASSIN:
+            passinarg = opt_arg();
+            break;
+        case OPT_KEY:
+            keyfile = opt_arg();
+            break;
+        case OPT_KEYFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyformat))
+                goto opthelp;
+            break;
+        case OPT_CHALLENGE:
+            challenge = opt_arg();
+            break;
+        case OPT_SPKAC:
+            spkac = opt_arg();
+            break;
+        case OPT_SPKSECT:
+            spksect = opt_arg();
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    if (!app_passwd(passinarg, NULL, &passin, NULL)) {
+        BIO_printf(bio_err, "Error getting password\n");
+        goto end;
+    }
+
+    if (keyfile != NULL) {
+        pkey = load_key(strcmp(keyfile, "-") ? keyfile : NULL,
+                        keyformat, 1, passin, e, "private key");
+        if (pkey == NULL)
+            goto end;
+        spki = NETSCAPE_SPKI_new();
+        if (spki == NULL)
+            goto end;
+        if (challenge != NULL)
+            ASN1_STRING_set(spki->spkac->challenge,
+                            challenge, (int)strlen(challenge));
+        NETSCAPE_SPKI_set_pubkey(spki, pkey);
+        NETSCAPE_SPKI_sign(spki, pkey, EVP_md5());
+        spkstr = NETSCAPE_SPKI_b64_encode(spki);
+        if (spkstr == NULL)
+            goto end;
+
+        out = bio_open_default(outfile, 'w', FORMAT_TEXT);
+        if (out == NULL) {
+            OPENSSL_free(spkstr);
+            goto end;
+        }
+        BIO_printf(out, "SPKAC=%s\n", spkstr);
+        OPENSSL_free(spkstr);
+        ret = 0;
+        goto end;
+    }
+
+    if ((conf = app_load_config(infile)) == NULL)
+        goto end;
+
+    spkstr = NCONF_get_string(conf, spksect, spkac);
+
+    if (spkstr == NULL) {
+        BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac);
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    spki = NETSCAPE_SPKI_b64_decode(spkstr, -1);
+
+    if (spki == NULL) {
+        BIO_printf(bio_err, "Error loading SPKAC\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    out = bio_open_default(outfile, 'w', FORMAT_TEXT);
+    if (out == NULL)
+        goto end;
+
+    if (!noout)
+        NETSCAPE_SPKI_print(out, spki);
+    pkey = NETSCAPE_SPKI_get_pubkey(spki);
+    if (verify) {
+        i = NETSCAPE_SPKI_verify(spki, pkey);
+        if (i > 0) {
+            BIO_printf(bio_err, "Signature OK\n");
+        } else {
+            BIO_printf(bio_err, "Signature Failure\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+    if (pubkey)
+        PEM_write_bio_PUBKEY(out, pkey);
+
+    ret = 0;
+
+ end:
+    NCONF_free(conf);
+    NETSCAPE_SPKI_free(spki);
+    BIO_free_all(out);
+    EVP_PKEY_free(pkey);
+    release_engine(e);
+    OPENSSL_free(passin);
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/srp.c b/trunk/3rdparty/openssl-1.1-fit/apps/srp.c
new file mode 100644
index 000000000..689574a48
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/srp.c
@@ -0,0 +1,613 @@
+/*
+ * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2004, EdelKey Project. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Christophe Renou and Peter Sylvester,
+ * for the EdelKey project.
+ */
+
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_SRP
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <stdio.h>
+# include <stdlib.h>
+# include <string.h>
+# include <openssl/conf.h>
+# include <openssl/bio.h>
+# include <openssl/err.h>
+# include <openssl/txt_db.h>
+# include <openssl/buffer.h>
+# include <openssl/srp.h>
+# include "apps.h"
+# include "progs.h"
+
+# define BASE_SECTION    "srp"
+# define CONFIG_FILE "openssl.cnf"
+
+
+# define ENV_DATABASE            "srpvfile"
+# define ENV_DEFAULT_SRP         "default_srp"
+
+static int get_index(CA_DB *db, char *id, char type)
+{
+    char **pp;
+    int i;
+    if (id == NULL)
+        return -1;
+    if (type == DB_SRP_INDEX) {
+        for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
+            pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
+            if (pp[DB_srptype][0] == DB_SRP_INDEX
+                && strcmp(id, pp[DB_srpid]) == 0)
+                return i;
+        }
+    } else {
+        for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
+            pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
+
+            if (pp[DB_srptype][0] != DB_SRP_INDEX
+                && strcmp(id, pp[DB_srpid]) == 0)
+                return i;
+        }
+    }
+
+    return -1;
+}
+
+static void print_entry(CA_DB *db, int indx, int verbose, char *s)
+{
+    if (indx >= 0 && verbose) {
+        int j;
+        char **pp = sk_OPENSSL_PSTRING_value(db->db->data, indx);
+        BIO_printf(bio_err, "%s \"%s\"\n", s, pp[DB_srpid]);
+        for (j = 0; j < DB_NUMBER; j++) {
+            BIO_printf(bio_err, "  %d = \"%s\"\n", j, pp[j]);
+        }
+    }
+}
+
+static void print_index(CA_DB *db, int indexindex, int verbose)
+{
+    print_entry(db, indexindex, verbose, "g N entry");
+}
+
+static void print_user(CA_DB *db, int userindex, int verbose)
+{
+    if (verbose > 0) {
+        char **pp = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
+
+        if (pp[DB_srptype][0] != 'I') {
+            print_entry(db, userindex, verbose, "User entry");
+            print_entry(db, get_index(db, pp[DB_srpgN], 'I'), verbose,
+                        "g N entry");
+        }
+
+    }
+}
+
+static int update_index(CA_DB *db, char **row)
+{
+    char **irow;
+    int i;
+
+    irow = app_malloc(sizeof(*irow) * (DB_NUMBER + 1), "row pointers");
+    for (i = 0; i < DB_NUMBER; i++)
+        irow[i] = row[i];
+    irow[DB_NUMBER] = NULL;
+
+    if (!TXT_DB_insert(db->db, irow)) {
+        BIO_printf(bio_err, "failed to update srpvfile\n");
+        BIO_printf(bio_err, "TXT_DB error number %ld\n", db->db->error);
+        OPENSSL_free(irow);
+        return 0;
+    }
+    return 1;
+}
+
+static char *lookup_conf(const CONF *conf, const char *section, const char *tag)
+{
+    char *entry = NCONF_get_string(conf, section, tag);
+    if (entry == NULL)
+        BIO_printf(bio_err, "variable lookup failed for %s::%s\n", section, tag);
+    return entry;
+}
+
+static char *srp_verify_user(const char *user, const char *srp_verifier,
+                             char *srp_usersalt, const char *g, const char *N,
+                             const char *passin, int verbose)
+{
+    char password[1025];
+    PW_CB_DATA cb_tmp;
+    char *verifier = NULL;
+    char *gNid = NULL;
+    int len;
+
+    cb_tmp.prompt_info = user;
+    cb_tmp.password = passin;
+
+    len = password_callback(password, sizeof(password)-1, 0, &cb_tmp);
+    if (len > 0) {
+        password[len] = 0;
+        if (verbose)
+            BIO_printf(bio_err,
+                       "Validating\n   user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
+                       user, srp_verifier, srp_usersalt, g, N);
+        if (verbose > 1)
+            BIO_printf(bio_err, "Pass %s\n", password);
+
+        OPENSSL_assert(srp_usersalt != NULL);
+        if ((gNid = SRP_create_verifier(user, password, &srp_usersalt,
+                                        &verifier, N, g)) == NULL) {
+            BIO_printf(bio_err, "Internal error validating SRP verifier\n");
+        } else {
+            if (strcmp(verifier, srp_verifier))
+                gNid = NULL;
+            OPENSSL_free(verifier);
+        }
+        OPENSSL_cleanse(password, len);
+    }
+    return gNid;
+}
+
+static char *srp_create_user(char *user, char **srp_verifier,
+                             char **srp_usersalt, char *g, char *N,
+                             char *passout, int verbose)
+{
+    char password[1025];
+    PW_CB_DATA cb_tmp;
+    char *gNid = NULL;
+    char *salt = NULL;
+    int len;
+    cb_tmp.prompt_info = user;
+    cb_tmp.password = passout;
+
+    len = password_callback(password, sizeof(password)-1, 1, &cb_tmp);
+    if (len > 0) {
+        password[len] = 0;
+        if (verbose)
+            BIO_printf(bio_err, "Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
+                       user, g, N);
+        if ((gNid = SRP_create_verifier(user, password, &salt,
+                                        srp_verifier, N, g)) == NULL) {
+            BIO_printf(bio_err, "Internal error creating SRP verifier\n");
+        } else {
+            *srp_usersalt = salt;
+        }
+        OPENSSL_cleanse(password, len);
+        if (verbose > 1)
+            BIO_printf(bio_err, "gNid=%s salt =\"%s\"\n verifier =\"%s\"\n",
+                       gNid, salt, *srp_verifier);
+
+    }
+    return gNid;
+}
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_VERBOSE, OPT_CONFIG, OPT_NAME, OPT_SRPVFILE, OPT_ADD,
+    OPT_DELETE, OPT_MODIFY, OPT_LIST, OPT_GN, OPT_USERINFO,
+    OPT_PASSIN, OPT_PASSOUT, OPT_ENGINE, OPT_R_ENUM
+} OPTION_CHOICE;
+
+const OPTIONS srp_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"verbose", OPT_VERBOSE, '-', "Talk a lot while doing things"},
+    {"config", OPT_CONFIG, '<', "A config file"},
+    {"name", OPT_NAME, 's', "The particular srp definition to use"},
+    {"srpvfile", OPT_SRPVFILE, '<', "The srp verifier file name"},
+    {"add", OPT_ADD, '-', "Add a user and srp verifier"},
+    {"modify", OPT_MODIFY, '-',
+     "Modify the srp verifier of an existing user"},
+    {"delete", OPT_DELETE, '-', "Delete user from verifier file"},
+    {"list", OPT_LIST, '-', "List users"},
+    {"gn", OPT_GN, 's', "Set g and N values to be used for new verifier"},
+    {"userinfo", OPT_USERINFO, 's', "Additional info to be set for user"},
+    {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+    {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
+    OPT_R_OPTIONS,
+# ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+# endif
+    {NULL}
+};
+
+int srp_main(int argc, char **argv)
+{
+    ENGINE *e = NULL;
+    CA_DB *db = NULL;
+    CONF *conf = NULL;
+    int gNindex = -1, maxgN = -1, ret = 1, errors = 0, verbose = 0, i;
+    int doupdatedb = 0, mode = OPT_ERR;
+    char *user = NULL, *passinarg = NULL, *passoutarg = NULL;
+    char *passin = NULL, *passout = NULL, *gN = NULL, *userinfo = NULL;
+    char *section = NULL;
+    char **gNrow = NULL, *configfile = NULL;
+    char *srpvfile = NULL, **pp, *prog;
+    OPTION_CHOICE o;
+
+    prog = opt_init(argc, argv, srp_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(srp_options);
+            ret = 0;
+            goto end;
+        case OPT_VERBOSE:
+            verbose++;
+            break;
+        case OPT_CONFIG:
+            configfile = opt_arg();
+            break;
+        case OPT_NAME:
+            section = opt_arg();
+            break;
+        case OPT_SRPVFILE:
+            srpvfile = opt_arg();
+            break;
+        case OPT_ADD:
+        case OPT_DELETE:
+        case OPT_MODIFY:
+        case OPT_LIST:
+            if (mode != OPT_ERR) {
+                BIO_printf(bio_err,
+                           "%s: Only one of -add/-delete/-modify/-list\n",
+                           prog);
+                goto opthelp;
+            }
+            mode = o;
+            break;
+        case OPT_GN:
+            gN = opt_arg();
+            break;
+        case OPT_USERINFO:
+            userinfo = opt_arg();
+            break;
+        case OPT_PASSIN:
+            passinarg = opt_arg();
+            break;
+        case OPT_PASSOUT:
+            passoutarg = opt_arg();
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_R_CASES:
+            if (!opt_rand(o))
+                goto end;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    argv = opt_rest();
+
+    if (srpvfile != NULL && configfile != NULL) {
+        BIO_printf(bio_err,
+                   "-srpvfile and -configfile cannot be specified together.\n");
+        goto end;
+    }
+    if (mode == OPT_ERR) {
+        BIO_printf(bio_err,
+                   "Exactly one of the options -add, -delete, -modify -list must be specified.\n");
+        goto opthelp;
+    }
+    if (mode == OPT_DELETE || mode == OPT_MODIFY || mode == OPT_ADD) {
+        if (argc == 0) {
+            BIO_printf(bio_err, "Need at least one user.\n");
+            goto opthelp;
+        }
+        user = *argv++;
+    }
+    if ((passinarg != NULL || passoutarg != NULL) && argc != 1) {
+        BIO_printf(bio_err,
+                   "-passin, -passout arguments only valid with one user.\n");
+        goto opthelp;
+    }
+
+    if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
+        BIO_printf(bio_err, "Error getting passwords\n");
+        goto end;
+    }
+
+    if (srpvfile == NULL) {
+        if (configfile == NULL)
+            configfile = default_config_file;
+
+        if (verbose)
+            BIO_printf(bio_err, "Using configuration from %s\n",
+                       configfile);
+        conf = app_load_config(configfile);
+        if (conf == NULL)
+            goto end;
+        if (configfile != default_config_file && !app_load_modules(conf))
+            goto end;
+
+        /* Lets get the config section we are using */
+        if (section == NULL) {
+            if (verbose)
+                BIO_printf(bio_err,
+                           "trying to read " ENV_DEFAULT_SRP
+                           " in " BASE_SECTION "\n");
+
+            section = lookup_conf(conf, BASE_SECTION, ENV_DEFAULT_SRP);
+            if (section == NULL)
+                goto end;
+        }
+
+        app_RAND_load_conf(conf, BASE_SECTION);
+
+        if (verbose)
+            BIO_printf(bio_err,
+                       "trying to read " ENV_DATABASE " in section \"%s\"\n",
+                       section);
+
+        srpvfile = lookup_conf(conf, section, ENV_DATABASE);
+        if (srpvfile == NULL)
+            goto end;
+    }
+
+    if (verbose)
+        BIO_printf(bio_err, "Trying to read SRP verifier file \"%s\"\n",
+                   srpvfile);
+
+    db = load_index(srpvfile, NULL);
+    if (db == NULL)
+        goto end;
+
+    /* Lets check some fields */
+    for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
+        pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
+
+        if (pp[DB_srptype][0] == DB_SRP_INDEX) {
+            maxgN = i;
+            if ((gNindex < 0) && (gN != NULL) && strcmp(gN, pp[DB_srpid]) == 0)
+                gNindex = i;
+
+            print_index(db, i, verbose > 1);
+        }
+    }
+
+    if (verbose)
+        BIO_printf(bio_err, "Database initialised\n");
+
+    if (gNindex >= 0) {
+        gNrow = sk_OPENSSL_PSTRING_value(db->db->data, gNindex);
+        print_entry(db, gNindex, verbose > 1, "Default g and N");
+    } else if (maxgN > 0 && !SRP_get_default_gN(gN)) {
+        BIO_printf(bio_err, "No g and N value for index \"%s\"\n", gN);
+        goto end;
+    } else {
+        if (verbose)
+            BIO_printf(bio_err, "Database has no g N information.\n");
+        gNrow = NULL;
+    }
+
+    if (verbose > 1)
+        BIO_printf(bio_err, "Starting user processing\n");
+
+    while (mode == OPT_LIST || user != NULL) {
+        int userindex = -1;
+
+        if (user != NULL && verbose > 1)
+            BIO_printf(bio_err, "Processing user \"%s\"\n", user);
+        if ((userindex = get_index(db, user, 'U')) >= 0)
+            print_user(db, userindex, (verbose > 0) || mode == OPT_LIST);
+
+        if (mode == OPT_LIST) {
+            if (user == NULL) {
+                BIO_printf(bio_err, "List all users\n");
+
+                for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
+                    print_user(db, i, 1);
+            } else if (userindex < 0) {
+                BIO_printf(bio_err,
+                           "user \"%s\" does not exist, ignored. t\n", user);
+                errors++;
+            }
+        } else if (mode == OPT_ADD) {
+            if (userindex >= 0) {
+                /* reactivation of a new user */
+                char **row =
+                    sk_OPENSSL_PSTRING_value(db->db->data, userindex);
+                BIO_printf(bio_err, "user \"%s\" reactivated.\n", user);
+                row[DB_srptype][0] = 'V';
+
+                doupdatedb = 1;
+            } else {
+                char *row[DB_NUMBER];
+                char *gNid;
+                row[DB_srpverifier] = NULL;
+                row[DB_srpsalt] = NULL;
+                row[DB_srpinfo] = NULL;
+                if (!
+                    (gNid =
+                     srp_create_user(user, &(row[DB_srpverifier]),
+                                     &(row[DB_srpsalt]),
+                                     gNrow ? gNrow[DB_srpsalt] : gN,
+                                     gNrow ? gNrow[DB_srpverifier] : NULL,
+                                     passout, verbose))) {
+                    BIO_printf(bio_err,
+                               "Cannot create srp verifier for user \"%s\", operation abandoned .\n",
+                               user);
+                    errors++;
+                    goto end;
+                }
+                row[DB_srpid] = OPENSSL_strdup(user);
+                row[DB_srptype] = OPENSSL_strdup("v");
+                row[DB_srpgN] = OPENSSL_strdup(gNid);
+
+                if ((row[DB_srpid] == NULL)
+                    || (row[DB_srpgN] == NULL)
+                    || (row[DB_srptype] == NULL)
+                    || (row[DB_srpverifier] == NULL)
+                    || (row[DB_srpsalt] == NULL)
+                    || (userinfo
+                        && ((row[DB_srpinfo] = OPENSSL_strdup(userinfo)) == NULL))
+                    || !update_index(db, row)) {
+                    OPENSSL_free(row[DB_srpid]);
+                    OPENSSL_free(row[DB_srpgN]);
+                    OPENSSL_free(row[DB_srpinfo]);
+                    OPENSSL_free(row[DB_srptype]);
+                    OPENSSL_free(row[DB_srpverifier]);
+                    OPENSSL_free(row[DB_srpsalt]);
+                    goto end;
+                }
+                doupdatedb = 1;
+            }
+        } else if (mode == OPT_MODIFY) {
+            if (userindex < 0) {
+                BIO_printf(bio_err,
+                           "user \"%s\" does not exist, operation ignored.\n",
+                           user);
+                errors++;
+            } else {
+
+                char **row =
+                    sk_OPENSSL_PSTRING_value(db->db->data, userindex);
+                char type = row[DB_srptype][0];
+                if (type == 'v') {
+                    BIO_printf(bio_err,
+                               "user \"%s\" already updated, operation ignored.\n",
+                               user);
+                    errors++;
+                } else {
+                    char *gNid;
+
+                    if (row[DB_srptype][0] == 'V') {
+                        int user_gN;
+                        char **irow = NULL;
+                        if (verbose)
+                            BIO_printf(bio_err,
+                                       "Verifying password for user \"%s\"\n",
+                                       user);
+                        if ((user_gN =
+                             get_index(db, row[DB_srpgN], DB_SRP_INDEX)) >= 0)
+                            irow =
+                                sk_OPENSSL_PSTRING_value(db->db->data,
+                                                         userindex);
+
+                        if (!srp_verify_user
+                            (user, row[DB_srpverifier], row[DB_srpsalt],
+                             irow ? irow[DB_srpsalt] : row[DB_srpgN],
+                             irow ? irow[DB_srpverifier] : NULL, passin,
+                             verbose)) {
+                            BIO_printf(bio_err,
+                                       "Invalid password for user \"%s\", operation abandoned.\n",
+                                       user);
+                            errors++;
+                            goto end;
+                        }
+                    }
+                    if (verbose)
+                        BIO_printf(bio_err, "Password for user \"%s\" ok.\n",
+                                   user);
+
+                    if (!
+                        (gNid =
+                         srp_create_user(user, &(row[DB_srpverifier]),
+                                         &(row[DB_srpsalt]),
+                                         gNrow ? gNrow[DB_srpsalt] : NULL,
+                                         gNrow ? gNrow[DB_srpverifier] : NULL,
+                                         passout, verbose))) {
+                        BIO_printf(bio_err,
+                                   "Cannot create srp verifier for user \"%s\", operation abandoned.\n",
+                                   user);
+                        errors++;
+                        goto end;
+                    }
+
+                    row[DB_srptype][0] = 'v';
+                    row[DB_srpgN] = OPENSSL_strdup(gNid);
+
+                    if (row[DB_srpid] == NULL
+                        || row[DB_srpgN] == NULL
+                        || row[DB_srptype] == NULL
+                        || row[DB_srpverifier] == NULL
+                        || row[DB_srpsalt] == NULL
+                        || (userinfo
+                            && ((row[DB_srpinfo] = OPENSSL_strdup(userinfo))
+                                == NULL)))
+                        goto end;
+
+                    doupdatedb = 1;
+                }
+            }
+        } else if (mode == OPT_DELETE) {
+            if (userindex < 0) {
+                BIO_printf(bio_err,
+                           "user \"%s\" does not exist, operation ignored. t\n",
+                           user);
+                errors++;
+            } else {
+                char **xpp = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
+
+                BIO_printf(bio_err, "user \"%s\" revoked. t\n", user);
+                xpp[DB_srptype][0] = 'R';
+                doupdatedb = 1;
+            }
+        }
+        user = *argv++;
+        if (user == NULL) {
+            /* no more processing in any mode if no users left */
+            break;
+        }
+    }
+
+    if (verbose)
+        BIO_printf(bio_err, "User procession done.\n");
+
+    if (doupdatedb) {
+        /* Lets check some fields */
+        for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
+            pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
+
+            if (pp[DB_srptype][0] == 'v') {
+                pp[DB_srptype][0] = 'V';
+                print_user(db, i, verbose);
+            }
+        }
+
+        if (verbose)
+            BIO_printf(bio_err, "Trying to update srpvfile.\n");
+        if (!save_index(srpvfile, "new", db))
+            goto end;
+
+        if (verbose)
+            BIO_printf(bio_err, "Temporary srpvfile created.\n");
+        if (!rotate_index(srpvfile, "new", "old"))
+            goto end;
+
+        if (verbose)
+            BIO_printf(bio_err, "srpvfile updated.\n");
+    }
+
+    ret = (errors != 0);
+ end:
+    if (errors != 0)
+        if (verbose)
+            BIO_printf(bio_err, "User errors %d.\n", errors);
+
+    if (verbose)
+        BIO_printf(bio_err, "SRP terminating with code %d.\n", ret);
+
+    OPENSSL_free(passin);
+    OPENSSL_free(passout);
+    if (ret)
+        ERR_print_errors(bio_err);
+    NCONF_free(conf);
+    free_index(db);
+    release_engine(e);
+    return ret;
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/storeutl.c b/trunk/3rdparty/openssl-1.1-fit/apps/storeutl.c
new file mode 100644
index 000000000..50007f6e8
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/storeutl.c
@@ -0,0 +1,473 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+
+#include "apps.h"
+#include "progs.h"
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/store.h>
+#include <openssl/x509v3.h>      /* s2i_ASN1_INTEGER */
+
+static int process(const char *uri, const UI_METHOD *uimeth, PW_CB_DATA *uidata,
+                   int expected, int criterion, OSSL_STORE_SEARCH *search,
+                   int text, int noout, int recursive, int indent, BIO *out,
+                   const char *prog);
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_ENGINE, OPT_OUT, OPT_PASSIN,
+    OPT_NOOUT, OPT_TEXT, OPT_RECURSIVE,
+    OPT_SEARCHFOR_CERTS, OPT_SEARCHFOR_KEYS, OPT_SEARCHFOR_CRLS,
+    OPT_CRITERION_SUBJECT, OPT_CRITERION_ISSUER, OPT_CRITERION_SERIAL,
+    OPT_CRITERION_FINGERPRINT, OPT_CRITERION_ALIAS,
+    OPT_MD
+} OPTION_CHOICE;
+
+const OPTIONS storeutl_options[] = {
+    {OPT_HELP_STR, 1, '-', "Usage: %s [options] uri\nValid options are:\n"},
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"out", OPT_OUT, '>', "Output file - default stdout"},
+    {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+    {"text", OPT_TEXT, '-', "Print a text form of the objects"},
+    {"noout", OPT_NOOUT, '-', "No PEM output, just status"},
+    {"certs", OPT_SEARCHFOR_CERTS, '-', "Search for certificates only"},
+    {"keys", OPT_SEARCHFOR_KEYS, '-', "Search for keys only"},
+    {"crls", OPT_SEARCHFOR_CRLS, '-', "Search for CRLs only"},
+    {"subject", OPT_CRITERION_SUBJECT, 's', "Search by subject"},
+    {"issuer", OPT_CRITERION_ISSUER, 's', "Search by issuer and serial, issuer name"},
+    {"serial", OPT_CRITERION_SERIAL, 's', "Search by issuer and serial, serial number"},
+    {"fingerprint", OPT_CRITERION_FINGERPRINT, 's', "Search by public key fingerprint, given in hex"},
+    {"alias", OPT_CRITERION_ALIAS, 's', "Search by alias"},
+    {"", OPT_MD, '-', "Any supported digest"},
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+    {"r", OPT_RECURSIVE, '-', "Recurse through names"},
+    {NULL}
+};
+
+int storeutl_main(int argc, char *argv[])
+{
+    int ret = 1, noout = 0, text = 0, recursive = 0;
+    char *outfile = NULL, *passin = NULL, *passinarg = NULL;
+    BIO *out = NULL;
+    ENGINE *e = NULL;
+    OPTION_CHOICE o;
+    char *prog = opt_init(argc, argv, storeutl_options);
+    PW_CB_DATA pw_cb_data;
+    int expected = 0;
+    int criterion = 0;
+    X509_NAME *subject = NULL, *issuer = NULL;
+    ASN1_INTEGER *serial = NULL;
+    unsigned char *fingerprint = NULL;
+    size_t fingerprintlen = 0;
+    char *alias = NULL;
+    OSSL_STORE_SEARCH *search = NULL;
+    const EVP_MD *digest = NULL;
+
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(storeutl_options);
+            ret = 0;
+            goto end;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_PASSIN:
+            passinarg = opt_arg();
+            break;
+        case OPT_NOOUT:
+            noout = 1;
+            break;
+        case OPT_TEXT:
+            text = 1;
+            break;
+        case OPT_RECURSIVE:
+            recursive = 1;
+            break;
+        case OPT_SEARCHFOR_CERTS:
+        case OPT_SEARCHFOR_KEYS:
+        case OPT_SEARCHFOR_CRLS:
+            if (expected != 0) {
+                BIO_printf(bio_err, "%s: only one search type can be given.\n",
+                           prog);
+                goto end;
+            }
+            {
+                static const struct {
+                    enum OPTION_choice choice;
+                    int type;
+                } map[] = {
+                    {OPT_SEARCHFOR_CERTS, OSSL_STORE_INFO_CERT},
+                    {OPT_SEARCHFOR_KEYS, OSSL_STORE_INFO_PKEY},
+                    {OPT_SEARCHFOR_CRLS, OSSL_STORE_INFO_CRL},
+                };
+                size_t i;
+
+                for (i = 0; i < OSSL_NELEM(map); i++) {
+                    if (o == map[i].choice) {
+                        expected = map[i].type;
+                        break;
+                    }
+                }
+                /*
+                 * If expected wasn't set at this point, it means the map
+                 * isn't syncronised with the possible options leading here.
+                 */
+                OPENSSL_assert(expected != 0);
+            }
+            break;
+        case OPT_CRITERION_SUBJECT:
+            if (criterion != 0) {
+                BIO_printf(bio_err, "%s: criterion already given.\n",
+                           prog);
+                goto end;
+            }
+            criterion = OSSL_STORE_SEARCH_BY_NAME;
+            if (subject != NULL) {
+                BIO_printf(bio_err, "%s: subject already given.\n",
+                           prog);
+                goto end;
+            }
+            if ((subject = parse_name(opt_arg(), MBSTRING_UTF8, 1)) == NULL) {
+                BIO_printf(bio_err, "%s: can't parse subject argument.\n",
+                           prog);
+                goto end;
+            }
+            break;
+        case OPT_CRITERION_ISSUER:
+            if (criterion != 0
+                || (criterion == OSSL_STORE_SEARCH_BY_ISSUER_SERIAL
+                    && issuer != NULL)) {
+                BIO_printf(bio_err, "%s: criterion already given.\n",
+                           prog);
+                goto end;
+            }
+            criterion = OSSL_STORE_SEARCH_BY_ISSUER_SERIAL;
+            if (issuer != NULL) {
+                BIO_printf(bio_err, "%s: issuer already given.\n",
+                           prog);
+                goto end;
+            }
+            if ((issuer = parse_name(opt_arg(), MBSTRING_UTF8, 1)) == NULL) {
+                BIO_printf(bio_err, "%s: can't parse issuer argument.\n",
+                           prog);
+                goto end;
+            }
+            break;
+        case OPT_CRITERION_SERIAL:
+            if (criterion != 0
+                || (criterion == OSSL_STORE_SEARCH_BY_ISSUER_SERIAL
+                    && serial != NULL)) {
+                BIO_printf(bio_err, "%s: criterion already given.\n",
+                           prog);
+                goto end;
+            }
+            criterion = OSSL_STORE_SEARCH_BY_ISSUER_SERIAL;
+            if (serial != NULL) {
+                BIO_printf(bio_err, "%s: serial number already given.\n",
+                           prog);
+                goto end;
+            }
+            if ((serial = s2i_ASN1_INTEGER(NULL, opt_arg())) == NULL) {
+                BIO_printf(bio_err, "%s: can't parse serial number argument.\n",
+                           prog);
+                goto end;
+            }
+            break;
+        case OPT_CRITERION_FINGERPRINT:
+            if (criterion != 0
+                || (criterion == OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT
+                    && fingerprint != NULL)) {
+                BIO_printf(bio_err, "%s: criterion already given.\n",
+                           prog);
+                goto end;
+            }
+            criterion = OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT;
+            if (fingerprint != NULL) {
+                BIO_printf(bio_err, "%s: fingerprint already given.\n",
+                           prog);
+                goto end;
+            }
+            {
+                long tmplen = 0;
+
+                if ((fingerprint = OPENSSL_hexstr2buf(opt_arg(), &tmplen))
+                    == NULL) {
+                    BIO_printf(bio_err,
+                               "%s: can't parse fingerprint argument.\n",
+                               prog);
+                    goto end;
+                }
+                fingerprintlen = (size_t)tmplen;
+            }
+            break;
+        case OPT_CRITERION_ALIAS:
+            if (criterion != 0) {
+                BIO_printf(bio_err, "%s: criterion already given.\n",
+                           prog);
+                goto end;
+            }
+            criterion = OSSL_STORE_SEARCH_BY_ALIAS;
+            if (alias != NULL) {
+                BIO_printf(bio_err, "%s: alias already given.\n",
+                           prog);
+                goto end;
+            }
+            if ((alias = OPENSSL_strdup(opt_arg())) == NULL) {
+                BIO_printf(bio_err, "%s: can't parse alias argument.\n",
+                           prog);
+                goto end;
+            }
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_MD:
+            if (!opt_md(opt_unknown(), &digest))
+                goto opthelp;
+        }
+    }
+    argc = opt_num_rest();
+    argv = opt_rest();
+
+    if (argc == 0) {
+        BIO_printf(bio_err, "%s: No URI given, nothing to do...\n", prog);
+        goto opthelp;
+    }
+    if (argc > 1) {
+        BIO_printf(bio_err, "%s: Unknown extra parameters after URI\n", prog);
+        goto opthelp;
+    }
+
+    if (criterion != 0) {
+        switch (criterion) {
+        case OSSL_STORE_SEARCH_BY_NAME:
+            if ((search = OSSL_STORE_SEARCH_by_name(subject)) == NULL) {
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+            break;
+        case OSSL_STORE_SEARCH_BY_ISSUER_SERIAL:
+            if (issuer == NULL || serial == NULL) {
+                BIO_printf(bio_err,
+                           "%s: both -issuer and -serial must be given.\n",
+                           prog);
+                goto end;
+            }
+            if ((search = OSSL_STORE_SEARCH_by_issuer_serial(issuer, serial))
+                == NULL) {
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+            break;
+        case OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT:
+            if ((search = OSSL_STORE_SEARCH_by_key_fingerprint(digest,
+                                                               fingerprint,
+                                                               fingerprintlen))
+                == NULL) {
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+            break;
+        case OSSL_STORE_SEARCH_BY_ALIAS:
+            if ((search = OSSL_STORE_SEARCH_by_alias(alias)) == NULL) {
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+            break;
+        }
+    }
+
+    if (!app_passwd(passinarg, NULL, &passin, NULL)) {
+        BIO_printf(bio_err, "Error getting passwords\n");
+        goto end;
+    }
+    pw_cb_data.password = passin;
+    pw_cb_data.prompt_info = argv[0];
+
+    out = bio_open_default(outfile, 'w', FORMAT_TEXT);
+    if (out == NULL)
+        goto end;
+
+    ret = process(argv[0], get_ui_method(), &pw_cb_data,
+                  expected, criterion, search,
+                  text, noout, recursive, 0, out, prog);
+
+ end:
+    OPENSSL_free(fingerprint);
+    OPENSSL_free(alias);
+    ASN1_INTEGER_free(serial);
+    X509_NAME_free(subject);
+    X509_NAME_free(issuer);
+    OSSL_STORE_SEARCH_free(search);
+    BIO_free_all(out);
+    OPENSSL_free(passin);
+    release_engine(e);
+    return ret;
+}
+
+static int indent_printf(int indent, BIO *bio, const char *format, ...)
+{
+    va_list args;
+    int ret;
+
+    va_start(args, format);
+
+    ret = BIO_printf(bio, "%*s", indent, "") + BIO_vprintf(bio, format, args);
+
+    va_end(args);
+    return ret;
+}
+
+static int process(const char *uri, const UI_METHOD *uimeth, PW_CB_DATA *uidata,
+                   int expected, int criterion, OSSL_STORE_SEARCH *search,
+                   int text, int noout, int recursive, int indent, BIO *out,
+                   const char *prog)
+{
+    OSSL_STORE_CTX *store_ctx = NULL;
+    int ret = 1, items = 0;
+
+    if ((store_ctx = OSSL_STORE_open(uri, uimeth, uidata, NULL, NULL))
+        == NULL) {
+        BIO_printf(bio_err, "Couldn't open file or uri %s\n", uri);
+        ERR_print_errors(bio_err);
+        return ret;
+    }
+
+    if (expected != 0) {
+        if (!OSSL_STORE_expect(store_ctx, expected)) {
+            ERR_print_errors(bio_err);
+            goto end2;
+        }
+    }
+
+    if (criterion != 0) {
+        if (!OSSL_STORE_supports_search(store_ctx, criterion)) {
+            BIO_printf(bio_err,
+                       "%s: the store scheme doesn't support the given search criteria.\n",
+                       prog);
+            goto end2;
+        }
+
+        if (!OSSL_STORE_find(store_ctx, search)) {
+            ERR_print_errors(bio_err);
+            goto end2;
+        }
+    }
+
+    /* From here on, we count errors, and we'll return the count at the end */
+    ret = 0;
+
+    for (;;) {
+        OSSL_STORE_INFO *info = OSSL_STORE_load(store_ctx);
+        int type = info == NULL ? 0 : OSSL_STORE_INFO_get_type(info);
+        const char *infostr =
+            info == NULL ? NULL : OSSL_STORE_INFO_type_string(type);
+
+        if (info == NULL) {
+            if (OSSL_STORE_eof(store_ctx))
+                break;
+
+            if (OSSL_STORE_error(store_ctx)) {
+                if (recursive)
+                    ERR_clear_error();
+                else
+                    ERR_print_errors(bio_err);
+                ret++;
+                continue;
+            }
+
+            BIO_printf(bio_err,
+                       "ERROR: OSSL_STORE_load() returned NULL without "
+                       "eof or error indications\n");
+            BIO_printf(bio_err, "       This is an error in the loader\n");
+            ERR_print_errors(bio_err);
+            ret++;
+            break;
+        }
+
+        if (type == OSSL_STORE_INFO_NAME) {
+            const char *name = OSSL_STORE_INFO_get0_NAME(info);
+            const char *desc = OSSL_STORE_INFO_get0_NAME_description(info);
+            indent_printf(indent, bio_out, "%d: %s: %s\n", items, infostr,
+                          name);
+            if (desc != NULL)
+                indent_printf(indent, bio_out, "%s\n", desc);
+        } else {
+            indent_printf(indent, bio_out, "%d: %s\n", items, infostr);
+        }
+
+        /*
+         * Unfortunately, PEM_X509_INFO_write_bio() is sorely lacking in
+         * functionality, so we must figure out how exactly to write things
+         * ourselves...
+         */
+        switch (type) {
+        case OSSL_STORE_INFO_NAME:
+            if (recursive) {
+                const char *suburi = OSSL_STORE_INFO_get0_NAME(info);
+                ret += process(suburi, uimeth, uidata,
+                               expected, criterion, search,
+                               text, noout, recursive, indent + 2, out, prog);
+            }
+            break;
+        case OSSL_STORE_INFO_PARAMS:
+            if (text)
+                EVP_PKEY_print_params(out, OSSL_STORE_INFO_get0_PARAMS(info),
+                                      0, NULL);
+            if (!noout)
+                PEM_write_bio_Parameters(out,
+                                         OSSL_STORE_INFO_get0_PARAMS(info));
+            break;
+        case OSSL_STORE_INFO_PKEY:
+            if (text)
+                EVP_PKEY_print_private(out, OSSL_STORE_INFO_get0_PKEY(info),
+                                       0, NULL);
+            if (!noout)
+                PEM_write_bio_PrivateKey(out, OSSL_STORE_INFO_get0_PKEY(info),
+                                         NULL, NULL, 0, NULL, NULL);
+            break;
+        case OSSL_STORE_INFO_CERT:
+            if (text)
+                X509_print(out, OSSL_STORE_INFO_get0_CERT(info));
+            if (!noout)
+                PEM_write_bio_X509(out, OSSL_STORE_INFO_get0_CERT(info));
+            break;
+        case OSSL_STORE_INFO_CRL:
+            if (text)
+                X509_CRL_print(out, OSSL_STORE_INFO_get0_CRL(info));
+            if (!noout)
+                PEM_write_bio_X509_CRL(out, OSSL_STORE_INFO_get0_CRL(info));
+            break;
+        default:
+            BIO_printf(bio_err, "!!! Unknown code\n");
+            ret++;
+            break;
+        }
+        items++;
+        OSSL_STORE_INFO_free(info);
+    }
+    indent_printf(indent, out, "Total found: %d\n", items);
+
+ end2:
+    if (!OSSL_STORE_close(store_ctx)) {
+        ERR_print_errors(bio_err);
+        ret++;
+    }
+
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/testCA.pem b/trunk/3rdparty/openssl-1.1-fit/apps/testCA.pem
new file mode 100644
index 000000000..dcb710aa9
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/testCA.pem
@@ -0,0 +1,8 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBBzCBsgIBADBNMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEX
+MBUGA1UEChMOTWluY29tIFB0eSBMdGQxEDAOBgNVBAMTB1RFU1QgQ0EwXDANBgkq
+hkiG9w0BAQEFAANLADBIAkEAzW9brgA8efT2ODB+NrsflJZj3KKqKsm4OrXTRqfL
+VETj1ws/zCXl42XJAxdWQMCP0liKfc9Ut4xi1qCVI7N07wIDAQABoAAwDQYJKoZI
+hvcNAQEEBQADQQBjZZ42Det9Uw0AFwJy4ufUEy5Cv74pxBp5SZnljgHY+Az0Hs2S
+uNkIegr2ITX5azKi9nOkg9ZmsmGG13FIjiC/
+-----END CERTIFICATE REQUEST-----
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/testdsa.h b/trunk/3rdparty/openssl-1.1-fit/apps/testdsa.h
new file mode 100644
index 000000000..3c4b459db
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/testdsa.h
@@ -0,0 +1,260 @@
+/*
+ * Copyright 1998-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* used by speed.c */
+DSA *get_dsa(int);
+
+static unsigned char dsa512_priv[] = {
+    0x65, 0xe5, 0xc7, 0x38, 0x60, 0x24, 0xb5, 0x89, 0xd4, 0x9c, 0xeb, 0x4c,
+    0x9c, 0x1d, 0x7a, 0x22, 0xbd, 0xd1, 0xc2, 0xd2,
+};
+
+static unsigned char dsa512_pub[] = {
+    0x00, 0x95, 0xa7, 0x0d, 0xec, 0x93, 0x68, 0xba, 0x5f, 0xf7, 0x5f, 0x07,
+    0xf2, 0x3b, 0xad, 0x6b, 0x01, 0xdc, 0xbe, 0xec, 0xde, 0x04, 0x7a, 0x3a,
+    0x27, 0xb3, 0xec, 0x49, 0xfd, 0x08, 0x43, 0x3d, 0x7e, 0xa8, 0x2c, 0x5e,
+    0x7b, 0xbb, 0xfc, 0xf4, 0x6e, 0xeb, 0x6c, 0xb0, 0x6e, 0xf8, 0x02, 0x12,
+    0x8c, 0x38, 0x5d, 0x83, 0x56, 0x7d, 0xee, 0x53, 0x05, 0x3e, 0x24, 0x84,
+    0xbe, 0xba, 0x0a, 0x6b, 0xc8,
+};
+
+static unsigned char dsa512_p[] = {
+    0x9D, 0x1B, 0x69, 0x8E, 0x26, 0xDB, 0xF2, 0x2B, 0x11, 0x70, 0x19, 0x86,
+    0xF6, 0x19, 0xC8, 0xF8, 0x19, 0xF2, 0x18, 0x53, 0x94, 0x46, 0x06, 0xD0,
+    0x62, 0x50, 0x33, 0x4B, 0x02, 0x3C, 0x52, 0x30, 0x03, 0x8B, 0x3B, 0xF9,
+    0x5F, 0xD1, 0x24, 0x06, 0x4F, 0x7B, 0x4C, 0xBA, 0xAA, 0x40, 0x9B, 0xFD,
+    0x96, 0xE4, 0x37, 0x33, 0xBB, 0x2D, 0x5A, 0xD7, 0x5A, 0x11, 0x40, 0x66,
+    0xA2, 0x76, 0x7D, 0x31,
+};
+
+static unsigned char dsa512_q[] = {
+    0xFB, 0x53, 0xEF, 0x50, 0xB4, 0x40, 0x92, 0x31, 0x56, 0x86, 0x53, 0x7A,
+    0xE8, 0x8B, 0x22, 0x9A, 0x49, 0xFB, 0x71, 0x8F,
+};
+
+static unsigned char dsa512_g[] = {
+    0x83, 0x3E, 0x88, 0xE5, 0xC5, 0x89, 0x73, 0xCE, 0x3B, 0x6C, 0x01, 0x49,
+    0xBF, 0xB3, 0xC7, 0x9F, 0x0A, 0xEA, 0x44, 0x91, 0xE5, 0x30, 0xAA, 0xD9,
+    0xBE, 0x5B, 0x5F, 0xB7, 0x10, 0xD7, 0x89, 0xB7, 0x8E, 0x74, 0xFB, 0xCF,
+    0x29, 0x1E, 0xEB, 0xA8, 0x2C, 0x54, 0x51, 0xB8, 0x10, 0xDE, 0xA0, 0xCE,
+    0x2F, 0xCC, 0x24, 0x6B, 0x90, 0x77, 0xDE, 0xA2, 0x68, 0xA6, 0x52, 0x12,
+    0xA2, 0x03, 0x9D, 0x20,
+};
+
+static unsigned char dsa1024_priv[] = {
+    0x7d, 0x21, 0xda, 0xbb, 0x62, 0x15, 0x47, 0x36, 0x07, 0x67, 0x12, 0xe8,
+    0x8c, 0xaa, 0x1c, 0xcd, 0x38, 0x12, 0x61, 0x18,
+};
+
+static unsigned char dsa1024_pub[] = {
+    0x3c, 0x4e, 0x9c, 0x2a, 0x7f, 0x16, 0xc1, 0x25, 0xeb, 0xac, 0x78, 0x63,
+    0x90, 0x14, 0x8c, 0x8b, 0xf4, 0x68, 0x43, 0x3c, 0x2d, 0xee, 0x65, 0x50,
+    0x7d, 0x9c, 0x8f, 0x8c, 0x8a, 0x51, 0xd6, 0x11, 0x2b, 0x99, 0xaf, 0x1e,
+    0x90, 0x97, 0xb5, 0xd3, 0xa6, 0x20, 0x25, 0xd6, 0xfe, 0x43, 0x02, 0xd5,
+    0x91, 0x7d, 0xa7, 0x8c, 0xdb, 0xc9, 0x85, 0xa3, 0x36, 0x48, 0xf7, 0x68,
+    0xaa, 0x60, 0xb1, 0xf7, 0x05, 0x68, 0x3a, 0xa3, 0x3f, 0xd3, 0x19, 0x82,
+    0xd8, 0x82, 0x7a, 0x77, 0xfb, 0xef, 0xf4, 0x15, 0x0a, 0xeb, 0x06, 0x04,
+    0x7f, 0x53, 0x07, 0x0c, 0xbc, 0xcb, 0x2d, 0x83, 0xdb, 0x3e, 0xd1, 0x28,
+    0xa5, 0xa1, 0x31, 0xe0, 0x67, 0xfa, 0x50, 0xde, 0x9b, 0x07, 0x83, 0x7e,
+    0x2c, 0x0b, 0xc3, 0x13, 0x50, 0x61, 0xe5, 0xad, 0xbd, 0x36, 0xb8, 0x97,
+    0x4e, 0x40, 0x7d, 0xe8, 0x83, 0x0d, 0xbc, 0x4b
+};
+
+static unsigned char dsa1024_p[] = {
+    0xA7, 0x3F, 0x6E, 0x85, 0xBF, 0x41, 0x6A, 0x29, 0x7D, 0xF0, 0x9F, 0x47,
+    0x19, 0x30, 0x90, 0x9A, 0x09, 0x1D, 0xDA, 0x6A, 0x33, 0x1E, 0xC5, 0x3D,
+    0x86, 0x96, 0xB3, 0x15, 0xE0, 0x53, 0x2E, 0x8F, 0xE0, 0x59, 0x82, 0x73,
+    0x90, 0x3E, 0x75, 0x31, 0x99, 0x47, 0x7A, 0x52, 0xFB, 0x85, 0xE4, 0xD9,
+    0xA6, 0x7B, 0x38, 0x9B, 0x68, 0x8A, 0x84, 0x9B, 0x87, 0xC6, 0x1E, 0xB5,
+    0x7E, 0x86, 0x4B, 0x53, 0x5B, 0x59, 0xCF, 0x71, 0x65, 0x19, 0x88, 0x6E,
+    0xCE, 0x66, 0xAE, 0x6B, 0x88, 0x36, 0xFB, 0xEC, 0x28, 0xDC, 0xC2, 0xD7,
+    0xA5, 0xBB, 0xE5, 0x2C, 0x39, 0x26, 0x4B, 0xDA, 0x9A, 0x70, 0x18, 0x95,
+    0x37, 0x95, 0x10, 0x56, 0x23, 0xF6, 0x15, 0xED, 0xBA, 0x04, 0x5E, 0xDE,
+    0x39, 0x4F, 0xFD, 0xB7, 0x43, 0x1F, 0xB5, 0xA4, 0x65, 0x6F, 0xCD, 0x80,
+    0x11, 0xE4, 0x70, 0x95, 0x5B, 0x50, 0xCD, 0x49,
+};
+
+static unsigned char dsa1024_q[] = {
+    0xF7, 0x07, 0x31, 0xED, 0xFA, 0x6C, 0x06, 0x03, 0xD5, 0x85, 0x8A, 0x1C,
+    0xAC, 0x9C, 0x65, 0xE7, 0x50, 0x66, 0x65, 0x6F,
+};
+
+static unsigned char dsa1024_g[] = {
+    0x4D, 0xDF, 0x4C, 0x03, 0xA6, 0x91, 0x8A, 0xF5, 0x19, 0x6F, 0x50, 0x46,
+    0x25, 0x99, 0xE5, 0x68, 0x6F, 0x30, 0xE3, 0x69, 0xE1, 0xE5, 0xB3, 0x5D,
+    0x98, 0xBB, 0x28, 0x86, 0x48, 0xFC, 0xDE, 0x99, 0x04, 0x3F, 0x5F, 0x88,
+    0x0C, 0x9C, 0x73, 0x24, 0x0D, 0x20, 0x5D, 0xB9, 0x2A, 0x9A, 0x3F, 0x18,
+    0x96, 0x27, 0xE4, 0x62, 0x87, 0xC1, 0x7B, 0x74, 0x62, 0x53, 0xFC, 0x61,
+    0x27, 0xA8, 0x7A, 0x91, 0x09, 0x9D, 0xB6, 0xF1, 0x4D, 0x9C, 0x54, 0x0F,
+    0x58, 0x06, 0xEE, 0x49, 0x74, 0x07, 0xCE, 0x55, 0x7E, 0x23, 0xCE, 0x16,
+    0xF6, 0xCA, 0xDC, 0x5A, 0x61, 0x01, 0x7E, 0xC9, 0x71, 0xB5, 0x4D, 0xF6,
+    0xDC, 0x34, 0x29, 0x87, 0x68, 0xF6, 0x5E, 0x20, 0x93, 0xB3, 0xDB, 0xF5,
+    0xE4, 0x09, 0x6C, 0x41, 0x17, 0x95, 0x92, 0xEB, 0x01, 0xB5, 0x73, 0xA5,
+    0x6A, 0x7E, 0xD8, 0x32, 0xED, 0x0E, 0x02, 0xB8,
+};
+
+static unsigned char dsa2048_priv[] = {
+    0x32, 0x67, 0x92, 0xf6, 0xc4, 0xe2, 0xe2, 0xe8, 0xa0, 0x8b, 0x6b, 0x45,
+    0x0c, 0x8a, 0x76, 0xb0, 0xee, 0xcf, 0x91, 0xa7,
+};
+
+static unsigned char dsa2048_pub[] = {
+    0x17, 0x8f, 0xa8, 0x11, 0x84, 0x92, 0xec, 0x83, 0x47, 0xc7, 0x6a, 0xb0,
+    0x92, 0xaf, 0x5a, 0x20, 0x37, 0xa3, 0x64, 0x79, 0xd2, 0xd0, 0x3d, 0xcd,
+    0xe0, 0x61, 0x88, 0x88, 0x21, 0xcc, 0x74, 0x5d, 0xce, 0x4c, 0x51, 0x47,
+    0xf0, 0xc5, 0x5c, 0x4c, 0x82, 0x7a, 0xaf, 0x72, 0xad, 0xb9, 0xe0, 0x53,
+    0xf2, 0x78, 0xb7, 0xf0, 0xb5, 0x48, 0x7f, 0x8a, 0x3a, 0x18, 0xd1, 0x9f,
+    0x8b, 0x7d, 0xa5, 0x47, 0xb7, 0x95, 0xab, 0x98, 0xf8, 0x7b, 0x74, 0x50,
+    0x56, 0x8e, 0x57, 0xf0, 0xee, 0xf5, 0xb7, 0xba, 0xab, 0x85, 0x86, 0xf9,
+    0x2b, 0xef, 0x41, 0x56, 0xa0, 0xa4, 0x9f, 0xb7, 0x38, 0x00, 0x46, 0x0a,
+    0xa6, 0xf1, 0xfc, 0x1f, 0xd8, 0x4e, 0x85, 0x44, 0x92, 0x43, 0x21, 0x5d,
+    0x6e, 0xcc, 0xc2, 0xcb, 0x26, 0x31, 0x0d, 0x21, 0xc4, 0xbd, 0x8d, 0x24,
+    0xbc, 0xd9, 0x18, 0x19, 0xd7, 0xdc, 0xf1, 0xe7, 0x93, 0x50, 0x48, 0x03,
+    0x2c, 0xae, 0x2e, 0xe7, 0x49, 0x88, 0x5f, 0x93, 0x57, 0x27, 0x99, 0x36,
+    0xb4, 0x20, 0xab, 0xfc, 0xa7, 0x2b, 0xf2, 0xd9, 0x98, 0xd7, 0xd4, 0x34,
+    0x9d, 0x96, 0x50, 0x58, 0x9a, 0xea, 0x54, 0xf3, 0xee, 0xf5, 0x63, 0x14,
+    0xee, 0x85, 0x83, 0x74, 0x76, 0xe1, 0x52, 0x95, 0xc3, 0xf7, 0xeb, 0x04,
+    0x04, 0x7b, 0xa7, 0x28, 0x1b, 0xcc, 0xea, 0x4a, 0x4e, 0x84, 0xda, 0xd8,
+    0x9c, 0x79, 0xd8, 0x9b, 0x66, 0x89, 0x2f, 0xcf, 0xac, 0xd7, 0x79, 0xf9,
+    0xa9, 0xd8, 0x45, 0x13, 0x78, 0xb9, 0x00, 0x14, 0xc9, 0x7e, 0x22, 0x51,
+    0x86, 0x67, 0xb0, 0x9f, 0x26, 0x11, 0x23, 0xc8, 0x38, 0xd7, 0x70, 0x1d,
+    0x15, 0x8e, 0x4d, 0x4f, 0x95, 0x97, 0x40, 0xa1, 0xc2, 0x7e, 0x01, 0x18,
+    0x72, 0xf4, 0x10, 0xe6, 0x8d, 0x52, 0x16, 0x7f, 0xf2, 0xc9, 0xf8, 0x33,
+    0x8b, 0x33, 0xb7, 0xce,
+};
+
+static unsigned char dsa2048_p[] = {
+    0xA0, 0x25, 0xFA, 0xAD, 0xF4, 0x8E, 0xB9, 0xE5, 0x99, 0xF3, 0x5D, 0x6F,
+    0x4F, 0x83, 0x34, 0xE2, 0x7E, 0xCF, 0x6F, 0xBF, 0x30, 0xAF, 0x6F, 0x81,
+    0xEB, 0xF8, 0xC4, 0x13, 0xD9, 0xA0, 0x5D, 0x8B, 0x5C, 0x8E, 0xDC, 0xC2,
+    0x1D, 0x0B, 0x41, 0x32, 0xB0, 0x1F, 0xFE, 0xEF, 0x0C, 0xC2, 0xA2, 0x7E,
+    0x68, 0x5C, 0x28, 0x21, 0xE9, 0xF5, 0xB1, 0x58, 0x12, 0x63, 0x4C, 0x19,
+    0x4E, 0xFF, 0x02, 0x4B, 0x92, 0xED, 0xD2, 0x07, 0x11, 0x4D, 0x8C, 0x58,
+    0x16, 0x5C, 0x55, 0x8E, 0xAD, 0xA3, 0x67, 0x7D, 0xB9, 0x86, 0x6E, 0x0B,
+    0xE6, 0x54, 0x6F, 0x40, 0xAE, 0x0E, 0x67, 0x4C, 0xF9, 0x12, 0x5B, 0x3C,
+    0x08, 0x7A, 0xF7, 0xFC, 0x67, 0x86, 0x69, 0xE7, 0x0A, 0x94, 0x40, 0xBF,
+    0x8B, 0x76, 0xFE, 0x26, 0xD1, 0xF2, 0xA1, 0x1A, 0x84, 0xA1, 0x43, 0x56,
+    0x28, 0xBC, 0x9A, 0x5F, 0xD7, 0x3B, 0x69, 0x89, 0x8A, 0x36, 0x2C, 0x51,
+    0xDF, 0x12, 0x77, 0x2F, 0x57, 0x7B, 0xA0, 0xAA, 0xDD, 0x7F, 0xA1, 0x62,
+    0x3B, 0x40, 0x7B, 0x68, 0x1A, 0x8F, 0x0D, 0x38, 0xBB, 0x21, 0x5D, 0x18,
+    0xFC, 0x0F, 0x46, 0xF7, 0xA3, 0xB0, 0x1D, 0x23, 0xC3, 0xD2, 0xC7, 0x72,
+    0x51, 0x18, 0xDF, 0x46, 0x95, 0x79, 0xD9, 0xBD, 0xB5, 0x19, 0x02, 0x2C,
+    0x87, 0xDC, 0xE7, 0x57, 0x82, 0x7E, 0xF1, 0x8B, 0x06, 0x3D, 0x00, 0xA5,
+    0x7B, 0x6B, 0x26, 0x27, 0x91, 0x0F, 0x6A, 0x77, 0xE4, 0xD5, 0x04, 0xE4,
+    0x12, 0x2C, 0x42, 0xFF, 0xD2, 0x88, 0xBB, 0xD3, 0x92, 0xA0, 0xF9, 0xC8,
+    0x51, 0x64, 0x14, 0x5C, 0xD8, 0xF9, 0x6C, 0x47, 0x82, 0xB4, 0x1C, 0x7F,
+    0x09, 0xB8, 0xF0, 0x25, 0x83, 0x1D, 0x3F, 0x3F, 0x05, 0xB3, 0x21, 0x0A,
+    0x5D, 0xA7, 0xD8, 0x54, 0xC3, 0x65, 0x7D, 0xC3, 0xB0, 0x1D, 0xBF, 0xAE,
+    0xF8, 0x68, 0xCF, 0x9B,
+};
+
+static unsigned char dsa2048_q[] = {
+    0x97, 0xE7, 0x33, 0x4D, 0xD3, 0x94, 0x3E, 0x0B, 0xDB, 0x62, 0x74, 0xC6,
+    0xA1, 0x08, 0xDD, 0x19, 0xA3, 0x75, 0x17, 0x1B,
+};
+
+static unsigned char dsa2048_g[] = {
+    0x2C, 0x78, 0x16, 0x59, 0x34, 0x63, 0xF4, 0xF3, 0x92, 0xFC, 0xB5, 0xA5,
+    0x4F, 0x13, 0xDE, 0x2F, 0x1C, 0xA4, 0x3C, 0xAE, 0xAD, 0x38, 0x3F, 0x7E,
+    0x90, 0xBF, 0x96, 0xA6, 0xAE, 0x25, 0x90, 0x72, 0xF5, 0x8E, 0x80, 0x0C,
+    0x39, 0x1C, 0xD9, 0xEC, 0xBA, 0x90, 0x5B, 0x3A, 0xE8, 0x58, 0x6C, 0x9E,
+    0x30, 0x42, 0x37, 0x02, 0x31, 0x82, 0xBC, 0x6A, 0xDF, 0x6A, 0x09, 0x29,
+    0xE3, 0xC0, 0x46, 0xD1, 0xCB, 0x85, 0xEC, 0x0C, 0x30, 0x5E, 0xEA, 0xC8,
+    0x39, 0x8E, 0x22, 0x9F, 0x22, 0x10, 0xD2, 0x34, 0x61, 0x68, 0x37, 0x3D,
+    0x2E, 0x4A, 0x5B, 0x9A, 0xF5, 0xC1, 0x48, 0xC6, 0xF6, 0xDC, 0x63, 0x1A,
+    0xD3, 0x96, 0x64, 0xBA, 0x34, 0xC9, 0xD1, 0xA0, 0xD1, 0xAE, 0x6C, 0x2F,
+    0x48, 0x17, 0x93, 0x14, 0x43, 0xED, 0xF0, 0x21, 0x30, 0x19, 0xC3, 0x1B,
+    0x5F, 0xDE, 0xA3, 0xF0, 0x70, 0x78, 0x18, 0xE1, 0xA8, 0xE4, 0xEE, 0x2E,
+    0x00, 0xA5, 0xE4, 0xB3, 0x17, 0xC8, 0x0C, 0x7D, 0x6E, 0x42, 0xDC, 0xB7,
+    0x46, 0x00, 0x36, 0x4D, 0xD4, 0x46, 0xAA, 0x3D, 0x3C, 0x46, 0x89, 0x40,
+    0xBF, 0x1D, 0x84, 0x77, 0x0A, 0x75, 0xF3, 0x87, 0x1D, 0x08, 0x4C, 0xA6,
+    0xD1, 0xA9, 0x1C, 0x1E, 0x12, 0x1E, 0xE1, 0xC7, 0x30, 0x28, 0x76, 0xA5,
+    0x7F, 0x6C, 0x85, 0x96, 0x2B, 0x6F, 0xDB, 0x80, 0x66, 0x26, 0xAE, 0xF5,
+    0x93, 0xC7, 0x8E, 0xAE, 0x9A, 0xED, 0xE4, 0xCA, 0x04, 0xEA, 0x3B, 0x72,
+    0xEF, 0xDC, 0x87, 0xED, 0x0D, 0xA5, 0x4C, 0x4A, 0xDD, 0x71, 0x22, 0x64,
+    0x59, 0x69, 0x4E, 0x8E, 0xBF, 0x43, 0xDC, 0xAB, 0x8E, 0x66, 0xBB, 0x01,
+    0xB6, 0xF4, 0xE7, 0xFD, 0xD2, 0xAD, 0x9F, 0x36, 0xC1, 0xA0, 0x29, 0x99,
+    0xD1, 0x96, 0x70, 0x59, 0x06, 0x78, 0x35, 0xBD, 0x65, 0x55, 0x52, 0x9E,
+    0xF8, 0xB2, 0xE5, 0x38,
+};
+
+typedef struct testdsa_st {
+    unsigned char *priv;
+    unsigned char *pub;
+    unsigned char *p;
+    unsigned char *g;
+    unsigned char *q;
+    int priv_l;
+    int pub_l;
+    int p_l;
+    int g_l;
+    int q_l;
+} testdsa;
+
+#define set_dsa_ptr(st, bits) \
+    do { \
+        st.priv = dsa##bits##_priv; \
+        st.pub = dsa##bits##_pub; \
+        st.p = dsa##bits##_p; \
+        st.g = dsa##bits##_g; \
+        st.q = dsa##bits##_q; \
+        st.priv_l = sizeof(dsa##bits##_priv); \
+        st.pub_l = sizeof(dsa##bits##_pub); \
+        st.p_l = sizeof(dsa##bits##_p); \
+        st.g_l = sizeof(dsa##bits##_g); \
+        st.q_l = sizeof(dsa##bits##_q); \
+    } while (0)
+
+DSA *get_dsa(int dsa_bits)
+{
+    DSA *dsa;
+    BIGNUM *priv_key, *pub_key, *p, *q, *g;
+    testdsa dsa_t;
+
+    switch (dsa_bits) {
+    case 512:
+        set_dsa_ptr(dsa_t, 512);
+        break;
+    case 1024:
+        set_dsa_ptr(dsa_t, 1024);
+        break;
+    case 2048:
+        set_dsa_ptr(dsa_t, 2048);
+        break;
+    default:
+        return NULL;
+    }
+
+    if ((dsa = DSA_new()) == NULL)
+        return NULL;
+    priv_key = BN_bin2bn(dsa_t.priv, dsa_t.priv_l, NULL);
+    pub_key = BN_bin2bn(dsa_t.pub, dsa_t.pub_l, NULL);
+    p = BN_bin2bn(dsa_t.p, dsa_t.p_l, NULL);
+    q = BN_bin2bn(dsa_t.q, dsa_t.q_l, NULL);
+    g = BN_bin2bn(dsa_t.g, dsa_t.g_l, NULL);
+    if ((priv_key == NULL) || (pub_key == NULL) || (p == NULL) || (q == NULL)
+         || (g == NULL)) {
+        goto err;
+    }
+    if (!DSA_set0_pqg(dsa, p, q, g))
+        goto err;
+
+    if (!DSA_set0_key(dsa, pub_key, priv_key))
+        goto err;
+
+    return dsa;
+ err:
+    DSA_free(dsa);
+    BN_free(priv_key);
+    BN_free(pub_key);
+    BN_free(p);
+    BN_free(q);
+    BN_free(g);
+    return NULL;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/testrsa.h b/trunk/3rdparty/openssl-1.1-fit/apps/testrsa.h
new file mode 100644
index 000000000..1350ce54e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/testrsa.h
@@ -0,0 +1,1960 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+static unsigned char test512[] = {
+    0x30, 0x82, 0x01, 0x3a, 0x02, 0x01, 0x00, 0x02, 0x41, 0x00,
+    0xd6, 0x33, 0xb9, 0xc8, 0xfb, 0x4f, 0x3c, 0x7d, 0xc0, 0x01,
+    0x86, 0xd0, 0xe7, 0xa0, 0x55, 0xf2, 0x95, 0x93, 0xcc, 0x4f,
+    0xb7, 0x5b, 0x67, 0x5b, 0x94, 0x68, 0xc9, 0x34, 0x15, 0xde,
+    0xa5, 0x2e, 0x1c, 0x33, 0xc2, 0x6e, 0xfc, 0x34, 0x5e, 0x71,
+    0x13, 0xb7, 0xd6, 0xee, 0xd8, 0xa5, 0x65, 0x05, 0x72, 0x87,
+    0xa8, 0xb0, 0x77, 0xfe, 0x57, 0xf5, 0xfc, 0x5f, 0x55, 0x83,
+    0x87, 0xdd, 0x57, 0x49, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02,
+    0x41, 0x00, 0xa7, 0xf7, 0x91, 0xc5, 0x0f, 0x84, 0x57, 0xdc,
+    0x07, 0xf7, 0x6a, 0x7f, 0x60, 0x52, 0xb3, 0x72, 0xf1, 0x66,
+    0x1f, 0x7d, 0x97, 0x3b, 0x9e, 0xb6, 0x0a, 0x8f, 0x8c, 0xcf,
+    0x42, 0x23, 0x00, 0x04, 0xd4, 0x28, 0x0e, 0x1c, 0x90, 0xc4,
+    0x11, 0x25, 0x25, 0xa5, 0x93, 0xa5, 0x2f, 0x70, 0x02, 0xdf,
+    0x81, 0x9c, 0x49, 0x03, 0xa0, 0xf8, 0x6d, 0x54, 0x2e, 0x26,
+    0xde, 0xaa, 0x85, 0x59, 0xa8, 0x31, 0x02, 0x21, 0x00, 0xeb,
+    0x47, 0xd7, 0x3b, 0xf6, 0xc3, 0xdd, 0x5a, 0x46, 0xc5, 0xb9,
+    0x2b, 0x9a, 0xa0, 0x09, 0x8f, 0xa6, 0xfb, 0xf3, 0x78, 0x7a,
+    0x33, 0x70, 0x9d, 0x0f, 0x42, 0x6b, 0x13, 0x68, 0x24, 0xd3,
+    0x15, 0x02, 0x21, 0x00, 0xe9, 0x10, 0xb0, 0xb3, 0x0d, 0xe2,
+    0x82, 0x68, 0x77, 0x8a, 0x6e, 0x7c, 0xda, 0xbc, 0x3e, 0x53,
+    0x83, 0xfb, 0xd6, 0x22, 0xe7, 0xb5, 0xae, 0x6e, 0x80, 0xda,
+    0x00, 0x55, 0x97, 0xc1, 0xd0, 0x65, 0x02, 0x20, 0x4c, 0xf8,
+    0x73, 0xb1, 0x6a, 0x49, 0x29, 0x61, 0x1f, 0x46, 0x10, 0x0d,
+    0xf3, 0xc7, 0xe7, 0x58, 0xd7, 0x88, 0x15, 0x5e, 0x94, 0x9b,
+    0xbf, 0x7b, 0xa2, 0x42, 0x58, 0x45, 0x41, 0x0c, 0xcb, 0x01,
+    0x02, 0x20, 0x12, 0x11, 0xba, 0x31, 0x57, 0x9d, 0x3d, 0x11,
+    0x0e, 0x5b, 0x8c, 0x2f, 0x5f, 0xe2, 0x02, 0x4f, 0x05, 0x47,
+    0x8c, 0x15, 0x8e, 0xb3, 0x56, 0x3f, 0xb8, 0xfb, 0xad, 0xd4,
+    0xf4, 0xfc, 0x10, 0xc5, 0x02, 0x20, 0x18, 0xa1, 0x29, 0x99,
+    0x5b, 0xd9, 0xc8, 0xd4, 0xfc, 0x49, 0x7a, 0x2a, 0x21, 0x2c,
+    0x49, 0xe4, 0x4f, 0xeb, 0xef, 0x51, 0xf1, 0xab, 0x6d, 0xfb,
+    0x4b, 0x14, 0xe9, 0x4b, 0x52, 0xb5, 0x82, 0x2c,
+};
+
+static unsigned char test1024[] = {
+    0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
+    0x00, 0xdc, 0x98, 0x43, 0xe8, 0x3d, 0x43, 0x5b, 0xe4, 0x05,
+    0xcd, 0xd0, 0xa9, 0x3e, 0xcb, 0x83, 0x75, 0xf6, 0xb5, 0xa5,
+    0x9f, 0x6b, 0xe9, 0x34, 0x41, 0x29, 0x18, 0xfa, 0x6a, 0x55,
+    0x4d, 0x70, 0xfc, 0xec, 0xae, 0x87, 0x38, 0x0a, 0x20, 0xa9,
+    0xc0, 0x45, 0x77, 0x6e, 0x57, 0x60, 0x57, 0xf4, 0xed, 0x96,
+    0x22, 0xcb, 0x8f, 0xe1, 0x33, 0x3a, 0x17, 0x1f, 0xed, 0x37,
+    0xa5, 0x6f, 0xeb, 0xa6, 0xbc, 0x12, 0x80, 0x1d, 0x53, 0xbd,
+    0x70, 0xeb, 0x21, 0x76, 0x3e, 0xc9, 0x2f, 0x1a, 0x45, 0x24,
+    0x82, 0xff, 0xcd, 0x59, 0x32, 0x06, 0x2e, 0x12, 0x3b, 0x23,
+    0x78, 0xed, 0x12, 0x3d, 0xe0, 0x8d, 0xf9, 0x67, 0x4f, 0x37,
+    0x4e, 0x47, 0x02, 0x4c, 0x2d, 0xc0, 0x4f, 0x1f, 0xb3, 0x94,
+    0xe1, 0x41, 0x2e, 0x2d, 0x90, 0x10, 0xfc, 0x82, 0x91, 0x8b,
+    0x0f, 0x22, 0xd4, 0xf2, 0xfc, 0x2c, 0xab, 0x53, 0x55, 0x02,
+    0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x2b, 0xcc, 0x3f,
+    0x8f, 0x58, 0xba, 0x8b, 0x00, 0x16, 0xf6, 0xea, 0x3a, 0xf0,
+    0x30, 0xd0, 0x05, 0x17, 0xda, 0xb0, 0xeb, 0x9a, 0x2d, 0x4f,
+    0x26, 0xb0, 0xd6, 0x38, 0xc1, 0xeb, 0xf5, 0xd8, 0x3d, 0x1f,
+    0x70, 0xf7, 0x7f, 0xf4, 0xe2, 0xcf, 0x51, 0x51, 0x79, 0x88,
+    0xfa, 0xe8, 0x32, 0x0e, 0x7b, 0x2d, 0x97, 0xf2, 0xfa, 0xba,
+    0x27, 0xc5, 0x9c, 0xd9, 0xc5, 0xeb, 0x8a, 0x79, 0x52, 0x3c,
+    0x64, 0x34, 0x7d, 0xc2, 0xcf, 0x28, 0xc7, 0x4e, 0xd5, 0x43,
+    0x0b, 0xd1, 0xa6, 0xca, 0x6d, 0x03, 0x2d, 0x72, 0x23, 0xbc,
+    0x6d, 0x05, 0xfa, 0x16, 0x09, 0x2f, 0x2e, 0x5c, 0xb6, 0xee,
+    0x74, 0xdd, 0xd2, 0x48, 0x8e, 0x36, 0x0c, 0x06, 0x3d, 0x4d,
+    0xe5, 0x10, 0x82, 0xeb, 0x6a, 0xf3, 0x4b, 0x9f, 0xd6, 0xed,
+    0x11, 0xb1, 0x6e, 0xec, 0xf4, 0xfe, 0x8e, 0x75, 0x94, 0x20,
+    0x2f, 0xcb, 0xac, 0x46, 0xf1, 0x02, 0x41, 0x00, 0xf9, 0x8c,
+    0xa3, 0x85, 0xb1, 0xdd, 0x29, 0xaf, 0x65, 0xc1, 0x33, 0xf3,
+    0x95, 0xc5, 0x52, 0x68, 0x0b, 0xd4, 0xf1, 0xe5, 0x0e, 0x02,
+    0x9f, 0x4f, 0xfa, 0x77, 0xdc, 0x46, 0x9e, 0xc7, 0xa6, 0xe4,
+    0x16, 0x29, 0xda, 0xb0, 0x07, 0xcf, 0x5b, 0xa9, 0x12, 0x8a,
+    0xdd, 0x63, 0x0a, 0xde, 0x2e, 0x8c, 0x66, 0x8b, 0x8c, 0xdc,
+    0x19, 0xa3, 0x7e, 0xf4, 0x3b, 0xd0, 0x1a, 0x8c, 0xa4, 0xc2,
+    0xe1, 0xd3, 0x02, 0x41, 0x00, 0xe2, 0x4c, 0x05, 0xf2, 0x04,
+    0x86, 0x4e, 0x61, 0x43, 0xdb, 0xb0, 0xb9, 0x96, 0x86, 0x52,
+    0x2c, 0xca, 0x8d, 0x7b, 0xab, 0x0b, 0x13, 0x0d, 0x7e, 0x38,
+    0x5b, 0xe2, 0x2e, 0x7b, 0x0e, 0xe7, 0x19, 0x99, 0x38, 0xe7,
+    0xf2, 0x21, 0xbd, 0x85, 0x85, 0xe3, 0xfd, 0x28, 0x77, 0x20,
+    0x31, 0x71, 0x2c, 0xd0, 0xff, 0xfb, 0x2e, 0xaf, 0x85, 0xb4,
+    0x86, 0xca, 0xf3, 0xbb, 0xca, 0xaa, 0x0f, 0x95, 0x37, 0x02,
+    0x40, 0x0e, 0x41, 0x9a, 0x95, 0xe8, 0xb3, 0x59, 0xce, 0x4b,
+    0x61, 0xde, 0x35, 0xec, 0x38, 0x79, 0x9c, 0xb8, 0x10, 0x52,
+    0x41, 0x63, 0xab, 0x82, 0xae, 0x6f, 0x00, 0xa9, 0xf4, 0xde,
+    0xdd, 0x49, 0x0b, 0x7e, 0xb8, 0xa5, 0x65, 0xa9, 0x0c, 0x8f,
+    0x8f, 0xf9, 0x1f, 0x35, 0xc6, 0x92, 0xb8, 0x5e, 0xb0, 0x66,
+    0xab, 0x52, 0x40, 0xc0, 0xb6, 0x36, 0x6a, 0x7d, 0x80, 0x46,
+    0x04, 0x02, 0xe5, 0x9f, 0x41, 0x02, 0x41, 0x00, 0xc0, 0xad,
+    0xcc, 0x4e, 0x21, 0xee, 0x1d, 0x24, 0x91, 0xfb, 0xa7, 0x80,
+    0x8d, 0x9a, 0xb6, 0xb3, 0x2e, 0x8f, 0xc2, 0xe1, 0x82, 0xdf,
+    0x69, 0x18, 0xb4, 0x71, 0xff, 0xa6, 0x65, 0xde, 0xed, 0x84,
+    0x8d, 0x42, 0xb7, 0xb3, 0x21, 0x69, 0x56, 0x1c, 0x07, 0x60,
+    0x51, 0x29, 0x04, 0xff, 0x34, 0x06, 0xdd, 0xb9, 0x67, 0x2c,
+    0x7c, 0x04, 0x93, 0x0e, 0x46, 0x15, 0xbb, 0x2a, 0xb7, 0x1b,
+    0xe7, 0x87, 0x02, 0x40, 0x78, 0xda, 0x5d, 0x07, 0x51, 0x0c,
+    0x16, 0x7a, 0x9f, 0x29, 0x20, 0x84, 0x0d, 0x42, 0xfa, 0xd7,
+    0x00, 0xd8, 0x77, 0x7e, 0xb0, 0xb0, 0x6b, 0xd6, 0x5b, 0x53,
+    0xb8, 0x9b, 0x7a, 0xcd, 0xc7, 0x2b, 0xb8, 0x6a, 0x63, 0xa9,
+    0xfb, 0x6f, 0xa4, 0x72, 0xbf, 0x4c, 0x5d, 0x00, 0x14, 0xba,
+    0xfa, 0x59, 0x88, 0xed, 0xe4, 0xe0, 0x8c, 0xa2, 0xec, 0x14,
+    0x7e, 0x2d, 0xe2, 0xf0, 0x46, 0x49, 0x95, 0x45,
+};
+
+static unsigned char test2048[] = {
+    0x30, 0x82, 0x04, 0xa3, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01,
+    0x01, 0x00, 0xc0, 0xc0, 0xce, 0x3e, 0x3c, 0x53, 0x67, 0x3f,
+    0x4f, 0xc5, 0x2f, 0xa4, 0xc2, 0x5a, 0x2f, 0x58, 0xfd, 0x27,
+    0x52, 0x6a, 0xe8, 0xcf, 0x4a, 0x73, 0x47, 0x8d, 0x25, 0x0f,
+    0x5f, 0x03, 0x26, 0x78, 0xef, 0xf0, 0x22, 0x12, 0xd3, 0xde,
+    0x47, 0xb2, 0x1c, 0x0b, 0x38, 0x63, 0x1a, 0x6c, 0x85, 0x7a,
+    0x80, 0xc6, 0x8f, 0xa0, 0x41, 0xaf, 0x62, 0xc4, 0x67, 0x32,
+    0x88, 0xf8, 0xa6, 0x9c, 0xf5, 0x23, 0x1d, 0xe4, 0xac, 0x3f,
+    0x29, 0xf9, 0xec, 0xe1, 0x8b, 0x26, 0x03, 0x2c, 0xb2, 0xab,
+    0xf3, 0x7d, 0xb5, 0xca, 0x49, 0xc0, 0x8f, 0x1c, 0xdf, 0x33,
+    0x3a, 0x60, 0xda, 0x3c, 0xb0, 0x16, 0xf8, 0xa9, 0x12, 0x8f,
+    0x64, 0xac, 0x23, 0x0c, 0x69, 0x64, 0x97, 0x5d, 0x99, 0xd4,
+    0x09, 0x83, 0x9b, 0x61, 0xd3, 0xac, 0xf0, 0xde, 0xdd, 0x5e,
+    0x9f, 0x44, 0x94, 0xdb, 0x3a, 0x4d, 0x97, 0xe8, 0x52, 0x29,
+    0xf7, 0xdb, 0x94, 0x07, 0x45, 0x90, 0x78, 0x1e, 0x31, 0x0b,
+    0x80, 0xf7, 0x57, 0xad, 0x1c, 0x79, 0xc5, 0xcb, 0x32, 0xb0,
+    0xce, 0xcd, 0x74, 0xb3, 0xe2, 0x94, 0xc5, 0x78, 0x2f, 0x34,
+    0x1a, 0x45, 0xf7, 0x8c, 0x52, 0xa5, 0xbc, 0x8d, 0xec, 0xd1,
+    0x2f, 0x31, 0x3b, 0xf0, 0x49, 0x59, 0x5e, 0x88, 0x9d, 0x15,
+    0x92, 0x35, 0x32, 0xc1, 0xe7, 0x61, 0xec, 0x50, 0x48, 0x7c,
+    0xba, 0x05, 0xf9, 0xf8, 0xf8, 0xa7, 0x8c, 0x83, 0xe8, 0x66,
+    0x5b, 0xeb, 0xfe, 0xd8, 0x4f, 0xdd, 0x6d, 0x36, 0xc0, 0xb2,
+    0x90, 0x0f, 0xb8, 0x52, 0xf9, 0x04, 0x9b, 0x40, 0x2c, 0x27,
+    0xd6, 0x36, 0x8e, 0xc2, 0x1b, 0x44, 0xf3, 0x92, 0xd5, 0x15,
+    0x9e, 0x9a, 0xbc, 0xf3, 0x7d, 0x03, 0xd7, 0x02, 0x14, 0x20,
+    0xe9, 0x10, 0x92, 0xfd, 0xf9, 0xfc, 0x8f, 0xe5, 0x18, 0xe1,
+    0x95, 0xcc, 0x9e, 0x60, 0xa6, 0xfa, 0x38, 0x4d, 0x02, 0x03,
+    0x01, 0x00, 0x01, 0x02, 0x82, 0x01, 0x00, 0x00, 0xc3, 0xc3,
+    0x0d, 0xb4, 0x27, 0x90, 0x8d, 0x4b, 0xbf, 0xb8, 0x84, 0xaa,
+    0xd0, 0xb8, 0xc7, 0x5d, 0x99, 0xbe, 0x55, 0xf6, 0x3e, 0x7c,
+    0x49, 0x20, 0xcb, 0x8a, 0x8e, 0x19, 0x0e, 0x66, 0x24, 0xac,
+    0xaf, 0x03, 0x33, 0x97, 0xeb, 0x95, 0xd5, 0x3b, 0x0f, 0x40,
+    0x56, 0x04, 0x50, 0xd1, 0xe6, 0xbe, 0x84, 0x0b, 0x25, 0xd3,
+    0x9c, 0xe2, 0x83, 0x6c, 0xf5, 0x62, 0x5d, 0xba, 0x2b, 0x7d,
+    0x3d, 0x7a, 0x6c, 0xe1, 0xd2, 0x0e, 0x54, 0x93, 0x80, 0x01,
+    0x91, 0x51, 0x09, 0xe8, 0x5b, 0x8e, 0x47, 0xbd, 0x64, 0xe4,
+    0x0e, 0x03, 0x83, 0x55, 0xcf, 0x5a, 0x37, 0xf0, 0x25, 0xb5,
+    0x7d, 0x21, 0xd7, 0x69, 0xdf, 0x6f, 0xc2, 0xcf, 0x10, 0xc9,
+    0x8a, 0x40, 0x9f, 0x7a, 0x70, 0xc0, 0xe8, 0xe8, 0xc0, 0xe6,
+    0x9a, 0x15, 0x0a, 0x8d, 0x4e, 0x46, 0xcb, 0x7a, 0xdb, 0xb3,
+    0xcb, 0x83, 0x02, 0xc4, 0xf0, 0xab, 0xeb, 0x02, 0x01, 0x0e,
+    0x23, 0xfc, 0x1d, 0xc4, 0xbd, 0xd4, 0xaa, 0x5d, 0x31, 0x46,
+    0x99, 0xce, 0x9e, 0xf8, 0x04, 0x75, 0x10, 0x67, 0xc4, 0x53,
+    0x47, 0x44, 0xfa, 0xc2, 0x25, 0x73, 0x7e, 0xd0, 0x8e, 0x59,
+    0xd1, 0xb2, 0x5a, 0xf4, 0xc7, 0x18, 0x92, 0x2f, 0x39, 0xab,
+    0xcd, 0xa3, 0xb5, 0xc2, 0xb9, 0xc7, 0xb9, 0x1b, 0x9f, 0x48,
+    0xfa, 0x13, 0xc6, 0x98, 0x4d, 0xca, 0x84, 0x9c, 0x06, 0xca,
+    0xe7, 0x89, 0x01, 0x04, 0xc4, 0x6c, 0xfd, 0x29, 0x59, 0x35,
+    0xe7, 0xf3, 0xdd, 0xce, 0x64, 0x59, 0xbf, 0x21, 0x13, 0xa9,
+    0x9f, 0x0e, 0xc5, 0xff, 0xbd, 0x33, 0x00, 0xec, 0xac, 0x6b,
+    0x11, 0xef, 0x51, 0x5e, 0xad, 0x07, 0x15, 0xde, 0xb8, 0x5f,
+    0xc6, 0xb9, 0xa3, 0x22, 0x65, 0x46, 0x83, 0x14, 0xdf, 0xd0,
+    0xf1, 0x44, 0x8a, 0xe1, 0x9c, 0x23, 0x33, 0xb4, 0x97, 0x33,
+    0xe6, 0x6b, 0x81, 0x02, 0x81, 0x81, 0x00, 0xec, 0x12, 0xa7,
+    0x59, 0x74, 0x6a, 0xde, 0x3e, 0xad, 0xd8, 0x36, 0x80, 0x50,
+    0xa2, 0xd5, 0x21, 0x81, 0x07, 0xf1, 0xd0, 0x91, 0xf2, 0x6c,
+    0x12, 0x2f, 0x9d, 0x1a, 0x26, 0xf8, 0x30, 0x65, 0xdf, 0xe8,
+    0xc0, 0x9b, 0x6a, 0x30, 0x98, 0x82, 0x87, 0xec, 0xa2, 0x56,
+    0x87, 0x62, 0x6f, 0xe7, 0x9f, 0xf6, 0x56, 0xe6, 0x71, 0x8f,
+    0x49, 0x86, 0x93, 0x5a, 0x4d, 0x34, 0x58, 0xfe, 0xd9, 0x04,
+    0x13, 0xaf, 0x79, 0xb7, 0xad, 0x11, 0xd1, 0x30, 0x9a, 0x14,
+    0x06, 0xa0, 0xfa, 0xb7, 0x55, 0xdc, 0x6c, 0x5a, 0x4c, 0x2c,
+    0x59, 0x56, 0xf6, 0xe8, 0x9d, 0xaf, 0x0a, 0x78, 0x99, 0x06,
+    0x06, 0x9e, 0xe7, 0x9c, 0x51, 0x55, 0x43, 0xfc, 0x3b, 0x6c,
+    0x0b, 0xbf, 0x2d, 0x41, 0xa7, 0xaf, 0xb7, 0xe0, 0xe8, 0x28,
+    0x18, 0xb4, 0x13, 0xd1, 0xe6, 0x97, 0xd0, 0x9f, 0x6a, 0x80,
+    0xca, 0xdd, 0x1a, 0x7e, 0x15, 0x02, 0x81, 0x81, 0x00, 0xd1,
+    0x06, 0x0c, 0x1f, 0xe3, 0xd0, 0xab, 0xd6, 0xca, 0x7c, 0xbc,
+    0x7d, 0x13, 0x35, 0xce, 0x27, 0xcd, 0xd8, 0x49, 0x51, 0x63,
+    0x64, 0x0f, 0xca, 0x06, 0x12, 0xfc, 0x07, 0x3e, 0xaf, 0x61,
+    0x6d, 0xe2, 0x53, 0x39, 0x27, 0xae, 0xc3, 0x11, 0x9e, 0x94,
+    0x01, 0x4f, 0xe3, 0xf3, 0x67, 0xf9, 0x77, 0xf9, 0xe7, 0x95,
+    0x3a, 0x6f, 0xe2, 0x20, 0x73, 0x3e, 0xa4, 0x7a, 0x28, 0xd4,
+    0x61, 0x97, 0xf6, 0x17, 0xa0, 0x23, 0x10, 0x2b, 0xce, 0x84,
+    0x57, 0x7e, 0x25, 0x1f, 0xf4, 0xa8, 0x54, 0xd2, 0x65, 0x94,
+    0xcc, 0x95, 0x0a, 0xab, 0x30, 0xc1, 0x59, 0x1f, 0x61, 0x8e,
+    0xb9, 0x6b, 0xd7, 0x4e, 0xb9, 0x83, 0x43, 0x79, 0x85, 0x11,
+    0xbc, 0x0f, 0xae, 0x25, 0x20, 0x05, 0xbc, 0xd2, 0x48, 0xa1,
+    0x68, 0x09, 0x84, 0xf6, 0x12, 0x9a, 0x66, 0xb9, 0x2b, 0xbb,
+    0x76, 0x03, 0x17, 0x46, 0x4e, 0x97, 0x59, 0x02, 0x81, 0x80,
+    0x09, 0x4c, 0xfa, 0xd6, 0xe5, 0x65, 0x48, 0x78, 0x43, 0xb5,
+    0x1f, 0x00, 0x93, 0x2c, 0xb7, 0x24, 0xe8, 0xc6, 0x7d, 0x5a,
+    0x70, 0x45, 0x92, 0xc8, 0x6c, 0xa3, 0xcd, 0xe1, 0xf7, 0x29,
+    0x40, 0xfa, 0x3f, 0x5b, 0x47, 0x44, 0x39, 0xc1, 0xe8, 0x72,
+    0x9e, 0x7a, 0x0e, 0xda, 0xaa, 0xa0, 0x2a, 0x09, 0xfd, 0x54,
+    0x93, 0x23, 0xaa, 0x37, 0x85, 0x5b, 0xcc, 0xd4, 0xf9, 0xd8,
+    0xff, 0xc1, 0x61, 0x0d, 0xbd, 0x7e, 0x18, 0x24, 0x73, 0x6d,
+    0x40, 0x72, 0xf1, 0x93, 0x09, 0x48, 0x97, 0x6c, 0x84, 0x90,
+    0xa8, 0x46, 0x14, 0x01, 0x39, 0x11, 0xe5, 0x3c, 0x41, 0x27,
+    0x32, 0x75, 0x24, 0xed, 0xa1, 0xd9, 0x12, 0x29, 0x8a, 0x28,
+    0x71, 0x89, 0x8d, 0xca, 0x30, 0xb0, 0x01, 0xc4, 0x2f, 0x82,
+    0x19, 0x14, 0x4c, 0x70, 0x1c, 0xb8, 0x23, 0x2e, 0xe8, 0x90,
+    0x49, 0x97, 0x92, 0x97, 0x6b, 0x7a, 0x9d, 0xb9, 0x02, 0x81,
+    0x80, 0x0f, 0x0e, 0xa1, 0x76, 0xf6, 0xa1, 0x44, 0x8f, 0xaf,
+    0x7c, 0x76, 0xd3, 0x87, 0xbb, 0xbb, 0x83, 0x10, 0x88, 0x01,
+    0x18, 0x14, 0xd1, 0xd3, 0x75, 0x59, 0x24, 0xaa, 0xf5, 0x16,
+    0xa5, 0xe9, 0x9d, 0xd1, 0xcc, 0xee, 0xf4, 0x15, 0xd9, 0xc5,
+    0x7e, 0x27, 0xe9, 0x44, 0x49, 0x06, 0x72, 0xb9, 0xfc, 0xd3,
+    0x8a, 0xc4, 0x2c, 0x36, 0x7d, 0x12, 0x9b, 0x5a, 0xaa, 0xdc,
+    0x85, 0xee, 0x6e, 0xad, 0x54, 0xb3, 0xf4, 0xfc, 0x31, 0xa1,
+    0x06, 0x3a, 0x70, 0x57, 0x0c, 0xf3, 0x95, 0x5b, 0x3e, 0xe8,
+    0xfd, 0x1a, 0x4f, 0xf6, 0x78, 0x93, 0x46, 0x6a, 0xd7, 0x31,
+    0xb4, 0x84, 0x64, 0x85, 0x09, 0x38, 0x89, 0x92, 0x94, 0x1c,
+    0xbf, 0xe2, 0x3c, 0x2a, 0xe0, 0xff, 0x99, 0xa3, 0xf0, 0x2b,
+    0x31, 0xc2, 0x36, 0xcd, 0x60, 0xbf, 0x9d, 0x2d, 0x74, 0x32,
+    0xe8, 0x9c, 0x93, 0x6e, 0xbb, 0x91, 0x7b, 0xfd, 0xd9, 0x02,
+    0x81, 0x81, 0x00, 0xa2, 0x71, 0x25, 0x38, 0xeb, 0x2a, 0xe9,
+    0x37, 0xcd, 0xfe, 0x44, 0xce, 0x90, 0x3f, 0x52, 0x87, 0x84,
+    0x52, 0x1b, 0xae, 0x8d, 0x22, 0x94, 0xce, 0x38, 0xe6, 0x04,
+    0x88, 0x76, 0x85, 0x9a, 0xd3, 0x14, 0x09, 0xe5, 0x69, 0x9a,
+    0xff, 0x58, 0x92, 0x02, 0x6a, 0x7d, 0x7c, 0x1e, 0x2c, 0xfd,
+    0xa8, 0xca, 0x32, 0x14, 0x4f, 0x0d, 0x84, 0x0d, 0x37, 0x43,
+    0xbf, 0xe4, 0x5d, 0x12, 0xc8, 0x24, 0x91, 0x27, 0x8d, 0x46,
+    0xd9, 0x54, 0x53, 0xe7, 0x62, 0x71, 0xa8, 0x2b, 0x71, 0x41,
+    0x8d, 0x75, 0xf8, 0x3a, 0xa0, 0x61, 0x29, 0x46, 0xa6, 0xe5,
+    0x82, 0xfa, 0x3a, 0xd9, 0x08, 0xfa, 0xfc, 0x63, 0xfd, 0x6b,
+    0x30, 0xbc, 0xf4, 0x4e, 0x9e, 0x8c, 0x25, 0x0c, 0xb6, 0x55,
+    0xe7, 0x3c, 0xd4, 0x4e, 0x0b, 0xfd, 0x8b, 0xc3, 0x0e, 0x1d,
+    0x9c, 0x44, 0x57, 0x8f, 0x1f, 0x86, 0xf7, 0xd5, 0x1b, 0xe4,
+    0x95,
+};
+
+static unsigned char test3072[] = {
+    0x30, 0x82, 0x06, 0xe3, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01,
+    0x81, 0x00, 0xbc, 0x3b, 0x23, 0xc0, 0x33, 0xa7, 0x8b, 0xaa,
+    0xca, 0xa3, 0x8c, 0x94, 0xf2, 0x4c, 0x52, 0x08, 0x85, 0x80,
+    0xfc, 0x36, 0x15, 0xfa, 0x03, 0x06, 0xb6, 0xd6, 0x3f, 0x60,
+    0x8a, 0x89, 0x0d, 0xba, 0x1a, 0x51, 0x0b, 0x12, 0xea, 0x71,
+    0x77, 0xf6, 0x3a, 0x30, 0x21, 0x3d, 0x24, 0xf8, 0x2e, 0xd0,
+    0x17, 0x3a, 0x85, 0x94, 0x25, 0x42, 0x89, 0xff, 0x6a, 0x68,
+    0xdf, 0x1f, 0x86, 0xae, 0xa5, 0xbb, 0x9a, 0x79, 0xf6, 0x69,
+    0x94, 0xfe, 0xde, 0xfe, 0xce, 0x1b, 0x2e, 0xae, 0x1d, 0x91,
+    0xcb, 0xb9, 0xf1, 0x2d, 0xd8, 0x00, 0x82, 0x51, 0x8e, 0xf9,
+    0xfd, 0xac, 0xf1, 0x0e, 0x7f, 0xb7, 0x95, 0x85, 0x35, 0xf9,
+    0xcb, 0xbe, 0x5f, 0xd3, 0x58, 0xe3, 0xa1, 0x54, 0x9e, 0x30,
+    0xb1, 0x8d, 0x01, 0x97, 0x82, 0x06, 0x8e, 0x77, 0xfb, 0xce,
+    0x50, 0x2f, 0xbf, 0xf1, 0xff, 0x57, 0x0a, 0x42, 0x03, 0xfd,
+    0x0e, 0xba, 0x1e, 0xca, 0x85, 0xc1, 0x9b, 0xa5, 0x9d, 0x09,
+    0x0e, 0xe9, 0xbb, 0xc5, 0x73, 0x47, 0x0d, 0x39, 0x3c, 0x64,
+    0x06, 0x9a, 0x79, 0x3f, 0x50, 0x87, 0x9c, 0x18, 0x2d, 0x62,
+    0x01, 0xfc, 0xed, 0xc1, 0x58, 0x28, 0x21, 0x94, 0x1e, 0xf9,
+    0x2d, 0x96, 0x4f, 0xd0, 0xbc, 0xf1, 0xe0, 0x8a, 0xfa, 0x4d,
+    0xb6, 0x78, 0x4a, 0xde, 0x17, 0x59, 0xb0, 0x22, 0xa0, 0x9a,
+    0xd3, 0x70, 0xb6, 0xc2, 0xbe, 0xbc, 0x96, 0xca, 0x41, 0x5f,
+    0x58, 0x4e, 0xce, 0xef, 0x64, 0x45, 0xdd, 0x3f, 0x81, 0x92,
+    0xcc, 0x40, 0x79, 0xfc, 0x19, 0xe2, 0xbc, 0x77, 0x2f, 0x43,
+    0xfb, 0x8e, 0xad, 0x82, 0x4a, 0x0b, 0xb1, 0xbc, 0x09, 0x8a,
+    0x80, 0xc3, 0x0f, 0xef, 0xd2, 0x06, 0xd3, 0x4b, 0x0c, 0x7f,
+    0xae, 0x60, 0x3f, 0x2e, 0x52, 0xb4, 0xe4, 0xc2, 0x5c, 0xa6,
+    0x71, 0xc0, 0x13, 0x9c, 0xca, 0xa6, 0x0d, 0x13, 0xd7, 0xb7,
+    0x14, 0x94, 0x3f, 0x0d, 0x8b, 0x06, 0x70, 0x2f, 0x15, 0x82,
+    0x8d, 0x47, 0x45, 0xa6, 0x00, 0x8a, 0x14, 0x91, 0xde, 0x2f,
+    0x50, 0x17, 0xe3, 0x1d, 0x34, 0x29, 0x8c, 0xe4, 0x57, 0x74,
+    0x2a, 0x3a, 0x82, 0x65, 0x26, 0xf7, 0x8d, 0xcc, 0x1b, 0x8f,
+    0xaf, 0xe5, 0x85, 0xe5, 0xbe, 0x85, 0xd6, 0xb7, 0x04, 0xe8,
+    0xf5, 0xd4, 0x74, 0xe2, 0x54, 0x14, 0xdd, 0x58, 0xcf, 0x1f,
+    0x11, 0x8a, 0x9f, 0x82, 0xa2, 0x01, 0xf9, 0xc2, 0xdf, 0x7b,
+    0x84, 0xb1, 0xd8, 0x5b, 0x70, 0xbb, 0x24, 0xe7, 0xd0, 0x2a,
+    0x75, 0x3d, 0x55, 0xac, 0x45, 0xe9, 0xab, 0xc6, 0x84, 0x8a,
+    0xe7, 0x6d, 0x26, 0x12, 0x89, 0xb5, 0x67, 0xe8, 0x46, 0x9d,
+    0x46, 0x1a, 0xfa, 0x2d, 0xc0, 0x5b, 0x60, 0x46, 0x8b, 0xb7,
+    0x32, 0x03, 0xff, 0x75, 0xee, 0x9f, 0x3c, 0xdd, 0xb6, 0x35,
+    0x4e, 0x82, 0xbd, 0x99, 0x73, 0x51, 0x02, 0x03, 0x01, 0x00,
+    0x01, 0x02, 0x82, 0x01, 0x80, 0x42, 0xee, 0xa4, 0x9f, 0xcb,
+    0xbe, 0x60, 0x23, 0xb3, 0x3a, 0xc4, 0xda, 0x91, 0xee, 0x21,
+    0x9d, 0x76, 0x1b, 0x8f, 0x93, 0x8b, 0xed, 0x02, 0xf6, 0x78,
+    0x3d, 0x66, 0xfb, 0xe5, 0x47, 0x26, 0xe2, 0x6e, 0x49, 0x33,
+    0x2e, 0xde, 0xbe, 0xca, 0x71, 0x7b, 0xef, 0x71, 0x62, 0x54,
+    0xab, 0x0b, 0xba, 0x63, 0x08, 0x24, 0x47, 0xb1, 0x98, 0x1f,
+    0x89, 0xfb, 0x44, 0x9f, 0x52, 0x8e, 0x89, 0xbb, 0xd5, 0x21,
+    0xf1, 0x0c, 0x76, 0x2e, 0xcd, 0x12, 0x6e, 0x78, 0xcb, 0xa1,
+    0xa5, 0xb8, 0x4e, 0x07, 0xab, 0x6e, 0xdf, 0x66, 0x57, 0x87,
+    0xff, 0x88, 0x5f, 0xcc, 0x9c, 0x9a, 0x7b, 0x15, 0x5f, 0x2a,
+    0x83, 0xdb, 0xd5, 0x9f, 0x65, 0x6a, 0x9d, 0xb4, 0x95, 0xfc,
+    0xe0, 0x22, 0x00, 0x1e, 0xa2, 0x8d, 0x56, 0x5a, 0x9e, 0x0a,
+    0x3b, 0x10, 0x07, 0x24, 0xec, 0x55, 0xcc, 0xaf, 0x87, 0x3b,
+    0xd6, 0x8d, 0xa4, 0x86, 0x80, 0x18, 0x42, 0xdb, 0x9d, 0x24,
+    0xc3, 0x97, 0x3b, 0x89, 0x5a, 0x03, 0xb3, 0x0a, 0x72, 0xd1,
+    0x78, 0xf0, 0xc8, 0x80, 0xb0, 0x9d, 0x3c, 0xae, 0x5e, 0x0a,
+    0x5b, 0x6e, 0x87, 0xd3, 0x3d, 0x25, 0x2e, 0x03, 0x33, 0x01,
+    0xfd, 0xb1, 0xa5, 0xd9, 0x58, 0x01, 0xb9, 0xaf, 0xf6, 0x32,
+    0x6a, 0x38, 0xe7, 0x39, 0x63, 0x3c, 0xfc, 0x0c, 0x41, 0x90,
+    0x28, 0x40, 0x03, 0xcd, 0xfb, 0xde, 0x80, 0x74, 0x21, 0xaa,
+    0xae, 0x58, 0xe9, 0x97, 0x18, 0x85, 0x58, 0x3d, 0x2b, 0xd6,
+    0x61, 0xf6, 0xe8, 0xbc, 0x6d, 0x2a, 0xf3, 0xb8, 0xea, 0x8c,
+    0x64, 0x44, 0xc6, 0xd3, 0x9f, 0x00, 0x7b, 0xb2, 0x52, 0x18,
+    0x11, 0x04, 0x96, 0xb7, 0x05, 0xbb, 0xc2, 0x38, 0x5b, 0xa7,
+    0x0a, 0x84, 0xb6, 0x4f, 0x02, 0x63, 0xa4, 0x57, 0x00, 0xe3,
+    0xde, 0xe4, 0xf2, 0xb3, 0x55, 0xd9, 0x00, 0xa9, 0xd2, 0x5c,
+    0x69, 0x9f, 0xe5, 0x80, 0x4f, 0x23, 0x7c, 0xd9, 0xa7, 0x77,
+    0x4a, 0xbb, 0x09, 0x6d, 0x45, 0x02, 0xcf, 0x32, 0x90, 0xfd,
+    0x10, 0xb6, 0xb3, 0x93, 0xd9, 0x3b, 0x1d, 0x57, 0x66, 0xb5,
+    0xb3, 0xb1, 0x6e, 0x53, 0x5f, 0x04, 0x60, 0x29, 0xcd, 0xe8,
+    0xb8, 0xab, 0x62, 0x82, 0x33, 0x40, 0xc7, 0xf8, 0x64, 0x60,
+    0x0e, 0xab, 0x06, 0x3e, 0xa0, 0xa3, 0x62, 0x11, 0x3f, 0x67,
+    0x5d, 0x24, 0x9e, 0x60, 0x29, 0xdc, 0x4c, 0xd5, 0x13, 0xee,
+    0x3d, 0xb7, 0x84, 0x93, 0x27, 0xb5, 0x6a, 0xf9, 0xf0, 0xdd,
+    0x50, 0xac, 0x46, 0x3c, 0xe6, 0xd5, 0xec, 0xf7, 0xb7, 0x9f,
+    0x23, 0x39, 0x9c, 0x88, 0x8c, 0x5a, 0x62, 0x3f, 0x8d, 0x4a,
+    0xd7, 0xeb, 0x5e, 0x1e, 0x49, 0xf8, 0xa9, 0x53, 0x11, 0x75,
+    0xd0, 0x43, 0x1e, 0xc7, 0x29, 0x22, 0x80, 0x1f, 0xc5, 0x83,
+    0x8d, 0x20, 0x04, 0x87, 0x7f, 0x57, 0x8c, 0xf5, 0xa1, 0x02,
+    0x81, 0xc1, 0x00, 0xf7, 0xaa, 0xf5, 0xa5, 0x00, 0xdb, 0xd6,
+    0x11, 0xfc, 0x07, 0x6d, 0x22, 0x24, 0x2b, 0x4b, 0xc5, 0x67,
+    0x0f, 0x37, 0xa5, 0xdb, 0x8f, 0x38, 0xe2, 0x05, 0x43, 0x9a,
+    0x44, 0x05, 0x3f, 0xa9, 0xac, 0x4c, 0x98, 0x3c, 0x72, 0x38,
+    0xc3, 0x89, 0x33, 0x58, 0x73, 0x51, 0xcc, 0x5d, 0x2f, 0x8f,
+    0x6d, 0x3f, 0xa1, 0x22, 0x9e, 0xfb, 0x9a, 0xb4, 0xb8, 0x79,
+    0x95, 0xaf, 0x83, 0xcf, 0x5a, 0xb7, 0x14, 0x14, 0x0c, 0x51,
+    0x8a, 0x11, 0xe6, 0xd6, 0x21, 0x1e, 0x17, 0x13, 0xd3, 0x69,
+    0x7a, 0x3a, 0xd5, 0xaf, 0x3f, 0xb8, 0x25, 0x01, 0xcb, 0x2b,
+    0xe6, 0xfc, 0x03, 0xd8, 0xd4, 0xf7, 0x20, 0xe0, 0x21, 0xef,
+    0x1a, 0xca, 0x61, 0xeb, 0x8e, 0x96, 0x45, 0x8e, 0x5c, 0xe6,
+    0x81, 0x0b, 0x2d, 0x05, 0x32, 0xf9, 0x41, 0x62, 0xb4, 0x33,
+    0x98, 0x10, 0x3a, 0xcd, 0xf0, 0x7a, 0x8b, 0x1a, 0x48, 0xd7,
+    0x3b, 0x01, 0xf5, 0x18, 0x65, 0x8f, 0x3c, 0xc2, 0x31, 0x3b,
+    0xd3, 0xa7, 0x17, 0x5f, 0x7c, 0x0c, 0xe7, 0x25, 0x18, 0x5a,
+    0x08, 0xe1, 0x09, 0x89, 0x13, 0xa7, 0xc5, 0x12, 0xab, 0x88,
+    0x30, 0xcd, 0x06, 0xf9, 0xba, 0x6f, 0xca, 0x9c, 0x8a, 0xda,
+    0x3e, 0x53, 0x90, 0xd7, 0x16, 0x2e, 0xfc, 0xbc, 0xad, 0xd6,
+    0x3d, 0xc0, 0x66, 0x4c, 0x02, 0x3d, 0x31, 0xfd, 0x6c, 0xdb,
+    0x1c, 0xdf, 0x96, 0x33, 0x23, 0x02, 0x81, 0xc1, 0x00, 0xc2,
+    0x90, 0x47, 0xc4, 0xfb, 0x59, 0xf0, 0xc5, 0x14, 0x75, 0x29,
+    0xfa, 0x77, 0xa1, 0x8d, 0xd4, 0x90, 0xa1, 0x0d, 0x3f, 0x16,
+    0x88, 0xe3, 0x4c, 0x8f, 0x8f, 0x18, 0x8c, 0x9c, 0x8a, 0xd5,
+    0xa7, 0x41, 0x99, 0xf3, 0x80, 0x8e, 0xb1, 0xb8, 0x63, 0xd8,
+    0x3f, 0x95, 0xd0, 0xd0, 0x2b, 0xf5, 0xe6, 0x93, 0xe8, 0xfe,
+    0xd0, 0x73, 0xd5, 0xbd, 0xb4, 0xee, 0x51, 0x19, 0x6a, 0x10,
+    0xca, 0xc8, 0xba, 0xa4, 0x4d, 0x84, 0x54, 0x38, 0x17, 0xb5,
+    0xd0, 0xa8, 0x75, 0x22, 0xc5, 0x1b, 0x61, 0xa6, 0x51, 0x88,
+    0x63, 0xf0, 0x4f, 0xd1, 0x88, 0xd9, 0x16, 0x49, 0x30, 0xe1,
+    0xa8, 0x47, 0xc9, 0x30, 0x1d, 0x5c, 0x75, 0xd8, 0x89, 0xb6,
+    0x1d, 0x45, 0xd8, 0x0f, 0x94, 0x89, 0xb3, 0xe4, 0x51, 0xfa,
+    0x21, 0xff, 0x6f, 0xb6, 0x30, 0x6f, 0x33, 0x24, 0xbc, 0x09,
+    0x98, 0xe9, 0x20, 0x02, 0x0b, 0xde, 0xff, 0xc5, 0x06, 0xb6,
+    0x28, 0xa3, 0xa1, 0x07, 0xe8, 0xe1, 0xd2, 0xc2, 0xf1, 0xd1,
+    0x23, 0x6b, 0x4c, 0x3a, 0xae, 0x85, 0xec, 0xf9, 0xff, 0xa7,
+    0x9b, 0x25, 0xb8, 0x95, 0x1d, 0xa8, 0x14, 0x81, 0x4f, 0x79,
+    0x4f, 0xd6, 0x39, 0x5d, 0xe6, 0x5f, 0xd2, 0x34, 0x54, 0x8b,
+    0x1e, 0x40, 0x4c, 0x15, 0x5a, 0x45, 0xce, 0x0c, 0xb0, 0xdf,
+    0xa1, 0x17, 0xb8, 0xb0, 0x6a, 0x82, 0xa5, 0x97, 0x92, 0x70,
+    0xfb, 0x02, 0x81, 0xc0, 0x77, 0x46, 0x44, 0x2b, 0x04, 0xf0,
+    0xda, 0x75, 0xaa, 0xd4, 0xc0, 0xc0, 0x32, 0x7f, 0x0f, 0x6c,
+    0xb0, 0x27, 0x69, 0xfb, 0x5c, 0x73, 0xeb, 0x47, 0x1e, 0x95,
+    0xe2, 0x13, 0x64, 0x1b, 0xb6, 0xd1, 0x1d, 0xca, 0x2b, 0x42,
+    0x2f, 0x08, 0x2c, 0x69, 0x27, 0xed, 0xd1, 0xb5, 0x04, 0x23,
+    0xc5, 0x85, 0x2d, 0xa1, 0xa2, 0x94, 0xc2, 0x43, 0x4d, 0x49,
+    0x92, 0x74, 0x7e, 0x24, 0x92, 0x95, 0xf3, 0x99, 0x9d, 0xd6,
+    0x18, 0xe6, 0xcf, 0x9c, 0x45, 0xff, 0x89, 0x08, 0x40, 0x2a,
+    0x0e, 0xa0, 0x28, 0xf9, 0x83, 0xfe, 0xc1, 0xe6, 0x40, 0xa8,
+    0xe2, 0x29, 0xc9, 0xb0, 0xe8, 0x9a, 0x17, 0xb2, 0x23, 0x7e,
+    0xf4, 0x32, 0x08, 0xc9, 0x83, 0xb2, 0x15, 0xb8, 0xc5, 0xc9,
+    0x03, 0xd1, 0x9d, 0xda, 0x3e, 0xa8, 0xbf, 0xd5, 0xb7, 0x7d,
+    0x65, 0x63, 0x94, 0x5d, 0x5d, 0x94, 0xb4, 0xcf, 0x8d, 0x07,
+    0x0b, 0x70, 0x85, 0x8e, 0xce, 0x03, 0x0b, 0x2a, 0x8d, 0xb3,
+    0x3c, 0x46, 0xc0, 0x2f, 0xc7, 0x72, 0x6c, 0x9c, 0x5d, 0x07,
+    0x0f, 0x45, 0x3b, 0x6b, 0x66, 0x32, 0xab, 0x17, 0x83, 0xd8,
+    0x4c, 0x2c, 0x84, 0x71, 0x19, 0x8f, 0xaa, 0x0a, 0xff, 0xbc,
+    0xf7, 0x42, 0x10, 0xe8, 0xae, 0x4d, 0x26, 0xaf, 0xdd, 0x06,
+    0x33, 0x29, 0x66, 0x21, 0x5d, 0xf5, 0xae, 0x17, 0x07, 0x1f,
+    0x87, 0x9e, 0xae, 0x27, 0x1d, 0xd5, 0x02, 0x81, 0xc0, 0x56,
+    0x17, 0x4f, 0x9a, 0x8a, 0xf9, 0xde, 0x3e, 0xe6, 0x71, 0x7d,
+    0x94, 0xb5, 0xb0, 0xc7, 0xb8, 0x62, 0x12, 0xd1, 0x70, 0xb4,
+    0x00, 0xf8, 0x4a, 0xdd, 0x4f, 0x1d, 0x36, 0xc2, 0xe1, 0xef,
+    0xee, 0x25, 0x6a, 0x00, 0xc4, 0x46, 0xdf, 0xbe, 0xce, 0x77,
+    0x56, 0x93, 0x6d, 0x25, 0x5f, 0xfe, 0x5b, 0xfb, 0xe0, 0xe2,
+    0x37, 0xcc, 0xb9, 0xac, 0x4a, 0xce, 0x15, 0x16, 0xa0, 0xc7,
+    0x33, 0x63, 0xa4, 0xaa, 0xa5, 0x1e, 0x43, 0xc1, 0xda, 0x43,
+    0xfa, 0x43, 0x40, 0x29, 0x95, 0x7c, 0x2b, 0x36, 0x53, 0xe7,
+    0x7d, 0x09, 0x4d, 0xd8, 0x52, 0xac, 0x74, 0x5f, 0x08, 0x81,
+    0x21, 0x5c, 0x3a, 0x5a, 0xce, 0xf3, 0x25, 0xb6, 0x1e, 0x21,
+    0x76, 0x4c, 0x7c, 0x71, 0x50, 0x71, 0xaa, 0x27, 0x02, 0x5b,
+    0x23, 0x06, 0x0b, 0x21, 0x5b, 0xc7, 0x28, 0xa3, 0x3d, 0x8d,
+    0x25, 0x9b, 0x2a, 0x2d, 0x9d, 0xa1, 0x1c, 0x1d, 0xcb, 0x7d,
+    0x78, 0xf8, 0x06, 0x7e, 0x20, 0x7f, 0x24, 0x2a, 0x5c, 0xa4,
+    0x04, 0xff, 0x2a, 0x68, 0xe0, 0xe6, 0xa3, 0xd8, 0x6f, 0x56,
+    0x73, 0xa1, 0x3a, 0x4e, 0xc9, 0x23, 0xa1, 0x87, 0x22, 0x6a,
+    0x74, 0x78, 0x3f, 0x44, 0x1c, 0x77, 0x13, 0xe5, 0x51, 0xef,
+    0x89, 0x00, 0x3c, 0x6a, 0x4a, 0x5a, 0x8e, 0xf5, 0x30, 0xa2,
+    0x93, 0x7e, 0x92, 0x9b, 0x85, 0x55, 0xaf, 0xfe, 0x24, 0xaf,
+    0x57, 0x02, 0x81, 0xc1, 0x00, 0xa4, 0xc2, 0x6a, 0x59, 0x45,
+    0xea, 0x71, 0x7d, 0x4c, 0xaf, 0xaf, 0xd6, 0x55, 0x97, 0x73,
+    0xc5, 0xa1, 0x3c, 0xf6, 0x59, 0x23, 0xb6, 0x1f, 0x5e, 0x9c,
+    0x96, 0x0f, 0x97, 0x66, 0x82, 0x91, 0x48, 0x36, 0x70, 0x02,
+    0x67, 0xde, 0x34, 0xa6, 0x95, 0x7b, 0x51, 0x43, 0x66, 0xa4,
+    0x16, 0x45, 0x59, 0x12, 0xdb, 0x35, 0x19, 0x4b, 0xbf, 0x1d,
+    0xab, 0xf3, 0x3f, 0xb4, 0xb4, 0x6f, 0x66, 0xb0, 0x67, 0xc6,
+    0x77, 0x2c, 0x46, 0xa8, 0x03, 0x64, 0x9a, 0x13, 0x9d, 0x40,
+    0x22, 0x56, 0x76, 0x1a, 0x7c, 0x1e, 0xe2, 0xda, 0x7f, 0x09,
+    0xcf, 0x10, 0xe3, 0xf2, 0xf4, 0x2a, 0x3b, 0x46, 0xc7, 0x61,
+    0x9b, 0xef, 0x4a, 0x18, 0x60, 0x8c, 0x32, 0x71, 0xb9, 0xdd,
+    0xac, 0xa0, 0xc6, 0x8d, 0x3f, 0xab, 0xc3, 0x21, 0x2c, 0xeb,
+    0x91, 0x8f, 0xc7, 0x43, 0x0d, 0x0c, 0x67, 0x9e, 0xab, 0xe6,
+    0x8d, 0xb6, 0x2d, 0x41, 0xca, 0x43, 0xd8, 0xcb, 0x30, 0xfb,
+    0x3b, 0x40, 0x0d, 0x10, 0x9b, 0xb1, 0x55, 0x93, 0x73, 0x8b,
+    0x60, 0xef, 0xc0, 0xee, 0xc0, 0xa6, 0x7a, 0x79, 0x90, 0xfd,
+    0x4c, 0x25, 0xd4, 0x4f, 0x67, 0xbe, 0xf7, 0x86, 0x3c, 0x5d,
+    0x2b, 0x7d, 0x97, 0x3d, 0xa2, 0x91, 0xa5, 0x06, 0x69, 0xf6,
+    0x7a, 0xb8, 0x77, 0xe6, 0x70, 0xa9, 0xd8, 0x86, 0x4b, 0xa6,
+    0xcf, 0x67, 0x1d, 0x33, 0xcf, 0xfe, 0x3e
+};
+
+static unsigned char test4096[] = {
+    0x30, 0x82, 0x09, 0x29, 0x02, 0x01, 0x00, 0x02, 0x82, 0x02,
+    0x01, 0x00, 0xc0, 0x71, 0xac, 0x1a, 0x13, 0x88, 0x82, 0x43,
+    0x3b, 0x51, 0x57, 0x71, 0x8d, 0xb6, 0x2b, 0x82, 0x65, 0x21,
+    0x53, 0x5f, 0x28, 0x29, 0x4f, 0x8d, 0x7c, 0x8a, 0xb9, 0x44,
+    0xb3, 0x28, 0x41, 0x4f, 0xd3, 0xfa, 0x6a, 0xf8, 0xb9, 0x28,
+    0x50, 0x39, 0x67, 0x53, 0x2c, 0x3c, 0xd7, 0xcb, 0x96, 0x41,
+    0x40, 0x32, 0xbb, 0xeb, 0x70, 0xae, 0x1f, 0xb0, 0x65, 0xf7,
+    0x3a, 0xd9, 0x22, 0xfd, 0x10, 0xae, 0xbd, 0x02, 0xe2, 0xdd,
+    0xf3, 0xc2, 0x79, 0x3c, 0xc6, 0xfc, 0x75, 0xbb, 0xaf, 0x4e,
+    0x3a, 0x36, 0xc2, 0x4f, 0xea, 0x25, 0xdf, 0x13, 0x16, 0x4b,
+    0x20, 0xfe, 0x4b, 0x69, 0x16, 0xc4, 0x7f, 0x1a, 0x43, 0xa6,
+    0x17, 0x1b, 0xb9, 0x0a, 0xf3, 0x09, 0x86, 0x28, 0x89, 0xcf,
+    0x2c, 0xd0, 0xd4, 0x81, 0xaf, 0xc6, 0x6d, 0xe6, 0x21, 0x8d,
+    0xee, 0xef, 0xea, 0xdc, 0xb7, 0xc6, 0x3b, 0x63, 0x9f, 0x0e,
+    0xad, 0x89, 0x78, 0x23, 0x18, 0xbf, 0x70, 0x7e, 0x84, 0xe0,
+    0x37, 0xec, 0xdb, 0x8e, 0x9c, 0x3e, 0x6a, 0x19, 0xcc, 0x99,
+    0x72, 0xe6, 0xb5, 0x7d, 0x6d, 0xfa, 0xe5, 0xd3, 0xe4, 0x90,
+    0xb5, 0xb2, 0xb2, 0x12, 0x70, 0x4e, 0xca, 0xf8, 0x10, 0xf8,
+    0xa3, 0x14, 0xc2, 0x48, 0x19, 0xeb, 0x60, 0x99, 0xbb, 0x2a,
+    0x1f, 0xb1, 0x7a, 0xb1, 0x3d, 0x24, 0xfb, 0xa0, 0x29, 0xda,
+    0xbd, 0x1b, 0xd7, 0xa4, 0xbf, 0xef, 0x60, 0x2d, 0x22, 0xca,
+    0x65, 0x98, 0xf1, 0xc4, 0xe1, 0xc9, 0x02, 0x6b, 0x16, 0x28,
+    0x2f, 0xa1, 0xaa, 0x79, 0x00, 0xda, 0xdc, 0x7c, 0x43, 0xf7,
+    0x42, 0x3c, 0xa0, 0xef, 0x68, 0xf7, 0xdf, 0xb9, 0x69, 0xfb,
+    0x8e, 0x01, 0xed, 0x01, 0x42, 0xb5, 0x4e, 0x57, 0xa6, 0x26,
+    0xb8, 0xd0, 0x7b, 0x56, 0x6d, 0x03, 0xc6, 0x40, 0x8c, 0x8c,
+    0x2a, 0x55, 0xd7, 0x9c, 0x35, 0x00, 0x94, 0x93, 0xec, 0x03,
+    0xeb, 0x22, 0xef, 0x77, 0xbb, 0x79, 0x13, 0x3f, 0x15, 0xa1,
+    0x8f, 0xca, 0xdf, 0xfd, 0xd3, 0xb8, 0xe1, 0xd4, 0xcc, 0x09,
+    0x3f, 0x3c, 0x2c, 0xdb, 0xd1, 0x49, 0x7f, 0x38, 0x07, 0x83,
+    0x6d, 0xeb, 0x08, 0x66, 0xe9, 0x06, 0x44, 0x12, 0xac, 0x95,
+    0x22, 0x90, 0x23, 0x67, 0xd4, 0x08, 0xcc, 0xf4, 0xb7, 0xdc,
+    0xcc, 0x87, 0xd4, 0xac, 0x69, 0x35, 0x4c, 0xb5, 0x39, 0x36,
+    0xcd, 0xa4, 0xd2, 0x95, 0xca, 0x0d, 0xc5, 0xda, 0xc2, 0xc5,
+    0x22, 0x32, 0x28, 0x08, 0xe3, 0xd2, 0x8b, 0x38, 0x30, 0xdc,
+    0x8c, 0x75, 0x4f, 0x6a, 0xec, 0x7a, 0xac, 0x16, 0x3e, 0xa8,
+    0xd4, 0x6a, 0x45, 0xe1, 0xa8, 0x4f, 0x2e, 0x80, 0x34, 0xaa,
+    0x54, 0x1b, 0x02, 0x95, 0x7d, 0x8a, 0x6d, 0xcc, 0x79, 0xca,
+    0xf2, 0xa4, 0x2e, 0x8d, 0xfb, 0xfe, 0x15, 0x51, 0x10, 0x0e,
+    0x4d, 0x88, 0xb1, 0xc7, 0xf4, 0x79, 0xdb, 0xf0, 0xb4, 0x56,
+    0x44, 0x37, 0xca, 0x5a, 0xc1, 0x8c, 0x48, 0xac, 0xae, 0x48,
+    0x80, 0x83, 0x01, 0x3f, 0xde, 0xd9, 0xd3, 0x2c, 0x51, 0x46,
+    0xb1, 0x41, 0xb6, 0xc6, 0x91, 0x72, 0xf9, 0x83, 0x55, 0x1b,
+    0x8c, 0xba, 0xf3, 0x73, 0xe5, 0x2c, 0x74, 0x50, 0x3a, 0xbe,
+    0xc5, 0x2f, 0xa7, 0xb2, 0x6d, 0x8c, 0x9e, 0x13, 0x77, 0xa3,
+    0x13, 0xcd, 0x6d, 0x8c, 0x45, 0xe1, 0xfc, 0x0b, 0xb7, 0x69,
+    0xe9, 0x27, 0xbc, 0x65, 0xc3, 0xfa, 0x9b, 0xd0, 0xef, 0xfe,
+    0xe8, 0x1f, 0xb3, 0x5e, 0x34, 0xf4, 0x8c, 0xea, 0xfc, 0xd3,
+    0x81, 0xbf, 0x3d, 0x30, 0xb2, 0xb4, 0x01, 0xe8, 0x43, 0x0f,
+    0xba, 0x02, 0x23, 0x42, 0x76, 0x82, 0x31, 0x73, 0x91, 0xed,
+    0x07, 0x46, 0x61, 0x0d, 0x39, 0x83, 0x40, 0xce, 0x7a, 0xd4,
+    0xdb, 0x80, 0x2c, 0x1f, 0x0d, 0xd1, 0x34, 0xd4, 0x92, 0xe3,
+    0xd4, 0xf1, 0xc2, 0x01, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02,
+    0x82, 0x02, 0x01, 0x00, 0x97, 0x6c, 0xda, 0x6e, 0xea, 0x4f,
+    0xcf, 0xaf, 0xf7, 0x4c, 0xd9, 0xf1, 0x90, 0x00, 0x77, 0xdb,
+    0xf2, 0x97, 0x76, 0x72, 0xb9, 0xb7, 0x47, 0xd1, 0x9c, 0xdd,
+    0xcb, 0x4a, 0x33, 0x6e, 0xc9, 0x75, 0x76, 0xe6, 0xe4, 0xa5,
+    0x31, 0x8c, 0x77, 0x13, 0xb4, 0x29, 0xcd, 0xf5, 0x52, 0x17,
+    0xef, 0xf3, 0x08, 0x00, 0xe3, 0xbd, 0x2e, 0xbc, 0xd4, 0x52,
+    0x88, 0xe9, 0x30, 0x75, 0x0b, 0x02, 0xf5, 0xcd, 0x89, 0x0c,
+    0x6c, 0x57, 0x19, 0x27, 0x3d, 0x1e, 0x85, 0xb4, 0xc1, 0x2f,
+    0x1d, 0x92, 0x00, 0x5c, 0x76, 0x29, 0x4b, 0xa4, 0xe1, 0x12,
+    0xb3, 0xc8, 0x09, 0xfe, 0x0e, 0x78, 0x72, 0x61, 0xcb, 0x61,
+    0x6f, 0x39, 0x91, 0x95, 0x4e, 0xd5, 0x3e, 0xc7, 0x8f, 0xb8,
+    0xf6, 0x36, 0xfe, 0x9c, 0x93, 0x9a, 0x38, 0x25, 0x7a, 0xf4,
+    0x4a, 0x12, 0xd4, 0xa0, 0x13, 0xbd, 0xf9, 0x1d, 0x12, 0x3e,
+    0x21, 0x39, 0xfb, 0x72, 0xe0, 0x05, 0x3d, 0xc3, 0xe5, 0x50,
+    0xa8, 0x5d, 0x85, 0xa3, 0xea, 0x5f, 0x1c, 0xb2, 0x3f, 0xea,
+    0x6d, 0x03, 0x91, 0x55, 0xd8, 0x19, 0x0a, 0x21, 0x12, 0x16,
+    0xd9, 0x12, 0xc4, 0xe6, 0x07, 0x18, 0x5b, 0x26, 0xa4, 0xae,
+    0xed, 0x2b, 0xb7, 0xa6, 0xed, 0xf8, 0xad, 0xec, 0x77, 0xe6,
+    0x7f, 0x4f, 0x76, 0x00, 0xc0, 0xfa, 0x15, 0x92, 0xb4, 0x2c,
+    0x22, 0xc2, 0xeb, 0x6a, 0xad, 0x14, 0x05, 0xb2, 0xe5, 0x8a,
+    0x9e, 0x85, 0x83, 0xcc, 0x04, 0xf1, 0x56, 0x78, 0x44, 0x5e,
+    0xde, 0xe0, 0x60, 0x1a, 0x65, 0x79, 0x31, 0x23, 0x05, 0xbb,
+    0x01, 0xff, 0xdd, 0x2e, 0xb7, 0xb3, 0xaa, 0x74, 0xe0, 0xa5,
+    0x94, 0xaf, 0x4b, 0xde, 0x58, 0x0f, 0x55, 0xde, 0x33, 0xf6,
+    0xe3, 0xd6, 0x34, 0x36, 0x57, 0xd6, 0x79, 0x91, 0x2e, 0xbe,
+    0x3b, 0xd9, 0x4e, 0xb6, 0x9d, 0x21, 0x5c, 0xd3, 0x48, 0x14,
+    0x7f, 0x4a, 0xc4, 0x60, 0xa9, 0x29, 0xf8, 0x53, 0x7f, 0x88,
+    0x11, 0x2d, 0xb5, 0xc5, 0x2d, 0x6f, 0xee, 0x85, 0x0b, 0xf7,
+    0x8d, 0x9a, 0xbe, 0xb0, 0x42, 0xf2, 0x2e, 0x71, 0xaf, 0x19,
+    0x31, 0x6d, 0xec, 0xcd, 0x6f, 0x2b, 0x23, 0xdf, 0xb4, 0x40,
+    0xaf, 0x2c, 0x0a, 0xc3, 0x1b, 0x7d, 0x7d, 0x03, 0x1d, 0x4b,
+    0xf3, 0xb5, 0xe0, 0x85, 0xd8, 0xdf, 0x91, 0x6b, 0x0a, 0x69,
+    0xf7, 0xf2, 0x69, 0x66, 0x5b, 0xf1, 0xcf, 0x46, 0x7d, 0xe9,
+    0x70, 0xfa, 0x6d, 0x7e, 0x75, 0x4e, 0xa9, 0x77, 0xe6, 0x8c,
+    0x02, 0xf7, 0x14, 0x4d, 0xa5, 0x41, 0x8f, 0x3f, 0xc1, 0x62,
+    0x1e, 0x71, 0x5e, 0x38, 0xb4, 0xd6, 0xe6, 0xe1, 0x4b, 0xc2,
+    0x2c, 0x30, 0x83, 0x81, 0x6f, 0x49, 0x2e, 0x96, 0xe6, 0xc9,
+    0x9a, 0xf7, 0x5d, 0x09, 0xa0, 0x55, 0x02, 0xa5, 0x3a, 0x25,
+    0x23, 0xd0, 0x92, 0xc3, 0xa3, 0xe3, 0x0e, 0x12, 0x2f, 0x4d,
+    0xef, 0xf3, 0x55, 0x5a, 0xbe, 0xe6, 0x19, 0x86, 0x31, 0xab,
+    0x75, 0x9a, 0xd3, 0xf0, 0x2c, 0xc5, 0x41, 0x92, 0xd9, 0x1f,
+    0x5f, 0x11, 0x8c, 0x75, 0x1c, 0x63, 0xd0, 0x02, 0x80, 0x2c,
+    0x68, 0xcb, 0x93, 0xfb, 0x51, 0x73, 0x49, 0xb4, 0x60, 0xda,
+    0xe2, 0x26, 0xaf, 0xa9, 0x46, 0x12, 0xb8, 0xec, 0x50, 0xdd,
+    0x12, 0x06, 0x5f, 0xce, 0x59, 0xe6, 0xf6, 0x1c, 0xe0, 0x54,
+    0x10, 0xad, 0xf6, 0xcd, 0x98, 0xcc, 0x0f, 0xfb, 0xcb, 0x41,
+    0x14, 0x9d, 0xed, 0xe4, 0xb4, 0x74, 0x5f, 0x09, 0x60, 0xc7,
+    0x12, 0xf6, 0x7b, 0x3c, 0x8f, 0xa7, 0x20, 0xbc, 0xe4, 0xb1,
+    0xef, 0xeb, 0xa4, 0x93, 0xc5, 0x06, 0xca, 0x9a, 0x27, 0x9d,
+    0x87, 0xf3, 0xde, 0xca, 0xe5, 0xe7, 0xf6, 0x1c, 0x01, 0x65,
+    0x5b, 0xfb, 0x19, 0x79, 0x6e, 0x08, 0x26, 0xc5, 0xc8, 0x28,
+    0x0e, 0xb6, 0x3b, 0x07, 0x08, 0xc1, 0x02, 0x82, 0x01, 0x01,
+    0x00, 0xe8, 0x1c, 0x73, 0xa6, 0xb8, 0xe0, 0x0e, 0x6d, 0x8d,
+    0x1b, 0xb9, 0x53, 0xed, 0x58, 0x94, 0xe6, 0x1d, 0x60, 0x14,
+    0x5c, 0x76, 0x43, 0xc4, 0x58, 0x19, 0xc4, 0x24, 0xe8, 0xbc,
+    0x1b, 0x3b, 0x0b, 0x13, 0x24, 0x45, 0x54, 0x0e, 0xcc, 0x37,
+    0xf0, 0xe0, 0x63, 0x7d, 0xc3, 0xf7, 0xfb, 0x81, 0x74, 0x81,
+    0xc4, 0x0f, 0x1a, 0x21, 0x48, 0xaf, 0xce, 0xc1, 0xc4, 0x94,
+    0x18, 0x06, 0x44, 0x8d, 0xd3, 0xd2, 0x22, 0x2d, 0x2d, 0x3e,
+    0x5a, 0x31, 0xdc, 0x95, 0x8e, 0xf4, 0x41, 0xfc, 0x58, 0xc9,
+    0x40, 0x92, 0x17, 0x5f, 0xe3, 0xda, 0xac, 0x9e, 0x3f, 0x1c,
+    0x2a, 0x6b, 0x58, 0x5f, 0x48, 0x78, 0x20, 0xb1, 0xaf, 0x24,
+    0x9b, 0x3c, 0x20, 0x8b, 0x93, 0x25, 0x9e, 0xe6, 0x6b, 0xbc,
+    0x13, 0x42, 0x14, 0x6c, 0x36, 0x31, 0xff, 0x7a, 0xd1, 0xc1,
+    0x1a, 0x26, 0x14, 0x7f, 0xa9, 0x76, 0xa7, 0x0c, 0xf8, 0xcc,
+    0xed, 0x07, 0x6a, 0xd2, 0xdf, 0x62, 0xee, 0x0a, 0x7c, 0x84,
+    0xcb, 0x49, 0x90, 0xb2, 0x03, 0x0d, 0xa2, 0x82, 0x06, 0x77,
+    0xf1, 0xcd, 0x67, 0xf2, 0x47, 0x21, 0x02, 0x3f, 0x43, 0x21,
+    0xf0, 0x46, 0x30, 0x62, 0x51, 0x72, 0xb1, 0xe7, 0x48, 0xc6,
+    0x67, 0x12, 0xcd, 0x9e, 0xd6, 0x15, 0xe5, 0x21, 0xed, 0xfa,
+    0x8f, 0x30, 0xa6, 0x41, 0xfe, 0xb6, 0xfa, 0x8f, 0x34, 0x14,
+    0x19, 0xe8, 0x11, 0xf7, 0xa5, 0x77, 0x3e, 0xb7, 0xf9, 0x39,
+    0x07, 0x8c, 0x67, 0x2a, 0xab, 0x7b, 0x08, 0xf8, 0xb0, 0x06,
+    0xa8, 0xea, 0x2f, 0x8f, 0xfa, 0xcc, 0xcc, 0x40, 0xce, 0xf3,
+    0x70, 0x4f, 0x3f, 0x7f, 0xe2, 0x0c, 0xea, 0x76, 0x4a, 0x35,
+    0x4e, 0x47, 0xad, 0x2b, 0xa7, 0x97, 0x5d, 0x74, 0x43, 0x97,
+    0x90, 0xd2, 0xfb, 0xd9, 0xf9, 0x96, 0x01, 0x33, 0x05, 0xed,
+    0x7b, 0x03, 0x05, 0xad, 0xf8, 0x49, 0x03, 0x02, 0x82, 0x01,
+    0x01, 0x00, 0xd4, 0x40, 0x17, 0x66, 0x10, 0x92, 0x95, 0xc8,
+    0xec, 0x62, 0xa9, 0x7a, 0xcb, 0x93, 0x8e, 0xe6, 0x53, 0xd4,
+    0x80, 0x48, 0x27, 0x4b, 0x41, 0xce, 0x61, 0xdf, 0xbf, 0x94,
+    0xa4, 0x3d, 0x71, 0x03, 0x0b, 0xed, 0x25, 0x71, 0x98, 0xa4,
+    0xd6, 0xd5, 0x4a, 0x57, 0xf5, 0x6c, 0x1b, 0xda, 0x21, 0x7d,
+    0x35, 0x45, 0xb3, 0xf3, 0x6a, 0xd9, 0xd3, 0x43, 0xe8, 0x5c,
+    0x54, 0x1c, 0x83, 0x1b, 0xb4, 0x5f, 0xf2, 0x97, 0x24, 0x2e,
+    0xdc, 0x40, 0xde, 0x92, 0x23, 0x59, 0x8e, 0xbc, 0xd2, 0xa1,
+    0xf2, 0xe0, 0x4c, 0xdd, 0x0b, 0xd1, 0xe7, 0xae, 0x65, 0xbc,
+    0xb5, 0xf5, 0x5b, 0x98, 0xe9, 0xd7, 0xc2, 0xb7, 0x0e, 0x55,
+    0x71, 0x0e, 0x3c, 0x0a, 0x24, 0x6b, 0xa6, 0xe6, 0x14, 0x61,
+    0x11, 0xfd, 0x33, 0x42, 0x99, 0x2b, 0x84, 0x77, 0x74, 0x92,
+    0x91, 0xf5, 0x79, 0x79, 0xcf, 0xad, 0x8e, 0x04, 0xef, 0x80,
+    0x1e, 0x57, 0xf4, 0x14, 0xf5, 0x35, 0x09, 0x74, 0xb2, 0x13,
+    0x71, 0x58, 0x6b, 0xea, 0x32, 0x5d, 0xf3, 0xd3, 0x76, 0x48,
+    0x39, 0x10, 0x23, 0x84, 0x9d, 0xbe, 0x92, 0x77, 0x4a, 0xed,
+    0x70, 0x3e, 0x1a, 0xa2, 0x6c, 0xb3, 0x81, 0x00, 0xc3, 0xc9,
+    0xe4, 0x52, 0xc8, 0x24, 0x88, 0x0c, 0x41, 0xad, 0x87, 0x5a,
+    0xea, 0xa3, 0x7a, 0x85, 0x1c, 0x5e, 0x31, 0x7f, 0xc3, 0x35,
+    0xc6, 0xfa, 0x10, 0xc8, 0x75, 0x10, 0xc4, 0x96, 0x99, 0xe7,
+    0xfe, 0x01, 0xb4, 0x74, 0xdb, 0xb4, 0x11, 0xc3, 0xc8, 0x8c,
+    0xf6, 0xf7, 0x3b, 0x66, 0x50, 0xfc, 0xdb, 0xeb, 0xca, 0x47,
+    0x85, 0x89, 0xe1, 0x65, 0xd9, 0x62, 0x34, 0x3c, 0x70, 0xd8,
+    0x2e, 0xb4, 0x2f, 0x65, 0x3c, 0x4a, 0xa6, 0x2a, 0xe7, 0xc7,
+    0xd8, 0x41, 0x8f, 0x8a, 0x43, 0xbf, 0x42, 0xf2, 0x4d, 0xbc,
+    0xfc, 0x9e, 0x27, 0x95, 0xfb, 0x75, 0xff, 0xab, 0x02, 0x82,
+    0x01, 0x00, 0x41, 0x2f, 0x44, 0x57, 0x6d, 0x12, 0x17, 0x5b,
+    0x32, 0xc6, 0xb7, 0x6c, 0x57, 0x7a, 0x8a, 0x0e, 0x79, 0xef,
+    0x72, 0xa8, 0x68, 0xda, 0x2d, 0x38, 0xe4, 0xbb, 0x8d, 0xf6,
+    0x02, 0x65, 0xcf, 0x56, 0x13, 0xe1, 0x1a, 0xcb, 0x39, 0x80,
+    0xa6, 0xb1, 0x32, 0x03, 0x1e, 0xdd, 0xbb, 0x35, 0xd9, 0xac,
+    0x43, 0x89, 0x31, 0x08, 0x90, 0x92, 0x5e, 0x35, 0x3d, 0x7b,
+    0x9c, 0x6f, 0x86, 0xcb, 0x17, 0xdd, 0x85, 0xe4, 0xed, 0x35,
+    0x08, 0x8e, 0xc1, 0xf4, 0x05, 0xd8, 0x68, 0xc6, 0x63, 0x3c,
+    0xf7, 0xff, 0xf7, 0x47, 0x33, 0x39, 0xc5, 0x3e, 0xb7, 0x0e,
+    0x58, 0x35, 0x9d, 0x81, 0xea, 0xf8, 0x6a, 0x2c, 0x1c, 0x5a,
+    0x68, 0x78, 0x64, 0x11, 0x6b, 0xc1, 0x3e, 0x4e, 0x7a, 0xbd,
+    0x84, 0xcb, 0x0f, 0xc2, 0xb6, 0x85, 0x1d, 0xd3, 0x76, 0xc5,
+    0x93, 0x6a, 0x69, 0x89, 0x56, 0x34, 0xdc, 0x4a, 0x9b, 0xbc,
+    0xff, 0xa8, 0x0d, 0x6e, 0x35, 0x9c, 0x60, 0xa7, 0x23, 0x30,
+    0xc7, 0x06, 0x64, 0x39, 0x8b, 0x94, 0x89, 0xee, 0xba, 0x7f,
+    0x60, 0x8d, 0xfa, 0xb6, 0x97, 0x76, 0xdc, 0x51, 0x4a, 0x3c,
+    0xeb, 0x3a, 0x14, 0x2c, 0x20, 0x60, 0x69, 0x4a, 0x86, 0xfe,
+    0x8c, 0x21, 0x84, 0x49, 0x54, 0xb3, 0x20, 0xe1, 0x01, 0x7f,
+    0x58, 0xdf, 0x7f, 0xb5, 0x21, 0x51, 0x8c, 0x47, 0x9f, 0x91,
+    0xeb, 0x97, 0x3e, 0xf2, 0x54, 0xcf, 0x16, 0x46, 0xf9, 0xd9,
+    0xb6, 0xe7, 0x64, 0xc9, 0xd0, 0x54, 0xea, 0x2f, 0xa1, 0xcf,
+    0xa5, 0x7f, 0x28, 0x8d, 0x84, 0xec, 0xd5, 0x39, 0x03, 0x76,
+    0x5b, 0x2d, 0x8e, 0x43, 0xf2, 0x01, 0x24, 0xc9, 0x6f, 0xc0,
+    0xf5, 0x69, 0x6f, 0x7d, 0xb5, 0x85, 0xd2, 0x5f, 0x7f, 0x78,
+    0x40, 0x07, 0x7f, 0x09, 0x15, 0xb5, 0x1f, 0x28, 0x65, 0x10,
+    0xe4, 0x19, 0xa8, 0xc6, 0x9e, 0x8d, 0xdc, 0xcb, 0x02, 0x82,
+    0x01, 0x00, 0x13, 0x01, 0xee, 0x56, 0x80, 0x93, 0x70, 0x00,
+    0x7f, 0x52, 0xd2, 0x94, 0xa1, 0x98, 0x84, 0x4a, 0x92, 0x25,
+    0x4c, 0x9b, 0xa9, 0x91, 0x2e, 0xc2, 0x79, 0xb7, 0x5c, 0xe3,
+    0xc5, 0xd5, 0x8e, 0xc2, 0x54, 0x16, 0x17, 0xad, 0x55, 0x9b,
+    0x25, 0x76, 0x12, 0x63, 0x50, 0x22, 0x2f, 0x58, 0x58, 0x79,
+    0x6b, 0x04, 0xe3, 0xf9, 0x9f, 0x8f, 0x04, 0x41, 0x67, 0x94,
+    0xa5, 0x1f, 0xac, 0x8a, 0x15, 0x9c, 0x26, 0x10, 0x6c, 0xf8,
+    0x19, 0x57, 0x61, 0xd7, 0x3a, 0x7d, 0x31, 0xb0, 0x2d, 0x38,
+    0xbd, 0x94, 0x62, 0xad, 0xc4, 0xfa, 0x36, 0x42, 0x42, 0xf0,
+    0x24, 0x67, 0x65, 0x9d, 0x8b, 0x0b, 0x7c, 0x6f, 0x82, 0x44,
+    0x1a, 0x8c, 0xc8, 0xc9, 0xab, 0xbb, 0x4c, 0x45, 0xfc, 0x7b,
+    0x38, 0xee, 0x30, 0xe1, 0xfc, 0xef, 0x8d, 0xbc, 0x58, 0xdf,
+    0x2b, 0x5d, 0x0d, 0x54, 0xe0, 0x49, 0x4d, 0x97, 0x99, 0x8f,
+    0x22, 0xa8, 0x83, 0xbe, 0x40, 0xbb, 0x50, 0x2e, 0x78, 0x28,
+    0x0f, 0x95, 0x78, 0x8c, 0x8f, 0x98, 0x24, 0x56, 0xc2, 0x97,
+    0xf3, 0x2c, 0x43, 0xd2, 0x03, 0x82, 0x66, 0x81, 0x72, 0x5f,
+    0x53, 0x16, 0xec, 0xb1, 0xb1, 0x04, 0x5e, 0x40, 0x20, 0x48,
+    0x7b, 0x3f, 0x02, 0x97, 0x6a, 0xeb, 0x96, 0x12, 0x21, 0x35,
+    0xfe, 0x1f, 0x47, 0xc0, 0x95, 0xea, 0xc5, 0x8a, 0x08, 0x84,
+    0x4f, 0x5e, 0x63, 0x94, 0x60, 0x0f, 0x71, 0x5b, 0x7f, 0x4a,
+    0xec, 0x4f, 0x60, 0xc6, 0xba, 0x4a, 0x24, 0xf1, 0x20, 0x8b,
+    0xa7, 0x2e, 0x3a, 0xce, 0x8d, 0xe0, 0x27, 0x1d, 0xb5, 0x8e,
+    0xb4, 0x21, 0xc5, 0xe2, 0xa6, 0x16, 0x0a, 0x51, 0x83, 0x55,
+    0x88, 0xd1, 0x30, 0x11, 0x63, 0xd5, 0xd7, 0x8d, 0xae, 0x16,
+    0x12, 0x82, 0xc4, 0x85, 0x00, 0x4e, 0x27, 0x83, 0xa5, 0x7c,
+    0x90, 0x2e, 0xe5, 0xa2, 0xa3, 0xd3, 0x4c, 0x63, 0x02, 0x82,
+    0x01, 0x01, 0x00, 0x86, 0x08, 0x98, 0x98, 0xa5, 0x00, 0x05,
+    0x39, 0x77, 0xd9, 0x66, 0xb3, 0xcf, 0xca, 0xa0, 0x71, 0xb3,
+    0x50, 0xce, 0x3d, 0xb1, 0x93, 0x95, 0x35, 0xc4, 0xd4, 0x2e,
+    0x90, 0xdf, 0x0f, 0xfc, 0x60, 0xc1, 0x94, 0x68, 0x61, 0x43,
+    0xca, 0x9a, 0x23, 0x4a, 0x1e, 0x45, 0x72, 0x99, 0xb5, 0x1e,
+    0x61, 0x8d, 0x77, 0x0f, 0xa0, 0xbb, 0xd7, 0x77, 0xb4, 0x2a,
+    0x15, 0x11, 0x88, 0x2d, 0xb3, 0x56, 0x61, 0x5e, 0x6a, 0xed,
+    0xa4, 0x46, 0x4a, 0x3f, 0x50, 0x11, 0xd6, 0xba, 0xb6, 0xd7,
+    0x95, 0x65, 0x53, 0xc3, 0xa1, 0x8f, 0xe0, 0xa3, 0xf5, 0x1c,
+    0xfd, 0xaf, 0x6e, 0x43, 0xd7, 0x17, 0xa7, 0xd3, 0x81, 0x1b,
+    0xa4, 0xdf, 0xe0, 0x97, 0x8a, 0x46, 0x03, 0xd3, 0x46, 0x0e,
+    0x83, 0x48, 0x4e, 0xd2, 0x02, 0xcb, 0xc0, 0xad, 0x79, 0x95,
+    0x8c, 0x96, 0xba, 0x40, 0x34, 0x11, 0x71, 0x5e, 0xe9, 0x11,
+    0xf9, 0xc5, 0x4a, 0x5e, 0x91, 0x9d, 0xf5, 0x92, 0x4f, 0xeb,
+    0xc6, 0x70, 0x02, 0x2d, 0x3d, 0x04, 0xaa, 0xe9, 0x3a, 0x8e,
+    0xd5, 0xa8, 0xad, 0xf7, 0xce, 0x0d, 0x16, 0xb2, 0xec, 0x0a,
+    0x9c, 0xf5, 0x94, 0x39, 0xb9, 0x8a, 0xfc, 0x1e, 0xf9, 0xcc,
+    0xf2, 0x5f, 0x21, 0x31, 0x74, 0x72, 0x6b, 0x64, 0xae, 0x35,
+    0x61, 0x8d, 0x0d, 0xcb, 0xe7, 0xda, 0x39, 0xca, 0xf3, 0x21,
+    0x66, 0x0b, 0x95, 0xd7, 0x0a, 0x7c, 0xca, 0xa1, 0xa9, 0x5a,
+    0xe8, 0xac, 0xe0, 0x71, 0x54, 0xaf, 0x28, 0xcf, 0xd5, 0x70,
+    0x89, 0xe0, 0xf3, 0x9e, 0x43, 0x6c, 0x8d, 0x7b, 0x99, 0x01,
+    0x68, 0x4d, 0xa1, 0x45, 0x46, 0x0c, 0x43, 0xbc, 0xcc, 0x2c,
+    0xdd, 0xc5, 0x46, 0xc8, 0x4e, 0x0e, 0xbe, 0xed, 0xb9, 0x26,
+    0xab, 0x2e, 0xdb, 0xeb, 0x8f, 0xff, 0xdb, 0xb0, 0xc6, 0x55,
+    0xaf, 0xf8, 0x2a, 0x91, 0x9d, 0x50, 0x44, 0x21, 0x17,
+};
+
+static unsigned char test7680[] = {
+    0x30, 0x82, 0x11, 0x09, 0x02, 0x01, 0x00, 0x02, 0x82, 0x03,
+    0xc1, 0x00, 0xe3, 0x27, 0x46, 0x99, 0xb5, 0x17, 0xab, 0xfa,
+    0x65, 0x05, 0x7a, 0x06, 0x81, 0x14, 0xce, 0x43, 0x21, 0x49,
+    0x0f, 0x08, 0xf1, 0x70, 0xb4, 0xc1, 0x10, 0xd1, 0x87, 0xf8,
+    0x29, 0x91, 0x36, 0x66, 0x2d, 0xbe, 0x7b, 0x1d, 0xa2, 0x0b,
+    0x20, 0x38, 0xd9, 0x8e, 0x78, 0x27, 0xcf, 0xb5, 0x45, 0x58,
+    0x3d, 0xf4, 0xda, 0xf0, 0xdc, 0x21, 0x17, 0x52, 0xcd, 0x68,
+    0xe2, 0x81, 0xac, 0x88, 0x61, 0x10, 0xbc, 0xb0, 0x7f, 0xe4,
+    0xf3, 0x78, 0xb7, 0x28, 0x6c, 0x5f, 0x5c, 0xc2, 0x8d, 0x3d,
+    0xb0, 0x87, 0x41, 0x15, 0x2e, 0x09, 0x5f, 0xea, 0x06, 0x7f,
+    0xe9, 0x35, 0x18, 0x90, 0x50, 0xad, 0xf6, 0xb9, 0xfd, 0x33,
+    0x02, 0x1a, 0x99, 0x9e, 0xa5, 0x7d, 0x2c, 0x3b, 0x24, 0xe7,
+    0x31, 0x35, 0x73, 0x9a, 0xb0, 0xfe, 0x03, 0xfc, 0xc6, 0x98,
+    0x78, 0xd9, 0x66, 0x95, 0xa5, 0x12, 0xbc, 0x1e, 0x82, 0xbc,
+    0xf1, 0xc5, 0x31, 0xcd, 0xa6, 0xb1, 0x0c, 0x02, 0xbf, 0x7f,
+    0xb7, 0xaf, 0x5f, 0xd6, 0xed, 0xf7, 0xc1, 0x59, 0x86, 0x3a,
+    0x35, 0x95, 0x54, 0x21, 0x8d, 0x6a, 0xb3, 0xd1, 0x2b, 0x71,
+    0xf5, 0xf1, 0x66, 0x00, 0xb1, 0x88, 0xee, 0x3b, 0xa4, 0x41,
+    0x52, 0x1a, 0xf5, 0x0e, 0x32, 0xb6, 0xbf, 0x52, 0xab, 0x51,
+    0x55, 0x91, 0x32, 0x4f, 0xaf, 0x91, 0xac, 0xf7, 0xff, 0x8e,
+    0x3b, 0x2b, 0x61, 0xe9, 0x6d, 0x1d, 0x68, 0x80, 0x90, 0x79,
+    0x34, 0x96, 0xca, 0x49, 0x43, 0x7c, 0x89, 0x4e, 0x5e, 0x31,
+    0xb5, 0xce, 0x01, 0x9b, 0x09, 0xaf, 0x92, 0x06, 0x24, 0xe7,
+    0x22, 0x35, 0xcc, 0xa2, 0x0b, 0xfb, 0x5b, 0x87, 0x65, 0x71,
+    0xff, 0x64, 0x3e, 0xf9, 0xe8, 0x33, 0xa0, 0xc3, 0x4e, 0xb2,
+    0x41, 0x98, 0x54, 0xeb, 0x13, 0x99, 0xfb, 0x32, 0x78, 0x7e,
+    0xda, 0x4f, 0xd3, 0x46, 0x6a, 0xb5, 0x78, 0x81, 0x3f, 0x04,
+    0x13, 0x5f, 0x67, 0xaf, 0x88, 0xa5, 0x9e, 0x0d, 0xc5, 0xf3,
+    0xe7, 0x4c, 0x51, 0xf5, 0x51, 0x4a, 0xa4, 0x58, 0x64, 0xd9,
+    0xa2, 0x32, 0x54, 0x36, 0xce, 0x38, 0xd8, 0xc2, 0x0e, 0x0d,
+    0x60, 0x8e, 0x32, 0x7f, 0x90, 0x8a, 0xbc, 0x88, 0xbe, 0x6a,
+    0xc0, 0x47, 0x0f, 0x02, 0x41, 0xff, 0x3b, 0x7e, 0xc5, 0xa6,
+    0x33, 0x1d, 0x19, 0xd1, 0xd5, 0x67, 0x6c, 0xbf, 0x16, 0xb0,
+    0x7e, 0x80, 0x10, 0xbf, 0x7f, 0xdd, 0xd0, 0xf4, 0xc3, 0x94,
+    0x2c, 0x9a, 0x2c, 0xda, 0x69, 0x4e, 0xd6, 0x7b, 0x40, 0x4d,
+    0x2a, 0x27, 0xcb, 0x5a, 0xe5, 0x2d, 0x3f, 0x7d, 0x51, 0x9d,
+    0x9f, 0x70, 0xde, 0x50, 0xb1, 0xd3, 0xd2, 0x38, 0x4d, 0x1c,
+    0xca, 0xc2, 0x1e, 0x80, 0xd0, 0x36, 0x82, 0x04, 0xe6, 0x17,
+    0x79, 0x9f, 0x2e, 0xc9, 0xed, 0x2b, 0xd5, 0x1b, 0xfa, 0x7d,
+    0x1a, 0x80, 0xb5, 0x0e, 0x2f, 0x05, 0xbe, 0x4a, 0x1b, 0xfe,
+    0x0a, 0xad, 0x01, 0xde, 0x91, 0xc8, 0xf9, 0x81, 0xbe, 0xc7,
+    0xaf, 0xe7, 0x87, 0xed, 0x9d, 0xb8, 0x6c, 0xad, 0x65, 0xed,
+    0x5e, 0xd3, 0x67, 0x8c, 0x62, 0x3a, 0xe7, 0xfd, 0x67, 0xe0,
+    0xbb, 0x57, 0xaf, 0x56, 0xeb, 0x4a, 0x58, 0x6e, 0xad, 0xf2,
+    0xbe, 0xc3, 0x70, 0x29, 0xf8, 0xeb, 0x68, 0x45, 0xa0, 0xbd,
+    0xcd, 0xa5, 0xb4, 0xd9, 0x01, 0xb7, 0x44, 0xeb, 0x97, 0xf3,
+    0x0c, 0x56, 0xe4, 0x26, 0xd0, 0xa5, 0xb1, 0xa3, 0x49, 0x6e,
+    0x88, 0xf2, 0x22, 0xe2, 0x7b, 0x58, 0x3a, 0xd9, 0x52, 0xa4,
+    0xb1, 0x4c, 0x5c, 0x7c, 0xf0, 0x88, 0x7b, 0x9f, 0x06, 0xe9,
+    0x32, 0x4e, 0xf2, 0x64, 0x83, 0x8b, 0xa2, 0xea, 0x1d, 0x25,
+    0xf1, 0x8d, 0x16, 0x8b, 0xe0, 0xab, 0xd2, 0xe9, 0xe4, 0x6b,
+    0x7d, 0x76, 0x98, 0x22, 0x53, 0x31, 0x6b, 0xcc, 0xf1, 0xe5,
+    0x1d, 0xd7, 0xa5, 0xb0, 0xea, 0x6b, 0x38, 0x14, 0x0c, 0x06,
+    0x10, 0x27, 0xd8, 0x33, 0xf3, 0x9a, 0xae, 0x94, 0xdd, 0x0b,
+    0xb4, 0x6d, 0xe5, 0x91, 0xdd, 0xf1, 0x0f, 0x27, 0xa4, 0x94,
+    0x55, 0xf0, 0xde, 0x07, 0x29, 0xe6, 0x3f, 0x26, 0x19, 0xa1,
+    0xdd, 0xd1, 0x06, 0x99, 0xda, 0x54, 0x23, 0x3c, 0xf5, 0x5c,
+    0x2e, 0x96, 0xa9, 0x21, 0x23, 0x25, 0x2e, 0x6f, 0xf1, 0xf9,
+    0x11, 0x54, 0xe5, 0x7b, 0xb9, 0x1f, 0x11, 0xe2, 0x9e, 0x6b,
+    0x61, 0x8b, 0xa3, 0x8b, 0xc1, 0x20, 0x9b, 0xfb, 0x51, 0xef,
+    0xbb, 0xb9, 0xf6, 0xaf, 0x66, 0xb3, 0x2c, 0x25, 0xef, 0x76,
+    0xcb, 0xbf, 0x7a, 0x93, 0x2f, 0xe1, 0x17, 0x56, 0xc1, 0x00,
+    0x33, 0xb5, 0xd9, 0x91, 0x05, 0x31, 0xcc, 0x72, 0xcd, 0x4a,
+    0x93, 0x9a, 0xe3, 0x21, 0x42, 0x9e, 0xb8, 0x4e, 0x6c, 0x27,
+    0x93, 0xf0, 0x7f, 0x22, 0xdb, 0xe5, 0xb3, 0xa3, 0xf7, 0xe7,
+    0x80, 0xbb, 0x91, 0xca, 0xf7, 0xe8, 0x52, 0xb8, 0x11, 0x64,
+    0x66, 0x25, 0x94, 0xf8, 0x6f, 0x0b, 0x3b, 0xb7, 0xff, 0x80,
+    0x9e, 0x36, 0xe9, 0x88, 0x2e, 0xab, 0x05, 0xbf, 0x99, 0x9f,
+    0x2b, 0x4f, 0xc6, 0xb1, 0x13, 0x5b, 0x06, 0xff, 0x0a, 0x7b,
+    0xbc, 0x7f, 0x07, 0xa0, 0x35, 0xc2, 0x2d, 0x44, 0x3e, 0xad,
+    0x44, 0xcb, 0x47, 0x18, 0x26, 0x71, 0x7b, 0x17, 0xc9, 0x6d,
+    0xb5, 0x4b, 0xcf, 0xdf, 0x14, 0x2c, 0x6c, 0xdf, 0x21, 0xce,
+    0x93, 0x49, 0x34, 0x69, 0x49, 0xfd, 0x3e, 0x71, 0x5b, 0xfa,
+    0x07, 0xc5, 0x7e, 0x5e, 0x54, 0x1a, 0x3c, 0xa6, 0x29, 0xb5,
+    0xbf, 0x0d, 0xf1, 0xc6, 0xa4, 0x61, 0xd6, 0x17, 0x1d, 0xf0,
+    0xa2, 0x78, 0x8f, 0xbc, 0x7e, 0x0c, 0xb4, 0xf0, 0x1e, 0x05,
+    0xea, 0xb5, 0xad, 0x68, 0x95, 0x0b, 0x27, 0xb4, 0x29, 0x7c,
+    0x70, 0x2a, 0x9a, 0x0a, 0x39, 0xd4, 0x76, 0xb7, 0x72, 0x30,
+    0x5e, 0xae, 0x9c, 0x4a, 0x55, 0xc7, 0x46, 0xd7, 0x5f, 0xbe,
+    0x10, 0x61, 0x25, 0x18, 0x7a, 0x9f, 0xd3, 0x05, 0x3d, 0x6f,
+    0x9a, 0x1e, 0xec, 0x2b, 0x03, 0xe0, 0x49, 0x6a, 0x9c, 0xd6,
+    0xdb, 0xc2, 0xa1, 0xe1, 0x0a, 0xbb, 0x31, 0x42, 0xc8, 0x43,
+    0x4e, 0x7c, 0xa9, 0x7c, 0x60, 0xea, 0xbe, 0xf1, 0x8b, 0xe8,
+    0xb2, 0x90, 0x83, 0x14, 0x21, 0xe4, 0xb3, 0x0d, 0x7c, 0x63,
+    0x3c, 0x98, 0x55, 0xc6, 0x44, 0xa6, 0xa8, 0x1e, 0x42, 0xb7,
+    0x89, 0xa8, 0xbd, 0xb8, 0x34, 0x3d, 0x09, 0x80, 0x99, 0x73,
+    0x9f, 0xaf, 0x17, 0x56, 0xf2, 0x73, 0x3e, 0x1e, 0x6e, 0xe9,
+    0x18, 0xa0, 0x5b, 0x69, 0xce, 0xfd, 0x3d, 0x77, 0x81, 0x95,
+    0x3b, 0xf1, 0xde, 0x26, 0xe9, 0x27, 0xef, 0x92, 0x2a, 0x97,
+    0xdc, 0x95, 0xa5, 0xa3, 0xb0, 0xfb, 0x96, 0x89, 0x4f, 0xe6,
+    0xc1, 0x42, 0x0b, 0xfd, 0xb4, 0x6d, 0x0a, 0x9f, 0x9b, 0x31,
+    0xd8, 0x21, 0x38, 0x8a, 0xee, 0xb6, 0x5c, 0x12, 0xa8, 0xb4,
+    0x07, 0x79, 0x41, 0xa7, 0x7f, 0x13, 0x74, 0xad, 0x0b, 0xee,
+    0x28, 0x52, 0xac, 0x2f, 0x4d, 0x30, 0x1c, 0xc5, 0xa6, 0xa5,
+    0x61, 0x42, 0xbd, 0xe1, 0x4f, 0xd3, 0xec, 0x66, 0xf2, 0x63,
+    0xf4, 0x93, 0xdb, 0x35, 0x2d, 0x3b, 0x71, 0x25, 0x09, 0xde,
+    0xda, 0x46, 0xda, 0xe2, 0xa7, 0xa3, 0xdf, 0xcd, 0xbf, 0x58,
+    0x05, 0x25, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x03,
+    0xc0, 0x5f, 0xd5, 0x15, 0x1b, 0x09, 0xe4, 0xa7, 0xc0, 0xa6,
+    0xd8, 0x0d, 0xa8, 0x2a, 0xd3, 0x1d, 0x46, 0x03, 0x07, 0xf0,
+    0x98, 0xe4, 0x4b, 0x99, 0x66, 0x8e, 0x72, 0xe7, 0xbb, 0x51,
+    0xc6, 0x1a, 0xbe, 0x36, 0xf4, 0x52, 0xba, 0xa8, 0xbf, 0xaa,
+    0xe3, 0x71, 0x1d, 0x83, 0x21, 0xc0, 0xa6, 0x88, 0x4f, 0xf7,
+    0x2b, 0x93, 0x26, 0xe4, 0xa7, 0xed, 0x50, 0x18, 0xaa, 0xf4,
+    0x4c, 0xa2, 0xfe, 0x92, 0x7c, 0xde, 0x2e, 0x54, 0x76, 0xc2,
+    0x25, 0x1e, 0x98, 0xa6, 0x48, 0x01, 0x39, 0x6f, 0x1f, 0x24,
+    0x97, 0x9b, 0x64, 0x95, 0x1c, 0x8d, 0x63, 0x8d, 0x44, 0x6f,
+    0x9d, 0xdf, 0xf4, 0x1a, 0xa5, 0x9a, 0x1e, 0xd3, 0x6c, 0xae,
+    0xa9, 0x8c, 0x3f, 0xfb, 0x2f, 0x78, 0xf6, 0xa6, 0xd6, 0x06,
+    0xd3, 0xb7, 0x26, 0xff, 0x1e, 0xdb, 0x8d, 0xcc, 0x37, 0x4d,
+    0x5c, 0xe2, 0xc3, 0xa5, 0x75, 0xe6, 0xf9, 0xb4, 0x4c, 0x84,
+    0x6f, 0x9e, 0x58, 0x55, 0xc8, 0x01, 0xfa, 0x32, 0xd2, 0x6e,
+    0x2b, 0x45, 0xf2, 0xc6, 0x48, 0xad, 0x40, 0xd8, 0xb9, 0x3c,
+    0x1b, 0xf8, 0xf7, 0x82, 0xd3, 0x0e, 0x73, 0xe3, 0xb1, 0x5b,
+    0x82, 0x71, 0x77, 0x3f, 0x6f, 0x36, 0x9a, 0xe0, 0xec, 0x51,
+    0xf8, 0x5f, 0x84, 0x92, 0xee, 0xb8, 0x7e, 0xe7, 0x1a, 0x14,
+    0x50, 0x82, 0x7a, 0x4d, 0xe6, 0xd6, 0xa3, 0x76, 0x24, 0x8a,
+    0x5f, 0xfe, 0x19, 0xdd, 0xd7, 0xf7, 0x5b, 0xae, 0x18, 0x04,
+    0x90, 0xcd, 0x5c, 0xe5, 0x64, 0xe8, 0x04, 0xb1, 0x06, 0xa5,
+    0xdd, 0xf8, 0x9d, 0x71, 0x13, 0xaa, 0x36, 0x7f, 0x61, 0x27,
+    0xf4, 0xac, 0x95, 0x7d, 0x1a, 0x99, 0x7d, 0xe0, 0xd5, 0x9c,
+    0x5a, 0xad, 0x9a, 0xff, 0x54, 0xb0, 0xb1, 0x55, 0x45, 0x2d,
+    0x19, 0x58, 0x52, 0x28, 0xdd, 0xe0, 0xb5, 0x65, 0x52, 0x97,
+    0x45, 0xf0, 0x2b, 0x98, 0x1f, 0x61, 0x6c, 0x9d, 0xaa, 0x59,
+    0x85, 0xf9, 0x97, 0x7b, 0xbd, 0xeb, 0x95, 0x81, 0xfb, 0x29,
+    0x8c, 0xf0, 0x52, 0xdf, 0xed, 0xee, 0xb2, 0x00, 0x32, 0x35,
+    0x14, 0xa8, 0xa4, 0xca, 0x91, 0xff, 0x18, 0xb7, 0x96, 0xfb,
+    0x32, 0x62, 0xa9, 0xa0, 0xd0, 0x77, 0x43, 0xf5, 0x99, 0xd1,
+    0xee, 0xe8, 0xad, 0x1a, 0x2c, 0xd4, 0xeb, 0xe1, 0xf5, 0x01,
+    0x41, 0x78, 0xc0, 0x27, 0x19, 0x50, 0x2e, 0xba, 0x22, 0xd1,
+    0xeb, 0xb3, 0xa5, 0x27, 0x0b, 0xec, 0xf9, 0x26, 0x7e, 0x1f,
+    0xe7, 0x17, 0x9f, 0x39, 0xa8, 0x72, 0x22, 0x63, 0x79, 0x6a,
+    0x9c, 0x89, 0x55, 0x9a, 0xb4, 0x61, 0x41, 0xbc, 0xaa, 0x14,
+    0x37, 0x29, 0x03, 0xc0, 0x52, 0x4e, 0x31, 0x44, 0x8f, 0x2e,
+    0x17, 0x81, 0x88, 0xf4, 0xce, 0xda, 0x41, 0xb8, 0xd5, 0x14,
+    0x91, 0x8c, 0xca, 0xd2, 0x0d, 0x99, 0x06, 0x09, 0xc2, 0xb7,
+    0xe8, 0xae, 0xfa, 0x01, 0xea, 0x99, 0x62, 0x68, 0xb6, 0xdf,
+    0xc8, 0x27, 0xae, 0xbf, 0xb0, 0x9b, 0x5b, 0x1a, 0xa2, 0xe2,
+    0x5a, 0x7a, 0xe5, 0x4b, 0x92, 0x1f, 0xff, 0x73, 0xae, 0x16,
+    0x40, 0x78, 0x42, 0x28, 0xbb, 0x13, 0x5e, 0xbc, 0x71, 0x7a,
+    0x78, 0x3e, 0xd8, 0x1b, 0xc2, 0x2c, 0xd6, 0xdc, 0xfa, 0x39,
+    0x72, 0xf8, 0xa2, 0x2c, 0x8b, 0x1c, 0x5d, 0xab, 0xb8, 0x07,
+    0xc7, 0xae, 0x29, 0x93, 0x68, 0xbf, 0x61, 0xe9, 0xa4, 0x37,
+    0x83, 0x7d, 0x13, 0xc7, 0x18, 0xf0, 0x7d, 0xa4, 0x20, 0x47,
+    0x14, 0x68, 0x95, 0x46, 0x56, 0x6d, 0xd5, 0x7b, 0xe1, 0x51,
+    0x8f, 0x96, 0xc1, 0x7b, 0x35, 0x09, 0x7a, 0x89, 0x0e, 0xdf,
+    0x12, 0xd5, 0xe1, 0x9c, 0x2a, 0x94, 0x95, 0x43, 0x93, 0x48,
+    0xa6, 0x23, 0xe6, 0xd8, 0xf2, 0xb8, 0x0e, 0xba, 0x6d, 0x61,
+    0x03, 0xaf, 0x40, 0x63, 0x2b, 0x2f, 0xee, 0x61, 0x4c, 0xc4,
+    0x70, 0x3d, 0x78, 0xc1, 0x4f, 0x8e, 0x0b, 0x9b, 0x06, 0x35,
+    0x6d, 0x6d, 0x83, 0x37, 0xbb, 0x39, 0x7d, 0x7f, 0x33, 0x93,
+    0xc4, 0xeb, 0x8e, 0xfc, 0xda, 0xf0, 0x54, 0xfe, 0x1d, 0xc4,
+    0xd3, 0x83, 0x99, 0xdf, 0x65, 0xee, 0x00, 0x7d, 0x86, 0x27,
+    0xd4, 0x3a, 0x6b, 0xe6, 0x82, 0x8e, 0x58, 0x2d, 0x03, 0x38,
+    0xef, 0x6c, 0x82, 0x87, 0x18, 0x3b, 0x47, 0xe7, 0xbc, 0xe1,
+    0x58, 0x70, 0x4d, 0x46, 0x96, 0x34, 0x60, 0x96, 0x15, 0x09,
+    0x3c, 0x84, 0x40, 0xaf, 0x80, 0x32, 0x75, 0xc7, 0x23, 0x6c,
+    0xfb, 0x1d, 0x57, 0x73, 0x19, 0x09, 0xe8, 0x1a, 0x4c, 0x02,
+    0x5c, 0x7e, 0x4e, 0xbe, 0x75, 0xf8, 0x73, 0xff, 0x2d, 0x54,
+    0x19, 0x55, 0xf5, 0xf4, 0x1b, 0xc9, 0xbc, 0xc2, 0x19, 0xcb,
+    0xb7, 0x4e, 0x6a, 0x0d, 0xff, 0xca, 0x7d, 0xd0, 0x88, 0x91,
+    0x8b, 0x9b, 0x21, 0xa4, 0xa2, 0x43, 0x0d, 0xbc, 0x9e, 0x73,
+    0x7d, 0x54, 0x7d, 0x95, 0xcc, 0x63, 0x5e, 0xc1, 0xb8, 0xe6,
+    0x27, 0xff, 0x20, 0x07, 0xe8, 0x6e, 0x7e, 0xf2, 0x0f, 0x5a,
+    0x09, 0xef, 0xe5, 0x4d, 0x80, 0x39, 0x95, 0xd5, 0xf4, 0xee,
+    0x3b, 0xca, 0x7c, 0x73, 0xf8, 0x39, 0x5a, 0xc1, 0x1d, 0x7d,
+    0x94, 0x72, 0x32, 0xad, 0x58, 0xe2, 0xfc, 0x71, 0x6e, 0x66,
+    0xaa, 0xa1, 0x59, 0xd6, 0xac, 0xab, 0xbe, 0x8c, 0x53, 0x99,
+    0xcd, 0xe8, 0x2d, 0xb5, 0xb3, 0x46, 0x58, 0x2e, 0x16, 0xd7,
+    0x4d, 0x8b, 0x7d, 0x4a, 0xb1, 0x4c, 0x85, 0x91, 0x1b, 0x57,
+    0x54, 0xf8, 0x14, 0x59, 0xdb, 0xc4, 0x2c, 0x9c, 0x08, 0x6d,
+    0x3d, 0xd7, 0xf6, 0xa6, 0xe6, 0xb3, 0x2a, 0xe7, 0x29, 0x1c,
+    0xab, 0xb4, 0xed, 0x13, 0x19, 0xf8, 0xb6, 0x60, 0x92, 0x44,
+    0x53, 0xd4, 0xa9, 0x7e, 0xba, 0x21, 0xa2, 0xdc, 0x6e, 0xa5,
+    0x5e, 0x53, 0x59, 0x3c, 0x52, 0x61, 0x7b, 0x5f, 0x19, 0xad,
+    0xc8, 0x6d, 0x68, 0x8d, 0x7a, 0xc9, 0xd6, 0xef, 0xeb, 0x67,
+    0x4f, 0xca, 0xe7, 0xf6, 0x29, 0x36, 0x97, 0xfb, 0x3e, 0x37,
+    0x95, 0x85, 0x71, 0x70, 0xf6, 0x63, 0x86, 0x2a, 0x29, 0xd7,
+    0x9a, 0x96, 0x76, 0xa7, 0x47, 0x98, 0x4e, 0x06, 0x31, 0xaf,
+    0xf3, 0x4f, 0x2a, 0x65, 0x90, 0x6a, 0x4b, 0x8e, 0x43, 0x79,
+    0xe2, 0xdd, 0xce, 0x08, 0x1c, 0x01, 0xec, 0x38, 0x41, 0xdd,
+    0x19, 0xd8, 0xf3, 0x36, 0x03, 0x35, 0x03, 0xaf, 0x1c, 0x45,
+    0x3c, 0xac, 0x13, 0xaa, 0x36, 0x16, 0x48, 0x77, 0xb3, 0xbe,
+    0xa3, 0xb3, 0x9d, 0x7f, 0x20, 0xca, 0x74, 0x65, 0xac, 0x93,
+    0xa7, 0x54, 0xad, 0xc8, 0x68, 0x0e, 0xf8, 0x44, 0x1f, 0xad,
+    0x2c, 0xb7, 0x9a, 0x9a, 0x07, 0xe5, 0xcd, 0x87, 0xe0, 0x14,
+    0xb5, 0xaf, 0xd3, 0xd7, 0xcf, 0x13, 0x9f, 0x3b, 0xbd, 0xfe,
+    0x29, 0x0b, 0x72, 0xf5, 0x4c, 0x54, 0x94, 0xc7, 0x66, 0xec,
+    0xa8, 0x41, 0x96, 0x3d, 0x17, 0xed, 0x19, 0xc0, 0x82, 0x3e,
+    0x5f, 0x9a, 0x91, 0xfe, 0xd1, 0x2f, 0xb8, 0x94, 0xaa, 0x58,
+    0x68, 0x95, 0x31, 0x87, 0x57, 0x9a, 0x75, 0x94, 0x4d, 0x38,
+    0x7d, 0x56, 0x82, 0x81, 0x9c, 0xb9, 0x34, 0x2b, 0xe7, 0x40,
+    0xd9, 0x3c, 0x77, 0x5b, 0x95, 0x51, 0x06, 0x11, 0x41, 0xe3,
+    0x8b, 0xb7, 0x32, 0xeb, 0xe1, 0x05, 0x1b, 0x10, 0xa8, 0x0e,
+    0xa1, 0x02, 0x82, 0x01, 0xe1, 0x00, 0xfa, 0x38, 0x34, 0xfe,
+    0x55, 0x87, 0x71, 0x62, 0x47, 0x00, 0x33, 0x64, 0x67, 0x70,
+    0x79, 0x76, 0xdf, 0xfe, 0xc3, 0x28, 0x38, 0xdf, 0x90, 0xd4,
+    0xc0, 0xee, 0x98, 0xbf, 0x9d, 0x9b, 0x85, 0xd8, 0x61, 0x65,
+    0xa5, 0x70, 0xf5, 0xd2, 0x2c, 0xbf, 0x2f, 0xb5, 0x55, 0x79,
+    0x92, 0x13, 0xba, 0x4d, 0x3c, 0x39, 0xbf, 0xd5, 0x31, 0x13,
+    0x7a, 0x31, 0xf4, 0x8b, 0xce, 0xf8, 0xd0, 0xd3, 0x9b, 0xe2,
+    0xee, 0x31, 0xdb, 0xba, 0xcc, 0x1a, 0xba, 0x1c, 0x8d, 0xee,
+    0xea, 0xcb, 0xd3, 0x5a, 0xad, 0x87, 0xd6, 0xf9, 0x15, 0x2f,
+    0x6e, 0x00, 0x06, 0x74, 0x25, 0x8d, 0xff, 0xc8, 0xa6, 0x11,
+    0x1c, 0xe8, 0x16, 0x1a, 0xde, 0x53, 0x05, 0xb9, 0x53, 0x55,
+    0x28, 0x83, 0x3d, 0xbe, 0x61, 0x0c, 0xc4, 0x98, 0x7d, 0xf6,
+    0xec, 0x36, 0xc3, 0xe5, 0xe7, 0x1d, 0x14, 0x64, 0xcb, 0x0d,
+    0x62, 0x5d, 0x7a, 0xcd, 0x88, 0xfc, 0x66, 0x4e, 0xf9, 0x36,
+    0x47, 0x95, 0x18, 0x3a, 0x48, 0x2a, 0xff, 0x62, 0x8f, 0x6c,
+    0xe2, 0xc2, 0xe9, 0xd3, 0x6a, 0x45, 0x5c, 0xf5, 0x89, 0x53,
+    0x5c, 0xbe, 0xcf, 0xad, 0x87, 0x22, 0x9c, 0x31, 0x48, 0xdb,
+    0xd8, 0xe4, 0xe5, 0x38, 0xae, 0xc2, 0xb0, 0xd2, 0xba, 0xb7,
+    0x30, 0x53, 0x2d, 0xb1, 0x35, 0xf1, 0x58, 0x0f, 0x8a, 0x06,
+    0x51, 0x76, 0xb9, 0x2c, 0x32, 0xe0, 0xd1, 0xaa, 0x82, 0x34,
+    0x69, 0x71, 0x1c, 0x5f, 0x35, 0xa8, 0x9d, 0x11, 0xac, 0x13,
+    0xdb, 0x7b, 0xf6, 0x93, 0xe3, 0xb9, 0xbd, 0xd9, 0xb2, 0x86,
+    0xff, 0x61, 0x88, 0x2b, 0x72, 0x5c, 0x84, 0xe1, 0x0c, 0x72,
+    0xab, 0x44, 0xff, 0x23, 0x13, 0xaf, 0xd1, 0x5a, 0xd3, 0xea,
+    0x73, 0xfe, 0xd5, 0xa4, 0x7d, 0x9e, 0x4e, 0xac, 0x03, 0x93,
+    0x72, 0x14, 0x2d, 0x96, 0x6f, 0xee, 0xb4, 0xcd, 0x4e, 0xab,
+    0xea, 0x71, 0x93, 0x81, 0xe0, 0x3d, 0xcd, 0x61, 0x96, 0x25,
+    0x76, 0xbd, 0xc4, 0xb5, 0xdd, 0x7c, 0xf1, 0xb9, 0xe1, 0x2c,
+    0x58, 0x1b, 0xa4, 0x46, 0x4b, 0x12, 0x57, 0x58, 0xaa, 0x3a,
+    0xae, 0x89, 0xa3, 0xb3, 0xcf, 0x1f, 0x8d, 0x67, 0xdf, 0x6d,
+    0x7e, 0x8e, 0xfa, 0xc5, 0x09, 0x73, 0x46, 0x56, 0x55, 0x90,
+    0xeb, 0x77, 0x4e, 0x16, 0x4f, 0x68, 0x7b, 0x1f, 0x61, 0x23,
+    0xec, 0xa9, 0x71, 0x30, 0x33, 0x25, 0xc7, 0x4e, 0x26, 0x2e,
+    0x4e, 0x2b, 0xc2, 0x64, 0x5f, 0xf5, 0x8f, 0x7a, 0x4b, 0x1c,
+    0x06, 0xb3, 0x91, 0xf6, 0x9b, 0x51, 0xb7, 0xb0, 0x64, 0x72,
+    0x04, 0xe5, 0xfa, 0x14, 0x2f, 0xed, 0x61, 0x29, 0x03, 0x73,
+    0x19, 0x15, 0x6e, 0x2c, 0x8b, 0x0e, 0xec, 0x4d, 0xf1, 0xe3,
+    0x6f, 0x58, 0x7c, 0xc9, 0x48, 0x67, 0x3f, 0x51, 0xb5, 0xb7,
+    0x26, 0x46, 0xa7, 0x25, 0x79, 0x55, 0xfe, 0x3a, 0x44, 0xb4,
+    0x44, 0xfc, 0xb8, 0x14, 0x34, 0x47, 0xd7, 0xa3, 0x0e, 0x76,
+    0xe7, 0x83, 0x9a, 0x02, 0xc3, 0xcf, 0x2b, 0xd9, 0x83, 0x93,
+    0xd5, 0xee, 0x99, 0x74, 0x45, 0x62, 0x23, 0xa6, 0x02, 0xc9,
+    0xc0, 0x10, 0x70, 0x0a, 0x99, 0x29, 0x0c, 0x79, 0x04, 0x4c,
+    0x77, 0x21, 0x96, 0xf0, 0xa5, 0x17, 0x22, 0xbe, 0xab, 0x9b,
+    0xd7, 0x42, 0xd3, 0xe9, 0xc0, 0x42, 0x44, 0x7d, 0x9d, 0xc9,
+    0x3d, 0xf9, 0x36, 0x97, 0x1b, 0x75, 0x52, 0x8f, 0xe9, 0xb9,
+    0x8c, 0xa7, 0x64, 0x19, 0x5b, 0x5d, 0x60, 0xb4, 0x42, 0x95,
+    0xc9, 0xdb, 0x82, 0x03, 0xc6, 0xb0, 0x28, 0x72, 0x64, 0x03,
+    0x41, 0x4d, 0x8f, 0xc6, 0xd0, 0xcd, 0x02, 0x82, 0x01, 0xe1,
+    0x00, 0xe8, 0x66, 0xa7, 0xf9, 0x0f, 0x5a, 0x21, 0xfc, 0x88,
+    0x4e, 0x91, 0xd5, 0x4a, 0xf0, 0xf4, 0x32, 0xe5, 0x0d, 0xf3,
+    0x06, 0x95, 0xd0, 0x4e, 0x47, 0x0c, 0x04, 0x66, 0x77, 0xfd,
+    0xb8, 0x93, 0x0d, 0xff, 0x8f, 0x97, 0xa0, 0x4a, 0x36, 0x37,
+    0xa6, 0x5e, 0x95, 0x79, 0xc8, 0xb2, 0x21, 0x98, 0x81, 0xf1,
+    0xb8, 0xf4, 0x52, 0xaf, 0x3c, 0x8c, 0x86, 0x85, 0x55, 0x56,
+    0xfc, 0x90, 0xe3, 0x32, 0x50, 0x7c, 0x54, 0x07, 0x9e, 0xed,
+    0xfc, 0xd4, 0xb9, 0x5c, 0x98, 0x22, 0xfb, 0x72, 0xd7, 0x83,
+    0xf0, 0xd1, 0x61, 0x10, 0xbd, 0x68, 0x5d, 0x72, 0xc1, 0xce,
+    0x92, 0x43, 0x77, 0x9f, 0xb8, 0x8d, 0x8e, 0xf2, 0xe3, 0x62,
+    0x4a, 0x93, 0x03, 0xd3, 0xd9, 0x01, 0xa8, 0x99, 0x6f, 0xa3,
+    0x4c, 0x6d, 0x7a, 0xf2, 0x9e, 0x8e, 0x6b, 0xbc, 0xe4, 0x9d,
+    0x8e, 0xe7, 0x25, 0x86, 0xa4, 0xa9, 0xc2, 0xef, 0xdf, 0xbb,
+    0x6e, 0x3d, 0x4b, 0x57, 0x95, 0x81, 0x6f, 0x68, 0x3f, 0x19,
+    0xa8, 0xff, 0x5a, 0x08, 0x7a, 0xe4, 0x4c, 0x4e, 0xb4, 0xea,
+    0xf4, 0xc8, 0x2f, 0xef, 0x8c, 0x5e, 0xcd, 0x62, 0x1c, 0x8c,
+    0x93, 0x60, 0x5d, 0xa3, 0x11, 0x64, 0x0b, 0xeb, 0x6d, 0x21,
+    0xbc, 0x3a, 0x5b, 0x5c, 0x0c, 0xa7, 0x8a, 0xc6, 0xa8, 0xe1,
+    0x48, 0x81, 0x01, 0xb5, 0x65, 0xab, 0x2e, 0xbe, 0x38, 0x94,
+    0xf7, 0xa6, 0x33, 0xc1, 0x6e, 0x0b, 0x88, 0x38, 0xe7, 0x1b,
+    0x04, 0x9a, 0x10, 0x2d, 0x1d, 0x3f, 0x5f, 0x5f, 0xc8, 0xef,
+    0xcd, 0xc5, 0x16, 0xdc, 0x84, 0xc0, 0x66, 0xe0, 0xa3, 0xfc,
+    0xfa, 0x96, 0xc7, 0xb7, 0xec, 0x4f, 0x40, 0x0a, 0xc5, 0xbe,
+    0x6d, 0x39, 0x4a, 0x7e, 0x91, 0x4f, 0xe1, 0x03, 0xd2, 0x39,
+    0xbc, 0x87, 0x69, 0xa1, 0xf0, 0x6d, 0x11, 0xf5, 0xb4, 0x9d,
+    0xae, 0x76, 0x6b, 0xc6, 0xbf, 0xe4, 0x47, 0xbc, 0x4d, 0x13,
+    0x88, 0xa8, 0x83, 0xf5, 0xae, 0x1d, 0xfb, 0x4d, 0x4c, 0x44,
+    0x03, 0xd8, 0xa4, 0x2e, 0x4d, 0xf8, 0x5f, 0x45, 0x94, 0x58,
+    0xd7, 0xd9, 0x4b, 0x47, 0xd8, 0xfc, 0x35, 0x05, 0xed, 0xb4,
+    0xb6, 0xc2, 0x36, 0x2e, 0xba, 0xd2, 0x7a, 0xba, 0x69, 0x34,
+    0xbf, 0xf1, 0xa1, 0x5e, 0x17, 0x71, 0x89, 0xd3, 0x54, 0x57,
+    0x05, 0x2b, 0x82, 0xe3, 0x0a, 0x64, 0x5c, 0x3b, 0x8c, 0x6b,
+    0xc7, 0x10, 0x8a, 0xb5, 0xd3, 0xd7, 0x90, 0xeb, 0xdb, 0x1d,
+    0xa0, 0xbf, 0x6b, 0xea, 0xcd, 0x31, 0x7a, 0x8d, 0x64, 0xcc,
+    0x58, 0xc0, 0x07, 0xa4, 0x6e, 0x14, 0x0b, 0xf3, 0xea, 0x3e,
+    0x87, 0x9f, 0x7c, 0xb8, 0x1c, 0x22, 0x26, 0x8a, 0x7d, 0x90,
+    0xdd, 0x57, 0x28, 0x38, 0xcc, 0x0e, 0x71, 0x92, 0x89, 0xee,
+    0x79, 0x88, 0xbc, 0x05, 0x21, 0xda, 0x42, 0x92, 0x52, 0x66,
+    0xac, 0x4a, 0xe5, 0xf5, 0x6e, 0x47, 0xd5, 0xba, 0x37, 0xd3,
+    0x7c, 0x89, 0xd4, 0xd8, 0x6f, 0xde, 0x63, 0x44, 0xb5, 0x88,
+    0xdd, 0xb1, 0x30, 0xb4, 0x6d, 0xcd, 0xbf, 0xc8, 0x34, 0x27,
+    0x59, 0x7d, 0x79, 0xdc, 0x96, 0x5b, 0x8e, 0xc0, 0x87, 0xc0,
+    0x4e, 0x40, 0x07, 0x13, 0x91, 0x6b, 0x3a, 0x12, 0x03, 0x64,
+    0x70, 0xaf, 0x80, 0x24, 0x1c, 0x5c, 0xfb, 0xf5, 0xc0, 0x74,
+    0x5e, 0xaf, 0x06, 0x18, 0x04, 0x67, 0x4a, 0xbd, 0xac, 0xd7,
+    0xca, 0xbe, 0x4e, 0xa1, 0x19, 0x48, 0x7d, 0xa6, 0x59, 0xf6,
+    0x1a, 0x62, 0x50, 0x53, 0x46, 0xa4, 0x5b, 0x9c, 0x5a, 0xfd,
+    0x89, 0x9d, 0xd4, 0xde, 0xf4, 0xa7, 0x3d, 0x88, 0x73, 0xa5,
+    0xb9, 0x02, 0x82, 0x01, 0xe1, 0x00, 0xe7, 0x70, 0x59, 0xc3,
+    0xed, 0xc4, 0x6b, 0xa1, 0xa5, 0x5e, 0x90, 0x2a, 0x8c, 0x6a,
+    0xc2, 0x4e, 0xab, 0xfc, 0xee, 0xf2, 0x23, 0x38, 0xd6, 0xb3,
+    0x93, 0x08, 0x9e, 0x0c, 0x8e, 0x71, 0x2d, 0xa9, 0xe8, 0xdc,
+    0xa5, 0xdc, 0x07, 0xe3, 0xb1, 0x33, 0xdd, 0xa2, 0xf2, 0x3e,
+    0x92, 0x58, 0xe0, 0xf7, 0x53, 0x7f, 0x6e, 0xea, 0x78, 0x8c,
+    0x35, 0x78, 0x43, 0x63, 0x95, 0xbb, 0x1b, 0x1c, 0xbf, 0x91,
+    0x75, 0x14, 0x74, 0xd3, 0x20, 0xba, 0x8f, 0xee, 0x9d, 0x71,
+    0xa1, 0x87, 0x8a, 0x24, 0xd3, 0x61, 0x53, 0xfb, 0xec, 0x16,
+    0x84, 0xbe, 0x4d, 0x39, 0xdd, 0x0a, 0xac, 0xce, 0x20, 0x9c,
+    0xaf, 0x8a, 0x13, 0xf8, 0x22, 0x2f, 0xd4, 0x99, 0x88, 0x74,
+    0xba, 0x16, 0x3a, 0x63, 0xff, 0x4c, 0x5a, 0x03, 0x5a, 0x6f,
+    0xac, 0x29, 0x33, 0xa5, 0x50, 0xd1, 0xda, 0xed, 0x27, 0xcb,
+    0x67, 0x72, 0x63, 0x85, 0xfc, 0xf0, 0xc8, 0x88, 0xbf, 0x85,
+    0xef, 0x4b, 0xfe, 0xae, 0xd9, 0xd5, 0xbb, 0x86, 0xa4, 0x76,
+    0xe8, 0x7f, 0xb4, 0xdb, 0xb1, 0xee, 0x1a, 0x7f, 0x99, 0xd7,
+    0x9b, 0x6f, 0x7a, 0x94, 0x5c, 0xec, 0x2c, 0x60, 0x81, 0xad,
+    0xa7, 0xbe, 0x80, 0x2e, 0x9f, 0xa6, 0xc0, 0xfb, 0x09, 0x6d,
+    0x2b, 0xab, 0xa4, 0x15, 0xc7, 0x79, 0x46, 0x24, 0x89, 0x5c,
+    0x32, 0xb9, 0x87, 0xa9, 0x54, 0x1e, 0x12, 0x90, 0x8e, 0x02,
+    0x80, 0x8c, 0xf8, 0xdb, 0x2f, 0xbc, 0x98, 0x1b, 0xa2, 0x78,
+    0x73, 0x89, 0x03, 0x97, 0xe3, 0x09, 0x08, 0x8b, 0x75, 0xcf,
+    0xdc, 0x23, 0x90, 0x59, 0xef, 0x5b, 0x98, 0x24, 0xb8, 0xe8,
+    0xcf, 0x75, 0xf0, 0x2f, 0xb7, 0xa3, 0xe6, 0x17, 0x06, 0xf0,
+    0x52, 0xfe, 0x21, 0x0a, 0x16, 0x8e, 0xf8, 0xe1, 0xae, 0x25,
+    0x11, 0x5d, 0x8c, 0x95, 0x1b, 0x4f, 0x45, 0xb8, 0xa8, 0xcd,
+    0xe6, 0xf9, 0xca, 0xa0, 0x54, 0x93, 0x95, 0x86, 0x6f, 0xe4,
+    0x93, 0x22, 0x0f, 0xf2, 0xcf, 0xbd, 0x23, 0xb0, 0xf4, 0x8f,
+    0x99, 0xa7, 0x67, 0x99, 0x05, 0x13, 0x1f, 0xeb, 0x88, 0xf8,
+    0xe2, 0x3b, 0xb9, 0x49, 0x35, 0x89, 0x4f, 0xb8, 0x06, 0x37,
+    0x36, 0xda, 0x75, 0x25, 0x0f, 0x0a, 0xaa, 0xc2, 0x6c, 0x3e,
+    0xb1, 0x2d, 0x16, 0xf3, 0x17, 0xdb, 0xe2, 0x16, 0x32, 0x39,
+    0x92, 0x4b, 0x5f, 0xc0, 0x5f, 0x6e, 0xd0, 0x1c, 0x7e, 0xc0,
+    0x51, 0xd9, 0xb3, 0xe2, 0x37, 0xc7, 0xe0, 0x40, 0x13, 0x7d,
+    0x06, 0xcd, 0xcd, 0x72, 0xb6, 0x53, 0x2d, 0x7e, 0x60, 0x49,
+    0xfe, 0x31, 0xe1, 0xd0, 0x0e, 0x4c, 0x98, 0x93, 0xe0, 0xf6,
+    0xf2, 0xfa, 0x99, 0x7f, 0x65, 0xd8, 0x15, 0xc6, 0x3a, 0xb8,
+    0x4d, 0x63, 0x21, 0x78, 0xe4, 0x19, 0x6b, 0xbd, 0xde, 0x40,
+    0x5b, 0x8c, 0xfa, 0x49, 0x75, 0x23, 0x8f, 0x14, 0xc2, 0x3b,
+    0xa3, 0x9b, 0xc5, 0x80, 0x1a, 0xa3, 0x60, 0xd7, 0x17, 0x27,
+    0xf0, 0x18, 0x0f, 0xba, 0x02, 0xf7, 0x7a, 0xed, 0xa4, 0x00,
+    0x77, 0xde, 0x4b, 0xdd, 0xf9, 0xd7, 0x3e, 0x75, 0xed, 0x1a,
+    0x43, 0x26, 0x71, 0x1b, 0xbc, 0x72, 0xf5, 0x70, 0x72, 0x03,
+    0x70, 0x25, 0x87, 0x81, 0x6a, 0x92, 0x2d, 0xb7, 0x02, 0xf0,
+    0x10, 0x79, 0x65, 0x9d, 0x4e, 0x11, 0x7d, 0x5c, 0x5b, 0x37,
+    0xaa, 0xb4, 0xfa, 0x43, 0x66, 0x48, 0x6c, 0x67, 0x64, 0x9e,
+    0x15, 0x75, 0x36, 0xe7, 0x25, 0x55, 0x07, 0x7f, 0x74, 0x1f,
+    0x2c, 0x28, 0x76, 0xe7, 0x9b, 0x3d, 0x91, 0x0b, 0xcd, 0x6a,
+    0x1d, 0x5a, 0xea, 0x63, 0xd0, 0xf9, 0x02, 0x82, 0x01, 0xe0,
+    0x3e, 0x31, 0xf2, 0xf4, 0x29, 0x92, 0xa2, 0x93, 0xd5, 0xda,
+    0xc9, 0x16, 0x7e, 0xf6, 0xdb, 0x33, 0x9f, 0xaf, 0x4b, 0x01,
+    0xd1, 0x28, 0x2d, 0x3a, 0xc0, 0x51, 0x91, 0x26, 0xbd, 0xa5,
+    0x1e, 0xdd, 0xd9, 0x2e, 0x11, 0x93, 0x19, 0x29, 0x47, 0x5d,
+    0x63, 0xe4, 0xb6, 0xf1, 0xea, 0x12, 0x29, 0xa1, 0x65, 0x12,
+    0x6d, 0x78, 0x8f, 0x63, 0x31, 0xec, 0x72, 0x54, 0x73, 0x72,
+    0x26, 0x48, 0x57, 0x57, 0xc8, 0xde, 0x28, 0x27, 0xf5, 0x62,
+    0xfb, 0x7f, 0x1b, 0xf3, 0xaf, 0x31, 0x01, 0xfc, 0x01, 0x58,
+    0x7a, 0x80, 0x72, 0x9d, 0x6e, 0x07, 0xcc, 0x45, 0x67, 0xc6,
+    0x26, 0xfe, 0x25, 0xa5, 0x9b, 0x64, 0xcd, 0x45, 0xe3, 0x31,
+    0x38, 0x05, 0x07, 0x36, 0x05, 0x46, 0x9c, 0xc1, 0x8e, 0xbf,
+    0x4e, 0x71, 0x5f, 0xea, 0xe5, 0x0c, 0x9a, 0x41, 0xc8, 0x94,
+    0xcc, 0xf1, 0x73, 0x06, 0x30, 0x54, 0x76, 0x23, 0xb7, 0x22,
+    0x7a, 0x8e, 0xe6, 0x42, 0xa1, 0xa0, 0x32, 0x12, 0xe9, 0x08,
+    0x1c, 0x46, 0x79, 0x0c, 0x82, 0x7a, 0x95, 0x79, 0xbf, 0x83,
+    0x80, 0xeb, 0xab, 0x3d, 0x32, 0xc5, 0xde, 0x62, 0xeb, 0x90,
+    0x29, 0x73, 0x05, 0xc8, 0x0a, 0xb1, 0x51, 0xf1, 0x23, 0xdd,
+    0x1e, 0xf5, 0x02, 0x3e, 0x74, 0xbc, 0x24, 0x0c, 0x60, 0x36,
+    0x2a, 0x28, 0x4d, 0xe6, 0x86, 0x98, 0x7c, 0xd9, 0xe1, 0xac,
+    0x21, 0x33, 0xaa, 0xa9, 0x8b, 0xb6, 0x8a, 0x1b, 0xf7, 0x54,
+    0x14, 0xf3, 0x0d, 0x4f, 0xcd, 0x7c, 0xf5, 0xc2, 0x6d, 0xc2,
+    0xf0, 0xe2, 0xfc, 0x63, 0x1e, 0xa6, 0xa9, 0xa9, 0xd9, 0x73,
+    0x2a, 0xd5, 0x0a, 0x38, 0xd8, 0xc0, 0xb7, 0xe1, 0x51, 0xe4,
+    0x23, 0x37, 0xf7, 0x85, 0x66, 0x0e, 0x3f, 0x1a, 0x8c, 0xcf,
+    0x12, 0xa2, 0x47, 0x6f, 0x73, 0x91, 0x21, 0xe3, 0x93, 0x6b,
+    0x74, 0x4f, 0xc5, 0xa1, 0xe7, 0x32, 0xf7, 0x86, 0xdd, 0x1a,
+    0x6e, 0x96, 0xda, 0x32, 0x1d, 0xdd, 0xfa, 0x42, 0xd5, 0xd4,
+    0xfd, 0xae, 0x7a, 0xa1, 0xed, 0x3d, 0x79, 0xfe, 0x88, 0x84,
+    0x43, 0xa7, 0xec, 0xf3, 0x7a, 0x13, 0xaa, 0xa1, 0x82, 0x02,
+    0x83, 0x19, 0x43, 0x0a, 0x46, 0x78, 0x07, 0xd9, 0x4d, 0xff,
+    0xac, 0x67, 0xd6, 0x29, 0x89, 0xfe, 0x2b, 0xab, 0x5f, 0x9a,
+    0x87, 0x99, 0x80, 0xaf, 0x70, 0x4a, 0x6a, 0xb9, 0x5a, 0xc2,
+    0xac, 0x7f, 0xa2, 0xc7, 0xad, 0xe2, 0x1f, 0xec, 0xc5, 0x12,
+    0x17, 0x08, 0x87, 0x8f, 0x20, 0x95, 0xbe, 0xaf, 0x62, 0x2c,
+    0xc2, 0x3f, 0x89, 0x56, 0xd8, 0x50, 0x96, 0x97, 0x72, 0xe2,
+    0x92, 0xe1, 0x2a, 0xd8, 0x84, 0x9f, 0x31, 0xe3, 0x06, 0xd8,
+    0xe5, 0x91, 0x63, 0x19, 0xe1, 0x27, 0xad, 0xe2, 0xf2, 0x0a,
+    0x5e, 0x78, 0x8b, 0x1b, 0x13, 0x31, 0x4b, 0xbd, 0x77, 0xb2,
+    0xd6, 0x5c, 0x92, 0x81, 0x50, 0x02, 0x37, 0xd2, 0xe6, 0xeb,
+    0x66, 0x6b, 0xaa, 0xfc, 0xcd, 0x54, 0x5d, 0xb8, 0x03, 0x87,
+    0xe8, 0xfa, 0xb2, 0xde, 0xcb, 0xf8, 0x6e, 0x58, 0xde, 0xcb,
+    0x09, 0x54, 0x8a, 0x9f, 0x46, 0xa3, 0x7e, 0x8d, 0x15, 0xff,
+    0x1b, 0x0d, 0x89, 0xc4, 0x1a, 0x21, 0x31, 0x5e, 0xed, 0x0b,
+    0x67, 0x3c, 0x70, 0xed, 0x92, 0x48, 0xef, 0xec, 0xf0, 0x77,
+    0xc2, 0x79, 0x6c, 0x06, 0x09, 0xaa, 0xab, 0xf6, 0x4c, 0xcd,
+    0xfa, 0x7e, 0x4a, 0x88, 0xdc, 0xa8, 0x9b, 0xd3, 0x69, 0x94,
+    0x88, 0x09, 0x1d, 0x30, 0x43, 0x9e, 0x2c, 0xcb, 0x01, 0x1d,
+    0x4a, 0x3b, 0x04, 0xec, 0x0e, 0xb1, 0xde, 0x09, 0xad, 0x29,
+    0x02, 0x82, 0x01, 0xe1, 0x00, 0x9f, 0x02, 0x13, 0x7a, 0xd0,
+    0xa9, 0x8a, 0x7a, 0xa0, 0x05, 0xbb, 0x44, 0x6f, 0xaf, 0xf7,
+    0xe3, 0xd4, 0x35, 0xef, 0x73, 0x39, 0xd5, 0xe0, 0xa2, 0x0f,
+    0x1a, 0x25, 0xa8, 0xf7, 0xc2, 0xa5, 0xec, 0x57, 0xf8, 0x0d,
+    0x2a, 0xb6, 0x64, 0x03, 0x8c, 0x22, 0x0f, 0xe7, 0x98, 0xa1,
+    0x12, 0xfe, 0x24, 0xef, 0x61, 0x28, 0x9f, 0xa7, 0x22, 0x6b,
+    0x6d, 0xab, 0x8d, 0x7d, 0x2a, 0x8b, 0xae, 0x8b, 0xfd, 0xcb,
+    0xd5, 0x0b, 0x79, 0x1b, 0x89, 0xcb, 0x5b, 0x7a, 0x8c, 0xdc,
+    0xe8, 0x8d, 0xdd, 0x35, 0x9f, 0x06, 0x69, 0x64, 0x12, 0xeb,
+    0x46, 0x79, 0xdf, 0x82, 0x2c, 0x89, 0x75, 0x9e, 0x7a, 0xec,
+    0xad, 0xe5, 0x88, 0x31, 0xfa, 0x86, 0x93, 0xca, 0xf1, 0x2d,
+    0x9b, 0x62, 0x5a, 0xe9, 0x43, 0x09, 0xf3, 0x8c, 0xe5, 0xc7,
+    0xc0, 0xce, 0x86, 0xe7, 0xdb, 0xc7, 0x4d, 0x27, 0xd5, 0xee,
+    0x76, 0xce, 0x35, 0x30, 0x47, 0xef, 0x00, 0x1b, 0x69, 0x9a,
+    0x3f, 0xa5, 0x2a, 0xc9, 0x07, 0xab, 0x99, 0xba, 0x2a, 0xe7,
+    0xfb, 0xa9, 0x4e, 0xb9, 0xae, 0x2c, 0x50, 0xfc, 0x35, 0x49,
+    0xe6, 0x97, 0x78, 0x3c, 0xb1, 0x59, 0xd7, 0x1d, 0x4e, 0x4e,
+    0xea, 0xde, 0xa0, 0xd0, 0xc4, 0x1d, 0xb1, 0xd3, 0x53, 0x1e,
+    0xf9, 0xbf, 0xb3, 0x6a, 0x17, 0xb4, 0xda, 0xcc, 0x27, 0x19,
+    0xc6, 0x35, 0xe8, 0x28, 0xd3, 0xe3, 0x76, 0x3a, 0xdc, 0xd0,
+    0x75, 0xc8, 0xb4, 0x6c, 0xbe, 0x84, 0x2a, 0x45, 0xd1, 0x43,
+    0x22, 0x54, 0xd7, 0xc5, 0xd0, 0xd7, 0x73, 0x35, 0x6b, 0xa8,
+    0xfa, 0xad, 0x60, 0xc0, 0x64, 0xc1, 0x58, 0x89, 0x09, 0x81,
+    0x0a, 0x0b, 0xea, 0x33, 0x91, 0xb0, 0xef, 0x53, 0x50, 0x41,
+    0xae, 0xd9, 0xee, 0xbe, 0x9e, 0xf0, 0x0b, 0xa0, 0x7c, 0xbf,
+    0x3f, 0xc9, 0x4b, 0xe0, 0x48, 0xd8, 0x10, 0xd5, 0x2e, 0xce,
+    0xf0, 0x7c, 0xd8, 0x05, 0xde, 0x09, 0x7e, 0x8c, 0x63, 0x4c,
+    0xdb, 0x8b, 0x91, 0xcd, 0x7f, 0xb6, 0x6b, 0xad, 0xce, 0xb1,
+    0x17, 0x6c, 0xf7, 0x08, 0x0d, 0x7c, 0xda, 0x4f, 0x0a, 0x07,
+    0xd0, 0xae, 0x72, 0x3c, 0x67, 0x4a, 0x44, 0x54, 0x47, 0xce,
+    0xe1, 0x17, 0x07, 0x12, 0xde, 0x52, 0xef, 0xef, 0x4c, 0x2b,
+    0x42, 0x7d, 0x09, 0x80, 0x36, 0x34, 0xdc, 0x45, 0x6f, 0xb0,
+    0x2d, 0xab, 0xa0, 0x0c, 0x58, 0xae, 0x35, 0xd3, 0x9b, 0x37,
+    0xc1, 0x1d, 0xeb, 0xfe, 0xc3, 0x04, 0xc9, 0x1d, 0xe7, 0x3d,
+    0x16, 0x64, 0xed, 0xf5, 0xe8, 0xdf, 0x99, 0xa4, 0xfb, 0xad,
+    0x79, 0x88, 0xd5, 0x8c, 0x62, 0x33, 0x9e, 0x35, 0xa6, 0x7f,
+    0x9d, 0xb6, 0x1a, 0x40, 0x6d, 0xc3, 0x89, 0x5d, 0x7b, 0xe2,
+    0xc8, 0xd3, 0x16, 0x13, 0x07, 0x9a, 0x38, 0x22, 0x33, 0x03,
+    0xac, 0x70, 0x3e, 0xce, 0x32, 0x56, 0x0b, 0x58, 0x56, 0xb8,
+    0xe9, 0xd8, 0x42, 0x35, 0x6c, 0xb9, 0x02, 0xb3, 0x64, 0xeb,
+    0xaa, 0x09, 0x3f, 0xac, 0x66, 0x08, 0xb4, 0x5f, 0x3e, 0xb4,
+    0xec, 0x39, 0xb1, 0x99, 0xe4, 0x5d, 0x1d, 0x32, 0x14, 0xc1,
+    0x48, 0x8f, 0x6c, 0x65, 0x87, 0x34, 0x50, 0xa4, 0xf4, 0x9b,
+    0x5b, 0x2e, 0xb5, 0x79, 0x0d, 0x11, 0x62, 0xa4, 0x35, 0x9c,
+    0x6f, 0x92, 0xd0, 0x68, 0x07, 0xdd, 0x69, 0x85, 0x48, 0xe3,
+    0x5d, 0x10, 0x34, 0xaf, 0xea, 0x41, 0x72, 0x5a, 0x71, 0x00,
+    0xf8, 0xe6, 0x47, 0x7f, 0xa0, 0x6f, 0x91, 0x96, 0x40, 0x00,
+    0x40, 0x70, 0xfb, 0x63, 0xcf, 0xc9, 0x36, 0x04, 0x1c, 0x3b,
+    0x11, 0x08, 0x29, 0x81, 0x9f
+};
+
+static unsigned char test15360[] = {
+    0x30, 0x82, 0x21, 0xe8, 0x02, 0x01, 0x00, 0x02, 0x82, 0x07,
+    0x81, 0x00, 0xad, 0x3f, 0xaa, 0xdc, 0x8c, 0x85, 0xcb, 0x60,
+    0xd2, 0xf5, 0x30, 0xa1, 0x0f, 0x26, 0xec, 0xdf, 0xfc, 0x91,
+    0x39, 0xbd, 0x3e, 0x8f, 0x99, 0x64, 0x1e, 0x51, 0xd2, 0x27,
+    0x5e, 0x76, 0xcd, 0x86, 0x33, 0x07, 0xf9, 0xbd, 0x3b, 0x06,
+    0xc3, 0x3c, 0x85, 0xcb, 0x7e, 0x91, 0x14, 0xb0, 0x0b, 0x77,
+    0x22, 0x30, 0x71, 0xb8, 0xbb, 0x74, 0x30, 0x33, 0x35, 0x56,
+    0x34, 0x47, 0x10, 0x8f, 0x88, 0xe2, 0x6f, 0xdc, 0x3b, 0xe9,
+    0x58, 0x9d, 0x0c, 0xdc, 0x8f, 0x70, 0x41, 0x7a, 0x12, 0xd2,
+    0x9a, 0x35, 0xbe, 0x0a, 0x57, 0x13, 0x0c, 0xe9, 0xbf, 0x77,
+    0x54, 0x00, 0x74, 0xb7, 0x1a, 0x3e, 0xa7, 0xe9, 0xb6, 0xe7,
+    0x4f, 0x1e, 0xa4, 0xc0, 0x7c, 0x4c, 0x66, 0xc5, 0xce, 0xad,
+    0x96, 0x1b, 0xe2, 0x1a, 0xf1, 0x3d, 0x8b, 0x50, 0xcf, 0xe2,
+    0x15, 0x21, 0x6d, 0x83, 0x95, 0x00, 0xee, 0x97, 0xc4, 0xae,
+    0xc9, 0x38, 0x62, 0x6c, 0xb2, 0xe7, 0x7f, 0x15, 0x0a, 0xab,
+    0x86, 0xb9, 0xd9, 0x8a, 0xf8, 0xeb, 0x88, 0x5d, 0xdc, 0x0c,
+    0x1e, 0xc5, 0xe6, 0xa1, 0x7b, 0xbf, 0xf1, 0x02, 0xe3, 0xad,
+    0xf8, 0xed, 0x17, 0x9f, 0x83, 0x11, 0x31, 0x3b, 0xad, 0xb4,
+    0xf9, 0x8d, 0x1d, 0x56, 0x9b, 0xac, 0x68, 0x55, 0x0a, 0x74,
+    0x20, 0xee, 0x57, 0xe7, 0x1c, 0x6d, 0x05, 0xa1, 0x4e, 0xa5,
+    0x11, 0x99, 0xb4, 0x86, 0xdb, 0x58, 0xe7, 0xf6, 0xb6, 0x4f,
+    0x92, 0x58, 0x57, 0x9b, 0x74, 0x04, 0xe5, 0xd1, 0x1d, 0x7c,
+    0x4b, 0xb8, 0x1f, 0x5d, 0x0e, 0x93, 0xee, 0x44, 0x18, 0xb6,
+    0x58, 0x0e, 0xa1, 0x0b, 0x8e, 0x2e, 0x99, 0x4c, 0x72, 0x91,
+    0xfa, 0xfa, 0xe2, 0x22, 0x05, 0x5d, 0x2b, 0x2d, 0xd8, 0x60,
+    0xd5, 0x1b, 0x08, 0x56, 0x2b, 0xb5, 0x21, 0xdb, 0x1a, 0xe6,
+    0xa8, 0x39, 0xa2, 0xf4, 0x58, 0xcb, 0xd2, 0xf9, 0xce, 0xc0,
+    0x1e, 0x1b, 0xf9, 0xa7, 0x37, 0xca, 0xa3, 0x77, 0x6e, 0xb1,
+    0xaf, 0x33, 0xb5, 0x6d, 0x5f, 0x33, 0x2e, 0x1a, 0x34, 0xdb,
+    0x42, 0xbe, 0x5f, 0xf9, 0x09, 0xb7, 0x9f, 0xd4, 0x09, 0xfb,
+    0x87, 0x13, 0x3c, 0xe2, 0x27, 0xb8, 0xf3, 0x1d, 0x7e, 0x92,
+    0xdd, 0x87, 0x86, 0x55, 0x69, 0x9b, 0x55, 0xcd, 0xef, 0x7a,
+    0x71, 0x5d, 0x81, 0x3a, 0xd9, 0xf7, 0x7f, 0xde, 0xe0, 0x92,
+    0xd9, 0x78, 0x0f, 0x1d, 0x43, 0xb1, 0x1e, 0x29, 0xc1, 0x49,
+    0xb6, 0x5e, 0x85, 0x83, 0xd9, 0x04, 0xfd, 0x79, 0xd8, 0x47,
+    0x03, 0x2e, 0x85, 0x19, 0xfd, 0x63, 0xe7, 0xa4, 0x8b, 0xc0,
+    0x94, 0x0e, 0xb7, 0x54, 0x97, 0xd6, 0x44, 0x5d, 0x63, 0x12,
+    0xff, 0xdd, 0xde, 0x2c, 0x00, 0x0e, 0xc9, 0xca, 0x7e, 0xa2,
+    0x65, 0x25, 0xb0, 0x1d, 0xa9, 0x20, 0x4f, 0xdd, 0xea, 0x3a,
+    0xb5, 0xe8, 0x0f, 0xf3, 0xb2, 0xb7, 0x00, 0x4a, 0xe8, 0xa4,
+    0x83, 0x49, 0xbd, 0x78, 0xdf, 0xac, 0x2c, 0x37, 0x81, 0xb3,
+    0xf3, 0xb7, 0x13, 0x93, 0x3e, 0xb2, 0x79, 0x55, 0xf2, 0xd8,
+    0x9c, 0xf7, 0xf2, 0xf1, 0xd5, 0x6c, 0x9c, 0xff, 0xec, 0xf4,
+    0xea, 0x08, 0x3c, 0x65, 0x35, 0xb7, 0x09, 0x03, 0x6d, 0x99,
+    0x1d, 0x5b, 0x73, 0x06, 0x61, 0xb4, 0xf0, 0xc5, 0xdb, 0x3e,
+    0xe0, 0x1d, 0xa8, 0x5b, 0x7a, 0x5b, 0x5b, 0x9c, 0x11, 0x75,
+    0x83, 0x1d, 0xf4, 0x73, 0x27, 0xf3, 0x79, 0xf2, 0x82, 0xd6,
+    0x28, 0x45, 0x58, 0x23, 0x6c, 0x29, 0xd3, 0x50, 0x51, 0x1b,
+    0x38, 0xef, 0x89, 0x90, 0x84, 0xa2, 0x4c, 0x35, 0x7b, 0x30,
+    0x5e, 0xbd, 0x1a, 0xd5, 0xdf, 0xcd, 0xcd, 0x74, 0x3f, 0x2e,
+    0x01, 0xea, 0x33, 0x07, 0x74, 0xfb, 0x86, 0x75, 0x20, 0x0e,
+    0x4f, 0xbf, 0x65, 0xd4, 0x15, 0x19, 0x6f, 0x8d, 0x37, 0xcd,
+    0xb6, 0x6f, 0x50, 0x9d, 0x5e, 0x04, 0x81, 0x7d, 0xec, 0xd6,
+    0xbb, 0x40, 0x1b, 0xe0, 0xf5, 0xd5, 0x86, 0x26, 0xc5, 0x41,
+    0x84, 0x0e, 0x3e, 0x73, 0xb7, 0xa4, 0xbe, 0x2a, 0xfe, 0xd7,
+    0xe4, 0x4d, 0x5c, 0x2d, 0x6a, 0x04, 0xe6, 0xdd, 0x28, 0xa0,
+    0x75, 0x4c, 0xe0, 0x23, 0x2c, 0xad, 0xec, 0xaa, 0x72, 0xfd,
+    0x03, 0xc0, 0x65, 0xfa, 0xc4, 0x3c, 0x25, 0x10, 0xae, 0x3f,
+    0x09, 0x96, 0x4e, 0xff, 0xfe, 0xc7, 0xe4, 0x9e, 0xec, 0xb5,
+    0x6e, 0xec, 0xf3, 0x7a, 0x83, 0x7a, 0x8b, 0xbb, 0x91, 0x8d,
+    0xab, 0x3c, 0x4d, 0x7f, 0x34, 0x77, 0xbe, 0x0c, 0x87, 0xf2,
+    0xc3, 0xd6, 0xcb, 0xcc, 0xfa, 0x1e, 0xaf, 0x21, 0x24, 0xe9,
+    0xaa, 0x89, 0x61, 0x0c, 0x7a, 0x1c, 0x7d, 0x00, 0x87, 0x69,
+    0x30, 0xa0, 0xb4, 0x3b, 0x96, 0x1c, 0x00, 0x14, 0x07, 0xb8,
+    0x3f, 0x59, 0x62, 0x3a, 0x3f, 0xfb, 0x68, 0xb8, 0x81, 0x7d,
+    0x4a, 0x9d, 0x1c, 0xa2, 0x07, 0xa3, 0xb1, 0x42, 0x7b, 0xfa,
+    0x9b, 0xbc, 0x94, 0x30, 0x7e, 0xea, 0xe7, 0x40, 0x7e, 0xd4,
+    0x0f, 0x33, 0x3b, 0x57, 0xda, 0x8b, 0x6d, 0x64, 0xd5, 0xe4,
+    0x91, 0x83, 0xf0, 0x3d, 0xae, 0x8b, 0x91, 0xf0, 0xcd, 0xb1,
+    0xa0, 0xe0, 0x0d, 0xe1, 0xbb, 0x22, 0x78, 0x1f, 0x3a, 0xe5,
+    0x53, 0x28, 0xf0, 0x35, 0xae, 0x71, 0xe6, 0xfd, 0x63, 0xb2,
+    0x9c, 0x3f, 0xdd, 0x95, 0x7b, 0xc4, 0xe9, 0x2f, 0xd9, 0x93,
+    0x3a, 0x10, 0x42, 0x1c, 0x90, 0xab, 0xfb, 0xd3, 0x02, 0xe9,
+    0x59, 0xbc, 0x53, 0x7e, 0xf3, 0xe1, 0x52, 0x15, 0xa6, 0x58,
+    0x9e, 0xc1, 0xa6, 0x0e, 0x2e, 0x35, 0x07, 0x3a, 0xc3, 0x1f,
+    0xaa, 0x58, 0xe7, 0xc6, 0x33, 0x6a, 0x39, 0x4b, 0x21, 0x15,
+    0x3d, 0x92, 0x4e, 0x5e, 0xf9, 0x01, 0xd6, 0x0f, 0x28, 0x61,
+    0x15, 0xdf, 0xed, 0x6f, 0x75, 0xc4, 0x8f, 0xcb, 0x16, 0x55,
+    0x09, 0xc7, 0x24, 0xb2, 0x0c, 0x49, 0x25, 0x8d, 0x5e, 0xf1,
+    0x0e, 0xe0, 0xe2, 0xc4, 0xcc, 0x1f, 0x4e, 0x60, 0x5c, 0x5e,
+    0xc6, 0x7f, 0x68, 0x7f, 0xdb, 0x1a, 0x01, 0x67, 0x07, 0xb1,
+    0x56, 0x93, 0xf2, 0x26, 0x81, 0xc0, 0x33, 0xb8, 0x48, 0xf9,
+    0x2c, 0x5c, 0x18, 0x29, 0xed, 0xe0, 0x6c, 0xa0, 0xac, 0xd2,
+    0x90, 0x4b, 0x52, 0x87, 0xbb, 0xb5, 0x05, 0xd8, 0x56, 0xc5,
+    0xb8, 0x8f, 0x3f, 0x49, 0x52, 0x9a, 0xa2, 0xd0, 0x40, 0x80,
+    0x5b, 0x16, 0x15, 0xbc, 0x74, 0x8e, 0x00, 0x10, 0xaf, 0xfb,
+    0x6d, 0xba, 0xcb, 0xbc, 0xe6, 0x13, 0x75, 0xce, 0x27, 0xae,
+    0x85, 0x57, 0x6c, 0xc0, 0x8a, 0x84, 0x6f, 0x34, 0x16, 0xd4,
+    0x35, 0xd2, 0xcc, 0x55, 0x00, 0xc1, 0xd8, 0x28, 0x2c, 0x9c,
+    0x84, 0x78, 0xbf, 0xf0, 0x3b, 0x0d, 0x9f, 0x81, 0xd4, 0xef,
+    0x99, 0x77, 0x53, 0xd2, 0x8e, 0x43, 0x52, 0xf0, 0x32, 0x7e,
+    0xba, 0xbf, 0xb6, 0x0e, 0x9d, 0x9b, 0x00, 0xd0, 0x50, 0x55,
+    0x67, 0x5a, 0x2c, 0x8b, 0x9b, 0x29, 0xfb, 0x41, 0x74, 0x4c,
+    0xb7, 0xd8, 0x98, 0xa2, 0xfb, 0x73, 0x07, 0x96, 0xef, 0xcd,
+    0x47, 0x13, 0x1d, 0xe2, 0xb1, 0xac, 0xf3, 0xcf, 0x47, 0x98,
+    0x7b, 0x6f, 0xf6, 0x32, 0x44, 0x41, 0x78, 0x09, 0x8e, 0x64,
+    0x0c, 0xbf, 0xe2, 0x0f, 0x8c, 0x44, 0x2f, 0x4e, 0x55, 0xe0,
+    0xc6, 0xfd, 0x05, 0x74, 0x18, 0x1a, 0xb9, 0xfa, 0xcb, 0xd3,
+    0xfa, 0x69, 0x50, 0x63, 0xce, 0x2b, 0xef, 0x92, 0x0f, 0x11,
+    0xd4, 0x9b, 0x53, 0x6c, 0xed, 0xc5, 0x0b, 0x7c, 0xbd, 0xa1,
+    0x5d, 0xdf, 0xab, 0xcf, 0xaa, 0x83, 0x5e, 0xa8, 0xc5, 0xfe,
+    0x91, 0x2b, 0x23, 0x1f, 0x39, 0x3d, 0x71, 0x74, 0xbf, 0xa2,
+    0xf1, 0xda, 0x2f, 0x29, 0x02, 0x9b, 0xea, 0x48, 0x2c, 0xaf,
+    0xe7, 0xa9, 0xf5, 0x68, 0xab, 0x8f, 0x18, 0xb9, 0x7b, 0x28,
+    0xf0, 0x92, 0xfb, 0x07, 0xd7, 0xbd, 0x43, 0xcd, 0x7f, 0xfc,
+    0xb9, 0x5f, 0x24, 0xf8, 0x48, 0x2e, 0xbe, 0x42, 0x87, 0x80,
+    0x38, 0x78, 0x9e, 0x8c, 0x52, 0x6d, 0xfa, 0x2e, 0x46, 0x35,
+    0x7a, 0x59, 0x88, 0xb9, 0x3e, 0xcb, 0x79, 0xb4, 0x8a, 0x9e,
+    0xd5, 0xd0, 0x30, 0x8c, 0xb2, 0x0c, 0x9d, 0x8d, 0x2d, 0x64,
+    0x0b, 0xf6, 0xeb, 0xf1, 0xde, 0xea, 0x74, 0xfc, 0xbc, 0x01,
+    0x18, 0x48, 0x4e, 0x35, 0x02, 0x83, 0x01, 0xb2, 0x50, 0xa0,
+    0x44, 0x19, 0x30, 0x00, 0x12, 0x4a, 0xa0, 0x6d, 0x6b, 0x8b,
+    0xf1, 0xce, 0xda, 0x2e, 0x16, 0x35, 0x52, 0x26, 0xf9, 0xbe,
+    0xb1, 0x37, 0xfc, 0x0a, 0x8b, 0x6f, 0x06, 0x11, 0x7b, 0xf7,
+    0xa8, 0x40, 0xbd, 0x8d, 0x94, 0xa4, 0xa2, 0xe0, 0xb6, 0xdf,
+    0x62, 0xc0, 0x6f, 0xb3, 0x5d, 0x84, 0xb9, 0xaa, 0x2f, 0xc1,
+    0x3b, 0xcb, 0x20, 0xc6, 0x68, 0x69, 0x15, 0x74, 0xbc, 0xdb,
+    0x43, 0x9c, 0x4a, 0xfc, 0x72, 0xc1, 0xf5, 0x87, 0x80, 0xe8,
+    0x6c, 0xd5, 0xc1, 0x2e, 0x34, 0x5e, 0x96, 0x76, 0x08, 0x3e,
+    0x45, 0xe4, 0xa0, 0x4a, 0x7a, 0xc1, 0x67, 0x38, 0xf2, 0x31,
+    0x1f, 0x7b, 0x0f, 0x54, 0xbd, 0x0d, 0x1f, 0x9e, 0x8e, 0x99,
+    0x8b, 0x58, 0xd9, 0x94, 0x87, 0xaa, 0x8b, 0x82, 0x5d, 0x5e,
+    0xe8, 0x50, 0xf4, 0xf2, 0xc7, 0xe9, 0x85, 0x6b, 0xd2, 0xef,
+    0x13, 0xc1, 0xed, 0x57, 0x2a, 0xc5, 0xd6, 0x5d, 0xa4, 0x3b,
+    0x29, 0xba, 0xab, 0x1b, 0xaa, 0x21, 0x41, 0xe9, 0xdc, 0x47,
+    0x88, 0xef, 0x0c, 0xfc, 0xb2, 0xdc, 0xf7, 0xdb, 0x55, 0x4d,
+    0x70, 0xc7, 0xe2, 0x8a, 0x8a, 0xe1, 0xde, 0xcf, 0xe5, 0xca,
+    0x23, 0x36, 0x29, 0xe5, 0xfc, 0x54, 0x66, 0xda, 0xe9, 0xab,
+    0x58, 0x20, 0xb2, 0x8e, 0xb2, 0x7d, 0x5d, 0xb8, 0xc7, 0x6c,
+    0x48, 0x53, 0x2b, 0x47, 0xe0, 0x12, 0x00, 0x0e, 0xfe, 0xa5,
+    0x93, 0x34, 0xf9, 0x3e, 0xa6, 0x3f, 0x56, 0xaa, 0x43, 0x65,
+    0xbb, 0x5a, 0x70, 0x3e, 0x62, 0xac, 0x3f, 0x5b, 0x90, 0x02,
+    0x50, 0x5d, 0x05, 0xa8, 0xd5, 0x67, 0x1a, 0x62, 0xec, 0xd4,
+    0xde, 0x29, 0x04, 0xac, 0x6d, 0x15, 0x5d, 0xa0, 0xec, 0xf2,
+    0x57, 0x13, 0x0e, 0x17, 0x96, 0x0c, 0x32, 0x6a, 0xc5, 0xe0,
+    0xa8, 0xff, 0x85, 0xa4, 0xa3, 0xe3, 0x0e, 0x35, 0x5d, 0xd1,
+    0x28, 0x84, 0xaa, 0xc4, 0x84, 0xcd, 0x25, 0x63, 0x85, 0x82,
+    0x3e, 0x12, 0x30, 0x17, 0x57, 0x45, 0xb8, 0xb4, 0x34, 0x01,
+    0x3a, 0xa2, 0x77, 0x61, 0xc8, 0x3d, 0x1f, 0xc5, 0x0e, 0x4a,
+    0xbb, 0xf6, 0xa0, 0x5d, 0x79, 0x4b, 0xc8, 0xf3, 0x9c, 0x87,
+    0x05, 0x2f, 0xea, 0x25, 0x28, 0x91, 0x69, 0x77, 0x7c, 0xba,
+    0xea, 0x4a, 0x75, 0x2e, 0x2b, 0x17, 0x83, 0x50, 0x32, 0x43,
+    0x4f, 0xcd, 0xf1, 0x77, 0xb1, 0x22, 0x0a, 0x8b, 0x69, 0x58,
+    0x09, 0x35, 0x07, 0x6d, 0x61, 0x4a, 0x8d, 0x18, 0x65, 0x6e,
+    0x9b, 0x62, 0x07, 0xd0, 0x6a, 0x92, 0x39, 0x05, 0x80, 0x14,
+    0xfa, 0x1c, 0x93, 0x84, 0x0c, 0xb5, 0x8c, 0x41, 0x91, 0x4e,
+    0x48, 0xf0, 0xf2, 0xba, 0x1d, 0x73, 0x2f, 0x1e, 0xa1, 0x55,
+    0xc3, 0x02, 0x8c, 0xb1, 0xf2, 0x37, 0xa6, 0x9a, 0x6b, 0xcd,
+    0x45, 0x2e, 0x08, 0x90, 0x26, 0x63, 0x91, 0xff, 0x22, 0x5e,
+    0xcd, 0xae, 0x9b, 0x19, 0x1e, 0x10, 0x62, 0x4e, 0x1f, 0x2d,
+    0x81, 0x69, 0x4f, 0x41, 0xe5, 0x94, 0xff, 0x7e, 0xcc, 0x15,
+    0x36, 0x1e, 0x29, 0x59, 0x37, 0xe7, 0x64, 0x40, 0x17, 0x1a,
+    0x32, 0xba, 0x01, 0x26, 0x30, 0x80, 0x60, 0x07, 0x86, 0x6e,
+    0xd4, 0xb3, 0xe2, 0x44, 0x16, 0x33, 0xf2, 0x4c, 0x84, 0x0e,
+    0xb1, 0x4a, 0xc7, 0x92, 0xa6, 0xa3, 0x42, 0x36, 0x05, 0x3e,
+    0x74, 0xa8, 0xb1, 0xc5, 0x63, 0x59, 0x0d, 0x1e, 0x36, 0x45,
+    0x2b, 0x36, 0x5e, 0xca, 0xab, 0x97, 0x49, 0xd3, 0xab, 0xae,
+    0x63, 0x0a, 0xd1, 0x03, 0x57, 0x88, 0xa4, 0xa4, 0x3c, 0xda,
+    0x15, 0x49, 0x1a, 0x5d, 0xe6, 0x5e, 0xb9, 0x82, 0x23, 0xc0,
+    0x83, 0x96, 0xfe, 0x38, 0x0b, 0x80, 0x0e, 0xde, 0x22, 0xeb,
+    0x5d, 0xe4, 0x56, 0x32, 0xbe, 0xe0, 0xc0, 0x6e, 0x69, 0x63,
+    0x27, 0x4e, 0x00, 0x58, 0x80, 0x70, 0xd9, 0xcc, 0x4e, 0xae,
+    0x6c, 0x5e, 0x6a, 0x43, 0x81, 0xfd, 0x45, 0xb2, 0xa4, 0x6c,
+    0xf0, 0x9c, 0x66, 0x5c, 0x7d, 0x5c, 0x78, 0x55, 0x33, 0x4b,
+    0x3c, 0x3b, 0x1d, 0x18, 0x58, 0x79, 0x6a, 0x02, 0xec, 0xce,
+    0x53, 0x69, 0xc0, 0x17, 0xed, 0x57, 0xaf, 0x71, 0x5b, 0x42,
+    0x1b, 0x49, 0xd8, 0xe8, 0x96, 0x80, 0xb6, 0x48, 0x1b, 0x7c,
+    0xf8, 0x74, 0x1c, 0xb1, 0xc4, 0x10, 0xb7, 0xf4, 0x97, 0x7e,
+    0x6b, 0x8f, 0x54, 0xba, 0x37, 0xb9, 0x35, 0x9e, 0x7b, 0x17,
+    0x16, 0x9b, 0x89, 0x39, 0xae, 0x4f, 0x2e, 0x18, 0x65, 0xb4,
+    0x76, 0x20, 0x9a, 0x58, 0xe2, 0x57, 0x6e, 0x1c, 0x3f, 0x8e,
+    0x9a, 0xbb, 0xd8, 0xfc, 0x4c, 0xd6, 0x2d, 0xc1, 0xa6, 0x46,
+    0xac, 0x13, 0x1e, 0xa7, 0xf7, 0x1d, 0x28, 0x3a, 0xf4, 0xd6,
+    0x48, 0xfb, 0xe5, 0xb3, 0x84, 0x94, 0x47, 0x92, 0xae, 0x9a,
+    0x58, 0xc5, 0xac, 0x23, 0x1b, 0xb5, 0xcd, 0x96, 0xd2, 0x5e,
+    0xb2, 0x41, 0xfc, 0x9a, 0xae, 0x19, 0xf1, 0x7b, 0x4b, 0x53,
+    0x1b, 0xfa, 0xa5, 0x0c, 0x49, 0x6d, 0xff, 0xf4, 0x51, 0x88,
+    0x19, 0x04, 0xd9, 0x85, 0x8e, 0xe2, 0x3a, 0x62, 0x31, 0x5c,
+    0x6e, 0xe8, 0x4d, 0x04, 0x1d, 0xd8, 0xc2, 0x7b, 0x51, 0xe7,
+    0x59, 0xbc, 0x85, 0x5c, 0xc4, 0xcc, 0xad, 0xcb, 0x93, 0x69,
+    0x18, 0xe4, 0x71, 0x9e, 0x63, 0x33, 0x99, 0xb6, 0x3b, 0x23,
+    0x11, 0x17, 0x7a, 0x3d, 0x6f, 0xb9, 0x6b, 0xf1, 0xf2, 0xa7,
+    0x03, 0xfd, 0xf0, 0xcd, 0x5b, 0xb5, 0xda, 0x9a, 0xd9, 0x95,
+    0x02, 0x76, 0xd8, 0x38, 0xd3, 0xbd, 0xa0, 0x4a, 0x9a, 0xab,
+    0x70, 0xde, 0xc6, 0xf9, 0xa5, 0x19, 0x9c, 0xc4, 0xf9, 0x07,
+    0x4d, 0xea, 0x15, 0xc2, 0x91, 0x4d, 0x54, 0xa9, 0x2c, 0xca,
+    0xdf, 0xaa, 0xd1, 0xc4, 0xc0, 0x18, 0x77, 0x28, 0x2a, 0x2c,
+    0xc3, 0x7c, 0x26, 0xbd, 0xd8, 0x0d, 0x51, 0xa1, 0x4d, 0xad,
+    0x76, 0x76, 0xaa, 0xa9, 0x45, 0x82, 0x4f, 0x76, 0xfb, 0x1a,
+    0xd3, 0x71, 0x3c, 0x55, 0xa2, 0x5c, 0xe0, 0xd6, 0xda, 0x35,
+    0xbe, 0x25, 0x23, 0x26, 0x51, 0xc6, 0xb4, 0xf3, 0x3e, 0x2c,
+    0x54, 0x09, 0xc7, 0x6f, 0xa5, 0x08, 0x81, 0xba, 0x75, 0xda,
+    0xcb, 0x4d, 0x05, 0xdd, 0xca, 0x93, 0x48, 0x30, 0xe8, 0x4a,
+    0x1f, 0xfd, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x07,
+    0x80, 0x25, 0x2f, 0xbc, 0x49, 0xf8, 0xb3, 0xa3, 0x32, 0xd6,
+    0x35, 0x20, 0xca, 0x01, 0x49, 0x96, 0xa0, 0x81, 0x42, 0xde,
+    0xc4, 0xdb, 0x0f, 0xd1, 0x99, 0xe6, 0xd4, 0x23, 0x2a, 0xa6,
+    0x21, 0x13, 0xfe, 0x51, 0x27, 0xce, 0x18, 0x2a, 0xfa, 0x49,
+    0x9f, 0xcd, 0x0c, 0x1f, 0xcf, 0x9e, 0x44, 0x27, 0x41, 0xdc,
+    0x09, 0xcf, 0xef, 0x19, 0xf5, 0x57, 0x7f, 0x36, 0x5c, 0x99,
+    0x7e, 0x03, 0x74, 0xfb, 0xa9, 0xb6, 0xde, 0xeb, 0xd1, 0x2b,
+    0x5f, 0x12, 0x6a, 0xa9, 0x33, 0x2c, 0x2a, 0xba, 0xad, 0x8f,
+    0xc2, 0x27, 0x57, 0x6a, 0xd7, 0x40, 0xf7, 0x4f, 0x4c, 0x9a,
+    0xb0, 0x3a, 0x5d, 0x2e, 0xf9, 0xf1, 0xea, 0xbd, 0x82, 0xaa,
+    0xbd, 0xe6, 0x19, 0x16, 0xd5, 0x03, 0x5e, 0x43, 0xfd, 0x88,
+    0x71, 0xd5, 0xb7, 0x78, 0xbe, 0x80, 0x0f, 0xc9, 0x7f, 0x3a,
+    0x8f, 0xe1, 0x44, 0xd4, 0x0f, 0xce, 0x26, 0xaf, 0x65, 0xe0,
+    0xf5, 0x04, 0x53, 0x56, 0x97, 0x4f, 0xf4, 0xc1, 0x44, 0x8d,
+    0xf7, 0x88, 0x55, 0x47, 0x16, 0xaf, 0x3f, 0x8e, 0x42, 0xdf,
+    0xbc, 0x14, 0xc3, 0xe6, 0x9f, 0x0d, 0x69, 0x54, 0x5b, 0x7c,
+    0x49, 0xcf, 0xbf, 0x42, 0x4f, 0xc7, 0x64, 0x8a, 0xe5, 0x84,
+    0x87, 0x20, 0x9b, 0xfd, 0x70, 0x25, 0x38, 0xd3, 0xb4, 0x97,
+    0x78, 0xf1, 0x4f, 0x3f, 0x0f, 0xbb, 0x9c, 0xa3, 0x17, 0xd5,
+    0x4e, 0x4b, 0xac, 0x82, 0x9a, 0x73, 0xb7, 0xc5, 0xec, 0x10,
+    0x7a, 0x7b, 0xdb, 0x77, 0x2c, 0xb1, 0xf3, 0x8f, 0xc3, 0xa5,
+    0x31, 0x11, 0x32, 0x55, 0x35, 0xb5, 0x77, 0xd2, 0x62, 0x19,
+    0x46, 0x92, 0x94, 0xbb, 0x61, 0x0f, 0x30, 0x94, 0x8a, 0xf6,
+    0xf7, 0x30, 0xe0, 0xa2, 0x8c, 0x1b, 0xff, 0x8c, 0x29, 0x44,
+    0xb4, 0xb7, 0xb6, 0x5f, 0x4d, 0x52, 0xc6, 0x07, 0xe1, 0x28,
+    0x8c, 0xae, 0x88, 0x8a, 0x22, 0xbd, 0xd7, 0x36, 0xe4, 0x8f,
+    0xd1, 0xeb, 0x65, 0x54, 0x19, 0x5f, 0xba, 0xfb, 0xfc, 0x91,
+    0xa1, 0xa4, 0xb8, 0xa4, 0x2d, 0x85, 0x20, 0xc4, 0xe5, 0xa7,
+    0x4e, 0xdb, 0xa4, 0xc5, 0xcc, 0x2f, 0x37, 0x41, 0x29, 0x47,
+    0x15, 0xff, 0x04, 0x80, 0x08, 0x37, 0xce, 0xc5, 0xe3, 0x5a,
+    0x3f, 0x83, 0xbb, 0x03, 0x9e, 0xfe, 0xec, 0xe4, 0x11, 0x41,
+    0x12, 0x13, 0xf2, 0x00, 0xe5, 0x1a, 0x02, 0x49, 0xeb, 0xdb,
+    0x57, 0xe4, 0xce, 0xa0, 0x3f, 0xfd, 0x3c, 0x73, 0x2b, 0x92,
+    0x44, 0x79, 0x9e, 0x12, 0x4f, 0xfa, 0xe4, 0x53, 0x62, 0xf2,
+    0xb0, 0xe2, 0x8a, 0xf0, 0x93, 0xa8, 0x1d, 0xee, 0x8d, 0x58,
+    0x7a, 0x4c, 0x29, 0x91, 0x29, 0xc1, 0xa4, 0xd5, 0xe6, 0x37,
+    0x1b, 0x75, 0x5b, 0xb6, 0x6b, 0x76, 0x2e, 0xcb, 0xbd, 0xa9,
+    0xbe, 0x4c, 0x2e, 0x21, 0xa6, 0x38, 0xde, 0x66, 0x2f, 0x51,
+    0xea, 0x4c, 0xba, 0x3f, 0x4a, 0xfe, 0x7a, 0x15, 0xb3, 0x72,
+    0x26, 0xba, 0xcf, 0x9e, 0x1b, 0x03, 0xa6, 0xaa, 0x65, 0x68,
+    0xd3, 0x8c, 0x15, 0x17, 0xe9, 0x11, 0x18, 0x3c, 0xb6, 0xf8,
+    0x02, 0x54, 0x98, 0x49, 0xfa, 0x35, 0x3c, 0xcd, 0xac, 0xc8,
+    0x2b, 0x1a, 0x63, 0x93, 0x03, 0x05, 0xa1, 0x41, 0xbe, 0x12,
+    0xca, 0x15, 0x47, 0x72, 0x63, 0x77, 0x26, 0xd0, 0xe7, 0x8f,
+    0x0d, 0x6e, 0x9c, 0xac, 0x07, 0xbe, 0x03, 0x22, 0xd0, 0x39,
+    0x63, 0x8d, 0x9b, 0xc6, 0x20, 0x81, 0xb5, 0x67, 0x15, 0xf6,
+    0xb0, 0xe3, 0xb9, 0x3e, 0xb7, 0x3f, 0x8f, 0x46, 0xc9, 0x74,
+    0x10, 0x1e, 0x53, 0xf1, 0xd4, 0x30, 0x4d, 0x6e, 0x72, 0xb4,
+    0x73, 0x1c, 0xb6, 0x79, 0x82, 0x60, 0x2e, 0x2a, 0x7d, 0x82,
+    0x95, 0xb5, 0x7c, 0x4d, 0x44, 0xcb, 0xd8, 0x8a, 0x17, 0xe8,
+    0x50, 0x29, 0xd8, 0x3a, 0xeb, 0x29, 0xc1, 0x83, 0x0f, 0xd9,
+    0xaf, 0xcc, 0xfa, 0xea, 0x3a, 0x47, 0x5d, 0x33, 0x1f, 0xe8,
+    0x33, 0x5b, 0x88, 0x8e, 0xdb, 0xd5, 0x1e, 0xaf, 0x4a, 0x5f,
+    0xc0, 0xfa, 0xf0, 0xb5, 0xa3, 0x5b, 0xda, 0x38, 0xb7, 0x38,
+    0x5e, 0xce, 0x81, 0x44, 0xf7, 0x66, 0x62, 0x64, 0x1d, 0x04,
+    0xf0, 0x8a, 0x4f, 0xa2, 0x80, 0x76, 0x83, 0x23, 0x89, 0x61,
+    0x6b, 0xc3, 0xb7, 0xee, 0xb5, 0x06, 0x33, 0xad, 0x63, 0x04,
+    0x78, 0xc9, 0xde, 0x32, 0xde, 0xcf, 0x18, 0xb9, 0xb0, 0x3b,
+    0xee, 0x0a, 0x58, 0xea, 0xad, 0xbc, 0x1e, 0x77, 0xa0, 0x93,
+    0xf7, 0xae, 0x9e, 0xb6, 0x31, 0x59, 0x8e, 0xb1, 0x03, 0x8f,
+    0xbb, 0xa4, 0x25, 0x0c, 0x2e, 0xd7, 0xe2, 0x62, 0x5c, 0xf1,
+    0x68, 0xe9, 0x76, 0xd7, 0x23, 0x14, 0x45, 0xaf, 0xcb, 0x09,
+    0x50, 0x05, 0x3f, 0xa0, 0xf9, 0xc3, 0x9e, 0x89, 0x05, 0xa8,
+    0x3b, 0x54, 0x55, 0x32, 0x74, 0x91, 0x46, 0xc1, 0x2c, 0x96,
+    0x7e, 0x60, 0xad, 0xfa, 0xbb, 0xcd, 0x09, 0x7b, 0x39, 0x10,
+    0x82, 0x8a, 0xc0, 0x5a, 0x0d, 0xab, 0xb3, 0x71, 0x45, 0xad,
+    0x39, 0x8e, 0xec, 0x4d, 0x91, 0x8d, 0xda, 0x8d, 0xfa, 0xb0,
+    0xad, 0x44, 0x3c, 0xc9, 0x21, 0x56, 0x22, 0xfc, 0xd3, 0xba,
+    0xb7, 0x3c, 0xe3, 0x8d, 0xda, 0x59, 0x34, 0x42, 0xdd, 0x04,
+    0x5b, 0x8e, 0x2b, 0xc7, 0x94, 0xd5, 0x42, 0xe0, 0x4a, 0x6f,
+    0x35, 0x5a, 0x27, 0x82, 0xd8, 0x82, 0x40, 0xee, 0x0f, 0xa6,
+    0xef, 0xe4, 0x70, 0xe3, 0x30, 0xb7, 0x2d, 0xd4, 0xbb, 0x27,
+    0xb2, 0xbf, 0xad, 0x49, 0x45, 0xbc, 0xeb, 0xbe, 0xb7, 0xd8,
+    0xe3, 0xb1, 0xf3, 0xeb, 0x41, 0x20, 0x9b, 0x21, 0x54, 0xc3,
+    0xa8, 0xaf, 0x9f, 0x20, 0x5c, 0x15, 0x8e, 0x25, 0xbc, 0xbc,
+    0x69, 0x91, 0xfe, 0xda, 0xad, 0xe5, 0x37, 0x7d, 0xb0, 0x51,
+    0x14, 0xae, 0x8f, 0x35, 0x15, 0x0a, 0xd4, 0x49, 0xa7, 0xd9,
+    0x20, 0x70, 0xa4, 0xf2, 0xf4, 0x24, 0x66, 0x52, 0xd1, 0xa5,
+    0x22, 0xea, 0x29, 0xd9, 0xb2, 0x82, 0x8d, 0x36, 0x66, 0x75,
+    0x6e, 0xd5, 0x8c, 0x54, 0x08, 0x21, 0xf2, 0xee, 0x78, 0xc7,
+    0x1f, 0x9c, 0x63, 0x5d, 0x88, 0x56, 0xd1, 0xa0, 0x80, 0x33,
+    0x60, 0x55, 0x23, 0x72, 0xd6, 0xb0, 0x1a, 0x50, 0xde, 0x25,
+    0x70, 0xb5, 0x77, 0x42, 0xf8, 0x19, 0x18, 0x15, 0x8f, 0xfd,
+    0x0c, 0x6a, 0x46, 0x1f, 0xbf, 0xe7, 0x60, 0x91, 0xe7, 0xbb,
+    0x25, 0x63, 0x66, 0xff, 0x11, 0x97, 0xbb, 0xfd, 0x3a, 0x17,
+    0x94, 0x77, 0xb4, 0xc5, 0x21, 0xba, 0x30, 0x94, 0xdd, 0xe5,
+    0xeb, 0x1d, 0x01, 0xba, 0xf9, 0xb0, 0x30, 0xdb, 0x11, 0x93,
+    0xb7, 0xfa, 0x79, 0xe8, 0x5e, 0xb3, 0x39, 0xf4, 0x51, 0x68,
+    0x31, 0xce, 0xe9, 0x0e, 0x93, 0xde, 0xff, 0xec, 0x27, 0xbd,
+    0xa6, 0x1a, 0x4c, 0xe0, 0x92, 0x5c, 0xd4, 0x07, 0xd2, 0xa1,
+    0xdd, 0x12, 0x83, 0xd2, 0x9a, 0x79, 0xb3, 0x3c, 0xfb, 0x07,
+    0xe3, 0x18, 0x1a, 0xa3, 0x24, 0x80, 0xb4, 0xcc, 0xf4, 0xc6,
+    0xa5, 0x6c, 0x25, 0xd7, 0x99, 0x1a, 0x30, 0xf0, 0xa9, 0xfc,
+    0x2e, 0x83, 0x44, 0xac, 0x64, 0x76, 0x34, 0xb0, 0xa6, 0x6f,
+    0x20, 0x5a, 0x14, 0xf2, 0x07, 0xa7, 0x6f, 0x4d, 0xab, 0xf5,
+    0xfc, 0x9d, 0xd6, 0x3e, 0x82, 0x48, 0x31, 0x25, 0x47, 0xc9,
+    0x0e, 0x1d, 0xdb, 0x98, 0x91, 0x56, 0xf5, 0xfe, 0x66, 0x8d,
+    0x48, 0xf0, 0x4c, 0x6c, 0x2c, 0x96, 0x54, 0x43, 0xec, 0x76,
+    0xf2, 0xe1, 0x76, 0x68, 0xc8, 0xe1, 0xde, 0x0d, 0x8e, 0x6f,
+    0xfc, 0x15, 0xd5, 0x93, 0x92, 0xfe, 0xca, 0x9b, 0x30, 0x61,
+    0x03, 0x0b, 0xca, 0x99, 0x2f, 0xd3, 0x15, 0xe9, 0x66, 0x81,
+    0xbd, 0x56, 0x17, 0x14, 0x4a, 0x2e, 0xf1, 0x34, 0x84, 0x55,
+    0x9d, 0xc0, 0x2b, 0xa7, 0x4a, 0xee, 0xf1, 0x7c, 0x67, 0xc7,
+    0xf3, 0x08, 0x1e, 0x6d, 0x6b, 0x5b, 0xcc, 0x81, 0x91, 0x5c,
+    0x94, 0x1a, 0x80, 0xda, 0x3a, 0xce, 0x36, 0x05, 0xb0, 0x7a,
+    0xe8, 0xd0, 0xb4, 0x57, 0x9c, 0xf9, 0xea, 0xf3, 0x26, 0x1d,
+    0xcb, 0xf8, 0xdd, 0x65, 0xaf, 0xf7, 0xcd, 0xf7, 0xa1, 0x3d,
+    0xfc, 0x9a, 0x3b, 0x08, 0xb9, 0xfa, 0x3c, 0x16, 0x49, 0x4a,
+    0xf1, 0xba, 0x4d, 0x31, 0xdd, 0x5e, 0x4f, 0x3d, 0x66, 0x22,
+    0x1b, 0x08, 0x91, 0x7d, 0xc6, 0xaf, 0x15, 0x07, 0x3c, 0xa1,
+    0xf7, 0x07, 0xfd, 0x3e, 0x90, 0xbb, 0x6f, 0x7a, 0xe9, 0xe1,
+    0x2f, 0xb9, 0xee, 0x91, 0x8e, 0x18, 0xcc, 0x8d, 0x1d, 0x22,
+    0xa0, 0xa0, 0x28, 0x25, 0xfc, 0xd4, 0x94, 0xd3, 0xaa, 0xcf,
+    0xce, 0xd0, 0x85, 0x82, 0x6f, 0x20, 0x9f, 0x55, 0x0e, 0xe5,
+    0x72, 0x0d, 0x17, 0x3e, 0x34, 0xc7, 0x2c, 0x0a, 0x14, 0x45,
+    0x27, 0xe2, 0xc7, 0x2f, 0x86, 0xa1, 0x55, 0x3e, 0x78, 0x03,
+    0xe9, 0x78, 0x2e, 0xd3, 0x99, 0xee, 0xa0, 0x14, 0xf8, 0xe3,
+    0x6c, 0xeb, 0x3f, 0x9a, 0xf3, 0x15, 0xce, 0xd5, 0x76, 0xf6,
+    0x3a, 0x86, 0x30, 0x76, 0xf9, 0x88, 0x30, 0xf5, 0x4a, 0x50,
+    0x58, 0x80, 0xe9, 0xd9, 0xd4, 0xb9, 0x34, 0x42, 0xa6, 0x4e,
+    0x9c, 0x1a, 0x07, 0x16, 0x9e, 0xee, 0xe4, 0x88, 0x04, 0x8e,
+    0xa8, 0xe7, 0xcd, 0xe8, 0x47, 0x1e, 0x54, 0x45, 0xd2, 0x65,
+    0xd8, 0xee, 0x4b, 0xbd, 0xd0, 0x85, 0xaa, 0xfb, 0x06, 0x53,
+    0x91, 0x7e, 0xe0, 0x59, 0x20, 0x57, 0x6a, 0xee, 0xd8, 0x9f,
+    0x77, 0x7f, 0xd7, 0x40, 0x63, 0xbb, 0x21, 0x75, 0x76, 0x11,
+    0x27, 0xcf, 0x05, 0xbb, 0x41, 0x30, 0x98, 0xbf, 0xdc, 0x5f,
+    0xc6, 0xa4, 0x1e, 0x30, 0xa1, 0x53, 0xd4, 0x36, 0x7f, 0x2e,
+    0x86, 0xd7, 0xd9, 0x95, 0x29, 0xd5, 0x46, 0x18, 0x60, 0x27,
+    0xe4, 0x6f, 0xcb, 0xf4, 0xe2, 0xfe, 0xff, 0x3e, 0xff, 0x15,
+    0xc6, 0xf2, 0x31, 0xf9, 0x2a, 0xc8, 0x05, 0x4e, 0x7c, 0x2e,
+    0x92, 0xc8, 0x41, 0x4f, 0x9e, 0x23, 0x21, 0x4d, 0x74, 0xf8,
+    0xc3, 0x44, 0x39, 0xc2, 0x69, 0x4b, 0x2e, 0x76, 0x5e, 0x44,
+    0x12, 0x65, 0x31, 0x98, 0xbe, 0x0a, 0x10, 0x11, 0x12, 0x2c,
+    0x67, 0x3d, 0x85, 0x2e, 0xd3, 0x97, 0x54, 0x1e, 0xb6, 0xad,
+    0xd9, 0x45, 0x11, 0x53, 0x04, 0x7c, 0x3f, 0xf4, 0xc9, 0xac,
+    0x82, 0x1b, 0x84, 0xf4, 0x20, 0x6b, 0xf1, 0xf5, 0x72, 0x04,
+    0x24, 0xc1, 0xd3, 0x42, 0x43, 0x52, 0x9d, 0x2d, 0xd3, 0x89,
+    0x8e, 0xd8, 0x28, 0xb9, 0xa2, 0xb4, 0xed, 0xbc, 0x76, 0x87,
+    0x55, 0x67, 0x39, 0xd9, 0xb7, 0x20, 0x6a, 0xec, 0xec, 0xb8,
+    0x14, 0x51, 0x91, 0xb9, 0x96, 0x0f, 0x7a, 0x3a, 0x12, 0xde,
+    0x14, 0x3b, 0x83, 0xcf, 0x41, 0x5b, 0x5d, 0xff, 0x33, 0x68,
+    0xdb, 0x53, 0x64, 0x93, 0xb1, 0xc3, 0x8a, 0x46, 0xa8, 0x44,
+    0x9c, 0x14, 0x12, 0x6c, 0x92, 0x6f, 0xae, 0xc3, 0x45, 0xb2,
+    0xa1, 0x67, 0x81, 0x3c, 0x22, 0x47, 0xfd, 0xa4, 0x7a, 0x79,
+    0xa8, 0x0a, 0xfb, 0x7a, 0x91, 0x6e, 0xe9, 0x53, 0xec, 0x98,
+    0x82, 0x57, 0xad, 0x05, 0x38, 0x55, 0xc1, 0xce, 0x3a, 0x04,
+    0x4d, 0x12, 0x72, 0x37, 0x4a, 0x36, 0x54, 0x3f, 0x67, 0x8a,
+    0xee, 0xd9, 0xf3, 0x80, 0xd5, 0xd7, 0xb8, 0xfc, 0x6e, 0x4f,
+    0x60, 0x2b, 0x5a, 0xa4, 0xc5, 0x05, 0xdb, 0xe5, 0x09, 0xe3,
+    0xeb, 0xa2, 0x51, 0x33, 0x30, 0x96, 0x46, 0x01, 0x26, 0x8f,
+    0x38, 0xc9, 0x97, 0x32, 0x2d, 0xb4, 0x59, 0x15, 0x15, 0x38,
+    0x66, 0x66, 0xfe, 0xcb, 0xee, 0xc1, 0xf6, 0x4e, 0xb7, 0xdf,
+    0x7b, 0x63, 0xe6, 0x3f, 0xe0, 0x1c, 0x97, 0xed, 0x86, 0xf3,
+    0xd2, 0xad, 0x42, 0x29, 0x20, 0x28, 0xa6, 0x59, 0x58, 0x7d,
+    0x8f, 0x5c, 0x43, 0x07, 0xd1, 0x7e, 0x83, 0xba, 0x9c, 0x1b,
+    0xfe, 0x17, 0x9e, 0xc8, 0x09, 0x63, 0x9a, 0x2d, 0x61, 0x33,
+    0x51, 0x46, 0x01, 0xa8, 0xe9, 0x43, 0x1e, 0x4e, 0xfe, 0x61,
+    0x1a, 0x28, 0x11, 0x65, 0x70, 0x43, 0x9f, 0xfc, 0x21, 0x1d,
+    0x76, 0x7b, 0x40, 0x08, 0x18, 0xd3, 0xe8, 0xc2, 0xe3, 0x8c,
+    0xe7, 0x27, 0xc2, 0xec, 0xb0, 0x08, 0x3e, 0x6b, 0x8f, 0x77,
+    0x6d, 0x9e, 0xa6, 0xab, 0xce, 0x9a, 0xf8, 0x8f, 0x77, 0xb3,
+    0xf4, 0xe8, 0x8b, 0xe7, 0xd9, 0xa1, 0x95, 0x40, 0x6b, 0xca,
+    0x21, 0x98, 0xff, 0xdc, 0xdc, 0x96, 0xc3, 0x08, 0x81, 0x72,
+    0x9a, 0xdd, 0xe2, 0xcf, 0x95, 0x99, 0xa6, 0xa3, 0x5e, 0x9e,
+    0x25, 0x60, 0xa3, 0xc3, 0x39, 0xf7, 0x54, 0x6c, 0xf2, 0x75,
+    0xa9, 0x38, 0x12, 0x38, 0x4d, 0x42, 0xe8, 0xec, 0x13, 0x25,
+    0xa0, 0xf8, 0x04, 0xb8, 0xf6, 0x66, 0x0b, 0x56, 0xe1, 0xfb,
+    0x26, 0x03, 0xe6, 0xa5, 0xf1, 0x4d, 0x7f, 0xa5, 0x9d, 0x58,
+    0x71, 0xd8, 0xc7, 0x6a, 0xbe, 0xdc, 0x90, 0x89, 0xb1, 0x36,
+    0xb4, 0xb6, 0xb4, 0xbb, 0xaf, 0x6e, 0x43, 0x10, 0xa6, 0xea,
+    0xee, 0x12, 0xcb, 0x08, 0x2c, 0x4e, 0x66, 0xf0, 0x1f, 0xf4,
+    0xbf, 0xd3, 0xeb, 0x63, 0x48, 0xd0, 0xbe, 0x8a, 0xed, 0x24,
+    0xdb, 0x0f, 0x23, 0x1d, 0x2e, 0x30, 0x97, 0x0f, 0xd8, 0xc6,
+    0x3b, 0x04, 0x2f, 0x33, 0x78, 0x20, 0x6e, 0xb1, 0x33, 0x03,
+    0x27, 0xac, 0x0a, 0x37, 0x15, 0x31, 0xef, 0x4d, 0x43, 0xcc,
+    0xa0, 0x49, 0x80, 0xe3, 0x8c, 0xc0, 0xf3, 0xf7, 0x2d, 0x37,
+    0x1d, 0xd3, 0x90, 0x5f, 0xad, 0x31, 0xb5, 0x95, 0x17, 0x69,
+    0x4b, 0xec, 0x84, 0x9d, 0x2b, 0x8d, 0xdd, 0x9b, 0x58, 0x04,
+    0xba, 0x28, 0x0e, 0x28, 0xc1, 0x54, 0x6c, 0xb0, 0x25, 0x0c,
+    0x4f, 0x98, 0x47, 0xf7, 0x93, 0xc2, 0xae, 0x2f, 0x6d, 0x29,
+    0x9c, 0x3d, 0xe3, 0xb5, 0xe3, 0x28, 0x43, 0x14, 0xe6, 0x92,
+    0x4c, 0x79, 0x90, 0x59, 0x75, 0x77, 0x56, 0x43, 0xda, 0xac,
+    0xa9, 0x42, 0xd7, 0xca, 0x95, 0x73, 0x26, 0x54, 0x1f, 0x3a,
+    0x8a, 0x37, 0x64, 0xd7, 0xcf, 0xe1, 0x31, 0xf7, 0x40, 0x59,
+    0xfd, 0xff, 0xea, 0x72, 0xfd, 0xc4, 0xde, 0xe3, 0x4d, 0x8a,
+    0xf5, 0x80, 0xc0, 0x61, 0x21, 0xbd, 0xbd, 0x8e, 0x42, 0xd5,
+    0x4c, 0xe4, 0xf4, 0x78, 0x31, 0xca, 0xf1, 0xec, 0x7c, 0x7b,
+    0x85, 0x6a, 0x05, 0x54, 0xbe, 0x38, 0x54, 0x2f, 0x1f, 0xda,
+    0x9f, 0x98, 0xe2, 0x79, 0xd7, 0x42, 0xca, 0xba, 0x85, 0x21,
+    0xe2, 0xcb, 0x2b, 0xae, 0x4a, 0x4e, 0x35, 0xfb, 0xcf, 0x3d,
+    0xc5, 0xae, 0x27, 0x30, 0xa9, 0x45, 0xe6, 0x3b, 0x43, 0x3e,
+    0x35, 0xe3, 0xf2, 0x0d, 0x53, 0x32, 0x2b, 0xf6, 0xe6, 0xc7,
+    0xd5, 0x02, 0x82, 0x03, 0xc1, 0x00, 0xd4, 0x04, 0x9b, 0xef,
+    0x5d, 0x58, 0xb0, 0xa3, 0xaa, 0xd2, 0xab, 0x53, 0x65, 0x99,
+    0x03, 0x49, 0x48, 0x4d, 0xf5, 0xdf, 0x5d, 0x16, 0x14, 0x11,
+    0x60, 0x45, 0x1b, 0xff, 0x4a, 0x60, 0x2b, 0x37, 0x63, 0xf6,
+    0xa7, 0x8a, 0xa8, 0xff, 0x08, 0x97, 0x08, 0xfc, 0xbb, 0xb3,
+    0x20, 0xa3, 0xcd, 0xd9, 0x58, 0xdb, 0x16, 0x1b, 0x88, 0x02,
+    0x1e, 0x0f, 0x43, 0x9b, 0x16, 0x7e, 0xbe, 0xb1, 0x9c, 0x13,
+    0x10, 0xdc, 0xa1, 0x56, 0xff, 0xa3, 0xff, 0x5e, 0x69, 0x30,
+    0xee, 0x7e, 0x76, 0x5f, 0x84, 0x94, 0xeb, 0x8f, 0x58, 0xf8,
+    0xcf, 0xbb, 0x99, 0x6e, 0xf0, 0xd8, 0x32, 0xf6, 0xce, 0x48,
+    0x6f, 0x7c, 0xc8, 0x8f, 0xd3, 0x86, 0x22, 0x49, 0x9f, 0xde,
+    0x11, 0x05, 0xa4, 0xdc, 0x92, 0xfb, 0x0f, 0xfa, 0x09, 0x4d,
+    0x17, 0x1a, 0xe2, 0x76, 0x67, 0x40, 0xa9, 0x5b, 0x1b, 0x54,
+    0x66, 0x48, 0xf7, 0xc3, 0x59, 0xd4, 0xcf, 0x55, 0xd0, 0x7f,
+    0x3b, 0xb0, 0xa2, 0xd8, 0xec, 0xb7, 0x88, 0xe7, 0xb0, 0x30,
+    0x72, 0x42, 0x65, 0xe2, 0x91, 0xa7, 0x9b, 0xf6, 0x07, 0x45,
+    0x52, 0x51, 0xaa, 0xbe, 0x32, 0x35, 0xe4, 0x88, 0x23, 0xe7,
+    0xcb, 0x3c, 0x1c, 0xfb, 0x0b, 0x96, 0xd5, 0xb3, 0x92, 0x86,
+    0x79, 0x5b, 0x47, 0x93, 0xd6, 0xbd, 0xc7, 0x21, 0x17, 0xd0,
+    0xc9, 0xc7, 0x69, 0x84, 0x80, 0x98, 0xaf, 0x2c, 0x63, 0xd1,
+    0xef, 0x6e, 0xca, 0x84, 0x30, 0x32, 0x83, 0x2d, 0x49, 0xbb,
+    0x1f, 0x2a, 0xfe, 0x40, 0x7c, 0x03, 0xd4, 0x45, 0xdc, 0xfe,
+    0x94, 0xf9, 0xe4, 0x36, 0x47, 0xfa, 0x7e, 0x2e, 0x93, 0x03,
+    0xf8, 0x15, 0xf9, 0xce, 0xc3, 0x5b, 0x76, 0x10, 0xec, 0x89,
+    0x8c, 0xce, 0x25, 0xa5, 0x77, 0x9a, 0xc5, 0x1e, 0xdd, 0x07,
+    0x1b, 0x5b, 0xac, 0x6f, 0xdb, 0x94, 0x85, 0xdf, 0x02, 0x22,
+    0xd1, 0xa9, 0x01, 0x8e, 0x63, 0xa1, 0xee, 0x94, 0x9c, 0xdb,
+    0xb4, 0x1a, 0x43, 0xe1, 0x1f, 0x4e, 0x2f, 0x68, 0x50, 0x0c,
+    0x2f, 0x5b, 0xc5, 0x1b, 0xe1, 0x8d, 0x4b, 0xe0, 0x63, 0x8d,
+    0x7a, 0x30, 0xbe, 0xb7, 0x2e, 0x02, 0xc6, 0x02, 0xac, 0xa8,
+    0xb8, 0x65, 0xc6, 0x28, 0xee, 0xe4, 0xec, 0x99, 0xa1, 0x9a,
+    0xfd, 0x1f, 0xb5, 0x85, 0x7a, 0x94, 0x16, 0xe2, 0xe7, 0x74,
+    0x06, 0x54, 0x1b, 0xd0, 0xaf, 0x58, 0x4e, 0x50, 0x7e, 0xd6,
+    0xe4, 0x31, 0xd2, 0x0c, 0xd7, 0x9d, 0xe2, 0x00, 0x30, 0xbe,
+    0x26, 0x30, 0x48, 0x99, 0x98, 0x58, 0x54, 0x5a, 0xc4, 0x0a,
+    0x6c, 0xa1, 0x06, 0xe9, 0x38, 0xe6, 0x79, 0x39, 0x00, 0x9e,
+    0xb6, 0xe3, 0xf7, 0x01, 0xcf, 0x2f, 0x82, 0x5e, 0xc3, 0x21,
+    0x1b, 0x79, 0x93, 0xb5, 0xe4, 0x39, 0x9d, 0x32, 0x9d, 0x72,
+    0xa4, 0xa8, 0xc9, 0x90, 0xce, 0xaf, 0xc0, 0x00, 0xad, 0x20,
+    0x87, 0x26, 0xc7, 0xd3, 0x5f, 0x2e, 0xf0, 0x5e, 0xf8, 0x8b,
+    0x85, 0xa3, 0xc6, 0x66, 0xd8, 0x2f, 0x86, 0xfe, 0x7d, 0x8d,
+    0x22, 0xa5, 0x6d, 0x68, 0x3e, 0x87, 0x6e, 0xf7, 0xf1, 0xf0,
+    0x07, 0xc4, 0xe3, 0xf1, 0x84, 0xc4, 0x93, 0x42, 0x06, 0x20,
+    0x80, 0x64, 0xb3, 0x52, 0x5c, 0xa5, 0xcf, 0xee, 0xfe, 0xa4,
+    0x09, 0x41, 0xbe, 0xaa, 0x78, 0x52, 0x76, 0x3f, 0xf7, 0xe8,
+    0xa1, 0x6b, 0x0a, 0xbc, 0x22, 0xbe, 0xdf, 0x72, 0x7b, 0xea,
+    0x90, 0x43, 0xee, 0xc2, 0x0b, 0x26, 0xdc, 0x02, 0x26, 0xa7,
+    0x50, 0x04, 0x7a, 0x06, 0x91, 0xae, 0x93, 0xd5, 0xd2, 0xc9,
+    0xa1, 0xe1, 0xfc, 0xb9, 0x8c, 0x94, 0xca, 0xa8, 0x1c, 0x2c,
+    0x57, 0x97, 0x3e, 0x50, 0xed, 0x93, 0x45, 0x7a, 0x2c, 0x59,
+    0x7b, 0x34, 0x8f, 0xcd, 0xd6, 0x17, 0x93, 0xd8, 0xde, 0xe8,
+    0xb0, 0x9e, 0x27, 0x15, 0xc5, 0xbb, 0xa5, 0xbb, 0xc2, 0x30,
+    0x9b, 0xc7, 0x27, 0x02, 0x18, 0xd8, 0xdb, 0xa4, 0x84, 0x37,
+    0x64, 0xf7, 0xf7, 0xf1, 0xc8, 0x86, 0x4c, 0x64, 0x97, 0x08,
+    0xe9, 0x4e, 0x0e, 0xb6, 0x92, 0xe9, 0x4c, 0x7b, 0x7f, 0xe1,
+    0xcc, 0xa0, 0x71, 0xa7, 0x34, 0x48, 0x46, 0xbb, 0x37, 0xce,
+    0xb0, 0x4d, 0x39, 0xa8, 0x0e, 0xab, 0xf6, 0x2f, 0x7c, 0x88,
+    0xae, 0xcf, 0x90, 0xc6, 0x01, 0xd3, 0x5b, 0x37, 0xe9, 0xb1,
+    0x28, 0x42, 0x14, 0xbf, 0x59, 0x35, 0x04, 0xab, 0x46, 0x6e,
+    0xa8, 0x29, 0xe2, 0x7a, 0x77, 0x0e, 0x07, 0x67, 0xe4, 0x2b,
+    0x03, 0xd2, 0x02, 0x36, 0x16, 0xd7, 0x81, 0x5d, 0x38, 0x9c,
+    0x68, 0x9c, 0xf5, 0x9e, 0x49, 0x7d, 0x99, 0xfd, 0xcd, 0x1d,
+    0xd2, 0xdf, 0x3c, 0x36, 0x19, 0x85, 0xaa, 0xb1, 0x30, 0x7a,
+    0x21, 0xb1, 0x83, 0x16, 0xcf, 0xd1, 0x75, 0xa5, 0x9d, 0xd7,
+    0xc1, 0x60, 0xa8, 0xdb, 0x1e, 0xb9, 0x3e, 0x9c, 0x12, 0x42,
+    0xe8, 0x47, 0x49, 0x18, 0x9f, 0x5c, 0x12, 0xd1, 0x69, 0xd5,
+    0x7d, 0xa8, 0x3c, 0xda, 0x35, 0x8a, 0x6c, 0x63, 0xb8, 0x62,
+    0x8a, 0x61, 0xfa, 0xf2, 0x61, 0x11, 0x1e, 0xb6, 0xf3, 0x5c,
+    0x62, 0x9d, 0xa7, 0x62, 0x0c, 0x87, 0x93, 0xe2, 0x23, 0x6c,
+    0x3d, 0xa9, 0x2c, 0x4b, 0xd5, 0x7f, 0xfe, 0x72, 0x27, 0x36,
+    0x06, 0xcb, 0x65, 0x38, 0xef, 0x13, 0x57, 0x6a, 0xc9, 0xc6,
+    0x4f, 0x51, 0xd0, 0x90, 0x06, 0xa0, 0x23, 0x65, 0x95, 0xce,
+    0x16, 0x8f, 0x8d, 0xb2, 0xf9, 0x7f, 0x3c, 0x2c, 0x30, 0x5a,
+    0x38, 0xf1, 0x62, 0x79, 0x4b, 0xe5, 0xd7, 0x0a, 0x3f, 0x83,
+    0x5f, 0x46, 0x26, 0x97, 0xb7, 0x08, 0x8c, 0x5b, 0xb8, 0x02,
+    0x28, 0xf2, 0x4d, 0xdf, 0x93, 0x97, 0xc5, 0x94, 0x4b, 0x0e,
+    0x42, 0xc3, 0x35, 0x91, 0x6b, 0x69, 0x61, 0x76, 0x7f, 0x94,
+    0xcf, 0x0b, 0x81, 0x33, 0xff, 0xf3, 0x0c, 0xc7, 0x01, 0x94,
+    0x94, 0xa9, 0xed, 0xcd, 0x4b, 0xc8, 0xcb, 0x91, 0xf9, 0x7a,
+    0x47, 0xcd, 0x79, 0x3c, 0xa6, 0xde, 0x52, 0xd2, 0x47, 0x5c,
+    0x10, 0x62, 0xbb, 0xe5, 0x32, 0xde, 0x83, 0xcf, 0xa8, 0x52,
+    0xb3, 0xe7, 0xf9, 0xec, 0x17, 0x34, 0xbf, 0x33, 0x5d, 0xb2,
+    0x4e, 0x56, 0xf7, 0x29, 0xd9, 0x5c, 0x1b, 0x83, 0x01, 0xbb,
+    0xb9, 0x2b, 0x95, 0x52, 0x08, 0xab, 0xa4, 0x51, 0x03, 0xa1,
+    0xfb, 0x6a, 0x50, 0xcd, 0xa8, 0x9d, 0x95, 0x6f, 0x7e, 0xb1,
+    0x80, 0x1e, 0x9d, 0x81, 0x01, 0x26, 0x41, 0x78, 0x36, 0x3c,
+    0x8a, 0x44, 0xf4, 0x98, 0x88, 0x1c, 0x5d, 0x06, 0xd3, 0xd2,
+    0xb2, 0x58, 0x7d, 0xa1, 0x45, 0x1b, 0xbf, 0x8c, 0xf6, 0x6a,
+    0xfa, 0xfd, 0x08, 0x29, 0x3e, 0x91, 0x57, 0xf1, 0x3d, 0x20,
+    0xed, 0x49, 0x6e, 0x9c, 0x46, 0xd5, 0x08, 0x8d, 0x9b, 0xf8,
+    0xef, 0xa3, 0x3a, 0x98, 0xcb, 0xb4, 0xcb, 0x5b, 0x30, 0x25,
+    0x20, 0xcc, 0x04, 0xa1, 0xeb, 0xeb, 0xee, 0x1b, 0x36, 0x85,
+    0xc1, 0x93, 0x16, 0x5a, 0x31, 0xdf, 0xd6, 0x0e, 0x73, 0x9e,
+    0x63, 0x6e, 0x96, 0x90, 0x54, 0xd2, 0xc2, 0x53, 0x69, 0x93,
+    0xd5, 0x54, 0xca, 0xd8, 0x84, 0xf7, 0x8f, 0x9a, 0xd1, 0x80,
+    0x0d, 0x57, 0xa8, 0x26, 0xbe, 0x45, 0x64, 0xd5, 0x2b, 0xbb,
+    0x45, 0xb5, 0x08, 0xb9, 0x37, 0x57, 0x02, 0x82, 0x03, 0xc1,
+    0x00, 0xd1, 0x30, 0x2e, 0xb7, 0x9b, 0xe7, 0x5d, 0x13, 0x74,
+    0x1f, 0x52, 0xf2, 0x02, 0x18, 0xe9, 0x07, 0x87, 0x9e, 0xed,
+    0xde, 0x83, 0x92, 0xcf, 0x73, 0x61, 0x21, 0xc4, 0x62, 0x30,
+    0x6c, 0xa2, 0x36, 0xbd, 0xe2, 0xc5, 0x19, 0xf6, 0xdf, 0x51,
+    0x7b, 0xca, 0xd4, 0xe4, 0x51, 0x83, 0x49, 0x27, 0xdd, 0xbd,
+    0xb0, 0x10, 0x79, 0x39, 0xdd, 0x0e, 0x3d, 0x65, 0xad, 0x6d,
+    0xa3, 0x95, 0x52, 0x85, 0xdb, 0x18, 0x94, 0x60, 0xaa, 0xc0,
+    0xc8, 0x8b, 0xdb, 0xfe, 0xf9, 0xf0, 0x86, 0xf9, 0x33, 0x8a,
+    0xd7, 0xbe, 0x8d, 0x43, 0x83, 0x4d, 0xe4, 0x17, 0x2b, 0x46,
+    0x54, 0x44, 0x1b, 0xbe, 0x52, 0x64, 0x47, 0x02, 0x6c, 0x4a,
+    0x64, 0xb4, 0x3f, 0x21, 0x2f, 0xbb, 0xe3, 0x72, 0x7c, 0x26,
+    0x14, 0xdf, 0x80, 0x50, 0xd4, 0x94, 0xe9, 0xc6, 0x7d, 0x71,
+    0xd8, 0xaf, 0xfb, 0x74, 0x36, 0x33, 0xbe, 0x58, 0x63, 0xad,
+    0xcb, 0xdf, 0xc0, 0x73, 0x9e, 0x19, 0xb0, 0x65, 0xe1, 0xd1,
+    0x10, 0x44, 0xf1, 0xf0, 0x08, 0xa3, 0x09, 0x25, 0xeb, 0xd5,
+    0xcb, 0xdd, 0x98, 0xdd, 0xbc, 0x09, 0x2c, 0xef, 0xc1, 0x8d,
+    0x43, 0x15, 0x41, 0xc2, 0xa1, 0x84, 0x37, 0x70, 0x5a, 0xd5,
+    0xf5, 0xb2, 0x6a, 0x1f, 0xbb, 0xcc, 0x30, 0xb9, 0xd9, 0xc7,
+    0x36, 0x21, 0xf3, 0x69, 0x3e, 0x91, 0x38, 0x4d, 0xa5, 0xc4,
+    0xf7, 0x84, 0x90, 0x34, 0x0e, 0x47, 0x7e, 0x26, 0xf2, 0x98,
+    0x25, 0x26, 0xda, 0xf0, 0x4e, 0x55, 0xea, 0x4d, 0x9b, 0x8a,
+    0x4a, 0xe1, 0x1f, 0xa0, 0x07, 0x90, 0x9e, 0x59, 0x64, 0xae,
+    0xd9, 0xd6, 0x7e, 0x72, 0xa1, 0xc4, 0xea, 0x7d, 0xbd, 0x1f,
+    0x7d, 0x2b, 0xd9, 0x2c, 0xdc, 0x8b, 0xc0, 0xda, 0x52, 0x0c,
+    0xd1, 0xd0, 0x56, 0xb7, 0x93, 0xc7, 0x26, 0x79, 0x71, 0xd0,
+    0x0d, 0xae, 0xaa, 0xa7, 0xe4, 0xc1, 0x59, 0x27, 0x68, 0x97,
+    0x9a, 0xff, 0x3d, 0x36, 0x07, 0x55, 0x77, 0x07, 0x97, 0x69,
+    0xf3, 0x99, 0x91, 0x3f, 0x63, 0xfd, 0x70, 0x8c, 0xa1, 0xeb,
+    0xc5, 0x21, 0xa3, 0xfe, 0x99, 0x96, 0x11, 0x37, 0xb9, 0xe6,
+    0x93, 0xf8, 0xd0, 0xb1, 0xa3, 0x57, 0x7a, 0xa8, 0x63, 0xdd,
+    0x09, 0x56, 0xb0, 0x3b, 0xa6, 0x59, 0xc7, 0x89, 0x54, 0x16,
+    0xe9, 0x2d, 0x78, 0x7d, 0xaf, 0x4e, 0x0a, 0x5b, 0x62, 0x3b,
+    0x0b, 0xcb, 0x24, 0x89, 0x4e, 0x1c, 0x3d, 0xe1, 0xbd, 0x5a,
+    0x3e, 0xc5, 0xfd, 0x15, 0x3d, 0x08, 0x38, 0x33, 0x5e, 0x37,
+    0x4c, 0xe3, 0xe3, 0xe9, 0xc4, 0x1d, 0x2b, 0xd4, 0x58, 0x25,
+    0x58, 0x23, 0x8e, 0xc6, 0x83, 0x9a, 0xf3, 0x9a, 0x78, 0xe9,
+    0xa7, 0xca, 0xd7, 0xdd, 0x89, 0x20, 0x6e, 0x02, 0xea, 0x6b,
+    0x37, 0x74, 0xda, 0xa0, 0xc2, 0x5a, 0x2b, 0x80, 0x1c, 0x28,
+    0x91, 0x0d, 0x50, 0x64, 0xf0, 0x12, 0xe7, 0xc4, 0x7e, 0xdd,
+    0x28, 0x3b, 0x26, 0x9a, 0xf4, 0x39, 0x56, 0xa4, 0x72, 0x4d,
+    0xcb, 0x67, 0x3c, 0x68, 0xb2, 0x6f, 0xf0, 0xd0, 0x15, 0x90,
+    0xc8, 0x08, 0xbb, 0x0b, 0x08, 0x6b, 0x8a, 0xde, 0x41, 0x57,
+    0xbc, 0x63, 0x0e, 0x00, 0x8d, 0xf8, 0xdd, 0x93, 0xce, 0x58,
+    0x7b, 0xa8, 0xb9, 0x64, 0x26, 0x06, 0xe7, 0x71, 0x23, 0x0f,
+    0x41, 0xf1, 0xb7, 0xae, 0x59, 0x2e, 0xd0, 0x73, 0xc5, 0xd9,
+    0xdc, 0x0e, 0x1c, 0x02, 0x58, 0x69, 0xb3, 0x15, 0x6d, 0x96,
+    0x2b, 0xdb, 0x7b, 0x3b, 0x6c, 0x38, 0x32, 0x6b, 0xd8, 0x08,
+    0xb2, 0xbd, 0xa7, 0x49, 0x43, 0xeb, 0x90, 0x42, 0x70, 0xc5,
+    0xba, 0xcd, 0x4a, 0x44, 0x8f, 0x83, 0x0d, 0x17, 0x51, 0x5a,
+    0x95, 0xa2, 0x57, 0x9a, 0x16, 0x19, 0x91, 0xbb, 0x90, 0x5c,
+    0x2a, 0x16, 0xe8, 0x26, 0x10, 0x3c, 0xb7, 0x10, 0x5c, 0xf8,
+    0xc5, 0x15, 0x2b, 0x70, 0x75, 0x69, 0xba, 0x7b, 0x3d, 0x0b,
+    0x57, 0xac, 0x39, 0x12, 0x2e, 0xd6, 0xd9, 0x13, 0x74, 0x8e,
+    0xa8, 0x0b, 0x17, 0xe1, 0x03, 0x7a, 0xba, 0x1d, 0x07, 0x91,
+    0x8c, 0x2a, 0x3a, 0x8d, 0xe0, 0x2a, 0x94, 0xd4, 0x16, 0x35,
+    0x64, 0x8b, 0x92, 0x2c, 0x2f, 0xa4, 0x18, 0xfe, 0x3f, 0x02,
+    0x19, 0x8c, 0xb9, 0xeb, 0xaf, 0x01, 0x06, 0xa8, 0x37, 0x7f,
+    0xe2, 0x44, 0x10, 0xce, 0xeb, 0x8d, 0xd0, 0x73, 0xc4, 0x1e,
+    0x3d, 0x2c, 0xaf, 0x77, 0xb2, 0xef, 0xe5, 0x95, 0x8b, 0xdf,
+    0x02, 0xfc, 0x93, 0xb8, 0xa9, 0x27, 0x88, 0x1d, 0x1d, 0x82,
+    0x9f, 0xb6, 0xe4, 0x12, 0x05, 0x79, 0xb6, 0x1c, 0x41, 0x0d,
+    0xc1, 0x53, 0x49, 0x8f, 0x3d, 0xc9, 0xad, 0x84, 0xcb, 0x0b,
+    0x88, 0x7e, 0xfe, 0x73, 0x59, 0x21, 0x64, 0xc5, 0x50, 0x53,
+    0xdc, 0x98, 0xc6, 0x43, 0xb8, 0xf5, 0xc3, 0xa1, 0xf5, 0xb2,
+    0xd8, 0x86, 0xe9, 0xae, 0x98, 0xf9, 0x3b, 0x99, 0xc0, 0xe7,
+    0xd7, 0x4a, 0xed, 0xac, 0x89, 0x84, 0xb0, 0x8e, 0xd3, 0xab,
+    0xec, 0x03, 0x02, 0x12, 0x4b, 0x44, 0x17, 0x4d, 0x98, 0x26,
+    0x1e, 0x51, 0xc5, 0xbb, 0xcd, 0xdc, 0x50, 0xab, 0x83, 0x37,
+    0x49, 0x90, 0x1e, 0x34, 0xad, 0x81, 0x22, 0x6c, 0xe4, 0xdd,
+    0x19, 0x01, 0x09, 0x25, 0x2d, 0x9e, 0x52, 0x90, 0x72, 0xa1,
+    0x68, 0x3d, 0x0c, 0x49, 0x99, 0x19, 0x75, 0x5a, 0xca, 0x08,
+    0x69, 0xa1, 0xd2, 0x88, 0x8c, 0xea, 0xcf, 0x9c, 0xbc, 0x23,
+    0xad, 0x3f, 0xb9, 0xfc, 0xb9, 0x30, 0x0d, 0xd6, 0xd9, 0x65,
+    0x0c, 0x7e, 0x99, 0x68, 0x35, 0x26, 0x07, 0xd1, 0x55, 0xbf,
+    0x8e, 0xde, 0xe7, 0xe7, 0x01, 0xcb, 0xca, 0x0a, 0x39, 0x2e,
+    0xcc, 0x19, 0xec, 0x77, 0xf3, 0xab, 0xb2, 0xe6, 0x0e, 0x54,
+    0x06, 0x01, 0x50, 0x77, 0xd3, 0x61, 0x36, 0x05, 0x90, 0xe4,
+    0xd8, 0xc4, 0x1d, 0xf5, 0xc7, 0xfa, 0x65, 0xf0, 0x46, 0x6a,
+    0x5f, 0xa7, 0xc3, 0x8c, 0x6f, 0x04, 0x7f, 0xcf, 0x97, 0xb9,
+    0x68, 0x92, 0x31, 0x09, 0x02, 0x9f, 0x22, 0xc9, 0xf8, 0xe6,
+    0x7e, 0xa8, 0x95, 0x5b, 0x6b, 0xfe, 0x9c, 0x4e, 0x63, 0x2d,
+    0x8c, 0x1a, 0x4c, 0x8b, 0x14, 0x79, 0x08, 0xd5, 0x96, 0x76,
+    0xd1, 0xb4, 0x2f, 0xae, 0x5d, 0x91, 0x88, 0x7c, 0xdd, 0xd2,
+    0x06, 0x86, 0xcf, 0x0a, 0x83, 0x6f, 0xda, 0xca, 0x71, 0x7c,
+    0xe7, 0xe5, 0x34, 0xa8, 0x9a, 0x53, 0x8d, 0xa5, 0xaa, 0x5d,
+    0xb5, 0x17, 0x81, 0x34, 0x6f, 0xbe, 0xbb, 0xb6, 0x58, 0x22,
+    0x90, 0x80, 0xf6, 0x9c, 0x1c, 0xb0, 0x79, 0x8f, 0x92, 0x5b,
+    0x7d, 0x1c, 0x71, 0x5f, 0xb4, 0x87, 0x36, 0xbe, 0x81, 0x8d,
+    0x4a, 0xfc, 0x28, 0x72, 0x81, 0xaf, 0x5f, 0xbd, 0x5f, 0x99,
+    0xe3, 0xc9, 0x37, 0xb0, 0x6e, 0xad, 0x70, 0x96, 0xfa, 0xe3,
+    0x99, 0xf7, 0x08, 0x14, 0x21, 0x21, 0xb7, 0x1a, 0xaa, 0xe8,
+    0x07, 0xb6, 0xfd, 0xa3, 0x7a, 0x2d, 0x93, 0x64, 0x8f, 0x89,
+    0x2c, 0x71, 0x49, 0x71, 0xb8, 0x45, 0xca, 0xe0, 0x7c, 0x00,
+    0x8d, 0xbd, 0xb8, 0x1c, 0x3a, 0x94, 0xa2, 0xa7, 0x6d, 0x0a,
+    0x2e, 0x84, 0xaf, 0xbd, 0xab, 0x05, 0x95, 0x64, 0x8b, 0x05,
+    0xc8, 0xc9, 0x4e, 0xea, 0xb5, 0x96, 0x4a, 0x47, 0xdd, 0xf2,
+    0xcb, 0x02, 0x82, 0x03, 0xc0, 0x59, 0xb3, 0xd9, 0x85, 0xdc,
+    0xa8, 0xb9, 0x93, 0x85, 0xa2, 0xbc, 0x79, 0xfc, 0x72, 0x50,
+    0xc1, 0xa0, 0xa5, 0xdb, 0x71, 0x35, 0xa1, 0x31, 0xbc, 0x68,
+    0x4e, 0xd5, 0x19, 0x9e, 0x0e, 0x32, 0x3a, 0xad, 0x40, 0x9e,
+    0x82, 0x3c, 0x1e, 0x2b, 0x34, 0x3b, 0xc9, 0x32, 0x61, 0x07,
+    0x5e, 0x46, 0xa9, 0xbe, 0xbe, 0x73, 0x0c, 0x12, 0xef, 0x52,
+    0x68, 0x82, 0xe2, 0x0b, 0x12, 0x74, 0xfc, 0x10, 0x5c, 0xc0,
+    0xb5, 0x98, 0x4d, 0x86, 0xbb, 0x8c, 0x40, 0x15, 0xa1, 0x6e,
+    0x46, 0x73, 0x2e, 0xd6, 0x99, 0x6b, 0x50, 0xab, 0x04, 0x1a,
+    0x5f, 0xf4, 0xfa, 0xcb, 0x4b, 0xad, 0xc4, 0x5e, 0x62, 0xa7,
+    0x48, 0xd4, 0x52, 0x85, 0xdc, 0x2a, 0x85, 0x9b, 0xee, 0x08,
+    0xa5, 0xaa, 0xaa, 0xe8, 0x44, 0xf0, 0xed, 0x89, 0x21, 0xe4,
+    0xb4, 0xab, 0x3c, 0x0d, 0x53, 0x7e, 0x53, 0xdd, 0xac, 0x47,
+    0xda, 0x77, 0x79, 0x5f, 0x78, 0x7a, 0x80, 0x84, 0x46, 0x50,
+    0xaa, 0xdb, 0x3b, 0x8c, 0x6b, 0xda, 0xb0, 0xac, 0x0a, 0xd3,
+    0x4c, 0xe4, 0x6e, 0x87, 0xd1, 0xb2, 0x5a, 0xd5, 0x98, 0xae,
+    0xcb, 0x7e, 0xc2, 0x19, 0xdc, 0x53, 0x64, 0x86, 0x4c, 0x7b,
+    0xe0, 0x63, 0x22, 0x94, 0x34, 0xad, 0x15, 0xdc, 0xd8, 0xa8,
+    0x5f, 0xc6, 0x58, 0xf6, 0x72, 0x34, 0xdd, 0xfb, 0x85, 0x8a,
+    0xd9, 0xa3, 0xfb, 0x3b, 0xad, 0x5d, 0xf0, 0x1a, 0x0b, 0xa8,
+    0x91, 0xe7, 0x7d, 0x26, 0x27, 0x38, 0xf8, 0xe0, 0x49, 0x1b,
+    0x56, 0xc5, 0x5b, 0xe3, 0x1c, 0x7b, 0xa3, 0x53, 0x6d, 0x22,
+    0xfa, 0xd7, 0x63, 0x5f, 0xf0, 0xcb, 0x92, 0x49, 0x01, 0x54,
+    0xe5, 0x77, 0x5b, 0xd3, 0xab, 0xce, 0xb8, 0x3a, 0x5b, 0xb8,
+    0x07, 0x40, 0x46, 0x51, 0xe4, 0x59, 0xa2, 0x45, 0x41, 0xcc,
+    0x81, 0x6c, 0xe3, 0xa6, 0xb3, 0xa0, 0x30, 0x4a, 0x67, 0x10,
+    0xed, 0xc0, 0x8a, 0xcd, 0xfc, 0xa5, 0x44, 0x9b, 0x59, 0x19,
+    0x4a, 0x43, 0x8d, 0xec, 0x00, 0xd8, 0x6d, 0xf9, 0xf0, 0x2d,
+    0xd9, 0x55, 0xfc, 0x05, 0xe2, 0x12, 0x48, 0x4d, 0xd6, 0x7d,
+    0xec, 0x41, 0xc4, 0x9e, 0xe2, 0xed, 0x84, 0x14, 0x29, 0x0e,
+    0x5b, 0x81, 0x0b, 0xb0, 0x87, 0x8a, 0xd3, 0x35, 0x5c, 0xad,
+    0xdb, 0xcc, 0xa1, 0x3c, 0xcb, 0x8b, 0x23, 0x55, 0x69, 0xf1,
+    0x83, 0x84, 0x81, 0x36, 0xae, 0xd5, 0xf3, 0x98, 0xb6, 0xb2,
+    0xb5, 0xa1, 0x79, 0x6d, 0x80, 0x8f, 0x2e, 0x25, 0x71, 0x4e,
+    0x16, 0xff, 0xa0, 0x7c, 0xa4, 0x62, 0x8c, 0x44, 0x85, 0x64,
+    0x90, 0x7c, 0xac, 0x10, 0x36, 0xf2, 0xf2, 0xfb, 0x20, 0x2b,
+    0xa1, 0x27, 0xd0, 0xcc, 0x27, 0xfd, 0xb0, 0xba, 0x3e, 0x37,
+    0xb1, 0xa8, 0x9d, 0x3c, 0x82, 0x63, 0xd0, 0x16, 0x6d, 0x7a,
+    0xdd, 0x2e, 0xea, 0xe5, 0x87, 0xd6, 0x64, 0x72, 0xdb, 0x60,
+    0x53, 0x38, 0x18, 0x66, 0x1d, 0x25, 0xf6, 0x08, 0x92, 0x7f,
+    0x68, 0x5b, 0x79, 0x07, 0xde, 0x93, 0xee, 0xf8, 0x8f, 0xce,
+    0x28, 0xcf, 0xb1, 0x5b, 0x43, 0x51, 0xdf, 0xf5, 0xac, 0xe8,
+    0x9c, 0x95, 0x14, 0x8a, 0x67, 0xe1, 0x25, 0xfe, 0x11, 0xa2,
+    0x40, 0xf8, 0xdd, 0xcf, 0xf5, 0x17, 0x94, 0xb6, 0x88, 0x10,
+    0xa2, 0x90, 0x58, 0xef, 0xaf, 0x73, 0xf8, 0x7c, 0x9b, 0x20,
+    0x30, 0x79, 0xca, 0x3f, 0xa9, 0x22, 0x40, 0xfd, 0xcc, 0xb0,
+    0x5d, 0x0d, 0x97, 0x6b, 0xc0, 0x75, 0x35, 0x33, 0xc5, 0x76,
+    0x45, 0x6e, 0x9b, 0x78, 0xe7, 0xb4, 0x04, 0xb3, 0xba, 0x3b,
+    0x93, 0xb1, 0xa9, 0x8f, 0xa1, 0x24, 0x5d, 0x1c, 0x0e, 0x66,
+    0xc0, 0xc6, 0xcc, 0xd6, 0xb7, 0x88, 0x9d, 0xb8, 0x45, 0xe3,
+    0xaa, 0xc9, 0x6c, 0xfd, 0x37, 0xdc, 0x85, 0xd5, 0x49, 0xfd,
+    0xef, 0xeb, 0xf9, 0x7a, 0x3f, 0x7a, 0x4f, 0x86, 0x49, 0xaa,
+    0x9f, 0x08, 0x12, 0x0b, 0x11, 0x35, 0x5c, 0xd5, 0xd3, 0xda,
+    0x14, 0x50, 0x03, 0x2c, 0x24, 0x26, 0x0e, 0x29, 0x18, 0xcc,
+    0x1d, 0x0a, 0x7c, 0x94, 0x8b, 0xc0, 0xa0, 0x3f, 0xea, 0xf8,
+    0xf8, 0xa9, 0x1d, 0x65, 0x31, 0x6f, 0x3b, 0xa6, 0xd0, 0xfc,
+    0x26, 0xb0, 0x4e, 0x3a, 0x66, 0xe7, 0x32, 0x10, 0x2e, 0x84,
+    0x47, 0xad, 0xa9, 0x18, 0xfc, 0xa3, 0x8b, 0x74, 0x84, 0x4f,
+    0xd4, 0x25, 0x93, 0x0f, 0xdb, 0x2e, 0xae, 0x88, 0x8e, 0x28,
+    0xf8, 0x0f, 0xaa, 0x60, 0xd4, 0xbe, 0xad, 0x66, 0x0c, 0x0d,
+    0x01, 0xbd, 0x8d, 0xc4, 0xfc, 0x48, 0xef, 0x78, 0x14, 0x34,
+    0xee, 0xb3, 0xbc, 0xd4, 0xbb, 0x1f, 0x7c, 0x12, 0x5c, 0x9b,
+    0xeb, 0x77, 0x3e, 0x2c, 0x6e, 0x31, 0x59, 0xe6, 0x78, 0xc5,
+    0xe8, 0xa4, 0xdd, 0xf1, 0xef, 0x5d, 0x27, 0x45, 0x31, 0x13,
+    0xd0, 0x21, 0xa1, 0x13, 0xce, 0xac, 0x7e, 0xbb, 0xfb, 0x32,
+    0xeb, 0x76, 0x31, 0xc4, 0xba, 0xdf, 0xfb, 0x5a, 0x1b, 0xc9,
+    0x9e, 0x74, 0xa0, 0x9e, 0x26, 0x82, 0xd5, 0x6e, 0x1d, 0xc3,
+    0x0e, 0xd1, 0x6d, 0xdb, 0x43, 0xb3, 0x0b, 0x14, 0xcb, 0xf1,
+    0xad, 0x62, 0x34, 0x49, 0xb8, 0xd3, 0x08, 0xca, 0x93, 0xf1,
+    0x42, 0xb2, 0x4b, 0x23, 0x79, 0x93, 0xde, 0x18, 0x58, 0xf3,
+    0x66, 0xfa, 0xdc, 0xab, 0xca, 0x33, 0x22, 0x2b, 0x5c, 0x8c,
+    0x12, 0xc1, 0x7b, 0x2e, 0x52, 0x72, 0xa7, 0x78, 0x4a, 0x49,
+    0xa1, 0x53, 0x02, 0x76, 0x2d, 0x2e, 0xf8, 0x43, 0x3c, 0xe8,
+    0xfa, 0xb7, 0xff, 0x39, 0xed, 0x74, 0x9e, 0x11, 0x61, 0x33,
+    0xde, 0x2a, 0x55, 0xe6, 0x4a, 0xe7, 0x97, 0xa6, 0xb2, 0xc3,
+    0x40, 0x41, 0x52, 0x66, 0xcf, 0xbf, 0xf8, 0x8e, 0x08, 0xea,
+    0x96, 0x4d, 0x03, 0xc9, 0xbe, 0x3c, 0x4e, 0x36, 0x8c, 0x6f,
+    0x4d, 0x1e, 0xcd, 0x31, 0x6d, 0x53, 0xea, 0x9e, 0xf0, 0x8e,
+    0x35, 0x97, 0x37, 0x54, 0xe9, 0x0f, 0xb8, 0x23, 0x25, 0x69,
+    0x5b, 0xb5, 0xff, 0xc3, 0x5a, 0x2d, 0x10, 0x6a, 0xc0, 0xb8,
+    0xee, 0x0d, 0x31, 0x5b, 0xe4, 0x69, 0x40, 0x62, 0xa7, 0x1b,
+    0x16, 0xfa, 0xd6, 0xb8, 0xba, 0xc8, 0x6a, 0xa3, 0x29, 0xdd,
+    0x9b, 0x4d, 0xd7, 0x96, 0xef, 0x31, 0x74, 0xac, 0x37, 0x10,
+    0x91, 0x30, 0x0c, 0x15, 0x3f, 0x09, 0xb6, 0x7d, 0x22, 0xfb,
+    0x8c, 0x6f, 0xc3, 0x93, 0xa3, 0x98, 0xa6, 0x23, 0xa4, 0x55,
+    0xe0, 0x9e, 0x23, 0x06, 0xa9, 0x78, 0xe9, 0xb3, 0x88, 0xc9,
+    0xb7, 0x83, 0x05, 0x46, 0x11, 0x3a, 0x0a, 0xb9, 0x74, 0x5b,
+    0xa0, 0xb5, 0x06, 0x96, 0x86, 0xb6, 0xf4, 0x9d, 0x0d, 0x86,
+    0x43, 0xa8, 0x40, 0x4b, 0x08, 0x93, 0x7c, 0xad, 0xb0, 0x50,
+    0xb4, 0xd0, 0xe7, 0xad, 0xd0, 0x54, 0x5e, 0x15, 0xaf, 0xad,
+    0x34, 0x12, 0x86, 0xb3, 0x29, 0x3b, 0x20, 0xc9, 0xad, 0xeb,
+    0xc2, 0x65, 0xf3, 0x5c, 0x2d, 0xe5, 0xff, 0xfd, 0x81, 0x79,
+    0xf5, 0x11, 0x6f, 0xf7, 0xca, 0x0c, 0x76, 0xf0, 0xd4, 0x02,
+    0x9d, 0xb7, 0x76, 0x39, 0x6d, 0x32, 0x6a, 0xb8, 0x30, 0xa4,
+    0x01, 0xcc, 0x10, 0xef, 0xb1, 0x0e, 0x41, 0x22, 0x82, 0x5b,
+    0x22, 0xcb, 0x32, 0x19, 0x2e, 0xa3, 0x0a, 0xce, 0x05, 0xdd,
+    0xe8, 0x4a, 0x58, 0x92, 0xe1, 0x02, 0x82, 0x03, 0xc0, 0x22,
+    0x0f, 0x95, 0x5b, 0xc2, 0x1f, 0xde, 0xf0, 0xde, 0xf4, 0x86,
+    0xbd, 0xef, 0x07, 0x7d, 0x52, 0x03, 0x8c, 0x26, 0x31, 0x17,
+    0xfd, 0x5c, 0x97, 0xed, 0xd5, 0xe0, 0xb3, 0x18, 0x2d, 0x68,
+    0x10, 0x3f, 0xc4, 0xdf, 0xd1, 0x05, 0x78, 0x81, 0x3d, 0x05,
+    0xde, 0xba, 0x3a, 0x67, 0x85, 0x0e, 0xdf, 0xb5, 0x16, 0x28,
+    0xe8, 0x84, 0x3a, 0x71, 0x2a, 0x20, 0x17, 0x28, 0x05, 0xfd,
+    0xb7, 0x4d, 0x22, 0x4a, 0x93, 0x46, 0x56, 0x27, 0x43, 0xc0,
+    0x3a, 0x16, 0xff, 0x3d, 0x61, 0xcc, 0xcb, 0xce, 0xac, 0xa8,
+    0x53, 0x3a, 0x0d, 0xf4, 0x2d, 0xd2, 0x73, 0xf2, 0x64, 0xa0,
+    0x1e, 0x60, 0x53, 0xec, 0x0d, 0xff, 0xe0, 0x00, 0x10, 0xfb,
+    0xa4, 0x57, 0xd3, 0xfc, 0xe4, 0xe0, 0xec, 0x44, 0x0b, 0x1c,
+    0x05, 0x39, 0xa4, 0x13, 0x87, 0x29, 0x11, 0x9d, 0xea, 0xe9,
+    0x64, 0xa9, 0x1c, 0x76, 0x3a, 0x65, 0x0b, 0xfd, 0xed, 0x77,
+    0x46, 0x4f, 0xcd, 0x0b, 0x63, 0xc4, 0x83, 0x0b, 0x56, 0x79,
+    0xd3, 0x67, 0x01, 0x11, 0x02, 0xd9, 0x50, 0xd8, 0x23, 0xf4,
+    0xb6, 0x02, 0x4c, 0xae, 0xb5, 0xc9, 0x68, 0x1b, 0x87, 0x33,
+    0xbb, 0xdc, 0x64, 0x0e, 0x32, 0x34, 0xb2, 0x25, 0xaa, 0x76,
+    0xdd, 0x7e, 0xc3, 0x46, 0x51, 0x1c, 0xc1, 0xd0, 0x05, 0x09,
+    0x6c, 0x27, 0xd3, 0xcf, 0x33, 0x7a, 0xb9, 0x26, 0x24, 0x23,
+    0x4a, 0x93, 0x9f, 0x4b, 0x96, 0xc7, 0xe2, 0xb2, 0x51, 0x42,
+    0x4d, 0x5d, 0xd9, 0x73, 0x75, 0xce, 0x23, 0x28, 0x56, 0x5e,
+    0xe7, 0x96, 0x58, 0x04, 0xfd, 0x33, 0x93, 0x08, 0x41, 0x62,
+    0x02, 0x7e, 0xc9, 0xc6, 0x55, 0x64, 0x19, 0xda, 0x39, 0xb8,
+    0x5d, 0x09, 0x47, 0xf3, 0xdd, 0x77, 0xee, 0xea, 0x35, 0x73,
+    0x95, 0xdb, 0x18, 0x4d, 0xd1, 0xfe, 0xee, 0x40, 0x31, 0x2a,
+    0x22, 0x91, 0x69, 0xd6, 0xed, 0x9c, 0x54, 0x14, 0x73, 0x61,
+    0x61, 0xe7, 0x1d, 0x34, 0x96, 0x47, 0xff, 0x28, 0x7a, 0x48,
+    0xa3, 0xf4, 0xcd, 0x64, 0x23, 0xe2, 0x52, 0x2f, 0x20, 0x8f,
+    0x04, 0xb3, 0xdc, 0xf0, 0x29, 0x67, 0x88, 0x76, 0x79, 0xdb,
+    0x86, 0xa7, 0x95, 0xf0, 0x15, 0x81, 0xbb, 0x98, 0xee, 0xff,
+    0x55, 0x7c, 0xb0, 0xee, 0x67, 0x65, 0xfd, 0xf2, 0x29, 0x0f,
+    0x85, 0x51, 0xf9, 0xac, 0x5c, 0x55, 0x5a, 0xde, 0x40, 0x62,
+    0x58, 0x55, 0x9f, 0x09, 0x4c, 0x2e, 0x28, 0x75, 0xbc, 0x48,
+    0xe2, 0x97, 0x85, 0xb3, 0x83, 0xeb, 0x21, 0x49, 0x21, 0xd4,
+    0xed, 0x74, 0x4f, 0xc1, 0x6c, 0x34, 0x8c, 0x11, 0xb0, 0x93,
+    0x41, 0x99, 0x23, 0x2e, 0xa4, 0xc1, 0x9f, 0x34, 0x74, 0x64,
+    0xbb, 0xd7, 0x4f, 0x8f, 0x9f, 0x3a, 0x0c, 0x4f, 0x5e, 0xdd,
+    0x41, 0x07, 0xf1, 0xfd, 0x5a, 0x9d, 0xe6, 0x77, 0xd8, 0x7e,
+    0x71, 0x7b, 0xad, 0xf7, 0x76, 0x13, 0x71, 0x90, 0xb3, 0x0f,
+    0x46, 0x8e, 0xee, 0x7b, 0x33, 0x97, 0x5d, 0x21, 0x3b, 0xa0,
+    0x58, 0x9e, 0xb7, 0x87, 0x30, 0x8f, 0xc1, 0x23, 0x2c, 0xde,
+    0xf7, 0x0d, 0xa9, 0xd6, 0x50, 0xeb, 0x35, 0x7a, 0x82, 0xab,
+    0x22, 0x49, 0x86, 0xd4, 0x61, 0xc7, 0xc2, 0x4e, 0x77, 0xfc,
+    0x16, 0x0b, 0xaf, 0x81, 0x6a, 0x47, 0xea, 0xac, 0x7e, 0x51,
+    0x4c, 0x56, 0x30, 0x21, 0x46, 0x41, 0xc3, 0x92, 0x60, 0x99,
+    0x4f, 0x88, 0x36, 0x3b, 0x27, 0xb4, 0xb2, 0x7e, 0x44, 0x2f,
+    0xdd, 0x95, 0xe4, 0x5e, 0x16, 0x1f, 0xa7, 0x32, 0x6b, 0x60,
+    0x24, 0x0f, 0xf2, 0xe6, 0x35, 0x3c, 0x0c, 0x3e, 0xb5, 0xd6,
+    0xdd, 0x63, 0xe2, 0x76, 0x35, 0x38, 0x79, 0xbf, 0xa5, 0x23,
+    0xa4, 0xdd, 0xeb, 0x01, 0x48, 0xd0, 0x60, 0x86, 0x11, 0x38,
+    0x5f, 0x9e, 0x6b, 0x00, 0x67, 0xd2, 0x5b, 0x41, 0x0a, 0x5e,
+    0x13, 0x0f, 0xa1, 0x9e, 0x90, 0x85, 0xa6, 0x7f, 0xe5, 0x4b,
+    0x9e, 0x93, 0x4e, 0x5b, 0x1f, 0x47, 0x62, 0xb0, 0x23, 0xbe,
+    0x82, 0xa9, 0xd9, 0xb6, 0x2e, 0xfd, 0xb1, 0x10, 0xca, 0xe0,
+    0xc9, 0x5d, 0xf6, 0x85, 0x18, 0x6c, 0x9c, 0x1d, 0x1f, 0x7c,
+    0xf6, 0x55, 0x09, 0x80, 0xcf, 0xac, 0xfe, 0x37, 0x6a, 0x4f,
+    0x96, 0xaa, 0x40, 0x79, 0x8b, 0x4a, 0xf2, 0x96, 0x79, 0x12,
+    0x1a, 0x26, 0x87, 0x06, 0x35, 0x4d, 0xd4, 0x3e, 0x14, 0x39,
+    0xe5, 0x6c, 0x39, 0x0f, 0x84, 0xb3, 0x5f, 0xed, 0xf4, 0xff,
+    0x89, 0x52, 0x05, 0x00, 0xf1, 0xd1, 0xc3, 0xcf, 0x54, 0x10,
+    0x24, 0x7c, 0xa6, 0xb5, 0x95, 0xa8, 0x6e, 0x13, 0x3e, 0x4a,
+    0x40, 0x6c, 0xf9, 0x63, 0x90, 0x44, 0x52, 0x07, 0x53, 0xb7,
+    0x51, 0xd9, 0x18, 0x47, 0x2e, 0xb0, 0x4e, 0x0f, 0x09, 0x99,
+    0x3a, 0x97, 0x26, 0x53, 0xa6, 0x02, 0x06, 0x0e, 0x93, 0xe1,
+    0x0b, 0xc5, 0xa9, 0x14, 0xd3, 0xd6, 0x8a, 0x29, 0x75, 0xcd,
+    0xb6, 0x7b, 0x64, 0x7c, 0xdd, 0x7e, 0xb4, 0x0a, 0x87, 0x48,
+    0x4a, 0x1b, 0x0e, 0x74, 0x4c, 0xd3, 0x0e, 0x96, 0x0e, 0x53,
+    0xc4, 0x3d, 0x7b, 0x1c, 0x87, 0x6a, 0x15, 0xd8, 0x77, 0xba,
+    0xe6, 0xa0, 0x2f, 0x2c, 0x1a, 0x9d, 0xde, 0x79, 0xfd, 0xab,
+    0x44, 0x80, 0xf0, 0x37, 0x9a, 0x3b, 0xf8, 0xde, 0x3d, 0x29,
+    0xcb, 0x89, 0x64, 0x4b, 0x57, 0xe7, 0x6b, 0x84, 0x09, 0x27,
+    0x17, 0x2f, 0xb2, 0xba, 0x3d, 0x09, 0xc9, 0x3c, 0x89, 0xe6,
+    0x19, 0x73, 0x83, 0xf7, 0xc6, 0x19, 0x18, 0x96, 0xb2, 0x7d,
+    0x1e, 0x9f, 0x70, 0x1f, 0xfc, 0x1f, 0xe2, 0xb5, 0x69, 0x1e,
+    0xf4, 0x65, 0x91, 0xce, 0x4b, 0xdc, 0x74, 0x49, 0x21, 0x64,
+    0x8b, 0x33, 0x50, 0xd2, 0xc1, 0x33, 0x62, 0x5b, 0xde, 0x0a,
+    0x72, 0xbe, 0xc0, 0x05, 0x51, 0x15, 0x80, 0xed, 0x32, 0x3a,
+    0x64, 0xa2, 0x73, 0x68, 0x5b, 0x16, 0xcf, 0x70, 0x5c, 0x98,
+    0xe5, 0x67, 0x45, 0x60, 0x57, 0x2b, 0x47, 0x0a, 0x22, 0x73,
+    0xc3, 0x56, 0x33, 0x3e, 0x14, 0x1d, 0x0c, 0xd1, 0x03, 0x08,
+    0x92, 0x21, 0x2b, 0xa9, 0x6e, 0x6b, 0xf9, 0x0c, 0x1e, 0x86,
+    0xdd, 0xb5, 0xbb, 0xa4, 0xa5, 0x82, 0x99, 0x98, 0x49, 0x36,
+    0xec, 0x98, 0x98, 0x95, 0xac, 0xc2, 0xa0, 0x1f, 0xa5, 0x7e,
+    0x67, 0xd1, 0xcf, 0x6a, 0xf4, 0x16, 0x08, 0x7a, 0x8d, 0x0b,
+    0xae, 0x12, 0x51, 0xe6, 0x8e, 0xe6, 0xcd, 0xa1, 0xaa, 0x6d,
+    0xe4, 0x54, 0xd4, 0x69, 0x1b, 0x09, 0x6a, 0xba, 0x5e, 0x0b,
+    0x11, 0x9c, 0x83, 0xb3, 0x5c, 0x67, 0xbb, 0x2d, 0xf8, 0x66,
+    0x1c, 0x33, 0xb8, 0x22, 0x58, 0x10, 0x96, 0xe9, 0x99, 0xaf,
+    0x0b, 0x2a, 0xf1, 0xe0, 0xcb, 0x56, 0xfb, 0x6d, 0x04, 0x40,
+    0xec, 0x37, 0x67, 0x1e, 0x08, 0x7a, 0x1c, 0xe9, 0xd8, 0x54,
+    0xf7, 0xd4, 0xc7, 0x3c, 0x45, 0x23, 0x2b, 0x76, 0xd2, 0x62,
+    0xc2, 0x53, 0xce, 0xfe, 0x02, 0xc4, 0xd9, 0xf6, 0x3c, 0xed,
+    0x49, 0x47, 0x21, 0xf9, 0x03, 0x3a, 0xa0, 0x16, 0x3a, 0xfe,
+    0x0c, 0x2f, 0x54, 0x7e, 0x85, 0x29, 0x7b, 0xc0, 0xaf, 0xa8,
+    0x5d, 0x31, 0x25, 0xda, 0xa7, 0xe3, 0x92, 0x1b, 0x64, 0x01,
+    0x1b, 0x3f, 0x6e, 0x47, 0xc5, 0x5a, 0x84, 0x52, 0x17, 0x02,
+    0x82, 0x03, 0xc1, 0x00, 0x81, 0x99, 0x2e, 0x72, 0x41, 0x6e,
+    0x86, 0xeb, 0x6f, 0x42, 0xd1, 0x38, 0x6e, 0xaa, 0x1a, 0xd5,
+    0x0a, 0xad, 0x51, 0xb1, 0xce, 0xd6, 0x35, 0xbe, 0x34, 0xd8,
+    0xc1, 0xe4, 0x5f, 0xdf, 0x2e, 0xe4, 0x90, 0xf2, 0x61, 0x21,
+    0x46, 0xc6, 0xfe, 0xab, 0x0f, 0x6c, 0x97, 0x78, 0xcd, 0x55,
+    0x86, 0x83, 0x61, 0x99, 0x49, 0x14, 0x86, 0xc6, 0x86, 0xf1,
+    0x41, 0x66, 0xc9, 0x39, 0x52, 0x99, 0x49, 0x07, 0xd6, 0x9d,
+    0xb7, 0x40, 0x34, 0x5f, 0xe7, 0x3a, 0xfa, 0x95, 0xeb, 0xa1,
+    0x03, 0xb7, 0x52, 0x71, 0x93, 0x30, 0x0b, 0x51, 0x58, 0x82,
+    0x07, 0x2f, 0x44, 0xa9, 0x4f, 0x9b, 0x1b, 0xf3, 0xd6, 0x21,
+    0x3d, 0x68, 0xef, 0x3f, 0xaf, 0xc2, 0x6f, 0xa0, 0xd5, 0x2b,
+    0xb8, 0x73, 0x84, 0x67, 0x36, 0x8b, 0xa4, 0x25, 0xe0, 0x86,
+    0xd9, 0x14, 0x5c, 0x6c, 0xd8, 0x61, 0xe1, 0x0a, 0x6c, 0xaf,
+    0xbb, 0x9c, 0xf6, 0x74, 0xca, 0x5a, 0x04, 0xac, 0x85, 0xc1,
+    0x1b, 0x4d, 0xf2, 0x07, 0xb6, 0x1e, 0x97, 0x7b, 0x75, 0xdf,
+    0x9b, 0x8a, 0x31, 0xc6, 0x90, 0xd5, 0x8d, 0x39, 0xc2, 0x54,
+    0xf4, 0xe2, 0x83, 0x57, 0x12, 0x19, 0xf5, 0xb2, 0xd2, 0x53,
+    0x81, 0x6d, 0xf0, 0x09, 0xc9, 0x80, 0x8b, 0x07, 0x7c, 0x59,
+    0xcd, 0x78, 0x00, 0xd6, 0x44, 0x7f, 0xe4, 0xdb, 0x77, 0x02,
+    0x00, 0x25, 0x79, 0x91, 0xc9, 0xde, 0xd0, 0xed, 0x3f, 0xfc,
+    0x37, 0x36, 0xea, 0xf0, 0x56, 0x50, 0xe7, 0x38, 0xca, 0xe1,
+    0x67, 0x12, 0x96, 0x55, 0x3e, 0xff, 0x97, 0xe5, 0xa7, 0x03,
+    0x5b, 0x72, 0x80, 0xd6, 0xa5, 0x23, 0x39, 0x78, 0x07, 0xc8,
+    0x83, 0x19, 0x74, 0xfb, 0x79, 0xc2, 0x9e, 0xbd, 0xf9, 0xaf,
+    0x09, 0x0f, 0xbd, 0x3d, 0x34, 0xe8, 0x44, 0x89, 0xb1, 0xf1,
+    0x2b, 0xa5, 0xff, 0x22, 0xc9, 0x47, 0xe2, 0x31, 0xb5, 0x6b,
+    0x8a, 0x65, 0x5f, 0x81, 0x5f, 0x89, 0xb0, 0x03, 0x5d, 0x53,
+    0x0e, 0xdd, 0xfb, 0xe5, 0x70, 0xaa, 0xd2, 0x37, 0x4d, 0xa1,
+    0x7c, 0xf2, 0xe4, 0x7f, 0xf1, 0x4a, 0xaf, 0x12, 0xd1, 0x83,
+    0xdc, 0xb2, 0x9e, 0xc1, 0x95, 0x3d, 0x04, 0x9f, 0xa3, 0xad,
+    0xcc, 0x78, 0x14, 0x9a, 0xf9, 0x58, 0x39, 0x08, 0x15, 0xda,
+    0x1b, 0x94, 0x50, 0x2d, 0x44, 0xc0, 0x23, 0x1c, 0x36, 0x5f,
+    0x16, 0x08, 0xa3, 0xdf, 0x9e, 0x4f, 0xbb, 0x07, 0xcd, 0xe3,
+    0x8c, 0xbf, 0xf1, 0xc3, 0x3e, 0x98, 0xf8, 0x49, 0x79, 0x58,
+    0xc9, 0x0f, 0x47, 0xc0, 0xab, 0x2f, 0x21, 0x63, 0xf6, 0xe6,
+    0xfe, 0x8a, 0xea, 0xbc, 0x32, 0x63, 0xca, 0x75, 0xf8, 0xa4,
+    0x1b, 0x6c, 0xfe, 0x9a, 0x6e, 0x68, 0x1f, 0x48, 0x59, 0xfb,
+    0x34, 0x43, 0x10, 0xd5, 0x0d, 0x80, 0x54, 0xcb, 0x67, 0x21,
+    0xc7, 0x13, 0x85, 0x38, 0x0c, 0xf9, 0x40, 0x2e, 0x2e, 0x4a,
+    0x05, 0x9e, 0x51, 0xae, 0xdd, 0xba, 0x23, 0x83, 0x66, 0x2a,
+    0xbf, 0x7f, 0xca, 0x9c, 0x6c, 0x2d, 0x6b, 0x7d, 0x68, 0x52,
+    0x81, 0x56, 0x2f, 0xea, 0xf9, 0xe7, 0xf1, 0x55, 0x16, 0xfc,
+    0x29, 0xe2, 0xa5, 0x1e, 0x0a, 0x06, 0xe0, 0x85, 0x4e, 0xa6,
+    0x5d, 0x20, 0x9d, 0x2b, 0xa2, 0xad, 0xaa, 0xd6, 0x9b, 0xd2,
+    0x98, 0x29, 0x45, 0x5c, 0x55, 0xc0, 0x91, 0xa2, 0x65, 0xcd,
+    0xac, 0xc6, 0x1a, 0x53, 0xa1, 0x46, 0x13, 0xf9, 0xfe, 0x1a,
+    0xf6, 0xdf, 0xa5, 0x1a, 0x58, 0x7c, 0x81, 0x2e, 0x46, 0x46,
+    0xf7, 0x2f, 0xd6, 0xaa, 0x21, 0xb0, 0x0e, 0x7e, 0xac, 0xb8,
+    0xc6, 0x76, 0x62, 0x82, 0x3b, 0x0a, 0x36, 0xbe, 0x97, 0x16,
+    0xd5, 0x79, 0x55, 0x15, 0x64, 0x2a, 0xbe, 0x19, 0x4e, 0x93,
+    0x3b, 0x44, 0x7c, 0xe2, 0xfc, 0x18, 0x4e, 0x83, 0x37, 0xfb,
+    0x26, 0x78, 0x6d, 0x24, 0x6b, 0x48, 0x21, 0x67, 0xde, 0xf5,
+    0x00, 0x22, 0x9a, 0xec, 0x40, 0x16, 0x96, 0x8a, 0x3f, 0xd5,
+    0xa6, 0x5e, 0x03, 0x84, 0xbb, 0x15, 0x4d, 0x55, 0x71, 0x00,
+    0x90, 0xc2, 0x96, 0x25, 0x01, 0xab, 0xe6, 0x47, 0x44, 0x6f,
+    0xf9, 0x53, 0x80, 0x2b, 0xa8, 0x83, 0xc8, 0x14, 0x77, 0x13,
+    0x00, 0x66, 0xee, 0x7e, 0x7a, 0xa0, 0x28, 0x65, 0xf3, 0x31,
+    0xb6, 0xac, 0xd7, 0x87, 0x84, 0x29, 0xed, 0x5b, 0xcd, 0x74,
+    0xc0, 0x89, 0x51, 0x11, 0x9a, 0xd5, 0x7b, 0xe0, 0x9c, 0xd0,
+    0x8d, 0x72, 0xe3, 0x77, 0xda, 0x0a, 0xc2, 0xdc, 0x6f, 0xad,
+    0x49, 0x03, 0xfa, 0xe6, 0x7e, 0xa6, 0x24, 0x32, 0xe6, 0x8f,
+    0xd9, 0x70, 0xfa, 0x59, 0x70, 0xa9, 0xa3, 0x08, 0x7d, 0x89,
+    0xc4, 0x96, 0x61, 0xc2, 0xf5, 0xe5, 0xb5, 0x3b, 0x0d, 0xec,
+    0xb8, 0x9c, 0xee, 0x09, 0x77, 0x27, 0xbd, 0x35, 0x66, 0x90,
+    0x9e, 0x46, 0xf7, 0xbd, 0xa6, 0xc5, 0x31, 0xd4, 0x6a, 0x52,
+    0x17, 0x5d, 0x0a, 0x0e, 0x2c, 0x34, 0x7a, 0x6a, 0x21, 0xac,
+    0x42, 0xf0, 0x31, 0xde, 0x48, 0xe0, 0x27, 0xd0, 0x79, 0xc9,
+    0x06, 0x94, 0x7b, 0x51, 0x4b, 0x5b, 0x02, 0x6a, 0x19, 0xba,
+    0x71, 0x45, 0x9c, 0xdf, 0xe6, 0x30, 0x9e, 0xaa, 0xad, 0xa1,
+    0x87, 0xf6, 0x37, 0xde, 0xa2, 0x97, 0x68, 0x20, 0x2d, 0x5a,
+    0xdc, 0xdd, 0x91, 0x63, 0x5f, 0x79, 0xda, 0x99, 0x20, 0x3a,
+    0x4b, 0xe5, 0x43, 0x0e, 0x12, 0x70, 0x57, 0x91, 0xfa, 0xee,
+    0xc4, 0xb6, 0xb6, 0xb1, 0xf1, 0x06, 0xbd, 0xcf, 0x8d, 0x2a,
+    0x05, 0xc0, 0x07, 0x23, 0x84, 0x85, 0xef, 0x9c, 0xbb, 0x6f,
+    0x5f, 0x4a, 0x9a, 0x27, 0x9f, 0x9f, 0x32, 0x97, 0xe8, 0x24,
+    0xb9, 0x64, 0x2c, 0x39, 0xff, 0x2f, 0x4b, 0xc4, 0x7e, 0x65,
+    0xfe, 0xbb, 0x5c, 0xa0, 0xb2, 0x6e, 0xc4, 0xb6, 0x93, 0x2b,
+    0x51, 0x9e, 0x2e, 0x1f, 0xd8, 0xcf, 0x60, 0xe0, 0x75, 0x15,
+    0xf9, 0xa0, 0x67, 0x99, 0x88, 0x2b, 0x76, 0xce, 0x41, 0x42,
+    0x10, 0x29, 0x89, 0xbf, 0xca, 0xb7, 0x61, 0x08, 0x94, 0xee,
+    0xa0, 0xb3, 0x3a, 0x09, 0xc5, 0x6f, 0x04, 0xf9, 0x1b, 0xb5,
+    0x64, 0x99, 0x08, 0xe4, 0xcc, 0xce, 0xdf, 0x71, 0x65, 0x8a,
+    0x6d, 0x62, 0xde, 0x76, 0x1d, 0x6d, 0x6b, 0x78, 0x22, 0x32,
+    0x63, 0xdd, 0x53, 0x7d, 0xec, 0xed, 0x9d, 0x82, 0xa9, 0x2c,
+    0x5c, 0x8a, 0x17, 0xdd, 0x85, 0xf9, 0xd2, 0xac, 0x6e, 0x98,
+    0x60, 0x2e, 0x08, 0xd4, 0x06, 0x76, 0xf4, 0x97, 0xca, 0xb1,
+    0x72, 0x50, 0x5b, 0x83, 0xea, 0xbb, 0x39, 0x0f, 0x18, 0xb3,
+    0xb8, 0x03, 0xee, 0x7c, 0x84, 0xa9, 0x69, 0xcd, 0x1d, 0xbd,
+    0xe2, 0xb7, 0xce, 0xe2, 0x6f, 0x03, 0x49, 0x52, 0x67, 0xa0,
+    0x1b, 0x23, 0x43, 0x92, 0x2c, 0x7c, 0x3b, 0x65, 0xe8, 0x61,
+    0x99, 0xde, 0xb5, 0xf1, 0x63, 0x73, 0x92, 0x6c, 0x70, 0x8b,
+    0x83, 0x10, 0xb4, 0x06, 0x2c, 0x99, 0x12, 0x73, 0xec, 0x87,
+    0x92, 0x09, 0x67, 0x96, 0xd6, 0x9c, 0x9f, 0x35, 0x48, 0x48,
+    0x3b, 0x44, 0x00, 0x73, 0x1c, 0x59, 0xeb, 0x81, 0x7b, 0xd1,
+    0xda, 0x76, 0xcf, 0xc2, 0x4d, 0xf1, 0xa2, 0x5b, 0x2f, 0x5f,
+    0x91, 0x29, 0x6e, 0x08, 0x37, 0xd6, 0xaa, 0xd2, 0xf8, 0x4f,
+    0x5e, 0x00, 0x16, 0x52
+};
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/timeouts.h b/trunk/3rdparty/openssl-1.1-fit/apps/timeouts.h
new file mode 100644
index 000000000..e023b0aa4
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/timeouts.h
@@ -0,0 +1,17 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef INCLUDED_TIMEOUTS_H
+# define INCLUDED_TIMEOUTS_H
+
+/* numbers in us */
+# define DGRAM_RCV_TIMEOUT         250000
+# define DGRAM_SND_TIMEOUT         250000
+
+#endif                          /* ! INCLUDED_TIMEOUTS_H */
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/ts.c b/trunk/3rdparty/openssl-1.1-fit/apps/ts.c
new file mode 100644
index 000000000..930c1daaa
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/ts.c
@@ -0,0 +1,986 @@
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_TS
+NON_EMPTY_TRANSLATION_UNIT
+#else
+# include <stdio.h>
+# include <stdlib.h>
+# include <string.h>
+# include "apps.h"
+# include "progs.h"
+# include <openssl/bio.h>
+# include <openssl/err.h>
+# include <openssl/pem.h>
+# include <openssl/rand.h>
+# include <openssl/ts.h>
+# include <openssl/bn.h>
+
+/* Request nonce length, in bits (must be a multiple of 8). */
+# define NONCE_LENGTH            64
+
+/* Name of config entry that defines the OID file. */
+# define ENV_OID_FILE            "oid_file"
+
+/* Is |EXACTLY_ONE| of three pointers set? */
+# define EXACTLY_ONE(a, b, c) \
+        (( a && !b && !c) || \
+         ( b && !a && !c) || \
+         ( c && !a && !b))
+
+static ASN1_OBJECT *txt2obj(const char *oid);
+static CONF *load_config_file(const char *configfile);
+
+/* Query related functions. */
+static int query_command(const char *data, const char *digest,
+                         const EVP_MD *md, const char *policy, int no_nonce,
+                         int cert, const char *in, const char *out, int text);
+static TS_REQ *create_query(BIO *data_bio, const char *digest, const EVP_MD *md,
+                            const char *policy, int no_nonce, int cert);
+static int create_digest(BIO *input, const char *digest,
+                         const EVP_MD *md, unsigned char **md_value);
+static ASN1_INTEGER *create_nonce(int bits);
+
+/* Reply related functions. */
+static int reply_command(CONF *conf, const char *section, const char *engine,
+                         const char *queryfile, const char *passin, const char *inkey,
+                         const EVP_MD *md, const char *signer, const char *chain,
+                         const char *policy, const char *in, int token_in,
+                         const char *out, int token_out, int text);
+static TS_RESP *read_PKCS7(BIO *in_bio);
+static TS_RESP *create_response(CONF *conf, const char *section, const char *engine,
+                                const char *queryfile, const char *passin,
+                                const char *inkey, const EVP_MD *md, const char *signer,
+                                const char *chain, const char *policy);
+static ASN1_INTEGER *serial_cb(TS_RESP_CTX *ctx, void *data);
+static ASN1_INTEGER *next_serial(const char *serialfile);
+static int save_ts_serial(const char *serialfile, ASN1_INTEGER *serial);
+
+/* Verify related functions. */
+static int verify_command(const char *data, const char *digest, const char *queryfile,
+                          const char *in, int token_in,
+                          const char *CApath, const char *CAfile, const char *untrusted,
+                          X509_VERIFY_PARAM *vpm);
+static TS_VERIFY_CTX *create_verify_ctx(const char *data, const char *digest,
+                                        const char *queryfile,
+                                        const char *CApath, const char *CAfile,
+                                        const char *untrusted,
+                                        X509_VERIFY_PARAM *vpm);
+static X509_STORE *create_cert_store(const char *CApath, const char *CAfile,
+                                     X509_VERIFY_PARAM *vpm);
+static int verify_cb(int ok, X509_STORE_CTX *ctx);
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_ENGINE, OPT_CONFIG, OPT_SECTION, OPT_QUERY, OPT_DATA,
+    OPT_DIGEST, OPT_TSPOLICY, OPT_NO_NONCE, OPT_CERT,
+    OPT_IN, OPT_TOKEN_IN, OPT_OUT, OPT_TOKEN_OUT, OPT_TEXT,
+    OPT_REPLY, OPT_QUERYFILE, OPT_PASSIN, OPT_INKEY, OPT_SIGNER,
+    OPT_CHAIN, OPT_VERIFY, OPT_CAPATH, OPT_CAFILE, OPT_UNTRUSTED,
+    OPT_MD, OPT_V_ENUM, OPT_R_ENUM
+} OPTION_CHOICE;
+
+const OPTIONS ts_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"config", OPT_CONFIG, '<', "Configuration file"},
+    {"section", OPT_SECTION, 's', "Section to use within config file"},
+    {"query", OPT_QUERY, '-', "Generate a TS query"},
+    {"data", OPT_DATA, '<', "File to hash"},
+    {"digest", OPT_DIGEST, 's', "Digest (as a hex string)"},
+    OPT_R_OPTIONS,
+    {"tspolicy", OPT_TSPOLICY, 's', "Policy OID to use"},
+    {"no_nonce", OPT_NO_NONCE, '-', "Do not include a nonce"},
+    {"cert", OPT_CERT, '-', "Put cert request into query"},
+    {"in", OPT_IN, '<', "Input file"},
+    {"token_in", OPT_TOKEN_IN, '-', "Input is a PKCS#7 file"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"token_out", OPT_TOKEN_OUT, '-', "Output is a PKCS#7 file"},
+    {"text", OPT_TEXT, '-', "Output text (not DER)"},
+    {"reply", OPT_REPLY, '-', "Generate a TS reply"},
+    {"queryfile", OPT_QUERYFILE, '<', "File containing a TS query"},
+    {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+    {"inkey", OPT_INKEY, 's', "File with private key for reply"},
+    {"signer", OPT_SIGNER, 's', "Signer certificate file"},
+    {"chain", OPT_CHAIN, '<', "File with signer CA chain"},
+    {"verify", OPT_VERIFY, '-', "Verify a TS response"},
+    {"CApath", OPT_CAPATH, '/', "Path to trusted CA files"},
+    {"CAfile", OPT_CAFILE, '<', "File with trusted CA certs"},
+    {"untrusted", OPT_UNTRUSTED, '<', "File with untrusted certs"},
+    {"", OPT_MD, '-', "Any supported digest"},
+# ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+# endif
+    {OPT_HELP_STR, 1, '-', "\nOptions specific to 'ts -verify': \n"},
+    OPT_V_OPTIONS,
+    {OPT_HELP_STR, 1, '-', "\n"},
+    {NULL}
+};
+
+/*
+ * This command is so complex, special help is needed.
+ */
+static char* opt_helplist[] = {
+    "Typical uses:",
+    "ts -query [-rand file...] [-config file] [-data file]",
+    "          [-digest hexstring] [-tspolicy oid] [-no_nonce] [-cert]",
+    "          [-in file] [-out file] [-text]",
+    "  or",
+    "ts -reply [-config file] [-section tsa_section]",
+    "          [-queryfile file] [-passin password]",
+    "          [-signer tsa_cert.pem] [-inkey private_key.pem]",
+    "          [-chain certs_file.pem] [-tspolicy oid]",
+    "          [-in file] [-token_in] [-out file] [-token_out]",
+# ifndef OPENSSL_NO_ENGINE
+    "          [-text] [-engine id]",
+# else
+    "          [-text]",
+# endif
+    "  or",
+    "ts -verify -CApath dir -CAfile file.pem -untrusted file.pem",
+    "           [-data file] [-digest hexstring]",
+    "           [-queryfile file] -in file [-token_in]",
+    "           [[options specific to 'ts -verify']]",
+    NULL,
+};
+
+int ts_main(int argc, char **argv)
+{
+    CONF *conf = NULL;
+    const char *CAfile = NULL, *untrusted = NULL, *prog;
+    const char *configfile = default_config_file, *engine = NULL;
+    const char *section = NULL;
+    char **helpp;
+    char *password = NULL;
+    char *data = NULL, *digest = NULL, *policy = NULL;
+    char *in = NULL, *out = NULL, *queryfile = NULL, *passin = NULL;
+    char *inkey = NULL, *signer = NULL, *chain = NULL, *CApath = NULL;
+    const EVP_MD *md = NULL;
+    OPTION_CHOICE o, mode = OPT_ERR;
+    int ret = 1, no_nonce = 0, cert = 0, text = 0;
+    int vpmtouched = 0;
+    X509_VERIFY_PARAM *vpm = NULL;
+    /* Input is ContentInfo instead of TimeStampResp. */
+    int token_in = 0;
+    /* Output is ContentInfo instead of TimeStampResp. */
+    int token_out = 0;
+
+    if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
+        goto end;
+
+    prog = opt_init(argc, argv, ts_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(ts_options);
+            for (helpp = opt_helplist; *helpp; ++helpp)
+                BIO_printf(bio_err, "%s\n", *helpp);
+            ret = 0;
+            goto end;
+        case OPT_CONFIG:
+            configfile = opt_arg();
+            break;
+        case OPT_SECTION:
+            section = opt_arg();
+            break;
+        case OPT_QUERY:
+        case OPT_REPLY:
+        case OPT_VERIFY:
+            if (mode != OPT_ERR)
+                goto opthelp;
+            mode = o;
+            break;
+        case OPT_DATA:
+            data = opt_arg();
+            break;
+        case OPT_DIGEST:
+            digest = opt_arg();
+            break;
+        case OPT_R_CASES:
+            if (!opt_rand(o))
+                goto end;
+            break;
+        case OPT_TSPOLICY:
+            policy = opt_arg();
+            break;
+        case OPT_NO_NONCE:
+            no_nonce = 1;
+            break;
+        case OPT_CERT:
+            cert = 1;
+            break;
+        case OPT_IN:
+            in = opt_arg();
+            break;
+        case OPT_TOKEN_IN:
+            token_in = 1;
+            break;
+        case OPT_OUT:
+            out = opt_arg();
+            break;
+        case OPT_TOKEN_OUT:
+            token_out = 1;
+            break;
+        case OPT_TEXT:
+            text = 1;
+            break;
+        case OPT_QUERYFILE:
+            queryfile = opt_arg();
+            break;
+        case OPT_PASSIN:
+            passin = opt_arg();
+            break;
+        case OPT_INKEY:
+            inkey = opt_arg();
+            break;
+        case OPT_SIGNER:
+            signer = opt_arg();
+            break;
+        case OPT_CHAIN:
+            chain = opt_arg();
+            break;
+        case OPT_CAPATH:
+            CApath = opt_arg();
+            break;
+        case OPT_CAFILE:
+            CAfile = opt_arg();
+            break;
+        case OPT_UNTRUSTED:
+            untrusted = opt_arg();
+            break;
+        case OPT_ENGINE:
+            engine = opt_arg();
+            break;
+        case OPT_MD:
+            if (!opt_md(opt_unknown(), &md))
+                goto opthelp;
+            break;
+        case OPT_V_CASES:
+            if (!opt_verify(o, vpm))
+                goto end;
+            vpmtouched++;
+            break;
+        }
+    }
+    if (mode == OPT_ERR || opt_num_rest() != 0)
+        goto opthelp;
+
+    if (mode == OPT_REPLY && passin &&
+        !app_passwd(passin, NULL, &password, NULL)) {
+        BIO_printf(bio_err, "Error getting password.\n");
+        goto end;
+    }
+
+    conf = load_config_file(configfile);
+    if (configfile != default_config_file && !app_load_modules(conf))
+        goto end;
+
+    /* Check parameter consistency and execute the appropriate function. */
+    if (mode == OPT_QUERY) {
+        if (vpmtouched)
+            goto opthelp;
+        if ((data != NULL) && (digest != NULL))
+            goto opthelp;
+        ret = !query_command(data, digest, md, policy, no_nonce, cert,
+                             in, out, text);
+    } else if (mode == OPT_REPLY) {
+        if (vpmtouched)
+            goto opthelp;
+        if ((in != NULL) && (queryfile != NULL))
+            goto opthelp;
+        if (in == NULL) {
+            if ((conf == NULL) || (token_in != 0))
+                goto opthelp;
+        }
+        ret = !reply_command(conf, section, engine, queryfile,
+                             password, inkey, md, signer, chain, policy,
+                             in, token_in, out, token_out, text);
+
+    } else if (mode == OPT_VERIFY) {
+        if ((in == NULL) || !EXACTLY_ONE(queryfile, data, digest))
+            goto opthelp;
+        ret = !verify_command(data, digest, queryfile, in, token_in,
+                              CApath, CAfile, untrusted,
+                              vpmtouched ? vpm : NULL);
+    } else {
+        goto opthelp;
+    }
+
+ end:
+    X509_VERIFY_PARAM_free(vpm);
+    NCONF_free(conf);
+    OPENSSL_free(password);
+    return ret;
+}
+
+/*
+ * Configuration file-related function definitions.
+ */
+
+static ASN1_OBJECT *txt2obj(const char *oid)
+{
+    ASN1_OBJECT *oid_obj = NULL;
+
+    if ((oid_obj = OBJ_txt2obj(oid, 0)) == NULL)
+        BIO_printf(bio_err, "cannot convert %s to OID\n", oid);
+
+    return oid_obj;
+}
+
+static CONF *load_config_file(const char *configfile)
+{
+    CONF *conf = app_load_config(configfile);
+
+    if (conf != NULL) {
+        const char *p;
+
+        BIO_printf(bio_err, "Using configuration from %s\n", configfile);
+        p = NCONF_get_string(conf, NULL, ENV_OID_FILE);
+        if (p != NULL) {
+            BIO *oid_bio = BIO_new_file(p, "r");
+            if (!oid_bio)
+                ERR_print_errors(bio_err);
+            else {
+                OBJ_create_objects(oid_bio);
+                BIO_free_all(oid_bio);
+            }
+        } else
+            ERR_clear_error();
+        if (!add_oid_section(conf))
+            ERR_print_errors(bio_err);
+    }
+    return conf;
+}
+
+/*
+ * Query-related method definitions.
+ */
+static int query_command(const char *data, const char *digest, const EVP_MD *md,
+                         const char *policy, int no_nonce,
+                         int cert, const char *in, const char *out, int text)
+{
+    int ret = 0;
+    TS_REQ *query = NULL;
+    BIO *in_bio = NULL;
+    BIO *data_bio = NULL;
+    BIO *out_bio = NULL;
+
+    /* Build query object. */
+    if (in != NULL) {
+        if ((in_bio = bio_open_default(in, 'r', FORMAT_ASN1)) == NULL)
+            goto end;
+        query = d2i_TS_REQ_bio(in_bio, NULL);
+    } else {
+        if (digest == NULL
+            && (data_bio = bio_open_default(data, 'r', FORMAT_ASN1)) == NULL)
+            goto end;
+        query = create_query(data_bio, digest, md, policy, no_nonce, cert);
+    }
+    if (query == NULL)
+        goto end;
+
+    if (text) {
+        if ((out_bio = bio_open_default(out, 'w', FORMAT_TEXT)) == NULL)
+            goto end;
+        if (!TS_REQ_print_bio(out_bio, query))
+            goto end;
+    } else {
+        if ((out_bio = bio_open_default(out, 'w', FORMAT_ASN1)) == NULL)
+            goto end;
+        if (!i2d_TS_REQ_bio(out_bio, query))
+            goto end;
+    }
+
+    ret = 1;
+
+ end:
+    ERR_print_errors(bio_err);
+    BIO_free_all(in_bio);
+    BIO_free_all(data_bio);
+    BIO_free_all(out_bio);
+    TS_REQ_free(query);
+    return ret;
+}
+
+static TS_REQ *create_query(BIO *data_bio, const char *digest, const EVP_MD *md,
+                            const char *policy, int no_nonce, int cert)
+{
+    int ret = 0;
+    TS_REQ *ts_req = NULL;
+    int len;
+    TS_MSG_IMPRINT *msg_imprint = NULL;
+    X509_ALGOR *algo = NULL;
+    unsigned char *data = NULL;
+    ASN1_OBJECT *policy_obj = NULL;
+    ASN1_INTEGER *nonce_asn1 = NULL;
+
+    if (md == NULL && (md = EVP_get_digestbyname("sha1")) == NULL)
+        goto err;
+    if ((ts_req = TS_REQ_new()) == NULL)
+        goto err;
+    if (!TS_REQ_set_version(ts_req, 1))
+        goto err;
+    if ((msg_imprint = TS_MSG_IMPRINT_new()) == NULL)
+        goto err;
+    if ((algo = X509_ALGOR_new()) == NULL)
+        goto err;
+    if ((algo->algorithm = OBJ_nid2obj(EVP_MD_type(md))) == NULL)
+        goto err;
+    if ((algo->parameter = ASN1_TYPE_new()) == NULL)
+        goto err;
+    algo->parameter->type = V_ASN1_NULL;
+    if (!TS_MSG_IMPRINT_set_algo(msg_imprint, algo))
+        goto err;
+    if ((len = create_digest(data_bio, digest, md, &data)) == 0)
+        goto err;
+    if (!TS_MSG_IMPRINT_set_msg(msg_imprint, data, len))
+        goto err;
+    if (!TS_REQ_set_msg_imprint(ts_req, msg_imprint))
+        goto err;
+    if (policy && (policy_obj = txt2obj(policy)) == NULL)
+        goto err;
+    if (policy_obj && !TS_REQ_set_policy_id(ts_req, policy_obj))
+        goto err;
+
+    /* Setting nonce if requested. */
+    if (!no_nonce && (nonce_asn1 = create_nonce(NONCE_LENGTH)) == NULL)
+        goto err;
+    if (nonce_asn1 && !TS_REQ_set_nonce(ts_req, nonce_asn1))
+        goto err;
+    if (!TS_REQ_set_cert_req(ts_req, cert))
+        goto err;
+
+    ret = 1;
+ err:
+    if (!ret) {
+        TS_REQ_free(ts_req);
+        ts_req = NULL;
+        BIO_printf(bio_err, "could not create query\n");
+        ERR_print_errors(bio_err);
+    }
+    TS_MSG_IMPRINT_free(msg_imprint);
+    X509_ALGOR_free(algo);
+    OPENSSL_free(data);
+    ASN1_OBJECT_free(policy_obj);
+    ASN1_INTEGER_free(nonce_asn1);
+    return ts_req;
+}
+
+static int create_digest(BIO *input, const char *digest, const EVP_MD *md,
+                         unsigned char **md_value)
+{
+    int md_value_len;
+    int rv = 0;
+    EVP_MD_CTX *md_ctx = NULL;
+
+    md_value_len = EVP_MD_size(md);
+    if (md_value_len < 0)
+        return 0;
+
+    if (input != NULL) {
+        unsigned char buffer[4096];
+        int length;
+
+        md_ctx = EVP_MD_CTX_new();
+        if (md_ctx == NULL)
+            return 0;
+        *md_value = app_malloc(md_value_len, "digest buffer");
+        if (!EVP_DigestInit(md_ctx, md))
+            goto err;
+        while ((length = BIO_read(input, buffer, sizeof(buffer))) > 0) {
+            if (!EVP_DigestUpdate(md_ctx, buffer, length))
+                goto err;
+        }
+        if (!EVP_DigestFinal(md_ctx, *md_value, NULL))
+            goto err;
+        md_value_len = EVP_MD_size(md);
+    } else {
+        long digest_len;
+        *md_value = OPENSSL_hexstr2buf(digest, &digest_len);
+        if (!*md_value || md_value_len != digest_len) {
+            OPENSSL_free(*md_value);
+            *md_value = NULL;
+            BIO_printf(bio_err, "bad digest, %d bytes "
+                       "must be specified\n", md_value_len);
+            return 0;
+        }
+    }
+    rv = md_value_len;
+ err:
+    EVP_MD_CTX_free(md_ctx);
+    return rv;
+}
+
+static ASN1_INTEGER *create_nonce(int bits)
+{
+    unsigned char buf[20];
+    ASN1_INTEGER *nonce = NULL;
+    int len = (bits - 1) / 8 + 1;
+    int i;
+
+    if (len > (int)sizeof(buf))
+        goto err;
+    if (RAND_bytes(buf, len) <= 0)
+        goto err;
+
+    /* Find the first non-zero byte and creating ASN1_INTEGER object. */
+    for (i = 0; i < len && !buf[i]; ++i)
+        continue;
+    if ((nonce = ASN1_INTEGER_new()) == NULL)
+        goto err;
+    OPENSSL_free(nonce->data);
+    nonce->length = len - i;
+    nonce->data = app_malloc(nonce->length + 1, "nonce buffer");
+    memcpy(nonce->data, buf + i, nonce->length);
+    return nonce;
+
+ err:
+    BIO_printf(bio_err, "could not create nonce\n");
+    ASN1_INTEGER_free(nonce);
+    return NULL;
+}
+
+/*
+ * Reply-related method definitions.
+ */
+
+static int reply_command(CONF *conf, const char *section, const char *engine,
+                         const char *queryfile, const char *passin, const char *inkey,
+                         const EVP_MD *md, const char *signer, const char *chain,
+                         const char *policy, const char *in, int token_in,
+                         const char *out, int token_out, int text)
+{
+    int ret = 0;
+    TS_RESP *response = NULL;
+    BIO *in_bio = NULL;
+    BIO *query_bio = NULL;
+    BIO *inkey_bio = NULL;
+    BIO *signer_bio = NULL;
+    BIO *out_bio = NULL;
+
+    if (in != NULL) {
+        if ((in_bio = BIO_new_file(in, "rb")) == NULL)
+            goto end;
+        if (token_in) {
+            response = read_PKCS7(in_bio);
+        } else {
+            response = d2i_TS_RESP_bio(in_bio, NULL);
+        }
+    } else {
+        response = create_response(conf, section, engine, queryfile,
+                                   passin, inkey, md, signer, chain, policy);
+        if (response != NULL)
+            BIO_printf(bio_err, "Response has been generated.\n");
+        else
+            BIO_printf(bio_err, "Response is not generated.\n");
+    }
+    if (response == NULL)
+        goto end;
+
+    /* Write response. */
+    if (text) {
+        if ((out_bio = bio_open_default(out, 'w', FORMAT_TEXT)) == NULL)
+        goto end;
+        if (token_out) {
+            TS_TST_INFO *tst_info = TS_RESP_get_tst_info(response);
+            if (!TS_TST_INFO_print_bio(out_bio, tst_info))
+                goto end;
+        } else {
+            if (!TS_RESP_print_bio(out_bio, response))
+                goto end;
+        }
+    } else {
+        if ((out_bio = bio_open_default(out, 'w', FORMAT_ASN1)) == NULL)
+            goto end;
+        if (token_out) {
+            PKCS7 *token = TS_RESP_get_token(response);
+            if (!i2d_PKCS7_bio(out_bio, token))
+                goto end;
+        } else {
+            if (!i2d_TS_RESP_bio(out_bio, response))
+                goto end;
+        }
+    }
+
+    ret = 1;
+
+ end:
+    ERR_print_errors(bio_err);
+    BIO_free_all(in_bio);
+    BIO_free_all(query_bio);
+    BIO_free_all(inkey_bio);
+    BIO_free_all(signer_bio);
+    BIO_free_all(out_bio);
+    TS_RESP_free(response);
+    return ret;
+}
+
+/* Reads a PKCS7 token and adds default 'granted' status info to it. */
+static TS_RESP *read_PKCS7(BIO *in_bio)
+{
+    int ret = 0;
+    PKCS7 *token = NULL;
+    TS_TST_INFO *tst_info = NULL;
+    TS_RESP *resp = NULL;
+    TS_STATUS_INFO *si = NULL;
+
+    if ((token = d2i_PKCS7_bio(in_bio, NULL)) == NULL)
+        goto end;
+    if ((tst_info = PKCS7_to_TS_TST_INFO(token)) == NULL)
+        goto end;
+    if ((resp = TS_RESP_new()) == NULL)
+        goto end;
+    if ((si = TS_STATUS_INFO_new()) == NULL)
+        goto end;
+    if (!TS_STATUS_INFO_set_status(si, TS_STATUS_GRANTED))
+        goto end;
+    if (!TS_RESP_set_status_info(resp, si))
+        goto end;
+    TS_RESP_set_tst_info(resp, token, tst_info);
+    token = NULL;               /* Ownership is lost. */
+    tst_info = NULL;            /* Ownership is lost. */
+    ret = 1;
+
+ end:
+    PKCS7_free(token);
+    TS_TST_INFO_free(tst_info);
+    if (!ret) {
+        TS_RESP_free(resp);
+        resp = NULL;
+    }
+    TS_STATUS_INFO_free(si);
+    return resp;
+}
+
+static TS_RESP *create_response(CONF *conf, const char *section, const char *engine,
+                                const char *queryfile, const char *passin,
+                                const char *inkey, const EVP_MD *md, const char *signer,
+                                const char *chain, const char *policy)
+{
+    int ret = 0;
+    TS_RESP *response = NULL;
+    BIO *query_bio = NULL;
+    TS_RESP_CTX *resp_ctx = NULL;
+
+    if ((query_bio = BIO_new_file(queryfile, "rb")) == NULL)
+        goto end;
+    if ((section = TS_CONF_get_tsa_section(conf, section)) == NULL)
+        goto end;
+    if ((resp_ctx = TS_RESP_CTX_new()) == NULL)
+        goto end;
+    if (!TS_CONF_set_serial(conf, section, serial_cb, resp_ctx))
+        goto end;
+# ifndef OPENSSL_NO_ENGINE
+    if (!TS_CONF_set_crypto_device(conf, section, engine))
+        goto end;
+# endif
+    if (!TS_CONF_set_signer_cert(conf, section, signer, resp_ctx))
+        goto end;
+    if (!TS_CONF_set_certs(conf, section, chain, resp_ctx))
+        goto end;
+    if (!TS_CONF_set_signer_key(conf, section, inkey, passin, resp_ctx))
+        goto end;
+
+    if (md) {
+        if (!TS_RESP_CTX_set_signer_digest(resp_ctx, md))
+            goto end;
+    } else if (!TS_CONF_set_signer_digest(conf, section, NULL, resp_ctx)) {
+            goto end;
+    }
+
+    if (!TS_CONF_set_ess_cert_id_digest(conf, section, resp_ctx))
+        goto end;
+    if (!TS_CONF_set_def_policy(conf, section, policy, resp_ctx))
+        goto end;
+    if (!TS_CONF_set_policies(conf, section, resp_ctx))
+        goto end;
+    if (!TS_CONF_set_digests(conf, section, resp_ctx))
+        goto end;
+    if (!TS_CONF_set_accuracy(conf, section, resp_ctx))
+        goto end;
+    if (!TS_CONF_set_clock_precision_digits(conf, section, resp_ctx))
+        goto end;
+    if (!TS_CONF_set_ordering(conf, section, resp_ctx))
+        goto end;
+    if (!TS_CONF_set_tsa_name(conf, section, resp_ctx))
+        goto end;
+    if (!TS_CONF_set_ess_cert_id_chain(conf, section, resp_ctx))
+        goto end;
+    if ((response = TS_RESP_create_response(resp_ctx, query_bio)) == NULL)
+        goto end;
+    ret = 1;
+
+ end:
+    if (!ret) {
+        TS_RESP_free(response);
+        response = NULL;
+    }
+    TS_RESP_CTX_free(resp_ctx);
+    BIO_free_all(query_bio);
+    return response;
+}
+
+static ASN1_INTEGER *serial_cb(TS_RESP_CTX *ctx, void *data)
+{
+    const char *serial_file = (const char *)data;
+    ASN1_INTEGER *serial = next_serial(serial_file);
+
+    if (serial == NULL) {
+        TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+                                    "Error during serial number "
+                                    "generation.");
+        TS_RESP_CTX_add_failure_info(ctx, TS_INFO_ADD_INFO_NOT_AVAILABLE);
+    } else {
+        save_ts_serial(serial_file, serial);
+    }
+
+    return serial;
+}
+
+static ASN1_INTEGER *next_serial(const char *serialfile)
+{
+    int ret = 0;
+    BIO *in = NULL;
+    ASN1_INTEGER *serial = NULL;
+    BIGNUM *bn = NULL;
+
+    if ((serial = ASN1_INTEGER_new()) == NULL)
+        goto err;
+
+    if ((in = BIO_new_file(serialfile, "r")) == NULL) {
+        ERR_clear_error();
+        BIO_printf(bio_err, "Warning: could not open file %s for "
+                   "reading, using serial number: 1\n", serialfile);
+        if (!ASN1_INTEGER_set(serial, 1))
+            goto err;
+    } else {
+        char buf[1024];
+        if (!a2i_ASN1_INTEGER(in, serial, buf, sizeof(buf))) {
+            BIO_printf(bio_err, "unable to load number from %s\n",
+                       serialfile);
+            goto err;
+        }
+        if ((bn = ASN1_INTEGER_to_BN(serial, NULL)) == NULL)
+            goto err;
+        ASN1_INTEGER_free(serial);
+        serial = NULL;
+        if (!BN_add_word(bn, 1))
+            goto err;
+        if ((serial = BN_to_ASN1_INTEGER(bn, NULL)) == NULL)
+            goto err;
+    }
+    ret = 1;
+
+ err:
+    if (!ret) {
+        ASN1_INTEGER_free(serial);
+        serial = NULL;
+    }
+    BIO_free_all(in);
+    BN_free(bn);
+    return serial;
+}
+
+static int save_ts_serial(const char *serialfile, ASN1_INTEGER *serial)
+{
+    int ret = 0;
+    BIO *out = NULL;
+
+    if ((out = BIO_new_file(serialfile, "w")) == NULL)
+        goto err;
+    if (i2a_ASN1_INTEGER(out, serial) <= 0)
+        goto err;
+    if (BIO_puts(out, "\n") <= 0)
+        goto err;
+    ret = 1;
+ err:
+    if (!ret)
+        BIO_printf(bio_err, "could not save serial number to %s\n",
+                   serialfile);
+    BIO_free_all(out);
+    return ret;
+}
+
+
+/*
+ * Verify-related method definitions.
+ */
+
+static int verify_command(const char *data, const char *digest, const char *queryfile,
+                          const char *in, int token_in,
+                          const char *CApath, const char *CAfile, const char *untrusted,
+                          X509_VERIFY_PARAM *vpm)
+{
+    BIO *in_bio = NULL;
+    PKCS7 *token = NULL;
+    TS_RESP *response = NULL;
+    TS_VERIFY_CTX *verify_ctx = NULL;
+    int ret = 0;
+
+    if ((in_bio = BIO_new_file(in, "rb")) == NULL)
+        goto end;
+    if (token_in) {
+        if ((token = d2i_PKCS7_bio(in_bio, NULL)) == NULL)
+            goto end;
+    } else {
+        if ((response = d2i_TS_RESP_bio(in_bio, NULL)) == NULL)
+            goto end;
+    }
+
+    if ((verify_ctx = create_verify_ctx(data, digest, queryfile,
+                                        CApath, CAfile, untrusted,
+                                        vpm)) == NULL)
+        goto end;
+
+    ret = token_in
+        ? TS_RESP_verify_token(verify_ctx, token)
+        : TS_RESP_verify_response(verify_ctx, response);
+
+ end:
+    printf("Verification: ");
+    if (ret)
+        printf("OK\n");
+    else {
+        printf("FAILED\n");
+        ERR_print_errors(bio_err);
+    }
+
+    BIO_free_all(in_bio);
+    PKCS7_free(token);
+    TS_RESP_free(response);
+    TS_VERIFY_CTX_free(verify_ctx);
+    return ret;
+}
+
+static TS_VERIFY_CTX *create_verify_ctx(const char *data, const char *digest,
+                                        const char *queryfile,
+                                        const char *CApath, const char *CAfile,
+                                        const char *untrusted,
+                                        X509_VERIFY_PARAM *vpm)
+{
+    TS_VERIFY_CTX *ctx = NULL;
+    BIO *input = NULL;
+    TS_REQ *request = NULL;
+    int ret = 0;
+    int f = 0;
+
+    if (data != NULL || digest != NULL) {
+        if ((ctx = TS_VERIFY_CTX_new()) == NULL)
+            goto err;
+        f = TS_VFY_VERSION | TS_VFY_SIGNER;
+        if (data != NULL) {
+            BIO *out = NULL;
+
+            f |= TS_VFY_DATA;
+            if ((out = BIO_new_file(data, "rb")) == NULL)
+                goto err;
+            if (TS_VERIFY_CTX_set_data(ctx, out) == NULL) {
+                BIO_free_all(out);
+                goto err;
+            }
+        } else if (digest != NULL) {
+            long imprint_len;
+            unsigned char *hexstr = OPENSSL_hexstr2buf(digest, &imprint_len);
+            f |= TS_VFY_IMPRINT;
+            if (TS_VERIFY_CTX_set_imprint(ctx, hexstr, imprint_len) == NULL) {
+                BIO_printf(bio_err, "invalid digest string\n");
+                goto err;
+            }
+        }
+
+    } else if (queryfile != NULL) {
+        if ((input = BIO_new_file(queryfile, "rb")) == NULL)
+            goto err;
+        if ((request = d2i_TS_REQ_bio(input, NULL)) == NULL)
+            goto err;
+        if ((ctx = TS_REQ_to_TS_VERIFY_CTX(request, NULL)) == NULL)
+            goto err;
+    } else {
+        return NULL;
+    }
+
+    /* Add the signature verification flag and arguments. */
+    TS_VERIFY_CTX_add_flags(ctx, f | TS_VFY_SIGNATURE);
+
+    /* Initialising the X509_STORE object. */
+    if (TS_VERIFY_CTX_set_store(ctx, create_cert_store(CApath, CAfile, vpm))
+            == NULL)
+        goto err;
+
+    /* Loading untrusted certificates. */
+    if (untrusted
+        && TS_VERIFY_CTS_set_certs(ctx, TS_CONF_load_certs(untrusted)) == NULL)
+        goto err;
+    ret = 1;
+
+ err:
+    if (!ret) {
+        TS_VERIFY_CTX_free(ctx);
+        ctx = NULL;
+    }
+    BIO_free_all(input);
+    TS_REQ_free(request);
+    return ctx;
+}
+
+static X509_STORE *create_cert_store(const char *CApath, const char *CAfile,
+                                     X509_VERIFY_PARAM *vpm)
+{
+    X509_STORE *cert_ctx = NULL;
+    X509_LOOKUP *lookup = NULL;
+    int i;
+
+    cert_ctx = X509_STORE_new();
+    X509_STORE_set_verify_cb(cert_ctx, verify_cb);
+    if (CApath != NULL) {
+        lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir());
+        if (lookup == NULL) {
+            BIO_printf(bio_err, "memory allocation failure\n");
+            goto err;
+        }
+        i = X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM);
+        if (!i) {
+            BIO_printf(bio_err, "Error loading directory %s\n", CApath);
+            goto err;
+        }
+    }
+
+    if (CAfile != NULL) {
+        lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file());
+        if (lookup == NULL) {
+            BIO_printf(bio_err, "memory allocation failure\n");
+            goto err;
+        }
+        i = X509_LOOKUP_load_file(lookup, CAfile, X509_FILETYPE_PEM);
+        if (!i) {
+            BIO_printf(bio_err, "Error loading file %s\n", CAfile);
+            goto err;
+        }
+    }
+
+    if (vpm != NULL)
+        X509_STORE_set1_param(cert_ctx, vpm);
+
+    return cert_ctx;
+
+ err:
+    X509_STORE_free(cert_ctx);
+    return NULL;
+}
+
+static int verify_cb(int ok, X509_STORE_CTX *ctx)
+{
+    return ok;
+}
+#endif  /* ndef OPENSSL_NO_TS */
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/tsget.in b/trunk/3rdparty/openssl-1.1-fit/apps/tsget.in
new file mode 100644
index 000000000..bec365e28
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/tsget.in
@@ -0,0 +1,200 @@
+#!{- $config{HASHBANGPERL} -}
+# Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright (c) 2002 The OpenTSA Project. All rights reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+use IO::Handle;
+use Getopt::Std;
+use File::Basename;
+use WWW::Curl::Easy;
+
+use vars qw(%options);
+
+# Callback for reading the body.
+sub read_body {
+    my ($maxlength, $state) = @_;
+    my $return_data = "";
+    my $data_len = length ${$state->{data}};
+    if ($state->{bytes} < $data_len) {
+	$data_len = $data_len - $state->{bytes};
+	$data_len = $maxlength if $data_len > $maxlength;
+	$return_data = substr ${$state->{data}}, $state->{bytes}, $data_len;
+	$state->{bytes} += $data_len;
+    }
+    return $return_data;
+}
+
+# Callback for writing the body into a variable.
+sub write_body {
+    my ($data, $pointer) = @_;
+    ${$pointer} .= $data;
+    return length($data);
+}
+
+# Initialise a new Curl object.
+sub create_curl {
+    my $url = shift;
+
+    # Create Curl object.
+    my $curl = WWW::Curl::Easy::new();
+
+    # Error-handling related options.
+    $curl->setopt(CURLOPT_VERBOSE, 1) if $options{d};
+    $curl->setopt(CURLOPT_FAILONERROR, 1);
+    $curl->setopt(CURLOPT_USERAGENT,
+        "OpenTSA tsget.pl/openssl-{- $config{version} -}");
+
+    # Options for POST method.
+    $curl->setopt(CURLOPT_UPLOAD, 1);
+    $curl->setopt(CURLOPT_CUSTOMREQUEST, "POST");
+    $curl->setopt(CURLOPT_HTTPHEADER,
+		["Content-Type: application/timestamp-query",
+		"Accept: application/timestamp-reply,application/timestamp-response"]);
+    $curl->setopt(CURLOPT_READFUNCTION, \&read_body);
+    $curl->setopt(CURLOPT_HEADERFUNCTION, sub { return length($_[0]); });
+
+    # Options for getting the result.
+    $curl->setopt(CURLOPT_WRITEFUNCTION, \&write_body);
+
+    # SSL related options.
+    $curl->setopt(CURLOPT_SSLKEYTYPE, "PEM");
+    $curl->setopt(CURLOPT_SSL_VERIFYPEER, 1);	# Verify server's certificate.
+    $curl->setopt(CURLOPT_SSL_VERIFYHOST, 2);	# Check server's CN.
+    $curl->setopt(CURLOPT_SSLKEY, $options{k}) if defined($options{k});
+    $curl->setopt(CURLOPT_SSLKEYPASSWD, $options{p}) if defined($options{p});
+    $curl->setopt(CURLOPT_SSLCERT, $options{c}) if defined($options{c});
+    $curl->setopt(CURLOPT_CAINFO, $options{C}) if defined($options{C});
+    $curl->setopt(CURLOPT_CAPATH, $options{P}) if defined($options{P});
+    $curl->setopt(CURLOPT_RANDOM_FILE, $options{r}) if defined($options{r});
+    $curl->setopt(CURLOPT_EGDSOCKET, $options{g}) if defined($options{g});
+
+    # Setting destination.
+    $curl->setopt(CURLOPT_URL, $url);
+
+    return $curl;
+}
+
+# Send a request and returns the body back.
+sub get_timestamp {
+    my $curl = shift;
+    my $body = shift;
+    my $ts_body;
+    local $::error_buf;
+
+    # Error-handling related options.
+    $curl->setopt(CURLOPT_ERRORBUFFER, "::error_buf");
+
+    # Options for POST method.
+    $curl->setopt(CURLOPT_INFILE, {data => $body, bytes => 0});
+    $curl->setopt(CURLOPT_INFILESIZE, length(${$body}));
+
+    # Options for getting the result.
+    $curl->setopt(CURLOPT_FILE, \$ts_body);
+
+    # Send the request...
+    my $error_code = $curl->perform();
+    my $error_string;
+    if ($error_code != 0) {
+        my $http_code = $curl->getinfo(CURLINFO_HTTP_CODE);
+	$error_string = "could not get timestamp";
+	$error_string .= ", http code: $http_code" unless $http_code == 0;
+	$error_string .= ", curl code: $error_code";
+	$error_string .= " ($::error_buf)" if defined($::error_buf);
+    } else {
+        my $ct = $curl->getinfo(CURLINFO_CONTENT_TYPE);
+	if (lc($ct) ne "application/timestamp-reply"
+	    && lc($ct) ne "application/timestamp-response") {
+	    $error_string = "unexpected content type returned: $ct";
+        }
+    }
+    return ($ts_body, $error_string);
+
+}
+
+# Print usage information and exists.
+sub usage {
+
+    print STDERR "usage: $0 -h <server_url> [-e <extension>] [-o <output>] ";
+    print STDERR "[-v] [-d] [-k <private_key.pem>] [-p <key_password>] ";
+    print STDERR "[-c <client_cert.pem>] [-C <CA_certs.pem>] [-P <CA_path>] ";
+    print STDERR "[-r <file:file...>] [-g <EGD_socket>] [<request>]...\n";
+    exit 1;
+}
+
+# ----------------------------------------------------------------------
+#   Main program
+# ----------------------------------------------------------------------
+
+# Getting command-line options (default comes from TSGET environment variable).
+my $getopt_arg =  "h:e:o:vdk:p:c:C:P:r:g:";
+if (exists $ENV{TSGET}) {
+    my @old_argv = @ARGV;
+    @ARGV = split /\s+/, $ENV{TSGET};
+    getopts($getopt_arg, \%options) or usage;
+    @ARGV = @old_argv;
+}
+getopts($getopt_arg, \%options) or usage;
+
+# Checking argument consistency.
+if (!exists($options{h}) || (@ARGV == 0 && !exists($options{o}))
+    || (@ARGV > 1 && exists($options{o}))) {
+    print STDERR "Inconsistent command line options.\n";
+    usage;
+}
+# Setting defaults.
+@ARGV = ("-") unless @ARGV != 0;
+$options{e} = ".tsr" unless defined($options{e});
+
+# Processing requests.
+my $curl = create_curl $options{h};
+undef $/;   # For reading whole files.
+REQUEST: foreach (@ARGV) {
+    my $input = $_;
+    my ($base, $path) = fileparse($input, '\.[^.]*');
+    my $output_base = $base . $options{e};
+    my $output = defined($options{o}) ? $options{o} : $path . $output_base;
+
+    STDERR->printflush("$input: ") if $options{v};
+    # Read request.
+    my $body;
+    if ($input eq "-") {
+	# Read the request from STDIN;
+	$body = <STDIN>;
+    } else {
+	# Read the request from file.
+        open INPUT, "<" . $input
+	    or warn("$input: could not open input file: $!\n"), next REQUEST;
+        $body = <INPUT>;
+        close INPUT
+	    or warn("$input: could not close input file: $!\n"), next REQUEST;
+    }
+
+    # Send request.
+    STDERR->printflush("sending request") if $options{v};
+
+    my ($ts_body, $error) = get_timestamp $curl, \$body;
+    if (defined($error)) {
+	die "$input: fatal error: $error\n";
+    }
+    STDERR->printflush(", reply received") if $options{v};
+
+    # Write response.
+    if ($output eq "-") {
+	# Write to STDOUT.
+        print $ts_body;
+    } else {
+	# Write to file.
+        open OUTPUT, ">", $output
+	    or warn("$output: could not open output file: $!\n"), next REQUEST;
+        print OUTPUT $ts_body;
+        close OUTPUT
+	    or warn("$output: could not close output file: $!\n"), next REQUEST;
+    }
+    STDERR->printflush(", $output written.\n") if $options{v};
+}
+$curl->cleanup();
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/verify.c b/trunk/3rdparty/openssl-1.1-fit/apps/verify.c
new file mode 100644
index 000000000..1f9385606
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/verify.c
@@ -0,0 +1,322 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/pem.h>
+
+static int cb(int ok, X509_STORE_CTX *ctx);
+static int check(X509_STORE *ctx, const char *file,
+                 STACK_OF(X509) *uchain, STACK_OF(X509) *tchain,
+                 STACK_OF(X509_CRL) *crls, int show_chain);
+static int v_verbose = 0, vflags = 0;
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_ENGINE, OPT_CAPATH, OPT_CAFILE, OPT_NOCAPATH, OPT_NOCAFILE,
+    OPT_UNTRUSTED, OPT_TRUSTED, OPT_CRLFILE, OPT_CRL_DOWNLOAD, OPT_SHOW_CHAIN,
+    OPT_V_ENUM, OPT_NAMEOPT,
+    OPT_VERBOSE
+} OPTION_CHOICE;
+
+const OPTIONS verify_options[] = {
+    {OPT_HELP_STR, 1, '-', "Usage: %s [options] cert.pem...\n"},
+    {OPT_HELP_STR, 1, '-', "Valid options are:\n"},
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"verbose", OPT_VERBOSE, '-',
+        "Print extra information about the operations being performed."},
+    {"CApath", OPT_CAPATH, '/', "A directory of trusted certificates"},
+    {"CAfile", OPT_CAFILE, '<', "A file of trusted certificates"},
+    {"no-CAfile", OPT_NOCAFILE, '-',
+     "Do not load the default certificates file"},
+    {"no-CApath", OPT_NOCAPATH, '-',
+     "Do not load certificates from the default certificates directory"},
+    {"untrusted", OPT_UNTRUSTED, '<', "A file of untrusted certificates"},
+    {"trusted", OPT_TRUSTED, '<', "A file of trusted certificates"},
+    {"CRLfile", OPT_CRLFILE, '<',
+        "File containing one or more CRL's (in PEM format) to load"},
+    {"crl_download", OPT_CRL_DOWNLOAD, '-',
+        "Attempt to download CRL information for this certificate"},
+    {"show_chain", OPT_SHOW_CHAIN, '-',
+        "Display information about the certificate chain"},
+    {"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"},
+    OPT_V_OPTIONS,
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+    {NULL}
+};
+
+int verify_main(int argc, char **argv)
+{
+    ENGINE *e = NULL;
+    STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
+    STACK_OF(X509_CRL) *crls = NULL;
+    X509_STORE *store = NULL;
+    X509_VERIFY_PARAM *vpm = NULL;
+    const char *prog, *CApath = NULL, *CAfile = NULL;
+    int noCApath = 0, noCAfile = 0;
+    int vpmtouched = 0, crl_download = 0, show_chain = 0, i = 0, ret = 1;
+    OPTION_CHOICE o;
+
+    if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
+        goto end;
+
+    prog = opt_init(argc, argv, verify_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(verify_options);
+            BIO_printf(bio_err, "Recognized usages:\n");
+            for (i = 0; i < X509_PURPOSE_get_count(); i++) {
+                X509_PURPOSE *ptmp;
+                ptmp = X509_PURPOSE_get0(i);
+                BIO_printf(bio_err, "\t%-10s\t%s\n",
+                        X509_PURPOSE_get0_sname(ptmp),
+                        X509_PURPOSE_get0_name(ptmp));
+            }
+
+            BIO_printf(bio_err, "Recognized verify names:\n");
+            for (i = 0; i < X509_VERIFY_PARAM_get_count(); i++) {
+                const X509_VERIFY_PARAM *vptmp;
+                vptmp = X509_VERIFY_PARAM_get0(i);
+                BIO_printf(bio_err, "\t%-10s\n",
+                        X509_VERIFY_PARAM_get0_name(vptmp));
+            }
+            ret = 0;
+            goto end;
+        case OPT_V_CASES:
+            if (!opt_verify(o, vpm))
+                goto end;
+            vpmtouched++;
+            break;
+        case OPT_CAPATH:
+            CApath = opt_arg();
+            break;
+        case OPT_CAFILE:
+            CAfile = opt_arg();
+            break;
+        case OPT_NOCAPATH:
+            noCApath = 1;
+            break;
+        case OPT_NOCAFILE:
+            noCAfile = 1;
+            break;
+        case OPT_UNTRUSTED:
+            /* Zero or more times */
+            if (!load_certs(opt_arg(), &untrusted, FORMAT_PEM, NULL,
+                            "untrusted certificates"))
+                goto end;
+            break;
+        case OPT_TRUSTED:
+            /* Zero or more times */
+            noCAfile = 1;
+            noCApath = 1;
+            if (!load_certs(opt_arg(), &trusted, FORMAT_PEM, NULL,
+                            "trusted certificates"))
+                goto end;
+            break;
+        case OPT_CRLFILE:
+            /* Zero or more times */
+            if (!load_crls(opt_arg(), &crls, FORMAT_PEM, NULL,
+                           "other CRLs"))
+                goto end;
+            break;
+        case OPT_CRL_DOWNLOAD:
+            crl_download = 1;
+            break;
+        case OPT_ENGINE:
+            if ((e = setup_engine(opt_arg(), 0)) == NULL) {
+                /* Failure message already displayed */
+                goto end;
+            }
+            break;
+        case OPT_SHOW_CHAIN:
+            show_chain = 1;
+            break;
+        case OPT_NAMEOPT:
+            if (!set_nameopt(opt_arg()))
+                goto end;
+            break;
+        case OPT_VERBOSE:
+            v_verbose = 1;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    argv = opt_rest();
+    if (trusted != NULL && (CAfile || CApath)) {
+        BIO_printf(bio_err,
+                   "%s: Cannot use -trusted with -CAfile or -CApath\n",
+                   prog);
+        goto end;
+    }
+
+    if ((store = setup_verify(CAfile, CApath, noCAfile, noCApath)) == NULL)
+        goto end;
+    X509_STORE_set_verify_cb(store, cb);
+
+    if (vpmtouched)
+        X509_STORE_set1_param(store, vpm);
+
+    ERR_clear_error();
+
+    if (crl_download)
+        store_setup_crl_download(store);
+
+    ret = 0;
+    if (argc < 1) {
+        if (check(store, NULL, untrusted, trusted, crls, show_chain) != 1)
+            ret = -1;
+    } else {
+        for (i = 0; i < argc; i++)
+            if (check(store, argv[i], untrusted, trusted, crls,
+                      show_chain) != 1)
+                ret = -1;
+    }
+
+ end:
+    X509_VERIFY_PARAM_free(vpm);
+    X509_STORE_free(store);
+    sk_X509_pop_free(untrusted, X509_free);
+    sk_X509_pop_free(trusted, X509_free);
+    sk_X509_CRL_pop_free(crls, X509_CRL_free);
+    release_engine(e);
+    return (ret < 0 ? 2 : ret);
+}
+
+static int check(X509_STORE *ctx, const char *file,
+                 STACK_OF(X509) *uchain, STACK_OF(X509) *tchain,
+                 STACK_OF(X509_CRL) *crls, int show_chain)
+{
+    X509 *x = NULL;
+    int i = 0, ret = 0;
+    X509_STORE_CTX *csc;
+    STACK_OF(X509) *chain = NULL;
+    int num_untrusted;
+
+    x = load_cert(file, FORMAT_PEM, "certificate file");
+    if (x == NULL)
+        goto end;
+
+    csc = X509_STORE_CTX_new();
+    if (csc == NULL) {
+        printf("error %s: X.509 store context allocation failed\n",
+               (file == NULL) ? "stdin" : file);
+        goto end;
+    }
+
+    X509_STORE_set_flags(ctx, vflags);
+    if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) {
+        X509_STORE_CTX_free(csc);
+        printf("error %s: X.509 store context initialization failed\n",
+               (file == NULL) ? "stdin" : file);
+        goto end;
+    }
+    if (tchain != NULL)
+        X509_STORE_CTX_set0_trusted_stack(csc, tchain);
+    if (crls != NULL)
+        X509_STORE_CTX_set0_crls(csc, crls);
+    i = X509_verify_cert(csc);
+    if (i > 0 && X509_STORE_CTX_get_error(csc) == X509_V_OK) {
+        printf("%s: OK\n", (file == NULL) ? "stdin" : file);
+        ret = 1;
+        if (show_chain) {
+            int j;
+
+            chain = X509_STORE_CTX_get1_chain(csc);
+            num_untrusted = X509_STORE_CTX_get_num_untrusted(csc);
+            printf("Chain:\n");
+            for (j = 0; j < sk_X509_num(chain); j++) {
+                X509 *cert = sk_X509_value(chain, j);
+                printf("depth=%d: ", j);
+                X509_NAME_print_ex_fp(stdout,
+                                      X509_get_subject_name(cert),
+                                      0, get_nameopt());
+                if (j < num_untrusted)
+                    printf(" (untrusted)");
+                printf("\n");
+            }
+            sk_X509_pop_free(chain, X509_free);
+        }
+    } else {
+        printf("error %s: verification failed\n", (file == NULL) ? "stdin" : file);
+    }
+    X509_STORE_CTX_free(csc);
+
+ end:
+    if (i <= 0)
+        ERR_print_errors(bio_err);
+    X509_free(x);
+
+    return ret;
+}
+
+static int cb(int ok, X509_STORE_CTX *ctx)
+{
+    int cert_error = X509_STORE_CTX_get_error(ctx);
+    X509 *current_cert = X509_STORE_CTX_get_current_cert(ctx);
+
+    if (!ok) {
+        if (current_cert != NULL) {
+            X509_NAME_print_ex(bio_err,
+                            X509_get_subject_name(current_cert),
+                            0, get_nameopt());
+            BIO_printf(bio_err, "\n");
+        }
+        BIO_printf(bio_err, "%serror %d at %d depth lookup: %s\n",
+               X509_STORE_CTX_get0_parent_ctx(ctx) ? "[CRL path] " : "",
+               cert_error,
+               X509_STORE_CTX_get_error_depth(ctx),
+               X509_verify_cert_error_string(cert_error));
+
+        /*
+         * Pretend that some errors are ok, so they don't stop further
+         * processing of the certificate chain.  Setting ok = 1 does this.
+         * After X509_verify_cert() is done, we verify that there were
+         * no actual errors, even if the returned value was positive.
+         */
+        switch (cert_error) {
+        case X509_V_ERR_NO_EXPLICIT_POLICY:
+            policies_print(ctx);
+            /* fall thru */
+        case X509_V_ERR_CERT_HAS_EXPIRED:
+            /* Continue even if the leaf is a self signed cert */
+        case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
+            /* Continue after extension errors too */
+        case X509_V_ERR_INVALID_CA:
+        case X509_V_ERR_INVALID_NON_CA:
+        case X509_V_ERR_PATH_LENGTH_EXCEEDED:
+        case X509_V_ERR_INVALID_PURPOSE:
+        case X509_V_ERR_CRL_HAS_EXPIRED:
+        case X509_V_ERR_CRL_NOT_YET_VALID:
+        case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
+            ok = 1;
+        }
+
+        return ok;
+
+    }
+    if (cert_error == X509_V_OK && ok == 2)
+        policies_print(ctx);
+    if (!v_verbose)
+        ERR_clear_error();
+    return ok;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/version.c b/trunk/3rdparty/openssl-1.1-fit/apps/version.c
new file mode 100644
index 000000000..2aca16361
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/version.c
@@ -0,0 +1,194 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/evp.h>
+#include <openssl/crypto.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_MD2
+# include <openssl/md2.h>
+#endif
+#ifndef OPENSSL_NO_RC4
+# include <openssl/rc4.h>
+#endif
+#ifndef OPENSSL_NO_DES
+# include <openssl/des.h>
+#endif
+#ifndef OPENSSL_NO_IDEA
+# include <openssl/idea.h>
+#endif
+#ifndef OPENSSL_NO_BF
+# include <openssl/blowfish.h>
+#endif
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_B, OPT_D, OPT_E, OPT_F, OPT_O, OPT_P, OPT_V, OPT_A, OPT_R
+} OPTION_CHOICE;
+
+const OPTIONS version_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"a", OPT_A, '-', "Show all data"},
+    {"b", OPT_B, '-', "Show build date"},
+    {"d", OPT_D, '-', "Show configuration directory"},
+    {"e", OPT_E, '-', "Show engines directory"},
+    {"f", OPT_F, '-', "Show compiler flags used"},
+    {"o", OPT_O, '-', "Show some internal datatype options"},
+    {"p", OPT_P, '-', "Show target build platform"},
+    {"r", OPT_R, '-', "Show random seeding options"},
+    {"v", OPT_V, '-', "Show library version"},
+    {NULL}
+};
+
+#if defined(OPENSSL_RAND_SEED_DEVRANDOM) || defined(OPENSSL_RAND_SEED_EGD)
+static void printlist(const char *prefix, const char **dev)
+{
+    printf("%s (", prefix);
+    for ( ; *dev != NULL; dev++)
+        printf(" \"%s\"", *dev);
+    printf(" )");
+}
+#endif
+
+int version_main(int argc, char **argv)
+{
+    int ret = 1, dirty = 0, seed = 0;
+    int cflags = 0, version = 0, date = 0, options = 0, platform = 0, dir = 0;
+    int engdir = 0;
+    char *prog;
+    OPTION_CHOICE o;
+
+    prog = opt_init(argc, argv, version_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(version_options);
+            ret = 0;
+            goto end;
+        case OPT_B:
+            dirty = date = 1;
+            break;
+        case OPT_D:
+            dirty = dir = 1;
+            break;
+        case OPT_E:
+            dirty = engdir = 1;
+            break;
+        case OPT_F:
+            dirty = cflags = 1;
+            break;
+        case OPT_O:
+            dirty = options = 1;
+            break;
+        case OPT_P:
+            dirty = platform = 1;
+            break;
+        case OPT_R:
+            dirty = seed = 1;
+            break;
+        case OPT_V:
+            dirty = version = 1;
+            break;
+        case OPT_A:
+            seed = options = cflags = version = date = platform = dir = engdir
+                = 1;
+            break;
+        }
+    }
+    if (opt_num_rest() != 0) {
+        BIO_printf(bio_err, "Extra parameters given.\n");
+        goto opthelp;
+    }
+    if (!dirty)
+        version = 1;
+
+    if (version) {
+        if (OpenSSL_version_num() == OPENSSL_VERSION_NUMBER)
+            printf("%s\n", OpenSSL_version(OPENSSL_VERSION));
+        else
+            printf("%s (Library: %s)\n",
+                   OPENSSL_VERSION_TEXT, OpenSSL_version(OPENSSL_VERSION));
+    }
+    if (date)
+        printf("%s\n", OpenSSL_version(OPENSSL_BUILT_ON));
+    if (platform)
+        printf("%s\n", OpenSSL_version(OPENSSL_PLATFORM));
+    if (options) {
+        printf("options:  ");
+        printf("%s ", BN_options());
+#ifndef OPENSSL_NO_MD2
+        printf("%s ", MD2_options());
+#endif
+#ifndef OPENSSL_NO_RC4
+        printf("%s ", RC4_options());
+#endif
+#ifndef OPENSSL_NO_DES
+        printf("%s ", DES_options());
+#endif
+#ifndef OPENSSL_NO_IDEA
+        printf("%s ", IDEA_options());
+#endif
+#ifndef OPENSSL_NO_BF
+        printf("%s ", BF_options());
+#endif
+        printf("\n");
+    }
+    if (cflags)
+        printf("%s\n", OpenSSL_version(OPENSSL_CFLAGS));
+    if (dir)
+        printf("%s\n", OpenSSL_version(OPENSSL_DIR));
+    if (engdir)
+        printf("%s\n", OpenSSL_version(OPENSSL_ENGINES_DIR));
+    if (seed) {
+        printf("Seeding source:");
+#ifdef OPENSSL_RAND_SEED_RTDSC
+        printf(" rtdsc");
+#endif
+#ifdef OPENSSL_RAND_SEED_RDCPU
+        printf(" rdrand ( rdseed rdrand )");
+#endif
+#ifdef OPENSSL_RAND_SEED_LIBRANDOM
+        printf(" C-library-random");
+#endif
+#ifdef OPENSSL_RAND_SEED_GETRANDOM
+        printf(" getrandom-syscall");
+#endif
+#ifdef OPENSSL_RAND_SEED_DEVRANDOM
+        {
+            static const char *dev[] = { DEVRANDOM, NULL };
+            printlist(" random-device", dev);
+        }
+#endif
+#ifdef OPENSSL_RAND_SEED_EGD
+        {
+            static const char *dev[] = { DEVRANDOM_EGD, NULL };
+            printlist(" EGD", dev);
+        }
+#endif
+#ifdef OPENSSL_RAND_SEED_NONE
+        printf(" none");
+#endif
+#ifdef OPENSSL_RAND_SEED_OS
+        printf(" os-specific");
+#endif
+        printf("\n");
+    }
+    ret = 0;
+ end:
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/vms_decc_init.c b/trunk/3rdparty/openssl-1.1-fit/apps/vms_decc_init.c
new file mode 100644
index 000000000..f83f7168e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/vms_decc_init.c
@@ -0,0 +1,214 @@
+/*
+ * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#if defined( __VMS) && !defined( OPENSSL_NO_DECC_INIT) && \
+ defined( __DECC) && !defined( __VAX) && (__CRTL_VER >= 70301000)
+# define USE_DECC_INIT 1
+#endif
+
+#ifdef USE_DECC_INIT
+
+/*
+ * ----------------------------------------------------------------------
+ * decc_init() On non-VAX systems, uses LIB$INITIALIZE to set a collection
+ * of C RTL features without using the DECC$* logical name method.
+ * ----------------------------------------------------------------------
+ */
+
+# include <stdio.h>
+# include <stdlib.h>
+# include <unixlib.h>
+
+# include "apps.h"
+
+/* Global storage. */
+
+/* Flag to sense if decc_init() was called. */
+
+int decc_init_done = -1;
+
+/* Structure to hold a DECC$* feature name and its desired value. */
+
+typedef struct {
+    char *name;
+    int value;
+} decc_feat_t;
+
+/*
+ * Array of DECC$* feature names and their desired values. Note:
+ * DECC$ARGV_PARSE_STYLE is the urgent one.
+ */
+
+decc_feat_t decc_feat_array[] = {
+    /* Preserve command-line case with SET PROCESS/PARSE_STYLE=EXTENDED */
+    {"DECC$ARGV_PARSE_STYLE", 1},
+
+    /* Preserve case for file names on ODS5 disks. */
+    {"DECC$EFS_CASE_PRESERVE", 1},
+
+    /*
+     * Enable multiple dots (and most characters) in ODS5 file names, while
+     * preserving VMS-ness of ";version".
+     */
+    {"DECC$EFS_CHARSET", 1},
+
+    /* List terminator. */
+    {(char *)NULL, 0}
+};
+
+
+char **copy_argv(int *argc, char *argv[])
+{
+    /*-
+     * The note below is for historical purpose.  On VMS now we always
+     * copy argv "safely."
+     *
+     * 2011-03-22 SMS.
+     * If we have 32-bit pointers everywhere, then we're safe, and
+     * we bypass this mess, as on non-VMS systems.
+     * Problem 1: Compaq/HP C before V7.3 always used 32-bit
+     * pointers for argv[].
+     * Fix 1: For a 32-bit argv[], when we're using 64-bit pointers
+     * everywhere else, we always allocate and use a 64-bit
+     * duplicate of argv[].
+     * Problem 2: Compaq/HP C V7.3 (Alpha, IA64) before ECO1 failed
+     * to NULL-terminate a 64-bit argv[].  (As this was written, the
+     * compiler ECO was available only on IA64.)
+     * Fix 2: Unless advised not to (VMS_TRUST_ARGV), we test a
+     * 64-bit argv[argc] for NULL, and, if necessary, use a
+     * (properly) NULL-terminated (64-bit) duplicate of argv[].
+     * The same code is used in either case to duplicate argv[].
+     * Some of these decisions could be handled in preprocessing,
+     * but the code tends to get even uglier, and the penalty for
+     * deciding at compile- or run-time is tiny.
+     */
+
+    int i, count = *argc;
+    char **newargv = app_malloc(sizeof(*newargv) * (count + 1), "argv copy");
+
+    for (i = 0; i < count; i++)
+        newargv[i] = argv[i];
+    newargv[i] = NULL;
+    *argc = i;
+    return newargv;
+}
+
+/* LIB$INITIALIZE initialization function. */
+
+static void decc_init(void)
+{
+    char *openssl_debug_decc_init;
+    int verbose = 0;
+    int feat_index;
+    int feat_value;
+    int feat_value_max;
+    int feat_value_min;
+    int i;
+    int sts;
+
+    /* Get debug option. */
+    openssl_debug_decc_init = getenv("OPENSSL_DEBUG_DECC_INIT");
+    if (openssl_debug_decc_init != NULL) {
+        verbose = strtol(openssl_debug_decc_init, NULL, 10);
+        if (verbose <= 0) {
+            verbose = 1;
+        }
+    }
+
+    /* Set the global flag to indicate that LIB$INITIALIZE worked. */
+    decc_init_done = 1;
+
+    /* Loop through all items in the decc_feat_array[]. */
+
+    for (i = 0; decc_feat_array[i].name != NULL; i++) {
+        /* Get the feature index. */
+        feat_index = decc$feature_get_index(decc_feat_array[i].name);
+        if (feat_index >= 0) {
+            /* Valid item.  Collect its properties. */
+            feat_value = decc$feature_get_value(feat_index, 1);
+            feat_value_min = decc$feature_get_value(feat_index, 2);
+            feat_value_max = decc$feature_get_value(feat_index, 3);
+
+            /* Check the validity of our desired value. */
+            if ((decc_feat_array[i].value >= feat_value_min) &&
+                (decc_feat_array[i].value <= feat_value_max)) {
+                /* Valid value.  Set it if necessary. */
+                if (feat_value != decc_feat_array[i].value) {
+                    sts = decc$feature_set_value(feat_index,
+                                                 1, decc_feat_array[i].value);
+
+                    if (verbose > 1) {
+                        fprintf(stderr, " %s = %d, sts = %d.\n",
+                                decc_feat_array[i].name,
+                                decc_feat_array[i].value, sts);
+                    }
+                }
+            } else {
+                /* Invalid DECC feature value. */
+                fprintf(stderr,
+                        " INVALID DECC$FEATURE VALUE, %d: %d <= %s <= %d.\n",
+                        feat_value,
+                        feat_value_min, decc_feat_array[i].name,
+                        feat_value_max);
+            }
+        } else {
+            /* Invalid DECC feature name. */
+            fprintf(stderr,
+                    " UNKNOWN DECC$FEATURE: %s.\n", decc_feat_array[i].name);
+        }
+    }
+
+    if (verbose > 0) {
+        fprintf(stderr, " DECC_INIT complete.\n");
+    }
+}
+
+/* Get "decc_init()" into a valid, loaded LIB$INITIALIZE PSECT. */
+
+# pragma nostandard
+
+/*
+ * Establish the LIB$INITIALIZE PSECTs, with proper alignment and other
+ * attributes.  Note that "nopic" is significant only on VAX.
+ */
+# pragma extern_model save
+
+# if __INITIAL_POINTER_SIZE == 64
+#  define PSECT_ALIGN 3
+# else
+#  define PSECT_ALIGN 2
+# endif
+
+# pragma extern_model strict_refdef "LIB$INITIALIZ" PSECT_ALIGN, nopic, nowrt
+const int spare[8] = { 0 };
+
+# pragma extern_model strict_refdef "LIB$INITIALIZE" PSECT_ALIGN, nopic, nowrt
+void (*const x_decc_init) () = decc_init;
+
+# pragma extern_model restore
+
+/* Fake reference to ensure loading the LIB$INITIALIZE PSECT. */
+
+# pragma extern_model save
+
+int LIB$INITIALIZE(void);
+
+# pragma extern_model strict_refdef
+int dmy_lib$initialize = (int)LIB$INITIALIZE;
+
+# pragma extern_model restore
+
+# pragma standard
+
+#else                           /* def USE_DECC_INIT */
+
+/* Dummy code to avoid a %CC-W-EMPTYFILE complaint. */
+int decc_init_dummy(void);
+
+#endif                          /* def USE_DECC_INIT */
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/vms_term_sock.c b/trunk/3rdparty/openssl-1.1-fit/apps/vms_term_sock.c
new file mode 100644
index 000000000..9a90a1e79
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/vms_term_sock.c
@@ -0,0 +1,591 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016 VMS Software, Inc. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifdef __VMS
+# define OPENSSL_SYS_VMS
+# pragma message disable DOLLARID
+
+
+# include <openssl/opensslconf.h>
+
+# if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
+/*
+ * On VMS, you need to define this to get the declaration of fileno().  The
+ * value 2 is to make sure no function defined in POSIX-2 is left undefined.
+ */
+#  define _POSIX_C_SOURCE 2
+# endif
+
+# include <stdio.h>
+
+# undef _POSIX_C_SOURCE
+
+# include <sys/types.h>
+# include <sys/socket.h>
+# include <netinet/in.h>
+# include <inet.h>
+# include <unistd.h>
+# include <string.h>
+# include <errno.h>
+# include <starlet.h>
+# include <iodef.h>
+# ifdef __alpha
+#  include <iosbdef.h>
+# else
+typedef struct _iosb {           /* Copied from IOSBDEF.H for Alpha  */
+#  pragma __nomember_alignment
+    __union  {
+        __struct  {
+            unsigned short int iosb$w_status; /* Final I/O status           */
+            __union  {
+                __struct  {             /* 16-bit byte count variant        */
+                    unsigned short int iosb$w_bcnt; /* 16-bit byte count    */
+                    __union  {
+                        unsigned int iosb$l_dev_depend; /* 32-bit device dependent info */
+                        unsigned int iosb$l_pid; /* 32-bit pid              */
+                    } iosb$r_l;
+                } iosb$r_bcnt_16;
+                __struct  {             /* 32-bit byte count variant        */
+                    unsigned int iosb$l_bcnt; /* 32-bit byte count (unaligned) */
+                    unsigned short int iosb$w_dev_depend_high; /* 16-bit device dependent info */
+                } iosb$r_bcnt_32;
+            } iosb$r_devdepend;
+        } iosb$r_io_64;
+        __struct  {
+            __union  {
+                unsigned int iosb$l_getxxi_status; /* Final GETxxI status   */
+                unsigned int iosb$l_reg_status; /* Final $Registry status   */
+            } iosb$r_l_status;
+            unsigned int iosb$l_reserved; /* Reserved field                 */
+        } iosb$r_get_64;
+    } iosb$r_io_get;
+} IOSB;
+
+#  if !defined(__VAXC)
+#   define iosb$w_status iosb$r_io_get.iosb$r_io_64.iosb$w_status
+#   define iosb$w_bcnt iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_16.iosb$w_bcnt
+#   define iosb$r_l        iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_16.iosb$r_l
+#   define iosb$l_dev_depend iosb$r_l.iosb$l_dev_depend
+#   define iosb$l_pid iosb$r_l.iosb$l_pid
+#   define iosb$l_bcnt iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_32.iosb$l_bcnt
+#   define iosb$w_dev_depend_high iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_32.iosb$w_dev_depend_high
+#   define iosb$l_getxxi_status iosb$r_io_get.iosb$r_get_64.iosb$r_l_status.iosb$l_getxxi_status
+#   define iosb$l_reg_status iosb$r_io_get.iosb$r_get_64.iosb$r_l_status.iosb$l_reg_status
+#  endif          /* #if !defined(__VAXC) */
+
+# endif  /* End of IOSBDEF */
+
+# include <efndef.h>
+# include <stdlib.h>
+# include <ssdef.h>
+# include <time.h>
+# include <stdarg.h>
+# include <descrip.h>
+
+# include "vms_term_sock.h"
+
+# ifdef __alpha
+static struct _iosb TerminalDeviceIosb;
+# else
+IOSB TerminalDeviceIosb;
+# endif
+
+static char TerminalDeviceBuff[255 + 2];
+static int TerminalSocketPair[2] = {0, 0};
+static unsigned short TerminalDeviceChan = 0;
+
+static int CreateSocketPair (int, int, int, int *);
+static void SocketPairTimeoutAst (int);
+static int TerminalDeviceAst (int);
+static void LogMessage (char *, ...);
+
+/*
+** Socket Pair Timeout Value (must be 0-59 seconds)
+*/
+# define SOCKET_PAIR_TIMEOUT_VALUE 20
+
+/*
+** Socket Pair Timeout Block which is passed to timeout AST
+*/
+typedef struct _SocketPairTimeoutBlock {
+    unsigned short SockChan1;
+    unsigned short SockChan2;
+} SPTB;
+
+# ifdef TERM_SOCK_TEST
+
+/*----------------------------------------------------------------------------*/
+/*                                                                            */
+/*----------------------------------------------------------------------------*/
+int main (int argc, char *argv[], char *envp[])
+{
+    char TermBuff[80];
+    int TermSock,
+        status,
+        len;
+
+    LogMessage ("Enter 'q' or 'Q' to quit ...");
+    while (strcasecmp (TermBuff, "Q")) {
+        /*
+        ** Create the terminal socket
+        */
+        status = TerminalSocket (TERM_SOCK_CREATE, &TermSock);
+        if (status != TERM_SOCK_SUCCESS)
+            exit (1);
+
+        /*
+        ** Process the terminal input
+        */
+        LogMessage ("Waiting on terminal I/O ...\n");
+        len = recv (TermSock, TermBuff, sizeof(TermBuff), 0) ;
+        TermBuff[len] = '\0';
+        LogMessage ("Received terminal I/O [%s]", TermBuff);
+
+        /*
+        ** Delete the terminal socket
+        */
+        status = TerminalSocket (TERM_SOCK_DELETE, &TermSock);
+        if (status != TERM_SOCK_SUCCESS)
+            exit (1);
+    }
+
+    return 1;
+
+}
+# endif
+
+/*----------------------------------------------------------------------------*/
+/*                                                                            */
+/*----------------------------------------------------------------------------*/
+int TerminalSocket (int FunctionCode, int *ReturnSocket)
+{
+    int status;
+    $DESCRIPTOR (TerminalDeviceDesc, "SYS$COMMAND");
+
+    /*
+    ** Process the requested function code
+    */
+    switch (FunctionCode) {
+    case TERM_SOCK_CREATE:
+        /*
+        ** Create a socket pair
+        */
+        status = CreateSocketPair (AF_INET, SOCK_STREAM, 0, TerminalSocketPair);
+        if (status == -1) {
+            LogMessage ("TerminalSocket: CreateSocketPair () - %08X", status);
+            if (TerminalSocketPair[0])
+                close (TerminalSocketPair[0]);
+            if (TerminalSocketPair[1])
+                close (TerminalSocketPair[1]);
+            return TERM_SOCK_FAILURE;
+        }
+
+        /*
+        ** Assign a channel to the terminal device
+        */
+        status = sys$assign (&TerminalDeviceDesc,
+                             &TerminalDeviceChan,
+                             0, 0, 0);
+        if (! (status & 1)) {
+            LogMessage ("TerminalSocket: SYS$ASSIGN () - %08X", status);
+            close (TerminalSocketPair[0]);
+            close (TerminalSocketPair[1]);
+            return TERM_SOCK_FAILURE;
+        }
+
+        /*
+        ** Queue an async IO to the terminal device
+        */
+        status = sys$qio (EFN$C_ENF,
+                          TerminalDeviceChan,
+                          IO$_READVBLK,
+                          &TerminalDeviceIosb,
+                          TerminalDeviceAst,
+                          0,
+                          TerminalDeviceBuff,
+                          sizeof(TerminalDeviceBuff) - 2,
+                          0, 0, 0, 0);
+        if (! (status & 1)) {
+            LogMessage ("TerminalSocket: SYS$QIO () - %08X", status);
+            close (TerminalSocketPair[0]);
+            close (TerminalSocketPair[1]);
+            return TERM_SOCK_FAILURE;
+        }
+
+        /*
+        ** Return the input side of the socket pair
+        */
+        *ReturnSocket = TerminalSocketPair[1];
+        break;
+
+    case TERM_SOCK_DELETE:
+        /*
+        ** Cancel any pending IO on the terminal channel
+        */
+        status = sys$cancel (TerminalDeviceChan);
+        if (! (status & 1)) {
+            LogMessage ("TerminalSocket: SYS$CANCEL () - %08X", status);
+            close (TerminalSocketPair[0]);
+            close (TerminalSocketPair[1]);
+            return TERM_SOCK_FAILURE;
+        }
+
+        /*
+	** Deassign the terminal channel
+	*/
+        status = sys$dassgn (TerminalDeviceChan);
+        if (! (status & 1)) {
+            LogMessage ("TerminalSocket: SYS$DASSGN () - %08X", status);
+            close (TerminalSocketPair[0]);
+            close (TerminalSocketPair[1]);
+            return TERM_SOCK_FAILURE;
+        }
+
+        /*
+        ** Close the terminal socket pair
+        */
+        close (TerminalSocketPair[0]);
+        close (TerminalSocketPair[1]);
+
+        /*
+	** Return the initialized socket
+	*/
+        *ReturnSocket = 0;
+        break;
+
+    default:
+        /*
+	** Invalid function code
+	*/
+        LogMessage ("TerminalSocket: Invalid Function Code - %d", FunctionCode);
+        return TERM_SOCK_FAILURE;
+        break;
+    }
+
+    /*
+    ** Return success
+    */
+    return TERM_SOCK_SUCCESS;
+
+}
+
+/*----------------------------------------------------------------------------*/
+/*                                                                            */
+/*----------------------------------------------------------------------------*/
+static int CreateSocketPair (int SocketFamily,
+                             int SocketType,
+                             int SocketProtocol,
+                             int *SocketPair)
+{
+    struct dsc$descriptor AscTimeDesc = {0, DSC$K_DTYPE_T, DSC$K_CLASS_S, NULL};
+    static const char* LocalHostAddr = {"127.0.0.1"};
+    unsigned short TcpAcceptChan = 0,
+        TcpDeviceChan = 0;
+    unsigned long BinTimeBuff[2];
+    struct sockaddr_in sin;
+    char AscTimeBuff[32];
+    short LocalHostPort;
+    int status;
+    unsigned int slen;
+
+# ifdef __alpha
+    struct _iosb iosb;
+# else
+    IOSB iosb;
+# endif
+
+    int SockDesc1 = 0,
+        SockDesc2 = 0;
+    SPTB sptb;
+    $DESCRIPTOR (TcpDeviceDesc, "TCPIP$DEVICE");
+
+    /*
+    ** Create a socket
+    */
+    SockDesc1 = socket (SocketFamily, SocketType, 0);
+    if (SockDesc1 < 0) {
+        LogMessage ("CreateSocketPair: socket () - %d", errno);
+        return -1;
+    }
+
+    /*
+    ** Initialize the socket information
+    */
+    slen = sizeof(sin);
+    memset ((char *) &sin, 0, slen);
+    sin.sin_family = SocketFamily;
+    sin.sin_addr.s_addr = inet_addr (LocalHostAddr);
+    sin.sin_port = 0;
+
+    /*
+    ** Bind the socket to the local IP
+    */
+    status = bind (SockDesc1, (struct sockaddr *) &sin, slen);
+    if (status < 0) {
+        LogMessage ("CreateSocketPair: bind () - %d", errno);
+        close (SockDesc1);
+        return -1;
+    }
+
+    /*
+    ** Get the socket name so we can save the port number
+    */
+    status = getsockname (SockDesc1, (struct sockaddr *) &sin, &slen);
+    if (status < 0) {
+        LogMessage ("CreateSocketPair: getsockname () - %d", errno);
+        close (SockDesc1);
+        return -1;
+    } else
+        LocalHostPort = sin.sin_port;
+
+    /*
+    ** Setup a listen for the socket
+    */
+    listen (SockDesc1, 5);
+
+    /*
+    ** Get the binary (64-bit) time of the specified timeout value
+    */
+    sprintf (AscTimeBuff, "0 0:0:%02d.00", SOCKET_PAIR_TIMEOUT_VALUE);
+    AscTimeDesc.dsc$w_length = strlen (AscTimeBuff);
+    AscTimeDesc.dsc$a_pointer = AscTimeBuff;
+    status = sys$bintim (&AscTimeDesc, BinTimeBuff);
+    if (! (status & 1)) {
+        LogMessage ("CreateSocketPair: SYS$BINTIM () - %08X", status);
+        close (SockDesc1);
+        return -1;
+    }
+
+    /*
+    ** Assign another channel to the TCP/IP device for the accept.
+    ** This is the channel that ends up being connected to.
+    */
+    status = sys$assign (&TcpDeviceDesc, &TcpDeviceChan, 0, 0, 0);
+    if (! (status & 1)) {
+        LogMessage ("CreateSocketPair: SYS$ASSIGN () - %08X", status);
+        close (SockDesc1);
+        return -1;
+    }
+
+    /*
+    ** Get the channel of the first socket for the accept
+    */
+    TcpAcceptChan = decc$get_sdc (SockDesc1);
+
+    /*
+    ** Perform the accept using $QIO so we can do this asynchronously
+    */
+    status = sys$qio (EFN$C_ENF,
+                      TcpAcceptChan,
+                      IO$_ACCESS | IO$M_ACCEPT,
+                      &iosb,
+                      0, 0, 0, 0, 0,
+                      &TcpDeviceChan,
+                      0, 0);
+    if (! (status & 1)) {
+        LogMessage ("CreateSocketPair: SYS$QIO () - %08X", status);
+        close (SockDesc1);
+        sys$dassgn (TcpDeviceChan);
+        return -1;
+    }
+
+    /*
+    ** Create the second socket to do the connect
+    */
+    SockDesc2 = socket (SocketFamily, SocketType, 0);
+    if (SockDesc2 < 0) {
+        LogMessage ("CreateSocketPair: socket () - %d", errno);
+        sys$cancel (TcpAcceptChan);
+        close (SockDesc1);
+        sys$dassgn (TcpDeviceChan);
+        return (-1) ;
+    }
+
+    /*
+    ** Setup the Socket Pair Timeout Block
+    */
+    sptb.SockChan1 = TcpAcceptChan;
+    sptb.SockChan2 = decc$get_sdc (SockDesc2);
+
+    /*
+    ** Before we block on the connect, set a timer that can cancel I/O on our
+    ** two sockets if it never connects.
+    */
+    status = sys$setimr (EFN$C_ENF,
+                         BinTimeBuff,
+                         SocketPairTimeoutAst,
+                         &sptb,
+                         0);
+    if (! (status & 1)) {
+        LogMessage ("CreateSocketPair: SYS$SETIMR () - %08X", status);
+        sys$cancel (TcpAcceptChan);
+        close (SockDesc1);
+        close (SockDesc2);
+        sys$dassgn (TcpDeviceChan);
+        return -1;
+    }
+
+    /*
+    ** Now issue the connect
+    */
+    memset ((char *) &sin, 0, sizeof(sin)) ;
+    sin.sin_family = SocketFamily;
+    sin.sin_addr.s_addr = inet_addr (LocalHostAddr) ;
+    sin.sin_port = LocalHostPort ;
+
+    status = connect (SockDesc2, (struct sockaddr *) &sin, sizeof(sin));
+    if (status < 0 ) {
+        LogMessage ("CreateSocketPair: connect () - %d", errno);
+        sys$cantim (&sptb, 0);
+        sys$cancel (TcpAcceptChan);
+        close (SockDesc1);
+        close (SockDesc2);
+        sys$dassgn (TcpDeviceChan);
+        return -1;
+    }
+
+    /*
+    ** Wait for the asynch $QIO to finish.  Note that if the I/O was aborted
+    ** (SS$_ABORT), then we probably canceled it from the AST routine - so log
+    ** a timeout.
+    */
+    status = sys$synch (EFN$C_ENF, &iosb);
+    if (! (iosb.iosb$w_status & 1)) {
+        if (iosb.iosb$w_status == SS$_ABORT)
+            LogMessage ("CreateSocketPair: SYS$QIO(iosb) timeout");
+        else {
+            LogMessage ("CreateSocketPair: SYS$QIO(iosb) - %d",
+                        iosb.iosb$w_status);
+            sys$cantim (&sptb, 0);
+        }
+        close (SockDesc1);
+        close (SockDesc2);
+        sys$dassgn (TcpDeviceChan);
+        return -1;
+    }
+
+    /*
+    ** Here we're successfully connected, so cancel the timer, convert the
+    ** I/O channel to a socket fd, close the listener socket and return the
+    ** connected pair.
+    */
+    sys$cantim (&sptb, 0);
+
+    close (SockDesc1) ;
+    SocketPair[0] = SockDesc2 ;
+    SocketPair[1] = socket_fd (TcpDeviceChan);
+
+    return (0) ;
+
+}
+
+/*----------------------------------------------------------------------------*/
+/*                                                                            */
+/*----------------------------------------------------------------------------*/
+static void SocketPairTimeoutAst (int astparm)
+{
+    SPTB *sptb = (SPTB *) astparm;
+
+    sys$cancel (sptb->SockChan2); /* Cancel the connect() */
+    sys$cancel (sptb->SockChan1); /* Cancel the accept() */
+
+    return;
+
+}
+
+/*----------------------------------------------------------------------------*/
+/*                                                                            */
+/*----------------------------------------------------------------------------*/
+static int TerminalDeviceAst (int astparm)
+{
+    int status;
+
+    /*
+    ** Terminate the terminal buffer
+    */
+    TerminalDeviceBuff[TerminalDeviceIosb.iosb$w_bcnt] = '\0';
+    strcat (TerminalDeviceBuff, "\n");
+
+    /*
+    ** Send the data read from the terminal device through the socket pair
+    */
+    send (TerminalSocketPair[0], TerminalDeviceBuff,
+          TerminalDeviceIosb.iosb$w_bcnt + 1, 0);
+
+    /*
+    ** Queue another async IO to the terminal device
+    */
+    status = sys$qio (EFN$C_ENF,
+                      TerminalDeviceChan,
+                      IO$_READVBLK,
+                      &TerminalDeviceIosb,
+                      TerminalDeviceAst,
+                      0,
+                      TerminalDeviceBuff,
+                      sizeof(TerminalDeviceBuff) - 1,
+                      0, 0, 0, 0);
+
+    /*
+    ** Return status
+    */
+    return status;
+
+}
+
+/*----------------------------------------------------------------------------*/
+/*                                                                            */
+/*----------------------------------------------------------------------------*/
+static void LogMessage (char *msg, ...)
+{
+    char *Month[] = {"Jan", "Feb", "Mar", "Apr", "May", "Jun",
+                     "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"};
+    static unsigned int pid = 0;
+    va_list args;
+    time_t CurTime;
+    struct tm *LocTime;
+    char MsgBuff[256];
+
+    /*
+    ** Get the process pid
+    */
+    if (pid == 0)
+        pid = getpid ();
+
+    /*
+    ** Convert the current time into local time
+    */
+    CurTime = time (NULL);
+    LocTime = localtime (&CurTime);
+
+    /*
+    ** Format the message buffer
+    */
+    sprintf (MsgBuff, "%02d-%s-%04d %02d:%02d:%02d [%08X] %s\n",
+             LocTime->tm_mday, Month[LocTime->tm_mon],
+             (LocTime->tm_year + 1900), LocTime->tm_hour, LocTime->tm_min,
+             LocTime->tm_sec, pid, msg);
+
+    /*
+    ** Get any variable arguments and add them to the print of the message
+    ** buffer
+    */
+    va_start (args, msg);
+    vfprintf (stderr, MsgBuff, args);
+    va_end (args);
+
+    /*
+    ** Flush standard error output
+    */
+    fsync (fileno (stderr));
+
+    return;
+
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/vms_term_sock.h b/trunk/3rdparty/openssl-1.1-fit/apps/vms_term_sock.h
new file mode 100644
index 000000000..c4d1702d7
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/vms_term_sock.h
@@ -0,0 +1,31 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016 VMS Software, Inc. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef TERM_SOCK_H
+# define TERM_SOCK_H
+
+/*
+** Terminal Socket Function Codes
+*/
+# define TERM_SOCK_CREATE       1
+# define TERM_SOCK_DELETE       2
+
+/*
+** Terminal Socket Status Codes
+*/
+# define TERM_SOCK_FAILURE      0
+# define TERM_SOCK_SUCCESS      1
+
+/*
+** Terminal Socket Prototype
+*/
+int TerminalSocket (int FunctionCode, int *ReturnSocket);
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/win32_init.c b/trunk/3rdparty/openssl-1.1-fit/apps/win32_init.c
new file mode 100644
index 000000000..df4bff41a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/win32_init.c
@@ -0,0 +1,307 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <windows.h>
+#include <stdlib.h>
+#include <string.h>
+#include <malloc.h>
+
+#if defined(CP_UTF8)
+
+static UINT saved_cp;
+static int newargc;
+static char **newargv;
+
+static void cleanup(void)
+{
+    int i;
+
+    SetConsoleOutputCP(saved_cp);
+
+    for (i = 0; i < newargc; i++)
+        free(newargv[i]);
+
+    free(newargv);
+}
+
+/*
+ * Incrementally [re]allocate newargv and keep it NULL-terminated.
+ */
+static int validate_argv(int argc)
+{
+    static int size = 0;
+
+    if (argc >= size) {
+        char **ptr;
+
+        while (argc >= size)
+            size += 64;
+
+        ptr = realloc(newargv, size * sizeof(newargv[0]));
+        if (ptr == NULL)
+            return 0;
+
+        (newargv = ptr)[argc] = NULL;
+    } else {
+        newargv[argc] = NULL;
+    }
+
+    return 1;
+}
+
+static int process_glob(WCHAR *wstr, int wlen)
+{
+    int i, slash, udlen;
+    WCHAR saved_char;
+    WIN32_FIND_DATAW data;
+    HANDLE h;
+
+    /*
+     * Note that we support wildcard characters only in filename part
+     * of the path, and not in directories. Windows users are used to
+     * this, that's why recursive glob processing is not implemented.
+     */
+    /*
+     * Start by looking for last slash or backslash, ...
+     */
+    for (slash = 0, i = 0; i < wlen; i++)
+        if (wstr[i] == L'/' || wstr[i] == L'\\')
+            slash = i + 1;
+    /*
+     * ... then look for asterisk or question mark in the file name.
+     */
+    for (i = slash; i < wlen; i++)
+        if (wstr[i] == L'*' || wstr[i] == L'?')
+            break;
+
+    if (i == wlen)
+        return 0;   /* definitely not a glob */
+
+    saved_char = wstr[wlen];
+    wstr[wlen] = L'\0';
+    h = FindFirstFileW(wstr, &data);
+    wstr[wlen] = saved_char;
+    if (h == INVALID_HANDLE_VALUE)
+        return 0;   /* not a valid glob, just pass... */
+
+    if (slash)
+        udlen = WideCharToMultiByte(CP_UTF8, 0, wstr, slash,
+                                    NULL, 0, NULL, NULL);
+    else
+        udlen = 0;
+
+    do {
+        int uflen;
+        char *arg;
+
+        /*
+         * skip over . and ..
+         */
+        if (data.cFileName[0] == L'.') {
+            if ((data.cFileName[1] == L'\0') ||
+                (data.cFileName[1] == L'.' && data.cFileName[2] == L'\0'))
+                continue;
+        }
+
+        if (!validate_argv(newargc + 1))
+            break;
+
+        /*
+         * -1 below means "scan for trailing '\0' *and* count it",
+         * so that |uflen| covers even trailing '\0'.
+         */
+        uflen = WideCharToMultiByte(CP_UTF8, 0, data.cFileName, -1,
+                                    NULL, 0, NULL, NULL);
+
+        arg = malloc(udlen + uflen);
+        if (arg == NULL)
+            break;
+
+        if (udlen)
+            WideCharToMultiByte(CP_UTF8, 0, wstr, slash,
+                                arg, udlen, NULL, NULL);
+
+        WideCharToMultiByte(CP_UTF8, 0, data.cFileName, -1,
+                            arg + udlen, uflen, NULL, NULL);
+
+        newargv[newargc++] = arg;
+    } while (FindNextFileW(h, &data));
+
+    CloseHandle(h);
+
+    return 1;
+}
+
+void win32_utf8argv(int *argc, char **argv[])
+{
+    const WCHAR *wcmdline;
+    WCHAR *warg, *wend, *p;
+    int wlen, ulen, valid = 1;
+    char *arg;
+
+    if (GetEnvironmentVariableW(L"OPENSSL_WIN32_UTF8", NULL, 0) == 0)
+        return;
+
+    newargc = 0;
+    newargv = NULL;
+    if (!validate_argv(newargc))
+        return;
+
+    wcmdline = GetCommandLineW();
+    if (wcmdline == NULL) return;
+
+    /*
+     * make a copy of the command line, since we might have to modify it...
+     */
+    wlen = wcslen(wcmdline);
+    p = _alloca((wlen + 1) * sizeof(WCHAR));
+    wcscpy(p, wcmdline);
+
+    while (*p != L'\0') {
+        int in_quote = 0;
+
+        if (*p == L' ' || *p == L'\t') {
+            p++; /* skip over white spaces */
+            continue;
+        }
+
+        /*
+         * Note: because we may need to fiddle with the number of backslashes,
+         * the argument string is copied into itself.  This is safe because
+         * the number of characters will never expand.
+         */
+        warg = wend = p;
+        while (*p != L'\0'
+               && (in_quote || (*p != L' ' && *p != L'\t'))) {
+            switch (*p) {
+            case L'\\':
+                /*
+                 * Microsoft documentation on how backslashes are treated
+                 * is:
+                 *
+                 * + Backslashes are interpreted literally, unless they
+                 *   immediately precede a double quotation mark.
+                 * + If an even number of backslashes is followed by a double
+                 *   quotation mark, one backslash is placed in the argv array
+                 *   for every pair of backslashes, and the double quotation
+                 *   mark is interpreted as a string delimiter.
+                 * + If an odd number of backslashes is followed by a double
+                 *   quotation mark, one backslash is placed in the argv array
+                 *   for every pair of backslashes, and the double quotation
+                 *   mark is "escaped" by the remaining backslash, causing a
+                 *   literal double quotation mark (") to be placed in argv.
+                 *
+                 * Ref: https://msdn.microsoft.com/en-us/library/17w5ykft.aspx
+                 *
+                 * Though referred page doesn't mention it, multiple qouble
+                 * quotes are also special. Pair of double quotes in quoted
+                 * string is counted as single double quote.
+                 */
+                {
+                    const WCHAR *q = p;
+                    int i;
+
+                    while (*p == L'\\')
+                        p++;
+
+                    if (*p == L'"') {
+                        int i;
+
+                        for (i = (p - q) / 2; i > 0; i--)
+                            *wend++ = L'\\';
+
+                        /*
+                         * if odd amount of backslashes before the quote,
+                         * said quote is part of the argument, not a delimiter
+                         */
+                        if ((p - q) % 2 == 1)
+                            *wend++ = *p++;
+                    } else {
+                        for (i = p - q; i > 0; i--)
+                            *wend++ = L'\\';
+                    }
+                }
+                break;
+            case L'"':
+                /*
+                 * Without the preceding backslash (or when preceded with an
+                 * even number of backslashes), the double quote is a simple
+                 * string delimiter and just slightly change the parsing state
+                 */
+                if (in_quote && p[1] == L'"')
+                    *wend++ = *p++;
+                else
+                    in_quote = !in_quote;
+                p++;
+                break;
+            default:
+                /*
+                 * Any other non-delimiter character is just taken verbatim
+                 */
+                *wend++ = *p++;
+            }
+        }
+
+        wlen = wend - warg;
+
+        if (wlen == 0 || !process_glob(warg, wlen)) {
+            if (!validate_argv(newargc + 1)) {
+                valid = 0;
+                break;
+            }
+
+            ulen = 0;
+            if (wlen > 0) {
+                ulen = WideCharToMultiByte(CP_UTF8, 0, warg, wlen,
+                                           NULL, 0, NULL, NULL);
+                if (ulen <= 0)
+                    continue;
+            }
+
+            arg = malloc(ulen + 1);
+            if (arg == NULL) {
+                valid = 0;
+                break;
+            }
+
+            if (wlen > 0)
+                WideCharToMultiByte(CP_UTF8, 0, warg, wlen,
+                                    arg, ulen, NULL, NULL);
+            arg[ulen] = '\0';
+
+            newargv[newargc++] = arg;
+        }
+    }
+
+    if (valid) {
+        saved_cp = GetConsoleOutputCP();
+        SetConsoleOutputCP(CP_UTF8);
+
+        *argc = newargc;
+        *argv = newargv;
+
+        atexit(cleanup);
+    } else if (newargv != NULL) {
+        int i;
+
+        for (i = 0; i < newargc; i++)
+            free(newargv[i]);
+
+        free(newargv);
+
+        newargc = 0;
+        newargv = NULL;
+    }
+
+    return;
+}
+#else
+void win32_utf8argv(int *argc, char **argv[])
+{   return;   }
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/x509.c b/trunk/3rdparty/openssl-1.1-fit/apps/x509.c
new file mode 100644
index 000000000..81291a9a4
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/x509.c
@@ -0,0 +1,1196 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/bio.h>
+#include <openssl/asn1.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/objects.h>
+#include <openssl/pem.h>
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+# include <openssl/dsa.h>
+#endif
+
+#undef POSTFIX
+#define POSTFIX ".srl"
+#define DEF_DAYS        30
+
+static int callb(int ok, X509_STORE_CTX *ctx);
+static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext,
+                const EVP_MD *digest, CONF *conf, const char *section,
+                int preserve_dates);
+static int x509_certify(X509_STORE *ctx, const char *CAfile, const EVP_MD *digest,
+                        X509 *x, X509 *xca, EVP_PKEY *pkey,
+                        STACK_OF(OPENSSL_STRING) *sigopts, const char *serialfile,
+                        int create, int days, int clrext, CONF *conf,
+                        const char *section, ASN1_INTEGER *sno, int reqfile,
+                        int preserve_dates);
+static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt);
+static int print_x509v3_exts(BIO *bio, X509 *x, const char *exts);
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_INFORM, OPT_OUTFORM, OPT_KEYFORM, OPT_REQ, OPT_CAFORM,
+    OPT_CAKEYFORM, OPT_SIGOPT, OPT_DAYS, OPT_PASSIN, OPT_EXTFILE,
+    OPT_EXTENSIONS, OPT_IN, OPT_OUT, OPT_SIGNKEY, OPT_CA,
+    OPT_CAKEY, OPT_CASERIAL, OPT_SET_SERIAL, OPT_FORCE_PUBKEY,
+    OPT_ADDTRUST, OPT_ADDREJECT, OPT_SETALIAS, OPT_CERTOPT, OPT_NAMEOPT,
+    OPT_C, OPT_EMAIL, OPT_OCSP_URI, OPT_SERIAL, OPT_NEXT_SERIAL,
+    OPT_MODULUS, OPT_PUBKEY, OPT_X509TOREQ, OPT_TEXT, OPT_HASH,
+    OPT_ISSUER_HASH, OPT_SUBJECT, OPT_ISSUER, OPT_FINGERPRINT, OPT_DATES,
+    OPT_PURPOSE, OPT_STARTDATE, OPT_ENDDATE, OPT_CHECKEND, OPT_CHECKHOST,
+    OPT_CHECKEMAIL, OPT_CHECKIP, OPT_NOOUT, OPT_TRUSTOUT, OPT_CLRTRUST,
+    OPT_CLRREJECT, OPT_ALIAS, OPT_CACREATESERIAL, OPT_CLREXT, OPT_OCSPID,
+    OPT_SUBJECT_HASH_OLD,
+    OPT_ISSUER_HASH_OLD,
+    OPT_BADSIG, OPT_MD, OPT_ENGINE, OPT_NOCERT, OPT_PRESERVE_DATES,
+    OPT_R_ENUM, OPT_EXT
+} OPTION_CHOICE;
+
+const OPTIONS x509_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"inform", OPT_INFORM, 'f',
+     "Input format - default PEM (one of DER or PEM)"},
+    {"in", OPT_IN, '<', "Input file - default stdin"},
+    {"outform", OPT_OUTFORM, 'f',
+     "Output format - default PEM (one of DER or PEM)"},
+    {"out", OPT_OUT, '>', "Output file - default stdout"},
+    {"keyform", OPT_KEYFORM, 'F', "Private key format - default PEM"},
+    {"passin", OPT_PASSIN, 's', "Private key password/pass-phrase source"},
+    {"serial", OPT_SERIAL, '-', "Print serial number value"},
+    {"subject_hash", OPT_HASH, '-', "Print subject hash value"},
+    {"issuer_hash", OPT_ISSUER_HASH, '-', "Print issuer hash value"},
+    {"hash", OPT_HASH, '-', "Synonym for -subject_hash"},
+    {"subject", OPT_SUBJECT, '-', "Print subject DN"},
+    {"issuer", OPT_ISSUER, '-', "Print issuer DN"},
+    {"email", OPT_EMAIL, '-', "Print email address(es)"},
+    {"startdate", OPT_STARTDATE, '-', "Set notBefore field"},
+    {"enddate", OPT_ENDDATE, '-', "Set notAfter field"},
+    {"purpose", OPT_PURPOSE, '-', "Print out certificate purposes"},
+    {"dates", OPT_DATES, '-', "Both Before and After dates"},
+    {"modulus", OPT_MODULUS, '-', "Print the RSA key modulus"},
+    {"pubkey", OPT_PUBKEY, '-', "Output the public key"},
+    {"fingerprint", OPT_FINGERPRINT, '-',
+     "Print the certificate fingerprint"},
+    {"alias", OPT_ALIAS, '-', "Output certificate alias"},
+    {"noout", OPT_NOOUT, '-', "No output, just status"},
+    {"nocert", OPT_NOCERT, '-', "No certificate output"},
+    {"ocspid", OPT_OCSPID, '-',
+     "Print OCSP hash values for the subject name and public key"},
+    {"ocsp_uri", OPT_OCSP_URI, '-', "Print OCSP Responder URL(s)"},
+    {"trustout", OPT_TRUSTOUT, '-', "Output a trusted certificate"},
+    {"clrtrust", OPT_CLRTRUST, '-', "Clear all trusted purposes"},
+    {"clrext", OPT_CLREXT, '-', "Clear all certificate extensions"},
+    {"addtrust", OPT_ADDTRUST, 's', "Trust certificate for a given purpose"},
+    {"addreject", OPT_ADDREJECT, 's',
+     "Reject certificate for a given purpose"},
+    {"setalias", OPT_SETALIAS, 's', "Set certificate alias"},
+    {"days", OPT_DAYS, 'n',
+     "How long till expiry of a signed certificate - def 30 days"},
+    {"checkend", OPT_CHECKEND, 'M',
+     "Check whether the cert expires in the next arg seconds"},
+    {OPT_MORE_STR, 1, 1, "Exit 1 if so, 0 if not"},
+    {"signkey", OPT_SIGNKEY, '<', "Self sign cert with arg"},
+    {"x509toreq", OPT_X509TOREQ, '-',
+     "Output a certification request object"},
+    {"req", OPT_REQ, '-', "Input is a certificate request, sign and output"},
+    {"CA", OPT_CA, '<', "Set the CA certificate, must be PEM format"},
+    {"CAkey", OPT_CAKEY, 's',
+     "The CA key, must be PEM format; if not in CAfile"},
+    {"CAcreateserial", OPT_CACREATESERIAL, '-',
+     "Create serial number file if it does not exist"},
+    {"CAserial", OPT_CASERIAL, 's', "Serial file"},
+    {"set_serial", OPT_SET_SERIAL, 's', "Serial number to use"},
+    {"text", OPT_TEXT, '-', "Print the certificate in text form"},
+    {"ext", OPT_EXT, 's', "Print various X509V3 extensions"},
+    {"C", OPT_C, '-', "Print out C code forms"},
+    {"extfile", OPT_EXTFILE, '<', "File with X509V3 extensions to add"},
+    OPT_R_OPTIONS,
+    {"extensions", OPT_EXTENSIONS, 's', "Section from config file to use"},
+    {"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"},
+    {"certopt", OPT_CERTOPT, 's', "Various certificate text options"},
+    {"checkhost", OPT_CHECKHOST, 's', "Check certificate matches host"},
+    {"checkemail", OPT_CHECKEMAIL, 's', "Check certificate matches email"},
+    {"checkip", OPT_CHECKIP, 's', "Check certificate matches ipaddr"},
+    {"CAform", OPT_CAFORM, 'F', "CA format - default PEM"},
+    {"CAkeyform", OPT_CAKEYFORM, 'f', "CA key format - default PEM"},
+    {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
+    {"force_pubkey", OPT_FORCE_PUBKEY, '<', "Force the Key to put inside certificate"},
+    {"next_serial", OPT_NEXT_SERIAL, '-', "Increment current certificate serial number"},
+    {"clrreject", OPT_CLRREJECT, '-',
+     "Clears all the prohibited or rejected uses of the certificate"},
+    {"badsig", OPT_BADSIG, '-', "Corrupt last byte of certificate signature (for test)"},
+    {"", OPT_MD, '-', "Any supported digest"},
+#ifndef OPENSSL_NO_MD5
+    {"subject_hash_old", OPT_SUBJECT_HASH_OLD, '-',
+     "Print old-style (MD5) issuer hash value"},
+    {"issuer_hash_old", OPT_ISSUER_HASH_OLD, '-',
+     "Print old-style (MD5) subject hash value"},
+#endif
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+    {"preserve_dates", OPT_PRESERVE_DATES, '-', "preserve existing dates when signing"},
+    {NULL}
+};
+
+int x509_main(int argc, char **argv)
+{
+    ASN1_INTEGER *sno = NULL;
+    ASN1_OBJECT *objtmp = NULL;
+    BIO *out = NULL;
+    CONF *extconf = NULL;
+    EVP_PKEY *Upkey = NULL, *CApkey = NULL, *fkey = NULL;
+    STACK_OF(ASN1_OBJECT) *trust = NULL, *reject = NULL;
+    STACK_OF(OPENSSL_STRING) *sigopts = NULL;
+    X509 *x = NULL, *xca = NULL;
+    X509_REQ *req = NULL, *rq = NULL;
+    X509_STORE *ctx = NULL;
+    const EVP_MD *digest = NULL;
+    char *CAkeyfile = NULL, *CAserial = NULL, *fkeyfile = NULL, *alias = NULL;
+    char *checkhost = NULL, *checkemail = NULL, *checkip = NULL, *exts = NULL;
+    char *extsect = NULL, *extfile = NULL, *passin = NULL, *passinarg = NULL;
+    char *infile = NULL, *outfile = NULL, *keyfile = NULL, *CAfile = NULL;
+    char *prog;
+    int x509req = 0, days = DEF_DAYS, modulus = 0, pubkey = 0, pprint = 0;
+    int C = 0, CAformat = FORMAT_PEM, CAkeyformat = FORMAT_PEM;
+    int fingerprint = 0, reqfile = 0, checkend = 0;
+    int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyformat = FORMAT_PEM;
+    int next_serial = 0, subject_hash = 0, issuer_hash = 0, ocspid = 0;
+    int noout = 0, sign_flag = 0, CA_flag = 0, CA_createserial = 0, email = 0;
+    int ocsp_uri = 0, trustout = 0, clrtrust = 0, clrreject = 0, aliasout = 0;
+    int ret = 1, i, num = 0, badsig = 0, clrext = 0, nocert = 0;
+    int text = 0, serial = 0, subject = 0, issuer = 0, startdate = 0, ext = 0;
+    int enddate = 0;
+    time_t checkoffset = 0;
+    unsigned long certflag = 0;
+    int preserve_dates = 0;
+    OPTION_CHOICE o;
+    ENGINE *e = NULL;
+#ifndef OPENSSL_NO_MD5
+    int subject_hash_old = 0, issuer_hash_old = 0;
+#endif
+
+    ctx = X509_STORE_new();
+    if (ctx == NULL)
+        goto end;
+    X509_STORE_set_verify_cb(ctx, callb);
+
+    prog = opt_init(argc, argv, x509_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(x509_options);
+            ret = 0;
+            goto end;
+        case OPT_INFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_ANY, &informat))
+                goto opthelp;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_ANY, &outformat))
+                goto opthelp;
+            break;
+        case OPT_KEYFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &keyformat))
+                goto opthelp;
+            break;
+        case OPT_CAFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &CAformat))
+                goto opthelp;
+            break;
+        case OPT_CAKEYFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_ANY, &CAkeyformat))
+                goto opthelp;
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_REQ:
+            reqfile = 1;
+            break;
+
+        case OPT_SIGOPT:
+            if (!sigopts)
+                sigopts = sk_OPENSSL_STRING_new_null();
+            if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, opt_arg()))
+                goto opthelp;
+            break;
+        case OPT_DAYS:
+            if (preserve_dates)
+                goto opthelp;
+            days = atoi(opt_arg());
+            break;
+        case OPT_PASSIN:
+            passinarg = opt_arg();
+            break;
+        case OPT_EXTFILE:
+            extfile = opt_arg();
+            break;
+        case OPT_R_CASES:
+            if (!opt_rand(o))
+                goto end;
+            break;
+        case OPT_EXTENSIONS:
+            extsect = opt_arg();
+            break;
+        case OPT_SIGNKEY:
+            keyfile = opt_arg();
+            sign_flag = ++num;
+            break;
+        case OPT_CA:
+            CAfile = opt_arg();
+            CA_flag = ++num;
+            break;
+        case OPT_CAKEY:
+            CAkeyfile = opt_arg();
+            break;
+        case OPT_CASERIAL:
+            CAserial = opt_arg();
+            break;
+        case OPT_SET_SERIAL:
+            if (sno != NULL) {
+                BIO_printf(bio_err, "Serial number supplied twice\n");
+                goto opthelp;
+            }
+            if ((sno = s2i_ASN1_INTEGER(NULL, opt_arg())) == NULL)
+                goto opthelp;
+            break;
+        case OPT_FORCE_PUBKEY:
+            fkeyfile = opt_arg();
+            break;
+        case OPT_ADDTRUST:
+            if ((objtmp = OBJ_txt2obj(opt_arg(), 0)) == NULL) {
+                BIO_printf(bio_err,
+                           "%s: Invalid trust object value %s\n",
+                           prog, opt_arg());
+                goto opthelp;
+            }
+            if (trust == NULL && (trust = sk_ASN1_OBJECT_new_null()) == NULL)
+                goto end;
+            sk_ASN1_OBJECT_push(trust, objtmp);
+            objtmp = NULL;
+            trustout = 1;
+            break;
+        case OPT_ADDREJECT:
+            if ((objtmp = OBJ_txt2obj(opt_arg(), 0)) == NULL) {
+                BIO_printf(bio_err,
+                           "%s: Invalid reject object value %s\n",
+                           prog, opt_arg());
+                goto opthelp;
+            }
+            if (reject == NULL
+                && (reject = sk_ASN1_OBJECT_new_null()) == NULL)
+                goto end;
+            sk_ASN1_OBJECT_push(reject, objtmp);
+            objtmp = NULL;
+            trustout = 1;
+            break;
+        case OPT_SETALIAS:
+            alias = opt_arg();
+            trustout = 1;
+            break;
+        case OPT_CERTOPT:
+            if (!set_cert_ex(&certflag, opt_arg()))
+                goto opthelp;
+            break;
+        case OPT_NAMEOPT:
+            if (!set_nameopt(opt_arg()))
+                goto opthelp;
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_C:
+            C = ++num;
+            break;
+        case OPT_EMAIL:
+            email = ++num;
+            break;
+        case OPT_OCSP_URI:
+            ocsp_uri = ++num;
+            break;
+        case OPT_SERIAL:
+            serial = ++num;
+            break;
+        case OPT_NEXT_SERIAL:
+            next_serial = ++num;
+            break;
+        case OPT_MODULUS:
+            modulus = ++num;
+            break;
+        case OPT_PUBKEY:
+            pubkey = ++num;
+            break;
+        case OPT_X509TOREQ:
+            x509req = ++num;
+            break;
+        case OPT_TEXT:
+            text = ++num;
+            break;
+        case OPT_SUBJECT:
+            subject = ++num;
+            break;
+        case OPT_ISSUER:
+            issuer = ++num;
+            break;
+        case OPT_FINGERPRINT:
+            fingerprint = ++num;
+            break;
+        case OPT_HASH:
+            subject_hash = ++num;
+            break;
+        case OPT_ISSUER_HASH:
+            issuer_hash = ++num;
+            break;
+        case OPT_PURPOSE:
+            pprint = ++num;
+            break;
+        case OPT_STARTDATE:
+            startdate = ++num;
+            break;
+        case OPT_ENDDATE:
+            enddate = ++num;
+            break;
+        case OPT_NOOUT:
+            noout = ++num;
+            break;
+        case OPT_EXT:
+            ext = ++num;
+            exts = opt_arg();
+            break;
+        case OPT_NOCERT:
+            nocert = 1;
+            break;
+        case OPT_TRUSTOUT:
+            trustout = 1;
+            break;
+        case OPT_CLRTRUST:
+            clrtrust = ++num;
+            break;
+        case OPT_CLRREJECT:
+            clrreject = ++num;
+            break;
+        case OPT_ALIAS:
+            aliasout = ++num;
+            break;
+        case OPT_CACREATESERIAL:
+            CA_createserial = ++num;
+            break;
+        case OPT_CLREXT:
+            clrext = 1;
+            break;
+        case OPT_OCSPID:
+            ocspid = ++num;
+            break;
+        case OPT_BADSIG:
+            badsig = 1;
+            break;
+#ifndef OPENSSL_NO_MD5
+        case OPT_SUBJECT_HASH_OLD:
+            subject_hash_old = ++num;
+            break;
+        case OPT_ISSUER_HASH_OLD:
+            issuer_hash_old = ++num;
+            break;
+#else
+        case OPT_SUBJECT_HASH_OLD:
+        case OPT_ISSUER_HASH_OLD:
+            break;
+#endif
+        case OPT_DATES:
+            startdate = ++num;
+            enddate = ++num;
+            break;
+        case OPT_CHECKEND:
+            checkend = 1;
+            {
+                intmax_t temp = 0;
+                if (!opt_imax(opt_arg(), &temp))
+                    goto opthelp;
+                checkoffset = (time_t)temp;
+                if ((intmax_t)checkoffset != temp) {
+                    BIO_printf(bio_err, "%s: checkend time out of range %s\n",
+                               prog, opt_arg());
+                    goto opthelp;
+                }
+            }
+            break;
+        case OPT_CHECKHOST:
+            checkhost = opt_arg();
+            break;
+        case OPT_CHECKEMAIL:
+            checkemail = opt_arg();
+            break;
+        case OPT_CHECKIP:
+            checkip = opt_arg();
+            break;
+        case OPT_PRESERVE_DATES:
+            if (days != DEF_DAYS)
+                goto opthelp;
+            preserve_dates = 1;
+            break;
+        case OPT_MD:
+            if (!opt_md(opt_unknown(), &digest))
+                goto opthelp;
+        }
+    }
+    argc = opt_num_rest();
+    argv = opt_rest();
+    if (argc != 0) {
+        BIO_printf(bio_err, "%s: Unknown parameter %s\n", prog, argv[0]);
+        goto opthelp;
+    }
+
+    if (!app_passwd(passinarg, NULL, &passin, NULL)) {
+        BIO_printf(bio_err, "Error getting password\n");
+        goto end;
+    }
+
+    if (!X509_STORE_set_default_paths(ctx)) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    if (fkeyfile != NULL) {
+        fkey = load_pubkey(fkeyfile, keyformat, 0, NULL, e, "Forced key");
+        if (fkey == NULL)
+            goto end;
+    }
+
+    if ((CAkeyfile == NULL) && (CA_flag) && (CAformat == FORMAT_PEM)) {
+        CAkeyfile = CAfile;
+    } else if ((CA_flag) && (CAkeyfile == NULL)) {
+        BIO_printf(bio_err,
+                   "need to specify a CAkey if using the CA command\n");
+        goto end;
+    }
+
+    if (extfile != NULL) {
+        X509V3_CTX ctx2;
+        if ((extconf = app_load_config(extfile)) == NULL)
+            goto end;
+        if (extsect == NULL) {
+            extsect = NCONF_get_string(extconf, "default", "extensions");
+            if (extsect == NULL) {
+                ERR_clear_error();
+                extsect = "default";
+            }
+        }
+        X509V3_set_ctx_test(&ctx2);
+        X509V3_set_nconf(&ctx2, extconf);
+        if (!X509V3_EXT_add_nconf(extconf, &ctx2, extsect, NULL)) {
+            BIO_printf(bio_err,
+                       "Error Loading extension section %s\n", extsect);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (reqfile) {
+        EVP_PKEY *pkey;
+        BIO *in;
+
+        if (!sign_flag && !CA_flag) {
+            BIO_printf(bio_err, "We need a private key to sign with\n");
+            goto end;
+        }
+        in = bio_open_default(infile, 'r', informat);
+        if (in == NULL)
+            goto end;
+        req = PEM_read_bio_X509_REQ(in, NULL, NULL, NULL);
+        BIO_free(in);
+
+        if (req == NULL) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+
+        if ((pkey = X509_REQ_get0_pubkey(req)) == NULL) {
+            BIO_printf(bio_err, "error unpacking public key\n");
+            goto end;
+        }
+        i = X509_REQ_verify(req, pkey);
+        if (i < 0) {
+            BIO_printf(bio_err, "Signature verification error\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        if (i == 0) {
+            BIO_printf(bio_err,
+                       "Signature did not match the certificate request\n");
+            goto end;
+        } else {
+            BIO_printf(bio_err, "Signature ok\n");
+        }
+
+        print_name(bio_err, "subject=", X509_REQ_get_subject_name(req),
+                   get_nameopt());
+
+        if ((x = X509_new()) == NULL)
+            goto end;
+
+        if (sno == NULL) {
+            sno = ASN1_INTEGER_new();
+            if (sno == NULL || !rand_serial(NULL, sno))
+                goto end;
+            if (!X509_set_serialNumber(x, sno))
+                goto end;
+            ASN1_INTEGER_free(sno);
+            sno = NULL;
+        } else if (!X509_set_serialNumber(x, sno)) {
+            goto end;
+        }
+
+        if (!X509_set_issuer_name(x, X509_REQ_get_subject_name(req)))
+            goto end;
+        if (!X509_set_subject_name(x, X509_REQ_get_subject_name(req)))
+            goto end;
+        if (!set_cert_times(x, NULL, NULL, days))
+            goto end;
+
+        if (fkey != NULL) {
+            X509_set_pubkey(x, fkey);
+        } else {
+            pkey = X509_REQ_get0_pubkey(req);
+            X509_set_pubkey(x, pkey);
+        }
+    } else {
+        x = load_cert(infile, informat, "Certificate");
+    }
+
+    if (x == NULL)
+        goto end;
+    if (CA_flag) {
+        xca = load_cert(CAfile, CAformat, "CA Certificate");
+        if (xca == NULL)
+            goto end;
+    }
+
+    out = bio_open_default(outfile, 'w', outformat);
+    if (out == NULL)
+        goto end;
+
+    if (!noout || text || next_serial)
+        OBJ_create("2.99999.3", "SET.ex3", "SET x509v3 extension 3");
+
+    if (alias)
+        X509_alias_set1(x, (unsigned char *)alias, -1);
+
+    if (clrtrust)
+        X509_trust_clear(x);
+    if (clrreject)
+        X509_reject_clear(x);
+
+    if (trust != NULL) {
+        for (i = 0; i < sk_ASN1_OBJECT_num(trust); i++) {
+            objtmp = sk_ASN1_OBJECT_value(trust, i);
+            X509_add1_trust_object(x, objtmp);
+        }
+        objtmp = NULL;
+    }
+
+    if (reject != NULL) {
+        for (i = 0; i < sk_ASN1_OBJECT_num(reject); i++) {
+            objtmp = sk_ASN1_OBJECT_value(reject, i);
+            X509_add1_reject_object(x, objtmp);
+        }
+        objtmp = NULL;
+    }
+
+    if (badsig) {
+        const ASN1_BIT_STRING *signature;
+
+        X509_get0_signature(&signature, NULL, x);
+        corrupt_signature(signature);
+    }
+
+    if (num) {
+        for (i = 1; i <= num; i++) {
+            if (issuer == i) {
+                print_name(out, "issuer=", X509_get_issuer_name(x), get_nameopt());
+            } else if (subject == i) {
+                print_name(out, "subject=",
+                           X509_get_subject_name(x), get_nameopt());
+            } else if (serial == i) {
+                BIO_printf(out, "serial=");
+                i2a_ASN1_INTEGER(out, X509_get_serialNumber(x));
+                BIO_printf(out, "\n");
+            } else if (next_serial == i) {
+                ASN1_INTEGER *ser = X509_get_serialNumber(x);
+                BIGNUM *bnser = ASN1_INTEGER_to_BN(ser, NULL);
+
+                if (!bnser)
+                    goto end;
+                if (!BN_add_word(bnser, 1))
+                    goto end;
+                ser = BN_to_ASN1_INTEGER(bnser, NULL);
+                if (!ser)
+                    goto end;
+                BN_free(bnser);
+                i2a_ASN1_INTEGER(out, ser);
+                ASN1_INTEGER_free(ser);
+                BIO_puts(out, "\n");
+            } else if ((email == i) || (ocsp_uri == i)) {
+                int j;
+                STACK_OF(OPENSSL_STRING) *emlst;
+                if (email == i)
+                    emlst = X509_get1_email(x);
+                else
+                    emlst = X509_get1_ocsp(x);
+                for (j = 0; j < sk_OPENSSL_STRING_num(emlst); j++)
+                    BIO_printf(out, "%s\n",
+                               sk_OPENSSL_STRING_value(emlst, j));
+                X509_email_free(emlst);
+            } else if (aliasout == i) {
+                unsigned char *alstr;
+                alstr = X509_alias_get0(x, NULL);
+                if (alstr)
+                    BIO_printf(out, "%s\n", alstr);
+                else
+                    BIO_puts(out, "<No Alias>\n");
+            } else if (subject_hash == i) {
+                BIO_printf(out, "%08lx\n", X509_subject_name_hash(x));
+            }
+#ifndef OPENSSL_NO_MD5
+            else if (subject_hash_old == i) {
+                BIO_printf(out, "%08lx\n", X509_subject_name_hash_old(x));
+            }
+#endif
+            else if (issuer_hash == i) {
+                BIO_printf(out, "%08lx\n", X509_issuer_name_hash(x));
+            }
+#ifndef OPENSSL_NO_MD5
+            else if (issuer_hash_old == i) {
+                BIO_printf(out, "%08lx\n", X509_issuer_name_hash_old(x));
+            }
+#endif
+            else if (pprint == i) {
+                X509_PURPOSE *ptmp;
+                int j;
+                BIO_printf(out, "Certificate purposes:\n");
+                for (j = 0; j < X509_PURPOSE_get_count(); j++) {
+                    ptmp = X509_PURPOSE_get0(j);
+                    purpose_print(out, x, ptmp);
+                }
+            } else if (modulus == i) {
+                EVP_PKEY *pkey;
+
+                pkey = X509_get0_pubkey(x);
+                if (pkey == NULL) {
+                    BIO_printf(bio_err, "Modulus=unavailable\n");
+                    ERR_print_errors(bio_err);
+                    goto end;
+                }
+                BIO_printf(out, "Modulus=");
+#ifndef OPENSSL_NO_RSA
+                if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA) {
+                    const BIGNUM *n;
+                    RSA_get0_key(EVP_PKEY_get0_RSA(pkey), &n, NULL, NULL);
+                    BN_print(out, n);
+                } else
+#endif
+#ifndef OPENSSL_NO_DSA
+                if (EVP_PKEY_id(pkey) == EVP_PKEY_DSA) {
+                    const BIGNUM *dsapub = NULL;
+                    DSA_get0_key(EVP_PKEY_get0_DSA(pkey), &dsapub, NULL);
+                    BN_print(out, dsapub);
+                } else
+#endif
+                {
+                    BIO_printf(out, "Wrong Algorithm type");
+                }
+                BIO_printf(out, "\n");
+            } else if (pubkey == i) {
+                EVP_PKEY *pkey;
+
+                pkey = X509_get0_pubkey(x);
+                if (pkey == NULL) {
+                    BIO_printf(bio_err, "Error getting public key\n");
+                    ERR_print_errors(bio_err);
+                    goto end;
+                }
+                PEM_write_bio_PUBKEY(out, pkey);
+            } else if (C == i) {
+                unsigned char *d;
+                char *m;
+                int len;
+
+                print_name(out, "/*\n"
+                                " * Subject: ", X509_get_subject_name(x), get_nameopt());
+                print_name(out, " * Issuer:  ", X509_get_issuer_name(x), get_nameopt());
+                BIO_puts(out, " */\n");
+
+                len = i2d_X509(x, NULL);
+                m = app_malloc(len, "x509 name buffer");
+                d = (unsigned char *)m;
+                len = i2d_X509_NAME(X509_get_subject_name(x), &d);
+                print_array(out, "the_subject_name", len, (unsigned char *)m);
+                d = (unsigned char *)m;
+                len = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x), &d);
+                print_array(out, "the_public_key", len, (unsigned char *)m);
+                d = (unsigned char *)m;
+                len = i2d_X509(x, &d);
+                print_array(out, "the_certificate", len, (unsigned char *)m);
+                OPENSSL_free(m);
+            } else if (text == i) {
+                X509_print_ex(out, x, get_nameopt(), certflag);
+            } else if (startdate == i) {
+                BIO_puts(out, "notBefore=");
+                ASN1_TIME_print(out, X509_get0_notBefore(x));
+                BIO_puts(out, "\n");
+            } else if (enddate == i) {
+                BIO_puts(out, "notAfter=");
+                ASN1_TIME_print(out, X509_get0_notAfter(x));
+                BIO_puts(out, "\n");
+            } else if (fingerprint == i) {
+                int j;
+                unsigned int n;
+                unsigned char md[EVP_MAX_MD_SIZE];
+                const EVP_MD *fdig = digest;
+
+                if (fdig == NULL)
+                    fdig = EVP_sha1();
+
+                if (!X509_digest(x, fdig, md, &n)) {
+                    BIO_printf(bio_err, "out of memory\n");
+                    goto end;
+                }
+                BIO_printf(out, "%s Fingerprint=",
+                           OBJ_nid2sn(EVP_MD_type(fdig)));
+                for (j = 0; j < (int)n; j++) {
+                    BIO_printf(out, "%02X%c", md[j], (j + 1 == (int)n)
+                               ? '\n' : ':');
+                }
+            }
+
+            /* should be in the library */
+            else if ((sign_flag == i) && (x509req == 0)) {
+                BIO_printf(bio_err, "Getting Private key\n");
+                if (Upkey == NULL) {
+                    Upkey = load_key(keyfile, keyformat, 0,
+                                     passin, e, "Private key");
+                    if (Upkey == NULL)
+                        goto end;
+                }
+
+                if (!sign(x, Upkey, days, clrext, digest, extconf, extsect, preserve_dates))
+                    goto end;
+            } else if (CA_flag == i) {
+                BIO_printf(bio_err, "Getting CA Private Key\n");
+                if (CAkeyfile != NULL) {
+                    CApkey = load_key(CAkeyfile, CAkeyformat,
+                                      0, passin, e, "CA Private Key");
+                    if (CApkey == NULL)
+                        goto end;
+                }
+
+                if (!x509_certify(ctx, CAfile, digest, x, xca,
+                                  CApkey, sigopts,
+                                  CAserial, CA_createserial, days, clrext,
+                                  extconf, extsect, sno, reqfile, preserve_dates))
+                    goto end;
+            } else if (x509req == i) {
+                EVP_PKEY *pk;
+
+                BIO_printf(bio_err, "Getting request Private Key\n");
+                if (keyfile == NULL) {
+                    BIO_printf(bio_err, "no request key file specified\n");
+                    goto end;
+                } else {
+                    pk = load_key(keyfile, keyformat, 0,
+                                  passin, e, "request key");
+                    if (pk == NULL)
+                        goto end;
+                }
+
+                BIO_printf(bio_err, "Generating certificate request\n");
+
+                rq = X509_to_X509_REQ(x, pk, digest);
+                EVP_PKEY_free(pk);
+                if (rq == NULL) {
+                    ERR_print_errors(bio_err);
+                    goto end;
+                }
+                if (!noout) {
+                    X509_REQ_print_ex(out, rq, get_nameopt(), X509_FLAG_COMPAT);
+                    PEM_write_bio_X509_REQ(out, rq);
+                }
+                noout = 1;
+            } else if (ocspid == i) {
+                X509_ocspid_print(out, x);
+            } else if (ext == i) {
+                print_x509v3_exts(out, x, exts);
+            }
+        }
+    }
+
+    if (checkend) {
+        time_t tcheck = time(NULL) + checkoffset;
+
+        if (X509_cmp_time(X509_get0_notAfter(x), &tcheck) < 0) {
+            BIO_printf(out, "Certificate will expire\n");
+            ret = 1;
+        } else {
+            BIO_printf(out, "Certificate will not expire\n");
+            ret = 0;
+        }
+        goto end;
+    }
+
+    print_cert_checks(out, x, checkhost, checkemail, checkip);
+
+    if (noout || nocert) {
+        ret = 0;
+        goto end;
+    }
+
+    if (outformat == FORMAT_ASN1) {
+        i = i2d_X509_bio(out, x);
+    } else if (outformat == FORMAT_PEM) {
+        if (trustout)
+            i = PEM_write_bio_X509_AUX(out, x);
+        else
+            i = PEM_write_bio_X509(out, x);
+    } else {
+        BIO_printf(bio_err, "bad output format specified for outfile\n");
+        goto end;
+    }
+    if (!i) {
+        BIO_printf(bio_err, "unable to write certificate\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+    ret = 0;
+ end:
+    NCONF_free(extconf);
+    BIO_free_all(out);
+    X509_STORE_free(ctx);
+    X509_REQ_free(req);
+    X509_free(x);
+    X509_free(xca);
+    EVP_PKEY_free(Upkey);
+    EVP_PKEY_free(CApkey);
+    EVP_PKEY_free(fkey);
+    sk_OPENSSL_STRING_free(sigopts);
+    X509_REQ_free(rq);
+    ASN1_INTEGER_free(sno);
+    sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
+    sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
+    ASN1_OBJECT_free(objtmp);
+    release_engine(e);
+    OPENSSL_free(passin);
+    return ret;
+}
+
+static ASN1_INTEGER *x509_load_serial(const char *CAfile,
+                                      const char *serialfile, int create)
+{
+    char *buf = NULL;
+    ASN1_INTEGER *bs = NULL;
+    BIGNUM *serial = NULL;
+
+    if (serialfile == NULL) {
+        const char *p = strrchr(CAfile, '.');
+        size_t len = p != NULL ? (size_t)(p - CAfile) : strlen(CAfile);
+
+        buf = app_malloc(len + sizeof(POSTFIX), "serial# buffer");
+        memcpy(buf, CAfile, len);
+        memcpy(buf + len, POSTFIX, sizeof(POSTFIX));
+        serialfile = buf;
+    }
+
+    serial = load_serial(serialfile, create, NULL);
+    if (serial == NULL)
+        goto end;
+
+    if (!BN_add_word(serial, 1)) {
+        BIO_printf(bio_err, "add_word failure\n");
+        goto end;
+    }
+
+    if (!save_serial(serialfile, NULL, serial, &bs))
+        goto end;
+
+ end:
+    OPENSSL_free(buf);
+    BN_free(serial);
+    return bs;
+}
+
+static int x509_certify(X509_STORE *ctx, const char *CAfile, const EVP_MD *digest,
+                        X509 *x, X509 *xca, EVP_PKEY *pkey,
+                        STACK_OF(OPENSSL_STRING) *sigopts,
+                        const char *serialfile, int create,
+                        int days, int clrext, CONF *conf, const char *section,
+                        ASN1_INTEGER *sno, int reqfile, int preserve_dates)
+{
+    int ret = 0;
+    ASN1_INTEGER *bs = NULL;
+    X509_STORE_CTX *xsc = NULL;
+    EVP_PKEY *upkey;
+
+    upkey = X509_get0_pubkey(xca);
+    if (upkey == NULL) {
+        BIO_printf(bio_err, "Error obtaining CA X509 public key\n");
+        goto end;
+    }
+    EVP_PKEY_copy_parameters(upkey, pkey);
+
+    xsc = X509_STORE_CTX_new();
+    if (xsc == NULL || !X509_STORE_CTX_init(xsc, ctx, x, NULL)) {
+        BIO_printf(bio_err, "Error initialising X509 store\n");
+        goto end;
+    }
+    if (sno)
+        bs = sno;
+    else if ((bs = x509_load_serial(CAfile, serialfile, create)) == NULL)
+        goto end;
+
+    /*
+     * NOTE: this certificate can/should be self signed, unless it was a
+     * certificate request in which case it is not.
+     */
+    X509_STORE_CTX_set_cert(xsc, x);
+    X509_STORE_CTX_set_flags(xsc, X509_V_FLAG_CHECK_SS_SIGNATURE);
+    if (!reqfile && X509_verify_cert(xsc) <= 0)
+        goto end;
+
+    if (!X509_check_private_key(xca, pkey)) {
+        BIO_printf(bio_err,
+                   "CA certificate and CA private key do not match\n");
+        goto end;
+    }
+
+    if (!X509_set_issuer_name(x, X509_get_subject_name(xca)))
+        goto end;
+    if (!X509_set_serialNumber(x, bs))
+        goto end;
+
+    if (!preserve_dates && !set_cert_times(x, NULL, NULL, days))
+        goto end;
+
+    if (clrext) {
+        while (X509_get_ext_count(x) > 0)
+            X509_delete_ext(x, 0);
+    }
+
+    if (conf != NULL) {
+        X509V3_CTX ctx2;
+        X509_set_version(x, 2); /* version 3 certificate */
+        X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0);
+        X509V3_set_nconf(&ctx2, conf);
+        if (!X509V3_EXT_add_nconf(conf, &ctx2, section, x))
+            goto end;
+    }
+
+    if (!do_X509_sign(x, pkey, digest, sigopts))
+        goto end;
+    ret = 1;
+ end:
+    X509_STORE_CTX_free(xsc);
+    if (!ret)
+        ERR_print_errors(bio_err);
+    if (!sno)
+        ASN1_INTEGER_free(bs);
+    return ret;
+}
+
+static int callb(int ok, X509_STORE_CTX *ctx)
+{
+    int err;
+    X509 *err_cert;
+
+    /*
+     * it is ok to use a self signed certificate This case will catch both
+     * the initial ok == 0 and the final ok == 1 calls to this function
+     */
+    err = X509_STORE_CTX_get_error(ctx);
+    if (err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
+        return 1;
+
+    /*
+     * BAD we should have gotten an error.  Normally if everything worked
+     * X509_STORE_CTX_get_error(ctx) will still be set to
+     * DEPTH_ZERO_SELF_....
+     */
+    if (ok) {
+        BIO_printf(bio_err,
+                   "error with certificate to be certified - should be self signed\n");
+        return 0;
+    } else {
+        err_cert = X509_STORE_CTX_get_current_cert(ctx);
+        print_name(bio_err, NULL, X509_get_subject_name(err_cert), 0);
+        BIO_printf(bio_err,
+                   "error with certificate - error %d at depth %d\n%s\n", err,
+                   X509_STORE_CTX_get_error_depth(ctx),
+                   X509_verify_cert_error_string(err));
+        return 1;
+    }
+}
+
+/* self sign */
+static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext,
+                const EVP_MD *digest, CONF *conf, const char *section,
+                int preserve_dates)
+{
+
+    if (!X509_set_issuer_name(x, X509_get_subject_name(x)))
+        goto err;
+    if (!preserve_dates && !set_cert_times(x, NULL, NULL, days))
+        goto err;
+    if (!X509_set_pubkey(x, pkey))
+        goto err;
+    if (clrext) {
+        while (X509_get_ext_count(x) > 0)
+            X509_delete_ext(x, 0);
+    }
+    if (conf != NULL) {
+        X509V3_CTX ctx;
+        X509_set_version(x, 2); /* version 3 certificate */
+        X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0);
+        X509V3_set_nconf(&ctx, conf);
+        if (!X509V3_EXT_add_nconf(conf, &ctx, section, x))
+            goto err;
+    }
+    if (!X509_sign(x, pkey, digest))
+        goto err;
+    return 1;
+ err:
+    ERR_print_errors(bio_err);
+    return 0;
+}
+
+static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt)
+{
+    int id, i, idret;
+    const char *pname;
+    id = X509_PURPOSE_get_id(pt);
+    pname = X509_PURPOSE_get0_name(pt);
+    for (i = 0; i < 2; i++) {
+        idret = X509_check_purpose(cert, id, i);
+        BIO_printf(bio, "%s%s : ", pname, i ? " CA" : "");
+        if (idret == 1)
+            BIO_printf(bio, "Yes\n");
+        else if (idret == 0)
+            BIO_printf(bio, "No\n");
+        else
+            BIO_printf(bio, "Yes (WARNING code=%d)\n", idret);
+    }
+    return 1;
+}
+
+static int parse_ext_names(char *names, const char **result)
+{
+    char *p, *q;
+    int cnt = 0, len = 0;
+
+    p = q = names;
+    len = strlen(names);
+
+    while (q - names <= len) {
+        if (*q != ',' && *q != '\0') {
+            q++;
+            continue;
+        }
+        if (p != q) {
+            /* found */
+            if (result != NULL) {
+                result[cnt] = p;
+                *q = '\0';
+            }
+            cnt++;
+        }
+        p = ++q;
+    }
+
+    return cnt;
+}
+
+static int print_x509v3_exts(BIO *bio, X509 *x, const char *ext_names)
+{
+    const STACK_OF(X509_EXTENSION) *exts = NULL;
+    STACK_OF(X509_EXTENSION) *exts2 = NULL;
+    X509_EXTENSION *ext = NULL;
+    ASN1_OBJECT *obj;
+    int i, j, ret = 0, num, nn = 0;
+    const char *sn, **names = NULL;
+    char *tmp_ext_names = NULL;
+
+    exts = X509_get0_extensions(x);
+    if ((num = sk_X509_EXTENSION_num(exts)) <= 0) {
+        BIO_printf(bio, "No extensions in certificate\n");
+        ret = 1;
+        goto end;
+    }
+
+    /* parse comma separated ext name string */
+    if ((tmp_ext_names = OPENSSL_strdup(ext_names)) == NULL)
+        goto end;
+    if ((nn = parse_ext_names(tmp_ext_names, NULL)) == 0) {
+        BIO_printf(bio, "Invalid extension names: %s\n", ext_names);
+        goto end;
+    }
+    if ((names = OPENSSL_malloc(sizeof(char *) * nn)) == NULL)
+        goto end;
+    parse_ext_names(tmp_ext_names, names);
+
+    for (i = 0; i < num; i++) {
+        ext = sk_X509_EXTENSION_value(exts, i);
+
+        /* check if this ext is what we want */
+        obj = X509_EXTENSION_get_object(ext);
+        sn = OBJ_nid2sn(OBJ_obj2nid(obj));
+        if (sn == NULL || strcmp(sn, "UNDEF") == 0)
+            continue;
+
+        for (j = 0; j < nn; j++) {
+            if (strcmp(sn, names[j]) == 0) {
+                /* push the extension into a new stack */
+                if (exts2 == NULL
+                    && (exts2 = sk_X509_EXTENSION_new_null()) == NULL)
+                    goto end;
+                if (!sk_X509_EXTENSION_push(exts2, ext))
+                    goto end;
+            }
+        }
+    }
+
+    if (!sk_X509_EXTENSION_num(exts2)) {
+        BIO_printf(bio, "No extensions matched with %s\n", ext_names);
+        ret = 1;
+        goto end;
+    }
+
+    ret = X509V3_extensions_print(bio, NULL, exts2, 0, 0);
+ end:
+    sk_X509_EXTENSION_free(exts2);
+    OPENSSL_free(names);
+    OPENSSL_free(tmp_ext_names);
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/appveyor.yml b/trunk/3rdparty/openssl-1.1-fit/appveyor.yml
new file mode 100644
index 000000000..24966c0fa
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/appveyor.yml
@@ -0,0 +1,66 @@
+platform:
+    - x64
+    - x86
+
+environment:
+    fast_finish: true
+    matrix:
+        - VSVER: 14
+
+configuration:
+    - shared
+    - plain
+
+before_build:
+    - ps: >-
+        If ($env:Platform -Match "x86") {
+            $env:VCVARS_PLATFORM="x86"
+            $env:TARGET="VC-WIN32 no-asm"
+        } Else {
+            $env:VCVARS_PLATFORM="amd64"
+            $env:TARGET="VC-WIN64A-masm"
+        }
+    - ps: >-
+        If ($env:Configuration -Match "shared") {
+            $env:SHARED="no-makedepend"
+        } Else {
+            $env:SHARED="no-shared no-makedepend"
+        }
+    - ps: $env:VSCOMNTOOLS=(Get-Content ("env:VS" + "$env:VSVER" + "0COMNTOOLS"))
+    - call "%VSCOMNTOOLS%\..\..\VC\vcvarsall.bat" %VCVARS_PLATFORM%
+    - mkdir _build
+    - cd _build
+    - perl ..\Configure %TARGET% %SHARED%
+    - perl configdata.pm --dump
+    - cd ..
+    - ps: >-
+        if (-not $env:APPVEYOR_PULL_REQUEST_NUMBER`
+            -or (&git log -2 | Select-String "\[extended tests\]") ) {
+            $env:EXTENDED_TESTS="yes"
+        }
+
+build_script:
+    - cd _build
+    - ps: >-
+        If ($env:Configuration -Match "shared" -or $env:EXTENDED_TESTS) {
+            cmd /c "nmake build_all_generated 2>&1"
+            cmd /c "nmake PERL=no-perl 2>&1"
+        }
+    - cd ..
+
+test_script:
+    - cd _build
+    - ps: >-
+        If ($env:Configuration -Match "shared" -or $env:EXTENDED_TESTS) {
+            if ($env:EXTENDED_TESTS) {
+                cmd /c "nmake test V=1 2>&1"
+            } Else {
+                cmd /c "nmake test V=1 TESTS=-test_fuzz 2>&1"
+            }
+        }
+    - ps: >-
+        if ($env:EXTENDED_TESTS) {
+            mkdir ..\_install
+            cmd /c "nmake install DESTDIR=..\_install 2>&1"
+        }
+    - cd ..
diff --git a/trunk/3rdparty/openssl-1.1-fit/build.info b/trunk/3rdparty/openssl-1.1-fit/build.info
new file mode 100644
index 000000000..3dda4e89b
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/build.info
@@ -0,0 +1,103 @@
+{-
+     our $sover = $config{shlib_version_number};
+     our $sover_filename = $sover;
+     $sover_filename =~ s|\.|_|g
+         if $config{target} =~ /^mingw/ || $config{target} =~ /^VC-/;
+     $sover_filename =
+         sprintf "%02d%02d", split m|\.|, $config{shlib_version_number}
+         if $config{target} =~ /^vms/;
+     "";
+-}
+LIBS=libcrypto libssl
+INCLUDE[libcrypto]=. crypto/include include
+INCLUDE[libssl]=. include
+DEPEND[libssl]=libcrypto
+
+# Empty DEPEND "indices" means the dependencies are expected to be built
+# unconditionally before anything else.
+DEPEND[]=include/openssl/opensslconf.h crypto/include/internal/bn_conf.h \
+         crypto/include/internal/dso_conf.h
+DEPEND[include/openssl/opensslconf.h]=configdata.pm
+GENERATE[include/openssl/opensslconf.h]=include/openssl/opensslconf.h.in
+DEPEND[crypto/include/internal/bn_conf.h]=configdata.pm
+GENERATE[crypto/include/internal/bn_conf.h]=crypto/include/internal/bn_conf.h.in
+DEPEND[crypto/include/internal/dso_conf.h]=configdata.pm
+GENERATE[crypto/include/internal/dso_conf.h]=crypto/include/internal/dso_conf.h.in
+
+IF[{- defined $target{shared_defflag} -}]
+  IF[{- $config{target} =~ /^mingw/ -}]
+    GENERATE[libcrypto.def]=util/mkdef.pl crypto 32
+    DEPEND[libcrypto.def]=util/libcrypto.num
+    GENERATE[libssl.def]=util/mkdef.pl ssl 32
+    DEPEND[libssl.def]=util/libssl.num
+
+    SHARED_SOURCE[libcrypto]=libcrypto.def
+    SHARED_SOURCE[libssl]=libssl.def
+  ELSIF[{- $config{target} =~ /^aix/ -}]
+    GENERATE[libcrypto.map]=util/mkdef.pl crypto aix
+    DEPEND[libcrypto.map]=util/libcrypto.num
+    GENERATE[libssl.map]=util/mkdef.pl ssl aix
+    DEPEND[libssl.map]=util/libssl.num
+
+    SHARED_SOURCE[libcrypto]=libcrypto.map
+    SHARED_SOURCE[libssl]=libssl.map
+  ELSE
+    GENERATE[libcrypto.map]=util/mkdef.pl crypto linux
+    DEPEND[libcrypto.map]=util/libcrypto.num
+    GENERATE[libssl.map]=util/mkdef.pl ssl linux
+    DEPEND[libssl.map]=util/libssl.num
+
+    SHARED_SOURCE[libcrypto]=libcrypto.map
+    SHARED_SOURCE[libssl]=libssl.map
+  ENDIF
+ENDIF
+# VMS and VC don't have parametrised .def / .symvec generation, so they get
+# special treatment, since we know they do use these files
+IF[{- $config{target} =~ /^VC-/ -}]
+  GENERATE[libcrypto.def]=util/mkdef.pl crypto 32
+  DEPEND[libcrypto.def]=util/libcrypto.num
+  GENERATE[libssl.def]=util/mkdef.pl ssl 32
+  DEPEND[libssl.def]=util/libssl.num
+
+  SHARED_SOURCE[libcrypto]=libcrypto.def
+  SHARED_SOURCE[libssl]=libssl.def
+ELSIF[{- $config{target} =~ /^vms/ -}]
+  GENERATE[libcrypto.opt]=util/mkdef.pl crypto "VMS"
+  DEPEND[libcrypto.opt]=util/libcrypto.num
+  GENERATE[libssl.opt]=util/mkdef.pl ssl "VMS"
+  DEPEND[libssl.opt]=util/libssl.num
+
+  SHARED_SOURCE[libcrypto]=libcrypto.opt
+  SHARED_SOURCE[libssl]=libssl.opt
+ENDIF
+
+IF[{- $config{target} =~ /^(?:Cygwin|mingw|VC-)/ -}]
+  GENERATE[libcrypto.rc]=util/mkrc.pl libcrypto
+  GENERATE[libssl.rc]=util/mkrc.pl libssl
+
+  SHARED_SOURCE[libcrypto]=libcrypto.rc
+  SHARED_SOURCE[libssl]=libssl.rc
+ENDIF
+
+IF[{- $config{target} =~ /^Cygwin/ -}]
+ SHARED_NAME[libcrypto]=cygcrypto-{- $sover_filename -}
+ SHARED_NAME[libssl]=cygssl-{- $sover_filename -}
+ELSIF[{- $config{target} =~ /^mingw/ -}]
+ SHARED_NAME[libcrypto]=libcrypto-{- $sover_filename -}{- $config{target} eq "mingw64" ? "-x64" : "" -}
+ SHARED_NAME[libssl]=libssl-{- $sover_filename -}{- $config{target} eq "mingw64" ? "-x64" : "" -}
+ELSIF[{- $config{target} =~ /^VC-/ -}]
+ SHARED_NAME[libcrypto]=libcrypto-{- $sover_filename -}{- $target{multilib} -}
+ SHARED_NAME[libssl]=libssl-{- $sover_filename -}{- $target{multilib} -}
+ENDIF
+
+# VMS has a cultural standard where all libraries are prefixed.
+# For OpenSSL, the choice is 'ossl$' (this prefix was claimed in a
+# conversation with VSI, Tuesday January 26 2016)
+# Also, it seems it's usual to have the pointer size the libraries
+# were built for as part of the name.
+IF[{- $config{target} =~ /^vms/ -}]
+ RENAME[libcrypto]=ossl$libcrypto{- $target{pointer_size} -}
+ RENAME[libssl]=ossl$libssl{- $target{pointer_size} -}
+ SHARED_NAME[libcrypto]=ossl$libcrypto{- $sover_filename -}_shr{- $target{pointer_size} -}
+ SHARED_NAME[libssl]=ossl$libssl{- $sover_filename -}_shr{- $target{pointer_size} -}
+ENDIF
diff --git a/trunk/3rdparty/openssl-1.1-fit/config b/trunk/3rdparty/openssl-1.1-fit/config
new file mode 100755
index 000000000..d0e31b651
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/config
@@ -0,0 +1,946 @@
+#!/bin/sh
+# Copyright 1998-2019 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# OpenSSL config: determine the operating system and run ./Configure
+# Derived from minarch and GuessOS from Apache.
+#
+# Do "config -h" for usage information.
+SUFFIX=""
+DRYRUN="false"
+VERBOSE="false"
+EXE=""
+THERE=`dirname $0`
+
+# pick up any command line args to config
+for i
+do
+case "$i" in
+-d*) options=$options" --debug";;
+-t*) DRYRUN="true" VERBOSE="true";;
+-v*) VERBOSE="true";;
+-h*) DRYRUN="true"; cat <<EOF
+Usage: config [options]
+ -d	Build with debugging when possible.
+ -t	Test mode, do not run the Configure perl script.
+ -v	Verbose mode, show the exact Configure call that is being made.
+ -h	This help.
+
+Any other text will be passed to the Configure perl script.
+See INSTALL for instructions.
+
+EOF
+;;
+*)  i=`echo "$i" | sed -e "s|'|'\\\\\\''|g"`
+    options="$options '$i'" ;;
+esac
+done
+
+# Environment that's being passed to Configure
+__CNF_CPPDEFINES=
+__CNF_CPPINCLUDES=
+__CNF_CPPFLAGS=
+__CNF_CFLAGS=
+__CNF_CXXFLAGS=
+__CNF_LDFLAGS=
+__CNF_LDLIBS=
+
+# First get uname entries that we use below
+
+[ "$MACHINE" ] || MACHINE=`(uname -m) 2>/dev/null` || MACHINE="unknown"
+[ "$RELEASE" ] || RELEASE=`(uname -r) 2>/dev/null` || RELEASE="unknown"
+[ "$SYSTEM" ] || SYSTEM=`(uname -s) 2>/dev/null`  || SYSTEM="unknown"
+[ "$BUILD" ] || VERSION=`(uname -v) 2>/dev/null` || VERSION="unknown"
+
+
+# Now test for ISC and SCO, since it is has a braindamaged uname.
+#
+# We need to work around FreeBSD 1.1.5.1
+(
+XREL=`uname -X 2>/dev/null | grep "^Release" | awk '{print $3}'`
+if [ "x$XREL" != "x" ]; then
+    if [ -f /etc/kconfig ]; then
+	case "$XREL" in
+	    4.0|4.1)
+		    echo "${MACHINE}-whatever-isc4"; exit 0
+		;;
+	esac
+    else
+	case "$XREL" in
+	    3.2v4.2)
+		echo "whatever-whatever-sco3"; exit 0
+		;;
+	    3.2v5.0*)
+		echo "whatever-whatever-sco5"; exit 0
+		;;
+	    4.2MP)
+		case "x${VERSION}" in
+		    x2.0*) echo "whatever-whatever-unixware20"; exit 0 ;;
+		    x2.1*) echo "whatever-whatever-unixware21"; exit 0 ;;
+		    x2*)   echo "whatever-whatever-unixware2";  exit 0 ;;
+		esac
+		;;
+	    4.2)
+		echo "whatever-whatever-unixware1"; exit 0
+		;;
+	    5*)
+		case "x${VERSION}" in
+		    # We hardcode i586 in place of ${MACHINE} for the
+		    # following reason. The catch is that even though Pentium
+		    # is minimum requirement for platforms in question,
+		    # ${MACHINE} gets always assigned to i386. Now, problem
+		    # with i386 is that it makes ./config pass 386 to
+		    # ./Configure, which in turn makes make generate
+		    # inefficient SHA-1 (for this moment) code.
+		    x[678]*)  echo "i586-sco-unixware7"; exit 0 ;;
+		esac
+		;;
+	esac
+    fi
+fi
+# Now we simply scan though... In most cases, the SYSTEM info is enough
+#
+case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
+    A/UX:*)
+	echo "m68k-apple-aux3"; exit 0
+	;;
+
+    AIX:[3-9]:4:*)
+	echo "${MACHINE}-ibm-aix"; exit 0
+	;;
+
+    AIX:*:[5-9]:*)
+	echo "${MACHINE}-ibm-aix"; exit 0
+	;;
+
+    AIX:*)
+	echo "${MACHINE}-ibm-aix3"; exit 0
+	;;
+
+    HI-UX:*)
+	echo "${MACHINE}-hi-hiux"; exit 0
+	;;
+
+    HP-UX:*)
+	HPUXVER=`echo ${RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+	case "$HPUXVER" in
+	    1[0-9].*)	# HPUX 10 and 11 targets are unified
+		echo "${MACHINE}-hp-hpux1x"; exit 0
+		;;
+	    *)
+		echo "${MACHINE}-hp-hpux"; exit 0
+		;;
+	esac
+	;;
+
+    IRIX:6.*)
+	echo "mips3-sgi-irix"; exit 0
+	;;
+
+    IRIX64:*)
+	echo "mips4-sgi-irix64"; exit 0
+	;;
+
+    Linux:[2-9].*)
+	echo "${MACHINE}-whatever-linux2"; exit 0
+	;;
+
+    Linux:1.*)
+	echo "${MACHINE}-whatever-linux1"; exit 0
+	;;
+
+    GNU*)
+	echo "hurd-x86"; exit 0;
+	;;
+
+    LynxOS:*)
+	echo "${MACHINE}-lynx-lynxos"; exit 0
+	;;
+
+    BSD/OS:4.*)  # BSD/OS always says 386
+	echo "i486-whatever-bsdi4"; exit 0
+	;;
+
+    BSD/386:*:*:*486*|BSD/OS:*:*:*:*486*)
+        case `/sbin/sysctl -n hw.model` in
+	    Pentium*)
+                echo "i586-whatever-bsdi"; exit 0
+                ;;
+            *)
+                echo "i386-whatever-bsdi"; exit 0
+                ;;
+            esac;
+	;;
+
+    BSD/386:*|BSD/OS:*)
+	echo "${MACHINE}-whatever-bsdi"; exit 0
+	;;
+
+    FreeBSD:*:*:*386*)
+        VERS=`echo ${RELEASE} | sed -e 's/[-(].*//'`
+        MACH=`sysctl -n hw.model`
+        ARCH='whatever'
+        case ${MACH} in
+           *386*       ) MACH="i386"     ;;
+           *486*       ) MACH="i486"     ;;
+           Pentium\ II*) MACH="i686"     ;;
+           Pentium*    ) MACH="i586"     ;;
+           *           ) MACH="$MACHINE" ;;
+        esac
+        case ${MACH} in
+           i[0-9]86 ) ARCH="pc" ;;
+        esac
+        echo "${MACH}-${ARCH}-freebsd${VERS}"; exit 0
+        ;;
+
+    DragonFly:*)
+	echo "${MACHINE}-whatever-dragonfly"; exit 0
+	;;
+
+    FreeBSD:*)
+	echo "${MACHINE}-whatever-freebsd"; exit 0
+	;;
+
+    Haiku:*)
+	echo "${MACHINE}-whatever-haiku"; exit 0
+	;;
+
+    NetBSD:*:*:*386*)
+        echo "`(/usr/sbin/sysctl -n hw.model || /sbin/sysctl -n hw.model) | sed 's,.*\(.\)86-class.*,i\186,'`-whatever-netbsd"; exit 0
+	;;
+
+    NetBSD:*)
+	echo "${MACHINE}-whatever-netbsd"; exit 0
+	;;
+
+    OpenBSD:*)
+	echo "${MACHINE}-whatever-openbsd"; exit 0
+	;;
+
+    OpenUNIX:*)
+	echo "${MACHINE}-unknown-OpenUNIX${VERSION}"; exit 0
+	;;
+
+    OSF1:*:*:*alpha*)
+	OSFMAJOR=`echo ${RELEASE}| sed -e 's/^V\([0-9]*\)\..*$/\1/'`
+	case "$OSFMAJOR" in
+	    4|5)
+		echo "${MACHINE}-dec-tru64"; exit 0
+		;;
+	    1|2|3)
+		echo "${MACHINE}-dec-osf"; exit 0
+		;;
+	    *)
+		echo "${MACHINE}-dec-osf"; exit 0
+		;;
+	esac
+	;;
+
+    Paragon*:*:*:*)
+	echo "i860-intel-osf1"; exit 0
+	;;
+
+    Rhapsody:*)
+	echo "ppc-apple-rhapsody"; exit 0
+	;;
+
+    Darwin:*)
+	case "$MACHINE" in
+	    Power*)
+		echo "ppc-apple-darwin${VERSION}"
+		;;
+	    x86_64)
+		echo "x86_64-apple-darwin${VERSION}"
+		;;
+	    *)
+		echo "i686-apple-darwin${VERSION}"
+		;;
+	esac
+	exit 0
+	;;
+
+    SunOS:5.*)
+	echo "${MACHINE}-whatever-solaris2"; exit 0
+	;;
+
+    SunOS:*)
+	echo "${MACHINE}-sun-sunos4"; exit 0
+	;;
+
+    UNIX_System_V:4.*:*)
+	echo "${MACHINE}-whatever-sysv4"; exit 0
+	;;
+
+    VOS:*:*:i786)
+     echo "i386-stratus-vos"; exit 0
+     ;;
+
+    VOS:*:*:*)
+     echo "hppa1.1-stratus-vos"; exit 0
+     ;;
+
+    *:4*:R4*:m88k)
+	echo "${MACHINE}-whatever-sysv4"; exit 0
+	;;
+
+    DYNIX/ptx:4*:*)
+	echo "${MACHINE}-whatever-sysv4"; exit 0
+	;;
+
+    *:4.0:3.0:3[34]?? | *:4.0:3.0:3[34]??,*)
+	echo "i486-ncr-sysv4"; exit 0
+	;;
+
+    ULTRIX:*)
+	echo "${MACHINE}-unknown-ultrix"; exit 0
+	;;
+
+    POSIX-BC*)
+	echo "${MACHINE}-siemens-sysv4"; exit 0   # Here, $MACHINE == "BS2000"
+	;;
+
+    machten:*)
+       echo "${MACHINE}-tenon-${SYSTEM}"; exit 0;
+       ;;
+
+    library:*)
+	echo "${MACHINE}-ncr-sysv4"; exit 0
+	;;
+
+    ConvexOS:*:11.0:*)
+	echo "${MACHINE}-v11-${SYSTEM}"; exit 0;
+	;;
+
+    # The following combinations are supported
+    # MINGW64* on x86_64 => mingw64
+    # MINGW32* on x86_64 => mingw
+    # MINGW32* on i?86 => mingw
+    #
+    # MINGW64* on i?86 isn't expected to work...
+    MINGW64*:*:*:x86_64)
+	echo "${MACHINE}-whatever-mingw64"; exit 0;
+	;;
+    MINGW*)
+	echo "${MACHINE}-whatever-mingw"; exit 0;
+	;;
+    CYGWIN*)
+	echo "${MACHINE}-pc-cygwin"; exit 0
+	;;
+
+    vxworks*)
+       echo "${MACHINE}-whatever-vxworks"; exit 0;
+       ;;
+esac
+
+#
+# Ugg. These are all we can determine by what we know about
+# the output of uname. Be more creative:
+#
+
+# Do the Apollo stuff first. Here, we just simply assume
+# that the existence of the /usr/apollo directory is proof
+# enough
+if [ -d /usr/apollo ]; then
+    echo "whatever-apollo-whatever"
+    exit 0
+fi
+
+# Now NeXT
+ISNEXT=`hostinfo 2>/dev/null`
+case "$ISNEXT" in
+    *'NeXT Mach 3.3'*)
+	echo "whatever-next-nextstep3.3"; exit 0
+	;;
+    *NeXT*)
+	echo "whatever-next-nextstep"; exit 0
+	;;
+esac
+
+# At this point we gone through all the one's
+# we know of: Punt
+
+echo "${MACHINE}-whatever-${SYSTEM}"
+exit 0
+) 2>/dev/null | (
+
+# ---------------------------------------------------------------------------
+# this is where the translation occurs into SSLeay terms
+# ---------------------------------------------------------------------------
+
+# Only set CC if not supplied already
+if [ -z "$CROSS_COMPILE$CC" ]; then
+  GCCVER=`sh -c "gcc -dumpversion" 2>/dev/null`
+  if [ "$GCCVER" != "" ]; then
+    # then strip off whatever prefix egcs prepends the number with...
+    # Hopefully, this will work for any future prefixes as well.
+    GCCVER=`echo $GCCVER | LC_ALL=C sed 's/^[a-zA-Z]*\-//'`
+    # Since gcc 3.1 gcc --version behaviour has changed.  gcc -dumpversion
+    # does give us what we want though, so we use that.  We just just the
+    # major and minor version numbers.
+    # peak single digit before and after first dot, e.g. 2.95.1 gives 29
+    GCCVER=`echo $GCCVER | sed 's/\([0-9]\)\.\([0-9]\).*/\1\2/'`
+    CC=gcc
+  else
+    CC=cc
+  fi
+fi
+GCCVER=${GCCVER:-0}
+if [ "$SYSTEM" = "HP-UX" ];then
+  # By default gcc is a ILP32 compiler (with long long == 64).
+  GCC_BITS="32"
+  if [ $GCCVER -ge 30 ]; then
+    # PA64 support only came in with gcc 3.0.x.
+    # We check if the preprocessor symbol __LP64__ is defined...
+    if echo "__LP64__" | gcc -v -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null; then
+      : # __LP64__ has slipped through, it therefore is not defined
+    else
+      GCC_BITS="64"
+    fi
+  fi
+fi
+if [ "$SYSTEM" = "SunOS" ]; then
+  if [ $GCCVER -ge 30 ]; then
+    # 64-bit ABI isn't officially supported in gcc 3.0, but it appears
+    # to be working, at the very least 'make test' passes...
+    if gcc -v -E -x c /dev/null 2>&1 | grep __arch64__ > /dev/null; then
+      GCC_ARCH="-m64"
+    else
+      GCC_ARCH="-m32"
+    fi
+  fi
+  # check for WorkShop C, expected output is "cc: blah-blah C x.x"
+  CCVER=`(cc -V 2>&1) 2>/dev/null | \
+  	egrep -e '^cc: .* C [0-9]\.[0-9]' | \
+	sed 's/.* C \([0-9]\)\.\([0-9]\).*/\1\2/'`
+  CCVER=${CCVER:-0}
+  if [ $MACHINE != i86pc -a $CCVER -gt 40 ]; then
+    CC=cc	# overrides gcc!!!
+    if [ $CCVER -eq 50 ]; then
+      echo "WARNING! Detected WorkShop C 5.0. Do make sure you have"
+      echo "         patch #107357-01 or later applied."
+      sleep 5
+    fi
+  fi
+fi
+
+if [ "${SYSTEM}" = "AIX" ]; then	# favor vendor cc over gcc
+    (cc) 2>&1 | grep -iv "not found" > /dev/null && CC=cc
+fi
+
+CCVER=${CCVER:-0}
+
+# read the output of the embedded GuessOS
+read GUESSOS
+
+echo Operating system: $GUESSOS
+
+# now map the output into SSLeay terms ... really should hack into the
+# script above so we end up with values in vars but that would take
+# more time that I want to waste at the moment
+case "$GUESSOS" in
+  uClinux*64*)
+    OUT=uClinux-dist64
+	;;
+  uClinux*)
+    OUT=uClinux-dist
+	;;
+  mips3-sgi-irix)
+	OUT="irix-mips3-$CC"
+	;;
+  mips4-sgi-irix64)
+	echo "WARNING! If you wish to build 64-bit library, then you have to"
+	echo "         invoke '$THERE/Configure irix64-mips4-$CC' *manually*."
+	if [ "$DRYRUN" = "false" -a -t 1 ]; then
+	  echo "         You have about 5 seconds to press Ctrl-C to abort."
+	  (trap "stty `stty -g`; exit 0" 2 0; stty -icanon min 0 time 50; read waste) <&1
+	fi
+	OUT="irix-mips3-$CC"
+	;;
+  ppc-apple-rhapsody) OUT="rhapsody-ppc-cc" ;;
+  ppc-apple-darwin*)
+	ISA64=`(sysctl -n hw.optional.64bitops) 2>/dev/null`
+	if [ "$ISA64" = "1" -a -z "$KERNEL_BITS" ]; then
+	    echo "WARNING! If you wish to build 64-bit library, then you have to"
+	    echo "         invoke '$THERE/Configure darwin64-ppc-cc' *manually*."
+	    if [ "$DRYRUN" = "false" -a -t 1 ]; then
+	      echo "         You have about 5 seconds to press Ctrl-C to abort."
+	      (trap "stty `stty -g`; exit 0" 2 0; stty -icanon min 0 time 50; read waste) <&1
+	    fi
+	fi
+	if [ "$ISA64" = "1" -a "$KERNEL_BITS" = "64" ]; then
+	    OUT="darwin64-ppc-cc"
+	else
+	    OUT="darwin-ppc-cc"
+	fi ;;
+  i?86-apple-darwin*)
+	ISA64=`(sysctl -n hw.optional.x86_64) 2>/dev/null`
+	if [ "$ISA64" = "1" -a -z "$KERNEL_BITS" ]; then
+	    echo "WARNING! If you wish to build 64-bit library, then you have to"
+	    echo "         invoke 'KERNEL_BITS=64 $THERE/config $options'."
+	    if [ "$DRYRUN" = "false" -a -t 1 ]; then
+	      echo "         You have about 5 seconds to press Ctrl-C to abort."
+	      (trap "stty `stty -g`; exit 1" 2; stty -icanon min 0 time 50; read waste; exit 0) <&1 || exit
+	    fi
+	fi
+	if [ "$ISA64" = "1" -a "$KERNEL_BITS" = "64" ]; then
+	    OUT="darwin64-x86_64-cc"
+	else
+	    OUT="darwin-i386-cc"
+	fi ;;
+  x86_64-apple-darwin*)
+	if [ "$KERNEL_BITS" = "32" ]; then
+	    OUT="darwin-i386-cc"
+	else
+	    OUT="darwin64-x86_64-cc"
+	fi ;;
+  armv6+7-*-iphoneos)
+	__CNF_CFLAGS="$__CNF_CFLAGS -arch%20armv6 -arch%20armv7"
+	__CNF_CXXFLAGS="$__CNF_CXXFLAGS -arch%20armv6 -arch%20armv7"
+	OUT="iphoneos-cross" ;;
+  *-*-iphoneos)
+	__CNF_CFLAGS="$__CNF_CFLAGS -arch%20${MACHINE}"
+	__CNF_CXXFLAGS="$__CNF_CXXFLAGS -arch%20${MACHINE}"
+	OUT="iphoneos-cross" ;;
+  arm64-*-iphoneos|*-*-ios64)
+	OUT="ios64-cross" ;;
+  alpha-*-linux2)
+        ISA=`awk '/cpu model/{print$4;exit(0);}' /proc/cpuinfo`
+	case ${ISA:-generic} in
+	*[678])	OUT="linux-alpha+bwx-$CC" ;;
+	*)	OUT="linux-alpha-$CC" ;;
+	esac
+	if [ "$CC" = "gcc" ]; then
+	    case ${ISA:-generic} in
+	    EV5|EV45)		__CNF_CFLAGS="$__CNF_CFLAGS -mcpu=ev5"
+				__CNF_CXXFLAGS="$__CNF_CFLAGS -mcpu=ev5";;
+	    EV56|PCA56)		__CNF_CFLAGS="$__CNF_CFLAGS -mcpu=ev56"
+				__CNF_CXXFLAGS="$__CNF_CXXFLAGS -mcpu=ev56";;
+	    *)			__CNF_CFLAGS="$__CNF_CFLAGS -mcpu=ev6"
+				__CNF_CXXFLAGS="$__CNF_CXXFLAGS -mcpu=ev6";;
+	    esac
+	fi
+	;;
+  ppc64-*-linux2)
+	if [ -z "$KERNEL_BITS" ]; then
+	    echo "WARNING! If you wish to build 64-bit library, then you have to"
+	    echo "         invoke '$THERE/Configure linux-ppc64' *manually*."
+	    if [ "$DRYRUN" = "false" -a -t 1 ]; then
+		echo "         You have about 5 seconds to press Ctrl-C to abort."
+		(trap "stty `stty -g`; exit 0" 2 0; stty -icanon min 0 time 50; read waste) <&1
+	    fi
+	fi
+	if [ "$KERNEL_BITS" = "64" ]; then
+	    OUT="linux-ppc64"
+	else
+	    OUT="linux-ppc"
+	    if (echo "__LP64__" | gcc -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null); then
+		:;
+	    else
+		__CNF_CFLAGS="$__CNF_CFLAGS -m32"
+		__CNF_CXXFLAGS="$__CNF_CXXFLAGS -m32"
+	    fi
+	fi
+	;;
+  ppc64le-*-linux2) OUT="linux-ppc64le" ;;
+  ppc-*-linux2) OUT="linux-ppc" ;;
+  mips64*-*-linux2)
+	echo "WARNING! If you wish to build 64-bit library, then you have to"
+	echo "         invoke '$THERE/Configure linux64-mips64' *manually*."
+	if [ "$DRYRUN" = "false" -a -t 1 ]; then
+	    echo "         You have about 5 seconds to press Ctrl-C to abort."
+	    (trap "stty `stty -g`; exit 0" 2 0; stty -icanon min 0 time 50; read waste) <&1
+	fi
+	OUT="linux-mips64"
+	;;
+  mips*-*-linux2) OUT="linux-mips32" ;;
+  ppc60x-*-vxworks*) OUT="vxworks-ppc60x" ;;
+  ppcgen-*-vxworks*) OUT="vxworks-ppcgen" ;;
+  pentium-*-vxworks*) OUT="vxworks-pentium" ;;
+  simlinux-*-vxworks*) OUT="vxworks-simlinux" ;;
+  mips-*-vxworks*) OUT="vxworks-mips";;
+  ia64-*-linux?) OUT="linux-ia64" ;;
+  sparc64-*-linux2)
+	echo "WARNING! If you *know* that your GNU C supports 64-bit/V9 ABI"
+	echo "         and wish to build 64-bit library, then you have to"
+	echo "         invoke '$THERE/Configure linux64-sparcv9' *manually*."
+	if [ "$DRYRUN" = "false" -a -t 1 ]; then
+	  echo "          You have about 5 seconds to press Ctrl-C to abort."
+	  (trap "stty `stty -g`; exit 0" 2 0; stty -icanon min 0 time 50; read waste) <&1
+	fi
+	OUT="linux-sparcv9" ;;
+  sparc-*-linux2)
+	KARCH=`awk '/^type/{print$3;exit(0);}' /proc/cpuinfo`
+	case ${KARCH:-sun4} in
+	sun4u*)	OUT="linux-sparcv9" ;;
+	sun4m)	OUT="linux-sparcv8" ;;
+	sun4d)	OUT="linux-sparcv8" ;;
+	*)	OUT="linux-generic32";
+		__CNF_CPPFLAGS="$__CNF_CPPFLAGS -DB_ENDIAN" ;;
+	esac ;;
+  parisc*-*-linux2)
+	# 64-bit builds under parisc64 linux are not supported and
+	# compiler is expected to generate 32-bit objects...
+	CPUARCH=`awk '/cpu family/{print substr($5,1,3); exit(0);}' /proc/cpuinfo`
+	CPUSCHEDULE=`awk '/^cpu.[ 	]*: PA/{print substr($3,3); exit(0);}' /proc/cpuinfo`
+
+	# ??TODO ??  Model transformations
+	# 0. CPU Architecture for the 1.1 processor has letter suffixes. We strip that off
+	#    assuming no further arch. identification will ever be used by GCC.
+	# 1. I'm most concerned about whether is a 7300LC is closer to a 7100 versus a 7100LC.
+	# 2. The variant 64-bit processors cause concern should GCC support explicit schedulers
+	#    for these chips in the future.
+	#         PA7300LC -> 7100LC (1.1)
+	#         PA8200   -> 8000   (2.0)
+	#         PA8500   -> 8000   (2.0)
+	#         PA8600   -> 8000   (2.0)
+
+	CPUSCHEDULE=`echo $CPUSCHEDULE|sed -e 's/7300LC/7100LC/' -e 's/8.00/8000/'`
+	# Finish Model transformations
+
+	__CNF_CPPFLAGS="$__CNF_CPPFLAGS -DB_ENDIAN"
+	__CNF_CFLAGS="$__CNF_CFLAGS -mschedule=$CPUSCHEDULE -march=$CPUARCH"
+	__CNF_CXXFLAGS="$__CNF_CXXFLAGS -mschedule=$CPUSCHEDULE -march=$CPUARCH"
+	OUT="linux-generic32" ;;
+  armv[1-3]*-*-linux2) OUT="linux-generic32" ;;
+  armv[7-9]*-*-linux2) OUT="linux-armv4"
+		       __CNF_CFLAGS="$__CNF_CFLAGS -march=armv7-a"
+		       __CNF_CXXFLAGS="$__CNF_CXXFLAGS -march=armv7-a"
+		       ;;
+  arm*-*-linux2) OUT="linux-armv4" ;;
+  aarch64-*-linux2) OUT="linux-aarch64" ;;
+  sh*b-*-linux2) OUT="linux-generic32";
+		 __CNF_CPPFLAGS="$__CNF_CPPFLAGS -DB_ENDIAN" ;;
+  sh*-*-linux2)	 OUT="linux-generic32";
+		 __CNF_CPPFLAGS="$__CNF_CPPFLAGS -DL_ENDIAN" ;;
+  m68k*-*-linux2) OUT="linux-generic32";
+		  __CNF_CPPFLAGS="$__CNF_CPPFLAGS -DB_ENDIAN" ;;
+  s390-*-linux2) OUT="linux-generic32";
+		 __CNF_CPPFLAGS="$__CNF_CPPFLAGS -DB_ENDIAN" ;;
+  s390x-*-linux2)
+	# To be uncommented when glibc bug is fixed, see Configure...
+	#if egrep -e '^features.* highgprs' /proc/cpuinfo >/dev/null ; then
+	#  echo "WARNING! If you wish to build \"highgprs\" 32-bit library, then you"
+	#  echo "         have to invoke './Configure linux32-s390x' *manually*."
+	#  if [ "$DRYRUN" = "false" -a -t -1 ]; then
+	#    echo "         You have about 5 seconds to press Ctrl-C to abort."
+	#    (trap "stty `stty -g`; exit 0" 2 0; stty -icanon min 0 time 50; read waste) <&1
+	#  fi
+	#fi
+	OUT="linux64-s390x"
+	;;
+  x86_64-*-linux?)
+	if $CC -dM -E -x c /dev/null 2>&1 | grep -q ILP32 > /dev/null; then
+	    OUT="linux-x32"
+	else
+	    OUT="linux-x86_64"
+	fi ;;
+  *86-*-linux2)
+        # On machines where the compiler understands -m32, prefer a
+        # config target that uses it
+        if $CC -m32 -E -x c /dev/null > /dev/null 2>&1; then
+            OUT="linux-x86"
+        else
+            OUT="linux-elf"
+        fi ;;
+  *86-*-linux1) OUT="linux-aout" ;;
+  *-*-linux?) OUT="linux-generic32" ;;
+  sun4[uv]*-*-solaris2)
+	OUT="solaris-sparcv9-$CC"
+	ISA64=`(isainfo) 2>/dev/null | grep sparcv9`
+	if [ "$ISA64" != "" -a "$KERNEL_BITS" = "" ]; then
+	    if [ "$CC" = "cc" -a $CCVER -ge 50 ]; then
+		echo "WARNING! If you wish to build 64-bit library, then you have to"
+		echo "         invoke '$THERE/Configure solaris64-sparcv9-cc' *manually*."
+		if [ "$DRYRUN" = "false" -a -t 1 ]; then
+		  echo "         You have about 5 seconds to press Ctrl-C to abort."
+		  (trap "stty `stty -g`; exit 0" 2 0; stty -icanon min 0 time 50; read waste) <&1
+		fi
+	    elif [ "$CC" = "gcc" -a "$GCC_ARCH" = "-m64" ]; then
+		# $GCC_ARCH denotes default ABI chosen by compiler driver
+		# (first one found on the $PATH). I assume that user
+		# expects certain consistency with the rest of his builds
+		# and therefore switch over to 64-bit. <appro>
+		OUT="solaris64-sparcv9-gcc"
+		echo "WARNING! If you wish to build 32-bit library, then you have to"
+		echo "         invoke '$THERE/Configure solaris-sparcv9-gcc' *manually*."
+		if [ "$DRYRUN" = "false" -a -t 1 ]; then
+		  echo "         You have about 5 seconds to press Ctrl-C to abort."
+		  (trap "stty `stty -g`; exit 0" 2 0; stty -icanon min 0 time 50; read waste) <&1
+		fi
+	    elif [ "$GCC_ARCH" = "-m32" ]; then
+		echo "NOTICE! If you *know* that your GNU C supports 64-bit/V9 ABI"
+		echo "        and wish to build 64-bit library, then you have to"
+		echo "        invoke '$THERE/Configure solaris64-sparcv9-gcc' *manually*."
+		if [ "$DRYRUN" = "false" -a -t 1 ]; then
+		  echo "         You have about 5 seconds to press Ctrl-C to abort."
+		  (trap "stty `stty -g`; exit 0" 2 0; stty -icanon min 0 time 50; read waste) <&1
+		fi
+	    fi
+	fi
+	if [ "$ISA64" != "" -a "$KERNEL_BITS" = "64" ]; then
+	    OUT="solaris64-sparcv9-$CC"
+	fi
+	;;
+  sun4m-*-solaris2)	OUT="solaris-sparcv8-$CC" ;;
+  sun4d-*-solaris2)	OUT="solaris-sparcv8-$CC" ;;
+  sun4*-*-solaris2)	OUT="solaris-sparcv7-$CC" ;;
+  *86*-*-solaris2)
+	ISA64=`(isainfo) 2>/dev/null | grep amd64`
+	if [ "$ISA64" != "" -a ${KERNEL_BITS:-64} -eq 64 ]; then
+	    OUT="solaris64-x86_64-$CC"
+	else
+	    OUT="solaris-x86-$CC"
+	    if [ `uname -r | sed -e 's/5\.//'` -lt 10 ]; then
+		options="$options no-sse2"
+	    fi
+	fi
+	;;
+  *-*-sunos4)		OUT="sunos-$CC" ;;
+
+  *86*-*-bsdi4)		OUT="BSD-x86-elf"; options="$options no-sse2";
+			__CNF_LDFLAGS="$__CNF_LDFLAGS -ldl" ;;
+  alpha*-*-*bsd*)	OUT="BSD-generic64";
+			__CNF_CPPFLAGS="$__CNF_CPPFLAGS -DL_ENDIAN" ;;
+  powerpc64-*-*bsd*)	OUT="BSD-generic64";
+			__CNF_CPPFLAGS="$__CNF_CPPFLAGS -DB_ENDIAN" ;;
+  sparc64-*-*bsd*)	OUT="BSD-sparc64" ;;
+  ia64-*-*bsd*)		OUT="BSD-ia64" ;;
+  x86_64-*-dragonfly*)  OUT="BSD-x86_64" ;;
+  amd64-*-*bsd*)	OUT="BSD-x86_64" ;;
+  *86*-*-*bsd*)		# mimic ld behaviour when it's looking for libc...
+			if [ -L /usr/lib/libc.so ]; then	# [Free|Net]BSD
+			    libc=/usr/lib/libc.so
+			else					# OpenBSD
+			    # ld searches for highest libc.so.* and so do we
+			    libc=`(ls /usr/lib/libc.so.* /lib/libc.so.* | tail -1) 2>/dev/null`
+			fi
+			case "`(file -L $libc) 2>/dev/null`" in
+			*ELF*)	OUT="BSD-x86-elf" ;;
+			*)	OUT="BSD-x86"; options="$options no-sse2" ;;
+			esac ;;
+  *-*-*bsd*)		OUT="BSD-generic32" ;;
+
+  x86_64-*-haiku)	OUT="haiku-x86_64" ;;
+  *-*-haiku)		OUT="haiku-x86" ;;
+
+  *-*-osf)		OUT="osf1-alpha-cc" ;;
+  *-*-tru64)		OUT="tru64-alpha-cc" ;;
+  *-*-[Uu]nix[Ww]are7)
+	if [ "$CC" = "gcc" ]; then
+	  OUT="unixware-7-gcc" ; options="$options no-sse2"
+	else
+	  OUT="unixware-7" ; options="$options no-sse2"
+	  __CNF_CPPFLAGS="$__CNF_CPPFLAGS -D__i386__"
+	fi
+	;;
+  *-*-[Uu]nix[Ww]are20*) OUT="unixware-2.0"; options="$options no-sse2 no-sha512" ;;
+  *-*-[Uu]nix[Ww]are21*) OUT="unixware-2.1"; options="$options no-sse2 no-sha512" ;;
+  *-*-vos)
+	options="$options no-threads no-shared no-asm no-dso"
+	EXE=".pm"
+	OUT="vos-$CC" ;;
+  BS2000-siemens-sysv4) OUT="BS2000-OSD" ;;
+  *-hpux1*)
+	if [ $CC = "gcc" -a $GCC_BITS = "64" ]; then
+	    OUT="hpux64-parisc2-gcc"
+	fi
+	[ "$KERNEL_BITS" ] || KERNEL_BITS=`(getconf KERNEL_BITS) 2>/dev/null`
+	KERNEL_BITS=${KERNEL_BITS:-32}
+	CPU_VERSION=`(getconf CPU_VERSION) 2>/dev/null`
+	CPU_VERSION=${CPU_VERSION:-0}
+	# See <sys/unistd.h> for further info on CPU_VERSION.
+	if   [ $CPU_VERSION -ge 768 ]; then	# IA-64 CPU
+	     if [ $KERNEL_BITS -eq 64 -a "$CC" = "cc" ]; then
+	        OUT="hpux64-ia64-cc"
+             else
+	        OUT="hpux-ia64-cc"
+             fi
+	elif [ $CPU_VERSION -ge 532 ]; then	# PA-RISC 2.x CPU
+	     # PA-RISC 2.0 is no longer supported as separate 32-bit
+	     # target. This is compensated for by run-time detection
+	     # in most critical assembly modules and taking advantage
+	     # of 2.0 architecture in PA-RISC 1.1 build.
+	     OUT=${OUT:-"hpux-parisc1_1-${CC}"}
+	     if [ $KERNEL_BITS -eq 64 -a "$CC" = "cc" ]; then
+		echo "WARNING! If you wish to build 64-bit library then you have to"
+		echo "         invoke '$THERE/Configure hpux64-parisc2-cc' *manually*."
+		if [ "$DRYRUN" = "false" -a -t 1 ]; then
+		  echo "         You have about 5 seconds to press Ctrl-C to abort."
+		  (trap "stty `stty -g`; exit 0" 2 0; stty -icanon min 0 time 50; read waste) <&1
+		fi
+	     fi
+	elif [ $CPU_VERSION -ge 528 ]; then	# PA-RISC 1.1+ CPU
+	     OUT="hpux-parisc1_1-${CC}"
+	elif [ $CPU_VERSION -ge 523 ]; then	# PA-RISC 1.0 CPU
+	     OUT="hpux-parisc-${CC}"
+	else					# Motorola(?) CPU
+	     OUT="hpux-$CC"
+	fi
+	__CNF_CPPFLAGS="$__CNF_CPPFLAGS -D_REENTRANT" ;;
+  *-hpux)	OUT="hpux-parisc-$CC" ;;
+  *-aix)
+	[ "$KERNEL_BITS" ] || KERNEL_BITS=`(getconf KERNEL_BITMODE) 2>/dev/null`
+	KERNEL_BITS=${KERNEL_BITS:-32}
+	OBJECT_MODE=${OBJECT_MODE:-32}
+	if [ "$CC" = "gcc" ]; then
+	    OUT="aix-gcc"
+          if [ $OBJECT_MODE -eq 64 ]; then
+            echo 'Your $OBJECT_MODE was found to be set to 64'
+            OUT="aix64-gcc"
+          fi
+	elif [ $OBJECT_MODE -eq 64 ]; then
+	    echo 'Your $OBJECT_MODE was found to be set to 64'
+	    OUT="aix64-cc"
+	else
+	    OUT="aix-cc"
+	    if [ $KERNEL_BITS -eq 64 ]; then
+		echo "WARNING! If you wish to build 64-bit kit, then you have to"
+		echo "         invoke '$THERE/Configure aix64-cc' *manually*."
+		if [ "$DRYRUN" = "false" -a -t 1 ]; then
+		    echo "         You have ~5 seconds to press Ctrl-C to abort."
+		    (trap "stty `stty -g`; exit 0" 2 0; stty -icanon min 0 time 50; read waste) <&1
+		fi
+	    fi
+	fi
+	if (lsattr -E -O -l `lsdev -c processor|awk '{print$1;exit}'` | grep -i powerpc) >/dev/null 2>&1; then
+	    :	# this applies even to Power3 and later, as they return PowerPC_POWER[345]
+	else
+	    options="$options no-asm"
+	fi
+	;;
+  # these are all covered by the catchall below
+  i[3456]86-*-cygwin) OUT="Cygwin-x86" ;;
+  *-*-cygwin) OUT="Cygwin-${MACHINE}" ;;
+  x86-*-android|i?86-*-android) OUT="android-x86" ;;
+  armv[7-9]*-*-android)
+      OUT="android-armeabi"
+      __CNF_CFLAGS="$__CNF_CFLAGS -march=armv7-a"
+      __CNF_CXXFLAGS="$__CNF_CXXFLAGS -march=armv7-a";;
+  arm*-*-android) OUT="android-armeabi" ;;
+  *) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
+esac
+
+# NB: This atalla support has been superseded by the ENGINE support
+# That contains its own header and definitions anyway. Support can
+# be enabled or disabled on any supported platform without external
+# headers, eg. by adding the "hw-atalla" switch to ./config or
+# perl Configure
+#
+# See whether we can compile Atalla support
+#if [ -f /usr/include/atasi.h ]
+#then
+#  __CNF_CPPFLAGS="$__CNF_CPPFLAGS -DATALLA"
+#fi
+
+if [ -n "$CONFIG_OPTIONS" ]; then
+  options="$options $CONFIG_OPTIONS"
+fi
+
+# gcc < 2.8 does not support -march=ultrasparc
+if [ "$OUT" = solaris-sparcv9-gcc -a $GCCVER -lt 28 ]
+then
+  echo "WARNING! Falling down to 'solaris-sparcv8-gcc'."
+  echo "         Upgrade to gcc-2.8 or later."
+  sleep 5
+  OUT=solaris-sparcv8-gcc
+fi
+if [ "$OUT" = "linux-sparcv9" -a $GCCVER -lt 28 ]
+then
+  echo "WARNING! Falling down to 'linux-sparcv8'."
+  echo "         Upgrade to gcc-2.8 or later."
+  sleep 5
+  OUT=linux-sparcv8
+fi
+
+case "$GUESSOS" in
+  i386-*) options="$options 386" ;;
+esac
+
+for i in aes aria bf camellia cast des dh dsa ec hmac idea md2 md5 mdc2 rc2 rc4 rc5 ripemd rsa seed sha sm2 sm3 sm4
+do
+  if [ ! -d $THERE/crypto/$i ]
+  then
+    options="$options no-$i"
+  fi
+done
+
+if [ -z "$OUT" ]; then
+  OUT="$CC"
+fi
+
+if [ ".$PERL" = . ] ; then
+	for i in . `echo $PATH | sed 's/:/ /g'`; do
+		if [ -f "$i/perl5$EXE" ] ; then
+			PERL="$i/perl5$EXE"
+			break;
+		fi;
+	done
+fi
+
+if [ ".$PERL" = . ] ; then
+	for i in . `echo $PATH | sed 's/:/ /g'`; do
+		if [ -f "$i/perl$EXE" ] ; then
+			if "$i/perl$EXE" -e 'exit($]<5.0)'; then
+				PERL="$i/perl$EXE"
+				break;
+			fi;
+		fi;
+	done
+fi
+
+if [ ".$PERL" = . ] ; then
+	echo "You need Perl 5."
+	exit 1
+fi
+
+# run Configure to check to see if we need to specify the
+# compiler for the platform ... in which case we add it on
+# the end ... otherwise we leave it off
+
+$PERL $THERE/Configure LIST | grep "$OUT-$CC" > /dev/null
+if [ $? = "0" ]; then
+  OUT="$OUT-$CC"
+fi
+
+OUT="$OUT"
+
+$PERL $THERE/Configure LIST | grep "$OUT" > /dev/null
+if [ $? = "0" ]; then
+  if [ "$VERBOSE" = "true" ]; then
+    echo /usr/bin/env \
+	 __CNF_CPPDEFINES="'$__CNF_CPPDEFINES'" \
+	 __CNF_CPPINCLUDES="'$__CNF_CPPINCLUDES'" \
+	 __CNF_CPPFLAGS="'$__CNF_CPPFLAGS'" \
+	 __CNF_CFLAGS="'$__CNF_CFLAGS'" \
+	 __CNF_CXXFLAGS="'$__CNF_CXXFLAGS'" \
+	 __CNF_LDFLAGS="'$__CNF_LDFLAGS'" \
+	 __CNF_LDLIBS="'$__CNF_LDLIBS'" \
+	 $PERL $THERE/Configure $OUT $options
+  fi
+  if [ "$DRYRUN" = "false" ]; then
+    # eval to make sure quoted options, possibly with spaces inside,
+    # are treated right
+    eval /usr/bin/env \
+	 __CNF_CPPDEFINES="'$__CNF_CPPDEFINES'" \
+	 __CNF_CPPINCLUDES="'$__CNF_CPPINCLUDES'" \
+	 __CNF_CPPFLAGS="'$__CNF_CPPFLAGS'" \
+	 __CNF_CFLAGS="'$__CNF_CFLAGS'" \
+	 __CNF_CXXFLAGS="'$__CNF_CXXFLAGS'" \
+	 __CNF_LDFLAGS="'$__CNF_LDFLAGS'" \
+	 __CNF_LDLIBS="'$__CNF_LDLIBS'" \
+	 $PERL $THERE/Configure $OUT $options
+  fi
+else
+  echo "This system ($OUT) is not supported. See file INSTALL for details."
+  exit 1
+fi
+
+if [ "$OUT" = "darwin64-x86_64-cc" ]; then
+    echo "WARNING! If you wish to build 32-bit libraries, then you have to"
+    echo "         invoke 'KERNEL_BITS=32 $THERE/config $options'."
+fi
+)
diff --git a/trunk/3rdparty/openssl-1.1-fit/config.com b/trunk/3rdparty/openssl-1.1-fit/config.com
new file mode 100644
index 000000000..46ccaa20d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/config.com
@@ -0,0 +1,93 @@
+$	! OpenSSL config: determine the architecture and run Configure
+$	! Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+$	!
+$	! Licensed under the OpenSSL license (the "License").  You may not use
+$	! this file except in compliance with the License.  You can obtain a
+$	! copy in the file LICENSE in the source distribution or at
+$	! https://www.openssl.org/source/license.html
+$	!
+$	! Very simple for the moment, it will take the following arguments:
+$	!
+$	! -32 or 32	sets /POINTER_SIZE=32
+$	! -64 or 64	sets /POINTER_SIZE=64
+$	! -d		sets debugging
+$	! -h		prints a usage and exits
+$	! -t		test mode, doesn't run Configure
+$
+$	arch = f$edit( f$getsyi( "arch_name"), "lowercase")
+$	pointer_size = ""
+$	dryrun = 0
+$	verbose = 0
+$	here = F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"),,,"SYNTAX_ONLY") - "A.;"
+$
+$	collected_args = ""
+$	P_index = 0
+$	LOOP1:
+$	    P_index = P_index + 1
+$	    IF P_index .GT. 8 THEN GOTO ENDLOOP1
+$	    P = F$EDIT(P1,"TRIM,LOWERCASE")
+$	    IF P .EQS. "-h"
+$           THEN
+$               dryrun = 1
+$               P = ""
+$               TYPE SYS$INPUT
+$               DECK
+Usage: @config [options]
+
+  -32 or 32	Build with 32-bit pointer size.
+  -64 or 64	Build with 64-bit pointer size.
+  -d		Build with debugging.
+  -t            Test mode, do not run the Configure perl script.
+  -v            Verbose mode, show the exact Configure call that is being made.
+  -h		This help.
+
+Any other text will be passed to the Configure perl script.
+See INSTALL for instructions.
+
+$               EOD
+$           ENDIF
+$	    IF P .EQS. "-t"
+$	    THEN
+$		dryrun = 1
+$		verbose = 1
+$		P = ""
+$	    ENDIF
+$	    IF P .EQS. "-v"
+$	    THEN
+$		verbose = 1
+$		P = ""
+$	    ENDIF
+$	    IF P .EQS. "-32" .OR. P .EQS. "32"
+$	    THEN
+$		pointer_size = "-P32"
+$		P = ""
+$	    ENDIF
+$	    IF P .EQS. "-64" .OR. P .EQS. "64"
+$	    THEN
+$		pointer_size = "-P64"
+$		P = ""
+$	    ENDIF
+$	    IF P .EQS. "-d"
+$	    THEN
+$               collected_args = collected_args + " --debug"
+$		P = ""
+$	    ENDIF
+$	    IF P .NES. "" THEN -
+	       collected_args = collected_args + " """ + P1 + """"
+$	    P1 = P2
+$	    P2 = P3
+$	    P3 = P4
+$	    P4 = P5
+$	    P5 = P6
+$	    P6 = P7
+$	    P7 = P8
+$	    P8 = ""
+$	    GOTO LOOP1
+$	ENDLOOP1:
+$
+$	target = "vms-''arch'''pointer_size'"
+$       IF verbose THEN -
+           WRITE SYS$OUTPUT "PERL ''here'Configure ""''target'""",collected_args
+$       IF .not. dryrun THEN -
+           PERL 'here'Configure "''target'"'collected_args'
+$       EXIT $STATUS
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/LPdir_nyi.c b/trunk/3rdparty/openssl-1.1-fit/crypto/LPdir_nyi.c
new file mode 100644
index 000000000..b02449f7c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/LPdir_nyi.c
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This file is dual-licensed and is also available under the following
+ * terms:
+ *
+ * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef LPDIR_H
+# include "LPdir.h"
+#endif
+
+struct LP_dir_context_st {
+    void *dummy;
+};
+const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
+{
+    errno = EINVAL;
+    return 0;
+}
+
+int LP_find_file_end(LP_DIR_CTX **ctx)
+{
+    errno = EINVAL;
+    return 0;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/LPdir_unix.c b/trunk/3rdparty/openssl-1.1-fit/crypto/LPdir_unix.c
new file mode 100644
index 000000000..b1022895c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/LPdir_unix.c
@@ -0,0 +1,169 @@
+/*
+ * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This file is dual-licensed and is also available under the following
+ * terms:
+ *
+ * Copyright (c) 2004, 2018, Richard Levitte <richard@levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stddef.h>
+#include <stdlib.h>
+#include <limits.h>
+#include <string.h>
+#include <sys/types.h>
+#include <dirent.h>
+#include <errno.h>
+#ifndef LPDIR_H
+# include "LPdir.h"
+#endif
+#ifdef __VMS
+# include <ctype.h>
+#endif
+
+/*
+ * The POSIX macro for the maximum number of characters in a file path is
+ * NAME_MAX.  However, some operating systems use PATH_MAX instead.
+ * Therefore, it seems natural to first check for PATH_MAX and use that, and
+ * if it doesn't exist, use NAME_MAX.
+ */
+#if defined(PATH_MAX)
+# define LP_ENTRY_SIZE PATH_MAX
+#elif defined(NAME_MAX)
+# define LP_ENTRY_SIZE NAME_MAX
+#endif
+
+/*
+ * Of course, there's the possibility that neither PATH_MAX nor NAME_MAX
+ * exist.  It's also possible that NAME_MAX exists but is define to a very
+ * small value (HP-UX offers 14), so we need to check if we got a result, and
+ * if it meets a minimum standard, and create or change it if not.
+ */
+#if !defined(LP_ENTRY_SIZE) || LP_ENTRY_SIZE<255
+# undef LP_ENTRY_SIZE
+# define LP_ENTRY_SIZE 255
+#endif
+
+struct LP_dir_context_st {
+    DIR *dir;
+    char entry_name[LP_ENTRY_SIZE + 1];
+#ifdef __VMS
+    int expect_file_generations;
+    char previous_entry_name[LP_ENTRY_SIZE + 1];
+#endif
+};
+
+const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
+{
+    struct dirent *direntry = NULL;
+
+    if (ctx == NULL || directory == NULL) {
+        errno = EINVAL;
+        return 0;
+    }
+
+    errno = 0;
+    if (*ctx == NULL) {
+        *ctx = malloc(sizeof(**ctx));
+        if (*ctx == NULL) {
+            errno = ENOMEM;
+            return 0;
+        }
+        memset(*ctx, 0, sizeof(**ctx));
+
+#ifdef __VMS
+        {
+            char c = directory[strlen(directory) - 1];
+
+            if (c == ']' || c == '>' || c == ':')
+                (*ctx)->expect_file_generations = 1;
+        }
+#endif
+
+        (*ctx)->dir = opendir(directory);
+        if ((*ctx)->dir == NULL) {
+            int save_errno = errno; /* Probably not needed, but I'm paranoid */
+            free(*ctx);
+            *ctx = NULL;
+            errno = save_errno;
+            return 0;
+        }
+    }
+
+#ifdef __VMS
+    strncpy((*ctx)->previous_entry_name, (*ctx)->entry_name,
+            sizeof((*ctx)->previous_entry_name));
+
+ again:
+#endif
+
+    direntry = readdir((*ctx)->dir);
+    if (direntry == NULL) {
+        return 0;
+    }
+
+    strncpy((*ctx)->entry_name, direntry->d_name,
+            sizeof((*ctx)->entry_name) - 1);
+    (*ctx)->entry_name[sizeof((*ctx)->entry_name) - 1] = '\0';
+#ifdef __VMS
+    if ((*ctx)->expect_file_generations) {
+        char *p = (*ctx)->entry_name + strlen((*ctx)->entry_name);
+
+        while(p > (*ctx)->entry_name && isdigit(p[-1]))
+            p--;
+        if (p > (*ctx)->entry_name && p[-1] == ';')
+            p[-1] = '\0';
+        if (strcasecmp((*ctx)->entry_name, (*ctx)->previous_entry_name) == 0)
+            goto again;
+    }
+#endif
+    return (*ctx)->entry_name;
+}
+
+int LP_find_file_end(LP_DIR_CTX **ctx)
+{
+    if (ctx != NULL && *ctx != NULL) {
+        int ret = closedir((*ctx)->dir);
+
+        free(*ctx);
+        switch (ret) {
+        case 0:
+            return 1;
+        case -1:
+            return 0;
+        default:
+            break;
+        }
+    }
+    errno = EINVAL;
+    return 0;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/LPdir_vms.c b/trunk/3rdparty/openssl-1.1-fit/crypto/LPdir_vms.c
new file mode 100644
index 000000000..e35363fd6
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/LPdir_vms.c
@@ -0,0 +1,207 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This file is dual-licensed and is also available under the following
+ * terms:
+ *
+ * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stddef.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <descrip.h>
+#include <namdef.h>
+#include <rmsdef.h>
+#include <libfildef.h>
+#include <lib$routines.h>
+#include <strdef.h>
+#include <str$routines.h>
+#include <stsdef.h>
+#ifndef LPDIR_H
+# include "LPdir.h"
+#endif
+#include "vms_rms.h"
+
+/* Some compiler options hide EVMSERR. */
+#ifndef EVMSERR
+# define EVMSERR        65535   /* error for non-translatable VMS errors */
+#endif
+
+struct LP_dir_context_st {
+    unsigned long VMS_context;
+    char filespec[NAMX_MAXRSS + 1];
+    char result[NAMX_MAXRSS + 1];
+    struct dsc$descriptor_d filespec_dsc;
+    struct dsc$descriptor_d result_dsc;
+};
+
+const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
+{
+    int status;
+    char *p, *r;
+    size_t l;
+    unsigned long flags = 0;
+
+/* Arrange 32-bit pointer to (copied) string storage, if needed. */
+#if __INITIAL_POINTER_SIZE == 64
+# pragma pointer_size save
+# pragma pointer_size 32
+    char *ctx_filespec_32p;
+# pragma pointer_size restore
+    char ctx_filespec_32[NAMX_MAXRSS + 1];
+#endif                          /* __INITIAL_POINTER_SIZE == 64 */
+
+#ifdef NAML$C_MAXRSS
+    flags |= LIB$M_FIL_LONG_NAMES;
+#endif
+
+    if (ctx == NULL || directory == NULL) {
+        errno = EINVAL;
+        return 0;
+    }
+
+    errno = 0;
+    if (*ctx == NULL) {
+        size_t filespeclen = strlen(directory);
+        char *filespec = NULL;
+
+        if (filespeclen == 0) {
+            errno = ENOENT;
+            return 0;
+        }
+
+        /* MUST be a VMS directory specification!  Let's estimate if it is. */
+        if (directory[filespeclen - 1] != ']'
+            && directory[filespeclen - 1] != '>'
+            && directory[filespeclen - 1] != ':') {
+            errno = EINVAL;
+            return 0;
+        }
+
+        filespeclen += 4;       /* "*.*;" */
+
+        if (filespeclen > NAMX_MAXRSS) {
+            errno = ENAMETOOLONG;
+            return 0;
+        }
+
+        *ctx = malloc(sizeof(**ctx));
+        if (*ctx == NULL) {
+            errno = ENOMEM;
+            return 0;
+        }
+        memset(*ctx, 0, sizeof(**ctx));
+
+        strcpy((*ctx)->filespec, directory);
+        strcat((*ctx)->filespec, "*.*;");
+
+/* Arrange 32-bit pointer to (copied) string storage, if needed. */
+#if __INITIAL_POINTER_SIZE == 64
+# define CTX_FILESPEC ctx_filespec_32p
+        /* Copy the file name to storage with a 32-bit pointer. */
+        ctx_filespec_32p = ctx_filespec_32;
+        strcpy(ctx_filespec_32p, (*ctx)->filespec);
+#else                           /* __INITIAL_POINTER_SIZE == 64 */
+# define CTX_FILESPEC (*ctx)->filespec
+#endif                          /* __INITIAL_POINTER_SIZE == 64 [else] */
+
+        (*ctx)->filespec_dsc.dsc$w_length = filespeclen;
+        (*ctx)->filespec_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+        (*ctx)->filespec_dsc.dsc$b_class = DSC$K_CLASS_S;
+        (*ctx)->filespec_dsc.dsc$a_pointer = CTX_FILESPEC;
+    }
+
+    (*ctx)->result_dsc.dsc$w_length = 0;
+    (*ctx)->result_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+    (*ctx)->result_dsc.dsc$b_class = DSC$K_CLASS_D;
+    (*ctx)->result_dsc.dsc$a_pointer = 0;
+
+    status = lib$find_file(&(*ctx)->filespec_dsc, &(*ctx)->result_dsc,
+                           &(*ctx)->VMS_context, 0, 0, 0, &flags);
+
+    if (status == RMS$_NMF) {
+        errno = 0;
+        vaxc$errno = status;
+        return NULL;
+    }
+
+    if (!$VMS_STATUS_SUCCESS(status)) {
+        errno = EVMSERR;
+        vaxc$errno = status;
+        return NULL;
+    }
+
+    /*
+     * Quick, cheap and dirty way to discard any device and directory, since
+     * we only want file names
+     */
+    l = (*ctx)->result_dsc.dsc$w_length;
+    p = (*ctx)->result_dsc.dsc$a_pointer;
+    r = p;
+    for (; *p; p++) {
+        if (*p == '^' && p[1] != '\0') { /* Take care of ODS-5 escapes */
+            p++;
+        } else if (*p == ':' || *p == '>' || *p == ']') {
+            l -= p + 1 - r;
+            r = p + 1;
+        } else if (*p == ';') {
+            l = p - r;
+            break;
+        }
+    }
+
+    strncpy((*ctx)->result, r, l);
+    (*ctx)->result[l] = '\0';
+    str$free1_dx(&(*ctx)->result_dsc);
+
+    return (*ctx)->result;
+}
+
+int LP_find_file_end(LP_DIR_CTX **ctx)
+{
+    if (ctx != NULL && *ctx != NULL) {
+        int status = lib$find_file_end(&(*ctx)->VMS_context);
+
+        free(*ctx);
+
+        if (!$VMS_STATUS_SUCCESS(status)) {
+            errno = EVMSERR;
+            vaxc$errno = status;
+            return 0;
+        }
+        return 1;
+    }
+    errno = EINVAL;
+    return 0;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/LPdir_win.c b/trunk/3rdparty/openssl-1.1-fit/crypto/LPdir_win.c
new file mode 100644
index 000000000..1dc1ef122
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/LPdir_win.c
@@ -0,0 +1,214 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This file is dual-licensed and is also available under the following
+ * terms:
+ *
+ * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <windows.h>
+#include <tchar.h>
+#include "internal/numbers.h"
+#ifndef LPDIR_H
+# include "LPdir.h"
+#endif
+
+/*
+ * We're most likely overcautious here, but let's reserve for broken WinCE
+ * headers and explicitly opt for UNICODE call. Keep in mind that our WinCE
+ * builds are compiled with -DUNICODE [as well as -D_UNICODE].
+ */
+#if defined(LP_SYS_WINCE) && !defined(FindFirstFile)
+# define FindFirstFile FindFirstFileW
+#endif
+#if defined(LP_SYS_WINCE) && !defined(FindNextFile)
+# define FindNextFile FindNextFileW
+#endif
+
+#ifndef NAME_MAX
+# define NAME_MAX 255
+#endif
+
+#ifdef CP_UTF8
+# define CP_DEFAULT CP_UTF8
+#else
+# define CP_DEFAULT CP_ACP
+#endif
+
+struct LP_dir_context_st {
+    WIN32_FIND_DATA ctx;
+    HANDLE handle;
+    char entry_name[NAME_MAX + 1];
+};
+
+const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
+{
+    if (ctx == NULL || directory == NULL) {
+        errno = EINVAL;
+        return 0;
+    }
+
+    errno = 0;
+    if (*ctx == NULL) {
+        size_t dirlen = strlen(directory);
+
+        if (dirlen == 0 || dirlen > INT_MAX - 3) {
+            errno = ENOENT;
+            return 0;
+        }
+
+        *ctx = malloc(sizeof(**ctx));
+        if (*ctx == NULL) {
+            errno = ENOMEM;
+            return 0;
+        }
+        memset(*ctx, 0, sizeof(**ctx));
+
+        if (sizeof(TCHAR) != sizeof(char)) {
+            TCHAR *wdir = NULL;
+            /* len_0 denotes string length *with* trailing 0 */
+            size_t index = 0, len_0 = dirlen + 1;
+#ifdef LP_MULTIBYTE_AVAILABLE
+            int sz = 0;
+            UINT cp;
+
+            do {
+# ifdef CP_UTF8
+                if ((sz = MultiByteToWideChar((cp = CP_UTF8), 0,
+                                              directory, len_0,
+                                              NULL, 0)) > 0 ||
+                    GetLastError() != ERROR_NO_UNICODE_TRANSLATION)
+                    break;
+# endif
+                sz = MultiByteToWideChar((cp = CP_ACP), 0,
+                                         directory, len_0,
+                                         NULL, 0);
+            } while (0);
+
+            if (sz > 0) {
+                /*
+                 * allocate two additional characters in case we need to
+                 * concatenate asterisk, |sz| covers trailing '\0'!
+                 */
+                wdir = _alloca((sz + 2) * sizeof(TCHAR));
+                if (!MultiByteToWideChar(cp, 0, directory, len_0,
+                                         (WCHAR *)wdir, sz)) {
+                    free(*ctx);
+                    *ctx = NULL;
+                    errno = EINVAL;
+                    return 0;
+                }
+            } else
+#endif
+            {
+                sz = len_0;
+                /*
+                 * allocate two additional characters in case we need to
+                 * concatenate asterisk, |sz| covers trailing '\0'!
+                 */
+                wdir = _alloca((sz + 2) * sizeof(TCHAR));
+                for (index = 0; index < len_0; index++)
+                    wdir[index] = (TCHAR)directory[index];
+            }
+
+            sz--; /* wdir[sz] is trailing '\0' now */
+            if (wdir[sz - 1] != TEXT('*')) {
+                if (wdir[sz - 1] != TEXT('/') && wdir[sz - 1] != TEXT('\\'))
+                    _tcscpy(wdir + sz, TEXT("/*"));
+                else
+                    _tcscpy(wdir + sz, TEXT("*"));
+            }
+
+            (*ctx)->handle = FindFirstFile(wdir, &(*ctx)->ctx);
+        } else {
+            if (directory[dirlen - 1] != '*') {
+                char *buf = _alloca(dirlen + 3);
+
+                strcpy(buf, directory);
+                if (buf[dirlen - 1] != '/' && buf[dirlen - 1] != '\\')
+                    strcpy(buf + dirlen, "/*");
+                else
+                    strcpy(buf + dirlen, "*");
+
+                directory = buf;
+            }
+
+            (*ctx)->handle = FindFirstFile((TCHAR *)directory, &(*ctx)->ctx);
+        }
+
+        if ((*ctx)->handle == INVALID_HANDLE_VALUE) {
+            free(*ctx);
+            *ctx = NULL;
+            errno = EINVAL;
+            return 0;
+        }
+    } else {
+        if (FindNextFile((*ctx)->handle, &(*ctx)->ctx) == FALSE) {
+            return 0;
+        }
+    }
+    if (sizeof(TCHAR) != sizeof(char)) {
+        TCHAR *wdir = (*ctx)->ctx.cFileName;
+        size_t index, len_0 = 0;
+
+        while (wdir[len_0] && len_0 < (sizeof((*ctx)->entry_name) - 1))
+            len_0++;
+        len_0++;
+
+#ifdef LP_MULTIBYTE_AVAILABLE
+        if (!WideCharToMultiByte(CP_DEFAULT, 0, (WCHAR *)wdir, len_0,
+                                 (*ctx)->entry_name,
+                                 sizeof((*ctx)->entry_name), NULL, 0))
+#endif
+            for (index = 0; index < len_0; index++)
+                (*ctx)->entry_name[index] = (char)wdir[index];
+    } else
+        strncpy((*ctx)->entry_name, (const char *)(*ctx)->ctx.cFileName,
+                sizeof((*ctx)->entry_name) - 1);
+
+    (*ctx)->entry_name[sizeof((*ctx)->entry_name) - 1] = '\0';
+
+    return (*ctx)->entry_name;
+}
+
+int LP_find_file_end(LP_DIR_CTX **ctx)
+{
+    if (ctx != NULL && *ctx != NULL) {
+        FindClose((*ctx)->handle);
+        free(*ctx);
+        *ctx = NULL;
+        return 1;
+    }
+    errno = EINVAL;
+    return 0;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/LPdir_win32.c b/trunk/3rdparty/openssl-1.1-fit/crypto/LPdir_win32.c
new file mode 100644
index 000000000..edceb98d6
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/LPdir_win32.c
@@ -0,0 +1,41 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This file is dual-licensed and is also available under the following
+ * terms:
+ *
+ * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#define LP_SYS_WIN32
+#define LP_MULTIBYTE_AVAILABLE
+#include "LPdir_win.c"
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/LPdir_wince.c b/trunk/3rdparty/openssl-1.1-fit/crypto/LPdir_wince.c
new file mode 100644
index 000000000..a24e73829
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/LPdir_wince.c
@@ -0,0 +1,44 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This file is dual-licensed and is also available under the following
+ * terms:
+ *
+ * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#define LP_SYS_WINCE
+/*
+ * We might want to define LP_MULTIBYTE_AVAILABLE here.  It's currently under
+ * investigation what the exact conditions would be
+ */
+#include "LPdir_win.c"
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_cbc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_cbc.c
new file mode 100644
index 000000000..342841fc4
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_cbc.c
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/aes.h>
+#include <openssl/modes.h>
+
+void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                     size_t len, const AES_KEY *key,
+                     unsigned char *ivec, const int enc)
+{
+
+    if (enc)
+        CRYPTO_cbc128_encrypt(in, out, len, key, ivec,
+                              (block128_f) AES_encrypt);
+    else
+        CRYPTO_cbc128_decrypt(in, out, len, key, ivec,
+                              (block128_f) AES_decrypt);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_cfb.c b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_cfb.c
new file mode 100644
index 000000000..f010e3c4e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_cfb.c
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/aes.h>
+#include <openssl/modes.h>
+
+/*
+ * The input and output encrypted as though 128bit cfb mode is being used.
+ * The extra state information to record how much of the 128bit block we have
+ * used is contained in *num;
+ */
+
+void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t length, const AES_KEY *key,
+                        unsigned char *ivec, int *num, const int enc)
+{
+
+    CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc,
+                          (block128_f) AES_encrypt);
+}
+
+/* N.B. This expects the input to be packed, MS bit first */
+void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
+                      size_t length, const AES_KEY *key,
+                      unsigned char *ivec, int *num, const int enc)
+{
+    CRYPTO_cfb128_1_encrypt(in, out, length, key, ivec, num, enc,
+                            (block128_f) AES_encrypt);
+}
+
+void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
+                      size_t length, const AES_KEY *key,
+                      unsigned char *ivec, int *num, const int enc)
+{
+    CRYPTO_cfb128_8_encrypt(in, out, length, key, ivec, num, enc,
+                            (block128_f) AES_encrypt);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_core.c b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_core.c
new file mode 100644
index 000000000..f1f11fd8d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_core.c
@@ -0,0 +1,1367 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/**
+ * rijndael-alg-fst.c
+ *
+ * @version 3.0 (December 2000)
+ *
+ * Optimised ANSI C code for the Rijndael cipher (now AES)
+ *
+ * @author Vincent Rijmen
+ * @author Antoon Bosselaers
+ * @author Paulo Barreto
+ *
+ * This code is hereby placed in the public domain.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
+ * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+ * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* Note: rewritten a little bit to provide error control and an OpenSSL-
+   compatible API */
+
+#include <assert.h>
+
+#include <stdlib.h>
+#include <openssl/crypto.h>
+#include <openssl/aes.h>
+#include "aes_locl.h"
+
+#ifndef AES_ASM
+/*-
+Te0[x] = S [x].[02, 01, 01, 03];
+Te1[x] = S [x].[03, 02, 01, 01];
+Te2[x] = S [x].[01, 03, 02, 01];
+Te3[x] = S [x].[01, 01, 03, 02];
+
+Td0[x] = Si[x].[0e, 09, 0d, 0b];
+Td1[x] = Si[x].[0b, 0e, 09, 0d];
+Td2[x] = Si[x].[0d, 0b, 0e, 09];
+Td3[x] = Si[x].[09, 0d, 0b, 0e];
+Td4[x] = Si[x].[01];
+*/
+
+static const u32 Te0[256] = {
+    0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
+    0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
+    0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU,
+    0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU,
+    0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U,
+    0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU,
+    0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU,
+    0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU,
+    0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU,
+    0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU,
+    0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U,
+    0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU,
+    0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU,
+    0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U,
+    0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU,
+    0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU,
+    0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU,
+    0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU,
+    0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU,
+    0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U,
+    0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU,
+    0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU,
+    0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU,
+    0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU,
+    0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U,
+    0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U,
+    0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U,
+    0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U,
+    0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU,
+    0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U,
+    0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U,
+    0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU,
+    0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU,
+    0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U,
+    0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U,
+    0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U,
+    0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU,
+    0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U,
+    0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU,
+    0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U,
+    0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU,
+    0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U,
+    0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U,
+    0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU,
+    0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U,
+    0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U,
+    0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U,
+    0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U,
+    0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U,
+    0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U,
+    0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U,
+    0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U,
+    0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU,
+    0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U,
+    0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U,
+    0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U,
+    0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U,
+    0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U,
+    0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U,
+    0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU,
+    0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U,
+    0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U,
+    0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U,
+    0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU,
+};
+static const u32 Te1[256] = {
+    0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU,
+    0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U,
+    0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU,
+    0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U,
+    0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU,
+    0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U,
+    0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU,
+    0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U,
+    0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U,
+    0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU,
+    0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U,
+    0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U,
+    0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U,
+    0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU,
+    0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U,
+    0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U,
+    0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU,
+    0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U,
+    0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U,
+    0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U,
+    0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU,
+    0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU,
+    0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U,
+    0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU,
+    0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU,
+    0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U,
+    0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU,
+    0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U,
+    0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU,
+    0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U,
+    0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U,
+    0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U,
+    0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU,
+    0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U,
+    0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU,
+    0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U,
+    0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU,
+    0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U,
+    0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U,
+    0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU,
+    0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU,
+    0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU,
+    0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U,
+    0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U,
+    0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU,
+    0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U,
+    0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU,
+    0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U,
+    0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU,
+    0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U,
+    0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU,
+    0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU,
+    0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U,
+    0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU,
+    0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U,
+    0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU,
+    0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U,
+    0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U,
+    0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U,
+    0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU,
+    0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU,
+    0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U,
+    0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU,
+    0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U,
+};
+static const u32 Te2[256] = {
+    0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU,
+    0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U,
+    0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU,
+    0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U,
+    0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU,
+    0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U,
+    0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU,
+    0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U,
+    0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U,
+    0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU,
+    0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U,
+    0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U,
+    0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U,
+    0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU,
+    0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U,
+    0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U,
+    0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU,
+    0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U,
+    0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U,
+    0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U,
+    0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU,
+    0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU,
+    0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U,
+    0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU,
+    0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU,
+    0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U,
+    0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU,
+    0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U,
+    0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU,
+    0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U,
+    0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U,
+    0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U,
+    0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU,
+    0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U,
+    0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU,
+    0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U,
+    0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU,
+    0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U,
+    0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U,
+    0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU,
+    0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU,
+    0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU,
+    0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U,
+    0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U,
+    0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU,
+    0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U,
+    0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU,
+    0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U,
+    0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU,
+    0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U,
+    0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU,
+    0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU,
+    0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U,
+    0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU,
+    0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U,
+    0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU,
+    0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U,
+    0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U,
+    0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U,
+    0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU,
+    0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU,
+    0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U,
+    0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU,
+    0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U,
+};
+static const u32 Te3[256] = {
+    0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U,
+    0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U,
+    0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U,
+    0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU,
+    0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU,
+    0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU,
+    0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U,
+    0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU,
+    0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU,
+    0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U,
+    0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U,
+    0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU,
+    0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU,
+    0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU,
+    0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU,
+    0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU,
+    0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U,
+    0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU,
+    0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU,
+    0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U,
+    0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U,
+    0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U,
+    0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U,
+    0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U,
+    0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU,
+    0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U,
+    0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU,
+    0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU,
+    0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U,
+    0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U,
+    0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U,
+    0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU,
+    0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U,
+    0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU,
+    0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU,
+    0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U,
+    0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U,
+    0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU,
+    0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U,
+    0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU,
+    0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U,
+    0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U,
+    0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U,
+    0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U,
+    0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU,
+    0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U,
+    0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU,
+    0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U,
+    0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU,
+    0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U,
+    0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU,
+    0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU,
+    0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU,
+    0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU,
+    0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U,
+    0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U,
+    0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U,
+    0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U,
+    0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U,
+    0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U,
+    0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU,
+    0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U,
+    0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU,
+    0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU,
+};
+
+static const u32 Td0[256] = {
+    0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
+    0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
+    0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U,
+    0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU,
+    0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U,
+    0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U,
+    0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU,
+    0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U,
+    0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU,
+    0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U,
+    0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U,
+    0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U,
+    0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U,
+    0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU,
+    0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U,
+    0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU,
+    0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U,
+    0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU,
+    0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U,
+    0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U,
+    0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U,
+    0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU,
+    0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U,
+    0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU,
+    0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U,
+    0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU,
+    0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U,
+    0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU,
+    0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU,
+    0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U,
+    0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU,
+    0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U,
+    0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU,
+    0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U,
+    0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U,
+    0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U,
+    0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU,
+    0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U,
+    0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U,
+    0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU,
+    0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U,
+    0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U,
+    0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U,
+    0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U,
+    0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U,
+    0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU,
+    0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U,
+    0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U,
+    0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U,
+    0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U,
+    0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U,
+    0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU,
+    0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU,
+    0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU,
+    0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU,
+    0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U,
+    0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U,
+    0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU,
+    0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU,
+    0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U,
+    0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU,
+    0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U,
+    0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U,
+    0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U,
+};
+static const u32 Td1[256] = {
+    0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU,
+    0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U,
+    0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU,
+    0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U,
+    0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U,
+    0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U,
+    0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U,
+    0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U,
+    0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U,
+    0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU,
+    0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU,
+    0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU,
+    0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U,
+    0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU,
+    0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U,
+    0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U,
+    0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U,
+    0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU,
+    0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU,
+    0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U,
+    0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU,
+    0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U,
+    0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU,
+    0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU,
+    0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U,
+    0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U,
+    0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U,
+    0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU,
+    0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U,
+    0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU,
+    0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U,
+    0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U,
+    0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U,
+    0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU,
+    0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U,
+    0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U,
+    0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U,
+    0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U,
+    0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U,
+    0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U,
+    0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU,
+    0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU,
+    0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U,
+    0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU,
+    0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U,
+    0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU,
+    0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU,
+    0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U,
+    0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU,
+    0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U,
+    0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U,
+    0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U,
+    0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U,
+    0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U,
+    0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U,
+    0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U,
+    0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU,
+    0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U,
+    0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U,
+    0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU,
+    0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U,
+    0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U,
+    0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U,
+    0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U,
+};
+static const u32 Td2[256] = {
+    0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U,
+    0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U,
+    0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U,
+    0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U,
+    0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU,
+    0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U,
+    0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U,
+    0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U,
+    0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U,
+    0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU,
+    0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U,
+    0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U,
+    0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU,
+    0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U,
+    0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U,
+    0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U,
+    0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U,
+    0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U,
+    0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U,
+    0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU,
+    0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U,
+    0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U,
+    0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U,
+    0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U,
+    0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U,
+    0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU,
+    0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU,
+    0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U,
+    0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU,
+    0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U,
+    0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU,
+    0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU,
+    0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU,
+    0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU,
+    0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U,
+    0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U,
+    0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U,
+    0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U,
+    0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U,
+    0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U,
+    0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U,
+    0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU,
+    0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU,
+    0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U,
+    0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U,
+    0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU,
+    0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU,
+    0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U,
+    0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U,
+    0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U,
+    0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U,
+    0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U,
+    0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U,
+    0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U,
+    0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU,
+    0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U,
+    0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U,
+    0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U,
+    0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U,
+    0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U,
+    0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U,
+    0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU,
+    0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U,
+    0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U,
+};
+static const u32 Td3[256] = {
+    0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU,
+    0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU,
+    0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U,
+    0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U,
+    0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU,
+    0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU,
+    0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U,
+    0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU,
+    0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U,
+    0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU,
+    0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U,
+    0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U,
+    0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U,
+    0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U,
+    0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U,
+    0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU,
+    0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU,
+    0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U,
+    0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U,
+    0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU,
+    0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU,
+    0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U,
+    0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U,
+    0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U,
+    0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U,
+    0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU,
+    0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U,
+    0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U,
+    0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU,
+    0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU,
+    0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U,
+    0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U,
+    0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U,
+    0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU,
+    0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U,
+    0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U,
+    0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U,
+    0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U,
+    0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U,
+    0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U,
+    0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U,
+    0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU,
+    0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U,
+    0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U,
+    0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU,
+    0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU,
+    0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U,
+    0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU,
+    0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U,
+    0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U,
+    0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U,
+    0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U,
+    0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U,
+    0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U,
+    0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU,
+    0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU,
+    0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU,
+    0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU,
+    0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U,
+    0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U,
+    0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U,
+    0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU,
+    0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U,
+    0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U,
+};
+static const u8 Td4[256] = {
+    0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U,
+    0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU,
+    0x7cU, 0xe3U, 0x39U, 0x82U, 0x9bU, 0x2fU, 0xffU, 0x87U,
+    0x34U, 0x8eU, 0x43U, 0x44U, 0xc4U, 0xdeU, 0xe9U, 0xcbU,
+    0x54U, 0x7bU, 0x94U, 0x32U, 0xa6U, 0xc2U, 0x23U, 0x3dU,
+    0xeeU, 0x4cU, 0x95U, 0x0bU, 0x42U, 0xfaU, 0xc3U, 0x4eU,
+    0x08U, 0x2eU, 0xa1U, 0x66U, 0x28U, 0xd9U, 0x24U, 0xb2U,
+    0x76U, 0x5bU, 0xa2U, 0x49U, 0x6dU, 0x8bU, 0xd1U, 0x25U,
+    0x72U, 0xf8U, 0xf6U, 0x64U, 0x86U, 0x68U, 0x98U, 0x16U,
+    0xd4U, 0xa4U, 0x5cU, 0xccU, 0x5dU, 0x65U, 0xb6U, 0x92U,
+    0x6cU, 0x70U, 0x48U, 0x50U, 0xfdU, 0xedU, 0xb9U, 0xdaU,
+    0x5eU, 0x15U, 0x46U, 0x57U, 0xa7U, 0x8dU, 0x9dU, 0x84U,
+    0x90U, 0xd8U, 0xabU, 0x00U, 0x8cU, 0xbcU, 0xd3U, 0x0aU,
+    0xf7U, 0xe4U, 0x58U, 0x05U, 0xb8U, 0xb3U, 0x45U, 0x06U,
+    0xd0U, 0x2cU, 0x1eU, 0x8fU, 0xcaU, 0x3fU, 0x0fU, 0x02U,
+    0xc1U, 0xafU, 0xbdU, 0x03U, 0x01U, 0x13U, 0x8aU, 0x6bU,
+    0x3aU, 0x91U, 0x11U, 0x41U, 0x4fU, 0x67U, 0xdcU, 0xeaU,
+    0x97U, 0xf2U, 0xcfU, 0xceU, 0xf0U, 0xb4U, 0xe6U, 0x73U,
+    0x96U, 0xacU, 0x74U, 0x22U, 0xe7U, 0xadU, 0x35U, 0x85U,
+    0xe2U, 0xf9U, 0x37U, 0xe8U, 0x1cU, 0x75U, 0xdfU, 0x6eU,
+    0x47U, 0xf1U, 0x1aU, 0x71U, 0x1dU, 0x29U, 0xc5U, 0x89U,
+    0x6fU, 0xb7U, 0x62U, 0x0eU, 0xaaU, 0x18U, 0xbeU, 0x1bU,
+    0xfcU, 0x56U, 0x3eU, 0x4bU, 0xc6U, 0xd2U, 0x79U, 0x20U,
+    0x9aU, 0xdbU, 0xc0U, 0xfeU, 0x78U, 0xcdU, 0x5aU, 0xf4U,
+    0x1fU, 0xddU, 0xa8U, 0x33U, 0x88U, 0x07U, 0xc7U, 0x31U,
+    0xb1U, 0x12U, 0x10U, 0x59U, 0x27U, 0x80U, 0xecU, 0x5fU,
+    0x60U, 0x51U, 0x7fU, 0xa9U, 0x19U, 0xb5U, 0x4aU, 0x0dU,
+    0x2dU, 0xe5U, 0x7aU, 0x9fU, 0x93U, 0xc9U, 0x9cU, 0xefU,
+    0xa0U, 0xe0U, 0x3bU, 0x4dU, 0xaeU, 0x2aU, 0xf5U, 0xb0U,
+    0xc8U, 0xebU, 0xbbU, 0x3cU, 0x83U, 0x53U, 0x99U, 0x61U,
+    0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U,
+    0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU,
+};
+static const u32 rcon[] = {
+    0x01000000, 0x02000000, 0x04000000, 0x08000000,
+    0x10000000, 0x20000000, 0x40000000, 0x80000000,
+    0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
+};
+
+/**
+ * Expand the cipher key into the encryption key schedule.
+ */
+int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+                        AES_KEY *key)
+{
+
+    u32 *rk;
+    int i = 0;
+    u32 temp;
+
+    if (!userKey || !key)
+        return -1;
+    if (bits != 128 && bits != 192 && bits != 256)
+        return -2;
+
+    rk = key->rd_key;
+
+    if (bits == 128)
+        key->rounds = 10;
+    else if (bits == 192)
+        key->rounds = 12;
+    else
+        key->rounds = 14;
+
+    rk[0] = GETU32(userKey     );
+    rk[1] = GETU32(userKey +  4);
+    rk[2] = GETU32(userKey +  8);
+    rk[3] = GETU32(userKey + 12);
+    if (bits == 128) {
+        while (1) {
+            temp  = rk[3];
+            rk[4] = rk[0] ^
+                (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
+                (Te3[(temp >>  8) & 0xff] & 0x00ff0000) ^
+                (Te0[(temp      ) & 0xff] & 0x0000ff00) ^
+                (Te1[(temp >> 24)       ] & 0x000000ff) ^
+                rcon[i];
+            rk[5] = rk[1] ^ rk[4];
+            rk[6] = rk[2] ^ rk[5];
+            rk[7] = rk[3] ^ rk[6];
+            if (++i == 10) {
+                return 0;
+            }
+            rk += 4;
+        }
+    }
+    rk[4] = GETU32(userKey + 16);
+    rk[5] = GETU32(userKey + 20);
+    if (bits == 192) {
+        while (1) {
+            temp = rk[ 5];
+            rk[ 6] = rk[ 0] ^
+                (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
+                (Te3[(temp >>  8) & 0xff] & 0x00ff0000) ^
+                (Te0[(temp      ) & 0xff] & 0x0000ff00) ^
+                (Te1[(temp >> 24)       ] & 0x000000ff) ^
+                rcon[i];
+            rk[ 7] = rk[ 1] ^ rk[ 6];
+            rk[ 8] = rk[ 2] ^ rk[ 7];
+            rk[ 9] = rk[ 3] ^ rk[ 8];
+            if (++i == 8) {
+                return 0;
+            }
+            rk[10] = rk[ 4] ^ rk[ 9];
+            rk[11] = rk[ 5] ^ rk[10];
+            rk += 6;
+        }
+    }
+    rk[6] = GETU32(userKey + 24);
+    rk[7] = GETU32(userKey + 28);
+    if (bits == 256) {
+        while (1) {
+            temp = rk[ 7];
+            rk[ 8] = rk[ 0] ^
+                (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
+                (Te3[(temp >>  8) & 0xff] & 0x00ff0000) ^
+                (Te0[(temp      ) & 0xff] & 0x0000ff00) ^
+                (Te1[(temp >> 24)       ] & 0x000000ff) ^
+                rcon[i];
+            rk[ 9] = rk[ 1] ^ rk[ 8];
+            rk[10] = rk[ 2] ^ rk[ 9];
+            rk[11] = rk[ 3] ^ rk[10];
+            if (++i == 7) {
+                return 0;
+            }
+            temp = rk[11];
+            rk[12] = rk[ 4] ^
+                (Te2[(temp >> 24)       ] & 0xff000000) ^
+                (Te3[(temp >> 16) & 0xff] & 0x00ff0000) ^
+                (Te0[(temp >>  8) & 0xff] & 0x0000ff00) ^
+                (Te1[(temp      ) & 0xff] & 0x000000ff);
+            rk[13] = rk[ 5] ^ rk[12];
+            rk[14] = rk[ 6] ^ rk[13];
+            rk[15] = rk[ 7] ^ rk[14];
+
+            rk += 8;
+            }
+    }
+    return 0;
+}
+
+/**
+ * Expand the cipher key into the decryption key schedule.
+ */
+int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+                        AES_KEY *key)
+{
+
+    u32 *rk;
+    int i, j, status;
+    u32 temp;
+
+    /* first, start with an encryption schedule */
+    status = AES_set_encrypt_key(userKey, bits, key);
+    if (status < 0)
+        return status;
+
+    rk = key->rd_key;
+
+    /* invert the order of the round keys: */
+    for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) {
+        temp = rk[i    ]; rk[i    ] = rk[j    ]; rk[j    ] = temp;
+        temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
+        temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
+        temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
+    }
+    /* apply the inverse MixColumn transform to all round keys but the first and the last: */
+    for (i = 1; i < (key->rounds); i++) {
+        rk += 4;
+        rk[0] =
+            Td0[Te1[(rk[0] >> 24)       ] & 0xff] ^
+            Td1[Te1[(rk[0] >> 16) & 0xff] & 0xff] ^
+            Td2[Te1[(rk[0] >>  8) & 0xff] & 0xff] ^
+            Td3[Te1[(rk[0]      ) & 0xff] & 0xff];
+        rk[1] =
+            Td0[Te1[(rk[1] >> 24)       ] & 0xff] ^
+            Td1[Te1[(rk[1] >> 16) & 0xff] & 0xff] ^
+            Td2[Te1[(rk[1] >>  8) & 0xff] & 0xff] ^
+            Td3[Te1[(rk[1]      ) & 0xff] & 0xff];
+        rk[2] =
+            Td0[Te1[(rk[2] >> 24)       ] & 0xff] ^
+            Td1[Te1[(rk[2] >> 16) & 0xff] & 0xff] ^
+            Td2[Te1[(rk[2] >>  8) & 0xff] & 0xff] ^
+            Td3[Te1[(rk[2]      ) & 0xff] & 0xff];
+        rk[3] =
+            Td0[Te1[(rk[3] >> 24)       ] & 0xff] ^
+            Td1[Te1[(rk[3] >> 16) & 0xff] & 0xff] ^
+            Td2[Te1[(rk[3] >>  8) & 0xff] & 0xff] ^
+            Td3[Te1[(rk[3]      ) & 0xff] & 0xff];
+    }
+    return 0;
+}
+
+/*
+ * Encrypt a single block
+ * in and out can overlap
+ */
+void AES_encrypt(const unsigned char *in, unsigned char *out,
+                 const AES_KEY *key) {
+
+    const u32 *rk;
+    u32 s0, s1, s2, s3, t0, t1, t2, t3;
+#ifndef FULL_UNROLL
+    int r;
+#endif /* ?FULL_UNROLL */
+
+    assert(in && out && key);
+    rk = key->rd_key;
+
+    /*
+     * map byte array block to cipher state
+     * and add initial round key:
+     */
+    s0 = GETU32(in     ) ^ rk[0];
+    s1 = GETU32(in +  4) ^ rk[1];
+    s2 = GETU32(in +  8) ^ rk[2];
+    s3 = GETU32(in + 12) ^ rk[3];
+#ifdef FULL_UNROLL
+    /* round 1: */
+    t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4];
+    t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5];
+    t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6];
+    t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7];
+    /* round 2: */
+    s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8];
+    s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9];
+    s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10];
+    s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11];
+    /* round 3: */
+    t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12];
+    t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13];
+    t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14];
+    t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15];
+    /* round 4: */
+    s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16];
+    s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17];
+    s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18];
+    s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19];
+    /* round 5: */
+    t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20];
+    t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21];
+    t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22];
+    t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23];
+    /* round 6: */
+    s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24];
+    s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25];
+    s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26];
+    s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27];
+    /* round 7: */
+    t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28];
+    t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29];
+    t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30];
+    t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31];
+    /* round 8: */
+    s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32];
+    s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33];
+    s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34];
+    s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35];
+    /* round 9: */
+    t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36];
+    t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37];
+    t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38];
+    t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39];
+    if (key->rounds > 10) {
+        /* round 10: */
+        s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40];
+        s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[41];
+        s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[42];
+        s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[43];
+        /* round 11: */
+        t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[44];
+        t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[45];
+        t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[46];
+        t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[47];
+        if (key->rounds > 12) {
+            /* round 12: */
+            s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[48];
+            s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[49];
+            s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[50];
+            s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[51];
+            /* round 13: */
+            t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[52];
+            t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[53];
+            t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[54];
+            t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[55];
+        }
+    }
+    rk += key->rounds << 2;
+#else  /* !FULL_UNROLL */
+    /*
+     * Nr - 1 full rounds:
+     */
+    r = key->rounds >> 1;
+    for (;;) {
+        t0 =
+            Te0[(s0 >> 24)       ] ^
+            Te1[(s1 >> 16) & 0xff] ^
+            Te2[(s2 >>  8) & 0xff] ^
+            Te3[(s3      ) & 0xff] ^
+            rk[4];
+        t1 =
+            Te0[(s1 >> 24)       ] ^
+            Te1[(s2 >> 16) & 0xff] ^
+            Te2[(s3 >>  8) & 0xff] ^
+            Te3[(s0      ) & 0xff] ^
+            rk[5];
+        t2 =
+            Te0[(s2 >> 24)       ] ^
+            Te1[(s3 >> 16) & 0xff] ^
+            Te2[(s0 >>  8) & 0xff] ^
+            Te3[(s1      ) & 0xff] ^
+            rk[6];
+        t3 =
+            Te0[(s3 >> 24)       ] ^
+            Te1[(s0 >> 16) & 0xff] ^
+            Te2[(s1 >>  8) & 0xff] ^
+            Te3[(s2      ) & 0xff] ^
+            rk[7];
+
+        rk += 8;
+        if (--r == 0) {
+            break;
+        }
+
+        s0 =
+            Te0[(t0 >> 24)       ] ^
+            Te1[(t1 >> 16) & 0xff] ^
+            Te2[(t2 >>  8) & 0xff] ^
+            Te3[(t3      ) & 0xff] ^
+            rk[0];
+        s1 =
+            Te0[(t1 >> 24)       ] ^
+            Te1[(t2 >> 16) & 0xff] ^
+            Te2[(t3 >>  8) & 0xff] ^
+            Te3[(t0      ) & 0xff] ^
+            rk[1];
+        s2 =
+            Te0[(t2 >> 24)       ] ^
+            Te1[(t3 >> 16) & 0xff] ^
+            Te2[(t0 >>  8) & 0xff] ^
+            Te3[(t1      ) & 0xff] ^
+            rk[2];
+        s3 =
+            Te0[(t3 >> 24)       ] ^
+            Te1[(t0 >> 16) & 0xff] ^
+            Te2[(t1 >>  8) & 0xff] ^
+            Te3[(t2      ) & 0xff] ^
+            rk[3];
+    }
+#endif /* ?FULL_UNROLL */
+    /*
+     * apply last round and
+     * map cipher state to byte array block:
+     */
+    s0 =
+        (Te2[(t0 >> 24)       ] & 0xff000000) ^
+        (Te3[(t1 >> 16) & 0xff] & 0x00ff0000) ^
+        (Te0[(t2 >>  8) & 0xff] & 0x0000ff00) ^
+        (Te1[(t3      ) & 0xff] & 0x000000ff) ^
+        rk[0];
+    PUTU32(out     , s0);
+    s1 =
+        (Te2[(t1 >> 24)       ] & 0xff000000) ^
+        (Te3[(t2 >> 16) & 0xff] & 0x00ff0000) ^
+        (Te0[(t3 >>  8) & 0xff] & 0x0000ff00) ^
+        (Te1[(t0      ) & 0xff] & 0x000000ff) ^
+        rk[1];
+    PUTU32(out +  4, s1);
+    s2 =
+        (Te2[(t2 >> 24)       ] & 0xff000000) ^
+        (Te3[(t3 >> 16) & 0xff] & 0x00ff0000) ^
+        (Te0[(t0 >>  8) & 0xff] & 0x0000ff00) ^
+        (Te1[(t1      ) & 0xff] & 0x000000ff) ^
+        rk[2];
+    PUTU32(out +  8, s2);
+    s3 =
+        (Te2[(t3 >> 24)       ] & 0xff000000) ^
+        (Te3[(t0 >> 16) & 0xff] & 0x00ff0000) ^
+        (Te0[(t1 >>  8) & 0xff] & 0x0000ff00) ^
+        (Te1[(t2      ) & 0xff] & 0x000000ff) ^
+        rk[3];
+    PUTU32(out + 12, s3);
+}
+
+/*
+ * Decrypt a single block
+ * in and out can overlap
+ */
+void AES_decrypt(const unsigned char *in, unsigned char *out,
+                 const AES_KEY *key)
+{
+
+    const u32 *rk;
+    u32 s0, s1, s2, s3, t0, t1, t2, t3;
+#ifndef FULL_UNROLL
+    int r;
+#endif /* ?FULL_UNROLL */
+
+    assert(in && out && key);
+    rk = key->rd_key;
+
+    /*
+     * map byte array block to cipher state
+     * and add initial round key:
+     */
+    s0 = GETU32(in     ) ^ rk[0];
+    s1 = GETU32(in +  4) ^ rk[1];
+    s2 = GETU32(in +  8) ^ rk[2];
+    s3 = GETU32(in + 12) ^ rk[3];
+#ifdef FULL_UNROLL
+    /* round 1: */
+    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[ 4];
+    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[ 5];
+    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[ 6];
+    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[ 7];
+    /* round 2: */
+    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[ 8];
+    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[ 9];
+    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[10];
+    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[11];
+    /* round 3: */
+    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[12];
+    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[13];
+    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[14];
+    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[15];
+    /* round 4: */
+    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[16];
+    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[17];
+    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[18];
+    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[19];
+    /* round 5: */
+    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[20];
+    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[21];
+    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[22];
+    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[23];
+    /* round 6: */
+    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[24];
+    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[25];
+    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[26];
+    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[27];
+    /* round 7: */
+    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[28];
+    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[29];
+    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[30];
+    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[31];
+    /* round 8: */
+    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[32];
+    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[33];
+    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[34];
+    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[35];
+    /* round 9: */
+    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[36];
+    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[37];
+    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[38];
+    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[39];
+    if (key->rounds > 10) {
+        /* round 10: */
+        s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[40];
+        s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[41];
+        s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[42];
+        s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[43];
+        /* round 11: */
+        t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[44];
+        t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[45];
+        t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[46];
+        t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[47];
+        if (key->rounds > 12) {
+            /* round 12: */
+            s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[48];
+            s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[49];
+            s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[50];
+            s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[51];
+            /* round 13: */
+            t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[52];
+            t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[53];
+            t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[54];
+            t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55];
+        }
+    }
+    rk += key->rounds << 2;
+#else  /* !FULL_UNROLL */
+    /*
+     * Nr - 1 full rounds:
+     */
+    r = key->rounds >> 1;
+    for (;;) {
+        t0 =
+            Td0[(s0 >> 24)       ] ^
+            Td1[(s3 >> 16) & 0xff] ^
+            Td2[(s2 >>  8) & 0xff] ^
+            Td3[(s1      ) & 0xff] ^
+            rk[4];
+        t1 =
+            Td0[(s1 >> 24)       ] ^
+            Td1[(s0 >> 16) & 0xff] ^
+            Td2[(s3 >>  8) & 0xff] ^
+            Td3[(s2      ) & 0xff] ^
+            rk[5];
+        t2 =
+            Td0[(s2 >> 24)       ] ^
+            Td1[(s1 >> 16) & 0xff] ^
+            Td2[(s0 >>  8) & 0xff] ^
+            Td3[(s3      ) & 0xff] ^
+            rk[6];
+        t3 =
+            Td0[(s3 >> 24)       ] ^
+            Td1[(s2 >> 16) & 0xff] ^
+            Td2[(s1 >>  8) & 0xff] ^
+            Td3[(s0      ) & 0xff] ^
+            rk[7];
+
+        rk += 8;
+        if (--r == 0) {
+            break;
+        }
+
+        s0 =
+            Td0[(t0 >> 24)       ] ^
+            Td1[(t3 >> 16) & 0xff] ^
+            Td2[(t2 >>  8) & 0xff] ^
+            Td3[(t1      ) & 0xff] ^
+            rk[0];
+        s1 =
+            Td0[(t1 >> 24)       ] ^
+            Td1[(t0 >> 16) & 0xff] ^
+            Td2[(t3 >>  8) & 0xff] ^
+            Td3[(t2      ) & 0xff] ^
+            rk[1];
+        s2 =
+            Td0[(t2 >> 24)       ] ^
+            Td1[(t1 >> 16) & 0xff] ^
+            Td2[(t0 >>  8) & 0xff] ^
+            Td3[(t3      ) & 0xff] ^
+            rk[2];
+        s3 =
+            Td0[(t3 >> 24)       ] ^
+            Td1[(t2 >> 16) & 0xff] ^
+            Td2[(t1 >>  8) & 0xff] ^
+            Td3[(t0      ) & 0xff] ^
+            rk[3];
+    }
+#endif /* ?FULL_UNROLL */
+    /*
+     * apply last round and
+     * map cipher state to byte array block:
+     */
+    s0 =
+        ((u32)Td4[(t0 >> 24)       ] << 24) ^
+        ((u32)Td4[(t3 >> 16) & 0xff] << 16) ^
+        ((u32)Td4[(t2 >>  8) & 0xff] <<  8) ^
+        ((u32)Td4[(t1      ) & 0xff])       ^
+        rk[0];
+    PUTU32(out     , s0);
+    s1 =
+        ((u32)Td4[(t1 >> 24)       ] << 24) ^
+        ((u32)Td4[(t0 >> 16) & 0xff] << 16) ^
+        ((u32)Td4[(t3 >>  8) & 0xff] <<  8) ^
+        ((u32)Td4[(t2      ) & 0xff])       ^
+        rk[1];
+    PUTU32(out +  4, s1);
+    s2 =
+        ((u32)Td4[(t2 >> 24)       ] << 24) ^
+        ((u32)Td4[(t1 >> 16) & 0xff] << 16) ^
+        ((u32)Td4[(t0 >>  8) & 0xff] <<  8) ^
+        ((u32)Td4[(t3      ) & 0xff])       ^
+        rk[2];
+    PUTU32(out +  8, s2);
+    s3 =
+        ((u32)Td4[(t3 >> 24)       ] << 24) ^
+        ((u32)Td4[(t2 >> 16) & 0xff] << 16) ^
+        ((u32)Td4[(t1 >>  8) & 0xff] <<  8) ^
+        ((u32)Td4[(t0      ) & 0xff])       ^
+        rk[3];
+    PUTU32(out + 12, s3);
+}
+
+#else /* AES_ASM */
+
+static const u8 Te4[256] = {
+    0x63U, 0x7cU, 0x77U, 0x7bU, 0xf2U, 0x6bU, 0x6fU, 0xc5U,
+    0x30U, 0x01U, 0x67U, 0x2bU, 0xfeU, 0xd7U, 0xabU, 0x76U,
+    0xcaU, 0x82U, 0xc9U, 0x7dU, 0xfaU, 0x59U, 0x47U, 0xf0U,
+    0xadU, 0xd4U, 0xa2U, 0xafU, 0x9cU, 0xa4U, 0x72U, 0xc0U,
+    0xb7U, 0xfdU, 0x93U, 0x26U, 0x36U, 0x3fU, 0xf7U, 0xccU,
+    0x34U, 0xa5U, 0xe5U, 0xf1U, 0x71U, 0xd8U, 0x31U, 0x15U,
+    0x04U, 0xc7U, 0x23U, 0xc3U, 0x18U, 0x96U, 0x05U, 0x9aU,
+    0x07U, 0x12U, 0x80U, 0xe2U, 0xebU, 0x27U, 0xb2U, 0x75U,
+    0x09U, 0x83U, 0x2cU, 0x1aU, 0x1bU, 0x6eU, 0x5aU, 0xa0U,
+    0x52U, 0x3bU, 0xd6U, 0xb3U, 0x29U, 0xe3U, 0x2fU, 0x84U,
+    0x53U, 0xd1U, 0x00U, 0xedU, 0x20U, 0xfcU, 0xb1U, 0x5bU,
+    0x6aU, 0xcbU, 0xbeU, 0x39U, 0x4aU, 0x4cU, 0x58U, 0xcfU,
+    0xd0U, 0xefU, 0xaaU, 0xfbU, 0x43U, 0x4dU, 0x33U, 0x85U,
+    0x45U, 0xf9U, 0x02U, 0x7fU, 0x50U, 0x3cU, 0x9fU, 0xa8U,
+    0x51U, 0xa3U, 0x40U, 0x8fU, 0x92U, 0x9dU, 0x38U, 0xf5U,
+    0xbcU, 0xb6U, 0xdaU, 0x21U, 0x10U, 0xffU, 0xf3U, 0xd2U,
+    0xcdU, 0x0cU, 0x13U, 0xecU, 0x5fU, 0x97U, 0x44U, 0x17U,
+    0xc4U, 0xa7U, 0x7eU, 0x3dU, 0x64U, 0x5dU, 0x19U, 0x73U,
+    0x60U, 0x81U, 0x4fU, 0xdcU, 0x22U, 0x2aU, 0x90U, 0x88U,
+    0x46U, 0xeeU, 0xb8U, 0x14U, 0xdeU, 0x5eU, 0x0bU, 0xdbU,
+    0xe0U, 0x32U, 0x3aU, 0x0aU, 0x49U, 0x06U, 0x24U, 0x5cU,
+    0xc2U, 0xd3U, 0xacU, 0x62U, 0x91U, 0x95U, 0xe4U, 0x79U,
+    0xe7U, 0xc8U, 0x37U, 0x6dU, 0x8dU, 0xd5U, 0x4eU, 0xa9U,
+    0x6cU, 0x56U, 0xf4U, 0xeaU, 0x65U, 0x7aU, 0xaeU, 0x08U,
+    0xbaU, 0x78U, 0x25U, 0x2eU, 0x1cU, 0xa6U, 0xb4U, 0xc6U,
+    0xe8U, 0xddU, 0x74U, 0x1fU, 0x4bU, 0xbdU, 0x8bU, 0x8aU,
+    0x70U, 0x3eU, 0xb5U, 0x66U, 0x48U, 0x03U, 0xf6U, 0x0eU,
+    0x61U, 0x35U, 0x57U, 0xb9U, 0x86U, 0xc1U, 0x1dU, 0x9eU,
+    0xe1U, 0xf8U, 0x98U, 0x11U, 0x69U, 0xd9U, 0x8eU, 0x94U,
+    0x9bU, 0x1eU, 0x87U, 0xe9U, 0xceU, 0x55U, 0x28U, 0xdfU,
+    0x8cU, 0xa1U, 0x89U, 0x0dU, 0xbfU, 0xe6U, 0x42U, 0x68U,
+    0x41U, 0x99U, 0x2dU, 0x0fU, 0xb0U, 0x54U, 0xbbU, 0x16U
+};
+static const u32 rcon[] = {
+    0x01000000, 0x02000000, 0x04000000, 0x08000000,
+    0x10000000, 0x20000000, 0x40000000, 0x80000000,
+    0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
+};
+
+/**
+ * Expand the cipher key into the encryption key schedule.
+ */
+int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+                        AES_KEY *key)
+{
+    u32 *rk;
+    int i = 0;
+    u32 temp;
+
+    if (!userKey || !key)
+        return -1;
+    if (bits != 128 && bits != 192 && bits != 256)
+        return -2;
+
+    rk = key->rd_key;
+
+    if (bits == 128)
+        key->rounds = 10;
+    else if (bits == 192)
+        key->rounds = 12;
+    else
+        key->rounds = 14;
+
+    rk[0] = GETU32(userKey     );
+    rk[1] = GETU32(userKey +  4);
+    rk[2] = GETU32(userKey +  8);
+    rk[3] = GETU32(userKey + 12);
+    if (bits == 128) {
+        while (1) {
+            temp  = rk[3];
+            rk[4] = rk[0] ^
+                ((u32)Te4[(temp >> 16) & 0xff] << 24) ^
+                ((u32)Te4[(temp >>  8) & 0xff] << 16) ^
+                ((u32)Te4[(temp      ) & 0xff] << 8) ^
+                ((u32)Te4[(temp >> 24)       ]) ^
+                rcon[i];
+            rk[5] = rk[1] ^ rk[4];
+            rk[6] = rk[2] ^ rk[5];
+            rk[7] = rk[3] ^ rk[6];
+            if (++i == 10) {
+                return 0;
+            }
+            rk += 4;
+        }
+    }
+    rk[4] = GETU32(userKey + 16);
+    rk[5] = GETU32(userKey + 20);
+    if (bits == 192) {
+        while (1) {
+            temp = rk[ 5];
+            rk[ 6] = rk[ 0] ^
+                ((u32)Te4[(temp >> 16) & 0xff] << 24) ^
+                ((u32)Te4[(temp >>  8) & 0xff] << 16) ^
+                ((u32)Te4[(temp      ) & 0xff] << 8) ^
+                ((u32)Te4[(temp >> 24)       ]) ^
+                rcon[i];
+            rk[ 7] = rk[ 1] ^ rk[ 6];
+            rk[ 8] = rk[ 2] ^ rk[ 7];
+            rk[ 9] = rk[ 3] ^ rk[ 8];
+            if (++i == 8) {
+                return 0;
+            }
+            rk[10] = rk[ 4] ^ rk[ 9];
+            rk[11] = rk[ 5] ^ rk[10];
+            rk += 6;
+        }
+    }
+    rk[6] = GETU32(userKey + 24);
+    rk[7] = GETU32(userKey + 28);
+    if (bits == 256) {
+        while (1) {
+            temp = rk[ 7];
+            rk[ 8] = rk[ 0] ^
+                ((u32)Te4[(temp >> 16) & 0xff] << 24) ^
+                ((u32)Te4[(temp >>  8) & 0xff] << 16) ^
+                ((u32)Te4[(temp      ) & 0xff] << 8) ^
+                ((u32)Te4[(temp >> 24)       ]) ^
+                rcon[i];
+            rk[ 9] = rk[ 1] ^ rk[ 8];
+            rk[10] = rk[ 2] ^ rk[ 9];
+            rk[11] = rk[ 3] ^ rk[10];
+            if (++i == 7) {
+                return 0;
+            }
+            temp = rk[11];
+            rk[12] = rk[ 4] ^
+                ((u32)Te4[(temp >> 24)       ] << 24) ^
+                ((u32)Te4[(temp >> 16) & 0xff] << 16) ^
+                ((u32)Te4[(temp >>  8) & 0xff] << 8) ^
+                ((u32)Te4[(temp      ) & 0xff]);
+            rk[13] = rk[ 5] ^ rk[12];
+            rk[14] = rk[ 6] ^ rk[13];
+            rk[15] = rk[ 7] ^ rk[14];
+
+            rk += 8;
+        }
+    }
+    return 0;
+}
+
+/**
+ * Expand the cipher key into the decryption key schedule.
+ */
+int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+                        AES_KEY *key)
+{
+
+    u32 *rk;
+    int i, j, status;
+    u32 temp;
+
+    /* first, start with an encryption schedule */
+    status = AES_set_encrypt_key(userKey, bits, key);
+    if (status < 0)
+        return status;
+
+    rk = key->rd_key;
+
+    /* invert the order of the round keys: */
+    for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) {
+        temp = rk[i    ]; rk[i    ] = rk[j    ]; rk[j    ] = temp;
+        temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
+        temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
+        temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
+    }
+    /* apply the inverse MixColumn transform to all round keys but the first and the last: */
+    for (i = 1; i < (key->rounds); i++) {
+        rk += 4;
+        for (j = 0; j < 4; j++) {
+            u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m;
+
+            tp1 = rk[j];
+            m = tp1 & 0x80808080;
+            tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^
+                ((m - (m >> 7)) & 0x1b1b1b1b);
+            m = tp2 & 0x80808080;
+            tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^
+                ((m - (m >> 7)) & 0x1b1b1b1b);
+            m = tp4 & 0x80808080;
+            tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^
+                ((m - (m >> 7)) & 0x1b1b1b1b);
+            tp9 = tp8 ^ tp1;
+            tpb = tp9 ^ tp2;
+            tpd = tp9 ^ tp4;
+            tpe = tp8 ^ tp4 ^ tp2;
+#if defined(ROTATE)
+            rk[j] = tpe ^ ROTATE(tpd,16) ^
+                ROTATE(tp9,24) ^ ROTATE(tpb,8);
+#else
+            rk[j] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^
+                (tp9 >> 8) ^ (tp9 << 24) ^
+                (tpb >> 24) ^ (tpb << 8);
+#endif
+        }
+    }
+    return 0;
+}
+
+#endif /* AES_ASM */
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_ecb.c b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_ecb.c
new file mode 100644
index 000000000..29bfc1ad6
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_ecb.c
@@ -0,0 +1,26 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <assert.h>
+
+#include <openssl/aes.h>
+#include "aes_locl.h"
+
+void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                     const AES_KEY *key, const int enc)
+{
+
+    assert(in && out && key);
+    assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc));
+
+    if (AES_ENCRYPT == enc)
+        AES_encrypt(in, out, key);
+    else
+        AES_decrypt(in, out, key);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_ige.c b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_ige.c
new file mode 100644
index 000000000..75f796cf3
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_ige.c
@@ -0,0 +1,284 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+
+#include <openssl/aes.h>
+#include "aes_locl.h"
+
+#define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long))
+typedef struct {
+    unsigned long data[N_WORDS];
+} aes_block_t;
+
+/* XXX: probably some better way to do this */
+#if defined(__i386__) || defined(__x86_64__)
+# define UNALIGNED_MEMOPS_ARE_FAST 1
+#else
+# define UNALIGNED_MEMOPS_ARE_FAST 0
+#endif
+
+#if UNALIGNED_MEMOPS_ARE_FAST
+# define load_block(d, s)        (d) = *(const aes_block_t *)(s)
+# define store_block(d, s)       *(aes_block_t *)(d) = (s)
+#else
+# define load_block(d, s)        memcpy((d).data, (s), AES_BLOCK_SIZE)
+# define store_block(d, s)       memcpy((d), (s).data, AES_BLOCK_SIZE)
+#endif
+
+/* N.B. The IV for this mode is _twice_ the block size */
+
+void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
+                     size_t length, const AES_KEY *key,
+                     unsigned char *ivec, const int enc)
+{
+    size_t n;
+    size_t len = length;
+
+    if (length == 0)
+        return;
+
+    OPENSSL_assert(in && out && key && ivec);
+    OPENSSL_assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc));
+    OPENSSL_assert((length % AES_BLOCK_SIZE) == 0);
+
+    len = length / AES_BLOCK_SIZE;
+
+    if (AES_ENCRYPT == enc) {
+        if (in != out &&
+            (UNALIGNED_MEMOPS_ARE_FAST
+             || ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(long) ==
+             0)) {
+            aes_block_t *ivp = (aes_block_t *) ivec;
+            aes_block_t *iv2p = (aes_block_t *) (ivec + AES_BLOCK_SIZE);
+
+            while (len) {
+                aes_block_t *inp = (aes_block_t *) in;
+                aes_block_t *outp = (aes_block_t *) out;
+
+                for (n = 0; n < N_WORDS; ++n)
+                    outp->data[n] = inp->data[n] ^ ivp->data[n];
+                AES_encrypt((unsigned char *)outp->data,
+                            (unsigned char *)outp->data, key);
+                for (n = 0; n < N_WORDS; ++n)
+                    outp->data[n] ^= iv2p->data[n];
+                ivp = outp;
+                iv2p = inp;
+                --len;
+                in += AES_BLOCK_SIZE;
+                out += AES_BLOCK_SIZE;
+            }
+            memcpy(ivec, ivp->data, AES_BLOCK_SIZE);
+            memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE);
+        } else {
+            aes_block_t tmp, tmp2;
+            aes_block_t iv;
+            aes_block_t iv2;
+
+            load_block(iv, ivec);
+            load_block(iv2, ivec + AES_BLOCK_SIZE);
+
+            while (len) {
+                load_block(tmp, in);
+                for (n = 0; n < N_WORDS; ++n)
+                    tmp2.data[n] = tmp.data[n] ^ iv.data[n];
+                AES_encrypt((unsigned char *)tmp2.data,
+                            (unsigned char *)tmp2.data, key);
+                for (n = 0; n < N_WORDS; ++n)
+                    tmp2.data[n] ^= iv2.data[n];
+                store_block(out, tmp2);
+                iv = tmp2;
+                iv2 = tmp;
+                --len;
+                in += AES_BLOCK_SIZE;
+                out += AES_BLOCK_SIZE;
+            }
+            memcpy(ivec, iv.data, AES_BLOCK_SIZE);
+            memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE);
+        }
+    } else {
+        if (in != out &&
+            (UNALIGNED_MEMOPS_ARE_FAST
+             || ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(long) ==
+             0)) {
+            aes_block_t *ivp = (aes_block_t *) ivec;
+            aes_block_t *iv2p = (aes_block_t *) (ivec + AES_BLOCK_SIZE);
+
+            while (len) {
+                aes_block_t tmp;
+                aes_block_t *inp = (aes_block_t *) in;
+                aes_block_t *outp = (aes_block_t *) out;
+
+                for (n = 0; n < N_WORDS; ++n)
+                    tmp.data[n] = inp->data[n] ^ iv2p->data[n];
+                AES_decrypt((unsigned char *)tmp.data,
+                            (unsigned char *)outp->data, key);
+                for (n = 0; n < N_WORDS; ++n)
+                    outp->data[n] ^= ivp->data[n];
+                ivp = inp;
+                iv2p = outp;
+                --len;
+                in += AES_BLOCK_SIZE;
+                out += AES_BLOCK_SIZE;
+            }
+            memcpy(ivec, ivp->data, AES_BLOCK_SIZE);
+            memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE);
+        } else {
+            aes_block_t tmp, tmp2;
+            aes_block_t iv;
+            aes_block_t iv2;
+
+            load_block(iv, ivec);
+            load_block(iv2, ivec + AES_BLOCK_SIZE);
+
+            while (len) {
+                load_block(tmp, in);
+                tmp2 = tmp;
+                for (n = 0; n < N_WORDS; ++n)
+                    tmp.data[n] ^= iv2.data[n];
+                AES_decrypt((unsigned char *)tmp.data,
+                            (unsigned char *)tmp.data, key);
+                for (n = 0; n < N_WORDS; ++n)
+                    tmp.data[n] ^= iv.data[n];
+                store_block(out, tmp);
+                iv = tmp2;
+                iv2 = tmp;
+                --len;
+                in += AES_BLOCK_SIZE;
+                out += AES_BLOCK_SIZE;
+            }
+            memcpy(ivec, iv.data, AES_BLOCK_SIZE);
+            memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE);
+        }
+    }
+}
+
+/*
+ * Note that its effectively impossible to do biIGE in anything other
+ * than a single pass, so no provision is made for chaining.
+ */
+
+/* N.B. The IV for this mode is _four times_ the block size */
+
+void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t length, const AES_KEY *key,
+                        const AES_KEY *key2, const unsigned char *ivec,
+                        const int enc)
+{
+    size_t n;
+    size_t len = length;
+    unsigned char tmp[AES_BLOCK_SIZE];
+    unsigned char tmp2[AES_BLOCK_SIZE];
+    unsigned char tmp3[AES_BLOCK_SIZE];
+    unsigned char prev[AES_BLOCK_SIZE];
+    const unsigned char *iv;
+    const unsigned char *iv2;
+
+    OPENSSL_assert(in && out && key && ivec);
+    OPENSSL_assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc));
+    OPENSSL_assert((length % AES_BLOCK_SIZE) == 0);
+
+    if (AES_ENCRYPT == enc) {
+        /*
+         * XXX: Do a separate case for when in != out (strictly should check
+         * for overlap, too)
+         */
+
+        /* First the forward pass */
+        iv = ivec;
+        iv2 = ivec + AES_BLOCK_SIZE;
+        while (len >= AES_BLOCK_SIZE) {
+            for (n = 0; n < AES_BLOCK_SIZE; ++n)
+                out[n] = in[n] ^ iv[n];
+            AES_encrypt(out, out, key);
+            for (n = 0; n < AES_BLOCK_SIZE; ++n)
+                out[n] ^= iv2[n];
+            iv = out;
+            memcpy(prev, in, AES_BLOCK_SIZE);
+            iv2 = prev;
+            len -= AES_BLOCK_SIZE;
+            in += AES_BLOCK_SIZE;
+            out += AES_BLOCK_SIZE;
+        }
+
+        /* And now backwards */
+        iv = ivec + AES_BLOCK_SIZE * 2;
+        iv2 = ivec + AES_BLOCK_SIZE * 3;
+        len = length;
+        while (len >= AES_BLOCK_SIZE) {
+            out -= AES_BLOCK_SIZE;
+            /*
+             * XXX: reduce copies by alternating between buffers
+             */
+            memcpy(tmp, out, AES_BLOCK_SIZE);
+            for (n = 0; n < AES_BLOCK_SIZE; ++n)
+                out[n] ^= iv[n];
+            /*
+             * hexdump(stdout, "out ^ iv", out, AES_BLOCK_SIZE);
+             */
+            AES_encrypt(out, out, key);
+            /*
+             * hexdump(stdout,"enc", out, AES_BLOCK_SIZE);
+             */
+            /*
+             * hexdump(stdout,"iv2", iv2, AES_BLOCK_SIZE);
+             */
+            for (n = 0; n < AES_BLOCK_SIZE; ++n)
+                out[n] ^= iv2[n];
+            /*
+             * hexdump(stdout,"out", out, AES_BLOCK_SIZE);
+             */
+            iv = out;
+            memcpy(prev, tmp, AES_BLOCK_SIZE);
+            iv2 = prev;
+            len -= AES_BLOCK_SIZE;
+        }
+    } else {
+        /* First backwards */
+        iv = ivec + AES_BLOCK_SIZE * 2;
+        iv2 = ivec + AES_BLOCK_SIZE * 3;
+        in += length;
+        out += length;
+        while (len >= AES_BLOCK_SIZE) {
+            in -= AES_BLOCK_SIZE;
+            out -= AES_BLOCK_SIZE;
+            memcpy(tmp, in, AES_BLOCK_SIZE);
+            memcpy(tmp2, in, AES_BLOCK_SIZE);
+            for (n = 0; n < AES_BLOCK_SIZE; ++n)
+                tmp[n] ^= iv2[n];
+            AES_decrypt(tmp, out, key);
+            for (n = 0; n < AES_BLOCK_SIZE; ++n)
+                out[n] ^= iv[n];
+            memcpy(tmp3, tmp2, AES_BLOCK_SIZE);
+            iv = tmp3;
+            iv2 = out;
+            len -= AES_BLOCK_SIZE;
+        }
+
+        /* And now forwards */
+        iv = ivec;
+        iv2 = ivec + AES_BLOCK_SIZE;
+        len = length;
+        while (len >= AES_BLOCK_SIZE) {
+            memcpy(tmp, out, AES_BLOCK_SIZE);
+            memcpy(tmp2, out, AES_BLOCK_SIZE);
+            for (n = 0; n < AES_BLOCK_SIZE; ++n)
+                tmp[n] ^= iv2[n];
+            AES_decrypt(tmp, out, key);
+            for (n = 0; n < AES_BLOCK_SIZE; ++n)
+                out[n] ^= iv[n];
+            memcpy(tmp3, tmp2, AES_BLOCK_SIZE);
+            iv = tmp3;
+            iv2 = out;
+            len -= AES_BLOCK_SIZE;
+            in += AES_BLOCK_SIZE;
+            out += AES_BLOCK_SIZE;
+        }
+    }
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_locl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_locl.h
new file mode 100644
index 000000000..adee29df8
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_locl.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_AES_LOCL_H
+# define HEADER_AES_LOCL_H
+
+# include <openssl/e_os2.h>
+# include <stdio.h>
+# include <stdlib.h>
+# include <string.h>
+
+# if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64))
+#  define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
+#  define GETU32(p) SWAP(*((u32 *)(p)))
+#  define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); }
+# else
+#  define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] <<  8) ^ ((u32)(pt)[3]))
+#  define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >>  8); (ct)[3] = (u8)(st); }
+# endif
+
+# ifdef AES_LONG
+typedef unsigned long u32;
+# else
+typedef unsigned int u32;
+# endif
+typedef unsigned short u16;
+typedef unsigned char u8;
+
+# define MAXKC   (256/32)
+# define MAXKB   (256/8)
+# define MAXNR   14
+
+/* This controls loop-unrolling in aes_core.c */
+# undef FULL_UNROLL
+
+#endif                          /* !HEADER_AES_LOCL_H */
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_misc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_misc.c
new file mode 100644
index 000000000..7403c84f8
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_misc.c
@@ -0,0 +1,21 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslv.h>
+#include <openssl/aes.h>
+#include "aes_locl.h"
+
+const char *AES_options(void)
+{
+#ifdef FULL_UNROLL
+    return "aes(full)";
+#else
+    return "aes(partial)";
+#endif
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_ofb.c b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_ofb.c
new file mode 100644
index 000000000..215b53858
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_ofb.c
@@ -0,0 +1,19 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/aes.h>
+#include <openssl/modes.h>
+
+void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t length, const AES_KEY *key,
+                        unsigned char *ivec, int *num)
+{
+    CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num,
+                          (block128_f) AES_encrypt);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_wrap.c b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_wrap.c
new file mode 100644
index 000000000..cae0b2122
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_wrap.c
@@ -0,0 +1,27 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/aes.h>
+#include <openssl/modes.h>
+
+int AES_wrap_key(AES_KEY *key, const unsigned char *iv,
+                 unsigned char *out,
+                 const unsigned char *in, unsigned int inlen)
+{
+    return CRYPTO_128_wrap(key, iv, out, in, inlen, (block128_f) AES_encrypt);
+}
+
+int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
+                   unsigned char *out,
+                   const unsigned char *in, unsigned int inlen)
+{
+    return CRYPTO_128_unwrap(key, iv, out, in, inlen,
+                             (block128_f) AES_decrypt);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_x86core.c b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_x86core.c
new file mode 100644
index 000000000..1b660d716
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_x86core.c
@@ -0,0 +1,1074 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This is experimental x86[_64] derivative. It assumes little-endian
+ * byte order and expects CPU to sustain unaligned memory references.
+ * It is used as playground for cache-time attack mitigations and
+ * serves as reference C implementation for x86[_64] as well as some
+ * other assembly modules.
+ */
+
+/**
+ * rijndael-alg-fst.c
+ *
+ * @version 3.0 (December 2000)
+ *
+ * Optimised ANSI C code for the Rijndael cipher (now AES)
+ *
+ * @author Vincent Rijmen
+ * @author Antoon Bosselaers
+ * @author Paulo Barreto
+ *
+ * This code is hereby placed in the public domain.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
+ * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+ * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+
+#include <assert.h>
+
+#include <stdlib.h>
+#include <openssl/aes.h>
+#include "aes_locl.h"
+
+/*
+ * These two parameters control which table, 256-byte or 2KB, is
+ * referenced in outer and respectively inner rounds.
+ */
+#define AES_COMPACT_IN_OUTER_ROUNDS
+#ifdef  AES_COMPACT_IN_OUTER_ROUNDS
+/* AES_COMPACT_IN_OUTER_ROUNDS costs ~30% in performance, while
+ * adding AES_COMPACT_IN_INNER_ROUNDS reduces benchmark *further*
+ * by factor of ~2. */
+# undef  AES_COMPACT_IN_INNER_ROUNDS
+#endif
+
+#if 1
+static void prefetch256(const void *table)
+{
+    volatile unsigned long *t=(void *)table,ret;
+    unsigned long sum;
+    int i;
+
+    /* 32 is common least cache-line size */
+    for (sum=0,i=0;i<256/sizeof(t[0]);i+=32/sizeof(t[0]))   sum ^= t[i];
+
+    ret = sum;
+}
+#else
+# define prefetch256(t)
+#endif
+
+#undef GETU32
+#define GETU32(p) (*((u32*)(p)))
+
+#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
+typedef unsigned __int64 u64;
+#define U64(C)  C##UI64
+#elif defined(__arch64__)
+typedef unsigned long u64;
+#define U64(C)  C##UL
+#else
+typedef unsigned long long u64;
+#define U64(C)  C##ULL
+#endif
+
+#undef ROTATE
+#if defined(_MSC_VER)
+# define ROTATE(a,n)    _lrotl(a,n)
+#elif defined(__ICC)
+# define ROTATE(a,n)    _rotl(a,n)
+#elif defined(__GNUC__) && __GNUC__>=2
+# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
+#   define ROTATE(a,n)  ({ register unsigned int ret;   \
+                asm (           \
+                "roll %1,%0"        \
+                : "=r"(ret)     \
+                : "I"(n), "0"(a)    \
+                : "cc");        \
+               ret;             \
+            })
+# endif
+#endif
+/*-
+Te [x] = S [x].[02, 01, 01, 03, 02, 01, 01, 03];
+Te0[x] = S [x].[02, 01, 01, 03];
+Te1[x] = S [x].[03, 02, 01, 01];
+Te2[x] = S [x].[01, 03, 02, 01];
+Te3[x] = S [x].[01, 01, 03, 02];
+*/
+#define Te0 (u32)((u64*)((u8*)Te+0))
+#define Te1 (u32)((u64*)((u8*)Te+3))
+#define Te2 (u32)((u64*)((u8*)Te+2))
+#define Te3 (u32)((u64*)((u8*)Te+1))
+/*-
+Td [x] = Si[x].[0e, 09, 0d, 0b, 0e, 09, 0d, 0b];
+Td0[x] = Si[x].[0e, 09, 0d, 0b];
+Td1[x] = Si[x].[0b, 0e, 09, 0d];
+Td2[x] = Si[x].[0d, 0b, 0e, 09];
+Td3[x] = Si[x].[09, 0d, 0b, 0e];
+Td4[x] = Si[x].[01];
+*/
+#define Td0 (u32)((u64*)((u8*)Td+0))
+#define Td1 (u32)((u64*)((u8*)Td+3))
+#define Td2 (u32)((u64*)((u8*)Td+2))
+#define Td3 (u32)((u64*)((u8*)Td+1))
+
+static const u64 Te[256] = {
+    U64(0xa56363c6a56363c6), U64(0x847c7cf8847c7cf8),
+    U64(0x997777ee997777ee), U64(0x8d7b7bf68d7b7bf6),
+    U64(0x0df2f2ff0df2f2ff), U64(0xbd6b6bd6bd6b6bd6),
+    U64(0xb16f6fdeb16f6fde), U64(0x54c5c59154c5c591),
+    U64(0x5030306050303060), U64(0x0301010203010102),
+    U64(0xa96767cea96767ce), U64(0x7d2b2b567d2b2b56),
+    U64(0x19fefee719fefee7), U64(0x62d7d7b562d7d7b5),
+    U64(0xe6abab4de6abab4d), U64(0x9a7676ec9a7676ec),
+    U64(0x45caca8f45caca8f), U64(0x9d82821f9d82821f),
+    U64(0x40c9c98940c9c989), U64(0x877d7dfa877d7dfa),
+    U64(0x15fafaef15fafaef), U64(0xeb5959b2eb5959b2),
+    U64(0xc947478ec947478e), U64(0x0bf0f0fb0bf0f0fb),
+    U64(0xecadad41ecadad41), U64(0x67d4d4b367d4d4b3),
+    U64(0xfda2a25ffda2a25f), U64(0xeaafaf45eaafaf45),
+    U64(0xbf9c9c23bf9c9c23), U64(0xf7a4a453f7a4a453),
+    U64(0x967272e4967272e4), U64(0x5bc0c09b5bc0c09b),
+    U64(0xc2b7b775c2b7b775), U64(0x1cfdfde11cfdfde1),
+    U64(0xae93933dae93933d), U64(0x6a26264c6a26264c),
+    U64(0x5a36366c5a36366c), U64(0x413f3f7e413f3f7e),
+    U64(0x02f7f7f502f7f7f5), U64(0x4fcccc834fcccc83),
+    U64(0x5c3434685c343468), U64(0xf4a5a551f4a5a551),
+    U64(0x34e5e5d134e5e5d1), U64(0x08f1f1f908f1f1f9),
+    U64(0x937171e2937171e2), U64(0x73d8d8ab73d8d8ab),
+    U64(0x5331316253313162), U64(0x3f15152a3f15152a),
+    U64(0x0c0404080c040408), U64(0x52c7c79552c7c795),
+    U64(0x6523234665232346), U64(0x5ec3c39d5ec3c39d),
+    U64(0x2818183028181830), U64(0xa1969637a1969637),
+    U64(0x0f05050a0f05050a), U64(0xb59a9a2fb59a9a2f),
+    U64(0x0907070e0907070e), U64(0x3612122436121224),
+    U64(0x9b80801b9b80801b), U64(0x3de2e2df3de2e2df),
+    U64(0x26ebebcd26ebebcd), U64(0x6927274e6927274e),
+    U64(0xcdb2b27fcdb2b27f), U64(0x9f7575ea9f7575ea),
+    U64(0x1b0909121b090912), U64(0x9e83831d9e83831d),
+    U64(0x742c2c58742c2c58), U64(0x2e1a1a342e1a1a34),
+    U64(0x2d1b1b362d1b1b36), U64(0xb26e6edcb26e6edc),
+    U64(0xee5a5ab4ee5a5ab4), U64(0xfba0a05bfba0a05b),
+    U64(0xf65252a4f65252a4), U64(0x4d3b3b764d3b3b76),
+    U64(0x61d6d6b761d6d6b7), U64(0xceb3b37dceb3b37d),
+    U64(0x7b2929527b292952), U64(0x3ee3e3dd3ee3e3dd),
+    U64(0x712f2f5e712f2f5e), U64(0x9784841397848413),
+    U64(0xf55353a6f55353a6), U64(0x68d1d1b968d1d1b9),
+    U64(0x0000000000000000), U64(0x2cededc12cededc1),
+    U64(0x6020204060202040), U64(0x1ffcfce31ffcfce3),
+    U64(0xc8b1b179c8b1b179), U64(0xed5b5bb6ed5b5bb6),
+    U64(0xbe6a6ad4be6a6ad4), U64(0x46cbcb8d46cbcb8d),
+    U64(0xd9bebe67d9bebe67), U64(0x4b3939724b393972),
+    U64(0xde4a4a94de4a4a94), U64(0xd44c4c98d44c4c98),
+    U64(0xe85858b0e85858b0), U64(0x4acfcf854acfcf85),
+    U64(0x6bd0d0bb6bd0d0bb), U64(0x2aefefc52aefefc5),
+    U64(0xe5aaaa4fe5aaaa4f), U64(0x16fbfbed16fbfbed),
+    U64(0xc5434386c5434386), U64(0xd74d4d9ad74d4d9a),
+    U64(0x5533336655333366), U64(0x9485851194858511),
+    U64(0xcf45458acf45458a), U64(0x10f9f9e910f9f9e9),
+    U64(0x0602020406020204), U64(0x817f7ffe817f7ffe),
+    U64(0xf05050a0f05050a0), U64(0x443c3c78443c3c78),
+    U64(0xba9f9f25ba9f9f25), U64(0xe3a8a84be3a8a84b),
+    U64(0xf35151a2f35151a2), U64(0xfea3a35dfea3a35d),
+    U64(0xc0404080c0404080), U64(0x8a8f8f058a8f8f05),
+    U64(0xad92923fad92923f), U64(0xbc9d9d21bc9d9d21),
+    U64(0x4838387048383870), U64(0x04f5f5f104f5f5f1),
+    U64(0xdfbcbc63dfbcbc63), U64(0xc1b6b677c1b6b677),
+    U64(0x75dadaaf75dadaaf), U64(0x6321214263212142),
+    U64(0x3010102030101020), U64(0x1affffe51affffe5),
+    U64(0x0ef3f3fd0ef3f3fd), U64(0x6dd2d2bf6dd2d2bf),
+    U64(0x4ccdcd814ccdcd81), U64(0x140c0c18140c0c18),
+    U64(0x3513132635131326), U64(0x2fececc32fececc3),
+    U64(0xe15f5fbee15f5fbe), U64(0xa2979735a2979735),
+    U64(0xcc444488cc444488), U64(0x3917172e3917172e),
+    U64(0x57c4c49357c4c493), U64(0xf2a7a755f2a7a755),
+    U64(0x827e7efc827e7efc), U64(0x473d3d7a473d3d7a),
+    U64(0xac6464c8ac6464c8), U64(0xe75d5dbae75d5dba),
+    U64(0x2b1919322b191932), U64(0x957373e6957373e6),
+    U64(0xa06060c0a06060c0), U64(0x9881811998818119),
+    U64(0xd14f4f9ed14f4f9e), U64(0x7fdcdca37fdcdca3),
+    U64(0x6622224466222244), U64(0x7e2a2a547e2a2a54),
+    U64(0xab90903bab90903b), U64(0x8388880b8388880b),
+    U64(0xca46468cca46468c), U64(0x29eeeec729eeeec7),
+    U64(0xd3b8b86bd3b8b86b), U64(0x3c1414283c141428),
+    U64(0x79dedea779dedea7), U64(0xe25e5ebce25e5ebc),
+    U64(0x1d0b0b161d0b0b16), U64(0x76dbdbad76dbdbad),
+    U64(0x3be0e0db3be0e0db), U64(0x5632326456323264),
+    U64(0x4e3a3a744e3a3a74), U64(0x1e0a0a141e0a0a14),
+    U64(0xdb494992db494992), U64(0x0a06060c0a06060c),
+    U64(0x6c2424486c242448), U64(0xe45c5cb8e45c5cb8),
+    U64(0x5dc2c29f5dc2c29f), U64(0x6ed3d3bd6ed3d3bd),
+    U64(0xefacac43efacac43), U64(0xa66262c4a66262c4),
+    U64(0xa8919139a8919139), U64(0xa4959531a4959531),
+    U64(0x37e4e4d337e4e4d3), U64(0x8b7979f28b7979f2),
+    U64(0x32e7e7d532e7e7d5), U64(0x43c8c88b43c8c88b),
+    U64(0x5937376e5937376e), U64(0xb76d6ddab76d6dda),
+    U64(0x8c8d8d018c8d8d01), U64(0x64d5d5b164d5d5b1),
+    U64(0xd24e4e9cd24e4e9c), U64(0xe0a9a949e0a9a949),
+    U64(0xb46c6cd8b46c6cd8), U64(0xfa5656acfa5656ac),
+    U64(0x07f4f4f307f4f4f3), U64(0x25eaeacf25eaeacf),
+    U64(0xaf6565caaf6565ca), U64(0x8e7a7af48e7a7af4),
+    U64(0xe9aeae47e9aeae47), U64(0x1808081018080810),
+    U64(0xd5baba6fd5baba6f), U64(0x887878f0887878f0),
+    U64(0x6f25254a6f25254a), U64(0x722e2e5c722e2e5c),
+    U64(0x241c1c38241c1c38), U64(0xf1a6a657f1a6a657),
+    U64(0xc7b4b473c7b4b473), U64(0x51c6c69751c6c697),
+    U64(0x23e8e8cb23e8e8cb), U64(0x7cdddda17cdddda1),
+    U64(0x9c7474e89c7474e8), U64(0x211f1f3e211f1f3e),
+    U64(0xdd4b4b96dd4b4b96), U64(0xdcbdbd61dcbdbd61),
+    U64(0x868b8b0d868b8b0d), U64(0x858a8a0f858a8a0f),
+    U64(0x907070e0907070e0), U64(0x423e3e7c423e3e7c),
+    U64(0xc4b5b571c4b5b571), U64(0xaa6666ccaa6666cc),
+    U64(0xd8484890d8484890), U64(0x0503030605030306),
+    U64(0x01f6f6f701f6f6f7), U64(0x120e0e1c120e0e1c),
+    U64(0xa36161c2a36161c2), U64(0x5f35356a5f35356a),
+    U64(0xf95757aef95757ae), U64(0xd0b9b969d0b9b969),
+    U64(0x9186861791868617), U64(0x58c1c19958c1c199),
+    U64(0x271d1d3a271d1d3a), U64(0xb99e9e27b99e9e27),
+    U64(0x38e1e1d938e1e1d9), U64(0x13f8f8eb13f8f8eb),
+    U64(0xb398982bb398982b), U64(0x3311112233111122),
+    U64(0xbb6969d2bb6969d2), U64(0x70d9d9a970d9d9a9),
+    U64(0x898e8e07898e8e07), U64(0xa7949433a7949433),
+    U64(0xb69b9b2db69b9b2d), U64(0x221e1e3c221e1e3c),
+    U64(0x9287871592878715), U64(0x20e9e9c920e9e9c9),
+    U64(0x49cece8749cece87), U64(0xff5555aaff5555aa),
+    U64(0x7828285078282850), U64(0x7adfdfa57adfdfa5),
+    U64(0x8f8c8c038f8c8c03), U64(0xf8a1a159f8a1a159),
+    U64(0x8089890980898909), U64(0x170d0d1a170d0d1a),
+    U64(0xdabfbf65dabfbf65), U64(0x31e6e6d731e6e6d7),
+    U64(0xc6424284c6424284), U64(0xb86868d0b86868d0),
+    U64(0xc3414182c3414182), U64(0xb0999929b0999929),
+    U64(0x772d2d5a772d2d5a), U64(0x110f0f1e110f0f1e),
+    U64(0xcbb0b07bcbb0b07b), U64(0xfc5454a8fc5454a8),
+    U64(0xd6bbbb6dd6bbbb6d), U64(0x3a16162c3a16162c)
+};
+
+static const u8 Te4[256] = {
+    0x63U, 0x7cU, 0x77U, 0x7bU, 0xf2U, 0x6bU, 0x6fU, 0xc5U,
+    0x30U, 0x01U, 0x67U, 0x2bU, 0xfeU, 0xd7U, 0xabU, 0x76U,
+    0xcaU, 0x82U, 0xc9U, 0x7dU, 0xfaU, 0x59U, 0x47U, 0xf0U,
+    0xadU, 0xd4U, 0xa2U, 0xafU, 0x9cU, 0xa4U, 0x72U, 0xc0U,
+    0xb7U, 0xfdU, 0x93U, 0x26U, 0x36U, 0x3fU, 0xf7U, 0xccU,
+    0x34U, 0xa5U, 0xe5U, 0xf1U, 0x71U, 0xd8U, 0x31U, 0x15U,
+    0x04U, 0xc7U, 0x23U, 0xc3U, 0x18U, 0x96U, 0x05U, 0x9aU,
+    0x07U, 0x12U, 0x80U, 0xe2U, 0xebU, 0x27U, 0xb2U, 0x75U,
+    0x09U, 0x83U, 0x2cU, 0x1aU, 0x1bU, 0x6eU, 0x5aU, 0xa0U,
+    0x52U, 0x3bU, 0xd6U, 0xb3U, 0x29U, 0xe3U, 0x2fU, 0x84U,
+    0x53U, 0xd1U, 0x00U, 0xedU, 0x20U, 0xfcU, 0xb1U, 0x5bU,
+    0x6aU, 0xcbU, 0xbeU, 0x39U, 0x4aU, 0x4cU, 0x58U, 0xcfU,
+    0xd0U, 0xefU, 0xaaU, 0xfbU, 0x43U, 0x4dU, 0x33U, 0x85U,
+    0x45U, 0xf9U, 0x02U, 0x7fU, 0x50U, 0x3cU, 0x9fU, 0xa8U,
+    0x51U, 0xa3U, 0x40U, 0x8fU, 0x92U, 0x9dU, 0x38U, 0xf5U,
+    0xbcU, 0xb6U, 0xdaU, 0x21U, 0x10U, 0xffU, 0xf3U, 0xd2U,
+    0xcdU, 0x0cU, 0x13U, 0xecU, 0x5fU, 0x97U, 0x44U, 0x17U,
+    0xc4U, 0xa7U, 0x7eU, 0x3dU, 0x64U, 0x5dU, 0x19U, 0x73U,
+    0x60U, 0x81U, 0x4fU, 0xdcU, 0x22U, 0x2aU, 0x90U, 0x88U,
+    0x46U, 0xeeU, 0xb8U, 0x14U, 0xdeU, 0x5eU, 0x0bU, 0xdbU,
+    0xe0U, 0x32U, 0x3aU, 0x0aU, 0x49U, 0x06U, 0x24U, 0x5cU,
+    0xc2U, 0xd3U, 0xacU, 0x62U, 0x91U, 0x95U, 0xe4U, 0x79U,
+    0xe7U, 0xc8U, 0x37U, 0x6dU, 0x8dU, 0xd5U, 0x4eU, 0xa9U,
+    0x6cU, 0x56U, 0xf4U, 0xeaU, 0x65U, 0x7aU, 0xaeU, 0x08U,
+    0xbaU, 0x78U, 0x25U, 0x2eU, 0x1cU, 0xa6U, 0xb4U, 0xc6U,
+    0xe8U, 0xddU, 0x74U, 0x1fU, 0x4bU, 0xbdU, 0x8bU, 0x8aU,
+    0x70U, 0x3eU, 0xb5U, 0x66U, 0x48U, 0x03U, 0xf6U, 0x0eU,
+    0x61U, 0x35U, 0x57U, 0xb9U, 0x86U, 0xc1U, 0x1dU, 0x9eU,
+    0xe1U, 0xf8U, 0x98U, 0x11U, 0x69U, 0xd9U, 0x8eU, 0x94U,
+    0x9bU, 0x1eU, 0x87U, 0xe9U, 0xceU, 0x55U, 0x28U, 0xdfU,
+    0x8cU, 0xa1U, 0x89U, 0x0dU, 0xbfU, 0xe6U, 0x42U, 0x68U,
+    0x41U, 0x99U, 0x2dU, 0x0fU, 0xb0U, 0x54U, 0xbbU, 0x16U
+};
+
+static const u64 Td[256] = {
+    U64(0x50a7f45150a7f451), U64(0x5365417e5365417e),
+    U64(0xc3a4171ac3a4171a), U64(0x965e273a965e273a),
+    U64(0xcb6bab3bcb6bab3b), U64(0xf1459d1ff1459d1f),
+    U64(0xab58faacab58faac), U64(0x9303e34b9303e34b),
+    U64(0x55fa302055fa3020), U64(0xf66d76adf66d76ad),
+    U64(0x9176cc889176cc88), U64(0x254c02f5254c02f5),
+    U64(0xfcd7e54ffcd7e54f), U64(0xd7cb2ac5d7cb2ac5),
+    U64(0x8044352680443526), U64(0x8fa362b58fa362b5),
+    U64(0x495ab1de495ab1de), U64(0x671bba25671bba25),
+    U64(0x980eea45980eea45), U64(0xe1c0fe5de1c0fe5d),
+    U64(0x02752fc302752fc3), U64(0x12f04c8112f04c81),
+    U64(0xa397468da397468d), U64(0xc6f9d36bc6f9d36b),
+    U64(0xe75f8f03e75f8f03), U64(0x959c9215959c9215),
+    U64(0xeb7a6dbfeb7a6dbf), U64(0xda595295da595295),
+    U64(0x2d83bed42d83bed4), U64(0xd3217458d3217458),
+    U64(0x2969e0492969e049), U64(0x44c8c98e44c8c98e),
+    U64(0x6a89c2756a89c275), U64(0x78798ef478798ef4),
+    U64(0x6b3e58996b3e5899), U64(0xdd71b927dd71b927),
+    U64(0xb64fe1beb64fe1be), U64(0x17ad88f017ad88f0),
+    U64(0x66ac20c966ac20c9), U64(0xb43ace7db43ace7d),
+    U64(0x184adf63184adf63), U64(0x82311ae582311ae5),
+    U64(0x6033519760335197), U64(0x457f5362457f5362),
+    U64(0xe07764b1e07764b1), U64(0x84ae6bbb84ae6bbb),
+    U64(0x1ca081fe1ca081fe), U64(0x942b08f9942b08f9),
+    U64(0x5868487058684870), U64(0x19fd458f19fd458f),
+    U64(0x876cde94876cde94), U64(0xb7f87b52b7f87b52),
+    U64(0x23d373ab23d373ab), U64(0xe2024b72e2024b72),
+    U64(0x578f1fe3578f1fe3), U64(0x2aab55662aab5566),
+    U64(0x0728ebb20728ebb2), U64(0x03c2b52f03c2b52f),
+    U64(0x9a7bc5869a7bc586), U64(0xa50837d3a50837d3),
+    U64(0xf2872830f2872830), U64(0xb2a5bf23b2a5bf23),
+    U64(0xba6a0302ba6a0302), U64(0x5c8216ed5c8216ed),
+    U64(0x2b1ccf8a2b1ccf8a), U64(0x92b479a792b479a7),
+    U64(0xf0f207f3f0f207f3), U64(0xa1e2694ea1e2694e),
+    U64(0xcdf4da65cdf4da65), U64(0xd5be0506d5be0506),
+    U64(0x1f6234d11f6234d1), U64(0x8afea6c48afea6c4),
+    U64(0x9d532e349d532e34), U64(0xa055f3a2a055f3a2),
+    U64(0x32e18a0532e18a05), U64(0x75ebf6a475ebf6a4),
+    U64(0x39ec830b39ec830b), U64(0xaaef6040aaef6040),
+    U64(0x069f715e069f715e), U64(0x51106ebd51106ebd),
+    U64(0xf98a213ef98a213e), U64(0x3d06dd963d06dd96),
+    U64(0xae053eddae053edd), U64(0x46bde64d46bde64d),
+    U64(0xb58d5491b58d5491), U64(0x055dc471055dc471),
+    U64(0x6fd406046fd40604), U64(0xff155060ff155060),
+    U64(0x24fb981924fb9819), U64(0x97e9bdd697e9bdd6),
+    U64(0xcc434089cc434089), U64(0x779ed967779ed967),
+    U64(0xbd42e8b0bd42e8b0), U64(0x888b8907888b8907),
+    U64(0x385b19e7385b19e7), U64(0xdbeec879dbeec879),
+    U64(0x470a7ca1470a7ca1), U64(0xe90f427ce90f427c),
+    U64(0xc91e84f8c91e84f8), U64(0x0000000000000000),
+    U64(0x8386800983868009), U64(0x48ed2b3248ed2b32),
+    U64(0xac70111eac70111e), U64(0x4e725a6c4e725a6c),
+    U64(0xfbff0efdfbff0efd), U64(0x5638850f5638850f),
+    U64(0x1ed5ae3d1ed5ae3d), U64(0x27392d3627392d36),
+    U64(0x64d90f0a64d90f0a), U64(0x21a65c6821a65c68),
+    U64(0xd1545b9bd1545b9b), U64(0x3a2e36243a2e3624),
+    U64(0xb1670a0cb1670a0c), U64(0x0fe757930fe75793),
+    U64(0xd296eeb4d296eeb4), U64(0x9e919b1b9e919b1b),
+    U64(0x4fc5c0804fc5c080), U64(0xa220dc61a220dc61),
+    U64(0x694b775a694b775a), U64(0x161a121c161a121c),
+    U64(0x0aba93e20aba93e2), U64(0xe52aa0c0e52aa0c0),
+    U64(0x43e0223c43e0223c), U64(0x1d171b121d171b12),
+    U64(0x0b0d090e0b0d090e), U64(0xadc78bf2adc78bf2),
+    U64(0xb9a8b62db9a8b62d), U64(0xc8a91e14c8a91e14),
+    U64(0x8519f1578519f157), U64(0x4c0775af4c0775af),
+    U64(0xbbdd99eebbdd99ee), U64(0xfd607fa3fd607fa3),
+    U64(0x9f2601f79f2601f7), U64(0xbcf5725cbcf5725c),
+    U64(0xc53b6644c53b6644), U64(0x347efb5b347efb5b),
+    U64(0x7629438b7629438b), U64(0xdcc623cbdcc623cb),
+    U64(0x68fcedb668fcedb6), U64(0x63f1e4b863f1e4b8),
+    U64(0xcadc31d7cadc31d7), U64(0x1085634210856342),
+    U64(0x4022971340229713), U64(0x2011c6842011c684),
+    U64(0x7d244a857d244a85), U64(0xf83dbbd2f83dbbd2),
+    U64(0x1132f9ae1132f9ae), U64(0x6da129c76da129c7),
+    U64(0x4b2f9e1d4b2f9e1d), U64(0xf330b2dcf330b2dc),
+    U64(0xec52860dec52860d), U64(0xd0e3c177d0e3c177),
+    U64(0x6c16b32b6c16b32b), U64(0x99b970a999b970a9),
+    U64(0xfa489411fa489411), U64(0x2264e9472264e947),
+    U64(0xc48cfca8c48cfca8), U64(0x1a3ff0a01a3ff0a0),
+    U64(0xd82c7d56d82c7d56), U64(0xef903322ef903322),
+    U64(0xc74e4987c74e4987), U64(0xc1d138d9c1d138d9),
+    U64(0xfea2ca8cfea2ca8c), U64(0x360bd498360bd498),
+    U64(0xcf81f5a6cf81f5a6), U64(0x28de7aa528de7aa5),
+    U64(0x268eb7da268eb7da), U64(0xa4bfad3fa4bfad3f),
+    U64(0xe49d3a2ce49d3a2c), U64(0x0d9278500d927850),
+    U64(0x9bcc5f6a9bcc5f6a), U64(0x62467e5462467e54),
+    U64(0xc2138df6c2138df6), U64(0xe8b8d890e8b8d890),
+    U64(0x5ef7392e5ef7392e), U64(0xf5afc382f5afc382),
+    U64(0xbe805d9fbe805d9f), U64(0x7c93d0697c93d069),
+    U64(0xa92dd56fa92dd56f), U64(0xb31225cfb31225cf),
+    U64(0x3b99acc83b99acc8), U64(0xa77d1810a77d1810),
+    U64(0x6e639ce86e639ce8), U64(0x7bbb3bdb7bbb3bdb),
+    U64(0x097826cd097826cd), U64(0xf418596ef418596e),
+    U64(0x01b79aec01b79aec), U64(0xa89a4f83a89a4f83),
+    U64(0x656e95e6656e95e6), U64(0x7ee6ffaa7ee6ffaa),
+    U64(0x08cfbc2108cfbc21), U64(0xe6e815efe6e815ef),
+    U64(0xd99be7bad99be7ba), U64(0xce366f4ace366f4a),
+    U64(0xd4099fead4099fea), U64(0xd67cb029d67cb029),
+    U64(0xafb2a431afb2a431), U64(0x31233f2a31233f2a),
+    U64(0x3094a5c63094a5c6), U64(0xc066a235c066a235),
+    U64(0x37bc4e7437bc4e74), U64(0xa6ca82fca6ca82fc),
+    U64(0xb0d090e0b0d090e0), U64(0x15d8a73315d8a733),
+    U64(0x4a9804f14a9804f1), U64(0xf7daec41f7daec41),
+    U64(0x0e50cd7f0e50cd7f), U64(0x2ff691172ff69117),
+    U64(0x8dd64d768dd64d76), U64(0x4db0ef434db0ef43),
+    U64(0x544daacc544daacc), U64(0xdf0496e4df0496e4),
+    U64(0xe3b5d19ee3b5d19e), U64(0x1b886a4c1b886a4c),
+    U64(0xb81f2cc1b81f2cc1), U64(0x7f5165467f516546),
+    U64(0x04ea5e9d04ea5e9d), U64(0x5d358c015d358c01),
+    U64(0x737487fa737487fa), U64(0x2e410bfb2e410bfb),
+    U64(0x5a1d67b35a1d67b3), U64(0x52d2db9252d2db92),
+    U64(0x335610e9335610e9), U64(0x1347d66d1347d66d),
+    U64(0x8c61d79a8c61d79a), U64(0x7a0ca1377a0ca137),
+    U64(0x8e14f8598e14f859), U64(0x893c13eb893c13eb),
+    U64(0xee27a9ceee27a9ce), U64(0x35c961b735c961b7),
+    U64(0xede51ce1ede51ce1), U64(0x3cb1477a3cb1477a),
+    U64(0x59dfd29c59dfd29c), U64(0x3f73f2553f73f255),
+    U64(0x79ce141879ce1418), U64(0xbf37c773bf37c773),
+    U64(0xeacdf753eacdf753), U64(0x5baafd5f5baafd5f),
+    U64(0x146f3ddf146f3ddf), U64(0x86db447886db4478),
+    U64(0x81f3afca81f3afca), U64(0x3ec468b93ec468b9),
+    U64(0x2c3424382c342438), U64(0x5f40a3c25f40a3c2),
+    U64(0x72c31d1672c31d16), U64(0x0c25e2bc0c25e2bc),
+    U64(0x8b493c288b493c28), U64(0x41950dff41950dff),
+    U64(0x7101a8397101a839), U64(0xdeb30c08deb30c08),
+    U64(0x9ce4b4d89ce4b4d8), U64(0x90c1566490c15664),
+    U64(0x6184cb7b6184cb7b), U64(0x70b632d570b632d5),
+    U64(0x745c6c48745c6c48), U64(0x4257b8d04257b8d0)
+};
+static const u8 Td4[256] = {
+    0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U,
+    0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU,
+    0x7cU, 0xe3U, 0x39U, 0x82U, 0x9bU, 0x2fU, 0xffU, 0x87U,
+    0x34U, 0x8eU, 0x43U, 0x44U, 0xc4U, 0xdeU, 0xe9U, 0xcbU,
+    0x54U, 0x7bU, 0x94U, 0x32U, 0xa6U, 0xc2U, 0x23U, 0x3dU,
+    0xeeU, 0x4cU, 0x95U, 0x0bU, 0x42U, 0xfaU, 0xc3U, 0x4eU,
+    0x08U, 0x2eU, 0xa1U, 0x66U, 0x28U, 0xd9U, 0x24U, 0xb2U,
+    0x76U, 0x5bU, 0xa2U, 0x49U, 0x6dU, 0x8bU, 0xd1U, 0x25U,
+    0x72U, 0xf8U, 0xf6U, 0x64U, 0x86U, 0x68U, 0x98U, 0x16U,
+    0xd4U, 0xa4U, 0x5cU, 0xccU, 0x5dU, 0x65U, 0xb6U, 0x92U,
+    0x6cU, 0x70U, 0x48U, 0x50U, 0xfdU, 0xedU, 0xb9U, 0xdaU,
+    0x5eU, 0x15U, 0x46U, 0x57U, 0xa7U, 0x8dU, 0x9dU, 0x84U,
+    0x90U, 0xd8U, 0xabU, 0x00U, 0x8cU, 0xbcU, 0xd3U, 0x0aU,
+    0xf7U, 0xe4U, 0x58U, 0x05U, 0xb8U, 0xb3U, 0x45U, 0x06U,
+    0xd0U, 0x2cU, 0x1eU, 0x8fU, 0xcaU, 0x3fU, 0x0fU, 0x02U,
+    0xc1U, 0xafU, 0xbdU, 0x03U, 0x01U, 0x13U, 0x8aU, 0x6bU,
+    0x3aU, 0x91U, 0x11U, 0x41U, 0x4fU, 0x67U, 0xdcU, 0xeaU,
+    0x97U, 0xf2U, 0xcfU, 0xceU, 0xf0U, 0xb4U, 0xe6U, 0x73U,
+    0x96U, 0xacU, 0x74U, 0x22U, 0xe7U, 0xadU, 0x35U, 0x85U,
+    0xe2U, 0xf9U, 0x37U, 0xe8U, 0x1cU, 0x75U, 0xdfU, 0x6eU,
+    0x47U, 0xf1U, 0x1aU, 0x71U, 0x1dU, 0x29U, 0xc5U, 0x89U,
+    0x6fU, 0xb7U, 0x62U, 0x0eU, 0xaaU, 0x18U, 0xbeU, 0x1bU,
+    0xfcU, 0x56U, 0x3eU, 0x4bU, 0xc6U, 0xd2U, 0x79U, 0x20U,
+    0x9aU, 0xdbU, 0xc0U, 0xfeU, 0x78U, 0xcdU, 0x5aU, 0xf4U,
+    0x1fU, 0xddU, 0xa8U, 0x33U, 0x88U, 0x07U, 0xc7U, 0x31U,
+    0xb1U, 0x12U, 0x10U, 0x59U, 0x27U, 0x80U, 0xecU, 0x5fU,
+    0x60U, 0x51U, 0x7fU, 0xa9U, 0x19U, 0xb5U, 0x4aU, 0x0dU,
+    0x2dU, 0xe5U, 0x7aU, 0x9fU, 0x93U, 0xc9U, 0x9cU, 0xefU,
+    0xa0U, 0xe0U, 0x3bU, 0x4dU, 0xaeU, 0x2aU, 0xf5U, 0xb0U,
+    0xc8U, 0xebU, 0xbbU, 0x3cU, 0x83U, 0x53U, 0x99U, 0x61U,
+    0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U,
+    0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU
+};
+
+static const u32 rcon[] = {
+    0x00000001U, 0x00000002U, 0x00000004U, 0x00000008U,
+    0x00000010U, 0x00000020U, 0x00000040U, 0x00000080U,
+    0x0000001bU, 0x00000036U, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
+};
+
+/**
+ * Expand the cipher key into the encryption key schedule.
+ */
+int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+                        AES_KEY *key)
+{
+
+    u32 *rk;
+    int i = 0;
+    u32 temp;
+
+    if (!userKey || !key)
+        return -1;
+    if (bits != 128 && bits != 192 && bits != 256)
+        return -2;
+
+    rk = key->rd_key;
+
+    if (bits==128)
+        key->rounds = 10;
+    else if (bits==192)
+        key->rounds = 12;
+    else
+        key->rounds = 14;
+
+    rk[0] = GETU32(userKey     );
+    rk[1] = GETU32(userKey +  4);
+    rk[2] = GETU32(userKey +  8);
+    rk[3] = GETU32(userKey + 12);
+    if (bits == 128) {
+        while (1) {
+            temp  = rk[3];
+            rk[4] = rk[0] ^
+                ((u32)Te4[(temp >>  8) & 0xff]      ) ^
+                ((u32)Te4[(temp >> 16) & 0xff] <<  8) ^
+                ((u32)Te4[(temp >> 24)       ] << 16) ^
+                ((u32)Te4[(temp      ) & 0xff] << 24) ^
+                rcon[i];
+            rk[5] = rk[1] ^ rk[4];
+            rk[6] = rk[2] ^ rk[5];
+            rk[7] = rk[3] ^ rk[6];
+            if (++i == 10) {
+                return 0;
+            }
+            rk += 4;
+        }
+    }
+    rk[4] = GETU32(userKey + 16);
+    rk[5] = GETU32(userKey + 20);
+    if (bits == 192) {
+        while (1) {
+            temp = rk[ 5];
+            rk[ 6] = rk[ 0] ^
+                ((u32)Te4[(temp >>  8) & 0xff]      ) ^
+                ((u32)Te4[(temp >> 16) & 0xff] <<  8) ^
+                ((u32)Te4[(temp >> 24)       ] << 16) ^
+                ((u32)Te4[(temp      ) & 0xff] << 24) ^
+                rcon[i];
+            rk[ 7] = rk[ 1] ^ rk[ 6];
+            rk[ 8] = rk[ 2] ^ rk[ 7];
+            rk[ 9] = rk[ 3] ^ rk[ 8];
+            if (++i == 8) {
+                return 0;
+            }
+            rk[10] = rk[ 4] ^ rk[ 9];
+            rk[11] = rk[ 5] ^ rk[10];
+            rk += 6;
+        }
+    }
+    rk[6] = GETU32(userKey + 24);
+    rk[7] = GETU32(userKey + 28);
+    if (bits == 256) {
+        while (1) {
+            temp = rk[ 7];
+            rk[ 8] = rk[ 0] ^
+                ((u32)Te4[(temp >>  8) & 0xff]      ) ^
+                ((u32)Te4[(temp >> 16) & 0xff] <<  8) ^
+                ((u32)Te4[(temp >> 24)       ] << 16) ^
+                ((u32)Te4[(temp      ) & 0xff] << 24) ^
+                rcon[i];
+            rk[ 9] = rk[ 1] ^ rk[ 8];
+            rk[10] = rk[ 2] ^ rk[ 9];
+            rk[11] = rk[ 3] ^ rk[10];
+            if (++i == 7) {
+                return 0;
+            }
+            temp = rk[11];
+            rk[12] = rk[ 4] ^
+                ((u32)Te4[(temp      ) & 0xff]      ) ^
+                ((u32)Te4[(temp >>  8) & 0xff] <<  8) ^
+                ((u32)Te4[(temp >> 16) & 0xff] << 16) ^
+                ((u32)Te4[(temp >> 24)       ] << 24);
+            rk[13] = rk[ 5] ^ rk[12];
+            rk[14] = rk[ 6] ^ rk[13];
+            rk[15] = rk[ 7] ^ rk[14];
+
+            rk += 8;
+            }
+    }
+    return 0;
+}
+
+/**
+ * Expand the cipher key into the decryption key schedule.
+ */
+int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+                        AES_KEY *key)
+{
+
+    u32 *rk;
+    int i, j, status;
+    u32 temp;
+
+    /* first, start with an encryption schedule */
+    status = AES_set_encrypt_key(userKey, bits, key);
+    if (status < 0)
+        return status;
+
+    rk = key->rd_key;
+
+    /* invert the order of the round keys: */
+    for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) {
+        temp = rk[i    ]; rk[i    ] = rk[j    ]; rk[j    ] = temp;
+        temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
+        temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
+        temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
+    }
+    /* apply the inverse MixColumn transform to all round keys but the first and the last: */
+    for (i = 1; i < (key->rounds); i++) {
+        rk += 4;
+#if 1
+        for (j = 0; j < 4; j++) {
+            u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m;
+
+            tp1 = rk[j];
+            m = tp1 & 0x80808080;
+            tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^
+                ((m - (m >> 7)) & 0x1b1b1b1b);
+            m = tp2 & 0x80808080;
+            tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^
+                ((m - (m >> 7)) & 0x1b1b1b1b);
+            m = tp4 & 0x80808080;
+            tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^
+                ((m - (m >> 7)) & 0x1b1b1b1b);
+            tp9 = tp8 ^ tp1;
+            tpb = tp9 ^ tp2;
+            tpd = tp9 ^ tp4;
+            tpe = tp8 ^ tp4 ^ tp2;
+#if defined(ROTATE)
+            rk[j] = tpe ^ ROTATE(tpd,16) ^
+                ROTATE(tp9,8) ^ ROTATE(tpb,24);
+#else
+            rk[j] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^
+                (tp9 >> 24) ^ (tp9 << 8) ^
+                (tpb >> 8) ^ (tpb << 24);
+#endif
+        }
+#else
+        rk[0] =
+            Td0[Te2[(rk[0]      ) & 0xff] & 0xff] ^
+            Td1[Te2[(rk[0] >>  8) & 0xff] & 0xff] ^
+            Td2[Te2[(rk[0] >> 16) & 0xff] & 0xff] ^
+            Td3[Te2[(rk[0] >> 24)       ] & 0xff];
+        rk[1] =
+            Td0[Te2[(rk[1]      ) & 0xff] & 0xff] ^
+            Td1[Te2[(rk[1] >>  8) & 0xff] & 0xff] ^
+            Td2[Te2[(rk[1] >> 16) & 0xff] & 0xff] ^
+            Td3[Te2[(rk[1] >> 24)       ] & 0xff];
+        rk[2] =
+            Td0[Te2[(rk[2]      ) & 0xff] & 0xff] ^
+            Td1[Te2[(rk[2] >>  8) & 0xff] & 0xff] ^
+            Td2[Te2[(rk[2] >> 16) & 0xff] & 0xff] ^
+            Td3[Te2[(rk[2] >> 24)       ] & 0xff];
+        rk[3] =
+            Td0[Te2[(rk[3]      ) & 0xff] & 0xff] ^
+            Td1[Te2[(rk[3] >>  8) & 0xff] & 0xff] ^
+            Td2[Te2[(rk[3] >> 16) & 0xff] & 0xff] ^
+            Td3[Te2[(rk[3] >> 24)       ] & 0xff];
+#endif
+    }
+    return 0;
+}
+
+/*
+ * Encrypt a single block
+ * in and out can overlap
+ */
+void AES_encrypt(const unsigned char *in, unsigned char *out,
+                 const AES_KEY *key)
+{
+
+    const u32 *rk;
+    u32 s0, s1, s2, s3, t[4];
+    int r;
+
+    assert(in && out && key);
+    rk = key->rd_key;
+
+    /*
+     * map byte array block to cipher state
+     * and add initial round key:
+     */
+    s0 = GETU32(in     ) ^ rk[0];
+    s1 = GETU32(in +  4) ^ rk[1];
+    s2 = GETU32(in +  8) ^ rk[2];
+    s3 = GETU32(in + 12) ^ rk[3];
+
+#if defined(AES_COMPACT_IN_OUTER_ROUNDS)
+    prefetch256(Te4);
+
+    t[0] = (u32)Te4[(s0      ) & 0xff]       ^
+           (u32)Te4[(s1 >>  8) & 0xff] <<  8 ^
+           (u32)Te4[(s2 >> 16) & 0xff] << 16 ^
+           (u32)Te4[(s3 >> 24)       ] << 24;
+    t[1] = (u32)Te4[(s1      ) & 0xff]       ^
+           (u32)Te4[(s2 >>  8) & 0xff] <<  8 ^
+           (u32)Te4[(s3 >> 16) & 0xff] << 16 ^
+           (u32)Te4[(s0 >> 24)       ] << 24;
+    t[2] = (u32)Te4[(s2      ) & 0xff]       ^
+           (u32)Te4[(s3 >>  8) & 0xff] <<  8 ^
+           (u32)Te4[(s0 >> 16) & 0xff] << 16 ^
+           (u32)Te4[(s1 >> 24)       ] << 24;
+    t[3] = (u32)Te4[(s3      ) & 0xff]       ^
+           (u32)Te4[(s0 >>  8) & 0xff] <<  8 ^
+           (u32)Te4[(s1 >> 16) & 0xff] << 16 ^
+           (u32)Te4[(s2 >> 24)       ] << 24;
+
+    /* now do the linear transform using words */
+    {   int i;
+        u32 r0, r1, r2;
+
+        for (i = 0; i < 4; i++) {
+            r0 = t[i];
+            r1 = r0 & 0x80808080;
+            r2 = ((r0 & 0x7f7f7f7f) << 1) ^
+                ((r1 - (r1 >> 7)) & 0x1b1b1b1b);
+#if defined(ROTATE)
+            t[i] = r2 ^ ROTATE(r2,24) ^ ROTATE(r0,24) ^
+                ROTATE(r0,16) ^ ROTATE(r0,8);
+#else
+            t[i] = r2 ^ ((r2 ^ r0) << 24) ^ ((r2 ^ r0) >> 8) ^
+                (r0 << 16) ^ (r0 >> 16) ^
+                (r0 << 8) ^ (r0 >> 24);
+#endif
+            t[i] ^= rk[4+i];
+        }
+    }
+#else
+    t[0] =  Te0[(s0      ) & 0xff] ^
+        Te1[(s1 >>  8) & 0xff] ^
+        Te2[(s2 >> 16) & 0xff] ^
+        Te3[(s3 >> 24)       ] ^
+        rk[4];
+    t[1] =  Te0[(s1      ) & 0xff] ^
+        Te1[(s2 >>  8) & 0xff] ^
+        Te2[(s3 >> 16) & 0xff] ^
+        Te3[(s0 >> 24)       ] ^
+        rk[5];
+    t[2] =  Te0[(s2      ) & 0xff] ^
+        Te1[(s3 >>  8) & 0xff] ^
+        Te2[(s0 >> 16) & 0xff] ^
+        Te3[(s1 >> 24)       ] ^
+        rk[6];
+    t[3] =  Te0[(s3      ) & 0xff] ^
+        Te1[(s0 >>  8) & 0xff] ^
+        Te2[(s1 >> 16) & 0xff] ^
+        Te3[(s2 >> 24)       ] ^
+        rk[7];
+#endif
+    s0 = t[0]; s1 = t[1]; s2 = t[2]; s3 = t[3];
+
+    /*
+     * Nr - 2 full rounds:
+     */
+    for (rk+=8,r=key->rounds-2; r>0; rk+=4,r--) {
+#if defined(AES_COMPACT_IN_INNER_ROUNDS)
+        t[0] = (u32)Te4[(s0      ) & 0xff]       ^
+               (u32)Te4[(s1 >>  8) & 0xff] <<  8 ^
+               (u32)Te4[(s2 >> 16) & 0xff] << 16 ^
+               (u32)Te4[(s3 >> 24)       ] << 24;
+        t[1] = (u32)Te4[(s1      ) & 0xff]       ^
+               (u32)Te4[(s2 >>  8) & 0xff] <<  8 ^
+               (u32)Te4[(s3 >> 16) & 0xff] << 16 ^
+               (u32)Te4[(s0 >> 24)       ] << 24;
+        t[2] = (u32)Te4[(s2      ) & 0xff]       ^
+               (u32)Te4[(s3 >>  8) & 0xff] <<  8 ^
+               (u32)Te4[(s0 >> 16) & 0xff] << 16 ^
+               (u32)Te4[(s1 >> 24)       ] << 24;
+        t[3] = (u32)Te4[(s3      ) & 0xff]       ^
+               (u32)Te4[(s0 >>  8) & 0xff] <<  8 ^
+               (u32)Te4[(s1 >> 16) & 0xff] << 16 ^
+               (u32)Te4[(s2 >> 24)       ] << 24;
+
+        /* now do the linear transform using words */
+        {
+            int i;
+            u32 r0, r1, r2;
+
+            for (i = 0; i < 4; i++) {
+                r0 = t[i];
+                r1 = r0 & 0x80808080;
+                r2 = ((r0 & 0x7f7f7f7f) << 1) ^
+                    ((r1 - (r1 >> 7)) & 0x1b1b1b1b);
+#if defined(ROTATE)
+                t[i] = r2 ^ ROTATE(r2,24) ^ ROTATE(r0,24) ^
+                    ROTATE(r0,16) ^ ROTATE(r0,8);
+#else
+                t[i] = r2 ^ ((r2 ^ r0) << 24) ^ ((r2 ^ r0) >> 8) ^
+                    (r0 << 16) ^ (r0 >> 16) ^
+                    (r0 << 8) ^ (r0 >> 24);
+#endif
+                t[i] ^= rk[i];
+            }
+        }
+#else
+        t[0] =  Te0[(s0      ) & 0xff] ^
+            Te1[(s1 >>  8) & 0xff] ^
+            Te2[(s2 >> 16) & 0xff] ^
+            Te3[(s3 >> 24)       ] ^
+            rk[0];
+        t[1] =  Te0[(s1      ) & 0xff] ^
+            Te1[(s2 >>  8) & 0xff] ^
+            Te2[(s3 >> 16) & 0xff] ^
+            Te3[(s0 >> 24)       ] ^
+            rk[1];
+        t[2] =  Te0[(s2      ) & 0xff] ^
+            Te1[(s3 >>  8) & 0xff] ^
+            Te2[(s0 >> 16) & 0xff] ^
+            Te3[(s1 >> 24)       ] ^
+            rk[2];
+        t[3] =  Te0[(s3      ) & 0xff] ^
+            Te1[(s0 >>  8) & 0xff] ^
+            Te2[(s1 >> 16) & 0xff] ^
+            Te3[(s2 >> 24)       ] ^
+            rk[3];
+#endif
+        s0 = t[0]; s1 = t[1]; s2 = t[2]; s3 = t[3];
+    }
+    /*
+     * apply last round and
+     * map cipher state to byte array block:
+     */
+#if defined(AES_COMPACT_IN_OUTER_ROUNDS)
+    prefetch256(Te4);
+
+    *(u32*)(out+0) =
+           (u32)Te4[(s0      ) & 0xff]       ^
+           (u32)Te4[(s1 >>  8) & 0xff] <<  8 ^
+           (u32)Te4[(s2 >> 16) & 0xff] << 16 ^
+           (u32)Te4[(s3 >> 24)       ] << 24 ^
+        rk[0];
+    *(u32*)(out+4) =
+           (u32)Te4[(s1      ) & 0xff]       ^
+           (u32)Te4[(s2 >>  8) & 0xff] <<  8 ^
+           (u32)Te4[(s3 >> 16) & 0xff] << 16 ^
+           (u32)Te4[(s0 >> 24)       ] << 24 ^
+        rk[1];
+    *(u32*)(out+8) =
+           (u32)Te4[(s2      ) & 0xff]       ^
+           (u32)Te4[(s3 >>  8) & 0xff] <<  8 ^
+           (u32)Te4[(s0 >> 16) & 0xff] << 16 ^
+           (u32)Te4[(s1 >> 24)       ] << 24 ^
+        rk[2];
+    *(u32*)(out+12) =
+           (u32)Te4[(s3      ) & 0xff]       ^
+           (u32)Te4[(s0 >>  8) & 0xff] <<  8 ^
+           (u32)Te4[(s1 >> 16) & 0xff] << 16 ^
+           (u32)Te4[(s2 >> 24)       ] << 24 ^
+        rk[3];
+#else
+    *(u32*)(out+0) =
+        (Te2[(s0      ) & 0xff] & 0x000000ffU) ^
+        (Te3[(s1 >>  8) & 0xff] & 0x0000ff00U) ^
+        (Te0[(s2 >> 16) & 0xff] & 0x00ff0000U) ^
+        (Te1[(s3 >> 24)       ] & 0xff000000U) ^
+        rk[0];
+    *(u32*)(out+4) =
+        (Te2[(s1      ) & 0xff] & 0x000000ffU) ^
+        (Te3[(s2 >>  8) & 0xff] & 0x0000ff00U) ^
+        (Te0[(s3 >> 16) & 0xff] & 0x00ff0000U) ^
+        (Te1[(s0 >> 24)       ] & 0xff000000U) ^
+        rk[1];
+    *(u32*)(out+8) =
+        (Te2[(s2      ) & 0xff] & 0x000000ffU) ^
+        (Te3[(s3 >>  8) & 0xff] & 0x0000ff00U) ^
+        (Te0[(s0 >> 16) & 0xff] & 0x00ff0000U) ^
+        (Te1[(s1 >> 24)       ] & 0xff000000U) ^
+        rk[2];
+    *(u32*)(out+12) =
+        (Te2[(s3      ) & 0xff] & 0x000000ffU) ^
+        (Te3[(s0 >>  8) & 0xff] & 0x0000ff00U) ^
+        (Te0[(s1 >> 16) & 0xff] & 0x00ff0000U) ^
+        (Te1[(s2 >> 24)       ] & 0xff000000U) ^
+        rk[3];
+#endif
+}
+
+/*
+ * Decrypt a single block
+ * in and out can overlap
+ */
+void AES_decrypt(const unsigned char *in, unsigned char *out,
+                 const AES_KEY *key)
+{
+
+    const u32 *rk;
+    u32 s0, s1, s2, s3, t[4];
+    int r;
+
+    assert(in && out && key);
+    rk = key->rd_key;
+
+    /*
+     * map byte array block to cipher state
+     * and add initial round key:
+     */
+    s0 = GETU32(in     ) ^ rk[0];
+    s1 = GETU32(in +  4) ^ rk[1];
+    s2 = GETU32(in +  8) ^ rk[2];
+    s3 = GETU32(in + 12) ^ rk[3];
+
+#if defined(AES_COMPACT_IN_OUTER_ROUNDS)
+    prefetch256(Td4);
+
+    t[0] = (u32)Td4[(s0      ) & 0xff]       ^
+           (u32)Td4[(s3 >>  8) & 0xff] <<  8 ^
+           (u32)Td4[(s2 >> 16) & 0xff] << 16 ^
+           (u32)Td4[(s1 >> 24)       ] << 24;
+    t[1] = (u32)Td4[(s1      ) & 0xff]       ^
+           (u32)Td4[(s0 >>  8) & 0xff] <<  8 ^
+           (u32)Td4[(s3 >> 16) & 0xff] << 16 ^
+           (u32)Td4[(s2 >> 24)       ] << 24;
+    t[2] = (u32)Td4[(s2      ) & 0xff]       ^
+           (u32)Td4[(s1 >>  8) & 0xff] <<  8 ^
+           (u32)Td4[(s0 >> 16) & 0xff] << 16 ^
+           (u32)Td4[(s3 >> 24)       ] << 24;
+    t[3] = (u32)Td4[(s3      ) & 0xff]       ^
+           (u32)Td4[(s2 >>  8) & 0xff] <<  8 ^
+           (u32)Td4[(s1 >> 16) & 0xff] << 16 ^
+           (u32)Td4[(s0 >> 24)       ] << 24;
+
+    /* now do the linear transform using words */
+    {
+        int i;
+        u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m;
+
+        for (i = 0; i < 4; i++) {
+            tp1 = t[i];
+            m = tp1 & 0x80808080;
+            tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^
+                ((m - (m >> 7)) & 0x1b1b1b1b);
+            m = tp2 & 0x80808080;
+            tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^
+                ((m - (m >> 7)) & 0x1b1b1b1b);
+            m = tp4 & 0x80808080;
+            tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^
+                ((m - (m >> 7)) & 0x1b1b1b1b);
+            tp9 = tp8 ^ tp1;
+            tpb = tp9 ^ tp2;
+            tpd = tp9 ^ tp4;
+            tpe = tp8 ^ tp4 ^ tp2;
+#if defined(ROTATE)
+            t[i] = tpe ^ ROTATE(tpd,16) ^
+                ROTATE(tp9,8) ^ ROTATE(tpb,24);
+#else
+            t[i] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^
+                (tp9 >> 24) ^ (tp9 << 8) ^
+                (tpb >> 8) ^ (tpb << 24);
+#endif
+            t[i] ^= rk[4+i];
+        }
+    }
+#else
+    t[0] =  Td0[(s0      ) & 0xff] ^
+        Td1[(s3 >>  8) & 0xff] ^
+        Td2[(s2 >> 16) & 0xff] ^
+        Td3[(s1 >> 24)       ] ^
+        rk[4];
+    t[1] =  Td0[(s1      ) & 0xff] ^
+        Td1[(s0 >>  8) & 0xff] ^
+        Td2[(s3 >> 16) & 0xff] ^
+        Td3[(s2 >> 24)       ] ^
+        rk[5];
+    t[2] =  Td0[(s2      ) & 0xff] ^
+        Td1[(s1 >>  8) & 0xff] ^
+        Td2[(s0 >> 16) & 0xff] ^
+        Td3[(s3 >> 24)       ] ^
+        rk[6];
+    t[3] =  Td0[(s3      ) & 0xff] ^
+        Td1[(s2 >>  8) & 0xff] ^
+        Td2[(s1 >> 16) & 0xff] ^
+        Td3[(s0 >> 24)       ] ^
+        rk[7];
+#endif
+    s0 = t[0]; s1 = t[1]; s2 = t[2]; s3 = t[3];
+
+    /*
+     * Nr - 2 full rounds:
+     */
+    for (rk+=8,r=key->rounds-2; r>0; rk+=4,r--) {
+#if defined(AES_COMPACT_IN_INNER_ROUNDS)
+        t[0] = (u32)Td4[(s0      ) & 0xff]       ^
+               (u32)Td4[(s3 >>  8) & 0xff] <<  8 ^
+               (u32)Td4[(s2 >> 16) & 0xff] << 16 ^
+               (u32)Td4[(s1 >> 24)       ] << 24;
+        t[1] = (u32)Td4[(s1      ) & 0xff]       ^
+               (u32)Td4[(s0 >>  8) & 0xff] <<  8 ^
+               (u32)Td4[(s3 >> 16) & 0xff] << 16 ^
+               (u32)Td4[(s2 >> 24)       ] << 24;
+        t[2] = (u32)Td4[(s2      ) & 0xff]       ^
+               (u32)Td4[(s1 >>  8) & 0xff] <<  8 ^
+               (u32)Td4[(s0 >> 16) & 0xff] << 16 ^
+               (u32)Td4[(s3 >> 24)       ] << 24;
+        t[3] = (u32)Td4[(s3      ) & 0xff]       ^
+               (u32)Td4[(s2 >>  8) & 0xff] <<  8 ^
+               (u32)Td4[(s1 >> 16) & 0xff] << 16 ^
+               (u32)Td4[(s0 >> 24)       ] << 24;
+
+    /* now do the linear transform using words */
+    {
+        int i;
+        u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m;
+
+        for (i = 0; i < 4; i++) {
+            tp1 = t[i];
+            m = tp1 & 0x80808080;
+            tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^
+                ((m - (m >> 7)) & 0x1b1b1b1b);
+            m = tp2 & 0x80808080;
+            tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^
+                ((m - (m >> 7)) & 0x1b1b1b1b);
+            m = tp4 & 0x80808080;
+            tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^
+                ((m - (m >> 7)) & 0x1b1b1b1b);
+            tp9 = tp8 ^ tp1;
+            tpb = tp9 ^ tp2;
+            tpd = tp9 ^ tp4;
+            tpe = tp8 ^ tp4 ^ tp2;
+#if defined(ROTATE)
+            t[i] = tpe ^ ROTATE(tpd,16) ^
+                ROTATE(tp9,8) ^ ROTATE(tpb,24);
+#else
+            t[i] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^
+                (tp9 >> 24) ^ (tp9 << 8) ^
+                (tpb >> 8) ^ (tpb << 24);
+#endif
+            t[i] ^= rk[i];
+        }
+    }
+#else
+    t[0] =  Td0[(s0      ) & 0xff] ^
+        Td1[(s3 >>  8) & 0xff] ^
+        Td2[(s2 >> 16) & 0xff] ^
+        Td3[(s1 >> 24)       ] ^
+        rk[0];
+    t[1] =  Td0[(s1      ) & 0xff] ^
+        Td1[(s0 >>  8) & 0xff] ^
+        Td2[(s3 >> 16) & 0xff] ^
+        Td3[(s2 >> 24)       ] ^
+        rk[1];
+    t[2] =  Td0[(s2      ) & 0xff] ^
+        Td1[(s1 >>  8) & 0xff] ^
+        Td2[(s0 >> 16) & 0xff] ^
+        Td3[(s3 >> 24)       ] ^
+        rk[2];
+    t[3] =  Td0[(s3      ) & 0xff] ^
+        Td1[(s2 >>  8) & 0xff] ^
+        Td2[(s1 >> 16) & 0xff] ^
+        Td3[(s0 >> 24)       ] ^
+        rk[3];
+#endif
+    s0 = t[0]; s1 = t[1]; s2 = t[2]; s3 = t[3];
+    }
+    /*
+     * apply last round and
+     * map cipher state to byte array block:
+     */
+    prefetch256(Td4);
+
+    *(u32*)(out+0) =
+        ((u32)Td4[(s0      ) & 0xff])    ^
+        ((u32)Td4[(s3 >>  8) & 0xff] <<  8) ^
+        ((u32)Td4[(s2 >> 16) & 0xff] << 16) ^
+        ((u32)Td4[(s1 >> 24)       ] << 24) ^
+        rk[0];
+    *(u32*)(out+4) =
+        ((u32)Td4[(s1      ) & 0xff])     ^
+        ((u32)Td4[(s0 >>  8) & 0xff] <<  8) ^
+        ((u32)Td4[(s3 >> 16) & 0xff] << 16) ^
+        ((u32)Td4[(s2 >> 24)       ] << 24) ^
+        rk[1];
+    *(u32*)(out+8) =
+        ((u32)Td4[(s2      ) & 0xff])     ^
+        ((u32)Td4[(s1 >>  8) & 0xff] <<  8) ^
+        ((u32)Td4[(s0 >> 16) & 0xff] << 16) ^
+        ((u32)Td4[(s3 >> 24)       ] << 24) ^
+        rk[2];
+    *(u32*)(out+12) =
+        ((u32)Td4[(s3      ) & 0xff])     ^
+        ((u32)Td4[(s2 >>  8) & 0xff] <<  8) ^
+        ((u32)Td4[(s1 >> 16) & 0xff] << 16) ^
+        ((u32)Td4[(s0 >> 24)       ] << 24) ^
+        rk[3];
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-586.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-586.pl
new file mode 100755
index 000000000..29059edf8
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-586.pl
@@ -0,0 +1,3000 @@
+#! /usr/bin/env perl
+# Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# Version 4.3.
+#
+# You might fail to appreciate this module performance from the first
+# try. If compared to "vanilla" linux-ia32-icc target, i.e. considered
+# to be *the* best Intel C compiler without -KPIC, performance appears
+# to be virtually identical... But try to re-configure with shared
+# library support... Aha! Intel compiler "suddenly" lags behind by 30%
+# [on P4, more on others]:-) And if compared to position-independent
+# code generated by GNU C, this code performs *more* than *twice* as
+# fast! Yes, all this buzz about PIC means that unlike other hand-
+# coded implementations, this one was explicitly designed to be safe
+# to use even in shared library context... This also means that this
+# code isn't necessarily absolutely fastest "ever," because in order
+# to achieve position independence an extra register has to be
+# off-loaded to stack, which affects the benchmark result.
+#
+# Special note about instruction choice. Do you recall RC4_INT code
+# performing poorly on P4? It might be the time to figure out why.
+# RC4_INT code implies effective address calculations in base+offset*4
+# form. Trouble is that it seems that offset scaling turned to be
+# critical path... At least eliminating scaling resulted in 2.8x RC4
+# performance improvement [as you might recall]. As AES code is hungry
+# for scaling too, I [try to] avoid the latter by favoring off-by-2
+# shifts and masking the result with 0xFF<<2 instead of "boring" 0xFF.
+#
+# As was shown by Dean Gaudet, the above note turned out to be
+# void. Performance improvement with off-by-2 shifts was observed on
+# intermediate implementation, which was spilling yet another register
+# to stack... Final offset*4 code below runs just a tad faster on P4,
+# but exhibits up to 10% improvement on other cores.
+#
+# Second version is "monolithic" replacement for aes_core.c, which in
+# addition to AES_[de|en]crypt implements AES_set_[de|en]cryption_key.
+# This made it possible to implement little-endian variant of the
+# algorithm without modifying the base C code. Motivating factor for
+# the undertaken effort was that it appeared that in tight IA-32
+# register window little-endian flavor could achieve slightly higher
+# Instruction Level Parallelism, and it indeed resulted in up to 15%
+# better performance on most recent µ-archs...
+#
+# Third version adds AES_cbc_encrypt implementation, which resulted in
+# up to 40% performance improvement of CBC benchmark results. 40% was
+# observed on P4 core, where "overall" improvement coefficient, i.e. if
+# compared to PIC generated by GCC and in CBC mode, was observed to be
+# as large as 4x:-) CBC performance is virtually identical to ECB now
+# and on some platforms even better, e.g. 17.6 "small" cycles/byte on
+# Opteron, because certain function prologues and epilogues are
+# effectively taken out of the loop...
+#
+# Version 3.2 implements compressed tables and prefetch of these tables
+# in CBC[!] mode. Former means that 3/4 of table references are now
+# misaligned, which unfortunately has negative impact on elder IA-32
+# implementations, Pentium suffered 30% penalty, PIII - 10%.
+#
+# Version 3.3 avoids L1 cache aliasing between stack frame and
+# S-boxes, and 3.4 - L1 cache aliasing even between key schedule. The
+# latter is achieved by copying the key schedule to controlled place in
+# stack. This unfortunately has rather strong impact on small block CBC
+# performance, ~2x deterioration on 16-byte block if compared to 3.3.
+#
+# Version 3.5 checks if there is L1 cache aliasing between user-supplied
+# key schedule and S-boxes and abstains from copying the former if
+# there is no. This allows end-user to consciously retain small block
+# performance by aligning key schedule in specific manner.
+#
+# Version 3.6 compresses Td4 to 256 bytes and prefetches it in ECB.
+#
+# Current ECB performance numbers for 128-bit key in CPU cycles per
+# processed byte [measure commonly used by AES benchmarkers] are:
+#
+#		small footprint		fully unrolled
+# P4		24			22
+# AMD K8	20			19
+# PIII		25			23
+# Pentium	81			78
+#
+# Version 3.7 reimplements outer rounds as "compact." Meaning that
+# first and last rounds reference compact 256 bytes S-box. This means
+# that first round consumes a lot more CPU cycles and that encrypt
+# and decrypt performance becomes asymmetric. Encrypt performance
+# drops by 10-12%, while decrypt - by 20-25%:-( 256 bytes S-box is
+# aggressively pre-fetched.
+#
+# Version 4.0 effectively rolls back to 3.6 and instead implements
+# additional set of functions, _[x86|sse]_AES_[en|de]crypt_compact,
+# which use exclusively 256 byte S-box. These functions are to be
+# called in modes not concealing plain text, such as ECB, or when
+# we're asked to process smaller amount of data [or unconditionally
+# on hyper-threading CPU]. Currently it's called unconditionally from
+# AES_[en|de]crypt, which affects all modes, but CBC. CBC routine
+# still needs to be modified to switch between slower and faster
+# mode when appropriate... But in either case benchmark landscape
+# changes dramatically and below numbers are CPU cycles per processed
+# byte for 128-bit key.
+#
+#		ECB encrypt	ECB decrypt	CBC large chunk
+# P4		52[54]		83[95]		23
+# AMD K8	46[41]		66[70]		18
+# PIII		41[50]		60[77]		24
+# Core 2	31[36]		45[64]		18.5
+# Atom		76[100]		96[138]		60
+# Pentium	115		150		77
+#
+# Version 4.1 switches to compact S-box even in key schedule setup.
+#
+# Version 4.2 prefetches compact S-box in every SSE round or in other
+# words every cache-line is *guaranteed* to be accessed within ~50
+# cycles window. Why just SSE? Because it's needed on hyper-threading
+# CPU! Which is also why it's prefetched with 64 byte stride. Best
+# part is that it has no negative effect on performance:-)
+#
+# Version 4.3 implements switch between compact and non-compact block
+# functions in AES_cbc_encrypt depending on how much data was asked
+# to be processed in one stroke.
+#
+######################################################################
+# Timing attacks are classified in two classes: synchronous when
+# attacker consciously initiates cryptographic operation and collects
+# timing data of various character afterwards, and asynchronous when
+# malicious code is executed on same CPU simultaneously with AES,
+# instruments itself and performs statistical analysis of this data.
+#
+# As far as synchronous attacks go the root to the AES timing
+# vulnerability is twofold. Firstly, of 256 S-box elements at most 160
+# are referred to in single 128-bit block operation. Well, in C
+# implementation with 4 distinct tables it's actually as little as 40
+# references per 256 elements table, but anyway... Secondly, even
+# though S-box elements are clustered into smaller amount of cache-
+# lines, smaller than 160 and even 40, it turned out that for certain
+# plain-text pattern[s] or simply put chosen plain-text and given key
+# few cache-lines remain unaccessed during block operation. Now, if
+# attacker can figure out this access pattern, he can deduct the key
+# [or at least part of it]. The natural way to mitigate this kind of
+# attacks is to minimize the amount of cache-lines in S-box and/or
+# prefetch them to ensure that every one is accessed for more uniform
+# timing. But note that *if* plain-text was concealed in such way that
+# input to block function is distributed *uniformly*, then attack
+# wouldn't apply. Now note that some encryption modes, most notably
+# CBC, do mask the plain-text in this exact way [secure cipher output
+# is distributed uniformly]. Yes, one still might find input that
+# would reveal the information about given key, but if amount of
+# candidate inputs to be tried is larger than amount of possible key
+# combinations then attack becomes infeasible. This is why revised
+# AES_cbc_encrypt "dares" to switch to larger S-box when larger chunk
+# of data is to be processed in one stroke. The current size limit of
+# 512 bytes is chosen to provide same [diminishingly low] probability
+# for cache-line to remain untouched in large chunk operation with
+# large S-box as for single block operation with compact S-box and
+# surely needs more careful consideration...
+#
+# As for asynchronous attacks. There are two flavours: attacker code
+# being interleaved with AES on hyper-threading CPU at *instruction*
+# level, and two processes time sharing single core. As for latter.
+# Two vectors. 1. Given that attacker process has higher priority,
+# yield execution to process performing AES just before timer fires
+# off the scheduler, immediately regain control of CPU and analyze the
+# cache state. For this attack to be efficient attacker would have to
+# effectively slow down the operation by several *orders* of magnitude,
+# by ratio of time slice to duration of handful of AES rounds, which
+# unlikely to remain unnoticed. Not to mention that this also means
+# that he would spend correspondingly more time to collect enough
+# statistical data to mount the attack. It's probably appropriate to
+# say that if adversary reckons that this attack is beneficial and
+# risks to be noticed, you probably have larger problems having him
+# mere opportunity. In other words suggested code design expects you
+# to preclude/mitigate this attack by overall system security design.
+# 2. Attacker manages to make his code interrupt driven. In order for
+# this kind of attack to be feasible, interrupt rate has to be high
+# enough, again comparable to duration of handful of AES rounds. But
+# is there interrupt source of such rate? Hardly, not even 1Gbps NIC
+# generates interrupts at such raging rate...
+#
+# And now back to the former, hyper-threading CPU or more specifically
+# Intel P4. Recall that asynchronous attack implies that malicious
+# code instruments itself. And naturally instrumentation granularity
+# has be noticeably lower than duration of codepath accessing S-box.
+# Given that all cache-lines are accessed during that time that is.
+# Current implementation accesses *all* cache-lines within ~50 cycles
+# window, which is actually *less* than RDTSC latency on Intel P4!
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+
+$output = pop;
+open OUT,">$output";
+*STDOUT=*OUT;
+
+&asm_init($ARGV[0],$x86only = $ARGV[$#ARGV] eq "386");
+&static_label("AES_Te");
+&static_label("AES_Td");
+
+$s0="eax";
+$s1="ebx";
+$s2="ecx";
+$s3="edx";
+$key="edi";
+$acc="esi";
+$tbl="ebp";
+
+# stack frame layout in _[x86|sse]_AES_* routines, frame is allocated
+# by caller
+$__ra=&DWP(0,"esp");	# return address
+$__s0=&DWP(4,"esp");	# s0 backing store
+$__s1=&DWP(8,"esp");	# s1 backing store
+$__s2=&DWP(12,"esp");	# s2 backing store
+$__s3=&DWP(16,"esp");	# s3 backing store
+$__key=&DWP(20,"esp");	# pointer to key schedule
+$__end=&DWP(24,"esp");	# pointer to end of key schedule
+$__tbl=&DWP(28,"esp");	# %ebp backing store
+
+# stack frame layout in AES_[en|crypt] routines, which differs from
+# above by 4 and overlaps by %ebp backing store
+$_tbl=&DWP(24,"esp");
+$_esp=&DWP(28,"esp");
+
+sub _data_word() { my $i; while(defined($i=shift)) { &data_word($i,$i); } }
+
+$speed_limit=512;	# chunks smaller than $speed_limit are
+			# processed with compact routine in CBC mode
+$small_footprint=1;	# $small_footprint=1 code is ~5% slower [on
+			# recent µ-archs], but ~5 times smaller!
+			# I favor compact code to minimize cache
+			# contention and in hope to "collect" 5% back
+			# in real-life applications...
+
+$vertical_spin=0;	# shift "vertically" defaults to 0, because of
+			# its proof-of-concept status...
+# Note that there is no decvert(), as well as last encryption round is
+# performed with "horizontal" shifts. This is because this "vertical"
+# implementation [one which groups shifts on a given $s[i] to form a
+# "column," unlike "horizontal" one, which groups shifts on different
+# $s[i] to form a "row"] is work in progress. It was observed to run
+# few percents faster on Intel cores, but not AMD. On AMD K8 core it's
+# whole 12% slower:-( So we face a trade-off... Shall it be resolved
+# some day? Till then the code is considered experimental and by
+# default remains dormant...
+
+sub encvert()
+{ my ($te,@s) = @_;
+  my ($v0,$v1) = ($acc,$key);
+
+	&mov	($v0,$s[3]);				# copy s3
+	&mov	(&DWP(4,"esp"),$s[2]);			# save s2
+	&mov	($v1,$s[0]);				# copy s0
+	&mov	(&DWP(8,"esp"),$s[1]);			# save s1
+
+	&movz	($s[2],&HB($s[0]));
+	&and	($s[0],0xFF);
+	&mov	($s[0],&DWP(0,$te,$s[0],8));		# s0>>0
+	&shr	($v1,16);
+	&mov	($s[3],&DWP(3,$te,$s[2],8));		# s0>>8
+	&movz	($s[1],&HB($v1));
+	&and	($v1,0xFF);
+	&mov	($s[2],&DWP(2,$te,$v1,8));		# s0>>16
+	 &mov	($v1,$v0);
+	&mov	($s[1],&DWP(1,$te,$s[1],8));		# s0>>24
+
+	&and	($v0,0xFF);
+	&xor	($s[3],&DWP(0,$te,$v0,8));		# s3>>0
+	&movz	($v0,&HB($v1));
+	&shr	($v1,16);
+	&xor	($s[2],&DWP(3,$te,$v0,8));		# s3>>8
+	&movz	($v0,&HB($v1));
+	&and	($v1,0xFF);
+	&xor	($s[1],&DWP(2,$te,$v1,8));		# s3>>16
+	 &mov	($v1,&DWP(4,"esp"));			# restore s2
+	&xor	($s[0],&DWP(1,$te,$v0,8));		# s3>>24
+
+	&mov	($v0,$v1);
+	&and	($v1,0xFF);
+	&xor	($s[2],&DWP(0,$te,$v1,8));		# s2>>0
+	&movz	($v1,&HB($v0));
+	&shr	($v0,16);
+	&xor	($s[1],&DWP(3,$te,$v1,8));		# s2>>8
+	&movz	($v1,&HB($v0));
+	&and	($v0,0xFF);
+	&xor	($s[0],&DWP(2,$te,$v0,8));		# s2>>16
+	 &mov	($v0,&DWP(8,"esp"));			# restore s1
+	&xor	($s[3],&DWP(1,$te,$v1,8));		# s2>>24
+
+	&mov	($v1,$v0);
+	&and	($v0,0xFF);
+	&xor	($s[1],&DWP(0,$te,$v0,8));		# s1>>0
+	&movz	($v0,&HB($v1));
+	&shr	($v1,16);
+	&xor	($s[0],&DWP(3,$te,$v0,8));		# s1>>8
+	&movz	($v0,&HB($v1));
+	&and	($v1,0xFF);
+	&xor	($s[3],&DWP(2,$te,$v1,8));		# s1>>16
+	 &mov	($key,$__key);				# reincarnate v1 as key
+	&xor	($s[2],&DWP(1,$te,$v0,8));		# s1>>24
+}
+
+# Another experimental routine, which features "horizontal spin," but
+# eliminates one reference to stack. Strangely enough runs slower...
+sub enchoriz()
+{ my ($v0,$v1) = ($key,$acc);
+
+	&movz	($v0,&LB($s0));			#  3, 2, 1, 0*
+	&rotr	($s2,8);			#  8,11,10, 9
+	&mov	($v1,&DWP(0,$te,$v0,8));	#  0
+	&movz	($v0,&HB($s1));			#  7, 6, 5*, 4
+	&rotr	($s3,16);			# 13,12,15,14
+	&xor	($v1,&DWP(3,$te,$v0,8));	#  5
+	&movz	($v0,&HB($s2));			#  8,11,10*, 9
+	&rotr	($s0,16);			#  1, 0, 3, 2
+	&xor	($v1,&DWP(2,$te,$v0,8));	# 10
+	&movz	($v0,&HB($s3));			# 13,12,15*,14
+	&xor	($v1,&DWP(1,$te,$v0,8));	# 15, t[0] collected
+	&mov	($__s0,$v1);			# t[0] saved
+
+	&movz	($v0,&LB($s1));			#  7, 6, 5, 4*
+	&shr	($s1,16);			#  -, -, 7, 6
+	&mov	($v1,&DWP(0,$te,$v0,8));	#  4
+	&movz	($v0,&LB($s3));			# 13,12,15,14*
+	&xor	($v1,&DWP(2,$te,$v0,8));	# 14
+	&movz	($v0,&HB($s0));			#  1, 0, 3*, 2
+	&and	($s3,0xffff0000);		# 13,12, -, -
+	&xor	($v1,&DWP(1,$te,$v0,8));	#  3
+	&movz	($v0,&LB($s2));			#  8,11,10, 9*
+	&or	($s3,$s1);			# 13,12, 7, 6
+	&xor	($v1,&DWP(3,$te,$v0,8));	#  9, t[1] collected
+	&mov	($s1,$v1);			#  s[1]=t[1]
+
+	&movz	($v0,&LB($s0));			#  1, 0, 3, 2*
+	&shr	($s2,16);			#  -, -, 8,11
+	&mov	($v1,&DWP(2,$te,$v0,8));	#  2
+	&movz	($v0,&HB($s3));			# 13,12, 7*, 6
+	&xor	($v1,&DWP(1,$te,$v0,8));	#  7
+	&movz	($v0,&HB($s2));			#  -, -, 8*,11
+	&xor	($v1,&DWP(0,$te,$v0,8));	#  8
+	&mov	($v0,$s3);
+	&shr	($v0,24);			# 13
+	&xor	($v1,&DWP(3,$te,$v0,8));	# 13, t[2] collected
+
+	&movz	($v0,&LB($s2));			#  -, -, 8,11*
+	&shr	($s0,24);			#  1*
+	&mov	($s2,&DWP(1,$te,$v0,8));	# 11
+	&xor	($s2,&DWP(3,$te,$s0,8));	#  1
+	&mov	($s0,$__s0);			# s[0]=t[0]
+	&movz	($v0,&LB($s3));			# 13,12, 7, 6*
+	&shr	($s3,16);			#   ,  ,13,12
+	&xor	($s2,&DWP(2,$te,$v0,8));	#  6
+	&mov	($key,$__key);			# reincarnate v0 as key
+	&and	($s3,0xff);			#   ,  ,13,12*
+	&mov	($s3,&DWP(0,$te,$s3,8));	# 12
+	&xor	($s3,$s2);			# s[2]=t[3] collected
+	&mov	($s2,$v1);			# s[2]=t[2]
+}
+
+# More experimental code... SSE one... Even though this one eliminates
+# *all* references to stack, it's not faster...
+sub sse_encbody()
+{
+	&movz	($acc,&LB("eax"));		#  0
+	&mov	("ecx",&DWP(0,$tbl,$acc,8));	#  0
+	&pshufw	("mm2","mm0",0x0d);		#  7, 6, 3, 2
+	&movz	("edx",&HB("eax"));		#  1
+	&mov	("edx",&DWP(3,$tbl,"edx",8));	#  1
+	&shr	("eax",16);			#  5, 4
+
+	&movz	($acc,&LB("ebx"));		# 10
+	&xor	("ecx",&DWP(2,$tbl,$acc,8));	# 10
+	&pshufw	("mm6","mm4",0x08);		# 13,12, 9, 8
+	&movz	($acc,&HB("ebx"));		# 11
+	&xor	("edx",&DWP(1,$tbl,$acc,8));	# 11
+	&shr	("ebx",16);			# 15,14
+
+	&movz	($acc,&HB("eax"));		#  5
+	&xor	("ecx",&DWP(3,$tbl,$acc,8));	#  5
+	&movq	("mm3",QWP(16,$key));
+	&movz	($acc,&HB("ebx"));		# 15
+	&xor	("ecx",&DWP(1,$tbl,$acc,8));	# 15
+	&movd	("mm0","ecx");			# t[0] collected
+
+	&movz	($acc,&LB("eax"));		#  4
+	&mov	("ecx",&DWP(0,$tbl,$acc,8));	#  4
+	&movd	("eax","mm2");			#  7, 6, 3, 2
+	&movz	($acc,&LB("ebx"));		# 14
+	&xor	("ecx",&DWP(2,$tbl,$acc,8));	# 14
+	&movd	("ebx","mm6");			# 13,12, 9, 8
+
+	&movz	($acc,&HB("eax"));		#  3
+	&xor	("ecx",&DWP(1,$tbl,$acc,8));	#  3
+	&movz	($acc,&HB("ebx"));		#  9
+	&xor	("ecx",&DWP(3,$tbl,$acc,8));	#  9
+	&movd	("mm1","ecx");			# t[1] collected
+
+	&movz	($acc,&LB("eax"));		#  2
+	&mov	("ecx",&DWP(2,$tbl,$acc,8));	#  2
+	&shr	("eax",16);			#  7, 6
+	&punpckldq	("mm0","mm1");		# t[0,1] collected
+	&movz	($acc,&LB("ebx"));		#  8
+	&xor	("ecx",&DWP(0,$tbl,$acc,8));	#  8
+	&shr	("ebx",16);			# 13,12
+
+	&movz	($acc,&HB("eax"));		#  7
+	&xor	("ecx",&DWP(1,$tbl,$acc,8));	#  7
+	&pxor	("mm0","mm3");
+	&movz	("eax",&LB("eax"));		#  6
+	&xor	("edx",&DWP(2,$tbl,"eax",8));	#  6
+	&pshufw	("mm1","mm0",0x08);		#  5, 4, 1, 0
+	&movz	($acc,&HB("ebx"));		# 13
+	&xor	("ecx",&DWP(3,$tbl,$acc,8));	# 13
+	&xor	("ecx",&DWP(24,$key));		# t[2]
+	&movd	("mm4","ecx");			# t[2] collected
+	&movz	("ebx",&LB("ebx"));		# 12
+	&xor	("edx",&DWP(0,$tbl,"ebx",8));	# 12
+	&shr	("ecx",16);
+	&movd	("eax","mm1");			#  5, 4, 1, 0
+	&mov	("ebx",&DWP(28,$key));		# t[3]
+	&xor	("ebx","edx");
+	&movd	("mm5","ebx");			# t[3] collected
+	&and	("ebx",0xffff0000);
+	&or	("ebx","ecx");
+
+	&punpckldq	("mm4","mm5");		# t[2,3] collected
+}
+
+######################################################################
+# "Compact" block function
+######################################################################
+
+sub enccompact()
+{ my $Fn = \&mov;
+  while ($#_>5) { pop(@_); $Fn=sub{}; }
+  my ($i,$te,@s)=@_;
+  my $tmp = $key;
+  my $out = $i==3?$s[0]:$acc;
+
+	# $Fn is used in first compact round and its purpose is to
+	# void restoration of some values from stack, so that after
+	# 4xenccompact with extra argument $key value is left there...
+	if ($i==3)  {	&$Fn	($key,$__key);			}##%edx
+	else        {	&mov	($out,$s[0]);			}
+			&and	($out,0xFF);
+	if ($i==1)  {	&shr	($s[0],16);			}#%ebx[1]
+	if ($i==2)  {	&shr	($s[0],24);			}#%ecx[2]
+			&movz	($out,&BP(-128,$te,$out,1));
+
+	if ($i==3)  {	$tmp=$s[1];				}##%eax
+			&movz	($tmp,&HB($s[1]));
+			&movz	($tmp,&BP(-128,$te,$tmp,1));
+			&shl	($tmp,8);
+			&xor	($out,$tmp);
+
+	if ($i==3)  {	$tmp=$s[2]; &mov ($s[1],$__s0);		}##%ebx
+	else        {	&mov	($tmp,$s[2]);
+			&shr	($tmp,16);			}
+	if ($i==2)  {	&and	($s[1],0xFF);			}#%edx[2]
+			&and	($tmp,0xFF);
+			&movz	($tmp,&BP(-128,$te,$tmp,1));
+			&shl	($tmp,16);
+			&xor	($out,$tmp);
+
+	if ($i==3)  {	$tmp=$s[3]; &mov ($s[2],$__s1);		}##%ecx
+	elsif($i==2){	&movz	($tmp,&HB($s[3]));		}#%ebx[2]
+	else        {	&mov	($tmp,$s[3]);
+			&shr	($tmp,24);			}
+			&movz	($tmp,&BP(-128,$te,$tmp,1));
+			&shl	($tmp,24);
+			&xor	($out,$tmp);
+	if ($i<2)   {	&mov	(&DWP(4+4*$i,"esp"),$out);	}
+	if ($i==3)  {	&mov	($s[3],$acc);			}
+	&comment();
+}
+
+sub enctransform()
+{ my @s = ($s0,$s1,$s2,$s3);
+  my $i = shift;
+  my $tmp = $tbl;
+  my $r2  = $key ;
+
+	&and	($tmp,$s[$i]);
+	&lea	($r2,&DWP(0,$s[$i],$s[$i]));
+	&mov	($acc,$tmp);
+	&shr	($tmp,7);
+	&and	($r2,0xfefefefe);
+	&sub	($acc,$tmp);
+	&mov	($tmp,$s[$i]);
+	&and	($acc,0x1b1b1b1b);
+	&rotr	($tmp,16);
+	&xor	($acc,$r2);	# r2
+	&mov	($r2,$s[$i]);
+
+	&xor	($s[$i],$acc);	# r0 ^ r2
+	&rotr	($r2,16+8);
+	&xor	($acc,$tmp);
+	&rotl	($s[$i],24);
+	&xor	($acc,$r2);
+	&mov	($tmp,0x80808080)	if ($i!=1);
+	&xor	($s[$i],$acc);	# ROTATE(r2^r0,24) ^ r2
+}
+
+&function_begin_B("_x86_AES_encrypt_compact");
+	# note that caller is expected to allocate stack frame for me!
+	&mov	($__key,$key);			# save key
+
+	&xor	($s0,&DWP(0,$key));		# xor with key
+	&xor	($s1,&DWP(4,$key));
+	&xor	($s2,&DWP(8,$key));
+	&xor	($s3,&DWP(12,$key));
+
+	&mov	($acc,&DWP(240,$key));		# load key->rounds
+	&lea	($acc,&DWP(-2,$acc,$acc));
+	&lea	($acc,&DWP(0,$key,$acc,8));
+	&mov	($__end,$acc);			# end of key schedule
+
+	# prefetch Te4
+	&mov	($key,&DWP(0-128,$tbl));
+	&mov	($acc,&DWP(32-128,$tbl));
+	&mov	($key,&DWP(64-128,$tbl));
+	&mov	($acc,&DWP(96-128,$tbl));
+	&mov	($key,&DWP(128-128,$tbl));
+	&mov	($acc,&DWP(160-128,$tbl));
+	&mov	($key,&DWP(192-128,$tbl));
+	&mov	($acc,&DWP(224-128,$tbl));
+
+	&set_label("loop",16);
+
+		&enccompact(0,$tbl,$s0,$s1,$s2,$s3,1);
+		&enccompact(1,$tbl,$s1,$s2,$s3,$s0,1);
+		&enccompact(2,$tbl,$s2,$s3,$s0,$s1,1);
+		&enccompact(3,$tbl,$s3,$s0,$s1,$s2,1);
+		&mov	($tbl,0x80808080);
+		&enctransform(2);
+		&enctransform(3);
+		&enctransform(0);
+		&enctransform(1);
+		&mov 	($key,$__key);
+		&mov	($tbl,$__tbl);
+		&add	($key,16);		# advance rd_key
+		&xor	($s0,&DWP(0,$key));
+		&xor	($s1,&DWP(4,$key));
+		&xor	($s2,&DWP(8,$key));
+		&xor	($s3,&DWP(12,$key));
+
+	&cmp	($key,$__end);
+	&mov	($__key,$key);
+	&jb	(&label("loop"));
+
+	&enccompact(0,$tbl,$s0,$s1,$s2,$s3);
+	&enccompact(1,$tbl,$s1,$s2,$s3,$s0);
+	&enccompact(2,$tbl,$s2,$s3,$s0,$s1);
+	&enccompact(3,$tbl,$s3,$s0,$s1,$s2);
+
+	&xor	($s0,&DWP(16,$key));
+	&xor	($s1,&DWP(20,$key));
+	&xor	($s2,&DWP(24,$key));
+	&xor	($s3,&DWP(28,$key));
+
+	&ret	();
+&function_end_B("_x86_AES_encrypt_compact");
+
+######################################################################
+# "Compact" SSE block function.
+######################################################################
+#
+# Performance is not actually extraordinary in comparison to pure
+# x86 code. In particular encrypt performance is virtually the same.
+# Decrypt performance on the other hand is 15-20% better on newer
+# µ-archs [but we're thankful for *any* improvement here], and ~50%
+# better on PIII:-) And additionally on the pros side this code
+# eliminates redundant references to stack and thus relieves/
+# minimizes the pressure on the memory bus.
+#
+# MMX register layout                           lsb
+# +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+# |          mm4          |          mm0          |
+# +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+# |     s3    |     s2    |     s1    |     s0    |
+# +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+# |15|14|13|12|11|10| 9| 8| 7| 6| 5| 4| 3| 2| 1| 0|
+# +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+#
+# Indexes translate as s[N/4]>>(8*(N%4)), e.g. 5 means s1>>8.
+# In this terms encryption and decryption "compact" permutation
+# matrices can be depicted as following:
+#
+# encryption              lsb	# decryption              lsb
+# +----++----+----+----+----+	# +----++----+----+----+----+
+# | t0 || 15 | 10 |  5 |  0 |	# | t0 ||  7 | 10 | 13 |  0 |
+# +----++----+----+----+----+	# +----++----+----+----+----+
+# | t1 ||  3 | 14 |  9 |  4 |	# | t1 || 11 | 14 |  1 |  4 |
+# +----++----+----+----+----+	# +----++----+----+----+----+
+# | t2 ||  7 |  2 | 13 |  8 |	# | t2 || 15 |  2 |  5 |  8 |
+# +----++----+----+----+----+	# +----++----+----+----+----+
+# | t3 || 11 |  6 |  1 | 12 |	# | t3 ||  3 |  6 |  9 | 12 |
+# +----++----+----+----+----+	# +----++----+----+----+----+
+#
+######################################################################
+# Why not xmm registers? Short answer. It was actually tested and
+# was not any faster, but *contrary*, most notably on Intel CPUs.
+# Longer answer. Main advantage of using mm registers is that movd
+# latency is lower, especially on Intel P4. While arithmetic
+# instructions are twice as many, they can be scheduled every cycle
+# and not every second one when they are operating on xmm register,
+# so that "arithmetic throughput" remains virtually the same. And
+# finally the code can be executed even on elder SSE-only CPUs:-)
+
+sub sse_enccompact()
+{
+	&pshufw	("mm1","mm0",0x08);		#  5, 4, 1, 0
+	&pshufw	("mm5","mm4",0x0d);		# 15,14,11,10
+	&movd	("eax","mm1");			#  5, 4, 1, 0
+	&movd	("ebx","mm5");			# 15,14,11,10
+	&mov	($__key,$key);
+
+	&movz	($acc,&LB("eax"));		#  0
+	&movz	("edx",&HB("eax"));		#  1
+	&pshufw	("mm2","mm0",0x0d);		#  7, 6, 3, 2
+	&movz	("ecx",&BP(-128,$tbl,$acc,1));	#  0
+	&movz	($key,&LB("ebx"));		# 10
+	&movz	("edx",&BP(-128,$tbl,"edx",1));	#  1
+	&shr	("eax",16);			#  5, 4
+	&shl	("edx",8);			#  1
+
+	&movz	($acc,&BP(-128,$tbl,$key,1));	# 10
+	&movz	($key,&HB("ebx"));		# 11
+	&shl	($acc,16);			# 10
+	&pshufw	("mm6","mm4",0x08);		# 13,12, 9, 8
+	&or	("ecx",$acc);			# 10
+	&movz	($acc,&BP(-128,$tbl,$key,1));	# 11
+	&movz	($key,&HB("eax"));		#  5
+	&shl	($acc,24);			# 11
+	&shr	("ebx",16);			# 15,14
+	&or	("edx",$acc);			# 11
+
+	&movz	($acc,&BP(-128,$tbl,$key,1));	#  5
+	&movz	($key,&HB("ebx"));		# 15
+	&shl	($acc,8);			#  5
+	&or	("ecx",$acc);			#  5
+	&movz	($acc,&BP(-128,$tbl,$key,1));	# 15
+	&movz	($key,&LB("eax"));		#  4
+	&shl	($acc,24);			# 15
+	&or	("ecx",$acc);			# 15
+
+	&movz	($acc,&BP(-128,$tbl,$key,1));	#  4
+	&movz	($key,&LB("ebx"));		# 14
+	&movd	("eax","mm2");			#  7, 6, 3, 2
+	&movd	("mm0","ecx");			# t[0] collected
+	&movz	("ecx",&BP(-128,$tbl,$key,1));	# 14
+	&movz	($key,&HB("eax"));		#  3
+	&shl	("ecx",16);			# 14
+	&movd	("ebx","mm6");			# 13,12, 9, 8
+	&or	("ecx",$acc);			# 14
+
+	&movz	($acc,&BP(-128,$tbl,$key,1));	#  3
+	&movz	($key,&HB("ebx"));		#  9
+	&shl	($acc,24);			#  3
+	&or	("ecx",$acc);			#  3
+	&movz	($acc,&BP(-128,$tbl,$key,1));	#  9
+	&movz	($key,&LB("ebx"));		#  8
+	&shl	($acc,8);			#  9
+	&shr	("ebx",16);			# 13,12
+	&or	("ecx",$acc);			#  9
+
+	&movz	($acc,&BP(-128,$tbl,$key,1));	#  8
+	&movz	($key,&LB("eax"));		#  2
+	&shr	("eax",16);			#  7, 6
+	&movd	("mm1","ecx");			# t[1] collected
+	&movz	("ecx",&BP(-128,$tbl,$key,1));	#  2
+	&movz	($key,&HB("eax"));		#  7
+	&shl	("ecx",16);			#  2
+	&and	("eax",0xff);			#  6
+	&or	("ecx",$acc);			#  2
+
+	&punpckldq	("mm0","mm1");		# t[0,1] collected
+
+	&movz	($acc,&BP(-128,$tbl,$key,1));	#  7
+	&movz	($key,&HB("ebx"));		# 13
+	&shl	($acc,24);			#  7
+	&and	("ebx",0xff);			# 12
+	&movz	("eax",&BP(-128,$tbl,"eax",1));	#  6
+	&or	("ecx",$acc);			#  7
+	&shl	("eax",16);			#  6
+	&movz	($acc,&BP(-128,$tbl,$key,1));	# 13
+	&or	("edx","eax");			#  6
+	&shl	($acc,8);			# 13
+	&movz	("ebx",&BP(-128,$tbl,"ebx",1));	# 12
+	&or	("ecx",$acc);			# 13
+	&or	("edx","ebx");			# 12
+	&mov	($key,$__key);
+	&movd	("mm4","ecx");			# t[2] collected
+	&movd	("mm5","edx");			# t[3] collected
+
+	&punpckldq	("mm4","mm5");		# t[2,3] collected
+}
+
+					if (!$x86only) {
+&function_begin_B("_sse_AES_encrypt_compact");
+	&pxor	("mm0",&QWP(0,$key));	#  7, 6, 5, 4, 3, 2, 1, 0
+	&pxor	("mm4",&QWP(8,$key));	# 15,14,13,12,11,10, 9, 8
+
+	# note that caller is expected to allocate stack frame for me!
+	&mov	($acc,&DWP(240,$key));		# load key->rounds
+	&lea	($acc,&DWP(-2,$acc,$acc));
+	&lea	($acc,&DWP(0,$key,$acc,8));
+	&mov	($__end,$acc);			# end of key schedule
+
+	&mov	($s0,0x1b1b1b1b);		# magic constant
+	&mov	(&DWP(8,"esp"),$s0);
+	&mov	(&DWP(12,"esp"),$s0);
+
+	# prefetch Te4
+	&mov	($s0,&DWP(0-128,$tbl));
+	&mov	($s1,&DWP(32-128,$tbl));
+	&mov	($s2,&DWP(64-128,$tbl));
+	&mov	($s3,&DWP(96-128,$tbl));
+	&mov	($s0,&DWP(128-128,$tbl));
+	&mov	($s1,&DWP(160-128,$tbl));
+	&mov	($s2,&DWP(192-128,$tbl));
+	&mov	($s3,&DWP(224-128,$tbl));
+
+	&set_label("loop",16);
+		&sse_enccompact();
+		&add	($key,16);
+		&cmp	($key,$__end);
+		&ja	(&label("out"));
+
+		&movq	("mm2",&QWP(8,"esp"));
+		&pxor	("mm3","mm3");		&pxor	("mm7","mm7");
+		&movq	("mm1","mm0");		&movq	("mm5","mm4");	# r0
+		&pcmpgtb("mm3","mm0");		&pcmpgtb("mm7","mm4");
+		&pand	("mm3","mm2");		&pand	("mm7","mm2");
+		&pshufw	("mm2","mm0",0xb1);	&pshufw	("mm6","mm4",0xb1);# ROTATE(r0,16)
+		&paddb	("mm0","mm0");		&paddb	("mm4","mm4");
+		&pxor	("mm0","mm3");		&pxor	("mm4","mm7");	# = r2
+		&pshufw	("mm3","mm2",0xb1);	&pshufw	("mm7","mm6",0xb1);# r0
+		&pxor	("mm1","mm0");		&pxor	("mm5","mm4");	# r0^r2
+		&pxor	("mm0","mm2");		&pxor	("mm4","mm6");	# ^= ROTATE(r0,16)
+
+		&movq	("mm2","mm3");		&movq	("mm6","mm7");
+		&pslld	("mm3",8);		&pslld	("mm7",8);
+		&psrld	("mm2",24);		&psrld	("mm6",24);
+		&pxor	("mm0","mm3");		&pxor	("mm4","mm7");	# ^= r0<<8
+		&pxor	("mm0","mm2");		&pxor	("mm4","mm6");	# ^= r0>>24
+
+		&movq	("mm3","mm1");		&movq	("mm7","mm5");
+		&movq	("mm2",&QWP(0,$key));	&movq	("mm6",&QWP(8,$key));
+		&psrld	("mm1",8);		&psrld	("mm5",8);
+		&mov	($s0,&DWP(0-128,$tbl));
+		&pslld	("mm3",24);		&pslld	("mm7",24);
+		&mov	($s1,&DWP(64-128,$tbl));
+		&pxor	("mm0","mm1");		&pxor	("mm4","mm5");	# ^= (r2^r0)<<8
+		&mov	($s2,&DWP(128-128,$tbl));
+		&pxor	("mm0","mm3");		&pxor	("mm4","mm7");	# ^= (r2^r0)>>24
+		&mov	($s3,&DWP(192-128,$tbl));
+
+		&pxor	("mm0","mm2");		&pxor	("mm4","mm6");
+	&jmp	(&label("loop"));
+
+	&set_label("out",16);
+	&pxor	("mm0",&QWP(0,$key));
+	&pxor	("mm4",&QWP(8,$key));
+
+	&ret	();
+&function_end_B("_sse_AES_encrypt_compact");
+					}
+
+######################################################################
+# Vanilla block function.
+######################################################################
+
+sub encstep()
+{ my ($i,$te,@s) = @_;
+  my $tmp = $key;
+  my $out = $i==3?$s[0]:$acc;
+
+	# lines marked with #%e?x[i] denote "reordered" instructions...
+	if ($i==3)  {	&mov	($key,$__key);			}##%edx
+	else        {	&mov	($out,$s[0]);
+			&and	($out,0xFF);			}
+	if ($i==1)  {	&shr	($s[0],16);			}#%ebx[1]
+	if ($i==2)  {	&shr	($s[0],24);			}#%ecx[2]
+			&mov	($out,&DWP(0,$te,$out,8));
+
+	if ($i==3)  {	$tmp=$s[1];				}##%eax
+			&movz	($tmp,&HB($s[1]));
+			&xor	($out,&DWP(3,$te,$tmp,8));
+
+	if ($i==3)  {	$tmp=$s[2]; &mov ($s[1],$__s0);		}##%ebx
+	else        {	&mov	($tmp,$s[2]);
+			&shr	($tmp,16);			}
+	if ($i==2)  {	&and	($s[1],0xFF);			}#%edx[2]
+			&and	($tmp,0xFF);
+			&xor	($out,&DWP(2,$te,$tmp,8));
+
+	if ($i==3)  {	$tmp=$s[3]; &mov ($s[2],$__s1);		}##%ecx
+	elsif($i==2){	&movz	($tmp,&HB($s[3]));		}#%ebx[2]
+	else        {	&mov	($tmp,$s[3]);
+			&shr	($tmp,24)			}
+			&xor	($out,&DWP(1,$te,$tmp,8));
+	if ($i<2)   {	&mov	(&DWP(4+4*$i,"esp"),$out);	}
+	if ($i==3)  {	&mov	($s[3],$acc);			}
+			&comment();
+}
+
+sub enclast()
+{ my ($i,$te,@s)=@_;
+  my $tmp = $key;
+  my $out = $i==3?$s[0]:$acc;
+
+	if ($i==3)  {	&mov	($key,$__key);			}##%edx
+	else        {	&mov	($out,$s[0]);			}
+			&and	($out,0xFF);
+	if ($i==1)  {	&shr	($s[0],16);			}#%ebx[1]
+	if ($i==2)  {	&shr	($s[0],24);			}#%ecx[2]
+			&mov	($out,&DWP(2,$te,$out,8));
+			&and	($out,0x000000ff);
+
+	if ($i==3)  {	$tmp=$s[1];				}##%eax
+			&movz	($tmp,&HB($s[1]));
+			&mov	($tmp,&DWP(0,$te,$tmp,8));
+			&and	($tmp,0x0000ff00);
+			&xor	($out,$tmp);
+
+	if ($i==3)  {	$tmp=$s[2]; &mov ($s[1],$__s0);		}##%ebx
+	else        {	&mov	($tmp,$s[2]);
+			&shr	($tmp,16);			}
+	if ($i==2)  {	&and	($s[1],0xFF);			}#%edx[2]
+			&and	($tmp,0xFF);
+			&mov	($tmp,&DWP(0,$te,$tmp,8));
+			&and	($tmp,0x00ff0000);
+			&xor	($out,$tmp);
+
+	if ($i==3)  {	$tmp=$s[3]; &mov ($s[2],$__s1);		}##%ecx
+	elsif($i==2){	&movz	($tmp,&HB($s[3]));		}#%ebx[2]
+	else        {	&mov	($tmp,$s[3]);
+			&shr	($tmp,24);			}
+			&mov	($tmp,&DWP(2,$te,$tmp,8));
+			&and	($tmp,0xff000000);
+			&xor	($out,$tmp);
+	if ($i<2)   {	&mov	(&DWP(4+4*$i,"esp"),$out);	}
+	if ($i==3)  {	&mov	($s[3],$acc);			}
+}
+
+&function_begin_B("_x86_AES_encrypt");
+	if ($vertical_spin) {
+		# I need high parts of volatile registers to be accessible...
+		&exch	($s1="edi",$key="ebx");
+		&mov	($s2="esi",$acc="ecx");
+	}
+
+	# note that caller is expected to allocate stack frame for me!
+	&mov	($__key,$key);			# save key
+
+	&xor	($s0,&DWP(0,$key));		# xor with key
+	&xor	($s1,&DWP(4,$key));
+	&xor	($s2,&DWP(8,$key));
+	&xor	($s3,&DWP(12,$key));
+
+	&mov	($acc,&DWP(240,$key));		# load key->rounds
+
+	if ($small_footprint) {
+	    &lea	($acc,&DWP(-2,$acc,$acc));
+	    &lea	($acc,&DWP(0,$key,$acc,8));
+	    &mov	($__end,$acc);		# end of key schedule
+
+	    &set_label("loop",16);
+		if ($vertical_spin) {
+		    &encvert($tbl,$s0,$s1,$s2,$s3);
+		} else {
+		    &encstep(0,$tbl,$s0,$s1,$s2,$s3);
+		    &encstep(1,$tbl,$s1,$s2,$s3,$s0);
+		    &encstep(2,$tbl,$s2,$s3,$s0,$s1);
+		    &encstep(3,$tbl,$s3,$s0,$s1,$s2);
+		}
+		&add	($key,16);		# advance rd_key
+		&xor	($s0,&DWP(0,$key));
+		&xor	($s1,&DWP(4,$key));
+		&xor	($s2,&DWP(8,$key));
+		&xor	($s3,&DWP(12,$key));
+	    &cmp	($key,$__end);
+	    &mov	($__key,$key);
+	    &jb		(&label("loop"));
+	}
+	else {
+	    &cmp	($acc,10);
+	    &jle	(&label("10rounds"));
+	    &cmp	($acc,12);
+	    &jle	(&label("12rounds"));
+
+	&set_label("14rounds",4);
+	    for ($i=1;$i<3;$i++) {
+		if ($vertical_spin) {
+		    &encvert($tbl,$s0,$s1,$s2,$s3);
+		} else {
+		    &encstep(0,$tbl,$s0,$s1,$s2,$s3);
+		    &encstep(1,$tbl,$s1,$s2,$s3,$s0);
+		    &encstep(2,$tbl,$s2,$s3,$s0,$s1);
+		    &encstep(3,$tbl,$s3,$s0,$s1,$s2);
+		}
+		&xor	($s0,&DWP(16*$i+0,$key));
+		&xor	($s1,&DWP(16*$i+4,$key));
+		&xor	($s2,&DWP(16*$i+8,$key));
+		&xor	($s3,&DWP(16*$i+12,$key));
+	    }
+	    &add	($key,32);
+	    &mov	($__key,$key);		# advance rd_key
+	&set_label("12rounds",4);
+	    for ($i=1;$i<3;$i++) {
+		if ($vertical_spin) {
+		    &encvert($tbl,$s0,$s1,$s2,$s3);
+		} else {
+		    &encstep(0,$tbl,$s0,$s1,$s2,$s3);
+		    &encstep(1,$tbl,$s1,$s2,$s3,$s0);
+		    &encstep(2,$tbl,$s2,$s3,$s0,$s1);
+		    &encstep(3,$tbl,$s3,$s0,$s1,$s2);
+		}
+		&xor	($s0,&DWP(16*$i+0,$key));
+		&xor	($s1,&DWP(16*$i+4,$key));
+		&xor	($s2,&DWP(16*$i+8,$key));
+		&xor	($s3,&DWP(16*$i+12,$key));
+	    }
+	    &add	($key,32);
+	    &mov	($__key,$key);		# advance rd_key
+	&set_label("10rounds",4);
+	    for ($i=1;$i<10;$i++) {
+		if ($vertical_spin) {
+		    &encvert($tbl,$s0,$s1,$s2,$s3);
+		} else {
+		    &encstep(0,$tbl,$s0,$s1,$s2,$s3);
+		    &encstep(1,$tbl,$s1,$s2,$s3,$s0);
+		    &encstep(2,$tbl,$s2,$s3,$s0,$s1);
+		    &encstep(3,$tbl,$s3,$s0,$s1,$s2);
+		}
+		&xor	($s0,&DWP(16*$i+0,$key));
+		&xor	($s1,&DWP(16*$i+4,$key));
+		&xor	($s2,&DWP(16*$i+8,$key));
+		&xor	($s3,&DWP(16*$i+12,$key));
+	    }
+	}
+
+	if ($vertical_spin) {
+	    # "reincarnate" some registers for "horizontal" spin...
+	    &mov	($s1="ebx",$key="edi");
+	    &mov	($s2="ecx",$acc="esi");
+	}
+	&enclast(0,$tbl,$s0,$s1,$s2,$s3);
+	&enclast(1,$tbl,$s1,$s2,$s3,$s0);
+	&enclast(2,$tbl,$s2,$s3,$s0,$s1);
+	&enclast(3,$tbl,$s3,$s0,$s1,$s2);
+
+	&add	($key,$small_footprint?16:160);
+	&xor	($s0,&DWP(0,$key));
+	&xor	($s1,&DWP(4,$key));
+	&xor	($s2,&DWP(8,$key));
+	&xor	($s3,&DWP(12,$key));
+
+	&ret	();
+
+&set_label("AES_Te",64);	# Yes! I keep it in the code segment!
+	&_data_word(0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6);
+	&_data_word(0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591);
+	&_data_word(0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56);
+	&_data_word(0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec);
+	&_data_word(0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa);
+	&_data_word(0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb);
+	&_data_word(0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45);
+	&_data_word(0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b);
+	&_data_word(0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c);
+	&_data_word(0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83);
+	&_data_word(0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9);
+	&_data_word(0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a);
+	&_data_word(0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d);
+	&_data_word(0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f);
+	&_data_word(0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df);
+	&_data_word(0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea);
+	&_data_word(0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34);
+	&_data_word(0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b);
+	&_data_word(0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d);
+	&_data_word(0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413);
+	&_data_word(0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1);
+	&_data_word(0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6);
+	&_data_word(0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972);
+	&_data_word(0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85);
+	&_data_word(0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed);
+	&_data_word(0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511);
+	&_data_word(0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe);
+	&_data_word(0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b);
+	&_data_word(0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05);
+	&_data_word(0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1);
+	&_data_word(0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142);
+	&_data_word(0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf);
+	&_data_word(0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3);
+	&_data_word(0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e);
+	&_data_word(0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a);
+	&_data_word(0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6);
+	&_data_word(0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3);
+	&_data_word(0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b);
+	&_data_word(0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428);
+	&_data_word(0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad);
+	&_data_word(0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14);
+	&_data_word(0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8);
+	&_data_word(0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4);
+	&_data_word(0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2);
+	&_data_word(0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda);
+	&_data_word(0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949);
+	&_data_word(0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf);
+	&_data_word(0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810);
+	&_data_word(0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c);
+	&_data_word(0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697);
+	&_data_word(0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e);
+	&_data_word(0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f);
+	&_data_word(0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc);
+	&_data_word(0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c);
+	&_data_word(0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969);
+	&_data_word(0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27);
+	&_data_word(0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122);
+	&_data_word(0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433);
+	&_data_word(0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9);
+	&_data_word(0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5);
+	&_data_word(0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a);
+	&_data_word(0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0);
+	&_data_word(0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e);
+	&_data_word(0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c);
+
+#Te4	# four copies of Te4 to choose from to avoid L1 aliasing
+	&data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
+	&data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
+	&data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
+	&data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
+	&data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
+	&data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
+	&data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
+	&data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
+	&data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
+	&data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
+	&data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
+	&data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
+	&data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
+	&data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
+	&data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
+	&data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
+	&data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
+	&data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
+	&data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
+	&data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
+	&data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
+	&data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
+	&data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
+	&data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
+	&data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
+	&data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
+	&data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
+	&data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
+	&data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
+	&data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
+	&data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
+	&data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
+
+	&data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
+	&data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
+	&data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
+	&data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
+	&data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
+	&data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
+	&data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
+	&data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
+	&data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
+	&data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
+	&data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
+	&data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
+	&data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
+	&data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
+	&data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
+	&data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
+	&data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
+	&data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
+	&data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
+	&data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
+	&data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
+	&data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
+	&data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
+	&data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
+	&data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
+	&data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
+	&data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
+	&data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
+	&data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
+	&data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
+	&data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
+	&data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
+
+	&data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
+	&data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
+	&data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
+	&data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
+	&data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
+	&data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
+	&data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
+	&data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
+	&data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
+	&data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
+	&data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
+	&data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
+	&data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
+	&data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
+	&data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
+	&data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
+	&data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
+	&data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
+	&data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
+	&data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
+	&data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
+	&data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
+	&data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
+	&data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
+	&data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
+	&data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
+	&data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
+	&data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
+	&data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
+	&data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
+	&data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
+	&data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
+
+	&data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
+	&data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
+	&data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
+	&data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
+	&data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
+	&data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
+	&data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
+	&data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
+	&data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
+	&data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
+	&data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
+	&data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
+	&data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
+	&data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
+	&data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
+	&data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
+	&data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
+	&data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
+	&data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
+	&data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
+	&data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
+	&data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
+	&data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
+	&data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
+	&data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
+	&data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
+	&data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
+	&data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
+	&data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
+	&data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
+	&data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
+	&data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
+#rcon:
+	&data_word(0x00000001, 0x00000002, 0x00000004, 0x00000008);
+	&data_word(0x00000010, 0x00000020, 0x00000040, 0x00000080);
+	&data_word(0x0000001b, 0x00000036, 0x00000000, 0x00000000);
+	&data_word(0x00000000, 0x00000000, 0x00000000, 0x00000000);
+&function_end_B("_x86_AES_encrypt");
+
+# void AES_encrypt (const void *inp,void *out,const AES_KEY *key);
+&function_begin("AES_encrypt");
+	&mov	($acc,&wparam(0));		# load inp
+	&mov	($key,&wparam(2));		# load key
+
+	&mov	($s0,"esp");
+	&sub	("esp",36);
+	&and	("esp",-64);			# align to cache-line
+
+	# place stack frame just "above" the key schedule
+	&lea	($s1,&DWP(-64-63,$key));
+	&sub	($s1,"esp");
+	&neg	($s1);
+	&and	($s1,0x3C0);	# modulo 1024, but aligned to cache-line
+	&sub	("esp",$s1);
+	&add	("esp",4);	# 4 is reserved for caller's return address
+	&mov	($_esp,$s0);			# save stack pointer
+
+	&call   (&label("pic_point"));          # make it PIC!
+	&set_label("pic_point");
+	&blindpop($tbl);
+	&picmeup($s0,"OPENSSL_ia32cap_P",$tbl,&label("pic_point")) if (!$x86only);
+	&lea    ($tbl,&DWP(&label("AES_Te")."-".&label("pic_point"),$tbl));
+
+	# pick Te4 copy which can't "overlap" with stack frame or key schedule
+	&lea	($s1,&DWP(768-4,"esp"));
+	&sub	($s1,$tbl);
+	&and	($s1,0x300);
+	&lea	($tbl,&DWP(2048+128,$tbl,$s1));
+
+					if (!$x86only) {
+	&bt	(&DWP(0,$s0),25);	# check for SSE bit
+	&jnc	(&label("x86"));
+
+	&movq	("mm0",&QWP(0,$acc));
+	&movq	("mm4",&QWP(8,$acc));
+	&call	("_sse_AES_encrypt_compact");
+	&mov	("esp",$_esp);			# restore stack pointer
+	&mov	($acc,&wparam(1));		# load out
+	&movq	(&QWP(0,$acc),"mm0");		# write output data
+	&movq	(&QWP(8,$acc),"mm4");
+	&emms	();
+	&function_end_A();
+					}
+	&set_label("x86",16);
+	&mov	($_tbl,$tbl);
+	&mov	($s0,&DWP(0,$acc));		# load input data
+	&mov	($s1,&DWP(4,$acc));
+	&mov	($s2,&DWP(8,$acc));
+	&mov	($s3,&DWP(12,$acc));
+	&call	("_x86_AES_encrypt_compact");
+	&mov	("esp",$_esp);			# restore stack pointer
+	&mov	($acc,&wparam(1));		# load out
+	&mov	(&DWP(0,$acc),$s0);		# write output data
+	&mov	(&DWP(4,$acc),$s1);
+	&mov	(&DWP(8,$acc),$s2);
+	&mov	(&DWP(12,$acc),$s3);
+&function_end("AES_encrypt");
+
+#--------------------------------------------------------------------#
+
+######################################################################
+# "Compact" block function
+######################################################################
+
+sub deccompact()
+{ my $Fn = \&mov;
+  while ($#_>5) { pop(@_); $Fn=sub{}; }
+  my ($i,$td,@s)=@_;
+  my $tmp = $key;
+  my $out = $i==3?$s[0]:$acc;
+
+	# $Fn is used in first compact round and its purpose is to
+	# void restoration of some values from stack, so that after
+	# 4xdeccompact with extra argument $key, $s0 and $s1 values
+	# are left there...
+	if($i==3)   {	&$Fn	($key,$__key);			}
+	else        {	&mov	($out,$s[0]);			}
+			&and	($out,0xFF);
+			&movz	($out,&BP(-128,$td,$out,1));
+
+	if ($i==3)  {	$tmp=$s[1];				}
+			&movz	($tmp,&HB($s[1]));
+			&movz	($tmp,&BP(-128,$td,$tmp,1));
+			&shl	($tmp,8);
+			&xor	($out,$tmp);
+
+	if ($i==3)  {	$tmp=$s[2]; &mov ($s[1],$acc);		}
+	else        {	mov	($tmp,$s[2]);			}
+			&shr	($tmp,16);
+			&and	($tmp,0xFF);
+			&movz	($tmp,&BP(-128,$td,$tmp,1));
+			&shl	($tmp,16);
+			&xor	($out,$tmp);
+
+	if ($i==3)  {	$tmp=$s[3]; &$Fn ($s[2],$__s1);		}
+	else        {	&mov	($tmp,$s[3]);			}
+			&shr	($tmp,24);
+			&movz	($tmp,&BP(-128,$td,$tmp,1));
+			&shl	($tmp,24);
+			&xor	($out,$tmp);
+	if ($i<2)   {	&mov	(&DWP(4+4*$i,"esp"),$out);	}
+	if ($i==3)  {	&$Fn	($s[3],$__s0);			}
+}
+
+# must be called with 2,3,0,1 as argument sequence!!!
+sub dectransform()
+{ my @s = ($s0,$s1,$s2,$s3);
+  my $i = shift;
+  my $tmp = $key;
+  my $tp2 = @s[($i+2)%4]; $tp2 = @s[2] if ($i==1);
+  my $tp4 = @s[($i+3)%4]; $tp4 = @s[3] if ($i==1);
+  my $tp8 = $tbl;
+
+	&mov	($tmp,0x80808080);
+	&and	($tmp,$s[$i]);
+	&mov	($acc,$tmp);
+	&shr	($tmp,7);
+	&lea	($tp2,&DWP(0,$s[$i],$s[$i]));
+	&sub	($acc,$tmp);
+	&and	($tp2,0xfefefefe);
+	&and	($acc,0x1b1b1b1b);
+	&xor	($tp2,$acc);
+	&mov	($tmp,0x80808080);
+
+	&and	($tmp,$tp2);
+	&mov	($acc,$tmp);
+	&shr	($tmp,7);
+	&lea	($tp4,&DWP(0,$tp2,$tp2));
+	&sub	($acc,$tmp);
+	&and	($tp4,0xfefefefe);
+	&and	($acc,0x1b1b1b1b);
+	 &xor	($tp2,$s[$i]);	# tp2^tp1
+	&xor	($tp4,$acc);
+	&mov	($tmp,0x80808080);
+
+	&and	($tmp,$tp4);
+	&mov	($acc,$tmp);
+	&shr	($tmp,7);
+	&lea	($tp8,&DWP(0,$tp4,$tp4));
+	&sub	($acc,$tmp);
+	&and	($tp8,0xfefefefe);
+	&and	($acc,0x1b1b1b1b);
+	 &xor	($tp4,$s[$i]);	# tp4^tp1
+	 &rotl	($s[$i],8);	# = ROTATE(tp1,8)
+	&xor	($tp8,$acc);
+
+	&xor	($s[$i],$tp2);
+	&xor	($tp2,$tp8);
+	&xor	($s[$i],$tp4);
+	&xor	($tp4,$tp8);
+	&rotl	($tp2,24);
+	&xor	($s[$i],$tp8);	# ^= tp8^(tp4^tp1)^(tp2^tp1)
+	&rotl	($tp4,16);
+	&xor	($s[$i],$tp2);	# ^= ROTATE(tp8^tp2^tp1,24)
+	&rotl	($tp8,8);
+	&xor	($s[$i],$tp4);	# ^= ROTATE(tp8^tp4^tp1,16)
+	 &mov	($s[0],$__s0)			if($i==2); #prefetch $s0
+	 &mov	($s[1],$__s1)			if($i==3); #prefetch $s1
+	 &mov	($s[2],$__s2)			if($i==1);
+	&xor	($s[$i],$tp8);	# ^= ROTATE(tp8,8)
+
+	&mov	($s[3],$__s3)			if($i==1);
+	&mov	(&DWP(4+4*$i,"esp"),$s[$i])	if($i>=2);
+}
+
+&function_begin_B("_x86_AES_decrypt_compact");
+	# note that caller is expected to allocate stack frame for me!
+	&mov	($__key,$key);			# save key
+
+	&xor	($s0,&DWP(0,$key));		# xor with key
+	&xor	($s1,&DWP(4,$key));
+	&xor	($s2,&DWP(8,$key));
+	&xor	($s3,&DWP(12,$key));
+
+	&mov	($acc,&DWP(240,$key));		# load key->rounds
+
+	&lea	($acc,&DWP(-2,$acc,$acc));
+	&lea	($acc,&DWP(0,$key,$acc,8));
+	&mov	($__end,$acc);			# end of key schedule
+
+	# prefetch Td4
+	&mov	($key,&DWP(0-128,$tbl));
+	&mov	($acc,&DWP(32-128,$tbl));
+	&mov	($key,&DWP(64-128,$tbl));
+	&mov	($acc,&DWP(96-128,$tbl));
+	&mov	($key,&DWP(128-128,$tbl));
+	&mov	($acc,&DWP(160-128,$tbl));
+	&mov	($key,&DWP(192-128,$tbl));
+	&mov	($acc,&DWP(224-128,$tbl));
+
+	&set_label("loop",16);
+
+		&deccompact(0,$tbl,$s0,$s3,$s2,$s1,1);
+		&deccompact(1,$tbl,$s1,$s0,$s3,$s2,1);
+		&deccompact(2,$tbl,$s2,$s1,$s0,$s3,1);
+		&deccompact(3,$tbl,$s3,$s2,$s1,$s0,1);
+		&dectransform(2);
+		&dectransform(3);
+		&dectransform(0);
+		&dectransform(1);
+		&mov 	($key,$__key);
+		&mov	($tbl,$__tbl);
+		&add	($key,16);		# advance rd_key
+		&xor	($s0,&DWP(0,$key));
+		&xor	($s1,&DWP(4,$key));
+		&xor	($s2,&DWP(8,$key));
+		&xor	($s3,&DWP(12,$key));
+
+	&cmp	($key,$__end);
+	&mov	($__key,$key);
+	&jb	(&label("loop"));
+
+	&deccompact(0,$tbl,$s0,$s3,$s2,$s1);
+	&deccompact(1,$tbl,$s1,$s0,$s3,$s2);
+	&deccompact(2,$tbl,$s2,$s1,$s0,$s3);
+	&deccompact(3,$tbl,$s3,$s2,$s1,$s0);
+
+	&xor	($s0,&DWP(16,$key));
+	&xor	($s1,&DWP(20,$key));
+	&xor	($s2,&DWP(24,$key));
+	&xor	($s3,&DWP(28,$key));
+
+	&ret	();
+&function_end_B("_x86_AES_decrypt_compact");
+
+######################################################################
+# "Compact" SSE block function.
+######################################################################
+
+sub sse_deccompact()
+{
+	&pshufw	("mm1","mm0",0x0c);		#  7, 6, 1, 0
+	&pshufw	("mm5","mm4",0x09);		# 13,12,11,10
+	&movd	("eax","mm1");			#  7, 6, 1, 0
+	&movd	("ebx","mm5");			# 13,12,11,10
+	&mov	($__key,$key);
+
+	&movz	($acc,&LB("eax"));		#  0
+	&movz	("edx",&HB("eax"));		#  1
+	&pshufw	("mm2","mm0",0x06);		#  3, 2, 5, 4
+	&movz	("ecx",&BP(-128,$tbl,$acc,1));	#  0
+	&movz	($key,&LB("ebx"));		# 10
+	&movz	("edx",&BP(-128,$tbl,"edx",1));	#  1
+	&shr	("eax",16);			#  7, 6
+	&shl	("edx",8);			#  1
+
+	&movz	($acc,&BP(-128,$tbl,$key,1));	# 10
+	&movz	($key,&HB("ebx"));		# 11
+	&shl	($acc,16);			# 10
+	&pshufw	("mm6","mm4",0x03);		# 9, 8,15,14
+	&or	("ecx",$acc);			# 10
+	&movz	($acc,&BP(-128,$tbl,$key,1));	# 11
+	&movz	($key,&HB("eax"));		#  7
+	&shl	($acc,24);			# 11
+	&shr	("ebx",16);			# 13,12
+	&or	("edx",$acc);			# 11
+
+	&movz	($acc,&BP(-128,$tbl,$key,1));	#  7
+	&movz	($key,&HB("ebx"));		# 13
+	&shl	($acc,24);			#  7
+	&or	("ecx",$acc);			#  7
+	&movz	($acc,&BP(-128,$tbl,$key,1));	# 13
+	&movz	($key,&LB("eax"));		#  6
+	&shl	($acc,8);			# 13
+	&movd	("eax","mm2");			#  3, 2, 5, 4
+	&or	("ecx",$acc);			# 13
+
+	&movz	($acc,&BP(-128,$tbl,$key,1));	#  6
+	&movz	($key,&LB("ebx"));		# 12
+	&shl	($acc,16);			#  6
+	&movd	("ebx","mm6");			#  9, 8,15,14
+	&movd	("mm0","ecx");			# t[0] collected
+	&movz	("ecx",&BP(-128,$tbl,$key,1));	# 12
+	&movz	($key,&LB("eax"));		#  4
+	&or	("ecx",$acc);			# 12
+
+	&movz	($acc,&BP(-128,$tbl,$key,1));	#  4
+	&movz	($key,&LB("ebx"));		# 14
+	&or	("edx",$acc);			#  4
+	&movz	($acc,&BP(-128,$tbl,$key,1));	# 14
+	&movz	($key,&HB("eax"));		#  5
+	&shl	($acc,16);			# 14
+	&shr	("eax",16);			#  3, 2
+	&or	("edx",$acc);			# 14
+
+	&movz	($acc,&BP(-128,$tbl,$key,1));	#  5
+	&movz	($key,&HB("ebx"));		# 15
+	&shr	("ebx",16);			#  9, 8
+	&shl	($acc,8);			#  5
+	&movd	("mm1","edx");			# t[1] collected
+	&movz	("edx",&BP(-128,$tbl,$key,1));	# 15
+	&movz	($key,&HB("ebx"));		#  9
+	&shl	("edx",24);			# 15
+	&and	("ebx",0xff);			#  8
+	&or	("edx",$acc);			# 15
+
+	&punpckldq	("mm0","mm1");		# t[0,1] collected
+
+	&movz	($acc,&BP(-128,$tbl,$key,1));	#  9
+	&movz	($key,&LB("eax"));		#  2
+	&shl	($acc,8);			#  9
+	&movz	("eax",&HB("eax"));		#  3
+	&movz	("ebx",&BP(-128,$tbl,"ebx",1));	#  8
+	&or	("ecx",$acc);			#  9
+	&movz	($acc,&BP(-128,$tbl,$key,1));	#  2
+	&or	("edx","ebx");			#  8
+	&shl	($acc,16);			#  2
+	&movz	("eax",&BP(-128,$tbl,"eax",1));	#  3
+	&or	("edx",$acc);			#  2
+	&shl	("eax",24);			#  3
+	&or	("ecx","eax");			#  3
+	&mov	($key,$__key);
+	&movd	("mm4","edx");			# t[2] collected
+	&movd	("mm5","ecx");			# t[3] collected
+
+	&punpckldq	("mm4","mm5");		# t[2,3] collected
+}
+
+					if (!$x86only) {
+&function_begin_B("_sse_AES_decrypt_compact");
+	&pxor	("mm0",&QWP(0,$key));	#  7, 6, 5, 4, 3, 2, 1, 0
+	&pxor	("mm4",&QWP(8,$key));	# 15,14,13,12,11,10, 9, 8
+
+	# note that caller is expected to allocate stack frame for me!
+	&mov	($acc,&DWP(240,$key));		# load key->rounds
+	&lea	($acc,&DWP(-2,$acc,$acc));
+	&lea	($acc,&DWP(0,$key,$acc,8));
+	&mov	($__end,$acc);			# end of key schedule
+
+	&mov	($s0,0x1b1b1b1b);		# magic constant
+	&mov	(&DWP(8,"esp"),$s0);
+	&mov	(&DWP(12,"esp"),$s0);
+
+	# prefetch Td4
+	&mov	($s0,&DWP(0-128,$tbl));
+	&mov	($s1,&DWP(32-128,$tbl));
+	&mov	($s2,&DWP(64-128,$tbl));
+	&mov	($s3,&DWP(96-128,$tbl));
+	&mov	($s0,&DWP(128-128,$tbl));
+	&mov	($s1,&DWP(160-128,$tbl));
+	&mov	($s2,&DWP(192-128,$tbl));
+	&mov	($s3,&DWP(224-128,$tbl));
+
+	&set_label("loop",16);
+		&sse_deccompact();
+		&add	($key,16);
+		&cmp	($key,$__end);
+		&ja	(&label("out"));
+
+		# ROTATE(x^y,N) == ROTATE(x,N)^ROTATE(y,N)
+		&movq	("mm3","mm0");		&movq	("mm7","mm4");
+		&movq	("mm2","mm0",1);	&movq	("mm6","mm4",1);
+		&movq	("mm1","mm0");		&movq	("mm5","mm4");
+		&pshufw	("mm0","mm0",0xb1);	&pshufw	("mm4","mm4",0xb1);# = ROTATE(tp0,16)
+		&pslld	("mm2",8);		&pslld	("mm6",8);
+		&psrld	("mm3",8);		&psrld	("mm7",8);
+		&pxor	("mm0","mm2");		&pxor	("mm4","mm6");	# ^= tp0<<8
+		&pxor	("mm0","mm3");		&pxor	("mm4","mm7");	# ^= tp0>>8
+		&pslld	("mm2",16);		&pslld	("mm6",16);
+		&psrld	("mm3",16);		&psrld	("mm7",16);
+		&pxor	("mm0","mm2");		&pxor	("mm4","mm6");	# ^= tp0<<24
+		&pxor	("mm0","mm3");		&pxor	("mm4","mm7");	# ^= tp0>>24
+
+		&movq	("mm3",&QWP(8,"esp"));
+		&pxor	("mm2","mm2");		&pxor	("mm6","mm6");
+		&pcmpgtb("mm2","mm1");		&pcmpgtb("mm6","mm5");
+		&pand	("mm2","mm3");		&pand	("mm6","mm3");
+		&paddb	("mm1","mm1");		&paddb	("mm5","mm5");
+		&pxor	("mm1","mm2");		&pxor	("mm5","mm6");	# tp2
+		&movq	("mm3","mm1");		&movq	("mm7","mm5");
+		&movq	("mm2","mm1");		&movq	("mm6","mm5");
+		&pxor	("mm0","mm1");		&pxor	("mm4","mm5");	# ^= tp2
+		&pslld	("mm3",24);		&pslld	("mm7",24);
+		&psrld	("mm2",8);		&psrld	("mm6",8);
+		&pxor	("mm0","mm3");		&pxor	("mm4","mm7");	# ^= tp2<<24
+		&pxor	("mm0","mm2");		&pxor	("mm4","mm6");	# ^= tp2>>8
+
+		&movq	("mm2",&QWP(8,"esp"));
+		&pxor	("mm3","mm3");		&pxor	("mm7","mm7");
+		&pcmpgtb("mm3","mm1");		&pcmpgtb("mm7","mm5");
+		&pand	("mm3","mm2");		&pand	("mm7","mm2");
+		&paddb	("mm1","mm1");		&paddb	("mm5","mm5");
+		&pxor	("mm1","mm3");		&pxor	("mm5","mm7");	# tp4
+		&pshufw	("mm3","mm1",0xb1);	&pshufw	("mm7","mm5",0xb1);
+		&pxor	("mm0","mm1");		&pxor	("mm4","mm5");	# ^= tp4
+		&pxor	("mm0","mm3");		&pxor	("mm4","mm7");	# ^= ROTATE(tp4,16)
+
+		&pxor	("mm3","mm3");		&pxor	("mm7","mm7");
+		&pcmpgtb("mm3","mm1");		&pcmpgtb("mm7","mm5");
+		&pand	("mm3","mm2");		&pand	("mm7","mm2");
+		&paddb	("mm1","mm1");		&paddb	("mm5","mm5");
+		&pxor	("mm1","mm3");		&pxor	("mm5","mm7");	# tp8
+		&pxor	("mm0","mm1");		&pxor	("mm4","mm5");	# ^= tp8
+		&movq	("mm3","mm1");		&movq	("mm7","mm5");
+		&pshufw	("mm2","mm1",0xb1);	&pshufw	("mm6","mm5",0xb1);
+		&pxor	("mm0","mm2");		&pxor	("mm4","mm6");	# ^= ROTATE(tp8,16)
+		&pslld	("mm1",8);		&pslld	("mm5",8);
+		&psrld	("mm3",8);		&psrld	("mm7",8);
+		&movq	("mm2",&QWP(0,$key));	&movq	("mm6",&QWP(8,$key));
+		&pxor	("mm0","mm1");		&pxor	("mm4","mm5");	# ^= tp8<<8
+		&pxor	("mm0","mm3");		&pxor	("mm4","mm7");	# ^= tp8>>8
+		&mov	($s0,&DWP(0-128,$tbl));
+		&pslld	("mm1",16);		&pslld	("mm5",16);
+		&mov	($s1,&DWP(64-128,$tbl));
+		&psrld	("mm3",16);		&psrld	("mm7",16);
+		&mov	($s2,&DWP(128-128,$tbl));
+		&pxor	("mm0","mm1");		&pxor	("mm4","mm5");	# ^= tp8<<24
+		&mov	($s3,&DWP(192-128,$tbl));
+		&pxor	("mm0","mm3");		&pxor	("mm4","mm7");	# ^= tp8>>24
+
+		&pxor	("mm0","mm2");		&pxor	("mm4","mm6");
+	&jmp	(&label("loop"));
+
+	&set_label("out",16);
+	&pxor	("mm0",&QWP(0,$key));
+	&pxor	("mm4",&QWP(8,$key));
+
+	&ret	();
+&function_end_B("_sse_AES_decrypt_compact");
+					}
+
+######################################################################
+# Vanilla block function.
+######################################################################
+
+sub decstep()
+{ my ($i,$td,@s) = @_;
+  my $tmp = $key;
+  my $out = $i==3?$s[0]:$acc;
+
+	# no instructions are reordered, as performance appears
+	# optimal... or rather that all attempts to reorder didn't
+	# result in better performance [which by the way is not a
+	# bit lower than encryption].
+	if($i==3)   {	&mov	($key,$__key);			}
+	else        {	&mov	($out,$s[0]);			}
+			&and	($out,0xFF);
+			&mov	($out,&DWP(0,$td,$out,8));
+
+	if ($i==3)  {	$tmp=$s[1];				}
+			&movz	($tmp,&HB($s[1]));
+			&xor	($out,&DWP(3,$td,$tmp,8));
+
+	if ($i==3)  {	$tmp=$s[2]; &mov ($s[1],$acc);		}
+	else        {	&mov	($tmp,$s[2]);			}
+			&shr	($tmp,16);
+			&and	($tmp,0xFF);
+			&xor	($out,&DWP(2,$td,$tmp,8));
+
+	if ($i==3)  {	$tmp=$s[3]; &mov ($s[2],$__s1);		}
+	else        {	&mov	($tmp,$s[3]);			}
+			&shr	($tmp,24);
+			&xor	($out,&DWP(1,$td,$tmp,8));
+	if ($i<2)   {	&mov	(&DWP(4+4*$i,"esp"),$out);	}
+	if ($i==3)  {	&mov	($s[3],$__s0);			}
+			&comment();
+}
+
+sub declast()
+{ my ($i,$td,@s)=@_;
+  my $tmp = $key;
+  my $out = $i==3?$s[0]:$acc;
+
+	if($i==0)   {	&lea	($td,&DWP(2048+128,$td));
+			&mov	($tmp,&DWP(0-128,$td));
+			&mov	($acc,&DWP(32-128,$td));
+			&mov	($tmp,&DWP(64-128,$td));
+			&mov	($acc,&DWP(96-128,$td));
+			&mov	($tmp,&DWP(128-128,$td));
+			&mov	($acc,&DWP(160-128,$td));
+			&mov	($tmp,&DWP(192-128,$td));
+			&mov	($acc,&DWP(224-128,$td));
+			&lea	($td,&DWP(-128,$td));		}
+	if($i==3)   {	&mov	($key,$__key);			}
+	else        {	&mov	($out,$s[0]);			}
+			&and	($out,0xFF);
+			&movz	($out,&BP(0,$td,$out,1));
+
+	if ($i==3)  {	$tmp=$s[1];				}
+			&movz	($tmp,&HB($s[1]));
+			&movz	($tmp,&BP(0,$td,$tmp,1));
+			&shl	($tmp,8);
+			&xor	($out,$tmp);
+
+	if ($i==3)  {	$tmp=$s[2]; &mov ($s[1],$acc);		}
+	else        {	mov	($tmp,$s[2]);			}
+			&shr	($tmp,16);
+			&and	($tmp,0xFF);
+			&movz	($tmp,&BP(0,$td,$tmp,1));
+			&shl	($tmp,16);
+			&xor	($out,$tmp);
+
+	if ($i==3)  {	$tmp=$s[3]; &mov ($s[2],$__s1);		}
+	else        {	&mov	($tmp,$s[3]);			}
+			&shr	($tmp,24);
+			&movz	($tmp,&BP(0,$td,$tmp,1));
+			&shl	($tmp,24);
+			&xor	($out,$tmp);
+	if ($i<2)   {	&mov	(&DWP(4+4*$i,"esp"),$out);	}
+	if ($i==3)  {	&mov	($s[3],$__s0);
+			&lea	($td,&DWP(-2048,$td));		}
+}
+
+&function_begin_B("_x86_AES_decrypt");
+	# note that caller is expected to allocate stack frame for me!
+	&mov	($__key,$key);			# save key
+
+	&xor	($s0,&DWP(0,$key));		# xor with key
+	&xor	($s1,&DWP(4,$key));
+	&xor	($s2,&DWP(8,$key));
+	&xor	($s3,&DWP(12,$key));
+
+	&mov	($acc,&DWP(240,$key));		# load key->rounds
+
+	if ($small_footprint) {
+	    &lea	($acc,&DWP(-2,$acc,$acc));
+	    &lea	($acc,&DWP(0,$key,$acc,8));
+	    &mov	($__end,$acc);		# end of key schedule
+	    &set_label("loop",16);
+		&decstep(0,$tbl,$s0,$s3,$s2,$s1);
+		&decstep(1,$tbl,$s1,$s0,$s3,$s2);
+		&decstep(2,$tbl,$s2,$s1,$s0,$s3);
+		&decstep(3,$tbl,$s3,$s2,$s1,$s0);
+		&add	($key,16);		# advance rd_key
+		&xor	($s0,&DWP(0,$key));
+		&xor	($s1,&DWP(4,$key));
+		&xor	($s2,&DWP(8,$key));
+		&xor	($s3,&DWP(12,$key));
+	    &cmp	($key,$__end);
+	    &mov	($__key,$key);
+	    &jb		(&label("loop"));
+	}
+	else {
+	    &cmp	($acc,10);
+	    &jle	(&label("10rounds"));
+	    &cmp	($acc,12);
+	    &jle	(&label("12rounds"));
+
+	&set_label("14rounds",4);
+	    for ($i=1;$i<3;$i++) {
+		&decstep(0,$tbl,$s0,$s3,$s2,$s1);
+		&decstep(1,$tbl,$s1,$s0,$s3,$s2);
+		&decstep(2,$tbl,$s2,$s1,$s0,$s3);
+		&decstep(3,$tbl,$s3,$s2,$s1,$s0);
+		&xor	($s0,&DWP(16*$i+0,$key));
+		&xor	($s1,&DWP(16*$i+4,$key));
+		&xor	($s2,&DWP(16*$i+8,$key));
+		&xor	($s3,&DWP(16*$i+12,$key));
+	    }
+	    &add	($key,32);
+	    &mov	($__key,$key);		# advance rd_key
+	&set_label("12rounds",4);
+	    for ($i=1;$i<3;$i++) {
+		&decstep(0,$tbl,$s0,$s3,$s2,$s1);
+		&decstep(1,$tbl,$s1,$s0,$s3,$s2);
+		&decstep(2,$tbl,$s2,$s1,$s0,$s3);
+		&decstep(3,$tbl,$s3,$s2,$s1,$s0);
+		&xor	($s0,&DWP(16*$i+0,$key));
+		&xor	($s1,&DWP(16*$i+4,$key));
+		&xor	($s2,&DWP(16*$i+8,$key));
+		&xor	($s3,&DWP(16*$i+12,$key));
+	    }
+	    &add	($key,32);
+	    &mov	($__key,$key);		# advance rd_key
+	&set_label("10rounds",4);
+	    for ($i=1;$i<10;$i++) {
+		&decstep(0,$tbl,$s0,$s3,$s2,$s1);
+		&decstep(1,$tbl,$s1,$s0,$s3,$s2);
+		&decstep(2,$tbl,$s2,$s1,$s0,$s3);
+		&decstep(3,$tbl,$s3,$s2,$s1,$s0);
+		&xor	($s0,&DWP(16*$i+0,$key));
+		&xor	($s1,&DWP(16*$i+4,$key));
+		&xor	($s2,&DWP(16*$i+8,$key));
+		&xor	($s3,&DWP(16*$i+12,$key));
+	    }
+	}
+
+	&declast(0,$tbl,$s0,$s3,$s2,$s1);
+	&declast(1,$tbl,$s1,$s0,$s3,$s2);
+	&declast(2,$tbl,$s2,$s1,$s0,$s3);
+	&declast(3,$tbl,$s3,$s2,$s1,$s0);
+
+	&add	($key,$small_footprint?16:160);
+	&xor	($s0,&DWP(0,$key));
+	&xor	($s1,&DWP(4,$key));
+	&xor	($s2,&DWP(8,$key));
+	&xor	($s3,&DWP(12,$key));
+
+	&ret	();
+
+&set_label("AES_Td",64);	# Yes! I keep it in the code segment!
+	&_data_word(0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a);
+	&_data_word(0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b);
+	&_data_word(0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5);
+	&_data_word(0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5);
+	&_data_word(0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d);
+	&_data_word(0x02752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b);
+	&_data_word(0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295);
+	&_data_word(0x2d83bed4, 0xd3217458, 0x2969e049, 0x44c8c98e);
+	&_data_word(0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927);
+	&_data_word(0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d);
+	&_data_word(0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362);
+	&_data_word(0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9);
+	&_data_word(0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52);
+	&_data_word(0x23d373ab, 0xe2024b72, 0x578f1fe3, 0x2aab5566);
+	&_data_word(0x0728ebb2, 0x03c2b52f, 0x9a7bc586, 0xa50837d3);
+	&_data_word(0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed);
+	&_data_word(0x2b1ccf8a, 0x92b479a7, 0xf0f207f3, 0xa1e2694e);
+	&_data_word(0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4);
+	&_data_word(0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4);
+	&_data_word(0x39ec830b, 0xaaef6040, 0x069f715e, 0x51106ebd);
+	&_data_word(0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d);
+	&_data_word(0xb58d5491, 0x055dc471, 0x6fd40604, 0xff155060);
+	&_data_word(0x24fb9819, 0x97e9bdd6, 0xcc434089, 0x779ed967);
+	&_data_word(0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879);
+	&_data_word(0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x00000000);
+	&_data_word(0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c);
+	&_data_word(0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36);
+	&_data_word(0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624);
+	&_data_word(0xb1670a0c, 0x0fe75793, 0xd296eeb4, 0x9e919b1b);
+	&_data_word(0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c);
+	&_data_word(0x0aba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12);
+	&_data_word(0x0b0d090e, 0xadc78bf2, 0xb9a8b62d, 0xc8a91e14);
+	&_data_word(0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3);
+	&_data_word(0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b);
+	&_data_word(0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8);
+	&_data_word(0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684);
+	&_data_word(0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7);
+	&_data_word(0x4b2f9e1d, 0xf330b2dc, 0xec52860d, 0xd0e3c177);
+	&_data_word(0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947);
+	&_data_word(0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322);
+	&_data_word(0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498);
+	&_data_word(0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f);
+	&_data_word(0xe49d3a2c, 0x0d927850, 0x9bcc5f6a, 0x62467e54);
+	&_data_word(0xc2138df6, 0xe8b8d890, 0x5ef7392e, 0xf5afc382);
+	&_data_word(0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf);
+	&_data_word(0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb);
+	&_data_word(0x097826cd, 0xf418596e, 0x01b79aec, 0xa89a4f83);
+	&_data_word(0x656e95e6, 0x7ee6ffaa, 0x08cfbc21, 0xe6e815ef);
+	&_data_word(0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029);
+	&_data_word(0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235);
+	&_data_word(0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733);
+	&_data_word(0x4a9804f1, 0xf7daec41, 0x0e50cd7f, 0x2ff69117);
+	&_data_word(0x8dd64d76, 0x4db0ef43, 0x544daacc, 0xdf0496e4);
+	&_data_word(0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546);
+	&_data_word(0x04ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb);
+	&_data_word(0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d);
+	&_data_word(0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb);
+	&_data_word(0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a);
+	&_data_word(0x59dfd29c, 0x3f73f255, 0x79ce1418, 0xbf37c773);
+	&_data_word(0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478);
+	&_data_word(0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2);
+	&_data_word(0x72c31d16, 0x0c25e2bc, 0x8b493c28, 0x41950dff);
+	&_data_word(0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664);
+	&_data_word(0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0);
+
+#Td4:	# four copies of Td4 to choose from to avoid L1 aliasing
+	&data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
+	&data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
+	&data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
+	&data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
+	&data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
+	&data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
+	&data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
+	&data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
+	&data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
+	&data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
+	&data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
+	&data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
+	&data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
+	&data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
+	&data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
+	&data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
+	&data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
+	&data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
+	&data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
+	&data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
+	&data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
+	&data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
+	&data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
+	&data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
+	&data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
+	&data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
+	&data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
+	&data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
+	&data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
+	&data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
+	&data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
+	&data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
+
+	&data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
+	&data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
+	&data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
+	&data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
+	&data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
+	&data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
+	&data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
+	&data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
+	&data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
+	&data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
+	&data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
+	&data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
+	&data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
+	&data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
+	&data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
+	&data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
+	&data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
+	&data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
+	&data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
+	&data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
+	&data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
+	&data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
+	&data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
+	&data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
+	&data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
+	&data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
+	&data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
+	&data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
+	&data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
+	&data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
+	&data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
+	&data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
+
+	&data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
+	&data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
+	&data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
+	&data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
+	&data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
+	&data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
+	&data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
+	&data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
+	&data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
+	&data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
+	&data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
+	&data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
+	&data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
+	&data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
+	&data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
+	&data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
+	&data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
+	&data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
+	&data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
+	&data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
+	&data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
+	&data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
+	&data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
+	&data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
+	&data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
+	&data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
+	&data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
+	&data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
+	&data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
+	&data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
+	&data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
+	&data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
+
+	&data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
+	&data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
+	&data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
+	&data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
+	&data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
+	&data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
+	&data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
+	&data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
+	&data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
+	&data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
+	&data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
+	&data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
+	&data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
+	&data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
+	&data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
+	&data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
+	&data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
+	&data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
+	&data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
+	&data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
+	&data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
+	&data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
+	&data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
+	&data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
+	&data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
+	&data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
+	&data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
+	&data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
+	&data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
+	&data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
+	&data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
+	&data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
+&function_end_B("_x86_AES_decrypt");
+
+# void AES_decrypt (const void *inp,void *out,const AES_KEY *key);
+&function_begin("AES_decrypt");
+	&mov	($acc,&wparam(0));		# load inp
+	&mov	($key,&wparam(2));		# load key
+
+	&mov	($s0,"esp");
+	&sub	("esp",36);
+	&and	("esp",-64);			# align to cache-line
+
+	# place stack frame just "above" the key schedule
+	&lea	($s1,&DWP(-64-63,$key));
+	&sub	($s1,"esp");
+	&neg	($s1);
+	&and	($s1,0x3C0);	# modulo 1024, but aligned to cache-line
+	&sub	("esp",$s1);
+	&add	("esp",4);	# 4 is reserved for caller's return address
+	&mov	($_esp,$s0);	# save stack pointer
+
+	&call   (&label("pic_point"));          # make it PIC!
+	&set_label("pic_point");
+	&blindpop($tbl);
+	&picmeup($s0,"OPENSSL_ia32cap_P",$tbl,&label("pic_point")) if(!$x86only);
+	&lea    ($tbl,&DWP(&label("AES_Td")."-".&label("pic_point"),$tbl));
+
+	# pick Td4 copy which can't "overlap" with stack frame or key schedule
+	&lea	($s1,&DWP(768-4,"esp"));
+	&sub	($s1,$tbl);
+	&and	($s1,0x300);
+	&lea	($tbl,&DWP(2048+128,$tbl,$s1));
+
+					if (!$x86only) {
+	&bt	(&DWP(0,$s0),25);	# check for SSE bit
+	&jnc	(&label("x86"));
+
+	&movq	("mm0",&QWP(0,$acc));
+	&movq	("mm4",&QWP(8,$acc));
+	&call	("_sse_AES_decrypt_compact");
+	&mov	("esp",$_esp);			# restore stack pointer
+	&mov	($acc,&wparam(1));		# load out
+	&movq	(&QWP(0,$acc),"mm0");		# write output data
+	&movq	(&QWP(8,$acc),"mm4");
+	&emms	();
+	&function_end_A();
+					}
+	&set_label("x86",16);
+	&mov	($_tbl,$tbl);
+	&mov	($s0,&DWP(0,$acc));		# load input data
+	&mov	($s1,&DWP(4,$acc));
+	&mov	($s2,&DWP(8,$acc));
+	&mov	($s3,&DWP(12,$acc));
+	&call	("_x86_AES_decrypt_compact");
+	&mov	("esp",$_esp);			# restore stack pointer
+	&mov	($acc,&wparam(1));		# load out
+	&mov	(&DWP(0,$acc),$s0);		# write output data
+	&mov	(&DWP(4,$acc),$s1);
+	&mov	(&DWP(8,$acc),$s2);
+	&mov	(&DWP(12,$acc),$s3);
+&function_end("AES_decrypt");
+
+# void AES_cbc_encrypt (const void char *inp, unsigned char *out,
+#			size_t length, const AES_KEY *key,
+#			unsigned char *ivp,const int enc);
+{
+# stack frame layout
+#             -4(%esp)		# return address	 0(%esp)
+#              0(%esp)		# s0 backing store	 4(%esp)
+#              4(%esp)		# s1 backing store	 8(%esp)
+#              8(%esp)		# s2 backing store	12(%esp)
+#             12(%esp)		# s3 backing store	16(%esp)
+#             16(%esp)		# key backup		20(%esp)
+#             20(%esp)		# end of key schedule	24(%esp)
+#             24(%esp)		# %ebp backup		28(%esp)
+#             28(%esp)		# %esp backup
+my $_inp=&DWP(32,"esp");	# copy of wparam(0)
+my $_out=&DWP(36,"esp");	# copy of wparam(1)
+my $_len=&DWP(40,"esp");	# copy of wparam(2)
+my $_key=&DWP(44,"esp");	# copy of wparam(3)
+my $_ivp=&DWP(48,"esp");	# copy of wparam(4)
+my $_tmp=&DWP(52,"esp");	# volatile variable
+#
+my $ivec=&DWP(60,"esp");	# ivec[16]
+my $aes_key=&DWP(76,"esp");	# copy of aes_key
+my $mark=&DWP(76+240,"esp");	# copy of aes_key->rounds
+
+&function_begin("AES_cbc_encrypt");
+	&mov	($s2 eq "ecx"? $s2 : "",&wparam(2));	# load len
+	&cmp	($s2,0);
+	&je	(&label("drop_out"));
+
+	&call   (&label("pic_point"));		# make it PIC!
+	&set_label("pic_point");
+	&blindpop($tbl);
+	&picmeup($s0,"OPENSSL_ia32cap_P",$tbl,&label("pic_point")) if(!$x86only);
+
+	&cmp	(&wparam(5),0);
+	&lea    ($tbl,&DWP(&label("AES_Te")."-".&label("pic_point"),$tbl));
+	&jne	(&label("picked_te"));
+	&lea	($tbl,&DWP(&label("AES_Td")."-".&label("AES_Te"),$tbl));
+	&set_label("picked_te");
+
+	# one can argue if this is required
+	&pushf	();
+	&cld	();
+
+	&cmp	($s2,$speed_limit);
+	&jb	(&label("slow_way"));
+	&test	($s2,15);
+	&jnz	(&label("slow_way"));
+					if (!$x86only) {
+	&bt	(&DWP(0,$s0),28);	# check for hyper-threading bit
+	&jc	(&label("slow_way"));
+					}
+	# pre-allocate aligned stack frame...
+	&lea	($acc,&DWP(-80-244,"esp"));
+	&and	($acc,-64);
+
+	# ... and make sure it doesn't alias with $tbl modulo 4096
+	&mov	($s0,$tbl);
+	&lea	($s1,&DWP(2048+256,$tbl));
+	&mov	($s3,$acc);
+	&and	($s0,0xfff);		# s = %ebp&0xfff
+	&and	($s1,0xfff);		# e = (%ebp+2048+256)&0xfff
+	&and	($s3,0xfff);		# p = %esp&0xfff
+
+	&cmp	($s3,$s1);		# if (p>=e) %esp =- (p-e);
+	&jb	(&label("tbl_break_out"));
+	&sub	($s3,$s1);
+	&sub	($acc,$s3);
+	&jmp	(&label("tbl_ok"));
+	&set_label("tbl_break_out",4);	# else %esp -= (p-s)&0xfff + framesz;
+	&sub	($s3,$s0);
+	&and	($s3,0xfff);
+	&add	($s3,384);
+	&sub	($acc,$s3);
+	&set_label("tbl_ok",4);
+
+	&lea	($s3,&wparam(0));	# obtain pointer to parameter block
+	&exch	("esp",$acc);		# allocate stack frame
+	&add	("esp",4);		# reserve for return address!
+	&mov	($_tbl,$tbl);		# save %ebp
+	&mov	($_esp,$acc);		# save %esp
+
+	&mov	($s0,&DWP(0,$s3));	# load inp
+	&mov	($s1,&DWP(4,$s3));	# load out
+	#&mov	($s2,&DWP(8,$s3));	# load len
+	&mov	($key,&DWP(12,$s3));	# load key
+	&mov	($acc,&DWP(16,$s3));	# load ivp
+	&mov	($s3,&DWP(20,$s3));	# load enc flag
+
+	&mov	($_inp,$s0);		# save copy of inp
+	&mov	($_out,$s1);		# save copy of out
+	&mov	($_len,$s2);		# save copy of len
+	&mov	($_key,$key);		# save copy of key
+	&mov	($_ivp,$acc);		# save copy of ivp
+
+	&mov	($mark,0);		# copy of aes_key->rounds = 0;
+	# do we copy key schedule to stack?
+	&mov	($s1 eq "ebx" ? $s1 : "",$key);
+	&mov	($s2 eq "ecx" ? $s2 : "",244/4);
+	&sub	($s1,$tbl);
+	&mov	("esi",$key);
+	&and	($s1,0xfff);
+	&lea	("edi",$aes_key);
+	&cmp	($s1,2048+256);
+	&jb	(&label("do_copy"));
+	&cmp	($s1,4096-244);
+	&jb	(&label("skip_copy"));
+	&set_label("do_copy",4);
+		&mov	($_key,"edi");
+		&data_word(0xA5F3F689);	# rep movsd
+	&set_label("skip_copy");
+
+	&mov	($key,16);
+	&set_label("prefetch_tbl",4);
+		&mov	($s0,&DWP(0,$tbl));
+		&mov	($s1,&DWP(32,$tbl));
+		&mov	($s2,&DWP(64,$tbl));
+		&mov	($acc,&DWP(96,$tbl));
+		&lea	($tbl,&DWP(128,$tbl));
+		&sub	($key,1);
+	&jnz	(&label("prefetch_tbl"));
+	&sub	($tbl,2048);
+
+	&mov	($acc,$_inp);
+	&mov	($key,$_ivp);
+
+	&cmp	($s3,0);
+	&je	(&label("fast_decrypt"));
+
+#----------------------------- ENCRYPT -----------------------------#
+	&mov	($s0,&DWP(0,$key));		# load iv
+	&mov	($s1,&DWP(4,$key));
+
+	&set_label("fast_enc_loop",16);
+		&mov	($s2,&DWP(8,$key));
+		&mov	($s3,&DWP(12,$key));
+
+		&xor	($s0,&DWP(0,$acc));	# xor input data
+		&xor	($s1,&DWP(4,$acc));
+		&xor	($s2,&DWP(8,$acc));
+		&xor	($s3,&DWP(12,$acc));
+
+		&mov	($key,$_key);		# load key
+		&call	("_x86_AES_encrypt");
+
+		&mov	($acc,$_inp);		# load inp
+		&mov	($key,$_out);		# load out
+
+		&mov	(&DWP(0,$key),$s0);	# save output data
+		&mov	(&DWP(4,$key),$s1);
+		&mov	(&DWP(8,$key),$s2);
+		&mov	(&DWP(12,$key),$s3);
+
+		&lea	($acc,&DWP(16,$acc));	# advance inp
+		&mov	($s2,$_len);		# load len
+		&mov	($_inp,$acc);		# save inp
+		&lea	($s3,&DWP(16,$key));	# advance out
+		&mov	($_out,$s3);		# save out
+		&sub	($s2,16);		# decrease len
+		&mov	($_len,$s2);		# save len
+	&jnz	(&label("fast_enc_loop"));
+	&mov	($acc,$_ivp);		# load ivp
+	&mov	($s2,&DWP(8,$key));	# restore last 2 dwords
+	&mov	($s3,&DWP(12,$key));
+	&mov	(&DWP(0,$acc),$s0);	# save ivec
+	&mov	(&DWP(4,$acc),$s1);
+	&mov	(&DWP(8,$acc),$s2);
+	&mov	(&DWP(12,$acc),$s3);
+
+	&cmp	($mark,0);		# was the key schedule copied?
+	&mov	("edi",$_key);
+	&je	(&label("skip_ezero"));
+	# zero copy of key schedule
+	&mov	("ecx",240/4);
+	&xor	("eax","eax");
+	&align	(4);
+	&data_word(0xABF3F689);		# rep stosd
+	&set_label("skip_ezero");
+	&mov	("esp",$_esp);
+	&popf	();
+    &set_label("drop_out");
+	&function_end_A();
+	&pushf	();			# kludge, never executed
+
+#----------------------------- DECRYPT -----------------------------#
+&set_label("fast_decrypt",16);
+
+	&cmp	($acc,$_out);
+	&je	(&label("fast_dec_in_place"));	# in-place processing...
+
+	&mov	($_tmp,$key);
+
+	&align	(4);
+	&set_label("fast_dec_loop",16);
+		&mov	($s0,&DWP(0,$acc));	# read input
+		&mov	($s1,&DWP(4,$acc));
+		&mov	($s2,&DWP(8,$acc));
+		&mov	($s3,&DWP(12,$acc));
+
+		&mov	($key,$_key);		# load key
+		&call	("_x86_AES_decrypt");
+
+		&mov	($key,$_tmp);		# load ivp
+		&mov	($acc,$_len);		# load len
+		&xor	($s0,&DWP(0,$key));	# xor iv
+		&xor	($s1,&DWP(4,$key));
+		&xor	($s2,&DWP(8,$key));
+		&xor	($s3,&DWP(12,$key));
+
+		&mov	($key,$_out);		# load out
+		&mov	($acc,$_inp);		# load inp
+
+		&mov	(&DWP(0,$key),$s0);	# write output
+		&mov	(&DWP(4,$key),$s1);
+		&mov	(&DWP(8,$key),$s2);
+		&mov	(&DWP(12,$key),$s3);
+
+		&mov	($s2,$_len);		# load len
+		&mov	($_tmp,$acc);		# save ivp
+		&lea	($acc,&DWP(16,$acc));	# advance inp
+		&mov	($_inp,$acc);		# save inp
+		&lea	($key,&DWP(16,$key));	# advance out
+		&mov	($_out,$key);		# save out
+		&sub	($s2,16);		# decrease len
+		&mov	($_len,$s2);		# save len
+	&jnz	(&label("fast_dec_loop"));
+	&mov	($key,$_tmp);		# load temp ivp
+	&mov	($acc,$_ivp);		# load user ivp
+	&mov	($s0,&DWP(0,$key));	# load iv
+	&mov	($s1,&DWP(4,$key));
+	&mov	($s2,&DWP(8,$key));
+	&mov	($s3,&DWP(12,$key));
+	&mov	(&DWP(0,$acc),$s0);	# copy back to user
+	&mov	(&DWP(4,$acc),$s1);
+	&mov	(&DWP(8,$acc),$s2);
+	&mov	(&DWP(12,$acc),$s3);
+	&jmp	(&label("fast_dec_out"));
+
+    &set_label("fast_dec_in_place",16);
+	&set_label("fast_dec_in_place_loop");
+		&mov	($s0,&DWP(0,$acc));	# read input
+		&mov	($s1,&DWP(4,$acc));
+		&mov	($s2,&DWP(8,$acc));
+		&mov	($s3,&DWP(12,$acc));
+
+		&lea	($key,$ivec);
+		&mov	(&DWP(0,$key),$s0);	# copy to temp
+		&mov	(&DWP(4,$key),$s1);
+		&mov	(&DWP(8,$key),$s2);
+		&mov	(&DWP(12,$key),$s3);
+
+		&mov	($key,$_key);		# load key
+		&call	("_x86_AES_decrypt");
+
+		&mov	($key,$_ivp);		# load ivp
+		&mov	($acc,$_out);		# load out
+		&xor	($s0,&DWP(0,$key));	# xor iv
+		&xor	($s1,&DWP(4,$key));
+		&xor	($s2,&DWP(8,$key));
+		&xor	($s3,&DWP(12,$key));
+
+		&mov	(&DWP(0,$acc),$s0);	# write output
+		&mov	(&DWP(4,$acc),$s1);
+		&mov	(&DWP(8,$acc),$s2);
+		&mov	(&DWP(12,$acc),$s3);
+
+		&lea	($acc,&DWP(16,$acc));	# advance out
+		&mov	($_out,$acc);		# save out
+
+		&lea	($acc,$ivec);
+		&mov	($s0,&DWP(0,$acc));	# read temp
+		&mov	($s1,&DWP(4,$acc));
+		&mov	($s2,&DWP(8,$acc));
+		&mov	($s3,&DWP(12,$acc));
+
+		&mov	(&DWP(0,$key),$s0);	# copy iv
+		&mov	(&DWP(4,$key),$s1);
+		&mov	(&DWP(8,$key),$s2);
+		&mov	(&DWP(12,$key),$s3);
+
+		&mov	($acc,$_inp);		# load inp
+		&mov	($s2,$_len);		# load len
+		&lea	($acc,&DWP(16,$acc));	# advance inp
+		&mov	($_inp,$acc);		# save inp
+		&sub	($s2,16);		# decrease len
+		&mov	($_len,$s2);		# save len
+	&jnz	(&label("fast_dec_in_place_loop"));
+
+    &set_label("fast_dec_out",4);
+	&cmp	($mark,0);		# was the key schedule copied?
+	&mov	("edi",$_key);
+	&je	(&label("skip_dzero"));
+	# zero copy of key schedule
+	&mov	("ecx",240/4);
+	&xor	("eax","eax");
+	&align	(4);
+	&data_word(0xABF3F689);		# rep stosd
+	&set_label("skip_dzero");
+	&mov	("esp",$_esp);
+	&popf	();
+	&function_end_A();
+	&pushf	();			# kludge, never executed
+
+#--------------------------- SLOW ROUTINE ---------------------------#
+&set_label("slow_way",16);
+
+	&mov	($s0,&DWP(0,$s0)) if (!$x86only);# load OPENSSL_ia32cap
+	&mov	($key,&wparam(3));	# load key
+
+	# pre-allocate aligned stack frame...
+	&lea	($acc,&DWP(-80,"esp"));
+	&and	($acc,-64);
+
+	# ... and make sure it doesn't alias with $key modulo 1024
+	&lea	($s1,&DWP(-80-63,$key));
+	&sub	($s1,$acc);
+	&neg	($s1);
+	&and	($s1,0x3C0);	# modulo 1024, but aligned to cache-line
+	&sub	($acc,$s1);
+
+	# pick S-box copy which can't overlap with stack frame or $key
+	&lea	($s1,&DWP(768,$acc));
+	&sub	($s1,$tbl);
+	&and	($s1,0x300);
+	&lea	($tbl,&DWP(2048+128,$tbl,$s1));
+
+	&lea	($s3,&wparam(0));	# pointer to parameter block
+
+	&exch	("esp",$acc);
+	&add	("esp",4);		# reserve for return address!
+	&mov	($_tbl,$tbl);		# save %ebp
+	&mov	($_esp,$acc);		# save %esp
+	&mov	($_tmp,$s0);		# save OPENSSL_ia32cap
+
+	&mov	($s0,&DWP(0,$s3));	# load inp
+	&mov	($s1,&DWP(4,$s3));	# load out
+	#&mov	($s2,&DWP(8,$s3));	# load len
+	#&mov	($key,&DWP(12,$s3));	# load key
+	&mov	($acc,&DWP(16,$s3));	# load ivp
+	&mov	($s3,&DWP(20,$s3));	# load enc flag
+
+	&mov	($_inp,$s0);		# save copy of inp
+	&mov	($_out,$s1);		# save copy of out
+	&mov	($_len,$s2);		# save copy of len
+	&mov	($_key,$key);		# save copy of key
+	&mov	($_ivp,$acc);		# save copy of ivp
+
+	&mov	($key,$acc);
+	&mov	($acc,$s0);
+
+	&cmp	($s3,0);
+	&je	(&label("slow_decrypt"));
+
+#--------------------------- SLOW ENCRYPT ---------------------------#
+	&cmp	($s2,16);
+	&mov	($s3,$s1);
+	&jb	(&label("slow_enc_tail"));
+
+					if (!$x86only) {
+	&bt	($_tmp,25);		# check for SSE bit
+	&jnc	(&label("slow_enc_x86"));
+
+	&movq	("mm0",&QWP(0,$key));	# load iv
+	&movq	("mm4",&QWP(8,$key));
+
+	&set_label("slow_enc_loop_sse",16);
+		&pxor	("mm0",&QWP(0,$acc));	# xor input data
+		&pxor	("mm4",&QWP(8,$acc));
+
+		&mov	($key,$_key);
+		&call	("_sse_AES_encrypt_compact");
+
+		&mov	($acc,$_inp);		# load inp
+		&mov	($key,$_out);		# load out
+		&mov	($s2,$_len);		# load len
+
+		&movq	(&QWP(0,$key),"mm0");	# save output data
+		&movq	(&QWP(8,$key),"mm4");
+
+		&lea	($acc,&DWP(16,$acc));	# advance inp
+		&mov	($_inp,$acc);		# save inp
+		&lea	($s3,&DWP(16,$key));	# advance out
+		&mov	($_out,$s3);		# save out
+		&sub	($s2,16);		# decrease len
+		&cmp	($s2,16);
+		&mov	($_len,$s2);		# save len
+	&jae	(&label("slow_enc_loop_sse"));
+	&test	($s2,15);
+	&jnz	(&label("slow_enc_tail"));
+	&mov	($acc,$_ivp);		# load ivp
+	&movq	(&QWP(0,$acc),"mm0");	# save ivec
+	&movq	(&QWP(8,$acc),"mm4");
+	&emms	();
+	&mov	("esp",$_esp);
+	&popf	();
+	&function_end_A();
+	&pushf	();			# kludge, never executed
+					}
+    &set_label("slow_enc_x86",16);
+	&mov	($s0,&DWP(0,$key));	# load iv
+	&mov	($s1,&DWP(4,$key));
+
+	&set_label("slow_enc_loop_x86",4);
+		&mov	($s2,&DWP(8,$key));
+		&mov	($s3,&DWP(12,$key));
+
+		&xor	($s0,&DWP(0,$acc));	# xor input data
+		&xor	($s1,&DWP(4,$acc));
+		&xor	($s2,&DWP(8,$acc));
+		&xor	($s3,&DWP(12,$acc));
+
+		&mov	($key,$_key);		# load key
+		&call	("_x86_AES_encrypt_compact");
+
+		&mov	($acc,$_inp);		# load inp
+		&mov	($key,$_out);		# load out
+
+		&mov	(&DWP(0,$key),$s0);	# save output data
+		&mov	(&DWP(4,$key),$s1);
+		&mov	(&DWP(8,$key),$s2);
+		&mov	(&DWP(12,$key),$s3);
+
+		&mov	($s2,$_len);		# load len
+		&lea	($acc,&DWP(16,$acc));	# advance inp
+		&mov	($_inp,$acc);		# save inp
+		&lea	($s3,&DWP(16,$key));	# advance out
+		&mov	($_out,$s3);		# save out
+		&sub	($s2,16);		# decrease len
+		&cmp	($s2,16);
+		&mov	($_len,$s2);		# save len
+	&jae	(&label("slow_enc_loop_x86"));
+	&test	($s2,15);
+	&jnz	(&label("slow_enc_tail"));
+	&mov	($acc,$_ivp);		# load ivp
+	&mov	($s2,&DWP(8,$key));	# restore last dwords
+	&mov	($s3,&DWP(12,$key));
+	&mov	(&DWP(0,$acc),$s0);	# save ivec
+	&mov	(&DWP(4,$acc),$s1);
+	&mov	(&DWP(8,$acc),$s2);
+	&mov	(&DWP(12,$acc),$s3);
+
+	&mov	("esp",$_esp);
+	&popf	();
+	&function_end_A();
+	&pushf	();			# kludge, never executed
+
+    &set_label("slow_enc_tail",16);
+	&emms	()	if (!$x86only);
+	&mov	($key eq "edi"? $key:"",$s3);	# load out to edi
+	&mov	($s1,16);
+	&sub	($s1,$s2);
+	&cmp	($key,$acc eq "esi"? $acc:"");	# compare with inp
+	&je	(&label("enc_in_place"));
+	&align	(4);
+	&data_word(0xA4F3F689);	# rep movsb	# copy input
+	&jmp	(&label("enc_skip_in_place"));
+    &set_label("enc_in_place");
+	&lea	($key,&DWP(0,$key,$s2));
+    &set_label("enc_skip_in_place");
+	&mov	($s2,$s1);
+	&xor	($s0,$s0);
+	&align	(4);
+	&data_word(0xAAF3F689);	# rep stosb	# zero tail
+
+	&mov	($key,$_ivp);			# restore ivp
+	&mov	($acc,$s3);			# output as input
+	&mov	($s0,&DWP(0,$key));
+	&mov	($s1,&DWP(4,$key));
+	&mov	($_len,16);			# len=16
+	&jmp	(&label("slow_enc_loop_x86"));	# one more spin...
+
+#--------------------------- SLOW DECRYPT ---------------------------#
+&set_label("slow_decrypt",16);
+					if (!$x86only) {
+	&bt	($_tmp,25);		# check for SSE bit
+	&jnc	(&label("slow_dec_loop_x86"));
+
+	&set_label("slow_dec_loop_sse",4);
+		&movq	("mm0",&QWP(0,$acc));	# read input
+		&movq	("mm4",&QWP(8,$acc));
+
+		&mov	($key,$_key);
+		&call	("_sse_AES_decrypt_compact");
+
+		&mov	($acc,$_inp);		# load inp
+		&lea	($s0,$ivec);
+		&mov	($s1,$_out);		# load out
+		&mov	($s2,$_len);		# load len
+		&mov	($key,$_ivp);		# load ivp
+
+		&movq	("mm1",&QWP(0,$acc));	# re-read input
+		&movq	("mm5",&QWP(8,$acc));
+
+		&pxor	("mm0",&QWP(0,$key));	# xor iv
+		&pxor	("mm4",&QWP(8,$key));
+
+		&movq	(&QWP(0,$key),"mm1");	# copy input to iv
+		&movq	(&QWP(8,$key),"mm5");
+
+		&sub	($s2,16);		# decrease len
+		&jc	(&label("slow_dec_partial_sse"));
+
+		&movq	(&QWP(0,$s1),"mm0");	# write output
+		&movq	(&QWP(8,$s1),"mm4");
+
+		&lea	($s1,&DWP(16,$s1));	# advance out
+		&mov	($_out,$s1);		# save out
+		&lea	($acc,&DWP(16,$acc));	# advance inp
+		&mov	($_inp,$acc);		# save inp
+		&mov	($_len,$s2);		# save len
+	&jnz	(&label("slow_dec_loop_sse"));
+	&emms	();
+	&mov	("esp",$_esp);
+	&popf	();
+	&function_end_A();
+	&pushf	();			# kludge, never executed
+
+    &set_label("slow_dec_partial_sse",16);
+	&movq	(&QWP(0,$s0),"mm0");	# save output to temp
+	&movq	(&QWP(8,$s0),"mm4");
+	&emms	();
+
+	&add	($s2 eq "ecx" ? "ecx":"",16);
+	&mov	("edi",$s1);		# out
+	&mov	("esi",$s0);		# temp
+	&align	(4);
+	&data_word(0xA4F3F689);		# rep movsb # copy partial output
+
+	&mov	("esp",$_esp);
+	&popf	();
+	&function_end_A();
+	&pushf	();			# kludge, never executed
+					}
+	&set_label("slow_dec_loop_x86",16);
+		&mov	($s0,&DWP(0,$acc));	# read input
+		&mov	($s1,&DWP(4,$acc));
+		&mov	($s2,&DWP(8,$acc));
+		&mov	($s3,&DWP(12,$acc));
+
+		&lea	($key,$ivec);
+		&mov	(&DWP(0,$key),$s0);	# copy to temp
+		&mov	(&DWP(4,$key),$s1);
+		&mov	(&DWP(8,$key),$s2);
+		&mov	(&DWP(12,$key),$s3);
+
+		&mov	($key,$_key);		# load key
+		&call	("_x86_AES_decrypt_compact");
+
+		&mov	($key,$_ivp);		# load ivp
+		&mov	($acc,$_len);		# load len
+		&xor	($s0,&DWP(0,$key));	# xor iv
+		&xor	($s1,&DWP(4,$key));
+		&xor	($s2,&DWP(8,$key));
+		&xor	($s3,&DWP(12,$key));
+
+		&sub	($acc,16);
+		&jc	(&label("slow_dec_partial_x86"));
+
+		&mov	($_len,$acc);		# save len
+		&mov	($acc,$_out);		# load out
+
+		&mov	(&DWP(0,$acc),$s0);	# write output
+		&mov	(&DWP(4,$acc),$s1);
+		&mov	(&DWP(8,$acc),$s2);
+		&mov	(&DWP(12,$acc),$s3);
+
+		&lea	($acc,&DWP(16,$acc));	# advance out
+		&mov	($_out,$acc);		# save out
+
+		&lea	($acc,$ivec);
+		&mov	($s0,&DWP(0,$acc));	# read temp
+		&mov	($s1,&DWP(4,$acc));
+		&mov	($s2,&DWP(8,$acc));
+		&mov	($s3,&DWP(12,$acc));
+
+		&mov	(&DWP(0,$key),$s0);	# copy it to iv
+		&mov	(&DWP(4,$key),$s1);
+		&mov	(&DWP(8,$key),$s2);
+		&mov	(&DWP(12,$key),$s3);
+
+		&mov	($acc,$_inp);		# load inp
+		&lea	($acc,&DWP(16,$acc));	# advance inp
+		&mov	($_inp,$acc);		# save inp
+	&jnz	(&label("slow_dec_loop_x86"));
+	&mov	("esp",$_esp);
+	&popf	();
+	&function_end_A();
+	&pushf	();			# kludge, never executed
+
+    &set_label("slow_dec_partial_x86",16);
+	&lea	($acc,$ivec);
+	&mov	(&DWP(0,$acc),$s0);	# save output to temp
+	&mov	(&DWP(4,$acc),$s1);
+	&mov	(&DWP(8,$acc),$s2);
+	&mov	(&DWP(12,$acc),$s3);
+
+	&mov	($acc,$_inp);
+	&mov	($s0,&DWP(0,$acc));	# re-read input
+	&mov	($s1,&DWP(4,$acc));
+	&mov	($s2,&DWP(8,$acc));
+	&mov	($s3,&DWP(12,$acc));
+
+	&mov	(&DWP(0,$key),$s0);	# copy it to iv
+	&mov	(&DWP(4,$key),$s1);
+	&mov	(&DWP(8,$key),$s2);
+	&mov	(&DWP(12,$key),$s3);
+
+	&mov	("ecx",$_len);
+	&mov	("edi",$_out);
+	&lea	("esi",$ivec);
+	&align	(4);
+	&data_word(0xA4F3F689);		# rep movsb # copy partial output
+
+	&mov	("esp",$_esp);
+	&popf	();
+&function_end("AES_cbc_encrypt");
+}
+
+#------------------------------------------------------------------#
+
+sub enckey()
+{
+	&movz	("esi",&LB("edx"));		# rk[i]>>0
+	&movz	("ebx",&BP(-128,$tbl,"esi",1));
+	&movz	("esi",&HB("edx"));		# rk[i]>>8
+	&shl	("ebx",24);
+	&xor	("eax","ebx");
+
+	&movz	("ebx",&BP(-128,$tbl,"esi",1));
+	&shr	("edx",16);
+	&movz	("esi",&LB("edx"));		# rk[i]>>16
+	&xor	("eax","ebx");
+
+	&movz	("ebx",&BP(-128,$tbl,"esi",1));
+	&movz	("esi",&HB("edx"));		# rk[i]>>24
+	&shl	("ebx",8);
+	&xor	("eax","ebx");
+
+	&movz	("ebx",&BP(-128,$tbl,"esi",1));
+	&shl	("ebx",16);
+	&xor	("eax","ebx");
+
+	&xor	("eax",&DWP(1024-128,$tbl,"ecx",4));	# rcon
+}
+
+&function_begin("_x86_AES_set_encrypt_key");
+	&mov	("esi",&wparam(1));		# user supplied key
+	&mov	("edi",&wparam(3));		# private key schedule
+
+	&test	("esi",-1);
+	&jz	(&label("badpointer"));
+	&test	("edi",-1);
+	&jz	(&label("badpointer"));
+
+	&call	(&label("pic_point"));
+	&set_label("pic_point");
+	&blindpop($tbl);
+	&lea	($tbl,&DWP(&label("AES_Te")."-".&label("pic_point"),$tbl));
+	&lea	($tbl,&DWP(2048+128,$tbl));
+
+	# prefetch Te4
+	&mov	("eax",&DWP(0-128,$tbl));
+	&mov	("ebx",&DWP(32-128,$tbl));
+	&mov	("ecx",&DWP(64-128,$tbl));
+	&mov	("edx",&DWP(96-128,$tbl));
+	&mov	("eax",&DWP(128-128,$tbl));
+	&mov	("ebx",&DWP(160-128,$tbl));
+	&mov	("ecx",&DWP(192-128,$tbl));
+	&mov	("edx",&DWP(224-128,$tbl));
+
+	&mov	("ecx",&wparam(2));		# number of bits in key
+	&cmp	("ecx",128);
+	&je	(&label("10rounds"));
+	&cmp	("ecx",192);
+	&je	(&label("12rounds"));
+	&cmp	("ecx",256);
+	&je	(&label("14rounds"));
+	&mov	("eax",-2);			# invalid number of bits
+	&jmp	(&label("exit"));
+
+    &set_label("10rounds");
+	&mov	("eax",&DWP(0,"esi"));		# copy first 4 dwords
+	&mov	("ebx",&DWP(4,"esi"));
+	&mov	("ecx",&DWP(8,"esi"));
+	&mov	("edx",&DWP(12,"esi"));
+	&mov	(&DWP(0,"edi"),"eax");
+	&mov	(&DWP(4,"edi"),"ebx");
+	&mov	(&DWP(8,"edi"),"ecx");
+	&mov	(&DWP(12,"edi"),"edx");
+
+	&xor	("ecx","ecx");
+	&jmp	(&label("10shortcut"));
+
+	&align	(4);
+	&set_label("10loop");
+		&mov	("eax",&DWP(0,"edi"));		# rk[0]
+		&mov	("edx",&DWP(12,"edi"));		# rk[3]
+	&set_label("10shortcut");
+		&enckey	();
+
+		&mov	(&DWP(16,"edi"),"eax");		# rk[4]
+		&xor	("eax",&DWP(4,"edi"));
+		&mov	(&DWP(20,"edi"),"eax");		# rk[5]
+		&xor	("eax",&DWP(8,"edi"));
+		&mov	(&DWP(24,"edi"),"eax");		# rk[6]
+		&xor	("eax",&DWP(12,"edi"));
+		&mov	(&DWP(28,"edi"),"eax");		# rk[7]
+		&inc	("ecx");
+		&add	("edi",16);
+		&cmp	("ecx",10);
+	&jl	(&label("10loop"));
+
+	&mov	(&DWP(80,"edi"),10);		# setup number of rounds
+	&xor	("eax","eax");
+	&jmp	(&label("exit"));
+
+    &set_label("12rounds");
+	&mov	("eax",&DWP(0,"esi"));		# copy first 6 dwords
+	&mov	("ebx",&DWP(4,"esi"));
+	&mov	("ecx",&DWP(8,"esi"));
+	&mov	("edx",&DWP(12,"esi"));
+	&mov	(&DWP(0,"edi"),"eax");
+	&mov	(&DWP(4,"edi"),"ebx");
+	&mov	(&DWP(8,"edi"),"ecx");
+	&mov	(&DWP(12,"edi"),"edx");
+	&mov	("ecx",&DWP(16,"esi"));
+	&mov	("edx",&DWP(20,"esi"));
+	&mov	(&DWP(16,"edi"),"ecx");
+	&mov	(&DWP(20,"edi"),"edx");
+
+	&xor	("ecx","ecx");
+	&jmp	(&label("12shortcut"));
+
+	&align	(4);
+	&set_label("12loop");
+		&mov	("eax",&DWP(0,"edi"));		# rk[0]
+		&mov	("edx",&DWP(20,"edi"));		# rk[5]
+	&set_label("12shortcut");
+		&enckey	();
+
+		&mov	(&DWP(24,"edi"),"eax");		# rk[6]
+		&xor	("eax",&DWP(4,"edi"));
+		&mov	(&DWP(28,"edi"),"eax");		# rk[7]
+		&xor	("eax",&DWP(8,"edi"));
+		&mov	(&DWP(32,"edi"),"eax");		# rk[8]
+		&xor	("eax",&DWP(12,"edi"));
+		&mov	(&DWP(36,"edi"),"eax");		# rk[9]
+
+		&cmp	("ecx",7);
+		&je	(&label("12break"));
+		&inc	("ecx");
+
+		&xor	("eax",&DWP(16,"edi"));
+		&mov	(&DWP(40,"edi"),"eax");		# rk[10]
+		&xor	("eax",&DWP(20,"edi"));
+		&mov	(&DWP(44,"edi"),"eax");		# rk[11]
+
+		&add	("edi",24);
+	&jmp	(&label("12loop"));
+
+	&set_label("12break");
+	&mov	(&DWP(72,"edi"),12);		# setup number of rounds
+	&xor	("eax","eax");
+	&jmp	(&label("exit"));
+
+    &set_label("14rounds");
+	&mov	("eax",&DWP(0,"esi"));		# copy first 8 dwords
+	&mov	("ebx",&DWP(4,"esi"));
+	&mov	("ecx",&DWP(8,"esi"));
+	&mov	("edx",&DWP(12,"esi"));
+	&mov	(&DWP(0,"edi"),"eax");
+	&mov	(&DWP(4,"edi"),"ebx");
+	&mov	(&DWP(8,"edi"),"ecx");
+	&mov	(&DWP(12,"edi"),"edx");
+	&mov	("eax",&DWP(16,"esi"));
+	&mov	("ebx",&DWP(20,"esi"));
+	&mov	("ecx",&DWP(24,"esi"));
+	&mov	("edx",&DWP(28,"esi"));
+	&mov	(&DWP(16,"edi"),"eax");
+	&mov	(&DWP(20,"edi"),"ebx");
+	&mov	(&DWP(24,"edi"),"ecx");
+	&mov	(&DWP(28,"edi"),"edx");
+
+	&xor	("ecx","ecx");
+	&jmp	(&label("14shortcut"));
+
+	&align	(4);
+	&set_label("14loop");
+		&mov	("edx",&DWP(28,"edi"));		# rk[7]
+	&set_label("14shortcut");
+		&mov	("eax",&DWP(0,"edi"));		# rk[0]
+
+		&enckey	();
+
+		&mov	(&DWP(32,"edi"),"eax");		# rk[8]
+		&xor	("eax",&DWP(4,"edi"));
+		&mov	(&DWP(36,"edi"),"eax");		# rk[9]
+		&xor	("eax",&DWP(8,"edi"));
+		&mov	(&DWP(40,"edi"),"eax");		# rk[10]
+		&xor	("eax",&DWP(12,"edi"));
+		&mov	(&DWP(44,"edi"),"eax");		# rk[11]
+
+		&cmp	("ecx",6);
+		&je	(&label("14break"));
+		&inc	("ecx");
+
+		&mov	("edx","eax");
+		&mov	("eax",&DWP(16,"edi"));		# rk[4]
+		&movz	("esi",&LB("edx"));		# rk[11]>>0
+		&movz	("ebx",&BP(-128,$tbl,"esi",1));
+		&movz	("esi",&HB("edx"));		# rk[11]>>8
+		&xor	("eax","ebx");
+
+		&movz	("ebx",&BP(-128,$tbl,"esi",1));
+		&shr	("edx",16);
+		&shl	("ebx",8);
+		&movz	("esi",&LB("edx"));		# rk[11]>>16
+		&xor	("eax","ebx");
+
+		&movz	("ebx",&BP(-128,$tbl,"esi",1));
+		&movz	("esi",&HB("edx"));		# rk[11]>>24
+		&shl	("ebx",16);
+		&xor	("eax","ebx");
+
+		&movz	("ebx",&BP(-128,$tbl,"esi",1));
+		&shl	("ebx",24);
+		&xor	("eax","ebx");
+
+		&mov	(&DWP(48,"edi"),"eax");		# rk[12]
+		&xor	("eax",&DWP(20,"edi"));
+		&mov	(&DWP(52,"edi"),"eax");		# rk[13]
+		&xor	("eax",&DWP(24,"edi"));
+		&mov	(&DWP(56,"edi"),"eax");		# rk[14]
+		&xor	("eax",&DWP(28,"edi"));
+		&mov	(&DWP(60,"edi"),"eax");		# rk[15]
+
+		&add	("edi",32);
+	&jmp	(&label("14loop"));
+
+	&set_label("14break");
+	&mov	(&DWP(48,"edi"),14);		# setup number of rounds
+	&xor	("eax","eax");
+	&jmp	(&label("exit"));
+
+    &set_label("badpointer");
+	&mov	("eax",-1);
+    &set_label("exit");
+&function_end("_x86_AES_set_encrypt_key");
+
+# int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+#                        AES_KEY *key)
+&function_begin_B("AES_set_encrypt_key");
+	&call	("_x86_AES_set_encrypt_key");
+	&ret	();
+&function_end_B("AES_set_encrypt_key");
+
+sub deckey()
+{ my ($i,$key,$tp1,$tp2,$tp4,$tp8) = @_;
+  my $tmp = $tbl;
+
+	&mov	($tmp,0x80808080);
+	&and	($tmp,$tp1);
+	&lea	($tp2,&DWP(0,$tp1,$tp1));
+	&mov	($acc,$tmp);
+	&shr	($tmp,7);
+	&sub	($acc,$tmp);
+	&and	($tp2,0xfefefefe);
+	&and	($acc,0x1b1b1b1b);
+	&xor	($tp2,$acc);
+	&mov	($tmp,0x80808080);
+
+	&and	($tmp,$tp2);
+	&lea	($tp4,&DWP(0,$tp2,$tp2));
+	&mov	($acc,$tmp);
+	&shr	($tmp,7);
+	&sub	($acc,$tmp);
+	&and	($tp4,0xfefefefe);
+	&and	($acc,0x1b1b1b1b);
+	 &xor	($tp2,$tp1);	# tp2^tp1
+	&xor	($tp4,$acc);
+	&mov	($tmp,0x80808080);
+
+	&and	($tmp,$tp4);
+	&lea	($tp8,&DWP(0,$tp4,$tp4));
+	&mov	($acc,$tmp);
+	&shr	($tmp,7);
+	 &xor	($tp4,$tp1);	# tp4^tp1
+	&sub	($acc,$tmp);
+	&and	($tp8,0xfefefefe);
+	&and	($acc,0x1b1b1b1b);
+	 &rotl	($tp1,8);	# = ROTATE(tp1,8)
+	&xor	($tp8,$acc);
+
+	&mov	($tmp,&DWP(4*($i+1),$key));	# modulo-scheduled load
+
+	&xor	($tp1,$tp2);
+	&xor	($tp2,$tp8);
+	&xor	($tp1,$tp4);
+	&rotl	($tp2,24);
+	&xor	($tp4,$tp8);
+	&xor	($tp1,$tp8);	# ^= tp8^(tp4^tp1)^(tp2^tp1)
+	&rotl	($tp4,16);
+	&xor	($tp1,$tp2);	# ^= ROTATE(tp8^tp2^tp1,24)
+	&rotl	($tp8,8);
+	&xor	($tp1,$tp4);	# ^= ROTATE(tp8^tp4^tp1,16)
+	&mov	($tp2,$tmp);
+	&xor	($tp1,$tp8);	# ^= ROTATE(tp8,8)
+
+	&mov	(&DWP(4*$i,$key),$tp1);
+}
+
+# int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+#                        AES_KEY *key)
+&function_begin_B("AES_set_decrypt_key");
+	&call	("_x86_AES_set_encrypt_key");
+	&cmp	("eax",0);
+	&je	(&label("proceed"));
+	&ret	();
+
+    &set_label("proceed");
+	&push	("ebp");
+	&push	("ebx");
+	&push	("esi");
+	&push	("edi");
+
+	&mov	("esi",&wparam(2));
+	&mov	("ecx",&DWP(240,"esi"));	# pull number of rounds
+	&lea	("ecx",&DWP(0,"","ecx",4));
+	&lea	("edi",&DWP(0,"esi","ecx",4));	# pointer to last chunk
+
+	&set_label("invert",4);			# invert order of chunks
+		&mov	("eax",&DWP(0,"esi"));
+		&mov	("ebx",&DWP(4,"esi"));
+		&mov	("ecx",&DWP(0,"edi"));
+		&mov	("edx",&DWP(4,"edi"));
+		&mov	(&DWP(0,"edi"),"eax");
+		&mov	(&DWP(4,"edi"),"ebx");
+		&mov	(&DWP(0,"esi"),"ecx");
+		&mov	(&DWP(4,"esi"),"edx");
+		&mov	("eax",&DWP(8,"esi"));
+		&mov	("ebx",&DWP(12,"esi"));
+		&mov	("ecx",&DWP(8,"edi"));
+		&mov	("edx",&DWP(12,"edi"));
+		&mov	(&DWP(8,"edi"),"eax");
+		&mov	(&DWP(12,"edi"),"ebx");
+		&mov	(&DWP(8,"esi"),"ecx");
+		&mov	(&DWP(12,"esi"),"edx");
+		&add	("esi",16);
+		&sub	("edi",16);
+		&cmp	("esi","edi");
+	&jne	(&label("invert"));
+
+	&mov	($key,&wparam(2));
+	&mov	($acc,&DWP(240,$key));		# pull number of rounds
+	&lea	($acc,&DWP(-2,$acc,$acc));
+	&lea	($acc,&DWP(0,$key,$acc,8));
+	&mov	(&wparam(2),$acc);
+
+	&mov	($s0,&DWP(16,$key));		# modulo-scheduled load
+	&set_label("permute",4);		# permute the key schedule
+		&add	($key,16);
+		&deckey	(0,$key,$s0,$s1,$s2,$s3);
+		&deckey	(1,$key,$s1,$s2,$s3,$s0);
+		&deckey	(2,$key,$s2,$s3,$s0,$s1);
+		&deckey	(3,$key,$s3,$s0,$s1,$s2);
+		&cmp	($key,&wparam(2));
+	&jb	(&label("permute"));
+
+	&xor	("eax","eax");			# return success
+&function_end("AES_set_decrypt_key");
+&asciz("AES for x86, CRYPTOGAMS by <appro\@openssl.org>");
+
+&asm_finish();
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-armv4.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-armv4.pl
new file mode 100644
index 000000000..998158998
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-armv4.pl
@@ -0,0 +1,1245 @@
+#! /usr/bin/env perl
+# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# AES for ARMv4
+
+# January 2007.
+#
+# Code uses single 1K S-box and is >2 times faster than code generated
+# by gcc-3.4.1. This is thanks to unique feature of ARMv4 ISA, which
+# allows to merge logical or arithmetic operation with shift or rotate
+# in one instruction and emit combined result every cycle. The module
+# is endian-neutral. The performance is ~42 cycles/byte for 128-bit
+# key [on single-issue Xscale PXA250 core].
+
+# May 2007.
+#
+# AES_set_[en|de]crypt_key is added.
+
+# July 2010.
+#
+# Rescheduling for dual-issue pipeline resulted in 12% improvement on
+# Cortex A8 core and ~25 cycles per byte processed with 128-bit key.
+
+# February 2011.
+#
+# Profiler-assisted and platform-specific optimization resulted in 16%
+# improvement on Cortex A8 core and ~21.5 cycles per byte.
+
+$flavour = shift;
+if ($flavour=~/\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; }
+else { while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} }
+
+if ($flavour && $flavour ne "void") {
+    $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+    ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
+    ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
+    die "can't locate arm-xlate.pl";
+
+    open STDOUT,"| \"$^X\" $xlate $flavour $output";
+} else {
+    open STDOUT,">$output";
+}
+
+$s0="r0";
+$s1="r1";
+$s2="r2";
+$s3="r3";
+$t1="r4";
+$t2="r5";
+$t3="r6";
+$i1="r7";
+$i2="r8";
+$i3="r9";
+
+$tbl="r10";
+$key="r11";
+$rounds="r12";
+
+$code=<<___;
+#ifndef __KERNEL__
+# include "arm_arch.h"
+#else
+# define __ARM_ARCH__ __LINUX_ARM_ARCH__
+#endif
+
+.text
+#if defined(__thumb2__) && !defined(__APPLE__)
+.syntax	unified
+.thumb
+#else
+.code	32
+#undef __thumb2__
+#endif
+
+.type	AES_Te,%object
+.align	5
+AES_Te:
+.word	0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d
+.word	0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554
+.word	0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d
+.word	0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a
+.word	0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87
+.word	0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b
+.word	0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea
+.word	0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b
+.word	0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a
+.word	0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f
+.word	0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108
+.word	0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f
+.word	0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e
+.word	0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5
+.word	0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d
+.word	0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f
+.word	0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e
+.word	0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb
+.word	0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce
+.word	0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497
+.word	0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c
+.word	0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed
+.word	0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b
+.word	0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a
+.word	0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16
+.word	0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594
+.word	0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81
+.word	0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3
+.word	0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a
+.word	0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504
+.word	0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163
+.word	0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d
+.word	0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f
+.word	0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739
+.word	0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47
+.word	0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395
+.word	0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f
+.word	0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883
+.word	0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c
+.word	0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76
+.word	0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e
+.word	0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4
+.word	0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6
+.word	0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b
+.word	0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7
+.word	0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0
+.word	0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25
+.word	0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818
+.word	0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72
+.word	0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651
+.word	0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21
+.word	0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85
+.word	0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa
+.word	0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12
+.word	0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0
+.word	0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9
+.word	0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133
+.word	0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7
+.word	0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920
+.word	0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a
+.word	0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17
+.word	0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8
+.word	0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11
+.word	0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a
+@ Te4[256]
+.byte	0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5
+.byte	0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76
+.byte	0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0
+.byte	0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0
+.byte	0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc
+.byte	0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15
+.byte	0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a
+.byte	0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75
+.byte	0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0
+.byte	0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84
+.byte	0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b
+.byte	0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf
+.byte	0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85
+.byte	0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8
+.byte	0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5
+.byte	0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2
+.byte	0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17
+.byte	0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73
+.byte	0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88
+.byte	0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb
+.byte	0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c
+.byte	0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79
+.byte	0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9
+.byte	0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08
+.byte	0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6
+.byte	0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a
+.byte	0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e
+.byte	0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e
+.byte	0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94
+.byte	0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf
+.byte	0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68
+.byte	0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
+@ rcon[]
+.word	0x01000000, 0x02000000, 0x04000000, 0x08000000
+.word	0x10000000, 0x20000000, 0x40000000, 0x80000000
+.word	0x1B000000, 0x36000000, 0, 0, 0, 0, 0, 0
+.size	AES_Te,.-AES_Te
+
+@ void AES_encrypt(const unsigned char *in, unsigned char *out,
+@ 		 const AES_KEY *key) {
+.global AES_encrypt
+.type   AES_encrypt,%function
+.align	5
+AES_encrypt:
+#ifndef	__thumb2__
+	sub	r3,pc,#8		@ AES_encrypt
+#else
+	adr	r3,.
+#endif
+	stmdb   sp!,{r1,r4-r12,lr}
+#if defined(__thumb2__) || defined(__APPLE__)
+	adr	$tbl,AES_Te
+#else
+	sub	$tbl,r3,#AES_encrypt-AES_Te	@ Te
+#endif
+	mov	$rounds,r0		@ inp
+	mov	$key,r2
+#if __ARM_ARCH__<7
+	ldrb	$s0,[$rounds,#3]	@ load input data in endian-neutral
+	ldrb	$t1,[$rounds,#2]	@ manner...
+	ldrb	$t2,[$rounds,#1]
+	ldrb	$t3,[$rounds,#0]
+	orr	$s0,$s0,$t1,lsl#8
+	ldrb	$s1,[$rounds,#7]
+	orr	$s0,$s0,$t2,lsl#16
+	ldrb	$t1,[$rounds,#6]
+	orr	$s0,$s0,$t3,lsl#24
+	ldrb	$t2,[$rounds,#5]
+	ldrb	$t3,[$rounds,#4]
+	orr	$s1,$s1,$t1,lsl#8
+	ldrb	$s2,[$rounds,#11]
+	orr	$s1,$s1,$t2,lsl#16
+	ldrb	$t1,[$rounds,#10]
+	orr	$s1,$s1,$t3,lsl#24
+	ldrb	$t2,[$rounds,#9]
+	ldrb	$t3,[$rounds,#8]
+	orr	$s2,$s2,$t1,lsl#8
+	ldrb	$s3,[$rounds,#15]
+	orr	$s2,$s2,$t2,lsl#16
+	ldrb	$t1,[$rounds,#14]
+	orr	$s2,$s2,$t3,lsl#24
+	ldrb	$t2,[$rounds,#13]
+	ldrb	$t3,[$rounds,#12]
+	orr	$s3,$s3,$t1,lsl#8
+	orr	$s3,$s3,$t2,lsl#16
+	orr	$s3,$s3,$t3,lsl#24
+#else
+	ldr	$s0,[$rounds,#0]
+	ldr	$s1,[$rounds,#4]
+	ldr	$s2,[$rounds,#8]
+	ldr	$s3,[$rounds,#12]
+#ifdef __ARMEL__
+	rev	$s0,$s0
+	rev	$s1,$s1
+	rev	$s2,$s2
+	rev	$s3,$s3
+#endif
+#endif
+	bl	_armv4_AES_encrypt
+
+	ldr	$rounds,[sp],#4		@ pop out
+#if __ARM_ARCH__>=7
+#ifdef __ARMEL__
+	rev	$s0,$s0
+	rev	$s1,$s1
+	rev	$s2,$s2
+	rev	$s3,$s3
+#endif
+	str	$s0,[$rounds,#0]
+	str	$s1,[$rounds,#4]
+	str	$s2,[$rounds,#8]
+	str	$s3,[$rounds,#12]
+#else
+	mov	$t1,$s0,lsr#24		@ write output in endian-neutral
+	mov	$t2,$s0,lsr#16		@ manner...
+	mov	$t3,$s0,lsr#8
+	strb	$t1,[$rounds,#0]
+	strb	$t2,[$rounds,#1]
+	mov	$t1,$s1,lsr#24
+	strb	$t3,[$rounds,#2]
+	mov	$t2,$s1,lsr#16
+	strb	$s0,[$rounds,#3]
+	mov	$t3,$s1,lsr#8
+	strb	$t1,[$rounds,#4]
+	strb	$t2,[$rounds,#5]
+	mov	$t1,$s2,lsr#24
+	strb	$t3,[$rounds,#6]
+	mov	$t2,$s2,lsr#16
+	strb	$s1,[$rounds,#7]
+	mov	$t3,$s2,lsr#8
+	strb	$t1,[$rounds,#8]
+	strb	$t2,[$rounds,#9]
+	mov	$t1,$s3,lsr#24
+	strb	$t3,[$rounds,#10]
+	mov	$t2,$s3,lsr#16
+	strb	$s2,[$rounds,#11]
+	mov	$t3,$s3,lsr#8
+	strb	$t1,[$rounds,#12]
+	strb	$t2,[$rounds,#13]
+	strb	$t3,[$rounds,#14]
+	strb	$s3,[$rounds,#15]
+#endif
+#if __ARM_ARCH__>=5
+	ldmia	sp!,{r4-r12,pc}
+#else
+	ldmia   sp!,{r4-r12,lr}
+	tst	lr,#1
+	moveq	pc,lr			@ be binary compatible with V4, yet
+	bx	lr			@ interoperable with Thumb ISA:-)
+#endif
+.size	AES_encrypt,.-AES_encrypt
+
+.type   _armv4_AES_encrypt,%function
+.align	2
+_armv4_AES_encrypt:
+	str	lr,[sp,#-4]!		@ push lr
+	ldmia	$key!,{$t1-$i1}
+	eor	$s0,$s0,$t1
+	ldr	$rounds,[$key,#240-16]
+	eor	$s1,$s1,$t2
+	eor	$s2,$s2,$t3
+	eor	$s3,$s3,$i1
+	sub	$rounds,$rounds,#1
+	mov	lr,#255
+
+	and	$i1,lr,$s0
+	and	$i2,lr,$s0,lsr#8
+	and	$i3,lr,$s0,lsr#16
+	mov	$s0,$s0,lsr#24
+.Lenc_loop:
+	ldr	$t1,[$tbl,$i1,lsl#2]	@ Te3[s0>>0]
+	and	$i1,lr,$s1,lsr#16	@ i0
+	ldr	$t2,[$tbl,$i2,lsl#2]	@ Te2[s0>>8]
+	and	$i2,lr,$s1
+	ldr	$t3,[$tbl,$i3,lsl#2]	@ Te1[s0>>16]
+	and	$i3,lr,$s1,lsr#8
+	ldr	$s0,[$tbl,$s0,lsl#2]	@ Te0[s0>>24]
+	mov	$s1,$s1,lsr#24
+
+	ldr	$i1,[$tbl,$i1,lsl#2]	@ Te1[s1>>16]
+	ldr	$i2,[$tbl,$i2,lsl#2]	@ Te3[s1>>0]
+	ldr	$i3,[$tbl,$i3,lsl#2]	@ Te2[s1>>8]
+	eor	$s0,$s0,$i1,ror#8
+	ldr	$s1,[$tbl,$s1,lsl#2]	@ Te0[s1>>24]
+	and	$i1,lr,$s2,lsr#8	@ i0
+	eor	$t2,$t2,$i2,ror#8
+	and	$i2,lr,$s2,lsr#16	@ i1
+	eor	$t3,$t3,$i3,ror#8
+	and	$i3,lr,$s2
+	ldr	$i1,[$tbl,$i1,lsl#2]	@ Te2[s2>>8]
+	eor	$s1,$s1,$t1,ror#24
+	ldr	$i2,[$tbl,$i2,lsl#2]	@ Te1[s2>>16]
+	mov	$s2,$s2,lsr#24
+
+	ldr	$i3,[$tbl,$i3,lsl#2]	@ Te3[s2>>0]
+	eor	$s0,$s0,$i1,ror#16
+	ldr	$s2,[$tbl,$s2,lsl#2]	@ Te0[s2>>24]
+	and	$i1,lr,$s3		@ i0
+	eor	$s1,$s1,$i2,ror#8
+	and	$i2,lr,$s3,lsr#8	@ i1
+	eor	$t3,$t3,$i3,ror#16
+	and	$i3,lr,$s3,lsr#16	@ i2
+	ldr	$i1,[$tbl,$i1,lsl#2]	@ Te3[s3>>0]
+	eor	$s2,$s2,$t2,ror#16
+	ldr	$i2,[$tbl,$i2,lsl#2]	@ Te2[s3>>8]
+	mov	$s3,$s3,lsr#24
+
+	ldr	$i3,[$tbl,$i3,lsl#2]	@ Te1[s3>>16]
+	eor	$s0,$s0,$i1,ror#24
+	ldr	$i1,[$key],#16
+	eor	$s1,$s1,$i2,ror#16
+	ldr	$s3,[$tbl,$s3,lsl#2]	@ Te0[s3>>24]
+	eor	$s2,$s2,$i3,ror#8
+	ldr	$t1,[$key,#-12]
+	eor	$s3,$s3,$t3,ror#8
+
+	ldr	$t2,[$key,#-8]
+	eor	$s0,$s0,$i1
+	ldr	$t3,[$key,#-4]
+	and	$i1,lr,$s0
+	eor	$s1,$s1,$t1
+	and	$i2,lr,$s0,lsr#8
+	eor	$s2,$s2,$t2
+	and	$i3,lr,$s0,lsr#16
+	eor	$s3,$s3,$t3
+	mov	$s0,$s0,lsr#24
+
+	subs	$rounds,$rounds,#1
+	bne	.Lenc_loop
+
+	add	$tbl,$tbl,#2
+
+	ldrb	$t1,[$tbl,$i1,lsl#2]	@ Te4[s0>>0]
+	and	$i1,lr,$s1,lsr#16	@ i0
+	ldrb	$t2,[$tbl,$i2,lsl#2]	@ Te4[s0>>8]
+	and	$i2,lr,$s1
+	ldrb	$t3,[$tbl,$i3,lsl#2]	@ Te4[s0>>16]
+	and	$i3,lr,$s1,lsr#8
+	ldrb	$s0,[$tbl,$s0,lsl#2]	@ Te4[s0>>24]
+	mov	$s1,$s1,lsr#24
+
+	ldrb	$i1,[$tbl,$i1,lsl#2]	@ Te4[s1>>16]
+	ldrb	$i2,[$tbl,$i2,lsl#2]	@ Te4[s1>>0]
+	ldrb	$i3,[$tbl,$i3,lsl#2]	@ Te4[s1>>8]
+	eor	$s0,$i1,$s0,lsl#8
+	ldrb	$s1,[$tbl,$s1,lsl#2]	@ Te4[s1>>24]
+	and	$i1,lr,$s2,lsr#8	@ i0
+	eor	$t2,$i2,$t2,lsl#8
+	and	$i2,lr,$s2,lsr#16	@ i1
+	eor	$t3,$i3,$t3,lsl#8
+	and	$i3,lr,$s2
+	ldrb	$i1,[$tbl,$i1,lsl#2]	@ Te4[s2>>8]
+	eor	$s1,$t1,$s1,lsl#24
+	ldrb	$i2,[$tbl,$i2,lsl#2]	@ Te4[s2>>16]
+	mov	$s2,$s2,lsr#24
+
+	ldrb	$i3,[$tbl,$i3,lsl#2]	@ Te4[s2>>0]
+	eor	$s0,$i1,$s0,lsl#8
+	ldrb	$s2,[$tbl,$s2,lsl#2]	@ Te4[s2>>24]
+	and	$i1,lr,$s3		@ i0
+	eor	$s1,$s1,$i2,lsl#16
+	and	$i2,lr,$s3,lsr#8	@ i1
+	eor	$t3,$i3,$t3,lsl#8
+	and	$i3,lr,$s3,lsr#16	@ i2
+	ldrb	$i1,[$tbl,$i1,lsl#2]	@ Te4[s3>>0]
+	eor	$s2,$t2,$s2,lsl#24
+	ldrb	$i2,[$tbl,$i2,lsl#2]	@ Te4[s3>>8]
+	mov	$s3,$s3,lsr#24
+
+	ldrb	$i3,[$tbl,$i3,lsl#2]	@ Te4[s3>>16]
+	eor	$s0,$i1,$s0,lsl#8
+	ldr	$i1,[$key,#0]
+	ldrb	$s3,[$tbl,$s3,lsl#2]	@ Te4[s3>>24]
+	eor	$s1,$s1,$i2,lsl#8
+	ldr	$t1,[$key,#4]
+	eor	$s2,$s2,$i3,lsl#16
+	ldr	$t2,[$key,#8]
+	eor	$s3,$t3,$s3,lsl#24
+	ldr	$t3,[$key,#12]
+
+	eor	$s0,$s0,$i1
+	eor	$s1,$s1,$t1
+	eor	$s2,$s2,$t2
+	eor	$s3,$s3,$t3
+
+	sub	$tbl,$tbl,#2
+	ldr	pc,[sp],#4		@ pop and return
+.size	_armv4_AES_encrypt,.-_armv4_AES_encrypt
+
+.global AES_set_encrypt_key
+.type   AES_set_encrypt_key,%function
+.align	5
+AES_set_encrypt_key:
+_armv4_AES_set_encrypt_key:
+#ifndef	__thumb2__
+	sub	r3,pc,#8		@ AES_set_encrypt_key
+#else
+	adr	r3,.
+#endif
+	teq	r0,#0
+#ifdef	__thumb2__
+	itt	eq			@ Thumb2 thing, sanity check in ARM
+#endif
+	moveq	r0,#-1
+	beq	.Labrt
+	teq	r2,#0
+#ifdef	__thumb2__
+	itt	eq			@ Thumb2 thing, sanity check in ARM
+#endif
+	moveq	r0,#-1
+	beq	.Labrt
+
+	teq	r1,#128
+	beq	.Lok
+	teq	r1,#192
+	beq	.Lok
+	teq	r1,#256
+#ifdef	__thumb2__
+	itt	ne			@ Thumb2 thing, sanity check in ARM
+#endif
+	movne	r0,#-1
+	bne	.Labrt
+
+.Lok:	stmdb   sp!,{r4-r12,lr}
+	mov	$rounds,r0		@ inp
+	mov	lr,r1			@ bits
+	mov	$key,r2			@ key
+
+#if defined(__thumb2__) || defined(__APPLE__)
+	adr	$tbl,AES_Te+1024				@ Te4
+#else
+	sub	$tbl,r3,#_armv4_AES_set_encrypt_key-AES_Te-1024	@ Te4
+#endif
+
+#if __ARM_ARCH__<7
+	ldrb	$s0,[$rounds,#3]	@ load input data in endian-neutral
+	ldrb	$t1,[$rounds,#2]	@ manner...
+	ldrb	$t2,[$rounds,#1]
+	ldrb	$t3,[$rounds,#0]
+	orr	$s0,$s0,$t1,lsl#8
+	ldrb	$s1,[$rounds,#7]
+	orr	$s0,$s0,$t2,lsl#16
+	ldrb	$t1,[$rounds,#6]
+	orr	$s0,$s0,$t3,lsl#24
+	ldrb	$t2,[$rounds,#5]
+	ldrb	$t3,[$rounds,#4]
+	orr	$s1,$s1,$t1,lsl#8
+	ldrb	$s2,[$rounds,#11]
+	orr	$s1,$s1,$t2,lsl#16
+	ldrb	$t1,[$rounds,#10]
+	orr	$s1,$s1,$t3,lsl#24
+	ldrb	$t2,[$rounds,#9]
+	ldrb	$t3,[$rounds,#8]
+	orr	$s2,$s2,$t1,lsl#8
+	ldrb	$s3,[$rounds,#15]
+	orr	$s2,$s2,$t2,lsl#16
+	ldrb	$t1,[$rounds,#14]
+	orr	$s2,$s2,$t3,lsl#24
+	ldrb	$t2,[$rounds,#13]
+	ldrb	$t3,[$rounds,#12]
+	orr	$s3,$s3,$t1,lsl#8
+	str	$s0,[$key],#16
+	orr	$s3,$s3,$t2,lsl#16
+	str	$s1,[$key,#-12]
+	orr	$s3,$s3,$t3,lsl#24
+	str	$s2,[$key,#-8]
+	str	$s3,[$key,#-4]
+#else
+	ldr	$s0,[$rounds,#0]
+	ldr	$s1,[$rounds,#4]
+	ldr	$s2,[$rounds,#8]
+	ldr	$s3,[$rounds,#12]
+#ifdef __ARMEL__
+	rev	$s0,$s0
+	rev	$s1,$s1
+	rev	$s2,$s2
+	rev	$s3,$s3
+#endif
+	str	$s0,[$key],#16
+	str	$s1,[$key,#-12]
+	str	$s2,[$key,#-8]
+	str	$s3,[$key,#-4]
+#endif
+
+	teq	lr,#128
+	bne	.Lnot128
+	mov	$rounds,#10
+	str	$rounds,[$key,#240-16]
+	add	$t3,$tbl,#256			@ rcon
+	mov	lr,#255
+
+.L128_loop:
+	and	$t2,lr,$s3,lsr#24
+	and	$i1,lr,$s3,lsr#16
+	ldrb	$t2,[$tbl,$t2]
+	and	$i2,lr,$s3,lsr#8
+	ldrb	$i1,[$tbl,$i1]
+	and	$i3,lr,$s3
+	ldrb	$i2,[$tbl,$i2]
+	orr	$t2,$t2,$i1,lsl#24
+	ldrb	$i3,[$tbl,$i3]
+	orr	$t2,$t2,$i2,lsl#16
+	ldr	$t1,[$t3],#4			@ rcon[i++]
+	orr	$t2,$t2,$i3,lsl#8
+	eor	$t2,$t2,$t1
+	eor	$s0,$s0,$t2			@ rk[4]=rk[0]^...
+	eor	$s1,$s1,$s0			@ rk[5]=rk[1]^rk[4]
+	str	$s0,[$key],#16
+	eor	$s2,$s2,$s1			@ rk[6]=rk[2]^rk[5]
+	str	$s1,[$key,#-12]
+	eor	$s3,$s3,$s2			@ rk[7]=rk[3]^rk[6]
+	str	$s2,[$key,#-8]
+	subs	$rounds,$rounds,#1
+	str	$s3,[$key,#-4]
+	bne	.L128_loop
+	sub	r2,$key,#176
+	b	.Ldone
+
+.Lnot128:
+#if __ARM_ARCH__<7
+	ldrb	$i2,[$rounds,#19]
+	ldrb	$t1,[$rounds,#18]
+	ldrb	$t2,[$rounds,#17]
+	ldrb	$t3,[$rounds,#16]
+	orr	$i2,$i2,$t1,lsl#8
+	ldrb	$i3,[$rounds,#23]
+	orr	$i2,$i2,$t2,lsl#16
+	ldrb	$t1,[$rounds,#22]
+	orr	$i2,$i2,$t3,lsl#24
+	ldrb	$t2,[$rounds,#21]
+	ldrb	$t3,[$rounds,#20]
+	orr	$i3,$i3,$t1,lsl#8
+	orr	$i3,$i3,$t2,lsl#16
+	str	$i2,[$key],#8
+	orr	$i3,$i3,$t3,lsl#24
+	str	$i3,[$key,#-4]
+#else
+	ldr	$i2,[$rounds,#16]
+	ldr	$i3,[$rounds,#20]
+#ifdef __ARMEL__
+	rev	$i2,$i2
+	rev	$i3,$i3
+#endif
+	str	$i2,[$key],#8
+	str	$i3,[$key,#-4]
+#endif
+
+	teq	lr,#192
+	bne	.Lnot192
+	mov	$rounds,#12
+	str	$rounds,[$key,#240-24]
+	add	$t3,$tbl,#256			@ rcon
+	mov	lr,#255
+	mov	$rounds,#8
+
+.L192_loop:
+	and	$t2,lr,$i3,lsr#24
+	and	$i1,lr,$i3,lsr#16
+	ldrb	$t2,[$tbl,$t2]
+	and	$i2,lr,$i3,lsr#8
+	ldrb	$i1,[$tbl,$i1]
+	and	$i3,lr,$i3
+	ldrb	$i2,[$tbl,$i2]
+	orr	$t2,$t2,$i1,lsl#24
+	ldrb	$i3,[$tbl,$i3]
+	orr	$t2,$t2,$i2,lsl#16
+	ldr	$t1,[$t3],#4			@ rcon[i++]
+	orr	$t2,$t2,$i3,lsl#8
+	eor	$i3,$t2,$t1
+	eor	$s0,$s0,$i3			@ rk[6]=rk[0]^...
+	eor	$s1,$s1,$s0			@ rk[7]=rk[1]^rk[6]
+	str	$s0,[$key],#24
+	eor	$s2,$s2,$s1			@ rk[8]=rk[2]^rk[7]
+	str	$s1,[$key,#-20]
+	eor	$s3,$s3,$s2			@ rk[9]=rk[3]^rk[8]
+	str	$s2,[$key,#-16]
+	subs	$rounds,$rounds,#1
+	str	$s3,[$key,#-12]
+#ifdef	__thumb2__
+	itt	eq				@ Thumb2 thing, sanity check in ARM
+#endif
+	subeq	r2,$key,#216
+	beq	.Ldone
+
+	ldr	$i1,[$key,#-32]
+	ldr	$i2,[$key,#-28]
+	eor	$i1,$i1,$s3			@ rk[10]=rk[4]^rk[9]
+	eor	$i3,$i2,$i1			@ rk[11]=rk[5]^rk[10]
+	str	$i1,[$key,#-8]
+	str	$i3,[$key,#-4]
+	b	.L192_loop
+
+.Lnot192:
+#if __ARM_ARCH__<7
+	ldrb	$i2,[$rounds,#27]
+	ldrb	$t1,[$rounds,#26]
+	ldrb	$t2,[$rounds,#25]
+	ldrb	$t3,[$rounds,#24]
+	orr	$i2,$i2,$t1,lsl#8
+	ldrb	$i3,[$rounds,#31]
+	orr	$i2,$i2,$t2,lsl#16
+	ldrb	$t1,[$rounds,#30]
+	orr	$i2,$i2,$t3,lsl#24
+	ldrb	$t2,[$rounds,#29]
+	ldrb	$t3,[$rounds,#28]
+	orr	$i3,$i3,$t1,lsl#8
+	orr	$i3,$i3,$t2,lsl#16
+	str	$i2,[$key],#8
+	orr	$i3,$i3,$t3,lsl#24
+	str	$i3,[$key,#-4]
+#else
+	ldr	$i2,[$rounds,#24]
+	ldr	$i3,[$rounds,#28]
+#ifdef __ARMEL__
+	rev	$i2,$i2
+	rev	$i3,$i3
+#endif
+	str	$i2,[$key],#8
+	str	$i3,[$key,#-4]
+#endif
+
+	mov	$rounds,#14
+	str	$rounds,[$key,#240-32]
+	add	$t3,$tbl,#256			@ rcon
+	mov	lr,#255
+	mov	$rounds,#7
+
+.L256_loop:
+	and	$t2,lr,$i3,lsr#24
+	and	$i1,lr,$i3,lsr#16
+	ldrb	$t2,[$tbl,$t2]
+	and	$i2,lr,$i3,lsr#8
+	ldrb	$i1,[$tbl,$i1]
+	and	$i3,lr,$i3
+	ldrb	$i2,[$tbl,$i2]
+	orr	$t2,$t2,$i1,lsl#24
+	ldrb	$i3,[$tbl,$i3]
+	orr	$t2,$t2,$i2,lsl#16
+	ldr	$t1,[$t3],#4			@ rcon[i++]
+	orr	$t2,$t2,$i3,lsl#8
+	eor	$i3,$t2,$t1
+	eor	$s0,$s0,$i3			@ rk[8]=rk[0]^...
+	eor	$s1,$s1,$s0			@ rk[9]=rk[1]^rk[8]
+	str	$s0,[$key],#32
+	eor	$s2,$s2,$s1			@ rk[10]=rk[2]^rk[9]
+	str	$s1,[$key,#-28]
+	eor	$s3,$s3,$s2			@ rk[11]=rk[3]^rk[10]
+	str	$s2,[$key,#-24]
+	subs	$rounds,$rounds,#1
+	str	$s3,[$key,#-20]
+#ifdef	__thumb2__
+	itt	eq				@ Thumb2 thing, sanity check in ARM
+#endif
+	subeq	r2,$key,#256
+	beq	.Ldone
+
+	and	$t2,lr,$s3
+	and	$i1,lr,$s3,lsr#8
+	ldrb	$t2,[$tbl,$t2]
+	and	$i2,lr,$s3,lsr#16
+	ldrb	$i1,[$tbl,$i1]
+	and	$i3,lr,$s3,lsr#24
+	ldrb	$i2,[$tbl,$i2]
+	orr	$t2,$t2,$i1,lsl#8
+	ldrb	$i3,[$tbl,$i3]
+	orr	$t2,$t2,$i2,lsl#16
+	ldr	$t1,[$key,#-48]
+	orr	$t2,$t2,$i3,lsl#24
+
+	ldr	$i1,[$key,#-44]
+	ldr	$i2,[$key,#-40]
+	eor	$t1,$t1,$t2			@ rk[12]=rk[4]^...
+	ldr	$i3,[$key,#-36]
+	eor	$i1,$i1,$t1			@ rk[13]=rk[5]^rk[12]
+	str	$t1,[$key,#-16]
+	eor	$i2,$i2,$i1			@ rk[14]=rk[6]^rk[13]
+	str	$i1,[$key,#-12]
+	eor	$i3,$i3,$i2			@ rk[15]=rk[7]^rk[14]
+	str	$i2,[$key,#-8]
+	str	$i3,[$key,#-4]
+	b	.L256_loop
+
+.align	2
+.Ldone:	mov	r0,#0
+	ldmia   sp!,{r4-r12,lr}
+.Labrt:
+#if __ARM_ARCH__>=5
+	ret				@ bx lr
+#else
+	tst	lr,#1
+	moveq	pc,lr			@ be binary compatible with V4, yet
+	bx	lr			@ interoperable with Thumb ISA:-)
+#endif
+.size	AES_set_encrypt_key,.-AES_set_encrypt_key
+
+.global AES_set_decrypt_key
+.type   AES_set_decrypt_key,%function
+.align	5
+AES_set_decrypt_key:
+	str	lr,[sp,#-4]!            @ push lr
+	bl	_armv4_AES_set_encrypt_key
+	teq	r0,#0
+	ldr	lr,[sp],#4              @ pop lr
+	bne	.Labrt
+
+	mov	r0,r2			@ AES_set_encrypt_key preserves r2,
+	mov	r1,r2			@ which is AES_KEY *key
+	b	_armv4_AES_set_enc2dec_key
+.size	AES_set_decrypt_key,.-AES_set_decrypt_key
+
+@ void AES_set_enc2dec_key(const AES_KEY *inp,AES_KEY *out)
+.global	AES_set_enc2dec_key
+.type	AES_set_enc2dec_key,%function
+.align	5
+AES_set_enc2dec_key:
+_armv4_AES_set_enc2dec_key:
+	stmdb   sp!,{r4-r12,lr}
+
+	ldr	$rounds,[r0,#240]
+	mov	$i1,r0			@ input
+	add	$i2,r0,$rounds,lsl#4
+	mov	$key,r1			@ output
+	add	$tbl,r1,$rounds,lsl#4
+	str	$rounds,[r1,#240]
+
+.Linv:	ldr	$s0,[$i1],#16
+	ldr	$s1,[$i1,#-12]
+	ldr	$s2,[$i1,#-8]
+	ldr	$s3,[$i1,#-4]
+	ldr	$t1,[$i2],#-16
+	ldr	$t2,[$i2,#16+4]
+	ldr	$t3,[$i2,#16+8]
+	ldr	$i3,[$i2,#16+12]
+	str	$s0,[$tbl],#-16
+	str	$s1,[$tbl,#16+4]
+	str	$s2,[$tbl,#16+8]
+	str	$s3,[$tbl,#16+12]
+	str	$t1,[$key],#16
+	str	$t2,[$key,#-12]
+	str	$t3,[$key,#-8]
+	str	$i3,[$key,#-4]
+	teq	$i1,$i2
+	bne	.Linv
+
+	ldr	$s0,[$i1]
+	ldr	$s1,[$i1,#4]
+	ldr	$s2,[$i1,#8]
+	ldr	$s3,[$i1,#12]
+	str	$s0,[$key]
+	str	$s1,[$key,#4]
+	str	$s2,[$key,#8]
+	str	$s3,[$key,#12]
+	sub	$key,$key,$rounds,lsl#3
+___
+$mask80=$i1;
+$mask1b=$i2;
+$mask7f=$i3;
+$code.=<<___;
+	ldr	$s0,[$key,#16]!		@ prefetch tp1
+	mov	$mask80,#0x80
+	mov	$mask1b,#0x1b
+	orr	$mask80,$mask80,#0x8000
+	orr	$mask1b,$mask1b,#0x1b00
+	orr	$mask80,$mask80,$mask80,lsl#16
+	orr	$mask1b,$mask1b,$mask1b,lsl#16
+	sub	$rounds,$rounds,#1
+	mvn	$mask7f,$mask80
+	mov	$rounds,$rounds,lsl#2	@ (rounds-1)*4
+
+.Lmix:	and	$t1,$s0,$mask80
+	and	$s1,$s0,$mask7f
+	sub	$t1,$t1,$t1,lsr#7
+	and	$t1,$t1,$mask1b
+	eor	$s1,$t1,$s1,lsl#1	@ tp2
+
+	and	$t1,$s1,$mask80
+	and	$s2,$s1,$mask7f
+	sub	$t1,$t1,$t1,lsr#7
+	and	$t1,$t1,$mask1b
+	eor	$s2,$t1,$s2,lsl#1	@ tp4
+
+	and	$t1,$s2,$mask80
+	and	$s3,$s2,$mask7f
+	sub	$t1,$t1,$t1,lsr#7
+	and	$t1,$t1,$mask1b
+	eor	$s3,$t1,$s3,lsl#1	@ tp8
+
+	eor	$t1,$s1,$s2
+	eor	$t2,$s0,$s3		@ tp9
+	eor	$t1,$t1,$s3		@ tpe
+	eor	$t1,$t1,$s1,ror#24
+	eor	$t1,$t1,$t2,ror#24	@ ^= ROTATE(tpb=tp9^tp2,8)
+	eor	$t1,$t1,$s2,ror#16
+	eor	$t1,$t1,$t2,ror#16	@ ^= ROTATE(tpd=tp9^tp4,16)
+	eor	$t1,$t1,$t2,ror#8	@ ^= ROTATE(tp9,24)
+
+	ldr	$s0,[$key,#4]		@ prefetch tp1
+	str	$t1,[$key],#4
+	subs	$rounds,$rounds,#1
+	bne	.Lmix
+
+	mov	r0,#0
+#if __ARM_ARCH__>=5
+	ldmia	sp!,{r4-r12,pc}
+#else
+	ldmia   sp!,{r4-r12,lr}
+	tst	lr,#1
+	moveq	pc,lr			@ be binary compatible with V4, yet
+	bx	lr			@ interoperable with Thumb ISA:-)
+#endif
+.size	AES_set_enc2dec_key,.-AES_set_enc2dec_key
+
+.type	AES_Td,%object
+.align	5
+AES_Td:
+.word	0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96
+.word	0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393
+.word	0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25
+.word	0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f
+.word	0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1
+.word	0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6
+.word	0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da
+.word	0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844
+.word	0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd
+.word	0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4
+.word	0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45
+.word	0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94
+.word	0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7
+.word	0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a
+.word	0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5
+.word	0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c
+.word	0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1
+.word	0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a
+.word	0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75
+.word	0x0b83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051
+.word	0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46
+.word	0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff
+.word	0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77
+.word	0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb
+.word	0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000
+.word	0x09808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e
+.word	0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927
+.word	0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a
+.word	0x0c0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e
+.word	0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16
+.word	0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d
+.word	0x0e090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8
+.word	0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd
+.word	0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34
+.word	0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163
+.word	0xd731dcca, 0x42638510, 0x13972240, 0x84c61120
+.word	0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d
+.word	0x1d9e2f4b, 0xdcb230f3, 0x0d8652ec, 0x77c1e3d0
+.word	0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422
+.word	0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef
+.word	0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36
+.word	0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4
+.word	0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662
+.word	0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5
+.word	0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3
+.word	0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b
+.word	0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8
+.word	0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6
+.word	0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6
+.word	0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0
+.word	0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815
+.word	0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f
+.word	0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df
+.word	0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f
+.word	0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e
+.word	0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713
+.word	0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89
+.word	0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c
+.word	0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf
+.word	0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86
+.word	0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f
+.word	0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541
+.word	0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190
+.word	0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742
+@ Td4[256]
+.byte	0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38
+.byte	0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
+.byte	0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87
+.byte	0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
+.byte	0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d
+.byte	0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
+.byte	0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2
+.byte	0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
+.byte	0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16
+.byte	0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
+.byte	0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda
+.byte	0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
+.byte	0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a
+.byte	0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
+.byte	0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02
+.byte	0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
+.byte	0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea
+.byte	0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
+.byte	0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85
+.byte	0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
+.byte	0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89
+.byte	0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
+.byte	0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20
+.byte	0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
+.byte	0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31
+.byte	0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
+.byte	0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d
+.byte	0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
+.byte	0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0
+.byte	0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
+.byte	0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26
+.byte	0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
+.size	AES_Td,.-AES_Td
+
+@ void AES_decrypt(const unsigned char *in, unsigned char *out,
+@ 		 const AES_KEY *key) {
+.global AES_decrypt
+.type   AES_decrypt,%function
+.align	5
+AES_decrypt:
+#ifndef	__thumb2__
+	sub	r3,pc,#8		@ AES_decrypt
+#else
+	adr	r3,.
+#endif
+	stmdb   sp!,{r1,r4-r12,lr}
+#if defined(__thumb2__) || defined(__APPLE__)
+	adr	$tbl,AES_Td
+#else
+	sub	$tbl,r3,#AES_decrypt-AES_Td	@ Td
+#endif
+	mov	$rounds,r0		@ inp
+	mov	$key,r2
+#if __ARM_ARCH__<7
+	ldrb	$s0,[$rounds,#3]	@ load input data in endian-neutral
+	ldrb	$t1,[$rounds,#2]	@ manner...
+	ldrb	$t2,[$rounds,#1]
+	ldrb	$t3,[$rounds,#0]
+	orr	$s0,$s0,$t1,lsl#8
+	ldrb	$s1,[$rounds,#7]
+	orr	$s0,$s0,$t2,lsl#16
+	ldrb	$t1,[$rounds,#6]
+	orr	$s0,$s0,$t3,lsl#24
+	ldrb	$t2,[$rounds,#5]
+	ldrb	$t3,[$rounds,#4]
+	orr	$s1,$s1,$t1,lsl#8
+	ldrb	$s2,[$rounds,#11]
+	orr	$s1,$s1,$t2,lsl#16
+	ldrb	$t1,[$rounds,#10]
+	orr	$s1,$s1,$t3,lsl#24
+	ldrb	$t2,[$rounds,#9]
+	ldrb	$t3,[$rounds,#8]
+	orr	$s2,$s2,$t1,lsl#8
+	ldrb	$s3,[$rounds,#15]
+	orr	$s2,$s2,$t2,lsl#16
+	ldrb	$t1,[$rounds,#14]
+	orr	$s2,$s2,$t3,lsl#24
+	ldrb	$t2,[$rounds,#13]
+	ldrb	$t3,[$rounds,#12]
+	orr	$s3,$s3,$t1,lsl#8
+	orr	$s3,$s3,$t2,lsl#16
+	orr	$s3,$s3,$t3,lsl#24
+#else
+	ldr	$s0,[$rounds,#0]
+	ldr	$s1,[$rounds,#4]
+	ldr	$s2,[$rounds,#8]
+	ldr	$s3,[$rounds,#12]
+#ifdef __ARMEL__
+	rev	$s0,$s0
+	rev	$s1,$s1
+	rev	$s2,$s2
+	rev	$s3,$s3
+#endif
+#endif
+	bl	_armv4_AES_decrypt
+
+	ldr	$rounds,[sp],#4		@ pop out
+#if __ARM_ARCH__>=7
+#ifdef __ARMEL__
+	rev	$s0,$s0
+	rev	$s1,$s1
+	rev	$s2,$s2
+	rev	$s3,$s3
+#endif
+	str	$s0,[$rounds,#0]
+	str	$s1,[$rounds,#4]
+	str	$s2,[$rounds,#8]
+	str	$s3,[$rounds,#12]
+#else
+	mov	$t1,$s0,lsr#24		@ write output in endian-neutral
+	mov	$t2,$s0,lsr#16		@ manner...
+	mov	$t3,$s0,lsr#8
+	strb	$t1,[$rounds,#0]
+	strb	$t2,[$rounds,#1]
+	mov	$t1,$s1,lsr#24
+	strb	$t3,[$rounds,#2]
+	mov	$t2,$s1,lsr#16
+	strb	$s0,[$rounds,#3]
+	mov	$t3,$s1,lsr#8
+	strb	$t1,[$rounds,#4]
+	strb	$t2,[$rounds,#5]
+	mov	$t1,$s2,lsr#24
+	strb	$t3,[$rounds,#6]
+	mov	$t2,$s2,lsr#16
+	strb	$s1,[$rounds,#7]
+	mov	$t3,$s2,lsr#8
+	strb	$t1,[$rounds,#8]
+	strb	$t2,[$rounds,#9]
+	mov	$t1,$s3,lsr#24
+	strb	$t3,[$rounds,#10]
+	mov	$t2,$s3,lsr#16
+	strb	$s2,[$rounds,#11]
+	mov	$t3,$s3,lsr#8
+	strb	$t1,[$rounds,#12]
+	strb	$t2,[$rounds,#13]
+	strb	$t3,[$rounds,#14]
+	strb	$s3,[$rounds,#15]
+#endif
+#if __ARM_ARCH__>=5
+	ldmia	sp!,{r4-r12,pc}
+#else
+	ldmia   sp!,{r4-r12,lr}
+	tst	lr,#1
+	moveq	pc,lr			@ be binary compatible with V4, yet
+	bx	lr			@ interoperable with Thumb ISA:-)
+#endif
+.size	AES_decrypt,.-AES_decrypt
+
+.type   _armv4_AES_decrypt,%function
+.align	2
+_armv4_AES_decrypt:
+	str	lr,[sp,#-4]!		@ push lr
+	ldmia	$key!,{$t1-$i1}
+	eor	$s0,$s0,$t1
+	ldr	$rounds,[$key,#240-16]
+	eor	$s1,$s1,$t2
+	eor	$s2,$s2,$t3
+	eor	$s3,$s3,$i1
+	sub	$rounds,$rounds,#1
+	mov	lr,#255
+
+	and	$i1,lr,$s0,lsr#16
+	and	$i2,lr,$s0,lsr#8
+	and	$i3,lr,$s0
+	mov	$s0,$s0,lsr#24
+.Ldec_loop:
+	ldr	$t1,[$tbl,$i1,lsl#2]	@ Td1[s0>>16]
+	and	$i1,lr,$s1		@ i0
+	ldr	$t2,[$tbl,$i2,lsl#2]	@ Td2[s0>>8]
+	and	$i2,lr,$s1,lsr#16
+	ldr	$t3,[$tbl,$i3,lsl#2]	@ Td3[s0>>0]
+	and	$i3,lr,$s1,lsr#8
+	ldr	$s0,[$tbl,$s0,lsl#2]	@ Td0[s0>>24]
+	mov	$s1,$s1,lsr#24
+
+	ldr	$i1,[$tbl,$i1,lsl#2]	@ Td3[s1>>0]
+	ldr	$i2,[$tbl,$i2,lsl#2]	@ Td1[s1>>16]
+	ldr	$i3,[$tbl,$i3,lsl#2]	@ Td2[s1>>8]
+	eor	$s0,$s0,$i1,ror#24
+	ldr	$s1,[$tbl,$s1,lsl#2]	@ Td0[s1>>24]
+	and	$i1,lr,$s2,lsr#8	@ i0
+	eor	$t2,$i2,$t2,ror#8
+	and	$i2,lr,$s2		@ i1
+	eor	$t3,$i3,$t3,ror#8
+	and	$i3,lr,$s2,lsr#16
+	ldr	$i1,[$tbl,$i1,lsl#2]	@ Td2[s2>>8]
+	eor	$s1,$s1,$t1,ror#8
+	ldr	$i2,[$tbl,$i2,lsl#2]	@ Td3[s2>>0]
+	mov	$s2,$s2,lsr#24
+
+	ldr	$i3,[$tbl,$i3,lsl#2]	@ Td1[s2>>16]
+	eor	$s0,$s0,$i1,ror#16
+	ldr	$s2,[$tbl,$s2,lsl#2]	@ Td0[s2>>24]
+	and	$i1,lr,$s3,lsr#16	@ i0
+	eor	$s1,$s1,$i2,ror#24
+	and	$i2,lr,$s3,lsr#8	@ i1
+	eor	$t3,$i3,$t3,ror#8
+	and	$i3,lr,$s3		@ i2
+	ldr	$i1,[$tbl,$i1,lsl#2]	@ Td1[s3>>16]
+	eor	$s2,$s2,$t2,ror#8
+	ldr	$i2,[$tbl,$i2,lsl#2]	@ Td2[s3>>8]
+	mov	$s3,$s3,lsr#24
+
+	ldr	$i3,[$tbl,$i3,lsl#2]	@ Td3[s3>>0]
+	eor	$s0,$s0,$i1,ror#8
+	ldr	$i1,[$key],#16
+	eor	$s1,$s1,$i2,ror#16
+	ldr	$s3,[$tbl,$s3,lsl#2]	@ Td0[s3>>24]
+	eor	$s2,$s2,$i3,ror#24
+
+	ldr	$t1,[$key,#-12]
+	eor	$s0,$s0,$i1
+	ldr	$t2,[$key,#-8]
+	eor	$s3,$s3,$t3,ror#8
+	ldr	$t3,[$key,#-4]
+	and	$i1,lr,$s0,lsr#16
+	eor	$s1,$s1,$t1
+	and	$i2,lr,$s0,lsr#8
+	eor	$s2,$s2,$t2
+	and	$i3,lr,$s0
+	eor	$s3,$s3,$t3
+	mov	$s0,$s0,lsr#24
+
+	subs	$rounds,$rounds,#1
+	bne	.Ldec_loop
+
+	add	$tbl,$tbl,#1024
+
+	ldr	$t2,[$tbl,#0]		@ prefetch Td4
+	ldr	$t3,[$tbl,#32]
+	ldr	$t1,[$tbl,#64]
+	ldr	$t2,[$tbl,#96]
+	ldr	$t3,[$tbl,#128]
+	ldr	$t1,[$tbl,#160]
+	ldr	$t2,[$tbl,#192]
+	ldr	$t3,[$tbl,#224]
+
+	ldrb	$s0,[$tbl,$s0]		@ Td4[s0>>24]
+	ldrb	$t1,[$tbl,$i1]		@ Td4[s0>>16]
+	and	$i1,lr,$s1		@ i0
+	ldrb	$t2,[$tbl,$i2]		@ Td4[s0>>8]
+	and	$i2,lr,$s1,lsr#16
+	ldrb	$t3,[$tbl,$i3]		@ Td4[s0>>0]
+	and	$i3,lr,$s1,lsr#8
+
+	add	$s1,$tbl,$s1,lsr#24
+	ldrb	$i1,[$tbl,$i1]		@ Td4[s1>>0]
+	ldrb	$s1,[$s1]		@ Td4[s1>>24]
+	ldrb	$i2,[$tbl,$i2]		@ Td4[s1>>16]
+	eor	$s0,$i1,$s0,lsl#24
+	ldrb	$i3,[$tbl,$i3]		@ Td4[s1>>8]
+	eor	$s1,$t1,$s1,lsl#8
+	and	$i1,lr,$s2,lsr#8	@ i0
+	eor	$t2,$t2,$i2,lsl#8
+	and	$i2,lr,$s2		@ i1
+	ldrb	$i1,[$tbl,$i1]		@ Td4[s2>>8]
+	eor	$t3,$t3,$i3,lsl#8
+	ldrb	$i2,[$tbl,$i2]		@ Td4[s2>>0]
+	and	$i3,lr,$s2,lsr#16
+
+	add	$s2,$tbl,$s2,lsr#24
+	ldrb	$s2,[$s2]		@ Td4[s2>>24]
+	eor	$s0,$s0,$i1,lsl#8
+	ldrb	$i3,[$tbl,$i3]		@ Td4[s2>>16]
+	eor	$s1,$i2,$s1,lsl#16
+	and	$i1,lr,$s3,lsr#16	@ i0
+	eor	$s2,$t2,$s2,lsl#16
+	and	$i2,lr,$s3,lsr#8	@ i1
+	ldrb	$i1,[$tbl,$i1]		@ Td4[s3>>16]
+	eor	$t3,$t3,$i3,lsl#16
+	ldrb	$i2,[$tbl,$i2]		@ Td4[s3>>8]
+	and	$i3,lr,$s3		@ i2
+
+	add	$s3,$tbl,$s3,lsr#24
+	ldrb	$i3,[$tbl,$i3]		@ Td4[s3>>0]
+	ldrb	$s3,[$s3]		@ Td4[s3>>24]
+	eor	$s0,$s0,$i1,lsl#16
+	ldr	$i1,[$key,#0]
+	eor	$s1,$s1,$i2,lsl#8
+	ldr	$t1,[$key,#4]
+	eor	$s2,$i3,$s2,lsl#8
+	ldr	$t2,[$key,#8]
+	eor	$s3,$t3,$s3,lsl#24
+	ldr	$t3,[$key,#12]
+
+	eor	$s0,$s0,$i1
+	eor	$s1,$s1,$t1
+	eor	$s2,$s2,$t2
+	eor	$s3,$s3,$t3
+
+	sub	$tbl,$tbl,#1024
+	ldr	pc,[sp],#4		@ pop and return
+.size	_armv4_AES_decrypt,.-_armv4_AES_decrypt
+.asciz	"AES for ARMv4, CRYPTOGAMS by <appro\@openssl.org>"
+.align	2
+___
+
+$code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm;	# make it possible to compile with -march=armv4
+$code =~ s/\bret\b/bx\tlr/gm;
+
+open SELF,$0;
+while(<SELF>) {
+	next if (/^#!/);
+	last if (!s/^#/@/ and !/^$/);
+	print;
+}
+close SELF;
+
+print $code;
+close STDOUT;	# enforce flush
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-c64xplus.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-c64xplus.pl
new file mode 100644
index 000000000..19d2cc176
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-c64xplus.pl
@@ -0,0 +1,1382 @@
+#! /usr/bin/env perl
+# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# [Endian-neutral] AES for C64x+.
+#
+# Even though SPLOOPs are scheduled for 13 cycles, and thus expected
+# performance is ~8.5 cycles per byte processed with 128-bit key,
+# measured performance turned to be ~10 cycles per byte. Discrepancy
+# must be caused by limitations of L1D memory banking(*), see SPRU871
+# TI publication for further details. If any consolation it's still
+# ~20% faster than TI's linear assembly module anyway... Compared to
+# aes_core.c compiled with cl6x 6.0 with -mv6400+ -o2 options this
+# code is 3.75x faster and almost 3x smaller (tables included).
+#
+# (*)	This means that there might be subtle correlation between data
+#	and timing and one can wonder if it can be ... attacked:-(
+#	On the other hand this also means that *if* one chooses to
+#	implement *4* T-tables variant [instead of 1 T-table as in
+#	this implementation, or in addition to], then one ought to
+#	*interleave* them. Even though it complicates addressing,
+#	references to interleaved tables would be guaranteed not to
+#	clash. I reckon that it should be possible to break 8 cycles
+#	per byte "barrier," i.e. improve by ~20%, naturally at the
+#	cost of 8x increased pressure on L1D. 8x because you'd have
+#	to interleave both Te and Td tables...
+
+while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+open STDOUT,">$output";
+
+($TEA,$TEB)=("A5","B5");
+($KPA,$KPB)=("A3","B1");
+@K=("A6","B6","A7","B7");
+@s=("A8","B8","A9","B9");
+@Te0=@Td0=("A16","B16","A17","B17");
+@Te1=@Td1=("A18","B18","A19","B19");
+@Te2=@Td2=("A20","B20","A21","B21");
+@Te3=@Td3=("A22","B22","A23","B23");
+
+$code=<<___;
+	.text
+
+	.if	.ASSEMBLER_VERSION<7000000
+	.asg	0,__TI_EABI__
+	.endif
+	.if	__TI_EABI__
+	.nocmp
+	.asg	AES_encrypt,_AES_encrypt
+	.asg	AES_decrypt,_AES_decrypt
+	.asg	AES_set_encrypt_key,_AES_set_encrypt_key
+	.asg	AES_set_decrypt_key,_AES_set_decrypt_key
+	.asg	AES_ctr32_encrypt,_AES_ctr32_encrypt
+	.endif
+
+	.asg	B3,RA
+	.asg	A4,INP
+	.asg	B4,OUT
+	.asg	A6,KEY
+	.asg	A4,RET
+	.asg	B15,SP
+
+	.eval	24,EXT0
+	.eval	16,EXT1
+	.eval	8,EXT2
+	.eval	0,EXT3
+	.eval	8,TBL1
+	.eval	16,TBL2
+	.eval	24,TBL3
+
+	.if	.BIG_ENDIAN
+	.eval	24-EXT0,EXT0
+	.eval	24-EXT1,EXT1
+	.eval	24-EXT2,EXT2
+	.eval	24-EXT3,EXT3
+	.eval	32-TBL1,TBL1
+	.eval	32-TBL2,TBL2
+	.eval	32-TBL3,TBL3
+	.endif
+
+	.global	_AES_encrypt
+_AES_encrypt:
+	.asmfunc
+	MVK	1,B2
+__encrypt:
+	.if	__TI_EABI__
+   [B2]	LDNDW	*INP++,A9:A8			; load input
+||	MVKL	\$PCR_OFFSET(AES_Te,__encrypt),$TEA
+||	ADDKPC	__encrypt,B0
+   [B2]	LDNDW	*INP++,B9:B8
+||	MVKH	\$PCR_OFFSET(AES_Te,__encrypt),$TEA
+||	ADD	0,KEY,$KPA
+||	ADD	4,KEY,$KPB
+	.else
+   [B2]	LDNDW	*INP++,A9:A8			; load input
+||	MVKL	(AES_Te-__encrypt),$TEA
+||	ADDKPC	__encrypt,B0
+   [B2]	LDNDW	*INP++,B9:B8
+||	MVKH	(AES_Te-__encrypt),$TEA
+||	ADD	0,KEY,$KPA
+||	ADD	4,KEY,$KPB
+	.endif
+	LDW	*$KPA++[2],$Te0[0]		; zero round key
+||	LDW	*$KPB++[2],$Te0[1]
+||	MVK	60,A0
+||	ADD	B0,$TEA,$TEA			; AES_Te
+	LDW	*KEY[A0],B0			; rounds
+||	MVK	1024,A0				; sizeof(AES_Te)
+	LDW	*$KPA++[2],$Te0[2]
+||	LDW	*$KPB++[2],$Te0[3]
+||	MV	$TEA,$TEB
+	NOP
+	.if	.BIG_ENDIAN
+	MV	A9,$s[0]
+||	MV	A8,$s[1]
+||	MV	B9,$s[2]
+||	MV	B8,$s[3]
+	.else
+	MV	A8,$s[0]
+||	MV	A9,$s[1]
+||	MV	B8,$s[2]
+||	MV	B9,$s[3]
+	.endif
+	XOR	$Te0[0],$s[0],$s[0]
+||	XOR	$Te0[1],$s[1],$s[1]
+||	LDW	*$KPA++[2],$K[0]		; 1st round key
+||	LDW	*$KPB++[2],$K[1]
+	SUB	B0,2,B0
+
+	SPLOOPD	13
+||	MVC	B0,ILC
+||	LDW	*$KPA++[2],$K[2]
+||	LDW	*$KPB++[2],$K[3]
+;;====================================================================
+	EXTU	$s[1],EXT1,24,$Te1[1]
+||	EXTU	$s[0],EXT3,24,$Te3[0]
+	LDW	*${TEB}[$Te1[1]],$Te1[1]	; Te1[s1>>8],	t0
+||	LDW	*${TEA}[$Te3[0]],$Te3[0]	; Te3[s0>>24],	t1
+||	XOR	$s[2],$Te0[2],$s[2]		; modulo-scheduled
+||	XOR	$s[3],$Te0[3],$s[3]		; modulo-scheduled
+||	EXTU	$s[1],EXT3,24,$Te3[1]
+||	EXTU	$s[0],EXT1,24,$Te1[0]
+	LDW	*${TEB}[$Te3[1]],$Te3[1]	; Te3[s1>>24],	t2
+||	LDW	*${TEA}[$Te1[0]],$Te1[0]	; Te1[s0>>8],	t3
+||	EXTU	$s[2],EXT2,24,$Te2[2]
+||	EXTU	$s[3],EXT2,24,$Te2[3]
+	LDW	*${TEA}[$Te2[2]],$Te2[2]	; Te2[s2>>16],	t0
+||	LDW	*${TEB}[$Te2[3]],$Te2[3]	; Te2[s3>>16],	t1
+||	EXTU	$s[3],EXT3,24,$Te3[3]
+||	EXTU	$s[2],EXT1,24,$Te1[2]
+	LDW	*${TEB}[$Te3[3]],$Te3[3]	; Te3[s3>>24],	t0
+||	LDW	*${TEA}[$Te1[2]],$Te1[2]	; Te1[s2>>8],	t1
+||	EXTU	$s[0],EXT2,24,$Te2[0]
+||	EXTU	$s[1],EXT2,24,$Te2[1]
+	LDW	*${TEA}[$Te2[0]],$Te2[0]	; Te2[s0>>16],	t2
+||	LDW	*${TEB}[$Te2[1]],$Te2[1]	; Te2[s1>>16],	t3
+||	EXTU	$s[3],EXT1,24,$Te1[3]
+||	EXTU	$s[2],EXT3,24,$Te3[2]
+	LDW	*${TEB}[$Te1[3]],$Te1[3]	; Te1[s3>>8],	t2
+||	LDW	*${TEA}[$Te3[2]],$Te3[2]	; Te3[s2>>24],	t3
+||	ROTL	$Te1[1],TBL1,$Te3[0]		; t0
+||	ROTL	$Te3[0],TBL3,$Te1[1]		; t1
+||	EXTU	$s[0],EXT0,24,$Te0[0]
+||	EXTU	$s[1],EXT0,24,$Te0[1]
+	LDW	*${TEA}[$Te0[0]],$Te0[0]	; Te0[s0],	t0
+||	LDW	*${TEB}[$Te0[1]],$Te0[1]	; Te0[s1],	t1
+||	ROTL	$Te3[1],TBL3,$Te1[0]		; t2
+||	ROTL	$Te1[0],TBL1,$Te3[1]		; t3
+||	EXTU	$s[2],EXT0,24,$Te0[2]
+||	EXTU	$s[3],EXT0,24,$Te0[3]
+	LDW	*${TEA}[$Te0[2]],$Te0[2]	; Te0[s2],	t2
+||	LDW	*${TEB}[$Te0[3]],$Te0[3]	; Te0[s3],	t3
+||	ROTL	$Te2[2],TBL2,$Te2[2]		; t0
+||	ROTL	$Te2[3],TBL2,$Te2[3]		; t1
+||	XOR	$K[0],$Te3[0],$s[0]
+||	XOR	$K[1],$Te1[1],$s[1]
+	ROTL	$Te3[3],TBL3,$Te1[2]		; t0
+||	ROTL	$Te1[2],TBL1,$Te3[3]		; t1
+||	XOR	$K[2],$Te1[0],$s[2]
+||	XOR	$K[3],$Te3[1],$s[3]
+||	LDW	*$KPA++[2],$K[0]		; next round key
+||	LDW	*$KPB++[2],$K[1]
+	ROTL	$Te2[0],TBL2,$Te2[0]		; t2
+||	ROTL	$Te2[1],TBL2,$Te2[1]		; t3
+||	XOR	$s[0],$Te2[2],$s[0]
+||	XOR	$s[1],$Te2[3],$s[1]
+||	LDW	*$KPA++[2],$K[2]
+||	LDW	*$KPB++[2],$K[3]
+	ROTL	$Te1[3],TBL1,$Te3[2]		; t2
+||	ROTL	$Te3[2],TBL3,$Te1[3]		; t3
+||	XOR	$s[0],$Te1[2],$s[0]
+||	XOR	$s[1],$Te3[3],$s[1]
+	XOR	$s[2],$Te2[0],$s[2]
+||	XOR	$s[3],$Te2[1],$s[3]
+||	XOR	$s[0],$Te0[0],$s[0]
+||	XOR	$s[1],$Te0[1],$s[1]
+	SPKERNEL
+||	XOR.L	$s[2],$Te3[2],$s[2]
+||	XOR.L	$s[3],$Te1[3],$s[3]
+;;====================================================================
+	ADD.D	${TEA},A0,${TEA}		; point to Te4
+||	ADD.D	${TEB},A0,${TEB}
+||	EXTU	$s[1],EXT1,24,$Te1[1]
+||	EXTU	$s[0],EXT3,24,$Te3[0]
+	LDBU	*${TEB}[$Te1[1]],$Te1[1]	; Te1[s1>>8],	t0
+||	LDBU	*${TEA}[$Te3[0]],$Te3[0]	; Te3[s0>>24],	t1
+||	XOR	$s[2],$Te0[2],$s[2]		; modulo-scheduled
+||	XOR	$s[3],$Te0[3],$s[3]		; modulo-scheduled
+||	EXTU	$s[0],EXT0,24,$Te0[0]
+||	EXTU	$s[1],EXT0,24,$Te0[1]
+	LDBU	*${TEA}[$Te0[0]],$Te0[0]	; Te0[s0],	t0
+||	LDBU	*${TEB}[$Te0[1]],$Te0[1]	; Te0[s1],	t1
+||	EXTU	$s[3],EXT3,24,$Te3[3]
+||	EXTU	$s[2],EXT1,24,$Te1[2]
+	LDBU	*${TEB}[$Te3[3]],$Te3[3]	; Te3[s3>>24],	t0
+||	LDBU	*${TEA}[$Te1[2]],$Te1[2]	; Te1[s2>>8],	t1
+||	EXTU	$s[2],EXT2,24,$Te2[2]
+||	EXTU	$s[3],EXT2,24,$Te2[3]
+	LDBU	*${TEA}[$Te2[2]],$Te2[2]	; Te2[s2>>16],	t0
+||	LDBU	*${TEB}[$Te2[3]],$Te2[3]	; Te2[s3>>16],	t1
+||	EXTU	$s[1],EXT3,24,$Te3[1]
+||	EXTU	$s[0],EXT1,24,$Te1[0]
+	LDBU	*${TEB}[$Te3[1]],$Te3[1]	; Te3[s1>>24],	t2
+||	LDBU	*${TEA}[$Te1[0]],$Te1[0]	; Te1[s0>>8],	t3
+||	EXTU	$s[3],EXT1,24,$Te1[3]
+||	EXTU	$s[2],EXT3,24,$Te3[2]
+	LDBU	*${TEB}[$Te1[3]],$Te1[3]	; Te1[s3>>8],	t2
+||	LDBU	*${TEA}[$Te3[2]],$Te3[2]	; Te3[s2>>24],	t3
+||	EXTU	$s[2],EXT0,24,$Te0[2]
+||	EXTU	$s[3],EXT0,24,$Te0[3]
+	LDBU	*${TEA}[$Te0[2]],$Te0[2]	; Te0[s2],	t2
+||	LDBU	*${TEB}[$Te0[3]],$Te0[3]	; Te0[s3],	t3
+||	EXTU	$s[0],EXT2,24,$Te2[0]
+||	EXTU	$s[1],EXT2,24,$Te2[1]
+	LDBU	*${TEA}[$Te2[0]],$Te2[0]	; Te2[s0>>16],	t2
+||	LDBU	*${TEB}[$Te2[1]],$Te2[1]	; Te2[s1>>16],	t3
+
+	.if	.BIG_ENDIAN
+	PACK2	$Te0[0],$Te1[1],$Te0[0]
+||	PACK2	$Te0[1],$Te1[2],$Te0[1]
+	PACK2	$Te2[2],$Te3[3],$Te2[2]
+||	PACK2	$Te2[3],$Te3[0],$Te2[3]
+	PACKL4	$Te0[0],$Te2[2],$Te0[0]
+||	PACKL4	$Te0[1],$Te2[3],$Te0[1]
+	XOR	$K[0],$Te0[0],$Te0[0]		; s[0]
+||	XOR	$K[1],$Te0[1],$Te0[1]		; s[1]
+
+	PACK2	$Te0[2],$Te1[3],$Te0[2]
+||	PACK2	$Te0[3],$Te1[0],$Te0[3]
+	PACK2	$Te2[0],$Te3[1],$Te2[0]
+||	PACK2	$Te2[1],$Te3[2],$Te2[1]
+||	BNOP	RA
+	PACKL4	$Te0[2],$Te2[0],$Te0[2]
+||	PACKL4	$Te0[3],$Te2[1],$Te0[3]
+	XOR	$K[2],$Te0[2],$Te0[2]		; s[2]
+||	XOR	$K[3],$Te0[3],$Te0[3]		; s[3]
+
+	MV	$Te0[0],A9
+||	MV	$Te0[1],A8
+	MV	$Te0[2],B9
+||	MV	$Te0[3],B8
+|| [B2]	STNDW	A9:A8,*OUT++
+   [B2]	STNDW	B9:B8,*OUT++
+	.else
+	PACK2	$Te1[1],$Te0[0],$Te1[1]
+||	PACK2	$Te1[2],$Te0[1],$Te1[2]
+	PACK2	$Te3[3],$Te2[2],$Te3[3]
+||	PACK2	$Te3[0],$Te2[3],$Te3[0]
+	PACKL4	$Te3[3],$Te1[1],$Te1[1]
+||	PACKL4	$Te3[0],$Te1[2],$Te1[2]
+	XOR	$K[0],$Te1[1],$Te1[1]		; s[0]
+||	XOR	$K[1],$Te1[2],$Te1[2]		; s[1]
+
+	PACK2	$Te1[3],$Te0[2],$Te1[3]
+||	PACK2	$Te1[0],$Te0[3],$Te1[0]
+	PACK2	$Te3[1],$Te2[0],$Te3[1]
+||	PACK2	$Te3[2],$Te2[1],$Te3[2]
+||	BNOP	RA
+	PACKL4	$Te3[1],$Te1[3],$Te1[3]
+||	PACKL4	$Te3[2],$Te1[0],$Te1[0]
+	XOR	$K[2],$Te1[3],$Te1[3]		; s[2]
+||	XOR	$K[3],$Te1[0],$Te1[0]		; s[3]
+
+	MV	$Te1[1],A8
+||	MV	$Te1[2],A9
+	MV	$Te1[3],B8
+||	MV	$Te1[0],B9
+|| [B2]	STNDW	A9:A8,*OUT++
+   [B2]	STNDW	B9:B8,*OUT++
+	.endif
+	.endasmfunc
+
+	.global	_AES_decrypt
+_AES_decrypt:
+	.asmfunc
+	MVK	1,B2
+__decrypt:
+	.if	__TI_EABI__
+   [B2]	LDNDW	*INP++,A9:A8			; load input
+||	MVKL	\$PCR_OFFSET(AES_Td,__decrypt),$TEA
+||	ADDKPC	__decrypt,B0
+   [B2]	LDNDW	*INP++,B9:B8
+||	MVKH	\$PCR_OFFSET(AES_Td,__decrypt),$TEA
+||	ADD	0,KEY,$KPA
+||	ADD	4,KEY,$KPB
+	.else
+   [B2]	LDNDW	*INP++,A9:A8			; load input
+||	MVKL	(AES_Td-__decrypt),$TEA
+||	ADDKPC	__decrypt,B0
+   [B2]	LDNDW	*INP++,B9:B8
+||	MVKH	(AES_Td-__decrypt),$TEA
+||	ADD	0,KEY,$KPA
+||	ADD	4,KEY,$KPB
+	.endif
+	LDW	*$KPA++[2],$Td0[0]		; zero round key
+||	LDW	*$KPB++[2],$Td0[1]
+||	MVK	60,A0
+||	ADD	B0,$TEA,$TEA			; AES_Td
+	LDW	*KEY[A0],B0			; rounds
+||	MVK	1024,A0				; sizeof(AES_Td)
+	LDW	*$KPA++[2],$Td0[2]
+||	LDW	*$KPB++[2],$Td0[3]
+||	MV	$TEA,$TEB
+	NOP
+	.if	.BIG_ENDIAN
+	MV	A9,$s[0]
+||	MV	A8,$s[1]
+||	MV	B9,$s[2]
+||	MV	B8,$s[3]
+	.else
+	MV	A8,$s[0]
+||	MV	A9,$s[1]
+||	MV	B8,$s[2]
+||	MV	B9,$s[3]
+	.endif
+	XOR	$Td0[0],$s[0],$s[0]
+||	XOR	$Td0[1],$s[1],$s[1]
+||	LDW	*$KPA++[2],$K[0]		; 1st round key
+||	LDW	*$KPB++[2],$K[1]
+	SUB	B0,2,B0
+
+	SPLOOPD	13
+||	MVC	B0,ILC
+||	LDW	*$KPA++[2],$K[2]
+||	LDW	*$KPB++[2],$K[3]
+;;====================================================================
+	EXTU	$s[1],EXT3,24,$Td3[1]
+||	EXTU	$s[0],EXT1,24,$Td1[0]
+	LDW	*${TEB}[$Td3[1]],$Td3[1]	; Td3[s1>>24],	t0
+||	LDW	*${TEA}[$Td1[0]],$Td1[0]	; Td1[s0>>8],	t1
+||	XOR	$s[2],$Td0[2],$s[2]		; modulo-scheduled
+||	XOR	$s[3],$Td0[3],$s[3]		; modulo-scheduled
+||	EXTU	$s[1],EXT1,24,$Td1[1]
+||	EXTU	$s[0],EXT3,24,$Td3[0]
+	LDW	*${TEB}[$Td1[1]],$Td1[1]	; Td1[s1>>8],	t2
+||	LDW	*${TEA}[$Td3[0]],$Td3[0]	; Td3[s0>>24],	t3
+||	EXTU	$s[2],EXT2,24,$Td2[2]
+||	EXTU	$s[3],EXT2,24,$Td2[3]
+	LDW	*${TEA}[$Td2[2]],$Td2[2]	; Td2[s2>>16],	t0
+||	LDW	*${TEB}[$Td2[3]],$Td2[3]	; Td2[s3>>16],	t1
+||	EXTU	$s[3],EXT1,24,$Td1[3]
+||	EXTU	$s[2],EXT3,24,$Td3[2]
+	LDW	*${TEB}[$Td1[3]],$Td1[3]	; Td1[s3>>8],	t0
+||	LDW	*${TEA}[$Td3[2]],$Td3[2]	; Td3[s2>>24],	t1
+||	EXTU	$s[0],EXT2,24,$Td2[0]
+||	EXTU	$s[1],EXT2,24,$Td2[1]
+	LDW	*${TEA}[$Td2[0]],$Td2[0]	; Td2[s0>>16],	t2
+||	LDW	*${TEB}[$Td2[1]],$Td2[1]	; Td2[s1>>16],	t3
+||	EXTU	$s[3],EXT3,24,$Td3[3]
+||	EXTU	$s[2],EXT1,24,$Td1[2]
+	LDW	*${TEB}[$Td3[3]],$Td3[3]	; Td3[s3>>24],	t2
+||	LDW	*${TEA}[$Td1[2]],$Td1[2]	; Td1[s2>>8],	t3
+||	ROTL	$Td3[1],TBL3,$Td1[0]		; t0
+||	ROTL	$Td1[0],TBL1,$Td3[1]		; t1
+||	EXTU	$s[0],EXT0,24,$Td0[0]
+||	EXTU	$s[1],EXT0,24,$Td0[1]
+	LDW	*${TEA}[$Td0[0]],$Td0[0]	; Td0[s0],	t0
+||	LDW	*${TEB}[$Td0[1]],$Td0[1]	; Td0[s1],	t1
+||	ROTL	$Td1[1],TBL1,$Td3[0]		; t2
+||	ROTL	$Td3[0],TBL3,$Td1[1]		; t3
+||	EXTU	$s[2],EXT0,24,$Td0[2]
+||	EXTU	$s[3],EXT0,24,$Td0[3]
+	LDW	*${TEA}[$Td0[2]],$Td0[2]	; Td0[s2],	t2
+||	LDW	*${TEB}[$Td0[3]],$Td0[3]	; Td0[s3],	t3
+||	ROTL	$Td2[2],TBL2,$Td2[2]		; t0
+||	ROTL	$Td2[3],TBL2,$Td2[3]		; t1
+||	XOR	$K[0],$Td1[0],$s[0]
+||	XOR	$K[1],$Td3[1],$s[1]
+	ROTL	$Td1[3],TBL1,$Td3[2]		; t0
+||	ROTL	$Td3[2],TBL3,$Td1[3]		; t1
+||	XOR	$K[2],$Td3[0],$s[2]
+||	XOR	$K[3],$Td1[1],$s[3]
+||	LDW	*$KPA++[2],$K[0]		; next round key
+||	LDW	*$KPB++[2],$K[1]
+	ROTL	$Td2[0],TBL2,$Td2[0]		; t2
+||	ROTL	$Td2[1],TBL2,$Td2[1]		; t3
+||	XOR	$s[0],$Td2[2],$s[0]
+||	XOR	$s[1],$Td2[3],$s[1]
+||	LDW	*$KPA++[2],$K[2]
+||	LDW	*$KPB++[2],$K[3]
+	ROTL	$Td3[3],TBL3,$Td1[2]		; t2
+||	ROTL	$Td1[2],TBL1,$Td3[3]		; t3
+||	XOR	$s[0],$Td3[2],$s[0]
+||	XOR	$s[1],$Td1[3],$s[1]
+	XOR	$s[2],$Td2[0],$s[2]
+||	XOR	$s[3],$Td2[1],$s[3]
+||	XOR	$s[0],$Td0[0],$s[0]
+||	XOR	$s[1],$Td0[1],$s[1]
+	SPKERNEL
+||	XOR.L	$s[2],$Td1[2],$s[2]
+||	XOR.L	$s[3],$Td3[3],$s[3]
+;;====================================================================
+	ADD.D	${TEA},A0,${TEA}		; point to Td4
+||	ADD.D	${TEB},A0,${TEB}
+||	EXTU	$s[1],EXT3,24,$Td3[1]
+||	EXTU	$s[0],EXT1,24,$Td1[0]
+	LDBU	*${TEB}[$Td3[1]],$Td3[1]	; Td3[s1>>24],	t0
+||	LDBU	*${TEA}[$Td1[0]],$Td1[0]	; Td1[s0>>8],	t1
+||	XOR	$s[2],$Td0[2],$s[2]		; modulo-scheduled
+||	XOR	$s[3],$Td0[3],$s[3]		; modulo-scheduled
+||	EXTU	$s[0],EXT0,24,$Td0[0]
+||	EXTU	$s[1],EXT0,24,$Td0[1]
+	LDBU	*${TEA}[$Td0[0]],$Td0[0]	; Td0[s0],	t0
+||	LDBU	*${TEB}[$Td0[1]],$Td0[1]	; Td0[s1],	t1
+||	EXTU	$s[2],EXT2,24,$Td2[2]
+||	EXTU	$s[3],EXT2,24,$Td2[3]
+	LDBU	*${TEA}[$Td2[2]],$Td2[2]	; Td2[s2>>16],	t0
+||	LDBU	*${TEB}[$Td2[3]],$Td2[3]	; Td2[s3>>16],	t1
+||	EXTU	$s[3],EXT1,24,$Td1[3]
+||	EXTU	$s[2],EXT3,24,$Td3[2]
+	LDBU	*${TEB}[$Td1[3]],$Td1[3]	; Td1[s3>>8],	t0
+||	LDBU	*${TEA}[$Td3[2]],$Td3[2]	; Td3[s2>>24],	t1
+||	EXTU	$s[1],EXT1,24,$Td1[1]
+||	EXTU	$s[0],EXT3,24,$Td3[0]
+	LDBU	*${TEB}[$Td1[1]],$Td1[1]	; Td1[s1>>8],	t2
+||	LDBU	*${TEA}[$Td3[0]],$Td3[0]	; Td3[s0>>24],	t3
+||	EXTU	$s[0],EXT2,24,$Td2[0]
+||	EXTU	$s[1],EXT2,24,$Td2[1]
+	LDBU	*${TEA}[$Td2[0]],$Td2[0]	; Td2[s0>>16],	t2
+||	LDBU	*${TEB}[$Td2[1]],$Td2[1]	; Td2[s1>>16],	t3
+||	EXTU	$s[3],EXT3,24,$Td3[3]
+||	EXTU	$s[2],EXT1,24,$Td1[2]
+	LDBU	*${TEB}[$Td3[3]],$Td3[3]	; Td3[s3>>24],	t2
+||	LDBU	*${TEA}[$Td1[2]],$Td1[2]	; Td1[s2>>8],	t3
+||	EXTU	$s[2],EXT0,24,$Td0[2]
+||	EXTU	$s[3],EXT0,24,$Td0[3]
+	LDBU	*${TEA}[$Td0[2]],$Td0[2]	; Td0[s2],	t2
+||	LDBU	*${TEB}[$Td0[3]],$Td0[3]	; Td0[s3],	t3
+
+	.if	.BIG_ENDIAN
+	PACK2	$Td0[0],$Td1[3],$Td0[0]
+||	PACK2	$Td0[1],$Td1[0],$Td0[1]
+	PACK2	$Td2[2],$Td3[1],$Td2[2]
+||	PACK2	$Td2[3],$Td3[2],$Td2[3]
+	PACKL4	$Td0[0],$Td2[2],$Td0[0]
+||	PACKL4	$Td0[1],$Td2[3],$Td0[1]
+	XOR	$K[0],$Td0[0],$Td0[0]		; s[0]
+||	XOR	$K[1],$Td0[1],$Td0[1]		; s[1]
+
+	PACK2	$Td0[2],$Td1[1],$Td0[2]
+||	PACK2	$Td0[3],$Td1[2],$Td0[3]
+	PACK2	$Td2[0],$Td3[3],$Td2[0]
+||	PACK2	$Td2[1],$Td3[0],$Td2[1]
+||	BNOP	RA
+	PACKL4	$Td0[2],$Td2[0],$Td0[2]
+||	PACKL4	$Td0[3],$Td2[1],$Td0[3]
+	XOR	$K[2],$Td0[2],$Td0[2]		; s[2]
+||	XOR	$K[3],$Td0[3],$Td0[3]		; s[3]
+
+	MV	$Td0[0],A9
+||	MV	$Td0[1],A8
+	MV	$Td0[2],B9
+||	MV	$Td0[3],B8
+|| [B2]	STNDW	A9:A8,*OUT++
+   [B2]	STNDW	B9:B8,*OUT++
+	.else
+	PACK2	$Td1[3],$Td0[0],$Td1[3]
+||	PACK2	$Td1[0],$Td0[1],$Td1[0]
+	PACK2	$Td3[1],$Td2[2],$Td3[1]
+||	PACK2	$Td3[2],$Td2[3],$Td3[2]
+	PACKL4	$Td3[1],$Td1[3],$Td1[3]
+||	PACKL4	$Td3[2],$Td1[0],$Td1[0]
+	XOR	$K[0],$Td1[3],$Td1[3]		; s[0]
+||	XOR	$K[1],$Td1[0],$Td1[0]		; s[1]
+
+	PACK2	$Td1[1],$Td0[2],$Td1[1]
+||	PACK2	$Td1[2],$Td0[3],$Td1[2]
+	PACK2	$Td3[3],$Td2[0],$Td3[3]
+||	PACK2	$Td3[0],$Td2[1],$Td3[0]
+||	BNOP	RA
+	PACKL4	$Td3[3],$Td1[1],$Td1[1]
+||	PACKL4	$Td3[0],$Td1[2],$Td1[2]
+	XOR	$K[2],$Td1[1],$Td1[1]		; s[2]
+||	XOR	$K[3],$Td1[2],$Td1[2]		; s[3]
+
+	MV	$Td1[3],A8
+||	MV	$Td1[0],A9
+	MV	$Td1[1],B8
+||	MV	$Td1[2],B9
+|| [B2]	STNDW	A9:A8,*OUT++
+   [B2]	STNDW	B9:B8,*OUT++
+	.endif
+	.endasmfunc
+___
+{
+my @K=(@K,@s);			# extended key
+my @Te4=map("B$_",(16..19));
+
+my @Kx9=@Te0;			# used in AES_set_decrypt_key
+my @KxB=@Te1;
+my @KxD=@Te2;
+my @KxE=@Te3;
+
+$code.=<<___;
+	.asg	OUT,BITS
+
+	.global	_AES_set_encrypt_key
+_AES_set_encrypt_key:
+__set_encrypt_key:
+	.asmfunc
+	MV	INP,A0
+||	SHRU	BITS,5,BITS			; 128-192-256 -> 4-6-8
+||	MV	KEY,A1
+  [!A0]	B	RA
+||[!A0]	MVK	-1,RET
+||[!A0]	MVK	1,A1				; only one B RA
+  [!A1]	B	RA
+||[!A1]	MVK	-1,RET
+||[!A1]	MVK	0,A0
+||	MVK	0,B0
+||	MVK	0,A1
+   [A0]	LDNDW	*INP++,A9:A8
+|| [A0]	CMPEQ	4,BITS,B0
+|| [A0]	CMPLT	3,BITS,A1
+   [B0]	B	key128?
+|| [A1]	LDNDW	*INP++,B9:B8
+|| [A0]	CMPEQ	6,BITS,B0
+|| [A0]	CMPLT	5,BITS,A1
+   [B0]	B	key192?
+|| [A1]	LDNDW	*INP++,B17:B16
+|| [A0]	CMPEQ	8,BITS,B0
+|| [A0]	CMPLT	7,BITS,A1
+   [B0]	B	key256?
+|| [A1]	LDNDW	*INP++,B19:B18
+
+	.if	__TI_EABI__
+   [A0]	ADD	0,KEY,$KPA
+|| [A0]	ADD	4,KEY,$KPB
+|| [A0]	MVKL	\$PCR_OFFSET(AES_Te4,__set_encrypt_key),$TEA
+|| [A0]	ADDKPC	__set_encrypt_key,B6
+   [A0]	MVKH	\$PCR_OFFSET(AES_Te4,__set_encrypt_key),$TEA
+   [A0]	ADD	B6,$TEA,$TEA			; AES_Te4
+	.else
+   [A0]	ADD	0,KEY,$KPA
+|| [A0]	ADD	4,KEY,$KPB
+|| [A0]	MVKL	(AES_Te4-__set_encrypt_key),$TEA
+|| [A0]	ADDKPC	__set_encrypt_key,B6
+   [A0]	MVKH	(AES_Te4-__set_encrypt_key),$TEA
+   [A0]	ADD	B6,$TEA,$TEA			; AES_Te4
+	.endif
+	NOP
+	NOP
+
+	BNOP	RA,5
+||	MVK	-2,RET				; unknown bit length
+||	MVK	0,B0				; redundant
+;;====================================================================
+;;====================================================================
+key128?:
+	.if	.BIG_ENDIAN
+	MV	A9,$K[0]
+||	MV	A8,$K[1]
+||	MV	B9,$Te4[2]
+||	MV	B8,$K[3]
+	.else
+	MV	A8,$K[0]
+||	MV	A9,$K[1]
+||	MV	B8,$Te4[2]
+||	MV	B9,$K[3]
+	.endif
+
+	MVK	256,A0
+||	MVK	9,B0
+
+	SPLOOPD	14
+||	MVC	B0,ILC
+||	MV	$TEA,$TEB
+||	ADD	$TEA,A0,A30			; rcon
+;;====================================================================
+	LDW	*A30++[1],A31			; rcon[i]
+||	MV	$Te4[2],$K[2]
+||	EXTU	$K[3],EXT1,24,$Te4[0]
+	LDBU	*${TEB}[$Te4[0]],$Te4[0]
+||	MV	$K[3],A0
+||	EXTU	$K[3],EXT2,24,$Te4[1]
+	LDBU	*${TEB}[$Te4[1]],$Te4[1]
+||	EXTU	A0,EXT3,24,A0
+||	EXTU	$K[3],EXT0,24,$Te4[3]
+	.if	.BIG_ENDIAN
+	LDBU	*${TEA}[A0],$Te4[3]
+||	LDBU	*${TEB}[$Te4[3]],A0
+	.else
+	LDBU	*${TEA}[A0],A0
+||	LDBU	*${TEB}[$Te4[3]],$Te4[3]
+	.endif
+
+	STW	$K[0],*$KPA++[2]
+||	STW	$K[1],*$KPB++[2]
+	STW	$K[2],*$KPA++[2]
+||	STW	$K[3],*$KPB++[2]
+
+	XOR	A31,$K[0],$K[0]			; ^=rcon[i]
+	.if	.BIG_ENDIAN
+	PACK2	$Te4[0],$Te4[1],$Te4[1]
+	PACK2	$Te4[3],A0,$Te4[3]
+	PACKL4	$Te4[1],$Te4[3],$Te4[3]
+	.else
+	PACK2	$Te4[1],$Te4[0],$Te4[1]
+	PACK2	$Te4[3],A0,$Te4[3]
+	PACKL4	$Te4[3],$Te4[1],$Te4[3]
+	.endif
+	XOR	$Te4[3],$K[0],$Te4[0]		; K[0]
+	XOR	$Te4[0],$K[1],$K[1]		; K[1]
+	MV	$Te4[0],$K[0]
+||	XOR	$K[1],$K[2],$Te4[2]		; K[2]
+	XOR	$Te4[2],$K[3],$K[3]		; K[3]
+	SPKERNEL
+;;====================================================================
+	BNOP	RA
+	MV	$Te4[2],$K[2]
+||	STW	$K[0],*$KPA++[2]
+||	STW	$K[1],*$KPB++[2]
+	STW	$K[2],*$KPA++[2]
+||	STW	$K[3],*$KPB++[2]
+	MVK	10,B0				; rounds
+	STW	B0,*++${KPB}[15]
+	MVK	0,RET
+;;====================================================================
+;;====================================================================
+key192?:
+	.if	.BIG_ENDIAN
+	MV	A9,$K[0]
+||	MV	A8,$K[1]
+||	MV	B9,$K[2]
+||	MV	B8,$K[3]
+	MV	B17,$Te4[2]
+||	MV	B16,$K[5]
+	.else
+	MV	A8,$K[0]
+||	MV	A9,$K[1]
+||	MV	B8,$K[2]
+||	MV	B9,$K[3]
+	MV	B16,$Te4[2]
+||	MV	B17,$K[5]
+	.endif
+
+	MVK	256,A0
+||	MVK	6,B0
+	MV	$TEA,$TEB
+||	ADD	$TEA,A0,A30			; rcon
+;;====================================================================
+loop192?:
+	LDW	*A30++[1],A31			; rcon[i]
+||	MV	$Te4[2],$K[4]
+||	EXTU	$K[5],EXT1,24,$Te4[0]
+	LDBU	*${TEB}[$Te4[0]],$Te4[0]
+||	MV	$K[5],A0
+||	EXTU	$K[5],EXT2,24,$Te4[1]
+	LDBU	*${TEB}[$Te4[1]],$Te4[1]
+||	EXTU	A0,EXT3,24,A0
+||	EXTU	$K[5],EXT0,24,$Te4[3]
+	.if	.BIG_ENDIAN
+	LDBU	*${TEA}[A0],$Te4[3]
+||	LDBU	*${TEB}[$Te4[3]],A0
+	.else
+	LDBU	*${TEA}[A0],A0
+||	LDBU	*${TEB}[$Te4[3]],$Te4[3]
+	.endif
+
+	STW	$K[0],*$KPA++[2]
+||	STW	$K[1],*$KPB++[2]
+	STW	$K[2],*$KPA++[2]
+||	STW	$K[3],*$KPB++[2]
+	STW	$K[4],*$KPA++[2]
+||	STW	$K[5],*$KPB++[2]
+
+	XOR	A31,$K[0],$K[0]			; ^=rcon[i]
+	.if	.BIG_ENDIAN
+	PACK2	$Te4[0],$Te4[1],$Te4[1]
+||	PACK2	$Te4[3],A0,$Te4[3]
+	PACKL4	$Te4[1],$Te4[3],$Te4[3]
+	.else
+	PACK2	$Te4[1],$Te4[0],$Te4[1]
+||	PACK2	$Te4[3],A0,$Te4[3]
+	PACKL4	$Te4[3],$Te4[1],$Te4[3]
+	.endif
+	BDEC	loop192?,B0
+||	XOR	$Te4[3],$K[0],$Te4[0]		; K[0]
+	XOR	$Te4[0],$K[1],$K[1]		; K[1]
+	MV	$Te4[0],$K[0]
+||	XOR	$K[1],$K[2],$Te4[2]		; K[2]
+	XOR	$Te4[2],$K[3],$K[3]		; K[3]
+	MV	$Te4[2],$K[2]
+||	XOR	$K[3],$K[4],$Te4[2]		; K[4]
+	XOR	$Te4[2],$K[5],$K[5]		; K[5]
+;;====================================================================
+	BNOP	RA
+	STW	$K[0],*$KPA++[2]
+||	STW	$K[1],*$KPB++[2]
+	STW	$K[2],*$KPA++[2]
+||	STW	$K[3],*$KPB++[2]
+	MVK	12,B0				; rounds
+	STW	B0,*++${KPB}[7]
+	MVK	0,RET
+;;====================================================================
+;;====================================================================
+key256?:
+	.if	.BIG_ENDIAN
+	MV	A9,$K[0]
+||	MV	A8,$K[1]
+||	MV	B9,$K[2]
+||	MV	B8,$K[3]
+	MV	B17,$K[4]
+||	MV	B16,$K[5]
+||	MV	B19,$Te4[2]
+||	MV	B18,$K[7]
+	.else
+	MV	A8,$K[0]
+||	MV	A9,$K[1]
+||	MV	B8,$K[2]
+||	MV	B9,$K[3]
+	MV	B16,$K[4]
+||	MV	B17,$K[5]
+||	MV	B18,$Te4[2]
+||	MV	B19,$K[7]
+	.endif
+
+	MVK	256,A0
+||	MVK	6,B0
+	MV	$TEA,$TEB
+||	ADD	$TEA,A0,A30			; rcon
+;;====================================================================
+loop256?:
+	LDW	*A30++[1],A31			; rcon[i]
+||	MV	$Te4[2],$K[6]
+||	EXTU	$K[7],EXT1,24,$Te4[0]
+	LDBU	*${TEB}[$Te4[0]],$Te4[0]
+||	MV	$K[7],A0
+||	EXTU	$K[7],EXT2,24,$Te4[1]
+	LDBU	*${TEB}[$Te4[1]],$Te4[1]
+||	EXTU	A0,EXT3,24,A0
+||	EXTU	$K[7],EXT0,24,$Te4[3]
+	.if	.BIG_ENDIAN
+	LDBU	*${TEA}[A0],$Te4[3]
+||	LDBU	*${TEB}[$Te4[3]],A0
+	.else
+	LDBU	*${TEA}[A0],A0
+||	LDBU	*${TEB}[$Te4[3]],$Te4[3]
+	.endif
+
+	STW	$K[0],*$KPA++[2]
+||	STW	$K[1],*$KPB++[2]
+	STW	$K[2],*$KPA++[2]
+||	STW	$K[3],*$KPB++[2]
+	STW	$K[4],*$KPA++[2]
+||	STW	$K[5],*$KPB++[2]
+	STW	$K[6],*$KPA++[2]
+||	STW	$K[7],*$KPB++[2]
+||	XOR	A31,$K[0],$K[0]			; ^=rcon[i]
+	.if	.BIG_ENDIAN
+	PACK2	$Te4[0],$Te4[1],$Te4[1]
+||	PACK2	$Te4[3],A0,$Te4[3]
+	PACKL4	$Te4[1],$Te4[3],$Te4[3]
+||[!B0]	B	done256?
+	.else
+	PACK2	$Te4[1],$Te4[0],$Te4[1]
+||	PACK2	$Te4[3],A0,$Te4[3]
+	PACKL4	$Te4[3],$Te4[1],$Te4[3]
+||[!B0]	B	done256?
+	.endif
+	XOR	$Te4[3],$K[0],$Te4[0]		; K[0]
+	XOR	$Te4[0],$K[1],$K[1]		; K[1]
+	MV	$Te4[0],$K[0]
+||	XOR	$K[1],$K[2],$Te4[2]		; K[2]
+	XOR	$Te4[2],$K[3],$K[3]		; K[3]
+
+	MV	$Te4[2],$K[2]
+|| [B0]	EXTU	$K[3],EXT0,24,$Te4[0]
+|| [B0]	SUB	B0,1,B0
+	LDBU	*${TEB}[$Te4[0]],$Te4[0]
+||	MV	$K[3],A0
+||	EXTU	$K[3],EXT1,24,$Te4[1]
+	LDBU	*${TEB}[$Te4[1]],$Te4[1]
+||	EXTU	A0,EXT2,24,A0
+||	EXTU	$K[3],EXT3,24,$Te4[3]
+
+	.if	.BIG_ENDIAN
+	LDBU	*${TEA}[A0],$Te4[3]
+||	LDBU	*${TEB}[$Te4[3]],A0
+	NOP	3
+	PACK2	$Te4[0],$Te4[1],$Te4[1]
+	PACK2	$Te4[3],A0,$Te4[3]
+||	B	loop256?
+	PACKL4	$Te4[1],$Te4[3],$Te4[3]
+	.else
+	LDBU	*${TEA}[A0],A0
+||	LDBU	*${TEB}[$Te4[3]],$Te4[3]
+	NOP	3
+	PACK2	$Te4[1],$Te4[0],$Te4[1]
+	PACK2	$Te4[3],A0,$Te4[3]
+||	B	loop256?
+	PACKL4	$Te4[3],$Te4[1],$Te4[3]
+	.endif
+
+	XOR	$Te4[3],$K[4],$Te4[0]		; K[4]
+	XOR	$Te4[0],$K[5],$K[5]		; K[5]
+	MV	$Te4[0],$K[4]
+||	XOR	$K[5],$K[6],$Te4[2]		; K[6]
+	XOR	$Te4[2],$K[7],$K[7]		; K[7]
+;;====================================================================
+done256?:
+	BNOP	RA
+	STW	$K[0],*$KPA++[2]
+||	STW	$K[1],*$KPB++[2]
+	STW	$K[2],*$KPA++[2]
+||	STW	$K[3],*$KPB++[2]
+	MVK	14,B0				; rounds
+	STW	B0,*--${KPB}[1]
+	MVK	0,RET
+	.endasmfunc
+
+	.global	_AES_set_decrypt_key
+_AES_set_decrypt_key:
+	.asmfunc
+	B	__set_encrypt_key		; guarantee local call
+	MV	KEY,B30				; B30 is not modified
+	MV	RA, B31				; B31 is not modified
+	ADDKPC	ret?,RA,2
+ret?:						; B0 holds rounds or zero
+  [!B0]	BNOP	B31				; return if zero
+   [B0]	SHL	B0,4,A0				; offset to last round key
+   [B0]	SHRU	B0,1,B1
+   [B0]	SUB	B1,1,B1
+   [B0]	MVK	0x0000001B,B3			; AES polynomial
+   [B0]	MVKH	0x07000000,B3
+
+	SPLOOPD	9				; flip round keys
+||	MVC	B1,ILC
+||	MV	B30,$KPA
+||	ADD	B30,A0,$KPB
+||	MVK	16,A0				; sizeof(round key)
+;;====================================================================
+	LDW	*${KPA}[0],A16
+||	LDW	*${KPB}[0],B16
+	LDW	*${KPA}[1],A17
+||	LDW	*${KPB}[1],B17
+	LDW	*${KPA}[2],A18
+||	LDW	*${KPB}[2],B18
+	LDW	*${KPA}[3],A19
+||	ADD	$KPA,A0,$KPA
+||	LDW	*${KPB}[3],B19
+||	SUB	$KPB,A0,$KPB
+	NOP
+	STW	B16,*${KPA}[-4]
+||	STW	A16,*${KPB}[4]
+	STW	B17,*${KPA}[-3]
+||	STW	A17,*${KPB}[5]
+	STW	B18,*${KPA}[-2]
+||	STW	A18,*${KPB}[6]
+	STW	B19,*${KPA}[-1]
+||	STW	A19,*${KPB}[7]
+	SPKERNEL
+;;====================================================================
+	SUB	B0,1,B0				; skip last round
+||	ADD	B30,A0,$KPA			; skip first round
+||	ADD	B30,A0,$KPB
+||	MVC	GFPGFR,B30			; save GFPGFR
+	LDW	*${KPA}[0],$K[0]
+||	LDW	*${KPB}[1],$K[1]
+||	MVC	B3,GFPGFR
+	LDW	*${KPA}[2],$K[2]
+||	LDW	*${KPB}[3],$K[3]
+	MVK	0x00000909,A24
+||	MVK	0x00000B0B,B24
+	MVKH	0x09090000,A24
+||	MVKH	0x0B0B0000,B24
+	MVC	B0,ILC
+||	SUB	B0,1,B0
+
+	GMPY4	$K[0],A24,$Kx9[0]		; ·0x09
+||	GMPY4	$K[1],A24,$Kx9[1]
+||	MVK	0x00000D0D,A25
+||	MVK	0x00000E0E,B25
+	GMPY4	$K[2],A24,$Kx9[2]
+||	GMPY4	$K[3],A24,$Kx9[3]
+||	MVKH	0x0D0D0000,A25
+||	MVKH	0x0E0E0000,B25
+
+	GMPY4	$K[0],B24,$KxB[0]		; ·0x0B
+||	GMPY4	$K[1],B24,$KxB[1]
+	GMPY4	$K[2],B24,$KxB[2]
+||	GMPY4	$K[3],B24,$KxB[3]
+
+	SPLOOP	11				; InvMixColumns
+;;====================================================================
+	GMPY4	$K[0],A25,$KxD[0]		; ·0x0D
+||	GMPY4	$K[1],A25,$KxD[1]
+||	SWAP2	$Kx9[0],$Kx9[0]			; rotate by 16
+||	SWAP2	$Kx9[1],$Kx9[1]
+||	MV	$K[0],$s[0]			; this or DINT
+||	MV	$K[1],$s[1]
+|| [B0]	LDW	*${KPA}[4],$K[0]
+|| [B0]	LDW	*${KPB}[5],$K[1]
+	GMPY4	$K[2],A25,$KxD[2]
+||	GMPY4	$K[3],A25,$KxD[3]
+||	SWAP2	$Kx9[2],$Kx9[2]
+||	SWAP2	$Kx9[3],$Kx9[3]
+||	MV	$K[2],$s[2]
+||	MV	$K[3],$s[3]
+|| [B0]	LDW	*${KPA}[6],$K[2]
+|| [B0]	LDW	*${KPB}[7],$K[3]
+
+	GMPY4	$s[0],B25,$KxE[0]		; ·0x0E
+||	GMPY4	$s[1],B25,$KxE[1]
+||	XOR	$Kx9[0],$KxB[0],$KxB[0]
+||	XOR	$Kx9[1],$KxB[1],$KxB[1]
+	GMPY4	$s[2],B25,$KxE[2]
+||	GMPY4	$s[3],B25,$KxE[3]
+||	XOR	$Kx9[2],$KxB[2],$KxB[2]
+||	XOR	$Kx9[3],$KxB[3],$KxB[3]
+
+	ROTL	$KxB[0],TBL3,$KxB[0]
+||	ROTL	$KxB[1],TBL3,$KxB[1]
+||	SWAP2	$KxD[0],$KxD[0]			; rotate by 16
+||	SWAP2	$KxD[1],$KxD[1]
+	ROTL	$KxB[2],TBL3,$KxB[2]
+||	ROTL	$KxB[3],TBL3,$KxB[3]
+||	SWAP2	$KxD[2],$KxD[2]
+||	SWAP2	$KxD[3],$KxD[3]
+
+	XOR	$KxE[0],$KxD[0],$KxE[0]
+||	XOR	$KxE[1],$KxD[1],$KxE[1]
+|| [B0]	GMPY4	$K[0],A24,$Kx9[0]		; ·0x09
+|| [B0]	GMPY4	$K[1],A24,$Kx9[1]
+||	ADDAW	$KPA,4,$KPA
+	XOR	$KxE[2],$KxD[2],$KxE[2]
+||	XOR	$KxE[3],$KxD[3],$KxE[3]
+|| [B0]	GMPY4	$K[2],A24,$Kx9[2]
+|| [B0]	GMPY4	$K[3],A24,$Kx9[3]
+||	ADDAW	$KPB,4,$KPB
+
+	XOR	$KxB[0],$KxE[0],$KxE[0]
+||	XOR	$KxB[1],$KxE[1],$KxE[1]
+|| [B0]	GMPY4	$K[0],B24,$KxB[0]		; ·0x0B
+|| [B0]	GMPY4	$K[1],B24,$KxB[1]
+	XOR	$KxB[2],$KxE[2],$KxE[2]
+||	XOR	$KxB[3],$KxE[3],$KxE[3]
+|| [B0]	GMPY4	$K[2],B24,$KxB[2]
+|| [B0]	GMPY4	$K[3],B24,$KxB[3]
+||	STW	$KxE[0],*${KPA}[-4]
+||	STW	$KxE[1],*${KPB}[-3]
+	STW	$KxE[2],*${KPA}[-2]
+||	STW	$KxE[3],*${KPB}[-1]
+|| [B0]	SUB	B0,1,B0
+	SPKERNEL
+;;====================================================================
+	BNOP	B31,3
+	MVC	B30,GFPGFR			; restore GFPGFR(*)
+	MVK	0,RET
+	.endasmfunc
+___
+# (*)	Even though ABI doesn't specify GFPGFR as non-volatile, there
+#	are code samples out there that *assume* its default value.
+}
+{
+my ($inp,$out,$blocks,$key,$ivp)=("A4","B4","A6","B6","A8");
+$code.=<<___;
+	.global	_AES_ctr32_encrypt
+_AES_ctr32_encrypt:
+	.asmfunc
+	LDNDW	*${ivp}[0],A31:A30	; load counter value
+||	MV	$blocks,A2		; reassign $blocks
+||	DMV	RA,$key,B27:B26		; reassign RA and $key
+	LDNDW	*${ivp}[1],B31:B30
+||	MVK	0,B2			; don't let __encrypt load input
+||	MVK	0,A1			; and postpone writing output
+	.if	.BIG_ENDIAN
+	NOP
+	.else
+	NOP	4
+	SWAP2	B31,B31			; keep least significant 32 bits
+	SWAP4	B31,B31			; in host byte order
+	.endif
+ctr32_loop?:
+   [A2]	BNOP	__encrypt
+|| [A1]	XOR	A29,A9,A9		; input^Ek(counter)
+|| [A1]	XOR	A28,A8,A8
+|| [A2]	LDNDW	*INP++,A29:A28		; load input
+  [!A2]	BNOP	B27			; return
+|| [A1]	XOR	B29,B9,B9
+|| [A1]	XOR	B28,B8,B8
+|| [A2]	LDNDW	*INP++,B29:B28
+	.if	.BIG_ENDIAN
+   [A1]	STNDW	A9:A8,*OUT++		; save output
+|| [A2]	DMV	A31,A30,A9:A8		; pass counter value to __encrypt
+   [A1]	STNDW	B9:B8,*OUT++
+|| [A2]	DMV	B31,B30,B9:B8
+|| [A2]	ADD	B30,1,B30		; counter++
+	.else
+   [A1]	STNDW	A9:A8,*OUT++		; save output
+|| [A2]	DMV	A31,A30,A9:A8
+|| [A2]	SWAP2	B31,B0
+|| [A2]	ADD	B31,1,B31		; counter++
+   [A1]	STNDW	B9:B8,*OUT++
+|| [A2]	MV	B30,B8
+|| [A2]	SWAP4	B0,B9
+	.endif
+   [A2]	ADDKPC	ctr32_loop?,RA		; return to ctr32_loop?
+|| [A2]	MV	B26,KEY			; pass $key
+|| [A2]	SUB	A2,1,A2			; $blocks--
+||[!A1]	MVK	1,A1
+	NOP
+	NOP
+	.endasmfunc
+___
+}
+# Tables are kept in endian-neutral manner
+$code.=<<___;
+	.if	__TI_EABI__
+	.sect	".text:aes_asm.const"
+	.else
+	.sect	".const:aes_asm"
+	.endif
+	.align	128
+AES_Te:
+	.byte	0xc6,0x63,0x63,0xa5,	0xf8,0x7c,0x7c,0x84
+	.byte	0xee,0x77,0x77,0x99,	0xf6,0x7b,0x7b,0x8d
+	.byte	0xff,0xf2,0xf2,0x0d,	0xd6,0x6b,0x6b,0xbd
+	.byte	0xde,0x6f,0x6f,0xb1,	0x91,0xc5,0xc5,0x54
+	.byte	0x60,0x30,0x30,0x50,	0x02,0x01,0x01,0x03
+	.byte	0xce,0x67,0x67,0xa9,	0x56,0x2b,0x2b,0x7d
+	.byte	0xe7,0xfe,0xfe,0x19,	0xb5,0xd7,0xd7,0x62
+	.byte	0x4d,0xab,0xab,0xe6,	0xec,0x76,0x76,0x9a
+	.byte	0x8f,0xca,0xca,0x45,	0x1f,0x82,0x82,0x9d
+	.byte	0x89,0xc9,0xc9,0x40,	0xfa,0x7d,0x7d,0x87
+	.byte	0xef,0xfa,0xfa,0x15,	0xb2,0x59,0x59,0xeb
+	.byte	0x8e,0x47,0x47,0xc9,	0xfb,0xf0,0xf0,0x0b
+	.byte	0x41,0xad,0xad,0xec,	0xb3,0xd4,0xd4,0x67
+	.byte	0x5f,0xa2,0xa2,0xfd,	0x45,0xaf,0xaf,0xea
+	.byte	0x23,0x9c,0x9c,0xbf,	0x53,0xa4,0xa4,0xf7
+	.byte	0xe4,0x72,0x72,0x96,	0x9b,0xc0,0xc0,0x5b
+	.byte	0x75,0xb7,0xb7,0xc2,	0xe1,0xfd,0xfd,0x1c
+	.byte	0x3d,0x93,0x93,0xae,	0x4c,0x26,0x26,0x6a
+	.byte	0x6c,0x36,0x36,0x5a,	0x7e,0x3f,0x3f,0x41
+	.byte	0xf5,0xf7,0xf7,0x02,	0x83,0xcc,0xcc,0x4f
+	.byte	0x68,0x34,0x34,0x5c,	0x51,0xa5,0xa5,0xf4
+	.byte	0xd1,0xe5,0xe5,0x34,	0xf9,0xf1,0xf1,0x08
+	.byte	0xe2,0x71,0x71,0x93,	0xab,0xd8,0xd8,0x73
+	.byte	0x62,0x31,0x31,0x53,	0x2a,0x15,0x15,0x3f
+	.byte	0x08,0x04,0x04,0x0c,	0x95,0xc7,0xc7,0x52
+	.byte	0x46,0x23,0x23,0x65,	0x9d,0xc3,0xc3,0x5e
+	.byte	0x30,0x18,0x18,0x28,	0x37,0x96,0x96,0xa1
+	.byte	0x0a,0x05,0x05,0x0f,	0x2f,0x9a,0x9a,0xb5
+	.byte	0x0e,0x07,0x07,0x09,	0x24,0x12,0x12,0x36
+	.byte	0x1b,0x80,0x80,0x9b,	0xdf,0xe2,0xe2,0x3d
+	.byte	0xcd,0xeb,0xeb,0x26,	0x4e,0x27,0x27,0x69
+	.byte	0x7f,0xb2,0xb2,0xcd,	0xea,0x75,0x75,0x9f
+	.byte	0x12,0x09,0x09,0x1b,	0x1d,0x83,0x83,0x9e
+	.byte	0x58,0x2c,0x2c,0x74,	0x34,0x1a,0x1a,0x2e
+	.byte	0x36,0x1b,0x1b,0x2d,	0xdc,0x6e,0x6e,0xb2
+	.byte	0xb4,0x5a,0x5a,0xee,	0x5b,0xa0,0xa0,0xfb
+	.byte	0xa4,0x52,0x52,0xf6,	0x76,0x3b,0x3b,0x4d
+	.byte	0xb7,0xd6,0xd6,0x61,	0x7d,0xb3,0xb3,0xce
+	.byte	0x52,0x29,0x29,0x7b,	0xdd,0xe3,0xe3,0x3e
+	.byte	0x5e,0x2f,0x2f,0x71,	0x13,0x84,0x84,0x97
+	.byte	0xa6,0x53,0x53,0xf5,	0xb9,0xd1,0xd1,0x68
+	.byte	0x00,0x00,0x00,0x00,	0xc1,0xed,0xed,0x2c
+	.byte	0x40,0x20,0x20,0x60,	0xe3,0xfc,0xfc,0x1f
+	.byte	0x79,0xb1,0xb1,0xc8,	0xb6,0x5b,0x5b,0xed
+	.byte	0xd4,0x6a,0x6a,0xbe,	0x8d,0xcb,0xcb,0x46
+	.byte	0x67,0xbe,0xbe,0xd9,	0x72,0x39,0x39,0x4b
+	.byte	0x94,0x4a,0x4a,0xde,	0x98,0x4c,0x4c,0xd4
+	.byte	0xb0,0x58,0x58,0xe8,	0x85,0xcf,0xcf,0x4a
+	.byte	0xbb,0xd0,0xd0,0x6b,	0xc5,0xef,0xef,0x2a
+	.byte	0x4f,0xaa,0xaa,0xe5,	0xed,0xfb,0xfb,0x16
+	.byte	0x86,0x43,0x43,0xc5,	0x9a,0x4d,0x4d,0xd7
+	.byte	0x66,0x33,0x33,0x55,	0x11,0x85,0x85,0x94
+	.byte	0x8a,0x45,0x45,0xcf,	0xe9,0xf9,0xf9,0x10
+	.byte	0x04,0x02,0x02,0x06,	0xfe,0x7f,0x7f,0x81
+	.byte	0xa0,0x50,0x50,0xf0,	0x78,0x3c,0x3c,0x44
+	.byte	0x25,0x9f,0x9f,0xba,	0x4b,0xa8,0xa8,0xe3
+	.byte	0xa2,0x51,0x51,0xf3,	0x5d,0xa3,0xa3,0xfe
+	.byte	0x80,0x40,0x40,0xc0,	0x05,0x8f,0x8f,0x8a
+	.byte	0x3f,0x92,0x92,0xad,	0x21,0x9d,0x9d,0xbc
+	.byte	0x70,0x38,0x38,0x48,	0xf1,0xf5,0xf5,0x04
+	.byte	0x63,0xbc,0xbc,0xdf,	0x77,0xb6,0xb6,0xc1
+	.byte	0xaf,0xda,0xda,0x75,	0x42,0x21,0x21,0x63
+	.byte	0x20,0x10,0x10,0x30,	0xe5,0xff,0xff,0x1a
+	.byte	0xfd,0xf3,0xf3,0x0e,	0xbf,0xd2,0xd2,0x6d
+	.byte	0x81,0xcd,0xcd,0x4c,	0x18,0x0c,0x0c,0x14
+	.byte	0x26,0x13,0x13,0x35,	0xc3,0xec,0xec,0x2f
+	.byte	0xbe,0x5f,0x5f,0xe1,	0x35,0x97,0x97,0xa2
+	.byte	0x88,0x44,0x44,0xcc,	0x2e,0x17,0x17,0x39
+	.byte	0x93,0xc4,0xc4,0x57,	0x55,0xa7,0xa7,0xf2
+	.byte	0xfc,0x7e,0x7e,0x82,	0x7a,0x3d,0x3d,0x47
+	.byte	0xc8,0x64,0x64,0xac,	0xba,0x5d,0x5d,0xe7
+	.byte	0x32,0x19,0x19,0x2b,	0xe6,0x73,0x73,0x95
+	.byte	0xc0,0x60,0x60,0xa0,	0x19,0x81,0x81,0x98
+	.byte	0x9e,0x4f,0x4f,0xd1,	0xa3,0xdc,0xdc,0x7f
+	.byte	0x44,0x22,0x22,0x66,	0x54,0x2a,0x2a,0x7e
+	.byte	0x3b,0x90,0x90,0xab,	0x0b,0x88,0x88,0x83
+	.byte	0x8c,0x46,0x46,0xca,	0xc7,0xee,0xee,0x29
+	.byte	0x6b,0xb8,0xb8,0xd3,	0x28,0x14,0x14,0x3c
+	.byte	0xa7,0xde,0xde,0x79,	0xbc,0x5e,0x5e,0xe2
+	.byte	0x16,0x0b,0x0b,0x1d,	0xad,0xdb,0xdb,0x76
+	.byte	0xdb,0xe0,0xe0,0x3b,	0x64,0x32,0x32,0x56
+	.byte	0x74,0x3a,0x3a,0x4e,	0x14,0x0a,0x0a,0x1e
+	.byte	0x92,0x49,0x49,0xdb,	0x0c,0x06,0x06,0x0a
+	.byte	0x48,0x24,0x24,0x6c,	0xb8,0x5c,0x5c,0xe4
+	.byte	0x9f,0xc2,0xc2,0x5d,	0xbd,0xd3,0xd3,0x6e
+	.byte	0x43,0xac,0xac,0xef,	0xc4,0x62,0x62,0xa6
+	.byte	0x39,0x91,0x91,0xa8,	0x31,0x95,0x95,0xa4
+	.byte	0xd3,0xe4,0xe4,0x37,	0xf2,0x79,0x79,0x8b
+	.byte	0xd5,0xe7,0xe7,0x32,	0x8b,0xc8,0xc8,0x43
+	.byte	0x6e,0x37,0x37,0x59,	0xda,0x6d,0x6d,0xb7
+	.byte	0x01,0x8d,0x8d,0x8c,	0xb1,0xd5,0xd5,0x64
+	.byte	0x9c,0x4e,0x4e,0xd2,	0x49,0xa9,0xa9,0xe0
+	.byte	0xd8,0x6c,0x6c,0xb4,	0xac,0x56,0x56,0xfa
+	.byte	0xf3,0xf4,0xf4,0x07,	0xcf,0xea,0xea,0x25
+	.byte	0xca,0x65,0x65,0xaf,	0xf4,0x7a,0x7a,0x8e
+	.byte	0x47,0xae,0xae,0xe9,	0x10,0x08,0x08,0x18
+	.byte	0x6f,0xba,0xba,0xd5,	0xf0,0x78,0x78,0x88
+	.byte	0x4a,0x25,0x25,0x6f,	0x5c,0x2e,0x2e,0x72
+	.byte	0x38,0x1c,0x1c,0x24,	0x57,0xa6,0xa6,0xf1
+	.byte	0x73,0xb4,0xb4,0xc7,	0x97,0xc6,0xc6,0x51
+	.byte	0xcb,0xe8,0xe8,0x23,	0xa1,0xdd,0xdd,0x7c
+	.byte	0xe8,0x74,0x74,0x9c,	0x3e,0x1f,0x1f,0x21
+	.byte	0x96,0x4b,0x4b,0xdd,	0x61,0xbd,0xbd,0xdc
+	.byte	0x0d,0x8b,0x8b,0x86,	0x0f,0x8a,0x8a,0x85
+	.byte	0xe0,0x70,0x70,0x90,	0x7c,0x3e,0x3e,0x42
+	.byte	0x71,0xb5,0xb5,0xc4,	0xcc,0x66,0x66,0xaa
+	.byte	0x90,0x48,0x48,0xd8,	0x06,0x03,0x03,0x05
+	.byte	0xf7,0xf6,0xf6,0x01,	0x1c,0x0e,0x0e,0x12
+	.byte	0xc2,0x61,0x61,0xa3,	0x6a,0x35,0x35,0x5f
+	.byte	0xae,0x57,0x57,0xf9,	0x69,0xb9,0xb9,0xd0
+	.byte	0x17,0x86,0x86,0x91,	0x99,0xc1,0xc1,0x58
+	.byte	0x3a,0x1d,0x1d,0x27,	0x27,0x9e,0x9e,0xb9
+	.byte	0xd9,0xe1,0xe1,0x38,	0xeb,0xf8,0xf8,0x13
+	.byte	0x2b,0x98,0x98,0xb3,	0x22,0x11,0x11,0x33
+	.byte	0xd2,0x69,0x69,0xbb,	0xa9,0xd9,0xd9,0x70
+	.byte	0x07,0x8e,0x8e,0x89,	0x33,0x94,0x94,0xa7
+	.byte	0x2d,0x9b,0x9b,0xb6,	0x3c,0x1e,0x1e,0x22
+	.byte	0x15,0x87,0x87,0x92,	0xc9,0xe9,0xe9,0x20
+	.byte	0x87,0xce,0xce,0x49,	0xaa,0x55,0x55,0xff
+	.byte	0x50,0x28,0x28,0x78,	0xa5,0xdf,0xdf,0x7a
+	.byte	0x03,0x8c,0x8c,0x8f,	0x59,0xa1,0xa1,0xf8
+	.byte	0x09,0x89,0x89,0x80,	0x1a,0x0d,0x0d,0x17
+	.byte	0x65,0xbf,0xbf,0xda,	0xd7,0xe6,0xe6,0x31
+	.byte	0x84,0x42,0x42,0xc6,	0xd0,0x68,0x68,0xb8
+	.byte	0x82,0x41,0x41,0xc3,	0x29,0x99,0x99,0xb0
+	.byte	0x5a,0x2d,0x2d,0x77,	0x1e,0x0f,0x0f,0x11
+	.byte	0x7b,0xb0,0xb0,0xcb,	0xa8,0x54,0x54,0xfc
+	.byte	0x6d,0xbb,0xbb,0xd6,	0x2c,0x16,0x16,0x3a
+AES_Te4:
+	.byte	0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5
+	.byte	0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76
+	.byte	0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0
+	.byte	0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0
+	.byte	0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc
+	.byte	0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15
+	.byte	0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a
+	.byte	0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75
+	.byte	0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0
+	.byte	0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84
+	.byte	0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b
+	.byte	0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf
+	.byte	0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85
+	.byte	0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8
+	.byte	0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5
+	.byte	0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2
+	.byte	0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17
+	.byte	0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73
+	.byte	0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88
+	.byte	0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb
+	.byte	0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c
+	.byte	0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79
+	.byte	0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9
+	.byte	0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08
+	.byte	0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6
+	.byte	0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a
+	.byte	0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e
+	.byte	0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e
+	.byte	0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94
+	.byte	0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf
+	.byte	0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68
+	.byte	0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
+rcon:
+	.byte	0x01,0x00,0x00,0x00,	0x02,0x00,0x00,0x00
+	.byte	0x04,0x00,0x00,0x00,	0x08,0x00,0x00,0x00
+	.byte	0x10,0x00,0x00,0x00,	0x20,0x00,0x00,0x00
+	.byte	0x40,0x00,0x00,0x00,	0x80,0x00,0x00,0x00
+	.byte	0x1B,0x00,0x00,0x00,	0x36,0x00,0x00,0x00
+	.align	128
+AES_Td:
+	.byte	0x51,0xf4,0xa7,0x50,	0x7e,0x41,0x65,0x53
+	.byte	0x1a,0x17,0xa4,0xc3,	0x3a,0x27,0x5e,0x96
+	.byte	0x3b,0xab,0x6b,0xcb,	0x1f,0x9d,0x45,0xf1
+	.byte	0xac,0xfa,0x58,0xab,	0x4b,0xe3,0x03,0x93
+	.byte	0x20,0x30,0xfa,0x55,	0xad,0x76,0x6d,0xf6
+	.byte	0x88,0xcc,0x76,0x91,	0xf5,0x02,0x4c,0x25
+	.byte	0x4f,0xe5,0xd7,0xfc,	0xc5,0x2a,0xcb,0xd7
+	.byte	0x26,0x35,0x44,0x80,	0xb5,0x62,0xa3,0x8f
+	.byte	0xde,0xb1,0x5a,0x49,	0x25,0xba,0x1b,0x67
+	.byte	0x45,0xea,0x0e,0x98,	0x5d,0xfe,0xc0,0xe1
+	.byte	0xc3,0x2f,0x75,0x02,	0x81,0x4c,0xf0,0x12
+	.byte	0x8d,0x46,0x97,0xa3,	0x6b,0xd3,0xf9,0xc6
+	.byte	0x03,0x8f,0x5f,0xe7,	0x15,0x92,0x9c,0x95
+	.byte	0xbf,0x6d,0x7a,0xeb,	0x95,0x52,0x59,0xda
+	.byte	0xd4,0xbe,0x83,0x2d,	0x58,0x74,0x21,0xd3
+	.byte	0x49,0xe0,0x69,0x29,	0x8e,0xc9,0xc8,0x44
+	.byte	0x75,0xc2,0x89,0x6a,	0xf4,0x8e,0x79,0x78
+	.byte	0x99,0x58,0x3e,0x6b,	0x27,0xb9,0x71,0xdd
+	.byte	0xbe,0xe1,0x4f,0xb6,	0xf0,0x88,0xad,0x17
+	.byte	0xc9,0x20,0xac,0x66,	0x7d,0xce,0x3a,0xb4
+	.byte	0x63,0xdf,0x4a,0x18,	0xe5,0x1a,0x31,0x82
+	.byte	0x97,0x51,0x33,0x60,	0x62,0x53,0x7f,0x45
+	.byte	0xb1,0x64,0x77,0xe0,	0xbb,0x6b,0xae,0x84
+	.byte	0xfe,0x81,0xa0,0x1c,	0xf9,0x08,0x2b,0x94
+	.byte	0x70,0x48,0x68,0x58,	0x8f,0x45,0xfd,0x19
+	.byte	0x94,0xde,0x6c,0x87,	0x52,0x7b,0xf8,0xb7
+	.byte	0xab,0x73,0xd3,0x23,	0x72,0x4b,0x02,0xe2
+	.byte	0xe3,0x1f,0x8f,0x57,	0x66,0x55,0xab,0x2a
+	.byte	0xb2,0xeb,0x28,0x07,	0x2f,0xb5,0xc2,0x03
+	.byte	0x86,0xc5,0x7b,0x9a,	0xd3,0x37,0x08,0xa5
+	.byte	0x30,0x28,0x87,0xf2,	0x23,0xbf,0xa5,0xb2
+	.byte	0x02,0x03,0x6a,0xba,	0xed,0x16,0x82,0x5c
+	.byte	0x8a,0xcf,0x1c,0x2b,	0xa7,0x79,0xb4,0x92
+	.byte	0xf3,0x07,0xf2,0xf0,	0x4e,0x69,0xe2,0xa1
+	.byte	0x65,0xda,0xf4,0xcd,	0x06,0x05,0xbe,0xd5
+	.byte	0xd1,0x34,0x62,0x1f,	0xc4,0xa6,0xfe,0x8a
+	.byte	0x34,0x2e,0x53,0x9d,	0xa2,0xf3,0x55,0xa0
+	.byte	0x05,0x8a,0xe1,0x32,	0xa4,0xf6,0xeb,0x75
+	.byte	0x0b,0x83,0xec,0x39,	0x40,0x60,0xef,0xaa
+	.byte	0x5e,0x71,0x9f,0x06,	0xbd,0x6e,0x10,0x51
+	.byte	0x3e,0x21,0x8a,0xf9,	0x96,0xdd,0x06,0x3d
+	.byte	0xdd,0x3e,0x05,0xae,	0x4d,0xe6,0xbd,0x46
+	.byte	0x91,0x54,0x8d,0xb5,	0x71,0xc4,0x5d,0x05
+	.byte	0x04,0x06,0xd4,0x6f,	0x60,0x50,0x15,0xff
+	.byte	0x19,0x98,0xfb,0x24,	0xd6,0xbd,0xe9,0x97
+	.byte	0x89,0x40,0x43,0xcc,	0x67,0xd9,0x9e,0x77
+	.byte	0xb0,0xe8,0x42,0xbd,	0x07,0x89,0x8b,0x88
+	.byte	0xe7,0x19,0x5b,0x38,	0x79,0xc8,0xee,0xdb
+	.byte	0xa1,0x7c,0x0a,0x47,	0x7c,0x42,0x0f,0xe9
+	.byte	0xf8,0x84,0x1e,0xc9,	0x00,0x00,0x00,0x00
+	.byte	0x09,0x80,0x86,0x83,	0x32,0x2b,0xed,0x48
+	.byte	0x1e,0x11,0x70,0xac,	0x6c,0x5a,0x72,0x4e
+	.byte	0xfd,0x0e,0xff,0xfb,	0x0f,0x85,0x38,0x56
+	.byte	0x3d,0xae,0xd5,0x1e,	0x36,0x2d,0x39,0x27
+	.byte	0x0a,0x0f,0xd9,0x64,	0x68,0x5c,0xa6,0x21
+	.byte	0x9b,0x5b,0x54,0xd1,	0x24,0x36,0x2e,0x3a
+	.byte	0x0c,0x0a,0x67,0xb1,	0x93,0x57,0xe7,0x0f
+	.byte	0xb4,0xee,0x96,0xd2,	0x1b,0x9b,0x91,0x9e
+	.byte	0x80,0xc0,0xc5,0x4f,	0x61,0xdc,0x20,0xa2
+	.byte	0x5a,0x77,0x4b,0x69,	0x1c,0x12,0x1a,0x16
+	.byte	0xe2,0x93,0xba,0x0a,	0xc0,0xa0,0x2a,0xe5
+	.byte	0x3c,0x22,0xe0,0x43,	0x12,0x1b,0x17,0x1d
+	.byte	0x0e,0x09,0x0d,0x0b,	0xf2,0x8b,0xc7,0xad
+	.byte	0x2d,0xb6,0xa8,0xb9,	0x14,0x1e,0xa9,0xc8
+	.byte	0x57,0xf1,0x19,0x85,	0xaf,0x75,0x07,0x4c
+	.byte	0xee,0x99,0xdd,0xbb,	0xa3,0x7f,0x60,0xfd
+	.byte	0xf7,0x01,0x26,0x9f,	0x5c,0x72,0xf5,0xbc
+	.byte	0x44,0x66,0x3b,0xc5,	0x5b,0xfb,0x7e,0x34
+	.byte	0x8b,0x43,0x29,0x76,	0xcb,0x23,0xc6,0xdc
+	.byte	0xb6,0xed,0xfc,0x68,	0xb8,0xe4,0xf1,0x63
+	.byte	0xd7,0x31,0xdc,0xca,	0x42,0x63,0x85,0x10
+	.byte	0x13,0x97,0x22,0x40,	0x84,0xc6,0x11,0x20
+	.byte	0x85,0x4a,0x24,0x7d,	0xd2,0xbb,0x3d,0xf8
+	.byte	0xae,0xf9,0x32,0x11,	0xc7,0x29,0xa1,0x6d
+	.byte	0x1d,0x9e,0x2f,0x4b,	0xdc,0xb2,0x30,0xf3
+	.byte	0x0d,0x86,0x52,0xec,	0x77,0xc1,0xe3,0xd0
+	.byte	0x2b,0xb3,0x16,0x6c,	0xa9,0x70,0xb9,0x99
+	.byte	0x11,0x94,0x48,0xfa,	0x47,0xe9,0x64,0x22
+	.byte	0xa8,0xfc,0x8c,0xc4,	0xa0,0xf0,0x3f,0x1a
+	.byte	0x56,0x7d,0x2c,0xd8,	0x22,0x33,0x90,0xef
+	.byte	0x87,0x49,0x4e,0xc7,	0xd9,0x38,0xd1,0xc1
+	.byte	0x8c,0xca,0xa2,0xfe,	0x98,0xd4,0x0b,0x36
+	.byte	0xa6,0xf5,0x81,0xcf,	0xa5,0x7a,0xde,0x28
+	.byte	0xda,0xb7,0x8e,0x26,	0x3f,0xad,0xbf,0xa4
+	.byte	0x2c,0x3a,0x9d,0xe4,	0x50,0x78,0x92,0x0d
+	.byte	0x6a,0x5f,0xcc,0x9b,	0x54,0x7e,0x46,0x62
+	.byte	0xf6,0x8d,0x13,0xc2,	0x90,0xd8,0xb8,0xe8
+	.byte	0x2e,0x39,0xf7,0x5e,	0x82,0xc3,0xaf,0xf5
+	.byte	0x9f,0x5d,0x80,0xbe,	0x69,0xd0,0x93,0x7c
+	.byte	0x6f,0xd5,0x2d,0xa9,	0xcf,0x25,0x12,0xb3
+	.byte	0xc8,0xac,0x99,0x3b,	0x10,0x18,0x7d,0xa7
+	.byte	0xe8,0x9c,0x63,0x6e,	0xdb,0x3b,0xbb,0x7b
+	.byte	0xcd,0x26,0x78,0x09,	0x6e,0x59,0x18,0xf4
+	.byte	0xec,0x9a,0xb7,0x01,	0x83,0x4f,0x9a,0xa8
+	.byte	0xe6,0x95,0x6e,0x65,	0xaa,0xff,0xe6,0x7e
+	.byte	0x21,0xbc,0xcf,0x08,	0xef,0x15,0xe8,0xe6
+	.byte	0xba,0xe7,0x9b,0xd9,	0x4a,0x6f,0x36,0xce
+	.byte	0xea,0x9f,0x09,0xd4,	0x29,0xb0,0x7c,0xd6
+	.byte	0x31,0xa4,0xb2,0xaf,	0x2a,0x3f,0x23,0x31
+	.byte	0xc6,0xa5,0x94,0x30,	0x35,0xa2,0x66,0xc0
+	.byte	0x74,0x4e,0xbc,0x37,	0xfc,0x82,0xca,0xa6
+	.byte	0xe0,0x90,0xd0,0xb0,	0x33,0xa7,0xd8,0x15
+	.byte	0xf1,0x04,0x98,0x4a,	0x41,0xec,0xda,0xf7
+	.byte	0x7f,0xcd,0x50,0x0e,	0x17,0x91,0xf6,0x2f
+	.byte	0x76,0x4d,0xd6,0x8d,	0x43,0xef,0xb0,0x4d
+	.byte	0xcc,0xaa,0x4d,0x54,	0xe4,0x96,0x04,0xdf
+	.byte	0x9e,0xd1,0xb5,0xe3,	0x4c,0x6a,0x88,0x1b
+	.byte	0xc1,0x2c,0x1f,0xb8,	0x46,0x65,0x51,0x7f
+	.byte	0x9d,0x5e,0xea,0x04,	0x01,0x8c,0x35,0x5d
+	.byte	0xfa,0x87,0x74,0x73,	0xfb,0x0b,0x41,0x2e
+	.byte	0xb3,0x67,0x1d,0x5a,	0x92,0xdb,0xd2,0x52
+	.byte	0xe9,0x10,0x56,0x33,	0x6d,0xd6,0x47,0x13
+	.byte	0x9a,0xd7,0x61,0x8c,	0x37,0xa1,0x0c,0x7a
+	.byte	0x59,0xf8,0x14,0x8e,	0xeb,0x13,0x3c,0x89
+	.byte	0xce,0xa9,0x27,0xee,	0xb7,0x61,0xc9,0x35
+	.byte	0xe1,0x1c,0xe5,0xed,	0x7a,0x47,0xb1,0x3c
+	.byte	0x9c,0xd2,0xdf,0x59,	0x55,0xf2,0x73,0x3f
+	.byte	0x18,0x14,0xce,0x79,	0x73,0xc7,0x37,0xbf
+	.byte	0x53,0xf7,0xcd,0xea,	0x5f,0xfd,0xaa,0x5b
+	.byte	0xdf,0x3d,0x6f,0x14,	0x78,0x44,0xdb,0x86
+	.byte	0xca,0xaf,0xf3,0x81,	0xb9,0x68,0xc4,0x3e
+	.byte	0x38,0x24,0x34,0x2c,	0xc2,0xa3,0x40,0x5f
+	.byte	0x16,0x1d,0xc3,0x72,	0xbc,0xe2,0x25,0x0c
+	.byte	0x28,0x3c,0x49,0x8b,	0xff,0x0d,0x95,0x41
+	.byte	0x39,0xa8,0x01,0x71,	0x08,0x0c,0xb3,0xde
+	.byte	0xd8,0xb4,0xe4,0x9c,	0x64,0x56,0xc1,0x90
+	.byte	0x7b,0xcb,0x84,0x61,	0xd5,0x32,0xb6,0x70
+	.byte	0x48,0x6c,0x5c,0x74,	0xd0,0xb8,0x57,0x42
+AES_Td4:
+	.byte	0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38
+	.byte	0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
+	.byte	0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87
+	.byte	0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
+	.byte	0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d
+	.byte	0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
+	.byte	0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2
+	.byte	0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
+	.byte	0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16
+	.byte	0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
+	.byte	0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda
+	.byte	0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
+	.byte	0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a
+	.byte	0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
+	.byte	0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02
+	.byte	0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
+	.byte	0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea
+	.byte	0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
+	.byte	0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85
+	.byte	0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
+	.byte	0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89
+	.byte	0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
+	.byte	0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20
+	.byte	0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
+	.byte	0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31
+	.byte	0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
+	.byte	0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d
+	.byte	0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
+	.byte	0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0
+	.byte	0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
+	.byte	0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26
+	.byte	0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
+	.cstring "AES for C64x+, CRYPTOGAMS by <appro\@openssl.org>"
+	.align	4
+___
+
+print $code;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-ia64.S b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-ia64.S
new file mode 100644
index 000000000..03f79b7ae
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-ia64.S
@@ -0,0 +1,1130 @@
+// Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+//
+// Licensed under the OpenSSL license (the "License").  You may not use
+// this file except in compliance with the License.  You can obtain a copy
+// in the file LICENSE in the source distribution or at
+// https://www.openssl.org/source/license.html
+//
+// ====================================================================
+// Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+// project. Rights for redistribution and usage in source and binary
+// forms are granted according to the OpenSSL license.
+// ====================================================================
+//
+// What's wrong with compiler generated code? Compiler never uses
+// variable 'shr' which is pairable with 'extr'/'dep' instructions.
+// Then it uses 'zxt' which is an I-type, but can be replaced with
+// 'and' which in turn can be assigned to M-port [there're double as
+// much M-ports as there're I-ports on Itanium 2]. By sacrificing few
+// registers for small constants (255, 24 and 16) to be used with
+// 'shr' and 'and' instructions I can achieve better ILP, Instruction
+// Level Parallelism, and performance. This code outperforms GCC 3.3
+// generated code by over factor of 2 (two), GCC 3.4 - by 70% and
+// HP C - by 40%. Measured best-case scenario, i.e. aligned
+// big-endian input, ECB timing on Itanium 2 is (18 + 13*rounds)
+// ticks per block, or 9.25 CPU cycles per byte for 128 bit key.
+
+// Version 1.2 mitigates the hazard of cache-timing attacks by
+// a) compressing S-boxes from 8KB to 2KB+256B, b) scheduling
+// references to S-boxes for L2 cache latency, c) prefetching T[ed]4
+// prior last round. As result performance dropped to (26 + 15*rounds)
+// ticks per block or 11 cycles per byte processed with 128-bit key.
+// This is ~16% deterioration. For reference Itanium 2 L1 cache has
+// 64 bytes line size and L2 - 128 bytes...
+
+.ident	"aes-ia64.S, version 1.2"
+.ident	"IA-64 ISA artwork by Andy Polyakov <appro@openssl.org>"
+.explicit
+.text
+
+rk0=r8;     rk1=r9;
+
+pfssave=r2;
+lcsave=r10;
+prsave=r3;
+maskff=r11;
+twenty4=r14;
+sixteen=r15;
+
+te00=r16;   te11=r17;   te22=r18;   te33=r19;
+te01=r20;   te12=r21;   te23=r22;   te30=r23;
+te02=r24;   te13=r25;   te20=r26;   te31=r27;
+te03=r28;   te10=r29;   te21=r30;   te32=r31;
+
+// these are rotating...
+t0=r32;     s0=r33;
+t1=r34;     s1=r35;
+t2=r36;     s2=r37;
+t3=r38;     s3=r39;
+
+te0=r40;    te1=r41;    te2=r42;    te3=r43;
+
+#if defined(_HPUX_SOURCE) && !defined(_LP64)
+# define ADDP	addp4
+#else
+# define ADDP	add
+#endif
+
+// Offsets from Te0
+#define TE0	0
+#define TE2	2
+#if defined(_HPUX_SOURCE) || defined(B_ENDIAN)
+#define TE1	3
+#define TE3	1
+#else
+#define TE1	1
+#define TE3	3
+#endif
+
+// This implies that AES_KEY comprises 32-bit key schedule elements
+// even on LP64 platforms.
+#ifndef	KSZ
+# define KSZ	4
+# define LDKEY	ld4
+#endif
+
+.proc	_ia64_AES_encrypt#
+// Input:	rk0-rk1
+//		te0
+//		te3	as AES_KEY->rounds!!!
+//		s0-s3
+//		maskff,twenty4,sixteen
+// Output:	r16,r20,r24,r28 as s0-s3
+// Clobber:	r16-r31,rk0-rk1,r32-r43
+.align	32
+_ia64_AES_encrypt:
+	.prologue
+	.altrp	b6
+	.body
+{ .mmi;	alloc	r16=ar.pfs,12,0,0,8
+	LDKEY	t0=[rk0],2*KSZ
+	mov	pr.rot=1<<16	}
+{ .mmi;	LDKEY	t1=[rk1],2*KSZ
+	add	te1=TE1,te0
+	add	te3=-3,te3	};;
+{ .mib;	LDKEY	t2=[rk0],2*KSZ
+	mov	ar.ec=2		}
+{ .mib;	LDKEY	t3=[rk1],2*KSZ
+	add	te2=TE2,te0
+	brp.loop.imp	.Le_top,.Le_end-16	};;
+
+{ .mmi;	xor	s0=s0,t0
+	xor	s1=s1,t1
+	mov	ar.lc=te3	}
+{ .mmi;	xor	s2=s2,t2
+	xor	s3=s3,t3
+	add	te3=TE3,te0	};;
+
+.align	32
+.Le_top:
+{ .mmi;	(p0)	LDKEY	t0=[rk0],2*KSZ		// 0/0:rk[0]
+	(p0)	and	te33=s3,maskff		// 0/0:s3&0xff
+	(p0)	extr.u	te22=s2,8,8	}	// 0/0:s2>>8&0xff
+{ .mmi; (p0)	LDKEY	t1=[rk1],2*KSZ		// 0/1:rk[1]
+	(p0)	and	te30=s0,maskff		// 0/1:s0&0xff
+	(p0)	shr.u	te00=s0,twenty4	};;	// 0/0:s0>>24
+{ .mmi;	(p0)	LDKEY	t2=[rk0],2*KSZ		// 1/2:rk[2]
+	(p0)	shladd	te33=te33,3,te3		// 1/0:te0+s0>>24
+	(p0)	extr.u	te23=s3,8,8	}	// 1/1:s3>>8&0xff
+{ .mmi;	(p0)	LDKEY	t3=[rk1],2*KSZ		// 1/3:rk[3]
+	(p0)	shladd	te30=te30,3,te3		// 1/1:te3+s0
+	(p0)	shr.u	te01=s1,twenty4	};;	// 1/1:s1>>24
+{ .mmi;	(p0)	ld4	te33=[te33]		// 2/0:te3[s3&0xff]
+	(p0)	shladd	te22=te22,3,te2		// 2/0:te2+s2>>8&0xff
+	(p0)	extr.u	te20=s0,8,8	}	// 2/2:s0>>8&0xff
+{ .mmi;	(p0)	ld4	te30=[te30]		// 2/1:te3[s0]
+	(p0)	shladd	te23=te23,3,te2		// 2/1:te2+s3>>8
+	(p0)	shr.u	te02=s2,twenty4	};;	// 2/2:s2>>24
+{ .mmi;	(p0)	ld4	te22=[te22]		// 3/0:te2[s2>>8]
+	(p0)	shladd	te20=te20,3,te2		// 3/2:te2+s0>>8
+	(p0)	extr.u	te21=s1,8,8	}	// 3/3:s1>>8&0xff
+{ .mmi;	(p0)	ld4	te23=[te23]		// 3/1:te2[s3>>8]
+	(p0)	shladd	te00=te00,3,te0		// 3/0:te0+s0>>24
+	(p0)	shr.u	te03=s3,twenty4	};;	// 3/3:s3>>24
+{ .mmi;	(p0)	ld4	te20=[te20]		// 4/2:te2[s0>>8]
+	(p0)	shladd	te21=te21,3,te2		// 4/3:te3+s2
+	(p0)	extr.u	te11=s1,16,8	}	// 4/0:s1>>16&0xff
+{ .mmi;	(p0)	ld4	te00=[te00]		// 4/0:te0[s0>>24]
+	(p0)	shladd	te01=te01,3,te0		// 4/1:te0+s1>>24
+	(p0)	shr.u	te13=s3,sixteen	};;	// 4/2:s3>>16
+{ .mmi;	(p0)	ld4	te21=[te21]		// 5/3:te2[s1>>8]
+	(p0)	shladd	te11=te11,3,te1		// 5/0:te1+s1>>16
+	(p0)	extr.u	te12=s2,16,8	}	// 5/1:s2>>16&0xff
+{ .mmi;	(p0)	ld4	te01=[te01]		// 5/1:te0[s1>>24]
+	(p0)	shladd	te02=te02,3,te0		// 5/2:te0+s2>>24
+	(p0)	and	te31=s1,maskff	};;	// 5/2:s1&0xff
+{ .mmi;	(p0)	ld4	te11=[te11]		// 6/0:te1[s1>>16]
+	(p0)	shladd	te12=te12,3,te1		// 6/1:te1+s2>>16
+	(p0)	extr.u	te10=s0,16,8	}	// 6/3:s0>>16&0xff
+{ .mmi;	(p0)	ld4	te02=[te02]		// 6/2:te0[s2>>24]
+	(p0)	shladd	te03=te03,3,te0		// 6/3:te1+s0>>16
+	(p0)	and	te32=s2,maskff	};;	// 6/3:s2&0xff
+
+{ .mmi;	(p0)	ld4	te12=[te12]		// 7/1:te1[s2>>16]
+	(p0)	shladd	te31=te31,3,te3		// 7/2:te3+s1&0xff
+	(p0)	and	te13=te13,maskff}	// 7/2:s3>>16&0xff
+{ .mmi;	(p0)	ld4	te03=[te03]		// 7/3:te0[s3>>24]
+	(p0)	shladd	te32=te32,3,te3		// 7/3:te3+s2
+	(p0)	xor	t0=t0,te33	};;	// 7/0:
+{ .mmi;	(p0)	ld4	te31=[te31]		// 8/2:te3[s1]
+	(p0)	shladd	te13=te13,3,te1		// 8/2:te1+s3>>16
+	(p0)	xor	t0=t0,te22	}	// 8/0:
+{ .mmi;	(p0)	ld4	te32=[te32]		// 8/3:te3[s2]
+	(p0)	shladd	te10=te10,3,te1		// 8/3:te1+s0>>16
+	(p0)	xor	t1=t1,te30	};;	// 8/1:
+{ .mmi;	(p0)	ld4	te13=[te13]		// 9/2:te1[s3>>16]
+	(p0)	ld4	te10=[te10]		// 9/3:te1[s0>>16]
+	(p0)	xor	t0=t0,te00	};;	// 9/0:		!L2 scheduling
+{ .mmi;	(p0)	xor	t1=t1,te23		// 10[9]/1:	
+	(p0)	xor	t2=t2,te20		// 10[9]/2:
+	(p0)	xor	t3=t3,te21	};;	// 10[9]/3:
+{ .mmi;	(p0)	xor	t0=t0,te11		// 11[10]/0:done!
+	(p0)	xor	t1=t1,te01		// 11[10]/1:
+	(p0)	xor	t2=t2,te02	};;	// 11[10]/2:	!L2 scheduling
+{ .mmi;	(p0)	xor	t3=t3,te03		// 12[10]/3:
+	(p16)	cmp.eq	p0,p17=r0,r0 	};;	// 12[10]/clear (p17)
+{ .mmi;	(p0)	xor	t1=t1,te12		// 13[11]/1:done!
+	(p0)	xor	t2=t2,te31		// 13[11]/2:
+	(p0)	xor	t3=t3,te32	}	// 13[11]/3:
+{ .mmi;	(p17)	add	te0=2048,te0		// 13[11]/
+	(p17)	add	te1=2048+64-TE1,te1};;	// 13[11]/
+{ .mib;	(p0)	xor	t2=t2,te13		// 14[12]/2:done!
+	(p17)	add	te2=2048+128-TE2,te2}	// 14[12]/
+{ .mib;	(p0)	xor	t3=t3,te10		// 14[12]/3:done!
+	(p17)	add	te3=2048+192-TE3,te3	// 14[12]/
+	br.ctop.sptk	.Le_top		};;
+.Le_end:
+
+
+{ .mmi;	ld8	te12=[te0]		// prefetch Te4
+	ld8	te31=[te1]	}
+{ .mmi;	ld8	te10=[te2]
+	ld8	te32=[te3]	}
+
+{ .mmi;	LDKEY	t0=[rk0],2*KSZ		// 0/0:rk[0]
+	and	te33=s3,maskff		// 0/0:s3&0xff
+	extr.u	te22=s2,8,8	}	// 0/0:s2>>8&0xff
+{ .mmi; LDKEY	t1=[rk1],2*KSZ		// 0/1:rk[1]
+	and	te30=s0,maskff		// 0/1:s0&0xff
+	shr.u	te00=s0,twenty4	};;	// 0/0:s0>>24
+{ .mmi;	LDKEY	t2=[rk0],2*KSZ		// 1/2:rk[2]
+	add	te33=te33,te0		// 1/0:te0+s0>>24
+	extr.u	te23=s3,8,8	}	// 1/1:s3>>8&0xff
+{ .mmi;	LDKEY	t3=[rk1],2*KSZ		// 1/3:rk[3]
+	add	te30=te30,te0		// 1/1:te0+s0
+	shr.u	te01=s1,twenty4	};;	// 1/1:s1>>24
+{ .mmi;	ld1	te33=[te33]		// 2/0:te0[s3&0xff]
+	add	te22=te22,te0		// 2/0:te0+s2>>8&0xff
+	extr.u	te20=s0,8,8	}	// 2/2:s0>>8&0xff
+{ .mmi;	ld1	te30=[te30]		// 2/1:te0[s0]
+	add	te23=te23,te0		// 2/1:te0+s3>>8
+	shr.u	te02=s2,twenty4	};;	// 2/2:s2>>24
+{ .mmi;	ld1	te22=[te22]		// 3/0:te0[s2>>8]
+	add	te20=te20,te0		// 3/2:te0+s0>>8
+	extr.u	te21=s1,8,8	}	// 3/3:s1>>8&0xff
+{ .mmi;	ld1	te23=[te23]		// 3/1:te0[s3>>8]
+	add	te00=te00,te0		// 3/0:te0+s0>>24
+	shr.u	te03=s3,twenty4	};;	// 3/3:s3>>24
+{ .mmi;	ld1	te20=[te20]		// 4/2:te0[s0>>8]
+	add	te21=te21,te0		// 4/3:te0+s2
+	extr.u	te11=s1,16,8	}	// 4/0:s1>>16&0xff
+{ .mmi;	ld1	te00=[te00]		// 4/0:te0[s0>>24]
+	add	te01=te01,te0		// 4/1:te0+s1>>24
+	shr.u	te13=s3,sixteen	};;	// 4/2:s3>>16
+{ .mmi;	ld1	te21=[te21]		// 5/3:te0[s1>>8]
+	add	te11=te11,te0		// 5/0:te0+s1>>16
+	extr.u	te12=s2,16,8	}	// 5/1:s2>>16&0xff
+{ .mmi;	ld1	te01=[te01]		// 5/1:te0[s1>>24]
+	add	te02=te02,te0		// 5/2:te0+s2>>24
+	and	te31=s1,maskff	};;	// 5/2:s1&0xff
+{ .mmi;	ld1	te11=[te11]		// 6/0:te0[s1>>16]
+	add	te12=te12,te0		// 6/1:te0+s2>>16
+	extr.u	te10=s0,16,8	}	// 6/3:s0>>16&0xff
+{ .mmi;	ld1	te02=[te02]		// 6/2:te0[s2>>24]
+	add	te03=te03,te0		// 6/3:te0+s0>>16
+	and	te32=s2,maskff	};;	// 6/3:s2&0xff
+
+{ .mmi;	ld1	te12=[te12]		// 7/1:te0[s2>>16]
+	add	te31=te31,te0		// 7/2:te0+s1&0xff
+	dep	te33=te22,te33,8,8}	// 7/0:
+{ .mmi;	ld1	te03=[te03]		// 7/3:te0[s3>>24]
+	add	te32=te32,te0		// 7/3:te0+s2
+	and	te13=te13,maskff};;	// 7/2:s3>>16&0xff
+{ .mmi;	ld1	te31=[te31]		// 8/2:te0[s1]
+	add	te13=te13,te0		// 8/2:te0+s3>>16
+	dep	te30=te23,te30,8,8}	// 8/1:
+{ .mmi;	ld1	te32=[te32]		// 8/3:te0[s2]
+	add	te10=te10,te0		// 8/3:te0+s0>>16
+	shl	te00=te00,twenty4};;	// 8/0:
+{ .mii;	ld1	te13=[te13]		// 9/2:te0[s3>>16]
+	dep	te33=te11,te33,16,8	// 9/0:
+	shl	te01=te01,twenty4};;	// 9/1:
+{ .mii;	ld1	te10=[te10]		// 10/3:te0[s0>>16]
+	dep	te31=te20,te31,8,8	// 10/2:
+	shl	te02=te02,twenty4};;	// 10/2:
+{ .mii;	xor	t0=t0,te33		// 11/0:
+	dep	te32=te21,te32,8,8	// 11/3:
+	shl	te12=te12,sixteen};;	// 11/1:
+{ .mii;	xor	r16=t0,te00		// 12/0:done!
+	dep	te31=te13,te31,16,8	// 12/2:
+	shl	te03=te03,twenty4};;	// 12/3:
+{ .mmi;	xor	t1=t1,te01		// 13/1:
+	xor	t2=t2,te02		// 13/2:
+	dep	te32=te10,te32,16,8};;	// 13/3:
+{ .mmi;	xor	t1=t1,te30		// 14/1:
+	xor	r24=t2,te31		// 14/2:done!
+	xor	t3=t3,te32	};;	// 14/3:
+{ .mib;	xor	r20=t1,te12		// 15/1:done!
+	xor	r28=t3,te03		// 15/3:done!
+	br.ret.sptk	b6	};;
+.endp	_ia64_AES_encrypt#
+
+// void AES_encrypt (const void *in,void *out,const AES_KEY *key);
+.global	AES_encrypt#
+.proc	AES_encrypt#
+.align	32
+AES_encrypt:
+	.prologue
+	.save	ar.pfs,pfssave
+{ .mmi;	alloc	pfssave=ar.pfs,3,1,12,0
+	and	out0=3,in0
+	mov	r3=ip			}
+{ .mmi;	ADDP	in0=0,in0
+	mov	loc0=psr.um
+	ADDP	out11=KSZ*60,in2	};;	// &AES_KEY->rounds
+
+{ .mmi;	ld4	out11=[out11]			// AES_KEY->rounds
+	add	out8=(AES_Te#-AES_encrypt#),r3	// Te0
+	.save	pr,prsave
+	mov	prsave=pr		}
+{ .mmi;	rum	1<<3				// clear um.ac
+	.save	ar.lc,lcsave
+	mov	lcsave=ar.lc		};;
+
+	.body
+#if defined(_HPUX_SOURCE)	// HPUX is big-endian, cut 15+15 cycles...
+{ .mib; cmp.ne	p6,p0=out0,r0
+	add	out0=4,in0
+(p6)	br.dpnt.many	.Le_i_unaligned	};;
+
+{ .mmi;	ld4	out1=[in0],8		// s0
+	and	out9=3,in1
+	mov	twenty4=24		}
+{ .mmi;	ld4	out3=[out0],8		// s1
+	ADDP	rk0=0,in2
+	mov	sixteen=16		};;
+{ .mmi;	ld4	out5=[in0]		// s2
+	cmp.ne	p6,p0=out9,r0
+	mov	maskff=0xff		}
+{ .mmb;	ld4	out7=[out0]		// s3
+	ADDP	rk1=KSZ,in2
+	br.call.sptk.many	b6=_ia64_AES_encrypt	};;
+
+{ .mib;	ADDP	in0=4,in1
+	ADDP	in1=0,in1
+(p6)	br.spnt	.Le_o_unaligned		};;
+
+{ .mii;	mov	psr.um=loc0
+	mov	ar.pfs=pfssave
+	mov	ar.lc=lcsave		};;
+{ .mmi;	st4	[in1]=r16,8		// s0
+	st4	[in0]=r20,8		// s1
+	mov	pr=prsave,0x1ffff	};;
+{ .mmb;	st4	[in1]=r24		// s2
+	st4	[in0]=r28		// s3
+	br.ret.sptk.many	b0	};;
+#endif
+
+.align	32
+.Le_i_unaligned:
+{ .mmi;	add	out0=1,in0
+	add	out2=2,in0
+	add	out4=3,in0	};;
+{ .mmi;	ld1	r16=[in0],4
+	ld1	r17=[out0],4	}//;;
+{ .mmi;	ld1	r18=[out2],4
+	ld1	out1=[out4],4	};;	// s0
+{ .mmi;	ld1	r20=[in0],4
+	ld1	r21=[out0],4	}//;;
+{ .mmi;	ld1	r22=[out2],4
+	ld1	out3=[out4],4	};;	// s1
+{ .mmi;	ld1	r24=[in0],4
+	ld1	r25=[out0],4	}//;;
+{ .mmi;	ld1	r26=[out2],4
+	ld1	out5=[out4],4	};;	// s2
+{ .mmi;	ld1	r28=[in0]
+	ld1	r29=[out0]	}//;;
+{ .mmi;	ld1	r30=[out2]
+	ld1	out7=[out4]	};;	// s3
+
+{ .mii;
+	dep	out1=r16,out1,24,8	//;;
+	dep	out3=r20,out3,24,8	}//;;
+{ .mii;	ADDP	rk0=0,in2
+	dep	out5=r24,out5,24,8	//;;
+	dep	out7=r28,out7,24,8	};;
+{ .mii;	ADDP	rk1=KSZ,in2
+	dep	out1=r17,out1,16,8	//;;
+	dep	out3=r21,out3,16,8	}//;;
+{ .mii;	mov	twenty4=24
+	dep	out5=r25,out5,16,8	//;;
+	dep	out7=r29,out7,16,8	};;
+{ .mii;	mov	sixteen=16
+	dep	out1=r18,out1,8,8	//;;
+	dep	out3=r22,out3,8,8	}//;;
+{ .mii;	mov	maskff=0xff
+	dep	out5=r26,out5,8,8	//;;
+	dep	out7=r30,out7,8,8	};;
+
+{ .mib;	br.call.sptk.many	b6=_ia64_AES_encrypt	};;
+
+.Le_o_unaligned:
+{ .mii;	ADDP	out0=0,in1
+	extr.u	r17=r16,8,8			// s0
+	shr.u	r19=r16,twenty4		}//;;
+{ .mii;	ADDP	out1=1,in1
+	extr.u	r18=r16,16,8
+	shr.u	r23=r20,twenty4		}//;;	// s1
+{ .mii;	ADDP	out2=2,in1
+	extr.u	r21=r20,8,8
+	shr.u	r22=r20,sixteen		}//;;
+{ .mii;	ADDP	out3=3,in1
+	extr.u	r25=r24,8,8			// s2
+	shr.u	r27=r24,twenty4		};;
+{ .mii;	st1	[out3]=r16,4
+	extr.u	r26=r24,16,8
+	shr.u	r31=r28,twenty4		}//;;	// s3
+{ .mii;	st1	[out2]=r17,4
+	extr.u	r29=r28,8,8
+	shr.u	r30=r28,sixteen		}//;;
+
+{ .mmi;	st1	[out1]=r18,4
+	st1	[out0]=r19,4		};;
+{ .mmi;	st1	[out3]=r20,4
+	st1	[out2]=r21,4		}//;;
+{ .mmi;	st1	[out1]=r22,4
+	st1	[out0]=r23,4		};;
+{ .mmi;	st1	[out3]=r24,4
+	st1	[out2]=r25,4
+	mov	pr=prsave,0x1ffff	}//;;
+{ .mmi;	st1	[out1]=r26,4
+	st1	[out0]=r27,4
+	mov	ar.pfs=pfssave		};;
+{ .mmi;	st1	[out3]=r28
+	st1	[out2]=r29
+	mov	ar.lc=lcsave		}//;;
+{ .mmi;	st1	[out1]=r30
+	st1	[out0]=r31		}
+{ .mfb;	mov	psr.um=loc0			// restore user mask
+	br.ret.sptk.many	b0	};;
+.endp	AES_encrypt#
+
+// *AES_decrypt are autogenerated by the following script:
+#if 0
+#!/usr/bin/env perl
+print "// *AES_decrypt are autogenerated by the following script:\n#if 0\n";
+open(PROG,'<'.$0); while(<PROG>) { print; } close(PROG);
+print "#endif\n";
+while(<>) {
+	$process=1	if (/\.proc\s+_ia64_AES_encrypt/);
+	next		if (!$process);
+
+	#s/te00=s0/td00=s0/;	s/te00/td00/g;
+	s/te11=s1/td13=s3/;	s/te11/td13/g;
+	#s/te22=s2/td22=s2/;	s/te22/td22/g;
+	s/te33=s3/td31=s1/;	s/te33/td31/g;
+
+	#s/te01=s1/td01=s1/;	s/te01/td01/g;
+	s/te12=s2/td10=s0/;	s/te12/td10/g;
+	#s/te23=s3/td23=s3/;	s/te23/td23/g;
+	s/te30=s0/td32=s2/;	s/te30/td32/g;
+
+	#s/te02=s2/td02=s2/;	s/te02/td02/g;
+	s/te13=s3/td11=s1/;	s/te13/td11/g;
+	#s/te20=s0/td20=s0/;	s/te20/td20/g;
+	s/te31=s1/td33=s3/;	s/te31/td33/g;
+
+	#s/te03=s3/td03=s3/;	s/te03/td03/g;
+	s/te10=s0/td12=s2/;	s/te10/td12/g;
+	#s/te21=s1/td21=s1/;	s/te21/td21/g;
+	s/te32=s2/td30=s0/;	s/te32/td30/g;
+
+	s/td/te/g;
+
+	s/AES_encrypt/AES_decrypt/g;
+	s/\.Le_/.Ld_/g;
+	s/AES_Te#/AES_Td#/g;
+
+	print;
+
+	exit		if (/\.endp\s+AES_decrypt/);
+}
+#endif
+.proc	_ia64_AES_decrypt#
+// Input:	rk0-rk1
+//		te0
+//		te3	as AES_KEY->rounds!!!
+//		s0-s3
+//		maskff,twenty4,sixteen
+// Output:	r16,r20,r24,r28 as s0-s3
+// Clobber:	r16-r31,rk0-rk1,r32-r43
+.align	32
+_ia64_AES_decrypt:
+	.prologue
+	.altrp	b6
+	.body
+{ .mmi;	alloc	r16=ar.pfs,12,0,0,8
+	LDKEY	t0=[rk0],2*KSZ
+	mov	pr.rot=1<<16	}
+{ .mmi;	LDKEY	t1=[rk1],2*KSZ
+	add	te1=TE1,te0
+	add	te3=-3,te3	};;
+{ .mib;	LDKEY	t2=[rk0],2*KSZ
+	mov	ar.ec=2		}
+{ .mib;	LDKEY	t3=[rk1],2*KSZ
+	add	te2=TE2,te0
+	brp.loop.imp	.Ld_top,.Ld_end-16	};;
+
+{ .mmi;	xor	s0=s0,t0
+	xor	s1=s1,t1
+	mov	ar.lc=te3	}
+{ .mmi;	xor	s2=s2,t2
+	xor	s3=s3,t3
+	add	te3=TE3,te0	};;
+
+.align	32
+.Ld_top:
+{ .mmi;	(p0)	LDKEY	t0=[rk0],2*KSZ		// 0/0:rk[0]
+	(p0)	and	te31=s1,maskff		// 0/0:s3&0xff
+	(p0)	extr.u	te22=s2,8,8	}	// 0/0:s2>>8&0xff
+{ .mmi; (p0)	LDKEY	t1=[rk1],2*KSZ		// 0/1:rk[1]
+	(p0)	and	te32=s2,maskff		// 0/1:s0&0xff
+	(p0)	shr.u	te00=s0,twenty4	};;	// 0/0:s0>>24
+{ .mmi;	(p0)	LDKEY	t2=[rk0],2*KSZ		// 1/2:rk[2]
+	(p0)	shladd	te31=te31,3,te3		// 1/0:te0+s0>>24
+	(p0)	extr.u	te23=s3,8,8	}	// 1/1:s3>>8&0xff
+{ .mmi;	(p0)	LDKEY	t3=[rk1],2*KSZ		// 1/3:rk[3]
+	(p0)	shladd	te32=te32,3,te3		// 1/1:te3+s0
+	(p0)	shr.u	te01=s1,twenty4	};;	// 1/1:s1>>24
+{ .mmi;	(p0)	ld4	te31=[te31]		// 2/0:te3[s3&0xff]
+	(p0)	shladd	te22=te22,3,te2		// 2/0:te2+s2>>8&0xff
+	(p0)	extr.u	te20=s0,8,8	}	// 2/2:s0>>8&0xff
+{ .mmi;	(p0)	ld4	te32=[te32]		// 2/1:te3[s0]
+	(p0)	shladd	te23=te23,3,te2		// 2/1:te2+s3>>8
+	(p0)	shr.u	te02=s2,twenty4	};;	// 2/2:s2>>24
+{ .mmi;	(p0)	ld4	te22=[te22]		// 3/0:te2[s2>>8]
+	(p0)	shladd	te20=te20,3,te2		// 3/2:te2+s0>>8
+	(p0)	extr.u	te21=s1,8,8	}	// 3/3:s1>>8&0xff
+{ .mmi;	(p0)	ld4	te23=[te23]		// 3/1:te2[s3>>8]
+	(p0)	shladd	te00=te00,3,te0		// 3/0:te0+s0>>24
+	(p0)	shr.u	te03=s3,twenty4	};;	// 3/3:s3>>24
+{ .mmi;	(p0)	ld4	te20=[te20]		// 4/2:te2[s0>>8]
+	(p0)	shladd	te21=te21,3,te2		// 4/3:te3+s2
+	(p0)	extr.u	te13=s3,16,8	}	// 4/0:s1>>16&0xff
+{ .mmi;	(p0)	ld4	te00=[te00]		// 4/0:te0[s0>>24]
+	(p0)	shladd	te01=te01,3,te0		// 4/1:te0+s1>>24
+	(p0)	shr.u	te11=s1,sixteen	};;	// 4/2:s3>>16
+{ .mmi;	(p0)	ld4	te21=[te21]		// 5/3:te2[s1>>8]
+	(p0)	shladd	te13=te13,3,te1		// 5/0:te1+s1>>16
+	(p0)	extr.u	te10=s0,16,8	}	// 5/1:s2>>16&0xff
+{ .mmi;	(p0)	ld4	te01=[te01]		// 5/1:te0[s1>>24]
+	(p0)	shladd	te02=te02,3,te0		// 5/2:te0+s2>>24
+	(p0)	and	te33=s3,maskff	};;	// 5/2:s1&0xff
+{ .mmi;	(p0)	ld4	te13=[te13]		// 6/0:te1[s1>>16]
+	(p0)	shladd	te10=te10,3,te1		// 6/1:te1+s2>>16
+	(p0)	extr.u	te12=s2,16,8	}	// 6/3:s0>>16&0xff
+{ .mmi;	(p0)	ld4	te02=[te02]		// 6/2:te0[s2>>24]
+	(p0)	shladd	te03=te03,3,te0		// 6/3:te1+s0>>16
+	(p0)	and	te30=s0,maskff	};;	// 6/3:s2&0xff
+
+{ .mmi;	(p0)	ld4	te10=[te10]		// 7/1:te1[s2>>16]
+	(p0)	shladd	te33=te33,3,te3		// 7/2:te3+s1&0xff
+	(p0)	and	te11=te11,maskff}	// 7/2:s3>>16&0xff
+{ .mmi;	(p0)	ld4	te03=[te03]		// 7/3:te0[s3>>24]
+	(p0)	shladd	te30=te30,3,te3		// 7/3:te3+s2
+	(p0)	xor	t0=t0,te31	};;	// 7/0:
+{ .mmi;	(p0)	ld4	te33=[te33]		// 8/2:te3[s1]
+	(p0)	shladd	te11=te11,3,te1		// 8/2:te1+s3>>16
+	(p0)	xor	t0=t0,te22	}	// 8/0:
+{ .mmi;	(p0)	ld4	te30=[te30]		// 8/3:te3[s2]
+	(p0)	shladd	te12=te12,3,te1		// 8/3:te1+s0>>16
+	(p0)	xor	t1=t1,te32	};;	// 8/1:
+{ .mmi;	(p0)	ld4	te11=[te11]		// 9/2:te1[s3>>16]
+	(p0)	ld4	te12=[te12]		// 9/3:te1[s0>>16]
+	(p0)	xor	t0=t0,te00	};;	// 9/0:		!L2 scheduling
+{ .mmi;	(p0)	xor	t1=t1,te23		// 10[9]/1:	
+	(p0)	xor	t2=t2,te20		// 10[9]/2:
+	(p0)	xor	t3=t3,te21	};;	// 10[9]/3:
+{ .mmi;	(p0)	xor	t0=t0,te13		// 11[10]/0:done!
+	(p0)	xor	t1=t1,te01		// 11[10]/1:
+	(p0)	xor	t2=t2,te02	};;	// 11[10]/2:	!L2 scheduling
+{ .mmi;	(p0)	xor	t3=t3,te03		// 12[10]/3:
+	(p16)	cmp.eq	p0,p17=r0,r0 	};;	// 12[10]/clear (p17)
+{ .mmi;	(p0)	xor	t1=t1,te10		// 13[11]/1:done!
+	(p0)	xor	t2=t2,te33		// 13[11]/2:
+	(p0)	xor	t3=t3,te30	}	// 13[11]/3:
+{ .mmi;	(p17)	add	te0=2048,te0		// 13[11]/
+	(p17)	add	te1=2048+64-TE1,te1};;	// 13[11]/
+{ .mib;	(p0)	xor	t2=t2,te11		// 14[12]/2:done!
+	(p17)	add	te2=2048+128-TE2,te2}	// 14[12]/
+{ .mib;	(p0)	xor	t3=t3,te12		// 14[12]/3:done!
+	(p17)	add	te3=2048+192-TE3,te3	// 14[12]/
+	br.ctop.sptk	.Ld_top		};;
+.Ld_end:
+
+
+{ .mmi;	ld8	te10=[te0]		// prefetch Td4
+	ld8	te33=[te1]	}
+{ .mmi;	ld8	te12=[te2]
+	ld8	te30=[te3]	}
+
+{ .mmi;	LDKEY	t0=[rk0],2*KSZ		// 0/0:rk[0]
+	and	te31=s1,maskff		// 0/0:s3&0xff
+	extr.u	te22=s2,8,8	}	// 0/0:s2>>8&0xff
+{ .mmi; LDKEY	t1=[rk1],2*KSZ		// 0/1:rk[1]
+	and	te32=s2,maskff		// 0/1:s0&0xff
+	shr.u	te00=s0,twenty4	};;	// 0/0:s0>>24
+{ .mmi;	LDKEY	t2=[rk0],2*KSZ		// 1/2:rk[2]
+	add	te31=te31,te0		// 1/0:te0+s0>>24
+	extr.u	te23=s3,8,8	}	// 1/1:s3>>8&0xff
+{ .mmi;	LDKEY	t3=[rk1],2*KSZ		// 1/3:rk[3]
+	add	te32=te32,te0		// 1/1:te0+s0
+	shr.u	te01=s1,twenty4	};;	// 1/1:s1>>24
+{ .mmi;	ld1	te31=[te31]		// 2/0:te0[s3&0xff]
+	add	te22=te22,te0		// 2/0:te0+s2>>8&0xff
+	extr.u	te20=s0,8,8	}	// 2/2:s0>>8&0xff
+{ .mmi;	ld1	te32=[te32]		// 2/1:te0[s0]
+	add	te23=te23,te0		// 2/1:te0+s3>>8
+	shr.u	te02=s2,twenty4	};;	// 2/2:s2>>24
+{ .mmi;	ld1	te22=[te22]		// 3/0:te0[s2>>8]
+	add	te20=te20,te0		// 3/2:te0+s0>>8
+	extr.u	te21=s1,8,8	}	// 3/3:s1>>8&0xff
+{ .mmi;	ld1	te23=[te23]		// 3/1:te0[s3>>8]
+	add	te00=te00,te0		// 3/0:te0+s0>>24
+	shr.u	te03=s3,twenty4	};;	// 3/3:s3>>24
+{ .mmi;	ld1	te20=[te20]		// 4/2:te0[s0>>8]
+	add	te21=te21,te0		// 4/3:te0+s2
+	extr.u	te13=s3,16,8	}	// 4/0:s1>>16&0xff
+{ .mmi;	ld1	te00=[te00]		// 4/0:te0[s0>>24]
+	add	te01=te01,te0		// 4/1:te0+s1>>24
+	shr.u	te11=s1,sixteen	};;	// 4/2:s3>>16
+{ .mmi;	ld1	te21=[te21]		// 5/3:te0[s1>>8]
+	add	te13=te13,te0		// 5/0:te0+s1>>16
+	extr.u	te10=s0,16,8	}	// 5/1:s2>>16&0xff
+{ .mmi;	ld1	te01=[te01]		// 5/1:te0[s1>>24]
+	add	te02=te02,te0		// 5/2:te0+s2>>24
+	and	te33=s3,maskff	};;	// 5/2:s1&0xff
+{ .mmi;	ld1	te13=[te13]		// 6/0:te0[s1>>16]
+	add	te10=te10,te0		// 6/1:te0+s2>>16
+	extr.u	te12=s2,16,8	}	// 6/3:s0>>16&0xff
+{ .mmi;	ld1	te02=[te02]		// 6/2:te0[s2>>24]
+	add	te03=te03,te0		// 6/3:te0+s0>>16
+	and	te30=s0,maskff	};;	// 6/3:s2&0xff
+
+{ .mmi;	ld1	te10=[te10]		// 7/1:te0[s2>>16]
+	add	te33=te33,te0		// 7/2:te0+s1&0xff
+	dep	te31=te22,te31,8,8}	// 7/0:
+{ .mmi;	ld1	te03=[te03]		// 7/3:te0[s3>>24]
+	add	te30=te30,te0		// 7/3:te0+s2
+	and	te11=te11,maskff};;	// 7/2:s3>>16&0xff
+{ .mmi;	ld1	te33=[te33]		// 8/2:te0[s1]
+	add	te11=te11,te0		// 8/2:te0+s3>>16
+	dep	te32=te23,te32,8,8}	// 8/1:
+{ .mmi;	ld1	te30=[te30]		// 8/3:te0[s2]
+	add	te12=te12,te0		// 8/3:te0+s0>>16
+	shl	te00=te00,twenty4};;	// 8/0:
+{ .mii;	ld1	te11=[te11]		// 9/2:te0[s3>>16]
+	dep	te31=te13,te31,16,8	// 9/0:
+	shl	te01=te01,twenty4};;	// 9/1:
+{ .mii;	ld1	te12=[te12]		// 10/3:te0[s0>>16]
+	dep	te33=te20,te33,8,8	// 10/2:
+	shl	te02=te02,twenty4};;	// 10/2:
+{ .mii;	xor	t0=t0,te31		// 11/0:
+	dep	te30=te21,te30,8,8	// 11/3:
+	shl	te10=te10,sixteen};;	// 11/1:
+{ .mii;	xor	r16=t0,te00		// 12/0:done!
+	dep	te33=te11,te33,16,8	// 12/2:
+	shl	te03=te03,twenty4};;	// 12/3:
+{ .mmi;	xor	t1=t1,te01		// 13/1:
+	xor	t2=t2,te02		// 13/2:
+	dep	te30=te12,te30,16,8};;	// 13/3:
+{ .mmi;	xor	t1=t1,te32		// 14/1:
+	xor	r24=t2,te33		// 14/2:done!
+	xor	t3=t3,te30	};;	// 14/3:
+{ .mib;	xor	r20=t1,te10		// 15/1:done!
+	xor	r28=t3,te03		// 15/3:done!
+	br.ret.sptk	b6	};;
+.endp	_ia64_AES_decrypt#
+
+// void AES_decrypt (const void *in,void *out,const AES_KEY *key);
+.global	AES_decrypt#
+.proc	AES_decrypt#
+.align	32
+AES_decrypt:
+	.prologue
+	.save	ar.pfs,pfssave
+{ .mmi;	alloc	pfssave=ar.pfs,3,1,12,0
+	and	out0=3,in0
+	mov	r3=ip			}
+{ .mmi;	ADDP	in0=0,in0
+	mov	loc0=psr.um
+	ADDP	out11=KSZ*60,in2	};;	// &AES_KEY->rounds
+
+{ .mmi;	ld4	out11=[out11]			// AES_KEY->rounds
+	add	out8=(AES_Td#-AES_decrypt#),r3	// Te0
+	.save	pr,prsave
+	mov	prsave=pr		}
+{ .mmi;	rum	1<<3				// clear um.ac
+	.save	ar.lc,lcsave
+	mov	lcsave=ar.lc		};;
+
+	.body
+#if defined(_HPUX_SOURCE)	// HPUX is big-endian, cut 15+15 cycles...
+{ .mib; cmp.ne	p6,p0=out0,r0
+	add	out0=4,in0
+(p6)	br.dpnt.many	.Ld_i_unaligned	};;
+
+{ .mmi;	ld4	out1=[in0],8		// s0
+	and	out9=3,in1
+	mov	twenty4=24		}
+{ .mmi;	ld4	out3=[out0],8		// s1
+	ADDP	rk0=0,in2
+	mov	sixteen=16		};;
+{ .mmi;	ld4	out5=[in0]		// s2
+	cmp.ne	p6,p0=out9,r0
+	mov	maskff=0xff		}
+{ .mmb;	ld4	out7=[out0]		// s3
+	ADDP	rk1=KSZ,in2
+	br.call.sptk.many	b6=_ia64_AES_decrypt	};;
+
+{ .mib;	ADDP	in0=4,in1
+	ADDP	in1=0,in1
+(p6)	br.spnt	.Ld_o_unaligned		};;
+
+{ .mii;	mov	psr.um=loc0
+	mov	ar.pfs=pfssave
+	mov	ar.lc=lcsave		};;
+{ .mmi;	st4	[in1]=r16,8		// s0
+	st4	[in0]=r20,8		// s1
+	mov	pr=prsave,0x1ffff	};;
+{ .mmb;	st4	[in1]=r24		// s2
+	st4	[in0]=r28		// s3
+	br.ret.sptk.many	b0	};;
+#endif
+
+.align	32
+.Ld_i_unaligned:
+{ .mmi;	add	out0=1,in0
+	add	out2=2,in0
+	add	out4=3,in0	};;
+{ .mmi;	ld1	r16=[in0],4
+	ld1	r17=[out0],4	}//;;
+{ .mmi;	ld1	r18=[out2],4
+	ld1	out1=[out4],4	};;	// s0
+{ .mmi;	ld1	r20=[in0],4
+	ld1	r21=[out0],4	}//;;
+{ .mmi;	ld1	r22=[out2],4
+	ld1	out3=[out4],4	};;	// s1
+{ .mmi;	ld1	r24=[in0],4
+	ld1	r25=[out0],4	}//;;
+{ .mmi;	ld1	r26=[out2],4
+	ld1	out5=[out4],4	};;	// s2
+{ .mmi;	ld1	r28=[in0]
+	ld1	r29=[out0]	}//;;
+{ .mmi;	ld1	r30=[out2]
+	ld1	out7=[out4]	};;	// s3
+
+{ .mii;
+	dep	out1=r16,out1,24,8	//;;
+	dep	out3=r20,out3,24,8	}//;;
+{ .mii;	ADDP	rk0=0,in2
+	dep	out5=r24,out5,24,8	//;;
+	dep	out7=r28,out7,24,8	};;
+{ .mii;	ADDP	rk1=KSZ,in2
+	dep	out1=r17,out1,16,8	//;;
+	dep	out3=r21,out3,16,8	}//;;
+{ .mii;	mov	twenty4=24
+	dep	out5=r25,out5,16,8	//;;
+	dep	out7=r29,out7,16,8	};;
+{ .mii;	mov	sixteen=16
+	dep	out1=r18,out1,8,8	//;;
+	dep	out3=r22,out3,8,8	}//;;
+{ .mii;	mov	maskff=0xff
+	dep	out5=r26,out5,8,8	//;;
+	dep	out7=r30,out7,8,8	};;
+
+{ .mib;	br.call.sptk.many	b6=_ia64_AES_decrypt	};;
+
+.Ld_o_unaligned:
+{ .mii;	ADDP	out0=0,in1
+	extr.u	r17=r16,8,8			// s0
+	shr.u	r19=r16,twenty4		}//;;
+{ .mii;	ADDP	out1=1,in1
+	extr.u	r18=r16,16,8
+	shr.u	r23=r20,twenty4		}//;;	// s1
+{ .mii;	ADDP	out2=2,in1
+	extr.u	r21=r20,8,8
+	shr.u	r22=r20,sixteen		}//;;
+{ .mii;	ADDP	out3=3,in1
+	extr.u	r25=r24,8,8			// s2
+	shr.u	r27=r24,twenty4		};;
+{ .mii;	st1	[out3]=r16,4
+	extr.u	r26=r24,16,8
+	shr.u	r31=r28,twenty4		}//;;	// s3
+{ .mii;	st1	[out2]=r17,4
+	extr.u	r29=r28,8,8
+	shr.u	r30=r28,sixteen		}//;;
+
+{ .mmi;	st1	[out1]=r18,4
+	st1	[out0]=r19,4		};;
+{ .mmi;	st1	[out3]=r20,4
+	st1	[out2]=r21,4		}//;;
+{ .mmi;	st1	[out1]=r22,4
+	st1	[out0]=r23,4		};;
+{ .mmi;	st1	[out3]=r24,4
+	st1	[out2]=r25,4
+	mov	pr=prsave,0x1ffff	}//;;
+{ .mmi;	st1	[out1]=r26,4
+	st1	[out0]=r27,4
+	mov	ar.pfs=pfssave		};;
+{ .mmi;	st1	[out3]=r28
+	st1	[out2]=r29
+	mov	ar.lc=lcsave		}//;;
+{ .mmi;	st1	[out1]=r30
+	st1	[out0]=r31		}
+{ .mfb;	mov	psr.um=loc0			// restore user mask
+	br.ret.sptk.many	b0	};;
+.endp	AES_decrypt#
+
+// leave it in .text segment...
+.align	64
+.global	AES_Te#
+.type	AES_Te#,@object
+AES_Te:	data4	0xc66363a5,0xc66363a5, 0xf87c7c84,0xf87c7c84
+	data4	0xee777799,0xee777799, 0xf67b7b8d,0xf67b7b8d
+	data4	0xfff2f20d,0xfff2f20d, 0xd66b6bbd,0xd66b6bbd
+	data4	0xde6f6fb1,0xde6f6fb1, 0x91c5c554,0x91c5c554
+	data4	0x60303050,0x60303050, 0x02010103,0x02010103
+	data4	0xce6767a9,0xce6767a9, 0x562b2b7d,0x562b2b7d
+	data4	0xe7fefe19,0xe7fefe19, 0xb5d7d762,0xb5d7d762
+	data4	0x4dababe6,0x4dababe6, 0xec76769a,0xec76769a
+	data4	0x8fcaca45,0x8fcaca45, 0x1f82829d,0x1f82829d
+	data4	0x89c9c940,0x89c9c940, 0xfa7d7d87,0xfa7d7d87
+	data4	0xeffafa15,0xeffafa15, 0xb25959eb,0xb25959eb
+	data4	0x8e4747c9,0x8e4747c9, 0xfbf0f00b,0xfbf0f00b
+	data4	0x41adadec,0x41adadec, 0xb3d4d467,0xb3d4d467
+	data4	0x5fa2a2fd,0x5fa2a2fd, 0x45afafea,0x45afafea
+	data4	0x239c9cbf,0x239c9cbf, 0x53a4a4f7,0x53a4a4f7
+	data4	0xe4727296,0xe4727296, 0x9bc0c05b,0x9bc0c05b
+	data4	0x75b7b7c2,0x75b7b7c2, 0xe1fdfd1c,0xe1fdfd1c
+	data4	0x3d9393ae,0x3d9393ae, 0x4c26266a,0x4c26266a
+	data4	0x6c36365a,0x6c36365a, 0x7e3f3f41,0x7e3f3f41
+	data4	0xf5f7f702,0xf5f7f702, 0x83cccc4f,0x83cccc4f
+	data4	0x6834345c,0x6834345c, 0x51a5a5f4,0x51a5a5f4
+	data4	0xd1e5e534,0xd1e5e534, 0xf9f1f108,0xf9f1f108
+	data4	0xe2717193,0xe2717193, 0xabd8d873,0xabd8d873
+	data4	0x62313153,0x62313153, 0x2a15153f,0x2a15153f
+	data4	0x0804040c,0x0804040c, 0x95c7c752,0x95c7c752
+	data4	0x46232365,0x46232365, 0x9dc3c35e,0x9dc3c35e
+	data4	0x30181828,0x30181828, 0x379696a1,0x379696a1
+	data4	0x0a05050f,0x0a05050f, 0x2f9a9ab5,0x2f9a9ab5
+	data4	0x0e070709,0x0e070709, 0x24121236,0x24121236
+	data4	0x1b80809b,0x1b80809b, 0xdfe2e23d,0xdfe2e23d
+	data4	0xcdebeb26,0xcdebeb26, 0x4e272769,0x4e272769
+	data4	0x7fb2b2cd,0x7fb2b2cd, 0xea75759f,0xea75759f
+	data4	0x1209091b,0x1209091b, 0x1d83839e,0x1d83839e
+	data4	0x582c2c74,0x582c2c74, 0x341a1a2e,0x341a1a2e
+	data4	0x361b1b2d,0x361b1b2d, 0xdc6e6eb2,0xdc6e6eb2
+	data4	0xb45a5aee,0xb45a5aee, 0x5ba0a0fb,0x5ba0a0fb
+	data4	0xa45252f6,0xa45252f6, 0x763b3b4d,0x763b3b4d
+	data4	0xb7d6d661,0xb7d6d661, 0x7db3b3ce,0x7db3b3ce
+	data4	0x5229297b,0x5229297b, 0xdde3e33e,0xdde3e33e
+	data4	0x5e2f2f71,0x5e2f2f71, 0x13848497,0x13848497
+	data4	0xa65353f5,0xa65353f5, 0xb9d1d168,0xb9d1d168
+	data4	0x00000000,0x00000000, 0xc1eded2c,0xc1eded2c
+	data4	0x40202060,0x40202060, 0xe3fcfc1f,0xe3fcfc1f
+	data4	0x79b1b1c8,0x79b1b1c8, 0xb65b5bed,0xb65b5bed
+	data4	0xd46a6abe,0xd46a6abe, 0x8dcbcb46,0x8dcbcb46
+	data4	0x67bebed9,0x67bebed9, 0x7239394b,0x7239394b
+	data4	0x944a4ade,0x944a4ade, 0x984c4cd4,0x984c4cd4
+	data4	0xb05858e8,0xb05858e8, 0x85cfcf4a,0x85cfcf4a
+	data4	0xbbd0d06b,0xbbd0d06b, 0xc5efef2a,0xc5efef2a
+	data4	0x4faaaae5,0x4faaaae5, 0xedfbfb16,0xedfbfb16
+	data4	0x864343c5,0x864343c5, 0x9a4d4dd7,0x9a4d4dd7
+	data4	0x66333355,0x66333355, 0x11858594,0x11858594
+	data4	0x8a4545cf,0x8a4545cf, 0xe9f9f910,0xe9f9f910
+	data4	0x04020206,0x04020206, 0xfe7f7f81,0xfe7f7f81
+	data4	0xa05050f0,0xa05050f0, 0x783c3c44,0x783c3c44
+	data4	0x259f9fba,0x259f9fba, 0x4ba8a8e3,0x4ba8a8e3
+	data4	0xa25151f3,0xa25151f3, 0x5da3a3fe,0x5da3a3fe
+	data4	0x804040c0,0x804040c0, 0x058f8f8a,0x058f8f8a
+	data4	0x3f9292ad,0x3f9292ad, 0x219d9dbc,0x219d9dbc
+	data4	0x70383848,0x70383848, 0xf1f5f504,0xf1f5f504
+	data4	0x63bcbcdf,0x63bcbcdf, 0x77b6b6c1,0x77b6b6c1
+	data4	0xafdada75,0xafdada75, 0x42212163,0x42212163
+	data4	0x20101030,0x20101030, 0xe5ffff1a,0xe5ffff1a
+	data4	0xfdf3f30e,0xfdf3f30e, 0xbfd2d26d,0xbfd2d26d
+	data4	0x81cdcd4c,0x81cdcd4c, 0x180c0c14,0x180c0c14
+	data4	0x26131335,0x26131335, 0xc3ecec2f,0xc3ecec2f
+	data4	0xbe5f5fe1,0xbe5f5fe1, 0x359797a2,0x359797a2
+	data4	0x884444cc,0x884444cc, 0x2e171739,0x2e171739
+	data4	0x93c4c457,0x93c4c457, 0x55a7a7f2,0x55a7a7f2
+	data4	0xfc7e7e82,0xfc7e7e82, 0x7a3d3d47,0x7a3d3d47
+	data4	0xc86464ac,0xc86464ac, 0xba5d5de7,0xba5d5de7
+	data4	0x3219192b,0x3219192b, 0xe6737395,0xe6737395
+	data4	0xc06060a0,0xc06060a0, 0x19818198,0x19818198
+	data4	0x9e4f4fd1,0x9e4f4fd1, 0xa3dcdc7f,0xa3dcdc7f
+	data4	0x44222266,0x44222266, 0x542a2a7e,0x542a2a7e
+	data4	0x3b9090ab,0x3b9090ab, 0x0b888883,0x0b888883
+	data4	0x8c4646ca,0x8c4646ca, 0xc7eeee29,0xc7eeee29
+	data4	0x6bb8b8d3,0x6bb8b8d3, 0x2814143c,0x2814143c
+	data4	0xa7dede79,0xa7dede79, 0xbc5e5ee2,0xbc5e5ee2
+	data4	0x160b0b1d,0x160b0b1d, 0xaddbdb76,0xaddbdb76
+	data4	0xdbe0e03b,0xdbe0e03b, 0x64323256,0x64323256
+	data4	0x743a3a4e,0x743a3a4e, 0x140a0a1e,0x140a0a1e
+	data4	0x924949db,0x924949db, 0x0c06060a,0x0c06060a
+	data4	0x4824246c,0x4824246c, 0xb85c5ce4,0xb85c5ce4
+	data4	0x9fc2c25d,0x9fc2c25d, 0xbdd3d36e,0xbdd3d36e
+	data4	0x43acacef,0x43acacef, 0xc46262a6,0xc46262a6
+	data4	0x399191a8,0x399191a8, 0x319595a4,0x319595a4
+	data4	0xd3e4e437,0xd3e4e437, 0xf279798b,0xf279798b
+	data4	0xd5e7e732,0xd5e7e732, 0x8bc8c843,0x8bc8c843
+	data4	0x6e373759,0x6e373759, 0xda6d6db7,0xda6d6db7
+	data4	0x018d8d8c,0x018d8d8c, 0xb1d5d564,0xb1d5d564
+	data4	0x9c4e4ed2,0x9c4e4ed2, 0x49a9a9e0,0x49a9a9e0
+	data4	0xd86c6cb4,0xd86c6cb4, 0xac5656fa,0xac5656fa
+	data4	0xf3f4f407,0xf3f4f407, 0xcfeaea25,0xcfeaea25
+	data4	0xca6565af,0xca6565af, 0xf47a7a8e,0xf47a7a8e
+	data4	0x47aeaee9,0x47aeaee9, 0x10080818,0x10080818
+	data4	0x6fbabad5,0x6fbabad5, 0xf0787888,0xf0787888
+	data4	0x4a25256f,0x4a25256f, 0x5c2e2e72,0x5c2e2e72
+	data4	0x381c1c24,0x381c1c24, 0x57a6a6f1,0x57a6a6f1
+	data4	0x73b4b4c7,0x73b4b4c7, 0x97c6c651,0x97c6c651
+	data4	0xcbe8e823,0xcbe8e823, 0xa1dddd7c,0xa1dddd7c
+	data4	0xe874749c,0xe874749c, 0x3e1f1f21,0x3e1f1f21
+	data4	0x964b4bdd,0x964b4bdd, 0x61bdbddc,0x61bdbddc
+	data4	0x0d8b8b86,0x0d8b8b86, 0x0f8a8a85,0x0f8a8a85
+	data4	0xe0707090,0xe0707090, 0x7c3e3e42,0x7c3e3e42
+	data4	0x71b5b5c4,0x71b5b5c4, 0xcc6666aa,0xcc6666aa
+	data4	0x904848d8,0x904848d8, 0x06030305,0x06030305
+	data4	0xf7f6f601,0xf7f6f601, 0x1c0e0e12,0x1c0e0e12
+	data4	0xc26161a3,0xc26161a3, 0x6a35355f,0x6a35355f
+	data4	0xae5757f9,0xae5757f9, 0x69b9b9d0,0x69b9b9d0
+	data4	0x17868691,0x17868691, 0x99c1c158,0x99c1c158
+	data4	0x3a1d1d27,0x3a1d1d27, 0x279e9eb9,0x279e9eb9
+	data4	0xd9e1e138,0xd9e1e138, 0xebf8f813,0xebf8f813
+	data4	0x2b9898b3,0x2b9898b3, 0x22111133,0x22111133
+	data4	0xd26969bb,0xd26969bb, 0xa9d9d970,0xa9d9d970
+	data4	0x078e8e89,0x078e8e89, 0x339494a7,0x339494a7
+	data4	0x2d9b9bb6,0x2d9b9bb6, 0x3c1e1e22,0x3c1e1e22
+	data4	0x15878792,0x15878792, 0xc9e9e920,0xc9e9e920
+	data4	0x87cece49,0x87cece49, 0xaa5555ff,0xaa5555ff
+	data4	0x50282878,0x50282878, 0xa5dfdf7a,0xa5dfdf7a
+	data4	0x038c8c8f,0x038c8c8f, 0x59a1a1f8,0x59a1a1f8
+	data4	0x09898980,0x09898980, 0x1a0d0d17,0x1a0d0d17
+	data4	0x65bfbfda,0x65bfbfda, 0xd7e6e631,0xd7e6e631
+	data4	0x844242c6,0x844242c6, 0xd06868b8,0xd06868b8
+	data4	0x824141c3,0x824141c3, 0x299999b0,0x299999b0
+	data4	0x5a2d2d77,0x5a2d2d77, 0x1e0f0f11,0x1e0f0f11
+	data4	0x7bb0b0cb,0x7bb0b0cb, 0xa85454fc,0xa85454fc
+	data4	0x6dbbbbd6,0x6dbbbbd6, 0x2c16163a,0x2c16163a
+// Te4:
+	data1	0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5
+	data1	0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76
+	data1	0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0
+	data1	0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0
+	data1	0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc
+	data1	0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15
+	data1	0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a
+	data1	0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75
+	data1	0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0
+	data1	0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84
+	data1	0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b
+	data1	0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf
+	data1	0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85
+	data1	0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8
+	data1	0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5
+	data1	0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2
+	data1	0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17
+	data1	0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73
+	data1	0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88
+	data1	0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb
+	data1	0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c
+	data1	0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79
+	data1	0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9
+	data1	0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08
+	data1	0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6
+	data1	0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a
+	data1	0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e
+	data1	0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e
+	data1	0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94
+	data1	0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf
+	data1	0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68
+	data1	0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
+.size	AES_Te#,2048+256	// HP-UX assembler fails to ".-AES_Te#"
+
+.align	64
+.global	AES_Td#
+.type	AES_Td#,@object
+AES_Td:	data4	0x51f4a750,0x51f4a750, 0x7e416553,0x7e416553
+	data4	0x1a17a4c3,0x1a17a4c3, 0x3a275e96,0x3a275e96
+	data4	0x3bab6bcb,0x3bab6bcb, 0x1f9d45f1,0x1f9d45f1
+	data4	0xacfa58ab,0xacfa58ab, 0x4be30393,0x4be30393
+	data4	0x2030fa55,0x2030fa55, 0xad766df6,0xad766df6
+	data4	0x88cc7691,0x88cc7691, 0xf5024c25,0xf5024c25
+	data4	0x4fe5d7fc,0x4fe5d7fc, 0xc52acbd7,0xc52acbd7
+	data4	0x26354480,0x26354480, 0xb562a38f,0xb562a38f
+	data4	0xdeb15a49,0xdeb15a49, 0x25ba1b67,0x25ba1b67
+	data4	0x45ea0e98,0x45ea0e98, 0x5dfec0e1,0x5dfec0e1
+	data4	0xc32f7502,0xc32f7502, 0x814cf012,0x814cf012
+	data4	0x8d4697a3,0x8d4697a3, 0x6bd3f9c6,0x6bd3f9c6
+	data4	0x038f5fe7,0x038f5fe7, 0x15929c95,0x15929c95
+	data4	0xbf6d7aeb,0xbf6d7aeb, 0x955259da,0x955259da
+	data4	0xd4be832d,0xd4be832d, 0x587421d3,0x587421d3
+	data4	0x49e06929,0x49e06929, 0x8ec9c844,0x8ec9c844
+	data4	0x75c2896a,0x75c2896a, 0xf48e7978,0xf48e7978
+	data4	0x99583e6b,0x99583e6b, 0x27b971dd,0x27b971dd
+	data4	0xbee14fb6,0xbee14fb6, 0xf088ad17,0xf088ad17
+	data4	0xc920ac66,0xc920ac66, 0x7dce3ab4,0x7dce3ab4
+	data4	0x63df4a18,0x63df4a18, 0xe51a3182,0xe51a3182
+	data4	0x97513360,0x97513360, 0x62537f45,0x62537f45
+	data4	0xb16477e0,0xb16477e0, 0xbb6bae84,0xbb6bae84
+	data4	0xfe81a01c,0xfe81a01c, 0xf9082b94,0xf9082b94
+	data4	0x70486858,0x70486858, 0x8f45fd19,0x8f45fd19
+	data4	0x94de6c87,0x94de6c87, 0x527bf8b7,0x527bf8b7
+	data4	0xab73d323,0xab73d323, 0x724b02e2,0x724b02e2
+	data4	0xe31f8f57,0xe31f8f57, 0x6655ab2a,0x6655ab2a
+	data4	0xb2eb2807,0xb2eb2807, 0x2fb5c203,0x2fb5c203
+	data4	0x86c57b9a,0x86c57b9a, 0xd33708a5,0xd33708a5
+	data4	0x302887f2,0x302887f2, 0x23bfa5b2,0x23bfa5b2
+	data4	0x02036aba,0x02036aba, 0xed16825c,0xed16825c
+	data4	0x8acf1c2b,0x8acf1c2b, 0xa779b492,0xa779b492
+	data4	0xf307f2f0,0xf307f2f0, 0x4e69e2a1,0x4e69e2a1
+	data4	0x65daf4cd,0x65daf4cd, 0x0605bed5,0x0605bed5
+	data4	0xd134621f,0xd134621f, 0xc4a6fe8a,0xc4a6fe8a
+	data4	0x342e539d,0x342e539d, 0xa2f355a0,0xa2f355a0
+	data4	0x058ae132,0x058ae132, 0xa4f6eb75,0xa4f6eb75
+	data4	0x0b83ec39,0x0b83ec39, 0x4060efaa,0x4060efaa
+	data4	0x5e719f06,0x5e719f06, 0xbd6e1051,0xbd6e1051
+	data4	0x3e218af9,0x3e218af9, 0x96dd063d,0x96dd063d
+	data4	0xdd3e05ae,0xdd3e05ae, 0x4de6bd46,0x4de6bd46
+	data4	0x91548db5,0x91548db5, 0x71c45d05,0x71c45d05
+	data4	0x0406d46f,0x0406d46f, 0x605015ff,0x605015ff
+	data4	0x1998fb24,0x1998fb24, 0xd6bde997,0xd6bde997
+	data4	0x894043cc,0x894043cc, 0x67d99e77,0x67d99e77
+	data4	0xb0e842bd,0xb0e842bd, 0x07898b88,0x07898b88
+	data4	0xe7195b38,0xe7195b38, 0x79c8eedb,0x79c8eedb
+	data4	0xa17c0a47,0xa17c0a47, 0x7c420fe9,0x7c420fe9
+	data4	0xf8841ec9,0xf8841ec9, 0x00000000,0x00000000
+	data4	0x09808683,0x09808683, 0x322bed48,0x322bed48
+	data4	0x1e1170ac,0x1e1170ac, 0x6c5a724e,0x6c5a724e
+	data4	0xfd0efffb,0xfd0efffb, 0x0f853856,0x0f853856
+	data4	0x3daed51e,0x3daed51e, 0x362d3927,0x362d3927
+	data4	0x0a0fd964,0x0a0fd964, 0x685ca621,0x685ca621
+	data4	0x9b5b54d1,0x9b5b54d1, 0x24362e3a,0x24362e3a
+	data4	0x0c0a67b1,0x0c0a67b1, 0x9357e70f,0x9357e70f
+	data4	0xb4ee96d2,0xb4ee96d2, 0x1b9b919e,0x1b9b919e
+	data4	0x80c0c54f,0x80c0c54f, 0x61dc20a2,0x61dc20a2
+	data4	0x5a774b69,0x5a774b69, 0x1c121a16,0x1c121a16
+	data4	0xe293ba0a,0xe293ba0a, 0xc0a02ae5,0xc0a02ae5
+	data4	0x3c22e043,0x3c22e043, 0x121b171d,0x121b171d
+	data4	0x0e090d0b,0x0e090d0b, 0xf28bc7ad,0xf28bc7ad
+	data4	0x2db6a8b9,0x2db6a8b9, 0x141ea9c8,0x141ea9c8
+	data4	0x57f11985,0x57f11985, 0xaf75074c,0xaf75074c
+	data4	0xee99ddbb,0xee99ddbb, 0xa37f60fd,0xa37f60fd
+	data4	0xf701269f,0xf701269f, 0x5c72f5bc,0x5c72f5bc
+	data4	0x44663bc5,0x44663bc5, 0x5bfb7e34,0x5bfb7e34
+	data4	0x8b432976,0x8b432976, 0xcb23c6dc,0xcb23c6dc
+	data4	0xb6edfc68,0xb6edfc68, 0xb8e4f163,0xb8e4f163
+	data4	0xd731dcca,0xd731dcca, 0x42638510,0x42638510
+	data4	0x13972240,0x13972240, 0x84c61120,0x84c61120
+	data4	0x854a247d,0x854a247d, 0xd2bb3df8,0xd2bb3df8
+	data4	0xaef93211,0xaef93211, 0xc729a16d,0xc729a16d
+	data4	0x1d9e2f4b,0x1d9e2f4b, 0xdcb230f3,0xdcb230f3
+	data4	0x0d8652ec,0x0d8652ec, 0x77c1e3d0,0x77c1e3d0
+	data4	0x2bb3166c,0x2bb3166c, 0xa970b999,0xa970b999
+	data4	0x119448fa,0x119448fa, 0x47e96422,0x47e96422
+	data4	0xa8fc8cc4,0xa8fc8cc4, 0xa0f03f1a,0xa0f03f1a
+	data4	0x567d2cd8,0x567d2cd8, 0x223390ef,0x223390ef
+	data4	0x87494ec7,0x87494ec7, 0xd938d1c1,0xd938d1c1
+	data4	0x8ccaa2fe,0x8ccaa2fe, 0x98d40b36,0x98d40b36
+	data4	0xa6f581cf,0xa6f581cf, 0xa57ade28,0xa57ade28
+	data4	0xdab78e26,0xdab78e26, 0x3fadbfa4,0x3fadbfa4
+	data4	0x2c3a9de4,0x2c3a9de4, 0x5078920d,0x5078920d
+	data4	0x6a5fcc9b,0x6a5fcc9b, 0x547e4662,0x547e4662
+	data4	0xf68d13c2,0xf68d13c2, 0x90d8b8e8,0x90d8b8e8
+	data4	0x2e39f75e,0x2e39f75e, 0x82c3aff5,0x82c3aff5
+	data4	0x9f5d80be,0x9f5d80be, 0x69d0937c,0x69d0937c
+	data4	0x6fd52da9,0x6fd52da9, 0xcf2512b3,0xcf2512b3
+	data4	0xc8ac993b,0xc8ac993b, 0x10187da7,0x10187da7
+	data4	0xe89c636e,0xe89c636e, 0xdb3bbb7b,0xdb3bbb7b
+	data4	0xcd267809,0xcd267809, 0x6e5918f4,0x6e5918f4
+	data4	0xec9ab701,0xec9ab701, 0x834f9aa8,0x834f9aa8
+	data4	0xe6956e65,0xe6956e65, 0xaaffe67e,0xaaffe67e
+	data4	0x21bccf08,0x21bccf08, 0xef15e8e6,0xef15e8e6
+	data4	0xbae79bd9,0xbae79bd9, 0x4a6f36ce,0x4a6f36ce
+	data4	0xea9f09d4,0xea9f09d4, 0x29b07cd6,0x29b07cd6
+	data4	0x31a4b2af,0x31a4b2af, 0x2a3f2331,0x2a3f2331
+	data4	0xc6a59430,0xc6a59430, 0x35a266c0,0x35a266c0
+	data4	0x744ebc37,0x744ebc37, 0xfc82caa6,0xfc82caa6
+	data4	0xe090d0b0,0xe090d0b0, 0x33a7d815,0x33a7d815
+	data4	0xf104984a,0xf104984a, 0x41ecdaf7,0x41ecdaf7
+	data4	0x7fcd500e,0x7fcd500e, 0x1791f62f,0x1791f62f
+	data4	0x764dd68d,0x764dd68d, 0x43efb04d,0x43efb04d
+	data4	0xccaa4d54,0xccaa4d54, 0xe49604df,0xe49604df
+	data4	0x9ed1b5e3,0x9ed1b5e3, 0x4c6a881b,0x4c6a881b
+	data4	0xc12c1fb8,0xc12c1fb8, 0x4665517f,0x4665517f
+	data4	0x9d5eea04,0x9d5eea04, 0x018c355d,0x018c355d
+	data4	0xfa877473,0xfa877473, 0xfb0b412e,0xfb0b412e
+	data4	0xb3671d5a,0xb3671d5a, 0x92dbd252,0x92dbd252
+	data4	0xe9105633,0xe9105633, 0x6dd64713,0x6dd64713
+	data4	0x9ad7618c,0x9ad7618c, 0x37a10c7a,0x37a10c7a
+	data4	0x59f8148e,0x59f8148e, 0xeb133c89,0xeb133c89
+	data4	0xcea927ee,0xcea927ee, 0xb761c935,0xb761c935
+	data4	0xe11ce5ed,0xe11ce5ed, 0x7a47b13c,0x7a47b13c
+	data4	0x9cd2df59,0x9cd2df59, 0x55f2733f,0x55f2733f
+	data4	0x1814ce79,0x1814ce79, 0x73c737bf,0x73c737bf
+	data4	0x53f7cdea,0x53f7cdea, 0x5ffdaa5b,0x5ffdaa5b
+	data4	0xdf3d6f14,0xdf3d6f14, 0x7844db86,0x7844db86
+	data4	0xcaaff381,0xcaaff381, 0xb968c43e,0xb968c43e
+	data4	0x3824342c,0x3824342c, 0xc2a3405f,0xc2a3405f
+	data4	0x161dc372,0x161dc372, 0xbce2250c,0xbce2250c
+	data4	0x283c498b,0x283c498b, 0xff0d9541,0xff0d9541
+	data4	0x39a80171,0x39a80171, 0x080cb3de,0x080cb3de
+	data4	0xd8b4e49c,0xd8b4e49c, 0x6456c190,0x6456c190
+	data4	0x7bcb8461,0x7bcb8461, 0xd532b670,0xd532b670
+	data4	0x486c5c74,0x486c5c74, 0xd0b85742,0xd0b85742
+// Td4:
+	data1	0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38
+	data1	0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
+	data1	0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87
+	data1	0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
+	data1	0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d
+	data1	0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
+	data1	0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2
+	data1	0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
+	data1	0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16
+	data1	0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
+	data1	0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda
+	data1	0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
+	data1	0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a
+	data1	0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
+	data1	0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02
+	data1	0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
+	data1	0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea
+	data1	0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
+	data1	0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85
+	data1	0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
+	data1	0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89
+	data1	0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
+	data1	0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20
+	data1	0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
+	data1	0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31
+	data1	0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
+	data1	0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d
+	data1	0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
+	data1	0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0
+	data1	0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
+	data1	0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26
+	data1	0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
+.size	AES_Td#,2048+256	// HP-UX assembler fails to ".-AES_Td#"
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-mips.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-mips.pl
new file mode 100644
index 000000000..716c3356e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-mips.pl
@@ -0,0 +1,2170 @@
+#! /usr/bin/env perl
+# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# AES for MIPS
+
+# October 2010
+#
+# Code uses 1K[+256B] S-box and on single-issue core [such as R5000]
+# spends ~68 cycles per byte processed with 128-bit key. This is ~16%
+# faster than gcc-generated code, which is not very impressive. But
+# recall that compressed S-box requires extra processing, namely
+# additional rotations. Rotations are implemented with lwl/lwr pairs,
+# which is normally used for loading unaligned data. Another cool
+# thing about this module is its endian neutrality, which means that
+# it processes data without ever changing byte order...
+
+# September 2012
+#
+# Add MIPS32R2 (~10% less instructions) and SmartMIPS ASE (further
+# ~25% less instructions) code. Note that there is no run-time switch,
+# instead, code path is chosen upon pre-process time, pass -mips32r2
+# or/and -msmartmips.
+
+######################################################################
+# There is a number of MIPS ABI in use, O32 and N32/64 are most
+# widely used. Then there is a new contender: NUBI. It appears that if
+# one picks the latter, it's possible to arrange code in ABI neutral
+# manner. Therefore let's stick to NUBI register layout:
+#
+($zero,$at,$t0,$t1,$t2)=map("\$$_",(0..2,24,25));
+($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11));
+($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7,$s8,$s9,$s10,$s11)=map("\$$_",(12..23));
+($gp,$tp,$sp,$fp,$ra)=map("\$$_",(3,28..31));
+#
+# The return value is placed in $a0. Following coding rules facilitate
+# interoperability:
+#
+# - never ever touch $tp, "thread pointer", former $gp;
+# - copy return value to $t0, former $v0 [or to $a0 if you're adapting
+#   old code];
+# - on O32 populate $a4-$a7 with 'lw $aN,4*N($sp)' if necessary;
+#
+# For reference here is register layout for N32/64 MIPS ABIs:
+#
+# ($zero,$at,$v0,$v1)=map("\$$_",(0..3));
+# ($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11));
+# ($t0,$t1,$t2,$t3,$t8,$t9)=map("\$$_",(12..15,24,25));
+# ($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7)=map("\$$_",(16..23));
+# ($gp,$sp,$fp,$ra)=map("\$$_",(28..31));
+#
+$flavour = shift || "o32"; # supported flavours are o32,n32,64,nubi32,nubi64
+
+if ($flavour =~ /64|n32/i) {
+	$PTR_LA="dla";
+	$PTR_ADD="daddu";	# incidentally works even on n32
+	$PTR_SUB="dsubu";	# incidentally works even on n32
+	$PTR_INS="dins";
+	$REG_S="sd";
+	$REG_L="ld";
+	$PTR_SLL="dsll";	# incidentally works even on n32
+	$SZREG=8;
+} else {
+	$PTR_LA="la";
+	$PTR_ADD="addu";
+	$PTR_SUB="subu";
+	$PTR_INS="ins";
+	$REG_S="sw";
+	$REG_L="lw";
+	$PTR_SLL="sll";
+	$SZREG=4;
+}
+$pf = ($flavour =~ /nubi/i) ? $t0 : $t2;
+#
+# <appro@openssl.org>
+#
+######################################################################
+
+$big_endian=(`echo MIPSEB | $ENV{CC} -E -`=~/MIPSEB/)?0:1 if ($ENV{CC});
+
+for (@ARGV) {	$output=$_ if (/\w[\w\-]*\.\w+$/);	}
+open STDOUT,">$output";
+
+if (!defined($big_endian))
+{    $big_endian=(unpack('L',pack('N',1))==1);   }
+
+while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+open STDOUT,">$output";
+
+my ($MSB,$LSB)=(0,3);	# automatically converted to little-endian
+
+$code.=<<___;
+#include "mips_arch.h"
+
+.text
+#if !defined(__mips_eabi) && (!defined(__vxworks) || defined(__pic__))
+.option	pic2
+#endif
+.set	noat
+___
+
+{{{
+my $FRAMESIZE=16*$SZREG;
+my $SAVED_REGS_MASK = ($flavour =~ /nubi/i) ? "0xc0fff008" : "0xc0ff0000";
+
+my ($inp,$out,$key,$Tbl,$s0,$s1,$s2,$s3)=($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7);
+my ($i0,$i1,$i2,$i3)=($at,$t0,$t1,$t2);
+my ($t0,$t1,$t2,$t3,$t4,$t5,$t6,$t7,$t8,$t9,$t10,$t11) = map("\$$_",(12..23));
+my ($key0,$cnt)=($gp,$fp);
+
+# instruction ordering is "stolen" from output from MIPSpro assembler
+# invoked with -mips3 -O3 arguments...
+$code.=<<___;
+.align	5
+.ent	_mips_AES_encrypt
+_mips_AES_encrypt:
+	.frame	$sp,0,$ra
+	.set	reorder
+	lw	$t0,0($key)
+	lw	$t1,4($key)
+	lw	$t2,8($key)
+	lw	$t3,12($key)
+	lw	$cnt,240($key)
+	$PTR_ADD $key0,$key,16
+
+	xor	$s0,$t0
+	xor	$s1,$t1
+	xor	$s2,$t2
+	xor	$s3,$t3
+
+	subu	$cnt,1
+#if defined(__mips_smartmips)
+	ext	$i0,$s1,16,8
+.Loop_enc:
+	ext	$i1,$s2,16,8
+	ext	$i2,$s3,16,8
+	ext	$i3,$s0,16,8
+	lwxs	$t0,$i0($Tbl)		# Te1[s1>>16]
+	ext	$i0,$s2,8,8
+	lwxs	$t1,$i1($Tbl)		# Te1[s2>>16]
+	ext	$i1,$s3,8,8
+	lwxs	$t2,$i2($Tbl)		# Te1[s3>>16]
+	ext	$i2,$s0,8,8
+	lwxs	$t3,$i3($Tbl)		# Te1[s0>>16]
+	ext	$i3,$s1,8,8
+
+	lwxs	$t4,$i0($Tbl)		# Te2[s2>>8]
+	ext	$i0,$s3,0,8
+	lwxs	$t5,$i1($Tbl)		# Te2[s3>>8]
+	ext	$i1,$s0,0,8
+	lwxs	$t6,$i2($Tbl)		# Te2[s0>>8]
+	ext	$i2,$s1,0,8
+	lwxs	$t7,$i3($Tbl)		# Te2[s1>>8]
+	ext	$i3,$s2,0,8
+
+	lwxs	$t8,$i0($Tbl)		# Te3[s3]
+	ext	$i0,$s0,24,8
+	lwxs	$t9,$i1($Tbl)		# Te3[s0]
+	ext	$i1,$s1,24,8
+	lwxs	$t10,$i2($Tbl)		# Te3[s1]
+	ext	$i2,$s2,24,8
+	lwxs	$t11,$i3($Tbl)		# Te3[s2]
+	ext	$i3,$s3,24,8
+
+	rotr	$t0,$t0,8
+	rotr	$t1,$t1,8
+	rotr	$t2,$t2,8
+	rotr	$t3,$t3,8
+
+	rotr	$t4,$t4,16
+	rotr	$t5,$t5,16
+	rotr	$t6,$t6,16
+	rotr	$t7,$t7,16
+
+	xor	$t0,$t4
+	lwxs	$t4,$i0($Tbl)		# Te0[s0>>24]
+	xor	$t1,$t5
+	lwxs	$t5,$i1($Tbl)		# Te0[s1>>24]
+	xor	$t2,$t6
+	lwxs	$t6,$i2($Tbl)		# Te0[s2>>24]
+	xor	$t3,$t7
+	lwxs	$t7,$i3($Tbl)		# Te0[s3>>24]
+
+	rotr	$t8,$t8,24
+	lw	$s0,0($key0)
+	rotr	$t9,$t9,24
+	lw	$s1,4($key0)
+	rotr	$t10,$t10,24
+	lw	$s2,8($key0)
+	rotr	$t11,$t11,24
+	lw	$s3,12($key0)
+
+	xor	$t0,$t8
+	xor	$t1,$t9
+	xor	$t2,$t10
+	xor	$t3,$t11
+
+	xor	$t0,$t4
+	xor	$t1,$t5
+	xor	$t2,$t6
+	xor	$t3,$t7
+
+	subu	$cnt,1
+	$PTR_ADD $key0,16
+	xor	$s0,$t0
+	xor	$s1,$t1
+	xor	$s2,$t2
+	xor	$s3,$t3
+	.set	noreorder
+	bnez	$cnt,.Loop_enc
+	ext	$i0,$s1,16,8
+
+	_xtr	$i0,$s1,16-2
+#else
+	_xtr	$i0,$s1,16-2
+.Loop_enc:
+	_xtr	$i1,$s2,16-2
+	_xtr	$i2,$s3,16-2
+	_xtr	$i3,$s0,16-2
+	and	$i0,0x3fc
+	and	$i1,0x3fc
+	and	$i2,0x3fc
+	and	$i3,0x3fc
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+#if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2)
+	lw	$t0,0($i0)		# Te1[s1>>16]
+	_xtr	$i0,$s2,8-2
+	lw	$t1,0($i1)		# Te1[s2>>16]
+	_xtr	$i1,$s3,8-2
+	lw	$t2,0($i2)		# Te1[s3>>16]
+	_xtr	$i2,$s0,8-2
+	lw	$t3,0($i3)		# Te1[s0>>16]
+	_xtr	$i3,$s1,8-2
+#else
+	lwl	$t0,3($i0)		# Te1[s1>>16]
+	lwl	$t1,3($i1)		# Te1[s2>>16]
+	lwl	$t2,3($i2)		# Te1[s3>>16]
+	lwl	$t3,3($i3)		# Te1[s0>>16]
+	lwr	$t0,2($i0)		# Te1[s1>>16]
+	_xtr	$i0,$s2,8-2
+	lwr	$t1,2($i1)		# Te1[s2>>16]
+	_xtr	$i1,$s3,8-2
+	lwr	$t2,2($i2)		# Te1[s3>>16]
+	_xtr	$i2,$s0,8-2
+	lwr	$t3,2($i3)		# Te1[s0>>16]
+	_xtr	$i3,$s1,8-2
+#endif
+	and	$i0,0x3fc
+	and	$i1,0x3fc
+	and	$i2,0x3fc
+	and	$i3,0x3fc
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+#if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2)
+	rotr	$t0,$t0,8
+	rotr	$t1,$t1,8
+	rotr	$t2,$t2,8
+	rotr	$t3,$t3,8
+# if defined(_MIPSEL)
+	lw	$t4,0($i0)		# Te2[s2>>8]
+	_xtr	$i0,$s3,0-2
+	lw	$t5,0($i1)		# Te2[s3>>8]
+	_xtr	$i1,$s0,0-2
+	lw	$t6,0($i2)		# Te2[s0>>8]
+	_xtr	$i2,$s1,0-2
+	lw	$t7,0($i3)		# Te2[s1>>8]
+	_xtr	$i3,$s2,0-2
+
+	and	$i0,0x3fc
+	and	$i1,0x3fc
+	and	$i2,0x3fc
+	and	$i3,0x3fc
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+	lw	$t8,0($i0)		# Te3[s3]
+	$PTR_INS $i0,$s0,2,8
+	lw	$t9,0($i1)		# Te3[s0]
+	$PTR_INS $i1,$s1,2,8
+	lw	$t10,0($i2)		# Te3[s1]
+	$PTR_INS $i2,$s2,2,8
+	lw	$t11,0($i3)		# Te3[s2]
+	$PTR_INS $i3,$s3,2,8
+# else
+	lw	$t4,0($i0)		# Te2[s2>>8]
+	$PTR_INS $i0,$s3,2,8
+	lw	$t5,0($i1)		# Te2[s3>>8]
+	$PTR_INS $i1,$s0,2,8
+	lw	$t6,0($i2)		# Te2[s0>>8]
+	$PTR_INS $i2,$s1,2,8
+	lw	$t7,0($i3)		# Te2[s1>>8]
+	$PTR_INS $i3,$s2,2,8
+
+	lw	$t8,0($i0)		# Te3[s3]
+	_xtr	$i0,$s0,24-2
+	lw	$t9,0($i1)		# Te3[s0]
+	_xtr	$i1,$s1,24-2
+	lw	$t10,0($i2)		# Te3[s1]
+	_xtr	$i2,$s2,24-2
+	lw	$t11,0($i3)		# Te3[s2]
+	_xtr	$i3,$s3,24-2
+
+	and	$i0,0x3fc
+	and	$i1,0x3fc
+	and	$i2,0x3fc
+	and	$i3,0x3fc
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+# endif
+	rotr	$t4,$t4,16
+	rotr	$t5,$t5,16
+	rotr	$t6,$t6,16
+	rotr	$t7,$t7,16
+
+	rotr	$t8,$t8,24
+	rotr	$t9,$t9,24
+	rotr	$t10,$t10,24
+	rotr	$t11,$t11,24
+#else
+	lwl	$t4,2($i0)		# Te2[s2>>8]
+	lwl	$t5,2($i1)		# Te2[s3>>8]
+	lwl	$t6,2($i2)		# Te2[s0>>8]
+	lwl	$t7,2($i3)		# Te2[s1>>8]
+	lwr	$t4,1($i0)		# Te2[s2>>8]
+	_xtr	$i0,$s3,0-2
+	lwr	$t5,1($i1)		# Te2[s3>>8]
+	_xtr	$i1,$s0,0-2
+	lwr	$t6,1($i2)		# Te2[s0>>8]
+	_xtr	$i2,$s1,0-2
+	lwr	$t7,1($i3)		# Te2[s1>>8]
+	_xtr	$i3,$s2,0-2
+
+	and	$i0,0x3fc
+	and	$i1,0x3fc
+	and	$i2,0x3fc
+	and	$i3,0x3fc
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+	lwl	$t8,1($i0)		# Te3[s3]
+	lwl	$t9,1($i1)		# Te3[s0]
+	lwl	$t10,1($i2)		# Te3[s1]
+	lwl	$t11,1($i3)		# Te3[s2]
+	lwr	$t8,0($i0)		# Te3[s3]
+	_xtr	$i0,$s0,24-2
+	lwr	$t9,0($i1)		# Te3[s0]
+	_xtr	$i1,$s1,24-2
+	lwr	$t10,0($i2)		# Te3[s1]
+	_xtr	$i2,$s2,24-2
+	lwr	$t11,0($i3)		# Te3[s2]
+	_xtr	$i3,$s3,24-2
+
+	and	$i0,0x3fc
+	and	$i1,0x3fc
+	and	$i2,0x3fc
+	and	$i3,0x3fc
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+#endif
+	xor	$t0,$t4
+	lw	$t4,0($i0)		# Te0[s0>>24]
+	xor	$t1,$t5
+	lw	$t5,0($i1)		# Te0[s1>>24]
+	xor	$t2,$t6
+	lw	$t6,0($i2)		# Te0[s2>>24]
+	xor	$t3,$t7
+	lw	$t7,0($i3)		# Te0[s3>>24]
+
+	xor	$t0,$t8
+	lw	$s0,0($key0)
+	xor	$t1,$t9
+	lw	$s1,4($key0)
+	xor	$t2,$t10
+	lw	$s2,8($key0)
+	xor	$t3,$t11
+	lw	$s3,12($key0)
+
+	xor	$t0,$t4
+	xor	$t1,$t5
+	xor	$t2,$t6
+	xor	$t3,$t7
+
+	subu	$cnt,1
+	$PTR_ADD $key0,16
+	xor	$s0,$t0
+	xor	$s1,$t1
+	xor	$s2,$t2
+	xor	$s3,$t3
+	.set	noreorder
+	bnez	$cnt,.Loop_enc
+	_xtr	$i0,$s1,16-2
+#endif
+
+	.set	reorder
+	_xtr	$i1,$s2,16-2
+	_xtr	$i2,$s3,16-2
+	_xtr	$i3,$s0,16-2
+	and	$i0,0x3fc
+	and	$i1,0x3fc
+	and	$i2,0x3fc
+	and	$i3,0x3fc
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+	lbu	$t0,2($i0)		# Te4[s1>>16]
+	_xtr	$i0,$s2,8-2
+	lbu	$t1,2($i1)		# Te4[s2>>16]
+	_xtr	$i1,$s3,8-2
+	lbu	$t2,2($i2)		# Te4[s3>>16]
+	_xtr	$i2,$s0,8-2
+	lbu	$t3,2($i3)		# Te4[s0>>16]
+	_xtr	$i3,$s1,8-2
+
+	and	$i0,0x3fc
+	and	$i1,0x3fc
+	and	$i2,0x3fc
+	and	$i3,0x3fc
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+#if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2)
+# if defined(_MIPSEL)
+	lbu	$t4,2($i0)		# Te4[s2>>8]
+	$PTR_INS $i0,$s0,2,8
+	lbu	$t5,2($i1)		# Te4[s3>>8]
+	$PTR_INS $i1,$s1,2,8
+	lbu	$t6,2($i2)		# Te4[s0>>8]
+	$PTR_INS $i2,$s2,2,8
+	lbu	$t7,2($i3)		# Te4[s1>>8]
+	$PTR_INS $i3,$s3,2,8
+
+	lbu	$t8,2($i0)		# Te4[s0>>24]
+	_xtr	$i0,$s3,0-2
+	lbu	$t9,2($i1)		# Te4[s1>>24]
+	_xtr	$i1,$s0,0-2
+	lbu	$t10,2($i2)		# Te4[s2>>24]
+	_xtr	$i2,$s1,0-2
+	lbu	$t11,2($i3)		# Te4[s3>>24]
+	_xtr	$i3,$s2,0-2
+
+	and	$i0,0x3fc
+	and	$i1,0x3fc
+	and	$i2,0x3fc
+	and	$i3,0x3fc
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+# else
+	lbu	$t4,2($i0)		# Te4[s2>>8]
+	_xtr	$i0,$s0,24-2
+	lbu	$t5,2($i1)		# Te4[s3>>8]
+	_xtr	$i1,$s1,24-2
+	lbu	$t6,2($i2)		# Te4[s0>>8]
+	_xtr	$i2,$s2,24-2
+	lbu	$t7,2($i3)		# Te4[s1>>8]
+	_xtr	$i3,$s3,24-2
+
+	and	$i0,0x3fc
+	and	$i1,0x3fc
+	and	$i2,0x3fc
+	and	$i3,0x3fc
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+	lbu	$t8,2($i0)		# Te4[s0>>24]
+	$PTR_INS $i0,$s3,2,8
+	lbu	$t9,2($i1)		# Te4[s1>>24]
+	$PTR_INS $i1,$s0,2,8
+	lbu	$t10,2($i2)		# Te4[s2>>24]
+	$PTR_INS $i2,$s1,2,8
+	lbu	$t11,2($i3)		# Te4[s3>>24]
+	$PTR_INS $i3,$s2,2,8
+# endif
+	_ins	$t0,16
+	_ins	$t1,16
+	_ins	$t2,16
+	_ins	$t3,16
+
+	_ins2	$t0,$t4,8
+	lbu	$t4,2($i0)		# Te4[s3]
+	_ins2	$t1,$t5,8
+	lbu	$t5,2($i1)		# Te4[s0]
+	_ins2	$t2,$t6,8
+	lbu	$t6,2($i2)		# Te4[s1]
+	_ins2	$t3,$t7,8
+	lbu	$t7,2($i3)		# Te4[s2]
+
+	_ins2	$t0,$t8,24
+	lw	$s0,0($key0)
+	_ins2	$t1,$t9,24
+	lw	$s1,4($key0)
+	_ins2	$t2,$t10,24
+	lw	$s2,8($key0)
+	_ins2	$t3,$t11,24
+	lw	$s3,12($key0)
+
+	_ins2	$t0,$t4,0
+	_ins2	$t1,$t5,0
+	_ins2	$t2,$t6,0
+	_ins2	$t3,$t7,0
+#else
+	lbu	$t4,2($i0)		# Te4[s2>>8]
+	_xtr	$i0,$s0,24-2
+	lbu	$t5,2($i1)		# Te4[s3>>8]
+	_xtr	$i1,$s1,24-2
+	lbu	$t6,2($i2)		# Te4[s0>>8]
+	_xtr	$i2,$s2,24-2
+	lbu	$t7,2($i3)		# Te4[s1>>8]
+	_xtr	$i3,$s3,24-2
+
+	and	$i0,0x3fc
+	and	$i1,0x3fc
+	and	$i2,0x3fc
+	and	$i3,0x3fc
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+	lbu	$t8,2($i0)		# Te4[s0>>24]
+	_xtr	$i0,$s3,0-2
+	lbu	$t9,2($i1)		# Te4[s1>>24]
+	_xtr	$i1,$s0,0-2
+	lbu	$t10,2($i2)		# Te4[s2>>24]
+	_xtr	$i2,$s1,0-2
+	lbu	$t11,2($i3)		# Te4[s3>>24]
+	_xtr	$i3,$s2,0-2
+
+	and	$i0,0x3fc
+	and	$i1,0x3fc
+	and	$i2,0x3fc
+	and	$i3,0x3fc
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+
+	_ins	$t0,16
+	_ins	$t1,16
+	_ins	$t2,16
+	_ins	$t3,16
+
+	_ins	$t4,8
+	_ins	$t5,8
+	_ins	$t6,8
+	_ins	$t7,8
+
+	xor	$t0,$t4
+	lbu	$t4,2($i0)		# Te4[s3]
+	xor	$t1,$t5
+	lbu	$t5,2($i1)		# Te4[s0]
+	xor	$t2,$t6
+	lbu	$t6,2($i2)		# Te4[s1]
+	xor	$t3,$t7
+	lbu	$t7,2($i3)		# Te4[s2]
+
+	_ins	$t8,24
+	lw	$s0,0($key0)
+	_ins	$t9,24
+	lw	$s1,4($key0)
+	_ins	$t10,24
+	lw	$s2,8($key0)
+	_ins	$t11,24
+	lw	$s3,12($key0)
+
+	xor	$t0,$t8
+	xor	$t1,$t9
+	xor	$t2,$t10
+	xor	$t3,$t11
+
+	_ins	$t4,0
+	_ins	$t5,0
+	_ins	$t6,0
+	_ins	$t7,0
+
+	xor	$t0,$t4
+	xor	$t1,$t5
+	xor	$t2,$t6
+	xor	$t3,$t7
+#endif
+	xor	$s0,$t0
+	xor	$s1,$t1
+	xor	$s2,$t2
+	xor	$s3,$t3
+
+	jr	$ra
+.end	_mips_AES_encrypt
+
+.align	5
+.globl	AES_encrypt
+.ent	AES_encrypt
+AES_encrypt:
+	.frame	$sp,$FRAMESIZE,$ra
+	.mask	$SAVED_REGS_MASK,-$SZREG
+	.set	noreorder
+___
+$code.=<<___ if ($flavour =~ /o32/i);	# o32 PIC-ification
+	.cpload	$pf
+___
+$code.=<<___;
+	$PTR_SUB $sp,$FRAMESIZE
+	$REG_S	$ra,$FRAMESIZE-1*$SZREG($sp)
+	$REG_S	$fp,$FRAMESIZE-2*$SZREG($sp)
+	$REG_S	$s11,$FRAMESIZE-3*$SZREG($sp)
+	$REG_S	$s10,$FRAMESIZE-4*$SZREG($sp)
+	$REG_S	$s9,$FRAMESIZE-5*$SZREG($sp)
+	$REG_S	$s8,$FRAMESIZE-6*$SZREG($sp)
+	$REG_S	$s7,$FRAMESIZE-7*$SZREG($sp)
+	$REG_S	$s6,$FRAMESIZE-8*$SZREG($sp)
+	$REG_S	$s5,$FRAMESIZE-9*$SZREG($sp)
+	$REG_S	$s4,$FRAMESIZE-10*$SZREG($sp)
+___
+$code.=<<___ if ($flavour =~ /nubi/i);	# optimize non-nubi prologue
+	$REG_S	\$15,$FRAMESIZE-11*$SZREG($sp)
+	$REG_S	\$14,$FRAMESIZE-12*$SZREG($sp)
+	$REG_S	\$13,$FRAMESIZE-13*$SZREG($sp)
+	$REG_S	\$12,$FRAMESIZE-14*$SZREG($sp)
+	$REG_S	$gp,$FRAMESIZE-15*$SZREG($sp)
+___
+$code.=<<___ if ($flavour !~ /o32/i);	# non-o32 PIC-ification
+	.cplocal	$Tbl
+	.cpsetup	$pf,$zero,AES_encrypt
+___
+$code.=<<___;
+	.set	reorder
+	$PTR_LA	$Tbl,AES_Te		# PIC-ified 'load address'
+
+#if defined(_MIPS_ARCH_MIPS32R6) || defined(_MIPS_ARCH_MIPS64R6)
+	lw	$s0,0($inp)
+	lw	$s1,4($inp)
+	lw	$s2,8($inp)
+	lw	$s3,12($inp)
+#else
+	lwl	$s0,0+$MSB($inp)
+	lwl	$s1,4+$MSB($inp)
+	lwl	$s2,8+$MSB($inp)
+	lwl	$s3,12+$MSB($inp)
+	lwr	$s0,0+$LSB($inp)
+	lwr	$s1,4+$LSB($inp)
+	lwr	$s2,8+$LSB($inp)
+	lwr	$s3,12+$LSB($inp)
+#endif
+
+	bal	_mips_AES_encrypt
+
+#if defined(_MIPS_ARCH_MIPS32R6) || defined(_MIPS_ARCH_MIPS64R6)
+	sw	$s0,0($out)
+	sw	$s1,4($out)
+	sw	$s2,8($out)
+	sw	$s3,12($out)
+#else
+	swr	$s0,0+$LSB($out)
+	swr	$s1,4+$LSB($out)
+	swr	$s2,8+$LSB($out)
+	swr	$s3,12+$LSB($out)
+	swl	$s0,0+$MSB($out)
+	swl	$s1,4+$MSB($out)
+	swl	$s2,8+$MSB($out)
+	swl	$s3,12+$MSB($out)
+#endif
+
+	.set	noreorder
+	$REG_L	$ra,$FRAMESIZE-1*$SZREG($sp)
+	$REG_L	$fp,$FRAMESIZE-2*$SZREG($sp)
+	$REG_L	$s11,$FRAMESIZE-3*$SZREG($sp)
+	$REG_L	$s10,$FRAMESIZE-4*$SZREG($sp)
+	$REG_L	$s9,$FRAMESIZE-5*$SZREG($sp)
+	$REG_L	$s8,$FRAMESIZE-6*$SZREG($sp)
+	$REG_L	$s7,$FRAMESIZE-7*$SZREG($sp)
+	$REG_L	$s6,$FRAMESIZE-8*$SZREG($sp)
+	$REG_L	$s5,$FRAMESIZE-9*$SZREG($sp)
+	$REG_L	$s4,$FRAMESIZE-10*$SZREG($sp)
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	$REG_L	\$15,$FRAMESIZE-11*$SZREG($sp)
+	$REG_L	\$14,$FRAMESIZE-12*$SZREG($sp)
+	$REG_L	\$13,$FRAMESIZE-13*$SZREG($sp)
+	$REG_L	\$12,$FRAMESIZE-14*$SZREG($sp)
+	$REG_L	$gp,$FRAMESIZE-15*$SZREG($sp)
+___
+$code.=<<___;
+	jr	$ra
+	$PTR_ADD $sp,$FRAMESIZE
+.end	AES_encrypt
+___
+
+$code.=<<___;
+.align	5
+.ent	_mips_AES_decrypt
+_mips_AES_decrypt:
+	.frame	$sp,0,$ra
+	.set	reorder
+	lw	$t0,0($key)
+	lw	$t1,4($key)
+	lw	$t2,8($key)
+	lw	$t3,12($key)
+	lw	$cnt,240($key)
+	$PTR_ADD $key0,$key,16
+
+	xor	$s0,$t0
+	xor	$s1,$t1
+	xor	$s2,$t2
+	xor	$s3,$t3
+
+	subu	$cnt,1
+#if defined(__mips_smartmips)
+	ext	$i0,$s3,16,8
+.Loop_dec:
+	ext	$i1,$s0,16,8
+	ext	$i2,$s1,16,8
+	ext	$i3,$s2,16,8
+	lwxs	$t0,$i0($Tbl)		# Td1[s3>>16]
+	ext	$i0,$s2,8,8
+	lwxs	$t1,$i1($Tbl)		# Td1[s0>>16]
+	ext	$i1,$s3,8,8
+	lwxs	$t2,$i2($Tbl)		# Td1[s1>>16]
+	ext	$i2,$s0,8,8
+	lwxs	$t3,$i3($Tbl)		# Td1[s2>>16]
+	ext	$i3,$s1,8,8
+
+	lwxs	$t4,$i0($Tbl)		# Td2[s2>>8]
+	ext	$i0,$s1,0,8
+	lwxs	$t5,$i1($Tbl)		# Td2[s3>>8]
+	ext	$i1,$s2,0,8
+	lwxs	$t6,$i2($Tbl)		# Td2[s0>>8]
+	ext	$i2,$s3,0,8
+	lwxs	$t7,$i3($Tbl)		# Td2[s1>>8]
+	ext	$i3,$s0,0,8
+
+	lwxs	$t8,$i0($Tbl)		# Td3[s1]
+	ext	$i0,$s0,24,8
+	lwxs	$t9,$i1($Tbl)		# Td3[s2]
+	ext	$i1,$s1,24,8
+	lwxs	$t10,$i2($Tbl)		# Td3[s3]
+	ext	$i2,$s2,24,8
+	lwxs	$t11,$i3($Tbl)		# Td3[s0]
+	ext	$i3,$s3,24,8
+
+	rotr	$t0,$t0,8
+	rotr	$t1,$t1,8
+	rotr	$t2,$t2,8
+	rotr	$t3,$t3,8
+
+	rotr	$t4,$t4,16
+	rotr	$t5,$t5,16
+	rotr	$t6,$t6,16
+	rotr	$t7,$t7,16
+
+	xor	$t0,$t4
+	lwxs	$t4,$i0($Tbl)		# Td0[s0>>24]
+	xor	$t1,$t5
+	lwxs	$t5,$i1($Tbl)		# Td0[s1>>24]
+	xor	$t2,$t6
+	lwxs	$t6,$i2($Tbl)		# Td0[s2>>24]
+	xor	$t3,$t7
+	lwxs	$t7,$i3($Tbl)		# Td0[s3>>24]
+
+	rotr	$t8,$t8,24
+	lw	$s0,0($key0)
+	rotr	$t9,$t9,24
+	lw	$s1,4($key0)
+	rotr	$t10,$t10,24
+	lw	$s2,8($key0)
+	rotr	$t11,$t11,24
+	lw	$s3,12($key0)
+
+	xor	$t0,$t8
+	xor	$t1,$t9
+	xor	$t2,$t10
+	xor	$t3,$t11
+
+	xor	$t0,$t4
+	xor	$t1,$t5
+	xor	$t2,$t6
+	xor	$t3,$t7
+
+	subu	$cnt,1
+	$PTR_ADD $key0,16
+	xor	$s0,$t0
+	xor	$s1,$t1
+	xor	$s2,$t2
+	xor	$s3,$t3
+	.set	noreorder
+	bnez	$cnt,.Loop_dec
+	ext	$i0,$s3,16,8
+
+	_xtr	$i0,$s3,16-2
+#else
+	_xtr	$i0,$s3,16-2
+.Loop_dec:
+	_xtr	$i1,$s0,16-2
+	_xtr	$i2,$s1,16-2
+	_xtr	$i3,$s2,16-2
+	and	$i0,0x3fc
+	and	$i1,0x3fc
+	and	$i2,0x3fc
+	and	$i3,0x3fc
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+#if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2)
+	lw	$t0,0($i0)		# Td1[s3>>16]
+	_xtr	$i0,$s2,8-2
+	lw	$t1,0($i1)		# Td1[s0>>16]
+	_xtr	$i1,$s3,8-2
+	lw	$t2,0($i2)		# Td1[s1>>16]
+	_xtr	$i2,$s0,8-2
+	lw	$t3,0($i3)		# Td1[s2>>16]
+	_xtr	$i3,$s1,8-2
+#else
+	lwl	$t0,3($i0)		# Td1[s3>>16]
+	lwl	$t1,3($i1)		# Td1[s0>>16]
+	lwl	$t2,3($i2)		# Td1[s1>>16]
+	lwl	$t3,3($i3)		# Td1[s2>>16]
+	lwr	$t0,2($i0)		# Td1[s3>>16]
+	_xtr	$i0,$s2,8-2
+	lwr	$t1,2($i1)		# Td1[s0>>16]
+	_xtr	$i1,$s3,8-2
+	lwr	$t2,2($i2)		# Td1[s1>>16]
+	_xtr	$i2,$s0,8-2
+	lwr	$t3,2($i3)		# Td1[s2>>16]
+	_xtr	$i3,$s1,8-2
+#endif
+
+	and	$i0,0x3fc
+	and	$i1,0x3fc
+	and	$i2,0x3fc
+	and	$i3,0x3fc
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+#if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2)
+	rotr	$t0,$t0,8
+	rotr	$t1,$t1,8
+	rotr	$t2,$t2,8
+	rotr	$t3,$t3,8
+# if defined(_MIPSEL)
+	lw	$t4,0($i0)		# Td2[s2>>8]
+	_xtr	$i0,$s1,0-2
+	lw	$t5,0($i1)		# Td2[s3>>8]
+	_xtr	$i1,$s2,0-2
+	lw	$t6,0($i2)		# Td2[s0>>8]
+	_xtr	$i2,$s3,0-2
+	lw	$t7,0($i3)		# Td2[s1>>8]
+	_xtr	$i3,$s0,0-2
+
+	and	$i0,0x3fc
+	and	$i1,0x3fc
+	and	$i2,0x3fc
+	and	$i3,0x3fc
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+	lw	$t8,0($i0)		# Td3[s1]
+	$PTR_INS $i0,$s0,2,8
+	lw	$t9,0($i1)		# Td3[s2]
+	$PTR_INS $i1,$s1,2,8
+	lw	$t10,0($i2)		# Td3[s3]
+	$PTR_INS $i2,$s2,2,8
+	lw	$t11,0($i3)		# Td3[s0]
+	$PTR_INS $i3,$s3,2,8
+#else
+	lw	$t4,0($i0)		# Td2[s2>>8]
+	$PTR_INS $i0,$s1,2,8
+	lw	$t5,0($i1)		# Td2[s3>>8]
+	$PTR_INS $i1,$s2,2,8
+	lw	$t6,0($i2)		# Td2[s0>>8]
+	$PTR_INS $i2,$s3,2,8
+	lw	$t7,0($i3)		# Td2[s1>>8]
+	$PTR_INS $i3,$s0,2,8
+
+	lw	$t8,0($i0)		# Td3[s1]
+	_xtr	$i0,$s0,24-2
+	lw	$t9,0($i1)		# Td3[s2]
+	_xtr	$i1,$s1,24-2
+	lw	$t10,0($i2)		# Td3[s3]
+	_xtr	$i2,$s2,24-2
+	lw	$t11,0($i3)		# Td3[s0]
+	_xtr	$i3,$s3,24-2
+
+	and	$i0,0x3fc
+	and	$i1,0x3fc
+	and	$i2,0x3fc
+	and	$i3,0x3fc
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+#endif
+	rotr	$t4,$t4,16
+	rotr	$t5,$t5,16
+	rotr	$t6,$t6,16
+	rotr	$t7,$t7,16
+
+	rotr	$t8,$t8,24
+	rotr	$t9,$t9,24
+	rotr	$t10,$t10,24
+	rotr	$t11,$t11,24
+#else
+	lwl	$t4,2($i0)		# Td2[s2>>8]
+	lwl	$t5,2($i1)		# Td2[s3>>8]
+	lwl	$t6,2($i2)		# Td2[s0>>8]
+	lwl	$t7,2($i3)		# Td2[s1>>8]
+	lwr	$t4,1($i0)		# Td2[s2>>8]
+	_xtr	$i0,$s1,0-2
+	lwr	$t5,1($i1)		# Td2[s3>>8]
+	_xtr	$i1,$s2,0-2
+	lwr	$t6,1($i2)		# Td2[s0>>8]
+	_xtr	$i2,$s3,0-2
+	lwr	$t7,1($i3)		# Td2[s1>>8]
+	_xtr	$i3,$s0,0-2
+
+	and	$i0,0x3fc
+	and	$i1,0x3fc
+	and	$i2,0x3fc
+	and	$i3,0x3fc
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+	lwl	$t8,1($i0)		# Td3[s1]
+	lwl	$t9,1($i1)		# Td3[s2]
+	lwl	$t10,1($i2)		# Td3[s3]
+	lwl	$t11,1($i3)		# Td3[s0]
+	lwr	$t8,0($i0)		# Td3[s1]
+	_xtr	$i0,$s0,24-2
+	lwr	$t9,0($i1)		# Td3[s2]
+	_xtr	$i1,$s1,24-2
+	lwr	$t10,0($i2)		# Td3[s3]
+	_xtr	$i2,$s2,24-2
+	lwr	$t11,0($i3)		# Td3[s0]
+	_xtr	$i3,$s3,24-2
+
+	and	$i0,0x3fc
+	and	$i1,0x3fc
+	and	$i2,0x3fc
+	and	$i3,0x3fc
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+#endif
+
+	xor	$t0,$t4
+	lw	$t4,0($i0)		# Td0[s0>>24]
+	xor	$t1,$t5
+	lw	$t5,0($i1)		# Td0[s1>>24]
+	xor	$t2,$t6
+	lw	$t6,0($i2)		# Td0[s2>>24]
+	xor	$t3,$t7
+	lw	$t7,0($i3)		# Td0[s3>>24]
+
+	xor	$t0,$t8
+	lw	$s0,0($key0)
+	xor	$t1,$t9
+	lw	$s1,4($key0)
+	xor	$t2,$t10
+	lw	$s2,8($key0)
+	xor	$t3,$t11
+	lw	$s3,12($key0)
+
+	xor	$t0,$t4
+	xor	$t1,$t5
+	xor	$t2,$t6
+	xor	$t3,$t7
+
+	subu	$cnt,1
+	$PTR_ADD $key0,16
+	xor	$s0,$t0
+	xor	$s1,$t1
+	xor	$s2,$t2
+	xor	$s3,$t3
+	.set	noreorder
+	bnez	$cnt,.Loop_dec
+	_xtr	$i0,$s3,16-2
+#endif
+
+	.set	reorder
+	lw	$t4,1024($Tbl)		# prefetch Td4
+	_xtr	$i0,$s3,16
+	lw	$t5,1024+32($Tbl)
+	_xtr	$i1,$s0,16
+	lw	$t6,1024+64($Tbl)
+	_xtr	$i2,$s1,16
+	lw	$t7,1024+96($Tbl)
+	_xtr	$i3,$s2,16
+	lw	$t8,1024+128($Tbl)
+	and	$i0,0xff
+	lw	$t9,1024+160($Tbl)
+	and	$i1,0xff
+	lw	$t10,1024+192($Tbl)
+	and	$i2,0xff
+	lw	$t11,1024+224($Tbl)
+	and	$i3,0xff
+
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+	lbu	$t0,1024($i0)		# Td4[s3>>16]
+	_xtr	$i0,$s2,8
+	lbu	$t1,1024($i1)		# Td4[s0>>16]
+	_xtr	$i1,$s3,8
+	lbu	$t2,1024($i2)		# Td4[s1>>16]
+	_xtr	$i2,$s0,8
+	lbu	$t3,1024($i3)		# Td4[s2>>16]
+	_xtr	$i3,$s1,8
+
+	and	$i0,0xff
+	and	$i1,0xff
+	and	$i2,0xff
+	and	$i3,0xff
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+#if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2)
+# if defined(_MIPSEL)
+	lbu	$t4,1024($i0)		# Td4[s2>>8]
+	$PTR_INS $i0,$s0,0,8
+	lbu	$t5,1024($i1)		# Td4[s3>>8]
+	$PTR_INS $i1,$s1,0,8
+	lbu	$t6,1024($i2)		# Td4[s0>>8]
+	$PTR_INS $i2,$s2,0,8
+	lbu	$t7,1024($i3)		# Td4[s1>>8]
+	$PTR_INS $i3,$s3,0,8
+
+	lbu	$t8,1024($i0)		# Td4[s0>>24]
+	_xtr	$i0,$s1,0
+	lbu	$t9,1024($i1)		# Td4[s1>>24]
+	_xtr	$i1,$s2,0
+	lbu	$t10,1024($i2)		# Td4[s2>>24]
+	_xtr	$i2,$s3,0
+	lbu	$t11,1024($i3)		# Td4[s3>>24]
+	_xtr	$i3,$s0,0
+
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+# else
+	lbu	$t4,1024($i0)		# Td4[s2>>8]
+	_xtr	$i0,$s0,24
+	lbu	$t5,1024($i1)		# Td4[s3>>8]
+	_xtr	$i1,$s1,24
+	lbu	$t6,1024($i2)		# Td4[s0>>8]
+	_xtr	$i2,$s2,24
+	lbu	$t7,1024($i3)		# Td4[s1>>8]
+	_xtr	$i3,$s3,24
+
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+	lbu	$t8,1024($i0)		# Td4[s0>>24]
+	$PTR_INS $i0,$s1,0,8
+	lbu	$t9,1024($i1)		# Td4[s1>>24]
+	$PTR_INS $i1,$s2,0,8
+	lbu	$t10,1024($i2)		# Td4[s2>>24]
+	$PTR_INS $i2,$s3,0,8
+	lbu	$t11,1024($i3)		# Td4[s3>>24]
+	$PTR_INS $i3,$s0,0,8
+# endif
+	_ins	$t0,16
+	_ins	$t1,16
+	_ins	$t2,16
+	_ins	$t3,16
+
+	_ins2	$t0,$t4,8
+	lbu	$t4,1024($i0)		# Td4[s1]
+	_ins2	$t1,$t5,8
+	lbu	$t5,1024($i1)		# Td4[s2]
+	_ins2	$t2,$t6,8
+	lbu	$t6,1024($i2)		# Td4[s3]
+	_ins2	$t3,$t7,8
+	lbu	$t7,1024($i3)		# Td4[s0]
+
+	_ins2	$t0,$t8,24
+	lw	$s0,0($key0)
+	_ins2	$t1,$t9,24
+	lw	$s1,4($key0)
+	_ins2	$t2,$t10,24
+	lw	$s2,8($key0)
+	_ins2	$t3,$t11,24
+	lw	$s3,12($key0)
+
+	_ins2	$t0,$t4,0
+	_ins2	$t1,$t5,0
+	_ins2	$t2,$t6,0
+	_ins2	$t3,$t7,0
+#else
+	lbu	$t4,1024($i0)		# Td4[s2>>8]
+	_xtr	$i0,$s0,24
+	lbu	$t5,1024($i1)		# Td4[s3>>8]
+	_xtr	$i1,$s1,24
+	lbu	$t6,1024($i2)		# Td4[s0>>8]
+	_xtr	$i2,$s2,24
+	lbu	$t7,1024($i3)		# Td4[s1>>8]
+	_xtr	$i3,$s3,24
+
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+	lbu	$t8,1024($i0)		# Td4[s0>>24]
+	_xtr	$i0,$s1,0
+	lbu	$t9,1024($i1)		# Td4[s1>>24]
+	_xtr	$i1,$s2,0
+	lbu	$t10,1024($i2)		# Td4[s2>>24]
+	_xtr	$i2,$s3,0
+	lbu	$t11,1024($i3)		# Td4[s3>>24]
+	_xtr	$i3,$s0,0
+
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+
+	_ins	$t0,16
+	_ins	$t1,16
+	_ins	$t2,16
+	_ins	$t3,16
+
+	_ins	$t4,8
+	_ins	$t5,8
+	_ins	$t6,8
+	_ins	$t7,8
+
+	xor	$t0,$t4
+	lbu	$t4,1024($i0)		# Td4[s1]
+	xor	$t1,$t5
+	lbu	$t5,1024($i1)		# Td4[s2]
+	xor	$t2,$t6
+	lbu	$t6,1024($i2)		# Td4[s3]
+	xor	$t3,$t7
+	lbu	$t7,1024($i3)		# Td4[s0]
+
+	_ins	$t8,24
+	lw	$s0,0($key0)
+	_ins	$t9,24
+	lw	$s1,4($key0)
+	_ins	$t10,24
+	lw	$s2,8($key0)
+	_ins	$t11,24
+	lw	$s3,12($key0)
+
+	xor	$t0,$t8
+	xor	$t1,$t9
+	xor	$t2,$t10
+	xor	$t3,$t11
+
+	_ins	$t4,0
+	_ins	$t5,0
+	_ins	$t6,0
+	_ins	$t7,0
+
+	xor	$t0,$t4
+	xor	$t1,$t5
+	xor	$t2,$t6
+	xor	$t3,$t7
+#endif
+
+	xor	$s0,$t0
+	xor	$s1,$t1
+	xor	$s2,$t2
+	xor	$s3,$t3
+
+	jr	$ra
+.end	_mips_AES_decrypt
+
+.align	5
+.globl	AES_decrypt
+.ent	AES_decrypt
+AES_decrypt:
+	.frame	$sp,$FRAMESIZE,$ra
+	.mask	$SAVED_REGS_MASK,-$SZREG
+	.set	noreorder
+___
+$code.=<<___ if ($flavour =~ /o32/i);	# o32 PIC-ification
+	.cpload	$pf
+___
+$code.=<<___;
+	$PTR_SUB $sp,$FRAMESIZE
+	$REG_S	$ra,$FRAMESIZE-1*$SZREG($sp)
+	$REG_S	$fp,$FRAMESIZE-2*$SZREG($sp)
+	$REG_S	$s11,$FRAMESIZE-3*$SZREG($sp)
+	$REG_S	$s10,$FRAMESIZE-4*$SZREG($sp)
+	$REG_S	$s9,$FRAMESIZE-5*$SZREG($sp)
+	$REG_S	$s8,$FRAMESIZE-6*$SZREG($sp)
+	$REG_S	$s7,$FRAMESIZE-7*$SZREG($sp)
+	$REG_S	$s6,$FRAMESIZE-8*$SZREG($sp)
+	$REG_S	$s5,$FRAMESIZE-9*$SZREG($sp)
+	$REG_S	$s4,$FRAMESIZE-10*$SZREG($sp)
+___
+$code.=<<___ if ($flavour =~ /nubi/i);	# optimize non-nubi prologue
+	$REG_S	\$15,$FRAMESIZE-11*$SZREG($sp)
+	$REG_S	\$14,$FRAMESIZE-12*$SZREG($sp)
+	$REG_S	\$13,$FRAMESIZE-13*$SZREG($sp)
+	$REG_S	\$12,$FRAMESIZE-14*$SZREG($sp)
+	$REG_S	$gp,$FRAMESIZE-15*$SZREG($sp)
+___
+$code.=<<___ if ($flavour !~ /o32/i);	# non-o32 PIC-ification
+	.cplocal	$Tbl
+	.cpsetup	$pf,$zero,AES_decrypt
+___
+$code.=<<___;
+	.set	reorder
+	$PTR_LA	$Tbl,AES_Td		# PIC-ified 'load address'
+
+#if defined(_MIPS_ARCH_MIPS32R6) || defined(_MIPS_ARCH_MIPS64R6)
+	lw	$s0,0($inp)
+	lw	$s1,4($inp)
+	lw	$s2,8($inp)
+	lw	$s3,12($inp)
+#else
+	lwl	$s0,0+$MSB($inp)
+	lwl	$s1,4+$MSB($inp)
+	lwl	$s2,8+$MSB($inp)
+	lwl	$s3,12+$MSB($inp)
+	lwr	$s0,0+$LSB($inp)
+	lwr	$s1,4+$LSB($inp)
+	lwr	$s2,8+$LSB($inp)
+	lwr	$s3,12+$LSB($inp)
+#endif
+
+	bal	_mips_AES_decrypt
+
+#if defined(_MIPS_ARCH_MIPS32R6) || defined(_MIPS_ARCH_MIPS64R6)
+	sw	$s0,0($out)
+	sw	$s1,4($out)
+	sw	$s2,8($out)
+	sw	$s3,12($out)
+#else
+	swr	$s0,0+$LSB($out)
+	swr	$s1,4+$LSB($out)
+	swr	$s2,8+$LSB($out)
+	swr	$s3,12+$LSB($out)
+	swl	$s0,0+$MSB($out)
+	swl	$s1,4+$MSB($out)
+	swl	$s2,8+$MSB($out)
+	swl	$s3,12+$MSB($out)
+#endif
+
+	.set	noreorder
+	$REG_L	$ra,$FRAMESIZE-1*$SZREG($sp)
+	$REG_L	$fp,$FRAMESIZE-2*$SZREG($sp)
+	$REG_L	$s11,$FRAMESIZE-3*$SZREG($sp)
+	$REG_L	$s10,$FRAMESIZE-4*$SZREG($sp)
+	$REG_L	$s9,$FRAMESIZE-5*$SZREG($sp)
+	$REG_L	$s8,$FRAMESIZE-6*$SZREG($sp)
+	$REG_L	$s7,$FRAMESIZE-7*$SZREG($sp)
+	$REG_L	$s6,$FRAMESIZE-8*$SZREG($sp)
+	$REG_L	$s5,$FRAMESIZE-9*$SZREG($sp)
+	$REG_L	$s4,$FRAMESIZE-10*$SZREG($sp)
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	$REG_L	\$15,$FRAMESIZE-11*$SZREG($sp)
+	$REG_L	\$14,$FRAMESIZE-12*$SZREG($sp)
+	$REG_L	\$13,$FRAMESIZE-13*$SZREG($sp)
+	$REG_L	\$12,$FRAMESIZE-14*$SZREG($sp)
+	$REG_L	$gp,$FRAMESIZE-15*$SZREG($sp)
+___
+$code.=<<___;
+	jr	$ra
+	$PTR_ADD $sp,$FRAMESIZE
+.end	AES_decrypt
+___
+}}}
+
+{{{
+my $FRAMESIZE=8*$SZREG;
+my $SAVED_REGS_MASK = ($flavour =~ /nubi/i) ? "0xc000f008" : "0xc0000000";
+
+my ($inp,$bits,$key,$Tbl)=($a0,$a1,$a2,$a3);
+my ($rk0,$rk1,$rk2,$rk3,$rk4,$rk5,$rk6,$rk7)=($a4,$a5,$a6,$a7,$s0,$s1,$s2,$s3);
+my ($i0,$i1,$i2,$i3)=($at,$t0,$t1,$t2);
+my ($rcon,$cnt)=($gp,$fp);
+
+$code.=<<___;
+.align	5
+.ent	_mips_AES_set_encrypt_key
+_mips_AES_set_encrypt_key:
+	.frame	$sp,0,$ra
+	.set	noreorder
+	beqz	$inp,.Lekey_done
+	li	$t0,-1
+	beqz	$key,.Lekey_done
+	$PTR_ADD $rcon,$Tbl,256
+
+	.set	reorder
+#if defined(_MIPS_ARCH_MIPS32R6) || defined(_MIPS_ARCH_MIPS64R6)
+	lw	$rk0,0($inp)		# load 128 bits
+	lw	$rk1,4($inp)
+	lw	$rk2,8($inp)
+	lw	$rk3,12($inp)
+#else
+	lwl	$rk0,0+$MSB($inp)	# load 128 bits
+	lwl	$rk1,4+$MSB($inp)
+	lwl	$rk2,8+$MSB($inp)
+	lwl	$rk3,12+$MSB($inp)
+	lwr	$rk0,0+$LSB($inp)
+	lwr	$rk1,4+$LSB($inp)
+	lwr	$rk2,8+$LSB($inp)
+	lwr	$rk3,12+$LSB($inp)
+#endif
+	li	$at,128
+	.set	noreorder
+	beq	$bits,$at,.L128bits
+	li	$cnt,10
+
+	.set	reorder
+#if defined(_MIPS_ARCH_MIPS32R6) || defined(_MIPS_ARCH_MIPS64R6)
+	lw	$rk4,16($inp)		# load 192 bits
+	lw	$rk5,20($inp)
+#else
+	lwl	$rk4,16+$MSB($inp)	# load 192 bits
+	lwl	$rk5,20+$MSB($inp)
+	lwr	$rk4,16+$LSB($inp)
+	lwr	$rk5,20+$LSB($inp)
+#endif
+	li	$at,192
+	.set	noreorder
+	beq	$bits,$at,.L192bits
+	li	$cnt,8
+
+	.set	reorder
+#if defined(_MIPS_ARCH_MIPS32R6) || defined(_MIPS_ARCH_MIPS64R6)
+	lw	$rk6,24($inp)		# load 256 bits
+	lw	$rk7,28($inp)
+#else
+	lwl	$rk6,24+$MSB($inp)	# load 256 bits
+	lwl	$rk7,28+$MSB($inp)
+	lwr	$rk6,24+$LSB($inp)
+	lwr	$rk7,28+$LSB($inp)
+#endif
+	li	$at,256
+	.set	noreorder
+	beq	$bits,$at,.L256bits
+	li	$cnt,7
+
+	b	.Lekey_done
+	li	$t0,-2
+
+.align	4
+.L128bits:
+	.set	reorder
+	srl	$i0,$rk3,16
+	srl	$i1,$rk3,8
+	and	$i0,0xff
+	and	$i1,0xff
+	and	$i2,$rk3,0xff
+	srl	$i3,$rk3,24
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+	lbu	$i0,0($i0)
+	lbu	$i1,0($i1)
+	lbu	$i2,0($i2)
+	lbu	$i3,0($i3)
+
+	sw	$rk0,0($key)
+	sw	$rk1,4($key)
+	sw	$rk2,8($key)
+	sw	$rk3,12($key)
+	subu	$cnt,1
+	$PTR_ADD $key,16
+
+	_bias	$i0,24
+	_bias	$i1,16
+	_bias	$i2,8
+	_bias	$i3,0
+
+	xor	$rk0,$i0
+	lw	$i0,0($rcon)
+	xor	$rk0,$i1
+	xor	$rk0,$i2
+	xor	$rk0,$i3
+	xor	$rk0,$i0
+
+	xor	$rk1,$rk0
+	xor	$rk2,$rk1
+	xor	$rk3,$rk2
+
+	.set	noreorder
+	bnez	$cnt,.L128bits
+	$PTR_ADD $rcon,4
+
+	sw	$rk0,0($key)
+	sw	$rk1,4($key)
+	sw	$rk2,8($key)
+	li	$cnt,10
+	sw	$rk3,12($key)
+	li	$t0,0
+	sw	$cnt,80($key)
+	b	.Lekey_done
+	$PTR_SUB $key,10*16
+
+.align	4
+.L192bits:
+	.set	reorder
+	srl	$i0,$rk5,16
+	srl	$i1,$rk5,8
+	and	$i0,0xff
+	and	$i1,0xff
+	and	$i2,$rk5,0xff
+	srl	$i3,$rk5,24
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+	lbu	$i0,0($i0)
+	lbu	$i1,0($i1)
+	lbu	$i2,0($i2)
+	lbu	$i3,0($i3)
+
+	sw	$rk0,0($key)
+	sw	$rk1,4($key)
+	sw	$rk2,8($key)
+	sw	$rk3,12($key)
+	sw	$rk4,16($key)
+	sw	$rk5,20($key)
+	subu	$cnt,1
+	$PTR_ADD $key,24
+
+	_bias	$i0,24
+	_bias	$i1,16
+	_bias	$i2,8
+	_bias	$i3,0
+
+	xor	$rk0,$i0
+	lw	$i0,0($rcon)
+	xor	$rk0,$i1
+	xor	$rk0,$i2
+	xor	$rk0,$i3
+	xor	$rk0,$i0
+
+	xor	$rk1,$rk0
+	xor	$rk2,$rk1
+	xor	$rk3,$rk2
+	xor	$rk4,$rk3
+	xor	$rk5,$rk4
+
+	.set	noreorder
+	bnez	$cnt,.L192bits
+	$PTR_ADD $rcon,4
+
+	sw	$rk0,0($key)
+	sw	$rk1,4($key)
+	sw	$rk2,8($key)
+	li	$cnt,12
+	sw	$rk3,12($key)
+	li	$t0,0
+	sw	$cnt,48($key)
+	b	.Lekey_done
+	$PTR_SUB $key,12*16
+
+.align	4
+.L256bits:
+	.set	reorder
+	srl	$i0,$rk7,16
+	srl	$i1,$rk7,8
+	and	$i0,0xff
+	and	$i1,0xff
+	and	$i2,$rk7,0xff
+	srl	$i3,$rk7,24
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+	lbu	$i0,0($i0)
+	lbu	$i1,0($i1)
+	lbu	$i2,0($i2)
+	lbu	$i3,0($i3)
+
+	sw	$rk0,0($key)
+	sw	$rk1,4($key)
+	sw	$rk2,8($key)
+	sw	$rk3,12($key)
+	sw	$rk4,16($key)
+	sw	$rk5,20($key)
+	sw	$rk6,24($key)
+	sw	$rk7,28($key)
+	subu	$cnt,1
+
+	_bias	$i0,24
+	_bias	$i1,16
+	_bias	$i2,8
+	_bias	$i3,0
+
+	xor	$rk0,$i0
+	lw	$i0,0($rcon)
+	xor	$rk0,$i1
+	xor	$rk0,$i2
+	xor	$rk0,$i3
+	xor	$rk0,$i0
+
+	xor	$rk1,$rk0
+	xor	$rk2,$rk1
+	xor	$rk3,$rk2
+	beqz	$cnt,.L256bits_done
+
+	srl	$i0,$rk3,24
+	srl	$i1,$rk3,16
+	srl	$i2,$rk3,8
+	and	$i3,$rk3,0xff
+	and	$i1,0xff
+	and	$i2,0xff
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+	lbu	$i0,0($i0)
+	lbu	$i1,0($i1)
+	lbu	$i2,0($i2)
+	lbu	$i3,0($i3)
+	sll	$i0,24
+	sll	$i1,16
+	sll	$i2,8
+
+	xor	$rk4,$i0
+	xor	$rk4,$i1
+	xor	$rk4,$i2
+	xor	$rk4,$i3
+
+	xor	$rk5,$rk4
+	xor	$rk6,$rk5
+	xor	$rk7,$rk6
+
+	$PTR_ADD $key,32
+	.set	noreorder
+	b	.L256bits
+	$PTR_ADD $rcon,4
+
+.L256bits_done:
+	sw	$rk0,32($key)
+	sw	$rk1,36($key)
+	sw	$rk2,40($key)
+	li	$cnt,14
+	sw	$rk3,44($key)
+	li	$t0,0
+	sw	$cnt,48($key)
+	$PTR_SUB $key,12*16
+
+.Lekey_done:
+	jr	$ra
+	nop
+.end	_mips_AES_set_encrypt_key
+
+.globl	AES_set_encrypt_key
+.ent	AES_set_encrypt_key
+AES_set_encrypt_key:
+	.frame	$sp,$FRAMESIZE,$ra
+	.mask	$SAVED_REGS_MASK,-$SZREG
+	.set	noreorder
+___
+$code.=<<___ if ($flavour =~ /o32/i);	# o32 PIC-ification
+	.cpload	$pf
+___
+$code.=<<___;
+	$PTR_SUB $sp,$FRAMESIZE
+	$REG_S	$ra,$FRAMESIZE-1*$SZREG($sp)
+	$REG_S	$fp,$FRAMESIZE-2*$SZREG($sp)
+___
+$code.=<<___ if ($flavour =~ /nubi/i);	# optimize non-nubi prologue
+	$REG_S	$s3,$FRAMESIZE-3*$SZREG($sp)
+	$REG_S	$s2,$FRAMESIZE-4*$SZREG($sp)
+	$REG_S	$s1,$FRAMESIZE-5*$SZREG($sp)
+	$REG_S	$s0,$FRAMESIZE-6*$SZREG($sp)
+	$REG_S	$gp,$FRAMESIZE-7*$SZREG($sp)
+___
+$code.=<<___ if ($flavour !~ /o32/i);	# non-o32 PIC-ification
+	.cplocal	$Tbl
+	.cpsetup	$pf,$zero,AES_set_encrypt_key
+___
+$code.=<<___;
+	.set	reorder
+	$PTR_LA	$Tbl,AES_Te4		# PIC-ified 'load address'
+
+	bal	_mips_AES_set_encrypt_key
+
+	.set	noreorder
+	move	$a0,$t0
+	$REG_L	$ra,$FRAMESIZE-1*$SZREG($sp)
+	$REG_L	$fp,$FRAMESIZE-2*$SZREG($sp)
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	$REG_L	$s3,$FRAMESIZE-11*$SZREG($sp)
+	$REG_L	$s2,$FRAMESIZE-12*$SZREG($sp)
+	$REG_L	$s1,$FRAMESIZE-13*$SZREG($sp)
+	$REG_L	$s0,$FRAMESIZE-14*$SZREG($sp)
+	$REG_L	$gp,$FRAMESIZE-15*$SZREG($sp)
+___
+$code.=<<___;
+	jr	$ra
+	$PTR_ADD $sp,$FRAMESIZE
+.end	AES_set_encrypt_key
+___
+
+my ($head,$tail)=($inp,$bits);
+my ($tp1,$tp2,$tp4,$tp8,$tp9,$tpb,$tpd,$tpe)=($a4,$a5,$a6,$a7,$s0,$s1,$s2,$s3);
+my ($m,$x80808080,$x7f7f7f7f,$x1b1b1b1b)=($at,$t0,$t1,$t2);
+$code.=<<___;
+.align	5
+.globl	AES_set_decrypt_key
+.ent	AES_set_decrypt_key
+AES_set_decrypt_key:
+	.frame	$sp,$FRAMESIZE,$ra
+	.mask	$SAVED_REGS_MASK,-$SZREG
+	.set	noreorder
+___
+$code.=<<___ if ($flavour =~ /o32/i);	# o32 PIC-ification
+	.cpload	$pf
+___
+$code.=<<___;
+	$PTR_SUB $sp,$FRAMESIZE
+	$REG_S	$ra,$FRAMESIZE-1*$SZREG($sp)
+	$REG_S	$fp,$FRAMESIZE-2*$SZREG($sp)
+___
+$code.=<<___ if ($flavour =~ /nubi/i);	# optimize non-nubi prologue
+	$REG_S	$s3,$FRAMESIZE-3*$SZREG($sp)
+	$REG_S	$s2,$FRAMESIZE-4*$SZREG($sp)
+	$REG_S	$s1,$FRAMESIZE-5*$SZREG($sp)
+	$REG_S	$s0,$FRAMESIZE-6*$SZREG($sp)
+	$REG_S	$gp,$FRAMESIZE-7*$SZREG($sp)
+___
+$code.=<<___ if ($flavour !~ /o32/i);	# non-o32 PIC-ification
+	.cplocal	$Tbl
+	.cpsetup	$pf,$zero,AES_set_decrypt_key
+___
+$code.=<<___;
+	.set	reorder
+	$PTR_LA	$Tbl,AES_Te4		# PIC-ified 'load address'
+
+	bal	_mips_AES_set_encrypt_key
+
+	bltz	$t0,.Ldkey_done
+
+	sll	$at,$cnt,4
+	$PTR_ADD $head,$key,0
+	$PTR_ADD $tail,$key,$at
+.align	4
+.Lswap:
+	lw	$rk0,0($head)
+	lw	$rk1,4($head)
+	lw	$rk2,8($head)
+	lw	$rk3,12($head)
+	lw	$rk4,0($tail)
+	lw	$rk5,4($tail)
+	lw	$rk6,8($tail)
+	lw	$rk7,12($tail)
+	sw	$rk0,0($tail)
+	sw	$rk1,4($tail)
+	sw	$rk2,8($tail)
+	sw	$rk3,12($tail)
+	$PTR_ADD $head,16
+	$PTR_SUB $tail,16
+	sw	$rk4,-16($head)
+	sw	$rk5,-12($head)
+	sw	$rk6,-8($head)
+	sw	$rk7,-4($head)
+	bne	$head,$tail,.Lswap
+
+	lw	$tp1,16($key)		# modulo-scheduled
+	lui	$x80808080,0x8080
+	subu	$cnt,1
+	or	$x80808080,0x8080
+	sll	$cnt,2
+	$PTR_ADD $key,16
+	lui	$x1b1b1b1b,0x1b1b
+	nor	$x7f7f7f7f,$zero,$x80808080
+	or	$x1b1b1b1b,0x1b1b
+.align	4
+.Lmix:
+	and	$m,$tp1,$x80808080
+	and	$tp2,$tp1,$x7f7f7f7f
+	srl	$tp4,$m,7
+	addu	$tp2,$tp2		# tp2<<1
+	subu	$m,$tp4
+	and	$m,$x1b1b1b1b
+	xor	$tp2,$m
+
+	and	$m,$tp2,$x80808080
+	and	$tp4,$tp2,$x7f7f7f7f
+	srl	$tp8,$m,7
+	addu	$tp4,$tp4		# tp4<<1
+	subu	$m,$tp8
+	and	$m,$x1b1b1b1b
+	xor	$tp4,$m
+
+	and	$m,$tp4,$x80808080
+	and	$tp8,$tp4,$x7f7f7f7f
+	srl	$tp9,$m,7
+	addu	$tp8,$tp8		# tp8<<1
+	subu	$m,$tp9
+	and	$m,$x1b1b1b1b
+	xor	$tp8,$m
+
+	xor	$tp9,$tp8,$tp1
+	xor	$tpe,$tp8,$tp4
+	xor	$tpb,$tp9,$tp2
+	xor	$tpd,$tp9,$tp4
+
+#if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2)
+	rotr	$tp1,$tpd,16
+	 xor	$tpe,$tp2
+	rotr	$tp2,$tp9,8
+	xor	$tpe,$tp1
+	rotr	$tp4,$tpb,24
+	xor	$tpe,$tp2
+	lw	$tp1,4($key)		# modulo-scheduled
+	xor	$tpe,$tp4
+#else
+	_ror	$tp1,$tpd,16
+	 xor	$tpe,$tp2
+	_ror	$tp2,$tpd,-16
+	xor	$tpe,$tp1
+	_ror	$tp1,$tp9,8
+	xor	$tpe,$tp2
+	_ror	$tp2,$tp9,-24
+	xor	$tpe,$tp1
+	_ror	$tp1,$tpb,24
+	xor	$tpe,$tp2
+	_ror	$tp2,$tpb,-8
+	xor	$tpe,$tp1
+	lw	$tp1,4($key)		# modulo-scheduled
+	xor	$tpe,$tp2
+#endif
+	subu	$cnt,1
+	sw	$tpe,0($key)
+	$PTR_ADD $key,4
+	bnez	$cnt,.Lmix
+
+	li	$t0,0
+.Ldkey_done:
+	.set	noreorder
+	move	$a0,$t0
+	$REG_L	$ra,$FRAMESIZE-1*$SZREG($sp)
+	$REG_L	$fp,$FRAMESIZE-2*$SZREG($sp)
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	$REG_L	$s3,$FRAMESIZE-11*$SZREG($sp)
+	$REG_L	$s2,$FRAMESIZE-12*$SZREG($sp)
+	$REG_L	$s1,$FRAMESIZE-13*$SZREG($sp)
+	$REG_L	$s0,$FRAMESIZE-14*$SZREG($sp)
+	$REG_L	$gp,$FRAMESIZE-15*$SZREG($sp)
+___
+$code.=<<___;
+	jr	$ra
+	$PTR_ADD $sp,$FRAMESIZE
+.end	AES_set_decrypt_key
+___
+}}}
+
+######################################################################
+# Tables are kept in endian-neutral manner
+$code.=<<___;
+.rdata
+.align	10
+AES_Te:
+.byte	0xc6,0x63,0x63,0xa5,	0xf8,0x7c,0x7c,0x84	# Te0
+.byte	0xee,0x77,0x77,0x99,	0xf6,0x7b,0x7b,0x8d
+.byte	0xff,0xf2,0xf2,0x0d,	0xd6,0x6b,0x6b,0xbd
+.byte	0xde,0x6f,0x6f,0xb1,	0x91,0xc5,0xc5,0x54
+.byte	0x60,0x30,0x30,0x50,	0x02,0x01,0x01,0x03
+.byte	0xce,0x67,0x67,0xa9,	0x56,0x2b,0x2b,0x7d
+.byte	0xe7,0xfe,0xfe,0x19,	0xb5,0xd7,0xd7,0x62
+.byte	0x4d,0xab,0xab,0xe6,	0xec,0x76,0x76,0x9a
+.byte	0x8f,0xca,0xca,0x45,	0x1f,0x82,0x82,0x9d
+.byte	0x89,0xc9,0xc9,0x40,	0xfa,0x7d,0x7d,0x87
+.byte	0xef,0xfa,0xfa,0x15,	0xb2,0x59,0x59,0xeb
+.byte	0x8e,0x47,0x47,0xc9,	0xfb,0xf0,0xf0,0x0b
+.byte	0x41,0xad,0xad,0xec,	0xb3,0xd4,0xd4,0x67
+.byte	0x5f,0xa2,0xa2,0xfd,	0x45,0xaf,0xaf,0xea
+.byte	0x23,0x9c,0x9c,0xbf,	0x53,0xa4,0xa4,0xf7
+.byte	0xe4,0x72,0x72,0x96,	0x9b,0xc0,0xc0,0x5b
+.byte	0x75,0xb7,0xb7,0xc2,	0xe1,0xfd,0xfd,0x1c
+.byte	0x3d,0x93,0x93,0xae,	0x4c,0x26,0x26,0x6a
+.byte	0x6c,0x36,0x36,0x5a,	0x7e,0x3f,0x3f,0x41
+.byte	0xf5,0xf7,0xf7,0x02,	0x83,0xcc,0xcc,0x4f
+.byte	0x68,0x34,0x34,0x5c,	0x51,0xa5,0xa5,0xf4
+.byte	0xd1,0xe5,0xe5,0x34,	0xf9,0xf1,0xf1,0x08
+.byte	0xe2,0x71,0x71,0x93,	0xab,0xd8,0xd8,0x73
+.byte	0x62,0x31,0x31,0x53,	0x2a,0x15,0x15,0x3f
+.byte	0x08,0x04,0x04,0x0c,	0x95,0xc7,0xc7,0x52
+.byte	0x46,0x23,0x23,0x65,	0x9d,0xc3,0xc3,0x5e
+.byte	0x30,0x18,0x18,0x28,	0x37,0x96,0x96,0xa1
+.byte	0x0a,0x05,0x05,0x0f,	0x2f,0x9a,0x9a,0xb5
+.byte	0x0e,0x07,0x07,0x09,	0x24,0x12,0x12,0x36
+.byte	0x1b,0x80,0x80,0x9b,	0xdf,0xe2,0xe2,0x3d
+.byte	0xcd,0xeb,0xeb,0x26,	0x4e,0x27,0x27,0x69
+.byte	0x7f,0xb2,0xb2,0xcd,	0xea,0x75,0x75,0x9f
+.byte	0x12,0x09,0x09,0x1b,	0x1d,0x83,0x83,0x9e
+.byte	0x58,0x2c,0x2c,0x74,	0x34,0x1a,0x1a,0x2e
+.byte	0x36,0x1b,0x1b,0x2d,	0xdc,0x6e,0x6e,0xb2
+.byte	0xb4,0x5a,0x5a,0xee,	0x5b,0xa0,0xa0,0xfb
+.byte	0xa4,0x52,0x52,0xf6,	0x76,0x3b,0x3b,0x4d
+.byte	0xb7,0xd6,0xd6,0x61,	0x7d,0xb3,0xb3,0xce
+.byte	0x52,0x29,0x29,0x7b,	0xdd,0xe3,0xe3,0x3e
+.byte	0x5e,0x2f,0x2f,0x71,	0x13,0x84,0x84,0x97
+.byte	0xa6,0x53,0x53,0xf5,	0xb9,0xd1,0xd1,0x68
+.byte	0x00,0x00,0x00,0x00,	0xc1,0xed,0xed,0x2c
+.byte	0x40,0x20,0x20,0x60,	0xe3,0xfc,0xfc,0x1f
+.byte	0x79,0xb1,0xb1,0xc8,	0xb6,0x5b,0x5b,0xed
+.byte	0xd4,0x6a,0x6a,0xbe,	0x8d,0xcb,0xcb,0x46
+.byte	0x67,0xbe,0xbe,0xd9,	0x72,0x39,0x39,0x4b
+.byte	0x94,0x4a,0x4a,0xde,	0x98,0x4c,0x4c,0xd4
+.byte	0xb0,0x58,0x58,0xe8,	0x85,0xcf,0xcf,0x4a
+.byte	0xbb,0xd0,0xd0,0x6b,	0xc5,0xef,0xef,0x2a
+.byte	0x4f,0xaa,0xaa,0xe5,	0xed,0xfb,0xfb,0x16
+.byte	0x86,0x43,0x43,0xc5,	0x9a,0x4d,0x4d,0xd7
+.byte	0x66,0x33,0x33,0x55,	0x11,0x85,0x85,0x94
+.byte	0x8a,0x45,0x45,0xcf,	0xe9,0xf9,0xf9,0x10
+.byte	0x04,0x02,0x02,0x06,	0xfe,0x7f,0x7f,0x81
+.byte	0xa0,0x50,0x50,0xf0,	0x78,0x3c,0x3c,0x44
+.byte	0x25,0x9f,0x9f,0xba,	0x4b,0xa8,0xa8,0xe3
+.byte	0xa2,0x51,0x51,0xf3,	0x5d,0xa3,0xa3,0xfe
+.byte	0x80,0x40,0x40,0xc0,	0x05,0x8f,0x8f,0x8a
+.byte	0x3f,0x92,0x92,0xad,	0x21,0x9d,0x9d,0xbc
+.byte	0x70,0x38,0x38,0x48,	0xf1,0xf5,0xf5,0x04
+.byte	0x63,0xbc,0xbc,0xdf,	0x77,0xb6,0xb6,0xc1
+.byte	0xaf,0xda,0xda,0x75,	0x42,0x21,0x21,0x63
+.byte	0x20,0x10,0x10,0x30,	0xe5,0xff,0xff,0x1a
+.byte	0xfd,0xf3,0xf3,0x0e,	0xbf,0xd2,0xd2,0x6d
+.byte	0x81,0xcd,0xcd,0x4c,	0x18,0x0c,0x0c,0x14
+.byte	0x26,0x13,0x13,0x35,	0xc3,0xec,0xec,0x2f
+.byte	0xbe,0x5f,0x5f,0xe1,	0x35,0x97,0x97,0xa2
+.byte	0x88,0x44,0x44,0xcc,	0x2e,0x17,0x17,0x39
+.byte	0x93,0xc4,0xc4,0x57,	0x55,0xa7,0xa7,0xf2
+.byte	0xfc,0x7e,0x7e,0x82,	0x7a,0x3d,0x3d,0x47
+.byte	0xc8,0x64,0x64,0xac,	0xba,0x5d,0x5d,0xe7
+.byte	0x32,0x19,0x19,0x2b,	0xe6,0x73,0x73,0x95
+.byte	0xc0,0x60,0x60,0xa0,	0x19,0x81,0x81,0x98
+.byte	0x9e,0x4f,0x4f,0xd1,	0xa3,0xdc,0xdc,0x7f
+.byte	0x44,0x22,0x22,0x66,	0x54,0x2a,0x2a,0x7e
+.byte	0x3b,0x90,0x90,0xab,	0x0b,0x88,0x88,0x83
+.byte	0x8c,0x46,0x46,0xca,	0xc7,0xee,0xee,0x29
+.byte	0x6b,0xb8,0xb8,0xd3,	0x28,0x14,0x14,0x3c
+.byte	0xa7,0xde,0xde,0x79,	0xbc,0x5e,0x5e,0xe2
+.byte	0x16,0x0b,0x0b,0x1d,	0xad,0xdb,0xdb,0x76
+.byte	0xdb,0xe0,0xe0,0x3b,	0x64,0x32,0x32,0x56
+.byte	0x74,0x3a,0x3a,0x4e,	0x14,0x0a,0x0a,0x1e
+.byte	0x92,0x49,0x49,0xdb,	0x0c,0x06,0x06,0x0a
+.byte	0x48,0x24,0x24,0x6c,	0xb8,0x5c,0x5c,0xe4
+.byte	0x9f,0xc2,0xc2,0x5d,	0xbd,0xd3,0xd3,0x6e
+.byte	0x43,0xac,0xac,0xef,	0xc4,0x62,0x62,0xa6
+.byte	0x39,0x91,0x91,0xa8,	0x31,0x95,0x95,0xa4
+.byte	0xd3,0xe4,0xe4,0x37,	0xf2,0x79,0x79,0x8b
+.byte	0xd5,0xe7,0xe7,0x32,	0x8b,0xc8,0xc8,0x43
+.byte	0x6e,0x37,0x37,0x59,	0xda,0x6d,0x6d,0xb7
+.byte	0x01,0x8d,0x8d,0x8c,	0xb1,0xd5,0xd5,0x64
+.byte	0x9c,0x4e,0x4e,0xd2,	0x49,0xa9,0xa9,0xe0
+.byte	0xd8,0x6c,0x6c,0xb4,	0xac,0x56,0x56,0xfa
+.byte	0xf3,0xf4,0xf4,0x07,	0xcf,0xea,0xea,0x25
+.byte	0xca,0x65,0x65,0xaf,	0xf4,0x7a,0x7a,0x8e
+.byte	0x47,0xae,0xae,0xe9,	0x10,0x08,0x08,0x18
+.byte	0x6f,0xba,0xba,0xd5,	0xf0,0x78,0x78,0x88
+.byte	0x4a,0x25,0x25,0x6f,	0x5c,0x2e,0x2e,0x72
+.byte	0x38,0x1c,0x1c,0x24,	0x57,0xa6,0xa6,0xf1
+.byte	0x73,0xb4,0xb4,0xc7,	0x97,0xc6,0xc6,0x51
+.byte	0xcb,0xe8,0xe8,0x23,	0xa1,0xdd,0xdd,0x7c
+.byte	0xe8,0x74,0x74,0x9c,	0x3e,0x1f,0x1f,0x21
+.byte	0x96,0x4b,0x4b,0xdd,	0x61,0xbd,0xbd,0xdc
+.byte	0x0d,0x8b,0x8b,0x86,	0x0f,0x8a,0x8a,0x85
+.byte	0xe0,0x70,0x70,0x90,	0x7c,0x3e,0x3e,0x42
+.byte	0x71,0xb5,0xb5,0xc4,	0xcc,0x66,0x66,0xaa
+.byte	0x90,0x48,0x48,0xd8,	0x06,0x03,0x03,0x05
+.byte	0xf7,0xf6,0xf6,0x01,	0x1c,0x0e,0x0e,0x12
+.byte	0xc2,0x61,0x61,0xa3,	0x6a,0x35,0x35,0x5f
+.byte	0xae,0x57,0x57,0xf9,	0x69,0xb9,0xb9,0xd0
+.byte	0x17,0x86,0x86,0x91,	0x99,0xc1,0xc1,0x58
+.byte	0x3a,0x1d,0x1d,0x27,	0x27,0x9e,0x9e,0xb9
+.byte	0xd9,0xe1,0xe1,0x38,	0xeb,0xf8,0xf8,0x13
+.byte	0x2b,0x98,0x98,0xb3,	0x22,0x11,0x11,0x33
+.byte	0xd2,0x69,0x69,0xbb,	0xa9,0xd9,0xd9,0x70
+.byte	0x07,0x8e,0x8e,0x89,	0x33,0x94,0x94,0xa7
+.byte	0x2d,0x9b,0x9b,0xb6,	0x3c,0x1e,0x1e,0x22
+.byte	0x15,0x87,0x87,0x92,	0xc9,0xe9,0xe9,0x20
+.byte	0x87,0xce,0xce,0x49,	0xaa,0x55,0x55,0xff
+.byte	0x50,0x28,0x28,0x78,	0xa5,0xdf,0xdf,0x7a
+.byte	0x03,0x8c,0x8c,0x8f,	0x59,0xa1,0xa1,0xf8
+.byte	0x09,0x89,0x89,0x80,	0x1a,0x0d,0x0d,0x17
+.byte	0x65,0xbf,0xbf,0xda,	0xd7,0xe6,0xe6,0x31
+.byte	0x84,0x42,0x42,0xc6,	0xd0,0x68,0x68,0xb8
+.byte	0x82,0x41,0x41,0xc3,	0x29,0x99,0x99,0xb0
+.byte	0x5a,0x2d,0x2d,0x77,	0x1e,0x0f,0x0f,0x11
+.byte	0x7b,0xb0,0xb0,0xcb,	0xa8,0x54,0x54,0xfc
+.byte	0x6d,0xbb,0xbb,0xd6,	0x2c,0x16,0x16,0x3a
+
+AES_Td:
+.byte	0x51,0xf4,0xa7,0x50,	0x7e,0x41,0x65,0x53	# Td0
+.byte	0x1a,0x17,0xa4,0xc3,	0x3a,0x27,0x5e,0x96
+.byte	0x3b,0xab,0x6b,0xcb,	0x1f,0x9d,0x45,0xf1
+.byte	0xac,0xfa,0x58,0xab,	0x4b,0xe3,0x03,0x93
+.byte	0x20,0x30,0xfa,0x55,	0xad,0x76,0x6d,0xf6
+.byte	0x88,0xcc,0x76,0x91,	0xf5,0x02,0x4c,0x25
+.byte	0x4f,0xe5,0xd7,0xfc,	0xc5,0x2a,0xcb,0xd7
+.byte	0x26,0x35,0x44,0x80,	0xb5,0x62,0xa3,0x8f
+.byte	0xde,0xb1,0x5a,0x49,	0x25,0xba,0x1b,0x67
+.byte	0x45,0xea,0x0e,0x98,	0x5d,0xfe,0xc0,0xe1
+.byte	0xc3,0x2f,0x75,0x02,	0x81,0x4c,0xf0,0x12
+.byte	0x8d,0x46,0x97,0xa3,	0x6b,0xd3,0xf9,0xc6
+.byte	0x03,0x8f,0x5f,0xe7,	0x15,0x92,0x9c,0x95
+.byte	0xbf,0x6d,0x7a,0xeb,	0x95,0x52,0x59,0xda
+.byte	0xd4,0xbe,0x83,0x2d,	0x58,0x74,0x21,0xd3
+.byte	0x49,0xe0,0x69,0x29,	0x8e,0xc9,0xc8,0x44
+.byte	0x75,0xc2,0x89,0x6a,	0xf4,0x8e,0x79,0x78
+.byte	0x99,0x58,0x3e,0x6b,	0x27,0xb9,0x71,0xdd
+.byte	0xbe,0xe1,0x4f,0xb6,	0xf0,0x88,0xad,0x17
+.byte	0xc9,0x20,0xac,0x66,	0x7d,0xce,0x3a,0xb4
+.byte	0x63,0xdf,0x4a,0x18,	0xe5,0x1a,0x31,0x82
+.byte	0x97,0x51,0x33,0x60,	0x62,0x53,0x7f,0x45
+.byte	0xb1,0x64,0x77,0xe0,	0xbb,0x6b,0xae,0x84
+.byte	0xfe,0x81,0xa0,0x1c,	0xf9,0x08,0x2b,0x94
+.byte	0x70,0x48,0x68,0x58,	0x8f,0x45,0xfd,0x19
+.byte	0x94,0xde,0x6c,0x87,	0x52,0x7b,0xf8,0xb7
+.byte	0xab,0x73,0xd3,0x23,	0x72,0x4b,0x02,0xe2
+.byte	0xe3,0x1f,0x8f,0x57,	0x66,0x55,0xab,0x2a
+.byte	0xb2,0xeb,0x28,0x07,	0x2f,0xb5,0xc2,0x03
+.byte	0x86,0xc5,0x7b,0x9a,	0xd3,0x37,0x08,0xa5
+.byte	0x30,0x28,0x87,0xf2,	0x23,0xbf,0xa5,0xb2
+.byte	0x02,0x03,0x6a,0xba,	0xed,0x16,0x82,0x5c
+.byte	0x8a,0xcf,0x1c,0x2b,	0xa7,0x79,0xb4,0x92
+.byte	0xf3,0x07,0xf2,0xf0,	0x4e,0x69,0xe2,0xa1
+.byte	0x65,0xda,0xf4,0xcd,	0x06,0x05,0xbe,0xd5
+.byte	0xd1,0x34,0x62,0x1f,	0xc4,0xa6,0xfe,0x8a
+.byte	0x34,0x2e,0x53,0x9d,	0xa2,0xf3,0x55,0xa0
+.byte	0x05,0x8a,0xe1,0x32,	0xa4,0xf6,0xeb,0x75
+.byte	0x0b,0x83,0xec,0x39,	0x40,0x60,0xef,0xaa
+.byte	0x5e,0x71,0x9f,0x06,	0xbd,0x6e,0x10,0x51
+.byte	0x3e,0x21,0x8a,0xf9,	0x96,0xdd,0x06,0x3d
+.byte	0xdd,0x3e,0x05,0xae,	0x4d,0xe6,0xbd,0x46
+.byte	0x91,0x54,0x8d,0xb5,	0x71,0xc4,0x5d,0x05
+.byte	0x04,0x06,0xd4,0x6f,	0x60,0x50,0x15,0xff
+.byte	0x19,0x98,0xfb,0x24,	0xd6,0xbd,0xe9,0x97
+.byte	0x89,0x40,0x43,0xcc,	0x67,0xd9,0x9e,0x77
+.byte	0xb0,0xe8,0x42,0xbd,	0x07,0x89,0x8b,0x88
+.byte	0xe7,0x19,0x5b,0x38,	0x79,0xc8,0xee,0xdb
+.byte	0xa1,0x7c,0x0a,0x47,	0x7c,0x42,0x0f,0xe9
+.byte	0xf8,0x84,0x1e,0xc9,	0x00,0x00,0x00,0x00
+.byte	0x09,0x80,0x86,0x83,	0x32,0x2b,0xed,0x48
+.byte	0x1e,0x11,0x70,0xac,	0x6c,0x5a,0x72,0x4e
+.byte	0xfd,0x0e,0xff,0xfb,	0x0f,0x85,0x38,0x56
+.byte	0x3d,0xae,0xd5,0x1e,	0x36,0x2d,0x39,0x27
+.byte	0x0a,0x0f,0xd9,0x64,	0x68,0x5c,0xa6,0x21
+.byte	0x9b,0x5b,0x54,0xd1,	0x24,0x36,0x2e,0x3a
+.byte	0x0c,0x0a,0x67,0xb1,	0x93,0x57,0xe7,0x0f
+.byte	0xb4,0xee,0x96,0xd2,	0x1b,0x9b,0x91,0x9e
+.byte	0x80,0xc0,0xc5,0x4f,	0x61,0xdc,0x20,0xa2
+.byte	0x5a,0x77,0x4b,0x69,	0x1c,0x12,0x1a,0x16
+.byte	0xe2,0x93,0xba,0x0a,	0xc0,0xa0,0x2a,0xe5
+.byte	0x3c,0x22,0xe0,0x43,	0x12,0x1b,0x17,0x1d
+.byte	0x0e,0x09,0x0d,0x0b,	0xf2,0x8b,0xc7,0xad
+.byte	0x2d,0xb6,0xa8,0xb9,	0x14,0x1e,0xa9,0xc8
+.byte	0x57,0xf1,0x19,0x85,	0xaf,0x75,0x07,0x4c
+.byte	0xee,0x99,0xdd,0xbb,	0xa3,0x7f,0x60,0xfd
+.byte	0xf7,0x01,0x26,0x9f,	0x5c,0x72,0xf5,0xbc
+.byte	0x44,0x66,0x3b,0xc5,	0x5b,0xfb,0x7e,0x34
+.byte	0x8b,0x43,0x29,0x76,	0xcb,0x23,0xc6,0xdc
+.byte	0xb6,0xed,0xfc,0x68,	0xb8,0xe4,0xf1,0x63
+.byte	0xd7,0x31,0xdc,0xca,	0x42,0x63,0x85,0x10
+.byte	0x13,0x97,0x22,0x40,	0x84,0xc6,0x11,0x20
+.byte	0x85,0x4a,0x24,0x7d,	0xd2,0xbb,0x3d,0xf8
+.byte	0xae,0xf9,0x32,0x11,	0xc7,0x29,0xa1,0x6d
+.byte	0x1d,0x9e,0x2f,0x4b,	0xdc,0xb2,0x30,0xf3
+.byte	0x0d,0x86,0x52,0xec,	0x77,0xc1,0xe3,0xd0
+.byte	0x2b,0xb3,0x16,0x6c,	0xa9,0x70,0xb9,0x99
+.byte	0x11,0x94,0x48,0xfa,	0x47,0xe9,0x64,0x22
+.byte	0xa8,0xfc,0x8c,0xc4,	0xa0,0xf0,0x3f,0x1a
+.byte	0x56,0x7d,0x2c,0xd8,	0x22,0x33,0x90,0xef
+.byte	0x87,0x49,0x4e,0xc7,	0xd9,0x38,0xd1,0xc1
+.byte	0x8c,0xca,0xa2,0xfe,	0x98,0xd4,0x0b,0x36
+.byte	0xa6,0xf5,0x81,0xcf,	0xa5,0x7a,0xde,0x28
+.byte	0xda,0xb7,0x8e,0x26,	0x3f,0xad,0xbf,0xa4
+.byte	0x2c,0x3a,0x9d,0xe4,	0x50,0x78,0x92,0x0d
+.byte	0x6a,0x5f,0xcc,0x9b,	0x54,0x7e,0x46,0x62
+.byte	0xf6,0x8d,0x13,0xc2,	0x90,0xd8,0xb8,0xe8
+.byte	0x2e,0x39,0xf7,0x5e,	0x82,0xc3,0xaf,0xf5
+.byte	0x9f,0x5d,0x80,0xbe,	0x69,0xd0,0x93,0x7c
+.byte	0x6f,0xd5,0x2d,0xa9,	0xcf,0x25,0x12,0xb3
+.byte	0xc8,0xac,0x99,0x3b,	0x10,0x18,0x7d,0xa7
+.byte	0xe8,0x9c,0x63,0x6e,	0xdb,0x3b,0xbb,0x7b
+.byte	0xcd,0x26,0x78,0x09,	0x6e,0x59,0x18,0xf4
+.byte	0xec,0x9a,0xb7,0x01,	0x83,0x4f,0x9a,0xa8
+.byte	0xe6,0x95,0x6e,0x65,	0xaa,0xff,0xe6,0x7e
+.byte	0x21,0xbc,0xcf,0x08,	0xef,0x15,0xe8,0xe6
+.byte	0xba,0xe7,0x9b,0xd9,	0x4a,0x6f,0x36,0xce
+.byte	0xea,0x9f,0x09,0xd4,	0x29,0xb0,0x7c,0xd6
+.byte	0x31,0xa4,0xb2,0xaf,	0x2a,0x3f,0x23,0x31
+.byte	0xc6,0xa5,0x94,0x30,	0x35,0xa2,0x66,0xc0
+.byte	0x74,0x4e,0xbc,0x37,	0xfc,0x82,0xca,0xa6
+.byte	0xe0,0x90,0xd0,0xb0,	0x33,0xa7,0xd8,0x15
+.byte	0xf1,0x04,0x98,0x4a,	0x41,0xec,0xda,0xf7
+.byte	0x7f,0xcd,0x50,0x0e,	0x17,0x91,0xf6,0x2f
+.byte	0x76,0x4d,0xd6,0x8d,	0x43,0xef,0xb0,0x4d
+.byte	0xcc,0xaa,0x4d,0x54,	0xe4,0x96,0x04,0xdf
+.byte	0x9e,0xd1,0xb5,0xe3,	0x4c,0x6a,0x88,0x1b
+.byte	0xc1,0x2c,0x1f,0xb8,	0x46,0x65,0x51,0x7f
+.byte	0x9d,0x5e,0xea,0x04,	0x01,0x8c,0x35,0x5d
+.byte	0xfa,0x87,0x74,0x73,	0xfb,0x0b,0x41,0x2e
+.byte	0xb3,0x67,0x1d,0x5a,	0x92,0xdb,0xd2,0x52
+.byte	0xe9,0x10,0x56,0x33,	0x6d,0xd6,0x47,0x13
+.byte	0x9a,0xd7,0x61,0x8c,	0x37,0xa1,0x0c,0x7a
+.byte	0x59,0xf8,0x14,0x8e,	0xeb,0x13,0x3c,0x89
+.byte	0xce,0xa9,0x27,0xee,	0xb7,0x61,0xc9,0x35
+.byte	0xe1,0x1c,0xe5,0xed,	0x7a,0x47,0xb1,0x3c
+.byte	0x9c,0xd2,0xdf,0x59,	0x55,0xf2,0x73,0x3f
+.byte	0x18,0x14,0xce,0x79,	0x73,0xc7,0x37,0xbf
+.byte	0x53,0xf7,0xcd,0xea,	0x5f,0xfd,0xaa,0x5b
+.byte	0xdf,0x3d,0x6f,0x14,	0x78,0x44,0xdb,0x86
+.byte	0xca,0xaf,0xf3,0x81,	0xb9,0x68,0xc4,0x3e
+.byte	0x38,0x24,0x34,0x2c,	0xc2,0xa3,0x40,0x5f
+.byte	0x16,0x1d,0xc3,0x72,	0xbc,0xe2,0x25,0x0c
+.byte	0x28,0x3c,0x49,0x8b,	0xff,0x0d,0x95,0x41
+.byte	0x39,0xa8,0x01,0x71,	0x08,0x0c,0xb3,0xde
+.byte	0xd8,0xb4,0xe4,0x9c,	0x64,0x56,0xc1,0x90
+.byte	0x7b,0xcb,0x84,0x61,	0xd5,0x32,0xb6,0x70
+.byte	0x48,0x6c,0x5c,0x74,	0xd0,0xb8,0x57,0x42
+
+.byte	0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38	# Td4
+.byte	0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
+.byte	0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87
+.byte	0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
+.byte	0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d
+.byte	0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
+.byte	0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2
+.byte	0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
+.byte	0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16
+.byte	0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
+.byte	0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda
+.byte	0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
+.byte	0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a
+.byte	0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
+.byte	0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02
+.byte	0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
+.byte	0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea
+.byte	0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
+.byte	0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85
+.byte	0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
+.byte	0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89
+.byte	0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
+.byte	0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20
+.byte	0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
+.byte	0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31
+.byte	0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
+.byte	0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d
+.byte	0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
+.byte	0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0
+.byte	0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
+.byte	0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26
+.byte	0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
+
+AES_Te4:
+.byte	0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5	# Te4
+.byte	0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76
+.byte	0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0
+.byte	0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0
+.byte	0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc
+.byte	0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15
+.byte	0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a
+.byte	0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75
+.byte	0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0
+.byte	0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84
+.byte	0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b
+.byte	0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf
+.byte	0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85
+.byte	0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8
+.byte	0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5
+.byte	0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2
+.byte	0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17
+.byte	0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73
+.byte	0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88
+.byte	0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb
+.byte	0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c
+.byte	0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79
+.byte	0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9
+.byte	0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08
+.byte	0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6
+.byte	0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a
+.byte	0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e
+.byte	0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e
+.byte	0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94
+.byte	0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf
+.byte	0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68
+.byte	0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
+
+.byte	0x01,0x00,0x00,0x00,	0x02,0x00,0x00,0x00	# rcon
+.byte	0x04,0x00,0x00,0x00,	0x08,0x00,0x00,0x00
+.byte	0x10,0x00,0x00,0x00,	0x20,0x00,0x00,0x00
+.byte	0x40,0x00,0x00,0x00,	0x80,0x00,0x00,0x00
+.byte	0x1B,0x00,0x00,0x00,	0x36,0x00,0x00,0x00
+___
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/ge;
+
+	# made-up _instructions, _xtr, _ins, _ror and _bias, cope
+	# with byte order dependencies...
+	if (/^\s+_/) {
+	    s/(_[a-z]+\s+)(\$[0-9]+),([^,]+)(#.*)*$/$1$2,$2,$3/;
+
+	    s/_xtr\s+(\$[0-9]+),(\$[0-9]+),([0-9]+(\-2)*)/
+		sprintf("srl\t$1,$2,%d",$big_endian ?	eval($3)
+					:		eval("24-$3"))/e or
+	    s/_ins\s+(\$[0-9]+),(\$[0-9]+),([0-9]+)/
+		sprintf("sll\t$1,$2,%d",$big_endian ?	eval($3)
+					:		eval("24-$3"))/e or
+	    s/_ins2\s+(\$[0-9]+),(\$[0-9]+),([0-9]+)/
+		sprintf("ins\t$1,$2,%d,8",$big_endian ?	eval($3)
+					:		eval("24-$3"))/e or
+	    s/_ror\s+(\$[0-9]+),(\$[0-9]+),(\-?[0-9]+)/
+		sprintf("srl\t$1,$2,%d",$big_endian ?	eval($3)
+					:		eval("$3*-1"))/e or
+	    s/_bias\s+(\$[0-9]+),(\$[0-9]+),([0-9]+)/
+		sprintf("sll\t$1,$2,%d",$big_endian ?	eval($3)
+					:		eval("($3-16)&31"))/e;
+
+	    s/srl\s+(\$[0-9]+),(\$[0-9]+),\-([0-9]+)/
+		sprintf("sll\t$1,$2,$3")/e				or
+	    s/srl\s+(\$[0-9]+),(\$[0-9]+),0/
+		sprintf("and\t$1,$2,0xff")/e				or
+	    s/(sll\s+\$[0-9]+,\$[0-9]+,0)/#$1/;
+	}
+
+	# convert lwl/lwr and swr/swl to little-endian order
+	if (!$big_endian && /^\s+[sl]w[lr]\s+/) {
+	    s/([sl]wl.*)([0-9]+)\((\$[0-9]+)\)/
+		sprintf("$1%d($3)",eval("$2-$2%4+($2%4-1)&3"))/e	or
+	    s/([sl]wr.*)([0-9]+)\((\$[0-9]+)\)/
+		sprintf("$1%d($3)",eval("$2-$2%4+($2%4+1)&3"))/e;
+	}
+
+	if (!$big_endian) {
+	    s/(rotr\s+\$[0-9]+,\$[0-9]+),([0-9]+)/sprintf("$1,%d",32-$2)/e;
+	    s/(ext\s+\$[0-9]+,\$[0-9]+),([0-9]+),8/sprintf("$1,%d,8",24-$2)/e;
+	}
+
+	print $_,"\n";
+}
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-parisc.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-parisc.pl
new file mode 100644
index 000000000..e817c757f
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-parisc.pl
@@ -0,0 +1,1038 @@
+#! /usr/bin/env perl
+# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# AES for PA-RISC.
+#
+# June 2009.
+#
+# The module is mechanical transliteration of aes-sparcv9.pl, but with
+# a twist: S-boxes are compressed even further down to 1K+256B. On
+# PA-7100LC performance is ~40% better than gcc 3.2 generated code and
+# is about 33 cycles per byte processed with 128-bit key. Newer CPUs
+# perform at 16 cycles per byte. It's not faster than code generated
+# by vendor compiler, but recall that it has compressed S-boxes, which
+# requires extra processing.
+#
+# Special thanks to polarhome.com for providing HP-UX account.
+
+$flavour = shift;
+$output = shift;
+open STDOUT,">$output";
+
+if ($flavour =~ /64/) {
+	$LEVEL		="2.0W";
+	$SIZE_T		=8;
+	$FRAME_MARKER	=80;
+	$SAVED_RP	=16;
+	$PUSH		="std";
+	$PUSHMA		="std,ma";
+	$POP		="ldd";
+	$POPMB		="ldd,mb";
+} else {
+	$LEVEL		="1.0";
+	$SIZE_T		=4;
+	$FRAME_MARKER	=48;
+	$SAVED_RP	=20;
+	$PUSH		="stw";
+	$PUSHMA		="stwm";
+	$POP		="ldw";
+	$POPMB		="ldwm";
+}
+
+$FRAME=16*$SIZE_T+$FRAME_MARKER;# 16 saved regs + frame marker
+				#                 [+ argument transfer]
+$inp="%r26";	# arg0
+$out="%r25";	# arg1
+$key="%r24";	# arg2
+
+($s0,$s1,$s2,$s3) = ("%r1","%r2","%r3","%r4");
+($t0,$t1,$t2,$t3) = ("%r5","%r6","%r7","%r8");
+
+($acc0, $acc1, $acc2, $acc3, $acc4, $acc5, $acc6, $acc7,
+ $acc8, $acc9,$acc10,$acc11,$acc12,$acc13,$acc14,$acc15) =
+("%r9","%r10","%r11","%r12","%r13","%r14","%r15","%r16",
+"%r17","%r18","%r19","%r20","%r21","%r22","%r23","%r26");
+
+$tbl="%r28";
+$rounds="%r29";
+
+$code=<<___;
+	.LEVEL	$LEVEL
+	.SPACE	\$TEXT\$
+	.SUBSPA	\$CODE\$,QUAD=0,ALIGN=8,ACCESS=0x2C,CODE_ONLY
+
+	.EXPORT	AES_encrypt,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR
+	.ALIGN	64
+AES_encrypt
+	.PROC
+	.CALLINFO	FRAME=`$FRAME-16*$SIZE_T`,NO_CALLS,SAVE_RP,ENTRY_GR=18
+	.ENTRY
+	$PUSH	%r2,-$SAVED_RP(%sp)	; standard prologue
+	$PUSHMA	%r3,$FRAME(%sp)
+	$PUSH	%r4,`-$FRAME+1*$SIZE_T`(%sp)
+	$PUSH	%r5,`-$FRAME+2*$SIZE_T`(%sp)
+	$PUSH	%r6,`-$FRAME+3*$SIZE_T`(%sp)
+	$PUSH	%r7,`-$FRAME+4*$SIZE_T`(%sp)
+	$PUSH	%r8,`-$FRAME+5*$SIZE_T`(%sp)
+	$PUSH	%r9,`-$FRAME+6*$SIZE_T`(%sp)
+	$PUSH	%r10,`-$FRAME+7*$SIZE_T`(%sp)
+	$PUSH	%r11,`-$FRAME+8*$SIZE_T`(%sp)
+	$PUSH	%r12,`-$FRAME+9*$SIZE_T`(%sp)
+	$PUSH	%r13,`-$FRAME+10*$SIZE_T`(%sp)
+	$PUSH	%r14,`-$FRAME+11*$SIZE_T`(%sp)
+	$PUSH	%r15,`-$FRAME+12*$SIZE_T`(%sp)
+	$PUSH	%r16,`-$FRAME+13*$SIZE_T`(%sp)
+	$PUSH	%r17,`-$FRAME+14*$SIZE_T`(%sp)
+	$PUSH	%r18,`-$FRAME+15*$SIZE_T`(%sp)
+
+	blr	%r0,$tbl
+	ldi	3,$t0
+L\$enc_pic
+	andcm	$tbl,$t0,$tbl
+	ldo	L\$AES_Te-L\$enc_pic($tbl),$tbl
+
+	and	$inp,$t0,$t0
+	sub	$inp,$t0,$inp
+	ldw	0($inp),$s0
+	ldw	4($inp),$s1
+	ldw	8($inp),$s2
+	comib,=	0,$t0,L\$enc_inp_aligned
+	ldw	12($inp),$s3
+
+	sh3addl	$t0,%r0,$t0
+	subi	32,$t0,$t0
+	mtctl	$t0,%cr11
+	ldw	16($inp),$t1
+	vshd	$s0,$s1,$s0
+	vshd	$s1,$s2,$s1
+	vshd	$s2,$s3,$s2
+	vshd	$s3,$t1,$s3
+
+L\$enc_inp_aligned
+	bl	_parisc_AES_encrypt,%r31
+	nop
+
+	extru,<> $out,31,2,%r0
+	b	L\$enc_out_aligned
+	nop
+
+	_srm	$s0,24,$acc0
+	_srm	$s0,16,$acc1
+	stb	$acc0,0($out)
+	_srm	$s0,8,$acc2
+	stb	$acc1,1($out)
+	_srm	$s1,24,$acc4
+	stb	$acc2,2($out)
+	_srm	$s1,16,$acc5
+	stb	$s0,3($out)
+	_srm	$s1,8,$acc6
+	stb	$acc4,4($out)
+	_srm	$s2,24,$acc0
+	stb	$acc5,5($out)
+	_srm	$s2,16,$acc1
+	stb	$acc6,6($out)
+	_srm	$s2,8,$acc2
+	stb	$s1,7($out)
+	_srm	$s3,24,$acc4
+	stb	$acc0,8($out)
+	_srm	$s3,16,$acc5
+	stb	$acc1,9($out)
+	_srm	$s3,8,$acc6
+	stb	$acc2,10($out)
+	stb	$s2,11($out)
+	stb	$acc4,12($out)
+	stb	$acc5,13($out)
+	stb	$acc6,14($out)
+	b	L\$enc_done
+	stb	$s3,15($out)
+
+L\$enc_out_aligned
+	stw	$s0,0($out)
+	stw	$s1,4($out)
+	stw	$s2,8($out)
+	stw	$s3,12($out)
+
+L\$enc_done
+	$POP	`-$FRAME-$SAVED_RP`(%sp),%r2	; standard epilogue
+	$POP	`-$FRAME+1*$SIZE_T`(%sp),%r4
+	$POP	`-$FRAME+2*$SIZE_T`(%sp),%r5
+	$POP	`-$FRAME+3*$SIZE_T`(%sp),%r6
+	$POP	`-$FRAME+4*$SIZE_T`(%sp),%r7
+	$POP	`-$FRAME+5*$SIZE_T`(%sp),%r8
+	$POP	`-$FRAME+6*$SIZE_T`(%sp),%r9
+	$POP	`-$FRAME+7*$SIZE_T`(%sp),%r10
+	$POP	`-$FRAME+8*$SIZE_T`(%sp),%r11
+	$POP	`-$FRAME+9*$SIZE_T`(%sp),%r12
+	$POP	`-$FRAME+10*$SIZE_T`(%sp),%r13
+	$POP	`-$FRAME+11*$SIZE_T`(%sp),%r14
+	$POP	`-$FRAME+12*$SIZE_T`(%sp),%r15
+	$POP	`-$FRAME+13*$SIZE_T`(%sp),%r16
+	$POP	`-$FRAME+14*$SIZE_T`(%sp),%r17
+	$POP	`-$FRAME+15*$SIZE_T`(%sp),%r18
+	bv	(%r2)
+	.EXIT
+	$POPMB	-$FRAME(%sp),%r3
+	.PROCEND
+
+	.ALIGN	16
+_parisc_AES_encrypt
+	.PROC
+	.CALLINFO	MILLICODE
+	.ENTRY
+	ldw	240($key),$rounds
+	ldw	0($key),$t0
+	ldw	4($key),$t1
+	ldw	8($key),$t2
+	_srm	$rounds,1,$rounds
+	xor	$t0,$s0,$s0
+	ldw	12($key),$t3
+	_srm	$s0,24,$acc0
+	xor	$t1,$s1,$s1
+	ldw	16($key),$t0
+	_srm	$s1,16,$acc1
+	xor	$t2,$s2,$s2
+	ldw	20($key),$t1
+	xor	$t3,$s3,$s3
+	ldw	24($key),$t2
+	ldw	28($key),$t3
+L\$enc_loop
+	_srm	$s2,8,$acc2
+	ldwx,s	$acc0($tbl),$acc0
+	_srm	$s3,0,$acc3
+	ldwx,s	$acc1($tbl),$acc1
+	_srm	$s1,24,$acc4
+	ldwx,s	$acc2($tbl),$acc2
+	_srm	$s2,16,$acc5
+	ldwx,s	$acc3($tbl),$acc3
+	_srm	$s3,8,$acc6
+	ldwx,s	$acc4($tbl),$acc4
+	_srm	$s0,0,$acc7
+	ldwx,s	$acc5($tbl),$acc5
+	_srm	$s2,24,$acc8
+	ldwx,s	$acc6($tbl),$acc6
+	_srm	$s3,16,$acc9
+	ldwx,s	$acc7($tbl),$acc7
+	_srm	$s0,8,$acc10
+	ldwx,s	$acc8($tbl),$acc8
+	_srm	$s1,0,$acc11
+	ldwx,s	$acc9($tbl),$acc9
+	_srm	$s3,24,$acc12
+	ldwx,s	$acc10($tbl),$acc10
+	_srm	$s0,16,$acc13
+	ldwx,s	$acc11($tbl),$acc11
+	_srm	$s1,8,$acc14
+	ldwx,s	$acc12($tbl),$acc12
+	_srm	$s2,0,$acc15
+	ldwx,s	$acc13($tbl),$acc13
+	ldwx,s	$acc14($tbl),$acc14
+	ldwx,s	$acc15($tbl),$acc15
+	addib,= -1,$rounds,L\$enc_last
+	ldo	32($key),$key
+
+		_ror	$acc1,8,$acc1
+		xor	$acc0,$t0,$t0
+	ldw	0($key),$s0
+		_ror	$acc2,16,$acc2
+		xor	$acc1,$t0,$t0
+	ldw	4($key),$s1
+		_ror	$acc3,24,$acc3
+		xor	$acc2,$t0,$t0
+	ldw	8($key),$s2
+		_ror	$acc5,8,$acc5
+		xor	$acc3,$t0,$t0
+	ldw	12($key),$s3
+		_ror	$acc6,16,$acc6
+		xor	$acc4,$t1,$t1
+		_ror	$acc7,24,$acc7
+		xor	$acc5,$t1,$t1
+		_ror	$acc9,8,$acc9
+		xor	$acc6,$t1,$t1
+		_ror	$acc10,16,$acc10
+		xor	$acc7,$t1,$t1
+		_ror	$acc11,24,$acc11
+		xor	$acc8,$t2,$t2
+		_ror	$acc13,8,$acc13
+		xor	$acc9,$t2,$t2
+		_ror	$acc14,16,$acc14
+		xor	$acc10,$t2,$t2
+		_ror	$acc15,24,$acc15
+		xor	$acc11,$t2,$t2
+		xor	$acc12,$acc14,$acc14
+		xor	$acc13,$t3,$t3
+	_srm	$t0,24,$acc0
+		xor	$acc14,$t3,$t3
+	_srm	$t1,16,$acc1
+		xor	$acc15,$t3,$t3
+
+	_srm	$t2,8,$acc2
+	ldwx,s	$acc0($tbl),$acc0
+	_srm	$t3,0,$acc3
+	ldwx,s	$acc1($tbl),$acc1
+	_srm	$t1,24,$acc4
+	ldwx,s	$acc2($tbl),$acc2
+	_srm	$t2,16,$acc5
+	ldwx,s	$acc3($tbl),$acc3
+	_srm	$t3,8,$acc6
+	ldwx,s	$acc4($tbl),$acc4
+	_srm	$t0,0,$acc7
+	ldwx,s	$acc5($tbl),$acc5
+	_srm	$t2,24,$acc8
+	ldwx,s	$acc6($tbl),$acc6
+	_srm	$t3,16,$acc9
+	ldwx,s	$acc7($tbl),$acc7
+	_srm	$t0,8,$acc10
+	ldwx,s	$acc8($tbl),$acc8
+	_srm	$t1,0,$acc11
+	ldwx,s	$acc9($tbl),$acc9
+	_srm	$t3,24,$acc12
+	ldwx,s	$acc10($tbl),$acc10
+	_srm	$t0,16,$acc13
+	ldwx,s	$acc11($tbl),$acc11
+	_srm	$t1,8,$acc14
+	ldwx,s	$acc12($tbl),$acc12
+	_srm	$t2,0,$acc15
+	ldwx,s	$acc13($tbl),$acc13
+		_ror	$acc1,8,$acc1
+	ldwx,s	$acc14($tbl),$acc14
+
+		_ror	$acc2,16,$acc2
+		xor	$acc0,$s0,$s0
+	ldwx,s	$acc15($tbl),$acc15
+		_ror	$acc3,24,$acc3
+		xor	$acc1,$s0,$s0
+	ldw	16($key),$t0
+		_ror	$acc5,8,$acc5
+		xor	$acc2,$s0,$s0
+	ldw	20($key),$t1
+		_ror	$acc6,16,$acc6
+		xor	$acc3,$s0,$s0
+	ldw	24($key),$t2
+		_ror	$acc7,24,$acc7
+		xor	$acc4,$s1,$s1
+	ldw	28($key),$t3
+		_ror	$acc9,8,$acc9
+		xor	$acc5,$s1,$s1
+	ldw	1024+0($tbl),%r0		; prefetch te4
+		_ror	$acc10,16,$acc10
+		xor	$acc6,$s1,$s1
+	ldw	1024+32($tbl),%r0		; prefetch te4
+		_ror	$acc11,24,$acc11
+		xor	$acc7,$s1,$s1
+	ldw	1024+64($tbl),%r0		; prefetch te4
+		_ror	$acc13,8,$acc13
+		xor	$acc8,$s2,$s2
+	ldw	1024+96($tbl),%r0		; prefetch te4
+		_ror	$acc14,16,$acc14
+		xor	$acc9,$s2,$s2
+	ldw	1024+128($tbl),%r0		; prefetch te4
+		_ror	$acc15,24,$acc15
+		xor	$acc10,$s2,$s2
+	ldw	1024+160($tbl),%r0		; prefetch te4
+	_srm	$s0,24,$acc0
+		xor	$acc11,$s2,$s2
+	ldw	1024+192($tbl),%r0		; prefetch te4
+		xor	$acc12,$acc14,$acc14
+		xor	$acc13,$s3,$s3
+	ldw	1024+224($tbl),%r0		; prefetch te4
+	_srm	$s1,16,$acc1
+		xor	$acc14,$s3,$s3
+	b	L\$enc_loop
+		xor	$acc15,$s3,$s3
+
+	.ALIGN	16
+L\$enc_last
+	ldo	1024($tbl),$rounds
+		_ror	$acc1,8,$acc1
+		xor	$acc0,$t0,$t0
+	ldw	0($key),$s0
+		_ror	$acc2,16,$acc2
+		xor	$acc1,$t0,$t0
+	ldw	4($key),$s1
+		_ror	$acc3,24,$acc3
+		xor	$acc2,$t0,$t0
+	ldw	8($key),$s2
+		_ror	$acc5,8,$acc5
+		xor	$acc3,$t0,$t0
+	ldw	12($key),$s3
+		_ror	$acc6,16,$acc6
+		xor	$acc4,$t1,$t1
+		_ror	$acc7,24,$acc7
+		xor	$acc5,$t1,$t1
+		_ror	$acc9,8,$acc9
+		xor	$acc6,$t1,$t1
+		_ror	$acc10,16,$acc10
+		xor	$acc7,$t1,$t1
+		_ror	$acc11,24,$acc11
+		xor	$acc8,$t2,$t2
+		_ror	$acc13,8,$acc13
+		xor	$acc9,$t2,$t2
+		_ror	$acc14,16,$acc14
+		xor	$acc10,$t2,$t2
+		_ror	$acc15,24,$acc15
+		xor	$acc11,$t2,$t2
+		xor	$acc12,$acc14,$acc14
+		xor	$acc13,$t3,$t3
+	_srm	$t0,24,$acc0
+		xor	$acc14,$t3,$t3
+	_srm	$t1,16,$acc1
+		xor	$acc15,$t3,$t3
+
+	_srm	$t2,8,$acc2
+	ldbx	$acc0($rounds),$acc0
+	_srm	$t1,24,$acc4
+	ldbx	$acc1($rounds),$acc1
+	_srm	$t2,16,$acc5
+	_srm	$t3,0,$acc3
+	ldbx	$acc2($rounds),$acc2
+	ldbx	$acc3($rounds),$acc3
+	_srm	$t3,8,$acc6
+	ldbx	$acc4($rounds),$acc4
+	_srm	$t2,24,$acc8
+	ldbx	$acc5($rounds),$acc5
+	_srm	$t3,16,$acc9
+	_srm	$t0,0,$acc7
+	ldbx	$acc6($rounds),$acc6
+	ldbx	$acc7($rounds),$acc7
+	_srm	$t0,8,$acc10
+	ldbx	$acc8($rounds),$acc8
+	_srm	$t3,24,$acc12
+	ldbx	$acc9($rounds),$acc9
+	_srm	$t0,16,$acc13
+	_srm	$t1,0,$acc11
+	ldbx	$acc10($rounds),$acc10
+	_srm	$t1,8,$acc14
+	ldbx	$acc11($rounds),$acc11
+	ldbx	$acc12($rounds),$acc12
+	ldbx	$acc13($rounds),$acc13
+	_srm	$t2,0,$acc15
+	ldbx	$acc14($rounds),$acc14
+
+		dep	$acc0,7,8,$acc3
+	ldbx	$acc15($rounds),$acc15
+		dep	$acc4,7,8,$acc7
+		dep	$acc1,15,8,$acc3
+		dep	$acc5,15,8,$acc7
+		dep	$acc2,23,8,$acc3
+		dep	$acc6,23,8,$acc7
+		xor	$acc3,$s0,$s0
+		xor	$acc7,$s1,$s1
+		dep	$acc8,7,8,$acc11
+		dep	$acc12,7,8,$acc15
+		dep	$acc9,15,8,$acc11
+		dep	$acc13,15,8,$acc15
+		dep	$acc10,23,8,$acc11
+		dep	$acc14,23,8,$acc15
+		xor	$acc11,$s2,$s2
+
+	bv	(%r31)
+	.EXIT
+		xor	$acc15,$s3,$s3
+	.PROCEND
+
+	.ALIGN	64
+L\$AES_Te
+	.WORD	0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d
+	.WORD	0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554
+	.WORD	0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d
+	.WORD	0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a
+	.WORD	0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87
+	.WORD	0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b
+	.WORD	0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea
+	.WORD	0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b
+	.WORD	0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a
+	.WORD	0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f
+	.WORD	0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108
+	.WORD	0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f
+	.WORD	0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e
+	.WORD	0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5
+	.WORD	0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d
+	.WORD	0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f
+	.WORD	0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e
+	.WORD	0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb
+	.WORD	0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce
+	.WORD	0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497
+	.WORD	0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c
+	.WORD	0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed
+	.WORD	0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b
+	.WORD	0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a
+	.WORD	0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16
+	.WORD	0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594
+	.WORD	0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81
+	.WORD	0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3
+	.WORD	0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a
+	.WORD	0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504
+	.WORD	0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163
+	.WORD	0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d
+	.WORD	0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f
+	.WORD	0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739
+	.WORD	0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47
+	.WORD	0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395
+	.WORD	0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f
+	.WORD	0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883
+	.WORD	0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c
+	.WORD	0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76
+	.WORD	0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e
+	.WORD	0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4
+	.WORD	0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6
+	.WORD	0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b
+	.WORD	0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7
+	.WORD	0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0
+	.WORD	0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25
+	.WORD	0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818
+	.WORD	0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72
+	.WORD	0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651
+	.WORD	0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21
+	.WORD	0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85
+	.WORD	0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa
+	.WORD	0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12
+	.WORD	0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0
+	.WORD	0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9
+	.WORD	0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133
+	.WORD	0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7
+	.WORD	0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920
+	.WORD	0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a
+	.WORD	0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17
+	.WORD	0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8
+	.WORD	0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11
+	.WORD	0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a
+	.BYTE	0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5
+	.BYTE	0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76
+	.BYTE	0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0
+	.BYTE	0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0
+	.BYTE	0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc
+	.BYTE	0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15
+	.BYTE	0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a
+	.BYTE	0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75
+	.BYTE	0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0
+	.BYTE	0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84
+	.BYTE	0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b
+	.BYTE	0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf
+	.BYTE	0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85
+	.BYTE	0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8
+	.BYTE	0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5
+	.BYTE	0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2
+	.BYTE	0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17
+	.BYTE	0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73
+	.BYTE	0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88
+	.BYTE	0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb
+	.BYTE	0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c
+	.BYTE	0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79
+	.BYTE	0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9
+	.BYTE	0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08
+	.BYTE	0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6
+	.BYTE	0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a
+	.BYTE	0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e
+	.BYTE	0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e
+	.BYTE	0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94
+	.BYTE	0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf
+	.BYTE	0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68
+	.BYTE	0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
+___
+
+$code.=<<___;
+	.EXPORT	AES_decrypt,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR
+	.ALIGN	16
+AES_decrypt
+	.PROC
+	.CALLINFO	FRAME=`$FRAME-16*$SIZE_T`,NO_CALLS,SAVE_RP,ENTRY_GR=18
+	.ENTRY
+	$PUSH	%r2,-$SAVED_RP(%sp)	; standard prologue
+	$PUSHMA	%r3,$FRAME(%sp)
+	$PUSH	%r4,`-$FRAME+1*$SIZE_T`(%sp)
+	$PUSH	%r5,`-$FRAME+2*$SIZE_T`(%sp)
+	$PUSH	%r6,`-$FRAME+3*$SIZE_T`(%sp)
+	$PUSH	%r7,`-$FRAME+4*$SIZE_T`(%sp)
+	$PUSH	%r8,`-$FRAME+5*$SIZE_T`(%sp)
+	$PUSH	%r9,`-$FRAME+6*$SIZE_T`(%sp)
+	$PUSH	%r10,`-$FRAME+7*$SIZE_T`(%sp)
+	$PUSH	%r11,`-$FRAME+8*$SIZE_T`(%sp)
+	$PUSH	%r12,`-$FRAME+9*$SIZE_T`(%sp)
+	$PUSH	%r13,`-$FRAME+10*$SIZE_T`(%sp)
+	$PUSH	%r14,`-$FRAME+11*$SIZE_T`(%sp)
+	$PUSH	%r15,`-$FRAME+12*$SIZE_T`(%sp)
+	$PUSH	%r16,`-$FRAME+13*$SIZE_T`(%sp)
+	$PUSH	%r17,`-$FRAME+14*$SIZE_T`(%sp)
+	$PUSH	%r18,`-$FRAME+15*$SIZE_T`(%sp)
+
+	blr	%r0,$tbl
+	ldi	3,$t0
+L\$dec_pic
+	andcm	$tbl,$t0,$tbl
+	ldo	L\$AES_Td-L\$dec_pic($tbl),$tbl
+
+	and	$inp,$t0,$t0
+	sub	$inp,$t0,$inp
+	ldw	0($inp),$s0
+	ldw	4($inp),$s1
+	ldw	8($inp),$s2
+	comib,=	0,$t0,L\$dec_inp_aligned
+	ldw	12($inp),$s3
+
+	sh3addl	$t0,%r0,$t0
+	subi	32,$t0,$t0
+	mtctl	$t0,%cr11
+	ldw	16($inp),$t1
+	vshd	$s0,$s1,$s0
+	vshd	$s1,$s2,$s1
+	vshd	$s2,$s3,$s2
+	vshd	$s3,$t1,$s3
+
+L\$dec_inp_aligned
+	bl	_parisc_AES_decrypt,%r31
+	nop
+
+	extru,<> $out,31,2,%r0
+	b	L\$dec_out_aligned
+	nop
+
+	_srm	$s0,24,$acc0
+	_srm	$s0,16,$acc1
+	stb	$acc0,0($out)
+	_srm	$s0,8,$acc2
+	stb	$acc1,1($out)
+	_srm	$s1,24,$acc4
+	stb	$acc2,2($out)
+	_srm	$s1,16,$acc5
+	stb	$s0,3($out)
+	_srm	$s1,8,$acc6
+	stb	$acc4,4($out)
+	_srm	$s2,24,$acc0
+	stb	$acc5,5($out)
+	_srm	$s2,16,$acc1
+	stb	$acc6,6($out)
+	_srm	$s2,8,$acc2
+	stb	$s1,7($out)
+	_srm	$s3,24,$acc4
+	stb	$acc0,8($out)
+	_srm	$s3,16,$acc5
+	stb	$acc1,9($out)
+	_srm	$s3,8,$acc6
+	stb	$acc2,10($out)
+	stb	$s2,11($out)
+	stb	$acc4,12($out)
+	stb	$acc5,13($out)
+	stb	$acc6,14($out)
+	b	L\$dec_done
+	stb	$s3,15($out)
+
+L\$dec_out_aligned
+	stw	$s0,0($out)
+	stw	$s1,4($out)
+	stw	$s2,8($out)
+	stw	$s3,12($out)
+
+L\$dec_done
+	$POP	`-$FRAME-$SAVED_RP`(%sp),%r2	; standard epilogue
+	$POP	`-$FRAME+1*$SIZE_T`(%sp),%r4
+	$POP	`-$FRAME+2*$SIZE_T`(%sp),%r5
+	$POP	`-$FRAME+3*$SIZE_T`(%sp),%r6
+	$POP	`-$FRAME+4*$SIZE_T`(%sp),%r7
+	$POP	`-$FRAME+5*$SIZE_T`(%sp),%r8
+	$POP	`-$FRAME+6*$SIZE_T`(%sp),%r9
+	$POP	`-$FRAME+7*$SIZE_T`(%sp),%r10
+	$POP	`-$FRAME+8*$SIZE_T`(%sp),%r11
+	$POP	`-$FRAME+9*$SIZE_T`(%sp),%r12
+	$POP	`-$FRAME+10*$SIZE_T`(%sp),%r13
+	$POP	`-$FRAME+11*$SIZE_T`(%sp),%r14
+	$POP	`-$FRAME+12*$SIZE_T`(%sp),%r15
+	$POP	`-$FRAME+13*$SIZE_T`(%sp),%r16
+	$POP	`-$FRAME+14*$SIZE_T`(%sp),%r17
+	$POP	`-$FRAME+15*$SIZE_T`(%sp),%r18
+	bv	(%r2)
+	.EXIT
+	$POPMB	-$FRAME(%sp),%r3
+	.PROCEND
+
+	.ALIGN	16
+_parisc_AES_decrypt
+	.PROC
+	.CALLINFO	MILLICODE
+	.ENTRY
+	ldw	240($key),$rounds
+	ldw	0($key),$t0
+	ldw	4($key),$t1
+	ldw	8($key),$t2
+	ldw	12($key),$t3
+	_srm	$rounds,1,$rounds
+	xor	$t0,$s0,$s0
+	ldw	16($key),$t0
+	xor	$t1,$s1,$s1
+	ldw	20($key),$t1
+	_srm	$s0,24,$acc0
+	xor	$t2,$s2,$s2
+	ldw	24($key),$t2
+	xor	$t3,$s3,$s3
+	ldw	28($key),$t3
+	_srm	$s3,16,$acc1
+L\$dec_loop
+	_srm	$s2,8,$acc2
+	ldwx,s	$acc0($tbl),$acc0
+	_srm	$s1,0,$acc3
+	ldwx,s	$acc1($tbl),$acc1
+	_srm	$s1,24,$acc4
+	ldwx,s	$acc2($tbl),$acc2
+	_srm	$s0,16,$acc5
+	ldwx,s	$acc3($tbl),$acc3
+	_srm	$s3,8,$acc6
+	ldwx,s	$acc4($tbl),$acc4
+	_srm	$s2,0,$acc7
+	ldwx,s	$acc5($tbl),$acc5
+	_srm	$s2,24,$acc8
+	ldwx,s	$acc6($tbl),$acc6
+	_srm	$s1,16,$acc9
+	ldwx,s	$acc7($tbl),$acc7
+	_srm	$s0,8,$acc10
+	ldwx,s	$acc8($tbl),$acc8
+	_srm	$s3,0,$acc11
+	ldwx,s	$acc9($tbl),$acc9
+	_srm	$s3,24,$acc12
+	ldwx,s	$acc10($tbl),$acc10
+	_srm	$s2,16,$acc13
+	ldwx,s	$acc11($tbl),$acc11
+	_srm	$s1,8,$acc14
+	ldwx,s	$acc12($tbl),$acc12
+	_srm	$s0,0,$acc15
+	ldwx,s	$acc13($tbl),$acc13
+	ldwx,s	$acc14($tbl),$acc14
+	ldwx,s	$acc15($tbl),$acc15
+	addib,= -1,$rounds,L\$dec_last
+	ldo	32($key),$key
+
+		_ror	$acc1,8,$acc1
+		xor	$acc0,$t0,$t0
+	ldw	0($key),$s0
+		_ror	$acc2,16,$acc2
+		xor	$acc1,$t0,$t0
+	ldw	4($key),$s1
+		_ror	$acc3,24,$acc3
+		xor	$acc2,$t0,$t0
+	ldw	8($key),$s2
+		_ror	$acc5,8,$acc5
+		xor	$acc3,$t0,$t0
+	ldw	12($key),$s3
+		_ror	$acc6,16,$acc6
+		xor	$acc4,$t1,$t1
+		_ror	$acc7,24,$acc7
+		xor	$acc5,$t1,$t1
+		_ror	$acc9,8,$acc9
+		xor	$acc6,$t1,$t1
+		_ror	$acc10,16,$acc10
+		xor	$acc7,$t1,$t1
+		_ror	$acc11,24,$acc11
+		xor	$acc8,$t2,$t2
+		_ror	$acc13,8,$acc13
+		xor	$acc9,$t2,$t2
+		_ror	$acc14,16,$acc14
+		xor	$acc10,$t2,$t2
+		_ror	$acc15,24,$acc15
+		xor	$acc11,$t2,$t2
+		xor	$acc12,$acc14,$acc14
+		xor	$acc13,$t3,$t3
+	_srm	$t0,24,$acc0
+		xor	$acc14,$t3,$t3
+		xor	$acc15,$t3,$t3
+	_srm	$t3,16,$acc1
+
+	_srm	$t2,8,$acc2
+	ldwx,s	$acc0($tbl),$acc0
+	_srm	$t1,0,$acc3
+	ldwx,s	$acc1($tbl),$acc1
+	_srm	$t1,24,$acc4
+	ldwx,s	$acc2($tbl),$acc2
+	_srm	$t0,16,$acc5
+	ldwx,s	$acc3($tbl),$acc3
+	_srm	$t3,8,$acc6
+	ldwx,s	$acc4($tbl),$acc4
+	_srm	$t2,0,$acc7
+	ldwx,s	$acc5($tbl),$acc5
+	_srm	$t2,24,$acc8
+	ldwx,s	$acc6($tbl),$acc6
+	_srm	$t1,16,$acc9
+	ldwx,s	$acc7($tbl),$acc7
+	_srm	$t0,8,$acc10
+	ldwx,s	$acc8($tbl),$acc8
+	_srm	$t3,0,$acc11
+	ldwx,s	$acc9($tbl),$acc9
+	_srm	$t3,24,$acc12
+	ldwx,s	$acc10($tbl),$acc10
+	_srm	$t2,16,$acc13
+	ldwx,s	$acc11($tbl),$acc11
+	_srm	$t1,8,$acc14
+	ldwx,s	$acc12($tbl),$acc12
+	_srm	$t0,0,$acc15
+	ldwx,s	$acc13($tbl),$acc13
+		_ror	$acc1,8,$acc1
+	ldwx,s	$acc14($tbl),$acc14
+
+		_ror	$acc2,16,$acc2
+		xor	$acc0,$s0,$s0
+	ldwx,s	$acc15($tbl),$acc15
+		_ror	$acc3,24,$acc3
+		xor	$acc1,$s0,$s0
+	ldw	16($key),$t0
+		_ror	$acc5,8,$acc5
+		xor	$acc2,$s0,$s0
+	ldw	20($key),$t1
+		_ror	$acc6,16,$acc6
+		xor	$acc3,$s0,$s0
+	ldw	24($key),$t2
+		_ror	$acc7,24,$acc7
+		xor	$acc4,$s1,$s1
+	ldw	28($key),$t3
+		_ror	$acc9,8,$acc9
+		xor	$acc5,$s1,$s1
+	ldw	1024+0($tbl),%r0		; prefetch td4
+		_ror	$acc10,16,$acc10
+		xor	$acc6,$s1,$s1
+	ldw	1024+32($tbl),%r0		; prefetch td4
+		_ror	$acc11,24,$acc11
+		xor	$acc7,$s1,$s1
+	ldw	1024+64($tbl),%r0		; prefetch td4
+		_ror	$acc13,8,$acc13
+		xor	$acc8,$s2,$s2
+	ldw	1024+96($tbl),%r0		; prefetch td4
+		_ror	$acc14,16,$acc14
+		xor	$acc9,$s2,$s2
+	ldw	1024+128($tbl),%r0		; prefetch td4
+		_ror	$acc15,24,$acc15
+		xor	$acc10,$s2,$s2
+	ldw	1024+160($tbl),%r0		; prefetch td4
+	_srm	$s0,24,$acc0
+		xor	$acc11,$s2,$s2
+	ldw	1024+192($tbl),%r0		; prefetch td4
+		xor	$acc12,$acc14,$acc14
+		xor	$acc13,$s3,$s3
+	ldw	1024+224($tbl),%r0		; prefetch td4
+		xor	$acc14,$s3,$s3
+		xor	$acc15,$s3,$s3
+	b	L\$dec_loop
+	_srm	$s3,16,$acc1
+
+	.ALIGN	16
+L\$dec_last
+	ldo	1024($tbl),$rounds
+		_ror	$acc1,8,$acc1
+		xor	$acc0,$t0,$t0
+	ldw	0($key),$s0
+		_ror	$acc2,16,$acc2
+		xor	$acc1,$t0,$t0
+	ldw	4($key),$s1
+		_ror	$acc3,24,$acc3
+		xor	$acc2,$t0,$t0
+	ldw	8($key),$s2
+		_ror	$acc5,8,$acc5
+		xor	$acc3,$t0,$t0
+	ldw	12($key),$s3
+		_ror	$acc6,16,$acc6
+		xor	$acc4,$t1,$t1
+		_ror	$acc7,24,$acc7
+		xor	$acc5,$t1,$t1
+		_ror	$acc9,8,$acc9
+		xor	$acc6,$t1,$t1
+		_ror	$acc10,16,$acc10
+		xor	$acc7,$t1,$t1
+		_ror	$acc11,24,$acc11
+		xor	$acc8,$t2,$t2
+		_ror	$acc13,8,$acc13
+		xor	$acc9,$t2,$t2
+		_ror	$acc14,16,$acc14
+		xor	$acc10,$t2,$t2
+		_ror	$acc15,24,$acc15
+		xor	$acc11,$t2,$t2
+		xor	$acc12,$acc14,$acc14
+		xor	$acc13,$t3,$t3
+	_srm	$t0,24,$acc0
+		xor	$acc14,$t3,$t3
+		xor	$acc15,$t3,$t3
+	_srm	$t3,16,$acc1
+
+	_srm	$t2,8,$acc2
+	ldbx	$acc0($rounds),$acc0
+	_srm	$t1,24,$acc4
+	ldbx	$acc1($rounds),$acc1
+	_srm	$t0,16,$acc5
+	_srm	$t1,0,$acc3
+	ldbx	$acc2($rounds),$acc2
+	ldbx	$acc3($rounds),$acc3
+	_srm	$t3,8,$acc6
+	ldbx	$acc4($rounds),$acc4
+	_srm	$t2,24,$acc8
+	ldbx	$acc5($rounds),$acc5
+	_srm	$t1,16,$acc9
+	_srm	$t2,0,$acc7
+	ldbx	$acc6($rounds),$acc6
+	ldbx	$acc7($rounds),$acc7
+	_srm	$t0,8,$acc10
+	ldbx	$acc8($rounds),$acc8
+	_srm	$t3,24,$acc12
+	ldbx	$acc9($rounds),$acc9
+	_srm	$t2,16,$acc13
+	_srm	$t3,0,$acc11
+	ldbx	$acc10($rounds),$acc10
+	_srm	$t1,8,$acc14
+	ldbx	$acc11($rounds),$acc11
+	ldbx	$acc12($rounds),$acc12
+	ldbx	$acc13($rounds),$acc13
+	_srm	$t0,0,$acc15
+	ldbx	$acc14($rounds),$acc14
+
+		dep	$acc0,7,8,$acc3
+	ldbx	$acc15($rounds),$acc15
+		dep	$acc4,7,8,$acc7
+		dep	$acc1,15,8,$acc3
+		dep	$acc5,15,8,$acc7
+		dep	$acc2,23,8,$acc3
+		dep	$acc6,23,8,$acc7
+		xor	$acc3,$s0,$s0
+		xor	$acc7,$s1,$s1
+		dep	$acc8,7,8,$acc11
+		dep	$acc12,7,8,$acc15
+		dep	$acc9,15,8,$acc11
+		dep	$acc13,15,8,$acc15
+		dep	$acc10,23,8,$acc11
+		dep	$acc14,23,8,$acc15
+		xor	$acc11,$s2,$s2
+
+	bv	(%r31)
+	.EXIT
+		xor	$acc15,$s3,$s3
+	.PROCEND
+
+	.ALIGN	64
+L\$AES_Td
+	.WORD	0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96
+	.WORD	0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393
+	.WORD	0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25
+	.WORD	0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f
+	.WORD	0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1
+	.WORD	0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6
+	.WORD	0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da
+	.WORD	0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844
+	.WORD	0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd
+	.WORD	0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4
+	.WORD	0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45
+	.WORD	0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94
+	.WORD	0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7
+	.WORD	0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a
+	.WORD	0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5
+	.WORD	0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c
+	.WORD	0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1
+	.WORD	0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a
+	.WORD	0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75
+	.WORD	0x0b83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051
+	.WORD	0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46
+	.WORD	0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff
+	.WORD	0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77
+	.WORD	0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb
+	.WORD	0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000
+	.WORD	0x09808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e
+	.WORD	0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927
+	.WORD	0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a
+	.WORD	0x0c0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e
+	.WORD	0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16
+	.WORD	0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d
+	.WORD	0x0e090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8
+	.WORD	0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd
+	.WORD	0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34
+	.WORD	0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163
+	.WORD	0xd731dcca, 0x42638510, 0x13972240, 0x84c61120
+	.WORD	0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d
+	.WORD	0x1d9e2f4b, 0xdcb230f3, 0x0d8652ec, 0x77c1e3d0
+	.WORD	0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422
+	.WORD	0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef
+	.WORD	0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36
+	.WORD	0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4
+	.WORD	0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662
+	.WORD	0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5
+	.WORD	0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3
+	.WORD	0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b
+	.WORD	0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8
+	.WORD	0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6
+	.WORD	0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6
+	.WORD	0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0
+	.WORD	0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815
+	.WORD	0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f
+	.WORD	0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df
+	.WORD	0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f
+	.WORD	0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e
+	.WORD	0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713
+	.WORD	0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89
+	.WORD	0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c
+	.WORD	0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf
+	.WORD	0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86
+	.WORD	0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f
+	.WORD	0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541
+	.WORD	0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190
+	.WORD	0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742
+	.BYTE	0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38
+	.BYTE	0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
+	.BYTE	0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87
+	.BYTE	0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
+	.BYTE	0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d
+	.BYTE	0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
+	.BYTE	0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2
+	.BYTE	0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
+	.BYTE	0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16
+	.BYTE	0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
+	.BYTE	0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda
+	.BYTE	0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
+	.BYTE	0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a
+	.BYTE	0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
+	.BYTE	0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02
+	.BYTE	0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
+	.BYTE	0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea
+	.BYTE	0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
+	.BYTE	0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85
+	.BYTE	0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
+	.BYTE	0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89
+	.BYTE	0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
+	.BYTE	0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20
+	.BYTE	0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
+	.BYTE	0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31
+	.BYTE	0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
+	.BYTE	0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d
+	.BYTE	0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
+	.BYTE	0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0
+	.BYTE	0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
+	.BYTE	0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26
+	.BYTE	0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
+	.STRINGZ "AES for PA-RISC, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+	=~ /GNU assembler/) {
+    $gnuas = 1;
+}
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/ge;
+
+	# translate made up instructions: _ror, _srm
+	s/_ror(\s+)(%r[0-9]+),/shd$1$2,$2,/				or
+
+	s/_srm(\s+%r[0-9]+),([0-9]+),/
+		$SIZE_T==4 ? sprintf("extru%s,%d,8,",$1,31-$2)
+		:            sprintf("extrd,u%s,%d,8,",$1,63-$2)/e;
+
+	s/(\.LEVEL\s+2\.0)W/$1w/	if ($gnuas && $SIZE_T==8);
+	s/\.SPACE\s+\$TEXT\$/.text/	if ($gnuas && $SIZE_T==8);
+	s/\.SUBSPA.*//			if ($gnuas && $SIZE_T==8);
+	s/,\*/,/			if ($SIZE_T==4);
+	s/\bbv\b(.*\(%r2\))/bve$1/	if ($SIZE_T==8);
+
+	print $_,"\n";
+}
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-ppc.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-ppc.pl
new file mode 100644
index 000000000..ca69df4c3
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-ppc.pl
@@ -0,0 +1,1459 @@
+#! /usr/bin/env perl
+# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# Needs more work: key setup, CBC routine...
+#
+# ppc_AES_[en|de]crypt perform at 18 cycles per byte processed with
+# 128-bit key, which is ~40% better than 64-bit code generated by gcc
+# 4.0. But these are not the ones currently used! Their "compact"
+# counterparts are, for security reason. ppc_AES_encrypt_compact runs
+# at 1/2 of ppc_AES_encrypt speed, while ppc_AES_decrypt_compact -
+# at 1/3 of ppc_AES_decrypt.
+
+# February 2010
+#
+# Rescheduling instructions to favour Power6 pipeline gave 10%
+# performance improvement on the platform in question (and marginal
+# improvement even on others). It should be noted that Power6 fails
+# to process byte in 18 cycles, only in 23, because it fails to issue
+# 4 load instructions in two cycles, only in 3. As result non-compact
+# block subroutines are 25% slower than one would expect. Compact
+# functions scale better, because they have pure computational part,
+# which scales perfectly with clock frequency. To be specific
+# ppc_AES_encrypt_compact operates at 42 cycles per byte, while
+# ppc_AES_decrypt_compact - at 55 (in 64-bit build).
+
+$flavour = shift;
+
+if ($flavour =~ /64/) {
+	$SIZE_T	=8;
+	$LRSAVE	=2*$SIZE_T;
+	$STU	="stdu";
+	$POP	="ld";
+	$PUSH	="std";
+} elsif ($flavour =~ /32/) {
+	$SIZE_T	=4;
+	$LRSAVE	=$SIZE_T;
+	$STU	="stwu";
+	$POP	="lwz";
+	$PUSH	="stw";
+} else { die "nonsense $flavour"; }
+
+$LITTLE_ENDIAN = ($flavour=~/le$/) ? $SIZE_T : 0;
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
+die "can't locate ppc-xlate.pl";
+
+open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!";
+
+$FRAME=32*$SIZE_T;
+
+sub _data_word()
+{ my $i;
+    while(defined($i=shift)) { $code.=sprintf"\t.long\t0x%08x,0x%08x\n",$i,$i; }
+}
+
+$sp="r1";
+$toc="r2";
+$inp="r3";
+$out="r4";
+$key="r5";
+
+$Tbl0="r3";
+$Tbl1="r6";
+$Tbl2="r7";
+$Tbl3=$out;	# stay away from "r2"; $out is offloaded to stack
+
+$s0="r8";
+$s1="r9";
+$s2="r10";
+$s3="r11";
+
+$t0="r12";
+$t1="r0";	# stay away from "r13";
+$t2="r14";
+$t3="r15";
+
+$acc00="r16";
+$acc01="r17";
+$acc02="r18";
+$acc03="r19";
+
+$acc04="r20";
+$acc05="r21";
+$acc06="r22";
+$acc07="r23";
+
+$acc08="r24";
+$acc09="r25";
+$acc10="r26";
+$acc11="r27";
+
+$acc12="r28";
+$acc13="r29";
+$acc14="r30";
+$acc15="r31";
+
+$mask80=$Tbl2;
+$mask1b=$Tbl3;
+
+$code.=<<___;
+.machine	"any"
+.text
+
+.align	7
+LAES_Te:
+	mflr	r0
+	bcl	20,31,\$+4
+	mflr	$Tbl0	;    vvvvv "distance" between . and 1st data entry
+	addi	$Tbl0,$Tbl0,`128-8`
+	mtlr	r0
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+	.space	`64-9*4`
+LAES_Td:
+	mflr	r0
+	bcl	20,31,\$+4
+	mflr	$Tbl0	;    vvvvvvvv "distance" between . and 1st data entry
+	addi	$Tbl0,$Tbl0,`128-64-8+2048+256`
+	mtlr	r0
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+	.space	`128-64-9*4`
+___
+&_data_word(
+	0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d,
+	0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554,
+	0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d,
+	0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a,
+	0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87,
+	0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b,
+	0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea,
+	0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b,
+	0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a,
+	0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f,
+	0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108,
+	0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f,
+	0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e,
+	0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5,
+	0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d,
+	0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f,
+	0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e,
+	0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb,
+	0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce,
+	0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497,
+	0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c,
+	0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed,
+	0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b,
+	0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a,
+	0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16,
+	0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594,
+	0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81,
+	0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3,
+	0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a,
+	0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504,
+	0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163,
+	0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d,
+	0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f,
+	0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739,
+	0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47,
+	0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395,
+	0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f,
+	0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883,
+	0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c,
+	0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76,
+	0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e,
+	0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4,
+	0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6,
+	0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b,
+	0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7,
+	0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0,
+	0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25,
+	0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818,
+	0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72,
+	0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651,
+	0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21,
+	0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85,
+	0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa,
+	0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12,
+	0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0,
+	0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9,
+	0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133,
+	0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7,
+	0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920,
+	0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a,
+	0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17,
+	0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8,
+	0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11,
+	0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a);
+$code.=<<___;
+.byte	0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5
+.byte	0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76
+.byte	0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0
+.byte	0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0
+.byte	0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc
+.byte	0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15
+.byte	0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a
+.byte	0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75
+.byte	0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0
+.byte	0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84
+.byte	0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b
+.byte	0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf
+.byte	0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85
+.byte	0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8
+.byte	0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5
+.byte	0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2
+.byte	0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17
+.byte	0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73
+.byte	0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88
+.byte	0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb
+.byte	0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c
+.byte	0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79
+.byte	0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9
+.byte	0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08
+.byte	0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6
+.byte	0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a
+.byte	0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e
+.byte	0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e
+.byte	0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94
+.byte	0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf
+.byte	0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68
+.byte	0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
+___
+&_data_word(
+	0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96,
+	0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393,
+	0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25,
+	0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f,
+	0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1,
+	0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6,
+	0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da,
+	0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844,
+	0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd,
+	0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4,
+	0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45,
+	0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94,
+	0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7,
+	0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a,
+	0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5,
+	0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c,
+	0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1,
+	0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a,
+	0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75,
+	0x0b83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051,
+	0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46,
+	0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff,
+	0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77,
+	0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb,
+	0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000,
+	0x09808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e,
+	0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927,
+	0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a,
+	0x0c0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e,
+	0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16,
+	0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d,
+	0x0e090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8,
+	0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd,
+	0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34,
+	0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163,
+	0xd731dcca, 0x42638510, 0x13972240, 0x84c61120,
+	0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d,
+	0x1d9e2f4b, 0xdcb230f3, 0x0d8652ec, 0x77c1e3d0,
+	0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422,
+	0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef,
+	0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36,
+	0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4,
+	0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662,
+	0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5,
+	0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3,
+	0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b,
+	0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8,
+	0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6,
+	0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6,
+	0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0,
+	0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815,
+	0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f,
+	0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df,
+	0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f,
+	0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e,
+	0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713,
+	0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89,
+	0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c,
+	0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf,
+	0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86,
+	0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f,
+	0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541,
+	0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190,
+	0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742);
+$code.=<<___;
+.byte	0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38
+.byte	0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
+.byte	0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87
+.byte	0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
+.byte	0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d
+.byte	0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
+.byte	0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2
+.byte	0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
+.byte	0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16
+.byte	0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
+.byte	0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda
+.byte	0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
+.byte	0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a
+.byte	0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
+.byte	0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02
+.byte	0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
+.byte	0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea
+.byte	0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
+.byte	0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85
+.byte	0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
+.byte	0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89
+.byte	0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
+.byte	0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20
+.byte	0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
+.byte	0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31
+.byte	0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
+.byte	0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d
+.byte	0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
+.byte	0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0
+.byte	0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
+.byte	0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26
+.byte	0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
+
+
+.globl	.AES_encrypt
+.align	7
+.AES_encrypt:
+	$STU	$sp,-$FRAME($sp)
+	mflr	r0
+
+	$PUSH	$out,`$FRAME-$SIZE_T*19`($sp)
+	$PUSH	r14,`$FRAME-$SIZE_T*18`($sp)
+	$PUSH	r15,`$FRAME-$SIZE_T*17`($sp)
+	$PUSH	r16,`$FRAME-$SIZE_T*16`($sp)
+	$PUSH	r17,`$FRAME-$SIZE_T*15`($sp)
+	$PUSH	r18,`$FRAME-$SIZE_T*14`($sp)
+	$PUSH	r19,`$FRAME-$SIZE_T*13`($sp)
+	$PUSH	r20,`$FRAME-$SIZE_T*12`($sp)
+	$PUSH	r21,`$FRAME-$SIZE_T*11`($sp)
+	$PUSH	r22,`$FRAME-$SIZE_T*10`($sp)
+	$PUSH	r23,`$FRAME-$SIZE_T*9`($sp)
+	$PUSH	r24,`$FRAME-$SIZE_T*8`($sp)
+	$PUSH	r25,`$FRAME-$SIZE_T*7`($sp)
+	$PUSH	r26,`$FRAME-$SIZE_T*6`($sp)
+	$PUSH	r27,`$FRAME-$SIZE_T*5`($sp)
+	$PUSH	r28,`$FRAME-$SIZE_T*4`($sp)
+	$PUSH	r29,`$FRAME-$SIZE_T*3`($sp)
+	$PUSH	r30,`$FRAME-$SIZE_T*2`($sp)
+	$PUSH	r31,`$FRAME-$SIZE_T*1`($sp)
+	$PUSH	r0,`$FRAME+$LRSAVE`($sp)
+
+	andi.	$t0,$inp,3
+	andi.	$t1,$out,3
+	or.	$t0,$t0,$t1
+	bne	Lenc_unaligned
+
+Lenc_unaligned_ok:
+___
+$code.=<<___ if (!$LITTLE_ENDIAN);
+	lwz	$s0,0($inp)
+	lwz	$s1,4($inp)
+	lwz	$s2,8($inp)
+	lwz	$s3,12($inp)
+___
+$code.=<<___ if ($LITTLE_ENDIAN);
+	lwz	$t0,0($inp)
+	lwz	$t1,4($inp)
+	lwz	$t2,8($inp)
+	lwz	$t3,12($inp)
+	rotlwi	$s0,$t0,8
+	rotlwi	$s1,$t1,8
+	rotlwi	$s2,$t2,8
+	rotlwi	$s3,$t3,8
+	rlwimi	$s0,$t0,24,0,7
+	rlwimi	$s1,$t1,24,0,7
+	rlwimi	$s2,$t2,24,0,7
+	rlwimi	$s3,$t3,24,0,7
+	rlwimi	$s0,$t0,24,16,23
+	rlwimi	$s1,$t1,24,16,23
+	rlwimi	$s2,$t2,24,16,23
+	rlwimi	$s3,$t3,24,16,23
+___
+$code.=<<___;
+	bl	LAES_Te
+	bl	Lppc_AES_encrypt_compact
+	$POP	$out,`$FRAME-$SIZE_T*19`($sp)
+___
+$code.=<<___ if ($LITTLE_ENDIAN);
+	rotlwi	$t0,$s0,8
+	rotlwi	$t1,$s1,8
+	rotlwi	$t2,$s2,8
+	rotlwi	$t3,$s3,8
+	rlwimi	$t0,$s0,24,0,7
+	rlwimi	$t1,$s1,24,0,7
+	rlwimi	$t2,$s2,24,0,7
+	rlwimi	$t3,$s3,24,0,7
+	rlwimi	$t0,$s0,24,16,23
+	rlwimi	$t1,$s1,24,16,23
+	rlwimi	$t2,$s2,24,16,23
+	rlwimi	$t3,$s3,24,16,23
+	stw	$t0,0($out)
+	stw	$t1,4($out)
+	stw	$t2,8($out)
+	stw	$t3,12($out)
+___
+$code.=<<___ if (!$LITTLE_ENDIAN);
+	stw	$s0,0($out)
+	stw	$s1,4($out)
+	stw	$s2,8($out)
+	stw	$s3,12($out)
+___
+$code.=<<___;
+	b	Lenc_done
+
+Lenc_unaligned:
+	subfic	$t0,$inp,4096
+	subfic	$t1,$out,4096
+	andi.	$t0,$t0,4096-16
+	beq	Lenc_xpage
+	andi.	$t1,$t1,4096-16
+	bne	Lenc_unaligned_ok
+
+Lenc_xpage:
+	lbz	$acc00,0($inp)
+	lbz	$acc01,1($inp)
+	lbz	$acc02,2($inp)
+	lbz	$s0,3($inp)
+	lbz	$acc04,4($inp)
+	lbz	$acc05,5($inp)
+	lbz	$acc06,6($inp)
+	lbz	$s1,7($inp)
+	lbz	$acc08,8($inp)
+	lbz	$acc09,9($inp)
+	lbz	$acc10,10($inp)
+	insrwi	$s0,$acc00,8,0
+	lbz	$s2,11($inp)
+	insrwi	$s1,$acc04,8,0
+	lbz	$acc12,12($inp)
+	insrwi	$s0,$acc01,8,8
+	lbz	$acc13,13($inp)
+	insrwi	$s1,$acc05,8,8
+	lbz	$acc14,14($inp)
+	insrwi	$s0,$acc02,8,16
+	lbz	$s3,15($inp)
+	insrwi	$s1,$acc06,8,16
+	insrwi	$s2,$acc08,8,0
+	insrwi	$s3,$acc12,8,0
+	insrwi	$s2,$acc09,8,8
+	insrwi	$s3,$acc13,8,8
+	insrwi	$s2,$acc10,8,16
+	insrwi	$s3,$acc14,8,16
+
+	bl	LAES_Te
+	bl	Lppc_AES_encrypt_compact
+	$POP	$out,`$FRAME-$SIZE_T*19`($sp)
+
+	extrwi	$acc00,$s0,8,0
+	extrwi	$acc01,$s0,8,8
+	stb	$acc00,0($out)
+	extrwi	$acc02,$s0,8,16
+	stb	$acc01,1($out)
+	stb	$acc02,2($out)
+	extrwi	$acc04,$s1,8,0
+	stb	$s0,3($out)
+	extrwi	$acc05,$s1,8,8
+	stb	$acc04,4($out)
+	extrwi	$acc06,$s1,8,16
+	stb	$acc05,5($out)
+	stb	$acc06,6($out)
+	extrwi	$acc08,$s2,8,0
+	stb	$s1,7($out)
+	extrwi	$acc09,$s2,8,8
+	stb	$acc08,8($out)
+	extrwi	$acc10,$s2,8,16
+	stb	$acc09,9($out)
+	stb	$acc10,10($out)
+	extrwi	$acc12,$s3,8,0
+	stb	$s2,11($out)
+	extrwi	$acc13,$s3,8,8
+	stb	$acc12,12($out)
+	extrwi	$acc14,$s3,8,16
+	stb	$acc13,13($out)
+	stb	$acc14,14($out)
+	stb	$s3,15($out)
+
+Lenc_done:
+	$POP	r0,`$FRAME+$LRSAVE`($sp)
+	$POP	r14,`$FRAME-$SIZE_T*18`($sp)
+	$POP	r15,`$FRAME-$SIZE_T*17`($sp)
+	$POP	r16,`$FRAME-$SIZE_T*16`($sp)
+	$POP	r17,`$FRAME-$SIZE_T*15`($sp)
+	$POP	r18,`$FRAME-$SIZE_T*14`($sp)
+	$POP	r19,`$FRAME-$SIZE_T*13`($sp)
+	$POP	r20,`$FRAME-$SIZE_T*12`($sp)
+	$POP	r21,`$FRAME-$SIZE_T*11`($sp)
+	$POP	r22,`$FRAME-$SIZE_T*10`($sp)
+	$POP	r23,`$FRAME-$SIZE_T*9`($sp)
+	$POP	r24,`$FRAME-$SIZE_T*8`($sp)
+	$POP	r25,`$FRAME-$SIZE_T*7`($sp)
+	$POP	r26,`$FRAME-$SIZE_T*6`($sp)
+	$POP	r27,`$FRAME-$SIZE_T*5`($sp)
+	$POP	r28,`$FRAME-$SIZE_T*4`($sp)
+	$POP	r29,`$FRAME-$SIZE_T*3`($sp)
+	$POP	r30,`$FRAME-$SIZE_T*2`($sp)
+	$POP	r31,`$FRAME-$SIZE_T*1`($sp)
+	mtlr	r0
+	addi	$sp,$sp,$FRAME
+	blr
+	.long	0
+	.byte	0,12,4,1,0x80,18,3,0
+	.long	0
+
+.align	5
+Lppc_AES_encrypt:
+	lwz	$acc00,240($key)
+	addi	$Tbl1,$Tbl0,3
+	lwz	$t0,0($key)
+	addi	$Tbl2,$Tbl0,2
+	lwz	$t1,4($key)
+	addi	$Tbl3,$Tbl0,1
+	lwz	$t2,8($key)
+	addi	$acc00,$acc00,-1
+	lwz	$t3,12($key)
+	addi	$key,$key,16
+	xor	$s0,$s0,$t0
+	xor	$s1,$s1,$t1
+	xor	$s2,$s2,$t2
+	xor	$s3,$s3,$t3
+	mtctr	$acc00
+.align	4
+Lenc_loop:
+	rlwinm	$acc00,$s0,`32-24+3`,21,28
+	rlwinm	$acc01,$s1,`32-24+3`,21,28
+	rlwinm	$acc02,$s2,`32-24+3`,21,28
+	rlwinm	$acc03,$s3,`32-24+3`,21,28
+	lwz	$t0,0($key)
+	rlwinm	$acc04,$s1,`32-16+3`,21,28
+	lwz	$t1,4($key)
+	rlwinm	$acc05,$s2,`32-16+3`,21,28
+	lwz	$t2,8($key)
+	rlwinm	$acc06,$s3,`32-16+3`,21,28
+	lwz	$t3,12($key)
+	rlwinm	$acc07,$s0,`32-16+3`,21,28
+	lwzx	$acc00,$Tbl0,$acc00
+	rlwinm	$acc08,$s2,`32-8+3`,21,28
+	lwzx	$acc01,$Tbl0,$acc01
+	rlwinm	$acc09,$s3,`32-8+3`,21,28
+	lwzx	$acc02,$Tbl0,$acc02
+	rlwinm	$acc10,$s0,`32-8+3`,21,28
+	lwzx	$acc03,$Tbl0,$acc03
+	rlwinm	$acc11,$s1,`32-8+3`,21,28
+	lwzx	$acc04,$Tbl1,$acc04
+	rlwinm	$acc12,$s3,`0+3`,21,28
+	lwzx	$acc05,$Tbl1,$acc05
+	rlwinm	$acc13,$s0,`0+3`,21,28
+	lwzx	$acc06,$Tbl1,$acc06
+	rlwinm	$acc14,$s1,`0+3`,21,28
+	lwzx	$acc07,$Tbl1,$acc07
+	rlwinm	$acc15,$s2,`0+3`,21,28
+	lwzx	$acc08,$Tbl2,$acc08
+	xor	$t0,$t0,$acc00
+	lwzx	$acc09,$Tbl2,$acc09
+	xor	$t1,$t1,$acc01
+	lwzx	$acc10,$Tbl2,$acc10
+	xor	$t2,$t2,$acc02
+	lwzx	$acc11,$Tbl2,$acc11
+	xor	$t3,$t3,$acc03
+	lwzx	$acc12,$Tbl3,$acc12
+	xor	$t0,$t0,$acc04
+	lwzx	$acc13,$Tbl3,$acc13
+	xor	$t1,$t1,$acc05
+	lwzx	$acc14,$Tbl3,$acc14
+	xor	$t2,$t2,$acc06
+	lwzx	$acc15,$Tbl3,$acc15
+	xor	$t3,$t3,$acc07
+	xor	$t0,$t0,$acc08
+	xor	$t1,$t1,$acc09
+	xor	$t2,$t2,$acc10
+	xor	$t3,$t3,$acc11
+	xor	$s0,$t0,$acc12
+	xor	$s1,$t1,$acc13
+	xor	$s2,$t2,$acc14
+	xor	$s3,$t3,$acc15
+	addi	$key,$key,16
+	bdnz	Lenc_loop
+
+	addi	$Tbl2,$Tbl0,2048
+	nop
+	lwz	$t0,0($key)
+	rlwinm	$acc00,$s0,`32-24`,24,31
+	lwz	$t1,4($key)
+	rlwinm	$acc01,$s1,`32-24`,24,31
+	lwz	$t2,8($key)
+	rlwinm	$acc02,$s2,`32-24`,24,31
+	lwz	$t3,12($key)
+	rlwinm	$acc03,$s3,`32-24`,24,31
+	lwz	$acc08,`2048+0`($Tbl0)	! prefetch Te4
+	rlwinm	$acc04,$s1,`32-16`,24,31
+	lwz	$acc09,`2048+32`($Tbl0)
+	rlwinm	$acc05,$s2,`32-16`,24,31
+	lwz	$acc10,`2048+64`($Tbl0)
+	rlwinm	$acc06,$s3,`32-16`,24,31
+	lwz	$acc11,`2048+96`($Tbl0)
+	rlwinm	$acc07,$s0,`32-16`,24,31
+	lwz	$acc12,`2048+128`($Tbl0)
+	rlwinm	$acc08,$s2,`32-8`,24,31
+	lwz	$acc13,`2048+160`($Tbl0)
+	rlwinm	$acc09,$s3,`32-8`,24,31
+	lwz	$acc14,`2048+192`($Tbl0)
+	rlwinm	$acc10,$s0,`32-8`,24,31
+	lwz	$acc15,`2048+224`($Tbl0)
+	rlwinm	$acc11,$s1,`32-8`,24,31
+	lbzx	$acc00,$Tbl2,$acc00
+	rlwinm	$acc12,$s3,`0`,24,31
+	lbzx	$acc01,$Tbl2,$acc01
+	rlwinm	$acc13,$s0,`0`,24,31
+	lbzx	$acc02,$Tbl2,$acc02
+	rlwinm	$acc14,$s1,`0`,24,31
+	lbzx	$acc03,$Tbl2,$acc03
+	rlwinm	$acc15,$s2,`0`,24,31
+	lbzx	$acc04,$Tbl2,$acc04
+	rlwinm	$s0,$acc00,24,0,7
+	lbzx	$acc05,$Tbl2,$acc05
+	rlwinm	$s1,$acc01,24,0,7
+	lbzx	$acc06,$Tbl2,$acc06
+	rlwinm	$s2,$acc02,24,0,7
+	lbzx	$acc07,$Tbl2,$acc07
+	rlwinm	$s3,$acc03,24,0,7
+	lbzx	$acc08,$Tbl2,$acc08
+	rlwimi	$s0,$acc04,16,8,15
+	lbzx	$acc09,$Tbl2,$acc09
+	rlwimi	$s1,$acc05,16,8,15
+	lbzx	$acc10,$Tbl2,$acc10
+	rlwimi	$s2,$acc06,16,8,15
+	lbzx	$acc11,$Tbl2,$acc11
+	rlwimi	$s3,$acc07,16,8,15
+	lbzx	$acc12,$Tbl2,$acc12
+	rlwimi	$s0,$acc08,8,16,23
+	lbzx	$acc13,$Tbl2,$acc13
+	rlwimi	$s1,$acc09,8,16,23
+	lbzx	$acc14,$Tbl2,$acc14
+	rlwimi	$s2,$acc10,8,16,23
+	lbzx	$acc15,$Tbl2,$acc15
+	rlwimi	$s3,$acc11,8,16,23
+	or	$s0,$s0,$acc12
+	or	$s1,$s1,$acc13
+	or	$s2,$s2,$acc14
+	or	$s3,$s3,$acc15
+	xor	$s0,$s0,$t0
+	xor	$s1,$s1,$t1
+	xor	$s2,$s2,$t2
+	xor	$s3,$s3,$t3
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+
+.align	4
+Lppc_AES_encrypt_compact:
+	lwz	$acc00,240($key)
+	addi	$Tbl1,$Tbl0,2048
+	lwz	$t0,0($key)
+	lis	$mask80,0x8080
+	lwz	$t1,4($key)
+	lis	$mask1b,0x1b1b
+	lwz	$t2,8($key)
+	ori	$mask80,$mask80,0x8080
+	lwz	$t3,12($key)
+	ori	$mask1b,$mask1b,0x1b1b
+	addi	$key,$key,16
+	mtctr	$acc00
+.align	4
+Lenc_compact_loop:
+	xor	$s0,$s0,$t0
+	xor	$s1,$s1,$t1
+	rlwinm	$acc00,$s0,`32-24`,24,31
+	xor	$s2,$s2,$t2
+	rlwinm	$acc01,$s1,`32-24`,24,31
+	xor	$s3,$s3,$t3
+	rlwinm	$acc02,$s2,`32-24`,24,31
+	rlwinm	$acc03,$s3,`32-24`,24,31
+	rlwinm	$acc04,$s1,`32-16`,24,31
+	rlwinm	$acc05,$s2,`32-16`,24,31
+	rlwinm	$acc06,$s3,`32-16`,24,31
+	rlwinm	$acc07,$s0,`32-16`,24,31
+	lbzx	$acc00,$Tbl1,$acc00
+	rlwinm	$acc08,$s2,`32-8`,24,31
+	lbzx	$acc01,$Tbl1,$acc01
+	rlwinm	$acc09,$s3,`32-8`,24,31
+	lbzx	$acc02,$Tbl1,$acc02
+	rlwinm	$acc10,$s0,`32-8`,24,31
+	lbzx	$acc03,$Tbl1,$acc03
+	rlwinm	$acc11,$s1,`32-8`,24,31
+	lbzx	$acc04,$Tbl1,$acc04
+	rlwinm	$acc12,$s3,`0`,24,31
+	lbzx	$acc05,$Tbl1,$acc05
+	rlwinm	$acc13,$s0,`0`,24,31
+	lbzx	$acc06,$Tbl1,$acc06
+	rlwinm	$acc14,$s1,`0`,24,31
+	lbzx	$acc07,$Tbl1,$acc07
+	rlwinm	$acc15,$s2,`0`,24,31
+	lbzx	$acc08,$Tbl1,$acc08
+	rlwinm	$s0,$acc00,24,0,7
+	lbzx	$acc09,$Tbl1,$acc09
+	rlwinm	$s1,$acc01,24,0,7
+	lbzx	$acc10,$Tbl1,$acc10
+	rlwinm	$s2,$acc02,24,0,7
+	lbzx	$acc11,$Tbl1,$acc11
+	rlwinm	$s3,$acc03,24,0,7
+	lbzx	$acc12,$Tbl1,$acc12
+	rlwimi	$s0,$acc04,16,8,15
+	lbzx	$acc13,$Tbl1,$acc13
+	rlwimi	$s1,$acc05,16,8,15
+	lbzx	$acc14,$Tbl1,$acc14
+	rlwimi	$s2,$acc06,16,8,15
+	lbzx	$acc15,$Tbl1,$acc15
+	rlwimi	$s3,$acc07,16,8,15
+	rlwimi	$s0,$acc08,8,16,23
+	rlwimi	$s1,$acc09,8,16,23
+	rlwimi	$s2,$acc10,8,16,23
+	rlwimi	$s3,$acc11,8,16,23
+	lwz	$t0,0($key)
+	or	$s0,$s0,$acc12
+	lwz	$t1,4($key)
+	or	$s1,$s1,$acc13
+	lwz	$t2,8($key)
+	or	$s2,$s2,$acc14
+	lwz	$t3,12($key)
+	or	$s3,$s3,$acc15
+
+	addi	$key,$key,16
+	bdz	Lenc_compact_done
+
+	and	$acc00,$s0,$mask80	# r1=r0&0x80808080
+	and	$acc01,$s1,$mask80
+	and	$acc02,$s2,$mask80
+	and	$acc03,$s3,$mask80
+	srwi	$acc04,$acc00,7		# r1>>7
+	andc	$acc08,$s0,$mask80	# r0&0x7f7f7f7f
+	srwi	$acc05,$acc01,7
+	andc	$acc09,$s1,$mask80
+	srwi	$acc06,$acc02,7
+	andc	$acc10,$s2,$mask80
+	srwi	$acc07,$acc03,7
+	andc	$acc11,$s3,$mask80
+	sub	$acc00,$acc00,$acc04	# r1-(r1>>7)
+	sub	$acc01,$acc01,$acc05
+	sub	$acc02,$acc02,$acc06
+	sub	$acc03,$acc03,$acc07
+	add	$acc08,$acc08,$acc08	# (r0&0x7f7f7f7f)<<1
+	add	$acc09,$acc09,$acc09
+	add	$acc10,$acc10,$acc10
+	add	$acc11,$acc11,$acc11
+	and	$acc00,$acc00,$mask1b	# (r1-(r1>>7))&0x1b1b1b1b
+	and	$acc01,$acc01,$mask1b
+	and	$acc02,$acc02,$mask1b
+	and	$acc03,$acc03,$mask1b
+	xor	$acc00,$acc00,$acc08	# r2
+	xor	$acc01,$acc01,$acc09
+	 rotlwi	$acc12,$s0,16		# ROTATE(r0,16)
+	xor	$acc02,$acc02,$acc10
+	 rotlwi	$acc13,$s1,16
+	xor	$acc03,$acc03,$acc11
+	 rotlwi	$acc14,$s2,16
+
+	xor	$s0,$s0,$acc00		# r0^r2
+	rotlwi	$acc15,$s3,16
+	xor	$s1,$s1,$acc01
+	rotrwi	$s0,$s0,24		# ROTATE(r2^r0,24)
+	xor	$s2,$s2,$acc02
+	rotrwi	$s1,$s1,24
+	xor	$s3,$s3,$acc03
+	rotrwi	$s2,$s2,24
+	xor	$s0,$s0,$acc00		# ROTATE(r2^r0,24)^r2
+	rotrwi	$s3,$s3,24
+	xor	$s1,$s1,$acc01
+	xor	$s2,$s2,$acc02
+	xor	$s3,$s3,$acc03
+	rotlwi	$acc08,$acc12,8		# ROTATE(r0,24)
+	xor	$s0,$s0,$acc12		#
+	rotlwi	$acc09,$acc13,8
+	xor	$s1,$s1,$acc13
+	rotlwi	$acc10,$acc14,8
+	xor	$s2,$s2,$acc14
+	rotlwi	$acc11,$acc15,8
+	xor	$s3,$s3,$acc15
+	xor	$s0,$s0,$acc08		#
+	xor	$s1,$s1,$acc09
+	xor	$s2,$s2,$acc10
+	xor	$s3,$s3,$acc11
+
+	b	Lenc_compact_loop
+.align	4
+Lenc_compact_done:
+	xor	$s0,$s0,$t0
+	xor	$s1,$s1,$t1
+	xor	$s2,$s2,$t2
+	xor	$s3,$s3,$t3
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+.size	.AES_encrypt,.-.AES_encrypt
+
+.globl	.AES_decrypt
+.align	7
+.AES_decrypt:
+	$STU	$sp,-$FRAME($sp)
+	mflr	r0
+
+	$PUSH	$out,`$FRAME-$SIZE_T*19`($sp)
+	$PUSH	r14,`$FRAME-$SIZE_T*18`($sp)
+	$PUSH	r15,`$FRAME-$SIZE_T*17`($sp)
+	$PUSH	r16,`$FRAME-$SIZE_T*16`($sp)
+	$PUSH	r17,`$FRAME-$SIZE_T*15`($sp)
+	$PUSH	r18,`$FRAME-$SIZE_T*14`($sp)
+	$PUSH	r19,`$FRAME-$SIZE_T*13`($sp)
+	$PUSH	r20,`$FRAME-$SIZE_T*12`($sp)
+	$PUSH	r21,`$FRAME-$SIZE_T*11`($sp)
+	$PUSH	r22,`$FRAME-$SIZE_T*10`($sp)
+	$PUSH	r23,`$FRAME-$SIZE_T*9`($sp)
+	$PUSH	r24,`$FRAME-$SIZE_T*8`($sp)
+	$PUSH	r25,`$FRAME-$SIZE_T*7`($sp)
+	$PUSH	r26,`$FRAME-$SIZE_T*6`($sp)
+	$PUSH	r27,`$FRAME-$SIZE_T*5`($sp)
+	$PUSH	r28,`$FRAME-$SIZE_T*4`($sp)
+	$PUSH	r29,`$FRAME-$SIZE_T*3`($sp)
+	$PUSH	r30,`$FRAME-$SIZE_T*2`($sp)
+	$PUSH	r31,`$FRAME-$SIZE_T*1`($sp)
+	$PUSH	r0,`$FRAME+$LRSAVE`($sp)
+
+	andi.	$t0,$inp,3
+	andi.	$t1,$out,3
+	or.	$t0,$t0,$t1
+	bne	Ldec_unaligned
+
+Ldec_unaligned_ok:
+___
+$code.=<<___ if (!$LITTLE_ENDIAN);
+	lwz	$s0,0($inp)
+	lwz	$s1,4($inp)
+	lwz	$s2,8($inp)
+	lwz	$s3,12($inp)
+___
+$code.=<<___ if ($LITTLE_ENDIAN);
+	lwz	$t0,0($inp)
+	lwz	$t1,4($inp)
+	lwz	$t2,8($inp)
+	lwz	$t3,12($inp)
+	rotlwi	$s0,$t0,8
+	rotlwi	$s1,$t1,8
+	rotlwi	$s2,$t2,8
+	rotlwi	$s3,$t3,8
+	rlwimi	$s0,$t0,24,0,7
+	rlwimi	$s1,$t1,24,0,7
+	rlwimi	$s2,$t2,24,0,7
+	rlwimi	$s3,$t3,24,0,7
+	rlwimi	$s0,$t0,24,16,23
+	rlwimi	$s1,$t1,24,16,23
+	rlwimi	$s2,$t2,24,16,23
+	rlwimi	$s3,$t3,24,16,23
+___
+$code.=<<___;
+	bl	LAES_Td
+	bl	Lppc_AES_decrypt_compact
+	$POP	$out,`$FRAME-$SIZE_T*19`($sp)
+___
+$code.=<<___ if ($LITTLE_ENDIAN);
+	rotlwi	$t0,$s0,8
+	rotlwi	$t1,$s1,8
+	rotlwi	$t2,$s2,8
+	rotlwi	$t3,$s3,8
+	rlwimi	$t0,$s0,24,0,7
+	rlwimi	$t1,$s1,24,0,7
+	rlwimi	$t2,$s2,24,0,7
+	rlwimi	$t3,$s3,24,0,7
+	rlwimi	$t0,$s0,24,16,23
+	rlwimi	$t1,$s1,24,16,23
+	rlwimi	$t2,$s2,24,16,23
+	rlwimi	$t3,$s3,24,16,23
+	stw	$t0,0($out)
+	stw	$t1,4($out)
+	stw	$t2,8($out)
+	stw	$t3,12($out)
+___
+$code.=<<___ if (!$LITTLE_ENDIAN);
+	stw	$s0,0($out)
+	stw	$s1,4($out)
+	stw	$s2,8($out)
+	stw	$s3,12($out)
+___
+$code.=<<___;
+	b	Ldec_done
+
+Ldec_unaligned:
+	subfic	$t0,$inp,4096
+	subfic	$t1,$out,4096
+	andi.	$t0,$t0,4096-16
+	beq	Ldec_xpage
+	andi.	$t1,$t1,4096-16
+	bne	Ldec_unaligned_ok
+
+Ldec_xpage:
+	lbz	$acc00,0($inp)
+	lbz	$acc01,1($inp)
+	lbz	$acc02,2($inp)
+	lbz	$s0,3($inp)
+	lbz	$acc04,4($inp)
+	lbz	$acc05,5($inp)
+	lbz	$acc06,6($inp)
+	lbz	$s1,7($inp)
+	lbz	$acc08,8($inp)
+	lbz	$acc09,9($inp)
+	lbz	$acc10,10($inp)
+	insrwi	$s0,$acc00,8,0
+	lbz	$s2,11($inp)
+	insrwi	$s1,$acc04,8,0
+	lbz	$acc12,12($inp)
+	insrwi	$s0,$acc01,8,8
+	lbz	$acc13,13($inp)
+	insrwi	$s1,$acc05,8,8
+	lbz	$acc14,14($inp)
+	insrwi	$s0,$acc02,8,16
+	lbz	$s3,15($inp)
+	insrwi	$s1,$acc06,8,16
+	insrwi	$s2,$acc08,8,0
+	insrwi	$s3,$acc12,8,0
+	insrwi	$s2,$acc09,8,8
+	insrwi	$s3,$acc13,8,8
+	insrwi	$s2,$acc10,8,16
+	insrwi	$s3,$acc14,8,16
+
+	bl	LAES_Td
+	bl	Lppc_AES_decrypt_compact
+	$POP	$out,`$FRAME-$SIZE_T*19`($sp)
+
+	extrwi	$acc00,$s0,8,0
+	extrwi	$acc01,$s0,8,8
+	stb	$acc00,0($out)
+	extrwi	$acc02,$s0,8,16
+	stb	$acc01,1($out)
+	stb	$acc02,2($out)
+	extrwi	$acc04,$s1,8,0
+	stb	$s0,3($out)
+	extrwi	$acc05,$s1,8,8
+	stb	$acc04,4($out)
+	extrwi	$acc06,$s1,8,16
+	stb	$acc05,5($out)
+	stb	$acc06,6($out)
+	extrwi	$acc08,$s2,8,0
+	stb	$s1,7($out)
+	extrwi	$acc09,$s2,8,8
+	stb	$acc08,8($out)
+	extrwi	$acc10,$s2,8,16
+	stb	$acc09,9($out)
+	stb	$acc10,10($out)
+	extrwi	$acc12,$s3,8,0
+	stb	$s2,11($out)
+	extrwi	$acc13,$s3,8,8
+	stb	$acc12,12($out)
+	extrwi	$acc14,$s3,8,16
+	stb	$acc13,13($out)
+	stb	$acc14,14($out)
+	stb	$s3,15($out)
+
+Ldec_done:
+	$POP	r0,`$FRAME+$LRSAVE`($sp)
+	$POP	r14,`$FRAME-$SIZE_T*18`($sp)
+	$POP	r15,`$FRAME-$SIZE_T*17`($sp)
+	$POP	r16,`$FRAME-$SIZE_T*16`($sp)
+	$POP	r17,`$FRAME-$SIZE_T*15`($sp)
+	$POP	r18,`$FRAME-$SIZE_T*14`($sp)
+	$POP	r19,`$FRAME-$SIZE_T*13`($sp)
+	$POP	r20,`$FRAME-$SIZE_T*12`($sp)
+	$POP	r21,`$FRAME-$SIZE_T*11`($sp)
+	$POP	r22,`$FRAME-$SIZE_T*10`($sp)
+	$POP	r23,`$FRAME-$SIZE_T*9`($sp)
+	$POP	r24,`$FRAME-$SIZE_T*8`($sp)
+	$POP	r25,`$FRAME-$SIZE_T*7`($sp)
+	$POP	r26,`$FRAME-$SIZE_T*6`($sp)
+	$POP	r27,`$FRAME-$SIZE_T*5`($sp)
+	$POP	r28,`$FRAME-$SIZE_T*4`($sp)
+	$POP	r29,`$FRAME-$SIZE_T*3`($sp)
+	$POP	r30,`$FRAME-$SIZE_T*2`($sp)
+	$POP	r31,`$FRAME-$SIZE_T*1`($sp)
+	mtlr	r0
+	addi	$sp,$sp,$FRAME
+	blr
+	.long	0
+	.byte	0,12,4,1,0x80,18,3,0
+	.long	0
+
+.align	5
+Lppc_AES_decrypt:
+	lwz	$acc00,240($key)
+	addi	$Tbl1,$Tbl0,3
+	lwz	$t0,0($key)
+	addi	$Tbl2,$Tbl0,2
+	lwz	$t1,4($key)
+	addi	$Tbl3,$Tbl0,1
+	lwz	$t2,8($key)
+	addi	$acc00,$acc00,-1
+	lwz	$t3,12($key)
+	addi	$key,$key,16
+	xor	$s0,$s0,$t0
+	xor	$s1,$s1,$t1
+	xor	$s2,$s2,$t2
+	xor	$s3,$s3,$t3
+	mtctr	$acc00
+.align	4
+Ldec_loop:
+	rlwinm	$acc00,$s0,`32-24+3`,21,28
+	rlwinm	$acc01,$s1,`32-24+3`,21,28
+	rlwinm	$acc02,$s2,`32-24+3`,21,28
+	rlwinm	$acc03,$s3,`32-24+3`,21,28
+	lwz	$t0,0($key)
+	rlwinm	$acc04,$s3,`32-16+3`,21,28
+	lwz	$t1,4($key)
+	rlwinm	$acc05,$s0,`32-16+3`,21,28
+	lwz	$t2,8($key)
+	rlwinm	$acc06,$s1,`32-16+3`,21,28
+	lwz	$t3,12($key)
+	rlwinm	$acc07,$s2,`32-16+3`,21,28
+	lwzx	$acc00,$Tbl0,$acc00
+	rlwinm	$acc08,$s2,`32-8+3`,21,28
+	lwzx	$acc01,$Tbl0,$acc01
+	rlwinm	$acc09,$s3,`32-8+3`,21,28
+	lwzx	$acc02,$Tbl0,$acc02
+	rlwinm	$acc10,$s0,`32-8+3`,21,28
+	lwzx	$acc03,$Tbl0,$acc03
+	rlwinm	$acc11,$s1,`32-8+3`,21,28
+	lwzx	$acc04,$Tbl1,$acc04
+	rlwinm	$acc12,$s1,`0+3`,21,28
+	lwzx	$acc05,$Tbl1,$acc05
+	rlwinm	$acc13,$s2,`0+3`,21,28
+	lwzx	$acc06,$Tbl1,$acc06
+	rlwinm	$acc14,$s3,`0+3`,21,28
+	lwzx	$acc07,$Tbl1,$acc07
+	rlwinm	$acc15,$s0,`0+3`,21,28
+	lwzx	$acc08,$Tbl2,$acc08
+	xor	$t0,$t0,$acc00
+	lwzx	$acc09,$Tbl2,$acc09
+	xor	$t1,$t1,$acc01
+	lwzx	$acc10,$Tbl2,$acc10
+	xor	$t2,$t2,$acc02
+	lwzx	$acc11,$Tbl2,$acc11
+	xor	$t3,$t3,$acc03
+	lwzx	$acc12,$Tbl3,$acc12
+	xor	$t0,$t0,$acc04
+	lwzx	$acc13,$Tbl3,$acc13
+	xor	$t1,$t1,$acc05
+	lwzx	$acc14,$Tbl3,$acc14
+	xor	$t2,$t2,$acc06
+	lwzx	$acc15,$Tbl3,$acc15
+	xor	$t3,$t3,$acc07
+	xor	$t0,$t0,$acc08
+	xor	$t1,$t1,$acc09
+	xor	$t2,$t2,$acc10
+	xor	$t3,$t3,$acc11
+	xor	$s0,$t0,$acc12
+	xor	$s1,$t1,$acc13
+	xor	$s2,$t2,$acc14
+	xor	$s3,$t3,$acc15
+	addi	$key,$key,16
+	bdnz	Ldec_loop
+
+	addi	$Tbl2,$Tbl0,2048
+	nop
+	lwz	$t0,0($key)
+	rlwinm	$acc00,$s0,`32-24`,24,31
+	lwz	$t1,4($key)
+	rlwinm	$acc01,$s1,`32-24`,24,31
+	lwz	$t2,8($key)
+	rlwinm	$acc02,$s2,`32-24`,24,31
+	lwz	$t3,12($key)
+	rlwinm	$acc03,$s3,`32-24`,24,31
+	lwz	$acc08,`2048+0`($Tbl0)	! prefetch Td4
+	rlwinm	$acc04,$s3,`32-16`,24,31
+	lwz	$acc09,`2048+32`($Tbl0)
+	rlwinm	$acc05,$s0,`32-16`,24,31
+	lwz	$acc10,`2048+64`($Tbl0)
+	lbzx	$acc00,$Tbl2,$acc00
+	lwz	$acc11,`2048+96`($Tbl0)
+	lbzx	$acc01,$Tbl2,$acc01
+	lwz	$acc12,`2048+128`($Tbl0)
+	rlwinm	$acc06,$s1,`32-16`,24,31
+	lwz	$acc13,`2048+160`($Tbl0)
+	rlwinm	$acc07,$s2,`32-16`,24,31
+	lwz	$acc14,`2048+192`($Tbl0)
+	rlwinm	$acc08,$s2,`32-8`,24,31
+	lwz	$acc15,`2048+224`($Tbl0)
+	rlwinm	$acc09,$s3,`32-8`,24,31
+	lbzx	$acc02,$Tbl2,$acc02
+	rlwinm	$acc10,$s0,`32-8`,24,31
+	lbzx	$acc03,$Tbl2,$acc03
+	rlwinm	$acc11,$s1,`32-8`,24,31
+	lbzx	$acc04,$Tbl2,$acc04
+	rlwinm	$acc12,$s1,`0`,24,31
+	lbzx	$acc05,$Tbl2,$acc05
+	rlwinm	$acc13,$s2,`0`,24,31
+	lbzx	$acc06,$Tbl2,$acc06
+	rlwinm	$acc14,$s3,`0`,24,31
+	lbzx	$acc07,$Tbl2,$acc07
+	rlwinm	$acc15,$s0,`0`,24,31
+	lbzx	$acc08,$Tbl2,$acc08
+	rlwinm	$s0,$acc00,24,0,7
+	lbzx	$acc09,$Tbl2,$acc09
+	rlwinm	$s1,$acc01,24,0,7
+	lbzx	$acc10,$Tbl2,$acc10
+	rlwinm	$s2,$acc02,24,0,7
+	lbzx	$acc11,$Tbl2,$acc11
+	rlwinm	$s3,$acc03,24,0,7
+	lbzx	$acc12,$Tbl2,$acc12
+	rlwimi	$s0,$acc04,16,8,15
+	lbzx	$acc13,$Tbl2,$acc13
+	rlwimi	$s1,$acc05,16,8,15
+	lbzx	$acc14,$Tbl2,$acc14
+	rlwimi	$s2,$acc06,16,8,15
+	lbzx	$acc15,$Tbl2,$acc15
+	rlwimi	$s3,$acc07,16,8,15
+	rlwimi	$s0,$acc08,8,16,23
+	rlwimi	$s1,$acc09,8,16,23
+	rlwimi	$s2,$acc10,8,16,23
+	rlwimi	$s3,$acc11,8,16,23
+	or	$s0,$s0,$acc12
+	or	$s1,$s1,$acc13
+	or	$s2,$s2,$acc14
+	or	$s3,$s3,$acc15
+	xor	$s0,$s0,$t0
+	xor	$s1,$s1,$t1
+	xor	$s2,$s2,$t2
+	xor	$s3,$s3,$t3
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+
+.align	4
+Lppc_AES_decrypt_compact:
+	lwz	$acc00,240($key)
+	addi	$Tbl1,$Tbl0,2048
+	lwz	$t0,0($key)
+	lis	$mask80,0x8080
+	lwz	$t1,4($key)
+	lis	$mask1b,0x1b1b
+	lwz	$t2,8($key)
+	ori	$mask80,$mask80,0x8080
+	lwz	$t3,12($key)
+	ori	$mask1b,$mask1b,0x1b1b
+	addi	$key,$key,16
+___
+$code.=<<___ if ($SIZE_T==8);
+	insrdi	$mask80,$mask80,32,0
+	insrdi	$mask1b,$mask1b,32,0
+___
+$code.=<<___;
+	mtctr	$acc00
+.align	4
+Ldec_compact_loop:
+	xor	$s0,$s0,$t0
+	xor	$s1,$s1,$t1
+	rlwinm	$acc00,$s0,`32-24`,24,31
+	xor	$s2,$s2,$t2
+	rlwinm	$acc01,$s1,`32-24`,24,31
+	xor	$s3,$s3,$t3
+	rlwinm	$acc02,$s2,`32-24`,24,31
+	rlwinm	$acc03,$s3,`32-24`,24,31
+	rlwinm	$acc04,$s3,`32-16`,24,31
+	rlwinm	$acc05,$s0,`32-16`,24,31
+	rlwinm	$acc06,$s1,`32-16`,24,31
+	rlwinm	$acc07,$s2,`32-16`,24,31
+	lbzx	$acc00,$Tbl1,$acc00
+	rlwinm	$acc08,$s2,`32-8`,24,31
+	lbzx	$acc01,$Tbl1,$acc01
+	rlwinm	$acc09,$s3,`32-8`,24,31
+	lbzx	$acc02,$Tbl1,$acc02
+	rlwinm	$acc10,$s0,`32-8`,24,31
+	lbzx	$acc03,$Tbl1,$acc03
+	rlwinm	$acc11,$s1,`32-8`,24,31
+	lbzx	$acc04,$Tbl1,$acc04
+	rlwinm	$acc12,$s1,`0`,24,31
+	lbzx	$acc05,$Tbl1,$acc05
+	rlwinm	$acc13,$s2,`0`,24,31
+	lbzx	$acc06,$Tbl1,$acc06
+	rlwinm	$acc14,$s3,`0`,24,31
+	lbzx	$acc07,$Tbl1,$acc07
+	rlwinm	$acc15,$s0,`0`,24,31
+	lbzx	$acc08,$Tbl1,$acc08
+	rlwinm	$s0,$acc00,24,0,7
+	lbzx	$acc09,$Tbl1,$acc09
+	rlwinm	$s1,$acc01,24,0,7
+	lbzx	$acc10,$Tbl1,$acc10
+	rlwinm	$s2,$acc02,24,0,7
+	lbzx	$acc11,$Tbl1,$acc11
+	rlwinm	$s3,$acc03,24,0,7
+	lbzx	$acc12,$Tbl1,$acc12
+	rlwimi	$s0,$acc04,16,8,15
+	lbzx	$acc13,$Tbl1,$acc13
+	rlwimi	$s1,$acc05,16,8,15
+	lbzx	$acc14,$Tbl1,$acc14
+	rlwimi	$s2,$acc06,16,8,15
+	lbzx	$acc15,$Tbl1,$acc15
+	rlwimi	$s3,$acc07,16,8,15
+	rlwimi	$s0,$acc08,8,16,23
+	rlwimi	$s1,$acc09,8,16,23
+	rlwimi	$s2,$acc10,8,16,23
+	rlwimi	$s3,$acc11,8,16,23
+	lwz	$t0,0($key)
+	or	$s0,$s0,$acc12
+	lwz	$t1,4($key)
+	or	$s1,$s1,$acc13
+	lwz	$t2,8($key)
+	or	$s2,$s2,$acc14
+	lwz	$t3,12($key)
+	or	$s3,$s3,$acc15
+
+	addi	$key,$key,16
+	bdz	Ldec_compact_done
+___
+$code.=<<___ if ($SIZE_T==8);
+	# vectorized permutation improves decrypt performance by 10%
+	insrdi	$s0,$s1,32,0
+	insrdi	$s2,$s3,32,0
+
+	and	$acc00,$s0,$mask80	# r1=r0&0x80808080
+	and	$acc02,$s2,$mask80
+	srdi	$acc04,$acc00,7		# r1>>7
+	srdi	$acc06,$acc02,7
+	andc	$acc08,$s0,$mask80	# r0&0x7f7f7f7f
+	andc	$acc10,$s2,$mask80
+	sub	$acc00,$acc00,$acc04	# r1-(r1>>7)
+	sub	$acc02,$acc02,$acc06
+	add	$acc08,$acc08,$acc08	# (r0&0x7f7f7f7f)<<1
+	add	$acc10,$acc10,$acc10
+	and	$acc00,$acc00,$mask1b	# (r1-(r1>>7))&0x1b1b1b1b
+	and	$acc02,$acc02,$mask1b
+	xor	$acc00,$acc00,$acc08	# r2
+	xor	$acc02,$acc02,$acc10
+
+	and	$acc04,$acc00,$mask80	# r1=r2&0x80808080
+	and	$acc06,$acc02,$mask80
+	srdi	$acc08,$acc04,7		# r1>>7
+	srdi	$acc10,$acc06,7
+	andc	$acc12,$acc00,$mask80	# r2&0x7f7f7f7f
+	andc	$acc14,$acc02,$mask80
+	sub	$acc04,$acc04,$acc08	# r1-(r1>>7)
+	sub	$acc06,$acc06,$acc10
+	add	$acc12,$acc12,$acc12	# (r2&0x7f7f7f7f)<<1
+	add	$acc14,$acc14,$acc14
+	and	$acc04,$acc04,$mask1b	# (r1-(r1>>7))&0x1b1b1b1b
+	and	$acc06,$acc06,$mask1b
+	xor	$acc04,$acc04,$acc12	# r4
+	xor	$acc06,$acc06,$acc14
+
+	and	$acc08,$acc04,$mask80	# r1=r4&0x80808080
+	and	$acc10,$acc06,$mask80
+	srdi	$acc12,$acc08,7		# r1>>7
+	srdi	$acc14,$acc10,7
+	sub	$acc08,$acc08,$acc12	# r1-(r1>>7)
+	sub	$acc10,$acc10,$acc14
+	andc	$acc12,$acc04,$mask80	# r4&0x7f7f7f7f
+	andc	$acc14,$acc06,$mask80
+	add	$acc12,$acc12,$acc12	# (r4&0x7f7f7f7f)<<1
+	add	$acc14,$acc14,$acc14
+	and	$acc08,$acc08,$mask1b	# (r1-(r1>>7))&0x1b1b1b1b
+	and	$acc10,$acc10,$mask1b
+	xor	$acc08,$acc08,$acc12	# r8
+	xor	$acc10,$acc10,$acc14
+
+	xor	$acc00,$acc00,$s0	# r2^r0
+	xor	$acc02,$acc02,$s2
+	xor	$acc04,$acc04,$s0	# r4^r0
+	xor	$acc06,$acc06,$s2
+
+	extrdi	$acc01,$acc00,32,0
+	extrdi	$acc03,$acc02,32,0
+	extrdi	$acc05,$acc04,32,0
+	extrdi	$acc07,$acc06,32,0
+	extrdi	$acc09,$acc08,32,0
+	extrdi	$acc11,$acc10,32,0
+___
+$code.=<<___ if ($SIZE_T==4);
+	and	$acc00,$s0,$mask80	# r1=r0&0x80808080
+	and	$acc01,$s1,$mask80
+	and	$acc02,$s2,$mask80
+	and	$acc03,$s3,$mask80
+	srwi	$acc04,$acc00,7		# r1>>7
+	andc	$acc08,$s0,$mask80	# r0&0x7f7f7f7f
+	srwi	$acc05,$acc01,7
+	andc	$acc09,$s1,$mask80
+	srwi	$acc06,$acc02,7
+	andc	$acc10,$s2,$mask80
+	srwi	$acc07,$acc03,7
+	andc	$acc11,$s3,$mask80
+	sub	$acc00,$acc00,$acc04	# r1-(r1>>7)
+	sub	$acc01,$acc01,$acc05
+	sub	$acc02,$acc02,$acc06
+	sub	$acc03,$acc03,$acc07
+	add	$acc08,$acc08,$acc08	# (r0&0x7f7f7f7f)<<1
+	add	$acc09,$acc09,$acc09
+	add	$acc10,$acc10,$acc10
+	add	$acc11,$acc11,$acc11
+	and	$acc00,$acc00,$mask1b	# (r1-(r1>>7))&0x1b1b1b1b
+	and	$acc01,$acc01,$mask1b
+	and	$acc02,$acc02,$mask1b
+	and	$acc03,$acc03,$mask1b
+	xor	$acc00,$acc00,$acc08	# r2
+	xor	$acc01,$acc01,$acc09
+	xor	$acc02,$acc02,$acc10
+	xor	$acc03,$acc03,$acc11
+
+	and	$acc04,$acc00,$mask80	# r1=r2&0x80808080
+	and	$acc05,$acc01,$mask80
+	and	$acc06,$acc02,$mask80
+	and	$acc07,$acc03,$mask80
+	srwi	$acc08,$acc04,7		# r1>>7
+	andc	$acc12,$acc00,$mask80	# r2&0x7f7f7f7f
+	srwi	$acc09,$acc05,7
+	andc	$acc13,$acc01,$mask80
+	srwi	$acc10,$acc06,7
+	andc	$acc14,$acc02,$mask80
+	srwi	$acc11,$acc07,7
+	andc	$acc15,$acc03,$mask80
+	sub	$acc04,$acc04,$acc08	# r1-(r1>>7)
+	sub	$acc05,$acc05,$acc09
+	sub	$acc06,$acc06,$acc10
+	sub	$acc07,$acc07,$acc11
+	add	$acc12,$acc12,$acc12	# (r2&0x7f7f7f7f)<<1
+	add	$acc13,$acc13,$acc13
+	add	$acc14,$acc14,$acc14
+	add	$acc15,$acc15,$acc15
+	and	$acc04,$acc04,$mask1b	# (r1-(r1>>7))&0x1b1b1b1b
+	and	$acc05,$acc05,$mask1b
+	and	$acc06,$acc06,$mask1b
+	and	$acc07,$acc07,$mask1b
+	xor	$acc04,$acc04,$acc12	# r4
+	xor	$acc05,$acc05,$acc13
+	xor	$acc06,$acc06,$acc14
+	xor	$acc07,$acc07,$acc15
+
+	and	$acc08,$acc04,$mask80	# r1=r4&0x80808080
+	and	$acc09,$acc05,$mask80
+	srwi	$acc12,$acc08,7		# r1>>7
+	and	$acc10,$acc06,$mask80
+	srwi	$acc13,$acc09,7
+	and	$acc11,$acc07,$mask80
+	srwi	$acc14,$acc10,7
+	sub	$acc08,$acc08,$acc12	# r1-(r1>>7)
+	srwi	$acc15,$acc11,7
+	sub	$acc09,$acc09,$acc13
+	sub	$acc10,$acc10,$acc14
+	sub	$acc11,$acc11,$acc15
+	andc	$acc12,$acc04,$mask80	# r4&0x7f7f7f7f
+	andc	$acc13,$acc05,$mask80
+	andc	$acc14,$acc06,$mask80
+	andc	$acc15,$acc07,$mask80
+	add	$acc12,$acc12,$acc12	# (r4&0x7f7f7f7f)<<1
+	add	$acc13,$acc13,$acc13
+	add	$acc14,$acc14,$acc14
+	add	$acc15,$acc15,$acc15
+	and	$acc08,$acc08,$mask1b	# (r1-(r1>>7))&0x1b1b1b1b
+	and	$acc09,$acc09,$mask1b
+	and	$acc10,$acc10,$mask1b
+	and	$acc11,$acc11,$mask1b
+	xor	$acc08,$acc08,$acc12	# r8
+	xor	$acc09,$acc09,$acc13
+	xor	$acc10,$acc10,$acc14
+	xor	$acc11,$acc11,$acc15
+
+	xor	$acc00,$acc00,$s0	# r2^r0
+	xor	$acc01,$acc01,$s1
+	xor	$acc02,$acc02,$s2
+	xor	$acc03,$acc03,$s3
+	xor	$acc04,$acc04,$s0	# r4^r0
+	xor	$acc05,$acc05,$s1
+	xor	$acc06,$acc06,$s2
+	xor	$acc07,$acc07,$s3
+___
+$code.=<<___;
+	rotrwi	$s0,$s0,8		# = ROTATE(r0,8)
+	rotrwi	$s1,$s1,8
+	xor	$s0,$s0,$acc00		# ^= r2^r0
+	rotrwi	$s2,$s2,8
+	xor	$s1,$s1,$acc01
+	rotrwi	$s3,$s3,8
+	xor	$s2,$s2,$acc02
+	xor	$s3,$s3,$acc03
+	xor	$acc00,$acc00,$acc08
+	xor	$acc01,$acc01,$acc09
+	xor	$acc02,$acc02,$acc10
+	xor	$acc03,$acc03,$acc11
+	xor	$s0,$s0,$acc04		# ^= r4^r0
+	rotrwi	$acc00,$acc00,24
+	xor	$s1,$s1,$acc05
+	rotrwi	$acc01,$acc01,24
+	xor	$s2,$s2,$acc06
+	rotrwi	$acc02,$acc02,24
+	xor	$s3,$s3,$acc07
+	rotrwi	$acc03,$acc03,24
+	xor	$acc04,$acc04,$acc08
+	xor	$acc05,$acc05,$acc09
+	xor	$acc06,$acc06,$acc10
+	xor	$acc07,$acc07,$acc11
+	xor	$s0,$s0,$acc08		# ^= r8 [^((r4^r0)^(r2^r0)=r4^r2)]
+	rotrwi	$acc04,$acc04,16
+	xor	$s1,$s1,$acc09
+	rotrwi	$acc05,$acc05,16
+	xor	$s2,$s2,$acc10
+	rotrwi	$acc06,$acc06,16
+	xor	$s3,$s3,$acc11
+	rotrwi	$acc07,$acc07,16
+	xor	$s0,$s0,$acc00		# ^= ROTATE(r8^r2^r0,24)
+	rotrwi	$acc08,$acc08,8
+	xor	$s1,$s1,$acc01
+	rotrwi	$acc09,$acc09,8
+	xor	$s2,$s2,$acc02
+	rotrwi	$acc10,$acc10,8
+	xor	$s3,$s3,$acc03
+	rotrwi	$acc11,$acc11,8
+	xor	$s0,$s0,$acc04		# ^= ROTATE(r8^r4^r0,16)
+	xor	$s1,$s1,$acc05
+	xor	$s2,$s2,$acc06
+	xor	$s3,$s3,$acc07
+	xor	$s0,$s0,$acc08		# ^= ROTATE(r8,8)
+	xor	$s1,$s1,$acc09
+	xor	$s2,$s2,$acc10
+	xor	$s3,$s3,$acc11
+
+	b	Ldec_compact_loop
+.align	4
+Ldec_compact_done:
+	xor	$s0,$s0,$t0
+	xor	$s1,$s1,$t1
+	xor	$s2,$s2,$t2
+	xor	$s3,$s3,$t3
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+.size	.AES_decrypt,.-.AES_decrypt
+
+.asciz	"AES for PPC, CRYPTOGAMS by <appro\@openssl.org>"
+.align	7
+___
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-s390x.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-s390x.pl
new file mode 100644
index 000000000..0c4005906
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-s390x.pl
@@ -0,0 +1,2282 @@
+#! /usr/bin/env perl
+# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# AES for s390x.
+
+# April 2007.
+#
+# Software performance improvement over gcc-generated code is ~70% and
+# in absolute terms is ~73 cycles per byte processed with 128-bit key.
+# You're likely to exclaim "why so slow?" Keep in mind that z-CPUs are
+# *strictly* in-order execution and issued instruction [in this case
+# load value from memory is critical] has to complete before execution
+# flow proceeds. S-boxes are compressed to 2KB[+256B].
+#
+# As for hardware acceleration support. It's basically a "teaser," as
+# it can and should be improved in several ways. Most notably support
+# for CBC is not utilized, nor multiple blocks are ever processed.
+# Then software key schedule can be postponed till hardware support
+# detection... Performance improvement over assembler is reportedly
+# ~2.5x, but can reach >8x [naturally on larger chunks] if proper
+# support is implemented.
+
+# May 2007.
+#
+# Implement AES_set_[en|de]crypt_key. Key schedule setup is avoided
+# for 128-bit keys, if hardware support is detected.
+
+# Januray 2009.
+#
+# Add support for hardware AES192/256 and reschedule instructions to
+# minimize/avoid Address Generation Interlock hazard and to favour
+# dual-issue z10 pipeline. This gave ~25% improvement on z10 and
+# almost 50% on z9. The gain is smaller on z10, because being dual-
+# issue z10 makes it impossible to eliminate the interlock condition:
+# critial path is not long enough. Yet it spends ~24 cycles per byte
+# processed with 128-bit key.
+#
+# Unlike previous version hardware support detection takes place only
+# at the moment of key schedule setup, which is denoted in key->rounds.
+# This is done, because deferred key setup can't be made MT-safe, not
+# for keys longer than 128 bits.
+#
+# Add AES_cbc_encrypt, which gives incredible performance improvement,
+# it was measured to be ~6.6x. It's less than previously mentioned 8x,
+# because software implementation was optimized.
+
+# May 2010.
+#
+# Add AES_ctr32_encrypt. If hardware-assisted, it provides up to 4.3x
+# performance improvement over "generic" counter mode routine relying
+# on single-block, also hardware-assisted, AES_encrypt. "Up to" refers
+# to the fact that exact throughput value depends on current stack
+# frame alignment within 4KB page. In worst case you get ~75% of the
+# maximum, but *on average* it would be as much as ~98%. Meaning that
+# worst case is unlike, it's like hitting ravine on plateau.
+
+# November 2010.
+#
+# Adapt for -m31 build. If kernel supports what's called "highgprs"
+# feature on Linux [see /proc/cpuinfo], it's possible to use 64-bit
+# instructions and achieve "64-bit" performance even in 31-bit legacy
+# application context. The feature is not specific to any particular
+# processor, as long as it's "z-CPU". Latter implies that the code
+# remains z/Architecture specific. On z990 it was measured to perform
+# 2x better than code generated by gcc 4.3.
+
+# December 2010.
+#
+# Add support for z196 "cipher message with counter" instruction.
+# Note however that it's disengaged, because it was measured to
+# perform ~12% worse than vanilla km-based code...
+
+# February 2011.
+#
+# Add AES_xts_[en|de]crypt. This includes support for z196 km-xts-aes
+# instructions, which deliver ~70% improvement at 8KB block size over
+# vanilla km-based code, 37% - at most like 512-bytes block size.
+
+$flavour = shift;
+
+if ($flavour =~ /3[12]/) {
+	$SIZE_T=4;
+	$g="";
+} else {
+	$SIZE_T=8;
+	$g="g";
+}
+
+while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+open STDOUT,">$output";
+
+$softonly=0;	# allow hardware support
+
+$t0="%r0";	$mask="%r0";
+$t1="%r1";
+$t2="%r2";	$inp="%r2";
+$t3="%r3";	$out="%r3";	$bits="%r3";
+$key="%r4";
+$i1="%r5";
+$i2="%r6";
+$i3="%r7";
+$s0="%r8";
+$s1="%r9";
+$s2="%r10";
+$s3="%r11";
+$tbl="%r12";
+$rounds="%r13";
+$ra="%r14";
+$sp="%r15";
+
+$stdframe=16*$SIZE_T+4*8;
+
+sub _data_word()
+{ my $i;
+    while(defined($i=shift)) { $code.=sprintf".long\t0x%08x,0x%08x\n",$i,$i; }
+}
+
+$code=<<___;
+#include "s390x_arch.h"
+
+.text
+
+.type	AES_Te,\@object
+.align	256
+AES_Te:
+___
+&_data_word(
+	0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d,
+	0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554,
+	0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d,
+	0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a,
+	0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87,
+	0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b,
+	0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea,
+	0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b,
+	0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a,
+	0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f,
+	0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108,
+	0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f,
+	0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e,
+	0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5,
+	0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d,
+	0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f,
+	0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e,
+	0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb,
+	0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce,
+	0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497,
+	0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c,
+	0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed,
+	0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b,
+	0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a,
+	0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16,
+	0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594,
+	0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81,
+	0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3,
+	0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a,
+	0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504,
+	0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163,
+	0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d,
+	0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f,
+	0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739,
+	0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47,
+	0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395,
+	0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f,
+	0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883,
+	0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c,
+	0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76,
+	0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e,
+	0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4,
+	0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6,
+	0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b,
+	0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7,
+	0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0,
+	0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25,
+	0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818,
+	0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72,
+	0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651,
+	0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21,
+	0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85,
+	0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa,
+	0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12,
+	0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0,
+	0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9,
+	0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133,
+	0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7,
+	0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920,
+	0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a,
+	0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17,
+	0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8,
+	0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11,
+	0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a);
+$code.=<<___;
+# Te4[256]
+.byte	0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5
+.byte	0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76
+.byte	0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0
+.byte	0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0
+.byte	0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc
+.byte	0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15
+.byte	0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a
+.byte	0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75
+.byte	0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0
+.byte	0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84
+.byte	0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b
+.byte	0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf
+.byte	0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85
+.byte	0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8
+.byte	0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5
+.byte	0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2
+.byte	0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17
+.byte	0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73
+.byte	0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88
+.byte	0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb
+.byte	0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c
+.byte	0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79
+.byte	0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9
+.byte	0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08
+.byte	0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6
+.byte	0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a
+.byte	0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e
+.byte	0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e
+.byte	0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94
+.byte	0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf
+.byte	0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68
+.byte	0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
+# rcon[]
+.long	0x01000000, 0x02000000, 0x04000000, 0x08000000
+.long	0x10000000, 0x20000000, 0x40000000, 0x80000000
+.long	0x1B000000, 0x36000000, 0, 0, 0, 0, 0, 0
+.align	256
+.size	AES_Te,.-AES_Te
+
+# void AES_encrypt(const unsigned char *inp, unsigned char *out,
+# 		 const AES_KEY *key) {
+.globl	AES_encrypt
+.type	AES_encrypt,\@function
+AES_encrypt:
+___
+$code.=<<___ if (!$softonly);
+	l	%r0,240($key)
+	lhi	%r1,16
+	clr	%r0,%r1
+	jl	.Lesoft
+
+	la	%r1,0($key)
+	#la	%r2,0($inp)
+	la	%r4,0($out)
+	lghi	%r3,16		# single block length
+	.long	0xb92e0042	# km %r4,%r2
+	brc	1,.-4		# can this happen?
+	br	%r14
+.align	64
+.Lesoft:
+___
+$code.=<<___;
+	stm${g}	%r3,$ra,3*$SIZE_T($sp)
+
+	llgf	$s0,0($inp)
+	llgf	$s1,4($inp)
+	llgf	$s2,8($inp)
+	llgf	$s3,12($inp)
+
+	larl	$tbl,AES_Te
+	bras	$ra,_s390x_AES_encrypt
+
+	l${g}	$out,3*$SIZE_T($sp)
+	st	$s0,0($out)
+	st	$s1,4($out)
+	st	$s2,8($out)
+	st	$s3,12($out)
+
+	lm${g}	%r6,$ra,6*$SIZE_T($sp)
+	br	$ra
+.size	AES_encrypt,.-AES_encrypt
+
+.type   _s390x_AES_encrypt,\@function
+.align	16
+_s390x_AES_encrypt:
+	st${g}	$ra,15*$SIZE_T($sp)
+	x	$s0,0($key)
+	x	$s1,4($key)
+	x	$s2,8($key)
+	x	$s3,12($key)
+	l	$rounds,240($key)
+	llill	$mask,`0xff<<3`
+	aghi	$rounds,-1
+	j	.Lenc_loop
+.align	16
+.Lenc_loop:
+	sllg	$t1,$s0,`0+3`
+	srlg	$t2,$s0,`8-3`
+	srlg	$t3,$s0,`16-3`
+	srl	$s0,`24-3`
+	nr	$s0,$mask
+	ngr	$t1,$mask
+	nr	$t2,$mask
+	nr	$t3,$mask
+
+	srlg	$i1,$s1,`16-3`	# i0
+	sllg	$i2,$s1,`0+3`
+	srlg	$i3,$s1,`8-3`
+	srl	$s1,`24-3`
+	nr	$i1,$mask
+	nr	$s1,$mask
+	ngr	$i2,$mask
+	nr	$i3,$mask
+
+	l	$s0,0($s0,$tbl)	# Te0[s0>>24]
+	l	$t1,1($t1,$tbl)	# Te3[s0>>0]
+	l	$t2,2($t2,$tbl) # Te2[s0>>8]
+	l	$t3,3($t3,$tbl)	# Te1[s0>>16]
+
+	x	$s0,3($i1,$tbl)	# Te1[s1>>16]
+	l	$s1,0($s1,$tbl)	# Te0[s1>>24]
+	x	$t2,1($i2,$tbl)	# Te3[s1>>0]
+	x	$t3,2($i3,$tbl)	# Te2[s1>>8]
+
+	srlg	$i1,$s2,`8-3`	# i0
+	srlg	$i2,$s2,`16-3`	# i1
+	nr	$i1,$mask
+	nr	$i2,$mask
+	sllg	$i3,$s2,`0+3`
+	srl	$s2,`24-3`
+	nr	$s2,$mask
+	ngr	$i3,$mask
+
+	xr	$s1,$t1
+	srlg	$ra,$s3,`8-3`	# i1
+	sllg	$t1,$s3,`0+3`	# i0
+	nr	$ra,$mask
+	la	$key,16($key)
+	ngr	$t1,$mask
+
+	x	$s0,2($i1,$tbl)	# Te2[s2>>8]
+	x	$s1,3($i2,$tbl)	# Te1[s2>>16]
+	l	$s2,0($s2,$tbl)	# Te0[s2>>24]
+	x	$t3,1($i3,$tbl)	# Te3[s2>>0]
+
+	srlg	$i3,$s3,`16-3`	# i2
+	xr	$s2,$t2
+	srl	$s3,`24-3`
+	nr	$i3,$mask
+	nr	$s3,$mask
+
+	x	$s0,0($key)
+	x	$s1,4($key)
+	x	$s2,8($key)
+	x	$t3,12($key)
+
+	x	$s0,1($t1,$tbl)	# Te3[s3>>0]
+	x	$s1,2($ra,$tbl)	# Te2[s3>>8]
+	x	$s2,3($i3,$tbl)	# Te1[s3>>16]
+	l	$s3,0($s3,$tbl)	# Te0[s3>>24]
+	xr	$s3,$t3
+
+	brct	$rounds,.Lenc_loop
+	.align	16
+
+	sllg	$t1,$s0,`0+3`
+	srlg	$t2,$s0,`8-3`
+	ngr	$t1,$mask
+	srlg	$t3,$s0,`16-3`
+	srl	$s0,`24-3`
+	nr	$s0,$mask
+	nr	$t2,$mask
+	nr	$t3,$mask
+
+	srlg	$i1,$s1,`16-3`	# i0
+	sllg	$i2,$s1,`0+3`
+	ngr	$i2,$mask
+	srlg	$i3,$s1,`8-3`
+	srl	$s1,`24-3`
+	nr	$i1,$mask
+	nr	$s1,$mask
+	nr	$i3,$mask
+
+	llgc	$s0,2($s0,$tbl)	# Te4[s0>>24]
+	llgc	$t1,2($t1,$tbl)	# Te4[s0>>0]
+	sll	$s0,24
+	llgc	$t2,2($t2,$tbl)	# Te4[s0>>8]
+	llgc	$t3,2($t3,$tbl)	# Te4[s0>>16]
+	sll	$t2,8
+	sll	$t3,16
+
+	llgc	$i1,2($i1,$tbl)	# Te4[s1>>16]
+	llgc	$s1,2($s1,$tbl)	# Te4[s1>>24]
+	llgc	$i2,2($i2,$tbl)	# Te4[s1>>0]
+	llgc	$i3,2($i3,$tbl)	# Te4[s1>>8]
+	sll	$i1,16
+	sll	$s1,24
+	sll	$i3,8
+	or	$s0,$i1
+	or	$s1,$t1
+	or	$t2,$i2
+	or	$t3,$i3
+
+	srlg	$i1,$s2,`8-3`	# i0
+	srlg	$i2,$s2,`16-3`	# i1
+	nr	$i1,$mask
+	nr	$i2,$mask
+	sllg	$i3,$s2,`0+3`
+	srl	$s2,`24-3`
+	ngr	$i3,$mask
+	nr	$s2,$mask
+
+	sllg	$t1,$s3,`0+3`	# i0
+	srlg	$ra,$s3,`8-3`	# i1
+	ngr	$t1,$mask
+
+	llgc	$i1,2($i1,$tbl)	# Te4[s2>>8]
+	llgc	$i2,2($i2,$tbl)	# Te4[s2>>16]
+	sll	$i1,8
+	llgc	$s2,2($s2,$tbl)	# Te4[s2>>24]
+	llgc	$i3,2($i3,$tbl)	# Te4[s2>>0]
+	sll	$i2,16
+	nr	$ra,$mask
+	sll	$s2,24
+	or	$s0,$i1
+	or	$s1,$i2
+	or	$s2,$t2
+	or	$t3,$i3
+
+	srlg	$i3,$s3,`16-3`	# i2
+	srl	$s3,`24-3`
+	nr	$i3,$mask
+	nr	$s3,$mask
+
+	l	$t0,16($key)
+	l	$t2,20($key)
+
+	llgc	$i1,2($t1,$tbl)	# Te4[s3>>0]
+	llgc	$i2,2($ra,$tbl)	# Te4[s3>>8]
+	llgc	$i3,2($i3,$tbl)	# Te4[s3>>16]
+	llgc	$s3,2($s3,$tbl)	# Te4[s3>>24]
+	sll	$i2,8
+	sll	$i3,16
+	sll	$s3,24
+	or	$s0,$i1
+	or	$s1,$i2
+	or	$s2,$i3
+	or	$s3,$t3
+
+	l${g}	$ra,15*$SIZE_T($sp)
+	xr	$s0,$t0
+	xr	$s1,$t2
+	x	$s2,24($key)
+	x	$s3,28($key)
+
+	br	$ra
+.size	_s390x_AES_encrypt,.-_s390x_AES_encrypt
+___
+
+$code.=<<___;
+.type	AES_Td,\@object
+.align	256
+AES_Td:
+___
+&_data_word(
+	0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96,
+	0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393,
+	0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25,
+	0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f,
+	0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1,
+	0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6,
+	0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da,
+	0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844,
+	0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd,
+	0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4,
+	0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45,
+	0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94,
+	0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7,
+	0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a,
+	0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5,
+	0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c,
+	0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1,
+	0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a,
+	0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75,
+	0x0b83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051,
+	0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46,
+	0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff,
+	0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77,
+	0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb,
+	0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000,
+	0x09808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e,
+	0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927,
+	0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a,
+	0x0c0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e,
+	0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16,
+	0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d,
+	0x0e090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8,
+	0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd,
+	0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34,
+	0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163,
+	0xd731dcca, 0x42638510, 0x13972240, 0x84c61120,
+	0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d,
+	0x1d9e2f4b, 0xdcb230f3, 0x0d8652ec, 0x77c1e3d0,
+	0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422,
+	0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef,
+	0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36,
+	0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4,
+	0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662,
+	0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5,
+	0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3,
+	0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b,
+	0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8,
+	0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6,
+	0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6,
+	0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0,
+	0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815,
+	0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f,
+	0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df,
+	0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f,
+	0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e,
+	0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713,
+	0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89,
+	0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c,
+	0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf,
+	0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86,
+	0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f,
+	0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541,
+	0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190,
+	0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742);
+$code.=<<___;
+# Td4[256]
+.byte	0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38
+.byte	0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
+.byte	0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87
+.byte	0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
+.byte	0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d
+.byte	0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
+.byte	0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2
+.byte	0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
+.byte	0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16
+.byte	0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
+.byte	0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda
+.byte	0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
+.byte	0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a
+.byte	0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
+.byte	0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02
+.byte	0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
+.byte	0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea
+.byte	0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
+.byte	0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85
+.byte	0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
+.byte	0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89
+.byte	0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
+.byte	0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20
+.byte	0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
+.byte	0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31
+.byte	0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
+.byte	0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d
+.byte	0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
+.byte	0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0
+.byte	0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
+.byte	0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26
+.byte	0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
+.size	AES_Td,.-AES_Td
+
+# void AES_decrypt(const unsigned char *inp, unsigned char *out,
+# 		 const AES_KEY *key) {
+.globl	AES_decrypt
+.type	AES_decrypt,\@function
+AES_decrypt:
+___
+$code.=<<___ if (!$softonly);
+	l	%r0,240($key)
+	lhi	%r1,16
+	clr	%r0,%r1
+	jl	.Ldsoft
+
+	la	%r1,0($key)
+	#la	%r2,0($inp)
+	la	%r4,0($out)
+	lghi	%r3,16		# single block length
+	.long	0xb92e0042	# km %r4,%r2
+	brc	1,.-4		# can this happen?
+	br	%r14
+.align	64
+.Ldsoft:
+___
+$code.=<<___;
+	stm${g}	%r3,$ra,3*$SIZE_T($sp)
+
+	llgf	$s0,0($inp)
+	llgf	$s1,4($inp)
+	llgf	$s2,8($inp)
+	llgf	$s3,12($inp)
+
+	larl	$tbl,AES_Td
+	bras	$ra,_s390x_AES_decrypt
+
+	l${g}	$out,3*$SIZE_T($sp)
+	st	$s0,0($out)
+	st	$s1,4($out)
+	st	$s2,8($out)
+	st	$s3,12($out)
+
+	lm${g}	%r6,$ra,6*$SIZE_T($sp)
+	br	$ra
+.size	AES_decrypt,.-AES_decrypt
+
+.type   _s390x_AES_decrypt,\@function
+.align	16
+_s390x_AES_decrypt:
+	st${g}	$ra,15*$SIZE_T($sp)
+	x	$s0,0($key)
+	x	$s1,4($key)
+	x	$s2,8($key)
+	x	$s3,12($key)
+	l	$rounds,240($key)
+	llill	$mask,`0xff<<3`
+	aghi	$rounds,-1
+	j	.Ldec_loop
+.align	16
+.Ldec_loop:
+	srlg	$t1,$s0,`16-3`
+	srlg	$t2,$s0,`8-3`
+	sllg	$t3,$s0,`0+3`
+	srl	$s0,`24-3`
+	nr	$s0,$mask
+	nr	$t1,$mask
+	nr	$t2,$mask
+	ngr	$t3,$mask
+
+	sllg	$i1,$s1,`0+3`	# i0
+	srlg	$i2,$s1,`16-3`
+	srlg	$i3,$s1,`8-3`
+	srl	$s1,`24-3`
+	ngr	$i1,$mask
+	nr	$s1,$mask
+	nr	$i2,$mask
+	nr	$i3,$mask
+
+	l	$s0,0($s0,$tbl)	# Td0[s0>>24]
+	l	$t1,3($t1,$tbl)	# Td1[s0>>16]
+	l	$t2,2($t2,$tbl)	# Td2[s0>>8]
+	l	$t3,1($t3,$tbl)	# Td3[s0>>0]
+
+	x	$s0,1($i1,$tbl)	# Td3[s1>>0]
+	l	$s1,0($s1,$tbl)	# Td0[s1>>24]
+	x	$t2,3($i2,$tbl)	# Td1[s1>>16]
+	x	$t3,2($i3,$tbl)	# Td2[s1>>8]
+
+	srlg	$i1,$s2,`8-3`	# i0
+	sllg	$i2,$s2,`0+3`	# i1
+	srlg	$i3,$s2,`16-3`
+	srl	$s2,`24-3`
+	nr	$i1,$mask
+	ngr	$i2,$mask
+	nr	$s2,$mask
+	nr	$i3,$mask
+
+	xr	$s1,$t1
+	srlg	$ra,$s3,`8-3`	# i1
+	srlg	$t1,$s3,`16-3`	# i0
+	nr	$ra,$mask
+	la	$key,16($key)
+	nr	$t1,$mask
+
+	x	$s0,2($i1,$tbl)	# Td2[s2>>8]
+	x	$s1,1($i2,$tbl)	# Td3[s2>>0]
+	l	$s2,0($s2,$tbl)	# Td0[s2>>24]
+	x	$t3,3($i3,$tbl)	# Td1[s2>>16]
+
+	sllg	$i3,$s3,`0+3`	# i2
+	srl	$s3,`24-3`
+	ngr	$i3,$mask
+	nr	$s3,$mask
+
+	xr	$s2,$t2
+	x	$s0,0($key)
+	x	$s1,4($key)
+	x	$s2,8($key)
+	x	$t3,12($key)
+
+	x	$s0,3($t1,$tbl)	# Td1[s3>>16]
+	x	$s1,2($ra,$tbl)	# Td2[s3>>8]
+	x	$s2,1($i3,$tbl)	# Td3[s3>>0]
+	l	$s3,0($s3,$tbl)	# Td0[s3>>24]
+	xr	$s3,$t3
+
+	brct	$rounds,.Ldec_loop
+	.align	16
+
+	l	$t1,`2048+0`($tbl)	# prefetch Td4
+	l	$t2,`2048+64`($tbl)
+	l	$t3,`2048+128`($tbl)
+	l	$i1,`2048+192`($tbl)
+	llill	$mask,0xff
+
+	srlg	$i3,$s0,24	# i0
+	srlg	$t1,$s0,16
+	srlg	$t2,$s0,8
+	nr	$s0,$mask	# i3
+	nr	$t1,$mask
+
+	srlg	$i1,$s1,24
+	nr	$t2,$mask
+	srlg	$i2,$s1,16
+	srlg	$ra,$s1,8
+	nr	$s1,$mask	# i0
+	nr	$i2,$mask
+	nr	$ra,$mask
+
+	llgc	$i3,2048($i3,$tbl)	# Td4[s0>>24]
+	llgc	$t1,2048($t1,$tbl)	# Td4[s0>>16]
+	llgc	$t2,2048($t2,$tbl)	# Td4[s0>>8]
+	sll	$t1,16
+	llgc	$t3,2048($s0,$tbl)	# Td4[s0>>0]
+	sllg	$s0,$i3,24
+	sll	$t2,8
+
+	llgc	$s1,2048($s1,$tbl)	# Td4[s1>>0]
+	llgc	$i1,2048($i1,$tbl)	# Td4[s1>>24]
+	llgc	$i2,2048($i2,$tbl)	# Td4[s1>>16]
+	sll	$i1,24
+	llgc	$i3,2048($ra,$tbl)	# Td4[s1>>8]
+	sll	$i2,16
+	sll	$i3,8
+	or	$s0,$s1
+	or	$t1,$i1
+	or	$t2,$i2
+	or	$t3,$i3
+
+	srlg	$i1,$s2,8	# i0
+	srlg	$i2,$s2,24
+	srlg	$i3,$s2,16
+	nr	$s2,$mask	# i1
+	nr	$i1,$mask
+	nr	$i3,$mask
+	llgc	$i1,2048($i1,$tbl)	# Td4[s2>>8]
+	llgc	$s1,2048($s2,$tbl)	# Td4[s2>>0]
+	llgc	$i2,2048($i2,$tbl)	# Td4[s2>>24]
+	llgc	$i3,2048($i3,$tbl)	# Td4[s2>>16]
+	sll	$i1,8
+	sll	$i2,24
+	or	$s0,$i1
+	sll	$i3,16
+	or	$t2,$i2
+	or	$t3,$i3
+
+	srlg	$i1,$s3,16	# i0
+	srlg	$i2,$s3,8	# i1
+	srlg	$i3,$s3,24
+	nr	$s3,$mask	# i2
+	nr	$i1,$mask
+	nr	$i2,$mask
+
+	l${g}	$ra,15*$SIZE_T($sp)
+	or	$s1,$t1
+	l	$t0,16($key)
+	l	$t1,20($key)
+
+	llgc	$i1,2048($i1,$tbl)	# Td4[s3>>16]
+	llgc	$i2,2048($i2,$tbl)	# Td4[s3>>8]
+	sll	$i1,16
+	llgc	$s2,2048($s3,$tbl)	# Td4[s3>>0]
+	llgc	$s3,2048($i3,$tbl)	# Td4[s3>>24]
+	sll	$i2,8
+	sll	$s3,24
+	or	$s0,$i1
+	or	$s1,$i2
+	or	$s2,$t2
+	or	$s3,$t3
+
+	xr	$s0,$t0
+	xr	$s1,$t1
+	x	$s2,24($key)
+	x	$s3,28($key)
+
+	br	$ra
+.size	_s390x_AES_decrypt,.-_s390x_AES_decrypt
+___
+
+$code.=<<___;
+# void AES_set_encrypt_key(const unsigned char *in, int bits,
+# 		 AES_KEY *key) {
+.globl	AES_set_encrypt_key
+.type	AES_set_encrypt_key,\@function
+.align	16
+AES_set_encrypt_key:
+_s390x_AES_set_encrypt_key:
+	lghi	$t0,0
+	cl${g}r	$inp,$t0
+	je	.Lminus1
+	cl${g}r	$key,$t0
+	je	.Lminus1
+
+	lghi	$t0,128
+	clr	$bits,$t0
+	je	.Lproceed
+	lghi	$t0,192
+	clr	$bits,$t0
+	je	.Lproceed
+	lghi	$t0,256
+	clr	$bits,$t0
+	je	.Lproceed
+	lghi	%r2,-2
+	br	%r14
+
+.align	16
+.Lproceed:
+___
+$code.=<<___ if (!$softonly);
+	# convert bits to km(c) code, [128,192,256]->[18,19,20]
+	lhi	%r5,-128
+	lhi	%r0,18
+	ar	%r5,$bits
+	srl	%r5,6
+	ar	%r5,%r0
+
+	larl	%r1,OPENSSL_s390xcap_P
+	llihh	%r0,0x8000
+	srlg	%r0,%r0,0(%r5)
+	ng	%r0,S390X_KM(%r1)  # check availability of both km...
+	ng	%r0,S390X_KMC(%r1) # ...and kmc support for given key length
+	jz	.Lekey_internal
+
+	lmg	%r0,%r1,0($inp)	# just copy 128 bits...
+	stmg	%r0,%r1,0($key)
+	lhi	%r0,192
+	cr	$bits,%r0
+	jl	1f
+	lg	%r1,16($inp)
+	stg	%r1,16($key)
+	je	1f
+	lg	%r1,24($inp)
+	stg	%r1,24($key)
+1:	st	$bits,236($key)	# save bits [for debugging purposes]
+	lgr	$t0,%r5
+	st	%r5,240($key)	# save km(c) code
+	lghi	%r2,0
+	br	%r14
+___
+$code.=<<___;
+.align	16
+.Lekey_internal:
+	stm${g}	%r4,%r13,4*$SIZE_T($sp)	# all non-volatile regs and $key
+
+	larl	$tbl,AES_Te+2048
+
+	llgf	$s0,0($inp)
+	llgf	$s1,4($inp)
+	llgf	$s2,8($inp)
+	llgf	$s3,12($inp)
+	st	$s0,0($key)
+	st	$s1,4($key)
+	st	$s2,8($key)
+	st	$s3,12($key)
+	lghi	$t0,128
+	cr	$bits,$t0
+	jne	.Lnot128
+
+	llill	$mask,0xff
+	lghi	$t3,0			# i=0
+	lghi	$rounds,10
+	st	$rounds,240($key)
+
+	llgfr	$t2,$s3			# temp=rk[3]
+	srlg	$i1,$s3,8
+	srlg	$i2,$s3,16
+	srlg	$i3,$s3,24
+	nr	$t2,$mask
+	nr	$i1,$mask
+	nr	$i2,$mask
+
+.align	16
+.L128_loop:
+	la	$t2,0($t2,$tbl)
+	la	$i1,0($i1,$tbl)
+	la	$i2,0($i2,$tbl)
+	la	$i3,0($i3,$tbl)
+	icm	$t2,2,0($t2)		# Te4[rk[3]>>0]<<8
+	icm	$t2,4,0($i1)		# Te4[rk[3]>>8]<<16
+	icm	$t2,8,0($i2)		# Te4[rk[3]>>16]<<24
+	icm	$t2,1,0($i3)		# Te4[rk[3]>>24]
+	x	$t2,256($t3,$tbl)	# rcon[i]
+	xr	$s0,$t2			# rk[4]=rk[0]^...
+	xr	$s1,$s0			# rk[5]=rk[1]^rk[4]
+	xr	$s2,$s1			# rk[6]=rk[2]^rk[5]
+	xr	$s3,$s2			# rk[7]=rk[3]^rk[6]
+
+	llgfr	$t2,$s3			# temp=rk[3]
+	srlg	$i1,$s3,8
+	srlg	$i2,$s3,16
+	nr	$t2,$mask
+	nr	$i1,$mask
+	srlg	$i3,$s3,24
+	nr	$i2,$mask
+
+	st	$s0,16($key)
+	st	$s1,20($key)
+	st	$s2,24($key)
+	st	$s3,28($key)
+	la	$key,16($key)		# key+=4
+	la	$t3,4($t3)		# i++
+	brct	$rounds,.L128_loop
+	lghi	$t0,10
+	lghi	%r2,0
+	lm${g}	%r4,%r13,4*$SIZE_T($sp)
+	br	$ra
+
+.align	16
+.Lnot128:
+	llgf	$t0,16($inp)
+	llgf	$t1,20($inp)
+	st	$t0,16($key)
+	st	$t1,20($key)
+	lghi	$t0,192
+	cr	$bits,$t0
+	jne	.Lnot192
+
+	llill	$mask,0xff
+	lghi	$t3,0			# i=0
+	lghi	$rounds,12
+	st	$rounds,240($key)
+	lghi	$rounds,8
+
+	srlg	$i1,$t1,8
+	srlg	$i2,$t1,16
+	srlg	$i3,$t1,24
+	nr	$t1,$mask
+	nr	$i1,$mask
+	nr	$i2,$mask
+
+.align	16
+.L192_loop:
+	la	$t1,0($t1,$tbl)
+	la	$i1,0($i1,$tbl)
+	la	$i2,0($i2,$tbl)
+	la	$i3,0($i3,$tbl)
+	icm	$t1,2,0($t1)		# Te4[rk[5]>>0]<<8
+	icm	$t1,4,0($i1)		# Te4[rk[5]>>8]<<16
+	icm	$t1,8,0($i2)		# Te4[rk[5]>>16]<<24
+	icm	$t1,1,0($i3)		# Te4[rk[5]>>24]
+	x	$t1,256($t3,$tbl)	# rcon[i]
+	xr	$s0,$t1			# rk[6]=rk[0]^...
+	xr	$s1,$s0			# rk[7]=rk[1]^rk[6]
+	xr	$s2,$s1			# rk[8]=rk[2]^rk[7]
+	xr	$s3,$s2			# rk[9]=rk[3]^rk[8]
+
+	st	$s0,24($key)
+	st	$s1,28($key)
+	st	$s2,32($key)
+	st	$s3,36($key)
+	brct	$rounds,.L192_continue
+	lghi	$t0,12
+	lghi	%r2,0
+	lm${g}	%r4,%r13,4*$SIZE_T($sp)
+	br	$ra
+
+.align	16
+.L192_continue:
+	lgr	$t1,$s3
+	x	$t1,16($key)		# rk[10]=rk[4]^rk[9]
+	st	$t1,40($key)
+	x	$t1,20($key)		# rk[11]=rk[5]^rk[10]
+	st	$t1,44($key)
+
+	srlg	$i1,$t1,8
+	srlg	$i2,$t1,16
+	srlg	$i3,$t1,24
+	nr	$t1,$mask
+	nr	$i1,$mask
+	nr	$i2,$mask
+
+	la	$key,24($key)		# key+=6
+	la	$t3,4($t3)		# i++
+	j	.L192_loop
+
+.align	16
+.Lnot192:
+	llgf	$t0,24($inp)
+	llgf	$t1,28($inp)
+	st	$t0,24($key)
+	st	$t1,28($key)
+	llill	$mask,0xff
+	lghi	$t3,0			# i=0
+	lghi	$rounds,14
+	st	$rounds,240($key)
+	lghi	$rounds,7
+
+	srlg	$i1,$t1,8
+	srlg	$i2,$t1,16
+	srlg	$i3,$t1,24
+	nr	$t1,$mask
+	nr	$i1,$mask
+	nr	$i2,$mask
+
+.align	16
+.L256_loop:
+	la	$t1,0($t1,$tbl)
+	la	$i1,0($i1,$tbl)
+	la	$i2,0($i2,$tbl)
+	la	$i3,0($i3,$tbl)
+	icm	$t1,2,0($t1)		# Te4[rk[7]>>0]<<8
+	icm	$t1,4,0($i1)		# Te4[rk[7]>>8]<<16
+	icm	$t1,8,0($i2)		# Te4[rk[7]>>16]<<24
+	icm	$t1,1,0($i3)		# Te4[rk[7]>>24]
+	x	$t1,256($t3,$tbl)	# rcon[i]
+	xr	$s0,$t1			# rk[8]=rk[0]^...
+	xr	$s1,$s0			# rk[9]=rk[1]^rk[8]
+	xr	$s2,$s1			# rk[10]=rk[2]^rk[9]
+	xr	$s3,$s2			# rk[11]=rk[3]^rk[10]
+	st	$s0,32($key)
+	st	$s1,36($key)
+	st	$s2,40($key)
+	st	$s3,44($key)
+	brct	$rounds,.L256_continue
+	lghi	$t0,14
+	lghi	%r2,0
+	lm${g}	%r4,%r13,4*$SIZE_T($sp)
+	br	$ra
+
+.align	16
+.L256_continue:
+	lgr	$t1,$s3			# temp=rk[11]
+	srlg	$i1,$s3,8
+	srlg	$i2,$s3,16
+	srlg	$i3,$s3,24
+	nr	$t1,$mask
+	nr	$i1,$mask
+	nr	$i2,$mask
+	la	$t1,0($t1,$tbl)
+	la	$i1,0($i1,$tbl)
+	la	$i2,0($i2,$tbl)
+	la	$i3,0($i3,$tbl)
+	llgc	$t1,0($t1)		# Te4[rk[11]>>0]
+	icm	$t1,2,0($i1)		# Te4[rk[11]>>8]<<8
+	icm	$t1,4,0($i2)		# Te4[rk[11]>>16]<<16
+	icm	$t1,8,0($i3)		# Te4[rk[11]>>24]<<24
+	x	$t1,16($key)		# rk[12]=rk[4]^...
+	st	$t1,48($key)
+	x	$t1,20($key)		# rk[13]=rk[5]^rk[12]
+	st	$t1,52($key)
+	x	$t1,24($key)		# rk[14]=rk[6]^rk[13]
+	st	$t1,56($key)
+	x	$t1,28($key)		# rk[15]=rk[7]^rk[14]
+	st	$t1,60($key)
+
+	srlg	$i1,$t1,8
+	srlg	$i2,$t1,16
+	srlg	$i3,$t1,24
+	nr	$t1,$mask
+	nr	$i1,$mask
+	nr	$i2,$mask
+
+	la	$key,32($key)		# key+=8
+	la	$t3,4($t3)		# i++
+	j	.L256_loop
+
+.Lminus1:
+	lghi	%r2,-1
+	br	$ra
+.size	AES_set_encrypt_key,.-AES_set_encrypt_key
+
+# void AES_set_decrypt_key(const unsigned char *in, int bits,
+# 		 AES_KEY *key) {
+.globl	AES_set_decrypt_key
+.type	AES_set_decrypt_key,\@function
+.align	16
+AES_set_decrypt_key:
+	#st${g}	$key,4*$SIZE_T($sp)	# I rely on AES_set_encrypt_key to
+	st${g}	$ra,14*$SIZE_T($sp)	# save non-volatile registers and $key!
+	bras	$ra,_s390x_AES_set_encrypt_key
+	#l${g}	$key,4*$SIZE_T($sp)
+	l${g}	$ra,14*$SIZE_T($sp)
+	ltgr	%r2,%r2
+	bnzr	$ra
+___
+$code.=<<___ if (!$softonly);
+	#l	$t0,240($key)
+	lhi	$t1,16
+	cr	$t0,$t1
+	jl	.Lgo
+	oill	$t0,S390X_DECRYPT	# set "decrypt" bit
+	st	$t0,240($key)
+	br	$ra
+___
+$code.=<<___;
+.align	16
+.Lgo:	lgr	$rounds,$t0	#llgf	$rounds,240($key)
+	la	$i1,0($key)
+	sllg	$i2,$rounds,4
+	la	$i2,0($i2,$key)
+	srl	$rounds,1
+	lghi	$t1,-16
+
+.align	16
+.Linv:	lmg	$s0,$s1,0($i1)
+	lmg	$s2,$s3,0($i2)
+	stmg	$s0,$s1,0($i2)
+	stmg	$s2,$s3,0($i1)
+	la	$i1,16($i1)
+	la	$i2,0($t1,$i2)
+	brct	$rounds,.Linv
+___
+$mask80=$i1;
+$mask1b=$i2;
+$maskfe=$i3;
+$code.=<<___;
+	llgf	$rounds,240($key)
+	aghi	$rounds,-1
+	sll	$rounds,2	# (rounds-1)*4
+	llilh	$mask80,0x8080
+	llilh	$mask1b,0x1b1b
+	llilh	$maskfe,0xfefe
+	oill	$mask80,0x8080
+	oill	$mask1b,0x1b1b
+	oill	$maskfe,0xfefe
+
+.align	16
+.Lmix:	l	$s0,16($key)	# tp1
+	lr	$s1,$s0
+	ngr	$s1,$mask80
+	srlg	$t1,$s1,7
+	slr	$s1,$t1
+	nr	$s1,$mask1b
+	sllg	$t1,$s0,1
+	nr	$t1,$maskfe
+	xr	$s1,$t1		# tp2
+
+	lr	$s2,$s1
+	ngr	$s2,$mask80
+	srlg	$t1,$s2,7
+	slr	$s2,$t1
+	nr	$s2,$mask1b
+	sllg	$t1,$s1,1
+	nr	$t1,$maskfe
+	xr	$s2,$t1		# tp4
+
+	lr	$s3,$s2
+	ngr	$s3,$mask80
+	srlg	$t1,$s3,7
+	slr	$s3,$t1
+	nr	$s3,$mask1b
+	sllg	$t1,$s2,1
+	nr	$t1,$maskfe
+	xr	$s3,$t1		# tp8
+
+	xr	$s1,$s0		# tp2^tp1
+	xr	$s2,$s0		# tp4^tp1
+	rll	$s0,$s0,24	# = ROTATE(tp1,8)
+	xr	$s2,$s3		# ^=tp8
+	xr	$s0,$s1		# ^=tp2^tp1
+	xr	$s1,$s3		# tp2^tp1^tp8
+	xr	$s0,$s2		# ^=tp4^tp1^tp8
+	rll	$s1,$s1,8
+	rll	$s2,$s2,16
+	xr	$s0,$s1		# ^= ROTATE(tp8^tp2^tp1,24)
+	rll	$s3,$s3,24
+	xr	$s0,$s2    	# ^= ROTATE(tp8^tp4^tp1,16)
+	xr	$s0,$s3		# ^= ROTATE(tp8,8)
+
+	st	$s0,16($key)
+	la	$key,4($key)
+	brct	$rounds,.Lmix
+
+	lm${g}	%r6,%r13,6*$SIZE_T($sp)# as was saved by AES_set_encrypt_key!
+	lghi	%r2,0
+	br	$ra
+.size	AES_set_decrypt_key,.-AES_set_decrypt_key
+___
+
+########################################################################
+# void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
+#                     size_t length, const AES_KEY *key,
+#                     unsigned char *ivec, const int enc)
+{
+my $inp="%r2";
+my $out="%r4";	# length and out are swapped
+my $len="%r3";
+my $key="%r5";
+my $ivp="%r6";
+
+$code.=<<___;
+.globl	AES_cbc_encrypt
+.type	AES_cbc_encrypt,\@function
+.align	16
+AES_cbc_encrypt:
+	xgr	%r3,%r4		# flip %r3 and %r4, out and len
+	xgr	%r4,%r3
+	xgr	%r3,%r4
+___
+$code.=<<___ if (!$softonly);
+	lhi	%r0,16
+	cl	%r0,240($key)
+	jh	.Lcbc_software
+
+	lg	%r0,0($ivp)	# copy ivec
+	lg	%r1,8($ivp)
+	stmg	%r0,%r1,16($sp)
+	lmg	%r0,%r1,0($key)	# copy key, cover 256 bit
+	stmg	%r0,%r1,32($sp)
+	lmg	%r0,%r1,16($key)
+	stmg	%r0,%r1,48($sp)
+	l	%r0,240($key)	# load kmc code
+	lghi	$key,15		# res=len%16, len-=res;
+	ngr	$key,$len
+	sl${g}r	$len,$key
+	la	%r1,16($sp)	# parameter block - ivec || key
+	jz	.Lkmc_truncated
+	.long	0xb92f0042	# kmc %r4,%r2
+	brc	1,.-4		# pay attention to "partial completion"
+	ltr	$key,$key
+	jnz	.Lkmc_truncated
+.Lkmc_done:
+	lmg	%r0,%r1,16($sp)	# copy ivec to caller
+	stg	%r0,0($ivp)
+	stg	%r1,8($ivp)
+	br	$ra
+.align	16
+.Lkmc_truncated:
+	ahi	$key,-1		# it's the way it's encoded in mvc
+	tmll	%r0,S390X_DECRYPT
+	jnz	.Lkmc_truncated_dec
+	lghi	%r1,0
+	stg	%r1,16*$SIZE_T($sp)
+	stg	%r1,16*$SIZE_T+8($sp)
+	bras	%r1,1f
+	mvc	16*$SIZE_T(1,$sp),0($inp)
+1:	ex	$key,0(%r1)
+	la	%r1,16($sp)	# restore parameter block
+	la	$inp,16*$SIZE_T($sp)
+	lghi	$len,16
+	.long	0xb92f0042	# kmc %r4,%r2
+	j	.Lkmc_done
+.align	16
+.Lkmc_truncated_dec:
+	st${g}	$out,4*$SIZE_T($sp)
+	la	$out,16*$SIZE_T($sp)
+	lghi	$len,16
+	.long	0xb92f0042	# kmc %r4,%r2
+	l${g}	$out,4*$SIZE_T($sp)
+	bras	%r1,2f
+	mvc	0(1,$out),16*$SIZE_T($sp)
+2:	ex	$key,0(%r1)
+	j	.Lkmc_done
+.align	16
+.Lcbc_software:
+___
+$code.=<<___;
+	stm${g}	$key,$ra,5*$SIZE_T($sp)
+	lhi	%r0,0
+	cl	%r0,`$stdframe+$SIZE_T-4`($sp)
+	je	.Lcbc_decrypt
+
+	larl	$tbl,AES_Te
+
+	llgf	$s0,0($ivp)
+	llgf	$s1,4($ivp)
+	llgf	$s2,8($ivp)
+	llgf	$s3,12($ivp)
+
+	lghi	$t0,16
+	sl${g}r	$len,$t0
+	brc	4,.Lcbc_enc_tail	# if borrow
+.Lcbc_enc_loop:
+	stm${g}	$inp,$out,2*$SIZE_T($sp)
+	x	$s0,0($inp)
+	x	$s1,4($inp)
+	x	$s2,8($inp)
+	x	$s3,12($inp)
+	lgr	%r4,$key
+
+	bras	$ra,_s390x_AES_encrypt
+
+	lm${g}	$inp,$key,2*$SIZE_T($sp)
+	st	$s0,0($out)
+	st	$s1,4($out)
+	st	$s2,8($out)
+	st	$s3,12($out)
+
+	la	$inp,16($inp)
+	la	$out,16($out)
+	lghi	$t0,16
+	lt${g}r	$len,$len
+	jz	.Lcbc_enc_done
+	sl${g}r	$len,$t0
+	brc	4,.Lcbc_enc_tail	# if borrow
+	j	.Lcbc_enc_loop
+.align	16
+.Lcbc_enc_done:
+	l${g}	$ivp,6*$SIZE_T($sp)
+	st	$s0,0($ivp)
+	st	$s1,4($ivp)
+	st	$s2,8($ivp)
+	st	$s3,12($ivp)
+
+	lm${g}	%r7,$ra,7*$SIZE_T($sp)
+	br	$ra
+
+.align	16
+.Lcbc_enc_tail:
+	aghi	$len,15
+	lghi	$t0,0
+	stg	$t0,16*$SIZE_T($sp)
+	stg	$t0,16*$SIZE_T+8($sp)
+	bras	$t1,3f
+	mvc	16*$SIZE_T(1,$sp),0($inp)
+3:	ex	$len,0($t1)
+	lghi	$len,0
+	la	$inp,16*$SIZE_T($sp)
+	j	.Lcbc_enc_loop
+
+.align	16
+.Lcbc_decrypt:
+	larl	$tbl,AES_Td
+
+	lg	$t0,0($ivp)
+	lg	$t1,8($ivp)
+	stmg	$t0,$t1,16*$SIZE_T($sp)
+
+.Lcbc_dec_loop:
+	stm${g}	$inp,$out,2*$SIZE_T($sp)
+	llgf	$s0,0($inp)
+	llgf	$s1,4($inp)
+	llgf	$s2,8($inp)
+	llgf	$s3,12($inp)
+	lgr	%r4,$key
+
+	bras	$ra,_s390x_AES_decrypt
+
+	lm${g}	$inp,$key,2*$SIZE_T($sp)
+	sllg	$s0,$s0,32
+	sllg	$s2,$s2,32
+	lr	$s0,$s1
+	lr	$s2,$s3
+
+	lg	$t0,0($inp)
+	lg	$t1,8($inp)
+	xg	$s0,16*$SIZE_T($sp)
+	xg	$s2,16*$SIZE_T+8($sp)
+	lghi	$s1,16
+	sl${g}r	$len,$s1
+	brc	4,.Lcbc_dec_tail	# if borrow
+	brc	2,.Lcbc_dec_done	# if zero
+	stg	$s0,0($out)
+	stg	$s2,8($out)
+	stmg	$t0,$t1,16*$SIZE_T($sp)
+
+	la	$inp,16($inp)
+	la	$out,16($out)
+	j	.Lcbc_dec_loop
+
+.Lcbc_dec_done:
+	stg	$s0,0($out)
+	stg	$s2,8($out)
+.Lcbc_dec_exit:
+	lm${g}	%r6,$ra,6*$SIZE_T($sp)
+	stmg	$t0,$t1,0($ivp)
+
+	br	$ra
+
+.align	16
+.Lcbc_dec_tail:
+	aghi	$len,15
+	stg	$s0,16*$SIZE_T($sp)
+	stg	$s2,16*$SIZE_T+8($sp)
+	bras	$s1,4f
+	mvc	0(1,$out),16*$SIZE_T($sp)
+4:	ex	$len,0($s1)
+	j	.Lcbc_dec_exit
+.size	AES_cbc_encrypt,.-AES_cbc_encrypt
+___
+}
+########################################################################
+# void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out,
+#                     size_t blocks, const AES_KEY *key,
+#                     const unsigned char *ivec)
+{
+my $inp="%r2";
+my $out="%r4";	# blocks and out are swapped
+my $len="%r3";
+my $key="%r5";	my $iv0="%r5";
+my $ivp="%r6";
+my $fp ="%r7";
+
+$code.=<<___;
+.globl	AES_ctr32_encrypt
+.type	AES_ctr32_encrypt,\@function
+.align	16
+AES_ctr32_encrypt:
+	xgr	%r3,%r4		# flip %r3 and %r4, $out and $len
+	xgr	%r4,%r3
+	xgr	%r3,%r4
+	llgfr	$len,$len	# safe in ctr32 subroutine even in 64-bit case
+___
+$code.=<<___ if (!$softonly);
+	l	%r0,240($key)
+	lhi	%r1,16
+	clr	%r0,%r1
+	jl	.Lctr32_software
+
+	st${g}	$s2,10*$SIZE_T($sp)
+	st${g}	$s3,11*$SIZE_T($sp)
+
+	clr	$len,%r1		# does work even in 64-bit mode
+	jle	.Lctr32_nokma		# kma is slower for <= 16 blocks
+
+	larl	%r1,OPENSSL_s390xcap_P
+	lr	$s2,%r0
+	llihh	$s3,0x8000
+	srlg	$s3,$s3,0($s2)
+	ng	$s3,S390X_KMA(%r1)		# check kma capability vector
+	jz	.Lctr32_nokma
+
+	l${g}hi	%r1,-$stdframe-112
+	l${g}r	$s3,$sp
+	la	$sp,0(%r1,$sp)			# prepare parameter block
+
+	lhi	%r1,0x0600
+	sllg	$len,$len,4
+	or	%r0,%r1				# set HS and LAAD flags
+
+	st${g}	$s3,0($sp)			# backchain
+	la	%r1,$stdframe($sp)
+
+	lmg	$s2,$s3,0($key)			# copy key
+	stg	$s2,$stdframe+80($sp)
+	stg	$s3,$stdframe+88($sp)
+	lmg	$s2,$s3,16($key)
+	stg	$s2,$stdframe+96($sp)
+	stg	$s3,$stdframe+104($sp)
+
+	lmg	$s2,$s3,0($ivp)			# copy iv
+	stg	$s2,$stdframe+64($sp)
+	ahi	$s3,-1				# kma requires counter-1
+	stg	$s3,$stdframe+72($sp)
+	st	$s3,$stdframe+12($sp)		# copy counter
+
+	lghi	$s2,0				# no AAD
+	lghi	$s3,0
+
+	.long	0xb929a042	# kma $out,$s2,$inp
+	brc	1,.-4		# pay attention to "partial completion"
+
+	stg	%r0,$stdframe+80($sp)		# wipe key
+	stg	%r0,$stdframe+88($sp)
+	stg	%r0,$stdframe+96($sp)
+	stg	%r0,$stdframe+104($sp)
+	la	$sp,$stdframe+112($sp)
+
+	lm${g}	$s2,$s3,10*$SIZE_T($sp)
+	br	$ra
+
+.align	16
+.Lctr32_nokma:
+	stm${g}	%r6,$s1,6*$SIZE_T($sp)
+
+	slgr	$out,$inp
+	la	%r1,0($key)	# %r1 is permanent copy of $key
+	lg	$iv0,0($ivp)	# load ivec
+	lg	$ivp,8($ivp)
+
+	# prepare and allocate stack frame at the top of 4K page
+	# with 1K reserved for eventual signal handling
+	lghi	$s0,-1024-256-16# guarantee at least 256-bytes buffer
+	lghi	$s1,-4096
+	algr	$s0,$sp
+	lgr	$fp,$sp
+	ngr	$s0,$s1		# align at page boundary
+	slgr	$fp,$s0		# total buffer size
+	lgr	$s2,$sp
+	lghi	$s1,1024+16	# sl[g]fi is extended-immediate facility
+	slgr	$fp,$s1		# deduct reservation to get usable buffer size
+	# buffer size is at lest 256 and at most 3072+256-16
+
+	la	$sp,1024($s0)	# alloca
+	srlg	$fp,$fp,4	# convert bytes to blocks, minimum 16
+	st${g}	$s2,0($sp)	# back-chain
+	st${g}	$fp,$SIZE_T($sp)
+
+	slgr	$len,$fp
+	brc	1,.Lctr32_hw_switch	# not zero, no borrow
+	algr	$fp,$len	# input is shorter than allocated buffer
+	lghi	$len,0
+	st${g}	$fp,$SIZE_T($sp)
+
+.Lctr32_hw_switch:
+___
+$code.=<<___ if (!$softonly && 0);# kmctr code was measured to be ~12% slower
+	llgfr	$s0,%r0
+	lgr	$s1,%r1
+	larl	%r1,OPENSSL_s390xcap_P
+	llihh	%r0,0x8000	# check if kmctr supports the function code
+	srlg	%r0,%r0,0($s0)
+	ng	%r0,S390X_KMCTR(%r1)	# check kmctr capability vector
+	lgr	%r0,$s0
+	lgr	%r1,$s1
+	jz	.Lctr32_km_loop
+
+####### kmctr code
+	algr	$out,$inp	# restore $out
+	lgr	$s1,$len	# $s1 undertakes $len
+	j	.Lctr32_kmctr_loop
+.align	16
+.Lctr32_kmctr_loop:
+	la	$s2,16($sp)
+	lgr	$s3,$fp
+.Lctr32_kmctr_prepare:
+	stg	$iv0,0($s2)
+	stg	$ivp,8($s2)
+	la	$s2,16($s2)
+	ahi	$ivp,1		# 32-bit increment, preserves upper half
+	brct	$s3,.Lctr32_kmctr_prepare
+
+	#la	$inp,0($inp)	# inp
+	sllg	$len,$fp,4	# len
+	#la	$out,0($out)	# out
+	la	$s2,16($sp)	# iv
+	.long	0xb92da042	# kmctr $out,$s2,$inp
+	brc	1,.-4		# pay attention to "partial completion"
+
+	slgr	$s1,$fp
+	brc	1,.Lctr32_kmctr_loop	# not zero, no borrow
+	algr	$fp,$s1
+	lghi	$s1,0
+	brc	4+1,.Lctr32_kmctr_loop	# not zero
+
+	l${g}	$sp,0($sp)
+	lm${g}	%r6,$s3,6*$SIZE_T($sp)
+	br	$ra
+.align	16
+___
+$code.=<<___ if (!$softonly);
+.Lctr32_km_loop:
+	la	$s2,16($sp)
+	lgr	$s3,$fp
+.Lctr32_km_prepare:
+	stg	$iv0,0($s2)
+	stg	$ivp,8($s2)
+	la	$s2,16($s2)
+	ahi	$ivp,1		# 32-bit increment, preserves upper half
+	brct	$s3,.Lctr32_km_prepare
+
+	la	$s0,16($sp)	# inp
+	sllg	$s1,$fp,4	# len
+	la	$s2,16($sp)	# out
+	.long	0xb92e00a8	# km %r10,%r8
+	brc	1,.-4		# pay attention to "partial completion"
+
+	la	$s2,16($sp)
+	lgr	$s3,$fp
+	slgr	$s2,$inp
+.Lctr32_km_xor:
+	lg	$s0,0($inp)
+	lg	$s1,8($inp)
+	xg	$s0,0($s2,$inp)
+	xg	$s1,8($s2,$inp)
+	stg	$s0,0($out,$inp)
+	stg	$s1,8($out,$inp)
+	la	$inp,16($inp)
+	brct	$s3,.Lctr32_km_xor
+
+	slgr	$len,$fp
+	brc	1,.Lctr32_km_loop	# not zero, no borrow
+	algr	$fp,$len
+	lghi	$len,0
+	brc	4+1,.Lctr32_km_loop	# not zero
+
+	l${g}	$s0,0($sp)
+	l${g}	$s1,$SIZE_T($sp)
+	la	$s2,16($sp)
+.Lctr32_km_zap:
+	stg	$s0,0($s2)
+	stg	$s0,8($s2)
+	la	$s2,16($s2)
+	brct	$s1,.Lctr32_km_zap
+
+	la	$sp,0($s0)
+	lm${g}	%r6,$s3,6*$SIZE_T($sp)
+	br	$ra
+.align	16
+.Lctr32_software:
+___
+$code.=<<___;
+	stm${g}	$key,$ra,5*$SIZE_T($sp)
+	sl${g}r	$inp,$out
+	larl	$tbl,AES_Te
+	llgf	$t1,12($ivp)
+
+.Lctr32_loop:
+	stm${g}	$inp,$out,2*$SIZE_T($sp)
+	llgf	$s0,0($ivp)
+	llgf	$s1,4($ivp)
+	llgf	$s2,8($ivp)
+	lgr	$s3,$t1
+	st	$t1,16*$SIZE_T($sp)
+	lgr	%r4,$key
+
+	bras	$ra,_s390x_AES_encrypt
+
+	lm${g}	$inp,$ivp,2*$SIZE_T($sp)
+	llgf	$t1,16*$SIZE_T($sp)
+	x	$s0,0($inp,$out)
+	x	$s1,4($inp,$out)
+	x	$s2,8($inp,$out)
+	x	$s3,12($inp,$out)
+	stm	$s0,$s3,0($out)
+
+	la	$out,16($out)
+	ahi	$t1,1		# 32-bit increment
+	brct	$len,.Lctr32_loop
+
+	lm${g}	%r6,$ra,6*$SIZE_T($sp)
+	br	$ra
+.size	AES_ctr32_encrypt,.-AES_ctr32_encrypt
+___
+}
+
+########################################################################
+# void AES_xts_encrypt(const unsigned char *inp, unsigned char *out,
+#	size_t len, const AES_KEY *key1, const AES_KEY *key2,
+#	const unsigned char iv[16]);
+#
+{
+my $inp="%r2";
+my $out="%r4";	# len and out are swapped
+my $len="%r3";
+my $key1="%r5";	# $i1
+my $key2="%r6";	# $i2
+my $fp="%r7";	# $i3
+my $tweak=16*$SIZE_T+16;	# or $stdframe-16, bottom of the frame...
+
+$code.=<<___;
+.type	_s390x_xts_km,\@function
+.align	16
+_s390x_xts_km:
+___
+$code.=<<___ if(1);
+	llgfr	$s0,%r0			# put aside the function code
+	lghi	$s1,0x7f
+	nr	$s1,%r0
+	larl	%r1,OPENSSL_s390xcap_P
+	llihh	%r0,0x8000
+	srlg	%r0,%r0,32($s1)		# check for 32+function code
+	ng	%r0,S390X_KM(%r1)	# check km capability vector
+	lgr	%r0,$s0			# restore the function code
+	la	%r1,0($key1)		# restore $key1
+	jz	.Lxts_km_vanilla
+
+	lmg	$i2,$i3,$tweak($sp)	# put aside the tweak value
+	algr	$out,$inp
+
+	oill	%r0,32			# switch to xts function code
+	aghi	$s1,-18			#
+	sllg	$s1,$s1,3		# (function code - 18)*8, 0 or 16
+	la	%r1,$tweak-16($sp)
+	slgr	%r1,$s1			# parameter block position
+	lmg	$s0,$s3,0($key1)	# load 256 bits of key material,
+	stmg	$s0,$s3,0(%r1)		# and copy it to parameter block.
+					# yes, it contains junk and overlaps
+					# with the tweak in 128-bit case.
+					# it's done to avoid conditional
+					# branch.
+	stmg	$i2,$i3,$tweak($sp)	# "re-seat" the tweak value
+
+	.long	0xb92e0042		# km %r4,%r2
+	brc	1,.-4			# pay attention to "partial completion"
+
+	lrvg	$s0,$tweak+0($sp)	# load the last tweak
+	lrvg	$s1,$tweak+8($sp)
+	stmg	%r0,%r3,$tweak-32($sp)	# wipe copy of the key
+
+	nill	%r0,0xffdf		# switch back to original function code
+	la	%r1,0($key1)		# restore pointer to $key1
+	slgr	$out,$inp
+
+	llgc	$len,2*$SIZE_T-1($sp)
+	nill	$len,0x0f		# $len%=16
+	br	$ra
+
+.align	16
+.Lxts_km_vanilla:
+___
+$code.=<<___;
+	# prepare and allocate stack frame at the top of 4K page
+	# with 1K reserved for eventual signal handling
+	lghi	$s0,-1024-256-16# guarantee at least 256-bytes buffer
+	lghi	$s1,-4096
+	algr	$s0,$sp
+	lgr	$fp,$sp
+	ngr	$s0,$s1		# align at page boundary
+	slgr	$fp,$s0		# total buffer size
+	lgr	$s2,$sp
+	lghi	$s1,1024+16	# sl[g]fi is extended-immediate facility
+	slgr	$fp,$s1		# deduct reservation to get usable buffer size
+	# buffer size is at lest 256 and at most 3072+256-16
+
+	la	$sp,1024($s0)	# alloca
+	nill	$fp,0xfff0	# round to 16*n
+	st${g}	$s2,0($sp)	# back-chain
+	nill	$len,0xfff0	# redundant
+	st${g}	$fp,$SIZE_T($sp)
+
+	slgr	$len,$fp
+	brc	1,.Lxts_km_go	# not zero, no borrow
+	algr	$fp,$len	# input is shorter than allocated buffer
+	lghi	$len,0
+	st${g}	$fp,$SIZE_T($sp)
+
+.Lxts_km_go:
+	lrvg	$s0,$tweak+0($s2)	# load the tweak value in little-endian
+	lrvg	$s1,$tweak+8($s2)
+
+	la	$s2,16($sp)		# vector of ascending tweak values
+	slgr	$s2,$inp
+	srlg	$s3,$fp,4
+	j	.Lxts_km_start
+
+.Lxts_km_loop:
+	la	$s2,16($sp)
+	slgr	$s2,$inp
+	srlg	$s3,$fp,4
+.Lxts_km_prepare:
+	lghi	$i1,0x87
+	srag	$i2,$s1,63		# broadcast upper bit
+	ngr	$i1,$i2			# rem
+	algr	$s0,$s0
+	alcgr	$s1,$s1
+	xgr	$s0,$i1
+.Lxts_km_start:
+	lrvgr	$i1,$s0			# flip byte order
+	lrvgr	$i2,$s1
+	stg	$i1,0($s2,$inp)
+	stg	$i2,8($s2,$inp)
+	xg	$i1,0($inp)
+	xg	$i2,8($inp)
+	stg	$i1,0($out,$inp)
+	stg	$i2,8($out,$inp)
+	la	$inp,16($inp)
+	brct	$s3,.Lxts_km_prepare
+
+	slgr	$inp,$fp		# rewind $inp
+	la	$s2,0($out,$inp)
+	lgr	$s3,$fp
+	.long	0xb92e00aa		# km $s2,$s2
+	brc	1,.-4			# pay attention to "partial completion"
+
+	la	$s2,16($sp)
+	slgr	$s2,$inp
+	srlg	$s3,$fp,4
+.Lxts_km_xor:
+	lg	$i1,0($out,$inp)
+	lg	$i2,8($out,$inp)
+	xg	$i1,0($s2,$inp)
+	xg	$i2,8($s2,$inp)
+	stg	$i1,0($out,$inp)
+	stg	$i2,8($out,$inp)
+	la	$inp,16($inp)
+	brct	$s3,.Lxts_km_xor
+
+	slgr	$len,$fp
+	brc	1,.Lxts_km_loop		# not zero, no borrow
+	algr	$fp,$len
+	lghi	$len,0
+	brc	4+1,.Lxts_km_loop	# not zero
+
+	l${g}	$i1,0($sp)		# back-chain
+	llgf	$fp,`2*$SIZE_T-4`($sp)	# bytes used
+	la	$i2,16($sp)
+	srlg	$fp,$fp,4
+.Lxts_km_zap:
+	stg	$i1,0($i2)
+	stg	$i1,8($i2)
+	la	$i2,16($i2)
+	brct	$fp,.Lxts_km_zap
+
+	la	$sp,0($i1)
+	llgc	$len,2*$SIZE_T-1($i1)
+	nill	$len,0x0f		# $len%=16
+	bzr	$ra
+
+	# generate one more tweak...
+	lghi	$i1,0x87
+	srag	$i2,$s1,63		# broadcast upper bit
+	ngr	$i1,$i2			# rem
+	algr	$s0,$s0
+	alcgr	$s1,$s1
+	xgr	$s0,$i1
+
+	ltr	$len,$len		# clear zero flag
+	br	$ra
+.size	_s390x_xts_km,.-_s390x_xts_km
+
+.globl	AES_xts_encrypt
+.type	AES_xts_encrypt,\@function
+.align	16
+AES_xts_encrypt:
+	xgr	%r3,%r4			# flip %r3 and %r4, $out and $len
+	xgr	%r4,%r3
+	xgr	%r3,%r4
+___
+$code.=<<___ if ($SIZE_T==4);
+	llgfr	$len,$len
+___
+$code.=<<___;
+	st${g}	$len,1*$SIZE_T($sp)	# save copy of $len
+	srag	$len,$len,4		# formally wrong, because it expands
+					# sign byte, but who can afford asking
+					# to process more than 2^63-1 bytes?
+					# I use it, because it sets condition
+					# code...
+	bcr	8,$ra			# abort if zero (i.e. less than 16)
+___
+$code.=<<___ if (!$softonly);
+	llgf	%r0,240($key2)
+	lhi	%r1,16
+	clr	%r0,%r1
+	jl	.Lxts_enc_software
+
+	st${g}	$ra,5*$SIZE_T($sp)
+	stm${g}	%r6,$s3,6*$SIZE_T($sp)
+
+	sllg	$len,$len,4		# $len&=~15
+	slgr	$out,$inp
+
+	# generate the tweak value
+	l${g}	$s3,$stdframe($sp)	# pointer to iv
+	la	$s2,$tweak($sp)
+	lmg	$s0,$s1,0($s3)
+	lghi	$s3,16
+	stmg	$s0,$s1,0($s2)
+	la	%r1,0($key2)		# $key2 is not needed anymore
+	.long	0xb92e00aa		# km $s2,$s2, generate the tweak
+	brc	1,.-4			# can this happen?
+
+	l	%r0,240($key1)
+	la	%r1,0($key1)		# $key1 is not needed anymore
+	bras	$ra,_s390x_xts_km
+	jz	.Lxts_enc_km_done
+
+	aghi	$inp,-16		# take one step back
+	la	$i3,0($out,$inp)	# put aside real $out
+.Lxts_enc_km_steal:
+	llgc	$i1,16($inp)
+	llgc	$i2,0($out,$inp)
+	stc	$i1,0($out,$inp)
+	stc	$i2,16($out,$inp)
+	la	$inp,1($inp)
+	brct	$len,.Lxts_enc_km_steal
+
+	la	$s2,0($i3)
+	lghi	$s3,16
+	lrvgr	$i1,$s0			# flip byte order
+	lrvgr	$i2,$s1
+	xg	$i1,0($s2)
+	xg	$i2,8($s2)
+	stg	$i1,0($s2)
+	stg	$i2,8($s2)
+	.long	0xb92e00aa		# km $s2,$s2
+	brc	1,.-4			# can this happen?
+	lrvgr	$i1,$s0			# flip byte order
+	lrvgr	$i2,$s1
+	xg	$i1,0($i3)
+	xg	$i2,8($i3)
+	stg	$i1,0($i3)
+	stg	$i2,8($i3)
+
+.Lxts_enc_km_done:
+	stg	$sp,$tweak+0($sp)	# wipe tweak
+	stg	$sp,$tweak+8($sp)
+	l${g}	$ra,5*$SIZE_T($sp)
+	lm${g}	%r6,$s3,6*$SIZE_T($sp)
+	br	$ra
+.align	16
+.Lxts_enc_software:
+___
+$code.=<<___;
+	stm${g}	%r6,$ra,6*$SIZE_T($sp)
+
+	slgr	$out,$inp
+
+	l${g}	$s3,$stdframe($sp)	# ivp
+	llgf	$s0,0($s3)		# load iv
+	llgf	$s1,4($s3)
+	llgf	$s2,8($s3)
+	llgf	$s3,12($s3)
+	stm${g}	%r2,%r5,2*$SIZE_T($sp)
+	la	$key,0($key2)
+	larl	$tbl,AES_Te
+	bras	$ra,_s390x_AES_encrypt	# generate the tweak
+	lm${g}	%r2,%r5,2*$SIZE_T($sp)
+	stm	$s0,$s3,$tweak($sp)	# save the tweak
+	j	.Lxts_enc_enter
+
+.align	16
+.Lxts_enc_loop:
+	lrvg	$s1,$tweak+0($sp)	# load the tweak in little-endian
+	lrvg	$s3,$tweak+8($sp)
+	lghi	%r1,0x87
+	srag	%r0,$s3,63		# broadcast upper bit
+	ngr	%r1,%r0			# rem
+	algr	$s1,$s1
+	alcgr	$s3,$s3
+	xgr	$s1,%r1
+	lrvgr	$s1,$s1			# flip byte order
+	lrvgr	$s3,$s3
+	srlg	$s0,$s1,32		# smash the tweak to 4x32-bits
+	stg	$s1,$tweak+0($sp)	# save the tweak
+	llgfr	$s1,$s1
+	srlg	$s2,$s3,32
+	stg	$s3,$tweak+8($sp)
+	llgfr	$s3,$s3
+	la	$inp,16($inp)		# $inp+=16
+.Lxts_enc_enter:
+	x	$s0,0($inp)		# ^=*($inp)
+	x	$s1,4($inp)
+	x	$s2,8($inp)
+	x	$s3,12($inp)
+	stm${g}	%r2,%r3,2*$SIZE_T($sp)	# only two registers are changing
+	la	$key,0($key1)
+	bras	$ra,_s390x_AES_encrypt
+	lm${g}	%r2,%r5,2*$SIZE_T($sp)
+	x	$s0,$tweak+0($sp)	# ^=tweak
+	x	$s1,$tweak+4($sp)
+	x	$s2,$tweak+8($sp)
+	x	$s3,$tweak+12($sp)
+	st	$s0,0($out,$inp)
+	st	$s1,4($out,$inp)
+	st	$s2,8($out,$inp)
+	st	$s3,12($out,$inp)
+	brct${g}	$len,.Lxts_enc_loop
+
+	llgc	$len,`2*$SIZE_T-1`($sp)
+	nill	$len,0x0f		# $len%16
+	jz	.Lxts_enc_done
+
+	la	$i3,0($inp,$out)	# put aside real $out
+.Lxts_enc_steal:
+	llgc	%r0,16($inp)
+	llgc	%r1,0($out,$inp)
+	stc	%r0,0($out,$inp)
+	stc	%r1,16($out,$inp)
+	la	$inp,1($inp)
+	brct	$len,.Lxts_enc_steal
+	la	$out,0($i3)		# restore real $out
+
+	# generate last tweak...
+	lrvg	$s1,$tweak+0($sp)	# load the tweak in little-endian
+	lrvg	$s3,$tweak+8($sp)
+	lghi	%r1,0x87
+	srag	%r0,$s3,63		# broadcast upper bit
+	ngr	%r1,%r0			# rem
+	algr	$s1,$s1
+	alcgr	$s3,$s3
+	xgr	$s1,%r1
+	lrvgr	$s1,$s1			# flip byte order
+	lrvgr	$s3,$s3
+	srlg	$s0,$s1,32		# smash the tweak to 4x32-bits
+	stg	$s1,$tweak+0($sp)	# save the tweak
+	llgfr	$s1,$s1
+	srlg	$s2,$s3,32
+	stg	$s3,$tweak+8($sp)
+	llgfr	$s3,$s3
+
+	x	$s0,0($out)		# ^=*(inp)|stolen cipther-text
+	x	$s1,4($out)
+	x	$s2,8($out)
+	x	$s3,12($out)
+	st${g}	$out,4*$SIZE_T($sp)
+	la	$key,0($key1)
+	bras	$ra,_s390x_AES_encrypt
+	l${g}	$out,4*$SIZE_T($sp)
+	x	$s0,`$tweak+0`($sp)	# ^=tweak
+	x	$s1,`$tweak+4`($sp)
+	x	$s2,`$tweak+8`($sp)
+	x	$s3,`$tweak+12`($sp)
+	st	$s0,0($out)
+	st	$s1,4($out)
+	st	$s2,8($out)
+	st	$s3,12($out)
+
+.Lxts_enc_done:
+	stg	$sp,$tweak+0($sp)	# wipe tweak
+	stg	$sp,$twesk+8($sp)
+	lm${g}	%r6,$ra,6*$SIZE_T($sp)
+	br	$ra
+.size	AES_xts_encrypt,.-AES_xts_encrypt
+___
+# void AES_xts_decrypt(const unsigned char *inp, unsigned char *out,
+#	size_t len, const AES_KEY *key1, const AES_KEY *key2,
+#	const unsigned char iv[16]);
+#
+$code.=<<___;
+.globl	AES_xts_decrypt
+.type	AES_xts_decrypt,\@function
+.align	16
+AES_xts_decrypt:
+	xgr	%r3,%r4			# flip %r3 and %r4, $out and $len
+	xgr	%r4,%r3
+	xgr	%r3,%r4
+___
+$code.=<<___ if ($SIZE_T==4);
+	llgfr	$len,$len
+___
+$code.=<<___;
+	st${g}	$len,1*$SIZE_T($sp)	# save copy of $len
+	aghi	$len,-16
+	bcr	4,$ra			# abort if less than zero. formally
+					# wrong, because $len is unsigned,
+					# but who can afford asking to
+					# process more than 2^63-1 bytes?
+	tmll	$len,0x0f
+	jnz	.Lxts_dec_proceed
+	aghi	$len,16
+.Lxts_dec_proceed:
+___
+$code.=<<___ if (!$softonly);
+	llgf	%r0,240($key2)
+	lhi	%r1,16
+	clr	%r0,%r1
+	jl	.Lxts_dec_software
+
+	st${g}	$ra,5*$SIZE_T($sp)
+	stm${g}	%r6,$s3,6*$SIZE_T($sp)
+
+	nill	$len,0xfff0		# $len&=~15
+	slgr	$out,$inp
+
+	# generate the tweak value
+	l${g}	$s3,$stdframe($sp)	# pointer to iv
+	la	$s2,$tweak($sp)
+	lmg	$s0,$s1,0($s3)
+	lghi	$s3,16
+	stmg	$s0,$s1,0($s2)
+	la	%r1,0($key2)		# $key2 is not needed past this point
+	.long	0xb92e00aa		# km $s2,$s2, generate the tweak
+	brc	1,.-4			# can this happen?
+
+	l	%r0,240($key1)
+	la	%r1,0($key1)		# $key1 is not needed anymore
+
+	ltgr	$len,$len
+	jz	.Lxts_dec_km_short
+	bras	$ra,_s390x_xts_km
+	jz	.Lxts_dec_km_done
+
+	lrvgr	$s2,$s0			# make copy in reverse byte order
+	lrvgr	$s3,$s1
+	j	.Lxts_dec_km_2ndtweak
+
+.Lxts_dec_km_short:
+	llgc	$len,`2*$SIZE_T-1`($sp)
+	nill	$len,0x0f		# $len%=16
+	lrvg	$s0,$tweak+0($sp)	# load the tweak
+	lrvg	$s1,$tweak+8($sp)
+	lrvgr	$s2,$s0			# make copy in reverse byte order
+	lrvgr	$s3,$s1
+
+.Lxts_dec_km_2ndtweak:
+	lghi	$i1,0x87
+	srag	$i2,$s1,63		# broadcast upper bit
+	ngr	$i1,$i2			# rem
+	algr	$s0,$s0
+	alcgr	$s1,$s1
+	xgr	$s0,$i1
+	lrvgr	$i1,$s0			# flip byte order
+	lrvgr	$i2,$s1
+
+	xg	$i1,0($inp)
+	xg	$i2,8($inp)
+	stg	$i1,0($out,$inp)
+	stg	$i2,8($out,$inp)
+	la	$i2,0($out,$inp)
+	lghi	$i3,16
+	.long	0xb92e0066		# km $i2,$i2
+	brc	1,.-4			# can this happen?
+	lrvgr	$i1,$s0
+	lrvgr	$i2,$s1
+	xg	$i1,0($out,$inp)
+	xg	$i2,8($out,$inp)
+	stg	$i1,0($out,$inp)
+	stg	$i2,8($out,$inp)
+
+	la	$i3,0($out,$inp)	# put aside real $out
+.Lxts_dec_km_steal:
+	llgc	$i1,16($inp)
+	llgc	$i2,0($out,$inp)
+	stc	$i1,0($out,$inp)
+	stc	$i2,16($out,$inp)
+	la	$inp,1($inp)
+	brct	$len,.Lxts_dec_km_steal
+
+	lgr	$s0,$s2
+	lgr	$s1,$s3
+	xg	$s0,0($i3)
+	xg	$s1,8($i3)
+	stg	$s0,0($i3)
+	stg	$s1,8($i3)
+	la	$s0,0($i3)
+	lghi	$s1,16
+	.long	0xb92e0088		# km $s0,$s0
+	brc	1,.-4			# can this happen?
+	xg	$s2,0($i3)
+	xg	$s3,8($i3)
+	stg	$s2,0($i3)
+	stg	$s3,8($i3)
+.Lxts_dec_km_done:
+	stg	$sp,$tweak+0($sp)	# wipe tweak
+	stg	$sp,$tweak+8($sp)
+	l${g}	$ra,5*$SIZE_T($sp)
+	lm${g}	%r6,$s3,6*$SIZE_T($sp)
+	br	$ra
+.align	16
+.Lxts_dec_software:
+___
+$code.=<<___;
+	stm${g}	%r6,$ra,6*$SIZE_T($sp)
+
+	srlg	$len,$len,4
+	slgr	$out,$inp
+
+	l${g}	$s3,$stdframe($sp)	# ivp
+	llgf	$s0,0($s3)		# load iv
+	llgf	$s1,4($s3)
+	llgf	$s2,8($s3)
+	llgf	$s3,12($s3)
+	stm${g}	%r2,%r5,2*$SIZE_T($sp)
+	la	$key,0($key2)
+	larl	$tbl,AES_Te
+	bras	$ra,_s390x_AES_encrypt	# generate the tweak
+	lm${g}	%r2,%r5,2*$SIZE_T($sp)
+	larl	$tbl,AES_Td
+	lt${g}r	$len,$len
+	stm	$s0,$s3,$tweak($sp)	# save the tweak
+	jz	.Lxts_dec_short
+	j	.Lxts_dec_enter
+
+.align	16
+.Lxts_dec_loop:
+	lrvg	$s1,$tweak+0($sp)	# load the tweak in little-endian
+	lrvg	$s3,$tweak+8($sp)
+	lghi	%r1,0x87
+	srag	%r0,$s3,63		# broadcast upper bit
+	ngr	%r1,%r0			# rem
+	algr	$s1,$s1
+	alcgr	$s3,$s3
+	xgr	$s1,%r1
+	lrvgr	$s1,$s1			# flip byte order
+	lrvgr	$s3,$s3
+	srlg	$s0,$s1,32		# smash the tweak to 4x32-bits
+	stg	$s1,$tweak+0($sp)	# save the tweak
+	llgfr	$s1,$s1
+	srlg	$s2,$s3,32
+	stg	$s3,$tweak+8($sp)
+	llgfr	$s3,$s3
+.Lxts_dec_enter:
+	x	$s0,0($inp)		# tweak^=*(inp)
+	x	$s1,4($inp)
+	x	$s2,8($inp)
+	x	$s3,12($inp)
+	stm${g}	%r2,%r3,2*$SIZE_T($sp)	# only two registers are changing
+	la	$key,0($key1)
+	bras	$ra,_s390x_AES_decrypt
+	lm${g}	%r2,%r5,2*$SIZE_T($sp)
+	x	$s0,$tweak+0($sp)	# ^=tweak
+	x	$s1,$tweak+4($sp)
+	x	$s2,$tweak+8($sp)
+	x	$s3,$tweak+12($sp)
+	st	$s0,0($out,$inp)
+	st	$s1,4($out,$inp)
+	st	$s2,8($out,$inp)
+	st	$s3,12($out,$inp)
+	la	$inp,16($inp)
+	brct${g}	$len,.Lxts_dec_loop
+
+	llgc	$len,`2*$SIZE_T-1`($sp)
+	nill	$len,0x0f		# $len%16
+	jz	.Lxts_dec_done
+
+	# generate pair of tweaks...
+	lrvg	$s1,$tweak+0($sp)	# load the tweak in little-endian
+	lrvg	$s3,$tweak+8($sp)
+	lghi	%r1,0x87
+	srag	%r0,$s3,63		# broadcast upper bit
+	ngr	%r1,%r0			# rem
+	algr	$s1,$s1
+	alcgr	$s3,$s3
+	xgr	$s1,%r1
+	lrvgr	$i2,$s1			# flip byte order
+	lrvgr	$i3,$s3
+	stmg	$i2,$i3,$tweak($sp)	# save the 1st tweak
+	j	.Lxts_dec_2ndtweak
+
+.align	16
+.Lxts_dec_short:
+	llgc	$len,`2*$SIZE_T-1`($sp)
+	nill	$len,0x0f		# $len%16
+	lrvg	$s1,$tweak+0($sp)	# load the tweak in little-endian
+	lrvg	$s3,$tweak+8($sp)
+.Lxts_dec_2ndtweak:
+	lghi	%r1,0x87
+	srag	%r0,$s3,63		# broadcast upper bit
+	ngr	%r1,%r0			# rem
+	algr	$s1,$s1
+	alcgr	$s3,$s3
+	xgr	$s1,%r1
+	lrvgr	$s1,$s1			# flip byte order
+	lrvgr	$s3,$s3
+	srlg	$s0,$s1,32		# smash the tweak to 4x32-bits
+	stg	$s1,$tweak-16+0($sp)	# save the 2nd tweak
+	llgfr	$s1,$s1
+	srlg	$s2,$s3,32
+	stg	$s3,$tweak-16+8($sp)
+	llgfr	$s3,$s3
+
+	x	$s0,0($inp)		# tweak_the_2nd^=*(inp)
+	x	$s1,4($inp)
+	x	$s2,8($inp)
+	x	$s3,12($inp)
+	stm${g}	%r2,%r3,2*$SIZE_T($sp)
+	la	$key,0($key1)
+	bras	$ra,_s390x_AES_decrypt
+	lm${g}	%r2,%r5,2*$SIZE_T($sp)
+	x	$s0,$tweak-16+0($sp)	# ^=tweak_the_2nd
+	x	$s1,$tweak-16+4($sp)
+	x	$s2,$tweak-16+8($sp)
+	x	$s3,$tweak-16+12($sp)
+	st	$s0,0($out,$inp)
+	st	$s1,4($out,$inp)
+	st	$s2,8($out,$inp)
+	st	$s3,12($out,$inp)
+
+	la	$i3,0($out,$inp)	# put aside real $out
+.Lxts_dec_steal:
+	llgc	%r0,16($inp)
+	llgc	%r1,0($out,$inp)
+	stc	%r0,0($out,$inp)
+	stc	%r1,16($out,$inp)
+	la	$inp,1($inp)
+	brct	$len,.Lxts_dec_steal
+	la	$out,0($i3)		# restore real $out
+
+	lm	$s0,$s3,$tweak($sp)	# load the 1st tweak
+	x	$s0,0($out)		# tweak^=*(inp)|stolen cipher-text
+	x	$s1,4($out)
+	x	$s2,8($out)
+	x	$s3,12($out)
+	st${g}	$out,4*$SIZE_T($sp)
+	la	$key,0($key1)
+	bras	$ra,_s390x_AES_decrypt
+	l${g}	$out,4*$SIZE_T($sp)
+	x	$s0,$tweak+0($sp)	# ^=tweak
+	x	$s1,$tweak+4($sp)
+	x	$s2,$tweak+8($sp)
+	x	$s3,$tweak+12($sp)
+	st	$s0,0($out)
+	st	$s1,4($out)
+	st	$s2,8($out)
+	st	$s3,12($out)
+	stg	$sp,$tweak-16+0($sp)	# wipe 2nd tweak
+	stg	$sp,$tweak-16+8($sp)
+.Lxts_dec_done:
+	stg	$sp,$tweak+0($sp)	# wipe tweak
+	stg	$sp,$twesk+8($sp)
+	lm${g}	%r6,$ra,6*$SIZE_T($sp)
+	br	$ra
+.size	AES_xts_decrypt,.-AES_xts_decrypt
+___
+}
+$code.=<<___;
+.string	"AES for s390x, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT;	# force flush
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-sparcv9.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-sparcv9.pl
new file mode 100755
index 000000000..40d1f94cc
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-sparcv9.pl
@@ -0,0 +1,1192 @@
+#! /usr/bin/env perl
+# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. Rights for redistribution and usage in source and binary
+# forms are granted according to the OpenSSL license.
+# ====================================================================
+#
+# Version 1.1
+#
+# The major reason for undertaken effort was to mitigate the hazard of
+# cache-timing attack. This is [currently and initially!] addressed in
+# two ways. 1. S-boxes are compressed from 5KB to 2KB+256B size each.
+# 2. References to them are scheduled for L2 cache latency, meaning
+# that the tables don't have to reside in L1 cache. Once again, this
+# is an initial draft and one should expect more countermeasures to
+# be implemented...
+#
+# Version 1.1 prefetches T[ed]4 in order to mitigate attack on last
+# round.
+#
+# Even though performance was not the primary goal [on the contrary,
+# extra shifts "induced" by compressed S-box and longer loop epilogue
+# "induced" by scheduling for L2 have negative effect on performance],
+# the code turned out to run in ~23 cycles per processed byte en-/
+# decrypted with 128-bit key. This is pretty good result for code
+# with mentioned qualities and UltraSPARC core. Compared to Sun C
+# generated code my encrypt procedure runs just few percents faster,
+# while decrypt one - whole 50% faster [yes, Sun C failed to generate
+# optimal decrypt procedure]. Compared to GNU C generated code both
+# procedures are more than 60% faster:-)
+
+$output = pop;
+open STDOUT,">$output";
+
+$frame="STACK_FRAME";
+$bias="STACK_BIAS";
+$locals=16;
+
+$acc0="%l0";
+$acc1="%o0";
+$acc2="%o1";
+$acc3="%o2";
+
+$acc4="%l1";
+$acc5="%o3";
+$acc6="%o4";
+$acc7="%o5";
+
+$acc8="%l2";
+$acc9="%o7";
+$acc10="%g1";
+$acc11="%g2";
+
+$acc12="%l3";
+$acc13="%g3";
+$acc14="%g4";
+$acc15="%g5";
+
+$t0="%l4";
+$t1="%l5";
+$t2="%l6";
+$t3="%l7";
+
+$s0="%i0";
+$s1="%i1";
+$s2="%i2";
+$s3="%i3";
+$tbl="%i4";
+$key="%i5";
+$rounds="%i7";	# aliases with return address, which is off-loaded to stack
+
+sub _data_word()
+{ my $i;
+    while(defined($i=shift)) { $code.=sprintf"\t.long\t0x%08x,0x%08x\n",$i,$i; }
+}
+
+$code.=<<___;
+#include "sparc_arch.h"
+
+#ifdef  __arch64__
+.register	%g2,#scratch
+.register	%g3,#scratch
+#endif
+.section	".text",#alloc,#execinstr
+
+.align	256
+AES_Te:
+___
+&_data_word(
+	0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d,
+	0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554,
+	0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d,
+	0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a,
+	0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87,
+	0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b,
+	0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea,
+	0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b,
+	0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a,
+	0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f,
+	0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108,
+	0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f,
+	0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e,
+	0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5,
+	0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d,
+	0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f,
+	0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e,
+	0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb,
+	0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce,
+	0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497,
+	0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c,
+	0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed,
+	0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b,
+	0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a,
+	0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16,
+	0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594,
+	0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81,
+	0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3,
+	0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a,
+	0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504,
+	0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163,
+	0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d,
+	0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f,
+	0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739,
+	0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47,
+	0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395,
+	0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f,
+	0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883,
+	0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c,
+	0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76,
+	0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e,
+	0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4,
+	0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6,
+	0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b,
+	0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7,
+	0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0,
+	0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25,
+	0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818,
+	0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72,
+	0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651,
+	0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21,
+	0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85,
+	0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa,
+	0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12,
+	0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0,
+	0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9,
+	0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133,
+	0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7,
+	0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920,
+	0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a,
+	0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17,
+	0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8,
+	0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11,
+	0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a);
+$code.=<<___;
+	.byte	0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5
+	.byte	0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76
+	.byte	0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0
+	.byte	0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0
+	.byte	0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc
+	.byte	0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15
+	.byte	0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a
+	.byte	0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75
+	.byte	0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0
+	.byte	0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84
+	.byte	0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b
+	.byte	0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf
+	.byte	0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85
+	.byte	0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8
+	.byte	0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5
+	.byte	0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2
+	.byte	0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17
+	.byte	0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73
+	.byte	0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88
+	.byte	0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb
+	.byte	0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c
+	.byte	0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79
+	.byte	0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9
+	.byte	0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08
+	.byte	0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6
+	.byte	0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a
+	.byte	0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e
+	.byte	0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e
+	.byte	0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94
+	.byte	0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf
+	.byte	0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68
+	.byte	0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
+.type	AES_Te,#object
+.size	AES_Te,(.-AES_Te)
+
+.align	64
+.skip	16
+_sparcv9_AES_encrypt:
+	save	%sp,-$frame-$locals,%sp
+	stx	%i7,[%sp+$bias+$frame+0]	! off-load return address
+	ld	[$key+240],$rounds
+	ld	[$key+0],$t0
+	ld	[$key+4],$t1			!
+	ld	[$key+8],$t2
+	srl	$rounds,1,$rounds
+	xor	$t0,$s0,$s0
+	ld	[$key+12],$t3
+	srl	$s0,21,$acc0
+	xor	$t1,$s1,$s1
+	ld	[$key+16],$t0
+	srl	$s1,13,$acc1			!
+	xor	$t2,$s2,$s2
+	ld	[$key+20],$t1
+	xor	$t3,$s3,$s3
+	ld	[$key+24],$t2
+	and	$acc0,2040,$acc0
+	ld	[$key+28],$t3
+	nop
+.Lenc_loop:
+	srl	$s2,5,$acc2			!
+	and	$acc1,2040,$acc1
+	ldx	[$tbl+$acc0],$acc0
+	sll	$s3,3,$acc3
+	and	$acc2,2040,$acc2
+	ldx	[$tbl+$acc1],$acc1
+	srl	$s1,21,$acc4
+	and	$acc3,2040,$acc3
+	ldx	[$tbl+$acc2],$acc2		!
+	srl	$s2,13,$acc5
+	and	$acc4,2040,$acc4
+	ldx	[$tbl+$acc3],$acc3
+	srl	$s3,5,$acc6
+	and	$acc5,2040,$acc5
+	ldx	[$tbl+$acc4],$acc4
+	fmovs	%f0,%f0
+	sll	$s0,3,$acc7			!
+	and	$acc6,2040,$acc6
+	ldx	[$tbl+$acc5],$acc5
+	srl	$s2,21,$acc8
+	and	$acc7,2040,$acc7
+	ldx	[$tbl+$acc6],$acc6
+	srl	$s3,13,$acc9
+	and	$acc8,2040,$acc8
+	ldx	[$tbl+$acc7],$acc7		!
+	srl	$s0,5,$acc10
+	and	$acc9,2040,$acc9
+	ldx	[$tbl+$acc8],$acc8
+	sll	$s1,3,$acc11
+	and	$acc10,2040,$acc10
+	ldx	[$tbl+$acc9],$acc9
+	fmovs	%f0,%f0
+	srl	$s3,21,$acc12			!
+	and	$acc11,2040,$acc11
+	ldx	[$tbl+$acc10],$acc10
+	srl	$s0,13,$acc13
+	and	$acc12,2040,$acc12
+	ldx	[$tbl+$acc11],$acc11
+	srl	$s1,5,$acc14
+	and	$acc13,2040,$acc13
+	ldx	[$tbl+$acc12],$acc12		!
+	sll	$s2,3,$acc15
+	and	$acc14,2040,$acc14
+	ldx	[$tbl+$acc13],$acc13
+	and	$acc15,2040,$acc15
+	add	$key,32,$key
+	ldx	[$tbl+$acc14],$acc14
+	fmovs	%f0,%f0
+	subcc	$rounds,1,$rounds		!
+	ldx	[$tbl+$acc15],$acc15
+	bz,a,pn	%icc,.Lenc_last
+	add	$tbl,2048,$rounds
+
+		srlx	$acc1,8,$acc1
+		xor	$acc0,$t0,$t0
+	ld	[$key+0],$s0
+	fmovs	%f0,%f0
+		srlx	$acc2,16,$acc2		!
+		xor	$acc1,$t0,$t0
+	ld	[$key+4],$s1
+		srlx	$acc3,24,$acc3
+		xor	$acc2,$t0,$t0
+	ld	[$key+8],$s2
+		srlx	$acc5,8,$acc5
+		xor	$acc3,$t0,$t0
+	ld	[$key+12],$s3			!
+		srlx	$acc6,16,$acc6
+		xor	$acc4,$t1,$t1
+	fmovs	%f0,%f0
+		srlx	$acc7,24,$acc7
+		xor	$acc5,$t1,$t1
+		srlx	$acc9,8,$acc9
+		xor	$acc6,$t1,$t1
+		srlx	$acc10,16,$acc10	!
+		xor	$acc7,$t1,$t1
+		srlx	$acc11,24,$acc11
+		xor	$acc8,$t2,$t2
+		srlx	$acc13,8,$acc13
+		xor	$acc9,$t2,$t2
+		srlx	$acc14,16,$acc14
+		xor	$acc10,$t2,$t2
+		srlx	$acc15,24,$acc15	!
+		xor	$acc11,$t2,$t2
+		xor	$acc12,$acc14,$acc14
+		xor	$acc13,$t3,$t3
+	srl	$t0,21,$acc0
+		xor	$acc14,$t3,$t3
+	srl	$t1,13,$acc1
+		xor	$acc15,$t3,$t3
+
+	and	$acc0,2040,$acc0		!
+	srl	$t2,5,$acc2
+	and	$acc1,2040,$acc1
+	ldx	[$tbl+$acc0],$acc0
+	sll	$t3,3,$acc3
+	and	$acc2,2040,$acc2
+	ldx	[$tbl+$acc1],$acc1
+	fmovs	%f0,%f0
+	srl	$t1,21,$acc4			!
+	and	$acc3,2040,$acc3
+	ldx	[$tbl+$acc2],$acc2
+	srl	$t2,13,$acc5
+	and	$acc4,2040,$acc4
+	ldx	[$tbl+$acc3],$acc3
+	srl	$t3,5,$acc6
+	and	$acc5,2040,$acc5
+	ldx	[$tbl+$acc4],$acc4		!
+	sll	$t0,3,$acc7
+	and	$acc6,2040,$acc6
+	ldx	[$tbl+$acc5],$acc5
+	srl	$t2,21,$acc8
+	and	$acc7,2040,$acc7
+	ldx	[$tbl+$acc6],$acc6
+	fmovs	%f0,%f0
+	srl	$t3,13,$acc9			!
+	and	$acc8,2040,$acc8
+	ldx	[$tbl+$acc7],$acc7
+	srl	$t0,5,$acc10
+	and	$acc9,2040,$acc9
+	ldx	[$tbl+$acc8],$acc8
+	sll	$t1,3,$acc11
+	and	$acc10,2040,$acc10
+	ldx	[$tbl+$acc9],$acc9		!
+	srl	$t3,21,$acc12
+	and	$acc11,2040,$acc11
+	ldx	[$tbl+$acc10],$acc10
+	srl	$t0,13,$acc13
+	and	$acc12,2040,$acc12
+	ldx	[$tbl+$acc11],$acc11
+	fmovs	%f0,%f0
+	srl	$t1,5,$acc14			!
+	and	$acc13,2040,$acc13
+	ldx	[$tbl+$acc12],$acc12
+	sll	$t2,3,$acc15
+	and	$acc14,2040,$acc14
+	ldx	[$tbl+$acc13],$acc13
+		srlx	$acc1,8,$acc1
+	and	$acc15,2040,$acc15
+	ldx	[$tbl+$acc14],$acc14		!
+
+		srlx	$acc2,16,$acc2
+		xor	$acc0,$s0,$s0
+	ldx	[$tbl+$acc15],$acc15
+		srlx	$acc3,24,$acc3
+		xor	$acc1,$s0,$s0
+	ld	[$key+16],$t0
+	fmovs	%f0,%f0
+		srlx	$acc5,8,$acc5		!
+		xor	$acc2,$s0,$s0
+	ld	[$key+20],$t1
+		srlx	$acc6,16,$acc6
+		xor	$acc3,$s0,$s0
+	ld	[$key+24],$t2
+		srlx	$acc7,24,$acc7
+		xor	$acc4,$s1,$s1
+	ld	[$key+28],$t3			!
+		srlx	$acc9,8,$acc9
+		xor	$acc5,$s1,$s1
+	ldx	[$tbl+2048+0],%g0		! prefetch te4
+		srlx	$acc10,16,$acc10
+		xor	$acc6,$s1,$s1
+	ldx	[$tbl+2048+32],%g0		! prefetch te4
+		srlx	$acc11,24,$acc11
+		xor	$acc7,$s1,$s1
+	ldx	[$tbl+2048+64],%g0		! prefetch te4
+		srlx	$acc13,8,$acc13
+		xor	$acc8,$s2,$s2
+	ldx	[$tbl+2048+96],%g0		! prefetch te4
+		srlx	$acc14,16,$acc14	!
+		xor	$acc9,$s2,$s2
+	ldx	[$tbl+2048+128],%g0		! prefetch te4
+		srlx	$acc15,24,$acc15
+		xor	$acc10,$s2,$s2
+	ldx	[$tbl+2048+160],%g0		! prefetch te4
+	srl	$s0,21,$acc0
+		xor	$acc11,$s2,$s2
+	ldx	[$tbl+2048+192],%g0		! prefetch te4
+		xor	$acc12,$acc14,$acc14
+		xor	$acc13,$s3,$s3
+	ldx	[$tbl+2048+224],%g0		! prefetch te4
+	srl	$s1,13,$acc1			!
+		xor	$acc14,$s3,$s3
+		xor	$acc15,$s3,$s3
+	ba	.Lenc_loop
+	and	$acc0,2040,$acc0
+
+.align	32
+.Lenc_last:
+		srlx	$acc1,8,$acc1		!
+		xor	$acc0,$t0,$t0
+	ld	[$key+0],$s0
+		srlx	$acc2,16,$acc2
+		xor	$acc1,$t0,$t0
+	ld	[$key+4],$s1
+		srlx	$acc3,24,$acc3
+		xor	$acc2,$t0,$t0
+	ld	[$key+8],$s2			!
+		srlx	$acc5,8,$acc5
+		xor	$acc3,$t0,$t0
+	ld	[$key+12],$s3
+		srlx	$acc6,16,$acc6
+		xor	$acc4,$t1,$t1
+		srlx	$acc7,24,$acc7
+		xor	$acc5,$t1,$t1
+		srlx	$acc9,8,$acc9		!
+		xor	$acc6,$t1,$t1
+		srlx	$acc10,16,$acc10
+		xor	$acc7,$t1,$t1
+		srlx	$acc11,24,$acc11
+		xor	$acc8,$t2,$t2
+		srlx	$acc13,8,$acc13
+		xor	$acc9,$t2,$t2
+		srlx	$acc14,16,$acc14	!
+		xor	$acc10,$t2,$t2
+		srlx	$acc15,24,$acc15
+		xor	$acc11,$t2,$t2
+		xor	$acc12,$acc14,$acc14
+		xor	$acc13,$t3,$t3
+	srl	$t0,24,$acc0
+		xor	$acc14,$t3,$t3
+	srl	$t1,16,$acc1			!
+		xor	$acc15,$t3,$t3
+
+	srl	$t2,8,$acc2
+	and	$acc1,255,$acc1
+	ldub	[$rounds+$acc0],$acc0
+	srl	$t1,24,$acc4
+	and	$acc2,255,$acc2
+	ldub	[$rounds+$acc1],$acc1
+	srl	$t2,16,$acc5			!
+	and	$t3,255,$acc3
+	ldub	[$rounds+$acc2],$acc2
+	ldub	[$rounds+$acc3],$acc3
+	srl	$t3,8,$acc6
+	and	$acc5,255,$acc5
+	ldub	[$rounds+$acc4],$acc4
+	fmovs	%f0,%f0
+	srl	$t2,24,$acc8			!
+	and	$acc6,255,$acc6
+	ldub	[$rounds+$acc5],$acc5
+	srl	$t3,16,$acc9
+	and	$t0,255,$acc7
+	ldub	[$rounds+$acc6],$acc6
+	ldub	[$rounds+$acc7],$acc7
+	fmovs	%f0,%f0
+	srl	$t0,8,$acc10			!
+	and	$acc9,255,$acc9
+	ldub	[$rounds+$acc8],$acc8
+	srl	$t3,24,$acc12
+	and	$acc10,255,$acc10
+	ldub	[$rounds+$acc9],$acc9
+	srl	$t0,16,$acc13
+	and	$t1,255,$acc11
+	ldub	[$rounds+$acc10],$acc10		!
+	srl	$t1,8,$acc14
+	and	$acc13,255,$acc13
+	ldub	[$rounds+$acc11],$acc11
+	ldub	[$rounds+$acc12],$acc12
+	and	$acc14,255,$acc14
+	ldub	[$rounds+$acc13],$acc13
+	and	$t2,255,$acc15
+	ldub	[$rounds+$acc14],$acc14		!
+
+		sll	$acc0,24,$acc0
+		xor	$acc3,$s0,$s0
+	ldub	[$rounds+$acc15],$acc15
+		sll	$acc1,16,$acc1
+		xor	$acc0,$s0,$s0
+	ldx	[%sp+$bias+$frame+0],%i7	! restore return address
+	fmovs	%f0,%f0
+		sll	$acc2,8,$acc2		!
+		xor	$acc1,$s0,$s0
+		sll	$acc4,24,$acc4
+		xor	$acc2,$s0,$s0
+		sll	$acc5,16,$acc5
+		xor	$acc7,$s1,$s1
+		sll	$acc6,8,$acc6
+		xor	$acc4,$s1,$s1
+		sll	$acc8,24,$acc8		!
+		xor	$acc5,$s1,$s1
+		sll	$acc9,16,$acc9
+		xor	$acc11,$s2,$s2
+		sll	$acc10,8,$acc10
+		xor	$acc6,$s1,$s1
+		sll	$acc12,24,$acc12
+		xor	$acc8,$s2,$s2
+		sll	$acc13,16,$acc13	!
+		xor	$acc9,$s2,$s2
+		sll	$acc14,8,$acc14
+		xor	$acc10,$s2,$s2
+		xor	$acc12,$acc14,$acc14
+		xor	$acc13,$s3,$s3
+		xor	$acc14,$s3,$s3
+		xor	$acc15,$s3,$s3
+
+	ret
+	restore
+.type	_sparcv9_AES_encrypt,#function
+.size	_sparcv9_AES_encrypt,(.-_sparcv9_AES_encrypt)
+
+.align	32
+.globl	AES_encrypt
+AES_encrypt:
+	or	%o0,%o1,%g1
+	andcc	%g1,3,%g0
+	bnz,pn	%xcc,.Lunaligned_enc
+	save	%sp,-$frame,%sp
+
+	ld	[%i0+0],%o0
+	ld	[%i0+4],%o1
+	ld	[%i0+8],%o2
+	ld	[%i0+12],%o3
+
+1:	call	.+8
+	add	%o7,AES_Te-1b,%o4
+	call	_sparcv9_AES_encrypt
+	mov	%i2,%o5
+
+	st	%o0,[%i1+0]
+	st	%o1,[%i1+4]
+	st	%o2,[%i1+8]
+	st	%o3,[%i1+12]
+
+	ret
+	restore
+
+.align	32
+.Lunaligned_enc:
+	ldub	[%i0+0],%l0
+	ldub	[%i0+1],%l1
+	ldub	[%i0+2],%l2
+
+	sll	%l0,24,%l0
+	ldub	[%i0+3],%l3
+	sll	%l1,16,%l1
+	ldub	[%i0+4],%l4
+	sll	%l2,8,%l2
+	or	%l1,%l0,%l0
+	ldub	[%i0+5],%l5
+	sll	%l4,24,%l4
+	or	%l3,%l2,%l2
+	ldub	[%i0+6],%l6
+	sll	%l5,16,%l5
+	or	%l0,%l2,%o0
+	ldub	[%i0+7],%l7
+
+	sll	%l6,8,%l6
+	or	%l5,%l4,%l4
+	ldub	[%i0+8],%l0
+	or	%l7,%l6,%l6
+	ldub	[%i0+9],%l1
+	or	%l4,%l6,%o1
+	ldub	[%i0+10],%l2
+
+	sll	%l0,24,%l0
+	ldub	[%i0+11],%l3
+	sll	%l1,16,%l1
+	ldub	[%i0+12],%l4
+	sll	%l2,8,%l2
+	or	%l1,%l0,%l0
+	ldub	[%i0+13],%l5
+	sll	%l4,24,%l4
+	or	%l3,%l2,%l2
+	ldub	[%i0+14],%l6
+	sll	%l5,16,%l5
+	or	%l0,%l2,%o2
+	ldub	[%i0+15],%l7
+
+	sll	%l6,8,%l6
+	or	%l5,%l4,%l4
+	or	%l7,%l6,%l6
+	or	%l4,%l6,%o3
+
+1:	call	.+8
+	add	%o7,AES_Te-1b,%o4
+	call	_sparcv9_AES_encrypt
+	mov	%i2,%o5
+
+	srl	%o0,24,%l0
+	srl	%o0,16,%l1
+	stb	%l0,[%i1+0]
+	srl	%o0,8,%l2
+	stb	%l1,[%i1+1]
+	stb	%l2,[%i1+2]
+	srl	%o1,24,%l4
+	stb	%o0,[%i1+3]
+
+	srl	%o1,16,%l5
+	stb	%l4,[%i1+4]
+	srl	%o1,8,%l6
+	stb	%l5,[%i1+5]
+	stb	%l6,[%i1+6]
+	srl	%o2,24,%l0
+	stb	%o1,[%i1+7]
+
+	srl	%o2,16,%l1
+	stb	%l0,[%i1+8]
+	srl	%o2,8,%l2
+	stb	%l1,[%i1+9]
+	stb	%l2,[%i1+10]
+	srl	%o3,24,%l4
+	stb	%o2,[%i1+11]
+
+	srl	%o3,16,%l5
+	stb	%l4,[%i1+12]
+	srl	%o3,8,%l6
+	stb	%l5,[%i1+13]
+	stb	%l6,[%i1+14]
+	stb	%o3,[%i1+15]
+
+	ret
+	restore
+.type	AES_encrypt,#function
+.size	AES_encrypt,(.-AES_encrypt)
+
+___
+
+$code.=<<___;
+.align	256
+AES_Td:
+___
+&_data_word(
+	0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96,
+	0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393,
+	0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25,
+	0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f,
+	0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1,
+	0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6,
+	0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da,
+	0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844,
+	0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd,
+	0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4,
+	0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45,
+	0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94,
+	0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7,
+	0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a,
+	0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5,
+	0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c,
+	0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1,
+	0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a,
+	0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75,
+	0x0b83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051,
+	0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46,
+	0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff,
+	0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77,
+	0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb,
+	0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000,
+	0x09808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e,
+	0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927,
+	0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a,
+	0x0c0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e,
+	0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16,
+	0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d,
+	0x0e090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8,
+	0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd,
+	0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34,
+	0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163,
+	0xd731dcca, 0x42638510, 0x13972240, 0x84c61120,
+	0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d,
+	0x1d9e2f4b, 0xdcb230f3, 0x0d8652ec, 0x77c1e3d0,
+	0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422,
+	0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef,
+	0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36,
+	0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4,
+	0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662,
+	0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5,
+	0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3,
+	0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b,
+	0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8,
+	0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6,
+	0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6,
+	0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0,
+	0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815,
+	0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f,
+	0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df,
+	0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f,
+	0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e,
+	0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713,
+	0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89,
+	0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c,
+	0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf,
+	0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86,
+	0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f,
+	0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541,
+	0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190,
+	0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742);
+$code.=<<___;
+	.byte	0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38
+	.byte	0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
+	.byte	0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87
+	.byte	0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
+	.byte	0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d
+	.byte	0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
+	.byte	0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2
+	.byte	0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
+	.byte	0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16
+	.byte	0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
+	.byte	0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda
+	.byte	0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
+	.byte	0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a
+	.byte	0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
+	.byte	0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02
+	.byte	0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
+	.byte	0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea
+	.byte	0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
+	.byte	0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85
+	.byte	0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
+	.byte	0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89
+	.byte	0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
+	.byte	0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20
+	.byte	0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
+	.byte	0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31
+	.byte	0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
+	.byte	0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d
+	.byte	0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
+	.byte	0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0
+	.byte	0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
+	.byte	0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26
+	.byte	0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
+.type	AES_Td,#object
+.size	AES_Td,(.-AES_Td)
+
+.align	64
+.skip	16
+_sparcv9_AES_decrypt:
+	save	%sp,-$frame-$locals,%sp
+	stx	%i7,[%sp+$bias+$frame+0]	! off-load return address
+	ld	[$key+240],$rounds
+	ld	[$key+0],$t0
+	ld	[$key+4],$t1			!
+	ld	[$key+8],$t2
+	ld	[$key+12],$t3
+	srl	$rounds,1,$rounds
+	xor	$t0,$s0,$s0
+	ld	[$key+16],$t0
+	xor	$t1,$s1,$s1
+	ld	[$key+20],$t1
+	srl	$s0,21,$acc0			!
+	xor	$t2,$s2,$s2
+	ld	[$key+24],$t2
+	xor	$t3,$s3,$s3
+	and	$acc0,2040,$acc0
+	ld	[$key+28],$t3
+	srl	$s3,13,$acc1
+	nop
+.Ldec_loop:
+	srl	$s2,5,$acc2			!
+	and	$acc1,2040,$acc1
+	ldx	[$tbl+$acc0],$acc0
+	sll	$s1,3,$acc3
+	and	$acc2,2040,$acc2
+	ldx	[$tbl+$acc1],$acc1
+	srl	$s1,21,$acc4
+	and	$acc3,2040,$acc3
+	ldx	[$tbl+$acc2],$acc2		!
+	srl	$s0,13,$acc5
+	and	$acc4,2040,$acc4
+	ldx	[$tbl+$acc3],$acc3
+	srl	$s3,5,$acc6
+	and	$acc5,2040,$acc5
+	ldx	[$tbl+$acc4],$acc4
+	fmovs	%f0,%f0
+	sll	$s2,3,$acc7			!
+	and	$acc6,2040,$acc6
+	ldx	[$tbl+$acc5],$acc5
+	srl	$s2,21,$acc8
+	and	$acc7,2040,$acc7
+	ldx	[$tbl+$acc6],$acc6
+	srl	$s1,13,$acc9
+	and	$acc8,2040,$acc8
+	ldx	[$tbl+$acc7],$acc7		!
+	srl	$s0,5,$acc10
+	and	$acc9,2040,$acc9
+	ldx	[$tbl+$acc8],$acc8
+	sll	$s3,3,$acc11
+	and	$acc10,2040,$acc10
+	ldx	[$tbl+$acc9],$acc9
+	fmovs	%f0,%f0
+	srl	$s3,21,$acc12			!
+	and	$acc11,2040,$acc11
+	ldx	[$tbl+$acc10],$acc10
+	srl	$s2,13,$acc13
+	and	$acc12,2040,$acc12
+	ldx	[$tbl+$acc11],$acc11
+	srl	$s1,5,$acc14
+	and	$acc13,2040,$acc13
+	ldx	[$tbl+$acc12],$acc12		!
+	sll	$s0,3,$acc15
+	and	$acc14,2040,$acc14
+	ldx	[$tbl+$acc13],$acc13
+	and	$acc15,2040,$acc15
+	add	$key,32,$key
+	ldx	[$tbl+$acc14],$acc14
+	fmovs	%f0,%f0
+	subcc	$rounds,1,$rounds		!
+	ldx	[$tbl+$acc15],$acc15
+	bz,a,pn	%icc,.Ldec_last
+	add	$tbl,2048,$rounds
+
+		srlx	$acc1,8,$acc1
+		xor	$acc0,$t0,$t0
+	ld	[$key+0],$s0
+	fmovs	%f0,%f0
+		srlx	$acc2,16,$acc2		!
+		xor	$acc1,$t0,$t0
+	ld	[$key+4],$s1
+		srlx	$acc3,24,$acc3
+		xor	$acc2,$t0,$t0
+	ld	[$key+8],$s2
+		srlx	$acc5,8,$acc5
+		xor	$acc3,$t0,$t0
+	ld	[$key+12],$s3			!
+		srlx	$acc6,16,$acc6
+		xor	$acc4,$t1,$t1
+	fmovs	%f0,%f0
+		srlx	$acc7,24,$acc7
+		xor	$acc5,$t1,$t1
+		srlx	$acc9,8,$acc9
+		xor	$acc6,$t1,$t1
+		srlx	$acc10,16,$acc10	!
+		xor	$acc7,$t1,$t1
+		srlx	$acc11,24,$acc11
+		xor	$acc8,$t2,$t2
+		srlx	$acc13,8,$acc13
+		xor	$acc9,$t2,$t2
+		srlx	$acc14,16,$acc14
+		xor	$acc10,$t2,$t2
+		srlx	$acc15,24,$acc15	!
+		xor	$acc11,$t2,$t2
+		xor	$acc12,$acc14,$acc14
+		xor	$acc13,$t3,$t3
+	srl	$t0,21,$acc0
+		xor	$acc14,$t3,$t3
+		xor	$acc15,$t3,$t3
+	srl	$t3,13,$acc1
+
+	and	$acc0,2040,$acc0		!
+	srl	$t2,5,$acc2
+	and	$acc1,2040,$acc1
+	ldx	[$tbl+$acc0],$acc0
+	sll	$t1,3,$acc3
+	and	$acc2,2040,$acc2
+	ldx	[$tbl+$acc1],$acc1
+	fmovs	%f0,%f0
+	srl	$t1,21,$acc4			!
+	and	$acc3,2040,$acc3
+	ldx	[$tbl+$acc2],$acc2
+	srl	$t0,13,$acc5
+	and	$acc4,2040,$acc4
+	ldx	[$tbl+$acc3],$acc3
+	srl	$t3,5,$acc6
+	and	$acc5,2040,$acc5
+	ldx	[$tbl+$acc4],$acc4		!
+	sll	$t2,3,$acc7
+	and	$acc6,2040,$acc6
+	ldx	[$tbl+$acc5],$acc5
+	srl	$t2,21,$acc8
+	and	$acc7,2040,$acc7
+	ldx	[$tbl+$acc6],$acc6
+	fmovs	%f0,%f0
+	srl	$t1,13,$acc9			!
+	and	$acc8,2040,$acc8
+	ldx	[$tbl+$acc7],$acc7
+	srl	$t0,5,$acc10
+	and	$acc9,2040,$acc9
+	ldx	[$tbl+$acc8],$acc8
+	sll	$t3,3,$acc11
+	and	$acc10,2040,$acc10
+	ldx	[$tbl+$acc9],$acc9		!
+	srl	$t3,21,$acc12
+	and	$acc11,2040,$acc11
+	ldx	[$tbl+$acc10],$acc10
+	srl	$t2,13,$acc13
+	and	$acc12,2040,$acc12
+	ldx	[$tbl+$acc11],$acc11
+	fmovs	%f0,%f0
+	srl	$t1,5,$acc14			!
+	and	$acc13,2040,$acc13
+	ldx	[$tbl+$acc12],$acc12
+	sll	$t0,3,$acc15
+	and	$acc14,2040,$acc14
+	ldx	[$tbl+$acc13],$acc13
+		srlx	$acc1,8,$acc1
+	and	$acc15,2040,$acc15
+	ldx	[$tbl+$acc14],$acc14		!
+
+		srlx	$acc2,16,$acc2
+		xor	$acc0,$s0,$s0
+	ldx	[$tbl+$acc15],$acc15
+		srlx	$acc3,24,$acc3
+		xor	$acc1,$s0,$s0
+	ld	[$key+16],$t0
+	fmovs	%f0,%f0
+		srlx	$acc5,8,$acc5		!
+		xor	$acc2,$s0,$s0
+	ld	[$key+20],$t1
+		srlx	$acc6,16,$acc6
+		xor	$acc3,$s0,$s0
+	ld	[$key+24],$t2
+		srlx	$acc7,24,$acc7
+		xor	$acc4,$s1,$s1
+	ld	[$key+28],$t3			!
+		srlx	$acc9,8,$acc9
+		xor	$acc5,$s1,$s1
+	ldx	[$tbl+2048+0],%g0		! prefetch td4
+		srlx	$acc10,16,$acc10
+		xor	$acc6,$s1,$s1
+	ldx	[$tbl+2048+32],%g0		! prefetch td4
+		srlx	$acc11,24,$acc11
+		xor	$acc7,$s1,$s1
+	ldx	[$tbl+2048+64],%g0		! prefetch td4
+		srlx	$acc13,8,$acc13
+		xor	$acc8,$s2,$s2
+	ldx	[$tbl+2048+96],%g0		! prefetch td4
+		srlx	$acc14,16,$acc14	!
+		xor	$acc9,$s2,$s2
+	ldx	[$tbl+2048+128],%g0		! prefetch td4
+		srlx	$acc15,24,$acc15
+		xor	$acc10,$s2,$s2
+	ldx	[$tbl+2048+160],%g0		! prefetch td4
+	srl	$s0,21,$acc0
+		xor	$acc11,$s2,$s2
+	ldx	[$tbl+2048+192],%g0		! prefetch td4
+		xor	$acc12,$acc14,$acc14
+		xor	$acc13,$s3,$s3
+	ldx	[$tbl+2048+224],%g0		! prefetch td4
+	and	$acc0,2040,$acc0		!
+		xor	$acc14,$s3,$s3
+		xor	$acc15,$s3,$s3
+	ba	.Ldec_loop
+	srl	$s3,13,$acc1
+
+.align	32
+.Ldec_last:
+		srlx	$acc1,8,$acc1		!
+		xor	$acc0,$t0,$t0
+	ld	[$key+0],$s0
+		srlx	$acc2,16,$acc2
+		xor	$acc1,$t0,$t0
+	ld	[$key+4],$s1
+		srlx	$acc3,24,$acc3
+		xor	$acc2,$t0,$t0
+	ld	[$key+8],$s2			!
+		srlx	$acc5,8,$acc5
+		xor	$acc3,$t0,$t0
+	ld	[$key+12],$s3
+		srlx	$acc6,16,$acc6
+		xor	$acc4,$t1,$t1
+		srlx	$acc7,24,$acc7
+		xor	$acc5,$t1,$t1
+		srlx	$acc9,8,$acc9		!
+		xor	$acc6,$t1,$t1
+		srlx	$acc10,16,$acc10
+		xor	$acc7,$t1,$t1
+		srlx	$acc11,24,$acc11
+		xor	$acc8,$t2,$t2
+		srlx	$acc13,8,$acc13
+		xor	$acc9,$t2,$t2
+		srlx	$acc14,16,$acc14	!
+		xor	$acc10,$t2,$t2
+		srlx	$acc15,24,$acc15
+		xor	$acc11,$t2,$t2
+		xor	$acc12,$acc14,$acc14
+		xor	$acc13,$t3,$t3
+	srl	$t0,24,$acc0
+		xor	$acc14,$t3,$t3
+		xor	$acc15,$t3,$t3		!
+	srl	$t3,16,$acc1
+
+	srl	$t2,8,$acc2
+	and	$acc1,255,$acc1
+	ldub	[$rounds+$acc0],$acc0
+	srl	$t1,24,$acc4
+	and	$acc2,255,$acc2
+	ldub	[$rounds+$acc1],$acc1
+	srl	$t0,16,$acc5			!
+	and	$t1,255,$acc3
+	ldub	[$rounds+$acc2],$acc2
+	ldub	[$rounds+$acc3],$acc3
+	srl	$t3,8,$acc6
+	and	$acc5,255,$acc5
+	ldub	[$rounds+$acc4],$acc4
+	fmovs	%f0,%f0
+	srl	$t2,24,$acc8			!
+	and	$acc6,255,$acc6
+	ldub	[$rounds+$acc5],$acc5
+	srl	$t1,16,$acc9
+	and	$t2,255,$acc7
+	ldub	[$rounds+$acc6],$acc6
+	ldub	[$rounds+$acc7],$acc7
+	fmovs	%f0,%f0
+	srl	$t0,8,$acc10			!
+	and	$acc9,255,$acc9
+	ldub	[$rounds+$acc8],$acc8
+	srl	$t3,24,$acc12
+	and	$acc10,255,$acc10
+	ldub	[$rounds+$acc9],$acc9
+	srl	$t2,16,$acc13
+	and	$t3,255,$acc11
+	ldub	[$rounds+$acc10],$acc10		!
+	srl	$t1,8,$acc14
+	and	$acc13,255,$acc13
+	ldub	[$rounds+$acc11],$acc11
+	ldub	[$rounds+$acc12],$acc12
+	and	$acc14,255,$acc14
+	ldub	[$rounds+$acc13],$acc13
+	and	$t0,255,$acc15
+	ldub	[$rounds+$acc14],$acc14		!
+
+		sll	$acc0,24,$acc0
+		xor	$acc3,$s0,$s0
+	ldub	[$rounds+$acc15],$acc15
+		sll	$acc1,16,$acc1
+		xor	$acc0,$s0,$s0
+	ldx	[%sp+$bias+$frame+0],%i7	! restore return address
+	fmovs	%f0,%f0
+		sll	$acc2,8,$acc2		!
+		xor	$acc1,$s0,$s0
+		sll	$acc4,24,$acc4
+		xor	$acc2,$s0,$s0
+		sll	$acc5,16,$acc5
+		xor	$acc7,$s1,$s1
+		sll	$acc6,8,$acc6
+		xor	$acc4,$s1,$s1
+		sll	$acc8,24,$acc8		!
+		xor	$acc5,$s1,$s1
+		sll	$acc9,16,$acc9
+		xor	$acc11,$s2,$s2
+		sll	$acc10,8,$acc10
+		xor	$acc6,$s1,$s1
+		sll	$acc12,24,$acc12
+		xor	$acc8,$s2,$s2
+		sll	$acc13,16,$acc13	!
+		xor	$acc9,$s2,$s2
+		sll	$acc14,8,$acc14
+		xor	$acc10,$s2,$s2
+		xor	$acc12,$acc14,$acc14
+		xor	$acc13,$s3,$s3
+		xor	$acc14,$s3,$s3
+		xor	$acc15,$s3,$s3
+
+	ret
+	restore
+.type	_sparcv9_AES_decrypt,#function
+.size	_sparcv9_AES_decrypt,(.-_sparcv9_AES_decrypt)
+
+.align	32
+.globl	AES_decrypt
+AES_decrypt:
+	or	%o0,%o1,%g1
+	andcc	%g1,3,%g0
+	bnz,pn	%xcc,.Lunaligned_dec
+	save	%sp,-$frame,%sp
+
+	ld	[%i0+0],%o0
+	ld	[%i0+4],%o1
+	ld	[%i0+8],%o2
+	ld	[%i0+12],%o3
+
+1:	call	.+8
+	add	%o7,AES_Td-1b,%o4
+	call	_sparcv9_AES_decrypt
+	mov	%i2,%o5
+
+	st	%o0,[%i1+0]
+	st	%o1,[%i1+4]
+	st	%o2,[%i1+8]
+	st	%o3,[%i1+12]
+
+	ret
+	restore
+
+.align	32
+.Lunaligned_dec:
+	ldub	[%i0+0],%l0
+	ldub	[%i0+1],%l1
+	ldub	[%i0+2],%l2
+
+	sll	%l0,24,%l0
+	ldub	[%i0+3],%l3
+	sll	%l1,16,%l1
+	ldub	[%i0+4],%l4
+	sll	%l2,8,%l2
+	or	%l1,%l0,%l0
+	ldub	[%i0+5],%l5
+	sll	%l4,24,%l4
+	or	%l3,%l2,%l2
+	ldub	[%i0+6],%l6
+	sll	%l5,16,%l5
+	or	%l0,%l2,%o0
+	ldub	[%i0+7],%l7
+
+	sll	%l6,8,%l6
+	or	%l5,%l4,%l4
+	ldub	[%i0+8],%l0
+	or	%l7,%l6,%l6
+	ldub	[%i0+9],%l1
+	or	%l4,%l6,%o1
+	ldub	[%i0+10],%l2
+
+	sll	%l0,24,%l0
+	ldub	[%i0+11],%l3
+	sll	%l1,16,%l1
+	ldub	[%i0+12],%l4
+	sll	%l2,8,%l2
+	or	%l1,%l0,%l0
+	ldub	[%i0+13],%l5
+	sll	%l4,24,%l4
+	or	%l3,%l2,%l2
+	ldub	[%i0+14],%l6
+	sll	%l5,16,%l5
+	or	%l0,%l2,%o2
+	ldub	[%i0+15],%l7
+
+	sll	%l6,8,%l6
+	or	%l5,%l4,%l4
+	or	%l7,%l6,%l6
+	or	%l4,%l6,%o3
+
+1:	call	.+8
+	add	%o7,AES_Td-1b,%o4
+	call	_sparcv9_AES_decrypt
+	mov	%i2,%o5
+
+	srl	%o0,24,%l0
+	srl	%o0,16,%l1
+	stb	%l0,[%i1+0]
+	srl	%o0,8,%l2
+	stb	%l1,[%i1+1]
+	stb	%l2,[%i1+2]
+	srl	%o1,24,%l4
+	stb	%o0,[%i1+3]
+
+	srl	%o1,16,%l5
+	stb	%l4,[%i1+4]
+	srl	%o1,8,%l6
+	stb	%l5,[%i1+5]
+	stb	%l6,[%i1+6]
+	srl	%o2,24,%l0
+	stb	%o1,[%i1+7]
+
+	srl	%o2,16,%l1
+	stb	%l0,[%i1+8]
+	srl	%o2,8,%l2
+	stb	%l1,[%i1+9]
+	stb	%l2,[%i1+10]
+	srl	%o3,24,%l4
+	stb	%o2,[%i1+11]
+
+	srl	%o3,16,%l5
+	stb	%l4,[%i1+12]
+	srl	%o3,8,%l6
+	stb	%l5,[%i1+13]
+	stb	%l6,[%i1+14]
+	stb	%o3,[%i1+15]
+
+	ret
+	restore
+.type	AES_decrypt,#function
+.size	AES_decrypt,(.-AES_decrypt)
+___
+
+# fmovs instructions substituting for FP nops were originally added
+# to meet specific instruction alignment requirements to maximize ILP.
+# As UltraSPARC T1, a.k.a. Niagara, has shared FPU, FP nops can have
+# undesired effect, so just omit them and sacrifice some portion of
+# percent in performance...
+$code =~ s/fmovs.*$//gm;
+
+print $code;
+close STDOUT;	# ensure flush
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-x86_64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-x86_64.pl
new file mode 100755
index 000000000..d87e20114
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-x86_64.pl
@@ -0,0 +1,2916 @@
+#! /usr/bin/env perl
+# Copyright 2005-2019 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# Version 2.1.
+#
+# aes-*-cbc benchmarks are improved by >70% [compared to gcc 3.3.2 on
+# Opteron 240 CPU] plus all the bells-n-whistles from 32-bit version
+# [you'll notice a lot of resemblance], such as compressed S-boxes
+# in little-endian byte order, prefetch of these tables in CBC mode,
+# as well as avoiding L1 cache aliasing between stack frame and key
+# schedule and already mentioned tables, compressed Td4...
+#
+# Performance in number of cycles per processed byte for 128-bit key:
+#
+#		ECB encrypt	ECB decrypt	CBC large chunk
+# AMD64		33		43		13.0
+# EM64T		38		56		18.6(*)
+# Core 2	30		42		14.5(*)
+# Atom		65		86		32.1(*)
+#
+# (*) with hyper-threading off
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+$verticalspin=1;	# unlike 32-bit version $verticalspin performs
+			# ~15% better on both AMD and Intel cores
+$speed_limit=512;	# see aes-586.pl for details
+
+$code=".text\n";
+
+$s0="%eax";
+$s1="%ebx";
+$s2="%ecx";
+$s3="%edx";
+$acc0="%esi";	$mask80="%rsi";
+$acc1="%edi";	$maskfe="%rdi";
+$acc2="%ebp";	$mask1b="%rbp";
+$inp="%r8";
+$out="%r9";
+$t0="%r10d";
+$t1="%r11d";
+$t2="%r12d";
+$rnds="%r13d";
+$sbox="%r14";
+$key="%r15";
+
+sub hi() { my $r=shift;	$r =~ s/%[er]([a-d])x/%\1h/;	$r; }
+sub lo() { my $r=shift;	$r =~ s/%[er]([a-d])x/%\1l/;
+			$r =~ s/%[er]([sd]i)/%\1l/;
+			$r =~ s/%(r[0-9]+)[d]?/%\1b/;	$r; }
+sub LO() { my $r=shift; $r =~ s/%r([a-z]+)/%e\1/;
+			$r =~ s/%r([0-9]+)/%r\1d/;	$r; }
+sub _data_word()
+{ my $i;
+    while(defined($i=shift)) { $code.=sprintf".long\t0x%08x,0x%08x\n",$i,$i; }
+}
+sub data_word()
+{ my $i;
+  my $last=pop(@_);
+    $code.=".long\t";
+    while(defined($i=shift)) { $code.=sprintf"0x%08x,",$i; }
+    $code.=sprintf"0x%08x\n",$last;
+}
+
+sub data_byte()
+{ my $i;
+  my $last=pop(@_);
+    $code.=".byte\t";
+    while(defined($i=shift)) { $code.=sprintf"0x%02x,",$i&0xff; }
+    $code.=sprintf"0x%02x\n",$last&0xff;
+}
+
+sub encvert()
+{ my $t3="%r8d";	# zaps $inp!
+
+$code.=<<___;
+	# favor 3-way issue Opteron pipeline...
+	movzb	`&lo("$s0")`,$acc0
+	movzb	`&lo("$s1")`,$acc1
+	movzb	`&lo("$s2")`,$acc2
+	mov	0($sbox,$acc0,8),$t0
+	mov	0($sbox,$acc1,8),$t1
+	mov	0($sbox,$acc2,8),$t2
+
+	movzb	`&hi("$s1")`,$acc0
+	movzb	`&hi("$s2")`,$acc1
+	movzb	`&lo("$s3")`,$acc2
+	xor	3($sbox,$acc0,8),$t0
+	xor	3($sbox,$acc1,8),$t1
+	mov	0($sbox,$acc2,8),$t3
+
+	movzb	`&hi("$s3")`,$acc0
+	shr	\$16,$s2
+	movzb	`&hi("$s0")`,$acc2
+	xor	3($sbox,$acc0,8),$t2
+	shr	\$16,$s3
+	xor	3($sbox,$acc2,8),$t3
+
+	shr	\$16,$s1
+	lea	16($key),$key
+	shr	\$16,$s0
+
+	movzb	`&lo("$s2")`,$acc0
+	movzb	`&lo("$s3")`,$acc1
+	movzb	`&lo("$s0")`,$acc2
+	xor	2($sbox,$acc0,8),$t0
+	xor	2($sbox,$acc1,8),$t1
+	xor	2($sbox,$acc2,8),$t2
+
+	movzb	`&hi("$s3")`,$acc0
+	movzb	`&hi("$s0")`,$acc1
+	movzb	`&lo("$s1")`,$acc2
+	xor	1($sbox,$acc0,8),$t0
+	xor	1($sbox,$acc1,8),$t1
+	xor	2($sbox,$acc2,8),$t3
+
+	mov	12($key),$s3
+	movzb	`&hi("$s1")`,$acc1
+	movzb	`&hi("$s2")`,$acc2
+	mov	0($key),$s0
+	xor	1($sbox,$acc1,8),$t2
+	xor	1($sbox,$acc2,8),$t3
+
+	mov	4($key),$s1
+	mov	8($key),$s2
+	xor	$t0,$s0
+	xor	$t1,$s1
+	xor	$t2,$s2
+	xor	$t3,$s3
+___
+}
+
+sub enclastvert()
+{ my $t3="%r8d";	# zaps $inp!
+
+$code.=<<___;
+	movzb	`&lo("$s0")`,$acc0
+	movzb	`&lo("$s1")`,$acc1
+	movzb	`&lo("$s2")`,$acc2
+	movzb	2($sbox,$acc0,8),$t0
+	movzb	2($sbox,$acc1,8),$t1
+	movzb	2($sbox,$acc2,8),$t2
+
+	movzb	`&lo("$s3")`,$acc0
+	movzb	`&hi("$s1")`,$acc1
+	movzb	`&hi("$s2")`,$acc2
+	movzb	2($sbox,$acc0,8),$t3
+	mov	0($sbox,$acc1,8),$acc1	#$t0
+	mov	0($sbox,$acc2,8),$acc2	#$t1
+
+	and	\$0x0000ff00,$acc1
+	and	\$0x0000ff00,$acc2
+
+	xor	$acc1,$t0
+	xor	$acc2,$t1
+	shr	\$16,$s2
+
+	movzb	`&hi("$s3")`,$acc0
+	movzb	`&hi("$s0")`,$acc1
+	shr	\$16,$s3
+	mov	0($sbox,$acc0,8),$acc0	#$t2
+	mov	0($sbox,$acc1,8),$acc1	#$t3
+
+	and	\$0x0000ff00,$acc0
+	and	\$0x0000ff00,$acc1
+	shr	\$16,$s1
+	xor	$acc0,$t2
+	xor	$acc1,$t3
+	shr	\$16,$s0
+
+	movzb	`&lo("$s2")`,$acc0
+	movzb	`&lo("$s3")`,$acc1
+	movzb	`&lo("$s0")`,$acc2
+	mov	0($sbox,$acc0,8),$acc0	#$t0
+	mov	0($sbox,$acc1,8),$acc1	#$t1
+	mov	0($sbox,$acc2,8),$acc2	#$t2
+
+	and	\$0x00ff0000,$acc0
+	and	\$0x00ff0000,$acc1
+	and	\$0x00ff0000,$acc2
+
+	xor	$acc0,$t0
+	xor	$acc1,$t1
+	xor	$acc2,$t2
+
+	movzb	`&lo("$s1")`,$acc0
+	movzb	`&hi("$s3")`,$acc1
+	movzb	`&hi("$s0")`,$acc2
+	mov	0($sbox,$acc0,8),$acc0	#$t3
+	mov	2($sbox,$acc1,8),$acc1	#$t0
+	mov	2($sbox,$acc2,8),$acc2	#$t1
+
+	and	\$0x00ff0000,$acc0
+	and	\$0xff000000,$acc1
+	and	\$0xff000000,$acc2
+
+	xor	$acc0,$t3
+	xor	$acc1,$t0
+	xor	$acc2,$t1
+
+	movzb	`&hi("$s1")`,$acc0
+	movzb	`&hi("$s2")`,$acc1
+	mov	16+12($key),$s3
+	mov	2($sbox,$acc0,8),$acc0	#$t2
+	mov	2($sbox,$acc1,8),$acc1	#$t3
+	mov	16+0($key),$s0
+
+	and	\$0xff000000,$acc0
+	and	\$0xff000000,$acc1
+
+	xor	$acc0,$t2
+	xor	$acc1,$t3
+
+	mov	16+4($key),$s1
+	mov	16+8($key),$s2
+	xor	$t0,$s0
+	xor	$t1,$s1
+	xor	$t2,$s2
+	xor	$t3,$s3
+___
+}
+
+sub encstep()
+{ my ($i,@s) = @_;
+  my $tmp0=$acc0;
+  my $tmp1=$acc1;
+  my $tmp2=$acc2;
+  my $out=($t0,$t1,$t2,$s[0])[$i];
+
+	if ($i==3) {
+		$tmp0=$s[1];
+		$tmp1=$s[2];
+		$tmp2=$s[3];
+	}
+	$code.="	movzb	".&lo($s[0]).",$out\n";
+	$code.="	mov	$s[2],$tmp1\n"		if ($i!=3);
+	$code.="	lea	16($key),$key\n"	if ($i==0);
+
+	$code.="	movzb	".&hi($s[1]).",$tmp0\n";
+	$code.="	mov	0($sbox,$out,8),$out\n";
+
+	$code.="	shr	\$16,$tmp1\n";
+	$code.="	mov	$s[3],$tmp2\n"		if ($i!=3);
+	$code.="	xor	3($sbox,$tmp0,8),$out\n";
+
+	$code.="	movzb	".&lo($tmp1).",$tmp1\n";
+	$code.="	shr	\$24,$tmp2\n";
+	$code.="	xor	4*$i($key),$out\n";
+
+	$code.="	xor	2($sbox,$tmp1,8),$out\n";
+	$code.="	xor	1($sbox,$tmp2,8),$out\n";
+
+	$code.="	mov	$t0,$s[1]\n"		if ($i==3);
+	$code.="	mov	$t1,$s[2]\n"		if ($i==3);
+	$code.="	mov	$t2,$s[3]\n"		if ($i==3);
+	$code.="\n";
+}
+
+sub enclast()
+{ my ($i,@s)=@_;
+  my $tmp0=$acc0;
+  my $tmp1=$acc1;
+  my $tmp2=$acc2;
+  my $out=($t0,$t1,$t2,$s[0])[$i];
+
+	if ($i==3) {
+		$tmp0=$s[1];
+		$tmp1=$s[2];
+		$tmp2=$s[3];
+	}
+	$code.="	movzb	".&lo($s[0]).",$out\n";
+	$code.="	mov	$s[2],$tmp1\n"		if ($i!=3);
+
+	$code.="	mov	2($sbox,$out,8),$out\n";
+	$code.="	shr	\$16,$tmp1\n";
+	$code.="	mov	$s[3],$tmp2\n"		if ($i!=3);
+
+	$code.="	and	\$0x000000ff,$out\n";
+	$code.="	movzb	".&hi($s[1]).",$tmp0\n";
+	$code.="	movzb	".&lo($tmp1).",$tmp1\n";
+	$code.="	shr	\$24,$tmp2\n";
+
+	$code.="	mov	0($sbox,$tmp0,8),$tmp0\n";
+	$code.="	mov	0($sbox,$tmp1,8),$tmp1\n";
+	$code.="	mov	2($sbox,$tmp2,8),$tmp2\n";
+
+	$code.="	and	\$0x0000ff00,$tmp0\n";
+	$code.="	and	\$0x00ff0000,$tmp1\n";
+	$code.="	and	\$0xff000000,$tmp2\n";
+
+	$code.="	xor	$tmp0,$out\n";
+	$code.="	mov	$t0,$s[1]\n"		if ($i==3);
+	$code.="	xor	$tmp1,$out\n";
+	$code.="	mov	$t1,$s[2]\n"		if ($i==3);
+	$code.="	xor	$tmp2,$out\n";
+	$code.="	mov	$t2,$s[3]\n"		if ($i==3);
+	$code.="\n";
+}
+
+$code.=<<___;
+.type	_x86_64_AES_encrypt,\@abi-omnipotent
+.align	16
+_x86_64_AES_encrypt:
+	xor	0($key),$s0			# xor with key
+	xor	4($key),$s1
+	xor	8($key),$s2
+	xor	12($key),$s3
+
+	mov	240($key),$rnds			# load key->rounds
+	sub	\$1,$rnds
+	jmp	.Lenc_loop
+.align	16
+.Lenc_loop:
+___
+	if ($verticalspin) { &encvert(); }
+	else {	&encstep(0,$s0,$s1,$s2,$s3);
+		&encstep(1,$s1,$s2,$s3,$s0);
+		&encstep(2,$s2,$s3,$s0,$s1);
+		&encstep(3,$s3,$s0,$s1,$s2);
+	}
+$code.=<<___;
+	sub	\$1,$rnds
+	jnz	.Lenc_loop
+___
+	if ($verticalspin) { &enclastvert(); }
+	else {	&enclast(0,$s0,$s1,$s2,$s3);
+		&enclast(1,$s1,$s2,$s3,$s0);
+		&enclast(2,$s2,$s3,$s0,$s1);
+		&enclast(3,$s3,$s0,$s1,$s2);
+		$code.=<<___;
+		xor	16+0($key),$s0		# xor with key
+		xor	16+4($key),$s1
+		xor	16+8($key),$s2
+		xor	16+12($key),$s3
+___
+	}
+$code.=<<___;
+	.byte	0xf3,0xc3			# rep ret
+.size	_x86_64_AES_encrypt,.-_x86_64_AES_encrypt
+___
+
+# it's possible to implement this by shifting tN by 8, filling least
+# significant byte with byte load and finally bswap-ing at the end,
+# but such partial register load kills Core 2...
+sub enccompactvert()
+{ my ($t3,$t4,$t5)=("%r8d","%r9d","%r13d");
+
+$code.=<<___;
+	movzb	`&lo("$s0")`,$t0
+	movzb	`&lo("$s1")`,$t1
+	movzb	`&lo("$s2")`,$t2
+	movzb	`&lo("$s3")`,$t3
+	movzb	`&hi("$s1")`,$acc0
+	movzb	`&hi("$s2")`,$acc1
+	shr	\$16,$s2
+	movzb	`&hi("$s3")`,$acc2
+	movzb	($sbox,$t0,1),$t0
+	movzb	($sbox,$t1,1),$t1
+	movzb	($sbox,$t2,1),$t2
+	movzb	($sbox,$t3,1),$t3
+
+	movzb	($sbox,$acc0,1),$t4	#$t0
+	movzb	`&hi("$s0")`,$acc0
+	movzb	($sbox,$acc1,1),$t5	#$t1
+	movzb	`&lo("$s2")`,$acc1
+	movzb	($sbox,$acc2,1),$acc2	#$t2
+	movzb	($sbox,$acc0,1),$acc0	#$t3
+
+	shl	\$8,$t4
+	shr	\$16,$s3
+	shl	\$8,$t5
+	xor	$t4,$t0
+	shr	\$16,$s0
+	movzb	`&lo("$s3")`,$t4
+	shr	\$16,$s1
+	xor	$t5,$t1
+	shl	\$8,$acc2
+	movzb	`&lo("$s0")`,$t5
+	movzb	($sbox,$acc1,1),$acc1	#$t0
+	xor	$acc2,$t2
+
+	shl	\$8,$acc0
+	movzb	`&lo("$s1")`,$acc2
+	shl	\$16,$acc1
+	xor	$acc0,$t3
+	movzb	($sbox,$t4,1),$t4	#$t1
+	movzb	`&hi("$s3")`,$acc0
+	movzb	($sbox,$t5,1),$t5	#$t2
+	xor	$acc1,$t0
+
+	shr	\$8,$s2
+	movzb	`&hi("$s0")`,$acc1
+	shl	\$16,$t4
+	shr	\$8,$s1
+	shl	\$16,$t5
+	xor	$t4,$t1
+	movzb	($sbox,$acc2,1),$acc2	#$t3
+	movzb	($sbox,$acc0,1),$acc0	#$t0
+	movzb	($sbox,$acc1,1),$acc1	#$t1
+	movzb	($sbox,$s2,1),$s3	#$t3
+	movzb	($sbox,$s1,1),$s2	#$t2
+
+	shl	\$16,$acc2
+	xor	$t5,$t2
+	shl	\$24,$acc0
+	xor	$acc2,$t3
+	shl	\$24,$acc1
+	xor	$acc0,$t0
+	shl	\$24,$s3
+	xor	$acc1,$t1
+	shl	\$24,$s2
+	mov	$t0,$s0
+	mov	$t1,$s1
+	xor	$t2,$s2
+	xor	$t3,$s3
+___
+}
+
+sub enctransform_ref()
+{ my $sn = shift;
+  my ($acc,$r2,$tmp)=("%r8d","%r9d","%r13d");
+
+$code.=<<___;
+	mov	$sn,$acc
+	and	\$0x80808080,$acc
+	mov	$acc,$tmp
+	shr	\$7,$tmp
+	lea	($sn,$sn),$r2
+	sub	$tmp,$acc
+	and	\$0xfefefefe,$r2
+	and	\$0x1b1b1b1b,$acc
+	mov	$sn,$tmp
+	xor	$acc,$r2
+
+	xor	$r2,$sn
+	rol	\$24,$sn
+	xor	$r2,$sn
+	ror	\$16,$tmp
+	xor	$tmp,$sn
+	ror	\$8,$tmp
+	xor	$tmp,$sn
+___
+}
+
+# unlike decrypt case it does not pay off to parallelize enctransform
+sub enctransform()
+{ my ($t3,$r20,$r21)=($acc2,"%r8d","%r9d");
+
+$code.=<<___;
+	mov	\$0x80808080,$t0
+	mov	\$0x80808080,$t1
+	and	$s0,$t0
+	and	$s1,$t1
+	mov	$t0,$acc0
+	mov	$t1,$acc1
+	shr	\$7,$t0
+	lea	($s0,$s0),$r20
+	shr	\$7,$t1
+	lea	($s1,$s1),$r21
+	sub	$t0,$acc0
+	sub	$t1,$acc1
+	and	\$0xfefefefe,$r20
+	and	\$0xfefefefe,$r21
+	and	\$0x1b1b1b1b,$acc0
+	and	\$0x1b1b1b1b,$acc1
+	mov	$s0,$t0
+	mov	$s1,$t1
+	xor	$acc0,$r20
+	xor	$acc1,$r21
+
+	xor	$r20,$s0
+	xor	$r21,$s1
+	 mov	\$0x80808080,$t2
+	rol	\$24,$s0
+	 mov	\$0x80808080,$t3
+	rol	\$24,$s1
+	 and	$s2,$t2
+	 and	$s3,$t3
+	xor	$r20,$s0
+	xor	$r21,$s1
+	 mov	$t2,$acc0
+	ror	\$16,$t0
+	 mov	$t3,$acc1
+	ror	\$16,$t1
+	 lea	($s2,$s2),$r20
+	 shr	\$7,$t2
+	xor	$t0,$s0
+	 shr	\$7,$t3
+	xor	$t1,$s1
+	ror	\$8,$t0
+	 lea	($s3,$s3),$r21
+	ror	\$8,$t1
+	 sub	$t2,$acc0
+	 sub	$t3,$acc1
+	xor	$t0,$s0
+	xor	$t1,$s1
+
+	and	\$0xfefefefe,$r20
+	and	\$0xfefefefe,$r21
+	and	\$0x1b1b1b1b,$acc0
+	and	\$0x1b1b1b1b,$acc1
+	mov	$s2,$t2
+	mov	$s3,$t3
+	xor	$acc0,$r20
+	xor	$acc1,$r21
+
+	ror	\$16,$t2
+	xor	$r20,$s2
+	ror	\$16,$t3
+	xor	$r21,$s3
+	rol	\$24,$s2
+	mov	0($sbox),$acc0			# prefetch Te4
+	rol	\$24,$s3
+	xor	$r20,$s2
+	mov	64($sbox),$acc1
+	xor	$r21,$s3
+	mov	128($sbox),$r20
+	xor	$t2,$s2
+	ror	\$8,$t2
+	xor	$t3,$s3
+	ror	\$8,$t3
+	xor	$t2,$s2
+	mov	192($sbox),$r21
+	xor	$t3,$s3
+___
+}
+
+$code.=<<___;
+.type	_x86_64_AES_encrypt_compact,\@abi-omnipotent
+.align	16
+_x86_64_AES_encrypt_compact:
+.cfi_startproc
+	lea	128($sbox),$inp			# size optimization
+	mov	0-128($inp),$acc1		# prefetch Te4
+	mov	32-128($inp),$acc2
+	mov	64-128($inp),$t0
+	mov	96-128($inp),$t1
+	mov	128-128($inp),$acc1
+	mov	160-128($inp),$acc2
+	mov	192-128($inp),$t0
+	mov	224-128($inp),$t1
+	jmp	.Lenc_loop_compact
+.align	16
+.Lenc_loop_compact:
+		xor	0($key),$s0		# xor with key
+		xor	4($key),$s1
+		xor	8($key),$s2
+		xor	12($key),$s3
+		lea	16($key),$key
+___
+		&enccompactvert();
+$code.=<<___;
+		cmp	16(%rsp),$key
+		je	.Lenc_compact_done
+___
+		&enctransform();
+$code.=<<___;
+	jmp	.Lenc_loop_compact
+.align	16
+.Lenc_compact_done:
+	xor	0($key),$s0
+	xor	4($key),$s1
+	xor	8($key),$s2
+	xor	12($key),$s3
+	.byte	0xf3,0xc3			# rep ret
+.cfi_endproc
+.size	_x86_64_AES_encrypt_compact,.-_x86_64_AES_encrypt_compact
+___
+
+# void AES_encrypt (const void *inp,void *out,const AES_KEY *key);
+$code.=<<___;
+.globl	AES_encrypt
+.type	AES_encrypt,\@function,3
+.align	16
+.globl	asm_AES_encrypt
+.hidden	asm_AES_encrypt
+asm_AES_encrypt:
+AES_encrypt:
+.cfi_startproc
+	mov	%rsp,%rax
+.cfi_def_cfa_register	%rax
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+
+	# allocate frame "above" key schedule
+	lea	-63(%rdx),%rcx	# %rdx is key argument
+	and	\$-64,%rsp
+	sub	%rsp,%rcx
+	neg	%rcx
+	and	\$0x3c0,%rcx
+	sub	%rcx,%rsp
+	sub	\$32,%rsp
+
+	mov	%rsi,16(%rsp)	# save out
+	mov	%rax,24(%rsp)	# save original stack pointer
+.cfi_cfa_expression	%rsp+24,deref,+8
+.Lenc_prologue:
+
+	mov	%rdx,$key
+	mov	240($key),$rnds	# load rounds
+
+	mov	0(%rdi),$s0	# load input vector
+	mov	4(%rdi),$s1
+	mov	8(%rdi),$s2
+	mov	12(%rdi),$s3
+
+	shl	\$4,$rnds
+	lea	($key,$rnds),%rbp
+	mov	$key,(%rsp)	# key schedule
+	mov	%rbp,8(%rsp)	# end of key schedule
+
+	# pick Te4 copy which can't "overlap" with stack frame or key schedule
+	lea	.LAES_Te+2048(%rip),$sbox
+	lea	768(%rsp),%rbp
+	sub	$sbox,%rbp
+	and	\$0x300,%rbp
+	lea	($sbox,%rbp),$sbox
+
+	call	_x86_64_AES_encrypt_compact
+
+	mov	16(%rsp),$out	# restore out
+	mov	24(%rsp),%rsi	# restore saved stack pointer
+.cfi_def_cfa	%rsi,8
+	mov	$s0,0($out)	# write output vector
+	mov	$s1,4($out)
+	mov	$s2,8($out)
+	mov	$s3,12($out)
+
+	mov	-48(%rsi),%r15
+.cfi_restore	%r15
+	mov	-40(%rsi),%r14
+.cfi_restore	%r14
+	mov	-32(%rsi),%r13
+.cfi_restore	%r13
+	mov	-24(%rsi),%r12
+.cfi_restore	%r12
+	mov	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lenc_epilogue:
+	ret
+.cfi_endproc
+.size	AES_encrypt,.-AES_encrypt
+___
+
+#------------------------------------------------------------------#
+
+sub decvert()
+{ my $t3="%r8d";	# zaps $inp!
+
+$code.=<<___;
+	# favor 3-way issue Opteron pipeline...
+	movzb	`&lo("$s0")`,$acc0
+	movzb	`&lo("$s1")`,$acc1
+	movzb	`&lo("$s2")`,$acc2
+	mov	0($sbox,$acc0,8),$t0
+	mov	0($sbox,$acc1,8),$t1
+	mov	0($sbox,$acc2,8),$t2
+
+	movzb	`&hi("$s3")`,$acc0
+	movzb	`&hi("$s0")`,$acc1
+	movzb	`&lo("$s3")`,$acc2
+	xor	3($sbox,$acc0,8),$t0
+	xor	3($sbox,$acc1,8),$t1
+	mov	0($sbox,$acc2,8),$t3
+
+	movzb	`&hi("$s1")`,$acc0
+	shr	\$16,$s0
+	movzb	`&hi("$s2")`,$acc2
+	xor	3($sbox,$acc0,8),$t2
+	shr	\$16,$s3
+	xor	3($sbox,$acc2,8),$t3
+
+	shr	\$16,$s1
+	lea	16($key),$key
+	shr	\$16,$s2
+
+	movzb	`&lo("$s2")`,$acc0
+	movzb	`&lo("$s3")`,$acc1
+	movzb	`&lo("$s0")`,$acc2
+	xor	2($sbox,$acc0,8),$t0
+	xor	2($sbox,$acc1,8),$t1
+	xor	2($sbox,$acc2,8),$t2
+
+	movzb	`&hi("$s1")`,$acc0
+	movzb	`&hi("$s2")`,$acc1
+	movzb	`&lo("$s1")`,$acc2
+	xor	1($sbox,$acc0,8),$t0
+	xor	1($sbox,$acc1,8),$t1
+	xor	2($sbox,$acc2,8),$t3
+
+	movzb	`&hi("$s3")`,$acc0
+	mov	12($key),$s3
+	movzb	`&hi("$s0")`,$acc2
+	xor	1($sbox,$acc0,8),$t2
+	mov	0($key),$s0
+	xor	1($sbox,$acc2,8),$t3
+
+	xor	$t0,$s0
+	mov	4($key),$s1
+	mov	8($key),$s2
+	xor	$t2,$s2
+	xor	$t1,$s1
+	xor	$t3,$s3
+___
+}
+
+sub declastvert()
+{ my $t3="%r8d";	# zaps $inp!
+
+$code.=<<___;
+	lea	2048($sbox),$sbox	# size optimization
+	movzb	`&lo("$s0")`,$acc0
+	movzb	`&lo("$s1")`,$acc1
+	movzb	`&lo("$s2")`,$acc2
+	movzb	($sbox,$acc0,1),$t0
+	movzb	($sbox,$acc1,1),$t1
+	movzb	($sbox,$acc2,1),$t2
+
+	movzb	`&lo("$s3")`,$acc0
+	movzb	`&hi("$s3")`,$acc1
+	movzb	`&hi("$s0")`,$acc2
+	movzb	($sbox,$acc0,1),$t3
+	movzb	($sbox,$acc1,1),$acc1	#$t0
+	movzb	($sbox,$acc2,1),$acc2	#$t1
+
+	shl	\$8,$acc1
+	shl	\$8,$acc2
+
+	xor	$acc1,$t0
+	xor	$acc2,$t1
+	shr	\$16,$s3
+
+	movzb	`&hi("$s1")`,$acc0
+	movzb	`&hi("$s2")`,$acc1
+	shr	\$16,$s0
+	movzb	($sbox,$acc0,1),$acc0	#$t2
+	movzb	($sbox,$acc1,1),$acc1	#$t3
+
+	shl	\$8,$acc0
+	shl	\$8,$acc1
+	shr	\$16,$s1
+	xor	$acc0,$t2
+	xor	$acc1,$t3
+	shr	\$16,$s2
+
+	movzb	`&lo("$s2")`,$acc0
+	movzb	`&lo("$s3")`,$acc1
+	movzb	`&lo("$s0")`,$acc2
+	movzb	($sbox,$acc0,1),$acc0	#$t0
+	movzb	($sbox,$acc1,1),$acc1	#$t1
+	movzb	($sbox,$acc2,1),$acc2	#$t2
+
+	shl	\$16,$acc0
+	shl	\$16,$acc1
+	shl	\$16,$acc2
+
+	xor	$acc0,$t0
+	xor	$acc1,$t1
+	xor	$acc2,$t2
+
+	movzb	`&lo("$s1")`,$acc0
+	movzb	`&hi("$s1")`,$acc1
+	movzb	`&hi("$s2")`,$acc2
+	movzb	($sbox,$acc0,1),$acc0	#$t3
+	movzb	($sbox,$acc1,1),$acc1	#$t0
+	movzb	($sbox,$acc2,1),$acc2	#$t1
+
+	shl	\$16,$acc0
+	shl	\$24,$acc1
+	shl	\$24,$acc2
+
+	xor	$acc0,$t3
+	xor	$acc1,$t0
+	xor	$acc2,$t1
+
+	movzb	`&hi("$s3")`,$acc0
+	movzb	`&hi("$s0")`,$acc1
+	mov	16+12($key),$s3
+	movzb	($sbox,$acc0,1),$acc0	#$t2
+	movzb	($sbox,$acc1,1),$acc1	#$t3
+	mov	16+0($key),$s0
+
+	shl	\$24,$acc0
+	shl	\$24,$acc1
+
+	xor	$acc0,$t2
+	xor	$acc1,$t3
+
+	mov	16+4($key),$s1
+	mov	16+8($key),$s2
+	lea	-2048($sbox),$sbox
+	xor	$t0,$s0
+	xor	$t1,$s1
+	xor	$t2,$s2
+	xor	$t3,$s3
+___
+}
+
+sub decstep()
+{ my ($i,@s) = @_;
+  my $tmp0=$acc0;
+  my $tmp1=$acc1;
+  my $tmp2=$acc2;
+  my $out=($t0,$t1,$t2,$s[0])[$i];
+
+	$code.="	mov	$s[0],$out\n"		if ($i!=3);
+			$tmp1=$s[2]			if ($i==3);
+	$code.="	mov	$s[2],$tmp1\n"		if ($i!=3);
+	$code.="	and	\$0xFF,$out\n";
+
+	$code.="	mov	0($sbox,$out,8),$out\n";
+	$code.="	shr	\$16,$tmp1\n";
+			$tmp2=$s[3]			if ($i==3);
+	$code.="	mov	$s[3],$tmp2\n"		if ($i!=3);
+
+			$tmp0=$s[1]			if ($i==3);
+	$code.="	movzb	".&hi($s[1]).",$tmp0\n";
+	$code.="	and	\$0xFF,$tmp1\n";
+	$code.="	shr	\$24,$tmp2\n";
+
+	$code.="	xor	3($sbox,$tmp0,8),$out\n";
+	$code.="	xor	2($sbox,$tmp1,8),$out\n";
+	$code.="	xor	1($sbox,$tmp2,8),$out\n";
+
+	$code.="	mov	$t2,$s[1]\n"		if ($i==3);
+	$code.="	mov	$t1,$s[2]\n"		if ($i==3);
+	$code.="	mov	$t0,$s[3]\n"		if ($i==3);
+	$code.="\n";
+}
+
+sub declast()
+{ my ($i,@s)=@_;
+  my $tmp0=$acc0;
+  my $tmp1=$acc1;
+  my $tmp2=$acc2;
+  my $out=($t0,$t1,$t2,$s[0])[$i];
+
+	$code.="	mov	$s[0],$out\n"		if ($i!=3);
+			$tmp1=$s[2]			if ($i==3);
+	$code.="	mov	$s[2],$tmp1\n"		if ($i!=3);
+	$code.="	and	\$0xFF,$out\n";
+
+	$code.="	movzb	2048($sbox,$out,1),$out\n";
+	$code.="	shr	\$16,$tmp1\n";
+			$tmp2=$s[3]			if ($i==3);
+	$code.="	mov	$s[3],$tmp2\n"		if ($i!=3);
+
+			$tmp0=$s[1]			if ($i==3);
+	$code.="	movzb	".&hi($s[1]).",$tmp0\n";
+	$code.="	and	\$0xFF,$tmp1\n";
+	$code.="	shr	\$24,$tmp2\n";
+
+	$code.="	movzb	2048($sbox,$tmp0,1),$tmp0\n";
+	$code.="	movzb	2048($sbox,$tmp1,1),$tmp1\n";
+	$code.="	movzb	2048($sbox,$tmp2,1),$tmp2\n";
+
+	$code.="	shl	\$8,$tmp0\n";
+	$code.="	shl	\$16,$tmp1\n";
+	$code.="	shl	\$24,$tmp2\n";
+
+	$code.="	xor	$tmp0,$out\n";
+	$code.="	mov	$t2,$s[1]\n"		if ($i==3);
+	$code.="	xor	$tmp1,$out\n";
+	$code.="	mov	$t1,$s[2]\n"		if ($i==3);
+	$code.="	xor	$tmp2,$out\n";
+	$code.="	mov	$t0,$s[3]\n"		if ($i==3);
+	$code.="\n";
+}
+
+$code.=<<___;
+.type	_x86_64_AES_decrypt,\@abi-omnipotent
+.align	16
+_x86_64_AES_decrypt:
+	xor	0($key),$s0			# xor with key
+	xor	4($key),$s1
+	xor	8($key),$s2
+	xor	12($key),$s3
+
+	mov	240($key),$rnds			# load key->rounds
+	sub	\$1,$rnds
+	jmp	.Ldec_loop
+.align	16
+.Ldec_loop:
+___
+	if ($verticalspin) { &decvert(); }
+	else {	&decstep(0,$s0,$s3,$s2,$s1);
+		&decstep(1,$s1,$s0,$s3,$s2);
+		&decstep(2,$s2,$s1,$s0,$s3);
+		&decstep(3,$s3,$s2,$s1,$s0);
+		$code.=<<___;
+		lea	16($key),$key
+		xor	0($key),$s0			# xor with key
+		xor	4($key),$s1
+		xor	8($key),$s2
+		xor	12($key),$s3
+___
+	}
+$code.=<<___;
+	sub	\$1,$rnds
+	jnz	.Ldec_loop
+___
+	if ($verticalspin) { &declastvert(); }
+	else {	&declast(0,$s0,$s3,$s2,$s1);
+		&declast(1,$s1,$s0,$s3,$s2);
+		&declast(2,$s2,$s1,$s0,$s3);
+		&declast(3,$s3,$s2,$s1,$s0);
+		$code.=<<___;
+		xor	16+0($key),$s0			# xor with key
+		xor	16+4($key),$s1
+		xor	16+8($key),$s2
+		xor	16+12($key),$s3
+___
+	}
+$code.=<<___;
+	.byte	0xf3,0xc3			# rep ret
+.size	_x86_64_AES_decrypt,.-_x86_64_AES_decrypt
+___
+
+sub deccompactvert()
+{ my ($t3,$t4,$t5)=("%r8d","%r9d","%r13d");
+
+$code.=<<___;
+	movzb	`&lo("$s0")`,$t0
+	movzb	`&lo("$s1")`,$t1
+	movzb	`&lo("$s2")`,$t2
+	movzb	`&lo("$s3")`,$t3
+	movzb	`&hi("$s3")`,$acc0
+	movzb	`&hi("$s0")`,$acc1
+	shr	\$16,$s3
+	movzb	`&hi("$s1")`,$acc2
+	movzb	($sbox,$t0,1),$t0
+	movzb	($sbox,$t1,1),$t1
+	movzb	($sbox,$t2,1),$t2
+	movzb	($sbox,$t3,1),$t3
+
+	movzb	($sbox,$acc0,1),$t4	#$t0
+	movzb	`&hi("$s2")`,$acc0
+	movzb	($sbox,$acc1,1),$t5	#$t1
+	movzb	($sbox,$acc2,1),$acc2	#$t2
+	movzb	($sbox,$acc0,1),$acc0	#$t3
+
+	shr	\$16,$s2
+	shl	\$8,$t5
+	shl	\$8,$t4
+	movzb	`&lo("$s2")`,$acc1
+	shr	\$16,$s0
+	xor	$t4,$t0
+	shr	\$16,$s1
+	movzb	`&lo("$s3")`,$t4
+
+	shl	\$8,$acc2
+	xor	$t5,$t1
+	shl	\$8,$acc0
+	movzb	`&lo("$s0")`,$t5
+	movzb	($sbox,$acc1,1),$acc1	#$t0
+	xor	$acc2,$t2
+	movzb	`&lo("$s1")`,$acc2
+
+	shl	\$16,$acc1
+	xor	$acc0,$t3
+	movzb	($sbox,$t4,1),$t4	#$t1
+	movzb	`&hi("$s1")`,$acc0
+	movzb	($sbox,$acc2,1),$acc2	#$t3
+	xor	$acc1,$t0
+	movzb	($sbox,$t5,1),$t5	#$t2
+	movzb	`&hi("$s2")`,$acc1
+
+	shl	\$16,$acc2
+	shl	\$16,$t4
+	shl	\$16,$t5
+	xor	$acc2,$t3
+	movzb	`&hi("$s3")`,$acc2
+	xor	$t4,$t1
+	shr	\$8,$s0
+	xor	$t5,$t2
+
+	movzb	($sbox,$acc0,1),$acc0	#$t0
+	movzb	($sbox,$acc1,1),$s1	#$t1
+	movzb	($sbox,$acc2,1),$s2	#$t2
+	movzb	($sbox,$s0,1),$s3	#$t3
+
+	mov	$t0,$s0
+	shl	\$24,$acc0
+	shl	\$24,$s1
+	shl	\$24,$s2
+	xor	$acc0,$s0
+	shl	\$24,$s3
+	xor	$t1,$s1
+	xor	$t2,$s2
+	xor	$t3,$s3
+___
+}
+
+# parallelized version! input is pair of 64-bit values: %rax=s1.s0
+# and %rcx=s3.s2, output is four 32-bit values in %eax=s0, %ebx=s1,
+# %ecx=s2 and %edx=s3.
+sub dectransform()
+{ my ($tp10,$tp20,$tp40,$tp80,$acc0)=("%rax","%r8", "%r9", "%r10","%rbx");
+  my ($tp18,$tp28,$tp48,$tp88,$acc8)=("%rcx","%r11","%r12","%r13","%rdx");
+  my $prefetch = shift;
+
+$code.=<<___;
+	mov	$mask80,$tp40
+	mov	$mask80,$tp48
+	and	$tp10,$tp40
+	and	$tp18,$tp48
+	mov	$tp40,$acc0
+	mov	$tp48,$acc8
+	shr	\$7,$tp40
+	lea	($tp10,$tp10),$tp20
+	shr	\$7,$tp48
+	lea	($tp18,$tp18),$tp28
+	sub	$tp40,$acc0
+	sub	$tp48,$acc8
+	and	$maskfe,$tp20
+	and	$maskfe,$tp28
+	and	$mask1b,$acc0
+	and	$mask1b,$acc8
+	xor	$acc0,$tp20
+	xor	$acc8,$tp28
+	mov	$mask80,$tp80
+	mov	$mask80,$tp88
+
+	and	$tp20,$tp80
+	and	$tp28,$tp88
+	mov	$tp80,$acc0
+	mov	$tp88,$acc8
+	shr	\$7,$tp80
+	lea	($tp20,$tp20),$tp40
+	shr	\$7,$tp88
+	lea	($tp28,$tp28),$tp48
+	sub	$tp80,$acc0
+	sub	$tp88,$acc8
+	and	$maskfe,$tp40
+	and	$maskfe,$tp48
+	and	$mask1b,$acc0
+	and	$mask1b,$acc8
+	xor	$acc0,$tp40
+	xor	$acc8,$tp48
+	mov	$mask80,$tp80
+	mov	$mask80,$tp88
+
+	and	$tp40,$tp80
+	and	$tp48,$tp88
+	mov	$tp80,$acc0
+	mov	$tp88,$acc8
+	shr	\$7,$tp80
+	 xor	$tp10,$tp20		# tp2^=tp1
+	shr	\$7,$tp88
+	 xor	$tp18,$tp28		# tp2^=tp1
+	sub	$tp80,$acc0
+	sub	$tp88,$acc8
+	lea	($tp40,$tp40),$tp80
+	lea	($tp48,$tp48),$tp88
+	 xor	$tp10,$tp40		# tp4^=tp1
+	 xor	$tp18,$tp48		# tp4^=tp1
+	and	$maskfe,$tp80
+	and	$maskfe,$tp88
+	and	$mask1b,$acc0
+	and	$mask1b,$acc8
+	xor	$acc0,$tp80
+	xor	$acc8,$tp88
+
+	xor	$tp80,$tp10		# tp1^=tp8
+	xor	$tp88,$tp18		# tp1^=tp8
+	xor	$tp80,$tp20		# tp2^tp1^=tp8
+	xor	$tp88,$tp28		# tp2^tp1^=tp8
+	mov	$tp10,$acc0
+	mov	$tp18,$acc8
+	xor	$tp80,$tp40		# tp4^tp1^=tp8
+	shr	\$32,$acc0
+	xor	$tp88,$tp48		# tp4^tp1^=tp8
+	shr	\$32,$acc8
+	xor	$tp20,$tp80		# tp8^=tp8^tp2^tp1=tp2^tp1
+	rol	\$8,`&LO("$tp10")`	# ROTATE(tp1^tp8,8)
+	xor	$tp28,$tp88		# tp8^=tp8^tp2^tp1=tp2^tp1
+	rol	\$8,`&LO("$tp18")`	# ROTATE(tp1^tp8,8)
+	xor	$tp40,$tp80		# tp2^tp1^=tp8^tp4^tp1=tp8^tp4^tp2
+	rol	\$8,`&LO("$acc0")`	# ROTATE(tp1^tp8,8)
+	xor	$tp48,$tp88		# tp2^tp1^=tp8^tp4^tp1=tp8^tp4^tp2
+
+	rol	\$8,`&LO("$acc8")`	# ROTATE(tp1^tp8,8)
+	xor	`&LO("$tp80")`,`&LO("$tp10")`
+	shr	\$32,$tp80
+	xor	`&LO("$tp88")`,`&LO("$tp18")`
+	shr	\$32,$tp88
+	xor	`&LO("$tp80")`,`&LO("$acc0")`
+	xor	`&LO("$tp88")`,`&LO("$acc8")`
+
+	mov	$tp20,$tp80
+	rol	\$24,`&LO("$tp20")`	# ROTATE(tp2^tp1^tp8,24)
+	mov	$tp28,$tp88
+	rol	\$24,`&LO("$tp28")`	# ROTATE(tp2^tp1^tp8,24)
+	shr	\$32,$tp80
+	xor	`&LO("$tp20")`,`&LO("$tp10")`
+	shr	\$32,$tp88
+	xor	`&LO("$tp28")`,`&LO("$tp18")`
+	rol	\$24,`&LO("$tp80")`	# ROTATE(tp2^tp1^tp8,24)
+	mov	$tp40,$tp20
+	rol	\$24,`&LO("$tp88")`	# ROTATE(tp2^tp1^tp8,24)
+	mov	$tp48,$tp28
+	shr	\$32,$tp20
+	xor	`&LO("$tp80")`,`&LO("$acc0")`
+	shr	\$32,$tp28
+	xor	`&LO("$tp88")`,`&LO("$acc8")`
+
+	`"mov	0($sbox),$mask80"	if ($prefetch)`
+	rol	\$16,`&LO("$tp40")`	# ROTATE(tp4^tp1^tp8,16)
+	`"mov	64($sbox),$maskfe"	if ($prefetch)`
+	rol	\$16,`&LO("$tp48")`	# ROTATE(tp4^tp1^tp8,16)
+	`"mov	128($sbox),$mask1b"	if ($prefetch)`
+	rol	\$16,`&LO("$tp20")`	# ROTATE(tp4^tp1^tp8,16)
+	`"mov	192($sbox),$tp80"	if ($prefetch)`
+	xor	`&LO("$tp40")`,`&LO("$tp10")`
+	rol	\$16,`&LO("$tp28")`	# ROTATE(tp4^tp1^tp8,16)
+	xor	`&LO("$tp48")`,`&LO("$tp18")`
+	`"mov	256($sbox),$tp88"	if ($prefetch)`
+	xor	`&LO("$tp20")`,`&LO("$acc0")`
+	xor	`&LO("$tp28")`,`&LO("$acc8")`
+___
+}
+
+$code.=<<___;
+.type	_x86_64_AES_decrypt_compact,\@abi-omnipotent
+.align	16
+_x86_64_AES_decrypt_compact:
+.cfi_startproc
+	lea	128($sbox),$inp			# size optimization
+	mov	0-128($inp),$acc1		# prefetch Td4
+	mov	32-128($inp),$acc2
+	mov	64-128($inp),$t0
+	mov	96-128($inp),$t1
+	mov	128-128($inp),$acc1
+	mov	160-128($inp),$acc2
+	mov	192-128($inp),$t0
+	mov	224-128($inp),$t1
+	jmp	.Ldec_loop_compact
+
+.align	16
+.Ldec_loop_compact:
+		xor	0($key),$s0		# xor with key
+		xor	4($key),$s1
+		xor	8($key),$s2
+		xor	12($key),$s3
+		lea	16($key),$key
+___
+		&deccompactvert();
+$code.=<<___;
+		cmp	16(%rsp),$key
+		je	.Ldec_compact_done
+
+		mov	256+0($sbox),$mask80
+		shl	\$32,%rbx
+		shl	\$32,%rdx
+		mov	256+8($sbox),$maskfe
+		or	%rbx,%rax
+		or	%rdx,%rcx
+		mov	256+16($sbox),$mask1b
+___
+		&dectransform(1);
+$code.=<<___;
+	jmp	.Ldec_loop_compact
+.align	16
+.Ldec_compact_done:
+	xor	0($key),$s0
+	xor	4($key),$s1
+	xor	8($key),$s2
+	xor	12($key),$s3
+	.byte	0xf3,0xc3			# rep ret
+.cfi_endproc
+.size	_x86_64_AES_decrypt_compact,.-_x86_64_AES_decrypt_compact
+___
+
+# void AES_decrypt (const void *inp,void *out,const AES_KEY *key);
+$code.=<<___;
+.globl	AES_decrypt
+.type	AES_decrypt,\@function,3
+.align	16
+.globl	asm_AES_decrypt
+.hidden	asm_AES_decrypt
+asm_AES_decrypt:
+AES_decrypt:
+.cfi_startproc
+	mov	%rsp,%rax
+.cfi_def_cfa_register	%rax
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+
+	# allocate frame "above" key schedule
+	lea	-63(%rdx),%rcx	# %rdx is key argument
+	and	\$-64,%rsp
+	sub	%rsp,%rcx
+	neg	%rcx
+	and	\$0x3c0,%rcx
+	sub	%rcx,%rsp
+	sub	\$32,%rsp
+
+	mov	%rsi,16(%rsp)	# save out
+	mov	%rax,24(%rsp)	# save original stack pointer
+.cfi_cfa_expression	%rsp+24,deref,+8
+.Ldec_prologue:
+
+	mov	%rdx,$key
+	mov	240($key),$rnds	# load rounds
+
+	mov	0(%rdi),$s0	# load input vector
+	mov	4(%rdi),$s1
+	mov	8(%rdi),$s2
+	mov	12(%rdi),$s3
+
+	shl	\$4,$rnds
+	lea	($key,$rnds),%rbp
+	mov	$key,(%rsp)	# key schedule
+	mov	%rbp,8(%rsp)	# end of key schedule
+
+	# pick Td4 copy which can't "overlap" with stack frame or key schedule
+	lea	.LAES_Td+2048(%rip),$sbox
+	lea	768(%rsp),%rbp
+	sub	$sbox,%rbp
+	and	\$0x300,%rbp
+	lea	($sbox,%rbp),$sbox
+	shr	\$3,%rbp	# recall "magic" constants!
+	add	%rbp,$sbox
+
+	call	_x86_64_AES_decrypt_compact
+
+	mov	16(%rsp),$out	# restore out
+	mov	24(%rsp),%rsi	# restore saved stack pointer
+.cfi_def_cfa	%rsi,8
+	mov	$s0,0($out)	# write output vector
+	mov	$s1,4($out)
+	mov	$s2,8($out)
+	mov	$s3,12($out)
+
+	mov	-48(%rsi),%r15
+.cfi_restore	%r15
+	mov	-40(%rsi),%r14
+.cfi_restore	%r14
+	mov	-32(%rsi),%r13
+.cfi_restore	%r13
+	mov	-24(%rsi),%r12
+.cfi_restore	%r12
+	mov	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Ldec_epilogue:
+	ret
+.cfi_endproc
+.size	AES_decrypt,.-AES_decrypt
+___
+#------------------------------------------------------------------#
+
+sub enckey()
+{
+$code.=<<___;
+	movz	%dl,%esi		# rk[i]>>0
+	movzb	-128(%rbp,%rsi),%ebx
+	movz	%dh,%esi		# rk[i]>>8
+	shl	\$24,%ebx
+	xor	%ebx,%eax
+
+	movzb	-128(%rbp,%rsi),%ebx
+	shr	\$16,%edx
+	movz	%dl,%esi		# rk[i]>>16
+	xor	%ebx,%eax
+
+	movzb	-128(%rbp,%rsi),%ebx
+	movz	%dh,%esi		# rk[i]>>24
+	shl	\$8,%ebx
+	xor	%ebx,%eax
+
+	movzb	-128(%rbp,%rsi),%ebx
+	shl	\$16,%ebx
+	xor	%ebx,%eax
+
+	xor	1024-128(%rbp,%rcx,4),%eax		# rcon
+___
+}
+
+# int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+#                        AES_KEY *key)
+$code.=<<___;
+.globl	AES_set_encrypt_key
+.type	AES_set_encrypt_key,\@function,3
+.align	16
+AES_set_encrypt_key:
+.cfi_startproc
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12			# redundant, but allows to share
+.cfi_push	%r12
+	push	%r13			# exception handler...
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+	sub	\$8,%rsp
+.cfi_adjust_cfa_offset	8
+.Lenc_key_prologue:
+
+	call	_x86_64_AES_set_encrypt_key
+
+	mov	40(%rsp),%rbp
+.cfi_restore	%rbp
+	mov	48(%rsp),%rbx
+.cfi_restore	%rbx
+	add	\$56,%rsp
+.cfi_adjust_cfa_offset	-56
+.Lenc_key_epilogue:
+	ret
+.cfi_endproc
+.size	AES_set_encrypt_key,.-AES_set_encrypt_key
+
+.type	_x86_64_AES_set_encrypt_key,\@abi-omnipotent
+.align	16
+_x86_64_AES_set_encrypt_key:
+.cfi_startproc
+	mov	%esi,%ecx			# %ecx=bits
+	mov	%rdi,%rsi			# %rsi=userKey
+	mov	%rdx,%rdi			# %rdi=key
+
+	test	\$-1,%rsi
+	jz	.Lbadpointer
+	test	\$-1,%rdi
+	jz	.Lbadpointer
+
+	lea	.LAES_Te(%rip),%rbp
+	lea	2048+128(%rbp),%rbp
+
+	# prefetch Te4
+	mov	0-128(%rbp),%eax
+	mov	32-128(%rbp),%ebx
+	mov	64-128(%rbp),%r8d
+	mov	96-128(%rbp),%edx
+	mov	128-128(%rbp),%eax
+	mov	160-128(%rbp),%ebx
+	mov	192-128(%rbp),%r8d
+	mov	224-128(%rbp),%edx
+
+	cmp	\$128,%ecx
+	je	.L10rounds
+	cmp	\$192,%ecx
+	je	.L12rounds
+	cmp	\$256,%ecx
+	je	.L14rounds
+	mov	\$-2,%rax			# invalid number of bits
+	jmp	.Lexit
+
+.L10rounds:
+	mov	0(%rsi),%rax			# copy first 4 dwords
+	mov	8(%rsi),%rdx
+	mov	%rax,0(%rdi)
+	mov	%rdx,8(%rdi)
+
+	shr	\$32,%rdx
+	xor	%ecx,%ecx
+	jmp	.L10shortcut
+.align	4
+.L10loop:
+		mov	0(%rdi),%eax			# rk[0]
+		mov	12(%rdi),%edx			# rk[3]
+.L10shortcut:
+___
+		&enckey	();
+$code.=<<___;
+		mov	%eax,16(%rdi)			# rk[4]
+		xor	4(%rdi),%eax
+		mov	%eax,20(%rdi)			# rk[5]
+		xor	8(%rdi),%eax
+		mov	%eax,24(%rdi)			# rk[6]
+		xor	12(%rdi),%eax
+		mov	%eax,28(%rdi)			# rk[7]
+		add	\$1,%ecx
+		lea	16(%rdi),%rdi
+		cmp	\$10,%ecx
+	jl	.L10loop
+
+	movl	\$10,80(%rdi)			# setup number of rounds
+	xor	%rax,%rax
+	jmp	.Lexit
+
+.L12rounds:
+	mov	0(%rsi),%rax			# copy first 6 dwords
+	mov	8(%rsi),%rbx
+	mov	16(%rsi),%rdx
+	mov	%rax,0(%rdi)
+	mov	%rbx,8(%rdi)
+	mov	%rdx,16(%rdi)
+
+	shr	\$32,%rdx
+	xor	%ecx,%ecx
+	jmp	.L12shortcut
+.align	4
+.L12loop:
+		mov	0(%rdi),%eax			# rk[0]
+		mov	20(%rdi),%edx			# rk[5]
+.L12shortcut:
+___
+		&enckey	();
+$code.=<<___;
+		mov	%eax,24(%rdi)			# rk[6]
+		xor	4(%rdi),%eax
+		mov	%eax,28(%rdi)			# rk[7]
+		xor	8(%rdi),%eax
+		mov	%eax,32(%rdi)			# rk[8]
+		xor	12(%rdi),%eax
+		mov	%eax,36(%rdi)			# rk[9]
+
+		cmp	\$7,%ecx
+		je	.L12break
+		add	\$1,%ecx
+
+		xor	16(%rdi),%eax
+		mov	%eax,40(%rdi)			# rk[10]
+		xor	20(%rdi),%eax
+		mov	%eax,44(%rdi)			# rk[11]
+
+		lea	24(%rdi),%rdi
+	jmp	.L12loop
+.L12break:
+	movl	\$12,72(%rdi)		# setup number of rounds
+	xor	%rax,%rax
+	jmp	.Lexit
+
+.L14rounds:
+	mov	0(%rsi),%rax			# copy first 8 dwords
+	mov	8(%rsi),%rbx
+	mov	16(%rsi),%rcx
+	mov	24(%rsi),%rdx
+	mov	%rax,0(%rdi)
+	mov	%rbx,8(%rdi)
+	mov	%rcx,16(%rdi)
+	mov	%rdx,24(%rdi)
+
+	shr	\$32,%rdx
+	xor	%ecx,%ecx
+	jmp	.L14shortcut
+.align	4
+.L14loop:
+		mov	0(%rdi),%eax			# rk[0]
+		mov	28(%rdi),%edx			# rk[4]
+.L14shortcut:
+___
+		&enckey	();
+$code.=<<___;
+		mov	%eax,32(%rdi)			# rk[8]
+		xor	4(%rdi),%eax
+		mov	%eax,36(%rdi)			# rk[9]
+		xor	8(%rdi),%eax
+		mov	%eax,40(%rdi)			# rk[10]
+		xor	12(%rdi),%eax
+		mov	%eax,44(%rdi)			# rk[11]
+
+		cmp	\$6,%ecx
+		je	.L14break
+		add	\$1,%ecx
+
+		mov	%eax,%edx
+		mov	16(%rdi),%eax			# rk[4]
+		movz	%dl,%esi			# rk[11]>>0
+		movzb	-128(%rbp,%rsi),%ebx
+		movz	%dh,%esi			# rk[11]>>8
+		xor	%ebx,%eax
+
+		movzb	-128(%rbp,%rsi),%ebx
+		shr	\$16,%edx
+		shl	\$8,%ebx
+		movz	%dl,%esi			# rk[11]>>16
+		xor	%ebx,%eax
+
+		movzb	-128(%rbp,%rsi),%ebx
+		movz	%dh,%esi			# rk[11]>>24
+		shl	\$16,%ebx
+		xor	%ebx,%eax
+
+		movzb	-128(%rbp,%rsi),%ebx
+		shl	\$24,%ebx
+		xor	%ebx,%eax
+
+		mov	%eax,48(%rdi)			# rk[12]
+		xor	20(%rdi),%eax
+		mov	%eax,52(%rdi)			# rk[13]
+		xor	24(%rdi),%eax
+		mov	%eax,56(%rdi)			# rk[14]
+		xor	28(%rdi),%eax
+		mov	%eax,60(%rdi)			# rk[15]
+
+		lea	32(%rdi),%rdi
+	jmp	.L14loop
+.L14break:
+	movl	\$14,48(%rdi)		# setup number of rounds
+	xor	%rax,%rax
+	jmp	.Lexit
+
+.Lbadpointer:
+	mov	\$-1,%rax
+.Lexit:
+	.byte	0xf3,0xc3			# rep ret
+.cfi_endproc
+.size	_x86_64_AES_set_encrypt_key,.-_x86_64_AES_set_encrypt_key
+___
+
+sub deckey_ref()
+{ my ($i,$ptr,$te,$td) = @_;
+  my ($tp1,$tp2,$tp4,$tp8,$acc)=("%eax","%ebx","%edi","%edx","%r8d");
+$code.=<<___;
+	mov	$i($ptr),$tp1
+	mov	$tp1,$acc
+	and	\$0x80808080,$acc
+	mov	$acc,$tp4
+	shr	\$7,$tp4
+	lea	0($tp1,$tp1),$tp2
+	sub	$tp4,$acc
+	and	\$0xfefefefe,$tp2
+	and	\$0x1b1b1b1b,$acc
+	xor	$tp2,$acc
+	mov	$acc,$tp2
+
+	and	\$0x80808080,$acc
+	mov	$acc,$tp8
+	shr	\$7,$tp8
+	lea	0($tp2,$tp2),$tp4
+	sub	$tp8,$acc
+	and	\$0xfefefefe,$tp4
+	and	\$0x1b1b1b1b,$acc
+	 xor	$tp1,$tp2		# tp2^tp1
+	xor	$tp4,$acc
+	mov	$acc,$tp4
+
+	and	\$0x80808080,$acc
+	mov	$acc,$tp8
+	shr	\$7,$tp8
+	sub	$tp8,$acc
+	lea	0($tp4,$tp4),$tp8
+	 xor	$tp1,$tp4		# tp4^tp1
+	and	\$0xfefefefe,$tp8
+	and	\$0x1b1b1b1b,$acc
+	xor	$acc,$tp8
+
+	xor	$tp8,$tp1		# tp1^tp8
+	rol	\$8,$tp1		# ROTATE(tp1^tp8,8)
+	xor	$tp8,$tp2		# tp2^tp1^tp8
+	xor	$tp8,$tp4		# tp4^tp1^tp8
+	xor	$tp2,$tp8
+	xor	$tp4,$tp8		# tp8^(tp8^tp4^tp1)^(tp8^tp2^tp1)=tp8^tp4^tp2
+
+	xor	$tp8,$tp1
+	rol	\$24,$tp2		# ROTATE(tp2^tp1^tp8,24)
+	xor	$tp2,$tp1
+	rol	\$16,$tp4		# ROTATE(tp4^tp1^tp8,16)
+	xor	$tp4,$tp1
+
+	mov	$tp1,$i($ptr)
+___
+}
+
+# int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+#                        AES_KEY *key)
+$code.=<<___;
+.globl	AES_set_decrypt_key
+.type	AES_set_decrypt_key,\@function,3
+.align	16
+AES_set_decrypt_key:
+.cfi_startproc
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+	push	%rdx			# save key schedule
+.cfi_adjust_cfa_offset	8
+.Ldec_key_prologue:
+
+	call	_x86_64_AES_set_encrypt_key
+	mov	(%rsp),%r8		# restore key schedule
+	cmp	\$0,%eax
+	jne	.Labort
+
+	mov	240(%r8),%r14d		# pull number of rounds
+	xor	%rdi,%rdi
+	lea	(%rdi,%r14d,4),%rcx
+	mov	%r8,%rsi
+	lea	(%r8,%rcx,4),%rdi	# pointer to last chunk
+.align	4
+.Linvert:
+		mov	0(%rsi),%rax
+		mov	8(%rsi),%rbx
+		mov	0(%rdi),%rcx
+		mov	8(%rdi),%rdx
+		mov	%rax,0(%rdi)
+		mov	%rbx,8(%rdi)
+		mov	%rcx,0(%rsi)
+		mov	%rdx,8(%rsi)
+		lea	16(%rsi),%rsi
+		lea	-16(%rdi),%rdi
+		cmp	%rsi,%rdi
+	jne	.Linvert
+
+	lea	.LAES_Te+2048+1024(%rip),%rax	# rcon
+
+	mov	40(%rax),$mask80
+	mov	48(%rax),$maskfe
+	mov	56(%rax),$mask1b
+
+	mov	%r8,$key
+	sub	\$1,%r14d
+.align	4
+.Lpermute:
+		lea	16($key),$key
+		mov	0($key),%rax
+		mov	8($key),%rcx
+___
+		&dectransform ();
+$code.=<<___;
+		mov	%eax,0($key)
+		mov	%ebx,4($key)
+		mov	%ecx,8($key)
+		mov	%edx,12($key)
+		sub	\$1,%r14d
+	jnz	.Lpermute
+
+	xor	%rax,%rax
+.Labort:
+	mov	8(%rsp),%r15
+.cfi_restore	%r15
+	mov	16(%rsp),%r14
+.cfi_restore	%r14
+	mov	24(%rsp),%r13
+.cfi_restore	%r13
+	mov	32(%rsp),%r12
+.cfi_restore	%r12
+	mov	40(%rsp),%rbp
+.cfi_restore	%rbp
+	mov	48(%rsp),%rbx
+.cfi_restore	%rbx
+	add	\$56,%rsp
+.cfi_adjust_cfa_offset	-56
+.Ldec_key_epilogue:
+	ret
+.cfi_endproc
+.size	AES_set_decrypt_key,.-AES_set_decrypt_key
+___
+
+# void AES_cbc_encrypt (const void char *inp, unsigned char *out,
+#			size_t length, const AES_KEY *key,
+#			unsigned char *ivp,const int enc);
+{
+# stack frame layout
+# -8(%rsp)		return address
+my $keyp="0(%rsp)";		# one to pass as $key
+my $keyend="8(%rsp)";		# &(keyp->rd_key[4*keyp->rounds])
+my $_rsp="16(%rsp)";		# saved %rsp
+my $_inp="24(%rsp)";		# copy of 1st parameter, inp
+my $_out="32(%rsp)";		# copy of 2nd parameter, out
+my $_len="40(%rsp)";		# copy of 3rd parameter, length
+my $_key="48(%rsp)";		# copy of 4th parameter, key
+my $_ivp="56(%rsp)";		# copy of 5th parameter, ivp
+my $ivec="64(%rsp)";		# ivec[16]
+my $aes_key="80(%rsp)";		# copy of aes_key
+my $mark="80+240(%rsp)";	# copy of aes_key->rounds
+
+$code.=<<___;
+.globl	AES_cbc_encrypt
+.type	AES_cbc_encrypt,\@function,6
+.align	16
+.extern	OPENSSL_ia32cap_P
+.globl	asm_AES_cbc_encrypt
+.hidden	asm_AES_cbc_encrypt
+asm_AES_cbc_encrypt:
+AES_cbc_encrypt:
+.cfi_startproc
+	cmp	\$0,%rdx	# check length
+	je	.Lcbc_epilogue
+	pushfq
+# This could be .cfi_push 49, but libunwind fails on registers it does not
+# recognize. See https://bugzilla.redhat.com/show_bug.cgi?id=217087.
+.cfi_adjust_cfa_offset	8
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+.Lcbc_prologue:
+
+	cld
+	mov	%r9d,%r9d	# clear upper half of enc
+
+	lea	.LAES_Te(%rip),$sbox
+	lea	.LAES_Td(%rip),%r10
+	cmp	\$0,%r9
+	cmoveq	%r10,$sbox
+
+.cfi_remember_state
+	mov	OPENSSL_ia32cap_P(%rip),%r10d
+	cmp	\$$speed_limit,%rdx
+	jb	.Lcbc_slow_prologue
+	test	\$15,%rdx
+	jnz	.Lcbc_slow_prologue
+	bt	\$28,%r10d
+	jc	.Lcbc_slow_prologue
+
+	# allocate aligned stack frame...
+	lea	-88-248(%rsp),$key
+	and	\$-64,$key
+
+	# ... and make sure it doesn't alias with AES_T[ed] modulo 4096
+	mov	$sbox,%r10
+	lea	2304($sbox),%r11
+	mov	$key,%r12
+	and	\$0xFFF,%r10	# s = $sbox&0xfff
+	and	\$0xFFF,%r11	# e = ($sbox+2048)&0xfff
+	and	\$0xFFF,%r12	# p = %rsp&0xfff
+
+	cmp	%r11,%r12	# if (p=>e) %rsp =- (p-e);
+	jb	.Lcbc_te_break_out
+	sub	%r11,%r12
+	sub	%r12,$key
+	jmp	.Lcbc_te_ok
+.Lcbc_te_break_out:		# else %rsp -= (p-s)&0xfff + framesz
+	sub	%r10,%r12
+	and	\$0xFFF,%r12
+	add	\$320,%r12
+	sub	%r12,$key
+.align	4
+.Lcbc_te_ok:
+
+	xchg	%rsp,$key
+.cfi_def_cfa_register	$key
+	#add	\$8,%rsp	# reserve for return address!
+	mov	$key,$_rsp	# save %rsp
+.cfi_cfa_expression	$_rsp,deref,+64
+.Lcbc_fast_body:
+	mov	%rdi,$_inp	# save copy of inp
+	mov	%rsi,$_out	# save copy of out
+	mov	%rdx,$_len	# save copy of len
+	mov	%rcx,$_key	# save copy of key
+	mov	%r8,$_ivp	# save copy of ivp
+	movl	\$0,$mark	# copy of aes_key->rounds = 0;
+	mov	%r8,%rbp	# rearrange input arguments
+	mov	%r9,%rbx
+	mov	%rsi,$out
+	mov	%rdi,$inp
+	mov	%rcx,$key
+
+	mov	240($key),%eax		# key->rounds
+	# do we copy key schedule to stack?
+	mov	$key,%r10
+	sub	$sbox,%r10
+	and	\$0xfff,%r10
+	cmp	\$2304,%r10
+	jb	.Lcbc_do_ecopy
+	cmp	\$4096-248,%r10
+	jb	.Lcbc_skip_ecopy
+.align	4
+.Lcbc_do_ecopy:
+		mov	$key,%rsi
+		lea	$aes_key,%rdi
+		lea	$aes_key,$key
+		mov	\$240/8,%ecx
+		.long	0x90A548F3	# rep movsq
+		mov	%eax,(%rdi)	# copy aes_key->rounds
+.Lcbc_skip_ecopy:
+	mov	$key,$keyp	# save key pointer
+
+	mov	\$18,%ecx
+.align	4
+.Lcbc_prefetch_te:
+		mov	0($sbox),%r10
+		mov	32($sbox),%r11
+		mov	64($sbox),%r12
+		mov	96($sbox),%r13
+		lea	128($sbox),$sbox
+		sub	\$1,%ecx
+	jnz	.Lcbc_prefetch_te
+	lea	-2304($sbox),$sbox
+
+	cmp	\$0,%rbx
+	je	.LFAST_DECRYPT
+
+#----------------------------- ENCRYPT -----------------------------#
+	mov	0(%rbp),$s0		# load iv
+	mov	4(%rbp),$s1
+	mov	8(%rbp),$s2
+	mov	12(%rbp),$s3
+
+.align	4
+.Lcbc_fast_enc_loop:
+		xor	0($inp),$s0
+		xor	4($inp),$s1
+		xor	8($inp),$s2
+		xor	12($inp),$s3
+		mov	$keyp,$key	# restore key
+		mov	$inp,$_inp	# if ($verticalspin) save inp
+
+		call	_x86_64_AES_encrypt
+
+		mov	$_inp,$inp	# if ($verticalspin) restore inp
+		mov	$_len,%r10
+		mov	$s0,0($out)
+		mov	$s1,4($out)
+		mov	$s2,8($out)
+		mov	$s3,12($out)
+
+		lea	16($inp),$inp
+		lea	16($out),$out
+		sub	\$16,%r10
+		test	\$-16,%r10
+		mov	%r10,$_len
+	jnz	.Lcbc_fast_enc_loop
+	mov	$_ivp,%rbp	# restore ivp
+	mov	$s0,0(%rbp)	# save ivec
+	mov	$s1,4(%rbp)
+	mov	$s2,8(%rbp)
+	mov	$s3,12(%rbp)
+
+	jmp	.Lcbc_fast_cleanup
+
+#----------------------------- DECRYPT -----------------------------#
+.align	16
+.LFAST_DECRYPT:
+	cmp	$inp,$out
+	je	.Lcbc_fast_dec_in_place
+
+	mov	%rbp,$ivec
+.align	4
+.Lcbc_fast_dec_loop:
+		mov	0($inp),$s0	# read input
+		mov	4($inp),$s1
+		mov	8($inp),$s2
+		mov	12($inp),$s3
+		mov	$keyp,$key	# restore key
+		mov	$inp,$_inp	# if ($verticalspin) save inp
+
+		call	_x86_64_AES_decrypt
+
+		mov	$ivec,%rbp	# load ivp
+		mov	$_inp,$inp	# if ($verticalspin) restore inp
+		mov	$_len,%r10	# load len
+		xor	0(%rbp),$s0	# xor iv
+		xor	4(%rbp),$s1
+		xor	8(%rbp),$s2
+		xor	12(%rbp),$s3
+		mov	$inp,%rbp	# current input, next iv
+
+		sub	\$16,%r10
+		mov	%r10,$_len	# update len
+		mov	%rbp,$ivec	# update ivp
+
+		mov	$s0,0($out)	# write output
+		mov	$s1,4($out)
+		mov	$s2,8($out)
+		mov	$s3,12($out)
+
+		lea	16($inp),$inp
+		lea	16($out),$out
+	jnz	.Lcbc_fast_dec_loop
+	mov	$_ivp,%r12		# load user ivp
+	mov	0(%rbp),%r10		# load iv
+	mov	8(%rbp),%r11
+	mov	%r10,0(%r12)		# copy back to user
+	mov	%r11,8(%r12)
+	jmp	.Lcbc_fast_cleanup
+
+.align	16
+.Lcbc_fast_dec_in_place:
+	mov	0(%rbp),%r10		# copy iv to stack
+	mov	8(%rbp),%r11
+	mov	%r10,0+$ivec
+	mov	%r11,8+$ivec
+.align	4
+.Lcbc_fast_dec_in_place_loop:
+		mov	0($inp),$s0	# load input
+		mov	4($inp),$s1
+		mov	8($inp),$s2
+		mov	12($inp),$s3
+		mov	$keyp,$key	# restore key
+		mov	$inp,$_inp	# if ($verticalspin) save inp
+
+		call	_x86_64_AES_decrypt
+
+		mov	$_inp,$inp	# if ($verticalspin) restore inp
+		mov	$_len,%r10
+		xor	0+$ivec,$s0
+		xor	4+$ivec,$s1
+		xor	8+$ivec,$s2
+		xor	12+$ivec,$s3
+
+		mov	0($inp),%r11	# load input
+		mov	8($inp),%r12
+		sub	\$16,%r10
+		jz	.Lcbc_fast_dec_in_place_done
+
+		mov	%r11,0+$ivec	# copy input to iv
+		mov	%r12,8+$ivec
+
+		mov	$s0,0($out)	# save output [zaps input]
+		mov	$s1,4($out)
+		mov	$s2,8($out)
+		mov	$s3,12($out)
+
+		lea	16($inp),$inp
+		lea	16($out),$out
+		mov	%r10,$_len
+	jmp	.Lcbc_fast_dec_in_place_loop
+.Lcbc_fast_dec_in_place_done:
+	mov	$_ivp,%rdi
+	mov	%r11,0(%rdi)	# copy iv back to user
+	mov	%r12,8(%rdi)
+
+	mov	$s0,0($out)	# save output [zaps input]
+	mov	$s1,4($out)
+	mov	$s2,8($out)
+	mov	$s3,12($out)
+
+.align	4
+.Lcbc_fast_cleanup:
+	cmpl	\$0,$mark	# was the key schedule copied?
+	lea	$aes_key,%rdi
+	je	.Lcbc_exit
+		mov	\$240/8,%ecx
+		xor	%rax,%rax
+		.long	0x90AB48F3	# rep stosq
+
+	jmp	.Lcbc_exit
+
+#--------------------------- SLOW ROUTINE ---------------------------#
+.align	16
+.Lcbc_slow_prologue:
+.cfi_restore_state
+	# allocate aligned stack frame...
+	lea	-88(%rsp),%rbp
+	and	\$-64,%rbp
+	# ... just "above" key schedule
+	lea	-88-63(%rcx),%r10
+	sub	%rbp,%r10
+	neg	%r10
+	and	\$0x3c0,%r10
+	sub	%r10,%rbp
+
+	xchg	%rsp,%rbp
+.cfi_def_cfa_register	%rbp
+	#add	\$8,%rsp	# reserve for return address!
+	mov	%rbp,$_rsp	# save %rsp
+.cfi_cfa_expression	$_rsp,deref,+64
+.Lcbc_slow_body:
+	#mov	%rdi,$_inp	# save copy of inp
+	#mov	%rsi,$_out	# save copy of out
+	#mov	%rdx,$_len	# save copy of len
+	#mov	%rcx,$_key	# save copy of key
+	mov	%r8,$_ivp	# save copy of ivp
+	mov	%r8,%rbp	# rearrange input arguments
+	mov	%r9,%rbx
+	mov	%rsi,$out
+	mov	%rdi,$inp
+	mov	%rcx,$key
+	mov	%rdx,%r10
+
+	mov	240($key),%eax
+	mov	$key,$keyp	# save key pointer
+	shl	\$4,%eax
+	lea	($key,%rax),%rax
+	mov	%rax,$keyend
+
+	# pick Te4 copy which can't "overlap" with stack frame or key schedule
+	lea	2048($sbox),$sbox
+	lea	768-8(%rsp),%rax
+	sub	$sbox,%rax
+	and	\$0x300,%rax
+	lea	($sbox,%rax),$sbox
+
+	cmp	\$0,%rbx
+	je	.LSLOW_DECRYPT
+
+#--------------------------- SLOW ENCRYPT ---------------------------#
+	test	\$-16,%r10		# check upon length
+	mov	0(%rbp),$s0		# load iv
+	mov	4(%rbp),$s1
+	mov	8(%rbp),$s2
+	mov	12(%rbp),$s3
+	jz	.Lcbc_slow_enc_tail	# short input...
+
+.align	4
+.Lcbc_slow_enc_loop:
+		xor	0($inp),$s0
+		xor	4($inp),$s1
+		xor	8($inp),$s2
+		xor	12($inp),$s3
+		mov	$keyp,$key	# restore key
+		mov	$inp,$_inp	# save inp
+		mov	$out,$_out	# save out
+		mov	%r10,$_len	# save len
+
+		call	_x86_64_AES_encrypt_compact
+
+		mov	$_inp,$inp	# restore inp
+		mov	$_out,$out	# restore out
+		mov	$_len,%r10	# restore len
+		mov	$s0,0($out)
+		mov	$s1,4($out)
+		mov	$s2,8($out)
+		mov	$s3,12($out)
+
+		lea	16($inp),$inp
+		lea	16($out),$out
+		sub	\$16,%r10
+		test	\$-16,%r10
+	jnz	.Lcbc_slow_enc_loop
+	test	\$15,%r10
+	jnz	.Lcbc_slow_enc_tail
+	mov	$_ivp,%rbp	# restore ivp
+	mov	$s0,0(%rbp)	# save ivec
+	mov	$s1,4(%rbp)
+	mov	$s2,8(%rbp)
+	mov	$s3,12(%rbp)
+
+	jmp	.Lcbc_exit
+
+.align	4
+.Lcbc_slow_enc_tail:
+	mov	%rax,%r11
+	mov	%rcx,%r12
+	mov	%r10,%rcx
+	mov	$inp,%rsi
+	mov	$out,%rdi
+	.long	0x9066A4F3		# rep movsb
+	mov	\$16,%rcx		# zero tail
+	sub	%r10,%rcx
+	xor	%rax,%rax
+	.long	0x9066AAF3		# rep stosb
+	mov	$out,$inp		# this is not a mistake!
+	mov	\$16,%r10		# len=16
+	mov	%r11,%rax
+	mov	%r12,%rcx
+	jmp	.Lcbc_slow_enc_loop	# one more spin...
+#--------------------------- SLOW DECRYPT ---------------------------#
+.align	16
+.LSLOW_DECRYPT:
+	shr	\$3,%rax
+	add	%rax,$sbox		# recall "magic" constants!
+
+	mov	0(%rbp),%r11		# copy iv to stack
+	mov	8(%rbp),%r12
+	mov	%r11,0+$ivec
+	mov	%r12,8+$ivec
+
+.align	4
+.Lcbc_slow_dec_loop:
+		mov	0($inp),$s0	# load input
+		mov	4($inp),$s1
+		mov	8($inp),$s2
+		mov	12($inp),$s3
+		mov	$keyp,$key	# restore key
+		mov	$inp,$_inp	# save inp
+		mov	$out,$_out	# save out
+		mov	%r10,$_len	# save len
+
+		call	_x86_64_AES_decrypt_compact
+
+		mov	$_inp,$inp	# restore inp
+		mov	$_out,$out	# restore out
+		mov	$_len,%r10
+		xor	0+$ivec,$s0
+		xor	4+$ivec,$s1
+		xor	8+$ivec,$s2
+		xor	12+$ivec,$s3
+
+		mov	0($inp),%r11	# load input
+		mov	8($inp),%r12
+		sub	\$16,%r10
+		jc	.Lcbc_slow_dec_partial
+		jz	.Lcbc_slow_dec_done
+
+		mov	%r11,0+$ivec	# copy input to iv
+		mov	%r12,8+$ivec
+
+		mov	$s0,0($out)	# save output [can zap input]
+		mov	$s1,4($out)
+		mov	$s2,8($out)
+		mov	$s3,12($out)
+
+		lea	16($inp),$inp
+		lea	16($out),$out
+	jmp	.Lcbc_slow_dec_loop
+.Lcbc_slow_dec_done:
+	mov	$_ivp,%rdi
+	mov	%r11,0(%rdi)		# copy iv back to user
+	mov	%r12,8(%rdi)
+
+	mov	$s0,0($out)		# save output [can zap input]
+	mov	$s1,4($out)
+	mov	$s2,8($out)
+	mov	$s3,12($out)
+
+	jmp	.Lcbc_exit
+
+.align	4
+.Lcbc_slow_dec_partial:
+	mov	$_ivp,%rdi
+	mov	%r11,0(%rdi)		# copy iv back to user
+	mov	%r12,8(%rdi)
+
+	mov	$s0,0+$ivec		# save output to stack
+	mov	$s1,4+$ivec
+	mov	$s2,8+$ivec
+	mov	$s3,12+$ivec
+
+	mov	$out,%rdi
+	lea	$ivec,%rsi
+	lea	16(%r10),%rcx
+	.long	0x9066A4F3	# rep movsb
+	jmp	.Lcbc_exit
+
+.align	16
+.Lcbc_exit:
+	mov	$_rsp,%rsi
+.cfi_def_cfa	%rsi,64
+	mov	(%rsi),%r15
+.cfi_restore	%r15
+	mov	8(%rsi),%r14
+.cfi_restore	%r14
+	mov	16(%rsi),%r13
+.cfi_restore	%r13
+	mov	24(%rsi),%r12
+.cfi_restore	%r12
+	mov	32(%rsi),%rbp
+.cfi_restore	%rbp
+	mov	40(%rsi),%rbx
+.cfi_restore	%rbx
+	lea	48(%rsi),%rsp
+.cfi_def_cfa	%rsp,16
+.Lcbc_popfq:
+	popfq
+# This could be .cfi_pop 49, but libunwind fails on registers it does not
+# recognize. See https://bugzilla.redhat.com/show_bug.cgi?id=217087.
+.cfi_adjust_cfa_offset	-8
+.Lcbc_epilogue:
+	ret
+.cfi_endproc
+.size	AES_cbc_encrypt,.-AES_cbc_encrypt
+___
+}
+
+$code.=<<___;
+.align	64
+.LAES_Te:
+___
+	&_data_word(0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6);
+	&_data_word(0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591);
+	&_data_word(0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56);
+	&_data_word(0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec);
+	&_data_word(0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa);
+	&_data_word(0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb);
+	&_data_word(0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45);
+	&_data_word(0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b);
+	&_data_word(0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c);
+	&_data_word(0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83);
+	&_data_word(0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9);
+	&_data_word(0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a);
+	&_data_word(0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d);
+	&_data_word(0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f);
+	&_data_word(0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df);
+	&_data_word(0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea);
+	&_data_word(0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34);
+	&_data_word(0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b);
+	&_data_word(0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d);
+	&_data_word(0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413);
+	&_data_word(0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1);
+	&_data_word(0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6);
+	&_data_word(0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972);
+	&_data_word(0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85);
+	&_data_word(0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed);
+	&_data_word(0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511);
+	&_data_word(0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe);
+	&_data_word(0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b);
+	&_data_word(0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05);
+	&_data_word(0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1);
+	&_data_word(0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142);
+	&_data_word(0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf);
+	&_data_word(0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3);
+	&_data_word(0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e);
+	&_data_word(0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a);
+	&_data_word(0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6);
+	&_data_word(0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3);
+	&_data_word(0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b);
+	&_data_word(0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428);
+	&_data_word(0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad);
+	&_data_word(0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14);
+	&_data_word(0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8);
+	&_data_word(0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4);
+	&_data_word(0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2);
+	&_data_word(0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda);
+	&_data_word(0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949);
+	&_data_word(0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf);
+	&_data_word(0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810);
+	&_data_word(0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c);
+	&_data_word(0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697);
+	&_data_word(0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e);
+	&_data_word(0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f);
+	&_data_word(0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc);
+	&_data_word(0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c);
+	&_data_word(0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969);
+	&_data_word(0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27);
+	&_data_word(0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122);
+	&_data_word(0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433);
+	&_data_word(0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9);
+	&_data_word(0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5);
+	&_data_word(0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a);
+	&_data_word(0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0);
+	&_data_word(0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e);
+	&_data_word(0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c);
+
+#Te4	# four copies of Te4 to choose from to avoid L1 aliasing
+	&data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
+	&data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
+	&data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
+	&data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
+	&data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
+	&data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
+	&data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
+	&data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
+	&data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
+	&data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
+	&data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
+	&data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
+	&data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
+	&data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
+	&data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
+	&data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
+	&data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
+	&data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
+	&data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
+	&data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
+	&data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
+	&data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
+	&data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
+	&data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
+	&data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
+	&data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
+	&data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
+	&data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
+	&data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
+	&data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
+	&data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
+	&data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
+
+	&data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
+	&data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
+	&data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
+	&data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
+	&data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
+	&data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
+	&data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
+	&data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
+	&data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
+	&data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
+	&data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
+	&data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
+	&data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
+	&data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
+	&data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
+	&data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
+	&data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
+	&data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
+	&data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
+	&data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
+	&data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
+	&data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
+	&data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
+	&data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
+	&data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
+	&data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
+	&data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
+	&data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
+	&data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
+	&data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
+	&data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
+	&data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
+
+	&data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
+	&data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
+	&data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
+	&data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
+	&data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
+	&data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
+	&data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
+	&data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
+	&data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
+	&data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
+	&data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
+	&data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
+	&data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
+	&data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
+	&data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
+	&data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
+	&data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
+	&data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
+	&data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
+	&data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
+	&data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
+	&data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
+	&data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
+	&data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
+	&data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
+	&data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
+	&data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
+	&data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
+	&data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
+	&data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
+	&data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
+	&data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
+
+	&data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
+	&data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
+	&data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
+	&data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
+	&data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
+	&data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
+	&data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
+	&data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
+	&data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
+	&data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
+	&data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
+	&data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
+	&data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
+	&data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
+	&data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
+	&data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
+	&data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
+	&data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
+	&data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
+	&data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
+	&data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
+	&data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
+	&data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
+	&data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
+	&data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
+	&data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
+	&data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
+	&data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
+	&data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
+	&data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
+	&data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
+	&data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
+#rcon:
+$code.=<<___;
+	.long	0x00000001, 0x00000002, 0x00000004, 0x00000008
+	.long	0x00000010, 0x00000020, 0x00000040, 0x00000080
+	.long	0x0000001b, 0x00000036, 0x80808080, 0x80808080
+	.long	0xfefefefe, 0xfefefefe, 0x1b1b1b1b, 0x1b1b1b1b
+___
+$code.=<<___;
+.align	64
+.LAES_Td:
+___
+	&_data_word(0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a);
+	&_data_word(0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b);
+	&_data_word(0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5);
+	&_data_word(0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5);
+	&_data_word(0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d);
+	&_data_word(0x02752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b);
+	&_data_word(0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295);
+	&_data_word(0x2d83bed4, 0xd3217458, 0x2969e049, 0x44c8c98e);
+	&_data_word(0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927);
+	&_data_word(0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d);
+	&_data_word(0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362);
+	&_data_word(0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9);
+	&_data_word(0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52);
+	&_data_word(0x23d373ab, 0xe2024b72, 0x578f1fe3, 0x2aab5566);
+	&_data_word(0x0728ebb2, 0x03c2b52f, 0x9a7bc586, 0xa50837d3);
+	&_data_word(0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed);
+	&_data_word(0x2b1ccf8a, 0x92b479a7, 0xf0f207f3, 0xa1e2694e);
+	&_data_word(0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4);
+	&_data_word(0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4);
+	&_data_word(0x39ec830b, 0xaaef6040, 0x069f715e, 0x51106ebd);
+	&_data_word(0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d);
+	&_data_word(0xb58d5491, 0x055dc471, 0x6fd40604, 0xff155060);
+	&_data_word(0x24fb9819, 0x97e9bdd6, 0xcc434089, 0x779ed967);
+	&_data_word(0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879);
+	&_data_word(0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x00000000);
+	&_data_word(0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c);
+	&_data_word(0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36);
+	&_data_word(0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624);
+	&_data_word(0xb1670a0c, 0x0fe75793, 0xd296eeb4, 0x9e919b1b);
+	&_data_word(0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c);
+	&_data_word(0x0aba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12);
+	&_data_word(0x0b0d090e, 0xadc78bf2, 0xb9a8b62d, 0xc8a91e14);
+	&_data_word(0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3);
+	&_data_word(0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b);
+	&_data_word(0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8);
+	&_data_word(0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684);
+	&_data_word(0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7);
+	&_data_word(0x4b2f9e1d, 0xf330b2dc, 0xec52860d, 0xd0e3c177);
+	&_data_word(0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947);
+	&_data_word(0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322);
+	&_data_word(0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498);
+	&_data_word(0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f);
+	&_data_word(0xe49d3a2c, 0x0d927850, 0x9bcc5f6a, 0x62467e54);
+	&_data_word(0xc2138df6, 0xe8b8d890, 0x5ef7392e, 0xf5afc382);
+	&_data_word(0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf);
+	&_data_word(0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb);
+	&_data_word(0x097826cd, 0xf418596e, 0x01b79aec, 0xa89a4f83);
+	&_data_word(0x656e95e6, 0x7ee6ffaa, 0x08cfbc21, 0xe6e815ef);
+	&_data_word(0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029);
+	&_data_word(0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235);
+	&_data_word(0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733);
+	&_data_word(0x4a9804f1, 0xf7daec41, 0x0e50cd7f, 0x2ff69117);
+	&_data_word(0x8dd64d76, 0x4db0ef43, 0x544daacc, 0xdf0496e4);
+	&_data_word(0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546);
+	&_data_word(0x04ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb);
+	&_data_word(0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d);
+	&_data_word(0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb);
+	&_data_word(0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a);
+	&_data_word(0x59dfd29c, 0x3f73f255, 0x79ce1418, 0xbf37c773);
+	&_data_word(0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478);
+	&_data_word(0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2);
+	&_data_word(0x72c31d16, 0x0c25e2bc, 0x8b493c28, 0x41950dff);
+	&_data_word(0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664);
+	&_data_word(0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0);
+
+#Td4:	# four copies of Td4 to choose from to avoid L1 aliasing
+	&data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
+	&data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
+	&data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
+	&data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
+	&data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
+	&data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
+	&data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
+	&data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
+	&data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
+	&data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
+	&data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
+	&data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
+	&data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
+	&data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
+	&data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
+	&data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
+	&data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
+	&data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
+	&data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
+	&data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
+	&data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
+	&data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
+	&data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
+	&data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
+	&data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
+	&data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
+	&data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
+	&data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
+	&data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
+	&data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
+	&data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
+	&data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
+$code.=<<___;
+	.long	0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
+	.long	0x1b1b1b1b, 0x1b1b1b1b, 0, 0
+___
+	&data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
+	&data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
+	&data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
+	&data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
+	&data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
+	&data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
+	&data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
+	&data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
+	&data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
+	&data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
+	&data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
+	&data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
+	&data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
+	&data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
+	&data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
+	&data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
+	&data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
+	&data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
+	&data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
+	&data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
+	&data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
+	&data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
+	&data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
+	&data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
+	&data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
+	&data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
+	&data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
+	&data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
+	&data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
+	&data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
+	&data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
+	&data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
+$code.=<<___;
+	.long	0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
+	.long	0x1b1b1b1b, 0x1b1b1b1b, 0, 0
+___
+	&data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
+	&data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
+	&data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
+	&data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
+	&data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
+	&data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
+	&data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
+	&data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
+	&data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
+	&data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
+	&data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
+	&data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
+	&data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
+	&data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
+	&data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
+	&data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
+	&data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
+	&data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
+	&data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
+	&data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
+	&data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
+	&data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
+	&data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
+	&data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
+	&data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
+	&data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
+	&data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
+	&data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
+	&data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
+	&data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
+	&data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
+	&data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
+$code.=<<___;
+	.long	0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
+	.long	0x1b1b1b1b, 0x1b1b1b1b, 0, 0
+___
+	&data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
+	&data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
+	&data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
+	&data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
+	&data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
+	&data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
+	&data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
+	&data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
+	&data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
+	&data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
+	&data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
+	&data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
+	&data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
+	&data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
+	&data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
+	&data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
+	&data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
+	&data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
+	&data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
+	&data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
+	&data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
+	&data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
+	&data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
+	&data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
+	&data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
+	&data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
+	&data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
+	&data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
+	&data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
+	&data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
+	&data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
+	&data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
+$code.=<<___;
+	.long	0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
+	.long	0x1b1b1b1b, 0x1b1b1b1b, 0, 0
+.asciz  "AES for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+.align	64
+___
+
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern	__imp_RtlVirtualUnwind
+.type	block_se_handler,\@abi-omnipotent
+.align	16
+block_se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# prologue label
+	cmp	%r10,%rbx		# context->Rip<prologue label
+	jb	.Lin_block_prologue
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lin_block_prologue
+
+	mov	24(%rax),%rax		# pull saved real stack pointer
+
+	mov	-8(%rax),%rbx
+	mov	-16(%rax),%rbp
+	mov	-24(%rax),%r12
+	mov	-32(%rax),%r13
+	mov	-40(%rax),%r14
+	mov	-48(%rax),%r15
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+	mov	%r14,232($context)	# restore context->R14
+	mov	%r15,240($context)	# restore context->R15
+
+.Lin_block_prologue:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	jmp	.Lcommon_seh_exit
+.size	block_se_handler,.-block_se_handler
+
+.type	key_se_handler,\@abi-omnipotent
+.align	16
+key_se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# prologue label
+	cmp	%r10,%rbx		# context->Rip<prologue label
+	jb	.Lin_key_prologue
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lin_key_prologue
+
+	lea	56(%rax),%rax
+
+	mov	-8(%rax),%rbx
+	mov	-16(%rax),%rbp
+	mov	-24(%rax),%r12
+	mov	-32(%rax),%r13
+	mov	-40(%rax),%r14
+	mov	-48(%rax),%r15
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+	mov	%r14,232($context)	# restore context->R14
+	mov	%r15,240($context)	# restore context->R15
+
+.Lin_key_prologue:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	jmp	.Lcommon_seh_exit
+.size	key_se_handler,.-key_se_handler
+
+.type	cbc_se_handler,\@abi-omnipotent
+.align	16
+cbc_se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	lea	.Lcbc_prologue(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip<.Lcbc_prologue
+	jb	.Lin_cbc_prologue
+
+	lea	.Lcbc_fast_body(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip<.Lcbc_fast_body
+	jb	.Lin_cbc_frame_setup
+
+	lea	.Lcbc_slow_prologue(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip<.Lcbc_slow_prologue
+	jb	.Lin_cbc_body
+
+	lea	.Lcbc_slow_body(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip<.Lcbc_slow_body
+	jb	.Lin_cbc_frame_setup
+
+.Lin_cbc_body:
+	mov	152($context),%rax	# pull context->Rsp
+
+	lea	.Lcbc_epilogue(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip>=.Lcbc_epilogue
+	jae	.Lin_cbc_prologue
+
+	lea	8(%rax),%rax
+
+	lea	.Lcbc_popfq(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip>=.Lcbc_popfq
+	jae	.Lin_cbc_prologue
+
+	mov	`16-8`(%rax),%rax	# biased $_rsp
+	lea	56(%rax),%rax
+
+.Lin_cbc_frame_setup:
+	mov	-16(%rax),%rbx
+	mov	-24(%rax),%rbp
+	mov	-32(%rax),%r12
+	mov	-40(%rax),%r13
+	mov	-48(%rax),%r14
+	mov	-56(%rax),%r15
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+	mov	%r14,232($context)	# restore context->R14
+	mov	%r15,240($context)	# restore context->R15
+
+.Lin_cbc_prologue:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+.Lcommon_seh_exit:
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$`1232/8`,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	cbc_se_handler,.-cbc_se_handler
+
+.section	.pdata
+.align	4
+	.rva	.LSEH_begin_AES_encrypt
+	.rva	.LSEH_end_AES_encrypt
+	.rva	.LSEH_info_AES_encrypt
+
+	.rva	.LSEH_begin_AES_decrypt
+	.rva	.LSEH_end_AES_decrypt
+	.rva	.LSEH_info_AES_decrypt
+
+	.rva	.LSEH_begin_AES_set_encrypt_key
+	.rva	.LSEH_end_AES_set_encrypt_key
+	.rva	.LSEH_info_AES_set_encrypt_key
+
+	.rva	.LSEH_begin_AES_set_decrypt_key
+	.rva	.LSEH_end_AES_set_decrypt_key
+	.rva	.LSEH_info_AES_set_decrypt_key
+
+	.rva	.LSEH_begin_AES_cbc_encrypt
+	.rva	.LSEH_end_AES_cbc_encrypt
+	.rva	.LSEH_info_AES_cbc_encrypt
+
+.section	.xdata
+.align	8
+.LSEH_info_AES_encrypt:
+	.byte	9,0,0,0
+	.rva	block_se_handler
+	.rva	.Lenc_prologue,.Lenc_epilogue	# HandlerData[]
+.LSEH_info_AES_decrypt:
+	.byte	9,0,0,0
+	.rva	block_se_handler
+	.rva	.Ldec_prologue,.Ldec_epilogue	# HandlerData[]
+.LSEH_info_AES_set_encrypt_key:
+	.byte	9,0,0,0
+	.rva	key_se_handler
+	.rva	.Lenc_key_prologue,.Lenc_key_epilogue	# HandlerData[]
+.LSEH_info_AES_set_decrypt_key:
+	.byte	9,0,0,0
+	.rva	key_se_handler
+	.rva	.Ldec_key_prologue,.Ldec_key_epilogue	# HandlerData[]
+.LSEH_info_AES_cbc_encrypt:
+	.byte	9,0,0,0
+	.rva	cbc_se_handler
+___
+}
+
+$code =~ s/\`([^\`]*)\`/eval($1)/gem;
+
+print $code;
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aesfx-sparcv9.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aesfx-sparcv9.pl
new file mode 100644
index 000000000..9ddf0b4b0
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aesfx-sparcv9.pl
@@ -0,0 +1,1270 @@
+#! /usr/bin/env perl
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# March 2016
+#
+# Initial support for Fujitsu SPARC64 X/X+ comprises minimally
+# required key setup and single-block procedures.
+#
+# April 2016
+#
+# Add "teaser" CBC and CTR mode-specific subroutines. "Teaser" means
+# that parallelizable nature of CBC decrypt and CTR is not utilized
+# yet. CBC encrypt on the other hand is as good as it can possibly
+# get processing one byte in 4.1 cycles with 128-bit key on SPARC64 X.
+# This is ~6x faster than pure software implementation...
+#
+# July 2016
+#
+# Switch from faligndata to fshiftorx, which allows to omit alignaddr
+# instructions and improve single-block and short-input performance
+# with misaligned data.
+
+$output = pop;
+open STDOUT,">$output";
+
+{
+my ($inp,$out,$key,$rounds,$tmp,$mask) = map("%o$_",(0..5));
+
+$code.=<<___;
+#include "sparc_arch.h"
+
+#define LOCALS (STACK_BIAS+STACK_FRAME)
+
+.text
+
+.globl	aes_fx_encrypt
+.align	32
+aes_fx_encrypt:
+	and		$inp, 7, $tmp		! is input aligned?
+	andn		$inp, 7, $inp
+	ldd		[$key +  0], %f6	! round[0]
+	ldd		[$key +  8], %f8
+	mov		%o7, %g1
+	ld		[$key + 240], $rounds
+
+1:	call		.+8
+	add		%o7, .Linp_align-1b, %o7
+
+	sll		$tmp, 3, $tmp
+	ldd		[$inp + 0], %f0		! load input
+	brz,pt		$tmp, .Lenc_inp_aligned
+	ldd		[$inp + 8], %f2
+
+	ldd		[%o7 + $tmp], %f14	! shift left params
+	ldd		[$inp + 16], %f4
+	fshiftorx	%f0, %f2, %f14, %f0
+	fshiftorx	%f2, %f4, %f14, %f2
+
+.Lenc_inp_aligned:
+	ldd		[$key + 16], %f10	! round[1]
+	ldd		[$key + 24], %f12
+
+	fxor		%f0, %f6, %f0		! ^=round[0]
+	fxor		%f2, %f8, %f2
+	ldd		[$key + 32], %f6	! round[2]
+	ldd		[$key + 40], %f8
+	add		$key, 32, $key
+	sub		$rounds, 4, $rounds
+
+.Loop_enc:
+	fmovd		%f0, %f4
+	faesencx	%f2, %f10, %f0
+	faesencx	%f4, %f12, %f2
+	ldd		[$key + 16], %f10
+	ldd		[$key + 24], %f12
+	add		$key, 32, $key
+
+	fmovd		%f0, %f4
+	faesencx	%f2, %f6, %f0
+	faesencx	%f4, %f8, %f2
+	ldd		[$key +  0], %f6
+	ldd		[$key +  8], %f8
+
+	brnz,a		$rounds, .Loop_enc
+	sub		$rounds, 2, $rounds
+
+	andcc		$out, 7, $tmp		! is output aligned?
+	andn		$out, 7, $out
+	mov		0xff, $mask
+	srl		$mask, $tmp, $mask
+	add		%o7, 64, %o7
+	sll		$tmp, 3, $tmp
+
+	fmovd		%f0, %f4
+	faesencx	%f2, %f10, %f0
+	faesencx	%f4, %f12, %f2
+	ldd		[%o7 + $tmp], %f14	! shift right params
+
+	fmovd		%f0, %f4
+	faesenclx	%f2, %f6, %f0
+	faesenclx	%f4, %f8, %f2
+
+	bnz,pn		%icc, .Lenc_out_unaligned
+	mov		%g1, %o7
+
+	std		%f0, [$out + 0]
+	retl
+	std		%f2, [$out + 8]
+
+.align	16
+.Lenc_out_unaligned:
+	add		$out, 16, $inp
+	orn		%g0, $mask, $tmp
+	fshiftorx	%f0, %f0, %f14, %f4
+	fshiftorx	%f0, %f2, %f14, %f6
+	fshiftorx	%f2, %f2, %f14, %f8
+
+	stda		%f4, [$out + $mask]0xc0	! partial store
+	std		%f6, [$out + 8]
+	stda		%f8, [$inp + $tmp]0xc0	! partial store
+	retl
+	nop
+.type	aes_fx_encrypt,#function
+.size	aes_fx_encrypt,.-aes_fx_encrypt
+
+.globl	aes_fx_decrypt
+.align	32
+aes_fx_decrypt:
+	and		$inp, 7, $tmp		! is input aligned?
+	andn		$inp, 7, $inp
+	ldd		[$key +  0], %f6	! round[0]
+	ldd		[$key +  8], %f8
+	mov		%o7, %g1
+	ld		[$key + 240], $rounds
+
+1:	call		.+8
+	add		%o7, .Linp_align-1b, %o7
+
+	sll		$tmp, 3, $tmp
+	ldd		[$inp + 0], %f0		! load input
+	brz,pt		$tmp, .Ldec_inp_aligned
+	ldd		[$inp + 8], %f2
+
+	ldd		[%o7 + $tmp], %f14	! shift left params
+	ldd		[$inp + 16], %f4
+	fshiftorx	%f0, %f2, %f14, %f0
+	fshiftorx	%f2, %f4, %f14, %f2
+
+.Ldec_inp_aligned:
+	ldd		[$key + 16], %f10	! round[1]
+	ldd		[$key + 24], %f12
+
+	fxor		%f0, %f6, %f0		! ^=round[0]
+	fxor		%f2, %f8, %f2
+	ldd		[$key + 32], %f6	! round[2]
+	ldd		[$key + 40], %f8
+	add		$key, 32, $key
+	sub		$rounds, 4, $rounds
+
+.Loop_dec:
+	fmovd		%f0, %f4
+	faesdecx	%f2, %f10, %f0
+	faesdecx	%f4, %f12, %f2
+	ldd		[$key + 16], %f10
+	ldd		[$key + 24], %f12
+	add		$key, 32, $key
+
+	fmovd		%f0, %f4
+	faesdecx	%f2, %f6, %f0
+	faesdecx	%f4, %f8, %f2
+	ldd		[$key +  0], %f6
+	ldd		[$key +  8], %f8
+
+	brnz,a		$rounds, .Loop_dec
+	sub		$rounds, 2, $rounds
+
+	andcc		$out, 7, $tmp		! is output aligned?
+	andn		$out, 7, $out
+	mov		0xff, $mask
+	srl		$mask, $tmp, $mask
+	add		%o7, 64, %o7
+	sll		$tmp, 3, $tmp
+
+	fmovd		%f0, %f4
+	faesdecx	%f2, %f10, %f0
+	faesdecx	%f4, %f12, %f2
+	ldd		[%o7 + $tmp], %f14	! shift right params
+
+	fmovd		%f0, %f4
+	faesdeclx	%f2, %f6, %f0
+	faesdeclx	%f4, %f8, %f2
+
+	bnz,pn		%icc, .Ldec_out_unaligned
+	mov		%g1, %o7
+
+	std		%f0, [$out + 0]
+	retl
+	std		%f2, [$out + 8]
+
+.align	16
+.Ldec_out_unaligned:
+	add		$out, 16, $inp
+	orn		%g0, $mask, $tmp
+	fshiftorx	%f0, %f0, %f14, %f4
+	fshiftorx	%f0, %f2, %f14, %f6
+	fshiftorx	%f2, %f2, %f14, %f8
+
+	stda		%f4, [$out + $mask]0xc0	! partial store
+	std		%f6, [$out + 8]
+	stda		%f8, [$inp + $tmp]0xc0	! partial store
+	retl
+	nop
+.type	aes_fx_decrypt,#function
+.size	aes_fx_decrypt,.-aes_fx_decrypt
+___
+}
+{
+my ($inp,$bits,$out,$tmp,$inc) = map("%o$_",(0..5));
+$code.=<<___;
+.globl	aes_fx_set_decrypt_key
+.align	32
+aes_fx_set_decrypt_key:
+	b		.Lset_encrypt_key
+	mov		-1, $inc
+	retl
+	nop
+.type	aes_fx_set_decrypt_key,#function
+.size	aes_fx_set_decrypt_key,.-aes_fx_set_decrypt_key
+
+.globl	aes_fx_set_encrypt_key
+.align	32
+aes_fx_set_encrypt_key:
+	mov		1, $inc
+	nop
+.Lset_encrypt_key:
+	and		$inp, 7, $tmp
+	andn		$inp, 7, $inp
+	sll		$tmp, 3, $tmp
+	mov		%o7, %g1
+
+1:	call		.+8
+	add		%o7, .Linp_align-1b, %o7
+
+	ldd		[%o7 + $tmp], %f10	! shift left params
+	mov		%g1, %o7
+
+	cmp		$bits, 192
+	ldd		[$inp + 0], %f0
+	bl,pt		%icc, .L128
+	ldd		[$inp + 8], %f2
+
+	be,pt		%icc, .L192
+	ldd		[$inp + 16], %f4
+	brz,pt		$tmp, .L256aligned
+	ldd		[$inp + 24], %f6
+
+	ldd		[$inp + 32], %f8
+	fshiftorx	%f0, %f2, %f10, %f0
+	fshiftorx	%f2, %f4, %f10, %f2
+	fshiftorx	%f4, %f6, %f10, %f4
+	fshiftorx	%f6, %f8, %f10, %f6
+
+.L256aligned:
+	mov		14, $bits
+	and		$inc, `14*16`, $tmp
+	st		$bits, [$out + 240]	! store rounds
+	add		$out, $tmp, $out	! start or end of key schedule
+	sllx		$inc, 4, $inc		! 16 or -16
+___
+for ($i=0; $i<6; $i++) {
+    $code.=<<___;
+	std		%f0, [$out + 0]
+	faeskeyx	%f6, `0x10+$i`, %f0
+	std		%f2, [$out + 8]
+	add		$out, $inc, $out
+	faeskeyx	%f0, 0x00, %f2
+	std		%f4, [$out + 0]
+	faeskeyx	%f2, 0x01, %f4
+	std		%f6, [$out + 8]
+	add		$out, $inc, $out
+	faeskeyx	%f4, 0x00, %f6
+___
+}
+$code.=<<___;
+	std		%f0, [$out + 0]
+	faeskeyx	%f6, `0x10+$i`, %f0
+	std		%f2, [$out + 8]
+	add		$out, $inc, $out
+	faeskeyx	%f0, 0x00, %f2
+	std		%f4,[$out + 0]
+	std		%f6,[$out + 8]
+	add		$out, $inc, $out
+	std		%f0,[$out + 0]
+	std		%f2,[$out + 8]
+	retl
+	xor		%o0, %o0, %o0		! return 0
+
+.align	16
+.L192:
+	brz,pt		$tmp, .L192aligned
+	nop
+
+	ldd		[$inp + 24], %f6
+	fshiftorx	%f0, %f2, %f10, %f0
+	fshiftorx	%f2, %f4, %f10, %f2
+	fshiftorx	%f4, %f6, %f10, %f4
+
+.L192aligned:
+	mov		12, $bits
+	and		$inc, `12*16`, $tmp
+	st		$bits, [$out + 240]	! store rounds
+	add		$out, $tmp, $out	! start or end of key schedule
+	sllx		$inc, 4, $inc		! 16 or -16
+___
+for ($i=0; $i<8; $i+=2) {
+    $code.=<<___;
+	std		%f0, [$out + 0]
+	faeskeyx	%f4, `0x10+$i`, %f0
+	std		%f2, [$out + 8]
+	add		$out, $inc, $out
+	faeskeyx	%f0, 0x00, %f2
+	std		%f4, [$out + 0]
+	faeskeyx	%f2, 0x00, %f4
+	std		%f0, [$out + 8]
+	add		$out, $inc, $out
+	faeskeyx	%f4, `0x10+$i+1`, %f0
+	std		%f2, [$out + 0]
+	faeskeyx	%f0, 0x00, %f2
+	std		%f4, [$out + 8]
+	add		$out, $inc, $out
+___
+$code.=<<___		if ($i<6);
+	faeskeyx	%f2, 0x00, %f4
+___
+}
+$code.=<<___;
+	std		%f0, [$out + 0]
+	std		%f2, [$out + 8]
+	retl
+	xor		%o0, %o0, %o0		! return 0
+
+.align	16
+.L128:
+	brz,pt		$tmp, .L128aligned
+	nop
+
+	ldd		[$inp + 16], %f4
+	fshiftorx	%f0, %f2, %f10, %f0
+	fshiftorx	%f2, %f4, %f10, %f2
+
+.L128aligned:
+	mov		10, $bits
+	and		$inc, `10*16`, $tmp
+	st		$bits, [$out + 240]	! store rounds
+	add		$out, $tmp, $out	! start or end of key schedule
+	sllx		$inc, 4, $inc		! 16 or -16
+___
+for ($i=0; $i<10; $i++) {
+    $code.=<<___;
+	std		%f0, [$out + 0]
+	faeskeyx	%f2, `0x10+$i`, %f0
+	std		%f2, [$out + 8]
+	add		$out, $inc, $out
+	faeskeyx	%f0, 0x00, %f2
+___
+}
+$code.=<<___;
+	std		%f0, [$out + 0]
+	std		%f2, [$out + 8]
+	retl
+	xor		%o0, %o0, %o0		! return 0
+.type	aes_fx_set_encrypt_key,#function
+.size	aes_fx_set_encrypt_key,.-aes_fx_set_encrypt_key
+___
+}
+{
+my ($inp,$out,$len,$key,$ivp,$dir) = map("%i$_",(0..5));
+my ($rounds,$inner,$end,$inc,$ialign,$oalign,$mask) = map("%l$_",(0..7));
+my ($iv0,$iv1,$r0hi,$r0lo,$rlhi,$rllo,$in0,$in1,$intail,$outhead,$fshift)
+   = map("%f$_",grep { !($_ & 1) } (16 .. 62));
+my ($ileft,$iright) = ($ialign,$oalign);
+
+$code.=<<___;
+.globl	aes_fx_cbc_encrypt
+.align	32
+aes_fx_cbc_encrypt:
+	save		%sp, -STACK_FRAME-16, %sp
+	srln		$len, 4, $len
+	and		$inp, 7, $ialign
+	andn		$inp, 7, $inp
+	brz,pn		$len, .Lcbc_no_data
+	sll		$ialign, 3, $ileft
+
+1:	call		.+8
+	add		%o7, .Linp_align-1b, %o7
+
+	ld		[$key + 240], $rounds
+	and		$out, 7, $oalign
+	ld		[$ivp + 0], %f0		! load ivec
+	andn		$out, 7, $out
+	ld		[$ivp + 4], %f1
+	sll		$oalign, 3, $mask
+	ld		[$ivp + 8], %f2
+	ld		[$ivp + 12], %f3
+
+	sll		$rounds, 4, $rounds
+	add		$rounds, $key, $end
+	ldd		[$key + 0], $r0hi	! round[0]
+	ldd		[$key + 8], $r0lo
+
+	add		$inp, 16, $inp
+	sub		$len,  1, $len
+	ldd		[$end + 0], $rlhi	! round[last]
+	ldd		[$end + 8], $rllo
+
+	mov		16, $inc
+	movrz		$len, 0, $inc
+	ldd		[$key + 16], %f10	! round[1]
+	ldd		[$key + 24], %f12
+
+	ldd		[%o7 + $ileft], $fshift	! shift left params
+	add		%o7, 64, %o7
+	ldd		[$inp - 16], $in0	! load input
+	ldd		[$inp -  8], $in1
+	ldda		[$inp]0x82, $intail	! non-faulting load
+	brz		$dir, .Lcbc_decrypt
+	add		$inp, $inc, $inp	! inp+=16
+
+	fxor		$r0hi, %f0, %f0		! ivec^=round[0]
+	fxor		$r0lo, %f2, %f2
+	fshiftorx	$in0, $in1, $fshift, $in0
+	fshiftorx	$in1, $intail, $fshift, $in1
+	nop
+
+.Loop_cbc_enc:
+	fxor		$in0, %f0, %f0		! inp^ivec^round[0]
+	fxor		$in1, %f2, %f2
+	ldd		[$key + 32], %f6	! round[2]
+	ldd		[$key + 40], %f8
+	add		$key, 32, $end
+	sub		$rounds, 16*6, $inner
+
+.Lcbc_enc:
+	fmovd		%f0, %f4
+	faesencx	%f2, %f10, %f0
+	faesencx	%f4, %f12, %f2
+	ldd		[$end + 16], %f10
+	ldd		[$end + 24], %f12
+	add		$end, 32, $end
+
+	fmovd		%f0, %f4
+	faesencx	%f2, %f6, %f0
+	faesencx	%f4, %f8, %f2
+	ldd		[$end + 0], %f6
+	ldd		[$end + 8], %f8
+
+	brnz,a		$inner, .Lcbc_enc
+	sub		$inner, 16*2, $inner
+
+	fmovd		%f0, %f4
+	faesencx	%f2, %f10, %f0
+	faesencx	%f4, %f12, %f2
+	ldd		[$end + 16], %f10	! round[last-1]
+	ldd		[$end + 24], %f12
+
+	movrz		$len, 0, $inc
+	fmovd		$intail, $in0
+	ldd		[$inp - 8], $in1	! load next input block
+	ldda		[$inp]0x82, $intail	! non-faulting load
+	add		$inp, $inc, $inp	! inp+=16
+
+	fmovd		%f0, %f4
+	faesencx	%f2, %f6, %f0
+	faesencx	%f4, %f8, %f2
+
+	fshiftorx	$in0, $in1, $fshift, $in0
+	fshiftorx	$in1, $intail, $fshift, $in1
+
+	fmovd		%f0, %f4
+	faesencx	%f2, %f10, %f0
+	faesencx	%f4, %f12, %f2
+	ldd		[$key + 16], %f10	! round[1]
+	ldd		[$key + 24], %f12
+
+	fxor		$r0hi, $in0, $in0	! inp^=round[0]
+	fxor		$r0lo, $in1, $in1
+
+	fmovd		%f0, %f4
+	faesenclx	%f2, $rlhi, %f0
+	faesenclx	%f4, $rllo, %f2
+
+	brnz,pn		$oalign, .Lcbc_enc_unaligned_out
+	nop
+
+	std		%f0, [$out + 0]
+	std		%f2, [$out + 8]
+	add		$out, 16, $out
+
+	brnz,a		$len, .Loop_cbc_enc
+	sub		$len, 1, $len
+
+	st		%f0, [$ivp + 0]		! output ivec
+	st		%f1, [$ivp + 4]
+	st		%f2, [$ivp + 8]
+	st		%f3, [$ivp + 12]
+
+.Lcbc_no_data:
+	ret
+	restore
+
+.align	32
+.Lcbc_enc_unaligned_out:
+	ldd		[%o7 + $mask], $fshift	! shift right params
+	mov		0xff, $mask
+	srl		$mask, $oalign, $mask
+	sub		%g0, $ileft, $iright
+
+	fshiftorx	%f0, %f0, $fshift, %f6
+	fshiftorx	%f0, %f2, $fshift, %f8
+
+	stda		%f6, [$out + $mask]0xc0	! partial store
+	orn		%g0, $mask, $mask
+	std		%f8, [$out + 8]
+	add		$out, 16, $out
+	brz		$len, .Lcbc_enc_unaligned_out_done
+	sub		$len, 1, $len
+	b		.Loop_cbc_enc_unaligned_out
+	nop
+
+.align	32
+.Loop_cbc_enc_unaligned_out:
+	fmovd		%f2, $outhead
+	fxor		$in0, %f0, %f0		! inp^ivec^round[0]
+	fxor		$in1, %f2, %f2
+	ldd		[$key + 32], %f6	! round[2]
+	ldd		[$key + 40], %f8
+
+	fmovd		%f0, %f4
+	faesencx	%f2, %f10, %f0
+	faesencx	%f4, %f12, %f2
+	ldd		[$key + 48], %f10	! round[3]
+	ldd		[$key + 56], %f12
+
+	ldx		[$inp - 16], %o0
+	ldx		[$inp -  8], %o1
+	brz		$ileft, .Lcbc_enc_aligned_inp
+	movrz		$len, 0, $inc
+
+	ldx		[$inp], %o2
+	sllx		%o0, $ileft, %o0
+	srlx		%o1, $iright, %g1
+	sllx		%o1, $ileft, %o1
+	or		%g1, %o0, %o0
+	srlx		%o2, $iright, %o2
+	or		%o2, %o1, %o1
+
+.Lcbc_enc_aligned_inp:
+	fmovd		%f0, %f4
+	faesencx	%f2, %f6, %f0
+	faesencx	%f4, %f8, %f2
+	ldd		[$key + 64], %f6	! round[4]
+	ldd		[$key + 72], %f8
+	add		$key, 64, $end
+	sub		$rounds, 16*8, $inner
+
+	stx		%o0, [%sp + LOCALS + 0]
+	stx		%o1, [%sp + LOCALS + 8]
+	add		$inp, $inc, $inp	! inp+=16
+	nop
+
+.Lcbc_enc_unaligned:
+	fmovd		%f0, %f4
+	faesencx	%f2, %f10, %f0
+	faesencx	%f4, %f12, %f2
+	ldd		[$end + 16], %f10
+	ldd		[$end + 24], %f12
+	add		$end, 32, $end
+
+	fmovd		%f0, %f4
+	faesencx	%f2, %f6, %f0
+	faesencx	%f4, %f8, %f2
+	ldd		[$end + 0], %f6
+	ldd		[$end + 8], %f8
+
+	brnz,a		$inner, .Lcbc_enc_unaligned
+	sub		$inner, 16*2, $inner
+
+	fmovd		%f0, %f4
+	faesencx	%f2, %f10, %f0
+	faesencx	%f4, %f12, %f2
+	ldd		[$end + 16], %f10	! round[last-1]
+	ldd		[$end + 24], %f12
+
+	fmovd		%f0, %f4
+	faesencx	%f2, %f6, %f0
+	faesencx	%f4, %f8, %f2
+
+	ldd		[%sp + LOCALS + 0], $in0
+	ldd		[%sp + LOCALS + 8], $in1
+
+	fmovd		%f0, %f4
+	faesencx	%f2, %f10, %f0
+	faesencx	%f4, %f12, %f2
+	ldd		[$key + 16], %f10	! round[1]
+	ldd		[$key + 24], %f12
+
+	fxor		$r0hi, $in0, $in0	! inp^=round[0]
+	fxor		$r0lo, $in1, $in1
+
+	fmovd		%f0, %f4
+	faesenclx	%f2, $rlhi, %f0
+	faesenclx	%f4, $rllo, %f2
+
+	fshiftorx	$outhead, %f0, $fshift, %f6
+	fshiftorx	%f0, %f2, $fshift, %f8
+	std		%f6, [$out + 0]
+	std		%f8, [$out + 8]
+	add		$out, 16, $out
+
+	brnz,a		$len, .Loop_cbc_enc_unaligned_out
+	sub		$len, 1, $len
+
+.Lcbc_enc_unaligned_out_done:
+	fshiftorx	%f2, %f2, $fshift, %f8
+	stda		%f8, [$out + $mask]0xc0	! partial store
+
+	st		%f0, [$ivp + 0]		! output ivec
+	st		%f1, [$ivp + 4]
+	st		%f2, [$ivp + 8]
+	st		%f3, [$ivp + 12]
+
+	ret
+	restore
+
+.align	32
+.Lcbc_decrypt:
+	fshiftorx	$in0, $in1, $fshift, $in0
+	fshiftorx	$in1, $intail, $fshift, $in1
+	fmovd		%f0, $iv0
+	fmovd		%f2, $iv1
+
+.Loop_cbc_dec:
+	fxor		$in0, $r0hi, %f0	! inp^round[0]
+	fxor		$in1, $r0lo, %f2
+	ldd		[$key + 32], %f6	! round[2]
+	ldd		[$key + 40], %f8
+	add		$key, 32, $end
+	sub		$rounds, 16*6, $inner
+
+.Lcbc_dec:
+	fmovd		%f0, %f4
+	faesdecx	%f2, %f10, %f0
+	faesdecx	%f4, %f12, %f2
+	ldd		[$end + 16], %f10
+	ldd		[$end + 24], %f12
+	add		$end, 32, $end
+
+	fmovd		%f0, %f4
+	faesdecx	%f2, %f6, %f0
+	faesdecx	%f4, %f8, %f2
+	ldd		[$end + 0], %f6
+	ldd		[$end + 8], %f8
+
+	brnz,a		$inner, .Lcbc_dec
+	sub		$inner, 16*2, $inner
+
+	fmovd		%f0, %f4
+	faesdecx	%f2, %f10, %f0
+	faesdecx	%f4, %f12, %f2
+	ldd		[$end + 16], %f10	! round[last-1]
+	ldd		[$end + 24], %f12
+
+	fmovd		%f0, %f4
+	faesdecx	%f2, %f6, %f0
+	faesdecx	%f4, %f8, %f2
+	fxor		$iv0, $rlhi, %f6	! ivec^round[last]
+	fxor		$iv1, $rllo, %f8
+	fmovd		$in0, $iv0
+	fmovd		$in1, $iv1
+
+	movrz		$len, 0, $inc
+	fmovd		$intail, $in0
+	ldd		[$inp - 8], $in1	! load next input block
+	ldda		[$inp]0x82, $intail	! non-faulting load
+	add		$inp, $inc, $inp	! inp+=16
+
+	fmovd		%f0, %f4
+	faesdecx	%f2, %f10, %f0
+	faesdecx	%f4, %f12, %f2
+	ldd		[$key + 16], %f10	! round[1]
+	ldd		[$key + 24], %f12
+
+	fshiftorx	$in0, $in1, $fshift, $in0
+	fshiftorx	$in1, $intail, $fshift, $in1
+
+	fmovd		%f0, %f4
+	faesdeclx	%f2, %f6, %f0
+	faesdeclx	%f4, %f8, %f2
+
+	brnz,pn		$oalign, .Lcbc_dec_unaligned_out
+	nop
+
+	std		%f0, [$out + 0]
+	std		%f2, [$out + 8]
+	add		$out, 16, $out
+
+	brnz,a		$len, .Loop_cbc_dec
+	sub		$len, 1, $len
+
+	st		$iv0,    [$ivp + 0]	! output ivec
+	st		$iv0#lo, [$ivp + 4]
+	st		$iv1,    [$ivp + 8]
+	st		$iv1#lo, [$ivp + 12]
+
+	ret
+	restore
+
+.align	32
+.Lcbc_dec_unaligned_out:
+	ldd		[%o7 + $mask], $fshift	! shift right params
+	mov		0xff, $mask
+	srl		$mask, $oalign, $mask
+	sub		%g0, $ileft, $iright
+
+	fshiftorx	%f0, %f0, $fshift, %f6
+	fshiftorx	%f0, %f2, $fshift, %f8
+
+	stda		%f6, [$out + $mask]0xc0	! partial store
+	orn		%g0, $mask, $mask
+	std		%f8, [$out + 8]
+	add		$out, 16, $out
+	brz		$len, .Lcbc_dec_unaligned_out_done
+	sub		$len, 1, $len
+	b		.Loop_cbc_dec_unaligned_out
+	nop
+
+.align	32
+.Loop_cbc_dec_unaligned_out:
+	fmovd		%f2, $outhead
+	fxor		$in0, $r0hi, %f0	! inp^round[0]
+	fxor		$in1, $r0lo, %f2
+	ldd		[$key + 32], %f6	! round[2]
+	ldd		[$key + 40], %f8
+
+	fmovd		%f0, %f4
+	faesdecx	%f2, %f10, %f0
+	faesdecx	%f4, %f12, %f2
+	ldd		[$key + 48], %f10	! round[3]
+	ldd		[$key + 56], %f12
+
+	ldx		[$inp - 16], %o0
+	ldx		[$inp - 8], %o1
+	brz		$ileft, .Lcbc_dec_aligned_inp
+	movrz		$len, 0, $inc
+
+	ldx		[$inp], %o2
+	sllx		%o0, $ileft, %o0
+	srlx		%o1, $iright, %g1
+	sllx		%o1, $ileft, %o1
+	or		%g1, %o0, %o0
+	srlx		%o2, $iright, %o2
+	or		%o2, %o1, %o1
+
+.Lcbc_dec_aligned_inp:
+	fmovd		%f0, %f4
+	faesdecx	%f2, %f6, %f0
+	faesdecx	%f4, %f8, %f2
+	ldd		[$key + 64], %f6	! round[4]
+	ldd		[$key + 72], %f8
+	add		$key, 64, $end
+	sub		$rounds, 16*8, $inner
+
+	stx		%o0, [%sp + LOCALS + 0]
+	stx		%o1, [%sp + LOCALS + 8]
+	add		$inp, $inc, $inp	! inp+=16
+	nop
+
+.Lcbc_dec_unaligned:
+	fmovd		%f0, %f4
+	faesdecx	%f2, %f10, %f0
+	faesdecx	%f4, %f12, %f2
+	ldd		[$end + 16], %f10
+	ldd		[$end + 24], %f12
+	add		$end, 32, $end
+
+	fmovd		%f0, %f4
+	faesdecx	%f2, %f6, %f0
+	faesdecx	%f4, %f8, %f2
+	ldd		[$end + 0], %f6
+	ldd		[$end + 8], %f8
+
+	brnz,a		$inner, .Lcbc_dec_unaligned
+	sub		$inner, 16*2, $inner
+
+	fmovd		%f0, %f4
+	faesdecx	%f2, %f10, %f0
+	faesdecx	%f4, %f12, %f2
+	ldd		[$end + 16], %f10	! round[last-1]
+	ldd		[$end + 24], %f12
+
+	fmovd		%f0, %f4
+	faesdecx	%f2, %f6, %f0
+	faesdecx	%f4, %f8, %f2
+
+	fxor		$iv0, $rlhi, %f6	! ivec^round[last]
+	fxor		$iv1, $rllo, %f8
+	fmovd		$in0, $iv0
+	fmovd		$in1, $iv1
+	ldd		[%sp + LOCALS + 0], $in0
+	ldd		[%sp + LOCALS + 8], $in1
+
+	fmovd		%f0, %f4
+	faesdecx	%f2, %f10, %f0
+	faesdecx	%f4, %f12, %f2
+	ldd		[$key + 16], %f10	! round[1]
+	ldd		[$key + 24], %f12
+
+	fmovd		%f0, %f4
+	faesdeclx	%f2, %f6, %f0
+	faesdeclx	%f4, %f8, %f2
+
+	fshiftorx	$outhead, %f0, $fshift, %f6
+	fshiftorx	%f0, %f2, $fshift, %f8
+	std		%f6, [$out + 0]
+	std		%f8, [$out + 8]
+	add		$out, 16, $out
+
+	brnz,a		$len, .Loop_cbc_dec_unaligned_out
+	sub		$len, 1, $len
+
+.Lcbc_dec_unaligned_out_done:
+	fshiftorx	%f2, %f2, $fshift, %f8
+	stda		%f8, [$out + $mask]0xc0	! partial store
+
+	st		$iv0,    [$ivp + 0]	! output ivec
+	st		$iv0#lo, [$ivp + 4]
+	st		$iv1,    [$ivp + 8]
+	st		$iv1#lo, [$ivp + 12]
+
+	ret
+	restore
+.type	aes_fx_cbc_encrypt,#function
+.size	aes_fx_cbc_encrypt,.-aes_fx_cbc_encrypt
+___
+}
+{
+my ($inp,$out,$len,$key,$ivp) = map("%i$_",(0..5));
+my ($rounds,$inner,$end,$inc,$ialign,$oalign,$mask) = map("%l$_",(0..7));
+my ($ctr0,$ctr1,$r0hi,$r0lo,$rlhi,$rllo,$in0,$in1,$intail,$outhead,$fshift)
+   = map("%f$_",grep { !($_ & 1) } (16 .. 62));
+my ($ileft,$iright) = ($ialign, $oalign);
+my $one = "%f14";
+
+$code.=<<___;
+.globl	aes_fx_ctr32_encrypt_blocks
+.align	32
+aes_fx_ctr32_encrypt_blocks:
+	save		%sp, -STACK_FRAME-16, %sp
+	srln		$len, 0, $len
+	and		$inp, 7, $ialign
+	andn		$inp, 7, $inp
+	brz,pn		$len, .Lctr32_no_data
+	sll		$ialign, 3, $ileft
+
+.Lpic:	call		.+8
+	add		%o7, .Linp_align - .Lpic, %o7
+
+	ld		[$key + 240], $rounds
+	and		$out, 7, $oalign
+	ld		[$ivp +  0], $ctr0	! load counter
+	andn		$out, 7, $out
+	ld		[$ivp +  4], $ctr0#lo
+	sll		$oalign, 3, $mask
+	ld		[$ivp +  8], $ctr1
+	ld		[$ivp + 12], $ctr1#lo
+	ldd		[%o7 + 128], $one
+
+	sll		$rounds, 4, $rounds
+	add		$rounds, $key, $end
+	ldd		[$key + 0], $r0hi	! round[0]
+	ldd		[$key + 8], $r0lo
+
+	add		$inp, 16, $inp
+	sub		$len, 1, $len
+	ldd		[$key + 16], %f10	! round[1]
+	ldd		[$key + 24], %f12
+
+	mov		16, $inc
+	movrz		$len, 0, $inc
+	ldd		[$end + 0], $rlhi	! round[last]
+	ldd		[$end + 8], $rllo
+
+	ldd		[%o7 + $ileft], $fshift	! shiftleft params
+	add		%o7, 64, %o7
+	ldd		[$inp - 16], $in0	! load input
+	ldd		[$inp -  8], $in1
+	ldda		[$inp]0x82, $intail	! non-faulting load
+	add		$inp, $inc, $inp	! inp+=16
+
+	fshiftorx	$in0, $in1, $fshift, $in0
+	fshiftorx	$in1, $intail, $fshift, $in1
+
+.Loop_ctr32:
+	fxor		$ctr0, $r0hi, %f0	! counter^round[0]
+	fxor		$ctr1, $r0lo, %f2
+	ldd		[$key + 32], %f6	! round[2]
+	ldd		[$key + 40], %f8
+	add		$key, 32, $end
+	sub		$rounds, 16*6, $inner
+
+.Lctr32_enc:
+	fmovd		%f0, %f4
+	faesencx	%f2, %f10, %f0
+	faesencx	%f4, %f12, %f2
+	ldd		[$end + 16], %f10
+	ldd		[$end + 24], %f12
+	add		$end, 32, $end
+
+	fmovd		%f0, %f4
+	faesencx	%f2, %f6, %f0
+	faesencx	%f4, %f8, %f2
+	ldd		[$end + 0], %f6
+	ldd		[$end + 8], %f8
+
+	brnz,a		$inner, .Lctr32_enc
+	sub		$inner, 16*2, $inner
+
+	fmovd		%f0, %f4
+	faesencx	%f2, %f10, %f0
+	faesencx	%f4, %f12, %f2
+	ldd		[$end + 16], %f10	! round[last-1]
+	ldd		[$end + 24], %f12
+
+	fmovd		%f0, %f4
+	faesencx	%f2, %f6, %f0
+	faesencx	%f4, %f8, %f2
+	fxor		$in0, $rlhi, %f6	! inp^round[last]
+	fxor		$in1, $rllo, %f8
+
+	movrz		$len, 0, $inc
+	fmovd		$intail, $in0
+	ldd		[$inp - 8], $in1	! load next input block
+	ldda		[$inp]0x82, $intail	! non-faulting load
+	add		$inp, $inc, $inp	! inp+=16
+
+	fmovd		%f0, %f4
+	faesencx	%f2, %f10, %f0
+	faesencx	%f4, %f12, %f2
+	ldd		[$key + 16], %f10	! round[1]
+	ldd		[$key + 24], %f12
+
+	fshiftorx	$in0, $in1, $fshift, $in0
+	fshiftorx	$in1, $intail, $fshift, $in1
+	fpadd32		$ctr1, $one, $ctr1	! increment counter
+
+	fmovd		%f0, %f4
+	faesenclx	%f2, %f6, %f0
+	faesenclx	%f4, %f8, %f2
+
+	brnz,pn		$oalign, .Lctr32_unaligned_out
+	nop
+
+	std		%f0, [$out + 0]
+	std		%f2, [$out + 8]
+	add		$out, 16, $out
+
+	brnz,a		$len, .Loop_ctr32
+	sub		$len, 1, $len
+
+.Lctr32_no_data:
+	ret
+	restore
+
+.align	32
+.Lctr32_unaligned_out:
+	ldd		[%o7 + $mask], $fshift	! shift right params
+	mov		0xff, $mask
+	srl		$mask, $oalign, $mask
+	sub		%g0, $ileft, $iright
+
+	fshiftorx	%f0, %f0, $fshift, %f6
+	fshiftorx	%f0, %f2, $fshift, %f8
+
+	stda		%f6, [$out + $mask]0xc0	! partial store
+	orn		%g0, $mask, $mask
+	std		%f8, [$out + 8]
+	add		$out, 16, $out
+	brz		$len, .Lctr32_unaligned_out_done
+	sub		$len, 1, $len
+	b		.Loop_ctr32_unaligned_out
+	nop
+
+.align	32
+.Loop_ctr32_unaligned_out:
+	fmovd		%f2, $outhead
+	fxor		$ctr0, $r0hi, %f0	! counter^round[0]
+	fxor		$ctr1, $r0lo, %f2
+	ldd		[$key + 32], %f6	! round[2]
+	ldd		[$key + 40], %f8
+
+	fmovd		%f0, %f4
+	faesencx	%f2, %f10, %f0
+	faesencx	%f4, %f12, %f2
+	ldd		[$key + 48], %f10	! round[3]
+	ldd		[$key + 56], %f12
+
+	ldx		[$inp - 16], %o0
+	ldx		[$inp -  8], %o1
+	brz		$ileft, .Lctr32_aligned_inp
+	movrz		$len, 0, $inc
+
+	ldx		[$inp], %o2
+	sllx		%o0, $ileft, %o0
+	srlx		%o1, $iright, %g1
+	sllx		%o1, $ileft, %o1
+	or		%g1, %o0, %o0
+	srlx		%o2, $iright, %o2
+	or		%o2, %o1, %o1
+
+.Lctr32_aligned_inp:
+	fmovd		%f0, %f4
+	faesencx	%f2, %f6, %f0
+	faesencx	%f4, %f8, %f2
+	ldd		[$key + 64], %f6	! round[4]
+	ldd		[$key + 72], %f8
+	add		$key, 64, $end
+	sub		$rounds, 16*8, $inner
+
+	stx		%o0, [%sp + LOCALS + 0]
+	stx		%o1, [%sp + LOCALS + 8]
+	add		$inp, $inc, $inp	! inp+=16
+	nop
+
+.Lctr32_enc_unaligned:
+	fmovd		%f0, %f4
+	faesencx	%f2, %f10, %f0
+	faesencx	%f4, %f12, %f2
+	ldd		[$end + 16], %f10
+	ldd		[$end + 24], %f12
+	add		$end, 32, $end
+
+	fmovd		%f0, %f4
+	faesencx	%f2, %f6, %f0
+	faesencx	%f4, %f8, %f2
+	ldd		[$end + 0], %f6
+	ldd		[$end + 8], %f8
+
+	brnz,a		$inner, .Lctr32_enc_unaligned
+	sub		$inner, 16*2, $inner
+
+	fmovd		%f0, %f4
+	faesencx	%f2, %f10, %f0
+	faesencx	%f4, %f12, %f2
+	ldd		[$end + 16], %f10	! round[last-1]
+	ldd		[$end + 24], %f12
+	fpadd32		$ctr1, $one, $ctr1	! increment counter
+
+	fmovd		%f0, %f4
+	faesencx	%f2, %f6, %f0
+	faesencx	%f4, %f8, %f2
+	fxor		$in0, $rlhi, %f6	! inp^round[last]
+	fxor		$in1, $rllo, %f8
+	ldd		[%sp + LOCALS + 0], $in0
+	ldd		[%sp + LOCALS + 8], $in1
+
+	fmovd		%f0, %f4
+	faesencx	%f2, %f10, %f0
+	faesencx	%f4, %f12, %f2
+	ldd		[$key + 16], %f10	! round[1]
+	ldd		[$key + 24], %f12
+
+	fmovd		%f0, %f4
+	faesenclx	%f2, %f6, %f0
+	faesenclx	%f4, %f8, %f2
+
+	fshiftorx	$outhead, %f0, $fshift, %f6
+	fshiftorx	%f0, %f2, $fshift, %f8
+	std		%f6, [$out + 0]
+	std		%f8, [$out + 8]
+	add		$out, 16, $out
+
+	brnz,a		$len, .Loop_ctr32_unaligned_out
+	sub		$len, 1, $len
+
+.Lctr32_unaligned_out_done:
+	fshiftorx	%f2, %f2, $fshift, %f8
+	stda		%f8, [$out + $mask]0xc0	! partial store
+
+	ret
+	restore
+.type	aes_fx_ctr32_encrypt_blocks,#function
+.size	aes_fx_ctr32_encrypt_blocks,.-aes_fx_ctr32_encrypt_blocks
+
+.align	32
+.Linp_align:		! fshiftorx parameters for left shift toward %rs1
+	.byte	0, 0, 64,  0,	0, 64,  0, -64
+	.byte	0, 0, 56,  8,	0, 56,  8, -56
+	.byte	0, 0, 48, 16,	0, 48, 16, -48
+	.byte	0, 0, 40, 24,	0, 40, 24, -40
+	.byte	0, 0, 32, 32,	0, 32, 32, -32
+	.byte	0, 0, 24, 40,	0, 24, 40, -24
+	.byte	0, 0, 16, 48,	0, 16, 48, -16
+	.byte	0, 0,  8, 56,	0,  8, 56, -8
+.Lout_align:		! fshiftorx parameters for right shift toward %rs2
+	.byte	0, 0,  0, 64,	0,  0, 64,   0
+	.byte	0, 0,  8, 56,	0,  8, 56,  -8
+	.byte	0, 0, 16, 48,	0, 16, 48, -16
+	.byte	0, 0, 24, 40,	0, 24, 40, -24
+	.byte	0, 0, 32, 32,	0, 32, 32, -32
+	.byte	0, 0, 40, 24,	0, 40, 24, -40
+	.byte	0, 0, 48, 16,	0, 48, 16, -48
+	.byte	0, 0, 56,  8,	0, 56,  8, -56
+.Lone:
+	.word	0, 1
+.asciz	"AES for Fujitsu SPARC64 X, CRYPTOGAMS by <appro\@openssl.org>"
+.align	4
+___
+}
+# Purpose of these subroutines is to explicitly encode VIS instructions,
+# so that one can compile the module without having to specify VIS
+# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
+# Idea is to reserve for option to produce "universal" binary and let
+# programmer detect if current CPU is VIS capable at run-time.
+sub unvis {
+my ($mnemonic,$rs1,$rs2,$rd)=@_;
+my ($ref,$opf);
+my %visopf = (	"faligndata"	=> 0x048,
+		"bshuffle"	=> 0x04c,
+		"fpadd32"	=> 0x052,
+		"fxor"		=> 0x06c,
+		"fsrc2"		=> 0x078	);
+
+    $ref = "$mnemonic\t$rs1,$rs2,$rd";
+
+    if ($opf=$visopf{$mnemonic}) {
+	foreach ($rs1,$rs2,$rd) {
+	    return $ref if (!/%f([0-9]{1,2})/);
+	    $_=$1;
+	    if ($1>=32) {
+		return $ref if ($1&1);
+		# re-encode for upper double register addressing
+		$_=($1|$1>>5)&31;
+	    }
+	}
+
+	return	sprintf ".word\t0x%08x !%s",
+			0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2,
+			$ref;
+    } else {
+	return $ref;
+    }
+}
+
+sub unvis3 {
+my ($mnemonic,$rs1,$rs2,$rd)=@_;
+my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24 );
+my ($ref,$opf);
+my %visopf = (	"alignaddr"	=> 0x018,
+		"bmask"		=> 0x019,
+		"alignaddrl"	=> 0x01a	);
+
+    $ref = "$mnemonic\t$rs1,$rs2,$rd";
+
+    if ($opf=$visopf{$mnemonic}) {
+	foreach ($rs1,$rs2,$rd) {
+	    return $ref if (!/%([goli])([0-9])/);
+	    $_=$bias{$1}+$2;
+	}
+
+	return	sprintf ".word\t0x%08x !%s",
+			0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2,
+			$ref;
+    } else {
+	return $ref;
+    }
+}
+
+sub unfx {
+my ($mnemonic,$rs1,$rs2,$rd)=@_;
+my ($ref,$opf);
+my %aesopf = (	"faesencx"	=> 0x90,
+		"faesdecx"	=> 0x91,
+		"faesenclx"	=> 0x92,
+		"faesdeclx"	=> 0x93,
+		"faeskeyx"	=> 0x94	);
+
+    $ref = "$mnemonic\t$rs1,$rs2,$rd";
+
+    if (defined($opf=$aesopf{$mnemonic})) {
+	$rs2 = ($rs2 =~ /%f([0-6]*[02468])/) ? (($1|$1>>5)&31) : $rs2;
+	$rs2 = oct($rs2) if ($rs2 =~ /^0/);
+
+	foreach ($rs1,$rd) {
+	    return $ref if (!/%f([0-9]{1,2})/);
+	    $_=$1;
+	    if ($1>=32) {
+		return $ref if ($1&1);
+		# re-encode for upper double register addressing
+		$_=($1|$1>>5)&31;
+	    }
+	}
+
+	return	sprintf ".word\t0x%08x !%s",
+			2<<30|$rd<<25|0x36<<19|$rs1<<14|$opf<<5|$rs2,
+			$ref;
+    } else {
+	return $ref;
+    }
+}
+
+sub unfx3src {
+my ($mnemonic,$rs1,$rs2,$rs3,$rd)=@_;
+my ($ref,$opf);
+my %aesopf = (	"fshiftorx"	=> 0x0b	);
+
+    $ref = "$mnemonic\t$rs1,$rs2,$rs3,$rd";
+
+    if (defined($opf=$aesopf{$mnemonic})) {
+	foreach ($rs1,$rs2,$rs3,$rd) {
+	    return $ref if (!/%f([0-9]{1,2})/);
+	    $_=$1;
+	    if ($1>=32) {
+		return $ref if ($1&1);
+		# re-encode for upper double register addressing
+		$_=($1|$1>>5)&31;
+	    }
+	}
+
+	return	sprintf ".word\t0x%08x !%s",
+			2<<30|$rd<<25|0x37<<19|$rs1<<14|$rs3<<9|$opf<<5|$rs2,
+			$ref;
+    } else {
+	return $ref;
+    }
+}
+
+foreach (split("\n",$code)) {
+    s/\`([^\`]*)\`/eval $1/ge;
+
+    s/%f([0-9]+)#lo/sprintf "%%f%d",$1+1/ge;
+
+    s/\b(faes[^x]{3,4}x)\s+(%f[0-9]{1,2}),\s*([%fx0-9]+),\s*(%f[0-9]{1,2})/
+		&unfx($1,$2,$3,$4)
+     /ge or
+    s/\b([f][^\s]*)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*(%f[0-9]{1,2})/
+		&unfx3src($1,$2,$3,$4,$5)
+     /ge or
+    s/\b([fb][^\s]*)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*(%f[0-9]{1,2})/
+		&unvis($1,$2,$3,$4)
+     /ge or
+    s/\b(alignaddr[l]*)\s+(%[goli][0-7]),\s*(%[goli][0-7]),\s*(%[goli][0-7])/
+		&unvis3($1,$2,$3,$4)
+     /ge;
+    print $_,"\n";
+}
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aesni-mb-x86_64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aesni-mb-x86_64.pl
new file mode 100644
index 000000000..1f356d2d3
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aesni-mb-x86_64.pl
@@ -0,0 +1,1474 @@
+#! /usr/bin/env perl
+# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# Multi-buffer AES-NI procedures process several independent buffers
+# in parallel by interleaving independent instructions.
+#
+# Cycles per byte for interleave factor 4:
+#
+#			asymptotic	measured
+#			---------------------------
+# Westmere		5.00/4=1.25	5.13/4=1.28
+# Atom			15.0/4=3.75	?15.7/4=3.93
+# Sandy Bridge		5.06/4=1.27	5.18/4=1.29
+# Ivy Bridge		5.06/4=1.27	5.14/4=1.29
+# Haswell		4.44/4=1.11	4.44/4=1.11
+# Bulldozer		5.75/4=1.44	5.76/4=1.44
+#
+# Cycles per byte for interleave factor 8 (not implemented for
+# pre-AVX processors, where higher interleave factor incidentally
+# doesn't result in improvement):
+#
+#			asymptotic	measured
+#			---------------------------
+# Sandy Bridge		5.06/8=0.64	7.10/8=0.89(*)
+# Ivy Bridge		5.06/8=0.64	7.14/8=0.89(*)
+# Haswell		5.00/8=0.63	5.00/8=0.63
+# Bulldozer		5.75/8=0.72	5.77/8=0.72
+#
+# (*)	Sandy/Ivy Bridge are known to handle high interleave factors
+#	suboptimally;
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+$avx=0;
+
+if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+		=~ /GNU assembler version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.19) + ($1>=2.22);
+}
+
+if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
+	   `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.09) + ($1>=2.10);
+}
+
+if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
+	   `ml64 2>&1` =~ /Version ([0-9]+)\./) {
+	$avx = ($1>=10) + ($1>=11);
+}
+
+if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) {
+	$avx = ($2>=3.0) + ($2>3.0);
+}
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+# void aesni_multi_cbc_encrypt (
+#     struct {	void *inp,*out; int blocks; double iv[2]; } inp[8];
+#     const AES_KEY *key,
+#     int num);		/* 1 or 2 */
+#
+$inp="%rdi";	# 1st arg
+$key="%rsi";	# 2nd arg
+$num="%edx";
+
+@inptr=map("%r$_",(8..11));
+@outptr=map("%r$_",(12..15));
+
+($rndkey0,$rndkey1)=("%xmm0","%xmm1");
+@out=map("%xmm$_",(2..5));
+@inp=map("%xmm$_",(6..9));
+($counters,$mask,$zero)=map("%xmm$_",(10..12));
+
+($rounds,$one,$sink,$offset)=("%eax","%ecx","%rbp","%rbx");
+
+$code.=<<___;
+.text
+
+.extern	OPENSSL_ia32cap_P
+
+.globl	aesni_multi_cbc_encrypt
+.type	aesni_multi_cbc_encrypt,\@function,3
+.align	32
+aesni_multi_cbc_encrypt:
+.cfi_startproc
+___
+$code.=<<___ if ($avx);
+	cmp	\$2,$num
+	jb	.Lenc_non_avx
+	mov	OPENSSL_ia32cap_P+4(%rip),%ecx
+	test	\$`1<<28`,%ecx			# AVX bit
+	jnz	_avx_cbc_enc_shortcut
+	jmp	.Lenc_non_avx
+.align	16
+.Lenc_non_avx:
+___
+$code.=<<___;
+	mov	%rsp,%rax
+.cfi_def_cfa_register	%rax
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+___
+$code.=<<___ if ($win64);
+	lea	-0xa8(%rsp),%rsp
+	movaps	%xmm6,(%rsp)
+	movaps	%xmm7,0x10(%rsp)
+	movaps	%xmm8,0x20(%rsp)
+	movaps	%xmm9,0x30(%rsp)
+	movaps	%xmm10,0x40(%rsp)
+	movaps	%xmm11,0x50(%rsp)
+	movaps	%xmm12,0x60(%rsp)
+	movaps	%xmm13,-0x68(%rax)	# not used, saved to share se_handler
+	movaps	%xmm14,-0x58(%rax)
+	movaps	%xmm15,-0x48(%rax)
+___
+$code.=<<___;
+	# stack layout
+	#
+	# +0	output sink
+	# +16	input sink [original %rsp and $num]
+	# +32	counters
+
+	sub	\$48,%rsp
+	and	\$-64,%rsp
+	mov	%rax,16(%rsp)			# original %rsp
+.cfi_cfa_expression	%rsp+16,deref,+8
+
+.Lenc4x_body:
+	movdqu	($key),$zero			# 0-round key
+	lea	0x78($key),$key			# size optimization
+	lea	40*2($inp),$inp
+
+.Lenc4x_loop_grande:
+	mov	$num,24(%rsp)			# original $num
+	xor	$num,$num
+___
+for($i=0;$i<4;$i++) {
+    $code.=<<___;
+	mov	`40*$i+16-40*2`($inp),$one	# borrow $one for number of blocks
+	mov	`40*$i+0-40*2`($inp),@inptr[$i]
+	cmp	$num,$one
+	mov	`40*$i+8-40*2`($inp),@outptr[$i]
+	cmovg	$one,$num			# find maximum
+	test	$one,$one
+	movdqu	`40*$i+24-40*2`($inp),@out[$i]	# load IV
+	mov	$one,`32+4*$i`(%rsp)		# initialize counters
+	cmovle	%rsp,@inptr[$i]			# cancel input
+___
+}
+$code.=<<___;
+	test	$num,$num
+	jz	.Lenc4x_done
+
+	movups	0x10-0x78($key),$rndkey1
+	 pxor	$zero,@out[0]
+	movups	0x20-0x78($key),$rndkey0
+	 pxor	$zero,@out[1]
+	mov	0xf0-0x78($key),$rounds
+	 pxor	$zero,@out[2]
+	movdqu	(@inptr[0]),@inp[0]		# load inputs
+	 pxor	$zero,@out[3]
+	movdqu	(@inptr[1]),@inp[1]
+	 pxor	@inp[0],@out[0]
+	movdqu	(@inptr[2]),@inp[2]
+	 pxor	@inp[1],@out[1]
+	movdqu	(@inptr[3]),@inp[3]
+	 pxor	@inp[2],@out[2]
+	 pxor	@inp[3],@out[3]
+	movdqa	32(%rsp),$counters		# load counters
+	xor	$offset,$offset
+	jmp	.Loop_enc4x
+
+.align	32
+.Loop_enc4x:
+	add	\$16,$offset
+	lea	16(%rsp),$sink			# sink pointer
+	mov	\$1,$one			# constant of 1
+	sub	$offset,$sink
+
+	aesenc		$rndkey1,@out[0]
+	prefetcht0	31(@inptr[0],$offset)	# prefetch input
+	prefetcht0	31(@inptr[1],$offset)
+	aesenc		$rndkey1,@out[1]
+	prefetcht0	31(@inptr[2],$offset)
+	prefetcht0	31(@inptr[2],$offset)
+	aesenc		$rndkey1,@out[2]
+	aesenc		$rndkey1,@out[3]
+	movups		0x30-0x78($key),$rndkey1
+___
+for($i=0;$i<4;$i++) {
+my $rndkey = ($i&1) ? $rndkey1 : $rndkey0;
+$code.=<<___;
+	 cmp		`32+4*$i`(%rsp),$one
+	aesenc		$rndkey,@out[0]
+	aesenc		$rndkey,@out[1]
+	aesenc		$rndkey,@out[2]
+	 cmovge		$sink,@inptr[$i]	# cancel input
+	 cmovg		$sink,@outptr[$i]	# sink output
+	aesenc		$rndkey,@out[3]
+	movups		`0x40+16*$i-0x78`($key),$rndkey
+___
+}
+$code.=<<___;
+	 movdqa		$counters,$mask
+	aesenc		$rndkey0,@out[0]
+	prefetcht0	15(@outptr[0],$offset)	# prefetch output
+	prefetcht0	15(@outptr[1],$offset)
+	aesenc		$rndkey0,@out[1]
+	prefetcht0	15(@outptr[2],$offset)
+	prefetcht0	15(@outptr[3],$offset)
+	aesenc		$rndkey0,@out[2]
+	aesenc		$rndkey0,@out[3]
+	movups		0x80-0x78($key),$rndkey0
+	 pxor		$zero,$zero
+
+	aesenc		$rndkey1,@out[0]
+	 pcmpgtd	$zero,$mask
+	 movdqu		-0x78($key),$zero	# reload 0-round key
+	aesenc		$rndkey1,@out[1]
+	 paddd		$mask,$counters		# decrement counters
+	 movdqa		$counters,32(%rsp)	# update counters
+	aesenc		$rndkey1,@out[2]
+	aesenc		$rndkey1,@out[3]
+	movups		0x90-0x78($key),$rndkey1
+
+	cmp	\$11,$rounds
+
+	aesenc		$rndkey0,@out[0]
+	aesenc		$rndkey0,@out[1]
+	aesenc		$rndkey0,@out[2]
+	aesenc		$rndkey0,@out[3]
+	movups		0xa0-0x78($key),$rndkey0
+
+	jb	.Lenc4x_tail
+
+	aesenc		$rndkey1,@out[0]
+	aesenc		$rndkey1,@out[1]
+	aesenc		$rndkey1,@out[2]
+	aesenc		$rndkey1,@out[3]
+	movups		0xb0-0x78($key),$rndkey1
+
+	aesenc		$rndkey0,@out[0]
+	aesenc		$rndkey0,@out[1]
+	aesenc		$rndkey0,@out[2]
+	aesenc		$rndkey0,@out[3]
+	movups		0xc0-0x78($key),$rndkey0
+
+	je	.Lenc4x_tail
+
+	aesenc		$rndkey1,@out[0]
+	aesenc		$rndkey1,@out[1]
+	aesenc		$rndkey1,@out[2]
+	aesenc		$rndkey1,@out[3]
+	movups		0xd0-0x78($key),$rndkey1
+
+	aesenc		$rndkey0,@out[0]
+	aesenc		$rndkey0,@out[1]
+	aesenc		$rndkey0,@out[2]
+	aesenc		$rndkey0,@out[3]
+	movups		0xe0-0x78($key),$rndkey0
+	jmp	.Lenc4x_tail
+
+.align	32
+.Lenc4x_tail:
+	aesenc		$rndkey1,@out[0]
+	aesenc		$rndkey1,@out[1]
+	aesenc		$rndkey1,@out[2]
+	aesenc		$rndkey1,@out[3]
+	 movdqu		(@inptr[0],$offset),@inp[0]
+	movdqu		0x10-0x78($key),$rndkey1
+
+	aesenclast	$rndkey0,@out[0]
+	 movdqu		(@inptr[1],$offset),@inp[1]
+	 pxor		$zero,@inp[0]
+	aesenclast	$rndkey0,@out[1]
+	 movdqu		(@inptr[2],$offset),@inp[2]
+	 pxor		$zero,@inp[1]
+	aesenclast	$rndkey0,@out[2]
+	 movdqu		(@inptr[3],$offset),@inp[3]
+	 pxor		$zero,@inp[2]
+	aesenclast	$rndkey0,@out[3]
+	movdqu		0x20-0x78($key),$rndkey0
+	 pxor		$zero,@inp[3]
+
+	movups		@out[0],-16(@outptr[0],$offset)
+	 pxor		@inp[0],@out[0]
+	movups		@out[1],-16(@outptr[1],$offset)
+	 pxor		@inp[1],@out[1]
+	movups		@out[2],-16(@outptr[2],$offset)
+	 pxor		@inp[2],@out[2]
+	movups		@out[3],-16(@outptr[3],$offset)
+	 pxor		@inp[3],@out[3]
+
+	dec	$num
+	jnz	.Loop_enc4x
+
+	mov	16(%rsp),%rax			# original %rsp
+.cfi_def_cfa	%rax,8
+	mov	24(%rsp),$num
+
+	#pxor	@inp[0],@out[0]
+	#pxor	@inp[1],@out[1]
+	#movdqu	@out[0],`40*0+24-40*2`($inp)	# output iv FIX ME!
+	#pxor	@inp[2],@out[2]
+	#movdqu	@out[1],`40*1+24-40*2`($inp)
+	#pxor	@inp[3],@out[3]
+	#movdqu	@out[2],`40*2+24-40*2`($inp)	# won't fix, let caller
+	#movdqu	@out[3],`40*3+24-40*2`($inp)	# figure this out...
+
+	lea	`40*4`($inp),$inp
+	dec	$num
+	jnz	.Lenc4x_loop_grande
+
+.Lenc4x_done:
+___
+$code.=<<___ if ($win64);
+	movaps	-0xd8(%rax),%xmm6
+	movaps	-0xc8(%rax),%xmm7
+	movaps	-0xb8(%rax),%xmm8
+	movaps	-0xa8(%rax),%xmm9
+	movaps	-0x98(%rax),%xmm10
+	movaps	-0x88(%rax),%xmm11
+	movaps	-0x78(%rax),%xmm12
+	#movaps	-0x68(%rax),%xmm13
+	#movaps	-0x58(%rax),%xmm14
+	#movaps	-0x48(%rax),%xmm15
+___
+$code.=<<___;
+	mov	-48(%rax),%r15
+.cfi_restore	%r15
+	mov	-40(%rax),%r14
+.cfi_restore	%r14
+	mov	-32(%rax),%r13
+.cfi_restore	%r13
+	mov	-24(%rax),%r12
+.cfi_restore	%r12
+	mov	-16(%rax),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rax),%rbx
+.cfi_restore	%rbx
+	lea	(%rax),%rsp
+.cfi_def_cfa_register	%rsp
+.Lenc4x_epilogue:
+	ret
+.cfi_endproc
+.size	aesni_multi_cbc_encrypt,.-aesni_multi_cbc_encrypt
+
+.globl	aesni_multi_cbc_decrypt
+.type	aesni_multi_cbc_decrypt,\@function,3
+.align	32
+aesni_multi_cbc_decrypt:
+.cfi_startproc
+___
+$code.=<<___ if ($avx);
+	cmp	\$2,$num
+	jb	.Ldec_non_avx
+	mov	OPENSSL_ia32cap_P+4(%rip),%ecx
+	test	\$`1<<28`,%ecx			# AVX bit
+	jnz	_avx_cbc_dec_shortcut
+	jmp	.Ldec_non_avx
+.align	16
+.Ldec_non_avx:
+___
+$code.=<<___;
+	mov	%rsp,%rax
+.cfi_def_cfa_register	%rax
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+___
+$code.=<<___ if ($win64);
+	lea	-0xa8(%rsp),%rsp
+	movaps	%xmm6,(%rsp)
+	movaps	%xmm7,0x10(%rsp)
+	movaps	%xmm8,0x20(%rsp)
+	movaps	%xmm9,0x30(%rsp)
+	movaps	%xmm10,0x40(%rsp)
+	movaps	%xmm11,0x50(%rsp)
+	movaps	%xmm12,0x60(%rsp)
+	movaps	%xmm13,-0x68(%rax)	# not used, saved to share se_handler
+	movaps	%xmm14,-0x58(%rax)
+	movaps	%xmm15,-0x48(%rax)
+___
+$code.=<<___;
+	# stack layout
+	#
+	# +0	output sink
+	# +16	input sink [original %rsp and $num]
+	# +32	counters
+
+	sub	\$48,%rsp
+	and	\$-64,%rsp
+	mov	%rax,16(%rsp)			# original %rsp
+.cfi_cfa_expression	%rsp+16,deref,+8
+
+.Ldec4x_body:
+	movdqu	($key),$zero			# 0-round key
+	lea	0x78($key),$key			# size optimization
+	lea	40*2($inp),$inp
+
+.Ldec4x_loop_grande:
+	mov	$num,24(%rsp)			# original $num
+	xor	$num,$num
+___
+for($i=0;$i<4;$i++) {
+    $code.=<<___;
+	mov	`40*$i+16-40*2`($inp),$one	# borrow $one for number of blocks
+	mov	`40*$i+0-40*2`($inp),@inptr[$i]
+	cmp	$num,$one
+	mov	`40*$i+8-40*2`($inp),@outptr[$i]
+	cmovg	$one,$num			# find maximum
+	test	$one,$one
+	movdqu	`40*$i+24-40*2`($inp),@inp[$i]	# load IV
+	mov	$one,`32+4*$i`(%rsp)		# initialize counters
+	cmovle	%rsp,@inptr[$i]			# cancel input
+___
+}
+$code.=<<___;
+	test	$num,$num
+	jz	.Ldec4x_done
+
+	movups	0x10-0x78($key),$rndkey1
+	movups	0x20-0x78($key),$rndkey0
+	mov	0xf0-0x78($key),$rounds
+	movdqu	(@inptr[0]),@out[0]		# load inputs
+	movdqu	(@inptr[1]),@out[1]
+	 pxor	$zero,@out[0]
+	movdqu	(@inptr[2]),@out[2]
+	 pxor	$zero,@out[1]
+	movdqu	(@inptr[3]),@out[3]
+	 pxor	$zero,@out[2]
+	 pxor	$zero,@out[3]
+	movdqa	32(%rsp),$counters		# load counters
+	xor	$offset,$offset
+	jmp	.Loop_dec4x
+
+.align	32
+.Loop_dec4x:
+	add	\$16,$offset
+	lea	16(%rsp),$sink			# sink pointer
+	mov	\$1,$one			# constant of 1
+	sub	$offset,$sink
+
+	aesdec		$rndkey1,@out[0]
+	prefetcht0	31(@inptr[0],$offset)	# prefetch input
+	prefetcht0	31(@inptr[1],$offset)
+	aesdec		$rndkey1,@out[1]
+	prefetcht0	31(@inptr[2],$offset)
+	prefetcht0	31(@inptr[3],$offset)
+	aesdec		$rndkey1,@out[2]
+	aesdec		$rndkey1,@out[3]
+	movups		0x30-0x78($key),$rndkey1
+___
+for($i=0;$i<4;$i++) {
+my $rndkey = ($i&1) ? $rndkey1 : $rndkey0;
+$code.=<<___;
+	 cmp		`32+4*$i`(%rsp),$one
+	aesdec		$rndkey,@out[0]
+	aesdec		$rndkey,@out[1]
+	aesdec		$rndkey,@out[2]
+	 cmovge		$sink,@inptr[$i]	# cancel input
+	 cmovg		$sink,@outptr[$i]	# sink output
+	aesdec		$rndkey,@out[3]
+	movups		`0x40+16*$i-0x78`($key),$rndkey
+___
+}
+$code.=<<___;
+	 movdqa		$counters,$mask
+	aesdec		$rndkey0,@out[0]
+	prefetcht0	15(@outptr[0],$offset)	# prefetch output
+	prefetcht0	15(@outptr[1],$offset)
+	aesdec		$rndkey0,@out[1]
+	prefetcht0	15(@outptr[2],$offset)
+	prefetcht0	15(@outptr[3],$offset)
+	aesdec		$rndkey0,@out[2]
+	aesdec		$rndkey0,@out[3]
+	movups		0x80-0x78($key),$rndkey0
+	 pxor		$zero,$zero
+
+	aesdec		$rndkey1,@out[0]
+	 pcmpgtd	$zero,$mask
+	 movdqu		-0x78($key),$zero	# reload 0-round key
+	aesdec		$rndkey1,@out[1]
+	 paddd		$mask,$counters		# decrement counters
+	 movdqa		$counters,32(%rsp)	# update counters
+	aesdec		$rndkey1,@out[2]
+	aesdec		$rndkey1,@out[3]
+	movups		0x90-0x78($key),$rndkey1
+
+	cmp	\$11,$rounds
+
+	aesdec		$rndkey0,@out[0]
+	aesdec		$rndkey0,@out[1]
+	aesdec		$rndkey0,@out[2]
+	aesdec		$rndkey0,@out[3]
+	movups		0xa0-0x78($key),$rndkey0
+
+	jb	.Ldec4x_tail
+
+	aesdec		$rndkey1,@out[0]
+	aesdec		$rndkey1,@out[1]
+	aesdec		$rndkey1,@out[2]
+	aesdec		$rndkey1,@out[3]
+	movups		0xb0-0x78($key),$rndkey1
+
+	aesdec		$rndkey0,@out[0]
+	aesdec		$rndkey0,@out[1]
+	aesdec		$rndkey0,@out[2]
+	aesdec		$rndkey0,@out[3]
+	movups		0xc0-0x78($key),$rndkey0
+
+	je	.Ldec4x_tail
+
+	aesdec		$rndkey1,@out[0]
+	aesdec		$rndkey1,@out[1]
+	aesdec		$rndkey1,@out[2]
+	aesdec		$rndkey1,@out[3]
+	movups		0xd0-0x78($key),$rndkey1
+
+	aesdec		$rndkey0,@out[0]
+	aesdec		$rndkey0,@out[1]
+	aesdec		$rndkey0,@out[2]
+	aesdec		$rndkey0,@out[3]
+	movups		0xe0-0x78($key),$rndkey0
+	jmp	.Ldec4x_tail
+
+.align	32
+.Ldec4x_tail:
+	aesdec		$rndkey1,@out[0]
+	aesdec		$rndkey1,@out[1]
+	aesdec		$rndkey1,@out[2]
+	 pxor		$rndkey0,@inp[0]
+	 pxor		$rndkey0,@inp[1]
+	aesdec		$rndkey1,@out[3]
+	movdqu		0x10-0x78($key),$rndkey1
+	 pxor		$rndkey0,@inp[2]
+	 pxor		$rndkey0,@inp[3]
+	movdqu		0x20-0x78($key),$rndkey0
+
+	aesdeclast	@inp[0],@out[0]
+	aesdeclast	@inp[1],@out[1]
+	 movdqu		-16(@inptr[0],$offset),@inp[0]	# load next IV
+	 movdqu		-16(@inptr[1],$offset),@inp[1]
+	aesdeclast	@inp[2],@out[2]
+	aesdeclast	@inp[3],@out[3]
+	 movdqu		-16(@inptr[2],$offset),@inp[2]
+	 movdqu		-16(@inptr[3],$offset),@inp[3]
+
+	movups		@out[0],-16(@outptr[0],$offset)
+	 movdqu		(@inptr[0],$offset),@out[0]
+	movups		@out[1],-16(@outptr[1],$offset)
+	 movdqu		(@inptr[1],$offset),@out[1]
+	 pxor		$zero,@out[0]
+	movups		@out[2],-16(@outptr[2],$offset)
+	 movdqu		(@inptr[2],$offset),@out[2]
+	 pxor		$zero,@out[1]
+	movups		@out[3],-16(@outptr[3],$offset)
+	 movdqu		(@inptr[3],$offset),@out[3]
+	 pxor		$zero,@out[2]
+	 pxor		$zero,@out[3]
+
+	dec	$num
+	jnz	.Loop_dec4x
+
+	mov	16(%rsp),%rax			# original %rsp
+.cfi_def_cfa	%rax,8
+	mov	24(%rsp),$num
+
+	lea	`40*4`($inp),$inp
+	dec	$num
+	jnz	.Ldec4x_loop_grande
+
+.Ldec4x_done:
+___
+$code.=<<___ if ($win64);
+	movaps	-0xd8(%rax),%xmm6
+	movaps	-0xc8(%rax),%xmm7
+	movaps	-0xb8(%rax),%xmm8
+	movaps	-0xa8(%rax),%xmm9
+	movaps	-0x98(%rax),%xmm10
+	movaps	-0x88(%rax),%xmm11
+	movaps	-0x78(%rax),%xmm12
+	#movaps	-0x68(%rax),%xmm13
+	#movaps	-0x58(%rax),%xmm14
+	#movaps	-0x48(%rax),%xmm15
+___
+$code.=<<___;
+	mov	-48(%rax),%r15
+.cfi_restore	%r15
+	mov	-40(%rax),%r14
+.cfi_restore	%r14
+	mov	-32(%rax),%r13
+.cfi_restore	%r13
+	mov	-24(%rax),%r12
+.cfi_restore	%r12
+	mov	-16(%rax),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rax),%rbx
+.cfi_restore	%rbx
+	lea	(%rax),%rsp
+.cfi_def_cfa_register	%rsp
+.Ldec4x_epilogue:
+	ret
+.cfi_endproc
+.size	aesni_multi_cbc_decrypt,.-aesni_multi_cbc_decrypt
+___
+
+						if ($avx) {{{
+my @ptr=map("%r$_",(8..15));
+my $offload=$sink;
+
+my @out=map("%xmm$_",(2..9));
+my @inp=map("%xmm$_",(10..13));
+my ($counters,$zero)=("%xmm14","%xmm15");
+
+$code.=<<___;
+.type	aesni_multi_cbc_encrypt_avx,\@function,3
+.align	32
+aesni_multi_cbc_encrypt_avx:
+.cfi_startproc
+_avx_cbc_enc_shortcut:
+	mov	%rsp,%rax
+.cfi_def_cfa_register	%rax
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+___
+$code.=<<___ if ($win64);
+	lea	-0xa8(%rsp),%rsp
+	movaps	%xmm6,(%rsp)
+	movaps	%xmm7,0x10(%rsp)
+	movaps	%xmm8,0x20(%rsp)
+	movaps	%xmm9,0x30(%rsp)
+	movaps	%xmm10,0x40(%rsp)
+	movaps	%xmm11,0x50(%rsp)
+	movaps	%xmm12,-0x78(%rax)
+	movaps	%xmm13,-0x68(%rax)
+	movaps	%xmm14,-0x58(%rax)
+	movaps	%xmm15,-0x48(%rax)
+___
+$code.=<<___;
+	# stack layout
+	#
+	# +0	output sink
+	# +16	input sink [original %rsp and $num]
+	# +32	counters
+	# +64	distances between inputs and outputs
+	# +128	off-load area for @inp[0..3]
+
+	sub	\$192,%rsp
+	and	\$-128,%rsp
+	mov	%rax,16(%rsp)			# original %rsp
+.cfi_cfa_expression	%rsp+16,deref,+8
+
+.Lenc8x_body:
+	vzeroupper
+	vmovdqu	($key),$zero			# 0-round key
+	lea	0x78($key),$key			# size optimization
+	lea	40*4($inp),$inp
+	shr	\$1,$num
+
+.Lenc8x_loop_grande:
+	#mov	$num,24(%rsp)			# original $num
+	xor	$num,$num
+___
+for($i=0;$i<8;$i++) {
+  my $temp = $i ? $offload : $offset;
+    $code.=<<___;
+	mov	`40*$i+16-40*4`($inp),$one	# borrow $one for number of blocks
+	mov	`40*$i+0-40*4`($inp),@ptr[$i]	# input pointer
+	cmp	$num,$one
+	mov	`40*$i+8-40*4`($inp),$temp	# output pointer
+	cmovg	$one,$num			# find maximum
+	test	$one,$one
+	vmovdqu	`40*$i+24-40*4`($inp),@out[$i]	# load IV
+	mov	$one,`32+4*$i`(%rsp)		# initialize counters
+	cmovle	%rsp,@ptr[$i]			# cancel input
+	sub	@ptr[$i],$temp			# distance between input and output
+	mov	$temp,`64+8*$i`(%rsp)		# initialize distances
+___
+}
+$code.=<<___;
+	test	$num,$num
+	jz	.Lenc8x_done
+
+	vmovups	0x10-0x78($key),$rndkey1
+	vmovups	0x20-0x78($key),$rndkey0
+	mov	0xf0-0x78($key),$rounds
+
+	vpxor	(@ptr[0]),$zero,@inp[0]		# load inputs and xor with 0-round
+	 lea	128(%rsp),$offload		# offload area
+	vpxor	(@ptr[1]),$zero,@inp[1]
+	vpxor	(@ptr[2]),$zero,@inp[2]
+	vpxor	(@ptr[3]),$zero,@inp[3]
+	 vpxor	@inp[0],@out[0],@out[0]
+	vpxor	(@ptr[4]),$zero,@inp[0]
+	 vpxor	@inp[1],@out[1],@out[1]
+	vpxor	(@ptr[5]),$zero,@inp[1]
+	 vpxor	@inp[2],@out[2],@out[2]
+	vpxor	(@ptr[6]),$zero,@inp[2]
+	 vpxor	@inp[3],@out[3],@out[3]
+	vpxor	(@ptr[7]),$zero,@inp[3]
+	 vpxor	@inp[0],@out[4],@out[4]
+	mov	\$1,$one			# constant of 1
+	 vpxor	@inp[1],@out[5],@out[5]
+	 vpxor	@inp[2],@out[6],@out[6]
+	 vpxor	@inp[3],@out[7],@out[7]
+	jmp	.Loop_enc8x
+
+.align	32
+.Loop_enc8x:
+___
+for($i=0;$i<8;$i++) {
+my $rndkey=($i&1)?$rndkey0:$rndkey1;
+$code.=<<___;
+	vaesenc		$rndkey,@out[0],@out[0]
+	 cmp		32+4*$i(%rsp),$one
+___
+$code.=<<___ if ($i);
+	 mov		64+8*$i(%rsp),$offset
+___
+$code.=<<___;
+	vaesenc		$rndkey,@out[1],@out[1]
+	prefetcht0	31(@ptr[$i])			# prefetch input
+	vaesenc		$rndkey,@out[2],@out[2]
+___
+$code.=<<___ if ($i>1);
+	prefetcht0	15(@ptr[$i-2])			# prefetch output
+___
+$code.=<<___;
+	vaesenc		$rndkey,@out[3],@out[3]
+	 lea		(@ptr[$i],$offset),$offset
+	 cmovge		%rsp,@ptr[$i]			# cancel input
+	vaesenc		$rndkey,@out[4],@out[4]
+	 cmovg		%rsp,$offset			# sink output
+	vaesenc		$rndkey,@out[5],@out[5]
+	 sub		@ptr[$i],$offset
+	vaesenc		$rndkey,@out[6],@out[6]
+	 vpxor		16(@ptr[$i]),$zero,@inp[$i%4]	# load input and xor with 0-round
+	 mov		$offset,64+8*$i(%rsp)
+	vaesenc		$rndkey,@out[7],@out[7]
+	vmovups		`16*(3+$i)-0x78`($key),$rndkey
+	 lea		16(@ptr[$i],$offset),@ptr[$i]	# switch to output
+___
+$code.=<<___ if ($i<4)
+	 vmovdqu	@inp[$i%4],`16*$i`($offload)	# off-load
+___
+}
+$code.=<<___;
+	 vmovdqu	32(%rsp),$counters
+	prefetcht0	15(@ptr[$i-2])			# prefetch output
+	prefetcht0	15(@ptr[$i-1])
+	cmp	\$11,$rounds
+	jb	.Lenc8x_tail
+
+	vaesenc		$rndkey1,@out[0],@out[0]
+	vaesenc		$rndkey1,@out[1],@out[1]
+	vaesenc		$rndkey1,@out[2],@out[2]
+	vaesenc		$rndkey1,@out[3],@out[3]
+	vaesenc		$rndkey1,@out[4],@out[4]
+	vaesenc		$rndkey1,@out[5],@out[5]
+	vaesenc		$rndkey1,@out[6],@out[6]
+	vaesenc		$rndkey1,@out[7],@out[7]
+	vmovups		0xb0-0x78($key),$rndkey1
+
+	vaesenc		$rndkey0,@out[0],@out[0]
+	vaesenc		$rndkey0,@out[1],@out[1]
+	vaesenc		$rndkey0,@out[2],@out[2]
+	vaesenc		$rndkey0,@out[3],@out[3]
+	vaesenc		$rndkey0,@out[4],@out[4]
+	vaesenc		$rndkey0,@out[5],@out[5]
+	vaesenc		$rndkey0,@out[6],@out[6]
+	vaesenc		$rndkey0,@out[7],@out[7]
+	vmovups		0xc0-0x78($key),$rndkey0
+	je	.Lenc8x_tail
+
+	vaesenc		$rndkey1,@out[0],@out[0]
+	vaesenc		$rndkey1,@out[1],@out[1]
+	vaesenc		$rndkey1,@out[2],@out[2]
+	vaesenc		$rndkey1,@out[3],@out[3]
+	vaesenc		$rndkey1,@out[4],@out[4]
+	vaesenc		$rndkey1,@out[5],@out[5]
+	vaesenc		$rndkey1,@out[6],@out[6]
+	vaesenc		$rndkey1,@out[7],@out[7]
+	vmovups		0xd0-0x78($key),$rndkey1
+
+	vaesenc		$rndkey0,@out[0],@out[0]
+	vaesenc		$rndkey0,@out[1],@out[1]
+	vaesenc		$rndkey0,@out[2],@out[2]
+	vaesenc		$rndkey0,@out[3],@out[3]
+	vaesenc		$rndkey0,@out[4],@out[4]
+	vaesenc		$rndkey0,@out[5],@out[5]
+	vaesenc		$rndkey0,@out[6],@out[6]
+	vaesenc		$rndkey0,@out[7],@out[7]
+	vmovups		0xe0-0x78($key),$rndkey0
+
+.Lenc8x_tail:
+	vaesenc		$rndkey1,@out[0],@out[0]
+	 vpxor		$zero,$zero,$zero
+	vaesenc		$rndkey1,@out[1],@out[1]
+	vaesenc		$rndkey1,@out[2],@out[2]
+	 vpcmpgtd	$zero,$counters,$zero
+	vaesenc		$rndkey1,@out[3],@out[3]
+	vaesenc		$rndkey1,@out[4],@out[4]
+	 vpaddd		$counters,$zero,$zero		# decrement counters
+	 vmovdqu	48(%rsp),$counters
+	vaesenc		$rndkey1,@out[5],@out[5]
+	 mov		64(%rsp),$offset		# pre-load 1st offset
+	vaesenc		$rndkey1,@out[6],@out[6]
+	vaesenc		$rndkey1,@out[7],@out[7]
+	vmovups		0x10-0x78($key),$rndkey1
+
+	vaesenclast	$rndkey0,@out[0],@out[0]
+	 vmovdqa	$zero,32(%rsp)			# update counters
+	 vpxor		$zero,$zero,$zero
+	vaesenclast	$rndkey0,@out[1],@out[1]
+	vaesenclast	$rndkey0,@out[2],@out[2]
+	 vpcmpgtd	$zero,$counters,$zero
+	vaesenclast	$rndkey0,@out[3],@out[3]
+	vaesenclast	$rndkey0,@out[4],@out[4]
+	 vpaddd		$zero,$counters,$counters	# decrement counters
+	 vmovdqu	-0x78($key),$zero		# 0-round
+	vaesenclast	$rndkey0,@out[5],@out[5]
+	vaesenclast	$rndkey0,@out[6],@out[6]
+	 vmovdqa	$counters,48(%rsp)		# update counters
+	vaesenclast	$rndkey0,@out[7],@out[7]
+	vmovups		0x20-0x78($key),$rndkey0
+
+	vmovups		@out[0],-16(@ptr[0])		# write output
+	 sub		$offset,@ptr[0]			# switch to input
+	 vpxor		0x00($offload),@out[0],@out[0]
+	vmovups		@out[1],-16(@ptr[1])
+	 sub		`64+1*8`(%rsp),@ptr[1]
+	 vpxor		0x10($offload),@out[1],@out[1]
+	vmovups		@out[2],-16(@ptr[2])
+	 sub		`64+2*8`(%rsp),@ptr[2]
+	 vpxor		0x20($offload),@out[2],@out[2]
+	vmovups		@out[3],-16(@ptr[3])
+	 sub		`64+3*8`(%rsp),@ptr[3]
+	 vpxor		0x30($offload),@out[3],@out[3]
+	vmovups		@out[4],-16(@ptr[4])
+	 sub		`64+4*8`(%rsp),@ptr[4]
+	 vpxor		@inp[0],@out[4],@out[4]
+	vmovups		@out[5],-16(@ptr[5])
+	 sub		`64+5*8`(%rsp),@ptr[5]
+	 vpxor		@inp[1],@out[5],@out[5]
+	vmovups		@out[6],-16(@ptr[6])
+	 sub		`64+6*8`(%rsp),@ptr[6]
+	 vpxor		@inp[2],@out[6],@out[6]
+	vmovups		@out[7],-16(@ptr[7])
+	 sub		`64+7*8`(%rsp),@ptr[7]
+	 vpxor		@inp[3],@out[7],@out[7]
+
+	dec	$num
+	jnz	.Loop_enc8x
+
+	mov	16(%rsp),%rax			# original %rsp
+.cfi_def_cfa	%rax,8
+	#mov	24(%rsp),$num
+	#lea	`40*8`($inp),$inp
+	#dec	$num
+	#jnz	.Lenc8x_loop_grande
+
+.Lenc8x_done:
+	vzeroupper
+___
+$code.=<<___ if ($win64);
+	movaps	-0xd8(%rax),%xmm6
+	movaps	-0xc8(%rax),%xmm7
+	movaps	-0xb8(%rax),%xmm8
+	movaps	-0xa8(%rax),%xmm9
+	movaps	-0x98(%rax),%xmm10
+	movaps	-0x88(%rax),%xmm11
+	movaps	-0x78(%rax),%xmm12
+	movaps	-0x68(%rax),%xmm13
+	movaps	-0x58(%rax),%xmm14
+	movaps	-0x48(%rax),%xmm15
+___
+$code.=<<___;
+	mov	-48(%rax),%r15
+.cfi_restore	%r15
+	mov	-40(%rax),%r14
+.cfi_restore	%r14
+	mov	-32(%rax),%r13
+.cfi_restore	%r13
+	mov	-24(%rax),%r12
+.cfi_restore	%r12
+	mov	-16(%rax),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rax),%rbx
+.cfi_restore	%rbx
+	lea	(%rax),%rsp
+.cfi_def_cfa_register	%rsp
+.Lenc8x_epilogue:
+	ret
+.cfi_endproc
+.size	aesni_multi_cbc_encrypt_avx,.-aesni_multi_cbc_encrypt_avx
+
+.type	aesni_multi_cbc_decrypt_avx,\@function,3
+.align	32
+aesni_multi_cbc_decrypt_avx:
+.cfi_startproc
+_avx_cbc_dec_shortcut:
+	mov	%rsp,%rax
+.cfi_def_cfa_register	%rax
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+___
+$code.=<<___ if ($win64);
+	lea	-0xa8(%rsp),%rsp
+	movaps	%xmm6,(%rsp)
+	movaps	%xmm7,0x10(%rsp)
+	movaps	%xmm8,0x20(%rsp)
+	movaps	%xmm9,0x30(%rsp)
+	movaps	%xmm10,0x40(%rsp)
+	movaps	%xmm11,0x50(%rsp)
+	movaps	%xmm12,-0x78(%rax)
+	movaps	%xmm13,-0x68(%rax)
+	movaps	%xmm14,-0x58(%rax)
+	movaps	%xmm15,-0x48(%rax)
+___
+$code.=<<___;
+	# stack layout
+	#
+	# +0	output sink
+	# +16	input sink [original %rsp and $num]
+	# +32	counters
+	# +64	distances between inputs and outputs
+	# +128	off-load area for @inp[0..3]
+	# +192	IV/input offload
+
+	sub	\$256,%rsp
+	and	\$-256,%rsp
+	sub	\$192,%rsp
+	mov	%rax,16(%rsp)			# original %rsp
+.cfi_cfa_expression	%rsp+16,deref,+8
+
+.Ldec8x_body:
+	vzeroupper
+	vmovdqu	($key),$zero			# 0-round key
+	lea	0x78($key),$key			# size optimization
+	lea	40*4($inp),$inp
+	shr	\$1,$num
+
+.Ldec8x_loop_grande:
+	#mov	$num,24(%rsp)			# original $num
+	xor	$num,$num
+___
+for($i=0;$i<8;$i++) {
+  my $temp = $i ? $offload : $offset;
+    $code.=<<___;
+	mov	`40*$i+16-40*4`($inp),$one	# borrow $one for number of blocks
+	mov	`40*$i+0-40*4`($inp),@ptr[$i]	# input pointer
+	cmp	$num,$one
+	mov	`40*$i+8-40*4`($inp),$temp	# output pointer
+	cmovg	$one,$num			# find maximum
+	test	$one,$one
+	vmovdqu	`40*$i+24-40*4`($inp),@out[$i]	# load IV
+	mov	$one,`32+4*$i`(%rsp)		# initialize counters
+	cmovle	%rsp,@ptr[$i]			# cancel input
+	sub	@ptr[$i],$temp			# distance between input and output
+	mov	$temp,`64+8*$i`(%rsp)		# initialize distances
+	vmovdqu	@out[$i],`192+16*$i`(%rsp)	# offload IV
+___
+}
+$code.=<<___;
+	test	$num,$num
+	jz	.Ldec8x_done
+
+	vmovups	0x10-0x78($key),$rndkey1
+	vmovups	0x20-0x78($key),$rndkey0
+	mov	0xf0-0x78($key),$rounds
+	 lea	192+128(%rsp),$offload		# offload area
+
+	vmovdqu	(@ptr[0]),@out[0]		# load inputs
+	vmovdqu	(@ptr[1]),@out[1]
+	vmovdqu	(@ptr[2]),@out[2]
+	vmovdqu	(@ptr[3]),@out[3]
+	vmovdqu	(@ptr[4]),@out[4]
+	vmovdqu	(@ptr[5]),@out[5]
+	vmovdqu	(@ptr[6]),@out[6]
+	vmovdqu	(@ptr[7]),@out[7]
+	vmovdqu	@out[0],0x00($offload)		# offload inputs
+	vpxor	$zero,@out[0],@out[0]		# xor inputs with 0-round
+	vmovdqu	@out[1],0x10($offload)
+	vpxor	$zero,@out[1],@out[1]
+	vmovdqu	@out[2],0x20($offload)
+	vpxor	$zero,@out[2],@out[2]
+	vmovdqu	@out[3],0x30($offload)
+	vpxor	$zero,@out[3],@out[3]
+	vmovdqu	@out[4],0x40($offload)
+	vpxor	$zero,@out[4],@out[4]
+	vmovdqu	@out[5],0x50($offload)
+	vpxor	$zero,@out[5],@out[5]
+	vmovdqu	@out[6],0x60($offload)
+	vpxor	$zero,@out[6],@out[6]
+	vmovdqu	@out[7],0x70($offload)
+	vpxor	$zero,@out[7],@out[7]
+	xor	\$0x80,$offload
+	mov	\$1,$one			# constant of 1
+	jmp	.Loop_dec8x
+
+.align	32
+.Loop_dec8x:
+___
+for($i=0;$i<8;$i++) {
+my $rndkey=($i&1)?$rndkey0:$rndkey1;
+$code.=<<___;
+	vaesdec		$rndkey,@out[0],@out[0]
+	 cmp		32+4*$i(%rsp),$one
+___
+$code.=<<___ if ($i);
+	 mov		64+8*$i(%rsp),$offset
+___
+$code.=<<___;
+	vaesdec		$rndkey,@out[1],@out[1]
+	prefetcht0	31(@ptr[$i])			# prefetch input
+	vaesdec		$rndkey,@out[2],@out[2]
+___
+$code.=<<___ if ($i>1);
+	prefetcht0	15(@ptr[$i-2])			# prefetch output
+___
+$code.=<<___;
+	vaesdec		$rndkey,@out[3],@out[3]
+	 lea		(@ptr[$i],$offset),$offset
+	 cmovge		%rsp,@ptr[$i]			# cancel input
+	vaesdec		$rndkey,@out[4],@out[4]
+	 cmovg		%rsp,$offset			# sink output
+	vaesdec		$rndkey,@out[5],@out[5]
+	 sub		@ptr[$i],$offset
+	vaesdec		$rndkey,@out[6],@out[6]
+	 vmovdqu	16(@ptr[$i]),@inp[$i%4]		# load input
+	 mov		$offset,64+8*$i(%rsp)
+	vaesdec		$rndkey,@out[7],@out[7]
+	vmovups		`16*(3+$i)-0x78`($key),$rndkey
+	 lea		16(@ptr[$i],$offset),@ptr[$i]	# switch to output
+___
+$code.=<<___ if ($i<4);
+	 vmovdqu	@inp[$i%4],`128+16*$i`(%rsp)	# off-load
+___
+}
+$code.=<<___;
+	 vmovdqu	32(%rsp),$counters
+	prefetcht0	15(@ptr[$i-2])			# prefetch output
+	prefetcht0	15(@ptr[$i-1])
+	cmp	\$11,$rounds
+	jb	.Ldec8x_tail
+
+	vaesdec		$rndkey1,@out[0],@out[0]
+	vaesdec		$rndkey1,@out[1],@out[1]
+	vaesdec		$rndkey1,@out[2],@out[2]
+	vaesdec		$rndkey1,@out[3],@out[3]
+	vaesdec		$rndkey1,@out[4],@out[4]
+	vaesdec		$rndkey1,@out[5],@out[5]
+	vaesdec		$rndkey1,@out[6],@out[6]
+	vaesdec		$rndkey1,@out[7],@out[7]
+	vmovups		0xb0-0x78($key),$rndkey1
+
+	vaesdec		$rndkey0,@out[0],@out[0]
+	vaesdec		$rndkey0,@out[1],@out[1]
+	vaesdec		$rndkey0,@out[2],@out[2]
+	vaesdec		$rndkey0,@out[3],@out[3]
+	vaesdec		$rndkey0,@out[4],@out[4]
+	vaesdec		$rndkey0,@out[5],@out[5]
+	vaesdec		$rndkey0,@out[6],@out[6]
+	vaesdec		$rndkey0,@out[7],@out[7]
+	vmovups		0xc0-0x78($key),$rndkey0
+	je	.Ldec8x_tail
+
+	vaesdec		$rndkey1,@out[0],@out[0]
+	vaesdec		$rndkey1,@out[1],@out[1]
+	vaesdec		$rndkey1,@out[2],@out[2]
+	vaesdec		$rndkey1,@out[3],@out[3]
+	vaesdec		$rndkey1,@out[4],@out[4]
+	vaesdec		$rndkey1,@out[5],@out[5]
+	vaesdec		$rndkey1,@out[6],@out[6]
+	vaesdec		$rndkey1,@out[7],@out[7]
+	vmovups		0xd0-0x78($key),$rndkey1
+
+	vaesdec		$rndkey0,@out[0],@out[0]
+	vaesdec		$rndkey0,@out[1],@out[1]
+	vaesdec		$rndkey0,@out[2],@out[2]
+	vaesdec		$rndkey0,@out[3],@out[3]
+	vaesdec		$rndkey0,@out[4],@out[4]
+	vaesdec		$rndkey0,@out[5],@out[5]
+	vaesdec		$rndkey0,@out[6],@out[6]
+	vaesdec		$rndkey0,@out[7],@out[7]
+	vmovups		0xe0-0x78($key),$rndkey0
+
+.Ldec8x_tail:
+	vaesdec		$rndkey1,@out[0],@out[0]
+	 vpxor		$zero,$zero,$zero
+	vaesdec		$rndkey1,@out[1],@out[1]
+	vaesdec		$rndkey1,@out[2],@out[2]
+	 vpcmpgtd	$zero,$counters,$zero
+	vaesdec		$rndkey1,@out[3],@out[3]
+	vaesdec		$rndkey1,@out[4],@out[4]
+	 vpaddd		$counters,$zero,$zero		# decrement counters
+	 vmovdqu	48(%rsp),$counters
+	vaesdec		$rndkey1,@out[5],@out[5]
+	 mov		64(%rsp),$offset		# pre-load 1st offset
+	vaesdec		$rndkey1,@out[6],@out[6]
+	vaesdec		$rndkey1,@out[7],@out[7]
+	vmovups		0x10-0x78($key),$rndkey1
+
+	vaesdeclast	$rndkey0,@out[0],@out[0]
+	 vmovdqa	$zero,32(%rsp)			# update counters
+	 vpxor		$zero,$zero,$zero
+	vaesdeclast	$rndkey0,@out[1],@out[1]
+	vpxor		0x00($offload),@out[0],@out[0]	# xor with IV
+	vaesdeclast	$rndkey0,@out[2],@out[2]
+	vpxor		0x10($offload),@out[1],@out[1]
+	 vpcmpgtd	$zero,$counters,$zero
+	vaesdeclast	$rndkey0,@out[3],@out[3]
+	vpxor		0x20($offload),@out[2],@out[2]
+	vaesdeclast	$rndkey0,@out[4],@out[4]
+	vpxor		0x30($offload),@out[3],@out[3]
+	 vpaddd		$zero,$counters,$counters	# decrement counters
+	 vmovdqu	-0x78($key),$zero		# 0-round
+	vaesdeclast	$rndkey0,@out[5],@out[5]
+	vpxor		0x40($offload),@out[4],@out[4]
+	vaesdeclast	$rndkey0,@out[6],@out[6]
+	vpxor		0x50($offload),@out[5],@out[5]
+	 vmovdqa	$counters,48(%rsp)		# update counters
+	vaesdeclast	$rndkey0,@out[7],@out[7]
+	vpxor		0x60($offload),@out[6],@out[6]
+	vmovups		0x20-0x78($key),$rndkey0
+
+	vmovups		@out[0],-16(@ptr[0])		# write output
+	 sub		$offset,@ptr[0]			# switch to input
+	 vmovdqu	128+0(%rsp),@out[0]
+	vpxor		0x70($offload),@out[7],@out[7]
+	vmovups		@out[1],-16(@ptr[1])
+	 sub		`64+1*8`(%rsp),@ptr[1]
+	 vmovdqu	@out[0],0x00($offload)
+	 vpxor		$zero,@out[0],@out[0]
+	 vmovdqu	128+16(%rsp),@out[1]
+	vmovups		@out[2],-16(@ptr[2])
+	 sub		`64+2*8`(%rsp),@ptr[2]
+	 vmovdqu	@out[1],0x10($offload)
+	 vpxor		$zero,@out[1],@out[1]
+	 vmovdqu	128+32(%rsp),@out[2]
+	vmovups		@out[3],-16(@ptr[3])
+	 sub		`64+3*8`(%rsp),@ptr[3]
+	 vmovdqu	@out[2],0x20($offload)
+	 vpxor		$zero,@out[2],@out[2]
+	 vmovdqu	128+48(%rsp),@out[3]
+	vmovups		@out[4],-16(@ptr[4])
+	 sub		`64+4*8`(%rsp),@ptr[4]
+	 vmovdqu	@out[3],0x30($offload)
+	 vpxor		$zero,@out[3],@out[3]
+	 vmovdqu	@inp[0],0x40($offload)
+	 vpxor		@inp[0],$zero,@out[4]
+	vmovups		@out[5],-16(@ptr[5])
+	 sub		`64+5*8`(%rsp),@ptr[5]
+	 vmovdqu	@inp[1],0x50($offload)
+	 vpxor		@inp[1],$zero,@out[5]
+	vmovups		@out[6],-16(@ptr[6])
+	 sub		`64+6*8`(%rsp),@ptr[6]
+	 vmovdqu	@inp[2],0x60($offload)
+	 vpxor		@inp[2],$zero,@out[6]
+	vmovups		@out[7],-16(@ptr[7])
+	 sub		`64+7*8`(%rsp),@ptr[7]
+	 vmovdqu	@inp[3],0x70($offload)
+	 vpxor		@inp[3],$zero,@out[7]
+
+	xor	\$128,$offload
+	dec	$num
+	jnz	.Loop_dec8x
+
+	mov	16(%rsp),%rax			# original %rsp
+.cfi_def_cfa	%rax,8
+	#mov	24(%rsp),$num
+	#lea	`40*8`($inp),$inp
+	#dec	$num
+	#jnz	.Ldec8x_loop_grande
+
+.Ldec8x_done:
+	vzeroupper
+___
+$code.=<<___ if ($win64);
+	movaps	-0xd8(%rax),%xmm6
+	movaps	-0xc8(%rax),%xmm7
+	movaps	-0xb8(%rax),%xmm8
+	movaps	-0xa8(%rax),%xmm9
+	movaps	-0x98(%rax),%xmm10
+	movaps	-0x88(%rax),%xmm11
+	movaps	-0x78(%rax),%xmm12
+	movaps	-0x68(%rax),%xmm13
+	movaps	-0x58(%rax),%xmm14
+	movaps	-0x48(%rax),%xmm15
+___
+$code.=<<___;
+	mov	-48(%rax),%r15
+.cfi_restore	%r15
+	mov	-40(%rax),%r14
+.cfi_restore	%r14
+	mov	-32(%rax),%r13
+.cfi_restore	%r13
+	mov	-24(%rax),%r12
+.cfi_restore	%r12
+	mov	-16(%rax),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rax),%rbx
+.cfi_restore	%rbx
+	lea	(%rax),%rsp
+.cfi_def_cfa_register	%rsp
+.Ldec8x_epilogue:
+	ret
+.cfi_endproc
+.size	aesni_multi_cbc_decrypt_avx,.-aesni_multi_cbc_decrypt_avx
+___
+						}}}
+
+if ($win64) {
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern	__imp_RtlVirtualUnwind
+.type	se_handler,\@abi-omnipotent
+.align	16
+se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# prologue label
+	cmp	%r10,%rbx		# context->Rip<.Lprologue
+	jb	.Lin_prologue
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=.Lepilogue
+	jae	.Lin_prologue
+
+	mov	16(%rax),%rax		# pull saved stack pointer
+
+	mov	-8(%rax),%rbx
+	mov	-16(%rax),%rbp
+	mov	-24(%rax),%r12
+	mov	-32(%rax),%r13
+	mov	-40(%rax),%r14
+	mov	-48(%rax),%r15
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+	mov	%r14,232($context)	# restore context->R14
+	mov	%r15,240($context)	# restore context->R15
+
+	lea	-56-10*16(%rax),%rsi
+	lea	512($context),%rdi	# &context.Xmm6
+	mov	\$20,%ecx
+	.long	0xa548f3fc		# cld; rep movsq
+
+.Lin_prologue:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$154,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	se_handler,.-se_handler
+
+.section	.pdata
+.align	4
+	.rva	.LSEH_begin_aesni_multi_cbc_encrypt
+	.rva	.LSEH_end_aesni_multi_cbc_encrypt
+	.rva	.LSEH_info_aesni_multi_cbc_encrypt
+	.rva	.LSEH_begin_aesni_multi_cbc_decrypt
+	.rva	.LSEH_end_aesni_multi_cbc_decrypt
+	.rva	.LSEH_info_aesni_multi_cbc_decrypt
+___
+$code.=<<___ if ($avx);
+	.rva	.LSEH_begin_aesni_multi_cbc_encrypt_avx
+	.rva	.LSEH_end_aesni_multi_cbc_encrypt_avx
+	.rva	.LSEH_info_aesni_multi_cbc_encrypt_avx
+	.rva	.LSEH_begin_aesni_multi_cbc_decrypt_avx
+	.rva	.LSEH_end_aesni_multi_cbc_decrypt_avx
+	.rva	.LSEH_info_aesni_multi_cbc_decrypt_avx
+___
+$code.=<<___;
+.section	.xdata
+.align	8
+.LSEH_info_aesni_multi_cbc_encrypt:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lenc4x_body,.Lenc4x_epilogue		# HandlerData[]
+.LSEH_info_aesni_multi_cbc_decrypt:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Ldec4x_body,.Ldec4x_epilogue		# HandlerData[]
+___
+$code.=<<___ if ($avx);
+.LSEH_info_aesni_multi_cbc_encrypt_avx:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lenc8x_body,.Lenc8x_epilogue		# HandlerData[]
+.LSEH_info_aesni_multi_cbc_decrypt_avx:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Ldec8x_body,.Ldec8x_epilogue		# HandlerData[]
+___
+}
+####################################################################
+
+sub rex {
+  local *opcode=shift;
+  my ($dst,$src)=@_;
+  my $rex=0;
+
+    $rex|=0x04			if($dst>=8);
+    $rex|=0x01			if($src>=8);
+    push @opcode,$rex|0x40	if($rex);
+}
+
+sub aesni {
+  my $line=shift;
+  my @opcode=(0x66);
+
+    if ($line=~/(aeskeygenassist)\s+\$([x0-9a-f]+),\s*%xmm([0-9]+),\s*%xmm([0-9]+)/) {
+	rex(\@opcode,$4,$3);
+	push @opcode,0x0f,0x3a,0xdf;
+	push @opcode,0xc0|($3&7)|(($4&7)<<3);	# ModR/M
+	my $c=$2;
+	push @opcode,$c=~/^0/?oct($c):$c;
+	return ".byte\t".join(',',@opcode);
+    }
+    elsif ($line=~/(aes[a-z]+)\s+%xmm([0-9]+),\s*%xmm([0-9]+)/) {
+	my %opcodelet = (
+		"aesimc" => 0xdb,
+		"aesenc" => 0xdc,	"aesenclast" => 0xdd,
+		"aesdec" => 0xde,	"aesdeclast" => 0xdf
+	);
+	return undef if (!defined($opcodelet{$1}));
+	rex(\@opcode,$3,$2);
+	push @opcode,0x0f,0x38,$opcodelet{$1};
+	push @opcode,0xc0|($2&7)|(($3&7)<<3);	# ModR/M
+	return ".byte\t".join(',',@opcode);
+    }
+    elsif ($line=~/(aes[a-z]+)\s+([0x1-9a-fA-F]*)\(%rsp\),\s*%xmm([0-9]+)/) {
+	my %opcodelet = (
+		"aesenc" => 0xdc,	"aesenclast" => 0xdd,
+		"aesdec" => 0xde,	"aesdeclast" => 0xdf
+	);
+	return undef if (!defined($opcodelet{$1}));
+	my $off = $2;
+	push @opcode,0x44 if ($3>=8);
+	push @opcode,0x0f,0x38,$opcodelet{$1};
+	push @opcode,0x44|(($3&7)<<3),0x24;	# ModR/M
+	push @opcode,($off=~/^0/?oct($off):$off)&0xff;
+	return ".byte\t".join(',',@opcode);
+    }
+    return $line;
+}
+
+$code =~ s/\`([^\`]*)\`/eval($1)/gem;
+$code =~ s/\b(aes.*%xmm[0-9]+).*$/aesni($1)/gem;
+
+print $code;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aesni-sha1-x86_64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aesni-sha1-x86_64.pl
new file mode 100644
index 000000000..b01a4c55c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aesni-sha1-x86_64.pl
@@ -0,0 +1,2140 @@
+#! /usr/bin/env perl
+# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# June 2011
+#
+# This is AESNI-CBC+SHA1 "stitch" implementation. The idea, as spelled
+# in http://download.intel.com/design/intarch/papers/323686.pdf, is
+# that since AESNI-CBC encrypt exhibit *very* low instruction-level
+# parallelism, interleaving it with another algorithm would allow to
+# utilize processor resources better and achieve better performance.
+# SHA1 instruction sequences(*) are taken from sha1-x86_64.pl and
+# AESNI code is weaved into it. Below are performance numbers in
+# cycles per processed byte, less is better, for standalone AESNI-CBC
+# encrypt, sum of the latter and standalone SHA1, and "stitched"
+# subroutine:
+#
+#		AES-128-CBC	+SHA1		stitch      gain
+# Westmere	3.77[+5.3]	9.07		6.55	    +38%
+# Sandy Bridge	5.05[+5.0(6.1)]	10.06(11.15)	5.98(7.05)  +68%(+58%)
+# Ivy Bridge	5.05[+4.6]	9.65		5.54        +74%
+# Haswell	4.43[+3.6(4.2)]	8.00(8.58)	4.55(5.21)  +75%(+65%)
+# Skylake	2.63[+3.5(4.1)]	6.17(6.69)	4.23(4.44)  +46%(+51%)
+# Bulldozer	5.77[+6.0]	11.72		6.37        +84%
+# Ryzen(**)	2.71[+1.93]	4.64		2.74        +69%
+# Goldmont(**)	3.82[+1.70]	5.52		4.20        +31%
+#
+#		AES-192-CBC
+# Westmere	4.51		9.81		6.80	    +44%
+# Sandy Bridge	6.05		11.06(12.15)	6.11(7.19)  +81%(+69%)
+# Ivy Bridge	6.05		10.65		6.07        +75%
+# Haswell	5.29		8.86(9.44)	5.32(5.32)  +67%(+77%)
+# Bulldozer	6.89		12.84		6.96        +84%
+#
+#		AES-256-CBC
+# Westmere	5.25		10.55		7.21	    +46%
+# Sandy Bridge	7.05		12.06(13.15)	7.12(7.72)  +69%(+70%)
+# Ivy Bridge	7.05		11.65		7.12        +64%
+# Haswell	6.19		9.76(10.34)	6.21(6.25)  +57%(+65%)
+# Skylake	3.62		7.16(7.68)	4.56(4.76)  +57%(+61%)
+# Bulldozer	8.00		13.95		8.25        +69%
+# Ryzen(**)	3.71		5.64		3.72        +52%
+# Goldmont(**)	5.35		7.05		5.76        +22%
+#
+# (*)	There are two code paths: SSSE3 and AVX. See sha1-568.pl for
+#	background information. Above numbers in parentheses are SSSE3
+#	results collected on AVX-capable CPU, i.e. apply on OSes that
+#	don't support AVX.
+# (**)	SHAEXT results.
+#
+# Needless to mention that it makes no sense to implement "stitched"
+# *decrypt* subroutine. Because *both* AESNI-CBC decrypt and SHA1
+# fully utilize parallelism, so stitching would not give any gain
+# anyway. Well, there might be some, e.g. because of better cache
+# locality... For reference, here are performance results for
+# standalone AESNI-CBC decrypt:
+#
+#		AES-128-CBC	AES-192-CBC	AES-256-CBC
+# Westmere	1.25		1.50		1.75
+# Sandy Bridge	0.74		0.91		1.09
+# Ivy Bridge	0.74		0.90		1.11
+# Haswell	0.63		0.76		0.88
+# Bulldozer	0.70		0.85		0.99
+
+# And indeed:
+#
+#		AES-256-CBC	+SHA1		stitch      gain
+# Westmere	1.75		7.20		6.68        +7.8%
+# Sandy Bridge	1.09		6.09(7.22)	5.82(6.95)  +4.6%(+3.9%)
+# Ivy Bridge	1.11		5.70		5.45        +4.6%
+# Haswell	0.88		4.45(5.00)	4.39(4.69)  +1.4%(*)(+6.6%)
+# Bulldozer	0.99		6.95		5.95        +17%(**)
+#
+# (*)	Tiny improvement coefficient on Haswell is because we compare
+#	AVX1 stitch to sum with AVX2 SHA1.
+# (**)	Execution is fully dominated by integer code sequence and
+#	SIMD still hardly shows [in single-process benchmark;-]
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+$avx=1 if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+		=~ /GNU assembler version ([2-9]\.[0-9]+)/ &&
+	   $1>=2.19);
+$avx=1 if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
+	   `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/ &&
+	   $1>=2.09);
+$avx=1 if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
+	   `ml64 2>&1` =~ /Version ([0-9]+)\./ &&
+	   $1>=10);
+$avx=1 if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/ && $2>=3.0);
+
+$shaext=1;	### set to zero if compiling for 1.0.1
+
+$stitched_decrypt=0;
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+# void aesni_cbc_sha1_enc(const void *inp,
+#			void *out,
+#			size_t length,
+#			const AES_KEY *key,
+#			unsigned char *iv,
+#			SHA_CTX *ctx,
+#			const void *in0);
+
+$code.=<<___;
+.text
+.extern	OPENSSL_ia32cap_P
+
+.globl	aesni_cbc_sha1_enc
+.type	aesni_cbc_sha1_enc,\@abi-omnipotent
+.align	32
+aesni_cbc_sha1_enc:
+	# caller should check for SSSE3 and AES-NI bits
+	mov	OPENSSL_ia32cap_P+0(%rip),%r10d
+	mov	OPENSSL_ia32cap_P+4(%rip),%r11
+___
+$code.=<<___ if ($shaext);
+	bt	\$61,%r11		# check SHA bit
+	jc	aesni_cbc_sha1_enc_shaext
+___
+$code.=<<___ if ($avx);
+	and	\$`1<<28`,%r11d		# mask AVX bit
+	and	\$`1<<30`,%r10d		# mask "Intel CPU" bit
+	or	%r11d,%r10d
+	cmp	\$`1<<28|1<<30`,%r10d
+	je	aesni_cbc_sha1_enc_avx
+___
+$code.=<<___;
+	jmp	aesni_cbc_sha1_enc_ssse3
+	ret
+.size	aesni_cbc_sha1_enc,.-aesni_cbc_sha1_enc
+___
+
+my ($in0,$out,$len,$key,$ivp,$ctx,$inp)=("%rdi","%rsi","%rdx","%rcx","%r8","%r9","%r10");
+
+my $Xi=4;
+my @X=map("%xmm$_",(4..7,0..3));
+my @Tx=map("%xmm$_",(8..10));
+my @V=($A,$B,$C,$D,$E)=("%eax","%ebx","%ecx","%edx","%ebp");	# size optimization
+my @T=("%esi","%edi");
+my $j=0; my $jj=0; my $r=0; my $sn=0; my $rx=0;
+my $K_XX_XX="%r11";
+my ($rndkey0,$iv,$in)=map("%xmm$_",(11..13));			# for enc
+my @rndkey=("%xmm14","%xmm15");					# for enc
+my ($inout0,$inout1,$inout2,$inout3)=map("%xmm$_",(12..15));	# for dec
+
+if (1) {	# reassign for Atom Silvermont
+    # The goal is to minimize amount of instructions with more than
+    # 3 prefix bytes. Or in more practical terms to keep AES-NI *and*
+    # SSSE3 instructions to upper half of the register bank.
+    @X=map("%xmm$_",(8..11,4..7));
+    @Tx=map("%xmm$_",(12,13,3));
+    ($iv,$in,$rndkey0)=map("%xmm$_",(2,14,15));
+    @rndkey=("%xmm0","%xmm1");
+}
+
+sub AUTOLOAD()		# thunk [simplified] 32-bit style perlasm
+{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://;
+  my $arg = pop;
+    $arg = "\$$arg" if ($arg*1 eq $arg);
+    $code .= "\t$opcode\t".join(',',$arg,reverse @_)."\n";
+}
+
+my $_rol=sub { &rol(@_) };
+my $_ror=sub { &ror(@_) };
+
+$code.=<<___;
+.type	aesni_cbc_sha1_enc_ssse3,\@function,6
+.align	32
+aesni_cbc_sha1_enc_ssse3:
+.cfi_startproc
+	mov	`($win64?56:8)`(%rsp),$inp	# load 7th argument
+	#shr	\$6,$len			# debugging artefact
+	#jz	.Lepilogue_ssse3		# debugging artefact
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+	lea	`-104-($win64?10*16:0)`(%rsp),%rsp
+.cfi_adjust_cfa_offset	`104+($win64?10*16:0)`
+	#mov	$in0,$inp			# debugging artefact
+	#lea	64(%rsp),$ctx			# debugging artefact
+___
+$code.=<<___ if ($win64);
+	movaps	%xmm6,96+0(%rsp)
+	movaps	%xmm7,96+16(%rsp)
+	movaps	%xmm8,96+32(%rsp)
+	movaps	%xmm9,96+48(%rsp)
+	movaps	%xmm10,96+64(%rsp)
+	movaps	%xmm11,96+80(%rsp)
+	movaps	%xmm12,96+96(%rsp)
+	movaps	%xmm13,96+112(%rsp)
+	movaps	%xmm14,96+128(%rsp)
+	movaps	%xmm15,96+144(%rsp)
+.Lprologue_ssse3:
+___
+$code.=<<___;
+	mov	$in0,%r12			# reassign arguments
+	mov	$out,%r13
+	mov	$len,%r14
+	lea	112($key),%r15			# size optimization
+	movdqu	($ivp),$iv			# load IV
+	mov	$ivp,88(%rsp)			# save $ivp
+___
+($in0,$out,$len,$key)=map("%r$_",(12..15));	# reassign arguments
+my $rounds="${ivp}d";
+$code.=<<___;
+	shl	\$6,$len
+	sub	$in0,$out
+	mov	240-112($key),$rounds
+	add	$inp,$len		# end of input
+
+	lea	K_XX_XX(%rip),$K_XX_XX
+	mov	0($ctx),$A		# load context
+	mov	4($ctx),$B
+	mov	8($ctx),$C
+	mov	12($ctx),$D
+	mov	$B,@T[0]		# magic seed
+	mov	16($ctx),$E
+	mov	$C,@T[1]
+	xor	$D,@T[1]
+	and	@T[1],@T[0]
+
+	movdqa	64($K_XX_XX),@Tx[2]	# pbswap mask
+	movdqa	0($K_XX_XX),@Tx[1]	# K_00_19
+	movdqu	0($inp),@X[-4&7]	# load input to %xmm[0-3]
+	movdqu	16($inp),@X[-3&7]
+	movdqu	32($inp),@X[-2&7]
+	movdqu	48($inp),@X[-1&7]
+	pshufb	@Tx[2],@X[-4&7]		# byte swap
+	pshufb	@Tx[2],@X[-3&7]
+	pshufb	@Tx[2],@X[-2&7]
+	add	\$64,$inp
+	paddd	@Tx[1],@X[-4&7]		# add K_00_19
+	pshufb	@Tx[2],@X[-1&7]
+	paddd	@Tx[1],@X[-3&7]
+	paddd	@Tx[1],@X[-2&7]
+	movdqa	@X[-4&7],0(%rsp)	# X[]+K xfer to IALU
+	psubd	@Tx[1],@X[-4&7]		# restore X[]
+	movdqa	@X[-3&7],16(%rsp)
+	psubd	@Tx[1],@X[-3&7]
+	movdqa	@X[-2&7],32(%rsp)
+	psubd	@Tx[1],@X[-2&7]
+	movups	-112($key),$rndkey0	# $key[0]
+	movups	16-112($key),$rndkey[0]	# forward reference
+	jmp	.Loop_ssse3
+___
+
+my $aesenc=sub {
+  use integer;
+  my ($n,$k)=($r/10,$r%10);
+    if ($k==0) {
+      $code.=<<___;
+	movups		`16*$n`($in0),$in		# load input
+	xorps		$rndkey0,$in
+___
+      $code.=<<___ if ($n);
+	movups		$iv,`16*($n-1)`($out,$in0)	# write output
+___
+      $code.=<<___;
+	xorps		$in,$iv
+	movups		`32+16*$k-112`($key),$rndkey[1]
+	aesenc		$rndkey[0],$iv
+___
+    } elsif ($k==9) {
+      $sn++;
+      $code.=<<___;
+	cmp		\$11,$rounds
+	jb		.Laesenclast$sn
+	movups		`32+16*($k+0)-112`($key),$rndkey[1]
+	aesenc		$rndkey[0],$iv
+	movups		`32+16*($k+1)-112`($key),$rndkey[0]
+	aesenc		$rndkey[1],$iv
+	je		.Laesenclast$sn
+	movups		`32+16*($k+2)-112`($key),$rndkey[1]
+	aesenc		$rndkey[0],$iv
+	movups		`32+16*($k+3)-112`($key),$rndkey[0]
+	aesenc		$rndkey[1],$iv
+.Laesenclast$sn:
+	aesenclast	$rndkey[0],$iv
+	movups		16-112($key),$rndkey[1]		# forward reference
+___
+    } else {
+      $code.=<<___;
+	movups		`32+16*$k-112`($key),$rndkey[1]
+	aesenc		$rndkey[0],$iv
+___
+    }
+    $r++;	unshift(@rndkey,pop(@rndkey));
+};
+
+sub Xupdate_ssse3_16_31()		# recall that $Xi starts with 4
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 40 instructions
+  my ($a,$b,$c,$d,$e);
+
+	 eval(shift(@insns));		# ror
+	&pshufd	(@X[0],@X[-4&7],0xee);	# was &movdqa	(@X[0],@X[-3&7]);
+	 eval(shift(@insns));
+	&movdqa	(@Tx[0],@X[-1&7]);
+	  &paddd	(@Tx[1],@X[-1&7]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&punpcklqdq(@X[0],@X[-3&7]);	# compose "X[-14]" in "X[0]", was &palignr(@X[0],@X[-4&7],8);
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+	 eval(shift(@insns));
+	&psrldq	(@Tx[0],4);		# "X[-3]", 3 dwords
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&pxor	(@X[0],@X[-4&7]);	# "X[0]"^="X[-16]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# ror
+	&pxor	(@Tx[0],@X[-2&7]);	# "X[-3]"^"X[-8]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&pxor	(@X[0],@Tx[0]);		# "X[0]"^="X[-3]"^"X[-8]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+	  &movdqa	(eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]);	# X[]+K xfer to IALU
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&movdqa	(@Tx[2],@X[0]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# ror
+	&movdqa	(@Tx[0],@X[0]);
+	 eval(shift(@insns));
+
+	&pslldq	(@Tx[2],12);		# "X[0]"<<96, extract one dword
+	&paddd	(@X[0],@X[0]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&psrld	(@Tx[0],31);
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+	 eval(shift(@insns));
+	&movdqa	(@Tx[1],@Tx[2]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&psrld	(@Tx[2],30);
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# ror
+	&por	(@X[0],@Tx[0]);		# "X[0]"<<<=1
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&pslld	(@Tx[1],2);
+	&pxor	(@X[0],@Tx[2]);
+	 eval(shift(@insns));
+	  &movdqa	(@Tx[2],eval(16*(($Xi)/5))."($K_XX_XX)");	# K_XX_XX
+	 eval(shift(@insns));		# rol
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&pxor	(@X[0],@Tx[1]);		# "X[0]"^=("X[0]">>96)<<<2
+	&pshufd (@Tx[1],@X[-1&7],0xee)	if ($Xi==7);	# was &movdqa	(@Tx[0],@X[-1&7]) in Xupdate_ssse3_32_79
+
+	 foreach (@insns) { eval; }	# remaining instructions [if any]
+
+  $Xi++;	push(@X,shift(@X));	# "rotate" X[]
+		push(@Tx,shift(@Tx));
+}
+
+sub Xupdate_ssse3_32_79()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 32 to 44 instructions
+  my ($a,$b,$c,$d,$e);
+
+	 eval(shift(@insns))		if ($Xi==8);
+	&pxor	(@X[0],@X[-4&7]);	# "X[0]"="X[-32]"^"X[-16]"
+	 eval(shift(@insns))		if ($Xi==8);
+	 eval(shift(@insns));		# body_20_39
+	 eval(shift(@insns));
+	 eval(shift(@insns))		if (@insns[1] =~ /_ror/);
+	 eval(shift(@insns))		if (@insns[0] =~ /_ror/);
+	&punpcklqdq(@Tx[0],@X[-1&7]);	# compose "X[-6]", was &palignr(@Tx[0],@X[-2&7],8);
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+
+	&pxor	(@X[0],@X[-7&7]);	# "X[0]"^="X[-28]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	if ($Xi%5) {
+	  &movdqa	(@Tx[2],@Tx[1]);# "perpetuate" K_XX_XX...
+	} else {			# ... or load next one
+	  &movdqa	(@Tx[2],eval(16*($Xi/5))."($K_XX_XX)");
+	}
+	 eval(shift(@insns));		# ror
+	  &paddd	(@Tx[1],@X[-1&7]);
+	 eval(shift(@insns));
+
+	&pxor	(@X[0],@Tx[0]);		# "X[0]"^="X[-6]"
+	 eval(shift(@insns));		# body_20_39
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+	 eval(shift(@insns))		if (@insns[0] =~ /_ror/);
+
+	&movdqa	(@Tx[0],@X[0]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &movdqa	(eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]);	# X[]+K xfer to IALU
+	 eval(shift(@insns));		# ror
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# body_20_39
+
+	&pslld	(@X[0],2);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&psrld	(@Tx[0],30);
+	 eval(shift(@insns))		if (@insns[0] =~ /_rol/);# rol
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# ror
+
+	&por	(@X[0],@Tx[0]);		# "X[0]"<<<=2
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# body_20_39
+	 eval(shift(@insns))		if (@insns[1] =~ /_rol/);
+	 eval(shift(@insns))		if (@insns[0] =~ /_rol/);
+	  &pshufd(@Tx[1],@X[-1&7],0xee)	if ($Xi<19);	# was &movdqa	(@Tx[1],@X[0])
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+	 eval(shift(@insns));
+
+	 foreach (@insns) { eval; }	# remaining instructions
+
+  $Xi++;	push(@X,shift(@X));	# "rotate" X[]
+		push(@Tx,shift(@Tx));
+}
+
+sub Xuplast_ssse3_80()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
+  my ($a,$b,$c,$d,$e);
+
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &paddd	(@Tx[1],@X[-1&7]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	  &movdqa	(eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]);	# X[]+K xfer IALU
+
+	 foreach (@insns) { eval; }		# remaining instructions
+
+	&cmp	($inp,$len);
+	&je	(shift);
+
+	unshift(@Tx,pop(@Tx));
+
+	&movdqa	(@Tx[2],"64($K_XX_XX)");	# pbswap mask
+	&movdqa	(@Tx[1],"0($K_XX_XX)");		# K_00_19
+	&movdqu	(@X[-4&7],"0($inp)");		# load input
+	&movdqu	(@X[-3&7],"16($inp)");
+	&movdqu	(@X[-2&7],"32($inp)");
+	&movdqu	(@X[-1&7],"48($inp)");
+	&pshufb	(@X[-4&7],@Tx[2]);		# byte swap
+	&add	($inp,64);
+
+  $Xi=0;
+}
+
+sub Xloop_ssse3()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
+  my ($a,$b,$c,$d,$e);
+
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&pshufb	(@X[($Xi-3)&7],@Tx[2]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&paddd	(@X[($Xi-4)&7],@Tx[1]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&movdqa	(eval(16*$Xi)."(%rsp)",@X[($Xi-4)&7]);	# X[]+K xfer to IALU
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&psubd	(@X[($Xi-4)&7],@Tx[1]);
+
+	foreach (@insns) { eval; }
+  $Xi++;
+}
+
+sub Xtail_ssse3()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
+  my ($a,$b,$c,$d,$e);
+
+	foreach (@insns) { eval; }
+}
+
+my @body_00_19 = (
+	'($a,$b,$c,$d,$e)=@V;'.
+	'&$_ror	($b,$j?7:2);',	# $b>>>2
+	'&xor	(@T[0],$d);',
+	'&mov	(@T[1],$a);',	# $b for next round
+
+	'&add	($e,eval(4*($j&15))."(%rsp)");',# X[]+K xfer
+	'&xor	($b,$c);',	# $c^$d for next round
+
+	'&$_rol	($a,5);',
+	'&add	($e,@T[0]);',
+	'&and	(@T[1],$b);',	# ($b&($c^$d)) for next round
+
+	'&xor	($b,$c);',	# restore $b
+	'&add	($e,$a);'	.'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));'
+	);
+
+sub body_00_19 () {	# ((c^d)&b)^d
+    # on start @T[0]=(c^d)&b
+    return &body_20_39() if ($rx==19); $rx++;
+
+    use integer;
+    my ($k,$n);
+    my @r=@body_00_19;
+
+	$n = scalar(@r);
+	$k = (($jj+1)*12/20)*20*$n/12;	# 12 aesencs per these 20 rounds
+	@r[$k%$n].='&$aesenc();'	if ($jj==$k/$n);
+	$jj++;
+
+    return @r;
+}
+
+my @body_20_39 = (
+	'($a,$b,$c,$d,$e)=@V;'.
+	'&add	($e,eval(4*($j&15))."(%rsp)");',# X[]+K xfer
+	'&xor	(@T[0],$d)	if($j==19);'.
+	'&xor	(@T[0],$c)	if($j> 19);',	# ($b^$d^$c)
+	'&mov	(@T[1],$a);',	# $b for next round
+
+	'&$_rol	($a,5);',
+	'&add	($e,@T[0]);',
+	'&xor	(@T[1],$c)	if ($j< 79);',	# $b^$d for next round
+
+	'&$_ror	($b,7);',	# $b>>>2
+	'&add	($e,$a);'	.'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));'
+	);
+
+sub body_20_39 () {	# b^d^c
+    # on entry @T[0]=b^d
+    return &body_40_59() if ($rx==39); $rx++;
+
+    use integer;
+    my ($k,$n);
+    my @r=@body_20_39;
+
+	$n = scalar(@r);
+	$k = (($jj+1)*8/20)*20*$n/8;	# 8 aesencs per these 20 rounds
+	@r[$k%$n].='&$aesenc();'	if ($jj==$k/$n && $rx!=20);
+	$jj++;
+
+    return @r;
+}
+
+my @body_40_59 = (
+	'($a,$b,$c,$d,$e)=@V;'.
+	'&add	($e,eval(4*($j&15))."(%rsp)");',# X[]+K xfer
+	'&and	(@T[0],$c)	if ($j>=40);',	# (b^c)&(c^d)
+	'&xor	($c,$d)		if ($j>=40);',	# restore $c
+
+	'&$_ror	($b,7);',	# $b>>>2
+	'&mov	(@T[1],$a);',	# $b for next round
+	'&xor	(@T[0],$c);',
+
+	'&$_rol	($a,5);',
+	'&add	($e,@T[0]);',
+	'&xor	(@T[1],$c)	if ($j==59);'.
+	'&xor	(@T[1],$b)	if ($j< 59);',	# b^c for next round
+
+	'&xor	($b,$c)		if ($j< 59);',	# c^d for next round
+	'&add	($e,$a);'	.'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));'
+	);
+
+sub body_40_59 () {	# ((b^c)&(c^d))^c
+    # on entry @T[0]=(b^c), (c^=d)
+    $rx++;
+
+    use integer;
+    my ($k,$n);
+    my @r=@body_40_59;
+
+	$n = scalar(@r);
+	$k=(($jj+1)*12/20)*20*$n/12;	# 12 aesencs per these 20 rounds
+	@r[$k%$n].='&$aesenc();'	if ($jj==$k/$n && $rx!=40);
+	$jj++;
+
+    return @r;
+}
+$code.=<<___;
+.align	32
+.Loop_ssse3:
+___
+	&Xupdate_ssse3_16_31(\&body_00_19);
+	&Xupdate_ssse3_16_31(\&body_00_19);
+	&Xupdate_ssse3_16_31(\&body_00_19);
+	&Xupdate_ssse3_16_31(\&body_00_19);
+	&Xupdate_ssse3_32_79(\&body_00_19);
+	&Xupdate_ssse3_32_79(\&body_20_39);
+	&Xupdate_ssse3_32_79(\&body_20_39);
+	&Xupdate_ssse3_32_79(\&body_20_39);
+	&Xupdate_ssse3_32_79(\&body_20_39);
+	&Xupdate_ssse3_32_79(\&body_20_39);
+	&Xupdate_ssse3_32_79(\&body_40_59);
+	&Xupdate_ssse3_32_79(\&body_40_59);
+	&Xupdate_ssse3_32_79(\&body_40_59);
+	&Xupdate_ssse3_32_79(\&body_40_59);
+	&Xupdate_ssse3_32_79(\&body_40_59);
+	&Xupdate_ssse3_32_79(\&body_20_39);
+	&Xuplast_ssse3_80(\&body_20_39,".Ldone_ssse3");	# can jump to "done"
+
+				$saved_j=$j; @saved_V=@V;
+				$saved_r=$r; @saved_rndkey=@rndkey;
+
+	&Xloop_ssse3(\&body_20_39);
+	&Xloop_ssse3(\&body_20_39);
+	&Xloop_ssse3(\&body_20_39);
+
+$code.=<<___;
+	movups	$iv,48($out,$in0)		# write output
+	lea	64($in0),$in0
+
+	add	0($ctx),$A			# update context
+	add	4($ctx),@T[0]
+	add	8($ctx),$C
+	add	12($ctx),$D
+	mov	$A,0($ctx)
+	add	16($ctx),$E
+	mov	@T[0],4($ctx)
+	mov	@T[0],$B			# magic seed
+	mov	$C,8($ctx)
+	mov	$C,@T[1]
+	mov	$D,12($ctx)
+	xor	$D,@T[1]
+	mov	$E,16($ctx)
+	and	@T[1],@T[0]
+	jmp	.Loop_ssse3
+
+.Ldone_ssse3:
+___
+				$jj=$j=$saved_j; @V=@saved_V;
+				$r=$saved_r;     @rndkey=@saved_rndkey;
+
+	&Xtail_ssse3(\&body_20_39);
+	&Xtail_ssse3(\&body_20_39);
+	&Xtail_ssse3(\&body_20_39);
+
+$code.=<<___;
+	movups	$iv,48($out,$in0)		# write output
+	mov	88(%rsp),$ivp			# restore $ivp
+
+	add	0($ctx),$A			# update context
+	add	4($ctx),@T[0]
+	add	8($ctx),$C
+	mov	$A,0($ctx)
+	add	12($ctx),$D
+	mov	@T[0],4($ctx)
+	add	16($ctx),$E
+	mov	$C,8($ctx)
+	mov	$D,12($ctx)
+	mov	$E,16($ctx)
+	movups	$iv,($ivp)			# write IV
+___
+$code.=<<___ if ($win64);
+	movaps	96+0(%rsp),%xmm6
+	movaps	96+16(%rsp),%xmm7
+	movaps	96+32(%rsp),%xmm8
+	movaps	96+48(%rsp),%xmm9
+	movaps	96+64(%rsp),%xmm10
+	movaps	96+80(%rsp),%xmm11
+	movaps	96+96(%rsp),%xmm12
+	movaps	96+112(%rsp),%xmm13
+	movaps	96+128(%rsp),%xmm14
+	movaps	96+144(%rsp),%xmm15
+___
+$code.=<<___;
+	lea	`104+($win64?10*16:0)`(%rsp),%rsi
+.cfi_def_cfa	%rsi,56
+	mov	0(%rsi),%r15
+.cfi_restore	%r15
+	mov	8(%rsi),%r14
+.cfi_restore	%r14
+	mov	16(%rsi),%r13
+.cfi_restore	%r13
+	mov	24(%rsi),%r12
+.cfi_restore	%r12
+	mov	32(%rsi),%rbp
+.cfi_restore	%rbp
+	mov	40(%rsi),%rbx
+.cfi_restore	%rbx
+	lea	48(%rsi),%rsp
+.cfi_def_cfa	%rsp,8
+.Lepilogue_ssse3:
+	ret
+.cfi_endproc
+.size	aesni_cbc_sha1_enc_ssse3,.-aesni_cbc_sha1_enc_ssse3
+___
+
+						if ($stitched_decrypt) {{{
+# reset
+($in0,$out,$len,$key,$ivp,$ctx,$inp)=("%rdi","%rsi","%rdx","%rcx","%r8","%r9","%r10");
+$j=$jj=$r=$rx=0;
+$Xi=4;
+
+# reassign for Atom Silvermont (see above)
+($inout0,$inout1,$inout2,$inout3,$rndkey0)=map("%xmm$_",(0..4));
+@X=map("%xmm$_",(8..13,6,7));
+@Tx=map("%xmm$_",(14,15,5));
+
+my @aes256_dec = (
+	'&movdqu($inout0,"0x00($in0)");',
+	'&movdqu($inout1,"0x10($in0)");	&pxor	($inout0,$rndkey0);',
+	'&movdqu($inout2,"0x20($in0)");	&pxor	($inout1,$rndkey0);',
+	'&movdqu($inout3,"0x30($in0)");	&pxor	($inout2,$rndkey0);',
+
+	'&pxor	($inout3,$rndkey0);	&movups	($rndkey0,"16-112($key)");',
+	'&movaps("64(%rsp)",@X[2]);',	# save IV, originally @X[3]
+	undef,undef
+	);
+for ($i=0;$i<13;$i++) {
+    push (@aes256_dec,(
+	'&aesdec	($inout0,$rndkey0);',
+	'&aesdec	($inout1,$rndkey0);',
+	'&aesdec	($inout2,$rndkey0);',
+	'&aesdec	($inout3,$rndkey0);	&movups($rndkey0,"'.(16*($i+2)-112).'($key)");'
+	));
+    push (@aes256_dec,(undef,undef))	if (($i>=3 && $i<=5) || $i>=11);
+    push (@aes256_dec,(undef,undef))	if ($i==5);
+}
+push(@aes256_dec,(
+	'&aesdeclast	($inout0,$rndkey0);	&movups	(@X[0],"0x00($in0)");',
+	'&aesdeclast	($inout1,$rndkey0);	&movups	(@X[1],"0x10($in0)");',
+	'&aesdeclast	($inout2,$rndkey0);	&movups	(@X[2],"0x20($in0)");',
+	'&aesdeclast	($inout3,$rndkey0);	&movups	(@X[3],"0x30($in0)");',
+
+	'&xorps		($inout0,"64(%rsp)");	&movdqu	($rndkey0,"-112($key)");',
+	'&xorps		($inout1,@X[0]);	&movups	("0x00($out,$in0)",$inout0);',
+	'&xorps		($inout2,@X[1]);	&movups	("0x10($out,$in0)",$inout1);',
+	'&xorps		($inout3,@X[2]);	&movups	("0x20($out,$in0)",$inout2);',
+
+	'&movups	("0x30($out,$in0)",$inout3);'
+	));
+
+sub body_00_19_dec () {	# ((c^d)&b)^d
+    # on start @T[0]=(c^d)&b
+    return &body_20_39_dec() if ($rx==19);
+
+    my @r=@body_00_19;
+
+	unshift (@r,@aes256_dec[$rx])	if (@aes256_dec[$rx]);
+	$rx++;
+
+    return @r;
+}
+
+sub body_20_39_dec () {	# b^d^c
+    # on entry @T[0]=b^d
+    return &body_40_59_dec() if ($rx==39);
+
+    my @r=@body_20_39;
+
+	unshift (@r,@aes256_dec[$rx])	if (@aes256_dec[$rx]);
+	$rx++;
+
+    return @r;
+}
+
+sub body_40_59_dec () {	# ((b^c)&(c^d))^c
+    # on entry @T[0]=(b^c), (c^=d)
+
+    my @r=@body_40_59;
+
+	unshift (@r,@aes256_dec[$rx])	if (@aes256_dec[$rx]);
+	$rx++;
+
+    return @r;
+}
+
+$code.=<<___;
+.globl	aesni256_cbc_sha1_dec
+.type	aesni256_cbc_sha1_dec,\@abi-omnipotent
+.align	32
+aesni256_cbc_sha1_dec:
+	# caller should check for SSSE3 and AES-NI bits
+	mov	OPENSSL_ia32cap_P+0(%rip),%r10d
+	mov	OPENSSL_ia32cap_P+4(%rip),%r11d
+___
+$code.=<<___ if ($avx);
+	and	\$`1<<28`,%r11d		# mask AVX bit
+	and	\$`1<<30`,%r10d		# mask "Intel CPU" bit
+	or	%r11d,%r10d
+	cmp	\$`1<<28|1<<30`,%r10d
+	je	aesni256_cbc_sha1_dec_avx
+___
+$code.=<<___;
+	jmp	aesni256_cbc_sha1_dec_ssse3
+	ret
+.size	aesni256_cbc_sha1_dec,.-aesni256_cbc_sha1_dec
+
+.type	aesni256_cbc_sha1_dec_ssse3,\@function,6
+.align	32
+aesni256_cbc_sha1_dec_ssse3:
+.cfi_startproc
+	mov	`($win64?56:8)`(%rsp),$inp	# load 7th argument
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+	lea	`-104-($win64?10*16:0)`(%rsp),%rsp
+.cfi_adjust_cfa_offset	`104+($win64?10*16:0)`
+___
+$code.=<<___ if ($win64);
+	movaps	%xmm6,96+0(%rsp)
+	movaps	%xmm7,96+16(%rsp)
+	movaps	%xmm8,96+32(%rsp)
+	movaps	%xmm9,96+48(%rsp)
+	movaps	%xmm10,96+64(%rsp)
+	movaps	%xmm11,96+80(%rsp)
+	movaps	%xmm12,96+96(%rsp)
+	movaps	%xmm13,96+112(%rsp)
+	movaps	%xmm14,96+128(%rsp)
+	movaps	%xmm15,96+144(%rsp)
+.Lprologue_dec_ssse3:
+___
+$code.=<<___;
+	mov	$in0,%r12			# reassign arguments
+	mov	$out,%r13
+	mov	$len,%r14
+	lea	112($key),%r15			# size optimization
+	movdqu	($ivp),@X[3]			# load IV
+	#mov	$ivp,88(%rsp)			# save $ivp
+___
+($in0,$out,$len,$key)=map("%r$_",(12..15));	# reassign arguments
+$code.=<<___;
+	shl	\$6,$len
+	sub	$in0,$out
+	add	$inp,$len		# end of input
+
+	lea	K_XX_XX(%rip),$K_XX_XX
+	mov	0($ctx),$A		# load context
+	mov	4($ctx),$B
+	mov	8($ctx),$C
+	mov	12($ctx),$D
+	mov	$B,@T[0]		# magic seed
+	mov	16($ctx),$E
+	mov	$C,@T[1]
+	xor	$D,@T[1]
+	and	@T[1],@T[0]
+
+	movdqa	64($K_XX_XX),@Tx[2]	# pbswap mask
+	movdqa	0($K_XX_XX),@Tx[1]	# K_00_19
+	movdqu	0($inp),@X[-4&7]	# load input to %xmm[0-3]
+	movdqu	16($inp),@X[-3&7]
+	movdqu	32($inp),@X[-2&7]
+	movdqu	48($inp),@X[-1&7]
+	pshufb	@Tx[2],@X[-4&7]		# byte swap
+	add	\$64,$inp
+	pshufb	@Tx[2],@X[-3&7]
+	pshufb	@Tx[2],@X[-2&7]
+	pshufb	@Tx[2],@X[-1&7]
+	paddd	@Tx[1],@X[-4&7]		# add K_00_19
+	paddd	@Tx[1],@X[-3&7]
+	paddd	@Tx[1],@X[-2&7]
+	movdqa	@X[-4&7],0(%rsp)	# X[]+K xfer to IALU
+	psubd	@Tx[1],@X[-4&7]		# restore X[]
+	movdqa	@X[-3&7],16(%rsp)
+	psubd	@Tx[1],@X[-3&7]
+	movdqa	@X[-2&7],32(%rsp)
+	psubd	@Tx[1],@X[-2&7]
+	movdqu	-112($key),$rndkey0	# $key[0]
+	jmp	.Loop_dec_ssse3
+
+.align	32
+.Loop_dec_ssse3:
+___
+	&Xupdate_ssse3_16_31(\&body_00_19_dec);
+	&Xupdate_ssse3_16_31(\&body_00_19_dec);
+	&Xupdate_ssse3_16_31(\&body_00_19_dec);
+	&Xupdate_ssse3_16_31(\&body_00_19_dec);
+	&Xupdate_ssse3_32_79(\&body_00_19_dec);
+	&Xupdate_ssse3_32_79(\&body_20_39_dec);
+	&Xupdate_ssse3_32_79(\&body_20_39_dec);
+	&Xupdate_ssse3_32_79(\&body_20_39_dec);
+	&Xupdate_ssse3_32_79(\&body_20_39_dec);
+	&Xupdate_ssse3_32_79(\&body_20_39_dec);
+	&Xupdate_ssse3_32_79(\&body_40_59_dec);
+	&Xupdate_ssse3_32_79(\&body_40_59_dec);
+	&Xupdate_ssse3_32_79(\&body_40_59_dec);
+	&Xupdate_ssse3_32_79(\&body_40_59_dec);
+	&Xupdate_ssse3_32_79(\&body_40_59_dec);
+	&Xupdate_ssse3_32_79(\&body_20_39_dec);
+	&Xuplast_ssse3_80(\&body_20_39_dec,".Ldone_dec_ssse3");	# can jump to "done"
+
+				$saved_j=$j;   @saved_V=@V;
+				$saved_rx=$rx;
+
+	&Xloop_ssse3(\&body_20_39_dec);
+	&Xloop_ssse3(\&body_20_39_dec);
+	&Xloop_ssse3(\&body_20_39_dec);
+
+	eval(@aes256_dec[-1]);			# last store
+$code.=<<___;
+	lea	64($in0),$in0
+
+	add	0($ctx),$A			# update context
+	add	4($ctx),@T[0]
+	add	8($ctx),$C
+	add	12($ctx),$D
+	mov	$A,0($ctx)
+	add	16($ctx),$E
+	mov	@T[0],4($ctx)
+	mov	@T[0],$B			# magic seed
+	mov	$C,8($ctx)
+	mov	$C,@T[1]
+	mov	$D,12($ctx)
+	xor	$D,@T[1]
+	mov	$E,16($ctx)
+	and	@T[1],@T[0]
+	jmp	.Loop_dec_ssse3
+
+.Ldone_dec_ssse3:
+___
+				$jj=$j=$saved_j; @V=@saved_V;
+				$rx=$saved_rx;
+
+	&Xtail_ssse3(\&body_20_39_dec);
+	&Xtail_ssse3(\&body_20_39_dec);
+	&Xtail_ssse3(\&body_20_39_dec);
+
+	eval(@aes256_dec[-1]);			# last store
+$code.=<<___;
+	add	0($ctx),$A			# update context
+	add	4($ctx),@T[0]
+	add	8($ctx),$C
+	mov	$A,0($ctx)
+	add	12($ctx),$D
+	mov	@T[0],4($ctx)
+	add	16($ctx),$E
+	mov	$C,8($ctx)
+	mov	$D,12($ctx)
+	mov	$E,16($ctx)
+	movups	@X[3],($ivp)			# write IV
+___
+$code.=<<___ if ($win64);
+	movaps	96+0(%rsp),%xmm6
+	movaps	96+16(%rsp),%xmm7
+	movaps	96+32(%rsp),%xmm8
+	movaps	96+48(%rsp),%xmm9
+	movaps	96+64(%rsp),%xmm10
+	movaps	96+80(%rsp),%xmm11
+	movaps	96+96(%rsp),%xmm12
+	movaps	96+112(%rsp),%xmm13
+	movaps	96+128(%rsp),%xmm14
+	movaps	96+144(%rsp),%xmm15
+___
+$code.=<<___;
+	lea	`104+($win64?10*16:0)`(%rsp),%rsi
+.cfi_cfa_def	%rsi,56
+	mov	0(%rsi),%r15
+.cfi_restore	%r15
+	mov	8(%rsi),%r14
+.cfi_restore	%r14
+	mov	16(%rsi),%r13
+.cfi_restore	%r13
+	mov	24(%rsi),%r12
+.cfi_restore	%r12
+	mov	32(%rsi),%rbp
+.cfi_restore	%rbp
+	mov	40(%rsi),%rbx
+.cfi_restore	%rbx
+	lea	48(%rsi),%rsp
+.cfi_cfa_def	%rsp,8
+.Lepilogue_dec_ssse3:
+	ret
+.cfi_endproc
+.size	aesni256_cbc_sha1_dec_ssse3,.-aesni256_cbc_sha1_dec_ssse3
+___
+						}}}
+$j=$jj=$r=$rx=0;
+
+if ($avx) {
+my ($in0,$out,$len,$key,$ivp,$ctx,$inp)=("%rdi","%rsi","%rdx","%rcx","%r8","%r9","%r10");
+
+my $Xi=4;
+my @X=map("%xmm$_",(4..7,0..3));
+my @Tx=map("%xmm$_",(8..10));
+my @V=($A,$B,$C,$D,$E)=("%eax","%ebx","%ecx","%edx","%ebp");	# size optimization
+my @T=("%esi","%edi");
+my ($rndkey0,$iv,$in)=map("%xmm$_",(11..13));
+my @rndkey=("%xmm14","%xmm15");
+my ($inout0,$inout1,$inout2,$inout3)=map("%xmm$_",(12..15));	# for dec
+my $Kx=@Tx[2];
+
+my $_rol=sub { &shld(@_[0],@_) };
+my $_ror=sub { &shrd(@_[0],@_) };
+
+$code.=<<___;
+.type	aesni_cbc_sha1_enc_avx,\@function,6
+.align	32
+aesni_cbc_sha1_enc_avx:
+.cfi_startproc
+	mov	`($win64?56:8)`(%rsp),$inp	# load 7th argument
+	#shr	\$6,$len			# debugging artefact
+	#jz	.Lepilogue_avx			# debugging artefact
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+	lea	`-104-($win64?10*16:0)`(%rsp),%rsp
+.cfi_adjust_cfa_offset	`104+($win64?10*16:0)`
+	#mov	$in0,$inp			# debugging artefact
+	#lea	64(%rsp),$ctx			# debugging artefact
+___
+$code.=<<___ if ($win64);
+	movaps	%xmm6,96+0(%rsp)
+	movaps	%xmm7,96+16(%rsp)
+	movaps	%xmm8,96+32(%rsp)
+	movaps	%xmm9,96+48(%rsp)
+	movaps	%xmm10,96+64(%rsp)
+	movaps	%xmm11,96+80(%rsp)
+	movaps	%xmm12,96+96(%rsp)
+	movaps	%xmm13,96+112(%rsp)
+	movaps	%xmm14,96+128(%rsp)
+	movaps	%xmm15,96+144(%rsp)
+.Lprologue_avx:
+___
+$code.=<<___;
+	vzeroall
+	mov	$in0,%r12			# reassign arguments
+	mov	$out,%r13
+	mov	$len,%r14
+	lea	112($key),%r15			# size optimization
+	vmovdqu	($ivp),$iv			# load IV
+	mov	$ivp,88(%rsp)			# save $ivp
+___
+($in0,$out,$len,$key)=map("%r$_",(12..15));	# reassign arguments
+my $rounds="${ivp}d";
+$code.=<<___;
+	shl	\$6,$len
+	sub	$in0,$out
+	mov	240-112($key),$rounds
+	add	$inp,$len		# end of input
+
+	lea	K_XX_XX(%rip),$K_XX_XX
+	mov	0($ctx),$A		# load context
+	mov	4($ctx),$B
+	mov	8($ctx),$C
+	mov	12($ctx),$D
+	mov	$B,@T[0]		# magic seed
+	mov	16($ctx),$E
+	mov	$C,@T[1]
+	xor	$D,@T[1]
+	and	@T[1],@T[0]
+
+	vmovdqa	64($K_XX_XX),@X[2]	# pbswap mask
+	vmovdqa	0($K_XX_XX),$Kx		# K_00_19
+	vmovdqu	0($inp),@X[-4&7]	# load input to %xmm[0-3]
+	vmovdqu	16($inp),@X[-3&7]
+	vmovdqu	32($inp),@X[-2&7]
+	vmovdqu	48($inp),@X[-1&7]
+	vpshufb	@X[2],@X[-4&7],@X[-4&7]	# byte swap
+	add	\$64,$inp
+	vpshufb	@X[2],@X[-3&7],@X[-3&7]
+	vpshufb	@X[2],@X[-2&7],@X[-2&7]
+	vpshufb	@X[2],@X[-1&7],@X[-1&7]
+	vpaddd	$Kx,@X[-4&7],@X[0]	# add K_00_19
+	vpaddd	$Kx,@X[-3&7],@X[1]
+	vpaddd	$Kx,@X[-2&7],@X[2]
+	vmovdqa	@X[0],0(%rsp)		# X[]+K xfer to IALU
+	vmovdqa	@X[1],16(%rsp)
+	vmovdqa	@X[2],32(%rsp)
+	vmovups	-112($key),$rndkey[1]	# $key[0]
+	vmovups	16-112($key),$rndkey[0]	# forward reference
+	jmp	.Loop_avx
+___
+
+my $aesenc=sub {
+  use integer;
+  my ($n,$k)=($r/10,$r%10);
+    if ($k==0) {
+      $code.=<<___;
+	vmovdqu		`16*$n`($in0),$in		# load input
+	vpxor		$rndkey[1],$in,$in
+___
+      $code.=<<___ if ($n);
+	vmovups		$iv,`16*($n-1)`($out,$in0)	# write output
+___
+      $code.=<<___;
+	vpxor		$in,$iv,$iv
+	vaesenc		$rndkey[0],$iv,$iv
+	vmovups		`32+16*$k-112`($key),$rndkey[1]
+___
+    } elsif ($k==9) {
+      $sn++;
+      $code.=<<___;
+	cmp		\$11,$rounds
+	jb		.Lvaesenclast$sn
+	vaesenc		$rndkey[0],$iv,$iv
+	vmovups		`32+16*($k+0)-112`($key),$rndkey[1]
+	vaesenc		$rndkey[1],$iv,$iv
+	vmovups		`32+16*($k+1)-112`($key),$rndkey[0]
+	je		.Lvaesenclast$sn
+	vaesenc		$rndkey[0],$iv,$iv
+	vmovups		`32+16*($k+2)-112`($key),$rndkey[1]
+	vaesenc		$rndkey[1],$iv,$iv
+	vmovups		`32+16*($k+3)-112`($key),$rndkey[0]
+.Lvaesenclast$sn:
+	vaesenclast	$rndkey[0],$iv,$iv
+	vmovups		-112($key),$rndkey[0]
+	vmovups		16-112($key),$rndkey[1]		# forward reference
+___
+    } else {
+      $code.=<<___;
+	vaesenc		$rndkey[0],$iv,$iv
+	vmovups		`32+16*$k-112`($key),$rndkey[1]
+___
+    }
+    $r++;	unshift(@rndkey,pop(@rndkey));
+};
+
+sub Xupdate_avx_16_31()		# recall that $Xi starts with 4
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 40 instructions
+  my ($a,$b,$c,$d,$e);
+
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vpalignr(@X[0],@X[-3&7],@X[-4&7],8);	# compose "X[-14]" in "X[0]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	  &vpaddd	(@Tx[1],$Kx,@X[-1&7]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vpsrldq(@Tx[0],@X[-1&7],4);		# "X[-3]", 3 dwords
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vpxor	(@X[0],@X[0],@X[-4&7]);		# "X[0]"^="X[-16]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpxor	(@Tx[0],@Tx[0],@X[-2&7]);	# "X[-3]"^"X[-8]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpxor	(@X[0],@X[0],@Tx[0]);		# "X[0]"^="X[-3]"^"X[-8]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &vmovdqa	(eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]);	# X[]+K xfer to IALU
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpsrld	(@Tx[0],@X[0],31);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpslldq(@Tx[1],@X[0],12);		# "X[0]"<<96, extract one dword
+	&vpaddd	(@X[0],@X[0],@X[0]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpor	(@X[0],@X[0],@Tx[0]);		# "X[0]"<<<=1
+	&vpsrld	(@Tx[0],@Tx[1],30);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpslld	(@Tx[1],@Tx[1],2);
+	&vpxor	(@X[0],@X[0],@Tx[0]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpxor	(@X[0],@X[0],@Tx[1]);		# "X[0]"^=("X[0]">>96)<<<2
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &vmovdqa	($Kx,eval(16*(($Xi)/5))."($K_XX_XX)")	if ($Xi%5==0);	# K_XX_XX
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+
+	 foreach (@insns) { eval; }	# remaining instructions [if any]
+
+  $Xi++;	push(@X,shift(@X));	# "rotate" X[]
+}
+
+sub Xupdate_avx_32_79()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 32 to 48 instructions
+  my ($a,$b,$c,$d,$e);
+
+	&vpalignr(@Tx[0],@X[-1&7],@X[-2&7],8);	# compose "X[-6]"
+	&vpxor	(@X[0],@X[0],@X[-4&7]);		# "X[0]"="X[-32]"^"X[-16]"
+	 eval(shift(@insns));		# body_20_39
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+
+	&vpxor	(@X[0],@X[0],@X[-7&7]);		# "X[0]"^="X[-28]"
+	 eval(shift(@insns));
+	 eval(shift(@insns))	if (@insns[0] !~ /&ro[rl]/);
+	  &vpaddd	(@Tx[1],$Kx,@X[-1&7]);
+	  &vmovdqa	($Kx,eval(16*($Xi/5))."($K_XX_XX)")	if ($Xi%5==0);
+	 eval(shift(@insns));		# ror
+	 eval(shift(@insns));
+
+	&vpxor	(@X[0],@X[0],@Tx[0]);		# "X[0]"^="X[-6]"
+	 eval(shift(@insns));		# body_20_39
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+
+	&vpsrld	(@Tx[0],@X[0],30);
+	  &vmovdqa	(eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]);	# X[]+K xfer to IALU
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# ror
+	 eval(shift(@insns));
+
+	&vpslld	(@X[0],@X[0],2);
+	 eval(shift(@insns));		# body_20_39
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# ror
+	 eval(shift(@insns));
+
+	&vpor	(@X[0],@X[0],@Tx[0]);		# "X[0]"<<<=2
+	 eval(shift(@insns));		# body_20_39
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+	 eval(shift(@insns));
+
+	 foreach (@insns) { eval; }	# remaining instructions
+
+  $Xi++;	push(@X,shift(@X));	# "rotate" X[]
+}
+
+sub Xuplast_avx_80()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
+  my ($a,$b,$c,$d,$e);
+
+	 eval(shift(@insns));
+	  &vpaddd	(@Tx[1],$Kx,@X[-1&7]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	  &vmovdqa	(eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]);	# X[]+K xfer IALU
+
+	 foreach (@insns) { eval; }		# remaining instructions
+
+	&cmp	($inp,$len);
+	&je	(shift);
+
+	&vmovdqa(@Tx[1],"64($K_XX_XX)");	# pbswap mask
+	&vmovdqa($Kx,"0($K_XX_XX)");		# K_00_19
+	&vmovdqu(@X[-4&7],"0($inp)");		# load input
+	&vmovdqu(@X[-3&7],"16($inp)");
+	&vmovdqu(@X[-2&7],"32($inp)");
+	&vmovdqu(@X[-1&7],"48($inp)");
+	&vpshufb(@X[-4&7],@X[-4&7],@Tx[1]);	# byte swap
+	&add	($inp,64);
+
+  $Xi=0;
+}
+
+sub Xloop_avx()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
+  my ($a,$b,$c,$d,$e);
+
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vpshufb(@X[($Xi-3)&7],@X[($Xi-3)&7],@Tx[1]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vpaddd	(@Tx[0],@X[($Xi-4)&7],$Kx);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vmovdqa(eval(16*$Xi)."(%rsp)",@Tx[0]);	# X[]+K xfer to IALU
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	foreach (@insns) { eval; }
+  $Xi++;
+}
+
+sub Xtail_avx()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
+  my ($a,$b,$c,$d,$e);
+
+	foreach (@insns) { eval; }
+}
+
+$code.=<<___;
+.align	32
+.Loop_avx:
+___
+	&Xupdate_avx_16_31(\&body_00_19);
+	&Xupdate_avx_16_31(\&body_00_19);
+	&Xupdate_avx_16_31(\&body_00_19);
+	&Xupdate_avx_16_31(\&body_00_19);
+	&Xupdate_avx_32_79(\&body_00_19);
+	&Xupdate_avx_32_79(\&body_20_39);
+	&Xupdate_avx_32_79(\&body_20_39);
+	&Xupdate_avx_32_79(\&body_20_39);
+	&Xupdate_avx_32_79(\&body_20_39);
+	&Xupdate_avx_32_79(\&body_20_39);
+	&Xupdate_avx_32_79(\&body_40_59);
+	&Xupdate_avx_32_79(\&body_40_59);
+	&Xupdate_avx_32_79(\&body_40_59);
+	&Xupdate_avx_32_79(\&body_40_59);
+	&Xupdate_avx_32_79(\&body_40_59);
+	&Xupdate_avx_32_79(\&body_20_39);
+	&Xuplast_avx_80(\&body_20_39,".Ldone_avx");	# can jump to "done"
+
+				$saved_j=$j; @saved_V=@V;
+				$saved_r=$r; @saved_rndkey=@rndkey;
+
+	&Xloop_avx(\&body_20_39);
+	&Xloop_avx(\&body_20_39);
+	&Xloop_avx(\&body_20_39);
+
+$code.=<<___;
+	vmovups	$iv,48($out,$in0)		# write output
+	lea	64($in0),$in0
+
+	add	0($ctx),$A			# update context
+	add	4($ctx),@T[0]
+	add	8($ctx),$C
+	add	12($ctx),$D
+	mov	$A,0($ctx)
+	add	16($ctx),$E
+	mov	@T[0],4($ctx)
+	mov	@T[0],$B			# magic seed
+	mov	$C,8($ctx)
+	mov	$C,@T[1]
+	mov	$D,12($ctx)
+	xor	$D,@T[1]
+	mov	$E,16($ctx)
+	and	@T[1],@T[0]
+	jmp	.Loop_avx
+
+.Ldone_avx:
+___
+				$jj=$j=$saved_j; @V=@saved_V;
+				$r=$saved_r;     @rndkey=@saved_rndkey;
+
+	&Xtail_avx(\&body_20_39);
+	&Xtail_avx(\&body_20_39);
+	&Xtail_avx(\&body_20_39);
+
+$code.=<<___;
+	vmovups	$iv,48($out,$in0)		# write output
+	mov	88(%rsp),$ivp			# restore $ivp
+
+	add	0($ctx),$A			# update context
+	add	4($ctx),@T[0]
+	add	8($ctx),$C
+	mov	$A,0($ctx)
+	add	12($ctx),$D
+	mov	@T[0],4($ctx)
+	add	16($ctx),$E
+	mov	$C,8($ctx)
+	mov	$D,12($ctx)
+	mov	$E,16($ctx)
+	vmovups	$iv,($ivp)			# write IV
+	vzeroall
+___
+$code.=<<___ if ($win64);
+	movaps	96+0(%rsp),%xmm6
+	movaps	96+16(%rsp),%xmm7
+	movaps	96+32(%rsp),%xmm8
+	movaps	96+48(%rsp),%xmm9
+	movaps	96+64(%rsp),%xmm10
+	movaps	96+80(%rsp),%xmm11
+	movaps	96+96(%rsp),%xmm12
+	movaps	96+112(%rsp),%xmm13
+	movaps	96+128(%rsp),%xmm14
+	movaps	96+144(%rsp),%xmm15
+___
+$code.=<<___;
+	lea	`104+($win64?10*16:0)`(%rsp),%rsi
+.cfi_def_cfa	%rsi,56
+	mov	0(%rsi),%r15
+.cfi_restore	%r15
+	mov	8(%rsi),%r14
+.cfi_restore	%r14
+	mov	16(%rsi),%r13
+.cfi_restore	%r13
+	mov	24(%rsi),%r12
+.cfi_restore	%r12
+	mov	32(%rsi),%rbp
+.cfi_restore	%rbp
+	mov	40(%rsi),%rbx
+.cfi_restore	%rbx
+	lea	48(%rsi),%rsp
+.cfi_def_cfa	%rsp,8
+.Lepilogue_avx:
+	ret
+.cfi_endproc
+.size	aesni_cbc_sha1_enc_avx,.-aesni_cbc_sha1_enc_avx
+___
+
+						if ($stitched_decrypt) {{{
+# reset
+($in0,$out,$len,$key,$ivp,$ctx,$inp)=("%rdi","%rsi","%rdx","%rcx","%r8","%r9","%r10");
+
+$j=$jj=$r=$rx=0;
+$Xi=4;
+
+@aes256_dec = (
+	'&vpxor	($inout0,$rndkey0,"0x00($in0)");',
+	'&vpxor	($inout1,$rndkey0,"0x10($in0)");',
+	'&vpxor	($inout2,$rndkey0,"0x20($in0)");',
+	'&vpxor	($inout3,$rndkey0,"0x30($in0)");',
+
+	'&vmovups($rndkey0,"16-112($key)");',
+	'&vmovups("64(%rsp)",@X[2]);',		# save IV, originally @X[3]
+	undef,undef
+	);
+for ($i=0;$i<13;$i++) {
+    push (@aes256_dec,(
+	'&vaesdec	($inout0,$inout0,$rndkey0);',
+	'&vaesdec	($inout1,$inout1,$rndkey0);',
+	'&vaesdec	($inout2,$inout2,$rndkey0);',
+	'&vaesdec	($inout3,$inout3,$rndkey0);	&vmovups($rndkey0,"'.(16*($i+2)-112).'($key)");'
+	));
+    push (@aes256_dec,(undef,undef))	if (($i>=3 && $i<=5) || $i>=11);
+    push (@aes256_dec,(undef,undef))	if ($i==5);
+}
+push(@aes256_dec,(
+	'&vaesdeclast	($inout0,$inout0,$rndkey0);	&vmovups(@X[0],"0x00($in0)");',
+	'&vaesdeclast	($inout1,$inout1,$rndkey0);	&vmovups(@X[1],"0x10($in0)");',
+	'&vaesdeclast	($inout2,$inout2,$rndkey0);	&vmovups(@X[2],"0x20($in0)");',
+	'&vaesdeclast	($inout3,$inout3,$rndkey0);	&vmovups(@X[3],"0x30($in0)");',
+
+	'&vxorps	($inout0,$inout0,"64(%rsp)");	&vmovdqu($rndkey0,"-112($key)");',
+	'&vxorps	($inout1,$inout1,@X[0]);	&vmovups("0x00($out,$in0)",$inout0);',
+	'&vxorps	($inout2,$inout2,@X[1]);	&vmovups("0x10($out,$in0)",$inout1);',
+	'&vxorps	($inout3,$inout3,@X[2]);	&vmovups("0x20($out,$in0)",$inout2);',
+
+	'&vmovups	("0x30($out,$in0)",$inout3);'
+	));
+
+$code.=<<___;
+.type	aesni256_cbc_sha1_dec_avx,\@function,6
+.align	32
+aesni256_cbc_sha1_dec_avx:
+.cfi_startproc
+	mov	`($win64?56:8)`(%rsp),$inp	# load 7th argument
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+	lea	`-104-($win64?10*16:0)`(%rsp),%rsp
+.cfi_adjust_cfa_offset	`104+($win64?10*16:0)`
+___
+$code.=<<___ if ($win64);
+	movaps	%xmm6,96+0(%rsp)
+	movaps	%xmm7,96+16(%rsp)
+	movaps	%xmm8,96+32(%rsp)
+	movaps	%xmm9,96+48(%rsp)
+	movaps	%xmm10,96+64(%rsp)
+	movaps	%xmm11,96+80(%rsp)
+	movaps	%xmm12,96+96(%rsp)
+	movaps	%xmm13,96+112(%rsp)
+	movaps	%xmm14,96+128(%rsp)
+	movaps	%xmm15,96+144(%rsp)
+.Lprologue_dec_avx:
+___
+$code.=<<___;
+	vzeroall
+	mov	$in0,%r12			# reassign arguments
+	mov	$out,%r13
+	mov	$len,%r14
+	lea	112($key),%r15			# size optimization
+	vmovdqu	($ivp),@X[3]			# load IV
+___
+($in0,$out,$len,$key)=map("%r$_",(12..15));	# reassign arguments
+$code.=<<___;
+	shl	\$6,$len
+	sub	$in0,$out
+	add	$inp,$len		# end of input
+
+	lea	K_XX_XX(%rip),$K_XX_XX
+	mov	0($ctx),$A		# load context
+	mov	4($ctx),$B
+	mov	8($ctx),$C
+	mov	12($ctx),$D
+	mov	$B,@T[0]		# magic seed
+	mov	16($ctx),$E
+	mov	$C,@T[1]
+	xor	$D,@T[1]
+	and	@T[1],@T[0]
+
+	vmovdqa	64($K_XX_XX),@X[2]	# pbswap mask
+	vmovdqa	0($K_XX_XX),$Kx		# K_00_19
+	vmovdqu	0($inp),@X[-4&7]	# load input to %xmm[0-3]
+	vmovdqu	16($inp),@X[-3&7]
+	vmovdqu	32($inp),@X[-2&7]
+	vmovdqu	48($inp),@X[-1&7]
+	vpshufb	@X[2],@X[-4&7],@X[-4&7]	# byte swap
+	add	\$64,$inp
+	vpshufb	@X[2],@X[-3&7],@X[-3&7]
+	vpshufb	@X[2],@X[-2&7],@X[-2&7]
+	vpshufb	@X[2],@X[-1&7],@X[-1&7]
+	vpaddd	$Kx,@X[-4&7],@X[0]	# add K_00_19
+	vpaddd	$Kx,@X[-3&7],@X[1]
+	vpaddd	$Kx,@X[-2&7],@X[2]
+	vmovdqa	@X[0],0(%rsp)		# X[]+K xfer to IALU
+	vmovdqa	@X[1],16(%rsp)
+	vmovdqa	@X[2],32(%rsp)
+	vmovups	-112($key),$rndkey0	# $key[0]
+	jmp	.Loop_dec_avx
+
+.align	32
+.Loop_dec_avx:
+___
+	&Xupdate_avx_16_31(\&body_00_19_dec);
+	&Xupdate_avx_16_31(\&body_00_19_dec);
+	&Xupdate_avx_16_31(\&body_00_19_dec);
+	&Xupdate_avx_16_31(\&body_00_19_dec);
+	&Xupdate_avx_32_79(\&body_00_19_dec);
+	&Xupdate_avx_32_79(\&body_20_39_dec);
+	&Xupdate_avx_32_79(\&body_20_39_dec);
+	&Xupdate_avx_32_79(\&body_20_39_dec);
+	&Xupdate_avx_32_79(\&body_20_39_dec);
+	&Xupdate_avx_32_79(\&body_20_39_dec);
+	&Xupdate_avx_32_79(\&body_40_59_dec);
+	&Xupdate_avx_32_79(\&body_40_59_dec);
+	&Xupdate_avx_32_79(\&body_40_59_dec);
+	&Xupdate_avx_32_79(\&body_40_59_dec);
+	&Xupdate_avx_32_79(\&body_40_59_dec);
+	&Xupdate_avx_32_79(\&body_20_39_dec);
+	&Xuplast_avx_80(\&body_20_39_dec,".Ldone_dec_avx");	# can jump to "done"
+
+				$saved_j=$j; @saved_V=@V;
+				$saved_rx=$rx;
+
+	&Xloop_avx(\&body_20_39_dec);
+	&Xloop_avx(\&body_20_39_dec);
+	&Xloop_avx(\&body_20_39_dec);
+
+	eval(@aes256_dec[-1]);			# last store
+$code.=<<___;
+	lea	64($in0),$in0
+
+	add	0($ctx),$A			# update context
+	add	4($ctx),@T[0]
+	add	8($ctx),$C
+	add	12($ctx),$D
+	mov	$A,0($ctx)
+	add	16($ctx),$E
+	mov	@T[0],4($ctx)
+	mov	@T[0],$B			# magic seed
+	mov	$C,8($ctx)
+	mov	$C,@T[1]
+	mov	$D,12($ctx)
+	xor	$D,@T[1]
+	mov	$E,16($ctx)
+	and	@T[1],@T[0]
+	jmp	.Loop_dec_avx
+
+.Ldone_dec_avx:
+___
+				$jj=$j=$saved_j; @V=@saved_V;
+				$rx=$saved_rx;
+
+	&Xtail_avx(\&body_20_39_dec);
+	&Xtail_avx(\&body_20_39_dec);
+	&Xtail_avx(\&body_20_39_dec);
+
+	eval(@aes256_dec[-1]);			# last store
+$code.=<<___;
+
+	add	0($ctx),$A			# update context
+	add	4($ctx),@T[0]
+	add	8($ctx),$C
+	mov	$A,0($ctx)
+	add	12($ctx),$D
+	mov	@T[0],4($ctx)
+	add	16($ctx),$E
+	mov	$C,8($ctx)
+	mov	$D,12($ctx)
+	mov	$E,16($ctx)
+	vmovups	@X[3],($ivp)			# write IV
+	vzeroall
+___
+$code.=<<___ if ($win64);
+	movaps	96+0(%rsp),%xmm6
+	movaps	96+16(%rsp),%xmm7
+	movaps	96+32(%rsp),%xmm8
+	movaps	96+48(%rsp),%xmm9
+	movaps	96+64(%rsp),%xmm10
+	movaps	96+80(%rsp),%xmm11
+	movaps	96+96(%rsp),%xmm12
+	movaps	96+112(%rsp),%xmm13
+	movaps	96+128(%rsp),%xmm14
+	movaps	96+144(%rsp),%xmm15
+___
+$code.=<<___;
+	lea	`104+($win64?10*16:0)`(%rsp),%rsi
+.cfi_def_cfa	%rsi,56
+	mov	0(%rsi),%r15
+.cfi_restore	%r15
+	mov	8(%rsi),%r14
+.cfi_restore	%r14
+	mov	16(%rsi),%r13
+.cfi_restore	%r13
+	mov	24(%rsi),%r12
+.cfi_restore	%r12
+	mov	32(%rsi),%rbp
+.cfi_restore	%rbp
+	mov	40(%rsi),%rbx
+.cfi_restore	%rbx
+	lea	48(%rsi),%rsp
+.cfi_def_cfa	%rsp,8
+.Lepilogue_dec_avx:
+	ret
+.cfi_endproc
+.size	aesni256_cbc_sha1_dec_avx,.-aesni256_cbc_sha1_dec_avx
+___
+						}}}
+}
+$code.=<<___;
+.align	64
+K_XX_XX:
+.long	0x5a827999,0x5a827999,0x5a827999,0x5a827999	# K_00_19
+.long	0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1	# K_20_39
+.long	0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc	# K_40_59
+.long	0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6	# K_60_79
+.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f	# pbswap mask
+.byte	0xf,0xe,0xd,0xc,0xb,0xa,0x9,0x8,0x7,0x6,0x5,0x4,0x3,0x2,0x1,0x0
+
+.asciz	"AESNI-CBC+SHA1 stitch for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+.align	64
+___
+						if ($shaext) {{{
+($in0,$out,$len,$key,$ivp,$ctx,$inp)=("%rdi","%rsi","%rdx","%rcx","%r8","%r9","%r10");
+
+$rounds="%r11d";
+
+($iv,$in,$rndkey0)=map("%xmm$_",(2,14,15));
+@rndkey=("%xmm0","%xmm1");
+$r=0;
+
+my ($BSWAP,$ABCD,$E,$E_,$ABCD_SAVE,$E_SAVE)=map("%xmm$_",(7..12));
+my @MSG=map("%xmm$_",(3..6));
+
+$code.=<<___;
+.type	aesni_cbc_sha1_enc_shaext,\@function,6
+.align	32
+aesni_cbc_sha1_enc_shaext:
+	mov	`($win64?56:8)`(%rsp),$inp	# load 7th argument
+___
+$code.=<<___ if ($win64);
+	lea	`-8-10*16`(%rsp),%rsp
+	movaps	%xmm6,-8-10*16(%rax)
+	movaps	%xmm7,-8-9*16(%rax)
+	movaps	%xmm8,-8-8*16(%rax)
+	movaps	%xmm9,-8-7*16(%rax)
+	movaps	%xmm10,-8-6*16(%rax)
+	movaps	%xmm11,-8-5*16(%rax)
+	movaps	%xmm12,-8-4*16(%rax)
+	movaps	%xmm13,-8-3*16(%rax)
+	movaps	%xmm14,-8-2*16(%rax)
+	movaps	%xmm15,-8-1*16(%rax)
+.Lprologue_shaext:
+___
+$code.=<<___;
+	movdqu	($ctx),$ABCD
+	movd	16($ctx),$E
+	movdqa	K_XX_XX+0x50(%rip),$BSWAP	# byte-n-word swap
+
+	mov	240($key),$rounds
+	sub	$in0,$out
+	movups	($key),$rndkey0			# $key[0]
+	movups	($ivp),$iv			# load IV
+	movups	16($key),$rndkey[0]		# forward reference
+	lea	112($key),$key			# size optimization
+
+	pshufd	\$0b00011011,$ABCD,$ABCD	# flip word order
+	pshufd	\$0b00011011,$E,$E		# flip word order
+	jmp	.Loop_shaext
+
+.align	16
+.Loop_shaext:
+___
+	&$aesenc();
+$code.=<<___;
+	movdqu		($inp),@MSG[0]
+	movdqa		$E,$E_SAVE		# offload $E
+	pshufb		$BSWAP,@MSG[0]
+	movdqu		0x10($inp),@MSG[1]
+	movdqa		$ABCD,$ABCD_SAVE	# offload $ABCD
+___
+	&$aesenc();
+$code.=<<___;
+	pshufb		$BSWAP,@MSG[1]
+
+	paddd		@MSG[0],$E
+	movdqu		0x20($inp),@MSG[2]
+	lea		0x40($inp),$inp
+	pxor		$E_SAVE,@MSG[0]		# black magic
+___
+	&$aesenc();
+$code.=<<___;
+	pxor		$E_SAVE,@MSG[0]		# black magic
+	movdqa		$ABCD,$E_
+	pshufb		$BSWAP,@MSG[2]
+	sha1rnds4	\$0,$E,$ABCD		# 0-3
+	sha1nexte	@MSG[1],$E_
+___
+	&$aesenc();
+$code.=<<___;
+	sha1msg1	@MSG[1],@MSG[0]
+	movdqu		-0x10($inp),@MSG[3]
+	movdqa		$ABCD,$E
+	pshufb		$BSWAP,@MSG[3]
+___
+	&$aesenc();
+$code.=<<___;
+	sha1rnds4	\$0,$E_,$ABCD		# 4-7
+	sha1nexte	@MSG[2],$E
+	pxor		@MSG[2],@MSG[0]
+	sha1msg1	@MSG[2],@MSG[1]
+___
+	&$aesenc();
+
+for($i=2;$i<20-4;$i++) {
+$code.=<<___;
+	movdqa		$ABCD,$E_
+	sha1rnds4	\$`int($i/5)`,$E,$ABCD	# 8-11
+	sha1nexte	@MSG[3],$E_
+___
+	&$aesenc();
+$code.=<<___;
+	sha1msg2	@MSG[3],@MSG[0]
+	pxor		@MSG[3],@MSG[1]
+	sha1msg1	@MSG[3],@MSG[2]
+___
+	($E,$E_)=($E_,$E);
+	push(@MSG,shift(@MSG));
+
+	&$aesenc();
+}
+$code.=<<___;
+	movdqa		$ABCD,$E_
+	sha1rnds4	\$3,$E,$ABCD		# 64-67
+	sha1nexte	@MSG[3],$E_
+	sha1msg2	@MSG[3],@MSG[0]
+	pxor		@MSG[3],@MSG[1]
+___
+	&$aesenc();
+$code.=<<___;
+	movdqa		$ABCD,$E
+	sha1rnds4	\$3,$E_,$ABCD		# 68-71
+	sha1nexte	@MSG[0],$E
+	sha1msg2	@MSG[0],@MSG[1]
+___
+	&$aesenc();
+$code.=<<___;
+	movdqa		$E_SAVE,@MSG[0]
+	movdqa		$ABCD,$E_
+	sha1rnds4	\$3,$E,$ABCD		# 72-75
+	sha1nexte	@MSG[1],$E_
+___
+	&$aesenc();
+$code.=<<___;
+	movdqa		$ABCD,$E
+	sha1rnds4	\$3,$E_,$ABCD		# 76-79
+	sha1nexte	$MSG[0],$E
+___
+	while($r<40)	{ &$aesenc(); }		# remaining aesenc's
+$code.=<<___;
+	dec		$len
+
+	paddd		$ABCD_SAVE,$ABCD
+	movups		$iv,48($out,$in0)	# write output
+	lea		64($in0),$in0
+	jnz		.Loop_shaext
+
+	pshufd	\$0b00011011,$ABCD,$ABCD
+	pshufd	\$0b00011011,$E,$E
+	movups	$iv,($ivp)			# write IV
+	movdqu	$ABCD,($ctx)
+	movd	$E,16($ctx)
+___
+$code.=<<___ if ($win64);
+	movaps	-8-10*16(%rax),%xmm6
+	movaps	-8-9*16(%rax),%xmm7
+	movaps	-8-8*16(%rax),%xmm8
+	movaps	-8-7*16(%rax),%xmm9
+	movaps	-8-6*16(%rax),%xmm10
+	movaps	-8-5*16(%rax),%xmm11
+	movaps	-8-4*16(%rax),%xmm12
+	movaps	-8-3*16(%rax),%xmm13
+	movaps	-8-2*16(%rax),%xmm14
+	movaps	-8-1*16(%rax),%xmm15
+	mov	%rax,%rsp
+.Lepilogue_shaext:
+___
+$code.=<<___;
+	ret
+.size	aesni_cbc_sha1_enc_shaext,.-aesni_cbc_sha1_enc_shaext
+___
+						}}}
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern	__imp_RtlVirtualUnwind
+.type	ssse3_handler,\@abi-omnipotent
+.align	16
+ssse3_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# prologue label
+	cmp	%r10,%rbx		# context->Rip<prologue label
+	jb	.Lcommon_seh_tail
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lcommon_seh_tail
+___
+$code.=<<___ if ($shaext);
+	lea	aesni_cbc_sha1_enc_shaext(%rip),%r10
+	cmp	%r10,%rbx
+	jb	.Lseh_no_shaext
+
+	lea	(%rax),%rsi
+	lea	512($context),%rdi	# &context.Xmm6
+	mov	\$20,%ecx
+	.long	0xa548f3fc		# cld; rep movsq
+	lea	168(%rax),%rax		# adjust stack pointer
+	jmp	.Lcommon_seh_tail
+.Lseh_no_shaext:
+___
+$code.=<<___;
+	lea	96(%rax),%rsi
+	lea	512($context),%rdi	# &context.Xmm6
+	mov	\$20,%ecx
+	.long	0xa548f3fc		# cld; rep movsq
+	lea	`104+10*16`(%rax),%rax	# adjust stack pointer
+
+	mov	0(%rax),%r15
+	mov	8(%rax),%r14
+	mov	16(%rax),%r13
+	mov	24(%rax),%r12
+	mov	32(%rax),%rbp
+	mov	40(%rax),%rbx
+	lea	48(%rax),%rax
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+	mov	%r14,232($context)	# restore context->R14
+	mov	%r15,240($context)	# restore context->R15
+
+.Lcommon_seh_tail:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$154,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	ssse3_handler,.-ssse3_handler
+
+.section	.pdata
+.align	4
+	.rva	.LSEH_begin_aesni_cbc_sha1_enc_ssse3
+	.rva	.LSEH_end_aesni_cbc_sha1_enc_ssse3
+	.rva	.LSEH_info_aesni_cbc_sha1_enc_ssse3
+___
+$code.=<<___ if ($avx);
+	.rva	.LSEH_begin_aesni_cbc_sha1_enc_avx
+	.rva	.LSEH_end_aesni_cbc_sha1_enc_avx
+	.rva	.LSEH_info_aesni_cbc_sha1_enc_avx
+___
+$code.=<<___ if ($shaext);
+	.rva	.LSEH_begin_aesni_cbc_sha1_enc_shaext
+	.rva	.LSEH_end_aesni_cbc_sha1_enc_shaext
+	.rva	.LSEH_info_aesni_cbc_sha1_enc_shaext
+___
+$code.=<<___;
+.section	.xdata
+.align	8
+.LSEH_info_aesni_cbc_sha1_enc_ssse3:
+	.byte	9,0,0,0
+	.rva	ssse3_handler
+	.rva	.Lprologue_ssse3,.Lepilogue_ssse3	# HandlerData[]
+___
+$code.=<<___ if ($avx);
+.LSEH_info_aesni_cbc_sha1_enc_avx:
+	.byte	9,0,0,0
+	.rva	ssse3_handler
+	.rva	.Lprologue_avx,.Lepilogue_avx		# HandlerData[]
+___
+$code.=<<___ if ($shaext);
+.LSEH_info_aesni_cbc_sha1_enc_shaext:
+	.byte	9,0,0,0
+	.rva	ssse3_handler
+	.rva	.Lprologue_shaext,.Lepilogue_shaext	# HandlerData[]
+___
+}
+
+####################################################################
+sub rex {
+  local *opcode=shift;
+  my ($dst,$src)=@_;
+  my $rex=0;
+
+    $rex|=0x04			if($dst>=8);
+    $rex|=0x01			if($src>=8);
+    unshift @opcode,$rex|0x40	if($rex);
+}
+
+sub sha1rnds4 {
+    if (@_[0] =~ /\$([x0-9a-f]+),\s*%xmm([0-9]+),\s*%xmm([0-9]+)/) {
+      my @opcode=(0x0f,0x3a,0xcc);
+	rex(\@opcode,$3,$2);
+	push @opcode,0xc0|($2&7)|(($3&7)<<3);		# ModR/M
+	my $c=$1;
+	push @opcode,$c=~/^0/?oct($c):$c;
+	return ".byte\t".join(',',@opcode);
+    } else {
+	return "sha1rnds4\t".@_[0];
+    }
+}
+
+sub sha1op38 {
+    my $instr = shift;
+    my %opcodelet = (
+		"sha1nexte" => 0xc8,
+  		"sha1msg1"  => 0xc9,
+		"sha1msg2"  => 0xca	);
+
+    if (defined($opcodelet{$instr}) && @_[0] =~ /%xmm([0-9]+),\s*%xmm([0-9]+)/) {
+      my @opcode=(0x0f,0x38);
+	rex(\@opcode,$2,$1);
+	push @opcode,$opcodelet{$instr};
+	push @opcode,0xc0|($1&7)|(($2&7)<<3);		# ModR/M
+	return ".byte\t".join(',',@opcode);
+    } else {
+	return $instr."\t".@_[0];
+    }
+}
+
+sub aesni {
+  my $line=shift;
+  my @opcode=(0x0f,0x38);
+
+    if ($line=~/(aes[a-z]+)\s+%xmm([0-9]+),\s*%xmm([0-9]+)/) {
+	my %opcodelet = (
+		"aesenc" => 0xdc,	"aesenclast" => 0xdd,
+		"aesdec" => 0xde,	"aesdeclast" => 0xdf
+	);
+	return undef if (!defined($opcodelet{$1}));
+	rex(\@opcode,$3,$2);
+	push @opcode,$opcodelet{$1},0xc0|($2&7)|(($3&7)<<3);	# ModR/M
+	unshift @opcode,0x66;
+	return ".byte\t".join(',',@opcode);
+    }
+    return $line;
+}
+
+foreach (split("\n",$code)) {
+        s/\`([^\`]*)\`/eval $1/geo;
+
+	s/\b(sha1rnds4)\s+(.*)/sha1rnds4($2)/geo		or
+	s/\b(sha1[^\s]*)\s+(.*)/sha1op38($1,$2)/geo		or
+	s/\b(aes.*%xmm[0-9]+).*$/aesni($1)/geo;
+
+	print $_,"\n";
+}
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aesni-sha256-x86_64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aesni-sha256-x86_64.pl
new file mode 100644
index 000000000..ef4602371
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aesni-sha256-x86_64.pl
@@ -0,0 +1,1770 @@
+#! /usr/bin/env perl
+# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# January 2013
+#
+# This is AESNI-CBC+SHA256 stitch implementation. The idea, as spelled
+# in http://download.intel.com/design/intarch/papers/323686.pdf, is
+# that since AESNI-CBC encrypt exhibit *very* low instruction-level
+# parallelism, interleaving it with another algorithm would allow to
+# utilize processor resources better and achieve better performance.
+# SHA256 instruction sequences(*) are taken from sha512-x86_64.pl and
+# AESNI code is weaved into it. As SHA256 dominates execution time,
+# stitch performance does not depend on AES key length. Below are
+# performance numbers in cycles per processed byte, less is better,
+# for standalone AESNI-CBC encrypt, standalone SHA256, and stitched
+# subroutine:
+#
+#		 AES-128/-192/-256+SHA256   this(**)	gain
+# Sandy Bridge	    5.05/6.05/7.05+11.6	    13.0	+28%/36%/43%
+# Ivy Bridge	    5.05/6.05/7.05+10.3	    11.6	+32%/41%/50%
+# Haswell	    4.43/5.29/6.19+7.80	    8.79	+39%/49%/59%
+# Skylake	    2.62/3.14/3.62+7.70	    8.10	+27%/34%/40%
+# Bulldozer	    5.77/6.89/8.00+13.7	    13.7	+42%/50%/58%
+# Ryzen(***)	    2.71/-/3.71+2.05	    2.74/-/3.73	+74%/-/54%
+# Goldmont(***)	    3.82/-/5.35+4.16	    4.73/-/5.94	+69%/-/60%
+#
+# (*)	there are XOP, AVX1 and AVX2 code paths, meaning that
+#	Westmere is omitted from loop, this is because gain was not
+#	estimated high enough to justify the effort;
+# (**)	these are EVP-free results, results obtained with 'speed
+#	-evp aes-256-cbc-hmac-sha256' will vary by percent or two;
+# (***)	these are SHAEXT results;
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+		=~ /GNU assembler version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.19) + ($1>=2.22);
+}
+
+if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
+	   `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.09) + ($1>=2.10);
+}
+
+if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
+	   `ml64 2>&1` =~ /Version ([0-9]+)\./) {
+	$avx = ($1>=10) + ($1>=12);
+}
+
+if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) {
+	$avx = ($2>=3.0) + ($2>3.0);
+}
+
+$shaext=$avx;	### set to zero if compiling for 1.0.1
+$avx=1		if (!$shaext && $avx);
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+$func="aesni_cbc_sha256_enc";
+$TABLE="K256";
+$SZ=4;
+@ROT=($A,$B,$C,$D,$E,$F,$G,$H)=("%eax","%ebx","%ecx","%edx",
+				"%r8d","%r9d","%r10d","%r11d");
+($T1,$a0,$a1,$a2,$a3)=("%r12d","%r13d","%r14d","%r15d","%esi");
+@Sigma0=( 2,13,22);
+@Sigma1=( 6,11,25);
+@sigma0=( 7,18, 3);
+@sigma1=(17,19,10);
+$rounds=64;
+
+########################################################################
+# void aesni_cbc_sha256_enc(const void *inp,
+#			void *out,
+#			size_t length,
+#			const AES_KEY *key,
+#			unsigned char *iv,
+#			SHA256_CTX *ctx,
+#			const void *in0);
+($inp,  $out,  $len,  $key,  $ivp, $ctx, $in0) =
+("%rdi","%rsi","%rdx","%rcx","%r8","%r9","%r10");
+
+$Tbl="%rbp";
+
+$_inp="16*$SZ+0*8(%rsp)";
+$_out="16*$SZ+1*8(%rsp)";
+$_end="16*$SZ+2*8(%rsp)";
+$_key="16*$SZ+3*8(%rsp)";
+$_ivp="16*$SZ+4*8(%rsp)";
+$_ctx="16*$SZ+5*8(%rsp)";
+$_in0="16*$SZ+6*8(%rsp)";
+$_rsp="`16*$SZ+7*8`(%rsp)";
+$framesz=16*$SZ+8*8;
+
+$code=<<___;
+.text
+
+.extern	OPENSSL_ia32cap_P
+.globl	$func
+.type	$func,\@abi-omnipotent
+.align	16
+$func:
+___
+						if ($avx) {
+$code.=<<___;
+	lea	OPENSSL_ia32cap_P(%rip),%r11
+	mov	\$1,%eax
+	cmp	\$0,`$win64?"%rcx":"%rdi"`
+	je	.Lprobe
+	mov	0(%r11),%eax
+	mov	4(%r11),%r10
+___
+$code.=<<___ if ($shaext);
+	bt	\$61,%r10			# check for SHA
+	jc	${func}_shaext
+___
+$code.=<<___;
+	mov	%r10,%r11
+	shr	\$32,%r11
+
+	test	\$`1<<11`,%r10d			# check for XOP
+	jnz	${func}_xop
+___
+$code.=<<___ if ($avx>1);
+	and	\$`1<<8|1<<5|1<<3`,%r11d	# check for BMI2+AVX2+BMI1
+	cmp	\$`1<<8|1<<5|1<<3`,%r11d
+	je	${func}_avx2
+___
+$code.=<<___;
+	and	\$`1<<28`,%r10d			# check for AVX
+	jnz	${func}_avx
+	ud2
+___
+						}
+$code.=<<___;
+	xor	%eax,%eax
+	cmp	\$0,`$win64?"%rcx":"%rdi"`
+	je	.Lprobe
+	ud2
+.Lprobe:
+	ret
+.size	$func,.-$func
+
+.align	64
+.type	$TABLE,\@object
+$TABLE:
+	.long	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
+	.long	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
+	.long	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
+	.long	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
+	.long	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
+	.long	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
+	.long	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
+	.long	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
+	.long	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
+	.long	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
+	.long	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
+	.long	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
+	.long	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
+	.long	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
+	.long	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
+	.long	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
+	.long	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
+	.long	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
+	.long	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
+	.long	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
+	.long	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
+	.long	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
+	.long	0xd192e819,0xd6990624,0xf40e3585,0x106aa070
+	.long	0xd192e819,0xd6990624,0xf40e3585,0x106aa070
+	.long	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
+	.long	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
+	.long	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
+	.long	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
+	.long	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
+	.long	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
+	.long	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
+	.long	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
+
+	.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f
+	.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f
+	.long	0,0,0,0,   0,0,0,0,   -1,-1,-1,-1
+	.long	0,0,0,0,   0,0,0,0
+	.asciz	"AESNI-CBC+SHA256 stitch for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+.align	64
+___
+
+######################################################################
+# SIMD code paths
+#
+{{{
+($iv,$inout,$roundkey,$temp,
+ $mask10,$mask12,$mask14,$offload)=map("%xmm$_",(8..15));
+
+$aesni_cbc_idx=0;
+@aesni_cbc_block = (
+##	&vmovdqu	($roundkey,"0x00-0x80($inp)");'
+##	&vmovdqu	($inout,($inp));
+##	&mov		($_inp,$inp);
+
+	'&vpxor		($inout,$inout,$roundkey);'.
+	' &vmovdqu	($roundkey,"0x10-0x80($inp)");',
+
+	'&vpxor		($inout,$inout,$iv);',
+
+	'&vaesenc	($inout,$inout,$roundkey);'.
+	' &vmovdqu	($roundkey,"0x20-0x80($inp)");',
+
+	'&vaesenc	($inout,$inout,$roundkey);'.
+	' &vmovdqu	($roundkey,"0x30-0x80($inp)");',
+
+	'&vaesenc	($inout,$inout,$roundkey);'.
+	' &vmovdqu	($roundkey,"0x40-0x80($inp)");',
+
+	'&vaesenc	($inout,$inout,$roundkey);'.
+	' &vmovdqu	($roundkey,"0x50-0x80($inp)");',
+
+	'&vaesenc	($inout,$inout,$roundkey);'.
+	' &vmovdqu	($roundkey,"0x60-0x80($inp)");',
+
+	'&vaesenc	($inout,$inout,$roundkey);'.
+	' &vmovdqu	($roundkey,"0x70-0x80($inp)");',
+
+	'&vaesenc	($inout,$inout,$roundkey);'.
+	' &vmovdqu	($roundkey,"0x80-0x80($inp)");',
+
+	'&vaesenc	($inout,$inout,$roundkey);'.
+	' &vmovdqu	($roundkey,"0x90-0x80($inp)");',
+
+	'&vaesenc	($inout,$inout,$roundkey);'.
+	' &vmovdqu	($roundkey,"0xa0-0x80($inp)");',
+
+	'&vaesenclast	($temp,$inout,$roundkey);'.
+	' &vaesenc	($inout,$inout,$roundkey);'.
+	' &vmovdqu	($roundkey,"0xb0-0x80($inp)");',
+
+	'&vpand		($iv,$temp,$mask10);'.
+	' &vaesenc	($inout,$inout,$roundkey);'.
+	' &vmovdqu	($roundkey,"0xc0-0x80($inp)");',
+
+	'&vaesenclast	($temp,$inout,$roundkey);'.
+	' &vaesenc	($inout,$inout,$roundkey);'.
+	' &vmovdqu	($roundkey,"0xd0-0x80($inp)");',
+
+	'&vpand		($temp,$temp,$mask12);'.
+	' &vaesenc	($inout,$inout,$roundkey);'.
+	 '&vmovdqu	($roundkey,"0xe0-0x80($inp)");',
+
+	'&vpor		($iv,$iv,$temp);'.
+	' &vaesenclast	($temp,$inout,$roundkey);'.
+	' &vmovdqu	($roundkey,"0x00-0x80($inp)");'
+
+##	&mov		($inp,$_inp);
+##	&mov		($out,$_out);
+##	&vpand		($temp,$temp,$mask14);
+##	&vpor		($iv,$iv,$temp);
+##	&vmovdqu	($iv,($out,$inp);
+##	&lea		(inp,16($inp));
+);
+
+my $a4=$T1;
+my ($a,$b,$c,$d,$e,$f,$g,$h);
+
+sub AUTOLOAD()		# thunk [simplified] 32-bit style perlasm
+{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://;
+  my $arg = pop;
+    $arg = "\$$arg" if ($arg*1 eq $arg);
+    $code .= "\t$opcode\t".join(',',$arg,reverse @_)."\n";
+}
+
+sub body_00_15 () {
+	(
+	'($a,$b,$c,$d,$e,$f,$g,$h)=@ROT;'.
+
+	'&ror	($a0,$Sigma1[2]-$Sigma1[1])',
+	'&mov	($a,$a1)',
+	'&mov	($a4,$f)',
+
+	'&xor	($a0,$e)',
+	'&ror	($a1,$Sigma0[2]-$Sigma0[1])',
+	'&xor	($a4,$g)',			# f^g
+
+	'&ror	($a0,$Sigma1[1]-$Sigma1[0])',
+	'&xor	($a1,$a)',
+	'&and	($a4,$e)',			# (f^g)&e
+
+	@aesni_cbc_block[$aesni_cbc_idx++].
+	'&xor	($a0,$e)',
+	'&add	($h,$SZ*($i&15)."(%rsp)")',	# h+=X[i]+K[i]
+	'&mov	($a2,$a)',
+
+	'&ror	($a1,$Sigma0[1]-$Sigma0[0])',
+	'&xor	($a4,$g)',			# Ch(e,f,g)=((f^g)&e)^g
+	'&xor	($a2,$b)',			# a^b, b^c in next round
+
+	'&ror	($a0,$Sigma1[0])',		# Sigma1(e)
+	'&add	($h,$a4)',			# h+=Ch(e,f,g)
+	'&and	($a3,$a2)',			# (b^c)&(a^b)
+
+	'&xor	($a1,$a)',
+	'&add	($h,$a0)',			# h+=Sigma1(e)
+	'&xor	($a3,$b)',			# Maj(a,b,c)=Ch(a^b,c,b)
+
+	'&add	($d,$h)',			# d+=h
+	'&ror	($a1,$Sigma0[0])',		# Sigma0(a)
+	'&add	($h,$a3)',			# h+=Maj(a,b,c)
+
+	'&mov	($a0,$d)',
+	'&add	($a1,$h);'.			# h+=Sigma0(a)
+	'($a2,$a3) = ($a3,$a2); unshift(@ROT,pop(@ROT)); $i++;'
+	);
+}
+
+if ($avx) {{
+######################################################################
+# XOP code path
+#
+$code.=<<___;
+.type	${func}_xop,\@function,6
+.align	64
+${func}_xop:
+.cfi_startproc
+.Lxop_shortcut:
+	mov	`($win64?56:8)`(%rsp),$in0	# load 7th parameter
+	mov	%rsp,%rax		# copy %rsp
+.cfi_def_cfa_register	%rax
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+	sub	\$`$framesz+$win64*16*10`,%rsp
+	and	\$-64,%rsp		# align stack frame
+
+	shl	\$6,$len
+	sub	$inp,$out		# re-bias
+	sub	$inp,$in0
+	add	$inp,$len		# end of input
+
+	#mov	$inp,$_inp		# saved later
+	mov	$out,$_out
+	mov	$len,$_end
+	#mov	$key,$_key		# remains resident in $inp register
+	mov	$ivp,$_ivp
+	mov	$ctx,$_ctx
+	mov	$in0,$_in0
+	mov	%rax,$_rsp
+.cfi_cfa_expression	$_rsp,deref,+8
+___
+$code.=<<___ if ($win64);
+	movaps	%xmm6,`$framesz+16*0`(%rsp)
+	movaps	%xmm7,`$framesz+16*1`(%rsp)
+	movaps	%xmm8,`$framesz+16*2`(%rsp)
+	movaps	%xmm9,`$framesz+16*3`(%rsp)
+	movaps	%xmm10,`$framesz+16*4`(%rsp)
+	movaps	%xmm11,`$framesz+16*5`(%rsp)
+	movaps	%xmm12,`$framesz+16*6`(%rsp)
+	movaps	%xmm13,`$framesz+16*7`(%rsp)
+	movaps	%xmm14,`$framesz+16*8`(%rsp)
+	movaps	%xmm15,`$framesz+16*9`(%rsp)
+___
+$code.=<<___;
+.Lprologue_xop:
+	vzeroall
+
+	mov	$inp,%r12		# borrow $a4
+	lea	0x80($key),$inp		# size optimization, reassign
+	lea	$TABLE+`$SZ*2*$rounds+32`(%rip),%r13	# borrow $a0
+	mov	0xf0-0x80($inp),%r14d	# rounds, borrow $a1
+	mov	$ctx,%r15		# borrow $a2
+	mov	$in0,%rsi		# borrow $a3
+	vmovdqu	($ivp),$iv		# load IV
+	sub	\$9,%r14
+
+	mov	$SZ*0(%r15),$A
+	mov	$SZ*1(%r15),$B
+	mov	$SZ*2(%r15),$C
+	mov	$SZ*3(%r15),$D
+	mov	$SZ*4(%r15),$E
+	mov	$SZ*5(%r15),$F
+	mov	$SZ*6(%r15),$G
+	mov	$SZ*7(%r15),$H
+
+	vmovdqa	0x00(%r13,%r14,8),$mask14
+	vmovdqa	0x10(%r13,%r14,8),$mask12
+	vmovdqa	0x20(%r13,%r14,8),$mask10
+	vmovdqu	0x00-0x80($inp),$roundkey
+	jmp	.Lloop_xop
+___
+					if ($SZ==4) {	# SHA256
+    my @X = map("%xmm$_",(0..3));
+    my ($t0,$t1,$t2,$t3) = map("%xmm$_",(4..7));
+
+$code.=<<___;
+.align	16
+.Lloop_xop:
+	vmovdqa	$TABLE+`$SZ*2*$rounds`(%rip),$t3
+	vmovdqu	0x00(%rsi,%r12),@X[0]
+	vmovdqu	0x10(%rsi,%r12),@X[1]
+	vmovdqu	0x20(%rsi,%r12),@X[2]
+	vmovdqu	0x30(%rsi,%r12),@X[3]
+	vpshufb	$t3,@X[0],@X[0]
+	lea	$TABLE(%rip),$Tbl
+	vpshufb	$t3,@X[1],@X[1]
+	vpshufb	$t3,@X[2],@X[2]
+	vpaddd	0x00($Tbl),@X[0],$t0
+	vpshufb	$t3,@X[3],@X[3]
+	vpaddd	0x20($Tbl),@X[1],$t1
+	vpaddd	0x40($Tbl),@X[2],$t2
+	vpaddd	0x60($Tbl),@X[3],$t3
+	vmovdqa	$t0,0x00(%rsp)
+	mov	$A,$a1
+	vmovdqa	$t1,0x10(%rsp)
+	mov	$B,$a3
+	vmovdqa	$t2,0x20(%rsp)
+	xor	$C,$a3			# magic
+	vmovdqa	$t3,0x30(%rsp)
+	mov	$E,$a0
+	jmp	.Lxop_00_47
+
+.align	16
+.Lxop_00_47:
+	sub	\$-16*2*$SZ,$Tbl	# size optimization
+	vmovdqu	(%r12),$inout		# $a4
+	mov	%r12,$_inp		# $a4
+___
+sub XOP_256_00_47 () {
+my $j = shift;
+my $body = shift;
+my @X = @_;
+my @insns = (&$body,&$body,&$body,&$body);	# 104 instructions
+
+	&vpalignr	($t0,@X[1],@X[0],$SZ);	# X[1..4]
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vpalignr	($t3,@X[3],@X[2],$SZ);	# X[9..12]
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vprotd		($t1,$t0,8*$SZ-$sigma0[1]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vpsrld		($t0,$t0,$sigma0[2]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vpaddd	(@X[0],@X[0],$t3);	# X[0..3] += X[9..12]
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vprotd		($t2,$t1,$sigma0[1]-$sigma0[0]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vpxor		($t0,$t0,$t1);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vprotd	($t3,@X[3],8*$SZ-$sigma1[1]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vpxor		($t0,$t0,$t2);		# sigma0(X[1..4])
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vpsrld	($t2,@X[3],$sigma1[2]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vpaddd		(@X[0],@X[0],$t0);	# X[0..3] += sigma0(X[1..4])
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vprotd	($t1,$t3,$sigma1[1]-$sigma1[0]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vpxor		($t3,$t3,$t2);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vpxor		($t3,$t3,$t1);		# sigma1(X[14..15])
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vpsrldq	($t3,$t3,8);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vpaddd		(@X[0],@X[0],$t3);	# X[0..1] += sigma1(X[14..15])
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vprotd	($t3,@X[0],8*$SZ-$sigma1[1]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vpsrld	($t2,@X[0],$sigma1[2]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vprotd	($t1,$t3,$sigma1[1]-$sigma1[0]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vpxor		($t3,$t3,$t2);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vpxor		($t3,$t3,$t1);		# sigma1(X[16..17])
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vpslldq	($t3,$t3,8);		# 22 instructions
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vpaddd		(@X[0],@X[0],$t3);	# X[2..3] += sigma1(X[16..17])
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vpaddd		($t2,@X[0],16*2*$j."($Tbl)");
+	  foreach (@insns) { eval; }		# remaining instructions
+	&vmovdqa	(16*$j."(%rsp)",$t2);
+}
+
+    $aesni_cbc_idx=0;
+    for ($i=0,$j=0; $j<4; $j++) {
+	&XOP_256_00_47($j,\&body_00_15,@X);
+	push(@X,shift(@X));			# rotate(@X)
+    }
+    	&mov		("%r12",$_inp);		# borrow $a4
+	&vpand		($temp,$temp,$mask14);
+	&mov		("%r15",$_out);		# borrow $a2
+	&vpor		($iv,$iv,$temp);
+	&vmovdqu	("(%r15,%r12)",$iv);	# write output
+	&lea		("%r12","16(%r12)");	# inp++
+
+	&cmpb	($SZ-1+16*2*$SZ."($Tbl)",0);
+	&jne	(".Lxop_00_47");
+
+	&vmovdqu	($inout,"(%r12)");
+	&mov		($_inp,"%r12");
+
+    $aesni_cbc_idx=0;
+    for ($i=0; $i<16; ) {
+	foreach(body_00_15()) { eval; }
+    }
+					}
+$code.=<<___;
+	mov	$_inp,%r12		# borrow $a4
+	mov	$_out,%r13		# borrow $a0
+	mov	$_ctx,%r15		# borrow $a2
+	mov	$_in0,%rsi		# borrow $a3
+
+	vpand	$mask14,$temp,$temp
+	mov	$a1,$A
+	vpor	$temp,$iv,$iv
+	vmovdqu	$iv,(%r13,%r12)		# write output
+	lea	16(%r12),%r12		# inp++
+
+	add	$SZ*0(%r15),$A
+	add	$SZ*1(%r15),$B
+	add	$SZ*2(%r15),$C
+	add	$SZ*3(%r15),$D
+	add	$SZ*4(%r15),$E
+	add	$SZ*5(%r15),$F
+	add	$SZ*6(%r15),$G
+	add	$SZ*7(%r15),$H
+
+	cmp	$_end,%r12
+
+	mov	$A,$SZ*0(%r15)
+	mov	$B,$SZ*1(%r15)
+	mov	$C,$SZ*2(%r15)
+	mov	$D,$SZ*3(%r15)
+	mov	$E,$SZ*4(%r15)
+	mov	$F,$SZ*5(%r15)
+	mov	$G,$SZ*6(%r15)
+	mov	$H,$SZ*7(%r15)
+
+	jb	.Lloop_xop
+
+	mov	$_ivp,$ivp
+	mov	$_rsp,%rsi
+.cfi_def_cfa	%rsi,8
+	vmovdqu	$iv,($ivp)		# output IV
+	vzeroall
+___
+$code.=<<___ if ($win64);
+	movaps	`$framesz+16*0`(%rsp),%xmm6
+	movaps	`$framesz+16*1`(%rsp),%xmm7
+	movaps	`$framesz+16*2`(%rsp),%xmm8
+	movaps	`$framesz+16*3`(%rsp),%xmm9
+	movaps	`$framesz+16*4`(%rsp),%xmm10
+	movaps	`$framesz+16*5`(%rsp),%xmm11
+	movaps	`$framesz+16*6`(%rsp),%xmm12
+	movaps	`$framesz+16*7`(%rsp),%xmm13
+	movaps	`$framesz+16*8`(%rsp),%xmm14
+	movaps	`$framesz+16*9`(%rsp),%xmm15
+___
+$code.=<<___;
+	mov	-48(%rsi),%r15
+.cfi_restore	%r15
+	mov	-40(%rsi),%r14
+.cfi_restore	%r14
+	mov	-32(%rsi),%r13
+.cfi_restore	%r13
+	mov	-24(%rsi),%r12
+.cfi_restore	%r12
+	mov	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lepilogue_xop:
+	ret
+.cfi_endproc
+.size	${func}_xop,.-${func}_xop
+___
+######################################################################
+# AVX+shrd code path
+#
+local *ror = sub { &shrd(@_[0],@_) };
+
+$code.=<<___;
+.type	${func}_avx,\@function,6
+.align	64
+${func}_avx:
+.cfi_startproc
+.Lavx_shortcut:
+	mov	`($win64?56:8)`(%rsp),$in0	# load 7th parameter
+	mov	%rsp,%rax		# copy %rsp
+.cfi_def_cfa_register	%rax
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+	sub	\$`$framesz+$win64*16*10`,%rsp
+	and	\$-64,%rsp		# align stack frame
+
+	shl	\$6,$len
+	sub	$inp,$out		# re-bias
+	sub	$inp,$in0
+	add	$inp,$len		# end of input
+
+	#mov	$inp,$_inp		# saved later
+	mov	$out,$_out
+	mov	$len,$_end
+	#mov	$key,$_key		# remains resident in $inp register
+	mov	$ivp,$_ivp
+	mov	$ctx,$_ctx
+	mov	$in0,$_in0
+	mov	%rax,$_rsp
+.cfi_cfa_expression	$_rsp,deref,+8
+___
+$code.=<<___ if ($win64);
+	movaps	%xmm6,`$framesz+16*0`(%rsp)
+	movaps	%xmm7,`$framesz+16*1`(%rsp)
+	movaps	%xmm8,`$framesz+16*2`(%rsp)
+	movaps	%xmm9,`$framesz+16*3`(%rsp)
+	movaps	%xmm10,`$framesz+16*4`(%rsp)
+	movaps	%xmm11,`$framesz+16*5`(%rsp)
+	movaps	%xmm12,`$framesz+16*6`(%rsp)
+	movaps	%xmm13,`$framesz+16*7`(%rsp)
+	movaps	%xmm14,`$framesz+16*8`(%rsp)
+	movaps	%xmm15,`$framesz+16*9`(%rsp)
+___
+$code.=<<___;
+.Lprologue_avx:
+	vzeroall
+
+	mov	$inp,%r12		# borrow $a4
+	lea	0x80($key),$inp		# size optimization, reassign
+	lea	$TABLE+`$SZ*2*$rounds+32`(%rip),%r13	# borrow $a0
+	mov	0xf0-0x80($inp),%r14d	# rounds, borrow $a1
+	mov	$ctx,%r15		# borrow $a2
+	mov	$in0,%rsi		# borrow $a3
+	vmovdqu	($ivp),$iv		# load IV
+	sub	\$9,%r14
+
+	mov	$SZ*0(%r15),$A
+	mov	$SZ*1(%r15),$B
+	mov	$SZ*2(%r15),$C
+	mov	$SZ*3(%r15),$D
+	mov	$SZ*4(%r15),$E
+	mov	$SZ*5(%r15),$F
+	mov	$SZ*6(%r15),$G
+	mov	$SZ*7(%r15),$H
+
+	vmovdqa	0x00(%r13,%r14,8),$mask14
+	vmovdqa	0x10(%r13,%r14,8),$mask12
+	vmovdqa	0x20(%r13,%r14,8),$mask10
+	vmovdqu	0x00-0x80($inp),$roundkey
+___
+					if ($SZ==4) {	# SHA256
+    my @X = map("%xmm$_",(0..3));
+    my ($t0,$t1,$t2,$t3) = map("%xmm$_",(4..7));
+
+$code.=<<___;
+	jmp	.Lloop_avx
+.align	16
+.Lloop_avx:
+	vmovdqa	$TABLE+`$SZ*2*$rounds`(%rip),$t3
+	vmovdqu	0x00(%rsi,%r12),@X[0]
+	vmovdqu	0x10(%rsi,%r12),@X[1]
+	vmovdqu	0x20(%rsi,%r12),@X[2]
+	vmovdqu	0x30(%rsi,%r12),@X[3]
+	vpshufb	$t3,@X[0],@X[0]
+	lea	$TABLE(%rip),$Tbl
+	vpshufb	$t3,@X[1],@X[1]
+	vpshufb	$t3,@X[2],@X[2]
+	vpaddd	0x00($Tbl),@X[0],$t0
+	vpshufb	$t3,@X[3],@X[3]
+	vpaddd	0x20($Tbl),@X[1],$t1
+	vpaddd	0x40($Tbl),@X[2],$t2
+	vpaddd	0x60($Tbl),@X[3],$t3
+	vmovdqa	$t0,0x00(%rsp)
+	mov	$A,$a1
+	vmovdqa	$t1,0x10(%rsp)
+	mov	$B,$a3
+	vmovdqa	$t2,0x20(%rsp)
+	xor	$C,$a3			# magic
+	vmovdqa	$t3,0x30(%rsp)
+	mov	$E,$a0
+	jmp	.Lavx_00_47
+
+.align	16
+.Lavx_00_47:
+	sub	\$-16*2*$SZ,$Tbl	# size optimization
+	vmovdqu	(%r12),$inout		# $a4
+	mov	%r12,$_inp		# $a4
+___
+sub Xupdate_256_AVX () {
+	(
+	'&vpalignr	($t0,@X[1],@X[0],$SZ)',	# X[1..4]
+	 '&vpalignr	($t3,@X[3],@X[2],$SZ)',	# X[9..12]
+	'&vpsrld	($t2,$t0,$sigma0[0]);',
+	 '&vpaddd	(@X[0],@X[0],$t3)',	# X[0..3] += X[9..12]
+	'&vpsrld	($t3,$t0,$sigma0[2])',
+	'&vpslld	($t1,$t0,8*$SZ-$sigma0[1]);',
+	'&vpxor		($t0,$t3,$t2)',
+	 '&vpshufd	($t3,@X[3],0b11111010)',# X[14..15]
+	'&vpsrld	($t2,$t2,$sigma0[1]-$sigma0[0]);',
+	'&vpxor		($t0,$t0,$t1)',
+	'&vpslld	($t1,$t1,$sigma0[1]-$sigma0[0]);',
+	'&vpxor		($t0,$t0,$t2)',
+	 '&vpsrld	($t2,$t3,$sigma1[2]);',
+	'&vpxor		($t0,$t0,$t1)',		# sigma0(X[1..4])
+	 '&vpsrlq	($t3,$t3,$sigma1[0]);',
+	'&vpaddd	(@X[0],@X[0],$t0)',	# X[0..3] += sigma0(X[1..4])
+	 '&vpxor	($t2,$t2,$t3);',
+	 '&vpsrlq	($t3,$t3,$sigma1[1]-$sigma1[0])',
+	 '&vpxor	($t2,$t2,$t3)',		# sigma1(X[14..15])
+	 '&vpshufd	($t2,$t2,0b10000100)',
+	 '&vpsrldq	($t2,$t2,8)',
+	'&vpaddd	(@X[0],@X[0],$t2)',	# X[0..1] += sigma1(X[14..15])
+	 '&vpshufd	($t3,@X[0],0b01010000)',# X[16..17]
+	 '&vpsrld	($t2,$t3,$sigma1[2])',
+	 '&vpsrlq	($t3,$t3,$sigma1[0])',
+	 '&vpxor	($t2,$t2,$t3);',
+	 '&vpsrlq	($t3,$t3,$sigma1[1]-$sigma1[0])',
+	 '&vpxor	($t2,$t2,$t3)',
+	 '&vpshufd	($t2,$t2,0b11101000)',
+	 '&vpslldq	($t2,$t2,8)',
+	'&vpaddd	(@X[0],@X[0],$t2)'	# X[2..3] += sigma1(X[16..17])
+	);
+}
+
+sub AVX_256_00_47 () {
+my $j = shift;
+my $body = shift;
+my @X = @_;
+my @insns = (&$body,&$body,&$body,&$body);	# 104 instructions
+
+	foreach (Xupdate_256_AVX()) {		# 29 instructions
+	    eval;
+	    eval(shift(@insns));
+	    eval(shift(@insns));
+	    eval(shift(@insns));
+	}
+	&vpaddd		($t2,@X[0],16*2*$j."($Tbl)");
+	  foreach (@insns) { eval; }		# remaining instructions
+	&vmovdqa	(16*$j."(%rsp)",$t2);
+}
+
+    $aesni_cbc_idx=0;
+    for ($i=0,$j=0; $j<4; $j++) {
+	&AVX_256_00_47($j,\&body_00_15,@X);
+	push(@X,shift(@X));			# rotate(@X)
+    }
+    	&mov		("%r12",$_inp);		# borrow $a4
+	&vpand		($temp,$temp,$mask14);
+	&mov		("%r15",$_out);		# borrow $a2
+	&vpor		($iv,$iv,$temp);
+	&vmovdqu	("(%r15,%r12)",$iv);	# write output
+	&lea		("%r12","16(%r12)");	# inp++
+
+	&cmpb	($SZ-1+16*2*$SZ."($Tbl)",0);
+	&jne	(".Lavx_00_47");
+
+	&vmovdqu	($inout,"(%r12)");
+	&mov		($_inp,"%r12");
+
+    $aesni_cbc_idx=0;
+    for ($i=0; $i<16; ) {
+	foreach(body_00_15()) { eval; }
+    }
+
+					}
+$code.=<<___;
+	mov	$_inp,%r12		# borrow $a4
+	mov	$_out,%r13		# borrow $a0
+	mov	$_ctx,%r15		# borrow $a2
+	mov	$_in0,%rsi		# borrow $a3
+
+	vpand	$mask14,$temp,$temp
+	mov	$a1,$A
+	vpor	$temp,$iv,$iv
+	vmovdqu	$iv,(%r13,%r12)		# write output
+	lea	16(%r12),%r12		# inp++
+
+	add	$SZ*0(%r15),$A
+	add	$SZ*1(%r15),$B
+	add	$SZ*2(%r15),$C
+	add	$SZ*3(%r15),$D
+	add	$SZ*4(%r15),$E
+	add	$SZ*5(%r15),$F
+	add	$SZ*6(%r15),$G
+	add	$SZ*7(%r15),$H
+
+	cmp	$_end,%r12
+
+	mov	$A,$SZ*0(%r15)
+	mov	$B,$SZ*1(%r15)
+	mov	$C,$SZ*2(%r15)
+	mov	$D,$SZ*3(%r15)
+	mov	$E,$SZ*4(%r15)
+	mov	$F,$SZ*5(%r15)
+	mov	$G,$SZ*6(%r15)
+	mov	$H,$SZ*7(%r15)
+	jb	.Lloop_avx
+
+	mov	$_ivp,$ivp
+	mov	$_rsp,%rsi
+.cfi_def_cfa	%rsi,8
+	vmovdqu	$iv,($ivp)		# output IV
+	vzeroall
+___
+$code.=<<___ if ($win64);
+	movaps	`$framesz+16*0`(%rsp),%xmm6
+	movaps	`$framesz+16*1`(%rsp),%xmm7
+	movaps	`$framesz+16*2`(%rsp),%xmm8
+	movaps	`$framesz+16*3`(%rsp),%xmm9
+	movaps	`$framesz+16*4`(%rsp),%xmm10
+	movaps	`$framesz+16*5`(%rsp),%xmm11
+	movaps	`$framesz+16*6`(%rsp),%xmm12
+	movaps	`$framesz+16*7`(%rsp),%xmm13
+	movaps	`$framesz+16*8`(%rsp),%xmm14
+	movaps	`$framesz+16*9`(%rsp),%xmm15
+___
+$code.=<<___;
+	mov	-48(%rsi),%r15
+.cfi_restore	%r15
+	mov	-40(%rsi),%r14
+.cfi_restore	%r14
+	mov	-32(%rsi),%r13
+.cfi_restore	%r13
+	mov	-24(%rsi),%r12
+.cfi_restore	%r12
+	mov	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lepilogue_avx:
+	ret
+.cfi_endproc
+.size	${func}_avx,.-${func}_avx
+___
+
+if ($avx>1) {{
+######################################################################
+# AVX2+BMI code path
+#
+my $a5=$SZ==4?"%esi":"%rsi";	# zap $inp
+my $PUSH8=8*2*$SZ;
+use integer;
+
+sub bodyx_00_15 () {
+	# at start $a1 should be zero, $a3 - $b^$c and $a4 copy of $f
+	(
+	'($a,$b,$c,$d,$e,$f,$g,$h)=@ROT;'.
+
+	'&add	($h,(32*($i/(16/$SZ))+$SZ*($i%(16/$SZ)))%$PUSH8.$base)',    # h+=X[i]+K[i]
+	'&and	($a4,$e)',		# f&e
+	'&rorx	($a0,$e,$Sigma1[2])',
+	'&rorx	($a2,$e,$Sigma1[1])',
+
+	'&lea	($a,"($a,$a1)")',	# h+=Sigma0(a) from the past
+	'&lea	($h,"($h,$a4)")',
+	'&andn	($a4,$e,$g)',		# ~e&g
+	'&xor	($a0,$a2)',
+
+	'&rorx	($a1,$e,$Sigma1[0])',
+	'&lea	($h,"($h,$a4)")',	# h+=Ch(e,f,g)=(e&f)+(~e&g)
+	'&xor	($a0,$a1)',		# Sigma1(e)
+	'&mov	($a2,$a)',
+
+	'&rorx	($a4,$a,$Sigma0[2])',
+	'&lea	($h,"($h,$a0)")',	# h+=Sigma1(e)
+	'&xor	($a2,$b)',		# a^b, b^c in next round
+	'&rorx	($a1,$a,$Sigma0[1])',
+
+	'&rorx	($a0,$a,$Sigma0[0])',
+	'&lea	($d,"($d,$h)")',	# d+=h
+	'&and	($a3,$a2)',		# (b^c)&(a^b)
+	@aesni_cbc_block[$aesni_cbc_idx++].
+	'&xor	($a1,$a4)',
+
+	'&xor	($a3,$b)',		# Maj(a,b,c)=Ch(a^b,c,b)
+	'&xor	($a1,$a0)',		# Sigma0(a)
+	'&lea	($h,"($h,$a3)");'.	# h+=Maj(a,b,c)
+	'&mov	($a4,$e)',		# copy of f in future
+
+	'($a2,$a3) = ($a3,$a2); unshift(@ROT,pop(@ROT)); $i++;'
+	);
+	# and at the finish one has to $a+=$a1
+}
+
+$code.=<<___;
+.type	${func}_avx2,\@function,6
+.align	64
+${func}_avx2:
+.cfi_startproc
+.Lavx2_shortcut:
+	mov	`($win64?56:8)`(%rsp),$in0	# load 7th parameter
+	mov	%rsp,%rax		# copy %rsp
+.cfi_def_cfa_register	%rax
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+	sub	\$`2*$SZ*$rounds+8*8+$win64*16*10`,%rsp
+	and	\$-256*$SZ,%rsp		# align stack frame
+	add	\$`2*$SZ*($rounds-8)`,%rsp
+
+	shl	\$6,$len
+	sub	$inp,$out		# re-bias
+	sub	$inp,$in0
+	add	$inp,$len		# end of input
+
+	#mov	$inp,$_inp		# saved later
+	#mov	$out,$_out		# kept in $offload
+	mov	$len,$_end
+	#mov	$key,$_key		# remains resident in $inp register
+	mov	$ivp,$_ivp
+	mov	$ctx,$_ctx
+	mov	$in0,$_in0
+	mov	%rax,$_rsp
+.cfi_cfa_expression	$_rsp,deref,+8
+___
+$code.=<<___ if ($win64);
+	movaps	%xmm6,`$framesz+16*0`(%rsp)
+	movaps	%xmm7,`$framesz+16*1`(%rsp)
+	movaps	%xmm8,`$framesz+16*2`(%rsp)
+	movaps	%xmm9,`$framesz+16*3`(%rsp)
+	movaps	%xmm10,`$framesz+16*4`(%rsp)
+	movaps	%xmm11,`$framesz+16*5`(%rsp)
+	movaps	%xmm12,`$framesz+16*6`(%rsp)
+	movaps	%xmm13,`$framesz+16*7`(%rsp)
+	movaps	%xmm14,`$framesz+16*8`(%rsp)
+	movaps	%xmm15,`$framesz+16*9`(%rsp)
+___
+$code.=<<___;
+.Lprologue_avx2:
+	vzeroall
+
+	mov	$inp,%r13		# borrow $a0
+	vpinsrq	\$1,$out,$offload,$offload
+	lea	0x80($key),$inp		# size optimization, reassign
+	lea	$TABLE+`$SZ*2*$rounds+32`(%rip),%r12	# borrow $a4
+	mov	0xf0-0x80($inp),%r14d	# rounds, borrow $a1
+	mov	$ctx,%r15		# borrow $a2
+	mov	$in0,%rsi		# borrow $a3
+	vmovdqu	($ivp),$iv		# load IV
+	lea	-9(%r14),%r14
+
+	vmovdqa	0x00(%r12,%r14,8),$mask14
+	vmovdqa	0x10(%r12,%r14,8),$mask12
+	vmovdqa	0x20(%r12,%r14,8),$mask10
+
+	sub	\$-16*$SZ,%r13		# inp++, size optimization
+	mov	$SZ*0(%r15),$A
+	lea	(%rsi,%r13),%r12	# borrow $a0
+	mov	$SZ*1(%r15),$B
+	cmp	$len,%r13		# $_end
+	mov	$SZ*2(%r15),$C
+	cmove	%rsp,%r12		# next block or random data
+	mov	$SZ*3(%r15),$D
+	mov	$SZ*4(%r15),$E
+	mov	$SZ*5(%r15),$F
+	mov	$SZ*6(%r15),$G
+	mov	$SZ*7(%r15),$H
+	vmovdqu	0x00-0x80($inp),$roundkey
+___
+					if ($SZ==4) {	# SHA256
+    my @X = map("%ymm$_",(0..3));
+    my ($t0,$t1,$t2,$t3) = map("%ymm$_",(4..7));
+
+$code.=<<___;
+	jmp	.Loop_avx2
+.align	16
+.Loop_avx2:
+	vmovdqa	$TABLE+`$SZ*2*$rounds`(%rip),$t3
+	vmovdqu	-16*$SZ+0(%rsi,%r13),%xmm0
+	vmovdqu	-16*$SZ+16(%rsi,%r13),%xmm1
+	vmovdqu	-16*$SZ+32(%rsi,%r13),%xmm2
+	vmovdqu	-16*$SZ+48(%rsi,%r13),%xmm3
+
+	vinserti128	\$1,(%r12),@X[0],@X[0]
+	vinserti128	\$1,16(%r12),@X[1],@X[1]
+	 vpshufb	$t3,@X[0],@X[0]
+	vinserti128	\$1,32(%r12),@X[2],@X[2]
+	 vpshufb	$t3,@X[1],@X[1]
+	vinserti128	\$1,48(%r12),@X[3],@X[3]
+
+	lea	$TABLE(%rip),$Tbl
+	vpshufb	$t3,@X[2],@X[2]
+	lea	-16*$SZ(%r13),%r13
+	vpaddd	0x00($Tbl),@X[0],$t0
+	vpshufb	$t3,@X[3],@X[3]
+	vpaddd	0x20($Tbl),@X[1],$t1
+	vpaddd	0x40($Tbl),@X[2],$t2
+	vpaddd	0x60($Tbl),@X[3],$t3
+	vmovdqa	$t0,0x00(%rsp)
+	xor	$a1,$a1
+	vmovdqa	$t1,0x20(%rsp)
+	lea	-$PUSH8(%rsp),%rsp
+	mov	$B,$a3
+	vmovdqa	$t2,0x00(%rsp)
+	xor	$C,$a3			# magic
+	vmovdqa	$t3,0x20(%rsp)
+	mov	$F,$a4
+	sub	\$-16*2*$SZ,$Tbl	# size optimization
+	jmp	.Lavx2_00_47
+
+.align	16
+.Lavx2_00_47:
+	vmovdqu	(%r13),$inout
+	vpinsrq	\$0,%r13,$offload,$offload
+___
+
+sub AVX2_256_00_47 () {
+my $j = shift;
+my $body = shift;
+my @X = @_;
+my @insns = (&$body,&$body,&$body,&$body);	# 96 instructions
+my $base = "+2*$PUSH8(%rsp)";
+
+	&lea	("%rsp","-$PUSH8(%rsp)")	if (($j%2)==0);
+	foreach (Xupdate_256_AVX()) {		# 29 instructions
+	    eval;
+	    eval(shift(@insns));
+	    eval(shift(@insns));
+	    eval(shift(@insns));
+	}
+	&vpaddd		($t2,@X[0],16*2*$j."($Tbl)");
+	  foreach (@insns) { eval; }		# remaining instructions
+	&vmovdqa	((32*$j)%$PUSH8."(%rsp)",$t2);
+}
+    $aesni_cbc_idx=0;
+    for ($i=0,$j=0; $j<4; $j++) {
+	&AVX2_256_00_47($j,\&bodyx_00_15,@X);
+	push(@X,shift(@X));			# rotate(@X)
+    }
+	&vmovq		("%r13",$offload);	# borrow $a0
+	&vpextrq	("%r15",$offload,1);	# borrow $a2
+	&vpand		($temp,$temp,$mask14);
+	&vpor		($iv,$iv,$temp);
+	&vmovdqu	("(%r15,%r13)",$iv);	# write output
+	&lea		("%r13","16(%r13)");	# inp++
+
+	&lea	($Tbl,16*2*$SZ."($Tbl)");
+	&cmpb	(($SZ-1)."($Tbl)",0);
+	&jne	(".Lavx2_00_47");
+
+	&vmovdqu	($inout,"(%r13)");
+	&vpinsrq	($offload,$offload,"%r13",0);
+
+    $aesni_cbc_idx=0;
+    for ($i=0; $i<16; ) {
+	my $base=$i<8?"+$PUSH8(%rsp)":"(%rsp)";
+	foreach(bodyx_00_15()) { eval; }
+    }
+					}
+$code.=<<___;
+	vpextrq	\$1,$offload,%r12		# $_out, borrow $a4
+	vmovq	$offload,%r13			# $_inp, borrow $a0
+	mov	`2*$SZ*$rounds+5*8`(%rsp),%r15	# $_ctx, borrow $a2
+	add	$a1,$A
+	lea	`2*$SZ*($rounds-8)`(%rsp),$Tbl
+
+	vpand	$mask14,$temp,$temp
+	vpor	$temp,$iv,$iv
+	vmovdqu	$iv,(%r12,%r13)			# write output
+	lea	16(%r13),%r13
+
+	add	$SZ*0(%r15),$A
+	add	$SZ*1(%r15),$B
+	add	$SZ*2(%r15),$C
+	add	$SZ*3(%r15),$D
+	add	$SZ*4(%r15),$E
+	add	$SZ*5(%r15),$F
+	add	$SZ*6(%r15),$G
+	add	$SZ*7(%r15),$H
+
+	mov	$A,$SZ*0(%r15)
+	mov	$B,$SZ*1(%r15)
+	mov	$C,$SZ*2(%r15)
+	mov	$D,$SZ*3(%r15)
+	mov	$E,$SZ*4(%r15)
+	mov	$F,$SZ*5(%r15)
+	mov	$G,$SZ*6(%r15)
+	mov	$H,$SZ*7(%r15)
+
+	cmp	`$PUSH8+2*8`($Tbl),%r13		# $_end
+	je	.Ldone_avx2
+
+	xor	$a1,$a1
+	mov	$B,$a3
+	mov	$F,$a4
+	xor	$C,$a3			# magic
+	jmp	.Lower_avx2
+.align	16
+.Lower_avx2:
+	vmovdqu	(%r13),$inout
+	vpinsrq	\$0,%r13,$offload,$offload
+___
+    $aesni_cbc_idx=0;
+    for ($i=0; $i<16; ) {
+	my $base="+16($Tbl)";
+	foreach(bodyx_00_15()) { eval; }
+	&lea	($Tbl,"-$PUSH8($Tbl)")	if ($i==8);
+    }
+$code.=<<___;
+	vmovq	$offload,%r13			# borrow $a0
+	vpextrq	\$1,$offload,%r15		# borrow $a2
+	vpand	$mask14,$temp,$temp
+	vpor	$temp,$iv,$iv
+	lea	-$PUSH8($Tbl),$Tbl
+	vmovdqu	$iv,(%r15,%r13)			# write output
+	lea	16(%r13),%r13			# inp++
+	cmp	%rsp,$Tbl
+	jae	.Lower_avx2
+
+	mov	`2*$SZ*$rounds+5*8`(%rsp),%r15	# $_ctx, borrow $a2
+	lea	16*$SZ(%r13),%r13
+	mov	`2*$SZ*$rounds+6*8`(%rsp),%rsi	# $_in0, borrow $a3
+	add	$a1,$A
+	lea	`2*$SZ*($rounds-8)`(%rsp),%rsp
+
+	add	$SZ*0(%r15),$A
+	add	$SZ*1(%r15),$B
+	add	$SZ*2(%r15),$C
+	add	$SZ*3(%r15),$D
+	add	$SZ*4(%r15),$E
+	add	$SZ*5(%r15),$F
+	add	$SZ*6(%r15),$G
+	lea	(%rsi,%r13),%r12
+	add	$SZ*7(%r15),$H
+
+	cmp	$_end,%r13
+
+	mov	$A,$SZ*0(%r15)
+	cmove	%rsp,%r12		# next block or stale data
+	mov	$B,$SZ*1(%r15)
+	mov	$C,$SZ*2(%r15)
+	mov	$D,$SZ*3(%r15)
+	mov	$E,$SZ*4(%r15)
+	mov	$F,$SZ*5(%r15)
+	mov	$G,$SZ*6(%r15)
+	mov	$H,$SZ*7(%r15)
+
+	jbe	.Loop_avx2
+	lea	(%rsp),$Tbl
+
+.Ldone_avx2:
+	lea	($Tbl),%rsp
+	mov	$_ivp,$ivp
+	mov	$_rsp,%rsi
+.cfi_def_cfa	%rsi,8
+	vmovdqu	$iv,($ivp)		# output IV
+	vzeroall
+___
+$code.=<<___ if ($win64);
+	movaps	`$framesz+16*0`(%rsp),%xmm6
+	movaps	`$framesz+16*1`(%rsp),%xmm7
+	movaps	`$framesz+16*2`(%rsp),%xmm8
+	movaps	`$framesz+16*3`(%rsp),%xmm9
+	movaps	`$framesz+16*4`(%rsp),%xmm10
+	movaps	`$framesz+16*5`(%rsp),%xmm11
+	movaps	`$framesz+16*6`(%rsp),%xmm12
+	movaps	`$framesz+16*7`(%rsp),%xmm13
+	movaps	`$framesz+16*8`(%rsp),%xmm14
+	movaps	`$framesz+16*9`(%rsp),%xmm15
+___
+$code.=<<___;
+	mov	-48(%rsi),%r15
+.cfi_restore	%r15
+	mov	-40(%rsi),%r14
+.cfi_restore	%r14
+	mov	-32(%rsi),%r13
+.cfi_restore	%r13
+	mov	-24(%rsi),%r12
+.cfi_restore	%r12
+	mov	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lepilogue_avx2:
+	ret
+.cfi_endproc
+.size	${func}_avx2,.-${func}_avx2
+___
+}}
+}}
+{{
+my ($in0,$out,$len,$key,$ivp,$ctx,$inp)=("%rdi","%rsi","%rdx","%rcx","%r8","%r9","%r10");
+
+my ($rounds,$Tbl)=("%r11d","%rbx");
+
+my ($iv,$in,$rndkey0)=map("%xmm$_",(6,14,15));
+my @rndkey=("%xmm4","%xmm5");
+my $r=0;
+my $sn=0;
+
+my ($Wi,$ABEF,$CDGH,$TMP,$BSWAP,$ABEF_SAVE,$CDGH_SAVE)=map("%xmm$_",(0..3,7..9));
+my @MSG=map("%xmm$_",(10..13));
+
+my $aesenc=sub {
+  use integer;
+  my ($n,$k)=($r/10,$r%10);
+    if ($k==0) {
+      $code.=<<___;
+	movups		`16*$n`($in0),$in		# load input
+	xorps		$rndkey0,$in
+___
+      $code.=<<___ if ($n);
+	movups		$iv,`16*($n-1)`($out,$in0)	# write output
+___
+      $code.=<<___;
+	xorps		$in,$iv
+	movups		`32+16*$k-112`($key),$rndkey[1]
+	aesenc		$rndkey[0],$iv
+___
+    } elsif ($k==9) {
+      $sn++;
+      $code.=<<___;
+	cmp		\$11,$rounds
+	jb		.Laesenclast$sn
+	movups		`32+16*($k+0)-112`($key),$rndkey[1]
+	aesenc		$rndkey[0],$iv
+	movups		`32+16*($k+1)-112`($key),$rndkey[0]
+	aesenc		$rndkey[1],$iv
+	je		.Laesenclast$sn
+	movups		`32+16*($k+2)-112`($key),$rndkey[1]
+	aesenc		$rndkey[0],$iv
+	movups		`32+16*($k+3)-112`($key),$rndkey[0]
+	aesenc		$rndkey[1],$iv
+.Laesenclast$sn:
+	aesenclast	$rndkey[0],$iv
+	movups		16-112($key),$rndkey[1]		# forward reference
+	nop
+___
+    } else {
+      $code.=<<___;
+	movups		`32+16*$k-112`($key),$rndkey[1]
+	aesenc		$rndkey[0],$iv
+___
+    }
+    $r++;	unshift(@rndkey,pop(@rndkey));
+};
+
+if ($shaext) {
+my $Tbl="%rax";
+
+$code.=<<___;
+.type	${func}_shaext,\@function,6
+.align	32
+${func}_shaext:
+	mov	`($win64?56:8)`(%rsp),$inp	# load 7th argument
+___
+$code.=<<___ if ($win64);
+	lea	`-8-10*16`(%rsp),%rsp
+	movaps	%xmm6,-8-10*16(%rax)
+	movaps	%xmm7,-8-9*16(%rax)
+	movaps	%xmm8,-8-8*16(%rax)
+	movaps	%xmm9,-8-7*16(%rax)
+	movaps	%xmm10,-8-6*16(%rax)
+	movaps	%xmm11,-8-5*16(%rax)
+	movaps	%xmm12,-8-4*16(%rax)
+	movaps	%xmm13,-8-3*16(%rax)
+	movaps	%xmm14,-8-2*16(%rax)
+	movaps	%xmm15,-8-1*16(%rax)
+.Lprologue_shaext:
+___
+$code.=<<___;
+	lea		K256+0x80(%rip),$Tbl
+	movdqu		($ctx),$ABEF		# DCBA
+	movdqu		16($ctx),$CDGH		# HGFE
+	movdqa		0x200-0x80($Tbl),$TMP	# byte swap mask
+
+	mov		240($key),$rounds
+	sub		$in0,$out
+	movups		($key),$rndkey0		# $key[0]
+	movups		($ivp),$iv		# load IV
+	movups		16($key),$rndkey[0]	# forward reference
+	lea		112($key),$key		# size optimization
+
+	pshufd		\$0x1b,$ABEF,$Wi	# ABCD
+	pshufd		\$0xb1,$ABEF,$ABEF	# CDAB
+	pshufd		\$0x1b,$CDGH,$CDGH	# EFGH
+	movdqa		$TMP,$BSWAP		# offload
+	palignr		\$8,$CDGH,$ABEF		# ABEF
+	punpcklqdq	$Wi,$CDGH		# CDGH
+
+	jmp	.Loop_shaext
+
+.align	16
+.Loop_shaext:
+	movdqu		($inp),@MSG[0]
+	movdqu		0x10($inp),@MSG[1]
+	movdqu		0x20($inp),@MSG[2]
+	pshufb		$TMP,@MSG[0]
+	movdqu		0x30($inp),@MSG[3]
+
+	movdqa		0*32-0x80($Tbl),$Wi
+	paddd		@MSG[0],$Wi
+	pshufb		$TMP,@MSG[1]
+	movdqa		$CDGH,$CDGH_SAVE	# offload
+	movdqa		$ABEF,$ABEF_SAVE	# offload
+___
+	&$aesenc();
+$code.=<<___;
+	sha256rnds2	$ABEF,$CDGH		# 0-3
+	pshufd		\$0x0e,$Wi,$Wi
+___
+	&$aesenc();
+$code.=<<___;
+	sha256rnds2	$CDGH,$ABEF
+
+	movdqa		1*32-0x80($Tbl),$Wi
+	paddd		@MSG[1],$Wi
+	pshufb		$TMP,@MSG[2]
+	lea		0x40($inp),$inp
+___
+	&$aesenc();
+$code.=<<___;
+	sha256rnds2	$ABEF,$CDGH		# 4-7
+	pshufd		\$0x0e,$Wi,$Wi
+___
+	&$aesenc();
+$code.=<<___;
+	sha256rnds2	$CDGH,$ABEF
+
+	movdqa		2*32-0x80($Tbl),$Wi
+	paddd		@MSG[2],$Wi
+	pshufb		$TMP,@MSG[3]
+	sha256msg1	@MSG[1],@MSG[0]
+___
+	&$aesenc();
+$code.=<<___;
+	sha256rnds2	$ABEF,$CDGH		# 8-11
+	pshufd		\$0x0e,$Wi,$Wi
+	movdqa		@MSG[3],$TMP
+	palignr		\$4,@MSG[2],$TMP
+	paddd		$TMP,@MSG[0]
+___
+	&$aesenc();
+$code.=<<___;
+	sha256rnds2	$CDGH,$ABEF
+
+	movdqa		3*32-0x80($Tbl),$Wi
+	paddd		@MSG[3],$Wi
+	sha256msg2	@MSG[3],@MSG[0]
+	sha256msg1	@MSG[2],@MSG[1]
+___
+	&$aesenc();
+$code.=<<___;
+	sha256rnds2	$ABEF,$CDGH		# 12-15
+	pshufd		\$0x0e,$Wi,$Wi
+___
+	&$aesenc();
+$code.=<<___;
+	movdqa		@MSG[0],$TMP
+	palignr		\$4,@MSG[3],$TMP
+	paddd		$TMP,@MSG[1]
+	sha256rnds2	$CDGH,$ABEF
+___
+for($i=4;$i<16-3;$i++) {
+	&$aesenc()	if (($r%10)==0);
+$code.=<<___;
+	movdqa		$i*32-0x80($Tbl),$Wi
+	paddd		@MSG[0],$Wi
+	sha256msg2	@MSG[0],@MSG[1]
+	sha256msg1	@MSG[3],@MSG[2]
+___
+	&$aesenc();
+$code.=<<___;
+	sha256rnds2	$ABEF,$CDGH		# 16-19...
+	pshufd		\$0x0e,$Wi,$Wi
+	movdqa		@MSG[1],$TMP
+	palignr		\$4,@MSG[0],$TMP
+	paddd		$TMP,@MSG[2]
+___
+	&$aesenc();
+	&$aesenc()	if ($r==19);
+$code.=<<___;
+	sha256rnds2	$CDGH,$ABEF
+___
+	push(@MSG,shift(@MSG));
+}
+$code.=<<___;
+	movdqa		13*32-0x80($Tbl),$Wi
+	paddd		@MSG[0],$Wi
+	sha256msg2	@MSG[0],@MSG[1]
+	sha256msg1	@MSG[3],@MSG[2]
+___
+	&$aesenc();
+$code.=<<___;
+	sha256rnds2	$ABEF,$CDGH		# 52-55
+	pshufd		\$0x0e,$Wi,$Wi
+	movdqa		@MSG[1],$TMP
+	palignr		\$4,@MSG[0],$TMP
+	paddd		$TMP,@MSG[2]
+___
+	&$aesenc();
+	&$aesenc();
+$code.=<<___;
+	sha256rnds2	$CDGH,$ABEF
+
+	movdqa		14*32-0x80($Tbl),$Wi
+	paddd		@MSG[1],$Wi
+	sha256msg2	@MSG[1],@MSG[2]
+	movdqa		$BSWAP,$TMP
+___
+	&$aesenc();
+$code.=<<___;
+	sha256rnds2	$ABEF,$CDGH		# 56-59
+	pshufd		\$0x0e,$Wi,$Wi
+___
+	&$aesenc();
+$code.=<<___;
+	sha256rnds2	$CDGH,$ABEF
+
+	movdqa		15*32-0x80($Tbl),$Wi
+	paddd		@MSG[2],$Wi
+___
+	&$aesenc();
+	&$aesenc();
+$code.=<<___;
+	sha256rnds2	$ABEF,$CDGH		# 60-63
+	pshufd		\$0x0e,$Wi,$Wi
+___
+	&$aesenc();
+$code.=<<___;
+	sha256rnds2	$CDGH,$ABEF
+	#pxor		$CDGH,$rndkey0		# black magic
+___
+	while ($r<40)	{ &$aesenc(); }		# remaining aesenc's
+$code.=<<___;
+	#xorps		$CDGH,$rndkey0		# black magic
+	paddd		$CDGH_SAVE,$CDGH
+	paddd		$ABEF_SAVE,$ABEF
+
+	dec		$len
+	movups		$iv,48($out,$in0)	# write output
+	lea		64($in0),$in0
+	jnz		.Loop_shaext
+
+	pshufd		\$0xb1,$CDGH,$CDGH	# DCHG
+	pshufd		\$0x1b,$ABEF,$TMP	# FEBA
+	pshufd		\$0xb1,$ABEF,$ABEF	# BAFE
+	punpckhqdq	$CDGH,$ABEF		# DCBA
+	palignr		\$8,$TMP,$CDGH		# HGFE
+
+	movups		$iv,($ivp)		# write IV
+	movdqu		$ABEF,($ctx)
+	movdqu		$CDGH,16($ctx)
+___
+$code.=<<___ if ($win64);
+	movaps	0*16(%rsp),%xmm6
+	movaps	1*16(%rsp),%xmm7
+	movaps	2*16(%rsp),%xmm8
+	movaps	3*16(%rsp),%xmm9
+	movaps	4*16(%rsp),%xmm10
+	movaps	5*16(%rsp),%xmm11
+	movaps	6*16(%rsp),%xmm12
+	movaps	7*16(%rsp),%xmm13
+	movaps	8*16(%rsp),%xmm14
+	movaps	9*16(%rsp),%xmm15
+	lea	8+10*16(%rsp),%rsp
+.Lepilogue_shaext:
+___
+$code.=<<___;
+	ret
+.size	${func}_shaext,.-${func}_shaext
+___
+}
+}}}}}
+
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64 && $avx) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern	__imp_RtlVirtualUnwind
+.type	se_handler,\@abi-omnipotent
+.align	16
+se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HanderlData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# prologue label
+	cmp	%r10,%rbx		# context->Rip<prologue label
+	jb	.Lin_prologue
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lin_prologue
+___
+$code.=<<___ if ($shaext);
+	lea	aesni_cbc_sha256_enc_shaext(%rip),%r10
+	cmp	%r10,%rbx
+	jb	.Lnot_in_shaext
+
+	lea	(%rax),%rsi
+	lea	512($context),%rdi	# &context.Xmm6
+	mov	\$20,%ecx
+	.long	0xa548f3fc		# cld; rep movsq
+	lea	168(%rax),%rax		# adjust stack pointer
+	jmp	.Lin_prologue
+.Lnot_in_shaext:
+___
+$code.=<<___ if ($avx>1);
+	lea	.Lavx2_shortcut(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip<avx2_shortcut
+	jb	.Lnot_in_avx2
+
+	and	\$-256*$SZ,%rax
+	add	\$`2*$SZ*($rounds-8)`,%rax
+.Lnot_in_avx2:
+___
+$code.=<<___;
+	mov	%rax,%rsi		# put aside Rsp
+	mov	16*$SZ+7*8(%rax),%rax	# pull $_rsp
+
+	mov	-8(%rax),%rbx
+	mov	-16(%rax),%rbp
+	mov	-24(%rax),%r12
+	mov	-32(%rax),%r13
+	mov	-40(%rax),%r14
+	mov	-48(%rax),%r15
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+	mov	%r14,232($context)	# restore context->R14
+	mov	%r15,240($context)	# restore context->R15
+
+	lea	16*$SZ+8*8(%rsi),%rsi	# Xmm6- save area
+	lea	512($context),%rdi	# &context.Xmm6
+	mov	\$20,%ecx
+	.long	0xa548f3fc		# cld; rep movsq
+
+.Lin_prologue:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$154,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	se_handler,.-se_handler
+
+.section	.pdata
+	.rva	.LSEH_begin_${func}_xop
+	.rva	.LSEH_end_${func}_xop
+	.rva	.LSEH_info_${func}_xop
+
+	.rva	.LSEH_begin_${func}_avx
+	.rva	.LSEH_end_${func}_avx
+	.rva	.LSEH_info_${func}_avx
+___
+$code.=<<___ if ($avx>1);
+	.rva	.LSEH_begin_${func}_avx2
+	.rva	.LSEH_end_${func}_avx2
+	.rva	.LSEH_info_${func}_avx2
+___
+$code.=<<___ if ($shaext);
+	.rva	.LSEH_begin_${func}_shaext
+	.rva	.LSEH_end_${func}_shaext
+	.rva	.LSEH_info_${func}_shaext
+___
+$code.=<<___;
+.section	.xdata
+.align	8
+.LSEH_info_${func}_xop:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lprologue_xop,.Lepilogue_xop		# HandlerData[]
+
+.LSEH_info_${func}_avx:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lprologue_avx,.Lepilogue_avx		# HandlerData[]
+___
+$code.=<<___ if ($avx>1);
+.LSEH_info_${func}_avx2:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lprologue_avx2,.Lepilogue_avx2		# HandlerData[]
+___
+$code.=<<___ if ($shaext);
+.LSEH_info_${func}_shaext:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lprologue_shaext,.Lepilogue_shaext	# HandlerData[]
+___
+}
+
+####################################################################
+sub rex {
+  local *opcode=shift;
+  my ($dst,$src)=@_;
+  my $rex=0;
+
+    $rex|=0x04			if($dst>=8);
+    $rex|=0x01			if($src>=8);
+    unshift @opcode,$rex|0x40	if($rex);
+}
+
+{
+  my %opcodelet = (
+		"sha256rnds2" => 0xcb,
+  		"sha256msg1"  => 0xcc,
+		"sha256msg2"  => 0xcd	);
+
+  sub sha256op38 {
+    my $instr = shift;
+
+    if (defined($opcodelet{$instr}) && @_[0] =~ /%xmm([0-9]+),\s*%xmm([0-9]+)/) {
+      my @opcode=(0x0f,0x38);
+	rex(\@opcode,$2,$1);
+	push @opcode,$opcodelet{$instr};
+	push @opcode,0xc0|($1&7)|(($2&7)<<3);		# ModR/M
+	return ".byte\t".join(',',@opcode);
+    } else {
+	return $instr."\t".@_[0];
+    }
+  }
+}
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+$code =~ s/\b(sha256[^\s]*)\s+(.*)/sha256op38($1,$2)/gem;
+print $code;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aesni-x86.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aesni-x86.pl
new file mode 100644
index 000000000..b351fca28
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aesni-x86.pl
@@ -0,0 +1,3415 @@
+#! /usr/bin/env perl
+# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# This module implements support for Intel AES-NI extension. In
+# OpenSSL context it's used with Intel engine, but can also be used as
+# drop-in replacement for crypto/aes/asm/aes-586.pl [see below for
+# details].
+#
+# Performance.
+#
+# To start with see corresponding paragraph in aesni-x86_64.pl...
+# Instead of filling table similar to one found there I've chosen to
+# summarize *comparison* results for raw ECB, CTR and CBC benchmarks.
+# The simplified table below represents 32-bit performance relative
+# to 64-bit one in every given point. Ratios vary for different
+# encryption modes, therefore interval values.
+#
+#	16-byte     64-byte     256-byte    1-KB        8-KB
+#	53-67%      67-84%      91-94%      95-98%      97-99.5%
+#
+# Lower ratios for smaller block sizes are perfectly understandable,
+# because function call overhead is higher in 32-bit mode. Largest
+# 8-KB block performance is virtually same: 32-bit code is less than
+# 1% slower for ECB, CBC and CCM, and ~3% slower otherwise.
+
+# January 2011
+#
+# See aesni-x86_64.pl for details. Unlike x86_64 version this module
+# interleaves at most 6 aes[enc|dec] instructions, because there are
+# not enough registers for 8x interleave [which should be optimal for
+# Sandy Bridge]. Actually, performance results for 6x interleave
+# factor presented in aesni-x86_64.pl (except for CTR) are for this
+# module.
+
+# April 2011
+#
+# Add aesni_xts_[en|de]crypt. Westmere spends 1.50 cycles processing
+# one byte out of 8KB with 128-bit key, Sandy Bridge - 1.09.
+
+# November 2015
+#
+# Add aesni_ocb_[en|de]crypt.
+
+######################################################################
+# Current large-block performance in cycles per byte processed with
+# 128-bit key (less is better).
+#
+#		CBC en-/decrypt	CTR	XTS	ECB	OCB
+# Westmere	3.77/1.37	1.37	1.52	1.27
+# * Bridge	5.07/0.98	0.99	1.09	0.91	1.10
+# Haswell	4.44/0.80	0.97	1.03	0.72	0.76
+# Skylake	2.68/0.65	0.65	0.66	0.64	0.66
+# Silvermont	5.77/3.56	3.67	4.03	3.46	4.03
+# Goldmont	3.84/1.39	1.39	1.63	1.31	1.70
+# Bulldozer	5.80/0.98	1.05	1.24	0.93	1.23
+
+$PREFIX="aesni";	# if $PREFIX is set to "AES", the script
+			# generates drop-in replacement for
+			# crypto/aes/asm/aes-586.pl:-)
+$inline=1;		# inline _aesni_[en|de]crypt
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+
+$output = pop;
+open OUT,">$output";
+*STDOUT=*OUT;
+
+&asm_init($ARGV[0]);
+
+&external_label("OPENSSL_ia32cap_P");
+&static_label("key_const");
+
+if ($PREFIX eq "aesni")	{ $movekey=\&movups; }
+else			{ $movekey=\&movups; }
+
+$len="eax";
+$rounds="ecx";
+$key="edx";
+$inp="esi";
+$out="edi";
+$rounds_="ebx";	# backup copy for $rounds
+$key_="ebp";	# backup copy for $key
+
+$rndkey0="xmm0";
+$rndkey1="xmm1";
+$inout0="xmm2";
+$inout1="xmm3";
+$inout2="xmm4";
+$inout3="xmm5";	$in1="xmm5";
+$inout4="xmm6";	$in0="xmm6";
+$inout5="xmm7";	$ivec="xmm7";
+
+# AESNI extension
+sub aeskeygenassist
+{ my($dst,$src,$imm)=@_;
+    if ("$dst:$src" =~ /xmm([0-7]):xmm([0-7])/)
+    {	&data_byte(0x66,0x0f,0x3a,0xdf,0xc0|($1<<3)|$2,$imm);	}
+}
+sub aescommon
+{ my($opcodelet,$dst,$src)=@_;
+    if ("$dst:$src" =~ /xmm([0-7]):xmm([0-7])/)
+    {	&data_byte(0x66,0x0f,0x38,$opcodelet,0xc0|($1<<3)|$2);}
+}
+sub aesimc	{ aescommon(0xdb,@_); }
+sub aesenc	{ aescommon(0xdc,@_); }
+sub aesenclast	{ aescommon(0xdd,@_); }
+sub aesdec	{ aescommon(0xde,@_); }
+sub aesdeclast	{ aescommon(0xdf,@_); }
+
+# Inline version of internal aesni_[en|de]crypt1
+{ my $sn;
+sub aesni_inline_generate1
+{ my ($p,$inout,$ivec)=@_; $inout=$inout0 if (!defined($inout));
+  $sn++;
+
+    &$movekey		($rndkey0,&QWP(0,$key));
+    &$movekey		($rndkey1,&QWP(16,$key));
+    &xorps		($ivec,$rndkey0)	if (defined($ivec));
+    &lea		($key,&DWP(32,$key));
+    &xorps		($inout,$ivec)		if (defined($ivec));
+    &xorps		($inout,$rndkey0)	if (!defined($ivec));
+    &set_label("${p}1_loop_$sn");
+	eval"&aes${p}	($inout,$rndkey1)";
+	&dec		($rounds);
+	&$movekey	($rndkey1,&QWP(0,$key));
+	&lea		($key,&DWP(16,$key));
+    &jnz		(&label("${p}1_loop_$sn"));
+    eval"&aes${p}last	($inout,$rndkey1)";
+}}
+
+sub aesni_generate1	# fully unrolled loop
+{ my ($p,$inout)=@_; $inout=$inout0 if (!defined($inout));
+
+    &function_begin_B("_aesni_${p}rypt1");
+	&movups		($rndkey0,&QWP(0,$key));
+	&$movekey	($rndkey1,&QWP(0x10,$key));
+	&xorps		($inout,$rndkey0);
+	&$movekey	($rndkey0,&QWP(0x20,$key));
+	&lea		($key,&DWP(0x30,$key));
+	&cmp		($rounds,11);
+	&jb		(&label("${p}128"));
+	&lea		($key,&DWP(0x20,$key));
+	&je		(&label("${p}192"));
+	&lea		($key,&DWP(0x20,$key));
+	eval"&aes${p}	($inout,$rndkey1)";
+	&$movekey	($rndkey1,&QWP(-0x40,$key));
+	eval"&aes${p}	($inout,$rndkey0)";
+	&$movekey	($rndkey0,&QWP(-0x30,$key));
+    &set_label("${p}192");
+	eval"&aes${p}	($inout,$rndkey1)";
+	&$movekey	($rndkey1,&QWP(-0x20,$key));
+	eval"&aes${p}	($inout,$rndkey0)";
+	&$movekey	($rndkey0,&QWP(-0x10,$key));
+    &set_label("${p}128");
+	eval"&aes${p}	($inout,$rndkey1)";
+	&$movekey	($rndkey1,&QWP(0,$key));
+	eval"&aes${p}	($inout,$rndkey0)";
+	&$movekey	($rndkey0,&QWP(0x10,$key));
+	eval"&aes${p}	($inout,$rndkey1)";
+	&$movekey	($rndkey1,&QWP(0x20,$key));
+	eval"&aes${p}	($inout,$rndkey0)";
+	&$movekey	($rndkey0,&QWP(0x30,$key));
+	eval"&aes${p}	($inout,$rndkey1)";
+	&$movekey	($rndkey1,&QWP(0x40,$key));
+	eval"&aes${p}	($inout,$rndkey0)";
+	&$movekey	($rndkey0,&QWP(0x50,$key));
+	eval"&aes${p}	($inout,$rndkey1)";
+	&$movekey	($rndkey1,&QWP(0x60,$key));
+	eval"&aes${p}	($inout,$rndkey0)";
+	&$movekey	($rndkey0,&QWP(0x70,$key));
+	eval"&aes${p}	($inout,$rndkey1)";
+    eval"&aes${p}last	($inout,$rndkey0)";
+    &ret();
+    &function_end_B("_aesni_${p}rypt1");
+}
+
+# void $PREFIX_encrypt (const void *inp,void *out,const AES_KEY *key);
+&aesni_generate1("enc") if (!$inline);
+&function_begin_B("${PREFIX}_encrypt");
+	&mov	("eax",&wparam(0));
+	&mov	($key,&wparam(2));
+	&movups	($inout0,&QWP(0,"eax"));
+	&mov	($rounds,&DWP(240,$key));
+	&mov	("eax",&wparam(1));
+	if ($inline)
+	{   &aesni_inline_generate1("enc");	}
+	else
+	{   &call	("_aesni_encrypt1");	}
+	&pxor	($rndkey0,$rndkey0);		# clear register bank
+	&pxor	($rndkey1,$rndkey1);
+	&movups	(&QWP(0,"eax"),$inout0);
+	&pxor	($inout0,$inout0);
+	&ret	();
+&function_end_B("${PREFIX}_encrypt");
+
+# void $PREFIX_decrypt (const void *inp,void *out,const AES_KEY *key);
+&aesni_generate1("dec") if(!$inline);
+&function_begin_B("${PREFIX}_decrypt");
+	&mov	("eax",&wparam(0));
+	&mov	($key,&wparam(2));
+	&movups	($inout0,&QWP(0,"eax"));
+	&mov	($rounds,&DWP(240,$key));
+	&mov	("eax",&wparam(1));
+	if ($inline)
+	{   &aesni_inline_generate1("dec");	}
+	else
+	{   &call	("_aesni_decrypt1");	}
+	&pxor	($rndkey0,$rndkey0);		# clear register bank
+	&pxor	($rndkey1,$rndkey1);
+	&movups	(&QWP(0,"eax"),$inout0);
+	&pxor	($inout0,$inout0);
+	&ret	();
+&function_end_B("${PREFIX}_decrypt");
+
+# _aesni_[en|de]cryptN are private interfaces, N denotes interleave
+# factor. Why 3x subroutine were originally used in loops? Even though
+# aes[enc|dec] latency was originally 6, it could be scheduled only
+# every *2nd* cycle. Thus 3x interleave was the one providing optimal
+# utilization, i.e. when subroutine's throughput is virtually same as
+# of non-interleaved subroutine [for number of input blocks up to 3].
+# This is why it originally made no sense to implement 2x subroutine.
+# But times change and it became appropriate to spend extra 192 bytes
+# on 2x subroutine on Atom Silvermont account. For processors that
+# can schedule aes[enc|dec] every cycle optimal interleave factor
+# equals to corresponding instructions latency. 8x is optimal for
+# * Bridge, but it's unfeasible to accommodate such implementation
+# in XMM registers addressable in 32-bit mode and therefore maximum
+# of 6x is used instead...
+
+sub aesni_generate2
+{ my $p=shift;
+
+    &function_begin_B("_aesni_${p}rypt2");
+	&$movekey	($rndkey0,&QWP(0,$key));
+	&shl		($rounds,4);
+	&$movekey	($rndkey1,&QWP(16,$key));
+	&xorps		($inout0,$rndkey0);
+	&pxor		($inout1,$rndkey0);
+	&$movekey	($rndkey0,&QWP(32,$key));
+	&lea		($key,&DWP(32,$key,$rounds));
+	&neg		($rounds);
+	&add		($rounds,16);
+
+    &set_label("${p}2_loop");
+	eval"&aes${p}	($inout0,$rndkey1)";
+	eval"&aes${p}	($inout1,$rndkey1)";
+	&$movekey	($rndkey1,&QWP(0,$key,$rounds));
+	&add		($rounds,32);
+	eval"&aes${p}	($inout0,$rndkey0)";
+	eval"&aes${p}	($inout1,$rndkey0)";
+	&$movekey	($rndkey0,&QWP(-16,$key,$rounds));
+	&jnz		(&label("${p}2_loop"));
+    eval"&aes${p}	($inout0,$rndkey1)";
+    eval"&aes${p}	($inout1,$rndkey1)";
+    eval"&aes${p}last	($inout0,$rndkey0)";
+    eval"&aes${p}last	($inout1,$rndkey0)";
+    &ret();
+    &function_end_B("_aesni_${p}rypt2");
+}
+
+sub aesni_generate3
+{ my $p=shift;
+
+    &function_begin_B("_aesni_${p}rypt3");
+	&$movekey	($rndkey0,&QWP(0,$key));
+	&shl		($rounds,4);
+	&$movekey	($rndkey1,&QWP(16,$key));
+	&xorps		($inout0,$rndkey0);
+	&pxor		($inout1,$rndkey0);
+	&pxor		($inout2,$rndkey0);
+	&$movekey	($rndkey0,&QWP(32,$key));
+	&lea		($key,&DWP(32,$key,$rounds));
+	&neg		($rounds);
+	&add		($rounds,16);
+
+    &set_label("${p}3_loop");
+	eval"&aes${p}	($inout0,$rndkey1)";
+	eval"&aes${p}	($inout1,$rndkey1)";
+	eval"&aes${p}	($inout2,$rndkey1)";
+	&$movekey	($rndkey1,&QWP(0,$key,$rounds));
+	&add		($rounds,32);
+	eval"&aes${p}	($inout0,$rndkey0)";
+	eval"&aes${p}	($inout1,$rndkey0)";
+	eval"&aes${p}	($inout2,$rndkey0)";
+	&$movekey	($rndkey0,&QWP(-16,$key,$rounds));
+	&jnz		(&label("${p}3_loop"));
+    eval"&aes${p}	($inout0,$rndkey1)";
+    eval"&aes${p}	($inout1,$rndkey1)";
+    eval"&aes${p}	($inout2,$rndkey1)";
+    eval"&aes${p}last	($inout0,$rndkey0)";
+    eval"&aes${p}last	($inout1,$rndkey0)";
+    eval"&aes${p}last	($inout2,$rndkey0)";
+    &ret();
+    &function_end_B("_aesni_${p}rypt3");
+}
+
+# 4x interleave is implemented to improve small block performance,
+# most notably [and naturally] 4 block by ~30%. One can argue that one
+# should have implemented 5x as well, but improvement  would be <20%,
+# so it's not worth it...
+sub aesni_generate4
+{ my $p=shift;
+
+    &function_begin_B("_aesni_${p}rypt4");
+	&$movekey	($rndkey0,&QWP(0,$key));
+	&$movekey	($rndkey1,&QWP(16,$key));
+	&shl		($rounds,4);
+	&xorps		($inout0,$rndkey0);
+	&pxor		($inout1,$rndkey0);
+	&pxor		($inout2,$rndkey0);
+	&pxor		($inout3,$rndkey0);
+	&$movekey	($rndkey0,&QWP(32,$key));
+	&lea		($key,&DWP(32,$key,$rounds));
+	&neg		($rounds);
+	&data_byte	(0x0f,0x1f,0x40,0x00);
+	&add		($rounds,16);
+
+    &set_label("${p}4_loop");
+	eval"&aes${p}	($inout0,$rndkey1)";
+	eval"&aes${p}	($inout1,$rndkey1)";
+	eval"&aes${p}	($inout2,$rndkey1)";
+	eval"&aes${p}	($inout3,$rndkey1)";
+	&$movekey	($rndkey1,&QWP(0,$key,$rounds));
+	&add		($rounds,32);
+	eval"&aes${p}	($inout0,$rndkey0)";
+	eval"&aes${p}	($inout1,$rndkey0)";
+	eval"&aes${p}	($inout2,$rndkey0)";
+	eval"&aes${p}	($inout3,$rndkey0)";
+	&$movekey	($rndkey0,&QWP(-16,$key,$rounds));
+    &jnz		(&label("${p}4_loop"));
+
+    eval"&aes${p}	($inout0,$rndkey1)";
+    eval"&aes${p}	($inout1,$rndkey1)";
+    eval"&aes${p}	($inout2,$rndkey1)";
+    eval"&aes${p}	($inout3,$rndkey1)";
+    eval"&aes${p}last	($inout0,$rndkey0)";
+    eval"&aes${p}last	($inout1,$rndkey0)";
+    eval"&aes${p}last	($inout2,$rndkey0)";
+    eval"&aes${p}last	($inout3,$rndkey0)";
+    &ret();
+    &function_end_B("_aesni_${p}rypt4");
+}
+
+sub aesni_generate6
+{ my $p=shift;
+
+    &function_begin_B("_aesni_${p}rypt6");
+    &static_label("_aesni_${p}rypt6_enter");
+	&$movekey	($rndkey0,&QWP(0,$key));
+	&shl		($rounds,4);
+	&$movekey	($rndkey1,&QWP(16,$key));
+	&xorps		($inout0,$rndkey0);
+	&pxor		($inout1,$rndkey0);	# pxor does better here
+	&pxor		($inout2,$rndkey0);
+	eval"&aes${p}	($inout0,$rndkey1)";
+	&pxor		($inout3,$rndkey0);
+	&pxor		($inout4,$rndkey0);
+	eval"&aes${p}	($inout1,$rndkey1)";
+	&lea		($key,&DWP(32,$key,$rounds));
+	&neg		($rounds);
+	eval"&aes${p}	($inout2,$rndkey1)";
+	&pxor		($inout5,$rndkey0);
+	&$movekey	($rndkey0,&QWP(0,$key,$rounds));
+	&add		($rounds,16);
+	&jmp		(&label("_aesni_${p}rypt6_inner"));
+
+    &set_label("${p}6_loop",16);
+	eval"&aes${p}	($inout0,$rndkey1)";
+	eval"&aes${p}	($inout1,$rndkey1)";
+	eval"&aes${p}	($inout2,$rndkey1)";
+    &set_label("_aesni_${p}rypt6_inner");
+	eval"&aes${p}	($inout3,$rndkey1)";
+	eval"&aes${p}	($inout4,$rndkey1)";
+	eval"&aes${p}	($inout5,$rndkey1)";
+    &set_label("_aesni_${p}rypt6_enter");
+	&$movekey	($rndkey1,&QWP(0,$key,$rounds));
+	&add		($rounds,32);
+	eval"&aes${p}	($inout0,$rndkey0)";
+	eval"&aes${p}	($inout1,$rndkey0)";
+	eval"&aes${p}	($inout2,$rndkey0)";
+	eval"&aes${p}	($inout3,$rndkey0)";
+	eval"&aes${p}	($inout4,$rndkey0)";
+	eval"&aes${p}	($inout5,$rndkey0)";
+	&$movekey	($rndkey0,&QWP(-16,$key,$rounds));
+    &jnz		(&label("${p}6_loop"));
+
+    eval"&aes${p}	($inout0,$rndkey1)";
+    eval"&aes${p}	($inout1,$rndkey1)";
+    eval"&aes${p}	($inout2,$rndkey1)";
+    eval"&aes${p}	($inout3,$rndkey1)";
+    eval"&aes${p}	($inout4,$rndkey1)";
+    eval"&aes${p}	($inout5,$rndkey1)";
+    eval"&aes${p}last	($inout0,$rndkey0)";
+    eval"&aes${p}last	($inout1,$rndkey0)";
+    eval"&aes${p}last	($inout2,$rndkey0)";
+    eval"&aes${p}last	($inout3,$rndkey0)";
+    eval"&aes${p}last	($inout4,$rndkey0)";
+    eval"&aes${p}last	($inout5,$rndkey0)";
+    &ret();
+    &function_end_B("_aesni_${p}rypt6");
+}
+&aesni_generate2("enc") if ($PREFIX eq "aesni");
+&aesni_generate2("dec");
+&aesni_generate3("enc") if ($PREFIX eq "aesni");
+&aesni_generate3("dec");
+&aesni_generate4("enc") if ($PREFIX eq "aesni");
+&aesni_generate4("dec");
+&aesni_generate6("enc") if ($PREFIX eq "aesni");
+&aesni_generate6("dec");
+
+if ($PREFIX eq "aesni") {
+######################################################################
+# void aesni_ecb_encrypt (const void *in, void *out,
+#                         size_t length, const AES_KEY *key,
+#                         int enc);
+&function_begin("aesni_ecb_encrypt");
+	&mov	($inp,&wparam(0));
+	&mov	($out,&wparam(1));
+	&mov	($len,&wparam(2));
+	&mov	($key,&wparam(3));
+	&mov	($rounds_,&wparam(4));
+	&and	($len,-16);
+	&jz	(&label("ecb_ret"));
+	&mov	($rounds,&DWP(240,$key));
+	&test	($rounds_,$rounds_);
+	&jz	(&label("ecb_decrypt"));
+
+	&mov	($key_,$key);		# backup $key
+	&mov	($rounds_,$rounds);	# backup $rounds
+	&cmp	($len,0x60);
+	&jb	(&label("ecb_enc_tail"));
+
+	&movdqu	($inout0,&QWP(0,$inp));
+	&movdqu	($inout1,&QWP(0x10,$inp));
+	&movdqu	($inout2,&QWP(0x20,$inp));
+	&movdqu	($inout3,&QWP(0x30,$inp));
+	&movdqu	($inout4,&QWP(0x40,$inp));
+	&movdqu	($inout5,&QWP(0x50,$inp));
+	&lea	($inp,&DWP(0x60,$inp));
+	&sub	($len,0x60);
+	&jmp	(&label("ecb_enc_loop6_enter"));
+
+&set_label("ecb_enc_loop6",16);
+	&movups	(&QWP(0,$out),$inout0);
+	&movdqu	($inout0,&QWP(0,$inp));
+	&movups	(&QWP(0x10,$out),$inout1);
+	&movdqu	($inout1,&QWP(0x10,$inp));
+	&movups	(&QWP(0x20,$out),$inout2);
+	&movdqu	($inout2,&QWP(0x20,$inp));
+	&movups	(&QWP(0x30,$out),$inout3);
+	&movdqu	($inout3,&QWP(0x30,$inp));
+	&movups	(&QWP(0x40,$out),$inout4);
+	&movdqu	($inout4,&QWP(0x40,$inp));
+	&movups	(&QWP(0x50,$out),$inout5);
+	&lea	($out,&DWP(0x60,$out));
+	&movdqu	($inout5,&QWP(0x50,$inp));
+	&lea	($inp,&DWP(0x60,$inp));
+&set_label("ecb_enc_loop6_enter");
+
+	&call	("_aesni_encrypt6");
+
+	&mov	($key,$key_);		# restore $key
+	&mov	($rounds,$rounds_);	# restore $rounds
+	&sub	($len,0x60);
+	&jnc	(&label("ecb_enc_loop6"));
+
+	&movups	(&QWP(0,$out),$inout0);
+	&movups	(&QWP(0x10,$out),$inout1);
+	&movups	(&QWP(0x20,$out),$inout2);
+	&movups	(&QWP(0x30,$out),$inout3);
+	&movups	(&QWP(0x40,$out),$inout4);
+	&movups	(&QWP(0x50,$out),$inout5);
+	&lea	($out,&DWP(0x60,$out));
+	&add	($len,0x60);
+	&jz	(&label("ecb_ret"));
+
+&set_label("ecb_enc_tail");
+	&movups	($inout0,&QWP(0,$inp));
+	&cmp	($len,0x20);
+	&jb	(&label("ecb_enc_one"));
+	&movups	($inout1,&QWP(0x10,$inp));
+	&je	(&label("ecb_enc_two"));
+	&movups	($inout2,&QWP(0x20,$inp));
+	&cmp	($len,0x40);
+	&jb	(&label("ecb_enc_three"));
+	&movups	($inout3,&QWP(0x30,$inp));
+	&je	(&label("ecb_enc_four"));
+	&movups	($inout4,&QWP(0x40,$inp));
+	&xorps	($inout5,$inout5);
+	&call	("_aesni_encrypt6");
+	&movups	(&QWP(0,$out),$inout0);
+	&movups	(&QWP(0x10,$out),$inout1);
+	&movups	(&QWP(0x20,$out),$inout2);
+	&movups	(&QWP(0x30,$out),$inout3);
+	&movups	(&QWP(0x40,$out),$inout4);
+	jmp	(&label("ecb_ret"));
+
+&set_label("ecb_enc_one",16);
+	if ($inline)
+	{   &aesni_inline_generate1("enc");	}
+	else
+	{   &call	("_aesni_encrypt1");	}
+	&movups	(&QWP(0,$out),$inout0);
+	&jmp	(&label("ecb_ret"));
+
+&set_label("ecb_enc_two",16);
+	&call	("_aesni_encrypt2");
+	&movups	(&QWP(0,$out),$inout0);
+	&movups	(&QWP(0x10,$out),$inout1);
+	&jmp	(&label("ecb_ret"));
+
+&set_label("ecb_enc_three",16);
+	&call	("_aesni_encrypt3");
+	&movups	(&QWP(0,$out),$inout0);
+	&movups	(&QWP(0x10,$out),$inout1);
+	&movups	(&QWP(0x20,$out),$inout2);
+	&jmp	(&label("ecb_ret"));
+
+&set_label("ecb_enc_four",16);
+	&call	("_aesni_encrypt4");
+	&movups	(&QWP(0,$out),$inout0);
+	&movups	(&QWP(0x10,$out),$inout1);
+	&movups	(&QWP(0x20,$out),$inout2);
+	&movups	(&QWP(0x30,$out),$inout3);
+	&jmp	(&label("ecb_ret"));
+######################################################################
+&set_label("ecb_decrypt",16);
+	&mov	($key_,$key);		# backup $key
+	&mov	($rounds_,$rounds);	# backup $rounds
+	&cmp	($len,0x60);
+	&jb	(&label("ecb_dec_tail"));
+
+	&movdqu	($inout0,&QWP(0,$inp));
+	&movdqu	($inout1,&QWP(0x10,$inp));
+	&movdqu	($inout2,&QWP(0x20,$inp));
+	&movdqu	($inout3,&QWP(0x30,$inp));
+	&movdqu	($inout4,&QWP(0x40,$inp));
+	&movdqu	($inout5,&QWP(0x50,$inp));
+	&lea	($inp,&DWP(0x60,$inp));
+	&sub	($len,0x60);
+	&jmp	(&label("ecb_dec_loop6_enter"));
+
+&set_label("ecb_dec_loop6",16);
+	&movups	(&QWP(0,$out),$inout0);
+	&movdqu	($inout0,&QWP(0,$inp));
+	&movups	(&QWP(0x10,$out),$inout1);
+	&movdqu	($inout1,&QWP(0x10,$inp));
+	&movups	(&QWP(0x20,$out),$inout2);
+	&movdqu	($inout2,&QWP(0x20,$inp));
+	&movups	(&QWP(0x30,$out),$inout3);
+	&movdqu	($inout3,&QWP(0x30,$inp));
+	&movups	(&QWP(0x40,$out),$inout4);
+	&movdqu	($inout4,&QWP(0x40,$inp));
+	&movups	(&QWP(0x50,$out),$inout5);
+	&lea	($out,&DWP(0x60,$out));
+	&movdqu	($inout5,&QWP(0x50,$inp));
+	&lea	($inp,&DWP(0x60,$inp));
+&set_label("ecb_dec_loop6_enter");
+
+	&call	("_aesni_decrypt6");
+
+	&mov	($key,$key_);		# restore $key
+	&mov	($rounds,$rounds_);	# restore $rounds
+	&sub	($len,0x60);
+	&jnc	(&label("ecb_dec_loop6"));
+
+	&movups	(&QWP(0,$out),$inout0);
+	&movups	(&QWP(0x10,$out),$inout1);
+	&movups	(&QWP(0x20,$out),$inout2);
+	&movups	(&QWP(0x30,$out),$inout3);
+	&movups	(&QWP(0x40,$out),$inout4);
+	&movups	(&QWP(0x50,$out),$inout5);
+	&lea	($out,&DWP(0x60,$out));
+	&add	($len,0x60);
+	&jz	(&label("ecb_ret"));
+
+&set_label("ecb_dec_tail");
+	&movups	($inout0,&QWP(0,$inp));
+	&cmp	($len,0x20);
+	&jb	(&label("ecb_dec_one"));
+	&movups	($inout1,&QWP(0x10,$inp));
+	&je	(&label("ecb_dec_two"));
+	&movups	($inout2,&QWP(0x20,$inp));
+	&cmp	($len,0x40);
+	&jb	(&label("ecb_dec_three"));
+	&movups	($inout3,&QWP(0x30,$inp));
+	&je	(&label("ecb_dec_four"));
+	&movups	($inout4,&QWP(0x40,$inp));
+	&xorps	($inout5,$inout5);
+	&call	("_aesni_decrypt6");
+	&movups	(&QWP(0,$out),$inout0);
+	&movups	(&QWP(0x10,$out),$inout1);
+	&movups	(&QWP(0x20,$out),$inout2);
+	&movups	(&QWP(0x30,$out),$inout3);
+	&movups	(&QWP(0x40,$out),$inout4);
+	&jmp	(&label("ecb_ret"));
+
+&set_label("ecb_dec_one",16);
+	if ($inline)
+	{   &aesni_inline_generate1("dec");	}
+	else
+	{   &call	("_aesni_decrypt1");	}
+	&movups	(&QWP(0,$out),$inout0);
+	&jmp	(&label("ecb_ret"));
+
+&set_label("ecb_dec_two",16);
+	&call	("_aesni_decrypt2");
+	&movups	(&QWP(0,$out),$inout0);
+	&movups	(&QWP(0x10,$out),$inout1);
+	&jmp	(&label("ecb_ret"));
+
+&set_label("ecb_dec_three",16);
+	&call	("_aesni_decrypt3");
+	&movups	(&QWP(0,$out),$inout0);
+	&movups	(&QWP(0x10,$out),$inout1);
+	&movups	(&QWP(0x20,$out),$inout2);
+	&jmp	(&label("ecb_ret"));
+
+&set_label("ecb_dec_four",16);
+	&call	("_aesni_decrypt4");
+	&movups	(&QWP(0,$out),$inout0);
+	&movups	(&QWP(0x10,$out),$inout1);
+	&movups	(&QWP(0x20,$out),$inout2);
+	&movups	(&QWP(0x30,$out),$inout3);
+
+&set_label("ecb_ret");
+	&pxor	("xmm0","xmm0");		# clear register bank
+	&pxor	("xmm1","xmm1");
+	&pxor	("xmm2","xmm2");
+	&pxor	("xmm3","xmm3");
+	&pxor	("xmm4","xmm4");
+	&pxor	("xmm5","xmm5");
+	&pxor	("xmm6","xmm6");
+	&pxor	("xmm7","xmm7");
+&function_end("aesni_ecb_encrypt");
+
+######################################################################
+# void aesni_ccm64_[en|de]crypt_blocks (const void *in, void *out,
+#                         size_t blocks, const AES_KEY *key,
+#                         const char *ivec,char *cmac);
+#
+# Handles only complete blocks, operates on 64-bit counter and
+# does not update *ivec! Nor does it finalize CMAC value
+# (see engine/eng_aesni.c for details)
+#
+{ my $cmac=$inout1;
+&function_begin("aesni_ccm64_encrypt_blocks");
+	&mov	($inp,&wparam(0));
+	&mov	($out,&wparam(1));
+	&mov	($len,&wparam(2));
+	&mov	($key,&wparam(3));
+	&mov	($rounds_,&wparam(4));
+	&mov	($rounds,&wparam(5));
+	&mov	($key_,"esp");
+	&sub	("esp",60);
+	&and	("esp",-16);			# align stack
+	&mov	(&DWP(48,"esp"),$key_);
+
+	&movdqu	($ivec,&QWP(0,$rounds_));	# load ivec
+	&movdqu	($cmac,&QWP(0,$rounds));	# load cmac
+	&mov	($rounds,&DWP(240,$key));
+
+	# compose byte-swap control mask for pshufb on stack
+	&mov	(&DWP(0,"esp"),0x0c0d0e0f);
+	&mov	(&DWP(4,"esp"),0x08090a0b);
+	&mov	(&DWP(8,"esp"),0x04050607);
+	&mov	(&DWP(12,"esp"),0x00010203);
+
+	# compose counter increment vector on stack
+	&mov	($rounds_,1);
+	&xor	($key_,$key_);
+	&mov	(&DWP(16,"esp"),$rounds_);
+	&mov	(&DWP(20,"esp"),$key_);
+	&mov	(&DWP(24,"esp"),$key_);
+	&mov	(&DWP(28,"esp"),$key_);
+
+	&shl	($rounds,4);
+	&mov	($rounds_,16);
+	&lea	($key_,&DWP(0,$key));
+	&movdqa	($inout3,&QWP(0,"esp"));
+	&movdqa	($inout0,$ivec);
+	&lea	($key,&DWP(32,$key,$rounds));
+	&sub	($rounds_,$rounds);
+	&pshufb	($ivec,$inout3);
+
+&set_label("ccm64_enc_outer");
+	&$movekey	($rndkey0,&QWP(0,$key_));
+	&mov		($rounds,$rounds_);
+	&movups		($in0,&QWP(0,$inp));
+
+	&xorps		($inout0,$rndkey0);
+	&$movekey	($rndkey1,&QWP(16,$key_));
+	&xorps		($rndkey0,$in0);
+	&xorps		($cmac,$rndkey0);		# cmac^=inp
+	&$movekey	($rndkey0,&QWP(32,$key_));
+
+&set_label("ccm64_enc2_loop");
+	&aesenc		($inout0,$rndkey1);
+	&aesenc		($cmac,$rndkey1);
+	&$movekey	($rndkey1,&QWP(0,$key,$rounds));
+	&add		($rounds,32);
+	&aesenc		($inout0,$rndkey0);
+	&aesenc		($cmac,$rndkey0);
+	&$movekey	($rndkey0,&QWP(-16,$key,$rounds));
+	&jnz		(&label("ccm64_enc2_loop"));
+	&aesenc		($inout0,$rndkey1);
+	&aesenc		($cmac,$rndkey1);
+	&paddq		($ivec,&QWP(16,"esp"));
+	&dec		($len);
+	&aesenclast	($inout0,$rndkey0);
+	&aesenclast	($cmac,$rndkey0);
+
+	&lea	($inp,&DWP(16,$inp));
+	&xorps	($in0,$inout0);			# inp^=E(ivec)
+	&movdqa	($inout0,$ivec);
+	&movups	(&QWP(0,$out),$in0);		# save output
+	&pshufb	($inout0,$inout3);
+	&lea	($out,&DWP(16,$out));
+	&jnz	(&label("ccm64_enc_outer"));
+
+	&mov	("esp",&DWP(48,"esp"));
+	&mov	($out,&wparam(5));
+	&movups	(&QWP(0,$out),$cmac);
+
+	&pxor	("xmm0","xmm0");		# clear register bank
+	&pxor	("xmm1","xmm1");
+	&pxor	("xmm2","xmm2");
+	&pxor	("xmm3","xmm3");
+	&pxor	("xmm4","xmm4");
+	&pxor	("xmm5","xmm5");
+	&pxor	("xmm6","xmm6");
+	&pxor	("xmm7","xmm7");
+&function_end("aesni_ccm64_encrypt_blocks");
+
+&function_begin("aesni_ccm64_decrypt_blocks");
+	&mov	($inp,&wparam(0));
+	&mov	($out,&wparam(1));
+	&mov	($len,&wparam(2));
+	&mov	($key,&wparam(3));
+	&mov	($rounds_,&wparam(4));
+	&mov	($rounds,&wparam(5));
+	&mov	($key_,"esp");
+	&sub	("esp",60);
+	&and	("esp",-16);			# align stack
+	&mov	(&DWP(48,"esp"),$key_);
+
+	&movdqu	($ivec,&QWP(0,$rounds_));	# load ivec
+	&movdqu	($cmac,&QWP(0,$rounds));	# load cmac
+	&mov	($rounds,&DWP(240,$key));
+
+	# compose byte-swap control mask for pshufb on stack
+	&mov	(&DWP(0,"esp"),0x0c0d0e0f);
+	&mov	(&DWP(4,"esp"),0x08090a0b);
+	&mov	(&DWP(8,"esp"),0x04050607);
+	&mov	(&DWP(12,"esp"),0x00010203);
+
+	# compose counter increment vector on stack
+	&mov	($rounds_,1);
+	&xor	($key_,$key_);
+	&mov	(&DWP(16,"esp"),$rounds_);
+	&mov	(&DWP(20,"esp"),$key_);
+	&mov	(&DWP(24,"esp"),$key_);
+	&mov	(&DWP(28,"esp"),$key_);
+
+	&movdqa	($inout3,&QWP(0,"esp"));	# bswap mask
+	&movdqa	($inout0,$ivec);
+
+	&mov	($key_,$key);
+	&mov	($rounds_,$rounds);
+
+	&pshufb	($ivec,$inout3);
+	if ($inline)
+	{   &aesni_inline_generate1("enc");	}
+	else
+	{   &call	("_aesni_encrypt1");	}
+	&shl	($rounds_,4);
+	&mov	($rounds,16);
+	&movups	($in0,&QWP(0,$inp));		# load inp
+	&paddq	($ivec,&QWP(16,"esp"));
+	&lea	($inp,&QWP(16,$inp));
+	&sub	($rounds,$rounds_);
+	&lea	($key,&DWP(32,$key_,$rounds_));
+	&mov	($rounds_,$rounds);
+	&jmp	(&label("ccm64_dec_outer"));
+
+&set_label("ccm64_dec_outer",16);
+	&xorps	($in0,$inout0);			# inp ^= E(ivec)
+	&movdqa	($inout0,$ivec);
+	&movups	(&QWP(0,$out),$in0);		# save output
+	&lea	($out,&DWP(16,$out));
+	&pshufb	($inout0,$inout3);
+
+	&sub	($len,1);
+	&jz	(&label("ccm64_dec_break"));
+
+	&$movekey	($rndkey0,&QWP(0,$key_));
+	&mov		($rounds,$rounds_);
+	&$movekey	($rndkey1,&QWP(16,$key_));
+	&xorps		($in0,$rndkey0);
+	&xorps		($inout0,$rndkey0);
+	&xorps		($cmac,$in0);		# cmac^=out
+	&$movekey	($rndkey0,&QWP(32,$key_));
+
+&set_label("ccm64_dec2_loop");
+	&aesenc		($inout0,$rndkey1);
+	&aesenc		($cmac,$rndkey1);
+	&$movekey	($rndkey1,&QWP(0,$key,$rounds));
+	&add		($rounds,32);
+	&aesenc		($inout0,$rndkey0);
+	&aesenc		($cmac,$rndkey0);
+	&$movekey	($rndkey0,&QWP(-16,$key,$rounds));
+	&jnz		(&label("ccm64_dec2_loop"));
+	&movups		($in0,&QWP(0,$inp));	# load inp
+	&paddq		($ivec,&QWP(16,"esp"));
+	&aesenc		($inout0,$rndkey1);
+	&aesenc		($cmac,$rndkey1);
+	&aesenclast	($inout0,$rndkey0);
+	&aesenclast	($cmac,$rndkey0);
+	&lea		($inp,&QWP(16,$inp));
+	&jmp	(&label("ccm64_dec_outer"));
+
+&set_label("ccm64_dec_break",16);
+	&mov	($rounds,&DWP(240,$key_));
+	&mov	($key,$key_);
+	if ($inline)
+	{   &aesni_inline_generate1("enc",$cmac,$in0);	}
+	else
+	{   &call	("_aesni_encrypt1",$cmac);	}
+
+	&mov	("esp",&DWP(48,"esp"));
+	&mov	($out,&wparam(5));
+	&movups	(&QWP(0,$out),$cmac);
+
+	&pxor	("xmm0","xmm0");		# clear register bank
+	&pxor	("xmm1","xmm1");
+	&pxor	("xmm2","xmm2");
+	&pxor	("xmm3","xmm3");
+	&pxor	("xmm4","xmm4");
+	&pxor	("xmm5","xmm5");
+	&pxor	("xmm6","xmm6");
+	&pxor	("xmm7","xmm7");
+&function_end("aesni_ccm64_decrypt_blocks");
+}
+
+######################################################################
+# void aesni_ctr32_encrypt_blocks (const void *in, void *out,
+#                         size_t blocks, const AES_KEY *key,
+#                         const char *ivec);
+#
+# Handles only complete blocks, operates on 32-bit counter and
+# does not update *ivec! (see crypto/modes/ctr128.c for details)
+#
+# stack layout:
+#	0	pshufb mask
+#	16	vector addend: 0,6,6,6
+# 	32	counter-less ivec
+#	48	1st triplet of counter vector
+#	64	2nd triplet of counter vector
+#	80	saved %esp
+
+&function_begin("aesni_ctr32_encrypt_blocks");
+	&mov	($inp,&wparam(0));
+	&mov	($out,&wparam(1));
+	&mov	($len,&wparam(2));
+	&mov	($key,&wparam(3));
+	&mov	($rounds_,&wparam(4));
+	&mov	($key_,"esp");
+	&sub	("esp",88);
+	&and	("esp",-16);			# align stack
+	&mov	(&DWP(80,"esp"),$key_);
+
+	&cmp	($len,1);
+	&je	(&label("ctr32_one_shortcut"));
+
+	&movdqu	($inout5,&QWP(0,$rounds_));	# load ivec
+
+	# compose byte-swap control mask for pshufb on stack
+	&mov	(&DWP(0,"esp"),0x0c0d0e0f);
+	&mov	(&DWP(4,"esp"),0x08090a0b);
+	&mov	(&DWP(8,"esp"),0x04050607);
+	&mov	(&DWP(12,"esp"),0x00010203);
+
+	# compose counter increment vector on stack
+	&mov	($rounds,6);
+	&xor	($key_,$key_);
+	&mov	(&DWP(16,"esp"),$rounds);
+	&mov	(&DWP(20,"esp"),$rounds);
+	&mov	(&DWP(24,"esp"),$rounds);
+	&mov	(&DWP(28,"esp"),$key_);
+
+	&pextrd	($rounds_,$inout5,3);		# pull 32-bit counter
+	&pinsrd	($inout5,$key_,3);		# wipe 32-bit counter
+
+	&mov	($rounds,&DWP(240,$key));	# key->rounds
+
+	# compose 2 vectors of 3x32-bit counters
+	&bswap	($rounds_);
+	&pxor	($rndkey0,$rndkey0);
+	&pxor	($rndkey1,$rndkey1);
+	&movdqa	($inout0,&QWP(0,"esp"));	# load byte-swap mask
+	&pinsrd	($rndkey0,$rounds_,0);
+	&lea	($key_,&DWP(3,$rounds_));
+	&pinsrd	($rndkey1,$key_,0);
+	&inc	($rounds_);
+	&pinsrd	($rndkey0,$rounds_,1);
+	&inc	($key_);
+	&pinsrd	($rndkey1,$key_,1);
+	&inc	($rounds_);
+	&pinsrd	($rndkey0,$rounds_,2);
+	&inc	($key_);
+	&pinsrd	($rndkey1,$key_,2);
+	&movdqa	(&QWP(48,"esp"),$rndkey0);	# save 1st triplet
+	&pshufb	($rndkey0,$inout0);		# byte swap
+	&movdqu	($inout4,&QWP(0,$key));		# key[0]
+	&movdqa	(&QWP(64,"esp"),$rndkey1);	# save 2nd triplet
+	&pshufb	($rndkey1,$inout0);		# byte swap
+
+	&pshufd	($inout0,$rndkey0,3<<6);	# place counter to upper dword
+	&pshufd	($inout1,$rndkey0,2<<6);
+	&cmp	($len,6);
+	&jb	(&label("ctr32_tail"));
+	&pxor	($inout5,$inout4);		# counter-less ivec^key[0]
+	&shl	($rounds,4);
+	&mov	($rounds_,16);
+	&movdqa	(&QWP(32,"esp"),$inout5);	# save counter-less ivec^key[0]
+	&mov	($key_,$key);			# backup $key
+	&sub	($rounds_,$rounds);		# backup twisted $rounds
+	&lea	($key,&DWP(32,$key,$rounds));
+	&sub	($len,6);
+	&jmp	(&label("ctr32_loop6"));
+
+&set_label("ctr32_loop6",16);
+	# inlining _aesni_encrypt6's prologue gives ~6% improvement...
+	&pshufd	($inout2,$rndkey0,1<<6);
+	&movdqa	($rndkey0,&QWP(32,"esp"));	# pull counter-less ivec
+	&pshufd	($inout3,$rndkey1,3<<6);
+	&pxor		($inout0,$rndkey0);	# merge counter-less ivec
+	&pshufd	($inout4,$rndkey1,2<<6);
+	&pxor		($inout1,$rndkey0);
+	&pshufd	($inout5,$rndkey1,1<<6);
+	&$movekey	($rndkey1,&QWP(16,$key_));
+	&pxor		($inout2,$rndkey0);
+	&pxor		($inout3,$rndkey0);
+	&aesenc		($inout0,$rndkey1);
+	&pxor		($inout4,$rndkey0);
+	&pxor		($inout5,$rndkey0);
+	&aesenc		($inout1,$rndkey1);
+	&$movekey	($rndkey0,&QWP(32,$key_));
+	&mov		($rounds,$rounds_);
+	&aesenc		($inout2,$rndkey1);
+	&aesenc		($inout3,$rndkey1);
+	&aesenc		($inout4,$rndkey1);
+	&aesenc		($inout5,$rndkey1);
+
+	&call		(&label("_aesni_encrypt6_enter"));
+
+	&movups	($rndkey1,&QWP(0,$inp));
+	&movups	($rndkey0,&QWP(0x10,$inp));
+	&xorps	($inout0,$rndkey1);
+	&movups	($rndkey1,&QWP(0x20,$inp));
+	&xorps	($inout1,$rndkey0);
+	&movups	(&QWP(0,$out),$inout0);
+	&movdqa	($rndkey0,&QWP(16,"esp"));	# load increment
+	&xorps	($inout2,$rndkey1);
+	&movdqa	($rndkey1,&QWP(64,"esp"));	# load 2nd triplet
+	&movups	(&QWP(0x10,$out),$inout1);
+	&movups	(&QWP(0x20,$out),$inout2);
+
+	&paddd	($rndkey1,$rndkey0);		# 2nd triplet increment
+	&paddd	($rndkey0,&QWP(48,"esp"));	# 1st triplet increment
+	&movdqa	($inout0,&QWP(0,"esp"));	# load byte swap mask
+
+	&movups	($inout1,&QWP(0x30,$inp));
+	&movups	($inout2,&QWP(0x40,$inp));
+	&xorps	($inout3,$inout1);
+	&movups	($inout1,&QWP(0x50,$inp));
+	&lea	($inp,&DWP(0x60,$inp));
+	&movdqa	(&QWP(48,"esp"),$rndkey0);	# save 1st triplet
+	&pshufb	($rndkey0,$inout0);		# byte swap
+	&xorps	($inout4,$inout2);
+	&movups	(&QWP(0x30,$out),$inout3);
+	&xorps	($inout5,$inout1);
+	&movdqa	(&QWP(64,"esp"),$rndkey1);	# save 2nd triplet
+	&pshufb	($rndkey1,$inout0);		# byte swap
+	&movups	(&QWP(0x40,$out),$inout4);
+	&pshufd	($inout0,$rndkey0,3<<6);
+	&movups	(&QWP(0x50,$out),$inout5);
+	&lea	($out,&DWP(0x60,$out));
+
+	&pshufd	($inout1,$rndkey0,2<<6);
+	&sub	($len,6);
+	&jnc	(&label("ctr32_loop6"));
+
+	&add	($len,6);
+	&jz	(&label("ctr32_ret"));
+	&movdqu	($inout5,&QWP(0,$key_));
+	&mov	($key,$key_);
+	&pxor	($inout5,&QWP(32,"esp"));	# restore count-less ivec
+	&mov	($rounds,&DWP(240,$key_));	# restore $rounds
+
+&set_label("ctr32_tail");
+	&por	($inout0,$inout5);
+	&cmp	($len,2);
+	&jb	(&label("ctr32_one"));
+
+	&pshufd	($inout2,$rndkey0,1<<6);
+	&por	($inout1,$inout5);
+	&je	(&label("ctr32_two"));
+
+	&pshufd	($inout3,$rndkey1,3<<6);
+	&por	($inout2,$inout5);
+	&cmp	($len,4);
+	&jb	(&label("ctr32_three"));
+
+	&pshufd	($inout4,$rndkey1,2<<6);
+	&por	($inout3,$inout5);
+	&je	(&label("ctr32_four"));
+
+	&por	($inout4,$inout5);
+	&call	("_aesni_encrypt6");
+	&movups	($rndkey1,&QWP(0,$inp));
+	&movups	($rndkey0,&QWP(0x10,$inp));
+	&xorps	($inout0,$rndkey1);
+	&movups	($rndkey1,&QWP(0x20,$inp));
+	&xorps	($inout1,$rndkey0);
+	&movups	($rndkey0,&QWP(0x30,$inp));
+	&xorps	($inout2,$rndkey1);
+	&movups	($rndkey1,&QWP(0x40,$inp));
+	&xorps	($inout3,$rndkey0);
+	&movups	(&QWP(0,$out),$inout0);
+	&xorps	($inout4,$rndkey1);
+	&movups	(&QWP(0x10,$out),$inout1);
+	&movups	(&QWP(0x20,$out),$inout2);
+	&movups	(&QWP(0x30,$out),$inout3);
+	&movups	(&QWP(0x40,$out),$inout4);
+	&jmp	(&label("ctr32_ret"));
+
+&set_label("ctr32_one_shortcut",16);
+	&movups	($inout0,&QWP(0,$rounds_));	# load ivec
+	&mov	($rounds,&DWP(240,$key));
+
+&set_label("ctr32_one");
+	if ($inline)
+	{   &aesni_inline_generate1("enc");	}
+	else
+	{   &call	("_aesni_encrypt1");	}
+	&movups	($in0,&QWP(0,$inp));
+	&xorps	($in0,$inout0);
+	&movups	(&QWP(0,$out),$in0);
+	&jmp	(&label("ctr32_ret"));
+
+&set_label("ctr32_two",16);
+	&call	("_aesni_encrypt2");
+	&movups	($inout3,&QWP(0,$inp));
+	&movups	($inout4,&QWP(0x10,$inp));
+	&xorps	($inout0,$inout3);
+	&xorps	($inout1,$inout4);
+	&movups	(&QWP(0,$out),$inout0);
+	&movups	(&QWP(0x10,$out),$inout1);
+	&jmp	(&label("ctr32_ret"));
+
+&set_label("ctr32_three",16);
+	&call	("_aesni_encrypt3");
+	&movups	($inout3,&QWP(0,$inp));
+	&movups	($inout4,&QWP(0x10,$inp));
+	&xorps	($inout0,$inout3);
+	&movups	($inout5,&QWP(0x20,$inp));
+	&xorps	($inout1,$inout4);
+	&movups	(&QWP(0,$out),$inout0);
+	&xorps	($inout2,$inout5);
+	&movups	(&QWP(0x10,$out),$inout1);
+	&movups	(&QWP(0x20,$out),$inout2);
+	&jmp	(&label("ctr32_ret"));
+
+&set_label("ctr32_four",16);
+	&call	("_aesni_encrypt4");
+	&movups	($inout4,&QWP(0,$inp));
+	&movups	($inout5,&QWP(0x10,$inp));
+	&movups	($rndkey1,&QWP(0x20,$inp));
+	&xorps	($inout0,$inout4);
+	&movups	($rndkey0,&QWP(0x30,$inp));
+	&xorps	($inout1,$inout5);
+	&movups	(&QWP(0,$out),$inout0);
+	&xorps	($inout2,$rndkey1);
+	&movups	(&QWP(0x10,$out),$inout1);
+	&xorps	($inout3,$rndkey0);
+	&movups	(&QWP(0x20,$out),$inout2);
+	&movups	(&QWP(0x30,$out),$inout3);
+
+&set_label("ctr32_ret");
+	&pxor	("xmm0","xmm0");		# clear register bank
+	&pxor	("xmm1","xmm1");
+	&pxor	("xmm2","xmm2");
+	&pxor	("xmm3","xmm3");
+	&pxor	("xmm4","xmm4");
+	&movdqa	(&QWP(32,"esp"),"xmm0");	# clear stack
+	&pxor	("xmm5","xmm5");
+	&movdqa	(&QWP(48,"esp"),"xmm0");
+	&pxor	("xmm6","xmm6");
+	&movdqa	(&QWP(64,"esp"),"xmm0");
+	&pxor	("xmm7","xmm7");
+	&mov	("esp",&DWP(80,"esp"));
+&function_end("aesni_ctr32_encrypt_blocks");
+
+######################################################################
+# void aesni_xts_[en|de]crypt(const char *inp,char *out,size_t len,
+#	const AES_KEY *key1, const AES_KEY *key2
+#	const unsigned char iv[16]);
+#
+{ my ($tweak,$twtmp,$twres,$twmask)=($rndkey1,$rndkey0,$inout0,$inout1);
+
+&function_begin("aesni_xts_encrypt");
+	&mov	($key,&wparam(4));		# key2
+	&mov	($inp,&wparam(5));		# clear-text tweak
+
+	&mov	($rounds,&DWP(240,$key));	# key2->rounds
+	&movups	($inout0,&QWP(0,$inp));
+	if ($inline)
+	{   &aesni_inline_generate1("enc");	}
+	else
+	{   &call	("_aesni_encrypt1");	}
+
+	&mov	($inp,&wparam(0));
+	&mov	($out,&wparam(1));
+	&mov	($len,&wparam(2));
+	&mov	($key,&wparam(3));		# key1
+
+	&mov	($key_,"esp");
+	&sub	("esp",16*7+8);
+	&mov	($rounds,&DWP(240,$key));	# key1->rounds
+	&and	("esp",-16);			# align stack
+
+	&mov	(&DWP(16*6+0,"esp"),0x87);	# compose the magic constant
+	&mov	(&DWP(16*6+4,"esp"),0);
+	&mov	(&DWP(16*6+8,"esp"),1);
+	&mov	(&DWP(16*6+12,"esp"),0);
+	&mov	(&DWP(16*7+0,"esp"),$len);	# save original $len
+	&mov	(&DWP(16*7+4,"esp"),$key_);	# save original %esp
+
+	&movdqa	($tweak,$inout0);
+	&pxor	($twtmp,$twtmp);
+	&movdqa	($twmask,&QWP(6*16,"esp"));	# 0x0...010...87
+	&pcmpgtd($twtmp,$tweak);		# broadcast upper bits
+
+	&and	($len,-16);
+	&mov	($key_,$key);			# backup $key
+	&mov	($rounds_,$rounds);		# backup $rounds
+	&sub	($len,16*6);
+	&jc	(&label("xts_enc_short"));
+
+	&shl	($rounds,4);
+	&mov	($rounds_,16);
+	&sub	($rounds_,$rounds);
+	&lea	($key,&DWP(32,$key,$rounds));
+	&jmp	(&label("xts_enc_loop6"));
+
+&set_label("xts_enc_loop6",16);
+	for ($i=0;$i<4;$i++) {
+	    &pshufd	($twres,$twtmp,0x13);
+	    &pxor	($twtmp,$twtmp);
+	    &movdqa	(&QWP(16*$i,"esp"),$tweak);
+	    &paddq	($tweak,$tweak);	# &psllq($tweak,1);
+	    &pand	($twres,$twmask);	# isolate carry and residue
+	    &pcmpgtd	($twtmp,$tweak);	# broadcast upper bits
+	    &pxor	($tweak,$twres);
+	}
+	&pshufd	($inout5,$twtmp,0x13);
+	&movdqa	(&QWP(16*$i++,"esp"),$tweak);
+	&paddq	($tweak,$tweak);		# &psllq($tweak,1);
+	 &$movekey	($rndkey0,&QWP(0,$key_));
+	&pand	($inout5,$twmask);		# isolate carry and residue
+	 &movups	($inout0,&QWP(0,$inp));	# load input
+	&pxor	($inout5,$tweak);
+
+	# inline _aesni_encrypt6 prologue and flip xor with tweak and key[0]
+	&mov	($rounds,$rounds_);		# restore $rounds
+	&movdqu	($inout1,&QWP(16*1,$inp));
+	 &xorps		($inout0,$rndkey0);	# input^=rndkey[0]
+	&movdqu	($inout2,&QWP(16*2,$inp));
+	 &pxor		($inout1,$rndkey0);
+	&movdqu	($inout3,&QWP(16*3,$inp));
+	 &pxor		($inout2,$rndkey0);
+	&movdqu	($inout4,&QWP(16*4,$inp));
+	 &pxor		($inout3,$rndkey0);
+	&movdqu	($rndkey1,&QWP(16*5,$inp));
+	 &pxor		($inout4,$rndkey0);
+	&lea	($inp,&DWP(16*6,$inp));
+	&pxor	($inout0,&QWP(16*0,"esp"));	# input^=tweak
+	&movdqa	(&QWP(16*$i,"esp"),$inout5);	# save last tweak
+	&pxor	($inout5,$rndkey1);
+
+	 &$movekey	($rndkey1,&QWP(16,$key_));
+	&pxor	($inout1,&QWP(16*1,"esp"));
+	&pxor	($inout2,&QWP(16*2,"esp"));
+	 &aesenc	($inout0,$rndkey1);
+	&pxor	($inout3,&QWP(16*3,"esp"));
+	&pxor	($inout4,&QWP(16*4,"esp"));
+	 &aesenc	($inout1,$rndkey1);
+	&pxor		($inout5,$rndkey0);
+	 &$movekey	($rndkey0,&QWP(32,$key_));
+	 &aesenc	($inout2,$rndkey1);
+	 &aesenc	($inout3,$rndkey1);
+	 &aesenc	($inout4,$rndkey1);
+	 &aesenc	($inout5,$rndkey1);
+	&call		(&label("_aesni_encrypt6_enter"));
+
+	&movdqa	($tweak,&QWP(16*5,"esp"));	# last tweak
+       &pxor	($twtmp,$twtmp);
+	&xorps	($inout0,&QWP(16*0,"esp"));	# output^=tweak
+       &pcmpgtd	($twtmp,$tweak);		# broadcast upper bits
+	&xorps	($inout1,&QWP(16*1,"esp"));
+	&movups	(&QWP(16*0,$out),$inout0);	# write output
+	&xorps	($inout2,&QWP(16*2,"esp"));
+	&movups	(&QWP(16*1,$out),$inout1);
+	&xorps	($inout3,&QWP(16*3,"esp"));
+	&movups	(&QWP(16*2,$out),$inout2);
+	&xorps	($inout4,&QWP(16*4,"esp"));
+	&movups	(&QWP(16*3,$out),$inout3);
+	&xorps	($inout5,$tweak);
+	&movups	(&QWP(16*4,$out),$inout4);
+       &pshufd	($twres,$twtmp,0x13);
+	&movups	(&QWP(16*5,$out),$inout5);
+	&lea	($out,&DWP(16*6,$out));
+       &movdqa	($twmask,&QWP(16*6,"esp"));	# 0x0...010...87
+
+	&pxor	($twtmp,$twtmp);
+	&paddq	($tweak,$tweak);		# &psllq($tweak,1);
+	&pand	($twres,$twmask);		# isolate carry and residue
+	&pcmpgtd($twtmp,$tweak);		# broadcast upper bits
+	&pxor	($tweak,$twres);
+
+	&sub	($len,16*6);
+	&jnc	(&label("xts_enc_loop6"));
+
+	&mov	($rounds,&DWP(240,$key_));	# restore $rounds
+	&mov	($key,$key_);			# restore $key
+	&mov	($rounds_,$rounds);
+
+&set_label("xts_enc_short");
+	&add	($len,16*6);
+	&jz	(&label("xts_enc_done6x"));
+
+	&movdqa	($inout3,$tweak);		# put aside previous tweak
+	&cmp	($len,0x20);
+	&jb	(&label("xts_enc_one"));
+
+	&pshufd	($twres,$twtmp,0x13);
+	&pxor	($twtmp,$twtmp);
+	&paddq	($tweak,$tweak);		# &psllq($tweak,1);
+	&pand	($twres,$twmask);		# isolate carry and residue
+	&pcmpgtd($twtmp,$tweak);		# broadcast upper bits
+	&pxor	($tweak,$twres);
+	&je	(&label("xts_enc_two"));
+
+	&pshufd	($twres,$twtmp,0x13);
+	&pxor	($twtmp,$twtmp);
+	&movdqa	($inout4,$tweak);		# put aside previous tweak
+	&paddq	($tweak,$tweak);		# &psllq($tweak,1);
+	&pand	($twres,$twmask);		# isolate carry and residue
+	&pcmpgtd($twtmp,$tweak);		# broadcast upper bits
+	&pxor	($tweak,$twres);
+	&cmp	($len,0x40);
+	&jb	(&label("xts_enc_three"));
+
+	&pshufd	($twres,$twtmp,0x13);
+	&pxor	($twtmp,$twtmp);
+	&movdqa	($inout5,$tweak);		# put aside previous tweak
+	&paddq	($tweak,$tweak);		# &psllq($tweak,1);
+	&pand	($twres,$twmask);		# isolate carry and residue
+	&pcmpgtd($twtmp,$tweak);		# broadcast upper bits
+	&pxor	($tweak,$twres);
+	&movdqa	(&QWP(16*0,"esp"),$inout3);
+	&movdqa	(&QWP(16*1,"esp"),$inout4);
+	&je	(&label("xts_enc_four"));
+
+	&movdqa	(&QWP(16*2,"esp"),$inout5);
+	&pshufd	($inout5,$twtmp,0x13);
+	&movdqa	(&QWP(16*3,"esp"),$tweak);
+	&paddq	($tweak,$tweak);		# &psllq($inout0,1);
+	&pand	($inout5,$twmask);		# isolate carry and residue
+	&pxor	($inout5,$tweak);
+
+	&movdqu	($inout0,&QWP(16*0,$inp));	# load input
+	&movdqu	($inout1,&QWP(16*1,$inp));
+	&movdqu	($inout2,&QWP(16*2,$inp));
+	&pxor	($inout0,&QWP(16*0,"esp"));	# input^=tweak
+	&movdqu	($inout3,&QWP(16*3,$inp));
+	&pxor	($inout1,&QWP(16*1,"esp"));
+	&movdqu	($inout4,&QWP(16*4,$inp));
+	&pxor	($inout2,&QWP(16*2,"esp"));
+	&lea	($inp,&DWP(16*5,$inp));
+	&pxor	($inout3,&QWP(16*3,"esp"));
+	&movdqa	(&QWP(16*4,"esp"),$inout5);	# save last tweak
+	&pxor	($inout4,$inout5);
+
+	&call	("_aesni_encrypt6");
+
+	&movaps	($tweak,&QWP(16*4,"esp"));	# last tweak
+	&xorps	($inout0,&QWP(16*0,"esp"));	# output^=tweak
+	&xorps	($inout1,&QWP(16*1,"esp"));
+	&xorps	($inout2,&QWP(16*2,"esp"));
+	&movups	(&QWP(16*0,$out),$inout0);	# write output
+	&xorps	($inout3,&QWP(16*3,"esp"));
+	&movups	(&QWP(16*1,$out),$inout1);
+	&xorps	($inout4,$tweak);
+	&movups	(&QWP(16*2,$out),$inout2);
+	&movups	(&QWP(16*3,$out),$inout3);
+	&movups	(&QWP(16*4,$out),$inout4);
+	&lea	($out,&DWP(16*5,$out));
+	&jmp	(&label("xts_enc_done"));
+
+&set_label("xts_enc_one",16);
+	&movups	($inout0,&QWP(16*0,$inp));	# load input
+	&lea	($inp,&DWP(16*1,$inp));
+	&xorps	($inout0,$inout3);		# input^=tweak
+	if ($inline)
+	{   &aesni_inline_generate1("enc");	}
+	else
+	{   &call	("_aesni_encrypt1");	}
+	&xorps	($inout0,$inout3);		# output^=tweak
+	&movups	(&QWP(16*0,$out),$inout0);	# write output
+	&lea	($out,&DWP(16*1,$out));
+
+	&movdqa	($tweak,$inout3);		# last tweak
+	&jmp	(&label("xts_enc_done"));
+
+&set_label("xts_enc_two",16);
+	&movaps	($inout4,$tweak);		# put aside last tweak
+
+	&movups	($inout0,&QWP(16*0,$inp));	# load input
+	&movups	($inout1,&QWP(16*1,$inp));
+	&lea	($inp,&DWP(16*2,$inp));
+	&xorps	($inout0,$inout3);		# input^=tweak
+	&xorps	($inout1,$inout4);
+
+	&call	("_aesni_encrypt2");
+
+	&xorps	($inout0,$inout3);		# output^=tweak
+	&xorps	($inout1,$inout4);
+	&movups	(&QWP(16*0,$out),$inout0);	# write output
+	&movups	(&QWP(16*1,$out),$inout1);
+	&lea	($out,&DWP(16*2,$out));
+
+	&movdqa	($tweak,$inout4);		# last tweak
+	&jmp	(&label("xts_enc_done"));
+
+&set_label("xts_enc_three",16);
+	&movaps	($inout5,$tweak);		# put aside last tweak
+	&movups	($inout0,&QWP(16*0,$inp));	# load input
+	&movups	($inout1,&QWP(16*1,$inp));
+	&movups	($inout2,&QWP(16*2,$inp));
+	&lea	($inp,&DWP(16*3,$inp));
+	&xorps	($inout0,$inout3);		# input^=tweak
+	&xorps	($inout1,$inout4);
+	&xorps	($inout2,$inout5);
+
+	&call	("_aesni_encrypt3");
+
+	&xorps	($inout0,$inout3);		# output^=tweak
+	&xorps	($inout1,$inout4);
+	&xorps	($inout2,$inout5);
+	&movups	(&QWP(16*0,$out),$inout0);	# write output
+	&movups	(&QWP(16*1,$out),$inout1);
+	&movups	(&QWP(16*2,$out),$inout2);
+	&lea	($out,&DWP(16*3,$out));
+
+	&movdqa	($tweak,$inout5);		# last tweak
+	&jmp	(&label("xts_enc_done"));
+
+&set_label("xts_enc_four",16);
+	&movaps	($inout4,$tweak);		# put aside last tweak
+
+	&movups	($inout0,&QWP(16*0,$inp));	# load input
+	&movups	($inout1,&QWP(16*1,$inp));
+	&movups	($inout2,&QWP(16*2,$inp));
+	&xorps	($inout0,&QWP(16*0,"esp"));	# input^=tweak
+	&movups	($inout3,&QWP(16*3,$inp));
+	&lea	($inp,&DWP(16*4,$inp));
+	&xorps	($inout1,&QWP(16*1,"esp"));
+	&xorps	($inout2,$inout5);
+	&xorps	($inout3,$inout4);
+
+	&call	("_aesni_encrypt4");
+
+	&xorps	($inout0,&QWP(16*0,"esp"));	# output^=tweak
+	&xorps	($inout1,&QWP(16*1,"esp"));
+	&xorps	($inout2,$inout5);
+	&movups	(&QWP(16*0,$out),$inout0);	# write output
+	&xorps	($inout3,$inout4);
+	&movups	(&QWP(16*1,$out),$inout1);
+	&movups	(&QWP(16*2,$out),$inout2);
+	&movups	(&QWP(16*3,$out),$inout3);
+	&lea	($out,&DWP(16*4,$out));
+
+	&movdqa	($tweak,$inout4);		# last tweak
+	&jmp	(&label("xts_enc_done"));
+
+&set_label("xts_enc_done6x",16);		# $tweak is pre-calculated
+	&mov	($len,&DWP(16*7+0,"esp"));	# restore original $len
+	&and	($len,15);
+	&jz	(&label("xts_enc_ret"));
+	&movdqa	($inout3,$tweak);
+	&mov	(&DWP(16*7+0,"esp"),$len);	# save $len%16
+	&jmp	(&label("xts_enc_steal"));
+
+&set_label("xts_enc_done",16);
+	&mov	($len,&DWP(16*7+0,"esp"));	# restore original $len
+	&pxor	($twtmp,$twtmp);
+	&and	($len,15);
+	&jz	(&label("xts_enc_ret"));
+
+	&pcmpgtd($twtmp,$tweak);		# broadcast upper bits
+	&mov	(&DWP(16*7+0,"esp"),$len);	# save $len%16
+	&pshufd	($inout3,$twtmp,0x13);
+	&paddq	($tweak,$tweak);		# &psllq($tweak,1);
+	&pand	($inout3,&QWP(16*6,"esp"));	# isolate carry and residue
+	&pxor	($inout3,$tweak);
+
+&set_label("xts_enc_steal");
+	&movz	($rounds,&BP(0,$inp));
+	&movz	($key,&BP(-16,$out));
+	&lea	($inp,&DWP(1,$inp));
+	&mov	(&BP(-16,$out),&LB($rounds));
+	&mov	(&BP(0,$out),&LB($key));
+	&lea	($out,&DWP(1,$out));
+	&sub	($len,1);
+	&jnz	(&label("xts_enc_steal"));
+
+	&sub	($out,&DWP(16*7+0,"esp"));	# rewind $out
+	&mov	($key,$key_);			# restore $key
+	&mov	($rounds,$rounds_);		# restore $rounds
+
+	&movups	($inout0,&QWP(-16,$out));	# load input
+	&xorps	($inout0,$inout3);		# input^=tweak
+	if ($inline)
+	{   &aesni_inline_generate1("enc");	}
+	else
+	{   &call	("_aesni_encrypt1");	}
+	&xorps	($inout0,$inout3);		# output^=tweak
+	&movups	(&QWP(-16,$out),$inout0);	# write output
+
+&set_label("xts_enc_ret");
+	&pxor	("xmm0","xmm0");		# clear register bank
+	&pxor	("xmm1","xmm1");
+	&pxor	("xmm2","xmm2");
+	&movdqa	(&QWP(16*0,"esp"),"xmm0");	# clear stack
+	&pxor	("xmm3","xmm3");
+	&movdqa	(&QWP(16*1,"esp"),"xmm0");
+	&pxor	("xmm4","xmm4");
+	&movdqa	(&QWP(16*2,"esp"),"xmm0");
+	&pxor	("xmm5","xmm5");
+	&movdqa	(&QWP(16*3,"esp"),"xmm0");
+	&pxor	("xmm6","xmm6");
+	&movdqa	(&QWP(16*4,"esp"),"xmm0");
+	&pxor	("xmm7","xmm7");
+	&movdqa	(&QWP(16*5,"esp"),"xmm0");
+	&mov	("esp",&DWP(16*7+4,"esp"));	# restore %esp
+&function_end("aesni_xts_encrypt");
+
+&function_begin("aesni_xts_decrypt");
+	&mov	($key,&wparam(4));		# key2
+	&mov	($inp,&wparam(5));		# clear-text tweak
+
+	&mov	($rounds,&DWP(240,$key));	# key2->rounds
+	&movups	($inout0,&QWP(0,$inp));
+	if ($inline)
+	{   &aesni_inline_generate1("enc");	}
+	else
+	{   &call	("_aesni_encrypt1");	}
+
+	&mov	($inp,&wparam(0));
+	&mov	($out,&wparam(1));
+	&mov	($len,&wparam(2));
+	&mov	($key,&wparam(3));		# key1
+
+	&mov	($key_,"esp");
+	&sub	("esp",16*7+8);
+	&and	("esp",-16);			# align stack
+
+	&xor	($rounds_,$rounds_);		# if(len%16) len-=16;
+	&test	($len,15);
+	&setnz	(&LB($rounds_));
+	&shl	($rounds_,4);
+	&sub	($len,$rounds_);
+
+	&mov	(&DWP(16*6+0,"esp"),0x87);	# compose the magic constant
+	&mov	(&DWP(16*6+4,"esp"),0);
+	&mov	(&DWP(16*6+8,"esp"),1);
+	&mov	(&DWP(16*6+12,"esp"),0);
+	&mov	(&DWP(16*7+0,"esp"),$len);	# save original $len
+	&mov	(&DWP(16*7+4,"esp"),$key_);	# save original %esp
+
+	&mov	($rounds,&DWP(240,$key));	# key1->rounds
+	&mov	($key_,$key);			# backup $key
+	&mov	($rounds_,$rounds);		# backup $rounds
+
+	&movdqa	($tweak,$inout0);
+	&pxor	($twtmp,$twtmp);
+	&movdqa	($twmask,&QWP(6*16,"esp"));	# 0x0...010...87
+	&pcmpgtd($twtmp,$tweak);		# broadcast upper bits
+
+	&and	($len,-16);
+	&sub	($len,16*6);
+	&jc	(&label("xts_dec_short"));
+
+	&shl	($rounds,4);
+	&mov	($rounds_,16);
+	&sub	($rounds_,$rounds);
+	&lea	($key,&DWP(32,$key,$rounds));
+	&jmp	(&label("xts_dec_loop6"));
+
+&set_label("xts_dec_loop6",16);
+	for ($i=0;$i<4;$i++) {
+	    &pshufd	($twres,$twtmp,0x13);
+	    &pxor	($twtmp,$twtmp);
+	    &movdqa	(&QWP(16*$i,"esp"),$tweak);
+	    &paddq	($tweak,$tweak);	# &psllq($tweak,1);
+	    &pand	($twres,$twmask);	# isolate carry and residue
+	    &pcmpgtd	($twtmp,$tweak);	# broadcast upper bits
+	    &pxor	($tweak,$twres);
+	}
+	&pshufd	($inout5,$twtmp,0x13);
+	&movdqa	(&QWP(16*$i++,"esp"),$tweak);
+	&paddq	($tweak,$tweak);		# &psllq($tweak,1);
+	 &$movekey	($rndkey0,&QWP(0,$key_));
+	&pand	($inout5,$twmask);		# isolate carry and residue
+	 &movups	($inout0,&QWP(0,$inp));	# load input
+	&pxor	($inout5,$tweak);
+
+	# inline _aesni_encrypt6 prologue and flip xor with tweak and key[0]
+	&mov	($rounds,$rounds_);
+	&movdqu	($inout1,&QWP(16*1,$inp));
+	 &xorps		($inout0,$rndkey0);	# input^=rndkey[0]
+	&movdqu	($inout2,&QWP(16*2,$inp));
+	 &pxor		($inout1,$rndkey0);
+	&movdqu	($inout3,&QWP(16*3,$inp));
+	 &pxor		($inout2,$rndkey0);
+	&movdqu	($inout4,&QWP(16*4,$inp));
+	 &pxor		($inout3,$rndkey0);
+	&movdqu	($rndkey1,&QWP(16*5,$inp));
+	 &pxor		($inout4,$rndkey0);
+	&lea	($inp,&DWP(16*6,$inp));
+	&pxor	($inout0,&QWP(16*0,"esp"));	# input^=tweak
+	&movdqa	(&QWP(16*$i,"esp"),$inout5);	# save last tweak
+	&pxor	($inout5,$rndkey1);
+
+	 &$movekey	($rndkey1,&QWP(16,$key_));
+	&pxor	($inout1,&QWP(16*1,"esp"));
+	&pxor	($inout2,&QWP(16*2,"esp"));
+	 &aesdec	($inout0,$rndkey1);
+	&pxor	($inout3,&QWP(16*3,"esp"));
+	&pxor	($inout4,&QWP(16*4,"esp"));
+	 &aesdec	($inout1,$rndkey1);
+	&pxor		($inout5,$rndkey0);
+	 &$movekey	($rndkey0,&QWP(32,$key_));
+	 &aesdec	($inout2,$rndkey1);
+	 &aesdec	($inout3,$rndkey1);
+	 &aesdec	($inout4,$rndkey1);
+	 &aesdec	($inout5,$rndkey1);
+	&call		(&label("_aesni_decrypt6_enter"));
+
+	&movdqa	($tweak,&QWP(16*5,"esp"));	# last tweak
+       &pxor	($twtmp,$twtmp);
+	&xorps	($inout0,&QWP(16*0,"esp"));	# output^=tweak
+       &pcmpgtd	($twtmp,$tweak);		# broadcast upper bits
+	&xorps	($inout1,&QWP(16*1,"esp"));
+	&movups	(&QWP(16*0,$out),$inout0);	# write output
+	&xorps	($inout2,&QWP(16*2,"esp"));
+	&movups	(&QWP(16*1,$out),$inout1);
+	&xorps	($inout3,&QWP(16*3,"esp"));
+	&movups	(&QWP(16*2,$out),$inout2);
+	&xorps	($inout4,&QWP(16*4,"esp"));
+	&movups	(&QWP(16*3,$out),$inout3);
+	&xorps	($inout5,$tweak);
+	&movups	(&QWP(16*4,$out),$inout4);
+       &pshufd	($twres,$twtmp,0x13);
+	&movups	(&QWP(16*5,$out),$inout5);
+	&lea	($out,&DWP(16*6,$out));
+       &movdqa	($twmask,&QWP(16*6,"esp"));	# 0x0...010...87
+
+	&pxor	($twtmp,$twtmp);
+	&paddq	($tweak,$tweak);		# &psllq($tweak,1);
+	&pand	($twres,$twmask);		# isolate carry and residue
+	&pcmpgtd($twtmp,$tweak);		# broadcast upper bits
+	&pxor	($tweak,$twres);
+
+	&sub	($len,16*6);
+	&jnc	(&label("xts_dec_loop6"));
+
+	&mov	($rounds,&DWP(240,$key_));	# restore $rounds
+	&mov	($key,$key_);			# restore $key
+	&mov	($rounds_,$rounds);
+
+&set_label("xts_dec_short");
+	&add	($len,16*6);
+	&jz	(&label("xts_dec_done6x"));
+
+	&movdqa	($inout3,$tweak);		# put aside previous tweak
+	&cmp	($len,0x20);
+	&jb	(&label("xts_dec_one"));
+
+	&pshufd	($twres,$twtmp,0x13);
+	&pxor	($twtmp,$twtmp);
+	&paddq	($tweak,$tweak);		# &psllq($tweak,1);
+	&pand	($twres,$twmask);		# isolate carry and residue
+	&pcmpgtd($twtmp,$tweak);		# broadcast upper bits
+	&pxor	($tweak,$twres);
+	&je	(&label("xts_dec_two"));
+
+	&pshufd	($twres,$twtmp,0x13);
+	&pxor	($twtmp,$twtmp);
+	&movdqa	($inout4,$tweak);		# put aside previous tweak
+	&paddq	($tweak,$tweak);		# &psllq($tweak,1);
+	&pand	($twres,$twmask);		# isolate carry and residue
+	&pcmpgtd($twtmp,$tweak);		# broadcast upper bits
+	&pxor	($tweak,$twres);
+	&cmp	($len,0x40);
+	&jb	(&label("xts_dec_three"));
+
+	&pshufd	($twres,$twtmp,0x13);
+	&pxor	($twtmp,$twtmp);
+	&movdqa	($inout5,$tweak);		# put aside previous tweak
+	&paddq	($tweak,$tweak);		# &psllq($tweak,1);
+	&pand	($twres,$twmask);		# isolate carry and residue
+	&pcmpgtd($twtmp,$tweak);		# broadcast upper bits
+	&pxor	($tweak,$twres);
+	&movdqa	(&QWP(16*0,"esp"),$inout3);
+	&movdqa	(&QWP(16*1,"esp"),$inout4);
+	&je	(&label("xts_dec_four"));
+
+	&movdqa	(&QWP(16*2,"esp"),$inout5);
+	&pshufd	($inout5,$twtmp,0x13);
+	&movdqa	(&QWP(16*3,"esp"),$tweak);
+	&paddq	($tweak,$tweak);		# &psllq($inout0,1);
+	&pand	($inout5,$twmask);		# isolate carry and residue
+	&pxor	($inout5,$tweak);
+
+	&movdqu	($inout0,&QWP(16*0,$inp));	# load input
+	&movdqu	($inout1,&QWP(16*1,$inp));
+	&movdqu	($inout2,&QWP(16*2,$inp));
+	&pxor	($inout0,&QWP(16*0,"esp"));	# input^=tweak
+	&movdqu	($inout3,&QWP(16*3,$inp));
+	&pxor	($inout1,&QWP(16*1,"esp"));
+	&movdqu	($inout4,&QWP(16*4,$inp));
+	&pxor	($inout2,&QWP(16*2,"esp"));
+	&lea	($inp,&DWP(16*5,$inp));
+	&pxor	($inout3,&QWP(16*3,"esp"));
+	&movdqa	(&QWP(16*4,"esp"),$inout5);	# save last tweak
+	&pxor	($inout4,$inout5);
+
+	&call	("_aesni_decrypt6");
+
+	&movaps	($tweak,&QWP(16*4,"esp"));	# last tweak
+	&xorps	($inout0,&QWP(16*0,"esp"));	# output^=tweak
+	&xorps	($inout1,&QWP(16*1,"esp"));
+	&xorps	($inout2,&QWP(16*2,"esp"));
+	&movups	(&QWP(16*0,$out),$inout0);	# write output
+	&xorps	($inout3,&QWP(16*3,"esp"));
+	&movups	(&QWP(16*1,$out),$inout1);
+	&xorps	($inout4,$tweak);
+	&movups	(&QWP(16*2,$out),$inout2);
+	&movups	(&QWP(16*3,$out),$inout3);
+	&movups	(&QWP(16*4,$out),$inout4);
+	&lea	($out,&DWP(16*5,$out));
+	&jmp	(&label("xts_dec_done"));
+
+&set_label("xts_dec_one",16);
+	&movups	($inout0,&QWP(16*0,$inp));	# load input
+	&lea	($inp,&DWP(16*1,$inp));
+	&xorps	($inout0,$inout3);		# input^=tweak
+	if ($inline)
+	{   &aesni_inline_generate1("dec");	}
+	else
+	{   &call	("_aesni_decrypt1");	}
+	&xorps	($inout0,$inout3);		# output^=tweak
+	&movups	(&QWP(16*0,$out),$inout0);	# write output
+	&lea	($out,&DWP(16*1,$out));
+
+	&movdqa	($tweak,$inout3);		# last tweak
+	&jmp	(&label("xts_dec_done"));
+
+&set_label("xts_dec_two",16);
+	&movaps	($inout4,$tweak);		# put aside last tweak
+
+	&movups	($inout0,&QWP(16*0,$inp));	# load input
+	&movups	($inout1,&QWP(16*1,$inp));
+	&lea	($inp,&DWP(16*2,$inp));
+	&xorps	($inout0,$inout3);		# input^=tweak
+	&xorps	($inout1,$inout4);
+
+	&call	("_aesni_decrypt2");
+
+	&xorps	($inout0,$inout3);		# output^=tweak
+	&xorps	($inout1,$inout4);
+	&movups	(&QWP(16*0,$out),$inout0);	# write output
+	&movups	(&QWP(16*1,$out),$inout1);
+	&lea	($out,&DWP(16*2,$out));
+
+	&movdqa	($tweak,$inout4);		# last tweak
+	&jmp	(&label("xts_dec_done"));
+
+&set_label("xts_dec_three",16);
+	&movaps	($inout5,$tweak);		# put aside last tweak
+	&movups	($inout0,&QWP(16*0,$inp));	# load input
+	&movups	($inout1,&QWP(16*1,$inp));
+	&movups	($inout2,&QWP(16*2,$inp));
+	&lea	($inp,&DWP(16*3,$inp));
+	&xorps	($inout0,$inout3);		# input^=tweak
+	&xorps	($inout1,$inout4);
+	&xorps	($inout2,$inout5);
+
+	&call	("_aesni_decrypt3");
+
+	&xorps	($inout0,$inout3);		# output^=tweak
+	&xorps	($inout1,$inout4);
+	&xorps	($inout2,$inout5);
+	&movups	(&QWP(16*0,$out),$inout0);	# write output
+	&movups	(&QWP(16*1,$out),$inout1);
+	&movups	(&QWP(16*2,$out),$inout2);
+	&lea	($out,&DWP(16*3,$out));
+
+	&movdqa	($tweak,$inout5);		# last tweak
+	&jmp	(&label("xts_dec_done"));
+
+&set_label("xts_dec_four",16);
+	&movaps	($inout4,$tweak);		# put aside last tweak
+
+	&movups	($inout0,&QWP(16*0,$inp));	# load input
+	&movups	($inout1,&QWP(16*1,$inp));
+	&movups	($inout2,&QWP(16*2,$inp));
+	&xorps	($inout0,&QWP(16*0,"esp"));	# input^=tweak
+	&movups	($inout3,&QWP(16*3,$inp));
+	&lea	($inp,&DWP(16*4,$inp));
+	&xorps	($inout1,&QWP(16*1,"esp"));
+	&xorps	($inout2,$inout5);
+	&xorps	($inout3,$inout4);
+
+	&call	("_aesni_decrypt4");
+
+	&xorps	($inout0,&QWP(16*0,"esp"));	# output^=tweak
+	&xorps	($inout1,&QWP(16*1,"esp"));
+	&xorps	($inout2,$inout5);
+	&movups	(&QWP(16*0,$out),$inout0);	# write output
+	&xorps	($inout3,$inout4);
+	&movups	(&QWP(16*1,$out),$inout1);
+	&movups	(&QWP(16*2,$out),$inout2);
+	&movups	(&QWP(16*3,$out),$inout3);
+	&lea	($out,&DWP(16*4,$out));
+
+	&movdqa	($tweak,$inout4);		# last tweak
+	&jmp	(&label("xts_dec_done"));
+
+&set_label("xts_dec_done6x",16);		# $tweak is pre-calculated
+	&mov	($len,&DWP(16*7+0,"esp"));	# restore original $len
+	&and	($len,15);
+	&jz	(&label("xts_dec_ret"));
+	&mov	(&DWP(16*7+0,"esp"),$len);	# save $len%16
+	&jmp	(&label("xts_dec_only_one_more"));
+
+&set_label("xts_dec_done",16);
+	&mov	($len,&DWP(16*7+0,"esp"));	# restore original $len
+	&pxor	($twtmp,$twtmp);
+	&and	($len,15);
+	&jz	(&label("xts_dec_ret"));
+
+	&pcmpgtd($twtmp,$tweak);		# broadcast upper bits
+	&mov	(&DWP(16*7+0,"esp"),$len);	# save $len%16
+	&pshufd	($twres,$twtmp,0x13);
+	&pxor	($twtmp,$twtmp);
+	&movdqa	($twmask,&QWP(16*6,"esp"));
+	&paddq	($tweak,$tweak);		# &psllq($tweak,1);
+	&pand	($twres,$twmask);		# isolate carry and residue
+	&pcmpgtd($twtmp,$tweak);		# broadcast upper bits
+	&pxor	($tweak,$twres);
+
+&set_label("xts_dec_only_one_more");
+	&pshufd	($inout3,$twtmp,0x13);
+	&movdqa	($inout4,$tweak);		# put aside previous tweak
+	&paddq	($tweak,$tweak);		# &psllq($tweak,1);
+	&pand	($inout3,$twmask);		# isolate carry and residue
+	&pxor	($inout3,$tweak);
+
+	&mov	($key,$key_);			# restore $key
+	&mov	($rounds,$rounds_);		# restore $rounds
+
+	&movups	($inout0,&QWP(0,$inp));		# load input
+	&xorps	($inout0,$inout3);		# input^=tweak
+	if ($inline)
+	{   &aesni_inline_generate1("dec");	}
+	else
+	{   &call	("_aesni_decrypt1");	}
+	&xorps	($inout0,$inout3);		# output^=tweak
+	&movups	(&QWP(0,$out),$inout0);		# write output
+
+&set_label("xts_dec_steal");
+	&movz	($rounds,&BP(16,$inp));
+	&movz	($key,&BP(0,$out));
+	&lea	($inp,&DWP(1,$inp));
+	&mov	(&BP(0,$out),&LB($rounds));
+	&mov	(&BP(16,$out),&LB($key));
+	&lea	($out,&DWP(1,$out));
+	&sub	($len,1);
+	&jnz	(&label("xts_dec_steal"));
+
+	&sub	($out,&DWP(16*7+0,"esp"));	# rewind $out
+	&mov	($key,$key_);			# restore $key
+	&mov	($rounds,$rounds_);		# restore $rounds
+
+	&movups	($inout0,&QWP(0,$out));		# load input
+	&xorps	($inout0,$inout4);		# input^=tweak
+	if ($inline)
+	{   &aesni_inline_generate1("dec");	}
+	else
+	{   &call	("_aesni_decrypt1");	}
+	&xorps	($inout0,$inout4);		# output^=tweak
+	&movups	(&QWP(0,$out),$inout0);		# write output
+
+&set_label("xts_dec_ret");
+	&pxor	("xmm0","xmm0");		# clear register bank
+	&pxor	("xmm1","xmm1");
+	&pxor	("xmm2","xmm2");
+	&movdqa	(&QWP(16*0,"esp"),"xmm0");	# clear stack
+	&pxor	("xmm3","xmm3");
+	&movdqa	(&QWP(16*1,"esp"),"xmm0");
+	&pxor	("xmm4","xmm4");
+	&movdqa	(&QWP(16*2,"esp"),"xmm0");
+	&pxor	("xmm5","xmm5");
+	&movdqa	(&QWP(16*3,"esp"),"xmm0");
+	&pxor	("xmm6","xmm6");
+	&movdqa	(&QWP(16*4,"esp"),"xmm0");
+	&pxor	("xmm7","xmm7");
+	&movdqa	(&QWP(16*5,"esp"),"xmm0");
+	&mov	("esp",&DWP(16*7+4,"esp"));	# restore %esp
+&function_end("aesni_xts_decrypt");
+}
+
+######################################################################
+# void aesni_ocb_[en|de]crypt(const char *inp, char *out, size_t blocks,
+#	const AES_KEY *key, unsigned int start_block_num,
+#	unsigned char offset_i[16], const unsigned char L_[][16],
+#	unsigned char checksum[16]);
+#
+{
+# offsets within stack frame
+my $checksum = 16*6;
+my ($key_off,$rounds_off,$out_off,$end_off,$esp_off)=map(16*7+4*$_,(0..4));
+
+# reassigned registers
+my ($l_,$block,$i1,$i3,$i5) = ($rounds_,$key_,$rounds,$len,$out);
+# $l_, $blocks, $inp, $key are permanently allocated in registers;
+# remaining non-volatile ones are offloaded to stack, which even
+# stay invariant after written to stack.
+
+&function_begin("aesni_ocb_encrypt");
+	&mov	($rounds,&wparam(5));		# &offset_i
+	&mov	($rounds_,&wparam(7));		# &checksum
+
+	&mov	($inp,&wparam(0));
+	&mov	($out,&wparam(1));
+	&mov	($len,&wparam(2));
+	&mov	($key,&wparam(3));
+	&movdqu	($rndkey0,&QWP(0,$rounds));	# load offset_i
+	&mov	($block,&wparam(4));		# start_block_num
+	&movdqu	($rndkey1,&QWP(0,$rounds_));	# load checksum
+	&mov	($l_,&wparam(6));		# L_
+
+	&mov	($rounds,"esp");
+	&sub	("esp",$esp_off+4);		# alloca
+	&and	("esp",-16);			# align stack
+
+	&sub	($out,$inp);
+	&shl	($len,4);
+	&lea	($len,&DWP(-16*6,$inp,$len));	# end of input - 16*6
+	&mov	(&DWP($out_off,"esp"),$out);
+	&mov	(&DWP($end_off,"esp"),$len);
+	&mov	(&DWP($esp_off,"esp"),$rounds);
+
+	&mov	($rounds,&DWP(240,$key));
+
+	&test	($block,1);
+	&jnz	(&label("odd"));
+
+	&bsf		($i3,$block);
+	&add		($block,1);
+	&shl		($i3,4);
+	&movdqu		($inout5,&QWP(0,$l_,$i3));
+	&mov		($i3,$key);			# put aside key
+
+	&movdqu		($inout0,&QWP(16*0,$inp));	# load input
+	&lea		($inp,&DWP(16,$inp));
+
+	&pxor		($inout5,$rndkey0);		# ^ last offset_i
+	&pxor		($rndkey1,$inout0);		# checksum
+	&pxor		($inout0,$inout5);		# ^ offset_i
+
+	&movdqa		($inout4,$rndkey1);
+	if ($inline)
+	{   &aesni_inline_generate1("enc");	}
+	else
+	{   &call	("_aesni_encrypt1");	}
+
+	&xorps		($inout0,$inout5);		# ^ offset_i
+	&movdqa		($rndkey0,$inout5);		# pass last offset_i
+	&movdqa		($rndkey1,$inout4);		# pass the checksum
+
+	&movups		(&QWP(-16,$out,$inp),$inout0);	# store output
+
+	&mov		($rounds,&DWP(240,$i3));
+	&mov		($key,$i3);			# restore key
+	&mov		($len,&DWP($end_off,"esp"));
+
+&set_label("odd");
+	&shl		($rounds,4);
+	&mov		($out,16);
+	&sub		($out,$rounds);			# twisted rounds
+	&mov		(&DWP($key_off,"esp"),$key);
+	&lea		($key,&DWP(32,$key,$rounds));	# end of key schedule
+	&mov		(&DWP($rounds_off,"esp"),$out);
+
+	&cmp		($inp,$len);
+	&ja		(&label("short"));
+	&jmp		(&label("grandloop"));
+
+&set_label("grandloop",32);
+	&lea		($i1,&DWP(1,$block));
+	&lea		($i3,&DWP(3,$block));
+	&lea		($i5,&DWP(5,$block));
+	&add		($block,6);
+	&bsf		($i1,$i1);
+	&bsf		($i3,$i3);
+	&bsf		($i5,$i5);
+	&shl		($i1,4);
+	&shl		($i3,4);
+	&shl		($i5,4);
+	&movdqu		($inout0,&QWP(0,$l_));
+	&movdqu		($inout1,&QWP(0,$l_,$i1));
+	&mov		($rounds,&DWP($rounds_off,"esp"));
+	&movdqa		($inout2,$inout0);
+	&movdqu		($inout3,&QWP(0,$l_,$i3));
+	&movdqa		($inout4,$inout0);
+	&movdqu		($inout5,&QWP(0,$l_,$i5));
+
+	&pxor		($inout0,$rndkey0);		# ^ last offset_i
+	&pxor		($inout1,$inout0);
+	&movdqa		(&QWP(16*0,"esp"),$inout0);
+	&pxor		($inout2,$inout1);
+	&movdqa		(&QWP(16*1,"esp"),$inout1);
+	&pxor		($inout3,$inout2);
+	&movdqa		(&QWP(16*2,"esp"),$inout2);
+	&pxor		($inout4,$inout3);
+	&movdqa		(&QWP(16*3,"esp"),$inout3);
+	&pxor		($inout5,$inout4);
+	&movdqa		(&QWP(16*4,"esp"),$inout4);
+	&movdqa		(&QWP(16*5,"esp"),$inout5);
+
+	&$movekey	($rndkey0,&QWP(-48,$key,$rounds));
+	&movdqu		($inout0,&QWP(16*0,$inp));	# load input
+	&movdqu		($inout1,&QWP(16*1,$inp));
+	&movdqu		($inout2,&QWP(16*2,$inp));
+	&movdqu		($inout3,&QWP(16*3,$inp));
+	&movdqu		($inout4,&QWP(16*4,$inp));
+	&movdqu		($inout5,&QWP(16*5,$inp));
+	&lea		($inp,&DWP(16*6,$inp));
+
+	&pxor		($rndkey1,$inout0);		# checksum
+	&pxor		($inout0,$rndkey0);		# ^ roundkey[0]
+	&pxor		($rndkey1,$inout1);
+	&pxor		($inout1,$rndkey0);
+	&pxor		($rndkey1,$inout2);
+	&pxor		($inout2,$rndkey0);
+	&pxor		($rndkey1,$inout3);
+	&pxor		($inout3,$rndkey0);
+	&pxor		($rndkey1,$inout4);
+	&pxor		($inout4,$rndkey0);
+	&pxor		($rndkey1,$inout5);
+	&pxor		($inout5,$rndkey0);
+	&movdqa		(&QWP($checksum,"esp"),$rndkey1);
+
+	&$movekey	($rndkey1,&QWP(-32,$key,$rounds));
+	&pxor		($inout0,&QWP(16*0,"esp"));	# ^ offset_i
+	&pxor		($inout1,&QWP(16*1,"esp"));
+	&pxor		($inout2,&QWP(16*2,"esp"));
+	&pxor		($inout3,&QWP(16*3,"esp"));
+	&pxor		($inout4,&QWP(16*4,"esp"));
+	&pxor		($inout5,&QWP(16*5,"esp"));
+
+	&$movekey	($rndkey0,&QWP(-16,$key,$rounds));
+	&aesenc		($inout0,$rndkey1);
+	&aesenc		($inout1,$rndkey1);
+	&aesenc		($inout2,$rndkey1);
+	&aesenc		($inout3,$rndkey1);
+	&aesenc		($inout4,$rndkey1);
+	&aesenc		($inout5,$rndkey1);
+
+	&mov		($out,&DWP($out_off,"esp"));
+	&mov		($len,&DWP($end_off,"esp"));
+	&call		("_aesni_encrypt6_enter");
+
+	&movdqa		($rndkey0,&QWP(16*5,"esp"));	# pass last offset_i
+	&pxor		($inout0,&QWP(16*0,"esp"));	# ^ offset_i
+	&pxor		($inout1,&QWP(16*1,"esp"));
+	&pxor		($inout2,&QWP(16*2,"esp"));
+	&pxor		($inout3,&QWP(16*3,"esp"));
+	&pxor		($inout4,&QWP(16*4,"esp"));
+	&pxor		($inout5,$rndkey0);
+	&movdqa		($rndkey1,&QWP($checksum,"esp"));# pass the checksum
+
+	&movdqu		(&QWP(-16*6,$out,$inp),$inout0);# store output
+	&movdqu		(&QWP(-16*5,$out,$inp),$inout1);
+	&movdqu		(&QWP(-16*4,$out,$inp),$inout2);
+	&movdqu		(&QWP(-16*3,$out,$inp),$inout3);
+	&movdqu		(&QWP(-16*2,$out,$inp),$inout4);
+	&movdqu		(&QWP(-16*1,$out,$inp),$inout5);
+	&cmp		($inp,$len);			# done yet?
+	&jb		(&label("grandloop"));
+
+&set_label("short");
+	&add		($len,16*6);
+	&sub		($len,$inp);
+	&jz		(&label("done"));
+
+	&cmp		($len,16*2);
+	&jb		(&label("one"));
+	&je		(&label("two"));
+
+	&cmp		($len,16*4);
+	&jb		(&label("three"));
+	&je		(&label("four"));
+
+	&lea		($i1,&DWP(1,$block));
+	&lea		($i3,&DWP(3,$block));
+	&bsf		($i1,$i1);
+	&bsf		($i3,$i3);
+	&shl		($i1,4);
+	&shl		($i3,4);
+	&movdqu		($inout0,&QWP(0,$l_));
+	&movdqu		($inout1,&QWP(0,$l_,$i1));
+	&mov		($rounds,&DWP($rounds_off,"esp"));
+	&movdqa		($inout2,$inout0);
+	&movdqu		($inout3,&QWP(0,$l_,$i3));
+	&movdqa		($inout4,$inout0);
+
+	&pxor		($inout0,$rndkey0);		# ^ last offset_i
+	&pxor		($inout1,$inout0);
+	&movdqa		(&QWP(16*0,"esp"),$inout0);
+	&pxor		($inout2,$inout1);
+	&movdqa		(&QWP(16*1,"esp"),$inout1);
+	&pxor		($inout3,$inout2);
+	&movdqa		(&QWP(16*2,"esp"),$inout2);
+	&pxor		($inout4,$inout3);
+	&movdqa		(&QWP(16*3,"esp"),$inout3);
+	&pxor		($inout5,$inout4);
+	&movdqa		(&QWP(16*4,"esp"),$inout4);
+
+	&$movekey	($rndkey0,&QWP(-48,$key,$rounds));
+	&movdqu		($inout0,&QWP(16*0,$inp));	# load input
+	&movdqu		($inout1,&QWP(16*1,$inp));
+	&movdqu		($inout2,&QWP(16*2,$inp));
+	&movdqu		($inout3,&QWP(16*3,$inp));
+	&movdqu		($inout4,&QWP(16*4,$inp));
+	&pxor		($inout5,$inout5);
+
+	&pxor		($rndkey1,$inout0);		# checksum
+	&pxor		($inout0,$rndkey0);		# ^ roundkey[0]
+	&pxor		($rndkey1,$inout1);
+	&pxor		($inout1,$rndkey0);
+	&pxor		($rndkey1,$inout2);
+	&pxor		($inout2,$rndkey0);
+	&pxor		($rndkey1,$inout3);
+	&pxor		($inout3,$rndkey0);
+	&pxor		($rndkey1,$inout4);
+	&pxor		($inout4,$rndkey0);
+	&movdqa		(&QWP($checksum,"esp"),$rndkey1);
+
+	&$movekey	($rndkey1,&QWP(-32,$key,$rounds));
+	&pxor		($inout0,&QWP(16*0,"esp"));	# ^ offset_i
+	&pxor		($inout1,&QWP(16*1,"esp"));
+	&pxor		($inout2,&QWP(16*2,"esp"));
+	&pxor		($inout3,&QWP(16*3,"esp"));
+	&pxor		($inout4,&QWP(16*4,"esp"));
+
+	&$movekey	($rndkey0,&QWP(-16,$key,$rounds));
+	&aesenc		($inout0,$rndkey1);
+	&aesenc		($inout1,$rndkey1);
+	&aesenc		($inout2,$rndkey1);
+	&aesenc		($inout3,$rndkey1);
+	&aesenc		($inout4,$rndkey1);
+	&aesenc		($inout5,$rndkey1);
+
+	&mov		($out,&DWP($out_off,"esp"));
+	&call		("_aesni_encrypt6_enter");
+
+	&movdqa		($rndkey0,&QWP(16*4,"esp"));	# pass last offset_i
+	&pxor		($inout0,&QWP(16*0,"esp"));	# ^ offset_i
+	&pxor		($inout1,&QWP(16*1,"esp"));
+	&pxor		($inout2,&QWP(16*2,"esp"));
+	&pxor		($inout3,&QWP(16*3,"esp"));
+	&pxor		($inout4,$rndkey0);
+	&movdqa		($rndkey1,&QWP($checksum,"esp"));# pass the checksum
+
+	&movdqu		(&QWP(16*0,$out,$inp),$inout0);	# store output
+	&movdqu		(&QWP(16*1,$out,$inp),$inout1);
+	&movdqu		(&QWP(16*2,$out,$inp),$inout2);
+	&movdqu		(&QWP(16*3,$out,$inp),$inout3);
+	&movdqu		(&QWP(16*4,$out,$inp),$inout4);
+
+	&jmp		(&label("done"));
+
+&set_label("one",16);
+	&movdqu		($inout5,&QWP(0,$l_));
+	&mov		($key,&DWP($key_off,"esp"));	# restore key
+
+	&movdqu		($inout0,&QWP(16*0,$inp));	# load input
+	&mov		($rounds,&DWP(240,$key));
+
+	&pxor		($inout5,$rndkey0);		# ^ last offset_i
+	&pxor		($rndkey1,$inout0);		# checksum
+	&pxor		($inout0,$inout5);		# ^ offset_i
+
+	&movdqa		($inout4,$rndkey1);
+	&mov		($out,&DWP($out_off,"esp"));
+	if ($inline)
+	{   &aesni_inline_generate1("enc");	}
+	else
+	{   &call	("_aesni_encrypt1");	}
+
+	&xorps		($inout0,$inout5);		# ^ offset_i
+	&movdqa		($rndkey0,$inout5);		# pass last offset_i
+	&movdqa		($rndkey1,$inout4);		# pass the checksum
+	&movups		(&QWP(0,$out,$inp),$inout0);
+
+	&jmp		(&label("done"));
+
+&set_label("two",16);
+	&lea		($i1,&DWP(1,$block));
+	&mov		($key,&DWP($key_off,"esp"));	# restore key
+	&bsf		($i1,$i1);
+	&shl		($i1,4);
+	&movdqu		($inout4,&QWP(0,$l_));
+	&movdqu		($inout5,&QWP(0,$l_,$i1));
+
+	&movdqu		($inout0,&QWP(16*0,$inp));	# load input
+	&movdqu		($inout1,&QWP(16*1,$inp));
+	&mov		($rounds,&DWP(240,$key));
+
+	&pxor		($inout4,$rndkey0);		# ^ last offset_i
+	&pxor		($inout5,$inout4);
+
+	&pxor		($rndkey1,$inout0);		# checksum
+	&pxor		($inout0,$inout4);		# ^ offset_i
+	&pxor		($rndkey1,$inout1);
+	&pxor		($inout1,$inout5);
+
+	&movdqa		($inout3,$rndkey1)
+	&mov		($out,&DWP($out_off,"esp"));
+	&call		("_aesni_encrypt2");
+
+	&xorps		($inout0,$inout4);		# ^ offset_i
+	&xorps		($inout1,$inout5);
+	&movdqa		($rndkey0,$inout5);		# pass last offset_i
+	&movdqa		($rndkey1,$inout3);		# pass the checksum
+	&movups		(&QWP(16*0,$out,$inp),$inout0);	# store output
+	&movups		(&QWP(16*1,$out,$inp),$inout1);
+
+	&jmp		(&label("done"));
+
+&set_label("three",16);
+	&lea		($i1,&DWP(1,$block));
+	&mov		($key,&DWP($key_off,"esp"));	# restore key
+	&bsf		($i1,$i1);
+	&shl		($i1,4);
+	&movdqu		($inout3,&QWP(0,$l_));
+	&movdqu		($inout4,&QWP(0,$l_,$i1));
+	&movdqa		($inout5,$inout3);
+
+	&movdqu		($inout0,&QWP(16*0,$inp));	# load input
+	&movdqu		($inout1,&QWP(16*1,$inp));
+	&movdqu		($inout2,&QWP(16*2,$inp));
+	&mov		($rounds,&DWP(240,$key));
+
+	&pxor		($inout3,$rndkey0);		# ^ last offset_i
+	&pxor		($inout4,$inout3);
+	&pxor		($inout5,$inout4);
+
+	&pxor		($rndkey1,$inout0);		# checksum
+	&pxor		($inout0,$inout3);		# ^ offset_i
+	&pxor		($rndkey1,$inout1);
+	&pxor		($inout1,$inout4);
+	&pxor		($rndkey1,$inout2);
+	&pxor		($inout2,$inout5);
+
+	&movdqa		(&QWP($checksum,"esp"),$rndkey1);
+	&mov		($out,&DWP($out_off,"esp"));
+	&call		("_aesni_encrypt3");
+
+	&xorps		($inout0,$inout3);		# ^ offset_i
+	&xorps		($inout1,$inout4);
+	&xorps		($inout2,$inout5);
+	&movdqa		($rndkey0,$inout5);		# pass last offset_i
+	&movdqa		($rndkey1,&QWP($checksum,"esp"));# pass the checksum
+	&movups		(&QWP(16*0,$out,$inp),$inout0);	# store output
+	&movups		(&QWP(16*1,$out,$inp),$inout1);
+	&movups		(&QWP(16*2,$out,$inp),$inout2);
+
+	&jmp		(&label("done"));
+
+&set_label("four",16);
+	&lea		($i1,&DWP(1,$block));
+	&lea		($i3,&DWP(3,$block));
+	&bsf		($i1,$i1);
+	&bsf		($i3,$i3);
+	&mov		($key,&DWP($key_off,"esp"));	# restore key
+	&shl		($i1,4);
+	&shl		($i3,4);
+	&movdqu		($inout2,&QWP(0,$l_));
+	&movdqu		($inout3,&QWP(0,$l_,$i1));
+	&movdqa		($inout4,$inout2);
+	&movdqu		($inout5,&QWP(0,$l_,$i3));
+
+	&pxor		($inout2,$rndkey0);		# ^ last offset_i
+	&movdqu		($inout0,&QWP(16*0,$inp));	# load input
+	&pxor		($inout3,$inout2);
+	&movdqu		($inout1,&QWP(16*1,$inp));
+	&pxor		($inout4,$inout3);
+	&movdqa		(&QWP(16*0,"esp"),$inout2);
+	&pxor		($inout5,$inout4);
+	&movdqa		(&QWP(16*1,"esp"),$inout3);
+	&movdqu		($inout2,&QWP(16*2,$inp));
+	&movdqu		($inout3,&QWP(16*3,$inp));
+	&mov		($rounds,&DWP(240,$key));
+
+	&pxor		($rndkey1,$inout0);		# checksum
+	&pxor		($inout0,&QWP(16*0,"esp"));	# ^ offset_i
+	&pxor		($rndkey1,$inout1);
+	&pxor		($inout1,&QWP(16*1,"esp"));
+	&pxor		($rndkey1,$inout2);
+	&pxor		($inout2,$inout4);
+	&pxor		($rndkey1,$inout3);
+	&pxor		($inout3,$inout5);
+
+	&movdqa		(&QWP($checksum,"esp"),$rndkey1)
+	&mov		($out,&DWP($out_off,"esp"));
+	&call		("_aesni_encrypt4");
+
+	&xorps		($inout0,&QWP(16*0,"esp"));	# ^ offset_i
+	&xorps		($inout1,&QWP(16*1,"esp"));
+	&xorps		($inout2,$inout4);
+	&movups		(&QWP(16*0,$out,$inp),$inout0);	# store output
+	&xorps		($inout3,$inout5);
+	&movups		(&QWP(16*1,$out,$inp),$inout1);
+	&movdqa		($rndkey0,$inout5);		# pass last offset_i
+	&movups		(&QWP(16*2,$out,$inp),$inout2);
+	&movdqa		($rndkey1,&QWP($checksum,"esp"));# pass the checksum
+	&movups		(&QWP(16*3,$out,$inp),$inout3);
+
+&set_label("done");
+	&mov	($key,&DWP($esp_off,"esp"));
+	&pxor	($inout0,$inout0);		# clear register bank
+	&pxor	($inout1,$inout1);
+	&movdqa	(&QWP(16*0,"esp"),$inout0);	# clear stack
+	&pxor	($inout2,$inout2);
+	&movdqa	(&QWP(16*1,"esp"),$inout0);
+	&pxor	($inout3,$inout3);
+	&movdqa	(&QWP(16*2,"esp"),$inout0);
+	&pxor	($inout4,$inout4);
+	&movdqa	(&QWP(16*3,"esp"),$inout0);
+	&pxor	($inout5,$inout5);
+	&movdqa	(&QWP(16*4,"esp"),$inout0);
+	&movdqa	(&QWP(16*5,"esp"),$inout0);
+	&movdqa	(&QWP(16*6,"esp"),$inout0);
+
+	&lea	("esp",&DWP(0,$key));
+	&mov	($rounds,&wparam(5));		# &offset_i
+	&mov	($rounds_,&wparam(7));		# &checksum
+	&movdqu	(&QWP(0,$rounds),$rndkey0);
+	&pxor	($rndkey0,$rndkey0);
+	&movdqu	(&QWP(0,$rounds_),$rndkey1);
+	&pxor	($rndkey1,$rndkey1);
+&function_end("aesni_ocb_encrypt");
+
+&function_begin("aesni_ocb_decrypt");
+	&mov	($rounds,&wparam(5));		# &offset_i
+	&mov	($rounds_,&wparam(7));		# &checksum
+
+	&mov	($inp,&wparam(0));
+	&mov	($out,&wparam(1));
+	&mov	($len,&wparam(2));
+	&mov	($key,&wparam(3));
+	&movdqu	($rndkey0,&QWP(0,$rounds));	# load offset_i
+	&mov	($block,&wparam(4));		# start_block_num
+	&movdqu	($rndkey1,&QWP(0,$rounds_));	# load checksum
+	&mov	($l_,&wparam(6));		# L_
+
+	&mov	($rounds,"esp");
+	&sub	("esp",$esp_off+4);		# alloca
+	&and	("esp",-16);			# align stack
+
+	&sub	($out,$inp);
+	&shl	($len,4);
+	&lea	($len,&DWP(-16*6,$inp,$len));	# end of input - 16*6
+	&mov	(&DWP($out_off,"esp"),$out);
+	&mov	(&DWP($end_off,"esp"),$len);
+	&mov	(&DWP($esp_off,"esp"),$rounds);
+
+	&mov	($rounds,&DWP(240,$key));
+
+	&test	($block,1);
+	&jnz	(&label("odd"));
+
+	&bsf		($i3,$block);
+	&add		($block,1);
+	&shl		($i3,4);
+	&movdqu		($inout5,&QWP(0,$l_,$i3));
+	&mov		($i3,$key);			# put aside key
+
+	&movdqu		($inout0,&QWP(16*0,$inp));	# load input
+	&lea		($inp,&DWP(16,$inp));
+
+	&pxor		($inout5,$rndkey0);		# ^ last offset_i
+	&pxor		($inout0,$inout5);		# ^ offset_i
+
+	&movdqa		($inout4,$rndkey1);
+	if ($inline)
+	{   &aesni_inline_generate1("dec");	}
+	else
+	{   &call	("_aesni_decrypt1");	}
+
+	&xorps		($inout0,$inout5);		# ^ offset_i
+	&movaps		($rndkey1,$inout4);		# pass the checksum
+	&movdqa		($rndkey0,$inout5);		# pass last offset_i
+	&xorps		($rndkey1,$inout0);		# checksum
+	&movups		(&QWP(-16,$out,$inp),$inout0);	# store output
+
+	&mov		($rounds,&DWP(240,$i3));
+	&mov		($key,$i3);			# restore key
+	&mov		($len,&DWP($end_off,"esp"));
+
+&set_label("odd");
+	&shl		($rounds,4);
+	&mov		($out,16);
+	&sub		($out,$rounds);			# twisted rounds
+	&mov		(&DWP($key_off,"esp"),$key);
+	&lea		($key,&DWP(32,$key,$rounds));	# end of key schedule
+	&mov		(&DWP($rounds_off,"esp"),$out);
+
+	&cmp		($inp,$len);
+	&ja		(&label("short"));
+	&jmp		(&label("grandloop"));
+
+&set_label("grandloop",32);
+	&lea		($i1,&DWP(1,$block));
+	&lea		($i3,&DWP(3,$block));
+	&lea		($i5,&DWP(5,$block));
+	&add		($block,6);
+	&bsf		($i1,$i1);
+	&bsf		($i3,$i3);
+	&bsf		($i5,$i5);
+	&shl		($i1,4);
+	&shl		($i3,4);
+	&shl		($i5,4);
+	&movdqu		($inout0,&QWP(0,$l_));
+	&movdqu		($inout1,&QWP(0,$l_,$i1));
+	&mov		($rounds,&DWP($rounds_off,"esp"));
+	&movdqa		($inout2,$inout0);
+	&movdqu		($inout3,&QWP(0,$l_,$i3));
+	&movdqa		($inout4,$inout0);
+	&movdqu		($inout5,&QWP(0,$l_,$i5));
+
+	&pxor		($inout0,$rndkey0);		# ^ last offset_i
+	&pxor		($inout1,$inout0);
+	&movdqa		(&QWP(16*0,"esp"),$inout0);
+	&pxor		($inout2,$inout1);
+	&movdqa		(&QWP(16*1,"esp"),$inout1);
+	&pxor		($inout3,$inout2);
+	&movdqa		(&QWP(16*2,"esp"),$inout2);
+	&pxor		($inout4,$inout3);
+	&movdqa		(&QWP(16*3,"esp"),$inout3);
+	&pxor		($inout5,$inout4);
+	&movdqa		(&QWP(16*4,"esp"),$inout4);
+	&movdqa		(&QWP(16*5,"esp"),$inout5);
+
+	&$movekey	($rndkey0,&QWP(-48,$key,$rounds));
+	&movdqu		($inout0,&QWP(16*0,$inp));	# load input
+	&movdqu		($inout1,&QWP(16*1,$inp));
+	&movdqu		($inout2,&QWP(16*2,$inp));
+	&movdqu		($inout3,&QWP(16*3,$inp));
+	&movdqu		($inout4,&QWP(16*4,$inp));
+	&movdqu		($inout5,&QWP(16*5,$inp));
+	&lea		($inp,&DWP(16*6,$inp));
+
+	&movdqa		(&QWP($checksum,"esp"),$rndkey1);
+	&pxor		($inout0,$rndkey0);		# ^ roundkey[0]
+	&pxor		($inout1,$rndkey0);
+	&pxor		($inout2,$rndkey0);
+	&pxor		($inout3,$rndkey0);
+	&pxor		($inout4,$rndkey0);
+	&pxor		($inout5,$rndkey0);
+
+	&$movekey	($rndkey1,&QWP(-32,$key,$rounds));
+	&pxor		($inout0,&QWP(16*0,"esp"));	# ^ offset_i
+	&pxor		($inout1,&QWP(16*1,"esp"));
+	&pxor		($inout2,&QWP(16*2,"esp"));
+	&pxor		($inout3,&QWP(16*3,"esp"));
+	&pxor		($inout4,&QWP(16*4,"esp"));
+	&pxor		($inout5,&QWP(16*5,"esp"));
+
+	&$movekey	($rndkey0,&QWP(-16,$key,$rounds));
+	&aesdec		($inout0,$rndkey1);
+	&aesdec		($inout1,$rndkey1);
+	&aesdec		($inout2,$rndkey1);
+	&aesdec		($inout3,$rndkey1);
+	&aesdec		($inout4,$rndkey1);
+	&aesdec		($inout5,$rndkey1);
+
+	&mov		($out,&DWP($out_off,"esp"));
+	&mov		($len,&DWP($end_off,"esp"));
+	&call		("_aesni_decrypt6_enter");
+
+	&movdqa		($rndkey0,&QWP(16*5,"esp"));	# pass last offset_i
+	&pxor		($inout0,&QWP(16*0,"esp"));	# ^ offset_i
+	&movdqa		($rndkey1,&QWP($checksum,"esp"));
+	&pxor		($inout1,&QWP(16*1,"esp"));
+	&pxor		($inout2,&QWP(16*2,"esp"));
+	&pxor		($inout3,&QWP(16*3,"esp"));
+	&pxor		($inout4,&QWP(16*4,"esp"));
+	&pxor		($inout5,$rndkey0);
+
+	&pxor		($rndkey1,$inout0);		# checksum
+	&movdqu		(&QWP(-16*6,$out,$inp),$inout0);# store output
+	&pxor		($rndkey1,$inout1);
+	&movdqu		(&QWP(-16*5,$out,$inp),$inout1);
+	&pxor		($rndkey1,$inout2);
+	&movdqu		(&QWP(-16*4,$out,$inp),$inout2);
+	&pxor		($rndkey1,$inout3);
+	&movdqu		(&QWP(-16*3,$out,$inp),$inout3);
+	&pxor		($rndkey1,$inout4);
+	&movdqu		(&QWP(-16*2,$out,$inp),$inout4);
+	&pxor		($rndkey1,$inout5);
+	&movdqu		(&QWP(-16*1,$out,$inp),$inout5);
+	&cmp		($inp,$len);			# done yet?
+	&jb		(&label("grandloop"));
+
+&set_label("short");
+	&add		($len,16*6);
+	&sub		($len,$inp);
+	&jz		(&label("done"));
+
+	&cmp		($len,16*2);
+	&jb		(&label("one"));
+	&je		(&label("two"));
+
+	&cmp		($len,16*4);
+	&jb		(&label("three"));
+	&je		(&label("four"));
+
+	&lea		($i1,&DWP(1,$block));
+	&lea		($i3,&DWP(3,$block));
+	&bsf		($i1,$i1);
+	&bsf		($i3,$i3);
+	&shl		($i1,4);
+	&shl		($i3,4);
+	&movdqu		($inout0,&QWP(0,$l_));
+	&movdqu		($inout1,&QWP(0,$l_,$i1));
+	&mov		($rounds,&DWP($rounds_off,"esp"));
+	&movdqa		($inout2,$inout0);
+	&movdqu		($inout3,&QWP(0,$l_,$i3));
+	&movdqa		($inout4,$inout0);
+
+	&pxor		($inout0,$rndkey0);		# ^ last offset_i
+	&pxor		($inout1,$inout0);
+	&movdqa		(&QWP(16*0,"esp"),$inout0);
+	&pxor		($inout2,$inout1);
+	&movdqa		(&QWP(16*1,"esp"),$inout1);
+	&pxor		($inout3,$inout2);
+	&movdqa		(&QWP(16*2,"esp"),$inout2);
+	&pxor		($inout4,$inout3);
+	&movdqa		(&QWP(16*3,"esp"),$inout3);
+	&pxor		($inout5,$inout4);
+	&movdqa		(&QWP(16*4,"esp"),$inout4);
+
+	&$movekey	($rndkey0,&QWP(-48,$key,$rounds));
+	&movdqu		($inout0,&QWP(16*0,$inp));	# load input
+	&movdqu		($inout1,&QWP(16*1,$inp));
+	&movdqu		($inout2,&QWP(16*2,$inp));
+	&movdqu		($inout3,&QWP(16*3,$inp));
+	&movdqu		($inout4,&QWP(16*4,$inp));
+	&pxor		($inout5,$inout5);
+
+	&movdqa		(&QWP($checksum,"esp"),$rndkey1);
+	&pxor		($inout0,$rndkey0);		# ^ roundkey[0]
+	&pxor		($inout1,$rndkey0);
+	&pxor		($inout2,$rndkey0);
+	&pxor		($inout3,$rndkey0);
+	&pxor		($inout4,$rndkey0);
+
+	&$movekey	($rndkey1,&QWP(-32,$key,$rounds));
+	&pxor		($inout0,&QWP(16*0,"esp"));	# ^ offset_i
+	&pxor		($inout1,&QWP(16*1,"esp"));
+	&pxor		($inout2,&QWP(16*2,"esp"));
+	&pxor		($inout3,&QWP(16*3,"esp"));
+	&pxor		($inout4,&QWP(16*4,"esp"));
+
+	&$movekey	($rndkey0,&QWP(-16,$key,$rounds));
+	&aesdec		($inout0,$rndkey1);
+	&aesdec		($inout1,$rndkey1);
+	&aesdec		($inout2,$rndkey1);
+	&aesdec		($inout3,$rndkey1);
+	&aesdec		($inout4,$rndkey1);
+	&aesdec		($inout5,$rndkey1);
+
+	&mov		($out,&DWP($out_off,"esp"));
+	&call		("_aesni_decrypt6_enter");
+
+	&movdqa		($rndkey0,&QWP(16*4,"esp"));	# pass last offset_i
+	&pxor		($inout0,&QWP(16*0,"esp"));	# ^ offset_i
+	&movdqa		($rndkey1,&QWP($checksum,"esp"));
+	&pxor		($inout1,&QWP(16*1,"esp"));
+	&pxor		($inout2,&QWP(16*2,"esp"));
+	&pxor		($inout3,&QWP(16*3,"esp"));
+	&pxor		($inout4,$rndkey0);
+
+	&pxor		($rndkey1,$inout0);		# checksum
+	&movdqu		(&QWP(16*0,$out,$inp),$inout0);	# store output
+	&pxor		($rndkey1,$inout1);
+	&movdqu		(&QWP(16*1,$out,$inp),$inout1);
+	&pxor		($rndkey1,$inout2);
+	&movdqu		(&QWP(16*2,$out,$inp),$inout2);
+	&pxor		($rndkey1,$inout3);
+	&movdqu		(&QWP(16*3,$out,$inp),$inout3);
+	&pxor		($rndkey1,$inout4);
+	&movdqu		(&QWP(16*4,$out,$inp),$inout4);
+
+	&jmp		(&label("done"));
+
+&set_label("one",16);
+	&movdqu		($inout5,&QWP(0,$l_));
+	&mov		($key,&DWP($key_off,"esp"));	# restore key
+
+	&movdqu		($inout0,&QWP(16*0,$inp));	# load input
+	&mov		($rounds,&DWP(240,$key));
+
+	&pxor		($inout5,$rndkey0);		# ^ last offset_i
+	&pxor		($inout0,$inout5);		# ^ offset_i
+
+	&movdqa		($inout4,$rndkey1);
+	&mov		($out,&DWP($out_off,"esp"));
+	if ($inline)
+	{   &aesni_inline_generate1("dec");	}
+	else
+	{   &call	("_aesni_decrypt1");	}
+
+	&xorps		($inout0,$inout5);		# ^ offset_i
+	&movaps		($rndkey1,$inout4);		# pass the checksum
+	&movdqa		($rndkey0,$inout5);		# pass last offset_i
+	&xorps		($rndkey1,$inout0);		# checksum
+	&movups		(&QWP(0,$out,$inp),$inout0);
+
+	&jmp		(&label("done"));
+
+&set_label("two",16);
+	&lea		($i1,&DWP(1,$block));
+	&mov		($key,&DWP($key_off,"esp"));	# restore key
+	&bsf		($i1,$i1);
+	&shl		($i1,4);
+	&movdqu		($inout4,&QWP(0,$l_));
+	&movdqu		($inout5,&QWP(0,$l_,$i1));
+
+	&movdqu		($inout0,&QWP(16*0,$inp));	# load input
+	&movdqu		($inout1,&QWP(16*1,$inp));
+	&mov		($rounds,&DWP(240,$key));
+
+	&movdqa		($inout3,$rndkey1);
+	&pxor		($inout4,$rndkey0);		# ^ last offset_i
+	&pxor		($inout5,$inout4);
+
+	&pxor		($inout0,$inout4);		# ^ offset_i
+	&pxor		($inout1,$inout5);
+
+	&mov		($out,&DWP($out_off,"esp"));
+	&call		("_aesni_decrypt2");
+
+	&xorps		($inout0,$inout4);		# ^ offset_i
+	&xorps		($inout1,$inout5);
+	&movdqa		($rndkey0,$inout5);		# pass last offset_i
+	&xorps		($inout3,$inout0);		# checksum
+	&movups		(&QWP(16*0,$out,$inp),$inout0);	# store output
+	&xorps		($inout3,$inout1);
+	&movups		(&QWP(16*1,$out,$inp),$inout1);
+	&movaps		($rndkey1,$inout3);		# pass the checksum
+
+	&jmp		(&label("done"));
+
+&set_label("three",16);
+	&lea		($i1,&DWP(1,$block));
+	&mov		($key,&DWP($key_off,"esp"));	# restore key
+	&bsf		($i1,$i1);
+	&shl		($i1,4);
+	&movdqu		($inout3,&QWP(0,$l_));
+	&movdqu		($inout4,&QWP(0,$l_,$i1));
+	&movdqa		($inout5,$inout3);
+
+	&movdqu		($inout0,&QWP(16*0,$inp));	# load input
+	&movdqu		($inout1,&QWP(16*1,$inp));
+	&movdqu		($inout2,&QWP(16*2,$inp));
+	&mov		($rounds,&DWP(240,$key));
+
+	&movdqa		(&QWP($checksum,"esp"),$rndkey1);
+	&pxor		($inout3,$rndkey0);		# ^ last offset_i
+	&pxor		($inout4,$inout3);
+	&pxor		($inout5,$inout4);
+
+	&pxor		($inout0,$inout3);		# ^ offset_i
+	&pxor		($inout1,$inout4);
+	&pxor		($inout2,$inout5);
+
+	&mov		($out,&DWP($out_off,"esp"));
+	&call		("_aesni_decrypt3");
+
+	&movdqa		($rndkey1,&QWP($checksum,"esp"));# pass the checksum
+	&xorps		($inout0,$inout3);		# ^ offset_i
+	&xorps		($inout1,$inout4);
+	&xorps		($inout2,$inout5);
+	&movups		(&QWP(16*0,$out,$inp),$inout0);	# store output
+	&pxor		($rndkey1,$inout0);		# checksum
+	&movdqa		($rndkey0,$inout5);		# pass last offset_i
+	&movups		(&QWP(16*1,$out,$inp),$inout1);
+	&pxor		($rndkey1,$inout1);
+	&movups		(&QWP(16*2,$out,$inp),$inout2);
+	&pxor		($rndkey1,$inout2);
+
+	&jmp		(&label("done"));
+
+&set_label("four",16);
+	&lea		($i1,&DWP(1,$block));
+	&lea		($i3,&DWP(3,$block));
+	&bsf		($i1,$i1);
+	&bsf		($i3,$i3);
+	&mov		($key,&DWP($key_off,"esp"));	# restore key
+	&shl		($i1,4);
+	&shl		($i3,4);
+	&movdqu		($inout2,&QWP(0,$l_));
+	&movdqu		($inout3,&QWP(0,$l_,$i1));
+	&movdqa		($inout4,$inout2);
+	&movdqu		($inout5,&QWP(0,$l_,$i3));
+
+	&pxor		($inout2,$rndkey0);		# ^ last offset_i
+	&movdqu		($inout0,&QWP(16*0,$inp));	# load input
+	&pxor		($inout3,$inout2);
+	&movdqu		($inout1,&QWP(16*1,$inp));
+	&pxor		($inout4,$inout3);
+	&movdqa		(&QWP(16*0,"esp"),$inout2);
+	&pxor		($inout5,$inout4);
+	&movdqa		(&QWP(16*1,"esp"),$inout3);
+	&movdqu		($inout2,&QWP(16*2,$inp));
+	&movdqu		($inout3,&QWP(16*3,$inp));
+	&mov		($rounds,&DWP(240,$key));
+
+	&movdqa		(&QWP($checksum,"esp"),$rndkey1);
+	&pxor		($inout0,&QWP(16*0,"esp"));	# ^ offset_i
+	&pxor		($inout1,&QWP(16*1,"esp"));
+	&pxor		($inout2,$inout4);
+	&pxor		($inout3,$inout5);
+
+	&mov		($out,&DWP($out_off,"esp"));
+	&call		("_aesni_decrypt4");
+
+	&movdqa		($rndkey1,&QWP($checksum,"esp"));# pass the checksum
+	&xorps		($inout0,&QWP(16*0,"esp"));	# ^ offset_i
+	&xorps		($inout1,&QWP(16*1,"esp"));
+	&xorps		($inout2,$inout4);
+	&movups		(&QWP(16*0,$out,$inp),$inout0);	# store output
+	&pxor		($rndkey1,$inout0);		# checksum
+	&xorps		($inout3,$inout5);
+	&movups		(&QWP(16*1,$out,$inp),$inout1);
+	&pxor		($rndkey1,$inout1);
+	&movdqa		($rndkey0,$inout5);		# pass last offset_i
+	&movups		(&QWP(16*2,$out,$inp),$inout2);
+	&pxor		($rndkey1,$inout2);
+	&movups		(&QWP(16*3,$out,$inp),$inout3);
+	&pxor		($rndkey1,$inout3);
+
+&set_label("done");
+	&mov	($key,&DWP($esp_off,"esp"));
+	&pxor	($inout0,$inout0);		# clear register bank
+	&pxor	($inout1,$inout1);
+	&movdqa	(&QWP(16*0,"esp"),$inout0);	# clear stack
+	&pxor	($inout2,$inout2);
+	&movdqa	(&QWP(16*1,"esp"),$inout0);
+	&pxor	($inout3,$inout3);
+	&movdqa	(&QWP(16*2,"esp"),$inout0);
+	&pxor	($inout4,$inout4);
+	&movdqa	(&QWP(16*3,"esp"),$inout0);
+	&pxor	($inout5,$inout5);
+	&movdqa	(&QWP(16*4,"esp"),$inout0);
+	&movdqa	(&QWP(16*5,"esp"),$inout0);
+	&movdqa	(&QWP(16*6,"esp"),$inout0);
+
+	&lea	("esp",&DWP(0,$key));
+	&mov	($rounds,&wparam(5));		# &offset_i
+	&mov	($rounds_,&wparam(7));		# &checksum
+	&movdqu	(&QWP(0,$rounds),$rndkey0);
+	&pxor	($rndkey0,$rndkey0);
+	&movdqu	(&QWP(0,$rounds_),$rndkey1);
+	&pxor	($rndkey1,$rndkey1);
+&function_end("aesni_ocb_decrypt");
+}
+}
+
+######################################################################
+# void $PREFIX_cbc_encrypt (const void *inp, void *out,
+#                           size_t length, const AES_KEY *key,
+#                           unsigned char *ivp,const int enc);
+&function_begin("${PREFIX}_cbc_encrypt");
+	&mov	($inp,&wparam(0));
+	&mov	($rounds_,"esp");
+	&mov	($out,&wparam(1));
+	&sub	($rounds_,24);
+	&mov	($len,&wparam(2));
+	&and	($rounds_,-16);
+	&mov	($key,&wparam(3));
+	&mov	($key_,&wparam(4));
+	&test	($len,$len);
+	&jz	(&label("cbc_abort"));
+
+	&cmp	(&wparam(5),0);
+	&xchg	($rounds_,"esp");		# alloca
+	&movups	($ivec,&QWP(0,$key_));		# load IV
+	&mov	($rounds,&DWP(240,$key));
+	&mov	($key_,$key);			# backup $key
+	&mov	(&DWP(16,"esp"),$rounds_);	# save original %esp
+	&mov	($rounds_,$rounds);		# backup $rounds
+	&je	(&label("cbc_decrypt"));
+
+	&movaps	($inout0,$ivec);
+	&cmp	($len,16);
+	&jb	(&label("cbc_enc_tail"));
+	&sub	($len,16);
+	&jmp	(&label("cbc_enc_loop"));
+
+&set_label("cbc_enc_loop",16);
+	&movups	($ivec,&QWP(0,$inp));		# input actually
+	&lea	($inp,&DWP(16,$inp));
+	if ($inline)
+	{   &aesni_inline_generate1("enc",$inout0,$ivec);	}
+	else
+	{   &xorps($inout0,$ivec); &call("_aesni_encrypt1");	}
+	&mov	($rounds,$rounds_);	# restore $rounds
+	&mov	($key,$key_);		# restore $key
+	&movups	(&QWP(0,$out),$inout0);	# store output
+	&lea	($out,&DWP(16,$out));
+	&sub	($len,16);
+	&jnc	(&label("cbc_enc_loop"));
+	&add	($len,16);
+	&jnz	(&label("cbc_enc_tail"));
+	&movaps	($ivec,$inout0);
+	&pxor	($inout0,$inout0);
+	&jmp	(&label("cbc_ret"));
+
+&set_label("cbc_enc_tail");
+	&mov	("ecx",$len);		# zaps $rounds
+	&data_word(0xA4F3F689);		# rep movsb
+	&mov	("ecx",16);		# zero tail
+	&sub	("ecx",$len);
+	&xor	("eax","eax");		# zaps $len
+	&data_word(0xAAF3F689);		# rep stosb
+	&lea	($out,&DWP(-16,$out));	# rewind $out by 1 block
+	&mov	($rounds,$rounds_);	# restore $rounds
+	&mov	($inp,$out);		# $inp and $out are the same
+	&mov	($key,$key_);		# restore $key
+	&jmp	(&label("cbc_enc_loop"));
+######################################################################
+&set_label("cbc_decrypt",16);
+	&cmp	($len,0x50);
+	&jbe	(&label("cbc_dec_tail"));
+	&movaps	(&QWP(0,"esp"),$ivec);		# save IV
+	&sub	($len,0x50);
+	&jmp	(&label("cbc_dec_loop6_enter"));
+
+&set_label("cbc_dec_loop6",16);
+	&movaps	(&QWP(0,"esp"),$rndkey0);	# save IV
+	&movups	(&QWP(0,$out),$inout5);
+	&lea	($out,&DWP(0x10,$out));
+&set_label("cbc_dec_loop6_enter");
+	&movdqu	($inout0,&QWP(0,$inp));
+	&movdqu	($inout1,&QWP(0x10,$inp));
+	&movdqu	($inout2,&QWP(0x20,$inp));
+	&movdqu	($inout3,&QWP(0x30,$inp));
+	&movdqu	($inout4,&QWP(0x40,$inp));
+	&movdqu	($inout5,&QWP(0x50,$inp));
+
+	&call	("_aesni_decrypt6");
+
+	&movups	($rndkey1,&QWP(0,$inp));
+	&movups	($rndkey0,&QWP(0x10,$inp));
+	&xorps	($inout0,&QWP(0,"esp"));	# ^=IV
+	&xorps	($inout1,$rndkey1);
+	&movups	($rndkey1,&QWP(0x20,$inp));
+	&xorps	($inout2,$rndkey0);
+	&movups	($rndkey0,&QWP(0x30,$inp));
+	&xorps	($inout3,$rndkey1);
+	&movups	($rndkey1,&QWP(0x40,$inp));
+	&xorps	($inout4,$rndkey0);
+	&movups	($rndkey0,&QWP(0x50,$inp));	# IV
+	&xorps	($inout5,$rndkey1);
+	&movups	(&QWP(0,$out),$inout0);
+	&movups	(&QWP(0x10,$out),$inout1);
+	&lea	($inp,&DWP(0x60,$inp));
+	&movups	(&QWP(0x20,$out),$inout2);
+	&mov	($rounds,$rounds_);		# restore $rounds
+	&movups	(&QWP(0x30,$out),$inout3);
+	&mov	($key,$key_);			# restore $key
+	&movups	(&QWP(0x40,$out),$inout4);
+	&lea	($out,&DWP(0x50,$out));
+	&sub	($len,0x60);
+	&ja	(&label("cbc_dec_loop6"));
+
+	&movaps	($inout0,$inout5);
+	&movaps	($ivec,$rndkey0);
+	&add	($len,0x50);
+	&jle	(&label("cbc_dec_clear_tail_collected"));
+	&movups	(&QWP(0,$out),$inout0);
+	&lea	($out,&DWP(0x10,$out));
+&set_label("cbc_dec_tail");
+	&movups	($inout0,&QWP(0,$inp));
+	&movaps	($in0,$inout0);
+	&cmp	($len,0x10);
+	&jbe	(&label("cbc_dec_one"));
+
+	&movups	($inout1,&QWP(0x10,$inp));
+	&movaps	($in1,$inout1);
+	&cmp	($len,0x20);
+	&jbe	(&label("cbc_dec_two"));
+
+	&movups	($inout2,&QWP(0x20,$inp));
+	&cmp	($len,0x30);
+	&jbe	(&label("cbc_dec_three"));
+
+	&movups	($inout3,&QWP(0x30,$inp));
+	&cmp	($len,0x40);
+	&jbe	(&label("cbc_dec_four"));
+
+	&movups	($inout4,&QWP(0x40,$inp));
+	&movaps	(&QWP(0,"esp"),$ivec);		# save IV
+	&movups	($inout0,&QWP(0,$inp));
+	&xorps	($inout5,$inout5);
+	&call	("_aesni_decrypt6");
+	&movups	($rndkey1,&QWP(0,$inp));
+	&movups	($rndkey0,&QWP(0x10,$inp));
+	&xorps	($inout0,&QWP(0,"esp"));	# ^= IV
+	&xorps	($inout1,$rndkey1);
+	&movups	($rndkey1,&QWP(0x20,$inp));
+	&xorps	($inout2,$rndkey0);
+	&movups	($rndkey0,&QWP(0x30,$inp));
+	&xorps	($inout3,$rndkey1);
+	&movups	($ivec,&QWP(0x40,$inp));	# IV
+	&xorps	($inout4,$rndkey0);
+	&movups	(&QWP(0,$out),$inout0);
+	&movups	(&QWP(0x10,$out),$inout1);
+	&pxor	($inout1,$inout1);
+	&movups	(&QWP(0x20,$out),$inout2);
+	&pxor	($inout2,$inout2);
+	&movups	(&QWP(0x30,$out),$inout3);
+	&pxor	($inout3,$inout3);
+	&lea	($out,&DWP(0x40,$out));
+	&movaps	($inout0,$inout4);
+	&pxor	($inout4,$inout4);
+	&sub	($len,0x50);
+	&jmp	(&label("cbc_dec_tail_collected"));
+
+&set_label("cbc_dec_one",16);
+	if ($inline)
+	{   &aesni_inline_generate1("dec");	}
+	else
+	{   &call	("_aesni_decrypt1");	}
+	&xorps	($inout0,$ivec);
+	&movaps	($ivec,$in0);
+	&sub	($len,0x10);
+	&jmp	(&label("cbc_dec_tail_collected"));
+
+&set_label("cbc_dec_two",16);
+	&call	("_aesni_decrypt2");
+	&xorps	($inout0,$ivec);
+	&xorps	($inout1,$in0);
+	&movups	(&QWP(0,$out),$inout0);
+	&movaps	($inout0,$inout1);
+	&pxor	($inout1,$inout1);
+	&lea	($out,&DWP(0x10,$out));
+	&movaps	($ivec,$in1);
+	&sub	($len,0x20);
+	&jmp	(&label("cbc_dec_tail_collected"));
+
+&set_label("cbc_dec_three",16);
+	&call	("_aesni_decrypt3");
+	&xorps	($inout0,$ivec);
+	&xorps	($inout1,$in0);
+	&xorps	($inout2,$in1);
+	&movups	(&QWP(0,$out),$inout0);
+	&movaps	($inout0,$inout2);
+	&pxor	($inout2,$inout2);
+	&movups	(&QWP(0x10,$out),$inout1);
+	&pxor	($inout1,$inout1);
+	&lea	($out,&DWP(0x20,$out));
+	&movups	($ivec,&QWP(0x20,$inp));
+	&sub	($len,0x30);
+	&jmp	(&label("cbc_dec_tail_collected"));
+
+&set_label("cbc_dec_four",16);
+	&call	("_aesni_decrypt4");
+	&movups	($rndkey1,&QWP(0x10,$inp));
+	&movups	($rndkey0,&QWP(0x20,$inp));
+	&xorps	($inout0,$ivec);
+	&movups	($ivec,&QWP(0x30,$inp));
+	&xorps	($inout1,$in0);
+	&movups	(&QWP(0,$out),$inout0);
+	&xorps	($inout2,$rndkey1);
+	&movups	(&QWP(0x10,$out),$inout1);
+	&pxor	($inout1,$inout1);
+	&xorps	($inout3,$rndkey0);
+	&movups	(&QWP(0x20,$out),$inout2);
+	&pxor	($inout2,$inout2);
+	&lea	($out,&DWP(0x30,$out));
+	&movaps	($inout0,$inout3);
+	&pxor	($inout3,$inout3);
+	&sub	($len,0x40);
+	&jmp	(&label("cbc_dec_tail_collected"));
+
+&set_label("cbc_dec_clear_tail_collected",16);
+	&pxor	($inout1,$inout1);
+	&pxor	($inout2,$inout2);
+	&pxor	($inout3,$inout3);
+	&pxor	($inout4,$inout4);
+&set_label("cbc_dec_tail_collected");
+	&and	($len,15);
+	&jnz	(&label("cbc_dec_tail_partial"));
+	&movups	(&QWP(0,$out),$inout0);
+	&pxor	($rndkey0,$rndkey0);
+	&jmp	(&label("cbc_ret"));
+
+&set_label("cbc_dec_tail_partial",16);
+	&movaps	(&QWP(0,"esp"),$inout0);
+	&pxor	($rndkey0,$rndkey0);
+	&mov	("ecx",16);
+	&mov	($inp,"esp");
+	&sub	("ecx",$len);
+	&data_word(0xA4F3F689);		# rep movsb
+	&movdqa	(&QWP(0,"esp"),$inout0);
+
+&set_label("cbc_ret");
+	&mov	("esp",&DWP(16,"esp"));	# pull original %esp
+	&mov	($key_,&wparam(4));
+	&pxor	($inout0,$inout0);
+	&pxor	($rndkey1,$rndkey1);
+	&movups	(&QWP(0,$key_),$ivec);	# output IV
+	&pxor	($ivec,$ivec);
+&set_label("cbc_abort");
+&function_end("${PREFIX}_cbc_encrypt");
+
+######################################################################
+# Mechanical port from aesni-x86_64.pl.
+#
+# _aesni_set_encrypt_key is private interface,
+# input:
+#	"eax"	const unsigned char *userKey
+#	$rounds	int bits
+#	$key	AES_KEY *key
+# output:
+#	"eax"	return code
+#	$round	rounds
+
+&function_begin_B("_aesni_set_encrypt_key");
+	&push	("ebp");
+	&push	("ebx");
+	&test	("eax","eax");
+	&jz	(&label("bad_pointer"));
+	&test	($key,$key);
+	&jz	(&label("bad_pointer"));
+
+	&call	(&label("pic"));
+&set_label("pic");
+	&blindpop("ebx");
+	&lea	("ebx",&DWP(&label("key_const")."-".&label("pic"),"ebx"));
+
+	&picmeup("ebp","OPENSSL_ia32cap_P","ebx",&label("key_const"));
+	&movups	("xmm0",&QWP(0,"eax"));	# pull first 128 bits of *userKey
+	&xorps	("xmm4","xmm4");	# low dword of xmm4 is assumed 0
+	&mov	("ebp",&DWP(4,"ebp"));
+	&lea	($key,&DWP(16,$key));
+	&and	("ebp",1<<28|1<<11);	# AVX and XOP bits
+	&cmp	($rounds,256);
+	&je	(&label("14rounds"));
+	&cmp	($rounds,192);
+	&je	(&label("12rounds"));
+	&cmp	($rounds,128);
+	&jne	(&label("bad_keybits"));
+
+&set_label("10rounds",16);
+	&cmp		("ebp",1<<28);
+	&je		(&label("10rounds_alt"));
+
+	&mov		($rounds,9);
+	&$movekey	(&QWP(-16,$key),"xmm0");	# round 0
+	&aeskeygenassist("xmm1","xmm0",0x01);		# round 1
+	&call		(&label("key_128_cold"));
+	&aeskeygenassist("xmm1","xmm0",0x2);		# round 2
+	&call		(&label("key_128"));
+	&aeskeygenassist("xmm1","xmm0",0x04);		# round 3
+	&call		(&label("key_128"));
+	&aeskeygenassist("xmm1","xmm0",0x08);		# round 4
+	&call		(&label("key_128"));
+	&aeskeygenassist("xmm1","xmm0",0x10);		# round 5
+	&call		(&label("key_128"));
+	&aeskeygenassist("xmm1","xmm0",0x20);		# round 6
+	&call		(&label("key_128"));
+	&aeskeygenassist("xmm1","xmm0",0x40);		# round 7
+	&call		(&label("key_128"));
+	&aeskeygenassist("xmm1","xmm0",0x80);		# round 8
+	&call		(&label("key_128"));
+	&aeskeygenassist("xmm1","xmm0",0x1b);		# round 9
+	&call		(&label("key_128"));
+	&aeskeygenassist("xmm1","xmm0",0x36);		# round 10
+	&call		(&label("key_128"));
+	&$movekey	(&QWP(0,$key),"xmm0");
+	&mov		(&DWP(80,$key),$rounds);
+
+	&jmp	(&label("good_key"));
+
+&set_label("key_128",16);
+	&$movekey	(&QWP(0,$key),"xmm0");
+	&lea		($key,&DWP(16,$key));
+&set_label("key_128_cold");
+	&shufps		("xmm4","xmm0",0b00010000);
+	&xorps		("xmm0","xmm4");
+	&shufps		("xmm4","xmm0",0b10001100);
+	&xorps		("xmm0","xmm4");
+	&shufps		("xmm1","xmm1",0b11111111);	# critical path
+	&xorps		("xmm0","xmm1");
+	&ret();
+
+&set_label("10rounds_alt",16);
+	&movdqa		("xmm5",&QWP(0x00,"ebx"));
+	&mov		($rounds,8);
+	&movdqa		("xmm4",&QWP(0x20,"ebx"));
+	&movdqa		("xmm2","xmm0");
+	&movdqu		(&QWP(-16,$key),"xmm0");
+
+&set_label("loop_key128");
+	&pshufb		("xmm0","xmm5");
+	&aesenclast	("xmm0","xmm4");
+	&pslld		("xmm4",1);
+	&lea		($key,&DWP(16,$key));
+
+	&movdqa		("xmm3","xmm2");
+	&pslldq		("xmm2",4);
+	&pxor		("xmm3","xmm2");
+	&pslldq		("xmm2",4);
+	&pxor		("xmm3","xmm2");
+	&pslldq		("xmm2",4);
+	&pxor		("xmm2","xmm3");
+
+	&pxor		("xmm0","xmm2");
+	&movdqu		(&QWP(-16,$key),"xmm0");
+	&movdqa		("xmm2","xmm0");
+
+	&dec		($rounds);
+	&jnz		(&label("loop_key128"));
+
+	&movdqa		("xmm4",&QWP(0x30,"ebx"));
+
+	&pshufb		("xmm0","xmm5");
+	&aesenclast	("xmm0","xmm4");
+	&pslld		("xmm4",1);
+
+	&movdqa		("xmm3","xmm2");
+	&pslldq		("xmm2",4);
+	&pxor		("xmm3","xmm2");
+	&pslldq		("xmm2",4);
+	&pxor		("xmm3","xmm2");
+	&pslldq		("xmm2",4);
+	&pxor		("xmm2","xmm3");
+
+	&pxor		("xmm0","xmm2");
+	&movdqu		(&QWP(0,$key),"xmm0");
+
+	&movdqa		("xmm2","xmm0");
+	&pshufb		("xmm0","xmm5");
+	&aesenclast	("xmm0","xmm4");
+
+	&movdqa		("xmm3","xmm2");
+	&pslldq		("xmm2",4);
+	&pxor		("xmm3","xmm2");
+	&pslldq		("xmm2",4);
+	&pxor		("xmm3","xmm2");
+	&pslldq		("xmm2",4);
+	&pxor		("xmm2","xmm3");
+
+	&pxor		("xmm0","xmm2");
+	&movdqu		(&QWP(16,$key),"xmm0");
+
+	&mov		($rounds,9);
+	&mov		(&DWP(96,$key),$rounds);
+
+	&jmp	(&label("good_key"));
+
+&set_label("12rounds",16);
+	&movq		("xmm2",&QWP(16,"eax"));	# remaining 1/3 of *userKey
+	&cmp		("ebp",1<<28);
+	&je		(&label("12rounds_alt"));
+
+	&mov		($rounds,11);
+	&$movekey	(&QWP(-16,$key),"xmm0");	# round 0
+	&aeskeygenassist("xmm1","xmm2",0x01);		# round 1,2
+	&call		(&label("key_192a_cold"));
+	&aeskeygenassist("xmm1","xmm2",0x02);		# round 2,3
+	&call		(&label("key_192b"));
+	&aeskeygenassist("xmm1","xmm2",0x04);		# round 4,5
+	&call		(&label("key_192a"));
+	&aeskeygenassist("xmm1","xmm2",0x08);		# round 5,6
+	&call		(&label("key_192b"));
+	&aeskeygenassist("xmm1","xmm2",0x10);		# round 7,8
+	&call		(&label("key_192a"));
+	&aeskeygenassist("xmm1","xmm2",0x20);		# round 8,9
+	&call		(&label("key_192b"));
+	&aeskeygenassist("xmm1","xmm2",0x40);		# round 10,11
+	&call		(&label("key_192a"));
+	&aeskeygenassist("xmm1","xmm2",0x80);		# round 11,12
+	&call		(&label("key_192b"));
+	&$movekey	(&QWP(0,$key),"xmm0");
+	&mov		(&DWP(48,$key),$rounds);
+
+	&jmp	(&label("good_key"));
+
+&set_label("key_192a",16);
+	&$movekey	(&QWP(0,$key),"xmm0");
+	&lea		($key,&DWP(16,$key));
+&set_label("key_192a_cold",16);
+	&movaps		("xmm5","xmm2");
+&set_label("key_192b_warm");
+	&shufps		("xmm4","xmm0",0b00010000);
+	&movdqa		("xmm3","xmm2");
+	&xorps		("xmm0","xmm4");
+	&shufps		("xmm4","xmm0",0b10001100);
+	&pslldq		("xmm3",4);
+	&xorps		("xmm0","xmm4");
+	&pshufd		("xmm1","xmm1",0b01010101);	# critical path
+	&pxor		("xmm2","xmm3");
+	&pxor		("xmm0","xmm1");
+	&pshufd		("xmm3","xmm0",0b11111111);
+	&pxor		("xmm2","xmm3");
+	&ret();
+
+&set_label("key_192b",16);
+	&movaps		("xmm3","xmm0");
+	&shufps		("xmm5","xmm0",0b01000100);
+	&$movekey	(&QWP(0,$key),"xmm5");
+	&shufps		("xmm3","xmm2",0b01001110);
+	&$movekey	(&QWP(16,$key),"xmm3");
+	&lea		($key,&DWP(32,$key));
+	&jmp		(&label("key_192b_warm"));
+
+&set_label("12rounds_alt",16);
+	&movdqa		("xmm5",&QWP(0x10,"ebx"));
+	&movdqa		("xmm4",&QWP(0x20,"ebx"));
+	&mov		($rounds,8);
+	&movdqu		(&QWP(-16,$key),"xmm0");
+
+&set_label("loop_key192");
+	&movq		(&QWP(0,$key),"xmm2");
+	&movdqa		("xmm1","xmm2");
+	&pshufb		("xmm2","xmm5");
+	&aesenclast	("xmm2","xmm4");
+	&pslld		("xmm4",1);
+	&lea		($key,&DWP(24,$key));
+
+	&movdqa		("xmm3","xmm0");
+	&pslldq		("xmm0",4);
+	&pxor		("xmm3","xmm0");
+	&pslldq		("xmm0",4);
+	&pxor		("xmm3","xmm0");
+	&pslldq		("xmm0",4);
+	&pxor		("xmm0","xmm3");
+
+	&pshufd		("xmm3","xmm0",0xff);
+	&pxor		("xmm3","xmm1");
+	&pslldq		("xmm1",4);
+	&pxor		("xmm3","xmm1");
+
+	&pxor		("xmm0","xmm2");
+	&pxor		("xmm2","xmm3");
+	&movdqu		(&QWP(-16,$key),"xmm0");
+
+	&dec		($rounds);
+	&jnz		(&label("loop_key192"));
+
+	&mov	($rounds,11);
+	&mov	(&DWP(32,$key),$rounds);
+
+	&jmp	(&label("good_key"));
+
+&set_label("14rounds",16);
+	&movups		("xmm2",&QWP(16,"eax"));	# remaining half of *userKey
+	&lea		($key,&DWP(16,$key));
+	&cmp		("ebp",1<<28);
+	&je		(&label("14rounds_alt"));
+
+	&mov		($rounds,13);
+	&$movekey	(&QWP(-32,$key),"xmm0");	# round 0
+	&$movekey	(&QWP(-16,$key),"xmm2");	# round 1
+	&aeskeygenassist("xmm1","xmm2",0x01);		# round 2
+	&call		(&label("key_256a_cold"));
+	&aeskeygenassist("xmm1","xmm0",0x01);		# round 3
+	&call		(&label("key_256b"));
+	&aeskeygenassist("xmm1","xmm2",0x02);		# round 4
+	&call		(&label("key_256a"));
+	&aeskeygenassist("xmm1","xmm0",0x02);		# round 5
+	&call		(&label("key_256b"));
+	&aeskeygenassist("xmm1","xmm2",0x04);		# round 6
+	&call		(&label("key_256a"));
+	&aeskeygenassist("xmm1","xmm0",0x04);		# round 7
+	&call		(&label("key_256b"));
+	&aeskeygenassist("xmm1","xmm2",0x08);		# round 8
+	&call		(&label("key_256a"));
+	&aeskeygenassist("xmm1","xmm0",0x08);		# round 9
+	&call		(&label("key_256b"));
+	&aeskeygenassist("xmm1","xmm2",0x10);		# round 10
+	&call		(&label("key_256a"));
+	&aeskeygenassist("xmm1","xmm0",0x10);		# round 11
+	&call		(&label("key_256b"));
+	&aeskeygenassist("xmm1","xmm2",0x20);		# round 12
+	&call		(&label("key_256a"));
+	&aeskeygenassist("xmm1","xmm0",0x20);		# round 13
+	&call		(&label("key_256b"));
+	&aeskeygenassist("xmm1","xmm2",0x40);		# round 14
+	&call		(&label("key_256a"));
+	&$movekey	(&QWP(0,$key),"xmm0");
+	&mov		(&DWP(16,$key),$rounds);
+	&xor		("eax","eax");
+
+	&jmp	(&label("good_key"));
+
+&set_label("key_256a",16);
+	&$movekey	(&QWP(0,$key),"xmm2");
+	&lea		($key,&DWP(16,$key));
+&set_label("key_256a_cold");
+	&shufps		("xmm4","xmm0",0b00010000);
+	&xorps		("xmm0","xmm4");
+	&shufps		("xmm4","xmm0",0b10001100);
+	&xorps		("xmm0","xmm4");
+	&shufps		("xmm1","xmm1",0b11111111);	# critical path
+	&xorps		("xmm0","xmm1");
+	&ret();
+
+&set_label("key_256b",16);
+	&$movekey	(&QWP(0,$key),"xmm0");
+	&lea		($key,&DWP(16,$key));
+
+	&shufps		("xmm4","xmm2",0b00010000);
+	&xorps		("xmm2","xmm4");
+	&shufps		("xmm4","xmm2",0b10001100);
+	&xorps		("xmm2","xmm4");
+	&shufps		("xmm1","xmm1",0b10101010);	# critical path
+	&xorps		("xmm2","xmm1");
+	&ret();
+
+&set_label("14rounds_alt",16);
+	&movdqa		("xmm5",&QWP(0x00,"ebx"));
+	&movdqa		("xmm4",&QWP(0x20,"ebx"));
+	&mov		($rounds,7);
+	&movdqu		(&QWP(-32,$key),"xmm0");
+	&movdqa		("xmm1","xmm2");
+	&movdqu		(&QWP(-16,$key),"xmm2");
+
+&set_label("loop_key256");
+	&pshufb		("xmm2","xmm5");
+	&aesenclast	("xmm2","xmm4");
+
+	&movdqa		("xmm3","xmm0");
+	&pslldq		("xmm0",4);
+	&pxor		("xmm3","xmm0");
+	&pslldq		("xmm0",4);
+	&pxor		("xmm3","xmm0");
+	&pslldq		("xmm0",4);
+	&pxor		("xmm0","xmm3");
+	&pslld		("xmm4",1);
+
+	&pxor		("xmm0","xmm2");
+	&movdqu		(&QWP(0,$key),"xmm0");
+
+	&dec		($rounds);
+	&jz		(&label("done_key256"));
+
+	&pshufd		("xmm2","xmm0",0xff);
+	&pxor		("xmm3","xmm3");
+	&aesenclast	("xmm2","xmm3");
+
+	&movdqa		("xmm3","xmm1");
+	&pslldq		("xmm1",4);
+	&pxor		("xmm3","xmm1");
+	&pslldq		("xmm1",4);
+	&pxor		("xmm3","xmm1");
+	&pslldq		("xmm1",4);
+	&pxor		("xmm1","xmm3");
+
+	&pxor		("xmm2","xmm1");
+	&movdqu		(&QWP(16,$key),"xmm2");
+	&lea		($key,&DWP(32,$key));
+	&movdqa		("xmm1","xmm2");
+	&jmp		(&label("loop_key256"));
+
+&set_label("done_key256");
+	&mov		($rounds,13);
+	&mov		(&DWP(16,$key),$rounds);
+
+&set_label("good_key");
+	&pxor	("xmm0","xmm0");
+	&pxor	("xmm1","xmm1");
+	&pxor	("xmm2","xmm2");
+	&pxor	("xmm3","xmm3");
+	&pxor	("xmm4","xmm4");
+	&pxor	("xmm5","xmm5");
+	&xor	("eax","eax");
+	&pop	("ebx");
+	&pop	("ebp");
+	&ret	();
+
+&set_label("bad_pointer",4);
+	&mov	("eax",-1);
+	&pop	("ebx");
+	&pop	("ebp");
+	&ret	();
+&set_label("bad_keybits",4);
+	&pxor	("xmm0","xmm0");
+	&mov	("eax",-2);
+	&pop	("ebx");
+	&pop	("ebp");
+	&ret	();
+&function_end_B("_aesni_set_encrypt_key");
+
+# int $PREFIX_set_encrypt_key (const unsigned char *userKey, int bits,
+#                              AES_KEY *key)
+&function_begin_B("${PREFIX}_set_encrypt_key");
+	&mov	("eax",&wparam(0));
+	&mov	($rounds,&wparam(1));
+	&mov	($key,&wparam(2));
+	&call	("_aesni_set_encrypt_key");
+	&ret	();
+&function_end_B("${PREFIX}_set_encrypt_key");
+
+# int $PREFIX_set_decrypt_key (const unsigned char *userKey, int bits,
+#                              AES_KEY *key)
+&function_begin_B("${PREFIX}_set_decrypt_key");
+	&mov	("eax",&wparam(0));
+	&mov	($rounds,&wparam(1));
+	&mov	($key,&wparam(2));
+	&call	("_aesni_set_encrypt_key");
+	&mov	($key,&wparam(2));
+	&shl	($rounds,4);	# rounds-1 after _aesni_set_encrypt_key
+	&test	("eax","eax");
+	&jnz	(&label("dec_key_ret"));
+	&lea	("eax",&DWP(16,$key,$rounds));	# end of key schedule
+
+	&$movekey	("xmm0",&QWP(0,$key));	# just swap
+	&$movekey	("xmm1",&QWP(0,"eax"));
+	&$movekey	(&QWP(0,"eax"),"xmm0");
+	&$movekey	(&QWP(0,$key),"xmm1");
+	&lea		($key,&DWP(16,$key));
+	&lea		("eax",&DWP(-16,"eax"));
+
+&set_label("dec_key_inverse");
+	&$movekey	("xmm0",&QWP(0,$key));	# swap and inverse
+	&$movekey	("xmm1",&QWP(0,"eax"));
+	&aesimc		("xmm0","xmm0");
+	&aesimc		("xmm1","xmm1");
+	&lea		($key,&DWP(16,$key));
+	&lea		("eax",&DWP(-16,"eax"));
+	&$movekey	(&QWP(16,"eax"),"xmm0");
+	&$movekey	(&QWP(-16,$key),"xmm1");
+	&cmp		("eax",$key);
+	&ja		(&label("dec_key_inverse"));
+
+	&$movekey	("xmm0",&QWP(0,$key));	# inverse middle
+	&aesimc		("xmm0","xmm0");
+	&$movekey	(&QWP(0,$key),"xmm0");
+
+	&pxor		("xmm0","xmm0");
+	&pxor		("xmm1","xmm1");
+	&xor		("eax","eax");		# return success
+&set_label("dec_key_ret");
+	&ret	();
+&function_end_B("${PREFIX}_set_decrypt_key");
+
+&set_label("key_const",64);
+&data_word(0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d);
+&data_word(0x04070605,0x04070605,0x04070605,0x04070605);
+&data_word(1,1,1,1);
+&data_word(0x1b,0x1b,0x1b,0x1b);
+&asciz("AES for Intel AES-NI, CRYPTOGAMS by <appro\@openssl.org>");
+
+&asm_finish();
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aesni-x86_64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aesni-x86_64.pl
new file mode 100644
index 000000000..b68c14da6
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aesni-x86_64.pl
@@ -0,0 +1,5141 @@
+#! /usr/bin/env perl
+# Copyright 2009-2019 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# This module implements support for Intel AES-NI extension. In
+# OpenSSL context it's used with Intel engine, but can also be used as
+# drop-in replacement for crypto/aes/asm/aes-x86_64.pl [see below for
+# details].
+#
+# Performance.
+#
+# Given aes(enc|dec) instructions' latency asymptotic performance for
+# non-parallelizable modes such as CBC encrypt is 3.75 cycles per byte
+# processed with 128-bit key. And given their throughput asymptotic
+# performance for parallelizable modes is 1.25 cycles per byte. Being
+# asymptotic limit it's not something you commonly achieve in reality,
+# but how close does one get? Below are results collected for
+# different modes and block sized. Pairs of numbers are for en-/
+# decryption.
+#
+#	16-byte     64-byte     256-byte    1-KB        8-KB
+# ECB	4.25/4.25   1.38/1.38   1.28/1.28   1.26/1.26	1.26/1.26
+# CTR	5.42/5.42   1.92/1.92   1.44/1.44   1.28/1.28   1.26/1.26
+# CBC	4.38/4.43   4.15/1.43   4.07/1.32   4.07/1.29   4.06/1.28
+# CCM	5.66/9.42   4.42/5.41   4.16/4.40   4.09/4.15   4.06/4.07
+# OFB	5.42/5.42   4.64/4.64   4.44/4.44   4.39/4.39   4.38/4.38
+# CFB	5.73/5.85   5.56/5.62   5.48/5.56   5.47/5.55   5.47/5.55
+#
+# ECB, CTR, CBC and CCM results are free from EVP overhead. This means
+# that otherwise used 'openssl speed -evp aes-128-??? -engine aesni
+# [-decrypt]' will exhibit 10-15% worse results for smaller blocks.
+# The results were collected with specially crafted speed.c benchmark
+# in order to compare them with results reported in "Intel Advanced
+# Encryption Standard (AES) New Instruction Set" White Paper Revision
+# 3.0 dated May 2010. All above results are consistently better. This
+# module also provides better performance for block sizes smaller than
+# 128 bytes in points *not* represented in the above table.
+#
+# Looking at the results for 8-KB buffer.
+#
+# CFB and OFB results are far from the limit, because implementation
+# uses "generic" CRYPTO_[c|o]fb128_encrypt interfaces relying on
+# single-block aesni_encrypt, which is not the most optimal way to go.
+# CBC encrypt result is unexpectedly high and there is no documented
+# explanation for it. Seemingly there is a small penalty for feeding
+# the result back to AES unit the way it's done in CBC mode. There is
+# nothing one can do and the result appears optimal. CCM result is
+# identical to CBC, because CBC-MAC is essentially CBC encrypt without
+# saving output. CCM CTR "stays invisible," because it's neatly
+# interleaved wih CBC-MAC. This provides ~30% improvement over
+# "straightforward" CCM implementation with CTR and CBC-MAC performed
+# disjointly. Parallelizable modes practically achieve the theoretical
+# limit.
+#
+# Looking at how results vary with buffer size.
+#
+# Curves are practically saturated at 1-KB buffer size. In most cases
+# "256-byte" performance is >95%, and "64-byte" is ~90% of "8-KB" one.
+# CTR curve doesn't follow this pattern and is "slowest" changing one
+# with "256-byte" result being 87% of "8-KB." This is because overhead
+# in CTR mode is most computationally intensive. Small-block CCM
+# decrypt is slower than encrypt, because first CTR and last CBC-MAC
+# iterations can't be interleaved.
+#
+# Results for 192- and 256-bit keys.
+#
+# EVP-free results were observed to scale perfectly with number of
+# rounds for larger block sizes, i.e. 192-bit result being 10/12 times
+# lower and 256-bit one - 10/14. Well, in CBC encrypt case differences
+# are a tad smaller, because the above mentioned penalty biases all
+# results by same constant value. In similar way function call
+# overhead affects small-block performance, as well as OFB and CFB
+# results. Differences are not large, most common coefficients are
+# 10/11.7 and 10/13.4 (as opposite to 10/12.0 and 10/14.0), but one
+# observe even 10/11.2 and 10/12.4 (CTR, OFB, CFB)...
+
+# January 2011
+#
+# While Westmere processor features 6 cycles latency for aes[enc|dec]
+# instructions, which can be scheduled every second cycle, Sandy
+# Bridge spends 8 cycles per instruction, but it can schedule them
+# every cycle. This means that code targeting Westmere would perform
+# suboptimally on Sandy Bridge. Therefore this update.
+#
+# In addition, non-parallelizable CBC encrypt (as well as CCM) is
+# optimized. Relative improvement might appear modest, 8% on Westmere,
+# but in absolute terms it's 3.77 cycles per byte encrypted with
+# 128-bit key on Westmere, and 5.07 - on Sandy Bridge. These numbers
+# should be compared to asymptotic limits of 3.75 for Westmere and
+# 5.00 for Sandy Bridge. Actually, the fact that they get this close
+# to asymptotic limits is quite amazing. Indeed, the limit is
+# calculated as latency times number of rounds, 10 for 128-bit key,
+# and divided by 16, the number of bytes in block, or in other words
+# it accounts *solely* for aesenc instructions. But there are extra
+# instructions, and numbers so close to the asymptotic limits mean
+# that it's as if it takes as little as *one* additional cycle to
+# execute all of them. How is it possible? It is possible thanks to
+# out-of-order execution logic, which manages to overlap post-
+# processing of previous block, things like saving the output, with
+# actual encryption of current block, as well as pre-processing of
+# current block, things like fetching input and xor-ing it with
+# 0-round element of the key schedule, with actual encryption of
+# previous block. Keep this in mind...
+#
+# For parallelizable modes, such as ECB, CBC decrypt, CTR, higher
+# performance is achieved by interleaving instructions working on
+# independent blocks. In which case asymptotic limit for such modes
+# can be obtained by dividing above mentioned numbers by AES
+# instructions' interleave factor. Westmere can execute at most 3
+# instructions at a time, meaning that optimal interleave factor is 3,
+# and that's where the "magic" number of 1.25 come from. "Optimal
+# interleave factor" means that increase of interleave factor does
+# not improve performance. The formula has proven to reflect reality
+# pretty well on Westmere... Sandy Bridge on the other hand can
+# execute up to 8 AES instructions at a time, so how does varying
+# interleave factor affect the performance? Here is table for ECB
+# (numbers are cycles per byte processed with 128-bit key):
+#
+# instruction interleave factor		3x	6x	8x
+# theoretical asymptotic limit		1.67	0.83	0.625
+# measured performance for 8KB block	1.05	0.86	0.84
+#
+# "as if" interleave factor		4.7x	5.8x	6.0x
+#
+# Further data for other parallelizable modes:
+#
+# CBC decrypt				1.16	0.93	0.74
+# CTR					1.14	0.91	0.74
+#
+# Well, given 3x column it's probably inappropriate to call the limit
+# asymptotic, if it can be surpassed, isn't it? What happens there?
+# Rewind to CBC paragraph for the answer. Yes, out-of-order execution
+# magic is responsible for this. Processor overlaps not only the
+# additional instructions with AES ones, but even AES instructions
+# processing adjacent triplets of independent blocks. In the 6x case
+# additional instructions  still claim disproportionally small amount
+# of additional cycles, but in 8x case number of instructions must be
+# a tad too high for out-of-order logic to cope with, and AES unit
+# remains underutilized... As you can see 8x interleave is hardly
+# justifiable, so there no need to feel bad that 32-bit aesni-x86.pl
+# utilizes 6x interleave because of limited register bank capacity.
+#
+# Higher interleave factors do have negative impact on Westmere
+# performance. While for ECB mode it's negligible ~1.5%, other
+# parallelizables perform ~5% worse, which is outweighed by ~25%
+# improvement on Sandy Bridge. To balance regression on Westmere
+# CTR mode was implemented with 6x aesenc interleave factor.
+
+# April 2011
+#
+# Add aesni_xts_[en|de]crypt. Westmere spends 1.25 cycles processing
+# one byte out of 8KB with 128-bit key, Sandy Bridge - 0.90. Just like
+# in CTR mode AES instruction interleave factor was chosen to be 6x.
+
+# November 2015
+#
+# Add aesni_ocb_[en|de]crypt. AES instruction interleave factor was
+# chosen to be 6x.
+
+######################################################################
+# Current large-block performance in cycles per byte processed with
+# 128-bit key (less is better).
+#
+#		CBC en-/decrypt	CTR	XTS	ECB	OCB
+# Westmere	3.77/1.25	1.25	1.25	1.26
+# * Bridge	5.07/0.74	0.75	0.90	0.85	0.98
+# Haswell	4.44/0.63	0.63	0.73	0.63	0.70
+# Skylake	2.62/0.63	0.63	0.63	0.63
+# Silvermont	5.75/3.54	3.56	4.12	3.87(*)	4.11
+# Knights L	2.54/0.77	0.78	0.85	-	1.50
+# Goldmont	3.82/1.26	1.26	1.29	1.29	1.50
+# Bulldozer	5.77/0.70	0.72	0.90	0.70	0.95
+# Ryzen		2.71/0.35	0.35	0.44	0.38	0.49
+#
+# (*)	Atom Silvermont ECB result is suboptimal because of penalties
+#	incurred by operations on %xmm8-15. As ECB is not considered
+#	critical, nothing was done to mitigate the problem.
+
+$PREFIX="aesni";	# if $PREFIX is set to "AES", the script
+			# generates drop-in replacement for
+			# crypto/aes/asm/aes-x86_64.pl:-)
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+$movkey = $PREFIX eq "aesni" ? "movups" : "movups";
+@_4args=$win64?	("%rcx","%rdx","%r8", "%r9") :	# Win64 order
+		("%rdi","%rsi","%rdx","%rcx");	# Unix order
+
+$code=".text\n";
+$code.=".extern	OPENSSL_ia32cap_P\n";
+
+$rounds="%eax";	# input to and changed by aesni_[en|de]cryptN !!!
+# this is natural Unix argument order for public $PREFIX_[ecb|cbc]_encrypt ...
+$inp="%rdi";
+$out="%rsi";
+$len="%rdx";
+$key="%rcx";	# input to and changed by aesni_[en|de]cryptN !!!
+$ivp="%r8";	# cbc, ctr, ...
+
+$rnds_="%r10d";	# backup copy for $rounds
+$key_="%r11";	# backup copy for $key
+
+# %xmm register layout
+$rndkey0="%xmm0";	$rndkey1="%xmm1";
+$inout0="%xmm2";	$inout1="%xmm3";
+$inout2="%xmm4";	$inout3="%xmm5";
+$inout4="%xmm6";	$inout5="%xmm7";
+$inout6="%xmm8";	$inout7="%xmm9";
+
+$in2="%xmm6";		$in1="%xmm7";	# used in CBC decrypt, CTR, ...
+$in0="%xmm8";		$iv="%xmm9";
+
+# Inline version of internal aesni_[en|de]crypt1.
+#
+# Why folded loop? Because aes[enc|dec] is slow enough to accommodate
+# cycles which take care of loop variables...
+{ my $sn;
+sub aesni_generate1 {
+my ($p,$key,$rounds,$inout,$ivec)=@_;	$inout=$inout0 if (!defined($inout));
+++$sn;
+$code.=<<___;
+	$movkey	($key),$rndkey0
+	$movkey	16($key),$rndkey1
+___
+$code.=<<___ if (defined($ivec));
+	xorps	$rndkey0,$ivec
+	lea	32($key),$key
+	xorps	$ivec,$inout
+___
+$code.=<<___ if (!defined($ivec));
+	lea	32($key),$key
+	xorps	$rndkey0,$inout
+___
+$code.=<<___;
+.Loop_${p}1_$sn:
+	aes${p}	$rndkey1,$inout
+	dec	$rounds
+	$movkey	($key),$rndkey1
+	lea	16($key),$key
+	jnz	.Loop_${p}1_$sn	# loop body is 16 bytes
+	aes${p}last	$rndkey1,$inout
+___
+}}
+# void $PREFIX_[en|de]crypt (const void *inp,void *out,const AES_KEY *key);
+#
+{ my ($inp,$out,$key) = @_4args;
+
+$code.=<<___;
+.globl	${PREFIX}_encrypt
+.type	${PREFIX}_encrypt,\@abi-omnipotent
+.align	16
+${PREFIX}_encrypt:
+.cfi_startproc
+	movups	($inp),$inout0		# load input
+	mov	240($key),$rounds	# key->rounds
+___
+	&aesni_generate1("enc",$key,$rounds);
+$code.=<<___;
+	 pxor	$rndkey0,$rndkey0	# clear register bank
+	 pxor	$rndkey1,$rndkey1
+	movups	$inout0,($out)		# output
+	 pxor	$inout0,$inout0
+	ret
+.cfi_endproc
+.size	${PREFIX}_encrypt,.-${PREFIX}_encrypt
+
+.globl	${PREFIX}_decrypt
+.type	${PREFIX}_decrypt,\@abi-omnipotent
+.align	16
+${PREFIX}_decrypt:
+.cfi_startproc
+	movups	($inp),$inout0		# load input
+	mov	240($key),$rounds	# key->rounds
+___
+	&aesni_generate1("dec",$key,$rounds);
+$code.=<<___;
+	 pxor	$rndkey0,$rndkey0	# clear register bank
+	 pxor	$rndkey1,$rndkey1
+	movups	$inout0,($out)		# output
+	 pxor	$inout0,$inout0
+	ret
+.cfi_endproc
+.size	${PREFIX}_decrypt, .-${PREFIX}_decrypt
+___
+}
+
+# _aesni_[en|de]cryptN are private interfaces, N denotes interleave
+# factor. Why 3x subroutine were originally used in loops? Even though
+# aes[enc|dec] latency was originally 6, it could be scheduled only
+# every *2nd* cycle. Thus 3x interleave was the one providing optimal
+# utilization, i.e. when subroutine's throughput is virtually same as
+# of non-interleaved subroutine [for number of input blocks up to 3].
+# This is why it originally made no sense to implement 2x subroutine.
+# But times change and it became appropriate to spend extra 192 bytes
+# on 2x subroutine on Atom Silvermont account. For processors that
+# can schedule aes[enc|dec] every cycle optimal interleave factor
+# equals to corresponding instructions latency. 8x is optimal for
+# * Bridge and "super-optimal" for other Intel CPUs...
+
+sub aesni_generate2 {
+my $dir=shift;
+# As already mentioned it takes in $key and $rounds, which are *not*
+# preserved. $inout[0-1] is cipher/clear text...
+$code.=<<___;
+.type	_aesni_${dir}rypt2,\@abi-omnipotent
+.align	16
+_aesni_${dir}rypt2:
+.cfi_startproc
+	$movkey	($key),$rndkey0
+	shl	\$4,$rounds
+	$movkey	16($key),$rndkey1
+	xorps	$rndkey0,$inout0
+	xorps	$rndkey0,$inout1
+	$movkey	32($key),$rndkey0
+	lea	32($key,$rounds),$key
+	neg	%rax				# $rounds
+	add	\$16,%rax
+
+.L${dir}_loop2:
+	aes${dir}	$rndkey1,$inout0
+	aes${dir}	$rndkey1,$inout1
+	$movkey		($key,%rax),$rndkey1
+	add		\$32,%rax
+	aes${dir}	$rndkey0,$inout0
+	aes${dir}	$rndkey0,$inout1
+	$movkey		-16($key,%rax),$rndkey0
+	jnz		.L${dir}_loop2
+
+	aes${dir}	$rndkey1,$inout0
+	aes${dir}	$rndkey1,$inout1
+	aes${dir}last	$rndkey0,$inout0
+	aes${dir}last	$rndkey0,$inout1
+	ret
+.cfi_endproc
+.size	_aesni_${dir}rypt2,.-_aesni_${dir}rypt2
+___
+}
+sub aesni_generate3 {
+my $dir=shift;
+# As already mentioned it takes in $key and $rounds, which are *not*
+# preserved. $inout[0-2] is cipher/clear text...
+$code.=<<___;
+.type	_aesni_${dir}rypt3,\@abi-omnipotent
+.align	16
+_aesni_${dir}rypt3:
+.cfi_startproc
+	$movkey	($key),$rndkey0
+	shl	\$4,$rounds
+	$movkey	16($key),$rndkey1
+	xorps	$rndkey0,$inout0
+	xorps	$rndkey0,$inout1
+	xorps	$rndkey0,$inout2
+	$movkey	32($key),$rndkey0
+	lea	32($key,$rounds),$key
+	neg	%rax				# $rounds
+	add	\$16,%rax
+
+.L${dir}_loop3:
+	aes${dir}	$rndkey1,$inout0
+	aes${dir}	$rndkey1,$inout1
+	aes${dir}	$rndkey1,$inout2
+	$movkey		($key,%rax),$rndkey1
+	add		\$32,%rax
+	aes${dir}	$rndkey0,$inout0
+	aes${dir}	$rndkey0,$inout1
+	aes${dir}	$rndkey0,$inout2
+	$movkey		-16($key,%rax),$rndkey0
+	jnz		.L${dir}_loop3
+
+	aes${dir}	$rndkey1,$inout0
+	aes${dir}	$rndkey1,$inout1
+	aes${dir}	$rndkey1,$inout2
+	aes${dir}last	$rndkey0,$inout0
+	aes${dir}last	$rndkey0,$inout1
+	aes${dir}last	$rndkey0,$inout2
+	ret
+.cfi_endproc
+.size	_aesni_${dir}rypt3,.-_aesni_${dir}rypt3
+___
+}
+# 4x interleave is implemented to improve small block performance,
+# most notably [and naturally] 4 block by ~30%. One can argue that one
+# should have implemented 5x as well, but improvement would be <20%,
+# so it's not worth it...
+sub aesni_generate4 {
+my $dir=shift;
+# As already mentioned it takes in $key and $rounds, which are *not*
+# preserved. $inout[0-3] is cipher/clear text...
+$code.=<<___;
+.type	_aesni_${dir}rypt4,\@abi-omnipotent
+.align	16
+_aesni_${dir}rypt4:
+.cfi_startproc
+	$movkey	($key),$rndkey0
+	shl	\$4,$rounds
+	$movkey	16($key),$rndkey1
+	xorps	$rndkey0,$inout0
+	xorps	$rndkey0,$inout1
+	xorps	$rndkey0,$inout2
+	xorps	$rndkey0,$inout3
+	$movkey	32($key),$rndkey0
+	lea	32($key,$rounds),$key
+	neg	%rax				# $rounds
+	.byte	0x0f,0x1f,0x00
+	add	\$16,%rax
+
+.L${dir}_loop4:
+	aes${dir}	$rndkey1,$inout0
+	aes${dir}	$rndkey1,$inout1
+	aes${dir}	$rndkey1,$inout2
+	aes${dir}	$rndkey1,$inout3
+	$movkey		($key,%rax),$rndkey1
+	add		\$32,%rax
+	aes${dir}	$rndkey0,$inout0
+	aes${dir}	$rndkey0,$inout1
+	aes${dir}	$rndkey0,$inout2
+	aes${dir}	$rndkey0,$inout3
+	$movkey		-16($key,%rax),$rndkey0
+	jnz		.L${dir}_loop4
+
+	aes${dir}	$rndkey1,$inout0
+	aes${dir}	$rndkey1,$inout1
+	aes${dir}	$rndkey1,$inout2
+	aes${dir}	$rndkey1,$inout3
+	aes${dir}last	$rndkey0,$inout0
+	aes${dir}last	$rndkey0,$inout1
+	aes${dir}last	$rndkey0,$inout2
+	aes${dir}last	$rndkey0,$inout3
+	ret
+.cfi_endproc
+.size	_aesni_${dir}rypt4,.-_aesni_${dir}rypt4
+___
+}
+sub aesni_generate6 {
+my $dir=shift;
+# As already mentioned it takes in $key and $rounds, which are *not*
+# preserved. $inout[0-5] is cipher/clear text...
+$code.=<<___;
+.type	_aesni_${dir}rypt6,\@abi-omnipotent
+.align	16
+_aesni_${dir}rypt6:
+.cfi_startproc
+	$movkey		($key),$rndkey0
+	shl		\$4,$rounds
+	$movkey		16($key),$rndkey1
+	xorps		$rndkey0,$inout0
+	pxor		$rndkey0,$inout1
+	pxor		$rndkey0,$inout2
+	aes${dir}	$rndkey1,$inout0
+	lea		32($key,$rounds),$key
+	neg		%rax			# $rounds
+	aes${dir}	$rndkey1,$inout1
+	pxor		$rndkey0,$inout3
+	pxor		$rndkey0,$inout4
+	aes${dir}	$rndkey1,$inout2
+	pxor		$rndkey0,$inout5
+	$movkey		($key,%rax),$rndkey0
+	add		\$16,%rax
+	jmp		.L${dir}_loop6_enter
+.align	16
+.L${dir}_loop6:
+	aes${dir}	$rndkey1,$inout0
+	aes${dir}	$rndkey1,$inout1
+	aes${dir}	$rndkey1,$inout2
+.L${dir}_loop6_enter:
+	aes${dir}	$rndkey1,$inout3
+	aes${dir}	$rndkey1,$inout4
+	aes${dir}	$rndkey1,$inout5
+	$movkey		($key,%rax),$rndkey1
+	add		\$32,%rax
+	aes${dir}	$rndkey0,$inout0
+	aes${dir}	$rndkey0,$inout1
+	aes${dir}	$rndkey0,$inout2
+	aes${dir}	$rndkey0,$inout3
+	aes${dir}	$rndkey0,$inout4
+	aes${dir}	$rndkey0,$inout5
+	$movkey		-16($key,%rax),$rndkey0
+	jnz		.L${dir}_loop6
+
+	aes${dir}	$rndkey1,$inout0
+	aes${dir}	$rndkey1,$inout1
+	aes${dir}	$rndkey1,$inout2
+	aes${dir}	$rndkey1,$inout3
+	aes${dir}	$rndkey1,$inout4
+	aes${dir}	$rndkey1,$inout5
+	aes${dir}last	$rndkey0,$inout0
+	aes${dir}last	$rndkey0,$inout1
+	aes${dir}last	$rndkey0,$inout2
+	aes${dir}last	$rndkey0,$inout3
+	aes${dir}last	$rndkey0,$inout4
+	aes${dir}last	$rndkey0,$inout5
+	ret
+.cfi_endproc
+.size	_aesni_${dir}rypt6,.-_aesni_${dir}rypt6
+___
+}
+sub aesni_generate8 {
+my $dir=shift;
+# As already mentioned it takes in $key and $rounds, which are *not*
+# preserved. $inout[0-7] is cipher/clear text...
+$code.=<<___;
+.type	_aesni_${dir}rypt8,\@abi-omnipotent
+.align	16
+_aesni_${dir}rypt8:
+.cfi_startproc
+	$movkey		($key),$rndkey0
+	shl		\$4,$rounds
+	$movkey		16($key),$rndkey1
+	xorps		$rndkey0,$inout0
+	xorps		$rndkey0,$inout1
+	pxor		$rndkey0,$inout2
+	pxor		$rndkey0,$inout3
+	pxor		$rndkey0,$inout4
+	lea		32($key,$rounds),$key
+	neg		%rax			# $rounds
+	aes${dir}	$rndkey1,$inout0
+	pxor		$rndkey0,$inout5
+	pxor		$rndkey0,$inout6
+	aes${dir}	$rndkey1,$inout1
+	pxor		$rndkey0,$inout7
+	$movkey		($key,%rax),$rndkey0
+	add		\$16,%rax
+	jmp		.L${dir}_loop8_inner
+.align	16
+.L${dir}_loop8:
+	aes${dir}	$rndkey1,$inout0
+	aes${dir}	$rndkey1,$inout1
+.L${dir}_loop8_inner:
+	aes${dir}	$rndkey1,$inout2
+	aes${dir}	$rndkey1,$inout3
+	aes${dir}	$rndkey1,$inout4
+	aes${dir}	$rndkey1,$inout5
+	aes${dir}	$rndkey1,$inout6
+	aes${dir}	$rndkey1,$inout7
+.L${dir}_loop8_enter:
+	$movkey		($key,%rax),$rndkey1
+	add		\$32,%rax
+	aes${dir}	$rndkey0,$inout0
+	aes${dir}	$rndkey0,$inout1
+	aes${dir}	$rndkey0,$inout2
+	aes${dir}	$rndkey0,$inout3
+	aes${dir}	$rndkey0,$inout4
+	aes${dir}	$rndkey0,$inout5
+	aes${dir}	$rndkey0,$inout6
+	aes${dir}	$rndkey0,$inout7
+	$movkey		-16($key,%rax),$rndkey0
+	jnz		.L${dir}_loop8
+
+	aes${dir}	$rndkey1,$inout0
+	aes${dir}	$rndkey1,$inout1
+	aes${dir}	$rndkey1,$inout2
+	aes${dir}	$rndkey1,$inout3
+	aes${dir}	$rndkey1,$inout4
+	aes${dir}	$rndkey1,$inout5
+	aes${dir}	$rndkey1,$inout6
+	aes${dir}	$rndkey1,$inout7
+	aes${dir}last	$rndkey0,$inout0
+	aes${dir}last	$rndkey0,$inout1
+	aes${dir}last	$rndkey0,$inout2
+	aes${dir}last	$rndkey0,$inout3
+	aes${dir}last	$rndkey0,$inout4
+	aes${dir}last	$rndkey0,$inout5
+	aes${dir}last	$rndkey0,$inout6
+	aes${dir}last	$rndkey0,$inout7
+	ret
+.cfi_endproc
+.size	_aesni_${dir}rypt8,.-_aesni_${dir}rypt8
+___
+}
+&aesni_generate2("enc") if ($PREFIX eq "aesni");
+&aesni_generate2("dec");
+&aesni_generate3("enc") if ($PREFIX eq "aesni");
+&aesni_generate3("dec");
+&aesni_generate4("enc") if ($PREFIX eq "aesni");
+&aesni_generate4("dec");
+&aesni_generate6("enc") if ($PREFIX eq "aesni");
+&aesni_generate6("dec");
+&aesni_generate8("enc") if ($PREFIX eq "aesni");
+&aesni_generate8("dec");
+
+if ($PREFIX eq "aesni") {
+########################################################################
+# void aesni_ecb_encrypt (const void *in, void *out,
+#			  size_t length, const AES_KEY *key,
+#			  int enc);
+$code.=<<___;
+.globl	aesni_ecb_encrypt
+.type	aesni_ecb_encrypt,\@function,5
+.align	16
+aesni_ecb_encrypt:
+.cfi_startproc
+___
+$code.=<<___ if ($win64);
+	lea	-0x58(%rsp),%rsp
+	movaps	%xmm6,(%rsp)		# offload $inout4..7
+	movaps	%xmm7,0x10(%rsp)
+	movaps	%xmm8,0x20(%rsp)
+	movaps	%xmm9,0x30(%rsp)
+.Lecb_enc_body:
+___
+$code.=<<___;
+	and	\$-16,$len		# if ($len<16)
+	jz	.Lecb_ret		# return
+
+	mov	240($key),$rounds	# key->rounds
+	$movkey	($key),$rndkey0
+	mov	$key,$key_		# backup $key
+	mov	$rounds,$rnds_		# backup $rounds
+	test	%r8d,%r8d		# 5th argument
+	jz	.Lecb_decrypt
+#--------------------------- ECB ENCRYPT ------------------------------#
+	cmp	\$0x80,$len		# if ($len<8*16)
+	jb	.Lecb_enc_tail		# short input
+
+	movdqu	($inp),$inout0		# load 8 input blocks
+	movdqu	0x10($inp),$inout1
+	movdqu	0x20($inp),$inout2
+	movdqu	0x30($inp),$inout3
+	movdqu	0x40($inp),$inout4
+	movdqu	0x50($inp),$inout5
+	movdqu	0x60($inp),$inout6
+	movdqu	0x70($inp),$inout7
+	lea	0x80($inp),$inp		# $inp+=8*16
+	sub	\$0x80,$len		# $len-=8*16 (can be zero)
+	jmp	.Lecb_enc_loop8_enter
+.align 16
+.Lecb_enc_loop8:
+	movups	$inout0,($out)		# store 8 output blocks
+	mov	$key_,$key		# restore $key
+	movdqu	($inp),$inout0		# load 8 input blocks
+	mov	$rnds_,$rounds		# restore $rounds
+	movups	$inout1,0x10($out)
+	movdqu	0x10($inp),$inout1
+	movups	$inout2,0x20($out)
+	movdqu	0x20($inp),$inout2
+	movups	$inout3,0x30($out)
+	movdqu	0x30($inp),$inout3
+	movups	$inout4,0x40($out)
+	movdqu	0x40($inp),$inout4
+	movups	$inout5,0x50($out)
+	movdqu	0x50($inp),$inout5
+	movups	$inout6,0x60($out)
+	movdqu	0x60($inp),$inout6
+	movups	$inout7,0x70($out)
+	lea	0x80($out),$out		# $out+=8*16
+	movdqu	0x70($inp),$inout7
+	lea	0x80($inp),$inp		# $inp+=8*16
+.Lecb_enc_loop8_enter:
+
+	call	_aesni_encrypt8
+
+	sub	\$0x80,$len
+	jnc	.Lecb_enc_loop8		# loop if $len-=8*16 didn't borrow
+
+	movups	$inout0,($out)		# store 8 output blocks
+	mov	$key_,$key		# restore $key
+	movups	$inout1,0x10($out)
+	mov	$rnds_,$rounds		# restore $rounds
+	movups	$inout2,0x20($out)
+	movups	$inout3,0x30($out)
+	movups	$inout4,0x40($out)
+	movups	$inout5,0x50($out)
+	movups	$inout6,0x60($out)
+	movups	$inout7,0x70($out)
+	lea	0x80($out),$out		# $out+=8*16
+	add	\$0x80,$len		# restore real remaining $len
+	jz	.Lecb_ret		# done if ($len==0)
+
+.Lecb_enc_tail:				# $len is less than 8*16
+	movups	($inp),$inout0
+	cmp	\$0x20,$len
+	jb	.Lecb_enc_one
+	movups	0x10($inp),$inout1
+	je	.Lecb_enc_two
+	movups	0x20($inp),$inout2
+	cmp	\$0x40,$len
+	jb	.Lecb_enc_three
+	movups	0x30($inp),$inout3
+	je	.Lecb_enc_four
+	movups	0x40($inp),$inout4
+	cmp	\$0x60,$len
+	jb	.Lecb_enc_five
+	movups	0x50($inp),$inout5
+	je	.Lecb_enc_six
+	movdqu	0x60($inp),$inout6
+	xorps	$inout7,$inout7
+	call	_aesni_encrypt8
+	movups	$inout0,($out)		# store 7 output blocks
+	movups	$inout1,0x10($out)
+	movups	$inout2,0x20($out)
+	movups	$inout3,0x30($out)
+	movups	$inout4,0x40($out)
+	movups	$inout5,0x50($out)
+	movups	$inout6,0x60($out)
+	jmp	.Lecb_ret
+.align	16
+.Lecb_enc_one:
+___
+	&aesni_generate1("enc",$key,$rounds);
+$code.=<<___;
+	movups	$inout0,($out)		# store one output block
+	jmp	.Lecb_ret
+.align	16
+.Lecb_enc_two:
+	call	_aesni_encrypt2
+	movups	$inout0,($out)		# store 2 output blocks
+	movups	$inout1,0x10($out)
+	jmp	.Lecb_ret
+.align	16
+.Lecb_enc_three:
+	call	_aesni_encrypt3
+	movups	$inout0,($out)		# store 3 output blocks
+	movups	$inout1,0x10($out)
+	movups	$inout2,0x20($out)
+	jmp	.Lecb_ret
+.align	16
+.Lecb_enc_four:
+	call	_aesni_encrypt4
+	movups	$inout0,($out)		# store 4 output blocks
+	movups	$inout1,0x10($out)
+	movups	$inout2,0x20($out)
+	movups	$inout3,0x30($out)
+	jmp	.Lecb_ret
+.align	16
+.Lecb_enc_five:
+	xorps	$inout5,$inout5
+	call	_aesni_encrypt6
+	movups	$inout0,($out)		# store 5 output blocks
+	movups	$inout1,0x10($out)
+	movups	$inout2,0x20($out)
+	movups	$inout3,0x30($out)
+	movups	$inout4,0x40($out)
+	jmp	.Lecb_ret
+.align	16
+.Lecb_enc_six:
+	call	_aesni_encrypt6
+	movups	$inout0,($out)		# store 6 output blocks
+	movups	$inout1,0x10($out)
+	movups	$inout2,0x20($out)
+	movups	$inout3,0x30($out)
+	movups	$inout4,0x40($out)
+	movups	$inout5,0x50($out)
+	jmp	.Lecb_ret
+#--------------------------- ECB DECRYPT ------------------------------#
+.align	16
+.Lecb_decrypt:
+	cmp	\$0x80,$len		# if ($len<8*16)
+	jb	.Lecb_dec_tail		# short input
+
+	movdqu	($inp),$inout0		# load 8 input blocks
+	movdqu	0x10($inp),$inout1
+	movdqu	0x20($inp),$inout2
+	movdqu	0x30($inp),$inout3
+	movdqu	0x40($inp),$inout4
+	movdqu	0x50($inp),$inout5
+	movdqu	0x60($inp),$inout6
+	movdqu	0x70($inp),$inout7
+	lea	0x80($inp),$inp		# $inp+=8*16
+	sub	\$0x80,$len		# $len-=8*16 (can be zero)
+	jmp	.Lecb_dec_loop8_enter
+.align 16
+.Lecb_dec_loop8:
+	movups	$inout0,($out)		# store 8 output blocks
+	mov	$key_,$key		# restore $key
+	movdqu	($inp),$inout0		# load 8 input blocks
+	mov	$rnds_,$rounds		# restore $rounds
+	movups	$inout1,0x10($out)
+	movdqu	0x10($inp),$inout1
+	movups	$inout2,0x20($out)
+	movdqu	0x20($inp),$inout2
+	movups	$inout3,0x30($out)
+	movdqu	0x30($inp),$inout3
+	movups	$inout4,0x40($out)
+	movdqu	0x40($inp),$inout4
+	movups	$inout5,0x50($out)
+	movdqu	0x50($inp),$inout5
+	movups	$inout6,0x60($out)
+	movdqu	0x60($inp),$inout6
+	movups	$inout7,0x70($out)
+	lea	0x80($out),$out		# $out+=8*16
+	movdqu	0x70($inp),$inout7
+	lea	0x80($inp),$inp		# $inp+=8*16
+.Lecb_dec_loop8_enter:
+
+	call	_aesni_decrypt8
+
+	$movkey	($key_),$rndkey0
+	sub	\$0x80,$len
+	jnc	.Lecb_dec_loop8		# loop if $len-=8*16 didn't borrow
+
+	movups	$inout0,($out)		# store 8 output blocks
+	 pxor	$inout0,$inout0		# clear register bank
+	mov	$key_,$key		# restore $key
+	movups	$inout1,0x10($out)
+	 pxor	$inout1,$inout1
+	mov	$rnds_,$rounds		# restore $rounds
+	movups	$inout2,0x20($out)
+	 pxor	$inout2,$inout2
+	movups	$inout3,0x30($out)
+	 pxor	$inout3,$inout3
+	movups	$inout4,0x40($out)
+	 pxor	$inout4,$inout4
+	movups	$inout5,0x50($out)
+	 pxor	$inout5,$inout5
+	movups	$inout6,0x60($out)
+	 pxor	$inout6,$inout6
+	movups	$inout7,0x70($out)
+	 pxor	$inout7,$inout7
+	lea	0x80($out),$out		# $out+=8*16
+	add	\$0x80,$len		# restore real remaining $len
+	jz	.Lecb_ret		# done if ($len==0)
+
+.Lecb_dec_tail:
+	movups	($inp),$inout0
+	cmp	\$0x20,$len
+	jb	.Lecb_dec_one
+	movups	0x10($inp),$inout1
+	je	.Lecb_dec_two
+	movups	0x20($inp),$inout2
+	cmp	\$0x40,$len
+	jb	.Lecb_dec_three
+	movups	0x30($inp),$inout3
+	je	.Lecb_dec_four
+	movups	0x40($inp),$inout4
+	cmp	\$0x60,$len
+	jb	.Lecb_dec_five
+	movups	0x50($inp),$inout5
+	je	.Lecb_dec_six
+	movups	0x60($inp),$inout6
+	$movkey	($key),$rndkey0
+	xorps	$inout7,$inout7
+	call	_aesni_decrypt8
+	movups	$inout0,($out)		# store 7 output blocks
+	 pxor	$inout0,$inout0		# clear register bank
+	movups	$inout1,0x10($out)
+	 pxor	$inout1,$inout1
+	movups	$inout2,0x20($out)
+	 pxor	$inout2,$inout2
+	movups	$inout3,0x30($out)
+	 pxor	$inout3,$inout3
+	movups	$inout4,0x40($out)
+	 pxor	$inout4,$inout4
+	movups	$inout5,0x50($out)
+	 pxor	$inout5,$inout5
+	movups	$inout6,0x60($out)
+	 pxor	$inout6,$inout6
+	 pxor	$inout7,$inout7
+	jmp	.Lecb_ret
+.align	16
+.Lecb_dec_one:
+___
+	&aesni_generate1("dec",$key,$rounds);
+$code.=<<___;
+	movups	$inout0,($out)		# store one output block
+	 pxor	$inout0,$inout0		# clear register bank
+	jmp	.Lecb_ret
+.align	16
+.Lecb_dec_two:
+	call	_aesni_decrypt2
+	movups	$inout0,($out)		# store 2 output blocks
+	 pxor	$inout0,$inout0		# clear register bank
+	movups	$inout1,0x10($out)
+	 pxor	$inout1,$inout1
+	jmp	.Lecb_ret
+.align	16
+.Lecb_dec_three:
+	call	_aesni_decrypt3
+	movups	$inout0,($out)		# store 3 output blocks
+	 pxor	$inout0,$inout0		# clear register bank
+	movups	$inout1,0x10($out)
+	 pxor	$inout1,$inout1
+	movups	$inout2,0x20($out)
+	 pxor	$inout2,$inout2
+	jmp	.Lecb_ret
+.align	16
+.Lecb_dec_four:
+	call	_aesni_decrypt4
+	movups	$inout0,($out)		# store 4 output blocks
+	 pxor	$inout0,$inout0		# clear register bank
+	movups	$inout1,0x10($out)
+	 pxor	$inout1,$inout1
+	movups	$inout2,0x20($out)
+	 pxor	$inout2,$inout2
+	movups	$inout3,0x30($out)
+	 pxor	$inout3,$inout3
+	jmp	.Lecb_ret
+.align	16
+.Lecb_dec_five:
+	xorps	$inout5,$inout5
+	call	_aesni_decrypt6
+	movups	$inout0,($out)		# store 5 output blocks
+	 pxor	$inout0,$inout0		# clear register bank
+	movups	$inout1,0x10($out)
+	 pxor	$inout1,$inout1
+	movups	$inout2,0x20($out)
+	 pxor	$inout2,$inout2
+	movups	$inout3,0x30($out)
+	 pxor	$inout3,$inout3
+	movups	$inout4,0x40($out)
+	 pxor	$inout4,$inout4
+	 pxor	$inout5,$inout5
+	jmp	.Lecb_ret
+.align	16
+.Lecb_dec_six:
+	call	_aesni_decrypt6
+	movups	$inout0,($out)		# store 6 output blocks
+	 pxor	$inout0,$inout0		# clear register bank
+	movups	$inout1,0x10($out)
+	 pxor	$inout1,$inout1
+	movups	$inout2,0x20($out)
+	 pxor	$inout2,$inout2
+	movups	$inout3,0x30($out)
+	 pxor	$inout3,$inout3
+	movups	$inout4,0x40($out)
+	 pxor	$inout4,$inout4
+	movups	$inout5,0x50($out)
+	 pxor	$inout5,$inout5
+
+.Lecb_ret:
+	xorps	$rndkey0,$rndkey0	# %xmm0
+	pxor	$rndkey1,$rndkey1
+___
+$code.=<<___ if ($win64);
+	movaps	(%rsp),%xmm6
+	movaps	%xmm0,(%rsp)		# clear stack
+	movaps	0x10(%rsp),%xmm7
+	movaps	%xmm0,0x10(%rsp)
+	movaps	0x20(%rsp),%xmm8
+	movaps	%xmm0,0x20(%rsp)
+	movaps	0x30(%rsp),%xmm9
+	movaps	%xmm0,0x30(%rsp)
+	lea	0x58(%rsp),%rsp
+.Lecb_enc_ret:
+___
+$code.=<<___;
+	ret
+.cfi_endproc
+.size	aesni_ecb_encrypt,.-aesni_ecb_encrypt
+___
+
+{
+######################################################################
+# void aesni_ccm64_[en|de]crypt_blocks (const void *in, void *out,
+#                         size_t blocks, const AES_KEY *key,
+#                         const char *ivec,char *cmac);
+#
+# Handles only complete blocks, operates on 64-bit counter and
+# does not update *ivec! Nor does it finalize CMAC value
+# (see engine/eng_aesni.c for details)
+#
+{
+my $cmac="%r9";	# 6th argument
+
+my $increment="%xmm9";
+my $iv="%xmm6";
+my $bswap_mask="%xmm7";
+
+$code.=<<___;
+.globl	aesni_ccm64_encrypt_blocks
+.type	aesni_ccm64_encrypt_blocks,\@function,6
+.align	16
+aesni_ccm64_encrypt_blocks:
+___
+$code.=<<___ if ($win64);
+	lea	-0x58(%rsp),%rsp
+	movaps	%xmm6,(%rsp)		# $iv
+	movaps	%xmm7,0x10(%rsp)	# $bswap_mask
+	movaps	%xmm8,0x20(%rsp)	# $in0
+	movaps	%xmm9,0x30(%rsp)	# $increment
+.Lccm64_enc_body:
+___
+$code.=<<___;
+	mov	240($key),$rounds		# key->rounds
+	movdqu	($ivp),$iv
+	movdqa	.Lincrement64(%rip),$increment
+	movdqa	.Lbswap_mask(%rip),$bswap_mask
+
+	shl	\$4,$rounds
+	mov	\$16,$rnds_
+	lea	0($key),$key_
+	movdqu	($cmac),$inout1
+	movdqa	$iv,$inout0
+	lea	32($key,$rounds),$key		# end of key schedule
+	pshufb	$bswap_mask,$iv
+	sub	%rax,%r10			# twisted $rounds
+	jmp	.Lccm64_enc_outer
+.align	16
+.Lccm64_enc_outer:
+	$movkey	($key_),$rndkey0
+	mov	%r10,%rax
+	movups	($inp),$in0			# load inp
+
+	xorps	$rndkey0,$inout0		# counter
+	$movkey	16($key_),$rndkey1
+	xorps	$in0,$rndkey0
+	xorps	$rndkey0,$inout1		# cmac^=inp
+	$movkey	32($key_),$rndkey0
+
+.Lccm64_enc2_loop:
+	aesenc	$rndkey1,$inout0
+	aesenc	$rndkey1,$inout1
+	$movkey	($key,%rax),$rndkey1
+	add	\$32,%rax
+	aesenc	$rndkey0,$inout0
+	aesenc	$rndkey0,$inout1
+	$movkey	-16($key,%rax),$rndkey0
+	jnz	.Lccm64_enc2_loop
+	aesenc	$rndkey1,$inout0
+	aesenc	$rndkey1,$inout1
+	paddq	$increment,$iv
+	dec	$len				# $len-- ($len is in blocks)
+	aesenclast	$rndkey0,$inout0
+	aesenclast	$rndkey0,$inout1
+
+	lea	16($inp),$inp
+	xorps	$inout0,$in0			# inp ^= E(iv)
+	movdqa	$iv,$inout0
+	movups	$in0,($out)			# save output
+	pshufb	$bswap_mask,$inout0
+	lea	16($out),$out			# $out+=16
+	jnz	.Lccm64_enc_outer		# loop if ($len!=0)
+
+	 pxor	$rndkey0,$rndkey0		# clear register bank
+	 pxor	$rndkey1,$rndkey1
+	 pxor	$inout0,$inout0
+	movups	$inout1,($cmac)			# store resulting mac
+	 pxor	$inout1,$inout1
+	 pxor	$in0,$in0
+	 pxor	$iv,$iv
+___
+$code.=<<___ if ($win64);
+	movaps	(%rsp),%xmm6
+	movaps	%xmm0,(%rsp)			# clear stack
+	movaps	0x10(%rsp),%xmm7
+	movaps	%xmm0,0x10(%rsp)
+	movaps	0x20(%rsp),%xmm8
+	movaps	%xmm0,0x20(%rsp)
+	movaps	0x30(%rsp),%xmm9
+	movaps	%xmm0,0x30(%rsp)
+	lea	0x58(%rsp),%rsp
+.Lccm64_enc_ret:
+___
+$code.=<<___;
+	ret
+.size	aesni_ccm64_encrypt_blocks,.-aesni_ccm64_encrypt_blocks
+___
+######################################################################
+$code.=<<___;
+.globl	aesni_ccm64_decrypt_blocks
+.type	aesni_ccm64_decrypt_blocks,\@function,6
+.align	16
+aesni_ccm64_decrypt_blocks:
+___
+$code.=<<___ if ($win64);
+	lea	-0x58(%rsp),%rsp
+	movaps	%xmm6,(%rsp)		# $iv
+	movaps	%xmm7,0x10(%rsp)	# $bswap_mask
+	movaps	%xmm8,0x20(%rsp)	# $in8
+	movaps	%xmm9,0x30(%rsp)	# $increment
+.Lccm64_dec_body:
+___
+$code.=<<___;
+	mov	240($key),$rounds		# key->rounds
+	movups	($ivp),$iv
+	movdqu	($cmac),$inout1
+	movdqa	.Lincrement64(%rip),$increment
+	movdqa	.Lbswap_mask(%rip),$bswap_mask
+
+	movaps	$iv,$inout0
+	mov	$rounds,$rnds_
+	mov	$key,$key_
+	pshufb	$bswap_mask,$iv
+___
+	&aesni_generate1("enc",$key,$rounds);
+$code.=<<___;
+	shl	\$4,$rnds_
+	mov	\$16,$rounds
+	movups	($inp),$in0			# load inp
+	paddq	$increment,$iv
+	lea	16($inp),$inp			# $inp+=16
+	sub	%r10,%rax			# twisted $rounds
+	lea	32($key_,$rnds_),$key		# end of key schedule
+	mov	%rax,%r10
+	jmp	.Lccm64_dec_outer
+.align	16
+.Lccm64_dec_outer:
+	xorps	$inout0,$in0			# inp ^= E(iv)
+	movdqa	$iv,$inout0
+	movups	$in0,($out)			# save output
+	lea	16($out),$out			# $out+=16
+	pshufb	$bswap_mask,$inout0
+
+	sub	\$1,$len			# $len-- ($len is in blocks)
+	jz	.Lccm64_dec_break		# if ($len==0) break
+
+	$movkey	($key_),$rndkey0
+	mov	%r10,%rax
+	$movkey	16($key_),$rndkey1
+	xorps	$rndkey0,$in0
+	xorps	$rndkey0,$inout0
+	xorps	$in0,$inout1			# cmac^=out
+	$movkey	32($key_),$rndkey0
+	jmp	.Lccm64_dec2_loop
+.align	16
+.Lccm64_dec2_loop:
+	aesenc	$rndkey1,$inout0
+	aesenc	$rndkey1,$inout1
+	$movkey	($key,%rax),$rndkey1
+	add	\$32,%rax
+	aesenc	$rndkey0,$inout0
+	aesenc	$rndkey0,$inout1
+	$movkey	-16($key,%rax),$rndkey0
+	jnz	.Lccm64_dec2_loop
+	movups	($inp),$in0			# load input
+	paddq	$increment,$iv
+	aesenc	$rndkey1,$inout0
+	aesenc	$rndkey1,$inout1
+	aesenclast	$rndkey0,$inout0
+	aesenclast	$rndkey0,$inout1
+	lea	16($inp),$inp			# $inp+=16
+	jmp	.Lccm64_dec_outer
+
+.align	16
+.Lccm64_dec_break:
+	#xorps	$in0,$inout1			# cmac^=out
+	mov	240($key_),$rounds
+___
+	&aesni_generate1("enc",$key_,$rounds,$inout1,$in0);
+$code.=<<___;
+	 pxor	$rndkey0,$rndkey0		# clear register bank
+	 pxor	$rndkey1,$rndkey1
+	 pxor	$inout0,$inout0
+	movups	$inout1,($cmac)			# store resulting mac
+	 pxor	$inout1,$inout1
+	 pxor	$in0,$in0
+	 pxor	$iv,$iv
+___
+$code.=<<___ if ($win64);
+	movaps	(%rsp),%xmm6
+	movaps	%xmm0,(%rsp)			# clear stack
+	movaps	0x10(%rsp),%xmm7
+	movaps	%xmm0,0x10(%rsp)
+	movaps	0x20(%rsp),%xmm8
+	movaps	%xmm0,0x20(%rsp)
+	movaps	0x30(%rsp),%xmm9
+	movaps	%xmm0,0x30(%rsp)
+	lea	0x58(%rsp),%rsp
+.Lccm64_dec_ret:
+___
+$code.=<<___;
+	ret
+.size	aesni_ccm64_decrypt_blocks,.-aesni_ccm64_decrypt_blocks
+___
+}
+######################################################################
+# void aesni_ctr32_encrypt_blocks (const void *in, void *out,
+#                         size_t blocks, const AES_KEY *key,
+#                         const char *ivec);
+#
+# Handles only complete blocks, operates on 32-bit counter and
+# does not update *ivec! (see crypto/modes/ctr128.c for details)
+#
+# Overhaul based on suggestions from Shay Gueron and Vlad Krasnov,
+# http://rt.openssl.org/Ticket/Display.html?id=3021&user=guest&pass=guest.
+# Keywords are full unroll and modulo-schedule counter calculations
+# with zero-round key xor.
+{
+my ($in0,$in1,$in2,$in3,$in4,$in5)=map("%xmm$_",(10..15));
+my ($key0,$ctr)=("%ebp","${ivp}d");
+my $frame_size = 0x80 + ($win64?160:0);
+
+$code.=<<___;
+.globl	aesni_ctr32_encrypt_blocks
+.type	aesni_ctr32_encrypt_blocks,\@function,5
+.align	16
+aesni_ctr32_encrypt_blocks:
+.cfi_startproc
+	cmp	\$1,$len
+	jne	.Lctr32_bulk
+
+	# handle single block without allocating stack frame,
+	# useful when handling edges
+	movups	($ivp),$inout0
+	movups	($inp),$inout1
+	mov	240($key),%edx			# key->rounds
+___
+	&aesni_generate1("enc",$key,"%edx");
+$code.=<<___;
+	 pxor	$rndkey0,$rndkey0		# clear register bank
+	 pxor	$rndkey1,$rndkey1
+	xorps	$inout1,$inout0
+	 pxor	$inout1,$inout1
+	movups	$inout0,($out)
+	 xorps	$inout0,$inout0
+	jmp	.Lctr32_epilogue
+
+.align	16
+.Lctr32_bulk:
+	lea	(%rsp),$key_			# use $key_ as frame pointer
+.cfi_def_cfa_register	$key_
+	push	%rbp
+.cfi_push	%rbp
+	sub	\$$frame_size,%rsp
+	and	\$-16,%rsp	# Linux kernel stack can be incorrectly seeded
+___
+$code.=<<___ if ($win64);
+	movaps	%xmm6,-0xa8($key_)		# offload everything
+	movaps	%xmm7,-0x98($key_)
+	movaps	%xmm8,-0x88($key_)
+	movaps	%xmm9,-0x78($key_)
+	movaps	%xmm10,-0x68($key_)
+	movaps	%xmm11,-0x58($key_)
+	movaps	%xmm12,-0x48($key_)
+	movaps	%xmm13,-0x38($key_)
+	movaps	%xmm14,-0x28($key_)
+	movaps	%xmm15,-0x18($key_)
+.Lctr32_body:
+___
+$code.=<<___;
+
+	# 8 16-byte words on top of stack are counter values
+	# xor-ed with zero-round key
+
+	movdqu	($ivp),$inout0
+	movdqu	($key),$rndkey0
+	mov	12($ivp),$ctr			# counter LSB
+	pxor	$rndkey0,$inout0
+	mov	12($key),$key0			# 0-round key LSB
+	movdqa	$inout0,0x00(%rsp)		# populate counter block
+	bswap	$ctr
+	movdqa	$inout0,$inout1
+	movdqa	$inout0,$inout2
+	movdqa	$inout0,$inout3
+	movdqa	$inout0,0x40(%rsp)
+	movdqa	$inout0,0x50(%rsp)
+	movdqa	$inout0,0x60(%rsp)
+	mov	%rdx,%r10			# about to borrow %rdx
+	movdqa	$inout0,0x70(%rsp)
+
+	lea	1($ctr),%rax
+	 lea	2($ctr),%rdx
+	bswap	%eax
+	 bswap	%edx
+	xor	$key0,%eax
+	 xor	$key0,%edx
+	pinsrd	\$3,%eax,$inout1
+	lea	3($ctr),%rax
+	movdqa	$inout1,0x10(%rsp)
+	 pinsrd	\$3,%edx,$inout2
+	bswap	%eax
+	 mov	%r10,%rdx			# restore %rdx
+	 lea	4($ctr),%r10
+	 movdqa	$inout2,0x20(%rsp)
+	xor	$key0,%eax
+	 bswap	%r10d
+	pinsrd	\$3,%eax,$inout3
+	 xor	$key0,%r10d
+	movdqa	$inout3,0x30(%rsp)
+	lea	5($ctr),%r9
+	 mov	%r10d,0x40+12(%rsp)
+	bswap	%r9d
+	 lea	6($ctr),%r10
+	mov	240($key),$rounds		# key->rounds
+	xor	$key0,%r9d
+	 bswap	%r10d
+	mov	%r9d,0x50+12(%rsp)
+	 xor	$key0,%r10d
+	lea	7($ctr),%r9
+	 mov	%r10d,0x60+12(%rsp)
+	bswap	%r9d
+	 mov	OPENSSL_ia32cap_P+4(%rip),%r10d
+	xor	$key0,%r9d
+	 and	\$`1<<26|1<<22`,%r10d		# isolate XSAVE+MOVBE
+	mov	%r9d,0x70+12(%rsp)
+
+	$movkey	0x10($key),$rndkey1
+
+	movdqa	0x40(%rsp),$inout4
+	movdqa	0x50(%rsp),$inout5
+
+	cmp	\$8,$len		# $len is in blocks
+	jb	.Lctr32_tail		# short input if ($len<8)
+
+	sub	\$6,$len		# $len is biased by -6
+	cmp	\$`1<<22`,%r10d		# check for MOVBE without XSAVE
+	je	.Lctr32_6x		# [which denotes Atom Silvermont]
+
+	lea	0x80($key),$key		# size optimization
+	sub	\$2,$len		# $len is biased by -8
+	jmp	.Lctr32_loop8
+
+.align	16
+.Lctr32_6x:
+	shl	\$4,$rounds
+	mov	\$48,$rnds_
+	bswap	$key0
+	lea	32($key,$rounds),$key	# end of key schedule
+	sub	%rax,%r10		# twisted $rounds
+	jmp	.Lctr32_loop6
+
+.align	16
+.Lctr32_loop6:
+	 add	\$6,$ctr		# next counter value
+	$movkey	-48($key,$rnds_),$rndkey0
+	aesenc	$rndkey1,$inout0
+	 mov	$ctr,%eax
+	 xor	$key0,%eax
+	aesenc	$rndkey1,$inout1
+	 movbe	%eax,`0x00+12`(%rsp)	# store next counter value
+	 lea	1($ctr),%eax
+	aesenc	$rndkey1,$inout2
+	 xor	$key0,%eax
+	 movbe	%eax,`0x10+12`(%rsp)
+	aesenc	$rndkey1,$inout3
+	 lea	2($ctr),%eax
+	 xor	$key0,%eax
+	aesenc	$rndkey1,$inout4
+	 movbe	%eax,`0x20+12`(%rsp)
+	 lea	3($ctr),%eax
+	aesenc	$rndkey1,$inout5
+	$movkey	-32($key,$rnds_),$rndkey1
+	 xor	$key0,%eax
+
+	aesenc	$rndkey0,$inout0
+	 movbe	%eax,`0x30+12`(%rsp)
+	 lea	4($ctr),%eax
+	aesenc	$rndkey0,$inout1
+	 xor	$key0,%eax
+	 movbe	%eax,`0x40+12`(%rsp)
+	aesenc	$rndkey0,$inout2
+	 lea	5($ctr),%eax
+	 xor	$key0,%eax
+	aesenc	$rndkey0,$inout3
+	 movbe	%eax,`0x50+12`(%rsp)
+	 mov	%r10,%rax		# mov	$rnds_,$rounds
+	aesenc	$rndkey0,$inout4
+	aesenc	$rndkey0,$inout5
+	$movkey	-16($key,$rnds_),$rndkey0
+
+	call	.Lenc_loop6
+
+	movdqu	($inp),$inout6		# load 6 input blocks
+	movdqu	0x10($inp),$inout7
+	movdqu	0x20($inp),$in0
+	movdqu	0x30($inp),$in1
+	movdqu	0x40($inp),$in2
+	movdqu	0x50($inp),$in3
+	lea	0x60($inp),$inp		# $inp+=6*16
+	$movkey	-64($key,$rnds_),$rndkey1
+	pxor	$inout0,$inout6		# inp^=E(ctr)
+	movaps	0x00(%rsp),$inout0	# load next counter [xor-ed with 0 round]
+	pxor	$inout1,$inout7
+	movaps	0x10(%rsp),$inout1
+	pxor	$inout2,$in0
+	movaps	0x20(%rsp),$inout2
+	pxor	$inout3,$in1
+	movaps	0x30(%rsp),$inout3
+	pxor	$inout4,$in2
+	movaps	0x40(%rsp),$inout4
+	pxor	$inout5,$in3
+	movaps	0x50(%rsp),$inout5
+	movdqu	$inout6,($out)		# store 6 output blocks
+	movdqu	$inout7,0x10($out)
+	movdqu	$in0,0x20($out)
+	movdqu	$in1,0x30($out)
+	movdqu	$in2,0x40($out)
+	movdqu	$in3,0x50($out)
+	lea	0x60($out),$out		# $out+=6*16
+
+	sub	\$6,$len
+	jnc	.Lctr32_loop6		# loop if $len-=6 didn't borrow
+
+	add	\$6,$len		# restore real remaining $len
+	jz	.Lctr32_done		# done if ($len==0)
+
+	lea	-48($rnds_),$rounds
+	lea	-80($key,$rnds_),$key	# restore $key
+	neg	$rounds
+	shr	\$4,$rounds		# restore $rounds
+	jmp	.Lctr32_tail
+
+.align	32
+.Lctr32_loop8:
+	 add		\$8,$ctr		# next counter value
+	movdqa		0x60(%rsp),$inout6
+	aesenc		$rndkey1,$inout0
+	 mov		$ctr,%r9d
+	movdqa		0x70(%rsp),$inout7
+	aesenc		$rndkey1,$inout1
+	 bswap		%r9d
+	$movkey		0x20-0x80($key),$rndkey0
+	aesenc		$rndkey1,$inout2
+	 xor		$key0,%r9d
+	 nop
+	aesenc		$rndkey1,$inout3
+	 mov		%r9d,0x00+12(%rsp)	# store next counter value
+	 lea		1($ctr),%r9
+	aesenc		$rndkey1,$inout4
+	aesenc		$rndkey1,$inout5
+	aesenc		$rndkey1,$inout6
+	aesenc		$rndkey1,$inout7
+	$movkey		0x30-0x80($key),$rndkey1
+___
+for($i=2;$i<8;$i++) {
+my $rndkeyx = ($i&1)?$rndkey1:$rndkey0;
+$code.=<<___;
+	 bswap		%r9d
+	aesenc		$rndkeyx,$inout0
+	aesenc		$rndkeyx,$inout1
+	 xor		$key0,%r9d
+	 .byte		0x66,0x90
+	aesenc		$rndkeyx,$inout2
+	aesenc		$rndkeyx,$inout3
+	 mov		%r9d,`0x10*($i-1)`+12(%rsp)
+	 lea		$i($ctr),%r9
+	aesenc		$rndkeyx,$inout4
+	aesenc		$rndkeyx,$inout5
+	aesenc		$rndkeyx,$inout6
+	aesenc		$rndkeyx,$inout7
+	$movkey		`0x20+0x10*$i`-0x80($key),$rndkeyx
+___
+}
+$code.=<<___;
+	 bswap		%r9d
+	aesenc		$rndkey0,$inout0
+	aesenc		$rndkey0,$inout1
+	aesenc		$rndkey0,$inout2
+	 xor		$key0,%r9d
+	 movdqu		0x00($inp),$in0		# start loading input
+	aesenc		$rndkey0,$inout3
+	 mov		%r9d,0x70+12(%rsp)
+	 cmp		\$11,$rounds
+	aesenc		$rndkey0,$inout4
+	aesenc		$rndkey0,$inout5
+	aesenc		$rndkey0,$inout6
+	aesenc		$rndkey0,$inout7
+	$movkey		0xa0-0x80($key),$rndkey0
+
+	jb		.Lctr32_enc_done
+
+	aesenc		$rndkey1,$inout0
+	aesenc		$rndkey1,$inout1
+	aesenc		$rndkey1,$inout2
+	aesenc		$rndkey1,$inout3
+	aesenc		$rndkey1,$inout4
+	aesenc		$rndkey1,$inout5
+	aesenc		$rndkey1,$inout6
+	aesenc		$rndkey1,$inout7
+	$movkey		0xb0-0x80($key),$rndkey1
+
+	aesenc		$rndkey0,$inout0
+	aesenc		$rndkey0,$inout1
+	aesenc		$rndkey0,$inout2
+	aesenc		$rndkey0,$inout3
+	aesenc		$rndkey0,$inout4
+	aesenc		$rndkey0,$inout5
+	aesenc		$rndkey0,$inout6
+	aesenc		$rndkey0,$inout7
+	$movkey		0xc0-0x80($key),$rndkey0
+	je		.Lctr32_enc_done
+
+	aesenc		$rndkey1,$inout0
+	aesenc		$rndkey1,$inout1
+	aesenc		$rndkey1,$inout2
+	aesenc		$rndkey1,$inout3
+	aesenc		$rndkey1,$inout4
+	aesenc		$rndkey1,$inout5
+	aesenc		$rndkey1,$inout6
+	aesenc		$rndkey1,$inout7
+	$movkey		0xd0-0x80($key),$rndkey1
+
+	aesenc		$rndkey0,$inout0
+	aesenc		$rndkey0,$inout1
+	aesenc		$rndkey0,$inout2
+	aesenc		$rndkey0,$inout3
+	aesenc		$rndkey0,$inout4
+	aesenc		$rndkey0,$inout5
+	aesenc		$rndkey0,$inout6
+	aesenc		$rndkey0,$inout7
+	$movkey		0xe0-0x80($key),$rndkey0
+	jmp		.Lctr32_enc_done
+
+.align	16
+.Lctr32_enc_done:
+	movdqu		0x10($inp),$in1
+	pxor		$rndkey0,$in0		# input^=round[last]
+	movdqu		0x20($inp),$in2
+	pxor		$rndkey0,$in1
+	movdqu		0x30($inp),$in3
+	pxor		$rndkey0,$in2
+	movdqu		0x40($inp),$in4
+	pxor		$rndkey0,$in3
+	movdqu		0x50($inp),$in5
+	pxor		$rndkey0,$in4
+	pxor		$rndkey0,$in5
+	aesenc		$rndkey1,$inout0
+	aesenc		$rndkey1,$inout1
+	aesenc		$rndkey1,$inout2
+	aesenc		$rndkey1,$inout3
+	aesenc		$rndkey1,$inout4
+	aesenc		$rndkey1,$inout5
+	aesenc		$rndkey1,$inout6
+	aesenc		$rndkey1,$inout7
+	movdqu		0x60($inp),$rndkey1	# borrow $rndkey1 for inp[6]
+	lea		0x80($inp),$inp		# $inp+=8*16
+
+	aesenclast	$in0,$inout0		# $inN is inp[N]^round[last]
+	pxor		$rndkey0,$rndkey1	# borrowed $rndkey
+	movdqu		0x70-0x80($inp),$in0
+	aesenclast	$in1,$inout1
+	pxor		$rndkey0,$in0
+	movdqa		0x00(%rsp),$in1		# load next counter block
+	aesenclast	$in2,$inout2
+	aesenclast	$in3,$inout3
+	movdqa		0x10(%rsp),$in2
+	movdqa		0x20(%rsp),$in3
+	aesenclast	$in4,$inout4
+	aesenclast	$in5,$inout5
+	movdqa		0x30(%rsp),$in4
+	movdqa		0x40(%rsp),$in5
+	aesenclast	$rndkey1,$inout6
+	movdqa		0x50(%rsp),$rndkey0
+	$movkey		0x10-0x80($key),$rndkey1#real 1st-round key
+	aesenclast	$in0,$inout7
+
+	movups		$inout0,($out)		# store 8 output blocks
+	movdqa		$in1,$inout0
+	movups		$inout1,0x10($out)
+	movdqa		$in2,$inout1
+	movups		$inout2,0x20($out)
+	movdqa		$in3,$inout2
+	movups		$inout3,0x30($out)
+	movdqa		$in4,$inout3
+	movups		$inout4,0x40($out)
+	movdqa		$in5,$inout4
+	movups		$inout5,0x50($out)
+	movdqa		$rndkey0,$inout5
+	movups		$inout6,0x60($out)
+	movups		$inout7,0x70($out)
+	lea		0x80($out),$out		# $out+=8*16
+
+	sub	\$8,$len
+	jnc	.Lctr32_loop8			# loop if $len-=8 didn't borrow
+
+	add	\$8,$len			# restore real remaining $len
+	jz	.Lctr32_done			# done if ($len==0)
+	lea	-0x80($key),$key
+
+.Lctr32_tail:
+	# note that at this point $inout0..5 are populated with
+	# counter values xor-ed with 0-round key
+	lea	16($key),$key
+	cmp	\$4,$len
+	jb	.Lctr32_loop3
+	je	.Lctr32_loop4
+
+	# if ($len>4) compute 7 E(counter)
+	shl		\$4,$rounds
+	movdqa		0x60(%rsp),$inout6
+	pxor		$inout7,$inout7
+
+	$movkey		16($key),$rndkey0
+	aesenc		$rndkey1,$inout0
+	aesenc		$rndkey1,$inout1
+	lea		32-16($key,$rounds),$key# prepare for .Lenc_loop8_enter
+	neg		%rax
+	aesenc		$rndkey1,$inout2
+	add		\$16,%rax		# prepare for .Lenc_loop8_enter
+	 movups		($inp),$in0
+	aesenc		$rndkey1,$inout3
+	aesenc		$rndkey1,$inout4
+	 movups		0x10($inp),$in1		# pre-load input
+	 movups		0x20($inp),$in2
+	aesenc		$rndkey1,$inout5
+	aesenc		$rndkey1,$inout6
+
+	call            .Lenc_loop8_enter
+
+	movdqu	0x30($inp),$in3
+	pxor	$in0,$inout0
+	movdqu	0x40($inp),$in0
+	pxor	$in1,$inout1
+	movdqu	$inout0,($out)			# store output
+	pxor	$in2,$inout2
+	movdqu	$inout1,0x10($out)
+	pxor	$in3,$inout3
+	movdqu	$inout2,0x20($out)
+	pxor	$in0,$inout4
+	movdqu	$inout3,0x30($out)
+	movdqu	$inout4,0x40($out)
+	cmp	\$6,$len
+	jb	.Lctr32_done			# $len was 5, stop store
+
+	movups	0x50($inp),$in1
+	xorps	$in1,$inout5
+	movups	$inout5,0x50($out)
+	je	.Lctr32_done			# $len was 6, stop store
+
+	movups	0x60($inp),$in2
+	xorps	$in2,$inout6
+	movups	$inout6,0x60($out)
+	jmp	.Lctr32_done			# $len was 7, stop store
+
+.align	32
+.Lctr32_loop4:
+	aesenc		$rndkey1,$inout0
+	lea		16($key),$key
+	dec		$rounds
+	aesenc		$rndkey1,$inout1
+	aesenc		$rndkey1,$inout2
+	aesenc		$rndkey1,$inout3
+	$movkey		($key),$rndkey1
+	jnz		.Lctr32_loop4
+	aesenclast	$rndkey1,$inout0
+	aesenclast	$rndkey1,$inout1
+	 movups		($inp),$in0		# load input
+	 movups		0x10($inp),$in1
+	aesenclast	$rndkey1,$inout2
+	aesenclast	$rndkey1,$inout3
+	 movups		0x20($inp),$in2
+	 movups		0x30($inp),$in3
+
+	xorps	$in0,$inout0
+	movups	$inout0,($out)			# store output
+	xorps	$in1,$inout1
+	movups	$inout1,0x10($out)
+	pxor	$in2,$inout2
+	movdqu	$inout2,0x20($out)
+	pxor	$in3,$inout3
+	movdqu	$inout3,0x30($out)
+	jmp	.Lctr32_done			# $len was 4, stop store
+
+.align	32
+.Lctr32_loop3:
+	aesenc		$rndkey1,$inout0
+	lea		16($key),$key
+	dec		$rounds
+	aesenc		$rndkey1,$inout1
+	aesenc		$rndkey1,$inout2
+	$movkey		($key),$rndkey1
+	jnz		.Lctr32_loop3
+	aesenclast	$rndkey1,$inout0
+	aesenclast	$rndkey1,$inout1
+	aesenclast	$rndkey1,$inout2
+
+	movups	($inp),$in0			# load input
+	xorps	$in0,$inout0
+	movups	$inout0,($out)			# store output
+	cmp	\$2,$len
+	jb	.Lctr32_done			# $len was 1, stop store
+
+	movups	0x10($inp),$in1
+	xorps	$in1,$inout1
+	movups	$inout1,0x10($out)
+	je	.Lctr32_done			# $len was 2, stop store
+
+	movups	0x20($inp),$in2
+	xorps	$in2,$inout2
+	movups	$inout2,0x20($out)		# $len was 3, stop store
+
+.Lctr32_done:
+	xorps	%xmm0,%xmm0			# clear register bank
+	xor	$key0,$key0
+	pxor	%xmm1,%xmm1
+	pxor	%xmm2,%xmm2
+	pxor	%xmm3,%xmm3
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+___
+$code.=<<___ if (!$win64);
+	pxor	%xmm6,%xmm6
+	pxor	%xmm7,%xmm7
+	movaps	%xmm0,0x00(%rsp)		# clear stack
+	pxor	%xmm8,%xmm8
+	movaps	%xmm0,0x10(%rsp)
+	pxor	%xmm9,%xmm9
+	movaps	%xmm0,0x20(%rsp)
+	pxor	%xmm10,%xmm10
+	movaps	%xmm0,0x30(%rsp)
+	pxor	%xmm11,%xmm11
+	movaps	%xmm0,0x40(%rsp)
+	pxor	%xmm12,%xmm12
+	movaps	%xmm0,0x50(%rsp)
+	pxor	%xmm13,%xmm13
+	movaps	%xmm0,0x60(%rsp)
+	pxor	%xmm14,%xmm14
+	movaps	%xmm0,0x70(%rsp)
+	pxor	%xmm15,%xmm15
+___
+$code.=<<___ if ($win64);
+	movaps	-0xa8($key_),%xmm6
+	movaps	%xmm0,-0xa8($key_)		# clear stack
+	movaps	-0x98($key_),%xmm7
+	movaps	%xmm0,-0x98($key_)
+	movaps	-0x88($key_),%xmm8
+	movaps	%xmm0,-0x88($key_)
+	movaps	-0x78($key_),%xmm9
+	movaps	%xmm0,-0x78($key_)
+	movaps	-0x68($key_),%xmm10
+	movaps	%xmm0,-0x68($key_)
+	movaps	-0x58($key_),%xmm11
+	movaps	%xmm0,-0x58($key_)
+	movaps	-0x48($key_),%xmm12
+	movaps	%xmm0,-0x48($key_)
+	movaps	-0x38($key_),%xmm13
+	movaps	%xmm0,-0x38($key_)
+	movaps	-0x28($key_),%xmm14
+	movaps	%xmm0,-0x28($key_)
+	movaps	-0x18($key_),%xmm15
+	movaps	%xmm0,-0x18($key_)
+	movaps	%xmm0,0x00(%rsp)
+	movaps	%xmm0,0x10(%rsp)
+	movaps	%xmm0,0x20(%rsp)
+	movaps	%xmm0,0x30(%rsp)
+	movaps	%xmm0,0x40(%rsp)
+	movaps	%xmm0,0x50(%rsp)
+	movaps	%xmm0,0x60(%rsp)
+	movaps	%xmm0,0x70(%rsp)
+___
+$code.=<<___;
+	mov	-8($key_),%rbp
+.cfi_restore	%rbp
+	lea	($key_),%rsp
+.cfi_def_cfa_register	%rsp
+.Lctr32_epilogue:
+	ret
+.cfi_endproc
+.size	aesni_ctr32_encrypt_blocks,.-aesni_ctr32_encrypt_blocks
+___
+}
+
+######################################################################
+# void aesni_xts_[en|de]crypt(const char *inp,char *out,size_t len,
+#	const AES_KEY *key1, const AES_KEY *key2
+#	const unsigned char iv[16]);
+#
+{
+my @tweak=map("%xmm$_",(10..15));
+my ($twmask,$twres,$twtmp)=("%xmm8","%xmm9",@tweak[4]);
+my ($key2,$ivp,$len_)=("%r8","%r9","%r9");
+my $frame_size = 0x70 + ($win64?160:0);
+my $key_ = "%rbp";	# override so that we can use %r11 as FP
+
+$code.=<<___;
+.globl	aesni_xts_encrypt
+.type	aesni_xts_encrypt,\@function,6
+.align	16
+aesni_xts_encrypt:
+.cfi_startproc
+	lea	(%rsp),%r11			# frame pointer
+.cfi_def_cfa_register	%r11
+	push	%rbp
+.cfi_push	%rbp
+	sub	\$$frame_size,%rsp
+	and	\$-16,%rsp	# Linux kernel stack can be incorrectly seeded
+___
+$code.=<<___ if ($win64);
+	movaps	%xmm6,-0xa8(%r11)		# offload everything
+	movaps	%xmm7,-0x98(%r11)
+	movaps	%xmm8,-0x88(%r11)
+	movaps	%xmm9,-0x78(%r11)
+	movaps	%xmm10,-0x68(%r11)
+	movaps	%xmm11,-0x58(%r11)
+	movaps	%xmm12,-0x48(%r11)
+	movaps	%xmm13,-0x38(%r11)
+	movaps	%xmm14,-0x28(%r11)
+	movaps	%xmm15,-0x18(%r11)
+.Lxts_enc_body:
+___
+$code.=<<___;
+	movups	($ivp),$inout0			# load clear-text tweak
+	mov	240(%r8),$rounds		# key2->rounds
+	mov	240($key),$rnds_		# key1->rounds
+___
+	# generate the tweak
+	&aesni_generate1("enc",$key2,$rounds,$inout0);
+$code.=<<___;
+	$movkey	($key),$rndkey0			# zero round key
+	mov	$key,$key_			# backup $key
+	mov	$rnds_,$rounds			# backup $rounds
+	shl	\$4,$rnds_
+	mov	$len,$len_			# backup $len
+	and	\$-16,$len
+
+	$movkey	16($key,$rnds_),$rndkey1	# last round key
+
+	movdqa	.Lxts_magic(%rip),$twmask
+	movdqa	$inout0,@tweak[5]
+	pshufd	\$0x5f,$inout0,$twres
+	pxor	$rndkey0,$rndkey1
+___
+    # alternative tweak calculation algorithm is based on suggestions
+    # by Shay Gueron. psrad doesn't conflict with AES-NI instructions
+    # and should help in the future...
+    for ($i=0;$i<4;$i++) {
+    $code.=<<___;
+	movdqa	$twres,$twtmp
+	paddd	$twres,$twres
+	movdqa	@tweak[5],@tweak[$i]
+	psrad	\$31,$twtmp			# broadcast upper bits
+	paddq	@tweak[5],@tweak[5]
+	pand	$twmask,$twtmp
+	pxor	$rndkey0,@tweak[$i]
+	pxor	$twtmp,@tweak[5]
+___
+    }
+$code.=<<___;
+	movdqa	@tweak[5],@tweak[4]
+	psrad	\$31,$twres
+	paddq	@tweak[5],@tweak[5]
+	pand	$twmask,$twres
+	pxor	$rndkey0,@tweak[4]
+	pxor	$twres,@tweak[5]
+	movaps	$rndkey1,0x60(%rsp)		# save round[0]^round[last]
+
+	sub	\$16*6,$len
+	jc	.Lxts_enc_short			# if $len-=6*16 borrowed
+
+	mov	\$16+96,$rounds
+	lea	32($key_,$rnds_),$key		# end of key schedule
+	sub	%r10,%rax			# twisted $rounds
+	$movkey	16($key_),$rndkey1
+	mov	%rax,%r10			# backup twisted $rounds
+	lea	.Lxts_magic(%rip),%r8
+	jmp	.Lxts_enc_grandloop
+
+.align	32
+.Lxts_enc_grandloop:
+	movdqu	`16*0`($inp),$inout0		# load input
+	movdqa	$rndkey0,$twmask
+	movdqu	`16*1`($inp),$inout1
+	pxor	@tweak[0],$inout0		# input^=tweak^round[0]
+	movdqu	`16*2`($inp),$inout2
+	pxor	@tweak[1],$inout1
+	 aesenc		$rndkey1,$inout0
+	movdqu	`16*3`($inp),$inout3
+	pxor	@tweak[2],$inout2
+	 aesenc		$rndkey1,$inout1
+	movdqu	`16*4`($inp),$inout4
+	pxor	@tweak[3],$inout3
+	 aesenc		$rndkey1,$inout2
+	movdqu	`16*5`($inp),$inout5
+	pxor	@tweak[5],$twmask		# round[0]^=tweak[5]
+	 movdqa	0x60(%rsp),$twres		# load round[0]^round[last]
+	pxor	@tweak[4],$inout4
+	 aesenc		$rndkey1,$inout3
+	$movkey	32($key_),$rndkey0
+	lea	`16*6`($inp),$inp
+	pxor	$twmask,$inout5
+
+	 pxor	$twres,@tweak[0]		# calculate tweaks^round[last]
+	aesenc		$rndkey1,$inout4
+	 pxor	$twres,@tweak[1]
+	 movdqa	@tweak[0],`16*0`(%rsp)		# put aside tweaks^round[last]
+	aesenc		$rndkey1,$inout5
+	$movkey		48($key_),$rndkey1
+	 pxor	$twres,@tweak[2]
+
+	aesenc		$rndkey0,$inout0
+	 pxor	$twres,@tweak[3]
+	 movdqa	@tweak[1],`16*1`(%rsp)
+	aesenc		$rndkey0,$inout1
+	 pxor	$twres,@tweak[4]
+	 movdqa	@tweak[2],`16*2`(%rsp)
+	aesenc		$rndkey0,$inout2
+	aesenc		$rndkey0,$inout3
+	 pxor	$twres,$twmask
+	 movdqa	@tweak[4],`16*4`(%rsp)
+	aesenc		$rndkey0,$inout4
+	aesenc		$rndkey0,$inout5
+	$movkey		64($key_),$rndkey0
+	 movdqa	$twmask,`16*5`(%rsp)
+	pshufd	\$0x5f,@tweak[5],$twres
+	jmp	.Lxts_enc_loop6
+.align	32
+.Lxts_enc_loop6:
+	aesenc		$rndkey1,$inout0
+	aesenc		$rndkey1,$inout1
+	aesenc		$rndkey1,$inout2
+	aesenc		$rndkey1,$inout3
+	aesenc		$rndkey1,$inout4
+	aesenc		$rndkey1,$inout5
+	$movkey		-64($key,%rax),$rndkey1
+	add		\$32,%rax
+
+	aesenc		$rndkey0,$inout0
+	aesenc		$rndkey0,$inout1
+	aesenc		$rndkey0,$inout2
+	aesenc		$rndkey0,$inout3
+	aesenc		$rndkey0,$inout4
+	aesenc		$rndkey0,$inout5
+	$movkey		-80($key,%rax),$rndkey0
+	jnz		.Lxts_enc_loop6
+
+	movdqa	(%r8),$twmask			# start calculating next tweak
+	movdqa	$twres,$twtmp
+	paddd	$twres,$twres
+	 aesenc		$rndkey1,$inout0
+	paddq	@tweak[5],@tweak[5]
+	psrad	\$31,$twtmp
+	 aesenc		$rndkey1,$inout1
+	pand	$twmask,$twtmp
+	$movkey	($key_),@tweak[0]		# load round[0]
+	 aesenc		$rndkey1,$inout2
+	 aesenc		$rndkey1,$inout3
+	 aesenc		$rndkey1,$inout4
+	pxor	$twtmp,@tweak[5]
+	movaps	@tweak[0],@tweak[1]		# copy round[0]
+	 aesenc		$rndkey1,$inout5
+	 $movkey	-64($key),$rndkey1
+
+	movdqa	$twres,$twtmp
+	 aesenc		$rndkey0,$inout0
+	paddd	$twres,$twres
+	pxor	@tweak[5],@tweak[0]
+	 aesenc		$rndkey0,$inout1
+	psrad	\$31,$twtmp
+	paddq	@tweak[5],@tweak[5]
+	 aesenc		$rndkey0,$inout2
+	 aesenc		$rndkey0,$inout3
+	pand	$twmask,$twtmp
+	movaps	@tweak[1],@tweak[2]
+	 aesenc		$rndkey0,$inout4
+	pxor	$twtmp,@tweak[5]
+	movdqa	$twres,$twtmp
+	 aesenc		$rndkey0,$inout5
+	 $movkey	-48($key),$rndkey0
+
+	paddd	$twres,$twres
+	 aesenc		$rndkey1,$inout0
+	pxor	@tweak[5],@tweak[1]
+	psrad	\$31,$twtmp
+	 aesenc		$rndkey1,$inout1
+	paddq	@tweak[5],@tweak[5]
+	pand	$twmask,$twtmp
+	 aesenc		$rndkey1,$inout2
+	 aesenc		$rndkey1,$inout3
+	 movdqa	@tweak[3],`16*3`(%rsp)
+	pxor	$twtmp,@tweak[5]
+	 aesenc		$rndkey1,$inout4
+	movaps	@tweak[2],@tweak[3]
+	movdqa	$twres,$twtmp
+	 aesenc		$rndkey1,$inout5
+	 $movkey	-32($key),$rndkey1
+
+	paddd	$twres,$twres
+	 aesenc		$rndkey0,$inout0
+	pxor	@tweak[5],@tweak[2]
+	psrad	\$31,$twtmp
+	 aesenc		$rndkey0,$inout1
+	paddq	@tweak[5],@tweak[5]
+	pand	$twmask,$twtmp
+	 aesenc		$rndkey0,$inout2
+	 aesenc		$rndkey0,$inout3
+	 aesenc		$rndkey0,$inout4
+	pxor	$twtmp,@tweak[5]
+	movaps	@tweak[3],@tweak[4]
+	 aesenc		$rndkey0,$inout5
+
+	movdqa	$twres,$rndkey0
+	paddd	$twres,$twres
+	 aesenc		$rndkey1,$inout0
+	pxor	@tweak[5],@tweak[3]
+	psrad	\$31,$rndkey0
+	 aesenc		$rndkey1,$inout1
+	paddq	@tweak[5],@tweak[5]
+	pand	$twmask,$rndkey0
+	 aesenc		$rndkey1,$inout2
+	 aesenc		$rndkey1,$inout3
+	pxor	$rndkey0,@tweak[5]
+	$movkey		($key_),$rndkey0
+	 aesenc		$rndkey1,$inout4
+	 aesenc		$rndkey1,$inout5
+	$movkey		16($key_),$rndkey1
+
+	pxor	@tweak[5],@tweak[4]
+	 aesenclast	`16*0`(%rsp),$inout0
+	psrad	\$31,$twres
+	paddq	@tweak[5],@tweak[5]
+	 aesenclast	`16*1`(%rsp),$inout1
+	 aesenclast	`16*2`(%rsp),$inout2
+	pand	$twmask,$twres
+	mov	%r10,%rax			# restore $rounds
+	 aesenclast	`16*3`(%rsp),$inout3
+	 aesenclast	`16*4`(%rsp),$inout4
+	 aesenclast	`16*5`(%rsp),$inout5
+	pxor	$twres,@tweak[5]
+
+	lea	`16*6`($out),$out		# $out+=6*16
+	movups	$inout0,`-16*6`($out)		# store 6 output blocks
+	movups	$inout1,`-16*5`($out)
+	movups	$inout2,`-16*4`($out)
+	movups	$inout3,`-16*3`($out)
+	movups	$inout4,`-16*2`($out)
+	movups	$inout5,`-16*1`($out)
+	sub	\$16*6,$len
+	jnc	.Lxts_enc_grandloop		# loop if $len-=6*16 didn't borrow
+
+	mov	\$16+96,$rounds
+	sub	$rnds_,$rounds
+	mov	$key_,$key			# restore $key
+	shr	\$4,$rounds			# restore original value
+
+.Lxts_enc_short:
+	# at the point @tweak[0..5] are populated with tweak values
+	mov	$rounds,$rnds_			# backup $rounds
+	pxor	$rndkey0,@tweak[0]
+	add	\$16*6,$len			# restore real remaining $len
+	jz	.Lxts_enc_done			# done if ($len==0)
+
+	pxor	$rndkey0,@tweak[1]
+	cmp	\$0x20,$len
+	jb	.Lxts_enc_one			# $len is 1*16
+	pxor	$rndkey0,@tweak[2]
+	je	.Lxts_enc_two			# $len is 2*16
+
+	pxor	$rndkey0,@tweak[3]
+	cmp	\$0x40,$len
+	jb	.Lxts_enc_three			# $len is 3*16
+	pxor	$rndkey0,@tweak[4]
+	je	.Lxts_enc_four			# $len is 4*16
+
+	movdqu	($inp),$inout0			# $len is 5*16
+	movdqu	16*1($inp),$inout1
+	movdqu	16*2($inp),$inout2
+	pxor	@tweak[0],$inout0
+	movdqu	16*3($inp),$inout3
+	pxor	@tweak[1],$inout1
+	movdqu	16*4($inp),$inout4
+	lea	16*5($inp),$inp			# $inp+=5*16
+	pxor	@tweak[2],$inout2
+	pxor	@tweak[3],$inout3
+	pxor	@tweak[4],$inout4
+	pxor	$inout5,$inout5
+
+	call	_aesni_encrypt6
+
+	xorps	@tweak[0],$inout0
+	movdqa	@tweak[5],@tweak[0]
+	xorps	@tweak[1],$inout1
+	xorps	@tweak[2],$inout2
+	movdqu	$inout0,($out)			# store 5 output blocks
+	xorps	@tweak[3],$inout3
+	movdqu	$inout1,16*1($out)
+	xorps	@tweak[4],$inout4
+	movdqu	$inout2,16*2($out)
+	movdqu	$inout3,16*3($out)
+	movdqu	$inout4,16*4($out)
+	lea	16*5($out),$out			# $out+=5*16
+	jmp	.Lxts_enc_done
+
+.align	16
+.Lxts_enc_one:
+	movups	($inp),$inout0
+	lea	16*1($inp),$inp			# inp+=1*16
+	xorps	@tweak[0],$inout0
+___
+	&aesni_generate1("enc",$key,$rounds);
+$code.=<<___;
+	xorps	@tweak[0],$inout0
+	movdqa	@tweak[1],@tweak[0]
+	movups	$inout0,($out)			# store one output block
+	lea	16*1($out),$out			# $out+=1*16
+	jmp	.Lxts_enc_done
+
+.align	16
+.Lxts_enc_two:
+	movups	($inp),$inout0
+	movups	16($inp),$inout1
+	lea	32($inp),$inp			# $inp+=2*16
+	xorps	@tweak[0],$inout0
+	xorps	@tweak[1],$inout1
+
+	call	_aesni_encrypt2
+
+	xorps	@tweak[0],$inout0
+	movdqa	@tweak[2],@tweak[0]
+	xorps	@tweak[1],$inout1
+	movups	$inout0,($out)			# store 2 output blocks
+	movups	$inout1,16*1($out)
+	lea	16*2($out),$out			# $out+=2*16
+	jmp	.Lxts_enc_done
+
+.align	16
+.Lxts_enc_three:
+	movups	($inp),$inout0
+	movups	16*1($inp),$inout1
+	movups	16*2($inp),$inout2
+	lea	16*3($inp),$inp			# $inp+=3*16
+	xorps	@tweak[0],$inout0
+	xorps	@tweak[1],$inout1
+	xorps	@tweak[2],$inout2
+
+	call	_aesni_encrypt3
+
+	xorps	@tweak[0],$inout0
+	movdqa	@tweak[3],@tweak[0]
+	xorps	@tweak[1],$inout1
+	xorps	@tweak[2],$inout2
+	movups	$inout0,($out)			# store 3 output blocks
+	movups	$inout1,16*1($out)
+	movups	$inout2,16*2($out)
+	lea	16*3($out),$out			# $out+=3*16
+	jmp	.Lxts_enc_done
+
+.align	16
+.Lxts_enc_four:
+	movups	($inp),$inout0
+	movups	16*1($inp),$inout1
+	movups	16*2($inp),$inout2
+	xorps	@tweak[0],$inout0
+	movups	16*3($inp),$inout3
+	lea	16*4($inp),$inp			# $inp+=4*16
+	xorps	@tweak[1],$inout1
+	xorps	@tweak[2],$inout2
+	xorps	@tweak[3],$inout3
+
+	call	_aesni_encrypt4
+
+	pxor	@tweak[0],$inout0
+	movdqa	@tweak[4],@tweak[0]
+	pxor	@tweak[1],$inout1
+	pxor	@tweak[2],$inout2
+	movdqu	$inout0,($out)			# store 4 output blocks
+	pxor	@tweak[3],$inout3
+	movdqu	$inout1,16*1($out)
+	movdqu	$inout2,16*2($out)
+	movdqu	$inout3,16*3($out)
+	lea	16*4($out),$out			# $out+=4*16
+	jmp	.Lxts_enc_done
+
+.align	16
+.Lxts_enc_done:
+	and	\$15,$len_			# see if $len%16 is 0
+	jz	.Lxts_enc_ret
+	mov	$len_,$len
+
+.Lxts_enc_steal:
+	movzb	($inp),%eax			# borrow $rounds ...
+	movzb	-16($out),%ecx			# ... and $key
+	lea	1($inp),$inp
+	mov	%al,-16($out)
+	mov	%cl,0($out)
+	lea	1($out),$out
+	sub	\$1,$len
+	jnz	.Lxts_enc_steal
+
+	sub	$len_,$out			# rewind $out
+	mov	$key_,$key			# restore $key
+	mov	$rnds_,$rounds			# restore $rounds
+
+	movups	-16($out),$inout0
+	xorps	@tweak[0],$inout0
+___
+	&aesni_generate1("enc",$key,$rounds);
+$code.=<<___;
+	xorps	@tweak[0],$inout0
+	movups	$inout0,-16($out)
+
+.Lxts_enc_ret:
+	xorps	%xmm0,%xmm0			# clear register bank
+	pxor	%xmm1,%xmm1
+	pxor	%xmm2,%xmm2
+	pxor	%xmm3,%xmm3
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+___
+$code.=<<___ if (!$win64);
+	pxor	%xmm6,%xmm6
+	pxor	%xmm7,%xmm7
+	movaps	%xmm0,0x00(%rsp)		# clear stack
+	pxor	%xmm8,%xmm8
+	movaps	%xmm0,0x10(%rsp)
+	pxor	%xmm9,%xmm9
+	movaps	%xmm0,0x20(%rsp)
+	pxor	%xmm10,%xmm10
+	movaps	%xmm0,0x30(%rsp)
+	pxor	%xmm11,%xmm11
+	movaps	%xmm0,0x40(%rsp)
+	pxor	%xmm12,%xmm12
+	movaps	%xmm0,0x50(%rsp)
+	pxor	%xmm13,%xmm13
+	movaps	%xmm0,0x60(%rsp)
+	pxor	%xmm14,%xmm14
+	pxor	%xmm15,%xmm15
+___
+$code.=<<___ if ($win64);
+	movaps	-0xa8(%r11),%xmm6
+	movaps	%xmm0,-0xa8(%r11)		# clear stack
+	movaps	-0x98(%r11),%xmm7
+	movaps	%xmm0,-0x98(%r11)
+	movaps	-0x88(%r11),%xmm8
+	movaps	%xmm0,-0x88(%r11)
+	movaps	-0x78(%r11),%xmm9
+	movaps	%xmm0,-0x78(%r11)
+	movaps	-0x68(%r11),%xmm10
+	movaps	%xmm0,-0x68(%r11)
+	movaps	-0x58(%r11),%xmm11
+	movaps	%xmm0,-0x58(%r11)
+	movaps	-0x48(%r11),%xmm12
+	movaps	%xmm0,-0x48(%r11)
+	movaps	-0x38(%r11),%xmm13
+	movaps	%xmm0,-0x38(%r11)
+	movaps	-0x28(%r11),%xmm14
+	movaps	%xmm0,-0x28(%r11)
+	movaps	-0x18(%r11),%xmm15
+	movaps	%xmm0,-0x18(%r11)
+	movaps	%xmm0,0x00(%rsp)
+	movaps	%xmm0,0x10(%rsp)
+	movaps	%xmm0,0x20(%rsp)
+	movaps	%xmm0,0x30(%rsp)
+	movaps	%xmm0,0x40(%rsp)
+	movaps	%xmm0,0x50(%rsp)
+	movaps	%xmm0,0x60(%rsp)
+___
+$code.=<<___;
+	mov	-8(%r11),%rbp
+.cfi_restore	%rbp
+	lea	(%r11),%rsp
+.cfi_def_cfa_register	%rsp
+.Lxts_enc_epilogue:
+	ret
+.cfi_endproc
+.size	aesni_xts_encrypt,.-aesni_xts_encrypt
+___
+
+$code.=<<___;
+.globl	aesni_xts_decrypt
+.type	aesni_xts_decrypt,\@function,6
+.align	16
+aesni_xts_decrypt:
+.cfi_startproc
+	lea	(%rsp),%r11			# frame pointer
+.cfi_def_cfa_register	%r11
+	push	%rbp
+.cfi_push	%rbp
+	sub	\$$frame_size,%rsp
+	and	\$-16,%rsp	# Linux kernel stack can be incorrectly seeded
+___
+$code.=<<___ if ($win64);
+	movaps	%xmm6,-0xa8(%r11)		# offload everything
+	movaps	%xmm7,-0x98(%r11)
+	movaps	%xmm8,-0x88(%r11)
+	movaps	%xmm9,-0x78(%r11)
+	movaps	%xmm10,-0x68(%r11)
+	movaps	%xmm11,-0x58(%r11)
+	movaps	%xmm12,-0x48(%r11)
+	movaps	%xmm13,-0x38(%r11)
+	movaps	%xmm14,-0x28(%r11)
+	movaps	%xmm15,-0x18(%r11)
+.Lxts_dec_body:
+___
+$code.=<<___;
+	movups	($ivp),$inout0			# load clear-text tweak
+	mov	240($key2),$rounds		# key2->rounds
+	mov	240($key),$rnds_		# key1->rounds
+___
+	# generate the tweak
+	&aesni_generate1("enc",$key2,$rounds,$inout0);
+$code.=<<___;
+	xor	%eax,%eax			# if ($len%16) len-=16;
+	test	\$15,$len
+	setnz	%al
+	shl	\$4,%rax
+	sub	%rax,$len
+
+	$movkey	($key),$rndkey0			# zero round key
+	mov	$key,$key_			# backup $key
+	mov	$rnds_,$rounds			# backup $rounds
+	shl	\$4,$rnds_
+	mov	$len,$len_			# backup $len
+	and	\$-16,$len
+
+	$movkey	16($key,$rnds_),$rndkey1	# last round key
+
+	movdqa	.Lxts_magic(%rip),$twmask
+	movdqa	$inout0,@tweak[5]
+	pshufd	\$0x5f,$inout0,$twres
+	pxor	$rndkey0,$rndkey1
+___
+    for ($i=0;$i<4;$i++) {
+    $code.=<<___;
+	movdqa	$twres,$twtmp
+	paddd	$twres,$twres
+	movdqa	@tweak[5],@tweak[$i]
+	psrad	\$31,$twtmp			# broadcast upper bits
+	paddq	@tweak[5],@tweak[5]
+	pand	$twmask,$twtmp
+	pxor	$rndkey0,@tweak[$i]
+	pxor	$twtmp,@tweak[5]
+___
+    }
+$code.=<<___;
+	movdqa	@tweak[5],@tweak[4]
+	psrad	\$31,$twres
+	paddq	@tweak[5],@tweak[5]
+	pand	$twmask,$twres
+	pxor	$rndkey0,@tweak[4]
+	pxor	$twres,@tweak[5]
+	movaps	$rndkey1,0x60(%rsp)		# save round[0]^round[last]
+
+	sub	\$16*6,$len
+	jc	.Lxts_dec_short			# if $len-=6*16 borrowed
+
+	mov	\$16+96,$rounds
+	lea	32($key_,$rnds_),$key		# end of key schedule
+	sub	%r10,%rax			# twisted $rounds
+	$movkey	16($key_),$rndkey1
+	mov	%rax,%r10			# backup twisted $rounds
+	lea	.Lxts_magic(%rip),%r8
+	jmp	.Lxts_dec_grandloop
+
+.align	32
+.Lxts_dec_grandloop:
+	movdqu	`16*0`($inp),$inout0		# load input
+	movdqa	$rndkey0,$twmask
+	movdqu	`16*1`($inp),$inout1
+	pxor	@tweak[0],$inout0		# intput^=tweak^round[0]
+	movdqu	`16*2`($inp),$inout2
+	pxor	@tweak[1],$inout1
+	 aesdec		$rndkey1,$inout0
+	movdqu	`16*3`($inp),$inout3
+	pxor	@tweak[2],$inout2
+	 aesdec		$rndkey1,$inout1
+	movdqu	`16*4`($inp),$inout4
+	pxor	@tweak[3],$inout3
+	 aesdec		$rndkey1,$inout2
+	movdqu	`16*5`($inp),$inout5
+	pxor	@tweak[5],$twmask		# round[0]^=tweak[5]
+	 movdqa	0x60(%rsp),$twres		# load round[0]^round[last]
+	pxor	@tweak[4],$inout4
+	 aesdec		$rndkey1,$inout3
+	$movkey	32($key_),$rndkey0
+	lea	`16*6`($inp),$inp
+	pxor	$twmask,$inout5
+
+	 pxor	$twres,@tweak[0]		# calculate tweaks^round[last]
+	aesdec		$rndkey1,$inout4
+	 pxor	$twres,@tweak[1]
+	 movdqa	@tweak[0],`16*0`(%rsp)		# put aside tweaks^last round key
+	aesdec		$rndkey1,$inout5
+	$movkey		48($key_),$rndkey1
+	 pxor	$twres,@tweak[2]
+
+	aesdec		$rndkey0,$inout0
+	 pxor	$twres,@tweak[3]
+	 movdqa	@tweak[1],`16*1`(%rsp)
+	aesdec		$rndkey0,$inout1
+	 pxor	$twres,@tweak[4]
+	 movdqa	@tweak[2],`16*2`(%rsp)
+	aesdec		$rndkey0,$inout2
+	aesdec		$rndkey0,$inout3
+	 pxor	$twres,$twmask
+	 movdqa	@tweak[4],`16*4`(%rsp)
+	aesdec		$rndkey0,$inout4
+	aesdec		$rndkey0,$inout5
+	$movkey		64($key_),$rndkey0
+	 movdqa	$twmask,`16*5`(%rsp)
+	pshufd	\$0x5f,@tweak[5],$twres
+	jmp	.Lxts_dec_loop6
+.align	32
+.Lxts_dec_loop6:
+	aesdec		$rndkey1,$inout0
+	aesdec		$rndkey1,$inout1
+	aesdec		$rndkey1,$inout2
+	aesdec		$rndkey1,$inout3
+	aesdec		$rndkey1,$inout4
+	aesdec		$rndkey1,$inout5
+	$movkey		-64($key,%rax),$rndkey1
+	add		\$32,%rax
+
+	aesdec		$rndkey0,$inout0
+	aesdec		$rndkey0,$inout1
+	aesdec		$rndkey0,$inout2
+	aesdec		$rndkey0,$inout3
+	aesdec		$rndkey0,$inout4
+	aesdec		$rndkey0,$inout5
+	$movkey		-80($key,%rax),$rndkey0
+	jnz		.Lxts_dec_loop6
+
+	movdqa	(%r8),$twmask			# start calculating next tweak
+	movdqa	$twres,$twtmp
+	paddd	$twres,$twres
+	 aesdec		$rndkey1,$inout0
+	paddq	@tweak[5],@tweak[5]
+	psrad	\$31,$twtmp
+	 aesdec		$rndkey1,$inout1
+	pand	$twmask,$twtmp
+	$movkey	($key_),@tweak[0]		# load round[0]
+	 aesdec		$rndkey1,$inout2
+	 aesdec		$rndkey1,$inout3
+	 aesdec		$rndkey1,$inout4
+	pxor	$twtmp,@tweak[5]
+	movaps	@tweak[0],@tweak[1]		# copy round[0]
+	 aesdec		$rndkey1,$inout5
+	 $movkey	-64($key),$rndkey1
+
+	movdqa	$twres,$twtmp
+	 aesdec		$rndkey0,$inout0
+	paddd	$twres,$twres
+	pxor	@tweak[5],@tweak[0]
+	 aesdec		$rndkey0,$inout1
+	psrad	\$31,$twtmp
+	paddq	@tweak[5],@tweak[5]
+	 aesdec		$rndkey0,$inout2
+	 aesdec		$rndkey0,$inout3
+	pand	$twmask,$twtmp
+	movaps	@tweak[1],@tweak[2]
+	 aesdec		$rndkey0,$inout4
+	pxor	$twtmp,@tweak[5]
+	movdqa	$twres,$twtmp
+	 aesdec		$rndkey0,$inout5
+	 $movkey	-48($key),$rndkey0
+
+	paddd	$twres,$twres
+	 aesdec		$rndkey1,$inout0
+	pxor	@tweak[5],@tweak[1]
+	psrad	\$31,$twtmp
+	 aesdec		$rndkey1,$inout1
+	paddq	@tweak[5],@tweak[5]
+	pand	$twmask,$twtmp
+	 aesdec		$rndkey1,$inout2
+	 aesdec		$rndkey1,$inout3
+	 movdqa	@tweak[3],`16*3`(%rsp)
+	pxor	$twtmp,@tweak[5]
+	 aesdec		$rndkey1,$inout4
+	movaps	@tweak[2],@tweak[3]
+	movdqa	$twres,$twtmp
+	 aesdec		$rndkey1,$inout5
+	 $movkey	-32($key),$rndkey1
+
+	paddd	$twres,$twres
+	 aesdec		$rndkey0,$inout0
+	pxor	@tweak[5],@tweak[2]
+	psrad	\$31,$twtmp
+	 aesdec		$rndkey0,$inout1
+	paddq	@tweak[5],@tweak[5]
+	pand	$twmask,$twtmp
+	 aesdec		$rndkey0,$inout2
+	 aesdec		$rndkey0,$inout3
+	 aesdec		$rndkey0,$inout4
+	pxor	$twtmp,@tweak[5]
+	movaps	@tweak[3],@tweak[4]
+	 aesdec		$rndkey0,$inout5
+
+	movdqa	$twres,$rndkey0
+	paddd	$twres,$twres
+	 aesdec		$rndkey1,$inout0
+	pxor	@tweak[5],@tweak[3]
+	psrad	\$31,$rndkey0
+	 aesdec		$rndkey1,$inout1
+	paddq	@tweak[5],@tweak[5]
+	pand	$twmask,$rndkey0
+	 aesdec		$rndkey1,$inout2
+	 aesdec		$rndkey1,$inout3
+	pxor	$rndkey0,@tweak[5]
+	$movkey		($key_),$rndkey0
+	 aesdec		$rndkey1,$inout4
+	 aesdec		$rndkey1,$inout5
+	$movkey		16($key_),$rndkey1
+
+	pxor	@tweak[5],@tweak[4]
+	 aesdeclast	`16*0`(%rsp),$inout0
+	psrad	\$31,$twres
+	paddq	@tweak[5],@tweak[5]
+	 aesdeclast	`16*1`(%rsp),$inout1
+	 aesdeclast	`16*2`(%rsp),$inout2
+	pand	$twmask,$twres
+	mov	%r10,%rax			# restore $rounds
+	 aesdeclast	`16*3`(%rsp),$inout3
+	 aesdeclast	`16*4`(%rsp),$inout4
+	 aesdeclast	`16*5`(%rsp),$inout5
+	pxor	$twres,@tweak[5]
+
+	lea	`16*6`($out),$out		# $out+=6*16
+	movups	$inout0,`-16*6`($out)		# store 6 output blocks
+	movups	$inout1,`-16*5`($out)
+	movups	$inout2,`-16*4`($out)
+	movups	$inout3,`-16*3`($out)
+	movups	$inout4,`-16*2`($out)
+	movups	$inout5,`-16*1`($out)
+	sub	\$16*6,$len
+	jnc	.Lxts_dec_grandloop		# loop if $len-=6*16 didn't borrow
+
+	mov	\$16+96,$rounds
+	sub	$rnds_,$rounds
+	mov	$key_,$key			# restore $key
+	shr	\$4,$rounds			# restore original value
+
+.Lxts_dec_short:
+	# at the point @tweak[0..5] are populated with tweak values
+	mov	$rounds,$rnds_			# backup $rounds
+	pxor	$rndkey0,@tweak[0]
+	pxor	$rndkey0,@tweak[1]
+	add	\$16*6,$len			# restore real remaining $len
+	jz	.Lxts_dec_done			# done if ($len==0)
+
+	pxor	$rndkey0,@tweak[2]
+	cmp	\$0x20,$len
+	jb	.Lxts_dec_one			# $len is 1*16
+	pxor	$rndkey0,@tweak[3]
+	je	.Lxts_dec_two			# $len is 2*16
+
+	pxor	$rndkey0,@tweak[4]
+	cmp	\$0x40,$len
+	jb	.Lxts_dec_three			# $len is 3*16
+	je	.Lxts_dec_four			# $len is 4*16
+
+	movdqu	($inp),$inout0			# $len is 5*16
+	movdqu	16*1($inp),$inout1
+	movdqu	16*2($inp),$inout2
+	pxor	@tweak[0],$inout0
+	movdqu	16*3($inp),$inout3
+	pxor	@tweak[1],$inout1
+	movdqu	16*4($inp),$inout4
+	lea	16*5($inp),$inp			# $inp+=5*16
+	pxor	@tweak[2],$inout2
+	pxor	@tweak[3],$inout3
+	pxor	@tweak[4],$inout4
+
+	call	_aesni_decrypt6
+
+	xorps	@tweak[0],$inout0
+	xorps	@tweak[1],$inout1
+	xorps	@tweak[2],$inout2
+	movdqu	$inout0,($out)			# store 5 output blocks
+	xorps	@tweak[3],$inout3
+	movdqu	$inout1,16*1($out)
+	xorps	@tweak[4],$inout4
+	movdqu	$inout2,16*2($out)
+	 pxor		$twtmp,$twtmp
+	movdqu	$inout3,16*3($out)
+	 pcmpgtd	@tweak[5],$twtmp
+	movdqu	$inout4,16*4($out)
+	lea	16*5($out),$out			# $out+=5*16
+	 pshufd		\$0x13,$twtmp,@tweak[1]	# $twres
+	and	\$15,$len_
+	jz	.Lxts_dec_ret
+
+	movdqa	@tweak[5],@tweak[0]
+	paddq	@tweak[5],@tweak[5]		# psllq 1,$tweak
+	pand	$twmask,@tweak[1]		# isolate carry and residue
+	pxor	@tweak[5],@tweak[1]
+	jmp	.Lxts_dec_done2
+
+.align	16
+.Lxts_dec_one:
+	movups	($inp),$inout0
+	lea	16*1($inp),$inp			# $inp+=1*16
+	xorps	@tweak[0],$inout0
+___
+	&aesni_generate1("dec",$key,$rounds);
+$code.=<<___;
+	xorps	@tweak[0],$inout0
+	movdqa	@tweak[1],@tweak[0]
+	movups	$inout0,($out)			# store one output block
+	movdqa	@tweak[2],@tweak[1]
+	lea	16*1($out),$out			# $out+=1*16
+	jmp	.Lxts_dec_done
+
+.align	16
+.Lxts_dec_two:
+	movups	($inp),$inout0
+	movups	16($inp),$inout1
+	lea	32($inp),$inp			# $inp+=2*16
+	xorps	@tweak[0],$inout0
+	xorps	@tweak[1],$inout1
+
+	call	_aesni_decrypt2
+
+	xorps	@tweak[0],$inout0
+	movdqa	@tweak[2],@tweak[0]
+	xorps	@tweak[1],$inout1
+	movdqa	@tweak[3],@tweak[1]
+	movups	$inout0,($out)			# store 2 output blocks
+	movups	$inout1,16*1($out)
+	lea	16*2($out),$out			# $out+=2*16
+	jmp	.Lxts_dec_done
+
+.align	16
+.Lxts_dec_three:
+	movups	($inp),$inout0
+	movups	16*1($inp),$inout1
+	movups	16*2($inp),$inout2
+	lea	16*3($inp),$inp			# $inp+=3*16
+	xorps	@tweak[0],$inout0
+	xorps	@tweak[1],$inout1
+	xorps	@tweak[2],$inout2
+
+	call	_aesni_decrypt3
+
+	xorps	@tweak[0],$inout0
+	movdqa	@tweak[3],@tweak[0]
+	xorps	@tweak[1],$inout1
+	movdqa	@tweak[4],@tweak[1]
+	xorps	@tweak[2],$inout2
+	movups	$inout0,($out)			# store 3 output blocks
+	movups	$inout1,16*1($out)
+	movups	$inout2,16*2($out)
+	lea	16*3($out),$out			# $out+=3*16
+	jmp	.Lxts_dec_done
+
+.align	16
+.Lxts_dec_four:
+	movups	($inp),$inout0
+	movups	16*1($inp),$inout1
+	movups	16*2($inp),$inout2
+	xorps	@tweak[0],$inout0
+	movups	16*3($inp),$inout3
+	lea	16*4($inp),$inp			# $inp+=4*16
+	xorps	@tweak[1],$inout1
+	xorps	@tweak[2],$inout2
+	xorps	@tweak[3],$inout3
+
+	call	_aesni_decrypt4
+
+	pxor	@tweak[0],$inout0
+	movdqa	@tweak[4],@tweak[0]
+	pxor	@tweak[1],$inout1
+	movdqa	@tweak[5],@tweak[1]
+	pxor	@tweak[2],$inout2
+	movdqu	$inout0,($out)			# store 4 output blocks
+	pxor	@tweak[3],$inout3
+	movdqu	$inout1,16*1($out)
+	movdqu	$inout2,16*2($out)
+	movdqu	$inout3,16*3($out)
+	lea	16*4($out),$out			# $out+=4*16
+	jmp	.Lxts_dec_done
+
+.align	16
+.Lxts_dec_done:
+	and	\$15,$len_			# see if $len%16 is 0
+	jz	.Lxts_dec_ret
+.Lxts_dec_done2:
+	mov	$len_,$len
+	mov	$key_,$key			# restore $key
+	mov	$rnds_,$rounds			# restore $rounds
+
+	movups	($inp),$inout0
+	xorps	@tweak[1],$inout0
+___
+	&aesni_generate1("dec",$key,$rounds);
+$code.=<<___;
+	xorps	@tweak[1],$inout0
+	movups	$inout0,($out)
+
+.Lxts_dec_steal:
+	movzb	16($inp),%eax			# borrow $rounds ...
+	movzb	($out),%ecx			# ... and $key
+	lea	1($inp),$inp
+	mov	%al,($out)
+	mov	%cl,16($out)
+	lea	1($out),$out
+	sub	\$1,$len
+	jnz	.Lxts_dec_steal
+
+	sub	$len_,$out			# rewind $out
+	mov	$key_,$key			# restore $key
+	mov	$rnds_,$rounds			# restore $rounds
+
+	movups	($out),$inout0
+	xorps	@tweak[0],$inout0
+___
+	&aesni_generate1("dec",$key,$rounds);
+$code.=<<___;
+	xorps	@tweak[0],$inout0
+	movups	$inout0,($out)
+
+.Lxts_dec_ret:
+	xorps	%xmm0,%xmm0			# clear register bank
+	pxor	%xmm1,%xmm1
+	pxor	%xmm2,%xmm2
+	pxor	%xmm3,%xmm3
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+___
+$code.=<<___ if (!$win64);
+	pxor	%xmm6,%xmm6
+	pxor	%xmm7,%xmm7
+	movaps	%xmm0,0x00(%rsp)		# clear stack
+	pxor	%xmm8,%xmm8
+	movaps	%xmm0,0x10(%rsp)
+	pxor	%xmm9,%xmm9
+	movaps	%xmm0,0x20(%rsp)
+	pxor	%xmm10,%xmm10
+	movaps	%xmm0,0x30(%rsp)
+	pxor	%xmm11,%xmm11
+	movaps	%xmm0,0x40(%rsp)
+	pxor	%xmm12,%xmm12
+	movaps	%xmm0,0x50(%rsp)
+	pxor	%xmm13,%xmm13
+	movaps	%xmm0,0x60(%rsp)
+	pxor	%xmm14,%xmm14
+	pxor	%xmm15,%xmm15
+___
+$code.=<<___ if ($win64);
+	movaps	-0xa8(%r11),%xmm6
+	movaps	%xmm0,-0xa8(%r11)		# clear stack
+	movaps	-0x98(%r11),%xmm7
+	movaps	%xmm0,-0x98(%r11)
+	movaps	-0x88(%r11),%xmm8
+	movaps	%xmm0,-0x88(%r11)
+	movaps	-0x78(%r11),%xmm9
+	movaps	%xmm0,-0x78(%r11)
+	movaps	-0x68(%r11),%xmm10
+	movaps	%xmm0,-0x68(%r11)
+	movaps	-0x58(%r11),%xmm11
+	movaps	%xmm0,-0x58(%r11)
+	movaps	-0x48(%r11),%xmm12
+	movaps	%xmm0,-0x48(%r11)
+	movaps	-0x38(%r11),%xmm13
+	movaps	%xmm0,-0x38(%r11)
+	movaps	-0x28(%r11),%xmm14
+	movaps	%xmm0,-0x28(%r11)
+	movaps	-0x18(%r11),%xmm15
+	movaps	%xmm0,-0x18(%r11)
+	movaps	%xmm0,0x00(%rsp)
+	movaps	%xmm0,0x10(%rsp)
+	movaps	%xmm0,0x20(%rsp)
+	movaps	%xmm0,0x30(%rsp)
+	movaps	%xmm0,0x40(%rsp)
+	movaps	%xmm0,0x50(%rsp)
+	movaps	%xmm0,0x60(%rsp)
+___
+$code.=<<___;
+	mov	-8(%r11),%rbp
+.cfi_restore	%rbp
+	lea	(%r11),%rsp
+.cfi_def_cfa_register	%rsp
+.Lxts_dec_epilogue:
+	ret
+.cfi_endproc
+.size	aesni_xts_decrypt,.-aesni_xts_decrypt
+___
+}
+
+######################################################################
+# void aesni_ocb_[en|de]crypt(const char *inp, char *out, size_t blocks,
+#	const AES_KEY *key, unsigned int start_block_num,
+#	unsigned char offset_i[16], const unsigned char L_[][16],
+#	unsigned char checksum[16]);
+#
+{
+my @offset=map("%xmm$_",(10..15));
+my ($checksum,$rndkey0l)=("%xmm8","%xmm9");
+my ($block_num,$offset_p)=("%r8","%r9");		# 5th and 6th arguments
+my ($L_p,$checksum_p) = ("%rbx","%rbp");
+my ($i1,$i3,$i5) = ("%r12","%r13","%r14");
+my $seventh_arg = $win64 ? 56 : 8;
+my $blocks = $len;
+
+$code.=<<___;
+.globl	aesni_ocb_encrypt
+.type	aesni_ocb_encrypt,\@function,6
+.align	32
+aesni_ocb_encrypt:
+.cfi_startproc
+	lea	(%rsp),%rax
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+___
+$code.=<<___ if ($win64);
+	lea	-0xa0(%rsp),%rsp
+	movaps	%xmm6,0x00(%rsp)		# offload everything
+	movaps	%xmm7,0x10(%rsp)
+	movaps	%xmm8,0x20(%rsp)
+	movaps	%xmm9,0x30(%rsp)
+	movaps	%xmm10,0x40(%rsp)
+	movaps	%xmm11,0x50(%rsp)
+	movaps	%xmm12,0x60(%rsp)
+	movaps	%xmm13,0x70(%rsp)
+	movaps	%xmm14,0x80(%rsp)
+	movaps	%xmm15,0x90(%rsp)
+.Locb_enc_body:
+___
+$code.=<<___;
+	mov	$seventh_arg(%rax),$L_p		# 7th argument
+	mov	$seventh_arg+8(%rax),$checksum_p# 8th argument
+
+	mov	240($key),$rnds_
+	mov	$key,$key_
+	shl	\$4,$rnds_
+	$movkey	($key),$rndkey0l		# round[0]
+	$movkey	16($key,$rnds_),$rndkey1	# round[last]
+
+	movdqu	($offset_p),@offset[5]		# load last offset_i
+	pxor	$rndkey1,$rndkey0l		# round[0] ^ round[last]
+	pxor	$rndkey1,@offset[5]		# offset_i ^ round[last]
+
+	mov	\$16+32,$rounds
+	lea	32($key_,$rnds_),$key
+	$movkey	16($key_),$rndkey1		# round[1]
+	sub	%r10,%rax			# twisted $rounds
+	mov	%rax,%r10			# backup twisted $rounds
+
+	movdqu	($L_p),@offset[0]		# L_0 for all odd-numbered blocks
+	movdqu	($checksum_p),$checksum		# load checksum
+
+	test	\$1,$block_num			# is first block number odd?
+	jnz	.Locb_enc_odd
+
+	bsf	$block_num,$i1
+	add	\$1,$block_num
+	shl	\$4,$i1
+	movdqu	($L_p,$i1),$inout5		# borrow
+	movdqu	($inp),$inout0
+	lea	16($inp),$inp
+
+	call	__ocb_encrypt1
+
+	movdqa	$inout5,@offset[5]
+	movups	$inout0,($out)
+	lea	16($out),$out
+	sub	\$1,$blocks
+	jz	.Locb_enc_done
+
+.Locb_enc_odd:
+	lea	1($block_num),$i1		# even-numbered blocks
+	lea	3($block_num),$i3
+	lea	5($block_num),$i5
+	lea	6($block_num),$block_num
+	bsf	$i1,$i1				# ntz(block)
+	bsf	$i3,$i3
+	bsf	$i5,$i5
+	shl	\$4,$i1				# ntz(block) -> table offset
+	shl	\$4,$i3
+	shl	\$4,$i5
+
+	sub	\$6,$blocks
+	jc	.Locb_enc_short
+	jmp	.Locb_enc_grandloop
+
+.align	32
+.Locb_enc_grandloop:
+	movdqu	`16*0`($inp),$inout0		# load input
+	movdqu	`16*1`($inp),$inout1
+	movdqu	`16*2`($inp),$inout2
+	movdqu	`16*3`($inp),$inout3
+	movdqu	`16*4`($inp),$inout4
+	movdqu	`16*5`($inp),$inout5
+	lea	`16*6`($inp),$inp
+
+	call	__ocb_encrypt6
+
+	movups	$inout0,`16*0`($out)		# store output
+	movups	$inout1,`16*1`($out)
+	movups	$inout2,`16*2`($out)
+	movups	$inout3,`16*3`($out)
+	movups	$inout4,`16*4`($out)
+	movups	$inout5,`16*5`($out)
+	lea	`16*6`($out),$out
+	sub	\$6,$blocks
+	jnc	.Locb_enc_grandloop
+
+.Locb_enc_short:
+	add	\$6,$blocks
+	jz	.Locb_enc_done
+
+	movdqu	`16*0`($inp),$inout0
+	cmp	\$2,$blocks
+	jb	.Locb_enc_one
+	movdqu	`16*1`($inp),$inout1
+	je	.Locb_enc_two
+
+	movdqu	`16*2`($inp),$inout2
+	cmp	\$4,$blocks
+	jb	.Locb_enc_three
+	movdqu	`16*3`($inp),$inout3
+	je	.Locb_enc_four
+
+	movdqu	`16*4`($inp),$inout4
+	pxor	$inout5,$inout5
+
+	call	__ocb_encrypt6
+
+	movdqa	@offset[4],@offset[5]
+	movups	$inout0,`16*0`($out)
+	movups	$inout1,`16*1`($out)
+	movups	$inout2,`16*2`($out)
+	movups	$inout3,`16*3`($out)
+	movups	$inout4,`16*4`($out)
+
+	jmp	.Locb_enc_done
+
+.align	16
+.Locb_enc_one:
+	movdqa	@offset[0],$inout5		# borrow
+
+	call	__ocb_encrypt1
+
+	movdqa	$inout5,@offset[5]
+	movups	$inout0,`16*0`($out)
+	jmp	.Locb_enc_done
+
+.align	16
+.Locb_enc_two:
+	pxor	$inout2,$inout2
+	pxor	$inout3,$inout3
+
+	call	__ocb_encrypt4
+
+	movdqa	@offset[1],@offset[5]
+	movups	$inout0,`16*0`($out)
+	movups	$inout1,`16*1`($out)
+
+	jmp	.Locb_enc_done
+
+.align	16
+.Locb_enc_three:
+	pxor	$inout3,$inout3
+
+	call	__ocb_encrypt4
+
+	movdqa	@offset[2],@offset[5]
+	movups	$inout0,`16*0`($out)
+	movups	$inout1,`16*1`($out)
+	movups	$inout2,`16*2`($out)
+
+	jmp	.Locb_enc_done
+
+.align	16
+.Locb_enc_four:
+	call	__ocb_encrypt4
+
+	movdqa	@offset[3],@offset[5]
+	movups	$inout0,`16*0`($out)
+	movups	$inout1,`16*1`($out)
+	movups	$inout2,`16*2`($out)
+	movups	$inout3,`16*3`($out)
+
+.Locb_enc_done:
+	pxor	$rndkey0,@offset[5]		# "remove" round[last]
+	movdqu	$checksum,($checksum_p)		# store checksum
+	movdqu	@offset[5],($offset_p)		# store last offset_i
+
+	xorps	%xmm0,%xmm0			# clear register bank
+	pxor	%xmm1,%xmm1
+	pxor	%xmm2,%xmm2
+	pxor	%xmm3,%xmm3
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+___
+$code.=<<___ if (!$win64);
+	pxor	%xmm6,%xmm6
+	pxor	%xmm7,%xmm7
+	pxor	%xmm8,%xmm8
+	pxor	%xmm9,%xmm9
+	pxor	%xmm10,%xmm10
+	pxor	%xmm11,%xmm11
+	pxor	%xmm12,%xmm12
+	pxor	%xmm13,%xmm13
+	pxor	%xmm14,%xmm14
+	pxor	%xmm15,%xmm15
+	lea	0x28(%rsp),%rax
+.cfi_def_cfa	%rax,8
+___
+$code.=<<___ if ($win64);
+	movaps	0x00(%rsp),%xmm6
+	movaps	%xmm0,0x00(%rsp)		# clear stack
+	movaps	0x10(%rsp),%xmm7
+	movaps	%xmm0,0x10(%rsp)
+	movaps	0x20(%rsp),%xmm8
+	movaps	%xmm0,0x20(%rsp)
+	movaps	0x30(%rsp),%xmm9
+	movaps	%xmm0,0x30(%rsp)
+	movaps	0x40(%rsp),%xmm10
+	movaps	%xmm0,0x40(%rsp)
+	movaps	0x50(%rsp),%xmm11
+	movaps	%xmm0,0x50(%rsp)
+	movaps	0x60(%rsp),%xmm12
+	movaps	%xmm0,0x60(%rsp)
+	movaps	0x70(%rsp),%xmm13
+	movaps	%xmm0,0x70(%rsp)
+	movaps	0x80(%rsp),%xmm14
+	movaps	%xmm0,0x80(%rsp)
+	movaps	0x90(%rsp),%xmm15
+	movaps	%xmm0,0x90(%rsp)
+	lea	0xa0+0x28(%rsp),%rax
+.Locb_enc_pop:
+___
+$code.=<<___;
+	mov	-40(%rax),%r14
+.cfi_restore	%r14
+	mov	-32(%rax),%r13
+.cfi_restore	%r13
+	mov	-24(%rax),%r12
+.cfi_restore	%r12
+	mov	-16(%rax),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rax),%rbx
+.cfi_restore	%rbx
+	lea	(%rax),%rsp
+.cfi_def_cfa_register	%rsp
+.Locb_enc_epilogue:
+	ret
+.cfi_endproc
+.size	aesni_ocb_encrypt,.-aesni_ocb_encrypt
+
+.type	__ocb_encrypt6,\@abi-omnipotent
+.align	32
+__ocb_encrypt6:
+	 pxor		$rndkey0l,@offset[5]	# offset_i ^ round[0]
+	 movdqu		($L_p,$i1),@offset[1]
+	 movdqa		@offset[0],@offset[2]
+	 movdqu		($L_p,$i3),@offset[3]
+	 movdqa		@offset[0],@offset[4]
+	 pxor		@offset[5],@offset[0]
+	 movdqu		($L_p,$i5),@offset[5]
+	 pxor		@offset[0],@offset[1]
+	pxor		$inout0,$checksum	# accumulate checksum
+	pxor		@offset[0],$inout0	# input ^ round[0] ^ offset_i
+	 pxor		@offset[1],@offset[2]
+	pxor		$inout1,$checksum
+	pxor		@offset[1],$inout1
+	 pxor		@offset[2],@offset[3]
+	pxor		$inout2,$checksum
+	pxor		@offset[2],$inout2
+	 pxor		@offset[3],@offset[4]
+	pxor		$inout3,$checksum
+	pxor		@offset[3],$inout3
+	 pxor		@offset[4],@offset[5]
+	pxor		$inout4,$checksum
+	pxor		@offset[4],$inout4
+	pxor		$inout5,$checksum
+	pxor		@offset[5],$inout5
+	$movkey		32($key_),$rndkey0
+
+	lea		1($block_num),$i1	# even-numbered blocks
+	lea		3($block_num),$i3
+	lea		5($block_num),$i5
+	add		\$6,$block_num
+	 pxor		$rndkey0l,@offset[0]	# offset_i ^ round[last]
+	bsf		$i1,$i1			# ntz(block)
+	bsf		$i3,$i3
+	bsf		$i5,$i5
+
+	aesenc		$rndkey1,$inout0
+	aesenc		$rndkey1,$inout1
+	aesenc		$rndkey1,$inout2
+	aesenc		$rndkey1,$inout3
+	 pxor		$rndkey0l,@offset[1]
+	 pxor		$rndkey0l,@offset[2]
+	aesenc		$rndkey1,$inout4
+	 pxor		$rndkey0l,@offset[3]
+	 pxor		$rndkey0l,@offset[4]
+	aesenc		$rndkey1,$inout5
+	$movkey		48($key_),$rndkey1
+	 pxor		$rndkey0l,@offset[5]
+
+	aesenc		$rndkey0,$inout0
+	aesenc		$rndkey0,$inout1
+	aesenc		$rndkey0,$inout2
+	aesenc		$rndkey0,$inout3
+	aesenc		$rndkey0,$inout4
+	aesenc		$rndkey0,$inout5
+	$movkey		64($key_),$rndkey0
+	shl		\$4,$i1			# ntz(block) -> table offset
+	shl		\$4,$i3
+	jmp		.Locb_enc_loop6
+
+.align	32
+.Locb_enc_loop6:
+	aesenc		$rndkey1,$inout0
+	aesenc		$rndkey1,$inout1
+	aesenc		$rndkey1,$inout2
+	aesenc		$rndkey1,$inout3
+	aesenc		$rndkey1,$inout4
+	aesenc		$rndkey1,$inout5
+	$movkey		($key,%rax),$rndkey1
+	add		\$32,%rax
+
+	aesenc		$rndkey0,$inout0
+	aesenc		$rndkey0,$inout1
+	aesenc		$rndkey0,$inout2
+	aesenc		$rndkey0,$inout3
+	aesenc		$rndkey0,$inout4
+	aesenc		$rndkey0,$inout5
+	$movkey		-16($key,%rax),$rndkey0
+	jnz		.Locb_enc_loop6
+
+	aesenc		$rndkey1,$inout0
+	aesenc		$rndkey1,$inout1
+	aesenc		$rndkey1,$inout2
+	aesenc		$rndkey1,$inout3
+	aesenc		$rndkey1,$inout4
+	aesenc		$rndkey1,$inout5
+	$movkey		16($key_),$rndkey1
+	shl		\$4,$i5
+
+	aesenclast	@offset[0],$inout0
+	movdqu		($L_p),@offset[0]	# L_0 for all odd-numbered blocks
+	mov		%r10,%rax		# restore twisted rounds
+	aesenclast	@offset[1],$inout1
+	aesenclast	@offset[2],$inout2
+	aesenclast	@offset[3],$inout3
+	aesenclast	@offset[4],$inout4
+	aesenclast	@offset[5],$inout5
+	ret
+.size	__ocb_encrypt6,.-__ocb_encrypt6
+
+.type	__ocb_encrypt4,\@abi-omnipotent
+.align	32
+__ocb_encrypt4:
+	 pxor		$rndkey0l,@offset[5]	# offset_i ^ round[0]
+	 movdqu		($L_p,$i1),@offset[1]
+	 movdqa		@offset[0],@offset[2]
+	 movdqu		($L_p,$i3),@offset[3]
+	 pxor		@offset[5],@offset[0]
+	 pxor		@offset[0],@offset[1]
+	pxor		$inout0,$checksum	# accumulate checksum
+	pxor		@offset[0],$inout0	# input ^ round[0] ^ offset_i
+	 pxor		@offset[1],@offset[2]
+	pxor		$inout1,$checksum
+	pxor		@offset[1],$inout1
+	 pxor		@offset[2],@offset[3]
+	pxor		$inout2,$checksum
+	pxor		@offset[2],$inout2
+	pxor		$inout3,$checksum
+	pxor		@offset[3],$inout3
+	$movkey		32($key_),$rndkey0
+
+	 pxor		$rndkey0l,@offset[0]	# offset_i ^ round[last]
+	 pxor		$rndkey0l,@offset[1]
+	 pxor		$rndkey0l,@offset[2]
+	 pxor		$rndkey0l,@offset[3]
+
+	aesenc		$rndkey1,$inout0
+	aesenc		$rndkey1,$inout1
+	aesenc		$rndkey1,$inout2
+	aesenc		$rndkey1,$inout3
+	$movkey		48($key_),$rndkey1
+
+	aesenc		$rndkey0,$inout0
+	aesenc		$rndkey0,$inout1
+	aesenc		$rndkey0,$inout2
+	aesenc		$rndkey0,$inout3
+	$movkey		64($key_),$rndkey0
+	jmp		.Locb_enc_loop4
+
+.align	32
+.Locb_enc_loop4:
+	aesenc		$rndkey1,$inout0
+	aesenc		$rndkey1,$inout1
+	aesenc		$rndkey1,$inout2
+	aesenc		$rndkey1,$inout3
+	$movkey		($key,%rax),$rndkey1
+	add		\$32,%rax
+
+	aesenc		$rndkey0,$inout0
+	aesenc		$rndkey0,$inout1
+	aesenc		$rndkey0,$inout2
+	aesenc		$rndkey0,$inout3
+	$movkey		-16($key,%rax),$rndkey0
+	jnz		.Locb_enc_loop4
+
+	aesenc		$rndkey1,$inout0
+	aesenc		$rndkey1,$inout1
+	aesenc		$rndkey1,$inout2
+	aesenc		$rndkey1,$inout3
+	$movkey		16($key_),$rndkey1
+	mov		%r10,%rax		# restore twisted rounds
+
+	aesenclast	@offset[0],$inout0
+	aesenclast	@offset[1],$inout1
+	aesenclast	@offset[2],$inout2
+	aesenclast	@offset[3],$inout3
+	ret
+.size	__ocb_encrypt4,.-__ocb_encrypt4
+
+.type	__ocb_encrypt1,\@abi-omnipotent
+.align	32
+__ocb_encrypt1:
+	 pxor		@offset[5],$inout5	# offset_i
+	 pxor		$rndkey0l,$inout5	# offset_i ^ round[0]
+	pxor		$inout0,$checksum	# accumulate checksum
+	pxor		$inout5,$inout0		# input ^ round[0] ^ offset_i
+	$movkey		32($key_),$rndkey0
+
+	aesenc		$rndkey1,$inout0
+	$movkey		48($key_),$rndkey1
+	pxor		$rndkey0l,$inout5	# offset_i ^ round[last]
+
+	aesenc		$rndkey0,$inout0
+	$movkey		64($key_),$rndkey0
+	jmp		.Locb_enc_loop1
+
+.align	32
+.Locb_enc_loop1:
+	aesenc		$rndkey1,$inout0
+	$movkey		($key,%rax),$rndkey1
+	add		\$32,%rax
+
+	aesenc		$rndkey0,$inout0
+	$movkey		-16($key,%rax),$rndkey0
+	jnz		.Locb_enc_loop1
+
+	aesenc		$rndkey1,$inout0
+	$movkey		16($key_),$rndkey1	# redundant in tail
+	mov		%r10,%rax		# restore twisted rounds
+
+	aesenclast	$inout5,$inout0
+	ret
+.size	__ocb_encrypt1,.-__ocb_encrypt1
+
+.globl	aesni_ocb_decrypt
+.type	aesni_ocb_decrypt,\@function,6
+.align	32
+aesni_ocb_decrypt:
+.cfi_startproc
+	lea	(%rsp),%rax
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+___
+$code.=<<___ if ($win64);
+	lea	-0xa0(%rsp),%rsp
+	movaps	%xmm6,0x00(%rsp)		# offload everything
+	movaps	%xmm7,0x10(%rsp)
+	movaps	%xmm8,0x20(%rsp)
+	movaps	%xmm9,0x30(%rsp)
+	movaps	%xmm10,0x40(%rsp)
+	movaps	%xmm11,0x50(%rsp)
+	movaps	%xmm12,0x60(%rsp)
+	movaps	%xmm13,0x70(%rsp)
+	movaps	%xmm14,0x80(%rsp)
+	movaps	%xmm15,0x90(%rsp)
+.Locb_dec_body:
+___
+$code.=<<___;
+	mov	$seventh_arg(%rax),$L_p		# 7th argument
+	mov	$seventh_arg+8(%rax),$checksum_p# 8th argument
+
+	mov	240($key),$rnds_
+	mov	$key,$key_
+	shl	\$4,$rnds_
+	$movkey	($key),$rndkey0l		# round[0]
+	$movkey	16($key,$rnds_),$rndkey1	# round[last]
+
+	movdqu	($offset_p),@offset[5]		# load last offset_i
+	pxor	$rndkey1,$rndkey0l		# round[0] ^ round[last]
+	pxor	$rndkey1,@offset[5]		# offset_i ^ round[last]
+
+	mov	\$16+32,$rounds
+	lea	32($key_,$rnds_),$key
+	$movkey	16($key_),$rndkey1		# round[1]
+	sub	%r10,%rax			# twisted $rounds
+	mov	%rax,%r10			# backup twisted $rounds
+
+	movdqu	($L_p),@offset[0]		# L_0 for all odd-numbered blocks
+	movdqu	($checksum_p),$checksum		# load checksum
+
+	test	\$1,$block_num			# is first block number odd?
+	jnz	.Locb_dec_odd
+
+	bsf	$block_num,$i1
+	add	\$1,$block_num
+	shl	\$4,$i1
+	movdqu	($L_p,$i1),$inout5		# borrow
+	movdqu	($inp),$inout0
+	lea	16($inp),$inp
+
+	call	__ocb_decrypt1
+
+	movdqa	$inout5,@offset[5]
+	movups	$inout0,($out)
+	xorps	$inout0,$checksum		# accumulate checksum
+	lea	16($out),$out
+	sub	\$1,$blocks
+	jz	.Locb_dec_done
+
+.Locb_dec_odd:
+	lea	1($block_num),$i1		# even-numbered blocks
+	lea	3($block_num),$i3
+	lea	5($block_num),$i5
+	lea	6($block_num),$block_num
+	bsf	$i1,$i1				# ntz(block)
+	bsf	$i3,$i3
+	bsf	$i5,$i5
+	shl	\$4,$i1				# ntz(block) -> table offset
+	shl	\$4,$i3
+	shl	\$4,$i5
+
+	sub	\$6,$blocks
+	jc	.Locb_dec_short
+	jmp	.Locb_dec_grandloop
+
+.align	32
+.Locb_dec_grandloop:
+	movdqu	`16*0`($inp),$inout0		# load input
+	movdqu	`16*1`($inp),$inout1
+	movdqu	`16*2`($inp),$inout2
+	movdqu	`16*3`($inp),$inout3
+	movdqu	`16*4`($inp),$inout4
+	movdqu	`16*5`($inp),$inout5
+	lea	`16*6`($inp),$inp
+
+	call	__ocb_decrypt6
+
+	movups	$inout0,`16*0`($out)		# store output
+	pxor	$inout0,$checksum		# accumulate checksum
+	movups	$inout1,`16*1`($out)
+	pxor	$inout1,$checksum
+	movups	$inout2,`16*2`($out)
+	pxor	$inout2,$checksum
+	movups	$inout3,`16*3`($out)
+	pxor	$inout3,$checksum
+	movups	$inout4,`16*4`($out)
+	pxor	$inout4,$checksum
+	movups	$inout5,`16*5`($out)
+	pxor	$inout5,$checksum
+	lea	`16*6`($out),$out
+	sub	\$6,$blocks
+	jnc	.Locb_dec_grandloop
+
+.Locb_dec_short:
+	add	\$6,$blocks
+	jz	.Locb_dec_done
+
+	movdqu	`16*0`($inp),$inout0
+	cmp	\$2,$blocks
+	jb	.Locb_dec_one
+	movdqu	`16*1`($inp),$inout1
+	je	.Locb_dec_two
+
+	movdqu	`16*2`($inp),$inout2
+	cmp	\$4,$blocks
+	jb	.Locb_dec_three
+	movdqu	`16*3`($inp),$inout3
+	je	.Locb_dec_four
+
+	movdqu	`16*4`($inp),$inout4
+	pxor	$inout5,$inout5
+
+	call	__ocb_decrypt6
+
+	movdqa	@offset[4],@offset[5]
+	movups	$inout0,`16*0`($out)		# store output
+	pxor	$inout0,$checksum		# accumulate checksum
+	movups	$inout1,`16*1`($out)
+	pxor	$inout1,$checksum
+	movups	$inout2,`16*2`($out)
+	pxor	$inout2,$checksum
+	movups	$inout3,`16*3`($out)
+	pxor	$inout3,$checksum
+	movups	$inout4,`16*4`($out)
+	pxor	$inout4,$checksum
+
+	jmp	.Locb_dec_done
+
+.align	16
+.Locb_dec_one:
+	movdqa	@offset[0],$inout5		# borrow
+
+	call	__ocb_decrypt1
+
+	movdqa	$inout5,@offset[5]
+	movups	$inout0,`16*0`($out)		# store output
+	xorps	$inout0,$checksum		# accumulate checksum
+	jmp	.Locb_dec_done
+
+.align	16
+.Locb_dec_two:
+	pxor	$inout2,$inout2
+	pxor	$inout3,$inout3
+
+	call	__ocb_decrypt4
+
+	movdqa	@offset[1],@offset[5]
+	movups	$inout0,`16*0`($out)		# store output
+	xorps	$inout0,$checksum		# accumulate checksum
+	movups	$inout1,`16*1`($out)
+	xorps	$inout1,$checksum
+
+	jmp	.Locb_dec_done
+
+.align	16
+.Locb_dec_three:
+	pxor	$inout3,$inout3
+
+	call	__ocb_decrypt4
+
+	movdqa	@offset[2],@offset[5]
+	movups	$inout0,`16*0`($out)		# store output
+	xorps	$inout0,$checksum		# accumulate checksum
+	movups	$inout1,`16*1`($out)
+	xorps	$inout1,$checksum
+	movups	$inout2,`16*2`($out)
+	xorps	$inout2,$checksum
+
+	jmp	.Locb_dec_done
+
+.align	16
+.Locb_dec_four:
+	call	__ocb_decrypt4
+
+	movdqa	@offset[3],@offset[5]
+	movups	$inout0,`16*0`($out)		# store output
+	pxor	$inout0,$checksum		# accumulate checksum
+	movups	$inout1,`16*1`($out)
+	pxor	$inout1,$checksum
+	movups	$inout2,`16*2`($out)
+	pxor	$inout2,$checksum
+	movups	$inout3,`16*3`($out)
+	pxor	$inout3,$checksum
+
+.Locb_dec_done:
+	pxor	$rndkey0,@offset[5]		# "remove" round[last]
+	movdqu	$checksum,($checksum_p)		# store checksum
+	movdqu	@offset[5],($offset_p)		# store last offset_i
+
+	xorps	%xmm0,%xmm0			# clear register bank
+	pxor	%xmm1,%xmm1
+	pxor	%xmm2,%xmm2
+	pxor	%xmm3,%xmm3
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+___
+$code.=<<___ if (!$win64);
+	pxor	%xmm6,%xmm6
+	pxor	%xmm7,%xmm7
+	pxor	%xmm8,%xmm8
+	pxor	%xmm9,%xmm9
+	pxor	%xmm10,%xmm10
+	pxor	%xmm11,%xmm11
+	pxor	%xmm12,%xmm12
+	pxor	%xmm13,%xmm13
+	pxor	%xmm14,%xmm14
+	pxor	%xmm15,%xmm15
+	lea	0x28(%rsp),%rax
+.cfi_def_cfa	%rax,8
+___
+$code.=<<___ if ($win64);
+	movaps	0x00(%rsp),%xmm6
+	movaps	%xmm0,0x00(%rsp)		# clear stack
+	movaps	0x10(%rsp),%xmm7
+	movaps	%xmm0,0x10(%rsp)
+	movaps	0x20(%rsp),%xmm8
+	movaps	%xmm0,0x20(%rsp)
+	movaps	0x30(%rsp),%xmm9
+	movaps	%xmm0,0x30(%rsp)
+	movaps	0x40(%rsp),%xmm10
+	movaps	%xmm0,0x40(%rsp)
+	movaps	0x50(%rsp),%xmm11
+	movaps	%xmm0,0x50(%rsp)
+	movaps	0x60(%rsp),%xmm12
+	movaps	%xmm0,0x60(%rsp)
+	movaps	0x70(%rsp),%xmm13
+	movaps	%xmm0,0x70(%rsp)
+	movaps	0x80(%rsp),%xmm14
+	movaps	%xmm0,0x80(%rsp)
+	movaps	0x90(%rsp),%xmm15
+	movaps	%xmm0,0x90(%rsp)
+	lea	0xa0+0x28(%rsp),%rax
+.Locb_dec_pop:
+___
+$code.=<<___;
+	mov	-40(%rax),%r14
+.cfi_restore	%r14
+	mov	-32(%rax),%r13
+.cfi_restore	%r13
+	mov	-24(%rax),%r12
+.cfi_restore	%r12
+	mov	-16(%rax),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rax),%rbx
+.cfi_restore	%rbx
+	lea	(%rax),%rsp
+.cfi_def_cfa_register	%rsp
+.Locb_dec_epilogue:
+	ret
+.cfi_endproc
+.size	aesni_ocb_decrypt,.-aesni_ocb_decrypt
+
+.type	__ocb_decrypt6,\@abi-omnipotent
+.align	32
+__ocb_decrypt6:
+	 pxor		$rndkey0l,@offset[5]	# offset_i ^ round[0]
+	 movdqu		($L_p,$i1),@offset[1]
+	 movdqa		@offset[0],@offset[2]
+	 movdqu		($L_p,$i3),@offset[3]
+	 movdqa		@offset[0],@offset[4]
+	 pxor		@offset[5],@offset[0]
+	 movdqu		($L_p,$i5),@offset[5]
+	 pxor		@offset[0],@offset[1]
+	pxor		@offset[0],$inout0	# input ^ round[0] ^ offset_i
+	 pxor		@offset[1],@offset[2]
+	pxor		@offset[1],$inout1
+	 pxor		@offset[2],@offset[3]
+	pxor		@offset[2],$inout2
+	 pxor		@offset[3],@offset[4]
+	pxor		@offset[3],$inout3
+	 pxor		@offset[4],@offset[5]
+	pxor		@offset[4],$inout4
+	pxor		@offset[5],$inout5
+	$movkey		32($key_),$rndkey0
+
+	lea		1($block_num),$i1	# even-numbered blocks
+	lea		3($block_num),$i3
+	lea		5($block_num),$i5
+	add		\$6,$block_num
+	 pxor		$rndkey0l,@offset[0]	# offset_i ^ round[last]
+	bsf		$i1,$i1			# ntz(block)
+	bsf		$i3,$i3
+	bsf		$i5,$i5
+
+	aesdec		$rndkey1,$inout0
+	aesdec		$rndkey1,$inout1
+	aesdec		$rndkey1,$inout2
+	aesdec		$rndkey1,$inout3
+	 pxor		$rndkey0l,@offset[1]
+	 pxor		$rndkey0l,@offset[2]
+	aesdec		$rndkey1,$inout4
+	 pxor		$rndkey0l,@offset[3]
+	 pxor		$rndkey0l,@offset[4]
+	aesdec		$rndkey1,$inout5
+	$movkey		48($key_),$rndkey1
+	 pxor		$rndkey0l,@offset[5]
+
+	aesdec		$rndkey0,$inout0
+	aesdec		$rndkey0,$inout1
+	aesdec		$rndkey0,$inout2
+	aesdec		$rndkey0,$inout3
+	aesdec		$rndkey0,$inout4
+	aesdec		$rndkey0,$inout5
+	$movkey		64($key_),$rndkey0
+	shl		\$4,$i1			# ntz(block) -> table offset
+	shl		\$4,$i3
+	jmp		.Locb_dec_loop6
+
+.align	32
+.Locb_dec_loop6:
+	aesdec		$rndkey1,$inout0
+	aesdec		$rndkey1,$inout1
+	aesdec		$rndkey1,$inout2
+	aesdec		$rndkey1,$inout3
+	aesdec		$rndkey1,$inout4
+	aesdec		$rndkey1,$inout5
+	$movkey		($key,%rax),$rndkey1
+	add		\$32,%rax
+
+	aesdec		$rndkey0,$inout0
+	aesdec		$rndkey0,$inout1
+	aesdec		$rndkey0,$inout2
+	aesdec		$rndkey0,$inout3
+	aesdec		$rndkey0,$inout4
+	aesdec		$rndkey0,$inout5
+	$movkey		-16($key,%rax),$rndkey0
+	jnz		.Locb_dec_loop6
+
+	aesdec		$rndkey1,$inout0
+	aesdec		$rndkey1,$inout1
+	aesdec		$rndkey1,$inout2
+	aesdec		$rndkey1,$inout3
+	aesdec		$rndkey1,$inout4
+	aesdec		$rndkey1,$inout5
+	$movkey		16($key_),$rndkey1
+	shl		\$4,$i5
+
+	aesdeclast	@offset[0],$inout0
+	movdqu		($L_p),@offset[0]	# L_0 for all odd-numbered blocks
+	mov		%r10,%rax		# restore twisted rounds
+	aesdeclast	@offset[1],$inout1
+	aesdeclast	@offset[2],$inout2
+	aesdeclast	@offset[3],$inout3
+	aesdeclast	@offset[4],$inout4
+	aesdeclast	@offset[5],$inout5
+	ret
+.size	__ocb_decrypt6,.-__ocb_decrypt6
+
+.type	__ocb_decrypt4,\@abi-omnipotent
+.align	32
+__ocb_decrypt4:
+	 pxor		$rndkey0l,@offset[5]	# offset_i ^ round[0]
+	 movdqu		($L_p,$i1),@offset[1]
+	 movdqa		@offset[0],@offset[2]
+	 movdqu		($L_p,$i3),@offset[3]
+	 pxor		@offset[5],@offset[0]
+	 pxor		@offset[0],@offset[1]
+	pxor		@offset[0],$inout0	# input ^ round[0] ^ offset_i
+	 pxor		@offset[1],@offset[2]
+	pxor		@offset[1],$inout1
+	 pxor		@offset[2],@offset[3]
+	pxor		@offset[2],$inout2
+	pxor		@offset[3],$inout3
+	$movkey		32($key_),$rndkey0
+
+	 pxor		$rndkey0l,@offset[0]	# offset_i ^ round[last]
+	 pxor		$rndkey0l,@offset[1]
+	 pxor		$rndkey0l,@offset[2]
+	 pxor		$rndkey0l,@offset[3]
+
+	aesdec		$rndkey1,$inout0
+	aesdec		$rndkey1,$inout1
+	aesdec		$rndkey1,$inout2
+	aesdec		$rndkey1,$inout3
+	$movkey		48($key_),$rndkey1
+
+	aesdec		$rndkey0,$inout0
+	aesdec		$rndkey0,$inout1
+	aesdec		$rndkey0,$inout2
+	aesdec		$rndkey0,$inout3
+	$movkey		64($key_),$rndkey0
+	jmp		.Locb_dec_loop4
+
+.align	32
+.Locb_dec_loop4:
+	aesdec		$rndkey1,$inout0
+	aesdec		$rndkey1,$inout1
+	aesdec		$rndkey1,$inout2
+	aesdec		$rndkey1,$inout3
+	$movkey		($key,%rax),$rndkey1
+	add		\$32,%rax
+
+	aesdec		$rndkey0,$inout0
+	aesdec		$rndkey0,$inout1
+	aesdec		$rndkey0,$inout2
+	aesdec		$rndkey0,$inout3
+	$movkey		-16($key,%rax),$rndkey0
+	jnz		.Locb_dec_loop4
+
+	aesdec		$rndkey1,$inout0
+	aesdec		$rndkey1,$inout1
+	aesdec		$rndkey1,$inout2
+	aesdec		$rndkey1,$inout3
+	$movkey		16($key_),$rndkey1
+	mov		%r10,%rax		# restore twisted rounds
+
+	aesdeclast	@offset[0],$inout0
+	aesdeclast	@offset[1],$inout1
+	aesdeclast	@offset[2],$inout2
+	aesdeclast	@offset[3],$inout3
+	ret
+.size	__ocb_decrypt4,.-__ocb_decrypt4
+
+.type	__ocb_decrypt1,\@abi-omnipotent
+.align	32
+__ocb_decrypt1:
+	 pxor		@offset[5],$inout5	# offset_i
+	 pxor		$rndkey0l,$inout5	# offset_i ^ round[0]
+	pxor		$inout5,$inout0		# input ^ round[0] ^ offset_i
+	$movkey		32($key_),$rndkey0
+
+	aesdec		$rndkey1,$inout0
+	$movkey		48($key_),$rndkey1
+	pxor		$rndkey0l,$inout5	# offset_i ^ round[last]
+
+	aesdec		$rndkey0,$inout0
+	$movkey		64($key_),$rndkey0
+	jmp		.Locb_dec_loop1
+
+.align	32
+.Locb_dec_loop1:
+	aesdec		$rndkey1,$inout0
+	$movkey		($key,%rax),$rndkey1
+	add		\$32,%rax
+
+	aesdec		$rndkey0,$inout0
+	$movkey		-16($key,%rax),$rndkey0
+	jnz		.Locb_dec_loop1
+
+	aesdec		$rndkey1,$inout0
+	$movkey		16($key_),$rndkey1	# redundant in tail
+	mov		%r10,%rax		# restore twisted rounds
+
+	aesdeclast	$inout5,$inout0
+	ret
+.size	__ocb_decrypt1,.-__ocb_decrypt1
+___
+} }}
+
+########################################################################
+# void $PREFIX_cbc_encrypt (const void *inp, void *out,
+#			    size_t length, const AES_KEY *key,
+#			    unsigned char *ivp,const int enc);
+{
+my $frame_size = 0x10 + ($win64?0xa0:0);	# used in decrypt
+my ($iv,$in0,$in1,$in2,$in3,$in4)=map("%xmm$_",(10..15));
+
+$code.=<<___;
+.globl	${PREFIX}_cbc_encrypt
+.type	${PREFIX}_cbc_encrypt,\@function,6
+.align	16
+${PREFIX}_cbc_encrypt:
+.cfi_startproc
+	test	$len,$len		# check length
+	jz	.Lcbc_ret
+
+	mov	240($key),$rnds_	# key->rounds
+	mov	$key,$key_		# backup $key
+	test	%r9d,%r9d		# 6th argument
+	jz	.Lcbc_decrypt
+#--------------------------- CBC ENCRYPT ------------------------------#
+	movups	($ivp),$inout0		# load iv as initial state
+	mov	$rnds_,$rounds
+	cmp	\$16,$len
+	jb	.Lcbc_enc_tail
+	sub	\$16,$len
+	jmp	.Lcbc_enc_loop
+.align	16
+.Lcbc_enc_loop:
+	movups	($inp),$inout1		# load input
+	lea	16($inp),$inp
+	#xorps	$inout1,$inout0
+___
+	&aesni_generate1("enc",$key,$rounds,$inout0,$inout1);
+$code.=<<___;
+	mov	$rnds_,$rounds		# restore $rounds
+	mov	$key_,$key		# restore $key
+	movups	$inout0,0($out)		# store output
+	lea	16($out),$out
+	sub	\$16,$len
+	jnc	.Lcbc_enc_loop
+	add	\$16,$len
+	jnz	.Lcbc_enc_tail
+	 pxor	$rndkey0,$rndkey0	# clear register bank
+	 pxor	$rndkey1,$rndkey1
+	movups	$inout0,($ivp)
+	 pxor	$inout0,$inout0
+	 pxor	$inout1,$inout1
+	jmp	.Lcbc_ret
+
+.Lcbc_enc_tail:
+	mov	$len,%rcx	# zaps $key
+	xchg	$inp,$out	# $inp is %rsi and $out is %rdi now
+	.long	0x9066A4F3	# rep movsb
+	mov	\$16,%ecx	# zero tail
+	sub	$len,%rcx
+	xor	%eax,%eax
+	.long	0x9066AAF3	# rep stosb
+	lea	-16(%rdi),%rdi	# rewind $out by 1 block
+	mov	$rnds_,$rounds	# restore $rounds
+	mov	%rdi,%rsi	# $inp and $out are the same
+	mov	$key_,$key	# restore $key
+	xor	$len,$len	# len=16
+	jmp	.Lcbc_enc_loop	# one more spin
+#--------------------------- CBC DECRYPT ------------------------------#
+.align	16
+.Lcbc_decrypt:
+	cmp	\$16,$len
+	jne	.Lcbc_decrypt_bulk
+
+	# handle single block without allocating stack frame,
+	# useful in ciphertext stealing mode
+	movdqu	($inp),$inout0		# load input
+	movdqu	($ivp),$inout1		# load iv
+	movdqa	$inout0,$inout2		# future iv
+___
+	&aesni_generate1("dec",$key,$rnds_);
+$code.=<<___;
+	 pxor	$rndkey0,$rndkey0	# clear register bank
+	 pxor	$rndkey1,$rndkey1
+	movdqu	$inout2,($ivp)		# store iv
+	xorps	$inout1,$inout0		# ^=iv
+	 pxor	$inout1,$inout1
+	movups	$inout0,($out)		# store output
+	 pxor	$inout0,$inout0
+	jmp	.Lcbc_ret
+.align	16
+.Lcbc_decrypt_bulk:
+	lea	(%rsp),%r11		# frame pointer
+.cfi_def_cfa_register	%r11
+	push	%rbp
+.cfi_push	%rbp
+	sub	\$$frame_size,%rsp
+	and	\$-16,%rsp	# Linux kernel stack can be incorrectly seeded
+___
+$code.=<<___ if ($win64);
+	movaps	%xmm6,0x10(%rsp)
+	movaps	%xmm7,0x20(%rsp)
+	movaps	%xmm8,0x30(%rsp)
+	movaps	%xmm9,0x40(%rsp)
+	movaps	%xmm10,0x50(%rsp)
+	movaps	%xmm11,0x60(%rsp)
+	movaps	%xmm12,0x70(%rsp)
+	movaps	%xmm13,0x80(%rsp)
+	movaps	%xmm14,0x90(%rsp)
+	movaps	%xmm15,0xa0(%rsp)
+.Lcbc_decrypt_body:
+___
+
+my $inp_=$key_="%rbp";			# reassign $key_
+
+$code.=<<___;
+	mov	$key,$key_		# [re-]backup $key [after reassignment]
+	movups	($ivp),$iv
+	mov	$rnds_,$rounds
+	cmp	\$0x50,$len
+	jbe	.Lcbc_dec_tail
+
+	$movkey	($key),$rndkey0
+	movdqu	0x00($inp),$inout0	# load input
+	movdqu	0x10($inp),$inout1
+	movdqa	$inout0,$in0
+	movdqu	0x20($inp),$inout2
+	movdqa	$inout1,$in1
+	movdqu	0x30($inp),$inout3
+	movdqa	$inout2,$in2
+	movdqu	0x40($inp),$inout4
+	movdqa	$inout3,$in3
+	movdqu	0x50($inp),$inout5
+	movdqa	$inout4,$in4
+	mov	OPENSSL_ia32cap_P+4(%rip),%r9d
+	cmp	\$0x70,$len
+	jbe	.Lcbc_dec_six_or_seven
+
+	and	\$`1<<26|1<<22`,%r9d	# isolate XSAVE+MOVBE
+	sub	\$0x50,$len		# $len is biased by -5*16
+	cmp	\$`1<<22`,%r9d		# check for MOVBE without XSAVE
+	je	.Lcbc_dec_loop6_enter	# [which denotes Atom Silvermont]
+	sub	\$0x20,$len		# $len is biased by -7*16
+	lea	0x70($key),$key		# size optimization
+	jmp	.Lcbc_dec_loop8_enter
+.align	16
+.Lcbc_dec_loop8:
+	movups	$inout7,($out)
+	lea	0x10($out),$out
+.Lcbc_dec_loop8_enter:
+	movdqu		0x60($inp),$inout6
+	pxor		$rndkey0,$inout0
+	movdqu		0x70($inp),$inout7
+	pxor		$rndkey0,$inout1
+	$movkey		0x10-0x70($key),$rndkey1
+	pxor		$rndkey0,$inout2
+	mov		\$-1,$inp_
+	cmp		\$0x70,$len	# is there at least 0x60 bytes ahead?
+	pxor		$rndkey0,$inout3
+	pxor		$rndkey0,$inout4
+	pxor		$rndkey0,$inout5
+	pxor		$rndkey0,$inout6
+
+	aesdec		$rndkey1,$inout0
+	pxor		$rndkey0,$inout7
+	$movkey		0x20-0x70($key),$rndkey0
+	aesdec		$rndkey1,$inout1
+	aesdec		$rndkey1,$inout2
+	aesdec		$rndkey1,$inout3
+	aesdec		$rndkey1,$inout4
+	aesdec		$rndkey1,$inout5
+	aesdec		$rndkey1,$inout6
+	adc		\$0,$inp_
+	and		\$128,$inp_
+	aesdec		$rndkey1,$inout7
+	add		$inp,$inp_
+	$movkey		0x30-0x70($key),$rndkey1
+___
+for($i=1;$i<12;$i++) {
+my $rndkeyx = ($i&1)?$rndkey0:$rndkey1;
+$code.=<<___	if ($i==7);
+	cmp		\$11,$rounds
+___
+$code.=<<___;
+	aesdec		$rndkeyx,$inout0
+	aesdec		$rndkeyx,$inout1
+	aesdec		$rndkeyx,$inout2
+	aesdec		$rndkeyx,$inout3
+	aesdec		$rndkeyx,$inout4
+	aesdec		$rndkeyx,$inout5
+	aesdec		$rndkeyx,$inout6
+	aesdec		$rndkeyx,$inout7
+	$movkey		`0x30+0x10*$i`-0x70($key),$rndkeyx
+___
+$code.=<<___	if ($i<6 || (!($i&1) && $i>7));
+	nop
+___
+$code.=<<___	if ($i==7);
+	jb		.Lcbc_dec_done
+___
+$code.=<<___	if ($i==9);
+	je		.Lcbc_dec_done
+___
+$code.=<<___	if ($i==11);
+	jmp		.Lcbc_dec_done
+___
+}
+$code.=<<___;
+.align	16
+.Lcbc_dec_done:
+	aesdec		$rndkey1,$inout0
+	aesdec		$rndkey1,$inout1
+	pxor		$rndkey0,$iv
+	pxor		$rndkey0,$in0
+	aesdec		$rndkey1,$inout2
+	aesdec		$rndkey1,$inout3
+	pxor		$rndkey0,$in1
+	pxor		$rndkey0,$in2
+	aesdec		$rndkey1,$inout4
+	aesdec		$rndkey1,$inout5
+	pxor		$rndkey0,$in3
+	pxor		$rndkey0,$in4
+	aesdec		$rndkey1,$inout6
+	aesdec		$rndkey1,$inout7
+	movdqu		0x50($inp),$rndkey1
+
+	aesdeclast	$iv,$inout0
+	movdqu		0x60($inp),$iv		# borrow $iv
+	pxor		$rndkey0,$rndkey1
+	aesdeclast	$in0,$inout1
+	pxor		$rndkey0,$iv
+	movdqu		0x70($inp),$rndkey0	# next IV
+	aesdeclast	$in1,$inout2
+	lea		0x80($inp),$inp
+	movdqu		0x00($inp_),$in0
+	aesdeclast	$in2,$inout3
+	aesdeclast	$in3,$inout4
+	movdqu		0x10($inp_),$in1
+	movdqu		0x20($inp_),$in2
+	aesdeclast	$in4,$inout5
+	aesdeclast	$rndkey1,$inout6
+	movdqu		0x30($inp_),$in3
+	movdqu		0x40($inp_),$in4
+	aesdeclast	$iv,$inout7
+	movdqa		$rndkey0,$iv		# return $iv
+	movdqu		0x50($inp_),$rndkey1
+	$movkey		-0x70($key),$rndkey0
+
+	movups		$inout0,($out)		# store output
+	movdqa		$in0,$inout0
+	movups		$inout1,0x10($out)
+	movdqa		$in1,$inout1
+	movups		$inout2,0x20($out)
+	movdqa		$in2,$inout2
+	movups		$inout3,0x30($out)
+	movdqa		$in3,$inout3
+	movups		$inout4,0x40($out)
+	movdqa		$in4,$inout4
+	movups		$inout5,0x50($out)
+	movdqa		$rndkey1,$inout5
+	movups		$inout6,0x60($out)
+	lea		0x70($out),$out
+
+	sub	\$0x80,$len
+	ja	.Lcbc_dec_loop8
+
+	movaps	$inout7,$inout0
+	lea	-0x70($key),$key
+	add	\$0x70,$len
+	jle	.Lcbc_dec_clear_tail_collected
+	movups	$inout7,($out)
+	lea	0x10($out),$out
+	cmp	\$0x50,$len
+	jbe	.Lcbc_dec_tail
+
+	movaps	$in0,$inout0
+.Lcbc_dec_six_or_seven:
+	cmp	\$0x60,$len
+	ja	.Lcbc_dec_seven
+
+	movaps	$inout5,$inout6
+	call	_aesni_decrypt6
+	pxor	$iv,$inout0		# ^= IV
+	movaps	$inout6,$iv
+	pxor	$in0,$inout1
+	movdqu	$inout0,($out)
+	pxor	$in1,$inout2
+	movdqu	$inout1,0x10($out)
+	 pxor	$inout1,$inout1		# clear register bank
+	pxor	$in2,$inout3
+	movdqu	$inout2,0x20($out)
+	 pxor	$inout2,$inout2
+	pxor	$in3,$inout4
+	movdqu	$inout3,0x30($out)
+	 pxor	$inout3,$inout3
+	pxor	$in4,$inout5
+	movdqu	$inout4,0x40($out)
+	 pxor	$inout4,$inout4
+	lea	0x50($out),$out
+	movdqa	$inout5,$inout0
+	 pxor	$inout5,$inout5
+	jmp	.Lcbc_dec_tail_collected
+
+.align	16
+.Lcbc_dec_seven:
+	movups	0x60($inp),$inout6
+	xorps	$inout7,$inout7
+	call	_aesni_decrypt8
+	movups	0x50($inp),$inout7
+	pxor	$iv,$inout0		# ^= IV
+	movups	0x60($inp),$iv
+	pxor	$in0,$inout1
+	movdqu	$inout0,($out)
+	pxor	$in1,$inout2
+	movdqu	$inout1,0x10($out)
+	 pxor	$inout1,$inout1		# clear register bank
+	pxor	$in2,$inout3
+	movdqu	$inout2,0x20($out)
+	 pxor	$inout2,$inout2
+	pxor	$in3,$inout4
+	movdqu	$inout3,0x30($out)
+	 pxor	$inout3,$inout3
+	pxor	$in4,$inout5
+	movdqu	$inout4,0x40($out)
+	 pxor	$inout4,$inout4
+	pxor	$inout7,$inout6
+	movdqu	$inout5,0x50($out)
+	 pxor	$inout5,$inout5
+	lea	0x60($out),$out
+	movdqa	$inout6,$inout0
+	 pxor	$inout6,$inout6
+	 pxor	$inout7,$inout7
+	jmp	.Lcbc_dec_tail_collected
+
+.align	16
+.Lcbc_dec_loop6:
+	movups	$inout5,($out)
+	lea	0x10($out),$out
+	movdqu	0x00($inp),$inout0	# load input
+	movdqu	0x10($inp),$inout1
+	movdqa	$inout0,$in0
+	movdqu	0x20($inp),$inout2
+	movdqa	$inout1,$in1
+	movdqu	0x30($inp),$inout3
+	movdqa	$inout2,$in2
+	movdqu	0x40($inp),$inout4
+	movdqa	$inout3,$in3
+	movdqu	0x50($inp),$inout5
+	movdqa	$inout4,$in4
+.Lcbc_dec_loop6_enter:
+	lea	0x60($inp),$inp
+	movdqa	$inout5,$inout6
+
+	call	_aesni_decrypt6
+
+	pxor	$iv,$inout0		# ^= IV
+	movdqa	$inout6,$iv
+	pxor	$in0,$inout1
+	movdqu	$inout0,($out)
+	pxor	$in1,$inout2
+	movdqu	$inout1,0x10($out)
+	pxor	$in2,$inout3
+	movdqu	$inout2,0x20($out)
+	pxor	$in3,$inout4
+	mov	$key_,$key
+	movdqu	$inout3,0x30($out)
+	pxor	$in4,$inout5
+	mov	$rnds_,$rounds
+	movdqu	$inout4,0x40($out)
+	lea	0x50($out),$out
+	sub	\$0x60,$len
+	ja	.Lcbc_dec_loop6
+
+	movdqa	$inout5,$inout0
+	add	\$0x50,$len
+	jle	.Lcbc_dec_clear_tail_collected
+	movups	$inout5,($out)
+	lea	0x10($out),$out
+
+.Lcbc_dec_tail:
+	movups	($inp),$inout0
+	sub	\$0x10,$len
+	jbe	.Lcbc_dec_one		# $len is 1*16 or less
+
+	movups	0x10($inp),$inout1
+	movaps	$inout0,$in0
+	sub	\$0x10,$len
+	jbe	.Lcbc_dec_two		# $len is 2*16 or less
+
+	movups	0x20($inp),$inout2
+	movaps	$inout1,$in1
+	sub	\$0x10,$len
+	jbe	.Lcbc_dec_three		# $len is 3*16 or less
+
+	movups	0x30($inp),$inout3
+	movaps	$inout2,$in2
+	sub	\$0x10,$len
+	jbe	.Lcbc_dec_four		# $len is 4*16 or less
+
+	movups	0x40($inp),$inout4	# $len is 5*16 or less
+	movaps	$inout3,$in3
+	movaps	$inout4,$in4
+	xorps	$inout5,$inout5
+	call	_aesni_decrypt6
+	pxor	$iv,$inout0
+	movaps	$in4,$iv
+	pxor	$in0,$inout1
+	movdqu	$inout0,($out)
+	pxor	$in1,$inout2
+	movdqu	$inout1,0x10($out)
+	 pxor	$inout1,$inout1		# clear register bank
+	pxor	$in2,$inout3
+	movdqu	$inout2,0x20($out)
+	 pxor	$inout2,$inout2
+	pxor	$in3,$inout4
+	movdqu	$inout3,0x30($out)
+	 pxor	$inout3,$inout3
+	lea	0x40($out),$out
+	movdqa	$inout4,$inout0
+	 pxor	$inout4,$inout4
+	 pxor	$inout5,$inout5
+	sub	\$0x10,$len
+	jmp	.Lcbc_dec_tail_collected
+
+.align	16
+.Lcbc_dec_one:
+	movaps	$inout0,$in0
+___
+	&aesni_generate1("dec",$key,$rounds);
+$code.=<<___;
+	xorps	$iv,$inout0
+	movaps	$in0,$iv
+	jmp	.Lcbc_dec_tail_collected
+.align	16
+.Lcbc_dec_two:
+	movaps	$inout1,$in1
+	call	_aesni_decrypt2
+	pxor	$iv,$inout0
+	movaps	$in1,$iv
+	pxor	$in0,$inout1
+	movdqu	$inout0,($out)
+	movdqa	$inout1,$inout0
+	 pxor	$inout1,$inout1		# clear register bank
+	lea	0x10($out),$out
+	jmp	.Lcbc_dec_tail_collected
+.align	16
+.Lcbc_dec_three:
+	movaps	$inout2,$in2
+	call	_aesni_decrypt3
+	pxor	$iv,$inout0
+	movaps	$in2,$iv
+	pxor	$in0,$inout1
+	movdqu	$inout0,($out)
+	pxor	$in1,$inout2
+	movdqu	$inout1,0x10($out)
+	 pxor	$inout1,$inout1		# clear register bank
+	movdqa	$inout2,$inout0
+	 pxor	$inout2,$inout2
+	lea	0x20($out),$out
+	jmp	.Lcbc_dec_tail_collected
+.align	16
+.Lcbc_dec_four:
+	movaps	$inout3,$in3
+	call	_aesni_decrypt4
+	pxor	$iv,$inout0
+	movaps	$in3,$iv
+	pxor	$in0,$inout1
+	movdqu	$inout0,($out)
+	pxor	$in1,$inout2
+	movdqu	$inout1,0x10($out)
+	 pxor	$inout1,$inout1		# clear register bank
+	pxor	$in2,$inout3
+	movdqu	$inout2,0x20($out)
+	 pxor	$inout2,$inout2
+	movdqa	$inout3,$inout0
+	 pxor	$inout3,$inout3
+	lea	0x30($out),$out
+	jmp	.Lcbc_dec_tail_collected
+
+.align	16
+.Lcbc_dec_clear_tail_collected:
+	pxor	$inout1,$inout1		# clear register bank
+	pxor	$inout2,$inout2
+	pxor	$inout3,$inout3
+___
+$code.=<<___ if (!$win64);
+	pxor	$inout4,$inout4		# %xmm6..9
+	pxor	$inout5,$inout5
+	pxor	$inout6,$inout6
+	pxor	$inout7,$inout7
+___
+$code.=<<___;
+.Lcbc_dec_tail_collected:
+	movups	$iv,($ivp)
+	and	\$15,$len
+	jnz	.Lcbc_dec_tail_partial
+	movups	$inout0,($out)
+	pxor	$inout0,$inout0
+	jmp	.Lcbc_dec_ret
+.align	16
+.Lcbc_dec_tail_partial:
+	movaps	$inout0,(%rsp)
+	pxor	$inout0,$inout0
+	mov	\$16,%rcx
+	mov	$out,%rdi
+	sub	$len,%rcx
+	lea	(%rsp),%rsi
+	.long	0x9066A4F3		# rep movsb
+	movdqa	$inout0,(%rsp)
+
+.Lcbc_dec_ret:
+	xorps	$rndkey0,$rndkey0	# %xmm0
+	pxor	$rndkey1,$rndkey1
+___
+$code.=<<___ if ($win64);
+	movaps	0x10(%rsp),%xmm6
+	movaps	%xmm0,0x10(%rsp)	# clear stack
+	movaps	0x20(%rsp),%xmm7
+	movaps	%xmm0,0x20(%rsp)
+	movaps	0x30(%rsp),%xmm8
+	movaps	%xmm0,0x30(%rsp)
+	movaps	0x40(%rsp),%xmm9
+	movaps	%xmm0,0x40(%rsp)
+	movaps	0x50(%rsp),%xmm10
+	movaps	%xmm0,0x50(%rsp)
+	movaps	0x60(%rsp),%xmm11
+	movaps	%xmm0,0x60(%rsp)
+	movaps	0x70(%rsp),%xmm12
+	movaps	%xmm0,0x70(%rsp)
+	movaps	0x80(%rsp),%xmm13
+	movaps	%xmm0,0x80(%rsp)
+	movaps	0x90(%rsp),%xmm14
+	movaps	%xmm0,0x90(%rsp)
+	movaps	0xa0(%rsp),%xmm15
+	movaps	%xmm0,0xa0(%rsp)
+___
+$code.=<<___;
+	mov	-8(%r11),%rbp
+.cfi_restore	%rbp
+	lea	(%r11),%rsp
+.cfi_def_cfa_register	%rsp
+.Lcbc_ret:
+	ret
+.cfi_endproc
+.size	${PREFIX}_cbc_encrypt,.-${PREFIX}_cbc_encrypt
+___
+} 
+# int ${PREFIX}_set_decrypt_key(const unsigned char *inp,
+#				int bits, AES_KEY *key)
+#
+# input:	$inp	user-supplied key
+#		$bits	$inp length in bits
+#		$key	pointer to key schedule
+# output:	%eax	0 denoting success, -1 or -2 - failure (see C)
+#		*$key	key schedule
+#
+{ my ($inp,$bits,$key) = @_4args;
+  $bits =~ s/%r/%e/;
+
+$code.=<<___;
+.globl	${PREFIX}_set_decrypt_key
+.type	${PREFIX}_set_decrypt_key,\@abi-omnipotent
+.align	16
+${PREFIX}_set_decrypt_key:
+.cfi_startproc
+	.byte	0x48,0x83,0xEC,0x08	# sub rsp,8
+.cfi_adjust_cfa_offset	8
+	call	__aesni_set_encrypt_key
+	shl	\$4,$bits		# rounds-1 after _aesni_set_encrypt_key
+	test	%eax,%eax
+	jnz	.Ldec_key_ret
+	lea	16($key,$bits),$inp	# points at the end of key schedule
+
+	$movkey	($key),%xmm0		# just swap
+	$movkey	($inp),%xmm1
+	$movkey	%xmm0,($inp)
+	$movkey	%xmm1,($key)
+	lea	16($key),$key
+	lea	-16($inp),$inp
+
+.Ldec_key_inverse:
+	$movkey	($key),%xmm0		# swap and inverse
+	$movkey	($inp),%xmm1
+	aesimc	%xmm0,%xmm0
+	aesimc	%xmm1,%xmm1
+	lea	16($key),$key
+	lea	-16($inp),$inp
+	$movkey	%xmm0,16($inp)
+	$movkey	%xmm1,-16($key)
+	cmp	$key,$inp
+	ja	.Ldec_key_inverse
+
+	$movkey	($key),%xmm0		# inverse middle
+	aesimc	%xmm0,%xmm0
+	pxor	%xmm1,%xmm1
+	$movkey	%xmm0,($inp)
+	pxor	%xmm0,%xmm0
+.Ldec_key_ret:
+	add	\$8,%rsp
+.cfi_adjust_cfa_offset	-8
+	ret
+.cfi_endproc
+.LSEH_end_set_decrypt_key:
+.size	${PREFIX}_set_decrypt_key,.-${PREFIX}_set_decrypt_key
+___
+
+# This is based on submission from Intel by
+#	Huang Ying
+#	Vinodh Gopal
+#	Kahraman Akdemir
+#
+# Aggressively optimized in respect to aeskeygenassist's critical path
+# and is contained in %xmm0-5 to meet Win64 ABI requirement.
+#
+# int ${PREFIX}_set_encrypt_key(const unsigned char *inp,
+#				int bits, AES_KEY * const key);
+#
+# input:	$inp	user-supplied key
+#		$bits	$inp length in bits
+#		$key	pointer to key schedule
+# output:	%eax	0 denoting success, -1 or -2 - failure (see C)
+#		$bits	rounds-1 (used in aesni_set_decrypt_key)
+#		*$key	key schedule
+#		$key	pointer to key schedule (used in
+#			aesni_set_decrypt_key)
+#
+# Subroutine is frame-less, which means that only volatile registers
+# are used. Note that it's declared "abi-omnipotent", which means that
+# amount of volatile registers is smaller on Windows.
+#
+$code.=<<___;
+.globl	${PREFIX}_set_encrypt_key
+.type	${PREFIX}_set_encrypt_key,\@abi-omnipotent
+.align	16
+${PREFIX}_set_encrypt_key:
+__aesni_set_encrypt_key:
+.cfi_startproc
+	.byte	0x48,0x83,0xEC,0x08	# sub rsp,8
+.cfi_adjust_cfa_offset	8
+	mov	\$-1,%rax
+	test	$inp,$inp
+	jz	.Lenc_key_ret
+	test	$key,$key
+	jz	.Lenc_key_ret
+
+	mov	\$`1<<28|1<<11`,%r10d	# AVX and XOP bits
+	movups	($inp),%xmm0		# pull first 128 bits of *userKey
+	xorps	%xmm4,%xmm4		# low dword of xmm4 is assumed 0
+	and	OPENSSL_ia32cap_P+4(%rip),%r10d
+	lea	16($key),%rax		# %rax is used as modifiable copy of $key
+	cmp	\$256,$bits
+	je	.L14rounds
+	cmp	\$192,$bits
+	je	.L12rounds
+	cmp	\$128,$bits
+	jne	.Lbad_keybits
+
+.L10rounds:
+	mov	\$9,$bits			# 10 rounds for 128-bit key
+	cmp	\$`1<<28`,%r10d			# AVX, bit no XOP
+	je	.L10rounds_alt
+
+	$movkey	%xmm0,($key)			# round 0
+	aeskeygenassist	\$0x1,%xmm0,%xmm1	# round 1
+	call		.Lkey_expansion_128_cold
+	aeskeygenassist	\$0x2,%xmm0,%xmm1	# round 2
+	call		.Lkey_expansion_128
+	aeskeygenassist	\$0x4,%xmm0,%xmm1	# round 3
+	call		.Lkey_expansion_128
+	aeskeygenassist	\$0x8,%xmm0,%xmm1	# round 4
+	call		.Lkey_expansion_128
+	aeskeygenassist	\$0x10,%xmm0,%xmm1	# round 5
+	call		.Lkey_expansion_128
+	aeskeygenassist	\$0x20,%xmm0,%xmm1	# round 6
+	call		.Lkey_expansion_128
+	aeskeygenassist	\$0x40,%xmm0,%xmm1	# round 7
+	call		.Lkey_expansion_128
+	aeskeygenassist	\$0x80,%xmm0,%xmm1	# round 8
+	call		.Lkey_expansion_128
+	aeskeygenassist	\$0x1b,%xmm0,%xmm1	# round 9
+	call		.Lkey_expansion_128
+	aeskeygenassist	\$0x36,%xmm0,%xmm1	# round 10
+	call		.Lkey_expansion_128
+	$movkey	%xmm0,(%rax)
+	mov	$bits,80(%rax)	# 240(%rdx)
+	xor	%eax,%eax
+	jmp	.Lenc_key_ret
+
+.align	16
+.L10rounds_alt:
+	movdqa	.Lkey_rotate(%rip),%xmm5
+	mov	\$8,%r10d
+	movdqa	.Lkey_rcon1(%rip),%xmm4
+	movdqa	%xmm0,%xmm2
+	movdqu	%xmm0,($key)
+	jmp	.Loop_key128
+
+.align	16
+.Loop_key128:
+	pshufb		%xmm5,%xmm0
+	aesenclast	%xmm4,%xmm0
+	pslld		\$1,%xmm4
+	lea		16(%rax),%rax
+
+	movdqa		%xmm2,%xmm3
+	pslldq		\$4,%xmm2
+	pxor		%xmm2,%xmm3
+	pslldq		\$4,%xmm2
+	pxor		%xmm2,%xmm3
+	pslldq		\$4,%xmm2
+	pxor		%xmm3,%xmm2
+
+	pxor		%xmm2,%xmm0
+	movdqu		%xmm0,-16(%rax)
+	movdqa		%xmm0,%xmm2
+
+	dec	%r10d
+	jnz	.Loop_key128
+
+	movdqa		.Lkey_rcon1b(%rip),%xmm4
+
+	pshufb		%xmm5,%xmm0
+	aesenclast	%xmm4,%xmm0
+	pslld		\$1,%xmm4
+
+	movdqa		%xmm2,%xmm3
+	pslldq		\$4,%xmm2
+	pxor		%xmm2,%xmm3
+	pslldq		\$4,%xmm2
+	pxor		%xmm2,%xmm3
+	pslldq		\$4,%xmm2
+	pxor		%xmm3,%xmm2
+
+	pxor		%xmm2,%xmm0
+	movdqu		%xmm0,(%rax)
+
+	movdqa		%xmm0,%xmm2
+	pshufb		%xmm5,%xmm0
+	aesenclast	%xmm4,%xmm0
+
+	movdqa		%xmm2,%xmm3
+	pslldq		\$4,%xmm2
+	pxor		%xmm2,%xmm3
+	pslldq		\$4,%xmm2
+	pxor		%xmm2,%xmm3
+	pslldq		\$4,%xmm2
+	pxor		%xmm3,%xmm2
+
+	pxor		%xmm2,%xmm0
+	movdqu		%xmm0,16(%rax)
+
+	mov	$bits,96(%rax)	# 240($key)
+	xor	%eax,%eax
+	jmp	.Lenc_key_ret
+
+.align	16
+.L12rounds:
+	movq	16($inp),%xmm2			# remaining 1/3 of *userKey
+	mov	\$11,$bits			# 12 rounds for 192
+	cmp	\$`1<<28`,%r10d			# AVX, but no XOP
+	je	.L12rounds_alt
+
+	$movkey	%xmm0,($key)			# round 0
+	aeskeygenassist	\$0x1,%xmm2,%xmm1	# round 1,2
+	call		.Lkey_expansion_192a_cold
+	aeskeygenassist	\$0x2,%xmm2,%xmm1	# round 2,3
+	call		.Lkey_expansion_192b
+	aeskeygenassist	\$0x4,%xmm2,%xmm1	# round 4,5
+	call		.Lkey_expansion_192a
+	aeskeygenassist	\$0x8,%xmm2,%xmm1	# round 5,6
+	call		.Lkey_expansion_192b
+	aeskeygenassist	\$0x10,%xmm2,%xmm1	# round 7,8
+	call		.Lkey_expansion_192a
+	aeskeygenassist	\$0x20,%xmm2,%xmm1	# round 8,9
+	call		.Lkey_expansion_192b
+	aeskeygenassist	\$0x40,%xmm2,%xmm1	# round 10,11
+	call		.Lkey_expansion_192a
+	aeskeygenassist	\$0x80,%xmm2,%xmm1	# round 11,12
+	call		.Lkey_expansion_192b
+	$movkey	%xmm0,(%rax)
+	mov	$bits,48(%rax)	# 240(%rdx)
+	xor	%rax, %rax
+	jmp	.Lenc_key_ret
+
+.align	16
+.L12rounds_alt:
+	movdqa	.Lkey_rotate192(%rip),%xmm5
+	movdqa	.Lkey_rcon1(%rip),%xmm4
+	mov	\$8,%r10d
+	movdqu	%xmm0,($key)
+	jmp	.Loop_key192
+
+.align	16
+.Loop_key192:
+	movq		%xmm2,0(%rax)
+	movdqa		%xmm2,%xmm1
+	pshufb		%xmm5,%xmm2
+	aesenclast	%xmm4,%xmm2
+	pslld		\$1, %xmm4
+	lea		24(%rax),%rax
+
+	movdqa		%xmm0,%xmm3
+	pslldq		\$4,%xmm0
+	pxor		%xmm0,%xmm3
+	pslldq		\$4,%xmm0
+	pxor		%xmm0,%xmm3
+	pslldq		\$4,%xmm0
+	pxor		%xmm3,%xmm0
+
+	pshufd		\$0xff,%xmm0,%xmm3
+	pxor		%xmm1,%xmm3
+	pslldq		\$4,%xmm1
+	pxor		%xmm1,%xmm3
+
+	pxor		%xmm2,%xmm0
+	pxor		%xmm3,%xmm2
+	movdqu		%xmm0,-16(%rax)
+
+	dec	%r10d
+	jnz	.Loop_key192
+
+	mov	$bits,32(%rax)	# 240($key)
+	xor	%eax,%eax
+	jmp	.Lenc_key_ret
+
+.align	16
+.L14rounds:
+	movups	16($inp),%xmm2			# remaining half of *userKey
+	mov	\$13,$bits			# 14 rounds for 256
+	lea	16(%rax),%rax
+	cmp	\$`1<<28`,%r10d			# AVX, but no XOP
+	je	.L14rounds_alt
+
+	$movkey	%xmm0,($key)			# round 0
+	$movkey	%xmm2,16($key)			# round 1
+	aeskeygenassist	\$0x1,%xmm2,%xmm1	# round 2
+	call		.Lkey_expansion_256a_cold
+	aeskeygenassist	\$0x1,%xmm0,%xmm1	# round 3
+	call		.Lkey_expansion_256b
+	aeskeygenassist	\$0x2,%xmm2,%xmm1	# round 4
+	call		.Lkey_expansion_256a
+	aeskeygenassist	\$0x2,%xmm0,%xmm1	# round 5
+	call		.Lkey_expansion_256b
+	aeskeygenassist	\$0x4,%xmm2,%xmm1	# round 6
+	call		.Lkey_expansion_256a
+	aeskeygenassist	\$0x4,%xmm0,%xmm1	# round 7
+	call		.Lkey_expansion_256b
+	aeskeygenassist	\$0x8,%xmm2,%xmm1	# round 8
+	call		.Lkey_expansion_256a
+	aeskeygenassist	\$0x8,%xmm0,%xmm1	# round 9
+	call		.Lkey_expansion_256b
+	aeskeygenassist	\$0x10,%xmm2,%xmm1	# round 10
+	call		.Lkey_expansion_256a
+	aeskeygenassist	\$0x10,%xmm0,%xmm1	# round 11
+	call		.Lkey_expansion_256b
+	aeskeygenassist	\$0x20,%xmm2,%xmm1	# round 12
+	call		.Lkey_expansion_256a
+	aeskeygenassist	\$0x20,%xmm0,%xmm1	# round 13
+	call		.Lkey_expansion_256b
+	aeskeygenassist	\$0x40,%xmm2,%xmm1	# round 14
+	call		.Lkey_expansion_256a
+	$movkey	%xmm0,(%rax)
+	mov	$bits,16(%rax)	# 240(%rdx)
+	xor	%rax,%rax
+	jmp	.Lenc_key_ret
+
+.align	16
+.L14rounds_alt:
+	movdqa	.Lkey_rotate(%rip),%xmm5
+	movdqa	.Lkey_rcon1(%rip),%xmm4
+	mov	\$7,%r10d
+	movdqu	%xmm0,0($key)
+	movdqa	%xmm2,%xmm1
+	movdqu	%xmm2,16($key)
+	jmp	.Loop_key256
+
+.align	16
+.Loop_key256:
+	pshufb		%xmm5,%xmm2
+	aesenclast	%xmm4,%xmm2
+
+	movdqa		%xmm0,%xmm3
+	pslldq		\$4,%xmm0
+	pxor		%xmm0,%xmm3
+	pslldq		\$4,%xmm0
+	pxor		%xmm0,%xmm3
+	pslldq		\$4,%xmm0
+	pxor		%xmm3,%xmm0
+	pslld		\$1,%xmm4
+
+	pxor		%xmm2,%xmm0
+	movdqu		%xmm0,(%rax)
+
+	dec	%r10d
+	jz	.Ldone_key256
+
+	pshufd		\$0xff,%xmm0,%xmm2
+	pxor		%xmm3,%xmm3
+	aesenclast	%xmm3,%xmm2
+
+	movdqa		%xmm1,%xmm3
+	pslldq		\$4,%xmm1
+	pxor		%xmm1,%xmm3
+	pslldq		\$4,%xmm1
+	pxor		%xmm1,%xmm3
+	pslldq		\$4,%xmm1
+	pxor		%xmm3,%xmm1
+
+	pxor		%xmm1,%xmm2
+	movdqu		%xmm2,16(%rax)
+	lea		32(%rax),%rax
+	movdqa		%xmm2,%xmm1
+
+	jmp	.Loop_key256
+
+.Ldone_key256:
+	mov	$bits,16(%rax)	# 240($key)
+	xor	%eax,%eax
+	jmp	.Lenc_key_ret
+
+.align	16
+.Lbad_keybits:
+	mov	\$-2,%rax
+.Lenc_key_ret:
+	pxor	%xmm0,%xmm0
+	pxor	%xmm1,%xmm1
+	pxor	%xmm2,%xmm2
+	pxor	%xmm3,%xmm3
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+	add	\$8,%rsp
+.cfi_adjust_cfa_offset	-8
+	ret
+.cfi_endproc
+.LSEH_end_set_encrypt_key:
+
+.align	16
+.Lkey_expansion_128:
+	$movkey	%xmm0,(%rax)
+	lea	16(%rax),%rax
+.Lkey_expansion_128_cold:
+	shufps	\$0b00010000,%xmm0,%xmm4
+	xorps	%xmm4, %xmm0
+	shufps	\$0b10001100,%xmm0,%xmm4
+	xorps	%xmm4, %xmm0
+	shufps	\$0b11111111,%xmm1,%xmm1	# critical path
+	xorps	%xmm1,%xmm0
+	ret
+
+.align 16
+.Lkey_expansion_192a:
+	$movkey	%xmm0,(%rax)
+	lea	16(%rax),%rax
+.Lkey_expansion_192a_cold:
+	movaps	%xmm2, %xmm5
+.Lkey_expansion_192b_warm:
+	shufps	\$0b00010000,%xmm0,%xmm4
+	movdqa	%xmm2,%xmm3
+	xorps	%xmm4,%xmm0
+	shufps	\$0b10001100,%xmm0,%xmm4
+	pslldq	\$4,%xmm3
+	xorps	%xmm4,%xmm0
+	pshufd	\$0b01010101,%xmm1,%xmm1	# critical path
+	pxor	%xmm3,%xmm2
+	pxor	%xmm1,%xmm0
+	pshufd	\$0b11111111,%xmm0,%xmm3
+	pxor	%xmm3,%xmm2
+	ret
+
+.align 16
+.Lkey_expansion_192b:
+	movaps	%xmm0,%xmm3
+	shufps	\$0b01000100,%xmm0,%xmm5
+	$movkey	%xmm5,(%rax)
+	shufps	\$0b01001110,%xmm2,%xmm3
+	$movkey	%xmm3,16(%rax)
+	lea	32(%rax),%rax
+	jmp	.Lkey_expansion_192b_warm
+
+.align	16
+.Lkey_expansion_256a:
+	$movkey	%xmm2,(%rax)
+	lea	16(%rax),%rax
+.Lkey_expansion_256a_cold:
+	shufps	\$0b00010000,%xmm0,%xmm4
+	xorps	%xmm4,%xmm0
+	shufps	\$0b10001100,%xmm0,%xmm4
+	xorps	%xmm4,%xmm0
+	shufps	\$0b11111111,%xmm1,%xmm1	# critical path
+	xorps	%xmm1,%xmm0
+	ret
+
+.align 16
+.Lkey_expansion_256b:
+	$movkey	%xmm0,(%rax)
+	lea	16(%rax),%rax
+
+	shufps	\$0b00010000,%xmm2,%xmm4
+	xorps	%xmm4,%xmm2
+	shufps	\$0b10001100,%xmm2,%xmm4
+	xorps	%xmm4,%xmm2
+	shufps	\$0b10101010,%xmm1,%xmm1	# critical path
+	xorps	%xmm1,%xmm2
+	ret
+.size	${PREFIX}_set_encrypt_key,.-${PREFIX}_set_encrypt_key
+.size	__aesni_set_encrypt_key,.-__aesni_set_encrypt_key
+___
+}
+
+$code.=<<___;
+.align	64
+.Lbswap_mask:
+	.byte	15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0
+.Lincrement32:
+	.long	6,6,6,0
+.Lincrement64:
+	.long	1,0,0,0
+.Lxts_magic:
+	.long	0x87,0,1,0
+.Lincrement1:
+	.byte	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1
+.Lkey_rotate:
+	.long	0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d
+.Lkey_rotate192:
+	.long	0x04070605,0x04070605,0x04070605,0x04070605
+.Lkey_rcon1:
+	.long	1,1,1,1
+.Lkey_rcon1b:
+	.long	0x1b,0x1b,0x1b,0x1b
+
+.asciz  "AES for Intel AES-NI, CRYPTOGAMS by <appro\@openssl.org>"
+.align	64
+___
+
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern	__imp_RtlVirtualUnwind
+___
+$code.=<<___ if ($PREFIX eq "aesni");
+.type	ecb_ccm64_se_handler,\@abi-omnipotent
+.align	16
+ecb_ccm64_se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# prologue label
+	cmp	%r10,%rbx		# context->Rip<prologue label
+	jb	.Lcommon_seh_tail
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lcommon_seh_tail
+
+	lea	0(%rax),%rsi		# %xmm save area
+	lea	512($context),%rdi	# &context.Xmm6
+	mov	\$8,%ecx		# 4*sizeof(%xmm0)/sizeof(%rax)
+	.long	0xa548f3fc		# cld; rep movsq
+	lea	0x58(%rax),%rax		# adjust stack pointer
+
+	jmp	.Lcommon_seh_tail
+.size	ecb_ccm64_se_handler,.-ecb_ccm64_se_handler
+
+.type	ctr_xts_se_handler,\@abi-omnipotent
+.align	16
+ctr_xts_se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# prologue lable
+	cmp	%r10,%rbx		# context->Rip<prologue label
+	jb	.Lcommon_seh_tail
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lcommon_seh_tail
+
+	mov	208($context),%rax	# pull context->R11
+
+	lea	-0xa8(%rax),%rsi	# %xmm save area
+	lea	512($context),%rdi	# & context.Xmm6
+	mov	\$20,%ecx		# 10*sizeof(%xmm0)/sizeof(%rax)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	-8(%rax),%rbp		# restore saved %rbp
+	mov	%rbp,160($context)	# restore context->Rbp
+	jmp	.Lcommon_seh_tail
+.size	ctr_xts_se_handler,.-ctr_xts_se_handler
+
+.type	ocb_se_handler,\@abi-omnipotent
+.align	16
+ocb_se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# prologue lable
+	cmp	%r10,%rbx		# context->Rip<prologue label
+	jb	.Lcommon_seh_tail
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lcommon_seh_tail
+
+	mov	8(%r11),%r10d		# HandlerData[2]
+	lea	(%rsi,%r10),%r10
+	cmp	%r10,%rbx		# context->Rip>=pop label
+	jae	.Locb_no_xmm
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	lea	(%rax),%rsi		# %xmm save area
+	lea	512($context),%rdi	# & context.Xmm6
+	mov	\$20,%ecx		# 10*sizeof(%xmm0)/sizeof(%rax)
+	.long	0xa548f3fc		# cld; rep movsq
+	lea	0xa0+0x28(%rax),%rax
+
+.Locb_no_xmm:
+	mov	-8(%rax),%rbx
+	mov	-16(%rax),%rbp
+	mov	-24(%rax),%r12
+	mov	-32(%rax),%r13
+	mov	-40(%rax),%r14
+
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+	mov	%r14,232($context)	# restore context->R14
+
+	jmp	.Lcommon_seh_tail
+.size	ocb_se_handler,.-ocb_se_handler
+___
+$code.=<<___;
+.type	cbc_se_handler,\@abi-omnipotent
+.align	16
+cbc_se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	152($context),%rax	# pull context->Rsp
+	mov	248($context),%rbx	# pull context->Rip
+
+	lea	.Lcbc_decrypt_bulk(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip<"prologue" label
+	jb	.Lcommon_seh_tail
+
+	mov	120($context),%rax	# pull context->Rax
+
+	lea	.Lcbc_decrypt_body(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip<cbc_decrypt_body
+	jb	.Lcommon_seh_tail
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	lea	.Lcbc_ret(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip>="epilogue" label
+	jae	.Lcommon_seh_tail
+
+	lea	16(%rax),%rsi		# %xmm save area
+	lea	512($context),%rdi	# &context.Xmm6
+	mov	\$20,%ecx		# 10*sizeof(%xmm0)/sizeof(%rax)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	208($context),%rax	# pull context->R11
+
+	mov	-8(%rax),%rbp		# restore saved %rbp
+	mov	%rbp,160($context)	# restore context->Rbp
+
+.Lcommon_seh_tail:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$154,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	cbc_se_handler,.-cbc_se_handler
+
+.section	.pdata
+.align	4
+___
+$code.=<<___ if ($PREFIX eq "aesni");
+	.rva	.LSEH_begin_aesni_ecb_encrypt
+	.rva	.LSEH_end_aesni_ecb_encrypt
+	.rva	.LSEH_info_ecb
+
+	.rva	.LSEH_begin_aesni_ccm64_encrypt_blocks
+	.rva	.LSEH_end_aesni_ccm64_encrypt_blocks
+	.rva	.LSEH_info_ccm64_enc
+
+	.rva	.LSEH_begin_aesni_ccm64_decrypt_blocks
+	.rva	.LSEH_end_aesni_ccm64_decrypt_blocks
+	.rva	.LSEH_info_ccm64_dec
+
+	.rva	.LSEH_begin_aesni_ctr32_encrypt_blocks
+	.rva	.LSEH_end_aesni_ctr32_encrypt_blocks
+	.rva	.LSEH_info_ctr32
+
+	.rva	.LSEH_begin_aesni_xts_encrypt
+	.rva	.LSEH_end_aesni_xts_encrypt
+	.rva	.LSEH_info_xts_enc
+
+	.rva	.LSEH_begin_aesni_xts_decrypt
+	.rva	.LSEH_end_aesni_xts_decrypt
+	.rva	.LSEH_info_xts_dec
+
+	.rva	.LSEH_begin_aesni_ocb_encrypt
+	.rva	.LSEH_end_aesni_ocb_encrypt
+	.rva	.LSEH_info_ocb_enc
+
+	.rva	.LSEH_begin_aesni_ocb_decrypt
+	.rva	.LSEH_end_aesni_ocb_decrypt
+	.rva	.LSEH_info_ocb_dec
+___
+$code.=<<___;
+	.rva	.LSEH_begin_${PREFIX}_cbc_encrypt
+	.rva	.LSEH_end_${PREFIX}_cbc_encrypt
+	.rva	.LSEH_info_cbc
+
+	.rva	${PREFIX}_set_decrypt_key
+	.rva	.LSEH_end_set_decrypt_key
+	.rva	.LSEH_info_key
+
+	.rva	${PREFIX}_set_encrypt_key
+	.rva	.LSEH_end_set_encrypt_key
+	.rva	.LSEH_info_key
+.section	.xdata
+.align	8
+___
+$code.=<<___ if ($PREFIX eq "aesni");
+.LSEH_info_ecb:
+	.byte	9,0,0,0
+	.rva	ecb_ccm64_se_handler
+	.rva	.Lecb_enc_body,.Lecb_enc_ret		# HandlerData[]
+.LSEH_info_ccm64_enc:
+	.byte	9,0,0,0
+	.rva	ecb_ccm64_se_handler
+	.rva	.Lccm64_enc_body,.Lccm64_enc_ret	# HandlerData[]
+.LSEH_info_ccm64_dec:
+	.byte	9,0,0,0
+	.rva	ecb_ccm64_se_handler
+	.rva	.Lccm64_dec_body,.Lccm64_dec_ret	# HandlerData[]
+.LSEH_info_ctr32:
+	.byte	9,0,0,0
+	.rva	ctr_xts_se_handler
+	.rva	.Lctr32_body,.Lctr32_epilogue		# HandlerData[]
+.LSEH_info_xts_enc:
+	.byte	9,0,0,0
+	.rva	ctr_xts_se_handler
+	.rva	.Lxts_enc_body,.Lxts_enc_epilogue	# HandlerData[]
+.LSEH_info_xts_dec:
+	.byte	9,0,0,0
+	.rva	ctr_xts_se_handler
+	.rva	.Lxts_dec_body,.Lxts_dec_epilogue	# HandlerData[]
+.LSEH_info_ocb_enc:
+	.byte	9,0,0,0
+	.rva	ocb_se_handler
+	.rva	.Locb_enc_body,.Locb_enc_epilogue	# HandlerData[]
+	.rva	.Locb_enc_pop
+	.long	0
+.LSEH_info_ocb_dec:
+	.byte	9,0,0,0
+	.rva	ocb_se_handler
+	.rva	.Locb_dec_body,.Locb_dec_epilogue	# HandlerData[]
+	.rva	.Locb_dec_pop
+	.long	0
+___
+$code.=<<___;
+.LSEH_info_cbc:
+	.byte	9,0,0,0
+	.rva	cbc_se_handler
+.LSEH_info_key:
+	.byte	0x01,0x04,0x01,0x00
+	.byte	0x04,0x02,0x00,0x00	# sub rsp,8
+___
+}
+
+sub rex {
+  local *opcode=shift;
+  my ($dst,$src)=@_;
+  my $rex=0;
+
+    $rex|=0x04			if($dst>=8);
+    $rex|=0x01			if($src>=8);
+    push @opcode,$rex|0x40	if($rex);
+}
+
+sub aesni {
+  my $line=shift;
+  my @opcode=(0x66);
+
+    if ($line=~/(aeskeygenassist)\s+\$([x0-9a-f]+),\s*%xmm([0-9]+),\s*%xmm([0-9]+)/) {
+	rex(\@opcode,$4,$3);
+	push @opcode,0x0f,0x3a,0xdf;
+	push @opcode,0xc0|($3&7)|(($4&7)<<3);	# ModR/M
+	my $c=$2;
+	push @opcode,$c=~/^0/?oct($c):$c;
+	return ".byte\t".join(',',@opcode);
+    }
+    elsif ($line=~/(aes[a-z]+)\s+%xmm([0-9]+),\s*%xmm([0-9]+)/) {
+	my %opcodelet = (
+		"aesimc" => 0xdb,
+		"aesenc" => 0xdc,	"aesenclast" => 0xdd,
+		"aesdec" => 0xde,	"aesdeclast" => 0xdf
+	);
+	return undef if (!defined($opcodelet{$1}));
+	rex(\@opcode,$3,$2);
+	push @opcode,0x0f,0x38,$opcodelet{$1};
+	push @opcode,0xc0|($2&7)|(($3&7)<<3);	# ModR/M
+	return ".byte\t".join(',',@opcode);
+    }
+    elsif ($line=~/(aes[a-z]+)\s+([0x1-9a-fA-F]*)\(%rsp\),\s*%xmm([0-9]+)/) {
+	my %opcodelet = (
+		"aesenc" => 0xdc,	"aesenclast" => 0xdd,
+		"aesdec" => 0xde,	"aesdeclast" => 0xdf
+	);
+	return undef if (!defined($opcodelet{$1}));
+	my $off = $2;
+	push @opcode,0x44 if ($3>=8);
+	push @opcode,0x0f,0x38,$opcodelet{$1};
+	push @opcode,0x44|(($3&7)<<3),0x24;	# ModR/M
+	push @opcode,($off=~/^0/?oct($off):$off)&0xff;
+	return ".byte\t".join(',',@opcode);
+    }
+    return $line;
+}
+
+sub movbe {
+	".byte	0x0f,0x38,0xf1,0x44,0x24,".shift;
+}
+
+$code =~ s/\`([^\`]*)\`/eval($1)/gem;
+$code =~ s/\b(aes.*%xmm[0-9]+).*$/aesni($1)/gem;
+#$code =~ s/\bmovbe\s+%eax/bswap %eax; mov %eax/gm;	# debugging artefact
+$code =~ s/\bmovbe\s+%eax,\s*([0-9]+)\(%rsp\)/movbe($1)/gem;
+
+print $code;
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aesp8-ppc.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aesp8-ppc.pl
new file mode 100755
index 000000000..488b13325
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aesp8-ppc.pl
@@ -0,0 +1,3807 @@
+#! /usr/bin/env perl
+# Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# This module implements support for AES instructions as per PowerISA
+# specification version 2.07, first implemented by POWER8 processor.
+# The module is endian-agnostic in sense that it supports both big-
+# and little-endian cases. Data alignment in parallelizable modes is
+# handled with VSX loads and stores, which implies MSR.VSX flag being
+# set. It should also be noted that ISA specification doesn't prohibit
+# alignment exceptions for these instructions on page boundaries.
+# Initially alignment was handled in pure AltiVec/VMX way [when data
+# is aligned programmatically, which in turn guarantees exception-
+# free execution], but it turned to hamper performance when vcipher
+# instructions are interleaved. It's reckoned that eventual
+# misalignment penalties at page boundaries are in average lower
+# than additional overhead in pure AltiVec approach.
+#
+# May 2016
+#
+# Add XTS subroutine, 9x on little- and 12x improvement on big-endian
+# systems were measured.
+#
+######################################################################
+# Current large-block performance in cycles per byte processed with
+# 128-bit key (less is better).
+#
+#		CBC en-/decrypt	CTR	XTS
+# POWER8[le]	3.96/0.72	0.74	1.1
+# POWER8[be]	3.75/0.65	0.66	1.0
+# POWER9[le]	4.02/0.86	0.84	1.05
+# POWER9[be]	3.99/0.78	0.79	0.97
+
+$flavour = shift;
+
+if ($flavour =~ /64/) {
+	$SIZE_T	=8;
+	$LRSAVE	=2*$SIZE_T;
+	$STU	="stdu";
+	$POP	="ld";
+	$PUSH	="std";
+	$UCMP	="cmpld";
+	$SHL	="sldi";
+} elsif ($flavour =~ /32/) {
+	$SIZE_T	=4;
+	$LRSAVE	=$SIZE_T;
+	$STU	="stwu";
+	$POP	="lwz";
+	$PUSH	="stw";
+	$UCMP	="cmplw";
+	$SHL	="slwi";
+} else { die "nonsense $flavour"; }
+
+$LITTLE_ENDIAN = ($flavour=~/le$/) ? $SIZE_T : 0;
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
+die "can't locate ppc-xlate.pl";
+
+open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!";
+
+$FRAME=8*$SIZE_T;
+$prefix="aes_p8";
+
+$sp="r1";
+$vrsave="r12";
+
+#########################################################################
+{{{	# Key setup procedures						#
+my ($inp,$bits,$out,$ptr,$cnt,$rounds)=map("r$_",(3..8));
+my ($zero,$in0,$in1,$key,$rcon,$mask,$tmp)=map("v$_",(0..6));
+my ($stage,$outperm,$outmask,$outhead,$outtail)=map("v$_",(7..11));
+
+$code.=<<___;
+.machine	"any"
+
+.text
+
+.align	7
+rcon:
+.long	0x01000000, 0x01000000, 0x01000000, 0x01000000	?rev
+.long	0x1b000000, 0x1b000000, 0x1b000000, 0x1b000000	?rev
+.long	0x0d0e0f0c, 0x0d0e0f0c, 0x0d0e0f0c, 0x0d0e0f0c	?rev
+.long	0,0,0,0						?asis
+Lconsts:
+	mflr	r0
+	bcl	20,31,\$+4
+	mflr	$ptr	 #vvvvv "distance between . and rcon
+	addi	$ptr,$ptr,-0x48
+	mtlr	r0
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+.asciz	"AES for PowerISA 2.07, CRYPTOGAMS by <appro\@openssl.org>"
+
+.globl	.${prefix}_set_encrypt_key
+.align	5
+.${prefix}_set_encrypt_key:
+Lset_encrypt_key:
+	mflr		r11
+	$PUSH		r11,$LRSAVE($sp)
+
+	li		$ptr,-1
+	${UCMP}i	$inp,0
+	beq-		Lenc_key_abort		# if ($inp==0) return -1;
+	${UCMP}i	$out,0
+	beq-		Lenc_key_abort		# if ($out==0) return -1;
+	li		$ptr,-2
+	cmpwi		$bits,128
+	blt-		Lenc_key_abort
+	cmpwi		$bits,256
+	bgt-		Lenc_key_abort
+	andi.		r0,$bits,0x3f
+	bne-		Lenc_key_abort
+
+	lis		r0,0xfff0
+	mfspr		$vrsave,256
+	mtspr		256,r0
+
+	bl		Lconsts
+	mtlr		r11
+
+	neg		r9,$inp
+	lvx		$in0,0,$inp
+	addi		$inp,$inp,15		# 15 is not typo
+	lvsr		$key,0,r9		# borrow $key
+	li		r8,0x20
+	cmpwi		$bits,192
+	lvx		$in1,0,$inp
+	le?vspltisb	$mask,0x0f		# borrow $mask
+	lvx		$rcon,0,$ptr
+	le?vxor		$key,$key,$mask		# adjust for byte swap
+	lvx		$mask,r8,$ptr
+	addi		$ptr,$ptr,0x10
+	vperm		$in0,$in0,$in1,$key	# align [and byte swap in LE]
+	li		$cnt,8
+	vxor		$zero,$zero,$zero
+	mtctr		$cnt
+
+	?lvsr		$outperm,0,$out
+	vspltisb	$outmask,-1
+	lvx		$outhead,0,$out
+	?vperm		$outmask,$zero,$outmask,$outperm
+
+	blt		Loop128
+	addi		$inp,$inp,8
+	beq		L192
+	addi		$inp,$inp,8
+	b		L256
+
+.align	4
+Loop128:
+	vperm		$key,$in0,$in0,$mask	# rotate-n-splat
+	vsldoi		$tmp,$zero,$in0,12	# >>32
+	 vperm		$outtail,$in0,$in0,$outperm	# rotate
+	 vsel		$stage,$outhead,$outtail,$outmask
+	 vmr		$outhead,$outtail
+	vcipherlast	$key,$key,$rcon
+	 stvx		$stage,0,$out
+	 addi		$out,$out,16
+
+	vxor		$in0,$in0,$tmp
+	vsldoi		$tmp,$zero,$tmp,12	# >>32
+	vxor		$in0,$in0,$tmp
+	vsldoi		$tmp,$zero,$tmp,12	# >>32
+	vxor		$in0,$in0,$tmp
+	 vadduwm	$rcon,$rcon,$rcon
+	vxor		$in0,$in0,$key
+	bdnz		Loop128
+
+	lvx		$rcon,0,$ptr		# last two round keys
+
+	vperm		$key,$in0,$in0,$mask	# rotate-n-splat
+	vsldoi		$tmp,$zero,$in0,12	# >>32
+	 vperm		$outtail,$in0,$in0,$outperm	# rotate
+	 vsel		$stage,$outhead,$outtail,$outmask
+	 vmr		$outhead,$outtail
+	vcipherlast	$key,$key,$rcon
+	 stvx		$stage,0,$out
+	 addi		$out,$out,16
+
+	vxor		$in0,$in0,$tmp
+	vsldoi		$tmp,$zero,$tmp,12	# >>32
+	vxor		$in0,$in0,$tmp
+	vsldoi		$tmp,$zero,$tmp,12	# >>32
+	vxor		$in0,$in0,$tmp
+	 vadduwm	$rcon,$rcon,$rcon
+	vxor		$in0,$in0,$key
+
+	vperm		$key,$in0,$in0,$mask	# rotate-n-splat
+	vsldoi		$tmp,$zero,$in0,12	# >>32
+	 vperm		$outtail,$in0,$in0,$outperm	# rotate
+	 vsel		$stage,$outhead,$outtail,$outmask
+	 vmr		$outhead,$outtail
+	vcipherlast	$key,$key,$rcon
+	 stvx		$stage,0,$out
+	 addi		$out,$out,16
+
+	vxor		$in0,$in0,$tmp
+	vsldoi		$tmp,$zero,$tmp,12	# >>32
+	vxor		$in0,$in0,$tmp
+	vsldoi		$tmp,$zero,$tmp,12	# >>32
+	vxor		$in0,$in0,$tmp
+	vxor		$in0,$in0,$key
+	 vperm		$outtail,$in0,$in0,$outperm	# rotate
+	 vsel		$stage,$outhead,$outtail,$outmask
+	 vmr		$outhead,$outtail
+	 stvx		$stage,0,$out
+
+	addi		$inp,$out,15		# 15 is not typo
+	addi		$out,$out,0x50
+
+	li		$rounds,10
+	b		Ldone
+
+.align	4
+L192:
+	lvx		$tmp,0,$inp
+	li		$cnt,4
+	 vperm		$outtail,$in0,$in0,$outperm	# rotate
+	 vsel		$stage,$outhead,$outtail,$outmask
+	 vmr		$outhead,$outtail
+	 stvx		$stage,0,$out
+	 addi		$out,$out,16
+	vperm		$in1,$in1,$tmp,$key	# align [and byte swap in LE]
+	vspltisb	$key,8			# borrow $key
+	mtctr		$cnt
+	vsububm		$mask,$mask,$key	# adjust the mask
+
+Loop192:
+	vperm		$key,$in1,$in1,$mask	# roate-n-splat
+	vsldoi		$tmp,$zero,$in0,12	# >>32
+	vcipherlast	$key,$key,$rcon
+
+	vxor		$in0,$in0,$tmp
+	vsldoi		$tmp,$zero,$tmp,12	# >>32
+	vxor		$in0,$in0,$tmp
+	vsldoi		$tmp,$zero,$tmp,12	# >>32
+	vxor		$in0,$in0,$tmp
+
+	 vsldoi		$stage,$zero,$in1,8
+	vspltw		$tmp,$in0,3
+	vxor		$tmp,$tmp,$in1
+	vsldoi		$in1,$zero,$in1,12	# >>32
+	 vadduwm	$rcon,$rcon,$rcon
+	vxor		$in1,$in1,$tmp
+	vxor		$in0,$in0,$key
+	vxor		$in1,$in1,$key
+	 vsldoi		$stage,$stage,$in0,8
+
+	vperm		$key,$in1,$in1,$mask	# rotate-n-splat
+	vsldoi		$tmp,$zero,$in0,12	# >>32
+	 vperm		$outtail,$stage,$stage,$outperm	# rotate
+	 vsel		$stage,$outhead,$outtail,$outmask
+	 vmr		$outhead,$outtail
+	vcipherlast	$key,$key,$rcon
+	 stvx		$stage,0,$out
+	 addi		$out,$out,16
+
+	 vsldoi		$stage,$in0,$in1,8
+	vxor		$in0,$in0,$tmp
+	vsldoi		$tmp,$zero,$tmp,12	# >>32
+	 vperm		$outtail,$stage,$stage,$outperm	# rotate
+	 vsel		$stage,$outhead,$outtail,$outmask
+	 vmr		$outhead,$outtail
+	vxor		$in0,$in0,$tmp
+	vsldoi		$tmp,$zero,$tmp,12	# >>32
+	vxor		$in0,$in0,$tmp
+	 stvx		$stage,0,$out
+	 addi		$out,$out,16
+
+	vspltw		$tmp,$in0,3
+	vxor		$tmp,$tmp,$in1
+	vsldoi		$in1,$zero,$in1,12	# >>32
+	 vadduwm	$rcon,$rcon,$rcon
+	vxor		$in1,$in1,$tmp
+	vxor		$in0,$in0,$key
+	vxor		$in1,$in1,$key
+	 vperm		$outtail,$in0,$in0,$outperm	# rotate
+	 vsel		$stage,$outhead,$outtail,$outmask
+	 vmr		$outhead,$outtail
+	 stvx		$stage,0,$out
+	 addi		$inp,$out,15		# 15 is not typo
+	 addi		$out,$out,16
+	bdnz		Loop192
+
+	li		$rounds,12
+	addi		$out,$out,0x20
+	b		Ldone
+
+.align	4
+L256:
+	lvx		$tmp,0,$inp
+	li		$cnt,7
+	li		$rounds,14
+	 vperm		$outtail,$in0,$in0,$outperm	# rotate
+	 vsel		$stage,$outhead,$outtail,$outmask
+	 vmr		$outhead,$outtail
+	 stvx		$stage,0,$out
+	 addi		$out,$out,16
+	vperm		$in1,$in1,$tmp,$key	# align [and byte swap in LE]
+	mtctr		$cnt
+
+Loop256:
+	vperm		$key,$in1,$in1,$mask	# rotate-n-splat
+	vsldoi		$tmp,$zero,$in0,12	# >>32
+	 vperm		$outtail,$in1,$in1,$outperm	# rotate
+	 vsel		$stage,$outhead,$outtail,$outmask
+	 vmr		$outhead,$outtail
+	vcipherlast	$key,$key,$rcon
+	 stvx		$stage,0,$out
+	 addi		$out,$out,16
+
+	vxor		$in0,$in0,$tmp
+	vsldoi		$tmp,$zero,$tmp,12	# >>32
+	vxor		$in0,$in0,$tmp
+	vsldoi		$tmp,$zero,$tmp,12	# >>32
+	vxor		$in0,$in0,$tmp
+	 vadduwm	$rcon,$rcon,$rcon
+	vxor		$in0,$in0,$key
+	 vperm		$outtail,$in0,$in0,$outperm	# rotate
+	 vsel		$stage,$outhead,$outtail,$outmask
+	 vmr		$outhead,$outtail
+	 stvx		$stage,0,$out
+	 addi		$inp,$out,15		# 15 is not typo
+	 addi		$out,$out,16
+	bdz		Ldone
+
+	vspltw		$key,$in0,3		# just splat
+	vsldoi		$tmp,$zero,$in1,12	# >>32
+	vsbox		$key,$key
+
+	vxor		$in1,$in1,$tmp
+	vsldoi		$tmp,$zero,$tmp,12	# >>32
+	vxor		$in1,$in1,$tmp
+	vsldoi		$tmp,$zero,$tmp,12	# >>32
+	vxor		$in1,$in1,$tmp
+
+	vxor		$in1,$in1,$key
+	b		Loop256
+
+.align	4
+Ldone:
+	lvx		$in1,0,$inp		# redundant in aligned case
+	vsel		$in1,$outhead,$in1,$outmask
+	stvx		$in1,0,$inp
+	li		$ptr,0
+	mtspr		256,$vrsave
+	stw		$rounds,0($out)
+
+Lenc_key_abort:
+	mr		r3,$ptr
+	blr
+	.long		0
+	.byte		0,12,0x14,1,0,0,3,0
+	.long		0
+.size	.${prefix}_set_encrypt_key,.-.${prefix}_set_encrypt_key
+
+.globl	.${prefix}_set_decrypt_key
+.align	5
+.${prefix}_set_decrypt_key:
+	$STU		$sp,-$FRAME($sp)
+	mflr		r10
+	$PUSH		r10,$FRAME+$LRSAVE($sp)
+	bl		Lset_encrypt_key
+	mtlr		r10
+
+	cmpwi		r3,0
+	bne-		Ldec_key_abort
+
+	slwi		$cnt,$rounds,4
+	subi		$inp,$out,240		# first round key
+	srwi		$rounds,$rounds,1
+	add		$out,$inp,$cnt		# last round key
+	mtctr		$rounds
+
+Ldeckey:
+	lwz		r0, 0($inp)
+	lwz		r6, 4($inp)
+	lwz		r7, 8($inp)
+	lwz		r8, 12($inp)
+	addi		$inp,$inp,16
+	lwz		r9, 0($out)
+	lwz		r10,4($out)
+	lwz		r11,8($out)
+	lwz		r12,12($out)
+	stw		r0, 0($out)
+	stw		r6, 4($out)
+	stw		r7, 8($out)
+	stw		r8, 12($out)
+	subi		$out,$out,16
+	stw		r9, -16($inp)
+	stw		r10,-12($inp)
+	stw		r11,-8($inp)
+	stw		r12,-4($inp)
+	bdnz		Ldeckey
+
+	xor		r3,r3,r3		# return value
+Ldec_key_abort:
+	addi		$sp,$sp,$FRAME
+	blr
+	.long		0
+	.byte		0,12,4,1,0x80,0,3,0
+	.long		0
+.size	.${prefix}_set_decrypt_key,.-.${prefix}_set_decrypt_key
+___
+}}}
+#########################################################################
+{{{	# Single block en- and decrypt procedures			#
+sub gen_block () {
+my $dir = shift;
+my $n   = $dir eq "de" ? "n" : "";
+my ($inp,$out,$key,$rounds,$idx)=map("r$_",(3..7));
+
+$code.=<<___;
+.globl	.${prefix}_${dir}crypt
+.align	5
+.${prefix}_${dir}crypt:
+	lwz		$rounds,240($key)
+	lis		r0,0xfc00
+	mfspr		$vrsave,256
+	li		$idx,15			# 15 is not typo
+	mtspr		256,r0
+
+	lvx		v0,0,$inp
+	neg		r11,$out
+	lvx		v1,$idx,$inp
+	lvsl		v2,0,$inp		# inpperm
+	le?vspltisb	v4,0x0f
+	?lvsl		v3,0,r11		# outperm
+	le?vxor		v2,v2,v4
+	li		$idx,16
+	vperm		v0,v0,v1,v2		# align [and byte swap in LE]
+	lvx		v1,0,$key
+	?lvsl		v5,0,$key		# keyperm
+	srwi		$rounds,$rounds,1
+	lvx		v2,$idx,$key
+	addi		$idx,$idx,16
+	subi		$rounds,$rounds,1
+	?vperm		v1,v1,v2,v5		# align round key
+
+	vxor		v0,v0,v1
+	lvx		v1,$idx,$key
+	addi		$idx,$idx,16
+	mtctr		$rounds
+
+Loop_${dir}c:
+	?vperm		v2,v2,v1,v5
+	v${n}cipher	v0,v0,v2
+	lvx		v2,$idx,$key
+	addi		$idx,$idx,16
+	?vperm		v1,v1,v2,v5
+	v${n}cipher	v0,v0,v1
+	lvx		v1,$idx,$key
+	addi		$idx,$idx,16
+	bdnz		Loop_${dir}c
+
+	?vperm		v2,v2,v1,v5
+	v${n}cipher	v0,v0,v2
+	lvx		v2,$idx,$key
+	?vperm		v1,v1,v2,v5
+	v${n}cipherlast	v0,v0,v1
+
+	vspltisb	v2,-1
+	vxor		v1,v1,v1
+	li		$idx,15			# 15 is not typo
+	?vperm		v2,v1,v2,v3		# outmask
+	le?vxor		v3,v3,v4
+	lvx		v1,0,$out		# outhead
+	vperm		v0,v0,v0,v3		# rotate [and byte swap in LE]
+	vsel		v1,v1,v0,v2
+	lvx		v4,$idx,$out
+	stvx		v1,0,$out
+	vsel		v0,v0,v4,v2
+	stvx		v0,$idx,$out
+
+	mtspr		256,$vrsave
+	blr
+	.long		0
+	.byte		0,12,0x14,0,0,0,3,0
+	.long		0
+.size	.${prefix}_${dir}crypt,.-.${prefix}_${dir}crypt
+___
+}
+&gen_block("en");
+&gen_block("de");
+}}}
+#########################################################################
+{{{	# CBC en- and decrypt procedures				#
+my ($inp,$out,$len,$key,$ivp,$enc,$rounds,$idx)=map("r$_",(3..10));
+my ($rndkey0,$rndkey1,$inout,$tmp)=		map("v$_",(0..3));
+my ($ivec,$inptail,$inpperm,$outhead,$outperm,$outmask,$keyperm)=
+						map("v$_",(4..10));
+$code.=<<___;
+.globl	.${prefix}_cbc_encrypt
+.align	5
+.${prefix}_cbc_encrypt:
+	${UCMP}i	$len,16
+	bltlr-
+
+	cmpwi		$enc,0			# test direction
+	lis		r0,0xffe0
+	mfspr		$vrsave,256
+	mtspr		256,r0
+
+	li		$idx,15
+	vxor		$rndkey0,$rndkey0,$rndkey0
+	le?vspltisb	$tmp,0x0f
+
+	lvx		$ivec,0,$ivp		# load [unaligned] iv
+	lvsl		$inpperm,0,$ivp
+	lvx		$inptail,$idx,$ivp
+	le?vxor		$inpperm,$inpperm,$tmp
+	vperm		$ivec,$ivec,$inptail,$inpperm
+
+	neg		r11,$inp
+	?lvsl		$keyperm,0,$key		# prepare for unaligned key
+	lwz		$rounds,240($key)
+
+	lvsr		$inpperm,0,r11		# prepare for unaligned load
+	lvx		$inptail,0,$inp
+	addi		$inp,$inp,15		# 15 is not typo
+	le?vxor		$inpperm,$inpperm,$tmp
+
+	?lvsr		$outperm,0,$out		# prepare for unaligned store
+	vspltisb	$outmask,-1
+	lvx		$outhead,0,$out
+	?vperm		$outmask,$rndkey0,$outmask,$outperm
+	le?vxor		$outperm,$outperm,$tmp
+
+	srwi		$rounds,$rounds,1
+	li		$idx,16
+	subi		$rounds,$rounds,1
+	beq		Lcbc_dec
+
+Lcbc_enc:
+	vmr		$inout,$inptail
+	lvx		$inptail,0,$inp
+	addi		$inp,$inp,16
+	mtctr		$rounds
+	subi		$len,$len,16		# len-=16
+
+	lvx		$rndkey0,0,$key
+	 vperm		$inout,$inout,$inptail,$inpperm
+	lvx		$rndkey1,$idx,$key
+	addi		$idx,$idx,16
+	?vperm		$rndkey0,$rndkey0,$rndkey1,$keyperm
+	vxor		$inout,$inout,$rndkey0
+	lvx		$rndkey0,$idx,$key
+	addi		$idx,$idx,16
+	vxor		$inout,$inout,$ivec
+
+Loop_cbc_enc:
+	?vperm		$rndkey1,$rndkey1,$rndkey0,$keyperm
+	vcipher		$inout,$inout,$rndkey1
+	lvx		$rndkey1,$idx,$key
+	addi		$idx,$idx,16
+	?vperm		$rndkey0,$rndkey0,$rndkey1,$keyperm
+	vcipher		$inout,$inout,$rndkey0
+	lvx		$rndkey0,$idx,$key
+	addi		$idx,$idx,16
+	bdnz		Loop_cbc_enc
+
+	?vperm		$rndkey1,$rndkey1,$rndkey0,$keyperm
+	vcipher		$inout,$inout,$rndkey1
+	lvx		$rndkey1,$idx,$key
+	li		$idx,16
+	?vperm		$rndkey0,$rndkey0,$rndkey1,$keyperm
+	vcipherlast	$ivec,$inout,$rndkey0
+	${UCMP}i	$len,16
+
+	vperm		$tmp,$ivec,$ivec,$outperm
+	vsel		$inout,$outhead,$tmp,$outmask
+	vmr		$outhead,$tmp
+	stvx		$inout,0,$out
+	addi		$out,$out,16
+	bge		Lcbc_enc
+
+	b		Lcbc_done
+
+.align	4
+Lcbc_dec:
+	${UCMP}i	$len,128
+	bge		_aesp8_cbc_decrypt8x
+	vmr		$tmp,$inptail
+	lvx		$inptail,0,$inp
+	addi		$inp,$inp,16
+	mtctr		$rounds
+	subi		$len,$len,16		# len-=16
+
+	lvx		$rndkey0,0,$key
+	 vperm		$tmp,$tmp,$inptail,$inpperm
+	lvx		$rndkey1,$idx,$key
+	addi		$idx,$idx,16
+	?vperm		$rndkey0,$rndkey0,$rndkey1,$keyperm
+	vxor		$inout,$tmp,$rndkey0
+	lvx		$rndkey0,$idx,$key
+	addi		$idx,$idx,16
+
+Loop_cbc_dec:
+	?vperm		$rndkey1,$rndkey1,$rndkey0,$keyperm
+	vncipher	$inout,$inout,$rndkey1
+	lvx		$rndkey1,$idx,$key
+	addi		$idx,$idx,16
+	?vperm		$rndkey0,$rndkey0,$rndkey1,$keyperm
+	vncipher	$inout,$inout,$rndkey0
+	lvx		$rndkey0,$idx,$key
+	addi		$idx,$idx,16
+	bdnz		Loop_cbc_dec
+
+	?vperm		$rndkey1,$rndkey1,$rndkey0,$keyperm
+	vncipher	$inout,$inout,$rndkey1
+	lvx		$rndkey1,$idx,$key
+	li		$idx,16
+	?vperm		$rndkey0,$rndkey0,$rndkey1,$keyperm
+	vncipherlast	$inout,$inout,$rndkey0
+	${UCMP}i	$len,16
+
+	vxor		$inout,$inout,$ivec
+	vmr		$ivec,$tmp
+	vperm		$tmp,$inout,$inout,$outperm
+	vsel		$inout,$outhead,$tmp,$outmask
+	vmr		$outhead,$tmp
+	stvx		$inout,0,$out
+	addi		$out,$out,16
+	bge		Lcbc_dec
+
+Lcbc_done:
+	addi		$out,$out,-1
+	lvx		$inout,0,$out		# redundant in aligned case
+	vsel		$inout,$outhead,$inout,$outmask
+	stvx		$inout,0,$out
+
+	neg		$enc,$ivp		# write [unaligned] iv
+	li		$idx,15			# 15 is not typo
+	vxor		$rndkey0,$rndkey0,$rndkey0
+	vspltisb	$outmask,-1
+	le?vspltisb	$tmp,0x0f
+	?lvsl		$outperm,0,$enc
+	?vperm		$outmask,$rndkey0,$outmask,$outperm
+	le?vxor		$outperm,$outperm,$tmp
+	lvx		$outhead,0,$ivp
+	vperm		$ivec,$ivec,$ivec,$outperm
+	vsel		$inout,$outhead,$ivec,$outmask
+	lvx		$inptail,$idx,$ivp
+	stvx		$inout,0,$ivp
+	vsel		$inout,$ivec,$inptail,$outmask
+	stvx		$inout,$idx,$ivp
+
+	mtspr		256,$vrsave
+	blr
+	.long		0
+	.byte		0,12,0x14,0,0,0,6,0
+	.long		0
+___
+#########################################################################
+{{	# Optimized CBC decrypt procedure				#
+my $key_="r11";
+my ($x00,$x10,$x20,$x30,$x40,$x50,$x60,$x70)=map("r$_",(0,8,26..31));
+    $x00=0 if ($flavour =~ /osx/);
+my ($in0, $in1, $in2, $in3, $in4, $in5, $in6, $in7 )=map("v$_",(0..3,10..13));
+my ($out0,$out1,$out2,$out3,$out4,$out5,$out6,$out7)=map("v$_",(14..21));
+my $rndkey0="v23";	# v24-v25 rotating buffer for first found keys
+			# v26-v31 last 6 round keys
+my ($tmp,$keyperm)=($in3,$in4);	# aliases with "caller", redundant assignment
+
+$code.=<<___;
+.align	5
+_aesp8_cbc_decrypt8x:
+	$STU		$sp,-`($FRAME+21*16+6*$SIZE_T)`($sp)
+	li		r10,`$FRAME+8*16+15`
+	li		r11,`$FRAME+8*16+31`
+	stvx		v20,r10,$sp		# ABI says so
+	addi		r10,r10,32
+	stvx		v21,r11,$sp
+	addi		r11,r11,32
+	stvx		v22,r10,$sp
+	addi		r10,r10,32
+	stvx		v23,r11,$sp
+	addi		r11,r11,32
+	stvx		v24,r10,$sp
+	addi		r10,r10,32
+	stvx		v25,r11,$sp
+	addi		r11,r11,32
+	stvx		v26,r10,$sp
+	addi		r10,r10,32
+	stvx		v27,r11,$sp
+	addi		r11,r11,32
+	stvx		v28,r10,$sp
+	addi		r10,r10,32
+	stvx		v29,r11,$sp
+	addi		r11,r11,32
+	stvx		v30,r10,$sp
+	stvx		v31,r11,$sp
+	li		r0,-1
+	stw		$vrsave,`$FRAME+21*16-4`($sp)	# save vrsave
+	li		$x10,0x10
+	$PUSH		r26,`$FRAME+21*16+0*$SIZE_T`($sp)
+	li		$x20,0x20
+	$PUSH		r27,`$FRAME+21*16+1*$SIZE_T`($sp)
+	li		$x30,0x30
+	$PUSH		r28,`$FRAME+21*16+2*$SIZE_T`($sp)
+	li		$x40,0x40
+	$PUSH		r29,`$FRAME+21*16+3*$SIZE_T`($sp)
+	li		$x50,0x50
+	$PUSH		r30,`$FRAME+21*16+4*$SIZE_T`($sp)
+	li		$x60,0x60
+	$PUSH		r31,`$FRAME+21*16+5*$SIZE_T`($sp)
+	li		$x70,0x70
+	mtspr		256,r0
+
+	subi		$rounds,$rounds,3	# -4 in total
+	subi		$len,$len,128		# bias
+
+	lvx		$rndkey0,$x00,$key	# load key schedule
+	lvx		v30,$x10,$key
+	addi		$key,$key,0x20
+	lvx		v31,$x00,$key
+	?vperm		$rndkey0,$rndkey0,v30,$keyperm
+	addi		$key_,$sp,$FRAME+15
+	mtctr		$rounds
+
+Load_cbc_dec_key:
+	?vperm		v24,v30,v31,$keyperm
+	lvx		v30,$x10,$key
+	addi		$key,$key,0x20
+	stvx		v24,$x00,$key_		# off-load round[1]
+	?vperm		v25,v31,v30,$keyperm
+	lvx		v31,$x00,$key
+	stvx		v25,$x10,$key_		# off-load round[2]
+	addi		$key_,$key_,0x20
+	bdnz		Load_cbc_dec_key
+
+	lvx		v26,$x10,$key
+	?vperm		v24,v30,v31,$keyperm
+	lvx		v27,$x20,$key
+	stvx		v24,$x00,$key_		# off-load round[3]
+	?vperm		v25,v31,v26,$keyperm
+	lvx		v28,$x30,$key
+	stvx		v25,$x10,$key_		# off-load round[4]
+	addi		$key_,$sp,$FRAME+15	# rewind $key_
+	?vperm		v26,v26,v27,$keyperm
+	lvx		v29,$x40,$key
+	?vperm		v27,v27,v28,$keyperm
+	lvx		v30,$x50,$key
+	?vperm		v28,v28,v29,$keyperm
+	lvx		v31,$x60,$key
+	?vperm		v29,v29,v30,$keyperm
+	lvx		$out0,$x70,$key		# borrow $out0
+	?vperm		v30,v30,v31,$keyperm
+	lvx		v24,$x00,$key_		# pre-load round[1]
+	?vperm		v31,v31,$out0,$keyperm
+	lvx		v25,$x10,$key_		# pre-load round[2]
+
+	#lvx		$inptail,0,$inp		# "caller" already did this
+	#addi		$inp,$inp,15		# 15 is not typo
+	subi		$inp,$inp,15		# undo "caller"
+
+	 le?li		$idx,8
+	lvx_u		$in0,$x00,$inp		# load first 8 "words"
+	 le?lvsl	$inpperm,0,$idx
+	 le?vspltisb	$tmp,0x0f
+	lvx_u		$in1,$x10,$inp
+	 le?vxor	$inpperm,$inpperm,$tmp	# transform for lvx_u/stvx_u
+	lvx_u		$in2,$x20,$inp
+	 le?vperm	$in0,$in0,$in0,$inpperm
+	lvx_u		$in3,$x30,$inp
+	 le?vperm	$in1,$in1,$in1,$inpperm
+	lvx_u		$in4,$x40,$inp
+	 le?vperm	$in2,$in2,$in2,$inpperm
+	vxor		$out0,$in0,$rndkey0
+	lvx_u		$in5,$x50,$inp
+	 le?vperm	$in3,$in3,$in3,$inpperm
+	vxor		$out1,$in1,$rndkey0
+	lvx_u		$in6,$x60,$inp
+	 le?vperm	$in4,$in4,$in4,$inpperm
+	vxor		$out2,$in2,$rndkey0
+	lvx_u		$in7,$x70,$inp
+	addi		$inp,$inp,0x80
+	 le?vperm	$in5,$in5,$in5,$inpperm
+	vxor		$out3,$in3,$rndkey0
+	 le?vperm	$in6,$in6,$in6,$inpperm
+	vxor		$out4,$in4,$rndkey0
+	 le?vperm	$in7,$in7,$in7,$inpperm
+	vxor		$out5,$in5,$rndkey0
+	vxor		$out6,$in6,$rndkey0
+	vxor		$out7,$in7,$rndkey0
+
+	mtctr		$rounds
+	b		Loop_cbc_dec8x
+.align	5
+Loop_cbc_dec8x:
+	vncipher	$out0,$out0,v24
+	vncipher	$out1,$out1,v24
+	vncipher	$out2,$out2,v24
+	vncipher	$out3,$out3,v24
+	vncipher	$out4,$out4,v24
+	vncipher	$out5,$out5,v24
+	vncipher	$out6,$out6,v24
+	vncipher	$out7,$out7,v24
+	lvx		v24,$x20,$key_		# round[3]
+	addi		$key_,$key_,0x20
+
+	vncipher	$out0,$out0,v25
+	vncipher	$out1,$out1,v25
+	vncipher	$out2,$out2,v25
+	vncipher	$out3,$out3,v25
+	vncipher	$out4,$out4,v25
+	vncipher	$out5,$out5,v25
+	vncipher	$out6,$out6,v25
+	vncipher	$out7,$out7,v25
+	lvx		v25,$x10,$key_		# round[4]
+	bdnz		Loop_cbc_dec8x
+
+	subic		$len,$len,128		# $len-=128
+	vncipher	$out0,$out0,v24
+	vncipher	$out1,$out1,v24
+	vncipher	$out2,$out2,v24
+	vncipher	$out3,$out3,v24
+	vncipher	$out4,$out4,v24
+	vncipher	$out5,$out5,v24
+	vncipher	$out6,$out6,v24
+	vncipher	$out7,$out7,v24
+
+	subfe.		r0,r0,r0		# borrow?-1:0
+	vncipher	$out0,$out0,v25
+	vncipher	$out1,$out1,v25
+	vncipher	$out2,$out2,v25
+	vncipher	$out3,$out3,v25
+	vncipher	$out4,$out4,v25
+	vncipher	$out5,$out5,v25
+	vncipher	$out6,$out6,v25
+	vncipher	$out7,$out7,v25
+
+	and		r0,r0,$len
+	vncipher	$out0,$out0,v26
+	vncipher	$out1,$out1,v26
+	vncipher	$out2,$out2,v26
+	vncipher	$out3,$out3,v26
+	vncipher	$out4,$out4,v26
+	vncipher	$out5,$out5,v26
+	vncipher	$out6,$out6,v26
+	vncipher	$out7,$out7,v26
+
+	add		$inp,$inp,r0		# $inp is adjusted in such
+						# way that at exit from the
+						# loop inX-in7 are loaded
+						# with last "words"
+	vncipher	$out0,$out0,v27
+	vncipher	$out1,$out1,v27
+	vncipher	$out2,$out2,v27
+	vncipher	$out3,$out3,v27
+	vncipher	$out4,$out4,v27
+	vncipher	$out5,$out5,v27
+	vncipher	$out6,$out6,v27
+	vncipher	$out7,$out7,v27
+
+	addi		$key_,$sp,$FRAME+15	# rewind $key_
+	vncipher	$out0,$out0,v28
+	vncipher	$out1,$out1,v28
+	vncipher	$out2,$out2,v28
+	vncipher	$out3,$out3,v28
+	vncipher	$out4,$out4,v28
+	vncipher	$out5,$out5,v28
+	vncipher	$out6,$out6,v28
+	vncipher	$out7,$out7,v28
+	lvx		v24,$x00,$key_		# re-pre-load round[1]
+
+	vncipher	$out0,$out0,v29
+	vncipher	$out1,$out1,v29
+	vncipher	$out2,$out2,v29
+	vncipher	$out3,$out3,v29
+	vncipher	$out4,$out4,v29
+	vncipher	$out5,$out5,v29
+	vncipher	$out6,$out6,v29
+	vncipher	$out7,$out7,v29
+	lvx		v25,$x10,$key_		# re-pre-load round[2]
+
+	vncipher	$out0,$out0,v30
+	 vxor		$ivec,$ivec,v31		# xor with last round key
+	vncipher	$out1,$out1,v30
+	 vxor		$in0,$in0,v31
+	vncipher	$out2,$out2,v30
+	 vxor		$in1,$in1,v31
+	vncipher	$out3,$out3,v30
+	 vxor		$in2,$in2,v31
+	vncipher	$out4,$out4,v30
+	 vxor		$in3,$in3,v31
+	vncipher	$out5,$out5,v30
+	 vxor		$in4,$in4,v31
+	vncipher	$out6,$out6,v30
+	 vxor		$in5,$in5,v31
+	vncipher	$out7,$out7,v30
+	 vxor		$in6,$in6,v31
+
+	vncipherlast	$out0,$out0,$ivec
+	vncipherlast	$out1,$out1,$in0
+	 lvx_u		$in0,$x00,$inp		# load next input block
+	vncipherlast	$out2,$out2,$in1
+	 lvx_u		$in1,$x10,$inp
+	vncipherlast	$out3,$out3,$in2
+	 le?vperm	$in0,$in0,$in0,$inpperm
+	 lvx_u		$in2,$x20,$inp
+	vncipherlast	$out4,$out4,$in3
+	 le?vperm	$in1,$in1,$in1,$inpperm
+	 lvx_u		$in3,$x30,$inp
+	vncipherlast	$out5,$out5,$in4
+	 le?vperm	$in2,$in2,$in2,$inpperm
+	 lvx_u		$in4,$x40,$inp
+	vncipherlast	$out6,$out6,$in5
+	 le?vperm	$in3,$in3,$in3,$inpperm
+	 lvx_u		$in5,$x50,$inp
+	vncipherlast	$out7,$out7,$in6
+	 le?vperm	$in4,$in4,$in4,$inpperm
+	 lvx_u		$in6,$x60,$inp
+	vmr		$ivec,$in7
+	 le?vperm	$in5,$in5,$in5,$inpperm
+	 lvx_u		$in7,$x70,$inp
+	 addi		$inp,$inp,0x80
+
+	le?vperm	$out0,$out0,$out0,$inpperm
+	le?vperm	$out1,$out1,$out1,$inpperm
+	stvx_u		$out0,$x00,$out
+	 le?vperm	$in6,$in6,$in6,$inpperm
+	 vxor		$out0,$in0,$rndkey0
+	le?vperm	$out2,$out2,$out2,$inpperm
+	stvx_u		$out1,$x10,$out
+	 le?vperm	$in7,$in7,$in7,$inpperm
+	 vxor		$out1,$in1,$rndkey0
+	le?vperm	$out3,$out3,$out3,$inpperm
+	stvx_u		$out2,$x20,$out
+	 vxor		$out2,$in2,$rndkey0
+	le?vperm	$out4,$out4,$out4,$inpperm
+	stvx_u		$out3,$x30,$out
+	 vxor		$out3,$in3,$rndkey0
+	le?vperm	$out5,$out5,$out5,$inpperm
+	stvx_u		$out4,$x40,$out
+	 vxor		$out4,$in4,$rndkey0
+	le?vperm	$out6,$out6,$out6,$inpperm
+	stvx_u		$out5,$x50,$out
+	 vxor		$out5,$in5,$rndkey0
+	le?vperm	$out7,$out7,$out7,$inpperm
+	stvx_u		$out6,$x60,$out
+	 vxor		$out6,$in6,$rndkey0
+	stvx_u		$out7,$x70,$out
+	addi		$out,$out,0x80
+	 vxor		$out7,$in7,$rndkey0
+
+	mtctr		$rounds
+	beq		Loop_cbc_dec8x		# did $len-=128 borrow?
+
+	addic.		$len,$len,128
+	beq		Lcbc_dec8x_done
+	nop
+	nop
+
+Loop_cbc_dec8x_tail:				# up to 7 "words" tail...
+	vncipher	$out1,$out1,v24
+	vncipher	$out2,$out2,v24
+	vncipher	$out3,$out3,v24
+	vncipher	$out4,$out4,v24
+	vncipher	$out5,$out5,v24
+	vncipher	$out6,$out6,v24
+	vncipher	$out7,$out7,v24
+	lvx		v24,$x20,$key_		# round[3]
+	addi		$key_,$key_,0x20
+
+	vncipher	$out1,$out1,v25
+	vncipher	$out2,$out2,v25
+	vncipher	$out3,$out3,v25
+	vncipher	$out4,$out4,v25
+	vncipher	$out5,$out5,v25
+	vncipher	$out6,$out6,v25
+	vncipher	$out7,$out7,v25
+	lvx		v25,$x10,$key_		# round[4]
+	bdnz		Loop_cbc_dec8x_tail
+
+	vncipher	$out1,$out1,v24
+	vncipher	$out2,$out2,v24
+	vncipher	$out3,$out3,v24
+	vncipher	$out4,$out4,v24
+	vncipher	$out5,$out5,v24
+	vncipher	$out6,$out6,v24
+	vncipher	$out7,$out7,v24
+
+	vncipher	$out1,$out1,v25
+	vncipher	$out2,$out2,v25
+	vncipher	$out3,$out3,v25
+	vncipher	$out4,$out4,v25
+	vncipher	$out5,$out5,v25
+	vncipher	$out6,$out6,v25
+	vncipher	$out7,$out7,v25
+
+	vncipher	$out1,$out1,v26
+	vncipher	$out2,$out2,v26
+	vncipher	$out3,$out3,v26
+	vncipher	$out4,$out4,v26
+	vncipher	$out5,$out5,v26
+	vncipher	$out6,$out6,v26
+	vncipher	$out7,$out7,v26
+
+	vncipher	$out1,$out1,v27
+	vncipher	$out2,$out2,v27
+	vncipher	$out3,$out3,v27
+	vncipher	$out4,$out4,v27
+	vncipher	$out5,$out5,v27
+	vncipher	$out6,$out6,v27
+	vncipher	$out7,$out7,v27
+
+	vncipher	$out1,$out1,v28
+	vncipher	$out2,$out2,v28
+	vncipher	$out3,$out3,v28
+	vncipher	$out4,$out4,v28
+	vncipher	$out5,$out5,v28
+	vncipher	$out6,$out6,v28
+	vncipher	$out7,$out7,v28
+
+	vncipher	$out1,$out1,v29
+	vncipher	$out2,$out2,v29
+	vncipher	$out3,$out3,v29
+	vncipher	$out4,$out4,v29
+	vncipher	$out5,$out5,v29
+	vncipher	$out6,$out6,v29
+	vncipher	$out7,$out7,v29
+
+	vncipher	$out1,$out1,v30
+	 vxor		$ivec,$ivec,v31		# last round key
+	vncipher	$out2,$out2,v30
+	 vxor		$in1,$in1,v31
+	vncipher	$out3,$out3,v30
+	 vxor		$in2,$in2,v31
+	vncipher	$out4,$out4,v30
+	 vxor		$in3,$in3,v31
+	vncipher	$out5,$out5,v30
+	 vxor		$in4,$in4,v31
+	vncipher	$out6,$out6,v30
+	 vxor		$in5,$in5,v31
+	vncipher	$out7,$out7,v30
+	 vxor		$in6,$in6,v31
+
+	cmplwi		$len,32			# switch($len)
+	blt		Lcbc_dec8x_one
+	nop
+	beq		Lcbc_dec8x_two
+	cmplwi		$len,64
+	blt		Lcbc_dec8x_three
+	nop
+	beq		Lcbc_dec8x_four
+	cmplwi		$len,96
+	blt		Lcbc_dec8x_five
+	nop
+	beq		Lcbc_dec8x_six
+
+Lcbc_dec8x_seven:
+	vncipherlast	$out1,$out1,$ivec
+	vncipherlast	$out2,$out2,$in1
+	vncipherlast	$out3,$out3,$in2
+	vncipherlast	$out4,$out4,$in3
+	vncipherlast	$out5,$out5,$in4
+	vncipherlast	$out6,$out6,$in5
+	vncipherlast	$out7,$out7,$in6
+	vmr		$ivec,$in7
+
+	le?vperm	$out1,$out1,$out1,$inpperm
+	le?vperm	$out2,$out2,$out2,$inpperm
+	stvx_u		$out1,$x00,$out
+	le?vperm	$out3,$out3,$out3,$inpperm
+	stvx_u		$out2,$x10,$out
+	le?vperm	$out4,$out4,$out4,$inpperm
+	stvx_u		$out3,$x20,$out
+	le?vperm	$out5,$out5,$out5,$inpperm
+	stvx_u		$out4,$x30,$out
+	le?vperm	$out6,$out6,$out6,$inpperm
+	stvx_u		$out5,$x40,$out
+	le?vperm	$out7,$out7,$out7,$inpperm
+	stvx_u		$out6,$x50,$out
+	stvx_u		$out7,$x60,$out
+	addi		$out,$out,0x70
+	b		Lcbc_dec8x_done
+
+.align	5
+Lcbc_dec8x_six:
+	vncipherlast	$out2,$out2,$ivec
+	vncipherlast	$out3,$out3,$in2
+	vncipherlast	$out4,$out4,$in3
+	vncipherlast	$out5,$out5,$in4
+	vncipherlast	$out6,$out6,$in5
+	vncipherlast	$out7,$out7,$in6
+	vmr		$ivec,$in7
+
+	le?vperm	$out2,$out2,$out2,$inpperm
+	le?vperm	$out3,$out3,$out3,$inpperm
+	stvx_u		$out2,$x00,$out
+	le?vperm	$out4,$out4,$out4,$inpperm
+	stvx_u		$out3,$x10,$out
+	le?vperm	$out5,$out5,$out5,$inpperm
+	stvx_u		$out4,$x20,$out
+	le?vperm	$out6,$out6,$out6,$inpperm
+	stvx_u		$out5,$x30,$out
+	le?vperm	$out7,$out7,$out7,$inpperm
+	stvx_u		$out6,$x40,$out
+	stvx_u		$out7,$x50,$out
+	addi		$out,$out,0x60
+	b		Lcbc_dec8x_done
+
+.align	5
+Lcbc_dec8x_five:
+	vncipherlast	$out3,$out3,$ivec
+	vncipherlast	$out4,$out4,$in3
+	vncipherlast	$out5,$out5,$in4
+	vncipherlast	$out6,$out6,$in5
+	vncipherlast	$out7,$out7,$in6
+	vmr		$ivec,$in7
+
+	le?vperm	$out3,$out3,$out3,$inpperm
+	le?vperm	$out4,$out4,$out4,$inpperm
+	stvx_u		$out3,$x00,$out
+	le?vperm	$out5,$out5,$out5,$inpperm
+	stvx_u		$out4,$x10,$out
+	le?vperm	$out6,$out6,$out6,$inpperm
+	stvx_u		$out5,$x20,$out
+	le?vperm	$out7,$out7,$out7,$inpperm
+	stvx_u		$out6,$x30,$out
+	stvx_u		$out7,$x40,$out
+	addi		$out,$out,0x50
+	b		Lcbc_dec8x_done
+
+.align	5
+Lcbc_dec8x_four:
+	vncipherlast	$out4,$out4,$ivec
+	vncipherlast	$out5,$out5,$in4
+	vncipherlast	$out6,$out6,$in5
+	vncipherlast	$out7,$out7,$in6
+	vmr		$ivec,$in7
+
+	le?vperm	$out4,$out4,$out4,$inpperm
+	le?vperm	$out5,$out5,$out5,$inpperm
+	stvx_u		$out4,$x00,$out
+	le?vperm	$out6,$out6,$out6,$inpperm
+	stvx_u		$out5,$x10,$out
+	le?vperm	$out7,$out7,$out7,$inpperm
+	stvx_u		$out6,$x20,$out
+	stvx_u		$out7,$x30,$out
+	addi		$out,$out,0x40
+	b		Lcbc_dec8x_done
+
+.align	5
+Lcbc_dec8x_three:
+	vncipherlast	$out5,$out5,$ivec
+	vncipherlast	$out6,$out6,$in5
+	vncipherlast	$out7,$out7,$in6
+	vmr		$ivec,$in7
+
+	le?vperm	$out5,$out5,$out5,$inpperm
+	le?vperm	$out6,$out6,$out6,$inpperm
+	stvx_u		$out5,$x00,$out
+	le?vperm	$out7,$out7,$out7,$inpperm
+	stvx_u		$out6,$x10,$out
+	stvx_u		$out7,$x20,$out
+	addi		$out,$out,0x30
+	b		Lcbc_dec8x_done
+
+.align	5
+Lcbc_dec8x_two:
+	vncipherlast	$out6,$out6,$ivec
+	vncipherlast	$out7,$out7,$in6
+	vmr		$ivec,$in7
+
+	le?vperm	$out6,$out6,$out6,$inpperm
+	le?vperm	$out7,$out7,$out7,$inpperm
+	stvx_u		$out6,$x00,$out
+	stvx_u		$out7,$x10,$out
+	addi		$out,$out,0x20
+	b		Lcbc_dec8x_done
+
+.align	5
+Lcbc_dec8x_one:
+	vncipherlast	$out7,$out7,$ivec
+	vmr		$ivec,$in7
+
+	le?vperm	$out7,$out7,$out7,$inpperm
+	stvx_u		$out7,0,$out
+	addi		$out,$out,0x10
+
+Lcbc_dec8x_done:
+	le?vperm	$ivec,$ivec,$ivec,$inpperm
+	stvx_u		$ivec,0,$ivp		# write [unaligned] iv
+
+	li		r10,`$FRAME+15`
+	li		r11,`$FRAME+31`
+	stvx		$inpperm,r10,$sp	# wipe copies of round keys
+	addi		r10,r10,32
+	stvx		$inpperm,r11,$sp
+	addi		r11,r11,32
+	stvx		$inpperm,r10,$sp
+	addi		r10,r10,32
+	stvx		$inpperm,r11,$sp
+	addi		r11,r11,32
+	stvx		$inpperm,r10,$sp
+	addi		r10,r10,32
+	stvx		$inpperm,r11,$sp
+	addi		r11,r11,32
+	stvx		$inpperm,r10,$sp
+	addi		r10,r10,32
+	stvx		$inpperm,r11,$sp
+	addi		r11,r11,32
+
+	mtspr		256,$vrsave
+	lvx		v20,r10,$sp		# ABI says so
+	addi		r10,r10,32
+	lvx		v21,r11,$sp
+	addi		r11,r11,32
+	lvx		v22,r10,$sp
+	addi		r10,r10,32
+	lvx		v23,r11,$sp
+	addi		r11,r11,32
+	lvx		v24,r10,$sp
+	addi		r10,r10,32
+	lvx		v25,r11,$sp
+	addi		r11,r11,32
+	lvx		v26,r10,$sp
+	addi		r10,r10,32
+	lvx		v27,r11,$sp
+	addi		r11,r11,32
+	lvx		v28,r10,$sp
+	addi		r10,r10,32
+	lvx		v29,r11,$sp
+	addi		r11,r11,32
+	lvx		v30,r10,$sp
+	lvx		v31,r11,$sp
+	$POP		r26,`$FRAME+21*16+0*$SIZE_T`($sp)
+	$POP		r27,`$FRAME+21*16+1*$SIZE_T`($sp)
+	$POP		r28,`$FRAME+21*16+2*$SIZE_T`($sp)
+	$POP		r29,`$FRAME+21*16+3*$SIZE_T`($sp)
+	$POP		r30,`$FRAME+21*16+4*$SIZE_T`($sp)
+	$POP		r31,`$FRAME+21*16+5*$SIZE_T`($sp)
+	addi		$sp,$sp,`$FRAME+21*16+6*$SIZE_T`
+	blr
+	.long		0
+	.byte		0,12,0x04,0,0x80,6,6,0
+	.long		0
+.size	.${prefix}_cbc_encrypt,.-.${prefix}_cbc_encrypt
+___
+}}	}}}
+
+#########################################################################
+{{{	# CTR procedure[s]						#
+my ($inp,$out,$len,$key,$ivp,$x10,$rounds,$idx)=map("r$_",(3..10));
+my ($rndkey0,$rndkey1,$inout,$tmp)=		map("v$_",(0..3));
+my ($ivec,$inptail,$inpperm,$outhead,$outperm,$outmask,$keyperm,$one)=
+						map("v$_",(4..11));
+my $dat=$tmp;
+
+$code.=<<___;
+.globl	.${prefix}_ctr32_encrypt_blocks
+.align	5
+.${prefix}_ctr32_encrypt_blocks:
+	${UCMP}i	$len,1
+	bltlr-
+
+	lis		r0,0xfff0
+	mfspr		$vrsave,256
+	mtspr		256,r0
+
+	li		$idx,15
+	vxor		$rndkey0,$rndkey0,$rndkey0
+	le?vspltisb	$tmp,0x0f
+
+	lvx		$ivec,0,$ivp		# load [unaligned] iv
+	lvsl		$inpperm,0,$ivp
+	lvx		$inptail,$idx,$ivp
+	 vspltisb	$one,1
+	le?vxor		$inpperm,$inpperm,$tmp
+	vperm		$ivec,$ivec,$inptail,$inpperm
+	 vsldoi		$one,$rndkey0,$one,1
+
+	neg		r11,$inp
+	?lvsl		$keyperm,0,$key		# prepare for unaligned key
+	lwz		$rounds,240($key)
+
+	lvsr		$inpperm,0,r11		# prepare for unaligned load
+	lvx		$inptail,0,$inp
+	addi		$inp,$inp,15		# 15 is not typo
+	le?vxor		$inpperm,$inpperm,$tmp
+
+	srwi		$rounds,$rounds,1
+	li		$idx,16
+	subi		$rounds,$rounds,1
+
+	${UCMP}i	$len,8
+	bge		_aesp8_ctr32_encrypt8x
+
+	?lvsr		$outperm,0,$out		# prepare for unaligned store
+	vspltisb	$outmask,-1
+	lvx		$outhead,0,$out
+	?vperm		$outmask,$rndkey0,$outmask,$outperm
+	le?vxor		$outperm,$outperm,$tmp
+
+	lvx		$rndkey0,0,$key
+	mtctr		$rounds
+	lvx		$rndkey1,$idx,$key
+	addi		$idx,$idx,16
+	?vperm		$rndkey0,$rndkey0,$rndkey1,$keyperm
+	vxor		$inout,$ivec,$rndkey0
+	lvx		$rndkey0,$idx,$key
+	addi		$idx,$idx,16
+	b		Loop_ctr32_enc
+
+.align	5
+Loop_ctr32_enc:
+	?vperm		$rndkey1,$rndkey1,$rndkey0,$keyperm
+	vcipher		$inout,$inout,$rndkey1
+	lvx		$rndkey1,$idx,$key
+	addi		$idx,$idx,16
+	?vperm		$rndkey0,$rndkey0,$rndkey1,$keyperm
+	vcipher		$inout,$inout,$rndkey0
+	lvx		$rndkey0,$idx,$key
+	addi		$idx,$idx,16
+	bdnz		Loop_ctr32_enc
+
+	vadduwm		$ivec,$ivec,$one
+	 vmr		$dat,$inptail
+	 lvx		$inptail,0,$inp
+	 addi		$inp,$inp,16
+	 subic.		$len,$len,1		# blocks--
+
+	?vperm		$rndkey1,$rndkey1,$rndkey0,$keyperm
+	vcipher		$inout,$inout,$rndkey1
+	lvx		$rndkey1,$idx,$key
+	 vperm		$dat,$dat,$inptail,$inpperm
+	 li		$idx,16
+	?vperm		$rndkey1,$rndkey0,$rndkey1,$keyperm
+	 lvx		$rndkey0,0,$key
+	vxor		$dat,$dat,$rndkey1	# last round key
+	vcipherlast	$inout,$inout,$dat
+
+	 lvx		$rndkey1,$idx,$key
+	 addi		$idx,$idx,16
+	vperm		$inout,$inout,$inout,$outperm
+	vsel		$dat,$outhead,$inout,$outmask
+	 mtctr		$rounds
+	 ?vperm		$rndkey0,$rndkey0,$rndkey1,$keyperm
+	vmr		$outhead,$inout
+	 vxor		$inout,$ivec,$rndkey0
+	 lvx		$rndkey0,$idx,$key
+	 addi		$idx,$idx,16
+	stvx		$dat,0,$out
+	addi		$out,$out,16
+	bne		Loop_ctr32_enc
+
+	addi		$out,$out,-1
+	lvx		$inout,0,$out		# redundant in aligned case
+	vsel		$inout,$outhead,$inout,$outmask
+	stvx		$inout,0,$out
+
+	mtspr		256,$vrsave
+	blr
+	.long		0
+	.byte		0,12,0x14,0,0,0,6,0
+	.long		0
+___
+#########################################################################
+{{	# Optimized CTR procedure					#
+my $key_="r11";
+my ($x00,$x10,$x20,$x30,$x40,$x50,$x60,$x70)=map("r$_",(0,8,26..31));
+    $x00=0 if ($flavour =~ /osx/);
+my ($in0, $in1, $in2, $in3, $in4, $in5, $in6, $in7 )=map("v$_",(0..3,10,12..14));
+my ($out0,$out1,$out2,$out3,$out4,$out5,$out6,$out7)=map("v$_",(15..22));
+my $rndkey0="v23";	# v24-v25 rotating buffer for first found keys
+			# v26-v31 last 6 round keys
+my ($tmp,$keyperm)=($in3,$in4);	# aliases with "caller", redundant assignment
+my ($two,$three,$four)=($outhead,$outperm,$outmask);
+
+$code.=<<___;
+.align	5
+_aesp8_ctr32_encrypt8x:
+	$STU		$sp,-`($FRAME+21*16+6*$SIZE_T)`($sp)
+	li		r10,`$FRAME+8*16+15`
+	li		r11,`$FRAME+8*16+31`
+	stvx		v20,r10,$sp		# ABI says so
+	addi		r10,r10,32
+	stvx		v21,r11,$sp
+	addi		r11,r11,32
+	stvx		v22,r10,$sp
+	addi		r10,r10,32
+	stvx		v23,r11,$sp
+	addi		r11,r11,32
+	stvx		v24,r10,$sp
+	addi		r10,r10,32
+	stvx		v25,r11,$sp
+	addi		r11,r11,32
+	stvx		v26,r10,$sp
+	addi		r10,r10,32
+	stvx		v27,r11,$sp
+	addi		r11,r11,32
+	stvx		v28,r10,$sp
+	addi		r10,r10,32
+	stvx		v29,r11,$sp
+	addi		r11,r11,32
+	stvx		v30,r10,$sp
+	stvx		v31,r11,$sp
+	li		r0,-1
+	stw		$vrsave,`$FRAME+21*16-4`($sp)	# save vrsave
+	li		$x10,0x10
+	$PUSH		r26,`$FRAME+21*16+0*$SIZE_T`($sp)
+	li		$x20,0x20
+	$PUSH		r27,`$FRAME+21*16+1*$SIZE_T`($sp)
+	li		$x30,0x30
+	$PUSH		r28,`$FRAME+21*16+2*$SIZE_T`($sp)
+	li		$x40,0x40
+	$PUSH		r29,`$FRAME+21*16+3*$SIZE_T`($sp)
+	li		$x50,0x50
+	$PUSH		r30,`$FRAME+21*16+4*$SIZE_T`($sp)
+	li		$x60,0x60
+	$PUSH		r31,`$FRAME+21*16+5*$SIZE_T`($sp)
+	li		$x70,0x70
+	mtspr		256,r0
+
+	subi		$rounds,$rounds,3	# -4 in total
+
+	lvx		$rndkey0,$x00,$key	# load key schedule
+	lvx		v30,$x10,$key
+	addi		$key,$key,0x20
+	lvx		v31,$x00,$key
+	?vperm		$rndkey0,$rndkey0,v30,$keyperm
+	addi		$key_,$sp,$FRAME+15
+	mtctr		$rounds
+
+Load_ctr32_enc_key:
+	?vperm		v24,v30,v31,$keyperm
+	lvx		v30,$x10,$key
+	addi		$key,$key,0x20
+	stvx		v24,$x00,$key_		# off-load round[1]
+	?vperm		v25,v31,v30,$keyperm
+	lvx		v31,$x00,$key
+	stvx		v25,$x10,$key_		# off-load round[2]
+	addi		$key_,$key_,0x20
+	bdnz		Load_ctr32_enc_key
+
+	lvx		v26,$x10,$key
+	?vperm		v24,v30,v31,$keyperm
+	lvx		v27,$x20,$key
+	stvx		v24,$x00,$key_		# off-load round[3]
+	?vperm		v25,v31,v26,$keyperm
+	lvx		v28,$x30,$key
+	stvx		v25,$x10,$key_		# off-load round[4]
+	addi		$key_,$sp,$FRAME+15	# rewind $key_
+	?vperm		v26,v26,v27,$keyperm
+	lvx		v29,$x40,$key
+	?vperm		v27,v27,v28,$keyperm
+	lvx		v30,$x50,$key
+	?vperm		v28,v28,v29,$keyperm
+	lvx		v31,$x60,$key
+	?vperm		v29,v29,v30,$keyperm
+	lvx		$out0,$x70,$key		# borrow $out0
+	?vperm		v30,v30,v31,$keyperm
+	lvx		v24,$x00,$key_		# pre-load round[1]
+	?vperm		v31,v31,$out0,$keyperm
+	lvx		v25,$x10,$key_		# pre-load round[2]
+
+	vadduwm		$two,$one,$one
+	subi		$inp,$inp,15		# undo "caller"
+	$SHL		$len,$len,4
+
+	vadduwm		$out1,$ivec,$one	# counter values ...
+	vadduwm		$out2,$ivec,$two
+	vxor		$out0,$ivec,$rndkey0	# ... xored with rndkey[0]
+	 le?li		$idx,8
+	vadduwm		$out3,$out1,$two
+	vxor		$out1,$out1,$rndkey0
+	 le?lvsl	$inpperm,0,$idx
+	vadduwm		$out4,$out2,$two
+	vxor		$out2,$out2,$rndkey0
+	 le?vspltisb	$tmp,0x0f
+	vadduwm		$out5,$out3,$two
+	vxor		$out3,$out3,$rndkey0
+	 le?vxor	$inpperm,$inpperm,$tmp	# transform for lvx_u/stvx_u
+	vadduwm		$out6,$out4,$two
+	vxor		$out4,$out4,$rndkey0
+	vadduwm		$out7,$out5,$two
+	vxor		$out5,$out5,$rndkey0
+	vadduwm		$ivec,$out6,$two	# next counter value
+	vxor		$out6,$out6,$rndkey0
+	vxor		$out7,$out7,$rndkey0
+
+	mtctr		$rounds
+	b		Loop_ctr32_enc8x
+.align	5
+Loop_ctr32_enc8x:
+	vcipher 	$out0,$out0,v24
+	vcipher 	$out1,$out1,v24
+	vcipher 	$out2,$out2,v24
+	vcipher 	$out3,$out3,v24
+	vcipher 	$out4,$out4,v24
+	vcipher 	$out5,$out5,v24
+	vcipher 	$out6,$out6,v24
+	vcipher 	$out7,$out7,v24
+Loop_ctr32_enc8x_middle:
+	lvx		v24,$x20,$key_		# round[3]
+	addi		$key_,$key_,0x20
+
+	vcipher 	$out0,$out0,v25
+	vcipher 	$out1,$out1,v25
+	vcipher 	$out2,$out2,v25
+	vcipher 	$out3,$out3,v25
+	vcipher 	$out4,$out4,v25
+	vcipher 	$out5,$out5,v25
+	vcipher 	$out6,$out6,v25
+	vcipher 	$out7,$out7,v25
+	lvx		v25,$x10,$key_		# round[4]
+	bdnz		Loop_ctr32_enc8x
+
+	subic		r11,$len,256		# $len-256, borrow $key_
+	vcipher 	$out0,$out0,v24
+	vcipher 	$out1,$out1,v24
+	vcipher 	$out2,$out2,v24
+	vcipher 	$out3,$out3,v24
+	vcipher 	$out4,$out4,v24
+	vcipher 	$out5,$out5,v24
+	vcipher 	$out6,$out6,v24
+	vcipher 	$out7,$out7,v24
+
+	subfe		r0,r0,r0		# borrow?-1:0
+	vcipher 	$out0,$out0,v25
+	vcipher 	$out1,$out1,v25
+	vcipher 	$out2,$out2,v25
+	vcipher 	$out3,$out3,v25
+	vcipher 	$out4,$out4,v25
+	vcipher		$out5,$out5,v25
+	vcipher		$out6,$out6,v25
+	vcipher		$out7,$out7,v25
+
+	and		r0,r0,r11
+	addi		$key_,$sp,$FRAME+15	# rewind $key_
+	vcipher		$out0,$out0,v26
+	vcipher		$out1,$out1,v26
+	vcipher		$out2,$out2,v26
+	vcipher		$out3,$out3,v26
+	vcipher		$out4,$out4,v26
+	vcipher		$out5,$out5,v26
+	vcipher		$out6,$out6,v26
+	vcipher		$out7,$out7,v26
+	lvx		v24,$x00,$key_		# re-pre-load round[1]
+
+	subic		$len,$len,129		# $len-=129
+	vcipher		$out0,$out0,v27
+	addi		$len,$len,1		# $len-=128 really
+	vcipher		$out1,$out1,v27
+	vcipher		$out2,$out2,v27
+	vcipher		$out3,$out3,v27
+	vcipher		$out4,$out4,v27
+	vcipher		$out5,$out5,v27
+	vcipher		$out6,$out6,v27
+	vcipher		$out7,$out7,v27
+	lvx		v25,$x10,$key_		# re-pre-load round[2]
+
+	vcipher		$out0,$out0,v28
+	 lvx_u		$in0,$x00,$inp		# load input
+	vcipher		$out1,$out1,v28
+	 lvx_u		$in1,$x10,$inp
+	vcipher		$out2,$out2,v28
+	 lvx_u		$in2,$x20,$inp
+	vcipher		$out3,$out3,v28
+	 lvx_u		$in3,$x30,$inp
+	vcipher		$out4,$out4,v28
+	 lvx_u		$in4,$x40,$inp
+	vcipher		$out5,$out5,v28
+	 lvx_u		$in5,$x50,$inp
+	vcipher		$out6,$out6,v28
+	 lvx_u		$in6,$x60,$inp
+	vcipher		$out7,$out7,v28
+	 lvx_u		$in7,$x70,$inp
+	 addi		$inp,$inp,0x80
+
+	vcipher		$out0,$out0,v29
+	 le?vperm	$in0,$in0,$in0,$inpperm
+	vcipher		$out1,$out1,v29
+	 le?vperm	$in1,$in1,$in1,$inpperm
+	vcipher		$out2,$out2,v29
+	 le?vperm	$in2,$in2,$in2,$inpperm
+	vcipher		$out3,$out3,v29
+	 le?vperm	$in3,$in3,$in3,$inpperm
+	vcipher		$out4,$out4,v29
+	 le?vperm	$in4,$in4,$in4,$inpperm
+	vcipher		$out5,$out5,v29
+	 le?vperm	$in5,$in5,$in5,$inpperm
+	vcipher		$out6,$out6,v29
+	 le?vperm	$in6,$in6,$in6,$inpperm
+	vcipher		$out7,$out7,v29
+	 le?vperm	$in7,$in7,$in7,$inpperm
+
+	add		$inp,$inp,r0		# $inp is adjusted in such
+						# way that at exit from the
+						# loop inX-in7 are loaded
+						# with last "words"
+	subfe.		r0,r0,r0		# borrow?-1:0
+	vcipher		$out0,$out0,v30
+	 vxor		$in0,$in0,v31		# xor with last round key
+	vcipher		$out1,$out1,v30
+	 vxor		$in1,$in1,v31
+	vcipher		$out2,$out2,v30
+	 vxor		$in2,$in2,v31
+	vcipher		$out3,$out3,v30
+	 vxor		$in3,$in3,v31
+	vcipher		$out4,$out4,v30
+	 vxor		$in4,$in4,v31
+	vcipher		$out5,$out5,v30
+	 vxor		$in5,$in5,v31
+	vcipher		$out6,$out6,v30
+	 vxor		$in6,$in6,v31
+	vcipher		$out7,$out7,v30
+	 vxor		$in7,$in7,v31
+
+	bne		Lctr32_enc8x_break	# did $len-129 borrow?
+
+	vcipherlast	$in0,$out0,$in0
+	vcipherlast	$in1,$out1,$in1
+	 vadduwm	$out1,$ivec,$one	# counter values ...
+	vcipherlast	$in2,$out2,$in2
+	 vadduwm	$out2,$ivec,$two
+	 vxor		$out0,$ivec,$rndkey0	# ... xored with rndkey[0]
+	vcipherlast	$in3,$out3,$in3
+	 vadduwm	$out3,$out1,$two
+	 vxor		$out1,$out1,$rndkey0
+	vcipherlast	$in4,$out4,$in4
+	 vadduwm	$out4,$out2,$two
+	 vxor		$out2,$out2,$rndkey0
+	vcipherlast	$in5,$out5,$in5
+	 vadduwm	$out5,$out3,$two
+	 vxor		$out3,$out3,$rndkey0
+	vcipherlast	$in6,$out6,$in6
+	 vadduwm	$out6,$out4,$two
+	 vxor		$out4,$out4,$rndkey0
+	vcipherlast	$in7,$out7,$in7
+	 vadduwm	$out7,$out5,$two
+	 vxor		$out5,$out5,$rndkey0
+	le?vperm	$in0,$in0,$in0,$inpperm
+	 vadduwm	$ivec,$out6,$two	# next counter value
+	 vxor		$out6,$out6,$rndkey0
+	le?vperm	$in1,$in1,$in1,$inpperm
+	 vxor		$out7,$out7,$rndkey0
+	mtctr		$rounds
+
+	 vcipher	$out0,$out0,v24
+	stvx_u		$in0,$x00,$out
+	le?vperm	$in2,$in2,$in2,$inpperm
+	 vcipher	$out1,$out1,v24
+	stvx_u		$in1,$x10,$out
+	le?vperm	$in3,$in3,$in3,$inpperm
+	 vcipher	$out2,$out2,v24
+	stvx_u		$in2,$x20,$out
+	le?vperm	$in4,$in4,$in4,$inpperm
+	 vcipher	$out3,$out3,v24
+	stvx_u		$in3,$x30,$out
+	le?vperm	$in5,$in5,$in5,$inpperm
+	 vcipher	$out4,$out4,v24
+	stvx_u		$in4,$x40,$out
+	le?vperm	$in6,$in6,$in6,$inpperm
+	 vcipher	$out5,$out5,v24
+	stvx_u		$in5,$x50,$out
+	le?vperm	$in7,$in7,$in7,$inpperm
+	 vcipher	$out6,$out6,v24
+	stvx_u		$in6,$x60,$out
+	 vcipher	$out7,$out7,v24
+	stvx_u		$in7,$x70,$out
+	addi		$out,$out,0x80
+
+	b		Loop_ctr32_enc8x_middle
+
+.align	5
+Lctr32_enc8x_break:
+	cmpwi		$len,-0x60
+	blt		Lctr32_enc8x_one
+	nop
+	beq		Lctr32_enc8x_two
+	cmpwi		$len,-0x40
+	blt		Lctr32_enc8x_three
+	nop
+	beq		Lctr32_enc8x_four
+	cmpwi		$len,-0x20
+	blt		Lctr32_enc8x_five
+	nop
+	beq		Lctr32_enc8x_six
+	cmpwi		$len,0x00
+	blt		Lctr32_enc8x_seven
+
+Lctr32_enc8x_eight:
+	vcipherlast	$out0,$out0,$in0
+	vcipherlast	$out1,$out1,$in1
+	vcipherlast	$out2,$out2,$in2
+	vcipherlast	$out3,$out3,$in3
+	vcipherlast	$out4,$out4,$in4
+	vcipherlast	$out5,$out5,$in5
+	vcipherlast	$out6,$out6,$in6
+	vcipherlast	$out7,$out7,$in7
+
+	le?vperm	$out0,$out0,$out0,$inpperm
+	le?vperm	$out1,$out1,$out1,$inpperm
+	stvx_u		$out0,$x00,$out
+	le?vperm	$out2,$out2,$out2,$inpperm
+	stvx_u		$out1,$x10,$out
+	le?vperm	$out3,$out3,$out3,$inpperm
+	stvx_u		$out2,$x20,$out
+	le?vperm	$out4,$out4,$out4,$inpperm
+	stvx_u		$out3,$x30,$out
+	le?vperm	$out5,$out5,$out5,$inpperm
+	stvx_u		$out4,$x40,$out
+	le?vperm	$out6,$out6,$out6,$inpperm
+	stvx_u		$out5,$x50,$out
+	le?vperm	$out7,$out7,$out7,$inpperm
+	stvx_u		$out6,$x60,$out
+	stvx_u		$out7,$x70,$out
+	addi		$out,$out,0x80
+	b		Lctr32_enc8x_done
+
+.align	5
+Lctr32_enc8x_seven:
+	vcipherlast	$out0,$out0,$in1
+	vcipherlast	$out1,$out1,$in2
+	vcipherlast	$out2,$out2,$in3
+	vcipherlast	$out3,$out3,$in4
+	vcipherlast	$out4,$out4,$in5
+	vcipherlast	$out5,$out5,$in6
+	vcipherlast	$out6,$out6,$in7
+
+	le?vperm	$out0,$out0,$out0,$inpperm
+	le?vperm	$out1,$out1,$out1,$inpperm
+	stvx_u		$out0,$x00,$out
+	le?vperm	$out2,$out2,$out2,$inpperm
+	stvx_u		$out1,$x10,$out
+	le?vperm	$out3,$out3,$out3,$inpperm
+	stvx_u		$out2,$x20,$out
+	le?vperm	$out4,$out4,$out4,$inpperm
+	stvx_u		$out3,$x30,$out
+	le?vperm	$out5,$out5,$out5,$inpperm
+	stvx_u		$out4,$x40,$out
+	le?vperm	$out6,$out6,$out6,$inpperm
+	stvx_u		$out5,$x50,$out
+	stvx_u		$out6,$x60,$out
+	addi		$out,$out,0x70
+	b		Lctr32_enc8x_done
+
+.align	5
+Lctr32_enc8x_six:
+	vcipherlast	$out0,$out0,$in2
+	vcipherlast	$out1,$out1,$in3
+	vcipherlast	$out2,$out2,$in4
+	vcipherlast	$out3,$out3,$in5
+	vcipherlast	$out4,$out4,$in6
+	vcipherlast	$out5,$out5,$in7
+
+	le?vperm	$out0,$out0,$out0,$inpperm
+	le?vperm	$out1,$out1,$out1,$inpperm
+	stvx_u		$out0,$x00,$out
+	le?vperm	$out2,$out2,$out2,$inpperm
+	stvx_u		$out1,$x10,$out
+	le?vperm	$out3,$out3,$out3,$inpperm
+	stvx_u		$out2,$x20,$out
+	le?vperm	$out4,$out4,$out4,$inpperm
+	stvx_u		$out3,$x30,$out
+	le?vperm	$out5,$out5,$out5,$inpperm
+	stvx_u		$out4,$x40,$out
+	stvx_u		$out5,$x50,$out
+	addi		$out,$out,0x60
+	b		Lctr32_enc8x_done
+
+.align	5
+Lctr32_enc8x_five:
+	vcipherlast	$out0,$out0,$in3
+	vcipherlast	$out1,$out1,$in4
+	vcipherlast	$out2,$out2,$in5
+	vcipherlast	$out3,$out3,$in6
+	vcipherlast	$out4,$out4,$in7
+
+	le?vperm	$out0,$out0,$out0,$inpperm
+	le?vperm	$out1,$out1,$out1,$inpperm
+	stvx_u		$out0,$x00,$out
+	le?vperm	$out2,$out2,$out2,$inpperm
+	stvx_u		$out1,$x10,$out
+	le?vperm	$out3,$out3,$out3,$inpperm
+	stvx_u		$out2,$x20,$out
+	le?vperm	$out4,$out4,$out4,$inpperm
+	stvx_u		$out3,$x30,$out
+	stvx_u		$out4,$x40,$out
+	addi		$out,$out,0x50
+	b		Lctr32_enc8x_done
+
+.align	5
+Lctr32_enc8x_four:
+	vcipherlast	$out0,$out0,$in4
+	vcipherlast	$out1,$out1,$in5
+	vcipherlast	$out2,$out2,$in6
+	vcipherlast	$out3,$out3,$in7
+
+	le?vperm	$out0,$out0,$out0,$inpperm
+	le?vperm	$out1,$out1,$out1,$inpperm
+	stvx_u		$out0,$x00,$out
+	le?vperm	$out2,$out2,$out2,$inpperm
+	stvx_u		$out1,$x10,$out
+	le?vperm	$out3,$out3,$out3,$inpperm
+	stvx_u		$out2,$x20,$out
+	stvx_u		$out3,$x30,$out
+	addi		$out,$out,0x40
+	b		Lctr32_enc8x_done
+
+.align	5
+Lctr32_enc8x_three:
+	vcipherlast	$out0,$out0,$in5
+	vcipherlast	$out1,$out1,$in6
+	vcipherlast	$out2,$out2,$in7
+
+	le?vperm	$out0,$out0,$out0,$inpperm
+	le?vperm	$out1,$out1,$out1,$inpperm
+	stvx_u		$out0,$x00,$out
+	le?vperm	$out2,$out2,$out2,$inpperm
+	stvx_u		$out1,$x10,$out
+	stvx_u		$out2,$x20,$out
+	addi		$out,$out,0x30
+	b		Lcbc_dec8x_done
+
+.align	5
+Lctr32_enc8x_two:
+	vcipherlast	$out0,$out0,$in6
+	vcipherlast	$out1,$out1,$in7
+
+	le?vperm	$out0,$out0,$out0,$inpperm
+	le?vperm	$out1,$out1,$out1,$inpperm
+	stvx_u		$out0,$x00,$out
+	stvx_u		$out1,$x10,$out
+	addi		$out,$out,0x20
+	b		Lcbc_dec8x_done
+
+.align	5
+Lctr32_enc8x_one:
+	vcipherlast	$out0,$out0,$in7
+
+	le?vperm	$out0,$out0,$out0,$inpperm
+	stvx_u		$out0,0,$out
+	addi		$out,$out,0x10
+
+Lctr32_enc8x_done:
+	li		r10,`$FRAME+15`
+	li		r11,`$FRAME+31`
+	stvx		$inpperm,r10,$sp	# wipe copies of round keys
+	addi		r10,r10,32
+	stvx		$inpperm,r11,$sp
+	addi		r11,r11,32
+	stvx		$inpperm,r10,$sp
+	addi		r10,r10,32
+	stvx		$inpperm,r11,$sp
+	addi		r11,r11,32
+	stvx		$inpperm,r10,$sp
+	addi		r10,r10,32
+	stvx		$inpperm,r11,$sp
+	addi		r11,r11,32
+	stvx		$inpperm,r10,$sp
+	addi		r10,r10,32
+	stvx		$inpperm,r11,$sp
+	addi		r11,r11,32
+
+	mtspr		256,$vrsave
+	lvx		v20,r10,$sp		# ABI says so
+	addi		r10,r10,32
+	lvx		v21,r11,$sp
+	addi		r11,r11,32
+	lvx		v22,r10,$sp
+	addi		r10,r10,32
+	lvx		v23,r11,$sp
+	addi		r11,r11,32
+	lvx		v24,r10,$sp
+	addi		r10,r10,32
+	lvx		v25,r11,$sp
+	addi		r11,r11,32
+	lvx		v26,r10,$sp
+	addi		r10,r10,32
+	lvx		v27,r11,$sp
+	addi		r11,r11,32
+	lvx		v28,r10,$sp
+	addi		r10,r10,32
+	lvx		v29,r11,$sp
+	addi		r11,r11,32
+	lvx		v30,r10,$sp
+	lvx		v31,r11,$sp
+	$POP		r26,`$FRAME+21*16+0*$SIZE_T`($sp)
+	$POP		r27,`$FRAME+21*16+1*$SIZE_T`($sp)
+	$POP		r28,`$FRAME+21*16+2*$SIZE_T`($sp)
+	$POP		r29,`$FRAME+21*16+3*$SIZE_T`($sp)
+	$POP		r30,`$FRAME+21*16+4*$SIZE_T`($sp)
+	$POP		r31,`$FRAME+21*16+5*$SIZE_T`($sp)
+	addi		$sp,$sp,`$FRAME+21*16+6*$SIZE_T`
+	blr
+	.long		0
+	.byte		0,12,0x04,0,0x80,6,6,0
+	.long		0
+.size	.${prefix}_ctr32_encrypt_blocks,.-.${prefix}_ctr32_encrypt_blocks
+___
+}}	}}}
+
+#########################################################################
+{{{	# XTS procedures						#
+# int aes_p8_xts_[en|de]crypt(const char *inp, char *out, size_t len,	#
+#                             const AES_KEY *key1, const AES_KEY *key2,	#
+#                             [const] unsigned char iv[16]);		#
+# If $key2 is NULL, then a "tweak chaining" mode is engaged, in which	#
+# input tweak value is assumed to be encrypted already, and last tweak	#
+# value, one suitable for consecutive call on same chunk of data, is	#
+# written back to original buffer. In addition, in "tweak chaining"	#
+# mode only complete input blocks are processed.			#
+
+my ($inp,$out,$len,$key1,$key2,$ivp,$rounds,$idx) =	map("r$_",(3..10));
+my ($rndkey0,$rndkey1,$inout) =				map("v$_",(0..2));
+my ($output,$inptail,$inpperm,$leperm,$keyperm) =	map("v$_",(3..7));
+my ($tweak,$seven,$eighty7,$tmp,$tweak1) =		map("v$_",(8..12));
+my $taillen = $key2;
+
+   ($inp,$idx) = ($idx,$inp);				# reassign
+
+$code.=<<___;
+.globl	.${prefix}_xts_encrypt
+.align	5
+.${prefix}_xts_encrypt:
+	mr		$inp,r3				# reassign
+	li		r3,-1
+	${UCMP}i	$len,16
+	bltlr-
+
+	lis		r0,0xfff0
+	mfspr		r12,256				# save vrsave
+	li		r11,0
+	mtspr		256,r0
+
+	vspltisb	$seven,0x07			# 0x070707..07
+	le?lvsl		$leperm,r11,r11
+	le?vspltisb	$tmp,0x0f
+	le?vxor		$leperm,$leperm,$seven
+
+	li		$idx,15
+	lvx		$tweak,0,$ivp			# load [unaligned] iv
+	lvsl		$inpperm,0,$ivp
+	lvx		$inptail,$idx,$ivp
+	le?vxor		$inpperm,$inpperm,$tmp
+	vperm		$tweak,$tweak,$inptail,$inpperm
+
+	neg		r11,$inp
+	lvsr		$inpperm,0,r11			# prepare for unaligned load
+	lvx		$inout,0,$inp
+	addi		$inp,$inp,15			# 15 is not typo
+	le?vxor		$inpperm,$inpperm,$tmp
+
+	${UCMP}i	$key2,0				# key2==NULL?
+	beq		Lxts_enc_no_key2
+
+	?lvsl		$keyperm,0,$key2		# prepare for unaligned key
+	lwz		$rounds,240($key2)
+	srwi		$rounds,$rounds,1
+	subi		$rounds,$rounds,1
+	li		$idx,16
+
+	lvx		$rndkey0,0,$key2
+	lvx		$rndkey1,$idx,$key2
+	addi		$idx,$idx,16
+	?vperm		$rndkey0,$rndkey0,$rndkey1,$keyperm
+	vxor		$tweak,$tweak,$rndkey0
+	lvx		$rndkey0,$idx,$key2
+	addi		$idx,$idx,16
+	mtctr		$rounds
+
+Ltweak_xts_enc:
+	?vperm		$rndkey1,$rndkey1,$rndkey0,$keyperm
+	vcipher		$tweak,$tweak,$rndkey1
+	lvx		$rndkey1,$idx,$key2
+	addi		$idx,$idx,16
+	?vperm		$rndkey0,$rndkey0,$rndkey1,$keyperm
+	vcipher		$tweak,$tweak,$rndkey0
+	lvx		$rndkey0,$idx,$key2
+	addi		$idx,$idx,16
+	bdnz		Ltweak_xts_enc
+
+	?vperm		$rndkey1,$rndkey1,$rndkey0,$keyperm
+	vcipher		$tweak,$tweak,$rndkey1
+	lvx		$rndkey1,$idx,$key2
+	?vperm		$rndkey0,$rndkey0,$rndkey1,$keyperm
+	vcipherlast	$tweak,$tweak,$rndkey0
+
+	li		$ivp,0				# don't chain the tweak
+	b		Lxts_enc
+
+Lxts_enc_no_key2:
+	li		$idx,-16
+	and		$len,$len,$idx			# in "tweak chaining"
+							# mode only complete
+							# blocks are processed
+Lxts_enc:
+	lvx		$inptail,0,$inp
+	addi		$inp,$inp,16
+
+	?lvsl		$keyperm,0,$key1		# prepare for unaligned key
+	lwz		$rounds,240($key1)
+	srwi		$rounds,$rounds,1
+	subi		$rounds,$rounds,1
+	li		$idx,16
+
+	vslb		$eighty7,$seven,$seven		# 0x808080..80
+	vor		$eighty7,$eighty7,$seven	# 0x878787..87
+	vspltisb	$tmp,1				# 0x010101..01
+	vsldoi		$eighty7,$eighty7,$tmp,15	# 0x870101..01
+
+	${UCMP}i	$len,96
+	bge		_aesp8_xts_encrypt6x
+
+	andi.		$taillen,$len,15
+	subic		r0,$len,32
+	subi		$taillen,$taillen,16
+	subfe		r0,r0,r0
+	and		r0,r0,$taillen
+	add		$inp,$inp,r0
+
+	lvx		$rndkey0,0,$key1
+	lvx		$rndkey1,$idx,$key1
+	addi		$idx,$idx,16
+	vperm		$inout,$inout,$inptail,$inpperm
+	?vperm		$rndkey0,$rndkey0,$rndkey1,$keyperm
+	vxor		$inout,$inout,$tweak
+	vxor		$inout,$inout,$rndkey0
+	lvx		$rndkey0,$idx,$key1
+	addi		$idx,$idx,16
+	mtctr		$rounds
+	b		Loop_xts_enc
+
+.align	5
+Loop_xts_enc:
+	?vperm		$rndkey1,$rndkey1,$rndkey0,$keyperm
+	vcipher		$inout,$inout,$rndkey1
+	lvx		$rndkey1,$idx,$key1
+	addi		$idx,$idx,16
+	?vperm		$rndkey0,$rndkey0,$rndkey1,$keyperm
+	vcipher		$inout,$inout,$rndkey0
+	lvx		$rndkey0,$idx,$key1
+	addi		$idx,$idx,16
+	bdnz		Loop_xts_enc
+
+	?vperm		$rndkey1,$rndkey1,$rndkey0,$keyperm
+	vcipher		$inout,$inout,$rndkey1
+	lvx		$rndkey1,$idx,$key1
+	li		$idx,16
+	?vperm		$rndkey0,$rndkey0,$rndkey1,$keyperm
+	vxor		$rndkey0,$rndkey0,$tweak
+	vcipherlast	$output,$inout,$rndkey0
+
+	le?vperm	$tmp,$output,$output,$leperm
+	be?nop
+	le?stvx_u	$tmp,0,$out
+	be?stvx_u	$output,0,$out
+	addi		$out,$out,16
+
+	subic.		$len,$len,16
+	beq		Lxts_enc_done
+
+	vmr		$inout,$inptail
+	lvx		$inptail,0,$inp
+	addi		$inp,$inp,16
+	lvx		$rndkey0,0,$key1
+	lvx		$rndkey1,$idx,$key1
+	addi		$idx,$idx,16
+
+	subic		r0,$len,32
+	subfe		r0,r0,r0
+	and		r0,r0,$taillen
+	add		$inp,$inp,r0
+
+	vsrab		$tmp,$tweak,$seven		# next tweak value
+	vaddubm		$tweak,$tweak,$tweak
+	vsldoi		$tmp,$tmp,$tmp,15
+	vand		$tmp,$tmp,$eighty7
+	vxor		$tweak,$tweak,$tmp
+
+	vperm		$inout,$inout,$inptail,$inpperm
+	?vperm		$rndkey0,$rndkey0,$rndkey1,$keyperm
+	vxor		$inout,$inout,$tweak
+	vxor		$output,$output,$rndkey0	# just in case $len<16
+	vxor		$inout,$inout,$rndkey0
+	lvx		$rndkey0,$idx,$key1
+	addi		$idx,$idx,16
+
+	mtctr		$rounds
+	${UCMP}i	$len,16
+	bge		Loop_xts_enc
+
+	vxor		$output,$output,$tweak
+	lvsr		$inpperm,0,$len			# $inpperm is no longer needed
+	vxor		$inptail,$inptail,$inptail	# $inptail is no longer needed
+	vspltisb	$tmp,-1
+	vperm		$inptail,$inptail,$tmp,$inpperm
+	vsel		$inout,$inout,$output,$inptail
+
+	subi		r11,$out,17
+	subi		$out,$out,16
+	mtctr		$len
+	li		$len,16
+Loop_xts_enc_steal:
+	lbzu		r0,1(r11)
+	stb		r0,16(r11)
+	bdnz		Loop_xts_enc_steal
+
+	mtctr		$rounds
+	b		Loop_xts_enc			# one more time...
+
+Lxts_enc_done:
+	${UCMP}i	$ivp,0
+	beq		Lxts_enc_ret
+
+	vsrab		$tmp,$tweak,$seven		# next tweak value
+	vaddubm		$tweak,$tweak,$tweak
+	vsldoi		$tmp,$tmp,$tmp,15
+	vand		$tmp,$tmp,$eighty7
+	vxor		$tweak,$tweak,$tmp
+
+	le?vperm	$tweak,$tweak,$tweak,$leperm
+	stvx_u		$tweak,0,$ivp
+
+Lxts_enc_ret:
+	mtspr		256,r12				# restore vrsave
+	li		r3,0
+	blr
+	.long		0
+	.byte		0,12,0x04,0,0x80,6,6,0
+	.long		0
+.size	.${prefix}_xts_encrypt,.-.${prefix}_xts_encrypt
+
+.globl	.${prefix}_xts_decrypt
+.align	5
+.${prefix}_xts_decrypt:
+	mr		$inp,r3				# reassign
+	li		r3,-1
+	${UCMP}i	$len,16
+	bltlr-
+
+	lis		r0,0xfff8
+	mfspr		r12,256				# save vrsave
+	li		r11,0
+	mtspr		256,r0
+
+	andi.		r0,$len,15
+	neg		r0,r0
+	andi.		r0,r0,16
+	sub		$len,$len,r0
+
+	vspltisb	$seven,0x07			# 0x070707..07
+	le?lvsl		$leperm,r11,r11
+	le?vspltisb	$tmp,0x0f
+	le?vxor		$leperm,$leperm,$seven
+
+	li		$idx,15
+	lvx		$tweak,0,$ivp			# load [unaligned] iv
+	lvsl		$inpperm,0,$ivp
+	lvx		$inptail,$idx,$ivp
+	le?vxor		$inpperm,$inpperm,$tmp
+	vperm		$tweak,$tweak,$inptail,$inpperm
+
+	neg		r11,$inp
+	lvsr		$inpperm,0,r11			# prepare for unaligned load
+	lvx		$inout,0,$inp
+	addi		$inp,$inp,15			# 15 is not typo
+	le?vxor		$inpperm,$inpperm,$tmp
+
+	${UCMP}i	$key2,0				# key2==NULL?
+	beq		Lxts_dec_no_key2
+
+	?lvsl		$keyperm,0,$key2		# prepare for unaligned key
+	lwz		$rounds,240($key2)
+	srwi		$rounds,$rounds,1
+	subi		$rounds,$rounds,1
+	li		$idx,16
+
+	lvx		$rndkey0,0,$key2
+	lvx		$rndkey1,$idx,$key2
+	addi		$idx,$idx,16
+	?vperm		$rndkey0,$rndkey0,$rndkey1,$keyperm
+	vxor		$tweak,$tweak,$rndkey0
+	lvx		$rndkey0,$idx,$key2
+	addi		$idx,$idx,16
+	mtctr		$rounds
+
+Ltweak_xts_dec:
+	?vperm		$rndkey1,$rndkey1,$rndkey0,$keyperm
+	vcipher		$tweak,$tweak,$rndkey1
+	lvx		$rndkey1,$idx,$key2
+	addi		$idx,$idx,16
+	?vperm		$rndkey0,$rndkey0,$rndkey1,$keyperm
+	vcipher		$tweak,$tweak,$rndkey0
+	lvx		$rndkey0,$idx,$key2
+	addi		$idx,$idx,16
+	bdnz		Ltweak_xts_dec
+
+	?vperm		$rndkey1,$rndkey1,$rndkey0,$keyperm
+	vcipher		$tweak,$tweak,$rndkey1
+	lvx		$rndkey1,$idx,$key2
+	?vperm		$rndkey0,$rndkey0,$rndkey1,$keyperm
+	vcipherlast	$tweak,$tweak,$rndkey0
+
+	li		$ivp,0				# don't chain the tweak
+	b		Lxts_dec
+
+Lxts_dec_no_key2:
+	neg		$idx,$len
+	andi.		$idx,$idx,15
+	add		$len,$len,$idx			# in "tweak chaining"
+							# mode only complete
+							# blocks are processed
+Lxts_dec:
+	lvx		$inptail,0,$inp
+	addi		$inp,$inp,16
+
+	?lvsl		$keyperm,0,$key1		# prepare for unaligned key
+	lwz		$rounds,240($key1)
+	srwi		$rounds,$rounds,1
+	subi		$rounds,$rounds,1
+	li		$idx,16
+
+	vslb		$eighty7,$seven,$seven		# 0x808080..80
+	vor		$eighty7,$eighty7,$seven	# 0x878787..87
+	vspltisb	$tmp,1				# 0x010101..01
+	vsldoi		$eighty7,$eighty7,$tmp,15	# 0x870101..01
+
+	${UCMP}i	$len,96
+	bge		_aesp8_xts_decrypt6x
+
+	lvx		$rndkey0,0,$key1
+	lvx		$rndkey1,$idx,$key1
+	addi		$idx,$idx,16
+	vperm		$inout,$inout,$inptail,$inpperm
+	?vperm		$rndkey0,$rndkey0,$rndkey1,$keyperm
+	vxor		$inout,$inout,$tweak
+	vxor		$inout,$inout,$rndkey0
+	lvx		$rndkey0,$idx,$key1
+	addi		$idx,$idx,16
+	mtctr		$rounds
+
+	${UCMP}i	$len,16
+	blt		Ltail_xts_dec
+	be?b		Loop_xts_dec
+
+.align	5
+Loop_xts_dec:
+	?vperm		$rndkey1,$rndkey1,$rndkey0,$keyperm
+	vncipher	$inout,$inout,$rndkey1
+	lvx		$rndkey1,$idx,$key1
+	addi		$idx,$idx,16
+	?vperm		$rndkey0,$rndkey0,$rndkey1,$keyperm
+	vncipher	$inout,$inout,$rndkey0
+	lvx		$rndkey0,$idx,$key1
+	addi		$idx,$idx,16
+	bdnz		Loop_xts_dec
+
+	?vperm		$rndkey1,$rndkey1,$rndkey0,$keyperm
+	vncipher	$inout,$inout,$rndkey1
+	lvx		$rndkey1,$idx,$key1
+	li		$idx,16
+	?vperm		$rndkey0,$rndkey0,$rndkey1,$keyperm
+	vxor		$rndkey0,$rndkey0,$tweak
+	vncipherlast	$output,$inout,$rndkey0
+
+	le?vperm	$tmp,$output,$output,$leperm
+	be?nop
+	le?stvx_u	$tmp,0,$out
+	be?stvx_u	$output,0,$out
+	addi		$out,$out,16
+
+	subic.		$len,$len,16
+	beq		Lxts_dec_done
+
+	vmr		$inout,$inptail
+	lvx		$inptail,0,$inp
+	addi		$inp,$inp,16
+	lvx		$rndkey0,0,$key1
+	lvx		$rndkey1,$idx,$key1
+	addi		$idx,$idx,16
+
+	vsrab		$tmp,$tweak,$seven		# next tweak value
+	vaddubm		$tweak,$tweak,$tweak
+	vsldoi		$tmp,$tmp,$tmp,15
+	vand		$tmp,$tmp,$eighty7
+	vxor		$tweak,$tweak,$tmp
+
+	vperm		$inout,$inout,$inptail,$inpperm
+	?vperm		$rndkey0,$rndkey0,$rndkey1,$keyperm
+	vxor		$inout,$inout,$tweak
+	vxor		$inout,$inout,$rndkey0
+	lvx		$rndkey0,$idx,$key1
+	addi		$idx,$idx,16
+
+	mtctr		$rounds
+	${UCMP}i	$len,16
+	bge		Loop_xts_dec
+
+Ltail_xts_dec:
+	vsrab		$tmp,$tweak,$seven		# next tweak value
+	vaddubm		$tweak1,$tweak,$tweak
+	vsldoi		$tmp,$tmp,$tmp,15
+	vand		$tmp,$tmp,$eighty7
+	vxor		$tweak1,$tweak1,$tmp
+
+	subi		$inp,$inp,16
+	add		$inp,$inp,$len
+
+	vxor		$inout,$inout,$tweak		# :-(
+	vxor		$inout,$inout,$tweak1		# :-)
+
+Loop_xts_dec_short:
+	?vperm		$rndkey1,$rndkey1,$rndkey0,$keyperm
+	vncipher	$inout,$inout,$rndkey1
+	lvx		$rndkey1,$idx,$key1
+	addi		$idx,$idx,16
+	?vperm		$rndkey0,$rndkey0,$rndkey1,$keyperm
+	vncipher	$inout,$inout,$rndkey0
+	lvx		$rndkey0,$idx,$key1
+	addi		$idx,$idx,16
+	bdnz		Loop_xts_dec_short
+
+	?vperm		$rndkey1,$rndkey1,$rndkey0,$keyperm
+	vncipher	$inout,$inout,$rndkey1
+	lvx		$rndkey1,$idx,$key1
+	li		$idx,16
+	?vperm		$rndkey0,$rndkey0,$rndkey1,$keyperm
+	vxor		$rndkey0,$rndkey0,$tweak1
+	vncipherlast	$output,$inout,$rndkey0
+
+	le?vperm	$tmp,$output,$output,$leperm
+	be?nop
+	le?stvx_u	$tmp,0,$out
+	be?stvx_u	$output,0,$out
+
+	vmr		$inout,$inptail
+	lvx		$inptail,0,$inp
+	#addi		$inp,$inp,16
+	lvx		$rndkey0,0,$key1
+	lvx		$rndkey1,$idx,$key1
+	addi		$idx,$idx,16
+	vperm		$inout,$inout,$inptail,$inpperm
+	?vperm		$rndkey0,$rndkey0,$rndkey1,$keyperm
+
+	lvsr		$inpperm,0,$len			# $inpperm is no longer needed
+	vxor		$inptail,$inptail,$inptail	# $inptail is no longer needed
+	vspltisb	$tmp,-1
+	vperm		$inptail,$inptail,$tmp,$inpperm
+	vsel		$inout,$inout,$output,$inptail
+
+	vxor		$rndkey0,$rndkey0,$tweak
+	vxor		$inout,$inout,$rndkey0
+	lvx		$rndkey0,$idx,$key1
+	addi		$idx,$idx,16
+
+	subi		r11,$out,1
+	mtctr		$len
+	li		$len,16
+Loop_xts_dec_steal:
+	lbzu		r0,1(r11)
+	stb		r0,16(r11)
+	bdnz		Loop_xts_dec_steal
+
+	mtctr		$rounds
+	b		Loop_xts_dec			# one more time...
+
+Lxts_dec_done:
+	${UCMP}i	$ivp,0
+	beq		Lxts_dec_ret
+
+	vsrab		$tmp,$tweak,$seven		# next tweak value
+	vaddubm		$tweak,$tweak,$tweak
+	vsldoi		$tmp,$tmp,$tmp,15
+	vand		$tmp,$tmp,$eighty7
+	vxor		$tweak,$tweak,$tmp
+
+	le?vperm	$tweak,$tweak,$tweak,$leperm
+	stvx_u		$tweak,0,$ivp
+
+Lxts_dec_ret:
+	mtspr		256,r12				# restore vrsave
+	li		r3,0
+	blr
+	.long		0
+	.byte		0,12,0x04,0,0x80,6,6,0
+	.long		0
+.size	.${prefix}_xts_decrypt,.-.${prefix}_xts_decrypt
+___
+#########################################################################
+{{	# Optimized XTS procedures					#
+my $key_=$key2;
+my ($x00,$x10,$x20,$x30,$x40,$x50,$x60,$x70)=map("r$_",(0,3,26..31));
+    $x00=0 if ($flavour =~ /osx/);
+my ($in0,  $in1,  $in2,  $in3,  $in4,  $in5 )=map("v$_",(0..5));
+my ($out0, $out1, $out2, $out3, $out4, $out5)=map("v$_",(7,12..16));
+my ($twk0, $twk1, $twk2, $twk3, $twk4, $twk5)=map("v$_",(17..22));
+my $rndkey0="v23";	# v24-v25 rotating buffer for first found keys
+			# v26-v31 last 6 round keys
+my ($keyperm)=($out0);	# aliases with "caller", redundant assignment
+my $taillen=$x70;
+
+$code.=<<___;
+.align	5
+_aesp8_xts_encrypt6x:
+	$STU		$sp,-`($FRAME+21*16+6*$SIZE_T)`($sp)
+	mflr		r11
+	li		r7,`$FRAME+8*16+15`
+	li		r3,`$FRAME+8*16+31`
+	$PUSH		r11,`$FRAME+21*16+6*$SIZE_T+$LRSAVE`($sp)
+	stvx		v20,r7,$sp		# ABI says so
+	addi		r7,r7,32
+	stvx		v21,r3,$sp
+	addi		r3,r3,32
+	stvx		v22,r7,$sp
+	addi		r7,r7,32
+	stvx		v23,r3,$sp
+	addi		r3,r3,32
+	stvx		v24,r7,$sp
+	addi		r7,r7,32
+	stvx		v25,r3,$sp
+	addi		r3,r3,32
+	stvx		v26,r7,$sp
+	addi		r7,r7,32
+	stvx		v27,r3,$sp
+	addi		r3,r3,32
+	stvx		v28,r7,$sp
+	addi		r7,r7,32
+	stvx		v29,r3,$sp
+	addi		r3,r3,32
+	stvx		v30,r7,$sp
+	stvx		v31,r3,$sp
+	li		r0,-1
+	stw		$vrsave,`$FRAME+21*16-4`($sp)	# save vrsave
+	li		$x10,0x10
+	$PUSH		r26,`$FRAME+21*16+0*$SIZE_T`($sp)
+	li		$x20,0x20
+	$PUSH		r27,`$FRAME+21*16+1*$SIZE_T`($sp)
+	li		$x30,0x30
+	$PUSH		r28,`$FRAME+21*16+2*$SIZE_T`($sp)
+	li		$x40,0x40
+	$PUSH		r29,`$FRAME+21*16+3*$SIZE_T`($sp)
+	li		$x50,0x50
+	$PUSH		r30,`$FRAME+21*16+4*$SIZE_T`($sp)
+	li		$x60,0x60
+	$PUSH		r31,`$FRAME+21*16+5*$SIZE_T`($sp)
+	li		$x70,0x70
+	mtspr		256,r0
+
+	subi		$rounds,$rounds,3	# -4 in total
+
+	lvx		$rndkey0,$x00,$key1	# load key schedule
+	lvx		v30,$x10,$key1
+	addi		$key1,$key1,0x20
+	lvx		v31,$x00,$key1
+	?vperm		$rndkey0,$rndkey0,v30,$keyperm
+	addi		$key_,$sp,$FRAME+15
+	mtctr		$rounds
+
+Load_xts_enc_key:
+	?vperm		v24,v30,v31,$keyperm
+	lvx		v30,$x10,$key1
+	addi		$key1,$key1,0x20
+	stvx		v24,$x00,$key_		# off-load round[1]
+	?vperm		v25,v31,v30,$keyperm
+	lvx		v31,$x00,$key1
+	stvx		v25,$x10,$key_		# off-load round[2]
+	addi		$key_,$key_,0x20
+	bdnz		Load_xts_enc_key
+
+	lvx		v26,$x10,$key1
+	?vperm		v24,v30,v31,$keyperm
+	lvx		v27,$x20,$key1
+	stvx		v24,$x00,$key_		# off-load round[3]
+	?vperm		v25,v31,v26,$keyperm
+	lvx		v28,$x30,$key1
+	stvx		v25,$x10,$key_		# off-load round[4]
+	addi		$key_,$sp,$FRAME+15	# rewind $key_
+	?vperm		v26,v26,v27,$keyperm
+	lvx		v29,$x40,$key1
+	?vperm		v27,v27,v28,$keyperm
+	lvx		v30,$x50,$key1
+	?vperm		v28,v28,v29,$keyperm
+	lvx		v31,$x60,$key1
+	?vperm		v29,v29,v30,$keyperm
+	lvx		$twk5,$x70,$key1	# borrow $twk5
+	?vperm		v30,v30,v31,$keyperm
+	lvx		v24,$x00,$key_		# pre-load round[1]
+	?vperm		v31,v31,$twk5,$keyperm
+	lvx		v25,$x10,$key_		# pre-load round[2]
+
+	 vperm		$in0,$inout,$inptail,$inpperm
+	 subi		$inp,$inp,31		# undo "caller"
+	vxor		$twk0,$tweak,$rndkey0
+	vsrab		$tmp,$tweak,$seven	# next tweak value
+	vaddubm		$tweak,$tweak,$tweak
+	vsldoi		$tmp,$tmp,$tmp,15
+	vand		$tmp,$tmp,$eighty7
+	 vxor		$out0,$in0,$twk0
+	vxor		$tweak,$tweak,$tmp
+
+	 lvx_u		$in1,$x10,$inp
+	vxor		$twk1,$tweak,$rndkey0
+	vsrab		$tmp,$tweak,$seven	# next tweak value
+	vaddubm		$tweak,$tweak,$tweak
+	vsldoi		$tmp,$tmp,$tmp,15
+	 le?vperm	$in1,$in1,$in1,$leperm
+	vand		$tmp,$tmp,$eighty7
+	 vxor		$out1,$in1,$twk1
+	vxor		$tweak,$tweak,$tmp
+
+	 lvx_u		$in2,$x20,$inp
+	 andi.		$taillen,$len,15
+	vxor		$twk2,$tweak,$rndkey0
+	vsrab		$tmp,$tweak,$seven	# next tweak value
+	vaddubm		$tweak,$tweak,$tweak
+	vsldoi		$tmp,$tmp,$tmp,15
+	 le?vperm	$in2,$in2,$in2,$leperm
+	vand		$tmp,$tmp,$eighty7
+	 vxor		$out2,$in2,$twk2
+	vxor		$tweak,$tweak,$tmp
+
+	 lvx_u		$in3,$x30,$inp
+	 sub		$len,$len,$taillen
+	vxor		$twk3,$tweak,$rndkey0
+	vsrab		$tmp,$tweak,$seven	# next tweak value
+	vaddubm		$tweak,$tweak,$tweak
+	vsldoi		$tmp,$tmp,$tmp,15
+	 le?vperm	$in3,$in3,$in3,$leperm
+	vand		$tmp,$tmp,$eighty7
+	 vxor		$out3,$in3,$twk3
+	vxor		$tweak,$tweak,$tmp
+
+	 lvx_u		$in4,$x40,$inp
+	 subi		$len,$len,0x60
+	vxor		$twk4,$tweak,$rndkey0
+	vsrab		$tmp,$tweak,$seven	# next tweak value
+	vaddubm		$tweak,$tweak,$tweak
+	vsldoi		$tmp,$tmp,$tmp,15
+	 le?vperm	$in4,$in4,$in4,$leperm
+	vand		$tmp,$tmp,$eighty7
+	 vxor		$out4,$in4,$twk4
+	vxor		$tweak,$tweak,$tmp
+
+	 lvx_u		$in5,$x50,$inp
+	 addi		$inp,$inp,0x60
+	vxor		$twk5,$tweak,$rndkey0
+	vsrab		$tmp,$tweak,$seven	# next tweak value
+	vaddubm		$tweak,$tweak,$tweak
+	vsldoi		$tmp,$tmp,$tmp,15
+	 le?vperm	$in5,$in5,$in5,$leperm
+	vand		$tmp,$tmp,$eighty7
+	 vxor		$out5,$in5,$twk5
+	vxor		$tweak,$tweak,$tmp
+
+	vxor		v31,v31,$rndkey0
+	mtctr		$rounds
+	b		Loop_xts_enc6x
+
+.align	5
+Loop_xts_enc6x:
+	vcipher		$out0,$out0,v24
+	vcipher		$out1,$out1,v24
+	vcipher		$out2,$out2,v24
+	vcipher		$out3,$out3,v24
+	vcipher		$out4,$out4,v24
+	vcipher		$out5,$out5,v24
+	lvx		v24,$x20,$key_		# round[3]
+	addi		$key_,$key_,0x20
+
+	vcipher		$out0,$out0,v25
+	vcipher		$out1,$out1,v25
+	vcipher		$out2,$out2,v25
+	vcipher		$out3,$out3,v25
+	vcipher		$out4,$out4,v25
+	vcipher		$out5,$out5,v25
+	lvx		v25,$x10,$key_		# round[4]
+	bdnz		Loop_xts_enc6x
+
+	subic		$len,$len,96		# $len-=96
+	 vxor		$in0,$twk0,v31		# xor with last round key
+	vcipher		$out0,$out0,v24
+	vcipher		$out1,$out1,v24
+	 vsrab		$tmp,$tweak,$seven	# next tweak value
+	 vxor		$twk0,$tweak,$rndkey0
+	 vaddubm	$tweak,$tweak,$tweak
+	vcipher		$out2,$out2,v24
+	vcipher		$out3,$out3,v24
+	 vsldoi		$tmp,$tmp,$tmp,15
+	vcipher		$out4,$out4,v24
+	vcipher		$out5,$out5,v24
+
+	subfe.		r0,r0,r0		# borrow?-1:0
+	 vand		$tmp,$tmp,$eighty7
+	vcipher		$out0,$out0,v25
+	vcipher		$out1,$out1,v25
+	 vxor		$tweak,$tweak,$tmp
+	vcipher		$out2,$out2,v25
+	vcipher		$out3,$out3,v25
+	 vxor		$in1,$twk1,v31
+	 vsrab		$tmp,$tweak,$seven	# next tweak value
+	 vxor		$twk1,$tweak,$rndkey0
+	vcipher		$out4,$out4,v25
+	vcipher		$out5,$out5,v25
+
+	and		r0,r0,$len
+	 vaddubm	$tweak,$tweak,$tweak
+	 vsldoi		$tmp,$tmp,$tmp,15
+	vcipher		$out0,$out0,v26
+	vcipher		$out1,$out1,v26
+	 vand		$tmp,$tmp,$eighty7
+	vcipher		$out2,$out2,v26
+	vcipher		$out3,$out3,v26
+	 vxor		$tweak,$tweak,$tmp
+	vcipher		$out4,$out4,v26
+	vcipher		$out5,$out5,v26
+
+	add		$inp,$inp,r0		# $inp is adjusted in such
+						# way that at exit from the
+						# loop inX-in5 are loaded
+						# with last "words"
+	 vxor		$in2,$twk2,v31
+	 vsrab		$tmp,$tweak,$seven	# next tweak value
+	 vxor		$twk2,$tweak,$rndkey0
+	 vaddubm	$tweak,$tweak,$tweak
+	vcipher		$out0,$out0,v27
+	vcipher		$out1,$out1,v27
+	 vsldoi		$tmp,$tmp,$tmp,15
+	vcipher		$out2,$out2,v27
+	vcipher		$out3,$out3,v27
+	 vand		$tmp,$tmp,$eighty7
+	vcipher		$out4,$out4,v27
+	vcipher		$out5,$out5,v27
+
+	addi		$key_,$sp,$FRAME+15	# rewind $key_
+	 vxor		$tweak,$tweak,$tmp
+	vcipher		$out0,$out0,v28
+	vcipher		$out1,$out1,v28
+	 vxor		$in3,$twk3,v31
+	 vsrab		$tmp,$tweak,$seven	# next tweak value
+	 vxor		$twk3,$tweak,$rndkey0
+	vcipher		$out2,$out2,v28
+	vcipher		$out3,$out3,v28
+	 vaddubm	$tweak,$tweak,$tweak
+	 vsldoi		$tmp,$tmp,$tmp,15
+	vcipher		$out4,$out4,v28
+	vcipher		$out5,$out5,v28
+	lvx		v24,$x00,$key_		# re-pre-load round[1]
+	 vand		$tmp,$tmp,$eighty7
+
+	vcipher		$out0,$out0,v29
+	vcipher		$out1,$out1,v29
+	 vxor		$tweak,$tweak,$tmp
+	vcipher		$out2,$out2,v29
+	vcipher		$out3,$out3,v29
+	 vxor		$in4,$twk4,v31
+	 vsrab		$tmp,$tweak,$seven	# next tweak value
+	 vxor		$twk4,$tweak,$rndkey0
+	vcipher		$out4,$out4,v29
+	vcipher		$out5,$out5,v29
+	lvx		v25,$x10,$key_		# re-pre-load round[2]
+	 vaddubm	$tweak,$tweak,$tweak
+	 vsldoi		$tmp,$tmp,$tmp,15
+
+	vcipher		$out0,$out0,v30
+	vcipher		$out1,$out1,v30
+	 vand		$tmp,$tmp,$eighty7
+	vcipher		$out2,$out2,v30
+	vcipher		$out3,$out3,v30
+	 vxor		$tweak,$tweak,$tmp
+	vcipher		$out4,$out4,v30
+	vcipher		$out5,$out5,v30
+	 vxor		$in5,$twk5,v31
+	 vsrab		$tmp,$tweak,$seven	# next tweak value
+	 vxor		$twk5,$tweak,$rndkey0
+
+	vcipherlast	$out0,$out0,$in0
+	 lvx_u		$in0,$x00,$inp		# load next input block
+	 vaddubm	$tweak,$tweak,$tweak
+	 vsldoi		$tmp,$tmp,$tmp,15
+	vcipherlast	$out1,$out1,$in1
+	 lvx_u		$in1,$x10,$inp
+	vcipherlast	$out2,$out2,$in2
+	 le?vperm	$in0,$in0,$in0,$leperm
+	 lvx_u		$in2,$x20,$inp
+	 vand		$tmp,$tmp,$eighty7
+	vcipherlast	$out3,$out3,$in3
+	 le?vperm	$in1,$in1,$in1,$leperm
+	 lvx_u		$in3,$x30,$inp
+	vcipherlast	$out4,$out4,$in4
+	 le?vperm	$in2,$in2,$in2,$leperm
+	 lvx_u		$in4,$x40,$inp
+	 vxor		$tweak,$tweak,$tmp
+	vcipherlast	$tmp,$out5,$in5		# last block might be needed
+						# in stealing mode
+	 le?vperm	$in3,$in3,$in3,$leperm
+	 lvx_u		$in5,$x50,$inp
+	 addi		$inp,$inp,0x60
+	 le?vperm	$in4,$in4,$in4,$leperm
+	 le?vperm	$in5,$in5,$in5,$leperm
+
+	le?vperm	$out0,$out0,$out0,$leperm
+	le?vperm	$out1,$out1,$out1,$leperm
+	stvx_u		$out0,$x00,$out		# store output
+	 vxor		$out0,$in0,$twk0
+	le?vperm	$out2,$out2,$out2,$leperm
+	stvx_u		$out1,$x10,$out
+	 vxor		$out1,$in1,$twk1
+	le?vperm	$out3,$out3,$out3,$leperm
+	stvx_u		$out2,$x20,$out
+	 vxor		$out2,$in2,$twk2
+	le?vperm	$out4,$out4,$out4,$leperm
+	stvx_u		$out3,$x30,$out
+	 vxor		$out3,$in3,$twk3
+	le?vperm	$out5,$tmp,$tmp,$leperm
+	stvx_u		$out4,$x40,$out
+	 vxor		$out4,$in4,$twk4
+	le?stvx_u	$out5,$x50,$out
+	be?stvx_u	$tmp, $x50,$out
+	 vxor		$out5,$in5,$twk5
+	addi		$out,$out,0x60
+
+	mtctr		$rounds
+	beq		Loop_xts_enc6x		# did $len-=96 borrow?
+
+	addic.		$len,$len,0x60
+	beq		Lxts_enc6x_zero
+	cmpwi		$len,0x20
+	blt		Lxts_enc6x_one
+	nop
+	beq		Lxts_enc6x_two
+	cmpwi		$len,0x40
+	blt		Lxts_enc6x_three
+	nop
+	beq		Lxts_enc6x_four
+
+Lxts_enc6x_five:
+	vxor		$out0,$in1,$twk0
+	vxor		$out1,$in2,$twk1
+	vxor		$out2,$in3,$twk2
+	vxor		$out3,$in4,$twk3
+	vxor		$out4,$in5,$twk4
+
+	bl		_aesp8_xts_enc5x
+
+	le?vperm	$out0,$out0,$out0,$leperm
+	vmr		$twk0,$twk5		# unused tweak
+	le?vperm	$out1,$out1,$out1,$leperm
+	stvx_u		$out0,$x00,$out		# store output
+	le?vperm	$out2,$out2,$out2,$leperm
+	stvx_u		$out1,$x10,$out
+	le?vperm	$out3,$out3,$out3,$leperm
+	stvx_u		$out2,$x20,$out
+	vxor		$tmp,$out4,$twk5	# last block prep for stealing
+	le?vperm	$out4,$out4,$out4,$leperm
+	stvx_u		$out3,$x30,$out
+	stvx_u		$out4,$x40,$out
+	addi		$out,$out,0x50
+	bne		Lxts_enc6x_steal
+	b		Lxts_enc6x_done
+
+.align	4
+Lxts_enc6x_four:
+	vxor		$out0,$in2,$twk0
+	vxor		$out1,$in3,$twk1
+	vxor		$out2,$in4,$twk2
+	vxor		$out3,$in5,$twk3
+	vxor		$out4,$out4,$out4
+
+	bl		_aesp8_xts_enc5x
+
+	le?vperm	$out0,$out0,$out0,$leperm
+	vmr		$twk0,$twk4		# unused tweak
+	le?vperm	$out1,$out1,$out1,$leperm
+	stvx_u		$out0,$x00,$out		# store output
+	le?vperm	$out2,$out2,$out2,$leperm
+	stvx_u		$out1,$x10,$out
+	vxor		$tmp,$out3,$twk4	# last block prep for stealing
+	le?vperm	$out3,$out3,$out3,$leperm
+	stvx_u		$out2,$x20,$out
+	stvx_u		$out3,$x30,$out
+	addi		$out,$out,0x40
+	bne		Lxts_enc6x_steal
+	b		Lxts_enc6x_done
+
+.align	4
+Lxts_enc6x_three:
+	vxor		$out0,$in3,$twk0
+	vxor		$out1,$in4,$twk1
+	vxor		$out2,$in5,$twk2
+	vxor		$out3,$out3,$out3
+	vxor		$out4,$out4,$out4
+
+	bl		_aesp8_xts_enc5x
+
+	le?vperm	$out0,$out0,$out0,$leperm
+	vmr		$twk0,$twk3		# unused tweak
+	le?vperm	$out1,$out1,$out1,$leperm
+	stvx_u		$out0,$x00,$out		# store output
+	vxor		$tmp,$out2,$twk3	# last block prep for stealing
+	le?vperm	$out2,$out2,$out2,$leperm
+	stvx_u		$out1,$x10,$out
+	stvx_u		$out2,$x20,$out
+	addi		$out,$out,0x30
+	bne		Lxts_enc6x_steal
+	b		Lxts_enc6x_done
+
+.align	4
+Lxts_enc6x_two:
+	vxor		$out0,$in4,$twk0
+	vxor		$out1,$in5,$twk1
+	vxor		$out2,$out2,$out2
+	vxor		$out3,$out3,$out3
+	vxor		$out4,$out4,$out4
+
+	bl		_aesp8_xts_enc5x
+
+	le?vperm	$out0,$out0,$out0,$leperm
+	vmr		$twk0,$twk2		# unused tweak
+	vxor		$tmp,$out1,$twk2	# last block prep for stealing
+	le?vperm	$out1,$out1,$out1,$leperm
+	stvx_u		$out0,$x00,$out		# store output
+	stvx_u		$out1,$x10,$out
+	addi		$out,$out,0x20
+	bne		Lxts_enc6x_steal
+	b		Lxts_enc6x_done
+
+.align	4
+Lxts_enc6x_one:
+	vxor		$out0,$in5,$twk0
+	nop
+Loop_xts_enc1x:
+	vcipher		$out0,$out0,v24
+	lvx		v24,$x20,$key_		# round[3]
+	addi		$key_,$key_,0x20
+
+	vcipher		$out0,$out0,v25
+	lvx		v25,$x10,$key_		# round[4]
+	bdnz		Loop_xts_enc1x
+
+	add		$inp,$inp,$taillen
+	cmpwi		$taillen,0
+	vcipher		$out0,$out0,v24
+
+	subi		$inp,$inp,16
+	vcipher		$out0,$out0,v25
+
+	lvsr		$inpperm,0,$taillen
+	vcipher		$out0,$out0,v26
+
+	lvx_u		$in0,0,$inp
+	vcipher		$out0,$out0,v27
+
+	addi		$key_,$sp,$FRAME+15	# rewind $key_
+	vcipher		$out0,$out0,v28
+	lvx		v24,$x00,$key_		# re-pre-load round[1]
+
+	vcipher		$out0,$out0,v29
+	lvx		v25,$x10,$key_		# re-pre-load round[2]
+	 vxor		$twk0,$twk0,v31
+
+	le?vperm	$in0,$in0,$in0,$leperm
+	vcipher		$out0,$out0,v30
+
+	vperm		$in0,$in0,$in0,$inpperm
+	vcipherlast	$out0,$out0,$twk0
+
+	vmr		$twk0,$twk1		# unused tweak
+	vxor		$tmp,$out0,$twk1	# last block prep for stealing
+	le?vperm	$out0,$out0,$out0,$leperm
+	stvx_u		$out0,$x00,$out		# store output
+	addi		$out,$out,0x10
+	bne		Lxts_enc6x_steal
+	b		Lxts_enc6x_done
+
+.align	4
+Lxts_enc6x_zero:
+	cmpwi		$taillen,0
+	beq		Lxts_enc6x_done
+
+	add		$inp,$inp,$taillen
+	subi		$inp,$inp,16
+	lvx_u		$in0,0,$inp
+	lvsr		$inpperm,0,$taillen	# $in5 is no more
+	le?vperm	$in0,$in0,$in0,$leperm
+	vperm		$in0,$in0,$in0,$inpperm
+	vxor		$tmp,$tmp,$twk0
+Lxts_enc6x_steal:
+	vxor		$in0,$in0,$twk0
+	vxor		$out0,$out0,$out0
+	vspltisb	$out1,-1
+	vperm		$out0,$out0,$out1,$inpperm
+	vsel		$out0,$in0,$tmp,$out0	# $tmp is last block, remember?
+
+	subi		r30,$out,17
+	subi		$out,$out,16
+	mtctr		$taillen
+Loop_xts_enc6x_steal:
+	lbzu		r0,1(r30)
+	stb		r0,16(r30)
+	bdnz		Loop_xts_enc6x_steal
+
+	li		$taillen,0
+	mtctr		$rounds
+	b		Loop_xts_enc1x		# one more time...
+
+.align	4
+Lxts_enc6x_done:
+	${UCMP}i	$ivp,0
+	beq		Lxts_enc6x_ret
+
+	vxor		$tweak,$twk0,$rndkey0
+	le?vperm	$tweak,$tweak,$tweak,$leperm
+	stvx_u		$tweak,0,$ivp
+
+Lxts_enc6x_ret:
+	mtlr		r11
+	li		r10,`$FRAME+15`
+	li		r11,`$FRAME+31`
+	stvx		$seven,r10,$sp		# wipe copies of round keys
+	addi		r10,r10,32
+	stvx		$seven,r11,$sp
+	addi		r11,r11,32
+	stvx		$seven,r10,$sp
+	addi		r10,r10,32
+	stvx		$seven,r11,$sp
+	addi		r11,r11,32
+	stvx		$seven,r10,$sp
+	addi		r10,r10,32
+	stvx		$seven,r11,$sp
+	addi		r11,r11,32
+	stvx		$seven,r10,$sp
+	addi		r10,r10,32
+	stvx		$seven,r11,$sp
+	addi		r11,r11,32
+
+	mtspr		256,$vrsave
+	lvx		v20,r10,$sp		# ABI says so
+	addi		r10,r10,32
+	lvx		v21,r11,$sp
+	addi		r11,r11,32
+	lvx		v22,r10,$sp
+	addi		r10,r10,32
+	lvx		v23,r11,$sp
+	addi		r11,r11,32
+	lvx		v24,r10,$sp
+	addi		r10,r10,32
+	lvx		v25,r11,$sp
+	addi		r11,r11,32
+	lvx		v26,r10,$sp
+	addi		r10,r10,32
+	lvx		v27,r11,$sp
+	addi		r11,r11,32
+	lvx		v28,r10,$sp
+	addi		r10,r10,32
+	lvx		v29,r11,$sp
+	addi		r11,r11,32
+	lvx		v30,r10,$sp
+	lvx		v31,r11,$sp
+	$POP		r26,`$FRAME+21*16+0*$SIZE_T`($sp)
+	$POP		r27,`$FRAME+21*16+1*$SIZE_T`($sp)
+	$POP		r28,`$FRAME+21*16+2*$SIZE_T`($sp)
+	$POP		r29,`$FRAME+21*16+3*$SIZE_T`($sp)
+	$POP		r30,`$FRAME+21*16+4*$SIZE_T`($sp)
+	$POP		r31,`$FRAME+21*16+5*$SIZE_T`($sp)
+	addi		$sp,$sp,`$FRAME+21*16+6*$SIZE_T`
+	blr
+	.long		0
+	.byte		0,12,0x04,1,0x80,6,6,0
+	.long		0
+
+.align	5
+_aesp8_xts_enc5x:
+	vcipher		$out0,$out0,v24
+	vcipher		$out1,$out1,v24
+	vcipher		$out2,$out2,v24
+	vcipher		$out3,$out3,v24
+	vcipher		$out4,$out4,v24
+	lvx		v24,$x20,$key_		# round[3]
+	addi		$key_,$key_,0x20
+
+	vcipher		$out0,$out0,v25
+	vcipher		$out1,$out1,v25
+	vcipher		$out2,$out2,v25
+	vcipher		$out3,$out3,v25
+	vcipher		$out4,$out4,v25
+	lvx		v25,$x10,$key_		# round[4]
+	bdnz		_aesp8_xts_enc5x
+
+	add		$inp,$inp,$taillen
+	cmpwi		$taillen,0
+	vcipher		$out0,$out0,v24
+	vcipher		$out1,$out1,v24
+	vcipher		$out2,$out2,v24
+	vcipher		$out3,$out3,v24
+	vcipher		$out4,$out4,v24
+
+	subi		$inp,$inp,16
+	vcipher		$out0,$out0,v25
+	vcipher		$out1,$out1,v25
+	vcipher		$out2,$out2,v25
+	vcipher		$out3,$out3,v25
+	vcipher		$out4,$out4,v25
+	 vxor		$twk0,$twk0,v31
+
+	vcipher		$out0,$out0,v26
+	lvsr		$inpperm,0,$taillen	# $in5 is no more
+	vcipher		$out1,$out1,v26
+	vcipher		$out2,$out2,v26
+	vcipher		$out3,$out3,v26
+	vcipher		$out4,$out4,v26
+	 vxor		$in1,$twk1,v31
+
+	vcipher		$out0,$out0,v27
+	lvx_u		$in0,0,$inp
+	vcipher		$out1,$out1,v27
+	vcipher		$out2,$out2,v27
+	vcipher		$out3,$out3,v27
+	vcipher		$out4,$out4,v27
+	 vxor		$in2,$twk2,v31
+
+	addi		$key_,$sp,$FRAME+15	# rewind $key_
+	vcipher		$out0,$out0,v28
+	vcipher		$out1,$out1,v28
+	vcipher		$out2,$out2,v28
+	vcipher		$out3,$out3,v28
+	vcipher		$out4,$out4,v28
+	lvx		v24,$x00,$key_		# re-pre-load round[1]
+	 vxor		$in3,$twk3,v31
+
+	vcipher		$out0,$out0,v29
+	le?vperm	$in0,$in0,$in0,$leperm
+	vcipher		$out1,$out1,v29
+	vcipher		$out2,$out2,v29
+	vcipher		$out3,$out3,v29
+	vcipher		$out4,$out4,v29
+	lvx		v25,$x10,$key_		# re-pre-load round[2]
+	 vxor		$in4,$twk4,v31
+
+	vcipher		$out0,$out0,v30
+	vperm		$in0,$in0,$in0,$inpperm
+	vcipher		$out1,$out1,v30
+	vcipher		$out2,$out2,v30
+	vcipher		$out3,$out3,v30
+	vcipher		$out4,$out4,v30
+
+	vcipherlast	$out0,$out0,$twk0
+	vcipherlast	$out1,$out1,$in1
+	vcipherlast	$out2,$out2,$in2
+	vcipherlast	$out3,$out3,$in3
+	vcipherlast	$out4,$out4,$in4
+	blr
+        .long   	0
+        .byte   	0,12,0x14,0,0,0,0,0
+
+.align	5
+_aesp8_xts_decrypt6x:
+	$STU		$sp,-`($FRAME+21*16+6*$SIZE_T)`($sp)
+	mflr		r11
+	li		r7,`$FRAME+8*16+15`
+	li		r3,`$FRAME+8*16+31`
+	$PUSH		r11,`$FRAME+21*16+6*$SIZE_T+$LRSAVE`($sp)
+	stvx		v20,r7,$sp		# ABI says so
+	addi		r7,r7,32
+	stvx		v21,r3,$sp
+	addi		r3,r3,32
+	stvx		v22,r7,$sp
+	addi		r7,r7,32
+	stvx		v23,r3,$sp
+	addi		r3,r3,32
+	stvx		v24,r7,$sp
+	addi		r7,r7,32
+	stvx		v25,r3,$sp
+	addi		r3,r3,32
+	stvx		v26,r7,$sp
+	addi		r7,r7,32
+	stvx		v27,r3,$sp
+	addi		r3,r3,32
+	stvx		v28,r7,$sp
+	addi		r7,r7,32
+	stvx		v29,r3,$sp
+	addi		r3,r3,32
+	stvx		v30,r7,$sp
+	stvx		v31,r3,$sp
+	li		r0,-1
+	stw		$vrsave,`$FRAME+21*16-4`($sp)	# save vrsave
+	li		$x10,0x10
+	$PUSH		r26,`$FRAME+21*16+0*$SIZE_T`($sp)
+	li		$x20,0x20
+	$PUSH		r27,`$FRAME+21*16+1*$SIZE_T`($sp)
+	li		$x30,0x30
+	$PUSH		r28,`$FRAME+21*16+2*$SIZE_T`($sp)
+	li		$x40,0x40
+	$PUSH		r29,`$FRAME+21*16+3*$SIZE_T`($sp)
+	li		$x50,0x50
+	$PUSH		r30,`$FRAME+21*16+4*$SIZE_T`($sp)
+	li		$x60,0x60
+	$PUSH		r31,`$FRAME+21*16+5*$SIZE_T`($sp)
+	li		$x70,0x70
+	mtspr		256,r0
+
+	subi		$rounds,$rounds,3	# -4 in total
+
+	lvx		$rndkey0,$x00,$key1	# load key schedule
+	lvx		v30,$x10,$key1
+	addi		$key1,$key1,0x20
+	lvx		v31,$x00,$key1
+	?vperm		$rndkey0,$rndkey0,v30,$keyperm
+	addi		$key_,$sp,$FRAME+15
+	mtctr		$rounds
+
+Load_xts_dec_key:
+	?vperm		v24,v30,v31,$keyperm
+	lvx		v30,$x10,$key1
+	addi		$key1,$key1,0x20
+	stvx		v24,$x00,$key_		# off-load round[1]
+	?vperm		v25,v31,v30,$keyperm
+	lvx		v31,$x00,$key1
+	stvx		v25,$x10,$key_		# off-load round[2]
+	addi		$key_,$key_,0x20
+	bdnz		Load_xts_dec_key
+
+	lvx		v26,$x10,$key1
+	?vperm		v24,v30,v31,$keyperm
+	lvx		v27,$x20,$key1
+	stvx		v24,$x00,$key_		# off-load round[3]
+	?vperm		v25,v31,v26,$keyperm
+	lvx		v28,$x30,$key1
+	stvx		v25,$x10,$key_		# off-load round[4]
+	addi		$key_,$sp,$FRAME+15	# rewind $key_
+	?vperm		v26,v26,v27,$keyperm
+	lvx		v29,$x40,$key1
+	?vperm		v27,v27,v28,$keyperm
+	lvx		v30,$x50,$key1
+	?vperm		v28,v28,v29,$keyperm
+	lvx		v31,$x60,$key1
+	?vperm		v29,v29,v30,$keyperm
+	lvx		$twk5,$x70,$key1	# borrow $twk5
+	?vperm		v30,v30,v31,$keyperm
+	lvx		v24,$x00,$key_		# pre-load round[1]
+	?vperm		v31,v31,$twk5,$keyperm
+	lvx		v25,$x10,$key_		# pre-load round[2]
+
+	 vperm		$in0,$inout,$inptail,$inpperm
+	 subi		$inp,$inp,31		# undo "caller"
+	vxor		$twk0,$tweak,$rndkey0
+	vsrab		$tmp,$tweak,$seven	# next tweak value
+	vaddubm		$tweak,$tweak,$tweak
+	vsldoi		$tmp,$tmp,$tmp,15
+	vand		$tmp,$tmp,$eighty7
+	 vxor		$out0,$in0,$twk0
+	vxor		$tweak,$tweak,$tmp
+
+	 lvx_u		$in1,$x10,$inp
+	vxor		$twk1,$tweak,$rndkey0
+	vsrab		$tmp,$tweak,$seven	# next tweak value
+	vaddubm		$tweak,$tweak,$tweak
+	vsldoi		$tmp,$tmp,$tmp,15
+	 le?vperm	$in1,$in1,$in1,$leperm
+	vand		$tmp,$tmp,$eighty7
+	 vxor		$out1,$in1,$twk1
+	vxor		$tweak,$tweak,$tmp
+
+	 lvx_u		$in2,$x20,$inp
+	 andi.		$taillen,$len,15
+	vxor		$twk2,$tweak,$rndkey0
+	vsrab		$tmp,$tweak,$seven	# next tweak value
+	vaddubm		$tweak,$tweak,$tweak
+	vsldoi		$tmp,$tmp,$tmp,15
+	 le?vperm	$in2,$in2,$in2,$leperm
+	vand		$tmp,$tmp,$eighty7
+	 vxor		$out2,$in2,$twk2
+	vxor		$tweak,$tweak,$tmp
+
+	 lvx_u		$in3,$x30,$inp
+	 sub		$len,$len,$taillen
+	vxor		$twk3,$tweak,$rndkey0
+	vsrab		$tmp,$tweak,$seven	# next tweak value
+	vaddubm		$tweak,$tweak,$tweak
+	vsldoi		$tmp,$tmp,$tmp,15
+	 le?vperm	$in3,$in3,$in3,$leperm
+	vand		$tmp,$tmp,$eighty7
+	 vxor		$out3,$in3,$twk3
+	vxor		$tweak,$tweak,$tmp
+
+	 lvx_u		$in4,$x40,$inp
+	 subi		$len,$len,0x60
+	vxor		$twk4,$tweak,$rndkey0
+	vsrab		$tmp,$tweak,$seven	# next tweak value
+	vaddubm		$tweak,$tweak,$tweak
+	vsldoi		$tmp,$tmp,$tmp,15
+	 le?vperm	$in4,$in4,$in4,$leperm
+	vand		$tmp,$tmp,$eighty7
+	 vxor		$out4,$in4,$twk4
+	vxor		$tweak,$tweak,$tmp
+
+	 lvx_u		$in5,$x50,$inp
+	 addi		$inp,$inp,0x60
+	vxor		$twk5,$tweak,$rndkey0
+	vsrab		$tmp,$tweak,$seven	# next tweak value
+	vaddubm		$tweak,$tweak,$tweak
+	vsldoi		$tmp,$tmp,$tmp,15
+	 le?vperm	$in5,$in5,$in5,$leperm
+	vand		$tmp,$tmp,$eighty7
+	 vxor		$out5,$in5,$twk5
+	vxor		$tweak,$tweak,$tmp
+
+	vxor		v31,v31,$rndkey0
+	mtctr		$rounds
+	b		Loop_xts_dec6x
+
+.align	5
+Loop_xts_dec6x:
+	vncipher	$out0,$out0,v24
+	vncipher	$out1,$out1,v24
+	vncipher	$out2,$out2,v24
+	vncipher	$out3,$out3,v24
+	vncipher	$out4,$out4,v24
+	vncipher	$out5,$out5,v24
+	lvx		v24,$x20,$key_		# round[3]
+	addi		$key_,$key_,0x20
+
+	vncipher	$out0,$out0,v25
+	vncipher	$out1,$out1,v25
+	vncipher	$out2,$out2,v25
+	vncipher	$out3,$out3,v25
+	vncipher	$out4,$out4,v25
+	vncipher	$out5,$out5,v25
+	lvx		v25,$x10,$key_		# round[4]
+	bdnz		Loop_xts_dec6x
+
+	subic		$len,$len,96		# $len-=96
+	 vxor		$in0,$twk0,v31		# xor with last round key
+	vncipher	$out0,$out0,v24
+	vncipher	$out1,$out1,v24
+	 vsrab		$tmp,$tweak,$seven	# next tweak value
+	 vxor		$twk0,$tweak,$rndkey0
+	 vaddubm	$tweak,$tweak,$tweak
+	vncipher	$out2,$out2,v24
+	vncipher	$out3,$out3,v24
+	 vsldoi		$tmp,$tmp,$tmp,15
+	vncipher	$out4,$out4,v24
+	vncipher	$out5,$out5,v24
+
+	subfe.		r0,r0,r0		# borrow?-1:0
+	 vand		$tmp,$tmp,$eighty7
+	vncipher	$out0,$out0,v25
+	vncipher	$out1,$out1,v25
+	 vxor		$tweak,$tweak,$tmp
+	vncipher	$out2,$out2,v25
+	vncipher	$out3,$out3,v25
+	 vxor		$in1,$twk1,v31
+	 vsrab		$tmp,$tweak,$seven	# next tweak value
+	 vxor		$twk1,$tweak,$rndkey0
+	vncipher	$out4,$out4,v25
+	vncipher	$out5,$out5,v25
+
+	and		r0,r0,$len
+	 vaddubm	$tweak,$tweak,$tweak
+	 vsldoi		$tmp,$tmp,$tmp,15
+	vncipher	$out0,$out0,v26
+	vncipher	$out1,$out1,v26
+	 vand		$tmp,$tmp,$eighty7
+	vncipher	$out2,$out2,v26
+	vncipher	$out3,$out3,v26
+	 vxor		$tweak,$tweak,$tmp
+	vncipher	$out4,$out4,v26
+	vncipher	$out5,$out5,v26
+
+	add		$inp,$inp,r0		# $inp is adjusted in such
+						# way that at exit from the
+						# loop inX-in5 are loaded
+						# with last "words"
+	 vxor		$in2,$twk2,v31
+	 vsrab		$tmp,$tweak,$seven	# next tweak value
+	 vxor		$twk2,$tweak,$rndkey0
+	 vaddubm	$tweak,$tweak,$tweak
+	vncipher	$out0,$out0,v27
+	vncipher	$out1,$out1,v27
+	 vsldoi		$tmp,$tmp,$tmp,15
+	vncipher	$out2,$out2,v27
+	vncipher	$out3,$out3,v27
+	 vand		$tmp,$tmp,$eighty7
+	vncipher	$out4,$out4,v27
+	vncipher	$out5,$out5,v27
+
+	addi		$key_,$sp,$FRAME+15	# rewind $key_
+	 vxor		$tweak,$tweak,$tmp
+	vncipher	$out0,$out0,v28
+	vncipher	$out1,$out1,v28
+	 vxor		$in3,$twk3,v31
+	 vsrab		$tmp,$tweak,$seven	# next tweak value
+	 vxor		$twk3,$tweak,$rndkey0
+	vncipher	$out2,$out2,v28
+	vncipher	$out3,$out3,v28
+	 vaddubm	$tweak,$tweak,$tweak
+	 vsldoi		$tmp,$tmp,$tmp,15
+	vncipher	$out4,$out4,v28
+	vncipher	$out5,$out5,v28
+	lvx		v24,$x00,$key_		# re-pre-load round[1]
+	 vand		$tmp,$tmp,$eighty7
+
+	vncipher	$out0,$out0,v29
+	vncipher	$out1,$out1,v29
+	 vxor		$tweak,$tweak,$tmp
+	vncipher	$out2,$out2,v29
+	vncipher	$out3,$out3,v29
+	 vxor		$in4,$twk4,v31
+	 vsrab		$tmp,$tweak,$seven	# next tweak value
+	 vxor		$twk4,$tweak,$rndkey0
+	vncipher	$out4,$out4,v29
+	vncipher	$out5,$out5,v29
+	lvx		v25,$x10,$key_		# re-pre-load round[2]
+	 vaddubm	$tweak,$tweak,$tweak
+	 vsldoi		$tmp,$tmp,$tmp,15
+
+	vncipher	$out0,$out0,v30
+	vncipher	$out1,$out1,v30
+	 vand		$tmp,$tmp,$eighty7
+	vncipher	$out2,$out2,v30
+	vncipher	$out3,$out3,v30
+	 vxor		$tweak,$tweak,$tmp
+	vncipher	$out4,$out4,v30
+	vncipher	$out5,$out5,v30
+	 vxor		$in5,$twk5,v31
+	 vsrab		$tmp,$tweak,$seven	# next tweak value
+	 vxor		$twk5,$tweak,$rndkey0
+
+	vncipherlast	$out0,$out0,$in0
+	 lvx_u		$in0,$x00,$inp		# load next input block
+	 vaddubm	$tweak,$tweak,$tweak
+	 vsldoi		$tmp,$tmp,$tmp,15
+	vncipherlast	$out1,$out1,$in1
+	 lvx_u		$in1,$x10,$inp
+	vncipherlast	$out2,$out2,$in2
+	 le?vperm	$in0,$in0,$in0,$leperm
+	 lvx_u		$in2,$x20,$inp
+	 vand		$tmp,$tmp,$eighty7
+	vncipherlast	$out3,$out3,$in3
+	 le?vperm	$in1,$in1,$in1,$leperm
+	 lvx_u		$in3,$x30,$inp
+	vncipherlast	$out4,$out4,$in4
+	 le?vperm	$in2,$in2,$in2,$leperm
+	 lvx_u		$in4,$x40,$inp
+	 vxor		$tweak,$tweak,$tmp
+	vncipherlast	$out5,$out5,$in5
+	 le?vperm	$in3,$in3,$in3,$leperm
+	 lvx_u		$in5,$x50,$inp
+	 addi		$inp,$inp,0x60
+	 le?vperm	$in4,$in4,$in4,$leperm
+	 le?vperm	$in5,$in5,$in5,$leperm
+
+	le?vperm	$out0,$out0,$out0,$leperm
+	le?vperm	$out1,$out1,$out1,$leperm
+	stvx_u		$out0,$x00,$out		# store output
+	 vxor		$out0,$in0,$twk0
+	le?vperm	$out2,$out2,$out2,$leperm
+	stvx_u		$out1,$x10,$out
+	 vxor		$out1,$in1,$twk1
+	le?vperm	$out3,$out3,$out3,$leperm
+	stvx_u		$out2,$x20,$out
+	 vxor		$out2,$in2,$twk2
+	le?vperm	$out4,$out4,$out4,$leperm
+	stvx_u		$out3,$x30,$out
+	 vxor		$out3,$in3,$twk3
+	le?vperm	$out5,$out5,$out5,$leperm
+	stvx_u		$out4,$x40,$out
+	 vxor		$out4,$in4,$twk4
+	stvx_u		$out5,$x50,$out
+	 vxor		$out5,$in5,$twk5
+	addi		$out,$out,0x60
+
+	mtctr		$rounds
+	beq		Loop_xts_dec6x		# did $len-=96 borrow?
+
+	addic.		$len,$len,0x60
+	beq		Lxts_dec6x_zero
+	cmpwi		$len,0x20
+	blt		Lxts_dec6x_one
+	nop
+	beq		Lxts_dec6x_two
+	cmpwi		$len,0x40
+	blt		Lxts_dec6x_three
+	nop
+	beq		Lxts_dec6x_four
+
+Lxts_dec6x_five:
+	vxor		$out0,$in1,$twk0
+	vxor		$out1,$in2,$twk1
+	vxor		$out2,$in3,$twk2
+	vxor		$out3,$in4,$twk3
+	vxor		$out4,$in5,$twk4
+
+	bl		_aesp8_xts_dec5x
+
+	le?vperm	$out0,$out0,$out0,$leperm
+	vmr		$twk0,$twk5		# unused tweak
+	vxor		$twk1,$tweak,$rndkey0
+	le?vperm	$out1,$out1,$out1,$leperm
+	stvx_u		$out0,$x00,$out		# store output
+	vxor		$out0,$in0,$twk1
+	le?vperm	$out2,$out2,$out2,$leperm
+	stvx_u		$out1,$x10,$out
+	le?vperm	$out3,$out3,$out3,$leperm
+	stvx_u		$out2,$x20,$out
+	le?vperm	$out4,$out4,$out4,$leperm
+	stvx_u		$out3,$x30,$out
+	stvx_u		$out4,$x40,$out
+	addi		$out,$out,0x50
+	bne		Lxts_dec6x_steal
+	b		Lxts_dec6x_done
+
+.align	4
+Lxts_dec6x_four:
+	vxor		$out0,$in2,$twk0
+	vxor		$out1,$in3,$twk1
+	vxor		$out2,$in4,$twk2
+	vxor		$out3,$in5,$twk3
+	vxor		$out4,$out4,$out4
+
+	bl		_aesp8_xts_dec5x
+
+	le?vperm	$out0,$out0,$out0,$leperm
+	vmr		$twk0,$twk4		# unused tweak
+	vmr		$twk1,$twk5
+	le?vperm	$out1,$out1,$out1,$leperm
+	stvx_u		$out0,$x00,$out		# store output
+	vxor		$out0,$in0,$twk5
+	le?vperm	$out2,$out2,$out2,$leperm
+	stvx_u		$out1,$x10,$out
+	le?vperm	$out3,$out3,$out3,$leperm
+	stvx_u		$out2,$x20,$out
+	stvx_u		$out3,$x30,$out
+	addi		$out,$out,0x40
+	bne		Lxts_dec6x_steal
+	b		Lxts_dec6x_done
+
+.align	4
+Lxts_dec6x_three:
+	vxor		$out0,$in3,$twk0
+	vxor		$out1,$in4,$twk1
+	vxor		$out2,$in5,$twk2
+	vxor		$out3,$out3,$out3
+	vxor		$out4,$out4,$out4
+
+	bl		_aesp8_xts_dec5x
+
+	le?vperm	$out0,$out0,$out0,$leperm
+	vmr		$twk0,$twk3		# unused tweak
+	vmr		$twk1,$twk4
+	le?vperm	$out1,$out1,$out1,$leperm
+	stvx_u		$out0,$x00,$out		# store output
+	vxor		$out0,$in0,$twk4
+	le?vperm	$out2,$out2,$out2,$leperm
+	stvx_u		$out1,$x10,$out
+	stvx_u		$out2,$x20,$out
+	addi		$out,$out,0x30
+	bne		Lxts_dec6x_steal
+	b		Lxts_dec6x_done
+
+.align	4
+Lxts_dec6x_two:
+	vxor		$out0,$in4,$twk0
+	vxor		$out1,$in5,$twk1
+	vxor		$out2,$out2,$out2
+	vxor		$out3,$out3,$out3
+	vxor		$out4,$out4,$out4
+
+	bl		_aesp8_xts_dec5x
+
+	le?vperm	$out0,$out0,$out0,$leperm
+	vmr		$twk0,$twk2		# unused tweak
+	vmr		$twk1,$twk3
+	le?vperm	$out1,$out1,$out1,$leperm
+	stvx_u		$out0,$x00,$out		# store output
+	vxor		$out0,$in0,$twk3
+	stvx_u		$out1,$x10,$out
+	addi		$out,$out,0x20
+	bne		Lxts_dec6x_steal
+	b		Lxts_dec6x_done
+
+.align	4
+Lxts_dec6x_one:
+	vxor		$out0,$in5,$twk0
+	nop
+Loop_xts_dec1x:
+	vncipher	$out0,$out0,v24
+	lvx		v24,$x20,$key_		# round[3]
+	addi		$key_,$key_,0x20
+
+	vncipher	$out0,$out0,v25
+	lvx		v25,$x10,$key_		# round[4]
+	bdnz		Loop_xts_dec1x
+
+	subi		r0,$taillen,1
+	vncipher	$out0,$out0,v24
+
+	andi.		r0,r0,16
+	cmpwi		$taillen,0
+	vncipher	$out0,$out0,v25
+
+	sub		$inp,$inp,r0
+	vncipher	$out0,$out0,v26
+
+	lvx_u		$in0,0,$inp
+	vncipher	$out0,$out0,v27
+
+	addi		$key_,$sp,$FRAME+15	# rewind $key_
+	vncipher	$out0,$out0,v28
+	lvx		v24,$x00,$key_		# re-pre-load round[1]
+
+	vncipher	$out0,$out0,v29
+	lvx		v25,$x10,$key_		# re-pre-load round[2]
+	 vxor		$twk0,$twk0,v31
+
+	le?vperm	$in0,$in0,$in0,$leperm
+	vncipher	$out0,$out0,v30
+
+	mtctr		$rounds
+	vncipherlast	$out0,$out0,$twk0
+
+	vmr		$twk0,$twk1		# unused tweak
+	vmr		$twk1,$twk2
+	le?vperm	$out0,$out0,$out0,$leperm
+	stvx_u		$out0,$x00,$out		# store output
+	addi		$out,$out,0x10
+	vxor		$out0,$in0,$twk2
+	bne		Lxts_dec6x_steal
+	b		Lxts_dec6x_done
+
+.align	4
+Lxts_dec6x_zero:
+	cmpwi		$taillen,0
+	beq		Lxts_dec6x_done
+
+	lvx_u		$in0,0,$inp
+	le?vperm	$in0,$in0,$in0,$leperm
+	vxor		$out0,$in0,$twk1
+Lxts_dec6x_steal:
+	vncipher	$out0,$out0,v24
+	lvx		v24,$x20,$key_		# round[3]
+	addi		$key_,$key_,0x20
+
+	vncipher	$out0,$out0,v25
+	lvx		v25,$x10,$key_		# round[4]
+	bdnz		Lxts_dec6x_steal
+
+	add		$inp,$inp,$taillen
+	vncipher	$out0,$out0,v24
+
+	cmpwi		$taillen,0
+	vncipher	$out0,$out0,v25
+
+	lvx_u		$in0,0,$inp
+	vncipher	$out0,$out0,v26
+
+	lvsr		$inpperm,0,$taillen	# $in5 is no more
+	vncipher	$out0,$out0,v27
+
+	addi		$key_,$sp,$FRAME+15	# rewind $key_
+	vncipher	$out0,$out0,v28
+	lvx		v24,$x00,$key_		# re-pre-load round[1]
+
+	vncipher	$out0,$out0,v29
+	lvx		v25,$x10,$key_		# re-pre-load round[2]
+	 vxor		$twk1,$twk1,v31
+
+	le?vperm	$in0,$in0,$in0,$leperm
+	vncipher	$out0,$out0,v30
+
+	vperm		$in0,$in0,$in0,$inpperm
+	vncipherlast	$tmp,$out0,$twk1
+
+	le?vperm	$out0,$tmp,$tmp,$leperm
+	le?stvx_u	$out0,0,$out
+	be?stvx_u	$tmp,0,$out
+
+	vxor		$out0,$out0,$out0
+	vspltisb	$out1,-1
+	vperm		$out0,$out0,$out1,$inpperm
+	vsel		$out0,$in0,$tmp,$out0
+	vxor		$out0,$out0,$twk0
+
+	subi		r30,$out,1
+	mtctr		$taillen
+Loop_xts_dec6x_steal:
+	lbzu		r0,1(r30)
+	stb		r0,16(r30)
+	bdnz		Loop_xts_dec6x_steal
+
+	li		$taillen,0
+	mtctr		$rounds
+	b		Loop_xts_dec1x		# one more time...
+
+.align	4
+Lxts_dec6x_done:
+	${UCMP}i	$ivp,0
+	beq		Lxts_dec6x_ret
+
+	vxor		$tweak,$twk0,$rndkey0
+	le?vperm	$tweak,$tweak,$tweak,$leperm
+	stvx_u		$tweak,0,$ivp
+
+Lxts_dec6x_ret:
+	mtlr		r11
+	li		r10,`$FRAME+15`
+	li		r11,`$FRAME+31`
+	stvx		$seven,r10,$sp		# wipe copies of round keys
+	addi		r10,r10,32
+	stvx		$seven,r11,$sp
+	addi		r11,r11,32
+	stvx		$seven,r10,$sp
+	addi		r10,r10,32
+	stvx		$seven,r11,$sp
+	addi		r11,r11,32
+	stvx		$seven,r10,$sp
+	addi		r10,r10,32
+	stvx		$seven,r11,$sp
+	addi		r11,r11,32
+	stvx		$seven,r10,$sp
+	addi		r10,r10,32
+	stvx		$seven,r11,$sp
+	addi		r11,r11,32
+
+	mtspr		256,$vrsave
+	lvx		v20,r10,$sp		# ABI says so
+	addi		r10,r10,32
+	lvx		v21,r11,$sp
+	addi		r11,r11,32
+	lvx		v22,r10,$sp
+	addi		r10,r10,32
+	lvx		v23,r11,$sp
+	addi		r11,r11,32
+	lvx		v24,r10,$sp
+	addi		r10,r10,32
+	lvx		v25,r11,$sp
+	addi		r11,r11,32
+	lvx		v26,r10,$sp
+	addi		r10,r10,32
+	lvx		v27,r11,$sp
+	addi		r11,r11,32
+	lvx		v28,r10,$sp
+	addi		r10,r10,32
+	lvx		v29,r11,$sp
+	addi		r11,r11,32
+	lvx		v30,r10,$sp
+	lvx		v31,r11,$sp
+	$POP		r26,`$FRAME+21*16+0*$SIZE_T`($sp)
+	$POP		r27,`$FRAME+21*16+1*$SIZE_T`($sp)
+	$POP		r28,`$FRAME+21*16+2*$SIZE_T`($sp)
+	$POP		r29,`$FRAME+21*16+3*$SIZE_T`($sp)
+	$POP		r30,`$FRAME+21*16+4*$SIZE_T`($sp)
+	$POP		r31,`$FRAME+21*16+5*$SIZE_T`($sp)
+	addi		$sp,$sp,`$FRAME+21*16+6*$SIZE_T`
+	blr
+	.long		0
+	.byte		0,12,0x04,1,0x80,6,6,0
+	.long		0
+
+.align	5
+_aesp8_xts_dec5x:
+	vncipher	$out0,$out0,v24
+	vncipher	$out1,$out1,v24
+	vncipher	$out2,$out2,v24
+	vncipher	$out3,$out3,v24
+	vncipher	$out4,$out4,v24
+	lvx		v24,$x20,$key_		# round[3]
+	addi		$key_,$key_,0x20
+
+	vncipher	$out0,$out0,v25
+	vncipher	$out1,$out1,v25
+	vncipher	$out2,$out2,v25
+	vncipher	$out3,$out3,v25
+	vncipher	$out4,$out4,v25
+	lvx		v25,$x10,$key_		# round[4]
+	bdnz		_aesp8_xts_dec5x
+
+	subi		r0,$taillen,1
+	vncipher	$out0,$out0,v24
+	vncipher	$out1,$out1,v24
+	vncipher	$out2,$out2,v24
+	vncipher	$out3,$out3,v24
+	vncipher	$out4,$out4,v24
+
+	andi.		r0,r0,16
+	cmpwi		$taillen,0
+	vncipher	$out0,$out0,v25
+	vncipher	$out1,$out1,v25
+	vncipher	$out2,$out2,v25
+	vncipher	$out3,$out3,v25
+	vncipher	$out4,$out4,v25
+	 vxor		$twk0,$twk0,v31
+
+	sub		$inp,$inp,r0
+	vncipher	$out0,$out0,v26
+	vncipher	$out1,$out1,v26
+	vncipher	$out2,$out2,v26
+	vncipher	$out3,$out3,v26
+	vncipher	$out4,$out4,v26
+	 vxor		$in1,$twk1,v31
+
+	vncipher	$out0,$out0,v27
+	lvx_u		$in0,0,$inp
+	vncipher	$out1,$out1,v27
+	vncipher	$out2,$out2,v27
+	vncipher	$out3,$out3,v27
+	vncipher	$out4,$out4,v27
+	 vxor		$in2,$twk2,v31
+
+	addi		$key_,$sp,$FRAME+15	# rewind $key_
+	vncipher	$out0,$out0,v28
+	vncipher	$out1,$out1,v28
+	vncipher	$out2,$out2,v28
+	vncipher	$out3,$out3,v28
+	vncipher	$out4,$out4,v28
+	lvx		v24,$x00,$key_		# re-pre-load round[1]
+	 vxor		$in3,$twk3,v31
+
+	vncipher	$out0,$out0,v29
+	le?vperm	$in0,$in0,$in0,$leperm
+	vncipher	$out1,$out1,v29
+	vncipher	$out2,$out2,v29
+	vncipher	$out3,$out3,v29
+	vncipher	$out4,$out4,v29
+	lvx		v25,$x10,$key_		# re-pre-load round[2]
+	 vxor		$in4,$twk4,v31
+
+	vncipher	$out0,$out0,v30
+	vncipher	$out1,$out1,v30
+	vncipher	$out2,$out2,v30
+	vncipher	$out3,$out3,v30
+	vncipher	$out4,$out4,v30
+
+	vncipherlast	$out0,$out0,$twk0
+	vncipherlast	$out1,$out1,$in1
+	vncipherlast	$out2,$out2,$in2
+	vncipherlast	$out3,$out3,$in3
+	vncipherlast	$out4,$out4,$in4
+	mtctr		$rounds
+	blr
+        .long   	0
+        .byte   	0,12,0x14,0,0,0,0,0
+___
+}}	}}}
+
+my $consts=1;
+foreach(split("\n",$code)) {
+        s/\`([^\`]*)\`/eval($1)/geo;
+
+	# constants table endian-specific conversion
+	if ($consts && m/\.(long|byte)\s+(.+)\s+(\?[a-z]*)$/o) {
+	    my $conv=$3;
+	    my @bytes=();
+
+	    # convert to endian-agnostic format
+	    if ($1 eq "long") {
+	      foreach (split(/,\s*/,$2)) {
+		my $l = /^0/?oct:int;
+		push @bytes,($l>>24)&0xff,($l>>16)&0xff,($l>>8)&0xff,$l&0xff;
+	      }
+	    } else {
+		@bytes = map(/^0/?oct:int,split(/,\s*/,$2));
+	    }
+
+	    # little-endian conversion
+	    if ($flavour =~ /le$/o) {
+		SWITCH: for($conv)  {
+		    /\?inv/ && do   { @bytes=map($_^0xf,@bytes); last; };
+		    /\?rev/ && do   { @bytes=reverse(@bytes);    last; };
+		}
+	    }
+
+	    #emit
+	    print ".byte\t",join(',',map (sprintf("0x%02x",$_),@bytes)),"\n";
+	    next;
+	}
+	$consts=0 if (m/Lconsts:/o);	# end of table
+
+	# instructions prefixed with '?' are endian-specific and need
+	# to be adjusted accordingly...
+	if ($flavour =~ /le$/o) {	# little-endian
+	    s/le\?//o		or
+	    s/be\?/#be#/o	or
+	    s/\?lvsr/lvsl/o	or
+	    s/\?lvsl/lvsr/o	or
+	    s/\?(vperm\s+v[0-9]+,\s*)(v[0-9]+,\s*)(v[0-9]+,\s*)(v[0-9]+)/$1$3$2$4/o or
+	    s/\?(vsldoi\s+v[0-9]+,\s*)(v[0-9]+,)\s*(v[0-9]+,\s*)([0-9]+)/$1$3$2 16-$4/o or
+	    s/\?(vspltw\s+v[0-9]+,\s*)(v[0-9]+,)\s*([0-9])/$1$2 3-$3/o;
+	} else {			# big-endian
+	    s/le\?/#le#/o	or
+	    s/be\?//o		or
+	    s/\?([a-z]+)/$1/o;
+	}
+
+        print $_,"\n";
+}
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aest4-sparcv9.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aest4-sparcv9.pl
new file mode 100644
index 000000000..54d0c5882
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aest4-sparcv9.pl
@@ -0,0 +1,929 @@
+#! /usr/bin/env perl
+# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by David S. Miller and Andy Polyakov.
+# The module is licensed under 2-clause BSD license. October 2012.
+# All rights reserved.
+# ====================================================================
+
+######################################################################
+# AES for SPARC T4.
+#
+# AES round instructions complete in 3 cycles and can be issued every
+# cycle. It means that round calculations should take 4*rounds cycles,
+# because any given round instruction depends on result of *both*
+# previous instructions:
+#
+#	|0 |1 |2 |3 |4
+#	|01|01|01|
+#	   |23|23|23|
+#	            |01|01|...
+#	               |23|...
+#
+# Provided that fxor [with IV] takes 3 cycles to complete, critical
+# path length for CBC encrypt would be 3+4*rounds, or in other words
+# it should process one byte in at least (3+4*rounds)/16 cycles. This
+# estimate doesn't account for "collateral" instructions, such as
+# fetching input from memory, xor-ing it with zero-round key and
+# storing the result. Yet, *measured* performance [for data aligned
+# at 64-bit boundary!] deviates from this equation by less than 0.5%:
+#
+#		128-bit key	192-		256-
+# CBC encrypt	2.70/2.90(*)	3.20/3.40	3.70/3.90
+#			 (*) numbers after slash are for
+#			     misaligned data.
+#
+# Out-of-order execution logic managed to fully overlap "collateral"
+# instructions with those on critical path. Amazing!
+#
+# As with Intel AES-NI, question is if it's possible to improve
+# performance of parallelizable modes by interleaving round
+# instructions. Provided round instruction latency and throughput
+# optimal interleave factor is 2. But can we expect 2x performance
+# improvement? Well, as round instructions can be issued one per
+# cycle, they don't saturate the 2-way issue pipeline and therefore
+# there is room for "collateral" calculations... Yet, 2x speed-up
+# over CBC encrypt remains unattaintable:
+#
+#		128-bit key	192-		256-
+# CBC decrypt	1.64/2.11	1.89/2.37	2.23/2.61
+# CTR		1.64/2.08(*)	1.89/2.33	2.23/2.61
+#			 (*) numbers after slash are for
+#			     misaligned data.
+#
+# Estimates based on amount of instructions under assumption that
+# round instructions are not pairable with any other instruction
+# suggest that latter is the actual case and pipeline runs
+# underutilized. It should be noted that T4 out-of-order execution
+# logic is so capable that performance gain from 2x interleave is
+# not even impressive, ~7-13% over non-interleaved code, largest
+# for 256-bit keys.
+
+# To anchor to something else, software implementation processes
+# one byte in 29 cycles with 128-bit key on same processor. Intel
+# Sandy Bridge encrypts byte in 5.07 cycles in CBC mode and decrypts
+# in 0.93, naturally with AES-NI.
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "sparcv9_modes.pl";
+
+$output = pop;
+open STDOUT,">$output";
+
+$::evp=1;	# if $evp is set to 0, script generates module with
+# AES_[en|de]crypt, AES_set_[en|de]crypt_key and AES_cbc_encrypt entry
+# points. These however are not fully compatible with openssl/aes.h,
+# because they expect AES_KEY to be aligned at 64-bit boundary. When
+# used through EVP, alignment is arranged at EVP layer. Second thing
+# that is arranged by EVP is at least 32-bit alignment of IV.
+
+######################################################################
+# single-round subroutines
+#
+{
+my ($inp,$out,$key,$rounds,$tmp,$mask)=map("%o$_",(0..5));
+
+$code.=<<___;
+#include "sparc_arch.h"
+
+#ifdef	__arch64__
+.register	%g2,#scratch
+.register	%g3,#scratch
+#endif
+
+.text
+
+.globl	aes_t4_encrypt
+.align	32
+aes_t4_encrypt:
+	andcc		$inp, 7, %g1		! is input aligned?
+	andn		$inp, 7, $inp
+
+	ldx		[$key + 0], %g4
+	ldx		[$key + 8], %g5
+
+	ldx		[$inp + 0], %o4
+	bz,pt		%icc, 1f
+	ldx		[$inp + 8], %o5
+	ldx		[$inp + 16], $inp
+	sll		%g1, 3, %g1
+	sub		%g0, %g1, %o3
+	sllx		%o4, %g1, %o4
+	sllx		%o5, %g1, %g1
+	srlx		%o5, %o3, %o5
+	srlx		$inp, %o3, %o3
+	or		%o5, %o4, %o4
+	or		%o3, %g1, %o5
+1:
+	ld		[$key + 240], $rounds
+	ldd		[$key + 16], %f12
+	ldd		[$key + 24], %f14
+	xor		%g4, %o4, %o4
+	xor		%g5, %o5, %o5
+	movxtod		%o4, %f0
+	movxtod		%o5, %f2
+	srl		$rounds, 1, $rounds
+	ldd		[$key + 32], %f16
+	sub		$rounds, 1, $rounds
+	ldd		[$key + 40], %f18
+	add		$key, 48, $key
+
+.Lenc:
+	aes_eround01	%f12, %f0, %f2, %f4
+	aes_eround23	%f14, %f0, %f2, %f2
+	ldd		[$key + 0], %f12
+	ldd		[$key + 8], %f14
+	sub		$rounds,1,$rounds
+	aes_eround01	%f16, %f4, %f2, %f0
+	aes_eround23	%f18, %f4, %f2, %f2
+	ldd		[$key + 16], %f16
+	ldd		[$key + 24], %f18
+	brnz,pt		$rounds, .Lenc
+	add		$key, 32, $key
+
+	andcc		$out, 7, $tmp		! is output aligned?
+	aes_eround01	%f12, %f0, %f2, %f4
+	aes_eround23	%f14, %f0, %f2, %f2
+	aes_eround01_l	%f16, %f4, %f2, %f0
+	aes_eround23_l	%f18, %f4, %f2, %f2
+
+	bnz,pn		%icc, 2f
+	nop
+
+	std		%f0, [$out + 0]
+	retl
+	std		%f2, [$out + 8]
+
+2:	alignaddrl	$out, %g0, $out
+	mov		0xff, $mask
+	srl		$mask, $tmp, $mask
+
+	faligndata	%f0, %f0, %f4
+	faligndata	%f0, %f2, %f6
+	faligndata	%f2, %f2, %f8
+
+	stda		%f4, [$out + $mask]0xc0	! partial store
+	std		%f6, [$out + 8]
+	add		$out, 16, $out
+	orn		%g0, $mask, $mask
+	retl
+	stda		%f8, [$out + $mask]0xc0	! partial store
+.type	aes_t4_encrypt,#function
+.size	aes_t4_encrypt,.-aes_t4_encrypt
+
+.globl	aes_t4_decrypt
+.align	32
+aes_t4_decrypt:
+	andcc		$inp, 7, %g1		! is input aligned?
+	andn		$inp, 7, $inp
+
+	ldx		[$key + 0], %g4
+	ldx		[$key + 8], %g5
+
+	ldx		[$inp + 0], %o4
+	bz,pt		%icc, 1f
+	ldx		[$inp + 8], %o5
+	ldx		[$inp + 16], $inp
+	sll		%g1, 3, %g1
+	sub		%g0, %g1, %o3
+	sllx		%o4, %g1, %o4
+	sllx		%o5, %g1, %g1
+	srlx		%o5, %o3, %o5
+	srlx		$inp, %o3, %o3
+	or		%o5, %o4, %o4
+	or		%o3, %g1, %o5
+1:
+	ld		[$key + 240], $rounds
+	ldd		[$key + 16], %f12
+	ldd		[$key + 24], %f14
+	xor		%g4, %o4, %o4
+	xor		%g5, %o5, %o5
+	movxtod		%o4, %f0
+	movxtod		%o5, %f2
+	srl		$rounds, 1, $rounds
+	ldd		[$key + 32], %f16
+	sub		$rounds, 1, $rounds
+	ldd		[$key + 40], %f18
+	add		$key, 48, $key
+
+.Ldec:
+	aes_dround01	%f12, %f0, %f2, %f4
+	aes_dround23	%f14, %f0, %f2, %f2
+	ldd		[$key + 0], %f12
+	ldd		[$key + 8], %f14
+	sub		$rounds,1,$rounds
+	aes_dround01	%f16, %f4, %f2, %f0
+	aes_dround23	%f18, %f4, %f2, %f2
+	ldd		[$key + 16], %f16
+	ldd		[$key + 24], %f18
+	brnz,pt		$rounds, .Ldec
+	add		$key, 32, $key
+
+	andcc		$out, 7, $tmp		! is output aligned?
+	aes_dround01	%f12, %f0, %f2, %f4
+	aes_dround23	%f14, %f0, %f2, %f2
+	aes_dround01_l	%f16, %f4, %f2, %f0
+	aes_dround23_l	%f18, %f4, %f2, %f2
+
+	bnz,pn		%icc, 2f
+	nop
+
+	std		%f0, [$out + 0]
+	retl
+	std		%f2, [$out + 8]
+
+2:	alignaddrl	$out, %g0, $out
+	mov		0xff, $mask
+	srl		$mask, $tmp, $mask
+
+	faligndata	%f0, %f0, %f4
+	faligndata	%f0, %f2, %f6
+	faligndata	%f2, %f2, %f8
+
+	stda		%f4, [$out + $mask]0xc0	! partial store
+	std		%f6, [$out + 8]
+	add		$out, 16, $out
+	orn		%g0, $mask, $mask
+	retl
+	stda		%f8, [$out + $mask]0xc0	! partial store
+.type	aes_t4_decrypt,#function
+.size	aes_t4_decrypt,.-aes_t4_decrypt
+___
+}
+
+######################################################################
+# key setup subroutines
+#
+{
+my ($inp,$bits,$out,$tmp)=map("%o$_",(0..5));
+$code.=<<___;
+.globl	aes_t4_set_encrypt_key
+.align	32
+aes_t4_set_encrypt_key:
+.Lset_encrypt_key:
+	and		$inp, 7, $tmp
+	alignaddr	$inp, %g0, $inp
+	cmp		$bits, 192
+	ldd		[$inp + 0], %f0
+	bl,pt		%icc,.L128
+	ldd		[$inp + 8], %f2
+
+	be,pt		%icc,.L192
+	ldd		[$inp + 16], %f4
+	brz,pt		$tmp, .L256aligned
+	ldd		[$inp + 24], %f6
+
+	ldd		[$inp + 32], %f8
+	faligndata	%f0, %f2, %f0
+	faligndata	%f2, %f4, %f2
+	faligndata	%f4, %f6, %f4
+	faligndata	%f6, %f8, %f6
+.L256aligned:
+___
+for ($i=0; $i<6; $i++) {
+    $code.=<<___;
+	std		%f0, [$out + `32*$i+0`]
+	aes_kexpand1	%f0, %f6, $i, %f0
+	std		%f2, [$out + `32*$i+8`]
+	aes_kexpand2	%f2, %f0, %f2
+	std		%f4, [$out + `32*$i+16`]
+	aes_kexpand0	%f4, %f2, %f4
+	std		%f6, [$out + `32*$i+24`]
+	aes_kexpand2	%f6, %f4, %f6
+___
+}
+$code.=<<___;
+	std		%f0, [$out + `32*$i+0`]
+	aes_kexpand1	%f0, %f6, $i, %f0
+	std		%f2, [$out + `32*$i+8`]
+	aes_kexpand2	%f2, %f0, %f2
+	std		%f4, [$out + `32*$i+16`]
+	std		%f6, [$out + `32*$i+24`]
+	std		%f0, [$out + `32*$i+32`]
+	std		%f2, [$out + `32*$i+40`]
+
+	mov		14, $tmp
+	st		$tmp, [$out + 240]
+	retl
+	xor		%o0, %o0, %o0
+
+.align	16
+.L192:
+	brz,pt		$tmp, .L192aligned
+	nop
+
+	ldd		[$inp + 24], %f6
+	faligndata	%f0, %f2, %f0
+	faligndata	%f2, %f4, %f2
+	faligndata	%f4, %f6, %f4
+.L192aligned:
+___
+for ($i=0; $i<7; $i++) {
+    $code.=<<___;
+	std		%f0, [$out + `24*$i+0`]
+	aes_kexpand1	%f0, %f4, $i, %f0
+	std		%f2, [$out + `24*$i+8`]
+	aes_kexpand2	%f2, %f0, %f2
+	std		%f4, [$out + `24*$i+16`]
+	aes_kexpand2	%f4, %f2, %f4
+___
+}
+$code.=<<___;
+	std		%f0, [$out + `24*$i+0`]
+	aes_kexpand1	%f0, %f4, $i, %f0
+	std		%f2, [$out + `24*$i+8`]
+	aes_kexpand2	%f2, %f0, %f2
+	std		%f4, [$out + `24*$i+16`]
+	std		%f0, [$out + `24*$i+24`]
+	std		%f2, [$out + `24*$i+32`]
+
+	mov		12, $tmp
+	st		$tmp, [$out + 240]
+	retl
+	xor		%o0, %o0, %o0
+
+.align	16
+.L128:
+	brz,pt		$tmp, .L128aligned
+	nop
+
+	ldd		[$inp + 16], %f4
+	faligndata	%f0, %f2, %f0
+	faligndata	%f2, %f4, %f2
+.L128aligned:
+___
+for ($i=0; $i<10; $i++) {
+    $code.=<<___;
+	std		%f0, [$out + `16*$i+0`]
+	aes_kexpand1	%f0, %f2, $i, %f0
+	std		%f2, [$out + `16*$i+8`]
+	aes_kexpand2	%f2, %f0, %f2
+___
+}
+$code.=<<___;
+	std		%f0, [$out + `16*$i+0`]
+	std		%f2, [$out + `16*$i+8`]
+
+	mov		10, $tmp
+	st		$tmp, [$out + 240]
+	retl
+	xor		%o0, %o0, %o0
+.type	aes_t4_set_encrypt_key,#function
+.size	aes_t4_set_encrypt_key,.-aes_t4_set_encrypt_key
+
+.globl	aes_t4_set_decrypt_key
+.align	32
+aes_t4_set_decrypt_key:
+	mov		%o7, %o5
+	call		.Lset_encrypt_key
+	nop
+
+	mov		%o5, %o7
+	sll		$tmp, 4, $inp		! $tmp is number of rounds
+	add		$tmp, 2, $tmp
+	add		$out, $inp, $inp	! $inp=$out+16*rounds
+	srl		$tmp, 2, $tmp		! $tmp=(rounds+2)/4
+
+.Lkey_flip:
+	ldd		[$out + 0],  %f0
+	ldd		[$out + 8],  %f2
+	ldd		[$out + 16], %f4
+	ldd		[$out + 24], %f6
+	ldd		[$inp + 0],  %f8
+	ldd		[$inp + 8],  %f10
+	ldd		[$inp - 16], %f12
+	ldd		[$inp - 8],  %f14
+	sub		$tmp, 1, $tmp
+	std		%f0, [$inp + 0]
+	std		%f2, [$inp + 8]
+	std		%f4, [$inp - 16]
+	std		%f6, [$inp - 8]
+	std		%f8, [$out + 0]
+	std		%f10, [$out + 8]
+	std		%f12, [$out + 16]
+	std		%f14, [$out + 24]
+	add		$out, 32, $out
+	brnz		$tmp, .Lkey_flip
+	sub		$inp, 32, $inp
+
+	retl
+	xor		%o0, %o0, %o0
+.type	aes_t4_set_decrypt_key,#function
+.size	aes_t4_set_decrypt_key,.-aes_t4_set_decrypt_key
+___
+}
+
+{{{
+my ($inp,$out,$len,$key,$ivec,$enc)=map("%i$_",(0..5));
+my ($ileft,$iright,$ooff,$omask,$ivoff)=map("%l$_",(1..7));
+
+$code.=<<___;
+.align	32
+_aes128_encrypt_1x:
+___
+for ($i=0; $i<4; $i++) {
+    $code.=<<___;
+	aes_eround01	%f`16+8*$i+0`, %f0, %f2, %f4
+	aes_eround23	%f`16+8*$i+2`, %f0, %f2, %f2
+	aes_eround01	%f`16+8*$i+4`, %f4, %f2, %f0
+	aes_eround23	%f`16+8*$i+6`, %f4, %f2, %f2
+___
+}
+$code.=<<___;
+	aes_eround01	%f48, %f0, %f2, %f4
+	aes_eround23	%f50, %f0, %f2, %f2
+	aes_eround01_l	%f52, %f4, %f2, %f0
+	retl
+	aes_eround23_l	%f54, %f4, %f2, %f2
+.type	_aes128_encrypt_1x,#function
+.size	_aes128_encrypt_1x,.-_aes128_encrypt_1x
+
+.align	32
+_aes128_encrypt_2x:
+___
+for ($i=0; $i<4; $i++) {
+    $code.=<<___;
+	aes_eround01	%f`16+8*$i+0`, %f0, %f2, %f8
+	aes_eround23	%f`16+8*$i+2`, %f0, %f2, %f2
+	aes_eround01	%f`16+8*$i+0`, %f4, %f6, %f10
+	aes_eround23	%f`16+8*$i+2`, %f4, %f6, %f6
+	aes_eround01	%f`16+8*$i+4`, %f8, %f2, %f0
+	aes_eround23	%f`16+8*$i+6`, %f8, %f2, %f2
+	aes_eround01	%f`16+8*$i+4`, %f10, %f6, %f4
+	aes_eround23	%f`16+8*$i+6`, %f10, %f6, %f6
+___
+}
+$code.=<<___;
+	aes_eround01	%f48, %f0, %f2, %f8
+	aes_eround23	%f50, %f0, %f2, %f2
+	aes_eround01	%f48, %f4, %f6, %f10
+	aes_eround23	%f50, %f4, %f6, %f6
+	aes_eround01_l	%f52, %f8, %f2, %f0
+	aes_eround23_l	%f54, %f8, %f2, %f2
+	aes_eround01_l	%f52, %f10, %f6, %f4
+	retl
+	aes_eround23_l	%f54, %f10, %f6, %f6
+.type	_aes128_encrypt_2x,#function
+.size	_aes128_encrypt_2x,.-_aes128_encrypt_2x
+
+.align	32
+_aes128_loadkey:
+	ldx		[$key + 0], %g4
+	ldx		[$key + 8], %g5
+___
+for ($i=2; $i<22;$i++) {			# load key schedule
+    $code.=<<___;
+	ldd		[$key + `8*$i`], %f`12+2*$i`
+___
+}
+$code.=<<___;
+	retl
+	nop
+.type	_aes128_loadkey,#function
+.size	_aes128_loadkey,.-_aes128_loadkey
+_aes128_load_enckey=_aes128_loadkey
+_aes128_load_deckey=_aes128_loadkey
+
+___
+
+&alg_cbc_encrypt_implement("aes",128);
+if ($::evp) {
+    &alg_ctr32_implement("aes",128);
+    &alg_xts_implement("aes",128,"en");
+    &alg_xts_implement("aes",128,"de");
+}
+&alg_cbc_decrypt_implement("aes",128);
+
+$code.=<<___;
+.align	32
+_aes128_decrypt_1x:
+___
+for ($i=0; $i<4; $i++) {
+    $code.=<<___;
+	aes_dround01	%f`16+8*$i+0`, %f0, %f2, %f4
+	aes_dround23	%f`16+8*$i+2`, %f0, %f2, %f2
+	aes_dround01	%f`16+8*$i+4`, %f4, %f2, %f0
+	aes_dround23	%f`16+8*$i+6`, %f4, %f2, %f2
+___
+}
+$code.=<<___;
+	aes_dround01	%f48, %f0, %f2, %f4
+	aes_dround23	%f50, %f0, %f2, %f2
+	aes_dround01_l	%f52, %f4, %f2, %f0
+	retl
+	aes_dround23_l	%f54, %f4, %f2, %f2
+.type	_aes128_decrypt_1x,#function
+.size	_aes128_decrypt_1x,.-_aes128_decrypt_1x
+
+.align	32
+_aes128_decrypt_2x:
+___
+for ($i=0; $i<4; $i++) {
+    $code.=<<___;
+	aes_dround01	%f`16+8*$i+0`, %f0, %f2, %f8
+	aes_dround23	%f`16+8*$i+2`, %f0, %f2, %f2
+	aes_dround01	%f`16+8*$i+0`, %f4, %f6, %f10
+	aes_dround23	%f`16+8*$i+2`, %f4, %f6, %f6
+	aes_dround01	%f`16+8*$i+4`, %f8, %f2, %f0
+	aes_dround23	%f`16+8*$i+6`, %f8, %f2, %f2
+	aes_dround01	%f`16+8*$i+4`, %f10, %f6, %f4
+	aes_dround23	%f`16+8*$i+6`, %f10, %f6, %f6
+___
+}
+$code.=<<___;
+	aes_dround01	%f48, %f0, %f2, %f8
+	aes_dround23	%f50, %f0, %f2, %f2
+	aes_dround01	%f48, %f4, %f6, %f10
+	aes_dround23	%f50, %f4, %f6, %f6
+	aes_dround01_l	%f52, %f8, %f2, %f0
+	aes_dround23_l	%f54, %f8, %f2, %f2
+	aes_dround01_l	%f52, %f10, %f6, %f4
+	retl
+	aes_dround23_l	%f54, %f10, %f6, %f6
+.type	_aes128_decrypt_2x,#function
+.size	_aes128_decrypt_2x,.-_aes128_decrypt_2x
+___
+
+$code.=<<___;
+.align	32
+_aes192_encrypt_1x:
+___
+for ($i=0; $i<5; $i++) {
+    $code.=<<___;
+	aes_eround01	%f`16+8*$i+0`, %f0, %f2, %f4
+	aes_eround23	%f`16+8*$i+2`, %f0, %f2, %f2
+	aes_eround01	%f`16+8*$i+4`, %f4, %f2, %f0
+	aes_eround23	%f`16+8*$i+6`, %f4, %f2, %f2
+___
+}
+$code.=<<___;
+	aes_eround01	%f56, %f0, %f2, %f4
+	aes_eround23	%f58, %f0, %f2, %f2
+	aes_eround01_l	%f60, %f4, %f2, %f0
+	retl
+	aes_eround23_l	%f62, %f4, %f2, %f2
+.type	_aes192_encrypt_1x,#function
+.size	_aes192_encrypt_1x,.-_aes192_encrypt_1x
+
+.align	32
+_aes192_encrypt_2x:
+___
+for ($i=0; $i<5; $i++) {
+    $code.=<<___;
+	aes_eround01	%f`16+8*$i+0`, %f0, %f2, %f8
+	aes_eround23	%f`16+8*$i+2`, %f0, %f2, %f2
+	aes_eround01	%f`16+8*$i+0`, %f4, %f6, %f10
+	aes_eround23	%f`16+8*$i+2`, %f4, %f6, %f6
+	aes_eround01	%f`16+8*$i+4`, %f8, %f2, %f0
+	aes_eround23	%f`16+8*$i+6`, %f8, %f2, %f2
+	aes_eround01	%f`16+8*$i+4`, %f10, %f6, %f4
+	aes_eround23	%f`16+8*$i+6`, %f10, %f6, %f6
+___
+}
+$code.=<<___;
+	aes_eround01	%f56, %f0, %f2, %f8
+	aes_eround23	%f58, %f0, %f2, %f2
+	aes_eround01	%f56, %f4, %f6, %f10
+	aes_eround23	%f58, %f4, %f6, %f6
+	aes_eround01_l	%f60, %f8, %f2, %f0
+	aes_eround23_l	%f62, %f8, %f2, %f2
+	aes_eround01_l	%f60, %f10, %f6, %f4
+	retl
+	aes_eround23_l	%f62, %f10, %f6, %f6
+.type	_aes192_encrypt_2x,#function
+.size	_aes192_encrypt_2x,.-_aes192_encrypt_2x
+
+.align	32
+_aes256_encrypt_1x:
+	aes_eround01	%f16, %f0, %f2, %f4
+	aes_eround23	%f18, %f0, %f2, %f2
+	ldd		[$key + 208], %f16
+	ldd		[$key + 216], %f18
+	aes_eround01	%f20, %f4, %f2, %f0
+	aes_eround23	%f22, %f4, %f2, %f2
+	ldd		[$key + 224], %f20
+	ldd		[$key + 232], %f22
+___
+for ($i=1; $i<6; $i++) {
+    $code.=<<___;
+	aes_eround01	%f`16+8*$i+0`, %f0, %f2, %f4
+	aes_eround23	%f`16+8*$i+2`, %f0, %f2, %f2
+	aes_eround01	%f`16+8*$i+4`, %f4, %f2, %f0
+	aes_eround23	%f`16+8*$i+6`, %f4, %f2, %f2
+___
+}
+$code.=<<___;
+	aes_eround01	%f16, %f0, %f2, %f4
+	aes_eround23	%f18, %f0, %f2, %f2
+	ldd		[$key + 16], %f16
+	ldd		[$key + 24], %f18
+	aes_eround01_l	%f20, %f4, %f2, %f0
+	aes_eround23_l	%f22, %f4, %f2, %f2
+	ldd		[$key + 32], %f20
+	retl
+	ldd		[$key + 40], %f22
+.type	_aes256_encrypt_1x,#function
+.size	_aes256_encrypt_1x,.-_aes256_encrypt_1x
+
+.align	32
+_aes256_encrypt_2x:
+	aes_eround01	%f16, %f0, %f2, %f8
+	aes_eround23	%f18, %f0, %f2, %f2
+	aes_eround01	%f16, %f4, %f6, %f10
+	aes_eround23	%f18, %f4, %f6, %f6
+	ldd		[$key + 208], %f16
+	ldd		[$key + 216], %f18
+	aes_eround01	%f20, %f8, %f2, %f0
+	aes_eround23	%f22, %f8, %f2, %f2
+	aes_eround01	%f20, %f10, %f6, %f4
+	aes_eround23	%f22, %f10, %f6, %f6
+	ldd		[$key + 224], %f20
+	ldd		[$key + 232], %f22
+___
+for ($i=1; $i<6; $i++) {
+    $code.=<<___;
+	aes_eround01	%f`16+8*$i+0`, %f0, %f2, %f8
+	aes_eround23	%f`16+8*$i+2`, %f0, %f2, %f2
+	aes_eround01	%f`16+8*$i+0`, %f4, %f6, %f10
+	aes_eround23	%f`16+8*$i+2`, %f4, %f6, %f6
+	aes_eround01	%f`16+8*$i+4`, %f8, %f2, %f0
+	aes_eround23	%f`16+8*$i+6`, %f8, %f2, %f2
+	aes_eround01	%f`16+8*$i+4`, %f10, %f6, %f4
+	aes_eround23	%f`16+8*$i+6`, %f10, %f6, %f6
+___
+}
+$code.=<<___;
+	aes_eround01	%f16, %f0, %f2, %f8
+	aes_eround23	%f18, %f0, %f2, %f2
+	aes_eround01	%f16, %f4, %f6, %f10
+	aes_eround23	%f18, %f4, %f6, %f6
+	ldd		[$key + 16], %f16
+	ldd		[$key + 24], %f18
+	aes_eround01_l	%f20, %f8, %f2, %f0
+	aes_eround23_l	%f22, %f8, %f2, %f2
+	aes_eround01_l	%f20, %f10, %f6, %f4
+	aes_eround23_l	%f22, %f10, %f6, %f6
+	ldd		[$key + 32], %f20
+	retl
+	ldd		[$key + 40], %f22
+.type	_aes256_encrypt_2x,#function
+.size	_aes256_encrypt_2x,.-_aes256_encrypt_2x
+
+.align	32
+_aes192_loadkey:
+	ldx		[$key + 0], %g4
+	ldx		[$key + 8], %g5
+___
+for ($i=2; $i<26;$i++) {			# load key schedule
+    $code.=<<___;
+	ldd		[$key + `8*$i`], %f`12+2*$i`
+___
+}
+$code.=<<___;
+	retl
+	nop
+.type	_aes192_loadkey,#function
+.size	_aes192_loadkey,.-_aes192_loadkey
+_aes256_loadkey=_aes192_loadkey
+_aes192_load_enckey=_aes192_loadkey
+_aes192_load_deckey=_aes192_loadkey
+_aes256_load_enckey=_aes192_loadkey
+_aes256_load_deckey=_aes192_loadkey
+___
+
+&alg_cbc_encrypt_implement("aes",256);
+&alg_cbc_encrypt_implement("aes",192);
+if ($::evp) {
+    &alg_ctr32_implement("aes",256);
+    &alg_xts_implement("aes",256,"en");
+    &alg_xts_implement("aes",256,"de");
+    &alg_ctr32_implement("aes",192);
+}
+&alg_cbc_decrypt_implement("aes",192);
+&alg_cbc_decrypt_implement("aes",256);
+
+$code.=<<___;
+.align	32
+_aes256_decrypt_1x:
+	aes_dround01	%f16, %f0, %f2, %f4
+	aes_dround23	%f18, %f0, %f2, %f2
+	ldd		[$key + 208], %f16
+	ldd		[$key + 216], %f18
+	aes_dround01	%f20, %f4, %f2, %f0
+	aes_dround23	%f22, %f4, %f2, %f2
+	ldd		[$key + 224], %f20
+	ldd		[$key + 232], %f22
+___
+for ($i=1; $i<6; $i++) {
+    $code.=<<___;
+	aes_dround01	%f`16+8*$i+0`, %f0, %f2, %f4
+	aes_dround23	%f`16+8*$i+2`, %f0, %f2, %f2
+	aes_dround01	%f`16+8*$i+4`, %f4, %f2, %f0
+	aes_dround23	%f`16+8*$i+6`, %f4, %f2, %f2
+___
+}
+$code.=<<___;
+	aes_dround01	%f16, %f0, %f2, %f4
+	aes_dround23	%f18, %f0, %f2, %f2
+	ldd		[$key + 16], %f16
+	ldd		[$key + 24], %f18
+	aes_dround01_l	%f20, %f4, %f2, %f0
+	aes_dround23_l	%f22, %f4, %f2, %f2
+	ldd		[$key + 32], %f20
+	retl
+	ldd		[$key + 40], %f22
+.type	_aes256_decrypt_1x,#function
+.size	_aes256_decrypt_1x,.-_aes256_decrypt_1x
+
+.align	32
+_aes256_decrypt_2x:
+	aes_dround01	%f16, %f0, %f2, %f8
+	aes_dround23	%f18, %f0, %f2, %f2
+	aes_dround01	%f16, %f4, %f6, %f10
+	aes_dround23	%f18, %f4, %f6, %f6
+	ldd		[$key + 208], %f16
+	ldd		[$key + 216], %f18
+	aes_dround01	%f20, %f8, %f2, %f0
+	aes_dround23	%f22, %f8, %f2, %f2
+	aes_dround01	%f20, %f10, %f6, %f4
+	aes_dround23	%f22, %f10, %f6, %f6
+	ldd		[$key + 224], %f20
+	ldd		[$key + 232], %f22
+___
+for ($i=1; $i<6; $i++) {
+    $code.=<<___;
+	aes_dround01	%f`16+8*$i+0`, %f0, %f2, %f8
+	aes_dround23	%f`16+8*$i+2`, %f0, %f2, %f2
+	aes_dround01	%f`16+8*$i+0`, %f4, %f6, %f10
+	aes_dround23	%f`16+8*$i+2`, %f4, %f6, %f6
+	aes_dround01	%f`16+8*$i+4`, %f8, %f2, %f0
+	aes_dround23	%f`16+8*$i+6`, %f8, %f2, %f2
+	aes_dround01	%f`16+8*$i+4`, %f10, %f6, %f4
+	aes_dround23	%f`16+8*$i+6`, %f10, %f6, %f6
+___
+}
+$code.=<<___;
+	aes_dround01	%f16, %f0, %f2, %f8
+	aes_dround23	%f18, %f0, %f2, %f2
+	aes_dround01	%f16, %f4, %f6, %f10
+	aes_dround23	%f18, %f4, %f6, %f6
+	ldd		[$key + 16], %f16
+	ldd		[$key + 24], %f18
+	aes_dround01_l	%f20, %f8, %f2, %f0
+	aes_dround23_l	%f22, %f8, %f2, %f2
+	aes_dround01_l	%f20, %f10, %f6, %f4
+	aes_dround23_l	%f22, %f10, %f6, %f6
+	ldd		[$key + 32], %f20
+	retl
+	ldd		[$key + 40], %f22
+.type	_aes256_decrypt_2x,#function
+.size	_aes256_decrypt_2x,.-_aes256_decrypt_2x
+
+.align	32
+_aes192_decrypt_1x:
+___
+for ($i=0; $i<5; $i++) {
+    $code.=<<___;
+	aes_dround01	%f`16+8*$i+0`, %f0, %f2, %f4
+	aes_dround23	%f`16+8*$i+2`, %f0, %f2, %f2
+	aes_dround01	%f`16+8*$i+4`, %f4, %f2, %f0
+	aes_dround23	%f`16+8*$i+6`, %f4, %f2, %f2
+___
+}
+$code.=<<___;
+	aes_dround01	%f56, %f0, %f2, %f4
+	aes_dround23	%f58, %f0, %f2, %f2
+	aes_dround01_l	%f60, %f4, %f2, %f0
+	retl
+	aes_dround23_l	%f62, %f4, %f2, %f2
+.type	_aes192_decrypt_1x,#function
+.size	_aes192_decrypt_1x,.-_aes192_decrypt_1x
+
+.align	32
+_aes192_decrypt_2x:
+___
+for ($i=0; $i<5; $i++) {
+    $code.=<<___;
+	aes_dround01	%f`16+8*$i+0`, %f0, %f2, %f8
+	aes_dround23	%f`16+8*$i+2`, %f0, %f2, %f2
+	aes_dround01	%f`16+8*$i+0`, %f4, %f6, %f10
+	aes_dround23	%f`16+8*$i+2`, %f4, %f6, %f6
+	aes_dround01	%f`16+8*$i+4`, %f8, %f2, %f0
+	aes_dround23	%f`16+8*$i+6`, %f8, %f2, %f2
+	aes_dround01	%f`16+8*$i+4`, %f10, %f6, %f4
+	aes_dround23	%f`16+8*$i+6`, %f10, %f6, %f6
+___
+}
+$code.=<<___;
+	aes_dround01	%f56, %f0, %f2, %f8
+	aes_dround23	%f58, %f0, %f2, %f2
+	aes_dround01	%f56, %f4, %f6, %f10
+	aes_dround23	%f58, %f4, %f6, %f6
+	aes_dround01_l	%f60, %f8, %f2, %f0
+	aes_dround23_l	%f62, %f8, %f2, %f2
+	aes_dround01_l	%f60, %f10, %f6, %f4
+	retl
+	aes_dround23_l	%f62, %f10, %f6, %f6
+.type	_aes192_decrypt_2x,#function
+.size	_aes192_decrypt_2x,.-_aes192_decrypt_2x
+___
+}}}
+
+if (!$::evp) {
+$code.=<<___;
+.global	AES_encrypt
+AES_encrypt=aes_t4_encrypt
+.global	AES_decrypt
+AES_decrypt=aes_t4_decrypt
+.global	AES_set_encrypt_key
+.align	32
+AES_set_encrypt_key:
+	andcc		%o2, 7, %g0		! check alignment
+	bnz,a,pn	%icc, 1f
+	mov		-1, %o0
+	brz,a,pn	%o0, 1f
+	mov		-1, %o0
+	brz,a,pn	%o2, 1f
+	mov		-1, %o0
+	andncc		%o1, 0x1c0, %g0
+	bnz,a,pn	%icc, 1f
+	mov		-2, %o0
+	cmp		%o1, 128
+	bl,a,pn		%icc, 1f
+	mov		-2, %o0
+	b		aes_t4_set_encrypt_key
+	nop
+1:	retl
+	nop
+.type	AES_set_encrypt_key,#function
+.size	AES_set_encrypt_key,.-AES_set_encrypt_key
+
+.global	AES_set_decrypt_key
+.align	32
+AES_set_decrypt_key:
+	andcc		%o2, 7, %g0		! check alignment
+	bnz,a,pn	%icc, 1f
+	mov		-1, %o0
+	brz,a,pn	%o0, 1f
+	mov		-1, %o0
+	brz,a,pn	%o2, 1f
+	mov		-1, %o0
+	andncc		%o1, 0x1c0, %g0
+	bnz,a,pn	%icc, 1f
+	mov		-2, %o0
+	cmp		%o1, 128
+	bl,a,pn		%icc, 1f
+	mov		-2, %o0
+	b		aes_t4_set_decrypt_key
+	nop
+1:	retl
+	nop
+.type	AES_set_decrypt_key,#function
+.size	AES_set_decrypt_key,.-AES_set_decrypt_key
+___
+
+my ($inp,$out,$len,$key,$ivec,$enc)=map("%o$_",(0..5));
+
+$code.=<<___;
+.globl	AES_cbc_encrypt
+.align	32
+AES_cbc_encrypt:
+	ld		[$key + 240], %g1
+	nop
+	brz		$enc, .Lcbc_decrypt
+	cmp		%g1, 12
+
+	bl,pt		%icc, aes128_t4_cbc_encrypt
+	nop
+	be,pn		%icc, aes192_t4_cbc_encrypt
+	nop
+	ba		aes256_t4_cbc_encrypt
+	nop
+
+.Lcbc_decrypt:
+	bl,pt		%icc, aes128_t4_cbc_decrypt
+	nop
+	be,pn		%icc, aes192_t4_cbc_decrypt
+	nop
+	ba		aes256_t4_cbc_decrypt
+	nop
+.type	AES_cbc_encrypt,#function
+.size	AES_cbc_encrypt,.-AES_cbc_encrypt
+___
+}
+$code.=<<___;
+.asciz	"AES for SPARC T4, David S. Miller, Andy Polyakov"
+.align	4
+___
+
+&emit_assembler();
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aesv8-armx.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aesv8-armx.pl
new file mode 100755
index 000000000..eec0ed230
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aesv8-armx.pl
@@ -0,0 +1,1011 @@
+#! /usr/bin/env perl
+# Copyright 2014-2019 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# This module implements support for ARMv8 AES instructions. The
+# module is endian-agnostic in sense that it supports both big- and
+# little-endian cases. As does it support both 32- and 64-bit modes
+# of operation. Latter is achieved by limiting amount of utilized
+# registers to 16, which implies additional NEON load and integer
+# instructions. This has no effect on mighty Apple A7, where results
+# are literally equal to the theoretical estimates based on AES
+# instruction latencies and issue rates. On Cortex-A53, an in-order
+# execution core, this costs up to 10-15%, which is partially
+# compensated by implementing dedicated code path for 128-bit
+# CBC encrypt case. On Cortex-A57 parallelizable mode performance
+# seems to be limited by sheer amount of NEON instructions...
+#
+# Performance in cycles per byte processed with 128-bit key:
+#
+#		CBC enc		CBC dec		CTR
+# Apple A7	2.39		1.20		1.20
+# Cortex-A53	1.32		1.29		1.46
+# Cortex-A57(*)	1.95		0.85		0.93
+# Denver	1.96		0.86		0.80
+# Mongoose	1.33		1.20		1.20
+# Kryo		1.26		0.94		1.00
+#
+# (*)	original 3.64/1.34/1.32 results were for r0p0 revision
+#	and are still same even for updated module;
+
+$flavour = shift;
+$output  = shift;
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
+die "can't locate arm-xlate.pl";
+
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
+
+$prefix="aes_v8";
+
+$code=<<___;
+#include "arm_arch.h"
+
+#if __ARM_MAX_ARCH__>=7
+.text
+___
+$code.=".arch	armv8-a+crypto\n"			if ($flavour =~ /64/);
+$code.=<<___						if ($flavour !~ /64/);
+.arch	armv7-a	// don't confuse not-so-latest binutils with argv8 :-)
+.fpu	neon
+.code	32
+#undef	__thumb2__
+___
+
+# Assembler mnemonics are an eclectic mix of 32- and 64-bit syntax,
+# NEON is mostly 32-bit mnemonics, integer - mostly 64. Goal is to
+# maintain both 32- and 64-bit codes within single module and
+# transliterate common code to either flavour with regex vodoo.
+#
+{{{
+my ($inp,$bits,$out,$ptr,$rounds)=("x0","w1","x2","x3","w12");
+my ($zero,$rcon,$mask,$in0,$in1,$tmp,$key)=
+	$flavour=~/64/? map("q$_",(0..6)) : map("q$_",(0..3,8..10));
+
+
+$code.=<<___;
+.align	5
+.Lrcon:
+.long	0x01,0x01,0x01,0x01
+.long	0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d	// rotate-n-splat
+.long	0x1b,0x1b,0x1b,0x1b
+
+.globl	${prefix}_set_encrypt_key
+.type	${prefix}_set_encrypt_key,%function
+.align	5
+${prefix}_set_encrypt_key:
+.Lenc_key:
+___
+$code.=<<___	if ($flavour =~ /64/);
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+___
+$code.=<<___;
+	mov	$ptr,#-1
+	cmp	$inp,#0
+	b.eq	.Lenc_key_abort
+	cmp	$out,#0
+	b.eq	.Lenc_key_abort
+	mov	$ptr,#-2
+	cmp	$bits,#128
+	b.lt	.Lenc_key_abort
+	cmp	$bits,#256
+	b.gt	.Lenc_key_abort
+	tst	$bits,#0x3f
+	b.ne	.Lenc_key_abort
+
+	adr	$ptr,.Lrcon
+	cmp	$bits,#192
+
+	veor	$zero,$zero,$zero
+	vld1.8	{$in0},[$inp],#16
+	mov	$bits,#8		// reuse $bits
+	vld1.32	{$rcon,$mask},[$ptr],#32
+
+	b.lt	.Loop128
+	b.eq	.L192
+	b	.L256
+
+.align	4
+.Loop128:
+	vtbl.8	$key,{$in0},$mask
+	vext.8	$tmp,$zero,$in0,#12
+	vst1.32	{$in0},[$out],#16
+	aese	$key,$zero
+	subs	$bits,$bits,#1
+
+	veor	$in0,$in0,$tmp
+	vext.8	$tmp,$zero,$tmp,#12
+	veor	$in0,$in0,$tmp
+	vext.8	$tmp,$zero,$tmp,#12
+	 veor	$key,$key,$rcon
+	veor	$in0,$in0,$tmp
+	vshl.u8	$rcon,$rcon,#1
+	veor	$in0,$in0,$key
+	b.ne	.Loop128
+
+	vld1.32	{$rcon},[$ptr]
+
+	vtbl.8	$key,{$in0},$mask
+	vext.8	$tmp,$zero,$in0,#12
+	vst1.32	{$in0},[$out],#16
+	aese	$key,$zero
+
+	veor	$in0,$in0,$tmp
+	vext.8	$tmp,$zero,$tmp,#12
+	veor	$in0,$in0,$tmp
+	vext.8	$tmp,$zero,$tmp,#12
+	 veor	$key,$key,$rcon
+	veor	$in0,$in0,$tmp
+	vshl.u8	$rcon,$rcon,#1
+	veor	$in0,$in0,$key
+
+	vtbl.8	$key,{$in0},$mask
+	vext.8	$tmp,$zero,$in0,#12
+	vst1.32	{$in0},[$out],#16
+	aese	$key,$zero
+
+	veor	$in0,$in0,$tmp
+	vext.8	$tmp,$zero,$tmp,#12
+	veor	$in0,$in0,$tmp
+	vext.8	$tmp,$zero,$tmp,#12
+	 veor	$key,$key,$rcon
+	veor	$in0,$in0,$tmp
+	veor	$in0,$in0,$key
+	vst1.32	{$in0},[$out]
+	add	$out,$out,#0x50
+
+	mov	$rounds,#10
+	b	.Ldone
+
+.align	4
+.L192:
+	vld1.8	{$in1},[$inp],#8
+	vmov.i8	$key,#8			// borrow $key
+	vst1.32	{$in0},[$out],#16
+	vsub.i8	$mask,$mask,$key	// adjust the mask
+
+.Loop192:
+	vtbl.8	$key,{$in1},$mask
+	vext.8	$tmp,$zero,$in0,#12
+	vst1.32	{$in1},[$out],#8
+	aese	$key,$zero
+	subs	$bits,$bits,#1
+
+	veor	$in0,$in0,$tmp
+	vext.8	$tmp,$zero,$tmp,#12
+	veor	$in0,$in0,$tmp
+	vext.8	$tmp,$zero,$tmp,#12
+	veor	$in0,$in0,$tmp
+
+	vdup.32	$tmp,${in0}[3]
+	veor	$tmp,$tmp,$in1
+	 veor	$key,$key,$rcon
+	vext.8	$in1,$zero,$in1,#12
+	vshl.u8	$rcon,$rcon,#1
+	veor	$in1,$in1,$tmp
+	veor	$in0,$in0,$key
+	veor	$in1,$in1,$key
+	vst1.32	{$in0},[$out],#16
+	b.ne	.Loop192
+
+	mov	$rounds,#12
+	add	$out,$out,#0x20
+	b	.Ldone
+
+.align	4
+.L256:
+	vld1.8	{$in1},[$inp]
+	mov	$bits,#7
+	mov	$rounds,#14
+	vst1.32	{$in0},[$out],#16
+
+.Loop256:
+	vtbl.8	$key,{$in1},$mask
+	vext.8	$tmp,$zero,$in0,#12
+	vst1.32	{$in1},[$out],#16
+	aese	$key,$zero
+	subs	$bits,$bits,#1
+
+	veor	$in0,$in0,$tmp
+	vext.8	$tmp,$zero,$tmp,#12
+	veor	$in0,$in0,$tmp
+	vext.8	$tmp,$zero,$tmp,#12
+	 veor	$key,$key,$rcon
+	veor	$in0,$in0,$tmp
+	vshl.u8	$rcon,$rcon,#1
+	veor	$in0,$in0,$key
+	vst1.32	{$in0},[$out],#16
+	b.eq	.Ldone
+
+	vdup.32	$key,${in0}[3]		// just splat
+	vext.8	$tmp,$zero,$in1,#12
+	aese	$key,$zero
+
+	veor	$in1,$in1,$tmp
+	vext.8	$tmp,$zero,$tmp,#12
+	veor	$in1,$in1,$tmp
+	vext.8	$tmp,$zero,$tmp,#12
+	veor	$in1,$in1,$tmp
+
+	veor	$in1,$in1,$key
+	b	.Loop256
+
+.Ldone:
+	str	$rounds,[$out]
+	mov	$ptr,#0
+
+.Lenc_key_abort:
+	mov	x0,$ptr			// return value
+	`"ldr	x29,[sp],#16"		if ($flavour =~ /64/)`
+	ret
+.size	${prefix}_set_encrypt_key,.-${prefix}_set_encrypt_key
+
+.globl	${prefix}_set_decrypt_key
+.type	${prefix}_set_decrypt_key,%function
+.align	5
+${prefix}_set_decrypt_key:
+___
+$code.=<<___	if ($flavour =~ /64/);
+	.inst	0xd503233f		// paciasp
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+___
+$code.=<<___	if ($flavour !~ /64/);
+	stmdb	sp!,{r4,lr}
+___
+$code.=<<___;
+	bl	.Lenc_key
+
+	cmp	x0,#0
+	b.ne	.Ldec_key_abort
+
+	sub	$out,$out,#240		// restore original $out
+	mov	x4,#-16
+	add	$inp,$out,x12,lsl#4	// end of key schedule
+
+	vld1.32	{v0.16b},[$out]
+	vld1.32	{v1.16b},[$inp]
+	vst1.32	{v0.16b},[$inp],x4
+	vst1.32	{v1.16b},[$out],#16
+
+.Loop_imc:
+	vld1.32	{v0.16b},[$out]
+	vld1.32	{v1.16b},[$inp]
+	aesimc	v0.16b,v0.16b
+	aesimc	v1.16b,v1.16b
+	vst1.32	{v0.16b},[$inp],x4
+	vst1.32	{v1.16b},[$out],#16
+	cmp	$inp,$out
+	b.hi	.Loop_imc
+
+	vld1.32	{v0.16b},[$out]
+	aesimc	v0.16b,v0.16b
+	vst1.32	{v0.16b},[$inp]
+
+	eor	x0,x0,x0		// return value
+.Ldec_key_abort:
+___
+$code.=<<___	if ($flavour !~ /64/);
+	ldmia	sp!,{r4,pc}
+___
+$code.=<<___	if ($flavour =~ /64/);
+	ldp	x29,x30,[sp],#16
+	.inst	0xd50323bf		// autiasp
+	ret
+___
+$code.=<<___;
+.size	${prefix}_set_decrypt_key,.-${prefix}_set_decrypt_key
+___
+}}}
+{{{
+sub gen_block () {
+my $dir = shift;
+my ($e,$mc) = $dir eq "en" ? ("e","mc") : ("d","imc");
+my ($inp,$out,$key)=map("x$_",(0..2));
+my $rounds="w3";
+my ($rndkey0,$rndkey1,$inout)=map("q$_",(0..3));
+
+$code.=<<___;
+.globl	${prefix}_${dir}crypt
+.type	${prefix}_${dir}crypt,%function
+.align	5
+${prefix}_${dir}crypt:
+	ldr	$rounds,[$key,#240]
+	vld1.32	{$rndkey0},[$key],#16
+	vld1.8	{$inout},[$inp]
+	sub	$rounds,$rounds,#2
+	vld1.32	{$rndkey1},[$key],#16
+
+.Loop_${dir}c:
+	aes$e	$inout,$rndkey0
+	aes$mc	$inout,$inout
+	vld1.32	{$rndkey0},[$key],#16
+	subs	$rounds,$rounds,#2
+	aes$e	$inout,$rndkey1
+	aes$mc	$inout,$inout
+	vld1.32	{$rndkey1},[$key],#16
+	b.gt	.Loop_${dir}c
+
+	aes$e	$inout,$rndkey0
+	aes$mc	$inout,$inout
+	vld1.32	{$rndkey0},[$key]
+	aes$e	$inout,$rndkey1
+	veor	$inout,$inout,$rndkey0
+
+	vst1.8	{$inout},[$out]
+	ret
+.size	${prefix}_${dir}crypt,.-${prefix}_${dir}crypt
+___
+}
+&gen_block("en");
+&gen_block("de");
+}}}
+{{{
+my ($inp,$out,$len,$key,$ivp)=map("x$_",(0..4)); my $enc="w5";
+my ($rounds,$cnt,$key_,$step,$step1)=($enc,"w6","x7","x8","x12");
+my ($dat0,$dat1,$in0,$in1,$tmp0,$tmp1,$ivec,$rndlast)=map("q$_",(0..7));
+
+my ($dat,$tmp,$rndzero_n_last)=($dat0,$tmp0,$tmp1);
+my ($key4,$key5,$key6,$key7)=("x6","x12","x14",$key);
+
+### q8-q15	preloaded key schedule
+
+$code.=<<___;
+.globl	${prefix}_cbc_encrypt
+.type	${prefix}_cbc_encrypt,%function
+.align	5
+${prefix}_cbc_encrypt:
+___
+$code.=<<___	if ($flavour =~ /64/);
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+___
+$code.=<<___	if ($flavour !~ /64/);
+	mov	ip,sp
+	stmdb	sp!,{r4-r8,lr}
+	vstmdb	sp!,{d8-d15}            @ ABI specification says so
+	ldmia	ip,{r4-r5}		@ load remaining args
+___
+$code.=<<___;
+	subs	$len,$len,#16
+	mov	$step,#16
+	b.lo	.Lcbc_abort
+	cclr	$step,eq
+
+	cmp	$enc,#0			// en- or decrypting?
+	ldr	$rounds,[$key,#240]
+	and	$len,$len,#-16
+	vld1.8	{$ivec},[$ivp]
+	vld1.8	{$dat},[$inp],$step
+
+	vld1.32	{q8-q9},[$key]		// load key schedule...
+	sub	$rounds,$rounds,#6
+	add	$key_,$key,x5,lsl#4	// pointer to last 7 round keys
+	sub	$rounds,$rounds,#2
+	vld1.32	{q10-q11},[$key_],#32
+	vld1.32	{q12-q13},[$key_],#32
+	vld1.32	{q14-q15},[$key_],#32
+	vld1.32	{$rndlast},[$key_]
+
+	add	$key_,$key,#32
+	mov	$cnt,$rounds
+	b.eq	.Lcbc_dec
+
+	cmp	$rounds,#2
+	veor	$dat,$dat,$ivec
+	veor	$rndzero_n_last,q8,$rndlast
+	b.eq	.Lcbc_enc128
+
+	vld1.32	{$in0-$in1},[$key_]
+	add	$key_,$key,#16
+	add	$key4,$key,#16*4
+	add	$key5,$key,#16*5
+	aese	$dat,q8
+	aesmc	$dat,$dat
+	add	$key6,$key,#16*6
+	add	$key7,$key,#16*7
+	b	.Lenter_cbc_enc
+
+.align	4
+.Loop_cbc_enc:
+	aese	$dat,q8
+	aesmc	$dat,$dat
+	 vst1.8	{$ivec},[$out],#16
+.Lenter_cbc_enc:
+	aese	$dat,q9
+	aesmc	$dat,$dat
+	aese	$dat,$in0
+	aesmc	$dat,$dat
+	vld1.32	{q8},[$key4]
+	cmp	$rounds,#4
+	aese	$dat,$in1
+	aesmc	$dat,$dat
+	vld1.32	{q9},[$key5]
+	b.eq	.Lcbc_enc192
+
+	aese	$dat,q8
+	aesmc	$dat,$dat
+	vld1.32	{q8},[$key6]
+	aese	$dat,q9
+	aesmc	$dat,$dat
+	vld1.32	{q9},[$key7]
+	nop
+
+.Lcbc_enc192:
+	aese	$dat,q8
+	aesmc	$dat,$dat
+	 subs	$len,$len,#16
+	aese	$dat,q9
+	aesmc	$dat,$dat
+	 cclr	$step,eq
+	aese	$dat,q10
+	aesmc	$dat,$dat
+	aese	$dat,q11
+	aesmc	$dat,$dat
+	 vld1.8	{q8},[$inp],$step
+	aese	$dat,q12
+	aesmc	$dat,$dat
+	 veor	q8,q8,$rndzero_n_last
+	aese	$dat,q13
+	aesmc	$dat,$dat
+	 vld1.32 {q9},[$key_]		// re-pre-load rndkey[1]
+	aese	$dat,q14
+	aesmc	$dat,$dat
+	aese	$dat,q15
+	veor	$ivec,$dat,$rndlast
+	b.hs	.Loop_cbc_enc
+
+	vst1.8	{$ivec},[$out],#16
+	b	.Lcbc_done
+
+.align	5
+.Lcbc_enc128:
+	vld1.32	{$in0-$in1},[$key_]
+	aese	$dat,q8
+	aesmc	$dat,$dat
+	b	.Lenter_cbc_enc128
+.Loop_cbc_enc128:
+	aese	$dat,q8
+	aesmc	$dat,$dat
+	 vst1.8	{$ivec},[$out],#16
+.Lenter_cbc_enc128:
+	aese	$dat,q9
+	aesmc	$dat,$dat
+	 subs	$len,$len,#16
+	aese	$dat,$in0
+	aesmc	$dat,$dat
+	 cclr	$step,eq
+	aese	$dat,$in1
+	aesmc	$dat,$dat
+	aese	$dat,q10
+	aesmc	$dat,$dat
+	aese	$dat,q11
+	aesmc	$dat,$dat
+	 vld1.8	{q8},[$inp],$step
+	aese	$dat,q12
+	aesmc	$dat,$dat
+	aese	$dat,q13
+	aesmc	$dat,$dat
+	aese	$dat,q14
+	aesmc	$dat,$dat
+	 veor	q8,q8,$rndzero_n_last
+	aese	$dat,q15
+	veor	$ivec,$dat,$rndlast
+	b.hs	.Loop_cbc_enc128
+
+	vst1.8	{$ivec},[$out],#16
+	b	.Lcbc_done
+___
+{
+my ($dat2,$in2,$tmp2)=map("q$_",(10,11,9));
+$code.=<<___;
+.align	5
+.Lcbc_dec:
+	vld1.8	{$dat2},[$inp],#16
+	subs	$len,$len,#32		// bias
+	add	$cnt,$rounds,#2
+	vorr	$in1,$dat,$dat
+	vorr	$dat1,$dat,$dat
+	vorr	$in2,$dat2,$dat2
+	b.lo	.Lcbc_dec_tail
+
+	vorr	$dat1,$dat2,$dat2
+	vld1.8	{$dat2},[$inp],#16
+	vorr	$in0,$dat,$dat
+	vorr	$in1,$dat1,$dat1
+	vorr	$in2,$dat2,$dat2
+
+.Loop3x_cbc_dec:
+	aesd	$dat0,q8
+	aesimc	$dat0,$dat0
+	aesd	$dat1,q8
+	aesimc	$dat1,$dat1
+	aesd	$dat2,q8
+	aesimc	$dat2,$dat2
+	vld1.32	{q8},[$key_],#16
+	subs	$cnt,$cnt,#2
+	aesd	$dat0,q9
+	aesimc	$dat0,$dat0
+	aesd	$dat1,q9
+	aesimc	$dat1,$dat1
+	aesd	$dat2,q9
+	aesimc	$dat2,$dat2
+	vld1.32	{q9},[$key_],#16
+	b.gt	.Loop3x_cbc_dec
+
+	aesd	$dat0,q8
+	aesimc	$dat0,$dat0
+	aesd	$dat1,q8
+	aesimc	$dat1,$dat1
+	aesd	$dat2,q8
+	aesimc	$dat2,$dat2
+	 veor	$tmp0,$ivec,$rndlast
+	 subs	$len,$len,#0x30
+	 veor	$tmp1,$in0,$rndlast
+	 mov.lo	x6,$len			// x6, $cnt, is zero at this point
+	aesd	$dat0,q9
+	aesimc	$dat0,$dat0
+	aesd	$dat1,q9
+	aesimc	$dat1,$dat1
+	aesd	$dat2,q9
+	aesimc	$dat2,$dat2
+	 veor	$tmp2,$in1,$rndlast
+	 add	$inp,$inp,x6		// $inp is adjusted in such way that
+					// at exit from the loop $dat1-$dat2
+					// are loaded with last "words"
+	 vorr	$ivec,$in2,$in2
+	 mov	$key_,$key
+	aesd	$dat0,q12
+	aesimc	$dat0,$dat0
+	aesd	$dat1,q12
+	aesimc	$dat1,$dat1
+	aesd	$dat2,q12
+	aesimc	$dat2,$dat2
+	 vld1.8	{$in0},[$inp],#16
+	aesd	$dat0,q13
+	aesimc	$dat0,$dat0
+	aesd	$dat1,q13
+	aesimc	$dat1,$dat1
+	aesd	$dat2,q13
+	aesimc	$dat2,$dat2
+	 vld1.8	{$in1},[$inp],#16
+	aesd	$dat0,q14
+	aesimc	$dat0,$dat0
+	aesd	$dat1,q14
+	aesimc	$dat1,$dat1
+	aesd	$dat2,q14
+	aesimc	$dat2,$dat2
+	 vld1.8	{$in2},[$inp],#16
+	aesd	$dat0,q15
+	aesd	$dat1,q15
+	aesd	$dat2,q15
+	 vld1.32 {q8},[$key_],#16	// re-pre-load rndkey[0]
+	 add	$cnt,$rounds,#2
+	veor	$tmp0,$tmp0,$dat0
+	veor	$tmp1,$tmp1,$dat1
+	veor	$dat2,$dat2,$tmp2
+	 vld1.32 {q9},[$key_],#16	// re-pre-load rndkey[1]
+	vst1.8	{$tmp0},[$out],#16
+	 vorr	$dat0,$in0,$in0
+	vst1.8	{$tmp1},[$out],#16
+	 vorr	$dat1,$in1,$in1
+	vst1.8	{$dat2},[$out],#16
+	 vorr	$dat2,$in2,$in2
+	b.hs	.Loop3x_cbc_dec
+
+	cmn	$len,#0x30
+	b.eq	.Lcbc_done
+	nop
+
+.Lcbc_dec_tail:
+	aesd	$dat1,q8
+	aesimc	$dat1,$dat1
+	aesd	$dat2,q8
+	aesimc	$dat2,$dat2
+	vld1.32	{q8},[$key_],#16
+	subs	$cnt,$cnt,#2
+	aesd	$dat1,q9
+	aesimc	$dat1,$dat1
+	aesd	$dat2,q9
+	aesimc	$dat2,$dat2
+	vld1.32	{q9},[$key_],#16
+	b.gt	.Lcbc_dec_tail
+
+	aesd	$dat1,q8
+	aesimc	$dat1,$dat1
+	aesd	$dat2,q8
+	aesimc	$dat2,$dat2
+	aesd	$dat1,q9
+	aesimc	$dat1,$dat1
+	aesd	$dat2,q9
+	aesimc	$dat2,$dat2
+	aesd	$dat1,q12
+	aesimc	$dat1,$dat1
+	aesd	$dat2,q12
+	aesimc	$dat2,$dat2
+	 cmn	$len,#0x20
+	aesd	$dat1,q13
+	aesimc	$dat1,$dat1
+	aesd	$dat2,q13
+	aesimc	$dat2,$dat2
+	 veor	$tmp1,$ivec,$rndlast
+	aesd	$dat1,q14
+	aesimc	$dat1,$dat1
+	aesd	$dat2,q14
+	aesimc	$dat2,$dat2
+	 veor	$tmp2,$in1,$rndlast
+	aesd	$dat1,q15
+	aesd	$dat2,q15
+	b.eq	.Lcbc_dec_one
+	veor	$tmp1,$tmp1,$dat1
+	veor	$tmp2,$tmp2,$dat2
+	 vorr	$ivec,$in2,$in2
+	vst1.8	{$tmp1},[$out],#16
+	vst1.8	{$tmp2},[$out],#16
+	b	.Lcbc_done
+
+.Lcbc_dec_one:
+	veor	$tmp1,$tmp1,$dat2
+	 vorr	$ivec,$in2,$in2
+	vst1.8	{$tmp1},[$out],#16
+
+.Lcbc_done:
+	vst1.8	{$ivec},[$ivp]
+.Lcbc_abort:
+___
+}
+$code.=<<___	if ($flavour !~ /64/);
+	vldmia	sp!,{d8-d15}
+	ldmia	sp!,{r4-r8,pc}
+___
+$code.=<<___	if ($flavour =~ /64/);
+	ldr	x29,[sp],#16
+	ret
+___
+$code.=<<___;
+.size	${prefix}_cbc_encrypt,.-${prefix}_cbc_encrypt
+___
+}}}
+{{{
+my ($inp,$out,$len,$key,$ivp)=map("x$_",(0..4));
+my ($rounds,$cnt,$key_)=("w5","w6","x7");
+my ($ctr,$tctr0,$tctr1,$tctr2)=map("w$_",(8..10,12));
+my $step="x12";		# aliases with $tctr2
+
+my ($dat0,$dat1,$in0,$in1,$tmp0,$tmp1,$ivec,$rndlast)=map("q$_",(0..7));
+my ($dat2,$in2,$tmp2)=map("q$_",(10,11,9));
+
+my ($dat,$tmp)=($dat0,$tmp0);
+
+### q8-q15	preloaded key schedule
+
+$code.=<<___;
+.globl	${prefix}_ctr32_encrypt_blocks
+.type	${prefix}_ctr32_encrypt_blocks,%function
+.align	5
+${prefix}_ctr32_encrypt_blocks:
+___
+$code.=<<___	if ($flavour =~ /64/);
+	stp		x29,x30,[sp,#-16]!
+	add		x29,sp,#0
+___
+$code.=<<___	if ($flavour !~ /64/);
+	mov		ip,sp
+	stmdb		sp!,{r4-r10,lr}
+	vstmdb		sp!,{d8-d15}            @ ABI specification says so
+	ldr		r4, [ip]		@ load remaining arg
+___
+$code.=<<___;
+	ldr		$rounds,[$key,#240]
+
+	ldr		$ctr, [$ivp, #12]
+	vld1.32		{$dat0},[$ivp]
+
+	vld1.32		{q8-q9},[$key]		// load key schedule...
+	sub		$rounds,$rounds,#4
+	mov		$step,#16
+	cmp		$len,#2
+	add		$key_,$key,x5,lsl#4	// pointer to last 5 round keys
+	sub		$rounds,$rounds,#2
+	vld1.32		{q12-q13},[$key_],#32
+	vld1.32		{q14-q15},[$key_],#32
+	vld1.32		{$rndlast},[$key_]
+	add		$key_,$key,#32
+	mov		$cnt,$rounds
+	cclr		$step,lo
+#ifndef __ARMEB__
+	rev		$ctr, $ctr
+#endif
+	vorr		$dat1,$dat0,$dat0
+	add		$tctr1, $ctr, #1
+	vorr		$dat2,$dat0,$dat0
+	add		$ctr, $ctr, #2
+	vorr		$ivec,$dat0,$dat0
+	rev		$tctr1, $tctr1
+	vmov.32		${dat1}[3],$tctr1
+	b.ls		.Lctr32_tail
+	rev		$tctr2, $ctr
+	sub		$len,$len,#3		// bias
+	vmov.32		${dat2}[3],$tctr2
+	b		.Loop3x_ctr32
+
+.align	4
+.Loop3x_ctr32:
+	aese		$dat0,q8
+	aesmc		$dat0,$dat0
+	aese		$dat1,q8
+	aesmc		$dat1,$dat1
+	aese		$dat2,q8
+	aesmc		$dat2,$dat2
+	vld1.32		{q8},[$key_],#16
+	subs		$cnt,$cnt,#2
+	aese		$dat0,q9
+	aesmc		$dat0,$dat0
+	aese		$dat1,q9
+	aesmc		$dat1,$dat1
+	aese		$dat2,q9
+	aesmc		$dat2,$dat2
+	vld1.32		{q9},[$key_],#16
+	b.gt		.Loop3x_ctr32
+
+	aese		$dat0,q8
+	aesmc		$tmp0,$dat0
+	aese		$dat1,q8
+	aesmc		$tmp1,$dat1
+	 vld1.8		{$in0},[$inp],#16
+	 vorr		$dat0,$ivec,$ivec
+	aese		$dat2,q8
+	aesmc		$dat2,$dat2
+	 vld1.8		{$in1},[$inp],#16
+	 vorr		$dat1,$ivec,$ivec
+	aese		$tmp0,q9
+	aesmc		$tmp0,$tmp0
+	aese		$tmp1,q9
+	aesmc		$tmp1,$tmp1
+	 vld1.8		{$in2},[$inp],#16
+	 mov		$key_,$key
+	aese		$dat2,q9
+	aesmc		$tmp2,$dat2
+	 vorr		$dat2,$ivec,$ivec
+	 add		$tctr0,$ctr,#1
+	aese		$tmp0,q12
+	aesmc		$tmp0,$tmp0
+	aese		$tmp1,q12
+	aesmc		$tmp1,$tmp1
+	 veor		$in0,$in0,$rndlast
+	 add		$tctr1,$ctr,#2
+	aese		$tmp2,q12
+	aesmc		$tmp2,$tmp2
+	 veor		$in1,$in1,$rndlast
+	 add		$ctr,$ctr,#3
+	aese		$tmp0,q13
+	aesmc		$tmp0,$tmp0
+	aese		$tmp1,q13
+	aesmc		$tmp1,$tmp1
+	 veor		$in2,$in2,$rndlast
+	 rev		$tctr0,$tctr0
+	aese		$tmp2,q13
+	aesmc		$tmp2,$tmp2
+	 vmov.32	${dat0}[3], $tctr0
+	 rev		$tctr1,$tctr1
+	aese		$tmp0,q14
+	aesmc		$tmp0,$tmp0
+	aese		$tmp1,q14
+	aesmc		$tmp1,$tmp1
+	 vmov.32	${dat1}[3], $tctr1
+	 rev		$tctr2,$ctr
+	aese		$tmp2,q14
+	aesmc		$tmp2,$tmp2
+	 vmov.32	${dat2}[3], $tctr2
+	 subs		$len,$len,#3
+	aese		$tmp0,q15
+	aese		$tmp1,q15
+	aese		$tmp2,q15
+
+	veor		$in0,$in0,$tmp0
+	 vld1.32	 {q8},[$key_],#16	// re-pre-load rndkey[0]
+	vst1.8		{$in0},[$out],#16
+	veor		$in1,$in1,$tmp1
+	 mov		$cnt,$rounds
+	vst1.8		{$in1},[$out],#16
+	veor		$in2,$in2,$tmp2
+	 vld1.32	 {q9},[$key_],#16	// re-pre-load rndkey[1]
+	vst1.8		{$in2},[$out],#16
+	b.hs		.Loop3x_ctr32
+
+	adds		$len,$len,#3
+	b.eq		.Lctr32_done
+	cmp		$len,#1
+	mov		$step,#16
+	cclr		$step,eq
+
+.Lctr32_tail:
+	aese		$dat0,q8
+	aesmc		$dat0,$dat0
+	aese		$dat1,q8
+	aesmc		$dat1,$dat1
+	vld1.32		{q8},[$key_],#16
+	subs		$cnt,$cnt,#2
+	aese		$dat0,q9
+	aesmc		$dat0,$dat0
+	aese		$dat1,q9
+	aesmc		$dat1,$dat1
+	vld1.32		{q9},[$key_],#16
+	b.gt		.Lctr32_tail
+
+	aese		$dat0,q8
+	aesmc		$dat0,$dat0
+	aese		$dat1,q8
+	aesmc		$dat1,$dat1
+	aese		$dat0,q9
+	aesmc		$dat0,$dat0
+	aese		$dat1,q9
+	aesmc		$dat1,$dat1
+	 vld1.8		{$in0},[$inp],$step
+	aese		$dat0,q12
+	aesmc		$dat0,$dat0
+	aese		$dat1,q12
+	aesmc		$dat1,$dat1
+	 vld1.8		{$in1},[$inp]
+	aese		$dat0,q13
+	aesmc		$dat0,$dat0
+	aese		$dat1,q13
+	aesmc		$dat1,$dat1
+	 veor		$in0,$in0,$rndlast
+	aese		$dat0,q14
+	aesmc		$dat0,$dat0
+	aese		$dat1,q14
+	aesmc		$dat1,$dat1
+	 veor		$in1,$in1,$rndlast
+	aese		$dat0,q15
+	aese		$dat1,q15
+
+	cmp		$len,#1
+	veor		$in0,$in0,$dat0
+	veor		$in1,$in1,$dat1
+	vst1.8		{$in0},[$out],#16
+	b.eq		.Lctr32_done
+	vst1.8		{$in1},[$out]
+
+.Lctr32_done:
+___
+$code.=<<___	if ($flavour !~ /64/);
+	vldmia		sp!,{d8-d15}
+	ldmia		sp!,{r4-r10,pc}
+___
+$code.=<<___	if ($flavour =~ /64/);
+	ldr		x29,[sp],#16
+	ret
+___
+$code.=<<___;
+.size	${prefix}_ctr32_encrypt_blocks,.-${prefix}_ctr32_encrypt_blocks
+___
+}}}
+$code.=<<___;
+#endif
+___
+########################################
+if ($flavour =~ /64/) {			######## 64-bit code
+    my %opcode = (
+	"aesd"	=>	0x4e285800,	"aese"	=>	0x4e284800,
+	"aesimc"=>	0x4e287800,	"aesmc"	=>	0x4e286800	);
+
+    local *unaes = sub {
+	my ($mnemonic,$arg)=@_;
+
+	$arg =~ m/[qv]([0-9]+)[^,]*,\s*[qv]([0-9]+)/o	&&
+	sprintf ".inst\t0x%08x\t//%s %s",
+			$opcode{$mnemonic}|$1|($2<<5),
+			$mnemonic,$arg;
+    };
+
+    foreach(split("\n",$code)) {
+	s/\`([^\`]*)\`/eval($1)/geo;
+
+	s/\bq([0-9]+)\b/"v".($1<8?$1:$1+8).".16b"/geo;	# old->new registers
+	s/@\s/\/\//o;			# old->new style commentary
+
+	#s/[v]?(aes\w+)\s+([qv].*)/unaes($1,$2)/geo	or
+	s/cclr\s+([wx])([^,]+),\s*([a-z]+)/csel	$1$2,$1zr,$1$2,$3/o	or
+	s/mov\.([a-z]+)\s+([wx][0-9]+),\s*([wx][0-9]+)/csel	$2,$3,$2,$1/o	or
+	s/vmov\.i8/movi/o	or	# fix up legacy mnemonics
+	s/vext\.8/ext/o		or
+	s/vrev32\.8/rev32/o	or
+	s/vtst\.8/cmtst/o	or
+	s/vshr/ushr/o		or
+	s/^(\s+)v/$1/o		or	# strip off v prefix
+	s/\bbx\s+lr\b/ret/o;
+
+	# fix up remaining legacy suffixes
+	s/\.[ui]?8//o;
+	m/\],#8/o and s/\.16b/\.8b/go;
+	s/\.[ui]?32//o and s/\.16b/\.4s/go;
+	s/\.[ui]?64//o and s/\.16b/\.2d/go;
+	s/\.[42]([sd])\[([0-3])\]/\.$1\[$2\]/o;
+
+	print $_,"\n";
+    }
+} else {				######## 32-bit code
+    my %opcode = (
+	"aesd"	=>	0xf3b00340,	"aese"	=>	0xf3b00300,
+	"aesimc"=>	0xf3b003c0,	"aesmc"	=>	0xf3b00380	);
+
+    local *unaes = sub {
+	my ($mnemonic,$arg)=@_;
+
+	if ($arg =~ m/[qv]([0-9]+)[^,]*,\s*[qv]([0-9]+)/o) {
+	    my $word = $opcode{$mnemonic}|(($1&7)<<13)|(($1&8)<<19)
+					 |(($2&7)<<1) |(($2&8)<<2);
+	    # since ARMv7 instructions are always encoded little-endian.
+	    # correct solution is to use .inst directive, but older
+	    # assemblers don't implement it:-(
+	    sprintf ".byte\t0x%02x,0x%02x,0x%02x,0x%02x\t@ %s %s",
+			$word&0xff,($word>>8)&0xff,
+			($word>>16)&0xff,($word>>24)&0xff,
+			$mnemonic,$arg;
+	}
+    };
+
+    sub unvtbl {
+	my $arg=shift;
+
+	$arg =~ m/q([0-9]+),\s*\{q([0-9]+)\},\s*q([0-9]+)/o &&
+	sprintf	"vtbl.8	d%d,{q%d},d%d\n\t".
+		"vtbl.8	d%d,{q%d},d%d", 2*$1,$2,2*$3, 2*$1+1,$2,2*$3+1;
+    }
+
+    sub unvdup32 {
+	my $arg=shift;
+
+	$arg =~ m/q([0-9]+),\s*q([0-9]+)\[([0-3])\]/o &&
+	sprintf	"vdup.32	q%d,d%d[%d]",$1,2*$2+($3>>1),$3&1;
+    }
+
+    sub unvmov32 {
+	my $arg=shift;
+
+	$arg =~ m/q([0-9]+)\[([0-3])\],(.*)/o &&
+	sprintf	"vmov.32	d%d[%d],%s",2*$1+($2>>1),$2&1,$3;
+    }
+
+    foreach(split("\n",$code)) {
+	s/\`([^\`]*)\`/eval($1)/geo;
+
+	s/\b[wx]([0-9]+)\b/r$1/go;		# new->old registers
+	s/\bv([0-9])\.[12468]+[bsd]\b/q$1/go;	# new->old registers
+	s/\/\/\s?/@ /o;				# new->old style commentary
+
+	# fix up remaining new-style suffixes
+	s/\{q([0-9]+)\},\s*\[(.+)\],#8/sprintf "{d%d},[$2]!",2*$1/eo	or
+	s/\],#[0-9]+/]!/o;
+
+	s/[v]?(aes\w+)\s+([qv].*)/unaes($1,$2)/geo	or
+	s/cclr\s+([^,]+),\s*([a-z]+)/mov$2	$1,#0/o	or
+	s/vtbl\.8\s+(.*)/unvtbl($1)/geo			or
+	s/vdup\.32\s+(.*)/unvdup32($1)/geo		or
+	s/vmov\.32\s+(.*)/unvmov32($1)/geo		or
+	s/^(\s+)b\./$1b/o				or
+	s/^(\s+)mov\./$1mov/o				or
+	s/^(\s+)ret/$1bx\tlr/o;
+
+	print $_,"\n";
+    }
+}
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/bsaes-armv7.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/bsaes-armv7.pl
new file mode 100644
index 000000000..bfe825af0
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/bsaes-armv7.pl
@@ -0,0 +1,2491 @@
+#! /usr/bin/env perl
+# Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+#
+# Specific modes and adaptation for Linux kernel by Ard Biesheuvel
+# of Linaro. Permission to use under GPL terms is granted.
+# ====================================================================
+
+# Bit-sliced AES for ARM NEON
+#
+# February 2012.
+#
+# This implementation is direct adaptation of bsaes-x86_64 module for
+# ARM NEON. Except that this module is endian-neutral [in sense that
+# it can be compiled for either endianness] by courtesy of vld1.8's
+# neutrality. Initial version doesn't implement interface to OpenSSL,
+# only low-level primitives and unsupported entry points, just enough
+# to collect performance results, which for Cortex-A8 core are:
+#
+# encrypt	19.5 cycles per byte processed with 128-bit key
+# decrypt	22.1 cycles per byte processed with 128-bit key
+# key conv.	440  cycles per 128-bit key/0.18 of 8x block
+#
+# Snapdragon S4 encrypts byte in 17.6 cycles and decrypts in 19.7,
+# which is [much] worse than anticipated (for further details see
+# http://www.openssl.org/~appro/Snapdragon-S4.html).
+#
+# Cortex-A15 manages in 14.2/16.1 cycles [when integer-only code
+# manages in 20.0 cycles].
+#
+# When comparing to x86_64 results keep in mind that NEON unit is
+# [mostly] single-issue and thus can't [fully] benefit from
+# instruction-level parallelism. And when comparing to aes-armv4
+# results keep in mind key schedule conversion overhead (see
+# bsaes-x86_64.pl for further details)...
+#
+#						<appro@openssl.org>
+
+# April-August 2013
+# Add CBC, CTR and XTS subroutines and adapt for kernel use; courtesy of Ard.
+
+$flavour = shift;
+if ($flavour=~/\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; }
+else { while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} }
+
+if ($flavour && $flavour ne "void") {
+    $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+    ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
+    ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
+    die "can't locate arm-xlate.pl";
+
+    open STDOUT,"| \"$^X\" $xlate $flavour $output";
+} else {
+    open STDOUT,">$output";
+}
+
+my ($inp,$out,$len,$key)=("r0","r1","r2","r3");
+my @XMM=map("q$_",(0..15));
+
+{
+my ($key,$rounds,$const)=("r4","r5","r6");
+
+sub Dlo()   { shift=~m|q([1]?[0-9])|?"d".($1*2):"";     }
+sub Dhi()   { shift=~m|q([1]?[0-9])|?"d".($1*2+1):"";   }
+
+sub Sbox {
+# input in  lsb > [b0, b1, b2, b3, b4, b5, b6, b7] < msb
+# output in lsb > [b0, b1, b4, b6, b3, b7, b2, b5] < msb
+my @b=@_[0..7];
+my @t=@_[8..11];
+my @s=@_[12..15];
+	&InBasisChange	(@b);
+	&Inv_GF256	(@b[6,5,0,3,7,1,4,2],@t,@s);
+	&OutBasisChange	(@b[7,1,4,2,6,5,0,3]);
+}
+
+sub InBasisChange {
+# input in  lsb > [b0, b1, b2, b3, b4, b5, b6, b7] < msb
+# output in lsb > [b6, b5, b0, b3, b7, b1, b4, b2] < msb
+my @b=@_[0..7];
+$code.=<<___;
+	veor	@b[2], @b[2], @b[1]
+	veor	@b[5], @b[5], @b[6]
+	veor	@b[3], @b[3], @b[0]
+	veor	@b[6], @b[6], @b[2]
+	veor	@b[5], @b[5], @b[0]
+
+	veor	@b[6], @b[6], @b[3]
+	veor	@b[3], @b[3], @b[7]
+	veor	@b[7], @b[7], @b[5]
+	veor	@b[3], @b[3], @b[4]
+	veor	@b[4], @b[4], @b[5]
+
+	veor	@b[2], @b[2], @b[7]
+	veor	@b[3], @b[3], @b[1]
+	veor	@b[1], @b[1], @b[5]
+___
+}
+
+sub OutBasisChange {
+# input in  lsb > [b0, b1, b2, b3, b4, b5, b6, b7] < msb
+# output in lsb > [b6, b1, b2, b4, b7, b0, b3, b5] < msb
+my @b=@_[0..7];
+$code.=<<___;
+	veor	@b[0], @b[0], @b[6]
+	veor	@b[1], @b[1], @b[4]
+	veor	@b[4], @b[4], @b[6]
+	veor	@b[2], @b[2], @b[0]
+	veor	@b[6], @b[6], @b[1]
+
+	veor	@b[1], @b[1], @b[5]
+	veor	@b[5], @b[5], @b[3]
+	veor	@b[3], @b[3], @b[7]
+	veor	@b[7], @b[7], @b[5]
+	veor	@b[2], @b[2], @b[5]
+
+	veor	@b[4], @b[4], @b[7]
+___
+}
+
+sub InvSbox {
+# input in lsb 	> [b0, b1, b2, b3, b4, b5, b6, b7] < msb
+# output in lsb	> [b0, b1, b6, b4, b2, b7, b3, b5] < msb
+my @b=@_[0..7];
+my @t=@_[8..11];
+my @s=@_[12..15];
+	&InvInBasisChange	(@b);
+	&Inv_GF256		(@b[5,1,2,6,3,7,0,4],@t,@s);
+	&InvOutBasisChange	(@b[3,7,0,4,5,1,2,6]);
+}
+
+sub InvInBasisChange {		# OutBasisChange in reverse (with twist)
+my @b=@_[5,1,2,6,3,7,0,4];
+$code.=<<___
+	 veor	@b[1], @b[1], @b[7]
+	veor	@b[4], @b[4], @b[7]
+
+	veor	@b[7], @b[7], @b[5]
+	 veor	@b[1], @b[1], @b[3]
+	veor	@b[2], @b[2], @b[5]
+	veor	@b[3], @b[3], @b[7]
+
+	veor	@b[6], @b[6], @b[1]
+	veor	@b[2], @b[2], @b[0]
+	 veor	@b[5], @b[5], @b[3]
+	veor	@b[4], @b[4], @b[6]
+	veor	@b[0], @b[0], @b[6]
+	veor	@b[1], @b[1], @b[4]
+___
+}
+
+sub InvOutBasisChange {		# InBasisChange in reverse
+my @b=@_[2,5,7,3,6,1,0,4];
+$code.=<<___;
+	veor	@b[1], @b[1], @b[5]
+	veor	@b[2], @b[2], @b[7]
+
+	veor	@b[3], @b[3], @b[1]
+	veor	@b[4], @b[4], @b[5]
+	veor	@b[7], @b[7], @b[5]
+	veor	@b[3], @b[3], @b[4]
+	 veor 	@b[5], @b[5], @b[0]
+	veor	@b[3], @b[3], @b[7]
+	 veor	@b[6], @b[6], @b[2]
+	 veor	@b[2], @b[2], @b[1]
+	veor	@b[6], @b[6], @b[3]
+
+	veor	@b[3], @b[3], @b[0]
+	veor	@b[5], @b[5], @b[6]
+___
+}
+
+sub Mul_GF4 {
+#;*************************************************************
+#;* Mul_GF4: Input x0-x1,y0-y1 Output x0-x1 Temp t0 (8) *
+#;*************************************************************
+my ($x0,$x1,$y0,$y1,$t0,$t1)=@_;
+$code.=<<___;
+	veor 	$t0, $y0, $y1
+	vand	$t0, $t0, $x0
+	veor	$x0, $x0, $x1
+	vand	$t1, $x1, $y0
+	vand	$x0, $x0, $y1
+	veor	$x1, $t1, $t0
+	veor	$x0, $x0, $t1
+___
+}
+
+sub Mul_GF4_N {				# not used, see next subroutine
+# multiply and scale by N
+my ($x0,$x1,$y0,$y1,$t0)=@_;
+$code.=<<___;
+	veor	$t0, $y0, $y1
+	vand	$t0, $t0, $x0
+	veor	$x0, $x0, $x1
+	vand	$x1, $x1, $y0
+	vand	$x0, $x0, $y1
+	veor	$x1, $x1, $x0
+	veor	$x0, $x0, $t0
+___
+}
+
+sub Mul_GF4_N_GF4 {
+# interleaved Mul_GF4_N and Mul_GF4
+my ($x0,$x1,$y0,$y1,$t0,
+    $x2,$x3,$y2,$y3,$t1)=@_;
+$code.=<<___;
+	veor	$t0, $y0, $y1
+	 veor 	$t1, $y2, $y3
+	vand	$t0, $t0, $x0
+	 vand	$t1, $t1, $x2
+	veor	$x0, $x0, $x1
+	 veor	$x2, $x2, $x3
+	vand	$x1, $x1, $y0
+	 vand	$x3, $x3, $y2
+	vand	$x0, $x0, $y1
+	 vand	$x2, $x2, $y3
+	veor	$x1, $x1, $x0
+	 veor	$x2, $x2, $x3
+	veor	$x0, $x0, $t0
+	 veor	$x3, $x3, $t1
+___
+}
+sub Mul_GF16_2 {
+my @x=@_[0..7];
+my @y=@_[8..11];
+my @t=@_[12..15];
+$code.=<<___;
+	veor	@t[0], @x[0], @x[2]
+	veor	@t[1], @x[1], @x[3]
+___
+	&Mul_GF4  	(@x[0], @x[1], @y[0], @y[1], @t[2..3]);
+$code.=<<___;
+	veor	@y[0], @y[0], @y[2]
+	veor	@y[1], @y[1], @y[3]
+___
+	Mul_GF4_N_GF4	(@t[0], @t[1], @y[0], @y[1], @t[3],
+			 @x[2], @x[3], @y[2], @y[3], @t[2]);
+$code.=<<___;
+	veor	@x[0], @x[0], @t[0]
+	veor	@x[2], @x[2], @t[0]
+	veor	@x[1], @x[1], @t[1]
+	veor	@x[3], @x[3], @t[1]
+
+	veor	@t[0], @x[4], @x[6]
+	veor	@t[1], @x[5], @x[7]
+___
+	&Mul_GF4_N_GF4	(@t[0], @t[1], @y[0], @y[1], @t[3],
+			 @x[6], @x[7], @y[2], @y[3], @t[2]);
+$code.=<<___;
+	veor	@y[0], @y[0], @y[2]
+	veor	@y[1], @y[1], @y[3]
+___
+	&Mul_GF4  	(@x[4], @x[5], @y[0], @y[1], @t[2..3]);
+$code.=<<___;
+	veor	@x[4], @x[4], @t[0]
+	veor	@x[6], @x[6], @t[0]
+	veor	@x[5], @x[5], @t[1]
+	veor	@x[7], @x[7], @t[1]
+___
+}
+sub Inv_GF256 {
+#;********************************************************************
+#;* Inv_GF256: Input x0-x7 Output x0-x7 Temp t0-t3,s0-s3 (144)       *
+#;********************************************************************
+my @x=@_[0..7];
+my @t=@_[8..11];
+my @s=@_[12..15];
+# direct optimizations from hardware
+$code.=<<___;
+	veor	@t[3], @x[4], @x[6]
+	veor	@t[2], @x[5], @x[7]
+	veor	@t[1], @x[1], @x[3]
+	veor	@s[1], @x[7], @x[6]
+	 vmov	@t[0], @t[2]
+	veor	@s[0], @x[0], @x[2]
+
+	vorr	@t[2], @t[2], @t[1]
+	veor	@s[3], @t[3], @t[0]
+	vand	@s[2], @t[3], @s[0]
+	vorr	@t[3], @t[3], @s[0]
+	veor	@s[0], @s[0], @t[1]
+	vand	@t[0], @t[0], @t[1]
+	veor	@t[1], @x[3], @x[2]
+	vand	@s[3], @s[3], @s[0]
+	vand	@s[1], @s[1], @t[1]
+	veor	@t[1], @x[4], @x[5]
+	veor	@s[0], @x[1], @x[0]
+	veor	@t[3], @t[3], @s[1]
+	veor	@t[2], @t[2], @s[1]
+	vand	@s[1], @t[1], @s[0]
+	vorr	@t[1], @t[1], @s[0]
+	veor	@t[3], @t[3], @s[3]
+	veor	@t[0], @t[0], @s[1]
+	veor	@t[2], @t[2], @s[2]
+	veor	@t[1], @t[1], @s[3]
+	veor	@t[0], @t[0], @s[2]
+	vand	@s[0], @x[7], @x[3]
+	veor	@t[1], @t[1], @s[2]
+	vand	@s[1], @x[6], @x[2]
+	vand	@s[2], @x[5], @x[1]
+	vorr	@s[3], @x[4], @x[0]
+	veor	@t[3], @t[3], @s[0]
+	veor	@t[1], @t[1], @s[2]
+	veor	@t[0], @t[0], @s[3]
+	veor	@t[2], @t[2], @s[1]
+
+	@ Inv_GF16 \t0, \t1, \t2, \t3, \s0, \s1, \s2, \s3
+
+	@ new smaller inversion
+
+	vand	@s[2], @t[3], @t[1]
+	vmov	@s[0], @t[0]
+
+	veor	@s[1], @t[2], @s[2]
+	veor	@s[3], @t[0], @s[2]
+	veor	@s[2], @t[0], @s[2]	@ @s[2]=@s[3]
+
+	vbsl	@s[1], @t[1], @t[0]
+	vbsl	@s[3], @t[3], @t[2]
+	veor	@t[3], @t[3], @t[2]
+
+	vbsl	@s[0], @s[1], @s[2]
+	vbsl	@t[0], @s[2], @s[1]
+
+	vand	@s[2], @s[0], @s[3]
+	veor	@t[1], @t[1], @t[0]
+
+	veor	@s[2], @s[2], @t[3]
+___
+# output in s3, s2, s1, t1
+
+# Mul_GF16_2 \x0, \x1, \x2, \x3, \x4, \x5, \x6, \x7, \t2, \t3, \t0, \t1, \s0, \s1, \s2, \s3
+
+# Mul_GF16_2 \x0, \x1, \x2, \x3, \x4, \x5, \x6, \x7, \s3, \s2, \s1, \t1, \s0, \t0, \t2, \t3
+	&Mul_GF16_2(@x,@s[3,2,1],@t[1],@s[0],@t[0,2,3]);
+
+### output msb > [x3,x2,x1,x0,x7,x6,x5,x4] < lsb
+}
+
+# AES linear components
+
+sub ShiftRows {
+my @x=@_[0..7];
+my @t=@_[8..11];
+my $mask=pop;
+$code.=<<___;
+	vldmia	$key!, {@t[0]-@t[3]}
+	veor	@t[0], @t[0], @x[0]
+	veor	@t[1], @t[1], @x[1]
+	vtbl.8	`&Dlo(@x[0])`, {@t[0]}, `&Dlo($mask)`
+	vtbl.8	`&Dhi(@x[0])`, {@t[0]}, `&Dhi($mask)`
+	vldmia	$key!, {@t[0]}
+	veor	@t[2], @t[2], @x[2]
+	vtbl.8	`&Dlo(@x[1])`, {@t[1]}, `&Dlo($mask)`
+	vtbl.8	`&Dhi(@x[1])`, {@t[1]}, `&Dhi($mask)`
+	vldmia	$key!, {@t[1]}
+	veor	@t[3], @t[3], @x[3]
+	vtbl.8	`&Dlo(@x[2])`, {@t[2]}, `&Dlo($mask)`
+	vtbl.8	`&Dhi(@x[2])`, {@t[2]}, `&Dhi($mask)`
+	vldmia	$key!, {@t[2]}
+	vtbl.8	`&Dlo(@x[3])`, {@t[3]}, `&Dlo($mask)`
+	vtbl.8	`&Dhi(@x[3])`, {@t[3]}, `&Dhi($mask)`
+	vldmia	$key!, {@t[3]}
+	veor	@t[0], @t[0], @x[4]
+	veor	@t[1], @t[1], @x[5]
+	vtbl.8	`&Dlo(@x[4])`, {@t[0]}, `&Dlo($mask)`
+	vtbl.8	`&Dhi(@x[4])`, {@t[0]}, `&Dhi($mask)`
+	veor	@t[2], @t[2], @x[6]
+	vtbl.8	`&Dlo(@x[5])`, {@t[1]}, `&Dlo($mask)`
+	vtbl.8	`&Dhi(@x[5])`, {@t[1]}, `&Dhi($mask)`
+	veor	@t[3], @t[3], @x[7]
+	vtbl.8	`&Dlo(@x[6])`, {@t[2]}, `&Dlo($mask)`
+	vtbl.8	`&Dhi(@x[6])`, {@t[2]}, `&Dhi($mask)`
+	vtbl.8	`&Dlo(@x[7])`, {@t[3]}, `&Dlo($mask)`
+	vtbl.8	`&Dhi(@x[7])`, {@t[3]}, `&Dhi($mask)`
+___
+}
+
+sub MixColumns {
+# modified to emit output in order suitable for feeding back to aesenc[last]
+my @x=@_[0..7];
+my @t=@_[8..15];
+my $inv=@_[16];	# optional
+$code.=<<___;
+	vext.8	@t[0], @x[0], @x[0], #12	@ x0 <<< 32
+	vext.8	@t[1], @x[1], @x[1], #12
+	 veor	@x[0], @x[0], @t[0]		@ x0 ^ (x0 <<< 32)
+	vext.8	@t[2], @x[2], @x[2], #12
+	 veor	@x[1], @x[1], @t[1]
+	vext.8	@t[3], @x[3], @x[3], #12
+	 veor	@x[2], @x[2], @t[2]
+	vext.8	@t[4], @x[4], @x[4], #12
+	 veor	@x[3], @x[3], @t[3]
+	vext.8	@t[5], @x[5], @x[5], #12
+	 veor	@x[4], @x[4], @t[4]
+	vext.8	@t[6], @x[6], @x[6], #12
+	 veor	@x[5], @x[5], @t[5]
+	vext.8	@t[7], @x[7], @x[7], #12
+	 veor	@x[6], @x[6], @t[6]
+
+	veor	@t[1], @t[1], @x[0]
+	 veor	@x[7], @x[7], @t[7]
+	 vext.8	@x[0], @x[0], @x[0], #8		@ (x0 ^ (x0 <<< 32)) <<< 64)
+	veor	@t[2], @t[2], @x[1]
+	veor	@t[0], @t[0], @x[7]
+	veor	@t[1], @t[1], @x[7]
+	 vext.8	@x[1], @x[1], @x[1], #8
+	veor	@t[5], @t[5], @x[4]
+	 veor	@x[0], @x[0], @t[0]
+	veor	@t[6], @t[6], @x[5]
+	 veor	@x[1], @x[1], @t[1]
+	 vext.8	@t[0], @x[4], @x[4], #8
+	veor	@t[4], @t[4], @x[3]
+	 vext.8	@t[1], @x[5], @x[5], #8
+	veor	@t[7], @t[7], @x[6]
+	 vext.8	@x[4], @x[3], @x[3], #8
+	veor	@t[3], @t[3], @x[2]
+	 vext.8	@x[5], @x[7], @x[7], #8
+	veor	@t[4], @t[4], @x[7]
+	 vext.8	@x[3], @x[6], @x[6], #8
+	veor	@t[3], @t[3], @x[7]
+	 vext.8	@x[6], @x[2], @x[2], #8
+	veor	@x[7], @t[1], @t[5]
+___
+$code.=<<___ if (!$inv);
+	veor	@x[2], @t[0], @t[4]
+	veor	@x[4], @x[4], @t[3]
+	veor	@x[5], @x[5], @t[7]
+	veor	@x[3], @x[3], @t[6]
+	 @ vmov	@x[2], @t[0]
+	veor	@x[6], @x[6], @t[2]
+	 @ vmov	@x[7], @t[1]
+___
+$code.=<<___ if ($inv);
+	veor	@t[3], @t[3], @x[4]
+	veor	@x[5], @x[5], @t[7]
+	veor	@x[2], @x[3], @t[6]
+	veor	@x[3], @t[0], @t[4]
+	veor	@x[4], @x[6], @t[2]
+	vmov	@x[6], @t[3]
+	 @ vmov	@x[7], @t[1]
+___
+}
+
+sub InvMixColumns_orig {
+my @x=@_[0..7];
+my @t=@_[8..15];
+
+$code.=<<___;
+	@ multiplication by 0x0e
+	vext.8	@t[7], @x[7], @x[7], #12
+	vmov	@t[2], @x[2]
+	veor	@x[2], @x[2], @x[5]		@ 2 5
+	veor	@x[7], @x[7], @x[5]		@ 7 5
+	vext.8	@t[0], @x[0], @x[0], #12
+	vmov	@t[5], @x[5]
+	veor	@x[5], @x[5], @x[0]		@ 5 0		[1]
+	veor	@x[0], @x[0], @x[1]		@ 0 1
+	vext.8	@t[1], @x[1], @x[1], #12
+	veor	@x[1], @x[1], @x[2]		@ 1 25
+	veor	@x[0], @x[0], @x[6]		@ 01 6		[2]
+	vext.8	@t[3], @x[3], @x[3], #12
+	veor	@x[1], @x[1], @x[3]		@ 125 3		[4]
+	veor	@x[2], @x[2], @x[0]		@ 25 016	[3]
+	veor	@x[3], @x[3], @x[7]		@ 3 75
+	veor	@x[7], @x[7], @x[6]		@ 75 6		[0]
+	vext.8	@t[6], @x[6], @x[6], #12
+	vmov	@t[4], @x[4]
+	veor	@x[6], @x[6], @x[4]		@ 6 4
+	veor	@x[4], @x[4], @x[3]		@ 4 375		[6]
+	veor	@x[3], @x[3], @x[7]		@ 375 756=36
+	veor	@x[6], @x[6], @t[5]		@ 64 5		[7]
+	veor	@x[3], @x[3], @t[2]		@ 36 2
+	vext.8	@t[5], @t[5], @t[5], #12
+	veor	@x[3], @x[3], @t[4]		@ 362 4		[5]
+___
+					my @y = @x[7,5,0,2,1,3,4,6];
+$code.=<<___;
+	@ multiplication by 0x0b
+	veor	@y[1], @y[1], @y[0]
+	veor	@y[0], @y[0], @t[0]
+	vext.8	@t[2], @t[2], @t[2], #12
+	veor	@y[1], @y[1], @t[1]
+	veor	@y[0], @y[0], @t[5]
+	vext.8	@t[4], @t[4], @t[4], #12
+	veor	@y[1], @y[1], @t[6]
+	veor	@y[0], @y[0], @t[7]
+	veor	@t[7], @t[7], @t[6]		@ clobber t[7]
+
+	veor	@y[3], @y[3], @t[0]
+	 veor	@y[1], @y[1], @y[0]
+	vext.8	@t[0], @t[0], @t[0], #12
+	veor	@y[2], @y[2], @t[1]
+	veor	@y[4], @y[4], @t[1]
+	vext.8	@t[1], @t[1], @t[1], #12
+	veor	@y[2], @y[2], @t[2]
+	veor	@y[3], @y[3], @t[2]
+	veor	@y[5], @y[5], @t[2]
+	veor	@y[2], @y[2], @t[7]
+	vext.8	@t[2], @t[2], @t[2], #12
+	veor	@y[3], @y[3], @t[3]
+	veor	@y[6], @y[6], @t[3]
+	veor	@y[4], @y[4], @t[3]
+	veor	@y[7], @y[7], @t[4]
+	vext.8	@t[3], @t[3], @t[3], #12
+	veor	@y[5], @y[5], @t[4]
+	veor	@y[7], @y[7], @t[7]
+	veor	@t[7], @t[7], @t[5]		@ clobber t[7] even more
+	veor	@y[3], @y[3], @t[5]
+	veor	@y[4], @y[4], @t[4]
+
+	veor	@y[5], @y[5], @t[7]
+	vext.8	@t[4], @t[4], @t[4], #12
+	veor	@y[6], @y[6], @t[7]
+	veor	@y[4], @y[4], @t[7]
+
+	veor	@t[7], @t[7], @t[5]
+	vext.8	@t[5], @t[5], @t[5], #12
+
+	@ multiplication by 0x0d
+	veor	@y[4], @y[4], @y[7]
+	 veor	@t[7], @t[7], @t[6]		@ restore t[7]
+	veor	@y[7], @y[7], @t[4]
+	vext.8	@t[6], @t[6], @t[6], #12
+	veor	@y[2], @y[2], @t[0]
+	veor	@y[7], @y[7], @t[5]
+	vext.8	@t[7], @t[7], @t[7], #12
+	veor	@y[2], @y[2], @t[2]
+
+	veor	@y[3], @y[3], @y[1]
+	veor	@y[1], @y[1], @t[1]
+	veor	@y[0], @y[0], @t[0]
+	veor	@y[3], @y[3], @t[0]
+	veor	@y[1], @y[1], @t[5]
+	veor	@y[0], @y[0], @t[5]
+	vext.8	@t[0], @t[0], @t[0], #12
+	veor	@y[1], @y[1], @t[7]
+	veor	@y[0], @y[0], @t[6]
+	veor	@y[3], @y[3], @y[1]
+	veor	@y[4], @y[4], @t[1]
+	vext.8	@t[1], @t[1], @t[1], #12
+
+	veor	@y[7], @y[7], @t[7]
+	veor	@y[4], @y[4], @t[2]
+	veor	@y[5], @y[5], @t[2]
+	veor	@y[2], @y[2], @t[6]
+	veor	@t[6], @t[6], @t[3]		@ clobber t[6]
+	vext.8	@t[2], @t[2], @t[2], #12
+	veor	@y[4], @y[4], @y[7]
+	veor	@y[3], @y[3], @t[6]
+
+	veor	@y[6], @y[6], @t[6]
+	veor	@y[5], @y[5], @t[5]
+	vext.8	@t[5], @t[5], @t[5], #12
+	veor	@y[6], @y[6], @t[4]
+	vext.8	@t[4], @t[4], @t[4], #12
+	veor	@y[5], @y[5], @t[6]
+	veor	@y[6], @y[6], @t[7]
+	vext.8	@t[7], @t[7], @t[7], #12
+	veor	@t[6], @t[6], @t[3]		@ restore t[6]
+	vext.8	@t[3], @t[3], @t[3], #12
+
+	@ multiplication by 0x09
+	veor	@y[4], @y[4], @y[1]
+	veor	@t[1], @t[1], @y[1]		@ t[1]=y[1]
+	veor	@t[0], @t[0], @t[5]		@ clobber t[0]
+	vext.8	@t[6], @t[6], @t[6], #12
+	veor	@t[1], @t[1], @t[5]
+	veor	@y[3], @y[3], @t[0]
+	veor	@t[0], @t[0], @y[0]		@ t[0]=y[0]
+	veor	@t[1], @t[1], @t[6]
+	veor	@t[6], @t[6], @t[7]		@ clobber t[6]
+	veor	@y[4], @y[4], @t[1]
+	veor	@y[7], @y[7], @t[4]
+	veor	@y[6], @y[6], @t[3]
+	veor	@y[5], @y[5], @t[2]
+	veor	@t[4], @t[4], @y[4]		@ t[4]=y[4]
+	veor	@t[3], @t[3], @y[3]		@ t[3]=y[3]
+	veor	@t[5], @t[5], @y[5]		@ t[5]=y[5]
+	veor	@t[2], @t[2], @y[2]		@ t[2]=y[2]
+	veor	@t[3], @t[3], @t[7]
+	veor	@XMM[5], @t[5], @t[6]
+	veor	@XMM[6], @t[6], @y[6]		@ t[6]=y[6]
+	veor	@XMM[2], @t[2], @t[6]
+	veor	@XMM[7], @t[7], @y[7]		@ t[7]=y[7]
+
+	vmov	@XMM[0], @t[0]
+	vmov	@XMM[1], @t[1]
+	@ vmov	@XMM[2], @t[2]
+	vmov	@XMM[3], @t[3]
+	vmov	@XMM[4], @t[4]
+	@ vmov	@XMM[5], @t[5]
+	@ vmov	@XMM[6], @t[6]
+	@ vmov	@XMM[7], @t[7]
+___
+}
+
+sub InvMixColumns {
+my @x=@_[0..7];
+my @t=@_[8..15];
+
+# Thanks to Jussi Kivilinna for providing pointer to
+#
+# | 0e 0b 0d 09 |   | 02 03 01 01 |   | 05 00 04 00 |
+# | 09 0e 0b 0d | = | 01 02 03 01 | x | 00 05 00 04 |
+# | 0d 09 0e 0b |   | 01 01 02 03 |   | 04 00 05 00 |
+# | 0b 0d 09 0e |   | 03 01 01 02 |   | 00 04 00 05 |
+
+$code.=<<___;
+	@ multiplication by 0x05-0x00-0x04-0x00
+	vext.8	@t[0], @x[0], @x[0], #8
+	vext.8	@t[6], @x[6], @x[6], #8
+	vext.8	@t[7], @x[7], @x[7], #8
+	veor	@t[0], @t[0], @x[0]
+	vext.8	@t[1], @x[1], @x[1], #8
+	veor	@t[6], @t[6], @x[6]
+	vext.8	@t[2], @x[2], @x[2], #8
+	veor	@t[7], @t[7], @x[7]
+	vext.8	@t[3], @x[3], @x[3], #8
+	veor	@t[1], @t[1], @x[1]
+	vext.8	@t[4], @x[4], @x[4], #8
+	veor	@t[2], @t[2], @x[2]
+	vext.8	@t[5], @x[5], @x[5], #8
+	veor	@t[3], @t[3], @x[3]
+	veor	@t[4], @t[4], @x[4]
+	veor	@t[5], @t[5], @x[5]
+
+	 veor	@x[0], @x[0], @t[6]
+	 veor	@x[1], @x[1], @t[6]
+	 veor	@x[2], @x[2], @t[0]
+	 veor	@x[4], @x[4], @t[2]
+	 veor	@x[3], @x[3], @t[1]
+	 veor	@x[1], @x[1], @t[7]
+	 veor	@x[2], @x[2], @t[7]
+	 veor	@x[4], @x[4], @t[6]
+	 veor	@x[5], @x[5], @t[3]
+	 veor	@x[3], @x[3], @t[6]
+	 veor	@x[6], @x[6], @t[4]
+	 veor	@x[4], @x[4], @t[7]
+	 veor	@x[5], @x[5], @t[7]
+	 veor	@x[7], @x[7], @t[5]
+___
+	&MixColumns	(@x,@t,1);	# flipped 2<->3 and 4<->6
+}
+
+sub swapmove {
+my ($a,$b,$n,$mask,$t)=@_;
+$code.=<<___;
+	vshr.u64	$t, $b, #$n
+	veor		$t, $t, $a
+	vand		$t, $t, $mask
+	veor		$a, $a, $t
+	vshl.u64	$t, $t, #$n
+	veor		$b, $b, $t
+___
+}
+sub swapmove2x {
+my ($a0,$b0,$a1,$b1,$n,$mask,$t0,$t1)=@_;
+$code.=<<___;
+	vshr.u64	$t0, $b0, #$n
+	 vshr.u64	$t1, $b1, #$n
+	veor		$t0, $t0, $a0
+	 veor		$t1, $t1, $a1
+	vand		$t0, $t0, $mask
+	 vand		$t1, $t1, $mask
+	veor		$a0, $a0, $t0
+	vshl.u64	$t0, $t0, #$n
+	 veor		$a1, $a1, $t1
+	 vshl.u64	$t1, $t1, #$n
+	veor		$b0, $b0, $t0
+	 veor		$b1, $b1, $t1
+___
+}
+
+sub bitslice {
+my @x=reverse(@_[0..7]);
+my ($t0,$t1,$t2,$t3)=@_[8..11];
+$code.=<<___;
+	vmov.i8	$t0,#0x55			@ compose .LBS0
+	vmov.i8	$t1,#0x33			@ compose .LBS1
+___
+	&swapmove2x(@x[0,1,2,3],1,$t0,$t2,$t3);
+	&swapmove2x(@x[4,5,6,7],1,$t0,$t2,$t3);
+$code.=<<___;
+	vmov.i8	$t0,#0x0f			@ compose .LBS2
+___
+	&swapmove2x(@x[0,2,1,3],2,$t1,$t2,$t3);
+	&swapmove2x(@x[4,6,5,7],2,$t1,$t2,$t3);
+
+	&swapmove2x(@x[0,4,1,5],4,$t0,$t2,$t3);
+	&swapmove2x(@x[2,6,3,7],4,$t0,$t2,$t3);
+}
+
+$code.=<<___;
+#ifndef __KERNEL__
+# include "arm_arch.h"
+
+# define VFP_ABI_PUSH	vstmdb	sp!,{d8-d15}
+# define VFP_ABI_POP	vldmia	sp!,{d8-d15}
+# define VFP_ABI_FRAME	0x40
+#else
+# define VFP_ABI_PUSH
+# define VFP_ABI_POP
+# define VFP_ABI_FRAME	0
+# define BSAES_ASM_EXTENDED_KEY
+# define XTS_CHAIN_TWEAK
+# define __ARM_ARCH__ __LINUX_ARM_ARCH__
+# define __ARM_MAX_ARCH__ 7
+#endif
+
+#ifdef __thumb__
+# define adrl adr
+#endif
+
+#if __ARM_MAX_ARCH__>=7
+.arch	armv7-a
+.fpu	neon
+
+.text
+.syntax	unified 	@ ARMv7-capable assembler is expected to handle this
+#if defined(__thumb2__) && !defined(__APPLE__)
+.thumb
+#else
+.code   32
+# undef __thumb2__
+#endif
+
+.type	_bsaes_decrypt8,%function
+.align	4
+_bsaes_decrypt8:
+	adr	$const,.
+	vldmia	$key!, {@XMM[9]}		@ round 0 key
+#if defined(__thumb2__) || defined(__APPLE__)
+	adr	$const,.LM0ISR
+#else
+	add	$const,$const,#.LM0ISR-_bsaes_decrypt8
+#endif
+
+	vldmia	$const!, {@XMM[8]}		@ .LM0ISR
+	veor	@XMM[10], @XMM[0], @XMM[9]	@ xor with round0 key
+	veor	@XMM[11], @XMM[1], @XMM[9]
+	 vtbl.8	`&Dlo(@XMM[0])`, {@XMM[10]}, `&Dlo(@XMM[8])`
+	 vtbl.8	`&Dhi(@XMM[0])`, {@XMM[10]}, `&Dhi(@XMM[8])`
+	veor	@XMM[12], @XMM[2], @XMM[9]
+	 vtbl.8	`&Dlo(@XMM[1])`, {@XMM[11]}, `&Dlo(@XMM[8])`
+	 vtbl.8	`&Dhi(@XMM[1])`, {@XMM[11]}, `&Dhi(@XMM[8])`
+	veor	@XMM[13], @XMM[3], @XMM[9]
+	 vtbl.8	`&Dlo(@XMM[2])`, {@XMM[12]}, `&Dlo(@XMM[8])`
+	 vtbl.8	`&Dhi(@XMM[2])`, {@XMM[12]}, `&Dhi(@XMM[8])`
+	veor	@XMM[14], @XMM[4], @XMM[9]
+	 vtbl.8	`&Dlo(@XMM[3])`, {@XMM[13]}, `&Dlo(@XMM[8])`
+	 vtbl.8	`&Dhi(@XMM[3])`, {@XMM[13]}, `&Dhi(@XMM[8])`
+	veor	@XMM[15], @XMM[5], @XMM[9]
+	 vtbl.8	`&Dlo(@XMM[4])`, {@XMM[14]}, `&Dlo(@XMM[8])`
+	 vtbl.8	`&Dhi(@XMM[4])`, {@XMM[14]}, `&Dhi(@XMM[8])`
+	veor	@XMM[10], @XMM[6], @XMM[9]
+	 vtbl.8	`&Dlo(@XMM[5])`, {@XMM[15]}, `&Dlo(@XMM[8])`
+	 vtbl.8	`&Dhi(@XMM[5])`, {@XMM[15]}, `&Dhi(@XMM[8])`
+	veor	@XMM[11], @XMM[7], @XMM[9]
+	 vtbl.8	`&Dlo(@XMM[6])`, {@XMM[10]}, `&Dlo(@XMM[8])`
+	 vtbl.8	`&Dhi(@XMM[6])`, {@XMM[10]}, `&Dhi(@XMM[8])`
+	 vtbl.8	`&Dlo(@XMM[7])`, {@XMM[11]}, `&Dlo(@XMM[8])`
+	 vtbl.8	`&Dhi(@XMM[7])`, {@XMM[11]}, `&Dhi(@XMM[8])`
+___
+	&bitslice	(@XMM[0..7, 8..11]);
+$code.=<<___;
+	sub	$rounds,$rounds,#1
+	b	.Ldec_sbox
+.align	4
+.Ldec_loop:
+___
+	&ShiftRows	(@XMM[0..7, 8..12]);
+$code.=".Ldec_sbox:\n";
+	&InvSbox	(@XMM[0..7, 8..15]);
+$code.=<<___;
+	subs	$rounds,$rounds,#1
+	bcc	.Ldec_done
+___
+	&InvMixColumns	(@XMM[0,1,6,4,2,7,3,5, 8..15]);
+$code.=<<___;
+	vldmia	$const, {@XMM[12]}		@ .LISR
+	ite	eq				@ Thumb2 thing, sanity check in ARM
+	addeq	$const,$const,#0x10
+	bne	.Ldec_loop
+	vldmia	$const, {@XMM[12]}		@ .LISRM0
+	b	.Ldec_loop
+.align	4
+.Ldec_done:
+___
+	&bitslice	(@XMM[0,1,6,4,2,7,3,5, 8..11]);
+$code.=<<___;
+	vldmia	$key, {@XMM[8]}			@ last round key
+	veor	@XMM[6], @XMM[6], @XMM[8]
+	veor	@XMM[4], @XMM[4], @XMM[8]
+	veor	@XMM[2], @XMM[2], @XMM[8]
+	veor	@XMM[7], @XMM[7], @XMM[8]
+	veor	@XMM[3], @XMM[3], @XMM[8]
+	veor	@XMM[5], @XMM[5], @XMM[8]
+	veor	@XMM[0], @XMM[0], @XMM[8]
+	veor	@XMM[1], @XMM[1], @XMM[8]
+	bx	lr
+.size	_bsaes_decrypt8,.-_bsaes_decrypt8
+
+.type	_bsaes_const,%object
+.align	6
+_bsaes_const:
+.LM0ISR:	@ InvShiftRows constants
+	.quad	0x0a0e0206070b0f03, 0x0004080c0d010509
+.LISR:
+	.quad	0x0504070602010003, 0x0f0e0d0c080b0a09
+.LISRM0:
+	.quad	0x01040b0e0205080f, 0x0306090c00070a0d
+.LM0SR:		@ ShiftRows constants
+	.quad	0x0a0e02060f03070b, 0x0004080c05090d01
+.LSR:
+	.quad	0x0504070600030201, 0x0f0e0d0c0a09080b
+.LSRM0:
+	.quad	0x0304090e00050a0f, 0x01060b0c0207080d
+.LM0:
+	.quad	0x02060a0e03070b0f, 0x0004080c0105090d
+.LREVM0SR:
+	.quad	0x090d01050c000408, 0x03070b0f060a0e02
+.asciz	"Bit-sliced AES for NEON, CRYPTOGAMS by <appro\@openssl.org>"
+.align	6
+.size	_bsaes_const,.-_bsaes_const
+
+.type	_bsaes_encrypt8,%function
+.align	4
+_bsaes_encrypt8:
+	adr	$const,.
+	vldmia	$key!, {@XMM[9]}		@ round 0 key
+#if defined(__thumb2__) || defined(__APPLE__)
+	adr	$const,.LM0SR
+#else
+	sub	$const,$const,#_bsaes_encrypt8-.LM0SR
+#endif
+
+	vldmia	$const!, {@XMM[8]}		@ .LM0SR
+_bsaes_encrypt8_alt:
+	veor	@XMM[10], @XMM[0], @XMM[9]	@ xor with round0 key
+	veor	@XMM[11], @XMM[1], @XMM[9]
+	 vtbl.8	`&Dlo(@XMM[0])`, {@XMM[10]}, `&Dlo(@XMM[8])`
+	 vtbl.8	`&Dhi(@XMM[0])`, {@XMM[10]}, `&Dhi(@XMM[8])`
+	veor	@XMM[12], @XMM[2], @XMM[9]
+	 vtbl.8	`&Dlo(@XMM[1])`, {@XMM[11]}, `&Dlo(@XMM[8])`
+	 vtbl.8	`&Dhi(@XMM[1])`, {@XMM[11]}, `&Dhi(@XMM[8])`
+	veor	@XMM[13], @XMM[3], @XMM[9]
+	 vtbl.8	`&Dlo(@XMM[2])`, {@XMM[12]}, `&Dlo(@XMM[8])`
+	 vtbl.8	`&Dhi(@XMM[2])`, {@XMM[12]}, `&Dhi(@XMM[8])`
+	veor	@XMM[14], @XMM[4], @XMM[9]
+	 vtbl.8	`&Dlo(@XMM[3])`, {@XMM[13]}, `&Dlo(@XMM[8])`
+	 vtbl.8	`&Dhi(@XMM[3])`, {@XMM[13]}, `&Dhi(@XMM[8])`
+	veor	@XMM[15], @XMM[5], @XMM[9]
+	 vtbl.8	`&Dlo(@XMM[4])`, {@XMM[14]}, `&Dlo(@XMM[8])`
+	 vtbl.8	`&Dhi(@XMM[4])`, {@XMM[14]}, `&Dhi(@XMM[8])`
+	veor	@XMM[10], @XMM[6], @XMM[9]
+	 vtbl.8	`&Dlo(@XMM[5])`, {@XMM[15]}, `&Dlo(@XMM[8])`
+	 vtbl.8	`&Dhi(@XMM[5])`, {@XMM[15]}, `&Dhi(@XMM[8])`
+	veor	@XMM[11], @XMM[7], @XMM[9]
+	 vtbl.8	`&Dlo(@XMM[6])`, {@XMM[10]}, `&Dlo(@XMM[8])`
+	 vtbl.8	`&Dhi(@XMM[6])`, {@XMM[10]}, `&Dhi(@XMM[8])`
+	 vtbl.8	`&Dlo(@XMM[7])`, {@XMM[11]}, `&Dlo(@XMM[8])`
+	 vtbl.8	`&Dhi(@XMM[7])`, {@XMM[11]}, `&Dhi(@XMM[8])`
+_bsaes_encrypt8_bitslice:
+___
+	&bitslice	(@XMM[0..7, 8..11]);
+$code.=<<___;
+	sub	$rounds,$rounds,#1
+	b	.Lenc_sbox
+.align	4
+.Lenc_loop:
+___
+	&ShiftRows	(@XMM[0..7, 8..12]);
+$code.=".Lenc_sbox:\n";
+	&Sbox		(@XMM[0..7, 8..15]);
+$code.=<<___;
+	subs	$rounds,$rounds,#1
+	bcc	.Lenc_done
+___
+	&MixColumns	(@XMM[0,1,4,6,3,7,2,5, 8..15]);
+$code.=<<___;
+	vldmia	$const, {@XMM[12]}		@ .LSR
+	ite	eq				@ Thumb2 thing, samity check in ARM
+	addeq	$const,$const,#0x10
+	bne	.Lenc_loop
+	vldmia	$const, {@XMM[12]}		@ .LSRM0
+	b	.Lenc_loop
+.align	4
+.Lenc_done:
+___
+	# output in lsb > [t0, t1, t4, t6, t3, t7, t2, t5] < msb
+	&bitslice	(@XMM[0,1,4,6,3,7,2,5, 8..11]);
+$code.=<<___;
+	vldmia	$key, {@XMM[8]}			@ last round key
+	veor	@XMM[4], @XMM[4], @XMM[8]
+	veor	@XMM[6], @XMM[6], @XMM[8]
+	veor	@XMM[3], @XMM[3], @XMM[8]
+	veor	@XMM[7], @XMM[7], @XMM[8]
+	veor	@XMM[2], @XMM[2], @XMM[8]
+	veor	@XMM[5], @XMM[5], @XMM[8]
+	veor	@XMM[0], @XMM[0], @XMM[8]
+	veor	@XMM[1], @XMM[1], @XMM[8]
+	bx	lr
+.size	_bsaes_encrypt8,.-_bsaes_encrypt8
+___
+}
+{
+my ($out,$inp,$rounds,$const)=("r12","r4","r5","r6");
+
+sub bitslice_key {
+my @x=reverse(@_[0..7]);
+my ($bs0,$bs1,$bs2,$t2,$t3)=@_[8..12];
+
+	&swapmove	(@x[0,1],1,$bs0,$t2,$t3);
+$code.=<<___;
+	@ &swapmove(@x[2,3],1,$t0,$t2,$t3);
+	vmov	@x[2], @x[0]
+	vmov	@x[3], @x[1]
+___
+	#&swapmove2x(@x[4,5,6,7],1,$t0,$t2,$t3);
+
+	&swapmove2x	(@x[0,2,1,3],2,$bs1,$t2,$t3);
+$code.=<<___;
+	@ &swapmove2x(@x[4,6,5,7],2,$t1,$t2,$t3);
+	vmov	@x[4], @x[0]
+	vmov	@x[6], @x[2]
+	vmov	@x[5], @x[1]
+	vmov	@x[7], @x[3]
+___
+	&swapmove2x	(@x[0,4,1,5],4,$bs2,$t2,$t3);
+	&swapmove2x	(@x[2,6,3,7],4,$bs2,$t2,$t3);
+}
+
+$code.=<<___;
+.type	_bsaes_key_convert,%function
+.align	4
+_bsaes_key_convert:
+	adr	$const,.
+	vld1.8	{@XMM[7]},  [$inp]!		@ load round 0 key
+#if defined(__thumb2__) || defined(__APPLE__)
+	adr	$const,.LM0
+#else
+	sub	$const,$const,#_bsaes_key_convert-.LM0
+#endif
+	vld1.8	{@XMM[15]}, [$inp]!		@ load round 1 key
+
+	vmov.i8	@XMM[8],  #0x01			@ bit masks
+	vmov.i8	@XMM[9],  #0x02
+	vmov.i8	@XMM[10], #0x04
+	vmov.i8	@XMM[11], #0x08
+	vmov.i8	@XMM[12], #0x10
+	vmov.i8	@XMM[13], #0x20
+	vldmia	$const, {@XMM[14]}		@ .LM0
+
+#ifdef __ARMEL__
+	vrev32.8	@XMM[7],  @XMM[7]
+	vrev32.8	@XMM[15], @XMM[15]
+#endif
+	sub	$rounds,$rounds,#1
+	vstmia	$out!, {@XMM[7]}		@ save round 0 key
+	b	.Lkey_loop
+
+.align	4
+.Lkey_loop:
+	vtbl.8	`&Dlo(@XMM[7])`,{@XMM[15]},`&Dlo(@XMM[14])`
+	vtbl.8	`&Dhi(@XMM[7])`,{@XMM[15]},`&Dhi(@XMM[14])`
+	vmov.i8	@XMM[6],  #0x40
+	vmov.i8	@XMM[15], #0x80
+
+	vtst.8	@XMM[0], @XMM[7], @XMM[8]
+	vtst.8	@XMM[1], @XMM[7], @XMM[9]
+	vtst.8	@XMM[2], @XMM[7], @XMM[10]
+	vtst.8	@XMM[3], @XMM[7], @XMM[11]
+	vtst.8	@XMM[4], @XMM[7], @XMM[12]
+	vtst.8	@XMM[5], @XMM[7], @XMM[13]
+	vtst.8	@XMM[6], @XMM[7], @XMM[6]
+	vtst.8	@XMM[7], @XMM[7], @XMM[15]
+	vld1.8	{@XMM[15]}, [$inp]!		@ load next round key
+	vmvn	@XMM[0], @XMM[0]		@ "pnot"
+	vmvn	@XMM[1], @XMM[1]
+	vmvn	@XMM[5], @XMM[5]
+	vmvn	@XMM[6], @XMM[6]
+#ifdef __ARMEL__
+	vrev32.8	@XMM[15], @XMM[15]
+#endif
+	subs	$rounds,$rounds,#1
+	vstmia	$out!,{@XMM[0]-@XMM[7]}		@ write bit-sliced round key
+	bne	.Lkey_loop
+
+	vmov.i8	@XMM[7],#0x63			@ compose .L63
+	@ don't save last round key
+	bx	lr
+.size	_bsaes_key_convert,.-_bsaes_key_convert
+___
+}
+
+if (0) {		# following four functions are unsupported interface
+			# used for benchmarking...
+$code.=<<___;
+.globl	bsaes_enc_key_convert
+.type	bsaes_enc_key_convert,%function
+.align	4
+bsaes_enc_key_convert:
+	stmdb	sp!,{r4-r6,lr}
+	vstmdb	sp!,{d8-d15}		@ ABI specification says so
+
+	ldr	r5,[$inp,#240]			@ pass rounds
+	mov	r4,$inp				@ pass key
+	mov	r12,$out			@ pass key schedule
+	bl	_bsaes_key_convert
+	veor	@XMM[7],@XMM[7],@XMM[15]	@ fix up last round key
+	vstmia	r12, {@XMM[7]}			@ save last round key
+
+	vldmia	sp!,{d8-d15}
+	ldmia	sp!,{r4-r6,pc}
+.size	bsaes_enc_key_convert,.-bsaes_enc_key_convert
+
+.globl	bsaes_encrypt_128
+.type	bsaes_encrypt_128,%function
+.align	4
+bsaes_encrypt_128:
+	stmdb	sp!,{r4-r6,lr}
+	vstmdb	sp!,{d8-d15}		@ ABI specification says so
+.Lenc128_loop:
+	vld1.8	{@XMM[0]-@XMM[1]}, [$inp]!	@ load input
+	vld1.8	{@XMM[2]-@XMM[3]}, [$inp]!
+	mov	r4,$key				@ pass the key
+	vld1.8	{@XMM[4]-@XMM[5]}, [$inp]!
+	mov	r5,#10				@ pass rounds
+	vld1.8	{@XMM[6]-@XMM[7]}, [$inp]!
+
+	bl	_bsaes_encrypt8
+
+	vst1.8	{@XMM[0]-@XMM[1]}, [$out]!	@ write output
+	vst1.8	{@XMM[4]}, [$out]!
+	vst1.8	{@XMM[6]}, [$out]!
+	vst1.8	{@XMM[3]}, [$out]!
+	vst1.8	{@XMM[7]}, [$out]!
+	vst1.8	{@XMM[2]}, [$out]!
+	subs	$len,$len,#0x80
+	vst1.8	{@XMM[5]}, [$out]!
+	bhi	.Lenc128_loop
+
+	vldmia	sp!,{d8-d15}
+	ldmia	sp!,{r4-r6,pc}
+.size	bsaes_encrypt_128,.-bsaes_encrypt_128
+
+.globl	bsaes_dec_key_convert
+.type	bsaes_dec_key_convert,%function
+.align	4
+bsaes_dec_key_convert:
+	stmdb	sp!,{r4-r6,lr}
+	vstmdb	sp!,{d8-d15}		@ ABI specification says so
+
+	ldr	r5,[$inp,#240]			@ pass rounds
+	mov	r4,$inp				@ pass key
+	mov	r12,$out			@ pass key schedule
+	bl	_bsaes_key_convert
+	vldmia	$out, {@XMM[6]}
+	vstmia	r12,  {@XMM[15]}		@ save last round key
+	veor	@XMM[7], @XMM[7], @XMM[6]	@ fix up round 0 key
+	vstmia	$out, {@XMM[7]}
+
+	vldmia	sp!,{d8-d15}
+	ldmia	sp!,{r4-r6,pc}
+.size	bsaes_dec_key_convert,.-bsaes_dec_key_convert
+
+.globl	bsaes_decrypt_128
+.type	bsaes_decrypt_128,%function
+.align	4
+bsaes_decrypt_128:
+	stmdb	sp!,{r4-r6,lr}
+	vstmdb	sp!,{d8-d15}		@ ABI specification says so
+.Ldec128_loop:
+	vld1.8	{@XMM[0]-@XMM[1]}, [$inp]!	@ load input
+	vld1.8	{@XMM[2]-@XMM[3]}, [$inp]!
+	mov	r4,$key				@ pass the key
+	vld1.8	{@XMM[4]-@XMM[5]}, [$inp]!
+	mov	r5,#10				@ pass rounds
+	vld1.8	{@XMM[6]-@XMM[7]}, [$inp]!
+
+	bl	_bsaes_decrypt8
+
+	vst1.8	{@XMM[0]-@XMM[1]}, [$out]!	@ write output
+	vst1.8	{@XMM[6]}, [$out]!
+	vst1.8	{@XMM[4]}, [$out]!
+	vst1.8	{@XMM[2]}, [$out]!
+	vst1.8	{@XMM[7]}, [$out]!
+	vst1.8	{@XMM[3]}, [$out]!
+	subs	$len,$len,#0x80
+	vst1.8	{@XMM[5]}, [$out]!
+	bhi	.Ldec128_loop
+
+	vldmia	sp!,{d8-d15}
+	ldmia	sp!,{r4-r6,pc}
+.size	bsaes_decrypt_128,.-bsaes_decrypt_128
+___
+}
+{
+my ($inp,$out,$len,$key, $ivp,$fp,$rounds)=map("r$_",(0..3,8..10));
+my ($keysched)=("sp");
+
+$code.=<<___;
+.extern AES_cbc_encrypt
+.extern AES_decrypt
+
+.global	bsaes_cbc_encrypt
+.type	bsaes_cbc_encrypt,%function
+.align	5
+bsaes_cbc_encrypt:
+#ifndef	__KERNEL__
+	cmp	$len, #128
+#ifndef	__thumb__
+	blo	AES_cbc_encrypt
+#else
+	bhs	1f
+	b	AES_cbc_encrypt
+1:
+#endif
+#endif
+
+	@ it is up to the caller to make sure we are called with enc == 0
+
+	mov	ip, sp
+	stmdb	sp!, {r4-r10, lr}
+	VFP_ABI_PUSH
+	ldr	$ivp, [ip]			@ IV is 1st arg on the stack
+	mov	$len, $len, lsr#4		@ len in 16 byte blocks
+	sub	sp, #0x10			@ scratch space to carry over the IV
+	mov	$fp, sp				@ save sp
+
+	ldr	$rounds, [$key, #240]		@ get # of rounds
+#ifndef	BSAES_ASM_EXTENDED_KEY
+	@ allocate the key schedule on the stack
+	sub	r12, sp, $rounds, lsl#7		@ 128 bytes per inner round key
+	add	r12, #`128-32`			@ sifze of bit-slices key schedule
+
+	@ populate the key schedule
+	mov	r4, $key			@ pass key
+	mov	r5, $rounds			@ pass # of rounds
+	mov	sp, r12				@ sp is $keysched
+	bl	_bsaes_key_convert
+	vldmia	$keysched, {@XMM[6]}
+	vstmia	r12,  {@XMM[15]}		@ save last round key
+	veor	@XMM[7], @XMM[7], @XMM[6]	@ fix up round 0 key
+	vstmia	$keysched, {@XMM[7]}
+#else
+	ldr	r12, [$key, #244]
+	eors	r12, #1
+	beq	0f
+
+	@ populate the key schedule
+	str	r12, [$key, #244]
+	mov	r4, $key			@ pass key
+	mov	r5, $rounds			@ pass # of rounds
+	add	r12, $key, #248			@ pass key schedule
+	bl	_bsaes_key_convert
+	add	r4, $key, #248
+	vldmia	r4, {@XMM[6]}
+	vstmia	r12, {@XMM[15]}			@ save last round key
+	veor	@XMM[7], @XMM[7], @XMM[6]	@ fix up round 0 key
+	vstmia	r4, {@XMM[7]}
+
+.align	2
+0:
+#endif
+
+	vld1.8	{@XMM[15]}, [$ivp]		@ load IV
+	b	.Lcbc_dec_loop
+
+.align	4
+.Lcbc_dec_loop:
+	subs	$len, $len, #0x8
+	bmi	.Lcbc_dec_loop_finish
+
+	vld1.8	{@XMM[0]-@XMM[1]}, [$inp]!	@ load input
+	vld1.8	{@XMM[2]-@XMM[3]}, [$inp]!
+#ifndef	BSAES_ASM_EXTENDED_KEY
+	mov	r4, $keysched			@ pass the key
+#else
+	add	r4, $key, #248
+#endif
+	vld1.8	{@XMM[4]-@XMM[5]}, [$inp]!
+	mov	r5, $rounds
+	vld1.8	{@XMM[6]-@XMM[7]}, [$inp]
+	sub	$inp, $inp, #0x60
+	vstmia	$fp, {@XMM[15]}			@ put aside IV
+
+	bl	_bsaes_decrypt8
+
+	vldmia	$fp, {@XMM[14]}			@ reload IV
+	vld1.8	{@XMM[8]-@XMM[9]}, [$inp]!	@ reload input
+	veor	@XMM[0], @XMM[0], @XMM[14]	@ ^= IV
+	vld1.8	{@XMM[10]-@XMM[11]}, [$inp]!
+	veor	@XMM[1], @XMM[1], @XMM[8]
+	veor	@XMM[6], @XMM[6], @XMM[9]
+	vld1.8	{@XMM[12]-@XMM[13]}, [$inp]!
+	veor	@XMM[4], @XMM[4], @XMM[10]
+	veor	@XMM[2], @XMM[2], @XMM[11]
+	vld1.8	{@XMM[14]-@XMM[15]}, [$inp]!
+	veor	@XMM[7], @XMM[7], @XMM[12]
+	vst1.8	{@XMM[0]-@XMM[1]}, [$out]!	@ write output
+	veor	@XMM[3], @XMM[3], @XMM[13]
+	vst1.8	{@XMM[6]}, [$out]!
+	veor	@XMM[5], @XMM[5], @XMM[14]
+	vst1.8	{@XMM[4]}, [$out]!
+	vst1.8	{@XMM[2]}, [$out]!
+	vst1.8	{@XMM[7]}, [$out]!
+	vst1.8	{@XMM[3]}, [$out]!
+	vst1.8	{@XMM[5]}, [$out]!
+
+	b	.Lcbc_dec_loop
+
+.Lcbc_dec_loop_finish:
+	adds	$len, $len, #8
+	beq	.Lcbc_dec_done
+
+	vld1.8	{@XMM[0]}, [$inp]!		@ load input
+	cmp	$len, #2
+	blo	.Lcbc_dec_one
+	vld1.8	{@XMM[1]}, [$inp]!
+#ifndef	BSAES_ASM_EXTENDED_KEY
+	mov	r4, $keysched			@ pass the key
+#else
+	add	r4, $key, #248
+#endif
+	mov	r5, $rounds
+	vstmia	$fp, {@XMM[15]}			@ put aside IV
+	beq	.Lcbc_dec_two
+	vld1.8	{@XMM[2]}, [$inp]!
+	cmp	$len, #4
+	blo	.Lcbc_dec_three
+	vld1.8	{@XMM[3]}, [$inp]!
+	beq	.Lcbc_dec_four
+	vld1.8	{@XMM[4]}, [$inp]!
+	cmp	$len, #6
+	blo	.Lcbc_dec_five
+	vld1.8	{@XMM[5]}, [$inp]!
+	beq	.Lcbc_dec_six
+	vld1.8	{@XMM[6]}, [$inp]!
+	sub	$inp, $inp, #0x70
+
+	bl	_bsaes_decrypt8
+
+	vldmia	$fp, {@XMM[14]}			@ reload IV
+	vld1.8	{@XMM[8]-@XMM[9]}, [$inp]!	@ reload input
+	veor	@XMM[0], @XMM[0], @XMM[14]	@ ^= IV
+	vld1.8	{@XMM[10]-@XMM[11]}, [$inp]!
+	veor	@XMM[1], @XMM[1], @XMM[8]
+	veor	@XMM[6], @XMM[6], @XMM[9]
+	vld1.8	{@XMM[12]-@XMM[13]}, [$inp]!
+	veor	@XMM[4], @XMM[4], @XMM[10]
+	veor	@XMM[2], @XMM[2], @XMM[11]
+	vld1.8	{@XMM[15]}, [$inp]!
+	veor	@XMM[7], @XMM[7], @XMM[12]
+	vst1.8	{@XMM[0]-@XMM[1]}, [$out]!	@ write output
+	veor	@XMM[3], @XMM[3], @XMM[13]
+	vst1.8	{@XMM[6]}, [$out]!
+	vst1.8	{@XMM[4]}, [$out]!
+	vst1.8	{@XMM[2]}, [$out]!
+	vst1.8	{@XMM[7]}, [$out]!
+	vst1.8	{@XMM[3]}, [$out]!
+	b	.Lcbc_dec_done
+.align	4
+.Lcbc_dec_six:
+	sub	$inp, $inp, #0x60
+	bl	_bsaes_decrypt8
+	vldmia	$fp,{@XMM[14]}			@ reload IV
+	vld1.8	{@XMM[8]-@XMM[9]}, [$inp]!	@ reload input
+	veor	@XMM[0], @XMM[0], @XMM[14]	@ ^= IV
+	vld1.8	{@XMM[10]-@XMM[11]}, [$inp]!
+	veor	@XMM[1], @XMM[1], @XMM[8]
+	veor	@XMM[6], @XMM[6], @XMM[9]
+	vld1.8	{@XMM[12]}, [$inp]!
+	veor	@XMM[4], @XMM[4], @XMM[10]
+	veor	@XMM[2], @XMM[2], @XMM[11]
+	vld1.8	{@XMM[15]}, [$inp]!
+	veor	@XMM[7], @XMM[7], @XMM[12]
+	vst1.8	{@XMM[0]-@XMM[1]}, [$out]!	@ write output
+	vst1.8	{@XMM[6]}, [$out]!
+	vst1.8	{@XMM[4]}, [$out]!
+	vst1.8	{@XMM[2]}, [$out]!
+	vst1.8	{@XMM[7]}, [$out]!
+	b	.Lcbc_dec_done
+.align	4
+.Lcbc_dec_five:
+	sub	$inp, $inp, #0x50
+	bl	_bsaes_decrypt8
+	vldmia	$fp, {@XMM[14]}			@ reload IV
+	vld1.8	{@XMM[8]-@XMM[9]}, [$inp]!	@ reload input
+	veor	@XMM[0], @XMM[0], @XMM[14]	@ ^= IV
+	vld1.8	{@XMM[10]-@XMM[11]}, [$inp]!
+	veor	@XMM[1], @XMM[1], @XMM[8]
+	veor	@XMM[6], @XMM[6], @XMM[9]
+	vld1.8	{@XMM[15]}, [$inp]!
+	veor	@XMM[4], @XMM[4], @XMM[10]
+	vst1.8	{@XMM[0]-@XMM[1]}, [$out]!	@ write output
+	veor	@XMM[2], @XMM[2], @XMM[11]
+	vst1.8	{@XMM[6]}, [$out]!
+	vst1.8	{@XMM[4]}, [$out]!
+	vst1.8	{@XMM[2]}, [$out]!
+	b	.Lcbc_dec_done
+.align	4
+.Lcbc_dec_four:
+	sub	$inp, $inp, #0x40
+	bl	_bsaes_decrypt8
+	vldmia	$fp, {@XMM[14]}			@ reload IV
+	vld1.8	{@XMM[8]-@XMM[9]}, [$inp]!	@ reload input
+	veor	@XMM[0], @XMM[0], @XMM[14]	@ ^= IV
+	vld1.8	{@XMM[10]}, [$inp]!
+	veor	@XMM[1], @XMM[1], @XMM[8]
+	veor	@XMM[6], @XMM[6], @XMM[9]
+	vld1.8	{@XMM[15]}, [$inp]!
+	veor	@XMM[4], @XMM[4], @XMM[10]
+	vst1.8	{@XMM[0]-@XMM[1]}, [$out]!	@ write output
+	vst1.8	{@XMM[6]}, [$out]!
+	vst1.8	{@XMM[4]}, [$out]!
+	b	.Lcbc_dec_done
+.align	4
+.Lcbc_dec_three:
+	sub	$inp, $inp, #0x30
+	bl	_bsaes_decrypt8
+	vldmia	$fp, {@XMM[14]}			@ reload IV
+	vld1.8	{@XMM[8]-@XMM[9]}, [$inp]!	@ reload input
+	veor	@XMM[0], @XMM[0], @XMM[14]	@ ^= IV
+	vld1.8	{@XMM[15]}, [$inp]!
+	veor	@XMM[1], @XMM[1], @XMM[8]
+	veor	@XMM[6], @XMM[6], @XMM[9]
+	vst1.8	{@XMM[0]-@XMM[1]}, [$out]!	@ write output
+	vst1.8	{@XMM[6]}, [$out]!
+	b	.Lcbc_dec_done
+.align	4
+.Lcbc_dec_two:
+	sub	$inp, $inp, #0x20
+	bl	_bsaes_decrypt8
+	vldmia	$fp, {@XMM[14]}			@ reload IV
+	vld1.8	{@XMM[8]}, [$inp]!		@ reload input
+	veor	@XMM[0], @XMM[0], @XMM[14]	@ ^= IV
+	vld1.8	{@XMM[15]}, [$inp]!		@ reload input
+	veor	@XMM[1], @XMM[1], @XMM[8]
+	vst1.8	{@XMM[0]-@XMM[1]}, [$out]!	@ write output
+	b	.Lcbc_dec_done
+.align	4
+.Lcbc_dec_one:
+	sub	$inp, $inp, #0x10
+	mov	$rounds, $out			@ save original out pointer
+	mov	$out, $fp			@ use the iv scratch space as out buffer
+	mov	r2, $key
+	vmov	@XMM[4],@XMM[15]		@ just in case ensure that IV
+	vmov	@XMM[5],@XMM[0]			@ and input are preserved
+	bl	AES_decrypt
+	vld1.8	{@XMM[0]}, [$fp]		@ load result
+	veor	@XMM[0], @XMM[0], @XMM[4]	@ ^= IV
+	vmov	@XMM[15], @XMM[5]		@ @XMM[5] holds input
+	vst1.8	{@XMM[0]}, [$rounds]		@ write output
+
+.Lcbc_dec_done:
+#ifndef	BSAES_ASM_EXTENDED_KEY
+	vmov.i32	q0, #0
+	vmov.i32	q1, #0
+.Lcbc_dec_bzero:				@ wipe key schedule [if any]
+	vstmia		$keysched!, {q0-q1}
+	cmp		$keysched, $fp
+	bne		.Lcbc_dec_bzero
+#endif
+
+	mov	sp, $fp
+	add	sp, #0x10			@ add sp,$fp,#0x10 is no good for thumb
+	vst1.8	{@XMM[15]}, [$ivp]		@ return IV
+	VFP_ABI_POP
+	ldmia	sp!, {r4-r10, pc}
+.size	bsaes_cbc_encrypt,.-bsaes_cbc_encrypt
+___
+}
+{
+my ($inp,$out,$len,$key, $ctr,$fp,$rounds)=(map("r$_",(0..3,8..10)));
+my $const = "r6";	# shared with _bsaes_encrypt8_alt
+my $keysched = "sp";
+
+$code.=<<___;
+.extern	AES_encrypt
+.global	bsaes_ctr32_encrypt_blocks
+.type	bsaes_ctr32_encrypt_blocks,%function
+.align	5
+bsaes_ctr32_encrypt_blocks:
+	cmp	$len, #8			@ use plain AES for
+	blo	.Lctr_enc_short			@ small sizes
+
+	mov	ip, sp
+	stmdb	sp!, {r4-r10, lr}
+	VFP_ABI_PUSH
+	ldr	$ctr, [ip]			@ ctr is 1st arg on the stack
+	sub	sp, sp, #0x10			@ scratch space to carry over the ctr
+	mov	$fp, sp				@ save sp
+
+	ldr	$rounds, [$key, #240]		@ get # of rounds
+#ifndef	BSAES_ASM_EXTENDED_KEY
+	@ allocate the key schedule on the stack
+	sub	r12, sp, $rounds, lsl#7		@ 128 bytes per inner round key
+	add	r12, #`128-32`			@ size of bit-sliced key schedule
+
+	@ populate the key schedule
+	mov	r4, $key			@ pass key
+	mov	r5, $rounds			@ pass # of rounds
+	mov	sp, r12				@ sp is $keysched
+	bl	_bsaes_key_convert
+	veor	@XMM[7],@XMM[7],@XMM[15]	@ fix up last round key
+	vstmia	r12, {@XMM[7]}			@ save last round key
+
+	vld1.8	{@XMM[0]}, [$ctr]		@ load counter
+#ifdef	__APPLE__
+	mov	$ctr, #:lower16:(.LREVM0SR-.LM0)
+	add	$ctr, $const, $ctr
+#else
+	add	$ctr, $const, #.LREVM0SR-.LM0	@ borrow $ctr
+#endif
+	vldmia	$keysched, {@XMM[4]}		@ load round0 key
+#else
+	ldr	r12, [$key, #244]
+	eors	r12, #1
+	beq	0f
+
+	@ populate the key schedule
+	str	r12, [$key, #244]
+	mov	r4, $key			@ pass key
+	mov	r5, $rounds			@ pass # of rounds
+	add	r12, $key, #248			@ pass key schedule
+	bl	_bsaes_key_convert
+	veor	@XMM[7],@XMM[7],@XMM[15]	@ fix up last round key
+	vstmia	r12, {@XMM[7]}			@ save last round key
+
+.align	2
+0:	add	r12, $key, #248
+	vld1.8	{@XMM[0]}, [$ctr]		@ load counter
+	adrl	$ctr, .LREVM0SR			@ borrow $ctr
+	vldmia	r12, {@XMM[4]}			@ load round0 key
+	sub	sp, #0x10			@ place for adjusted round0 key
+#endif
+
+	vmov.i32	@XMM[8],#1		@ compose 1<<96
+	veor		@XMM[9],@XMM[9],@XMM[9]
+	vrev32.8	@XMM[0],@XMM[0]
+	vext.8		@XMM[8],@XMM[9],@XMM[8],#4
+	vrev32.8	@XMM[4],@XMM[4]
+	vadd.u32	@XMM[9],@XMM[8],@XMM[8]	@ compose 2<<96
+	vstmia	$keysched, {@XMM[4]}		@ save adjusted round0 key
+	b	.Lctr_enc_loop
+
+.align	4
+.Lctr_enc_loop:
+	vadd.u32	@XMM[10], @XMM[8], @XMM[9]	@ compose 3<<96
+	vadd.u32	@XMM[1], @XMM[0], @XMM[8]	@ +1
+	vadd.u32	@XMM[2], @XMM[0], @XMM[9]	@ +2
+	vadd.u32	@XMM[3], @XMM[0], @XMM[10]	@ +3
+	vadd.u32	@XMM[4], @XMM[1], @XMM[10]
+	vadd.u32	@XMM[5], @XMM[2], @XMM[10]
+	vadd.u32	@XMM[6], @XMM[3], @XMM[10]
+	vadd.u32	@XMM[7], @XMM[4], @XMM[10]
+	vadd.u32	@XMM[10], @XMM[5], @XMM[10]	@ next counter
+
+	@ Borrow prologue from _bsaes_encrypt8 to use the opportunity
+	@ to flip byte order in 32-bit counter
+
+	vldmia		$keysched, {@XMM[9]}		@ load round0 key
+#ifndef	BSAES_ASM_EXTENDED_KEY
+	add		r4, $keysched, #0x10		@ pass next round key
+#else
+	add		r4, $key, #`248+16`
+#endif
+	vldmia		$ctr, {@XMM[8]}			@ .LREVM0SR
+	mov		r5, $rounds			@ pass rounds
+	vstmia		$fp, {@XMM[10]}			@ save next counter
+#ifdef	__APPLE__
+	mov		$const, #:lower16:(.LREVM0SR-.LSR)
+	sub		$const, $ctr, $const
+#else
+	sub		$const, $ctr, #.LREVM0SR-.LSR	@ pass constants
+#endif
+
+	bl		_bsaes_encrypt8_alt
+
+	subs		$len, $len, #8
+	blo		.Lctr_enc_loop_done
+
+	vld1.8		{@XMM[8]-@XMM[9]}, [$inp]!	@ load input
+	vld1.8		{@XMM[10]-@XMM[11]}, [$inp]!
+	veor		@XMM[0], @XMM[8]
+	veor		@XMM[1], @XMM[9]
+	vld1.8		{@XMM[12]-@XMM[13]}, [$inp]!
+	veor		@XMM[4], @XMM[10]
+	veor		@XMM[6], @XMM[11]
+	vld1.8		{@XMM[14]-@XMM[15]}, [$inp]!
+	veor		@XMM[3], @XMM[12]
+	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!	@ write output
+	veor		@XMM[7], @XMM[13]
+	veor		@XMM[2], @XMM[14]
+	vst1.8		{@XMM[4]}, [$out]!
+	veor		@XMM[5], @XMM[15]
+	vst1.8		{@XMM[6]}, [$out]!
+	vmov.i32	@XMM[8], #1			@ compose 1<<96
+	vst1.8		{@XMM[3]}, [$out]!
+	veor		@XMM[9], @XMM[9], @XMM[9]
+	vst1.8		{@XMM[7]}, [$out]!
+	vext.8		@XMM[8], @XMM[9], @XMM[8], #4
+	vst1.8		{@XMM[2]}, [$out]!
+	vadd.u32	@XMM[9],@XMM[8],@XMM[8]		@ compose 2<<96
+	vst1.8		{@XMM[5]}, [$out]!
+	vldmia		$fp, {@XMM[0]}			@ load counter
+
+	bne		.Lctr_enc_loop
+	b		.Lctr_enc_done
+
+.align	4
+.Lctr_enc_loop_done:
+	add		$len, $len, #8
+	vld1.8		{@XMM[8]}, [$inp]!	@ load input
+	veor		@XMM[0], @XMM[8]
+	vst1.8		{@XMM[0]}, [$out]!	@ write output
+	cmp		$len, #2
+	blo		.Lctr_enc_done
+	vld1.8		{@XMM[9]}, [$inp]!
+	veor		@XMM[1], @XMM[9]
+	vst1.8		{@XMM[1]}, [$out]!
+	beq		.Lctr_enc_done
+	vld1.8		{@XMM[10]}, [$inp]!
+	veor		@XMM[4], @XMM[10]
+	vst1.8		{@XMM[4]}, [$out]!
+	cmp		$len, #4
+	blo		.Lctr_enc_done
+	vld1.8		{@XMM[11]}, [$inp]!
+	veor		@XMM[6], @XMM[11]
+	vst1.8		{@XMM[6]}, [$out]!
+	beq		.Lctr_enc_done
+	vld1.8		{@XMM[12]}, [$inp]!
+	veor		@XMM[3], @XMM[12]
+	vst1.8		{@XMM[3]}, [$out]!
+	cmp		$len, #6
+	blo		.Lctr_enc_done
+	vld1.8		{@XMM[13]}, [$inp]!
+	veor		@XMM[7], @XMM[13]
+	vst1.8		{@XMM[7]}, [$out]!
+	beq		.Lctr_enc_done
+	vld1.8		{@XMM[14]}, [$inp]
+	veor		@XMM[2], @XMM[14]
+	vst1.8		{@XMM[2]}, [$out]!
+
+.Lctr_enc_done:
+	vmov.i32	q0, #0
+	vmov.i32	q1, #0
+#ifndef	BSAES_ASM_EXTENDED_KEY
+.Lctr_enc_bzero:			@ wipe key schedule [if any]
+	vstmia		$keysched!, {q0-q1}
+	cmp		$keysched, $fp
+	bne		.Lctr_enc_bzero
+#else
+	vstmia		$keysched, {q0-q1}
+#endif
+
+	mov	sp, $fp
+	add	sp, #0x10		@ add sp,$fp,#0x10 is no good for thumb
+	VFP_ABI_POP
+	ldmia	sp!, {r4-r10, pc}	@ return
+
+.align	4
+.Lctr_enc_short:
+	ldr	ip, [sp]		@ ctr pointer is passed on stack
+	stmdb	sp!, {r4-r8, lr}
+
+	mov	r4, $inp		@ copy arguments
+	mov	r5, $out
+	mov	r6, $len
+	mov	r7, $key
+	ldr	r8, [ip, #12]		@ load counter LSW
+	vld1.8	{@XMM[1]}, [ip]		@ load whole counter value
+#ifdef __ARMEL__
+	rev	r8, r8
+#endif
+	sub	sp, sp, #0x10
+	vst1.8	{@XMM[1]}, [sp]		@ copy counter value
+	sub	sp, sp, #0x10
+
+.Lctr_enc_short_loop:
+	add	r0, sp, #0x10		@ input counter value
+	mov	r1, sp			@ output on the stack
+	mov	r2, r7			@ key
+
+	bl	AES_encrypt
+
+	vld1.8	{@XMM[0]}, [r4]!	@ load input
+	vld1.8	{@XMM[1]}, [sp]		@ load encrypted counter
+	add	r8, r8, #1
+#ifdef __ARMEL__
+	rev	r0, r8
+	str	r0, [sp, #0x1c]		@ next counter value
+#else
+	str	r8, [sp, #0x1c]		@ next counter value
+#endif
+	veor	@XMM[0],@XMM[0],@XMM[1]
+	vst1.8	{@XMM[0]}, [r5]!	@ store output
+	subs	r6, r6, #1
+	bne	.Lctr_enc_short_loop
+
+	vmov.i32	q0, #0
+	vmov.i32	q1, #0
+	vstmia		sp!, {q0-q1}
+
+	ldmia	sp!, {r4-r8, pc}
+.size	bsaes_ctr32_encrypt_blocks,.-bsaes_ctr32_encrypt_blocks
+___
+}
+{
+######################################################################
+# void bsaes_xts_[en|de]crypt(const char *inp,char *out,size_t len,
+#	const AES_KEY *key1, const AES_KEY *key2,
+#	const unsigned char iv[16]);
+#
+my ($inp,$out,$len,$key,$rounds,$magic,$fp)=(map("r$_",(7..10,1..3)));
+my $const="r6";		# returned by _bsaes_key_convert
+my $twmask=@XMM[5];
+my @T=@XMM[6..7];
+
+$code.=<<___;
+.globl	bsaes_xts_encrypt
+.type	bsaes_xts_encrypt,%function
+.align	4
+bsaes_xts_encrypt:
+	mov	ip, sp
+	stmdb	sp!, {r4-r10, lr}		@ 0x20
+	VFP_ABI_PUSH
+	mov	r6, sp				@ future $fp
+
+	mov	$inp, r0
+	mov	$out, r1
+	mov	$len, r2
+	mov	$key, r3
+
+	sub	r0, sp, #0x10			@ 0x10
+	bic	r0, #0xf			@ align at 16 bytes
+	mov	sp, r0
+
+#ifdef	XTS_CHAIN_TWEAK
+	ldr	r0, [ip]			@ pointer to input tweak
+#else
+	@ generate initial tweak
+	ldr	r0, [ip, #4]			@ iv[]
+	mov	r1, sp
+	ldr	r2, [ip, #0]			@ key2
+	bl	AES_encrypt
+	mov	r0,sp				@ pointer to initial tweak
+#endif
+
+	ldr	$rounds, [$key, #240]		@ get # of rounds
+	mov	$fp, r6
+#ifndef	BSAES_ASM_EXTENDED_KEY
+	@ allocate the key schedule on the stack
+	sub	r12, sp, $rounds, lsl#7		@ 128 bytes per inner round key
+	@ add	r12, #`128-32`			@ size of bit-sliced key schedule
+	sub	r12, #`32+16`			@ place for tweak[9]
+
+	@ populate the key schedule
+	mov	r4, $key			@ pass key
+	mov	r5, $rounds			@ pass # of rounds
+	mov	sp, r12
+	add	r12, #0x90			@ pass key schedule
+	bl	_bsaes_key_convert
+	veor	@XMM[7], @XMM[7], @XMM[15]	@ fix up last round key
+	vstmia	r12, {@XMM[7]}			@ save last round key
+#else
+	ldr	r12, [$key, #244]
+	eors	r12, #1
+	beq	0f
+
+	str	r12, [$key, #244]
+	mov	r4, $key			@ pass key
+	mov	r5, $rounds			@ pass # of rounds
+	add	r12, $key, #248			@ pass key schedule
+	bl	_bsaes_key_convert
+	veor	@XMM[7], @XMM[7], @XMM[15]	@ fix up last round key
+	vstmia	r12, {@XMM[7]}
+
+.align	2
+0:	sub	sp, #0x90			@ place for tweak[9]
+#endif
+
+	vld1.8	{@XMM[8]}, [r0]			@ initial tweak
+	adr	$magic, .Lxts_magic
+
+	subs	$len, #0x80
+	blo	.Lxts_enc_short
+	b	.Lxts_enc_loop
+
+.align	4
+.Lxts_enc_loop:
+	vldmia		$magic, {$twmask}	@ load XTS magic
+	vshr.s64	@T[0], @XMM[8], #63
+	mov		r0, sp
+	vand		@T[0], @T[0], $twmask
+___
+for($i=9;$i<16;$i++) {
+$code.=<<___;
+	vadd.u64	@XMM[$i], @XMM[$i-1], @XMM[$i-1]
+	vst1.64		{@XMM[$i-1]}, [r0,:128]!
+	vswp		`&Dhi("@T[0]")`,`&Dlo("@T[0]")`
+	vshr.s64	@T[1], @XMM[$i], #63
+	veor		@XMM[$i], @XMM[$i], @T[0]
+	vand		@T[1], @T[1], $twmask
+___
+	@T=reverse(@T);
+
+$code.=<<___ if ($i>=10);
+	vld1.8		{@XMM[$i-10]}, [$inp]!
+___
+$code.=<<___ if ($i>=11);
+	veor		@XMM[$i-11], @XMM[$i-11], @XMM[$i-3]
+___
+}
+$code.=<<___;
+	vadd.u64	@XMM[8], @XMM[15], @XMM[15]
+	vst1.64		{@XMM[15]}, [r0,:128]!
+	vswp		`&Dhi("@T[0]")`,`&Dlo("@T[0]")`
+	veor		@XMM[8], @XMM[8], @T[0]
+	vst1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
+
+	vld1.8		{@XMM[6]-@XMM[7]}, [$inp]!
+	veor		@XMM[5], @XMM[5], @XMM[13]
+#ifndef	BSAES_ASM_EXTENDED_KEY
+	add		r4, sp, #0x90			@ pass key schedule
+#else
+	add		r4, $key, #248			@ pass key schedule
+#endif
+	veor		@XMM[6], @XMM[6], @XMM[14]
+	mov		r5, $rounds			@ pass rounds
+	veor		@XMM[7], @XMM[7], @XMM[15]
+	mov		r0, sp
+
+	bl		_bsaes_encrypt8
+
+	vld1.64		{@XMM[ 8]-@XMM[ 9]}, [r0,:128]!
+	vld1.64		{@XMM[10]-@XMM[11]}, [r0,:128]!
+	veor		@XMM[0], @XMM[0], @XMM[ 8]
+	vld1.64		{@XMM[12]-@XMM[13]}, [r0,:128]!
+	veor		@XMM[1], @XMM[1], @XMM[ 9]
+	veor		@XMM[8], @XMM[4], @XMM[10]
+	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
+	veor		@XMM[9], @XMM[6], @XMM[11]
+	vld1.64		{@XMM[14]-@XMM[15]}, [r0,:128]!
+	veor		@XMM[10], @XMM[3], @XMM[12]
+	vst1.8		{@XMM[8]-@XMM[9]}, [$out]!
+	veor		@XMM[11], @XMM[7], @XMM[13]
+	veor		@XMM[12], @XMM[2], @XMM[14]
+	vst1.8		{@XMM[10]-@XMM[11]}, [$out]!
+	veor		@XMM[13], @XMM[5], @XMM[15]
+	vst1.8		{@XMM[12]-@XMM[13]}, [$out]!
+
+	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
+
+	subs		$len, #0x80
+	bpl		.Lxts_enc_loop
+
+.Lxts_enc_short:
+	adds		$len, #0x70
+	bmi		.Lxts_enc_done
+
+	vldmia		$magic, {$twmask}	@ load XTS magic
+	vshr.s64	@T[0], @XMM[8], #63
+	mov		r0, sp
+	vand		@T[0], @T[0], $twmask
+___
+for($i=9;$i<16;$i++) {
+$code.=<<___;
+	vadd.u64	@XMM[$i], @XMM[$i-1], @XMM[$i-1]
+	vst1.64		{@XMM[$i-1]}, [r0,:128]!
+	vswp		`&Dhi("@T[0]")`,`&Dlo("@T[0]")`
+	vshr.s64	@T[1], @XMM[$i], #63
+	veor		@XMM[$i], @XMM[$i], @T[0]
+	vand		@T[1], @T[1], $twmask
+___
+	@T=reverse(@T);
+
+$code.=<<___ if ($i>=10);
+	vld1.8		{@XMM[$i-10]}, [$inp]!
+	subs		$len, #0x10
+	bmi		.Lxts_enc_`$i-9`
+___
+$code.=<<___ if ($i>=11);
+	veor		@XMM[$i-11], @XMM[$i-11], @XMM[$i-3]
+___
+}
+$code.=<<___;
+	sub		$len, #0x10
+	vst1.64		{@XMM[15]}, [r0,:128]		@ next round tweak
+
+	vld1.8		{@XMM[6]}, [$inp]!
+	veor		@XMM[5], @XMM[5], @XMM[13]
+#ifndef	BSAES_ASM_EXTENDED_KEY
+	add		r4, sp, #0x90			@ pass key schedule
+#else
+	add		r4, $key, #248			@ pass key schedule
+#endif
+	veor		@XMM[6], @XMM[6], @XMM[14]
+	mov		r5, $rounds			@ pass rounds
+	mov		r0, sp
+
+	bl		_bsaes_encrypt8
+
+	vld1.64		{@XMM[ 8]-@XMM[ 9]}, [r0,:128]!
+	vld1.64		{@XMM[10]-@XMM[11]}, [r0,:128]!
+	veor		@XMM[0], @XMM[0], @XMM[ 8]
+	vld1.64		{@XMM[12]-@XMM[13]}, [r0,:128]!
+	veor		@XMM[1], @XMM[1], @XMM[ 9]
+	veor		@XMM[8], @XMM[4], @XMM[10]
+	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
+	veor		@XMM[9], @XMM[6], @XMM[11]
+	vld1.64		{@XMM[14]}, [r0,:128]!
+	veor		@XMM[10], @XMM[3], @XMM[12]
+	vst1.8		{@XMM[8]-@XMM[9]}, [$out]!
+	veor		@XMM[11], @XMM[7], @XMM[13]
+	veor		@XMM[12], @XMM[2], @XMM[14]
+	vst1.8		{@XMM[10]-@XMM[11]}, [$out]!
+	vst1.8		{@XMM[12]}, [$out]!
+
+	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
+	b		.Lxts_enc_done
+.align	4
+.Lxts_enc_6:
+	veor		@XMM[4], @XMM[4], @XMM[12]
+#ifndef	BSAES_ASM_EXTENDED_KEY
+	add		r4, sp, #0x90			@ pass key schedule
+#else
+	add		r4, $key, #248			@ pass key schedule
+#endif
+	veor		@XMM[5], @XMM[5], @XMM[13]
+	mov		r5, $rounds			@ pass rounds
+	mov		r0, sp
+
+	bl		_bsaes_encrypt8
+
+	vld1.64		{@XMM[ 8]-@XMM[ 9]}, [r0,:128]!
+	vld1.64		{@XMM[10]-@XMM[11]}, [r0,:128]!
+	veor		@XMM[0], @XMM[0], @XMM[ 8]
+	vld1.64		{@XMM[12]-@XMM[13]}, [r0,:128]!
+	veor		@XMM[1], @XMM[1], @XMM[ 9]
+	veor		@XMM[8], @XMM[4], @XMM[10]
+	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
+	veor		@XMM[9], @XMM[6], @XMM[11]
+	veor		@XMM[10], @XMM[3], @XMM[12]
+	vst1.8		{@XMM[8]-@XMM[9]}, [$out]!
+	veor		@XMM[11], @XMM[7], @XMM[13]
+	vst1.8		{@XMM[10]-@XMM[11]}, [$out]!
+
+	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
+	b		.Lxts_enc_done
+
+@ put this in range for both ARM and Thumb mode adr instructions
+.align	5
+.Lxts_magic:
+	.quad	1, 0x87
+
+.align	5
+.Lxts_enc_5:
+	veor		@XMM[3], @XMM[3], @XMM[11]
+#ifndef	BSAES_ASM_EXTENDED_KEY
+	add		r4, sp, #0x90			@ pass key schedule
+#else
+	add		r4, $key, #248			@ pass key schedule
+#endif
+	veor		@XMM[4], @XMM[4], @XMM[12]
+	mov		r5, $rounds			@ pass rounds
+	mov		r0, sp
+
+	bl		_bsaes_encrypt8
+
+	vld1.64		{@XMM[ 8]-@XMM[ 9]}, [r0,:128]!
+	vld1.64		{@XMM[10]-@XMM[11]}, [r0,:128]!
+	veor		@XMM[0], @XMM[0], @XMM[ 8]
+	vld1.64		{@XMM[12]}, [r0,:128]!
+	veor		@XMM[1], @XMM[1], @XMM[ 9]
+	veor		@XMM[8], @XMM[4], @XMM[10]
+	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
+	veor		@XMM[9], @XMM[6], @XMM[11]
+	veor		@XMM[10], @XMM[3], @XMM[12]
+	vst1.8		{@XMM[8]-@XMM[9]}, [$out]!
+	vst1.8		{@XMM[10]}, [$out]!
+
+	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
+	b		.Lxts_enc_done
+.align	4
+.Lxts_enc_4:
+	veor		@XMM[2], @XMM[2], @XMM[10]
+#ifndef	BSAES_ASM_EXTENDED_KEY
+	add		r4, sp, #0x90			@ pass key schedule
+#else
+	add		r4, $key, #248			@ pass key schedule
+#endif
+	veor		@XMM[3], @XMM[3], @XMM[11]
+	mov		r5, $rounds			@ pass rounds
+	mov		r0, sp
+
+	bl		_bsaes_encrypt8
+
+	vld1.64		{@XMM[ 8]-@XMM[ 9]}, [r0,:128]!
+	vld1.64		{@XMM[10]-@XMM[11]}, [r0,:128]!
+	veor		@XMM[0], @XMM[0], @XMM[ 8]
+	veor		@XMM[1], @XMM[1], @XMM[ 9]
+	veor		@XMM[8], @XMM[4], @XMM[10]
+	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
+	veor		@XMM[9], @XMM[6], @XMM[11]
+	vst1.8		{@XMM[8]-@XMM[9]}, [$out]!
+
+	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
+	b		.Lxts_enc_done
+.align	4
+.Lxts_enc_3:
+	veor		@XMM[1], @XMM[1], @XMM[9]
+#ifndef	BSAES_ASM_EXTENDED_KEY
+	add		r4, sp, #0x90			@ pass key schedule
+#else
+	add		r4, $key, #248			@ pass key schedule
+#endif
+	veor		@XMM[2], @XMM[2], @XMM[10]
+	mov		r5, $rounds			@ pass rounds
+	mov		r0, sp
+
+	bl		_bsaes_encrypt8
+
+	vld1.64		{@XMM[8]-@XMM[9]}, [r0,:128]!
+	vld1.64		{@XMM[10]}, [r0,:128]!
+	veor		@XMM[0], @XMM[0], @XMM[ 8]
+	veor		@XMM[1], @XMM[1], @XMM[ 9]
+	veor		@XMM[8], @XMM[4], @XMM[10]
+	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
+	vst1.8		{@XMM[8]}, [$out]!
+
+	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
+	b		.Lxts_enc_done
+.align	4
+.Lxts_enc_2:
+	veor		@XMM[0], @XMM[0], @XMM[8]
+#ifndef	BSAES_ASM_EXTENDED_KEY
+	add		r4, sp, #0x90			@ pass key schedule
+#else
+	add		r4, $key, #248			@ pass key schedule
+#endif
+	veor		@XMM[1], @XMM[1], @XMM[9]
+	mov		r5, $rounds			@ pass rounds
+	mov		r0, sp
+
+	bl		_bsaes_encrypt8
+
+	vld1.64		{@XMM[8]-@XMM[9]}, [r0,:128]!
+	veor		@XMM[0], @XMM[0], @XMM[ 8]
+	veor		@XMM[1], @XMM[1], @XMM[ 9]
+	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
+
+	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
+	b		.Lxts_enc_done
+.align	4
+.Lxts_enc_1:
+	mov		r0, sp
+	veor		@XMM[0], @XMM[0], @XMM[8]
+	mov		r1, sp
+	vst1.8		{@XMM[0]}, [sp,:128]
+	mov		r2, $key
+	mov		r4, $fp				@ preserve fp
+
+	bl		AES_encrypt
+
+	vld1.8		{@XMM[0]}, [sp,:128]
+	veor		@XMM[0], @XMM[0], @XMM[8]
+	vst1.8		{@XMM[0]}, [$out]!
+	mov		$fp, r4
+
+	vmov		@XMM[8], @XMM[9]		@ next round tweak
+
+.Lxts_enc_done:
+#ifndef	XTS_CHAIN_TWEAK
+	adds		$len, #0x10
+	beq		.Lxts_enc_ret
+	sub		r6, $out, #0x10
+
+.Lxts_enc_steal:
+	ldrb		r0, [$inp], #1
+	ldrb		r1, [$out, #-0x10]
+	strb		r0, [$out, #-0x10]
+	strb		r1, [$out], #1
+
+	subs		$len, #1
+	bhi		.Lxts_enc_steal
+
+	vld1.8		{@XMM[0]}, [r6]
+	mov		r0, sp
+	veor		@XMM[0], @XMM[0], @XMM[8]
+	mov		r1, sp
+	vst1.8		{@XMM[0]}, [sp,:128]
+	mov		r2, $key
+	mov		r4, $fp			@ preserve fp
+
+	bl		AES_encrypt
+
+	vld1.8		{@XMM[0]}, [sp,:128]
+	veor		@XMM[0], @XMM[0], @XMM[8]
+	vst1.8		{@XMM[0]}, [r6]
+	mov		$fp, r4
+#endif
+
+.Lxts_enc_ret:
+	bic		r0, $fp, #0xf
+	vmov.i32	q0, #0
+	vmov.i32	q1, #0
+#ifdef	XTS_CHAIN_TWEAK
+	ldr		r1, [$fp, #0x20+VFP_ABI_FRAME]	@ chain tweak
+#endif
+.Lxts_enc_bzero:				@ wipe key schedule [if any]
+	vstmia		sp!, {q0-q1}
+	cmp		sp, r0
+	bne		.Lxts_enc_bzero
+
+	mov		sp, $fp
+#ifdef	XTS_CHAIN_TWEAK
+	vst1.8		{@XMM[8]}, [r1]
+#endif
+	VFP_ABI_POP
+	ldmia		sp!, {r4-r10, pc}	@ return
+
+.size	bsaes_xts_encrypt,.-bsaes_xts_encrypt
+
+.globl	bsaes_xts_decrypt
+.type	bsaes_xts_decrypt,%function
+.align	4
+bsaes_xts_decrypt:
+	mov	ip, sp
+	stmdb	sp!, {r4-r10, lr}		@ 0x20
+	VFP_ABI_PUSH
+	mov	r6, sp				@ future $fp
+
+	mov	$inp, r0
+	mov	$out, r1
+	mov	$len, r2
+	mov	$key, r3
+
+	sub	r0, sp, #0x10			@ 0x10
+	bic	r0, #0xf			@ align at 16 bytes
+	mov	sp, r0
+
+#ifdef	XTS_CHAIN_TWEAK
+	ldr	r0, [ip]			@ pointer to input tweak
+#else
+	@ generate initial tweak
+	ldr	r0, [ip, #4]			@ iv[]
+	mov	r1, sp
+	ldr	r2, [ip, #0]			@ key2
+	bl	AES_encrypt
+	mov	r0, sp				@ pointer to initial tweak
+#endif
+
+	ldr	$rounds, [$key, #240]		@ get # of rounds
+	mov	$fp, r6
+#ifndef	BSAES_ASM_EXTENDED_KEY
+	@ allocate the key schedule on the stack
+	sub	r12, sp, $rounds, lsl#7		@ 128 bytes per inner round key
+	@ add	r12, #`128-32`			@ size of bit-sliced key schedule
+	sub	r12, #`32+16`			@ place for tweak[9]
+
+	@ populate the key schedule
+	mov	r4, $key			@ pass key
+	mov	r5, $rounds			@ pass # of rounds
+	mov	sp, r12
+	add	r12, #0x90			@ pass key schedule
+	bl	_bsaes_key_convert
+	add	r4, sp, #0x90
+	vldmia	r4, {@XMM[6]}
+	vstmia	r12,  {@XMM[15]}		@ save last round key
+	veor	@XMM[7], @XMM[7], @XMM[6]	@ fix up round 0 key
+	vstmia	r4, {@XMM[7]}
+#else
+	ldr	r12, [$key, #244]
+	eors	r12, #1
+	beq	0f
+
+	str	r12, [$key, #244]
+	mov	r4, $key			@ pass key
+	mov	r5, $rounds			@ pass # of rounds
+	add	r12, $key, #248			@ pass key schedule
+	bl	_bsaes_key_convert
+	add	r4, $key, #248
+	vldmia	r4, {@XMM[6]}
+	vstmia	r12,  {@XMM[15]}		@ save last round key
+	veor	@XMM[7], @XMM[7], @XMM[6]	@ fix up round 0 key
+	vstmia	r4, {@XMM[7]}
+
+.align	2
+0:	sub	sp, #0x90			@ place for tweak[9]
+#endif
+	vld1.8	{@XMM[8]}, [r0]			@ initial tweak
+	adr	$magic, .Lxts_magic
+
+#ifndef	XTS_CHAIN_TWEAK
+	tst	$len, #0xf			@ if not multiple of 16
+	it	ne				@ Thumb2 thing, sanity check in ARM
+	subne	$len, #0x10			@ subtract another 16 bytes
+#endif
+	subs	$len, #0x80
+
+	blo	.Lxts_dec_short
+	b	.Lxts_dec_loop
+
+.align	4
+.Lxts_dec_loop:
+	vldmia		$magic, {$twmask}	@ load XTS magic
+	vshr.s64	@T[0], @XMM[8], #63
+	mov		r0, sp
+	vand		@T[0], @T[0], $twmask
+___
+for($i=9;$i<16;$i++) {
+$code.=<<___;
+	vadd.u64	@XMM[$i], @XMM[$i-1], @XMM[$i-1]
+	vst1.64		{@XMM[$i-1]}, [r0,:128]!
+	vswp		`&Dhi("@T[0]")`,`&Dlo("@T[0]")`
+	vshr.s64	@T[1], @XMM[$i], #63
+	veor		@XMM[$i], @XMM[$i], @T[0]
+	vand		@T[1], @T[1], $twmask
+___
+	@T=reverse(@T);
+
+$code.=<<___ if ($i>=10);
+	vld1.8		{@XMM[$i-10]}, [$inp]!
+___
+$code.=<<___ if ($i>=11);
+	veor		@XMM[$i-11], @XMM[$i-11], @XMM[$i-3]
+___
+}
+$code.=<<___;
+	vadd.u64	@XMM[8], @XMM[15], @XMM[15]
+	vst1.64		{@XMM[15]}, [r0,:128]!
+	vswp		`&Dhi("@T[0]")`,`&Dlo("@T[0]")`
+	veor		@XMM[8], @XMM[8], @T[0]
+	vst1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
+
+	vld1.8		{@XMM[6]-@XMM[7]}, [$inp]!
+	veor		@XMM[5], @XMM[5], @XMM[13]
+#ifndef	BSAES_ASM_EXTENDED_KEY
+	add		r4, sp, #0x90			@ pass key schedule
+#else
+	add		r4, $key, #248			@ pass key schedule
+#endif
+	veor		@XMM[6], @XMM[6], @XMM[14]
+	mov		r5, $rounds			@ pass rounds
+	veor		@XMM[7], @XMM[7], @XMM[15]
+	mov		r0, sp
+
+	bl		_bsaes_decrypt8
+
+	vld1.64		{@XMM[ 8]-@XMM[ 9]}, [r0,:128]!
+	vld1.64		{@XMM[10]-@XMM[11]}, [r0,:128]!
+	veor		@XMM[0], @XMM[0], @XMM[ 8]
+	vld1.64		{@XMM[12]-@XMM[13]}, [r0,:128]!
+	veor		@XMM[1], @XMM[1], @XMM[ 9]
+	veor		@XMM[8], @XMM[6], @XMM[10]
+	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
+	veor		@XMM[9], @XMM[4], @XMM[11]
+	vld1.64		{@XMM[14]-@XMM[15]}, [r0,:128]!
+	veor		@XMM[10], @XMM[2], @XMM[12]
+	vst1.8		{@XMM[8]-@XMM[9]}, [$out]!
+	veor		@XMM[11], @XMM[7], @XMM[13]
+	veor		@XMM[12], @XMM[3], @XMM[14]
+	vst1.8		{@XMM[10]-@XMM[11]}, [$out]!
+	veor		@XMM[13], @XMM[5], @XMM[15]
+	vst1.8		{@XMM[12]-@XMM[13]}, [$out]!
+
+	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
+
+	subs		$len, #0x80
+	bpl		.Lxts_dec_loop
+
+.Lxts_dec_short:
+	adds		$len, #0x70
+	bmi		.Lxts_dec_done
+
+	vldmia		$magic, {$twmask}	@ load XTS magic
+	vshr.s64	@T[0], @XMM[8], #63
+	mov		r0, sp
+	vand		@T[0], @T[0], $twmask
+___
+for($i=9;$i<16;$i++) {
+$code.=<<___;
+	vadd.u64	@XMM[$i], @XMM[$i-1], @XMM[$i-1]
+	vst1.64		{@XMM[$i-1]}, [r0,:128]!
+	vswp		`&Dhi("@T[0]")`,`&Dlo("@T[0]")`
+	vshr.s64	@T[1], @XMM[$i], #63
+	veor		@XMM[$i], @XMM[$i], @T[0]
+	vand		@T[1], @T[1], $twmask
+___
+	@T=reverse(@T);
+
+$code.=<<___ if ($i>=10);
+	vld1.8		{@XMM[$i-10]}, [$inp]!
+	subs		$len, #0x10
+	bmi		.Lxts_dec_`$i-9`
+___
+$code.=<<___ if ($i>=11);
+	veor		@XMM[$i-11], @XMM[$i-11], @XMM[$i-3]
+___
+}
+$code.=<<___;
+	sub		$len, #0x10
+	vst1.64		{@XMM[15]}, [r0,:128]		@ next round tweak
+
+	vld1.8		{@XMM[6]}, [$inp]!
+	veor		@XMM[5], @XMM[5], @XMM[13]
+#ifndef	BSAES_ASM_EXTENDED_KEY
+	add		r4, sp, #0x90			@ pass key schedule
+#else
+	add		r4, $key, #248			@ pass key schedule
+#endif
+	veor		@XMM[6], @XMM[6], @XMM[14]
+	mov		r5, $rounds			@ pass rounds
+	mov		r0, sp
+
+	bl		_bsaes_decrypt8
+
+	vld1.64		{@XMM[ 8]-@XMM[ 9]}, [r0,:128]!
+	vld1.64		{@XMM[10]-@XMM[11]}, [r0,:128]!
+	veor		@XMM[0], @XMM[0], @XMM[ 8]
+	vld1.64		{@XMM[12]-@XMM[13]}, [r0,:128]!
+	veor		@XMM[1], @XMM[1], @XMM[ 9]
+	veor		@XMM[8], @XMM[6], @XMM[10]
+	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
+	veor		@XMM[9], @XMM[4], @XMM[11]
+	vld1.64		{@XMM[14]}, [r0,:128]!
+	veor		@XMM[10], @XMM[2], @XMM[12]
+	vst1.8		{@XMM[8]-@XMM[9]}, [$out]!
+	veor		@XMM[11], @XMM[7], @XMM[13]
+	veor		@XMM[12], @XMM[3], @XMM[14]
+	vst1.8		{@XMM[10]-@XMM[11]}, [$out]!
+	vst1.8		{@XMM[12]}, [$out]!
+
+	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
+	b		.Lxts_dec_done
+.align	4
+.Lxts_dec_6:
+	vst1.64		{@XMM[14]}, [r0,:128]		@ next round tweak
+
+	veor		@XMM[4], @XMM[4], @XMM[12]
+#ifndef	BSAES_ASM_EXTENDED_KEY
+	add		r4, sp, #0x90			@ pass key schedule
+#else
+	add		r4, $key, #248			@ pass key schedule
+#endif
+	veor		@XMM[5], @XMM[5], @XMM[13]
+	mov		r5, $rounds			@ pass rounds
+	mov		r0, sp
+
+	bl		_bsaes_decrypt8
+
+	vld1.64		{@XMM[ 8]-@XMM[ 9]}, [r0,:128]!
+	vld1.64		{@XMM[10]-@XMM[11]}, [r0,:128]!
+	veor		@XMM[0], @XMM[0], @XMM[ 8]
+	vld1.64		{@XMM[12]-@XMM[13]}, [r0,:128]!
+	veor		@XMM[1], @XMM[1], @XMM[ 9]
+	veor		@XMM[8], @XMM[6], @XMM[10]
+	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
+	veor		@XMM[9], @XMM[4], @XMM[11]
+	veor		@XMM[10], @XMM[2], @XMM[12]
+	vst1.8		{@XMM[8]-@XMM[9]}, [$out]!
+	veor		@XMM[11], @XMM[7], @XMM[13]
+	vst1.8		{@XMM[10]-@XMM[11]}, [$out]!
+
+	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
+	b		.Lxts_dec_done
+.align	4
+.Lxts_dec_5:
+	veor		@XMM[3], @XMM[3], @XMM[11]
+#ifndef	BSAES_ASM_EXTENDED_KEY
+	add		r4, sp, #0x90			@ pass key schedule
+#else
+	add		r4, $key, #248			@ pass key schedule
+#endif
+	veor		@XMM[4], @XMM[4], @XMM[12]
+	mov		r5, $rounds			@ pass rounds
+	mov		r0, sp
+
+	bl		_bsaes_decrypt8
+
+	vld1.64		{@XMM[ 8]-@XMM[ 9]}, [r0,:128]!
+	vld1.64		{@XMM[10]-@XMM[11]}, [r0,:128]!
+	veor		@XMM[0], @XMM[0], @XMM[ 8]
+	vld1.64		{@XMM[12]}, [r0,:128]!
+	veor		@XMM[1], @XMM[1], @XMM[ 9]
+	veor		@XMM[8], @XMM[6], @XMM[10]
+	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
+	veor		@XMM[9], @XMM[4], @XMM[11]
+	veor		@XMM[10], @XMM[2], @XMM[12]
+	vst1.8		{@XMM[8]-@XMM[9]}, [$out]!
+	vst1.8		{@XMM[10]}, [$out]!
+
+	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
+	b		.Lxts_dec_done
+.align	4
+.Lxts_dec_4:
+	veor		@XMM[2], @XMM[2], @XMM[10]
+#ifndef	BSAES_ASM_EXTENDED_KEY
+	add		r4, sp, #0x90			@ pass key schedule
+#else
+	add		r4, $key, #248			@ pass key schedule
+#endif
+	veor		@XMM[3], @XMM[3], @XMM[11]
+	mov		r5, $rounds			@ pass rounds
+	mov		r0, sp
+
+	bl		_bsaes_decrypt8
+
+	vld1.64		{@XMM[ 8]-@XMM[ 9]}, [r0,:128]!
+	vld1.64		{@XMM[10]-@XMM[11]}, [r0,:128]!
+	veor		@XMM[0], @XMM[0], @XMM[ 8]
+	veor		@XMM[1], @XMM[1], @XMM[ 9]
+	veor		@XMM[8], @XMM[6], @XMM[10]
+	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
+	veor		@XMM[9], @XMM[4], @XMM[11]
+	vst1.8		{@XMM[8]-@XMM[9]}, [$out]!
+
+	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
+	b		.Lxts_dec_done
+.align	4
+.Lxts_dec_3:
+	veor		@XMM[1], @XMM[1], @XMM[9]
+#ifndef	BSAES_ASM_EXTENDED_KEY
+	add		r4, sp, #0x90			@ pass key schedule
+#else
+	add		r4, $key, #248			@ pass key schedule
+#endif
+	veor		@XMM[2], @XMM[2], @XMM[10]
+	mov		r5, $rounds			@ pass rounds
+	mov		r0, sp
+
+	bl		_bsaes_decrypt8
+
+	vld1.64		{@XMM[8]-@XMM[9]}, [r0,:128]!
+	vld1.64		{@XMM[10]}, [r0,:128]!
+	veor		@XMM[0], @XMM[0], @XMM[ 8]
+	veor		@XMM[1], @XMM[1], @XMM[ 9]
+	veor		@XMM[8], @XMM[6], @XMM[10]
+	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
+	vst1.8		{@XMM[8]}, [$out]!
+
+	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
+	b		.Lxts_dec_done
+.align	4
+.Lxts_dec_2:
+	veor		@XMM[0], @XMM[0], @XMM[8]
+#ifndef	BSAES_ASM_EXTENDED_KEY
+	add		r4, sp, #0x90			@ pass key schedule
+#else
+	add		r4, $key, #248			@ pass key schedule
+#endif
+	veor		@XMM[1], @XMM[1], @XMM[9]
+	mov		r5, $rounds			@ pass rounds
+	mov		r0, sp
+
+	bl		_bsaes_decrypt8
+
+	vld1.64		{@XMM[8]-@XMM[9]}, [r0,:128]!
+	veor		@XMM[0], @XMM[0], @XMM[ 8]
+	veor		@XMM[1], @XMM[1], @XMM[ 9]
+	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
+
+	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
+	b		.Lxts_dec_done
+.align	4
+.Lxts_dec_1:
+	mov		r0, sp
+	veor		@XMM[0], @XMM[0], @XMM[8]
+	mov		r1, sp
+	vst1.8		{@XMM[0]}, [sp,:128]
+	mov		r5, $magic			@ preserve magic
+	mov		r2, $key
+	mov		r4, $fp				@ preserve fp
+
+	bl		AES_decrypt
+
+	vld1.8		{@XMM[0]}, [sp,:128]
+	veor		@XMM[0], @XMM[0], @XMM[8]
+	vst1.8		{@XMM[0]}, [$out]!
+	mov		$fp, r4
+	mov		$magic, r5
+
+	vmov		@XMM[8], @XMM[9]		@ next round tweak
+
+.Lxts_dec_done:
+#ifndef	XTS_CHAIN_TWEAK
+	adds		$len, #0x10
+	beq		.Lxts_dec_ret
+
+	@ calculate one round of extra tweak for the stolen ciphertext
+	vldmia		$magic, {$twmask}
+	vshr.s64	@XMM[6], @XMM[8], #63
+	vand		@XMM[6], @XMM[6], $twmask
+	vadd.u64	@XMM[9], @XMM[8], @XMM[8]
+	vswp		`&Dhi("@XMM[6]")`,`&Dlo("@XMM[6]")`
+	veor		@XMM[9], @XMM[9], @XMM[6]
+
+	@ perform the final decryption with the last tweak value
+	vld1.8		{@XMM[0]}, [$inp]!
+	mov		r0, sp
+	veor		@XMM[0], @XMM[0], @XMM[9]
+	mov		r1, sp
+	vst1.8		{@XMM[0]}, [sp,:128]
+	mov		r2, $key
+	mov		r4, $fp			@ preserve fp
+
+	bl		AES_decrypt
+
+	vld1.8		{@XMM[0]}, [sp,:128]
+	veor		@XMM[0], @XMM[0], @XMM[9]
+	vst1.8		{@XMM[0]}, [$out]
+
+	mov		r6, $out
+.Lxts_dec_steal:
+	ldrb		r1, [$out]
+	ldrb		r0, [$inp], #1
+	strb		r1, [$out, #0x10]
+	strb		r0, [$out], #1
+
+	subs		$len, #1
+	bhi		.Lxts_dec_steal
+
+	vld1.8		{@XMM[0]}, [r6]
+	mov		r0, sp
+	veor		@XMM[0], @XMM[8]
+	mov		r1, sp
+	vst1.8		{@XMM[0]}, [sp,:128]
+	mov		r2, $key
+
+	bl		AES_decrypt
+
+	vld1.8		{@XMM[0]}, [sp,:128]
+	veor		@XMM[0], @XMM[0], @XMM[8]
+	vst1.8		{@XMM[0]}, [r6]
+	mov		$fp, r4
+#endif
+
+.Lxts_dec_ret:
+	bic		r0, $fp, #0xf
+	vmov.i32	q0, #0
+	vmov.i32	q1, #0
+#ifdef	XTS_CHAIN_TWEAK
+	ldr		r1, [$fp, #0x20+VFP_ABI_FRAME]	@ chain tweak
+#endif
+.Lxts_dec_bzero:				@ wipe key schedule [if any]
+	vstmia		sp!, {q0-q1}
+	cmp		sp, r0
+	bne		.Lxts_dec_bzero
+
+	mov		sp, $fp
+#ifdef	XTS_CHAIN_TWEAK
+	vst1.8		{@XMM[8]}, [r1]
+#endif
+	VFP_ABI_POP
+	ldmia		sp!, {r4-r10, pc}	@ return
+
+.size	bsaes_xts_decrypt,.-bsaes_xts_decrypt
+___
+}
+$code.=<<___;
+#endif
+___
+
+$code =~ s/\`([^\`]*)\`/eval($1)/gem;
+
+open SELF,$0;
+while(<SELF>) {
+	next if (/^#!/);
+        last if (!s/^#/@/ and !/^$/);
+        print;
+}
+close SELF;
+
+print $code;
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/bsaes-x86_64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/bsaes-x86_64.pl
new file mode 100644
index 000000000..e62342729
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/bsaes-x86_64.pl
@@ -0,0 +1,3239 @@
+#! /usr/bin/env perl
+# Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+###################################################################
+### AES-128 [originally in CTR mode]				###
+### bitsliced implementation for Intel Core 2 processors	###
+### requires support of SSE extensions up to SSSE3		###
+### Author: Emilia Käsper and Peter Schwabe			###
+### Date: 2009-03-19						###
+### Public domain						###
+###								###
+### See http://homes.esat.kuleuven.be/~ekasper/#software for	###
+### further information.					###
+###################################################################
+#
+# September 2011.
+#
+# Started as transliteration to "perlasm" the original code has
+# undergone following changes:
+#
+# - code was made position-independent;
+# - rounds were folded into a loop resulting in >5x size reduction
+#   from 12.5KB to 2.2KB;
+# - above was possibile thanks to mixcolumns() modification that
+#   allowed to feed its output back to aesenc[last], this was
+#   achieved at cost of two additional inter-registers moves;
+# - some instruction reordering and interleaving;
+# - this module doesn't implement key setup subroutine, instead it
+#   relies on conversion of "conventional" key schedule as returned
+#   by AES_set_encrypt_key (see discussion below);
+# - first and last round keys are treated differently, which allowed
+#   to skip one shiftrows(), reduce bit-sliced key schedule and
+#   speed-up conversion by 22%;
+# - support for 192- and 256-bit keys was added;
+#
+# Resulting performance in CPU cycles spent to encrypt one byte out
+# of 4096-byte buffer with 128-bit key is:
+#
+#		Emilia's	this(*)		difference
+#
+# Core 2    	9.30		8.69		+7%
+# Nehalem(**) 	7.63		6.88		+11%
+# Atom	    	17.1		16.4		+4%
+# Silvermont	-		12.9
+# Goldmont	-		8.85
+#
+# (*)	Comparison is not completely fair, because "this" is ECB,
+#	i.e. no extra processing such as counter values calculation
+#	and xor-ing input as in Emilia's CTR implementation is
+#	performed. However, the CTR calculations stand for not more
+#	than 1% of total time, so comparison is *rather* fair.
+#
+# (**)	Results were collected on Westmere, which is considered to
+#	be equivalent to Nehalem for this code.
+#
+# As for key schedule conversion subroutine. Interface to OpenSSL
+# relies on per-invocation on-the-fly conversion. This naturally
+# has impact on performance, especially for short inputs. Conversion
+# time in CPU cycles and its ratio to CPU cycles spent in 8x block
+# function is:
+#
+# 		conversion	conversion/8x block
+# Core 2	240		0.22
+# Nehalem	180		0.20
+# Atom		430		0.20
+#
+# The ratio values mean that 128-byte blocks will be processed
+# 16-18% slower, 256-byte blocks - 9-10%, 384-byte blocks - 6-7%,
+# etc. Then keep in mind that input sizes not divisible by 128 are
+# *effectively* slower, especially shortest ones, e.g. consecutive
+# 144-byte blocks are processed 44% slower than one would expect,
+# 272 - 29%, 400 - 22%, etc. Yet, despite all these "shortcomings"
+# it's still faster than ["hyper-threading-safe" code path in]
+# aes-x86_64.pl on all lengths above 64 bytes...
+#
+# October 2011.
+#
+# Add decryption procedure. Performance in CPU cycles spent to decrypt
+# one byte out of 4096-byte buffer with 128-bit key is:
+#
+# Core 2	9.98
+# Nehalem	7.80
+# Atom		17.9
+# Silvermont	14.0
+# Goldmont	10.2
+#
+# November 2011.
+#
+# Add bsaes_xts_[en|de]crypt. Less-than-80-bytes-block performance is
+# suboptimal, but XTS is meant to be used with larger blocks...
+#
+#						<appro@openssl.org>
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+my ($inp,$out,$len,$key,$ivp)=("%rdi","%rsi","%rdx","%rcx");
+my @XMM=map("%xmm$_",(15,0..14));	# best on Atom, +10% over (0..15)
+my $ecb=0;	# suppress unreferenced ECB subroutines, spare some space...
+
+{
+my ($key,$rounds,$const)=("%rax","%r10d","%r11");
+
+sub Sbox {
+# input in  lsb > [b0, b1, b2, b3, b4, b5, b6, b7] < msb
+# output in lsb > [b0, b1, b4, b6, b3, b7, b2, b5] < msb
+my @b=@_[0..7];
+my @t=@_[8..11];
+my @s=@_[12..15];
+	&InBasisChange	(@b);
+	&Inv_GF256	(@b[6,5,0,3,7,1,4,2],@t,@s);
+	&OutBasisChange	(@b[7,1,4,2,6,5,0,3]);
+}
+
+sub InBasisChange {
+# input in  lsb > [b0, b1, b2, b3, b4, b5, b6, b7] < msb
+# output in lsb > [b6, b5, b0, b3, b7, b1, b4, b2] < msb
+my @b=@_[0..7];
+$code.=<<___;
+	pxor	@b[6], @b[5]
+	pxor	@b[1], @b[2]
+	pxor	@b[0], @b[3]
+	pxor	@b[2], @b[6]
+	pxor 	@b[0], @b[5]
+
+	pxor	@b[3], @b[6]
+	pxor	@b[7], @b[3]
+	pxor	@b[5], @b[7]
+	pxor	@b[4], @b[3]
+	pxor	@b[5], @b[4]
+	pxor	@b[1], @b[3]
+
+	pxor	@b[7], @b[2]
+	pxor	@b[5], @b[1]
+___
+}
+
+sub OutBasisChange {
+# input in  lsb > [b0, b1, b2, b3, b4, b5, b6, b7] < msb
+# output in lsb > [b6, b1, b2, b4, b7, b0, b3, b5] < msb
+my @b=@_[0..7];
+$code.=<<___;
+	pxor	@b[6], @b[0]
+	pxor	@b[4], @b[1]
+	pxor	@b[0], @b[2]
+	pxor	@b[6], @b[4]
+	pxor	@b[1], @b[6]
+
+	pxor	@b[5], @b[1]
+	pxor	@b[3], @b[5]
+	pxor	@b[7], @b[3]
+	pxor	@b[5], @b[7]
+	pxor	@b[5], @b[2]
+
+	pxor	@b[7], @b[4]
+___
+}
+
+sub InvSbox {
+# input in lsb 	> [b0, b1, b2, b3, b4, b5, b6, b7] < msb
+# output in lsb	> [b0, b1, b6, b4, b2, b7, b3, b5] < msb
+my @b=@_[0..7];
+my @t=@_[8..11];
+my @s=@_[12..15];
+	&InvInBasisChange	(@b);
+	&Inv_GF256		(@b[5,1,2,6,3,7,0,4],@t,@s);
+	&InvOutBasisChange	(@b[3,7,0,4,5,1,2,6]);
+}
+
+sub InvInBasisChange {		# OutBasisChange in reverse
+my @b=@_[5,1,2,6,3,7,0,4];
+$code.=<<___
+	pxor	@b[7], @b[4]
+
+	pxor	@b[5], @b[7]
+	pxor	@b[5], @b[2]
+	pxor	@b[7], @b[3]
+	pxor	@b[3], @b[5]
+	pxor	@b[5], @b[1]
+
+	pxor	@b[1], @b[6]
+	pxor	@b[0], @b[2]
+	pxor	@b[6], @b[4]
+	pxor	@b[6], @b[0]
+	pxor	@b[4], @b[1]
+___
+}
+
+sub InvOutBasisChange {		# InBasisChange in reverse
+my @b=@_[2,5,7,3,6,1,0,4];
+$code.=<<___;
+	pxor	@b[5], @b[1]
+	pxor	@b[7], @b[2]
+
+	pxor	@b[1], @b[3]
+	pxor	@b[5], @b[4]
+	pxor	@b[5], @b[7]
+	pxor	@b[4], @b[3]
+	 pxor 	@b[0], @b[5]
+	pxor	@b[7], @b[3]
+	 pxor	@b[2], @b[6]
+	 pxor	@b[1], @b[2]
+	pxor	@b[3], @b[6]
+
+	pxor	@b[0], @b[3]
+	pxor	@b[6], @b[5]
+___
+}
+
+sub Mul_GF4 {
+#;*************************************************************
+#;* Mul_GF4: Input x0-x1,y0-y1 Output x0-x1 Temp t0 (8) *
+#;*************************************************************
+my ($x0,$x1,$y0,$y1,$t0)=@_;
+$code.=<<___;
+	movdqa	$y0, $t0
+	pxor 	$y1, $t0
+	pand	$x0, $t0
+	pxor	$x1, $x0
+	pand	$y0, $x1
+	pand	$y1, $x0
+	pxor	$x1, $x0
+	pxor	$t0, $x1
+___
+}
+
+sub Mul_GF4_N {				# not used, see next subroutine
+# multiply and scale by N
+my ($x0,$x1,$y0,$y1,$t0)=@_;
+$code.=<<___;
+	movdqa	$y0, $t0
+	pxor	$y1, $t0
+	pand	$x0, $t0
+	pxor	$x1, $x0
+	pand	$y0, $x1
+	pand	$y1, $x0
+	pxor	$x0, $x1
+	pxor	$t0, $x0
+___
+}
+
+sub Mul_GF4_N_GF4 {
+# interleaved Mul_GF4_N and Mul_GF4
+my ($x0,$x1,$y0,$y1,$t0,
+    $x2,$x3,$y2,$y3,$t1)=@_;
+$code.=<<___;
+	movdqa	$y0, $t0
+	 movdqa	$y2, $t1
+	pxor	$y1, $t0
+	 pxor 	$y3, $t1
+	pand	$x0, $t0
+	 pand	$x2, $t1
+	pxor	$x1, $x0
+	 pxor	$x3, $x2
+	pand	$y0, $x1
+	 pand	$y2, $x3
+	pand	$y1, $x0
+	 pand	$y3, $x2
+	pxor	$x0, $x1
+	 pxor	$x3, $x2
+	pxor	$t0, $x0
+	 pxor	$t1, $x3
+___
+}
+sub Mul_GF16_2 {
+my @x=@_[0..7];
+my @y=@_[8..11];
+my @t=@_[12..15];
+$code.=<<___;
+	movdqa	@x[0], @t[0]
+	movdqa	@x[1], @t[1]
+___
+	&Mul_GF4  	(@x[0], @x[1], @y[0], @y[1], @t[2]);
+$code.=<<___;
+	pxor	@x[2], @t[0]
+	pxor	@x[3], @t[1]
+	pxor	@y[2], @y[0]
+	pxor	@y[3], @y[1]
+___
+	Mul_GF4_N_GF4	(@t[0], @t[1], @y[0], @y[1], @t[3],
+			 @x[2], @x[3], @y[2], @y[3], @t[2]);
+$code.=<<___;
+	pxor	@t[0], @x[0]
+	pxor	@t[0], @x[2]
+	pxor	@t[1], @x[1]
+	pxor	@t[1], @x[3]
+
+	movdqa	@x[4], @t[0]
+	movdqa	@x[5], @t[1]
+	pxor	@x[6], @t[0]
+	pxor	@x[7], @t[1]
+___
+	&Mul_GF4_N_GF4	(@t[0], @t[1], @y[0], @y[1], @t[3],
+			 @x[6], @x[7], @y[2], @y[3], @t[2]);
+$code.=<<___;
+	pxor	@y[2], @y[0]
+	pxor	@y[3], @y[1]
+___
+	&Mul_GF4  	(@x[4], @x[5], @y[0], @y[1], @t[3]);
+$code.=<<___;
+	pxor	@t[0], @x[4]
+	pxor	@t[0], @x[6]
+	pxor	@t[1], @x[5]
+	pxor	@t[1], @x[7]
+___
+}
+sub Inv_GF256 {
+#;********************************************************************
+#;* Inv_GF256: Input x0-x7 Output x0-x7 Temp t0-t3,s0-s3 (144)       *
+#;********************************************************************
+my @x=@_[0..7];
+my @t=@_[8..11];
+my @s=@_[12..15];
+# direct optimizations from hardware
+$code.=<<___;
+	movdqa	@x[4], @t[3]
+	movdqa	@x[5], @t[2]
+	movdqa	@x[1], @t[1]
+	movdqa	@x[7], @s[1]
+	movdqa	@x[0], @s[0]
+
+	pxor	@x[6], @t[3]
+	pxor	@x[7], @t[2]
+	pxor	@x[3], @t[1]
+	 movdqa	@t[3], @s[2]
+	pxor	@x[6], @s[1]
+	 movdqa	@t[2], @t[0]
+	pxor	@x[2], @s[0]
+	 movdqa	@t[3], @s[3]
+
+	por	@t[1], @t[2]
+	por	@s[0], @t[3]
+	pxor	@t[0], @s[3]
+	pand	@s[0], @s[2]
+	pxor	@t[1], @s[0]
+	pand	@t[1], @t[0]
+	pand	@s[0], @s[3]
+	movdqa	@x[3], @s[0]
+	pxor	@x[2], @s[0]
+	pand	@s[0], @s[1]
+	pxor	@s[1], @t[3]
+	pxor	@s[1], @t[2]
+	movdqa	@x[4], @s[1]
+	movdqa	@x[1], @s[0]
+	pxor	@x[5], @s[1]
+	pxor	@x[0], @s[0]
+	movdqa	@s[1], @t[1]
+	pand	@s[0], @s[1]
+	por	@s[0], @t[1]
+	pxor	@s[1], @t[0]
+	pxor	@s[3], @t[3]
+	pxor	@s[2], @t[2]
+	pxor	@s[3], @t[1]
+	movdqa	@x[7], @s[0]
+	pxor	@s[2], @t[0]
+	movdqa	@x[6], @s[1]
+	pxor	@s[2], @t[1]
+	movdqa	@x[5], @s[2]
+	pand	@x[3], @s[0]
+	movdqa	@x[4], @s[3]
+	pand	@x[2], @s[1]
+	pand	@x[1], @s[2]
+	por	@x[0], @s[3]
+	pxor	@s[0], @t[3]
+	pxor	@s[1], @t[2]
+	pxor	@s[2], @t[1]
+	pxor	@s[3], @t[0]
+
+	#Inv_GF16 \t0, \t1, \t2, \t3, \s0, \s1, \s2, \s3
+
+	# new smaller inversion
+
+	movdqa	@t[3], @s[0]
+	pand	@t[1], @t[3]
+	pxor	@t[2], @s[0]
+
+	movdqa	@t[0], @s[2]
+	movdqa	@s[0], @s[3]
+	pxor	@t[3], @s[2]
+	pand	@s[2], @s[3]
+
+	movdqa	@t[1], @s[1]
+	pxor	@t[2], @s[3]
+	pxor	@t[0], @s[1]
+
+	pxor	@t[2], @t[3]
+
+	pand	@t[3], @s[1]
+
+	movdqa	@s[2], @t[2]
+	pxor	@t[0], @s[1]
+
+	pxor	@s[1], @t[2]
+	pxor	@s[1], @t[1]
+
+	pand	@t[0], @t[2]
+
+	pxor	@t[2], @s[2]
+	pxor	@t[2], @t[1]
+
+	pand	@s[3], @s[2]
+
+	pxor	@s[0], @s[2]
+___
+# output in s3, s2, s1, t1
+
+# Mul_GF16_2 \x0, \x1, \x2, \x3, \x4, \x5, \x6, \x7, \t2, \t3, \t0, \t1, \s0, \s1, \s2, \s3
+
+# Mul_GF16_2 \x0, \x1, \x2, \x3, \x4, \x5, \x6, \x7, \s3, \s2, \s1, \t1, \s0, \t0, \t2, \t3
+	&Mul_GF16_2(@x,@s[3,2,1],@t[1],@s[0],@t[0,2,3]);
+
+### output msb > [x3,x2,x1,x0,x7,x6,x5,x4] < lsb
+}
+
+# AES linear components
+
+sub ShiftRows {
+my @x=@_[0..7];
+my $mask=pop;
+$code.=<<___;
+	pxor	0x00($key),@x[0]
+	pxor	0x10($key),@x[1]
+	pxor	0x20($key),@x[2]
+	pxor	0x30($key),@x[3]
+	pshufb	$mask,@x[0]
+	pshufb	$mask,@x[1]
+	pxor	0x40($key),@x[4]
+	pxor	0x50($key),@x[5]
+	pshufb	$mask,@x[2]
+	pshufb	$mask,@x[3]
+	pxor	0x60($key),@x[6]
+	pxor	0x70($key),@x[7]
+	pshufb	$mask,@x[4]
+	pshufb	$mask,@x[5]
+	pshufb	$mask,@x[6]
+	pshufb	$mask,@x[7]
+	lea	0x80($key),$key
+___
+}
+
+sub MixColumns {
+# modified to emit output in order suitable for feeding back to aesenc[last]
+my @x=@_[0..7];
+my @t=@_[8..15];
+my $inv=@_[16];	# optional
+$code.=<<___;
+	pshufd	\$0x93, @x[0], @t[0]	# x0 <<< 32
+	pshufd	\$0x93, @x[1], @t[1]
+	 pxor	@t[0], @x[0]		# x0 ^ (x0 <<< 32)
+	pshufd	\$0x93, @x[2], @t[2]
+	 pxor	@t[1], @x[1]
+	pshufd	\$0x93, @x[3], @t[3]
+	 pxor	@t[2], @x[2]
+	pshufd	\$0x93, @x[4], @t[4]
+	 pxor	@t[3], @x[3]
+	pshufd	\$0x93, @x[5], @t[5]
+	 pxor	@t[4], @x[4]
+	pshufd	\$0x93, @x[6], @t[6]
+	 pxor	@t[5], @x[5]
+	pshufd	\$0x93, @x[7], @t[7]
+	 pxor	@t[6], @x[6]
+	 pxor	@t[7], @x[7]
+
+	pxor	@x[0], @t[1]
+	pxor	@x[7], @t[0]
+	pxor	@x[7], @t[1]
+	 pshufd	\$0x4E, @x[0], @x[0] 	# (x0 ^ (x0 <<< 32)) <<< 64)
+	pxor	@x[1], @t[2]
+	 pshufd	\$0x4E, @x[1], @x[1]
+	pxor	@x[4], @t[5]
+	 pxor	@t[0], @x[0]
+	pxor	@x[5], @t[6]
+	 pxor	@t[1], @x[1]
+	pxor	@x[3], @t[4]
+	 pshufd	\$0x4E, @x[4], @t[0]
+	pxor	@x[6], @t[7]
+	 pshufd	\$0x4E, @x[5], @t[1]
+	pxor	@x[2], @t[3]
+	 pshufd	\$0x4E, @x[3], @x[4]
+	pxor	@x[7], @t[3]
+	 pshufd	\$0x4E, @x[7], @x[5]
+	pxor	@x[7], @t[4]
+	 pshufd	\$0x4E, @x[6], @x[3]
+	pxor	@t[4], @t[0]
+	 pshufd	\$0x4E, @x[2], @x[6]
+	pxor	@t[5], @t[1]
+___
+$code.=<<___ if (!$inv);
+	pxor	@t[3], @x[4]
+	pxor	@t[7], @x[5]
+	pxor	@t[6], @x[3]
+	 movdqa	@t[0], @x[2]
+	pxor	@t[2], @x[6]
+	 movdqa	@t[1], @x[7]
+___
+$code.=<<___ if ($inv);
+	pxor	@x[4], @t[3]
+	pxor	@t[7], @x[5]
+	pxor	@x[3], @t[6]
+	 movdqa	@t[0], @x[3]
+	pxor	@t[2], @x[6]
+	 movdqa	@t[6], @x[2]
+	 movdqa	@t[1], @x[7]
+	 movdqa	@x[6], @x[4]
+	 movdqa	@t[3], @x[6]
+___
+}
+
+sub InvMixColumns_orig {
+my @x=@_[0..7];
+my @t=@_[8..15];
+
+$code.=<<___;
+	# multiplication by 0x0e
+	pshufd	\$0x93, @x[7], @t[7]
+	movdqa	@x[2], @t[2]
+	pxor	@x[5], @x[7]		# 7 5
+	pxor	@x[5], @x[2]		# 2 5
+	pshufd	\$0x93, @x[0], @t[0]
+	movdqa	@x[5], @t[5]
+	pxor	@x[0], @x[5]		# 5 0		[1]
+	pxor	@x[1], @x[0]		# 0 1
+	pshufd	\$0x93, @x[1], @t[1]
+	pxor	@x[2], @x[1]		# 1 25
+	pxor	@x[6], @x[0]		# 01 6		[2]
+	pxor	@x[3], @x[1]		# 125 3		[4]
+	pshufd	\$0x93, @x[3], @t[3]
+	pxor	@x[0], @x[2]		# 25 016	[3]
+	pxor	@x[7], @x[3]		# 3 75
+	pxor	@x[6], @x[7]		# 75 6		[0]
+	pshufd	\$0x93, @x[6], @t[6]
+	movdqa	@x[4], @t[4]
+	pxor	@x[4], @x[6]		# 6 4
+	pxor	@x[3], @x[4]		# 4 375		[6]
+	pxor	@x[7], @x[3]		# 375 756=36
+	pxor	@t[5], @x[6]		# 64 5		[7]
+	pxor	@t[2], @x[3]		# 36 2
+	pxor	@t[4], @x[3]		# 362 4		[5]
+	pshufd	\$0x93, @t[5], @t[5]
+___
+					my @y = @x[7,5,0,2,1,3,4,6];
+$code.=<<___;
+	# multiplication by 0x0b
+	pxor	@y[0], @y[1]
+	pxor	@t[0], @y[0]
+	pxor	@t[1], @y[1]
+	pshufd	\$0x93, @t[2], @t[2]
+	pxor	@t[5], @y[0]
+	pxor	@t[6], @y[1]
+	pxor	@t[7], @y[0]
+	pshufd	\$0x93, @t[4], @t[4]
+	pxor	@t[6], @t[7]		# clobber t[7]
+	pxor	@y[0], @y[1]
+
+	pxor	@t[0], @y[3]
+	pshufd	\$0x93, @t[0], @t[0]
+	pxor	@t[1], @y[2]
+	pxor	@t[1], @y[4]
+	pxor	@t[2], @y[2]
+	pshufd	\$0x93, @t[1], @t[1]
+	pxor	@t[2], @y[3]
+	pxor	@t[2], @y[5]
+	pxor	@t[7], @y[2]
+	pshufd	\$0x93, @t[2], @t[2]
+	pxor	@t[3], @y[3]
+	pxor	@t[3], @y[6]
+	pxor	@t[3], @y[4]
+	pshufd	\$0x93, @t[3], @t[3]
+	pxor	@t[4], @y[7]
+	pxor	@t[4], @y[5]
+	pxor	@t[7], @y[7]
+	pxor	@t[5], @y[3]
+	pxor	@t[4], @y[4]
+	pxor	@t[5], @t[7]		# clobber t[7] even more
+
+	pxor	@t[7], @y[5]
+	pshufd	\$0x93, @t[4], @t[4]
+	pxor	@t[7], @y[6]
+	pxor	@t[7], @y[4]
+
+	pxor	@t[5], @t[7]
+	pshufd	\$0x93, @t[5], @t[5]
+	pxor	@t[6], @t[7]		# restore t[7]
+
+	# multiplication by 0x0d
+	pxor	@y[7], @y[4]
+	pxor	@t[4], @y[7]
+	pshufd	\$0x93, @t[6], @t[6]
+	pxor	@t[0], @y[2]
+	pxor	@t[5], @y[7]
+	pxor	@t[2], @y[2]
+	pshufd	\$0x93, @t[7], @t[7]
+
+	pxor	@y[1], @y[3]
+	pxor	@t[1], @y[1]
+	pxor	@t[0], @y[0]
+	pxor	@t[0], @y[3]
+	pxor	@t[5], @y[1]
+	pxor	@t[5], @y[0]
+	pxor	@t[7], @y[1]
+	pshufd	\$0x93, @t[0], @t[0]
+	pxor	@t[6], @y[0]
+	pxor	@y[1], @y[3]
+	pxor	@t[1], @y[4]
+	pshufd	\$0x93, @t[1], @t[1]
+
+	pxor	@t[7], @y[7]
+	pxor	@t[2], @y[4]
+	pxor	@t[2], @y[5]
+	pshufd	\$0x93, @t[2], @t[2]
+	pxor	@t[6], @y[2]
+	pxor	@t[3], @t[6]		# clobber t[6]
+	pxor	@y[7], @y[4]
+	pxor	@t[6], @y[3]
+
+	pxor	@t[6], @y[6]
+	pxor	@t[5], @y[5]
+	pxor	@t[4], @y[6]
+	pshufd	\$0x93, @t[4], @t[4]
+	pxor	@t[6], @y[5]
+	pxor	@t[7], @y[6]
+	pxor	@t[3], @t[6]		# restore t[6]
+
+	pshufd	\$0x93, @t[5], @t[5]
+	pshufd	\$0x93, @t[6], @t[6]
+	pshufd	\$0x93, @t[7], @t[7]
+	pshufd	\$0x93, @t[3], @t[3]
+
+	# multiplication by 0x09
+	pxor	@y[1], @y[4]
+	pxor	@y[1], @t[1]		# t[1]=y[1]
+	pxor	@t[5], @t[0]		# clobber t[0]
+	pxor	@t[5], @t[1]
+	pxor	@t[0], @y[3]
+	pxor	@y[0], @t[0]		# t[0]=y[0]
+	pxor	@t[6], @t[1]
+	pxor	@t[7], @t[6]		# clobber t[6]
+	pxor	@t[1], @y[4]
+	pxor	@t[4], @y[7]
+	pxor	@y[4], @t[4]		# t[4]=y[4]
+	pxor	@t[3], @y[6]
+	pxor	@y[3], @t[3]		# t[3]=y[3]
+	pxor	@t[2], @y[5]
+	pxor	@y[2], @t[2]		# t[2]=y[2]
+	pxor	@t[7], @t[3]
+	pxor	@y[5], @t[5]		# t[5]=y[5]
+	pxor	@t[6], @t[2]
+	pxor	@t[6], @t[5]
+	pxor	@y[6], @t[6]		# t[6]=y[6]
+	pxor	@y[7], @t[7]		# t[7]=y[7]
+
+	movdqa	@t[0],@XMM[0]
+	movdqa	@t[1],@XMM[1]
+	movdqa	@t[2],@XMM[2]
+	movdqa	@t[3],@XMM[3]
+	movdqa	@t[4],@XMM[4]
+	movdqa	@t[5],@XMM[5]
+	movdqa	@t[6],@XMM[6]
+	movdqa	@t[7],@XMM[7]
+___
+}
+
+sub InvMixColumns {
+my @x=@_[0..7];
+my @t=@_[8..15];
+
+# Thanks to Jussi Kivilinna for providing pointer to
+#
+# | 0e 0b 0d 09 |   | 02 03 01 01 |   | 05 00 04 00 |
+# | 09 0e 0b 0d | = | 01 02 03 01 | x | 00 05 00 04 |
+# | 0d 09 0e 0b |   | 01 01 02 03 |   | 04 00 05 00 |
+# | 0b 0d 09 0e |   | 03 01 01 02 |   | 00 04 00 05 |
+
+$code.=<<___;
+	# multiplication by 0x05-0x00-0x04-0x00
+	pshufd	\$0x4E, @x[0], @t[0]
+	pshufd	\$0x4E, @x[6], @t[6]
+	pxor	@x[0], @t[0]
+	pshufd	\$0x4E, @x[7], @t[7]
+	pxor	@x[6], @t[6]
+	pshufd	\$0x4E, @x[1], @t[1]
+	pxor	@x[7], @t[7]
+	pshufd	\$0x4E, @x[2], @t[2]
+	pxor	@x[1], @t[1]
+	pshufd	\$0x4E, @x[3], @t[3]
+	pxor	@x[2], @t[2]
+	 pxor	@t[6], @x[0]
+	 pxor	@t[6], @x[1]
+	pshufd	\$0x4E, @x[4], @t[4]
+	pxor	@x[3], @t[3]
+	 pxor	@t[0], @x[2]
+	 pxor	@t[1], @x[3]
+	pshufd	\$0x4E, @x[5], @t[5]
+	pxor	@x[4], @t[4]
+	 pxor	@t[7], @x[1]
+	 pxor	@t[2], @x[4]
+	pxor	@x[5], @t[5]
+
+	 pxor	@t[7], @x[2]
+	 pxor	@t[6], @x[3]
+	 pxor	@t[6], @x[4]
+	 pxor	@t[3], @x[5]
+	 pxor	@t[4], @x[6]
+	 pxor	@t[7], @x[4]
+	 pxor	@t[7], @x[5]
+	 pxor	@t[5], @x[7]
+___
+	&MixColumns	(@x,@t,1);	# flipped 2<->3 and 4<->6
+}
+
+sub aesenc {				# not used
+my @b=@_[0..7];
+my @t=@_[8..15];
+$code.=<<___;
+	movdqa	0x30($const),@t[0]	# .LSR
+___
+	&ShiftRows	(@b,@t[0]);
+	&Sbox		(@b,@t);
+	&MixColumns	(@b[0,1,4,6,3,7,2,5],@t);
+}
+
+sub aesenclast {			# not used
+my @b=@_[0..7];
+my @t=@_[8..15];
+$code.=<<___;
+	movdqa	0x40($const),@t[0]	# .LSRM0
+___
+	&ShiftRows	(@b,@t[0]);
+	&Sbox		(@b,@t);
+$code.=<<___
+	pxor	0x00($key),@b[0]
+	pxor	0x10($key),@b[1]
+	pxor	0x20($key),@b[4]
+	pxor	0x30($key),@b[6]
+	pxor	0x40($key),@b[3]
+	pxor	0x50($key),@b[7]
+	pxor	0x60($key),@b[2]
+	pxor	0x70($key),@b[5]
+___
+}
+
+sub swapmove {
+my ($a,$b,$n,$mask,$t)=@_;
+$code.=<<___;
+	movdqa	$b,$t
+	psrlq	\$$n,$b
+	pxor  	$a,$b
+	pand	$mask,$b
+	pxor	$b,$a
+	psllq	\$$n,$b
+	pxor	$t,$b
+___
+}
+sub swapmove2x {
+my ($a0,$b0,$a1,$b1,$n,$mask,$t0,$t1)=@_;
+$code.=<<___;
+	movdqa	$b0,$t0
+	psrlq	\$$n,$b0
+	 movdqa	$b1,$t1
+	 psrlq	\$$n,$b1
+	pxor  	$a0,$b0
+	 pxor  	$a1,$b1
+	pand	$mask,$b0
+	 pand	$mask,$b1
+	pxor	$b0,$a0
+	psllq	\$$n,$b0
+	 pxor	$b1,$a1
+	 psllq	\$$n,$b1
+	pxor	$t0,$b0
+	 pxor	$t1,$b1
+___
+}
+
+sub bitslice {
+my @x=reverse(@_[0..7]);
+my ($t0,$t1,$t2,$t3)=@_[8..11];
+$code.=<<___;
+	movdqa	0x00($const),$t0	# .LBS0
+	movdqa	0x10($const),$t1	# .LBS1
+___
+	&swapmove2x(@x[0,1,2,3],1,$t0,$t2,$t3);
+	&swapmove2x(@x[4,5,6,7],1,$t0,$t2,$t3);
+$code.=<<___;
+	movdqa	0x20($const),$t0	# .LBS2
+___
+	&swapmove2x(@x[0,2,1,3],2,$t1,$t2,$t3);
+	&swapmove2x(@x[4,6,5,7],2,$t1,$t2,$t3);
+
+	&swapmove2x(@x[0,4,1,5],4,$t0,$t2,$t3);
+	&swapmove2x(@x[2,6,3,7],4,$t0,$t2,$t3);
+}
+
+$code.=<<___;
+.text
+
+.extern	asm_AES_encrypt
+.extern	asm_AES_decrypt
+
+.type	_bsaes_encrypt8,\@abi-omnipotent
+.align	64
+_bsaes_encrypt8:
+.cfi_startproc
+	lea	.LBS0(%rip), $const	# constants table
+
+	movdqa	($key), @XMM[9]		# round 0 key
+	lea	0x10($key), $key
+	movdqa	0x50($const), @XMM[8]	# .LM0SR
+	pxor	@XMM[9], @XMM[0]	# xor with round0 key
+	pxor	@XMM[9], @XMM[1]
+	pxor	@XMM[9], @XMM[2]
+	pxor	@XMM[9], @XMM[3]
+	 pshufb	@XMM[8], @XMM[0]
+	 pshufb	@XMM[8], @XMM[1]
+	pxor	@XMM[9], @XMM[4]
+	pxor	@XMM[9], @XMM[5]
+	 pshufb	@XMM[8], @XMM[2]
+	 pshufb	@XMM[8], @XMM[3]
+	pxor	@XMM[9], @XMM[6]
+	pxor	@XMM[9], @XMM[7]
+	 pshufb	@XMM[8], @XMM[4]
+	 pshufb	@XMM[8], @XMM[5]
+	 pshufb	@XMM[8], @XMM[6]
+	 pshufb	@XMM[8], @XMM[7]
+_bsaes_encrypt8_bitslice:
+___
+	&bitslice	(@XMM[0..7, 8..11]);
+$code.=<<___;
+	dec	$rounds
+	jmp	.Lenc_sbox
+.align	16
+.Lenc_loop:
+___
+	&ShiftRows	(@XMM[0..7, 8]);
+$code.=".Lenc_sbox:\n";
+	&Sbox		(@XMM[0..7, 8..15]);
+$code.=<<___;
+	dec	$rounds
+	jl	.Lenc_done
+___
+	&MixColumns	(@XMM[0,1,4,6,3,7,2,5, 8..15]);
+$code.=<<___;
+	movdqa	0x30($const), @XMM[8]	# .LSR
+	jnz	.Lenc_loop
+	movdqa	0x40($const), @XMM[8]	# .LSRM0
+	jmp	.Lenc_loop
+.align	16
+.Lenc_done:
+___
+	# output in lsb > [t0, t1, t4, t6, t3, t7, t2, t5] < msb
+	&bitslice	(@XMM[0,1,4,6,3,7,2,5, 8..11]);
+$code.=<<___;
+	movdqa	($key), @XMM[8]		# last round key
+	pxor	@XMM[8], @XMM[4]
+	pxor	@XMM[8], @XMM[6]
+	pxor	@XMM[8], @XMM[3]
+	pxor	@XMM[8], @XMM[7]
+	pxor	@XMM[8], @XMM[2]
+	pxor	@XMM[8], @XMM[5]
+	pxor	@XMM[8], @XMM[0]
+	pxor	@XMM[8], @XMM[1]
+	ret
+.cfi_endproc
+.size	_bsaes_encrypt8,.-_bsaes_encrypt8
+
+.type	_bsaes_decrypt8,\@abi-omnipotent
+.align	64
+_bsaes_decrypt8:
+.cfi_startproc
+	lea	.LBS0(%rip), $const	# constants table
+
+	movdqa	($key), @XMM[9]		# round 0 key
+	lea	0x10($key), $key
+	movdqa	-0x30($const), @XMM[8]	# .LM0ISR
+	pxor	@XMM[9], @XMM[0]	# xor with round0 key
+	pxor	@XMM[9], @XMM[1]
+	pxor	@XMM[9], @XMM[2]
+	pxor	@XMM[9], @XMM[3]
+	 pshufb	@XMM[8], @XMM[0]
+	 pshufb	@XMM[8], @XMM[1]
+	pxor	@XMM[9], @XMM[4]
+	pxor	@XMM[9], @XMM[5]
+	 pshufb	@XMM[8], @XMM[2]
+	 pshufb	@XMM[8], @XMM[3]
+	pxor	@XMM[9], @XMM[6]
+	pxor	@XMM[9], @XMM[7]
+	 pshufb	@XMM[8], @XMM[4]
+	 pshufb	@XMM[8], @XMM[5]
+	 pshufb	@XMM[8], @XMM[6]
+	 pshufb	@XMM[8], @XMM[7]
+___
+	&bitslice	(@XMM[0..7, 8..11]);
+$code.=<<___;
+	dec	$rounds
+	jmp	.Ldec_sbox
+.align	16
+.Ldec_loop:
+___
+	&ShiftRows	(@XMM[0..7, 8]);
+$code.=".Ldec_sbox:\n";
+	&InvSbox	(@XMM[0..7, 8..15]);
+$code.=<<___;
+	dec	$rounds
+	jl	.Ldec_done
+___
+	&InvMixColumns	(@XMM[0,1,6,4,2,7,3,5, 8..15]);
+$code.=<<___;
+	movdqa	-0x10($const), @XMM[8]	# .LISR
+	jnz	.Ldec_loop
+	movdqa	-0x20($const), @XMM[8]	# .LISRM0
+	jmp	.Ldec_loop
+.align	16
+.Ldec_done:
+___
+	&bitslice	(@XMM[0,1,6,4,2,7,3,5, 8..11]);
+$code.=<<___;
+	movdqa	($key), @XMM[8]		# last round key
+	pxor	@XMM[8], @XMM[6]
+	pxor	@XMM[8], @XMM[4]
+	pxor	@XMM[8], @XMM[2]
+	pxor	@XMM[8], @XMM[7]
+	pxor	@XMM[8], @XMM[3]
+	pxor	@XMM[8], @XMM[5]
+	pxor	@XMM[8], @XMM[0]
+	pxor	@XMM[8], @XMM[1]
+	ret
+.cfi_endproc
+.size	_bsaes_decrypt8,.-_bsaes_decrypt8
+___
+}
+{
+my ($out,$inp,$rounds,$const)=("%rax","%rcx","%r10d","%r11");
+
+sub bitslice_key {
+my @x=reverse(@_[0..7]);
+my ($bs0,$bs1,$bs2,$t2,$t3)=@_[8..12];
+
+	&swapmove	(@x[0,1],1,$bs0,$t2,$t3);
+$code.=<<___;
+	#&swapmove(@x[2,3],1,$t0,$t2,$t3);
+	movdqa	@x[0], @x[2]
+	movdqa	@x[1], @x[3]
+___
+	#&swapmove2x(@x[4,5,6,7],1,$t0,$t2,$t3);
+
+	&swapmove2x	(@x[0,2,1,3],2,$bs1,$t2,$t3);
+$code.=<<___;
+	#&swapmove2x(@x[4,6,5,7],2,$t1,$t2,$t3);
+	movdqa	@x[0], @x[4]
+	movdqa	@x[2], @x[6]
+	movdqa	@x[1], @x[5]
+	movdqa	@x[3], @x[7]
+___
+	&swapmove2x	(@x[0,4,1,5],4,$bs2,$t2,$t3);
+	&swapmove2x	(@x[2,6,3,7],4,$bs2,$t2,$t3);
+}
+
+$code.=<<___;
+.type	_bsaes_key_convert,\@abi-omnipotent
+.align	16
+_bsaes_key_convert:
+.cfi_startproc
+	lea	.Lmasks(%rip), $const
+	movdqu	($inp), %xmm7		# load round 0 key
+	lea	0x10($inp), $inp
+	movdqa	0x00($const), %xmm0	# 0x01...
+	movdqa	0x10($const), %xmm1	# 0x02...
+	movdqa	0x20($const), %xmm2	# 0x04...
+	movdqa	0x30($const), %xmm3	# 0x08...
+	movdqa	0x40($const), %xmm4	# .LM0
+	pcmpeqd	%xmm5, %xmm5		# .LNOT
+
+	movdqu	($inp), %xmm6		# load round 1 key
+	movdqa	%xmm7, ($out)		# save round 0 key
+	lea	0x10($out), $out
+	dec	$rounds
+	jmp	.Lkey_loop
+.align	16
+.Lkey_loop:
+	pshufb	%xmm4, %xmm6		# .LM0
+
+	movdqa	%xmm0,	%xmm8
+	movdqa	%xmm1,	%xmm9
+
+	pand	%xmm6,	%xmm8
+	pand	%xmm6,	%xmm9
+	movdqa	%xmm2,	%xmm10
+	pcmpeqb	%xmm0,	%xmm8
+	psllq	\$4,	%xmm0		# 0x10...
+	movdqa	%xmm3,	%xmm11
+	pcmpeqb	%xmm1,	%xmm9
+	psllq	\$4,	%xmm1		# 0x20...
+
+	pand	%xmm6,	%xmm10
+	pand	%xmm6,	%xmm11
+	movdqa	%xmm0,	%xmm12
+	pcmpeqb	%xmm2,	%xmm10
+	psllq	\$4,	%xmm2		# 0x40...
+	movdqa	%xmm1,	%xmm13
+	pcmpeqb	%xmm3,	%xmm11
+	psllq	\$4,	%xmm3		# 0x80...
+
+	movdqa	%xmm2,	%xmm14
+	movdqa	%xmm3,	%xmm15
+	 pxor	%xmm5,	%xmm8		# "pnot"
+	 pxor	%xmm5,	%xmm9
+
+	pand	%xmm6,	%xmm12
+	pand	%xmm6,	%xmm13
+	 movdqa	%xmm8, 0x00($out)	# write bit-sliced round key
+	pcmpeqb	%xmm0,	%xmm12
+	psrlq	\$4,	%xmm0		# 0x01...
+	 movdqa	%xmm9, 0x10($out)
+	pcmpeqb	%xmm1,	%xmm13
+	psrlq	\$4,	%xmm1		# 0x02...
+	 lea	0x10($inp), $inp
+
+	pand	%xmm6,	%xmm14
+	pand	%xmm6,	%xmm15
+	 movdqa	%xmm10, 0x20($out)
+	pcmpeqb	%xmm2,	%xmm14
+	psrlq	\$4,	%xmm2		# 0x04...
+	 movdqa	%xmm11, 0x30($out)
+	pcmpeqb	%xmm3,	%xmm15
+	psrlq	\$4,	%xmm3		# 0x08...
+	 movdqu	($inp), %xmm6		# load next round key
+
+	pxor	%xmm5, %xmm13		# "pnot"
+	pxor	%xmm5, %xmm14
+	movdqa	%xmm12, 0x40($out)
+	movdqa	%xmm13, 0x50($out)
+	movdqa	%xmm14, 0x60($out)
+	movdqa	%xmm15, 0x70($out)
+	lea	0x80($out),$out
+	dec	$rounds
+	jnz	.Lkey_loop
+
+	movdqa	0x50($const), %xmm7	# .L63
+	#movdqa	%xmm6, ($out)		# don't save last round key
+	ret
+.cfi_endproc
+.size	_bsaes_key_convert,.-_bsaes_key_convert
+___
+}
+
+if (0 && !$win64) {	# following four functions are unsupported interface
+			# used for benchmarking...
+$code.=<<___;
+.globl	bsaes_enc_key_convert
+.type	bsaes_enc_key_convert,\@function,2
+.align	16
+bsaes_enc_key_convert:
+	mov	240($inp),%r10d		# pass rounds
+	mov	$inp,%rcx		# pass key
+	mov	$out,%rax		# pass key schedule
+	call	_bsaes_key_convert
+	pxor	%xmm6,%xmm7		# fix up last round key
+	movdqa	%xmm7,(%rax)		# save last round key
+	ret
+.size	bsaes_enc_key_convert,.-bsaes_enc_key_convert
+
+.globl	bsaes_encrypt_128
+.type	bsaes_encrypt_128,\@function,4
+.align	16
+bsaes_encrypt_128:
+.Lenc128_loop:
+	movdqu	0x00($inp), @XMM[0]	# load input
+	movdqu	0x10($inp), @XMM[1]
+	movdqu	0x20($inp), @XMM[2]
+	movdqu	0x30($inp), @XMM[3]
+	movdqu	0x40($inp), @XMM[4]
+	movdqu	0x50($inp), @XMM[5]
+	movdqu	0x60($inp), @XMM[6]
+	movdqu	0x70($inp), @XMM[7]
+	mov	$key, %rax		# pass the $key
+	lea	0x80($inp), $inp
+	mov	\$10,%r10d
+
+	call	_bsaes_encrypt8
+
+	movdqu	@XMM[0], 0x00($out)	# write output
+	movdqu	@XMM[1], 0x10($out)
+	movdqu	@XMM[4], 0x20($out)
+	movdqu	@XMM[6], 0x30($out)
+	movdqu	@XMM[3], 0x40($out)
+	movdqu	@XMM[7], 0x50($out)
+	movdqu	@XMM[2], 0x60($out)
+	movdqu	@XMM[5], 0x70($out)
+	lea	0x80($out), $out
+	sub	\$0x80,$len
+	ja	.Lenc128_loop
+	ret
+.size	bsaes_encrypt_128,.-bsaes_encrypt_128
+
+.globl	bsaes_dec_key_convert
+.type	bsaes_dec_key_convert,\@function,2
+.align	16
+bsaes_dec_key_convert:
+	mov	240($inp),%r10d		# pass rounds
+	mov	$inp,%rcx		# pass key
+	mov	$out,%rax		# pass key schedule
+	call	_bsaes_key_convert
+	pxor	($out),%xmm7		# fix up round 0 key
+	movdqa	%xmm6,(%rax)		# save last round key
+	movdqa	%xmm7,($out)
+	ret
+.size	bsaes_dec_key_convert,.-bsaes_dec_key_convert
+
+.globl	bsaes_decrypt_128
+.type	bsaes_decrypt_128,\@function,4
+.align	16
+bsaes_decrypt_128:
+.Ldec128_loop:
+	movdqu	0x00($inp), @XMM[0]	# load input
+	movdqu	0x10($inp), @XMM[1]
+	movdqu	0x20($inp), @XMM[2]
+	movdqu	0x30($inp), @XMM[3]
+	movdqu	0x40($inp), @XMM[4]
+	movdqu	0x50($inp), @XMM[5]
+	movdqu	0x60($inp), @XMM[6]
+	movdqu	0x70($inp), @XMM[7]
+	mov	$key, %rax		# pass the $key
+	lea	0x80($inp), $inp
+	mov	\$10,%r10d
+
+	call	_bsaes_decrypt8
+
+	movdqu	@XMM[0], 0x00($out)	# write output
+	movdqu	@XMM[1], 0x10($out)
+	movdqu	@XMM[6], 0x20($out)
+	movdqu	@XMM[4], 0x30($out)
+	movdqu	@XMM[2], 0x40($out)
+	movdqu	@XMM[7], 0x50($out)
+	movdqu	@XMM[3], 0x60($out)
+	movdqu	@XMM[5], 0x70($out)
+	lea	0x80($out), $out
+	sub	\$0x80,$len
+	ja	.Ldec128_loop
+	ret
+.size	bsaes_decrypt_128,.-bsaes_decrypt_128
+___
+}
+{
+######################################################################
+#
+# OpenSSL interface
+#
+my ($arg1,$arg2,$arg3,$arg4,$arg5,$arg6)=$win64	? ("%rcx","%rdx","%r8","%r9","%r10","%r11d")
+						: ("%rdi","%rsi","%rdx","%rcx","%r8","%r9d");
+my ($inp,$out,$len,$key)=("%r12","%r13","%r14","%r15");
+
+if ($ecb) {
+$code.=<<___;
+.globl	bsaes_ecb_encrypt_blocks
+.type	bsaes_ecb_encrypt_blocks,\@abi-omnipotent
+.align	16
+bsaes_ecb_encrypt_blocks:
+.cfi_startproc
+	mov	%rsp, %rax
+.Lecb_enc_prologue:
+	push	%rbp
+.cfi_push	%rbp
+	push	%rbx
+.cfi_push	%rbx
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+	lea	-0x48(%rsp),%rsp
+.cfi_adjust_cfa_offset	0x48
+___
+$code.=<<___ if ($win64);
+	lea	-0xa0(%rsp), %rsp
+	movaps	%xmm6, 0x40(%rsp)
+	movaps	%xmm7, 0x50(%rsp)
+	movaps	%xmm8, 0x60(%rsp)
+	movaps	%xmm9, 0x70(%rsp)
+	movaps	%xmm10, 0x80(%rsp)
+	movaps	%xmm11, 0x90(%rsp)
+	movaps	%xmm12, 0xa0(%rsp)
+	movaps	%xmm13, 0xb0(%rsp)
+	movaps	%xmm14, 0xc0(%rsp)
+	movaps	%xmm15, 0xd0(%rsp)
+.Lecb_enc_body:
+___
+$code.=<<___;
+	mov	%rsp,%rbp		# backup %rsp
+.cfi_def_cfa_register	%rbp
+	mov	240($arg4),%eax		# rounds
+	mov	$arg1,$inp		# backup arguments
+	mov	$arg2,$out
+	mov	$arg3,$len
+	mov	$arg4,$key
+	cmp	\$8,$arg3
+	jb	.Lecb_enc_short
+
+	mov	%eax,%ebx		# backup rounds
+	shl	\$7,%rax		# 128 bytes per inner round key
+	sub	\$`128-32`,%rax		# size of bit-sliced key schedule
+	sub	%rax,%rsp
+	mov	%rsp,%rax		# pass key schedule
+	mov	$key,%rcx		# pass key
+	mov	%ebx,%r10d		# pass rounds
+	call	_bsaes_key_convert
+	pxor	%xmm6,%xmm7		# fix up last round key
+	movdqa	%xmm7,(%rax)		# save last round key
+
+	sub	\$8,$len
+.Lecb_enc_loop:
+	movdqu	0x00($inp), @XMM[0]	# load input
+	movdqu	0x10($inp), @XMM[1]
+	movdqu	0x20($inp), @XMM[2]
+	movdqu	0x30($inp), @XMM[3]
+	movdqu	0x40($inp), @XMM[4]
+	movdqu	0x50($inp), @XMM[5]
+	mov	%rsp, %rax		# pass key schedule
+	movdqu	0x60($inp), @XMM[6]
+	mov	%ebx,%r10d		# pass rounds
+	movdqu	0x70($inp), @XMM[7]
+	lea	0x80($inp), $inp
+
+	call	_bsaes_encrypt8
+
+	movdqu	@XMM[0], 0x00($out)	# write output
+	movdqu	@XMM[1], 0x10($out)
+	movdqu	@XMM[4], 0x20($out)
+	movdqu	@XMM[6], 0x30($out)
+	movdqu	@XMM[3], 0x40($out)
+	movdqu	@XMM[7], 0x50($out)
+	movdqu	@XMM[2], 0x60($out)
+	movdqu	@XMM[5], 0x70($out)
+	lea	0x80($out), $out
+	sub	\$8,$len
+	jnc	.Lecb_enc_loop
+
+	add	\$8,$len
+	jz	.Lecb_enc_done
+
+	movdqu	0x00($inp), @XMM[0]	# load input
+	mov	%rsp, %rax		# pass key schedule
+	mov	%ebx,%r10d		# pass rounds
+	cmp	\$2,$len
+	jb	.Lecb_enc_one
+	movdqu	0x10($inp), @XMM[1]
+	je	.Lecb_enc_two
+	movdqu	0x20($inp), @XMM[2]
+	cmp	\$4,$len
+	jb	.Lecb_enc_three
+	movdqu	0x30($inp), @XMM[3]
+	je	.Lecb_enc_four
+	movdqu	0x40($inp), @XMM[4]
+	cmp	\$6,$len
+	jb	.Lecb_enc_five
+	movdqu	0x50($inp), @XMM[5]
+	je	.Lecb_enc_six
+	movdqu	0x60($inp), @XMM[6]
+	call	_bsaes_encrypt8
+	movdqu	@XMM[0], 0x00($out)	# write output
+	movdqu	@XMM[1], 0x10($out)
+	movdqu	@XMM[4], 0x20($out)
+	movdqu	@XMM[6], 0x30($out)
+	movdqu	@XMM[3], 0x40($out)
+	movdqu	@XMM[7], 0x50($out)
+	movdqu	@XMM[2], 0x60($out)
+	jmp	.Lecb_enc_done
+.align	16
+.Lecb_enc_six:
+	call	_bsaes_encrypt8
+	movdqu	@XMM[0], 0x00($out)	# write output
+	movdqu	@XMM[1], 0x10($out)
+	movdqu	@XMM[4], 0x20($out)
+	movdqu	@XMM[6], 0x30($out)
+	movdqu	@XMM[3], 0x40($out)
+	movdqu	@XMM[7], 0x50($out)
+	jmp	.Lecb_enc_done
+.align	16
+.Lecb_enc_five:
+	call	_bsaes_encrypt8
+	movdqu	@XMM[0], 0x00($out)	# write output
+	movdqu	@XMM[1], 0x10($out)
+	movdqu	@XMM[4], 0x20($out)
+	movdqu	@XMM[6], 0x30($out)
+	movdqu	@XMM[3], 0x40($out)
+	jmp	.Lecb_enc_done
+.align	16
+.Lecb_enc_four:
+	call	_bsaes_encrypt8
+	movdqu	@XMM[0], 0x00($out)	# write output
+	movdqu	@XMM[1], 0x10($out)
+	movdqu	@XMM[4], 0x20($out)
+	movdqu	@XMM[6], 0x30($out)
+	jmp	.Lecb_enc_done
+.align	16
+.Lecb_enc_three:
+	call	_bsaes_encrypt8
+	movdqu	@XMM[0], 0x00($out)	# write output
+	movdqu	@XMM[1], 0x10($out)
+	movdqu	@XMM[4], 0x20($out)
+	jmp	.Lecb_enc_done
+.align	16
+.Lecb_enc_two:
+	call	_bsaes_encrypt8
+	movdqu	@XMM[0], 0x00($out)	# write output
+	movdqu	@XMM[1], 0x10($out)
+	jmp	.Lecb_enc_done
+.align	16
+.Lecb_enc_one:
+	call	_bsaes_encrypt8
+	movdqu	@XMM[0], 0x00($out)	# write output
+	jmp	.Lecb_enc_done
+.align	16
+.Lecb_enc_short:
+	lea	($inp), $arg1
+	lea	($out), $arg2
+	lea	($key), $arg3
+	call	asm_AES_encrypt
+	lea	16($inp), $inp
+	lea	16($out), $out
+	dec	$len
+	jnz	.Lecb_enc_short
+
+.Lecb_enc_done:
+	lea	(%rsp),%rax
+	pxor	%xmm0, %xmm0
+.Lecb_enc_bzero:			# wipe key schedule [if any]
+	movdqa	%xmm0, 0x00(%rax)
+	movdqa	%xmm0, 0x10(%rax)
+	lea	0x20(%rax), %rax
+	cmp	%rax, %rbp
+	jb	.Lecb_enc_bzero
+
+	lea	0x78(%rbp),%rax
+.cfi_def_cfa	%rax,8
+___
+$code.=<<___ if ($win64);
+	movaps	0x40(%rbp), %xmm6
+	movaps	0x50(%rbp), %xmm7
+	movaps	0x60(%rbp), %xmm8
+	movaps	0x70(%rbp), %xmm9
+	movaps	0x80(%rbp), %xmm10
+	movaps	0x90(%rbp), %xmm11
+	movaps	0xa0(%rbp), %xmm12
+	movaps	0xb0(%rbp), %xmm13
+	movaps	0xc0(%rbp), %xmm14
+	movaps	0xd0(%rbp), %xmm15
+	lea	0xa0(%rax), %rax
+.Lecb_enc_tail:
+___
+$code.=<<___;
+	mov	-48(%rax), %r15
+.cfi_restore	%r15
+	mov	-40(%rax), %r14
+.cfi_restore	%r14
+	mov	-32(%rax), %r13
+.cfi_restore	%r13
+	mov	-24(%rax), %r12
+.cfi_restore	%r12
+	mov	-16(%rax), %rbx
+.cfi_restore	%rbx
+	mov	-8(%rax), %rbp
+.cfi_restore	%rbp
+	lea	(%rax), %rsp		# restore %rsp
+.cfi_def_cfa_register	%rsp
+.Lecb_enc_epilogue:
+	ret
+.cfi_endproc
+.size	bsaes_ecb_encrypt_blocks,.-bsaes_ecb_encrypt_blocks
+
+.globl	bsaes_ecb_decrypt_blocks
+.type	bsaes_ecb_decrypt_blocks,\@abi-omnipotent
+.align	16
+bsaes_ecb_decrypt_blocks:
+.cfi_startproc
+	mov	%rsp, %rax
+.Lecb_dec_prologue:
+	push	%rbp
+.cfi_push	%rbp
+	push	%rbx
+.cfi_push	%rbx
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+	lea	-0x48(%rsp),%rsp
+.cfi_adjust_cfa_offset	0x48
+___
+$code.=<<___ if ($win64);
+	lea	-0xa0(%rsp), %rsp
+	movaps	%xmm6, 0x40(%rsp)
+	movaps	%xmm7, 0x50(%rsp)
+	movaps	%xmm8, 0x60(%rsp)
+	movaps	%xmm9, 0x70(%rsp)
+	movaps	%xmm10, 0x80(%rsp)
+	movaps	%xmm11, 0x90(%rsp)
+	movaps	%xmm12, 0xa0(%rsp)
+	movaps	%xmm13, 0xb0(%rsp)
+	movaps	%xmm14, 0xc0(%rsp)
+	movaps	%xmm15, 0xd0(%rsp)
+.Lecb_dec_body:
+___
+$code.=<<___;
+	mov	%rsp,%rbp		# backup %rsp
+.cfi_def_cfa_register	%rbp
+	mov	240($arg4),%eax		# rounds
+	mov	$arg1,$inp		# backup arguments
+	mov	$arg2,$out
+	mov	$arg3,$len
+	mov	$arg4,$key
+	cmp	\$8,$arg3
+	jb	.Lecb_dec_short
+
+	mov	%eax,%ebx		# backup rounds
+	shl	\$7,%rax		# 128 bytes per inner round key
+	sub	\$`128-32`,%rax		# size of bit-sliced key schedule
+	sub	%rax,%rsp
+	mov	%rsp,%rax		# pass key schedule
+	mov	$key,%rcx		# pass key
+	mov	%ebx,%r10d		# pass rounds
+	call	_bsaes_key_convert
+	pxor	(%rsp),%xmm7		# fix up 0 round key
+	movdqa	%xmm6,(%rax)		# save last round key
+	movdqa	%xmm7,(%rsp)
+
+	sub	\$8,$len
+.Lecb_dec_loop:
+	movdqu	0x00($inp), @XMM[0]	# load input
+	movdqu	0x10($inp), @XMM[1]
+	movdqu	0x20($inp), @XMM[2]
+	movdqu	0x30($inp), @XMM[3]
+	movdqu	0x40($inp), @XMM[4]
+	movdqu	0x50($inp), @XMM[5]
+	mov	%rsp, %rax		# pass key schedule
+	movdqu	0x60($inp), @XMM[6]
+	mov	%ebx,%r10d		# pass rounds
+	movdqu	0x70($inp), @XMM[7]
+	lea	0x80($inp), $inp
+
+	call	_bsaes_decrypt8
+
+	movdqu	@XMM[0], 0x00($out)	# write output
+	movdqu	@XMM[1], 0x10($out)
+	movdqu	@XMM[6], 0x20($out)
+	movdqu	@XMM[4], 0x30($out)
+	movdqu	@XMM[2], 0x40($out)
+	movdqu	@XMM[7], 0x50($out)
+	movdqu	@XMM[3], 0x60($out)
+	movdqu	@XMM[5], 0x70($out)
+	lea	0x80($out), $out
+	sub	\$8,$len
+	jnc	.Lecb_dec_loop
+
+	add	\$8,$len
+	jz	.Lecb_dec_done
+
+	movdqu	0x00($inp), @XMM[0]	# load input
+	mov	%rsp, %rax		# pass key schedule
+	mov	%ebx,%r10d		# pass rounds
+	cmp	\$2,$len
+	jb	.Lecb_dec_one
+	movdqu	0x10($inp), @XMM[1]
+	je	.Lecb_dec_two
+	movdqu	0x20($inp), @XMM[2]
+	cmp	\$4,$len
+	jb	.Lecb_dec_three
+	movdqu	0x30($inp), @XMM[3]
+	je	.Lecb_dec_four
+	movdqu	0x40($inp), @XMM[4]
+	cmp	\$6,$len
+	jb	.Lecb_dec_five
+	movdqu	0x50($inp), @XMM[5]
+	je	.Lecb_dec_six
+	movdqu	0x60($inp), @XMM[6]
+	call	_bsaes_decrypt8
+	movdqu	@XMM[0], 0x00($out)	# write output
+	movdqu	@XMM[1], 0x10($out)
+	movdqu	@XMM[6], 0x20($out)
+	movdqu	@XMM[4], 0x30($out)
+	movdqu	@XMM[2], 0x40($out)
+	movdqu	@XMM[7], 0x50($out)
+	movdqu	@XMM[3], 0x60($out)
+	jmp	.Lecb_dec_done
+.align	16
+.Lecb_dec_six:
+	call	_bsaes_decrypt8
+	movdqu	@XMM[0], 0x00($out)	# write output
+	movdqu	@XMM[1], 0x10($out)
+	movdqu	@XMM[6], 0x20($out)
+	movdqu	@XMM[4], 0x30($out)
+	movdqu	@XMM[2], 0x40($out)
+	movdqu	@XMM[7], 0x50($out)
+	jmp	.Lecb_dec_done
+.align	16
+.Lecb_dec_five:
+	call	_bsaes_decrypt8
+	movdqu	@XMM[0], 0x00($out)	# write output
+	movdqu	@XMM[1], 0x10($out)
+	movdqu	@XMM[6], 0x20($out)
+	movdqu	@XMM[4], 0x30($out)
+	movdqu	@XMM[2], 0x40($out)
+	jmp	.Lecb_dec_done
+.align	16
+.Lecb_dec_four:
+	call	_bsaes_decrypt8
+	movdqu	@XMM[0], 0x00($out)	# write output
+	movdqu	@XMM[1], 0x10($out)
+	movdqu	@XMM[6], 0x20($out)
+	movdqu	@XMM[4], 0x30($out)
+	jmp	.Lecb_dec_done
+.align	16
+.Lecb_dec_three:
+	call	_bsaes_decrypt8
+	movdqu	@XMM[0], 0x00($out)	# write output
+	movdqu	@XMM[1], 0x10($out)
+	movdqu	@XMM[6], 0x20($out)
+	jmp	.Lecb_dec_done
+.align	16
+.Lecb_dec_two:
+	call	_bsaes_decrypt8
+	movdqu	@XMM[0], 0x00($out)	# write output
+	movdqu	@XMM[1], 0x10($out)
+	jmp	.Lecb_dec_done
+.align	16
+.Lecb_dec_one:
+	call	_bsaes_decrypt8
+	movdqu	@XMM[0], 0x00($out)	# write output
+	jmp	.Lecb_dec_done
+.align	16
+.Lecb_dec_short:
+	lea	($inp), $arg1
+	lea	($out), $arg2
+	lea	($key), $arg3
+	call	asm_AES_decrypt
+	lea	16($inp), $inp
+	lea	16($out), $out
+	dec	$len
+	jnz	.Lecb_dec_short
+
+.Lecb_dec_done:
+	lea	(%rsp),%rax
+	pxor	%xmm0, %xmm0
+.Lecb_dec_bzero:			# wipe key schedule [if any]
+	movdqa	%xmm0, 0x00(%rax)
+	movdqa	%xmm0, 0x10(%rax)
+	lea	0x20(%rax), %rax
+	cmp	%rax, %rbp
+	jb	.Lecb_dec_bzero
+
+	lea	0x78(%rbp),%rax
+.cfi_def_cfa	%rax,8
+___
+$code.=<<___ if ($win64);
+	movaps	0x40(%rbp), %xmm6
+	movaps	0x50(%rbp), %xmm7
+	movaps	0x60(%rbp), %xmm8
+	movaps	0x70(%rbp), %xmm9
+	movaps	0x80(%rbp), %xmm10
+	movaps	0x90(%rbp), %xmm11
+	movaps	0xa0(%rbp), %xmm12
+	movaps	0xb0(%rbp), %xmm13
+	movaps	0xc0(%rbp), %xmm14
+	movaps	0xd0(%rbp), %xmm15
+	lea	0xa0(%rax), %rax
+.Lecb_dec_tail:
+___
+$code.=<<___;
+	mov	-48(%rax), %r15
+.cfi_restore	%r15
+	mov	-40(%rax), %r14
+.cfi_restore	%r14
+	mov	-32(%rax), %r13
+.cfi_restore	%r13
+	mov	-24(%rax), %r12
+.cfi_restore	%r12
+	mov	-16(%rax), %rbx
+.cfi_restore	%rbx
+	mov	-8(%rax), %rbp
+.cfi_restore	%rbp
+	lea	(%rax), %rsp		# restore %rsp
+.cfi_def_cfa_register	%rsp
+.Lecb_dec_epilogue:
+	ret
+.cfi_endproc
+.size	bsaes_ecb_decrypt_blocks,.-bsaes_ecb_decrypt_blocks
+___
+}
+$code.=<<___;
+.extern	asm_AES_cbc_encrypt
+.globl	bsaes_cbc_encrypt
+.type	bsaes_cbc_encrypt,\@abi-omnipotent
+.align	16
+bsaes_cbc_encrypt:
+.cfi_startproc
+___
+$code.=<<___ if ($win64);
+	mov	48(%rsp),$arg6		# pull direction flag
+___
+$code.=<<___;
+	cmp	\$0,$arg6
+	jne	asm_AES_cbc_encrypt
+	cmp	\$128,$arg3
+	jb	asm_AES_cbc_encrypt
+
+	mov	%rsp, %rax
+.Lcbc_dec_prologue:
+	push	%rbp
+.cfi_push	%rbp
+	push	%rbx
+.cfi_push	%rbx
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+	lea	-0x48(%rsp), %rsp
+.cfi_adjust_cfa_offset	0x48
+___
+$code.=<<___ if ($win64);
+	mov	0xa0(%rsp),$arg5	# pull ivp
+	lea	-0xa0(%rsp), %rsp
+	movaps	%xmm6, 0x40(%rsp)
+	movaps	%xmm7, 0x50(%rsp)
+	movaps	%xmm8, 0x60(%rsp)
+	movaps	%xmm9, 0x70(%rsp)
+	movaps	%xmm10, 0x80(%rsp)
+	movaps	%xmm11, 0x90(%rsp)
+	movaps	%xmm12, 0xa0(%rsp)
+	movaps	%xmm13, 0xb0(%rsp)
+	movaps	%xmm14, 0xc0(%rsp)
+	movaps	%xmm15, 0xd0(%rsp)
+.Lcbc_dec_body:
+___
+$code.=<<___;
+	mov	%rsp, %rbp		# backup %rsp
+.cfi_def_cfa_register	%rbp
+	mov	240($arg4), %eax	# rounds
+	mov	$arg1, $inp		# backup arguments
+	mov	$arg2, $out
+	mov	$arg3, $len
+	mov	$arg4, $key
+	mov	$arg5, %rbx
+	shr	\$4, $len		# bytes to blocks
+
+	mov	%eax, %edx		# rounds
+	shl	\$7, %rax		# 128 bytes per inner round key
+	sub	\$`128-32`, %rax	# size of bit-sliced key schedule
+	sub	%rax, %rsp
+
+	mov	%rsp, %rax		# pass key schedule
+	mov	$key, %rcx		# pass key
+	mov	%edx, %r10d		# pass rounds
+	call	_bsaes_key_convert
+	pxor	(%rsp),%xmm7		# fix up 0 round key
+	movdqa	%xmm6,(%rax)		# save last round key
+	movdqa	%xmm7,(%rsp)
+
+	movdqu	(%rbx), @XMM[15]	# load IV
+	sub	\$8,$len
+.Lcbc_dec_loop:
+	movdqu	0x00($inp), @XMM[0]	# load input
+	movdqu	0x10($inp), @XMM[1]
+	movdqu	0x20($inp), @XMM[2]
+	movdqu	0x30($inp), @XMM[3]
+	movdqu	0x40($inp), @XMM[4]
+	movdqu	0x50($inp), @XMM[5]
+	mov	%rsp, %rax		# pass key schedule
+	movdqu	0x60($inp), @XMM[6]
+	mov	%edx,%r10d		# pass rounds
+	movdqu	0x70($inp), @XMM[7]
+	movdqa	@XMM[15], 0x20(%rbp)	# put aside IV
+
+	call	_bsaes_decrypt8
+
+	pxor	0x20(%rbp), @XMM[0]	# ^= IV
+	movdqu	0x00($inp), @XMM[8]	# re-load input
+	movdqu	0x10($inp), @XMM[9]
+	pxor	@XMM[8], @XMM[1]
+	movdqu	0x20($inp), @XMM[10]
+	pxor	@XMM[9], @XMM[6]
+	movdqu	0x30($inp), @XMM[11]
+	pxor	@XMM[10], @XMM[4]
+	movdqu	0x40($inp), @XMM[12]
+	pxor	@XMM[11], @XMM[2]
+	movdqu	0x50($inp), @XMM[13]
+	pxor	@XMM[12], @XMM[7]
+	movdqu	0x60($inp), @XMM[14]
+	pxor	@XMM[13], @XMM[3]
+	movdqu	0x70($inp), @XMM[15]	# IV
+	pxor	@XMM[14], @XMM[5]
+	movdqu	@XMM[0], 0x00($out)	# write output
+	lea	0x80($inp), $inp
+	movdqu	@XMM[1], 0x10($out)
+	movdqu	@XMM[6], 0x20($out)
+	movdqu	@XMM[4], 0x30($out)
+	movdqu	@XMM[2], 0x40($out)
+	movdqu	@XMM[7], 0x50($out)
+	movdqu	@XMM[3], 0x60($out)
+	movdqu	@XMM[5], 0x70($out)
+	lea	0x80($out), $out
+	sub	\$8,$len
+	jnc	.Lcbc_dec_loop
+
+	add	\$8,$len
+	jz	.Lcbc_dec_done
+
+	movdqu	0x00($inp), @XMM[0]	# load input
+	mov	%rsp, %rax		# pass key schedule
+	mov	%edx, %r10d		# pass rounds
+	cmp	\$2,$len
+	jb	.Lcbc_dec_one
+	movdqu	0x10($inp), @XMM[1]
+	je	.Lcbc_dec_two
+	movdqu	0x20($inp), @XMM[2]
+	cmp	\$4,$len
+	jb	.Lcbc_dec_three
+	movdqu	0x30($inp), @XMM[3]
+	je	.Lcbc_dec_four
+	movdqu	0x40($inp), @XMM[4]
+	cmp	\$6,$len
+	jb	.Lcbc_dec_five
+	movdqu	0x50($inp), @XMM[5]
+	je	.Lcbc_dec_six
+	movdqu	0x60($inp), @XMM[6]
+	movdqa	@XMM[15], 0x20(%rbp)	# put aside IV
+	call	_bsaes_decrypt8
+	pxor	0x20(%rbp), @XMM[0]	# ^= IV
+	movdqu	0x00($inp), @XMM[8]	# re-load input
+	movdqu	0x10($inp), @XMM[9]
+	pxor	@XMM[8], @XMM[1]
+	movdqu	0x20($inp), @XMM[10]
+	pxor	@XMM[9], @XMM[6]
+	movdqu	0x30($inp), @XMM[11]
+	pxor	@XMM[10], @XMM[4]
+	movdqu	0x40($inp), @XMM[12]
+	pxor	@XMM[11], @XMM[2]
+	movdqu	0x50($inp), @XMM[13]
+	pxor	@XMM[12], @XMM[7]
+	movdqu	0x60($inp), @XMM[15]	# IV
+	pxor	@XMM[13], @XMM[3]
+	movdqu	@XMM[0], 0x00($out)	# write output
+	movdqu	@XMM[1], 0x10($out)
+	movdqu	@XMM[6], 0x20($out)
+	movdqu	@XMM[4], 0x30($out)
+	movdqu	@XMM[2], 0x40($out)
+	movdqu	@XMM[7], 0x50($out)
+	movdqu	@XMM[3], 0x60($out)
+	jmp	.Lcbc_dec_done
+.align	16
+.Lcbc_dec_six:
+	movdqa	@XMM[15], 0x20(%rbp)	# put aside IV
+	call	_bsaes_decrypt8
+	pxor	0x20(%rbp), @XMM[0]	# ^= IV
+	movdqu	0x00($inp), @XMM[8]	# re-load input
+	movdqu	0x10($inp), @XMM[9]
+	pxor	@XMM[8], @XMM[1]
+	movdqu	0x20($inp), @XMM[10]
+	pxor	@XMM[9], @XMM[6]
+	movdqu	0x30($inp), @XMM[11]
+	pxor	@XMM[10], @XMM[4]
+	movdqu	0x40($inp), @XMM[12]
+	pxor	@XMM[11], @XMM[2]
+	movdqu	0x50($inp), @XMM[15]	# IV
+	pxor	@XMM[12], @XMM[7]
+	movdqu	@XMM[0], 0x00($out)	# write output
+	movdqu	@XMM[1], 0x10($out)
+	movdqu	@XMM[6], 0x20($out)
+	movdqu	@XMM[4], 0x30($out)
+	movdqu	@XMM[2], 0x40($out)
+	movdqu	@XMM[7], 0x50($out)
+	jmp	.Lcbc_dec_done
+.align	16
+.Lcbc_dec_five:
+	movdqa	@XMM[15], 0x20(%rbp)	# put aside IV
+	call	_bsaes_decrypt8
+	pxor	0x20(%rbp), @XMM[0]	# ^= IV
+	movdqu	0x00($inp), @XMM[8]	# re-load input
+	movdqu	0x10($inp), @XMM[9]
+	pxor	@XMM[8], @XMM[1]
+	movdqu	0x20($inp), @XMM[10]
+	pxor	@XMM[9], @XMM[6]
+	movdqu	0x30($inp), @XMM[11]
+	pxor	@XMM[10], @XMM[4]
+	movdqu	0x40($inp), @XMM[15]	# IV
+	pxor	@XMM[11], @XMM[2]
+	movdqu	@XMM[0], 0x00($out)	# write output
+	movdqu	@XMM[1], 0x10($out)
+	movdqu	@XMM[6], 0x20($out)
+	movdqu	@XMM[4], 0x30($out)
+	movdqu	@XMM[2], 0x40($out)
+	jmp	.Lcbc_dec_done
+.align	16
+.Lcbc_dec_four:
+	movdqa	@XMM[15], 0x20(%rbp)	# put aside IV
+	call	_bsaes_decrypt8
+	pxor	0x20(%rbp), @XMM[0]	# ^= IV
+	movdqu	0x00($inp), @XMM[8]	# re-load input
+	movdqu	0x10($inp), @XMM[9]
+	pxor	@XMM[8], @XMM[1]
+	movdqu	0x20($inp), @XMM[10]
+	pxor	@XMM[9], @XMM[6]
+	movdqu	0x30($inp), @XMM[15]	# IV
+	pxor	@XMM[10], @XMM[4]
+	movdqu	@XMM[0], 0x00($out)	# write output
+	movdqu	@XMM[1], 0x10($out)
+	movdqu	@XMM[6], 0x20($out)
+	movdqu	@XMM[4], 0x30($out)
+	jmp	.Lcbc_dec_done
+.align	16
+.Lcbc_dec_three:
+	movdqa	@XMM[15], 0x20(%rbp)	# put aside IV
+	call	_bsaes_decrypt8
+	pxor	0x20(%rbp), @XMM[0]	# ^= IV
+	movdqu	0x00($inp), @XMM[8]	# re-load input
+	movdqu	0x10($inp), @XMM[9]
+	pxor	@XMM[8], @XMM[1]
+	movdqu	0x20($inp), @XMM[15]	# IV
+	pxor	@XMM[9], @XMM[6]
+	movdqu	@XMM[0], 0x00($out)	# write output
+	movdqu	@XMM[1], 0x10($out)
+	movdqu	@XMM[6], 0x20($out)
+	jmp	.Lcbc_dec_done
+.align	16
+.Lcbc_dec_two:
+	movdqa	@XMM[15], 0x20(%rbp)	# put aside IV
+	call	_bsaes_decrypt8
+	pxor	0x20(%rbp), @XMM[0]	# ^= IV
+	movdqu	0x00($inp), @XMM[8]	# re-load input
+	movdqu	0x10($inp), @XMM[15]	# IV
+	pxor	@XMM[8], @XMM[1]
+	movdqu	@XMM[0], 0x00($out)	# write output
+	movdqu	@XMM[1], 0x10($out)
+	jmp	.Lcbc_dec_done
+.align	16
+.Lcbc_dec_one:
+	lea	($inp), $arg1
+	lea	0x20(%rbp), $arg2	# buffer output
+	lea	($key), $arg3
+	call	asm_AES_decrypt		# doesn't touch %xmm
+	pxor	0x20(%rbp), @XMM[15]	# ^= IV
+	movdqu	@XMM[15], ($out)	# write output
+	movdqa	@XMM[0], @XMM[15]	# IV
+
+.Lcbc_dec_done:
+	movdqu	@XMM[15], (%rbx)	# return IV
+	lea	(%rsp), %rax
+	pxor	%xmm0, %xmm0
+.Lcbc_dec_bzero:			# wipe key schedule [if any]
+	movdqa	%xmm0, 0x00(%rax)
+	movdqa	%xmm0, 0x10(%rax)
+	lea	0x20(%rax), %rax
+	cmp	%rax, %rbp
+	ja	.Lcbc_dec_bzero
+
+	lea	0x78(%rbp),%rax
+.cfi_def_cfa	%rax,8
+___
+$code.=<<___ if ($win64);
+	movaps	0x40(%rbp), %xmm6
+	movaps	0x50(%rbp), %xmm7
+	movaps	0x60(%rbp), %xmm8
+	movaps	0x70(%rbp), %xmm9
+	movaps	0x80(%rbp), %xmm10
+	movaps	0x90(%rbp), %xmm11
+	movaps	0xa0(%rbp), %xmm12
+	movaps	0xb0(%rbp), %xmm13
+	movaps	0xc0(%rbp), %xmm14
+	movaps	0xd0(%rbp), %xmm15
+	lea	0xa0(%rax), %rax
+.Lcbc_dec_tail:
+___
+$code.=<<___;
+	mov	-48(%rax), %r15
+.cfi_restore	%r15
+	mov	-40(%rax), %r14
+.cfi_restore	%r14
+	mov	-32(%rax), %r13
+.cfi_restore	%r13
+	mov	-24(%rax), %r12
+.cfi_restore	%r12
+	mov	-16(%rax), %rbx
+.cfi_restore	%rbx
+	mov	-8(%rax), %rbp
+.cfi_restore	%rbp
+	lea	(%rax), %rsp		# restore %rsp
+.cfi_def_cfa_register	%rsp
+.Lcbc_dec_epilogue:
+	ret
+.cfi_endproc
+.size	bsaes_cbc_encrypt,.-bsaes_cbc_encrypt
+
+.globl	bsaes_ctr32_encrypt_blocks
+.type	bsaes_ctr32_encrypt_blocks,\@abi-omnipotent
+.align	16
+bsaes_ctr32_encrypt_blocks:
+.cfi_startproc
+	mov	%rsp, %rax
+.Lctr_enc_prologue:
+	push	%rbp
+.cfi_push	%rbp
+	push	%rbx
+.cfi_push	%rbx
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+	lea	-0x48(%rsp), %rsp
+.cfi_adjust_cfa_offset	0x48
+___
+$code.=<<___ if ($win64);
+	mov	0xa0(%rsp),$arg5	# pull ivp
+	lea	-0xa0(%rsp), %rsp
+	movaps	%xmm6, 0x40(%rsp)
+	movaps	%xmm7, 0x50(%rsp)
+	movaps	%xmm8, 0x60(%rsp)
+	movaps	%xmm9, 0x70(%rsp)
+	movaps	%xmm10, 0x80(%rsp)
+	movaps	%xmm11, 0x90(%rsp)
+	movaps	%xmm12, 0xa0(%rsp)
+	movaps	%xmm13, 0xb0(%rsp)
+	movaps	%xmm14, 0xc0(%rsp)
+	movaps	%xmm15, 0xd0(%rsp)
+.Lctr_enc_body:
+___
+$code.=<<___;
+	mov	%rsp, %rbp		# backup %rsp
+.cfi_def_cfa_register	%rbp
+	movdqu	($arg5), %xmm0		# load counter
+	mov	240($arg4), %eax	# rounds
+	mov	$arg1, $inp		# backup arguments
+	mov	$arg2, $out
+	mov	$arg3, $len
+	mov	$arg4, $key
+	movdqa	%xmm0, 0x20(%rbp)	# copy counter
+	cmp	\$8, $arg3
+	jb	.Lctr_enc_short
+
+	mov	%eax, %ebx		# rounds
+	shl	\$7, %rax		# 128 bytes per inner round key
+	sub	\$`128-32`, %rax	# size of bit-sliced key schedule
+	sub	%rax, %rsp
+
+	mov	%rsp, %rax		# pass key schedule
+	mov	$key, %rcx		# pass key
+	mov	%ebx, %r10d		# pass rounds
+	call	_bsaes_key_convert
+	pxor	%xmm6,%xmm7		# fix up last round key
+	movdqa	%xmm7,(%rax)		# save last round key
+
+	movdqa	(%rsp), @XMM[9]		# load round0 key
+	lea	.LADD1(%rip), %r11
+	movdqa	0x20(%rbp), @XMM[0]	# counter copy
+	movdqa	-0x20(%r11), @XMM[8]	# .LSWPUP
+	pshufb	@XMM[8], @XMM[9]	# byte swap upper part
+	pshufb	@XMM[8], @XMM[0]
+	movdqa	@XMM[9], (%rsp)		# save adjusted round0 key
+	jmp	.Lctr_enc_loop
+.align	16
+.Lctr_enc_loop:
+	movdqa	@XMM[0], 0x20(%rbp)	# save counter
+	movdqa	@XMM[0], @XMM[1]	# prepare 8 counter values
+	movdqa	@XMM[0], @XMM[2]
+	paddd	0x00(%r11), @XMM[1]	# .LADD1
+	movdqa	@XMM[0], @XMM[3]
+	paddd	0x10(%r11), @XMM[2]	# .LADD2
+	movdqa	@XMM[0], @XMM[4]
+	paddd	0x20(%r11), @XMM[3]	# .LADD3
+	movdqa	@XMM[0], @XMM[5]
+	paddd	0x30(%r11), @XMM[4]	# .LADD4
+	movdqa	@XMM[0], @XMM[6]
+	paddd	0x40(%r11), @XMM[5]	# .LADD5
+	movdqa	@XMM[0], @XMM[7]
+	paddd	0x50(%r11), @XMM[6]	# .LADD6
+	paddd	0x60(%r11), @XMM[7]	# .LADD7
+
+	# Borrow prologue from _bsaes_encrypt8 to use the opportunity
+	# to flip byte order in 32-bit counter
+	movdqa	(%rsp), @XMM[9]		# round 0 key
+	lea	0x10(%rsp), %rax	# pass key schedule
+	movdqa	-0x10(%r11), @XMM[8]	# .LSWPUPM0SR
+	pxor	@XMM[9], @XMM[0]	# xor with round0 key
+	pxor	@XMM[9], @XMM[1]
+	pxor	@XMM[9], @XMM[2]
+	pxor	@XMM[9], @XMM[3]
+	 pshufb	@XMM[8], @XMM[0]
+	 pshufb	@XMM[8], @XMM[1]
+	pxor	@XMM[9], @XMM[4]
+	pxor	@XMM[9], @XMM[5]
+	 pshufb	@XMM[8], @XMM[2]
+	 pshufb	@XMM[8], @XMM[3]
+	pxor	@XMM[9], @XMM[6]
+	pxor	@XMM[9], @XMM[7]
+	 pshufb	@XMM[8], @XMM[4]
+	 pshufb	@XMM[8], @XMM[5]
+	 pshufb	@XMM[8], @XMM[6]
+	 pshufb	@XMM[8], @XMM[7]
+	lea	.LBS0(%rip), %r11	# constants table
+	mov	%ebx,%r10d		# pass rounds
+
+	call	_bsaes_encrypt8_bitslice
+
+	sub	\$8,$len
+	jc	.Lctr_enc_loop_done
+
+	movdqu	0x00($inp), @XMM[8]	# load input
+	movdqu	0x10($inp), @XMM[9]
+	movdqu	0x20($inp), @XMM[10]
+	movdqu	0x30($inp), @XMM[11]
+	movdqu	0x40($inp), @XMM[12]
+	movdqu	0x50($inp), @XMM[13]
+	movdqu	0x60($inp), @XMM[14]
+	movdqu	0x70($inp), @XMM[15]
+	lea	0x80($inp),$inp
+	pxor	@XMM[0], @XMM[8]
+	movdqa	0x20(%rbp), @XMM[0]	# load counter
+	pxor	@XMM[9], @XMM[1]
+	movdqu	@XMM[8], 0x00($out)	# write output
+	pxor	@XMM[10], @XMM[4]
+	movdqu	@XMM[1], 0x10($out)
+	pxor	@XMM[11], @XMM[6]
+	movdqu	@XMM[4], 0x20($out)
+	pxor	@XMM[12], @XMM[3]
+	movdqu	@XMM[6], 0x30($out)
+	pxor	@XMM[13], @XMM[7]
+	movdqu	@XMM[3], 0x40($out)
+	pxor	@XMM[14], @XMM[2]
+	movdqu	@XMM[7], 0x50($out)
+	pxor	@XMM[15], @XMM[5]
+	movdqu	@XMM[2], 0x60($out)
+	lea	.LADD1(%rip), %r11
+	movdqu	@XMM[5], 0x70($out)
+	lea	0x80($out), $out
+	paddd	0x70(%r11), @XMM[0]	# .LADD8
+	jnz	.Lctr_enc_loop
+
+	jmp	.Lctr_enc_done
+.align	16
+.Lctr_enc_loop_done:
+	add	\$8, $len
+	movdqu	0x00($inp), @XMM[8]	# load input
+	pxor	@XMM[8], @XMM[0]
+	movdqu	@XMM[0], 0x00($out)	# write output
+	cmp	\$2,$len
+	jb	.Lctr_enc_done
+	movdqu	0x10($inp), @XMM[9]
+	pxor	@XMM[9], @XMM[1]
+	movdqu	@XMM[1], 0x10($out)
+	je	.Lctr_enc_done
+	movdqu	0x20($inp), @XMM[10]
+	pxor	@XMM[10], @XMM[4]
+	movdqu	@XMM[4], 0x20($out)
+	cmp	\$4,$len
+	jb	.Lctr_enc_done
+	movdqu	0x30($inp), @XMM[11]
+	pxor	@XMM[11], @XMM[6]
+	movdqu	@XMM[6], 0x30($out)
+	je	.Lctr_enc_done
+	movdqu	0x40($inp), @XMM[12]
+	pxor	@XMM[12], @XMM[3]
+	movdqu	@XMM[3], 0x40($out)
+	cmp	\$6,$len
+	jb	.Lctr_enc_done
+	movdqu	0x50($inp), @XMM[13]
+	pxor	@XMM[13], @XMM[7]
+	movdqu	@XMM[7], 0x50($out)
+	je	.Lctr_enc_done
+	movdqu	0x60($inp), @XMM[14]
+	pxor	@XMM[14], @XMM[2]
+	movdqu	@XMM[2], 0x60($out)
+	jmp	.Lctr_enc_done
+
+.align	16
+.Lctr_enc_short:
+	lea	0x20(%rbp), $arg1
+	lea	0x30(%rbp), $arg2
+	lea	($key), $arg3
+	call	asm_AES_encrypt
+	movdqu	($inp), @XMM[1]
+	lea	16($inp), $inp
+	mov	0x2c(%rbp), %eax	# load 32-bit counter
+	bswap	%eax
+	pxor	0x30(%rbp), @XMM[1]
+	inc	%eax			# increment
+	movdqu	@XMM[1], ($out)
+	bswap	%eax
+	lea	16($out), $out
+	mov	%eax, 0x2c(%rsp)	# save 32-bit counter
+	dec	$len
+	jnz	.Lctr_enc_short
+
+.Lctr_enc_done:
+	lea	(%rsp), %rax
+	pxor	%xmm0, %xmm0
+.Lctr_enc_bzero:			# wipe key schedule [if any]
+	movdqa	%xmm0, 0x00(%rax)
+	movdqa	%xmm0, 0x10(%rax)
+	lea	0x20(%rax), %rax
+	cmp	%rax, %rbp
+	ja	.Lctr_enc_bzero
+
+	lea	0x78(%rbp),%rax
+.cfi_def_cfa	%rax,8
+___
+$code.=<<___ if ($win64);
+	movaps	0x40(%rbp), %xmm6
+	movaps	0x50(%rbp), %xmm7
+	movaps	0x60(%rbp), %xmm8
+	movaps	0x70(%rbp), %xmm9
+	movaps	0x80(%rbp), %xmm10
+	movaps	0x90(%rbp), %xmm11
+	movaps	0xa0(%rbp), %xmm12
+	movaps	0xb0(%rbp), %xmm13
+	movaps	0xc0(%rbp), %xmm14
+	movaps	0xd0(%rbp), %xmm15
+	lea	0xa0(%rax), %rax
+.Lctr_enc_tail:
+___
+$code.=<<___;
+	mov	-48(%rax), %r15
+.cfi_restore	%r15
+	mov	-40(%rax), %r14
+.cfi_restore	%r14
+	mov	-32(%rax), %r13
+.cfi_restore	%r13
+	mov	-24(%rax), %r12
+.cfi_restore	%r12
+	mov	-16(%rax), %rbx
+.cfi_restore	%rbx
+	mov	-8(%rax), %rbp
+.cfi_restore	%rbp
+	lea	(%rax), %rsp		# restore %rsp
+.cfi_def_cfa_register	%rsp
+.Lctr_enc_epilogue:
+	ret
+.cfi_endproc
+.size	bsaes_ctr32_encrypt_blocks,.-bsaes_ctr32_encrypt_blocks
+___
+######################################################################
+# void bsaes_xts_[en|de]crypt(const char *inp,char *out,size_t len,
+#	const AES_KEY *key1, const AES_KEY *key2,
+#	const unsigned char iv[16]);
+#
+my ($twmask,$twres,$twtmp)=@XMM[13..15];
+$arg6=~s/d$//;
+
+$code.=<<___;
+.globl	bsaes_xts_encrypt
+.type	bsaes_xts_encrypt,\@abi-omnipotent
+.align	16
+bsaes_xts_encrypt:
+.cfi_startproc
+	mov	%rsp, %rax
+.Lxts_enc_prologue:
+	push	%rbp
+.cfi_push	%rbp
+	push	%rbx
+.cfi_push	%rbx
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+	lea	-0x48(%rsp), %rsp
+.cfi_adjust_cfa_offset	0x48
+___
+$code.=<<___ if ($win64);
+	mov	0xa0(%rsp),$arg5	# pull key2
+	mov	0xa8(%rsp),$arg6	# pull ivp
+	lea	-0xa0(%rsp), %rsp
+	movaps	%xmm6, 0x40(%rsp)
+	movaps	%xmm7, 0x50(%rsp)
+	movaps	%xmm8, 0x60(%rsp)
+	movaps	%xmm9, 0x70(%rsp)
+	movaps	%xmm10, 0x80(%rsp)
+	movaps	%xmm11, 0x90(%rsp)
+	movaps	%xmm12, 0xa0(%rsp)
+	movaps	%xmm13, 0xb0(%rsp)
+	movaps	%xmm14, 0xc0(%rsp)
+	movaps	%xmm15, 0xd0(%rsp)
+.Lxts_enc_body:
+___
+$code.=<<___;
+	mov	%rsp, %rbp		# backup %rsp
+.cfi_def_cfa_register	%rbp
+	mov	$arg1, $inp		# backup arguments
+	mov	$arg2, $out
+	mov	$arg3, $len
+	mov	$arg4, $key
+
+	lea	($arg6), $arg1
+	lea	0x20(%rbp), $arg2
+	lea	($arg5), $arg3
+	call	asm_AES_encrypt		# generate initial tweak
+
+	mov	240($key), %eax		# rounds
+	mov	$len, %rbx		# backup $len
+
+	mov	%eax, %edx		# rounds
+	shl	\$7, %rax		# 128 bytes per inner round key
+	sub	\$`128-32`, %rax	# size of bit-sliced key schedule
+	sub	%rax, %rsp
+
+	mov	%rsp, %rax		# pass key schedule
+	mov	$key, %rcx		# pass key
+	mov	%edx, %r10d		# pass rounds
+	call	_bsaes_key_convert
+	pxor	%xmm6, %xmm7		# fix up last round key
+	movdqa	%xmm7, (%rax)		# save last round key
+
+	and	\$-16, $len
+	sub	\$0x80, %rsp		# place for tweak[8]
+	movdqa	0x20(%rbp), @XMM[7]	# initial tweak
+
+	pxor	$twtmp, $twtmp
+	movdqa	.Lxts_magic(%rip), $twmask
+	pcmpgtd	@XMM[7], $twtmp		# broadcast upper bits
+
+	sub	\$0x80, $len
+	jc	.Lxts_enc_short
+	jmp	.Lxts_enc_loop
+
+.align	16
+.Lxts_enc_loop:
+___
+    for ($i=0;$i<7;$i++) {
+    $code.=<<___;
+	pshufd	\$0x13, $twtmp, $twres
+	pxor	$twtmp, $twtmp
+	movdqa	@XMM[7], @XMM[$i]
+	movdqa	@XMM[7], `0x10*$i`(%rsp)# save tweak[$i]
+	paddq	@XMM[7], @XMM[7]	# psllq	1,$tweak
+	pand	$twmask, $twres		# isolate carry and residue
+	pcmpgtd	@XMM[7], $twtmp		# broadcast upper bits
+	pxor	$twres, @XMM[7]
+___
+    $code.=<<___ if ($i>=1);
+	movdqu	`0x10*($i-1)`($inp), @XMM[8+$i-1]
+___
+    $code.=<<___ if ($i>=2);
+	pxor	@XMM[8+$i-2], @XMM[$i-2]# input[] ^ tweak[]
+___
+    }
+$code.=<<___;
+	movdqu	0x60($inp), @XMM[8+6]
+	pxor	@XMM[8+5], @XMM[5]
+	movdqu	0x70($inp), @XMM[8+7]
+	lea	0x80($inp), $inp
+	movdqa	@XMM[7], 0x70(%rsp)
+	pxor	@XMM[8+6], @XMM[6]
+	lea	0x80(%rsp), %rax	# pass key schedule
+	pxor	@XMM[8+7], @XMM[7]
+	mov	%edx, %r10d		# pass rounds
+
+	call	_bsaes_encrypt8
+
+	pxor	0x00(%rsp), @XMM[0]	# ^= tweak[]
+	pxor	0x10(%rsp), @XMM[1]
+	movdqu	@XMM[0], 0x00($out)	# write output
+	pxor	0x20(%rsp), @XMM[4]
+	movdqu	@XMM[1], 0x10($out)
+	pxor	0x30(%rsp), @XMM[6]
+	movdqu	@XMM[4], 0x20($out)
+	pxor	0x40(%rsp), @XMM[3]
+	movdqu	@XMM[6], 0x30($out)
+	pxor	0x50(%rsp), @XMM[7]
+	movdqu	@XMM[3], 0x40($out)
+	pxor	0x60(%rsp), @XMM[2]
+	movdqu	@XMM[7], 0x50($out)
+	pxor	0x70(%rsp), @XMM[5]
+	movdqu	@XMM[2], 0x60($out)
+	movdqu	@XMM[5], 0x70($out)
+	lea	0x80($out), $out
+
+	movdqa	0x70(%rsp), @XMM[7]	# prepare next iteration tweak
+	pxor	$twtmp, $twtmp
+	movdqa	.Lxts_magic(%rip), $twmask
+	pcmpgtd	@XMM[7], $twtmp
+	pshufd	\$0x13, $twtmp, $twres
+	pxor	$twtmp, $twtmp
+	paddq	@XMM[7], @XMM[7]	# psllq	1,$tweak
+	pand	$twmask, $twres		# isolate carry and residue
+	pcmpgtd	@XMM[7], $twtmp		# broadcast upper bits
+	pxor	$twres, @XMM[7]
+
+	sub	\$0x80,$len
+	jnc	.Lxts_enc_loop
+
+.Lxts_enc_short:
+	add	\$0x80, $len
+	jz	.Lxts_enc_done
+___
+    for ($i=0;$i<7;$i++) {
+    $code.=<<___;
+	pshufd	\$0x13, $twtmp, $twres
+	pxor	$twtmp, $twtmp
+	movdqa	@XMM[7], @XMM[$i]
+	movdqa	@XMM[7], `0x10*$i`(%rsp)# save tweak[$i]
+	paddq	@XMM[7], @XMM[7]	# psllq	1,$tweak
+	pand	$twmask, $twres		# isolate carry and residue
+	pcmpgtd	@XMM[7], $twtmp		# broadcast upper bits
+	pxor	$twres, @XMM[7]
+___
+    $code.=<<___ if ($i>=1);
+	movdqu	`0x10*($i-1)`($inp), @XMM[8+$i-1]
+	cmp	\$`0x10*$i`,$len
+	je	.Lxts_enc_$i
+___
+    $code.=<<___ if ($i>=2);
+	pxor	@XMM[8+$i-2], @XMM[$i-2]# input[] ^ tweak[]
+___
+    }
+$code.=<<___;
+	movdqu	0x60($inp), @XMM[8+6]
+	pxor	@XMM[8+5], @XMM[5]
+	movdqa	@XMM[7], 0x70(%rsp)
+	lea	0x70($inp), $inp
+	pxor	@XMM[8+6], @XMM[6]
+	lea	0x80(%rsp), %rax	# pass key schedule
+	mov	%edx, %r10d		# pass rounds
+
+	call	_bsaes_encrypt8
+
+	pxor	0x00(%rsp), @XMM[0]	# ^= tweak[]
+	pxor	0x10(%rsp), @XMM[1]
+	movdqu	@XMM[0], 0x00($out)	# write output
+	pxor	0x20(%rsp), @XMM[4]
+	movdqu	@XMM[1], 0x10($out)
+	pxor	0x30(%rsp), @XMM[6]
+	movdqu	@XMM[4], 0x20($out)
+	pxor	0x40(%rsp), @XMM[3]
+	movdqu	@XMM[6], 0x30($out)
+	pxor	0x50(%rsp), @XMM[7]
+	movdqu	@XMM[3], 0x40($out)
+	pxor	0x60(%rsp), @XMM[2]
+	movdqu	@XMM[7], 0x50($out)
+	movdqu	@XMM[2], 0x60($out)
+	lea	0x70($out), $out
+
+	movdqa	0x70(%rsp), @XMM[7]	# next iteration tweak
+	jmp	.Lxts_enc_done
+.align	16
+.Lxts_enc_6:
+	pxor	@XMM[8+4], @XMM[4]
+	lea	0x60($inp), $inp
+	pxor	@XMM[8+5], @XMM[5]
+	lea	0x80(%rsp), %rax	# pass key schedule
+	mov	%edx, %r10d		# pass rounds
+
+	call	_bsaes_encrypt8
+
+	pxor	0x00(%rsp), @XMM[0]	# ^= tweak[]
+	pxor	0x10(%rsp), @XMM[1]
+	movdqu	@XMM[0], 0x00($out)	# write output
+	pxor	0x20(%rsp), @XMM[4]
+	movdqu	@XMM[1], 0x10($out)
+	pxor	0x30(%rsp), @XMM[6]
+	movdqu	@XMM[4], 0x20($out)
+	pxor	0x40(%rsp), @XMM[3]
+	movdqu	@XMM[6], 0x30($out)
+	pxor	0x50(%rsp), @XMM[7]
+	movdqu	@XMM[3], 0x40($out)
+	movdqu	@XMM[7], 0x50($out)
+	lea	0x60($out), $out
+
+	movdqa	0x60(%rsp), @XMM[7]	# next iteration tweak
+	jmp	.Lxts_enc_done
+.align	16
+.Lxts_enc_5:
+	pxor	@XMM[8+3], @XMM[3]
+	lea	0x50($inp), $inp
+	pxor	@XMM[8+4], @XMM[4]
+	lea	0x80(%rsp), %rax	# pass key schedule
+	mov	%edx, %r10d		# pass rounds
+
+	call	_bsaes_encrypt8
+
+	pxor	0x00(%rsp), @XMM[0]	# ^= tweak[]
+	pxor	0x10(%rsp), @XMM[1]
+	movdqu	@XMM[0], 0x00($out)	# write output
+	pxor	0x20(%rsp), @XMM[4]
+	movdqu	@XMM[1], 0x10($out)
+	pxor	0x30(%rsp), @XMM[6]
+	movdqu	@XMM[4], 0x20($out)
+	pxor	0x40(%rsp), @XMM[3]
+	movdqu	@XMM[6], 0x30($out)
+	movdqu	@XMM[3], 0x40($out)
+	lea	0x50($out), $out
+
+	movdqa	0x50(%rsp), @XMM[7]	# next iteration tweak
+	jmp	.Lxts_enc_done
+.align	16
+.Lxts_enc_4:
+	pxor	@XMM[8+2], @XMM[2]
+	lea	0x40($inp), $inp
+	pxor	@XMM[8+3], @XMM[3]
+	lea	0x80(%rsp), %rax	# pass key schedule
+	mov	%edx, %r10d		# pass rounds
+
+	call	_bsaes_encrypt8
+
+	pxor	0x00(%rsp), @XMM[0]	# ^= tweak[]
+	pxor	0x10(%rsp), @XMM[1]
+	movdqu	@XMM[0], 0x00($out)	# write output
+	pxor	0x20(%rsp), @XMM[4]
+	movdqu	@XMM[1], 0x10($out)
+	pxor	0x30(%rsp), @XMM[6]
+	movdqu	@XMM[4], 0x20($out)
+	movdqu	@XMM[6], 0x30($out)
+	lea	0x40($out), $out
+
+	movdqa	0x40(%rsp), @XMM[7]	# next iteration tweak
+	jmp	.Lxts_enc_done
+.align	16
+.Lxts_enc_3:
+	pxor	@XMM[8+1], @XMM[1]
+	lea	0x30($inp), $inp
+	pxor	@XMM[8+2], @XMM[2]
+	lea	0x80(%rsp), %rax	# pass key schedule
+	mov	%edx, %r10d		# pass rounds
+
+	call	_bsaes_encrypt8
+
+	pxor	0x00(%rsp), @XMM[0]	# ^= tweak[]
+	pxor	0x10(%rsp), @XMM[1]
+	movdqu	@XMM[0], 0x00($out)	# write output
+	pxor	0x20(%rsp), @XMM[4]
+	movdqu	@XMM[1], 0x10($out)
+	movdqu	@XMM[4], 0x20($out)
+	lea	0x30($out), $out
+
+	movdqa	0x30(%rsp), @XMM[7]	# next iteration tweak
+	jmp	.Lxts_enc_done
+.align	16
+.Lxts_enc_2:
+	pxor	@XMM[8+0], @XMM[0]
+	lea	0x20($inp), $inp
+	pxor	@XMM[8+1], @XMM[1]
+	lea	0x80(%rsp), %rax	# pass key schedule
+	mov	%edx, %r10d		# pass rounds
+
+	call	_bsaes_encrypt8
+
+	pxor	0x00(%rsp), @XMM[0]	# ^= tweak[]
+	pxor	0x10(%rsp), @XMM[1]
+	movdqu	@XMM[0], 0x00($out)	# write output
+	movdqu	@XMM[1], 0x10($out)
+	lea	0x20($out), $out
+
+	movdqa	0x20(%rsp), @XMM[7]	# next iteration tweak
+	jmp	.Lxts_enc_done
+.align	16
+.Lxts_enc_1:
+	pxor	@XMM[0], @XMM[8]
+	lea	0x10($inp), $inp
+	movdqa	@XMM[8], 0x20(%rbp)
+	lea	0x20(%rbp), $arg1
+	lea	0x20(%rbp), $arg2
+	lea	($key), $arg3
+	call	asm_AES_encrypt		# doesn't touch %xmm
+	pxor	0x20(%rbp), @XMM[0]	# ^= tweak[]
+	#pxor	@XMM[8], @XMM[0]
+	#lea	0x80(%rsp), %rax	# pass key schedule
+	#mov	%edx, %r10d		# pass rounds
+	#call	_bsaes_encrypt8
+	#pxor	0x00(%rsp), @XMM[0]	# ^= tweak[]
+	movdqu	@XMM[0], 0x00($out)	# write output
+	lea	0x10($out), $out
+
+	movdqa	0x10(%rsp), @XMM[7]	# next iteration tweak
+
+.Lxts_enc_done:
+	and	\$15, %ebx
+	jz	.Lxts_enc_ret
+	mov	$out, %rdx
+
+.Lxts_enc_steal:
+	movzb	($inp), %eax
+	movzb	-16(%rdx), %ecx
+	lea	1($inp), $inp
+	mov	%al, -16(%rdx)
+	mov	%cl, 0(%rdx)
+	lea	1(%rdx), %rdx
+	sub	\$1,%ebx
+	jnz	.Lxts_enc_steal
+
+	movdqu	-16($out), @XMM[0]
+	lea	0x20(%rbp), $arg1
+	pxor	@XMM[7], @XMM[0]
+	lea	0x20(%rbp), $arg2
+	movdqa	@XMM[0], 0x20(%rbp)
+	lea	($key), $arg3
+	call	asm_AES_encrypt		# doesn't touch %xmm
+	pxor	0x20(%rbp), @XMM[7]
+	movdqu	@XMM[7], -16($out)
+
+.Lxts_enc_ret:
+	lea	(%rsp), %rax
+	pxor	%xmm0, %xmm0
+.Lxts_enc_bzero:			# wipe key schedule [if any]
+	movdqa	%xmm0, 0x00(%rax)
+	movdqa	%xmm0, 0x10(%rax)
+	lea	0x20(%rax), %rax
+	cmp	%rax, %rbp
+	ja	.Lxts_enc_bzero
+
+	lea	0x78(%rbp),%rax
+.cfi_def_cfa	%rax,8
+___
+$code.=<<___ if ($win64);
+	movaps	0x40(%rbp), %xmm6
+	movaps	0x50(%rbp), %xmm7
+	movaps	0x60(%rbp), %xmm8
+	movaps	0x70(%rbp), %xmm9
+	movaps	0x80(%rbp), %xmm10
+	movaps	0x90(%rbp), %xmm11
+	movaps	0xa0(%rbp), %xmm12
+	movaps	0xb0(%rbp), %xmm13
+	movaps	0xc0(%rbp), %xmm14
+	movaps	0xd0(%rbp), %xmm15
+	lea	0xa0(%rax), %rax
+.Lxts_enc_tail:
+___
+$code.=<<___;
+	mov	-48(%rax), %r15
+.cfi_restore	%r15
+	mov	-40(%rax), %r14
+.cfi_restore	%r14
+	mov	-32(%rax), %r13
+.cfi_restore	%r13
+	mov	-24(%rax), %r12
+.cfi_restore	%r12
+	mov	-16(%rax), %rbx
+.cfi_restore	%rbx
+	mov	-8(%rax), %rbp
+.cfi_restore	%rbp
+	lea	(%rax), %rsp		# restore %rsp
+.cfi_def_cfa_register	%rsp
+.Lxts_enc_epilogue:
+	ret
+.cfi_endproc
+.size	bsaes_xts_encrypt,.-bsaes_xts_encrypt
+
+.globl	bsaes_xts_decrypt
+.type	bsaes_xts_decrypt,\@abi-omnipotent
+.align	16
+bsaes_xts_decrypt:
+.cfi_startproc
+	mov	%rsp, %rax
+.Lxts_dec_prologue:
+	push	%rbp
+.cfi_push	%rbp
+	push	%rbx
+.cfi_push	%rbx
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+	lea	-0x48(%rsp), %rsp
+.cfi_adjust_cfa_offset	0x48
+___
+$code.=<<___ if ($win64);
+	mov	0xa0(%rsp),$arg5	# pull key2
+	mov	0xa8(%rsp),$arg6	# pull ivp
+	lea	-0xa0(%rsp), %rsp
+	movaps	%xmm6, 0x40(%rsp)
+	movaps	%xmm7, 0x50(%rsp)
+	movaps	%xmm8, 0x60(%rsp)
+	movaps	%xmm9, 0x70(%rsp)
+	movaps	%xmm10, 0x80(%rsp)
+	movaps	%xmm11, 0x90(%rsp)
+	movaps	%xmm12, 0xa0(%rsp)
+	movaps	%xmm13, 0xb0(%rsp)
+	movaps	%xmm14, 0xc0(%rsp)
+	movaps	%xmm15, 0xd0(%rsp)
+.Lxts_dec_body:
+___
+$code.=<<___;
+	mov	%rsp, %rbp		# backup %rsp
+	mov	$arg1, $inp		# backup arguments
+	mov	$arg2, $out
+	mov	$arg3, $len
+	mov	$arg4, $key
+
+	lea	($arg6), $arg1
+	lea	0x20(%rbp), $arg2
+	lea	($arg5), $arg3
+	call	asm_AES_encrypt		# generate initial tweak
+
+	mov	240($key), %eax		# rounds
+	mov	$len, %rbx		# backup $len
+
+	mov	%eax, %edx		# rounds
+	shl	\$7, %rax		# 128 bytes per inner round key
+	sub	\$`128-32`, %rax	# size of bit-sliced key schedule
+	sub	%rax, %rsp
+
+	mov	%rsp, %rax		# pass key schedule
+	mov	$key, %rcx		# pass key
+	mov	%edx, %r10d		# pass rounds
+	call	_bsaes_key_convert
+	pxor	(%rsp), %xmm7		# fix up round 0 key
+	movdqa	%xmm6, (%rax)		# save last round key
+	movdqa	%xmm7, (%rsp)
+
+	xor	%eax, %eax		# if ($len%16) len-=16;
+	and	\$-16, $len
+	test	\$15, %ebx
+	setnz	%al
+	shl	\$4, %rax
+	sub	%rax, $len
+
+	sub	\$0x80, %rsp		# place for tweak[8]
+	movdqa	0x20(%rbp), @XMM[7]	# initial tweak
+
+	pxor	$twtmp, $twtmp
+	movdqa	.Lxts_magic(%rip), $twmask
+	pcmpgtd	@XMM[7], $twtmp		# broadcast upper bits
+
+	sub	\$0x80, $len
+	jc	.Lxts_dec_short
+	jmp	.Lxts_dec_loop
+
+.align	16
+.Lxts_dec_loop:
+___
+    for ($i=0;$i<7;$i++) {
+    $code.=<<___;
+	pshufd	\$0x13, $twtmp, $twres
+	pxor	$twtmp, $twtmp
+	movdqa	@XMM[7], @XMM[$i]
+	movdqa	@XMM[7], `0x10*$i`(%rsp)# save tweak[$i]
+	paddq	@XMM[7], @XMM[7]	# psllq	1,$tweak
+	pand	$twmask, $twres		# isolate carry and residue
+	pcmpgtd	@XMM[7], $twtmp		# broadcast upper bits
+	pxor	$twres, @XMM[7]
+___
+    $code.=<<___ if ($i>=1);
+	movdqu	`0x10*($i-1)`($inp), @XMM[8+$i-1]
+___
+    $code.=<<___ if ($i>=2);
+	pxor	@XMM[8+$i-2], @XMM[$i-2]# input[] ^ tweak[]
+___
+    }
+$code.=<<___;
+	movdqu	0x60($inp), @XMM[8+6]
+	pxor	@XMM[8+5], @XMM[5]
+	movdqu	0x70($inp), @XMM[8+7]
+	lea	0x80($inp), $inp
+	movdqa	@XMM[7], 0x70(%rsp)
+	pxor	@XMM[8+6], @XMM[6]
+	lea	0x80(%rsp), %rax	# pass key schedule
+	pxor	@XMM[8+7], @XMM[7]
+	mov	%edx, %r10d		# pass rounds
+
+	call	_bsaes_decrypt8
+
+	pxor	0x00(%rsp), @XMM[0]	# ^= tweak[]
+	pxor	0x10(%rsp), @XMM[1]
+	movdqu	@XMM[0], 0x00($out)	# write output
+	pxor	0x20(%rsp), @XMM[6]
+	movdqu	@XMM[1], 0x10($out)
+	pxor	0x30(%rsp), @XMM[4]
+	movdqu	@XMM[6], 0x20($out)
+	pxor	0x40(%rsp), @XMM[2]
+	movdqu	@XMM[4], 0x30($out)
+	pxor	0x50(%rsp), @XMM[7]
+	movdqu	@XMM[2], 0x40($out)
+	pxor	0x60(%rsp), @XMM[3]
+	movdqu	@XMM[7], 0x50($out)
+	pxor	0x70(%rsp), @XMM[5]
+	movdqu	@XMM[3], 0x60($out)
+	movdqu	@XMM[5], 0x70($out)
+	lea	0x80($out), $out
+
+	movdqa	0x70(%rsp), @XMM[7]	# prepare next iteration tweak
+	pxor	$twtmp, $twtmp
+	movdqa	.Lxts_magic(%rip), $twmask
+	pcmpgtd	@XMM[7], $twtmp
+	pshufd	\$0x13, $twtmp, $twres
+	pxor	$twtmp, $twtmp
+	paddq	@XMM[7], @XMM[7]	# psllq	1,$tweak
+	pand	$twmask, $twres		# isolate carry and residue
+	pcmpgtd	@XMM[7], $twtmp		# broadcast upper bits
+	pxor	$twres, @XMM[7]
+
+	sub	\$0x80,$len
+	jnc	.Lxts_dec_loop
+
+.Lxts_dec_short:
+	add	\$0x80, $len
+	jz	.Lxts_dec_done
+___
+    for ($i=0;$i<7;$i++) {
+    $code.=<<___;
+	pshufd	\$0x13, $twtmp, $twres
+	pxor	$twtmp, $twtmp
+	movdqa	@XMM[7], @XMM[$i]
+	movdqa	@XMM[7], `0x10*$i`(%rsp)# save tweak[$i]
+	paddq	@XMM[7], @XMM[7]	# psllq	1,$tweak
+	pand	$twmask, $twres		# isolate carry and residue
+	pcmpgtd	@XMM[7], $twtmp		# broadcast upper bits
+	pxor	$twres, @XMM[7]
+___
+    $code.=<<___ if ($i>=1);
+	movdqu	`0x10*($i-1)`($inp), @XMM[8+$i-1]
+	cmp	\$`0x10*$i`,$len
+	je	.Lxts_dec_$i
+___
+    $code.=<<___ if ($i>=2);
+	pxor	@XMM[8+$i-2], @XMM[$i-2]# input[] ^ tweak[]
+___
+    }
+$code.=<<___;
+	movdqu	0x60($inp), @XMM[8+6]
+	pxor	@XMM[8+5], @XMM[5]
+	movdqa	@XMM[7], 0x70(%rsp)
+	lea	0x70($inp), $inp
+	pxor	@XMM[8+6], @XMM[6]
+	lea	0x80(%rsp), %rax	# pass key schedule
+	mov	%edx, %r10d		# pass rounds
+
+	call	_bsaes_decrypt8
+
+	pxor	0x00(%rsp), @XMM[0]	# ^= tweak[]
+	pxor	0x10(%rsp), @XMM[1]
+	movdqu	@XMM[0], 0x00($out)	# write output
+	pxor	0x20(%rsp), @XMM[6]
+	movdqu	@XMM[1], 0x10($out)
+	pxor	0x30(%rsp), @XMM[4]
+	movdqu	@XMM[6], 0x20($out)
+	pxor	0x40(%rsp), @XMM[2]
+	movdqu	@XMM[4], 0x30($out)
+	pxor	0x50(%rsp), @XMM[7]
+	movdqu	@XMM[2], 0x40($out)
+	pxor	0x60(%rsp), @XMM[3]
+	movdqu	@XMM[7], 0x50($out)
+	movdqu	@XMM[3], 0x60($out)
+	lea	0x70($out), $out
+
+	movdqa	0x70(%rsp), @XMM[7]	# next iteration tweak
+	jmp	.Lxts_dec_done
+.align	16
+.Lxts_dec_6:
+	pxor	@XMM[8+4], @XMM[4]
+	lea	0x60($inp), $inp
+	pxor	@XMM[8+5], @XMM[5]
+	lea	0x80(%rsp), %rax	# pass key schedule
+	mov	%edx, %r10d		# pass rounds
+
+	call	_bsaes_decrypt8
+
+	pxor	0x00(%rsp), @XMM[0]	# ^= tweak[]
+	pxor	0x10(%rsp), @XMM[1]
+	movdqu	@XMM[0], 0x00($out)	# write output
+	pxor	0x20(%rsp), @XMM[6]
+	movdqu	@XMM[1], 0x10($out)
+	pxor	0x30(%rsp), @XMM[4]
+	movdqu	@XMM[6], 0x20($out)
+	pxor	0x40(%rsp), @XMM[2]
+	movdqu	@XMM[4], 0x30($out)
+	pxor	0x50(%rsp), @XMM[7]
+	movdqu	@XMM[2], 0x40($out)
+	movdqu	@XMM[7], 0x50($out)
+	lea	0x60($out), $out
+
+	movdqa	0x60(%rsp), @XMM[7]	# next iteration tweak
+	jmp	.Lxts_dec_done
+.align	16
+.Lxts_dec_5:
+	pxor	@XMM[8+3], @XMM[3]
+	lea	0x50($inp), $inp
+	pxor	@XMM[8+4], @XMM[4]
+	lea	0x80(%rsp), %rax	# pass key schedule
+	mov	%edx, %r10d		# pass rounds
+
+	call	_bsaes_decrypt8
+
+	pxor	0x00(%rsp), @XMM[0]	# ^= tweak[]
+	pxor	0x10(%rsp), @XMM[1]
+	movdqu	@XMM[0], 0x00($out)	# write output
+	pxor	0x20(%rsp), @XMM[6]
+	movdqu	@XMM[1], 0x10($out)
+	pxor	0x30(%rsp), @XMM[4]
+	movdqu	@XMM[6], 0x20($out)
+	pxor	0x40(%rsp), @XMM[2]
+	movdqu	@XMM[4], 0x30($out)
+	movdqu	@XMM[2], 0x40($out)
+	lea	0x50($out), $out
+
+	movdqa	0x50(%rsp), @XMM[7]	# next iteration tweak
+	jmp	.Lxts_dec_done
+.align	16
+.Lxts_dec_4:
+	pxor	@XMM[8+2], @XMM[2]
+	lea	0x40($inp), $inp
+	pxor	@XMM[8+3], @XMM[3]
+	lea	0x80(%rsp), %rax	# pass key schedule
+	mov	%edx, %r10d		# pass rounds
+
+	call	_bsaes_decrypt8
+
+	pxor	0x00(%rsp), @XMM[0]	# ^= tweak[]
+	pxor	0x10(%rsp), @XMM[1]
+	movdqu	@XMM[0], 0x00($out)	# write output
+	pxor	0x20(%rsp), @XMM[6]
+	movdqu	@XMM[1], 0x10($out)
+	pxor	0x30(%rsp), @XMM[4]
+	movdqu	@XMM[6], 0x20($out)
+	movdqu	@XMM[4], 0x30($out)
+	lea	0x40($out), $out
+
+	movdqa	0x40(%rsp), @XMM[7]	# next iteration tweak
+	jmp	.Lxts_dec_done
+.align	16
+.Lxts_dec_3:
+	pxor	@XMM[8+1], @XMM[1]
+	lea	0x30($inp), $inp
+	pxor	@XMM[8+2], @XMM[2]
+	lea	0x80(%rsp), %rax	# pass key schedule
+	mov	%edx, %r10d		# pass rounds
+
+	call	_bsaes_decrypt8
+
+	pxor	0x00(%rsp), @XMM[0]	# ^= tweak[]
+	pxor	0x10(%rsp), @XMM[1]
+	movdqu	@XMM[0], 0x00($out)	# write output
+	pxor	0x20(%rsp), @XMM[6]
+	movdqu	@XMM[1], 0x10($out)
+	movdqu	@XMM[6], 0x20($out)
+	lea	0x30($out), $out
+
+	movdqa	0x30(%rsp), @XMM[7]	# next iteration tweak
+	jmp	.Lxts_dec_done
+.align	16
+.Lxts_dec_2:
+	pxor	@XMM[8+0], @XMM[0]
+	lea	0x20($inp), $inp
+	pxor	@XMM[8+1], @XMM[1]
+	lea	0x80(%rsp), %rax	# pass key schedule
+	mov	%edx, %r10d		# pass rounds
+
+	call	_bsaes_decrypt8
+
+	pxor	0x00(%rsp), @XMM[0]	# ^= tweak[]
+	pxor	0x10(%rsp), @XMM[1]
+	movdqu	@XMM[0], 0x00($out)	# write output
+	movdqu	@XMM[1], 0x10($out)
+	lea	0x20($out), $out
+
+	movdqa	0x20(%rsp), @XMM[7]	# next iteration tweak
+	jmp	.Lxts_dec_done
+.align	16
+.Lxts_dec_1:
+	pxor	@XMM[0], @XMM[8]
+	lea	0x10($inp), $inp
+	movdqa	@XMM[8], 0x20(%rbp)
+	lea	0x20(%rbp), $arg1
+	lea	0x20(%rbp), $arg2
+	lea	($key), $arg3
+	call	asm_AES_decrypt		# doesn't touch %xmm
+	pxor	0x20(%rbp), @XMM[0]	# ^= tweak[]
+	#pxor	@XMM[8], @XMM[0]
+	#lea	0x80(%rsp), %rax	# pass key schedule
+	#mov	%edx, %r10d		# pass rounds
+	#call	_bsaes_decrypt8
+	#pxor	0x00(%rsp), @XMM[0]	# ^= tweak[]
+	movdqu	@XMM[0], 0x00($out)	# write output
+	lea	0x10($out), $out
+
+	movdqa	0x10(%rsp), @XMM[7]	# next iteration tweak
+
+.Lxts_dec_done:
+	and	\$15, %ebx
+	jz	.Lxts_dec_ret
+
+	pxor	$twtmp, $twtmp
+	movdqa	.Lxts_magic(%rip), $twmask
+	pcmpgtd	@XMM[7], $twtmp
+	pshufd	\$0x13, $twtmp, $twres
+	movdqa	@XMM[7], @XMM[6]
+	paddq	@XMM[7], @XMM[7]	# psllq 1,$tweak
+	pand	$twmask, $twres		# isolate carry and residue
+	movdqu	($inp), @XMM[0]
+	pxor	$twres, @XMM[7]
+
+	lea	0x20(%rbp), $arg1
+	pxor	@XMM[7], @XMM[0]
+	lea	0x20(%rbp), $arg2
+	movdqa	@XMM[0], 0x20(%rbp)
+	lea	($key), $arg3
+	call	asm_AES_decrypt		# doesn't touch %xmm
+	pxor	0x20(%rbp), @XMM[7]
+	mov	$out, %rdx
+	movdqu	@XMM[7], ($out)
+
+.Lxts_dec_steal:
+	movzb	16($inp), %eax
+	movzb	(%rdx), %ecx
+	lea	1($inp), $inp
+	mov	%al, (%rdx)
+	mov	%cl, 16(%rdx)
+	lea	1(%rdx), %rdx
+	sub	\$1,%ebx
+	jnz	.Lxts_dec_steal
+
+	movdqu	($out), @XMM[0]
+	lea	0x20(%rbp), $arg1
+	pxor	@XMM[6], @XMM[0]
+	lea	0x20(%rbp), $arg2
+	movdqa	@XMM[0], 0x20(%rbp)
+	lea	($key), $arg3
+	call	asm_AES_decrypt		# doesn't touch %xmm
+	pxor	0x20(%rbp), @XMM[6]
+	movdqu	@XMM[6], ($out)
+
+.Lxts_dec_ret:
+	lea	(%rsp), %rax
+	pxor	%xmm0, %xmm0
+.Lxts_dec_bzero:			# wipe key schedule [if any]
+	movdqa	%xmm0, 0x00(%rax)
+	movdqa	%xmm0, 0x10(%rax)
+	lea	0x20(%rax), %rax
+	cmp	%rax, %rbp
+	ja	.Lxts_dec_bzero
+
+	lea	0x78(%rbp),%rax
+.cfi_def_cfa	%rax,8
+___
+$code.=<<___ if ($win64);
+	movaps	0x40(%rbp), %xmm6
+	movaps	0x50(%rbp), %xmm7
+	movaps	0x60(%rbp), %xmm8
+	movaps	0x70(%rbp), %xmm9
+	movaps	0x80(%rbp), %xmm10
+	movaps	0x90(%rbp), %xmm11
+	movaps	0xa0(%rbp), %xmm12
+	movaps	0xb0(%rbp), %xmm13
+	movaps	0xc0(%rbp), %xmm14
+	movaps	0xd0(%rbp), %xmm15
+	lea	0xa0(%rax), %rax
+.Lxts_dec_tail:
+___
+$code.=<<___;
+	mov	-48(%rax), %r15
+.cfi_restore	%r15
+	mov	-40(%rax), %r14
+.cfi_restore	%r14
+	mov	-32(%rax), %r13
+.cfi_restore	%r13
+	mov	-24(%rax), %r12
+.cfi_restore	%r12
+	mov	-16(%rax), %rbx
+.cfi_restore	%rbx
+	mov	-8(%rax), %rbp
+.cfi_restore	%rbp
+	lea	(%rax), %rsp		# restore %rsp
+.cfi_def_cfa_register	%rsp
+.Lxts_dec_epilogue:
+	ret
+.cfi_endproc
+.size	bsaes_xts_decrypt,.-bsaes_xts_decrypt
+___
+}
+$code.=<<___;
+.type	_bsaes_const,\@object
+.align	64
+_bsaes_const:
+.LM0ISR:	# InvShiftRows constants
+	.quad	0x0a0e0206070b0f03, 0x0004080c0d010509
+.LISRM0:
+	.quad	0x01040b0e0205080f, 0x0306090c00070a0d
+.LISR:
+	.quad	0x0504070602010003, 0x0f0e0d0c080b0a09
+.LBS0:		# bit-slice constants
+	.quad	0x5555555555555555, 0x5555555555555555
+.LBS1:
+	.quad	0x3333333333333333, 0x3333333333333333
+.LBS2:
+	.quad	0x0f0f0f0f0f0f0f0f, 0x0f0f0f0f0f0f0f0f
+.LSR:		# shiftrows constants
+	.quad	0x0504070600030201, 0x0f0e0d0c0a09080b
+.LSRM0:
+	.quad	0x0304090e00050a0f, 0x01060b0c0207080d
+.LM0SR:
+	.quad	0x0a0e02060f03070b, 0x0004080c05090d01
+.LSWPUP:	# byte-swap upper dword
+	.quad	0x0706050403020100, 0x0c0d0e0f0b0a0908
+.LSWPUPM0SR:
+	.quad	0x0a0d02060c03070b, 0x0004080f05090e01
+.LADD1:		# counter increment constants
+	.quad	0x0000000000000000, 0x0000000100000000
+.LADD2:
+	.quad	0x0000000000000000, 0x0000000200000000
+.LADD3:
+	.quad	0x0000000000000000, 0x0000000300000000
+.LADD4:
+	.quad	0x0000000000000000, 0x0000000400000000
+.LADD5:
+	.quad	0x0000000000000000, 0x0000000500000000
+.LADD6:
+	.quad	0x0000000000000000, 0x0000000600000000
+.LADD7:
+	.quad	0x0000000000000000, 0x0000000700000000
+.LADD8:
+	.quad	0x0000000000000000, 0x0000000800000000
+.Lxts_magic:
+	.long	0x87,0,1,0
+.Lmasks:
+	.quad	0x0101010101010101, 0x0101010101010101
+	.quad	0x0202020202020202, 0x0202020202020202
+	.quad	0x0404040404040404, 0x0404040404040404
+	.quad	0x0808080808080808, 0x0808080808080808
+.LM0:
+	.quad	0x02060a0e03070b0f, 0x0004080c0105090d
+.L63:
+	.quad	0x6363636363636363, 0x6363636363636363
+.asciz	"Bit-sliced AES for x86_64/SSSE3, Emilia Käsper, Peter Schwabe, Andy Polyakov"
+.align	64
+.size	_bsaes_const,.-_bsaes_const
+___
+
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern	__imp_RtlVirtualUnwind
+.type	se_handler,\@abi-omnipotent
+.align	16
+se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# prologue label
+	cmp	%r10,%rbx		# context->Rip<=prologue label
+	jbe	.Lin_prologue
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lin_prologue
+
+	mov	8(%r11),%r10d		# HandlerData[2]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=tail label
+	jae	.Lin_tail
+
+	mov	160($context),%rax	# pull context->Rbp
+
+	lea	0x40(%rax),%rsi		# %xmm save area
+	lea	512($context),%rdi	# &context.Xmm6
+	mov	\$20,%ecx		# 10*sizeof(%xmm0)/sizeof(%rax)
+	.long	0xa548f3fc		# cld; rep movsq
+	lea	0xa0+0x78(%rax),%rax	# adjust stack pointer
+
+.Lin_tail:
+	mov	-48(%rax),%rbp
+	mov	-40(%rax),%rbx
+	mov	-32(%rax),%r12
+	mov	-24(%rax),%r13
+	mov	-16(%rax),%r14
+	mov	-8(%rax),%r15
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+	mov	%r14,232($context)	# restore context->R14
+	mov	%r15,240($context)	# restore context->R15
+
+.Lin_prologue:
+	mov	%rax,152($context)	# restore context->Rsp
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$`1232/8`,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	se_handler,.-se_handler
+
+.section	.pdata
+.align	4
+___
+$code.=<<___ if ($ecb);
+	.rva	.Lecb_enc_prologue
+	.rva	.Lecb_enc_epilogue
+	.rva	.Lecb_enc_info
+
+	.rva	.Lecb_dec_prologue
+	.rva	.Lecb_dec_epilogue
+	.rva	.Lecb_dec_info
+___
+$code.=<<___;
+	.rva	.Lcbc_dec_prologue
+	.rva	.Lcbc_dec_epilogue
+	.rva	.Lcbc_dec_info
+
+	.rva	.Lctr_enc_prologue
+	.rva	.Lctr_enc_epilogue
+	.rva	.Lctr_enc_info
+
+	.rva	.Lxts_enc_prologue
+	.rva	.Lxts_enc_epilogue
+	.rva	.Lxts_enc_info
+
+	.rva	.Lxts_dec_prologue
+	.rva	.Lxts_dec_epilogue
+	.rva	.Lxts_dec_info
+
+.section	.xdata
+.align	8
+___
+$code.=<<___ if ($ecb);
+.Lecb_enc_info:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lecb_enc_body,.Lecb_enc_epilogue	# HandlerData[]
+	.rva	.Lecb_enc_tail
+	.long	0
+.Lecb_dec_info:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lecb_dec_body,.Lecb_dec_epilogue	# HandlerData[]
+	.rva	.Lecb_dec_tail
+	.long	0
+___
+$code.=<<___;
+.Lcbc_dec_info:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lcbc_dec_body,.Lcbc_dec_epilogue	# HandlerData[]
+	.rva	.Lcbc_dec_tail
+	.long	0
+.Lctr_enc_info:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lctr_enc_body,.Lctr_enc_epilogue	# HandlerData[]
+	.rva	.Lctr_enc_tail
+	.long	0
+.Lxts_enc_info:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lxts_enc_body,.Lxts_enc_epilogue	# HandlerData[]
+	.rva	.Lxts_enc_tail
+	.long	0
+.Lxts_dec_info:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lxts_dec_body,.Lxts_dec_epilogue	# HandlerData[]
+	.rva	.Lxts_dec_tail
+	.long	0
+___
+}
+
+$code =~ s/\`([^\`]*)\`/eval($1)/gem;
+
+print $code;
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/vpaes-armv8.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/vpaes-armv8.pl
new file mode 100755
index 000000000..e38288af5
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/vpaes-armv8.pl
@@ -0,0 +1,1277 @@
+#! /usr/bin/env perl
+# Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+######################################################################
+## Constant-time SSSE3 AES core implementation.
+## version 0.1
+##
+## By Mike Hamburg (Stanford University), 2009
+## Public domain.
+##
+## For details see http://shiftleft.org/papers/vector_aes/ and
+## http://crypto.stanford.edu/vpaes/.
+##
+######################################################################
+# ARMv8 NEON adaptation by <appro@openssl.org>
+#
+# Reason for undertaken effort is that there is at least one popular
+# SoC based on Cortex-A53 that doesn't have crypto extensions.
+#
+#                   CBC enc     ECB enc/dec(*)   [bit-sliced enc/dec]
+# Cortex-A53        21.5        18.1/20.6        [17.5/19.8         ]
+# Cortex-A57        36.0(**)    20.4/24.9(**)    [14.4/16.6         ]
+# X-Gene            45.9(**)    45.8/57.7(**)    [33.1/37.6(**)     ]
+# Denver(***)       16.6(**)    15.1/17.8(**)    [8.80/9.93         ]
+# Apple A7(***)     22.7(**)    10.9/14.3        [8.45/10.0         ]
+# Mongoose(***)     26.3(**)    21.0/25.0(**)    [13.3/16.8         ]
+#
+# (*)	ECB denotes approximate result for parallelizable modes
+#	such as CBC decrypt, CTR, etc.;
+# (**)	these results are worse than scalar compiler-generated
+#	code, but it's constant-time and therefore preferred;
+# (***)	presented for reference/comparison purposes;
+
+$flavour = shift;
+while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
+die "can't locate arm-xlate.pl";
+
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
+
+$code.=<<___;
+.text
+
+.type	_vpaes_consts,%object
+.align	7	// totally strategic alignment
+_vpaes_consts:
+.Lk_mc_forward:	// mc_forward
+	.quad	0x0407060500030201, 0x0C0F0E0D080B0A09
+	.quad	0x080B0A0904070605, 0x000302010C0F0E0D
+	.quad	0x0C0F0E0D080B0A09, 0x0407060500030201
+	.quad	0x000302010C0F0E0D, 0x080B0A0904070605
+.Lk_mc_backward:// mc_backward
+	.quad	0x0605040702010003, 0x0E0D0C0F0A09080B
+	.quad	0x020100030E0D0C0F, 0x0A09080B06050407
+	.quad	0x0E0D0C0F0A09080B, 0x0605040702010003
+	.quad	0x0A09080B06050407, 0x020100030E0D0C0F
+.Lk_sr:		// sr
+	.quad	0x0706050403020100, 0x0F0E0D0C0B0A0908
+	.quad	0x030E09040F0A0500, 0x0B06010C07020D08
+	.quad	0x0F060D040B020900, 0x070E050C030A0108
+	.quad	0x0B0E0104070A0D00, 0x0306090C0F020508
+
+//
+// "Hot" constants
+//
+.Lk_inv:	// inv, inva
+	.quad	0x0E05060F0D080180, 0x040703090A0B0C02
+	.quad	0x01040A060F0B0780, 0x030D0E0C02050809
+.Lk_ipt:	// input transform (lo, hi)
+	.quad	0xC2B2E8985A2A7000, 0xCABAE09052227808
+	.quad	0x4C01307D317C4D00, 0xCD80B1FCB0FDCC81
+.Lk_sbo:	// sbou, sbot
+	.quad	0xD0D26D176FBDC700, 0x15AABF7AC502A878
+	.quad	0xCFE474A55FBB6A00, 0x8E1E90D1412B35FA
+.Lk_sb1:	// sb1u, sb1t
+	.quad	0x3618D415FAE22300, 0x3BF7CCC10D2ED9EF
+	.quad	0xB19BE18FCB503E00, 0xA5DF7A6E142AF544
+.Lk_sb2:	// sb2u, sb2t
+	.quad	0x69EB88400AE12900, 0xC2A163C8AB82234A
+	.quad	0xE27A93C60B712400, 0x5EB7E955BC982FCD
+
+//
+//  Decryption stuff
+//
+.Lk_dipt:	// decryption input transform
+	.quad	0x0F505B040B545F00, 0x154A411E114E451A
+	.quad	0x86E383E660056500, 0x12771772F491F194
+.Lk_dsbo:	// decryption sbox final output
+	.quad	0x1387EA537EF94000, 0xC7AA6DB9D4943E2D
+	.quad	0x12D7560F93441D00, 0xCA4B8159D8C58E9C
+.Lk_dsb9:	// decryption sbox output *9*u, *9*t
+	.quad	0x851C03539A86D600, 0xCAD51F504F994CC9
+	.quad	0xC03B1789ECD74900, 0x725E2C9EB2FBA565
+.Lk_dsbd:	// decryption sbox output *D*u, *D*t
+	.quad	0x7D57CCDFE6B1A200, 0xF56E9B13882A4439
+	.quad	0x3CE2FAF724C6CB00, 0x2931180D15DEEFD3
+.Lk_dsbb:	// decryption sbox output *B*u, *B*t
+	.quad	0xD022649296B44200, 0x602646F6B0F2D404
+	.quad	0xC19498A6CD596700, 0xF3FF0C3E3255AA6B
+.Lk_dsbe:	// decryption sbox output *E*u, *E*t
+	.quad	0x46F2929626D4D000, 0x2242600464B4F6B0
+	.quad	0x0C55A6CDFFAAC100, 0x9467F36B98593E32
+
+//
+//  Key schedule constants
+//
+.Lk_dksd:	// decryption key schedule: invskew x*D
+	.quad	0xFEB91A5DA3E44700, 0x0740E3A45A1DBEF9
+	.quad	0x41C277F4B5368300, 0x5FDC69EAAB289D1E
+.Lk_dksb:	// decryption key schedule: invskew x*B
+	.quad	0x9A4FCA1F8550D500, 0x03D653861CC94C99
+	.quad	0x115BEDA7B6FC4A00, 0xD993256F7E3482C8
+.Lk_dkse:	// decryption key schedule: invskew x*E + 0x63
+	.quad	0xD5031CCA1FC9D600, 0x53859A4C994F5086
+	.quad	0xA23196054FDC7BE8, 0xCD5EF96A20B31487
+.Lk_dks9:	// decryption key schedule: invskew x*9
+	.quad	0xB6116FC87ED9A700, 0x4AED933482255BFC
+	.quad	0x4576516227143300, 0x8BB89FACE9DAFDCE
+
+.Lk_rcon:	// rcon
+	.quad	0x1F8391B9AF9DEEB6, 0x702A98084D7C7D81
+
+.Lk_opt:	// output transform
+	.quad	0xFF9F4929D6B66000, 0xF7974121DEBE6808
+	.quad	0x01EDBD5150BCEC00, 0xE10D5DB1B05C0CE0
+.Lk_deskew:	// deskew tables: inverts the sbox's "skew"
+	.quad	0x07E4A34047A4E300, 0x1DFEB95A5DBEF91A
+	.quad	0x5F36B5DC83EA6900, 0x2841C2ABF49D1E77
+
+.asciz  "Vector Permutation AES for ARMv8, Mike Hamburg (Stanford University)"
+.size	_vpaes_consts,.-_vpaes_consts
+.align	6
+___
+
+{
+my ($inp,$out,$key) = map("x$_",(0..2));
+
+my ($invlo,$invhi,$iptlo,$ipthi,$sbou,$sbot) = map("v$_.16b",(18..23));
+my ($sb1u,$sb1t,$sb2u,$sb2t) = map("v$_.16b",(24..27));
+my ($sb9u,$sb9t,$sbdu,$sbdt,$sbbu,$sbbt,$sbeu,$sbet)=map("v$_.16b",(24..31));
+
+$code.=<<___;
+##
+##  _aes_preheat
+##
+##  Fills register %r10 -> .aes_consts (so you can -fPIC)
+##  and %xmm9-%xmm15 as specified below.
+##
+.type	_vpaes_encrypt_preheat,%function
+.align	4
+_vpaes_encrypt_preheat:
+	adr	x10, .Lk_inv
+	movi	v17.16b, #0x0f
+	ld1	{v18.2d-v19.2d}, [x10],#32	// .Lk_inv
+	ld1	{v20.2d-v23.2d}, [x10],#64	// .Lk_ipt, .Lk_sbo
+	ld1	{v24.2d-v27.2d}, [x10]		// .Lk_sb1, .Lk_sb2
+	ret
+.size	_vpaes_encrypt_preheat,.-_vpaes_encrypt_preheat
+
+##
+##  _aes_encrypt_core
+##
+##  AES-encrypt %xmm0.
+##
+##  Inputs:
+##     %xmm0 = input
+##     %xmm9-%xmm15 as in _vpaes_preheat
+##    (%rdx) = scheduled keys
+##
+##  Output in %xmm0
+##  Clobbers  %xmm1-%xmm5, %r9, %r10, %r11, %rax
+##  Preserves %xmm6 - %xmm8 so you get some local vectors
+##
+##
+.type	_vpaes_encrypt_core,%function
+.align 4
+_vpaes_encrypt_core:
+	mov	x9, $key
+	ldr	w8, [$key,#240]			// pull rounds
+	adr	x11, .Lk_mc_forward+16
+						// vmovdqa	.Lk_ipt(%rip),	%xmm2	# iptlo
+	ld1	{v16.2d}, [x9], #16		// vmovdqu	(%r9),	%xmm5		# round0 key
+	and	v1.16b, v7.16b, v17.16b		// vpand	%xmm9,	%xmm0,	%xmm1
+	ushr	v0.16b, v7.16b, #4		// vpsrlb	\$4,	%xmm0,	%xmm0
+	tbl	v1.16b, {$iptlo}, v1.16b	// vpshufb	%xmm1,	%xmm2,	%xmm1
+						// vmovdqa	.Lk_ipt+16(%rip), %xmm3	# ipthi
+	tbl	v2.16b, {$ipthi}, v0.16b	// vpshufb	%xmm0,	%xmm3,	%xmm2
+	eor	v0.16b, v1.16b, v16.16b		// vpxor	%xmm5,	%xmm1,	%xmm0
+	eor	v0.16b, v0.16b, v2.16b		// vpxor	%xmm2,	%xmm0,	%xmm0
+	b	.Lenc_entry
+
+.align 4
+.Lenc_loop:
+	// middle of middle round
+	add	x10, x11, #0x40
+	tbl	v4.16b, {$sb1t}, v2.16b		// vpshufb	%xmm2,	%xmm13,	%xmm4	# 4 = sb1u
+	ld1	{v1.2d}, [x11], #16		// vmovdqa	-0x40(%r11,%r10), %xmm1	# .Lk_mc_forward[]
+	tbl	v0.16b, {$sb1u}, v3.16b		// vpshufb	%xmm3,	%xmm12,	%xmm0	# 0 = sb1t
+	eor	v4.16b, v4.16b, v16.16b		// vpxor	%xmm5,	%xmm4,	%xmm4	# 4 = sb1u + k
+	tbl	v5.16b,	{$sb2t}, v2.16b		// vpshufb	%xmm2,	%xmm15,	%xmm5	# 4 = sb2u
+	eor	v0.16b, v0.16b, v4.16b		// vpxor	%xmm4,	%xmm0,	%xmm0	# 0 = A
+	tbl	v2.16b, {$sb2u}, v3.16b		// vpshufb	%xmm3,	%xmm14,	%xmm2	# 2 = sb2t
+	ld1	{v4.2d}, [x10]			// vmovdqa	(%r11,%r10), %xmm4	# .Lk_mc_backward[]
+	tbl	v3.16b, {v0.16b}, v1.16b	// vpshufb	%xmm1,	%xmm0,	%xmm3	# 0 = B
+	eor	v2.16b, v2.16b, v5.16b		// vpxor	%xmm5,	%xmm2,	%xmm2	# 2 = 2A
+	tbl	v0.16b, {v0.16b}, v4.16b	// vpshufb	%xmm4,	%xmm0,	%xmm0	# 3 = D
+	eor	v3.16b, v3.16b, v2.16b		// vpxor	%xmm2,	%xmm3,	%xmm3	# 0 = 2A+B
+	tbl	v4.16b, {v3.16b}, v1.16b	// vpshufb	%xmm1,	%xmm3,	%xmm4	# 0 = 2B+C
+	eor	v0.16b, v0.16b, v3.16b		// vpxor	%xmm3,	%xmm0,	%xmm0	# 3 = 2A+B+D
+	and	x11, x11, #~(1<<6)		// and		\$0x30,	%r11		# ... mod 4
+	eor	v0.16b, v0.16b, v4.16b		// vpxor	%xmm4,	%xmm0, %xmm0	# 0 = 2A+3B+C+D
+	sub	w8, w8, #1			// nr--
+
+.Lenc_entry:
+	// top of round
+	and	v1.16b, v0.16b, v17.16b		// vpand	%xmm0,	%xmm9,	%xmm1   # 0 = k
+	ushr	v0.16b, v0.16b, #4		// vpsrlb	\$4,	%xmm0,	%xmm0	# 1 = i
+	tbl	v5.16b, {$invhi}, v1.16b	// vpshufb	%xmm1,	%xmm11,	%xmm5	# 2 = a/k
+	eor	v1.16b, v1.16b, v0.16b		// vpxor	%xmm0,	%xmm1,	%xmm1	# 0 = j
+	tbl	v3.16b, {$invlo}, v0.16b	// vpshufb	%xmm0, 	%xmm10,	%xmm3  	# 3 = 1/i
+	tbl	v4.16b, {$invlo}, v1.16b	// vpshufb	%xmm1, 	%xmm10,	%xmm4  	# 4 = 1/j
+	eor	v3.16b, v3.16b, v5.16b		// vpxor	%xmm5,	%xmm3,	%xmm3	# 3 = iak = 1/i + a/k
+	eor	v4.16b, v4.16b, v5.16b		// vpxor	%xmm5,	%xmm4,	%xmm4  	# 4 = jak = 1/j + a/k
+	tbl	v2.16b, {$invlo}, v3.16b	// vpshufb	%xmm3,	%xmm10,	%xmm2  	# 2 = 1/iak
+	tbl	v3.16b, {$invlo}, v4.16b	// vpshufb	%xmm4,	%xmm10,	%xmm3	# 3 = 1/jak
+	eor	v2.16b, v2.16b, v1.16b		// vpxor	%xmm1,	%xmm2,	%xmm2  	# 2 = io
+	eor	v3.16b, v3.16b, v0.16b		// vpxor	%xmm0,	%xmm3,	%xmm3	# 3 = jo
+	ld1	{v16.2d}, [x9],#16		// vmovdqu	(%r9),	%xmm5
+	cbnz	w8, .Lenc_loop
+
+	// middle of last round
+	add	x10, x11, #0x80
+						// vmovdqa	-0x60(%r10), %xmm4	# 3 : sbou	.Lk_sbo
+						// vmovdqa	-0x50(%r10), %xmm0	# 0 : sbot	.Lk_sbo+16
+	tbl	v4.16b, {$sbou}, v2.16b		// vpshufb	%xmm2,	%xmm4,	%xmm4	# 4 = sbou
+	ld1	{v1.2d}, [x10]			// vmovdqa	0x40(%r11,%r10), %xmm1	# .Lk_sr[]
+	tbl	v0.16b, {$sbot}, v3.16b		// vpshufb	%xmm3,	%xmm0,	%xmm0	# 0 = sb1t
+	eor	v4.16b, v4.16b, v16.16b		// vpxor	%xmm5,	%xmm4,	%xmm4	# 4 = sb1u + k
+	eor	v0.16b, v0.16b, v4.16b		// vpxor	%xmm4,	%xmm0,	%xmm0	# 0 = A
+	tbl	v0.16b, {v0.16b}, v1.16b	// vpshufb	%xmm1,	%xmm0,	%xmm0
+	ret
+.size	_vpaes_encrypt_core,.-_vpaes_encrypt_core
+
+.globl	vpaes_encrypt
+.type	vpaes_encrypt,%function
+.align	4
+vpaes_encrypt:
+	.inst	0xd503233f			// paciasp
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+
+	ld1	{v7.16b}, [$inp]
+	bl	_vpaes_encrypt_preheat
+	bl	_vpaes_encrypt_core
+	st1	{v0.16b}, [$out]
+
+	ldp	x29,x30,[sp],#16
+	.inst	0xd50323bf			// autiasp
+	ret
+.size	vpaes_encrypt,.-vpaes_encrypt
+
+.type	_vpaes_encrypt_2x,%function
+.align 4
+_vpaes_encrypt_2x:
+	mov	x9, $key
+	ldr	w8, [$key,#240]			// pull rounds
+	adr	x11, .Lk_mc_forward+16
+						// vmovdqa	.Lk_ipt(%rip),	%xmm2	# iptlo
+	ld1	{v16.2d}, [x9], #16		// vmovdqu	(%r9),	%xmm5		# round0 key
+	and	v1.16b,  v14.16b,  v17.16b	// vpand	%xmm9,	%xmm0,	%xmm1
+	ushr	v0.16b,  v14.16b,  #4		// vpsrlb	\$4,	%xmm0,	%xmm0
+	 and	v9.16b,  v15.16b,  v17.16b
+	 ushr	v8.16b,  v15.16b,  #4
+	tbl	v1.16b,  {$iptlo}, v1.16b	// vpshufb	%xmm1,	%xmm2,	%xmm1
+	 tbl	v9.16b,  {$iptlo}, v9.16b
+						// vmovdqa	.Lk_ipt+16(%rip), %xmm3	# ipthi
+	tbl	v2.16b,  {$ipthi}, v0.16b	// vpshufb	%xmm0,	%xmm3,	%xmm2
+	 tbl	v10.16b, {$ipthi}, v8.16b
+	eor	v0.16b,  v1.16b,   v16.16b	// vpxor	%xmm5,	%xmm1,	%xmm0
+	 eor	v8.16b,  v9.16b,   v16.16b
+	eor	v0.16b,  v0.16b,   v2.16b	// vpxor	%xmm2,	%xmm0,	%xmm0
+	 eor	v8.16b,  v8.16b,   v10.16b
+	b	.Lenc_2x_entry
+
+.align 4
+.Lenc_2x_loop:
+	// middle of middle round
+	add	x10, x11, #0x40
+	tbl	v4.16b,  {$sb1t}, v2.16b	// vpshufb	%xmm2,	%xmm13,	%xmm4	# 4 = sb1u
+	 tbl	v12.16b, {$sb1t}, v10.16b
+	ld1	{v1.2d}, [x11], #16		// vmovdqa	-0x40(%r11,%r10), %xmm1	# .Lk_mc_forward[]
+	tbl	v0.16b,  {$sb1u}, v3.16b	// vpshufb	%xmm3,	%xmm12,	%xmm0	# 0 = sb1t
+	 tbl	v8.16b,  {$sb1u}, v11.16b
+	eor	v4.16b,  v4.16b,  v16.16b	// vpxor	%xmm5,	%xmm4,	%xmm4	# 4 = sb1u + k
+	 eor	v12.16b, v12.16b, v16.16b
+	tbl	v5.16b,	 {$sb2t}, v2.16b	// vpshufb	%xmm2,	%xmm15,	%xmm5	# 4 = sb2u
+	 tbl	v13.16b, {$sb2t}, v10.16b
+	eor	v0.16b,  v0.16b,  v4.16b	// vpxor	%xmm4,	%xmm0,	%xmm0	# 0 = A
+	 eor	v8.16b,  v8.16b,  v12.16b
+	tbl	v2.16b,  {$sb2u}, v3.16b	// vpshufb	%xmm3,	%xmm14,	%xmm2	# 2 = sb2t
+	 tbl	v10.16b, {$sb2u}, v11.16b
+	ld1	{v4.2d}, [x10]			// vmovdqa	(%r11,%r10), %xmm4	# .Lk_mc_backward[]
+	tbl	v3.16b,  {v0.16b}, v1.16b	// vpshufb	%xmm1,	%xmm0,	%xmm3	# 0 = B
+	 tbl	v11.16b, {v8.16b}, v1.16b
+	eor	v2.16b,  v2.16b,  v5.16b	// vpxor	%xmm5,	%xmm2,	%xmm2	# 2 = 2A
+	 eor	v10.16b, v10.16b, v13.16b
+	tbl	v0.16b,  {v0.16b}, v4.16b	// vpshufb	%xmm4,	%xmm0,	%xmm0	# 3 = D
+	 tbl	v8.16b,  {v8.16b}, v4.16b
+	eor	v3.16b,  v3.16b,  v2.16b	// vpxor	%xmm2,	%xmm3,	%xmm3	# 0 = 2A+B
+	 eor	v11.16b, v11.16b, v10.16b
+	tbl	v4.16b,  {v3.16b}, v1.16b	// vpshufb	%xmm1,	%xmm3,	%xmm4	# 0 = 2B+C
+	 tbl	v12.16b, {v11.16b},v1.16b
+	eor	v0.16b,  v0.16b,  v3.16b	// vpxor	%xmm3,	%xmm0,	%xmm0	# 3 = 2A+B+D
+	 eor	v8.16b,  v8.16b,  v11.16b
+	and	x11, x11, #~(1<<6)		// and		\$0x30,	%r11		# ... mod 4
+	eor	v0.16b,  v0.16b,  v4.16b	// vpxor	%xmm4,	%xmm0, %xmm0	# 0 = 2A+3B+C+D
+	 eor	v8.16b,  v8.16b,  v12.16b
+	sub	w8, w8, #1			// nr--
+
+.Lenc_2x_entry:
+	// top of round
+	and	v1.16b,  v0.16b, v17.16b	// vpand	%xmm0,	%xmm9,	%xmm1   # 0 = k
+	ushr	v0.16b,  v0.16b, #4		// vpsrlb	\$4,	%xmm0,	%xmm0	# 1 = i
+	 and	v9.16b,  v8.16b, v17.16b
+	 ushr	v8.16b,  v8.16b, #4
+	tbl	v5.16b,  {$invhi},v1.16b	// vpshufb	%xmm1,	%xmm11,	%xmm5	# 2 = a/k
+	 tbl	v13.16b, {$invhi},v9.16b
+	eor	v1.16b,  v1.16b,  v0.16b	// vpxor	%xmm0,	%xmm1,	%xmm1	# 0 = j
+	 eor	v9.16b,  v9.16b,  v8.16b
+	tbl	v3.16b,  {$invlo},v0.16b	// vpshufb	%xmm0, 	%xmm10,	%xmm3  	# 3 = 1/i
+	 tbl	v11.16b, {$invlo},v8.16b
+	tbl	v4.16b,  {$invlo},v1.16b	// vpshufb	%xmm1, 	%xmm10,	%xmm4  	# 4 = 1/j
+	 tbl	v12.16b, {$invlo},v9.16b
+	eor	v3.16b,  v3.16b,  v5.16b	// vpxor	%xmm5,	%xmm3,	%xmm3	# 3 = iak = 1/i + a/k
+	 eor	v11.16b, v11.16b, v13.16b
+	eor	v4.16b,  v4.16b,  v5.16b	// vpxor	%xmm5,	%xmm4,	%xmm4  	# 4 = jak = 1/j + a/k
+	 eor	v12.16b, v12.16b, v13.16b
+	tbl	v2.16b,  {$invlo},v3.16b	// vpshufb	%xmm3,	%xmm10,	%xmm2  	# 2 = 1/iak
+	 tbl	v10.16b, {$invlo},v11.16b
+	tbl	v3.16b,  {$invlo},v4.16b	// vpshufb	%xmm4,	%xmm10,	%xmm3	# 3 = 1/jak
+	 tbl	v11.16b, {$invlo},v12.16b
+	eor	v2.16b,  v2.16b,  v1.16b	// vpxor	%xmm1,	%xmm2,	%xmm2  	# 2 = io
+	 eor	v10.16b, v10.16b, v9.16b
+	eor	v3.16b,  v3.16b,  v0.16b	// vpxor	%xmm0,	%xmm3,	%xmm3	# 3 = jo
+	 eor	v11.16b, v11.16b, v8.16b
+	ld1	{v16.2d}, [x9],#16		// vmovdqu	(%r9),	%xmm5
+	cbnz	w8, .Lenc_2x_loop
+
+	// middle of last round
+	add	x10, x11, #0x80
+						// vmovdqa	-0x60(%r10), %xmm4	# 3 : sbou	.Lk_sbo
+						// vmovdqa	-0x50(%r10), %xmm0	# 0 : sbot	.Lk_sbo+16
+	tbl	v4.16b,  {$sbou}, v2.16b	// vpshufb	%xmm2,	%xmm4,	%xmm4	# 4 = sbou
+	 tbl	v12.16b, {$sbou}, v10.16b
+	ld1	{v1.2d}, [x10]			// vmovdqa	0x40(%r11,%r10), %xmm1	# .Lk_sr[]
+	tbl	v0.16b,  {$sbot}, v3.16b	// vpshufb	%xmm3,	%xmm0,	%xmm0	# 0 = sb1t
+	 tbl	v8.16b,  {$sbot}, v11.16b
+	eor	v4.16b,  v4.16b,  v16.16b	// vpxor	%xmm5,	%xmm4,	%xmm4	# 4 = sb1u + k
+	 eor	v12.16b, v12.16b, v16.16b
+	eor	v0.16b,  v0.16b,  v4.16b	// vpxor	%xmm4,	%xmm0,	%xmm0	# 0 = A
+	 eor	v8.16b,  v8.16b,  v12.16b
+	tbl	v0.16b,  {v0.16b},v1.16b	// vpshufb	%xmm1,	%xmm0,	%xmm0
+	 tbl	v1.16b,  {v8.16b},v1.16b
+	ret
+.size	_vpaes_encrypt_2x,.-_vpaes_encrypt_2x
+
+.type	_vpaes_decrypt_preheat,%function
+.align	4
+_vpaes_decrypt_preheat:
+	adr	x10, .Lk_inv
+	movi	v17.16b, #0x0f
+	adr	x11, .Lk_dipt
+	ld1	{v18.2d-v19.2d}, [x10],#32	// .Lk_inv
+	ld1	{v20.2d-v23.2d}, [x11],#64	// .Lk_dipt, .Lk_dsbo
+	ld1	{v24.2d-v27.2d}, [x11],#64	// .Lk_dsb9, .Lk_dsbd
+	ld1	{v28.2d-v31.2d}, [x11]		// .Lk_dsbb, .Lk_dsbe
+	ret
+.size	_vpaes_decrypt_preheat,.-_vpaes_decrypt_preheat
+
+##
+##  Decryption core
+##
+##  Same API as encryption core.
+##
+.type	_vpaes_decrypt_core,%function
+.align	4
+_vpaes_decrypt_core:
+	mov	x9, $key
+	ldr	w8, [$key,#240]			// pull rounds
+
+						// vmovdqa	.Lk_dipt(%rip), %xmm2	# iptlo
+	lsl	x11, x8, #4			// mov	%rax,	%r11;	shl	\$4, %r11
+	eor	x11, x11, #0x30			// xor		\$0x30,	%r11
+	adr	x10, .Lk_sr
+	and	x11, x11, #0x30			// and		\$0x30,	%r11
+	add	x11, x11, x10
+	adr	x10, .Lk_mc_forward+48
+
+	ld1	{v16.2d}, [x9],#16		// vmovdqu	(%r9),	%xmm4		# round0 key
+	and	v1.16b, v7.16b, v17.16b		// vpand	%xmm9,	%xmm0,	%xmm1
+	ushr	v0.16b, v7.16b, #4		// vpsrlb	\$4,	%xmm0,	%xmm0
+	tbl	v2.16b, {$iptlo}, v1.16b	// vpshufb	%xmm1,	%xmm2,	%xmm2
+	ld1	{v5.2d}, [x10]			// vmovdqa	.Lk_mc_forward+48(%rip), %xmm5
+						// vmovdqa	.Lk_dipt+16(%rip), %xmm1 # ipthi
+	tbl	v0.16b, {$ipthi}, v0.16b	// vpshufb	%xmm0,	%xmm1,	%xmm0
+	eor	v2.16b, v2.16b, v16.16b		// vpxor	%xmm4,	%xmm2,	%xmm2
+	eor	v0.16b, v0.16b, v2.16b		// vpxor	%xmm2,	%xmm0,	%xmm0
+	b	.Ldec_entry
+
+.align 4
+.Ldec_loop:
+//
+//  Inverse mix columns
+//
+						// vmovdqa	-0x20(%r10),%xmm4		# 4 : sb9u
+						// vmovdqa	-0x10(%r10),%xmm1		# 0 : sb9t
+	tbl	v4.16b, {$sb9u}, v2.16b		// vpshufb	%xmm2,	%xmm4,	%xmm4		# 4 = sb9u
+	tbl	v1.16b, {$sb9t}, v3.16b		// vpshufb	%xmm3,	%xmm1,	%xmm1		# 0 = sb9t
+	eor	v0.16b, v4.16b, v16.16b		// vpxor	%xmm4,	%xmm0,	%xmm0
+						// vmovdqa	0x00(%r10),%xmm4		# 4 : sbdu
+	eor	v0.16b, v0.16b, v1.16b		// vpxor	%xmm1,	%xmm0,	%xmm0		# 0 = ch
+						// vmovdqa	0x10(%r10),%xmm1		# 0 : sbdt
+
+	tbl	v4.16b, {$sbdu}, v2.16b		// vpshufb	%xmm2,	%xmm4,	%xmm4		# 4 = sbdu
+	tbl 	v0.16b, {v0.16b}, v5.16b	// vpshufb	%xmm5,	%xmm0,	%xmm0		# MC ch
+	tbl	v1.16b, {$sbdt}, v3.16b		// vpshufb	%xmm3,	%xmm1,	%xmm1		# 0 = sbdt
+	eor	v0.16b, v0.16b, v4.16b		// vpxor	%xmm4,	%xmm0,	%xmm0		# 4 = ch
+						// vmovdqa	0x20(%r10),	%xmm4		# 4 : sbbu
+	eor	v0.16b, v0.16b, v1.16b		// vpxor	%xmm1,	%xmm0,	%xmm0		# 0 = ch
+						// vmovdqa	0x30(%r10),	%xmm1		# 0 : sbbt
+
+	tbl	v4.16b, {$sbbu}, v2.16b		// vpshufb	%xmm2,	%xmm4,	%xmm4		# 4 = sbbu
+	tbl	v0.16b, {v0.16b}, v5.16b	// vpshufb	%xmm5,	%xmm0,	%xmm0		# MC ch
+	tbl	v1.16b, {$sbbt}, v3.16b		// vpshufb	%xmm3,	%xmm1,	%xmm1		# 0 = sbbt
+	eor	v0.16b, v0.16b, v4.16b		// vpxor	%xmm4,	%xmm0,	%xmm0		# 4 = ch
+						// vmovdqa	0x40(%r10),	%xmm4		# 4 : sbeu
+	eor	v0.16b, v0.16b, v1.16b		// vpxor	%xmm1,	%xmm0,	%xmm0		# 0 = ch
+						// vmovdqa	0x50(%r10),	%xmm1		# 0 : sbet
+
+	tbl	v4.16b, {$sbeu}, v2.16b		// vpshufb	%xmm2,	%xmm4,	%xmm4		# 4 = sbeu
+	tbl	v0.16b, {v0.16b}, v5.16b	// vpshufb	%xmm5,	%xmm0,	%xmm0		# MC ch
+	tbl	v1.16b, {$sbet}, v3.16b		// vpshufb	%xmm3,	%xmm1,	%xmm1		# 0 = sbet
+	eor	v0.16b, v0.16b, v4.16b		// vpxor	%xmm4,	%xmm0,	%xmm0		# 4 = ch
+	ext	v5.16b, v5.16b, v5.16b, #12	// vpalignr \$12,	%xmm5,	%xmm5,	%xmm5
+	eor	v0.16b, v0.16b, v1.16b		// vpxor	%xmm1,	%xmm0,	%xmm0		# 0 = ch
+	sub	w8, w8, #1			// sub		\$1,%rax			# nr--
+
+.Ldec_entry:
+	// top of round
+	and	v1.16b, v0.16b, v17.16b		// vpand	%xmm9,	%xmm0,	%xmm1	# 0 = k
+	ushr	v0.16b, v0.16b, #4		// vpsrlb	\$4,	%xmm0,	%xmm0	# 1 = i
+	tbl	v2.16b, {$invhi}, v1.16b	// vpshufb	%xmm1,	%xmm11,	%xmm2	# 2 = a/k
+	eor	v1.16b,	v1.16b, v0.16b		// vpxor	%xmm0,	%xmm1,	%xmm1	# 0 = j
+	tbl	v3.16b, {$invlo}, v0.16b	// vpshufb	%xmm0, 	%xmm10,	%xmm3	# 3 = 1/i
+	tbl	v4.16b, {$invlo}, v1.16b	// vpshufb	%xmm1,	%xmm10,	%xmm4	# 4 = 1/j
+	eor	v3.16b, v3.16b, v2.16b		// vpxor	%xmm2,	%xmm3,	%xmm3	# 3 = iak = 1/i + a/k
+	eor	v4.16b, v4.16b, v2.16b		// vpxor	%xmm2, 	%xmm4,	%xmm4	# 4 = jak = 1/j + a/k
+	tbl	v2.16b, {$invlo}, v3.16b	// vpshufb	%xmm3,	%xmm10,	%xmm2	# 2 = 1/iak
+	tbl	v3.16b, {$invlo}, v4.16b	// vpshufb	%xmm4,  %xmm10,	%xmm3	# 3 = 1/jak
+	eor	v2.16b, v2.16b, v1.16b		// vpxor	%xmm1,	%xmm2,	%xmm2	# 2 = io
+	eor	v3.16b, v3.16b, v0.16b		// vpxor	%xmm0,  %xmm3,	%xmm3	# 3 = jo
+	ld1	{v16.2d}, [x9],#16		// vmovdqu	(%r9),	%xmm0
+	cbnz	w8, .Ldec_loop
+
+	// middle of last round
+						// vmovdqa	0x60(%r10),	%xmm4	# 3 : sbou
+	tbl	v4.16b, {$sbou}, v2.16b		// vpshufb	%xmm2,	%xmm4,	%xmm4	# 4 = sbou
+						// vmovdqa	0x70(%r10),	%xmm1	# 0 : sbot
+	ld1	{v2.2d}, [x11]			// vmovdqa	-0x160(%r11),	%xmm2	# .Lk_sr-.Lk_dsbd=-0x160
+	tbl	v1.16b, {$sbot}, v3.16b		// vpshufb	%xmm3,	%xmm1,	%xmm1	# 0 = sb1t
+	eor	v4.16b, v4.16b, v16.16b		// vpxor	%xmm0,	%xmm4,	%xmm4	# 4 = sb1u + k
+	eor	v0.16b, v1.16b, v4.16b		// vpxor	%xmm4,	%xmm1,	%xmm0	# 0 = A
+	tbl	v0.16b, {v0.16b}, v2.16b	// vpshufb	%xmm2,	%xmm0,	%xmm0
+	ret
+.size	_vpaes_decrypt_core,.-_vpaes_decrypt_core
+
+.globl	vpaes_decrypt
+.type	vpaes_decrypt,%function
+.align	4
+vpaes_decrypt:
+	.inst	0xd503233f			// paciasp
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+
+	ld1	{v7.16b}, [$inp]
+	bl	_vpaes_decrypt_preheat
+	bl	_vpaes_decrypt_core
+	st1	{v0.16b}, [$out]
+
+	ldp	x29,x30,[sp],#16
+	.inst	0xd50323bf			// autiasp
+	ret
+.size	vpaes_decrypt,.-vpaes_decrypt
+
+// v14-v15 input, v0-v1 output
+.type	_vpaes_decrypt_2x,%function
+.align	4
+_vpaes_decrypt_2x:
+	mov	x9, $key
+	ldr	w8, [$key,#240]			// pull rounds
+
+						// vmovdqa	.Lk_dipt(%rip), %xmm2	# iptlo
+	lsl	x11, x8, #4			// mov	%rax,	%r11;	shl	\$4, %r11
+	eor	x11, x11, #0x30			// xor		\$0x30,	%r11
+	adr	x10, .Lk_sr
+	and	x11, x11, #0x30			// and		\$0x30,	%r11
+	add	x11, x11, x10
+	adr	x10, .Lk_mc_forward+48
+
+	ld1	{v16.2d}, [x9],#16		// vmovdqu	(%r9),	%xmm4		# round0 key
+	and	v1.16b,  v14.16b, v17.16b	// vpand	%xmm9,	%xmm0,	%xmm1
+	ushr	v0.16b,  v14.16b, #4		// vpsrlb	\$4,	%xmm0,	%xmm0
+	 and	v9.16b,  v15.16b, v17.16b
+	 ushr	v8.16b,  v15.16b, #4
+	tbl	v2.16b,  {$iptlo},v1.16b	// vpshufb	%xmm1,	%xmm2,	%xmm2
+	 tbl	v10.16b, {$iptlo},v9.16b
+	ld1	{v5.2d}, [x10]			// vmovdqa	.Lk_mc_forward+48(%rip), %xmm5
+						// vmovdqa	.Lk_dipt+16(%rip), %xmm1 # ipthi
+	tbl	v0.16b,  {$ipthi},v0.16b	// vpshufb	%xmm0,	%xmm1,	%xmm0
+	 tbl	v8.16b,  {$ipthi},v8.16b
+	eor	v2.16b,  v2.16b,  v16.16b	// vpxor	%xmm4,	%xmm2,	%xmm2
+	 eor	v10.16b, v10.16b, v16.16b
+	eor	v0.16b,  v0.16b,  v2.16b	// vpxor	%xmm2,	%xmm0,	%xmm0
+	 eor	v8.16b,  v8.16b,  v10.16b
+	b	.Ldec_2x_entry
+
+.align 4
+.Ldec_2x_loop:
+//
+//  Inverse mix columns
+//
+						// vmovdqa	-0x20(%r10),%xmm4		# 4 : sb9u
+						// vmovdqa	-0x10(%r10),%xmm1		# 0 : sb9t
+	tbl	v4.16b,  {$sb9u}, v2.16b	// vpshufb	%xmm2,	%xmm4,	%xmm4		# 4 = sb9u
+	 tbl	v12.16b, {$sb9u}, v10.16b
+	tbl	v1.16b,  {$sb9t}, v3.16b	// vpshufb	%xmm3,	%xmm1,	%xmm1		# 0 = sb9t
+	 tbl	v9.16b,  {$sb9t}, v11.16b
+	eor	v0.16b,  v4.16b,  v16.16b	// vpxor	%xmm4,	%xmm0,	%xmm0
+	 eor	v8.16b,  v12.16b, v16.16b
+						// vmovdqa	0x00(%r10),%xmm4		# 4 : sbdu
+	eor	v0.16b,  v0.16b,  v1.16b	// vpxor	%xmm1,	%xmm0,	%xmm0		# 0 = ch
+	 eor	v8.16b,  v8.16b,  v9.16b	// vpxor	%xmm1,	%xmm0,	%xmm0		# 0 = ch
+						// vmovdqa	0x10(%r10),%xmm1		# 0 : sbdt
+
+	tbl	v4.16b,  {$sbdu}, v2.16b	// vpshufb	%xmm2,	%xmm4,	%xmm4		# 4 = sbdu
+	 tbl	v12.16b, {$sbdu}, v10.16b
+	tbl 	v0.16b,  {v0.16b},v5.16b	// vpshufb	%xmm5,	%xmm0,	%xmm0		# MC ch
+	 tbl 	v8.16b,  {v8.16b},v5.16b
+	tbl	v1.16b,  {$sbdt}, v3.16b	// vpshufb	%xmm3,	%xmm1,	%xmm1		# 0 = sbdt
+	 tbl	v9.16b,  {$sbdt}, v11.16b
+	eor	v0.16b,  v0.16b,  v4.16b	// vpxor	%xmm4,	%xmm0,	%xmm0		# 4 = ch
+	 eor	v8.16b,  v8.16b,  v12.16b
+						// vmovdqa	0x20(%r10),	%xmm4		# 4 : sbbu
+	eor	v0.16b,  v0.16b,  v1.16b	// vpxor	%xmm1,	%xmm0,	%xmm0		# 0 = ch
+	 eor	v8.16b,  v8.16b,  v9.16b
+						// vmovdqa	0x30(%r10),	%xmm1		# 0 : sbbt
+
+	tbl	v4.16b,  {$sbbu}, v2.16b	// vpshufb	%xmm2,	%xmm4,	%xmm4		# 4 = sbbu
+	 tbl	v12.16b, {$sbbu}, v10.16b
+	tbl	v0.16b,  {v0.16b},v5.16b	// vpshufb	%xmm5,	%xmm0,	%xmm0		# MC ch
+	 tbl	v8.16b,  {v8.16b},v5.16b
+	tbl	v1.16b,  {$sbbt}, v3.16b	// vpshufb	%xmm3,	%xmm1,	%xmm1		# 0 = sbbt
+	 tbl	v9.16b,  {$sbbt}, v11.16b
+	eor	v0.16b,  v0.16b,  v4.16b	// vpxor	%xmm4,	%xmm0,	%xmm0		# 4 = ch
+	 eor	v8.16b,  v8.16b,  v12.16b
+						// vmovdqa	0x40(%r10),	%xmm4		# 4 : sbeu
+	eor	v0.16b,  v0.16b,  v1.16b	// vpxor	%xmm1,	%xmm0,	%xmm0		# 0 = ch
+	 eor	v8.16b,  v8.16b,  v9.16b
+						// vmovdqa	0x50(%r10),	%xmm1		# 0 : sbet
+
+	tbl	v4.16b,  {$sbeu}, v2.16b	// vpshufb	%xmm2,	%xmm4,	%xmm4		# 4 = sbeu
+	 tbl	v12.16b, {$sbeu}, v10.16b
+	tbl	v0.16b,  {v0.16b},v5.16b	// vpshufb	%xmm5,	%xmm0,	%xmm0		# MC ch
+	 tbl	v8.16b,  {v8.16b},v5.16b
+	tbl	v1.16b,  {$sbet}, v3.16b	// vpshufb	%xmm3,	%xmm1,	%xmm1		# 0 = sbet
+	 tbl	v9.16b,  {$sbet}, v11.16b
+	eor	v0.16b,  v0.16b,  v4.16b	// vpxor	%xmm4,	%xmm0,	%xmm0		# 4 = ch
+	 eor	v8.16b,  v8.16b,  v12.16b
+	ext	v5.16b,  v5.16b,  v5.16b, #12	// vpalignr \$12,	%xmm5,	%xmm5,	%xmm5
+	eor	v0.16b,  v0.16b,  v1.16b	// vpxor	%xmm1,	%xmm0,	%xmm0		# 0 = ch
+	 eor	v8.16b,  v8.16b,  v9.16b
+	sub	w8, w8, #1			// sub		\$1,%rax			# nr--
+
+.Ldec_2x_entry:
+	// top of round
+	and	v1.16b,  v0.16b,  v17.16b	// vpand	%xmm9,	%xmm0,	%xmm1	# 0 = k
+	ushr	v0.16b,  v0.16b,  #4		// vpsrlb	\$4,	%xmm0,	%xmm0	# 1 = i
+	 and	v9.16b,  v8.16b,  v17.16b
+	 ushr	v8.16b,  v8.16b,  #4
+	tbl	v2.16b,  {$invhi},v1.16b	// vpshufb	%xmm1,	%xmm11,	%xmm2	# 2 = a/k
+	 tbl	v10.16b, {$invhi},v9.16b
+	eor	v1.16b,	 v1.16b,  v0.16b	// vpxor	%xmm0,	%xmm1,	%xmm1	# 0 = j
+	 eor	v9.16b,	 v9.16b,  v8.16b
+	tbl	v3.16b,  {$invlo},v0.16b	// vpshufb	%xmm0, 	%xmm10,	%xmm3	# 3 = 1/i
+	 tbl	v11.16b, {$invlo},v8.16b
+	tbl	v4.16b,  {$invlo},v1.16b	// vpshufb	%xmm1,	%xmm10,	%xmm4	# 4 = 1/j
+	 tbl	v12.16b, {$invlo},v9.16b
+	eor	v3.16b,  v3.16b,  v2.16b	// vpxor	%xmm2,	%xmm3,	%xmm3	# 3 = iak = 1/i + a/k
+	 eor	v11.16b, v11.16b, v10.16b
+	eor	v4.16b,  v4.16b,  v2.16b	// vpxor	%xmm2, 	%xmm4,	%xmm4	# 4 = jak = 1/j + a/k
+	 eor	v12.16b, v12.16b, v10.16b
+	tbl	v2.16b,  {$invlo},v3.16b	// vpshufb	%xmm3,	%xmm10,	%xmm2	# 2 = 1/iak
+	 tbl	v10.16b, {$invlo},v11.16b
+	tbl	v3.16b,  {$invlo},v4.16b	// vpshufb	%xmm4,  %xmm10,	%xmm3	# 3 = 1/jak
+	 tbl	v11.16b, {$invlo},v12.16b
+	eor	v2.16b,  v2.16b,  v1.16b	// vpxor	%xmm1,	%xmm2,	%xmm2	# 2 = io
+	 eor	v10.16b, v10.16b, v9.16b
+	eor	v3.16b,  v3.16b,  v0.16b	// vpxor	%xmm0,  %xmm3,	%xmm3	# 3 = jo
+	 eor	v11.16b, v11.16b, v8.16b
+	ld1	{v16.2d}, [x9],#16		// vmovdqu	(%r9),	%xmm0
+	cbnz	w8, .Ldec_2x_loop
+
+	// middle of last round
+						// vmovdqa	0x60(%r10),	%xmm4	# 3 : sbou
+	tbl	v4.16b,  {$sbou}, v2.16b	// vpshufb	%xmm2,	%xmm4,	%xmm4	# 4 = sbou
+	 tbl	v12.16b, {$sbou}, v10.16b
+						// vmovdqa	0x70(%r10),	%xmm1	# 0 : sbot
+	tbl	v1.16b,  {$sbot}, v3.16b	// vpshufb	%xmm3,	%xmm1,	%xmm1	# 0 = sb1t
+	 tbl	v9.16b,  {$sbot}, v11.16b
+	ld1	{v2.2d}, [x11]			// vmovdqa	-0x160(%r11),	%xmm2	# .Lk_sr-.Lk_dsbd=-0x160
+	eor	v4.16b,  v4.16b,  v16.16b	// vpxor	%xmm0,	%xmm4,	%xmm4	# 4 = sb1u + k
+	 eor	v12.16b, v12.16b, v16.16b
+	eor	v0.16b,  v1.16b,  v4.16b	// vpxor	%xmm4,	%xmm1,	%xmm0	# 0 = A
+	 eor	v8.16b,  v9.16b,  v12.16b
+	tbl	v0.16b,  {v0.16b},v2.16b	// vpshufb	%xmm2,	%xmm0,	%xmm0
+	 tbl	v1.16b,  {v8.16b},v2.16b
+	ret
+.size	_vpaes_decrypt_2x,.-_vpaes_decrypt_2x
+___
+}
+{
+my ($inp,$bits,$out,$dir)=("x0","w1","x2","w3");
+my ($invlo,$invhi,$iptlo,$ipthi,$rcon) = map("v$_.16b",(18..21,8));
+
+$code.=<<___;
+########################################################
+##                                                    ##
+##                  AES key schedule                  ##
+##                                                    ##
+########################################################
+.type	_vpaes_key_preheat,%function
+.align	4
+_vpaes_key_preheat:
+	adr	x10, .Lk_inv
+	movi	v16.16b, #0x5b			// .Lk_s63
+	adr	x11, .Lk_sb1
+	movi	v17.16b, #0x0f			// .Lk_s0F
+	ld1	{v18.2d-v21.2d}, [x10]		// .Lk_inv, .Lk_ipt
+	adr	x10, .Lk_dksd
+	ld1	{v22.2d-v23.2d}, [x11]		// .Lk_sb1
+	adr	x11, .Lk_mc_forward
+	ld1	{v24.2d-v27.2d}, [x10],#64	// .Lk_dksd, .Lk_dksb
+	ld1	{v28.2d-v31.2d}, [x10],#64	// .Lk_dkse, .Lk_dks9
+	ld1	{v8.2d}, [x10]			// .Lk_rcon
+	ld1	{v9.2d}, [x11]			// .Lk_mc_forward[0]
+	ret
+.size	_vpaes_key_preheat,.-_vpaes_key_preheat
+
+.type	_vpaes_schedule_core,%function
+.align	4
+_vpaes_schedule_core:
+	.inst	0xd503233f			// paciasp
+	stp	x29, x30, [sp,#-16]!
+	add	x29,sp,#0
+
+	bl	_vpaes_key_preheat		// load the tables
+
+	ld1	{v0.16b}, [$inp],#16		// vmovdqu	(%rdi),	%xmm0		# load key (unaligned)
+
+	// input transform
+	mov	v3.16b, v0.16b			// vmovdqa	%xmm0,	%xmm3
+	bl	_vpaes_schedule_transform
+	mov	v7.16b, v0.16b			// vmovdqa	%xmm0,	%xmm7
+
+	adr	x10, .Lk_sr			// lea	.Lk_sr(%rip),%r10
+	add	x8, x8, x10
+	cbnz	$dir, .Lschedule_am_decrypting
+
+	// encrypting, output zeroth round key after transform
+	st1	{v0.2d}, [$out]			// vmovdqu	%xmm0,	(%rdx)
+	b	.Lschedule_go
+
+.Lschedule_am_decrypting:
+	// decrypting, output zeroth round key after shiftrows
+	ld1	{v1.2d}, [x8]			// vmovdqa	(%r8,%r10),	%xmm1
+	tbl	v3.16b, {v3.16b}, v1.16b	// vpshufb  %xmm1,	%xmm3,	%xmm3
+	st1	{v3.2d}, [$out]			// vmovdqu	%xmm3,	(%rdx)
+	eor	x8, x8, #0x30			// xor	\$0x30, %r8
+
+.Lschedule_go:
+	cmp	$bits, #192			// cmp	\$192,	%esi
+	b.hi	.Lschedule_256
+	b.eq	.Lschedule_192
+	// 128: fall though
+
+##
+##  .schedule_128
+##
+##  128-bit specific part of key schedule.
+##
+##  This schedule is really simple, because all its parts
+##  are accomplished by the subroutines.
+##
+.Lschedule_128:
+	mov	$inp, #10			// mov	\$10, %esi
+
+.Loop_schedule_128:
+	sub	$inp, $inp, #1			// dec	%esi
+	bl 	_vpaes_schedule_round
+	cbz 	$inp, .Lschedule_mangle_last
+	bl	_vpaes_schedule_mangle		// write output
+	b 	.Loop_schedule_128
+
+##
+##  .aes_schedule_192
+##
+##  192-bit specific part of key schedule.
+##
+##  The main body of this schedule is the same as the 128-bit
+##  schedule, but with more smearing.  The long, high side is
+##  stored in %xmm7 as before, and the short, low side is in
+##  the high bits of %xmm6.
+##
+##  This schedule is somewhat nastier, however, because each
+##  round produces 192 bits of key material, or 1.5 round keys.
+##  Therefore, on each cycle we do 2 rounds and produce 3 round
+##  keys.
+##
+.align	4
+.Lschedule_192:
+	sub	$inp, $inp, #8
+	ld1	{v0.16b}, [$inp]		// vmovdqu	8(%rdi),%xmm0		# load key part 2 (very unaligned)
+	bl	_vpaes_schedule_transform	// input transform
+	mov	v6.16b, v0.16b			// vmovdqa	%xmm0,	%xmm6		# save short part
+	eor	v4.16b, v4.16b, v4.16b		// vpxor	%xmm4,	%xmm4, %xmm4	# clear 4
+	ins	v6.d[0], v4.d[0]		// vmovhlps	%xmm4,	%xmm6,	%xmm6		# clobber low side with zeros
+	mov	$inp, #4			// mov	\$4,	%esi
+
+.Loop_schedule_192:
+	sub	$inp, $inp, #1			// dec	%esi
+	bl	_vpaes_schedule_round
+	ext	v0.16b, v6.16b, v0.16b, #8	// vpalignr	\$8,%xmm6,%xmm0,%xmm0
+	bl	_vpaes_schedule_mangle		// save key n
+	bl	_vpaes_schedule_192_smear
+	bl	_vpaes_schedule_mangle		// save key n+1
+	bl	_vpaes_schedule_round
+	cbz 	$inp, .Lschedule_mangle_last
+	bl	_vpaes_schedule_mangle		// save key n+2
+	bl	_vpaes_schedule_192_smear
+	b	.Loop_schedule_192
+
+##
+##  .aes_schedule_256
+##
+##  256-bit specific part of key schedule.
+##
+##  The structure here is very similar to the 128-bit
+##  schedule, but with an additional "low side" in
+##  %xmm6.  The low side's rounds are the same as the
+##  high side's, except no rcon and no rotation.
+##
+.align	4
+.Lschedule_256:
+	ld1	{v0.16b}, [$inp]		// vmovdqu	16(%rdi),%xmm0		# load key part 2 (unaligned)
+	bl	_vpaes_schedule_transform	// input transform
+	mov	$inp, #7			// mov	\$7, %esi
+
+.Loop_schedule_256:
+	sub	$inp, $inp, #1			// dec	%esi
+	bl	_vpaes_schedule_mangle		// output low result
+	mov	v6.16b, v0.16b			// vmovdqa	%xmm0,	%xmm6		# save cur_lo in xmm6
+
+	// high round
+	bl	_vpaes_schedule_round
+	cbz 	$inp, .Lschedule_mangle_last
+	bl	_vpaes_schedule_mangle
+
+	// low round. swap xmm7 and xmm6
+	dup	v0.4s, v0.s[3]			// vpshufd	\$0xFF,	%xmm0,	%xmm0
+	movi	v4.16b, #0
+	mov	v5.16b, v7.16b			// vmovdqa	%xmm7,	%xmm5
+	mov	v7.16b, v6.16b			// vmovdqa	%xmm6,	%xmm7
+	bl	_vpaes_schedule_low_round
+	mov	v7.16b, v5.16b			// vmovdqa	%xmm5,	%xmm7
+
+	b	.Loop_schedule_256
+
+##
+##  .aes_schedule_mangle_last
+##
+##  Mangler for last round of key schedule
+##  Mangles %xmm0
+##    when encrypting, outputs out(%xmm0) ^ 63
+##    when decrypting, outputs unskew(%xmm0)
+##
+##  Always called right before return... jumps to cleanup and exits
+##
+.align	4
+.Lschedule_mangle_last:
+	// schedule last round key from xmm0
+	adr	x11, .Lk_deskew			// lea	.Lk_deskew(%rip),%r11	# prepare to deskew
+	cbnz	$dir, .Lschedule_mangle_last_dec
+
+	// encrypting
+	ld1	{v1.2d}, [x8]			// vmovdqa	(%r8,%r10),%xmm1
+	adr	x11, .Lk_opt			// lea	.Lk_opt(%rip),	%r11		# prepare to output transform
+	add	$out, $out, #32			// add	\$32,	%rdx
+	tbl	v0.16b, {v0.16b}, v1.16b	// vpshufb	%xmm1,	%xmm0,	%xmm0		# output permute
+
+.Lschedule_mangle_last_dec:
+	ld1	{v20.2d-v21.2d}, [x11]		// reload constants
+	sub	$out, $out, #16			// add	\$-16,	%rdx
+	eor	v0.16b, v0.16b, v16.16b		// vpxor	.Lk_s63(%rip),	%xmm0,	%xmm0
+	bl	_vpaes_schedule_transform	// output transform
+	st1	{v0.2d}, [$out]			// vmovdqu	%xmm0,	(%rdx)		# save last key
+
+	// cleanup
+	eor	v0.16b, v0.16b, v0.16b		// vpxor	%xmm0,	%xmm0,	%xmm0
+	eor	v1.16b, v1.16b, v1.16b		// vpxor	%xmm1,	%xmm1,	%xmm1
+	eor	v2.16b, v2.16b, v2.16b		// vpxor	%xmm2,	%xmm2,	%xmm2
+	eor	v3.16b, v3.16b, v3.16b		// vpxor	%xmm3,	%xmm3,	%xmm3
+	eor	v4.16b, v4.16b, v4.16b		// vpxor	%xmm4,	%xmm4,	%xmm4
+	eor	v5.16b, v5.16b, v5.16b		// vpxor	%xmm5,	%xmm5,	%xmm5
+	eor	v6.16b, v6.16b, v6.16b		// vpxor	%xmm6,	%xmm6,	%xmm6
+	eor	v7.16b, v7.16b, v7.16b		// vpxor	%xmm7,	%xmm7,	%xmm7
+	ldp	x29, x30, [sp],#16
+	.inst	0xd50323bf			// autiasp
+	ret
+.size	_vpaes_schedule_core,.-_vpaes_schedule_core
+
+##
+##  .aes_schedule_192_smear
+##
+##  Smear the short, low side in the 192-bit key schedule.
+##
+##  Inputs:
+##    %xmm7: high side, b  a  x  y
+##    %xmm6:  low side, d  c  0  0
+##    %xmm13: 0
+##
+##  Outputs:
+##    %xmm6: b+c+d  b+c  0  0
+##    %xmm0: b+c+d  b+c  b  a
+##
+.type	_vpaes_schedule_192_smear,%function
+.align	4
+_vpaes_schedule_192_smear:
+	movi	v1.16b, #0
+	dup	v0.4s, v7.s[3]
+	ins	v1.s[3], v6.s[2]	// vpshufd	\$0x80,	%xmm6,	%xmm1	# d c 0 0 -> c 0 0 0
+	ins	v0.s[0], v7.s[2]	// vpshufd	\$0xFE,	%xmm7,	%xmm0	# b a _ _ -> b b b a
+	eor	v6.16b, v6.16b, v1.16b	// vpxor	%xmm1,	%xmm6,	%xmm6	# -> c+d c 0 0
+	eor	v1.16b, v1.16b, v1.16b	// vpxor	%xmm1,	%xmm1,	%xmm1
+	eor	v6.16b, v6.16b, v0.16b	// vpxor	%xmm0,	%xmm6,	%xmm6	# -> b+c+d b+c b a
+	mov	v0.16b, v6.16b		// vmovdqa	%xmm6,	%xmm0
+	ins	v6.d[0], v1.d[0]	// vmovhlps	%xmm1,	%xmm6,	%xmm6	# clobber low side with zeros
+	ret
+.size	_vpaes_schedule_192_smear,.-_vpaes_schedule_192_smear
+
+##
+##  .aes_schedule_round
+##
+##  Runs one main round of the key schedule on %xmm0, %xmm7
+##
+##  Specifically, runs subbytes on the high dword of %xmm0
+##  then rotates it by one byte and xors into the low dword of
+##  %xmm7.
+##
+##  Adds rcon from low byte of %xmm8, then rotates %xmm8 for
+##  next rcon.
+##
+##  Smears the dwords of %xmm7 by xoring the low into the
+##  second low, result into third, result into highest.
+##
+##  Returns results in %xmm7 = %xmm0.
+##  Clobbers %xmm1-%xmm4, %r11.
+##
+.type	_vpaes_schedule_round,%function
+.align	4
+_vpaes_schedule_round:
+	// extract rcon from xmm8
+	movi	v4.16b, #0			// vpxor	%xmm4,	%xmm4,	%xmm4
+	ext	v1.16b, $rcon, v4.16b, #15	// vpalignr	\$15,	%xmm8,	%xmm4,	%xmm1
+	ext	$rcon, $rcon, $rcon, #15	// vpalignr	\$15,	%xmm8,	%xmm8,	%xmm8
+	eor	v7.16b, v7.16b, v1.16b		// vpxor	%xmm1,	%xmm7,	%xmm7
+
+	// rotate
+	dup	v0.4s, v0.s[3]			// vpshufd	\$0xFF,	%xmm0,	%xmm0
+	ext	v0.16b, v0.16b, v0.16b, #1	// vpalignr	\$1,	%xmm0,	%xmm0,	%xmm0
+
+	// fall through...
+
+	// low round: same as high round, but no rotation and no rcon.
+_vpaes_schedule_low_round:
+	// smear xmm7
+	ext	v1.16b, v4.16b, v7.16b, #12	// vpslldq	\$4,	%xmm7,	%xmm1
+	eor	v7.16b, v7.16b, v1.16b		// vpxor	%xmm1,	%xmm7,	%xmm7
+	ext	v4.16b, v4.16b, v7.16b, #8	// vpslldq	\$8,	%xmm7,	%xmm4
+
+	// subbytes
+	and	v1.16b, v0.16b, v17.16b		// vpand	%xmm9,	%xmm0,	%xmm1		# 0 = k
+	ushr	v0.16b, v0.16b, #4		// vpsrlb	\$4,	%xmm0,	%xmm0		# 1 = i
+	 eor	v7.16b, v7.16b, v4.16b		// vpxor	%xmm4,	%xmm7,	%xmm7
+	tbl	v2.16b, {$invhi}, v1.16b	// vpshufb	%xmm1,	%xmm11,	%xmm2		# 2 = a/k
+	eor	v1.16b, v1.16b, v0.16b		// vpxor	%xmm0,	%xmm1,	%xmm1		# 0 = j
+	tbl	v3.16b, {$invlo}, v0.16b	// vpshufb	%xmm0, 	%xmm10,	%xmm3		# 3 = 1/i
+	eor	v3.16b, v3.16b, v2.16b		// vpxor	%xmm2,	%xmm3,	%xmm3		# 3 = iak = 1/i + a/k
+	tbl	v4.16b, {$invlo}, v1.16b	// vpshufb	%xmm1,	%xmm10,	%xmm4		# 4 = 1/j
+	 eor	v7.16b, v7.16b, v16.16b		// vpxor	.Lk_s63(%rip),	%xmm7,	%xmm7
+	tbl	v3.16b, {$invlo}, v3.16b	// vpshufb	%xmm3,	%xmm10,	%xmm3		# 2 = 1/iak
+	eor	v4.16b, v4.16b, v2.16b		// vpxor	%xmm2,	%xmm4,	%xmm4		# 4 = jak = 1/j + a/k
+	tbl	v2.16b, {$invlo}, v4.16b	// vpshufb	%xmm4,	%xmm10,	%xmm2		# 3 = 1/jak
+	eor	v3.16b, v3.16b, v1.16b		// vpxor	%xmm1,	%xmm3,	%xmm3		# 2 = io
+	eor	v2.16b, v2.16b, v0.16b		// vpxor	%xmm0,	%xmm2,	%xmm2		# 3 = jo
+	tbl	v4.16b, {v23.16b}, v3.16b	// vpshufb	%xmm3,	%xmm13,	%xmm4		# 4 = sbou
+	tbl	v1.16b, {v22.16b}, v2.16b	// vpshufb	%xmm2,	%xmm12,	%xmm1		# 0 = sb1t
+	eor	v1.16b, v1.16b, v4.16b		// vpxor	%xmm4,	%xmm1,	%xmm1		# 0 = sbox output
+
+	// add in smeared stuff
+	eor	v0.16b, v1.16b, v7.16b		// vpxor	%xmm7,	%xmm1,	%xmm0
+	eor	v7.16b, v1.16b, v7.16b		// vmovdqa	%xmm0,	%xmm7
+	ret
+.size	_vpaes_schedule_round,.-_vpaes_schedule_round
+
+##
+##  .aes_schedule_transform
+##
+##  Linear-transform %xmm0 according to tables at (%r11)
+##
+##  Requires that %xmm9 = 0x0F0F... as in preheat
+##  Output in %xmm0
+##  Clobbers %xmm1, %xmm2
+##
+.type	_vpaes_schedule_transform,%function
+.align	4
+_vpaes_schedule_transform:
+	and	v1.16b, v0.16b, v17.16b		// vpand	%xmm9,	%xmm0,	%xmm1
+	ushr	v0.16b, v0.16b, #4		// vpsrlb	\$4,	%xmm0,	%xmm0
+						// vmovdqa	(%r11),	%xmm2 	# lo
+	tbl	v2.16b, {$iptlo}, v1.16b	// vpshufb	%xmm1,	%xmm2,	%xmm2
+						// vmovdqa	16(%r11),	%xmm1 # hi
+	tbl	v0.16b, {$ipthi}, v0.16b	// vpshufb	%xmm0,	%xmm1,	%xmm0
+	eor	v0.16b, v0.16b, v2.16b		// vpxor	%xmm2,	%xmm0,	%xmm0
+	ret
+.size	_vpaes_schedule_transform,.-_vpaes_schedule_transform
+
+##
+##  .aes_schedule_mangle
+##
+##  Mangle xmm0 from (basis-transformed) standard version
+##  to our version.
+##
+##  On encrypt,
+##    xor with 0x63
+##    multiply by circulant 0,1,1,1
+##    apply shiftrows transform
+##
+##  On decrypt,
+##    xor with 0x63
+##    multiply by "inverse mixcolumns" circulant E,B,D,9
+##    deskew
+##    apply shiftrows transform
+##
+##
+##  Writes out to (%rdx), and increments or decrements it
+##  Keeps track of round number mod 4 in %r8
+##  Preserves xmm0
+##  Clobbers xmm1-xmm5
+##
+.type	_vpaes_schedule_mangle,%function
+.align	4
+_vpaes_schedule_mangle:
+	mov	v4.16b, v0.16b			// vmovdqa	%xmm0,	%xmm4	# save xmm0 for later
+						// vmovdqa	.Lk_mc_forward(%rip),%xmm5
+	cbnz	$dir, .Lschedule_mangle_dec
+
+	// encrypting
+	eor	v4.16b, v0.16b, v16.16b		// vpxor	.Lk_s63(%rip),	%xmm0,	%xmm4
+	add	$out, $out, #16			// add	\$16,	%rdx
+	tbl	v4.16b, {v4.16b}, v9.16b	// vpshufb	%xmm5,	%xmm4,	%xmm4
+	tbl	v1.16b, {v4.16b}, v9.16b	// vpshufb	%xmm5,	%xmm4,	%xmm1
+	tbl	v3.16b, {v1.16b}, v9.16b	// vpshufb	%xmm5,	%xmm1,	%xmm3
+	eor	v4.16b, v4.16b, v1.16b		// vpxor	%xmm1,	%xmm4,	%xmm4
+	ld1	{v1.2d}, [x8]			// vmovdqa	(%r8,%r10),	%xmm1
+	eor	v3.16b, v3.16b, v4.16b		// vpxor	%xmm4,	%xmm3,	%xmm3
+
+	b	.Lschedule_mangle_both
+.align	4
+.Lschedule_mangle_dec:
+	// inverse mix columns
+						// lea	.Lk_dksd(%rip),%r11
+	ushr	v1.16b, v4.16b, #4		// vpsrlb	\$4,	%xmm4,	%xmm1	# 1 = hi
+	and	v4.16b, v4.16b, v17.16b		// vpand	%xmm9,	%xmm4,	%xmm4	# 4 = lo
+
+						// vmovdqa	0x00(%r11),	%xmm2
+	tbl	v2.16b, {v24.16b}, v4.16b	// vpshufb	%xmm4,	%xmm2,	%xmm2
+						// vmovdqa	0x10(%r11),	%xmm3
+	tbl	v3.16b,	{v25.16b}, v1.16b	// vpshufb	%xmm1,	%xmm3,	%xmm3
+	eor	v3.16b, v3.16b, v2.16b		// vpxor	%xmm2,	%xmm3,	%xmm3
+	tbl	v3.16b, {v3.16b}, v9.16b	// vpshufb	%xmm5,	%xmm3,	%xmm3
+
+						// vmovdqa	0x20(%r11),	%xmm2
+	tbl	v2.16b, {v26.16b}, v4.16b	// vpshufb	%xmm4,	%xmm2,	%xmm2
+	eor	v2.16b, v2.16b, v3.16b		// vpxor	%xmm3,	%xmm2,	%xmm2
+						// vmovdqa	0x30(%r11),	%xmm3
+	tbl	v3.16b, {v27.16b}, v1.16b	// vpshufb	%xmm1,	%xmm3,	%xmm3
+	eor	v3.16b, v3.16b, v2.16b		// vpxor	%xmm2,	%xmm3,	%xmm3
+	tbl	v3.16b, {v3.16b}, v9.16b	// vpshufb	%xmm5,	%xmm3,	%xmm3
+
+						// vmovdqa	0x40(%r11),	%xmm2
+	tbl	v2.16b, {v28.16b}, v4.16b	// vpshufb	%xmm4,	%xmm2,	%xmm2
+	eor	v2.16b, v2.16b, v3.16b		// vpxor	%xmm3,	%xmm2,	%xmm2
+						// vmovdqa	0x50(%r11),	%xmm3
+	tbl	v3.16b, {v29.16b}, v1.16b	// vpshufb	%xmm1,	%xmm3,	%xmm3
+	eor	v3.16b, v3.16b, v2.16b		// vpxor	%xmm2,	%xmm3,	%xmm3
+
+						// vmovdqa	0x60(%r11),	%xmm2
+	tbl	v2.16b, {v30.16b}, v4.16b	// vpshufb	%xmm4,	%xmm2,	%xmm2
+	tbl	v3.16b, {v3.16b}, v9.16b	// vpshufb	%xmm5,	%xmm3,	%xmm3
+						// vmovdqa	0x70(%r11),	%xmm4
+	tbl	v4.16b, {v31.16b}, v1.16b	// vpshufb	%xmm1,	%xmm4,	%xmm4
+	ld1	{v1.2d}, [x8]			// vmovdqa	(%r8,%r10),	%xmm1
+	eor	v2.16b, v2.16b, v3.16b		// vpxor	%xmm3,	%xmm2,	%xmm2
+	eor	v3.16b, v4.16b, v2.16b		// vpxor	%xmm2,	%xmm4,	%xmm3
+
+	sub	$out, $out, #16			// add	\$-16,	%rdx
+
+.Lschedule_mangle_both:
+	tbl	v3.16b, {v3.16b}, v1.16b	// vpshufb	%xmm1,	%xmm3,	%xmm3
+	add	x8, x8, #64-16			// add	\$-16,	%r8
+	and	x8, x8, #~(1<<6)		// and	\$0x30,	%r8
+	st1	{v3.2d}, [$out]			// vmovdqu	%xmm3,	(%rdx)
+	ret
+.size	_vpaes_schedule_mangle,.-_vpaes_schedule_mangle
+
+.globl	vpaes_set_encrypt_key
+.type	vpaes_set_encrypt_key,%function
+.align	4
+vpaes_set_encrypt_key:
+	.inst	0xd503233f		// paciasp
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+	stp	d8,d9,[sp,#-16]!	// ABI spec says so
+
+	lsr	w9, $bits, #5		// shr	\$5,%eax
+	add	w9, w9, #5		// \$5,%eax
+	str	w9, [$out,#240]		// mov	%eax,240(%rdx)	# AES_KEY->rounds = nbits/32+5;
+
+	mov	$dir, #0		// mov	\$0,%ecx
+	mov	x8, #0x30		// mov	\$0x30,%r8d
+	bl	_vpaes_schedule_core
+	eor	x0, x0, x0
+
+	ldp	d8,d9,[sp],#16
+	ldp	x29,x30,[sp],#16
+	.inst	0xd50323bf		// autiasp
+	ret
+.size	vpaes_set_encrypt_key,.-vpaes_set_encrypt_key
+
+.globl	vpaes_set_decrypt_key
+.type	vpaes_set_decrypt_key,%function
+.align	4
+vpaes_set_decrypt_key:
+	.inst	0xd503233f		// paciasp
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+	stp	d8,d9,[sp,#-16]!	// ABI spec says so
+
+	lsr	w9, $bits, #5		// shr	\$5,%eax
+	add	w9, w9, #5		// \$5,%eax
+	str	w9, [$out,#240]		// mov	%eax,240(%rdx)	# AES_KEY->rounds = nbits/32+5;
+	lsl	w9, w9, #4		// shl	\$4,%eax
+	add	$out, $out, #16		// lea	16(%rdx,%rax),%rdx
+	add	$out, $out, x9
+
+	mov	$dir, #1		// mov	\$1,%ecx
+	lsr	w8, $bits, #1		// shr	\$1,%r8d
+	and	x8, x8, #32		// and	\$32,%r8d
+	eor	x8, x8, #32		// xor	\$32,%r8d	# nbits==192?0:32
+	bl	_vpaes_schedule_core
+
+	ldp	d8,d9,[sp],#16
+	ldp	x29,x30,[sp],#16
+	.inst	0xd50323bf		// autiasp
+	ret
+.size	vpaes_set_decrypt_key,.-vpaes_set_decrypt_key
+___
+}
+{
+my ($inp,$out,$len,$key,$ivec,$dir) = map("x$_",(0..5));
+
+$code.=<<___;
+.globl	vpaes_cbc_encrypt
+.type	vpaes_cbc_encrypt,%function
+.align	4
+vpaes_cbc_encrypt:
+	cbz	$len, .Lcbc_abort
+	cmp	w5, #0			// check direction
+	b.eq	vpaes_cbc_decrypt
+
+	.inst	0xd503233f		// paciasp
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+
+	mov	x17, $len		// reassign
+	mov	x2,  $key		// reassign
+
+	ld1	{v0.16b}, [$ivec]	// load ivec
+	bl	_vpaes_encrypt_preheat
+	b	.Lcbc_enc_loop
+
+.align	4
+.Lcbc_enc_loop:
+	ld1	{v7.16b}, [$inp],#16	// load input
+	eor	v7.16b, v7.16b, v0.16b	// xor with ivec
+	bl	_vpaes_encrypt_core
+	st1	{v0.16b}, [$out],#16	// save output
+	subs	x17, x17, #16
+	b.hi	.Lcbc_enc_loop
+
+	st1	{v0.16b}, [$ivec]	// write ivec
+
+	ldp	x29,x30,[sp],#16
+	.inst	0xd50323bf		// autiasp
+.Lcbc_abort:
+	ret
+.size	vpaes_cbc_encrypt,.-vpaes_cbc_encrypt
+
+.type	vpaes_cbc_decrypt,%function
+.align	4
+vpaes_cbc_decrypt:
+	.inst	0xd503233f		// paciasp
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+	stp	d8,d9,[sp,#-16]!	// ABI spec says so
+	stp	d10,d11,[sp,#-16]!
+	stp	d12,d13,[sp,#-16]!
+	stp	d14,d15,[sp,#-16]!
+
+	mov	x17, $len		// reassign
+	mov	x2,  $key		// reassign
+	ld1	{v6.16b}, [$ivec]	// load ivec
+	bl	_vpaes_decrypt_preheat
+	tst	x17, #16
+	b.eq	.Lcbc_dec_loop2x
+
+	ld1	{v7.16b}, [$inp], #16	// load input
+	bl	_vpaes_decrypt_core
+	eor	v0.16b, v0.16b, v6.16b	// xor with ivec
+	orr	v6.16b, v7.16b, v7.16b	// next ivec value
+	st1	{v0.16b}, [$out], #16
+	subs	x17, x17, #16
+	b.ls	.Lcbc_dec_done
+
+.align	4
+.Lcbc_dec_loop2x:
+	ld1	{v14.16b,v15.16b}, [$inp], #32
+	bl	_vpaes_decrypt_2x
+	eor	v0.16b, v0.16b, v6.16b	// xor with ivec
+	eor	v1.16b, v1.16b, v14.16b
+	orr	v6.16b, v15.16b, v15.16b
+	st1	{v0.16b,v1.16b}, [$out], #32
+	subs	x17, x17, #32
+	b.hi	.Lcbc_dec_loop2x
+
+.Lcbc_dec_done:
+	st1	{v6.16b}, [$ivec]
+
+	ldp	d14,d15,[sp],#16
+	ldp	d12,d13,[sp],#16
+	ldp	d10,d11,[sp],#16
+	ldp	d8,d9,[sp],#16
+	ldp	x29,x30,[sp],#16
+	.inst	0xd50323bf		// autiasp
+	ret
+.size	vpaes_cbc_decrypt,.-vpaes_cbc_decrypt
+___
+if (1) {
+$code.=<<___;
+.globl	vpaes_ecb_encrypt
+.type	vpaes_ecb_encrypt,%function
+.align	4
+vpaes_ecb_encrypt:
+	.inst	0xd503233f		// paciasp
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+	stp	d8,d9,[sp,#-16]!	// ABI spec says so
+	stp	d10,d11,[sp,#-16]!
+	stp	d12,d13,[sp,#-16]!
+	stp	d14,d15,[sp,#-16]!
+
+	mov	x17, $len
+	mov	x2,  $key
+	bl	_vpaes_encrypt_preheat
+	tst	x17, #16
+	b.eq	.Lecb_enc_loop
+
+	ld1	{v7.16b}, [$inp],#16
+	bl	_vpaes_encrypt_core
+	st1	{v0.16b}, [$out],#16
+	subs	x17, x17, #16
+	b.ls	.Lecb_enc_done
+
+.align	4
+.Lecb_enc_loop:
+	ld1	{v14.16b,v15.16b}, [$inp], #32
+	bl	_vpaes_encrypt_2x
+	st1	{v0.16b,v1.16b}, [$out], #32
+	subs	x17, x17, #32
+	b.hi	.Lecb_enc_loop
+
+.Lecb_enc_done:
+	ldp	d14,d15,[sp],#16
+	ldp	d12,d13,[sp],#16
+	ldp	d10,d11,[sp],#16
+	ldp	d8,d9,[sp],#16
+	ldp	x29,x30,[sp],#16
+	.inst	0xd50323bf		// autiasp
+	ret
+.size	vpaes_ecb_encrypt,.-vpaes_ecb_encrypt
+
+.globl	vpaes_ecb_decrypt
+.type	vpaes_ecb_decrypt,%function
+.align	4
+vpaes_ecb_decrypt:
+	.inst	0xd503233f		// paciasp
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+	stp	d8,d9,[sp,#-16]!	// ABI spec says so
+	stp	d10,d11,[sp,#-16]!
+	stp	d12,d13,[sp,#-16]!
+	stp	d14,d15,[sp,#-16]!
+
+	mov	x17, $len
+	mov	x2,  $key
+	bl	_vpaes_decrypt_preheat
+	tst	x17, #16
+	b.eq	.Lecb_dec_loop
+
+	ld1	{v7.16b}, [$inp],#16
+	bl	_vpaes_encrypt_core
+	st1	{v0.16b}, [$out],#16
+	subs	x17, x17, #16
+	b.ls	.Lecb_dec_done
+
+.align	4
+.Lecb_dec_loop:
+	ld1	{v14.16b,v15.16b}, [$inp], #32
+	bl	_vpaes_decrypt_2x
+	st1	{v0.16b,v1.16b}, [$out], #32
+	subs	x17, x17, #32
+	b.hi	.Lecb_dec_loop
+
+.Lecb_dec_done:
+	ldp	d14,d15,[sp],#16
+	ldp	d12,d13,[sp],#16
+	ldp	d10,d11,[sp],#16
+	ldp	d8,d9,[sp],#16
+	ldp	x29,x30,[sp],#16
+	.inst	0xd50323bf		// autiasp
+	ret
+.size	vpaes_ecb_decrypt,.-vpaes_ecb_decrypt
+___
+}	}
+print $code;
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/vpaes-ppc.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/vpaes-ppc.pl
new file mode 100644
index 000000000..3c771a7e9
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/vpaes-ppc.pl
@@ -0,0 +1,1594 @@
+#! /usr/bin/env perl
+# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+######################################################################
+## Constant-time SSSE3 AES core implementation.
+## version 0.1
+##
+## By Mike Hamburg (Stanford University), 2009
+## Public domain.
+##
+## For details see http://shiftleft.org/papers/vector_aes/ and
+## http://crypto.stanford.edu/vpaes/.
+
+# CBC encrypt/decrypt performance in cycles per byte processed with
+# 128-bit key.
+#
+#		aes-ppc.pl		this
+# PPC74x0/G4e	35.5/52.1/(23.8)	11.9(*)/15.4
+# PPC970/G5	37.9/55.0/(28.5)	22.2/28.5
+# POWER6	42.7/54.3/(28.2)	63.0/92.8(**)
+# POWER7	32.3/42.9/(18.4)	18.5/23.3
+#
+# (*)	This is ~10% worse than reported in paper. The reason is
+#	twofold. This module doesn't make any assumption about
+#	key schedule (or data for that matter) alignment and handles
+#	it in-line. Secondly it, being transliterated from
+#	vpaes-x86_64.pl, relies on "nested inversion" better suited
+#	for Intel CPUs.
+# (**)	Inadequate POWER6 performance is due to astronomic AltiVec
+#	latency, 9 cycles per simple logical operation.
+
+$flavour = shift;
+
+if ($flavour =~ /64/) {
+	$SIZE_T	=8;
+	$LRSAVE	=2*$SIZE_T;
+	$STU	="stdu";
+	$POP	="ld";
+	$PUSH	="std";
+	$UCMP	="cmpld";
+} elsif ($flavour =~ /32/) {
+	$SIZE_T	=4;
+	$LRSAVE	=$SIZE_T;
+	$STU	="stwu";
+	$POP	="lwz";
+	$PUSH	="stw";
+	$UCMP	="cmplw";
+} else { die "nonsense $flavour"; }
+
+$sp="r1";
+$FRAME=6*$SIZE_T+13*16;	# 13*16 is for v20-v31 offload
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
+die "can't locate ppc-xlate.pl";
+
+open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!";
+
+$code.=<<___;
+.machine	"any"
+
+.text
+
+.align	7	# totally strategic alignment
+_vpaes_consts:
+Lk_mc_forward:	# mc_forward
+	.long	0x01020300, 0x05060704, 0x090a0b08, 0x0d0e0f0c	?inv
+	.long	0x05060704, 0x090a0b08, 0x0d0e0f0c, 0x01020300	?inv
+	.long	0x090a0b08, 0x0d0e0f0c, 0x01020300, 0x05060704	?inv
+	.long	0x0d0e0f0c, 0x01020300, 0x05060704, 0x090a0b08	?inv
+Lk_mc_backward:	# mc_backward
+	.long	0x03000102, 0x07040506, 0x0b08090a, 0x0f0c0d0e	?inv
+	.long	0x0f0c0d0e, 0x03000102, 0x07040506, 0x0b08090a	?inv
+	.long	0x0b08090a, 0x0f0c0d0e, 0x03000102, 0x07040506	?inv
+	.long	0x07040506, 0x0b08090a, 0x0f0c0d0e, 0x03000102	?inv
+Lk_sr:		# sr
+	.long	0x00010203, 0x04050607, 0x08090a0b, 0x0c0d0e0f	?inv
+	.long	0x00050a0f, 0x04090e03, 0x080d0207, 0x0c01060b	?inv
+	.long	0x0009020b, 0x040d060f, 0x08010a03, 0x0c050e07	?inv
+	.long	0x000d0a07, 0x04010e0b, 0x0805020f, 0x0c090603	?inv
+
+##
+## "Hot" constants
+##
+Lk_inv:		# inv, inva
+	.long	0xf001080d, 0x0f06050e, 0x020c0b0a, 0x09030704	?rev
+	.long	0xf0070b0f, 0x060a0401, 0x09080502, 0x0c0e0d03	?rev
+Lk_ipt:		# input transform (lo, hi)
+	.long	0x00702a5a, 0x98e8b2c2, 0x08782252, 0x90e0baca	?rev
+	.long	0x004d7c31, 0x7d30014c, 0x81ccfdb0, 0xfcb180cd	?rev
+Lk_sbo:		# sbou, sbot
+	.long	0x00c7bd6f, 0x176dd2d0, 0x78a802c5, 0x7abfaa15	?rev
+	.long	0x006abb5f, 0xa574e4cf, 0xfa352b41, 0xd1901e8e	?rev
+Lk_sb1:		# sb1u, sb1t
+	.long	0x0023e2fa, 0x15d41836, 0xefd92e0d, 0xc1ccf73b	?rev
+	.long	0x003e50cb, 0x8fe19bb1, 0x44f52a14, 0x6e7adfa5	?rev
+Lk_sb2:		# sb2u, sb2t
+	.long	0x0029e10a, 0x4088eb69, 0x4a2382ab, 0xc863a1c2	?rev
+	.long	0x0024710b, 0xc6937ae2, 0xcd2f98bc, 0x55e9b75e	?rev
+
+##
+##  Decryption stuff
+##
+Lk_dipt:	# decryption input transform
+	.long	0x005f540b, 0x045b500f, 0x1a454e11, 0x1e414a15	?rev
+	.long	0x00650560, 0xe683e386, 0x94f191f4, 0x72177712	?rev
+Lk_dsbo:	# decryption sbox final output
+	.long	0x0040f97e, 0x53ea8713, 0x2d3e94d4, 0xb96daac7	?rev
+	.long	0x001d4493, 0x0f56d712, 0x9c8ec5d8, 0x59814bca	?rev
+Lk_dsb9:	# decryption sbox output *9*u, *9*t
+	.long	0x00d6869a, 0x53031c85, 0xc94c994f, 0x501fd5ca	?rev
+	.long	0x0049d7ec, 0x89173bc0, 0x65a5fbb2, 0x9e2c5e72	?rev
+Lk_dsbd:	# decryption sbox output *D*u, *D*t
+	.long	0x00a2b1e6, 0xdfcc577d, 0x39442a88, 0x139b6ef5	?rev
+	.long	0x00cbc624, 0xf7fae23c, 0xd3efde15, 0x0d183129	?rev
+Lk_dsbb:	# decryption sbox output *B*u, *B*t
+	.long	0x0042b496, 0x926422d0, 0x04d4f2b0, 0xf6462660	?rev
+	.long	0x006759cd, 0xa69894c1, 0x6baa5532, 0x3e0cfff3	?rev
+Lk_dsbe:	# decryption sbox output *E*u, *E*t
+	.long	0x00d0d426, 0x9692f246, 0xb0f6b464, 0x04604222	?rev
+	.long	0x00c1aaff, 0xcda6550c, 0x323e5998, 0x6bf36794	?rev
+
+##
+##  Key schedule constants
+##
+Lk_dksd:	# decryption key schedule: invskew x*D
+	.long	0x0047e4a3, 0x5d1ab9fe, 0xf9be1d5a, 0xa4e34007	?rev
+	.long	0x008336b5, 0xf477c241, 0x1e9d28ab, 0xea69dc5f	?rev
+Lk_dksb:	# decryption key schedule: invskew x*B
+	.long	0x00d55085, 0x1fca4f9a, 0x994cc91c, 0x8653d603	?rev
+	.long	0x004afcb6, 0xa7ed5b11, 0xc882347e, 0x6f2593d9	?rev
+Lk_dkse:	# decryption key schedule: invskew x*E + 0x63
+	.long	0x00d6c91f, 0xca1c03d5, 0x86504f99, 0x4c9a8553	?rev
+	.long	0xe87bdc4f, 0x059631a2, 0x8714b320, 0x6af95ecd	?rev
+Lk_dks9:	# decryption key schedule: invskew x*9
+	.long	0x00a7d97e, 0xc86f11b6, 0xfc5b2582, 0x3493ed4a	?rev
+	.long	0x00331427, 0x62517645, 0xcefddae9, 0xac9fb88b	?rev
+
+Lk_rcon:	# rcon
+	.long	0xb6ee9daf, 0xb991831f, 0x817d7c4d, 0x08982a70	?asis
+Lk_s63:
+	.long	0x5b5b5b5b, 0x5b5b5b5b, 0x5b5b5b5b, 0x5b5b5b5b	?asis
+
+Lk_opt:		# output transform
+	.long	0x0060b6d6, 0x29499fff, 0x0868bede, 0x214197f7	?rev
+	.long	0x00ecbc50, 0x51bded01, 0xe00c5cb0, 0xb15d0de1	?rev
+Lk_deskew:	# deskew tables: inverts the sbox's "skew"
+	.long	0x00e3a447, 0x40a3e407, 0x1af9be5d, 0x5ab9fe1d	?rev
+	.long	0x0069ea83, 0xdcb5365f, 0x771e9df4, 0xabc24128	?rev
+.align	5
+Lconsts:
+	mflr	r0
+	bcl	20,31,\$+4
+	mflr	r12	#vvvvv "distance between . and _vpaes_consts
+	addi	r12,r12,-0x308
+	mtlr	r0
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+.asciz  "Vector Permutation AES for AltiVec, Mike Hamburg (Stanford University)"
+.align	6
+___
+
+my ($inptail,$inpperm,$outhead,$outperm,$outmask,$keyperm) = map("v$_",(26..31));
+{
+my ($inp,$out,$key) = map("r$_",(3..5));
+
+my ($invlo,$invhi,$iptlo,$ipthi,$sbou,$sbot) = map("v$_",(10..15));
+my ($sb1u,$sb1t,$sb2u,$sb2t) = map("v$_",(16..19));
+my ($sb9u,$sb9t,$sbdu,$sbdt,$sbbu,$sbbt,$sbeu,$sbet)=map("v$_",(16..23));
+
+$code.=<<___;
+##
+##  _aes_preheat
+##
+##  Fills register %r10 -> .aes_consts (so you can -fPIC)
+##  and %xmm9-%xmm15 as specified below.
+##
+.align	4
+_vpaes_encrypt_preheat:
+	mflr	r8
+	bl	Lconsts
+	mtlr	r8
+	li	r11, 0xc0		# Lk_inv
+	li	r10, 0xd0
+	li	r9,  0xe0		# Lk_ipt
+	li	r8,  0xf0
+	vxor	v7, v7, v7		# 0x00..00
+	vspltisb	v8,4		# 0x04..04
+	vspltisb	v9,0x0f		# 0x0f..0f
+	lvx	$invlo, r12, r11
+	li	r11, 0x100
+	lvx	$invhi, r12, r10
+	li	r10, 0x110
+	lvx	$iptlo, r12, r9
+	li	r9,  0x120
+	lvx	$ipthi, r12, r8
+	li	r8,  0x130
+	lvx	$sbou, r12, r11
+	li	r11, 0x140
+	lvx	$sbot, r12, r10
+	li	r10, 0x150
+	lvx	$sb1u, r12, r9
+	lvx	$sb1t, r12, r8
+	lvx	$sb2u, r12, r11
+	lvx	$sb2t, r12, r10
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+
+##
+##  _aes_encrypt_core
+##
+##  AES-encrypt %xmm0.
+##
+##  Inputs:
+##     %xmm0 = input
+##     %xmm9-%xmm15 as in _vpaes_preheat
+##    (%rdx) = scheduled keys
+##
+##  Output in %xmm0
+##  Clobbers  %xmm1-%xmm6, %r9, %r10, %r11, %rax
+##
+##
+.align 5
+_vpaes_encrypt_core:
+	lwz	r8, 240($key)		# pull rounds
+	li	r9, 16
+	lvx	v5, 0, $key		# vmovdqu	(%r9),	%xmm5		# round0 key
+	li	r11, 0x10
+	lvx	v6, r9, $key
+	addi	r9, r9, 16
+	?vperm	v5, v5, v6, $keyperm	# align round key
+	addi	r10, r11, 0x40
+	vsrb	v1, v0, v8		# vpsrlb	\$4,	%xmm0,	%xmm0
+	vperm	v0, $iptlo, $iptlo, v0	# vpshufb	%xmm1,	%xmm2,	%xmm1
+	vperm	v1, $ipthi, $ipthi, v1	# vpshufb	%xmm0,	%xmm3,	%xmm2
+	vxor	v0, v0, v5		# vpxor	%xmm5,	%xmm1,	%xmm0
+	vxor	v0, v0, v1		# vpxor	%xmm2,	%xmm0,	%xmm0
+	mtctr	r8
+	b	Lenc_entry
+
+.align 4
+Lenc_loop:
+	# middle of middle round
+	vperm	v4, $sb1t, v7, v2	# vpshufb	%xmm2,	%xmm13,	%xmm4	# 4 = sb1u
+	lvx	v1, r12, r11		# vmovdqa	-0x40(%r11,%r10), %xmm1	# .Lk_mc_forward[]
+	addi	r11, r11, 16
+	vperm	v0, $sb1u, v7, v3	# vpshufb	%xmm3,	%xmm12,	%xmm0	# 0 = sb1t
+	vxor	v4, v4, v5		# vpxor		%xmm5,	%xmm4,	%xmm4	# 4 = sb1u + k
+	andi.	r11, r11, 0x30		# and		\$0x30, %r11	# ... mod 4
+	vperm	v5, $sb2t, v7, v2	# vpshufb	%xmm2,	%xmm15,	%xmm5	# 4 = sb2u
+	vxor	v0, v0, v4		# vpxor		%xmm4,	%xmm0,	%xmm0	# 0 = A
+	vperm	v2, $sb2u, v7, v3	# vpshufb	%xmm3,	%xmm14,	%xmm2	# 2 = sb2t
+	lvx	v4, r12, r10		# vmovdqa	(%r11,%r10), %xmm4	# .Lk_mc_backward[]
+	addi	r10, r11, 0x40
+	vperm	v3, v0, v7, v1		# vpshufb	%xmm1,	%xmm0,	%xmm3	# 0 = B
+	vxor	v2, v2, v5		# vpxor		%xmm5,	%xmm2,	%xmm2	# 2 = 2A
+	vperm	v0, v0, v7, v4		# vpshufb	%xmm4,	%xmm0,	%xmm0	# 3 = D
+	vxor	v3, v3, v2		# vpxor		%xmm2,	%xmm3,	%xmm3	# 0 = 2A+B
+	vperm	v4, v3, v7, v1		# vpshufb	%xmm1,	%xmm3,	%xmm4	# 0 = 2B+C
+	vxor	v0, v0, v3		# vpxor		%xmm3,	%xmm0,	%xmm0	# 3 = 2A+B+D
+	vxor	v0, v0, v4		# vpxor		%xmm4,	%xmm0, %xmm0	# 0 = 2A+3B+C+D
+
+Lenc_entry:
+	# top of round
+	vsrb	v1, v0, v8		# vpsrlb	\$4,	%xmm0,	%xmm0	# 1 = i
+	vperm	v5, $invhi, $invhi, v0	# vpshufb	%xmm1,	%xmm11,	%xmm5	# 2 = a/k
+	vxor	v0, v0, v1		# vpxor		%xmm0,	%xmm1,	%xmm1	# 0 = j
+	vperm	v3, $invlo, $invlo, v1	# vpshufb	%xmm0, 	%xmm10,	%xmm3  	# 3 = 1/i
+	vperm	v4, $invlo, $invlo, v0	# vpshufb	%xmm1, 	%xmm10,	%xmm4  	# 4 = 1/j
+	vand	v0, v0, v9
+	vxor	v3, v3, v5		# vpxor		%xmm5,	%xmm3,	%xmm3	# 3 = iak = 1/i + a/k
+	vxor	v4, v4, v5		# vpxor		%xmm5,	%xmm4,	%xmm4  	# 4 = jak = 1/j + a/k
+	vperm	v2, $invlo, v7, v3	# vpshufb	%xmm3,	%xmm10,	%xmm2  	# 2 = 1/iak
+	vmr	v5, v6
+	lvx	v6, r9, $key		# vmovdqu	(%r9), %xmm5
+	vperm	v3, $invlo, v7, v4	# vpshufb	%xmm4,	%xmm10,	%xmm3	# 3 = 1/jak
+	addi	r9, r9, 16
+	vxor	v2, v2, v0		# vpxor		%xmm1,	%xmm2,	%xmm2  	# 2 = io
+	?vperm	v5, v5, v6, $keyperm	# align round key
+	vxor	v3, v3, v1		# vpxor		%xmm0,	%xmm3,	%xmm3	# 3 = jo
+	bdnz	Lenc_loop
+
+	# middle of last round
+	addi	r10, r11, 0x80
+					# vmovdqa	-0x60(%r10), %xmm4	# 3 : sbou	.Lk_sbo
+					# vmovdqa	-0x50(%r10), %xmm0	# 0 : sbot	.Lk_sbo+16
+	vperm	v4, $sbou, v7, v2	# vpshufb	%xmm2,	%xmm4,	%xmm4	# 4 = sbou
+	lvx	v1, r12, r10		# vmovdqa	0x40(%r11,%r10), %xmm1	# .Lk_sr[]
+	vperm	v0, $sbot, v7, v3	# vpshufb	%xmm3,	%xmm0,	%xmm0	# 0 = sb1t
+	vxor	v4, v4, v5		# vpxor		%xmm5,	%xmm4,	%xmm4	# 4 = sb1u + k
+	vxor	v0, v0, v4		# vpxor		%xmm4,	%xmm0,	%xmm0	# 0 = A
+	vperm	v0, v0, v7, v1		# vpshufb	%xmm1,	%xmm0,	%xmm0
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+
+.globl	.vpaes_encrypt
+.align	5
+.vpaes_encrypt:
+	$STU	$sp,-$FRAME($sp)
+	li	r10,`15+6*$SIZE_T`
+	li	r11,`31+6*$SIZE_T`
+	mflr	r6
+	mfspr	r7, 256			# save vrsave
+	stvx	v20,r10,$sp
+	addi	r10,r10,32
+	stvx	v21,r11,$sp
+	addi	r11,r11,32
+	stvx	v22,r10,$sp
+	addi	r10,r10,32
+	stvx	v23,r11,$sp
+	addi	r11,r11,32
+	stvx	v24,r10,$sp
+	addi	r10,r10,32
+	stvx	v25,r11,$sp
+	addi	r11,r11,32
+	stvx	v26,r10,$sp
+	addi	r10,r10,32
+	stvx	v27,r11,$sp
+	addi	r11,r11,32
+	stvx	v28,r10,$sp
+	addi	r10,r10,32
+	stvx	v29,r11,$sp
+	addi	r11,r11,32
+	stvx	v30,r10,$sp
+	stvx	v31,r11,$sp
+	stw	r7,`$FRAME-4`($sp)	# save vrsave
+	li	r0, -1
+	$PUSH	r6,`$FRAME+$LRSAVE`($sp)
+	mtspr	256, r0			# preserve all AltiVec registers
+
+	bl	_vpaes_encrypt_preheat
+
+	?lvsl	$inpperm, 0, $inp	# prepare for unaligned access
+	lvx	v0, 0, $inp
+	addi	$inp, $inp, 15		# 15 is not a typo
+	 ?lvsr	$outperm, 0, $out
+	?lvsl	$keyperm, 0, $key	# prepare for unaligned access
+	lvx	$inptail, 0, $inp	# redundant in aligned case
+	?vperm	v0, v0, $inptail, $inpperm
+
+	bl	_vpaes_encrypt_core
+
+	andi.	r8, $out, 15
+	li	r9, 16
+	beq	Lenc_out_aligned
+
+	vperm	v0, v0, v0, $outperm	# rotate right/left
+	mtctr	r9
+Lenc_out_unaligned:
+	stvebx	v0, 0, $out
+	addi	$out, $out, 1
+	bdnz	Lenc_out_unaligned
+	b	Lenc_done
+
+.align	4
+Lenc_out_aligned:
+	stvx	v0, 0, $out
+Lenc_done:
+
+	li	r10,`15+6*$SIZE_T`
+	li	r11,`31+6*$SIZE_T`
+	mtlr	r6
+	mtspr	256, r7			# restore vrsave
+	lvx	v20,r10,$sp
+	addi	r10,r10,32
+	lvx	v21,r11,$sp
+	addi	r11,r11,32
+	lvx	v22,r10,$sp
+	addi	r10,r10,32
+	lvx	v23,r11,$sp
+	addi	r11,r11,32
+	lvx	v24,r10,$sp
+	addi	r10,r10,32
+	lvx	v25,r11,$sp
+	addi	r11,r11,32
+	lvx	v26,r10,$sp
+	addi	r10,r10,32
+	lvx	v27,r11,$sp
+	addi	r11,r11,32
+	lvx	v28,r10,$sp
+	addi	r10,r10,32
+	lvx	v29,r11,$sp
+	addi	r11,r11,32
+	lvx	v30,r10,$sp
+	lvx	v31,r11,$sp
+	addi	$sp,$sp,$FRAME
+	blr
+	.long	0
+	.byte	0,12,0x04,1,0x80,0,3,0
+	.long	0
+.size	.vpaes_encrypt,.-.vpaes_encrypt
+
+.align	4
+_vpaes_decrypt_preheat:
+	mflr	r8
+	bl	Lconsts
+	mtlr	r8
+	li	r11, 0xc0		# Lk_inv
+	li	r10, 0xd0
+	li	r9,  0x160		# Ldipt
+	li	r8,  0x170
+	vxor	v7, v7, v7		# 0x00..00
+	vspltisb	v8,4		# 0x04..04
+	vspltisb	v9,0x0f		# 0x0f..0f
+	lvx	$invlo, r12, r11
+	li	r11, 0x180
+	lvx	$invhi, r12, r10
+	li	r10, 0x190
+	lvx	$iptlo, r12, r9
+	li	r9,  0x1a0
+	lvx	$ipthi, r12, r8
+	li	r8,  0x1b0
+	lvx	$sbou, r12, r11
+	li	r11, 0x1c0
+	lvx	$sbot, r12, r10
+	li	r10, 0x1d0
+	lvx	$sb9u, r12, r9
+	li	r9,  0x1e0
+	lvx	$sb9t, r12, r8
+	li	r8,  0x1f0
+	lvx	$sbdu, r12, r11
+	li	r11, 0x200
+	lvx	$sbdt, r12, r10
+	li	r10, 0x210
+	lvx	$sbbu, r12, r9
+	lvx	$sbbt, r12, r8
+	lvx	$sbeu, r12, r11
+	lvx	$sbet, r12, r10
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+
+##
+##  Decryption core
+##
+##  Same API as encryption core.
+##
+.align	4
+_vpaes_decrypt_core:
+	lwz	r8, 240($key)		# pull rounds
+	li	r9, 16
+	lvx	v5, 0, $key		# vmovdqu	(%r9),	%xmm4		# round0 key
+	li	r11, 0x30
+	lvx	v6, r9, $key
+	addi	r9, r9, 16
+	?vperm	v5, v5, v6, $keyperm	# align round key
+	vsrb	v1, v0, v8		# vpsrlb	\$4,	%xmm0,	%xmm0
+	vperm	v0, $iptlo, $iptlo, v0	# vpshufb	%xmm1,	%xmm2,	%xmm2
+	vperm	v1, $ipthi, $ipthi, v1	# vpshufb	%xmm0,	%xmm1,	%xmm0
+	vxor	v0, v0, v5		# vpxor	%xmm4,	%xmm2,	%xmm2
+	vxor	v0, v0, v1		# vpxor	%xmm2,	%xmm0,	%xmm0
+	mtctr	r8
+	b	Ldec_entry
+
+.align 4
+Ldec_loop:
+#
+#  Inverse mix columns
+#
+	lvx	v0, r12, r11		# v5 and v0 are flipped
+					# vmovdqa	-0x20(%r10),%xmm4		# 4 : sb9u
+					# vmovdqa	-0x10(%r10),%xmm1		# 0 : sb9t
+	vperm	v4, $sb9u, v7, v2	# vpshufb	%xmm2,	%xmm4,	%xmm4		# 4 = sb9u
+	subi	r11, r11, 16
+	vperm	v1, $sb9t, v7, v3	# vpshufb	%xmm3,	%xmm1,	%xmm1		# 0 = sb9t
+	andi.	r11, r11, 0x30
+	vxor	v5, v5, v4		# vpxor		%xmm4,	%xmm0,	%xmm0
+					# vmovdqa	0x00(%r10),%xmm4		# 4 : sbdu
+	vxor	v5, v5, v1		# vpxor		%xmm1,	%xmm0,	%xmm0		# 0 = ch
+					# vmovdqa	0x10(%r10),%xmm1		# 0 : sbdt
+
+	vperm	v4, $sbdu, v7, v2	# vpshufb	%xmm2,	%xmm4,	%xmm4		# 4 = sbdu
+	vperm 	v5, v5, v7, v0		# vpshufb	%xmm5,	%xmm0,	%xmm0		# MC ch
+	vperm	v1, $sbdt, v7, v3	# vpshufb	%xmm3,	%xmm1,	%xmm1		# 0 = sbdt
+	vxor	v5, v5, v4		# vpxor		%xmm4,	%xmm0,	%xmm0		# 4 = ch
+					# vmovdqa	0x20(%r10),	%xmm4		# 4 : sbbu
+	vxor	v5, v5, v1		# vpxor		%xmm1,	%xmm0,	%xmm0		# 0 = ch
+					# vmovdqa	0x30(%r10),	%xmm1		# 0 : sbbt
+
+	vperm	v4, $sbbu, v7, v2	# vpshufb	%xmm2,	%xmm4,	%xmm4		# 4 = sbbu
+	vperm	v5, v5, v7, v0		# vpshufb	%xmm5,	%xmm0,	%xmm0		# MC ch
+	vperm	v1, $sbbt, v7, v3	# vpshufb	%xmm3,	%xmm1,	%xmm1		# 0 = sbbt
+	vxor	v5, v5, v4		# vpxor		%xmm4,	%xmm0,	%xmm0		# 4 = ch
+					# vmovdqa	0x40(%r10),	%xmm4		# 4 : sbeu
+	vxor	v5, v5, v1		# vpxor		%xmm1,	%xmm0,	%xmm0		# 0 = ch
+					# vmovdqa	0x50(%r10),	%xmm1		# 0 : sbet
+
+	vperm	v4, $sbeu, v7, v2	# vpshufb	%xmm2,	%xmm4,	%xmm4		# 4 = sbeu
+	vperm	v5, v5, v7, v0		# vpshufb	%xmm5,	%xmm0,	%xmm0		# MC ch
+	vperm	v1, $sbet, v7, v3	# vpshufb	%xmm3,	%xmm1,	%xmm1		# 0 = sbet
+	vxor	v0, v5, v4		# vpxor		%xmm4,	%xmm0,	%xmm0		# 4 = ch
+	vxor	v0, v0, v1		# vpxor		%xmm1,	%xmm0,	%xmm0		# 0 = ch
+
+Ldec_entry:
+	# top of round
+	vsrb	v1, v0, v8		# vpsrlb	\$4,	%xmm0,	%xmm0	# 1 = i
+	vperm	v2, $invhi, $invhi, v0	# vpshufb	%xmm1,	%xmm11,	%xmm2	# 2 = a/k
+	vxor	v0, v0, v1		# vpxor		%xmm0,	%xmm1,	%xmm1	# 0 = j
+	vperm	v3, $invlo, $invlo, v1	# vpshufb	%xmm0, 	%xmm10,	%xmm3	# 3 = 1/i
+	vperm	v4, $invlo, $invlo, v0	# vpshufb	%xmm1,	%xmm10,	%xmm4	# 4 = 1/j
+	vand	v0, v0, v9
+	vxor	v3, v3, v2		# vpxor		%xmm2,	%xmm3,	%xmm3	# 3 = iak = 1/i + a/k
+	vxor	v4, v4, v2		# vpxor		%xmm2, 	%xmm4,	%xmm4	# 4 = jak = 1/j + a/k
+	vperm	v2, $invlo, v7, v3	# vpshufb	%xmm3,	%xmm10,	%xmm2	# 2 = 1/iak
+	vmr	v5, v6
+	lvx	v6, r9, $key		# vmovdqu	(%r9),	%xmm0
+	vperm	v3, $invlo, v7, v4	# vpshufb	%xmm4,  %xmm10,	%xmm3	# 3 = 1/jak
+	addi	r9, r9, 16
+	vxor	v2, v2, v0		# vpxor		%xmm1,	%xmm2,	%xmm2	# 2 = io
+	?vperm	v5, v5, v6, $keyperm	# align round key
+	vxor	v3, v3, v1		# vpxor		%xmm0,  %xmm3,	%xmm3	# 3 = jo
+	bdnz	Ldec_loop
+
+	# middle of last round
+	addi	r10, r11, 0x80
+					# vmovdqa	0x60(%r10),	%xmm4	# 3 : sbou
+	vperm	v4, $sbou, v7, v2	# vpshufb	%xmm2,	%xmm4,	%xmm4	# 4 = sbou
+					# vmovdqa	0x70(%r10),	%xmm1	# 0 : sbot
+	lvx	v2, r12, r10		# vmovdqa	-0x160(%r11),	%xmm2	# .Lk_sr-.Lk_dsbd=-0x160
+	vperm	v1, $sbot, v7, v3	# vpshufb	%xmm3,	%xmm1,	%xmm1	# 0 = sb1t
+	vxor	v4, v4, v5		# vpxor		%xmm0,	%xmm4,	%xmm4	# 4 = sb1u + k
+	vxor	v0, v1, v4		# vpxor		%xmm4,	%xmm1,	%xmm0	# 0 = A
+	vperm	v0, v0, v7, v2		# vpshufb	%xmm2,	%xmm0,	%xmm0
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+
+.globl	.vpaes_decrypt
+.align	5
+.vpaes_decrypt:
+	$STU	$sp,-$FRAME($sp)
+	li	r10,`15+6*$SIZE_T`
+	li	r11,`31+6*$SIZE_T`
+	mflr	r6
+	mfspr	r7, 256			# save vrsave
+	stvx	v20,r10,$sp
+	addi	r10,r10,32
+	stvx	v21,r11,$sp
+	addi	r11,r11,32
+	stvx	v22,r10,$sp
+	addi	r10,r10,32
+	stvx	v23,r11,$sp
+	addi	r11,r11,32
+	stvx	v24,r10,$sp
+	addi	r10,r10,32
+	stvx	v25,r11,$sp
+	addi	r11,r11,32
+	stvx	v26,r10,$sp
+	addi	r10,r10,32
+	stvx	v27,r11,$sp
+	addi	r11,r11,32
+	stvx	v28,r10,$sp
+	addi	r10,r10,32
+	stvx	v29,r11,$sp
+	addi	r11,r11,32
+	stvx	v30,r10,$sp
+	stvx	v31,r11,$sp
+	stw	r7,`$FRAME-4`($sp)	# save vrsave
+	li	r0, -1
+	$PUSH	r6,`$FRAME+$LRSAVE`($sp)
+	mtspr	256, r0			# preserve all AltiVec registers
+
+	bl	_vpaes_decrypt_preheat
+
+	?lvsl	$inpperm, 0, $inp	# prepare for unaligned access
+	lvx	v0, 0, $inp
+	addi	$inp, $inp, 15		# 15 is not a typo
+	 ?lvsr	$outperm, 0, $out
+	?lvsl	$keyperm, 0, $key
+	lvx	$inptail, 0, $inp	# redundant in aligned case
+	?vperm	v0, v0, $inptail, $inpperm
+
+	bl	_vpaes_decrypt_core
+
+	andi.	r8, $out, 15
+	li	r9, 16
+	beq	Ldec_out_aligned
+
+	vperm	v0, v0, v0, $outperm	# rotate right/left
+	mtctr	r9
+Ldec_out_unaligned:
+	stvebx	v0, 0, $out
+	addi	$out, $out, 1
+	bdnz	Ldec_out_unaligned
+	b	Ldec_done
+
+.align	4
+Ldec_out_aligned:
+	stvx	v0, 0, $out
+Ldec_done:
+
+	li	r10,`15+6*$SIZE_T`
+	li	r11,`31+6*$SIZE_T`
+	mtlr	r6
+	mtspr	256, r7			# restore vrsave
+	lvx	v20,r10,$sp
+	addi	r10,r10,32
+	lvx	v21,r11,$sp
+	addi	r11,r11,32
+	lvx	v22,r10,$sp
+	addi	r10,r10,32
+	lvx	v23,r11,$sp
+	addi	r11,r11,32
+	lvx	v24,r10,$sp
+	addi	r10,r10,32
+	lvx	v25,r11,$sp
+	addi	r11,r11,32
+	lvx	v26,r10,$sp
+	addi	r10,r10,32
+	lvx	v27,r11,$sp
+	addi	r11,r11,32
+	lvx	v28,r10,$sp
+	addi	r10,r10,32
+	lvx	v29,r11,$sp
+	addi	r11,r11,32
+	lvx	v30,r10,$sp
+	lvx	v31,r11,$sp
+	addi	$sp,$sp,$FRAME
+	blr
+	.long	0
+	.byte	0,12,0x04,1,0x80,0,3,0
+	.long	0
+.size	.vpaes_decrypt,.-.vpaes_decrypt
+
+.globl	.vpaes_cbc_encrypt
+.align	5
+.vpaes_cbc_encrypt:
+	${UCMP}i r5,16
+	bltlr-
+
+	$STU	$sp,-`($FRAME+2*$SIZE_T)`($sp)
+	mflr	r0
+	li	r10,`15+6*$SIZE_T`
+	li	r11,`31+6*$SIZE_T`
+	mfspr	r12, 256
+	stvx	v20,r10,$sp
+	addi	r10,r10,32
+	stvx	v21,r11,$sp
+	addi	r11,r11,32
+	stvx	v22,r10,$sp
+	addi	r10,r10,32
+	stvx	v23,r11,$sp
+	addi	r11,r11,32
+	stvx	v24,r10,$sp
+	addi	r10,r10,32
+	stvx	v25,r11,$sp
+	addi	r11,r11,32
+	stvx	v26,r10,$sp
+	addi	r10,r10,32
+	stvx	v27,r11,$sp
+	addi	r11,r11,32
+	stvx	v28,r10,$sp
+	addi	r10,r10,32
+	stvx	v29,r11,$sp
+	addi	r11,r11,32
+	stvx	v30,r10,$sp
+	stvx	v31,r11,$sp
+	stw	r12,`$FRAME-4`($sp)	# save vrsave
+	$PUSH	r30,`$FRAME+$SIZE_T*0`($sp)
+	$PUSH	r31,`$FRAME+$SIZE_T*1`($sp)
+	li	r9, -16
+	$PUSH	r0, `$FRAME+$SIZE_T*2+$LRSAVE`($sp)
+
+	and	r30, r5, r9		# copy length&-16
+	andi.	r9, $out, 15		# is $out aligned?
+	mr	r5, r6			# copy pointer to key
+	mr	r31, r7			# copy pointer to iv
+	li	r6, -1
+	mcrf	cr1, cr0		# put aside $out alignment flag
+	mr	r7, r12			# copy vrsave
+	mtspr	256, r6			# preserve all AltiVec registers
+
+	lvx	v24, 0, r31		# load [potentially unaligned] iv
+	li	r9, 15
+	?lvsl	$inpperm, 0, r31
+	lvx	v25, r9, r31
+	?vperm	v24, v24, v25, $inpperm
+
+	cmpwi	r8, 0			# test direction
+	neg	r8, $inp		# prepare for unaligned access
+	 vxor	v7, v7, v7
+	?lvsl	$keyperm, 0, $key
+	 ?lvsr	$outperm, 0, $out
+	?lvsr	$inpperm, 0, r8		# -$inp
+	 vnor	$outmask, v7, v7	# 0xff..ff
+	lvx	$inptail, 0, $inp
+	 ?vperm	$outmask, v7, $outmask, $outperm
+	addi	$inp, $inp, 15		# 15 is not a typo
+
+	beq	Lcbc_decrypt
+
+	bl	_vpaes_encrypt_preheat
+	li	r0, 16
+
+	beq	cr1, Lcbc_enc_loop	# $out is aligned
+
+	vmr	v0, $inptail
+	lvx	$inptail, 0, $inp
+	addi	$inp, $inp, 16
+	?vperm	v0, v0, $inptail, $inpperm
+	vxor	v0, v0, v24		# ^= iv
+
+	bl	_vpaes_encrypt_core
+
+	andi.	r8, $out, 15
+	vmr	v24, v0			# put aside iv
+	sub	r9, $out, r8
+	vperm	$outhead, v0, v0, $outperm	# rotate right/left
+
+Lcbc_enc_head:
+	stvebx	$outhead, r8, r9
+	cmpwi	r8, 15
+	addi	r8, r8, 1
+	bne	Lcbc_enc_head
+
+	sub.	r30, r30, r0		# len -= 16
+	addi	$out, $out, 16
+	beq	Lcbc_unaligned_done
+
+Lcbc_enc_loop:
+	vmr	v0, $inptail
+	lvx	$inptail, 0, $inp
+	addi	$inp, $inp, 16
+	?vperm	v0, v0, $inptail, $inpperm
+	vxor	v0, v0, v24		# ^= iv
+
+	bl	_vpaes_encrypt_core
+
+	vmr	v24, v0			# put aside iv
+	sub.	r30, r30, r0		# len -= 16
+	vperm	v0, v0, v0, $outperm	# rotate right/left
+	vsel	v1, $outhead, v0, $outmask
+	vmr	$outhead, v0
+	stvx	v1, 0, $out
+	addi	$out, $out, 16
+	bne	Lcbc_enc_loop
+
+	b	Lcbc_done
+
+.align	5
+Lcbc_decrypt:
+	bl	_vpaes_decrypt_preheat
+	li	r0, 16
+
+	beq	cr1, Lcbc_dec_loop	# $out is aligned
+
+	vmr	v0, $inptail
+	lvx	$inptail, 0, $inp
+	addi	$inp, $inp, 16
+	?vperm	v0, v0, $inptail, $inpperm
+	vmr	v25, v0			# put aside input
+
+	bl	_vpaes_decrypt_core
+
+	andi.	r8, $out, 15
+	vxor	v0, v0, v24		# ^= iv
+	vmr	v24, v25
+	sub	r9, $out, r8
+	vperm	$outhead, v0, v0, $outperm	# rotate right/left
+
+Lcbc_dec_head:
+	stvebx	$outhead, r8, r9
+	cmpwi	r8, 15
+	addi	r8, r8, 1
+	bne	Lcbc_dec_head
+
+	sub.	r30, r30, r0		# len -= 16
+	addi	$out, $out, 16
+	beq	Lcbc_unaligned_done
+
+Lcbc_dec_loop:
+	vmr	v0, $inptail
+	lvx	$inptail, 0, $inp
+	addi	$inp, $inp, 16
+	?vperm	v0, v0, $inptail, $inpperm
+	vmr	v25, v0			# put aside input
+
+	bl	_vpaes_decrypt_core
+
+	vxor	v0, v0, v24		# ^= iv
+	vmr	v24, v25
+	sub.	r30, r30, r0		# len -= 16
+	vperm	v0, v0, v0, $outperm	# rotate right/left
+	vsel	v1, $outhead, v0, $outmask
+	vmr	$outhead, v0
+	stvx	v1, 0, $out
+	addi	$out, $out, 16
+	bne	Lcbc_dec_loop
+
+Lcbc_done:
+	beq	cr1, Lcbc_write_iv	# $out is aligned
+
+Lcbc_unaligned_done:
+	andi.	r8, $out, 15
+	sub	$out, $out, r8
+	li	r9, 0
+Lcbc_tail:
+	stvebx	$outhead, r9, $out
+	addi	r9, r9, 1
+	cmpw	r9, r8
+	bne	Lcbc_tail
+
+Lcbc_write_iv:
+	neg	r8, r31			# write [potentially unaligned] iv
+	li	r10, 4
+	?lvsl	$outperm, 0, r8
+	li	r11, 8
+	li	r12, 12
+	vperm	v24, v24, v24, $outperm	# rotate right/left
+	stvewx	v24, 0, r31		# ivp is at least 32-bit aligned
+	stvewx	v24, r10, r31
+	stvewx	v24, r11, r31
+	stvewx	v24, r12, r31
+
+	mtspr	256, r7			# restore vrsave
+	li	r10,`15+6*$SIZE_T`
+	li	r11,`31+6*$SIZE_T`
+	lvx	v20,r10,$sp
+	addi	r10,r10,32
+	lvx	v21,r11,$sp
+	addi	r11,r11,32
+	lvx	v22,r10,$sp
+	addi	r10,r10,32
+	lvx	v23,r11,$sp
+	addi	r11,r11,32
+	lvx	v24,r10,$sp
+	addi	r10,r10,32
+	lvx	v25,r11,$sp
+	addi	r11,r11,32
+	lvx	v26,r10,$sp
+	addi	r10,r10,32
+	lvx	v27,r11,$sp
+	addi	r11,r11,32
+	lvx	v28,r10,$sp
+	addi	r10,r10,32
+	lvx	v29,r11,$sp
+	addi	r11,r11,32
+	lvx	v30,r10,$sp
+	lvx	v31,r11,$sp
+Lcbc_abort:
+	$POP	r0, `$FRAME+$SIZE_T*2+$LRSAVE`($sp)
+	$POP	r30,`$FRAME+$SIZE_T*0`($sp)
+	$POP	r31,`$FRAME+$SIZE_T*1`($sp)
+	mtlr	r0
+	addi	$sp,$sp,`$FRAME+$SIZE_T*2`
+	blr
+	.long	0
+	.byte	0,12,0x04,1,0x80,2,6,0
+	.long	0
+.size	.vpaes_cbc_encrypt,.-.vpaes_cbc_encrypt
+___
+}
+{
+my ($inp,$bits,$out)=map("r$_",(3..5));
+my $dir="cr1";
+my ($invlo,$invhi,$iptlo,$ipthi,$rcon) = map("v$_",(10..13,24));
+
+$code.=<<___;
+########################################################
+##                                                    ##
+##                  AES key schedule                  ##
+##                                                    ##
+########################################################
+.align	4
+_vpaes_key_preheat:
+	mflr	r8
+	bl	Lconsts
+	mtlr	r8
+	li	r11, 0xc0		# Lk_inv
+	li	r10, 0xd0
+	li	r9,  0xe0		# L_ipt
+	li	r8,  0xf0
+
+	vspltisb	v8,4		# 0x04..04
+	vxor	v9,v9,v9		# 0x00..00
+	lvx	$invlo, r12, r11	# Lk_inv
+	li	r11, 0x120
+	lvx	$invhi, r12, r10
+	li	r10, 0x130
+	lvx	$iptlo, r12, r9		# Lk_ipt
+	li	r9, 0x220
+	lvx	$ipthi, r12, r8
+	li	r8, 0x230
+
+	lvx	v14, r12, r11		# Lk_sb1
+	li	r11, 0x240
+	lvx	v15, r12, r10
+	li	r10, 0x250
+
+	lvx	v16, r12, r9		# Lk_dksd
+	li	r9, 0x260
+	lvx	v17, r12, r8
+	li	r8, 0x270
+	lvx	v18, r12, r11		# Lk_dksb
+	li	r11, 0x280
+	lvx	v19, r12, r10
+	li	r10, 0x290
+	lvx	v20, r12, r9		# Lk_dkse
+	li	r9, 0x2a0
+	lvx	v21, r12, r8
+	li	r8, 0x2b0
+	lvx	v22, r12, r11		# Lk_dks9
+	lvx	v23, r12, r10
+
+	lvx	v24, r12, r9		# Lk_rcon
+	lvx	v25, 0, r12		# Lk_mc_forward[0]
+	lvx	v26, r12, r8		# Lks63
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+
+.align	4
+_vpaes_schedule_core:
+	mflr	r7
+
+	bl	_vpaes_key_preheat	# load the tables
+
+	#lvx	v0, 0, $inp		# vmovdqu	(%rdi),	%xmm0		# load key (unaligned)
+	neg	r8, $inp		# prepare for unaligned access
+	lvx	v0, 0, $inp
+	addi	$inp, $inp, 15		# 15 is not typo
+	?lvsr	$inpperm, 0, r8		# -$inp
+	lvx	v6, 0, $inp		# v6 serves as inptail
+	addi	$inp, $inp, 8
+	?vperm	v0, v0, v6, $inpperm
+
+	# input transform
+	vmr	v3, v0			# vmovdqa	%xmm0,	%xmm3
+	bl	_vpaes_schedule_transform
+	vmr	v7, v0			# vmovdqa	%xmm0,	%xmm7
+
+	bne	$dir, Lschedule_am_decrypting
+
+	# encrypting, output zeroth round key after transform
+	li	r8, 0x30		# mov	\$0x30,%r8d
+	li	r9, 4
+	li	r10, 8
+	li	r11, 12
+
+	?lvsr	$outperm, 0, $out	# prepare for unaligned access
+	vnor	$outmask, v9, v9	# 0xff..ff
+	?vperm	$outmask, v9, $outmask, $outperm
+
+	#stvx	v0, 0, $out		# vmovdqu	%xmm0,	(%rdx)
+	vperm	$outhead, v0, v0, $outperm	# rotate right/left
+	stvewx	$outhead, 0, $out	# some are superfluous
+	stvewx	$outhead, r9, $out
+	stvewx	$outhead, r10, $out
+	addi	r10, r12, 0x80		# lea	.Lk_sr(%rip),%r10
+	stvewx	$outhead, r11, $out
+	b	Lschedule_go
+
+Lschedule_am_decrypting:
+	srwi	r8, $bits, 1		# shr	\$1,%r8d
+	andi.	r8, r8, 32		# and	\$32,%r8d
+	xori	r8, r8, 32		# xor	\$32,%r8d	# nbits==192?0:32
+	addi	r10, r12, 0x80		# lea	.Lk_sr(%rip),%r10
+	# decrypting, output zeroth round key after shiftrows
+	lvx	v1, r8, r10		# vmovdqa	(%r8,%r10),	%xmm1
+	li	r9, 4
+	li	r10, 8
+	li	r11, 12
+	vperm	v4, v3, v3, v1		# vpshufb	%xmm1,	%xmm3,	%xmm3
+
+	neg	r0, $out		# prepare for unaligned access
+	?lvsl	$outperm, 0, r0
+	vnor	$outmask, v9, v9	# 0xff..ff
+	?vperm	$outmask, $outmask, v9, $outperm
+
+	#stvx	v4, 0, $out		# vmovdqu	%xmm3,	(%rdx)
+	vperm	$outhead, v4, v4, $outperm	# rotate right/left
+	stvewx	$outhead, 0, $out	# some are superfluous
+	stvewx	$outhead, r9, $out
+	stvewx	$outhead, r10, $out
+	addi	r10, r12, 0x80		# lea	.Lk_sr(%rip),%r10
+	stvewx	$outhead, r11, $out
+	addi	$out, $out, 15		# 15 is not typo
+	xori	r8, r8, 0x30		# xor	\$0x30, %r8
+
+Lschedule_go:
+	cmplwi	$bits, 192		# cmp	\$192,	%esi
+	bgt	Lschedule_256
+	beq	Lschedule_192
+	# 128: fall though
+
+##
+##  .schedule_128
+##
+##  128-bit specific part of key schedule.
+##
+##  This schedule is really simple, because all its parts
+##  are accomplished by the subroutines.
+##
+Lschedule_128:
+	li	r0, 10			# mov	\$10, %esi
+	mtctr	r0
+
+Loop_schedule_128:
+	bl 	_vpaes_schedule_round
+	bdz 	Lschedule_mangle_last	# dec	%esi
+	bl	_vpaes_schedule_mangle	# write output
+	b 	Loop_schedule_128
+
+##
+##  .aes_schedule_192
+##
+##  192-bit specific part of key schedule.
+##
+##  The main body of this schedule is the same as the 128-bit
+##  schedule, but with more smearing.  The long, high side is
+##  stored in %xmm7 as before, and the short, low side is in
+##  the high bits of %xmm6.
+##
+##  This schedule is somewhat nastier, however, because each
+##  round produces 192 bits of key material, or 1.5 round keys.
+##  Therefore, on each cycle we do 2 rounds and produce 3 round
+##  keys.
+##
+.align	4
+Lschedule_192:
+	li	r0, 4			# mov	\$4,	%esi
+	lvx	v0, 0, $inp
+	?vperm	v0, v6, v0, $inpperm
+	?vsldoi	v0, v3, v0, 8		# vmovdqu	8(%rdi),%xmm0		# load key part 2 (very unaligned)
+	bl	_vpaes_schedule_transform	# input transform
+	?vsldoi	v6, v0, v9, 8
+	?vsldoi	v6, v9, v6, 8		# clobber "low" side with zeros
+	mtctr	r0
+
+Loop_schedule_192:
+	bl	_vpaes_schedule_round
+	?vsldoi	v0, v6, v0, 8		# vpalignr	\$8,%xmm6,%xmm0,%xmm0
+	bl	_vpaes_schedule_mangle	# save key n
+	bl	_vpaes_schedule_192_smear
+	bl	_vpaes_schedule_mangle	# save key n+1
+	bl	_vpaes_schedule_round
+	bdz 	Lschedule_mangle_last	# dec	%esi
+	bl	_vpaes_schedule_mangle	# save key n+2
+	bl	_vpaes_schedule_192_smear
+	b	Loop_schedule_192
+
+##
+##  .aes_schedule_256
+##
+##  256-bit specific part of key schedule.
+##
+##  The structure here is very similar to the 128-bit
+##  schedule, but with an additional "low side" in
+##  %xmm6.  The low side's rounds are the same as the
+##  high side's, except no rcon and no rotation.
+##
+.align	4
+Lschedule_256:
+	li	r0, 7			# mov	\$7, %esi
+	addi	$inp, $inp, 8
+	lvx	v0, 0, $inp		# vmovdqu	16(%rdi),%xmm0		# load key part 2 (unaligned)
+	?vperm	v0, v6, v0, $inpperm
+	bl	_vpaes_schedule_transform	# input transform
+	mtctr	r0
+
+Loop_schedule_256:
+	bl	_vpaes_schedule_mangle	# output low result
+	vmr	v6, v0			# vmovdqa	%xmm0,	%xmm6		# save cur_lo in xmm6
+
+	# high round
+	bl	_vpaes_schedule_round
+	bdz 	Lschedule_mangle_last	# dec	%esi
+	bl	_vpaes_schedule_mangle
+
+	# low round. swap xmm7 and xmm6
+	?vspltw	v0, v0, 3		# vpshufd	\$0xFF,	%xmm0,	%xmm0
+	vmr	v5, v7			# vmovdqa	%xmm7,	%xmm5
+	vmr	v7, v6			# vmovdqa	%xmm6,	%xmm7
+	bl	_vpaes_schedule_low_round
+	vmr	v7, v5			# vmovdqa	%xmm5,	%xmm7
+
+	b	Loop_schedule_256
+##
+##  .aes_schedule_mangle_last
+##
+##  Mangler for last round of key schedule
+##  Mangles %xmm0
+##    when encrypting, outputs out(%xmm0) ^ 63
+##    when decrypting, outputs unskew(%xmm0)
+##
+##  Always called right before return... jumps to cleanup and exits
+##
+.align	4
+Lschedule_mangle_last:
+	# schedule last round key from xmm0
+	li	r11, 0x2e0		# lea	.Lk_deskew(%rip),%r11
+	li	r9,  0x2f0
+	bne	$dir, Lschedule_mangle_last_dec
+
+	# encrypting
+	lvx	v1, r8, r10		# vmovdqa	(%r8,%r10),%xmm1
+	li	r11, 0x2c0		# lea		.Lk_opt(%rip),	%r11	# prepare to output transform
+	li	r9,  0x2d0		# prepare to output transform
+	vperm	v0, v0, v0, v1		# vpshufb	%xmm1,	%xmm0,	%xmm0	# output permute
+
+	lvx	$iptlo, r11, r12	# reload $ipt
+	lvx	$ipthi, r9, r12
+	addi	$out, $out, 16		# add	\$16,	%rdx
+	vxor	v0, v0, v26		# vpxor		.Lk_s63(%rip),	%xmm0,	%xmm0
+	bl	_vpaes_schedule_transform	# output transform
+
+	#stvx	v0, r0, $out		# vmovdqu	%xmm0,	(%rdx)		# save last key
+	vperm	v0, v0, v0, $outperm	# rotate right/left
+	li	r10, 4
+	vsel	v2, $outhead, v0, $outmask
+	li	r11, 8
+	stvx	v2, 0, $out
+	li	r12, 12
+	stvewx	v0, 0, $out		# some (or all) are redundant
+	stvewx	v0, r10, $out
+	stvewx	v0, r11, $out
+	stvewx	v0, r12, $out
+	b	Lschedule_mangle_done
+
+.align	4
+Lschedule_mangle_last_dec:
+	lvx	$iptlo, r11, r12	# reload $ipt
+	lvx	$ipthi, r9,  r12
+	addi	$out, $out, -16		# add	\$-16,	%rdx
+	vxor	v0, v0, v26		# vpxor	.Lk_s63(%rip),	%xmm0,	%xmm0
+	bl	_vpaes_schedule_transform	# output transform
+
+	#stvx	v0, r0, $out		# vmovdqu	%xmm0,	(%rdx)		# save last key
+	addi	r9, $out, -15		# -15 is not typo
+	vperm	v0, v0, v0, $outperm	# rotate right/left
+	li	r10, 4
+	vsel	v2, $outhead, v0, $outmask
+	li	r11, 8
+	stvx	v2, 0, $out
+	li	r12, 12
+	stvewx	v0, 0, r9		# some (or all) are redundant
+	stvewx	v0, r10, r9
+	stvewx	v0, r11, r9
+	stvewx	v0, r12, r9
+
+
+Lschedule_mangle_done:
+	mtlr	r7
+	# cleanup
+	vxor	v0, v0, v0		# vpxor		%xmm0,	%xmm0,	%xmm0
+	vxor	v1, v1, v1		# vpxor		%xmm1,	%xmm1,	%xmm1
+	vxor	v2, v2, v2		# vpxor		%xmm2,	%xmm2,	%xmm2
+	vxor	v3, v3, v3		# vpxor		%xmm3,	%xmm3,	%xmm3
+	vxor	v4, v4, v4		# vpxor		%xmm4,	%xmm4,	%xmm4
+	vxor	v5, v5, v5		# vpxor		%xmm5,	%xmm5,	%xmm5
+	vxor	v6, v6, v6		# vpxor		%xmm6,	%xmm6,	%xmm6
+	vxor	v7, v7, v7		# vpxor		%xmm7,	%xmm7,	%xmm7
+
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+
+##
+##  .aes_schedule_192_smear
+##
+##  Smear the short, low side in the 192-bit key schedule.
+##
+##  Inputs:
+##    %xmm7: high side, b  a  x  y
+##    %xmm6:  low side, d  c  0  0
+##    %xmm13: 0
+##
+##  Outputs:
+##    %xmm6: b+c+d  b+c  0  0
+##    %xmm0: b+c+d  b+c  b  a
+##
+.align	4
+_vpaes_schedule_192_smear:
+	?vspltw	v0, v7, 3
+	?vsldoi	v1, v9, v6, 12		# vpshufd	\$0x80,	%xmm6,	%xmm1	# d c 0 0 -> c 0 0 0
+	?vsldoi	v0, v7, v0, 8		# vpshufd	\$0xFE,	%xmm7,	%xmm0	# b a _ _ -> b b b a
+	vxor	v6, v6, v1		# vpxor		%xmm1,	%xmm6,	%xmm6	# -> c+d c 0 0
+	vxor	v6, v6, v0		# vpxor		%xmm0,	%xmm6,	%xmm6	# -> b+c+d b+c b a
+	vmr	v0, v6
+	?vsldoi	v6, v6, v9, 8
+	?vsldoi	v6, v9, v6, 8		# clobber low side with zeros
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+
+##
+##  .aes_schedule_round
+##
+##  Runs one main round of the key schedule on %xmm0, %xmm7
+##
+##  Specifically, runs subbytes on the high dword of %xmm0
+##  then rotates it by one byte and xors into the low dword of
+##  %xmm7.
+##
+##  Adds rcon from low byte of %xmm8, then rotates %xmm8 for
+##  next rcon.
+##
+##  Smears the dwords of %xmm7 by xoring the low into the
+##  second low, result into third, result into highest.
+##
+##  Returns results in %xmm7 = %xmm0.
+##  Clobbers %xmm1-%xmm4, %r11.
+##
+.align	4
+_vpaes_schedule_round:
+	# extract rcon from xmm8
+	#vxor	v4, v4, v4		# vpxor		%xmm4,	%xmm4,	%xmm4
+	?vsldoi	v1, $rcon, v9, 15	# vpalignr	\$15,	%xmm8,	%xmm4,	%xmm1
+	?vsldoi	$rcon, $rcon, $rcon, 15	# vpalignr	\$15,	%xmm8,	%xmm8,	%xmm8
+	vxor	v7, v7, v1		# vpxor		%xmm1,	%xmm7,	%xmm7
+
+	# rotate
+	?vspltw	v0, v0, 3		# vpshufd	\$0xFF,	%xmm0,	%xmm0
+	?vsldoi	v0, v0, v0, 1		# vpalignr	\$1,	%xmm0,	%xmm0,	%xmm0
+
+	# fall through...
+
+	# low round: same as high round, but no rotation and no rcon.
+_vpaes_schedule_low_round:
+	# smear xmm7
+	?vsldoi	v1, v9, v7, 12		# vpslldq	\$4,	%xmm7,	%xmm1
+	vxor	v7, v7, v1		# vpxor		%xmm1,	%xmm7,	%xmm7
+	vspltisb	v1, 0x0f	# 0x0f..0f
+	?vsldoi	v4, v9, v7, 8		# vpslldq	\$8,	%xmm7,	%xmm4
+
+	# subbytes
+	vand	v1, v1, v0		# vpand		%xmm9,	%xmm0,	%xmm1		# 0 = k
+	vsrb	v0, v0, v8		# vpsrlb	\$4,	%xmm0,	%xmm0		# 1 = i
+	 vxor	v7, v7, v4		# vpxor		%xmm4,	%xmm7,	%xmm7
+	vperm	v2, $invhi, v9, v1	# vpshufb	%xmm1,	%xmm11,	%xmm2		# 2 = a/k
+	vxor	v1, v1, v0		# vpxor		%xmm0,	%xmm1,	%xmm1		# 0 = j
+	vperm	v3, $invlo, v9, v0	# vpshufb	%xmm0, 	%xmm10,	%xmm3		# 3 = 1/i
+	vxor	v3, v3, v2		# vpxor		%xmm2,	%xmm3,	%xmm3		# 3 = iak = 1/i + a/k
+	vperm	v4, $invlo, v9, v1	# vpshufb	%xmm1,	%xmm10,	%xmm4		# 4 = 1/j
+	 vxor	v7, v7, v26		# vpxor		.Lk_s63(%rip),	%xmm7,	%xmm7
+	vperm	v3, $invlo, v9, v3	# vpshufb	%xmm3,	%xmm10,	%xmm3		# 2 = 1/iak
+	vxor	v4, v4, v2		# vpxor		%xmm2,	%xmm4,	%xmm4		# 4 = jak = 1/j + a/k
+	vperm	v2, $invlo, v9, v4	# vpshufb	%xmm4,	%xmm10,	%xmm2		# 3 = 1/jak
+	vxor	v3, v3, v1		# vpxor		%xmm1,	%xmm3,	%xmm3		# 2 = io
+	vxor	v2, v2, v0		# vpxor		%xmm0,	%xmm2,	%xmm2		# 3 = jo
+	vperm	v4, v15, v9, v3		# vpshufb	%xmm3,	%xmm13,	%xmm4		# 4 = sbou
+	vperm	v1, v14, v9, v2		# vpshufb	%xmm2,	%xmm12,	%xmm1		# 0 = sb1t
+	vxor	v1, v1, v4		# vpxor		%xmm4,	%xmm1,	%xmm1		# 0 = sbox output
+
+	# add in smeared stuff
+	vxor	v0, v1, v7		# vpxor		%xmm7,	%xmm1,	%xmm0
+	vxor	v7, v1, v7		# vmovdqa	%xmm0,	%xmm7
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+
+##
+##  .aes_schedule_transform
+##
+##  Linear-transform %xmm0 according to tables at (%r11)
+##
+##  Requires that %xmm9 = 0x0F0F... as in preheat
+##  Output in %xmm0
+##  Clobbers %xmm2
+##
+.align	4
+_vpaes_schedule_transform:
+	#vand	v1, v0, v9		# vpand		%xmm9,	%xmm0,	%xmm1
+	vsrb	v2, v0, v8		# vpsrlb	\$4,	%xmm0,	%xmm0
+					# vmovdqa	(%r11),	%xmm2 	# lo
+	vperm	v0, $iptlo, $iptlo, v0	# vpshufb	%xmm1,	%xmm2,	%xmm2
+					# vmovdqa	16(%r11),	%xmm1 # hi
+	vperm	v2, $ipthi, $ipthi, v2	# vpshufb	%xmm0,	%xmm1,	%xmm0
+	vxor	v0, v0, v2		# vpxor		%xmm2,	%xmm0,	%xmm0
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+
+##
+##  .aes_schedule_mangle
+##
+##  Mangle xmm0 from (basis-transformed) standard version
+##  to our version.
+##
+##  On encrypt,
+##    xor with 0x63
+##    multiply by circulant 0,1,1,1
+##    apply shiftrows transform
+##
+##  On decrypt,
+##    xor with 0x63
+##    multiply by "inverse mixcolumns" circulant E,B,D,9
+##    deskew
+##    apply shiftrows transform
+##
+##
+##  Writes out to (%rdx), and increments or decrements it
+##  Keeps track of round number mod 4 in %r8
+##  Preserves xmm0
+##  Clobbers xmm1-xmm5
+##
+.align	4
+_vpaes_schedule_mangle:
+	#vmr	v4, v0			# vmovdqa	%xmm0,	%xmm4	# save xmm0 for later
+					# vmovdqa	.Lk_mc_forward(%rip),%xmm5
+	bne	$dir, Lschedule_mangle_dec
+
+	# encrypting
+	vxor	v4, v0, v26		# vpxor	.Lk_s63(%rip),	%xmm0,	%xmm4
+	addi	$out, $out, 16		# add	\$16,	%rdx
+	vperm	v4, v4, v4, v25		# vpshufb	%xmm5,	%xmm4,	%xmm4
+	vperm	v1, v4, v4, v25		# vpshufb	%xmm5,	%xmm4,	%xmm1
+	vperm	v3, v1, v1, v25		# vpshufb	%xmm5,	%xmm1,	%xmm3
+	vxor	v4, v4, v1		# vpxor		%xmm1,	%xmm4,	%xmm4
+	lvx	v1, r8, r10		# vmovdqa	(%r8,%r10),	%xmm1
+	vxor	v3, v3, v4		# vpxor		%xmm4,	%xmm3,	%xmm3
+
+	vperm	v3, v3, v3, v1		# vpshufb	%xmm1,	%xmm3,	%xmm3
+	addi	r8, r8, -16		# add	\$-16,	%r8
+	andi.	r8, r8, 0x30		# and	\$0x30,	%r8
+
+	#stvx	v3, 0, $out		# vmovdqu	%xmm3,	(%rdx)
+	vperm	v1, v3, v3, $outperm	# rotate right/left
+	vsel	v2, $outhead, v1, $outmask
+	vmr	$outhead, v1
+	stvx	v2, 0, $out
+	blr
+
+.align	4
+Lschedule_mangle_dec:
+	# inverse mix columns
+					# lea	.Lk_dksd(%rip),%r11
+	vsrb	v1, v0, v8		# vpsrlb	\$4,	%xmm4,	%xmm1	# 1 = hi
+	#and	v4, v0, v9		# vpand		%xmm9,	%xmm4,	%xmm4	# 4 = lo
+
+					# vmovdqa	0x00(%r11),	%xmm2
+	vperm	v2, v16, v16, v0	# vpshufb	%xmm4,	%xmm2,	%xmm2
+					# vmovdqa	0x10(%r11),	%xmm3
+	vperm	v3, v17, v17, v1	# vpshufb	%xmm1,	%xmm3,	%xmm3
+	vxor	v3, v3, v2		# vpxor		%xmm2,	%xmm3,	%xmm3
+	vperm	v3, v3, v9, v25		# vpshufb	%xmm5,	%xmm3,	%xmm3
+
+					# vmovdqa	0x20(%r11),	%xmm2
+	vperm	v2, v18, v18, v0	# vpshufb	%xmm4,	%xmm2,	%xmm2
+	vxor	v2, v2, v3		# vpxor		%xmm3,	%xmm2,	%xmm2
+					# vmovdqa	0x30(%r11),	%xmm3
+	vperm	v3, v19, v19, v1	# vpshufb	%xmm1,	%xmm3,	%xmm3
+	vxor	v3, v3, v2		# vpxor		%xmm2,	%xmm3,	%xmm3
+	vperm	v3, v3, v9, v25		# vpshufb	%xmm5,	%xmm3,	%xmm3
+
+					# vmovdqa	0x40(%r11),	%xmm2
+	vperm	v2, v20, v20, v0	# vpshufb	%xmm4,	%xmm2,	%xmm2
+	vxor	v2, v2, v3		# vpxor		%xmm3,	%xmm2,	%xmm2
+					# vmovdqa	0x50(%r11),	%xmm3
+	vperm	v3, v21, v21, v1	# vpshufb	%xmm1,	%xmm3,	%xmm3
+	vxor	v3, v3, v2		# vpxor		%xmm2,	%xmm3,	%xmm3
+
+					# vmovdqa	0x60(%r11),	%xmm2
+	vperm	v2, v22, v22, v0	# vpshufb	%xmm4,	%xmm2,	%xmm2
+	vperm	v3, v3, v9, v25		# vpshufb	%xmm5,	%xmm3,	%xmm3
+					# vmovdqa	0x70(%r11),	%xmm4
+	vperm	v4, v23, v23, v1	# vpshufb	%xmm1,	%xmm4,	%xmm4
+	lvx	v1, r8, r10		# vmovdqa	(%r8,%r10),	%xmm1
+	vxor	v2, v2, v3		# vpxor		%xmm3,	%xmm2,	%xmm2
+	vxor	v3, v4, v2		# vpxor		%xmm2,	%xmm4,	%xmm3
+
+	addi	$out, $out, -16		# add	\$-16,	%rdx
+
+	vperm	v3, v3, v3, v1		# vpshufb	%xmm1,	%xmm3,	%xmm3
+	addi	r8, r8, -16		# add	\$-16,	%r8
+	andi.	r8, r8, 0x30		# and	\$0x30,	%r8
+
+	#stvx	v3, 0, $out		# vmovdqu	%xmm3,	(%rdx)
+	vperm	v1, v3, v3, $outperm	# rotate right/left
+	vsel	v2, $outhead, v1, $outmask
+	vmr	$outhead, v1
+	stvx	v2, 0, $out
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+
+.globl	.vpaes_set_encrypt_key
+.align	5
+.vpaes_set_encrypt_key:
+	$STU	$sp,-$FRAME($sp)
+	li	r10,`15+6*$SIZE_T`
+	li	r11,`31+6*$SIZE_T`
+	mflr	r0
+	mfspr	r6, 256			# save vrsave
+	stvx	v20,r10,$sp
+	addi	r10,r10,32
+	stvx	v21,r11,$sp
+	addi	r11,r11,32
+	stvx	v22,r10,$sp
+	addi	r10,r10,32
+	stvx	v23,r11,$sp
+	addi	r11,r11,32
+	stvx	v24,r10,$sp
+	addi	r10,r10,32
+	stvx	v25,r11,$sp
+	addi	r11,r11,32
+	stvx	v26,r10,$sp
+	addi	r10,r10,32
+	stvx	v27,r11,$sp
+	addi	r11,r11,32
+	stvx	v28,r10,$sp
+	addi	r10,r10,32
+	stvx	v29,r11,$sp
+	addi	r11,r11,32
+	stvx	v30,r10,$sp
+	stvx	v31,r11,$sp
+	stw	r6,`$FRAME-4`($sp)	# save vrsave
+	li	r7, -1
+	$PUSH	r0, `$FRAME+$LRSAVE`($sp)
+	mtspr	256, r7			# preserve all AltiVec registers
+
+	srwi	r9, $bits, 5		# shr	\$5,%eax
+	addi	r9, r9, 6		# add	\$5,%eax
+	stw	r9, 240($out)		# mov	%eax,240(%rdx)	# AES_KEY->rounds = nbits/32+5;
+
+	cmplw	$dir, $bits, $bits	# set encrypt direction
+	li	r8, 0x30		# mov	\$0x30,%r8d
+	bl	_vpaes_schedule_core
+
+	$POP	r0, `$FRAME+$LRSAVE`($sp)
+	li	r10,`15+6*$SIZE_T`
+	li	r11,`31+6*$SIZE_T`
+	mtspr	256, r6			# restore vrsave
+	mtlr	r0
+	xor	r3, r3, r3
+	lvx	v20,r10,$sp
+	addi	r10,r10,32
+	lvx	v21,r11,$sp
+	addi	r11,r11,32
+	lvx	v22,r10,$sp
+	addi	r10,r10,32
+	lvx	v23,r11,$sp
+	addi	r11,r11,32
+	lvx	v24,r10,$sp
+	addi	r10,r10,32
+	lvx	v25,r11,$sp
+	addi	r11,r11,32
+	lvx	v26,r10,$sp
+	addi	r10,r10,32
+	lvx	v27,r11,$sp
+	addi	r11,r11,32
+	lvx	v28,r10,$sp
+	addi	r10,r10,32
+	lvx	v29,r11,$sp
+	addi	r11,r11,32
+	lvx	v30,r10,$sp
+	lvx	v31,r11,$sp
+	addi	$sp,$sp,$FRAME
+	blr
+	.long	0
+	.byte	0,12,0x04,1,0x80,0,3,0
+	.long	0
+.size	.vpaes_set_encrypt_key,.-.vpaes_set_encrypt_key
+
+.globl	.vpaes_set_decrypt_key
+.align	4
+.vpaes_set_decrypt_key:
+	$STU	$sp,-$FRAME($sp)
+	li	r10,`15+6*$SIZE_T`
+	li	r11,`31+6*$SIZE_T`
+	mflr	r0
+	mfspr	r6, 256			# save vrsave
+	stvx	v20,r10,$sp
+	addi	r10,r10,32
+	stvx	v21,r11,$sp
+	addi	r11,r11,32
+	stvx	v22,r10,$sp
+	addi	r10,r10,32
+	stvx	v23,r11,$sp
+	addi	r11,r11,32
+	stvx	v24,r10,$sp
+	addi	r10,r10,32
+	stvx	v25,r11,$sp
+	addi	r11,r11,32
+	stvx	v26,r10,$sp
+	addi	r10,r10,32
+	stvx	v27,r11,$sp
+	addi	r11,r11,32
+	stvx	v28,r10,$sp
+	addi	r10,r10,32
+	stvx	v29,r11,$sp
+	addi	r11,r11,32
+	stvx	v30,r10,$sp
+	stvx	v31,r11,$sp
+	stw	r6,`$FRAME-4`($sp)	# save vrsave
+	li	r7, -1
+	$PUSH	r0, `$FRAME+$LRSAVE`($sp)
+	mtspr	256, r7			# preserve all AltiVec registers
+
+	srwi	r9, $bits, 5		# shr	\$5,%eax
+	addi	r9, r9, 6		# add	\$5,%eax
+	stw	r9, 240($out)		# mov	%eax,240(%rdx)	# AES_KEY->rounds = nbits/32+5;
+
+	slwi	r9, r9, 4		# shl	\$4,%eax
+	add	$out, $out, r9		# lea	(%rdx,%rax),%rdx
+
+	cmplwi	$dir, $bits, 0		# set decrypt direction
+	srwi	r8, $bits, 1		# shr	\$1,%r8d
+	andi.	r8, r8, 32		# and	\$32,%r8d
+	xori	r8, r8, 32		# xor	\$32,%r8d	# nbits==192?0:32
+	bl	_vpaes_schedule_core
+
+	$POP	r0,  `$FRAME+$LRSAVE`($sp)
+	li	r10,`15+6*$SIZE_T`
+	li	r11,`31+6*$SIZE_T`
+	mtspr	256, r6			# restore vrsave
+	mtlr	r0
+	xor	r3, r3, r3
+	lvx	v20,r10,$sp
+	addi	r10,r10,32
+	lvx	v21,r11,$sp
+	addi	r11,r11,32
+	lvx	v22,r10,$sp
+	addi	r10,r10,32
+	lvx	v23,r11,$sp
+	addi	r11,r11,32
+	lvx	v24,r10,$sp
+	addi	r10,r10,32
+	lvx	v25,r11,$sp
+	addi	r11,r11,32
+	lvx	v26,r10,$sp
+	addi	r10,r10,32
+	lvx	v27,r11,$sp
+	addi	r11,r11,32
+	lvx	v28,r10,$sp
+	addi	r10,r10,32
+	lvx	v29,r11,$sp
+	addi	r11,r11,32
+	lvx	v30,r10,$sp
+	lvx	v31,r11,$sp
+	addi	$sp,$sp,$FRAME
+	blr
+	.long	0
+	.byte	0,12,0x04,1,0x80,0,3,0
+	.long	0
+.size	.vpaes_set_decrypt_key,.-.vpaes_set_decrypt_key
+___
+}
+
+my $consts=1;
+foreach  (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/geo;
+
+	# constants table endian-specific conversion
+	if ($consts && m/\.long\s+(.+)\s+(\?[a-z]*)$/o) {
+	    my $conv=$2;
+	    my @bytes=();
+
+	    # convert to endian-agnostic format
+	    foreach (split(/,\s+/,$1)) {
+		my $l = /^0/?oct:int;
+		push @bytes,($l>>24)&0xff,($l>>16)&0xff,($l>>8)&0xff,$l&0xff;
+	    }
+
+	    # little-endian conversion
+	    if ($flavour =~ /le$/o) {
+		SWITCH: for($conv)  {
+		    /\?inv/ && do   { @bytes=map($_^0xf,@bytes); last; };
+		    /\?rev/ && do   { @bytes=reverse(@bytes);    last; };
+		}
+	    }
+
+	    #emit
+	    print ".byte\t",join(',',map (sprintf("0x%02x",$_),@bytes)),"\n";
+	    next;
+	}
+	$consts=0 if (m/Lconsts:/o);	# end of table
+
+	# instructions prefixed with '?' are endian-specific and need
+	# to be adjusted accordingly...
+	if ($flavour =~ /le$/o) {	# little-endian
+	    s/\?lvsr/lvsl/o or
+	    s/\?lvsl/lvsr/o or
+	    s/\?(vperm\s+v[0-9]+,\s*)(v[0-9]+,\s*)(v[0-9]+,\s*)(v[0-9]+)/$1$3$2$4/o or
+	    s/\?(vsldoi\s+v[0-9]+,\s*)(v[0-9]+,)\s*(v[0-9]+,\s*)([0-9]+)/$1$3$2 16-$4/o or
+	    s/\?(vspltw\s+v[0-9]+,\s*)(v[0-9]+,)\s*([0-9])/$1$2 3-$3/o;
+	} else {			# big-endian
+	    s/\?([a-z]+)/$1/o;
+	}
+
+	print $_,"\n";
+}
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/vpaes-x86.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/vpaes-x86.pl
new file mode 100644
index 000000000..7d57edc0e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/vpaes-x86.pl
@@ -0,0 +1,916 @@
+#! /usr/bin/env perl
+# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+######################################################################
+## Constant-time SSSE3 AES core implementation.
+## version 0.1
+##
+## By Mike Hamburg (Stanford University), 2009
+## Public domain.
+##
+## For details see http://shiftleft.org/papers/vector_aes/ and
+## http://crypto.stanford.edu/vpaes/.
+
+######################################################################
+# September 2011.
+#
+# Port vpaes-x86_64.pl as 32-bit "almost" drop-in replacement for
+# aes-586.pl. "Almost" refers to the fact that AES_cbc_encrypt
+# doesn't handle partial vectors (doesn't have to if called from
+# EVP only). "Drop-in" implies that this module doesn't share key
+# schedule structure with the original nor does it make assumption
+# about its alignment...
+#
+# Performance summary. aes-586.pl column lists large-block CBC
+# encrypt/decrypt/with-hyper-threading-off(*) results in cycles per
+# byte processed with 128-bit key, and vpaes-x86.pl column - [also
+# large-block CBC] encrypt/decrypt.
+#
+#		aes-586.pl		vpaes-x86.pl
+#
+# Core 2(**)	28.1/41.4/18.3		21.9/25.2(***)
+# Nehalem	27.9/40.4/18.1		10.2/11.9
+# Atom		70.7/92.1/60.1		61.1/75.4(***)
+# Silvermont	45.4/62.9/24.1		49.2/61.1(***)
+#
+# (*)	"Hyper-threading" in the context refers rather to cache shared
+#	among multiple cores, than to specifically Intel HTT. As vast
+#	majority of contemporary cores share cache, slower code path
+#	is common place. In other words "with-hyper-threading-off"
+#	results are presented mostly for reference purposes.
+#
+# (**)	"Core 2" refers to initial 65nm design, a.k.a. Conroe.
+#
+# (***)	Less impressive improvement on Core 2 and Atom is due to slow
+#	pshufb,	yet it's respectable +28%/64%  improvement on Core 2
+#	and +15% on Atom (as implied, over "hyper-threading-safe"
+#	code path).
+#
+#						<appro@openssl.org>
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+
+$output = pop;
+open OUT,">$output";
+*STDOUT=*OUT;
+
+&asm_init($ARGV[0],$x86only = $ARGV[$#ARGV] eq "386");
+
+$PREFIX="vpaes";
+
+my  ($round, $base, $magic, $key, $const, $inp, $out)=
+    ("eax",  "ebx", "ecx",  "edx","ebp",  "esi","edi");
+
+&static_label("_vpaes_consts");
+&static_label("_vpaes_schedule_low_round");
+
+&set_label("_vpaes_consts",64);
+$k_inv=-0x30;		# inv, inva
+	&data_word(0x0D080180,0x0E05060F,0x0A0B0C02,0x04070309);
+	&data_word(0x0F0B0780,0x01040A06,0x02050809,0x030D0E0C);
+
+$k_s0F=-0x10;		# s0F
+	&data_word(0x0F0F0F0F,0x0F0F0F0F,0x0F0F0F0F,0x0F0F0F0F);
+
+$k_ipt=0x00;		# input transform (lo, hi)
+	&data_word(0x5A2A7000,0xC2B2E898,0x52227808,0xCABAE090);
+	&data_word(0x317C4D00,0x4C01307D,0xB0FDCC81,0xCD80B1FC);
+
+$k_sb1=0x20;		# sb1u, sb1t
+	&data_word(0xCB503E00,0xB19BE18F,0x142AF544,0xA5DF7A6E);
+	&data_word(0xFAE22300,0x3618D415,0x0D2ED9EF,0x3BF7CCC1);
+$k_sb2=0x40;		# sb2u, sb2t
+	&data_word(0x0B712400,0xE27A93C6,0xBC982FCD,0x5EB7E955);
+	&data_word(0x0AE12900,0x69EB8840,0xAB82234A,0xC2A163C8);
+$k_sbo=0x60;		# sbou, sbot
+	&data_word(0x6FBDC700,0xD0D26D17,0xC502A878,0x15AABF7A);
+	&data_word(0x5FBB6A00,0xCFE474A5,0x412B35FA,0x8E1E90D1);
+
+$k_mc_forward=0x80;	# mc_forward
+	&data_word(0x00030201,0x04070605,0x080B0A09,0x0C0F0E0D);
+	&data_word(0x04070605,0x080B0A09,0x0C0F0E0D,0x00030201);
+	&data_word(0x080B0A09,0x0C0F0E0D,0x00030201,0x04070605);
+	&data_word(0x0C0F0E0D,0x00030201,0x04070605,0x080B0A09);
+
+$k_mc_backward=0xc0;	# mc_backward
+	&data_word(0x02010003,0x06050407,0x0A09080B,0x0E0D0C0F);
+	&data_word(0x0E0D0C0F,0x02010003,0x06050407,0x0A09080B);
+	&data_word(0x0A09080B,0x0E0D0C0F,0x02010003,0x06050407);
+	&data_word(0x06050407,0x0A09080B,0x0E0D0C0F,0x02010003);
+
+$k_sr=0x100;		# sr
+	&data_word(0x03020100,0x07060504,0x0B0A0908,0x0F0E0D0C);
+	&data_word(0x0F0A0500,0x030E0904,0x07020D08,0x0B06010C);
+	&data_word(0x0B020900,0x0F060D04,0x030A0108,0x070E050C);
+	&data_word(0x070A0D00,0x0B0E0104,0x0F020508,0x0306090C);
+
+$k_rcon=0x140;		# rcon
+	&data_word(0xAF9DEEB6,0x1F8391B9,0x4D7C7D81,0x702A9808);
+
+$k_s63=0x150;		# s63: all equal to 0x63 transformed
+	&data_word(0x5B5B5B5B,0x5B5B5B5B,0x5B5B5B5B,0x5B5B5B5B);
+
+$k_opt=0x160;		# output transform
+	&data_word(0xD6B66000,0xFF9F4929,0xDEBE6808,0xF7974121);
+	&data_word(0x50BCEC00,0x01EDBD51,0xB05C0CE0,0xE10D5DB1);
+
+$k_deskew=0x180;	# deskew tables: inverts the sbox's "skew"
+	&data_word(0x47A4E300,0x07E4A340,0x5DBEF91A,0x1DFEB95A);
+	&data_word(0x83EA6900,0x5F36B5DC,0xF49D1E77,0x2841C2AB);
+##
+##  Decryption stuff
+##  Key schedule constants
+##
+$k_dksd=0x1a0;		# decryption key schedule: invskew x*D
+	&data_word(0xA3E44700,0xFEB91A5D,0x5A1DBEF9,0x0740E3A4);
+	&data_word(0xB5368300,0x41C277F4,0xAB289D1E,0x5FDC69EA);
+$k_dksb=0x1c0;		# decryption key schedule: invskew x*B
+	&data_word(0x8550D500,0x9A4FCA1F,0x1CC94C99,0x03D65386);
+	&data_word(0xB6FC4A00,0x115BEDA7,0x7E3482C8,0xD993256F);
+$k_dkse=0x1e0;		# decryption key schedule: invskew x*E + 0x63
+	&data_word(0x1FC9D600,0xD5031CCA,0x994F5086,0x53859A4C);
+	&data_word(0x4FDC7BE8,0xA2319605,0x20B31487,0xCD5EF96A);
+$k_dks9=0x200;		# decryption key schedule: invskew x*9
+	&data_word(0x7ED9A700,0xB6116FC8,0x82255BFC,0x4AED9334);
+	&data_word(0x27143300,0x45765162,0xE9DAFDCE,0x8BB89FAC);
+
+##
+##  Decryption stuff
+##  Round function constants
+##
+$k_dipt=0x220;		# decryption input transform
+	&data_word(0x0B545F00,0x0F505B04,0x114E451A,0x154A411E);
+	&data_word(0x60056500,0x86E383E6,0xF491F194,0x12771772);
+
+$k_dsb9=0x240;		# decryption sbox output *9*u, *9*t
+	&data_word(0x9A86D600,0x851C0353,0x4F994CC9,0xCAD51F50);
+	&data_word(0xECD74900,0xC03B1789,0xB2FBA565,0x725E2C9E);
+$k_dsbd=0x260;		# decryption sbox output *D*u, *D*t
+	&data_word(0xE6B1A200,0x7D57CCDF,0x882A4439,0xF56E9B13);
+	&data_word(0x24C6CB00,0x3CE2FAF7,0x15DEEFD3,0x2931180D);
+$k_dsbb=0x280;		# decryption sbox output *B*u, *B*t
+	&data_word(0x96B44200,0xD0226492,0xB0F2D404,0x602646F6);
+	&data_word(0xCD596700,0xC19498A6,0x3255AA6B,0xF3FF0C3E);
+$k_dsbe=0x2a0;		# decryption sbox output *E*u, *E*t
+	&data_word(0x26D4D000,0x46F29296,0x64B4F6B0,0x22426004);
+	&data_word(0xFFAAC100,0x0C55A6CD,0x98593E32,0x9467F36B);
+$k_dsbo=0x2c0;		# decryption sbox final output
+	&data_word(0x7EF94000,0x1387EA53,0xD4943E2D,0xC7AA6DB9);
+	&data_word(0x93441D00,0x12D7560F,0xD8C58E9C,0xCA4B8159);
+&asciz	("Vector Permutation AES for x86/SSSE3, Mike Hamburg (Stanford University)");
+&align	(64);
+
+&function_begin_B("_vpaes_preheat");
+	&add	($const,&DWP(0,"esp"));
+	&movdqa	("xmm7",&QWP($k_inv,$const));
+	&movdqa	("xmm6",&QWP($k_s0F,$const));
+	&ret	();
+&function_end_B("_vpaes_preheat");
+
+##
+##  _aes_encrypt_core
+##
+##  AES-encrypt %xmm0.
+##
+##  Inputs:
+##     %xmm0 = input
+##     %xmm6-%xmm7 as in _vpaes_preheat
+##    (%edx) = scheduled keys
+##
+##  Output in %xmm0
+##  Clobbers  %xmm1-%xmm5, %eax, %ebx, %ecx, %edx
+##
+##
+&function_begin_B("_vpaes_encrypt_core");
+	&mov	($magic,16);
+	&mov	($round,&DWP(240,$key));
+	&movdqa	("xmm1","xmm6")
+	&movdqa	("xmm2",&QWP($k_ipt,$const));
+	&pandn	("xmm1","xmm0");
+	&pand	("xmm0","xmm6");
+	&movdqu	("xmm5",&QWP(0,$key));
+	&pshufb	("xmm2","xmm0");
+	&movdqa	("xmm0",&QWP($k_ipt+16,$const));
+	&pxor	("xmm2","xmm5");
+	&psrld	("xmm1",4);
+	&add	($key,16);
+	&pshufb	("xmm0","xmm1");
+	&lea	($base,&DWP($k_mc_backward,$const));
+	&pxor	("xmm0","xmm2");
+	&jmp	(&label("enc_entry"));
+
+
+&set_label("enc_loop",16);
+	# middle of middle round
+	&movdqa	("xmm4",&QWP($k_sb1,$const));	# 4 : sb1u
+	&movdqa	("xmm0",&QWP($k_sb1+16,$const));# 0 : sb1t
+	&pshufb	("xmm4","xmm2");		# 4 = sb1u
+	&pshufb	("xmm0","xmm3");		# 0 = sb1t
+	&pxor	("xmm4","xmm5");		# 4 = sb1u + k
+	&movdqa	("xmm5",&QWP($k_sb2,$const));	# 4 : sb2u
+	&pxor	("xmm0","xmm4");		# 0 = A
+	&movdqa	("xmm1",&QWP(-0x40,$base,$magic));# .Lk_mc_forward[]
+	&pshufb	("xmm5","xmm2");		# 4 = sb2u
+	&movdqa	("xmm2",&QWP($k_sb2+16,$const));# 2 : sb2t
+	&movdqa	("xmm4",&QWP(0,$base,$magic));	# .Lk_mc_backward[]
+	&pshufb	("xmm2","xmm3");		# 2 = sb2t
+	&movdqa	("xmm3","xmm0");		# 3 = A
+	&pxor	("xmm2","xmm5");		# 2 = 2A
+	&pshufb	("xmm0","xmm1");		# 0 = B
+	&add	($key,16);			# next key
+	&pxor	("xmm0","xmm2");		# 0 = 2A+B
+	&pshufb	("xmm3","xmm4");		# 3 = D
+	&add	($magic,16);			# next mc
+	&pxor	("xmm3","xmm0");		# 3 = 2A+B+D
+	&pshufb	("xmm0","xmm1");		# 0 = 2B+C
+	&and	($magic,0x30);			# ... mod 4
+	&sub	($round,1);			# nr--
+	&pxor	("xmm0","xmm3");		# 0 = 2A+3B+C+D
+
+&set_label("enc_entry");
+	# top of round
+	&movdqa	("xmm1","xmm6");		# 1 : i
+	&movdqa	("xmm5",&QWP($k_inv+16,$const));# 2 : a/k
+	&pandn	("xmm1","xmm0");		# 1 = i<<4
+	&psrld	("xmm1",4);			# 1 = i
+	&pand	("xmm0","xmm6");		# 0 = k
+	&pshufb	("xmm5","xmm0");		# 2 = a/k
+	&movdqa	("xmm3","xmm7");		# 3 : 1/i
+	&pxor	("xmm0","xmm1");		# 0 = j
+	&pshufb	("xmm3","xmm1");		# 3 = 1/i
+	&movdqa	("xmm4","xmm7");		# 4 : 1/j
+	&pxor	("xmm3","xmm5");		# 3 = iak = 1/i + a/k
+	&pshufb	("xmm4","xmm0");		# 4 = 1/j
+	&movdqa	("xmm2","xmm7");		# 2 : 1/iak
+	&pxor	("xmm4","xmm5");		# 4 = jak = 1/j + a/k
+	&pshufb	("xmm2","xmm3");		# 2 = 1/iak
+	&movdqa	("xmm3","xmm7");		# 3 : 1/jak
+	&pxor	("xmm2","xmm0");		# 2 = io
+	&pshufb	("xmm3","xmm4");		# 3 = 1/jak
+	&movdqu	("xmm5",&QWP(0,$key));
+	&pxor	("xmm3","xmm1");		# 3 = jo
+	&jnz	(&label("enc_loop"));
+
+	# middle of last round
+	&movdqa	("xmm4",&QWP($k_sbo,$const));	# 3 : sbou      .Lk_sbo
+	&movdqa	("xmm0",&QWP($k_sbo+16,$const));# 3 : sbot      .Lk_sbo+16
+	&pshufb	("xmm4","xmm2");		# 4 = sbou
+	&pxor	("xmm4","xmm5");		# 4 = sb1u + k
+	&pshufb	("xmm0","xmm3");		# 0 = sb1t
+	&movdqa	("xmm1",&QWP(0x40,$base,$magic));# .Lk_sr[]
+	&pxor	("xmm0","xmm4");		# 0 = A
+	&pshufb	("xmm0","xmm1");
+	&ret	();
+&function_end_B("_vpaes_encrypt_core");
+
+##
+##  Decryption core
+##
+##  Same API as encryption core.
+##
+&function_begin_B("_vpaes_decrypt_core");
+	&lea	($base,&DWP($k_dsbd,$const));
+	&mov	($round,&DWP(240,$key));
+	&movdqa	("xmm1","xmm6");
+	&movdqa	("xmm2",&QWP($k_dipt-$k_dsbd,$base));
+	&pandn	("xmm1","xmm0");
+	&mov	($magic,$round);
+	&psrld	("xmm1",4)
+	&movdqu	("xmm5",&QWP(0,$key));
+	&shl	($magic,4);
+	&pand	("xmm0","xmm6");
+	&pshufb	("xmm2","xmm0");
+	&movdqa	("xmm0",&QWP($k_dipt-$k_dsbd+16,$base));
+	&xor	($magic,0x30);
+	&pshufb	("xmm0","xmm1");
+	&and	($magic,0x30);
+	&pxor	("xmm2","xmm5");
+	&movdqa	("xmm5",&QWP($k_mc_forward+48,$const));
+	&pxor	("xmm0","xmm2");
+	&add	($key,16);
+	&lea	($magic,&DWP($k_sr-$k_dsbd,$base,$magic));
+	&jmp	(&label("dec_entry"));
+
+&set_label("dec_loop",16);
+##
+##  Inverse mix columns
+##
+	&movdqa	("xmm4",&QWP(-0x20,$base));	# 4 : sb9u
+	&movdqa	("xmm1",&QWP(-0x10,$base));	# 0 : sb9t
+	&pshufb	("xmm4","xmm2");		# 4 = sb9u
+	&pshufb	("xmm1","xmm3");		# 0 = sb9t
+	&pxor	("xmm0","xmm4");
+	&movdqa	("xmm4",&QWP(0,$base));		# 4 : sbdu
+	&pxor	("xmm0","xmm1");		# 0 = ch
+	&movdqa	("xmm1",&QWP(0x10,$base));	# 0 : sbdt
+
+	&pshufb	("xmm4","xmm2");		# 4 = sbdu
+	&pshufb	("xmm0","xmm5");		# MC ch
+	&pshufb	("xmm1","xmm3");		# 0 = sbdt
+	&pxor	("xmm0","xmm4");		# 4 = ch
+	&movdqa	("xmm4",&QWP(0x20,$base));	# 4 : sbbu
+	&pxor	("xmm0","xmm1");		# 0 = ch
+	&movdqa	("xmm1",&QWP(0x30,$base));	# 0 : sbbt
+
+	&pshufb	("xmm4","xmm2");		# 4 = sbbu
+	&pshufb	("xmm0","xmm5");		# MC ch
+	&pshufb	("xmm1","xmm3");		# 0 = sbbt
+	&pxor	("xmm0","xmm4");		# 4 = ch
+	&movdqa	("xmm4",&QWP(0x40,$base));	# 4 : sbeu
+	&pxor	("xmm0","xmm1");		# 0 = ch
+	&movdqa	("xmm1",&QWP(0x50,$base));	# 0 : sbet
+
+	&pshufb	("xmm4","xmm2");		# 4 = sbeu
+	&pshufb	("xmm0","xmm5");		# MC ch
+	&pshufb	("xmm1","xmm3");		# 0 = sbet
+	&pxor	("xmm0","xmm4");		# 4 = ch
+	&add	($key,16);			# next round key
+	&palignr("xmm5","xmm5",12);
+	&pxor	("xmm0","xmm1");		# 0 = ch
+	&sub	($round,1);			# nr--
+
+&set_label("dec_entry");
+	# top of round
+	&movdqa	("xmm1","xmm6");		# 1 : i
+	&movdqa	("xmm2",&QWP($k_inv+16,$const));# 2 : a/k
+	&pandn	("xmm1","xmm0");		# 1 = i<<4
+	&pand	("xmm0","xmm6");		# 0 = k
+	&psrld	("xmm1",4);			# 1 = i
+	&pshufb	("xmm2","xmm0");		# 2 = a/k
+	&movdqa	("xmm3","xmm7");		# 3 : 1/i
+	&pxor	("xmm0","xmm1");		# 0 = j
+	&pshufb	("xmm3","xmm1");		# 3 = 1/i
+	&movdqa	("xmm4","xmm7");		# 4 : 1/j
+	&pxor	("xmm3","xmm2");		# 3 = iak = 1/i + a/k
+	&pshufb	("xmm4","xmm0");		# 4 = 1/j
+	&pxor	("xmm4","xmm2");		# 4 = jak = 1/j + a/k
+	&movdqa	("xmm2","xmm7");		# 2 : 1/iak
+	&pshufb	("xmm2","xmm3");		# 2 = 1/iak
+	&movdqa	("xmm3","xmm7");		# 3 : 1/jak
+	&pxor	("xmm2","xmm0");		# 2 = io
+	&pshufb	("xmm3","xmm4");		# 3 = 1/jak
+	&movdqu	("xmm0",&QWP(0,$key));
+	&pxor	("xmm3","xmm1");		# 3 = jo
+	&jnz	(&label("dec_loop"));
+
+	# middle of last round
+	&movdqa	("xmm4",&QWP(0x60,$base));	# 3 : sbou
+	&pshufb	("xmm4","xmm2");		# 4 = sbou
+	&pxor	("xmm4","xmm0");		# 4 = sb1u + k
+	&movdqa	("xmm0",&QWP(0x70,$base));	# 0 : sbot
+	&movdqa	("xmm2",&QWP(0,$magic));
+	&pshufb	("xmm0","xmm3");		# 0 = sb1t
+	&pxor	("xmm0","xmm4");		# 0 = A
+	&pshufb	("xmm0","xmm2");
+	&ret	();
+&function_end_B("_vpaes_decrypt_core");
+
+########################################################
+##                                                    ##
+##                  AES key schedule                  ##
+##                                                    ##
+########################################################
+&function_begin_B("_vpaes_schedule_core");
+	&add	($const,&DWP(0,"esp"));
+	&movdqu	("xmm0",&QWP(0,$inp));		# load key (unaligned)
+	&movdqa	("xmm2",&QWP($k_rcon,$const));	# load rcon
+
+	# input transform
+	&movdqa	("xmm3","xmm0");
+	&lea	($base,&DWP($k_ipt,$const));
+	&movdqa	(&QWP(4,"esp"),"xmm2");		# xmm8
+	&call	("_vpaes_schedule_transform");
+	&movdqa	("xmm7","xmm0");
+
+	&test	($out,$out);
+	&jnz	(&label("schedule_am_decrypting"));
+
+	# encrypting, output zeroth round key after transform
+	&movdqu	(&QWP(0,$key),"xmm0");
+	&jmp	(&label("schedule_go"));
+
+&set_label("schedule_am_decrypting");
+	# decrypting, output zeroth round key after shiftrows
+	&movdqa	("xmm1",&QWP($k_sr,$const,$magic));
+	&pshufb	("xmm3","xmm1");
+	&movdqu	(&QWP(0,$key),"xmm3");
+	&xor	($magic,0x30);
+
+&set_label("schedule_go");
+	&cmp	($round,192);
+	&ja	(&label("schedule_256"));
+	&je	(&label("schedule_192"));
+	# 128: fall though
+
+##
+##  .schedule_128
+##
+##  128-bit specific part of key schedule.
+##
+##  This schedule is really simple, because all its parts
+##  are accomplished by the subroutines.
+##
+&set_label("schedule_128");
+	&mov	($round,10);
+
+&set_label("loop_schedule_128");
+	&call	("_vpaes_schedule_round");
+	&dec	($round);
+	&jz	(&label("schedule_mangle_last"));
+	&call	("_vpaes_schedule_mangle");	# write output
+	&jmp	(&label("loop_schedule_128"));
+
+##
+##  .aes_schedule_192
+##
+##  192-bit specific part of key schedule.
+##
+##  The main body of this schedule is the same as the 128-bit
+##  schedule, but with more smearing.  The long, high side is
+##  stored in %xmm7 as before, and the short, low side is in
+##  the high bits of %xmm6.
+##
+##  This schedule is somewhat nastier, however, because each
+##  round produces 192 bits of key material, or 1.5 round keys.
+##  Therefore, on each cycle we do 2 rounds and produce 3 round
+##  keys.
+##
+&set_label("schedule_192",16);
+	&movdqu	("xmm0",&QWP(8,$inp));		# load key part 2 (very unaligned)
+	&call	("_vpaes_schedule_transform");	# input transform
+	&movdqa	("xmm6","xmm0");		# save short part
+	&pxor	("xmm4","xmm4");		# clear 4
+	&movhlps("xmm6","xmm4");		# clobber low side with zeros
+	&mov	($round,4);
+
+&set_label("loop_schedule_192");
+	&call	("_vpaes_schedule_round");
+	&palignr("xmm0","xmm6",8);
+	&call	("_vpaes_schedule_mangle");	# save key n
+	&call	("_vpaes_schedule_192_smear");
+	&call	("_vpaes_schedule_mangle");	# save key n+1
+	&call	("_vpaes_schedule_round");
+	&dec	($round);
+	&jz	(&label("schedule_mangle_last"));
+	&call	("_vpaes_schedule_mangle");	# save key n+2
+	&call	("_vpaes_schedule_192_smear");
+	&jmp	(&label("loop_schedule_192"));
+
+##
+##  .aes_schedule_256
+##
+##  256-bit specific part of key schedule.
+##
+##  The structure here is very similar to the 128-bit
+##  schedule, but with an additional "low side" in
+##  %xmm6.  The low side's rounds are the same as the
+##  high side's, except no rcon and no rotation.
+##
+&set_label("schedule_256",16);
+	&movdqu	("xmm0",&QWP(16,$inp));		# load key part 2 (unaligned)
+	&call	("_vpaes_schedule_transform");	# input transform
+	&mov	($round,7);
+
+&set_label("loop_schedule_256");
+	&call	("_vpaes_schedule_mangle");	# output low result
+	&movdqa	("xmm6","xmm0");		# save cur_lo in xmm6
+
+	# high round
+	&call	("_vpaes_schedule_round");
+	&dec	($round);
+	&jz	(&label("schedule_mangle_last"));
+	&call	("_vpaes_schedule_mangle");
+
+	# low round. swap xmm7 and xmm6
+	&pshufd	("xmm0","xmm0",0xFF);
+	&movdqa	(&QWP(20,"esp"),"xmm7");
+	&movdqa	("xmm7","xmm6");
+	&call	("_vpaes_schedule_low_round");
+	&movdqa	("xmm7",&QWP(20,"esp"));
+
+	&jmp	(&label("loop_schedule_256"));
+
+##
+##  .aes_schedule_mangle_last
+##
+##  Mangler for last round of key schedule
+##  Mangles %xmm0
+##    when encrypting, outputs out(%xmm0) ^ 63
+##    when decrypting, outputs unskew(%xmm0)
+##
+##  Always called right before return... jumps to cleanup and exits
+##
+&set_label("schedule_mangle_last",16);
+	# schedule last round key from xmm0
+	&lea	($base,&DWP($k_deskew,$const));
+	&test	($out,$out);
+	&jnz	(&label("schedule_mangle_last_dec"));
+
+	# encrypting
+	&movdqa	("xmm1",&QWP($k_sr,$const,$magic));
+	&pshufb	("xmm0","xmm1");		# output permute
+	&lea	($base,&DWP($k_opt,$const));	# prepare to output transform
+	&add	($key,32);
+
+&set_label("schedule_mangle_last_dec");
+	&add	($key,-16);
+	&pxor	("xmm0",&QWP($k_s63,$const));
+	&call	("_vpaes_schedule_transform");	# output transform
+	&movdqu	(&QWP(0,$key),"xmm0");		# save last key
+
+	# cleanup
+	&pxor	("xmm0","xmm0");
+	&pxor	("xmm1","xmm1");
+	&pxor	("xmm2","xmm2");
+	&pxor	("xmm3","xmm3");
+	&pxor	("xmm4","xmm4");
+	&pxor	("xmm5","xmm5");
+	&pxor	("xmm6","xmm6");
+	&pxor	("xmm7","xmm7");
+	&ret	();
+&function_end_B("_vpaes_schedule_core");
+
+##
+##  .aes_schedule_192_smear
+##
+##  Smear the short, low side in the 192-bit key schedule.
+##
+##  Inputs:
+##    %xmm7: high side, b  a  x  y
+##    %xmm6:  low side, d  c  0  0
+##    %xmm13: 0
+##
+##  Outputs:
+##    %xmm6: b+c+d  b+c  0  0
+##    %xmm0: b+c+d  b+c  b  a
+##
+&function_begin_B("_vpaes_schedule_192_smear");
+	&pshufd	("xmm1","xmm6",0x80);		# d c 0 0 -> c 0 0 0
+	&pshufd	("xmm0","xmm7",0xFE);		# b a _ _ -> b b b a
+	&pxor	("xmm6","xmm1");		# -> c+d c 0 0
+	&pxor	("xmm1","xmm1");
+	&pxor	("xmm6","xmm0");		# -> b+c+d b+c b a
+	&movdqa	("xmm0","xmm6");
+	&movhlps("xmm6","xmm1");		# clobber low side with zeros
+	&ret	();
+&function_end_B("_vpaes_schedule_192_smear");
+
+##
+##  .aes_schedule_round
+##
+##  Runs one main round of the key schedule on %xmm0, %xmm7
+##
+##  Specifically, runs subbytes on the high dword of %xmm0
+##  then rotates it by one byte and xors into the low dword of
+##  %xmm7.
+##
+##  Adds rcon from low byte of %xmm8, then rotates %xmm8 for
+##  next rcon.
+##
+##  Smears the dwords of %xmm7 by xoring the low into the
+##  second low, result into third, result into highest.
+##
+##  Returns results in %xmm7 = %xmm0.
+##  Clobbers %xmm1-%xmm5.
+##
+&function_begin_B("_vpaes_schedule_round");
+	# extract rcon from xmm8
+	&movdqa	("xmm2",&QWP(8,"esp"));		# xmm8
+	&pxor	("xmm1","xmm1");
+	&palignr("xmm1","xmm2",15);
+	&palignr("xmm2","xmm2",15);
+	&pxor	("xmm7","xmm1");
+
+	# rotate
+	&pshufd	("xmm0","xmm0",0xFF);
+	&palignr("xmm0","xmm0",1);
+
+	# fall through...
+	&movdqa	(&QWP(8,"esp"),"xmm2");		# xmm8
+
+	# low round: same as high round, but no rotation and no rcon.
+&set_label("_vpaes_schedule_low_round");
+	# smear xmm7
+	&movdqa	("xmm1","xmm7");
+	&pslldq	("xmm7",4);
+	&pxor	("xmm7","xmm1");
+	&movdqa	("xmm1","xmm7");
+	&pslldq	("xmm7",8);
+	&pxor	("xmm7","xmm1");
+	&pxor	("xmm7",&QWP($k_s63,$const));
+
+	# subbyte
+	&movdqa	("xmm4",&QWP($k_s0F,$const));
+	&movdqa	("xmm5",&QWP($k_inv,$const));	# 4 : 1/j
+	&movdqa	("xmm1","xmm4");
+	&pandn	("xmm1","xmm0");
+	&psrld	("xmm1",4);			# 1 = i
+	&pand	("xmm0","xmm4");		# 0 = k
+	&movdqa	("xmm2",&QWP($k_inv+16,$const));# 2 : a/k
+	&pshufb	("xmm2","xmm0");		# 2 = a/k
+	&pxor	("xmm0","xmm1");		# 0 = j
+	&movdqa	("xmm3","xmm5");		# 3 : 1/i
+	&pshufb	("xmm3","xmm1");		# 3 = 1/i
+	&pxor	("xmm3","xmm2");		# 3 = iak = 1/i + a/k
+	&movdqa	("xmm4","xmm5");		# 4 : 1/j
+	&pshufb	("xmm4","xmm0");		# 4 = 1/j
+	&pxor	("xmm4","xmm2");		# 4 = jak = 1/j + a/k
+	&movdqa	("xmm2","xmm5");		# 2 : 1/iak
+	&pshufb	("xmm2","xmm3");		# 2 = 1/iak
+	&pxor	("xmm2","xmm0");		# 2 = io
+	&movdqa	("xmm3","xmm5");		# 3 : 1/jak
+	&pshufb	("xmm3","xmm4");		# 3 = 1/jak
+	&pxor	("xmm3","xmm1");		# 3 = jo
+	&movdqa	("xmm4",&QWP($k_sb1,$const));	# 4 : sbou
+	&pshufb	("xmm4","xmm2");		# 4 = sbou
+	&movdqa	("xmm0",&QWP($k_sb1+16,$const));# 0 : sbot
+	&pshufb	("xmm0","xmm3");		# 0 = sb1t
+	&pxor	("xmm0","xmm4");		# 0 = sbox output
+
+	# add in smeared stuff
+	&pxor	("xmm0","xmm7");
+	&movdqa	("xmm7","xmm0");
+	&ret	();
+&function_end_B("_vpaes_schedule_round");
+
+##
+##  .aes_schedule_transform
+##
+##  Linear-transform %xmm0 according to tables at (%ebx)
+##
+##  Output in %xmm0
+##  Clobbers %xmm1, %xmm2
+##
+&function_begin_B("_vpaes_schedule_transform");
+	&movdqa	("xmm2",&QWP($k_s0F,$const));
+	&movdqa	("xmm1","xmm2");
+	&pandn	("xmm1","xmm0");
+	&psrld	("xmm1",4);
+	&pand	("xmm0","xmm2");
+	&movdqa	("xmm2",&QWP(0,$base));
+	&pshufb	("xmm2","xmm0");
+	&movdqa	("xmm0",&QWP(16,$base));
+	&pshufb	("xmm0","xmm1");
+	&pxor	("xmm0","xmm2");
+	&ret	();
+&function_end_B("_vpaes_schedule_transform");
+
+##
+##  .aes_schedule_mangle
+##
+##  Mangle xmm0 from (basis-transformed) standard version
+##  to our version.
+##
+##  On encrypt,
+##    xor with 0x63
+##    multiply by circulant 0,1,1,1
+##    apply shiftrows transform
+##
+##  On decrypt,
+##    xor with 0x63
+##    multiply by "inverse mixcolumns" circulant E,B,D,9
+##    deskew
+##    apply shiftrows transform
+##
+##
+##  Writes out to (%edx), and increments or decrements it
+##  Keeps track of round number mod 4 in %ecx
+##  Preserves xmm0
+##  Clobbers xmm1-xmm5
+##
+&function_begin_B("_vpaes_schedule_mangle");
+	&movdqa	("xmm4","xmm0");	# save xmm0 for later
+	&movdqa	("xmm5",&QWP($k_mc_forward,$const));
+	&test	($out,$out);
+	&jnz	(&label("schedule_mangle_dec"));
+
+	# encrypting
+	&add	($key,16);
+	&pxor	("xmm4",&QWP($k_s63,$const));
+	&pshufb	("xmm4","xmm5");
+	&movdqa	("xmm3","xmm4");
+	&pshufb	("xmm4","xmm5");
+	&pxor	("xmm3","xmm4");
+	&pshufb	("xmm4","xmm5");
+	&pxor	("xmm3","xmm4");
+
+	&jmp	(&label("schedule_mangle_both"));
+
+&set_label("schedule_mangle_dec",16);
+	# inverse mix columns
+	&movdqa	("xmm2",&QWP($k_s0F,$const));
+	&lea	($inp,&DWP($k_dksd,$const));
+	&movdqa	("xmm1","xmm2");
+	&pandn	("xmm1","xmm4");
+	&psrld	("xmm1",4);			# 1 = hi
+	&pand	("xmm4","xmm2");		# 4 = lo
+
+	&movdqa	("xmm2",&QWP(0,$inp));
+	&pshufb	("xmm2","xmm4");
+	&movdqa	("xmm3",&QWP(0x10,$inp));
+	&pshufb	("xmm3","xmm1");
+	&pxor	("xmm3","xmm2");
+	&pshufb	("xmm3","xmm5");
+
+	&movdqa	("xmm2",&QWP(0x20,$inp));
+	&pshufb	("xmm2","xmm4");
+	&pxor	("xmm2","xmm3");
+	&movdqa	("xmm3",&QWP(0x30,$inp));
+	&pshufb	("xmm3","xmm1");
+	&pxor	("xmm3","xmm2");
+	&pshufb	("xmm3","xmm5");
+
+	&movdqa	("xmm2",&QWP(0x40,$inp));
+	&pshufb	("xmm2","xmm4");
+	&pxor	("xmm2","xmm3");
+	&movdqa	("xmm3",&QWP(0x50,$inp));
+	&pshufb	("xmm3","xmm1");
+	&pxor	("xmm3","xmm2");
+	&pshufb	("xmm3","xmm5");
+
+	&movdqa	("xmm2",&QWP(0x60,$inp));
+	&pshufb	("xmm2","xmm4");
+	&pxor	("xmm2","xmm3");
+	&movdqa	("xmm3",&QWP(0x70,$inp));
+	&pshufb	("xmm3","xmm1");
+	&pxor	("xmm3","xmm2");
+
+	&add	($key,-16);
+
+&set_label("schedule_mangle_both");
+	&movdqa	("xmm1",&QWP($k_sr,$const,$magic));
+	&pshufb	("xmm3","xmm1");
+	&add	($magic,-16);
+	&and	($magic,0x30);
+	&movdqu	(&QWP(0,$key),"xmm3");
+	&ret	();
+&function_end_B("_vpaes_schedule_mangle");
+
+#
+# Interface to OpenSSL
+#
+&function_begin("${PREFIX}_set_encrypt_key");
+	&mov	($inp,&wparam(0));		# inp
+	&lea	($base,&DWP(-56,"esp"));
+	&mov	($round,&wparam(1));		# bits
+	&and	($base,-16);
+	&mov	($key,&wparam(2));		# key
+	&xchg	($base,"esp");			# alloca
+	&mov	(&DWP(48,"esp"),$base);
+
+	&mov	($base,$round);
+	&shr	($base,5);
+	&add	($base,5);
+	&mov	(&DWP(240,$key),$base);		# AES_KEY->rounds = nbits/32+5;
+	&mov	($magic,0x30);
+	&mov	($out,0);
+
+	&lea	($const,&DWP(&label("_vpaes_consts")."+0x30-".&label("pic_point")));
+	&call	("_vpaes_schedule_core");
+&set_label("pic_point");
+
+	&mov	("esp",&DWP(48,"esp"));
+	&xor	("eax","eax");
+&function_end("${PREFIX}_set_encrypt_key");
+
+&function_begin("${PREFIX}_set_decrypt_key");
+	&mov	($inp,&wparam(0));		# inp
+	&lea	($base,&DWP(-56,"esp"));
+	&mov	($round,&wparam(1));		# bits
+	&and	($base,-16);
+	&mov	($key,&wparam(2));		# key
+	&xchg	($base,"esp");			# alloca
+	&mov	(&DWP(48,"esp"),$base);
+
+	&mov	($base,$round);
+	&shr	($base,5);
+	&add	($base,5);
+	&mov	(&DWP(240,$key),$base);	# AES_KEY->rounds = nbits/32+5;
+	&shl	($base,4);
+	&lea	($key,&DWP(16,$key,$base));
+
+	&mov	($out,1);
+	&mov	($magic,$round);
+	&shr	($magic,1);
+	&and	($magic,32);
+	&xor	($magic,32);			# nbist==192?0:32;
+
+	&lea	($const,&DWP(&label("_vpaes_consts")."+0x30-".&label("pic_point")));
+	&call	("_vpaes_schedule_core");
+&set_label("pic_point");
+
+	&mov	("esp",&DWP(48,"esp"));
+	&xor	("eax","eax");
+&function_end("${PREFIX}_set_decrypt_key");
+
+&function_begin("${PREFIX}_encrypt");
+	&lea	($const,&DWP(&label("_vpaes_consts")."+0x30-".&label("pic_point")));
+	&call	("_vpaes_preheat");
+&set_label("pic_point");
+	&mov	($inp,&wparam(0));		# inp
+	&lea	($base,&DWP(-56,"esp"));
+	&mov	($out,&wparam(1));		# out
+	&and	($base,-16);
+	&mov	($key,&wparam(2));		# key
+	&xchg	($base,"esp");			# alloca
+	&mov	(&DWP(48,"esp"),$base);
+
+	&movdqu	("xmm0",&QWP(0,$inp));
+	&call	("_vpaes_encrypt_core");
+	&movdqu	(&QWP(0,$out),"xmm0");
+
+	&mov	("esp",&DWP(48,"esp"));
+&function_end("${PREFIX}_encrypt");
+
+&function_begin("${PREFIX}_decrypt");
+	&lea	($const,&DWP(&label("_vpaes_consts")."+0x30-".&label("pic_point")));
+	&call	("_vpaes_preheat");
+&set_label("pic_point");
+	&mov	($inp,&wparam(0));		# inp
+	&lea	($base,&DWP(-56,"esp"));
+	&mov	($out,&wparam(1));		# out
+	&and	($base,-16);
+	&mov	($key,&wparam(2));		# key
+	&xchg	($base,"esp");			# alloca
+	&mov	(&DWP(48,"esp"),$base);
+
+	&movdqu	("xmm0",&QWP(0,$inp));
+	&call	("_vpaes_decrypt_core");
+	&movdqu	(&QWP(0,$out),"xmm0");
+
+	&mov	("esp",&DWP(48,"esp"));
+&function_end("${PREFIX}_decrypt");
+
+&function_begin("${PREFIX}_cbc_encrypt");
+	&mov	($inp,&wparam(0));		# inp
+	&mov	($out,&wparam(1));		# out
+	&mov	($round,&wparam(2));		# len
+	&mov	($key,&wparam(3));		# key
+	&sub	($round,16);
+	&jc	(&label("cbc_abort"));
+	&lea	($base,&DWP(-56,"esp"));
+	&mov	($const,&wparam(4));		# ivp
+	&and	($base,-16);
+	&mov	($magic,&wparam(5));		# enc
+	&xchg	($base,"esp");			# alloca
+	&movdqu	("xmm1",&QWP(0,$const));	# load IV
+	&sub	($out,$inp);
+	&mov	(&DWP(48,"esp"),$base);
+
+	&mov	(&DWP(0,"esp"),$out);		# save out
+	&mov	(&DWP(4,"esp"),$key)		# save key
+	&mov	(&DWP(8,"esp"),$const);		# save ivp
+	&mov	($out,$round);			# $out works as $len
+
+	&lea	($const,&DWP(&label("_vpaes_consts")."+0x30-".&label("pic_point")));
+	&call	("_vpaes_preheat");
+&set_label("pic_point");
+	&cmp	($magic,0);
+	&je	(&label("cbc_dec_loop"));
+	&jmp	(&label("cbc_enc_loop"));
+
+&set_label("cbc_enc_loop",16);
+	&movdqu	("xmm0",&QWP(0,$inp));		# load input
+	&pxor	("xmm0","xmm1");		# inp^=iv
+	&call	("_vpaes_encrypt_core");
+	&mov	($base,&DWP(0,"esp"));		# restore out
+	&mov	($key,&DWP(4,"esp"));		# restore key
+	&movdqa	("xmm1","xmm0");
+	&movdqu	(&QWP(0,$base,$inp),"xmm0");	# write output
+	&lea	($inp,&DWP(16,$inp));
+	&sub	($out,16);
+	&jnc	(&label("cbc_enc_loop"));
+	&jmp	(&label("cbc_done"));
+
+&set_label("cbc_dec_loop",16);
+	&movdqu	("xmm0",&QWP(0,$inp));		# load input
+	&movdqa	(&QWP(16,"esp"),"xmm1");	# save IV
+	&movdqa	(&QWP(32,"esp"),"xmm0");	# save future IV
+	&call	("_vpaes_decrypt_core");
+	&mov	($base,&DWP(0,"esp"));		# restore out
+	&mov	($key,&DWP(4,"esp"));		# restore key
+	&pxor	("xmm0",&QWP(16,"esp"));	# out^=iv
+	&movdqa	("xmm1",&QWP(32,"esp"));	# load next IV
+	&movdqu	(&QWP(0,$base,$inp),"xmm0");	# write output
+	&lea	($inp,&DWP(16,$inp));
+	&sub	($out,16);
+	&jnc	(&label("cbc_dec_loop"));
+
+&set_label("cbc_done");
+	&mov	($base,&DWP(8,"esp"));		# restore ivp
+	&mov	("esp",&DWP(48,"esp"));
+	&movdqu	(&QWP(0,$base),"xmm1");		# write IV
+&set_label("cbc_abort");
+&function_end("${PREFIX}_cbc_encrypt");
+
+&asm_finish();
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/vpaes-x86_64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/vpaes-x86_64.pl
new file mode 100644
index 000000000..33d293e62
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/vpaes-x86_64.pl
@@ -0,0 +1,1241 @@
+#! /usr/bin/env perl
+# Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+######################################################################
+## Constant-time SSSE3 AES core implementation.
+## version 0.1
+##
+## By Mike Hamburg (Stanford University), 2009
+## Public domain.
+##
+## For details see http://shiftleft.org/papers/vector_aes/ and
+## http://crypto.stanford.edu/vpaes/.
+
+######################################################################
+# September 2011.
+#
+# Interface to OpenSSL as "almost" drop-in replacement for
+# aes-x86_64.pl. "Almost" refers to the fact that AES_cbc_encrypt
+# doesn't handle partial vectors (doesn't have to if called from
+# EVP only). "Drop-in" implies that this module doesn't share key
+# schedule structure with the original nor does it make assumption
+# about its alignment...
+#
+# Performance summary. aes-x86_64.pl column lists large-block CBC
+# encrypt/decrypt/with-hyper-threading-off(*) results in cycles per
+# byte processed with 128-bit key, and vpaes-x86_64.pl column -
+# [also large-block CBC] encrypt/decrypt.
+#
+#		aes-x86_64.pl		vpaes-x86_64.pl
+#
+# Core 2(**)	29.6/41.1/14.3		21.9/25.2(***)
+# Nehalem	29.6/40.3/14.6		10.0/11.8
+# Atom		57.3/74.2/32.1		60.9/77.2(***)
+# Silvermont	52.7/64.0/19.5		48.8/60.8(***)
+# Goldmont	38.9/49.0/17.8		10.6/12.6
+#
+# (*)	"Hyper-threading" in the context refers rather to cache shared
+#	among multiple cores, than to specifically Intel HTT. As vast
+#	majority of contemporary cores share cache, slower code path
+#	is common place. In other words "with-hyper-threading-off"
+#	results are presented mostly for reference purposes.
+#
+# (**)	"Core 2" refers to initial 65nm design, a.k.a. Conroe.
+#
+# (***)	Less impressive improvement on Core 2 and Atom is due to slow
+#	pshufb,	yet it's respectable +36%/62% improvement on Core 2
+#	(as implied, over "hyper-threading-safe" code path).
+#
+#						<appro@openssl.org>
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+$PREFIX="vpaes";
+
+$code.=<<___;
+.text
+
+##
+##  _aes_encrypt_core
+##
+##  AES-encrypt %xmm0.
+##
+##  Inputs:
+##     %xmm0 = input
+##     %xmm9-%xmm15 as in _vpaes_preheat
+##    (%rdx) = scheduled keys
+##
+##  Output in %xmm0
+##  Clobbers  %xmm1-%xmm5, %r9, %r10, %r11, %rax
+##  Preserves %xmm6 - %xmm8 so you get some local vectors
+##
+##
+.type	_vpaes_encrypt_core,\@abi-omnipotent
+.align 16
+_vpaes_encrypt_core:
+.cfi_startproc
+	mov	%rdx,	%r9
+	mov	\$16,	%r11
+	mov	240(%rdx),%eax
+	movdqa	%xmm9,	%xmm1
+	movdqa	.Lk_ipt(%rip), %xmm2	# iptlo
+	pandn	%xmm0,	%xmm1
+	movdqu	(%r9),	%xmm5		# round0 key
+	psrld	\$4,	%xmm1
+	pand	%xmm9,	%xmm0
+	pshufb	%xmm0,	%xmm2
+	movdqa	.Lk_ipt+16(%rip), %xmm0	# ipthi
+	pshufb	%xmm1,	%xmm0
+	pxor	%xmm5,	%xmm2
+	add	\$16,	%r9
+	pxor	%xmm2,	%xmm0
+	lea	.Lk_mc_backward(%rip),%r10
+	jmp	.Lenc_entry
+
+.align 16
+.Lenc_loop:
+	# middle of middle round
+	movdqa  %xmm13,	%xmm4	# 4 : sb1u
+	movdqa  %xmm12,	%xmm0	# 0 : sb1t
+	pshufb  %xmm2,	%xmm4	# 4 = sb1u
+	pshufb  %xmm3,	%xmm0	# 0 = sb1t
+	pxor	%xmm5,	%xmm4	# 4 = sb1u + k
+	movdqa  %xmm15,	%xmm5	# 4 : sb2u
+	pxor	%xmm4,	%xmm0	# 0 = A
+	movdqa	-0x40(%r11,%r10), %xmm1		# .Lk_mc_forward[]
+	pshufb	%xmm2,	%xmm5	# 4 = sb2u
+	movdqa	(%r11,%r10), %xmm4		# .Lk_mc_backward[]
+	movdqa	%xmm14, %xmm2	# 2 : sb2t
+	pshufb	%xmm3,  %xmm2	# 2 = sb2t
+	movdqa	%xmm0,  %xmm3	# 3 = A
+	pxor	%xmm5,	%xmm2	# 2 = 2A
+	pshufb  %xmm1,  %xmm0	# 0 = B
+	add	\$16,	%r9	# next key
+	pxor	%xmm2,  %xmm0	# 0 = 2A+B
+	pshufb	%xmm4,	%xmm3	# 3 = D
+	add	\$16,	%r11	# next mc
+	pxor	%xmm0,	%xmm3	# 3 = 2A+B+D
+	pshufb  %xmm1,	%xmm0	# 0 = 2B+C
+	and	\$0x30,	%r11	# ... mod 4
+	sub	\$1,%rax	# nr--
+	pxor	%xmm3,	%xmm0	# 0 = 2A+3B+C+D
+
+.Lenc_entry:
+	# top of round
+	movdqa  %xmm9, 	%xmm1	# 1 : i
+	movdqa	%xmm11, %xmm5	# 2 : a/k
+	pandn	%xmm0, 	%xmm1	# 1 = i<<4
+	psrld	\$4,   	%xmm1   # 1 = i
+	pand	%xmm9, 	%xmm0   # 0 = k
+	pshufb  %xmm0,  %xmm5	# 2 = a/k
+	movdqa	%xmm10,	%xmm3  	# 3 : 1/i
+	pxor	%xmm1,	%xmm0	# 0 = j
+	pshufb  %xmm1, 	%xmm3  	# 3 = 1/i
+	movdqa	%xmm10,	%xmm4  	# 4 : 1/j
+	pxor	%xmm5, 	%xmm3  	# 3 = iak = 1/i + a/k
+	pshufb	%xmm0, 	%xmm4  	# 4 = 1/j
+	movdqa	%xmm10,	%xmm2  	# 2 : 1/iak
+	pxor	%xmm5, 	%xmm4  	# 4 = jak = 1/j + a/k
+	pshufb  %xmm3,	%xmm2  	# 2 = 1/iak
+	movdqa	%xmm10, %xmm3   # 3 : 1/jak
+	pxor	%xmm0, 	%xmm2  	# 2 = io
+	pshufb  %xmm4,  %xmm3   # 3 = 1/jak
+	movdqu	(%r9),	%xmm5
+	pxor	%xmm1,  %xmm3   # 3 = jo
+	jnz	.Lenc_loop
+
+	# middle of last round
+	movdqa	-0x60(%r10), %xmm4	# 3 : sbou	.Lk_sbo
+	movdqa	-0x50(%r10), %xmm0	# 0 : sbot	.Lk_sbo+16
+	pshufb  %xmm2,  %xmm4	# 4 = sbou
+	pxor	%xmm5,  %xmm4	# 4 = sb1u + k
+	pshufb  %xmm3,	%xmm0	# 0 = sb1t
+	movdqa	0x40(%r11,%r10), %xmm1		# .Lk_sr[]
+	pxor	%xmm4,	%xmm0	# 0 = A
+	pshufb	%xmm1,	%xmm0
+	ret
+.cfi_endproc
+.size	_vpaes_encrypt_core,.-_vpaes_encrypt_core
+
+##
+##  Decryption core
+##
+##  Same API as encryption core.
+##
+.type	_vpaes_decrypt_core,\@abi-omnipotent
+.align	16
+_vpaes_decrypt_core:
+.cfi_startproc
+	mov	%rdx,	%r9		# load key
+	mov	240(%rdx),%eax
+	movdqa	%xmm9,	%xmm1
+	movdqa	.Lk_dipt(%rip), %xmm2	# iptlo
+	pandn	%xmm0,	%xmm1
+	mov	%rax,	%r11
+	psrld	\$4,	%xmm1
+	movdqu	(%r9),	%xmm5		# round0 key
+	shl	\$4,	%r11
+	pand	%xmm9,	%xmm0
+	pshufb	%xmm0,	%xmm2
+	movdqa	.Lk_dipt+16(%rip), %xmm0 # ipthi
+	xor	\$0x30,	%r11
+	lea	.Lk_dsbd(%rip),%r10
+	pshufb	%xmm1,	%xmm0
+	and	\$0x30,	%r11
+	pxor	%xmm5,	%xmm2
+	movdqa	.Lk_mc_forward+48(%rip), %xmm5
+	pxor	%xmm2,	%xmm0
+	add	\$16,	%r9
+	add	%r10,	%r11
+	jmp	.Ldec_entry
+
+.align 16
+.Ldec_loop:
+##
+##  Inverse mix columns
+##
+	movdqa  -0x20(%r10),%xmm4	# 4 : sb9u
+	movdqa  -0x10(%r10),%xmm1	# 0 : sb9t
+	pshufb	%xmm2,	%xmm4		# 4 = sb9u
+	pshufb	%xmm3,	%xmm1		# 0 = sb9t
+	pxor	%xmm4,	%xmm0
+	movdqa  0x00(%r10),%xmm4	# 4 : sbdu
+	pxor	%xmm1,	%xmm0		# 0 = ch
+	movdqa  0x10(%r10),%xmm1	# 0 : sbdt
+
+	pshufb	%xmm2,	%xmm4		# 4 = sbdu
+	pshufb	%xmm5,	%xmm0		# MC ch
+	pshufb	%xmm3,	%xmm1		# 0 = sbdt
+	pxor	%xmm4,	%xmm0		# 4 = ch
+	movdqa  0x20(%r10),%xmm4	# 4 : sbbu
+	pxor	%xmm1,	%xmm0		# 0 = ch
+	movdqa  0x30(%r10),%xmm1	# 0 : sbbt
+
+	pshufb	%xmm2,	%xmm4		# 4 = sbbu
+	pshufb	%xmm5,	%xmm0		# MC ch
+	pshufb	%xmm3,	%xmm1		# 0 = sbbt
+	pxor	%xmm4,	%xmm0		# 4 = ch
+	movdqa  0x40(%r10),%xmm4	# 4 : sbeu
+	pxor	%xmm1,	%xmm0		# 0 = ch
+	movdqa  0x50(%r10),%xmm1	# 0 : sbet
+
+	pshufb	%xmm2,	%xmm4		# 4 = sbeu
+	pshufb	%xmm5,	%xmm0		# MC ch
+	pshufb	%xmm3,	%xmm1		# 0 = sbet
+	pxor	%xmm4,	%xmm0		# 4 = ch
+	add	\$16, %r9		# next round key
+	palignr	\$12,	%xmm5,	%xmm5
+	pxor	%xmm1,	%xmm0		# 0 = ch
+	sub	\$1,%rax		# nr--
+
+.Ldec_entry:
+	# top of round
+	movdqa  %xmm9, 	%xmm1	# 1 : i
+	pandn	%xmm0, 	%xmm1	# 1 = i<<4
+	movdqa	%xmm11, %xmm2	# 2 : a/k
+	psrld	\$4,    %xmm1	# 1 = i
+	pand	%xmm9, 	%xmm0	# 0 = k
+	pshufb  %xmm0,  %xmm2	# 2 = a/k
+	movdqa	%xmm10,	%xmm3	# 3 : 1/i
+	pxor	%xmm1,	%xmm0	# 0 = j
+	pshufb  %xmm1, 	%xmm3	# 3 = 1/i
+	movdqa	%xmm10,	%xmm4	# 4 : 1/j
+	pxor	%xmm2, 	%xmm3	# 3 = iak = 1/i + a/k
+	pshufb	%xmm0, 	%xmm4	# 4 = 1/j
+	pxor	%xmm2, 	%xmm4	# 4 = jak = 1/j + a/k
+	movdqa	%xmm10,	%xmm2	# 2 : 1/iak
+	pshufb  %xmm3,	%xmm2	# 2 = 1/iak
+	movdqa	%xmm10, %xmm3	# 3 : 1/jak
+	pxor	%xmm0, 	%xmm2	# 2 = io
+	pshufb  %xmm4,  %xmm3	# 3 = 1/jak
+	movdqu	(%r9),	%xmm0
+	pxor	%xmm1,  %xmm3	# 3 = jo
+	jnz	.Ldec_loop
+
+	# middle of last round
+	movdqa	0x60(%r10), %xmm4	# 3 : sbou
+	pshufb  %xmm2,  %xmm4	# 4 = sbou
+	pxor	%xmm0,  %xmm4	# 4 = sb1u + k
+	movdqa	0x70(%r10), %xmm0	# 0 : sbot
+	movdqa	-0x160(%r11), %xmm2	# .Lk_sr-.Lk_dsbd=-0x160
+	pshufb  %xmm3,	%xmm0	# 0 = sb1t
+	pxor	%xmm4,	%xmm0	# 0 = A
+	pshufb	%xmm2,	%xmm0
+	ret
+.cfi_endproc
+.size	_vpaes_decrypt_core,.-_vpaes_decrypt_core
+
+########################################################
+##                                                    ##
+##                  AES key schedule                  ##
+##                                                    ##
+########################################################
+.type	_vpaes_schedule_core,\@abi-omnipotent
+.align	16
+_vpaes_schedule_core:
+.cfi_startproc
+	# rdi = key
+	# rsi = size in bits
+	# rdx = buffer
+	# rcx = direction.  0=encrypt, 1=decrypt
+
+	call	_vpaes_preheat		# load the tables
+	movdqa	.Lk_rcon(%rip), %xmm8	# load rcon
+	movdqu	(%rdi),	%xmm0		# load key (unaligned)
+
+	# input transform
+	movdqa	%xmm0,	%xmm3
+	lea	.Lk_ipt(%rip), %r11
+	call	_vpaes_schedule_transform
+	movdqa	%xmm0,	%xmm7
+
+	lea	.Lk_sr(%rip),%r10
+	test	%rcx,	%rcx
+	jnz	.Lschedule_am_decrypting
+
+	# encrypting, output zeroth round key after transform
+	movdqu	%xmm0,	(%rdx)
+	jmp	.Lschedule_go
+
+.Lschedule_am_decrypting:
+	# decrypting, output zeroth round key after shiftrows
+	movdqa	(%r8,%r10),%xmm1
+	pshufb  %xmm1,	%xmm3
+	movdqu	%xmm3,	(%rdx)
+	xor	\$0x30, %r8
+
+.Lschedule_go:
+	cmp	\$192,	%esi
+	ja	.Lschedule_256
+	je	.Lschedule_192
+	# 128: fall though
+
+##
+##  .schedule_128
+##
+##  128-bit specific part of key schedule.
+##
+##  This schedule is really simple, because all its parts
+##  are accomplished by the subroutines.
+##
+.Lschedule_128:
+	mov	\$10, %esi
+
+.Loop_schedule_128:
+	call 	_vpaes_schedule_round
+	dec	%rsi
+	jz 	.Lschedule_mangle_last
+	call	_vpaes_schedule_mangle	# write output
+	jmp 	.Loop_schedule_128
+
+##
+##  .aes_schedule_192
+##
+##  192-bit specific part of key schedule.
+##
+##  The main body of this schedule is the same as the 128-bit
+##  schedule, but with more smearing.  The long, high side is
+##  stored in %xmm7 as before, and the short, low side is in
+##  the high bits of %xmm6.
+##
+##  This schedule is somewhat nastier, however, because each
+##  round produces 192 bits of key material, or 1.5 round keys.
+##  Therefore, on each cycle we do 2 rounds and produce 3 round
+##  keys.
+##
+.align	16
+.Lschedule_192:
+	movdqu	8(%rdi),%xmm0		# load key part 2 (very unaligned)
+	call	_vpaes_schedule_transform	# input transform
+	movdqa	%xmm0,	%xmm6		# save short part
+	pxor	%xmm4,	%xmm4		# clear 4
+	movhlps	%xmm4,	%xmm6		# clobber low side with zeros
+	mov	\$4,	%esi
+
+.Loop_schedule_192:
+	call	_vpaes_schedule_round
+	palignr	\$8,%xmm6,%xmm0
+	call	_vpaes_schedule_mangle	# save key n
+	call	_vpaes_schedule_192_smear
+	call	_vpaes_schedule_mangle	# save key n+1
+	call	_vpaes_schedule_round
+	dec	%rsi
+	jz 	.Lschedule_mangle_last
+	call	_vpaes_schedule_mangle	# save key n+2
+	call	_vpaes_schedule_192_smear
+	jmp	.Loop_schedule_192
+
+##
+##  .aes_schedule_256
+##
+##  256-bit specific part of key schedule.
+##
+##  The structure here is very similar to the 128-bit
+##  schedule, but with an additional "low side" in
+##  %xmm6.  The low side's rounds are the same as the
+##  high side's, except no rcon and no rotation.
+##
+.align	16
+.Lschedule_256:
+	movdqu	16(%rdi),%xmm0		# load key part 2 (unaligned)
+	call	_vpaes_schedule_transform	# input transform
+	mov	\$7, %esi
+
+.Loop_schedule_256:
+	call	_vpaes_schedule_mangle	# output low result
+	movdqa	%xmm0,	%xmm6		# save cur_lo in xmm6
+
+	# high round
+	call	_vpaes_schedule_round
+	dec	%rsi
+	jz 	.Lschedule_mangle_last
+	call	_vpaes_schedule_mangle
+
+	# low round. swap xmm7 and xmm6
+	pshufd	\$0xFF,	%xmm0,	%xmm0
+	movdqa	%xmm7,	%xmm5
+	movdqa	%xmm6,	%xmm7
+	call	_vpaes_schedule_low_round
+	movdqa	%xmm5,	%xmm7
+
+	jmp	.Loop_schedule_256
+
+
+##
+##  .aes_schedule_mangle_last
+##
+##  Mangler for last round of key schedule
+##  Mangles %xmm0
+##    when encrypting, outputs out(%xmm0) ^ 63
+##    when decrypting, outputs unskew(%xmm0)
+##
+##  Always called right before return... jumps to cleanup and exits
+##
+.align	16
+.Lschedule_mangle_last:
+	# schedule last round key from xmm0
+	lea	.Lk_deskew(%rip),%r11	# prepare to deskew
+	test	%rcx, 	%rcx
+	jnz	.Lschedule_mangle_last_dec
+
+	# encrypting
+	movdqa	(%r8,%r10),%xmm1
+	pshufb	%xmm1,	%xmm0		# output permute
+	lea	.Lk_opt(%rip),	%r11	# prepare to output transform
+	add	\$32,	%rdx
+
+.Lschedule_mangle_last_dec:
+	add	\$-16,	%rdx
+	pxor	.Lk_s63(%rip),	%xmm0
+	call	_vpaes_schedule_transform # output transform
+	movdqu	%xmm0,	(%rdx)		# save last key
+
+	# cleanup
+	pxor	%xmm0,  %xmm0
+	pxor	%xmm1,  %xmm1
+	pxor	%xmm2,  %xmm2
+	pxor	%xmm3,  %xmm3
+	pxor	%xmm4,  %xmm4
+	pxor	%xmm5,  %xmm5
+	pxor	%xmm6,  %xmm6
+	pxor	%xmm7,  %xmm7
+	ret
+.cfi_endproc
+.size	_vpaes_schedule_core,.-_vpaes_schedule_core
+
+##
+##  .aes_schedule_192_smear
+##
+##  Smear the short, low side in the 192-bit key schedule.
+##
+##  Inputs:
+##    %xmm7: high side, b  a  x  y
+##    %xmm6:  low side, d  c  0  0
+##    %xmm13: 0
+##
+##  Outputs:
+##    %xmm6: b+c+d  b+c  0  0
+##    %xmm0: b+c+d  b+c  b  a
+##
+.type	_vpaes_schedule_192_smear,\@abi-omnipotent
+.align	16
+_vpaes_schedule_192_smear:
+.cfi_startproc
+	pshufd	\$0x80,	%xmm6,	%xmm1	# d c 0 0 -> c 0 0 0
+	pshufd	\$0xFE,	%xmm7,	%xmm0	# b a _ _ -> b b b a
+	pxor	%xmm1,	%xmm6		# -> c+d c 0 0
+	pxor	%xmm1,	%xmm1
+	pxor	%xmm0,	%xmm6		# -> b+c+d b+c b a
+	movdqa	%xmm6,	%xmm0
+	movhlps	%xmm1,	%xmm6		# clobber low side with zeros
+	ret
+.cfi_endproc
+.size	_vpaes_schedule_192_smear,.-_vpaes_schedule_192_smear
+
+##
+##  .aes_schedule_round
+##
+##  Runs one main round of the key schedule on %xmm0, %xmm7
+##
+##  Specifically, runs subbytes on the high dword of %xmm0
+##  then rotates it by one byte and xors into the low dword of
+##  %xmm7.
+##
+##  Adds rcon from low byte of %xmm8, then rotates %xmm8 for
+##  next rcon.
+##
+##  Smears the dwords of %xmm7 by xoring the low into the
+##  second low, result into third, result into highest.
+##
+##  Returns results in %xmm7 = %xmm0.
+##  Clobbers %xmm1-%xmm4, %r11.
+##
+.type	_vpaes_schedule_round,\@abi-omnipotent
+.align	16
+_vpaes_schedule_round:
+.cfi_startproc
+	# extract rcon from xmm8
+	pxor	%xmm1,	%xmm1
+	palignr	\$15,	%xmm8,	%xmm1
+	palignr	\$15,	%xmm8,	%xmm8
+	pxor	%xmm1,	%xmm7
+
+	# rotate
+	pshufd	\$0xFF,	%xmm0,	%xmm0
+	palignr	\$1,	%xmm0,	%xmm0
+
+	# fall through...
+
+	# low round: same as high round, but no rotation and no rcon.
+_vpaes_schedule_low_round:
+	# smear xmm7
+	movdqa	%xmm7,	%xmm1
+	pslldq	\$4,	%xmm7
+	pxor	%xmm1,	%xmm7
+	movdqa	%xmm7,	%xmm1
+	pslldq	\$8,	%xmm7
+	pxor	%xmm1,	%xmm7
+	pxor	.Lk_s63(%rip), %xmm7
+
+	# subbytes
+	movdqa  %xmm9, 	%xmm1
+	pandn	%xmm0, 	%xmm1
+	psrld	\$4,    %xmm1		# 1 = i
+	pand	%xmm9, 	%xmm0		# 0 = k
+	movdqa	%xmm11, %xmm2		# 2 : a/k
+	pshufb  %xmm0,  %xmm2		# 2 = a/k
+	pxor	%xmm1,	%xmm0		# 0 = j
+	movdqa	%xmm10,	%xmm3		# 3 : 1/i
+	pshufb  %xmm1, 	%xmm3		# 3 = 1/i
+	pxor	%xmm2, 	%xmm3		# 3 = iak = 1/i + a/k
+	movdqa	%xmm10,	%xmm4		# 4 : 1/j
+	pshufb	%xmm0, 	%xmm4		# 4 = 1/j
+	pxor	%xmm2, 	%xmm4		# 4 = jak = 1/j + a/k
+	movdqa	%xmm10,	%xmm2		# 2 : 1/iak
+	pshufb  %xmm3,	%xmm2		# 2 = 1/iak
+	pxor	%xmm0, 	%xmm2		# 2 = io
+	movdqa	%xmm10, %xmm3		# 3 : 1/jak
+	pshufb  %xmm4,  %xmm3		# 3 = 1/jak
+	pxor	%xmm1,  %xmm3		# 3 = jo
+	movdqa	%xmm13, %xmm4		# 4 : sbou
+	pshufb  %xmm2,  %xmm4		# 4 = sbou
+	movdqa	%xmm12, %xmm0		# 0 : sbot
+	pshufb  %xmm3,	%xmm0		# 0 = sb1t
+	pxor	%xmm4, 	%xmm0		# 0 = sbox output
+
+	# add in smeared stuff
+	pxor	%xmm7,	%xmm0
+	movdqa	%xmm0,	%xmm7
+	ret
+.cfi_endproc
+.size	_vpaes_schedule_round,.-_vpaes_schedule_round
+
+##
+##  .aes_schedule_transform
+##
+##  Linear-transform %xmm0 according to tables at (%r11)
+##
+##  Requires that %xmm9 = 0x0F0F... as in preheat
+##  Output in %xmm0
+##  Clobbers %xmm1, %xmm2
+##
+.type	_vpaes_schedule_transform,\@abi-omnipotent
+.align	16
+_vpaes_schedule_transform:
+.cfi_startproc
+	movdqa	%xmm9,	%xmm1
+	pandn	%xmm0,	%xmm1
+	psrld	\$4,	%xmm1
+	pand	%xmm9,	%xmm0
+	movdqa	(%r11), %xmm2 	# lo
+	pshufb	%xmm0,	%xmm2
+	movdqa	16(%r11), %xmm0 # hi
+	pshufb	%xmm1,	%xmm0
+	pxor	%xmm2,	%xmm0
+	ret
+.cfi_endproc
+.size	_vpaes_schedule_transform,.-_vpaes_schedule_transform
+
+##
+##  .aes_schedule_mangle
+##
+##  Mangle xmm0 from (basis-transformed) standard version
+##  to our version.
+##
+##  On encrypt,
+##    xor with 0x63
+##    multiply by circulant 0,1,1,1
+##    apply shiftrows transform
+##
+##  On decrypt,
+##    xor with 0x63
+##    multiply by "inverse mixcolumns" circulant E,B,D,9
+##    deskew
+##    apply shiftrows transform
+##
+##
+##  Writes out to (%rdx), and increments or decrements it
+##  Keeps track of round number mod 4 in %r8
+##  Preserves xmm0
+##  Clobbers xmm1-xmm5
+##
+.type	_vpaes_schedule_mangle,\@abi-omnipotent
+.align	16
+_vpaes_schedule_mangle:
+.cfi_startproc
+	movdqa	%xmm0,	%xmm4	# save xmm0 for later
+	movdqa	.Lk_mc_forward(%rip),%xmm5
+	test	%rcx, 	%rcx
+	jnz	.Lschedule_mangle_dec
+
+	# encrypting
+	add	\$16,	%rdx
+	pxor	.Lk_s63(%rip),%xmm4
+	pshufb	%xmm5,	%xmm4
+	movdqa	%xmm4,	%xmm3
+	pshufb	%xmm5,	%xmm4
+	pxor	%xmm4,	%xmm3
+	pshufb	%xmm5,	%xmm4
+	pxor	%xmm4,	%xmm3
+
+	jmp	.Lschedule_mangle_both
+.align	16
+.Lschedule_mangle_dec:
+	# inverse mix columns
+	lea	.Lk_dksd(%rip),%r11
+	movdqa	%xmm9,	%xmm1
+	pandn	%xmm4,	%xmm1
+	psrld	\$4,	%xmm1	# 1 = hi
+	pand	%xmm9,	%xmm4	# 4 = lo
+
+	movdqa	0x00(%r11), %xmm2
+	pshufb	%xmm4,	%xmm2
+	movdqa	0x10(%r11), %xmm3
+	pshufb	%xmm1,	%xmm3
+	pxor	%xmm2,	%xmm3
+	pshufb	%xmm5,	%xmm3
+
+	movdqa	0x20(%r11), %xmm2
+	pshufb	%xmm4,	%xmm2
+	pxor	%xmm3,	%xmm2
+	movdqa	0x30(%r11), %xmm3
+	pshufb	%xmm1,	%xmm3
+	pxor	%xmm2,	%xmm3
+	pshufb	%xmm5,	%xmm3
+
+	movdqa	0x40(%r11), %xmm2
+	pshufb	%xmm4,	%xmm2
+	pxor	%xmm3,	%xmm2
+	movdqa	0x50(%r11), %xmm3
+	pshufb	%xmm1,	%xmm3
+	pxor	%xmm2,	%xmm3
+	pshufb	%xmm5,	%xmm3
+
+	movdqa	0x60(%r11), %xmm2
+	pshufb	%xmm4,	%xmm2
+	pxor	%xmm3,	%xmm2
+	movdqa	0x70(%r11), %xmm3
+	pshufb	%xmm1,	%xmm3
+	pxor	%xmm2,	%xmm3
+
+	add	\$-16,	%rdx
+
+.Lschedule_mangle_both:
+	movdqa	(%r8,%r10),%xmm1
+	pshufb	%xmm1,%xmm3
+	add	\$-16,	%r8
+	and	\$0x30,	%r8
+	movdqu	%xmm3,	(%rdx)
+	ret
+.cfi_endproc
+.size	_vpaes_schedule_mangle,.-_vpaes_schedule_mangle
+
+#
+# Interface to OpenSSL
+#
+.globl	${PREFIX}_set_encrypt_key
+.type	${PREFIX}_set_encrypt_key,\@function,3
+.align	16
+${PREFIX}_set_encrypt_key:
+.cfi_startproc
+___
+$code.=<<___ if ($win64);
+	lea	-0xb8(%rsp),%rsp
+	movaps	%xmm6,0x10(%rsp)
+	movaps	%xmm7,0x20(%rsp)
+	movaps	%xmm8,0x30(%rsp)
+	movaps	%xmm9,0x40(%rsp)
+	movaps	%xmm10,0x50(%rsp)
+	movaps	%xmm11,0x60(%rsp)
+	movaps	%xmm12,0x70(%rsp)
+	movaps	%xmm13,0x80(%rsp)
+	movaps	%xmm14,0x90(%rsp)
+	movaps	%xmm15,0xa0(%rsp)
+.Lenc_key_body:
+___
+$code.=<<___;
+	mov	%esi,%eax
+	shr	\$5,%eax
+	add	\$5,%eax
+	mov	%eax,240(%rdx)	# AES_KEY->rounds = nbits/32+5;
+
+	mov	\$0,%ecx
+	mov	\$0x30,%r8d
+	call	_vpaes_schedule_core
+___
+$code.=<<___ if ($win64);
+	movaps	0x10(%rsp),%xmm6
+	movaps	0x20(%rsp),%xmm7
+	movaps	0x30(%rsp),%xmm8
+	movaps	0x40(%rsp),%xmm9
+	movaps	0x50(%rsp),%xmm10
+	movaps	0x60(%rsp),%xmm11
+	movaps	0x70(%rsp),%xmm12
+	movaps	0x80(%rsp),%xmm13
+	movaps	0x90(%rsp),%xmm14
+	movaps	0xa0(%rsp),%xmm15
+	lea	0xb8(%rsp),%rsp
+.Lenc_key_epilogue:
+___
+$code.=<<___;
+	xor	%eax,%eax
+	ret
+.cfi_endproc
+.size	${PREFIX}_set_encrypt_key,.-${PREFIX}_set_encrypt_key
+
+.globl	${PREFIX}_set_decrypt_key
+.type	${PREFIX}_set_decrypt_key,\@function,3
+.align	16
+${PREFIX}_set_decrypt_key:
+.cfi_startproc
+___
+$code.=<<___ if ($win64);
+	lea	-0xb8(%rsp),%rsp
+	movaps	%xmm6,0x10(%rsp)
+	movaps	%xmm7,0x20(%rsp)
+	movaps	%xmm8,0x30(%rsp)
+	movaps	%xmm9,0x40(%rsp)
+	movaps	%xmm10,0x50(%rsp)
+	movaps	%xmm11,0x60(%rsp)
+	movaps	%xmm12,0x70(%rsp)
+	movaps	%xmm13,0x80(%rsp)
+	movaps	%xmm14,0x90(%rsp)
+	movaps	%xmm15,0xa0(%rsp)
+.Ldec_key_body:
+___
+$code.=<<___;
+	mov	%esi,%eax
+	shr	\$5,%eax
+	add	\$5,%eax
+	mov	%eax,240(%rdx)	# AES_KEY->rounds = nbits/32+5;
+	shl	\$4,%eax
+	lea	16(%rdx,%rax),%rdx
+
+	mov	\$1,%ecx
+	mov	%esi,%r8d
+	shr	\$1,%r8d
+	and	\$32,%r8d
+	xor	\$32,%r8d	# nbits==192?0:32
+	call	_vpaes_schedule_core
+___
+$code.=<<___ if ($win64);
+	movaps	0x10(%rsp),%xmm6
+	movaps	0x20(%rsp),%xmm7
+	movaps	0x30(%rsp),%xmm8
+	movaps	0x40(%rsp),%xmm9
+	movaps	0x50(%rsp),%xmm10
+	movaps	0x60(%rsp),%xmm11
+	movaps	0x70(%rsp),%xmm12
+	movaps	0x80(%rsp),%xmm13
+	movaps	0x90(%rsp),%xmm14
+	movaps	0xa0(%rsp),%xmm15
+	lea	0xb8(%rsp),%rsp
+.Ldec_key_epilogue:
+___
+$code.=<<___;
+	xor	%eax,%eax
+	ret
+.cfi_endproc
+.size	${PREFIX}_set_decrypt_key,.-${PREFIX}_set_decrypt_key
+
+.globl	${PREFIX}_encrypt
+.type	${PREFIX}_encrypt,\@function,3
+.align	16
+${PREFIX}_encrypt:
+.cfi_startproc
+___
+$code.=<<___ if ($win64);
+	lea	-0xb8(%rsp),%rsp
+	movaps	%xmm6,0x10(%rsp)
+	movaps	%xmm7,0x20(%rsp)
+	movaps	%xmm8,0x30(%rsp)
+	movaps	%xmm9,0x40(%rsp)
+	movaps	%xmm10,0x50(%rsp)
+	movaps	%xmm11,0x60(%rsp)
+	movaps	%xmm12,0x70(%rsp)
+	movaps	%xmm13,0x80(%rsp)
+	movaps	%xmm14,0x90(%rsp)
+	movaps	%xmm15,0xa0(%rsp)
+.Lenc_body:
+___
+$code.=<<___;
+	movdqu	(%rdi),%xmm0
+	call	_vpaes_preheat
+	call	_vpaes_encrypt_core
+	movdqu	%xmm0,(%rsi)
+___
+$code.=<<___ if ($win64);
+	movaps	0x10(%rsp),%xmm6
+	movaps	0x20(%rsp),%xmm7
+	movaps	0x30(%rsp),%xmm8
+	movaps	0x40(%rsp),%xmm9
+	movaps	0x50(%rsp),%xmm10
+	movaps	0x60(%rsp),%xmm11
+	movaps	0x70(%rsp),%xmm12
+	movaps	0x80(%rsp),%xmm13
+	movaps	0x90(%rsp),%xmm14
+	movaps	0xa0(%rsp),%xmm15
+	lea	0xb8(%rsp),%rsp
+.Lenc_epilogue:
+___
+$code.=<<___;
+	ret
+.cfi_endproc
+.size	${PREFIX}_encrypt,.-${PREFIX}_encrypt
+
+.globl	${PREFIX}_decrypt
+.type	${PREFIX}_decrypt,\@function,3
+.align	16
+${PREFIX}_decrypt:
+.cfi_startproc
+___
+$code.=<<___ if ($win64);
+	lea	-0xb8(%rsp),%rsp
+	movaps	%xmm6,0x10(%rsp)
+	movaps	%xmm7,0x20(%rsp)
+	movaps	%xmm8,0x30(%rsp)
+	movaps	%xmm9,0x40(%rsp)
+	movaps	%xmm10,0x50(%rsp)
+	movaps	%xmm11,0x60(%rsp)
+	movaps	%xmm12,0x70(%rsp)
+	movaps	%xmm13,0x80(%rsp)
+	movaps	%xmm14,0x90(%rsp)
+	movaps	%xmm15,0xa0(%rsp)
+.Ldec_body:
+___
+$code.=<<___;
+	movdqu	(%rdi),%xmm0
+	call	_vpaes_preheat
+	call	_vpaes_decrypt_core
+	movdqu	%xmm0,(%rsi)
+___
+$code.=<<___ if ($win64);
+	movaps	0x10(%rsp),%xmm6
+	movaps	0x20(%rsp),%xmm7
+	movaps	0x30(%rsp),%xmm8
+	movaps	0x40(%rsp),%xmm9
+	movaps	0x50(%rsp),%xmm10
+	movaps	0x60(%rsp),%xmm11
+	movaps	0x70(%rsp),%xmm12
+	movaps	0x80(%rsp),%xmm13
+	movaps	0x90(%rsp),%xmm14
+	movaps	0xa0(%rsp),%xmm15
+	lea	0xb8(%rsp),%rsp
+.Ldec_epilogue:
+___
+$code.=<<___;
+	ret
+.cfi_endproc
+.size	${PREFIX}_decrypt,.-${PREFIX}_decrypt
+___
+{
+my ($inp,$out,$len,$key,$ivp,$enc)=("%rdi","%rsi","%rdx","%rcx","%r8","%r9");
+# void AES_cbc_encrypt (const void char *inp, unsigned char *out,
+#                       size_t length, const AES_KEY *key,
+#                       unsigned char *ivp,const int enc);
+$code.=<<___;
+.globl	${PREFIX}_cbc_encrypt
+.type	${PREFIX}_cbc_encrypt,\@function,6
+.align	16
+${PREFIX}_cbc_encrypt:
+.cfi_startproc
+	xchg	$key,$len
+___
+($len,$key)=($key,$len);
+$code.=<<___;
+	sub	\$16,$len
+	jc	.Lcbc_abort
+___
+$code.=<<___ if ($win64);
+	lea	-0xb8(%rsp),%rsp
+	movaps	%xmm6,0x10(%rsp)
+	movaps	%xmm7,0x20(%rsp)
+	movaps	%xmm8,0x30(%rsp)
+	movaps	%xmm9,0x40(%rsp)
+	movaps	%xmm10,0x50(%rsp)
+	movaps	%xmm11,0x60(%rsp)
+	movaps	%xmm12,0x70(%rsp)
+	movaps	%xmm13,0x80(%rsp)
+	movaps	%xmm14,0x90(%rsp)
+	movaps	%xmm15,0xa0(%rsp)
+.Lcbc_body:
+___
+$code.=<<___;
+	movdqu	($ivp),%xmm6		# load IV
+	sub	$inp,$out
+	call	_vpaes_preheat
+	cmp	\$0,${enc}d
+	je	.Lcbc_dec_loop
+	jmp	.Lcbc_enc_loop
+.align	16
+.Lcbc_enc_loop:
+	movdqu	($inp),%xmm0
+	pxor	%xmm6,%xmm0
+	call	_vpaes_encrypt_core
+	movdqa	%xmm0,%xmm6
+	movdqu	%xmm0,($out,$inp)
+	lea	16($inp),$inp
+	sub	\$16,$len
+	jnc	.Lcbc_enc_loop
+	jmp	.Lcbc_done
+.align	16
+.Lcbc_dec_loop:
+	movdqu	($inp),%xmm0
+	movdqa	%xmm0,%xmm7
+	call	_vpaes_decrypt_core
+	pxor	%xmm6,%xmm0
+	movdqa	%xmm7,%xmm6
+	movdqu	%xmm0,($out,$inp)
+	lea	16($inp),$inp
+	sub	\$16,$len
+	jnc	.Lcbc_dec_loop
+.Lcbc_done:
+	movdqu	%xmm6,($ivp)		# save IV
+___
+$code.=<<___ if ($win64);
+	movaps	0x10(%rsp),%xmm6
+	movaps	0x20(%rsp),%xmm7
+	movaps	0x30(%rsp),%xmm8
+	movaps	0x40(%rsp),%xmm9
+	movaps	0x50(%rsp),%xmm10
+	movaps	0x60(%rsp),%xmm11
+	movaps	0x70(%rsp),%xmm12
+	movaps	0x80(%rsp),%xmm13
+	movaps	0x90(%rsp),%xmm14
+	movaps	0xa0(%rsp),%xmm15
+	lea	0xb8(%rsp),%rsp
+.Lcbc_epilogue:
+___
+$code.=<<___;
+.Lcbc_abort:
+	ret
+.cfi_endproc
+.size	${PREFIX}_cbc_encrypt,.-${PREFIX}_cbc_encrypt
+___
+}
+$code.=<<___;
+##
+##  _aes_preheat
+##
+##  Fills register %r10 -> .aes_consts (so you can -fPIC)
+##  and %xmm9-%xmm15 as specified below.
+##
+.type	_vpaes_preheat,\@abi-omnipotent
+.align	16
+_vpaes_preheat:
+.cfi_startproc
+	lea	.Lk_s0F(%rip), %r10
+	movdqa	-0x20(%r10), %xmm10	# .Lk_inv
+	movdqa	-0x10(%r10), %xmm11	# .Lk_inv+16
+	movdqa	0x00(%r10), %xmm9	# .Lk_s0F
+	movdqa	0x30(%r10), %xmm13	# .Lk_sb1
+	movdqa	0x40(%r10), %xmm12	# .Lk_sb1+16
+	movdqa	0x50(%r10), %xmm15	# .Lk_sb2
+	movdqa	0x60(%r10), %xmm14	# .Lk_sb2+16
+	ret
+.cfi_endproc
+.size	_vpaes_preheat,.-_vpaes_preheat
+########################################################
+##                                                    ##
+##                     Constants                      ##
+##                                                    ##
+########################################################
+.type	_vpaes_consts,\@object
+.align	64
+_vpaes_consts:
+.Lk_inv:	# inv, inva
+	.quad	0x0E05060F0D080180, 0x040703090A0B0C02
+	.quad	0x01040A060F0B0780, 0x030D0E0C02050809
+
+.Lk_s0F:	# s0F
+	.quad	0x0F0F0F0F0F0F0F0F, 0x0F0F0F0F0F0F0F0F
+
+.Lk_ipt:	# input transform (lo, hi)
+	.quad	0xC2B2E8985A2A7000, 0xCABAE09052227808
+	.quad	0x4C01307D317C4D00, 0xCD80B1FCB0FDCC81
+
+.Lk_sb1:	# sb1u, sb1t
+	.quad	0xB19BE18FCB503E00, 0xA5DF7A6E142AF544
+	.quad	0x3618D415FAE22300, 0x3BF7CCC10D2ED9EF
+.Lk_sb2:	# sb2u, sb2t
+	.quad	0xE27A93C60B712400, 0x5EB7E955BC982FCD
+	.quad	0x69EB88400AE12900, 0xC2A163C8AB82234A
+.Lk_sbo:	# sbou, sbot
+	.quad	0xD0D26D176FBDC700, 0x15AABF7AC502A878
+	.quad	0xCFE474A55FBB6A00, 0x8E1E90D1412B35FA
+
+.Lk_mc_forward:	# mc_forward
+	.quad	0x0407060500030201, 0x0C0F0E0D080B0A09
+	.quad	0x080B0A0904070605, 0x000302010C0F0E0D
+	.quad	0x0C0F0E0D080B0A09, 0x0407060500030201
+	.quad	0x000302010C0F0E0D, 0x080B0A0904070605
+
+.Lk_mc_backward:# mc_backward
+	.quad	0x0605040702010003, 0x0E0D0C0F0A09080B
+	.quad	0x020100030E0D0C0F, 0x0A09080B06050407
+	.quad	0x0E0D0C0F0A09080B, 0x0605040702010003
+	.quad	0x0A09080B06050407, 0x020100030E0D0C0F
+
+.Lk_sr:		# sr
+	.quad	0x0706050403020100, 0x0F0E0D0C0B0A0908
+	.quad	0x030E09040F0A0500, 0x0B06010C07020D08
+	.quad	0x0F060D040B020900, 0x070E050C030A0108
+	.quad	0x0B0E0104070A0D00, 0x0306090C0F020508
+
+.Lk_rcon:	# rcon
+	.quad	0x1F8391B9AF9DEEB6, 0x702A98084D7C7D81
+
+.Lk_s63:	# s63: all equal to 0x63 transformed
+	.quad	0x5B5B5B5B5B5B5B5B, 0x5B5B5B5B5B5B5B5B
+
+.Lk_opt:	# output transform
+	.quad	0xFF9F4929D6B66000, 0xF7974121DEBE6808
+	.quad	0x01EDBD5150BCEC00, 0xE10D5DB1B05C0CE0
+
+.Lk_deskew:	# deskew tables: inverts the sbox's "skew"
+	.quad	0x07E4A34047A4E300, 0x1DFEB95A5DBEF91A
+	.quad	0x5F36B5DC83EA6900, 0x2841C2ABF49D1E77
+
+##
+##  Decryption stuff
+##  Key schedule constants
+##
+.Lk_dksd:	# decryption key schedule: invskew x*D
+	.quad	0xFEB91A5DA3E44700, 0x0740E3A45A1DBEF9
+	.quad	0x41C277F4B5368300, 0x5FDC69EAAB289D1E
+.Lk_dksb:	# decryption key schedule: invskew x*B
+	.quad	0x9A4FCA1F8550D500, 0x03D653861CC94C99
+	.quad	0x115BEDA7B6FC4A00, 0xD993256F7E3482C8
+.Lk_dkse:	# decryption key schedule: invskew x*E + 0x63
+	.quad	0xD5031CCA1FC9D600, 0x53859A4C994F5086
+	.quad	0xA23196054FDC7BE8, 0xCD5EF96A20B31487
+.Lk_dks9:	# decryption key schedule: invskew x*9
+	.quad	0xB6116FC87ED9A700, 0x4AED933482255BFC
+	.quad	0x4576516227143300, 0x8BB89FACE9DAFDCE
+
+##
+##  Decryption stuff
+##  Round function constants
+##
+.Lk_dipt:	# decryption input transform
+	.quad	0x0F505B040B545F00, 0x154A411E114E451A
+	.quad	0x86E383E660056500, 0x12771772F491F194
+
+.Lk_dsb9:	# decryption sbox output *9*u, *9*t
+	.quad	0x851C03539A86D600, 0xCAD51F504F994CC9
+	.quad	0xC03B1789ECD74900, 0x725E2C9EB2FBA565
+.Lk_dsbd:	# decryption sbox output *D*u, *D*t
+	.quad	0x7D57CCDFE6B1A200, 0xF56E9B13882A4439
+	.quad	0x3CE2FAF724C6CB00, 0x2931180D15DEEFD3
+.Lk_dsbb:	# decryption sbox output *B*u, *B*t
+	.quad	0xD022649296B44200, 0x602646F6B0F2D404
+	.quad	0xC19498A6CD596700, 0xF3FF0C3E3255AA6B
+.Lk_dsbe:	# decryption sbox output *E*u, *E*t
+	.quad	0x46F2929626D4D000, 0x2242600464B4F6B0
+	.quad	0x0C55A6CDFFAAC100, 0x9467F36B98593E32
+.Lk_dsbo:	# decryption sbox final output
+	.quad	0x1387EA537EF94000, 0xC7AA6DB9D4943E2D
+	.quad	0x12D7560F93441D00, 0xCA4B8159D8C58E9C
+.asciz	"Vector Permutation AES for x86_64/SSSE3, Mike Hamburg (Stanford University)"
+.align	64
+.size	_vpaes_consts,.-_vpaes_consts
+___
+
+if ($win64) {
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern	__imp_RtlVirtualUnwind
+.type	se_handler,\@abi-omnipotent
+.align	16
+se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# prologue label
+	cmp	%r10,%rbx		# context->Rip<prologue label
+	jb	.Lin_prologue
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lin_prologue
+
+	lea	16(%rax),%rsi		# %xmm save area
+	lea	512($context),%rdi	# &context.Xmm6
+	mov	\$20,%ecx		# 10*sizeof(%xmm0)/sizeof(%rax)
+	.long	0xa548f3fc		# cld; rep movsq
+	lea	0xb8(%rax),%rax		# adjust stack pointer
+
+.Lin_prologue:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$`1232/8`,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	se_handler,.-se_handler
+
+.section	.pdata
+.align	4
+	.rva	.LSEH_begin_${PREFIX}_set_encrypt_key
+	.rva	.LSEH_end_${PREFIX}_set_encrypt_key
+	.rva	.LSEH_info_${PREFIX}_set_encrypt_key
+
+	.rva	.LSEH_begin_${PREFIX}_set_decrypt_key
+	.rva	.LSEH_end_${PREFIX}_set_decrypt_key
+	.rva	.LSEH_info_${PREFIX}_set_decrypt_key
+
+	.rva	.LSEH_begin_${PREFIX}_encrypt
+	.rva	.LSEH_end_${PREFIX}_encrypt
+	.rva	.LSEH_info_${PREFIX}_encrypt
+
+	.rva	.LSEH_begin_${PREFIX}_decrypt
+	.rva	.LSEH_end_${PREFIX}_decrypt
+	.rva	.LSEH_info_${PREFIX}_decrypt
+
+	.rva	.LSEH_begin_${PREFIX}_cbc_encrypt
+	.rva	.LSEH_end_${PREFIX}_cbc_encrypt
+	.rva	.LSEH_info_${PREFIX}_cbc_encrypt
+
+.section	.xdata
+.align	8
+.LSEH_info_${PREFIX}_set_encrypt_key:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lenc_key_body,.Lenc_key_epilogue	# HandlerData[]
+.LSEH_info_${PREFIX}_set_decrypt_key:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Ldec_key_body,.Ldec_key_epilogue	# HandlerData[]
+.LSEH_info_${PREFIX}_encrypt:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lenc_body,.Lenc_epilogue		# HandlerData[]
+.LSEH_info_${PREFIX}_decrypt:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Ldec_body,.Ldec_epilogue		# HandlerData[]
+.LSEH_info_${PREFIX}_cbc_encrypt:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lcbc_body,.Lcbc_epilogue		# HandlerData[]
+___
+}
+
+$code =~ s/\`([^\`]*)\`/eval($1)/gem;
+
+print $code;
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/build.info
new file mode 100644
index 000000000..0f0486364
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/build.info
@@ -0,0 +1,64 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        aes_misc.c aes_ecb.c aes_cfb.c aes_ofb.c \
+        aes_ige.c aes_wrap.c {- $target{aes_asm_src} -}
+
+GENERATE[aes-ia64.s]=asm/aes-ia64.S
+
+GENERATE[aes-586.s]=asm/aes-586.pl \
+        $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR)
+DEPEND[aes-586.s]=../perlasm/x86asm.pl
+GENERATE[vpaes-x86.s]=asm/vpaes-x86.pl \
+        $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR)
+DEPEND[vpaes-586.s]=../perlasm/x86asm.pl
+GENERATE[aesni-x86.s]=asm/aesni-x86.pl \
+        $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR)
+DEPEND[aesni-586.s]=../perlasm/x86asm.pl
+
+GENERATE[aes-x86_64.s]=asm/aes-x86_64.pl $(PERLASM_SCHEME)
+GENERATE[vpaes-x86_64.s]=asm/vpaes-x86_64.pl $(PERLASM_SCHEME)
+GENERATE[bsaes-x86_64.s]=asm/bsaes-x86_64.pl $(PERLASM_SCHEME)
+GENERATE[aesni-x86_64.s]=asm/aesni-x86_64.pl $(PERLASM_SCHEME)
+GENERATE[aesni-sha1-x86_64.s]=asm/aesni-sha1-x86_64.pl $(PERLASM_SCHEME)
+GENERATE[aesni-sha256-x86_64.s]=asm/aesni-sha256-x86_64.pl $(PERLASM_SCHEME)
+GENERATE[aesni-mb-x86_64.s]=asm/aesni-mb-x86_64.pl $(PERLASM_SCHEME)
+
+GENERATE[aes-sparcv9.S]=asm/aes-sparcv9.pl $(PERLASM_SCHEME)
+INCLUDE[aes-sparcv9.o]=..
+GENERATE[aest4-sparcv9.S]=asm/aest4-sparcv9.pl $(PERLASM_SCHEME)
+INCLUDE[aest4-sparcv9.o]=..
+DEPEND[aest4-sparcv9.S]=../perlasm/sparcv9_modes.pl
+GENERATE[aesfx-sparcv9.S]=asm/aesfx-sparcv9.pl $(PERLASM_SCHEME)
+INCLUDE[aesfx-sparcv9.o]=..
+
+GENERATE[aes-ppc.s]=asm/aes-ppc.pl $(PERLASM_SCHEME)
+GENERATE[vpaes-ppc.s]=asm/vpaes-ppc.pl $(PERLASM_SCHEME)
+GENERATE[aesp8-ppc.s]=asm/aesp8-ppc.pl $(PERLASM_SCHEME)
+
+GENERATE[aes-parisc.s]=asm/aes-parisc.pl $(PERLASM_SCHEME)
+
+GENERATE[aes-mips.S]=asm/aes-mips.pl $(PERLASM_SCHEME)
+INCLUDE[aes-mips.o]=..
+
+GENERATE[aesv8-armx.S]=asm/aesv8-armx.pl $(PERLASM_SCHEME)
+INCLUDE[aesv8-armx.o]=..
+GENERATE[vpaes-armv8.S]=asm/vpaes-armv8.pl $(PERLASM_SCHEME)
+
+GENERATE[aes-armv4.S]=asm/aes-armv4.pl $(PERLASM_SCHEME)
+INCLUDE[aes-armv4.o]=..
+GENERATE[bsaes-armv7.S]=asm/bsaes-armv7.pl $(PERLASM_SCHEME)
+INCLUDE[bsaes-armv7.o]=..
+
+GENERATE[aes-s390x.S]=asm/aes-s390x.pl $(PERLASM_SCHEME)
+INCLUDE[aes-s390x.o]=..
+
+BEGINRAW[Makefile]
+##### AES assembler implementations
+
+# GNU make "catch all"
+{- $builddir -}/aes-%.S:	{- $sourcedir -}/asm/aes-%.pl
+	CC="$(CC)" $(PERL) $< $(PERLASM_SCHEME) $@
+{- $builddir -}/bsaes-%.S:	{- $sourcedir -}/asm/bsaes-%.pl
+	CC="$(CC)" $(PERL) $< $(PERLASM_SCHEME) $@
+
+ENDRAW[Makefile]
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/alphacpuid.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/alphacpuid.pl
new file mode 100644
index 000000000..6c7fd4c9d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/alphacpuid.pl
@@ -0,0 +1,257 @@
+#! /usr/bin/env perl
+# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+$output = pop;
+open STDOUT,">$output";
+
+print <<'___';
+.text
+
+.set	noat
+
+.globl	OPENSSL_cpuid_setup
+.ent	OPENSSL_cpuid_setup
+OPENSSL_cpuid_setup:
+	.frame	$30,0,$26
+	.prologue 0
+	ret	($26)
+.end	OPENSSL_cpuid_setup
+
+.globl	OPENSSL_wipe_cpu
+.ent	OPENSSL_wipe_cpu
+OPENSSL_wipe_cpu:
+	.frame	$30,0,$26
+	.prologue 0
+	clr	$1
+	clr	$2
+	clr	$3
+	clr	$4
+	clr	$5
+	clr	$6
+	clr	$7
+	clr	$8
+	clr	$16
+	clr	$17
+	clr	$18
+	clr	$19
+	clr	$20
+	clr	$21
+	clr	$22
+	clr	$23
+	clr	$24
+	clr	$25
+	clr	$27
+	clr	$at
+	clr	$29
+	fclr	$f0
+	fclr	$f1
+	fclr	$f10
+	fclr	$f11
+	fclr	$f12
+	fclr	$f13
+	fclr	$f14
+	fclr	$f15
+	fclr	$f16
+	fclr	$f17
+	fclr	$f18
+	fclr	$f19
+	fclr	$f20
+	fclr	$f21
+	fclr	$f22
+	fclr	$f23
+	fclr	$f24
+	fclr	$f25
+	fclr	$f26
+	fclr	$f27
+	fclr	$f28
+	fclr	$f29
+	fclr	$f30
+	mov	$sp,$0
+	ret	($26)
+.end	OPENSSL_wipe_cpu
+
+.globl	OPENSSL_atomic_add
+.ent	OPENSSL_atomic_add
+OPENSSL_atomic_add:
+	.frame	$30,0,$26
+	.prologue 0
+1:	ldl_l	$0,0($16)
+	addl	$0,$17,$1
+	stl_c	$1,0($16)
+	beq	$1,1b
+	addl	$0,$17,$0
+	ret	($26)
+.end	OPENSSL_atomic_add
+
+.globl	OPENSSL_rdtsc
+.ent	OPENSSL_rdtsc
+OPENSSL_rdtsc:
+	.frame	$30,0,$26
+	.prologue 0
+	rpcc	$0
+	ret	($26)
+.end	OPENSSL_rdtsc
+
+.globl	OPENSSL_cleanse
+.ent	OPENSSL_cleanse
+OPENSSL_cleanse:
+	.frame	$30,0,$26
+	.prologue 0
+	beq	$17,.Ldone
+	and	$16,7,$0
+	bic	$17,7,$at
+	beq	$at,.Little
+	beq	$0,.Laligned
+
+.Little:
+	subq	$0,8,$0
+	ldq_u	$1,0($16)
+	mov	$16,$2
+.Lalign:
+	mskbl	$1,$16,$1
+	lda	$16,1($16)
+	subq	$17,1,$17
+	addq	$0,1,$0
+	beq	$17,.Lout
+	bne	$0,.Lalign
+.Lout:	stq_u	$1,0($2)
+	beq	$17,.Ldone
+	bic	$17,7,$at
+	beq	$at,.Little
+
+.Laligned:
+	stq	$31,0($16)
+	subq	$17,8,$17
+	lda	$16,8($16)
+	bic	$17,7,$at
+	bne	$at,.Laligned
+	bne	$17,.Little
+.Ldone: ret	($26)
+.end	OPENSSL_cleanse
+
+.globl	CRYPTO_memcmp
+.ent	CRYPTO_memcmp
+CRYPTO_memcmp:
+	.frame	$30,0,$26
+	.prologue 0
+	xor	$0,$0,$0
+	beq	$18,.Lno_data
+
+	xor	$1,$1,$1
+	nop
+.Loop_cmp:
+	ldq_u	$2,0($16)
+	subq	$18,1,$18
+	ldq_u	$3,0($17)
+	extbl	$2,$16,$2
+	lda	$16,1($16)
+	extbl	$3,$17,$3
+	lda	$17,1($17)
+	xor	$3,$2,$2
+	or	$2,$0,$0
+	bne	$18,.Loop_cmp
+
+	subq	$31,$0,$0
+	srl	$0,63,$0
+.Lno_data:
+	ret	($26)
+.end	CRYPTO_memcmp
+___
+{
+my ($out,$cnt,$max)=("\$16","\$17","\$18");
+my ($tick,$lasttick)=("\$19","\$20");
+my ($diff,$lastdiff)=("\$21","\$22");
+my ($v0,$ra,$sp,$zero)=("\$0","\$26","\$30","\$31");
+
+print <<___;
+.globl	OPENSSL_instrument_bus
+.ent	OPENSSL_instrument_bus
+OPENSSL_instrument_bus:
+	.frame	$sp,0,$ra
+	.prologue 0
+	mov	$cnt,$v0
+
+	rpcc	$lasttick
+	mov	0,$diff
+
+	ecb	($out)
+	ldl_l	$tick,0($out)
+	addl	$diff,$tick,$tick
+	mov	$tick,$diff
+	stl_c	$tick,0($out)
+	stl	$diff,0($out)
+
+.Loop:	rpcc	$tick
+	subq	$tick,$lasttick,$diff
+	mov	$tick,$lasttick
+
+	ecb	($out)
+	ldl_l	$tick,0($out)
+	addl	$diff,$tick,$tick
+	mov	$tick,$diff
+	stl_c	$tick,0($out)
+	stl	$diff,0($out)
+
+	subl	$cnt,1,$cnt
+	lda	$out,4($out)
+	bne	$cnt,.Loop
+
+	ret	($ra)
+.end	OPENSSL_instrument_bus
+
+.globl	OPENSSL_instrument_bus2
+.ent	OPENSSL_instrument_bus2
+OPENSSL_instrument_bus2:
+	.frame	$sp,0,$ra
+	.prologue 0
+	mov	$cnt,$v0
+
+	rpcc	$lasttick
+	mov	0,$diff
+
+	ecb	($out)
+	ldl_l	$tick,0($out)
+	addl	$diff,$tick,$tick
+	mov	$tick,$diff
+	stl_c	$tick,0($out)
+	stl	$diff,0($out)
+
+	rpcc	$tick
+	subq	$tick,$lasttick,$diff
+	mov	$tick,$lasttick
+	mov	$diff,$lastdiff
+.Loop2:
+	ecb	($out)
+	ldl_l	$tick,0($out)
+	addl	$diff,$tick,$tick
+	mov	$tick,$diff
+	stl_c	$tick,0($out)
+	stl	$diff,0($out)
+
+	subl	$max,1,$max
+	beq	$max,.Ldone2
+
+	rpcc	$tick
+	subq	$tick,$lasttick,$diff
+	mov	$tick,$lasttick
+	subq	$lastdiff,$diff,$tick
+	mov	$diff,$lastdiff
+	cmovne	$tick,1,$tick
+	subl	$cnt,$tick,$cnt
+	s4addq	$tick,$out,$out
+	bne	$cnt,.Loop2
+
+.Ldone2:
+	subl	$v0,$cnt,$v0
+	ret	($ra)
+.end	OPENSSL_instrument_bus2
+___
+}
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aria/aria.c b/trunk/3rdparty/openssl-1.1-fit/crypto/aria/aria.c
new file mode 100644
index 000000000..293bcc72b
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aria/aria.c
@@ -0,0 +1,1212 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2017, Oracle and/or its affiliates.  All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Copyright (C) 2017 National Security Research Institute. All Rights Reserved.
+ *
+ * Information for ARIA
+ *     http://210.104.33.10/ARIA/index-e.html (English)
+ *     http://seed.kisa.or.kr/ (Korean)
+ *
+ * Public domain version is distributed above.
+ */
+
+#include <openssl/e_os2.h>
+#include "internal/aria.h"
+
+#include <assert.h>
+#include <string.h>
+
+#ifndef OPENSSL_SMALL_FOOTPRINT
+
+/* Begin macro */
+
+/* rotation */
+#define rotl32(v, r) (((uint32_t)(v) << (r)) | ((uint32_t)(v) >> (32 - r)))
+#define rotr32(v, r) (((uint32_t)(v) >> (r)) | ((uint32_t)(v) << (32 - r)))
+
+#define bswap32(v)                                          \
+    (((v) << 24) ^ ((v) >> 24) ^                            \
+    (((v) & 0x0000ff00) << 8) ^ (((v) & 0x00ff0000) >> 8))
+
+#define GET_U8_BE(X, Y) ((uint8_t)((X) >> ((3 - Y) * 8)))
+#define GET_U32_BE(X, Y) (                                  \
+    ((uint32_t)((const uint8_t *)(X))[Y * 4    ] << 24) ^   \
+    ((uint32_t)((const uint8_t *)(X))[Y * 4 + 1] << 16) ^   \
+    ((uint32_t)((const uint8_t *)(X))[Y * 4 + 2] <<  8) ^   \
+    ((uint32_t)((const uint8_t *)(X))[Y * 4 + 3]      )     )
+
+#define PUT_U32_BE(DEST, IDX, VAL)                              \
+    do {                                                        \
+        ((uint8_t *)(DEST))[IDX * 4    ] = GET_U8_BE(VAL, 0);   \
+        ((uint8_t *)(DEST))[IDX * 4 + 1] = GET_U8_BE(VAL, 1);   \
+        ((uint8_t *)(DEST))[IDX * 4 + 2] = GET_U8_BE(VAL, 2);   \
+        ((uint8_t *)(DEST))[IDX * 4 + 3] = GET_U8_BE(VAL, 3);   \
+    } while(0)
+
+#define MAKE_U32(V0, V1, V2, V3) (      \
+    ((uint32_t)((uint8_t)(V0)) << 24) | \
+    ((uint32_t)((uint8_t)(V1)) << 16) | \
+    ((uint32_t)((uint8_t)(V2)) <<  8) | \
+    ((uint32_t)((uint8_t)(V3))      )   )
+
+/* End Macro*/
+
+/* Key Constant
+ * 128bit : 0, 1,    2
+ * 192bit : 1, 2,    3(0)
+ * 256bit : 2, 3(0), 4(1)
+ */
+static const uint32_t Key_RC[5][4] = {
+    { 0x517cc1b7, 0x27220a94, 0xfe13abe8, 0xfa9a6ee0 },
+    { 0x6db14acc, 0x9e21c820, 0xff28b1d5, 0xef5de2b0 },
+    { 0xdb92371d, 0x2126e970, 0x03249775, 0x04e8c90e },
+    { 0x517cc1b7, 0x27220a94, 0xfe13abe8, 0xfa9a6ee0 },
+    { 0x6db14acc, 0x9e21c820, 0xff28b1d5, 0xef5de2b0 }
+};
+
+/* 32bit expanded s-box */
+static const uint32_t S1[256] = {
+    0x00636363, 0x007c7c7c, 0x00777777, 0x007b7b7b,
+    0x00f2f2f2, 0x006b6b6b, 0x006f6f6f, 0x00c5c5c5,
+    0x00303030, 0x00010101, 0x00676767, 0x002b2b2b,
+    0x00fefefe, 0x00d7d7d7, 0x00ababab, 0x00767676,
+    0x00cacaca, 0x00828282, 0x00c9c9c9, 0x007d7d7d,
+    0x00fafafa, 0x00595959, 0x00474747, 0x00f0f0f0,
+    0x00adadad, 0x00d4d4d4, 0x00a2a2a2, 0x00afafaf,
+    0x009c9c9c, 0x00a4a4a4, 0x00727272, 0x00c0c0c0,
+    0x00b7b7b7, 0x00fdfdfd, 0x00939393, 0x00262626,
+    0x00363636, 0x003f3f3f, 0x00f7f7f7, 0x00cccccc,
+    0x00343434, 0x00a5a5a5, 0x00e5e5e5, 0x00f1f1f1,
+    0x00717171, 0x00d8d8d8, 0x00313131, 0x00151515,
+    0x00040404, 0x00c7c7c7, 0x00232323, 0x00c3c3c3,
+    0x00181818, 0x00969696, 0x00050505, 0x009a9a9a,
+    0x00070707, 0x00121212, 0x00808080, 0x00e2e2e2,
+    0x00ebebeb, 0x00272727, 0x00b2b2b2, 0x00757575,
+    0x00090909, 0x00838383, 0x002c2c2c, 0x001a1a1a,
+    0x001b1b1b, 0x006e6e6e, 0x005a5a5a, 0x00a0a0a0,
+    0x00525252, 0x003b3b3b, 0x00d6d6d6, 0x00b3b3b3,
+    0x00292929, 0x00e3e3e3, 0x002f2f2f, 0x00848484,
+    0x00535353, 0x00d1d1d1, 0x00000000, 0x00ededed,
+    0x00202020, 0x00fcfcfc, 0x00b1b1b1, 0x005b5b5b,
+    0x006a6a6a, 0x00cbcbcb, 0x00bebebe, 0x00393939,
+    0x004a4a4a, 0x004c4c4c, 0x00585858, 0x00cfcfcf,
+    0x00d0d0d0, 0x00efefef, 0x00aaaaaa, 0x00fbfbfb,
+    0x00434343, 0x004d4d4d, 0x00333333, 0x00858585,
+    0x00454545, 0x00f9f9f9, 0x00020202, 0x007f7f7f,
+    0x00505050, 0x003c3c3c, 0x009f9f9f, 0x00a8a8a8,
+    0x00515151, 0x00a3a3a3, 0x00404040, 0x008f8f8f,
+    0x00929292, 0x009d9d9d, 0x00383838, 0x00f5f5f5,
+    0x00bcbcbc, 0x00b6b6b6, 0x00dadada, 0x00212121,
+    0x00101010, 0x00ffffff, 0x00f3f3f3, 0x00d2d2d2,
+    0x00cdcdcd, 0x000c0c0c, 0x00131313, 0x00ececec,
+    0x005f5f5f, 0x00979797, 0x00444444, 0x00171717,
+    0x00c4c4c4, 0x00a7a7a7, 0x007e7e7e, 0x003d3d3d,
+    0x00646464, 0x005d5d5d, 0x00191919, 0x00737373,
+    0x00606060, 0x00818181, 0x004f4f4f, 0x00dcdcdc,
+    0x00222222, 0x002a2a2a, 0x00909090, 0x00888888,
+    0x00464646, 0x00eeeeee, 0x00b8b8b8, 0x00141414,
+    0x00dedede, 0x005e5e5e, 0x000b0b0b, 0x00dbdbdb,
+    0x00e0e0e0, 0x00323232, 0x003a3a3a, 0x000a0a0a,
+    0x00494949, 0x00060606, 0x00242424, 0x005c5c5c,
+    0x00c2c2c2, 0x00d3d3d3, 0x00acacac, 0x00626262,
+    0x00919191, 0x00959595, 0x00e4e4e4, 0x00797979,
+    0x00e7e7e7, 0x00c8c8c8, 0x00373737, 0x006d6d6d,
+    0x008d8d8d, 0x00d5d5d5, 0x004e4e4e, 0x00a9a9a9,
+    0x006c6c6c, 0x00565656, 0x00f4f4f4, 0x00eaeaea,
+    0x00656565, 0x007a7a7a, 0x00aeaeae, 0x00080808,
+    0x00bababa, 0x00787878, 0x00252525, 0x002e2e2e,
+    0x001c1c1c, 0x00a6a6a6, 0x00b4b4b4, 0x00c6c6c6,
+    0x00e8e8e8, 0x00dddddd, 0x00747474, 0x001f1f1f,
+    0x004b4b4b, 0x00bdbdbd, 0x008b8b8b, 0x008a8a8a,
+    0x00707070, 0x003e3e3e, 0x00b5b5b5, 0x00666666,
+    0x00484848, 0x00030303, 0x00f6f6f6, 0x000e0e0e,
+    0x00616161, 0x00353535, 0x00575757, 0x00b9b9b9,
+    0x00868686, 0x00c1c1c1, 0x001d1d1d, 0x009e9e9e,
+    0x00e1e1e1, 0x00f8f8f8, 0x00989898, 0x00111111,
+    0x00696969, 0x00d9d9d9, 0x008e8e8e, 0x00949494,
+    0x009b9b9b, 0x001e1e1e, 0x00878787, 0x00e9e9e9,
+    0x00cecece, 0x00555555, 0x00282828, 0x00dfdfdf,
+    0x008c8c8c, 0x00a1a1a1, 0x00898989, 0x000d0d0d,
+    0x00bfbfbf, 0x00e6e6e6, 0x00424242, 0x00686868,
+    0x00414141, 0x00999999, 0x002d2d2d, 0x000f0f0f,
+    0x00b0b0b0, 0x00545454, 0x00bbbbbb, 0x00161616
+};
+
+static const uint32_t S2[256] = {
+    0xe200e2e2, 0x4e004e4e, 0x54005454, 0xfc00fcfc,
+    0x94009494, 0xc200c2c2, 0x4a004a4a, 0xcc00cccc,
+    0x62006262, 0x0d000d0d, 0x6a006a6a, 0x46004646,
+    0x3c003c3c, 0x4d004d4d, 0x8b008b8b, 0xd100d1d1,
+    0x5e005e5e, 0xfa00fafa, 0x64006464, 0xcb00cbcb,
+    0xb400b4b4, 0x97009797, 0xbe00bebe, 0x2b002b2b,
+    0xbc00bcbc, 0x77007777, 0x2e002e2e, 0x03000303,
+    0xd300d3d3, 0x19001919, 0x59005959, 0xc100c1c1,
+    0x1d001d1d, 0x06000606, 0x41004141, 0x6b006b6b,
+    0x55005555, 0xf000f0f0, 0x99009999, 0x69006969,
+    0xea00eaea, 0x9c009c9c, 0x18001818, 0xae00aeae,
+    0x63006363, 0xdf00dfdf, 0xe700e7e7, 0xbb00bbbb,
+    0x00000000, 0x73007373, 0x66006666, 0xfb00fbfb,
+    0x96009696, 0x4c004c4c, 0x85008585, 0xe400e4e4,
+    0x3a003a3a, 0x09000909, 0x45004545, 0xaa00aaaa,
+    0x0f000f0f, 0xee00eeee, 0x10001010, 0xeb00ebeb,
+    0x2d002d2d, 0x7f007f7f, 0xf400f4f4, 0x29002929,
+    0xac00acac, 0xcf00cfcf, 0xad00adad, 0x91009191,
+    0x8d008d8d, 0x78007878, 0xc800c8c8, 0x95009595,
+    0xf900f9f9, 0x2f002f2f, 0xce00cece, 0xcd00cdcd,
+    0x08000808, 0x7a007a7a, 0x88008888, 0x38003838,
+    0x5c005c5c, 0x83008383, 0x2a002a2a, 0x28002828,
+    0x47004747, 0xdb00dbdb, 0xb800b8b8, 0xc700c7c7,
+    0x93009393, 0xa400a4a4, 0x12001212, 0x53005353,
+    0xff00ffff, 0x87008787, 0x0e000e0e, 0x31003131,
+    0x36003636, 0x21002121, 0x58005858, 0x48004848,
+    0x01000101, 0x8e008e8e, 0x37003737, 0x74007474,
+    0x32003232, 0xca00caca, 0xe900e9e9, 0xb100b1b1,
+    0xb700b7b7, 0xab00abab, 0x0c000c0c, 0xd700d7d7,
+    0xc400c4c4, 0x56005656, 0x42004242, 0x26002626,
+    0x07000707, 0x98009898, 0x60006060, 0xd900d9d9,
+    0xb600b6b6, 0xb900b9b9, 0x11001111, 0x40004040,
+    0xec00ecec, 0x20002020, 0x8c008c8c, 0xbd00bdbd,
+    0xa000a0a0, 0xc900c9c9, 0x84008484, 0x04000404,
+    0x49004949, 0x23002323, 0xf100f1f1, 0x4f004f4f,
+    0x50005050, 0x1f001f1f, 0x13001313, 0xdc00dcdc,
+    0xd800d8d8, 0xc000c0c0, 0x9e009e9e, 0x57005757,
+    0xe300e3e3, 0xc300c3c3, 0x7b007b7b, 0x65006565,
+    0x3b003b3b, 0x02000202, 0x8f008f8f, 0x3e003e3e,
+    0xe800e8e8, 0x25002525, 0x92009292, 0xe500e5e5,
+    0x15001515, 0xdd00dddd, 0xfd00fdfd, 0x17001717,
+    0xa900a9a9, 0xbf00bfbf, 0xd400d4d4, 0x9a009a9a,
+    0x7e007e7e, 0xc500c5c5, 0x39003939, 0x67006767,
+    0xfe00fefe, 0x76007676, 0x9d009d9d, 0x43004343,
+    0xa700a7a7, 0xe100e1e1, 0xd000d0d0, 0xf500f5f5,
+    0x68006868, 0xf200f2f2, 0x1b001b1b, 0x34003434,
+    0x70007070, 0x05000505, 0xa300a3a3, 0x8a008a8a,
+    0xd500d5d5, 0x79007979, 0x86008686, 0xa800a8a8,
+    0x30003030, 0xc600c6c6, 0x51005151, 0x4b004b4b,
+    0x1e001e1e, 0xa600a6a6, 0x27002727, 0xf600f6f6,
+    0x35003535, 0xd200d2d2, 0x6e006e6e, 0x24002424,
+    0x16001616, 0x82008282, 0x5f005f5f, 0xda00dada,
+    0xe600e6e6, 0x75007575, 0xa200a2a2, 0xef00efef,
+    0x2c002c2c, 0xb200b2b2, 0x1c001c1c, 0x9f009f9f,
+    0x5d005d5d, 0x6f006f6f, 0x80008080, 0x0a000a0a,
+    0x72007272, 0x44004444, 0x9b009b9b, 0x6c006c6c,
+    0x90009090, 0x0b000b0b, 0x5b005b5b, 0x33003333,
+    0x7d007d7d, 0x5a005a5a, 0x52005252, 0xf300f3f3,
+    0x61006161, 0xa100a1a1, 0xf700f7f7, 0xb000b0b0,
+    0xd600d6d6, 0x3f003f3f, 0x7c007c7c, 0x6d006d6d,
+    0xed00eded, 0x14001414, 0xe000e0e0, 0xa500a5a5,
+    0x3d003d3d, 0x22002222, 0xb300b3b3, 0xf800f8f8,
+    0x89008989, 0xde00dede, 0x71007171, 0x1a001a1a,
+    0xaf00afaf, 0xba00baba, 0xb500b5b5, 0x81008181
+};
+
+static const uint32_t X1[256] = {
+    0x52520052, 0x09090009, 0x6a6a006a, 0xd5d500d5,
+    0x30300030, 0x36360036, 0xa5a500a5, 0x38380038,
+    0xbfbf00bf, 0x40400040, 0xa3a300a3, 0x9e9e009e,
+    0x81810081, 0xf3f300f3, 0xd7d700d7, 0xfbfb00fb,
+    0x7c7c007c, 0xe3e300e3, 0x39390039, 0x82820082,
+    0x9b9b009b, 0x2f2f002f, 0xffff00ff, 0x87870087,
+    0x34340034, 0x8e8e008e, 0x43430043, 0x44440044,
+    0xc4c400c4, 0xdede00de, 0xe9e900e9, 0xcbcb00cb,
+    0x54540054, 0x7b7b007b, 0x94940094, 0x32320032,
+    0xa6a600a6, 0xc2c200c2, 0x23230023, 0x3d3d003d,
+    0xeeee00ee, 0x4c4c004c, 0x95950095, 0x0b0b000b,
+    0x42420042, 0xfafa00fa, 0xc3c300c3, 0x4e4e004e,
+    0x08080008, 0x2e2e002e, 0xa1a100a1, 0x66660066,
+    0x28280028, 0xd9d900d9, 0x24240024, 0xb2b200b2,
+    0x76760076, 0x5b5b005b, 0xa2a200a2, 0x49490049,
+    0x6d6d006d, 0x8b8b008b, 0xd1d100d1, 0x25250025,
+    0x72720072, 0xf8f800f8, 0xf6f600f6, 0x64640064,
+    0x86860086, 0x68680068, 0x98980098, 0x16160016,
+    0xd4d400d4, 0xa4a400a4, 0x5c5c005c, 0xcccc00cc,
+    0x5d5d005d, 0x65650065, 0xb6b600b6, 0x92920092,
+    0x6c6c006c, 0x70700070, 0x48480048, 0x50500050,
+    0xfdfd00fd, 0xeded00ed, 0xb9b900b9, 0xdada00da,
+    0x5e5e005e, 0x15150015, 0x46460046, 0x57570057,
+    0xa7a700a7, 0x8d8d008d, 0x9d9d009d, 0x84840084,
+    0x90900090, 0xd8d800d8, 0xabab00ab, 0x00000000,
+    0x8c8c008c, 0xbcbc00bc, 0xd3d300d3, 0x0a0a000a,
+    0xf7f700f7, 0xe4e400e4, 0x58580058, 0x05050005,
+    0xb8b800b8, 0xb3b300b3, 0x45450045, 0x06060006,
+    0xd0d000d0, 0x2c2c002c, 0x1e1e001e, 0x8f8f008f,
+    0xcaca00ca, 0x3f3f003f, 0x0f0f000f, 0x02020002,
+    0xc1c100c1, 0xafaf00af, 0xbdbd00bd, 0x03030003,
+    0x01010001, 0x13130013, 0x8a8a008a, 0x6b6b006b,
+    0x3a3a003a, 0x91910091, 0x11110011, 0x41410041,
+    0x4f4f004f, 0x67670067, 0xdcdc00dc, 0xeaea00ea,
+    0x97970097, 0xf2f200f2, 0xcfcf00cf, 0xcece00ce,
+    0xf0f000f0, 0xb4b400b4, 0xe6e600e6, 0x73730073,
+    0x96960096, 0xacac00ac, 0x74740074, 0x22220022,
+    0xe7e700e7, 0xadad00ad, 0x35350035, 0x85850085,
+    0xe2e200e2, 0xf9f900f9, 0x37370037, 0xe8e800e8,
+    0x1c1c001c, 0x75750075, 0xdfdf00df, 0x6e6e006e,
+    0x47470047, 0xf1f100f1, 0x1a1a001a, 0x71710071,
+    0x1d1d001d, 0x29290029, 0xc5c500c5, 0x89890089,
+    0x6f6f006f, 0xb7b700b7, 0x62620062, 0x0e0e000e,
+    0xaaaa00aa, 0x18180018, 0xbebe00be, 0x1b1b001b,
+    0xfcfc00fc, 0x56560056, 0x3e3e003e, 0x4b4b004b,
+    0xc6c600c6, 0xd2d200d2, 0x79790079, 0x20200020,
+    0x9a9a009a, 0xdbdb00db, 0xc0c000c0, 0xfefe00fe,
+    0x78780078, 0xcdcd00cd, 0x5a5a005a, 0xf4f400f4,
+    0x1f1f001f, 0xdddd00dd, 0xa8a800a8, 0x33330033,
+    0x88880088, 0x07070007, 0xc7c700c7, 0x31310031,
+    0xb1b100b1, 0x12120012, 0x10100010, 0x59590059,
+    0x27270027, 0x80800080, 0xecec00ec, 0x5f5f005f,
+    0x60600060, 0x51510051, 0x7f7f007f, 0xa9a900a9,
+    0x19190019, 0xb5b500b5, 0x4a4a004a, 0x0d0d000d,
+    0x2d2d002d, 0xe5e500e5, 0x7a7a007a, 0x9f9f009f,
+    0x93930093, 0xc9c900c9, 0x9c9c009c, 0xefef00ef,
+    0xa0a000a0, 0xe0e000e0, 0x3b3b003b, 0x4d4d004d,
+    0xaeae00ae, 0x2a2a002a, 0xf5f500f5, 0xb0b000b0,
+    0xc8c800c8, 0xebeb00eb, 0xbbbb00bb, 0x3c3c003c,
+    0x83830083, 0x53530053, 0x99990099, 0x61610061,
+    0x17170017, 0x2b2b002b, 0x04040004, 0x7e7e007e,
+    0xbaba00ba, 0x77770077, 0xd6d600d6, 0x26260026,
+    0xe1e100e1, 0x69690069, 0x14140014, 0x63630063,
+    0x55550055, 0x21210021, 0x0c0c000c, 0x7d7d007d
+};
+
+static const uint32_t X2[256] = {
+    0x30303000, 0x68686800, 0x99999900, 0x1b1b1b00,
+    0x87878700, 0xb9b9b900, 0x21212100, 0x78787800,
+    0x50505000, 0x39393900, 0xdbdbdb00, 0xe1e1e100,
+    0x72727200, 0x09090900, 0x62626200, 0x3c3c3c00,
+    0x3e3e3e00, 0x7e7e7e00, 0x5e5e5e00, 0x8e8e8e00,
+    0xf1f1f100, 0xa0a0a000, 0xcccccc00, 0xa3a3a300,
+    0x2a2a2a00, 0x1d1d1d00, 0xfbfbfb00, 0xb6b6b600,
+    0xd6d6d600, 0x20202000, 0xc4c4c400, 0x8d8d8d00,
+    0x81818100, 0x65656500, 0xf5f5f500, 0x89898900,
+    0xcbcbcb00, 0x9d9d9d00, 0x77777700, 0xc6c6c600,
+    0x57575700, 0x43434300, 0x56565600, 0x17171700,
+    0xd4d4d400, 0x40404000, 0x1a1a1a00, 0x4d4d4d00,
+    0xc0c0c000, 0x63636300, 0x6c6c6c00, 0xe3e3e300,
+    0xb7b7b700, 0xc8c8c800, 0x64646400, 0x6a6a6a00,
+    0x53535300, 0xaaaaaa00, 0x38383800, 0x98989800,
+    0x0c0c0c00, 0xf4f4f400, 0x9b9b9b00, 0xededed00,
+    0x7f7f7f00, 0x22222200, 0x76767600, 0xafafaf00,
+    0xdddddd00, 0x3a3a3a00, 0x0b0b0b00, 0x58585800,
+    0x67676700, 0x88888800, 0x06060600, 0xc3c3c300,
+    0x35353500, 0x0d0d0d00, 0x01010100, 0x8b8b8b00,
+    0x8c8c8c00, 0xc2c2c200, 0xe6e6e600, 0x5f5f5f00,
+    0x02020200, 0x24242400, 0x75757500, 0x93939300,
+    0x66666600, 0x1e1e1e00, 0xe5e5e500, 0xe2e2e200,
+    0x54545400, 0xd8d8d800, 0x10101000, 0xcecece00,
+    0x7a7a7a00, 0xe8e8e800, 0x08080800, 0x2c2c2c00,
+    0x12121200, 0x97979700, 0x32323200, 0xababab00,
+    0xb4b4b400, 0x27272700, 0x0a0a0a00, 0x23232300,
+    0xdfdfdf00, 0xefefef00, 0xcacaca00, 0xd9d9d900,
+    0xb8b8b800, 0xfafafa00, 0xdcdcdc00, 0x31313100,
+    0x6b6b6b00, 0xd1d1d100, 0xadadad00, 0x19191900,
+    0x49494900, 0xbdbdbd00, 0x51515100, 0x96969600,
+    0xeeeeee00, 0xe4e4e400, 0xa8a8a800, 0x41414100,
+    0xdadada00, 0xffffff00, 0xcdcdcd00, 0x55555500,
+    0x86868600, 0x36363600, 0xbebebe00, 0x61616100,
+    0x52525200, 0xf8f8f800, 0xbbbbbb00, 0x0e0e0e00,
+    0x82828200, 0x48484800, 0x69696900, 0x9a9a9a00,
+    0xe0e0e000, 0x47474700, 0x9e9e9e00, 0x5c5c5c00,
+    0x04040400, 0x4b4b4b00, 0x34343400, 0x15151500,
+    0x79797900, 0x26262600, 0xa7a7a700, 0xdedede00,
+    0x29292900, 0xaeaeae00, 0x92929200, 0xd7d7d700,
+    0x84848400, 0xe9e9e900, 0xd2d2d200, 0xbababa00,
+    0x5d5d5d00, 0xf3f3f300, 0xc5c5c500, 0xb0b0b000,
+    0xbfbfbf00, 0xa4a4a400, 0x3b3b3b00, 0x71717100,
+    0x44444400, 0x46464600, 0x2b2b2b00, 0xfcfcfc00,
+    0xebebeb00, 0x6f6f6f00, 0xd5d5d500, 0xf6f6f600,
+    0x14141400, 0xfefefe00, 0x7c7c7c00, 0x70707000,
+    0x5a5a5a00, 0x7d7d7d00, 0xfdfdfd00, 0x2f2f2f00,
+    0x18181800, 0x83838300, 0x16161600, 0xa5a5a500,
+    0x91919100, 0x1f1f1f00, 0x05050500, 0x95959500,
+    0x74747400, 0xa9a9a900, 0xc1c1c100, 0x5b5b5b00,
+    0x4a4a4a00, 0x85858500, 0x6d6d6d00, 0x13131300,
+    0x07070700, 0x4f4f4f00, 0x4e4e4e00, 0x45454500,
+    0xb2b2b200, 0x0f0f0f00, 0xc9c9c900, 0x1c1c1c00,
+    0xa6a6a600, 0xbcbcbc00, 0xececec00, 0x73737300,
+    0x90909000, 0x7b7b7b00, 0xcfcfcf00, 0x59595900,
+    0x8f8f8f00, 0xa1a1a100, 0xf9f9f900, 0x2d2d2d00,
+    0xf2f2f200, 0xb1b1b100, 0x00000000, 0x94949400,
+    0x37373700, 0x9f9f9f00, 0xd0d0d000, 0x2e2e2e00,
+    0x9c9c9c00, 0x6e6e6e00, 0x28282800, 0x3f3f3f00,
+    0x80808000, 0xf0f0f000, 0x3d3d3d00, 0xd3d3d300,
+    0x25252500, 0x8a8a8a00, 0xb5b5b500, 0xe7e7e700,
+    0x42424200, 0xb3b3b300, 0xc7c7c700, 0xeaeaea00,
+    0xf7f7f700, 0x4c4c4c00, 0x11111100, 0x33333300,
+    0x03030300, 0xa2a2a200, 0xacacac00, 0x60606000
+};
+
+/* Key XOR Layer */
+#define ARIA_ADD_ROUND_KEY(RK, T0, T1, T2, T3)  \
+    do {                                        \
+        (T0) ^= (RK)->u[0];                     \
+        (T1) ^= (RK)->u[1];                     \
+        (T2) ^= (RK)->u[2];                     \
+        (T3) ^= (RK)->u[3];                     \
+    } while(0)
+
+/* S-Box Layer 1 + M */
+#define ARIA_SBOX_LAYER1_WITH_PRE_DIFF(T0, T1, T2, T3)  \
+    do {                                                \
+        (T0) =                                          \
+            S1[GET_U8_BE(T0, 0)] ^                      \
+            S2[GET_U8_BE(T0, 1)] ^                      \
+            X1[GET_U8_BE(T0, 2)] ^                      \
+            X2[GET_U8_BE(T0, 3)];                       \
+        (T1) =                                          \
+            S1[GET_U8_BE(T1, 0)] ^                      \
+            S2[GET_U8_BE(T1, 1)] ^                      \
+            X1[GET_U8_BE(T1, 2)] ^                      \
+            X2[GET_U8_BE(T1, 3)];                       \
+        (T2) =                                          \
+            S1[GET_U8_BE(T2, 0)] ^                      \
+            S2[GET_U8_BE(T2, 1)] ^                      \
+            X1[GET_U8_BE(T2, 2)] ^                      \
+            X2[GET_U8_BE(T2, 3)];                       \
+        (T3) =                                          \
+            S1[GET_U8_BE(T3, 0)] ^                      \
+            S2[GET_U8_BE(T3, 1)] ^                      \
+            X1[GET_U8_BE(T3, 2)] ^                      \
+            X2[GET_U8_BE(T3, 3)];                       \
+    } while(0)
+
+/* S-Box Layer 2 + M */
+#define ARIA_SBOX_LAYER2_WITH_PRE_DIFF(T0, T1, T2, T3)  \
+    do {                                                \
+        (T0) =                                          \
+            X1[GET_U8_BE(T0, 0)] ^                      \
+            X2[GET_U8_BE(T0, 1)] ^                      \
+            S1[GET_U8_BE(T0, 2)] ^                      \
+            S2[GET_U8_BE(T0, 3)];                       \
+        (T1) =                                          \
+            X1[GET_U8_BE(T1, 0)] ^                      \
+            X2[GET_U8_BE(T1, 1)] ^                      \
+            S1[GET_U8_BE(T1, 2)] ^                      \
+            S2[GET_U8_BE(T1, 3)];                       \
+        (T2) =                                          \
+            X1[GET_U8_BE(T2, 0)] ^                      \
+            X2[GET_U8_BE(T2, 1)] ^                      \
+            S1[GET_U8_BE(T2, 2)] ^                      \
+            S2[GET_U8_BE(T2, 3)];                       \
+        (T3) =                                          \
+            X1[GET_U8_BE(T3, 0)] ^                      \
+            X2[GET_U8_BE(T3, 1)] ^                      \
+            S1[GET_U8_BE(T3, 2)] ^                      \
+            S2[GET_U8_BE(T3, 3)];                       \
+    } while(0)
+
+/* Word-level diffusion */
+#define ARIA_DIFF_WORD(T0,T1,T2,T3) \
+    do {                            \
+        (T1) ^= (T2);               \
+        (T2) ^= (T3);               \
+        (T0) ^= (T1);               \
+                                    \
+        (T3) ^= (T1);               \
+        (T2) ^= (T0);               \
+        (T1) ^= (T2);               \
+    } while(0)
+
+/* Byte-level diffusion */
+#define ARIA_DIFF_BYTE(T0, T1, T2, T3)                                  \
+    do {                                                                \
+        (T1) = (((T1) << 8) & 0xff00ff00) ^ (((T1) >> 8) & 0x00ff00ff); \
+        (T2) = rotr32(T2, 16);                                          \
+        (T3) = bswap32(T3);                                             \
+    } while(0)
+
+/* Odd round Substitution & Diffusion */
+#define ARIA_SUBST_DIFF_ODD(T0, T1, T2, T3)             \
+    do {                                                \
+        ARIA_SBOX_LAYER1_WITH_PRE_DIFF(T0, T1, T2, T3); \
+        ARIA_DIFF_WORD(T0, T1, T2, T3);                 \
+        ARIA_DIFF_BYTE(T0, T1, T2, T3);                 \
+        ARIA_DIFF_WORD(T0, T1, T2, T3);                 \
+    } while(0)
+
+/* Even round Substitution & Diffusion */
+#define ARIA_SUBST_DIFF_EVEN(T0, T1, T2, T3)            \
+    do {                                                \
+        ARIA_SBOX_LAYER2_WITH_PRE_DIFF(T0, T1, T2, T3); \
+        ARIA_DIFF_WORD(T0, T1, T2, T3);                 \
+        ARIA_DIFF_BYTE(T2, T3, T0, T1);                 \
+        ARIA_DIFF_WORD(T0, T1, T2, T3);                 \
+    } while(0)
+
+/* Q, R Macro expanded ARIA GSRK */
+#define _ARIA_GSRK(RK, X, Y, Q, R)                  \
+    do {                                            \
+        (RK)->u[0] =                                \
+            ((X)[0]) ^                              \
+            (((Y)[((Q)    ) % 4]) >> (R)) ^         \
+            (((Y)[((Q) + 3) % 4]) << (32 - (R)));   \
+        (RK)->u[1] =                                \
+            ((X)[1]) ^                              \
+            (((Y)[((Q) + 1) % 4]) >> (R)) ^         \
+            (((Y)[((Q)    ) % 4]) << (32 - (R)));   \
+        (RK)->u[2] =                                \
+            ((X)[2]) ^                              \
+            (((Y)[((Q) + 2) % 4]) >> (R)) ^         \
+            (((Y)[((Q) + 1) % 4]) << (32 - (R)));   \
+        (RK)->u[3] =                                \
+            ((X)[3]) ^                              \
+            (((Y)[((Q) + 3) % 4]) >> (R)) ^         \
+            (((Y)[((Q) + 2) % 4]) << (32 - (R)));   \
+    } while(0)
+
+#define ARIA_GSRK(RK, X, Y, N) _ARIA_GSRK(RK, X, Y, 4 - ((N) / 32), (N) % 32)
+
+#define ARIA_DEC_DIFF_BYTE(X, Y, TMP, TMP2)         \
+    do {                                            \
+        (TMP) = (X);                                \
+        (TMP2) = rotr32((TMP), 8);                  \
+        (Y) = (TMP2) ^ rotr32((TMP) ^ (TMP2), 16);  \
+    } while(0)
+
+void aria_encrypt(const unsigned char *in, unsigned char *out,
+                  const ARIA_KEY *key)
+{
+    register uint32_t reg0, reg1, reg2, reg3;
+    int Nr;
+    const ARIA_u128 *rk;
+
+    if (in == NULL || out == NULL || key == NULL) {
+        return;
+    }
+
+    rk = key->rd_key;
+    Nr = key->rounds;
+
+    if (Nr != 12 && Nr != 14 && Nr != 16) {
+        return;
+    }
+
+    reg0 = GET_U32_BE(in, 0);
+    reg1 = GET_U32_BE(in, 1);
+    reg2 = GET_U32_BE(in, 2);
+    reg3 = GET_U32_BE(in, 3);
+
+    ARIA_ADD_ROUND_KEY(rk, reg0, reg1, reg2, reg3);
+    rk++;
+
+    ARIA_SUBST_DIFF_ODD(reg0, reg1, reg2, reg3);
+    ARIA_ADD_ROUND_KEY(rk, reg0, reg1, reg2, reg3);
+    rk++;
+
+    while(Nr -= 2){
+        ARIA_SUBST_DIFF_EVEN(reg0, reg1, reg2, reg3);
+        ARIA_ADD_ROUND_KEY(rk, reg0, reg1, reg2, reg3);
+        rk++;
+
+        ARIA_SUBST_DIFF_ODD(reg0, reg1, reg2, reg3);
+        ARIA_ADD_ROUND_KEY(rk, reg0, reg1, reg2, reg3);
+        rk++;
+    }
+
+    reg0 = rk->u[0] ^ MAKE_U32(
+        (uint8_t)(X1[GET_U8_BE(reg0, 0)]     ),
+        (uint8_t)(X2[GET_U8_BE(reg0, 1)] >> 8),
+        (uint8_t)(S1[GET_U8_BE(reg0, 2)]     ),
+        (uint8_t)(S2[GET_U8_BE(reg0, 3)]     ));
+    reg1 = rk->u[1] ^ MAKE_U32(
+        (uint8_t)(X1[GET_U8_BE(reg1, 0)]     ),
+        (uint8_t)(X2[GET_U8_BE(reg1, 1)] >> 8),
+        (uint8_t)(S1[GET_U8_BE(reg1, 2)]     ),
+        (uint8_t)(S2[GET_U8_BE(reg1, 3)]     ));
+    reg2 = rk->u[2] ^ MAKE_U32(
+        (uint8_t)(X1[GET_U8_BE(reg2, 0)]     ),
+        (uint8_t)(X2[GET_U8_BE(reg2, 1)] >> 8),
+        (uint8_t)(S1[GET_U8_BE(reg2, 2)]     ),
+        (uint8_t)(S2[GET_U8_BE(reg2, 3)]     ));
+    reg3 = rk->u[3] ^ MAKE_U32(
+        (uint8_t)(X1[GET_U8_BE(reg3, 0)]     ),
+        (uint8_t)(X2[GET_U8_BE(reg3, 1)] >> 8),
+        (uint8_t)(S1[GET_U8_BE(reg3, 2)]     ),
+        (uint8_t)(S2[GET_U8_BE(reg3, 3)]     ));
+
+    PUT_U32_BE(out, 0, reg0);
+    PUT_U32_BE(out, 1, reg1);
+    PUT_U32_BE(out, 2, reg2);
+    PUT_U32_BE(out, 3, reg3);
+}
+
+int aria_set_encrypt_key(const unsigned char *userKey, const int bits,
+                         ARIA_KEY *key)
+{
+    register uint32_t reg0, reg1, reg2, reg3;
+    uint32_t w0[4], w1[4], w2[4], w3[4];
+    const uint32_t *ck;
+
+    ARIA_u128 *rk;
+    int Nr = (bits + 256) / 32;
+
+    if (userKey == NULL || key == NULL) {
+        return -1;
+    }
+    if (bits != 128 && bits != 192 && bits != 256) {
+        return -2;
+    }
+
+    rk = key->rd_key;
+    key->rounds = Nr;
+    ck = &Key_RC[(bits - 128) / 64][0];
+
+    w0[0] = GET_U32_BE(userKey, 0);
+    w0[1] = GET_U32_BE(userKey, 1);
+    w0[2] = GET_U32_BE(userKey, 2);
+    w0[3] = GET_U32_BE(userKey, 3);
+
+    reg0 = w0[0] ^ ck[0];
+    reg1 = w0[1] ^ ck[1];
+    reg2 = w0[2] ^ ck[2];
+    reg3 = w0[3] ^ ck[3];
+
+    ARIA_SUBST_DIFF_ODD(reg0, reg1, reg2, reg3);
+
+    if (bits > 128) {
+        w1[0] = GET_U32_BE(userKey, 4);
+        w1[1] = GET_U32_BE(userKey, 5);
+        if (bits > 192) {
+            w1[2] = GET_U32_BE(userKey, 6);
+            w1[3] = GET_U32_BE(userKey, 7);
+        }
+        else {
+            w1[2] = w1[3] = 0;
+        }
+    }
+    else {
+        w1[0] = w1[1] = w1[2] = w1[3] = 0;
+    }
+
+    w1[0] ^= reg0;
+    w1[1] ^= reg1;
+    w1[2] ^= reg2;
+    w1[3] ^= reg3;
+
+    reg0 = w1[0];
+    reg1 = w1[1];
+    reg2 = w1[2];
+    reg3 = w1[3];
+
+    reg0 ^= ck[4];
+    reg1 ^= ck[5];
+    reg2 ^= ck[6];
+    reg3 ^= ck[7];
+
+    ARIA_SUBST_DIFF_EVEN(reg0, reg1, reg2, reg3);
+
+    reg0 ^= w0[0];
+    reg1 ^= w0[1];
+    reg2 ^= w0[2];
+    reg3 ^= w0[3];
+
+    w2[0] = reg0;
+    w2[1] = reg1;
+    w2[2] = reg2;
+    w2[3] = reg3;
+
+    reg0 ^= ck[8];
+    reg1 ^= ck[9];
+    reg2 ^= ck[10];
+    reg3 ^= ck[11];
+
+    ARIA_SUBST_DIFF_ODD(reg0, reg1, reg2, reg3);
+
+    w3[0] = reg0 ^ w1[0];
+    w3[1] = reg1 ^ w1[1];
+    w3[2] = reg2 ^ w1[2];
+    w3[3] = reg3 ^ w1[3];
+
+    ARIA_GSRK(rk, w0, w1, 19);
+    rk++;
+    ARIA_GSRK(rk, w1, w2, 19);
+    rk++;
+    ARIA_GSRK(rk, w2, w3, 19);
+    rk++;
+    ARIA_GSRK(rk, w3, w0, 19);
+
+    rk++;
+    ARIA_GSRK(rk, w0, w1, 31);
+    rk++;
+    ARIA_GSRK(rk, w1, w2, 31);
+    rk++;
+    ARIA_GSRK(rk, w2, w3, 31);
+    rk++;
+    ARIA_GSRK(rk, w3, w0, 31);
+
+    rk++;
+    ARIA_GSRK(rk, w0, w1, 67);
+    rk++;
+    ARIA_GSRK(rk, w1, w2, 67);
+    rk++;
+    ARIA_GSRK(rk, w2, w3, 67);
+    rk++;
+    ARIA_GSRK(rk, w3, w0, 67);
+
+    rk++;
+    ARIA_GSRK(rk, w0, w1, 97);
+    if (bits > 128) {
+        rk++;
+        ARIA_GSRK(rk, w1, w2, 97);
+        rk++;
+        ARIA_GSRK(rk, w2, w3, 97);
+    }
+    if (bits > 192) {
+        rk++;
+        ARIA_GSRK(rk, w3, w0, 97);
+
+        rk++;
+        ARIA_GSRK(rk, w0, w1, 109);
+    }
+
+    return 0;
+}
+
+int aria_set_decrypt_key(const unsigned char *userKey, const int bits,
+                         ARIA_KEY *key)
+{
+    ARIA_u128 *rk_head;
+    ARIA_u128 *rk_tail;
+    register uint32_t w1, w2;
+    register uint32_t reg0, reg1, reg2, reg3;
+    uint32_t s0, s1, s2, s3;
+
+    const int r = aria_set_encrypt_key(userKey, bits, key);
+
+    if (r != 0) {
+        return r;
+    }
+
+    rk_head = key->rd_key;
+    rk_tail = rk_head + key->rounds;
+
+    reg0 = rk_head->u[0];
+    reg1 = rk_head->u[1];
+    reg2 = rk_head->u[2];
+    reg3 = rk_head->u[3];
+
+    memcpy(rk_head, rk_tail, ARIA_BLOCK_SIZE);
+
+    rk_tail->u[0] = reg0;
+    rk_tail->u[1] = reg1;
+    rk_tail->u[2] = reg2;
+    rk_tail->u[3] = reg3;
+
+    rk_head++;
+    rk_tail--;
+
+    for (; rk_head < rk_tail; rk_head++, rk_tail--) {
+        ARIA_DEC_DIFF_BYTE(rk_head->u[0], reg0, w1, w2);
+        ARIA_DEC_DIFF_BYTE(rk_head->u[1], reg1, w1, w2);
+        ARIA_DEC_DIFF_BYTE(rk_head->u[2], reg2, w1, w2);
+        ARIA_DEC_DIFF_BYTE(rk_head->u[3], reg3, w1, w2);
+
+        ARIA_DIFF_WORD(reg0, reg1, reg2, reg3);
+        ARIA_DIFF_BYTE(reg0, reg1, reg2, reg3);
+        ARIA_DIFF_WORD(reg0, reg1, reg2, reg3);
+
+        s0 = reg0;
+        s1 = reg1;
+        s2 = reg2;
+        s3 = reg3;
+
+        ARIA_DEC_DIFF_BYTE(rk_tail->u[0], reg0, w1, w2);
+        ARIA_DEC_DIFF_BYTE(rk_tail->u[1], reg1, w1, w2);
+        ARIA_DEC_DIFF_BYTE(rk_tail->u[2], reg2, w1, w2);
+        ARIA_DEC_DIFF_BYTE(rk_tail->u[3], reg3, w1, w2);
+
+        ARIA_DIFF_WORD(reg0, reg1, reg2, reg3);
+        ARIA_DIFF_BYTE(reg0, reg1, reg2, reg3);
+        ARIA_DIFF_WORD(reg0, reg1, reg2, reg3);
+
+        rk_head->u[0] = reg0;
+        rk_head->u[1] = reg1;
+        rk_head->u[2] = reg2;
+        rk_head->u[3] = reg3;
+
+        rk_tail->u[0] = s0;
+        rk_tail->u[1] = s1;
+        rk_tail->u[2] = s2;
+        rk_tail->u[3] = s3;
+    }
+    ARIA_DEC_DIFF_BYTE(rk_head->u[0], reg0, w1, w2);
+    ARIA_DEC_DIFF_BYTE(rk_head->u[1], reg1, w1, w2);
+    ARIA_DEC_DIFF_BYTE(rk_head->u[2], reg2, w1, w2);
+    ARIA_DEC_DIFF_BYTE(rk_head->u[3], reg3, w1, w2);
+
+    ARIA_DIFF_WORD(reg0, reg1, reg2, reg3);
+    ARIA_DIFF_BYTE(reg0, reg1, reg2, reg3);
+    ARIA_DIFF_WORD(reg0, reg1, reg2, reg3);
+
+    rk_tail->u[0] = reg0;
+    rk_tail->u[1] = reg1;
+    rk_tail->u[2] = reg2;
+    rk_tail->u[3] = reg3;
+
+    return 0;
+}
+
+#else
+
+static const unsigned char sb1[256] = {
+    0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5,
+    0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
+    0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
+    0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
+    0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc,
+    0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
+    0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a,
+    0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
+    0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,
+    0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
+    0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b,
+    0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
+    0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85,
+    0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
+    0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,
+    0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
+    0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17,
+    0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
+    0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88,
+    0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
+    0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c,
+    0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
+    0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9,
+    0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
+    0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6,
+    0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
+    0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,
+    0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
+    0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94,
+    0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
+    0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68,
+    0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
+};
+
+static const unsigned char sb2[256] = {
+    0xe2, 0x4e, 0x54, 0xfc, 0x94, 0xc2, 0x4a, 0xcc,
+    0x62, 0x0d, 0x6a, 0x46, 0x3c, 0x4d, 0x8b, 0xd1,
+    0x5e, 0xfa, 0x64, 0xcb, 0xb4, 0x97, 0xbe, 0x2b,
+    0xbc, 0x77, 0x2e, 0x03, 0xd3, 0x19, 0x59, 0xc1,
+    0x1d, 0x06, 0x41, 0x6b, 0x55, 0xf0, 0x99, 0x69,
+    0xea, 0x9c, 0x18, 0xae, 0x63, 0xdf, 0xe7, 0xbb,
+    0x00, 0x73, 0x66, 0xfb, 0x96, 0x4c, 0x85, 0xe4,
+    0x3a, 0x09, 0x45, 0xaa, 0x0f, 0xee, 0x10, 0xeb,
+    0x2d, 0x7f, 0xf4, 0x29, 0xac, 0xcf, 0xad, 0x91,
+    0x8d, 0x78, 0xc8, 0x95, 0xf9, 0x2f, 0xce, 0xcd,
+    0x08, 0x7a, 0x88, 0x38, 0x5c, 0x83, 0x2a, 0x28,
+    0x47, 0xdb, 0xb8, 0xc7, 0x93, 0xa4, 0x12, 0x53,
+    0xff, 0x87, 0x0e, 0x31, 0x36, 0x21, 0x58, 0x48,
+    0x01, 0x8e, 0x37, 0x74, 0x32, 0xca, 0xe9, 0xb1,
+    0xb7, 0xab, 0x0c, 0xd7, 0xc4, 0x56, 0x42, 0x26,
+    0x07, 0x98, 0x60, 0xd9, 0xb6, 0xb9, 0x11, 0x40,
+    0xec, 0x20, 0x8c, 0xbd, 0xa0, 0xc9, 0x84, 0x04,
+    0x49, 0x23, 0xf1, 0x4f, 0x50, 0x1f, 0x13, 0xdc,
+    0xd8, 0xc0, 0x9e, 0x57, 0xe3, 0xc3, 0x7b, 0x65,
+    0x3b, 0x02, 0x8f, 0x3e, 0xe8, 0x25, 0x92, 0xe5,
+    0x15, 0xdd, 0xfd, 0x17, 0xa9, 0xbf, 0xd4, 0x9a,
+    0x7e, 0xc5, 0x39, 0x67, 0xfe, 0x76, 0x9d, 0x43,
+    0xa7, 0xe1, 0xd0, 0xf5, 0x68, 0xf2, 0x1b, 0x34,
+    0x70, 0x05, 0xa3, 0x8a, 0xd5, 0x79, 0x86, 0xa8,
+    0x30, 0xc6, 0x51, 0x4b, 0x1e, 0xa6, 0x27, 0xf6,
+    0x35, 0xd2, 0x6e, 0x24, 0x16, 0x82, 0x5f, 0xda,
+    0xe6, 0x75, 0xa2, 0xef, 0x2c, 0xb2, 0x1c, 0x9f,
+    0x5d, 0x6f, 0x80, 0x0a, 0x72, 0x44, 0x9b, 0x6c,
+    0x90, 0x0b, 0x5b, 0x33, 0x7d, 0x5a, 0x52, 0xf3,
+    0x61, 0xa1, 0xf7, 0xb0, 0xd6, 0x3f, 0x7c, 0x6d,
+    0xed, 0x14, 0xe0, 0xa5, 0x3d, 0x22, 0xb3, 0xf8,
+    0x89, 0xde, 0x71, 0x1a, 0xaf, 0xba, 0xb5, 0x81
+};
+
+static const unsigned char sb3[256] = {
+    0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38,
+    0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb,
+    0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87,
+    0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb,
+    0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d,
+    0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e,
+    0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2,
+    0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25,
+    0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16,
+    0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92,
+    0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda,
+    0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84,
+    0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a,
+    0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06,
+    0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02,
+    0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b,
+    0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea,
+    0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73,
+    0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85,
+    0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e,
+    0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89,
+    0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b,
+    0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20,
+    0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4,
+    0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31,
+    0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f,
+    0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d,
+    0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef,
+    0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0,
+    0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61,
+    0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26,
+    0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
+};
+
+static const unsigned char sb4[256] = {
+    0x30, 0x68, 0x99, 0x1b, 0x87, 0xb9, 0x21, 0x78,
+    0x50, 0x39, 0xdb, 0xe1, 0x72, 0x09, 0x62, 0x3c,
+    0x3e, 0x7e, 0x5e, 0x8e, 0xf1, 0xa0, 0xcc, 0xa3,
+    0x2a, 0x1d, 0xfb, 0xb6, 0xd6, 0x20, 0xc4, 0x8d,
+    0x81, 0x65, 0xf5, 0x89, 0xcb, 0x9d, 0x77, 0xc6,
+    0x57, 0x43, 0x56, 0x17, 0xd4, 0x40, 0x1a, 0x4d,
+    0xc0, 0x63, 0x6c, 0xe3, 0xb7, 0xc8, 0x64, 0x6a,
+    0x53, 0xaa, 0x38, 0x98, 0x0c, 0xf4, 0x9b, 0xed,
+    0x7f, 0x22, 0x76, 0xaf, 0xdd, 0x3a, 0x0b, 0x58,
+    0x67, 0x88, 0x06, 0xc3, 0x35, 0x0d, 0x01, 0x8b,
+    0x8c, 0xc2, 0xe6, 0x5f, 0x02, 0x24, 0x75, 0x93,
+    0x66, 0x1e, 0xe5, 0xe2, 0x54, 0xd8, 0x10, 0xce,
+    0x7a, 0xe8, 0x08, 0x2c, 0x12, 0x97, 0x32, 0xab,
+    0xb4, 0x27, 0x0a, 0x23, 0xdf, 0xef, 0xca, 0xd9,
+    0xb8, 0xfa, 0xdc, 0x31, 0x6b, 0xd1, 0xad, 0x19,
+    0x49, 0xbd, 0x51, 0x96, 0xee, 0xe4, 0xa8, 0x41,
+    0xda, 0xff, 0xcd, 0x55, 0x86, 0x36, 0xbe, 0x61,
+    0x52, 0xf8, 0xbb, 0x0e, 0x82, 0x48, 0x69, 0x9a,
+    0xe0, 0x47, 0x9e, 0x5c, 0x04, 0x4b, 0x34, 0x15,
+    0x79, 0x26, 0xa7, 0xde, 0x29, 0xae, 0x92, 0xd7,
+    0x84, 0xe9, 0xd2, 0xba, 0x5d, 0xf3, 0xc5, 0xb0,
+    0xbf, 0xa4, 0x3b, 0x71, 0x44, 0x46, 0x2b, 0xfc,
+    0xeb, 0x6f, 0xd5, 0xf6, 0x14, 0xfe, 0x7c, 0x70,
+    0x5a, 0x7d, 0xfd, 0x2f, 0x18, 0x83, 0x16, 0xa5,
+    0x91, 0x1f, 0x05, 0x95, 0x74, 0xa9, 0xc1, 0x5b,
+    0x4a, 0x85, 0x6d, 0x13, 0x07, 0x4f, 0x4e, 0x45,
+    0xb2, 0x0f, 0xc9, 0x1c, 0xa6, 0xbc, 0xec, 0x73,
+    0x90, 0x7b, 0xcf, 0x59, 0x8f, 0xa1, 0xf9, 0x2d,
+    0xf2, 0xb1, 0x00, 0x94, 0x37, 0x9f, 0xd0, 0x2e,
+    0x9c, 0x6e, 0x28, 0x3f, 0x80, 0xf0, 0x3d, 0xd3,
+    0x25, 0x8a, 0xb5, 0xe7, 0x42, 0xb3, 0xc7, 0xea,
+    0xf7, 0x4c, 0x11, 0x33, 0x03, 0xa2, 0xac, 0x60
+};
+
+static const ARIA_u128 c1 = {{
+    0x51, 0x7c, 0xc1, 0xb7, 0x27, 0x22, 0x0a, 0x94,
+    0xfe, 0x13, 0xab, 0xe8, 0xfa, 0x9a, 0x6e, 0xe0
+}};
+
+static const ARIA_u128 c2 = {{
+    0x6d, 0xb1, 0x4a, 0xcc, 0x9e, 0x21, 0xc8, 0x20,
+    0xff, 0x28, 0xb1, 0xd5, 0xef, 0x5d, 0xe2, 0xb0
+}};
+
+static const ARIA_u128 c3 = {{
+    0xdb, 0x92, 0x37, 0x1d, 0x21, 0x26, 0xe9, 0x70,
+    0x03, 0x24, 0x97, 0x75, 0x04, 0xe8, 0xc9, 0x0e
+}};
+
+/*
+ * Exclusive or two 128 bit values into the result.
+ * It is safe for the result to be the same as the either input.
+ */
+static void xor128(ARIA_c128 o, const ARIA_c128 x, const ARIA_u128 *y)
+{
+    int i;
+
+    for (i = 0; i < ARIA_BLOCK_SIZE; i++)
+        o[i] = x[i] ^ y->c[i];
+}
+
+/*
+ * Generalised circular rotate right and exclusive or function.
+ * It is safe for the output to overlap either input.
+ */
+static ossl_inline void rotnr(unsigned int n, ARIA_u128 *o,
+                              const ARIA_u128 *xor, const ARIA_u128 *z)
+{
+    const unsigned int bytes = n / 8, bits = n % 8;
+    unsigned int i;
+    ARIA_u128 t;
+
+    for (i = 0; i < ARIA_BLOCK_SIZE; i++)
+        t.c[(i + bytes) % ARIA_BLOCK_SIZE] = z->c[i];
+    for (i = 0; i < ARIA_BLOCK_SIZE; i++)
+        o->c[i] = ((t.c[i] >> bits) |
+                (t.c[i ? i - 1 : ARIA_BLOCK_SIZE - 1] << (8 - bits))) ^
+                xor->c[i];
+}
+
+/*
+ * Circular rotate 19 bits right and xor.
+ * It is safe for the output to overlap either input.
+ */
+static void rot19r(ARIA_u128 *o, const ARIA_u128 *xor, const ARIA_u128 *z)
+{
+    rotnr(19, o, xor, z);
+}
+
+/*
+ * Circular rotate 31 bits right and xor.
+ * It is safe for the output to overlap either input.
+ */
+static void rot31r(ARIA_u128 *o, const ARIA_u128 *xor, const ARIA_u128 *z)
+{
+    rotnr(31, o, xor, z);
+}
+
+/*
+ * Circular rotate 61 bits left and xor.
+ * It is safe for the output to overlap either input.
+ */
+static void rot61l(ARIA_u128 *o, const ARIA_u128 *xor, const ARIA_u128 *z)
+{
+    rotnr(8 * ARIA_BLOCK_SIZE - 61, o, xor, z);
+}
+
+/*
+ * Circular rotate 31 bits left and xor.
+ * It is safe for the output to overlap either input.
+ */
+static void rot31l(ARIA_u128 *o, const ARIA_u128 *xor, const ARIA_u128 *z)
+{
+    rotnr(8 * ARIA_BLOCK_SIZE - 31, o, xor, z);
+}
+
+/*
+ * Circular rotate 19 bits left and xor.
+ * It is safe for the output to overlap either input.
+ */
+static void rot19l(ARIA_u128 *o, const ARIA_u128 *xor, const ARIA_u128 *z)
+{
+    rotnr(8 * ARIA_BLOCK_SIZE - 19, o, xor, z);
+}
+
+/*
+ * First substitution and xor layer, used for odd steps.
+ * It is safe for the input and output to be the same.
+ */
+static void sl1(ARIA_u128 *o, const ARIA_u128 *x, const ARIA_u128 *y)
+{
+    unsigned int i;
+    for (i = 0; i < ARIA_BLOCK_SIZE; i += 4) {
+        o->c[i    ] = sb1[x->c[i    ] ^ y->c[i    ]];
+        o->c[i + 1] = sb2[x->c[i + 1] ^ y->c[i + 1]];
+        o->c[i + 2] = sb3[x->c[i + 2] ^ y->c[i + 2]];
+        o->c[i + 3] = sb4[x->c[i + 3] ^ y->c[i + 3]];
+    }
+}
+
+/*
+ * Second substitution and xor layer, used for even steps.
+ * It is safe for the input and output to be the same.
+ */
+static void sl2(ARIA_c128 o, const ARIA_u128 *x, const ARIA_u128 *y)
+{
+    unsigned int i;
+    for (i = 0; i < ARIA_BLOCK_SIZE; i += 4) {
+        o[i    ] = sb3[x->c[i	 ] ^ y->c[i    ]];
+        o[i + 1] = sb4[x->c[i + 1] ^ y->c[i + 1]];
+        o[i + 2] = sb1[x->c[i + 2] ^ y->c[i + 2]];
+        o[i + 3] = sb2[x->c[i + 3] ^ y->c[i + 3]];
+    }
+}
+
+/*
+ * Diffusion layer step
+ * It is NOT safe for the input and output to overlap.
+ */
+static void a(ARIA_u128 *y, const ARIA_u128 *x)
+{
+    y->c[ 0] = x->c[ 3] ^ x->c[ 4] ^ x->c[ 6] ^ x->c[ 8] ^
+               x->c[ 9] ^ x->c[13] ^ x->c[14];
+    y->c[ 1] = x->c[ 2] ^ x->c[ 5] ^ x->c[ 7] ^ x->c[ 8] ^
+               x->c[ 9] ^ x->c[12] ^ x->c[15];
+    y->c[ 2] = x->c[ 1] ^ x->c[ 4] ^ x->c[ 6] ^ x->c[10] ^
+               x->c[11] ^ x->c[12] ^ x->c[15];
+    y->c[ 3] = x->c[ 0] ^ x->c[ 5] ^ x->c[ 7] ^ x->c[10] ^
+               x->c[11] ^ x->c[13] ^ x->c[14];
+    y->c[ 4] = x->c[ 0] ^ x->c[ 2] ^ x->c[ 5] ^ x->c[ 8] ^
+               x->c[11] ^ x->c[14] ^ x->c[15];
+    y->c[ 5] = x->c[ 1] ^ x->c[ 3] ^ x->c[ 4] ^ x->c[ 9] ^
+               x->c[10] ^ x->c[14] ^ x->c[15];
+    y->c[ 6] = x->c[ 0] ^ x->c[ 2] ^ x->c[ 7] ^ x->c[ 9] ^
+               x->c[10] ^ x->c[12] ^ x->c[13];
+    y->c[ 7] = x->c[ 1] ^ x->c[ 3] ^ x->c[ 6] ^ x->c[ 8] ^
+               x->c[11] ^ x->c[12] ^ x->c[13];
+    y->c[ 8] = x->c[ 0] ^ x->c[ 1] ^ x->c[ 4] ^ x->c[ 7] ^
+               x->c[10] ^ x->c[13] ^ x->c[15];
+    y->c[ 9] = x->c[ 0] ^ x->c[ 1] ^ x->c[ 5] ^ x->c[ 6] ^
+               x->c[11] ^ x->c[12] ^ x->c[14];
+    y->c[10] = x->c[ 2] ^ x->c[ 3] ^ x->c[ 5] ^ x->c[ 6] ^
+               x->c[ 8] ^ x->c[13] ^ x->c[15];
+    y->c[11] = x->c[ 2] ^ x->c[ 3] ^ x->c[ 4] ^ x->c[ 7] ^
+               x->c[ 9] ^ x->c[12] ^ x->c[14];
+    y->c[12] = x->c[ 1] ^ x->c[ 2] ^ x->c[ 6] ^ x->c[ 7] ^
+               x->c[ 9] ^ x->c[11] ^ x->c[12];
+    y->c[13] = x->c[ 0] ^ x->c[ 3] ^ x->c[ 6] ^ x->c[ 7] ^
+               x->c[ 8] ^ x->c[10] ^ x->c[13];
+    y->c[14] = x->c[ 0] ^ x->c[ 3] ^ x->c[ 4] ^ x->c[ 5] ^
+               x->c[ 9] ^ x->c[11] ^ x->c[14];
+    y->c[15] = x->c[ 1] ^ x->c[ 2] ^ x->c[ 4] ^ x->c[ 5] ^
+               x->c[ 8] ^ x->c[10] ^ x->c[15];
+}
+
+/*
+ * Odd round function
+ * Apply the first substitution layer and then a diffusion step.
+ * It is safe for the input and output to overlap.
+ */
+static ossl_inline void FO(ARIA_u128 *o, const ARIA_u128 *d,
+                           const ARIA_u128 *rk)
+{
+    ARIA_u128 y;
+
+    sl1(&y, d, rk);
+    a(o, &y);
+}
+
+/*
+ * Even round function
+ * Apply the second substitution layer and then a diffusion step.
+ * It is safe for the input and output to overlap.
+ */
+static ossl_inline void FE(ARIA_u128 *o, const ARIA_u128 *d,
+                           const ARIA_u128 *rk)
+{
+    ARIA_u128 y;
+
+    sl2(y.c, d, rk);
+    a(o, &y);
+}
+
+/*
+ * Encrypt or decrypt a single block
+ * in and out can overlap
+ */
+static void do_encrypt(unsigned char *o, const unsigned char *pin,
+                       unsigned int rounds, const ARIA_u128 *keys)
+{
+    ARIA_u128 p;
+    unsigned int i;
+
+    memcpy(&p, pin, sizeof(p));
+    for (i = 0; i < rounds - 2; i += 2) {
+        FO(&p, &p, &keys[i]);
+        FE(&p, &p, &keys[i + 1]);
+    }
+    FO(&p, &p, &keys[rounds - 2]);
+    sl2(o, &p, &keys[rounds - 1]);
+    xor128(o, o, &keys[rounds]);
+}
+
+/*
+ * Encrypt a single block
+ * in and out can overlap
+ */
+void aria_encrypt(const unsigned char *in, unsigned char *out,
+                  const ARIA_KEY *key)
+{
+    assert(in != NULL && out != NULL && key != NULL);
+    do_encrypt(out, in, key->rounds, key->rd_key);
+}
+
+
+/*
+ * Expand the cipher key into the encryption key schedule.
+ * We short circuit execution of the last two
+ * or four rotations based on the key size.
+ */
+int aria_set_encrypt_key(const unsigned char *userKey, const int bits,
+                         ARIA_KEY *key)
+{
+    const ARIA_u128 *ck1, *ck2, *ck3;
+    ARIA_u128 kr, w0, w1, w2, w3;
+
+    if (!userKey || !key)
+        return -1;
+    memcpy(w0.c, userKey, sizeof(w0));
+    switch (bits) {
+    default:
+        return -2;
+    case 128:
+        key->rounds = 12;
+        ck1 = &c1;
+        ck2 = &c2;
+        ck3 = &c3;
+        memset(kr.c, 0, sizeof(kr));
+        break;
+
+    case 192:
+        key->rounds = 14;
+        ck1 = &c2;
+        ck2 = &c3;
+        ck3 = &c1;
+        memcpy(kr.c, userKey + ARIA_BLOCK_SIZE, sizeof(kr) / 2);
+        memset(kr.c + ARIA_BLOCK_SIZE / 2, 0, sizeof(kr) / 2);
+        break;
+
+    case 256:
+        key->rounds = 16;
+        ck1 = &c3;
+        ck2 = &c1;
+        ck3 = &c2;
+        memcpy(kr.c, userKey + ARIA_BLOCK_SIZE, sizeof(kr));
+        break;
+    }
+
+    FO(&w3, &w0, ck1);    xor128(w1.c, w3.c, &kr);
+    FE(&w3, &w1, ck2);    xor128(w2.c, w3.c, &w0);
+    FO(&kr, &w2, ck3);    xor128(w3.c, kr.c, &w1);
+
+    rot19r(&key->rd_key[ 0], &w0, &w1);
+    rot19r(&key->rd_key[ 1], &w1, &w2);
+    rot19r(&key->rd_key[ 2], &w2, &w3);
+    rot19r(&key->rd_key[ 3], &w3, &w0);
+
+    rot31r(&key->rd_key[ 4], &w0, &w1);
+    rot31r(&key->rd_key[ 5], &w1, &w2);
+    rot31r(&key->rd_key[ 6], &w2, &w3);
+    rot31r(&key->rd_key[ 7], &w3, &w0);
+
+    rot61l(&key->rd_key[ 8], &w0, &w1);
+    rot61l(&key->rd_key[ 9], &w1, &w2);
+    rot61l(&key->rd_key[10], &w2, &w3);
+    rot61l(&key->rd_key[11], &w3, &w0);
+
+    rot31l(&key->rd_key[12], &w0, &w1);
+    if (key->rounds > 12) {
+        rot31l(&key->rd_key[13], &w1, &w2);
+        rot31l(&key->rd_key[14], &w2, &w3);
+
+        if (key->rounds > 14) {
+            rot31l(&key->rd_key[15], &w3, &w0);
+            rot19l(&key->rd_key[16], &w0, &w1);
+        }
+    }
+    return 0;
+}
+
+/*
+ * Expand the cipher key into the decryption key schedule.
+ */
+int aria_set_decrypt_key(const unsigned char *userKey, const int bits,
+                         ARIA_KEY *key)
+{
+    ARIA_KEY ek;
+    const int r = aria_set_encrypt_key(userKey, bits, &ek);
+    unsigned int i, rounds = ek.rounds;
+
+    if (r == 0) {
+        key->rounds = rounds;
+        memcpy(&key->rd_key[0], &ek.rd_key[rounds], sizeof(key->rd_key[0]));
+        for (i = 1; i < rounds; i++)
+            a(&key->rd_key[i], &ek.rd_key[rounds - i]);
+        memcpy(&key->rd_key[rounds], &ek.rd_key[0], sizeof(key->rd_key[rounds]));
+    }
+    return r;
+}
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aria/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/aria/build.info
new file mode 100644
index 000000000..218d0612f
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aria/build.info
@@ -0,0 +1,4 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        aria.c
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/arm64cpuid.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/arm64cpuid.pl
new file mode 100755
index 000000000..06c8add7a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/arm64cpuid.pl
@@ -0,0 +1,147 @@
+#! /usr/bin/env perl
+# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+$flavour = shift;
+$output  = shift;
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}perlasm/arm-xlate.pl" and -f $xlate) or
+die "can't locate arm-xlate.pl";
+
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
+
+$code.=<<___;
+#include "arm_arch.h"
+
+.text
+.arch	armv8-a+crypto
+
+.align	5
+.globl	_armv7_neon_probe
+.type	_armv7_neon_probe,%function
+_armv7_neon_probe:
+	orr	v15.16b, v15.16b, v15.16b
+	ret
+.size	_armv7_neon_probe,.-_armv7_neon_probe
+
+.globl	_armv7_tick
+.type	_armv7_tick,%function
+_armv7_tick:
+#ifdef	__APPLE__
+	mrs	x0, CNTPCT_EL0
+#else
+	mrs	x0, CNTVCT_EL0
+#endif
+	ret
+.size	_armv7_tick,.-_armv7_tick
+
+.globl	_armv8_aes_probe
+.type	_armv8_aes_probe,%function
+_armv8_aes_probe:
+	aese	v0.16b, v0.16b
+	ret
+.size	_armv8_aes_probe,.-_armv8_aes_probe
+
+.globl	_armv8_sha1_probe
+.type	_armv8_sha1_probe,%function
+_armv8_sha1_probe:
+	sha1h	s0, s0
+	ret
+.size	_armv8_sha1_probe,.-_armv8_sha1_probe
+
+.globl	_armv8_sha256_probe
+.type	_armv8_sha256_probe,%function
+_armv8_sha256_probe:
+	sha256su0	v0.4s, v0.4s
+	ret
+.size	_armv8_sha256_probe,.-_armv8_sha256_probe
+
+.globl	_armv8_pmull_probe
+.type	_armv8_pmull_probe,%function
+_armv8_pmull_probe:
+	pmull	v0.1q, v0.1d, v0.1d
+	ret
+.size	_armv8_pmull_probe,.-_armv8_pmull_probe
+
+.globl	_armv8_sha512_probe
+.type	_armv8_sha512_probe,%function
+_armv8_sha512_probe:
+	.long	0xcec08000	// sha512su0	v0.2d,v0.2d
+	ret
+.size	_armv8_sha512_probe,.-_armv8_sha512_probe
+
+.globl	OPENSSL_cleanse
+.type	OPENSSL_cleanse,%function
+.align	5
+OPENSSL_cleanse:
+	cbz	x1,.Lret	// len==0?
+	cmp	x1,#15
+	b.hi	.Lot		// len>15
+	nop
+.Little:
+	strb	wzr,[x0],#1	// store byte-by-byte
+	subs	x1,x1,#1
+	b.ne	.Little
+.Lret:	ret
+
+.align	4
+.Lot:	tst	x0,#7
+	b.eq	.Laligned	// inp is aligned
+	strb	wzr,[x0],#1	// store byte-by-byte
+	sub	x1,x1,#1
+	b	.Lot
+
+.align	4
+.Laligned:
+	str	xzr,[x0],#8	// store word-by-word
+	sub	x1,x1,#8
+	tst	x1,#-8
+	b.ne	.Laligned	// len>=8
+	cbnz	x1,.Little	// len!=0?
+	ret
+.size	OPENSSL_cleanse,.-OPENSSL_cleanse
+
+.globl	CRYPTO_memcmp
+.type	CRYPTO_memcmp,%function
+.align	4
+CRYPTO_memcmp:
+	eor	w3,w3,w3
+	cbz	x2,.Lno_data	// len==0?
+	cmp	x2,#16
+	b.ne	.Loop_cmp
+	ldp	x8,x9,[x0]
+	ldp	x10,x11,[x1]
+	eor	x8,x8,x10
+	eor	x9,x9,x11
+	orr	x8,x8,x9
+	mov	x0,#1
+	cmp	x8,#0
+	csel	x0,xzr,x0,eq
+	ret
+
+.align	4
+.Loop_cmp:
+	ldrb	w4,[x0],#1
+	ldrb	w5,[x1],#1
+	eor	w4,w4,w5
+	orr	w3,w3,w4
+	subs	x2,x2,#1
+	b.ne	.Loop_cmp
+
+.Lno_data:
+	neg	w0,w3
+	lsr	w0,w0,#31
+	ret
+.size	CRYPTO_memcmp,.-CRYPTO_memcmp
+___
+
+print $code;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/arm_arch.h b/trunk/3rdparty/openssl-1.1-fit/crypto/arm_arch.h
new file mode 100644
index 000000000..f11b543df
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/arm_arch.h
@@ -0,0 +1,84 @@
+/*
+ * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef __ARM_ARCH_H__
+# define __ARM_ARCH_H__
+
+# if !defined(__ARM_ARCH__)
+#  if defined(__CC_ARM)
+#   define __ARM_ARCH__ __TARGET_ARCH_ARM
+#   if defined(__BIG_ENDIAN)
+#    define __ARMEB__
+#   else
+#    define __ARMEL__
+#   endif
+#  elif defined(__GNUC__)
+#   if   defined(__aarch64__)
+#    define __ARM_ARCH__ 8
+#    if __BYTE_ORDER__==__ORDER_BIG_ENDIAN__
+#     define __ARMEB__
+#    else
+#     define __ARMEL__
+#    endif
+  /*
+   * Why doesn't gcc define __ARM_ARCH__? Instead it defines
+   * bunch of below macros. See all_architectures[] table in
+   * gcc/config/arm/arm.c. On a side note it defines
+   * __ARMEL__/__ARMEB__ for little-/big-endian.
+   */
+#   elif defined(__ARM_ARCH)
+#    define __ARM_ARCH__ __ARM_ARCH
+#   elif defined(__ARM_ARCH_8A__)
+#    define __ARM_ARCH__ 8
+#   elif defined(__ARM_ARCH_7__) || defined(__ARM_ARCH_7A__)     || \
+        defined(__ARM_ARCH_7R__)|| defined(__ARM_ARCH_7M__)     || \
+        defined(__ARM_ARCH_7EM__)
+#    define __ARM_ARCH__ 7
+#   elif defined(__ARM_ARCH_6__) || defined(__ARM_ARCH_6J__)     || \
+        defined(__ARM_ARCH_6K__)|| defined(__ARM_ARCH_6M__)     || \
+        defined(__ARM_ARCH_6Z__)|| defined(__ARM_ARCH_6ZK__)    || \
+        defined(__ARM_ARCH_6T2__)
+#    define __ARM_ARCH__ 6
+#   elif defined(__ARM_ARCH_5__) || defined(__ARM_ARCH_5T__)     || \
+        defined(__ARM_ARCH_5E__)|| defined(__ARM_ARCH_5TE__)    || \
+        defined(__ARM_ARCH_5TEJ__)
+#    define __ARM_ARCH__ 5
+#   elif defined(__ARM_ARCH_4__) || defined(__ARM_ARCH_4T__)
+#    define __ARM_ARCH__ 4
+#   else
+#    error "unsupported ARM architecture"
+#   endif
+#  endif
+# endif
+
+# if !defined(__ARM_MAX_ARCH__)
+#  define __ARM_MAX_ARCH__ __ARM_ARCH__
+# endif
+
+# if __ARM_MAX_ARCH__<__ARM_ARCH__
+#  error "__ARM_MAX_ARCH__ can't be less than __ARM_ARCH__"
+# elif __ARM_MAX_ARCH__!=__ARM_ARCH__
+#  if __ARM_ARCH__<7 && __ARM_MAX_ARCH__>=7 && defined(__ARMEB__)
+#   error "can't build universal big-endian binary"
+#  endif
+# endif
+
+# ifndef __ASSEMBLER__
+extern unsigned int OPENSSL_armcap_P;
+# endif
+
+# define ARMV7_NEON      (1<<0)
+# define ARMV7_TICK      (1<<1)
+# define ARMV8_AES       (1<<2)
+# define ARMV8_SHA1      (1<<3)
+# define ARMV8_SHA256    (1<<4)
+# define ARMV8_PMULL     (1<<5)
+# define ARMV8_SHA512    (1<<6)
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/armcap.c b/trunk/3rdparty/openssl-1.1-fit/crypto/armcap.c
new file mode 100644
index 000000000..58e54f0da
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/armcap.c
@@ -0,0 +1,214 @@
+/*
+ * Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <setjmp.h>
+#include <signal.h>
+#include <openssl/crypto.h>
+#include "internal/cryptlib.h"
+
+#include "arm_arch.h"
+
+unsigned int OPENSSL_armcap_P = 0;
+
+#if __ARM_MAX_ARCH__<7
+void OPENSSL_cpuid_setup(void)
+{
+}
+
+uint32_t OPENSSL_rdtsc(void)
+{
+    return 0;
+}
+#else
+static sigset_t all_masked;
+
+static sigjmp_buf ill_jmp;
+static void ill_handler(int sig)
+{
+    siglongjmp(ill_jmp, sig);
+}
+
+/*
+ * Following subroutines could have been inlined, but it's not all
+ * ARM compilers support inline assembler...
+ */
+void _armv7_neon_probe(void);
+void _armv8_aes_probe(void);
+void _armv8_sha1_probe(void);
+void _armv8_sha256_probe(void);
+void _armv8_pmull_probe(void);
+# ifdef __aarch64__
+void _armv8_sha512_probe(void);
+# endif
+uint32_t _armv7_tick(void);
+
+uint32_t OPENSSL_rdtsc(void)
+{
+    if (OPENSSL_armcap_P & ARMV7_TICK)
+        return _armv7_tick();
+    else
+        return 0;
+}
+
+# if defined(__GNUC__) && __GNUC__>=2
+void OPENSSL_cpuid_setup(void) __attribute__ ((constructor));
+# endif
+
+# if defined(__GLIBC__) && defined(__GLIBC_PREREQ)
+#  if __GLIBC_PREREQ(2, 16)
+#   include <sys/auxv.h>
+#   define OSSL_IMPLEMENT_GETAUXVAL
+#  endif
+# endif
+
+/*
+ * ARM puts the feature bits for Crypto Extensions in AT_HWCAP2, whereas
+ * AArch64 used AT_HWCAP.
+ */
+# if defined(__arm__) || defined (__arm)
+#  define HWCAP                  16
+                                  /* AT_HWCAP */
+#  define HWCAP_NEON             (1 << 12)
+
+#  define HWCAP_CE               26
+                                  /* AT_HWCAP2 */
+#  define HWCAP_CE_AES           (1 << 0)
+#  define HWCAP_CE_PMULL         (1 << 1)
+#  define HWCAP_CE_SHA1          (1 << 2)
+#  define HWCAP_CE_SHA256        (1 << 3)
+# elif defined(__aarch64__)
+#  define HWCAP                  16
+                                  /* AT_HWCAP */
+#  define HWCAP_NEON             (1 << 1)
+
+#  define HWCAP_CE               HWCAP
+#  define HWCAP_CE_AES           (1 << 3)
+#  define HWCAP_CE_PMULL         (1 << 4)
+#  define HWCAP_CE_SHA1          (1 << 5)
+#  define HWCAP_CE_SHA256        (1 << 6)
+#  define HWCAP_CE_SHA512        (1 << 21)
+# endif
+
+void OPENSSL_cpuid_setup(void)
+{
+    const char *e;
+    struct sigaction ill_oact, ill_act;
+    sigset_t oset;
+    static int trigger = 0;
+
+    if (trigger)
+        return;
+    trigger = 1;
+
+    if ((e = getenv("OPENSSL_armcap"))) {
+        OPENSSL_armcap_P = (unsigned int)strtoul(e, NULL, 0);
+        return;
+    }
+
+# if defined(__APPLE__) && !defined(__aarch64__)
+    /*
+     * Capability probing by catching SIGILL appears to be problematic
+     * on iOS. But since Apple universe is "monocultural", it's actually
+     * possible to simply set pre-defined processor capability mask.
+     */
+    if (1) {
+        OPENSSL_armcap_P = ARMV7_NEON;
+        return;
+    }
+    /*
+     * One could do same even for __aarch64__ iOS builds. It's not done
+     * exclusively for reasons of keeping code unified across platforms.
+     * Unified code works because it never triggers SIGILL on Apple
+     * devices...
+     */
+# endif
+
+    OPENSSL_armcap_P = 0;
+
+# ifdef OSSL_IMPLEMENT_GETAUXVAL
+    if (getauxval(HWCAP) & HWCAP_NEON) {
+        unsigned long hwcap = getauxval(HWCAP_CE);
+
+        OPENSSL_armcap_P |= ARMV7_NEON;
+
+        if (hwcap & HWCAP_CE_AES)
+            OPENSSL_armcap_P |= ARMV8_AES;
+
+        if (hwcap & HWCAP_CE_PMULL)
+            OPENSSL_armcap_P |= ARMV8_PMULL;
+
+        if (hwcap & HWCAP_CE_SHA1)
+            OPENSSL_armcap_P |= ARMV8_SHA1;
+
+        if (hwcap & HWCAP_CE_SHA256)
+            OPENSSL_armcap_P |= ARMV8_SHA256;
+
+#  ifdef __aarch64__
+        if (hwcap & HWCAP_CE_SHA512)
+            OPENSSL_armcap_P |= ARMV8_SHA512;
+#  endif
+    }
+# endif
+
+    sigfillset(&all_masked);
+    sigdelset(&all_masked, SIGILL);
+    sigdelset(&all_masked, SIGTRAP);
+    sigdelset(&all_masked, SIGFPE);
+    sigdelset(&all_masked, SIGBUS);
+    sigdelset(&all_masked, SIGSEGV);
+
+    memset(&ill_act, 0, sizeof(ill_act));
+    ill_act.sa_handler = ill_handler;
+    ill_act.sa_mask = all_masked;
+
+    sigprocmask(SIG_SETMASK, &ill_act.sa_mask, &oset);
+    sigaction(SIGILL, &ill_act, &ill_oact);
+
+    /* If we used getauxval, we already have all the values */
+# ifndef OSSL_IMPLEMENT_GETAUXVAL
+    if (sigsetjmp(ill_jmp, 1) == 0) {
+        _armv7_neon_probe();
+        OPENSSL_armcap_P |= ARMV7_NEON;
+        if (sigsetjmp(ill_jmp, 1) == 0) {
+            _armv8_pmull_probe();
+            OPENSSL_armcap_P |= ARMV8_PMULL | ARMV8_AES;
+        } else if (sigsetjmp(ill_jmp, 1) == 0) {
+            _armv8_aes_probe();
+            OPENSSL_armcap_P |= ARMV8_AES;
+        }
+        if (sigsetjmp(ill_jmp, 1) == 0) {
+            _armv8_sha1_probe();
+            OPENSSL_armcap_P |= ARMV8_SHA1;
+        }
+        if (sigsetjmp(ill_jmp, 1) == 0) {
+            _armv8_sha256_probe();
+            OPENSSL_armcap_P |= ARMV8_SHA256;
+        }
+#  if defined(__aarch64__) && !defined(__APPLE__)
+        if (sigsetjmp(ill_jmp, 1) == 0) {
+            _armv8_sha512_probe();
+            OPENSSL_armcap_P |= ARMV8_SHA512;
+        }
+#  endif
+    }
+# endif
+
+    /* Things that getauxval didn't tell us */
+    if (sigsetjmp(ill_jmp, 1) == 0) {
+        _armv7_tick();
+        OPENSSL_armcap_P |= ARMV7_TICK;
+    }
+
+    sigaction(SIGILL, &ill_oact, NULL);
+    sigprocmask(SIG_SETMASK, &oset, NULL);
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/armv4cpuid.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/armv4cpuid.pl
new file mode 100644
index 000000000..ab007c19c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/armv4cpuid.pl
@@ -0,0 +1,296 @@
+#! /usr/bin/env perl
+# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+$flavour = shift;
+$output  = shift;
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}perlasm/arm-xlate.pl" and -f $xlate) or
+die "can't locate arm-xlate.pl";
+
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
+
+$code.=<<___;
+#include "arm_arch.h"
+
+.text
+#if defined(__thumb2__) && !defined(__APPLE__)
+.syntax	unified
+.thumb
+#else
+.code	32
+#undef	__thumb2__
+#endif
+
+.align	5
+.global	OPENSSL_atomic_add
+.type	OPENSSL_atomic_add,%function
+OPENSSL_atomic_add:
+#if __ARM_ARCH__>=6
+.Ladd:	ldrex	r2,[r0]
+	add	r3,r2,r1
+	strex	r2,r3,[r0]
+	cmp	r2,#0
+	bne	.Ladd
+	mov	r0,r3
+	bx	lr
+#else
+	stmdb	sp!,{r4-r6,lr}
+	ldr	r2,.Lspinlock
+	adr	r3,.Lspinlock
+	mov	r4,r0
+	mov	r5,r1
+	add	r6,r3,r2	@ &spinlock
+	b	.+8
+.Lspin:	bl	sched_yield
+	mov	r0,#-1
+	swp	r0,r0,[r6]
+	cmp	r0,#0
+	bne	.Lspin
+
+	ldr	r2,[r4]
+	add	r2,r2,r5
+	str	r2,[r4]
+	str	r0,[r6]		@ release spinlock
+	ldmia	sp!,{r4-r6,lr}
+	tst	lr,#1
+	moveq	pc,lr
+	.word	0xe12fff1e	@ bx	lr
+#endif
+.size	OPENSSL_atomic_add,.-OPENSSL_atomic_add
+
+.global	OPENSSL_cleanse
+.type	OPENSSL_cleanse,%function
+OPENSSL_cleanse:
+	eor	ip,ip,ip
+	cmp	r1,#7
+#ifdef	__thumb2__
+	itt	hs
+#endif
+	subhs	r1,r1,#4
+	bhs	.Lot
+	cmp	r1,#0
+	beq	.Lcleanse_done
+.Little:
+	strb	ip,[r0],#1
+	subs	r1,r1,#1
+	bhi	.Little
+	b	.Lcleanse_done
+
+.Lot:	tst	r0,#3
+	beq	.Laligned
+	strb	ip,[r0],#1
+	sub	r1,r1,#1
+	b	.Lot
+.Laligned:
+	str	ip,[r0],#4
+	subs	r1,r1,#4
+	bhs	.Laligned
+	adds	r1,r1,#4
+	bne	.Little
+.Lcleanse_done:
+#if __ARM_ARCH__>=5
+	bx	lr
+#else
+	tst	lr,#1
+	moveq	pc,lr
+	.word	0xe12fff1e	@ bx	lr
+#endif
+.size	OPENSSL_cleanse,.-OPENSSL_cleanse
+
+.global	CRYPTO_memcmp
+.type	CRYPTO_memcmp,%function
+.align	4
+CRYPTO_memcmp:
+	eor	ip,ip,ip
+	cmp	r2,#0
+	beq	.Lno_data
+	stmdb	sp!,{r4,r5}
+
+.Loop_cmp:
+	ldrb	r4,[r0],#1
+	ldrb	r5,[r1],#1
+	eor	r4,r4,r5
+	orr	ip,ip,r4
+	subs	r2,r2,#1
+	bne	.Loop_cmp
+
+	ldmia	sp!,{r4,r5}
+.Lno_data:
+	rsb	r0,ip,#0
+	mov	r0,r0,lsr#31
+#if __ARM_ARCH__>=5
+	bx	lr
+#else
+	tst	lr,#1
+	moveq	pc,lr
+	.word	0xe12fff1e	@ bx	lr
+#endif
+.size	CRYPTO_memcmp,.-CRYPTO_memcmp
+
+#if __ARM_MAX_ARCH__>=7
+.arch	armv7-a
+.fpu	neon
+
+.align	5
+.global	_armv7_neon_probe
+.type	_armv7_neon_probe,%function
+_armv7_neon_probe:
+	vorr	q0,q0,q0
+	bx	lr
+.size	_armv7_neon_probe,.-_armv7_neon_probe
+
+.global	_armv7_tick
+.type	_armv7_tick,%function
+_armv7_tick:
+#ifdef	__APPLE__
+	mrrc	p15,0,r0,r1,c14		@ CNTPCT
+#else
+	mrrc	p15,1,r0,r1,c14		@ CNTVCT
+#endif
+	bx	lr
+.size	_armv7_tick,.-_armv7_tick
+
+.global	_armv8_aes_probe
+.type	_armv8_aes_probe,%function
+_armv8_aes_probe:
+#if defined(__thumb2__) && !defined(__APPLE__)
+	.byte	0xb0,0xff,0x00,0x03	@ aese.8	q0,q0
+#else
+	.byte	0x00,0x03,0xb0,0xf3	@ aese.8	q0,q0
+#endif
+	bx	lr
+.size	_armv8_aes_probe,.-_armv8_aes_probe
+
+.global	_armv8_sha1_probe
+.type	_armv8_sha1_probe,%function
+_armv8_sha1_probe:
+#if defined(__thumb2__) && !defined(__APPLE__)
+	.byte	0x00,0xef,0x40,0x0c	@ sha1c.32	q0,q0,q0
+#else
+	.byte	0x40,0x0c,0x00,0xf2	@ sha1c.32	q0,q0,q0
+#endif
+	bx	lr
+.size	_armv8_sha1_probe,.-_armv8_sha1_probe
+
+.global	_armv8_sha256_probe
+.type	_armv8_sha256_probe,%function
+_armv8_sha256_probe:
+#if defined(__thumb2__) && !defined(__APPLE__)
+	.byte	0x00,0xff,0x40,0x0c	@ sha256h.32	q0,q0,q0
+#else
+	.byte	0x40,0x0c,0x00,0xf3	@ sha256h.32	q0,q0,q0
+#endif
+	bx	lr
+.size	_armv8_sha256_probe,.-_armv8_sha256_probe
+.global	_armv8_pmull_probe
+.type	_armv8_pmull_probe,%function
+_armv8_pmull_probe:
+#if defined(__thumb2__) && !defined(__APPLE__)
+	.byte	0xa0,0xef,0x00,0x0e	@ vmull.p64	q0,d0,d0
+#else
+	.byte	0x00,0x0e,0xa0,0xf2	@ vmull.p64	q0,d0,d0
+#endif
+	bx	lr
+.size	_armv8_pmull_probe,.-_armv8_pmull_probe
+#endif
+
+.global	OPENSSL_wipe_cpu
+.type	OPENSSL_wipe_cpu,%function
+OPENSSL_wipe_cpu:
+#if __ARM_MAX_ARCH__>=7
+	ldr	r0,.LOPENSSL_armcap
+	adr	r1,.LOPENSSL_armcap
+	ldr	r0,[r1,r0]
+#ifdef	__APPLE__
+	ldr	r0,[r0]
+#endif
+#endif
+	eor	r2,r2,r2
+	eor	r3,r3,r3
+	eor	ip,ip,ip
+#if __ARM_MAX_ARCH__>=7
+	tst	r0,#1
+	beq	.Lwipe_done
+	veor	q0, q0, q0
+	veor	q1, q1, q1
+	veor	q2, q2, q2
+	veor	q3, q3, q3
+	veor	q8, q8, q8
+	veor	q9, q9, q9
+	veor	q10, q10, q10
+	veor	q11, q11, q11
+	veor	q12, q12, q12
+	veor	q13, q13, q13
+	veor	q14, q14, q14
+	veor	q15, q15, q15
+.Lwipe_done:
+#endif
+	mov	r0,sp
+#if __ARM_ARCH__>=5
+	bx	lr
+#else
+	tst	lr,#1
+	moveq	pc,lr
+	.word	0xe12fff1e	@ bx	lr
+#endif
+.size	OPENSSL_wipe_cpu,.-OPENSSL_wipe_cpu
+
+.global	OPENSSL_instrument_bus
+.type	OPENSSL_instrument_bus,%function
+OPENSSL_instrument_bus:
+	eor	r0,r0,r0
+#if __ARM_ARCH__>=5
+	bx	lr
+#else
+	tst	lr,#1
+	moveq	pc,lr
+	.word	0xe12fff1e	@ bx	lr
+#endif
+.size	OPENSSL_instrument_bus,.-OPENSSL_instrument_bus
+
+.global	OPENSSL_instrument_bus2
+.type	OPENSSL_instrument_bus2,%function
+OPENSSL_instrument_bus2:
+	eor	r0,r0,r0
+#if __ARM_ARCH__>=5
+	bx	lr
+#else
+	tst	lr,#1
+	moveq	pc,lr
+	.word	0xe12fff1e	@ bx	lr
+#endif
+.size	OPENSSL_instrument_bus2,.-OPENSSL_instrument_bus2
+
+.align	5
+#if __ARM_MAX_ARCH__>=7
+.LOPENSSL_armcap:
+.word	OPENSSL_armcap_P-.
+#endif
+#if __ARM_ARCH__>=6
+.align	5
+#else
+.Lspinlock:
+.word	atomic_add_spinlock-.Lspinlock
+.align	5
+
+.data
+.align	2
+atomic_add_spinlock:
+.word	0
+#endif
+
+.comm	OPENSSL_armcap_P,4,4
+.hidden	OPENSSL_armcap_P
+___
+
+print $code;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_bitstr.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_bitstr.c
new file mode 100644
index 000000000..bffbd160a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_bitstr.c
@@ -0,0 +1,216 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <limits.h>
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include "asn1_locl.h"
+
+int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len)
+{
+    return ASN1_STRING_set(x, d, len);
+}
+
+int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
+{
+    int ret, j, bits, len;
+    unsigned char *p, *d;
+
+    if (a == NULL)
+        return 0;
+
+    len = a->length;
+
+    if (len > 0) {
+        if (a->flags & ASN1_STRING_FLAG_BITS_LEFT) {
+            bits = (int)a->flags & 0x07;
+        } else {
+            for (; len > 0; len--) {
+                if (a->data[len - 1])
+                    break;
+            }
+            j = a->data[len - 1];
+            if (j & 0x01)
+                bits = 0;
+            else if (j & 0x02)
+                bits = 1;
+            else if (j & 0x04)
+                bits = 2;
+            else if (j & 0x08)
+                bits = 3;
+            else if (j & 0x10)
+                bits = 4;
+            else if (j & 0x20)
+                bits = 5;
+            else if (j & 0x40)
+                bits = 6;
+            else if (j & 0x80)
+                bits = 7;
+            else
+                bits = 0;       /* should not happen */
+        }
+    } else
+        bits = 0;
+
+    ret = 1 + len;
+    if (pp == NULL)
+        return ret;
+
+    p = *pp;
+
+    *(p++) = (unsigned char)bits;
+    d = a->data;
+    if (len > 0) {
+        memcpy(p, d, len);
+        p += len;
+        p[-1] &= (0xff << bits);
+    }
+    *pp = p;
+    return ret;
+}
+
+ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
+                                     const unsigned char **pp, long len)
+{
+    ASN1_BIT_STRING *ret = NULL;
+    const unsigned char *p;
+    unsigned char *s;
+    int i;
+
+    if (len < 1) {
+        i = ASN1_R_STRING_TOO_SHORT;
+        goto err;
+    }
+
+    if (len > INT_MAX) {
+        i = ASN1_R_STRING_TOO_LONG;
+        goto err;
+    }
+
+    if ((a == NULL) || ((*a) == NULL)) {
+        if ((ret = ASN1_BIT_STRING_new()) == NULL)
+            return NULL;
+    } else
+        ret = (*a);
+
+    p = *pp;
+    i = *(p++);
+    if (i > 7) {
+        i = ASN1_R_INVALID_BIT_STRING_BITS_LEFT;
+        goto err;
+    }
+    /*
+     * We do this to preserve the settings.  If we modify the settings, via
+     * the _set_bit function, we will recalculate on output
+     */
+    ret->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); /* clear */
+    ret->flags |= (ASN1_STRING_FLAG_BITS_LEFT | i); /* set */
+
+    if (len-- > 1) {            /* using one because of the bits left byte */
+        s = OPENSSL_malloc((int)len);
+        if (s == NULL) {
+            i = ERR_R_MALLOC_FAILURE;
+            goto err;
+        }
+        memcpy(s, p, (int)len);
+        s[len - 1] &= (0xff << i);
+        p += len;
+    } else
+        s = NULL;
+
+    ret->length = (int)len;
+    OPENSSL_free(ret->data);
+    ret->data = s;
+    ret->type = V_ASN1_BIT_STRING;
+    if (a != NULL)
+        (*a) = ret;
+    *pp = p;
+    return ret;
+ err:
+    ASN1err(ASN1_F_C2I_ASN1_BIT_STRING, i);
+    if ((a == NULL) || (*a != ret))
+        ASN1_BIT_STRING_free(ret);
+    return NULL;
+}
+
+/*
+ * These next 2 functions from Goetz Babin-Ebell.
+ */
+int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
+{
+    int w, v, iv;
+    unsigned char *c;
+
+    w = n / 8;
+    v = 1 << (7 - (n & 0x07));
+    iv = ~v;
+    if (!value)
+        v = 0;
+
+    if (a == NULL)
+        return 0;
+
+    a->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); /* clear, set on write */
+
+    if ((a->length < (w + 1)) || (a->data == NULL)) {
+        if (!value)
+            return 1;         /* Don't need to set */
+        c = OPENSSL_clear_realloc(a->data, a->length, w + 1);
+        if (c == NULL) {
+            ASN1err(ASN1_F_ASN1_BIT_STRING_SET_BIT, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        if (w + 1 - a->length > 0)
+            memset(c + a->length, 0, w + 1 - a->length);
+        a->data = c;
+        a->length = w + 1;
+    }
+    a->data[w] = ((a->data[w]) & iv) | v;
+    while ((a->length > 0) && (a->data[a->length - 1] == 0))
+        a->length--;
+    return 1;
+}
+
+int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n)
+{
+    int w, v;
+
+    w = n / 8;
+    v = 1 << (7 - (n & 0x07));
+    if ((a == NULL) || (a->length < (w + 1)) || (a->data == NULL))
+        return 0;
+    return ((a->data[w] & v) != 0);
+}
+
+/*
+ * Checks if the given bit string contains only bits specified by
+ * the flags vector. Returns 0 if there is at least one bit set in 'a'
+ * which is not specified in 'flags', 1 otherwise.
+ * 'len' is the length of 'flags'.
+ */
+int ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a,
+                          const unsigned char *flags, int flags_len)
+{
+    int i, ok;
+    /* Check if there is one bit set at all. */
+    if (!a || !a->data)
+        return 1;
+
+    /*
+     * Check each byte of the internal representation of the bit string.
+     */
+    ok = 1;
+    for (i = 0; i < a->length && ok; ++i) {
+        unsigned char mask = i < flags_len ? ~flags[i] : 0xff;
+        /* We are done if there is an unneeded bit set. */
+        ok = (a->data[i] & mask) == 0;
+    }
+    return ok;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_d2i_fp.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_d2i_fp.c
new file mode 100644
index 000000000..a1a17901b
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_d2i_fp.c
@@ -0,0 +1,234 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <limits.h>
+#include "internal/cryptlib.h"
+#include "internal/numbers.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
+#include "internal/asn1_int.h"
+
+#ifndef NO_OLD_ASN1
+# ifndef OPENSSL_NO_STDIO
+
+void *ASN1_d2i_fp(void *(*xnew) (void), d2i_of_void *d2i, FILE *in, void **x)
+{
+    BIO *b;
+    void *ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        ASN1err(ASN1_F_ASN1_D2I_FP, ERR_R_BUF_LIB);
+        return NULL;
+    }
+    BIO_set_fp(b, in, BIO_NOCLOSE);
+    ret = ASN1_d2i_bio(xnew, d2i, b, x);
+    BIO_free(b);
+    return ret;
+}
+# endif
+
+void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x)
+{
+    BUF_MEM *b = NULL;
+    const unsigned char *p;
+    void *ret = NULL;
+    int len;
+
+    len = asn1_d2i_read_bio(in, &b);
+    if (len < 0)
+        goto err;
+
+    p = (unsigned char *)b->data;
+    ret = d2i(x, &p, len);
+ err:
+    BUF_MEM_free(b);
+    return ret;
+}
+
+#endif
+
+void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x)
+{
+    BUF_MEM *b = NULL;
+    const unsigned char *p;
+    void *ret = NULL;
+    int len;
+
+    len = asn1_d2i_read_bio(in, &b);
+    if (len < 0)
+        goto err;
+
+    p = (const unsigned char *)b->data;
+    ret = ASN1_item_d2i(x, &p, len, it);
+ err:
+    BUF_MEM_free(b);
+    return ret;
+}
+
+#ifndef OPENSSL_NO_STDIO
+void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
+{
+    BIO *b;
+    char *ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        ASN1err(ASN1_F_ASN1_ITEM_D2I_FP, ERR_R_BUF_LIB);
+        return NULL;
+    }
+    BIO_set_fp(b, in, BIO_NOCLOSE);
+    ret = ASN1_item_d2i_bio(it, b, x);
+    BIO_free(b);
+    return ret;
+}
+#endif
+
+#define HEADER_SIZE   8
+#define ASN1_CHUNK_INITIAL_SIZE (16 * 1024)
+int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
+{
+    BUF_MEM *b;
+    unsigned char *p;
+    int i;
+    size_t want = HEADER_SIZE;
+    uint32_t eos = 0;
+    size_t off = 0;
+    size_t len = 0;
+
+    const unsigned char *q;
+    long slen;
+    int inf, tag, xclass;
+
+    b = BUF_MEM_new();
+    if (b == NULL) {
+        ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+
+    ERR_clear_error();
+    for (;;) {
+        if (want >= (len - off)) {
+            want -= (len - off);
+
+            if (len + want < len || !BUF_MEM_grow_clean(b, len + want)) {
+                ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            i = BIO_read(in, &(b->data[len]), want);
+            if ((i < 0) && ((len - off) == 0)) {
+                ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_NOT_ENOUGH_DATA);
+                goto err;
+            }
+            if (i > 0) {
+                if (len + i < len) {
+                    ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
+                    goto err;
+                }
+                len += i;
+            }
+        }
+        /* else data already loaded */
+
+        p = (unsigned char *)&(b->data[off]);
+        q = p;
+        inf = ASN1_get_object(&q, &slen, &tag, &xclass, len - off);
+        if (inf & 0x80) {
+            unsigned long e;
+
+            e = ERR_GET_REASON(ERR_peek_error());
+            if (e != ASN1_R_TOO_LONG)
+                goto err;
+            else
+                ERR_clear_error(); /* clear error */
+        }
+        i = q - p;            /* header length */
+        off += i;               /* end of data */
+
+        if (inf & 1) {
+            /* no data body so go round again */
+            if (eos == UINT32_MAX) {
+                ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_HEADER_TOO_LONG);
+                goto err;
+            }
+            eos++;
+            want = HEADER_SIZE;
+        } else if (eos && (slen == 0) && (tag == V_ASN1_EOC)) {
+            /* eos value, so go back and read another header */
+            eos--;
+            if (eos == 0)
+                break;
+            else
+                want = HEADER_SIZE;
+        } else {
+            /* suck in slen bytes of data */
+            want = slen;
+            if (want > (len - off)) {
+                size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE;
+
+                want -= (len - off);
+                if (want > INT_MAX /* BIO_read takes an int length */  ||
+                    len + want < len) {
+                    ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
+                    goto err;
+                }
+                while (want > 0) {
+                    /*
+                     * Read content in chunks of increasing size
+                     * so we can return an error for EOF without
+                     * having to allocate the entire content length
+                     * in one go.
+                     */
+                    size_t chunk = want > chunk_max ? chunk_max : want;
+
+                    if (!BUF_MEM_grow_clean(b, len + chunk)) {
+                        ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
+                        goto err;
+                    }
+                    want -= chunk;
+                    while (chunk > 0) {
+                        i = BIO_read(in, &(b->data[len]), chunk);
+                        if (i <= 0) {
+                            ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
+                                    ASN1_R_NOT_ENOUGH_DATA);
+                            goto err;
+                        }
+                    /*
+                     * This can't overflow because |len+want| didn't
+                     * overflow.
+                     */
+                        len += i;
+                        chunk -= i;
+                    }
+                    if (chunk_max < INT_MAX/2)
+                        chunk_max *= 2;
+                }
+            }
+            if (off + slen < off) {
+                ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
+                goto err;
+            }
+            off += slen;
+            if (eos == 0) {
+                break;
+            } else
+                want = HEADER_SIZE;
+        }
+    }
+
+    if (off > INT_MAX) {
+        ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
+        goto err;
+    }
+
+    *pb = b;
+    return off;
+ err:
+    BUF_MEM_free(b);
+    return -1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_digest.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_digest.c
new file mode 100644
index 000000000..cc3532ea7
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_digest.c
@@ -0,0 +1,67 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include <sys/types.h>
+
+#include "internal/cryptlib.h"
+
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/buffer.h>
+#include <openssl/x509.h>
+
+#ifndef NO_ASN1_OLD
+
+int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
+                unsigned char *md, unsigned int *len)
+{
+    int inl;
+    unsigned char *str, *p;
+
+    inl = i2d(data, NULL);
+    if (inl <= 0) {
+        ASN1err(ASN1_F_ASN1_DIGEST, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    if ((str = OPENSSL_malloc(inl)) == NULL) {
+        ASN1err(ASN1_F_ASN1_DIGEST, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    p = str;
+    i2d(data, &p);
+
+    if (!EVP_Digest(str, inl, md, len, type, NULL)) {
+        OPENSSL_free(str);
+        return 0;
+    }
+    OPENSSL_free(str);
+    return 1;
+}
+
+#endif
+
+int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn,
+                     unsigned char *md, unsigned int *len)
+{
+    int i;
+    unsigned char *str = NULL;
+
+    i = ASN1_item_i2d(asn, &str, it);
+    if (!str)
+        return 0;
+
+    if (!EVP_Digest(str, i, md, len, type, NULL)) {
+        OPENSSL_free(str);
+        return 0;
+    }
+    OPENSSL_free(str);
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_dup.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_dup.c
new file mode 100644
index 000000000..50af6b000
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_dup.c
@@ -0,0 +1,68 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+
+#ifndef NO_OLD_ASN1
+
+void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x)
+{
+    unsigned char *b, *p;
+    const unsigned char *p2;
+    int i;
+    char *ret;
+
+    if (x == NULL)
+        return NULL;
+
+    i = i2d(x, NULL);
+    b = OPENSSL_malloc(i + 10);
+    if (b == NULL) {
+        ASN1err(ASN1_F_ASN1_DUP, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    p = b;
+    i = i2d(x, &p);
+    p2 = b;
+    ret = d2i(NULL, &p2, i);
+    OPENSSL_free(b);
+    return ret;
+}
+
+#endif
+
+/*
+ * ASN1_ITEM version of dup: this follows the model above except we don't
+ * need to allocate the buffer. At some point this could be rewritten to
+ * directly dup the underlying structure instead of doing and encode and
+ * decode.
+ */
+
+void *ASN1_item_dup(const ASN1_ITEM *it, void *x)
+{
+    unsigned char *b = NULL;
+    const unsigned char *p;
+    long i;
+    void *ret;
+
+    if (x == NULL)
+        return NULL;
+
+    i = ASN1_item_i2d(x, &b, it);
+    if (b == NULL) {
+        ASN1err(ASN1_F_ASN1_ITEM_DUP, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    p = b;
+    ret = ASN1_item_d2i(NULL, &p, i, it);
+    OPENSSL_free(b);
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_gentm.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_gentm.c
new file mode 100644
index 000000000..d3878d6e5
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_gentm.c
@@ -0,0 +1,82 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * GENERALIZEDTIME implementation. Based on UTCTIME
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include "asn1_locl.h"
+
+/* This is the primary function used to parse ASN1_GENERALIZEDTIME */
+int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d)
+{
+    /* wrapper around asn1_time_to_tm */
+    if (d->type != V_ASN1_GENERALIZEDTIME)
+        return 0;
+    return asn1_time_to_tm(tm, d);
+}
+
+int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *d)
+{
+    return asn1_generalizedtime_to_tm(NULL, d);
+}
+
+int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str)
+{
+    ASN1_GENERALIZEDTIME t;
+
+    t.type = V_ASN1_GENERALIZEDTIME;
+    t.length = strlen(str);
+    t.data = (unsigned char *)str;
+    t.flags = 0;
+
+    if (!ASN1_GENERALIZEDTIME_check(&t))
+        return 0;
+
+    if (s != NULL && !ASN1_STRING_copy(s, &t))
+        return 0;
+
+    return 1;
+}
+
+ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
+                                               time_t t)
+{
+    return ASN1_GENERALIZEDTIME_adj(s, t, 0, 0);
+}
+
+ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s,
+                                               time_t t, int offset_day,
+                                               long offset_sec)
+{
+    struct tm *ts;
+    struct tm data;
+
+    ts = OPENSSL_gmtime(&t, &data);
+    if (ts == NULL)
+        return NULL;
+
+    if (offset_day || offset_sec) {
+        if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
+            return NULL;
+    }
+
+    return asn1_time_from_tm(s, ts, V_ASN1_GENERALIZEDTIME);
+}
+
+int ASN1_GENERALIZEDTIME_print(BIO *bp, const ASN1_GENERALIZEDTIME *tm)
+{
+    if (tm->type != V_ASN1_GENERALIZEDTIME)
+        return 0;
+    return ASN1_TIME_print(bp, tm);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_i2d_fp.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_i2d_fp.c
new file mode 100644
index 000000000..980c65a25
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_i2d_fp.c
@@ -0,0 +1,111 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
+
+#ifndef NO_OLD_ASN1
+
+# ifndef OPENSSL_NO_STDIO
+int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        ASN1err(ASN1_F_ASN1_I2D_FP, ERR_R_BUF_LIB);
+        return 0;
+    }
+    BIO_set_fp(b, out, BIO_NOCLOSE);
+    ret = ASN1_i2d_bio(i2d, b, x);
+    BIO_free(b);
+    return ret;
+}
+# endif
+
+int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x)
+{
+    char *b;
+    unsigned char *p;
+    int i, j = 0, n, ret = 1;
+
+    n = i2d(x, NULL);
+    if (n <= 0)
+        return 0;
+
+    b = OPENSSL_malloc(n);
+    if (b == NULL) {
+        ASN1err(ASN1_F_ASN1_I2D_BIO, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    p = (unsigned char *)b;
+    i2d(x, &p);
+
+    for (;;) {
+        i = BIO_write(out, &(b[j]), n);
+        if (i == n)
+            break;
+        if (i <= 0) {
+            ret = 0;
+            break;
+        }
+        j += i;
+        n -= i;
+    }
+    OPENSSL_free(b);
+    return ret;
+}
+
+#endif
+
+#ifndef OPENSSL_NO_STDIO
+int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        ASN1err(ASN1_F_ASN1_ITEM_I2D_FP, ERR_R_BUF_LIB);
+        return 0;
+    }
+    BIO_set_fp(b, out, BIO_NOCLOSE);
+    ret = ASN1_item_i2d_bio(it, b, x);
+    BIO_free(b);
+    return ret;
+}
+#endif
+
+int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x)
+{
+    unsigned char *b = NULL;
+    int i, j = 0, n, ret = 1;
+
+    n = ASN1_item_i2d(x, &b, it);
+    if (b == NULL) {
+        ASN1err(ASN1_F_ASN1_ITEM_I2D_BIO, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    for (;;) {
+        i = BIO_write(out, &(b[j]), n);
+        if (i == n)
+            break;
+        if (i <= 0) {
+            ret = 0;
+            break;
+        }
+        j += i;
+        n -= i;
+    }
+    OPENSSL_free(b);
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_int.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_int.c
new file mode 100644
index 000000000..70a45cb3c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_int.c
@@ -0,0 +1,630 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "internal/numbers.h"
+#include <limits.h>
+#include <openssl/asn1.h>
+#include <openssl/bn.h>
+#include "asn1_locl.h"
+
+ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x)
+{
+    return ASN1_STRING_dup(x);
+}
+
+int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y)
+{
+    int neg, ret;
+    /* Compare signs */
+    neg = x->type & V_ASN1_NEG;
+    if (neg != (y->type & V_ASN1_NEG)) {
+        if (neg)
+            return -1;
+        else
+            return 1;
+    }
+
+    ret = ASN1_STRING_cmp(x, y);
+
+    if (neg)
+        return -ret;
+    else
+        return ret;
+}
+
+/*-
+ * This converts a big endian buffer and sign into its content encoding.
+ * This is used for INTEGER and ENUMERATED types.
+ * The internal representation is an ASN1_STRING whose data is a big endian
+ * representation of the value, ignoring the sign. The sign is determined by
+ * the type: if type & V_ASN1_NEG is true it is negative, otherwise positive.
+ *
+ * Positive integers are no problem: they are almost the same as the DER
+ * encoding, except if the first byte is >= 0x80 we need to add a zero pad.
+ *
+ * Negative integers are a bit trickier...
+ * The DER representation of negative integers is in 2s complement form.
+ * The internal form is converted by complementing each octet and finally
+ * adding one to the result. This can be done less messily with a little trick.
+ * If the internal form has trailing zeroes then they will become FF by the
+ * complement and 0 by the add one (due to carry) so just copy as many trailing
+ * zeros to the destination as there are in the source. The carry will add one
+ * to the last none zero octet: so complement this octet and add one and finally
+ * complement any left over until you get to the start of the string.
+ *
+ * Padding is a little trickier too. If the first bytes is > 0x80 then we pad
+ * with 0xff. However if the first byte is 0x80 and one of the following bytes
+ * is non-zero we pad with 0xff. The reason for this distinction is that 0x80
+ * followed by optional zeros isn't padded.
+ */
+
+/*
+ * If |pad| is zero, the operation is effectively reduced to memcpy,
+ * and if |pad| is 0xff, then it performs two's complement, ~dst + 1.
+ * Note that in latter case sequence of zeros yields itself, and so
+ * does 0x80 followed by any number of zeros. These properties are
+ * used elsewhere below...
+ */
+static void twos_complement(unsigned char *dst, const unsigned char *src,
+                            size_t len, unsigned char pad)
+{
+    unsigned int carry = pad & 1;
+
+    /* Begin at the end of the encoding */
+    dst += len;
+    src += len;
+    /* two's complement value: ~value + 1 */
+    while (len-- != 0) {
+        *(--dst) = (unsigned char)(carry += *(--src) ^ pad);
+        carry >>= 8;
+    }
+}
+
+static size_t i2c_ibuf(const unsigned char *b, size_t blen, int neg,
+                       unsigned char **pp)
+{
+    unsigned int pad = 0;
+    size_t ret, i;
+    unsigned char *p, pb = 0;
+
+    if (b != NULL && blen) {
+        ret = blen;
+        i = b[0];
+        if (!neg && (i > 127)) {
+            pad = 1;
+            pb = 0;
+        } else if (neg) {
+            pb = 0xFF;
+            if (i > 128) {
+                pad = 1;
+            } else if (i == 128) {
+                /*
+                 * Special case [of minimal negative for given length]:
+                 * if any other bytes non zero we pad, otherwise we don't.
+                 */
+                for (pad = 0, i = 1; i < blen; i++)
+                    pad |= b[i];
+                pb = pad != 0 ? 0xffU : 0;
+                pad = pb & 1;
+            }
+        }
+        ret += pad;
+    } else {
+        ret = 1;
+        blen = 0;   /* reduce '(b == NULL || blen == 0)' to '(blen == 0)' */
+    }
+
+    if (pp == NULL || (p = *pp) == NULL)
+        return ret;
+
+    /*
+     * This magically handles all corner cases, such as '(b == NULL ||
+     * blen == 0)', non-negative value, "negative" zero, 0x80 followed
+     * by any number of zeros...
+     */
+    *p = pb;
+    p += pad;       /* yes, p[0] can be written twice, but it's little
+                     * price to pay for eliminated branches */
+    twos_complement(p, b, blen, pb);
+
+    *pp += ret;
+    return ret;
+}
+
+/*
+ * convert content octets into a big endian buffer. Returns the length
+ * of buffer or 0 on error: for malformed INTEGER. If output buffer is
+ * NULL just return length.
+ */
+
+static size_t c2i_ibuf(unsigned char *b, int *pneg,
+                       const unsigned char *p, size_t plen)
+{
+    int neg, pad;
+    /* Zero content length is illegal */
+    if (plen == 0) {
+        ASN1err(ASN1_F_C2I_IBUF, ASN1_R_ILLEGAL_ZERO_CONTENT);
+        return 0;
+    }
+    neg = p[0] & 0x80;
+    if (pneg)
+        *pneg = neg;
+    /* Handle common case where length is 1 octet separately */
+    if (plen == 1) {
+        if (b != NULL) {
+            if (neg)
+                b[0] = (p[0] ^ 0xFF) + 1;
+            else
+                b[0] = p[0];
+        }
+        return 1;
+    }
+
+    pad = 0;
+    if (p[0] == 0) {
+        pad = 1;
+    } else if (p[0] == 0xFF) {
+        size_t i;
+
+        /*
+         * Special case [of "one less minimal negative" for given length]:
+         * if any other bytes non zero it was padded, otherwise not.
+         */
+        for (pad = 0, i = 1; i < plen; i++)
+            pad |= p[i];
+        pad = pad != 0 ? 1 : 0;
+    }
+    /* reject illegal padding: first two octets MSB can't match */
+    if (pad && (neg == (p[1] & 0x80))) {
+        ASN1err(ASN1_F_C2I_IBUF, ASN1_R_ILLEGAL_PADDING);
+        return 0;
+    }
+
+    /* skip over pad */
+    p += pad;
+    plen -= pad;
+
+    if (b != NULL)
+        twos_complement(b, p, plen, neg ? 0xffU : 0);
+
+    return plen;
+}
+
+int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
+{
+    return i2c_ibuf(a->data, a->length, a->type & V_ASN1_NEG, pp);
+}
+
+/* Convert big endian buffer into uint64_t, return 0 on error */
+static int asn1_get_uint64(uint64_t *pr, const unsigned char *b, size_t blen)
+{
+    size_t i;
+    uint64_t r;
+
+    if (blen > sizeof(*pr)) {
+        ASN1err(ASN1_F_ASN1_GET_UINT64, ASN1_R_TOO_LARGE);
+        return 0;
+    }
+    if (b == NULL)
+        return 0;
+    for (r = 0, i = 0; i < blen; i++) {
+        r <<= 8;
+        r |= b[i];
+    }
+    *pr = r;
+    return 1;
+}
+
+/*
+ * Write uint64_t to big endian buffer and return offset to first
+ * written octet. In other words it returns offset in range from 0
+ * to 7, with 0 denoting 8 written octets and 7 - one.
+ */
+static size_t asn1_put_uint64(unsigned char b[sizeof(uint64_t)], uint64_t r)
+{
+    size_t off = sizeof(uint64_t);
+
+    do {
+        b[--off] = (unsigned char)r;
+    } while (r >>= 8);
+
+    return off;
+}
+
+/*
+ * Absolute value of INT64_MIN: we can't just use -INT64_MIN as gcc produces
+ * overflow warnings.
+ */
+#define ABS_INT64_MIN ((uint64_t)INT64_MAX + (-(INT64_MIN + INT64_MAX)))
+
+/* signed version of asn1_get_uint64 */
+static int asn1_get_int64(int64_t *pr, const unsigned char *b, size_t blen,
+                          int neg)
+{
+    uint64_t r;
+    if (asn1_get_uint64(&r, b, blen) == 0)
+        return 0;
+    if (neg) {
+        if (r <= INT64_MAX) {
+            /* Most significant bit is guaranteed to be clear, negation
+             * is guaranteed to be meaningful in platform-neutral sense. */
+            *pr = -(int64_t)r;
+        } else if (r == ABS_INT64_MIN) {
+            /* This never happens if INT64_MAX == ABS_INT64_MIN, e.g.
+             * on ones'-complement system. */
+            *pr = (int64_t)(0 - r);
+        } else {
+            ASN1err(ASN1_F_ASN1_GET_INT64, ASN1_R_TOO_SMALL);
+            return 0;
+        }
+    } else {
+        if (r <= INT64_MAX) {
+            *pr = (int64_t)r;
+        } else {
+            ASN1err(ASN1_F_ASN1_GET_INT64, ASN1_R_TOO_LARGE);
+            return 0;
+        }
+    }
+    return 1;
+}
+
+/* Convert ASN1 INTEGER content octets to ASN1_INTEGER structure */
+ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
+                               long len)
+{
+    ASN1_INTEGER *ret = NULL;
+    size_t r;
+    int neg;
+
+    r = c2i_ibuf(NULL, NULL, *pp, len);
+
+    if (r == 0)
+        return NULL;
+
+    if ((a == NULL) || ((*a) == NULL)) {
+        ret = ASN1_INTEGER_new();
+        if (ret == NULL)
+            return NULL;
+        ret->type = V_ASN1_INTEGER;
+    } else
+        ret = *a;
+
+    if (ASN1_STRING_set(ret, NULL, r) == 0)
+        goto err;
+
+    c2i_ibuf(ret->data, &neg, *pp, len);
+
+    if (neg)
+        ret->type |= V_ASN1_NEG;
+
+    *pp += len;
+    if (a != NULL)
+        (*a) = ret;
+    return ret;
+ err:
+    ASN1err(ASN1_F_C2I_ASN1_INTEGER, ERR_R_MALLOC_FAILURE);
+    if ((a == NULL) || (*a != ret))
+        ASN1_INTEGER_free(ret);
+    return NULL;
+}
+
+static int asn1_string_get_int64(int64_t *pr, const ASN1_STRING *a, int itype)
+{
+    if (a == NULL) {
+        ASN1err(ASN1_F_ASN1_STRING_GET_INT64, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if ((a->type & ~V_ASN1_NEG) != itype) {
+        ASN1err(ASN1_F_ASN1_STRING_GET_INT64, ASN1_R_WRONG_INTEGER_TYPE);
+        return 0;
+    }
+    return asn1_get_int64(pr, a->data, a->length, a->type & V_ASN1_NEG);
+}
+
+static int asn1_string_set_int64(ASN1_STRING *a, int64_t r, int itype)
+{
+    unsigned char tbuf[sizeof(r)];
+    size_t off;
+
+    a->type = itype;
+    if (r < 0) {
+        /* Most obvious '-r' triggers undefined behaviour for most
+         * common INT64_MIN. Even though below '0 - (uint64_t)r' can
+         * appear two's-complement centric, it does produce correct/
+         * expected result even on one's-complement. This is because
+         * cast to unsigned has to change bit pattern... */
+        off = asn1_put_uint64(tbuf, 0 - (uint64_t)r);
+        a->type |= V_ASN1_NEG;
+    } else {
+        off = asn1_put_uint64(tbuf, r);
+        a->type &= ~V_ASN1_NEG;
+    }
+    return ASN1_STRING_set(a, tbuf + off, sizeof(tbuf) - off);
+}
+
+static int asn1_string_get_uint64(uint64_t *pr, const ASN1_STRING *a,
+                                  int itype)
+{
+    if (a == NULL) {
+        ASN1err(ASN1_F_ASN1_STRING_GET_UINT64, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if ((a->type & ~V_ASN1_NEG) != itype) {
+        ASN1err(ASN1_F_ASN1_STRING_GET_UINT64, ASN1_R_WRONG_INTEGER_TYPE);
+        return 0;
+    }
+    if (a->type & V_ASN1_NEG) {
+        ASN1err(ASN1_F_ASN1_STRING_GET_UINT64, ASN1_R_ILLEGAL_NEGATIVE_VALUE);
+        return 0;
+    }
+    return asn1_get_uint64(pr, a->data, a->length);
+}
+
+static int asn1_string_set_uint64(ASN1_STRING *a, uint64_t r, int itype)
+{
+    unsigned char tbuf[sizeof(r)];
+    size_t off;
+
+    a->type = itype;
+    off = asn1_put_uint64(tbuf, r);
+    return ASN1_STRING_set(a, tbuf + off, sizeof(tbuf) - off);
+}
+
+/*
+ * This is a version of d2i_ASN1_INTEGER that ignores the sign bit of ASN1
+ * integers: some broken software can encode a positive INTEGER with its MSB
+ * set as negative (it doesn't add a padding zero).
+ */
+
+ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
+                                long length)
+{
+    ASN1_INTEGER *ret = NULL;
+    const unsigned char *p;
+    unsigned char *s;
+    long len;
+    int inf, tag, xclass;
+    int i;
+
+    if ((a == NULL) || ((*a) == NULL)) {
+        if ((ret = ASN1_INTEGER_new()) == NULL)
+            return NULL;
+        ret->type = V_ASN1_INTEGER;
+    } else
+        ret = (*a);
+
+    p = *pp;
+    inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
+    if (inf & 0x80) {
+        i = ASN1_R_BAD_OBJECT_HEADER;
+        goto err;
+    }
+
+    if (tag != V_ASN1_INTEGER) {
+        i = ASN1_R_EXPECTING_AN_INTEGER;
+        goto err;
+    }
+
+    /*
+     * We must OPENSSL_malloc stuff, even for 0 bytes otherwise it signifies
+     * a missing NULL parameter.
+     */
+    s = OPENSSL_malloc((int)len + 1);
+    if (s == NULL) {
+        i = ERR_R_MALLOC_FAILURE;
+        goto err;
+    }
+    ret->type = V_ASN1_INTEGER;
+    if (len) {
+        if ((*p == 0) && (len != 1)) {
+            p++;
+            len--;
+        }
+        memcpy(s, p, (int)len);
+        p += len;
+    }
+
+    OPENSSL_free(ret->data);
+    ret->data = s;
+    ret->length = (int)len;
+    if (a != NULL)
+        (*a) = ret;
+    *pp = p;
+    return ret;
+ err:
+    ASN1err(ASN1_F_D2I_ASN1_UINTEGER, i);
+    if ((a == NULL) || (*a != ret))
+        ASN1_INTEGER_free(ret);
+    return NULL;
+}
+
+static ASN1_STRING *bn_to_asn1_string(const BIGNUM *bn, ASN1_STRING *ai,
+                                      int atype)
+{
+    ASN1_INTEGER *ret;
+    int len;
+
+    if (ai == NULL) {
+        ret = ASN1_STRING_type_new(atype);
+    } else {
+        ret = ai;
+        ret->type = atype;
+    }
+
+    if (ret == NULL) {
+        ASN1err(ASN1_F_BN_TO_ASN1_STRING, ERR_R_NESTED_ASN1_ERROR);
+        goto err;
+    }
+
+    if (BN_is_negative(bn) && !BN_is_zero(bn))
+        ret->type |= V_ASN1_NEG_INTEGER;
+
+    len = BN_num_bytes(bn);
+
+    if (len == 0)
+        len = 1;
+
+    if (ASN1_STRING_set(ret, NULL, len) == 0) {
+        ASN1err(ASN1_F_BN_TO_ASN1_STRING, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* Correct zero case */
+    if (BN_is_zero(bn))
+        ret->data[0] = 0;
+    else
+        len = BN_bn2bin(bn, ret->data);
+    ret->length = len;
+    return ret;
+ err:
+    if (ret != ai)
+        ASN1_INTEGER_free(ret);
+    return NULL;
+}
+
+static BIGNUM *asn1_string_to_bn(const ASN1_INTEGER *ai, BIGNUM *bn,
+                                 int itype)
+{
+    BIGNUM *ret;
+
+    if ((ai->type & ~V_ASN1_NEG) != itype) {
+        ASN1err(ASN1_F_ASN1_STRING_TO_BN, ASN1_R_WRONG_INTEGER_TYPE);
+        return NULL;
+    }
+
+    ret = BN_bin2bn(ai->data, ai->length, bn);
+    if (ret == NULL) {
+        ASN1err(ASN1_F_ASN1_STRING_TO_BN, ASN1_R_BN_LIB);
+        return NULL;
+    }
+    if (ai->type & V_ASN1_NEG)
+        BN_set_negative(ret, 1);
+    return ret;
+}
+
+int ASN1_INTEGER_get_int64(int64_t *pr, const ASN1_INTEGER *a)
+{
+    return asn1_string_get_int64(pr, a, V_ASN1_INTEGER);
+}
+
+int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r)
+{
+    return asn1_string_set_int64(a, r, V_ASN1_INTEGER);
+}
+
+int ASN1_INTEGER_get_uint64(uint64_t *pr, const ASN1_INTEGER *a)
+{
+    return asn1_string_get_uint64(pr, a, V_ASN1_INTEGER);
+}
+
+int ASN1_INTEGER_set_uint64(ASN1_INTEGER *a, uint64_t r)
+{
+    return asn1_string_set_uint64(a, r, V_ASN1_INTEGER);
+}
+
+int ASN1_INTEGER_set(ASN1_INTEGER *a, long v)
+{
+    return ASN1_INTEGER_set_int64(a, v);
+}
+
+long ASN1_INTEGER_get(const ASN1_INTEGER *a)
+{
+    int i;
+    int64_t r;
+    if (a == NULL)
+        return 0;
+    i = ASN1_INTEGER_get_int64(&r, a);
+    if (i == 0)
+        return -1;
+    if (r > LONG_MAX || r < LONG_MIN)
+        return -1;
+    return (long)r;
+}
+
+ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai)
+{
+    return bn_to_asn1_string(bn, ai, V_ASN1_INTEGER);
+}
+
+BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn)
+{
+    return asn1_string_to_bn(ai, bn, V_ASN1_INTEGER);
+}
+
+int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_ENUMERATED *a)
+{
+    return asn1_string_get_int64(pr, a, V_ASN1_ENUMERATED);
+}
+
+int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t r)
+{
+    return asn1_string_set_int64(a, r, V_ASN1_ENUMERATED);
+}
+
+int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)
+{
+    return ASN1_ENUMERATED_set_int64(a, v);
+}
+
+long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a)
+{
+    int i;
+    int64_t r;
+    if (a == NULL)
+        return 0;
+    if ((a->type & ~V_ASN1_NEG) != V_ASN1_ENUMERATED)
+        return -1;
+    if (a->length > (int)sizeof(long))
+        return 0xffffffffL;
+    i = ASN1_ENUMERATED_get_int64(&r, a);
+    if (i == 0)
+        return -1;
+    if (r > LONG_MAX || r < LONG_MIN)
+        return -1;
+    return (long)r;
+}
+
+ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai)
+{
+    return bn_to_asn1_string(bn, ai, V_ASN1_ENUMERATED);
+}
+
+BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, BIGNUM *bn)
+{
+    return asn1_string_to_bn(ai, bn, V_ASN1_ENUMERATED);
+}
+
+/* Internal functions used by x_int64.c */
+int c2i_uint64_int(uint64_t *ret, int *neg, const unsigned char **pp, long len)
+{
+    unsigned char buf[sizeof(uint64_t)];
+    size_t buflen;
+
+    buflen = c2i_ibuf(NULL, NULL, *pp, len);
+    if (buflen == 0)
+        return 0;
+    if (buflen > sizeof(uint64_t)) {
+        ASN1err(ASN1_F_C2I_UINT64_INT, ASN1_R_TOO_LARGE);
+        return 0;
+    }
+    (void)c2i_ibuf(buf, neg, *pp, len);
+    return asn1_get_uint64(ret, buf, buflen);
+}
+
+int i2c_uint64_int(unsigned char *p, uint64_t r, int neg)
+{
+    unsigned char buf[sizeof(uint64_t)];
+    size_t off;
+
+    off = asn1_put_uint64(buf, r);
+    return i2c_ibuf(buf + off, sizeof(buf) - off, neg, &p);
+}
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_mbstr.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_mbstr.c
new file mode 100644
index 000000000..949fe6c16
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_mbstr.c
@@ -0,0 +1,343 @@
+/*
+ * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/ctype.h"
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+
+static int traverse_string(const unsigned char *p, int len, int inform,
+                           int (*rfunc) (unsigned long value, void *in),
+                           void *arg);
+static int in_utf8(unsigned long value, void *arg);
+static int out_utf8(unsigned long value, void *arg);
+static int type_str(unsigned long value, void *arg);
+static int cpy_asc(unsigned long value, void *arg);
+static int cpy_bmp(unsigned long value, void *arg);
+static int cpy_univ(unsigned long value, void *arg);
+static int cpy_utf8(unsigned long value, void *arg);
+
+/*
+ * These functions take a string in UTF8, ASCII or multibyte form and a mask
+ * of permissible ASN1 string types. It then works out the minimal type
+ * (using the order Numeric < Printable < IA5 < T61 < BMP < Universal < UTF8)
+ * and creates a string of the correct type with the supplied data. Yes this is
+ * horrible: it has to be :-( The 'ncopy' form checks minimum and maximum
+ * size limits too.
+ */
+
+int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len,
+                       int inform, unsigned long mask)
+{
+    return ASN1_mbstring_ncopy(out, in, len, inform, mask, 0, 0);
+}
+
+int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
+                        int inform, unsigned long mask,
+                        long minsize, long maxsize)
+{
+    int str_type;
+    int ret;
+    char free_out;
+    int outform, outlen = 0;
+    ASN1_STRING *dest;
+    unsigned char *p;
+    int nchar;
+    char strbuf[32];
+    int (*cpyfunc) (unsigned long, void *) = NULL;
+    if (len == -1)
+        len = strlen((const char *)in);
+    if (!mask)
+        mask = DIRSTRING_TYPE;
+
+    /* First do a string check and work out the number of characters */
+    switch (inform) {
+
+    case MBSTRING_BMP:
+        if (len & 1) {
+            ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
+                    ASN1_R_INVALID_BMPSTRING_LENGTH);
+            return -1;
+        }
+        nchar = len >> 1;
+        break;
+
+    case MBSTRING_UNIV:
+        if (len & 3) {
+            ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
+                    ASN1_R_INVALID_UNIVERSALSTRING_LENGTH);
+            return -1;
+        }
+        nchar = len >> 2;
+        break;
+
+    case MBSTRING_UTF8:
+        nchar = 0;
+        /* This counts the characters and does utf8 syntax checking */
+        ret = traverse_string(in, len, MBSTRING_UTF8, in_utf8, &nchar);
+        if (ret < 0) {
+            ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_INVALID_UTF8STRING);
+            return -1;
+        }
+        break;
+
+    case MBSTRING_ASC:
+        nchar = len;
+        break;
+
+    default:
+        ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_UNKNOWN_FORMAT);
+        return -1;
+    }
+
+    if ((minsize > 0) && (nchar < minsize)) {
+        ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_SHORT);
+        BIO_snprintf(strbuf, sizeof(strbuf), "%ld", minsize);
+        ERR_add_error_data(2, "minsize=", strbuf);
+        return -1;
+    }
+
+    if ((maxsize > 0) && (nchar > maxsize)) {
+        ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_LONG);
+        BIO_snprintf(strbuf, sizeof(strbuf), "%ld", maxsize);
+        ERR_add_error_data(2, "maxsize=", strbuf);
+        return -1;
+    }
+
+    /* Now work out minimal type (if any) */
+    if (traverse_string(in, len, inform, type_str, &mask) < 0) {
+        ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_ILLEGAL_CHARACTERS);
+        return -1;
+    }
+
+    /* Now work out output format and string type */
+    outform = MBSTRING_ASC;
+    if (mask & B_ASN1_NUMERICSTRING)
+        str_type = V_ASN1_NUMERICSTRING;
+    else if (mask & B_ASN1_PRINTABLESTRING)
+        str_type = V_ASN1_PRINTABLESTRING;
+    else if (mask & B_ASN1_IA5STRING)
+        str_type = V_ASN1_IA5STRING;
+    else if (mask & B_ASN1_T61STRING)
+        str_type = V_ASN1_T61STRING;
+    else if (mask & B_ASN1_BMPSTRING) {
+        str_type = V_ASN1_BMPSTRING;
+        outform = MBSTRING_BMP;
+    } else if (mask & B_ASN1_UNIVERSALSTRING) {
+        str_type = V_ASN1_UNIVERSALSTRING;
+        outform = MBSTRING_UNIV;
+    } else {
+        str_type = V_ASN1_UTF8STRING;
+        outform = MBSTRING_UTF8;
+    }
+    if (!out)
+        return str_type;
+    if (*out) {
+        free_out = 0;
+        dest = *out;
+        OPENSSL_free(dest->data);
+        dest->data = NULL;
+        dest->length = 0;
+        dest->type = str_type;
+    } else {
+        free_out = 1;
+        dest = ASN1_STRING_type_new(str_type);
+        if (dest == NULL) {
+            ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE);
+            return -1;
+        }
+        *out = dest;
+    }
+    /* If both the same type just copy across */
+    if (inform == outform) {
+        if (!ASN1_STRING_set(dest, in, len)) {
+            ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE);
+            return -1;
+        }
+        return str_type;
+    }
+
+    /* Work out how much space the destination will need */
+    switch (outform) {
+    case MBSTRING_ASC:
+        outlen = nchar;
+        cpyfunc = cpy_asc;
+        break;
+
+    case MBSTRING_BMP:
+        outlen = nchar << 1;
+        cpyfunc = cpy_bmp;
+        break;
+
+    case MBSTRING_UNIV:
+        outlen = nchar << 2;
+        cpyfunc = cpy_univ;
+        break;
+
+    case MBSTRING_UTF8:
+        outlen = 0;
+        traverse_string(in, len, inform, out_utf8, &outlen);
+        cpyfunc = cpy_utf8;
+        break;
+    }
+    if ((p = OPENSSL_malloc(outlen + 1)) == NULL) {
+        if (free_out)
+            ASN1_STRING_free(dest);
+        ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+    dest->length = outlen;
+    dest->data = p;
+    p[outlen] = 0;
+    traverse_string(in, len, inform, cpyfunc, &p);
+    return str_type;
+}
+
+/*
+ * This function traverses a string and passes the value of each character to
+ * an optional function along with a void * argument.
+ */
+
+static int traverse_string(const unsigned char *p, int len, int inform,
+                           int (*rfunc) (unsigned long value, void *in),
+                           void *arg)
+{
+    unsigned long value;
+    int ret;
+    while (len) {
+        if (inform == MBSTRING_ASC) {
+            value = *p++;
+            len--;
+        } else if (inform == MBSTRING_BMP) {
+            value = *p++ << 8;
+            value |= *p++;
+            len -= 2;
+        } else if (inform == MBSTRING_UNIV) {
+            value = ((unsigned long)*p++) << 24;
+            value |= ((unsigned long)*p++) << 16;
+            value |= *p++ << 8;
+            value |= *p++;
+            len -= 4;
+        } else {
+            ret = UTF8_getc(p, len, &value);
+            if (ret < 0)
+                return -1;
+            len -= ret;
+            p += ret;
+        }
+        if (rfunc) {
+            ret = rfunc(value, arg);
+            if (ret <= 0)
+                return ret;
+        }
+    }
+    return 1;
+}
+
+/* Various utility functions for traverse_string */
+
+/* Just count number of characters */
+
+static int in_utf8(unsigned long value, void *arg)
+{
+    int *nchar;
+    nchar = arg;
+    (*nchar)++;
+    return 1;
+}
+
+/* Determine size of output as a UTF8 String */
+
+static int out_utf8(unsigned long value, void *arg)
+{
+    int *outlen;
+    outlen = arg;
+    *outlen += UTF8_putc(NULL, -1, value);
+    return 1;
+}
+
+/*
+ * Determine the "type" of a string: check each character against a supplied
+ * "mask".
+ */
+
+static int type_str(unsigned long value, void *arg)
+{
+    unsigned long types = *((unsigned long *)arg);
+    const int native = value > INT_MAX ? INT_MAX : ossl_fromascii(value);
+
+    if ((types & B_ASN1_NUMERICSTRING) && !(ossl_isdigit(native)
+                                            || native == ' '))
+        types &= ~B_ASN1_NUMERICSTRING;
+    if ((types & B_ASN1_PRINTABLESTRING) && !ossl_isasn1print(native))
+        types &= ~B_ASN1_PRINTABLESTRING;
+    if ((types & B_ASN1_IA5STRING) && !ossl_isascii(native))
+        types &= ~B_ASN1_IA5STRING;
+    if ((types & B_ASN1_T61STRING) && (value > 0xff))
+        types &= ~B_ASN1_T61STRING;
+    if ((types & B_ASN1_BMPSTRING) && (value > 0xffff))
+        types &= ~B_ASN1_BMPSTRING;
+    if (!types)
+        return -1;
+    *((unsigned long *)arg) = types;
+    return 1;
+}
+
+/* Copy one byte per character ASCII like strings */
+
+static int cpy_asc(unsigned long value, void *arg)
+{
+    unsigned char **p, *q;
+    p = arg;
+    q = *p;
+    *q = (unsigned char)value;
+    (*p)++;
+    return 1;
+}
+
+/* Copy two byte per character BMPStrings */
+
+static int cpy_bmp(unsigned long value, void *arg)
+{
+    unsigned char **p, *q;
+    p = arg;
+    q = *p;
+    *q++ = (unsigned char)((value >> 8) & 0xff);
+    *q = (unsigned char)(value & 0xff);
+    *p += 2;
+    return 1;
+}
+
+/* Copy four byte per character UniversalStrings */
+
+static int cpy_univ(unsigned long value, void *arg)
+{
+    unsigned char **p, *q;
+    p = arg;
+    q = *p;
+    *q++ = (unsigned char)((value >> 24) & 0xff);
+    *q++ = (unsigned char)((value >> 16) & 0xff);
+    *q++ = (unsigned char)((value >> 8) & 0xff);
+    *q = (unsigned char)(value & 0xff);
+    *p += 4;
+    return 1;
+}
+
+/* Copy to a UTF8String */
+
+static int cpy_utf8(unsigned long value, void *arg)
+{
+    unsigned char **p;
+    int ret;
+    p = arg;
+    /* We already know there is enough room so pass 0xff as the length */
+    ret = UTF8_putc(*p, 0xff, value);
+    *p += ret;
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_object.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_object.c
new file mode 100644
index 000000000..5e1424a80
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_object.c
@@ -0,0 +1,383 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <limits.h>
+#include "internal/ctype.h"
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/bn.h>
+#include "internal/asn1_int.h"
+#include "asn1_locl.h"
+
+int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp)
+{
+    unsigned char *p, *allocated = NULL;
+    int objsize;
+
+    if ((a == NULL) || (a->data == NULL))
+        return 0;
+
+    objsize = ASN1_object_size(0, a->length, V_ASN1_OBJECT);
+    if (pp == NULL || objsize == -1)
+        return objsize;
+
+    if (*pp == NULL) {
+        if ((p = allocated = OPENSSL_malloc(objsize)) == NULL) {
+            ASN1err(ASN1_F_I2D_ASN1_OBJECT, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+    } else {
+        p = *pp;
+    }
+
+    ASN1_put_object(&p, 0, a->length, V_ASN1_OBJECT, V_ASN1_UNIVERSAL);
+    memcpy(p, a->data, a->length);
+
+    /*
+     * If a new buffer was allocated, just return it back.
+     * If not, return the incremented buffer pointer.
+     */
+    *pp = allocated != NULL ? allocated : p + a->length;
+    return objsize;
+}
+
+int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
+{
+    int i, first, len = 0, c, use_bn;
+    char ftmp[24], *tmp = ftmp;
+    int tmpsize = sizeof(ftmp);
+    const char *p;
+    unsigned long l;
+    BIGNUM *bl = NULL;
+
+    if (num == 0)
+        return 0;
+    else if (num == -1)
+        num = strlen(buf);
+
+    p = buf;
+    c = *(p++);
+    num--;
+    if ((c >= '0') && (c <= '2')) {
+        first = c - '0';
+    } else {
+        ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_FIRST_NUM_TOO_LARGE);
+        goto err;
+    }
+
+    if (num <= 0) {
+        ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_MISSING_SECOND_NUMBER);
+        goto err;
+    }
+    c = *(p++);
+    num--;
+    for (;;) {
+        if (num <= 0)
+            break;
+        if ((c != '.') && (c != ' ')) {
+            ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_INVALID_SEPARATOR);
+            goto err;
+        }
+        l = 0;
+        use_bn = 0;
+        for (;;) {
+            if (num <= 0)
+                break;
+            num--;
+            c = *(p++);
+            if ((c == ' ') || (c == '.'))
+                break;
+            if (!ossl_isdigit(c)) {
+                ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_INVALID_DIGIT);
+                goto err;
+            }
+            if (!use_bn && l >= ((ULONG_MAX - 80) / 10L)) {
+                use_bn = 1;
+                if (bl == NULL)
+                    bl = BN_new();
+                if (bl == NULL || !BN_set_word(bl, l))
+                    goto err;
+            }
+            if (use_bn) {
+                if (!BN_mul_word(bl, 10L)
+                    || !BN_add_word(bl, c - '0'))
+                    goto err;
+            } else
+                l = l * 10L + (long)(c - '0');
+        }
+        if (len == 0) {
+            if ((first < 2) && (l >= 40)) {
+                ASN1err(ASN1_F_A2D_ASN1_OBJECT,
+                        ASN1_R_SECOND_NUMBER_TOO_LARGE);
+                goto err;
+            }
+            if (use_bn) {
+                if (!BN_add_word(bl, first * 40))
+                    goto err;
+            } else
+                l += (long)first *40;
+        }
+        i = 0;
+        if (use_bn) {
+            int blsize;
+            blsize = BN_num_bits(bl);
+            blsize = (blsize + 6) / 7;
+            if (blsize > tmpsize) {
+                if (tmp != ftmp)
+                    OPENSSL_free(tmp);
+                tmpsize = blsize + 32;
+                tmp = OPENSSL_malloc(tmpsize);
+                if (tmp == NULL)
+                    goto err;
+            }
+            while (blsize--) {
+                BN_ULONG t = BN_div_word(bl, 0x80L);
+                if (t == (BN_ULONG)-1)
+                    goto err;
+                tmp[i++] = (unsigned char)t;
+            }
+        } else {
+
+            for (;;) {
+                tmp[i++] = (unsigned char)l & 0x7f;
+                l >>= 7L;
+                if (l == 0L)
+                    break;
+            }
+
+        }
+        if (out != NULL) {
+            if (len + i > olen) {
+                ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_BUFFER_TOO_SMALL);
+                goto err;
+            }
+            while (--i > 0)
+                out[len++] = tmp[i] | 0x80;
+            out[len++] = tmp[0];
+        } else
+            len += i;
+    }
+    if (tmp != ftmp)
+        OPENSSL_free(tmp);
+    BN_free(bl);
+    return len;
+ err:
+    if (tmp != ftmp)
+        OPENSSL_free(tmp);
+    BN_free(bl);
+    return 0;
+}
+
+int i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a)
+{
+    return OBJ_obj2txt(buf, buf_len, a, 0);
+}
+
+int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a)
+{
+    char buf[80], *p = buf;
+    int i;
+
+    if ((a == NULL) || (a->data == NULL))
+        return BIO_write(bp, "NULL", 4);
+    i = i2t_ASN1_OBJECT(buf, sizeof(buf), a);
+    if (i > (int)(sizeof(buf) - 1)) {
+        if ((p = OPENSSL_malloc(i + 1)) == NULL) {
+            ASN1err(ASN1_F_I2A_ASN1_OBJECT, ERR_R_MALLOC_FAILURE);
+            return -1;
+        }
+        i2t_ASN1_OBJECT(p, i + 1, a);
+    }
+    if (i <= 0) {
+        i = BIO_write(bp, "<INVALID>", 9);
+        i += BIO_dump(bp, (const char *)a->data, a->length);
+        return i;
+    }
+    BIO_write(bp, p, i);
+    if (p != buf)
+        OPENSSL_free(p);
+    return i;
+}
+
+ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
+                             long length)
+{
+    const unsigned char *p;
+    long len;
+    int tag, xclass;
+    int inf, i;
+    ASN1_OBJECT *ret = NULL;
+    p = *pp;
+    inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
+    if (inf & 0x80) {
+        i = ASN1_R_BAD_OBJECT_HEADER;
+        goto err;
+    }
+
+    if (tag != V_ASN1_OBJECT) {
+        i = ASN1_R_EXPECTING_AN_OBJECT;
+        goto err;
+    }
+    ret = c2i_ASN1_OBJECT(a, &p, len);
+    if (ret)
+        *pp = p;
+    return ret;
+ err:
+    ASN1err(ASN1_F_D2I_ASN1_OBJECT, i);
+    return NULL;
+}
+
+ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
+                             long len)
+{
+    ASN1_OBJECT *ret = NULL, tobj;
+    const unsigned char *p;
+    unsigned char *data;
+    int i, length;
+
+    /*
+     * Sanity check OID encoding. Need at least one content octet. MSB must
+     * be clear in the last octet. can't have leading 0x80 in subidentifiers,
+     * see: X.690 8.19.2
+     */
+    if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL ||
+        p[len - 1] & 0x80) {
+        ASN1err(ASN1_F_C2I_ASN1_OBJECT, ASN1_R_INVALID_OBJECT_ENCODING);
+        return NULL;
+    }
+    /* Now 0 < len <= INT_MAX, so the cast is safe. */
+    length = (int)len;
+    /*
+     * Try to lookup OID in table: these are all valid encodings so if we get
+     * a match we know the OID is valid.
+     */
+    tobj.nid = NID_undef;
+    tobj.data = p;
+    tobj.length = length;
+    tobj.flags = 0;
+    i = OBJ_obj2nid(&tobj);
+    if (i != NID_undef) {
+        /*
+         * Return shared registered OID object: this improves efficiency
+         * because we don't have to return a dynamically allocated OID
+         * and NID lookups can use the cached value.
+         */
+        ret = OBJ_nid2obj(i);
+        if (a) {
+            ASN1_OBJECT_free(*a);
+            *a = ret;
+        }
+        *pp += len;
+        return ret;
+    }
+    for (i = 0; i < length; i++, p++) {
+        if (*p == 0x80 && (!i || !(p[-1] & 0x80))) {
+            ASN1err(ASN1_F_C2I_ASN1_OBJECT, ASN1_R_INVALID_OBJECT_ENCODING);
+            return NULL;
+        }
+    }
+
+    /*
+     * only the ASN1_OBJECTs from the 'table' will have values for ->sn or
+     * ->ln
+     */
+    if ((a == NULL) || ((*a) == NULL) ||
+        !((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC)) {
+        if ((ret = ASN1_OBJECT_new()) == NULL)
+            return NULL;
+    } else
+        ret = (*a);
+
+    p = *pp;
+    /* detach data from object */
+    data = (unsigned char *)ret->data;
+    ret->data = NULL;
+    /* once detached we can change it */
+    if ((data == NULL) || (ret->length < length)) {
+        ret->length = 0;
+        OPENSSL_free(data);
+        data = OPENSSL_malloc(length);
+        if (data == NULL) {
+            i = ERR_R_MALLOC_FAILURE;
+            goto err;
+        }
+        ret->flags |= ASN1_OBJECT_FLAG_DYNAMIC_DATA;
+    }
+    memcpy(data, p, length);
+    /* reattach data to object, after which it remains const */
+    ret->data = data;
+    ret->length = length;
+    ret->sn = NULL;
+    ret->ln = NULL;
+    /* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */
+    p += length;
+
+    if (a != NULL)
+        (*a) = ret;
+    *pp = p;
+    return ret;
+ err:
+    ASN1err(ASN1_F_C2I_ASN1_OBJECT, i);
+    if ((a == NULL) || (*a != ret))
+        ASN1_OBJECT_free(ret);
+    return NULL;
+}
+
+ASN1_OBJECT *ASN1_OBJECT_new(void)
+{
+    ASN1_OBJECT *ret;
+
+    ret = OPENSSL_zalloc(sizeof(*ret));
+    if (ret == NULL) {
+        ASN1err(ASN1_F_ASN1_OBJECT_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    ret->flags = ASN1_OBJECT_FLAG_DYNAMIC;
+    return ret;
+}
+
+void ASN1_OBJECT_free(ASN1_OBJECT *a)
+{
+    if (a == NULL)
+        return;
+    if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS) {
+#ifndef CONST_STRICT            /* disable purely for compile-time strict
+                                 * const checking. Doing this on a "real"
+                                 * compile will cause memory leaks */
+        OPENSSL_free((void*)a->sn);
+        OPENSSL_free((void*)a->ln);
+#endif
+        a->sn = a->ln = NULL;
+    }
+    if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA) {
+        OPENSSL_free((void*)a->data);
+        a->data = NULL;
+        a->length = 0;
+    }
+    if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC)
+        OPENSSL_free(a);
+}
+
+ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len,
+                                const char *sn, const char *ln)
+{
+    ASN1_OBJECT o;
+
+    o.sn = sn;
+    o.ln = ln;
+    o.data = data;
+    o.nid = nid;
+    o.length = len;
+    o.flags = ASN1_OBJECT_FLAG_DYNAMIC | ASN1_OBJECT_FLAG_DYNAMIC_STRINGS |
+        ASN1_OBJECT_FLAG_DYNAMIC_DATA;
+    return OBJ_dup(&o);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_octet.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_octet.c
new file mode 100644
index 000000000..2e1205cae
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_octet.c
@@ -0,0 +1,29 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+
+ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *x)
+{
+    return ASN1_STRING_dup(x);
+}
+
+int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a,
+                          const ASN1_OCTET_STRING *b)
+{
+    return ASN1_STRING_cmp(a, b);
+}
+
+int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, const unsigned char *d,
+                          int len)
+{
+    return ASN1_STRING_set(x, d, len);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_print.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_print.c
new file mode 100644
index 000000000..8a373d9da
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_print.c
@@ -0,0 +1,95 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/ctype.h"
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+
+int ASN1_PRINTABLE_type(const unsigned char *s, int len)
+{
+    int c;
+    int ia5 = 0;
+    int t61 = 0;
+
+    if (len <= 0)
+        len = -1;
+    if (s == NULL)
+        return V_ASN1_PRINTABLESTRING;
+
+    while ((*s) && (len-- != 0)) {
+        c = *(s++);
+        if (!ossl_isasn1print(c))
+            ia5 = 1;
+        if (!ossl_isascii(c))
+            t61 = 1;
+    }
+    if (t61)
+        return V_ASN1_T61STRING;
+    if (ia5)
+        return V_ASN1_IA5STRING;
+    return V_ASN1_PRINTABLESTRING;
+}
+
+int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s)
+{
+    int i;
+    unsigned char *p;
+
+    if (s->type != V_ASN1_UNIVERSALSTRING)
+        return 0;
+    if ((s->length % 4) != 0)
+        return 0;
+    p = s->data;
+    for (i = 0; i < s->length; i += 4) {
+        if ((p[0] != '\0') || (p[1] != '\0') || (p[2] != '\0'))
+            break;
+        else
+            p += 4;
+    }
+    if (i < s->length)
+        return 0;
+    p = s->data;
+    for (i = 3; i < s->length; i += 4) {
+        *(p++) = s->data[i];
+    }
+    *(p) = '\0';
+    s->length /= 4;
+    s->type = ASN1_PRINTABLE_type(s->data, s->length);
+    return 1;
+}
+
+int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v)
+{
+    int i, n;
+    char buf[80];
+    const char *p;
+
+    if (v == NULL)
+        return 0;
+    n = 0;
+    p = (const char *)v->data;
+    for (i = 0; i < v->length; i++) {
+        if ((p[i] > '~') || ((p[i] < ' ') &&
+                             (p[i] != '\n') && (p[i] != '\r')))
+            buf[n] = '.';
+        else
+            buf[n] = p[i];
+        n++;
+        if (n >= 80) {
+            if (BIO_write(bp, buf, n) <= 0)
+                return 0;
+            n = 0;
+        }
+    }
+    if (n > 0)
+        if (BIO_write(bp, buf, n) <= 0)
+            return 0;
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_sign.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_sign.c
new file mode 100644
index 000000000..146fdb962
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_sign.c
@@ -0,0 +1,241 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include <sys/types.h>
+
+#include "internal/cryptlib.h"
+
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
+
+#ifndef NO_ASN1_OLD
+
+int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2,
+              ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey,
+              const EVP_MD *type)
+{
+    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+    unsigned char *p, *buf_in = NULL, *buf_out = NULL;
+    int i, inl = 0, outl = 0;
+    size_t inll = 0, outll = 0;
+    X509_ALGOR *a;
+
+    if (ctx == NULL) {
+        ASN1err(ASN1_F_ASN1_SIGN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    for (i = 0; i < 2; i++) {
+        if (i == 0)
+            a = algor1;
+        else
+            a = algor2;
+        if (a == NULL)
+            continue;
+        if (type->pkey_type == NID_dsaWithSHA1) {
+            /*
+             * special case: RFC 2459 tells us to omit 'parameters' with
+             * id-dsa-with-sha1
+             */
+            ASN1_TYPE_free(a->parameter);
+            a->parameter = NULL;
+        } else if ((a->parameter == NULL) ||
+                   (a->parameter->type != V_ASN1_NULL)) {
+            ASN1_TYPE_free(a->parameter);
+            if ((a->parameter = ASN1_TYPE_new()) == NULL)
+                goto err;
+            a->parameter->type = V_ASN1_NULL;
+        }
+        ASN1_OBJECT_free(a->algorithm);
+        a->algorithm = OBJ_nid2obj(type->pkey_type);
+        if (a->algorithm == NULL) {
+            ASN1err(ASN1_F_ASN1_SIGN, ASN1_R_UNKNOWN_OBJECT_TYPE);
+            goto err;
+        }
+        if (a->algorithm->length == 0) {
+            ASN1err(ASN1_F_ASN1_SIGN,
+                    ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
+            goto err;
+        }
+    }
+    inl = i2d(data, NULL);
+    if (inl <= 0) {
+        ASN1err(ASN1_F_ASN1_SIGN, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    inll = (size_t)inl;
+    buf_in = OPENSSL_malloc(inll);
+    outll = outl = EVP_PKEY_size(pkey);
+    buf_out = OPENSSL_malloc(outll);
+    if (buf_in == NULL || buf_out == NULL) {
+        outl = 0;
+        ASN1err(ASN1_F_ASN1_SIGN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    p = buf_in;
+
+    i2d(data, &p);
+    if (!EVP_SignInit_ex(ctx, type, NULL)
+        || !EVP_SignUpdate(ctx, (unsigned char *)buf_in, inl)
+        || !EVP_SignFinal(ctx, (unsigned char *)buf_out,
+                          (unsigned int *)&outl, pkey)) {
+        outl = 0;
+        ASN1err(ASN1_F_ASN1_SIGN, ERR_R_EVP_LIB);
+        goto err;
+    }
+    OPENSSL_free(signature->data);
+    signature->data = buf_out;
+    buf_out = NULL;
+    signature->length = outl;
+    /*
+     * In the interests of compatibility, I'll make sure that the bit string
+     * has a 'not-used bits' value of 0
+     */
+    signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
+    signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+ err:
+    EVP_MD_CTX_free(ctx);
+    OPENSSL_clear_free((char *)buf_in, inll);
+    OPENSSL_clear_free((char *)buf_out, outll);
+    return outl;
+}
+
+#endif
+
+int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1,
+                   X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *asn,
+                   EVP_PKEY *pkey, const EVP_MD *type)
+{
+    int rv;
+    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+
+    if (ctx == NULL) {
+        ASN1err(ASN1_F_ASN1_ITEM_SIGN, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    if (!EVP_DigestSignInit(ctx, NULL, type, NULL, pkey)) {
+        EVP_MD_CTX_free(ctx);
+        return 0;
+    }
+
+    rv = ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, ctx);
+
+    EVP_MD_CTX_free(ctx);
+    return rv;
+}
+
+int ASN1_item_sign_ctx(const ASN1_ITEM *it,
+                       X509_ALGOR *algor1, X509_ALGOR *algor2,
+                       ASN1_BIT_STRING *signature, void *asn, EVP_MD_CTX *ctx)
+{
+    const EVP_MD *type;
+    EVP_PKEY *pkey;
+    unsigned char *buf_in = NULL, *buf_out = NULL;
+    size_t inl = 0, outl = 0, outll = 0;
+    int signid, paramtype, buf_len = 0;
+    int rv;
+
+    type = EVP_MD_CTX_md(ctx);
+    pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx));
+
+    if (pkey == NULL) {
+        ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_CONTEXT_NOT_INITIALISED);
+        goto err;
+    }
+
+    if (pkey->ameth == NULL) {
+        ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
+        goto err;
+    }
+
+    if (pkey->ameth->item_sign) {
+        rv = pkey->ameth->item_sign(ctx, it, asn, algor1, algor2, signature);
+        if (rv == 1)
+            outl = signature->length;
+        /*-
+         * Return value meanings:
+         * <=0: error.
+         *   1: method does everything.
+         *   2: carry on as normal.
+         *   3: ASN1 method sets algorithm identifiers: just sign.
+         */
+        if (rv <= 0)
+            ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB);
+        if (rv <= 1)
+            goto err;
+    } else {
+        rv = 2;
+    }
+
+    if (rv == 2) {
+        if (type == NULL) {
+            ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_CONTEXT_NOT_INITIALISED);
+            goto err;
+        }
+        if (!OBJ_find_sigid_by_algs(&signid,
+                                    EVP_MD_nid(type),
+                                    pkey->ameth->pkey_id)) {
+            ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX,
+                    ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
+            goto err;
+        }
+
+        if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL)
+            paramtype = V_ASN1_NULL;
+        else
+            paramtype = V_ASN1_UNDEF;
+
+        if (algor1)
+            X509_ALGOR_set0(algor1, OBJ_nid2obj(signid), paramtype, NULL);
+        if (algor2)
+            X509_ALGOR_set0(algor2, OBJ_nid2obj(signid), paramtype, NULL);
+
+    }
+
+    buf_len = ASN1_item_i2d(asn, &buf_in, it);
+    if (buf_len <= 0) {
+        outl = 0;
+        ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    inl = buf_len;
+    outll = outl = EVP_PKEY_size(pkey);
+    buf_out = OPENSSL_malloc(outll);
+    if (buf_in == NULL || buf_out == NULL) {
+        outl = 0;
+        ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (!EVP_DigestSign(ctx, buf_out, &outl, buf_in, inl)) {
+        outl = 0;
+        ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB);
+        goto err;
+    }
+    OPENSSL_free(signature->data);
+    signature->data = buf_out;
+    buf_out = NULL;
+    signature->length = outl;
+    /*
+     * In the interests of compatibility, I'll make sure that the bit string
+     * has a 'not-used bits' value of 0
+     */
+    signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
+    signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+ err:
+    OPENSSL_clear_free((char *)buf_in, inl);
+    OPENSSL_clear_free((char *)buf_out, outll);
+    return outl;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_strex.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_strex.c
new file mode 100644
index 000000000..ea4dd1c5b
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_strex.c
@@ -0,0 +1,626 @@
+/*
+ * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include "internal/cryptlib.h"
+#include "internal/asn1_int.h"
+#include <openssl/crypto.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+
+#include "charmap.h"
+
+/*
+ * ASN1_STRING_print_ex() and X509_NAME_print_ex(). Enhanced string and name
+ * printing routines handling multibyte characters, RFC2253 and a host of
+ * other options.
+ */
+
+#define CHARTYPE_BS_ESC         (ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253)
+
+#define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \
+                  ASN1_STRFLGS_ESC_2254 | \
+                  ASN1_STRFLGS_ESC_QUOTE | \
+                  ASN1_STRFLGS_ESC_CTRL | \
+                  ASN1_STRFLGS_ESC_MSB)
+
+/*
+ * Three IO functions for sending data to memory, a BIO and and a FILE
+ * pointer.
+ */
+static int send_bio_chars(void *arg, const void *buf, int len)
+{
+    if (!arg)
+        return 1;
+    if (BIO_write(arg, buf, len) != len)
+        return 0;
+    return 1;
+}
+
+#ifndef OPENSSL_NO_STDIO
+static int send_fp_chars(void *arg, const void *buf, int len)
+{
+    if (!arg)
+        return 1;
+    if (fwrite(buf, 1, len, arg) != (unsigned int)len)
+        return 0;
+    return 1;
+}
+#endif
+
+typedef int char_io (void *arg, const void *buf, int len);
+
+/*
+ * This function handles display of strings, one character at a time. It is
+ * passed an unsigned long for each character because it could come from 2 or
+ * even 4 byte forms.
+ */
+
+static int do_esc_char(unsigned long c, unsigned short flags, char *do_quotes,
+                       char_io *io_ch, void *arg)
+{
+    unsigned short chflgs;
+    unsigned char chtmp;
+    char tmphex[HEX_SIZE(long) + 3];
+
+    if (c > 0xffffffffL)
+        return -1;
+    if (c > 0xffff) {
+        BIO_snprintf(tmphex, sizeof(tmphex), "\\W%08lX", c);
+        if (!io_ch(arg, tmphex, 10))
+            return -1;
+        return 10;
+    }
+    if (c > 0xff) {
+        BIO_snprintf(tmphex, sizeof(tmphex), "\\U%04lX", c);
+        if (!io_ch(arg, tmphex, 6))
+            return -1;
+        return 6;
+    }
+    chtmp = (unsigned char)c;
+    if (chtmp > 0x7f)
+        chflgs = flags & ASN1_STRFLGS_ESC_MSB;
+    else
+        chflgs = char_type[chtmp] & flags;
+    if (chflgs & CHARTYPE_BS_ESC) {
+        /* If we don't escape with quotes, signal we need quotes */
+        if (chflgs & ASN1_STRFLGS_ESC_QUOTE) {
+            if (do_quotes)
+                *do_quotes = 1;
+            if (!io_ch(arg, &chtmp, 1))
+                return -1;
+            return 1;
+        }
+        if (!io_ch(arg, "\\", 1))
+            return -1;
+        if (!io_ch(arg, &chtmp, 1))
+            return -1;
+        return 2;
+    }
+    if (chflgs & (ASN1_STRFLGS_ESC_CTRL
+                  | ASN1_STRFLGS_ESC_MSB
+                  | ASN1_STRFLGS_ESC_2254)) {
+        BIO_snprintf(tmphex, 11, "\\%02X", chtmp);
+        if (!io_ch(arg, tmphex, 3))
+            return -1;
+        return 3;
+    }
+    /*
+     * If we get this far and do any escaping at all must escape the escape
+     * character itself: backslash.
+     */
+    if (chtmp == '\\' && (flags & ESC_FLAGS)) {
+        if (!io_ch(arg, "\\\\", 2))
+            return -1;
+        return 2;
+    }
+    if (!io_ch(arg, &chtmp, 1))
+        return -1;
+    return 1;
+}
+
+#define BUF_TYPE_WIDTH_MASK     0x7
+#define BUF_TYPE_CONVUTF8       0x8
+
+/*
+ * This function sends each character in a buffer to do_esc_char(). It
+ * interprets the content formats and converts to or from UTF8 as
+ * appropriate.
+ */
+
+static int do_buf(unsigned char *buf, int buflen,
+                  int type, unsigned short flags, char *quotes, char_io *io_ch,
+                  void *arg)
+{
+    int i, outlen, len, charwidth;
+    unsigned short orflags;
+    unsigned char *p, *q;
+    unsigned long c;
+
+    p = buf;
+    q = buf + buflen;
+    outlen = 0;
+    charwidth = type & BUF_TYPE_WIDTH_MASK;
+
+    switch (charwidth) {
+    case 4:
+        if (buflen & 3) {
+            ASN1err(ASN1_F_DO_BUF, ASN1_R_INVALID_UNIVERSALSTRING_LENGTH);
+            return -1;
+        }
+        break;
+    case 2:
+        if (buflen & 1) {
+            ASN1err(ASN1_F_DO_BUF, ASN1_R_INVALID_BMPSTRING_LENGTH);
+            return -1;
+        }
+        break;
+    default:
+        break;
+    }
+
+    while (p != q) {
+        if (p == buf && flags & ASN1_STRFLGS_ESC_2253)
+            orflags = CHARTYPE_FIRST_ESC_2253;
+        else
+            orflags = 0;
+
+        switch (charwidth) {
+        case 4:
+            c = ((unsigned long)*p++) << 24;
+            c |= ((unsigned long)*p++) << 16;
+            c |= ((unsigned long)*p++) << 8;
+            c |= *p++;
+            break;
+
+        case 2:
+            c = ((unsigned long)*p++) << 8;
+            c |= *p++;
+            break;
+
+        case 1:
+            c = *p++;
+            break;
+
+        case 0:
+            i = UTF8_getc(p, buflen, &c);
+            if (i < 0)
+                return -1;      /* Invalid UTF8String */
+            buflen -= i;
+            p += i;
+            break;
+        default:
+            return -1;          /* invalid width */
+        }
+        if (p == q && flags & ASN1_STRFLGS_ESC_2253)
+            orflags = CHARTYPE_LAST_ESC_2253;
+        if (type & BUF_TYPE_CONVUTF8) {
+            unsigned char utfbuf[6];
+            int utflen;
+            utflen = UTF8_putc(utfbuf, sizeof(utfbuf), c);
+            for (i = 0; i < utflen; i++) {
+                /*
+                 * We don't need to worry about setting orflags correctly
+                 * because if utflen==1 its value will be correct anyway
+                 * otherwise each character will be > 0x7f and so the
+                 * character will never be escaped on first and last.
+                 */
+                len = do_esc_char(utfbuf[i], flags | orflags, quotes,
+                                  io_ch, arg);
+                if (len < 0)
+                    return -1;
+                outlen += len;
+            }
+        } else {
+            len = do_esc_char(c, flags | orflags, quotes,
+                              io_ch, arg);
+            if (len < 0)
+                return -1;
+            outlen += len;
+        }
+    }
+    return outlen;
+}
+
+/* This function hex dumps a buffer of characters */
+
+static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf,
+                       int buflen)
+{
+    static const char hexdig[] = "0123456789ABCDEF";
+    unsigned char *p, *q;
+    char hextmp[2];
+    if (arg) {
+        p = buf;
+        q = buf + buflen;
+        while (p != q) {
+            hextmp[0] = hexdig[*p >> 4];
+            hextmp[1] = hexdig[*p & 0xf];
+            if (!io_ch(arg, hextmp, 2))
+                return -1;
+            p++;
+        }
+    }
+    return buflen << 1;
+}
+
+/*
+ * "dump" a string. This is done when the type is unknown, or the flags
+ * request it. We can either dump the content octets or the entire DER
+ * encoding. This uses the RFC2253 #01234 format.
+ */
+
+static int do_dump(unsigned long lflags, char_io *io_ch, void *arg,
+                   const ASN1_STRING *str)
+{
+    /*
+     * Placing the ASN1_STRING in a temp ASN1_TYPE allows the DER encoding to
+     * readily obtained
+     */
+    ASN1_TYPE t;
+    unsigned char *der_buf, *p;
+    int outlen, der_len;
+
+    if (!io_ch(arg, "#", 1))
+        return -1;
+    /* If we don't dump DER encoding just dump content octets */
+    if (!(lflags & ASN1_STRFLGS_DUMP_DER)) {
+        outlen = do_hex_dump(io_ch, arg, str->data, str->length);
+        if (outlen < 0)
+            return -1;
+        return outlen + 1;
+    }
+    t.type = str->type;
+    t.value.ptr = (char *)str;
+    der_len = i2d_ASN1_TYPE(&t, NULL);
+    if ((der_buf = OPENSSL_malloc(der_len)) == NULL) {
+        ASN1err(ASN1_F_DO_DUMP, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+    p = der_buf;
+    i2d_ASN1_TYPE(&t, &p);
+    outlen = do_hex_dump(io_ch, arg, der_buf, der_len);
+    OPENSSL_free(der_buf);
+    if (outlen < 0)
+        return -1;
+    return outlen + 1;
+}
+
+/*
+ * Lookup table to convert tags to character widths, 0 = UTF8 encoded, -1 is
+ * used for non string types otherwise it is the number of bytes per
+ * character
+ */
+
+static const signed char tag2nbyte[] = {
+    -1, -1, -1, -1, -1,         /* 0-4 */
+    -1, -1, -1, -1, -1,         /* 5-9 */
+    -1, -1,                     /* 10-11 */
+     0,                         /* 12 V_ASN1_UTF8STRING */
+    -1, -1, -1, -1, -1,         /* 13-17 */
+     1,                         /* 18 V_ASN1_NUMERICSTRING */
+     1,                         /* 19 V_ASN1_PRINTABLESTRING */
+     1,                         /* 20 V_ASN1_T61STRING */
+    -1,                         /* 21 */
+     1,                         /* 22 V_ASN1_IA5STRING */
+     1,                         /* 23 V_ASN1_UTCTIME */
+     1,                         /* 24 V_ASN1_GENERALIZEDTIME */
+    -1,                         /* 25 */
+     1,                         /* 26 V_ASN1_ISO64STRING */
+    -1,                         /* 27 */
+     4,                         /* 28 V_ASN1_UNIVERSALSTRING */
+    -1,                         /* 29 */
+     2                          /* 30 V_ASN1_BMPSTRING */
+};
+
+/*
+ * This is the main function, print out an ASN1_STRING taking note of various
+ * escape and display options. Returns number of characters written or -1 if
+ * an error occurred.
+ */
+
+static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags,
+                       const ASN1_STRING *str)
+{
+    int outlen, len;
+    int type;
+    char quotes;
+    unsigned short flags;
+    quotes = 0;
+    /* Keep a copy of escape flags */
+    flags = (unsigned short)(lflags & ESC_FLAGS);
+
+    type = str->type;
+
+    outlen = 0;
+
+    if (lflags & ASN1_STRFLGS_SHOW_TYPE) {
+        const char *tagname;
+        tagname = ASN1_tag2str(type);
+        outlen += strlen(tagname);
+        if (!io_ch(arg, tagname, outlen) || !io_ch(arg, ":", 1))
+            return -1;
+        outlen++;
+    }
+
+    /* Decide what to do with type, either dump content or display it */
+
+    /* Dump everything */
+    if (lflags & ASN1_STRFLGS_DUMP_ALL)
+        type = -1;
+    /* Ignore the string type */
+    else if (lflags & ASN1_STRFLGS_IGNORE_TYPE)
+        type = 1;
+    else {
+        /* Else determine width based on type */
+        if ((type > 0) && (type < 31))
+            type = tag2nbyte[type];
+        else
+            type = -1;
+        if ((type == -1) && !(lflags & ASN1_STRFLGS_DUMP_UNKNOWN))
+            type = 1;
+    }
+
+    if (type == -1) {
+        len = do_dump(lflags, io_ch, arg, str);
+        if (len < 0)
+            return -1;
+        outlen += len;
+        return outlen;
+    }
+
+    if (lflags & ASN1_STRFLGS_UTF8_CONVERT) {
+        /*
+         * Note: if string is UTF8 and we want to convert to UTF8 then we
+         * just interpret it as 1 byte per character to avoid converting
+         * twice.
+         */
+        if (!type)
+            type = 1;
+        else
+            type |= BUF_TYPE_CONVUTF8;
+    }
+
+    len = do_buf(str->data, str->length, type, flags, &quotes, io_ch, NULL);
+    if (len < 0)
+        return -1;
+    outlen += len;
+    if (quotes)
+        outlen += 2;
+    if (!arg)
+        return outlen;
+    if (quotes && !io_ch(arg, "\"", 1))
+        return -1;
+    if (do_buf(str->data, str->length, type, flags, NULL, io_ch, arg) < 0)
+        return -1;
+    if (quotes && !io_ch(arg, "\"", 1))
+        return -1;
+    return outlen;
+}
+
+/* Used for line indenting: print 'indent' spaces */
+
+static int do_indent(char_io *io_ch, void *arg, int indent)
+{
+    int i;
+    for (i = 0; i < indent; i++)
+        if (!io_ch(arg, " ", 1))
+            return 0;
+    return 1;
+}
+
+#define FN_WIDTH_LN     25
+#define FN_WIDTH_SN     10
+
+static int do_name_ex(char_io *io_ch, void *arg, const X509_NAME *n,
+                      int indent, unsigned long flags)
+{
+    int i, prev = -1, orflags, cnt;
+    int fn_opt, fn_nid;
+    ASN1_OBJECT *fn;
+    const ASN1_STRING *val;
+    const X509_NAME_ENTRY *ent;
+    char objtmp[80];
+    const char *objbuf;
+    int outlen, len;
+    char *sep_dn, *sep_mv, *sep_eq;
+    int sep_dn_len, sep_mv_len, sep_eq_len;
+    if (indent < 0)
+        indent = 0;
+    outlen = indent;
+    if (!do_indent(io_ch, arg, indent))
+        return -1;
+    switch (flags & XN_FLAG_SEP_MASK) {
+    case XN_FLAG_SEP_MULTILINE:
+        sep_dn = "\n";
+        sep_dn_len = 1;
+        sep_mv = " + ";
+        sep_mv_len = 3;
+        break;
+
+    case XN_FLAG_SEP_COMMA_PLUS:
+        sep_dn = ",";
+        sep_dn_len = 1;
+        sep_mv = "+";
+        sep_mv_len = 1;
+        indent = 0;
+        break;
+
+    case XN_FLAG_SEP_CPLUS_SPC:
+        sep_dn = ", ";
+        sep_dn_len = 2;
+        sep_mv = " + ";
+        sep_mv_len = 3;
+        indent = 0;
+        break;
+
+    case XN_FLAG_SEP_SPLUS_SPC:
+        sep_dn = "; ";
+        sep_dn_len = 2;
+        sep_mv = " + ";
+        sep_mv_len = 3;
+        indent = 0;
+        break;
+
+    default:
+        return -1;
+    }
+
+    if (flags & XN_FLAG_SPC_EQ) {
+        sep_eq = " = ";
+        sep_eq_len = 3;
+    } else {
+        sep_eq = "=";
+        sep_eq_len = 1;
+    }
+
+    fn_opt = flags & XN_FLAG_FN_MASK;
+
+    cnt = X509_NAME_entry_count(n);
+    for (i = 0; i < cnt; i++) {
+        if (flags & XN_FLAG_DN_REV)
+            ent = X509_NAME_get_entry(n, cnt - i - 1);
+        else
+            ent = X509_NAME_get_entry(n, i);
+        if (prev != -1) {
+            if (prev == X509_NAME_ENTRY_set(ent)) {
+                if (!io_ch(arg, sep_mv, sep_mv_len))
+                    return -1;
+                outlen += sep_mv_len;
+            } else {
+                if (!io_ch(arg, sep_dn, sep_dn_len))
+                    return -1;
+                outlen += sep_dn_len;
+                if (!do_indent(io_ch, arg, indent))
+                    return -1;
+                outlen += indent;
+            }
+        }
+        prev = X509_NAME_ENTRY_set(ent);
+        fn = X509_NAME_ENTRY_get_object(ent);
+        val = X509_NAME_ENTRY_get_data(ent);
+        fn_nid = OBJ_obj2nid(fn);
+        if (fn_opt != XN_FLAG_FN_NONE) {
+            int objlen, fld_len;
+            if ((fn_opt == XN_FLAG_FN_OID) || (fn_nid == NID_undef)) {
+                OBJ_obj2txt(objtmp, sizeof(objtmp), fn, 1);
+                fld_len = 0;    /* XXX: what should this be? */
+                objbuf = objtmp;
+            } else {
+                if (fn_opt == XN_FLAG_FN_SN) {
+                    fld_len = FN_WIDTH_SN;
+                    objbuf = OBJ_nid2sn(fn_nid);
+                } else if (fn_opt == XN_FLAG_FN_LN) {
+                    fld_len = FN_WIDTH_LN;
+                    objbuf = OBJ_nid2ln(fn_nid);
+                } else {
+                    fld_len = 0; /* XXX: what should this be? */
+                    objbuf = "";
+                }
+            }
+            objlen = strlen(objbuf);
+            if (!io_ch(arg, objbuf, objlen))
+                return -1;
+            if ((objlen < fld_len) && (flags & XN_FLAG_FN_ALIGN)) {
+                if (!do_indent(io_ch, arg, fld_len - objlen))
+                    return -1;
+                outlen += fld_len - objlen;
+            }
+            if (!io_ch(arg, sep_eq, sep_eq_len))
+                return -1;
+            outlen += objlen + sep_eq_len;
+        }
+        /*
+         * If the field name is unknown then fix up the DER dump flag. We
+         * might want to limit this further so it will DER dump on anything
+         * other than a few 'standard' fields.
+         */
+        if ((fn_nid == NID_undef) && (flags & XN_FLAG_DUMP_UNKNOWN_FIELDS))
+            orflags = ASN1_STRFLGS_DUMP_ALL;
+        else
+            orflags = 0;
+
+        len = do_print_ex(io_ch, arg, flags | orflags, val);
+        if (len < 0)
+            return -1;
+        outlen += len;
+    }
+    return outlen;
+}
+
+/* Wrappers round the main functions */
+
+int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent,
+                       unsigned long flags)
+{
+    if (flags == XN_FLAG_COMPAT)
+        return X509_NAME_print(out, nm, indent);
+    return do_name_ex(send_bio_chars, out, nm, indent, flags);
+}
+
+#ifndef OPENSSL_NO_STDIO
+int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent,
+                          unsigned long flags)
+{
+    if (flags == XN_FLAG_COMPAT) {
+        BIO *btmp;
+        int ret;
+        btmp = BIO_new_fp(fp, BIO_NOCLOSE);
+        if (!btmp)
+            return -1;
+        ret = X509_NAME_print(btmp, nm, indent);
+        BIO_free(btmp);
+        return ret;
+    }
+    return do_name_ex(send_fp_chars, fp, nm, indent, flags);
+}
+#endif
+
+int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags)
+{
+    return do_print_ex(send_bio_chars, out, flags, str);
+}
+
+#ifndef OPENSSL_NO_STDIO
+int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flags)
+{
+    return do_print_ex(send_fp_chars, fp, flags, str);
+}
+#endif
+
+/*
+ * Utility function: convert any string type to UTF8, returns number of bytes
+ * in output string or a negative error code
+ */
+
+int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in)
+{
+    ASN1_STRING stmp, *str = &stmp;
+    int mbflag, type, ret;
+    if (!in)
+        return -1;
+    type = in->type;
+    if ((type < 0) || (type > 30))
+        return -1;
+    mbflag = tag2nbyte[type];
+    if (mbflag == -1)
+        return -1;
+    mbflag |= MBSTRING_FLAG;
+    stmp.data = NULL;
+    stmp.length = 0;
+    stmp.flags = 0;
+    ret =
+        ASN1_mbstring_copy(&str, in->data, in->length, mbflag,
+                           B_ASN1_UTF8STRING);
+    if (ret < 0)
+        return ret;
+    *out = stmp.data;
+    return stmp.length;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_strnid.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_strnid.c
new file mode 100644
index 000000000..f19a9de64
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_strnid.c
@@ -0,0 +1,219 @@
+/*
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+
+static STACK_OF(ASN1_STRING_TABLE) *stable = NULL;
+static void st_free(ASN1_STRING_TABLE *tbl);
+static int sk_table_cmp(const ASN1_STRING_TABLE *const *a,
+                        const ASN1_STRING_TABLE *const *b);
+
+/*
+ * This is the global mask for the mbstring functions: this is use to mask
+ * out certain types (such as BMPString and UTF8String) because certain
+ * software (e.g. Netscape) has problems with them.
+ */
+
+static unsigned long global_mask = B_ASN1_UTF8STRING;
+
+void ASN1_STRING_set_default_mask(unsigned long mask)
+{
+    global_mask = mask;
+}
+
+unsigned long ASN1_STRING_get_default_mask(void)
+{
+    return global_mask;
+}
+
+/*-
+ * This function sets the default to various "flavours" of configuration.
+ * based on an ASCII string. Currently this is:
+ * MASK:XXXX : a numerical mask value.
+ * nobmp : Don't use BMPStrings (just Printable, T61).
+ * pkix : PKIX recommendation in RFC2459.
+ * utf8only : only use UTF8Strings (RFC2459 recommendation for 2004).
+ * default:   the default value, Printable, T61, BMP.
+ */
+
+int ASN1_STRING_set_default_mask_asc(const char *p)
+{
+    unsigned long mask;
+    char *end;
+
+    if (strncmp(p, "MASK:", 5) == 0) {
+        if (!p[5])
+            return 0;
+        mask = strtoul(p + 5, &end, 0);
+        if (*end)
+            return 0;
+    } else if (strcmp(p, "nombstr") == 0)
+        mask = ~((unsigned long)(B_ASN1_BMPSTRING | B_ASN1_UTF8STRING));
+    else if (strcmp(p, "pkix") == 0)
+        mask = ~((unsigned long)B_ASN1_T61STRING);
+    else if (strcmp(p, "utf8only") == 0)
+        mask = B_ASN1_UTF8STRING;
+    else if (strcmp(p, "default") == 0)
+        mask = 0xFFFFFFFFL;
+    else
+        return 0;
+    ASN1_STRING_set_default_mask(mask);
+    return 1;
+}
+
+/*
+ * The following function generates an ASN1_STRING based on limits in a
+ * table. Frequently the types and length of an ASN1_STRING are restricted by
+ * a corresponding OID. For example certificates and certificate requests.
+ */
+
+ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out,
+                                    const unsigned char *in, int inlen,
+                                    int inform, int nid)
+{
+    ASN1_STRING_TABLE *tbl;
+    ASN1_STRING *str = NULL;
+    unsigned long mask;
+    int ret;
+
+    if (out == NULL)
+        out = &str;
+    tbl = ASN1_STRING_TABLE_get(nid);
+    if (tbl != NULL) {
+        mask = tbl->mask;
+        if (!(tbl->flags & STABLE_NO_MASK))
+            mask &= global_mask;
+        ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask,
+                                  tbl->minsize, tbl->maxsize);
+    } else {
+        ret = ASN1_mbstring_copy(out, in, inlen, inform,
+                                 DIRSTRING_TYPE & global_mask);
+    }
+    if (ret <= 0)
+        return NULL;
+    return *out;
+}
+
+/*
+ * Now the tables and helper functions for the string table:
+ */
+
+#include "tbl_standard.h"
+
+static int sk_table_cmp(const ASN1_STRING_TABLE *const *a,
+                        const ASN1_STRING_TABLE *const *b)
+{
+    return (*a)->nid - (*b)->nid;
+}
+
+DECLARE_OBJ_BSEARCH_CMP_FN(ASN1_STRING_TABLE, ASN1_STRING_TABLE, table);
+
+static int table_cmp(const ASN1_STRING_TABLE *a, const ASN1_STRING_TABLE *b)
+{
+    return a->nid - b->nid;
+}
+
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(ASN1_STRING_TABLE, ASN1_STRING_TABLE, table);
+
+ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid)
+{
+    int idx;
+    ASN1_STRING_TABLE fnd;
+
+    fnd.nid = nid;
+    if (stable) {
+        idx = sk_ASN1_STRING_TABLE_find(stable, &fnd);
+        if (idx >= 0)
+            return sk_ASN1_STRING_TABLE_value(stable, idx);
+    }
+    return OBJ_bsearch_table(&fnd, tbl_standard, OSSL_NELEM(tbl_standard));
+}
+
+/*
+ * Return a string table pointer which can be modified: either directly from
+ * table or a copy of an internal value added to the table.
+ */
+
+static ASN1_STRING_TABLE *stable_get(int nid)
+{
+    ASN1_STRING_TABLE *tmp, *rv;
+
+    /* Always need a string table so allocate one if NULL */
+    if (stable == NULL) {
+        stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp);
+        if (stable == NULL)
+            return NULL;
+    }
+    tmp = ASN1_STRING_TABLE_get(nid);
+    if (tmp != NULL && tmp->flags & STABLE_FLAGS_MALLOC)
+        return tmp;
+    if ((rv = OPENSSL_zalloc(sizeof(*rv))) == NULL) {
+        ASN1err(ASN1_F_STABLE_GET, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    if (!sk_ASN1_STRING_TABLE_push(stable, rv)) {
+        OPENSSL_free(rv);
+        return NULL;
+    }
+    if (tmp != NULL) {
+        rv->nid = tmp->nid;
+        rv->minsize = tmp->minsize;
+        rv->maxsize = tmp->maxsize;
+        rv->mask = tmp->mask;
+        rv->flags = tmp->flags | STABLE_FLAGS_MALLOC;
+    } else {
+        rv->nid = nid;
+        rv->minsize = -1;
+        rv->maxsize = -1;
+        rv->flags = STABLE_FLAGS_MALLOC;
+    }
+    return rv;
+}
+
+int ASN1_STRING_TABLE_add(int nid,
+                          long minsize, long maxsize, unsigned long mask,
+                          unsigned long flags)
+{
+    ASN1_STRING_TABLE *tmp;
+
+    tmp = stable_get(nid);
+    if (tmp == NULL) {
+        ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    if (minsize >= 0)
+        tmp->minsize = minsize;
+    if (maxsize >= 0)
+        tmp->maxsize = maxsize;
+    if (mask)
+        tmp->mask = mask;
+    if (flags)
+        tmp->flags = STABLE_FLAGS_MALLOC | flags;
+    return 1;
+}
+
+void ASN1_STRING_TABLE_cleanup(void)
+{
+    STACK_OF(ASN1_STRING_TABLE) *tmp;
+
+    tmp = stable;
+    if (tmp == NULL)
+        return;
+    stable = NULL;
+    sk_ASN1_STRING_TABLE_pop_free(tmp, st_free);
+}
+
+static void st_free(ASN1_STRING_TABLE *tbl)
+{
+    if (tbl->flags & STABLE_FLAGS_MALLOC)
+        OPENSSL_free(tbl);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_time.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_time.c
new file mode 100644
index 000000000..1babb9636
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_time.c
@@ -0,0 +1,553 @@
+/*
+ * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*-
+ * This is an implementation of the ASN1 Time structure which is:
+ *    Time ::= CHOICE {
+ *      utcTime        UTCTime,
+ *      generalTime    GeneralizedTime }
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "internal/ctype.h"
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include "asn1_locl.h"
+
+IMPLEMENT_ASN1_MSTRING(ASN1_TIME, B_ASN1_TIME)
+
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_TIME)
+
+static int is_utc(const int year)
+{
+    if (50 <= year && year <= 149)
+        return 1;
+    return 0;
+}
+
+static int leap_year(const int year)
+{
+    if (year % 400 == 0 || (year % 100 != 0 && year % 4 == 0))
+        return 1;
+    return 0;
+}
+
+/*
+ * Compute the day of the week and the day of the year from the year, month
+ * and day.  The day of the year is straightforward, the day of the week uses
+ * a form of Zeller's congruence.  For this months start with March and are
+ * numbered 4 through 15.
+ */
+static void determine_days(struct tm *tm)
+{
+    static const int ydays[12] = {
+        0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
+    };
+    int y = tm->tm_year + 1900;
+    int m = tm->tm_mon;
+    int d = tm->tm_mday;
+    int c;
+
+    tm->tm_yday = ydays[m] + d - 1;
+    if (m >= 2) {
+        /* March and onwards can be one day further into the year */
+        tm->tm_yday += leap_year(y);
+        m += 2;
+    } else {
+        /* Treat January and February as part of the previous year */
+        m += 14;
+        y--;
+    }
+    c = y / 100;
+    y %= 100;
+    /* Zeller's congruance */
+    tm->tm_wday = (d + (13 * m) / 5 + y + y / 4 + c / 4 + 5 * c + 6) % 7;
+}
+
+int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d)
+{
+    static const int min[9] = { 0, 0, 1, 1, 0, 0, 0, 0, 0 };
+    static const int max[9] = { 99, 99, 12, 31, 23, 59, 59, 12, 59 };
+    static const int mdays[12] = { 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 };
+    char *a;
+    int n, i, i2, l, o, min_l = 11, strict = 0, end = 6, btz = 5, md;
+    struct tm tmp;
+
+    /*
+     * ASN1_STRING_FLAG_X509_TIME is used to enforce RFC 5280
+     * time string format, in which:
+     *
+     * 1. "seconds" is a 'MUST'
+     * 2. "Zulu" timezone is a 'MUST'
+     * 3. "+|-" is not allowed to indicate a time zone
+     */
+    if (d->type == V_ASN1_UTCTIME) {
+        if (d->flags & ASN1_STRING_FLAG_X509_TIME) {
+            min_l = 13;
+            strict = 1;
+        }
+    } else if (d->type == V_ASN1_GENERALIZEDTIME) {
+        end = 7;
+        btz = 6;
+        if (d->flags & ASN1_STRING_FLAG_X509_TIME) {
+            min_l = 15;
+            strict = 1;
+        } else {
+            min_l = 13;
+        }
+    } else {
+        return 0;
+    }
+
+    l = d->length;
+    a = (char *)d->data;
+    o = 0;
+    memset(&tmp, 0, sizeof(tmp));
+
+    /*
+     * GENERALIZEDTIME is similar to UTCTIME except the year is represented
+     * as YYYY. This stuff treats everything as a two digit field so make
+     * first two fields 00 to 99
+     */
+
+    if (l < min_l)
+        goto err;
+    for (i = 0; i < end; i++) {
+        if (!strict && (i == btz) && ((a[o] == 'Z') || (a[o] == '+') || (a[o] == '-'))) {
+            i++;
+            break;
+        }
+        if (!ossl_isdigit(a[o]))
+            goto err;
+        n = a[o] - '0';
+        /* incomplete 2-digital number */
+        if (++o == l)
+            goto err;
+
+        if (!ossl_isdigit(a[o]))
+            goto err;
+        n = (n * 10) + a[o] - '0';
+        /* no more bytes to read, but we haven't seen time-zone yet */
+        if (++o == l)
+            goto err;
+
+        i2 = (d->type == V_ASN1_UTCTIME) ? i + 1 : i;
+
+        if ((n < min[i2]) || (n > max[i2]))
+            goto err;
+        switch (i2) {
+        case 0:
+            /* UTC will never be here */
+            tmp.tm_year = n * 100 - 1900;
+            break;
+        case 1:
+            if (d->type == V_ASN1_UTCTIME)
+                tmp.tm_year = n < 50 ? n + 100 : n;
+            else
+                tmp.tm_year += n;
+            break;
+        case 2:
+            tmp.tm_mon = n - 1;
+            break;
+        case 3:
+            /* check if tm_mday is valid in tm_mon */
+            if (tmp.tm_mon == 1) {
+                /* it's February */
+                md = mdays[1] + leap_year(tmp.tm_year + 1900);
+            } else {
+                md = mdays[tmp.tm_mon];
+            }
+            if (n > md)
+                goto err;
+            tmp.tm_mday = n;
+            determine_days(&tmp);
+            break;
+        case 4:
+            tmp.tm_hour = n;
+            break;
+        case 5:
+            tmp.tm_min = n;
+            break;
+        case 6:
+            tmp.tm_sec = n;
+            break;
+        }
+    }
+
+    /*
+     * Optional fractional seconds: decimal point followed by one or more
+     * digits.
+     */
+    if (d->type == V_ASN1_GENERALIZEDTIME && a[o] == '.') {
+        if (strict)
+            /* RFC 5280 forbids fractional seconds */
+            goto err;
+        if (++o == l)
+            goto err;
+        i = o;
+        while ((o < l) && ossl_isdigit(a[o]))
+            o++;
+        /* Must have at least one digit after decimal point */
+        if (i == o)
+            goto err;
+        /* no more bytes to read, but we haven't seen time-zone yet */
+        if (o == l)
+            goto err;
+    }
+
+    /*
+     * 'o' will never point to '\0' at this point, the only chance
+     * 'o' can point to '\0' is either the subsequent if or the first
+     * else if is true.
+     */
+    if (a[o] == 'Z') {
+        o++;
+    } else if (!strict && ((a[o] == '+') || (a[o] == '-'))) {
+        int offsign = a[o] == '-' ? 1 : -1;
+        int offset = 0;
+
+        o++;
+        /*
+         * if not equal, no need to do subsequent checks
+         * since the following for-loop will add 'o' by 4
+         * and the final return statement will check if 'l'
+         * and 'o' are equal.
+         */
+        if (o + 4 != l)
+            goto err;
+        for (i = end; i < end + 2; i++) {
+            if (!ossl_isdigit(a[o]))
+                goto err;
+            n = a[o] - '0';
+            o++;
+            if (!ossl_isdigit(a[o]))
+                goto err;
+            n = (n * 10) + a[o] - '0';
+            i2 = (d->type == V_ASN1_UTCTIME) ? i + 1 : i;
+            if ((n < min[i2]) || (n > max[i2]))
+                goto err;
+            /* if tm is NULL, no need to adjust */
+            if (tm != NULL) {
+                if (i == end)
+                    offset = n * 3600;
+                else if (i == end + 1)
+                    offset += n * 60;
+            }
+            o++;
+        }
+        if (offset && !OPENSSL_gmtime_adj(&tmp, 0, offset * offsign))
+            goto err;
+    } else {
+        /* not Z, or not +/- in non-strict mode */
+        goto err;
+    }
+    if (o == l) {
+        /* success, check if tm should be filled */
+        if (tm != NULL)
+            *tm = tmp;
+        return 1;
+    }
+ err:
+    return 0;
+}
+
+ASN1_TIME *asn1_time_from_tm(ASN1_TIME *s, struct tm *ts, int type)
+{
+    char* p;
+    ASN1_TIME *tmps = NULL;
+    const size_t len = 20;
+
+    if (type == V_ASN1_UNDEF) {
+        if (is_utc(ts->tm_year))
+            type = V_ASN1_UTCTIME;
+        else
+            type = V_ASN1_GENERALIZEDTIME;
+    } else if (type == V_ASN1_UTCTIME) {
+        if (!is_utc(ts->tm_year))
+            goto err;
+    } else if (type != V_ASN1_GENERALIZEDTIME) {
+        goto err;
+    }
+
+    if (s == NULL)
+        tmps = ASN1_STRING_new();
+    else
+        tmps = s;
+    if (tmps == NULL)
+        return NULL;
+
+    if (!ASN1_STRING_set(tmps, NULL, len))
+        goto err;
+
+    tmps->type = type;
+    p = (char*)tmps->data;
+
+    if (type == V_ASN1_GENERALIZEDTIME)
+        tmps->length = BIO_snprintf(p, len, "%04d%02d%02d%02d%02d%02dZ",
+                                    ts->tm_year + 1900, ts->tm_mon + 1,
+                                    ts->tm_mday, ts->tm_hour, ts->tm_min,
+                                    ts->tm_sec);
+    else
+        tmps->length = BIO_snprintf(p, len, "%02d%02d%02d%02d%02d%02dZ",
+                                    ts->tm_year % 100, ts->tm_mon + 1,
+                                    ts->tm_mday, ts->tm_hour, ts->tm_min,
+                                    ts->tm_sec);
+
+#ifdef CHARSET_EBCDIC_not
+    ebcdic2ascii(tmps->data, tmps->data, tmps->length);
+#endif
+    return tmps;
+ err:
+    if (tmps != s)
+        ASN1_STRING_free(tmps);
+    return NULL;
+}
+
+ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
+{
+    return ASN1_TIME_adj(s, t, 0, 0);
+}
+
+ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t,
+                         int offset_day, long offset_sec)
+{
+    struct tm *ts;
+    struct tm data;
+
+    ts = OPENSSL_gmtime(&t, &data);
+    if (ts == NULL) {
+        ASN1err(ASN1_F_ASN1_TIME_ADJ, ASN1_R_ERROR_GETTING_TIME);
+        return NULL;
+    }
+    if (offset_day || offset_sec) {
+        if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
+            return NULL;
+    }
+    return asn1_time_from_tm(s, ts, V_ASN1_UNDEF);
+}
+
+int ASN1_TIME_check(const ASN1_TIME *t)
+{
+    if (t->type == V_ASN1_GENERALIZEDTIME)
+        return ASN1_GENERALIZEDTIME_check(t);
+    else if (t->type == V_ASN1_UTCTIME)
+        return ASN1_UTCTIME_check(t);
+    return 0;
+}
+
+/* Convert an ASN1_TIME structure to GeneralizedTime */
+ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t,
+                                                   ASN1_GENERALIZEDTIME **out)
+{
+    ASN1_GENERALIZEDTIME *ret = NULL;
+    struct tm tm;
+
+    if (!ASN1_TIME_to_tm(t, &tm))
+        return NULL;
+
+    if (out != NULL)
+        ret = *out;
+
+    ret = asn1_time_from_tm(ret, &tm, V_ASN1_GENERALIZEDTIME);
+
+    if (out != NULL && ret != NULL)
+        *out = ret;
+
+    return ret;
+}
+
+int ASN1_TIME_set_string(ASN1_TIME *s, const char *str)
+{
+    /* Try UTC, if that fails, try GENERALIZED */
+    if (ASN1_UTCTIME_set_string(s, str))
+        return 1;
+    return ASN1_GENERALIZEDTIME_set_string(s, str);
+}
+
+int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str)
+{
+    ASN1_TIME t;
+    struct tm tm;
+    int rv = 0;
+
+    t.length = strlen(str);
+    t.data = (unsigned char *)str;
+    t.flags = ASN1_STRING_FLAG_X509_TIME;
+
+    t.type = V_ASN1_UTCTIME;
+
+    if (!ASN1_TIME_check(&t)) {
+        t.type = V_ASN1_GENERALIZEDTIME;
+        if (!ASN1_TIME_check(&t))
+            goto out;
+    }
+
+    /*
+     * Per RFC 5280 (section 4.1.2.5.), the valid input time
+     * strings should be encoded with the following rules:
+     *
+     * 1. UTC: YYMMDDHHMMSSZ, if YY < 50 (20YY) --> UTC: YYMMDDHHMMSSZ
+     * 2. UTC: YYMMDDHHMMSSZ, if YY >= 50 (19YY) --> UTC: YYMMDDHHMMSSZ
+     * 3. G'd: YYYYMMDDHHMMSSZ, if YYYY >= 2050 --> G'd: YYYYMMDDHHMMSSZ
+     * 4. G'd: YYYYMMDDHHMMSSZ, if YYYY < 2050 --> UTC: YYMMDDHHMMSSZ
+     *
+     * Only strings of the 4th rule should be reformatted, but since a
+     * UTC can only present [1950, 2050), so if the given time string
+     * is less than 1950 (e.g. 19230419000000Z), we do nothing...
+     */
+
+    if (s != NULL && t.type == V_ASN1_GENERALIZEDTIME) {
+        if (!asn1_time_to_tm(&tm, &t))
+            goto out;
+        if (is_utc(tm.tm_year)) {
+            t.length -= 2;
+            /*
+             * it's OK to let original t.data go since that's assigned
+             * to a piece of memory allocated outside of this function.
+             * new t.data would be freed after ASN1_STRING_copy is done.
+             */
+            t.data = OPENSSL_zalloc(t.length + 1);
+            if (t.data == NULL)
+                goto out;
+            memcpy(t.data, str + 2, t.length);
+            t.type = V_ASN1_UTCTIME;
+        }
+    }
+
+    if (s == NULL || ASN1_STRING_copy((ASN1_STRING *)s, (ASN1_STRING *)&t))
+        rv = 1;
+
+    if (t.data != (unsigned char *)str)
+        OPENSSL_free(t.data);
+out:
+    return rv;
+}
+
+int ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm)
+{
+    if (s == NULL) {
+        time_t now_t;
+
+        time(&now_t);
+        memset(tm, 0, sizeof(*tm));
+        if (OPENSSL_gmtime(&now_t, tm) != NULL)
+            return 1;
+        return 0;
+    }
+
+    return asn1_time_to_tm(tm, s);
+}
+
+int ASN1_TIME_diff(int *pday, int *psec,
+                   const ASN1_TIME *from, const ASN1_TIME *to)
+{
+    struct tm tm_from, tm_to;
+
+    if (!ASN1_TIME_to_tm(from, &tm_from))
+        return 0;
+    if (!ASN1_TIME_to_tm(to, &tm_to))
+        return 0;
+    return OPENSSL_gmtime_diff(pday, psec, &tm_from, &tm_to);
+}
+
+static const char _asn1_mon[12][4] = {
+    "Jan", "Feb", "Mar", "Apr", "May", "Jun",
+    "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
+};
+
+int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm)
+{
+    char *v;
+    int gmt = 0, l;
+    struct tm stm;
+
+    if (!asn1_time_to_tm(&stm, tm)) {
+        /* asn1_time_to_tm will check the time type */
+        goto err;
+    }
+
+    l = tm->length;
+    v = (char *)tm->data;
+    if (v[l - 1] == 'Z')
+        gmt = 1;
+
+    if (tm->type == V_ASN1_GENERALIZEDTIME) {
+        char *f = NULL;
+        int f_len = 0;
+
+        /*
+         * Try to parse fractional seconds. '14' is the place of
+         * 'fraction point' in a GeneralizedTime string.
+         */
+        if (tm->length > 15 && v[14] == '.') {
+            f = &v[14];
+            f_len = 1;
+            while (14 + f_len < l && ossl_isdigit(f[f_len]))
+                ++f_len;
+        }
+
+        return BIO_printf(bp, "%s %2d %02d:%02d:%02d%.*s %d%s",
+                          _asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour,
+                          stm.tm_min, stm.tm_sec, f_len, f, stm.tm_year + 1900,
+                          (gmt ? " GMT" : "")) > 0;
+    } else {
+        return BIO_printf(bp, "%s %2d %02d:%02d:%02d %d%s",
+                          _asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour,
+                          stm.tm_min, stm.tm_sec, stm.tm_year + 1900,
+                          (gmt ? " GMT" : "")) > 0;
+    }
+ err:
+    BIO_write(bp, "Bad time value", 14);
+    return 0;
+}
+
+int ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t)
+{
+    struct tm stm, ttm;
+    int day, sec;
+
+    if (!ASN1_TIME_to_tm(s, &stm))
+        return -2;
+
+    if (!OPENSSL_gmtime(&t, &ttm))
+        return -2;
+
+    if (!OPENSSL_gmtime_diff(&day, &sec, &ttm, &stm))
+        return -2;
+
+    if (day > 0 || sec > 0)
+        return 1;
+    if (day < 0 || sec < 0)
+        return -1;
+    return 0;
+}
+
+int ASN1_TIME_normalize(ASN1_TIME *t)
+{
+    struct tm tm;
+
+    if (!ASN1_TIME_to_tm(t, &tm))
+        return 0;
+
+    return asn1_time_from_tm(t, &tm, V_ASN1_UNDEF) != NULL;
+}
+
+int ASN1_TIME_compare(const ASN1_TIME *a, const ASN1_TIME *b)
+{
+    int day, sec;
+
+    if (!ASN1_TIME_diff(&day, &sec, b, a))
+        return -2;
+    if (day > 0 || sec > 0)
+        return 1;
+    if (day < 0 || sec < 0)
+        return -1;
+    return 0;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_type.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_type.c
new file mode 100644
index 000000000..0c7aebe30
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_type.c
@@ -0,0 +1,134 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+#include "asn1_locl.h"
+
+int ASN1_TYPE_get(const ASN1_TYPE *a)
+{
+    if ((a->value.ptr != NULL) || (a->type == V_ASN1_NULL))
+        return a->type;
+    else
+        return 0;
+}
+
+void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value)
+{
+    if (a->value.ptr != NULL) {
+        ASN1_TYPE **tmp_a = &a;
+        asn1_primitive_free((ASN1_VALUE **)tmp_a, NULL, 0);
+    }
+    a->type = type;
+    if (type == V_ASN1_BOOLEAN)
+        a->value.boolean = value ? 0xff : 0;
+    else
+        a->value.ptr = value;
+}
+
+int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value)
+{
+    if (!value || (type == V_ASN1_BOOLEAN)) {
+        void *p = (void *)value;
+        ASN1_TYPE_set(a, type, p);
+    } else if (type == V_ASN1_OBJECT) {
+        ASN1_OBJECT *odup;
+        odup = OBJ_dup(value);
+        if (!odup)
+            return 0;
+        ASN1_TYPE_set(a, type, odup);
+    } else {
+        ASN1_STRING *sdup;
+        sdup = ASN1_STRING_dup(value);
+        if (!sdup)
+            return 0;
+        ASN1_TYPE_set(a, type, sdup);
+    }
+    return 1;
+}
+
+/* Returns 0 if they are equal, != 0 otherwise. */
+int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b)
+{
+    int result = -1;
+
+    if (!a || !b || a->type != b->type)
+        return -1;
+
+    switch (a->type) {
+    case V_ASN1_OBJECT:
+        result = OBJ_cmp(a->value.object, b->value.object);
+        break;
+    case V_ASN1_BOOLEAN:
+        result = a->value.boolean - b->value.boolean;
+        break;
+    case V_ASN1_NULL:
+        result = 0;             /* They do not have content. */
+        break;
+    case V_ASN1_INTEGER:
+    case V_ASN1_ENUMERATED:
+    case V_ASN1_BIT_STRING:
+    case V_ASN1_OCTET_STRING:
+    case V_ASN1_SEQUENCE:
+    case V_ASN1_SET:
+    case V_ASN1_NUMERICSTRING:
+    case V_ASN1_PRINTABLESTRING:
+    case V_ASN1_T61STRING:
+    case V_ASN1_VIDEOTEXSTRING:
+    case V_ASN1_IA5STRING:
+    case V_ASN1_UTCTIME:
+    case V_ASN1_GENERALIZEDTIME:
+    case V_ASN1_GRAPHICSTRING:
+    case V_ASN1_VISIBLESTRING:
+    case V_ASN1_GENERALSTRING:
+    case V_ASN1_UNIVERSALSTRING:
+    case V_ASN1_BMPSTRING:
+    case V_ASN1_UTF8STRING:
+    case V_ASN1_OTHER:
+    default:
+        result = ASN1_STRING_cmp((ASN1_STRING *)a->value.ptr,
+                                 (ASN1_STRING *)b->value.ptr);
+        break;
+    }
+
+    return result;
+}
+
+ASN1_TYPE *ASN1_TYPE_pack_sequence(const ASN1_ITEM *it, void *s, ASN1_TYPE **t)
+{
+    ASN1_OCTET_STRING *oct;
+    ASN1_TYPE *rt;
+
+    oct = ASN1_item_pack(s, it, NULL);
+    if (oct == NULL)
+        return NULL;
+
+    if (t && *t) {
+        rt = *t;
+    } else {
+        rt = ASN1_TYPE_new();
+        if (rt == NULL) {
+            ASN1_OCTET_STRING_free(oct);
+            return NULL;
+        }
+        if (t)
+            *t = rt;
+    }
+    ASN1_TYPE_set(rt, V_ASN1_SEQUENCE, oct);
+    return rt;
+}
+
+void *ASN1_TYPE_unpack_sequence(const ASN1_ITEM *it, const ASN1_TYPE *t)
+{
+    if (t == NULL || t->type != V_ASN1_SEQUENCE || t->value.sequence == NULL)
+        return NULL;
+    return ASN1_item_unpack(t->value.sequence, it);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_utctm.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_utctm.c
new file mode 100644
index 000000000..b224991aa
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_utctm.c
@@ -0,0 +1,98 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include "asn1_locl.h"
+
+/* This is the primary function used to parse ASN1_UTCTIME */
+int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d)
+{
+    /* wrapper around ans1_time_to_tm */
+    if (d->type != V_ASN1_UTCTIME)
+        return 0;
+    return asn1_time_to_tm(tm, d);
+}
+
+int ASN1_UTCTIME_check(const ASN1_UTCTIME *d)
+{
+    return asn1_utctime_to_tm(NULL, d);
+}
+
+/* Sets the string via simple copy without cleaning it up */
+int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str)
+{
+    ASN1_UTCTIME t;
+
+    t.type = V_ASN1_UTCTIME;
+    t.length = strlen(str);
+    t.data = (unsigned char *)str;
+    t.flags = 0;
+
+    if (!ASN1_UTCTIME_check(&t))
+        return 0;
+
+    if (s != NULL && !ASN1_STRING_copy(s, &t))
+        return 0;
+
+    return 1;
+}
+
+ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
+{
+    return ASN1_UTCTIME_adj(s, t, 0, 0);
+}
+
+ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
+                               int offset_day, long offset_sec)
+{
+    struct tm *ts;
+    struct tm data;
+
+    ts = OPENSSL_gmtime(&t, &data);
+    if (ts == NULL)
+        return NULL;
+
+    if (offset_day || offset_sec) {
+        if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
+            return NULL;
+    }
+
+    return asn1_time_from_tm(s, ts, V_ASN1_UTCTIME);
+}
+
+int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
+{
+    struct tm stm, ttm;
+    int day, sec;
+
+    if (!asn1_utctime_to_tm(&stm, s))
+        return -2;
+
+    if (OPENSSL_gmtime(&t, &ttm) == NULL)
+        return -2;
+
+    if (!OPENSSL_gmtime_diff(&day, &sec, &ttm, &stm))
+        return -2;
+
+    if (day > 0 || sec > 0)
+        return 1;
+    if (day < 0 || sec < 0)
+        return -1;
+    return 0;
+}
+
+int ASN1_UTCTIME_print(BIO *bp, const ASN1_UTCTIME *tm)
+{
+    if (tm->type != V_ASN1_UTCTIME)
+        return 0;
+    return ASN1_TIME_print(bp, tm);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_utf8.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_utf8.c
new file mode 100644
index 000000000..e2dc09f6a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_utf8.c
@@ -0,0 +1,188 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+
+/* UTF8 utilities */
+
+/*-
+ * This parses a UTF8 string one character at a time. It is passed a pointer
+ * to the string and the length of the string. It sets 'value' to the value of
+ * the current character. It returns the number of characters read or a
+ * negative error code:
+ * -1 = string too short
+ * -2 = illegal character
+ * -3 = subsequent characters not of the form 10xxxxxx
+ * -4 = character encoded incorrectly (not minimal length).
+ */
+
+int UTF8_getc(const unsigned char *str, int len, unsigned long *val)
+{
+    const unsigned char *p;
+    unsigned long value;
+    int ret;
+    if (len <= 0)
+        return 0;
+    p = str;
+
+    /* Check syntax and work out the encoded value (if correct) */
+    if ((*p & 0x80) == 0) {
+        value = *p++ & 0x7f;
+        ret = 1;
+    } else if ((*p & 0xe0) == 0xc0) {
+        if (len < 2)
+            return -1;
+        if ((p[1] & 0xc0) != 0x80)
+            return -3;
+        value = (*p++ & 0x1f) << 6;
+        value |= *p++ & 0x3f;
+        if (value < 0x80)
+            return -4;
+        ret = 2;
+    } else if ((*p & 0xf0) == 0xe0) {
+        if (len < 3)
+            return -1;
+        if (((p[1] & 0xc0) != 0x80)
+            || ((p[2] & 0xc0) != 0x80))
+            return -3;
+        value = (*p++ & 0xf) << 12;
+        value |= (*p++ & 0x3f) << 6;
+        value |= *p++ & 0x3f;
+        if (value < 0x800)
+            return -4;
+        ret = 3;
+    } else if ((*p & 0xf8) == 0xf0) {
+        if (len < 4)
+            return -1;
+        if (((p[1] & 0xc0) != 0x80)
+            || ((p[2] & 0xc0) != 0x80)
+            || ((p[3] & 0xc0) != 0x80))
+            return -3;
+        value = ((unsigned long)(*p++ & 0x7)) << 18;
+        value |= (*p++ & 0x3f) << 12;
+        value |= (*p++ & 0x3f) << 6;
+        value |= *p++ & 0x3f;
+        if (value < 0x10000)
+            return -4;
+        ret = 4;
+    } else if ((*p & 0xfc) == 0xf8) {
+        if (len < 5)
+            return -1;
+        if (((p[1] & 0xc0) != 0x80)
+            || ((p[2] & 0xc0) != 0x80)
+            || ((p[3] & 0xc0) != 0x80)
+            || ((p[4] & 0xc0) != 0x80))
+            return -3;
+        value = ((unsigned long)(*p++ & 0x3)) << 24;
+        value |= ((unsigned long)(*p++ & 0x3f)) << 18;
+        value |= ((unsigned long)(*p++ & 0x3f)) << 12;
+        value |= (*p++ & 0x3f) << 6;
+        value |= *p++ & 0x3f;
+        if (value < 0x200000)
+            return -4;
+        ret = 5;
+    } else if ((*p & 0xfe) == 0xfc) {
+        if (len < 6)
+            return -1;
+        if (((p[1] & 0xc0) != 0x80)
+            || ((p[2] & 0xc0) != 0x80)
+            || ((p[3] & 0xc0) != 0x80)
+            || ((p[4] & 0xc0) != 0x80)
+            || ((p[5] & 0xc0) != 0x80))
+            return -3;
+        value = ((unsigned long)(*p++ & 0x1)) << 30;
+        value |= ((unsigned long)(*p++ & 0x3f)) << 24;
+        value |= ((unsigned long)(*p++ & 0x3f)) << 18;
+        value |= ((unsigned long)(*p++ & 0x3f)) << 12;
+        value |= (*p++ & 0x3f) << 6;
+        value |= *p++ & 0x3f;
+        if (value < 0x4000000)
+            return -4;
+        ret = 6;
+    } else
+        return -2;
+    *val = value;
+    return ret;
+}
+
+/*
+ * This takes a character 'value' and writes the UTF8 encoded value in 'str'
+ * where 'str' is a buffer containing 'len' characters. Returns the number of
+ * characters written or -1 if 'len' is too small. 'str' can be set to NULL
+ * in which case it just returns the number of characters. It will need at
+ * most 6 characters.
+ */
+
+int UTF8_putc(unsigned char *str, int len, unsigned long value)
+{
+    if (!str)
+        len = 6;                /* Maximum we will need */
+    else if (len <= 0)
+        return -1;
+    if (value < 0x80) {
+        if (str)
+            *str = (unsigned char)value;
+        return 1;
+    }
+    if (value < 0x800) {
+        if (len < 2)
+            return -1;
+        if (str) {
+            *str++ = (unsigned char)(((value >> 6) & 0x1f) | 0xc0);
+            *str = (unsigned char)((value & 0x3f) | 0x80);
+        }
+        return 2;
+    }
+    if (value < 0x10000) {
+        if (len < 3)
+            return -1;
+        if (str) {
+            *str++ = (unsigned char)(((value >> 12) & 0xf) | 0xe0);
+            *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
+            *str = (unsigned char)((value & 0x3f) | 0x80);
+        }
+        return 3;
+    }
+    if (value < 0x200000) {
+        if (len < 4)
+            return -1;
+        if (str) {
+            *str++ = (unsigned char)(((value >> 18) & 0x7) | 0xf0);
+            *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80);
+            *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
+            *str = (unsigned char)((value & 0x3f) | 0x80);
+        }
+        return 4;
+    }
+    if (value < 0x4000000) {
+        if (len < 5)
+            return -1;
+        if (str) {
+            *str++ = (unsigned char)(((value >> 24) & 0x3) | 0xf8);
+            *str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80);
+            *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80);
+            *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
+            *str = (unsigned char)((value & 0x3f) | 0x80);
+        }
+        return 5;
+    }
+    if (len < 6)
+        return -1;
+    if (str) {
+        *str++ = (unsigned char)(((value >> 30) & 0x1) | 0xfc);
+        *str++ = (unsigned char)(((value >> 24) & 0x3f) | 0x80);
+        *str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80);
+        *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80);
+        *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
+        *str = (unsigned char)((value & 0x3f) | 0x80);
+    }
+    return 6;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_verify.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_verify.c
new file mode 100644
index 000000000..cdaf17c3c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_verify.c
@@ -0,0 +1,178 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include <sys/types.h>
+
+#include "internal/cryptlib.h"
+
+#include <openssl/bn.h>
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
+
+#ifndef NO_ASN1_OLD
+
+int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
+                char *data, EVP_PKEY *pkey)
+{
+    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+    const EVP_MD *type;
+    unsigned char *p, *buf_in = NULL;
+    int ret = -1, i, inl;
+
+    if (ctx == NULL) {
+        ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    i = OBJ_obj2nid(a->algorithm);
+    type = EVP_get_digestbyname(OBJ_nid2sn(i));
+    if (type == NULL) {
+        ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
+        goto err;
+    }
+
+    if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) {
+        ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
+        goto err;
+    }
+
+    inl = i2d(data, NULL);
+    if (inl <= 0) {
+        ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    buf_in = OPENSSL_malloc((unsigned int)inl);
+    if (buf_in == NULL) {
+        ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    p = buf_in;
+
+    i2d(data, &p);
+    ret = EVP_VerifyInit_ex(ctx, type, NULL)
+        && EVP_VerifyUpdate(ctx, (unsigned char *)buf_in, inl);
+
+    OPENSSL_clear_free(buf_in, (unsigned int)inl);
+
+    if (!ret) {
+        ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB);
+        goto err;
+    }
+    ret = -1;
+
+    if (EVP_VerifyFinal(ctx, (unsigned char *)signature->data,
+                        (unsigned int)signature->length, pkey) <= 0) {
+        ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB);
+        ret = 0;
+        goto err;
+    }
+    ret = 1;
+ err:
+    EVP_MD_CTX_free(ctx);
+    return ret;
+}
+
+#endif
+
+int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
+                     ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey)
+{
+    EVP_MD_CTX *ctx = NULL;
+    unsigned char *buf_in = NULL;
+    int ret = -1, inl = 0;
+    int mdnid, pknid;
+    size_t inll = 0;
+
+    if (!pkey) {
+        ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
+        return -1;
+    }
+
+    if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) {
+        ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
+        return -1;
+    }
+
+    ctx = EVP_MD_CTX_new();
+    if (ctx == NULL) {
+        ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* Convert signature OID into digest and public key OIDs */
+    if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid)) {
+        ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
+        goto err;
+    }
+    if (mdnid == NID_undef) {
+        if (!pkey->ameth || !pkey->ameth->item_verify) {
+            ASN1err(ASN1_F_ASN1_ITEM_VERIFY,
+                    ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
+            goto err;
+        }
+        ret = pkey->ameth->item_verify(ctx, it, asn, a, signature, pkey);
+        /*
+         * Return value of 2 means carry on, anything else means we exit
+         * straight away: either a fatal error of the underlying verification
+         * routine handles all verification.
+         */
+        if (ret != 2)
+            goto err;
+        ret = -1;
+    } else {
+        const EVP_MD *type = EVP_get_digestbynid(mdnid);
+
+        if (type == NULL) {
+            ASN1err(ASN1_F_ASN1_ITEM_VERIFY,
+                    ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
+            goto err;
+        }
+
+        /* Check public key OID matches public key type */
+        if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id) {
+            ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_WRONG_PUBLIC_KEY_TYPE);
+            goto err;
+        }
+
+        if (!EVP_DigestVerifyInit(ctx, NULL, type, NULL, pkey)) {
+            ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB);
+            ret = 0;
+            goto err;
+        }
+
+    }
+
+    inl = ASN1_item_i2d(asn, &buf_in, it);
+    if (inl <= 0) {
+        ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    if (buf_in == NULL) {
+        ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    inll = inl;
+
+    ret = EVP_DigestVerify(ctx, signature->data, (size_t)signature->length,
+                           buf_in, inl);
+    if (ret <= 0) {
+        ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB);
+        goto err;
+    }
+    ret = 1;
+ err:
+    OPENSSL_clear_free(buf_in, inll);
+    EVP_MD_CTX_free(ctx);
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/ameth_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/ameth_lib.c
new file mode 100644
index 000000000..d7d270dbb
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/ameth_lib.c
@@ -0,0 +1,451 @@
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"               /* for strncasecmp */
+#include "internal/cryptlib.h"
+#include <stdio.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/engine.h>
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
+
+#include "standard_methods.h"
+
+typedef int sk_cmp_fn_type(const char *const *a, const char *const *b);
+static STACK_OF(EVP_PKEY_ASN1_METHOD) *app_methods = NULL;
+
+DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_ASN1_METHOD *,
+                           const EVP_PKEY_ASN1_METHOD *, ameth);
+
+static int ameth_cmp(const EVP_PKEY_ASN1_METHOD *const *a,
+                     const EVP_PKEY_ASN1_METHOD *const *b)
+{
+    return ((*a)->pkey_id - (*b)->pkey_id);
+}
+
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_ASN1_METHOD *,
+                             const EVP_PKEY_ASN1_METHOD *, ameth);
+
+int EVP_PKEY_asn1_get_count(void)
+{
+    int num = OSSL_NELEM(standard_methods);
+    if (app_methods)
+        num += sk_EVP_PKEY_ASN1_METHOD_num(app_methods);
+    return num;
+}
+
+const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx)
+{
+    int num = OSSL_NELEM(standard_methods);
+    if (idx < 0)
+        return NULL;
+    if (idx < num)
+        return standard_methods[idx];
+    idx -= num;
+    return sk_EVP_PKEY_ASN1_METHOD_value(app_methods, idx);
+}
+
+static const EVP_PKEY_ASN1_METHOD *pkey_asn1_find(int type)
+{
+    EVP_PKEY_ASN1_METHOD tmp;
+    const EVP_PKEY_ASN1_METHOD *t = &tmp, **ret;
+    tmp.pkey_id = type;
+    if (app_methods) {
+        int idx;
+        idx = sk_EVP_PKEY_ASN1_METHOD_find(app_methods, &tmp);
+        if (idx >= 0)
+            return sk_EVP_PKEY_ASN1_METHOD_value(app_methods, idx);
+    }
+    ret = OBJ_bsearch_ameth(&t, standard_methods, OSSL_NELEM(standard_methods));
+    if (!ret || !*ret)
+        return NULL;
+    return *ret;
+}
+
+/*
+ * Find an implementation of an ASN1 algorithm. If 'pe' is not NULL also
+ * search through engines and set *pe to a functional reference to the engine
+ * implementing 'type' or NULL if no engine implements it.
+ */
+
+const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type)
+{
+    const EVP_PKEY_ASN1_METHOD *t;
+
+    for (;;) {
+        t = pkey_asn1_find(type);
+        if (!t || !(t->pkey_flags & ASN1_PKEY_ALIAS))
+            break;
+        type = t->pkey_base_id;
+    }
+    if (pe) {
+#ifndef OPENSSL_NO_ENGINE
+        ENGINE *e;
+        /* type will contain the final unaliased type */
+        e = ENGINE_get_pkey_asn1_meth_engine(type);
+        if (e) {
+            *pe = e;
+            return ENGINE_get_pkey_asn1_meth(e, type);
+        }
+#endif
+        *pe = NULL;
+    }
+    return t;
+}
+
+const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe,
+                                                   const char *str, int len)
+{
+    int i;
+    const EVP_PKEY_ASN1_METHOD *ameth = NULL;
+
+    if (len == -1)
+        len = strlen(str);
+    if (pe) {
+#ifndef OPENSSL_NO_ENGINE
+        ENGINE *e;
+        ameth = ENGINE_pkey_asn1_find_str(&e, str, len);
+        if (ameth) {
+            /*
+             * Convert structural into functional reference
+             */
+            if (!ENGINE_init(e))
+                ameth = NULL;
+            ENGINE_free(e);
+            *pe = e;
+            return ameth;
+        }
+#endif
+        *pe = NULL;
+    }
+    for (i = EVP_PKEY_asn1_get_count(); i-- > 0; ) {
+        ameth = EVP_PKEY_asn1_get0(i);
+        if (ameth->pkey_flags & ASN1_PKEY_ALIAS)
+            continue;
+        if ((int)strlen(ameth->pem_str) == len
+            && strncasecmp(ameth->pem_str, str, len) == 0)
+            return ameth;
+    }
+    return NULL;
+}
+
+int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth)
+{
+    EVP_PKEY_ASN1_METHOD tmp = { 0, };
+
+    /*
+     * One of the following must be true:
+     *
+     * pem_str == NULL AND ASN1_PKEY_ALIAS is set
+     * pem_str != NULL AND ASN1_PKEY_ALIAS is clear
+     *
+     * Anything else is an error and may lead to a corrupt ASN1 method table
+     */
+    if (!((ameth->pem_str == NULL
+           && (ameth->pkey_flags & ASN1_PKEY_ALIAS) != 0)
+          || (ameth->pem_str != NULL
+              && (ameth->pkey_flags & ASN1_PKEY_ALIAS) == 0))) {
+        EVPerr(EVP_F_EVP_PKEY_ASN1_ADD0, ERR_R_PASSED_INVALID_ARGUMENT);
+        return 0;
+    }
+
+    if (app_methods == NULL) {
+        app_methods = sk_EVP_PKEY_ASN1_METHOD_new(ameth_cmp);
+        if (app_methods == NULL)
+            return 0;
+    }
+
+    tmp.pkey_id = ameth->pkey_id;
+    if (sk_EVP_PKEY_ASN1_METHOD_find(app_methods, &tmp) >= 0) {
+        EVPerr(EVP_F_EVP_PKEY_ASN1_ADD0,
+               EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED);
+        return 0;
+    }
+
+    if (!sk_EVP_PKEY_ASN1_METHOD_push(app_methods, ameth))
+        return 0;
+    sk_EVP_PKEY_ASN1_METHOD_sort(app_methods);
+    return 1;
+}
+
+int EVP_PKEY_asn1_add_alias(int to, int from)
+{
+    EVP_PKEY_ASN1_METHOD *ameth;
+    ameth = EVP_PKEY_asn1_new(from, ASN1_PKEY_ALIAS, NULL, NULL);
+    if (ameth == NULL)
+        return 0;
+    ameth->pkey_base_id = to;
+    if (!EVP_PKEY_asn1_add0(ameth)) {
+        EVP_PKEY_asn1_free(ameth);
+        return 0;
+    }
+    return 1;
+}
+
+int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *ppkey_base_id,
+                            int *ppkey_flags, const char **pinfo,
+                            const char **ppem_str,
+                            const EVP_PKEY_ASN1_METHOD *ameth)
+{
+    if (!ameth)
+        return 0;
+    if (ppkey_id)
+        *ppkey_id = ameth->pkey_id;
+    if (ppkey_base_id)
+        *ppkey_base_id = ameth->pkey_base_id;
+    if (ppkey_flags)
+        *ppkey_flags = ameth->pkey_flags;
+    if (pinfo)
+        *pinfo = ameth->info;
+    if (ppem_str)
+        *ppem_str = ameth->pem_str;
+    return 1;
+}
+
+const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(const EVP_PKEY *pkey)
+{
+    return pkey->ameth;
+}
+
+EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags,
+                                        const char *pem_str, const char *info)
+{
+    EVP_PKEY_ASN1_METHOD *ameth = OPENSSL_zalloc(sizeof(*ameth));
+
+    if (ameth == NULL)
+        return NULL;
+
+    ameth->pkey_id = id;
+    ameth->pkey_base_id = id;
+    ameth->pkey_flags = flags | ASN1_PKEY_DYNAMIC;
+
+    if (info) {
+        ameth->info = OPENSSL_strdup(info);
+        if (!ameth->info)
+            goto err;
+    }
+
+    if (pem_str) {
+        ameth->pem_str = OPENSSL_strdup(pem_str);
+        if (!ameth->pem_str)
+            goto err;
+    }
+
+    return ameth;
+
+ err:
+    EVP_PKEY_asn1_free(ameth);
+    return NULL;
+
+}
+
+void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst,
+                        const EVP_PKEY_ASN1_METHOD *src)
+{
+
+    dst->pub_decode = src->pub_decode;
+    dst->pub_encode = src->pub_encode;
+    dst->pub_cmp = src->pub_cmp;
+    dst->pub_print = src->pub_print;
+
+    dst->priv_decode = src->priv_decode;
+    dst->priv_encode = src->priv_encode;
+    dst->priv_print = src->priv_print;
+
+    dst->old_priv_encode = src->old_priv_encode;
+    dst->old_priv_decode = src->old_priv_decode;
+
+    dst->pkey_size = src->pkey_size;
+    dst->pkey_bits = src->pkey_bits;
+
+    dst->param_decode = src->param_decode;
+    dst->param_encode = src->param_encode;
+    dst->param_missing = src->param_missing;
+    dst->param_copy = src->param_copy;
+    dst->param_cmp = src->param_cmp;
+    dst->param_print = src->param_print;
+
+    dst->pkey_free = src->pkey_free;
+    dst->pkey_ctrl = src->pkey_ctrl;
+
+    dst->item_sign = src->item_sign;
+    dst->item_verify = src->item_verify;
+
+    dst->siginf_set = src->siginf_set;
+
+    dst->pkey_check = src->pkey_check;
+
+}
+
+void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth)
+{
+    if (ameth && (ameth->pkey_flags & ASN1_PKEY_DYNAMIC)) {
+        OPENSSL_free(ameth->pem_str);
+        OPENSSL_free(ameth->info);
+        OPENSSL_free(ameth);
+    }
+}
+
+void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth,
+                              int (*pub_decode) (EVP_PKEY *pk,
+                                                 X509_PUBKEY *pub),
+                              int (*pub_encode) (X509_PUBKEY *pub,
+                                                 const EVP_PKEY *pk),
+                              int (*pub_cmp) (const EVP_PKEY *a,
+                                              const EVP_PKEY *b),
+                              int (*pub_print) (BIO *out,
+                                                const EVP_PKEY *pkey,
+                                                int indent, ASN1_PCTX *pctx),
+                              int (*pkey_size) (const EVP_PKEY *pk),
+                              int (*pkey_bits) (const EVP_PKEY *pk))
+{
+    ameth->pub_decode = pub_decode;
+    ameth->pub_encode = pub_encode;
+    ameth->pub_cmp = pub_cmp;
+    ameth->pub_print = pub_print;
+    ameth->pkey_size = pkey_size;
+    ameth->pkey_bits = pkey_bits;
+}
+
+void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth,
+                               int (*priv_decode) (EVP_PKEY *pk,
+                                                   const PKCS8_PRIV_KEY_INFO
+                                                   *p8inf),
+                               int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8,
+                                                   const EVP_PKEY *pk),
+                               int (*priv_print) (BIO *out,
+                                                  const EVP_PKEY *pkey,
+                                                  int indent,
+                                                  ASN1_PCTX *pctx))
+{
+    ameth->priv_decode = priv_decode;
+    ameth->priv_encode = priv_encode;
+    ameth->priv_print = priv_print;
+}
+
+void EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth,
+                             int (*param_decode) (EVP_PKEY *pkey,
+                                                  const unsigned char **pder,
+                                                  int derlen),
+                             int (*param_encode) (const EVP_PKEY *pkey,
+                                                  unsigned char **pder),
+                             int (*param_missing) (const EVP_PKEY *pk),
+                             int (*param_copy) (EVP_PKEY *to,
+                                                const EVP_PKEY *from),
+                             int (*param_cmp) (const EVP_PKEY *a,
+                                               const EVP_PKEY *b),
+                             int (*param_print) (BIO *out,
+                                                 const EVP_PKEY *pkey,
+                                                 int indent, ASN1_PCTX *pctx))
+{
+    ameth->param_decode = param_decode;
+    ameth->param_encode = param_encode;
+    ameth->param_missing = param_missing;
+    ameth->param_copy = param_copy;
+    ameth->param_cmp = param_cmp;
+    ameth->param_print = param_print;
+}
+
+void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth,
+                            void (*pkey_free) (EVP_PKEY *pkey))
+{
+    ameth->pkey_free = pkey_free;
+}
+
+void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
+                            int (*pkey_ctrl) (EVP_PKEY *pkey, int op,
+                                              long arg1, void *arg2))
+{
+    ameth->pkey_ctrl = pkey_ctrl;
+}
+
+void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth,
+                                     int (*pkey_security_bits) (const EVP_PKEY
+                                                                *pk))
+{
+    ameth->pkey_security_bits = pkey_security_bits;
+}
+
+void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth,
+                            int (*item_verify) (EVP_MD_CTX *ctx,
+                                                const ASN1_ITEM *it,
+                                                void *asn,
+                                                X509_ALGOR *a,
+                                                ASN1_BIT_STRING *sig,
+                                                EVP_PKEY *pkey),
+                            int (*item_sign) (EVP_MD_CTX *ctx,
+                                              const ASN1_ITEM *it,
+                                              void *asn,
+                                              X509_ALGOR *alg1,
+                                              X509_ALGOR *alg2,
+                                              ASN1_BIT_STRING *sig))
+{
+    ameth->item_sign = item_sign;
+    ameth->item_verify = item_verify;
+}
+
+void EVP_PKEY_asn1_set_siginf(EVP_PKEY_ASN1_METHOD *ameth,
+                              int (*siginf_set) (X509_SIG_INFO *siginf,
+                                                 const X509_ALGOR *alg,
+                                                 const ASN1_STRING *sig))
+{
+    ameth->siginf_set = siginf_set;
+}
+
+void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth,
+                             int (*pkey_check) (const EVP_PKEY *pk))
+{
+    ameth->pkey_check = pkey_check;
+}
+
+void EVP_PKEY_asn1_set_public_check(EVP_PKEY_ASN1_METHOD *ameth,
+                                    int (*pkey_pub_check) (const EVP_PKEY *pk))
+{
+    ameth->pkey_public_check = pkey_pub_check;
+}
+
+void EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth,
+                                   int (*pkey_param_check) (const EVP_PKEY *pk))
+{
+    ameth->pkey_param_check = pkey_param_check;
+}
+
+void EVP_PKEY_asn1_set_set_priv_key(EVP_PKEY_ASN1_METHOD *ameth,
+                                    int (*set_priv_key) (EVP_PKEY *pk,
+                                                         const unsigned char
+                                                            *priv,
+                                                         size_t len))
+{
+    ameth->set_priv_key = set_priv_key;
+}
+
+void EVP_PKEY_asn1_set_set_pub_key(EVP_PKEY_ASN1_METHOD *ameth,
+                                   int (*set_pub_key) (EVP_PKEY *pk,
+                                                       const unsigned char *pub,
+                                                       size_t len))
+{
+    ameth->set_pub_key = set_pub_key;
+}
+
+void EVP_PKEY_asn1_set_get_priv_key(EVP_PKEY_ASN1_METHOD *ameth,
+                                    int (*get_priv_key) (const EVP_PKEY *pk,
+                                                         unsigned char *priv,
+                                                         size_t *len))
+{
+    ameth->get_priv_key = get_priv_key;
+}
+
+void EVP_PKEY_asn1_set_get_pub_key(EVP_PKEY_ASN1_METHOD *ameth,
+                                   int (*get_pub_key) (const EVP_PKEY *pk,
+                                                       unsigned char *pub,
+                                                       size_t *len))
+{
+    ameth->get_pub_key = get_pub_key;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn1_err.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn1_err.c
new file mode 100644
index 000000000..613f9ae71
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn1_err.c
@@ -0,0 +1,350 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/asn1err.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA ASN1_str_functs[] = {
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_A2D_ASN1_OBJECT, 0), "a2d_ASN1_OBJECT"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_A2I_ASN1_INTEGER, 0), "a2i_ASN1_INTEGER"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_A2I_ASN1_STRING, 0), "a2i_ASN1_STRING"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_APPEND_EXP, 0), "append_exp"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_BIO_INIT, 0), "asn1_bio_init"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_BIT_STRING_SET_BIT, 0),
+     "ASN1_BIT_STRING_set_bit"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_CB, 0), "asn1_cb"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_CHECK_TLEN, 0), "asn1_check_tlen"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_COLLECT, 0), "asn1_collect"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_D2I_EX_PRIMITIVE, 0),
+     "asn1_d2i_ex_primitive"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_D2I_FP, 0), "ASN1_d2i_fp"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_D2I_READ_BIO, 0), "asn1_d2i_read_bio"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_DIGEST, 0), "ASN1_digest"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_DO_ADB, 0), "asn1_do_adb"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_DO_LOCK, 0), "asn1_do_lock"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_DUP, 0), "ASN1_dup"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ENC_SAVE, 0), "asn1_enc_save"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_EX_C2I, 0), "asn1_ex_c2i"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_FIND_END, 0), "asn1_find_end"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_GENERALIZEDTIME_ADJ, 0),
+     "ASN1_GENERALIZEDTIME_adj"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_GENERATE_V3, 0), "ASN1_generate_v3"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_GET_INT64, 0), "asn1_get_int64"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_GET_OBJECT, 0), "ASN1_get_object"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_GET_UINT64, 0), "asn1_get_uint64"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_I2D_BIO, 0), "ASN1_i2d_bio"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_I2D_FP, 0), "ASN1_i2d_fp"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_D2I_FP, 0), "ASN1_item_d2i_fp"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_DUP, 0), "ASN1_item_dup"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_EMBED_D2I, 0),
+     "asn1_item_embed_d2i"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_EMBED_NEW, 0),
+     "asn1_item_embed_new"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_FLAGS_I2D, 0),
+     "asn1_item_flags_i2d"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_I2D_BIO, 0), "ASN1_item_i2d_bio"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_I2D_FP, 0), "ASN1_item_i2d_fp"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_PACK, 0), "ASN1_item_pack"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_SIGN, 0), "ASN1_item_sign"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_SIGN_CTX, 0),
+     "ASN1_item_sign_ctx"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_UNPACK, 0), "ASN1_item_unpack"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_VERIFY, 0), "ASN1_item_verify"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_MBSTRING_NCOPY, 0),
+     "ASN1_mbstring_ncopy"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_OBJECT_NEW, 0), "ASN1_OBJECT_new"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_OUTPUT_DATA, 0), "asn1_output_data"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_PCTX_NEW, 0), "ASN1_PCTX_new"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_PRIMITIVE_NEW, 0),
+     "asn1_primitive_new"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_SCTX_NEW, 0), "ASN1_SCTX_new"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_SIGN, 0), "ASN1_sign"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_STR2TYPE, 0), "asn1_str2type"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_STRING_GET_INT64, 0),
+     "asn1_string_get_int64"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_STRING_GET_UINT64, 0),
+     "asn1_string_get_uint64"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_STRING_SET, 0), "ASN1_STRING_set"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_STRING_TABLE_ADD, 0),
+     "ASN1_STRING_TABLE_add"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_STRING_TO_BN, 0), "asn1_string_to_bn"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_STRING_TYPE_NEW, 0),
+     "ASN1_STRING_type_new"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TEMPLATE_EX_D2I, 0),
+     "asn1_template_ex_d2i"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TEMPLATE_NEW, 0), "asn1_template_new"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, 0),
+     "asn1_template_noexp_d2i"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TIME_ADJ, 0), "ASN1_TIME_adj"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING, 0),
+     "ASN1_TYPE_get_int_octetstring"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TYPE_GET_OCTETSTRING, 0),
+     "ASN1_TYPE_get_octetstring"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_UTCTIME_ADJ, 0), "ASN1_UTCTIME_adj"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_VERIFY, 0), "ASN1_verify"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_B64_READ_ASN1, 0), "b64_read_asn1"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_B64_WRITE_ASN1, 0), "B64_write_ASN1"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_BIO_NEW_NDEF, 0), "BIO_new_NDEF"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_BITSTR_CB, 0), "bitstr_cb"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_BN_TO_ASN1_STRING, 0), "bn_to_asn1_string"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_C2I_ASN1_BIT_STRING, 0),
+     "c2i_ASN1_BIT_STRING"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_C2I_ASN1_INTEGER, 0), "c2i_ASN1_INTEGER"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_C2I_ASN1_OBJECT, 0), "c2i_ASN1_OBJECT"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_C2I_IBUF, 0), "c2i_ibuf"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_C2I_UINT64_INT, 0), "c2i_uint64_int"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_COLLECT_DATA, 0), "collect_data"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_D2I_ASN1_OBJECT, 0), "d2i_ASN1_OBJECT"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_D2I_ASN1_UINTEGER, 0), "d2i_ASN1_UINTEGER"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_D2I_AUTOPRIVATEKEY, 0),
+     "d2i_AutoPrivateKey"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_D2I_PRIVATEKEY, 0), "d2i_PrivateKey"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_D2I_PUBLICKEY, 0), "d2i_PublicKey"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_DO_BUF, 0), "do_buf"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_DO_CREATE, 0), "do_create"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_DO_DUMP, 0), "do_dump"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_DO_TCREATE, 0), "do_tcreate"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2A_ASN1_OBJECT, 0), "i2a_ASN1_OBJECT"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_ASN1_BIO_STREAM, 0),
+     "i2d_ASN1_bio_stream"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_ASN1_OBJECT, 0), "i2d_ASN1_OBJECT"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_DSA_PUBKEY, 0), "i2d_DSA_PUBKEY"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_EC_PUBKEY, 0), "i2d_EC_PUBKEY"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_PRIVATEKEY, 0), "i2d_PrivateKey"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_PUBLICKEY, 0), "i2d_PublicKey"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_RSA_PUBKEY, 0), "i2d_RSA_PUBKEY"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_LONG_C2I, 0), "long_c2i"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_NDEF_PREFIX, 0), "ndef_prefix"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_NDEF_SUFFIX, 0), "ndef_suffix"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_OID_MODULE_INIT, 0), "oid_module_init"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_PARSE_TAGGING, 0), "parse_tagging"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_PKCS5_PBE2_SET_IV, 0), "PKCS5_pbe2_set_iv"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_PKCS5_PBE2_SET_SCRYPT, 0),
+     "PKCS5_pbe2_set_scrypt"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_PKCS5_PBE_SET, 0), "PKCS5_pbe_set"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_PKCS5_PBE_SET0_ALGOR, 0),
+     "PKCS5_pbe_set0_algor"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_PKCS5_PBKDF2_SET, 0), "PKCS5_pbkdf2_set"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_PKCS5_SCRYPT_SET, 0), "pkcs5_scrypt_set"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_SMIME_READ_ASN1, 0), "SMIME_read_ASN1"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_SMIME_TEXT, 0), "SMIME_text"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_STABLE_GET, 0), "stable_get"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_STBL_MODULE_INIT, 0), "stbl_module_init"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_UINT32_C2I, 0), "uint32_c2i"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_UINT32_NEW, 0), "uint32_new"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_UINT64_C2I, 0), "uint64_c2i"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_UINT64_NEW, 0), "uint64_new"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_X509_CRL_ADD0_REVOKED, 0),
+     "X509_CRL_add0_revoked"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_X509_INFO_NEW, 0), "X509_INFO_new"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_X509_NAME_ENCODE, 0), "x509_name_encode"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_X509_NAME_EX_D2I, 0), "x509_name_ex_d2i"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_X509_NAME_EX_NEW, 0), "x509_name_ex_new"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_X509_PKEY_NEW, 0), "X509_PKEY_new"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA ASN1_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ADDING_OBJECT), "adding object"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ASN1_PARSE_ERROR), "asn1 parse error"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ASN1_SIG_PARSE_ERROR),
+    "asn1 sig parse error"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_AUX_ERROR), "aux error"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BAD_OBJECT_HEADER), "bad object header"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BMPSTRING_IS_WRONG_LENGTH),
+    "bmpstring is wrong length"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BN_LIB), "bn lib"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BOOLEAN_IS_WRONG_LENGTH),
+    "boolean is wrong length"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BUFFER_TOO_SMALL), "buffer too small"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),
+    "cipher has no object identifier"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_CONTEXT_NOT_INITIALISED),
+    "context not initialised"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_DATA_IS_WRONG), "data is wrong"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_DECODE_ERROR), "decode error"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_DEPTH_EXCEEDED), "depth exceeded"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED),
+    "digest and key type not supported"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ENCODE_ERROR), "encode error"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ERROR_GETTING_TIME),
+    "error getting time"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ERROR_LOADING_SECTION),
+    "error loading section"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ERROR_SETTING_CIPHER_PARAMS),
+    "error setting cipher params"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_EXPECTING_AN_INTEGER),
+    "expecting an integer"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_EXPECTING_AN_OBJECT),
+    "expecting an object"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_EXPLICIT_LENGTH_MISMATCH),
+    "explicit length mismatch"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED),
+    "explicit tag not constructed"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_FIELD_MISSING), "field missing"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_FIRST_NUM_TOO_LARGE),
+    "first num too large"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_HEADER_TOO_LONG), "header too long"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_BITSTRING_FORMAT),
+    "illegal bitstring format"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_BOOLEAN), "illegal boolean"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_CHARACTERS),
+    "illegal characters"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_FORMAT), "illegal format"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_HEX), "illegal hex"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_IMPLICIT_TAG),
+    "illegal implicit tag"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_INTEGER), "illegal integer"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_NEGATIVE_VALUE),
+    "illegal negative value"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_NESTED_TAGGING),
+    "illegal nested tagging"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_NULL), "illegal null"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_NULL_VALUE),
+    "illegal null value"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_OBJECT), "illegal object"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_OPTIONAL_ANY),
+    "illegal optional any"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE),
+    "illegal options on item template"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_PADDING), "illegal padding"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_TAGGED_ANY),
+    "illegal tagged any"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_TIME_VALUE),
+    "illegal time value"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_ZERO_CONTENT),
+    "illegal zero content"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INTEGER_NOT_ASCII_FORMAT),
+    "integer not ascii format"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG),
+    "integer too large for long"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_BIT_STRING_BITS_LEFT),
+    "invalid bit string bits left"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_BMPSTRING_LENGTH),
+    "invalid bmpstring length"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_DIGIT), "invalid digit"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_MIME_TYPE), "invalid mime type"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_MODIFIER), "invalid modifier"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_NUMBER), "invalid number"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_OBJECT_ENCODING),
+    "invalid object encoding"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_SCRYPT_PARAMETERS),
+    "invalid scrypt parameters"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_SEPARATOR), "invalid separator"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_STRING_TABLE_VALUE),
+    "invalid string table value"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_UNIVERSALSTRING_LENGTH),
+    "invalid universalstring length"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_UTF8STRING),
+    "invalid utf8string"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_VALUE), "invalid value"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_LIST_ERROR), "list error"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MIME_NO_CONTENT_TYPE),
+    "mime no content type"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MIME_PARSE_ERROR), "mime parse error"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MIME_SIG_PARSE_ERROR),
+    "mime sig parse error"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MISSING_EOC), "missing eoc"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MISSING_SECOND_NUMBER),
+    "missing second number"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MISSING_VALUE), "missing value"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MSTRING_NOT_UNIVERSAL),
+    "mstring not universal"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MSTRING_WRONG_TAG), "mstring wrong tag"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NESTED_ASN1_STRING),
+    "nested asn1 string"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NESTED_TOO_DEEP), "nested too deep"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NON_HEX_CHARACTERS),
+    "non hex characters"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NOT_ASCII_FORMAT), "not ascii format"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NOT_ENOUGH_DATA), "not enough data"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NO_CONTENT_TYPE), "no content type"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NO_MATCHING_CHOICE_TYPE),
+    "no matching choice type"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NO_MULTIPART_BODY_FAILURE),
+    "no multipart body failure"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NO_MULTIPART_BOUNDARY),
+    "no multipart boundary"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NO_SIG_CONTENT_TYPE),
+    "no sig content type"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NULL_IS_WRONG_LENGTH),
+    "null is wrong length"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_OBJECT_NOT_ASCII_FORMAT),
+    "object not ascii format"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ODD_NUMBER_OF_CHARS),
+    "odd number of chars"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SECOND_NUMBER_TOO_LARGE),
+    "second number too large"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SEQUENCE_LENGTH_MISMATCH),
+    "sequence length mismatch"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SEQUENCE_NOT_CONSTRUCTED),
+    "sequence not constructed"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG),
+    "sequence or set needs config"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SHORT_LINE), "short line"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SIG_INVALID_MIME_TYPE),
+    "sig invalid mime type"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_STREAMING_NOT_SUPPORTED),
+    "streaming not supported"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_STRING_TOO_LONG), "string too long"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_STRING_TOO_SHORT), "string too short"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),
+    "the asn1 object identifier is not known for this md"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TIME_NOT_ASCII_FORMAT),
+    "time not ascii format"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TOO_LARGE), "too large"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TOO_LONG), "too long"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TOO_SMALL), "too small"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TYPE_NOT_CONSTRUCTED),
+    "type not constructed"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TYPE_NOT_PRIMITIVE),
+    "type not primitive"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNEXPECTED_EOC), "unexpected eoc"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH),
+    "universalstring is wrong length"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_FORMAT), "unknown format"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),
+    "unknown message digest algorithm"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_OBJECT_TYPE),
+    "unknown object type"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE),
+    "unknown public key type"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM),
+    "unknown signature algorithm"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_TAG), "unknown tag"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE),
+    "unsupported any defined by type"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNSUPPORTED_CIPHER),
+    "unsupported cipher"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE),
+    "unsupported public key type"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNSUPPORTED_TYPE), "unsupported type"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_WRONG_INTEGER_TYPE),
+    "wrong integer type"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_WRONG_PUBLIC_KEY_TYPE),
+    "wrong public key type"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_WRONG_TAG), "wrong tag"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_ASN1_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(ASN1_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(ASN1_str_functs);
+        ERR_load_strings_const(ASN1_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn1_gen.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn1_gen.c
new file mode 100644
index 000000000..493a693aa
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn1_gen.c
@@ -0,0 +1,789 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/x509v3.h>
+
+#define ASN1_GEN_FLAG           0x10000
+#define ASN1_GEN_FLAG_IMP       (ASN1_GEN_FLAG|1)
+#define ASN1_GEN_FLAG_EXP       (ASN1_GEN_FLAG|2)
+#define ASN1_GEN_FLAG_TAG       (ASN1_GEN_FLAG|3)
+#define ASN1_GEN_FLAG_BITWRAP   (ASN1_GEN_FLAG|4)
+#define ASN1_GEN_FLAG_OCTWRAP   (ASN1_GEN_FLAG|5)
+#define ASN1_GEN_FLAG_SEQWRAP   (ASN1_GEN_FLAG|6)
+#define ASN1_GEN_FLAG_SETWRAP   (ASN1_GEN_FLAG|7)
+#define ASN1_GEN_FLAG_FORMAT    (ASN1_GEN_FLAG|8)
+
+#define ASN1_GEN_STR(str,val)   {str, sizeof(str) - 1, val}
+
+#define ASN1_FLAG_EXP_MAX       20
+/* Maximum number of nested sequences */
+#define ASN1_GEN_SEQ_MAX_DEPTH  50
+
+/* Input formats */
+
+/* ASCII: default */
+#define ASN1_GEN_FORMAT_ASCII   1
+/* UTF8 */
+#define ASN1_GEN_FORMAT_UTF8    2
+/* Hex */
+#define ASN1_GEN_FORMAT_HEX     3
+/* List of bits */
+#define ASN1_GEN_FORMAT_BITLIST 4
+
+struct tag_name_st {
+    const char *strnam;
+    int len;
+    int tag;
+};
+
+typedef struct {
+    int exp_tag;
+    int exp_class;
+    int exp_constructed;
+    int exp_pad;
+    long exp_len;
+} tag_exp_type;
+
+typedef struct {
+    int imp_tag;
+    int imp_class;
+    int utype;
+    int format;
+    const char *str;
+    tag_exp_type exp_list[ASN1_FLAG_EXP_MAX];
+    int exp_count;
+} tag_exp_arg;
+
+static ASN1_TYPE *generate_v3(const char *str, X509V3_CTX *cnf, int depth,
+                              int *perr);
+static int bitstr_cb(const char *elem, int len, void *bitstr);
+static int asn1_cb(const char *elem, int len, void *bitstr);
+static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class,
+                      int exp_constructed, int exp_pad, int imp_ok);
+static int parse_tagging(const char *vstart, int vlen, int *ptag,
+                         int *pclass);
+static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf,
+                             int depth, int *perr);
+static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype);
+static int asn1_str2tag(const char *tagstr, int len);
+
+ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf)
+{
+    X509V3_CTX cnf;
+
+    if (!nconf)
+        return ASN1_generate_v3(str, NULL);
+
+    X509V3_set_nconf(&cnf, nconf);
+    return ASN1_generate_v3(str, &cnf);
+}
+
+ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf)
+{
+    int err = 0;
+    ASN1_TYPE *ret = generate_v3(str, cnf, 0, &err);
+    if (err)
+        ASN1err(ASN1_F_ASN1_GENERATE_V3, err);
+    return ret;
+}
+
+static ASN1_TYPE *generate_v3(const char *str, X509V3_CTX *cnf, int depth,
+                              int *perr)
+{
+    ASN1_TYPE *ret;
+    tag_exp_arg asn1_tags;
+    tag_exp_type *etmp;
+
+    int i, len;
+
+    unsigned char *orig_der = NULL, *new_der = NULL;
+    const unsigned char *cpy_start;
+    unsigned char *p;
+    const unsigned char *cp;
+    int cpy_len;
+    long hdr_len = 0;
+    int hdr_constructed = 0, hdr_tag, hdr_class;
+    int r;
+
+    asn1_tags.imp_tag = -1;
+    asn1_tags.imp_class = -1;
+    asn1_tags.format = ASN1_GEN_FORMAT_ASCII;
+    asn1_tags.exp_count = 0;
+    if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0) {
+        *perr = ASN1_R_UNKNOWN_TAG;
+        return NULL;
+    }
+
+    if ((asn1_tags.utype == V_ASN1_SEQUENCE)
+        || (asn1_tags.utype == V_ASN1_SET)) {
+        if (!cnf) {
+            *perr = ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG;
+            return NULL;
+        }
+        if (depth >= ASN1_GEN_SEQ_MAX_DEPTH) {
+            *perr = ASN1_R_ILLEGAL_NESTED_TAGGING;
+            return NULL;
+        }
+        ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf, depth, perr);
+    } else
+        ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype);
+
+    if (!ret)
+        return NULL;
+
+    /* If no tagging return base type */
+    if ((asn1_tags.imp_tag == -1) && (asn1_tags.exp_count == 0))
+        return ret;
+
+    /* Generate the encoding */
+    cpy_len = i2d_ASN1_TYPE(ret, &orig_der);
+    ASN1_TYPE_free(ret);
+    ret = NULL;
+    /* Set point to start copying for modified encoding */
+    cpy_start = orig_der;
+
+    /* Do we need IMPLICIT tagging? */
+    if (asn1_tags.imp_tag != -1) {
+        /* If IMPLICIT we will replace the underlying tag */
+        /* Skip existing tag+len */
+        r = ASN1_get_object(&cpy_start, &hdr_len, &hdr_tag, &hdr_class,
+                            cpy_len);
+        if (r & 0x80)
+            goto err;
+        /* Update copy length */
+        cpy_len -= cpy_start - orig_der;
+        /*
+         * For IMPLICIT tagging the length should match the original length
+         * and constructed flag should be consistent.
+         */
+        if (r & 0x1) {
+            /* Indefinite length constructed */
+            hdr_constructed = 2;
+            hdr_len = 0;
+        } else
+            /* Just retain constructed flag */
+            hdr_constructed = r & V_ASN1_CONSTRUCTED;
+        /*
+         * Work out new length with IMPLICIT tag: ignore constructed because
+         * it will mess up if indefinite length
+         */
+        len = ASN1_object_size(0, hdr_len, asn1_tags.imp_tag);
+    } else
+        len = cpy_len;
+
+    /* Work out length in any EXPLICIT, starting from end */
+
+    for (i = 0, etmp = asn1_tags.exp_list + asn1_tags.exp_count - 1;
+         i < asn1_tags.exp_count; i++, etmp--) {
+        /* Content length: number of content octets + any padding */
+        len += etmp->exp_pad;
+        etmp->exp_len = len;
+        /* Total object length: length including new header */
+        len = ASN1_object_size(0, len, etmp->exp_tag);
+    }
+
+    /* Allocate buffer for new encoding */
+
+    new_der = OPENSSL_malloc(len);
+    if (new_der == NULL)
+        goto err;
+
+    /* Generate tagged encoding */
+
+    p = new_der;
+
+    /* Output explicit tags first */
+
+    for (i = 0, etmp = asn1_tags.exp_list; i < asn1_tags.exp_count;
+         i++, etmp++) {
+        ASN1_put_object(&p, etmp->exp_constructed, etmp->exp_len,
+                        etmp->exp_tag, etmp->exp_class);
+        if (etmp->exp_pad)
+            *p++ = 0;
+    }
+
+    /* If IMPLICIT, output tag */
+
+    if (asn1_tags.imp_tag != -1) {
+        if (asn1_tags.imp_class == V_ASN1_UNIVERSAL
+            && (asn1_tags.imp_tag == V_ASN1_SEQUENCE
+                || asn1_tags.imp_tag == V_ASN1_SET))
+            hdr_constructed = V_ASN1_CONSTRUCTED;
+        ASN1_put_object(&p, hdr_constructed, hdr_len,
+                        asn1_tags.imp_tag, asn1_tags.imp_class);
+    }
+
+    /* Copy across original encoding */
+    memcpy(p, cpy_start, cpy_len);
+
+    cp = new_der;
+
+    /* Obtain new ASN1_TYPE structure */
+    ret = d2i_ASN1_TYPE(NULL, &cp, len);
+
+ err:
+    OPENSSL_free(orig_der);
+    OPENSSL_free(new_der);
+
+    return ret;
+
+}
+
+static int asn1_cb(const char *elem, int len, void *bitstr)
+{
+    tag_exp_arg *arg = bitstr;
+    int i;
+    int utype;
+    int vlen = 0;
+    const char *p, *vstart = NULL;
+
+    int tmp_tag, tmp_class;
+
+    if (elem == NULL)
+        return -1;
+
+    for (i = 0, p = elem; i < len; p++, i++) {
+        /* Look for the ':' in name value pairs */
+        if (*p == ':') {
+            vstart = p + 1;
+            vlen = len - (vstart - elem);
+            len = p - elem;
+            break;
+        }
+    }
+
+    utype = asn1_str2tag(elem, len);
+
+    if (utype == -1) {
+        ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_TAG);
+        ERR_add_error_data(2, "tag=", elem);
+        return -1;
+    }
+
+    /* If this is not a modifier mark end of string and exit */
+    if (!(utype & ASN1_GEN_FLAG)) {
+        arg->utype = utype;
+        arg->str = vstart;
+        /* If no value and not end of string, error */
+        if (!vstart && elem[len]) {
+            ASN1err(ASN1_F_ASN1_CB, ASN1_R_MISSING_VALUE);
+            return -1;
+        }
+        return 0;
+    }
+
+    switch (utype) {
+
+    case ASN1_GEN_FLAG_IMP:
+        /* Check for illegal multiple IMPLICIT tagging */
+        if (arg->imp_tag != -1) {
+            ASN1err(ASN1_F_ASN1_CB, ASN1_R_ILLEGAL_NESTED_TAGGING);
+            return -1;
+        }
+        if (!parse_tagging(vstart, vlen, &arg->imp_tag, &arg->imp_class))
+            return -1;
+        break;
+
+    case ASN1_GEN_FLAG_EXP:
+
+        if (!parse_tagging(vstart, vlen, &tmp_tag, &tmp_class))
+            return -1;
+        if (!append_exp(arg, tmp_tag, tmp_class, 1, 0, 0))
+            return -1;
+        break;
+
+    case ASN1_GEN_FLAG_SEQWRAP:
+        if (!append_exp(arg, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, 1, 0, 1))
+            return -1;
+        break;
+
+    case ASN1_GEN_FLAG_SETWRAP:
+        if (!append_exp(arg, V_ASN1_SET, V_ASN1_UNIVERSAL, 1, 0, 1))
+            return -1;
+        break;
+
+    case ASN1_GEN_FLAG_BITWRAP:
+        if (!append_exp(arg, V_ASN1_BIT_STRING, V_ASN1_UNIVERSAL, 0, 1, 1))
+            return -1;
+        break;
+
+    case ASN1_GEN_FLAG_OCTWRAP:
+        if (!append_exp(arg, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL, 0, 0, 1))
+            return -1;
+        break;
+
+    case ASN1_GEN_FLAG_FORMAT:
+        if (!vstart) {
+            ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_FORMAT);
+            return -1;
+        }
+        if (strncmp(vstart, "ASCII", 5) == 0)
+            arg->format = ASN1_GEN_FORMAT_ASCII;
+        else if (strncmp(vstart, "UTF8", 4) == 0)
+            arg->format = ASN1_GEN_FORMAT_UTF8;
+        else if (strncmp(vstart, "HEX", 3) == 0)
+            arg->format = ASN1_GEN_FORMAT_HEX;
+        else if (strncmp(vstart, "BITLIST", 7) == 0)
+            arg->format = ASN1_GEN_FORMAT_BITLIST;
+        else {
+            ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_FORMAT);
+            return -1;
+        }
+        break;
+
+    }
+
+    return 1;
+
+}
+
+static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass)
+{
+    char erch[2];
+    long tag_num;
+    char *eptr;
+    if (!vstart)
+        return 0;
+    tag_num = strtoul(vstart, &eptr, 10);
+    /* Check we haven't gone past max length: should be impossible */
+    if (eptr && *eptr && (eptr > vstart + vlen))
+        return 0;
+    if (tag_num < 0) {
+        ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_NUMBER);
+        return 0;
+    }
+    *ptag = tag_num;
+    /* If we have non numeric characters, parse them */
+    if (eptr)
+        vlen -= eptr - vstart;
+    else
+        vlen = 0;
+    if (vlen) {
+        switch (*eptr) {
+
+        case 'U':
+            *pclass = V_ASN1_UNIVERSAL;
+            break;
+
+        case 'A':
+            *pclass = V_ASN1_APPLICATION;
+            break;
+
+        case 'P':
+            *pclass = V_ASN1_PRIVATE;
+            break;
+
+        case 'C':
+            *pclass = V_ASN1_CONTEXT_SPECIFIC;
+            break;
+
+        default:
+            erch[0] = *eptr;
+            erch[1] = 0;
+            ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_MODIFIER);
+            ERR_add_error_data(2, "Char=", erch);
+            return 0;
+
+        }
+    } else
+        *pclass = V_ASN1_CONTEXT_SPECIFIC;
+
+    return 1;
+
+}
+
+/* Handle multiple types: SET and SEQUENCE */
+
+static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf,
+                             int depth, int *perr)
+{
+    ASN1_TYPE *ret = NULL;
+    STACK_OF(ASN1_TYPE) *sk = NULL;
+    STACK_OF(CONF_VALUE) *sect = NULL;
+    unsigned char *der = NULL;
+    int derlen;
+    int i;
+    sk = sk_ASN1_TYPE_new_null();
+    if (!sk)
+        goto bad;
+    if (section) {
+        if (!cnf)
+            goto bad;
+        sect = X509V3_get_section(cnf, (char *)section);
+        if (!sect)
+            goto bad;
+        for (i = 0; i < sk_CONF_VALUE_num(sect); i++) {
+            ASN1_TYPE *typ =
+                generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf,
+                            depth + 1, perr);
+            if (!typ)
+                goto bad;
+            if (!sk_ASN1_TYPE_push(sk, typ))
+                goto bad;
+        }
+    }
+
+    /*
+     * Now we has a STACK of the components, convert to the correct form
+     */
+
+    if (utype == V_ASN1_SET)
+        derlen = i2d_ASN1_SET_ANY(sk, &der);
+    else
+        derlen = i2d_ASN1_SEQUENCE_ANY(sk, &der);
+
+    if (derlen < 0)
+        goto bad;
+    if ((ret = ASN1_TYPE_new()) == NULL)
+        goto bad;
+    if ((ret->value.asn1_string = ASN1_STRING_type_new(utype)) == NULL)
+        goto bad;
+
+    ret->type = utype;
+    ret->value.asn1_string->data = der;
+    ret->value.asn1_string->length = derlen;
+
+    der = NULL;
+
+ bad:
+
+    OPENSSL_free(der);
+
+    sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free);
+    X509V3_section_free(cnf, sect);
+
+    return ret;
+}
+
+static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class,
+                      int exp_constructed, int exp_pad, int imp_ok)
+{
+    tag_exp_type *exp_tmp;
+    /* Can only have IMPLICIT if permitted */
+    if ((arg->imp_tag != -1) && !imp_ok) {
+        ASN1err(ASN1_F_APPEND_EXP, ASN1_R_ILLEGAL_IMPLICIT_TAG);
+        return 0;
+    }
+
+    if (arg->exp_count == ASN1_FLAG_EXP_MAX) {
+        ASN1err(ASN1_F_APPEND_EXP, ASN1_R_DEPTH_EXCEEDED);
+        return 0;
+    }
+
+    exp_tmp = &arg->exp_list[arg->exp_count++];
+
+    /*
+     * If IMPLICIT set tag to implicit value then reset implicit tag since it
+     * has been used.
+     */
+    if (arg->imp_tag != -1) {
+        exp_tmp->exp_tag = arg->imp_tag;
+        exp_tmp->exp_class = arg->imp_class;
+        arg->imp_tag = -1;
+        arg->imp_class = -1;
+    } else {
+        exp_tmp->exp_tag = exp_tag;
+        exp_tmp->exp_class = exp_class;
+    }
+    exp_tmp->exp_constructed = exp_constructed;
+    exp_tmp->exp_pad = exp_pad;
+
+    return 1;
+}
+
+static int asn1_str2tag(const char *tagstr, int len)
+{
+    unsigned int i;
+    static const struct tag_name_st *tntmp, tnst[] = {
+        ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN),
+        ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN),
+        ASN1_GEN_STR("NULL", V_ASN1_NULL),
+        ASN1_GEN_STR("INT", V_ASN1_INTEGER),
+        ASN1_GEN_STR("INTEGER", V_ASN1_INTEGER),
+        ASN1_GEN_STR("ENUM", V_ASN1_ENUMERATED),
+        ASN1_GEN_STR("ENUMERATED", V_ASN1_ENUMERATED),
+        ASN1_GEN_STR("OID", V_ASN1_OBJECT),
+        ASN1_GEN_STR("OBJECT", V_ASN1_OBJECT),
+        ASN1_GEN_STR("UTCTIME", V_ASN1_UTCTIME),
+        ASN1_GEN_STR("UTC", V_ASN1_UTCTIME),
+        ASN1_GEN_STR("GENERALIZEDTIME", V_ASN1_GENERALIZEDTIME),
+        ASN1_GEN_STR("GENTIME", V_ASN1_GENERALIZEDTIME),
+        ASN1_GEN_STR("OCT", V_ASN1_OCTET_STRING),
+        ASN1_GEN_STR("OCTETSTRING", V_ASN1_OCTET_STRING),
+        ASN1_GEN_STR("BITSTR", V_ASN1_BIT_STRING),
+        ASN1_GEN_STR("BITSTRING", V_ASN1_BIT_STRING),
+        ASN1_GEN_STR("UNIVERSALSTRING", V_ASN1_UNIVERSALSTRING),
+        ASN1_GEN_STR("UNIV", V_ASN1_UNIVERSALSTRING),
+        ASN1_GEN_STR("IA5", V_ASN1_IA5STRING),
+        ASN1_GEN_STR("IA5STRING", V_ASN1_IA5STRING),
+        ASN1_GEN_STR("UTF8", V_ASN1_UTF8STRING),
+        ASN1_GEN_STR("UTF8String", V_ASN1_UTF8STRING),
+        ASN1_GEN_STR("BMP", V_ASN1_BMPSTRING),
+        ASN1_GEN_STR("BMPSTRING", V_ASN1_BMPSTRING),
+        ASN1_GEN_STR("VISIBLESTRING", V_ASN1_VISIBLESTRING),
+        ASN1_GEN_STR("VISIBLE", V_ASN1_VISIBLESTRING),
+        ASN1_GEN_STR("PRINTABLESTRING", V_ASN1_PRINTABLESTRING),
+        ASN1_GEN_STR("PRINTABLE", V_ASN1_PRINTABLESTRING),
+        ASN1_GEN_STR("T61", V_ASN1_T61STRING),
+        ASN1_GEN_STR("T61STRING", V_ASN1_T61STRING),
+        ASN1_GEN_STR("TELETEXSTRING", V_ASN1_T61STRING),
+        ASN1_GEN_STR("GeneralString", V_ASN1_GENERALSTRING),
+        ASN1_GEN_STR("GENSTR", V_ASN1_GENERALSTRING),
+        ASN1_GEN_STR("NUMERIC", V_ASN1_NUMERICSTRING),
+        ASN1_GEN_STR("NUMERICSTRING", V_ASN1_NUMERICSTRING),
+
+        /* Special cases */
+        ASN1_GEN_STR("SEQUENCE", V_ASN1_SEQUENCE),
+        ASN1_GEN_STR("SEQ", V_ASN1_SEQUENCE),
+        ASN1_GEN_STR("SET", V_ASN1_SET),
+        /* type modifiers */
+        /* Explicit tag */
+        ASN1_GEN_STR("EXP", ASN1_GEN_FLAG_EXP),
+        ASN1_GEN_STR("EXPLICIT", ASN1_GEN_FLAG_EXP),
+        /* Implicit tag */
+        ASN1_GEN_STR("IMP", ASN1_GEN_FLAG_IMP),
+        ASN1_GEN_STR("IMPLICIT", ASN1_GEN_FLAG_IMP),
+        /* OCTET STRING wrapper */
+        ASN1_GEN_STR("OCTWRAP", ASN1_GEN_FLAG_OCTWRAP),
+        /* SEQUENCE wrapper */
+        ASN1_GEN_STR("SEQWRAP", ASN1_GEN_FLAG_SEQWRAP),
+        /* SET wrapper */
+        ASN1_GEN_STR("SETWRAP", ASN1_GEN_FLAG_SETWRAP),
+        /* BIT STRING wrapper */
+        ASN1_GEN_STR("BITWRAP", ASN1_GEN_FLAG_BITWRAP),
+        ASN1_GEN_STR("FORM", ASN1_GEN_FLAG_FORMAT),
+        ASN1_GEN_STR("FORMAT", ASN1_GEN_FLAG_FORMAT),
+    };
+
+    if (len == -1)
+        len = strlen(tagstr);
+
+    tntmp = tnst;
+    for (i = 0; i < OSSL_NELEM(tnst); i++, tntmp++) {
+        if ((len == tntmp->len) && (strncmp(tntmp->strnam, tagstr, len) == 0))
+            return tntmp->tag;
+    }
+
+    return -1;
+}
+
+static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)
+{
+    ASN1_TYPE *atmp = NULL;
+    CONF_VALUE vtmp;
+    unsigned char *rdata;
+    long rdlen;
+    int no_unused = 1;
+
+    if ((atmp = ASN1_TYPE_new()) == NULL) {
+        ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if (!str)
+        str = "";
+
+    switch (utype) {
+
+    case V_ASN1_NULL:
+        if (str && *str) {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_NULL_VALUE);
+            goto bad_form;
+        }
+        break;
+
+    case V_ASN1_BOOLEAN:
+        if (format != ASN1_GEN_FORMAT_ASCII) {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_NOT_ASCII_FORMAT);
+            goto bad_form;
+        }
+        vtmp.name = NULL;
+        vtmp.section = NULL;
+        vtmp.value = (char *)str;
+        if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean)) {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BOOLEAN);
+            goto bad_str;
+        }
+        break;
+
+    case V_ASN1_INTEGER:
+    case V_ASN1_ENUMERATED:
+        if (format != ASN1_GEN_FORMAT_ASCII) {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_INTEGER_NOT_ASCII_FORMAT);
+            goto bad_form;
+        }
+        if ((atmp->value.integer
+                    = s2i_ASN1_INTEGER(NULL, str)) == NULL) {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_INTEGER);
+            goto bad_str;
+        }
+        break;
+
+    case V_ASN1_OBJECT:
+        if (format != ASN1_GEN_FORMAT_ASCII) {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_OBJECT_NOT_ASCII_FORMAT);
+            goto bad_form;
+        }
+        if ((atmp->value.object = OBJ_txt2obj(str, 0)) == NULL) {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_OBJECT);
+            goto bad_str;
+        }
+        break;
+
+    case V_ASN1_UTCTIME:
+    case V_ASN1_GENERALIZEDTIME:
+        if (format != ASN1_GEN_FORMAT_ASCII) {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_TIME_NOT_ASCII_FORMAT);
+            goto bad_form;
+        }
+        if ((atmp->value.asn1_string = ASN1_STRING_new()) == NULL) {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
+            goto bad_str;
+        }
+        if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1)) {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
+            goto bad_str;
+        }
+        atmp->value.asn1_string->type = utype;
+        if (!ASN1_TIME_check(atmp->value.asn1_string)) {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_TIME_VALUE);
+            goto bad_str;
+        }
+
+        break;
+
+    case V_ASN1_BMPSTRING:
+    case V_ASN1_PRINTABLESTRING:
+    case V_ASN1_IA5STRING:
+    case V_ASN1_T61STRING:
+    case V_ASN1_UTF8STRING:
+    case V_ASN1_VISIBLESTRING:
+    case V_ASN1_UNIVERSALSTRING:
+    case V_ASN1_GENERALSTRING:
+    case V_ASN1_NUMERICSTRING:
+        if (format == ASN1_GEN_FORMAT_ASCII)
+            format = MBSTRING_ASC;
+        else if (format == ASN1_GEN_FORMAT_UTF8)
+            format = MBSTRING_UTF8;
+        else {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_FORMAT);
+            goto bad_form;
+        }
+
+        if (ASN1_mbstring_copy(&atmp->value.asn1_string, (unsigned char *)str,
+                               -1, format, ASN1_tag2bit(utype)) <= 0) {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
+            goto bad_str;
+        }
+
+        break;
+
+    case V_ASN1_BIT_STRING:
+    case V_ASN1_OCTET_STRING:
+        if ((atmp->value.asn1_string = ASN1_STRING_new()) == NULL) {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
+            goto bad_form;
+        }
+
+        if (format == ASN1_GEN_FORMAT_HEX) {
+            if ((rdata = OPENSSL_hexstr2buf(str, &rdlen)) == NULL) {
+                ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_HEX);
+                goto bad_str;
+            }
+            atmp->value.asn1_string->data = rdata;
+            atmp->value.asn1_string->length = rdlen;
+            atmp->value.asn1_string->type = utype;
+        } else if (format == ASN1_GEN_FORMAT_ASCII)
+            ASN1_STRING_set(atmp->value.asn1_string, str, -1);
+        else if ((format == ASN1_GEN_FORMAT_BITLIST)
+                 && (utype == V_ASN1_BIT_STRING)) {
+            if (!CONF_parse_list
+                (str, ',', 1, bitstr_cb, atmp->value.bit_string)) {
+                ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_LIST_ERROR);
+                goto bad_str;
+            }
+            no_unused = 0;
+
+        } else {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BITSTRING_FORMAT);
+            goto bad_form;
+        }
+
+        if ((utype == V_ASN1_BIT_STRING) && no_unused) {
+            atmp->value.asn1_string->flags
+                &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
+            atmp->value.asn1_string->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+        }
+
+        break;
+
+    default:
+        ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_UNSUPPORTED_TYPE);
+        goto bad_str;
+    }
+
+    atmp->type = utype;
+    return atmp;
+
+ bad_str:
+    ERR_add_error_data(2, "string=", str);
+ bad_form:
+
+    ASN1_TYPE_free(atmp);
+    return NULL;
+
+}
+
+static int bitstr_cb(const char *elem, int len, void *bitstr)
+{
+    long bitnum;
+    char *eptr;
+    if (!elem)
+        return 0;
+    bitnum = strtoul(elem, &eptr, 10);
+    if (eptr && *eptr && (eptr != elem + len))
+        return 0;
+    if (bitnum < 0) {
+        ASN1err(ASN1_F_BITSTR_CB, ASN1_R_INVALID_NUMBER);
+        return 0;
+    }
+    if (!ASN1_BIT_STRING_set_bit(bitstr, bitnum, 1)) {
+        ASN1err(ASN1_F_BITSTR_CB, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    return 1;
+}
+
+static int mask_cb(const char *elem, int len, void *arg)
+{
+    unsigned long *pmask = arg, tmpmask;
+    int tag;
+    if (elem == NULL)
+        return 0;
+    if ((len == 3) && (strncmp(elem, "DIR", 3) == 0)) {
+        *pmask |= B_ASN1_DIRECTORYSTRING;
+        return 1;
+    }
+    tag = asn1_str2tag(elem, len);
+    if (!tag || (tag & ASN1_GEN_FLAG))
+        return 0;
+    tmpmask = ASN1_tag2bit(tag);
+    if (!tmpmask)
+        return 0;
+    *pmask |= tmpmask;
+    return 1;
+}
+
+int ASN1_str2mask(const char *str, unsigned long *pmask)
+{
+    *pmask = 0;
+    return CONF_parse_list(str, '|', 1, mask_cb, pmask);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn1_item_list.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn1_item_list.c
new file mode 100644
index 000000000..9798192f4
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn1_item_list.c
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/cms.h>
+#include <openssl/dh.h>
+#include <openssl/ocsp.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pkcs12.h>
+#include <openssl/rsa.h>
+#include <openssl/x509v3.h>
+
+#include "asn1_item_list.h"
+
+const ASN1_ITEM *ASN1_ITEM_lookup(const char *name)
+{
+    size_t i;
+
+    for (i = 0; i < OSSL_NELEM(asn1_item_list); i++) {
+        const ASN1_ITEM *it = ASN1_ITEM_ptr(asn1_item_list[i]);
+
+        if (strcmp(it->sname, name) == 0)
+            return it;
+    }
+    return NULL;
+}
+
+const ASN1_ITEM *ASN1_ITEM_get(size_t i)
+{
+    if (i >= OSSL_NELEM(asn1_item_list))
+        return NULL;
+    return ASN1_ITEM_ptr(asn1_item_list[i]);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn1_item_list.h b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn1_item_list.h
new file mode 100644
index 000000000..db8107ed1
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn1_item_list.h
@@ -0,0 +1,178 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+static ASN1_ITEM_EXP *asn1_item_list[] = {
+
+    ASN1_ITEM_ref(ACCESS_DESCRIPTION),
+#ifndef OPENSSL_NO_RFC3779
+    ASN1_ITEM_ref(ASIdOrRange),
+    ASN1_ITEM_ref(ASIdentifierChoice),
+    ASN1_ITEM_ref(ASIdentifiers),
+#endif
+    ASN1_ITEM_ref(ASN1_ANY),
+    ASN1_ITEM_ref(ASN1_BIT_STRING),
+    ASN1_ITEM_ref(ASN1_BMPSTRING),
+    ASN1_ITEM_ref(ASN1_BOOLEAN),
+    ASN1_ITEM_ref(ASN1_ENUMERATED),
+    ASN1_ITEM_ref(ASN1_FBOOLEAN),
+    ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
+    ASN1_ITEM_ref(ASN1_GENERALSTRING),
+    ASN1_ITEM_ref(ASN1_IA5STRING),
+    ASN1_ITEM_ref(ASN1_INTEGER),
+    ASN1_ITEM_ref(ASN1_NULL),
+    ASN1_ITEM_ref(ASN1_OBJECT),
+    ASN1_ITEM_ref(ASN1_OCTET_STRING_NDEF),
+    ASN1_ITEM_ref(ASN1_OCTET_STRING),
+    ASN1_ITEM_ref(ASN1_PRINTABLESTRING),
+    ASN1_ITEM_ref(ASN1_PRINTABLE),
+    ASN1_ITEM_ref(ASN1_SEQUENCE_ANY),
+    ASN1_ITEM_ref(ASN1_SEQUENCE),
+    ASN1_ITEM_ref(ASN1_SET_ANY),
+    ASN1_ITEM_ref(ASN1_T61STRING),
+    ASN1_ITEM_ref(ASN1_TBOOLEAN),
+    ASN1_ITEM_ref(ASN1_TIME),
+    ASN1_ITEM_ref(ASN1_UNIVERSALSTRING),
+    ASN1_ITEM_ref(ASN1_UTCTIME),
+    ASN1_ITEM_ref(ASN1_UTF8STRING),
+    ASN1_ITEM_ref(ASN1_VISIBLESTRING),
+#ifndef OPENSSL_NO_RFC3779
+    ASN1_ITEM_ref(ASRange),
+#endif
+    ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
+    ASN1_ITEM_ref(AUTHORITY_KEYID),
+    ASN1_ITEM_ref(BASIC_CONSTRAINTS),
+    ASN1_ITEM_ref(BIGNUM),
+    ASN1_ITEM_ref(CBIGNUM),
+    ASN1_ITEM_ref(CERTIFICATEPOLICIES),
+#ifndef OPENSSL_NO_CMS
+    ASN1_ITEM_ref(CMS_ContentInfo),
+    ASN1_ITEM_ref(CMS_ReceiptRequest),
+#endif
+    ASN1_ITEM_ref(CRL_DIST_POINTS),
+#ifndef OPENSSL_NO_DH
+    ASN1_ITEM_ref(DHparams),
+#endif
+    ASN1_ITEM_ref(DIRECTORYSTRING),
+    ASN1_ITEM_ref(DISPLAYTEXT),
+    ASN1_ITEM_ref(DIST_POINT_NAME),
+    ASN1_ITEM_ref(DIST_POINT),
+#ifndef OPENSSL_NO_EC
+    ASN1_ITEM_ref(ECPARAMETERS),
+    ASN1_ITEM_ref(ECPKPARAMETERS),
+#endif
+    ASN1_ITEM_ref(EDIPARTYNAME),
+    ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
+    ASN1_ITEM_ref(GENERAL_NAMES),
+    ASN1_ITEM_ref(GENERAL_NAME),
+    ASN1_ITEM_ref(GENERAL_SUBTREE),
+#ifndef OPENSSL_NO_RFC3779
+    ASN1_ITEM_ref(IPAddressChoice),
+    ASN1_ITEM_ref(IPAddressFamily),
+    ASN1_ITEM_ref(IPAddressOrRange),
+    ASN1_ITEM_ref(IPAddressRange),
+#endif
+    ASN1_ITEM_ref(ISSUING_DIST_POINT),
+#if OPENSSL_API_COMPAT < 0x10200000L
+    ASN1_ITEM_ref(LONG),
+#endif
+    ASN1_ITEM_ref(NAME_CONSTRAINTS),
+    ASN1_ITEM_ref(NETSCAPE_CERT_SEQUENCE),
+    ASN1_ITEM_ref(NETSCAPE_SPKAC),
+    ASN1_ITEM_ref(NETSCAPE_SPKI),
+    ASN1_ITEM_ref(NOTICEREF),
+#ifndef OPENSSL_NO_OCSP
+    ASN1_ITEM_ref(OCSP_BASICRESP),
+    ASN1_ITEM_ref(OCSP_CERTID),
+    ASN1_ITEM_ref(OCSP_CERTSTATUS),
+    ASN1_ITEM_ref(OCSP_CRLID),
+    ASN1_ITEM_ref(OCSP_ONEREQ),
+    ASN1_ITEM_ref(OCSP_REQINFO),
+    ASN1_ITEM_ref(OCSP_REQUEST),
+    ASN1_ITEM_ref(OCSP_RESPBYTES),
+    ASN1_ITEM_ref(OCSP_RESPDATA),
+    ASN1_ITEM_ref(OCSP_RESPID),
+    ASN1_ITEM_ref(OCSP_RESPONSE),
+    ASN1_ITEM_ref(OCSP_REVOKEDINFO),
+    ASN1_ITEM_ref(OCSP_SERVICELOC),
+    ASN1_ITEM_ref(OCSP_SIGNATURE),
+    ASN1_ITEM_ref(OCSP_SINGLERESP),
+#endif
+    ASN1_ITEM_ref(OTHERNAME),
+    ASN1_ITEM_ref(PBE2PARAM),
+    ASN1_ITEM_ref(PBEPARAM),
+    ASN1_ITEM_ref(PBKDF2PARAM),
+    ASN1_ITEM_ref(PKCS12_AUTHSAFES),
+    ASN1_ITEM_ref(PKCS12_BAGS),
+    ASN1_ITEM_ref(PKCS12_MAC_DATA),
+    ASN1_ITEM_ref(PKCS12_SAFEBAGS),
+    ASN1_ITEM_ref(PKCS12_SAFEBAG),
+    ASN1_ITEM_ref(PKCS12),
+    ASN1_ITEM_ref(PKCS7_ATTR_SIGN),
+    ASN1_ITEM_ref(PKCS7_ATTR_VERIFY),
+    ASN1_ITEM_ref(PKCS7_DIGEST),
+    ASN1_ITEM_ref(PKCS7_ENCRYPT),
+    ASN1_ITEM_ref(PKCS7_ENC_CONTENT),
+    ASN1_ITEM_ref(PKCS7_ENVELOPE),
+    ASN1_ITEM_ref(PKCS7_ISSUER_AND_SERIAL),
+    ASN1_ITEM_ref(PKCS7_RECIP_INFO),
+    ASN1_ITEM_ref(PKCS7_SIGNED),
+    ASN1_ITEM_ref(PKCS7_SIGNER_INFO),
+    ASN1_ITEM_ref(PKCS7_SIGN_ENVELOPE),
+    ASN1_ITEM_ref(PKCS7),
+    ASN1_ITEM_ref(PKCS8_PRIV_KEY_INFO),
+    ASN1_ITEM_ref(PKEY_USAGE_PERIOD),
+    ASN1_ITEM_ref(POLICYINFO),
+    ASN1_ITEM_ref(POLICYQUALINFO),
+    ASN1_ITEM_ref(POLICY_CONSTRAINTS),
+    ASN1_ITEM_ref(POLICY_MAPPINGS),
+    ASN1_ITEM_ref(POLICY_MAPPING),
+    ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION),
+    ASN1_ITEM_ref(PROXY_POLICY),
+#ifndef OPENSSL_NO_RSA
+    ASN1_ITEM_ref(RSAPrivateKey),
+    ASN1_ITEM_ref(RSAPublicKey),
+    ASN1_ITEM_ref(RSA_OAEP_PARAMS),
+    ASN1_ITEM_ref(RSA_PSS_PARAMS),
+#endif
+#ifndef OPENSSL_NO_SCRYPT
+    ASN1_ITEM_ref(SCRYPT_PARAMS),
+#endif
+    ASN1_ITEM_ref(SXNETID),
+    ASN1_ITEM_ref(SXNET),
+    ASN1_ITEM_ref(USERNOTICE),
+    ASN1_ITEM_ref(X509_ALGORS),
+    ASN1_ITEM_ref(X509_ALGOR),
+    ASN1_ITEM_ref(X509_ATTRIBUTE),
+    ASN1_ITEM_ref(X509_CERT_AUX),
+    ASN1_ITEM_ref(X509_CINF),
+    ASN1_ITEM_ref(X509_CRL_INFO),
+    ASN1_ITEM_ref(X509_CRL),
+    ASN1_ITEM_ref(X509_EXTENSIONS),
+    ASN1_ITEM_ref(X509_EXTENSION),
+    ASN1_ITEM_ref(X509_NAME_ENTRY),
+    ASN1_ITEM_ref(X509_NAME),
+    ASN1_ITEM_ref(X509_PUBKEY),
+    ASN1_ITEM_ref(X509_REQ_INFO),
+    ASN1_ITEM_ref(X509_REQ),
+    ASN1_ITEM_ref(X509_REVOKED),
+    ASN1_ITEM_ref(X509_SIG),
+    ASN1_ITEM_ref(X509_VAL),
+    ASN1_ITEM_ref(X509),
+#if OPENSSL_API_COMPAT < 0x10200000L
+    ASN1_ITEM_ref(ZLONG),
+#endif
+    ASN1_ITEM_ref(INT32),
+    ASN1_ITEM_ref(UINT32),
+    ASN1_ITEM_ref(ZINT32),
+    ASN1_ITEM_ref(ZUINT32),
+    ASN1_ITEM_ref(INT64),
+    ASN1_ITEM_ref(UINT64),
+    ASN1_ITEM_ref(ZINT64),
+    ASN1_ITEM_ref(ZUINT64),
+};
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn1_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn1_lib.c
new file mode 100644
index 000000000..88c4b5391
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn1_lib.c
@@ -0,0 +1,391 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <limits.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include "asn1_locl.h"
+
+static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
+                           long max);
+static void asn1_put_length(unsigned char **pp, int length);
+
+static int _asn1_check_infinite_end(const unsigned char **p, long len)
+{
+    /*
+     * If there is 0 or 1 byte left, the length check should pick things up
+     */
+    if (len <= 0)
+        return 1;
+    else if ((len >= 2) && ((*p)[0] == 0) && ((*p)[1] == 0)) {
+        (*p) += 2;
+        return 1;
+    }
+    return 0;
+}
+
+int ASN1_check_infinite_end(unsigned char **p, long len)
+{
+    return _asn1_check_infinite_end((const unsigned char **)p, len);
+}
+
+int ASN1_const_check_infinite_end(const unsigned char **p, long len)
+{
+    return _asn1_check_infinite_end(p, len);
+}
+
+int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
+                    int *pclass, long omax)
+{
+    int i, ret;
+    long l;
+    const unsigned char *p = *pp;
+    int tag, xclass, inf;
+    long max = omax;
+
+    if (!max)
+        goto err;
+    ret = (*p & V_ASN1_CONSTRUCTED);
+    xclass = (*p & V_ASN1_PRIVATE);
+    i = *p & V_ASN1_PRIMITIVE_TAG;
+    if (i == V_ASN1_PRIMITIVE_TAG) { /* high-tag */
+        p++;
+        if (--max == 0)
+            goto err;
+        l = 0;
+        while (*p & 0x80) {
+            l <<= 7L;
+            l |= *(p++) & 0x7f;
+            if (--max == 0)
+                goto err;
+            if (l > (INT_MAX >> 7L))
+                goto err;
+        }
+        l <<= 7L;
+        l |= *(p++) & 0x7f;
+        tag = (int)l;
+        if (--max == 0)
+            goto err;
+    } else {
+        tag = i;
+        p++;
+        if (--max == 0)
+            goto err;
+    }
+    *ptag = tag;
+    *pclass = xclass;
+    if (!asn1_get_length(&p, &inf, plength, max))
+        goto err;
+
+    if (inf && !(ret & V_ASN1_CONSTRUCTED))
+        goto err;
+
+    if (*plength > (omax - (p - *pp))) {
+        ASN1err(ASN1_F_ASN1_GET_OBJECT, ASN1_R_TOO_LONG);
+        /*
+         * Set this so that even if things are not long enough the values are
+         * set correctly
+         */
+        ret |= 0x80;
+    }
+    *pp = p;
+    return ret | inf;
+ err:
+    ASN1err(ASN1_F_ASN1_GET_OBJECT, ASN1_R_HEADER_TOO_LONG);
+    return 0x80;
+}
+
+/*
+ * Decode a length field.
+ * The short form is a single byte defining a length 0 - 127.
+ * The long form is a byte 0 - 127 with the top bit set and this indicates
+ * the number of following octets that contain the length.  These octets
+ * are stored most significant digit first.
+ */
+static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
+                           long max)
+{
+    const unsigned char *p = *pp;
+    unsigned long ret = 0;
+    int i;
+
+    if (max-- < 1)
+        return 0;
+    if (*p == 0x80) {
+        *inf = 1;
+        p++;
+    } else {
+        *inf = 0;
+        i = *p & 0x7f;
+        if (*p++ & 0x80) {
+            if (max < i + 1)
+                return 0;
+            /* Skip leading zeroes */
+            while (i > 0 && *p == 0) {
+                p++;
+                i--;
+            }
+            if (i > (int)sizeof(long))
+                return 0;
+            while (i > 0) {
+                ret <<= 8;
+                ret |= *p++;
+                i--;
+            }
+            if (ret > LONG_MAX)
+                return 0;
+        } else
+            ret = i;
+    }
+    *pp = p;
+    *rl = (long)ret;
+    return 1;
+}
+
+/*
+ * class 0 is constructed constructed == 2 for indefinite length constructed
+ */
+void ASN1_put_object(unsigned char **pp, int constructed, int length, int tag,
+                     int xclass)
+{
+    unsigned char *p = *pp;
+    int i, ttag;
+
+    i = (constructed) ? V_ASN1_CONSTRUCTED : 0;
+    i |= (xclass & V_ASN1_PRIVATE);
+    if (tag < 31)
+        *(p++) = i | (tag & V_ASN1_PRIMITIVE_TAG);
+    else {
+        *(p++) = i | V_ASN1_PRIMITIVE_TAG;
+        for (i = 0, ttag = tag; ttag > 0; i++)
+            ttag >>= 7;
+        ttag = i;
+        while (i-- > 0) {
+            p[i] = tag & 0x7f;
+            if (i != (ttag - 1))
+                p[i] |= 0x80;
+            tag >>= 7;
+        }
+        p += ttag;
+    }
+    if (constructed == 2)
+        *(p++) = 0x80;
+    else
+        asn1_put_length(&p, length);
+    *pp = p;
+}
+
+int ASN1_put_eoc(unsigned char **pp)
+{
+    unsigned char *p = *pp;
+    *p++ = 0;
+    *p++ = 0;
+    *pp = p;
+    return 2;
+}
+
+static void asn1_put_length(unsigned char **pp, int length)
+{
+    unsigned char *p = *pp;
+    int i, l;
+    if (length <= 127)
+        *(p++) = (unsigned char)length;
+    else {
+        l = length;
+        for (i = 0; l > 0; i++)
+            l >>= 8;
+        *(p++) = i | 0x80;
+        l = i;
+        while (i-- > 0) {
+            p[i] = length & 0xff;
+            length >>= 8;
+        }
+        p += l;
+    }
+    *pp = p;
+}
+
+int ASN1_object_size(int constructed, int length, int tag)
+{
+    int ret = 1;
+    if (length < 0)
+        return -1;
+    if (tag >= 31) {
+        while (tag > 0) {
+            tag >>= 7;
+            ret++;
+        }
+    }
+    if (constructed == 2) {
+        ret += 3;
+    } else {
+        ret++;
+        if (length > 127) {
+            int tmplen = length;
+            while (tmplen > 0) {
+                tmplen >>= 8;
+                ret++;
+            }
+        }
+    }
+    if (ret >= INT_MAX - length)
+        return -1;
+    return ret + length;
+}
+
+int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str)
+{
+    if (str == NULL)
+        return 0;
+    dst->type = str->type;
+    if (!ASN1_STRING_set(dst, str->data, str->length))
+        return 0;
+    /* Copy flags but preserve embed value */
+    dst->flags &= ASN1_STRING_FLAG_EMBED;
+    dst->flags |= str->flags & ~ASN1_STRING_FLAG_EMBED;
+    return 1;
+}
+
+ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *str)
+{
+    ASN1_STRING *ret;
+    if (!str)
+        return NULL;
+    ret = ASN1_STRING_new();
+    if (ret == NULL)
+        return NULL;
+    if (!ASN1_STRING_copy(ret, str)) {
+        ASN1_STRING_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len)
+{
+    unsigned char *c;
+    const char *data = _data;
+
+    if (len < 0) {
+        if (data == NULL)
+            return 0;
+        else
+            len = strlen(data);
+    }
+    if ((str->length <= len) || (str->data == NULL)) {
+        c = str->data;
+        str->data = OPENSSL_realloc(c, len + 1);
+        if (str->data == NULL) {
+            ASN1err(ASN1_F_ASN1_STRING_SET, ERR_R_MALLOC_FAILURE);
+            str->data = c;
+            return 0;
+        }
+    }
+    str->length = len;
+    if (data != NULL) {
+        memcpy(str->data, data, len);
+        /* an allowance for strings :-) */
+        str->data[len] = '\0';
+    }
+    return 1;
+}
+
+void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len)
+{
+    OPENSSL_free(str->data);
+    str->data = data;
+    str->length = len;
+}
+
+ASN1_STRING *ASN1_STRING_new(void)
+{
+    return ASN1_STRING_type_new(V_ASN1_OCTET_STRING);
+}
+
+ASN1_STRING *ASN1_STRING_type_new(int type)
+{
+    ASN1_STRING *ret;
+
+    ret = OPENSSL_zalloc(sizeof(*ret));
+    if (ret == NULL) {
+        ASN1err(ASN1_F_ASN1_STRING_TYPE_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    ret->type = type;
+    return ret;
+}
+
+void asn1_string_embed_free(ASN1_STRING *a, int embed)
+{
+    if (a == NULL)
+        return;
+    if (!(a->flags & ASN1_STRING_FLAG_NDEF))
+        OPENSSL_free(a->data);
+    if (embed == 0)
+        OPENSSL_free(a);
+}
+
+void ASN1_STRING_free(ASN1_STRING *a)
+{
+    if (a == NULL)
+        return;
+    asn1_string_embed_free(a, a->flags & ASN1_STRING_FLAG_EMBED);
+}
+
+void ASN1_STRING_clear_free(ASN1_STRING *a)
+{
+    if (a == NULL)
+        return;
+    if (a->data && !(a->flags & ASN1_STRING_FLAG_NDEF))
+        OPENSSL_cleanse(a->data, a->length);
+    ASN1_STRING_free(a);
+}
+
+int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
+{
+    int i;
+
+    i = (a->length - b->length);
+    if (i == 0) {
+        i = memcmp(a->data, b->data, a->length);
+        if (i == 0)
+            return a->type - b->type;
+        else
+            return i;
+    } else
+        return i;
+}
+
+int ASN1_STRING_length(const ASN1_STRING *x)
+{
+    return x->length;
+}
+
+void ASN1_STRING_length_set(ASN1_STRING *x, int len)
+{
+    x->length = len;
+}
+
+int ASN1_STRING_type(const ASN1_STRING *x)
+{
+    return x->type;
+}
+
+const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x)
+{
+    return x->data;
+}
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+unsigned char *ASN1_STRING_data(ASN1_STRING *x)
+{
+    return x->data;
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn1_locl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn1_locl.h
new file mode 100644
index 000000000..cec141721
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn1_locl.h
@@ -0,0 +1,83 @@
+/*
+ * Copyright 2005-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Internal ASN1 structures and functions: not for application use */
+
+int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d);
+int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d);
+int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d);
+
+/* ASN1 scan context structure */
+
+struct asn1_sctx_st {
+    /* The ASN1_ITEM associated with this field */
+    const ASN1_ITEM *it;
+    /* If ASN1_TEMPLATE associated with this field */
+    const ASN1_TEMPLATE *tt;
+    /* Various flags associated with field and context */
+    unsigned long flags;
+    /* If SEQUENCE OF or SET OF, field index */
+    int skidx;
+    /* ASN1 depth of field */
+    int depth;
+    /* Structure and field name */
+    const char *sname, *fname;
+    /* If a primitive type the type of underlying field */
+    int prim_type;
+    /* The field value itself */
+    ASN1_VALUE **field;
+    /* Callback to pass information to */
+    int (*scan_cb) (ASN1_SCTX *ctx);
+    /* Context specific application data */
+    void *app_data;
+} /* ASN1_SCTX */ ;
+
+typedef struct mime_param_st MIME_PARAM;
+DEFINE_STACK_OF(MIME_PARAM)
+typedef struct mime_header_st MIME_HEADER;
+DEFINE_STACK_OF(MIME_HEADER)
+
+void asn1_string_embed_free(ASN1_STRING *a, int embed);
+
+int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it);
+int asn1_set_choice_selector(ASN1_VALUE **pval, int value,
+                             const ASN1_ITEM *it);
+
+ASN1_VALUE **asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
+
+const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt,
+                                 int nullerr);
+
+int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it);
+
+void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it);
+void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval,
+                     const ASN1_ITEM *it);
+int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen,
+                  const ASN1_ITEM *it);
+
+void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed);
+void asn1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed);
+void asn1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
+
+ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
+                             long length);
+int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp);
+ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
+                                     const unsigned char **pp, long length);
+int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp);
+ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
+                               long length);
+
+/* Internal functions used by x_int64.c */
+int c2i_uint64_int(uint64_t *ret, int *neg, const unsigned char **pp, long len);
+int i2c_uint64_int(unsigned char *p, uint64_t r, int neg);
+
+ASN1_TIME *asn1_time_from_tm(ASN1_TIME *s, struct tm *ts, int type);
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn1_par.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn1_par.c
new file mode 100644
index 000000000..4b60c615d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn1_par.c
@@ -0,0 +1,375 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/asn1.h>
+
+#ifndef ASN1_PARSE_MAXDEPTH
+#define ASN1_PARSE_MAXDEPTH 128
+#endif
+
+static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
+                           int indent);
+static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
+                       int offset, int depth, int indent, int dump);
+static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
+                           int indent)
+{
+    static const char fmt[] = "%-18s";
+    char str[128];
+    const char *p;
+
+    if (constructed & V_ASN1_CONSTRUCTED)
+        p = "cons: ";
+    else
+        p = "prim: ";
+    if (BIO_write(bp, p, 6) < 6)
+        goto err;
+    BIO_indent(bp, indent, 128);
+
+    p = str;
+    if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE)
+        BIO_snprintf(str, sizeof(str), "priv [ %d ] ", tag);
+    else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC)
+        BIO_snprintf(str, sizeof(str), "cont [ %d ]", tag);
+    else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION)
+        BIO_snprintf(str, sizeof(str), "appl [ %d ]", tag);
+    else if (tag > 30)
+        BIO_snprintf(str, sizeof(str), "<ASN1 %d>", tag);
+    else
+        p = ASN1_tag2str(tag);
+
+    if (BIO_printf(bp, fmt, p) <= 0)
+        goto err;
+    return 1;
+ err:
+    return 0;
+}
+
+int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent)
+{
+    return asn1_parse2(bp, &pp, len, 0, 0, indent, 0);
+}
+
+int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent,
+                    int dump)
+{
+    return asn1_parse2(bp, &pp, len, 0, 0, indent, dump);
+}
+
+static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
+                       int offset, int depth, int indent, int dump)
+{
+    const unsigned char *p, *ep, *tot, *op, *opp;
+    long len;
+    int tag, xclass, ret = 0;
+    int nl, hl, j, r;
+    ASN1_OBJECT *o = NULL;
+    ASN1_OCTET_STRING *os = NULL;
+    /* ASN1_BMPSTRING *bmp=NULL; */
+    int dump_indent, dump_cont = 0;
+
+    if (depth > ASN1_PARSE_MAXDEPTH) {
+        BIO_puts(bp, "BAD RECURSION DEPTH\n");
+        return 0;
+    }
+
+    dump_indent = 6;            /* Because we know BIO_dump_indent() */
+    p = *pp;
+    tot = p + length;
+    while (length > 0) {
+        op = p;
+        j = ASN1_get_object(&p, &len, &tag, &xclass, length);
+        if (j & 0x80) {
+            if (BIO_write(bp, "Error in encoding\n", 18) <= 0)
+                goto end;
+            ret = 0;
+            goto end;
+        }
+        hl = (p - op);
+        length -= hl;
+        /*
+         * if j == 0x21 it is a constructed indefinite length object
+         */
+        if (BIO_printf(bp, "%5ld:", (long)offset + (long)(op - *pp))
+            <= 0)
+            goto end;
+
+        if (j != (V_ASN1_CONSTRUCTED | 1)) {
+            if (BIO_printf(bp, "d=%-2d hl=%ld l=%4ld ",
+                           depth, (long)hl, len) <= 0)
+                goto end;
+        } else {
+            if (BIO_printf(bp, "d=%-2d hl=%ld l=inf  ", depth, (long)hl) <= 0)
+                goto end;
+        }
+        if (!asn1_print_info(bp, tag, xclass, j, (indent) ? depth : 0))
+            goto end;
+        if (j & V_ASN1_CONSTRUCTED) {
+            const unsigned char *sp = p;
+
+            ep = p + len;
+            if (BIO_write(bp, "\n", 1) <= 0)
+                goto end;
+            if (len > length) {
+                BIO_printf(bp, "length is greater than %ld\n", length);
+                ret = 0;
+                goto end;
+            }
+            if ((j == 0x21) && (len == 0)) {
+                for (;;) {
+                    r = asn1_parse2(bp, &p, (long)(tot - p),
+                                    offset + (p - *pp), depth + 1,
+                                    indent, dump);
+                    if (r == 0) {
+                        ret = 0;
+                        goto end;
+                    }
+                    if ((r == 2) || (p >= tot)) {
+                        len = p - sp;
+                        break;
+                    }
+                }
+            } else {
+                long tmp = len;
+
+                while (p < ep) {
+                    sp = p;
+                    r = asn1_parse2(bp, &p, tmp,
+                                    offset + (p - *pp), depth + 1,
+                                    indent, dump);
+                    if (r == 0) {
+                        ret = 0;
+                        goto end;
+                    }
+                    tmp -= p - sp;
+                }
+            }
+        } else if (xclass != 0) {
+            p += len;
+            if (BIO_write(bp, "\n", 1) <= 0)
+                goto end;
+        } else {
+            nl = 0;
+            if ((tag == V_ASN1_PRINTABLESTRING) ||
+                (tag == V_ASN1_T61STRING) ||
+                (tag == V_ASN1_IA5STRING) ||
+                (tag == V_ASN1_VISIBLESTRING) ||
+                (tag == V_ASN1_NUMERICSTRING) ||
+                (tag == V_ASN1_UTF8STRING) ||
+                (tag == V_ASN1_UTCTIME) || (tag == V_ASN1_GENERALIZEDTIME)) {
+                if (BIO_write(bp, ":", 1) <= 0)
+                    goto end;
+                if ((len > 0) && BIO_write(bp, (const char *)p, (int)len)
+                    != (int)len)
+                    goto end;
+            } else if (tag == V_ASN1_OBJECT) {
+                opp = op;
+                if (d2i_ASN1_OBJECT(&o, &opp, len + hl) != NULL) {
+                    if (BIO_write(bp, ":", 1) <= 0)
+                        goto end;
+                    i2a_ASN1_OBJECT(bp, o);
+                } else {
+                    if (BIO_puts(bp, ":BAD OBJECT") <= 0)
+                        goto end;
+                    dump_cont = 1;
+                }
+            } else if (tag == V_ASN1_BOOLEAN) {
+                if (len != 1) {
+                    if (BIO_puts(bp, ":BAD BOOLEAN") <= 0)
+                        goto end;
+                    dump_cont = 1;
+                }
+                if (len > 0)
+                    BIO_printf(bp, ":%u", p[0]);
+            } else if (tag == V_ASN1_BMPSTRING) {
+                /* do the BMP thang */
+            } else if (tag == V_ASN1_OCTET_STRING) {
+                int i, printable = 1;
+
+                opp = op;
+                os = d2i_ASN1_OCTET_STRING(NULL, &opp, len + hl);
+                if (os != NULL && os->length > 0) {
+                    opp = os->data;
+                    /*
+                     * testing whether the octet string is printable
+                     */
+                    for (i = 0; i < os->length; i++) {
+                        if (((opp[i] < ' ') &&
+                             (opp[i] != '\n') &&
+                             (opp[i] != '\r') &&
+                             (opp[i] != '\t')) || (opp[i] > '~')) {
+                            printable = 0;
+                            break;
+                        }
+                    }
+                    if (printable)
+                        /* printable string */
+                    {
+                        if (BIO_write(bp, ":", 1) <= 0)
+                            goto end;
+                        if (BIO_write(bp, (const char *)opp, os->length) <= 0)
+                            goto end;
+                    } else if (!dump)
+                        /*
+                         * not printable => print octet string as hex dump
+                         */
+                    {
+                        if (BIO_write(bp, "[HEX DUMP]:", 11) <= 0)
+                            goto end;
+                        for (i = 0; i < os->length; i++) {
+                            if (BIO_printf(bp, "%02X", opp[i]) <= 0)
+                                goto end;
+                        }
+                    } else
+                        /* print the normal dump */
+                    {
+                        if (!nl) {
+                            if (BIO_write(bp, "\n", 1) <= 0)
+                                goto end;
+                        }
+                        if (BIO_dump_indent(bp,
+                                            (const char *)opp,
+                                            ((dump == -1 || dump >
+                                              os->
+                                              length) ? os->length : dump),
+                                            dump_indent) <= 0)
+                            goto end;
+                        nl = 1;
+                    }
+                }
+                ASN1_OCTET_STRING_free(os);
+                os = NULL;
+            } else if (tag == V_ASN1_INTEGER) {
+                ASN1_INTEGER *bs;
+                int i;
+
+                opp = op;
+                bs = d2i_ASN1_INTEGER(NULL, &opp, len + hl);
+                if (bs != NULL) {
+                    if (BIO_write(bp, ":", 1) <= 0)
+                        goto end;
+                    if (bs->type == V_ASN1_NEG_INTEGER)
+                        if (BIO_write(bp, "-", 1) <= 0)
+                            goto end;
+                    for (i = 0; i < bs->length; i++) {
+                        if (BIO_printf(bp, "%02X", bs->data[i]) <= 0)
+                            goto end;
+                    }
+                    if (bs->length == 0) {
+                        if (BIO_write(bp, "00", 2) <= 0)
+                            goto end;
+                    }
+                } else {
+                    if (BIO_puts(bp, ":BAD INTEGER") <= 0)
+                        goto end;
+                    dump_cont = 1;
+                }
+                ASN1_INTEGER_free(bs);
+            } else if (tag == V_ASN1_ENUMERATED) {
+                ASN1_ENUMERATED *bs;
+                int i;
+
+                opp = op;
+                bs = d2i_ASN1_ENUMERATED(NULL, &opp, len + hl);
+                if (bs != NULL) {
+                    if (BIO_write(bp, ":", 1) <= 0)
+                        goto end;
+                    if (bs->type == V_ASN1_NEG_ENUMERATED)
+                        if (BIO_write(bp, "-", 1) <= 0)
+                            goto end;
+                    for (i = 0; i < bs->length; i++) {
+                        if (BIO_printf(bp, "%02X", bs->data[i]) <= 0)
+                            goto end;
+                    }
+                    if (bs->length == 0) {
+                        if (BIO_write(bp, "00", 2) <= 0)
+                            goto end;
+                    }
+                } else {
+                    if (BIO_puts(bp, ":BAD ENUMERATED") <= 0)
+                        goto end;
+                    dump_cont = 1;
+                }
+                ASN1_ENUMERATED_free(bs);
+            } else if (len > 0 && dump) {
+                if (!nl) {
+                    if (BIO_write(bp, "\n", 1) <= 0)
+                        goto end;
+                }
+                if (BIO_dump_indent(bp, (const char *)p,
+                                    ((dump == -1 || dump > len) ? len : dump),
+                                    dump_indent) <= 0)
+                    goto end;
+                nl = 1;
+            }
+            if (dump_cont) {
+                int i;
+                const unsigned char *tmp = op + hl;
+                if (BIO_puts(bp, ":[") <= 0)
+                    goto end;
+                for (i = 0; i < len; i++) {
+                    if (BIO_printf(bp, "%02X", tmp[i]) <= 0)
+                        goto end;
+                }
+                if (BIO_puts(bp, "]") <= 0)
+                    goto end;
+            }
+
+            if (!nl) {
+                if (BIO_write(bp, "\n", 1) <= 0)
+                    goto end;
+            }
+            p += len;
+            if ((tag == V_ASN1_EOC) && (xclass == 0)) {
+                ret = 2;        /* End of sequence */
+                goto end;
+            }
+        }
+        length -= len;
+    }
+    ret = 1;
+ end:
+    ASN1_OBJECT_free(o);
+    ASN1_OCTET_STRING_free(os);
+    *pp = p;
+    return ret;
+}
+
+const char *ASN1_tag2str(int tag)
+{
+    static const char *const tag2str[] = {
+        /* 0-4 */
+        "EOC", "BOOLEAN", "INTEGER", "BIT STRING", "OCTET STRING",
+        /* 5-9 */
+        "NULL", "OBJECT", "OBJECT DESCRIPTOR", "EXTERNAL", "REAL",
+        /* 10-13 */
+        "ENUMERATED", "<ASN1 11>", "UTF8STRING", "<ASN1 13>",
+        /* 15-17 */
+        "<ASN1 14>", "<ASN1 15>", "SEQUENCE", "SET",
+        /* 18-20 */
+        "NUMERICSTRING", "PRINTABLESTRING", "T61STRING",
+        /* 21-24 */
+        "VIDEOTEXSTRING", "IA5STRING", "UTCTIME", "GENERALIZEDTIME",
+        /* 25-27 */
+        "GRAPHICSTRING", "VISIBLESTRING", "GENERALSTRING",
+        /* 28-30 */
+        "UNIVERSALSTRING", "<ASN1 29>", "BMPSTRING"
+    };
+
+    if ((tag == V_ASN1_NEG_INTEGER) || (tag == V_ASN1_NEG_ENUMERATED))
+        tag &= ~0x100;
+
+    if (tag < 0 || tag > 30)
+        return "(unknown)";
+    return tag2str[tag];
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn_mime.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn_mime.c
new file mode 100644
index 000000000..dfd5be634
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn_mime.c
@@ -0,0 +1,963 @@
+/*
+ * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/ctype.h"
+#include "internal/cryptlib.h"
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include "internal/evp_int.h"
+#include "internal/bio.h"
+#include "asn1_locl.h"
+
+/*
+ * Generalised MIME like utilities for streaming ASN1. Although many have a
+ * PKCS7/CMS like flavour others are more general purpose.
+ */
+
+/*
+ * MIME format structures Note that all are translated to lower case apart
+ * from parameter values. Quotes are stripped off
+ */
+
+struct mime_param_st {
+    char *param_name;           /* Param name e.g. "micalg" */
+    char *param_value;          /* Param value e.g. "sha1" */
+};
+
+struct mime_header_st {
+    char *name;                 /* Name of line e.g. "content-type" */
+    char *value;                /* Value of line e.g. "text/plain" */
+    STACK_OF(MIME_PARAM) *params; /* Zero or more parameters */
+};
+
+static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
+                            const ASN1_ITEM *it);
+static char *strip_ends(char *name);
+static char *strip_start(char *name);
+static char *strip_end(char *name);
+static MIME_HEADER *mime_hdr_new(const char *name, const char *value);
+static int mime_hdr_addparam(MIME_HEADER *mhdr, const char *name, const char *value);
+static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio);
+static int mime_hdr_cmp(const MIME_HEADER *const *a,
+                        const MIME_HEADER *const *b);
+static int mime_param_cmp(const MIME_PARAM *const *a,
+                          const MIME_PARAM *const *b);
+static void mime_param_free(MIME_PARAM *param);
+static int mime_bound_check(char *line, int linelen, const char *bound, int blen);
+static int multi_split(BIO *bio, const char *bound, STACK_OF(BIO) **ret);
+static int strip_eol(char *linebuf, int *plen, int flags);
+static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, const char *name);
+static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, const char *name);
+static void mime_hdr_free(MIME_HEADER *hdr);
+
+#define MAX_SMLEN 1024
+#define mime_debug(x)           /* x */
+
+/* Output an ASN1 structure in BER format streaming if necessary */
+
+int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
+                        const ASN1_ITEM *it)
+{
+    /* If streaming create stream BIO and copy all content through it */
+    if (flags & SMIME_STREAM) {
+        BIO *bio, *tbio;
+        bio = BIO_new_NDEF(out, val, it);
+        if (!bio) {
+            ASN1err(ASN1_F_I2D_ASN1_BIO_STREAM, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        SMIME_crlf_copy(in, bio, flags);
+        (void)BIO_flush(bio);
+        /* Free up successive BIOs until we hit the old output BIO */
+        do {
+            tbio = BIO_pop(bio);
+            BIO_free(bio);
+            bio = tbio;
+        } while (bio != out);
+    }
+    /*
+     * else just write out ASN1 structure which will have all content stored
+     * internally
+     */
+    else
+        ASN1_item_i2d_bio(it, out, val);
+    return 1;
+}
+
+/* Base 64 read and write of ASN1 structure */
+
+static int B64_write_ASN1(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
+                          const ASN1_ITEM *it)
+{
+    BIO *b64;
+    int r;
+    b64 = BIO_new(BIO_f_base64());
+    if (b64 == NULL) {
+        ASN1err(ASN1_F_B64_WRITE_ASN1, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    /*
+     * prepend the b64 BIO so all data is base64 encoded.
+     */
+    out = BIO_push(b64, out);
+    r = i2d_ASN1_bio_stream(out, val, in, flags, it);
+    (void)BIO_flush(out);
+    BIO_pop(out);
+    BIO_free(b64);
+    return r;
+}
+
+/* Streaming ASN1 PEM write */
+
+int PEM_write_bio_ASN1_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
+                              const char *hdr, const ASN1_ITEM *it)
+{
+    int r;
+    BIO_printf(out, "-----BEGIN %s-----\n", hdr);
+    r = B64_write_ASN1(out, val, in, flags, it);
+    BIO_printf(out, "-----END %s-----\n", hdr);
+    return r;
+}
+
+static ASN1_VALUE *b64_read_asn1(BIO *bio, const ASN1_ITEM *it)
+{
+    BIO *b64;
+    ASN1_VALUE *val;
+
+    if ((b64 = BIO_new(BIO_f_base64())) == NULL) {
+        ASN1err(ASN1_F_B64_READ_ASN1, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    bio = BIO_push(b64, bio);
+    val = ASN1_item_d2i_bio(it, bio, NULL);
+    if (!val)
+        ASN1err(ASN1_F_B64_READ_ASN1, ASN1_R_DECODE_ERROR);
+    (void)BIO_flush(bio);
+    BIO_pop(bio);
+    BIO_free(b64);
+    return val;
+}
+
+/* Generate the MIME "micalg" parameter from RFC3851, RFC4490 */
+
+static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs)
+{
+    const EVP_MD *md;
+    int i, have_unknown = 0, write_comma, ret = 0, md_nid;
+    have_unknown = 0;
+    write_comma = 0;
+    for (i = 0; i < sk_X509_ALGOR_num(mdalgs); i++) {
+        if (write_comma)
+            BIO_write(out, ",", 1);
+        write_comma = 1;
+        md_nid = OBJ_obj2nid(sk_X509_ALGOR_value(mdalgs, i)->algorithm);
+        md = EVP_get_digestbynid(md_nid);
+        if (md && md->md_ctrl) {
+            int rv;
+            char *micstr;
+            rv = md->md_ctrl(NULL, EVP_MD_CTRL_MICALG, 0, &micstr);
+            if (rv > 0) {
+                BIO_puts(out, micstr);
+                OPENSSL_free(micstr);
+                continue;
+            }
+            if (rv != -2)
+                goto err;
+        }
+        switch (md_nid) {
+        case NID_sha1:
+            BIO_puts(out, "sha1");
+            break;
+
+        case NID_md5:
+            BIO_puts(out, "md5");
+            break;
+
+        case NID_sha256:
+            BIO_puts(out, "sha-256");
+            break;
+
+        case NID_sha384:
+            BIO_puts(out, "sha-384");
+            break;
+
+        case NID_sha512:
+            BIO_puts(out, "sha-512");
+            break;
+
+        case NID_id_GostR3411_94:
+            BIO_puts(out, "gostr3411-94");
+            goto err;
+
+        default:
+            if (have_unknown)
+                write_comma = 0;
+            else {
+                BIO_puts(out, "unknown");
+                have_unknown = 1;
+            }
+            break;
+
+        }
+    }
+
+    ret = 1;
+ err:
+
+    return ret;
+
+}
+
+/* SMIME sender */
+
+int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
+                     int ctype_nid, int econt_nid,
+                     STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it)
+{
+    char bound[33], c;
+    int i;
+    const char *mime_prefix, *mime_eol, *cname = "smime.p7m";
+    const char *msg_type = NULL;
+    if (flags & SMIME_OLDMIME)
+        mime_prefix = "application/x-pkcs7-";
+    else
+        mime_prefix = "application/pkcs7-";
+
+    if (flags & SMIME_CRLFEOL)
+        mime_eol = "\r\n";
+    else
+        mime_eol = "\n";
+    if ((flags & SMIME_DETACHED) && data) {
+        /* We want multipart/signed */
+        /* Generate a random boundary */
+        if (RAND_bytes((unsigned char *)bound, 32) <= 0)
+            return 0;
+        for (i = 0; i < 32; i++) {
+            c = bound[i] & 0xf;
+            if (c < 10)
+                c += '0';
+            else
+                c += 'A' - 10;
+            bound[i] = c;
+        }
+        bound[32] = 0;
+        BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
+        BIO_printf(bio, "Content-Type: multipart/signed;");
+        BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix);
+        BIO_puts(bio, " micalg=\"");
+        asn1_write_micalg(bio, mdalgs);
+        BIO_printf(bio, "\"; boundary=\"----%s\"%s%s",
+                   bound, mime_eol, mime_eol);
+        BIO_printf(bio, "This is an S/MIME signed message%s%s",
+                   mime_eol, mime_eol);
+        /* Now write out the first part */
+        BIO_printf(bio, "------%s%s", bound, mime_eol);
+        if (!asn1_output_data(bio, data, val, flags, it))
+            return 0;
+        BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol);
+
+        /* Headers for signature */
+
+        BIO_printf(bio, "Content-Type: %ssignature;", mime_prefix);
+        BIO_printf(bio, " name=\"smime.p7s\"%s", mime_eol);
+        BIO_printf(bio, "Content-Transfer-Encoding: base64%s", mime_eol);
+        BIO_printf(bio, "Content-Disposition: attachment;");
+        BIO_printf(bio, " filename=\"smime.p7s\"%s%s", mime_eol, mime_eol);
+        B64_write_ASN1(bio, val, NULL, 0, it);
+        BIO_printf(bio, "%s------%s--%s%s", mime_eol, bound,
+                   mime_eol, mime_eol);
+        return 1;
+    }
+
+    /* Determine smime-type header */
+
+    if (ctype_nid == NID_pkcs7_enveloped)
+        msg_type = "enveloped-data";
+    else if (ctype_nid == NID_pkcs7_signed) {
+        if (econt_nid == NID_id_smime_ct_receipt)
+            msg_type = "signed-receipt";
+        else if (sk_X509_ALGOR_num(mdalgs) >= 0)
+            msg_type = "signed-data";
+        else
+            msg_type = "certs-only";
+    } else if (ctype_nid == NID_id_smime_ct_compressedData) {
+        msg_type = "compressed-data";
+        cname = "smime.p7z";
+    }
+    /* MIME headers */
+    BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
+    BIO_printf(bio, "Content-Disposition: attachment;");
+    BIO_printf(bio, " filename=\"%s\"%s", cname, mime_eol);
+    BIO_printf(bio, "Content-Type: %smime;", mime_prefix);
+    if (msg_type)
+        BIO_printf(bio, " smime-type=%s;", msg_type);
+    BIO_printf(bio, " name=\"%s\"%s", cname, mime_eol);
+    BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s",
+               mime_eol, mime_eol);
+    if (!B64_write_ASN1(bio, val, data, flags, it))
+        return 0;
+    BIO_printf(bio, "%s", mime_eol);
+    return 1;
+}
+
+/* Handle output of ASN1 data */
+
+static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
+                            const ASN1_ITEM *it)
+{
+    BIO *tmpbio;
+    const ASN1_AUX *aux = it->funcs;
+    ASN1_STREAM_ARG sarg;
+    int rv = 1;
+
+    /*
+     * If data is not detached or resigning then the output BIO is already
+     * set up to finalise when it is written through.
+     */
+    if (!(flags & SMIME_DETACHED) || (flags & PKCS7_REUSE_DIGEST)) {
+        SMIME_crlf_copy(data, out, flags);
+        return 1;
+    }
+
+    if (!aux || !aux->asn1_cb) {
+        ASN1err(ASN1_F_ASN1_OUTPUT_DATA, ASN1_R_STREAMING_NOT_SUPPORTED);
+        return 0;
+    }
+
+    sarg.out = out;
+    sarg.ndef_bio = NULL;
+    sarg.boundary = NULL;
+
+    /* Let ASN1 code prepend any needed BIOs */
+
+    if (aux->asn1_cb(ASN1_OP_DETACHED_PRE, &val, it, &sarg) <= 0)
+        return 0;
+
+    /* Copy data across, passing through filter BIOs for processing */
+    SMIME_crlf_copy(data, sarg.ndef_bio, flags);
+
+    /* Finalize structure */
+    if (aux->asn1_cb(ASN1_OP_DETACHED_POST, &val, it, &sarg) <= 0)
+        rv = 0;
+
+    /* Now remove any digests prepended to the BIO */
+
+    while (sarg.ndef_bio != out) {
+        tmpbio = BIO_pop(sarg.ndef_bio);
+        BIO_free(sarg.ndef_bio);
+        sarg.ndef_bio = tmpbio;
+    }
+
+    return rv;
+
+}
+
+/*
+ * SMIME reader: handle multipart/signed and opaque signing. in multipart
+ * case the content is placed in a memory BIO pointed to by "bcont". In
+ * opaque this is set to NULL
+ */
+
+ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it)
+{
+    BIO *asnin;
+    STACK_OF(MIME_HEADER) *headers = NULL;
+    STACK_OF(BIO) *parts = NULL;
+    MIME_HEADER *hdr;
+    MIME_PARAM *prm;
+    ASN1_VALUE *val;
+    int ret;
+
+    if (bcont)
+        *bcont = NULL;
+
+    if ((headers = mime_parse_hdr(bio)) == NULL) {
+        ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_MIME_PARSE_ERROR);
+        return NULL;
+    }
+
+    if ((hdr = mime_hdr_find(headers, "content-type")) == NULL
+        || hdr->value == NULL) {
+        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+        ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_CONTENT_TYPE);
+        return NULL;
+    }
+
+    /* Handle multipart/signed */
+
+    if (strcmp(hdr->value, "multipart/signed") == 0) {
+        /* Split into two parts */
+        prm = mime_param_find(hdr, "boundary");
+        if (!prm || !prm->param_value) {
+            sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+            ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_MULTIPART_BOUNDARY);
+            return NULL;
+        }
+        ret = multi_split(bio, prm->param_value, &parts);
+        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+        if (!ret || (sk_BIO_num(parts) != 2)) {
+            ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_MULTIPART_BODY_FAILURE);
+            sk_BIO_pop_free(parts, BIO_vfree);
+            return NULL;
+        }
+
+        /* Parse the signature piece */
+        asnin = sk_BIO_value(parts, 1);
+
+        if ((headers = mime_parse_hdr(asnin)) == NULL) {
+            ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_MIME_SIG_PARSE_ERROR);
+            sk_BIO_pop_free(parts, BIO_vfree);
+            return NULL;
+        }
+
+        /* Get content type */
+
+        if ((hdr = mime_hdr_find(headers, "content-type")) == NULL
+            || hdr->value == NULL) {
+            sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+            ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_SIG_CONTENT_TYPE);
+            sk_BIO_pop_free(parts, BIO_vfree);
+            return NULL;
+        }
+
+        if (strcmp(hdr->value, "application/x-pkcs7-signature") &&
+            strcmp(hdr->value, "application/pkcs7-signature")) {
+            ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_SIG_INVALID_MIME_TYPE);
+            ERR_add_error_data(2, "type: ", hdr->value);
+            sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+            sk_BIO_pop_free(parts, BIO_vfree);
+            return NULL;
+        }
+        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+        /* Read in ASN1 */
+        if ((val = b64_read_asn1(asnin, it)) == NULL) {
+            ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_ASN1_SIG_PARSE_ERROR);
+            sk_BIO_pop_free(parts, BIO_vfree);
+            return NULL;
+        }
+
+        if (bcont) {
+            *bcont = sk_BIO_value(parts, 0);
+            BIO_free(asnin);
+            sk_BIO_free(parts);
+        } else
+            sk_BIO_pop_free(parts, BIO_vfree);
+        return val;
+    }
+
+    /* OK, if not multipart/signed try opaque signature */
+
+    if (strcmp(hdr->value, "application/x-pkcs7-mime") &&
+        strcmp(hdr->value, "application/pkcs7-mime")) {
+        ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_INVALID_MIME_TYPE);
+        ERR_add_error_data(2, "type: ", hdr->value);
+        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+        return NULL;
+    }
+
+    sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+
+    if ((val = b64_read_asn1(bio, it)) == NULL) {
+        ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_ASN1_PARSE_ERROR);
+        return NULL;
+    }
+    return val;
+
+}
+
+/* Copy text from one BIO to another making the output CRLF at EOL */
+int SMIME_crlf_copy(BIO *in, BIO *out, int flags)
+{
+    BIO *bf;
+    char eol;
+    int len;
+    char linebuf[MAX_SMLEN];
+    /*
+     * Buffer output so we don't write one line at a time. This is useful
+     * when streaming as we don't end up with one OCTET STRING per line.
+     */
+    bf = BIO_new(BIO_f_buffer());
+    if (bf == NULL)
+        return 0;
+    out = BIO_push(bf, out);
+    if (flags & SMIME_BINARY) {
+        while ((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0)
+            BIO_write(out, linebuf, len);
+    } else {
+        int eolcnt = 0;
+        if (flags & SMIME_TEXT)
+            BIO_printf(out, "Content-Type: text/plain\r\n\r\n");
+        while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) {
+            eol = strip_eol(linebuf, &len, flags);
+            if (len) {
+                /* Not EOF: write out all CRLF */
+                if (flags & SMIME_ASCIICRLF) {
+                    int i;
+                    for (i = 0; i < eolcnt; i++)
+                        BIO_write(out, "\r\n", 2);
+                    eolcnt = 0;
+                }
+                BIO_write(out, linebuf, len);
+                if (eol)
+                    BIO_write(out, "\r\n", 2);
+            } else if (flags & SMIME_ASCIICRLF)
+                eolcnt++;
+            else if (eol)
+                BIO_write(out, "\r\n", 2);
+        }
+    }
+    (void)BIO_flush(out);
+    BIO_pop(out);
+    BIO_free(bf);
+    return 1;
+}
+
+/* Strip off headers if they are text/plain */
+int SMIME_text(BIO *in, BIO *out)
+{
+    char iobuf[4096];
+    int len;
+    STACK_OF(MIME_HEADER) *headers;
+    MIME_HEADER *hdr;
+
+    if ((headers = mime_parse_hdr(in)) == NULL) {
+        ASN1err(ASN1_F_SMIME_TEXT, ASN1_R_MIME_PARSE_ERROR);
+        return 0;
+    }
+    if ((hdr = mime_hdr_find(headers, "content-type")) == NULL
+        || hdr->value == NULL) {
+        ASN1err(ASN1_F_SMIME_TEXT, ASN1_R_MIME_NO_CONTENT_TYPE);
+        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+        return 0;
+    }
+    if (strcmp(hdr->value, "text/plain")) {
+        ASN1err(ASN1_F_SMIME_TEXT, ASN1_R_INVALID_MIME_TYPE);
+        ERR_add_error_data(2, "type: ", hdr->value);
+        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+        return 0;
+    }
+    sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+    while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0)
+        BIO_write(out, iobuf, len);
+    if (len < 0)
+        return 0;
+    return 1;
+}
+
+/*
+ * Split a multipart/XXX message body into component parts: result is
+ * canonical parts in a STACK of bios
+ */
+
+static int multi_split(BIO *bio, const char *bound, STACK_OF(BIO) **ret)
+{
+    char linebuf[MAX_SMLEN];
+    int len, blen;
+    int eol = 0, next_eol = 0;
+    BIO *bpart = NULL;
+    STACK_OF(BIO) *parts;
+    char state, part, first;
+
+    blen = strlen(bound);
+    part = 0;
+    state = 0;
+    first = 1;
+    parts = sk_BIO_new_null();
+    *ret = parts;
+    if (*ret == NULL)
+        return 0;
+    while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
+        state = mime_bound_check(linebuf, len, bound, blen);
+        if (state == 1) {
+            first = 1;
+            part++;
+        } else if (state == 2) {
+            if (!sk_BIO_push(parts, bpart)) {
+                BIO_free(bpart);
+                return 0;
+            }
+            return 1;
+        } else if (part) {
+            /* Strip CR+LF from linebuf */
+            next_eol = strip_eol(linebuf, &len, 0);
+            if (first) {
+                first = 0;
+                if (bpart)
+                    if (!sk_BIO_push(parts, bpart)) {
+                        BIO_free(bpart);
+                        return 0;
+                    }
+                bpart = BIO_new(BIO_s_mem());
+                if (bpart == NULL)
+                    return 0;
+                BIO_set_mem_eof_return(bpart, 0);
+            } else if (eol)
+                BIO_write(bpart, "\r\n", 2);
+            eol = next_eol;
+            if (len)
+                BIO_write(bpart, linebuf, len);
+        }
+    }
+    BIO_free(bpart);
+    return 0;
+}
+
+/* This is the big one: parse MIME header lines up to message body */
+
+#define MIME_INVALID    0
+#define MIME_START      1
+#define MIME_TYPE       2
+#define MIME_NAME       3
+#define MIME_VALUE      4
+#define MIME_QUOTE      5
+#define MIME_COMMENT    6
+
+static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio)
+{
+    char *p, *q, c;
+    char *ntmp;
+    char linebuf[MAX_SMLEN];
+    MIME_HEADER *mhdr = NULL, *new_hdr = NULL;
+    STACK_OF(MIME_HEADER) *headers;
+    int len, state, save_state = 0;
+
+    headers = sk_MIME_HEADER_new(mime_hdr_cmp);
+    if (headers == NULL)
+        return NULL;
+    while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
+        /* If whitespace at line start then continuation line */
+        if (mhdr && ossl_isspace(linebuf[0]))
+            state = MIME_NAME;
+        else
+            state = MIME_START;
+        ntmp = NULL;
+        /* Go through all characters */
+        for (p = linebuf, q = linebuf; (c = *p) && (c != '\r') && (c != '\n');
+             p++) {
+
+            /*
+             * State machine to handle MIME headers if this looks horrible
+             * that's because it *is*
+             */
+
+            switch (state) {
+            case MIME_START:
+                if (c == ':') {
+                    state = MIME_TYPE;
+                    *p = 0;
+                    ntmp = strip_ends(q);
+                    q = p + 1;
+                }
+                break;
+
+            case MIME_TYPE:
+                if (c == ';') {
+                    mime_debug("Found End Value\n");
+                    *p = 0;
+                    new_hdr = mime_hdr_new(ntmp, strip_ends(q));
+                    if (new_hdr == NULL)
+                        goto err;
+                    if (!sk_MIME_HEADER_push(headers, new_hdr))
+                        goto err;
+                    mhdr = new_hdr;
+                    new_hdr = NULL;
+                    ntmp = NULL;
+                    q = p + 1;
+                    state = MIME_NAME;
+                } else if (c == '(') {
+                    save_state = state;
+                    state = MIME_COMMENT;
+                }
+                break;
+
+            case MIME_COMMENT:
+                if (c == ')') {
+                    state = save_state;
+                }
+                break;
+
+            case MIME_NAME:
+                if (c == '=') {
+                    state = MIME_VALUE;
+                    *p = 0;
+                    ntmp = strip_ends(q);
+                    q = p + 1;
+                }
+                break;
+
+            case MIME_VALUE:
+                if (c == ';') {
+                    state = MIME_NAME;
+                    *p = 0;
+                    mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
+                    ntmp = NULL;
+                    q = p + 1;
+                } else if (c == '"') {
+                    mime_debug("Found Quote\n");
+                    state = MIME_QUOTE;
+                } else if (c == '(') {
+                    save_state = state;
+                    state = MIME_COMMENT;
+                }
+                break;
+
+            case MIME_QUOTE:
+                if (c == '"') {
+                    mime_debug("Found Match Quote\n");
+                    state = MIME_VALUE;
+                }
+                break;
+            }
+        }
+
+        if (state == MIME_TYPE) {
+            new_hdr = mime_hdr_new(ntmp, strip_ends(q));
+            if (new_hdr == NULL)
+                goto err;
+            if (!sk_MIME_HEADER_push(headers, new_hdr))
+                goto err;
+            mhdr = new_hdr;
+            new_hdr = NULL;
+        } else if (state == MIME_VALUE)
+            mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
+        if (p == linebuf)
+            break;              /* Blank line means end of headers */
+    }
+
+    return headers;
+
+err:
+    mime_hdr_free(new_hdr);
+    sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+    return NULL;
+}
+
+static char *strip_ends(char *name)
+{
+    return strip_end(strip_start(name));
+}
+
+/* Strip a parameter of whitespace from start of param */
+static char *strip_start(char *name)
+{
+    char *p, c;
+    /* Look for first non white space or quote */
+    for (p = name; (c = *p); p++) {
+        if (c == '"') {
+            /* Next char is start of string if non null */
+            if (p[1])
+                return p + 1;
+            /* Else null string */
+            return NULL;
+        }
+        if (!ossl_isspace(c))
+            return p;
+    }
+    return NULL;
+}
+
+/* As above but strip from end of string : maybe should handle brackets? */
+static char *strip_end(char *name)
+{
+    char *p, c;
+    if (!name)
+        return NULL;
+    /* Look for first non white space or quote */
+    for (p = name + strlen(name) - 1; p >= name; p--) {
+        c = *p;
+        if (c == '"') {
+            if (p - 1 == name)
+                return NULL;
+            *p = 0;
+            return name;
+        }
+        if (ossl_isspace(c))
+            *p = 0;
+        else
+            return name;
+    }
+    return NULL;
+}
+
+static MIME_HEADER *mime_hdr_new(const char *name, const char *value)
+{
+    MIME_HEADER *mhdr = NULL;
+    char *tmpname = NULL, *tmpval = NULL, *p;
+
+    if (name) {
+        if ((tmpname = OPENSSL_strdup(name)) == NULL)
+            return NULL;
+        for (p = tmpname; *p; p++)
+            *p = ossl_tolower(*p);
+    }
+    if (value) {
+        if ((tmpval = OPENSSL_strdup(value)) == NULL)
+            goto err;
+        for (p = tmpval; *p; p++)
+            *p = ossl_tolower(*p);
+    }
+    mhdr = OPENSSL_malloc(sizeof(*mhdr));
+    if (mhdr == NULL)
+        goto err;
+    mhdr->name = tmpname;
+    mhdr->value = tmpval;
+    if ((mhdr->params = sk_MIME_PARAM_new(mime_param_cmp)) == NULL)
+        goto err;
+    return mhdr;
+
+ err:
+    OPENSSL_free(tmpname);
+    OPENSSL_free(tmpval);
+    OPENSSL_free(mhdr);
+    return NULL;
+}
+
+static int mime_hdr_addparam(MIME_HEADER *mhdr, const char *name, const char *value)
+{
+    char *tmpname = NULL, *tmpval = NULL, *p;
+    MIME_PARAM *mparam = NULL;
+
+    if (name) {
+        tmpname = OPENSSL_strdup(name);
+        if (!tmpname)
+            goto err;
+        for (p = tmpname; *p; p++)
+            *p = ossl_tolower(*p);
+    }
+    if (value) {
+        tmpval = OPENSSL_strdup(value);
+        if (!tmpval)
+            goto err;
+    }
+    /* Parameter values are case sensitive so leave as is */
+    mparam = OPENSSL_malloc(sizeof(*mparam));
+    if (mparam == NULL)
+        goto err;
+    mparam->param_name = tmpname;
+    mparam->param_value = tmpval;
+    if (!sk_MIME_PARAM_push(mhdr->params, mparam))
+        goto err;
+    return 1;
+ err:
+    OPENSSL_free(tmpname);
+    OPENSSL_free(tmpval);
+    OPENSSL_free(mparam);
+    return 0;
+}
+
+static int mime_hdr_cmp(const MIME_HEADER *const *a,
+                        const MIME_HEADER *const *b)
+{
+    if (!(*a)->name || !(*b)->name)
+        return ! !(*a)->name - ! !(*b)->name;
+
+    return strcmp((*a)->name, (*b)->name);
+}
+
+static int mime_param_cmp(const MIME_PARAM *const *a,
+                          const MIME_PARAM *const *b)
+{
+    if (!(*a)->param_name || !(*b)->param_name)
+        return ! !(*a)->param_name - ! !(*b)->param_name;
+    return strcmp((*a)->param_name, (*b)->param_name);
+}
+
+/* Find a header with a given name (if possible) */
+
+static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, const char *name)
+{
+    MIME_HEADER htmp;
+    int idx;
+
+    htmp.name = (char *)name;
+    htmp.value = NULL;
+    htmp.params = NULL;
+
+    idx = sk_MIME_HEADER_find(hdrs, &htmp);
+    return sk_MIME_HEADER_value(hdrs, idx);
+}
+
+static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, const char *name)
+{
+    MIME_PARAM param;
+    int idx;
+
+    param.param_name = (char *)name;
+    param.param_value = NULL;
+    idx = sk_MIME_PARAM_find(hdr->params, &param);
+    return sk_MIME_PARAM_value(hdr->params, idx);
+}
+
+static void mime_hdr_free(MIME_HEADER *hdr)
+{
+    if (hdr == NULL)
+        return;
+    OPENSSL_free(hdr->name);
+    OPENSSL_free(hdr->value);
+    if (hdr->params)
+        sk_MIME_PARAM_pop_free(hdr->params, mime_param_free);
+    OPENSSL_free(hdr);
+}
+
+static void mime_param_free(MIME_PARAM *param)
+{
+    OPENSSL_free(param->param_name);
+    OPENSSL_free(param->param_value);
+    OPENSSL_free(param);
+}
+
+/*-
+ * Check for a multipart boundary. Returns:
+ * 0 : no boundary
+ * 1 : part boundary
+ * 2 : final boundary
+ */
+static int mime_bound_check(char *line, int linelen, const char *bound, int blen)
+{
+    if (linelen == -1)
+        linelen = strlen(line);
+    if (blen == -1)
+        blen = strlen(bound);
+    /* Quickly eliminate if line length too short */
+    if (blen + 2 > linelen)
+        return 0;
+    /* Check for part boundary */
+    if ((strncmp(line, "--", 2) == 0)
+        && strncmp(line + 2, bound, blen) == 0) {
+        if (strncmp(line + blen + 2, "--", 2) == 0)
+            return 2;
+        else
+            return 1;
+    }
+    return 0;
+}
+
+static int strip_eol(char *linebuf, int *plen, int flags)
+{
+    int len = *plen;
+    char *p, c;
+    int is_eol = 0;
+
+    for (p = linebuf + len - 1; len > 0; len--, p--) {
+        c = *p;
+        if (c == '\n') {
+            is_eol = 1;
+        } else if (is_eol && flags & SMIME_ASCIICRLF && c == 32) {
+            /* Strip trailing space on a line; 32 == ASCII for ' ' */
+            continue;
+        } else if (c != '\r') {
+            break;
+        }
+    }
+    *plen = len;
+    return is_eol;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn_moid.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn_moid.c
new file mode 100644
index 000000000..68a01f311
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn_moid.c
@@ -0,0 +1,100 @@
+/*
+ * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/ctype.h"
+#include <openssl/crypto.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509.h>
+#include "internal/asn1_int.h"
+#include "internal/objects.h"
+
+/* Simple ASN1 OID module: add all objects in a given section */
+
+static int do_create(const char *value, const char *name);
+
+static int oid_module_init(CONF_IMODULE *md, const CONF *cnf)
+{
+    int i;
+    const char *oid_section;
+    STACK_OF(CONF_VALUE) *sktmp;
+    CONF_VALUE *oval;
+
+    oid_section = CONF_imodule_get_value(md);
+    if ((sktmp = NCONF_get_section(cnf, oid_section)) == NULL) {
+        ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ERROR_LOADING_SECTION);
+        return 0;
+    }
+    for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
+        oval = sk_CONF_VALUE_value(sktmp, i);
+        if (!do_create(oval->value, oval->name)) {
+            ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ADDING_OBJECT);
+            return 0;
+        }
+    }
+    return 1;
+}
+
+static void oid_module_finish(CONF_IMODULE *md)
+{
+}
+
+void ASN1_add_oid_module(void)
+{
+    CONF_module_add("oid_section", oid_module_init, oid_module_finish);
+}
+
+/*-
+ * Create an OID based on a name value pair. Accept two formats.
+ * shortname = 1.2.3.4
+ * shortname = some long name, 1.2.3.4
+ */
+
+static int do_create(const char *value, const char *name)
+{
+    int nid;
+    const char *ln, *ostr, *p;
+    char *lntmp = NULL;
+
+    p = strrchr(value, ',');
+    if (p == NULL) {
+        ln = name;
+        ostr = value;
+    } else {
+        ln = value;
+        ostr = p + 1;
+        if (*ostr == '\0')
+            return 0;
+        while (ossl_isspace(*ostr))
+            ostr++;
+        while (ossl_isspace(*ln))
+            ln++;
+        p--;
+        while (ossl_isspace(*p)) {
+            if (p == ln)
+                return 0;
+            p--;
+        }
+        p++;
+        if ((lntmp = OPENSSL_malloc((p - ln) + 1)) == NULL) {
+            ASN1err(ASN1_F_DO_CREATE, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        memcpy(lntmp, ln, p - ln);
+        lntmp[p - ln] = '\0';
+        ln = lntmp;
+    }
+
+    nid = OBJ_create(ostr, name, ln);
+
+    OPENSSL_free(lntmp);
+
+    return nid != NID_undef;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn_mstbl.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn_mstbl.c
new file mode 100644
index 000000000..ddcbcd07f
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn_mstbl.c
@@ -0,0 +1,113 @@
+/*
+ * Copyright 2012-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+/* Multi string module: add table entries from a given section */
+
+static int do_tcreate(const char *value, const char *name);
+
+static int stbl_module_init(CONF_IMODULE *md, const CONF *cnf)
+{
+    int i;
+    const char *stbl_section;
+    STACK_OF(CONF_VALUE) *sktmp;
+    CONF_VALUE *mval;
+
+    stbl_section = CONF_imodule_get_value(md);
+    if ((sktmp = NCONF_get_section(cnf, stbl_section)) == NULL) {
+        ASN1err(ASN1_F_STBL_MODULE_INIT, ASN1_R_ERROR_LOADING_SECTION);
+        return 0;
+    }
+    for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
+        mval = sk_CONF_VALUE_value(sktmp, i);
+        if (!do_tcreate(mval->value, mval->name)) {
+            ASN1err(ASN1_F_STBL_MODULE_INIT, ASN1_R_INVALID_VALUE);
+            return 0;
+        }
+    }
+    return 1;
+}
+
+static void stbl_module_finish(CONF_IMODULE *md)
+{
+    ASN1_STRING_TABLE_cleanup();
+}
+
+void ASN1_add_stable_module(void)
+{
+    CONF_module_add("stbl_section", stbl_module_init, stbl_module_finish);
+}
+
+/*
+ * Create an table entry based on a name value pair. format is oid_name =
+ * n1:v1, n2:v2,... where name is "min", "max", "mask" or "flags".
+ */
+
+static int do_tcreate(const char *value, const char *name)
+{
+    char *eptr;
+    int nid, i, rv = 0;
+    long tbl_min = -1, tbl_max = -1;
+    unsigned long tbl_mask = 0, tbl_flags = 0;
+    STACK_OF(CONF_VALUE) *lst = NULL;
+    CONF_VALUE *cnf = NULL;
+    nid = OBJ_sn2nid(name);
+    if (nid == NID_undef)
+        nid = OBJ_ln2nid(name);
+    if (nid == NID_undef)
+        goto err;
+    lst = X509V3_parse_list(value);
+    if (!lst)
+        goto err;
+    for (i = 0; i < sk_CONF_VALUE_num(lst); i++) {
+        cnf = sk_CONF_VALUE_value(lst, i);
+        if (strcmp(cnf->name, "min") == 0) {
+            tbl_min = strtoul(cnf->value, &eptr, 0);
+            if (*eptr)
+                goto err;
+        } else if (strcmp(cnf->name, "max") == 0) {
+            tbl_max = strtoul(cnf->value, &eptr, 0);
+            if (*eptr)
+                goto err;
+        } else if (strcmp(cnf->name, "mask") == 0) {
+            if (!ASN1_str2mask(cnf->value, &tbl_mask) || !tbl_mask)
+                goto err;
+        } else if (strcmp(cnf->name, "flags") == 0) {
+            if (strcmp(cnf->value, "nomask") == 0)
+                tbl_flags = STABLE_NO_MASK;
+            else if (strcmp(cnf->value, "none") == 0)
+                tbl_flags = STABLE_FLAGS_CLEAR;
+            else
+                goto err;
+        } else
+            goto err;
+    }
+    rv = 1;
+ err:
+    if (rv == 0) {
+        ASN1err(ASN1_F_DO_TCREATE, ASN1_R_INVALID_STRING_TABLE_VALUE);
+        if (cnf)
+            ERR_add_error_data(4, "field=", cnf->name,
+                               ", value=", cnf->value);
+        else
+            ERR_add_error_data(4, "name=", name, ", value=", value);
+    } else {
+        rv = ASN1_STRING_TABLE_add(nid, tbl_min, tbl_max,
+                                   tbl_mask, tbl_flags);
+        if (!rv)
+            ASN1err(ASN1_F_DO_TCREATE, ERR_R_MALLOC_FAILURE);
+    }
+    sk_CONF_VALUE_pop_free(lst, X509V3_conf_free);
+    return rv;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn_pack.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn_pack.c
new file mode 100644
index 000000000..63bc30675
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn_pack.c
@@ -0,0 +1,62 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+
+/* ASN1 packing and unpacking functions */
+
+ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct)
+{
+    ASN1_STRING *octmp;
+
+     if (oct == NULL || *oct == NULL) {
+        if ((octmp = ASN1_STRING_new()) == NULL) {
+            ASN1err(ASN1_F_ASN1_ITEM_PACK, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+    } else {
+        octmp = *oct;
+    }
+
+    OPENSSL_free(octmp->data);
+    octmp->data = NULL;
+
+    if ((octmp->length = ASN1_item_i2d(obj, &octmp->data, it)) == 0) {
+        ASN1err(ASN1_F_ASN1_ITEM_PACK, ASN1_R_ENCODE_ERROR);
+        goto err;
+    }
+    if (octmp->data == NULL) {
+        ASN1err(ASN1_F_ASN1_ITEM_PACK, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (oct != NULL && *oct == NULL)
+        *oct = octmp;
+
+    return octmp;
+ err:
+    if (oct == NULL || *oct == NULL)
+        ASN1_STRING_free(octmp);
+    return NULL;
+}
+
+/* Extract an ASN1 object from an ASN1_STRING */
+
+void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it)
+{
+    const unsigned char *p;
+    void *ret;
+
+    p = oct->data;
+    if ((ret = ASN1_item_d2i(NULL, &p, oct->length, it)) == NULL)
+        ASN1err(ASN1_F_ASN1_ITEM_UNPACK, ASN1_R_DECODE_ERROR);
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/bio_asn1.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/bio_asn1.c
new file mode 100644
index 000000000..86ee56632
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/bio_asn1.c
@@ -0,0 +1,444 @@
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Experimental ASN1 BIO. When written through the data is converted to an
+ * ASN1 string type: default is OCTET STRING. Additional functions can be
+ * provided to add prefix and suffix data.
+ */
+
+#include <string.h>
+#include "internal/bio.h"
+#include <openssl/asn1.h>
+#include "internal/cryptlib.h"
+
+/* Must be large enough for biggest tag+length */
+#define DEFAULT_ASN1_BUF_SIZE 20
+
+typedef enum {
+    ASN1_STATE_START,
+    ASN1_STATE_PRE_COPY,
+    ASN1_STATE_HEADER,
+    ASN1_STATE_HEADER_COPY,
+    ASN1_STATE_DATA_COPY,
+    ASN1_STATE_POST_COPY,
+    ASN1_STATE_DONE
+} asn1_bio_state_t;
+
+typedef struct BIO_ASN1_EX_FUNCS_st {
+    asn1_ps_func *ex_func;
+    asn1_ps_func *ex_free_func;
+} BIO_ASN1_EX_FUNCS;
+
+typedef struct BIO_ASN1_BUF_CTX_t {
+    /* Internal state */
+    asn1_bio_state_t state;
+    /* Internal buffer */
+    unsigned char *buf;
+    /* Size of buffer */
+    int bufsize;
+    /* Current position in buffer */
+    int bufpos;
+    /* Current buffer length */
+    int buflen;
+    /* Amount of data to copy */
+    int copylen;
+    /* Class and tag to use */
+    int asn1_class, asn1_tag;
+    asn1_ps_func *prefix, *prefix_free, *suffix, *suffix_free;
+    /* Extra buffer for prefix and suffix data */
+    unsigned char *ex_buf;
+    int ex_len;
+    int ex_pos;
+    void *ex_arg;
+} BIO_ASN1_BUF_CTX;
+
+static int asn1_bio_write(BIO *h, const char *buf, int num);
+static int asn1_bio_read(BIO *h, char *buf, int size);
+static int asn1_bio_puts(BIO *h, const char *str);
+static int asn1_bio_gets(BIO *h, char *str, int size);
+static long asn1_bio_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int asn1_bio_new(BIO *h);
+static int asn1_bio_free(BIO *data);
+static long asn1_bio_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
+
+static int asn1_bio_init(BIO_ASN1_BUF_CTX *ctx, int size);
+static int asn1_bio_flush_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx,
+                             asn1_ps_func *cleanup, asn1_bio_state_t next);
+static int asn1_bio_setup_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx,
+                             asn1_ps_func *setup,
+                             asn1_bio_state_t ex_state,
+                             asn1_bio_state_t other_state);
+
+static const BIO_METHOD methods_asn1 = {
+    BIO_TYPE_ASN1,
+    "asn1",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
+    asn1_bio_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
+    asn1_bio_read,
+    asn1_bio_puts,
+    asn1_bio_gets,
+    asn1_bio_ctrl,
+    asn1_bio_new,
+    asn1_bio_free,
+    asn1_bio_callback_ctrl,
+};
+
+const BIO_METHOD *BIO_f_asn1(void)
+{
+    return &methods_asn1;
+}
+
+static int asn1_bio_new(BIO *b)
+{
+    BIO_ASN1_BUF_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
+
+    if (ctx == NULL)
+        return 0;
+    if (!asn1_bio_init(ctx, DEFAULT_ASN1_BUF_SIZE)) {
+        OPENSSL_free(ctx);
+        return 0;
+    }
+    BIO_set_data(b, ctx);
+    BIO_set_init(b, 1);
+
+    return 1;
+}
+
+static int asn1_bio_init(BIO_ASN1_BUF_CTX *ctx, int size)
+{
+    if ((ctx->buf = OPENSSL_malloc(size)) == NULL) {
+        ASN1err(ASN1_F_ASN1_BIO_INIT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ctx->bufsize = size;
+    ctx->asn1_class = V_ASN1_UNIVERSAL;
+    ctx->asn1_tag = V_ASN1_OCTET_STRING;
+    ctx->state = ASN1_STATE_START;
+    return 1;
+}
+
+static int asn1_bio_free(BIO *b)
+{
+    BIO_ASN1_BUF_CTX *ctx;
+
+    if (b == NULL)
+        return 0;
+
+    ctx = BIO_get_data(b);
+    if (ctx == NULL)
+        return 0;
+
+    OPENSSL_free(ctx->buf);
+    OPENSSL_free(ctx);
+    BIO_set_data(b, NULL);
+    BIO_set_init(b, 0);
+
+    return 1;
+}
+
+static int asn1_bio_write(BIO *b, const char *in, int inl)
+{
+    BIO_ASN1_BUF_CTX *ctx;
+    int wrmax, wrlen, ret;
+    unsigned char *p;
+    BIO *next;
+
+    ctx = BIO_get_data(b);
+    next = BIO_next(b);
+    if (in == NULL || inl < 0 || ctx == NULL || next == NULL)
+        return 0;
+
+    wrlen = 0;
+    ret = -1;
+
+    for (;;) {
+        switch (ctx->state) {
+            /* Setup prefix data, call it */
+        case ASN1_STATE_START:
+            if (!asn1_bio_setup_ex(b, ctx, ctx->prefix,
+                                   ASN1_STATE_PRE_COPY, ASN1_STATE_HEADER))
+                return 0;
+            break;
+
+            /* Copy any pre data first */
+        case ASN1_STATE_PRE_COPY:
+
+            ret = asn1_bio_flush_ex(b, ctx, ctx->prefix_free,
+                                    ASN1_STATE_HEADER);
+
+            if (ret <= 0)
+                goto done;
+
+            break;
+
+        case ASN1_STATE_HEADER:
+            ctx->buflen = ASN1_object_size(0, inl, ctx->asn1_tag) - inl;
+            if (!ossl_assert(ctx->buflen <= ctx->bufsize))
+                return 0;
+            p = ctx->buf;
+            ASN1_put_object(&p, 0, inl, ctx->asn1_tag, ctx->asn1_class);
+            ctx->copylen = inl;
+            ctx->state = ASN1_STATE_HEADER_COPY;
+
+            break;
+
+        case ASN1_STATE_HEADER_COPY:
+            ret = BIO_write(next, ctx->buf + ctx->bufpos, ctx->buflen);
+            if (ret <= 0)
+                goto done;
+
+            ctx->buflen -= ret;
+            if (ctx->buflen)
+                ctx->bufpos += ret;
+            else {
+                ctx->bufpos = 0;
+                ctx->state = ASN1_STATE_DATA_COPY;
+            }
+
+            break;
+
+        case ASN1_STATE_DATA_COPY:
+
+            if (inl > ctx->copylen)
+                wrmax = ctx->copylen;
+            else
+                wrmax = inl;
+            ret = BIO_write(next, in, wrmax);
+            if (ret <= 0)
+                goto done;
+            wrlen += ret;
+            ctx->copylen -= ret;
+            in += ret;
+            inl -= ret;
+
+            if (ctx->copylen == 0)
+                ctx->state = ASN1_STATE_HEADER;
+
+            if (inl == 0)
+                goto done;
+
+            break;
+
+        case ASN1_STATE_POST_COPY:
+        case ASN1_STATE_DONE:
+            BIO_clear_retry_flags(b);
+            return 0;
+
+        }
+
+    }
+
+ done:
+    BIO_clear_retry_flags(b);
+    BIO_copy_next_retry(b);
+
+    return (wrlen > 0) ? wrlen : ret;
+
+}
+
+static int asn1_bio_flush_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx,
+                             asn1_ps_func *cleanup, asn1_bio_state_t next)
+{
+    int ret;
+
+    if (ctx->ex_len <= 0)
+        return 1;
+    for (;;) {
+        ret = BIO_write(BIO_next(b), ctx->ex_buf + ctx->ex_pos, ctx->ex_len);
+        if (ret <= 0)
+            break;
+        ctx->ex_len -= ret;
+        if (ctx->ex_len > 0)
+            ctx->ex_pos += ret;
+        else {
+            if (cleanup)
+                cleanup(b, &ctx->ex_buf, &ctx->ex_len, &ctx->ex_arg);
+            ctx->state = next;
+            ctx->ex_pos = 0;
+            break;
+        }
+    }
+    return ret;
+}
+
+static int asn1_bio_setup_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx,
+                             asn1_ps_func *setup,
+                             asn1_bio_state_t ex_state,
+                             asn1_bio_state_t other_state)
+{
+    if (setup && !setup(b, &ctx->ex_buf, &ctx->ex_len, &ctx->ex_arg)) {
+        BIO_clear_retry_flags(b);
+        return 0;
+    }
+    if (ctx->ex_len > 0)
+        ctx->state = ex_state;
+    else
+        ctx->state = other_state;
+    return 1;
+}
+
+static int asn1_bio_read(BIO *b, char *in, int inl)
+{
+    BIO *next = BIO_next(b);
+    if (next == NULL)
+        return 0;
+    return BIO_read(next, in, inl);
+}
+
+static int asn1_bio_puts(BIO *b, const char *str)
+{
+    return asn1_bio_write(b, str, strlen(str));
+}
+
+static int asn1_bio_gets(BIO *b, char *str, int size)
+{
+    BIO *next = BIO_next(b);
+    if (next == NULL)
+        return 0;
+    return BIO_gets(next, str, size);
+}
+
+static long asn1_bio_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
+{
+    BIO *next = BIO_next(b);
+    if (next == NULL)
+        return 0;
+    return BIO_callback_ctrl(next, cmd, fp);
+}
+
+static long asn1_bio_ctrl(BIO *b, int cmd, long arg1, void *arg2)
+{
+    BIO_ASN1_BUF_CTX *ctx;
+    BIO_ASN1_EX_FUNCS *ex_func;
+    long ret = 1;
+    BIO *next;
+
+    ctx = BIO_get_data(b);
+    if (ctx == NULL)
+        return 0;
+    next = BIO_next(b);
+    switch (cmd) {
+
+    case BIO_C_SET_PREFIX:
+        ex_func = arg2;
+        ctx->prefix = ex_func->ex_func;
+        ctx->prefix_free = ex_func->ex_free_func;
+        break;
+
+    case BIO_C_GET_PREFIX:
+        ex_func = arg2;
+        ex_func->ex_func = ctx->prefix;
+        ex_func->ex_free_func = ctx->prefix_free;
+        break;
+
+    case BIO_C_SET_SUFFIX:
+        ex_func = arg2;
+        ctx->suffix = ex_func->ex_func;
+        ctx->suffix_free = ex_func->ex_free_func;
+        break;
+
+    case BIO_C_GET_SUFFIX:
+        ex_func = arg2;
+        ex_func->ex_func = ctx->suffix;
+        ex_func->ex_free_func = ctx->suffix_free;
+        break;
+
+    case BIO_C_SET_EX_ARG:
+        ctx->ex_arg = arg2;
+        break;
+
+    case BIO_C_GET_EX_ARG:
+        *(void **)arg2 = ctx->ex_arg;
+        break;
+
+    case BIO_CTRL_FLUSH:
+        if (next == NULL)
+            return 0;
+
+        /* Call post function if possible */
+        if (ctx->state == ASN1_STATE_HEADER) {
+            if (!asn1_bio_setup_ex(b, ctx, ctx->suffix,
+                                   ASN1_STATE_POST_COPY, ASN1_STATE_DONE))
+                return 0;
+        }
+
+        if (ctx->state == ASN1_STATE_POST_COPY) {
+            ret = asn1_bio_flush_ex(b, ctx, ctx->suffix_free,
+                                    ASN1_STATE_DONE);
+            if (ret <= 0)
+                return ret;
+        }
+
+        if (ctx->state == ASN1_STATE_DONE)
+            return BIO_ctrl(next, cmd, arg1, arg2);
+        else {
+            BIO_clear_retry_flags(b);
+            return 0;
+        }
+
+    default:
+        if (next == NULL)
+            return 0;
+        return BIO_ctrl(next, cmd, arg1, arg2);
+
+    }
+
+    return ret;
+}
+
+static int asn1_bio_set_ex(BIO *b, int cmd,
+                           asn1_ps_func *ex_func, asn1_ps_func *ex_free_func)
+{
+    BIO_ASN1_EX_FUNCS extmp;
+    extmp.ex_func = ex_func;
+    extmp.ex_free_func = ex_free_func;
+    return BIO_ctrl(b, cmd, 0, &extmp);
+}
+
+static int asn1_bio_get_ex(BIO *b, int cmd,
+                           asn1_ps_func **ex_func,
+                           asn1_ps_func **ex_free_func)
+{
+    BIO_ASN1_EX_FUNCS extmp;
+    int ret;
+    ret = BIO_ctrl(b, cmd, 0, &extmp);
+    if (ret > 0) {
+        *ex_func = extmp.ex_func;
+        *ex_free_func = extmp.ex_free_func;
+    }
+    return ret;
+}
+
+int BIO_asn1_set_prefix(BIO *b, asn1_ps_func *prefix,
+                        asn1_ps_func *prefix_free)
+{
+    return asn1_bio_set_ex(b, BIO_C_SET_PREFIX, prefix, prefix_free);
+}
+
+int BIO_asn1_get_prefix(BIO *b, asn1_ps_func **pprefix,
+                        asn1_ps_func **pprefix_free)
+{
+    return asn1_bio_get_ex(b, BIO_C_GET_PREFIX, pprefix, pprefix_free);
+}
+
+int BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix,
+                        asn1_ps_func *suffix_free)
+{
+    return asn1_bio_set_ex(b, BIO_C_SET_SUFFIX, suffix, suffix_free);
+}
+
+int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix,
+                        asn1_ps_func **psuffix_free)
+{
+    return asn1_bio_get_ex(b, BIO_C_GET_SUFFIX, psuffix, psuffix_free);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/bio_ndef.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/bio_ndef.c
new file mode 100644
index 000000000..6222c9907
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/bio_ndef.c
@@ -0,0 +1,201 @@
+/*
+ * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+
+#include <stdio.h>
+
+/* Experimental NDEF ASN1 BIO support routines */
+
+/*
+ * The usage is quite simple, initialize an ASN1 structure, get a BIO from it
+ * then any data written through the BIO will end up translated to
+ * appropriate format on the fly. The data is streamed out and does *not*
+ * need to be all held in memory at once. When the BIO is flushed the output
+ * is finalized and any signatures etc written out. The BIO is a 'proper'
+ * BIO and can handle non blocking I/O correctly. The usage is simple. The
+ * implementation is *not*...
+ */
+
+/* BIO support data stored in the ASN1 BIO ex_arg */
+
+typedef struct ndef_aux_st {
+    /* ASN1 structure this BIO refers to */
+    ASN1_VALUE *val;
+    const ASN1_ITEM *it;
+    /* Top of the BIO chain */
+    BIO *ndef_bio;
+    /* Output BIO */
+    BIO *out;
+    /* Boundary where content is inserted */
+    unsigned char **boundary;
+    /* DER buffer start */
+    unsigned char *derbuf;
+} NDEF_SUPPORT;
+
+static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg);
+static int ndef_prefix_free(BIO *b, unsigned char **pbuf, int *plen,
+                            void *parg);
+static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg);
+static int ndef_suffix_free(BIO *b, unsigned char **pbuf, int *plen,
+                            void *parg);
+
+BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it)
+{
+    NDEF_SUPPORT *ndef_aux = NULL;
+    BIO *asn_bio = NULL;
+    const ASN1_AUX *aux = it->funcs;
+    ASN1_STREAM_ARG sarg;
+
+    if (!aux || !aux->asn1_cb) {
+        ASN1err(ASN1_F_BIO_NEW_NDEF, ASN1_R_STREAMING_NOT_SUPPORTED);
+        return NULL;
+    }
+    ndef_aux = OPENSSL_zalloc(sizeof(*ndef_aux));
+    asn_bio = BIO_new(BIO_f_asn1());
+    if (ndef_aux == NULL || asn_bio == NULL)
+        goto err;
+
+    /* ASN1 bio needs to be next to output BIO */
+    out = BIO_push(asn_bio, out);
+    if (out == NULL)
+        goto err;
+
+    BIO_asn1_set_prefix(asn_bio, ndef_prefix, ndef_prefix_free);
+    BIO_asn1_set_suffix(asn_bio, ndef_suffix, ndef_suffix_free);
+
+    /*
+     * Now let callback prepends any digest, cipher etc BIOs ASN1 structure
+     * needs.
+     */
+
+    sarg.out = out;
+    sarg.ndef_bio = NULL;
+    sarg.boundary = NULL;
+
+    if (aux->asn1_cb(ASN1_OP_STREAM_PRE, &val, it, &sarg) <= 0)
+        goto err;
+
+    ndef_aux->val = val;
+    ndef_aux->it = it;
+    ndef_aux->ndef_bio = sarg.ndef_bio;
+    ndef_aux->boundary = sarg.boundary;
+    ndef_aux->out = out;
+
+    BIO_ctrl(asn_bio, BIO_C_SET_EX_ARG, 0, ndef_aux);
+
+    return sarg.ndef_bio;
+
+ err:
+    BIO_free(asn_bio);
+    OPENSSL_free(ndef_aux);
+    return NULL;
+}
+
+static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg)
+{
+    NDEF_SUPPORT *ndef_aux;
+    unsigned char *p;
+    int derlen;
+
+    if (!parg)
+        return 0;
+
+    ndef_aux = *(NDEF_SUPPORT **)parg;
+
+    derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it);
+    if ((p = OPENSSL_malloc(derlen)) == NULL) {
+        ASN1err(ASN1_F_NDEF_PREFIX, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    ndef_aux->derbuf = p;
+    *pbuf = p;
+    derlen = ASN1_item_ndef_i2d(ndef_aux->val, &p, ndef_aux->it);
+
+    if (!*ndef_aux->boundary)
+        return 0;
+
+    *plen = *ndef_aux->boundary - *pbuf;
+
+    return 1;
+}
+
+static int ndef_prefix_free(BIO *b, unsigned char **pbuf, int *plen,
+                            void *parg)
+{
+    NDEF_SUPPORT *ndef_aux;
+
+    if (!parg)
+        return 0;
+
+    ndef_aux = *(NDEF_SUPPORT **)parg;
+
+    OPENSSL_free(ndef_aux->derbuf);
+
+    ndef_aux->derbuf = NULL;
+    *pbuf = NULL;
+    *plen = 0;
+    return 1;
+}
+
+static int ndef_suffix_free(BIO *b, unsigned char **pbuf, int *plen,
+                            void *parg)
+{
+    NDEF_SUPPORT **pndef_aux = (NDEF_SUPPORT **)parg;
+    if (!ndef_prefix_free(b, pbuf, plen, parg))
+        return 0;
+    OPENSSL_free(*pndef_aux);
+    *pndef_aux = NULL;
+    return 1;
+}
+
+static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg)
+{
+    NDEF_SUPPORT *ndef_aux;
+    unsigned char *p;
+    int derlen;
+    const ASN1_AUX *aux;
+    ASN1_STREAM_ARG sarg;
+
+    if (!parg)
+        return 0;
+
+    ndef_aux = *(NDEF_SUPPORT **)parg;
+
+    aux = ndef_aux->it->funcs;
+
+    /* Finalize structures */
+    sarg.ndef_bio = ndef_aux->ndef_bio;
+    sarg.out = ndef_aux->out;
+    sarg.boundary = ndef_aux->boundary;
+    if (aux->asn1_cb(ASN1_OP_STREAM_POST,
+                     &ndef_aux->val, ndef_aux->it, &sarg) <= 0)
+        return 0;
+
+    derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it);
+    if ((p = OPENSSL_malloc(derlen)) == NULL) {
+        ASN1err(ASN1_F_NDEF_SUFFIX, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    ndef_aux->derbuf = p;
+    *pbuf = p;
+    derlen = ASN1_item_ndef_i2d(ndef_aux->val, &p, ndef_aux->it);
+
+    if (!*ndef_aux->boundary)
+        return 0;
+    *pbuf = *ndef_aux->boundary;
+    *plen = derlen - (*ndef_aux->boundary - ndef_aux->derbuf);
+
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/build.info
new file mode 100644
index 000000000..d3e92c81a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/build.info
@@ -0,0 +1,16 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
+        a_print.c a_type.c a_dup.c a_d2i_fp.c a_i2d_fp.c \
+        a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \
+        x_algor.c x_val.c x_sig.c x_bignum.c \
+        x_long.c x_int64.c x_info.c x_spki.c nsseq.c \
+        d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\
+        t_pkey.c t_spki.c t_bitst.c \
+        tasn_new.c tasn_fre.c tasn_enc.c tasn_dec.c tasn_utl.c tasn_typ.c \
+        tasn_prn.c tasn_scn.c ameth_lib.c \
+        f_int.c f_string.c n_pkey.c \
+        x_pkey.c bio_asn1.c bio_ndef.c asn_mime.c \
+        asn1_gen.c asn1_par.c asn1_lib.c asn1_err.c a_strnid.c \
+        evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p5_scrypt.c p8_pkey.c \
+        asn_moid.c asn_mstbl.c asn1_item_list.c
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/charmap.h b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/charmap.h
new file mode 100644
index 000000000..f15d72d73
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/charmap.h
@@ -0,0 +1,34 @@
+/*
+ * WARNING: do not edit!
+ * Generated by crypto/asn1/charmap.pl
+ *
+ * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#define CHARTYPE_HOST_ANY 4096
+#define CHARTYPE_HOST_DOT 8192
+#define CHARTYPE_HOST_HYPHEN 16384
+#define CHARTYPE_HOST_WILD 32768
+
+/*
+ * Mask of various character properties
+ */
+
+static const unsigned short char_type[] = {
+    1026,    2,    2,    2,    2,    2,    2,    2,    2,    2,    2,    2,
+       2,    2,    2,    2,    2,    2,    2,    2,    2,    2,    2,    2,
+       2,    2,    2,    2,    2,    2,    2,    2,  120,    0,    1,   40,
+       0,    0,    0,   16, 1040, 1040, 33792,   25,   25, 16400, 8208,   16,
+    4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112,   16,    9,
+       9,   16,    9,   16,    0, 4112, 4112, 4112, 4112, 4112, 4112, 4112,
+    4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112,
+    4112, 4112, 4112, 4112, 4112, 4112, 4112,    0, 1025,    0,    0,    0,
+       0, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112,
+    4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112,
+    4112, 4112, 4112,    0,    0,    0,    0,    2
+};
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/charmap.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/charmap.pl
new file mode 100644
index 000000000..dadd8df77
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/charmap.pl
@@ -0,0 +1,119 @@
+#! /usr/bin/env perl
+# Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+
+my ($i, @arr);
+
+# Set up an array with the type of ASCII characters
+# Each set bit represents a character property.
+
+# RFC2253 character properties
+my $RFC2253_ESC = 1;	# Character escaped with \
+my $ESC_CTRL	= 2;	# Escaped control character
+# These are used with RFC1779 quoting using "
+my $NOESC_QUOTE	= 8;	# Not escaped if quoted
+my $PSTRING_CHAR = 0x10;	# Valid PrintableString character
+my $RFC2253_FIRST_ESC = 0x20; # Escaped with \ if first character
+my $RFC2253_LAST_ESC = 0x40;  # Escaped with \ if last character
+my $RFC2254_ESC = 0x400;	# Character escaped \XX
+my $HOST_ANY = 0x1000;      # Valid hostname character anywhere in label
+my $HOST_DOT = 0x2000;  # Dot: hostname label separator
+my $HOST_HYPHEN = 0x4000; # Hyphen: not valid at start or end.
+my $HOST_WILD = 0x8000; # Wildcard character
+
+for($i = 0; $i < 128; $i++) {
+	# Set the RFC2253 escape characters (control)
+	$arr[$i] = 0;
+	if(($i < 32) || ($i > 126)) {
+		$arr[$i] |= $ESC_CTRL;
+	}
+
+	# Some PrintableString characters
+	if(		   ( ( $i >= ord("a")) && ( $i <= ord("z")) )
+			|| (  ( $i >= ord("A")) && ( $i <= ord("Z")) )
+			|| (  ( $i >= ord("0")) && ( $i <= ord("9")) )  ) {
+		$arr[$i] |= $PSTRING_CHAR | $HOST_ANY;
+	}
+}
+
+# Now setup the rest
+
+# Remaining RFC2253 escaped characters
+
+$arr[ord(" ")] |= $NOESC_QUOTE | $RFC2253_FIRST_ESC | $RFC2253_LAST_ESC;
+$arr[ord("#")] |= $NOESC_QUOTE | $RFC2253_FIRST_ESC;
+
+$arr[ord(",")] |= $NOESC_QUOTE | $RFC2253_ESC;
+$arr[ord("+")] |= $NOESC_QUOTE | $RFC2253_ESC;
+$arr[ord("\"")] |= $RFC2253_ESC;
+$arr[ord("\\")] |= $RFC2253_ESC;
+$arr[ord("<")] |= $NOESC_QUOTE | $RFC2253_ESC;
+$arr[ord(">")] |= $NOESC_QUOTE | $RFC2253_ESC;
+$arr[ord(";")] |= $NOESC_QUOTE | $RFC2253_ESC;
+
+# Remaining RFC2254 characters
+
+$arr[0] |= $RFC2254_ESC;
+$arr[ord("(")] |= $RFC2254_ESC;
+$arr[ord(")")] |= $RFC2254_ESC;
+$arr[ord("*")] |= $RFC2254_ESC | $HOST_WILD;
+$arr[ord("\\")] |= $RFC2254_ESC;
+
+# Remaining PrintableString characters
+
+$arr[ord(" ")] |= $PSTRING_CHAR;
+$arr[ord("'")] |= $PSTRING_CHAR;
+$arr[ord("(")] |= $PSTRING_CHAR;
+$arr[ord(")")] |= $PSTRING_CHAR;
+$arr[ord("+")] |= $PSTRING_CHAR;
+$arr[ord(",")] |= $PSTRING_CHAR;
+$arr[ord("-")] |= $PSTRING_CHAR | $HOST_HYPHEN;
+$arr[ord(".")] |= $PSTRING_CHAR | $HOST_DOT;
+$arr[ord("/")] |= $PSTRING_CHAR;
+$arr[ord(":")] |= $PSTRING_CHAR;
+$arr[ord("=")] |= $PSTRING_CHAR;
+$arr[ord("?")] |= $PSTRING_CHAR;
+
+# Now generate the C code
+
+# Output year depends on the year of the script.
+my $YEAR = [localtime([stat($0)]->[9])]->[5] + 1900;
+print <<EOF;
+/*
+ * WARNING: do not edit!
+ * Generated by crypto/asn1/charmap.pl
+ *
+ * Copyright 2000-$YEAR The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#define CHARTYPE_HOST_ANY $HOST_ANY
+#define CHARTYPE_HOST_DOT $HOST_DOT
+#define CHARTYPE_HOST_HYPHEN $HOST_HYPHEN
+#define CHARTYPE_HOST_WILD $HOST_WILD
+
+/*
+ * Mask of various character properties
+ */
+
+static const unsigned short char_type[] = {
+EOF
+
+print "   ";
+for($i = 0; $i < 128; $i++) {
+	print("\n   ") if($i && (($i % 12) == 0));
+	printf(" %4d", $arr[$i]);
+	print(",") if ($i != 127);
+}
+print("\n};\n");
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/d2i_pr.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/d2i_pr.c
new file mode 100644
index 000000000..aa0d6ad6a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/d2i_pr.c
@@ -0,0 +1,125 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/engine.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
+
+EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
+                         long length)
+{
+    EVP_PKEY *ret;
+    const unsigned char *p = *pp;
+
+    if ((a == NULL) || (*a == NULL)) {
+        if ((ret = EVP_PKEY_new()) == NULL) {
+            ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_EVP_LIB);
+            return NULL;
+        }
+    } else {
+        ret = *a;
+#ifndef OPENSSL_NO_ENGINE
+        ENGINE_finish(ret->engine);
+        ret->engine = NULL;
+#endif
+    }
+
+    if (!EVP_PKEY_set_type(ret, type)) {
+        ASN1err(ASN1_F_D2I_PRIVATEKEY, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
+        goto err;
+    }
+
+    if (!ret->ameth->old_priv_decode ||
+        !ret->ameth->old_priv_decode(ret, &p, length)) {
+        if (ret->ameth->priv_decode) {
+            EVP_PKEY *tmp;
+            PKCS8_PRIV_KEY_INFO *p8 = NULL;
+            p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
+            if (!p8)
+                goto err;
+            tmp = EVP_PKCS82PKEY(p8);
+            PKCS8_PRIV_KEY_INFO_free(p8);
+            if (tmp == NULL)
+                goto err;
+            EVP_PKEY_free(ret);
+            ret = tmp;
+        } else {
+            ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB);
+            goto err;
+        }
+    }
+    *pp = p;
+    if (a != NULL)
+        (*a) = ret;
+    return ret;
+ err:
+    if (a == NULL || *a != ret)
+        EVP_PKEY_free(ret);
+    return NULL;
+}
+
+/*
+ * This works like d2i_PrivateKey() except it automatically works out the
+ * type
+ */
+
+EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
+                             long length)
+{
+    STACK_OF(ASN1_TYPE) *inkey;
+    const unsigned char *p;
+    int keytype;
+    p = *pp;
+    /*
+     * Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE): by
+     * analyzing it we can determine the passed structure: this assumes the
+     * input is surrounded by an ASN1 SEQUENCE.
+     */
+    inkey = d2i_ASN1_SEQUENCE_ANY(NULL, &p, length);
+    p = *pp;
+    /*
+     * Since we only need to discern "traditional format" RSA and DSA keys we
+     * can just count the elements.
+     */
+    if (sk_ASN1_TYPE_num(inkey) == 6)
+        keytype = EVP_PKEY_DSA;
+    else if (sk_ASN1_TYPE_num(inkey) == 4)
+        keytype = EVP_PKEY_EC;
+    else if (sk_ASN1_TYPE_num(inkey) == 3) { /* This seems to be PKCS8, not
+                                              * traditional format */
+        PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
+        EVP_PKEY *ret;
+
+        sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
+        if (!p8) {
+            ASN1err(ASN1_F_D2I_AUTOPRIVATEKEY,
+                    ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
+            return NULL;
+        }
+        ret = EVP_PKCS82PKEY(p8);
+        PKCS8_PRIV_KEY_INFO_free(p8);
+        if (ret == NULL)
+            return NULL;
+        *pp = p;
+        if (a) {
+            *a = ret;
+        }
+        return ret;
+    } else
+        keytype = EVP_PKEY_RSA;
+    sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
+    return d2i_PrivateKey(keytype, a, pp, length);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/d2i_pu.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/d2i_pu.c
new file mode 100644
index 000000000..7bc16c7bc
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/d2i_pu.c
@@ -0,0 +1,77 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/asn1.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/ec.h>
+
+#include "internal/evp_int.h"
+
+EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
+                        long length)
+{
+    EVP_PKEY *ret;
+
+    if ((a == NULL) || (*a == NULL)) {
+        if ((ret = EVP_PKEY_new()) == NULL) {
+            ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_EVP_LIB);
+            return NULL;
+        }
+    } else
+        ret = *a;
+
+    if (type != EVP_PKEY_id(ret) && !EVP_PKEY_set_type(ret, type)) {
+        ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_EVP_LIB);
+        goto err;
+    }
+
+    switch (EVP_PKEY_id(ret)) {
+#ifndef OPENSSL_NO_RSA
+    case EVP_PKEY_RSA:
+        if ((ret->pkey.rsa = d2i_RSAPublicKey(NULL, pp, length)) == NULL) {
+            ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB);
+            goto err;
+        }
+        break;
+#endif
+#ifndef OPENSSL_NO_DSA
+    case EVP_PKEY_DSA:
+        /* TMP UGLY CAST */
+        if (!d2i_DSAPublicKey(&ret->pkey.dsa, pp, length)) {
+            ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB);
+            goto err;
+        }
+        break;
+#endif
+#ifndef OPENSSL_NO_EC
+    case EVP_PKEY_EC:
+        if (!o2i_ECPublicKey(&ret->pkey.ec, pp, length)) {
+            ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB);
+            goto err;
+        }
+        break;
+#endif
+    default:
+        ASN1err(ASN1_F_D2I_PUBLICKEY, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
+        goto err;
+    }
+    if (a != NULL)
+        (*a) = ret;
+    return ret;
+ err:
+    if (a == NULL || *a != ret)
+        EVP_PKEY_free(ret);
+    return NULL;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/evp_asn1.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/evp_asn1.c
new file mode 100644
index 000000000..895085a52
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/evp_asn1.c
@@ -0,0 +1,115 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+
+int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len)
+{
+    ASN1_STRING *os;
+
+    if ((os = ASN1_OCTET_STRING_new()) == NULL)
+        return 0;
+    if (!ASN1_OCTET_STRING_set(os, data, len)) {
+        ASN1_OCTET_STRING_free(os);
+        return 0;
+    }
+    ASN1_TYPE_set(a, V_ASN1_OCTET_STRING, os);
+    return 1;
+}
+
+/* int max_len:  for returned value    */
+int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_len)
+{
+    int ret, num;
+    const unsigned char *p;
+
+    if ((a->type != V_ASN1_OCTET_STRING) || (a->value.octet_string == NULL)) {
+        ASN1err(ASN1_F_ASN1_TYPE_GET_OCTETSTRING, ASN1_R_DATA_IS_WRONG);
+        return -1;
+    }
+    p = ASN1_STRING_get0_data(a->value.octet_string);
+    ret = ASN1_STRING_length(a->value.octet_string);
+    if (ret < max_len)
+        num = ret;
+    else
+        num = max_len;
+    memcpy(data, p, num);
+    return ret;
+}
+
+typedef struct {
+    int32_t num;
+    ASN1_OCTET_STRING *oct;
+} asn1_int_oct;
+
+ASN1_SEQUENCE(asn1_int_oct) = {
+        ASN1_EMBED(asn1_int_oct, num, INT32),
+        ASN1_SIMPLE(asn1_int_oct, oct, ASN1_OCTET_STRING)
+} static_ASN1_SEQUENCE_END(asn1_int_oct)
+
+DECLARE_ASN1_ITEM(asn1_int_oct)
+
+int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, unsigned char *data,
+                                  int len)
+{
+    asn1_int_oct atmp;
+    ASN1_OCTET_STRING oct;
+
+    atmp.num = num;
+    atmp.oct = &oct;
+    oct.data = data;
+    oct.type = V_ASN1_OCTET_STRING;
+    oct.length = len;
+    oct.flags = 0;
+
+    if (ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(asn1_int_oct), &atmp, &a))
+        return 1;
+    return 0;
+}
+
+/*
+ * we return the actual length...
+ */
+/* int max_len:  for returned value    */
+int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
+                                  unsigned char *data, int max_len)
+{
+    asn1_int_oct *atmp = NULL;
+    int ret = -1, n;
+
+    if ((a->type != V_ASN1_SEQUENCE) || (a->value.sequence == NULL)) {
+        goto err;
+    }
+
+    atmp = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(asn1_int_oct), a);
+
+    if (atmp == NULL)
+        goto err;
+
+    if (num != NULL)
+        *num = atmp->num;
+
+    ret = ASN1_STRING_length(atmp->oct);
+    if (max_len > ret)
+        n = ret;
+    else
+        n = max_len;
+
+    if (data != NULL)
+        memcpy(data, ASN1_STRING_get0_data(atmp->oct), n);
+    if (ret == -1) {
+ err:
+        ASN1err(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING, ASN1_R_DATA_IS_WRONG);
+    }
+    M_ASN1_free_of(atmp, asn1_int_oct);
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/f_int.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/f_int.c
new file mode 100644
index 000000000..6d6bddc65
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/f_int.c
@@ -0,0 +1,156 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/ctype.h"
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
+
+int i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a)
+{
+    int i, n = 0;
+    static const char *h = "0123456789ABCDEF";
+    char buf[2];
+
+    if (a == NULL)
+        return 0;
+
+    if (a->type & V_ASN1_NEG) {
+        if (BIO_write(bp, "-", 1) != 1)
+            goto err;
+        n = 1;
+    }
+
+    if (a->length == 0) {
+        if (BIO_write(bp, "00", 2) != 2)
+            goto err;
+        n += 2;
+    } else {
+        for (i = 0; i < a->length; i++) {
+            if ((i != 0) && (i % 35 == 0)) {
+                if (BIO_write(bp, "\\\n", 2) != 2)
+                    goto err;
+                n += 2;
+            }
+            buf[0] = h[((unsigned char)a->data[i] >> 4) & 0x0f];
+            buf[1] = h[((unsigned char)a->data[i]) & 0x0f];
+            if (BIO_write(bp, buf, 2) != 2)
+                goto err;
+            n += 2;
+        }
+    }
+    return n;
+ err:
+    return -1;
+}
+
+int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size)
+{
+    int i, j, k, m, n, again, bufsize;
+    unsigned char *s = NULL, *sp;
+    unsigned char *bufp;
+    int num = 0, slen = 0, first = 1;
+
+    bs->type = V_ASN1_INTEGER;
+
+    bufsize = BIO_gets(bp, buf, size);
+    for (;;) {
+        if (bufsize < 1)
+            goto err;
+        i = bufsize;
+        if (buf[i - 1] == '\n')
+            buf[--i] = '\0';
+        if (i == 0)
+            goto err;
+        if (buf[i - 1] == '\r')
+            buf[--i] = '\0';
+        if (i == 0)
+            goto err;
+        again = (buf[i - 1] == '\\');
+
+        for (j = 0; j < i; j++) {
+            if (!ossl_isxdigit(buf[j]))
+            {
+                i = j;
+                break;
+            }
+        }
+        buf[i] = '\0';
+        /*
+         * We have now cleared all the crap off the end of the line
+         */
+        if (i < 2)
+            goto err;
+
+        bufp = (unsigned char *)buf;
+        if (first) {
+            first = 0;
+            if ((bufp[0] == '0') && (bufp[1] == '0')) {
+                bufp += 2;
+                i -= 2;
+            }
+        }
+        k = 0;
+        i -= again;
+        if (i % 2 != 0) {
+            ASN1err(ASN1_F_A2I_ASN1_INTEGER, ASN1_R_ODD_NUMBER_OF_CHARS);
+            OPENSSL_free(s);
+            return 0;
+        }
+        i /= 2;
+        if (num + i > slen) {
+            sp = OPENSSL_clear_realloc(s, slen, num + i * 2);
+            if (sp == NULL) {
+                ASN1err(ASN1_F_A2I_ASN1_INTEGER, ERR_R_MALLOC_FAILURE);
+                OPENSSL_free(s);
+                return 0;
+            }
+            s = sp;
+            slen = num + i * 2;
+        }
+        for (j = 0; j < i; j++, k += 2) {
+            for (n = 0; n < 2; n++) {
+                m = OPENSSL_hexchar2int(bufp[k + n]);
+                if (m < 0) {
+                    ASN1err(ASN1_F_A2I_ASN1_INTEGER,
+                            ASN1_R_NON_HEX_CHARACTERS);
+                    goto err;
+                }
+                s[num + j] <<= 4;
+                s[num + j] |= m;
+            }
+        }
+        num += i;
+        if (again)
+            bufsize = BIO_gets(bp, buf, size);
+        else
+            break;
+    }
+    bs->length = num;
+    bs->data = s;
+    return 1;
+ err:
+    ASN1err(ASN1_F_A2I_ASN1_INTEGER, ASN1_R_SHORT_LINE);
+    OPENSSL_free(s);
+    return 0;
+}
+
+int i2a_ASN1_ENUMERATED(BIO *bp, const ASN1_ENUMERATED *a)
+{
+    return i2a_ASN1_INTEGER(bp, a);
+}
+
+int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size)
+{
+    int rv = a2i_ASN1_INTEGER(bp, bs, buf, size);
+    if (rv == 1)
+        bs->type = V_ASN1_INTEGER | (bs->type & V_ASN1_NEG);
+    return rv;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/f_string.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/f_string.c
new file mode 100644
index 000000000..f893489a6
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/f_string.c
@@ -0,0 +1,136 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/ctype.h"
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
+
+int i2a_ASN1_STRING(BIO *bp, const ASN1_STRING *a, int type)
+{
+    int i, n = 0;
+    static const char *h = "0123456789ABCDEF";
+    char buf[2];
+
+    if (a == NULL)
+        return 0;
+
+    if (a->length == 0) {
+        if (BIO_write(bp, "0", 1) != 1)
+            goto err;
+        n = 1;
+    } else {
+        for (i = 0; i < a->length; i++) {
+            if ((i != 0) && (i % 35 == 0)) {
+                if (BIO_write(bp, "\\\n", 2) != 2)
+                    goto err;
+                n += 2;
+            }
+            buf[0] = h[((unsigned char)a->data[i] >> 4) & 0x0f];
+            buf[1] = h[((unsigned char)a->data[i]) & 0x0f];
+            if (BIO_write(bp, buf, 2) != 2)
+                goto err;
+            n += 2;
+        }
+    }
+    return n;
+ err:
+    return -1;
+}
+
+int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size)
+{
+    int i, j, k, m, n, again, bufsize;
+    unsigned char *s = NULL, *sp;
+    unsigned char *bufp;
+    int num = 0, slen = 0, first = 1;
+
+    bufsize = BIO_gets(bp, buf, size);
+    for (;;) {
+        if (bufsize < 1) {
+            if (first)
+                break;
+            else
+                goto err;
+        }
+        first = 0;
+
+        i = bufsize;
+        if (buf[i - 1] == '\n')
+            buf[--i] = '\0';
+        if (i == 0)
+            goto err;
+        if (buf[i - 1] == '\r')
+            buf[--i] = '\0';
+        if (i == 0)
+            goto err;
+        again = (buf[i - 1] == '\\');
+
+        for (j = i - 1; j > 0; j--) {
+            if (!ossl_isxdigit(buf[j])) {
+                i = j;
+                break;
+            }
+        }
+        buf[i] = '\0';
+        /*
+         * We have now cleared all the crap off the end of the line
+         */
+        if (i < 2)
+            goto err;
+
+        bufp = (unsigned char *)buf;
+
+        k = 0;
+        i -= again;
+        if (i % 2 != 0) {
+            ASN1err(ASN1_F_A2I_ASN1_STRING, ASN1_R_ODD_NUMBER_OF_CHARS);
+            OPENSSL_free(s);
+            return 0;
+        }
+        i /= 2;
+        if (num + i > slen) {
+            sp = OPENSSL_realloc(s, (unsigned int)num + i * 2);
+            if (sp == NULL) {
+                ASN1err(ASN1_F_A2I_ASN1_STRING, ERR_R_MALLOC_FAILURE);
+                OPENSSL_free(s);
+                return 0;
+            }
+            s = sp;
+            slen = num + i * 2;
+        }
+        for (j = 0; j < i; j++, k += 2) {
+            for (n = 0; n < 2; n++) {
+                m = OPENSSL_hexchar2int(bufp[k + n]);
+                if (m < 0) {
+                    ASN1err(ASN1_F_A2I_ASN1_STRING,
+                            ASN1_R_NON_HEX_CHARACTERS);
+                    OPENSSL_free(s);
+                    return 0;
+                }
+                s[num + j] <<= 4;
+                s[num + j] |= m;
+            }
+        }
+        num += i;
+        if (again)
+            bufsize = BIO_gets(bp, buf, size);
+        else
+            break;
+    }
+    bs->length = num;
+    bs->data = s;
+    return 1;
+
+ err:
+    ASN1err(ASN1_F_A2I_ASN1_STRING, ASN1_R_SHORT_LINE);
+    OPENSSL_free(s);
+    return 0;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/i2d_pr.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/i2d_pr.c
new file mode 100644
index 000000000..445b0c842
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/i2d_pr.c
@@ -0,0 +1,33 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
+
+int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)
+{
+    if (a->ameth && a->ameth->old_priv_encode) {
+        return a->ameth->old_priv_encode(a, pp);
+    }
+    if (a->ameth && a->ameth->priv_encode) {
+        PKCS8_PRIV_KEY_INFO *p8 = EVP_PKEY2PKCS8(a);
+        int ret = 0;
+        if (p8 != NULL) {
+            ret = i2d_PKCS8_PRIV_KEY_INFO(p8, pp);
+            PKCS8_PRIV_KEY_INFO_free(p8);
+        }
+        return ret;
+    }
+    ASN1err(ASN1_F_I2D_PRIVATEKEY, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
+    return -1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/i2d_pu.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/i2d_pu.c
new file mode 100644
index 000000000..8986c43cb
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/i2d_pu.c
@@ -0,0 +1,38 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/ec.h>
+
+int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp)
+{
+    switch (EVP_PKEY_id(a)) {
+#ifndef OPENSSL_NO_RSA
+    case EVP_PKEY_RSA:
+        return i2d_RSAPublicKey(EVP_PKEY_get0_RSA(a), pp);
+#endif
+#ifndef OPENSSL_NO_DSA
+    case EVP_PKEY_DSA:
+        return i2d_DSAPublicKey(EVP_PKEY_get0_DSA(a), pp);
+#endif
+#ifndef OPENSSL_NO_EC
+    case EVP_PKEY_EC:
+        return i2o_ECPublicKey(EVP_PKEY_get0_EC_KEY(a), pp);
+#endif
+    default:
+        ASN1err(ASN1_F_I2D_PUBLICKEY, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
+        return -1;
+    }
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/n_pkey.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/n_pkey.c
new file mode 100644
index 000000000..d1fb8a146
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/n_pkey.c
@@ -0,0 +1,62 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "openssl/opensslconf.h"
+#ifdef OPENSSL_NO_RSA
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include "internal/cryptlib.h"
+# include <stdio.h>
+# include <openssl/rsa.h>
+# include <openssl/objects.h>
+# include <openssl/asn1t.h>
+# include <openssl/evp.h>
+# include <openssl/x509.h>
+
+# ifndef OPENSSL_NO_RC4
+
+typedef struct netscape_pkey_st {
+    int32_t version;
+    X509_ALGOR *algor;
+    ASN1_OCTET_STRING *private_key;
+} NETSCAPE_PKEY;
+
+typedef struct netscape_encrypted_pkey_st {
+    ASN1_OCTET_STRING *os;
+    /*
+     * This is the same structure as DigestInfo so use it: although this
+     * isn't really anything to do with digests.
+     */
+    X509_SIG *enckey;
+} NETSCAPE_ENCRYPTED_PKEY;
+
+
+ASN1_BROKEN_SEQUENCE(NETSCAPE_ENCRYPTED_PKEY) = {
+        ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, os, ASN1_OCTET_STRING),
+        ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, enckey, X509_SIG)
+} static_ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY)
+
+DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY,NETSCAPE_ENCRYPTED_PKEY)
+IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
+
+ASN1_SEQUENCE(NETSCAPE_PKEY) = {
+        ASN1_EMBED(NETSCAPE_PKEY, version, INT32),
+        ASN1_SIMPLE(NETSCAPE_PKEY, algor, X509_ALGOR),
+        ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING)
+} static_ASN1_SEQUENCE_END(NETSCAPE_PKEY)
+
+DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_PKEY,NETSCAPE_PKEY)
+IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
+
+# endif                         /* OPENSSL_NO_RC4 */
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/nsseq.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/nsseq.c
new file mode 100644
index 000000000..c7baf40d3
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/nsseq.c
@@ -0,0 +1,34 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+
+static int nsseq_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                    void *exarg)
+{
+    if (operation == ASN1_OP_NEW_POST) {
+        NETSCAPE_CERT_SEQUENCE *nsseq;
+        nsseq = (NETSCAPE_CERT_SEQUENCE *)*pval;
+        nsseq->type = OBJ_nid2obj(NID_netscape_cert_sequence);
+    }
+    return 1;
+}
+
+/* Netscape certificate sequence structure */
+
+ASN1_SEQUENCE_cb(NETSCAPE_CERT_SEQUENCE, nsseq_cb) = {
+        ASN1_SIMPLE(NETSCAPE_CERT_SEQUENCE, type, ASN1_OBJECT),
+        ASN1_EXP_SEQUENCE_OF_OPT(NETSCAPE_CERT_SEQUENCE, certs, X509, 0)
+} ASN1_SEQUENCE_END_cb(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE)
+
+IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE)
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/p5_pbe.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/p5_pbe.c
new file mode 100644
index 000000000..ab7e16898
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/p5_pbe.c
@@ -0,0 +1,96 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/rand.h>
+
+/* PKCS#5 password based encryption structure */
+
+ASN1_SEQUENCE(PBEPARAM) = {
+        ASN1_SIMPLE(PBEPARAM, salt, ASN1_OCTET_STRING),
+        ASN1_SIMPLE(PBEPARAM, iter, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(PBEPARAM)
+
+IMPLEMENT_ASN1_FUNCTIONS(PBEPARAM)
+
+/* Set an algorithm identifier for a PKCS#5 PBE algorithm */
+
+int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
+                         const unsigned char *salt, int saltlen)
+{
+    PBEPARAM *pbe = NULL;
+    ASN1_STRING *pbe_str = NULL;
+    unsigned char *sstr = NULL;
+
+    pbe = PBEPARAM_new();
+    if (pbe == NULL) {
+        ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (iter <= 0)
+        iter = PKCS5_DEFAULT_ITER;
+    if (!ASN1_INTEGER_set(pbe->iter, iter)) {
+        ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (!saltlen)
+        saltlen = PKCS5_SALT_LEN;
+
+    sstr = OPENSSL_malloc(saltlen);
+    if (sstr == NULL) {
+        ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (salt)
+        memcpy(sstr, salt, saltlen);
+    else if (RAND_bytes(sstr, saltlen) <= 0)
+        goto err;
+
+    ASN1_STRING_set0(pbe->salt, sstr, saltlen);
+    sstr = NULL;
+
+    if (!ASN1_item_pack(pbe, ASN1_ITEM_rptr(PBEPARAM), &pbe_str)) {
+        ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    PBEPARAM_free(pbe);
+    pbe = NULL;
+
+    if (X509_ALGOR_set0(algor, OBJ_nid2obj(alg), V_ASN1_SEQUENCE, pbe_str))
+        return 1;
+
+ err:
+    OPENSSL_free(sstr);
+    PBEPARAM_free(pbe);
+    ASN1_STRING_free(pbe_str);
+    return 0;
+}
+
+/* Return an algorithm identifier for a PKCS#5 PBE algorithm */
+
+X509_ALGOR *PKCS5_pbe_set(int alg, int iter,
+                          const unsigned char *salt, int saltlen)
+{
+    X509_ALGOR *ret;
+    ret = X509_ALGOR_new();
+    if (ret == NULL) {
+        ASN1err(ASN1_F_PKCS5_PBE_SET, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if (PKCS5_pbe_set0_algor(ret, alg, iter, salt, saltlen))
+        return ret;
+
+    X509_ALGOR_free(ret);
+    return NULL;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/p5_pbev2.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/p5_pbev2.c
new file mode 100644
index 000000000..f91ba08f1
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/p5_pbev2.c
@@ -0,0 +1,221 @@
+/*
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/rand.h>
+
+/* PKCS#5 v2.0 password based encryption structures */
+
+ASN1_SEQUENCE(PBE2PARAM) = {
+        ASN1_SIMPLE(PBE2PARAM, keyfunc, X509_ALGOR),
+        ASN1_SIMPLE(PBE2PARAM, encryption, X509_ALGOR)
+} ASN1_SEQUENCE_END(PBE2PARAM)
+
+IMPLEMENT_ASN1_FUNCTIONS(PBE2PARAM)
+
+ASN1_SEQUENCE(PBKDF2PARAM) = {
+        ASN1_SIMPLE(PBKDF2PARAM, salt, ASN1_ANY),
+        ASN1_SIMPLE(PBKDF2PARAM, iter, ASN1_INTEGER),
+        ASN1_OPT(PBKDF2PARAM, keylength, ASN1_INTEGER),
+        ASN1_OPT(PBKDF2PARAM, prf, X509_ALGOR)
+} ASN1_SEQUENCE_END(PBKDF2PARAM)
+
+IMPLEMENT_ASN1_FUNCTIONS(PBKDF2PARAM)
+
+/*
+ * Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm: yes I know
+ * this is horrible! Extended version to allow application supplied PRF NID
+ * and IV.
+ */
+
+X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
+                              unsigned char *salt, int saltlen,
+                              unsigned char *aiv, int prf_nid)
+{
+    X509_ALGOR *scheme = NULL, *ret = NULL;
+    int alg_nid, keylen;
+    EVP_CIPHER_CTX *ctx = NULL;
+    unsigned char iv[EVP_MAX_IV_LENGTH];
+    PBE2PARAM *pbe2 = NULL;
+
+    alg_nid = EVP_CIPHER_type(cipher);
+    if (alg_nid == NID_undef) {
+        ASN1err(ASN1_F_PKCS5_PBE2_SET_IV,
+                ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
+        goto err;
+    }
+
+    if ((pbe2 = PBE2PARAM_new()) == NULL)
+        goto merr;
+
+    /* Setup the AlgorithmIdentifier for the encryption scheme */
+    scheme = pbe2->encryption;
+    scheme->algorithm = OBJ_nid2obj(alg_nid);
+    if ((scheme->parameter = ASN1_TYPE_new()) == NULL)
+        goto merr;
+
+    /* Create random IV */
+    if (EVP_CIPHER_iv_length(cipher)) {
+        if (aiv)
+            memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher));
+        else if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) <= 0)
+            goto err;
+    }
+
+    ctx = EVP_CIPHER_CTX_new();
+    if (ctx == NULL)
+        goto merr;
+
+    /* Dummy cipherinit to just setup the IV, and PRF */
+    if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, iv, 0))
+        goto err;
+    if (EVP_CIPHER_param_to_asn1(ctx, scheme->parameter) <= 0) {
+        ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
+        goto err;
+    }
+    /*
+     * If prf NID unspecified see if cipher has a preference. An error is OK
+     * here: just means use default PRF.
+     */
+    if ((prf_nid == -1) &&
+        EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) {
+        ERR_clear_error();
+        prf_nid = NID_hmacWithSHA256;
+    }
+    EVP_CIPHER_CTX_free(ctx);
+    ctx = NULL;
+
+    /* If its RC2 then we'd better setup the key length */
+
+    if (alg_nid == NID_rc2_cbc)
+        keylen = EVP_CIPHER_key_length(cipher);
+    else
+        keylen = -1;
+
+    /* Setup keyfunc */
+
+    X509_ALGOR_free(pbe2->keyfunc);
+
+    pbe2->keyfunc = PKCS5_pbkdf2_set(iter, salt, saltlen, prf_nid, keylen);
+
+    if (!pbe2->keyfunc)
+        goto merr;
+
+    /* Now set up top level AlgorithmIdentifier */
+
+    if ((ret = X509_ALGOR_new()) == NULL)
+        goto merr;
+
+    ret->algorithm = OBJ_nid2obj(NID_pbes2);
+
+    /* Encode PBE2PARAM into parameter */
+
+    if (!ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(PBE2PARAM), pbe2,
+                                 &ret->parameter))
+         goto merr;
+
+    PBE2PARAM_free(pbe2);
+    pbe2 = NULL;
+
+    return ret;
+
+ merr:
+    ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ERR_R_MALLOC_FAILURE);
+
+ err:
+    EVP_CIPHER_CTX_free(ctx);
+    PBE2PARAM_free(pbe2);
+    /* Note 'scheme' is freed as part of pbe2 */
+    X509_ALGOR_free(ret);
+
+    return NULL;
+}
+
+X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
+                           unsigned char *salt, int saltlen)
+{
+    return PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, -1);
+}
+
+X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
+                             int prf_nid, int keylen)
+{
+    X509_ALGOR *keyfunc = NULL;
+    PBKDF2PARAM *kdf = NULL;
+    ASN1_OCTET_STRING *osalt = NULL;
+
+    if ((kdf = PBKDF2PARAM_new()) == NULL)
+        goto merr;
+    if ((osalt = ASN1_OCTET_STRING_new()) == NULL)
+        goto merr;
+
+    kdf->salt->value.octet_string = osalt;
+    kdf->salt->type = V_ASN1_OCTET_STRING;
+
+    if (saltlen == 0)
+        saltlen = PKCS5_SALT_LEN;
+    if ((osalt->data = OPENSSL_malloc(saltlen)) == NULL)
+        goto merr;
+
+    osalt->length = saltlen;
+
+    if (salt)
+        memcpy(osalt->data, salt, saltlen);
+    else if (RAND_bytes(osalt->data, saltlen) <= 0)
+        goto merr;
+
+    if (iter <= 0)
+        iter = PKCS5_DEFAULT_ITER;
+
+    if (!ASN1_INTEGER_set(kdf->iter, iter))
+        goto merr;
+
+    /* If have a key len set it up */
+
+    if (keylen > 0) {
+        if ((kdf->keylength = ASN1_INTEGER_new()) == NULL)
+            goto merr;
+        if (!ASN1_INTEGER_set(kdf->keylength, keylen))
+            goto merr;
+    }
+
+    /* prf can stay NULL if we are using hmacWithSHA1 */
+    if (prf_nid > 0 && prf_nid != NID_hmacWithSHA1) {
+        kdf->prf = X509_ALGOR_new();
+        if (kdf->prf == NULL)
+            goto merr;
+        X509_ALGOR_set0(kdf->prf, OBJ_nid2obj(prf_nid), V_ASN1_NULL, NULL);
+    }
+
+    /* Finally setup the keyfunc structure */
+
+    keyfunc = X509_ALGOR_new();
+    if (keyfunc == NULL)
+        goto merr;
+
+    keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2);
+
+    /* Encode PBKDF2PARAM into parameter of pbe2 */
+
+    if (!ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(PBKDF2PARAM), kdf,
+                                 &keyfunc->parameter))
+         goto merr;
+
+    PBKDF2PARAM_free(kdf);
+    return keyfunc;
+
+ merr:
+    ASN1err(ASN1_F_PKCS5_PBKDF2_SET, ERR_R_MALLOC_FAILURE);
+    PBKDF2PARAM_free(kdf);
+    X509_ALGOR_free(keyfunc);
+    return NULL;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/p5_scrypt.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/p5_scrypt.c
new file mode 100644
index 000000000..1491d96ec
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/p5_scrypt.c
@@ -0,0 +1,274 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/rand.h>
+
+#ifndef OPENSSL_NO_SCRYPT
+/* PKCS#5 scrypt password based encryption structures */
+
+ASN1_SEQUENCE(SCRYPT_PARAMS) = {
+        ASN1_SIMPLE(SCRYPT_PARAMS, salt, ASN1_OCTET_STRING),
+        ASN1_SIMPLE(SCRYPT_PARAMS, costParameter, ASN1_INTEGER),
+        ASN1_SIMPLE(SCRYPT_PARAMS, blockSize, ASN1_INTEGER),
+        ASN1_SIMPLE(SCRYPT_PARAMS, parallelizationParameter, ASN1_INTEGER),
+        ASN1_OPT(SCRYPT_PARAMS, keyLength, ASN1_INTEGER),
+} ASN1_SEQUENCE_END(SCRYPT_PARAMS)
+
+IMPLEMENT_ASN1_FUNCTIONS(SCRYPT_PARAMS)
+
+static X509_ALGOR *pkcs5_scrypt_set(const unsigned char *salt, size_t saltlen,
+                                    size_t keylen, uint64_t N, uint64_t r,
+                                    uint64_t p);
+
+/*
+ * Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm using scrypt
+ */
+
+X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher,
+                                  const unsigned char *salt, int saltlen,
+                                  unsigned char *aiv, uint64_t N, uint64_t r,
+                                  uint64_t p)
+{
+    X509_ALGOR *scheme = NULL, *ret = NULL;
+    int alg_nid;
+    size_t keylen = 0;
+    EVP_CIPHER_CTX *ctx = NULL;
+    unsigned char iv[EVP_MAX_IV_LENGTH];
+    PBE2PARAM *pbe2 = NULL;
+
+    if (!cipher) {
+        ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT, ERR_R_PASSED_NULL_PARAMETER);
+        goto err;
+    }
+
+    if (EVP_PBE_scrypt(NULL, 0, NULL, 0, N, r, p, 0, NULL, 0) == 0) {
+        ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT,
+                ASN1_R_INVALID_SCRYPT_PARAMETERS);
+        goto err;
+    }
+
+    alg_nid = EVP_CIPHER_type(cipher);
+    if (alg_nid == NID_undef) {
+        ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT,
+                ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
+        goto err;
+    }
+
+    pbe2 = PBE2PARAM_new();
+    if (pbe2 == NULL)
+        goto merr;
+
+    /* Setup the AlgorithmIdentifier for the encryption scheme */
+    scheme = pbe2->encryption;
+
+    scheme->algorithm = OBJ_nid2obj(alg_nid);
+    scheme->parameter = ASN1_TYPE_new();
+    if (scheme->parameter == NULL)
+        goto merr;
+
+    /* Create random IV */
+    if (EVP_CIPHER_iv_length(cipher)) {
+        if (aiv)
+            memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher));
+        else if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) <= 0)
+            goto err;
+    }
+
+    ctx = EVP_CIPHER_CTX_new();
+    if (ctx == NULL)
+        goto merr;
+
+    /* Dummy cipherinit to just setup the IV */
+    if (EVP_CipherInit_ex(ctx, cipher, NULL, NULL, iv, 0) == 0)
+        goto err;
+    if (EVP_CIPHER_param_to_asn1(ctx, scheme->parameter) <= 0) {
+        ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT,
+                ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
+        goto err;
+    }
+    EVP_CIPHER_CTX_free(ctx);
+    ctx = NULL;
+
+    /* If its RC2 then we'd better setup the key length */
+
+    if (alg_nid == NID_rc2_cbc)
+        keylen = EVP_CIPHER_key_length(cipher);
+
+    /* Setup keyfunc */
+
+    X509_ALGOR_free(pbe2->keyfunc);
+
+    pbe2->keyfunc = pkcs5_scrypt_set(salt, saltlen, keylen, N, r, p);
+
+    if (pbe2->keyfunc == NULL)
+        goto merr;
+
+    /* Now set up top level AlgorithmIdentifier */
+
+    ret = X509_ALGOR_new();
+    if (ret == NULL)
+        goto merr;
+
+    ret->algorithm = OBJ_nid2obj(NID_pbes2);
+
+    /* Encode PBE2PARAM into parameter */
+
+    if (ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(PBE2PARAM), pbe2,
+                                &ret->parameter) == NULL)
+        goto merr;
+
+    PBE2PARAM_free(pbe2);
+    pbe2 = NULL;
+
+    return ret;
+
+ merr:
+    ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT, ERR_R_MALLOC_FAILURE);
+
+ err:
+    PBE2PARAM_free(pbe2);
+    X509_ALGOR_free(ret);
+    EVP_CIPHER_CTX_free(ctx);
+
+    return NULL;
+}
+
+static X509_ALGOR *pkcs5_scrypt_set(const unsigned char *salt, size_t saltlen,
+                                    size_t keylen, uint64_t N, uint64_t r,
+                                    uint64_t p)
+{
+    X509_ALGOR *keyfunc = NULL;
+    SCRYPT_PARAMS *sparam = SCRYPT_PARAMS_new();
+
+    if (sparam == NULL)
+        goto merr;
+
+    if (!saltlen)
+        saltlen = PKCS5_SALT_LEN;
+
+    /* This will either copy salt or grow the buffer */
+    if (ASN1_STRING_set(sparam->salt, salt, saltlen) == 0)
+        goto merr;
+
+    if (salt == NULL && RAND_bytes(sparam->salt->data, saltlen) <= 0)
+        goto err;
+
+    if (ASN1_INTEGER_set_uint64(sparam->costParameter, N) == 0)
+        goto merr;
+
+    if (ASN1_INTEGER_set_uint64(sparam->blockSize, r) == 0)
+        goto merr;
+
+    if (ASN1_INTEGER_set_uint64(sparam->parallelizationParameter, p) == 0)
+        goto merr;
+
+    /* If have a key len set it up */
+
+    if (keylen > 0) {
+        sparam->keyLength = ASN1_INTEGER_new();
+        if (sparam->keyLength == NULL)
+            goto merr;
+        if (ASN1_INTEGER_set_int64(sparam->keyLength, keylen) == 0)
+            goto merr;
+    }
+
+    /* Finally setup the keyfunc structure */
+
+    keyfunc = X509_ALGOR_new();
+    if (keyfunc == NULL)
+        goto merr;
+
+    keyfunc->algorithm = OBJ_nid2obj(NID_id_scrypt);
+
+    /* Encode SCRYPT_PARAMS into parameter of pbe2 */
+
+    if (ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(SCRYPT_PARAMS), sparam,
+                                &keyfunc->parameter) == NULL)
+        goto merr;
+
+    SCRYPT_PARAMS_free(sparam);
+    return keyfunc;
+
+ merr:
+    ASN1err(ASN1_F_PKCS5_SCRYPT_SET, ERR_R_MALLOC_FAILURE);
+ err:
+    SCRYPT_PARAMS_free(sparam);
+    X509_ALGOR_free(keyfunc);
+    return NULL;
+}
+
+int PKCS5_v2_scrypt_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass,
+                             int passlen, ASN1_TYPE *param,
+                             const EVP_CIPHER *c, const EVP_MD *md, int en_de)
+{
+    unsigned char *salt, key[EVP_MAX_KEY_LENGTH];
+    uint64_t p, r, N;
+    size_t saltlen;
+    size_t keylen = 0;
+    int rv = 0;
+    SCRYPT_PARAMS *sparam = NULL;
+
+    if (EVP_CIPHER_CTX_cipher(ctx) == NULL) {
+        EVPerr(EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN, EVP_R_NO_CIPHER_SET);
+        goto err;
+    }
+
+    /* Decode parameter */
+
+    sparam = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(SCRYPT_PARAMS), param);
+
+    if (sparam == NULL) {
+        EVPerr(EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN, EVP_R_DECODE_ERROR);
+        goto err;
+    }
+
+    keylen = EVP_CIPHER_CTX_key_length(ctx);
+
+    /* Now check the parameters of sparam */
+
+    if (sparam->keyLength) {
+        uint64_t spkeylen;
+        if ((ASN1_INTEGER_get_uint64(&spkeylen, sparam->keyLength) == 0)
+            || (spkeylen != keylen)) {
+            EVPerr(EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN,
+                   EVP_R_UNSUPPORTED_KEYLENGTH);
+            goto err;
+        }
+    }
+    /* Check all parameters fit in uint64_t and are acceptable to scrypt */
+    if (ASN1_INTEGER_get_uint64(&N, sparam->costParameter) == 0
+        || ASN1_INTEGER_get_uint64(&r, sparam->blockSize) == 0
+        || ASN1_INTEGER_get_uint64(&p, sparam->parallelizationParameter) == 0
+        || EVP_PBE_scrypt(NULL, 0, NULL, 0, N, r, p, 0, NULL, 0) == 0) {
+        EVPerr(EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN,
+               EVP_R_ILLEGAL_SCRYPT_PARAMETERS);
+        goto err;
+    }
+
+    /* it seems that its all OK */
+
+    salt = sparam->salt->data;
+    saltlen = sparam->salt->length;
+    if (EVP_PBE_scrypt(pass, passlen, salt, saltlen, N, r, p, 0, key, keylen)
+        == 0)
+        goto err;
+    rv = EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);
+ err:
+    if (keylen)
+        OPENSSL_cleanse(key, keylen);
+    SCRYPT_PARAMS_free(sparam);
+    return rv;
+}
+#endif /* OPENSSL_NO_SCRYPT */
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/p8_pkey.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/p8_pkey.c
new file mode 100644
index 000000000..dbee827e0
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/p8_pkey.c
@@ -0,0 +1,80 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include "internal/x509_int.h"
+
+/* Minor tweak to operation: zero private key data */
+static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                   void *exarg)
+{
+    /* Since the structure must still be valid use ASN1_OP_FREE_PRE */
+    if (operation == ASN1_OP_FREE_PRE) {
+        PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval;
+        if (key->pkey)
+            OPENSSL_cleanse(key->pkey->data, key->pkey->length);
+    }
+    return 1;
+}
+
+ASN1_SEQUENCE_cb(PKCS8_PRIV_KEY_INFO, pkey_cb) = {
+        ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, version, ASN1_INTEGER),
+        ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkeyalg, X509_ALGOR),
+        ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkey, ASN1_OCTET_STRING),
+        ASN1_IMP_SET_OF_OPT(PKCS8_PRIV_KEY_INFO, attributes, X509_ATTRIBUTE, 0)
+} ASN1_SEQUENCE_END_cb(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
+
+int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj,
+                    int version,
+                    int ptype, void *pval, unsigned char *penc, int penclen)
+{
+    if (version >= 0) {
+        if (!ASN1_INTEGER_set(priv->version, version))
+            return 0;
+    }
+    if (!X509_ALGOR_set0(priv->pkeyalg, aobj, ptype, pval))
+        return 0;
+    if (penc)
+        ASN1_STRING_set0(priv->pkey, penc, penclen);
+    return 1;
+}
+
+int PKCS8_pkey_get0(const ASN1_OBJECT **ppkalg,
+                    const unsigned char **pk, int *ppklen,
+                    const X509_ALGOR **pa, const PKCS8_PRIV_KEY_INFO *p8)
+{
+    if (ppkalg)
+        *ppkalg = p8->pkeyalg->algorithm;
+    if (pk) {
+        *pk = ASN1_STRING_get0_data(p8->pkey);
+        *ppklen = ASN1_STRING_length(p8->pkey);
+    }
+    if (pa)
+        *pa = p8->pkeyalg;
+    return 1;
+}
+
+const STACK_OF(X509_ATTRIBUTE) *
+PKCS8_pkey_get0_attrs(const PKCS8_PRIV_KEY_INFO *p8)
+{
+    return p8->attributes;
+}
+
+int PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int nid, int type,
+                                const unsigned char *bytes, int len)
+{
+    if (X509at_add1_attr_by_NID(&p8->attributes, nid, type, bytes, len) != NULL)
+        return 1;
+    return 0;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/standard_methods.h b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/standard_methods.h
new file mode 100644
index 000000000..e74de55ff
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/standard_methods.h
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This table MUST be kept in ascending order of the NID each method
+ * represents (corresponding to the pkey_id field) as OBJ_bsearch
+ * is used to search it.
+ */
+static const EVP_PKEY_ASN1_METHOD *standard_methods[] = {
+#ifndef OPENSSL_NO_RSA
+    &rsa_asn1_meths[0],
+    &rsa_asn1_meths[1],
+#endif
+#ifndef OPENSSL_NO_DH
+    &dh_asn1_meth,
+#endif
+#ifndef OPENSSL_NO_DSA
+    &dsa_asn1_meths[0],
+    &dsa_asn1_meths[1],
+    &dsa_asn1_meths[2],
+    &dsa_asn1_meths[3],
+    &dsa_asn1_meths[4],
+#endif
+#ifndef OPENSSL_NO_EC
+    &eckey_asn1_meth,
+#endif
+    &hmac_asn1_meth,
+#ifndef OPENSSL_NO_CMAC
+    &cmac_asn1_meth,
+#endif
+#ifndef OPENSSL_NO_RSA
+    &rsa_pss_asn1_meth,
+#endif
+#ifndef OPENSSL_NO_DH
+    &dhx_asn1_meth,
+#endif
+#ifndef OPENSSL_NO_EC
+    &ecx25519_asn1_meth,
+    &ecx448_asn1_meth,
+#endif
+#ifndef OPENSSL_NO_POLY1305
+    &poly1305_asn1_meth,
+#endif
+#ifndef OPENSSL_NO_SIPHASH
+    &siphash_asn1_meth,
+#endif
+#ifndef OPENSSL_NO_EC
+    &ed25519_asn1_meth,
+    &ed448_asn1_meth,
+#endif
+#ifndef OPENSSL_NO_SM2
+    &sm2_asn1_meth,
+#endif
+};
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/t_bitst.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/t_bitst.c
new file mode 100644
index 000000000..c0aeca4c7
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/t_bitst.c
@@ -0,0 +1,56 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
+                               BIT_STRING_BITNAME *tbl, int indent)
+{
+    BIT_STRING_BITNAME *bnam;
+    char first = 1;
+    BIO_printf(out, "%*s", indent, "");
+    for (bnam = tbl; bnam->lname; bnam++) {
+        if (ASN1_BIT_STRING_get_bit(bs, bnam->bitnum)) {
+            if (!first)
+                BIO_puts(out, ", ");
+            BIO_puts(out, bnam->lname);
+            first = 0;
+        }
+    }
+    BIO_puts(out, "\n");
+    return 1;
+}
+
+int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, const char *name, int value,
+                            BIT_STRING_BITNAME *tbl)
+{
+    int bitnum;
+    bitnum = ASN1_BIT_STRING_num_asc(name, tbl);
+    if (bitnum < 0)
+        return 0;
+    if (bs) {
+        if (!ASN1_BIT_STRING_set_bit(bs, bitnum, value))
+            return 0;
+    }
+    return 1;
+}
+
+int ASN1_BIT_STRING_num_asc(const char *name, BIT_STRING_BITNAME *tbl)
+{
+    BIT_STRING_BITNAME *bnam;
+    for (bnam = tbl; bnam->lname; bnam++) {
+        if ((strcmp(bnam->sname, name) == 0)
+            || (strcmp(bnam->lname, name) == 0))
+            return bnam->bitnum;
+    }
+    return -1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/t_pkey.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/t_pkey.c
new file mode 100644
index 000000000..3b2c9df89
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/t_pkey.c
@@ -0,0 +1,93 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include "internal/bn_int.h"
+
+/* Number of octets per line */
+#define ASN1_BUF_PRINT_WIDTH    15
+/* Maximum indent */
+#define ASN1_PRINT_MAX_INDENT 128
+
+int ASN1_buf_print(BIO *bp, const unsigned char *buf, size_t buflen, int indent)
+{
+    size_t i;
+
+    for (i = 0; i < buflen; i++) {
+        if ((i % ASN1_BUF_PRINT_WIDTH) == 0) {
+            if (i > 0 && BIO_puts(bp, "\n") <= 0)
+                return 0;
+            if (!BIO_indent(bp, indent, ASN1_PRINT_MAX_INDENT))
+                return 0;
+        }
+        /*
+         * Use colon separators for each octet for compatibility as
+         * this function is used to print out key components.
+         */
+        if (BIO_printf(bp, "%02x%s", buf[i],
+                       (i == buflen - 1) ? "" : ":") <= 0)
+                return 0;
+    }
+    if (BIO_write(bp, "\n", 1) <= 0)
+        return 0;
+    return 1;
+}
+
+int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num,
+                  unsigned char *ign, int indent)
+{
+    int n, rv = 0;
+    const char *neg;
+    unsigned char *buf = NULL, *tmp = NULL;
+    int buflen;
+
+    if (num == NULL)
+        return 1;
+    neg = BN_is_negative(num) ? "-" : "";
+    if (!BIO_indent(bp, indent, ASN1_PRINT_MAX_INDENT))
+        return 0;
+    if (BN_is_zero(num)) {
+        if (BIO_printf(bp, "%s 0\n", number) <= 0)
+            return 0;
+        return 1;
+    }
+
+    if (BN_num_bytes(num) <= BN_BYTES) {
+        if (BIO_printf(bp, "%s %s%lu (%s0x%lx)\n", number, neg,
+                       (unsigned long)bn_get_words(num)[0], neg,
+                       (unsigned long)bn_get_words(num)[0]) <= 0)
+            return 0;
+        return 1;
+    }
+
+    buflen = BN_num_bytes(num) + 1;
+    buf = tmp = OPENSSL_malloc(buflen);
+    if (buf == NULL)
+        goto err;
+    buf[0] = 0;
+    if (BIO_printf(bp, "%s%s\n", number,
+                   (neg[0] == '-') ? " (Negative)" : "") <= 0)
+        goto err;
+    n = BN_bn2bin(num, buf + 1);
+
+    if (buf[1] & 0x80)
+        n++;
+    else
+        tmp++;
+
+    if (ASN1_buf_print(bp, tmp, n, indent + 4) == 0)
+        goto err;
+    rv = 1;
+    err:
+    OPENSSL_clear_free(buf, buflen);
+    return rv;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/t_spki.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/t_spki.c
new file mode 100644
index 000000000..51b56d0aa
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/t_spki.c
@@ -0,0 +1,56 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/bn.h>
+
+/* Print out an SPKI */
+
+int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki)
+{
+    EVP_PKEY *pkey;
+    ASN1_IA5STRING *chal;
+    ASN1_OBJECT *spkioid;
+    int i, n;
+    char *s;
+    BIO_printf(out, "Netscape SPKI:\n");
+    X509_PUBKEY_get0_param(&spkioid, NULL, NULL, NULL, spki->spkac->pubkey);
+    i = OBJ_obj2nid(spkioid);
+    BIO_printf(out, "  Public Key Algorithm: %s\n",
+               (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i));
+    pkey = X509_PUBKEY_get(spki->spkac->pubkey);
+    if (!pkey)
+        BIO_printf(out, "  Unable to load public key\n");
+    else {
+        EVP_PKEY_print_public(out, pkey, 4, NULL);
+        EVP_PKEY_free(pkey);
+    }
+    chal = spki->spkac->challenge;
+    if (chal->length)
+        BIO_printf(out, "  Challenge String: %s\n", chal->data);
+    i = OBJ_obj2nid(spki->sig_algor.algorithm);
+    BIO_printf(out, "  Signature Algorithm: %s",
+               (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i));
+
+    n = spki->signature->length;
+    s = (char *)spki->signature->data;
+    for (i = 0; i < n; i++) {
+        if ((i % 18) == 0)
+            BIO_write(out, "\n      ", 7);
+        BIO_printf(out, "%02x%s", (unsigned char)s[i],
+                   ((i + 1) == n) ? "" : ":");
+    }
+    BIO_write(out, "\n", 1);
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tasn_dec.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tasn_dec.c
new file mode 100644
index 000000000..c2a521ed5
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tasn_dec.c
@@ -0,0 +1,1160 @@
+/*
+ * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stddef.h>
+#include <string.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+#include "internal/numbers.h"
+#include "asn1_locl.h"
+
+
+/*
+ * Constructed types with a recursive definition (such as can be found in PKCS7)
+ * could eventually exceed the stack given malicious input with excessive
+ * recursion. Therefore we limit the stack depth. This is the maximum number of
+ * recursive invocations of asn1_item_embed_d2i().
+ */
+#define ASN1_MAX_CONSTRUCTED_NEST 30
+
+static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
+                               long len, const ASN1_ITEM *it,
+                               int tag, int aclass, char opt, ASN1_TLC *ctx,
+                               int depth);
+
+static int asn1_check_eoc(const unsigned char **in, long len);
+static int asn1_find_end(const unsigned char **in, long len, char inf);
+
+static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
+                        char inf, int tag, int aclass, int depth);
+
+static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen);
+
+static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass,
+                           char *inf, char *cst,
+                           const unsigned char **in, long len,
+                           int exptag, int expclass, char opt, ASN1_TLC *ctx);
+
+static int asn1_template_ex_d2i(ASN1_VALUE **pval,
+                                const unsigned char **in, long len,
+                                const ASN1_TEMPLATE *tt, char opt,
+                                ASN1_TLC *ctx, int depth);
+static int asn1_template_noexp_d2i(ASN1_VALUE **val,
+                                   const unsigned char **in, long len,
+                                   const ASN1_TEMPLATE *tt, char opt,
+                                   ASN1_TLC *ctx, int depth);
+static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
+                                 const unsigned char **in, long len,
+                                 const ASN1_ITEM *it,
+                                 int tag, int aclass, char opt,
+                                 ASN1_TLC *ctx);
+static int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+                       int utype, char *free_cont, const ASN1_ITEM *it);
+
+/* Table to convert tags to bit values, used for MSTRING type */
+static const unsigned long tag2bit[32] = {
+    /* tags  0 -  3 */
+    0, 0, 0, B_ASN1_BIT_STRING,
+    /* tags  4- 7 */
+    B_ASN1_OCTET_STRING, 0, 0, B_ASN1_UNKNOWN,
+    /* tags  8-11 */
+    B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN,
+    /* tags 12-15 */
+    B_ASN1_UTF8STRING, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN,
+    /* tags 16-19 */
+    B_ASN1_SEQUENCE, 0, B_ASN1_NUMERICSTRING, B_ASN1_PRINTABLESTRING,
+    /* tags 20-22 */
+    B_ASN1_T61STRING, B_ASN1_VIDEOTEXSTRING, B_ASN1_IA5STRING,
+    /* tags 23-24 */
+    B_ASN1_UTCTIME, B_ASN1_GENERALIZEDTIME,
+    /* tags 25-27 */
+    B_ASN1_GRAPHICSTRING, B_ASN1_ISO64STRING, B_ASN1_GENERALSTRING,
+    /* tags 28-31 */
+    B_ASN1_UNIVERSALSTRING, B_ASN1_UNKNOWN, B_ASN1_BMPSTRING, B_ASN1_UNKNOWN,
+};
+
+unsigned long ASN1_tag2bit(int tag)
+{
+    if ((tag < 0) || (tag > 30))
+        return 0;
+    return tag2bit[tag];
+}
+
+/* Macro to initialize and invalidate the cache */
+
+#define asn1_tlc_clear(c)       if (c) (c)->valid = 0
+/* Version to avoid compiler warning about 'c' always non-NULL */
+#define asn1_tlc_clear_nc(c)    (c)->valid = 0
+
+/*
+ * Decode an ASN1 item, this currently behaves just like a standard 'd2i'
+ * function. 'in' points to a buffer to read the data from, in future we
+ * will have more advanced versions that can input data a piece at a time and
+ * this will simply be a special case.
+ */
+
+ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval,
+                          const unsigned char **in, long len,
+                          const ASN1_ITEM *it)
+{
+    ASN1_TLC c;
+    ASN1_VALUE *ptmpval = NULL;
+    if (!pval)
+        pval = &ptmpval;
+    asn1_tlc_clear_nc(&c);
+    if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0)
+        return *pval;
+    return NULL;
+}
+
+int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
+                     const ASN1_ITEM *it,
+                     int tag, int aclass, char opt, ASN1_TLC *ctx)
+{
+    int rv;
+    rv = asn1_item_embed_d2i(pval, in, len, it, tag, aclass, opt, ctx, 0);
+    if (rv <= 0)
+        ASN1_item_ex_free(pval, it);
+    return rv;
+}
+
+/*
+ * Decode an item, taking care of IMPLICIT tagging, if any. If 'opt' set and
+ * tag mismatch return -1 to handle OPTIONAL
+ */
+
+static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
+                               long len, const ASN1_ITEM *it,
+                               int tag, int aclass, char opt, ASN1_TLC *ctx,
+                               int depth)
+{
+    const ASN1_TEMPLATE *tt, *errtt = NULL;
+    const ASN1_EXTERN_FUNCS *ef;
+    const ASN1_AUX *aux = it->funcs;
+    ASN1_aux_cb *asn1_cb;
+    const unsigned char *p = NULL, *q;
+    unsigned char oclass;
+    char seq_eoc, seq_nolen, cst, isopt;
+    long tmplen;
+    int i;
+    int otag;
+    int ret = 0;
+    ASN1_VALUE **pchptr;
+    if (!pval)
+        return 0;
+    if (aux && aux->asn1_cb)
+        asn1_cb = aux->asn1_cb;
+    else
+        asn1_cb = 0;
+
+    if (++depth > ASN1_MAX_CONSTRUCTED_NEST) {
+        ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_NESTED_TOO_DEEP);
+        goto err;
+    }
+
+    switch (it->itype) {
+    case ASN1_ITYPE_PRIMITIVE:
+        if (it->templates) {
+            /*
+             * tagging or OPTIONAL is currently illegal on an item template
+             * because the flags can't get passed down. In practice this
+             * isn't a problem: we include the relevant flags from the item
+             * template in the template itself.
+             */
+            if ((tag != -1) || opt) {
+                ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I,
+                        ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE);
+                goto err;
+            }
+            return asn1_template_ex_d2i(pval, in, len,
+                                        it->templates, opt, ctx, depth);
+        }
+        return asn1_d2i_ex_primitive(pval, in, len, it,
+                                     tag, aclass, opt, ctx);
+
+    case ASN1_ITYPE_MSTRING:
+        p = *in;
+        /* Just read in tag and class */
+        ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL,
+                              &p, len, -1, 0, 1, ctx);
+        if (!ret) {
+            ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ERR_R_NESTED_ASN1_ERROR);
+            goto err;
+        }
+
+        /* Must be UNIVERSAL class */
+        if (oclass != V_ASN1_UNIVERSAL) {
+            /* If OPTIONAL, assume this is OK */
+            if (opt)
+                return -1;
+            ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_MSTRING_NOT_UNIVERSAL);
+            goto err;
+        }
+        /* Check tag matches bit map */
+        if (!(ASN1_tag2bit(otag) & it->utype)) {
+            /* If OPTIONAL, assume this is OK */
+            if (opt)
+                return -1;
+            ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_MSTRING_WRONG_TAG);
+            goto err;
+        }
+        return asn1_d2i_ex_primitive(pval, in, len, it, otag, 0, 0, ctx);
+
+    case ASN1_ITYPE_EXTERN:
+        /* Use new style d2i */
+        ef = it->funcs;
+        return ef->asn1_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx);
+
+    case ASN1_ITYPE_CHOICE:
+        if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
+            goto auxerr;
+        if (*pval) {
+            /* Free up and zero CHOICE value if initialised */
+            i = asn1_get_choice_selector(pval, it);
+            if ((i >= 0) && (i < it->tcount)) {
+                tt = it->templates + i;
+                pchptr = asn1_get_field_ptr(pval, tt);
+                asn1_template_free(pchptr, tt);
+                asn1_set_choice_selector(pval, -1, it);
+            }
+        } else if (!ASN1_item_ex_new(pval, it)) {
+            ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ERR_R_NESTED_ASN1_ERROR);
+            goto err;
+        }
+        /* CHOICE type, try each possibility in turn */
+        p = *in;
+        for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
+            pchptr = asn1_get_field_ptr(pval, tt);
+            /*
+             * We mark field as OPTIONAL so its absence can be recognised.
+             */
+            ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx, depth);
+            /* If field not present, try the next one */
+            if (ret == -1)
+                continue;
+            /* If positive return, read OK, break loop */
+            if (ret > 0)
+                break;
+            /*
+             * Must be an ASN1 parsing error.
+             * Free up any partial choice value
+             */
+            asn1_template_free(pchptr, tt);
+            errtt = tt;
+            ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ERR_R_NESTED_ASN1_ERROR);
+            goto err;
+        }
+
+        /* Did we fall off the end without reading anything? */
+        if (i == it->tcount) {
+            /* If OPTIONAL, this is OK */
+            if (opt) {
+                /* Free and zero it */
+                ASN1_item_ex_free(pval, it);
+                return -1;
+            }
+            ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_NO_MATCHING_CHOICE_TYPE);
+            goto err;
+        }
+
+        asn1_set_choice_selector(pval, i, it);
+
+        if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL))
+            goto auxerr;
+        *in = p;
+        return 1;
+
+    case ASN1_ITYPE_NDEF_SEQUENCE:
+    case ASN1_ITYPE_SEQUENCE:
+        p = *in;
+        tmplen = len;
+
+        /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */
+        if (tag == -1) {
+            tag = V_ASN1_SEQUENCE;
+            aclass = V_ASN1_UNIVERSAL;
+        }
+        /* Get SEQUENCE length and update len, p */
+        ret = asn1_check_tlen(&len, NULL, NULL, &seq_eoc, &cst,
+                              &p, len, tag, aclass, opt, ctx);
+        if (!ret) {
+            ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ERR_R_NESTED_ASN1_ERROR);
+            goto err;
+        } else if (ret == -1)
+            return -1;
+        if (aux && (aux->flags & ASN1_AFLG_BROKEN)) {
+            len = tmplen - (p - *in);
+            seq_nolen = 1;
+        }
+        /* If indefinite we don't do a length check */
+        else
+            seq_nolen = seq_eoc;
+        if (!cst) {
+            ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_SEQUENCE_NOT_CONSTRUCTED);
+            goto err;
+        }
+
+        if (!*pval && !ASN1_item_ex_new(pval, it)) {
+            ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ERR_R_NESTED_ASN1_ERROR);
+            goto err;
+        }
+
+        if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
+            goto auxerr;
+
+        /* Free up and zero any ADB found */
+        for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
+            if (tt->flags & ASN1_TFLG_ADB_MASK) {
+                const ASN1_TEMPLATE *seqtt;
+                ASN1_VALUE **pseqval;
+                seqtt = asn1_do_adb(pval, tt, 0);
+                if (seqtt == NULL)
+                    continue;
+                pseqval = asn1_get_field_ptr(pval, seqtt);
+                asn1_template_free(pseqval, seqtt);
+            }
+        }
+
+        /* Get each field entry */
+        for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
+            const ASN1_TEMPLATE *seqtt;
+            ASN1_VALUE **pseqval;
+            seqtt = asn1_do_adb(pval, tt, 1);
+            if (seqtt == NULL)
+                goto err;
+            pseqval = asn1_get_field_ptr(pval, seqtt);
+            /* Have we ran out of data? */
+            if (!len)
+                break;
+            q = p;
+            if (asn1_check_eoc(&p, len)) {
+                if (!seq_eoc) {
+                    ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_UNEXPECTED_EOC);
+                    goto err;
+                }
+                len -= p - q;
+                seq_eoc = 0;
+                q = p;
+                break;
+            }
+            /*
+             * This determines the OPTIONAL flag value. The field cannot be
+             * omitted if it is the last of a SEQUENCE and there is still
+             * data to be read. This isn't strictly necessary but it
+             * increases efficiency in some cases.
+             */
+            if (i == (it->tcount - 1))
+                isopt = 0;
+            else
+                isopt = (char)(seqtt->flags & ASN1_TFLG_OPTIONAL);
+            /*
+             * attempt to read in field, allowing each to be OPTIONAL
+             */
+
+            ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx,
+                                       depth);
+            if (!ret) {
+                errtt = seqtt;
+                goto err;
+            } else if (ret == -1) {
+                /*
+                 * OPTIONAL component absent. Free and zero the field.
+                 */
+                asn1_template_free(pseqval, seqtt);
+                continue;
+            }
+            /* Update length */
+            len -= p - q;
+        }
+
+        /* Check for EOC if expecting one */
+        if (seq_eoc && !asn1_check_eoc(&p, len)) {
+            ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_MISSING_EOC);
+            goto err;
+        }
+        /* Check all data read */
+        if (!seq_nolen && len) {
+            ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_SEQUENCE_LENGTH_MISMATCH);
+            goto err;
+        }
+
+        /*
+         * If we get here we've got no more data in the SEQUENCE, however we
+         * may not have read all fields so check all remaining are OPTIONAL
+         * and clear any that are.
+         */
+        for (; i < it->tcount; tt++, i++) {
+            const ASN1_TEMPLATE *seqtt;
+            seqtt = asn1_do_adb(pval, tt, 1);
+            if (seqtt == NULL)
+                goto err;
+            if (seqtt->flags & ASN1_TFLG_OPTIONAL) {
+                ASN1_VALUE **pseqval;
+                pseqval = asn1_get_field_ptr(pval, seqtt);
+                asn1_template_free(pseqval, seqtt);
+            } else {
+                errtt = seqtt;
+                ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_FIELD_MISSING);
+                goto err;
+            }
+        }
+        /* Save encoding */
+        if (!asn1_enc_save(pval, *in, p - *in, it))
+            goto auxerr;
+        if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL))
+            goto auxerr;
+        *in = p;
+        return 1;
+
+    default:
+        return 0;
+    }
+ auxerr:
+    ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_AUX_ERROR);
+ err:
+    if (errtt)
+        ERR_add_error_data(4, "Field=", errtt->field_name,
+                           ", Type=", it->sname);
+    else
+        ERR_add_error_data(2, "Type=", it->sname);
+    return 0;
+}
+
+/*
+ * Templates are handled with two separate functions. One handles any
+ * EXPLICIT tag and the other handles the rest.
+ */
+
+static int asn1_template_ex_d2i(ASN1_VALUE **val,
+                                const unsigned char **in, long inlen,
+                                const ASN1_TEMPLATE *tt, char opt,
+                                ASN1_TLC *ctx, int depth)
+{
+    int flags, aclass;
+    int ret;
+    long len;
+    const unsigned char *p, *q;
+    char exp_eoc;
+    if (!val)
+        return 0;
+    flags = tt->flags;
+    aclass = flags & ASN1_TFLG_TAG_CLASS;
+
+    p = *in;
+
+    /* Check if EXPLICIT tag expected */
+    if (flags & ASN1_TFLG_EXPTAG) {
+        char cst;
+        /*
+         * Need to work out amount of data available to the inner content and
+         * where it starts: so read in EXPLICIT header to get the info.
+         */
+        ret = asn1_check_tlen(&len, NULL, NULL, &exp_eoc, &cst,
+                              &p, inlen, tt->tag, aclass, opt, ctx);
+        q = p;
+        if (!ret) {
+            ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+            return 0;
+        } else if (ret == -1)
+            return -1;
+        if (!cst) {
+            ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
+                    ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED);
+            return 0;
+        }
+        /* We've found the field so it can't be OPTIONAL now */
+        ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx, depth);
+        if (!ret) {
+            ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+            return 0;
+        }
+        /* We read the field in OK so update length */
+        len -= p - q;
+        if (exp_eoc) {
+            /* If NDEF we must have an EOC here */
+            if (!asn1_check_eoc(&p, len)) {
+                ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ASN1_R_MISSING_EOC);
+                goto err;
+            }
+        } else {
+            /*
+             * Otherwise we must hit the EXPLICIT tag end or its an error
+             */
+            if (len) {
+                ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
+                        ASN1_R_EXPLICIT_LENGTH_MISMATCH);
+                goto err;
+            }
+        }
+    } else
+        return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx, depth);
+
+    *in = p;
+    return 1;
+
+ err:
+    return 0;
+}
+
+static int asn1_template_noexp_d2i(ASN1_VALUE **val,
+                                   const unsigned char **in, long len,
+                                   const ASN1_TEMPLATE *tt, char opt,
+                                   ASN1_TLC *ctx, int depth)
+{
+    int flags, aclass;
+    int ret;
+    ASN1_VALUE *tval;
+    const unsigned char *p, *q;
+    if (!val)
+        return 0;
+    flags = tt->flags;
+    aclass = flags & ASN1_TFLG_TAG_CLASS;
+
+    p = *in;
+    q = p;
+
+    /*
+     * If field is embedded then val needs fixing so it is a pointer to
+     * a pointer to a field.
+     */
+    if (tt->flags & ASN1_TFLG_EMBED) {
+        tval = (ASN1_VALUE *)val;
+        val = &tval;
+    }
+
+    if (flags & ASN1_TFLG_SK_MASK) {
+        /* SET OF, SEQUENCE OF */
+        int sktag, skaclass;
+        char sk_eoc;
+        /* First work out expected inner tag value */
+        if (flags & ASN1_TFLG_IMPTAG) {
+            sktag = tt->tag;
+            skaclass = aclass;
+        } else {
+            skaclass = V_ASN1_UNIVERSAL;
+            if (flags & ASN1_TFLG_SET_OF)
+                sktag = V_ASN1_SET;
+            else
+                sktag = V_ASN1_SEQUENCE;
+        }
+        /* Get the tag */
+        ret = asn1_check_tlen(&len, NULL, NULL, &sk_eoc, NULL,
+                              &p, len, sktag, skaclass, opt, ctx);
+        if (!ret) {
+            ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
+            return 0;
+        } else if (ret == -1)
+            return -1;
+        if (!*val)
+            *val = (ASN1_VALUE *)sk_ASN1_VALUE_new_null();
+        else {
+            /*
+             * We've got a valid STACK: free up any items present
+             */
+            STACK_OF(ASN1_VALUE) *sktmp = (STACK_OF(ASN1_VALUE) *)*val;
+            ASN1_VALUE *vtmp;
+            while (sk_ASN1_VALUE_num(sktmp) > 0) {
+                vtmp = sk_ASN1_VALUE_pop(sktmp);
+                ASN1_item_ex_free(&vtmp, ASN1_ITEM_ptr(tt->item));
+            }
+        }
+
+        if (!*val) {
+            ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        /* Read as many items as we can */
+        while (len > 0) {
+            ASN1_VALUE *skfield;
+            q = p;
+            /* See if EOC found */
+            if (asn1_check_eoc(&p, len)) {
+                if (!sk_eoc) {
+                    ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
+                            ASN1_R_UNEXPECTED_EOC);
+                    goto err;
+                }
+                len -= p - q;
+                sk_eoc = 0;
+                break;
+            }
+            skfield = NULL;
+            if (!asn1_item_embed_d2i(&skfield, &p, len,
+                                     ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx,
+                                     depth)) {
+                ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
+                        ERR_R_NESTED_ASN1_ERROR);
+                /* |skfield| may be partially allocated despite failure. */
+                ASN1_item_free(skfield, ASN1_ITEM_ptr(tt->item));
+                goto err;
+            }
+            len -= p - q;
+            if (!sk_ASN1_VALUE_push((STACK_OF(ASN1_VALUE) *)*val, skfield)) {
+                ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_MALLOC_FAILURE);
+                ASN1_item_free(skfield, ASN1_ITEM_ptr(tt->item));
+                goto err;
+            }
+        }
+        if (sk_eoc) {
+            ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ASN1_R_MISSING_EOC);
+            goto err;
+        }
+    } else if (flags & ASN1_TFLG_IMPTAG) {
+        /* IMPLICIT tagging */
+        ret = asn1_item_embed_d2i(val, &p, len,
+                                  ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt,
+                                  ctx, depth);
+        if (!ret) {
+            ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
+            goto err;
+        } else if (ret == -1)
+            return -1;
+    } else {
+        /* Nothing special */
+        ret = asn1_item_embed_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
+                                  -1, 0, opt, ctx, depth);
+        if (!ret) {
+            ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
+            goto err;
+        } else if (ret == -1)
+            return -1;
+    }
+
+    *in = p;
+    return 1;
+
+ err:
+    return 0;
+}
+
+static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
+                                 const unsigned char **in, long inlen,
+                                 const ASN1_ITEM *it,
+                                 int tag, int aclass, char opt, ASN1_TLC *ctx)
+{
+    int ret = 0, utype;
+    long plen;
+    char cst, inf, free_cont = 0;
+    const unsigned char *p;
+    BUF_MEM buf = { 0, NULL, 0, 0 };
+    const unsigned char *cont = NULL;
+    long len;
+    if (!pval) {
+        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_NULL);
+        return 0;               /* Should never happen */
+    }
+
+    if (it->itype == ASN1_ITYPE_MSTRING) {
+        utype = tag;
+        tag = -1;
+    } else
+        utype = it->utype;
+
+    if (utype == V_ASN1_ANY) {
+        /* If type is ANY need to figure out type from tag */
+        unsigned char oclass;
+        if (tag >= 0) {
+            ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_TAGGED_ANY);
+            return 0;
+        }
+        if (opt) {
+            ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
+                    ASN1_R_ILLEGAL_OPTIONAL_ANY);
+            return 0;
+        }
+        p = *in;
+        ret = asn1_check_tlen(NULL, &utype, &oclass, NULL, NULL,
+                              &p, inlen, -1, 0, 0, ctx);
+        if (!ret) {
+            ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR);
+            return 0;
+        }
+        if (oclass != V_ASN1_UNIVERSAL)
+            utype = V_ASN1_OTHER;
+    }
+    if (tag == -1) {
+        tag = utype;
+        aclass = V_ASN1_UNIVERSAL;
+    }
+    p = *in;
+    /* Check header */
+    ret = asn1_check_tlen(&plen, NULL, NULL, &inf, &cst,
+                          &p, inlen, tag, aclass, opt, ctx);
+    if (!ret) {
+        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR);
+        return 0;
+    } else if (ret == -1)
+        return -1;
+    ret = 0;
+    /* SEQUENCE, SET and "OTHER" are left in encoded form */
+    if ((utype == V_ASN1_SEQUENCE)
+        || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER)) {
+        /*
+         * Clear context cache for type OTHER because the auto clear when we
+         * have a exact match won't work
+         */
+        if (utype == V_ASN1_OTHER) {
+            asn1_tlc_clear(ctx);
+        }
+        /* SEQUENCE and SET must be constructed */
+        else if (!cst) {
+            ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
+                    ASN1_R_TYPE_NOT_CONSTRUCTED);
+            return 0;
+        }
+
+        cont = *in;
+        /* If indefinite length constructed find the real end */
+        if (inf) {
+            if (!asn1_find_end(&p, plen, inf))
+                goto err;
+            len = p - cont;
+        } else {
+            len = p - cont + plen;
+            p += plen;
+        }
+    } else if (cst) {
+        if (utype == V_ASN1_NULL || utype == V_ASN1_BOOLEAN
+            || utype == V_ASN1_OBJECT || utype == V_ASN1_INTEGER
+            || utype == V_ASN1_ENUMERATED) {
+            ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_TYPE_NOT_PRIMITIVE);
+            return 0;
+        }
+
+        /* Free any returned 'buf' content */
+        free_cont = 1;
+        /*
+         * Should really check the internal tags are correct but some things
+         * may get this wrong. The relevant specs say that constructed string
+         * types should be OCTET STRINGs internally irrespective of the type.
+         * So instead just check for UNIVERSAL class and ignore the tag.
+         */
+        if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL, 0)) {
+            goto err;
+        }
+        len = buf.length;
+        /* Append a final null to string */
+        if (!BUF_MEM_grow_clean(&buf, len + 1)) {
+            ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        buf.data[len] = 0;
+        cont = (const unsigned char *)buf.data;
+    } else {
+        cont = p;
+        len = plen;
+        p += plen;
+    }
+
+    /* We now have content length and type: translate into a structure */
+    /* asn1_ex_c2i may reuse allocated buffer, and so sets free_cont to 0 */
+    if (!asn1_ex_c2i(pval, cont, len, utype, &free_cont, it))
+        goto err;
+
+    *in = p;
+    ret = 1;
+ err:
+    if (free_cont)
+        OPENSSL_free(buf.data);
+    return ret;
+}
+
+/* Translate ASN1 content octets into a structure */
+
+static int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+                       int utype, char *free_cont, const ASN1_ITEM *it)
+{
+    ASN1_VALUE **opval = NULL;
+    ASN1_STRING *stmp;
+    ASN1_TYPE *typ = NULL;
+    int ret = 0;
+    const ASN1_PRIMITIVE_FUNCS *pf;
+    ASN1_INTEGER **tint;
+    pf = it->funcs;
+
+    if (pf && pf->prim_c2i)
+        return pf->prim_c2i(pval, cont, len, utype, free_cont, it);
+    /* If ANY type clear type and set pointer to internal value */
+    if (it->utype == V_ASN1_ANY) {
+        if (!*pval) {
+            typ = ASN1_TYPE_new();
+            if (typ == NULL)
+                goto err;
+            *pval = (ASN1_VALUE *)typ;
+        } else
+            typ = (ASN1_TYPE *)*pval;
+
+        if (utype != typ->type)
+            ASN1_TYPE_set(typ, utype, NULL);
+        opval = pval;
+        pval = &typ->value.asn1_value;
+    }
+    switch (utype) {
+    case V_ASN1_OBJECT:
+        if (!c2i_ASN1_OBJECT((ASN1_OBJECT **)pval, &cont, len))
+            goto err;
+        break;
+
+    case V_ASN1_NULL:
+        if (len) {
+            ASN1err(ASN1_F_ASN1_EX_C2I, ASN1_R_NULL_IS_WRONG_LENGTH);
+            goto err;
+        }
+        *pval = (ASN1_VALUE *)1;
+        break;
+
+    case V_ASN1_BOOLEAN:
+        if (len != 1) {
+            ASN1err(ASN1_F_ASN1_EX_C2I, ASN1_R_BOOLEAN_IS_WRONG_LENGTH);
+            goto err;
+        } else {
+            ASN1_BOOLEAN *tbool;
+            tbool = (ASN1_BOOLEAN *)pval;
+            *tbool = *cont;
+        }
+        break;
+
+    case V_ASN1_BIT_STRING:
+        if (!c2i_ASN1_BIT_STRING((ASN1_BIT_STRING **)pval, &cont, len))
+            goto err;
+        break;
+
+    case V_ASN1_INTEGER:
+    case V_ASN1_ENUMERATED:
+        tint = (ASN1_INTEGER **)pval;
+        if (!c2i_ASN1_INTEGER(tint, &cont, len))
+            goto err;
+        /* Fixup type to match the expected form */
+        (*tint)->type = utype | ((*tint)->type & V_ASN1_NEG);
+        break;
+
+    case V_ASN1_OCTET_STRING:
+    case V_ASN1_NUMERICSTRING:
+    case V_ASN1_PRINTABLESTRING:
+    case V_ASN1_T61STRING:
+    case V_ASN1_VIDEOTEXSTRING:
+    case V_ASN1_IA5STRING:
+    case V_ASN1_UTCTIME:
+    case V_ASN1_GENERALIZEDTIME:
+    case V_ASN1_GRAPHICSTRING:
+    case V_ASN1_VISIBLESTRING:
+    case V_ASN1_GENERALSTRING:
+    case V_ASN1_UNIVERSALSTRING:
+    case V_ASN1_BMPSTRING:
+    case V_ASN1_UTF8STRING:
+    case V_ASN1_OTHER:
+    case V_ASN1_SET:
+    case V_ASN1_SEQUENCE:
+    default:
+        if (utype == V_ASN1_BMPSTRING && (len & 1)) {
+            ASN1err(ASN1_F_ASN1_EX_C2I, ASN1_R_BMPSTRING_IS_WRONG_LENGTH);
+            goto err;
+        }
+        if (utype == V_ASN1_UNIVERSALSTRING && (len & 3)) {
+            ASN1err(ASN1_F_ASN1_EX_C2I,
+                    ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH);
+            goto err;
+        }
+        /* All based on ASN1_STRING and handled the same */
+        if (!*pval) {
+            stmp = ASN1_STRING_type_new(utype);
+            if (stmp == NULL) {
+                ASN1err(ASN1_F_ASN1_EX_C2I, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            *pval = (ASN1_VALUE *)stmp;
+        } else {
+            stmp = (ASN1_STRING *)*pval;
+            stmp->type = utype;
+        }
+        /* If we've already allocated a buffer use it */
+        if (*free_cont) {
+            OPENSSL_free(stmp->data);
+            stmp->data = (unsigned char *)cont; /* UGLY CAST! RL */
+            stmp->length = len;
+            *free_cont = 0;
+        } else {
+            if (!ASN1_STRING_set(stmp, cont, len)) {
+                ASN1err(ASN1_F_ASN1_EX_C2I, ERR_R_MALLOC_FAILURE);
+                ASN1_STRING_free(stmp);
+                *pval = NULL;
+                goto err;
+            }
+        }
+        break;
+    }
+    /* If ASN1_ANY and NULL type fix up value */
+    if (typ && (utype == V_ASN1_NULL))
+        typ->value.ptr = NULL;
+
+    ret = 1;
+ err:
+    if (!ret) {
+        ASN1_TYPE_free(typ);
+        if (opval)
+            *opval = NULL;
+    }
+    return ret;
+}
+
+/*
+ * This function finds the end of an ASN1 structure when passed its maximum
+ * length, whether it is indefinite length and a pointer to the content. This
+ * is more efficient than calling asn1_collect because it does not recurse on
+ * each indefinite length header.
+ */
+
+static int asn1_find_end(const unsigned char **in, long len, char inf)
+{
+    uint32_t expected_eoc;
+    long plen;
+    const unsigned char *p = *in, *q;
+    /* If not indefinite length constructed just add length */
+    if (inf == 0) {
+        *in += len;
+        return 1;
+    }
+    expected_eoc = 1;
+    /*
+     * Indefinite length constructed form. Find the end when enough EOCs are
+     * found. If more indefinite length constructed headers are encountered
+     * increment the expected eoc count otherwise just skip to the end of the
+     * data.
+     */
+    while (len > 0) {
+        if (asn1_check_eoc(&p, len)) {
+            expected_eoc--;
+            if (expected_eoc == 0)
+                break;
+            len -= 2;
+            continue;
+        }
+        q = p;
+        /* Just read in a header: only care about the length */
+        if (!asn1_check_tlen(&plen, NULL, NULL, &inf, NULL, &p, len,
+                             -1, 0, 0, NULL)) {
+            ASN1err(ASN1_F_ASN1_FIND_END, ERR_R_NESTED_ASN1_ERROR);
+            return 0;
+        }
+        if (inf) {
+            if (expected_eoc == UINT32_MAX) {
+                ASN1err(ASN1_F_ASN1_FIND_END, ERR_R_NESTED_ASN1_ERROR);
+                return 0;
+            }
+            expected_eoc++;
+        } else {
+            p += plen;
+        }
+        len -= p - q;
+    }
+    if (expected_eoc) {
+        ASN1err(ASN1_F_ASN1_FIND_END, ASN1_R_MISSING_EOC);
+        return 0;
+    }
+    *in = p;
+    return 1;
+}
+
+/*
+ * This function collects the asn1 data from a constructed string type into
+ * a buffer. The values of 'in' and 'len' should refer to the contents of the
+ * constructed type and 'inf' should be set if it is indefinite length.
+ */
+
+#ifndef ASN1_MAX_STRING_NEST
+/*
+ * This determines how many levels of recursion are permitted in ASN1 string
+ * types. If it is not limited stack overflows can occur. If set to zero no
+ * recursion is allowed at all. Although zero should be adequate examples
+ * exist that require a value of 1. So 5 should be more than enough.
+ */
+# define ASN1_MAX_STRING_NEST 5
+#endif
+
+static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
+                        char inf, int tag, int aclass, int depth)
+{
+    const unsigned char *p, *q;
+    long plen;
+    char cst, ininf;
+    p = *in;
+    inf &= 1;
+    /*
+     * If no buffer and not indefinite length constructed just pass over the
+     * encoded data
+     */
+    if (!buf && !inf) {
+        *in += len;
+        return 1;
+    }
+    while (len > 0) {
+        q = p;
+        /* Check for EOC */
+        if (asn1_check_eoc(&p, len)) {
+            /*
+             * EOC is illegal outside indefinite length constructed form
+             */
+            if (!inf) {
+                ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_UNEXPECTED_EOC);
+                return 0;
+            }
+            inf = 0;
+            break;
+        }
+
+        if (!asn1_check_tlen(&plen, NULL, NULL, &ininf, &cst, &p,
+                             len, tag, aclass, 0, NULL)) {
+            ASN1err(ASN1_F_ASN1_COLLECT, ERR_R_NESTED_ASN1_ERROR);
+            return 0;
+        }
+
+        /* If indefinite length constructed update max length */
+        if (cst) {
+            if (depth >= ASN1_MAX_STRING_NEST) {
+                ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_NESTED_ASN1_STRING);
+                return 0;
+            }
+            if (!asn1_collect(buf, &p, plen, ininf, tag, aclass, depth + 1))
+                return 0;
+        } else if (plen && !collect_data(buf, &p, plen))
+            return 0;
+        len -= p - q;
+    }
+    if (inf) {
+        ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_MISSING_EOC);
+        return 0;
+    }
+    *in = p;
+    return 1;
+}
+
+static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen)
+{
+    int len;
+    if (buf) {
+        len = buf->length;
+        if (!BUF_MEM_grow_clean(buf, len + plen)) {
+            ASN1err(ASN1_F_COLLECT_DATA, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        memcpy(buf->data + len, *p, plen);
+    }
+    *p += plen;
+    return 1;
+}
+
+/* Check for ASN1 EOC and swallow it if found */
+
+static int asn1_check_eoc(const unsigned char **in, long len)
+{
+    const unsigned char *p;
+    if (len < 2)
+        return 0;
+    p = *in;
+    if (!p[0] && !p[1]) {
+        *in += 2;
+        return 1;
+    }
+    return 0;
+}
+
+/*
+ * Check an ASN1 tag and length: a bit like ASN1_get_object but it sets the
+ * length for indefinite length constructed form, we don't know the exact
+ * length but we can set an upper bound to the amount of data available minus
+ * the header length just read.
+ */
+
+static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass,
+                           char *inf, char *cst,
+                           const unsigned char **in, long len,
+                           int exptag, int expclass, char opt, ASN1_TLC *ctx)
+{
+    int i;
+    int ptag, pclass;
+    long plen;
+    const unsigned char *p, *q;
+    p = *in;
+    q = p;
+
+    if (ctx && ctx->valid) {
+        i = ctx->ret;
+        plen = ctx->plen;
+        pclass = ctx->pclass;
+        ptag = ctx->ptag;
+        p += ctx->hdrlen;
+    } else {
+        i = ASN1_get_object(&p, &plen, &ptag, &pclass, len);
+        if (ctx) {
+            ctx->ret = i;
+            ctx->plen = plen;
+            ctx->pclass = pclass;
+            ctx->ptag = ptag;
+            ctx->hdrlen = p - q;
+            ctx->valid = 1;
+            /*
+             * If definite length, and no error, length + header can't exceed
+             * total amount of data available.
+             */
+            if (!(i & 0x81) && ((plen + ctx->hdrlen) > len)) {
+                ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_TOO_LONG);
+                asn1_tlc_clear(ctx);
+                return 0;
+            }
+        }
+    }
+
+    if (i & 0x80) {
+        ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_BAD_OBJECT_HEADER);
+        asn1_tlc_clear(ctx);
+        return 0;
+    }
+    if (exptag >= 0) {
+        if ((exptag != ptag) || (expclass != pclass)) {
+            /*
+             * If type is OPTIONAL, not an error: indicate missing type.
+             */
+            if (opt)
+                return -1;
+            asn1_tlc_clear(ctx);
+            ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_WRONG_TAG);
+            return 0;
+        }
+        /*
+         * We have a tag and class match: assume we are going to do something
+         * with it
+         */
+        asn1_tlc_clear(ctx);
+    }
+
+    if (i & 1)
+        plen = len - (p - q);
+
+    if (inf)
+        *inf = i & 1;
+
+    if (cst)
+        *cst = i & V_ASN1_CONSTRUCTED;
+
+    if (olen)
+        *olen = plen;
+
+    if (oclass)
+        *oclass = pclass;
+
+    if (otag)
+        *otag = ptag;
+
+    *in = p;
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tasn_enc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tasn_enc.c
new file mode 100644
index 000000000..30be314ff
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tasn_enc.c
@@ -0,0 +1,609 @@
+/*
+ * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stddef.h>
+#include <string.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+#include "internal/asn1_int.h"
+#include "asn1_locl.h"
+
+static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
+                                 const ASN1_ITEM *it, int tag, int aclass);
+static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out,
+                            int skcontlen, const ASN1_ITEM *item,
+                            int do_sort, int iclass);
+static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
+                                const ASN1_TEMPLATE *tt, int tag, int aclass);
+static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out,
+                               const ASN1_ITEM *it, int flags);
+static int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
+                       const ASN1_ITEM *it);
+
+/*
+ * Top level i2d equivalents: the 'ndef' variant instructs the encoder to use
+ * indefinite length constructed encoding, where appropriate
+ */
+
+int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out,
+                       const ASN1_ITEM *it)
+{
+    return asn1_item_flags_i2d(val, out, it, ASN1_TFLG_NDEF);
+}
+
+int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it)
+{
+    return asn1_item_flags_i2d(val, out, it, 0);
+}
+
+/*
+ * Encode an ASN1 item, this is use by the standard 'i2d' function. 'out'
+ * points to a buffer to output the data to. The new i2d has one additional
+ * feature. If the output buffer is NULL (i.e. *out == NULL) then a buffer is
+ * allocated and populated with the encoding.
+ */
+
+static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out,
+                               const ASN1_ITEM *it, int flags)
+{
+    if (out && !*out) {
+        unsigned char *p, *buf;
+        int len;
+
+        len = ASN1_item_ex_i2d(&val, NULL, it, -1, flags);
+        if (len <= 0)
+            return len;
+        if ((buf = OPENSSL_malloc(len)) == NULL) {
+            ASN1err(ASN1_F_ASN1_ITEM_FLAGS_I2D, ERR_R_MALLOC_FAILURE);
+            return -1;
+        }
+        p = buf;
+        ASN1_item_ex_i2d(&val, &p, it, -1, flags);
+        *out = buf;
+        return len;
+    }
+
+    return ASN1_item_ex_i2d(&val, out, it, -1, flags);
+}
+
+/*
+ * Encode an item, taking care of IMPLICIT tagging (if any). This function
+ * performs the normal item handling: it can be used in external types.
+ */
+
+int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
+                     const ASN1_ITEM *it, int tag, int aclass)
+{
+    const ASN1_TEMPLATE *tt = NULL;
+    int i, seqcontlen, seqlen, ndef = 1;
+    const ASN1_EXTERN_FUNCS *ef;
+    const ASN1_AUX *aux = it->funcs;
+    ASN1_aux_cb *asn1_cb = 0;
+
+    if ((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval)
+        return 0;
+
+    if (aux && aux->asn1_cb)
+        asn1_cb = aux->asn1_cb;
+
+    switch (it->itype) {
+
+    case ASN1_ITYPE_PRIMITIVE:
+        if (it->templates)
+            return asn1_template_ex_i2d(pval, out, it->templates,
+                                        tag, aclass);
+        return asn1_i2d_ex_primitive(pval, out, it, tag, aclass);
+
+    case ASN1_ITYPE_MSTRING:
+        return asn1_i2d_ex_primitive(pval, out, it, -1, aclass);
+
+    case ASN1_ITYPE_CHOICE:
+        if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL))
+            return 0;
+        i = asn1_get_choice_selector(pval, it);
+        if ((i >= 0) && (i < it->tcount)) {
+            ASN1_VALUE **pchval;
+            const ASN1_TEMPLATE *chtt;
+            chtt = it->templates + i;
+            pchval = asn1_get_field_ptr(pval, chtt);
+            return asn1_template_ex_i2d(pchval, out, chtt, -1, aclass);
+        }
+        /* Fixme: error condition if selector out of range */
+        if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it, NULL))
+            return 0;
+        break;
+
+    case ASN1_ITYPE_EXTERN:
+        /* If new style i2d it does all the work */
+        ef = it->funcs;
+        return ef->asn1_ex_i2d(pval, out, it, tag, aclass);
+
+    case ASN1_ITYPE_NDEF_SEQUENCE:
+        /* Use indefinite length constructed if requested */
+        if (aclass & ASN1_TFLG_NDEF)
+            ndef = 2;
+        /* fall through */
+
+    case ASN1_ITYPE_SEQUENCE:
+        i = asn1_enc_restore(&seqcontlen, out, pval, it);
+        /* An error occurred */
+        if (i < 0)
+            return 0;
+        /* We have a valid cached encoding... */
+        if (i > 0)
+            return seqcontlen;
+        /* Otherwise carry on */
+        seqcontlen = 0;
+        /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */
+        if (tag == -1) {
+            tag = V_ASN1_SEQUENCE;
+            /* Retain any other flags in aclass */
+            aclass = (aclass & ~ASN1_TFLG_TAG_CLASS)
+                | V_ASN1_UNIVERSAL;
+        }
+        if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL))
+            return 0;
+        /* First work out sequence content length */
+        for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
+            const ASN1_TEMPLATE *seqtt;
+            ASN1_VALUE **pseqval;
+            int tmplen;
+            seqtt = asn1_do_adb(pval, tt, 1);
+            if (!seqtt)
+                return 0;
+            pseqval = asn1_get_field_ptr(pval, seqtt);
+            tmplen = asn1_template_ex_i2d(pseqval, NULL, seqtt, -1, aclass);
+            if (tmplen == -1 || (tmplen > INT_MAX - seqcontlen))
+                return -1;
+            seqcontlen += tmplen;
+        }
+
+        seqlen = ASN1_object_size(ndef, seqcontlen, tag);
+        if (!out || seqlen == -1)
+            return seqlen;
+        /* Output SEQUENCE header */
+        ASN1_put_object(out, ndef, seqcontlen, tag, aclass);
+        for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
+            const ASN1_TEMPLATE *seqtt;
+            ASN1_VALUE **pseqval;
+            seqtt = asn1_do_adb(pval, tt, 1);
+            if (!seqtt)
+                return 0;
+            pseqval = asn1_get_field_ptr(pval, seqtt);
+            /* FIXME: check for errors in enhanced version */
+            asn1_template_ex_i2d(pseqval, out, seqtt, -1, aclass);
+        }
+        if (ndef == 2)
+            ASN1_put_eoc(out);
+        if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it, NULL))
+            return 0;
+        return seqlen;
+
+    default:
+        return 0;
+
+    }
+    return 0;
+}
+
+static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
+                                const ASN1_TEMPLATE *tt, int tag, int iclass)
+{
+    int i, ret, flags, ttag, tclass, ndef;
+    ASN1_VALUE *tval;
+    flags = tt->flags;
+
+    /*
+     * If field is embedded then val needs fixing so it is a pointer to
+     * a pointer to a field.
+     */
+    if (flags & ASN1_TFLG_EMBED) {
+        tval = (ASN1_VALUE *)pval;
+        pval = &tval;
+    }
+    /*
+     * Work out tag and class to use: tagging may come either from the
+     * template or the arguments, not both because this would create
+     * ambiguity. Additionally the iclass argument may contain some
+     * additional flags which should be noted and passed down to other
+     * levels.
+     */
+    if (flags & ASN1_TFLG_TAG_MASK) {
+        /* Error if argument and template tagging */
+        if (tag != -1)
+            /* FIXME: error code here */
+            return -1;
+        /* Get tagging from template */
+        ttag = tt->tag;
+        tclass = flags & ASN1_TFLG_TAG_CLASS;
+    } else if (tag != -1) {
+        /* No template tagging, get from arguments */
+        ttag = tag;
+        tclass = iclass & ASN1_TFLG_TAG_CLASS;
+    } else {
+        ttag = -1;
+        tclass = 0;
+    }
+    /*
+     * Remove any class mask from iflag.
+     */
+    iclass &= ~ASN1_TFLG_TAG_CLASS;
+
+    /*
+     * At this point 'ttag' contains the outer tag to use, 'tclass' is the
+     * class and iclass is any flags passed to this function.
+     */
+
+    /* if template and arguments require ndef, use it */
+    if ((flags & ASN1_TFLG_NDEF) && (iclass & ASN1_TFLG_NDEF))
+        ndef = 2;
+    else
+        ndef = 1;
+
+    if (flags & ASN1_TFLG_SK_MASK) {
+        /* SET OF, SEQUENCE OF */
+        STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval;
+        int isset, sktag, skaclass;
+        int skcontlen, sklen;
+        ASN1_VALUE *skitem;
+
+        if (!*pval)
+            return 0;
+
+        if (flags & ASN1_TFLG_SET_OF) {
+            isset = 1;
+            /* 2 means we reorder */
+            if (flags & ASN1_TFLG_SEQUENCE_OF)
+                isset = 2;
+        } else
+            isset = 0;
+
+        /*
+         * Work out inner tag value: if EXPLICIT or no tagging use underlying
+         * type.
+         */
+        if ((ttag != -1) && !(flags & ASN1_TFLG_EXPTAG)) {
+            sktag = ttag;
+            skaclass = tclass;
+        } else {
+            skaclass = V_ASN1_UNIVERSAL;
+            if (isset)
+                sktag = V_ASN1_SET;
+            else
+                sktag = V_ASN1_SEQUENCE;
+        }
+
+        /* Determine total length of items */
+        skcontlen = 0;
+        for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
+            int tmplen;
+            skitem = sk_ASN1_VALUE_value(sk, i);
+            tmplen = ASN1_item_ex_i2d(&skitem, NULL, ASN1_ITEM_ptr(tt->item),
+                                      -1, iclass);
+            if (tmplen == -1 || (skcontlen > INT_MAX - tmplen))
+                return -1;
+            skcontlen += tmplen;
+        }
+        sklen = ASN1_object_size(ndef, skcontlen, sktag);
+        if (sklen == -1)
+            return -1;
+        /* If EXPLICIT need length of surrounding tag */
+        if (flags & ASN1_TFLG_EXPTAG)
+            ret = ASN1_object_size(ndef, sklen, ttag);
+        else
+            ret = sklen;
+
+        if (!out || ret == -1)
+            return ret;
+
+        /* Now encode this lot... */
+        /* EXPLICIT tag */
+        if (flags & ASN1_TFLG_EXPTAG)
+            ASN1_put_object(out, ndef, sklen, ttag, tclass);
+        /* SET or SEQUENCE and IMPLICIT tag */
+        ASN1_put_object(out, ndef, skcontlen, sktag, skaclass);
+        /* And the stuff itself */
+        asn1_set_seq_out(sk, out, skcontlen, ASN1_ITEM_ptr(tt->item),
+                         isset, iclass);
+        if (ndef == 2) {
+            ASN1_put_eoc(out);
+            if (flags & ASN1_TFLG_EXPTAG)
+                ASN1_put_eoc(out);
+        }
+
+        return ret;
+    }
+
+    if (flags & ASN1_TFLG_EXPTAG) {
+        /* EXPLICIT tagging */
+        /* Find length of tagged item */
+        i = ASN1_item_ex_i2d(pval, NULL, ASN1_ITEM_ptr(tt->item), -1, iclass);
+        if (!i)
+            return 0;
+        /* Find length of EXPLICIT tag */
+        ret = ASN1_object_size(ndef, i, ttag);
+        if (out && ret != -1) {
+            /* Output tag and item */
+            ASN1_put_object(out, ndef, i, ttag, tclass);
+            ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), -1, iclass);
+            if (ndef == 2)
+                ASN1_put_eoc(out);
+        }
+        return ret;
+    }
+
+    /* Either normal or IMPLICIT tagging: combine class and flags */
+    return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item),
+                            ttag, tclass | iclass);
+
+}
+
+/* Temporary structure used to hold DER encoding of items for SET OF */
+
+typedef struct {
+    unsigned char *data;
+    int length;
+    ASN1_VALUE *field;
+} DER_ENC;
+
+static int der_cmp(const void *a, const void *b)
+{
+    const DER_ENC *d1 = a, *d2 = b;
+    int cmplen, i;
+    cmplen = (d1->length < d2->length) ? d1->length : d2->length;
+    i = memcmp(d1->data, d2->data, cmplen);
+    if (i)
+        return i;
+    return d1->length - d2->length;
+}
+
+/* Output the content octets of SET OF or SEQUENCE OF */
+
+static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out,
+                            int skcontlen, const ASN1_ITEM *item,
+                            int do_sort, int iclass)
+{
+    int i;
+    ASN1_VALUE *skitem;
+    unsigned char *tmpdat = NULL, *p = NULL;
+    DER_ENC *derlst = NULL, *tder;
+    if (do_sort) {
+        /* Don't need to sort less than 2 items */
+        if (sk_ASN1_VALUE_num(sk) < 2)
+            do_sort = 0;
+        else {
+            derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk)
+                                    * sizeof(*derlst));
+            if (derlst == NULL)
+                return 0;
+            tmpdat = OPENSSL_malloc(skcontlen);
+            if (tmpdat == NULL) {
+                OPENSSL_free(derlst);
+                return 0;
+            }
+        }
+    }
+    /* If not sorting just output each item */
+    if (!do_sort) {
+        for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
+            skitem = sk_ASN1_VALUE_value(sk, i);
+            ASN1_item_ex_i2d(&skitem, out, item, -1, iclass);
+        }
+        return 1;
+    }
+    p = tmpdat;
+
+    /* Doing sort: build up a list of each member's DER encoding */
+    for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) {
+        skitem = sk_ASN1_VALUE_value(sk, i);
+        tder->data = p;
+        tder->length = ASN1_item_ex_i2d(&skitem, &p, item, -1, iclass);
+        tder->field = skitem;
+    }
+
+    /* Now sort them */
+    qsort(derlst, sk_ASN1_VALUE_num(sk), sizeof(*derlst), der_cmp);
+    /* Output sorted DER encoding */
+    p = *out;
+    for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) {
+        memcpy(p, tder->data, tder->length);
+        p += tder->length;
+    }
+    *out = p;
+    /* If do_sort is 2 then reorder the STACK */
+    if (do_sort == 2) {
+        for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++)
+            (void)sk_ASN1_VALUE_set(sk, i, tder->field);
+    }
+    OPENSSL_free(derlst);
+    OPENSSL_free(tmpdat);
+    return 1;
+}
+
+static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
+                                 const ASN1_ITEM *it, int tag, int aclass)
+{
+    int len;
+    int utype;
+    int usetag;
+    int ndef = 0;
+
+    utype = it->utype;
+
+    /*
+     * Get length of content octets and maybe find out the underlying type.
+     */
+
+    len = asn1_ex_i2c(pval, NULL, &utype, it);
+
+    /*
+     * If SEQUENCE, SET or OTHER then header is included in pseudo content
+     * octets so don't include tag+length. We need to check here because the
+     * call to asn1_ex_i2c() could change utype.
+     */
+    if ((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) ||
+        (utype == V_ASN1_OTHER))
+        usetag = 0;
+    else
+        usetag = 1;
+
+    /* -1 means omit type */
+
+    if (len == -1)
+        return 0;
+
+    /* -2 return is special meaning use ndef */
+    if (len == -2) {
+        ndef = 2;
+        len = 0;
+    }
+
+    /* If not implicitly tagged get tag from underlying type */
+    if (tag == -1)
+        tag = utype;
+
+    /* Output tag+length followed by content octets */
+    if (out) {
+        if (usetag)
+            ASN1_put_object(out, ndef, len, tag, aclass);
+        asn1_ex_i2c(pval, *out, &utype, it);
+        if (ndef)
+            ASN1_put_eoc(out);
+        else
+            *out += len;
+    }
+
+    if (usetag)
+        return ASN1_object_size(ndef, len, tag);
+    return len;
+}
+
+/* Produce content octets from a structure */
+
+static int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
+                       const ASN1_ITEM *it)
+{
+    ASN1_BOOLEAN *tbool = NULL;
+    ASN1_STRING *strtmp;
+    ASN1_OBJECT *otmp;
+    int utype;
+    const unsigned char *cont;
+    unsigned char c;
+    int len;
+    const ASN1_PRIMITIVE_FUNCS *pf;
+    pf = it->funcs;
+    if (pf && pf->prim_i2c)
+        return pf->prim_i2c(pval, cout, putype, it);
+
+    /* Should type be omitted? */
+    if ((it->itype != ASN1_ITYPE_PRIMITIVE)
+        || (it->utype != V_ASN1_BOOLEAN)) {
+        if (!*pval)
+            return -1;
+    }
+
+    if (it->itype == ASN1_ITYPE_MSTRING) {
+        /* If MSTRING type set the underlying type */
+        strtmp = (ASN1_STRING *)*pval;
+        utype = strtmp->type;
+        *putype = utype;
+    } else if (it->utype == V_ASN1_ANY) {
+        /* If ANY set type and pointer to value */
+        ASN1_TYPE *typ;
+        typ = (ASN1_TYPE *)*pval;
+        utype = typ->type;
+        *putype = utype;
+        pval = &typ->value.asn1_value;
+    } else
+        utype = *putype;
+
+    switch (utype) {
+    case V_ASN1_OBJECT:
+        otmp = (ASN1_OBJECT *)*pval;
+        cont = otmp->data;
+        len = otmp->length;
+        if (cont == NULL || len == 0)
+            return -1;
+        break;
+
+    case V_ASN1_NULL:
+        cont = NULL;
+        len = 0;
+        break;
+
+    case V_ASN1_BOOLEAN:
+        tbool = (ASN1_BOOLEAN *)pval;
+        if (*tbool == -1)
+            return -1;
+        if (it->utype != V_ASN1_ANY) {
+            /*
+             * Default handling if value == size field then omit
+             */
+            if (*tbool && (it->size > 0))
+                return -1;
+            if (!*tbool && !it->size)
+                return -1;
+        }
+        c = (unsigned char)*tbool;
+        cont = &c;
+        len = 1;
+        break;
+
+    case V_ASN1_BIT_STRING:
+        return i2c_ASN1_BIT_STRING((ASN1_BIT_STRING *)*pval,
+                                   cout ? &cout : NULL);
+
+    case V_ASN1_INTEGER:
+    case V_ASN1_ENUMERATED:
+        /*
+         * These are all have the same content format as ASN1_INTEGER
+         */
+        return i2c_ASN1_INTEGER((ASN1_INTEGER *)*pval, cout ? &cout : NULL);
+
+    case V_ASN1_OCTET_STRING:
+    case V_ASN1_NUMERICSTRING:
+    case V_ASN1_PRINTABLESTRING:
+    case V_ASN1_T61STRING:
+    case V_ASN1_VIDEOTEXSTRING:
+    case V_ASN1_IA5STRING:
+    case V_ASN1_UTCTIME:
+    case V_ASN1_GENERALIZEDTIME:
+    case V_ASN1_GRAPHICSTRING:
+    case V_ASN1_VISIBLESTRING:
+    case V_ASN1_GENERALSTRING:
+    case V_ASN1_UNIVERSALSTRING:
+    case V_ASN1_BMPSTRING:
+    case V_ASN1_UTF8STRING:
+    case V_ASN1_SEQUENCE:
+    case V_ASN1_SET:
+    default:
+        /* All based on ASN1_STRING and handled the same */
+        strtmp = (ASN1_STRING *)*pval;
+        /* Special handling for NDEF */
+        if ((it->size == ASN1_TFLG_NDEF)
+            && (strtmp->flags & ASN1_STRING_FLAG_NDEF)) {
+            if (cout) {
+                strtmp->data = cout;
+                strtmp->length = 0;
+            }
+            /* Special return code */
+            return -2;
+        }
+        cont = strtmp->data;
+        len = strtmp->length;
+
+        break;
+
+    }
+    if (cout && len)
+        memcpy(cout, cont, len);
+    return len;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tasn_fre.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tasn_fre.c
new file mode 100644
index 000000000..bbce489fe
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tasn_fre.c
@@ -0,0 +1,208 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stddef.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+#include "asn1_locl.h"
+
+/* Free up an ASN1 structure */
+
+void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it)
+{
+    asn1_item_embed_free(&val, it, 0);
+}
+
+void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    asn1_item_embed_free(pval, it, 0);
+}
+
+void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed)
+{
+    const ASN1_TEMPLATE *tt = NULL, *seqtt;
+    const ASN1_EXTERN_FUNCS *ef;
+    const ASN1_AUX *aux = it->funcs;
+    ASN1_aux_cb *asn1_cb;
+    int i;
+
+    if (!pval)
+        return;
+    if ((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval)
+        return;
+    if (aux && aux->asn1_cb)
+        asn1_cb = aux->asn1_cb;
+    else
+        asn1_cb = 0;
+
+    switch (it->itype) {
+
+    case ASN1_ITYPE_PRIMITIVE:
+        if (it->templates)
+            asn1_template_free(pval, it->templates);
+        else
+            asn1_primitive_free(pval, it, embed);
+        break;
+
+    case ASN1_ITYPE_MSTRING:
+        asn1_primitive_free(pval, it, embed);
+        break;
+
+    case ASN1_ITYPE_CHOICE:
+        if (asn1_cb) {
+            i = asn1_cb(ASN1_OP_FREE_PRE, pval, it, NULL);
+            if (i == 2)
+                return;
+        }
+        i = asn1_get_choice_selector(pval, it);
+        if ((i >= 0) && (i < it->tcount)) {
+            ASN1_VALUE **pchval;
+
+            tt = it->templates + i;
+            pchval = asn1_get_field_ptr(pval, tt);
+            asn1_template_free(pchval, tt);
+        }
+        if (asn1_cb)
+            asn1_cb(ASN1_OP_FREE_POST, pval, it, NULL);
+        if (embed == 0) {
+            OPENSSL_free(*pval);
+            *pval = NULL;
+        }
+        break;
+
+    case ASN1_ITYPE_EXTERN:
+        ef = it->funcs;
+        if (ef && ef->asn1_ex_free)
+            ef->asn1_ex_free(pval, it);
+        break;
+
+    case ASN1_ITYPE_NDEF_SEQUENCE:
+    case ASN1_ITYPE_SEQUENCE:
+        if (asn1_do_lock(pval, -1, it) != 0) /* if error or ref-counter > 0 */
+            return;
+        if (asn1_cb) {
+            i = asn1_cb(ASN1_OP_FREE_PRE, pval, it, NULL);
+            if (i == 2)
+                return;
+        }
+        asn1_enc_free(pval, it);
+        /*
+         * If we free up as normal we will invalidate any ANY DEFINED BY
+         * field and we won't be able to determine the type of the field it
+         * defines. So free up in reverse order.
+         */
+        tt = it->templates + it->tcount;
+        for (i = 0; i < it->tcount; i++) {
+            ASN1_VALUE **pseqval;
+
+            tt--;
+            seqtt = asn1_do_adb(pval, tt, 0);
+            if (!seqtt)
+                continue;
+            pseqval = asn1_get_field_ptr(pval, seqtt);
+            asn1_template_free(pseqval, seqtt);
+        }
+        if (asn1_cb)
+            asn1_cb(ASN1_OP_FREE_POST, pval, it, NULL);
+        if (embed == 0) {
+            OPENSSL_free(*pval);
+            *pval = NULL;
+        }
+        break;
+    }
+}
+
+void asn1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
+{
+    int embed = tt->flags & ASN1_TFLG_EMBED;
+    ASN1_VALUE *tval;
+    if (embed) {
+        tval = (ASN1_VALUE *)pval;
+        pval = &tval;
+    }
+    if (tt->flags & ASN1_TFLG_SK_MASK) {
+        STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval;
+        int i;
+
+        for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
+            ASN1_VALUE *vtmp = sk_ASN1_VALUE_value(sk, i);
+
+            asn1_item_embed_free(&vtmp, ASN1_ITEM_ptr(tt->item), embed);
+        }
+        sk_ASN1_VALUE_free(sk);
+        *pval = NULL;
+    } else {
+        asn1_item_embed_free(pval, ASN1_ITEM_ptr(tt->item), embed);
+    }
+}
+
+void asn1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed)
+{
+    int utype;
+
+    /* Special case: if 'it' is a primitive with a free_func, use that. */
+    if (it) {
+        const ASN1_PRIMITIVE_FUNCS *pf = it->funcs;
+
+        if (embed) {
+            if (pf && pf->prim_clear) {
+                pf->prim_clear(pval, it);
+                return;
+            }
+        } else if (pf && pf->prim_free) {
+            pf->prim_free(pval, it);
+            return;
+        }
+    }
+
+    /* Special case: if 'it' is NULL, free contents of ASN1_TYPE */
+    if (!it) {
+        ASN1_TYPE *typ = (ASN1_TYPE *)*pval;
+
+        utype = typ->type;
+        pval = &typ->value.asn1_value;
+        if (!*pval)
+            return;
+    } else if (it->itype == ASN1_ITYPE_MSTRING) {
+        utype = -1;
+        if (!*pval)
+            return;
+    } else {
+        utype = it->utype;
+        if ((utype != V_ASN1_BOOLEAN) && !*pval)
+            return;
+    }
+
+    switch (utype) {
+    case V_ASN1_OBJECT:
+        ASN1_OBJECT_free((ASN1_OBJECT *)*pval);
+        break;
+
+    case V_ASN1_BOOLEAN:
+        if (it)
+            *(ASN1_BOOLEAN *)pval = it->size;
+        else
+            *(ASN1_BOOLEAN *)pval = -1;
+        return;
+
+    case V_ASN1_NULL:
+        break;
+
+    case V_ASN1_ANY:
+        asn1_primitive_free(pval, NULL, 0);
+        OPENSSL_free(*pval);
+        break;
+
+    default:
+        asn1_string_embed_free((ASN1_STRING *)*pval, embed);
+        break;
+    }
+    *pval = NULL;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tasn_new.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tasn_new.c
new file mode 100644
index 000000000..6b8ea8ddd
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tasn_new.c
@@ -0,0 +1,349 @@
+/*
+ * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stddef.h>
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/err.h>
+#include <openssl/asn1t.h>
+#include <string.h>
+#include "asn1_locl.h"
+
+static int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
+                               int embed);
+static int asn1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
+                              int embed);
+static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
+static int asn1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
+static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
+static void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it)
+{
+    ASN1_VALUE *ret = NULL;
+    if (ASN1_item_ex_new(&ret, it) > 0)
+        return ret;
+    return NULL;
+}
+
+/* Allocate an ASN1 structure */
+
+int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    return asn1_item_embed_new(pval, it, 0);
+}
+
+int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed)
+{
+    const ASN1_TEMPLATE *tt = NULL;
+    const ASN1_EXTERN_FUNCS *ef;
+    const ASN1_AUX *aux = it->funcs;
+    ASN1_aux_cb *asn1_cb;
+    ASN1_VALUE **pseqval;
+    int i;
+    if (aux && aux->asn1_cb)
+        asn1_cb = aux->asn1_cb;
+    else
+        asn1_cb = 0;
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    OPENSSL_mem_debug_push(it->sname ? it->sname : "asn1_item_embed_new");
+#endif
+
+    switch (it->itype) {
+
+    case ASN1_ITYPE_EXTERN:
+        ef = it->funcs;
+        if (ef && ef->asn1_ex_new) {
+            if (!ef->asn1_ex_new(pval, it))
+                goto memerr;
+        }
+        break;
+
+    case ASN1_ITYPE_PRIMITIVE:
+        if (it->templates) {
+            if (!asn1_template_new(pval, it->templates))
+                goto memerr;
+        } else if (!asn1_primitive_new(pval, it, embed))
+            goto memerr;
+        break;
+
+    case ASN1_ITYPE_MSTRING:
+        if (!asn1_primitive_new(pval, it, embed))
+            goto memerr;
+        break;
+
+    case ASN1_ITYPE_CHOICE:
+        if (asn1_cb) {
+            i = asn1_cb(ASN1_OP_NEW_PRE, pval, it, NULL);
+            if (!i)
+                goto auxerr;
+            if (i == 2) {
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+                OPENSSL_mem_debug_pop();
+#endif
+                return 1;
+            }
+        }
+        if (embed) {
+            memset(*pval, 0, it->size);
+        } else {
+            *pval = OPENSSL_zalloc(it->size);
+            if (*pval == NULL)
+                goto memerr;
+        }
+        asn1_set_choice_selector(pval, -1, it);
+        if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL))
+            goto auxerr2;
+        break;
+
+    case ASN1_ITYPE_NDEF_SEQUENCE:
+    case ASN1_ITYPE_SEQUENCE:
+        if (asn1_cb) {
+            i = asn1_cb(ASN1_OP_NEW_PRE, pval, it, NULL);
+            if (!i)
+                goto auxerr;
+            if (i == 2) {
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+                OPENSSL_mem_debug_pop();
+#endif
+                return 1;
+            }
+        }
+        if (embed) {
+            memset(*pval, 0, it->size);
+        } else {
+            *pval = OPENSSL_zalloc(it->size);
+            if (*pval == NULL)
+                goto memerr;
+        }
+        /* 0 : init. lock */
+        if (asn1_do_lock(pval, 0, it) < 0) {
+            if (!embed) {
+                OPENSSL_free(*pval);
+                *pval = NULL;
+            }
+            goto memerr;
+        }
+        asn1_enc_init(pval, it);
+        for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
+            pseqval = asn1_get_field_ptr(pval, tt);
+            if (!asn1_template_new(pseqval, tt))
+                goto memerr2;
+        }
+        if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL))
+            goto auxerr2;
+        break;
+    }
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    OPENSSL_mem_debug_pop();
+#endif
+    return 1;
+
+ memerr2:
+    asn1_item_embed_free(pval, it, embed);
+ memerr:
+    ASN1err(ASN1_F_ASN1_ITEM_EMBED_NEW, ERR_R_MALLOC_FAILURE);
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    OPENSSL_mem_debug_pop();
+#endif
+    return 0;
+
+ auxerr2:
+    asn1_item_embed_free(pval, it, embed);
+ auxerr:
+    ASN1err(ASN1_F_ASN1_ITEM_EMBED_NEW, ASN1_R_AUX_ERROR);
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    OPENSSL_mem_debug_pop();
+#endif
+    return 0;
+
+}
+
+static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    const ASN1_EXTERN_FUNCS *ef;
+
+    switch (it->itype) {
+
+    case ASN1_ITYPE_EXTERN:
+        ef = it->funcs;
+        if (ef && ef->asn1_ex_clear)
+            ef->asn1_ex_clear(pval, it);
+        else
+            *pval = NULL;
+        break;
+
+    case ASN1_ITYPE_PRIMITIVE:
+        if (it->templates)
+            asn1_template_clear(pval, it->templates);
+        else
+            asn1_primitive_clear(pval, it);
+        break;
+
+    case ASN1_ITYPE_MSTRING:
+        asn1_primitive_clear(pval, it);
+        break;
+
+    case ASN1_ITYPE_CHOICE:
+    case ASN1_ITYPE_SEQUENCE:
+    case ASN1_ITYPE_NDEF_SEQUENCE:
+        *pval = NULL;
+        break;
+    }
+}
+
+static int asn1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
+{
+    const ASN1_ITEM *it = ASN1_ITEM_ptr(tt->item);
+    int embed = tt->flags & ASN1_TFLG_EMBED;
+    ASN1_VALUE *tval;
+    int ret;
+    if (embed) {
+        tval = (ASN1_VALUE *)pval;
+        pval = &tval;
+    }
+    if (tt->flags & ASN1_TFLG_OPTIONAL) {
+        asn1_template_clear(pval, tt);
+        return 1;
+    }
+    /* If ANY DEFINED BY nothing to do */
+
+    if (tt->flags & ASN1_TFLG_ADB_MASK) {
+        *pval = NULL;
+        return 1;
+    }
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    OPENSSL_mem_debug_push(tt->field_name
+            ? tt->field_name : "asn1_template_new");
+#endif
+    /* If SET OF or SEQUENCE OF, its a STACK */
+    if (tt->flags & ASN1_TFLG_SK_MASK) {
+        STACK_OF(ASN1_VALUE) *skval;
+        skval = sk_ASN1_VALUE_new_null();
+        if (!skval) {
+            ASN1err(ASN1_F_ASN1_TEMPLATE_NEW, ERR_R_MALLOC_FAILURE);
+            ret = 0;
+            goto done;
+        }
+        *pval = (ASN1_VALUE *)skval;
+        ret = 1;
+        goto done;
+    }
+    /* Otherwise pass it back to the item routine */
+    ret = asn1_item_embed_new(pval, it, embed);
+ done:
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    OPENSSL_mem_debug_pop();
+#endif
+    return ret;
+}
+
+static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
+{
+    /* If ADB or STACK just NULL the field */
+    if (tt->flags & (ASN1_TFLG_ADB_MASK | ASN1_TFLG_SK_MASK))
+        *pval = NULL;
+    else
+        asn1_item_clear(pval, ASN1_ITEM_ptr(tt->item));
+}
+
+/*
+ * NB: could probably combine most of the real XXX_new() behaviour and junk
+ * all the old functions.
+ */
+
+static int asn1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
+                              int embed)
+{
+    ASN1_TYPE *typ;
+    ASN1_STRING *str;
+    int utype;
+
+    if (!it)
+        return 0;
+
+    if (it->funcs) {
+        const ASN1_PRIMITIVE_FUNCS *pf = it->funcs;
+        if (embed) {
+            if (pf->prim_clear) {
+                pf->prim_clear(pval, it);
+                return 1;
+            }
+        } else if (pf->prim_new) {
+            return pf->prim_new(pval, it);
+        }
+    }
+
+    if (it->itype == ASN1_ITYPE_MSTRING)
+        utype = -1;
+    else
+        utype = it->utype;
+    switch (utype) {
+    case V_ASN1_OBJECT:
+        *pval = (ASN1_VALUE *)OBJ_nid2obj(NID_undef);
+        return 1;
+
+    case V_ASN1_BOOLEAN:
+        *(ASN1_BOOLEAN *)pval = it->size;
+        return 1;
+
+    case V_ASN1_NULL:
+        *pval = (ASN1_VALUE *)1;
+        return 1;
+
+    case V_ASN1_ANY:
+        if ((typ = OPENSSL_malloc(sizeof(*typ))) == NULL) {
+            ASN1err(ASN1_F_ASN1_PRIMITIVE_NEW, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        typ->value.ptr = NULL;
+        typ->type = -1;
+        *pval = (ASN1_VALUE *)typ;
+        break;
+
+    default:
+        if (embed) {
+            str = *(ASN1_STRING **)pval;
+            memset(str, 0, sizeof(*str));
+            str->type = utype;
+            str->flags = ASN1_STRING_FLAG_EMBED;
+        } else {
+            str = ASN1_STRING_type_new(utype);
+            *pval = (ASN1_VALUE *)str;
+        }
+        if (it->itype == ASN1_ITYPE_MSTRING && str)
+            str->flags |= ASN1_STRING_FLAG_MSTRING;
+        break;
+    }
+    if (*pval)
+        return 1;
+    return 0;
+}
+
+static void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    int utype;
+    if (it && it->funcs) {
+        const ASN1_PRIMITIVE_FUNCS *pf = it->funcs;
+        if (pf->prim_clear)
+            pf->prim_clear(pval, it);
+        else
+            *pval = NULL;
+        return;
+    }
+    if (!it || (it->itype == ASN1_ITYPE_MSTRING))
+        utype = -1;
+    else
+        utype = it->utype;
+    if (utype == V_ASN1_BOOLEAN)
+        *(ASN1_BOOLEAN *)pval = it->size;
+    else
+        *pval = NULL;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tasn_prn.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tasn_prn.c
new file mode 100644
index 000000000..1fb66f106
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tasn_prn.c
@@ -0,0 +1,539 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stddef.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+#include <openssl/x509v3.h>
+#include "internal/asn1_int.h"
+#include "asn1_locl.h"
+
+/*
+ * Print routines.
+ */
+
+/* ASN1_PCTX routines */
+
+static ASN1_PCTX default_pctx = {
+    ASN1_PCTX_FLAGS_SHOW_ABSENT, /* flags */
+    0,                          /* nm_flags */
+    0,                          /* cert_flags */
+    0,                          /* oid_flags */
+    0                           /* str_flags */
+};
+
+ASN1_PCTX *ASN1_PCTX_new(void)
+{
+    ASN1_PCTX *ret;
+
+    ret = OPENSSL_zalloc(sizeof(*ret));
+    if (ret == NULL) {
+        ASN1err(ASN1_F_ASN1_PCTX_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    return ret;
+}
+
+void ASN1_PCTX_free(ASN1_PCTX *p)
+{
+    OPENSSL_free(p);
+}
+
+unsigned long ASN1_PCTX_get_flags(const ASN1_PCTX *p)
+{
+    return p->flags;
+}
+
+void ASN1_PCTX_set_flags(ASN1_PCTX *p, unsigned long flags)
+{
+    p->flags = flags;
+}
+
+unsigned long ASN1_PCTX_get_nm_flags(const ASN1_PCTX *p)
+{
+    return p->nm_flags;
+}
+
+void ASN1_PCTX_set_nm_flags(ASN1_PCTX *p, unsigned long flags)
+{
+    p->nm_flags = flags;
+}
+
+unsigned long ASN1_PCTX_get_cert_flags(const ASN1_PCTX *p)
+{
+    return p->cert_flags;
+}
+
+void ASN1_PCTX_set_cert_flags(ASN1_PCTX *p, unsigned long flags)
+{
+    p->cert_flags = flags;
+}
+
+unsigned long ASN1_PCTX_get_oid_flags(const ASN1_PCTX *p)
+{
+    return p->oid_flags;
+}
+
+void ASN1_PCTX_set_oid_flags(ASN1_PCTX *p, unsigned long flags)
+{
+    p->oid_flags = flags;
+}
+
+unsigned long ASN1_PCTX_get_str_flags(const ASN1_PCTX *p)
+{
+    return p->str_flags;
+}
+
+void ASN1_PCTX_set_str_flags(ASN1_PCTX *p, unsigned long flags)
+{
+    p->str_flags = flags;
+}
+
+/* Main print routines */
+
+static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
+                               const ASN1_ITEM *it,
+                               const char *fname, const char *sname,
+                               int nohdr, const ASN1_PCTX *pctx);
+
+static int asn1_template_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
+                            const ASN1_TEMPLATE *tt, const ASN1_PCTX *pctx);
+
+static int asn1_primitive_print(BIO *out, ASN1_VALUE **fld,
+                                const ASN1_ITEM *it, int indent,
+                                const char *fname, const char *sname,
+                                const ASN1_PCTX *pctx);
+
+static int asn1_print_fsname(BIO *out, int indent,
+                             const char *fname, const char *sname,
+                             const ASN1_PCTX *pctx);
+
+int ASN1_item_print(BIO *out, ASN1_VALUE *ifld, int indent,
+                    const ASN1_ITEM *it, const ASN1_PCTX *pctx)
+{
+    const char *sname;
+    if (pctx == NULL)
+        pctx = &default_pctx;
+    if (pctx->flags & ASN1_PCTX_FLAGS_NO_STRUCT_NAME)
+        sname = NULL;
+    else
+        sname = it->sname;
+    return asn1_item_print_ctx(out, &ifld, indent, it, NULL, sname, 0, pctx);
+}
+
+static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
+                               const ASN1_ITEM *it,
+                               const char *fname, const char *sname,
+                               int nohdr, const ASN1_PCTX *pctx)
+{
+    const ASN1_TEMPLATE *tt;
+    const ASN1_EXTERN_FUNCS *ef;
+    ASN1_VALUE **tmpfld;
+    const ASN1_AUX *aux = it->funcs;
+    ASN1_aux_cb *asn1_cb;
+    ASN1_PRINT_ARG parg;
+    int i;
+    if (aux && aux->asn1_cb) {
+        parg.out = out;
+        parg.indent = indent;
+        parg.pctx = pctx;
+        asn1_cb = aux->asn1_cb;
+    } else
+        asn1_cb = 0;
+
+   if (((it->itype != ASN1_ITYPE_PRIMITIVE)
+       || (it->utype != V_ASN1_BOOLEAN)) && *fld == NULL) {
+        if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_ABSENT) {
+            if (!nohdr && !asn1_print_fsname(out, indent, fname, sname, pctx))
+                return 0;
+            if (BIO_puts(out, "<ABSENT>\n") <= 0)
+                return 0;
+        }
+        return 1;
+    }
+
+    switch (it->itype) {
+    case ASN1_ITYPE_PRIMITIVE:
+        if (it->templates) {
+            if (!asn1_template_print_ctx(out, fld, indent,
+                                         it->templates, pctx))
+                return 0;
+            break;
+        }
+        /* fall through */
+    case ASN1_ITYPE_MSTRING:
+        if (!asn1_primitive_print(out, fld, it, indent, fname, sname, pctx))
+            return 0;
+        break;
+
+    case ASN1_ITYPE_EXTERN:
+        if (!nohdr && !asn1_print_fsname(out, indent, fname, sname, pctx))
+            return 0;
+        /* Use new style print routine if possible */
+        ef = it->funcs;
+        if (ef && ef->asn1_ex_print) {
+            i = ef->asn1_ex_print(out, fld, indent, "", pctx);
+            if (!i)
+                return 0;
+            if ((i == 2) && (BIO_puts(out, "\n") <= 0))
+                return 0;
+            return 1;
+        } else if (sname &&
+                   BIO_printf(out, ":EXTERNAL TYPE %s\n", sname) <= 0)
+            return 0;
+        break;
+
+    case ASN1_ITYPE_CHOICE:
+        /* CHOICE type, get selector */
+        i = asn1_get_choice_selector(fld, it);
+        /* This should never happen... */
+        if ((i < 0) || (i >= it->tcount)) {
+            if (BIO_printf(out, "ERROR: selector [%d] invalid\n", i) <= 0)
+                return 0;
+            return 1;
+        }
+        tt = it->templates + i;
+        tmpfld = asn1_get_field_ptr(fld, tt);
+        if (!asn1_template_print_ctx(out, tmpfld, indent, tt, pctx))
+            return 0;
+        break;
+
+    case ASN1_ITYPE_SEQUENCE:
+    case ASN1_ITYPE_NDEF_SEQUENCE:
+        if (!nohdr && !asn1_print_fsname(out, indent, fname, sname, pctx))
+            return 0;
+        if (fname || sname) {
+            if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_SEQUENCE) {
+                if (BIO_puts(out, " {\n") <= 0)
+                    return 0;
+            } else {
+                if (BIO_puts(out, "\n") <= 0)
+                    return 0;
+            }
+        }
+
+        if (asn1_cb) {
+            i = asn1_cb(ASN1_OP_PRINT_PRE, fld, it, &parg);
+            if (i == 0)
+                return 0;
+            if (i == 2)
+                return 1;
+        }
+
+        /* Print each field entry */
+        for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
+            const ASN1_TEMPLATE *seqtt;
+            seqtt = asn1_do_adb(fld, tt, 1);
+            if (!seqtt)
+                return 0;
+            tmpfld = asn1_get_field_ptr(fld, seqtt);
+            if (!asn1_template_print_ctx(out, tmpfld,
+                                         indent + 2, seqtt, pctx))
+                return 0;
+        }
+        if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_SEQUENCE) {
+            if (BIO_printf(out, "%*s}\n", indent, "") < 0)
+                return 0;
+        }
+
+        if (asn1_cb) {
+            i = asn1_cb(ASN1_OP_PRINT_POST, fld, it, &parg);
+            if (i == 0)
+                return 0;
+        }
+        break;
+
+    default:
+        BIO_printf(out, "Unprocessed type %d\n", it->itype);
+        return 0;
+    }
+
+    return 1;
+}
+
+static int asn1_template_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
+                            const ASN1_TEMPLATE *tt, const ASN1_PCTX *pctx)
+{
+    int i, flags;
+    const char *sname, *fname;
+    ASN1_VALUE *tfld;
+    flags = tt->flags;
+    if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME)
+        sname = ASN1_ITEM_ptr(tt->item)->sname;
+    else
+        sname = NULL;
+    if (pctx->flags & ASN1_PCTX_FLAGS_NO_FIELD_NAME)
+        fname = NULL;
+    else
+        fname = tt->field_name;
+
+    /*
+     * If field is embedded then fld needs fixing so it is a pointer to
+     * a pointer to a field.
+     */
+    if (flags & ASN1_TFLG_EMBED) {
+        tfld = (ASN1_VALUE *)fld;
+        fld = &tfld;
+    }
+
+    if (flags & ASN1_TFLG_SK_MASK) {
+        char *tname;
+        ASN1_VALUE *skitem;
+        STACK_OF(ASN1_VALUE) *stack;
+
+        /* SET OF, SEQUENCE OF */
+        if (fname) {
+            if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_SSOF) {
+                if (flags & ASN1_TFLG_SET_OF)
+                    tname = "SET";
+                else
+                    tname = "SEQUENCE";
+                if (BIO_printf(out, "%*s%s OF %s {\n",
+                               indent, "", tname, tt->field_name) <= 0)
+                    return 0;
+            } else if (BIO_printf(out, "%*s%s:\n", indent, "", fname) <= 0)
+                return 0;
+        }
+        stack = (STACK_OF(ASN1_VALUE) *)*fld;
+        for (i = 0; i < sk_ASN1_VALUE_num(stack); i++) {
+            if ((i > 0) && (BIO_puts(out, "\n") <= 0))
+                return 0;
+
+            skitem = sk_ASN1_VALUE_value(stack, i);
+            if (!asn1_item_print_ctx(out, &skitem, indent + 2,
+                                     ASN1_ITEM_ptr(tt->item), NULL, NULL, 1,
+                                     pctx))
+                return 0;
+        }
+        if (i == 0 && BIO_printf(out, "%*s<%s>\n", indent + 2, "",
+                                 stack == NULL ? "ABSENT" : "EMPTY") <= 0)
+            return 0;
+        if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_SEQUENCE) {
+            if (BIO_printf(out, "%*s}\n", indent, "") <= 0)
+                return 0;
+        }
+        return 1;
+    }
+    return asn1_item_print_ctx(out, fld, indent, ASN1_ITEM_ptr(tt->item),
+                               fname, sname, 0, pctx);
+}
+
+static int asn1_print_fsname(BIO *out, int indent,
+                             const char *fname, const char *sname,
+                             const ASN1_PCTX *pctx)
+{
+    static const char spaces[] = "                    ";
+    static const int nspaces = sizeof(spaces) - 1;
+
+    while (indent > nspaces) {
+        if (BIO_write(out, spaces, nspaces) != nspaces)
+            return 0;
+        indent -= nspaces;
+    }
+    if (BIO_write(out, spaces, indent) != indent)
+        return 0;
+    if (pctx->flags & ASN1_PCTX_FLAGS_NO_STRUCT_NAME)
+        sname = NULL;
+    if (pctx->flags & ASN1_PCTX_FLAGS_NO_FIELD_NAME)
+        fname = NULL;
+    if (!sname && !fname)
+        return 1;
+    if (fname) {
+        if (BIO_puts(out, fname) <= 0)
+            return 0;
+    }
+    if (sname) {
+        if (fname) {
+            if (BIO_printf(out, " (%s)", sname) <= 0)
+                return 0;
+        } else {
+            if (BIO_puts(out, sname) <= 0)
+                return 0;
+        }
+    }
+    if (BIO_write(out, ": ", 2) != 2)
+        return 0;
+    return 1;
+}
+
+static int asn1_print_boolean(BIO *out, int boolval)
+{
+    const char *str;
+    switch (boolval) {
+    case -1:
+        str = "BOOL ABSENT";
+        break;
+
+    case 0:
+        str = "FALSE";
+        break;
+
+    default:
+        str = "TRUE";
+        break;
+
+    }
+
+    if (BIO_puts(out, str) <= 0)
+        return 0;
+    return 1;
+
+}
+
+static int asn1_print_integer(BIO *out, const ASN1_INTEGER *str)
+{
+    char *s;
+    int ret = 1;
+    s = i2s_ASN1_INTEGER(NULL, str);
+    if (s == NULL)
+        return 0;
+    if (BIO_puts(out, s) <= 0)
+        ret = 0;
+    OPENSSL_free(s);
+    return ret;
+}
+
+static int asn1_print_oid(BIO *out, const ASN1_OBJECT *oid)
+{
+    char objbuf[80];
+    const char *ln;
+    ln = OBJ_nid2ln(OBJ_obj2nid(oid));
+    if (!ln)
+        ln = "";
+    OBJ_obj2txt(objbuf, sizeof(objbuf), oid, 1);
+    if (BIO_printf(out, "%s (%s)", ln, objbuf) <= 0)
+        return 0;
+    return 1;
+}
+
+static int asn1_print_obstring(BIO *out, const ASN1_STRING *str, int indent)
+{
+    if (str->type == V_ASN1_BIT_STRING) {
+        if (BIO_printf(out, " (%ld unused bits)\n", str->flags & 0x7) <= 0)
+            return 0;
+    } else if (BIO_puts(out, "\n") <= 0)
+        return 0;
+    if ((str->length > 0)
+        && BIO_dump_indent(out, (const char *)str->data, str->length,
+                           indent + 2) <= 0)
+        return 0;
+    return 1;
+}
+
+static int asn1_primitive_print(BIO *out, ASN1_VALUE **fld,
+                                const ASN1_ITEM *it, int indent,
+                                const char *fname, const char *sname,
+                                const ASN1_PCTX *pctx)
+{
+    long utype;
+    ASN1_STRING *str;
+    int ret = 1, needlf = 1;
+    const char *pname;
+    const ASN1_PRIMITIVE_FUNCS *pf;
+    pf = it->funcs;
+    if (!asn1_print_fsname(out, indent, fname, sname, pctx))
+        return 0;
+    if (pf && pf->prim_print)
+        return pf->prim_print(out, fld, it, indent, pctx);
+    if (it->itype == ASN1_ITYPE_MSTRING) {
+        str = (ASN1_STRING *)*fld;
+        utype = str->type & ~V_ASN1_NEG;
+    } else {
+        utype = it->utype;
+        if (utype == V_ASN1_BOOLEAN)
+            str = NULL;
+        else
+            str = (ASN1_STRING *)*fld;
+    }
+    if (utype == V_ASN1_ANY) {
+        ASN1_TYPE *atype = (ASN1_TYPE *)*fld;
+        utype = atype->type;
+        fld = &atype->value.asn1_value;
+        str = (ASN1_STRING *)*fld;
+        if (pctx->flags & ASN1_PCTX_FLAGS_NO_ANY_TYPE)
+            pname = NULL;
+        else
+            pname = ASN1_tag2str(utype);
+    } else {
+        if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_TYPE)
+            pname = ASN1_tag2str(utype);
+        else
+            pname = NULL;
+    }
+
+    if (utype == V_ASN1_NULL) {
+        if (BIO_puts(out, "NULL\n") <= 0)
+            return 0;
+        return 1;
+    }
+
+    if (pname) {
+        if (BIO_puts(out, pname) <= 0)
+            return 0;
+        if (BIO_puts(out, ":") <= 0)
+            return 0;
+    }
+
+    switch (utype) {
+    case V_ASN1_BOOLEAN:
+        {
+            int boolval = *(int *)fld;
+            if (boolval == -1)
+                boolval = it->size;
+            ret = asn1_print_boolean(out, boolval);
+        }
+        break;
+
+    case V_ASN1_INTEGER:
+    case V_ASN1_ENUMERATED:
+        ret = asn1_print_integer(out, str);
+        break;
+
+    case V_ASN1_UTCTIME:
+        ret = ASN1_UTCTIME_print(out, str);
+        break;
+
+    case V_ASN1_GENERALIZEDTIME:
+        ret = ASN1_GENERALIZEDTIME_print(out, str);
+        break;
+
+    case V_ASN1_OBJECT:
+        ret = asn1_print_oid(out, (const ASN1_OBJECT *)*fld);
+        break;
+
+    case V_ASN1_OCTET_STRING:
+    case V_ASN1_BIT_STRING:
+        ret = asn1_print_obstring(out, str, indent);
+        needlf = 0;
+        break;
+
+    case V_ASN1_SEQUENCE:
+    case V_ASN1_SET:
+    case V_ASN1_OTHER:
+        if (BIO_puts(out, "\n") <= 0)
+            return 0;
+        if (ASN1_parse_dump(out, str->data, str->length, indent, 0) <= 0)
+            ret = 0;
+        needlf = 0;
+        break;
+
+    default:
+        ret = ASN1_STRING_print_ex(out, str, pctx->str_flags);
+
+    }
+    if (!ret)
+        return 0;
+    if (needlf && BIO_puts(out, "\n") <= 0)
+        return 0;
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tasn_scn.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tasn_scn.c
new file mode 100644
index 000000000..e1df2cfca
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tasn_scn.c
@@ -0,0 +1,65 @@
+/*
+ * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stddef.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+#include <openssl/x509v3.h>
+#include "asn1_locl.h"
+
+/*
+ * General ASN1 structure recursive scanner: iterate through all fields
+ * passing details to a callback.
+ */
+
+ASN1_SCTX *ASN1_SCTX_new(int (*scan_cb) (ASN1_SCTX *ctx))
+{
+    ASN1_SCTX *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        ASN1err(ASN1_F_ASN1_SCTX_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    ret->scan_cb = scan_cb;
+    return ret;
+}
+
+void ASN1_SCTX_free(ASN1_SCTX *p)
+{
+    OPENSSL_free(p);
+}
+
+const ASN1_ITEM *ASN1_SCTX_get_item(ASN1_SCTX *p)
+{
+    return p->it;
+}
+
+const ASN1_TEMPLATE *ASN1_SCTX_get_template(ASN1_SCTX *p)
+{
+    return p->tt;
+}
+
+unsigned long ASN1_SCTX_get_flags(ASN1_SCTX *p)
+{
+    return p->flags;
+}
+
+void ASN1_SCTX_set_app_data(ASN1_SCTX *p, void *data)
+{
+    p->app_data = data;
+}
+
+void *ASN1_SCTX_get_app_data(ASN1_SCTX *p)
+{
+    return p->app_data;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tasn_typ.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tasn_typ.c
new file mode 100644
index 000000000..98d987901
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tasn_typ.c
@@ -0,0 +1,84 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+
+/* Declarations for string types */
+
+#define IMPLEMENT_ASN1_STRING_FUNCTIONS(sname) \
+    IMPLEMENT_ASN1_TYPE(sname) \
+    IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(sname, sname, sname) \
+sname *sname##_new(void) \
+{ \
+    return ASN1_STRING_type_new(V_##sname); \
+} \
+void sname##_free(sname *x) \
+{ \
+    ASN1_STRING_free(x); \
+}
+
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_OCTET_STRING)
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_INTEGER)
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_ENUMERATED)
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_BIT_STRING)
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_UTF8STRING)
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_PRINTABLESTRING)
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_T61STRING)
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_IA5STRING)
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_GENERALSTRING)
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_UTCTIME)
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_GENERALIZEDTIME)
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_VISIBLESTRING)
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_UNIVERSALSTRING)
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_BMPSTRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_NULL)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_NULL)
+
+IMPLEMENT_ASN1_TYPE(ASN1_OBJECT)
+
+IMPLEMENT_ASN1_TYPE(ASN1_ANY)
+
+/* Just swallow an ASN1_SEQUENCE in an ASN1_STRING */
+IMPLEMENT_ASN1_TYPE(ASN1_SEQUENCE)
+
+IMPLEMENT_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)
+
+/* Multistring types */
+
+IMPLEMENT_ASN1_MSTRING(ASN1_PRINTABLE, B_ASN1_PRINTABLE)
+IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE)
+
+IMPLEMENT_ASN1_MSTRING(DISPLAYTEXT, B_ASN1_DISPLAYTEXT)
+IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT)
+
+IMPLEMENT_ASN1_MSTRING(DIRECTORYSTRING, B_ASN1_DIRECTORYSTRING)
+IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING)
+
+/* Three separate BOOLEAN type: normal, DEFAULT TRUE and DEFAULT FALSE */
+IMPLEMENT_ASN1_TYPE_ex(ASN1_BOOLEAN, ASN1_BOOLEAN, -1)
+IMPLEMENT_ASN1_TYPE_ex(ASN1_TBOOLEAN, ASN1_BOOLEAN, 1)
+IMPLEMENT_ASN1_TYPE_ex(ASN1_FBOOLEAN, ASN1_BOOLEAN, 0)
+
+/* Special, OCTET STRING with indefinite length constructed support */
+
+IMPLEMENT_ASN1_TYPE_ex(ASN1_OCTET_STRING_NDEF, ASN1_OCTET_STRING, ASN1_TFLG_NDEF)
+
+ASN1_ITEM_TEMPLATE(ASN1_SEQUENCE_ANY) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, ASN1_SEQUENCE_ANY, ASN1_ANY)
+ASN1_ITEM_TEMPLATE_END(ASN1_SEQUENCE_ANY)
+
+ASN1_ITEM_TEMPLATE(ASN1_SET_ANY) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, ASN1_SET_ANY, ASN1_ANY)
+ASN1_ITEM_TEMPLATE_END(ASN1_SET_ANY)
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY)
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(ASN1_SEQUENCE_ANY, ASN1_SET_ANY, ASN1_SET_ANY)
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tasn_utl.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tasn_utl.c
new file mode 100644
index 000000000..7ceecffce
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tasn_utl.c
@@ -0,0 +1,253 @@
+/*
+ * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stddef.h>
+#include <string.h>
+#include "internal/cryptlib.h"
+#include "internal/refcount.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+#include <openssl/err.h>
+#include "asn1_locl.h"
+
+/* Utility functions for manipulating fields and offsets */
+
+/* Add 'offset' to 'addr' */
+#define offset2ptr(addr, offset) (void *)(((char *) addr) + offset)
+
+/*
+ * Given an ASN1_ITEM CHOICE type return the selector value
+ */
+
+int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    int *sel = offset2ptr(*pval, it->utype);
+    return *sel;
+}
+
+/*
+ * Given an ASN1_ITEM CHOICE type set the selector value, return old value.
+ */
+
+int asn1_set_choice_selector(ASN1_VALUE **pval, int value,
+                             const ASN1_ITEM *it)
+{
+    int *sel, ret;
+    sel = offset2ptr(*pval, it->utype);
+    ret = *sel;
+    *sel = value;
+    return ret;
+}
+
+/*
+ * Do atomic reference counting. The value 'op' decides what to do.
+ * If it is +1 then the count is incremented.
+ * If |op| is 0, lock is initialised and count is set to 1.
+ * If |op| is -1, count is decremented and the return value is the current
+ * reference count or 0 if no reference count is active.
+ * It returns -1 on initialisation error.
+ * Used by ASN1_SEQUENCE construct of X509, X509_REQ, X509_CRL objects
+ */
+int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it)
+{
+    const ASN1_AUX *aux;
+    CRYPTO_REF_COUNT *lck;
+    CRYPTO_RWLOCK **lock;
+    int ret = -1;
+
+    if ((it->itype != ASN1_ITYPE_SEQUENCE)
+        && (it->itype != ASN1_ITYPE_NDEF_SEQUENCE))
+        return 0;
+    aux = it->funcs;
+    if (!aux || !(aux->flags & ASN1_AFLG_REFCOUNT))
+        return 0;
+    lck = offset2ptr(*pval, aux->ref_offset);
+    lock = offset2ptr(*pval, aux->ref_lock);
+
+    switch (op) {
+    case 0:
+        *lck = ret = 1;
+        *lock = CRYPTO_THREAD_lock_new();
+        if (*lock == NULL) {
+            ASN1err(ASN1_F_ASN1_DO_LOCK, ERR_R_MALLOC_FAILURE);
+            return -1;
+        }
+        break;
+    case 1:
+        if (!CRYPTO_UP_REF(lck, &ret, *lock))
+            return -1;
+        break;
+    case -1:
+        if (!CRYPTO_DOWN_REF(lck, &ret, *lock))
+            return -1;  /* failed */
+#ifdef REF_PRINT
+        fprintf(stderr, "%p:%4d:%s\n", it, ret, it->sname);
+#endif
+        REF_ASSERT_ISNT(ret < 0);
+        if (ret == 0) {
+            CRYPTO_THREAD_lock_free(*lock);
+            *lock = NULL;
+        }
+        break;
+    }
+
+    return ret;
+}
+
+static ASN1_ENCODING *asn1_get_enc_ptr(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    const ASN1_AUX *aux;
+    if (!pval || !*pval)
+        return NULL;
+    aux = it->funcs;
+    if (!aux || !(aux->flags & ASN1_AFLG_ENCODING))
+        return NULL;
+    return offset2ptr(*pval, aux->enc_offset);
+}
+
+void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    ASN1_ENCODING *enc;
+    enc = asn1_get_enc_ptr(pval, it);
+    if (enc) {
+        enc->enc = NULL;
+        enc->len = 0;
+        enc->modified = 1;
+    }
+}
+
+void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    ASN1_ENCODING *enc;
+    enc = asn1_get_enc_ptr(pval, it);
+    if (enc) {
+        OPENSSL_free(enc->enc);
+        enc->enc = NULL;
+        enc->len = 0;
+        enc->modified = 1;
+    }
+}
+
+int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen,
+                  const ASN1_ITEM *it)
+{
+    ASN1_ENCODING *enc;
+    enc = asn1_get_enc_ptr(pval, it);
+    if (!enc)
+        return 1;
+
+    OPENSSL_free(enc->enc);
+    if ((enc->enc = OPENSSL_malloc(inlen)) == NULL) {
+        ASN1err(ASN1_F_ASN1_ENC_SAVE, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    memcpy(enc->enc, in, inlen);
+    enc->len = inlen;
+    enc->modified = 0;
+
+    return 1;
+}
+
+int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval,
+                     const ASN1_ITEM *it)
+{
+    ASN1_ENCODING *enc;
+    enc = asn1_get_enc_ptr(pval, it);
+    if (!enc || enc->modified)
+        return 0;
+    if (out) {
+        memcpy(*out, enc->enc, enc->len);
+        *out += enc->len;
+    }
+    if (len)
+        *len = enc->len;
+    return 1;
+}
+
+/* Given an ASN1_TEMPLATE get a pointer to a field */
+ASN1_VALUE **asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
+{
+    ASN1_VALUE **pvaltmp;
+    pvaltmp = offset2ptr(*pval, tt->offset);
+    /*
+     * NOTE for BOOLEAN types the field is just a plain int so we can't
+     * return int **, so settle for (int *).
+     */
+    return pvaltmp;
+}
+
+/*
+ * Handle ANY DEFINED BY template, find the selector, look up the relevant
+ * ASN1_TEMPLATE in the table and return it.
+ */
+
+const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt,
+                                 int nullerr)
+{
+    const ASN1_ADB *adb;
+    const ASN1_ADB_TABLE *atbl;
+    long selector;
+    ASN1_VALUE **sfld;
+    int i;
+    if (!(tt->flags & ASN1_TFLG_ADB_MASK))
+        return tt;
+
+    /* Else ANY DEFINED BY ... get the table */
+    adb = ASN1_ADB_ptr(tt->item);
+
+    /* Get the selector field */
+    sfld = offset2ptr(*pval, adb->offset);
+
+    /* Check if NULL */
+    if (*sfld == NULL) {
+        if (!adb->null_tt)
+            goto err;
+        return adb->null_tt;
+    }
+
+    /*
+     * Convert type to a long: NB: don't check for NID_undef here because it
+     * might be a legitimate value in the table
+     */
+    if (tt->flags & ASN1_TFLG_ADB_OID)
+        selector = OBJ_obj2nid((ASN1_OBJECT *)*sfld);
+    else
+        selector = ASN1_INTEGER_get((ASN1_INTEGER *)*sfld);
+
+    /* Let application callback translate value */
+    if (adb->adb_cb != NULL && adb->adb_cb(&selector) == 0) {
+        ASN1err(ASN1_F_ASN1_DO_ADB, ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE);
+        return NULL;
+    }
+
+    /*
+     * Try to find matching entry in table Maybe should check application
+     * types first to allow application override? Might also be useful to
+     * have a flag which indicates table is sorted and we can do a binary
+     * search. For now stick to a linear search.
+     */
+
+    for (atbl = adb->tbl, i = 0; i < adb->tblcount; i++, atbl++)
+        if (atbl->value == selector)
+            return &atbl->tt;
+
+    /* FIXME: need to search application table too */
+
+    /* No match, return default type */
+    if (!adb->default_tt)
+        goto err;
+    return adb->default_tt;
+
+ err:
+    /* FIXME: should log the value or OID of unsupported type */
+    if (nullerr)
+        ASN1err(ASN1_F_ASN1_DO_ADB, ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE);
+    return NULL;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tbl_standard.h b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tbl_standard.h
new file mode 100644
index 000000000..777a73448
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tbl_standard.h
@@ -0,0 +1,61 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* size limits: this stuff is taken straight from RFC3280 */
+
+#define ub_name                         32768
+#define ub_common_name                  64
+#define ub_locality_name                128
+#define ub_state_name                   128
+#define ub_organization_name            64
+#define ub_organization_unit_name       64
+#define ub_title                        64
+#define ub_email_address                128
+#define ub_serial_number                64
+
+/* From RFC4524 */
+
+#define ub_rfc822_mailbox               256
+
+/* This table must be kept in NID order */
+
+static const ASN1_STRING_TABLE tbl_standard[] = {
+    {NID_commonName, 1, ub_common_name, DIRSTRING_TYPE, 0},
+    {NID_countryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
+    {NID_localityName, 1, ub_locality_name, DIRSTRING_TYPE, 0},
+    {NID_stateOrProvinceName, 1, ub_state_name, DIRSTRING_TYPE, 0},
+    {NID_organizationName, 1, ub_organization_name, DIRSTRING_TYPE, 0},
+    {NID_organizationalUnitName, 1, ub_organization_unit_name, DIRSTRING_TYPE,
+     0},
+    {NID_pkcs9_emailAddress, 1, ub_email_address, B_ASN1_IA5STRING,
+     STABLE_NO_MASK},
+    {NID_pkcs9_unstructuredName, 1, -1, PKCS9STRING_TYPE, 0},
+    {NID_pkcs9_challengePassword, 1, -1, PKCS9STRING_TYPE, 0},
+    {NID_pkcs9_unstructuredAddress, 1, -1, DIRSTRING_TYPE, 0},
+    {NID_givenName, 1, ub_name, DIRSTRING_TYPE, 0},
+    {NID_surname, 1, ub_name, DIRSTRING_TYPE, 0},
+    {NID_initials, 1, ub_name, DIRSTRING_TYPE, 0},
+    {NID_serialNumber, 1, ub_serial_number, B_ASN1_PRINTABLESTRING,
+     STABLE_NO_MASK},
+    {NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
+    {NID_name, 1, ub_name, DIRSTRING_TYPE, 0},
+    {NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
+    {NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK},
+    {NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
+    {NID_rfc822Mailbox, 1, ub_rfc822_mailbox, B_ASN1_IA5STRING,
+     STABLE_NO_MASK},
+    {NID_jurisdictionCountryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
+    {NID_INN, 1, 12, B_ASN1_NUMERICSTRING, STABLE_NO_MASK},
+    {NID_OGRN, 1, 13, B_ASN1_NUMERICSTRING, STABLE_NO_MASK},
+    {NID_SNILS, 1, 11, B_ASN1_NUMERICSTRING, STABLE_NO_MASK},
+    {NID_countryCode3c, 3, 3, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
+    {NID_countryCode3n, 3, 3, B_ASN1_NUMERICSTRING, STABLE_NO_MASK},
+    {NID_dnsName, 0, -1, B_ASN1_UTF8STRING, STABLE_NO_MASK}
+};
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/x_algor.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/x_algor.c
new file mode 100644
index 000000000..853d45b8b
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/x_algor.c
@@ -0,0 +1,94 @@
+/*
+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stddef.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include "internal/evp_int.h"
+
+ASN1_SEQUENCE(X509_ALGOR) = {
+        ASN1_SIMPLE(X509_ALGOR, algorithm, ASN1_OBJECT),
+        ASN1_OPT(X509_ALGOR, parameter, ASN1_ANY)
+} ASN1_SEQUENCE_END(X509_ALGOR)
+
+ASN1_ITEM_TEMPLATE(X509_ALGORS) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, algorithms, X509_ALGOR)
+ASN1_ITEM_TEMPLATE_END(X509_ALGORS)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_ALGOR)
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(X509_ALGORS, X509_ALGORS, X509_ALGORS)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_ALGOR)
+
+int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval)
+{
+    if (alg == NULL)
+        return 0;
+
+    if (ptype != V_ASN1_UNDEF) {
+        if (alg->parameter == NULL)
+            alg->parameter = ASN1_TYPE_new();
+        if (alg->parameter == NULL)
+            return 0;
+    }
+
+    ASN1_OBJECT_free(alg->algorithm);
+    alg->algorithm = aobj;
+
+    if (ptype == 0)
+        return 1;
+    if (ptype == V_ASN1_UNDEF) {
+        ASN1_TYPE_free(alg->parameter);
+        alg->parameter = NULL;
+    } else
+        ASN1_TYPE_set(alg->parameter, ptype, pval);
+    return 1;
+}
+
+void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype,
+                     const void **ppval, const X509_ALGOR *algor)
+{
+    if (paobj)
+        *paobj = algor->algorithm;
+    if (pptype) {
+        if (algor->parameter == NULL) {
+            *pptype = V_ASN1_UNDEF;
+            return;
+        } else
+            *pptype = algor->parameter->type;
+        if (ppval)
+            *ppval = algor->parameter->value.ptr;
+    }
+}
+
+/* Set up an X509_ALGOR DigestAlgorithmIdentifier from an EVP_MD */
+
+void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md)
+{
+    int param_type;
+
+    if (md->flags & EVP_MD_FLAG_DIGALGID_ABSENT)
+        param_type = V_ASN1_UNDEF;
+    else
+        param_type = V_ASN1_NULL;
+
+    X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL);
+
+}
+
+int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b)
+{
+    int rv;
+    rv = OBJ_cmp(a->algorithm, b->algorithm);
+    if (rv)
+        return rv;
+    if (!a->parameter && !b->parameter)
+        return 0;
+    return ASN1_TYPE_cmp(a->parameter, b->parameter);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/x_bignum.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/x_bignum.c
new file mode 100644
index 000000000..da57e77a7
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/x_bignum.c
@@ -0,0 +1,146 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/bn.h>
+
+/*
+ * Custom primitive type for BIGNUM handling. This reads in an ASN1_INTEGER
+ * as a BIGNUM directly. Currently it ignores the sign which isn't a problem
+ * since all BIGNUMs used are non negative and anything that looks negative
+ * is normally due to an encoding error.
+ */
+
+#define BN_SENSITIVE    1
+
+static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
+static int bn_secure_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
+static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
+                  const ASN1_ITEM *it);
+static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+                  int utype, char *free_cont, const ASN1_ITEM *it);
+static int bn_secure_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+                         int utype, char *free_cont, const ASN1_ITEM *it);
+static int bn_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                    int indent, const ASN1_PCTX *pctx);
+
+static ASN1_PRIMITIVE_FUNCS bignum_pf = {
+    NULL, 0,
+    bn_new,
+    bn_free,
+    0,
+    bn_c2i,
+    bn_i2c,
+    bn_print
+};
+
+static ASN1_PRIMITIVE_FUNCS cbignum_pf = {
+    NULL, 0,
+    bn_secure_new,
+    bn_free,
+    0,
+    bn_secure_c2i,
+    bn_i2c,
+    bn_print
+};
+
+ASN1_ITEM_start(BIGNUM)
+        ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, 0, "BIGNUM"
+ASN1_ITEM_end(BIGNUM)
+
+ASN1_ITEM_start(CBIGNUM)
+        ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &cbignum_pf, BN_SENSITIVE, "CBIGNUM"
+ASN1_ITEM_end(CBIGNUM)
+
+static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    *pval = (ASN1_VALUE *)BN_new();
+    if (*pval != NULL)
+        return 1;
+    else
+        return 0;
+}
+
+static int bn_secure_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    *pval = (ASN1_VALUE *)BN_secure_new();
+    if (*pval != NULL)
+        return 1;
+    else
+        return 0;
+}
+
+static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    if (!*pval)
+        return;
+    if (it->size & BN_SENSITIVE)
+        BN_clear_free((BIGNUM *)*pval);
+    else
+        BN_free((BIGNUM *)*pval);
+    *pval = NULL;
+}
+
+static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
+                  const ASN1_ITEM *it)
+{
+    BIGNUM *bn;
+    int pad;
+    if (!*pval)
+        return -1;
+    bn = (BIGNUM *)*pval;
+    /* If MSB set in an octet we need a padding byte */
+    if (BN_num_bits(bn) & 0x7)
+        pad = 0;
+    else
+        pad = 1;
+    if (cont) {
+        if (pad)
+            *cont++ = 0;
+        BN_bn2bin(bn, cont);
+    }
+    return pad + BN_num_bytes(bn);
+}
+
+static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+                  int utype, char *free_cont, const ASN1_ITEM *it)
+{
+    BIGNUM *bn;
+
+    if (*pval == NULL && !bn_new(pval, it))
+        return 0;
+    bn = (BIGNUM *)*pval;
+    if (!BN_bin2bn(cont, len, bn)) {
+        bn_free(pval, it);
+        return 0;
+    }
+    return 1;
+}
+
+static int bn_secure_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+                         int utype, char *free_cont, const ASN1_ITEM *it)
+{
+    if (!*pval)
+        bn_secure_new(pval, it);
+    return bn_c2i(pval, cont, len, utype, free_cont, it);
+}
+
+static int bn_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                    int indent, const ASN1_PCTX *pctx)
+{
+    if (!BN_print(out, *(BIGNUM **)pval))
+        return 0;
+    if (BIO_puts(out, "\n") <= 0)
+        return 0;
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/x_info.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/x_info.c
new file mode 100644
index 000000000..8d99f07c6
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/x_info.c
@@ -0,0 +1,39 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+
+X509_INFO *X509_INFO_new(void)
+{
+    X509_INFO *ret;
+
+    ret = OPENSSL_zalloc(sizeof(*ret));
+    if (ret == NULL) {
+        ASN1err(ASN1_F_X509_INFO_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    return ret;
+}
+
+void X509_INFO_free(X509_INFO *x)
+{
+    if (x == NULL)
+        return;
+
+    X509_free(x->x509);
+    X509_CRL_free(x->crl);
+    X509_PKEY_free(x->x_pkey);
+    OPENSSL_free(x->enc_data);
+    OPENSSL_free(x);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/x_int64.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/x_int64.c
new file mode 100644
index 000000000..0ee552cf0
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/x_int64.c
@@ -0,0 +1,291 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "internal/numbers.h"
+#include <openssl/asn1t.h>
+#include <openssl/bn.h>
+#include "asn1_locl.h"
+
+/*
+ * Custom primitive types for handling int32_t, int64_t, uint32_t, uint64_t.
+ * This converts between an ASN1_INTEGER and those types directly.
+ * This is preferred to using the LONG / ZLONG primitives.
+ */
+
+/*
+ * We abuse the ASN1_ITEM fields |size| as a flags field
+ */
+#define INTxx_FLAG_ZERO_DEFAULT (1<<0)
+#define INTxx_FLAG_SIGNED       (1<<1)
+
+static int uint64_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    if ((*pval = (ASN1_VALUE *)OPENSSL_zalloc(sizeof(uint64_t))) == NULL) {
+        ASN1err(ASN1_F_UINT64_NEW, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    return 1;
+}
+
+static void uint64_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    OPENSSL_free(*pval);
+    *pval = NULL;
+}
+
+static void uint64_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    **(uint64_t **)pval = 0;
+}
+
+static int uint64_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
+                    const ASN1_ITEM *it)
+{
+    uint64_t utmp;
+    int neg = 0;
+    /* this exists to bypass broken gcc optimization */
+    char *cp = (char *)*pval;
+
+    /* use memcpy, because we may not be uint64_t aligned */
+    memcpy(&utmp, cp, sizeof(utmp));
+
+    if ((it->size & INTxx_FLAG_ZERO_DEFAULT) == INTxx_FLAG_ZERO_DEFAULT
+        && utmp == 0)
+        return -1;
+    if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED
+        && (int64_t)utmp < 0) {
+        /* i2c_uint64_int() assumes positive values */
+        utmp = 0 - utmp;
+        neg = 1;
+    }
+
+    return i2c_uint64_int(cont, utmp, neg);
+}
+
+static int uint64_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+                    int utype, char *free_cont, const ASN1_ITEM *it)
+{
+    uint64_t utmp = 0;
+    char *cp;
+    int neg = 0;
+
+    if (*pval == NULL && !uint64_new(pval, it))
+        return 0;
+
+    cp = (char *)*pval;
+
+    /*
+     * Strictly speaking, zero length is malformed.  However, long_c2i
+     * (x_long.c) encodes 0 as a zero length INTEGER (wrongly, of course),
+     * so for the sake of backward compatibility, we still decode zero
+     * length INTEGERs as the number zero.
+     */
+    if (len == 0)
+        goto long_compat;
+
+    if (!c2i_uint64_int(&utmp, &neg, &cont, len))
+        return 0;
+    if ((it->size & INTxx_FLAG_SIGNED) == 0 && neg) {
+        ASN1err(ASN1_F_UINT64_C2I, ASN1_R_ILLEGAL_NEGATIVE_VALUE);
+        return 0;
+    }
+    if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED
+            && !neg && utmp > INT64_MAX) {
+        ASN1err(ASN1_F_UINT64_C2I, ASN1_R_TOO_LARGE);
+        return 0;
+    }
+    if (neg)
+        /* c2i_uint64_int() returns positive values */
+        utmp = 0 - utmp;
+
+ long_compat:
+    memcpy(cp, &utmp, sizeof(utmp));
+    return 1;
+}
+
+static int uint64_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                        int indent, const ASN1_PCTX *pctx)
+{
+    if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED)
+        return BIO_printf(out, "%jd\n", **(int64_t **)pval);
+    return BIO_printf(out, "%ju\n", **(uint64_t **)pval);
+}
+
+/* 32-bit variants */
+
+static int uint32_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    if ((*pval = (ASN1_VALUE *)OPENSSL_zalloc(sizeof(uint32_t))) == NULL) {
+        ASN1err(ASN1_F_UINT32_NEW, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    return 1;
+}
+
+static void uint32_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    OPENSSL_free(*pval);
+    *pval = NULL;
+}
+
+static void uint32_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    **(uint32_t **)pval = 0;
+}
+
+static int uint32_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
+                    const ASN1_ITEM *it)
+{
+    uint32_t utmp;
+    int neg = 0;
+    /* this exists to bypass broken gcc optimization */
+    char *cp = (char *)*pval;
+
+    /* use memcpy, because we may not be uint32_t aligned */
+    memcpy(&utmp, cp, sizeof(utmp));
+
+    if ((it->size & INTxx_FLAG_ZERO_DEFAULT) == INTxx_FLAG_ZERO_DEFAULT
+        && utmp == 0)
+        return -1;
+    if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED
+        && (int32_t)utmp < 0) {
+        /* i2c_uint64_int() assumes positive values */
+        utmp = 0 - utmp;
+        neg = 1;
+    }
+
+    return i2c_uint64_int(cont, (uint64_t)utmp, neg);
+}
+
+/*
+ * Absolute value of INT32_MIN: we can't just use -INT32_MIN as it produces
+ * overflow warnings.
+ */
+
+#define ABS_INT32_MIN ((uint32_t)INT32_MAX + 1)
+
+static int uint32_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+                    int utype, char *free_cont, const ASN1_ITEM *it)
+{
+    uint64_t utmp = 0;
+    uint32_t utmp2 = 0;
+    char *cp;
+    int neg = 0;
+
+    if (*pval == NULL && !uint64_new(pval, it))
+        return 0;
+
+    cp = (char *)*pval;
+
+    /*
+     * Strictly speaking, zero length is malformed.  However, long_c2i
+     * (x_long.c) encodes 0 as a zero length INTEGER (wrongly, of course),
+     * so for the sake of backward compatibility, we still decode zero
+     * length INTEGERs as the number zero.
+     */
+    if (len == 0)
+        goto long_compat;
+
+    if (!c2i_uint64_int(&utmp, &neg, &cont, len))
+        return 0;
+    if ((it->size & INTxx_FLAG_SIGNED) == 0 && neg) {
+        ASN1err(ASN1_F_UINT32_C2I, ASN1_R_ILLEGAL_NEGATIVE_VALUE);
+        return 0;
+    }
+    if (neg) {
+        if (utmp > ABS_INT32_MIN) {
+            ASN1err(ASN1_F_UINT32_C2I, ASN1_R_TOO_SMALL);
+            return 0;
+        }
+        utmp = 0 - utmp;
+    } else {
+        if (((it->size & INTxx_FLAG_SIGNED) != 0 && utmp > INT32_MAX)
+            || ((it->size & INTxx_FLAG_SIGNED) == 0 && utmp > UINT32_MAX)) {
+            ASN1err(ASN1_F_UINT32_C2I, ASN1_R_TOO_LARGE);
+            return 0;
+        }
+    }
+
+ long_compat:
+    utmp2 = (uint32_t)utmp;
+    memcpy(cp, &utmp2, sizeof(utmp2));
+    return 1;
+}
+
+static int uint32_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                        int indent, const ASN1_PCTX *pctx)
+{
+    if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED)
+        return BIO_printf(out, "%d\n", **(int32_t **)pval);
+    return BIO_printf(out, "%u\n", **(uint32_t **)pval);
+}
+
+
+/* Define the primitives themselves */
+
+static ASN1_PRIMITIVE_FUNCS uint32_pf = {
+    NULL, 0,
+    uint32_new,
+    uint32_free,
+    uint32_clear,
+    uint32_c2i,
+    uint32_i2c,
+    uint32_print
+};
+
+static ASN1_PRIMITIVE_FUNCS uint64_pf = {
+    NULL, 0,
+    uint64_new,
+    uint64_free,
+    uint64_clear,
+    uint64_c2i,
+    uint64_i2c,
+    uint64_print
+};
+
+ASN1_ITEM_start(INT32)
+    ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint32_pf,
+    INTxx_FLAG_SIGNED, "INT32"
+ASN1_ITEM_end(INT32)
+
+ASN1_ITEM_start(UINT32)
+    ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint32_pf, 0, "UINT32"
+ASN1_ITEM_end(UINT32)
+
+ASN1_ITEM_start(INT64)
+    ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint64_pf,
+    INTxx_FLAG_SIGNED, "INT64"
+ASN1_ITEM_end(INT64)
+
+ASN1_ITEM_start(UINT64)
+    ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint64_pf, 0, "UINT64"
+ASN1_ITEM_end(UINT64)
+
+ASN1_ITEM_start(ZINT32)
+    ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint32_pf,
+    INTxx_FLAG_ZERO_DEFAULT|INTxx_FLAG_SIGNED, "ZINT32"
+ASN1_ITEM_end(ZINT32)
+
+ASN1_ITEM_start(ZUINT32)
+    ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint32_pf,
+    INTxx_FLAG_ZERO_DEFAULT, "ZUINT32"
+ASN1_ITEM_end(ZUINT32)
+
+ASN1_ITEM_start(ZINT64)
+    ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint64_pf,
+    INTxx_FLAG_ZERO_DEFAULT|INTxx_FLAG_SIGNED, "ZINT64"
+ASN1_ITEM_end(ZINT64)
+
+ASN1_ITEM_start(ZUINT64)
+    ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint64_pf,
+    INTxx_FLAG_ZERO_DEFAULT, "ZUINT64"
+ASN1_ITEM_end(ZUINT64)
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/x_long.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/x_long.c
new file mode 100644
index 000000000..bf9371ef5
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/x_long.c
@@ -0,0 +1,201 @@
+/*
+ * Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+
+#if !(OPENSSL_API_COMPAT < 0x10200000L)
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+#define COPY_SIZE(a, b) (sizeof(a) < sizeof(b) ? sizeof(a) : sizeof(b))
+
+/*
+ * Custom primitive type for long handling. This converts between an
+ * ASN1_INTEGER and a long directly.
+ */
+
+static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
+static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
+                    const ASN1_ITEM *it);
+static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+                    int utype, char *free_cont, const ASN1_ITEM *it);
+static int long_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                      int indent, const ASN1_PCTX *pctx);
+
+static ASN1_PRIMITIVE_FUNCS long_pf = {
+    NULL, 0,
+    long_new,
+    long_free,
+    long_free,                  /* Clear should set to initial value */
+    long_c2i,
+    long_i2c,
+    long_print
+};
+
+ASN1_ITEM_start(LONG)
+        ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, ASN1_LONG_UNDEF, "LONG"
+ASN1_ITEM_end(LONG)
+
+ASN1_ITEM_start(ZLONG)
+        ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, 0, "ZLONG"
+ASN1_ITEM_end(ZLONG)
+
+static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    memcpy(pval, &it->size, COPY_SIZE(*pval, it->size));
+    return 1;
+}
+
+static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    memcpy(pval, &it->size, COPY_SIZE(*pval, it->size));
+}
+
+/*
+ * Originally BN_num_bits_word was called to perform this operation, but
+ * trouble is that there is no guarantee that sizeof(long) equals to
+ * sizeof(BN_ULONG). BN_ULONG is a configurable type that can be as wide
+ * as long, but also double or half...
+ */
+static int num_bits_ulong(unsigned long value)
+{
+    size_t i;
+    unsigned long ret = 0;
+
+    /*
+     * It is argued that *on average* constant counter loop performs
+     * not worse [if not better] than one with conditional break or
+     * mask-n-table-lookup-style, because of branch misprediction
+     * penalties.
+     */
+    for (i = 0; i < sizeof(value) * 8; i++) {
+        ret += (value != 0);
+        value >>= 1;
+    }
+
+    return (int)ret;
+}
+
+static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
+                    const ASN1_ITEM *it)
+{
+    long ltmp;
+    unsigned long utmp, sign;
+    int clen, pad, i;
+
+    memcpy(&ltmp, pval, COPY_SIZE(*pval, ltmp));
+    if (ltmp == it->size)
+        return -1;
+    /*
+     * Convert the long to positive: we subtract one if negative so we can
+     * cleanly handle the padding if only the MSB of the leading octet is
+     * set.
+     */
+    if (ltmp < 0) {
+        sign = 0xff;
+        utmp = 0 - (unsigned long)ltmp - 1;
+    } else {
+        sign = 0;
+        utmp = ltmp;
+    }
+    clen = num_bits_ulong(utmp);
+    /* If MSB of leading octet set we need to pad */
+    if (!(clen & 0x7))
+        pad = 1;
+    else
+        pad = 0;
+
+    /* Convert number of bits to number of octets */
+    clen = (clen + 7) >> 3;
+
+    if (cont != NULL) {
+        if (pad)
+            *cont++ = (unsigned char)sign;
+        for (i = clen - 1; i >= 0; i--) {
+            cont[i] = (unsigned char)(utmp ^ sign);
+            utmp >>= 8;
+        }
+    }
+    return clen + pad;
+}
+
+static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+                    int utype, char *free_cont, const ASN1_ITEM *it)
+{
+    int i;
+    long ltmp;
+    unsigned long utmp = 0, sign = 0x100;
+
+    if (len > 1) {
+        /*
+         * Check possible pad byte.  Worst case, we're skipping past actual
+         * content, but since that's only with 0x00 and 0xff and we set neg
+         * accordingly, the result will be correct in the end anyway.
+         */
+        switch (cont[0]) {
+        case 0xff:
+            cont++;
+            len--;
+            sign = 0xff;
+            break;
+        case 0:
+            cont++;
+            len--;
+            sign = 0;
+            break;
+        }
+    }
+    if (len > (int)sizeof(long)) {
+        ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
+        return 0;
+    }
+
+    if (sign == 0x100) {
+        /* Is it negative? */
+        if (len && (cont[0] & 0x80))
+            sign = 0xff;
+        else
+            sign = 0;
+    } else if (((sign ^ cont[0]) & 0x80) == 0) { /* same sign bit? */
+        ASN1err(ASN1_F_LONG_C2I, ASN1_R_ILLEGAL_PADDING);
+        return 0;
+    }
+    utmp = 0;
+    for (i = 0; i < len; i++) {
+        utmp <<= 8;
+        utmp |= cont[i] ^ sign;
+    }
+    ltmp = (long)utmp;
+    if (ltmp < 0) {
+        ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
+        return 0;
+    }
+    if (sign)
+        ltmp = -ltmp - 1;
+    if (ltmp == it->size) {
+        ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
+        return 0;
+    }
+    memcpy(pval, &ltmp, COPY_SIZE(*pval, ltmp));
+    return 1;
+}
+
+static int long_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                      int indent, const ASN1_PCTX *pctx)
+{
+    long l;
+
+    memcpy(&l, pval, COPY_SIZE(*pval, l));
+    return BIO_printf(out, "%ld\n", l);
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/x_pkey.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/x_pkey.c
new file mode 100644
index 000000000..593049f0f
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/x_pkey.c
@@ -0,0 +1,47 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+X509_PKEY *X509_PKEY_new(void)
+{
+    X509_PKEY *ret = NULL;
+
+    ret = OPENSSL_zalloc(sizeof(*ret));
+    if (ret == NULL)
+        goto err;
+
+    ret->enc_algor = X509_ALGOR_new();
+    ret->enc_pkey = ASN1_OCTET_STRING_new();
+    if (ret->enc_algor == NULL || ret->enc_pkey == NULL)
+        goto err;
+
+    return ret;
+err:
+    X509_PKEY_free(ret);
+    ASN1err(ASN1_F_X509_PKEY_NEW, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+void X509_PKEY_free(X509_PKEY *x)
+{
+    if (x == NULL)
+        return;
+
+    X509_ALGOR_free(x->enc_algor);
+    ASN1_OCTET_STRING_free(x->enc_pkey);
+    EVP_PKEY_free(x->dec_pkey);
+    if (x->key_free)
+        OPENSSL_free(x->key_data);
+    OPENSSL_free(x);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/x_sig.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/x_sig.c
new file mode 100644
index 000000000..e465cf2d4
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/x_sig.c
@@ -0,0 +1,39 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include "internal/x509_int.h"
+
+ASN1_SEQUENCE(X509_SIG) = {
+        ASN1_SIMPLE(X509_SIG, algor, X509_ALGOR),
+        ASN1_SIMPLE(X509_SIG, digest, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(X509_SIG)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_SIG)
+
+void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg,
+                   const ASN1_OCTET_STRING **pdigest)
+{
+    if (palg)
+        *palg = sig->algor;
+    if (pdigest)
+        *pdigest = sig->digest;
+}
+
+void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg,
+                   ASN1_OCTET_STRING **pdigest)
+{
+    if (palg)
+        *palg = sig->algor;
+    if (pdigest)
+        *pdigest = sig->digest;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/x_spki.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/x_spki.c
new file mode 100644
index 000000000..0d72a3f3a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/x_spki.c
@@ -0,0 +1,28 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/asn1t.h>
+
+ASN1_SEQUENCE(NETSCAPE_SPKAC) = {
+        ASN1_SIMPLE(NETSCAPE_SPKAC, pubkey, X509_PUBKEY),
+        ASN1_SIMPLE(NETSCAPE_SPKAC, challenge, ASN1_IA5STRING)
+} ASN1_SEQUENCE_END(NETSCAPE_SPKAC)
+
+IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_SPKAC)
+
+ASN1_SEQUENCE(NETSCAPE_SPKI) = {
+        ASN1_SIMPLE(NETSCAPE_SPKI, spkac, NETSCAPE_SPKAC),
+        ASN1_EMBED(NETSCAPE_SPKI, sig_algor, X509_ALGOR),
+        ASN1_SIMPLE(NETSCAPE_SPKI, signature, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END(NETSCAPE_SPKI)
+
+IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_SPKI)
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/x_val.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/x_val.c
new file mode 100644
index 000000000..d1f1d3bff
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/x_val.c
@@ -0,0 +1,20 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+
+ASN1_SEQUENCE(X509_VAL) = {
+        ASN1_SIMPLE(X509_VAL, notBefore, ASN1_TIME),
+        ASN1_SIMPLE(X509_VAL, notAfter, ASN1_TIME)
+} ASN1_SEQUENCE_END(X509_VAL)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_VAL)
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/async/arch/async_null.c b/trunk/3rdparty/openssl-1.1-fit/crypto/async/arch/async_null.c
new file mode 100644
index 000000000..3eaf170f2
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/async/arch/async_null.c
@@ -0,0 +1,23 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* This must be the first #include file */
+#include "../async_locl.h"
+
+#ifdef ASYNC_NULL
+int ASYNC_is_capable(void)
+{
+    return 0;
+}
+
+void async_local_cleanup(void)
+{
+}
+#endif
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/async/arch/async_null.h b/trunk/3rdparty/openssl-1.1-fit/crypto/async/arch/async_null.h
new file mode 100644
index 000000000..aef40b5d9
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/async/arch/async_null.h
@@ -0,0 +1,30 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/async.h>
+
+/*
+ * If we haven't managed to detect any other async architecture then we default
+ * to NULL.
+ */
+#ifndef ASYNC_ARCH
+# define ASYNC_NULL
+# define ASYNC_ARCH
+
+typedef struct async_fibre_st {
+    int dummy;
+} async_fibre;
+
+
+# define async_fibre_swapcontext(o,n,r)         0
+# define async_fibre_makecontext(c)             0
+# define async_fibre_free(f)
+# define async_fibre_init_dispatcher(f)
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/async/arch/async_posix.c b/trunk/3rdparty/openssl-1.1-fit/crypto/async/arch/async_posix.c
new file mode 100644
index 000000000..02c342d3d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/async/arch/async_posix.c
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* This must be the first #include file */
+#include "../async_locl.h"
+
+#ifdef ASYNC_POSIX
+
+# include <stddef.h>
+# include <unistd.h>
+
+#define STACKSIZE       32768
+
+int ASYNC_is_capable(void)
+{
+    ucontext_t ctx;
+
+    /*
+     * Some platforms provide getcontext() but it does not work (notably
+     * MacOSX PPC64). Check for a working getcontext();
+     */
+    return getcontext(&ctx) == 0;
+}
+
+void async_local_cleanup(void)
+{
+}
+
+int async_fibre_makecontext(async_fibre *fibre)
+{
+    fibre->env_init = 0;
+    if (getcontext(&fibre->fibre) == 0) {
+        fibre->fibre.uc_stack.ss_sp = OPENSSL_malloc(STACKSIZE);
+        if (fibre->fibre.uc_stack.ss_sp != NULL) {
+            fibre->fibre.uc_stack.ss_size = STACKSIZE;
+            fibre->fibre.uc_link = NULL;
+            makecontext(&fibre->fibre, async_start_func, 0);
+            return 1;
+        }
+    } else {
+        fibre->fibre.uc_stack.ss_sp = NULL;
+    }
+    return 0;
+}
+
+void async_fibre_free(async_fibre *fibre)
+{
+    OPENSSL_free(fibre->fibre.uc_stack.ss_sp);
+    fibre->fibre.uc_stack.ss_sp = NULL;
+}
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/async/arch/async_posix.h b/trunk/3rdparty/openssl-1.1-fit/crypto/async/arch/async_posix.h
new file mode 100644
index 000000000..62449fe60
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/async/arch/async_posix.h
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_ASYNC_ARCH_ASYNC_POSIX_H
+#define OPENSSL_ASYNC_ARCH_ASYNC_POSIX_H
+#include <openssl/e_os2.h>
+
+#if defined(OPENSSL_SYS_UNIX) \
+    && defined(OPENSSL_THREADS) && !defined(OPENSSL_NO_ASYNC) \
+    && !defined(__ANDROID__) && !defined(__OpenBSD__)
+
+# include <unistd.h>
+
+# if _POSIX_VERSION >= 200112L \
+     && (_POSIX_VERSION < 200809L || defined(__GLIBC__))
+
+# include <pthread.h>
+
+#  define ASYNC_POSIX
+#  define ASYNC_ARCH
+
+#  include <ucontext.h>
+#  include <setjmp.h>
+
+typedef struct async_fibre_st {
+    ucontext_t fibre;
+    jmp_buf env;
+    int env_init;
+} async_fibre;
+
+static ossl_inline int async_fibre_swapcontext(async_fibre *o, async_fibre *n, int r)
+{
+    o->env_init = 1;
+
+    if (!r || !_setjmp(o->env)) {
+        if (n->env_init)
+            _longjmp(n->env, 1);
+        else
+            setcontext(&n->fibre);
+    }
+
+    return 1;
+}
+
+#  define async_fibre_init_dispatcher(d)
+
+int async_fibre_makecontext(async_fibre *fibre);
+void async_fibre_free(async_fibre *fibre);
+
+# endif
+#endif
+#endif /* OPENSSL_ASYNC_ARCH_ASYNC_POSIX_H */
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/async/arch/async_win.c b/trunk/3rdparty/openssl-1.1-fit/crypto/async/arch/async_win.c
new file mode 100644
index 000000000..077d56ced
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/async/arch/async_win.c
@@ -0,0 +1,55 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* This must be the first #include file */
+#include "../async_locl.h"
+
+#ifdef ASYNC_WIN
+
+# include <windows.h>
+# include "internal/cryptlib.h"
+
+int ASYNC_is_capable(void)
+{
+    return 1;
+}
+
+void async_local_cleanup(void)
+{
+    async_ctx *ctx = async_get_ctx();
+    if (ctx != NULL) {
+        async_fibre *fibre = &ctx->dispatcher;
+        if (fibre != NULL && fibre->fibre != NULL && fibre->converted) {
+            ConvertFiberToThread();
+            fibre->fibre = NULL;
+        }
+    }
+}
+
+int async_fibre_init_dispatcher(async_fibre *fibre)
+{
+    fibre->fibre = ConvertThreadToFiber(NULL);
+    if (fibre->fibre == NULL) {
+        fibre->converted = 0;
+        fibre->fibre = GetCurrentFiber();
+        if (fibre->fibre == NULL)
+            return 0;
+    } else {
+        fibre->converted = 1;
+    }
+
+    return 1;
+}
+
+VOID CALLBACK async_start_func_win(PVOID unused)
+{
+    async_start_func();
+}
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/async/arch/async_win.h b/trunk/3rdparty/openssl-1.1-fit/crypto/async/arch/async_win.h
new file mode 100644
index 000000000..61cfdd72d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/async/arch/async_win.h
@@ -0,0 +1,36 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This is the same detection used in cryptlib to set up the thread local
+ * storage that we depend on, so just copy that
+ */
+#if defined(_WIN32) && !defined(OPENSSL_NO_ASYNC)
+#include <openssl/async.h>
+# define ASYNC_WIN
+# define ASYNC_ARCH
+
+# include <windows.h>
+# include "internal/cryptlib.h"
+
+typedef struct async_fibre_st {
+    LPVOID fibre;
+    int converted;
+} async_fibre;
+
+# define async_fibre_swapcontext(o,n,r) \
+        (SwitchToFiber((n)->fibre), 1)
+# define async_fibre_makecontext(c) \
+        ((c)->fibre = CreateFiber(0, async_start_func_win, 0))
+# define async_fibre_free(f)             (DeleteFiber((f)->fibre))
+
+int async_fibre_init_dispatcher(async_fibre *fibre);
+VOID CALLBACK async_start_func_win(PVOID unused);
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/async/async.c b/trunk/3rdparty/openssl-1.1-fit/crypto/async/async.c
new file mode 100644
index 000000000..1d83e4576
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/async/async.c
@@ -0,0 +1,451 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Without this we start getting longjmp crashes because it thinks we're jumping
+ * up the stack when in fact we are jumping to an entirely different stack. The
+ * cost of this is not having certain buffer overrun/underrun checks etc for
+ * this source file :-(
+ */
+#undef _FORTIFY_SOURCE
+
+/* This must be the first #include file */
+#include "async_locl.h"
+
+#include <openssl/err.h>
+#include "internal/cryptlib_int.h"
+#include <string.h>
+
+#define ASYNC_JOB_RUNNING   0
+#define ASYNC_JOB_PAUSING   1
+#define ASYNC_JOB_PAUSED    2
+#define ASYNC_JOB_STOPPING  3
+
+static CRYPTO_THREAD_LOCAL ctxkey;
+static CRYPTO_THREAD_LOCAL poolkey;
+
+static async_ctx *async_ctx_new(void)
+{
+    async_ctx *nctx;
+
+    if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_ASYNC))
+        return NULL;
+
+    nctx = OPENSSL_malloc(sizeof(*nctx));
+    if (nctx == NULL) {
+        ASYNCerr(ASYNC_F_ASYNC_CTX_NEW, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    async_fibre_init_dispatcher(&nctx->dispatcher);
+    nctx->currjob = NULL;
+    nctx->blocked = 0;
+    if (!CRYPTO_THREAD_set_local(&ctxkey, nctx))
+        goto err;
+
+    return nctx;
+err:
+    OPENSSL_free(nctx);
+
+    return NULL;
+}
+
+async_ctx *async_get_ctx(void)
+{
+    return (async_ctx *)CRYPTO_THREAD_get_local(&ctxkey);
+}
+
+static int async_ctx_free(void)
+{
+    async_ctx *ctx;
+
+    ctx = async_get_ctx();
+
+    if (!CRYPTO_THREAD_set_local(&ctxkey, NULL))
+        return 0;
+
+    OPENSSL_free(ctx);
+
+    return 1;
+}
+
+static ASYNC_JOB *async_job_new(void)
+{
+    ASYNC_JOB *job = NULL;
+
+    job = OPENSSL_zalloc(sizeof(*job));
+    if (job == NULL) {
+        ASYNCerr(ASYNC_F_ASYNC_JOB_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    job->status = ASYNC_JOB_RUNNING;
+
+    return job;
+}
+
+static void async_job_free(ASYNC_JOB *job)
+{
+    if (job != NULL) {
+        OPENSSL_free(job->funcargs);
+        async_fibre_free(&job->fibrectx);
+        OPENSSL_free(job);
+    }
+}
+
+static ASYNC_JOB *async_get_pool_job(void) {
+    ASYNC_JOB *job;
+    async_pool *pool;
+
+    pool = (async_pool *)CRYPTO_THREAD_get_local(&poolkey);
+    if (pool == NULL) {
+        /*
+         * Pool has not been initialised, so init with the defaults, i.e.
+         * no max size and no pre-created jobs
+         */
+        if (ASYNC_init_thread(0, 0) == 0)
+            return NULL;
+        pool = (async_pool *)CRYPTO_THREAD_get_local(&poolkey);
+    }
+
+    job = sk_ASYNC_JOB_pop(pool->jobs);
+    if (job == NULL) {
+        /* Pool is empty */
+        if ((pool->max_size != 0) && (pool->curr_size >= pool->max_size))
+            return NULL;
+
+        job = async_job_new();
+        if (job != NULL) {
+            if (! async_fibre_makecontext(&job->fibrectx)) {
+                async_job_free(job);
+                return NULL;
+            }
+            pool->curr_size++;
+        }
+    }
+    return job;
+}
+
+static void async_release_job(ASYNC_JOB *job) {
+    async_pool *pool;
+
+    pool = (async_pool *)CRYPTO_THREAD_get_local(&poolkey);
+    OPENSSL_free(job->funcargs);
+    job->funcargs = NULL;
+    sk_ASYNC_JOB_push(pool->jobs, job);
+}
+
+void async_start_func(void)
+{
+    ASYNC_JOB *job;
+    async_ctx *ctx = async_get_ctx();
+
+    while (1) {
+        /* Run the job */
+        job = ctx->currjob;
+        job->ret = job->func(job->funcargs);
+
+        /* Stop the job */
+        job->status = ASYNC_JOB_STOPPING;
+        if (!async_fibre_swapcontext(&job->fibrectx,
+                                     &ctx->dispatcher, 1)) {
+            /*
+             * Should not happen. Getting here will close the thread...can't do
+             * much about it
+             */
+            ASYNCerr(ASYNC_F_ASYNC_START_FUNC, ASYNC_R_FAILED_TO_SWAP_CONTEXT);
+        }
+    }
+}
+
+int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *wctx, int *ret,
+                    int (*func)(void *), void *args, size_t size)
+{
+    async_ctx *ctx;
+
+    if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL))
+        return ASYNC_ERR;
+
+    ctx = async_get_ctx();
+    if (ctx == NULL)
+        ctx = async_ctx_new();
+    if (ctx == NULL)
+        return ASYNC_ERR;
+
+    if (*job)
+        ctx->currjob = *job;
+
+    for (;;) {
+        if (ctx->currjob != NULL) {
+            if (ctx->currjob->status == ASYNC_JOB_STOPPING) {
+                *ret = ctx->currjob->ret;
+                ctx->currjob->waitctx = NULL;
+                async_release_job(ctx->currjob);
+                ctx->currjob = NULL;
+                *job = NULL;
+                return ASYNC_FINISH;
+            }
+
+            if (ctx->currjob->status == ASYNC_JOB_PAUSING) {
+                *job = ctx->currjob;
+                ctx->currjob->status = ASYNC_JOB_PAUSED;
+                ctx->currjob = NULL;
+                return ASYNC_PAUSE;
+            }
+
+            if (ctx->currjob->status == ASYNC_JOB_PAUSED) {
+                ctx->currjob = *job;
+                /* Resume previous job */
+                if (!async_fibre_swapcontext(&ctx->dispatcher,
+                        &ctx->currjob->fibrectx, 1)) {
+                    ASYNCerr(ASYNC_F_ASYNC_START_JOB,
+                             ASYNC_R_FAILED_TO_SWAP_CONTEXT);
+                    goto err;
+                }
+                continue;
+            }
+
+            /* Should not happen */
+            ASYNCerr(ASYNC_F_ASYNC_START_JOB, ERR_R_INTERNAL_ERROR);
+            async_release_job(ctx->currjob);
+            ctx->currjob = NULL;
+            *job = NULL;
+            return ASYNC_ERR;
+        }
+
+        /* Start a new job */
+        if ((ctx->currjob = async_get_pool_job()) == NULL)
+            return ASYNC_NO_JOBS;
+
+        if (args != NULL) {
+            ctx->currjob->funcargs = OPENSSL_malloc(size);
+            if (ctx->currjob->funcargs == NULL) {
+                ASYNCerr(ASYNC_F_ASYNC_START_JOB, ERR_R_MALLOC_FAILURE);
+                async_release_job(ctx->currjob);
+                ctx->currjob = NULL;
+                return ASYNC_ERR;
+            }
+            memcpy(ctx->currjob->funcargs, args, size);
+        } else {
+            ctx->currjob->funcargs = NULL;
+        }
+
+        ctx->currjob->func = func;
+        ctx->currjob->waitctx = wctx;
+        if (!async_fibre_swapcontext(&ctx->dispatcher,
+                &ctx->currjob->fibrectx, 1)) {
+            ASYNCerr(ASYNC_F_ASYNC_START_JOB, ASYNC_R_FAILED_TO_SWAP_CONTEXT);
+            goto err;
+        }
+    }
+
+err:
+    async_release_job(ctx->currjob);
+    ctx->currjob = NULL;
+    *job = NULL;
+    return ASYNC_ERR;
+}
+
+int ASYNC_pause_job(void)
+{
+    ASYNC_JOB *job;
+    async_ctx *ctx = async_get_ctx();
+
+    if (ctx == NULL
+            || ctx->currjob == NULL
+            || ctx->blocked) {
+        /*
+         * Could be we've deliberately not been started within a job so this is
+         * counted as success.
+         */
+        return 1;
+    }
+
+    job = ctx->currjob;
+    job->status = ASYNC_JOB_PAUSING;
+
+    if (!async_fibre_swapcontext(&job->fibrectx,
+                                 &ctx->dispatcher, 1)) {
+        ASYNCerr(ASYNC_F_ASYNC_PAUSE_JOB, ASYNC_R_FAILED_TO_SWAP_CONTEXT);
+        return 0;
+    }
+    /* Reset counts of added and deleted fds */
+    async_wait_ctx_reset_counts(job->waitctx);
+
+    return 1;
+}
+
+static void async_empty_pool(async_pool *pool)
+{
+    ASYNC_JOB *job;
+
+    if (!pool || !pool->jobs)
+        return;
+
+    do {
+        job = sk_ASYNC_JOB_pop(pool->jobs);
+        async_job_free(job);
+    } while (job);
+}
+
+int async_init(void)
+{
+    if (!CRYPTO_THREAD_init_local(&ctxkey, NULL))
+        return 0;
+
+    if (!CRYPTO_THREAD_init_local(&poolkey, NULL)) {
+        CRYPTO_THREAD_cleanup_local(&ctxkey);
+        return 0;
+    }
+
+    return 1;
+}
+
+void async_deinit(void)
+{
+    CRYPTO_THREAD_cleanup_local(&ctxkey);
+    CRYPTO_THREAD_cleanup_local(&poolkey);
+}
+
+int ASYNC_init_thread(size_t max_size, size_t init_size)
+{
+    async_pool *pool;
+    size_t curr_size = 0;
+
+    if (init_size > max_size) {
+        ASYNCerr(ASYNC_F_ASYNC_INIT_THREAD, ASYNC_R_INVALID_POOL_SIZE);
+        return 0;
+    }
+
+    if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL))
+        return 0;
+
+    if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_ASYNC))
+        return 0;
+
+    pool = OPENSSL_zalloc(sizeof(*pool));
+    if (pool == NULL) {
+        ASYNCerr(ASYNC_F_ASYNC_INIT_THREAD, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    pool->jobs = sk_ASYNC_JOB_new_reserve(NULL, init_size);
+    if (pool->jobs == NULL) {
+        ASYNCerr(ASYNC_F_ASYNC_INIT_THREAD, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(pool);
+        return 0;
+    }
+
+    pool->max_size = max_size;
+
+    /* Pre-create jobs as required */
+    while (init_size--) {
+        ASYNC_JOB *job;
+        job = async_job_new();
+        if (job == NULL || !async_fibre_makecontext(&job->fibrectx)) {
+            /*
+             * Not actually fatal because we already created the pool, just
+             * skip creation of any more jobs
+             */
+            async_job_free(job);
+            break;
+        }
+        job->funcargs = NULL;
+        sk_ASYNC_JOB_push(pool->jobs, job); /* Cannot fail due to reserve */
+        curr_size++;
+    }
+    pool->curr_size = curr_size;
+    if (!CRYPTO_THREAD_set_local(&poolkey, pool)) {
+        ASYNCerr(ASYNC_F_ASYNC_INIT_THREAD, ASYNC_R_FAILED_TO_SET_POOL);
+        goto err;
+    }
+
+    return 1;
+err:
+    async_empty_pool(pool);
+    sk_ASYNC_JOB_free(pool->jobs);
+    OPENSSL_free(pool);
+    return 0;
+}
+
+void async_delete_thread_state(void)
+{
+    async_pool *pool = (async_pool *)CRYPTO_THREAD_get_local(&poolkey);
+
+    if (pool != NULL) {
+        async_empty_pool(pool);
+        sk_ASYNC_JOB_free(pool->jobs);
+        OPENSSL_free(pool);
+        CRYPTO_THREAD_set_local(&poolkey, NULL);
+    }
+    async_local_cleanup();
+    async_ctx_free();
+}
+
+void ASYNC_cleanup_thread(void)
+{
+    if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL))
+        return;
+
+    async_delete_thread_state();
+}
+
+ASYNC_JOB *ASYNC_get_current_job(void)
+{
+    async_ctx *ctx;
+
+    if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL))
+        return NULL;
+
+    ctx = async_get_ctx();
+    if (ctx == NULL)
+        return NULL;
+
+    return ctx->currjob;
+}
+
+ASYNC_WAIT_CTX *ASYNC_get_wait_ctx(ASYNC_JOB *job)
+{
+    return job->waitctx;
+}
+
+void ASYNC_block_pause(void)
+{
+    async_ctx *ctx;
+
+    if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL))
+        return;
+
+    ctx = async_get_ctx();
+    if (ctx == NULL || ctx->currjob == NULL) {
+        /*
+         * We're not in a job anyway so ignore this
+         */
+        return;
+    }
+    ctx->blocked++;
+}
+
+void ASYNC_unblock_pause(void)
+{
+    async_ctx *ctx;
+
+    if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL))
+        return;
+
+    ctx = async_get_ctx();
+    if (ctx == NULL || ctx->currjob == NULL) {
+        /*
+         * We're not in a job anyway so ignore this
+         */
+        return;
+    }
+    if (ctx->blocked > 0)
+        ctx->blocked--;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/async/async_err.c b/trunk/3rdparty/openssl-1.1-fit/crypto/async/async_err.c
new file mode 100644
index 000000000..fd5527aae
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/async/async_err.c
@@ -0,0 +1,51 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/asyncerr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA ASYNC_str_functs[] = {
+    {ERR_PACK(ERR_LIB_ASYNC, ASYNC_F_ASYNC_CTX_NEW, 0), "async_ctx_new"},
+    {ERR_PACK(ERR_LIB_ASYNC, ASYNC_F_ASYNC_INIT_THREAD, 0),
+     "ASYNC_init_thread"},
+    {ERR_PACK(ERR_LIB_ASYNC, ASYNC_F_ASYNC_JOB_NEW, 0), "async_job_new"},
+    {ERR_PACK(ERR_LIB_ASYNC, ASYNC_F_ASYNC_PAUSE_JOB, 0), "ASYNC_pause_job"},
+    {ERR_PACK(ERR_LIB_ASYNC, ASYNC_F_ASYNC_START_FUNC, 0), "async_start_func"},
+    {ERR_PACK(ERR_LIB_ASYNC, ASYNC_F_ASYNC_START_JOB, 0), "ASYNC_start_job"},
+    {ERR_PACK(ERR_LIB_ASYNC, ASYNC_F_ASYNC_WAIT_CTX_SET_WAIT_FD, 0),
+     "ASYNC_WAIT_CTX_set_wait_fd"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA ASYNC_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_ASYNC, 0, ASYNC_R_FAILED_TO_SET_POOL),
+    "failed to set pool"},
+    {ERR_PACK(ERR_LIB_ASYNC, 0, ASYNC_R_FAILED_TO_SWAP_CONTEXT),
+    "failed to swap context"},
+    {ERR_PACK(ERR_LIB_ASYNC, 0, ASYNC_R_INIT_FAILED), "init failed"},
+    {ERR_PACK(ERR_LIB_ASYNC, 0, ASYNC_R_INVALID_POOL_SIZE),
+    "invalid pool size"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_ASYNC_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(ASYNC_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(ASYNC_str_functs);
+        ERR_load_strings_const(ASYNC_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/async/async_locl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/async/async_locl.h
new file mode 100644
index 000000000..d7790293f
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/async/async_locl.h
@@ -0,0 +1,77 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Must do this before including any header files, because on MacOS/X <stlib.h>
+ * includes <signal.h> which includes <ucontext.h>
+ */
+#if defined(__APPLE__) && defined(__MACH__) && !defined(_XOPEN_SOURCE)
+# define _XOPEN_SOURCE          /* Otherwise incomplete ucontext_t structure */
+# pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+#endif
+
+#if defined(_WIN32)
+# include <windows.h>
+#endif
+
+#include "internal/async.h"
+#include <openssl/crypto.h>
+
+typedef struct async_ctx_st async_ctx;
+typedef struct async_pool_st async_pool;
+
+#include "arch/async_win.h"
+#include "arch/async_posix.h"
+#include "arch/async_null.h"
+
+struct async_ctx_st {
+    async_fibre dispatcher;
+    ASYNC_JOB *currjob;
+    unsigned int blocked;
+};
+
+struct async_job_st {
+    async_fibre fibrectx;
+    int (*func) (void *);
+    void *funcargs;
+    int ret;
+    int status;
+    ASYNC_WAIT_CTX *waitctx;
+};
+
+struct fd_lookup_st {
+    const void *key;
+    OSSL_ASYNC_FD fd;
+    void *custom_data;
+    void (*cleanup)(ASYNC_WAIT_CTX *, const void *, OSSL_ASYNC_FD, void *);
+    int add;
+    int del;
+    struct fd_lookup_st *next;
+};
+
+struct async_wait_ctx_st {
+    struct fd_lookup_st *fds;
+    size_t numadd;
+    size_t numdel;
+};
+
+DEFINE_STACK_OF(ASYNC_JOB)
+
+struct async_pool_st {
+    STACK_OF(ASYNC_JOB) *jobs;
+    size_t curr_size;
+    size_t max_size;
+};
+
+void async_local_cleanup(void);
+void async_start_func(void);
+async_ctx *async_get_ctx(void);
+
+void async_wait_ctx_reset_counts(ASYNC_WAIT_CTX *ctx);
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/async/async_wait.c b/trunk/3rdparty/openssl-1.1-fit/crypto/async/async_wait.c
new file mode 100644
index 000000000..b23e43e8c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/async/async_wait.c
@@ -0,0 +1,213 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* This must be the first #include file */
+#include "async_locl.h"
+
+#include <openssl/err.h>
+
+ASYNC_WAIT_CTX *ASYNC_WAIT_CTX_new(void)
+{
+    return OPENSSL_zalloc(sizeof(ASYNC_WAIT_CTX));
+}
+
+void ASYNC_WAIT_CTX_free(ASYNC_WAIT_CTX *ctx)
+{
+    struct fd_lookup_st *curr;
+    struct fd_lookup_st *next;
+
+    if (ctx == NULL)
+        return;
+
+    curr = ctx->fds;
+    while (curr != NULL) {
+        if (!curr->del) {
+            /* Only try and cleanup if it hasn't been marked deleted */
+            if (curr->cleanup != NULL)
+                curr->cleanup(ctx, curr->key, curr->fd, curr->custom_data);
+        }
+        /* Always free the fd_lookup_st */
+        next = curr->next;
+        OPENSSL_free(curr);
+        curr = next;
+    }
+
+    OPENSSL_free(ctx);
+}
+int ASYNC_WAIT_CTX_set_wait_fd(ASYNC_WAIT_CTX *ctx, const void *key,
+                               OSSL_ASYNC_FD fd, void *custom_data,
+                               void (*cleanup)(ASYNC_WAIT_CTX *, const void *,
+                                               OSSL_ASYNC_FD, void *))
+{
+    struct fd_lookup_st *fdlookup;
+
+    if ((fdlookup = OPENSSL_zalloc(sizeof(*fdlookup))) == NULL) {
+        ASYNCerr(ASYNC_F_ASYNC_WAIT_CTX_SET_WAIT_FD, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    fdlookup->key = key;
+    fdlookup->fd = fd;
+    fdlookup->custom_data = custom_data;
+    fdlookup->cleanup = cleanup;
+    fdlookup->add = 1;
+    fdlookup->next = ctx->fds;
+    ctx->fds = fdlookup;
+    ctx->numadd++;
+    return 1;
+}
+
+int ASYNC_WAIT_CTX_get_fd(ASYNC_WAIT_CTX *ctx, const void *key,
+                          OSSL_ASYNC_FD *fd, void **custom_data)
+{
+    struct fd_lookup_st *curr;
+
+    curr = ctx->fds;
+    while (curr != NULL) {
+        if (curr->del) {
+            /* This one has been marked deleted so do nothing */
+            curr = curr->next;
+            continue;
+        }
+        if (curr->key == key) {
+            *fd = curr->fd;
+            *custom_data = curr->custom_data;
+            return 1;
+        }
+        curr = curr->next;
+    }
+    return 0;
+}
+
+int ASYNC_WAIT_CTX_get_all_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *fd,
+                               size_t *numfds)
+{
+    struct fd_lookup_st *curr;
+
+    curr = ctx->fds;
+    *numfds = 0;
+    while (curr != NULL) {
+        if (curr->del) {
+            /* This one has been marked deleted so do nothing */
+            curr = curr->next;
+            continue;
+        }
+        if (fd != NULL) {
+            *fd = curr->fd;
+            fd++;
+        }
+        (*numfds)++;
+        curr = curr->next;
+    }
+    return 1;
+}
+
+int ASYNC_WAIT_CTX_get_changed_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *addfd,
+                                   size_t *numaddfds, OSSL_ASYNC_FD *delfd,
+                                   size_t *numdelfds)
+{
+    struct fd_lookup_st *curr;
+
+    *numaddfds = ctx->numadd;
+    *numdelfds = ctx->numdel;
+    if (addfd == NULL && delfd == NULL)
+        return 1;
+
+    curr = ctx->fds;
+
+    while (curr != NULL) {
+        /* We ignore fds that have been marked as both added and deleted */
+        if (curr->del && !curr->add && (delfd != NULL)) {
+            *delfd = curr->fd;
+            delfd++;
+        }
+        if (curr->add && !curr->del && (addfd != NULL)) {
+            *addfd = curr->fd;
+            addfd++;
+        }
+        curr = curr->next;
+    }
+
+    return 1;
+}
+
+int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key)
+{
+    struct fd_lookup_st *curr, *prev;
+
+    curr = ctx->fds;
+    prev = NULL;
+    while (curr != NULL) {
+        if (curr->del == 1) {
+            /* This one has been marked deleted already so do nothing */
+            prev = curr;
+            curr = curr->next;
+            continue;
+        }
+        if (curr->key == key) {
+            /* If fd has just been added, remove it from the list */
+            if (curr->add == 1) {
+                if (ctx->fds == curr) {
+                    ctx->fds = curr->next;
+                } else {
+                    prev->next = curr->next;
+                }
+
+                /* It is responsibility of the caller to cleanup before calling
+                 * ASYNC_WAIT_CTX_clear_fd
+                 */
+                OPENSSL_free(curr);
+                ctx->numadd--;
+                return 1;
+            }
+
+            /*
+             * Mark it as deleted. We don't call cleanup if explicitly asked
+             * to clear an fd. We assume the caller is going to do that (if
+             * appropriate).
+             */
+            curr->del = 1;
+            ctx->numdel++;
+            return 1;
+        }
+        prev = curr;
+        curr = curr->next;
+    }
+    return 0;
+}
+
+void async_wait_ctx_reset_counts(ASYNC_WAIT_CTX *ctx)
+{
+    struct fd_lookup_st *curr, *prev = NULL;
+
+    ctx->numadd = 0;
+    ctx->numdel = 0;
+
+    curr = ctx->fds;
+
+    while (curr != NULL) {
+        if (curr->del) {
+            if (prev == NULL)
+                ctx->fds = curr->next;
+            else
+                prev->next = curr->next;
+            OPENSSL_free(curr);
+            if (prev == NULL)
+                curr = ctx->fds;
+            else
+                curr = prev->next;
+            continue;
+        }
+        if (curr->add) {
+            curr->add = 0;
+        }
+        prev = curr;
+        curr = curr->next;
+    }
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/async/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/async/build.info
new file mode 100644
index 000000000..278e3e9f8
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/async/build.info
@@ -0,0 +1,4 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        async.c async_wait.c async_err.c arch/async_posix.c arch/async_win.c \
+        arch/async_null.c
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bf/asm/bf-586.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bf/asm/bf-586.pl
new file mode 100644
index 000000000..4e913aecf
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bf/asm/bf-586.pl
@@ -0,0 +1,149 @@
+#! /usr/bin/env perl
+# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+require "cbc.pl";
+
+$output = pop;
+open STDOUT,">$output";
+
+&asm_init($ARGV[0],$ARGV[$#ARGV] eq "386");
+
+$BF_ROUNDS=16;
+$BF_OFF=($BF_ROUNDS+2)*4;
+$L="edi";
+$R="esi";
+$P="ebp";
+$tmp1="eax";
+$tmp2="ebx";
+$tmp3="ecx";
+$tmp4="edx";
+
+&BF_encrypt("BF_encrypt",1);
+&BF_encrypt("BF_decrypt",0);
+&cbc("BF_cbc_encrypt","BF_encrypt","BF_decrypt",1,4,5,3,-1,-1);
+&asm_finish();
+
+close STDOUT;
+
+sub BF_encrypt
+	{
+	local($name,$enc)=@_;
+
+	&function_begin_B($name,"");
+
+	&comment("");
+
+	&push("ebp");
+	&push("ebx");
+	&mov($tmp2,&wparam(0));
+	&mov($P,&wparam(1));
+	&push("esi");
+	&push("edi");
+
+	&comment("Load the 2 words");
+	&mov($L,&DWP(0,$tmp2,"",0));
+	&mov($R,&DWP(4,$tmp2,"",0));
+
+	&xor(	$tmp1,	$tmp1);
+
+	# encrypting part
+
+	if ($enc)
+		{
+		 &mov($tmp2,&DWP(0,$P,"",0));
+		&xor(	$tmp3,	$tmp3);
+
+		&xor($L,$tmp2);
+		for ($i=0; $i<$BF_ROUNDS; $i+=2)
+			{
+			&comment("");
+			&comment("Round $i");
+			&BF_ENCRYPT($i+1,$R,$L,$P,$tmp1,$tmp2,$tmp3,$tmp4,1);
+
+			&comment("");
+			&comment("Round ".sprintf("%d",$i+1));
+			&BF_ENCRYPT($i+2,$L,$R,$P,$tmp1,$tmp2,$tmp3,$tmp4,1);
+			}
+		# &mov($tmp1,&wparam(0)); In last loop
+		&mov($tmp4,&DWP(($BF_ROUNDS+1)*4,$P,"",0));
+		}
+	else
+		{
+		 &mov($tmp2,&DWP(($BF_ROUNDS+1)*4,$P,"",0));
+		&xor(	$tmp3,	$tmp3);
+
+		&xor($L,$tmp2);
+		for ($i=$BF_ROUNDS; $i>0; $i-=2)
+			{
+			&comment("");
+			&comment("Round $i");
+			&BF_ENCRYPT($i,$R,$L,$P,$tmp1,$tmp2,$tmp3,$tmp4,0);
+			&comment("");
+			&comment("Round ".sprintf("%d",$i-1));
+			&BF_ENCRYPT($i-1,$L,$R,$P,$tmp1,$tmp2,$tmp3,$tmp4,0);
+			}
+		# &mov($tmp1,&wparam(0)); In last loop
+		&mov($tmp4,&DWP(0,$P,"",0));
+		}
+
+	&xor($R,$tmp4);
+	&mov(&DWP(4,$tmp1,"",0),$L);
+
+	&mov(&DWP(0,$tmp1,"",0),$R);
+	&function_end($name);
+	}
+
+sub BF_ENCRYPT
+	{
+	local($i,$L,$R,$P,$tmp1,$tmp2,$tmp3,$tmp4,$enc)=@_;
+
+	&mov(	$tmp4,		&DWP(&n2a($i*4),$P,"",0)); # for next round
+
+	&mov(	$tmp2,		$R);
+	&xor(	$L,		$tmp4);
+
+	&shr(	$tmp2,		16);
+	&mov(	$tmp4,		$R);
+
+	&movb(	&LB($tmp1),	&HB($tmp2));	# A
+	&and(	$tmp2,		0xff);		# B
+
+	&movb(	&LB($tmp3),	&HB($tmp4));	# C
+	&and(	$tmp4,		0xff);		# D
+
+	&mov(	$tmp1,		&DWP(&n2a($BF_OFF+0x0000),$P,$tmp1,4));
+	&mov(	$tmp2,		&DWP(&n2a($BF_OFF+0x0400),$P,$tmp2,4));
+
+	&add(	$tmp2,		$tmp1);
+	&mov(	$tmp1,		&DWP(&n2a($BF_OFF+0x0800),$P,$tmp3,4));
+
+	&xor(	$tmp2,		$tmp1);
+	&mov(	$tmp4,		&DWP(&n2a($BF_OFF+0x0C00),$P,$tmp4,4));
+
+	&add(	$tmp2,		$tmp4);
+	if (($enc && ($i != 16)) || ((!$enc) && ($i != 1)))
+		{ &xor(	$tmp1,		$tmp1); }
+	else
+		{
+		&comment("Load parameter 0 ($i) enc=$enc");
+		&mov($tmp1,&wparam(0));
+		} # In last loop
+
+	&xor(	$L,		$tmp2);
+	# delay
+	}
+
+sub n2a
+	{
+	sprintf("%d",$_[0]);
+	}
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bf/bf_cfb64.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bf/bf_cfb64.c
new file mode 100644
index 000000000..ce6e13b5a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bf/bf_cfb64.c
@@ -0,0 +1,74 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/blowfish.h>
+#include "bf_locl.h"
+
+/*
+ * The input and output encrypted as though 64bit cfb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+
+void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                      long length, const BF_KEY *schedule,
+                      unsigned char *ivec, int *num, int encrypt)
+{
+    register BF_LONG v0, v1, t;
+    register int n = *num;
+    register long l = length;
+    BF_LONG ti[2];
+    unsigned char *iv, c, cc;
+
+    iv = (unsigned char *)ivec;
+    if (encrypt) {
+        while (l--) {
+            if (n == 0) {
+                n2l(iv, v0);
+                ti[0] = v0;
+                n2l(iv, v1);
+                ti[1] = v1;
+                BF_encrypt((BF_LONG *)ti, schedule);
+                iv = (unsigned char *)ivec;
+                t = ti[0];
+                l2n(t, iv);
+                t = ti[1];
+                l2n(t, iv);
+                iv = (unsigned char *)ivec;
+            }
+            c = *(in++) ^ iv[n];
+            *(out++) = c;
+            iv[n] = c;
+            n = (n + 1) & 0x07;
+        }
+    } else {
+        while (l--) {
+            if (n == 0) {
+                n2l(iv, v0);
+                ti[0] = v0;
+                n2l(iv, v1);
+                ti[1] = v1;
+                BF_encrypt((BF_LONG *)ti, schedule);
+                iv = (unsigned char *)ivec;
+                t = ti[0];
+                l2n(t, iv);
+                t = ti[1];
+                l2n(t, iv);
+                iv = (unsigned char *)ivec;
+            }
+            cc = *(in++);
+            c = iv[n];
+            iv[n] = cc;
+            *(out++) = c ^ cc;
+            n = (n + 1) & 0x07;
+        }
+    }
+    v0 = v1 = ti[0] = ti[1] = t = c = cc = 0;
+    *num = n;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bf/bf_ecb.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bf/bf_ecb.c
new file mode 100644
index 000000000..dc1becdbe
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bf/bf_ecb.c
@@ -0,0 +1,43 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/blowfish.h>
+#include "bf_locl.h"
+#include <openssl/opensslv.h>
+
+/*
+ * Blowfish as implemented from 'Blowfish: Springer-Verlag paper' (From
+ * LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION, CAMBRIDGE
+ * SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
+ */
+
+const char *BF_options(void)
+{
+    return "blowfish(ptr)";
+}
+
+void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                    const BF_KEY *key, int encrypt)
+{
+    BF_LONG l, d[2];
+
+    n2l(in, l);
+    d[0] = l;
+    n2l(in, l);
+    d[1] = l;
+    if (encrypt)
+        BF_encrypt(d, key);
+    else
+        BF_decrypt(d, key);
+    l = d[0];
+    l2n(l, out);
+    l = d[1];
+    l2n(l, out);
+    l = d[0] = d[1] = 0;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bf/bf_enc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bf/bf_enc.c
new file mode 100644
index 000000000..67c0d78ae
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bf/bf_enc.c
@@ -0,0 +1,175 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/blowfish.h>
+#include "bf_locl.h"
+
+/*
+ * Blowfish as implemented from 'Blowfish: Springer-Verlag paper' (From
+ * LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION, CAMBRIDGE
+ * SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
+ */
+
+#if (BF_ROUNDS != 16) && (BF_ROUNDS != 20)
+# error If you set BF_ROUNDS to some value other than 16 or 20, you will have \
+to modify the code.
+#endif
+
+void BF_encrypt(BF_LONG *data, const BF_KEY *key)
+{
+    register BF_LONG l, r;
+    register const BF_LONG *p, *s;
+
+    p = key->P;
+    s = &(key->S[0]);
+    l = data[0];
+    r = data[1];
+
+    l ^= p[0];
+    BF_ENC(r, l, s, p[1]);
+    BF_ENC(l, r, s, p[2]);
+    BF_ENC(r, l, s, p[3]);
+    BF_ENC(l, r, s, p[4]);
+    BF_ENC(r, l, s, p[5]);
+    BF_ENC(l, r, s, p[6]);
+    BF_ENC(r, l, s, p[7]);
+    BF_ENC(l, r, s, p[8]);
+    BF_ENC(r, l, s, p[9]);
+    BF_ENC(l, r, s, p[10]);
+    BF_ENC(r, l, s, p[11]);
+    BF_ENC(l, r, s, p[12]);
+    BF_ENC(r, l, s, p[13]);
+    BF_ENC(l, r, s, p[14]);
+    BF_ENC(r, l, s, p[15]);
+    BF_ENC(l, r, s, p[16]);
+# if BF_ROUNDS == 20
+    BF_ENC(r, l, s, p[17]);
+    BF_ENC(l, r, s, p[18]);
+    BF_ENC(r, l, s, p[19]);
+    BF_ENC(l, r, s, p[20]);
+# endif
+    r ^= p[BF_ROUNDS + 1];
+
+    data[1] = l & 0xffffffffU;
+    data[0] = r & 0xffffffffU;
+}
+
+void BF_decrypt(BF_LONG *data, const BF_KEY *key)
+{
+    register BF_LONG l, r;
+    register const BF_LONG *p, *s;
+
+    p = key->P;
+    s = &(key->S[0]);
+    l = data[0];
+    r = data[1];
+
+    l ^= p[BF_ROUNDS + 1];
+#  if BF_ROUNDS == 20
+    BF_ENC(r, l, s, p[20]);
+    BF_ENC(l, r, s, p[19]);
+    BF_ENC(r, l, s, p[18]);
+    BF_ENC(l, r, s, p[17]);
+#  endif
+    BF_ENC(r, l, s, p[16]);
+    BF_ENC(l, r, s, p[15]);
+    BF_ENC(r, l, s, p[14]);
+    BF_ENC(l, r, s, p[13]);
+    BF_ENC(r, l, s, p[12]);
+    BF_ENC(l, r, s, p[11]);
+    BF_ENC(r, l, s, p[10]);
+    BF_ENC(l, r, s, p[9]);
+    BF_ENC(r, l, s, p[8]);
+    BF_ENC(l, r, s, p[7]);
+    BF_ENC(r, l, s, p[6]);
+    BF_ENC(l, r, s, p[5]);
+    BF_ENC(r, l, s, p[4]);
+    BF_ENC(l, r, s, p[3]);
+    BF_ENC(r, l, s, p[2]);
+    BF_ENC(l, r, s, p[1]);
+    r ^= p[0];
+
+    data[1] = l & 0xffffffffU;
+    data[0] = r & 0xffffffffU;
+}
+
+void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+                    const BF_KEY *schedule, unsigned char *ivec, int encrypt)
+{
+    register BF_LONG tin0, tin1;
+    register BF_LONG tout0, tout1, xor0, xor1;
+    register long l = length;
+    BF_LONG tin[2];
+
+    if (encrypt) {
+        n2l(ivec, tout0);
+        n2l(ivec, tout1);
+        ivec -= 8;
+        for (l -= 8; l >= 0; l -= 8) {
+            n2l(in, tin0);
+            n2l(in, tin1);
+            tin0 ^= tout0;
+            tin1 ^= tout1;
+            tin[0] = tin0;
+            tin[1] = tin1;
+            BF_encrypt(tin, schedule);
+            tout0 = tin[0];
+            tout1 = tin[1];
+            l2n(tout0, out);
+            l2n(tout1, out);
+        }
+        if (l != -8) {
+            n2ln(in, tin0, tin1, l + 8);
+            tin0 ^= tout0;
+            tin1 ^= tout1;
+            tin[0] = tin0;
+            tin[1] = tin1;
+            BF_encrypt(tin, schedule);
+            tout0 = tin[0];
+            tout1 = tin[1];
+            l2n(tout0, out);
+            l2n(tout1, out);
+        }
+        l2n(tout0, ivec);
+        l2n(tout1, ivec);
+    } else {
+        n2l(ivec, xor0);
+        n2l(ivec, xor1);
+        ivec -= 8;
+        for (l -= 8; l >= 0; l -= 8) {
+            n2l(in, tin0);
+            n2l(in, tin1);
+            tin[0] = tin0;
+            tin[1] = tin1;
+            BF_decrypt(tin, schedule);
+            tout0 = tin[0] ^ xor0;
+            tout1 = tin[1] ^ xor1;
+            l2n(tout0, out);
+            l2n(tout1, out);
+            xor0 = tin0;
+            xor1 = tin1;
+        }
+        if (l != -8) {
+            n2l(in, tin0);
+            n2l(in, tin1);
+            tin[0] = tin0;
+            tin[1] = tin1;
+            BF_decrypt(tin, schedule);
+            tout0 = tin[0] ^ xor0;
+            tout1 = tin[1] ^ xor1;
+            l2nn(tout0, tout1, out, l + 8);
+            xor0 = tin0;
+            xor1 = tin1;
+        }
+        l2n(xor0, ivec);
+        l2n(xor1, ivec);
+    }
+    tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
+    tin[0] = tin[1] = 0;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bf/bf_locl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/bf/bf_locl.h
new file mode 100644
index 000000000..b1a415e51
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bf/bf_locl.h
@@ -0,0 +1,84 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_BF_LOCL_H
+# define HEADER_BF_LOCL_H
+# include <openssl/opensslconf.h>
+
+/* NOTE - c is not incremented as per n2l */
+# define n2ln(c,l1,l2,n) { \
+                        c+=n; \
+                        l1=l2=0; \
+                        switch (n) { \
+                        case 8: l2 =((unsigned long)(*(--(c))))    ; \
+                        /* fall thru */                              \
+                        case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
+                        /* fall thru */                              \
+                        case 6: l2|=((unsigned long)(*(--(c))))<<16; \
+                        /* fall thru */                              \
+                        case 5: l2|=((unsigned long)(*(--(c))))<<24; \
+                        /* fall thru */                              \
+                        case 4: l1 =((unsigned long)(*(--(c))))    ; \
+                        /* fall thru */                              \
+                        case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
+                        /* fall thru */                              \
+                        case 2: l1|=((unsigned long)(*(--(c))))<<16; \
+                        /* fall thru */                              \
+                        case 1: l1|=((unsigned long)(*(--(c))))<<24; \
+                                } \
+                        }
+
+/* NOTE - c is not incremented as per l2n */
+# define l2nn(l1,l2,c,n) { \
+                        c+=n; \
+                        switch (n) { \
+                        case 8: *(--(c))=(unsigned char)(((l2)    )&0xff); \
+                        /* fall thru */                                    \
+                        case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
+                        /* fall thru */                                    \
+                        case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
+                        /* fall thru */                                    \
+                        case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
+                        /* fall thru */                                    \
+                        case 4: *(--(c))=(unsigned char)(((l1)    )&0xff); \
+                        /* fall thru */                                    \
+                        case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
+                        /* fall thru */                                    \
+                        case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
+                        /* fall thru */                                    \
+                        case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
+                                } \
+                        }
+
+# undef n2l
+# define n2l(c,l)        (l =((unsigned long)(*((c)++)))<<24L, \
+                         l|=((unsigned long)(*((c)++)))<<16L, \
+                         l|=((unsigned long)(*((c)++)))<< 8L, \
+                         l|=((unsigned long)(*((c)++))))
+
+# undef l2n
+# define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)     )&0xff))
+
+/*
+ * This is actually a big endian algorithm, the most significant byte is used
+ * to lookup array 0
+ */
+
+# define BF_ENC(LL,R,S,P) ( \
+        LL^=P, \
+        LL^=((( S[       ((R>>24)&0xff)] + \
+                S[0x0100+((R>>16)&0xff)])^ \
+                S[0x0200+((R>> 8)&0xff)])+ \
+                S[0x0300+((R    )&0xff)])&0xffffffffU \
+        )
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bf/bf_ofb64.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bf/bf_ofb64.c
new file mode 100644
index 000000000..6418217b3
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bf/bf_ofb64.c
@@ -0,0 +1,61 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/blowfish.h>
+#include "bf_locl.h"
+
+/*
+ * The input and output encrypted as though 64bit ofb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                      long length, const BF_KEY *schedule,
+                      unsigned char *ivec, int *num)
+{
+    register BF_LONG v0, v1, t;
+    register int n = *num;
+    register long l = length;
+    unsigned char d[8];
+    register char *dp;
+    BF_LONG ti[2];
+    unsigned char *iv;
+    int save = 0;
+
+    iv = (unsigned char *)ivec;
+    n2l(iv, v0);
+    n2l(iv, v1);
+    ti[0] = v0;
+    ti[1] = v1;
+    dp = (char *)d;
+    l2n(v0, dp);
+    l2n(v1, dp);
+    while (l--) {
+        if (n == 0) {
+            BF_encrypt((BF_LONG *)ti, schedule);
+            dp = (char *)d;
+            t = ti[0];
+            l2n(t, dp);
+            t = ti[1];
+            l2n(t, dp);
+            save++;
+        }
+        *(out++) = *(in++) ^ d[n];
+        n = (n + 1) & 0x07;
+    }
+    if (save) {
+        v0 = ti[0];
+        v1 = ti[1];
+        iv = (unsigned char *)ivec;
+        l2n(v0, iv);
+        l2n(v1, iv);
+    }
+    t = v0 = v1 = ti[0] = ti[1] = 0;
+    *num = n;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bf/bf_pi.h b/trunk/3rdparty/openssl-1.1-fit/crypto/bf/bf_pi.h
new file mode 100644
index 000000000..a054b03f8
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bf/bf_pi.h
@@ -0,0 +1,530 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+static const BF_KEY bf_init = {
+    {
+     0x243f6a88L, 0x85a308d3L, 0x13198a2eL, 0x03707344L,
+     0xa4093822L, 0x299f31d0L, 0x082efa98L, 0xec4e6c89L,
+     0x452821e6L, 0x38d01377L, 0xbe5466cfL, 0x34e90c6cL,
+     0xc0ac29b7L, 0xc97c50ddL, 0x3f84d5b5L, 0xb5470917L,
+     0x9216d5d9L, 0x8979fb1b}, {
+                                0xd1310ba6L, 0x98dfb5acL, 0x2ffd72dbL,
+                                0xd01adfb7L,
+                                0xb8e1afedL, 0x6a267e96L, 0xba7c9045L,
+                                0xf12c7f99L,
+                                0x24a19947L, 0xb3916cf7L, 0x0801f2e2L,
+                                0x858efc16L,
+                                0x636920d8L, 0x71574e69L, 0xa458fea3L,
+                                0xf4933d7eL,
+                                0x0d95748fL, 0x728eb658L, 0x718bcd58L,
+                                0x82154aeeL,
+                                0x7b54a41dL, 0xc25a59b5L, 0x9c30d539L,
+                                0x2af26013L,
+                                0xc5d1b023L, 0x286085f0L, 0xca417918L,
+                                0xb8db38efL,
+                                0x8e79dcb0L, 0x603a180eL, 0x6c9e0e8bL,
+                                0xb01e8a3eL,
+                                0xd71577c1L, 0xbd314b27L, 0x78af2fdaL,
+                                0x55605c60L,
+                                0xe65525f3L, 0xaa55ab94L, 0x57489862L,
+                                0x63e81440L,
+                                0x55ca396aL, 0x2aab10b6L, 0xb4cc5c34L,
+                                0x1141e8ceL,
+                                0xa15486afL, 0x7c72e993L, 0xb3ee1411L,
+                                0x636fbc2aL,
+                                0x2ba9c55dL, 0x741831f6L, 0xce5c3e16L,
+                                0x9b87931eL,
+                                0xafd6ba33L, 0x6c24cf5cL, 0x7a325381L,
+                                0x28958677L,
+                                0x3b8f4898L, 0x6b4bb9afL, 0xc4bfe81bL,
+                                0x66282193L,
+                                0x61d809ccL, 0xfb21a991L, 0x487cac60L,
+                                0x5dec8032L,
+                                0xef845d5dL, 0xe98575b1L, 0xdc262302L,
+                                0xeb651b88L,
+                                0x23893e81L, 0xd396acc5L, 0x0f6d6ff3L,
+                                0x83f44239L,
+                                0x2e0b4482L, 0xa4842004L, 0x69c8f04aL,
+                                0x9e1f9b5eL,
+                                0x21c66842L, 0xf6e96c9aL, 0x670c9c61L,
+                                0xabd388f0L,
+                                0x6a51a0d2L, 0xd8542f68L, 0x960fa728L,
+                                0xab5133a3L,
+                                0x6eef0b6cL, 0x137a3be4L, 0xba3bf050L,
+                                0x7efb2a98L,
+                                0xa1f1651dL, 0x39af0176L, 0x66ca593eL,
+                                0x82430e88L,
+                                0x8cee8619L, 0x456f9fb4L, 0x7d84a5c3L,
+                                0x3b8b5ebeL,
+                                0xe06f75d8L, 0x85c12073L, 0x401a449fL,
+                                0x56c16aa6L,
+                                0x4ed3aa62L, 0x363f7706L, 0x1bfedf72L,
+                                0x429b023dL,
+                                0x37d0d724L, 0xd00a1248L, 0xdb0fead3L,
+                                0x49f1c09bL,
+                                0x075372c9L, 0x80991b7bL, 0x25d479d8L,
+                                0xf6e8def7L,
+                                0xe3fe501aL, 0xb6794c3bL, 0x976ce0bdL,
+                                0x04c006baL,
+                                0xc1a94fb6L, 0x409f60c4L, 0x5e5c9ec2L,
+                                0x196a2463L,
+                                0x68fb6fafL, 0x3e6c53b5L, 0x1339b2ebL,
+                                0x3b52ec6fL,
+                                0x6dfc511fL, 0x9b30952cL, 0xcc814544L,
+                                0xaf5ebd09L,
+                                0xbee3d004L, 0xde334afdL, 0x660f2807L,
+                                0x192e4bb3L,
+                                0xc0cba857L, 0x45c8740fL, 0xd20b5f39L,
+                                0xb9d3fbdbL,
+                                0x5579c0bdL, 0x1a60320aL, 0xd6a100c6L,
+                                0x402c7279L,
+                                0x679f25feL, 0xfb1fa3ccL, 0x8ea5e9f8L,
+                                0xdb3222f8L,
+                                0x3c7516dfL, 0xfd616b15L, 0x2f501ec8L,
+                                0xad0552abL,
+                                0x323db5faL, 0xfd238760L, 0x53317b48L,
+                                0x3e00df82L,
+                                0x9e5c57bbL, 0xca6f8ca0L, 0x1a87562eL,
+                                0xdf1769dbL,
+                                0xd542a8f6L, 0x287effc3L, 0xac6732c6L,
+                                0x8c4f5573L,
+                                0x695b27b0L, 0xbbca58c8L, 0xe1ffa35dL,
+                                0xb8f011a0L,
+                                0x10fa3d98L, 0xfd2183b8L, 0x4afcb56cL,
+                                0x2dd1d35bL,
+                                0x9a53e479L, 0xb6f84565L, 0xd28e49bcL,
+                                0x4bfb9790L,
+                                0xe1ddf2daL, 0xa4cb7e33L, 0x62fb1341L,
+                                0xcee4c6e8L,
+                                0xef20cadaL, 0x36774c01L, 0xd07e9efeL,
+                                0x2bf11fb4L,
+                                0x95dbda4dL, 0xae909198L, 0xeaad8e71L,
+                                0x6b93d5a0L,
+                                0xd08ed1d0L, 0xafc725e0L, 0x8e3c5b2fL,
+                                0x8e7594b7L,
+                                0x8ff6e2fbL, 0xf2122b64L, 0x8888b812L,
+                                0x900df01cL,
+                                0x4fad5ea0L, 0x688fc31cL, 0xd1cff191L,
+                                0xb3a8c1adL,
+                                0x2f2f2218L, 0xbe0e1777L, 0xea752dfeL,
+                                0x8b021fa1L,
+                                0xe5a0cc0fL, 0xb56f74e8L, 0x18acf3d6L,
+                                0xce89e299L,
+                                0xb4a84fe0L, 0xfd13e0b7L, 0x7cc43b81L,
+                                0xd2ada8d9L,
+                                0x165fa266L, 0x80957705L, 0x93cc7314L,
+                                0x211a1477L,
+                                0xe6ad2065L, 0x77b5fa86L, 0xc75442f5L,
+                                0xfb9d35cfL,
+                                0xebcdaf0cL, 0x7b3e89a0L, 0xd6411bd3L,
+                                0xae1e7e49L,
+                                0x00250e2dL, 0x2071b35eL, 0x226800bbL,
+                                0x57b8e0afL,
+                                0x2464369bL, 0xf009b91eL, 0x5563911dL,
+                                0x59dfa6aaL,
+                                0x78c14389L, 0xd95a537fL, 0x207d5ba2L,
+                                0x02e5b9c5L,
+                                0x83260376L, 0x6295cfa9L, 0x11c81968L,
+                                0x4e734a41L,
+                                0xb3472dcaL, 0x7b14a94aL, 0x1b510052L,
+                                0x9a532915L,
+                                0xd60f573fL, 0xbc9bc6e4L, 0x2b60a476L,
+                                0x81e67400L,
+                                0x08ba6fb5L, 0x571be91fL, 0xf296ec6bL,
+                                0x2a0dd915L,
+                                0xb6636521L, 0xe7b9f9b6L, 0xff34052eL,
+                                0xc5855664L,
+                                0x53b02d5dL, 0xa99f8fa1L, 0x08ba4799L,
+                                0x6e85076aL,
+                                0x4b7a70e9L, 0xb5b32944L, 0xdb75092eL,
+                                0xc4192623L,
+                                0xad6ea6b0L, 0x49a7df7dL, 0x9cee60b8L,
+                                0x8fedb266L,
+                                0xecaa8c71L, 0x699a17ffL, 0x5664526cL,
+                                0xc2b19ee1L,
+                                0x193602a5L, 0x75094c29L, 0xa0591340L,
+                                0xe4183a3eL,
+                                0x3f54989aL, 0x5b429d65L, 0x6b8fe4d6L,
+                                0x99f73fd6L,
+                                0xa1d29c07L, 0xefe830f5L, 0x4d2d38e6L,
+                                0xf0255dc1L,
+                                0x4cdd2086L, 0x8470eb26L, 0x6382e9c6L,
+                                0x021ecc5eL,
+                                0x09686b3fL, 0x3ebaefc9L, 0x3c971814L,
+                                0x6b6a70a1L,
+                                0x687f3584L, 0x52a0e286L, 0xb79c5305L,
+                                0xaa500737L,
+                                0x3e07841cL, 0x7fdeae5cL, 0x8e7d44ecL,
+                                0x5716f2b8L,
+                                0xb03ada37L, 0xf0500c0dL, 0xf01c1f04L,
+                                0x0200b3ffL,
+                                0xae0cf51aL, 0x3cb574b2L, 0x25837a58L,
+                                0xdc0921bdL,
+                                0xd19113f9L, 0x7ca92ff6L, 0x94324773L,
+                                0x22f54701L,
+                                0x3ae5e581L, 0x37c2dadcL, 0xc8b57634L,
+                                0x9af3dda7L,
+                                0xa9446146L, 0x0fd0030eL, 0xecc8c73eL,
+                                0xa4751e41L,
+                                0xe238cd99L, 0x3bea0e2fL, 0x3280bba1L,
+                                0x183eb331L,
+                                0x4e548b38L, 0x4f6db908L, 0x6f420d03L,
+                                0xf60a04bfL,
+                                0x2cb81290L, 0x24977c79L, 0x5679b072L,
+                                0xbcaf89afL,
+                                0xde9a771fL, 0xd9930810L, 0xb38bae12L,
+                                0xdccf3f2eL,
+                                0x5512721fL, 0x2e6b7124L, 0x501adde6L,
+                                0x9f84cd87L,
+                                0x7a584718L, 0x7408da17L, 0xbc9f9abcL,
+                                0xe94b7d8cL,
+                                0xec7aec3aL, 0xdb851dfaL, 0x63094366L,
+                                0xc464c3d2L,
+                                0xef1c1847L, 0x3215d908L, 0xdd433b37L,
+                                0x24c2ba16L,
+                                0x12a14d43L, 0x2a65c451L, 0x50940002L,
+                                0x133ae4ddL,
+                                0x71dff89eL, 0x10314e55L, 0x81ac77d6L,
+                                0x5f11199bL,
+                                0x043556f1L, 0xd7a3c76bL, 0x3c11183bL,
+                                0x5924a509L,
+                                0xf28fe6edL, 0x97f1fbfaL, 0x9ebabf2cL,
+                                0x1e153c6eL,
+                                0x86e34570L, 0xeae96fb1L, 0x860e5e0aL,
+                                0x5a3e2ab3L,
+                                0x771fe71cL, 0x4e3d06faL, 0x2965dcb9L,
+                                0x99e71d0fL,
+                                0x803e89d6L, 0x5266c825L, 0x2e4cc978L,
+                                0x9c10b36aL,
+                                0xc6150ebaL, 0x94e2ea78L, 0xa5fc3c53L,
+                                0x1e0a2df4L,
+                                0xf2f74ea7L, 0x361d2b3dL, 0x1939260fL,
+                                0x19c27960L,
+                                0x5223a708L, 0xf71312b6L, 0xebadfe6eL,
+                                0xeac31f66L,
+                                0xe3bc4595L, 0xa67bc883L, 0xb17f37d1L,
+                                0x018cff28L,
+                                0xc332ddefL, 0xbe6c5aa5L, 0x65582185L,
+                                0x68ab9802L,
+                                0xeecea50fL, 0xdb2f953bL, 0x2aef7dadL,
+                                0x5b6e2f84L,
+                                0x1521b628L, 0x29076170L, 0xecdd4775L,
+                                0x619f1510L,
+                                0x13cca830L, 0xeb61bd96L, 0x0334fe1eL,
+                                0xaa0363cfL,
+                                0xb5735c90L, 0x4c70a239L, 0xd59e9e0bL,
+                                0xcbaade14L,
+                                0xeecc86bcL, 0x60622ca7L, 0x9cab5cabL,
+                                0xb2f3846eL,
+                                0x648b1eafL, 0x19bdf0caL, 0xa02369b9L,
+                                0x655abb50L,
+                                0x40685a32L, 0x3c2ab4b3L, 0x319ee9d5L,
+                                0xc021b8f7L,
+                                0x9b540b19L, 0x875fa099L, 0x95f7997eL,
+                                0x623d7da8L,
+                                0xf837889aL, 0x97e32d77L, 0x11ed935fL,
+                                0x16681281L,
+                                0x0e358829L, 0xc7e61fd6L, 0x96dedfa1L,
+                                0x7858ba99L,
+                                0x57f584a5L, 0x1b227263L, 0x9b83c3ffL,
+                                0x1ac24696L,
+                                0xcdb30aebL, 0x532e3054L, 0x8fd948e4L,
+                                0x6dbc3128L,
+                                0x58ebf2efL, 0x34c6ffeaL, 0xfe28ed61L,
+                                0xee7c3c73L,
+                                0x5d4a14d9L, 0xe864b7e3L, 0x42105d14L,
+                                0x203e13e0L,
+                                0x45eee2b6L, 0xa3aaabeaL, 0xdb6c4f15L,
+                                0xfacb4fd0L,
+                                0xc742f442L, 0xef6abbb5L, 0x654f3b1dL,
+                                0x41cd2105L,
+                                0xd81e799eL, 0x86854dc7L, 0xe44b476aL,
+                                0x3d816250L,
+                                0xcf62a1f2L, 0x5b8d2646L, 0xfc8883a0L,
+                                0xc1c7b6a3L,
+                                0x7f1524c3L, 0x69cb7492L, 0x47848a0bL,
+                                0x5692b285L,
+                                0x095bbf00L, 0xad19489dL, 0x1462b174L,
+                                0x23820e00L,
+                                0x58428d2aL, 0x0c55f5eaL, 0x1dadf43eL,
+                                0x233f7061L,
+                                0x3372f092L, 0x8d937e41L, 0xd65fecf1L,
+                                0x6c223bdbL,
+                                0x7cde3759L, 0xcbee7460L, 0x4085f2a7L,
+                                0xce77326eL,
+                                0xa6078084L, 0x19f8509eL, 0xe8efd855L,
+                                0x61d99735L,
+                                0xa969a7aaL, 0xc50c06c2L, 0x5a04abfcL,
+                                0x800bcadcL,
+                                0x9e447a2eL, 0xc3453484L, 0xfdd56705L,
+                                0x0e1e9ec9L,
+                                0xdb73dbd3L, 0x105588cdL, 0x675fda79L,
+                                0xe3674340L,
+                                0xc5c43465L, 0x713e38d8L, 0x3d28f89eL,
+                                0xf16dff20L,
+                                0x153e21e7L, 0x8fb03d4aL, 0xe6e39f2bL,
+                                0xdb83adf7L,
+                                0xe93d5a68L, 0x948140f7L, 0xf64c261cL,
+                                0x94692934L,
+                                0x411520f7L, 0x7602d4f7L, 0xbcf46b2eL,
+                                0xd4a20068L,
+                                0xd4082471L, 0x3320f46aL, 0x43b7d4b7L,
+                                0x500061afL,
+                                0x1e39f62eL, 0x97244546L, 0x14214f74L,
+                                0xbf8b8840L,
+                                0x4d95fc1dL, 0x96b591afL, 0x70f4ddd3L,
+                                0x66a02f45L,
+                                0xbfbc09ecL, 0x03bd9785L, 0x7fac6dd0L,
+                                0x31cb8504L,
+                                0x96eb27b3L, 0x55fd3941L, 0xda2547e6L,
+                                0xabca0a9aL,
+                                0x28507825L, 0x530429f4L, 0x0a2c86daL,
+                                0xe9b66dfbL,
+                                0x68dc1462L, 0xd7486900L, 0x680ec0a4L,
+                                0x27a18deeL,
+                                0x4f3ffea2L, 0xe887ad8cL, 0xb58ce006L,
+                                0x7af4d6b6L,
+                                0xaace1e7cL, 0xd3375fecL, 0xce78a399L,
+                                0x406b2a42L,
+                                0x20fe9e35L, 0xd9f385b9L, 0xee39d7abL,
+                                0x3b124e8bL,
+                                0x1dc9faf7L, 0x4b6d1856L, 0x26a36631L,
+                                0xeae397b2L,
+                                0x3a6efa74L, 0xdd5b4332L, 0x6841e7f7L,
+                                0xca7820fbL,
+                                0xfb0af54eL, 0xd8feb397L, 0x454056acL,
+                                0xba489527L,
+                                0x55533a3aL, 0x20838d87L, 0xfe6ba9b7L,
+                                0xd096954bL,
+                                0x55a867bcL, 0xa1159a58L, 0xcca92963L,
+                                0x99e1db33L,
+                                0xa62a4a56L, 0x3f3125f9L, 0x5ef47e1cL,
+                                0x9029317cL,
+                                0xfdf8e802L, 0x04272f70L, 0x80bb155cL,
+                                0x05282ce3L,
+                                0x95c11548L, 0xe4c66d22L, 0x48c1133fL,
+                                0xc70f86dcL,
+                                0x07f9c9eeL, 0x41041f0fL, 0x404779a4L,
+                                0x5d886e17L,
+                                0x325f51ebL, 0xd59bc0d1L, 0xf2bcc18fL,
+                                0x41113564L,
+                                0x257b7834L, 0x602a9c60L, 0xdff8e8a3L,
+                                0x1f636c1bL,
+                                0x0e12b4c2L, 0x02e1329eL, 0xaf664fd1L,
+                                0xcad18115L,
+                                0x6b2395e0L, 0x333e92e1L, 0x3b240b62L,
+                                0xeebeb922L,
+                                0x85b2a20eL, 0xe6ba0d99L, 0xde720c8cL,
+                                0x2da2f728L,
+                                0xd0127845L, 0x95b794fdL, 0x647d0862L,
+                                0xe7ccf5f0L,
+                                0x5449a36fL, 0x877d48faL, 0xc39dfd27L,
+                                0xf33e8d1eL,
+                                0x0a476341L, 0x992eff74L, 0x3a6f6eabL,
+                                0xf4f8fd37L,
+                                0xa812dc60L, 0xa1ebddf8L, 0x991be14cL,
+                                0xdb6e6b0dL,
+                                0xc67b5510L, 0x6d672c37L, 0x2765d43bL,
+                                0xdcd0e804L,
+                                0xf1290dc7L, 0xcc00ffa3L, 0xb5390f92L,
+                                0x690fed0bL,
+                                0x667b9ffbL, 0xcedb7d9cL, 0xa091cf0bL,
+                                0xd9155ea3L,
+                                0xbb132f88L, 0x515bad24L, 0x7b9479bfL,
+                                0x763bd6ebL,
+                                0x37392eb3L, 0xcc115979L, 0x8026e297L,
+                                0xf42e312dL,
+                                0x6842ada7L, 0xc66a2b3bL, 0x12754cccL,
+                                0x782ef11cL,
+                                0x6a124237L, 0xb79251e7L, 0x06a1bbe6L,
+                                0x4bfb6350L,
+                                0x1a6b1018L, 0x11caedfaL, 0x3d25bdd8L,
+                                0xe2e1c3c9L,
+                                0x44421659L, 0x0a121386L, 0xd90cec6eL,
+                                0xd5abea2aL,
+                                0x64af674eL, 0xda86a85fL, 0xbebfe988L,
+                                0x64e4c3feL,
+                                0x9dbc8057L, 0xf0f7c086L, 0x60787bf8L,
+                                0x6003604dL,
+                                0xd1fd8346L, 0xf6381fb0L, 0x7745ae04L,
+                                0xd736fcccL,
+                                0x83426b33L, 0xf01eab71L, 0xb0804187L,
+                                0x3c005e5fL,
+                                0x77a057beL, 0xbde8ae24L, 0x55464299L,
+                                0xbf582e61L,
+                                0x4e58f48fL, 0xf2ddfda2L, 0xf474ef38L,
+                                0x8789bdc2L,
+                                0x5366f9c3L, 0xc8b38e74L, 0xb475f255L,
+                                0x46fcd9b9L,
+                                0x7aeb2661L, 0x8b1ddf84L, 0x846a0e79L,
+                                0x915f95e2L,
+                                0x466e598eL, 0x20b45770L, 0x8cd55591L,
+                                0xc902de4cL,
+                                0xb90bace1L, 0xbb8205d0L, 0x11a86248L,
+                                0x7574a99eL,
+                                0xb77f19b6L, 0xe0a9dc09L, 0x662d09a1L,
+                                0xc4324633L,
+                                0xe85a1f02L, 0x09f0be8cL, 0x4a99a025L,
+                                0x1d6efe10L,
+                                0x1ab93d1dL, 0x0ba5a4dfL, 0xa186f20fL,
+                                0x2868f169L,
+                                0xdcb7da83L, 0x573906feL, 0xa1e2ce9bL,
+                                0x4fcd7f52L,
+                                0x50115e01L, 0xa70683faL, 0xa002b5c4L,
+                                0x0de6d027L,
+                                0x9af88c27L, 0x773f8641L, 0xc3604c06L,
+                                0x61a806b5L,
+                                0xf0177a28L, 0xc0f586e0L, 0x006058aaL,
+                                0x30dc7d62L,
+                                0x11e69ed7L, 0x2338ea63L, 0x53c2dd94L,
+                                0xc2c21634L,
+                                0xbbcbee56L, 0x90bcb6deL, 0xebfc7da1L,
+                                0xce591d76L,
+                                0x6f05e409L, 0x4b7c0188L, 0x39720a3dL,
+                                0x7c927c24L,
+                                0x86e3725fL, 0x724d9db9L, 0x1ac15bb4L,
+                                0xd39eb8fcL,
+                                0xed545578L, 0x08fca5b5L, 0xd83d7cd3L,
+                                0x4dad0fc4L,
+                                0x1e50ef5eL, 0xb161e6f8L, 0xa28514d9L,
+                                0x6c51133cL,
+                                0x6fd5c7e7L, 0x56e14ec4L, 0x362abfceL,
+                                0xddc6c837L,
+                                0xd79a3234L, 0x92638212L, 0x670efa8eL,
+                                0x406000e0L,
+                                0x3a39ce37L, 0xd3faf5cfL, 0xabc27737L,
+                                0x5ac52d1bL,
+                                0x5cb0679eL, 0x4fa33742L, 0xd3822740L,
+                                0x99bc9bbeL,
+                                0xd5118e9dL, 0xbf0f7315L, 0xd62d1c7eL,
+                                0xc700c47bL,
+                                0xb78c1b6bL, 0x21a19045L, 0xb26eb1beL,
+                                0x6a366eb4L,
+                                0x5748ab2fL, 0xbc946e79L, 0xc6a376d2L,
+                                0x6549c2c8L,
+                                0x530ff8eeL, 0x468dde7dL, 0xd5730a1dL,
+                                0x4cd04dc6L,
+                                0x2939bbdbL, 0xa9ba4650L, 0xac9526e8L,
+                                0xbe5ee304L,
+                                0xa1fad5f0L, 0x6a2d519aL, 0x63ef8ce2L,
+                                0x9a86ee22L,
+                                0xc089c2b8L, 0x43242ef6L, 0xa51e03aaL,
+                                0x9cf2d0a4L,
+                                0x83c061baL, 0x9be96a4dL, 0x8fe51550L,
+                                0xba645bd6L,
+                                0x2826a2f9L, 0xa73a3ae1L, 0x4ba99586L,
+                                0xef5562e9L,
+                                0xc72fefd3L, 0xf752f7daL, 0x3f046f69L,
+                                0x77fa0a59L,
+                                0x80e4a915L, 0x87b08601L, 0x9b09e6adL,
+                                0x3b3ee593L,
+                                0xe990fd5aL, 0x9e34d797L, 0x2cf0b7d9L,
+                                0x022b8b51L,
+                                0x96d5ac3aL, 0x017da67dL, 0xd1cf3ed6L,
+                                0x7c7d2d28L,
+                                0x1f9f25cfL, 0xadf2b89bL, 0x5ad6b472L,
+                                0x5a88f54cL,
+                                0xe029ac71L, 0xe019a5e6L, 0x47b0acfdL,
+                                0xed93fa9bL,
+                                0xe8d3c48dL, 0x283b57ccL, 0xf8d56629L,
+                                0x79132e28L,
+                                0x785f0191L, 0xed756055L, 0xf7960e44L,
+                                0xe3d35e8cL,
+                                0x15056dd4L, 0x88f46dbaL, 0x03a16125L,
+                                0x0564f0bdL,
+                                0xc3eb9e15L, 0x3c9057a2L, 0x97271aecL,
+                                0xa93a072aL,
+                                0x1b3f6d9bL, 0x1e6321f5L, 0xf59c66fbL,
+                                0x26dcf319L,
+                                0x7533d928L, 0xb155fdf5L, 0x03563482L,
+                                0x8aba3cbbL,
+                                0x28517711L, 0xc20ad9f8L, 0xabcc5167L,
+                                0xccad925fL,
+                                0x4de81751L, 0x3830dc8eL, 0x379d5862L,
+                                0x9320f991L,
+                                0xea7a90c2L, 0xfb3e7bceL, 0x5121ce64L,
+                                0x774fbe32L,
+                                0xa8b6e37eL, 0xc3293d46L, 0x48de5369L,
+                                0x6413e680L,
+                                0xa2ae0810L, 0xdd6db224L, 0x69852dfdL,
+                                0x09072166L,
+                                0xb39a460aL, 0x6445c0ddL, 0x586cdecfL,
+                                0x1c20c8aeL,
+                                0x5bbef7ddL, 0x1b588d40L, 0xccd2017fL,
+                                0x6bb4e3bbL,
+                                0xdda26a7eL, 0x3a59ff45L, 0x3e350a44L,
+                                0xbcb4cdd5L,
+                                0x72eacea8L, 0xfa6484bbL, 0x8d6612aeL,
+                                0xbf3c6f47L,
+                                0xd29be463L, 0x542f5d9eL, 0xaec2771bL,
+                                0xf64e6370L,
+                                0x740e0d8dL, 0xe75b1357L, 0xf8721671L,
+                                0xaf537d5dL,
+                                0x4040cb08L, 0x4eb4e2ccL, 0x34d2466aL,
+                                0x0115af84L,
+                                0xe1b00428L, 0x95983a1dL, 0x06b89fb4L,
+                                0xce6ea048L,
+                                0x6f3f3b82L, 0x3520ab82L, 0x011a1d4bL,
+                                0x277227f8L,
+                                0x611560b1L, 0xe7933fdcL, 0xbb3a792bL,
+                                0x344525bdL,
+                                0xa08839e1L, 0x51ce794bL, 0x2f32c9b7L,
+                                0xa01fbac9L,
+                                0xe01cc87eL, 0xbcc7d1f6L, 0xcf0111c3L,
+                                0xa1e8aac7L,
+                                0x1a908749L, 0xd44fbd9aL, 0xd0dadecbL,
+                                0xd50ada38L,
+                                0x0339c32aL, 0xc6913667L, 0x8df9317cL,
+                                0xe0b12b4fL,
+                                0xf79e59b7L, 0x43f5bb3aL, 0xf2d519ffL,
+                                0x27d9459cL,
+                                0xbf97222cL, 0x15e6fc2aL, 0x0f91fc71L,
+                                0x9b941525L,
+                                0xfae59361L, 0xceb69cebL, 0xc2a86459L,
+                                0x12baa8d1L,
+                                0xb6c1075eL, 0xe3056a0cL, 0x10d25065L,
+                                0xcb03a442L,
+                                0xe0ec6e0eL, 0x1698db3bL, 0x4c98a0beL,
+                                0x3278e964L,
+                                0x9f1f9532L, 0xe0d392dfL, 0xd3a0342bL,
+                                0x8971f21eL,
+                                0x1b0a7441L, 0x4ba3348cL, 0xc5be7120L,
+                                0xc37632d8L,
+                                0xdf359f8dL, 0x9b992f2eL, 0xe60b6f47L,
+                                0x0fe3f11dL,
+                                0xe54cda54L, 0x1edad891L, 0xce6279cfL,
+                                0xcd3e7e6fL,
+                                0x1618b166L, 0xfd2c1d05L, 0x848fd2c5L,
+                                0xf6fb2299L,
+                                0xf523f357L, 0xa6327623L, 0x93a83531L,
+                                0x56cccd02L,
+                                0xacf08162L, 0x5a75ebb5L, 0x6e163697L,
+                                0x88d273ccL,
+                                0xde966292L, 0x81b949d0L, 0x4c50901bL,
+                                0x71c65614L,
+                                0xe6c6c7bdL, 0x327a140aL, 0x45e1d006L,
+                                0xc3f27b9aL,
+                                0xc9aa53fdL, 0x62a80f00L, 0xbb25bfe2L,
+                                0x35bdd2f6L,
+                                0x71126905L, 0xb2040222L, 0xb6cbcf7cL,
+                                0xcd769c2bL,
+                                0x53113ec0L, 0x1640e3d3L, 0x38abbd60L,
+                                0x2547adf0L,
+                                0xba38209cL, 0xf746ce76L, 0x77afa1c5L,
+                                0x20756060L,
+                                0x85cbfe4eL, 0x8ae88dd8L, 0x7aaaf9b0L,
+                                0x4cf9aa7eL,
+                                0x1948c25cL, 0x02fb8a8cL, 0x01c36ae4L,
+                                0xd6ebe1f9L,
+                                0x90d4f869L, 0xa65cdea0L, 0x3f09252dL,
+                                0xc208e69fL,
+                                0xb74e6132L, 0xce77e25bL, 0x578fdfe3L,
+                                0x3ac372e6L,
+                                }
+};
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bf/bf_skey.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bf/bf_skey.c
new file mode 100644
index 000000000..a4903a2a7
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bf/bf_skey.c
@@ -0,0 +1,67 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/blowfish.h>
+#include "bf_locl.h"
+#include "bf_pi.h"
+
+void BF_set_key(BF_KEY *key, int len, const unsigned char *data)
+{
+    int i;
+    BF_LONG *p, ri, in[2];
+    const unsigned char *d, *end;
+
+    memcpy(key, &bf_init, sizeof(BF_KEY));
+    p = key->P;
+
+    if (len > ((BF_ROUNDS + 2) * 4))
+        len = (BF_ROUNDS + 2) * 4;
+
+    d = data;
+    end = &(data[len]);
+    for (i = 0; i < (BF_ROUNDS + 2); i++) {
+        ri = *(d++);
+        if (d >= end)
+            d = data;
+
+        ri <<= 8;
+        ri |= *(d++);
+        if (d >= end)
+            d = data;
+
+        ri <<= 8;
+        ri |= *(d++);
+        if (d >= end)
+            d = data;
+
+        ri <<= 8;
+        ri |= *(d++);
+        if (d >= end)
+            d = data;
+
+        p[i] ^= ri;
+    }
+
+    in[0] = 0L;
+    in[1] = 0L;
+    for (i = 0; i < (BF_ROUNDS + 2); i += 2) {
+        BF_encrypt(in, key);
+        p[i] = in[0];
+        p[i + 1] = in[1];
+    }
+
+    p = key->S;
+    for (i = 0; i < 4 * 256; i += 2) {
+        BF_encrypt(in, key);
+        p[i] = in[0];
+        p[i + 1] = in[1];
+    }
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bf/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/bf/build.info
new file mode 100644
index 000000000..29adc8ce5
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bf/build.info
@@ -0,0 +1,7 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=bf_skey.c bf_ecb.c bf_cfb64.c bf_ofb64.c \
+        {- $target{bf_asm_src} -}
+
+GENERATE[bf-586.s]=asm/bf-586.pl \
+        $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR)
+DEPEND[bf-586.s]=../perlasm/x86asm.pl ../perlasm/cbc.pl
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/b_addr.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/b_addr.c
new file mode 100644
index 000000000..4395ab7a0
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/b_addr.c
@@ -0,0 +1,902 @@
+/*
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <assert.h>
+#include <string.h>
+
+#include "bio_lcl.h"
+#include <openssl/crypto.h>
+
+#ifndef OPENSSL_NO_SOCK
+#include <openssl/err.h>
+#include <openssl/buffer.h>
+#include "internal/thread_once.h"
+
+CRYPTO_RWLOCK *bio_lookup_lock;
+static CRYPTO_ONCE bio_lookup_init = CRYPTO_ONCE_STATIC_INIT;
+
+/*
+ * Throughout this file and bio_lcl.h, the existence of the macro
+ * AI_PASSIVE is used to detect the availability of struct addrinfo,
+ * getnameinfo() and getaddrinfo().  If that macro doesn't exist,
+ * we use our own implementation instead, using gethostbyname,
+ * getservbyname and a few other.
+ */
+
+/**********************************************************************
+ *
+ * Address structure
+ *
+ */
+
+BIO_ADDR *BIO_ADDR_new(void)
+{
+    BIO_ADDR *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        BIOerr(BIO_F_BIO_ADDR_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ret->sa.sa_family = AF_UNSPEC;
+    return ret;
+}
+
+void BIO_ADDR_free(BIO_ADDR *ap)
+{
+    OPENSSL_free(ap);
+}
+
+void BIO_ADDR_clear(BIO_ADDR *ap)
+{
+    memset(ap, 0, sizeof(*ap));
+    ap->sa.sa_family = AF_UNSPEC;
+}
+
+/*
+ * BIO_ADDR_make - non-public routine to fill a BIO_ADDR with the contents
+ * of a struct sockaddr.
+ */
+int BIO_ADDR_make(BIO_ADDR *ap, const struct sockaddr *sa)
+{
+    if (sa->sa_family == AF_INET) {
+        memcpy(&(ap->s_in), sa, sizeof(struct sockaddr_in));
+        return 1;
+    }
+#ifdef AF_INET6
+    if (sa->sa_family == AF_INET6) {
+        memcpy(&(ap->s_in6), sa, sizeof(struct sockaddr_in6));
+        return 1;
+    }
+#endif
+#ifdef AF_UNIX
+    if (sa->sa_family == AF_UNIX) {
+        memcpy(&(ap->s_un), sa, sizeof(struct sockaddr_un));
+        return 1;
+    }
+#endif
+
+    return 0;
+}
+
+int BIO_ADDR_rawmake(BIO_ADDR *ap, int family,
+                     const void *where, size_t wherelen,
+                     unsigned short port)
+{
+#ifdef AF_UNIX
+    if (family == AF_UNIX) {
+        if (wherelen + 1 > sizeof(ap->s_un.sun_path))
+            return 0;
+        memset(&ap->s_un, 0, sizeof(ap->s_un));
+        ap->s_un.sun_family = family;
+        strncpy(ap->s_un.sun_path, where, sizeof(ap->s_un.sun_path) - 1);
+        return 1;
+    }
+#endif
+    if (family == AF_INET) {
+        if (wherelen != sizeof(struct in_addr))
+            return 0;
+        memset(&ap->s_in, 0, sizeof(ap->s_in));
+        ap->s_in.sin_family = family;
+        ap->s_in.sin_port = port;
+        ap->s_in.sin_addr = *(struct in_addr *)where;
+        return 1;
+    }
+#ifdef AF_INET6
+    if (family == AF_INET6) {
+        if (wherelen != sizeof(struct in6_addr))
+            return 0;
+        memset(&ap->s_in6, 0, sizeof(ap->s_in6));
+        ap->s_in6.sin6_family = family;
+        ap->s_in6.sin6_port = port;
+        ap->s_in6.sin6_addr = *(struct in6_addr *)where;
+        return 1;
+    }
+#endif
+
+    return 0;
+}
+
+int BIO_ADDR_family(const BIO_ADDR *ap)
+{
+    return ap->sa.sa_family;
+}
+
+int BIO_ADDR_rawaddress(const BIO_ADDR *ap, void *p, size_t *l)
+{
+    size_t len = 0;
+    const void *addrptr = NULL;
+
+    if (ap->sa.sa_family == AF_INET) {
+        len = sizeof(ap->s_in.sin_addr);
+        addrptr = &ap->s_in.sin_addr;
+    }
+#ifdef AF_INET6
+    else if (ap->sa.sa_family == AF_INET6) {
+        len = sizeof(ap->s_in6.sin6_addr);
+        addrptr = &ap->s_in6.sin6_addr;
+    }
+#endif
+#ifdef AF_UNIX
+    else if (ap->sa.sa_family == AF_UNIX) {
+        len = strlen(ap->s_un.sun_path);
+        addrptr = &ap->s_un.sun_path;
+    }
+#endif
+
+    if (addrptr == NULL)
+        return 0;
+
+    if (p != NULL) {
+        memcpy(p, addrptr, len);
+    }
+    if (l != NULL)
+        *l = len;
+
+    return 1;
+}
+
+unsigned short BIO_ADDR_rawport(const BIO_ADDR *ap)
+{
+    if (ap->sa.sa_family == AF_INET)
+        return ap->s_in.sin_port;
+#ifdef AF_INET6
+    if (ap->sa.sa_family == AF_INET6)
+        return ap->s_in6.sin6_port;
+#endif
+    return 0;
+}
+
+/*-
+ * addr_strings - helper function to get host and service names
+ * @ap: the BIO_ADDR that has the input info
+ * @numeric: 0 if actual names should be returned, 1 if the numeric
+ * representation should be returned.
+ * @hostname: a pointer to a pointer to a memory area to store the
+ * host name or numeric representation.  Unused if NULL.
+ * @service: a pointer to a pointer to a memory area to store the
+ * service name or numeric representation.  Unused if NULL.
+ *
+ * The return value is 0 on failure, with the error code in the error
+ * stack, and 1 on success.
+ */
+static int addr_strings(const BIO_ADDR *ap, int numeric,
+                        char **hostname, char **service)
+{
+    if (BIO_sock_init() != 1)
+        return 0;
+
+    if (1) {
+#ifdef AI_PASSIVE
+        int ret = 0;
+        char host[NI_MAXHOST] = "", serv[NI_MAXSERV] = "";
+        int flags = 0;
+
+        if (numeric)
+            flags |= NI_NUMERICHOST | NI_NUMERICSERV;
+
+        if ((ret = getnameinfo(BIO_ADDR_sockaddr(ap),
+                               BIO_ADDR_sockaddr_size(ap),
+                               host, sizeof(host), serv, sizeof(serv),
+                               flags)) != 0) {
+# ifdef EAI_SYSTEM
+            if (ret == EAI_SYSTEM) {
+                SYSerr(SYS_F_GETNAMEINFO, get_last_socket_error());
+                BIOerr(BIO_F_ADDR_STRINGS, ERR_R_SYS_LIB);
+            } else
+# endif
+            {
+                BIOerr(BIO_F_ADDR_STRINGS, ERR_R_SYS_LIB);
+                ERR_add_error_data(1, gai_strerror(ret));
+            }
+            return 0;
+        }
+
+        /* VMS getnameinfo() has a bug, it doesn't fill in serv, which
+         * leaves it with whatever garbage that happens to be there.
+         * However, we initialise serv with the empty string (serv[0]
+         * is therefore NUL), so it gets real easy to detect when things
+         * didn't go the way one might expect.
+         */
+        if (serv[0] == '\0') {
+            BIO_snprintf(serv, sizeof(serv), "%d",
+                         ntohs(BIO_ADDR_rawport(ap)));
+        }
+
+        if (hostname != NULL)
+            *hostname = OPENSSL_strdup(host);
+        if (service != NULL)
+            *service = OPENSSL_strdup(serv);
+    } else {
+#endif
+        if (hostname != NULL)
+            *hostname = OPENSSL_strdup(inet_ntoa(ap->s_in.sin_addr));
+        if (service != NULL) {
+            char serv[6];        /* port is 16 bits => max 5 decimal digits */
+            BIO_snprintf(serv, sizeof(serv), "%d", ntohs(ap->s_in.sin_port));
+            *service = OPENSSL_strdup(serv);
+        }
+    }
+
+    if ((hostname != NULL && *hostname == NULL)
+            || (service != NULL && *service == NULL)) {
+        if (hostname != NULL) {
+            OPENSSL_free(*hostname);
+            *hostname = NULL;
+        }
+        if (service != NULL) {
+            OPENSSL_free(*service);
+            *service = NULL;
+        }
+        BIOerr(BIO_F_ADDR_STRINGS, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    return 1;
+}
+
+char *BIO_ADDR_hostname_string(const BIO_ADDR *ap, int numeric)
+{
+    char *hostname = NULL;
+
+    if (addr_strings(ap, numeric, &hostname, NULL))
+        return hostname;
+
+    return NULL;
+}
+
+char *BIO_ADDR_service_string(const BIO_ADDR *ap, int numeric)
+{
+    char *service = NULL;
+
+    if (addr_strings(ap, numeric, NULL, &service))
+        return service;
+
+    return NULL;
+}
+
+char *BIO_ADDR_path_string(const BIO_ADDR *ap)
+{
+#ifdef AF_UNIX
+    if (ap->sa.sa_family == AF_UNIX)
+        return OPENSSL_strdup(ap->s_un.sun_path);
+#endif
+    return NULL;
+}
+
+/*
+ * BIO_ADDR_sockaddr - non-public routine to return the struct sockaddr
+ * for a given BIO_ADDR.  In reality, this is simply a type safe cast.
+ * The returned struct sockaddr is const, so it can't be tampered with.
+ */
+const struct sockaddr *BIO_ADDR_sockaddr(const BIO_ADDR *ap)
+{
+    return &(ap->sa);
+}
+
+/*
+ * BIO_ADDR_sockaddr_noconst - non-public function that does the same
+ * as BIO_ADDR_sockaddr, but returns a non-const.  USE WITH CARE, as
+ * it allows you to tamper with the data (and thereby the contents
+ * of the input BIO_ADDR).
+ */
+struct sockaddr *BIO_ADDR_sockaddr_noconst(BIO_ADDR *ap)
+{
+    return &(ap->sa);
+}
+
+/*
+ * BIO_ADDR_sockaddr_size - non-public function that returns the size
+ * of the struct sockaddr the BIO_ADDR is using.  If the protocol family
+ * isn't set or is something other than AF_INET, AF_INET6 or AF_UNIX,
+ * the size of the BIO_ADDR type is returned.
+ */
+socklen_t BIO_ADDR_sockaddr_size(const BIO_ADDR *ap)
+{
+    if (ap->sa.sa_family == AF_INET)
+        return sizeof(ap->s_in);
+#ifdef AF_INET6
+    if (ap->sa.sa_family == AF_INET6)
+        return sizeof(ap->s_in6);
+#endif
+#ifdef AF_UNIX
+    if (ap->sa.sa_family == AF_UNIX)
+        return sizeof(ap->s_un);
+#endif
+    return sizeof(*ap);
+}
+
+/**********************************************************************
+ *
+ * Address info database
+ *
+ */
+
+const BIO_ADDRINFO *BIO_ADDRINFO_next(const BIO_ADDRINFO *bai)
+{
+    if (bai != NULL)
+        return bai->bai_next;
+    return NULL;
+}
+
+int BIO_ADDRINFO_family(const BIO_ADDRINFO *bai)
+{
+    if (bai != NULL)
+        return bai->bai_family;
+    return 0;
+}
+
+int BIO_ADDRINFO_socktype(const BIO_ADDRINFO *bai)
+{
+    if (bai != NULL)
+        return bai->bai_socktype;
+    return 0;
+}
+
+int BIO_ADDRINFO_protocol(const BIO_ADDRINFO *bai)
+{
+    if (bai != NULL) {
+        if (bai->bai_protocol != 0)
+            return bai->bai_protocol;
+
+#ifdef AF_UNIX
+        if (bai->bai_family == AF_UNIX)
+            return 0;
+#endif
+
+        switch (bai->bai_socktype) {
+        case SOCK_STREAM:
+            return IPPROTO_TCP;
+        case SOCK_DGRAM:
+            return IPPROTO_UDP;
+        default:
+            break;
+        }
+    }
+    return 0;
+}
+
+/*
+ * BIO_ADDRINFO_sockaddr_size - non-public function that returns the size
+ * of the struct sockaddr inside the BIO_ADDRINFO.
+ */
+socklen_t BIO_ADDRINFO_sockaddr_size(const BIO_ADDRINFO *bai)
+{
+    if (bai != NULL)
+        return bai->bai_addrlen;
+    return 0;
+}
+
+/*
+ * BIO_ADDRINFO_sockaddr - non-public function that returns bai_addr
+ * as the struct sockaddr it is.
+ */
+const struct sockaddr *BIO_ADDRINFO_sockaddr(const BIO_ADDRINFO *bai)
+{
+    if (bai != NULL)
+        return bai->bai_addr;
+    return NULL;
+}
+
+const BIO_ADDR *BIO_ADDRINFO_address(const BIO_ADDRINFO *bai)
+{
+    if (bai != NULL)
+        return (BIO_ADDR *)bai->bai_addr;
+    return NULL;
+}
+
+void BIO_ADDRINFO_free(BIO_ADDRINFO *bai)
+{
+    if (bai == NULL)
+        return;
+
+#ifdef AI_PASSIVE
+# ifdef AF_UNIX
+#  define _cond bai->bai_family != AF_UNIX
+# else
+#  define _cond 1
+# endif
+    if (_cond) {
+        freeaddrinfo(bai);
+        return;
+    }
+#endif
+
+    /* Free manually when we know that addrinfo_wrap() was used.
+     * See further comment above addrinfo_wrap()
+     */
+    while (bai != NULL) {
+        BIO_ADDRINFO *next = bai->bai_next;
+        OPENSSL_free(bai->bai_addr);
+        OPENSSL_free(bai);
+        bai = next;
+    }
+}
+
+/**********************************************************************
+ *
+ * Service functions
+ *
+ */
+
+/*-
+ * The specs in hostserv can take these forms:
+ *
+ * host:service         => *host = "host", *service = "service"
+ * host:*               => *host = "host", *service = NULL
+ * host:                => *host = "host", *service = NULL
+ * :service             => *host = NULL, *service = "service"
+ * *:service            => *host = NULL, *service = "service"
+ *
+ * in case no : is present in the string, the result depends on
+ * hostserv_prio, as follows:
+ *
+ * when hostserv_prio == BIO_PARSE_PRIO_HOST
+ * host                 => *host = "host", *service untouched
+ *
+ * when hostserv_prio == BIO_PARSE_PRIO_SERV
+ * service              => *host untouched, *service = "service"
+ *
+ */
+int BIO_parse_hostserv(const char *hostserv, char **host, char **service,
+                       enum BIO_hostserv_priorities hostserv_prio)
+{
+    const char *h = NULL; size_t hl = 0;
+    const char *p = NULL; size_t pl = 0;
+
+    if (*hostserv == '[') {
+        if ((p = strchr(hostserv, ']')) == NULL)
+            goto spec_err;
+        h = hostserv + 1;
+        hl = p - h;
+        p++;
+        if (*p == '\0')
+            p = NULL;
+        else if (*p != ':')
+            goto spec_err;
+        else {
+            p++;
+            pl = strlen(p);
+        }
+    } else {
+        const char *p2 = strrchr(hostserv, ':');
+        p = strchr(hostserv, ':');
+
+        /*-
+         * Check for more than one colon.  There are three possible
+         * interpretations:
+         * 1. IPv6 address with port number, last colon being separator.
+         * 2. IPv6 address only.
+         * 3. IPv6 address only if hostserv_prio == BIO_PARSE_PRIO_HOST,
+         *    IPv6 address and port number if hostserv_prio == BIO_PARSE_PRIO_SERV
+         * Because of this ambiguity, we currently choose to make it an
+         * error.
+         */
+        if (p != p2)
+            goto amb_err;
+
+        if (p != NULL) {
+            h = hostserv;
+            hl = p - h;
+            p++;
+            pl = strlen(p);
+        } else if (hostserv_prio == BIO_PARSE_PRIO_HOST) {
+            h = hostserv;
+            hl = strlen(h);
+        } else {
+            p = hostserv;
+            pl = strlen(p);
+        }
+    }
+
+    if (p != NULL && strchr(p, ':'))
+        goto spec_err;
+
+    if (h != NULL && host != NULL) {
+        if (hl == 0
+            || (hl == 1 && h[0] == '*')) {
+            *host = NULL;
+        } else {
+            *host = OPENSSL_strndup(h, hl);
+            if (*host == NULL)
+                goto memerr;
+        }
+    }
+    if (p != NULL && service != NULL) {
+        if (pl == 0
+            || (pl == 1 && p[0] == '*')) {
+            *service = NULL;
+        } else {
+            *service = OPENSSL_strndup(p, pl);
+            if (*service == NULL)
+                goto memerr;
+        }
+    }
+
+    return 1;
+ amb_err:
+    BIOerr(BIO_F_BIO_PARSE_HOSTSERV, BIO_R_AMBIGUOUS_HOST_OR_SERVICE);
+    return 0;
+ spec_err:
+    BIOerr(BIO_F_BIO_PARSE_HOSTSERV, BIO_R_MALFORMED_HOST_OR_SERVICE);
+    return 0;
+ memerr:
+    BIOerr(BIO_F_BIO_PARSE_HOSTSERV, ERR_R_MALLOC_FAILURE);
+    return 0;
+}
+
+/* addrinfo_wrap is used to build our own addrinfo "chain".
+ * (it has only one entry, so calling it a chain may be a stretch)
+ * It should ONLY be called when getaddrinfo() and friends
+ * aren't available, OR when dealing with a non IP protocol
+ * family, such as AF_UNIX
+ *
+ * the return value is 1 on success, or 0 on failure, which
+ * only happens if a memory allocation error occurred.
+ */
+static int addrinfo_wrap(int family, int socktype,
+                         const void *where, size_t wherelen,
+                         unsigned short port,
+                         BIO_ADDRINFO **bai)
+{
+    if ((*bai = OPENSSL_zalloc(sizeof(**bai))) == NULL) {
+        BIOerr(BIO_F_ADDRINFO_WRAP, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    (*bai)->bai_family = family;
+    (*bai)->bai_socktype = socktype;
+    if (socktype == SOCK_STREAM)
+        (*bai)->bai_protocol = IPPROTO_TCP;
+    if (socktype == SOCK_DGRAM)
+        (*bai)->bai_protocol = IPPROTO_UDP;
+#ifdef AF_UNIX
+    if (family == AF_UNIX)
+        (*bai)->bai_protocol = 0;
+#endif
+    {
+        /* Magic: We know that BIO_ADDR_sockaddr_noconst is really
+           just an advanced cast of BIO_ADDR* to struct sockaddr *
+           by the power of union, so while it may seem that we're
+           creating a memory leak here, we are not.  It will be
+           all right. */
+        BIO_ADDR *addr = BIO_ADDR_new();
+        if (addr != NULL) {
+            BIO_ADDR_rawmake(addr, family, where, wherelen, port);
+            (*bai)->bai_addr = BIO_ADDR_sockaddr_noconst(addr);
+        }
+    }
+    (*bai)->bai_next = NULL;
+    if ((*bai)->bai_addr == NULL) {
+        BIO_ADDRINFO_free(*bai);
+        *bai = NULL;
+        return 0;
+    }
+    return 1;
+}
+
+DEFINE_RUN_ONCE_STATIC(do_bio_lookup_init)
+{
+    if (!OPENSSL_init_crypto(0, NULL))
+        return 0;
+    bio_lookup_lock = CRYPTO_THREAD_lock_new();
+    return bio_lookup_lock != NULL;
+}
+
+int BIO_lookup(const char *host, const char *service,
+               enum BIO_lookup_type lookup_type,
+               int family, int socktype, BIO_ADDRINFO **res)
+{
+    return BIO_lookup_ex(host, service, lookup_type, family, socktype, 0, res);
+}
+
+/*-
+ * BIO_lookup_ex - look up the node and service you want to connect to.
+ * @node: the node you want to connect to.
+ * @service: the service you want to connect to.
+ * @lookup_type: declare intent with the result, client or server.
+ * @family: the address family you want to use.  Use AF_UNSPEC for any, or
+ *  AF_INET, AF_INET6 or AF_UNIX.
+ * @socktype: The socket type you want to use.  Can be SOCK_STREAM, SOCK_DGRAM
+ *  or 0 for all.
+ * @protocol: The protocol to use, e.g. IPPROTO_TCP or IPPROTO_UDP or 0 for all.
+ *            Note that some platforms may not return IPPROTO_SCTP without
+ *            explicitly requesting it (i.e. IPPROTO_SCTP may not be returned
+ *            with 0 for the protocol)
+ * @res: Storage place for the resulting list of returned addresses
+ *
+ * This will do a lookup of the node and service that you want to connect to.
+ * It returns a linked list of different addresses you can try to connect to.
+ *
+ * When no longer needed you should call BIO_ADDRINFO_free() to free the result.
+ *
+ * The return value is 1 on success or 0 in case of error.
+ */
+int BIO_lookup_ex(const char *host, const char *service, int lookup_type,
+                  int family, int socktype, int protocol, BIO_ADDRINFO **res)
+{
+    int ret = 0;                 /* Assume failure */
+
+    switch(family) {
+    case AF_INET:
+#ifdef AF_INET6
+    case AF_INET6:
+#endif
+#ifdef AF_UNIX
+    case AF_UNIX:
+#endif
+#ifdef AF_UNSPEC
+    case AF_UNSPEC:
+#endif
+        break;
+    default:
+        BIOerr(BIO_F_BIO_LOOKUP_EX, BIO_R_UNSUPPORTED_PROTOCOL_FAMILY);
+        return 0;
+    }
+
+#ifdef AF_UNIX
+    if (family == AF_UNIX) {
+        if (addrinfo_wrap(family, socktype, host, strlen(host), 0, res))
+            return 1;
+        else
+            BIOerr(BIO_F_BIO_LOOKUP_EX, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+#endif
+
+    if (BIO_sock_init() != 1)
+        return 0;
+
+    if (1) {
+#ifdef AI_PASSIVE
+        int gai_ret = 0;
+        struct addrinfo hints;
+
+        memset(&hints, 0, sizeof(hints));
+
+        hints.ai_family = family;
+        hints.ai_socktype = socktype;
+        hints.ai_protocol = protocol;
+
+        if (lookup_type == BIO_LOOKUP_SERVER)
+            hints.ai_flags |= AI_PASSIVE;
+
+        /* Note that |res| SHOULD be a 'struct addrinfo **' thanks to
+         * macro magic in bio_lcl.h
+         */
+        switch ((gai_ret = getaddrinfo(host, service, &hints, res))) {
+# ifdef EAI_SYSTEM
+        case EAI_SYSTEM:
+            SYSerr(SYS_F_GETADDRINFO, get_last_socket_error());
+            BIOerr(BIO_F_BIO_LOOKUP_EX, ERR_R_SYS_LIB);
+            break;
+# endif
+        case 0:
+            ret = 1;             /* Success */
+            break;
+        default:
+            BIOerr(BIO_F_BIO_LOOKUP_EX, ERR_R_SYS_LIB);
+            ERR_add_error_data(1, gai_strerror(gai_ret));
+            break;
+        }
+    } else {
+#endif
+        const struct hostent *he;
+/*
+ * Because struct hostent is defined for 32-bit pointers only with
+ * VMS C, we need to make sure that '&he_fallback_address' and
+ * '&he_fallback_addresses' are 32-bit pointers
+ */
+#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
+# pragma pointer_size save
+# pragma pointer_size 32
+#endif
+        /* Windows doesn't seem to have in_addr_t */
+#ifdef OPENSSL_SYS_WINDOWS
+        static uint32_t he_fallback_address;
+        static const char *he_fallback_addresses[] =
+            { (char *)&he_fallback_address, NULL };
+#else
+        static in_addr_t he_fallback_address;
+        static const char *he_fallback_addresses[] =
+            { (char *)&he_fallback_address, NULL };
+#endif
+        static const struct hostent he_fallback =
+            { NULL, NULL, AF_INET, sizeof(he_fallback_address),
+              (char **)&he_fallback_addresses };
+#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
+# pragma pointer_size restore
+#endif
+
+        struct servent *se;
+        /* Apparently, on WIN64, s_proto and s_port have traded places... */
+#ifdef _WIN64
+        struct servent se_fallback = { NULL, NULL, NULL, 0 };
+#else
+        struct servent se_fallback = { NULL, NULL, 0, NULL };
+#endif
+
+        if (!RUN_ONCE(&bio_lookup_init, do_bio_lookup_init)) {
+            BIOerr(BIO_F_BIO_LOOKUP_EX, ERR_R_MALLOC_FAILURE);
+            ret = 0;
+            goto err;
+        }
+
+        CRYPTO_THREAD_write_lock(bio_lookup_lock);
+        he_fallback_address = INADDR_ANY;
+        if (host == NULL) {
+            he = &he_fallback;
+            switch(lookup_type) {
+            case BIO_LOOKUP_CLIENT:
+                he_fallback_address = INADDR_LOOPBACK;
+                break;
+            case BIO_LOOKUP_SERVER:
+                he_fallback_address = INADDR_ANY;
+                break;
+            default:
+                /* We forgot to handle a lookup type! */
+                assert("We forgot to handle a lookup type!" == NULL);
+                BIOerr(BIO_F_BIO_LOOKUP_EX, ERR_R_INTERNAL_ERROR);
+                ret = 0;
+                goto err;
+            }
+        } else {
+            he = gethostbyname(host);
+
+            if (he == NULL) {
+#ifndef OPENSSL_SYS_WINDOWS
+                /*
+                 * This might be misleading, because h_errno is used as if
+                 * it was errno. To minimize mixup add 1000. Underlying
+                 * reason for this is that hstrerror is declared obsolete,
+                 * not to mention that a) h_errno is not always guaranteed
+                 * to be meaningless; b) hstrerror can reside in yet another
+                 * library, linking for sake of hstrerror is an overkill;
+                 * c) this path is not executed on contemporary systems
+                 * anyway [above getaddrinfo/gai_strerror is]. We just let
+                 * system administrator figure this out...
+                 */
+# if defined(OPENSSL_SYS_VXWORKS)
+                /* h_errno doesn't exist on VxWorks */
+                SYSerr(SYS_F_GETHOSTBYNAME, 1000 );
+# else
+                SYSerr(SYS_F_GETHOSTBYNAME, 1000 + h_errno);
+# endif
+#else
+                SYSerr(SYS_F_GETHOSTBYNAME, WSAGetLastError());
+#endif
+                ret = 0;
+                goto err;
+            }
+        }
+
+        if (service == NULL) {
+            se_fallback.s_port = 0;
+            se_fallback.s_proto = NULL;
+            se = &se_fallback;
+        } else {
+            char *endp = NULL;
+            long portnum = strtol(service, &endp, 10);
+
+/*
+ * Because struct servent is defined for 32-bit pointers only with
+ * VMS C, we need to make sure that 'proto' is a 32-bit pointer.
+ */
+#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
+# pragma pointer_size save
+# pragma pointer_size 32
+#endif
+            char *proto = NULL;
+#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
+# pragma pointer_size restore
+#endif
+
+            switch (socktype) {
+            case SOCK_STREAM:
+                proto = "tcp";
+                break;
+            case SOCK_DGRAM:
+                proto = "udp";
+                break;
+            }
+
+            if (endp != service && *endp == '\0'
+                    && portnum > 0 && portnum < 65536) {
+                se_fallback.s_port = htons((unsigned short)portnum);
+                se_fallback.s_proto = proto;
+                se = &se_fallback;
+            } else if (endp == service) {
+                se = getservbyname(service, proto);
+
+                if (se == NULL) {
+#ifndef OPENSSL_SYS_WINDOWS
+                    SYSerr(SYS_F_GETSERVBYNAME, errno);
+#else
+                    SYSerr(SYS_F_GETSERVBYNAME, WSAGetLastError());
+#endif
+                    goto err;
+                }
+            } else {
+                BIOerr(BIO_F_BIO_LOOKUP_EX, BIO_R_MALFORMED_HOST_OR_SERVICE);
+                goto err;
+            }
+        }
+
+        *res = NULL;
+
+        {
+/*
+ * Because hostent::h_addr_list is an array of 32-bit pointers with VMS C,
+ * we must make sure our iterator designates the same element type, hence
+ * the pointer size dance.
+ */
+#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
+# pragma pointer_size save
+# pragma pointer_size 32
+#endif
+            char **addrlistp;
+#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
+# pragma pointer_size restore
+#endif
+            size_t addresses;
+            BIO_ADDRINFO *tmp_bai = NULL;
+
+            /* The easiest way to create a linked list from an
+               array is to start from the back */
+            for(addrlistp = he->h_addr_list; *addrlistp != NULL;
+                addrlistp++)
+                ;
+
+            for(addresses = addrlistp - he->h_addr_list;
+                addrlistp--, addresses-- > 0; ) {
+                if (!addrinfo_wrap(he->h_addrtype, socktype,
+                                   *addrlistp, he->h_length,
+                                   se->s_port, &tmp_bai))
+                    goto addrinfo_malloc_err;
+                tmp_bai->bai_next = *res;
+                *res = tmp_bai;
+                continue;
+             addrinfo_malloc_err:
+                BIO_ADDRINFO_free(*res);
+                *res = NULL;
+                BIOerr(BIO_F_BIO_LOOKUP_EX, ERR_R_MALLOC_FAILURE);
+                ret = 0;
+                goto err;
+            }
+
+            ret = 1;
+        }
+     err:
+        CRYPTO_THREAD_unlock(bio_lookup_lock);
+    }
+
+    return ret;
+}
+
+#endif /* OPENSSL_NO_SOCK */
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/b_dump.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/b_dump.c
new file mode 100644
index 000000000..0d06414e7
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/b_dump.c
@@ -0,0 +1,148 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Stolen from tjh's ssl/ssl_trc.c stuff.
+ */
+
+#include <stdio.h>
+#include "bio_lcl.h"
+
+#define DUMP_WIDTH      16
+#define DUMP_WIDTH_LESS_INDENT(i) (DUMP_WIDTH - ((i - (i > 6 ? 6 : i) + 3) / 4))
+
+#define SPACE(buf, pos, n)   (sizeof(buf) - (pos) > (n))
+
+int BIO_dump_cb(int (*cb) (const void *data, size_t len, void *u),
+                void *u, const char *s, int len)
+{
+    return BIO_dump_indent_cb(cb, u, s, len, 0);
+}
+
+int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u),
+                       void *u, const char *s, int len, int indent)
+{
+    int ret = 0;
+    char buf[288 + 1];
+    int i, j, rows, n;
+    unsigned char ch;
+    int dump_width;
+
+    if (indent < 0)
+        indent = 0;
+    else if (indent > 128)
+        indent = 128;
+
+    dump_width = DUMP_WIDTH_LESS_INDENT(indent);
+    rows = len / dump_width;
+    if ((rows * dump_width) < len)
+        rows++;
+    for (i = 0; i < rows; i++) {
+        n = BIO_snprintf(buf, sizeof(buf), "%*s%04x - ", indent, "",
+                         i * dump_width);
+        for (j = 0; j < dump_width; j++) {
+            if (SPACE(buf, n, 3)) {
+                if (((i * dump_width) + j) >= len) {
+                    strcpy(buf + n, "   ");
+                } else {
+                    ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff;
+                    BIO_snprintf(buf + n, 4, "%02x%c", ch,
+                                 j == 7 ? '-' : ' ');
+                }
+                n += 3;
+            }
+        }
+        if (SPACE(buf, n, 2)) {
+            strcpy(buf + n, "  ");
+            n += 2;
+        }
+        for (j = 0; j < dump_width; j++) {
+            if (((i * dump_width) + j) >= len)
+                break;
+            if (SPACE(buf, n, 1)) {
+                ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff;
+#ifndef CHARSET_EBCDIC
+                buf[n++] = ((ch >= ' ') && (ch <= '~')) ? ch : '.';
+#else
+                buf[n++] = ((ch >= os_toascii[' ']) && (ch <= os_toascii['~']))
+                           ? os_toebcdic[ch]
+                           : '.';
+#endif
+                buf[n] = '\0';
+            }
+        }
+        if (SPACE(buf, n, 1)) {
+            buf[n++] = '\n';
+            buf[n] = '\0';
+        }
+        /*
+         * if this is the last call then update the ddt_dump thing so that we
+         * will move the selection point in the debug window
+         */
+        ret += cb((void *)buf, n, u);
+    }
+    return ret;
+}
+
+#ifndef OPENSSL_NO_STDIO
+static int write_fp(const void *data, size_t len, void *fp)
+{
+    return UP_fwrite(data, len, 1, fp);
+}
+
+int BIO_dump_fp(FILE *fp, const char *s, int len)
+{
+    return BIO_dump_cb(write_fp, fp, s, len);
+}
+
+int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent)
+{
+    return BIO_dump_indent_cb(write_fp, fp, s, len, indent);
+}
+#endif
+
+static int write_bio(const void *data, size_t len, void *bp)
+{
+    return BIO_write((BIO *)bp, (const char *)data, len);
+}
+
+int BIO_dump(BIO *bp, const char *s, int len)
+{
+    return BIO_dump_cb(write_bio, bp, s, len);
+}
+
+int BIO_dump_indent(BIO *bp, const char *s, int len, int indent)
+{
+    return BIO_dump_indent_cb(write_bio, bp, s, len, indent);
+}
+
+int BIO_hex_string(BIO *out, int indent, int width, unsigned char *data,
+                   int datalen)
+{
+    int i, j = 0;
+
+    if (datalen < 1)
+        return 1;
+
+    for (i = 0; i < datalen - 1; i++) {
+        if (i && !j)
+            BIO_printf(out, "%*s", indent, "");
+
+        BIO_printf(out, "%02X:", data[i]);
+
+        j = (j + 1) % width;
+        if (!j)
+            BIO_printf(out, "\n");
+    }
+
+    if (i && !j)
+        BIO_printf(out, "%*s", indent, "");
+    BIO_printf(out, "%02X", data[datalen - 1]);
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/b_print.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/b_print.c
new file mode 100644
index 000000000..9e907fcaa
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/b_print.c
@@ -0,0 +1,930 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include "internal/cryptlib.h"
+#include "internal/ctype.h"
+#include "internal/numbers.h"
+#include <openssl/bio.h>
+
+/*
+ * Copyright Patrick Powell 1995
+ * This code is based on code written by Patrick Powell <papowell@astart.com>
+ * It may be used for any purpose as long as this notice remains intact
+ * on all source code distributions.
+ */
+
+#ifdef HAVE_LONG_DOUBLE
+# define LDOUBLE long double
+#else
+# define LDOUBLE double
+#endif
+
+static int fmtstr(char **, char **, size_t *, size_t *,
+                  const char *, int, int, int);
+static int fmtint(char **, char **, size_t *, size_t *,
+                  int64_t, int, int, int, int);
+static int fmtfp(char **, char **, size_t *, size_t *,
+                 LDOUBLE, int, int, int, int);
+static int doapr_outch(char **, char **, size_t *, size_t *, int);
+static int _dopr(char **sbuffer, char **buffer,
+                 size_t *maxlen, size_t *retlen, int *truncated,
+                 const char *format, va_list args);
+
+/* format read states */
+#define DP_S_DEFAULT    0
+#define DP_S_FLAGS      1
+#define DP_S_MIN        2
+#define DP_S_DOT        3
+#define DP_S_MAX        4
+#define DP_S_MOD        5
+#define DP_S_CONV       6
+#define DP_S_DONE       7
+
+/* format flags - Bits */
+/* left-aligned padding */
+#define DP_F_MINUS      (1 << 0)
+/* print an explicit '+' for a value with positive sign */
+#define DP_F_PLUS       (1 << 1)
+/* print an explicit ' ' for a value with positive sign */
+#define DP_F_SPACE      (1 << 2)
+/* print 0/0x prefix for octal/hex and decimal point for floating point */
+#define DP_F_NUM        (1 << 3)
+/* print leading zeroes */
+#define DP_F_ZERO       (1 << 4)
+/* print HEX in UPPPERcase */
+#define DP_F_UP         (1 << 5)
+/* treat value as unsigned */
+#define DP_F_UNSIGNED   (1 << 6)
+
+/* conversion flags */
+#define DP_C_SHORT      1
+#define DP_C_LONG       2
+#define DP_C_LDOUBLE    3
+#define DP_C_LLONG      4
+#define DP_C_SIZE       5
+
+/* Floating point formats */
+#define F_FORMAT        0
+#define E_FORMAT        1
+#define G_FORMAT        2
+
+/* some handy macros */
+#define char_to_int(p) (p - '0')
+#define OSSL_MAX(p,q) ((p >= q) ? p : q)
+
+static int
+_dopr(char **sbuffer,
+      char **buffer,
+      size_t *maxlen,
+      size_t *retlen, int *truncated, const char *format, va_list args)
+{
+    char ch;
+    int64_t value;
+    LDOUBLE fvalue;
+    char *strvalue;
+    int min;
+    int max;
+    int state;
+    int flags;
+    int cflags;
+    size_t currlen;
+
+    state = DP_S_DEFAULT;
+    flags = currlen = cflags = min = 0;
+    max = -1;
+    ch = *format++;
+
+    while (state != DP_S_DONE) {
+        if (ch == '\0' || (buffer == NULL && currlen >= *maxlen))
+            state = DP_S_DONE;
+
+        switch (state) {
+        case DP_S_DEFAULT:
+            if (ch == '%')
+                state = DP_S_FLAGS;
+            else
+                if (!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch))
+                    return 0;
+            ch = *format++;
+            break;
+        case DP_S_FLAGS:
+            switch (ch) {
+            case '-':
+                flags |= DP_F_MINUS;
+                ch = *format++;
+                break;
+            case '+':
+                flags |= DP_F_PLUS;
+                ch = *format++;
+                break;
+            case ' ':
+                flags |= DP_F_SPACE;
+                ch = *format++;
+                break;
+            case '#':
+                flags |= DP_F_NUM;
+                ch = *format++;
+                break;
+            case '0':
+                flags |= DP_F_ZERO;
+                ch = *format++;
+                break;
+            default:
+                state = DP_S_MIN;
+                break;
+            }
+            break;
+        case DP_S_MIN:
+            if (ossl_isdigit(ch)) {
+                min = 10 * min + char_to_int(ch);
+                ch = *format++;
+            } else if (ch == '*') {
+                min = va_arg(args, int);
+                ch = *format++;
+                state = DP_S_DOT;
+            } else
+                state = DP_S_DOT;
+            break;
+        case DP_S_DOT:
+            if (ch == '.') {
+                state = DP_S_MAX;
+                ch = *format++;
+            } else
+                state = DP_S_MOD;
+            break;
+        case DP_S_MAX:
+            if (ossl_isdigit(ch)) {
+                if (max < 0)
+                    max = 0;
+                max = 10 * max + char_to_int(ch);
+                ch = *format++;
+            } else if (ch == '*') {
+                max = va_arg(args, int);
+                ch = *format++;
+                state = DP_S_MOD;
+            } else
+                state = DP_S_MOD;
+            break;
+        case DP_S_MOD:
+            switch (ch) {
+            case 'h':
+                cflags = DP_C_SHORT;
+                ch = *format++;
+                break;
+            case 'l':
+                if (*format == 'l') {
+                    cflags = DP_C_LLONG;
+                    format++;
+                } else
+                    cflags = DP_C_LONG;
+                ch = *format++;
+                break;
+            case 'q':
+            case 'j':
+                cflags = DP_C_LLONG;
+                ch = *format++;
+                break;
+            case 'L':
+                cflags = DP_C_LDOUBLE;
+                ch = *format++;
+                break;
+            case 'z':
+                cflags = DP_C_SIZE;
+                ch = *format++;
+                break;
+            default:
+                break;
+            }
+            state = DP_S_CONV;
+            break;
+        case DP_S_CONV:
+            switch (ch) {
+            case 'd':
+            case 'i':
+                switch (cflags) {
+                case DP_C_SHORT:
+                    value = (short int)va_arg(args, int);
+                    break;
+                case DP_C_LONG:
+                    value = va_arg(args, long int);
+                    break;
+                case DP_C_LLONG:
+                    value = va_arg(args, int64_t);
+                    break;
+                case DP_C_SIZE:
+                    value = va_arg(args, ossl_ssize_t);
+                    break;
+                default:
+                    value = va_arg(args, int);
+                    break;
+                }
+                if (!fmtint(sbuffer, buffer, &currlen, maxlen, value, 10, min,
+                            max, flags))
+                    return 0;
+                break;
+            case 'X':
+                flags |= DP_F_UP;
+                /* FALLTHROUGH */
+            case 'x':
+            case 'o':
+            case 'u':
+                flags |= DP_F_UNSIGNED;
+                switch (cflags) {
+                case DP_C_SHORT:
+                    value = (unsigned short int)va_arg(args, unsigned int);
+                    break;
+                case DP_C_LONG:
+                    value = va_arg(args, unsigned long int);
+                    break;
+                case DP_C_LLONG:
+                    value = va_arg(args, uint64_t);
+                    break;
+                case DP_C_SIZE:
+                    value = va_arg(args, size_t);
+                    break;
+                default:
+                    value = va_arg(args, unsigned int);
+                    break;
+                }
+                if (!fmtint(sbuffer, buffer, &currlen, maxlen, value,
+                            ch == 'o' ? 8 : (ch == 'u' ? 10 : 16),
+                            min, max, flags))
+                    return 0;
+                break;
+            case 'f':
+                if (cflags == DP_C_LDOUBLE)
+                    fvalue = va_arg(args, LDOUBLE);
+                else
+                    fvalue = va_arg(args, double);
+                if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max,
+                           flags, F_FORMAT))
+                    return 0;
+                break;
+            case 'E':
+                flags |= DP_F_UP;
+                /* fall thru */
+            case 'e':
+                if (cflags == DP_C_LDOUBLE)
+                    fvalue = va_arg(args, LDOUBLE);
+                else
+                    fvalue = va_arg(args, double);
+                if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max,
+                           flags, E_FORMAT))
+                    return 0;
+                break;
+            case 'G':
+                flags |= DP_F_UP;
+                /* fall thru */
+            case 'g':
+                if (cflags == DP_C_LDOUBLE)
+                    fvalue = va_arg(args, LDOUBLE);
+                else
+                    fvalue = va_arg(args, double);
+                if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max,
+                           flags, G_FORMAT))
+                    return 0;
+                break;
+            case 'c':
+                if (!doapr_outch(sbuffer, buffer, &currlen, maxlen,
+                                 va_arg(args, int)))
+                    return 0;
+                break;
+            case 's':
+                strvalue = va_arg(args, char *);
+                if (max < 0) {
+                    if (buffer)
+                        max = INT_MAX;
+                    else
+                        max = *maxlen;
+                }
+                if (!fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue,
+                            flags, min, max))
+                    return 0;
+                break;
+            case 'p':
+                value = (size_t)va_arg(args, void *);
+                if (!fmtint(sbuffer, buffer, &currlen, maxlen,
+                            value, 16, min, max, flags | DP_F_NUM))
+                    return 0;
+                break;
+            case 'n':
+                {
+                    int *num;
+                    num = va_arg(args, int *);
+                    *num = currlen;
+                }
+                break;
+            case '%':
+                if (!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch))
+                    return 0;
+                break;
+            case 'w':
+                /* not supported yet, treat as next char */
+                ch = *format++;
+                break;
+            default:
+                /* unknown, skip */
+                break;
+            }
+            ch = *format++;
+            state = DP_S_DEFAULT;
+            flags = cflags = min = 0;
+            max = -1;
+            break;
+        case DP_S_DONE:
+            break;
+        default:
+            break;
+        }
+    }
+    /*
+     * We have to truncate if there is no dynamic buffer and we have filled the
+     * static buffer.
+     */
+    if (buffer == NULL) {
+        *truncated = (currlen > *maxlen - 1);
+        if (*truncated)
+            currlen = *maxlen - 1;
+    }
+    if (!doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0'))
+        return 0;
+    *retlen = currlen - 1;
+    return 1;
+}
+
+static int
+fmtstr(char **sbuffer,
+       char **buffer,
+       size_t *currlen,
+       size_t *maxlen, const char *value, int flags, int min, int max)
+{
+    int padlen;
+    size_t strln;
+    int cnt = 0;
+
+    if (value == 0)
+        value = "<NULL>";
+
+    strln = OPENSSL_strnlen(value, max < 0 ? SIZE_MAX : (size_t)max);
+
+    padlen = min - strln;
+    if (min < 0 || padlen < 0)
+        padlen = 0;
+    if (max >= 0) {
+        /*
+         * Calculate the maximum output including padding.
+         * Make sure max doesn't overflow into negativity
+         */
+        if (max < INT_MAX - padlen)
+            max += padlen;
+        else
+            max = INT_MAX;
+    }
+    if (flags & DP_F_MINUS)
+        padlen = -padlen;
+
+    while ((padlen > 0) && (max < 0 || cnt < max)) {
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
+            return 0;
+        --padlen;
+        ++cnt;
+    }
+    while (strln > 0 && (max < 0 || cnt < max)) {
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, *value++))
+            return 0;
+        --strln;
+        ++cnt;
+    }
+    while ((padlen < 0) && (max < 0 || cnt < max)) {
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
+            return 0;
+        ++padlen;
+        ++cnt;
+    }
+    return 1;
+}
+
+static int
+fmtint(char **sbuffer,
+       char **buffer,
+       size_t *currlen,
+       size_t *maxlen, int64_t value, int base, int min, int max, int flags)
+{
+    int signvalue = 0;
+    const char *prefix = "";
+    uint64_t uvalue;
+    char convert[DECIMAL_SIZE(value) + 3];
+    int place = 0;
+    int spadlen = 0;
+    int zpadlen = 0;
+    int caps = 0;
+
+    if (max < 0)
+        max = 0;
+    uvalue = value;
+    if (!(flags & DP_F_UNSIGNED)) {
+        if (value < 0) {
+            signvalue = '-';
+            uvalue = 0 - (uint64_t)value;
+        } else if (flags & DP_F_PLUS)
+            signvalue = '+';
+        else if (flags & DP_F_SPACE)
+            signvalue = ' ';
+    }
+    if (flags & DP_F_NUM) {
+        if (base == 8)
+            prefix = "0";
+        if (base == 16)
+            prefix = "0x";
+    }
+    if (flags & DP_F_UP)
+        caps = 1;
+    do {
+        convert[place++] = (caps ? "0123456789ABCDEF" : "0123456789abcdef")
+            [uvalue % (unsigned)base];
+        uvalue = (uvalue / (unsigned)base);
+    } while (uvalue && (place < (int)sizeof(convert)));
+    if (place == sizeof(convert))
+        place--;
+    convert[place] = 0;
+
+    zpadlen = max - place;
+    spadlen =
+        min - OSSL_MAX(max, place) - (signvalue ? 1 : 0) - strlen(prefix);
+    if (zpadlen < 0)
+        zpadlen = 0;
+    if (spadlen < 0)
+        spadlen = 0;
+    if (flags & DP_F_ZERO) {
+        zpadlen = OSSL_MAX(zpadlen, spadlen);
+        spadlen = 0;
+    }
+    if (flags & DP_F_MINUS)
+        spadlen = -spadlen;
+
+    /* spaces */
+    while (spadlen > 0) {
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
+            return 0;
+        --spadlen;
+    }
+
+    /* sign */
+    if (signvalue)
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
+            return 0;
+
+    /* prefix */
+    while (*prefix) {
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix))
+            return 0;
+        prefix++;
+    }
+
+    /* zeros */
+    if (zpadlen > 0) {
+        while (zpadlen > 0) {
+            if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
+                return 0;
+            --zpadlen;
+        }
+    }
+    /* digits */
+    while (place > 0) {
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, convert[--place]))
+            return 0;
+    }
+
+    /* left justified spaces */
+    while (spadlen < 0) {
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
+            return 0;
+        ++spadlen;
+    }
+    return 1;
+}
+
+static LDOUBLE abs_val(LDOUBLE value)
+{
+    LDOUBLE result = value;
+    if (value < 0)
+        result = -value;
+    return result;
+}
+
+static LDOUBLE pow_10(int in_exp)
+{
+    LDOUBLE result = 1;
+    while (in_exp) {
+        result *= 10;
+        in_exp--;
+    }
+    return result;
+}
+
+static long roundv(LDOUBLE value)
+{
+    long intpart;
+    intpart = (long)value;
+    value = value - intpart;
+    if (value >= 0.5)
+        intpart++;
+    return intpart;
+}
+
+static int
+fmtfp(char **sbuffer,
+      char **buffer,
+      size_t *currlen,
+      size_t *maxlen, LDOUBLE fvalue, int min, int max, int flags, int style)
+{
+    int signvalue = 0;
+    LDOUBLE ufvalue;
+    LDOUBLE tmpvalue;
+    char iconvert[20];
+    char fconvert[20];
+    char econvert[20];
+    int iplace = 0;
+    int fplace = 0;
+    int eplace = 0;
+    int padlen = 0;
+    int zpadlen = 0;
+    long exp = 0;
+    unsigned long intpart;
+    unsigned long fracpart;
+    unsigned long max10;
+    int realstyle;
+
+    if (max < 0)
+        max = 6;
+
+    if (fvalue < 0)
+        signvalue = '-';
+    else if (flags & DP_F_PLUS)
+        signvalue = '+';
+    else if (flags & DP_F_SPACE)
+        signvalue = ' ';
+
+    /*
+     * G_FORMAT sometimes prints like E_FORMAT and sometimes like F_FORMAT
+     * depending on the number to be printed. Work out which one it is and use
+     * that from here on.
+     */
+    if (style == G_FORMAT) {
+        if (fvalue == 0.0) {
+            realstyle = F_FORMAT;
+        } else if (fvalue < 0.0001) {
+            realstyle = E_FORMAT;
+        } else if ((max == 0 && fvalue >= 10)
+                    || (max > 0 && fvalue >= pow_10(max))) {
+            realstyle = E_FORMAT;
+        } else {
+            realstyle = F_FORMAT;
+        }
+    } else {
+        realstyle = style;
+    }
+
+    if (style != F_FORMAT) {
+        tmpvalue = fvalue;
+        /* Calculate the exponent */
+        if (fvalue != 0.0) {
+            while (tmpvalue < 1) {
+                tmpvalue *= 10;
+                exp--;
+            }
+            while (tmpvalue > 10) {
+                tmpvalue /= 10;
+                exp++;
+            }
+        }
+        if (style == G_FORMAT) {
+            /*
+             * In G_FORMAT the "precision" represents significant digits. We
+             * always have at least 1 significant digit.
+             */
+            if (max == 0)
+                max = 1;
+            /* Now convert significant digits to decimal places */
+            if (realstyle == F_FORMAT) {
+                max -= (exp + 1);
+                if (max < 0) {
+                    /*
+                     * Should not happen. If we're in F_FORMAT then exp < max?
+                     */
+                    return 0;
+                }
+            } else {
+                /*
+                 * In E_FORMAT there is always one significant digit in front
+                 * of the decimal point, so:
+                 * significant digits == 1 + decimal places
+                 */
+                max--;
+            }
+        }
+        if (realstyle == E_FORMAT)
+            fvalue = tmpvalue;
+    }
+    ufvalue = abs_val(fvalue);
+    if (ufvalue > ULONG_MAX) {
+        /* Number too big */
+        return 0;
+    }
+    intpart = (unsigned long)ufvalue;
+
+    /*
+     * sorry, we only support 9 digits past the decimal because of our
+     * conversion method
+     */
+    if (max > 9)
+        max = 9;
+
+    /*
+     * we "cheat" by converting the fractional part to integer by multiplying
+     * by a factor of 10
+     */
+    max10 = roundv(pow_10(max));
+    fracpart = roundv(pow_10(max) * (ufvalue - intpart));
+
+    if (fracpart >= max10) {
+        intpart++;
+        fracpart -= max10;
+    }
+
+    /* convert integer part */
+    do {
+        iconvert[iplace++] = "0123456789"[intpart % 10];
+        intpart = (intpart / 10);
+    } while (intpart && (iplace < (int)sizeof(iconvert)));
+    if (iplace == sizeof(iconvert))
+        iplace--;
+    iconvert[iplace] = 0;
+
+    /* convert fractional part */
+    while (fplace < max) {
+        if (style == G_FORMAT && fplace == 0 && (fracpart % 10) == 0) {
+            /* We strip trailing zeros in G_FORMAT */
+            max--;
+            fracpart = fracpart / 10;
+            if (fplace < max)
+                continue;
+            break;
+        }
+        fconvert[fplace++] = "0123456789"[fracpart % 10];
+        fracpart = (fracpart / 10);
+    }
+
+    if (fplace == sizeof(fconvert))
+        fplace--;
+    fconvert[fplace] = 0;
+
+    /* convert exponent part */
+    if (realstyle == E_FORMAT) {
+        int tmpexp;
+        if (exp < 0)
+            tmpexp = -exp;
+        else
+            tmpexp = exp;
+
+        do {
+            econvert[eplace++] = "0123456789"[tmpexp % 10];
+            tmpexp = (tmpexp / 10);
+        } while (tmpexp > 0 && eplace < (int)sizeof(econvert));
+        /* Exponent is huge!! Too big to print */
+        if (tmpexp > 0)
+            return 0;
+        /* Add a leading 0 for single digit exponents */
+        if (eplace == 1)
+            econvert[eplace++] = '0';
+    }
+
+    /*
+     * -1 for decimal point (if we have one, i.e. max > 0),
+     * another -1 if we are printing a sign
+     */
+    padlen = min - iplace - max - (max > 0 ? 1 : 0) - ((signvalue) ? 1 : 0);
+    /* Take some off for exponent prefix "+e" and exponent */
+    if (realstyle == E_FORMAT)
+        padlen -= 2 + eplace;
+    zpadlen = max - fplace;
+    if (zpadlen < 0)
+        zpadlen = 0;
+    if (padlen < 0)
+        padlen = 0;
+    if (flags & DP_F_MINUS)
+        padlen = -padlen;
+
+    if ((flags & DP_F_ZERO) && (padlen > 0)) {
+        if (signvalue) {
+            if (!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
+                return 0;
+            --padlen;
+            signvalue = 0;
+        }
+        while (padlen > 0) {
+            if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
+                return 0;
+            --padlen;
+        }
+    }
+    while (padlen > 0) {
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
+            return 0;
+        --padlen;
+    }
+    if (signvalue && !doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
+        return 0;
+
+    while (iplace > 0) {
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, iconvert[--iplace]))
+            return 0;
+    }
+
+    /*
+     * Decimal point. This should probably use locale to find the correct
+     * char to print out.
+     */
+    if (max > 0 || (flags & DP_F_NUM)) {
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '.'))
+            return 0;
+
+        while (fplace > 0) {
+            if (!doapr_outch(sbuffer, buffer, currlen, maxlen,
+                             fconvert[--fplace]))
+                return 0;
+        }
+    }
+    while (zpadlen > 0) {
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
+            return 0;
+        --zpadlen;
+    }
+    if (realstyle == E_FORMAT) {
+        char ech;
+
+        if ((flags & DP_F_UP) == 0)
+            ech = 'e';
+        else
+            ech = 'E';
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ech))
+                return 0;
+        if (exp < 0) {
+            if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '-'))
+                    return 0;
+        } else {
+            if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '+'))
+                    return 0;
+        }
+        while (eplace > 0) {
+            if (!doapr_outch(sbuffer, buffer, currlen, maxlen,
+                             econvert[--eplace]))
+                return 0;
+        }
+    }
+
+    while (padlen < 0) {
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
+            return 0;
+        ++padlen;
+    }
+    return 1;
+}
+
+#define BUFFER_INC  1024
+
+static int
+doapr_outch(char **sbuffer,
+            char **buffer, size_t *currlen, size_t *maxlen, int c)
+{
+    /* If we haven't at least one buffer, someone has done a big booboo */
+    if (!ossl_assert(*sbuffer != NULL || buffer != NULL))
+        return 0;
+
+    /* |currlen| must always be <= |*maxlen| */
+    if (!ossl_assert(*currlen <= *maxlen))
+        return 0;
+
+    if (buffer && *currlen == *maxlen) {
+        if (*maxlen > INT_MAX - BUFFER_INC)
+            return 0;
+
+        *maxlen += BUFFER_INC;
+        if (*buffer == NULL) {
+            if ((*buffer = OPENSSL_malloc(*maxlen)) == NULL) {
+                BIOerr(BIO_F_DOAPR_OUTCH, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+            if (*currlen > 0) {
+                if (!ossl_assert(*sbuffer != NULL))
+                    return 0;
+                memcpy(*buffer, *sbuffer, *currlen);
+            }
+            *sbuffer = NULL;
+        } else {
+            char *tmpbuf;
+            tmpbuf = OPENSSL_realloc(*buffer, *maxlen);
+            if (tmpbuf == NULL)
+                return 0;
+            *buffer = tmpbuf;
+        }
+    }
+
+    if (*currlen < *maxlen) {
+        if (*sbuffer)
+            (*sbuffer)[(*currlen)++] = (char)c;
+        else
+            (*buffer)[(*currlen)++] = (char)c;
+    }
+
+    return 1;
+}
+
+/***************************************************************************/
+
+int BIO_printf(BIO *bio, const char *format, ...)
+{
+    va_list args;
+    int ret;
+
+    va_start(args, format);
+
+    ret = BIO_vprintf(bio, format, args);
+
+    va_end(args);
+    return ret;
+}
+
+int BIO_vprintf(BIO *bio, const char *format, va_list args)
+{
+    int ret;
+    size_t retlen;
+    char hugebuf[1024 * 2];     /* Was previously 10k, which is unreasonable
+                                 * in small-stack environments, like threads
+                                 * or DOS programs. */
+    char *hugebufp = hugebuf;
+    size_t hugebufsize = sizeof(hugebuf);
+    char *dynbuf = NULL;
+    int ignored;
+
+    dynbuf = NULL;
+    if (!_dopr(&hugebufp, &dynbuf, &hugebufsize, &retlen, &ignored, format,
+                args)) {
+        OPENSSL_free(dynbuf);
+        return -1;
+    }
+    if (dynbuf) {
+        ret = BIO_write(bio, dynbuf, (int)retlen);
+        OPENSSL_free(dynbuf);
+    } else {
+        ret = BIO_write(bio, hugebuf, (int)retlen);
+    }
+    return ret;
+}
+
+/*
+ * As snprintf is not available everywhere, we provide our own
+ * implementation. This function has nothing to do with BIOs, but it's
+ * closely related to BIO_printf, and we need *some* name prefix ... (XXX the
+ * function should be renamed, but to what?)
+ */
+int BIO_snprintf(char *buf, size_t n, const char *format, ...)
+{
+    va_list args;
+    int ret;
+
+    va_start(args, format);
+
+    ret = BIO_vsnprintf(buf, n, format, args);
+
+    va_end(args);
+    return ret;
+}
+
+int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
+{
+    size_t retlen;
+    int truncated;
+
+    if (!_dopr(&buf, NULL, &n, &retlen, &truncated, format, args))
+        return -1;
+
+    if (truncated)
+        /*
+         * In case of truncation, return -1 like traditional snprintf.
+         * (Current drafts for ISO/IEC 9899 say snprintf should return the
+         * number of characters that would have been written, had the buffer
+         * been large enough.)
+         */
+        return -1;
+    else
+        return (retlen <= INT_MAX) ? (int)retlen : -1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/b_sock.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/b_sock.c
new file mode 100644
index 000000000..e7a24d02c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/b_sock.c
@@ -0,0 +1,369 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#include "bio_lcl.h"
+#ifndef OPENSSL_NO_SOCK
+# define SOCKET_PROTOCOL IPPROTO_TCP
+# ifdef SO_MAXCONN
+#  define MAX_LISTEN  SO_MAXCONN
+# elif defined(SOMAXCONN)
+#  define MAX_LISTEN  SOMAXCONN
+# else
+#  define MAX_LISTEN  32
+# endif
+# if defined(OPENSSL_SYS_WINDOWS)
+static int wsa_init_done = 0;
+# endif
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+int BIO_get_host_ip(const char *str, unsigned char *ip)
+{
+    BIO_ADDRINFO *res = NULL;
+    int ret = 0;
+
+    if (BIO_sock_init() != 1)
+        return 0;               /* don't generate another error code here */
+
+    if (BIO_lookup(str, NULL, BIO_LOOKUP_CLIENT, AF_INET, SOCK_STREAM, &res)) {
+        size_t l;
+
+        if (BIO_ADDRINFO_family(res) != AF_INET) {
+            BIOerr(BIO_F_BIO_GET_HOST_IP,
+                   BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET);
+        } else if (BIO_ADDR_rawaddress(BIO_ADDRINFO_address(res), NULL, &l)) {
+            /*
+             * Because only AF_INET addresses will reach this far, we can assert
+             * that l should be 4
+             */
+            if (ossl_assert(l == 4))
+                ret = BIO_ADDR_rawaddress(BIO_ADDRINFO_address(res), ip, &l);
+        }
+        BIO_ADDRINFO_free(res);
+    } else {
+        ERR_add_error_data(2, "host=", str);
+    }
+
+    return ret;
+}
+
+int BIO_get_port(const char *str, unsigned short *port_ptr)
+{
+    BIO_ADDRINFO *res = NULL;
+    int ret = 0;
+
+    if (str == NULL) {
+        BIOerr(BIO_F_BIO_GET_PORT, BIO_R_NO_PORT_DEFINED);
+        return 0;
+    }
+
+    if (BIO_sock_init() != 1)
+        return 0;               /* don't generate another error code here */
+
+    if (BIO_lookup(NULL, str, BIO_LOOKUP_CLIENT, AF_INET, SOCK_STREAM, &res)) {
+        if (BIO_ADDRINFO_family(res) != AF_INET) {
+            BIOerr(BIO_F_BIO_GET_PORT,
+                   BIO_R_ADDRINFO_ADDR_IS_NOT_AF_INET);
+        } else {
+            *port_ptr = ntohs(BIO_ADDR_rawport(BIO_ADDRINFO_address(res)));
+            ret = 1;
+        }
+        BIO_ADDRINFO_free(res);
+    } else {
+        ERR_add_error_data(2, "host=", str);
+    }
+
+    return ret;
+}
+# endif
+
+int BIO_sock_error(int sock)
+{
+    int j = 0, i;
+    socklen_t size = sizeof(j);
+
+    /*
+     * Note: under Windows the third parameter is of type (char *) whereas
+     * under other systems it is (void *) if you don't have a cast it will
+     * choke the compiler: if you do have a cast then you can either go for
+     * (char *) or (void *).
+     */
+    i = getsockopt(sock, SOL_SOCKET, SO_ERROR, (void *)&j, &size);
+    if (i < 0)
+        return get_last_socket_error();
+    else
+        return j;
+}
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+struct hostent *BIO_gethostbyname(const char *name)
+{
+    /*
+     * Caching gethostbyname() results forever is wrong, so we have to let
+     * the true gethostbyname() worry about this
+     */
+    return gethostbyname(name);
+}
+# endif
+
+int BIO_sock_init(void)
+{
+# ifdef OPENSSL_SYS_WINDOWS
+    static struct WSAData wsa_state;
+
+    if (!wsa_init_done) {
+        int err;
+
+        wsa_init_done = 1;
+        memset(&wsa_state, 0, sizeof(wsa_state));
+        /*
+         * Not making wsa_state available to the rest of the code is formally
+         * wrong. But the structures we use are [believed to be] invariable
+         * among Winsock DLLs, while API availability is [expected to be]
+         * probed at run-time with DSO_global_lookup.
+         */
+        if (WSAStartup(0x0202, &wsa_state) != 0) {
+            err = WSAGetLastError();
+            SYSerr(SYS_F_WSASTARTUP, err);
+            BIOerr(BIO_F_BIO_SOCK_INIT, BIO_R_WSASTARTUP);
+            return -1;
+        }
+    }
+# endif                         /* OPENSSL_SYS_WINDOWS */
+# ifdef WATT32
+    extern int _watt_do_exit;
+    _watt_do_exit = 0;          /* don't make sock_init() call exit() */
+    if (sock_init())
+        return -1;
+# endif
+
+    return 1;
+}
+
+void bio_sock_cleanup_int(void)
+{
+# ifdef OPENSSL_SYS_WINDOWS
+    if (wsa_init_done) {
+        wsa_init_done = 0;
+        WSACleanup();
+    }
+# endif
+}
+
+int BIO_socket_ioctl(int fd, long type, void *arg)
+{
+    int i;
+
+#  ifdef __DJGPP__
+    i = ioctlsocket(fd, type, (char *)arg);
+#  else
+#   if defined(OPENSSL_SYS_VMS)
+    /*-
+     * 2011-02-18 SMS.
+     * VMS ioctl() can't tolerate a 64-bit "void *arg", but we
+     * observe that all the consumers pass in an "unsigned long *",
+     * so we arrange a local copy with a short pointer, and use
+     * that, instead.
+     */
+#    if __INITIAL_POINTER_SIZE == 64
+#     define ARG arg_32p
+#     pragma pointer_size save
+#     pragma pointer_size 32
+    unsigned long arg_32;
+    unsigned long *arg_32p;
+#     pragma pointer_size restore
+    arg_32p = &arg_32;
+    arg_32 = *((unsigned long *)arg);
+#    else                       /* __INITIAL_POINTER_SIZE == 64 */
+#     define ARG arg
+#    endif                      /* __INITIAL_POINTER_SIZE == 64 [else] */
+#   else                        /* defined(OPENSSL_SYS_VMS) */
+#    define ARG arg
+#   endif                       /* defined(OPENSSL_SYS_VMS) [else] */
+
+    i = ioctlsocket(fd, type, ARG);
+#  endif                        /* __DJGPP__ */
+    if (i < 0)
+        SYSerr(SYS_F_IOCTLSOCKET, get_last_socket_error());
+    return i;
+}
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+int BIO_get_accept_socket(char *host, int bind_mode)
+{
+    int s = INVALID_SOCKET;
+    char *h = NULL, *p = NULL;
+    BIO_ADDRINFO *res = NULL;
+
+    if (!BIO_parse_hostserv(host, &h, &p, BIO_PARSE_PRIO_SERV))
+        return INVALID_SOCKET;
+
+    if (BIO_sock_init() != 1)
+        return INVALID_SOCKET;
+
+    if (BIO_lookup(h, p, BIO_LOOKUP_SERVER, AF_UNSPEC, SOCK_STREAM, &res) != 0)
+        goto err;
+
+    if ((s = BIO_socket(BIO_ADDRINFO_family(res), BIO_ADDRINFO_socktype(res),
+                        BIO_ADDRINFO_protocol(res), 0)) == INVALID_SOCKET) {
+        s = INVALID_SOCKET;
+        goto err;
+    }
+
+    if (!BIO_listen(s, BIO_ADDRINFO_address(res),
+                    bind_mode ? BIO_SOCK_REUSEADDR : 0)) {
+        BIO_closesocket(s);
+        s = INVALID_SOCKET;
+    }
+
+ err:
+    BIO_ADDRINFO_free(res);
+    OPENSSL_free(h);
+    OPENSSL_free(p);
+
+    return s;
+}
+
+int BIO_accept(int sock, char **ip_port)
+{
+    BIO_ADDR res;
+    int ret = -1;
+
+    ret = BIO_accept_ex(sock, &res, 0);
+    if (ret == (int)INVALID_SOCKET) {
+        if (BIO_sock_should_retry(ret)) {
+            ret = -2;
+            goto end;
+        }
+        SYSerr(SYS_F_ACCEPT, get_last_socket_error());
+        BIOerr(BIO_F_BIO_ACCEPT, BIO_R_ACCEPT_ERROR);
+        goto end;
+    }
+
+    if (ip_port != NULL) {
+        char *host = BIO_ADDR_hostname_string(&res, 1);
+        char *port = BIO_ADDR_service_string(&res, 1);
+        if (host != NULL && port != NULL)
+            *ip_port = OPENSSL_zalloc(strlen(host) + strlen(port) + 2);
+        else
+            *ip_port = NULL;
+
+        if (*ip_port == NULL) {
+            BIOerr(BIO_F_BIO_ACCEPT, ERR_R_MALLOC_FAILURE);
+            BIO_closesocket(ret);
+            ret = (int)INVALID_SOCKET;
+        } else {
+            strcpy(*ip_port, host);
+            strcat(*ip_port, ":");
+            strcat(*ip_port, port);
+        }
+        OPENSSL_free(host);
+        OPENSSL_free(port);
+    }
+
+ end:
+    return ret;
+}
+# endif
+
+int BIO_set_tcp_ndelay(int s, int on)
+{
+    int ret = 0;
+# if defined(TCP_NODELAY) && (defined(IPPROTO_TCP) || defined(SOL_TCP))
+    int opt;
+
+#  ifdef SOL_TCP
+    opt = SOL_TCP;
+#  else
+#   ifdef IPPROTO_TCP
+    opt = IPPROTO_TCP;
+#   endif
+#  endif
+
+    ret = setsockopt(s, opt, TCP_NODELAY, (char *)&on, sizeof(on));
+# endif
+    return (ret == 0);
+}
+
+int BIO_socket_nbio(int s, int mode)
+{
+    int ret = -1;
+    int l;
+
+    l = mode;
+# ifdef FIONBIO
+    l = mode;
+
+    ret = BIO_socket_ioctl(s, FIONBIO, &l);
+# elif defined(F_GETFL) && defined(F_SETFL) && (defined(O_NONBLOCK) || defined(FNDELAY))
+    /* make sure this call always pushes an error level; BIO_socket_ioctl() does so, so we do too. */
+
+    l = fcntl(s, F_GETFL, 0);
+    if (l == -1) {
+        SYSerr(SYS_F_FCNTL, get_last_sys_error());
+        ret = -1;
+    } else {
+#  if defined(O_NONBLOCK)
+        l &= ~O_NONBLOCK;
+#  else
+        l &= ~FNDELAY; /* BSD4.x */
+#  endif
+        if (mode) {
+#  if defined(O_NONBLOCK)
+            l |= O_NONBLOCK;
+#  else
+            l |= FNDELAY; /* BSD4.x */
+#  endif
+        }
+        ret = fcntl(s, F_SETFL, l);
+
+        if (ret < 0) {
+            SYSerr(SYS_F_FCNTL, get_last_sys_error());
+        }
+    }
+# else
+    /* make sure this call always pushes an error level; BIO_socket_ioctl() does so, so we do too. */
+    BIOerr(BIO_F_BIO_SOCKET_NBIO, ERR_R_PASSED_INVALID_ARGUMENT);
+# endif
+
+    return (ret == 0);
+}
+
+int BIO_sock_info(int sock,
+                  enum BIO_sock_info_type type, union BIO_sock_info_u *info)
+{
+    switch (type) {
+    case BIO_SOCK_INFO_ADDRESS:
+        {
+            socklen_t addr_len;
+            int ret = 0;
+            addr_len = sizeof(*info->addr);
+            ret = getsockname(sock, BIO_ADDR_sockaddr_noconst(info->addr),
+                              &addr_len);
+            if (ret == -1) {
+                SYSerr(SYS_F_GETSOCKNAME, get_last_socket_error());
+                BIOerr(BIO_F_BIO_SOCK_INFO, BIO_R_GETSOCKNAME_ERROR);
+                return 0;
+            }
+            if ((size_t)addr_len > sizeof(*info->addr)) {
+                BIOerr(BIO_F_BIO_SOCK_INFO, BIO_R_GETSOCKNAME_TRUNCATED_ADDRESS);
+                return 0;
+            }
+        }
+        break;
+    default:
+        BIOerr(BIO_F_BIO_SOCK_INFO, BIO_R_UNKNOWN_INFO_TYPE);
+        return 0;
+    }
+    return 1;
+}
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/b_sock2.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/b_sock2.c
new file mode 100644
index 000000000..5d82ab22d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/b_sock2.c
@@ -0,0 +1,317 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+
+#include "bio_lcl.h"
+
+#include <openssl/err.h>
+
+#ifndef OPENSSL_NO_SOCK
+# ifdef SO_MAXCONN
+#  define MAX_LISTEN  SO_MAXCONN
+# elif defined(SOMAXCONN)
+#  define MAX_LISTEN  SOMAXCONN
+# else
+#  define MAX_LISTEN  32
+# endif
+
+/*-
+ * BIO_socket - create a socket
+ * @domain: the socket domain (AF_INET, AF_INET6, AF_UNIX, ...)
+ * @socktype: the socket type (SOCK_STEAM, SOCK_DGRAM)
+ * @protocol: the protocol to use (IPPROTO_TCP, IPPROTO_UDP)
+ * @options: BIO socket options (currently unused)
+ *
+ * Creates a socket.  This should be called before calling any
+ * of BIO_connect and BIO_listen.
+ *
+ * Returns the file descriptor on success or INVALID_SOCKET on failure.  On
+ * failure errno is set, and a status is added to the OpenSSL error stack.
+ */
+int BIO_socket(int domain, int socktype, int protocol, int options)
+{
+    int sock = -1;
+
+    if (BIO_sock_init() != 1)
+        return INVALID_SOCKET;
+
+    sock = socket(domain, socktype, protocol);
+    if (sock == -1) {
+        SYSerr(SYS_F_SOCKET, get_last_socket_error());
+        BIOerr(BIO_F_BIO_SOCKET, BIO_R_UNABLE_TO_CREATE_SOCKET);
+        return INVALID_SOCKET;
+    }
+
+    return sock;
+}
+
+/*-
+ * BIO_connect - connect to an address
+ * @sock: the socket to connect with
+ * @addr: the address to connect to
+ * @options: BIO socket options
+ *
+ * Connects to the address using the given socket and options.
+ *
+ * Options can be a combination of the following:
+ * - BIO_SOCK_KEEPALIVE: enable regularly sending keep-alive messages.
+ * - BIO_SOCK_NONBLOCK: Make the socket non-blocking.
+ * - BIO_SOCK_NODELAY: don't delay small messages.
+ *
+ * options holds BIO socket options that can be used
+ * You should call this for every address returned by BIO_lookup
+ * until the connection is successful.
+ *
+ * Returns 1 on success or 0 on failure.  On failure errno is set
+ * and an error status is added to the OpenSSL error stack.
+ */
+int BIO_connect(int sock, const BIO_ADDR *addr, int options)
+{
+    const int on = 1;
+
+    if (sock == -1) {
+        BIOerr(BIO_F_BIO_CONNECT, BIO_R_INVALID_SOCKET);
+        return 0;
+    }
+
+    if (!BIO_socket_nbio(sock, (options & BIO_SOCK_NONBLOCK) != 0))
+        return 0;
+
+    if (options & BIO_SOCK_KEEPALIVE) {
+        if (setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE,
+                       (const void *)&on, sizeof(on)) != 0) {
+            SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error());
+            BIOerr(BIO_F_BIO_CONNECT, BIO_R_UNABLE_TO_KEEPALIVE);
+            return 0;
+        }
+    }
+
+    if (options & BIO_SOCK_NODELAY) {
+        if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY,
+                       (const void *)&on, sizeof(on)) != 0) {
+            SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error());
+            BIOerr(BIO_F_BIO_CONNECT, BIO_R_UNABLE_TO_NODELAY);
+            return 0;
+        }
+    }
+
+    if (connect(sock, BIO_ADDR_sockaddr(addr),
+                BIO_ADDR_sockaddr_size(addr)) == -1) {
+        if (!BIO_sock_should_retry(-1)) {
+            SYSerr(SYS_F_CONNECT, get_last_socket_error());
+            BIOerr(BIO_F_BIO_CONNECT, BIO_R_CONNECT_ERROR);
+        }
+        return 0;
+    }
+    return 1;
+}
+
+/*-
+ * BIO_bind - bind socket to address
+ * @sock: the socket to set
+ * @addr: local address to bind to
+ * @options: BIO socket options
+ *
+ * Binds to the address using the given socket and options.
+ *
+ * Options can be a combination of the following:
+ * - BIO_SOCK_REUSEADDR: Try to reuse the address and port combination
+ *   for a recently closed port.
+ *
+ * When restarting the program it could be that the port is still in use.  If
+ * you set to BIO_SOCK_REUSEADDR option it will try to reuse the port anyway.
+ * It's recommended that you use this.
+ */
+int BIO_bind(int sock, const BIO_ADDR *addr, int options)
+{
+# ifndef OPENSSL_SYS_WINDOWS
+    int on = 1;
+# endif
+
+    if (sock == -1) {
+        BIOerr(BIO_F_BIO_BIND, BIO_R_INVALID_SOCKET);
+        return 0;
+    }
+
+# ifndef OPENSSL_SYS_WINDOWS
+    /*
+     * SO_REUSEADDR has different behavior on Windows than on
+     * other operating systems, don't set it there.
+     */
+    if (options & BIO_SOCK_REUSEADDR) {
+        if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR,
+                       (const void *)&on, sizeof(on)) != 0) {
+            SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error());
+            BIOerr(BIO_F_BIO_BIND, BIO_R_UNABLE_TO_REUSEADDR);
+            return 0;
+        }
+    }
+# endif
+
+    if (bind(sock, BIO_ADDR_sockaddr(addr), BIO_ADDR_sockaddr_size(addr)) != 0) {
+        SYSerr(SYS_F_BIND, get_last_socket_error());
+        BIOerr(BIO_F_BIO_BIND, BIO_R_UNABLE_TO_BIND_SOCKET);
+        return 0;
+    }
+
+    return 1;
+}
+
+/*-
+ * BIO_listen - Creates a listen socket
+ * @sock: the socket to listen with
+ * @addr: local address to bind to
+ * @options: BIO socket options
+ *
+ * Binds to the address using the given socket and options, then
+ * starts listening for incoming connections.
+ *
+ * Options can be a combination of the following:
+ * - BIO_SOCK_KEEPALIVE: enable regularly sending keep-alive messages.
+ * - BIO_SOCK_NONBLOCK: Make the socket non-blocking.
+ * - BIO_SOCK_NODELAY: don't delay small messages.
+ * - BIO_SOCK_REUSEADDR: Try to reuse the address and port combination
+ *   for a recently closed port.
+ * - BIO_SOCK_V6_ONLY: When creating an IPv6 socket, make it listen only
+ *   for IPv6 addresses and not IPv4 addresses mapped to IPv6.
+ *
+ * It's recommended that you set up both an IPv6 and IPv4 listen socket, and
+ * then check both for new clients that connect to it.  You want to set up
+ * the socket as non-blocking in that case since else it could hang.
+ *
+ * Not all operating systems support IPv4 addresses on an IPv6 socket, and for
+ * others it's an option.  If you pass the BIO_LISTEN_V6_ONLY it will try to
+ * create the IPv6 sockets to only listen for IPv6 connection.
+ *
+ * It could be that the first BIO_listen() call will listen to all the IPv6
+ * and IPv4 addresses and that then trying to bind to the IPv4 address will
+ * fail.  We can't tell the difference between already listening ourself to
+ * it and someone else listening to it when failing and errno is EADDRINUSE, so
+ * it's recommended to not give an error in that case if the first call was
+ * successful.
+ *
+ * When restarting the program it could be that the port is still in use.  If
+ * you set to BIO_SOCK_REUSEADDR option it will try to reuse the port anyway.
+ * It's recommended that you use this.
+ */
+int BIO_listen(int sock, const BIO_ADDR *addr, int options)
+{
+    int on = 1;
+    int socktype;
+    socklen_t socktype_len = sizeof(socktype);
+
+    if (sock == -1) {
+        BIOerr(BIO_F_BIO_LISTEN, BIO_R_INVALID_SOCKET);
+        return 0;
+    }
+
+    if (getsockopt(sock, SOL_SOCKET, SO_TYPE,
+                   (void *)&socktype, &socktype_len) != 0
+        || socktype_len != sizeof(socktype)) {
+        SYSerr(SYS_F_GETSOCKOPT, get_last_socket_error());
+        BIOerr(BIO_F_BIO_LISTEN, BIO_R_GETTING_SOCKTYPE);
+        return 0;
+    }
+
+    if (!BIO_socket_nbio(sock, (options & BIO_SOCK_NONBLOCK) != 0))
+        return 0;
+
+    if (options & BIO_SOCK_KEEPALIVE) {
+        if (setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE,
+                       (const void *)&on, sizeof(on)) != 0) {
+            SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error());
+            BIOerr(BIO_F_BIO_LISTEN, BIO_R_UNABLE_TO_KEEPALIVE);
+            return 0;
+        }
+    }
+
+    if (options & BIO_SOCK_NODELAY) {
+        if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY,
+                       (const void *)&on, sizeof(on)) != 0) {
+            SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error());
+            BIOerr(BIO_F_BIO_LISTEN, BIO_R_UNABLE_TO_NODELAY);
+            return 0;
+        }
+    }
+
+# ifdef IPV6_V6ONLY
+    if (BIO_ADDR_family(addr) == AF_INET6) {
+        /*
+         * Note: Windows default of IPV6_V6ONLY is ON, and Linux is OFF.
+         * Therefore we always have to use setsockopt here.
+         */
+        on = options & BIO_SOCK_V6_ONLY ? 1 : 0;
+        if (setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY,
+                       (const void *)&on, sizeof(on)) != 0) {
+            SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error());
+            BIOerr(BIO_F_BIO_LISTEN, BIO_R_LISTEN_V6_ONLY);
+            return 0;
+        }
+    }
+# endif
+
+    if (!BIO_bind(sock, addr, options))
+        return 0;
+
+    if (socktype != SOCK_DGRAM && listen(sock, MAX_LISTEN) == -1) {
+        SYSerr(SYS_F_LISTEN, get_last_socket_error());
+        BIOerr(BIO_F_BIO_LISTEN, BIO_R_UNABLE_TO_LISTEN_SOCKET);
+        return 0;
+    }
+
+    return 1;
+}
+
+/*-
+ * BIO_accept_ex - Accept new incoming connections
+ * @sock: the listening socket
+ * @addr: the BIO_ADDR to store the peer address in
+ * @options: BIO socket options, applied on the accepted socket.
+ *
+ */
+int BIO_accept_ex(int accept_sock, BIO_ADDR *addr_, int options)
+{
+    socklen_t len;
+    int accepted_sock;
+    BIO_ADDR locaddr;
+    BIO_ADDR *addr = addr_ == NULL ? &locaddr : addr_;
+
+    len = sizeof(*addr);
+    accepted_sock = accept(accept_sock,
+                           BIO_ADDR_sockaddr_noconst(addr), &len);
+    if (accepted_sock == -1) {
+        if (!BIO_sock_should_retry(accepted_sock)) {
+            SYSerr(SYS_F_ACCEPT, get_last_socket_error());
+            BIOerr(BIO_F_BIO_ACCEPT_EX, BIO_R_ACCEPT_ERROR);
+        }
+        return INVALID_SOCKET;
+    }
+
+    if (!BIO_socket_nbio(accepted_sock, (options & BIO_SOCK_NONBLOCK) != 0)) {
+        closesocket(accepted_sock);
+        return INVALID_SOCKET;
+    }
+
+    return accepted_sock;
+}
+
+/*-
+ * BIO_closesocket - Close a socket
+ * @sock: the socket to close
+ */
+int BIO_closesocket(int sock)
+{
+    if (closesocket(sock) < 0)
+        return 0;
+    return 1;
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bf_buff.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bf_buff.c
new file mode 100644
index 000000000..8e87a629b
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bf_buff.c
@@ -0,0 +1,475 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "bio_lcl.h"
+#include "internal/cryptlib.h"
+
+static int buffer_write(BIO *h, const char *buf, int num);
+static int buffer_read(BIO *h, char *buf, int size);
+static int buffer_puts(BIO *h, const char *str);
+static int buffer_gets(BIO *h, char *str, int size);
+static long buffer_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int buffer_new(BIO *h);
+static int buffer_free(BIO *data);
+static long buffer_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
+#define DEFAULT_BUFFER_SIZE     4096
+
+static const BIO_METHOD methods_buffer = {
+    BIO_TYPE_BUFFER,
+    "buffer",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
+    buffer_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
+    buffer_read,
+    buffer_puts,
+    buffer_gets,
+    buffer_ctrl,
+    buffer_new,
+    buffer_free,
+    buffer_callback_ctrl,
+};
+
+const BIO_METHOD *BIO_f_buffer(void)
+{
+    return &methods_buffer;
+}
+
+static int buffer_new(BIO *bi)
+{
+    BIO_F_BUFFER_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
+
+    if (ctx == NULL)
+        return 0;
+    ctx->ibuf_size = DEFAULT_BUFFER_SIZE;
+    ctx->ibuf = OPENSSL_malloc(DEFAULT_BUFFER_SIZE);
+    if (ctx->ibuf == NULL) {
+        OPENSSL_free(ctx);
+        return 0;
+    }
+    ctx->obuf_size = DEFAULT_BUFFER_SIZE;
+    ctx->obuf = OPENSSL_malloc(DEFAULT_BUFFER_SIZE);
+    if (ctx->obuf == NULL) {
+        OPENSSL_free(ctx->ibuf);
+        OPENSSL_free(ctx);
+        return 0;
+    }
+
+    bi->init = 1;
+    bi->ptr = (char *)ctx;
+    bi->flags = 0;
+    return 1;
+}
+
+static int buffer_free(BIO *a)
+{
+    BIO_F_BUFFER_CTX *b;
+
+    if (a == NULL)
+        return 0;
+    b = (BIO_F_BUFFER_CTX *)a->ptr;
+    OPENSSL_free(b->ibuf);
+    OPENSSL_free(b->obuf);
+    OPENSSL_free(a->ptr);
+    a->ptr = NULL;
+    a->init = 0;
+    a->flags = 0;
+    return 1;
+}
+
+static int buffer_read(BIO *b, char *out, int outl)
+{
+    int i, num = 0;
+    BIO_F_BUFFER_CTX *ctx;
+
+    if (out == NULL)
+        return 0;
+    ctx = (BIO_F_BUFFER_CTX *)b->ptr;
+
+    if ((ctx == NULL) || (b->next_bio == NULL))
+        return 0;
+    num = 0;
+    BIO_clear_retry_flags(b);
+
+ start:
+    i = ctx->ibuf_len;
+    /* If there is stuff left over, grab it */
+    if (i != 0) {
+        if (i > outl)
+            i = outl;
+        memcpy(out, &(ctx->ibuf[ctx->ibuf_off]), i);
+        ctx->ibuf_off += i;
+        ctx->ibuf_len -= i;
+        num += i;
+        if (outl == i)
+            return num;
+        outl -= i;
+        out += i;
+    }
+
+    /*
+     * We may have done a partial read. try to do more. We have nothing in
+     * the buffer. If we get an error and have read some data, just return it
+     * and let them retry to get the error again. copy direct to parent
+     * address space
+     */
+    if (outl > ctx->ibuf_size) {
+        for (;;) {
+            i = BIO_read(b->next_bio, out, outl);
+            if (i <= 0) {
+                BIO_copy_next_retry(b);
+                if (i < 0)
+                    return ((num > 0) ? num : i);
+                if (i == 0)
+                    return num;
+            }
+            num += i;
+            if (outl == i)
+                return num;
+            out += i;
+            outl -= i;
+        }
+    }
+    /* else */
+
+    /* we are going to be doing some buffering */
+    i = BIO_read(b->next_bio, ctx->ibuf, ctx->ibuf_size);
+    if (i <= 0) {
+        BIO_copy_next_retry(b);
+        if (i < 0)
+            return ((num > 0) ? num : i);
+        if (i == 0)
+            return num;
+    }
+    ctx->ibuf_off = 0;
+    ctx->ibuf_len = i;
+
+    /* Lets re-read using ourselves :-) */
+    goto start;
+}
+
+static int buffer_write(BIO *b, const char *in, int inl)
+{
+    int i, num = 0;
+    BIO_F_BUFFER_CTX *ctx;
+
+    if ((in == NULL) || (inl <= 0))
+        return 0;
+    ctx = (BIO_F_BUFFER_CTX *)b->ptr;
+    if ((ctx == NULL) || (b->next_bio == NULL))
+        return 0;
+
+    BIO_clear_retry_flags(b);
+ start:
+    i = ctx->obuf_size - (ctx->obuf_len + ctx->obuf_off);
+    /* add to buffer and return */
+    if (i >= inl) {
+        memcpy(&(ctx->obuf[ctx->obuf_off + ctx->obuf_len]), in, inl);
+        ctx->obuf_len += inl;
+        return (num + inl);
+    }
+    /* else */
+    /* stuff already in buffer, so add to it first, then flush */
+    if (ctx->obuf_len != 0) {
+        if (i > 0) {            /* lets fill it up if we can */
+            memcpy(&(ctx->obuf[ctx->obuf_off + ctx->obuf_len]), in, i);
+            in += i;
+            inl -= i;
+            num += i;
+            ctx->obuf_len += i;
+        }
+        /* we now have a full buffer needing flushing */
+        for (;;) {
+            i = BIO_write(b->next_bio, &(ctx->obuf[ctx->obuf_off]),
+                          ctx->obuf_len);
+            if (i <= 0) {
+                BIO_copy_next_retry(b);
+
+                if (i < 0)
+                    return ((num > 0) ? num : i);
+                if (i == 0)
+                    return num;
+            }
+            ctx->obuf_off += i;
+            ctx->obuf_len -= i;
+            if (ctx->obuf_len == 0)
+                break;
+        }
+    }
+    /*
+     * we only get here if the buffer has been flushed and we still have
+     * stuff to write
+     */
+    ctx->obuf_off = 0;
+
+    /* we now have inl bytes to write */
+    while (inl >= ctx->obuf_size) {
+        i = BIO_write(b->next_bio, in, inl);
+        if (i <= 0) {
+            BIO_copy_next_retry(b);
+            if (i < 0)
+                return ((num > 0) ? num : i);
+            if (i == 0)
+                return num;
+        }
+        num += i;
+        in += i;
+        inl -= i;
+        if (inl == 0)
+            return num;
+    }
+
+    /*
+     * copy the rest into the buffer since we have only a small amount left
+     */
+    goto start;
+}
+
+static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    BIO *dbio;
+    BIO_F_BUFFER_CTX *ctx;
+    long ret = 1;
+    char *p1, *p2;
+    int r, i, *ip;
+    int ibs, obs;
+
+    ctx = (BIO_F_BUFFER_CTX *)b->ptr;
+
+    switch (cmd) {
+    case BIO_CTRL_RESET:
+        ctx->ibuf_off = 0;
+        ctx->ibuf_len = 0;
+        ctx->obuf_off = 0;
+        ctx->obuf_len = 0;
+        if (b->next_bio == NULL)
+            return 0;
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    case BIO_CTRL_EOF:
+        if (ctx->ibuf_len > 0)
+            return 0;
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    case BIO_CTRL_INFO:
+        ret = (long)ctx->obuf_len;
+        break;
+    case BIO_C_GET_BUFF_NUM_LINES:
+        ret = 0;
+        p1 = ctx->ibuf;
+        for (i = 0; i < ctx->ibuf_len; i++) {
+            if (p1[ctx->ibuf_off + i] == '\n')
+                ret++;
+        }
+        break;
+    case BIO_CTRL_WPENDING:
+        ret = (long)ctx->obuf_len;
+        if (ret == 0) {
+            if (b->next_bio == NULL)
+                return 0;
+            ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        }
+        break;
+    case BIO_CTRL_PENDING:
+        ret = (long)ctx->ibuf_len;
+        if (ret == 0) {
+            if (b->next_bio == NULL)
+                return 0;
+            ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        }
+        break;
+    case BIO_C_SET_BUFF_READ_DATA:
+        if (num > ctx->ibuf_size) {
+            p1 = OPENSSL_malloc((int)num);
+            if (p1 == NULL)
+                goto malloc_error;
+            OPENSSL_free(ctx->ibuf);
+            ctx->ibuf = p1;
+        }
+        ctx->ibuf_off = 0;
+        ctx->ibuf_len = (int)num;
+        memcpy(ctx->ibuf, ptr, (int)num);
+        ret = 1;
+        break;
+    case BIO_C_SET_BUFF_SIZE:
+        if (ptr != NULL) {
+            ip = (int *)ptr;
+            if (*ip == 0) {
+                ibs = (int)num;
+                obs = ctx->obuf_size;
+            } else {            /* if (*ip == 1) */
+
+                ibs = ctx->ibuf_size;
+                obs = (int)num;
+            }
+        } else {
+            ibs = (int)num;
+            obs = (int)num;
+        }
+        p1 = ctx->ibuf;
+        p2 = ctx->obuf;
+        if ((ibs > DEFAULT_BUFFER_SIZE) && (ibs != ctx->ibuf_size)) {
+            p1 = OPENSSL_malloc((int)num);
+            if (p1 == NULL)
+                goto malloc_error;
+        }
+        if ((obs > DEFAULT_BUFFER_SIZE) && (obs != ctx->obuf_size)) {
+            p2 = OPENSSL_malloc((int)num);
+            if (p2 == NULL) {
+                if (p1 != ctx->ibuf)
+                    OPENSSL_free(p1);
+                goto malloc_error;
+            }
+        }
+        if (ctx->ibuf != p1) {
+            OPENSSL_free(ctx->ibuf);
+            ctx->ibuf = p1;
+            ctx->ibuf_off = 0;
+            ctx->ibuf_len = 0;
+            ctx->ibuf_size = ibs;
+        }
+        if (ctx->obuf != p2) {
+            OPENSSL_free(ctx->obuf);
+            ctx->obuf = p2;
+            ctx->obuf_off = 0;
+            ctx->obuf_len = 0;
+            ctx->obuf_size = obs;
+        }
+        break;
+    case BIO_C_DO_STATE_MACHINE:
+        if (b->next_bio == NULL)
+            return 0;
+        BIO_clear_retry_flags(b);
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        BIO_copy_next_retry(b);
+        break;
+
+    case BIO_CTRL_FLUSH:
+        if (b->next_bio == NULL)
+            return 0;
+        if (ctx->obuf_len <= 0) {
+            ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+            break;
+        }
+
+        for (;;) {
+            BIO_clear_retry_flags(b);
+            if (ctx->obuf_len > 0) {
+                r = BIO_write(b->next_bio,
+                              &(ctx->obuf[ctx->obuf_off]), ctx->obuf_len);
+                BIO_copy_next_retry(b);
+                if (r <= 0)
+                    return (long)r;
+                ctx->obuf_off += r;
+                ctx->obuf_len -= r;
+            } else {
+                ctx->obuf_len = 0;
+                ctx->obuf_off = 0;
+                break;
+            }
+        }
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    case BIO_CTRL_DUP:
+        dbio = (BIO *)ptr;
+        if (!BIO_set_read_buffer_size(dbio, ctx->ibuf_size) ||
+            !BIO_set_write_buffer_size(dbio, ctx->obuf_size))
+            ret = 0;
+        break;
+    case BIO_CTRL_PEEK:
+        /* Ensure there's stuff in the input buffer */
+        {
+            char fake_buf[1];
+            (void)buffer_read(b, fake_buf, 0);
+        }
+        if (num > ctx->ibuf_len)
+            num = ctx->ibuf_len;
+        memcpy(ptr, &(ctx->ibuf[ctx->ibuf_off]), num);
+        ret = num;
+        break;
+    default:
+        if (b->next_bio == NULL)
+            return 0;
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    }
+    return ret;
+ malloc_error:
+    BIOerr(BIO_F_BUFFER_CTRL, ERR_R_MALLOC_FAILURE);
+    return 0;
+}
+
+static long buffer_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
+{
+    long ret = 1;
+
+    if (b->next_bio == NULL)
+        return 0;
+    switch (cmd) {
+    default:
+        ret = BIO_callback_ctrl(b->next_bio, cmd, fp);
+        break;
+    }
+    return ret;
+}
+
+static int buffer_gets(BIO *b, char *buf, int size)
+{
+    BIO_F_BUFFER_CTX *ctx;
+    int num = 0, i, flag;
+    char *p;
+
+    ctx = (BIO_F_BUFFER_CTX *)b->ptr;
+    size--;                     /* reserve space for a '\0' */
+    BIO_clear_retry_flags(b);
+
+    for (;;) {
+        if (ctx->ibuf_len > 0) {
+            p = &(ctx->ibuf[ctx->ibuf_off]);
+            flag = 0;
+            for (i = 0; (i < ctx->ibuf_len) && (i < size); i++) {
+                *(buf++) = p[i];
+                if (p[i] == '\n') {
+                    flag = 1;
+                    i++;
+                    break;
+                }
+            }
+            num += i;
+            size -= i;
+            ctx->ibuf_len -= i;
+            ctx->ibuf_off += i;
+            if (flag || size == 0) {
+                *buf = '\0';
+                return num;
+            }
+        } else {                /* read another chunk */
+
+            i = BIO_read(b->next_bio, ctx->ibuf, ctx->ibuf_size);
+            if (i <= 0) {
+                BIO_copy_next_retry(b);
+                *buf = '\0';
+                if (i < 0)
+                    return ((num > 0) ? num : i);
+                if (i == 0)
+                    return num;
+            }
+            ctx->ibuf_len = i;
+            ctx->ibuf_off = 0;
+        }
+    }
+}
+
+static int buffer_puts(BIO *b, const char *str)
+{
+    return buffer_write(b, str, strlen(str));
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bf_lbuf.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bf_lbuf.c
new file mode 100644
index 000000000..194c7b8af
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bf_lbuf.c
@@ -0,0 +1,326 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "bio_lcl.h"
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+
+static int linebuffer_write(BIO *h, const char *buf, int num);
+static int linebuffer_read(BIO *h, char *buf, int size);
+static int linebuffer_puts(BIO *h, const char *str);
+static int linebuffer_gets(BIO *h, char *str, int size);
+static long linebuffer_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int linebuffer_new(BIO *h);
+static int linebuffer_free(BIO *data);
+static long linebuffer_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
+
+/* A 10k maximum should be enough for most purposes */
+#define DEFAULT_LINEBUFFER_SIZE 1024*10
+
+/* #define DEBUG */
+
+static const BIO_METHOD methods_linebuffer = {
+    BIO_TYPE_LINEBUFFER,
+    "linebuffer",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
+    linebuffer_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
+    linebuffer_read,
+    linebuffer_puts,
+    linebuffer_gets,
+    linebuffer_ctrl,
+    linebuffer_new,
+    linebuffer_free,
+    linebuffer_callback_ctrl,
+};
+
+const BIO_METHOD *BIO_f_linebuffer(void)
+{
+    return &methods_linebuffer;
+}
+
+typedef struct bio_linebuffer_ctx_struct {
+    char *obuf;                 /* the output char array */
+    int obuf_size;              /* how big is the output buffer */
+    int obuf_len;               /* how many bytes are in it */
+} BIO_LINEBUFFER_CTX;
+
+static int linebuffer_new(BIO *bi)
+{
+    BIO_LINEBUFFER_CTX *ctx;
+
+    if ((ctx = OPENSSL_malloc(sizeof(*ctx))) == NULL) {
+        BIOerr(BIO_F_LINEBUFFER_NEW, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ctx->obuf = OPENSSL_malloc(DEFAULT_LINEBUFFER_SIZE);
+    if (ctx->obuf == NULL) {
+        BIOerr(BIO_F_LINEBUFFER_NEW, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ctx);
+        return 0;
+    }
+    ctx->obuf_size = DEFAULT_LINEBUFFER_SIZE;
+    ctx->obuf_len = 0;
+
+    bi->init = 1;
+    bi->ptr = (char *)ctx;
+    bi->flags = 0;
+    return 1;
+}
+
+static int linebuffer_free(BIO *a)
+{
+    BIO_LINEBUFFER_CTX *b;
+
+    if (a == NULL)
+        return 0;
+    b = (BIO_LINEBUFFER_CTX *)a->ptr;
+    OPENSSL_free(b->obuf);
+    OPENSSL_free(a->ptr);
+    a->ptr = NULL;
+    a->init = 0;
+    a->flags = 0;
+    return 1;
+}
+
+static int linebuffer_read(BIO *b, char *out, int outl)
+{
+    int ret = 0;
+
+    if (out == NULL)
+        return 0;
+    if (b->next_bio == NULL)
+        return 0;
+    ret = BIO_read(b->next_bio, out, outl);
+    BIO_clear_retry_flags(b);
+    BIO_copy_next_retry(b);
+    return ret;
+}
+
+static int linebuffer_write(BIO *b, const char *in, int inl)
+{
+    int i, num = 0, foundnl;
+    BIO_LINEBUFFER_CTX *ctx;
+
+    if ((in == NULL) || (inl <= 0))
+        return 0;
+    ctx = (BIO_LINEBUFFER_CTX *)b->ptr;
+    if ((ctx == NULL) || (b->next_bio == NULL))
+        return 0;
+
+    BIO_clear_retry_flags(b);
+
+    do {
+        const char *p;
+        char c;
+
+        for (p = in, c = '\0'; p < in + inl && (c = *p) != '\n'; p++) ;
+        if (c == '\n') {
+            p++;
+            foundnl = 1;
+        } else
+            foundnl = 0;
+
+        /*
+         * If a NL was found and we already have text in the save buffer,
+         * concatenate them and write
+         */
+        while ((foundnl || p - in > ctx->obuf_size - ctx->obuf_len)
+               && ctx->obuf_len > 0) {
+            int orig_olen = ctx->obuf_len;
+
+            i = ctx->obuf_size - ctx->obuf_len;
+            if (p - in > 0) {
+                if (i >= p - in) {
+                    memcpy(&(ctx->obuf[ctx->obuf_len]), in, p - in);
+                    ctx->obuf_len += p - in;
+                    inl -= p - in;
+                    num += p - in;
+                    in = p;
+                } else {
+                    memcpy(&(ctx->obuf[ctx->obuf_len]), in, i);
+                    ctx->obuf_len += i;
+                    inl -= i;
+                    in += i;
+                    num += i;
+                }
+            }
+            i = BIO_write(b->next_bio, ctx->obuf, ctx->obuf_len);
+            if (i <= 0) {
+                ctx->obuf_len = orig_olen;
+                BIO_copy_next_retry(b);
+
+                if (i < 0)
+                    return ((num > 0) ? num : i);
+                if (i == 0)
+                    return num;
+            }
+            if (i < ctx->obuf_len)
+                memmove(ctx->obuf, ctx->obuf + i, ctx->obuf_len - i);
+            ctx->obuf_len -= i;
+        }
+
+        /*
+         * Now that the save buffer is emptied, let's write the input buffer
+         * if a NL was found and there is anything to write.
+         */
+        if ((foundnl || p - in > ctx->obuf_size) && p - in > 0) {
+            i = BIO_write(b->next_bio, in, p - in);
+            if (i <= 0) {
+                BIO_copy_next_retry(b);
+                if (i < 0)
+                    return ((num > 0) ? num : i);
+                if (i == 0)
+                    return num;
+            }
+            num += i;
+            in += i;
+            inl -= i;
+        }
+    }
+    while (foundnl && inl > 0);
+    /*
+     * We've written as much as we can.  The rest of the input buffer, if
+     * any, is text that doesn't and with a NL and therefore needs to be
+     * saved for the next trip.
+     */
+    if (inl > 0) {
+        memcpy(&(ctx->obuf[ctx->obuf_len]), in, inl);
+        ctx->obuf_len += inl;
+        num += inl;
+    }
+    return num;
+}
+
+static long linebuffer_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    BIO *dbio;
+    BIO_LINEBUFFER_CTX *ctx;
+    long ret = 1;
+    char *p;
+    int r;
+    int obs;
+
+    ctx = (BIO_LINEBUFFER_CTX *)b->ptr;
+
+    switch (cmd) {
+    case BIO_CTRL_RESET:
+        ctx->obuf_len = 0;
+        if (b->next_bio == NULL)
+            return 0;
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    case BIO_CTRL_INFO:
+        ret = (long)ctx->obuf_len;
+        break;
+    case BIO_CTRL_WPENDING:
+        ret = (long)ctx->obuf_len;
+        if (ret == 0) {
+            if (b->next_bio == NULL)
+                return 0;
+            ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        }
+        break;
+    case BIO_C_SET_BUFF_SIZE:
+        obs = (int)num;
+        p = ctx->obuf;
+        if ((obs > DEFAULT_LINEBUFFER_SIZE) && (obs != ctx->obuf_size)) {
+            p = OPENSSL_malloc((int)num);
+            if (p == NULL)
+                goto malloc_error;
+        }
+        if (ctx->obuf != p) {
+            if (ctx->obuf_len > obs) {
+                ctx->obuf_len = obs;
+            }
+            memcpy(p, ctx->obuf, ctx->obuf_len);
+            OPENSSL_free(ctx->obuf);
+            ctx->obuf = p;
+            ctx->obuf_size = obs;
+        }
+        break;
+    case BIO_C_DO_STATE_MACHINE:
+        if (b->next_bio == NULL)
+            return 0;
+        BIO_clear_retry_flags(b);
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        BIO_copy_next_retry(b);
+        break;
+
+    case BIO_CTRL_FLUSH:
+        if (b->next_bio == NULL)
+            return 0;
+        if (ctx->obuf_len <= 0) {
+            ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+            break;
+        }
+
+        for (;;) {
+            BIO_clear_retry_flags(b);
+            if (ctx->obuf_len > 0) {
+                r = BIO_write(b->next_bio, ctx->obuf, ctx->obuf_len);
+                BIO_copy_next_retry(b);
+                if (r <= 0)
+                    return (long)r;
+                if (r < ctx->obuf_len)
+                    memmove(ctx->obuf, ctx->obuf + r, ctx->obuf_len - r);
+                ctx->obuf_len -= r;
+            } else {
+                ctx->obuf_len = 0;
+                break;
+            }
+        }
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    case BIO_CTRL_DUP:
+        dbio = (BIO *)ptr;
+        if (!BIO_set_write_buffer_size(dbio, ctx->obuf_size))
+            ret = 0;
+        break;
+    default:
+        if (b->next_bio == NULL)
+            return 0;
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    }
+    return ret;
+ malloc_error:
+    BIOerr(BIO_F_LINEBUFFER_CTRL, ERR_R_MALLOC_FAILURE);
+    return 0;
+}
+
+static long linebuffer_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
+{
+    long ret = 1;
+
+    if (b->next_bio == NULL)
+        return 0;
+    switch (cmd) {
+    default:
+        ret = BIO_callback_ctrl(b->next_bio, cmd, fp);
+        break;
+    }
+    return ret;
+}
+
+static int linebuffer_gets(BIO *b, char *buf, int size)
+{
+    if (b->next_bio == NULL)
+        return 0;
+    return BIO_gets(b->next_bio, buf, size);
+}
+
+static int linebuffer_puts(BIO *b, const char *str)
+{
+    return linebuffer_write(b, str, strlen(str));
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bf_nbio.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bf_nbio.c
new file mode 100644
index 000000000..4bc84eeba
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bf_nbio.c
@@ -0,0 +1,200 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "bio_lcl.h"
+#include "internal/cryptlib.h"
+#include <openssl/rand.h>
+
+/*
+ * BIO_put and BIO_get both add to the digest, BIO_gets returns the digest
+ */
+
+static int nbiof_write(BIO *h, const char *buf, int num);
+static int nbiof_read(BIO *h, char *buf, int size);
+static int nbiof_puts(BIO *h, const char *str);
+static int nbiof_gets(BIO *h, char *str, int size);
+static long nbiof_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int nbiof_new(BIO *h);
+static int nbiof_free(BIO *data);
+static long nbiof_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
+typedef struct nbio_test_st {
+    /* only set if we sent a 'should retry' error */
+    int lrn;
+    int lwn;
+} NBIO_TEST;
+
+static const BIO_METHOD methods_nbiof = {
+    BIO_TYPE_NBIO_TEST,
+    "non-blocking IO test filter",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
+    nbiof_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
+    nbiof_read,
+    nbiof_puts,
+    nbiof_gets,
+    nbiof_ctrl,
+    nbiof_new,
+    nbiof_free,
+    nbiof_callback_ctrl,
+};
+
+const BIO_METHOD *BIO_f_nbio_test(void)
+{
+    return &methods_nbiof;
+}
+
+static int nbiof_new(BIO *bi)
+{
+    NBIO_TEST *nt;
+
+    if ((nt = OPENSSL_zalloc(sizeof(*nt))) == NULL) {
+        BIOerr(BIO_F_NBIOF_NEW, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    nt->lrn = -1;
+    nt->lwn = -1;
+    bi->ptr = (char *)nt;
+    bi->init = 1;
+    return 1;
+}
+
+static int nbiof_free(BIO *a)
+{
+    if (a == NULL)
+        return 0;
+    OPENSSL_free(a->ptr);
+    a->ptr = NULL;
+    a->init = 0;
+    a->flags = 0;
+    return 1;
+}
+
+static int nbiof_read(BIO *b, char *out, int outl)
+{
+    int ret = 0;
+    int num;
+    unsigned char n;
+
+    if (out == NULL)
+        return 0;
+    if (b->next_bio == NULL)
+        return 0;
+
+    BIO_clear_retry_flags(b);
+    if (RAND_priv_bytes(&n, 1) <= 0)
+        return -1;
+    num = (n & 0x07);
+
+    if (outl > num)
+        outl = num;
+
+    if (num == 0) {
+        ret = -1;
+        BIO_set_retry_read(b);
+    } else {
+        ret = BIO_read(b->next_bio, out, outl);
+        if (ret < 0)
+            BIO_copy_next_retry(b);
+    }
+    return ret;
+}
+
+static int nbiof_write(BIO *b, const char *in, int inl)
+{
+    NBIO_TEST *nt;
+    int ret = 0;
+    int num;
+    unsigned char n;
+
+    if ((in == NULL) || (inl <= 0))
+        return 0;
+    if (b->next_bio == NULL)
+        return 0;
+    nt = (NBIO_TEST *)b->ptr;
+
+    BIO_clear_retry_flags(b);
+
+    if (nt->lwn > 0) {
+        num = nt->lwn;
+        nt->lwn = 0;
+    } else {
+        if (RAND_priv_bytes(&n, 1) <= 0)
+            return -1;
+        num = (n & 7);
+    }
+
+    if (inl > num)
+        inl = num;
+
+    if (num == 0) {
+        ret = -1;
+        BIO_set_retry_write(b);
+    } else {
+        ret = BIO_write(b->next_bio, in, inl);
+        if (ret < 0) {
+            BIO_copy_next_retry(b);
+            nt->lwn = inl;
+        }
+    }
+    return ret;
+}
+
+static long nbiof_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    long ret;
+
+    if (b->next_bio == NULL)
+        return 0;
+    switch (cmd) {
+    case BIO_C_DO_STATE_MACHINE:
+        BIO_clear_retry_flags(b);
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        BIO_copy_next_retry(b);
+        break;
+    case BIO_CTRL_DUP:
+        ret = 0L;
+        break;
+    default:
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    }
+    return ret;
+}
+
+static long nbiof_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
+{
+    long ret = 1;
+
+    if (b->next_bio == NULL)
+        return 0;
+    switch (cmd) {
+    default:
+        ret = BIO_callback_ctrl(b->next_bio, cmd, fp);
+        break;
+    }
+    return ret;
+}
+
+static int nbiof_gets(BIO *bp, char *buf, int size)
+{
+    if (bp->next_bio == NULL)
+        return 0;
+    return BIO_gets(bp->next_bio, buf, size);
+}
+
+static int nbiof_puts(BIO *bp, const char *str)
+{
+    if (bp->next_bio == NULL)
+        return 0;
+    return BIO_puts(bp->next_bio, str);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bf_null.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bf_null.c
new file mode 100644
index 000000000..613fb2e05
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bf_null.c
@@ -0,0 +1,122 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "bio_lcl.h"
+#include "internal/cryptlib.h"
+
+/*
+ * BIO_put and BIO_get both add to the digest, BIO_gets returns the digest
+ */
+
+static int nullf_write(BIO *h, const char *buf, int num);
+static int nullf_read(BIO *h, char *buf, int size);
+static int nullf_puts(BIO *h, const char *str);
+static int nullf_gets(BIO *h, char *str, int size);
+static long nullf_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static long nullf_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
+static const BIO_METHOD methods_nullf = {
+    BIO_TYPE_NULL_FILTER,
+    "NULL filter",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
+    nullf_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
+    nullf_read,
+    nullf_puts,
+    nullf_gets,
+    nullf_ctrl,
+    NULL,
+    NULL,
+    nullf_callback_ctrl,
+};
+
+const BIO_METHOD *BIO_f_null(void)
+{
+    return &methods_nullf;
+}
+
+static int nullf_read(BIO *b, char *out, int outl)
+{
+    int ret = 0;
+
+    if (out == NULL)
+        return 0;
+    if (b->next_bio == NULL)
+        return 0;
+    ret = BIO_read(b->next_bio, out, outl);
+    BIO_clear_retry_flags(b);
+    BIO_copy_next_retry(b);
+    return ret;
+}
+
+static int nullf_write(BIO *b, const char *in, int inl)
+{
+    int ret = 0;
+
+    if ((in == NULL) || (inl <= 0))
+        return 0;
+    if (b->next_bio == NULL)
+        return 0;
+    ret = BIO_write(b->next_bio, in, inl);
+    BIO_clear_retry_flags(b);
+    BIO_copy_next_retry(b);
+    return ret;
+}
+
+static long nullf_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    long ret;
+
+    if (b->next_bio == NULL)
+        return 0;
+    switch (cmd) {
+    case BIO_C_DO_STATE_MACHINE:
+        BIO_clear_retry_flags(b);
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        BIO_copy_next_retry(b);
+        break;
+    case BIO_CTRL_DUP:
+        ret = 0L;
+        break;
+    default:
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+    }
+    return ret;
+}
+
+static long nullf_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
+{
+    long ret = 1;
+
+    if (b->next_bio == NULL)
+        return 0;
+    switch (cmd) {
+    default:
+        ret = BIO_callback_ctrl(b->next_bio, cmd, fp);
+        break;
+    }
+    return ret;
+}
+
+static int nullf_gets(BIO *bp, char *buf, int size)
+{
+    if (bp->next_bio == NULL)
+        return 0;
+    return BIO_gets(bp->next_bio, buf, size);
+}
+
+static int nullf_puts(BIO *bp, const char *str)
+{
+    if (bp->next_bio == NULL)
+        return 0;
+    return BIO_puts(bp->next_bio, str);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bio_cb.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bio_cb.c
new file mode 100644
index 000000000..1154c233a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bio_cb.c
@@ -0,0 +1,98 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "bio_lcl.h"
+#include "internal/cryptlib.h"
+#include <openssl/err.h>
+
+long BIO_debug_callback(BIO *bio, int cmd, const char *argp,
+                        int argi, long argl, long ret)
+{
+    BIO *b;
+    char buf[256];
+    char *p;
+    long r = 1;
+    int len, left;
+
+    if (BIO_CB_RETURN & cmd)
+        r = ret;
+
+    len = BIO_snprintf(buf, sizeof(buf), "BIO[%p]: ", (void *)bio);
+
+    /* Ignore errors and continue printing the other information. */
+    if (len < 0)
+        len = 0;
+    p = buf + len;
+    left = sizeof(buf) - len;
+
+    switch (cmd) {
+    case BIO_CB_FREE:
+        BIO_snprintf(p, left, "Free - %s\n", bio->method->name);
+        break;
+    case BIO_CB_READ:
+        if (bio->method->type & BIO_TYPE_DESCRIPTOR)
+            BIO_snprintf(p, left, "read(%d,%lu) - %s fd=%d\n",
+                         bio->num, (unsigned long)argi,
+                         bio->method->name, bio->num);
+        else
+            BIO_snprintf(p, left, "read(%d,%lu) - %s\n",
+                    bio->num, (unsigned long)argi, bio->method->name);
+        break;
+    case BIO_CB_WRITE:
+        if (bio->method->type & BIO_TYPE_DESCRIPTOR)
+            BIO_snprintf(p, left, "write(%d,%lu) - %s fd=%d\n",
+                         bio->num, (unsigned long)argi,
+                         bio->method->name, bio->num);
+        else
+            BIO_snprintf(p, left, "write(%d,%lu) - %s\n",
+                         bio->num, (unsigned long)argi, bio->method->name);
+        break;
+    case BIO_CB_PUTS:
+        BIO_snprintf(p, left, "puts() - %s\n", bio->method->name);
+        break;
+    case BIO_CB_GETS:
+        BIO_snprintf(p, left, "gets(%lu) - %s\n", (unsigned long)argi,
+                     bio->method->name);
+        break;
+    case BIO_CB_CTRL:
+        BIO_snprintf(p, left, "ctrl(%lu) - %s\n", (unsigned long)argi,
+                     bio->method->name);
+        break;
+    case BIO_CB_RETURN | BIO_CB_READ:
+        BIO_snprintf(p, left, "read return %ld\n", ret);
+        break;
+    case BIO_CB_RETURN | BIO_CB_WRITE:
+        BIO_snprintf(p, left, "write return %ld\n", ret);
+        break;
+    case BIO_CB_RETURN | BIO_CB_GETS:
+        BIO_snprintf(p, left, "gets return %ld\n", ret);
+        break;
+    case BIO_CB_RETURN | BIO_CB_PUTS:
+        BIO_snprintf(p, left, "puts return %ld\n", ret);
+        break;
+    case BIO_CB_RETURN | BIO_CB_CTRL:
+        BIO_snprintf(p, left, "ctrl return %ld\n", ret);
+        break;
+    default:
+        BIO_snprintf(p, left, "bio callback - unknown type (%d)\n", cmd);
+        break;
+    }
+
+    b = (BIO *)bio->cb_arg;
+    if (b != NULL)
+        BIO_write(b, buf, strlen(buf));
+#if !defined(OPENSSL_NO_STDIO)
+    else
+        fputs(buf, stderr);
+#endif
+    return r;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bio_err.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bio_err.c
new file mode 100644
index 000000000..7aa9dabb2
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bio_err.c
@@ -0,0 +1,145 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/bioerr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA BIO_str_functs[] = {
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_ACPT_STATE, 0), "acpt_state"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_ADDRINFO_WRAP, 0), "addrinfo_wrap"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_ADDR_STRINGS, 0), "addr_strings"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_ACCEPT, 0), "BIO_accept"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_ACCEPT_EX, 0), "BIO_accept_ex"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_ACCEPT_NEW, 0), "BIO_ACCEPT_new"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_ADDR_NEW, 0), "BIO_ADDR_new"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_BIND, 0), "BIO_bind"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_CALLBACK_CTRL, 0), "BIO_callback_ctrl"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_CONNECT, 0), "BIO_connect"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_CONNECT_NEW, 0), "BIO_CONNECT_new"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_CTRL, 0), "BIO_ctrl"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_GETS, 0), "BIO_gets"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_GET_HOST_IP, 0), "BIO_get_host_ip"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_GET_NEW_INDEX, 0), "BIO_get_new_index"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_GET_PORT, 0), "BIO_get_port"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_LISTEN, 0), "BIO_listen"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_LOOKUP, 0), "BIO_lookup"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_LOOKUP_EX, 0), "BIO_lookup_ex"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_MAKE_PAIR, 0), "bio_make_pair"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_METH_NEW, 0), "BIO_meth_new"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_NEW, 0), "BIO_new"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_NEW_DGRAM_SCTP, 0), "BIO_new_dgram_sctp"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_NEW_FILE, 0), "BIO_new_file"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_NEW_MEM_BUF, 0), "BIO_new_mem_buf"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_NREAD, 0), "BIO_nread"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_NREAD0, 0), "BIO_nread0"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_NWRITE, 0), "BIO_nwrite"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_NWRITE0, 0), "BIO_nwrite0"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_PARSE_HOSTSERV, 0), "BIO_parse_hostserv"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_PUTS, 0), "BIO_puts"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_READ, 0), "BIO_read"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_READ_EX, 0), "BIO_read_ex"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_READ_INTERN, 0), "bio_read_intern"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_SOCKET, 0), "BIO_socket"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_SOCKET_NBIO, 0), "BIO_socket_nbio"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_SOCK_INFO, 0), "BIO_sock_info"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_SOCK_INIT, 0), "BIO_sock_init"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_WRITE, 0), "BIO_write"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_WRITE_EX, 0), "BIO_write_ex"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_WRITE_INTERN, 0), "bio_write_intern"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BUFFER_CTRL, 0), "buffer_ctrl"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_CONN_CTRL, 0), "conn_ctrl"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_CONN_STATE, 0), "conn_state"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_DGRAM_SCTP_NEW, 0), "dgram_sctp_new"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_DGRAM_SCTP_READ, 0), "dgram_sctp_read"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_DGRAM_SCTP_WRITE, 0), "dgram_sctp_write"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_DOAPR_OUTCH, 0), "doapr_outch"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_FILE_CTRL, 0), "file_ctrl"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_FILE_READ, 0), "file_read"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_LINEBUFFER_CTRL, 0), "linebuffer_ctrl"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_LINEBUFFER_NEW, 0), "linebuffer_new"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_MEM_WRITE, 0), "mem_write"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_NBIOF_NEW, 0), "nbiof_new"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_SLG_WRITE, 0), "slg_write"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_SSL_NEW, 0), "SSL_new"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA BIO_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_ACCEPT_ERROR), "accept error"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_ADDRINFO_ADDR_IS_NOT_AF_INET),
+    "addrinfo addr is not af inet"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_AMBIGUOUS_HOST_OR_SERVICE),
+    "ambiguous host or service"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_BAD_FOPEN_MODE), "bad fopen mode"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_BROKEN_PIPE), "broken pipe"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_CONNECT_ERROR), "connect error"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET),
+    "gethostbyname addr is not af inet"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_GETSOCKNAME_ERROR), "getsockname error"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_GETSOCKNAME_TRUNCATED_ADDRESS),
+    "getsockname truncated address"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_GETTING_SOCKTYPE), "getting socktype"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_INVALID_ARGUMENT), "invalid argument"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_INVALID_SOCKET), "invalid socket"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_IN_USE), "in use"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_LENGTH_TOO_LONG), "length too long"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_LISTEN_V6_ONLY), "listen v6 only"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_LOOKUP_RETURNED_NOTHING),
+    "lookup returned nothing"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_MALFORMED_HOST_OR_SERVICE),
+    "malformed host or service"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NBIO_CONNECT_ERROR), "nbio connect error"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED),
+    "no accept addr or service specified"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED),
+    "no hostname or service specified"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NO_PORT_DEFINED), "no port defined"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NO_SUCH_FILE), "no such file"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NULL_PARAMETER), "null parameter"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNABLE_TO_BIND_SOCKET),
+    "unable to bind socket"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNABLE_TO_CREATE_SOCKET),
+    "unable to create socket"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNABLE_TO_KEEPALIVE),
+    "unable to keepalive"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNABLE_TO_LISTEN_SOCKET),
+    "unable to listen socket"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNABLE_TO_NODELAY), "unable to nodelay"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNABLE_TO_REUSEADDR),
+    "unable to reuseaddr"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNAVAILABLE_IP_FAMILY),
+    "unavailable ip family"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNINITIALIZED), "uninitialized"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNKNOWN_INFO_TYPE), "unknown info type"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNSUPPORTED_IP_FAMILY),
+    "unsupported ip family"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNSUPPORTED_METHOD), "unsupported method"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNSUPPORTED_PROTOCOL_FAMILY),
+    "unsupported protocol family"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_WRITE_TO_READ_ONLY_BIO),
+    "write to read only BIO"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_WSASTARTUP), "WSAStartup"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_BIO_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(BIO_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(BIO_str_functs);
+        ERR_load_strings_const(BIO_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bio_lcl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bio_lcl.h
new file mode 100644
index 000000000..e2c05a20d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bio_lcl.h
@@ -0,0 +1,190 @@
+/*
+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include "internal/sockets.h"
+#include "internal/refcount.h"
+
+/* BEGIN BIO_ADDRINFO/BIO_ADDR stuff. */
+
+#ifndef OPENSSL_NO_SOCK
+/*
+ * Throughout this file and b_addr.c, the existence of the macro
+ * AI_PASSIVE is used to detect the availability of struct addrinfo,
+ * getnameinfo() and getaddrinfo().  If that macro doesn't exist,
+ * we use our own implementation instead.
+ */
+
+/*
+ * It's imperative that these macros get defined before openssl/bio.h gets
+ * included.  Otherwise, the AI_PASSIVE hack will not work properly.
+ * For clarity, we check for internal/cryptlib.h since it's a common header
+ * that also includes bio.h.
+ */
+# ifdef HEADER_CRYPTLIB_H
+#  error internal/cryptlib.h included before bio_lcl.h
+# endif
+# ifdef HEADER_BIO_H
+#  error openssl/bio.h included before bio_lcl.h
+# endif
+
+/*
+ * Undefine AF_UNIX on systems that define it but don't support it.
+ */
+# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_VMS)
+#  undef AF_UNIX
+# endif
+
+# ifdef AI_PASSIVE
+
+/*
+ * There's a bug in VMS C header file netdb.h, where struct addrinfo
+ * always is the P32 variant, but the functions that handle that structure,
+ * such as getaddrinfo() and freeaddrinfo() adapt to the initial pointer
+ * size.  The easiest workaround is to force struct addrinfo to be the
+ * 64-bit variant when compiling in P64 mode.
+ */
+#  if defined(OPENSSL_SYS_VMS) && __INITIAL_POINTER_SIZE == 64
+#   define addrinfo __addrinfo64
+#  endif
+
+#  define bio_addrinfo_st addrinfo
+#  define bai_family      ai_family
+#  define bai_socktype    ai_socktype
+#  define bai_protocol    ai_protocol
+#  define bai_addrlen     ai_addrlen
+#  define bai_addr        ai_addr
+#  define bai_next        ai_next
+# else
+struct bio_addrinfo_st {
+    int bai_family;
+    int bai_socktype;
+    int bai_protocol;
+    size_t bai_addrlen;
+    struct sockaddr *bai_addr;
+    struct bio_addrinfo_st *bai_next;
+};
+# endif
+
+union bio_addr_st {
+    struct sockaddr sa;
+# ifdef AF_INET6
+    struct sockaddr_in6 s_in6;
+# endif
+    struct sockaddr_in s_in;
+# ifdef AF_UNIX
+    struct sockaddr_un s_un;
+# endif
+};
+#endif
+
+/* END BIO_ADDRINFO/BIO_ADDR stuff. */
+
+#include "internal/cryptlib.h"
+#include "internal/bio.h"
+
+typedef struct bio_f_buffer_ctx_struct {
+    /*-
+     * Buffers are setup like this:
+     *
+     * <---------------------- size ----------------------->
+     * +---------------------------------------------------+
+     * | consumed | remaining          | free space        |
+     * +---------------------------------------------------+
+     * <-- off --><------- len ------->
+     */
+    /*- BIO *bio; *//*
+     * this is now in the BIO struct
+     */
+    int ibuf_size;              /* how big is the input buffer */
+    int obuf_size;              /* how big is the output buffer */
+    char *ibuf;                 /* the char array */
+    int ibuf_len;               /* how many bytes are in it */
+    int ibuf_off;               /* write/read offset */
+    char *obuf;                 /* the char array */
+    int obuf_len;               /* how many bytes are in it */
+    int obuf_off;               /* write/read offset */
+} BIO_F_BUFFER_CTX;
+
+struct bio_st {
+    const BIO_METHOD *method;
+    /* bio, mode, argp, argi, argl, ret */
+    BIO_callback_fn callback;
+    BIO_callback_fn_ex callback_ex;
+    char *cb_arg;               /* first argument for the callback */
+    int init;
+    int shutdown;
+    int flags;                  /* extra storage */
+    int retry_reason;
+    int num;
+    void *ptr;
+    struct bio_st *next_bio;    /* used by filter BIOs */
+    struct bio_st *prev_bio;    /* used by filter BIOs */
+    CRYPTO_REF_COUNT references;
+    uint64_t num_read;
+    uint64_t num_write;
+    CRYPTO_EX_DATA ex_data;
+    CRYPTO_RWLOCK *lock;
+};
+
+#ifndef OPENSSL_NO_SOCK
+# ifdef OPENSSL_SYS_VMS
+typedef unsigned int socklen_t;
+# endif
+
+extern CRYPTO_RWLOCK *bio_lookup_lock;
+
+int BIO_ADDR_make(BIO_ADDR *ap, const struct sockaddr *sa);
+const struct sockaddr *BIO_ADDR_sockaddr(const BIO_ADDR *ap);
+struct sockaddr *BIO_ADDR_sockaddr_noconst(BIO_ADDR *ap);
+socklen_t BIO_ADDR_sockaddr_size(const BIO_ADDR *ap);
+socklen_t BIO_ADDRINFO_sockaddr_size(const BIO_ADDRINFO *bai);
+const struct sockaddr *BIO_ADDRINFO_sockaddr(const BIO_ADDRINFO *bai);
+#endif
+
+extern CRYPTO_RWLOCK *bio_type_lock;
+
+void bio_sock_cleanup_int(void);
+
+#if BIO_FLAGS_UPLINK==0
+/* Shortcut UPLINK calls on most platforms... */
+# define UP_stdin        stdin
+# define UP_stdout       stdout
+# define UP_stderr       stderr
+# define UP_fprintf      fprintf
+# define UP_fgets        fgets
+# define UP_fread        fread
+# define UP_fwrite       fwrite
+# undef  UP_fsetmod
+# define UP_feof         feof
+# define UP_fclose       fclose
+
+# define UP_fopen        fopen
+# define UP_fseek        fseek
+# define UP_ftell        ftell
+# define UP_fflush       fflush
+# define UP_ferror       ferror
+# ifdef _WIN32
+#  define UP_fileno       _fileno
+#  define UP_open         _open
+#  define UP_read         _read
+#  define UP_write        _write
+#  define UP_lseek        _lseek
+#  define UP_close        _close
+# else
+#  define UP_fileno       fileno
+#  define UP_open         open
+#  define UP_read         read
+#  define UP_write        write
+#  define UP_lseek        lseek
+#  define UP_close        close
+# endif
+
+#endif
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bio_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bio_lib.c
new file mode 100644
index 000000000..ca375b911
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bio_lib.c
@@ -0,0 +1,786 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include <openssl/crypto.h>
+#include "bio_lcl.h"
+#include "internal/cryptlib.h"
+
+
+/*
+ * Helper macro for the callback to determine whether an operator expects a
+ * len parameter or not
+ */
+#define HAS_LEN_OPER(o)        ((o) == BIO_CB_READ || (o) == BIO_CB_WRITE || \
+                                (o) == BIO_CB_GETS)
+
+/*
+ * Helper function to work out whether to call the new style callback or the old
+ * one, and translate between the two.
+ *
+ * This has a long return type for consistency with the old callback. Similarly
+ * for the "long" used for "inret"
+ */
+static long bio_call_callback(BIO *b, int oper, const char *argp, size_t len,
+                              int argi, long argl, long inret, size_t *processed)
+{
+    long ret;
+    int bareoper;
+
+    if (b->callback_ex != NULL)
+        return b->callback_ex(b, oper, argp, len, argi, argl, inret, processed);
+
+    /* Strip off any BIO_CB_RETURN flag */
+    bareoper = oper & ~BIO_CB_RETURN;
+
+    /*
+     * We have an old style callback, so we will have to do nasty casts and
+     * check for overflows.
+     */
+    if (HAS_LEN_OPER(bareoper)) {
+        /* In this case |len| is set, and should be used instead of |argi| */
+        if (len > INT_MAX)
+            return -1;
+
+        argi = (int)len;
+    }
+
+    if (inret > 0 && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) {
+        if (*processed > INT_MAX)
+            return -1;
+        inret = *processed;
+    }
+
+    ret = b->callback(b, oper, argp, argi, argl, inret);
+
+    if (ret > 0 && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) {
+        *processed = (size_t)ret;
+        ret = 1;
+    }
+
+    return ret;
+}
+
+BIO *BIO_new(const BIO_METHOD *method)
+{
+    BIO *bio = OPENSSL_zalloc(sizeof(*bio));
+
+    if (bio == NULL) {
+        BIOerr(BIO_F_BIO_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    bio->method = method;
+    bio->shutdown = 1;
+    bio->references = 1;
+
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data))
+        goto err;
+
+    bio->lock = CRYPTO_THREAD_lock_new();
+    if (bio->lock == NULL) {
+        BIOerr(BIO_F_BIO_NEW, ERR_R_MALLOC_FAILURE);
+        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data);
+        goto err;
+    }
+
+    if (method->create != NULL && !method->create(bio)) {
+        BIOerr(BIO_F_BIO_NEW, ERR_R_INIT_FAIL);
+        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data);
+        CRYPTO_THREAD_lock_free(bio->lock);
+        goto err;
+    }
+    if (method->create == NULL)
+        bio->init = 1;
+
+    return bio;
+
+err:
+    OPENSSL_free(bio);
+    return NULL;
+}
+
+int BIO_free(BIO *a)
+{
+    int ret;
+
+    if (a == NULL)
+        return 0;
+
+    if (CRYPTO_DOWN_REF(&a->references, &ret, a->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("BIO", a);
+    if (ret > 0)
+        return 1;
+    REF_ASSERT_ISNT(ret < 0);
+
+    if (a->callback != NULL || a->callback_ex != NULL) {
+        ret = (int)bio_call_callback(a, BIO_CB_FREE, NULL, 0, 0, 0L, 1L, NULL);
+        if (ret <= 0)
+            return ret;
+    }
+
+    if ((a->method != NULL) && (a->method->destroy != NULL))
+        a->method->destroy(a);
+
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data);
+
+    CRYPTO_THREAD_lock_free(a->lock);
+
+    OPENSSL_free(a);
+
+    return 1;
+}
+
+void BIO_set_data(BIO *a, void *ptr)
+{
+    a->ptr = ptr;
+}
+
+void *BIO_get_data(BIO *a)
+{
+    return a->ptr;
+}
+
+void BIO_set_init(BIO *a, int init)
+{
+    a->init = init;
+}
+
+int BIO_get_init(BIO *a)
+{
+    return a->init;
+}
+
+void BIO_set_shutdown(BIO *a, int shut)
+{
+    a->shutdown = shut;
+}
+
+int BIO_get_shutdown(BIO *a)
+{
+    return a->shutdown;
+}
+
+void BIO_vfree(BIO *a)
+{
+    BIO_free(a);
+}
+
+int BIO_up_ref(BIO *a)
+{
+    int i;
+
+    if (CRYPTO_UP_REF(&a->references, &i, a->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("BIO", a);
+    REF_ASSERT_ISNT(i < 2);
+    return ((i > 1) ? 1 : 0);
+}
+
+void BIO_clear_flags(BIO *b, int flags)
+{
+    b->flags &= ~flags;
+}
+
+int BIO_test_flags(const BIO *b, int flags)
+{
+    return (b->flags & flags);
+}
+
+void BIO_set_flags(BIO *b, int flags)
+{
+    b->flags |= flags;
+}
+
+BIO_callback_fn BIO_get_callback(const BIO *b)
+{
+    return b->callback;
+}
+
+void BIO_set_callback(BIO *b, BIO_callback_fn cb)
+{
+    b->callback = cb;
+}
+
+BIO_callback_fn_ex BIO_get_callback_ex(const BIO *b)
+{
+    return b->callback_ex;
+}
+
+void BIO_set_callback_ex(BIO *b, BIO_callback_fn_ex cb)
+{
+    b->callback_ex = cb;
+}
+
+void BIO_set_callback_arg(BIO *b, char *arg)
+{
+    b->cb_arg = arg;
+}
+
+char *BIO_get_callback_arg(const BIO *b)
+{
+    return b->cb_arg;
+}
+
+const char *BIO_method_name(const BIO *b)
+{
+    return b->method->name;
+}
+
+int BIO_method_type(const BIO *b)
+{
+    return b->method->type;
+}
+
+/*
+ * This is essentially the same as BIO_read_ex() except that it allows
+ * 0 or a negative value to indicate failure (retryable or not) in the return.
+ * This is for compatibility with the old style BIO_read(), where existing code
+ * may make assumptions about the return value that it might get.
+ */
+static int bio_read_intern(BIO *b, void *data, size_t dlen, size_t *readbytes)
+{
+    int ret;
+
+    if ((b == NULL) || (b->method == NULL) || (b->method->bread == NULL)) {
+        BIOerr(BIO_F_BIO_READ_INTERN, BIO_R_UNSUPPORTED_METHOD);
+        return -2;
+    }
+
+    if ((b->callback != NULL || b->callback_ex != NULL) &&
+        ((ret = (int)bio_call_callback(b, BIO_CB_READ, data, dlen, 0, 0L, 1L,
+                                       NULL)) <= 0))
+        return ret;
+
+    if (!b->init) {
+        BIOerr(BIO_F_BIO_READ_INTERN, BIO_R_UNINITIALIZED);
+        return -2;
+    }
+
+    ret = b->method->bread(b, data, dlen, readbytes);
+
+    if (ret > 0)
+        b->num_read += (uint64_t)*readbytes;
+
+    if (b->callback != NULL || b->callback_ex != NULL)
+        ret = (int)bio_call_callback(b, BIO_CB_READ | BIO_CB_RETURN, data,
+                                     dlen, 0, 0L, ret, readbytes);
+
+    /* Shouldn't happen */
+    if (ret > 0 && *readbytes > dlen) {
+        BIOerr(BIO_F_BIO_READ_INTERN, ERR_R_INTERNAL_ERROR);
+        return -1;
+    }
+
+    return ret;
+}
+
+int BIO_read(BIO *b, void *data, int dlen)
+{
+    size_t readbytes;
+    int ret;
+
+    if (dlen < 0)
+        return 0;
+
+    ret = bio_read_intern(b, data, (size_t)dlen, &readbytes);
+
+    if (ret > 0) {
+        /* *readbytes should always be <= dlen */
+        ret = (int)readbytes;
+    }
+
+    return ret;
+}
+
+int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes)
+{
+    int ret;
+
+    ret = bio_read_intern(b, data, dlen, readbytes);
+
+    if (ret > 0)
+        ret = 1;
+    else
+        ret = 0;
+
+    return ret;
+}
+
+static int bio_write_intern(BIO *b, const void *data, size_t dlen,
+                            size_t *written)
+{
+    int ret;
+
+    if (b == NULL)
+        return 0;
+
+    if ((b->method == NULL) || (b->method->bwrite == NULL)) {
+        BIOerr(BIO_F_BIO_WRITE_INTERN, BIO_R_UNSUPPORTED_METHOD);
+        return -2;
+    }
+
+    if ((b->callback != NULL || b->callback_ex != NULL) &&
+        ((ret = (int)bio_call_callback(b, BIO_CB_WRITE, data, dlen, 0, 0L, 1L,
+                                       NULL)) <= 0))
+        return ret;
+
+    if (!b->init) {
+        BIOerr(BIO_F_BIO_WRITE_INTERN, BIO_R_UNINITIALIZED);
+        return -2;
+    }
+
+    ret = b->method->bwrite(b, data, dlen, written);
+
+    if (ret > 0)
+        b->num_write += (uint64_t)*written;
+
+    if (b->callback != NULL || b->callback_ex != NULL)
+        ret = (int)bio_call_callback(b, BIO_CB_WRITE | BIO_CB_RETURN, data,
+                                     dlen, 0, 0L, ret, written);
+
+    return ret;
+}
+
+int BIO_write(BIO *b, const void *data, int dlen)
+{
+    size_t written;
+    int ret;
+
+    if (dlen < 0)
+        return 0;
+
+    ret = bio_write_intern(b, data, (size_t)dlen, &written);
+
+    if (ret > 0) {
+        /* *written should always be <= dlen */
+        ret = (int)written;
+    }
+
+    return ret;
+}
+
+int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written)
+{
+    int ret;
+
+    ret = bio_write_intern(b, data, dlen, written);
+
+    if (ret > 0)
+        ret = 1;
+    else
+        ret = 0;
+
+    return ret;
+}
+
+int BIO_puts(BIO *b, const char *buf)
+{
+    int ret;
+    size_t written = 0;
+
+    if ((b == NULL) || (b->method == NULL) || (b->method->bputs == NULL)) {
+        BIOerr(BIO_F_BIO_PUTS, BIO_R_UNSUPPORTED_METHOD);
+        return -2;
+    }
+
+    if (b->callback != NULL || b->callback_ex != NULL) {
+        ret = (int)bio_call_callback(b, BIO_CB_PUTS, buf, 0, 0, 0L, 1L, NULL);
+        if (ret <= 0)
+            return ret;
+    }
+
+    if (!b->init) {
+        BIOerr(BIO_F_BIO_PUTS, BIO_R_UNINITIALIZED);
+        return -2;
+    }
+
+    ret = b->method->bputs(b, buf);
+
+    if (ret > 0) {
+        b->num_write += (uint64_t)ret;
+        written = ret;
+        ret = 1;
+    }
+
+    if (b->callback != NULL || b->callback_ex != NULL)
+        ret = (int)bio_call_callback(b, BIO_CB_PUTS | BIO_CB_RETURN, buf, 0, 0,
+                                     0L, ret, &written);
+
+    if (ret > 0) {
+        if (written > INT_MAX) {
+            BIOerr(BIO_F_BIO_PUTS, BIO_R_LENGTH_TOO_LONG);
+            ret = -1;
+        } else {
+            ret = (int)written;
+        }
+    }
+
+    return ret;
+}
+
+int BIO_gets(BIO *b, char *buf, int size)
+{
+    int ret;
+    size_t readbytes = 0;
+
+    if ((b == NULL) || (b->method == NULL) || (b->method->bgets == NULL)) {
+        BIOerr(BIO_F_BIO_GETS, BIO_R_UNSUPPORTED_METHOD);
+        return -2;
+    }
+
+    if (size < 0) {
+        BIOerr(BIO_F_BIO_GETS, BIO_R_INVALID_ARGUMENT);
+        return 0;
+    }
+
+    if (b->callback != NULL || b->callback_ex != NULL) {
+        ret = (int)bio_call_callback(b, BIO_CB_GETS, buf, size, 0, 0L, 1, NULL);
+        if (ret <= 0)
+            return ret;
+    }
+
+    if (!b->init) {
+        BIOerr(BIO_F_BIO_GETS, BIO_R_UNINITIALIZED);
+        return -2;
+    }
+
+    ret = b->method->bgets(b, buf, size);
+
+    if (ret > 0) {
+        readbytes = ret;
+        ret = 1;
+    }
+
+    if (b->callback != NULL || b->callback_ex != NULL)
+        ret = (int)bio_call_callback(b, BIO_CB_GETS | BIO_CB_RETURN, buf, size,
+                                     0, 0L, ret, &readbytes);
+
+    if (ret > 0) {
+        /* Shouldn't happen */
+        if (readbytes > (size_t)size)
+            ret = -1;
+        else
+            ret = (int)readbytes;
+    }
+
+    return ret;
+}
+
+int BIO_indent(BIO *b, int indent, int max)
+{
+    if (indent < 0)
+        indent = 0;
+    if (indent > max)
+        indent = max;
+    while (indent--)
+        if (BIO_puts(b, " ") != 1)
+            return 0;
+    return 1;
+}
+
+long BIO_int_ctrl(BIO *b, int cmd, long larg, int iarg)
+{
+    int i;
+
+    i = iarg;
+    return BIO_ctrl(b, cmd, larg, (char *)&i);
+}
+
+void *BIO_ptr_ctrl(BIO *b, int cmd, long larg)
+{
+    void *p = NULL;
+
+    if (BIO_ctrl(b, cmd, larg, (char *)&p) <= 0)
+        return NULL;
+    else
+        return p;
+}
+
+long BIO_ctrl(BIO *b, int cmd, long larg, void *parg)
+{
+    long ret;
+
+    if (b == NULL)
+        return 0;
+
+    if ((b->method == NULL) || (b->method->ctrl == NULL)) {
+        BIOerr(BIO_F_BIO_CTRL, BIO_R_UNSUPPORTED_METHOD);
+        return -2;
+    }
+
+    if (b->callback != NULL || b->callback_ex != NULL) {
+        ret = bio_call_callback(b, BIO_CB_CTRL, parg, 0, cmd, larg, 1L, NULL);
+        if (ret <= 0)
+            return ret;
+    }
+
+    ret = b->method->ctrl(b, cmd, larg, parg);
+
+    if (b->callback != NULL || b->callback_ex != NULL)
+        ret = bio_call_callback(b, BIO_CB_CTRL | BIO_CB_RETURN, parg, 0, cmd,
+                                larg, ret, NULL);
+
+    return ret;
+}
+
+long BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
+{
+    long ret;
+
+    if (b == NULL)
+        return 0;
+
+    if ((b->method == NULL) || (b->method->callback_ctrl == NULL)
+            || (cmd != BIO_CTRL_SET_CALLBACK)) {
+        BIOerr(BIO_F_BIO_CALLBACK_CTRL, BIO_R_UNSUPPORTED_METHOD);
+        return -2;
+    }
+
+    if (b->callback != NULL || b->callback_ex != NULL) {
+        ret = bio_call_callback(b, BIO_CB_CTRL, (void *)&fp, 0, cmd, 0, 1L,
+                                NULL);
+        if (ret <= 0)
+            return ret;
+    }
+
+    ret = b->method->callback_ctrl(b, cmd, fp);
+
+    if (b->callback != NULL || b->callback_ex != NULL)
+        ret = bio_call_callback(b, BIO_CB_CTRL | BIO_CB_RETURN, (void *)&fp, 0,
+                                cmd, 0, ret, NULL);
+
+    return ret;
+}
+
+/*
+ * It is unfortunate to duplicate in functions what the BIO_(w)pending macros
+ * do; but those macros have inappropriate return type, and for interfacing
+ * from other programming languages, C macros aren't much of a help anyway.
+ */
+size_t BIO_ctrl_pending(BIO *bio)
+{
+    return BIO_ctrl(bio, BIO_CTRL_PENDING, 0, NULL);
+}
+
+size_t BIO_ctrl_wpending(BIO *bio)
+{
+    return BIO_ctrl(bio, BIO_CTRL_WPENDING, 0, NULL);
+}
+
+/* put the 'bio' on the end of b's list of operators */
+BIO *BIO_push(BIO *b, BIO *bio)
+{
+    BIO *lb;
+
+    if (b == NULL)
+        return bio;
+    lb = b;
+    while (lb->next_bio != NULL)
+        lb = lb->next_bio;
+    lb->next_bio = bio;
+    if (bio != NULL)
+        bio->prev_bio = lb;
+    /* called to do internal processing */
+    BIO_ctrl(b, BIO_CTRL_PUSH, 0, lb);
+    return b;
+}
+
+/* Remove the first and return the rest */
+BIO *BIO_pop(BIO *b)
+{
+    BIO *ret;
+
+    if (b == NULL)
+        return NULL;
+    ret = b->next_bio;
+
+    BIO_ctrl(b, BIO_CTRL_POP, 0, b);
+
+    if (b->prev_bio != NULL)
+        b->prev_bio->next_bio = b->next_bio;
+    if (b->next_bio != NULL)
+        b->next_bio->prev_bio = b->prev_bio;
+
+    b->next_bio = NULL;
+    b->prev_bio = NULL;
+    return ret;
+}
+
+BIO *BIO_get_retry_BIO(BIO *bio, int *reason)
+{
+    BIO *b, *last;
+
+    b = last = bio;
+    for (;;) {
+        if (!BIO_should_retry(b))
+            break;
+        last = b;
+        b = b->next_bio;
+        if (b == NULL)
+            break;
+    }
+    if (reason != NULL)
+        *reason = last->retry_reason;
+    return last;
+}
+
+int BIO_get_retry_reason(BIO *bio)
+{
+    return bio->retry_reason;
+}
+
+void BIO_set_retry_reason(BIO *bio, int reason)
+{
+    bio->retry_reason = reason;
+}
+
+BIO *BIO_find_type(BIO *bio, int type)
+{
+    int mt, mask;
+
+    if (bio == NULL)
+        return NULL;
+    mask = type & 0xff;
+    do {
+        if (bio->method != NULL) {
+            mt = bio->method->type;
+
+            if (!mask) {
+                if (mt & type)
+                    return bio;
+            } else if (mt == type)
+                return bio;
+        }
+        bio = bio->next_bio;
+    } while (bio != NULL);
+    return NULL;
+}
+
+BIO *BIO_next(BIO *b)
+{
+    if (b == NULL)
+        return NULL;
+    return b->next_bio;
+}
+
+void BIO_set_next(BIO *b, BIO *next)
+{
+    b->next_bio = next;
+}
+
+void BIO_free_all(BIO *bio)
+{
+    BIO *b;
+    int ref;
+
+    while (bio != NULL) {
+        b = bio;
+        ref = b->references;
+        bio = bio->next_bio;
+        BIO_free(b);
+        /* Since ref count > 1, don't free anyone else. */
+        if (ref > 1)
+            break;
+    }
+}
+
+BIO *BIO_dup_chain(BIO *in)
+{
+    BIO *ret = NULL, *eoc = NULL, *bio, *new_bio;
+
+    for (bio = in; bio != NULL; bio = bio->next_bio) {
+        if ((new_bio = BIO_new(bio->method)) == NULL)
+            goto err;
+        new_bio->callback = bio->callback;
+        new_bio->callback_ex = bio->callback_ex;
+        new_bio->cb_arg = bio->cb_arg;
+        new_bio->init = bio->init;
+        new_bio->shutdown = bio->shutdown;
+        new_bio->flags = bio->flags;
+
+        /* This will let SSL_s_sock() work with stdin/stdout */
+        new_bio->num = bio->num;
+
+        if (!BIO_dup_state(bio, (char *)new_bio)) {
+            BIO_free(new_bio);
+            goto err;
+        }
+
+        /* copy app data */
+        if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new_bio->ex_data,
+                                &bio->ex_data)) {
+            BIO_free(new_bio);
+            goto err;
+        }
+
+        if (ret == NULL) {
+            eoc = new_bio;
+            ret = eoc;
+        } else {
+            BIO_push(eoc, new_bio);
+            eoc = new_bio;
+        }
+    }
+    return ret;
+ err:
+    BIO_free_all(ret);
+
+    return NULL;
+}
+
+void BIO_copy_next_retry(BIO *b)
+{
+    BIO_set_flags(b, BIO_get_retry_flags(b->next_bio));
+    b->retry_reason = b->next_bio->retry_reason;
+}
+
+int BIO_set_ex_data(BIO *bio, int idx, void *data)
+{
+    return CRYPTO_set_ex_data(&(bio->ex_data), idx, data);
+}
+
+void *BIO_get_ex_data(BIO *bio, int idx)
+{
+    return CRYPTO_get_ex_data(&(bio->ex_data), idx);
+}
+
+uint64_t BIO_number_read(BIO *bio)
+{
+    if (bio)
+        return bio->num_read;
+    return 0;
+}
+
+uint64_t BIO_number_written(BIO *bio)
+{
+    if (bio)
+        return bio->num_write;
+    return 0;
+}
+
+void bio_free_ex_data(BIO *bio)
+{
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data);
+}
+
+void bio_cleanup(void)
+{
+#ifndef OPENSSL_NO_SOCK
+    bio_sock_cleanup_int();
+    CRYPTO_THREAD_lock_free(bio_lookup_lock);
+    bio_lookup_lock = NULL;
+#endif
+    CRYPTO_THREAD_lock_free(bio_type_lock);
+    bio_type_lock = NULL;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bio_meth.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bio_meth.c
new file mode 100644
index 000000000..493ff63a9
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bio_meth.c
@@ -0,0 +1,220 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "bio_lcl.h"
+#include "internal/thread_once.h"
+
+CRYPTO_RWLOCK *bio_type_lock = NULL;
+static CRYPTO_ONCE bio_type_init = CRYPTO_ONCE_STATIC_INIT;
+
+DEFINE_RUN_ONCE_STATIC(do_bio_type_init)
+{
+    bio_type_lock = CRYPTO_THREAD_lock_new();
+    return bio_type_lock != NULL;
+}
+
+int BIO_get_new_index(void)
+{
+    static CRYPTO_REF_COUNT bio_count = BIO_TYPE_START;
+    int newval;
+
+    if (!RUN_ONCE(&bio_type_init, do_bio_type_init)) {
+        BIOerr(BIO_F_BIO_GET_NEW_INDEX, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+    if (!CRYPTO_UP_REF(&bio_count, &newval, bio_type_lock))
+        return -1;
+    return newval;
+}
+
+BIO_METHOD *BIO_meth_new(int type, const char *name)
+{
+    BIO_METHOD *biom = OPENSSL_zalloc(sizeof(BIO_METHOD));
+
+    if (biom == NULL
+            || (biom->name = OPENSSL_strdup(name)) == NULL) {
+        OPENSSL_free(biom);
+        BIOerr(BIO_F_BIO_METH_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    biom->type = type;
+    return biom;
+}
+
+void BIO_meth_free(BIO_METHOD *biom)
+{
+    if (biom != NULL) {
+        OPENSSL_free(biom->name);
+        OPENSSL_free(biom);
+    }
+}
+
+int (*BIO_meth_get_write(const BIO_METHOD *biom)) (BIO *, const char *, int)
+{
+    return biom->bwrite_old;
+}
+
+int (*BIO_meth_get_write_ex(const BIO_METHOD *biom)) (BIO *, const char *, size_t,
+                                                size_t *)
+{
+    return biom->bwrite;
+}
+
+/* Conversion for old style bwrite to new style */
+int bwrite_conv(BIO *bio, const char *data, size_t datal, size_t *written)
+{
+    int ret;
+
+    if (datal > INT_MAX)
+        datal = INT_MAX;
+
+    ret = bio->method->bwrite_old(bio, data, (int)datal);
+
+    if (ret <= 0) {
+        *written = 0;
+        return ret;
+    }
+
+    *written = (size_t)ret;
+
+    return 1;
+}
+
+int BIO_meth_set_write(BIO_METHOD *biom,
+                       int (*bwrite) (BIO *, const char *, int))
+{
+    biom->bwrite_old = bwrite;
+    biom->bwrite = bwrite_conv;
+    return 1;
+}
+
+int BIO_meth_set_write_ex(BIO_METHOD *biom,
+                       int (*bwrite) (BIO *, const char *, size_t, size_t *))
+{
+    biom->bwrite_old = NULL;
+    biom->bwrite = bwrite;
+    return 1;
+}
+
+int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int)
+{
+    return biom->bread_old;
+}
+
+int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *)
+{
+    return biom->bread;
+}
+
+/* Conversion for old style bread to new style */
+int bread_conv(BIO *bio, char *data, size_t datal, size_t *readbytes)
+{
+    int ret;
+
+    if (datal > INT_MAX)
+        datal = INT_MAX;
+
+    ret = bio->method->bread_old(bio, data, (int)datal);
+
+    if (ret <= 0) {
+        *readbytes = 0;
+        return ret;
+    }
+
+    *readbytes = (size_t)ret;
+
+    return 1;
+}
+
+int BIO_meth_set_read(BIO_METHOD *biom,
+                      int (*bread) (BIO *, char *, int))
+{
+    biom->bread_old = bread;
+    biom->bread = bread_conv;
+    return 1;
+}
+
+int BIO_meth_set_read_ex(BIO_METHOD *biom,
+                         int (*bread) (BIO *, char *, size_t, size_t *))
+{
+    biom->bread_old = NULL;
+    biom->bread = bread;
+    return 1;
+}
+
+int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *)
+{
+    return biom->bputs;
+}
+
+int BIO_meth_set_puts(BIO_METHOD *biom,
+                      int (*bputs) (BIO *, const char *))
+{
+    biom->bputs = bputs;
+    return 1;
+}
+
+int (*BIO_meth_get_gets(const BIO_METHOD *biom)) (BIO *, char *, int)
+{
+    return biom->bgets;
+}
+
+int BIO_meth_set_gets(BIO_METHOD *biom,
+                      int (*bgets) (BIO *, char *, int))
+{
+    biom->bgets = bgets;
+    return 1;
+}
+
+long (*BIO_meth_get_ctrl(const BIO_METHOD *biom)) (BIO *, int, long, void *)
+{
+    return biom->ctrl;
+}
+
+int BIO_meth_set_ctrl(BIO_METHOD *biom,
+                      long (*ctrl) (BIO *, int, long, void *))
+{
+    biom->ctrl = ctrl;
+    return 1;
+}
+
+int (*BIO_meth_get_create(const BIO_METHOD *biom)) (BIO *)
+{
+    return biom->create;
+}
+
+int BIO_meth_set_create(BIO_METHOD *biom, int (*create) (BIO *))
+{
+    biom->create = create;
+    return 1;
+}
+
+int (*BIO_meth_get_destroy(const BIO_METHOD *biom)) (BIO *)
+{
+    return biom->destroy;
+}
+
+int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *))
+{
+    biom->destroy = destroy;
+    return 1;
+}
+
+long (*BIO_meth_get_callback_ctrl(const BIO_METHOD *biom)) (BIO *, int, BIO_info_cb *)
+{
+    return biom->callback_ctrl;
+}
+
+int BIO_meth_set_callback_ctrl(BIO_METHOD *biom,
+                               long (*callback_ctrl) (BIO *, int,
+                                                      BIO_info_cb *))
+{
+    biom->callback_ctrl = callback_ctrl;
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_acpt.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_acpt.c
new file mode 100644
index 000000000..993e5903a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_acpt.c
@@ -0,0 +1,560 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "bio_lcl.h"
+
+#ifndef OPENSSL_NO_SOCK
+
+typedef struct bio_accept_st {
+    int state;
+    int accept_family;
+    int bind_mode;     /* Socket mode for BIO_listen */
+    int accepted_mode; /* Socket mode for BIO_accept (set on accepted sock) */
+    char *param_addr;
+    char *param_serv;
+
+    int accept_sock;
+
+    BIO_ADDRINFO *addr_first;
+    const BIO_ADDRINFO *addr_iter;
+    BIO_ADDR cache_accepting_addr;   /* Useful if we asked for port 0 */
+    char *cache_accepting_name, *cache_accepting_serv;
+    BIO_ADDR cache_peer_addr;
+    char *cache_peer_name, *cache_peer_serv;
+
+    BIO *bio_chain;
+} BIO_ACCEPT;
+
+static int acpt_write(BIO *h, const char *buf, int num);
+static int acpt_read(BIO *h, char *buf, int size);
+static int acpt_puts(BIO *h, const char *str);
+static long acpt_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int acpt_new(BIO *h);
+static int acpt_free(BIO *data);
+static int acpt_state(BIO *b, BIO_ACCEPT *c);
+static void acpt_close_socket(BIO *data);
+static BIO_ACCEPT *BIO_ACCEPT_new(void);
+static void BIO_ACCEPT_free(BIO_ACCEPT *a);
+
+# define ACPT_S_BEFORE                   1
+# define ACPT_S_GET_ADDR                 2
+# define ACPT_S_CREATE_SOCKET            3
+# define ACPT_S_LISTEN                   4
+# define ACPT_S_ACCEPT                   5
+# define ACPT_S_OK                       6
+
+static const BIO_METHOD methods_acceptp = {
+    BIO_TYPE_ACCEPT,
+    "socket accept",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
+    acpt_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
+    acpt_read,
+    acpt_puts,
+    NULL,                       /* connect_gets,         */
+    acpt_ctrl,
+    acpt_new,
+    acpt_free,
+    NULL,                       /* connect_callback_ctrl */
+};
+
+const BIO_METHOD *BIO_s_accept(void)
+{
+    return &methods_acceptp;
+}
+
+static int acpt_new(BIO *bi)
+{
+    BIO_ACCEPT *ba;
+
+    bi->init = 0;
+    bi->num = (int)INVALID_SOCKET;
+    bi->flags = 0;
+    if ((ba = BIO_ACCEPT_new()) == NULL)
+        return 0;
+    bi->ptr = (char *)ba;
+    ba->state = ACPT_S_BEFORE;
+    bi->shutdown = 1;
+    return 1;
+}
+
+static BIO_ACCEPT *BIO_ACCEPT_new(void)
+{
+    BIO_ACCEPT *ret;
+
+    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) {
+        BIOerr(BIO_F_BIO_ACCEPT_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    ret->accept_family = BIO_FAMILY_IPANY;
+    ret->accept_sock = (int)INVALID_SOCKET;
+    return ret;
+}
+
+static void BIO_ACCEPT_free(BIO_ACCEPT *a)
+{
+    if (a == NULL)
+        return;
+    OPENSSL_free(a->param_addr);
+    OPENSSL_free(a->param_serv);
+    BIO_ADDRINFO_free(a->addr_first);
+    OPENSSL_free(a->cache_accepting_name);
+    OPENSSL_free(a->cache_accepting_serv);
+    OPENSSL_free(a->cache_peer_name);
+    OPENSSL_free(a->cache_peer_serv);
+    BIO_free(a->bio_chain);
+    OPENSSL_free(a);
+}
+
+static void acpt_close_socket(BIO *bio)
+{
+    BIO_ACCEPT *c;
+
+    c = (BIO_ACCEPT *)bio->ptr;
+    if (c->accept_sock != (int)INVALID_SOCKET) {
+        shutdown(c->accept_sock, 2);
+        closesocket(c->accept_sock);
+        c->accept_sock = (int)INVALID_SOCKET;
+        bio->num = (int)INVALID_SOCKET;
+    }
+}
+
+static int acpt_free(BIO *a)
+{
+    BIO_ACCEPT *data;
+
+    if (a == NULL)
+        return 0;
+    data = (BIO_ACCEPT *)a->ptr;
+
+    if (a->shutdown) {
+        acpt_close_socket(a);
+        BIO_ACCEPT_free(data);
+        a->ptr = NULL;
+        a->flags = 0;
+        a->init = 0;
+    }
+    return 1;
+}
+
+static int acpt_state(BIO *b, BIO_ACCEPT *c)
+{
+    BIO *bio = NULL, *dbio;
+    int s = -1, ret = -1;
+
+    for (;;) {
+        switch (c->state) {
+        case ACPT_S_BEFORE:
+            if (c->param_addr == NULL && c->param_serv == NULL) {
+                BIOerr(BIO_F_ACPT_STATE, BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED);
+                ERR_add_error_data(4,
+                                   "hostname=", c->param_addr,
+                                   " service=", c->param_serv);
+                goto exit_loop;
+            }
+
+            /* Because we're starting a new bind, any cached name and serv
+             * are now obsolete and need to be cleaned out.
+             * QUESTION: should this be done in acpt_close_socket() instead?
+             */
+            OPENSSL_free(c->cache_accepting_name);
+            c->cache_accepting_name = NULL;
+            OPENSSL_free(c->cache_accepting_serv);
+            c->cache_accepting_serv = NULL;
+            OPENSSL_free(c->cache_peer_name);
+            c->cache_peer_name = NULL;
+            OPENSSL_free(c->cache_peer_serv);
+            c->cache_peer_serv = NULL;
+
+            c->state = ACPT_S_GET_ADDR;
+            break;
+
+        case ACPT_S_GET_ADDR:
+            {
+                int family = AF_UNSPEC;
+                switch (c->accept_family) {
+                case BIO_FAMILY_IPV6:
+                    if (1) { /* This is a trick we use to avoid bit rot.
+                              * at least the "else" part will always be
+                              * compiled.
+                              */
+#ifdef AF_INET6
+                        family = AF_INET6;
+                    } else {
+#endif
+                        BIOerr(BIO_F_ACPT_STATE, BIO_R_UNAVAILABLE_IP_FAMILY);
+                        goto exit_loop;
+                    }
+                    break;
+                case BIO_FAMILY_IPV4:
+                    family = AF_INET;
+                    break;
+                case BIO_FAMILY_IPANY:
+                    family = AF_UNSPEC;
+                    break;
+                default:
+                    BIOerr(BIO_F_ACPT_STATE, BIO_R_UNSUPPORTED_IP_FAMILY);
+                    goto exit_loop;
+                }
+                if (BIO_lookup(c->param_addr, c->param_serv, BIO_LOOKUP_SERVER,
+                               family, SOCK_STREAM, &c->addr_first) == 0)
+                    goto exit_loop;
+            }
+            if (c->addr_first == NULL) {
+                BIOerr(BIO_F_ACPT_STATE, BIO_R_LOOKUP_RETURNED_NOTHING);
+                goto exit_loop;
+            }
+            /* We're currently not iterating, but set this as preparation
+             * for possible future development in that regard
+             */
+            c->addr_iter = c->addr_first;
+            c->state = ACPT_S_CREATE_SOCKET;
+            break;
+
+        case ACPT_S_CREATE_SOCKET:
+            ret = BIO_socket(BIO_ADDRINFO_family(c->addr_iter),
+                             BIO_ADDRINFO_socktype(c->addr_iter),
+                             BIO_ADDRINFO_protocol(c->addr_iter), 0);
+            if (ret == (int)INVALID_SOCKET) {
+                SYSerr(SYS_F_SOCKET, get_last_socket_error());
+                ERR_add_error_data(4,
+                                   "hostname=", c->param_addr,
+                                   " service=", c->param_serv);
+                BIOerr(BIO_F_ACPT_STATE, BIO_R_UNABLE_TO_CREATE_SOCKET);
+                goto exit_loop;
+            }
+            c->accept_sock = ret;
+            b->num = ret;
+            c->state = ACPT_S_LISTEN;
+            break;
+
+        case ACPT_S_LISTEN:
+            {
+                if (!BIO_listen(c->accept_sock,
+                                BIO_ADDRINFO_address(c->addr_iter),
+                                c->bind_mode)) {
+                    BIO_closesocket(c->accept_sock);
+                    goto exit_loop;
+                }
+            }
+
+            {
+                union BIO_sock_info_u info;
+
+                info.addr = &c->cache_accepting_addr;
+                if (!BIO_sock_info(c->accept_sock, BIO_SOCK_INFO_ADDRESS,
+                                   &info)) {
+                    BIO_closesocket(c->accept_sock);
+                    goto exit_loop;
+                }
+            }
+
+            c->cache_accepting_name =
+                BIO_ADDR_hostname_string(&c->cache_accepting_addr, 1);
+            c->cache_accepting_serv =
+                BIO_ADDR_service_string(&c->cache_accepting_addr, 1);
+            c->state = ACPT_S_ACCEPT;
+            s = -1;
+            ret = 1;
+            goto end;
+
+        case ACPT_S_ACCEPT:
+            if (b->next_bio != NULL) {
+                c->state = ACPT_S_OK;
+                break;
+            }
+            BIO_clear_retry_flags(b);
+            b->retry_reason = 0;
+
+            OPENSSL_free(c->cache_peer_name);
+            c->cache_peer_name = NULL;
+            OPENSSL_free(c->cache_peer_serv);
+            c->cache_peer_serv = NULL;
+
+            s = BIO_accept_ex(c->accept_sock, &c->cache_peer_addr,
+                              c->accepted_mode);
+
+            /* If the returned socket is invalid, this might still be
+             * retryable
+             */
+            if (s < 0) {
+                if (BIO_sock_should_retry(s)) {
+                    BIO_set_retry_special(b);
+                    b->retry_reason = BIO_RR_ACCEPT;
+                    goto end;
+                }
+            }
+
+            /* If it wasn't retryable, we fail */
+            if (s < 0) {
+                ret = s;
+                goto exit_loop;
+            }
+
+            bio = BIO_new_socket(s, BIO_CLOSE);
+            if (bio == NULL)
+                goto exit_loop;
+
+            BIO_set_callback(bio, BIO_get_callback(b));
+            BIO_set_callback_arg(bio, BIO_get_callback_arg(b));
+
+            /*
+             * If the accept BIO has an bio_chain, we dup it and put the new
+             * socket at the end.
+             */
+            if (c->bio_chain != NULL) {
+                if ((dbio = BIO_dup_chain(c->bio_chain)) == NULL)
+                    goto exit_loop;
+                if (!BIO_push(dbio, bio))
+                    goto exit_loop;
+                bio = dbio;
+            }
+            if (BIO_push(b, bio) == NULL)
+                goto exit_loop;
+
+            c->cache_peer_name =
+                BIO_ADDR_hostname_string(&c->cache_peer_addr, 1);
+            c->cache_peer_serv =
+                BIO_ADDR_service_string(&c->cache_peer_addr, 1);
+            c->state = ACPT_S_OK;
+            bio = NULL;
+            ret = 1;
+            goto end;
+
+        case ACPT_S_OK:
+            if (b->next_bio == NULL) {
+                c->state = ACPT_S_ACCEPT;
+                break;
+            }
+            ret = 1;
+            goto end;
+
+        default:
+            ret = 0;
+            goto end;
+        }
+    }
+
+  exit_loop:
+    if (bio != NULL)
+        BIO_free(bio);
+    else if (s >= 0)
+        BIO_closesocket(s);
+  end:
+    return ret;
+}
+
+static int acpt_read(BIO *b, char *out, int outl)
+{
+    int ret = 0;
+    BIO_ACCEPT *data;
+
+    BIO_clear_retry_flags(b);
+    data = (BIO_ACCEPT *)b->ptr;
+
+    while (b->next_bio == NULL) {
+        ret = acpt_state(b, data);
+        if (ret <= 0)
+            return ret;
+    }
+
+    ret = BIO_read(b->next_bio, out, outl);
+    BIO_copy_next_retry(b);
+    return ret;
+}
+
+static int acpt_write(BIO *b, const char *in, int inl)
+{
+    int ret;
+    BIO_ACCEPT *data;
+
+    BIO_clear_retry_flags(b);
+    data = (BIO_ACCEPT *)b->ptr;
+
+    while (b->next_bio == NULL) {
+        ret = acpt_state(b, data);
+        if (ret <= 0)
+            return ret;
+    }
+
+    ret = BIO_write(b->next_bio, in, inl);
+    BIO_copy_next_retry(b);
+    return ret;
+}
+
+static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    int *ip;
+    long ret = 1;
+    BIO_ACCEPT *data;
+    char **pp;
+
+    data = (BIO_ACCEPT *)b->ptr;
+
+    switch (cmd) {
+    case BIO_CTRL_RESET:
+        ret = 0;
+        data->state = ACPT_S_BEFORE;
+        acpt_close_socket(b);
+        BIO_ADDRINFO_free(data->addr_first);
+        data->addr_first = NULL;
+        b->flags = 0;
+        break;
+    case BIO_C_DO_STATE_MACHINE:
+        /* use this one to start the connection */
+        ret = (long)acpt_state(b, data);
+        break;
+    case BIO_C_SET_ACCEPT:
+        if (ptr != NULL) {
+            if (num == 0) {
+                char *hold_serv = data->param_serv;
+                /* We affect the hostname regardless.  However, the input
+                 * string might contain a host:service spec, so we must
+                 * parse it, which might or might not affect the service
+                 */
+                OPENSSL_free(data->param_addr);
+                data->param_addr = NULL;
+                ret = BIO_parse_hostserv(ptr,
+                                         &data->param_addr,
+                                         &data->param_serv,
+                                         BIO_PARSE_PRIO_SERV);
+                if (hold_serv != data->param_serv)
+                    OPENSSL_free(hold_serv);
+                b->init = 1;
+            } else if (num == 1) {
+                OPENSSL_free(data->param_serv);
+                data->param_serv = BUF_strdup(ptr);
+                b->init = 1;
+            } else if (num == 2) {
+                data->bind_mode |= BIO_SOCK_NONBLOCK;
+            } else if (num == 3) {
+                BIO_free(data->bio_chain);
+                data->bio_chain = (BIO *)ptr;
+            } else if (num == 4) {
+                data->accept_family = *(int *)ptr;
+            }
+        } else {
+            if (num == 2) {
+                data->bind_mode &= ~BIO_SOCK_NONBLOCK;
+            }
+        }
+        break;
+    case BIO_C_SET_NBIO:
+        if (num != 0)
+            data->accepted_mode |= BIO_SOCK_NONBLOCK;
+        else
+            data->accepted_mode &= ~BIO_SOCK_NONBLOCK;
+        break;
+    case BIO_C_SET_FD:
+        b->num = *((int *)ptr);
+        data->accept_sock = b->num;
+        data->state = ACPT_S_ACCEPT;
+        b->shutdown = (int)num;
+        b->init = 1;
+        break;
+    case BIO_C_GET_FD:
+        if (b->init) {
+            ip = (int *)ptr;
+            if (ip != NULL)
+                *ip = data->accept_sock;
+            ret = data->accept_sock;
+        } else
+            ret = -1;
+        break;
+    case BIO_C_GET_ACCEPT:
+        if (b->init) {
+            if (num == 0 && ptr != NULL) {
+                pp = (char **)ptr;
+                *pp = data->cache_accepting_name;
+            } else if (num == 1 && ptr != NULL) {
+                pp = (char **)ptr;
+                *pp = data->cache_accepting_serv;
+            } else if (num == 2 && ptr != NULL) {
+                pp = (char **)ptr;
+                *pp = data->cache_peer_name;
+            } else if (num == 3 && ptr != NULL) {
+                pp = (char **)ptr;
+                *pp = data->cache_peer_serv;
+            } else if (num == 4) {
+                switch (BIO_ADDRINFO_family(data->addr_iter)) {
+#ifdef AF_INET6
+                case AF_INET6:
+                    ret = BIO_FAMILY_IPV6;
+                    break;
+#endif
+                case AF_INET:
+                    ret = BIO_FAMILY_IPV4;
+                    break;
+                case 0:
+                    ret = data->accept_family;
+                    break;
+                default:
+                    ret = -1;
+                    break;
+                }
+            } else
+                ret = -1;
+        } else
+            ret = -1;
+        break;
+    case BIO_CTRL_GET_CLOSE:
+        ret = b->shutdown;
+        break;
+    case BIO_CTRL_SET_CLOSE:
+        b->shutdown = (int)num;
+        break;
+    case BIO_CTRL_PENDING:
+    case BIO_CTRL_WPENDING:
+        ret = 0;
+        break;
+    case BIO_CTRL_FLUSH:
+        break;
+    case BIO_C_SET_BIND_MODE:
+        data->bind_mode = (int)num;
+        break;
+    case BIO_C_GET_BIND_MODE:
+        ret = (long)data->bind_mode;
+        break;
+    case BIO_CTRL_DUP:
+        break;
+
+    default:
+        ret = 0;
+        break;
+    }
+    return ret;
+}
+
+static int acpt_puts(BIO *bp, const char *str)
+{
+    int n, ret;
+
+    n = strlen(str);
+    ret = acpt_write(bp, str, n);
+    return ret;
+}
+
+BIO *BIO_new_accept(const char *str)
+{
+    BIO *ret;
+
+    ret = BIO_new(BIO_s_accept());
+    if (ret == NULL)
+        return NULL;
+    if (BIO_set_accept_name(ret, str))
+        return ret;
+    BIO_free(ret);
+    return NULL;
+}
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_bio.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_bio.c
new file mode 100644
index 000000000..e34382c55
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_bio.c
@@ -0,0 +1,808 @@
+/*
+ * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Special method for a BIO where the other endpoint is also a BIO of this
+ * kind, handled by the same thread (i.e. the "peer" is actually ourselves,
+ * wearing a different hat). Such "BIO pairs" are mainly for using the SSL
+ * library with I/O interfaces for which no specific BIO method is available.
+ * See ssl/ssltest.c for some hints on how this can be used.
+ */
+
+#include "e_os.h"
+#include <assert.h>
+#include <limits.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "bio_lcl.h"
+#include <openssl/err.h>
+#include <openssl/crypto.h>
+
+static int bio_new(BIO *bio);
+static int bio_free(BIO *bio);
+static int bio_read(BIO *bio, char *buf, int size);
+static int bio_write(BIO *bio, const char *buf, int num);
+static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr);
+static int bio_puts(BIO *bio, const char *str);
+
+static int bio_make_pair(BIO *bio1, BIO *bio2);
+static void bio_destroy_pair(BIO *bio);
+
+static const BIO_METHOD methods_biop = {
+    BIO_TYPE_BIO,
+    "BIO pair",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
+    bio_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
+    bio_read,
+    bio_puts,
+    NULL /* no bio_gets */ ,
+    bio_ctrl,
+    bio_new,
+    bio_free,
+    NULL                        /* no bio_callback_ctrl */
+};
+
+const BIO_METHOD *BIO_s_bio(void)
+{
+    return &methods_biop;
+}
+
+struct bio_bio_st {
+    BIO *peer;                  /* NULL if buf == NULL. If peer != NULL, then
+                                 * peer->ptr is also a bio_bio_st, and its
+                                 * "peer" member points back to us. peer !=
+                                 * NULL iff init != 0 in the BIO. */
+    /* This is for what we write (i.e. reading uses peer's struct): */
+    int closed;                 /* valid iff peer != NULL */
+    size_t len;                 /* valid iff buf != NULL; 0 if peer == NULL */
+    size_t offset;              /* valid iff buf != NULL; 0 if len == 0 */
+    size_t size;
+    char *buf;                  /* "size" elements (if != NULL) */
+    size_t request;             /* valid iff peer != NULL; 0 if len != 0,
+                                 * otherwise set by peer to number of bytes
+                                 * it (unsuccessfully) tried to read, never
+                                 * more than buffer space (size-len)
+                                 * warrants. */
+};
+
+static int bio_new(BIO *bio)
+{
+    struct bio_bio_st *b = OPENSSL_zalloc(sizeof(*b));
+
+    if (b == NULL)
+        return 0;
+
+    /* enough for one TLS record (just a default) */
+    b->size = 17 * 1024;
+
+    bio->ptr = b;
+    return 1;
+}
+
+static int bio_free(BIO *bio)
+{
+    struct bio_bio_st *b;
+
+    if (bio == NULL)
+        return 0;
+    b = bio->ptr;
+
+    assert(b != NULL);
+
+    if (b->peer)
+        bio_destroy_pair(bio);
+
+    OPENSSL_free(b->buf);
+    OPENSSL_free(b);
+
+    return 1;
+}
+
+static int bio_read(BIO *bio, char *buf, int size_)
+{
+    size_t size = size_;
+    size_t rest;
+    struct bio_bio_st *b, *peer_b;
+
+    BIO_clear_retry_flags(bio);
+
+    if (!bio->init)
+        return 0;
+
+    b = bio->ptr;
+    assert(b != NULL);
+    assert(b->peer != NULL);
+    peer_b = b->peer->ptr;
+    assert(peer_b != NULL);
+    assert(peer_b->buf != NULL);
+
+    peer_b->request = 0;        /* will be set in "retry_read" situation */
+
+    if (buf == NULL || size == 0)
+        return 0;
+
+    if (peer_b->len == 0) {
+        if (peer_b->closed)
+            return 0;           /* writer has closed, and no data is left */
+        else {
+            BIO_set_retry_read(bio); /* buffer is empty */
+            if (size <= peer_b->size)
+                peer_b->request = size;
+            else
+                /*
+                 * don't ask for more than the peer can deliver in one write
+                 */
+                peer_b->request = peer_b->size;
+            return -1;
+        }
+    }
+
+    /* we can read */
+    if (peer_b->len < size)
+        size = peer_b->len;
+
+    /* now read "size" bytes */
+
+    rest = size;
+
+    assert(rest > 0);
+    do {                        /* one or two iterations */
+        size_t chunk;
+
+        assert(rest <= peer_b->len);
+        if (peer_b->offset + rest <= peer_b->size)
+            chunk = rest;
+        else
+            /* wrap around ring buffer */
+            chunk = peer_b->size - peer_b->offset;
+        assert(peer_b->offset + chunk <= peer_b->size);
+
+        memcpy(buf, peer_b->buf + peer_b->offset, chunk);
+
+        peer_b->len -= chunk;
+        if (peer_b->len) {
+            peer_b->offset += chunk;
+            assert(peer_b->offset <= peer_b->size);
+            if (peer_b->offset == peer_b->size)
+                peer_b->offset = 0;
+            buf += chunk;
+        } else {
+            /* buffer now empty, no need to advance "buf" */
+            assert(chunk == rest);
+            peer_b->offset = 0;
+        }
+        rest -= chunk;
+    }
+    while (rest);
+
+    return size;
+}
+
+/*-
+ * non-copying interface: provide pointer to available data in buffer
+ *    bio_nread0:  return number of available bytes
+ *    bio_nread:   also advance index
+ * (example usage:  bio_nread0(), read from buffer, bio_nread()
+ *  or just         bio_nread(), read from buffer)
+ */
+/*
+ * WARNING: The non-copying interface is largely untested as of yet and may
+ * contain bugs.
+ */
+static ossl_ssize_t bio_nread0(BIO *bio, char **buf)
+{
+    struct bio_bio_st *b, *peer_b;
+    ossl_ssize_t num;
+
+    BIO_clear_retry_flags(bio);
+
+    if (!bio->init)
+        return 0;
+
+    b = bio->ptr;
+    assert(b != NULL);
+    assert(b->peer != NULL);
+    peer_b = b->peer->ptr;
+    assert(peer_b != NULL);
+    assert(peer_b->buf != NULL);
+
+    peer_b->request = 0;
+
+    if (peer_b->len == 0) {
+        char dummy;
+
+        /* avoid code duplication -- nothing available for reading */
+        return bio_read(bio, &dummy, 1); /* returns 0 or -1 */
+    }
+
+    num = peer_b->len;
+    if (peer_b->size < peer_b->offset + num)
+        /* no ring buffer wrap-around for non-copying interface */
+        num = peer_b->size - peer_b->offset;
+    assert(num > 0);
+
+    if (buf != NULL)
+        *buf = peer_b->buf + peer_b->offset;
+    return num;
+}
+
+static ossl_ssize_t bio_nread(BIO *bio, char **buf, size_t num_)
+{
+    struct bio_bio_st *b, *peer_b;
+    ossl_ssize_t num, available;
+
+    if (num_ > OSSL_SSIZE_MAX)
+        num = OSSL_SSIZE_MAX;
+    else
+        num = (ossl_ssize_t) num_;
+
+    available = bio_nread0(bio, buf);
+    if (num > available)
+        num = available;
+    if (num <= 0)
+        return num;
+
+    b = bio->ptr;
+    peer_b = b->peer->ptr;
+
+    peer_b->len -= num;
+    if (peer_b->len) {
+        peer_b->offset += num;
+        assert(peer_b->offset <= peer_b->size);
+        if (peer_b->offset == peer_b->size)
+            peer_b->offset = 0;
+    } else
+        peer_b->offset = 0;
+
+    return num;
+}
+
+static int bio_write(BIO *bio, const char *buf, int num_)
+{
+    size_t num = num_;
+    size_t rest;
+    struct bio_bio_st *b;
+
+    BIO_clear_retry_flags(bio);
+
+    if (!bio->init || buf == NULL || num == 0)
+        return 0;
+
+    b = bio->ptr;
+    assert(b != NULL);
+    assert(b->peer != NULL);
+    assert(b->buf != NULL);
+
+    b->request = 0;
+    if (b->closed) {
+        /* we already closed */
+        BIOerr(BIO_F_BIO_WRITE, BIO_R_BROKEN_PIPE);
+        return -1;
+    }
+
+    assert(b->len <= b->size);
+
+    if (b->len == b->size) {
+        BIO_set_retry_write(bio); /* buffer is full */
+        return -1;
+    }
+
+    /* we can write */
+    if (num > b->size - b->len)
+        num = b->size - b->len;
+
+    /* now write "num" bytes */
+
+    rest = num;
+
+    assert(rest > 0);
+    do {                        /* one or two iterations */
+        size_t write_offset;
+        size_t chunk;
+
+        assert(b->len + rest <= b->size);
+
+        write_offset = b->offset + b->len;
+        if (write_offset >= b->size)
+            write_offset -= b->size;
+        /* b->buf[write_offset] is the first byte we can write to. */
+
+        if (write_offset + rest <= b->size)
+            chunk = rest;
+        else
+            /* wrap around ring buffer */
+            chunk = b->size - write_offset;
+
+        memcpy(b->buf + write_offset, buf, chunk);
+
+        b->len += chunk;
+
+        assert(b->len <= b->size);
+
+        rest -= chunk;
+        buf += chunk;
+    }
+    while (rest);
+
+    return num;
+}
+
+/*-
+ * non-copying interface: provide pointer to region to write to
+ *   bio_nwrite0:  check how much space is available
+ *   bio_nwrite:   also increase length
+ * (example usage:  bio_nwrite0(), write to buffer, bio_nwrite()
+ *  or just         bio_nwrite(), write to buffer)
+ */
+static ossl_ssize_t bio_nwrite0(BIO *bio, char **buf)
+{
+    struct bio_bio_st *b;
+    size_t num;
+    size_t write_offset;
+
+    BIO_clear_retry_flags(bio);
+
+    if (!bio->init)
+        return 0;
+
+    b = bio->ptr;
+    assert(b != NULL);
+    assert(b->peer != NULL);
+    assert(b->buf != NULL);
+
+    b->request = 0;
+    if (b->closed) {
+        BIOerr(BIO_F_BIO_NWRITE0, BIO_R_BROKEN_PIPE);
+        return -1;
+    }
+
+    assert(b->len <= b->size);
+
+    if (b->len == b->size) {
+        BIO_set_retry_write(bio);
+        return -1;
+    }
+
+    num = b->size - b->len;
+    write_offset = b->offset + b->len;
+    if (write_offset >= b->size)
+        write_offset -= b->size;
+    if (write_offset + num > b->size)
+        /*
+         * no ring buffer wrap-around for non-copying interface (to fulfil
+         * the promise by BIO_ctrl_get_write_guarantee, BIO_nwrite may have
+         * to be called twice)
+         */
+        num = b->size - write_offset;
+
+    if (buf != NULL)
+        *buf = b->buf + write_offset;
+    assert(write_offset + num <= b->size);
+
+    return num;
+}
+
+static ossl_ssize_t bio_nwrite(BIO *bio, char **buf, size_t num_)
+{
+    struct bio_bio_st *b;
+    ossl_ssize_t num, space;
+
+    if (num_ > OSSL_SSIZE_MAX)
+        num = OSSL_SSIZE_MAX;
+    else
+        num = (ossl_ssize_t) num_;
+
+    space = bio_nwrite0(bio, buf);
+    if (num > space)
+        num = space;
+    if (num <= 0)
+        return num;
+    b = bio->ptr;
+    assert(b != NULL);
+    b->len += num;
+    assert(b->len <= b->size);
+
+    return num;
+}
+
+static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr)
+{
+    long ret;
+    struct bio_bio_st *b = bio->ptr;
+
+    assert(b != NULL);
+
+    switch (cmd) {
+        /* specific CTRL codes */
+
+    case BIO_C_SET_WRITE_BUF_SIZE:
+        if (b->peer) {
+            BIOerr(BIO_F_BIO_CTRL, BIO_R_IN_USE);
+            ret = 0;
+        } else if (num == 0) {
+            BIOerr(BIO_F_BIO_CTRL, BIO_R_INVALID_ARGUMENT);
+            ret = 0;
+        } else {
+            size_t new_size = num;
+
+            if (b->size != new_size) {
+                OPENSSL_free(b->buf);
+                b->buf = NULL;
+                b->size = new_size;
+            }
+            ret = 1;
+        }
+        break;
+
+    case BIO_C_GET_WRITE_BUF_SIZE:
+        ret = (long)b->size;
+        break;
+
+    case BIO_C_MAKE_BIO_PAIR:
+        {
+            BIO *other_bio = ptr;
+
+            if (bio_make_pair(bio, other_bio))
+                ret = 1;
+            else
+                ret = 0;
+        }
+        break;
+
+    case BIO_C_DESTROY_BIO_PAIR:
+        /*
+         * Affects both BIOs in the pair -- call just once! Or let
+         * BIO_free(bio1); BIO_free(bio2); do the job.
+         */
+        bio_destroy_pair(bio);
+        ret = 1;
+        break;
+
+    case BIO_C_GET_WRITE_GUARANTEE:
+        /*
+         * How many bytes can the caller feed to the next write without
+         * having to keep any?
+         */
+        if (b->peer == NULL || b->closed)
+            ret = 0;
+        else
+            ret = (long)b->size - b->len;
+        break;
+
+    case BIO_C_GET_READ_REQUEST:
+        /*
+         * If the peer unsuccessfully tried to read, how many bytes were
+         * requested? (As with BIO_CTRL_PENDING, that number can usually be
+         * treated as boolean.)
+         */
+        ret = (long)b->request;
+        break;
+
+    case BIO_C_RESET_READ_REQUEST:
+        /*
+         * Reset request.  (Can be useful after read attempts at the other
+         * side that are meant to be non-blocking, e.g. when probing SSL_read
+         * to see if any data is available.)
+         */
+        b->request = 0;
+        ret = 1;
+        break;
+
+    case BIO_C_SHUTDOWN_WR:
+        /* similar to shutdown(..., SHUT_WR) */
+        b->closed = 1;
+        ret = 1;
+        break;
+
+    case BIO_C_NREAD0:
+        /* prepare for non-copying read */
+        ret = (long)bio_nread0(bio, ptr);
+        break;
+
+    case BIO_C_NREAD:
+        /* non-copying read */
+        ret = (long)bio_nread(bio, ptr, (size_t)num);
+        break;
+
+    case BIO_C_NWRITE0:
+        /* prepare for non-copying write */
+        ret = (long)bio_nwrite0(bio, ptr);
+        break;
+
+    case BIO_C_NWRITE:
+        /* non-copying write */
+        ret = (long)bio_nwrite(bio, ptr, (size_t)num);
+        break;
+
+        /* standard CTRL codes follow */
+
+    case BIO_CTRL_RESET:
+        if (b->buf != NULL) {
+            b->len = 0;
+            b->offset = 0;
+        }
+        ret = 0;
+        break;
+
+    case BIO_CTRL_GET_CLOSE:
+        ret = bio->shutdown;
+        break;
+
+    case BIO_CTRL_SET_CLOSE:
+        bio->shutdown = (int)num;
+        ret = 1;
+        break;
+
+    case BIO_CTRL_PENDING:
+        if (b->peer != NULL) {
+            struct bio_bio_st *peer_b = b->peer->ptr;
+
+            ret = (long)peer_b->len;
+        } else
+            ret = 0;
+        break;
+
+    case BIO_CTRL_WPENDING:
+        if (b->buf != NULL)
+            ret = (long)b->len;
+        else
+            ret = 0;
+        break;
+
+    case BIO_CTRL_DUP:
+        /* See BIO_dup_chain for circumstances we have to expect. */
+        {
+            BIO *other_bio = ptr;
+            struct bio_bio_st *other_b;
+
+            assert(other_bio != NULL);
+            other_b = other_bio->ptr;
+            assert(other_b != NULL);
+
+            assert(other_b->buf == NULL); /* other_bio is always fresh */
+
+            other_b->size = b->size;
+        }
+
+        ret = 1;
+        break;
+
+    case BIO_CTRL_FLUSH:
+        ret = 1;
+        break;
+
+    case BIO_CTRL_EOF:
+        if (b->peer != NULL) {
+            struct bio_bio_st *peer_b = b->peer->ptr;
+
+            if (peer_b->len == 0 && peer_b->closed)
+                ret = 1;
+            else
+                ret = 0;
+        } else {
+            ret = 1;
+        }
+        break;
+
+    default:
+        ret = 0;
+    }
+    return ret;
+}
+
+static int bio_puts(BIO *bio, const char *str)
+{
+    return bio_write(bio, str, strlen(str));
+}
+
+static int bio_make_pair(BIO *bio1, BIO *bio2)
+{
+    struct bio_bio_st *b1, *b2;
+
+    assert(bio1 != NULL);
+    assert(bio2 != NULL);
+
+    b1 = bio1->ptr;
+    b2 = bio2->ptr;
+
+    if (b1->peer != NULL || b2->peer != NULL) {
+        BIOerr(BIO_F_BIO_MAKE_PAIR, BIO_R_IN_USE);
+        return 0;
+    }
+
+    if (b1->buf == NULL) {
+        b1->buf = OPENSSL_malloc(b1->size);
+        if (b1->buf == NULL) {
+            BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        b1->len = 0;
+        b1->offset = 0;
+    }
+
+    if (b2->buf == NULL) {
+        b2->buf = OPENSSL_malloc(b2->size);
+        if (b2->buf == NULL) {
+            BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        b2->len = 0;
+        b2->offset = 0;
+    }
+
+    b1->peer = bio2;
+    b1->closed = 0;
+    b1->request = 0;
+    b2->peer = bio1;
+    b2->closed = 0;
+    b2->request = 0;
+
+    bio1->init = 1;
+    bio2->init = 1;
+
+    return 1;
+}
+
+static void bio_destroy_pair(BIO *bio)
+{
+    struct bio_bio_st *b = bio->ptr;
+
+    if (b != NULL) {
+        BIO *peer_bio = b->peer;
+
+        if (peer_bio != NULL) {
+            struct bio_bio_st *peer_b = peer_bio->ptr;
+
+            assert(peer_b != NULL);
+            assert(peer_b->peer == bio);
+
+            peer_b->peer = NULL;
+            peer_bio->init = 0;
+            assert(peer_b->buf != NULL);
+            peer_b->len = 0;
+            peer_b->offset = 0;
+
+            b->peer = NULL;
+            bio->init = 0;
+            assert(b->buf != NULL);
+            b->len = 0;
+            b->offset = 0;
+        }
+    }
+}
+
+/* Exported convenience functions */
+int BIO_new_bio_pair(BIO **bio1_p, size_t writebuf1,
+                     BIO **bio2_p, size_t writebuf2)
+{
+    BIO *bio1 = NULL, *bio2 = NULL;
+    long r;
+    int ret = 0;
+
+    bio1 = BIO_new(BIO_s_bio());
+    if (bio1 == NULL)
+        goto err;
+    bio2 = BIO_new(BIO_s_bio());
+    if (bio2 == NULL)
+        goto err;
+
+    if (writebuf1) {
+        r = BIO_set_write_buf_size(bio1, writebuf1);
+        if (!r)
+            goto err;
+    }
+    if (writebuf2) {
+        r = BIO_set_write_buf_size(bio2, writebuf2);
+        if (!r)
+            goto err;
+    }
+
+    r = BIO_make_bio_pair(bio1, bio2);
+    if (!r)
+        goto err;
+    ret = 1;
+
+ err:
+    if (ret == 0) {
+        BIO_free(bio1);
+        bio1 = NULL;
+        BIO_free(bio2);
+        bio2 = NULL;
+    }
+
+    *bio1_p = bio1;
+    *bio2_p = bio2;
+    return ret;
+}
+
+size_t BIO_ctrl_get_write_guarantee(BIO *bio)
+{
+    return BIO_ctrl(bio, BIO_C_GET_WRITE_GUARANTEE, 0, NULL);
+}
+
+size_t BIO_ctrl_get_read_request(BIO *bio)
+{
+    return BIO_ctrl(bio, BIO_C_GET_READ_REQUEST, 0, NULL);
+}
+
+int BIO_ctrl_reset_read_request(BIO *bio)
+{
+    return (BIO_ctrl(bio, BIO_C_RESET_READ_REQUEST, 0, NULL) != 0);
+}
+
+/*
+ * BIO_nread0/nread/nwrite0/nwrite are available only for BIO pairs for now
+ * (conceivably some other BIOs could allow non-copying reads and writes
+ * too.)
+ */
+int BIO_nread0(BIO *bio, char **buf)
+{
+    long ret;
+
+    if (!bio->init) {
+        BIOerr(BIO_F_BIO_NREAD0, BIO_R_UNINITIALIZED);
+        return -2;
+    }
+
+    ret = BIO_ctrl(bio, BIO_C_NREAD0, 0, buf);
+    if (ret > INT_MAX)
+        return INT_MAX;
+    else
+        return (int)ret;
+}
+
+int BIO_nread(BIO *bio, char **buf, int num)
+{
+    int ret;
+
+    if (!bio->init) {
+        BIOerr(BIO_F_BIO_NREAD, BIO_R_UNINITIALIZED);
+        return -2;
+    }
+
+    ret = (int)BIO_ctrl(bio, BIO_C_NREAD, num, buf);
+    if (ret > 0)
+        bio->num_read += ret;
+    return ret;
+}
+
+int BIO_nwrite0(BIO *bio, char **buf)
+{
+    long ret;
+
+    if (!bio->init) {
+        BIOerr(BIO_F_BIO_NWRITE0, BIO_R_UNINITIALIZED);
+        return -2;
+    }
+
+    ret = BIO_ctrl(bio, BIO_C_NWRITE0, 0, buf);
+    if (ret > INT_MAX)
+        return INT_MAX;
+    else
+        return (int)ret;
+}
+
+int BIO_nwrite(BIO *bio, char **buf, int num)
+{
+    int ret;
+
+    if (!bio->init) {
+        BIOerr(BIO_F_BIO_NWRITE, BIO_R_UNINITIALIZED);
+        return -2;
+    }
+
+    ret = BIO_ctrl(bio, BIO_C_NWRITE, num, buf);
+    if (ret > 0)
+        bio->num_write += ret;
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_conn.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_conn.c
new file mode 100644
index 000000000..e9673fe78
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_conn.c
@@ -0,0 +1,540 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <errno.h>
+
+#include "bio_lcl.h"
+
+#ifndef OPENSSL_NO_SOCK
+
+typedef struct bio_connect_st {
+    int state;
+    int connect_family;
+    char *param_hostname;
+    char *param_service;
+    int connect_mode;
+
+    BIO_ADDRINFO *addr_first;
+    const BIO_ADDRINFO *addr_iter;
+    /*
+     * int socket; this will be kept in bio->num so that it is compatible
+     * with the bss_sock bio
+     */
+    /*
+     * called when the connection is initially made callback(BIO,state,ret);
+     * The callback should return 'ret'.  state is for compatibility with the
+     * ssl info_callback
+     */
+    BIO_info_cb *info_callback;
+} BIO_CONNECT;
+
+static int conn_write(BIO *h, const char *buf, int num);
+static int conn_read(BIO *h, char *buf, int size);
+static int conn_puts(BIO *h, const char *str);
+static long conn_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int conn_new(BIO *h);
+static int conn_free(BIO *data);
+static long conn_callback_ctrl(BIO *h, int cmd, BIO_info_cb *);
+
+static int conn_state(BIO *b, BIO_CONNECT *c);
+static void conn_close_socket(BIO *data);
+BIO_CONNECT *BIO_CONNECT_new(void);
+void BIO_CONNECT_free(BIO_CONNECT *a);
+
+#define BIO_CONN_S_BEFORE                1
+#define BIO_CONN_S_GET_ADDR              2
+#define BIO_CONN_S_CREATE_SOCKET         3
+#define BIO_CONN_S_CONNECT               4
+#define BIO_CONN_S_OK                    5
+#define BIO_CONN_S_BLOCKED_CONNECT       6
+
+static const BIO_METHOD methods_connectp = {
+    BIO_TYPE_CONNECT,
+    "socket connect",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
+    conn_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
+    conn_read,
+    conn_puts,
+    NULL,                       /* conn_gets, */
+    conn_ctrl,
+    conn_new,
+    conn_free,
+    conn_callback_ctrl,
+};
+
+static int conn_state(BIO *b, BIO_CONNECT *c)
+{
+    int ret = -1, i;
+    BIO_info_cb *cb = NULL;
+
+    if (c->info_callback != NULL)
+        cb = c->info_callback;
+
+    for (;;) {
+        switch (c->state) {
+        case BIO_CONN_S_BEFORE:
+            if (c->param_hostname == NULL && c->param_service == NULL) {
+                BIOerr(BIO_F_CONN_STATE, BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED);
+                ERR_add_error_data(4,
+                                   "hostname=", c->param_hostname,
+                                   " service=", c->param_service);
+                goto exit_loop;
+            }
+            c->state = BIO_CONN_S_GET_ADDR;
+            break;
+
+        case BIO_CONN_S_GET_ADDR:
+            {
+                int family = AF_UNSPEC;
+                switch (c->connect_family) {
+                case BIO_FAMILY_IPV6:
+                    if (1) { /* This is a trick we use to avoid bit rot.
+                              * at least the "else" part will always be
+                              * compiled.
+                              */
+#ifdef AF_INET6
+                        family = AF_INET6;
+                    } else {
+#endif
+                        BIOerr(BIO_F_CONN_STATE, BIO_R_UNAVAILABLE_IP_FAMILY);
+                        goto exit_loop;
+                    }
+                    break;
+                case BIO_FAMILY_IPV4:
+                    family = AF_INET;
+                    break;
+                case BIO_FAMILY_IPANY:
+                    family = AF_UNSPEC;
+                    break;
+                default:
+                    BIOerr(BIO_F_CONN_STATE, BIO_R_UNSUPPORTED_IP_FAMILY);
+                    goto exit_loop;
+                }
+                if (BIO_lookup(c->param_hostname, c->param_service,
+                               BIO_LOOKUP_CLIENT,
+                               family, SOCK_STREAM, &c->addr_first) == 0)
+                    goto exit_loop;
+            }
+            if (c->addr_first == NULL) {
+                BIOerr(BIO_F_CONN_STATE, BIO_R_LOOKUP_RETURNED_NOTHING);
+                goto exit_loop;
+            }
+            c->addr_iter = c->addr_first;
+            c->state = BIO_CONN_S_CREATE_SOCKET;
+            break;
+
+        case BIO_CONN_S_CREATE_SOCKET:
+            ret = BIO_socket(BIO_ADDRINFO_family(c->addr_iter),
+                             BIO_ADDRINFO_socktype(c->addr_iter),
+                             BIO_ADDRINFO_protocol(c->addr_iter), 0);
+            if (ret == (int)INVALID_SOCKET) {
+                SYSerr(SYS_F_SOCKET, get_last_socket_error());
+                ERR_add_error_data(4,
+                                   "hostname=", c->param_hostname,
+                                   " service=", c->param_service);
+                BIOerr(BIO_F_CONN_STATE, BIO_R_UNABLE_TO_CREATE_SOCKET);
+                goto exit_loop;
+            }
+            b->num = ret;
+            c->state = BIO_CONN_S_CONNECT;
+            break;
+
+        case BIO_CONN_S_CONNECT:
+            BIO_clear_retry_flags(b);
+            ret = BIO_connect(b->num, BIO_ADDRINFO_address(c->addr_iter),
+                              BIO_SOCK_KEEPALIVE | c->connect_mode);
+            b->retry_reason = 0;
+            if (ret == 0) {
+                if (BIO_sock_should_retry(ret)) {
+                    BIO_set_retry_special(b);
+                    c->state = BIO_CONN_S_BLOCKED_CONNECT;
+                    b->retry_reason = BIO_RR_CONNECT;
+                    ERR_clear_error();
+                } else if ((c->addr_iter = BIO_ADDRINFO_next(c->addr_iter))
+                           != NULL) {
+                    /*
+                     * if there are more addresses to try, do that first
+                     */
+                    BIO_closesocket(b->num);
+                    c->state = BIO_CONN_S_CREATE_SOCKET;
+                    ERR_clear_error();
+                    break;
+                } else {
+                    SYSerr(SYS_F_CONNECT, get_last_socket_error());
+                    ERR_add_error_data(4,
+                                       "hostname=", c->param_hostname,
+                                       " service=", c->param_service);
+                    BIOerr(BIO_F_CONN_STATE, BIO_R_CONNECT_ERROR);
+                }
+                goto exit_loop;
+            } else {
+                c->state = BIO_CONN_S_OK;
+            }
+            break;
+
+        case BIO_CONN_S_BLOCKED_CONNECT:
+            i = BIO_sock_error(b->num);
+            if (i) {
+                BIO_clear_retry_flags(b);
+                SYSerr(SYS_F_CONNECT, i);
+                ERR_add_error_data(4,
+                                   "hostname=", c->param_hostname,
+                                   " service=", c->param_service);
+                BIOerr(BIO_F_CONN_STATE, BIO_R_NBIO_CONNECT_ERROR);
+                ret = 0;
+                goto exit_loop;
+            } else
+                c->state = BIO_CONN_S_OK;
+            break;
+
+        case BIO_CONN_S_OK:
+            ret = 1;
+            goto exit_loop;
+        default:
+            /* abort(); */
+            goto exit_loop;
+        }
+
+        if (cb != NULL) {
+            if ((ret = cb((BIO *)b, c->state, ret)) == 0)
+                goto end;
+        }
+    }
+
+    /* Loop does not exit */
+ exit_loop:
+    if (cb != NULL)
+        ret = cb((BIO *)b, c->state, ret);
+ end:
+    return ret;
+}
+
+BIO_CONNECT *BIO_CONNECT_new(void)
+{
+    BIO_CONNECT *ret;
+
+    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) {
+        BIOerr(BIO_F_BIO_CONNECT_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    ret->state = BIO_CONN_S_BEFORE;
+    ret->connect_family = BIO_FAMILY_IPANY;
+    return ret;
+}
+
+void BIO_CONNECT_free(BIO_CONNECT *a)
+{
+    if (a == NULL)
+        return;
+    OPENSSL_free(a->param_hostname);
+    OPENSSL_free(a->param_service);
+    BIO_ADDRINFO_free(a->addr_first);
+    OPENSSL_free(a);
+}
+
+const BIO_METHOD *BIO_s_connect(void)
+{
+    return &methods_connectp;
+}
+
+static int conn_new(BIO *bi)
+{
+    bi->init = 0;
+    bi->num = (int)INVALID_SOCKET;
+    bi->flags = 0;
+    if ((bi->ptr = (char *)BIO_CONNECT_new()) == NULL)
+        return 0;
+    else
+        return 1;
+}
+
+static void conn_close_socket(BIO *bio)
+{
+    BIO_CONNECT *c;
+
+    c = (BIO_CONNECT *)bio->ptr;
+    if (bio->num != (int)INVALID_SOCKET) {
+        /* Only do a shutdown if things were established */
+        if (c->state == BIO_CONN_S_OK)
+            shutdown(bio->num, 2);
+        BIO_closesocket(bio->num);
+        bio->num = (int)INVALID_SOCKET;
+    }
+}
+
+static int conn_free(BIO *a)
+{
+    BIO_CONNECT *data;
+
+    if (a == NULL)
+        return 0;
+    data = (BIO_CONNECT *)a->ptr;
+
+    if (a->shutdown) {
+        conn_close_socket(a);
+        BIO_CONNECT_free(data);
+        a->ptr = NULL;
+        a->flags = 0;
+        a->init = 0;
+    }
+    return 1;
+}
+
+static int conn_read(BIO *b, char *out, int outl)
+{
+    int ret = 0;
+    BIO_CONNECT *data;
+
+    data = (BIO_CONNECT *)b->ptr;
+    if (data->state != BIO_CONN_S_OK) {
+        ret = conn_state(b, data);
+        if (ret <= 0)
+            return ret;
+    }
+
+    if (out != NULL) {
+        clear_socket_error();
+        ret = readsocket(b->num, out, outl);
+        BIO_clear_retry_flags(b);
+        if (ret <= 0) {
+            if (BIO_sock_should_retry(ret))
+                BIO_set_retry_read(b);
+        }
+    }
+    return ret;
+}
+
+static int conn_write(BIO *b, const char *in, int inl)
+{
+    int ret;
+    BIO_CONNECT *data;
+
+    data = (BIO_CONNECT *)b->ptr;
+    if (data->state != BIO_CONN_S_OK) {
+        ret = conn_state(b, data);
+        if (ret <= 0)
+            return ret;
+    }
+
+    clear_socket_error();
+    ret = writesocket(b->num, in, inl);
+    BIO_clear_retry_flags(b);
+    if (ret <= 0) {
+        if (BIO_sock_should_retry(ret))
+            BIO_set_retry_write(b);
+    }
+    return ret;
+}
+
+static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    BIO *dbio;
+    int *ip;
+    const char **pptr = NULL;
+    long ret = 1;
+    BIO_CONNECT *data;
+
+    data = (BIO_CONNECT *)b->ptr;
+
+    switch (cmd) {
+    case BIO_CTRL_RESET:
+        ret = 0;
+        data->state = BIO_CONN_S_BEFORE;
+        conn_close_socket(b);
+        BIO_ADDRINFO_free(data->addr_first);
+        data->addr_first = NULL;
+        b->flags = 0;
+        break;
+    case BIO_C_DO_STATE_MACHINE:
+        /* use this one to start the connection */
+        if (data->state != BIO_CONN_S_OK)
+            ret = (long)conn_state(b, data);
+        else
+            ret = 1;
+        break;
+    case BIO_C_GET_CONNECT:
+        if (ptr != NULL) {
+            pptr = (const char **)ptr;
+            if (num == 0) {
+                *pptr = data->param_hostname;
+            } else if (num == 1) {
+                *pptr = data->param_service;
+            } else if (num == 2) {
+                *pptr = (const char *)BIO_ADDRINFO_address(data->addr_iter);
+            } else if (num == 3) {
+                switch (BIO_ADDRINFO_family(data->addr_iter)) {
+# ifdef AF_INET6
+                case AF_INET6:
+                    ret = BIO_FAMILY_IPV6;
+                    break;
+# endif
+                case AF_INET:
+                    ret = BIO_FAMILY_IPV4;
+                    break;
+                case 0:
+                    ret = data->connect_family;
+                    break;
+                default:
+                    ret = -1;
+                    break;
+                }
+            } else {
+                ret = 0;
+            }
+        } else {
+            ret = 0;
+        }
+        break;
+    case BIO_C_SET_CONNECT:
+        if (ptr != NULL) {
+            b->init = 1;
+            if (num == 0) {
+                char *hold_service = data->param_service;
+                /* We affect the hostname regardless.  However, the input
+                 * string might contain a host:service spec, so we must
+                 * parse it, which might or might not affect the service
+                 */
+                OPENSSL_free(data->param_hostname);
+                data->param_hostname = NULL;
+                ret = BIO_parse_hostserv(ptr,
+                                         &data->param_hostname,
+                                         &data->param_service,
+                                         BIO_PARSE_PRIO_HOST);
+                if (hold_service != data->param_service)
+                    OPENSSL_free(hold_service);
+            } else if (num == 1) {
+                OPENSSL_free(data->param_service);
+                data->param_service = BUF_strdup(ptr);
+            } else if (num == 2) {
+                const BIO_ADDR *addr = (const BIO_ADDR *)ptr;
+                if (ret) {
+                    data->param_hostname = BIO_ADDR_hostname_string(addr, 1);
+                    data->param_service = BIO_ADDR_service_string(addr, 1);
+                    BIO_ADDRINFO_free(data->addr_first);
+                    data->addr_first = NULL;
+                    data->addr_iter = NULL;
+                }
+            } else if (num == 3) {
+                data->connect_family = *(int *)ptr;
+            } else {
+                ret = 0;
+            }
+        }
+        break;
+    case BIO_C_SET_NBIO:
+        if (num != 0)
+            data->connect_mode |= BIO_SOCK_NONBLOCK;
+        else
+            data->connect_mode &= ~BIO_SOCK_NONBLOCK;
+        break;
+    case BIO_C_SET_CONNECT_MODE:
+        data->connect_mode = (int)num;
+        break;
+    case BIO_C_GET_FD:
+        if (b->init) {
+            ip = (int *)ptr;
+            if (ip != NULL)
+                *ip = b->num;
+            ret = b->num;
+        } else
+            ret = -1;
+        break;
+    case BIO_CTRL_GET_CLOSE:
+        ret = b->shutdown;
+        break;
+    case BIO_CTRL_SET_CLOSE:
+        b->shutdown = (int)num;
+        break;
+    case BIO_CTRL_PENDING:
+    case BIO_CTRL_WPENDING:
+        ret = 0;
+        break;
+    case BIO_CTRL_FLUSH:
+        break;
+    case BIO_CTRL_DUP:
+        {
+            dbio = (BIO *)ptr;
+            if (data->param_hostname)
+                BIO_set_conn_hostname(dbio, data->param_hostname);
+            if (data->param_service)
+                BIO_set_conn_port(dbio, data->param_service);
+            BIO_set_conn_ip_family(dbio, data->connect_family);
+            BIO_set_conn_mode(dbio, data->connect_mode);
+            /*
+             * FIXME: the cast of the function seems unlikely to be a good
+             * idea
+             */
+            (void)BIO_set_info_callback(dbio, data->info_callback);
+        }
+        break;
+    case BIO_CTRL_SET_CALLBACK:
+        ret = 0; /* use callback ctrl */
+        break;
+    case BIO_CTRL_GET_CALLBACK:
+        {
+            BIO_info_cb **fptr;
+
+            fptr = (BIO_info_cb **)ptr;
+            *fptr = data->info_callback;
+        }
+        break;
+    default:
+        ret = 0;
+        break;
+    }
+    return ret;
+}
+
+static long conn_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
+{
+    long ret = 1;
+    BIO_CONNECT *data;
+
+    data = (BIO_CONNECT *)b->ptr;
+
+    switch (cmd) {
+    case BIO_CTRL_SET_CALLBACK:
+        {
+            data->info_callback = fp;
+        }
+        break;
+    default:
+        ret = 0;
+        break;
+    }
+    return ret;
+}
+
+static int conn_puts(BIO *bp, const char *str)
+{
+    int n, ret;
+
+    n = strlen(str);
+    ret = conn_write(bp, str, n);
+    return ret;
+}
+
+BIO *BIO_new_connect(const char *str)
+{
+    BIO *ret;
+
+    ret = BIO_new(BIO_s_connect());
+    if (ret == NULL)
+        return NULL;
+    if (BIO_set_conn_hostname(ret, str))
+        return ret;
+    BIO_free(ret);
+    return NULL;
+}
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_dgram.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_dgram.c
new file mode 100644
index 000000000..d5fe5bb5a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_dgram.c
@@ -0,0 +1,1925 @@
+/*
+ * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <errno.h>
+
+#include "bio_lcl.h"
+#ifndef OPENSSL_NO_DGRAM
+
+# ifndef OPENSSL_NO_SCTP
+#  include <netinet/sctp.h>
+#  include <fcntl.h>
+#  define OPENSSL_SCTP_DATA_CHUNK_TYPE            0x00
+#  define OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE 0xc0
+# endif
+
+# if defined(OPENSSL_SYS_LINUX) && !defined(IP_MTU)
+#  define IP_MTU      14        /* linux is lame */
+# endif
+
+# if OPENSSL_USE_IPV6 && !defined(IPPROTO_IPV6)
+#  define IPPROTO_IPV6 41       /* windows is lame */
+# endif
+
+# if defined(__FreeBSD__) && defined(IN6_IS_ADDR_V4MAPPED)
+/* Standard definition causes type-punning problems. */
+#  undef IN6_IS_ADDR_V4MAPPED
+#  define s6_addr32 __u6_addr.__u6_addr32
+#  define IN6_IS_ADDR_V4MAPPED(a)               \
+        (((a)->s6_addr32[0] == 0) &&          \
+         ((a)->s6_addr32[1] == 0) &&          \
+         ((a)->s6_addr32[2] == htonl(0x0000ffff)))
+# endif
+
+static int dgram_write(BIO *h, const char *buf, int num);
+static int dgram_read(BIO *h, char *buf, int size);
+static int dgram_puts(BIO *h, const char *str);
+static long dgram_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int dgram_new(BIO *h);
+static int dgram_free(BIO *data);
+static int dgram_clear(BIO *bio);
+
+# ifndef OPENSSL_NO_SCTP
+static int dgram_sctp_write(BIO *h, const char *buf, int num);
+static int dgram_sctp_read(BIO *h, char *buf, int size);
+static int dgram_sctp_puts(BIO *h, const char *str);
+static long dgram_sctp_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int dgram_sctp_new(BIO *h);
+static int dgram_sctp_free(BIO *data);
+#  ifdef SCTP_AUTHENTICATION_EVENT
+static void dgram_sctp_handle_auth_free_key_event(BIO *b, union sctp_notification
+                                                  *snp);
+#  endif
+# endif
+
+static int BIO_dgram_should_retry(int s);
+
+static void get_current_time(struct timeval *t);
+
+static const BIO_METHOD methods_dgramp = {
+    BIO_TYPE_DGRAM,
+    "datagram socket",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
+    dgram_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
+    dgram_read,
+    dgram_puts,
+    NULL,                       /* dgram_gets,         */
+    dgram_ctrl,
+    dgram_new,
+    dgram_free,
+    NULL,                       /* dgram_callback_ctrl */
+};
+
+# ifndef OPENSSL_NO_SCTP
+static const BIO_METHOD methods_dgramp_sctp = {
+    BIO_TYPE_DGRAM_SCTP,
+    "datagram sctp socket",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
+    dgram_sctp_write,
+    /* TODO: Convert to new style write function */
+    bread_conv,
+    dgram_sctp_read,
+    dgram_sctp_puts,
+    NULL,                       /* dgram_gets,         */
+    dgram_sctp_ctrl,
+    dgram_sctp_new,
+    dgram_sctp_free,
+    NULL,                       /* dgram_callback_ctrl */
+};
+# endif
+
+typedef struct bio_dgram_data_st {
+    BIO_ADDR peer;
+    unsigned int connected;
+    unsigned int _errno;
+    unsigned int mtu;
+    struct timeval next_timeout;
+    struct timeval socket_timeout;
+    unsigned int peekmode;
+} bio_dgram_data;
+
+# ifndef OPENSSL_NO_SCTP
+typedef struct bio_dgram_sctp_save_message_st {
+    BIO *bio;
+    char *data;
+    int length;
+} bio_dgram_sctp_save_message;
+
+typedef struct bio_dgram_sctp_data_st {
+    BIO_ADDR peer;
+    unsigned int connected;
+    unsigned int _errno;
+    unsigned int mtu;
+    struct bio_dgram_sctp_sndinfo sndinfo;
+    struct bio_dgram_sctp_rcvinfo rcvinfo;
+    struct bio_dgram_sctp_prinfo prinfo;
+    void (*handle_notifications) (BIO *bio, void *context, void *buf);
+    void *notification_context;
+    int in_handshake;
+    int ccs_rcvd;
+    int ccs_sent;
+    int save_shutdown;
+    int peer_auth_tested;
+} bio_dgram_sctp_data;
+# endif
+
+const BIO_METHOD *BIO_s_datagram(void)
+{
+    return &methods_dgramp;
+}
+
+BIO *BIO_new_dgram(int fd, int close_flag)
+{
+    BIO *ret;
+
+    ret = BIO_new(BIO_s_datagram());
+    if (ret == NULL)
+        return NULL;
+    BIO_set_fd(ret, fd, close_flag);
+    return ret;
+}
+
+static int dgram_new(BIO *bi)
+{
+    bio_dgram_data *data = OPENSSL_zalloc(sizeof(*data));
+
+    if (data == NULL)
+        return 0;
+    bi->ptr = data;
+    return 1;
+}
+
+static int dgram_free(BIO *a)
+{
+    bio_dgram_data *data;
+
+    if (a == NULL)
+        return 0;
+    if (!dgram_clear(a))
+        return 0;
+
+    data = (bio_dgram_data *)a->ptr;
+    OPENSSL_free(data);
+
+    return 1;
+}
+
+static int dgram_clear(BIO *a)
+{
+    if (a == NULL)
+        return 0;
+    if (a->shutdown) {
+        if (a->init) {
+            BIO_closesocket(a->num);
+        }
+        a->init = 0;
+        a->flags = 0;
+    }
+    return 1;
+}
+
+static void dgram_adjust_rcv_timeout(BIO *b)
+{
+# if defined(SO_RCVTIMEO)
+    bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+    union {
+        size_t s;
+        int i;
+    } sz = {
+        0
+    };
+
+    /* Is a timer active? */
+    if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0) {
+        struct timeval timenow, timeleft;
+
+        /* Read current socket timeout */
+#  ifdef OPENSSL_SYS_WINDOWS
+        int timeout;
+
+        sz.i = sizeof(timeout);
+        if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+                       (void *)&timeout, &sz.i) < 0) {
+            perror("getsockopt");
+        } else {
+            data->socket_timeout.tv_sec = timeout / 1000;
+            data->socket_timeout.tv_usec = (timeout % 1000) * 1000;
+        }
+#  else
+        sz.i = sizeof(data->socket_timeout);
+        if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+                       &(data->socket_timeout), (void *)&sz) < 0) {
+            perror("getsockopt");
+        } else if (sizeof(sz.s) != sizeof(sz.i) && sz.i == 0)
+            OPENSSL_assert(sz.s <= sizeof(data->socket_timeout));
+#  endif
+
+        /* Get current time */
+        get_current_time(&timenow);
+
+        /* Calculate time left until timer expires */
+        memcpy(&timeleft, &(data->next_timeout), sizeof(struct timeval));
+        if (timeleft.tv_usec < timenow.tv_usec) {
+            timeleft.tv_usec = 1000000 - timenow.tv_usec + timeleft.tv_usec;
+            timeleft.tv_sec--;
+        } else {
+            timeleft.tv_usec -= timenow.tv_usec;
+        }
+        if (timeleft.tv_sec < timenow.tv_sec) {
+            timeleft.tv_sec = 0;
+            timeleft.tv_usec = 1;
+        } else {
+            timeleft.tv_sec -= timenow.tv_sec;
+        }
+
+        /*
+         * Adjust socket timeout if next handshake message timer will expire
+         * earlier.
+         */
+        if ((data->socket_timeout.tv_sec == 0
+             && data->socket_timeout.tv_usec == 0)
+            || (data->socket_timeout.tv_sec > timeleft.tv_sec)
+            || (data->socket_timeout.tv_sec == timeleft.tv_sec
+                && data->socket_timeout.tv_usec >= timeleft.tv_usec)) {
+#  ifdef OPENSSL_SYS_WINDOWS
+            timeout = timeleft.tv_sec * 1000 + timeleft.tv_usec / 1000;
+            if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+                           (void *)&timeout, sizeof(timeout)) < 0) {
+                perror("setsockopt");
+            }
+#  else
+            if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &timeleft,
+                           sizeof(struct timeval)) < 0) {
+                perror("setsockopt");
+            }
+#  endif
+        }
+    }
+# endif
+}
+
+static void dgram_reset_rcv_timeout(BIO *b)
+{
+# if defined(SO_RCVTIMEO)
+    bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+
+    /* Is a timer active? */
+    if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0) {
+#  ifdef OPENSSL_SYS_WINDOWS
+        int timeout = data->socket_timeout.tv_sec * 1000 +
+            data->socket_timeout.tv_usec / 1000;
+        if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+                       (void *)&timeout, sizeof(timeout)) < 0) {
+            perror("setsockopt");
+        }
+#  else
+        if (setsockopt
+            (b->num, SOL_SOCKET, SO_RCVTIMEO, &(data->socket_timeout),
+             sizeof(struct timeval)) < 0) {
+            perror("setsockopt");
+        }
+#  endif
+    }
+# endif
+}
+
+static int dgram_read(BIO *b, char *out, int outl)
+{
+    int ret = 0;
+    bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+    int flags = 0;
+
+    BIO_ADDR peer;
+    socklen_t len = sizeof(peer);
+
+    if (out != NULL) {
+        clear_socket_error();
+        memset(&peer, 0, sizeof(peer));
+        dgram_adjust_rcv_timeout(b);
+        if (data->peekmode)
+            flags = MSG_PEEK;
+        ret = recvfrom(b->num, out, outl, flags,
+                       BIO_ADDR_sockaddr_noconst(&peer), &len);
+
+        if (!data->connected && ret >= 0)
+            BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &peer);
+
+        BIO_clear_retry_flags(b);
+        if (ret < 0) {
+            if (BIO_dgram_should_retry(ret)) {
+                BIO_set_retry_read(b);
+                data->_errno = get_last_socket_error();
+            }
+        }
+
+        dgram_reset_rcv_timeout(b);
+    }
+    return ret;
+}
+
+static int dgram_write(BIO *b, const char *in, int inl)
+{
+    int ret;
+    bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+    clear_socket_error();
+
+    if (data->connected)
+        ret = writesocket(b->num, in, inl);
+    else {
+        int peerlen = BIO_ADDR_sockaddr_size(&data->peer);
+
+        ret = sendto(b->num, in, inl, 0,
+                     BIO_ADDR_sockaddr(&data->peer), peerlen);
+    }
+
+    BIO_clear_retry_flags(b);
+    if (ret <= 0) {
+        if (BIO_dgram_should_retry(ret)) {
+            BIO_set_retry_write(b);
+            data->_errno = get_last_socket_error();
+        }
+    }
+    return ret;
+}
+
+static long dgram_get_mtu_overhead(bio_dgram_data *data)
+{
+    long ret;
+
+    switch (BIO_ADDR_family(&data->peer)) {
+    case AF_INET:
+        /*
+         * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP
+         */
+        ret = 28;
+        break;
+# if OPENSSL_USE_IPV6
+    case AF_INET6:
+        {
+#  ifdef IN6_IS_ADDR_V4MAPPED
+            struct in6_addr tmp_addr;
+            if (BIO_ADDR_rawaddress(&data->peer, &tmp_addr, NULL)
+                && IN6_IS_ADDR_V4MAPPED(&tmp_addr))
+                /*
+                 * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP
+                 */
+                ret = 28;
+            else
+#  endif
+            /*
+             * Assume this is UDP - 40 bytes for IP, 8 bytes for UDP
+             */
+            ret = 48;
+        }
+        break;
+# endif
+    default:
+        /* We don't know. Go with the historical default */
+        ret = 28;
+        break;
+    }
+    return ret;
+}
+
+static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    long ret = 1;
+    int *ip;
+    bio_dgram_data *data = NULL;
+    int sockopt_val = 0;
+    int d_errno;
+# if defined(OPENSSL_SYS_LINUX) && (defined(IP_MTU_DISCOVER) || defined(IP_MTU))
+    socklen_t sockopt_len;      /* assume that system supporting IP_MTU is
+                                 * modern enough to define socklen_t */
+    socklen_t addr_len;
+    BIO_ADDR addr;
+# endif
+
+    data = (bio_dgram_data *)b->ptr;
+
+    switch (cmd) {
+    case BIO_CTRL_RESET:
+        num = 0;
+        ret = 0;
+        break;
+    case BIO_CTRL_INFO:
+        ret = 0;
+        break;
+    case BIO_C_SET_FD:
+        dgram_clear(b);
+        b->num = *((int *)ptr);
+        b->shutdown = (int)num;
+        b->init = 1;
+        break;
+    case BIO_C_GET_FD:
+        if (b->init) {
+            ip = (int *)ptr;
+            if (ip != NULL)
+                *ip = b->num;
+            ret = b->num;
+        } else
+            ret = -1;
+        break;
+    case BIO_CTRL_GET_CLOSE:
+        ret = b->shutdown;
+        break;
+    case BIO_CTRL_SET_CLOSE:
+        b->shutdown = (int)num;
+        break;
+    case BIO_CTRL_PENDING:
+    case BIO_CTRL_WPENDING:
+        ret = 0;
+        break;
+    case BIO_CTRL_DUP:
+    case BIO_CTRL_FLUSH:
+        ret = 1;
+        break;
+    case BIO_CTRL_DGRAM_CONNECT:
+        BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr));
+        break;
+        /* (Linux)kernel sets DF bit on outgoing IP packets */
+    case BIO_CTRL_DGRAM_MTU_DISCOVER:
+# if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO)
+        addr_len = (socklen_t) sizeof(addr);
+        memset(&addr, 0, sizeof(addr));
+        if (getsockname(b->num, &addr.sa, &addr_len) < 0) {
+            ret = 0;
+            break;
+        }
+        switch (addr.sa.sa_family) {
+        case AF_INET:
+            sockopt_val = IP_PMTUDISC_DO;
+            if ((ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER,
+                                  &sockopt_val, sizeof(sockopt_val))) < 0)
+                perror("setsockopt");
+            break;
+#  if OPENSSL_USE_IPV6 && defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_DO)
+        case AF_INET6:
+            sockopt_val = IPV6_PMTUDISC_DO;
+            if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
+                                  &sockopt_val, sizeof(sockopt_val))) < 0)
+                perror("setsockopt");
+            break;
+#  endif
+        default:
+            ret = -1;
+            break;
+        }
+# else
+        ret = -1;
+# endif
+        break;
+    case BIO_CTRL_DGRAM_QUERY_MTU:
+# if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU)
+        addr_len = (socklen_t) sizeof(addr);
+        memset(&addr, 0, sizeof(addr));
+        if (getsockname(b->num, &addr.sa, &addr_len) < 0) {
+            ret = 0;
+            break;
+        }
+        sockopt_len = sizeof(sockopt_val);
+        switch (addr.sa.sa_family) {
+        case AF_INET:
+            if ((ret =
+                 getsockopt(b->num, IPPROTO_IP, IP_MTU, (void *)&sockopt_val,
+                            &sockopt_len)) < 0 || sockopt_val < 0) {
+                ret = 0;
+            } else {
+                /*
+                 * we assume that the transport protocol is UDP and no IP
+                 * options are used.
+                 */
+                data->mtu = sockopt_val - 8 - 20;
+                ret = data->mtu;
+            }
+            break;
+#  if OPENSSL_USE_IPV6 && defined(IPV6_MTU)
+        case AF_INET6:
+            if ((ret =
+                 getsockopt(b->num, IPPROTO_IPV6, IPV6_MTU,
+                            (void *)&sockopt_val, &sockopt_len)) < 0
+                || sockopt_val < 0) {
+                ret = 0;
+            } else {
+                /*
+                 * we assume that the transport protocol is UDP and no IPV6
+                 * options are used.
+                 */
+                data->mtu = sockopt_val - 8 - 40;
+                ret = data->mtu;
+            }
+            break;
+#  endif
+        default:
+            ret = 0;
+            break;
+        }
+# else
+        ret = 0;
+# endif
+        break;
+    case BIO_CTRL_DGRAM_GET_FALLBACK_MTU:
+        ret = -dgram_get_mtu_overhead(data);
+        switch (BIO_ADDR_family(&data->peer)) {
+        case AF_INET:
+            ret += 576;
+            break;
+# if OPENSSL_USE_IPV6
+        case AF_INET6:
+            {
+#  ifdef IN6_IS_ADDR_V4MAPPED
+                struct in6_addr tmp_addr;
+                if (BIO_ADDR_rawaddress(&data->peer, &tmp_addr, NULL)
+                    && IN6_IS_ADDR_V4MAPPED(&tmp_addr))
+                    ret += 576;
+                else
+#  endif
+                    ret += 1280;
+            }
+            break;
+# endif
+        default:
+            ret += 576;
+            break;
+        }
+        break;
+    case BIO_CTRL_DGRAM_GET_MTU:
+        return data->mtu;
+    case BIO_CTRL_DGRAM_SET_MTU:
+        data->mtu = num;
+        ret = num;
+        break;
+    case BIO_CTRL_DGRAM_SET_CONNECTED:
+        if (ptr != NULL) {
+            data->connected = 1;
+            BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr));
+        } else {
+            data->connected = 0;
+            memset(&data->peer, 0, sizeof(data->peer));
+        }
+        break;
+    case BIO_CTRL_DGRAM_GET_PEER:
+        ret = BIO_ADDR_sockaddr_size(&data->peer);
+        /* FIXME: if num < ret, we will only return part of an address.
+           That should bee an error, no? */
+        if (num == 0 || num > ret)
+            num = ret;
+        memcpy(ptr, &data->peer, (ret = num));
+        break;
+    case BIO_CTRL_DGRAM_SET_PEER:
+        BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr));
+        break;
+    case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT:
+        memcpy(&(data->next_timeout), ptr, sizeof(struct timeval));
+        break;
+# if defined(SO_RCVTIMEO)
+    case BIO_CTRL_DGRAM_SET_RECV_TIMEOUT:
+#  ifdef OPENSSL_SYS_WINDOWS
+        {
+            struct timeval *tv = (struct timeval *)ptr;
+            int timeout = tv->tv_sec * 1000 + tv->tv_usec / 1000;
+            if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+                           (void *)&timeout, sizeof(timeout)) < 0) {
+                perror("setsockopt");
+                ret = -1;
+            }
+        }
+#  else
+        if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, ptr,
+                       sizeof(struct timeval)) < 0) {
+            perror("setsockopt");
+            ret = -1;
+        }
+#  endif
+        break;
+    case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT:
+        {
+            union {
+                size_t s;
+                int i;
+            } sz = {
+                0
+            };
+#  ifdef OPENSSL_SYS_WINDOWS
+            int timeout;
+            struct timeval *tv = (struct timeval *)ptr;
+
+            sz.i = sizeof(timeout);
+            if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+                           (void *)&timeout, &sz.i) < 0) {
+                perror("getsockopt");
+                ret = -1;
+            } else {
+                tv->tv_sec = timeout / 1000;
+                tv->tv_usec = (timeout % 1000) * 1000;
+                ret = sizeof(*tv);
+            }
+#  else
+            sz.i = sizeof(struct timeval);
+            if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+                           ptr, (void *)&sz) < 0) {
+                perror("getsockopt");
+                ret = -1;
+            } else if (sizeof(sz.s) != sizeof(sz.i) && sz.i == 0) {
+                OPENSSL_assert(sz.s <= sizeof(struct timeval));
+                ret = (int)sz.s;
+            } else
+                ret = sz.i;
+#  endif
+        }
+        break;
+# endif
+# if defined(SO_SNDTIMEO)
+    case BIO_CTRL_DGRAM_SET_SEND_TIMEOUT:
+#  ifdef OPENSSL_SYS_WINDOWS
+        {
+            struct timeval *tv = (struct timeval *)ptr;
+            int timeout = tv->tv_sec * 1000 + tv->tv_usec / 1000;
+            if (setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
+                           (void *)&timeout, sizeof(timeout)) < 0) {
+                perror("setsockopt");
+                ret = -1;
+            }
+        }
+#  else
+        if (setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, ptr,
+                       sizeof(struct timeval)) < 0) {
+            perror("setsockopt");
+            ret = -1;
+        }
+#  endif
+        break;
+    case BIO_CTRL_DGRAM_GET_SEND_TIMEOUT:
+        {
+            union {
+                size_t s;
+                int i;
+            } sz = {
+                0
+            };
+#  ifdef OPENSSL_SYS_WINDOWS
+            int timeout;
+            struct timeval *tv = (struct timeval *)ptr;
+
+            sz.i = sizeof(timeout);
+            if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
+                           (void *)&timeout, &sz.i) < 0) {
+                perror("getsockopt");
+                ret = -1;
+            } else {
+                tv->tv_sec = timeout / 1000;
+                tv->tv_usec = (timeout % 1000) * 1000;
+                ret = sizeof(*tv);
+            }
+#  else
+            sz.i = sizeof(struct timeval);
+            if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
+                           ptr, (void *)&sz) < 0) {
+                perror("getsockopt");
+                ret = -1;
+            } else if (sizeof(sz.s) != sizeof(sz.i) && sz.i == 0) {
+                OPENSSL_assert(sz.s <= sizeof(struct timeval));
+                ret = (int)sz.s;
+            } else
+                ret = sz.i;
+#  endif
+        }
+        break;
+# endif
+    case BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP:
+        /* fall-through */
+    case BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP:
+# ifdef OPENSSL_SYS_WINDOWS
+        d_errno = (data->_errno == WSAETIMEDOUT);
+# else
+        d_errno = (data->_errno == EAGAIN);
+# endif
+        if (d_errno) {
+            ret = 1;
+            data->_errno = 0;
+        } else
+            ret = 0;
+        break;
+# ifdef EMSGSIZE
+    case BIO_CTRL_DGRAM_MTU_EXCEEDED:
+        if (data->_errno == EMSGSIZE) {
+            ret = 1;
+            data->_errno = 0;
+        } else
+            ret = 0;
+        break;
+# endif
+    case BIO_CTRL_DGRAM_SET_DONT_FRAG:
+        sockopt_val = num ? 1 : 0;
+
+        switch (data->peer.sa.sa_family) {
+        case AF_INET:
+# if defined(IP_DONTFRAG)
+            if ((ret = setsockopt(b->num, IPPROTO_IP, IP_DONTFRAG,
+                                  &sockopt_val, sizeof(sockopt_val))) < 0) {
+                perror("setsockopt");
+                ret = -1;
+            }
+# elif defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined (IP_PMTUDISC_PROBE)
+            if ((sockopt_val = num ? IP_PMTUDISC_PROBE : IP_PMTUDISC_DONT),
+                (ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER,
+                                  &sockopt_val, sizeof(sockopt_val))) < 0) {
+                perror("setsockopt");
+                ret = -1;
+            }
+# elif defined(OPENSSL_SYS_WINDOWS) && defined(IP_DONTFRAGMENT)
+            if ((ret = setsockopt(b->num, IPPROTO_IP, IP_DONTFRAGMENT,
+                                  (const char *)&sockopt_val,
+                                  sizeof(sockopt_val))) < 0) {
+                perror("setsockopt");
+                ret = -1;
+            }
+# else
+            ret = -1;
+# endif
+            break;
+# if OPENSSL_USE_IPV6
+        case AF_INET6:
+#  if defined(IPV6_DONTFRAG)
+            if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_DONTFRAG,
+                                  (const void *)&sockopt_val,
+                                  sizeof(sockopt_val))) < 0) {
+                perror("setsockopt");
+                ret = -1;
+            }
+#  elif defined(OPENSSL_SYS_LINUX) && defined(IPV6_MTUDISCOVER)
+            if ((sockopt_val = num ? IP_PMTUDISC_PROBE : IP_PMTUDISC_DONT),
+                (ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
+                                  &sockopt_val, sizeof(sockopt_val))) < 0) {
+                perror("setsockopt");
+                ret = -1;
+            }
+#  else
+            ret = -1;
+#  endif
+            break;
+# endif
+        default:
+            ret = -1;
+            break;
+        }
+        break;
+    case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD:
+        ret = dgram_get_mtu_overhead(data);
+        break;
+
+    /*
+     * BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE is used here for compatibility
+     * reasons. When BIO_CTRL_DGRAM_SET_PEEK_MODE was first defined its value
+     * was incorrectly clashing with BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE. The
+     * value has been updated to a non-clashing value. However to preserve
+     * binary compatiblity we now respond to both the old value and the new one
+     */
+    case BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE:
+    case BIO_CTRL_DGRAM_SET_PEEK_MODE:
+        data->peekmode = (unsigned int)num;
+        break;
+    default:
+        ret = 0;
+        break;
+    }
+    return ret;
+}
+
+static int dgram_puts(BIO *bp, const char *str)
+{
+    int n, ret;
+
+    n = strlen(str);
+    ret = dgram_write(bp, str, n);
+    return ret;
+}
+
+# ifndef OPENSSL_NO_SCTP
+const BIO_METHOD *BIO_s_datagram_sctp(void)
+{
+    return &methods_dgramp_sctp;
+}
+
+BIO *BIO_new_dgram_sctp(int fd, int close_flag)
+{
+    BIO *bio;
+    int ret, optval = 20000;
+    int auth_data = 0, auth_forward = 0;
+    unsigned char *p;
+    struct sctp_authchunk auth;
+    struct sctp_authchunks *authchunks;
+    socklen_t sockopt_len;
+#  ifdef SCTP_AUTHENTICATION_EVENT
+#   ifdef SCTP_EVENT
+    struct sctp_event event;
+#   else
+    struct sctp_event_subscribe event;
+#   endif
+#  endif
+
+    bio = BIO_new(BIO_s_datagram_sctp());
+    if (bio == NULL)
+        return NULL;
+    BIO_set_fd(bio, fd, close_flag);
+
+    /* Activate SCTP-AUTH for DATA and FORWARD-TSN chunks */
+    auth.sauth_chunk = OPENSSL_SCTP_DATA_CHUNK_TYPE;
+    ret =
+        setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth,
+                   sizeof(struct sctp_authchunk));
+    if (ret < 0) {
+        BIO_vfree(bio);
+        BIOerr(BIO_F_BIO_NEW_DGRAM_SCTP, ERR_R_SYS_LIB);
+        ERR_add_error_data(1, "Ensure SCTP AUTH chunks are enabled in kernel");
+        return NULL;
+    }
+    auth.sauth_chunk = OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE;
+    ret =
+        setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth,
+                   sizeof(struct sctp_authchunk));
+    if (ret < 0) {
+        BIO_vfree(bio);
+        BIOerr(BIO_F_BIO_NEW_DGRAM_SCTP, ERR_R_SYS_LIB);
+        ERR_add_error_data(1, "Ensure SCTP AUTH chunks are enabled in kernel");
+        return NULL;
+    }
+
+    /*
+     * Test if activation was successful. When using accept(), SCTP-AUTH has
+     * to be activated for the listening socket already, otherwise the
+     * connected socket won't use it. Similarly with connect(): the socket
+     * prior to connection must be activated for SCTP-AUTH
+     */
+    sockopt_len = (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
+    authchunks = OPENSSL_zalloc(sockopt_len);
+    if (authchunks == NULL) {
+        BIO_vfree(bio);
+        return NULL;
+    }
+    ret = getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks,
+                   &sockopt_len);
+    if (ret < 0) {
+        OPENSSL_free(authchunks);
+        BIO_vfree(bio);
+        return NULL;
+    }
+
+    for (p = (unsigned char *)authchunks->gauth_chunks;
+         p < (unsigned char *)authchunks + sockopt_len;
+         p += sizeof(uint8_t)) {
+        if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE)
+            auth_data = 1;
+        if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE)
+            auth_forward = 1;
+    }
+
+    OPENSSL_free(authchunks);
+
+    if (!auth_data || !auth_forward) {
+        BIO_vfree(bio);
+        BIOerr(BIO_F_BIO_NEW_DGRAM_SCTP, ERR_R_SYS_LIB);
+        ERR_add_error_data(1,
+                           "Ensure SCTP AUTH chunks are enabled on the "
+                           "underlying socket");
+        return NULL;
+    }
+
+#  ifdef SCTP_AUTHENTICATION_EVENT
+#   ifdef SCTP_EVENT
+    memset(&event, 0, sizeof(event));
+    event.se_assoc_id = 0;
+    event.se_type = SCTP_AUTHENTICATION_EVENT;
+    event.se_on = 1;
+    ret =
+        setsockopt(fd, IPPROTO_SCTP, SCTP_EVENT, &event,
+                   sizeof(struct sctp_event));
+    if (ret < 0) {
+        BIO_vfree(bio);
+        return NULL;
+    }
+#   else
+    sockopt_len = (socklen_t) sizeof(struct sctp_event_subscribe);
+    ret = getsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event, &sockopt_len);
+    if (ret < 0) {
+        BIO_vfree(bio);
+        return NULL;
+    }
+
+    event.sctp_authentication_event = 1;
+
+    ret =
+        setsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event,
+                   sizeof(struct sctp_event_subscribe));
+    if (ret < 0) {
+        BIO_vfree(bio);
+        return NULL;
+    }
+#   endif
+#  endif
+
+    /*
+     * Disable partial delivery by setting the min size larger than the max
+     * record size of 2^14 + 2048 + 13
+     */
+    ret =
+        setsockopt(fd, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT, &optval,
+                   sizeof(optval));
+    if (ret < 0) {
+        BIO_vfree(bio);
+        return NULL;
+    }
+
+    return bio;
+}
+
+int BIO_dgram_is_sctp(BIO *bio)
+{
+    return (BIO_method_type(bio) == BIO_TYPE_DGRAM_SCTP);
+}
+
+static int dgram_sctp_new(BIO *bi)
+{
+    bio_dgram_sctp_data *data = NULL;
+
+    bi->init = 0;
+    bi->num = 0;
+    if ((data = OPENSSL_zalloc(sizeof(*data))) == NULL) {
+        BIOerr(BIO_F_DGRAM_SCTP_NEW, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+#  ifdef SCTP_PR_SCTP_NONE
+    data->prinfo.pr_policy = SCTP_PR_SCTP_NONE;
+#  endif
+    bi->ptr = data;
+
+    bi->flags = 0;
+    return 1;
+}
+
+static int dgram_sctp_free(BIO *a)
+{
+    bio_dgram_sctp_data *data;
+
+    if (a == NULL)
+        return 0;
+    if (!dgram_clear(a))
+        return 0;
+
+    data = (bio_dgram_sctp_data *) a->ptr;
+    if (data != NULL)
+        OPENSSL_free(data);
+
+    return 1;
+}
+
+#  ifdef SCTP_AUTHENTICATION_EVENT
+void dgram_sctp_handle_auth_free_key_event(BIO *b,
+                                           union sctp_notification *snp)
+{
+    int ret;
+    struct sctp_authkey_event *authkeyevent = &snp->sn_auth_event;
+
+    if (authkeyevent->auth_indication == SCTP_AUTH_FREE_KEY) {
+        struct sctp_authkeyid authkeyid;
+
+        /* delete key */
+        authkeyid.scact_keynumber = authkeyevent->auth_keynumber;
+        ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DELETE_KEY,
+                         &authkeyid, sizeof(struct sctp_authkeyid));
+    }
+}
+#  endif
+
+static int dgram_sctp_read(BIO *b, char *out, int outl)
+{
+    int ret = 0, n = 0, i, optval;
+    socklen_t optlen;
+    bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
+    union sctp_notification *snp;
+    struct msghdr msg;
+    struct iovec iov;
+    struct cmsghdr *cmsg;
+    char cmsgbuf[512];
+
+    if (out != NULL) {
+        clear_socket_error();
+
+        do {
+            memset(&data->rcvinfo, 0, sizeof(data->rcvinfo));
+            iov.iov_base = out;
+            iov.iov_len = outl;
+            msg.msg_name = NULL;
+            msg.msg_namelen = 0;
+            msg.msg_iov = &iov;
+            msg.msg_iovlen = 1;
+            msg.msg_control = cmsgbuf;
+            msg.msg_controllen = 512;
+            msg.msg_flags = 0;
+            n = recvmsg(b->num, &msg, 0);
+
+            if (n <= 0) {
+                if (n < 0)
+                    ret = n;
+                break;
+            }
+
+            if (msg.msg_controllen > 0) {
+                for (cmsg = CMSG_FIRSTHDR(&msg); cmsg;
+                     cmsg = CMSG_NXTHDR(&msg, cmsg)) {
+                    if (cmsg->cmsg_level != IPPROTO_SCTP)
+                        continue;
+#  ifdef SCTP_RCVINFO
+                    if (cmsg->cmsg_type == SCTP_RCVINFO) {
+                        struct sctp_rcvinfo *rcvinfo;
+
+                        rcvinfo = (struct sctp_rcvinfo *)CMSG_DATA(cmsg);
+                        data->rcvinfo.rcv_sid = rcvinfo->rcv_sid;
+                        data->rcvinfo.rcv_ssn = rcvinfo->rcv_ssn;
+                        data->rcvinfo.rcv_flags = rcvinfo->rcv_flags;
+                        data->rcvinfo.rcv_ppid = rcvinfo->rcv_ppid;
+                        data->rcvinfo.rcv_tsn = rcvinfo->rcv_tsn;
+                        data->rcvinfo.rcv_cumtsn = rcvinfo->rcv_cumtsn;
+                        data->rcvinfo.rcv_context = rcvinfo->rcv_context;
+                    }
+#  endif
+#  ifdef SCTP_SNDRCV
+                    if (cmsg->cmsg_type == SCTP_SNDRCV) {
+                        struct sctp_sndrcvinfo *sndrcvinfo;
+
+                        sndrcvinfo =
+                            (struct sctp_sndrcvinfo *)CMSG_DATA(cmsg);
+                        data->rcvinfo.rcv_sid = sndrcvinfo->sinfo_stream;
+                        data->rcvinfo.rcv_ssn = sndrcvinfo->sinfo_ssn;
+                        data->rcvinfo.rcv_flags = sndrcvinfo->sinfo_flags;
+                        data->rcvinfo.rcv_ppid = sndrcvinfo->sinfo_ppid;
+                        data->rcvinfo.rcv_tsn = sndrcvinfo->sinfo_tsn;
+                        data->rcvinfo.rcv_cumtsn = sndrcvinfo->sinfo_cumtsn;
+                        data->rcvinfo.rcv_context = sndrcvinfo->sinfo_context;
+                    }
+#  endif
+                }
+            }
+
+            if (msg.msg_flags & MSG_NOTIFICATION) {
+                snp = (union sctp_notification *)out;
+                if (snp->sn_header.sn_type == SCTP_SENDER_DRY_EVENT) {
+#  ifdef SCTP_EVENT
+                    struct sctp_event event;
+#  else
+                    struct sctp_event_subscribe event;
+                    socklen_t eventsize;
+#  endif
+
+                    /* disable sender dry event */
+#  ifdef SCTP_EVENT
+                    memset(&event, 0, sizeof(event));
+                    event.se_assoc_id = 0;
+                    event.se_type = SCTP_SENDER_DRY_EVENT;
+                    event.se_on = 0;
+                    i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event,
+                                   sizeof(struct sctp_event));
+                    if (i < 0) {
+                        ret = i;
+                        break;
+                    }
+#  else
+                    eventsize = sizeof(struct sctp_event_subscribe);
+                    i = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
+                                   &eventsize);
+                    if (i < 0) {
+                        ret = i;
+                        break;
+                    }
+
+                    event.sctp_sender_dry_event = 0;
+
+                    i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
+                                   sizeof(struct sctp_event_subscribe));
+                    if (i < 0) {
+                        ret = i;
+                        break;
+                    }
+#  endif
+                }
+#  ifdef SCTP_AUTHENTICATION_EVENT
+                if (snp->sn_header.sn_type == SCTP_AUTHENTICATION_EVENT)
+                    dgram_sctp_handle_auth_free_key_event(b, snp);
+#  endif
+
+                if (data->handle_notifications != NULL)
+                    data->handle_notifications(b, data->notification_context,
+                                               (void *)out);
+
+                memset(out, 0, outl);
+            } else
+                ret += n;
+        }
+        while ((msg.msg_flags & MSG_NOTIFICATION) && (msg.msg_flags & MSG_EOR)
+               && (ret < outl));
+
+        if (ret > 0 && !(msg.msg_flags & MSG_EOR)) {
+            /* Partial message read, this should never happen! */
+
+            /*
+             * The buffer was too small, this means the peer sent a message
+             * that was larger than allowed.
+             */
+            if (ret == outl)
+                return -1;
+
+            /*
+             * Test if socket buffer can handle max record size (2^14 + 2048
+             * + 13)
+             */
+            optlen = (socklen_t) sizeof(int);
+            ret = getsockopt(b->num, SOL_SOCKET, SO_RCVBUF, &optval, &optlen);
+            if (ret >= 0)
+                OPENSSL_assert(optval >= 18445);
+
+            /*
+             * Test if SCTP doesn't partially deliver below max record size
+             * (2^14 + 2048 + 13)
+             */
+            optlen = (socklen_t) sizeof(int);
+            ret =
+                getsockopt(b->num, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT,
+                           &optval, &optlen);
+            if (ret >= 0)
+                OPENSSL_assert(optval >= 18445);
+
+            /*
+             * Partially delivered notification??? Probably a bug....
+             */
+            OPENSSL_assert(!(msg.msg_flags & MSG_NOTIFICATION));
+
+            /*
+             * Everything seems ok till now, so it's most likely a message
+             * dropped by PR-SCTP.
+             */
+            memset(out, 0, outl);
+            BIO_set_retry_read(b);
+            return -1;
+        }
+
+        BIO_clear_retry_flags(b);
+        if (ret < 0) {
+            if (BIO_dgram_should_retry(ret)) {
+                BIO_set_retry_read(b);
+                data->_errno = get_last_socket_error();
+            }
+        }
+
+        /* Test if peer uses SCTP-AUTH before continuing */
+        if (!data->peer_auth_tested) {
+            int ii, auth_data = 0, auth_forward = 0;
+            unsigned char *p;
+            struct sctp_authchunks *authchunks;
+
+            optlen =
+                (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
+            authchunks = OPENSSL_malloc(optlen);
+            if (authchunks == NULL) {
+                BIOerr(BIO_F_DGRAM_SCTP_READ, ERR_R_MALLOC_FAILURE);
+                return -1;
+            }
+            memset(authchunks, 0, optlen);
+            ii = getsockopt(b->num, IPPROTO_SCTP, SCTP_PEER_AUTH_CHUNKS,
+                            authchunks, &optlen);
+
+            if (ii >= 0)
+                for (p = (unsigned char *)authchunks->gauth_chunks;
+                     p < (unsigned char *)authchunks + optlen;
+                     p += sizeof(uint8_t)) {
+                    if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE)
+                        auth_data = 1;
+                    if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE)
+                        auth_forward = 1;
+                }
+
+            OPENSSL_free(authchunks);
+
+            if (!auth_data || !auth_forward) {
+                BIOerr(BIO_F_DGRAM_SCTP_READ, BIO_R_CONNECT_ERROR);
+                return -1;
+            }
+
+            data->peer_auth_tested = 1;
+        }
+    }
+    return ret;
+}
+
+/*
+ * dgram_sctp_write - send message on SCTP socket
+ * @b: BIO to write to
+ * @in: data to send
+ * @inl: amount of bytes in @in to send
+ *
+ * Returns -1 on error or the sent amount of bytes on success
+ */
+static int dgram_sctp_write(BIO *b, const char *in, int inl)
+{
+    int ret;
+    bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
+    struct bio_dgram_sctp_sndinfo *sinfo = &(data->sndinfo);
+    struct bio_dgram_sctp_prinfo *pinfo = &(data->prinfo);
+    struct bio_dgram_sctp_sndinfo handshake_sinfo;
+    struct iovec iov[1];
+    struct msghdr msg;
+    struct cmsghdr *cmsg;
+#  if defined(SCTP_SNDINFO) && defined(SCTP_PRINFO)
+    char cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndinfo)) +
+                 CMSG_SPACE(sizeof(struct sctp_prinfo))];
+    struct sctp_sndinfo *sndinfo;
+    struct sctp_prinfo *prinfo;
+#  else
+    char cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndrcvinfo))];
+    struct sctp_sndrcvinfo *sndrcvinfo;
+#  endif
+
+    clear_socket_error();
+
+    /*
+     * If we're send anything else than application data, disable all user
+     * parameters and flags.
+     */
+    if (in[0] != 23) {
+        memset(&handshake_sinfo, 0, sizeof(handshake_sinfo));
+#  ifdef SCTP_SACK_IMMEDIATELY
+        handshake_sinfo.snd_flags = SCTP_SACK_IMMEDIATELY;
+#  endif
+        sinfo = &handshake_sinfo;
+    }
+
+    /* We can only send a shutdown alert if the socket is dry */
+    if (data->save_shutdown) {
+        ret = BIO_dgram_sctp_wait_for_dry(b);
+        if (ret < 0)
+            return -1;
+        if (ret == 0) {
+            BIO_clear_retry_flags(b);
+            BIO_set_retry_write(b);
+            return -1;
+        }
+    }
+
+    iov[0].iov_base = (char *)in;
+    iov[0].iov_len = inl;
+    msg.msg_name = NULL;
+    msg.msg_namelen = 0;
+    msg.msg_iov = iov;
+    msg.msg_iovlen = 1;
+    msg.msg_control = (caddr_t) cmsgbuf;
+    msg.msg_controllen = 0;
+    msg.msg_flags = 0;
+#  if defined(SCTP_SNDINFO) && defined(SCTP_PRINFO)
+    cmsg = (struct cmsghdr *)cmsgbuf;
+    cmsg->cmsg_level = IPPROTO_SCTP;
+    cmsg->cmsg_type = SCTP_SNDINFO;
+    cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndinfo));
+    sndinfo = (struct sctp_sndinfo *)CMSG_DATA(cmsg);
+    memset(sndinfo, 0, sizeof(*sndinfo));
+    sndinfo->snd_sid = sinfo->snd_sid;
+    sndinfo->snd_flags = sinfo->snd_flags;
+    sndinfo->snd_ppid = sinfo->snd_ppid;
+    sndinfo->snd_context = sinfo->snd_context;
+    msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_sndinfo));
+
+    cmsg =
+        (struct cmsghdr *)&cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndinfo))];
+    cmsg->cmsg_level = IPPROTO_SCTP;
+    cmsg->cmsg_type = SCTP_PRINFO;
+    cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_prinfo));
+    prinfo = (struct sctp_prinfo *)CMSG_DATA(cmsg);
+    memset(prinfo, 0, sizeof(*prinfo));
+    prinfo->pr_policy = pinfo->pr_policy;
+    prinfo->pr_value = pinfo->pr_value;
+    msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_prinfo));
+#  else
+    cmsg = (struct cmsghdr *)cmsgbuf;
+    cmsg->cmsg_level = IPPROTO_SCTP;
+    cmsg->cmsg_type = SCTP_SNDRCV;
+    cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndrcvinfo));
+    sndrcvinfo = (struct sctp_sndrcvinfo *)CMSG_DATA(cmsg);
+    memset(sndrcvinfo, 0, sizeof(*sndrcvinfo));
+    sndrcvinfo->sinfo_stream = sinfo->snd_sid;
+    sndrcvinfo->sinfo_flags = sinfo->snd_flags;
+#   ifdef __FreeBSD__
+    sndrcvinfo->sinfo_flags |= pinfo->pr_policy;
+#   endif
+    sndrcvinfo->sinfo_ppid = sinfo->snd_ppid;
+    sndrcvinfo->sinfo_context = sinfo->snd_context;
+    sndrcvinfo->sinfo_timetolive = pinfo->pr_value;
+    msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_sndrcvinfo));
+#  endif
+
+    ret = sendmsg(b->num, &msg, 0);
+
+    BIO_clear_retry_flags(b);
+    if (ret <= 0) {
+        if (BIO_dgram_should_retry(ret)) {
+            BIO_set_retry_write(b);
+            data->_errno = get_last_socket_error();
+        }
+    }
+    return ret;
+}
+
+static long dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    long ret = 1;
+    bio_dgram_sctp_data *data = NULL;
+    socklen_t sockopt_len = 0;
+    struct sctp_authkeyid authkeyid;
+    struct sctp_authkey *authkey = NULL;
+
+    data = (bio_dgram_sctp_data *) b->ptr;
+
+    switch (cmd) {
+    case BIO_CTRL_DGRAM_QUERY_MTU:
+        /*
+         * Set to maximum (2^14) and ignore user input to enable transport
+         * protocol fragmentation. Returns always 2^14.
+         */
+        data->mtu = 16384;
+        ret = data->mtu;
+        break;
+    case BIO_CTRL_DGRAM_SET_MTU:
+        /*
+         * Set to maximum (2^14) and ignore input to enable transport
+         * protocol fragmentation. Returns always 2^14.
+         */
+        data->mtu = 16384;
+        ret = data->mtu;
+        break;
+    case BIO_CTRL_DGRAM_SET_CONNECTED:
+    case BIO_CTRL_DGRAM_CONNECT:
+        /* Returns always -1. */
+        ret = -1;
+        break;
+    case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT:
+        /*
+         * SCTP doesn't need the DTLS timer Returns always 1.
+         */
+        break;
+    case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD:
+        /*
+         * We allow transport protocol fragmentation so this is irrelevant
+         */
+        ret = 0;
+        break;
+    case BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE:
+        if (num > 0)
+            data->in_handshake = 1;
+        else
+            data->in_handshake = 0;
+
+        ret =
+            setsockopt(b->num, IPPROTO_SCTP, SCTP_NODELAY,
+                       &data->in_handshake, sizeof(int));
+        break;
+    case BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY:
+        /*
+         * New shared key for SCTP AUTH. Returns 0 on success, -1 otherwise.
+         */
+
+        /* Get active key */
+        sockopt_len = sizeof(struct sctp_authkeyid);
+        ret =
+            getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid,
+                       &sockopt_len);
+        if (ret < 0)
+            break;
+
+        /* Add new key */
+        sockopt_len = sizeof(struct sctp_authkey) + 64 * sizeof(uint8_t);
+        authkey = OPENSSL_malloc(sockopt_len);
+        if (authkey == NULL) {
+            ret = -1;
+            break;
+        }
+        memset(authkey, 0, sockopt_len);
+        authkey->sca_keynumber = authkeyid.scact_keynumber + 1;
+#  ifndef __FreeBSD__
+        /*
+         * This field is missing in FreeBSD 8.2 and earlier, and FreeBSD 8.3
+         * and higher work without it.
+         */
+        authkey->sca_keylength = 64;
+#  endif
+        memcpy(&authkey->sca_key[0], ptr, 64 * sizeof(uint8_t));
+
+        ret =
+            setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_KEY, authkey,
+                       sockopt_len);
+        OPENSSL_free(authkey);
+        authkey = NULL;
+        if (ret < 0)
+            break;
+
+        /* Reset active key */
+        ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY,
+                         &authkeyid, sizeof(struct sctp_authkeyid));
+        if (ret < 0)
+            break;
+
+        break;
+    case BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY:
+        /* Returns 0 on success, -1 otherwise. */
+
+        /* Get active key */
+        sockopt_len = sizeof(struct sctp_authkeyid);
+        ret =
+            getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid,
+                       &sockopt_len);
+        if (ret < 0)
+            break;
+
+        /* Set active key */
+        authkeyid.scact_keynumber = authkeyid.scact_keynumber + 1;
+        ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY,
+                         &authkeyid, sizeof(struct sctp_authkeyid));
+        if (ret < 0)
+            break;
+
+        /*
+         * CCS has been sent, so remember that and fall through to check if
+         * we need to deactivate an old key
+         */
+        data->ccs_sent = 1;
+        /* fall-through */
+
+    case BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD:
+        /* Returns 0 on success, -1 otherwise. */
+
+        /*
+         * Has this command really been called or is this just a
+         * fall-through?
+         */
+        if (cmd == BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD)
+            data->ccs_rcvd = 1;
+
+        /*
+         * CSS has been both, received and sent, so deactivate an old key
+         */
+        if (data->ccs_rcvd == 1 && data->ccs_sent == 1) {
+            /* Get active key */
+            sockopt_len = sizeof(struct sctp_authkeyid);
+            ret =
+                getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY,
+                           &authkeyid, &sockopt_len);
+            if (ret < 0)
+                break;
+
+            /*
+             * Deactivate key or delete second last key if
+             * SCTP_AUTHENTICATION_EVENT is not available.
+             */
+            authkeyid.scact_keynumber = authkeyid.scact_keynumber - 1;
+#  ifdef SCTP_AUTH_DEACTIVATE_KEY
+            sockopt_len = sizeof(struct sctp_authkeyid);
+            ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DEACTIVATE_KEY,
+                             &authkeyid, sockopt_len);
+            if (ret < 0)
+                break;
+#  endif
+#  ifndef SCTP_AUTHENTICATION_EVENT
+            if (authkeyid.scact_keynumber > 0) {
+                authkeyid.scact_keynumber = authkeyid.scact_keynumber - 1;
+                ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DELETE_KEY,
+                                 &authkeyid, sizeof(struct sctp_authkeyid));
+                if (ret < 0)
+                    break;
+            }
+#  endif
+
+            data->ccs_rcvd = 0;
+            data->ccs_sent = 0;
+        }
+        break;
+    case BIO_CTRL_DGRAM_SCTP_GET_SNDINFO:
+        /* Returns the size of the copied struct. */
+        if (num > (long)sizeof(struct bio_dgram_sctp_sndinfo))
+            num = sizeof(struct bio_dgram_sctp_sndinfo);
+
+        memcpy(ptr, &(data->sndinfo), num);
+        ret = num;
+        break;
+    case BIO_CTRL_DGRAM_SCTP_SET_SNDINFO:
+        /* Returns the size of the copied struct. */
+        if (num > (long)sizeof(struct bio_dgram_sctp_sndinfo))
+            num = sizeof(struct bio_dgram_sctp_sndinfo);
+
+        memcpy(&(data->sndinfo), ptr, num);
+        break;
+    case BIO_CTRL_DGRAM_SCTP_GET_RCVINFO:
+        /* Returns the size of the copied struct. */
+        if (num > (long)sizeof(struct bio_dgram_sctp_rcvinfo))
+            num = sizeof(struct bio_dgram_sctp_rcvinfo);
+
+        memcpy(ptr, &data->rcvinfo, num);
+
+        ret = num;
+        break;
+    case BIO_CTRL_DGRAM_SCTP_SET_RCVINFO:
+        /* Returns the size of the copied struct. */
+        if (num > (long)sizeof(struct bio_dgram_sctp_rcvinfo))
+            num = sizeof(struct bio_dgram_sctp_rcvinfo);
+
+        memcpy(&(data->rcvinfo), ptr, num);
+        break;
+    case BIO_CTRL_DGRAM_SCTP_GET_PRINFO:
+        /* Returns the size of the copied struct. */
+        if (num > (long)sizeof(struct bio_dgram_sctp_prinfo))
+            num = sizeof(struct bio_dgram_sctp_prinfo);
+
+        memcpy(ptr, &(data->prinfo), num);
+        ret = num;
+        break;
+    case BIO_CTRL_DGRAM_SCTP_SET_PRINFO:
+        /* Returns the size of the copied struct. */
+        if (num > (long)sizeof(struct bio_dgram_sctp_prinfo))
+            num = sizeof(struct bio_dgram_sctp_prinfo);
+
+        memcpy(&(data->prinfo), ptr, num);
+        break;
+    case BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN:
+        /* Returns always 1. */
+        if (num > 0)
+            data->save_shutdown = 1;
+        else
+            data->save_shutdown = 0;
+        break;
+
+    default:
+        /*
+         * Pass to default ctrl function to process SCTP unspecific commands
+         */
+        ret = dgram_ctrl(b, cmd, num, ptr);
+        break;
+    }
+    return ret;
+}
+
+int BIO_dgram_sctp_notification_cb(BIO *b,
+                                   void (*handle_notifications) (BIO *bio,
+                                                                 void
+                                                                 *context,
+                                                                 void *buf),
+                                   void *context)
+{
+    bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
+
+    if (handle_notifications != NULL) {
+        data->handle_notifications = handle_notifications;
+        data->notification_context = context;
+    } else
+        return -1;
+
+    return 0;
+}
+
+/*
+ * BIO_dgram_sctp_wait_for_dry - Wait for SCTP SENDER_DRY event
+ * @b: The BIO to check for the dry event
+ *
+ * Wait until the peer confirms all packets have been received, and so that
+ * our kernel doesn't have anything to send anymore.  This is only received by
+ * the peer's kernel, not the application.
+ *
+ * Returns:
+ * -1 on error
+ *  0 when not dry yet
+ *  1 when dry
+ */
+int BIO_dgram_sctp_wait_for_dry(BIO *b)
+{
+    int is_dry = 0;
+    int sockflags = 0;
+    int n, ret;
+    union sctp_notification snp;
+    struct msghdr msg;
+    struct iovec iov;
+#  ifdef SCTP_EVENT
+    struct sctp_event event;
+#  else
+    struct sctp_event_subscribe event;
+    socklen_t eventsize;
+#  endif
+    bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
+
+    /* set sender dry event */
+#  ifdef SCTP_EVENT
+    memset(&event, 0, sizeof(event));
+    event.se_assoc_id = 0;
+    event.se_type = SCTP_SENDER_DRY_EVENT;
+    event.se_on = 1;
+    ret =
+        setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event,
+                   sizeof(struct sctp_event));
+#  else
+    eventsize = sizeof(struct sctp_event_subscribe);
+    ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, &eventsize);
+    if (ret < 0)
+        return -1;
+
+    event.sctp_sender_dry_event = 1;
+
+    ret =
+        setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
+                   sizeof(struct sctp_event_subscribe));
+#  endif
+    if (ret < 0)
+        return -1;
+
+    /* peek for notification */
+    memset(&snp, 0, sizeof(snp));
+    iov.iov_base = (char *)&snp;
+    iov.iov_len = sizeof(union sctp_notification);
+    msg.msg_name = NULL;
+    msg.msg_namelen = 0;
+    msg.msg_iov = &iov;
+    msg.msg_iovlen = 1;
+    msg.msg_control = NULL;
+    msg.msg_controllen = 0;
+    msg.msg_flags = 0;
+
+    n = recvmsg(b->num, &msg, MSG_PEEK);
+    if (n <= 0) {
+        if ((n < 0) && (get_last_socket_error() != EAGAIN)
+            && (get_last_socket_error() != EWOULDBLOCK))
+            return -1;
+        else
+            return 0;
+    }
+
+    /* if we find a notification, process it and try again if necessary */
+    while (msg.msg_flags & MSG_NOTIFICATION) {
+        memset(&snp, 0, sizeof(snp));
+        iov.iov_base = (char *)&snp;
+        iov.iov_len = sizeof(union sctp_notification);
+        msg.msg_name = NULL;
+        msg.msg_namelen = 0;
+        msg.msg_iov = &iov;
+        msg.msg_iovlen = 1;
+        msg.msg_control = NULL;
+        msg.msg_controllen = 0;
+        msg.msg_flags = 0;
+
+        n = recvmsg(b->num, &msg, 0);
+        if (n <= 0) {
+            if ((n < 0) && (get_last_socket_error() != EAGAIN)
+                && (get_last_socket_error() != EWOULDBLOCK))
+                return -1;
+            else
+                return is_dry;
+        }
+
+        if (snp.sn_header.sn_type == SCTP_SENDER_DRY_EVENT) {
+            is_dry = 1;
+
+            /* disable sender dry event */
+#  ifdef SCTP_EVENT
+            memset(&event, 0, sizeof(event));
+            event.se_assoc_id = 0;
+            event.se_type = SCTP_SENDER_DRY_EVENT;
+            event.se_on = 0;
+            ret =
+                setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event,
+                           sizeof(struct sctp_event));
+#  else
+            eventsize = (socklen_t) sizeof(struct sctp_event_subscribe);
+            ret =
+                getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
+                           &eventsize);
+            if (ret < 0)
+                return -1;
+
+            event.sctp_sender_dry_event = 0;
+
+            ret =
+                setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
+                           sizeof(struct sctp_event_subscribe));
+#  endif
+            if (ret < 0)
+                return -1;
+        }
+#  ifdef SCTP_AUTHENTICATION_EVENT
+        if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT)
+            dgram_sctp_handle_auth_free_key_event(b, &snp);
+#  endif
+
+        if (data->handle_notifications != NULL)
+            data->handle_notifications(b, data->notification_context,
+                                       (void *)&snp);
+
+        /* found notification, peek again */
+        memset(&snp, 0, sizeof(snp));
+        iov.iov_base = (char *)&snp;
+        iov.iov_len = sizeof(union sctp_notification);
+        msg.msg_name = NULL;
+        msg.msg_namelen = 0;
+        msg.msg_iov = &iov;
+        msg.msg_iovlen = 1;
+        msg.msg_control = NULL;
+        msg.msg_controllen = 0;
+        msg.msg_flags = 0;
+
+        /* if we have seen the dry already, don't wait */
+        if (is_dry) {
+            sockflags = fcntl(b->num, F_GETFL, 0);
+            fcntl(b->num, F_SETFL, O_NONBLOCK);
+        }
+
+        n = recvmsg(b->num, &msg, MSG_PEEK);
+
+        if (is_dry) {
+            fcntl(b->num, F_SETFL, sockflags);
+        }
+
+        if (n <= 0) {
+            if ((n < 0) && (get_last_socket_error() != EAGAIN)
+                && (get_last_socket_error() != EWOULDBLOCK))
+                return -1;
+            else
+                return is_dry;
+        }
+    }
+
+    /* read anything else */
+    return is_dry;
+}
+
+int BIO_dgram_sctp_msg_waiting(BIO *b)
+{
+    int n, sockflags;
+    union sctp_notification snp;
+    struct msghdr msg;
+    struct iovec iov;
+    bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
+
+    /* Check if there are any messages waiting to be read */
+    do {
+        memset(&snp, 0, sizeof(snp));
+        iov.iov_base = (char *)&snp;
+        iov.iov_len = sizeof(union sctp_notification);
+        msg.msg_name = NULL;
+        msg.msg_namelen = 0;
+        msg.msg_iov = &iov;
+        msg.msg_iovlen = 1;
+        msg.msg_control = NULL;
+        msg.msg_controllen = 0;
+        msg.msg_flags = 0;
+
+        sockflags = fcntl(b->num, F_GETFL, 0);
+        fcntl(b->num, F_SETFL, O_NONBLOCK);
+        n = recvmsg(b->num, &msg, MSG_PEEK);
+        fcntl(b->num, F_SETFL, sockflags);
+
+        /* if notification, process and try again */
+        if (n > 0 && (msg.msg_flags & MSG_NOTIFICATION)) {
+#  ifdef SCTP_AUTHENTICATION_EVENT
+            if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT)
+                dgram_sctp_handle_auth_free_key_event(b, &snp);
+#  endif
+
+            memset(&snp, 0, sizeof(snp));
+            iov.iov_base = (char *)&snp;
+            iov.iov_len = sizeof(union sctp_notification);
+            msg.msg_name = NULL;
+            msg.msg_namelen = 0;
+            msg.msg_iov = &iov;
+            msg.msg_iovlen = 1;
+            msg.msg_control = NULL;
+            msg.msg_controllen = 0;
+            msg.msg_flags = 0;
+            n = recvmsg(b->num, &msg, 0);
+
+            if (data->handle_notifications != NULL)
+                data->handle_notifications(b, data->notification_context,
+                                           (void *)&snp);
+        }
+
+    } while (n > 0 && (msg.msg_flags & MSG_NOTIFICATION));
+
+    /* Return 1 if there is a message to be read, return 0 otherwise. */
+    if (n > 0)
+        return 1;
+    else
+        return 0;
+}
+
+static int dgram_sctp_puts(BIO *bp, const char *str)
+{
+    int n, ret;
+
+    n = strlen(str);
+    ret = dgram_sctp_write(bp, str, n);
+    return ret;
+}
+# endif
+
+static int BIO_dgram_should_retry(int i)
+{
+    int err;
+
+    if ((i == 0) || (i == -1)) {
+        err = get_last_socket_error();
+
+# if defined(OPENSSL_SYS_WINDOWS)
+        /*
+         * If the socket return value (i) is -1 and err is unexpectedly 0 at
+         * this point, the error code was overwritten by another system call
+         * before this error handling is called.
+         */
+# endif
+
+        return BIO_dgram_non_fatal_error(err);
+    }
+    return 0;
+}
+
+int BIO_dgram_non_fatal_error(int err)
+{
+    switch (err) {
+# if defined(OPENSSL_SYS_WINDOWS)
+#  if defined(WSAEWOULDBLOCK)
+    case WSAEWOULDBLOCK:
+#  endif
+# endif
+
+# ifdef EWOULDBLOCK
+#  ifdef WSAEWOULDBLOCK
+#   if WSAEWOULDBLOCK != EWOULDBLOCK
+    case EWOULDBLOCK:
+#   endif
+#  else
+    case EWOULDBLOCK:
+#  endif
+# endif
+
+# ifdef EINTR
+    case EINTR:
+# endif
+
+# ifdef EAGAIN
+#  if EWOULDBLOCK != EAGAIN
+    case EAGAIN:
+#  endif
+# endif
+
+# ifdef EPROTO
+    case EPROTO:
+# endif
+
+# ifdef EINPROGRESS
+    case EINPROGRESS:
+# endif
+
+# ifdef EALREADY
+    case EALREADY:
+# endif
+
+        return 1;
+    default:
+        break;
+    }
+    return 0;
+}
+
+static void get_current_time(struct timeval *t)
+{
+# if defined(_WIN32)
+    SYSTEMTIME st;
+    union {
+        unsigned __int64 ul;
+        FILETIME ft;
+    } now;
+
+    GetSystemTime(&st);
+    SystemTimeToFileTime(&st, &now.ft);
+#  ifdef  __MINGW32__
+    now.ul -= 116444736000000000ULL;
+#  else
+    now.ul -= 116444736000000000UI64; /* re-bias to 1/1/1970 */
+#  endif
+    t->tv_sec = (long)(now.ul / 10000000);
+    t->tv_usec = ((int)(now.ul % 10000000)) / 10;
+# else
+    gettimeofday(t, NULL);
+# endif
+}
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_fd.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_fd.c
new file mode 100644
index 000000000..5bc539c90
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_fd.c
@@ -0,0 +1,280 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <errno.h>
+
+#include "bio_lcl.h"
+
+#if defined(OPENSSL_NO_POSIX_IO)
+/*
+ * Dummy placeholder for BIO_s_fd...
+ */
+BIO *BIO_new_fd(int fd, int close_flag)
+{
+    return NULL;
+}
+
+int BIO_fd_non_fatal_error(int err)
+{
+    return 0;
+}
+
+int BIO_fd_should_retry(int i)
+{
+    return 0;
+}
+
+const BIO_METHOD *BIO_s_fd(void)
+{
+    return NULL;
+}
+#else
+/*
+ * As for unconditional usage of "UPLINK" interface in this module.
+ * Trouble is that unlike Unix file descriptors [which are indexes
+ * in kernel-side per-process table], corresponding descriptors on
+ * platforms which require "UPLINK" interface seem to be indexes
+ * in a user-land, non-global table. Well, in fact they are indexes
+ * in stdio _iob[], and recall that _iob[] was the very reason why
+ * "UPLINK" interface was introduced in first place. But one way on
+ * another. Neither libcrypto or libssl use this BIO meaning that
+ * file descriptors can only be provided by application. Therefore
+ * "UPLINK" calls are due...
+ */
+static int fd_write(BIO *h, const char *buf, int num);
+static int fd_read(BIO *h, char *buf, int size);
+static int fd_puts(BIO *h, const char *str);
+static int fd_gets(BIO *h, char *buf, int size);
+static long fd_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int fd_new(BIO *h);
+static int fd_free(BIO *data);
+int BIO_fd_should_retry(int s);
+
+static const BIO_METHOD methods_fdp = {
+    BIO_TYPE_FD,
+    "file descriptor",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
+    fd_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
+    fd_read,
+    fd_puts,
+    fd_gets,
+    fd_ctrl,
+    fd_new,
+    fd_free,
+    NULL,                       /* fd_callback_ctrl */
+};
+
+const BIO_METHOD *BIO_s_fd(void)
+{
+    return &methods_fdp;
+}
+
+BIO *BIO_new_fd(int fd, int close_flag)
+{
+    BIO *ret;
+    ret = BIO_new(BIO_s_fd());
+    if (ret == NULL)
+        return NULL;
+    BIO_set_fd(ret, fd, close_flag);
+    return ret;
+}
+
+static int fd_new(BIO *bi)
+{
+    bi->init = 0;
+    bi->num = -1;
+    bi->ptr = NULL;
+    bi->flags = BIO_FLAGS_UPLINK; /* essentially redundant */
+    return 1;
+}
+
+static int fd_free(BIO *a)
+{
+    if (a == NULL)
+        return 0;
+    if (a->shutdown) {
+        if (a->init) {
+            UP_close(a->num);
+        }
+        a->init = 0;
+        a->flags = BIO_FLAGS_UPLINK;
+    }
+    return 1;
+}
+
+static int fd_read(BIO *b, char *out, int outl)
+{
+    int ret = 0;
+
+    if (out != NULL) {
+        clear_sys_error();
+        ret = UP_read(b->num, out, outl);
+        BIO_clear_retry_flags(b);
+        if (ret <= 0) {
+            if (BIO_fd_should_retry(ret))
+                BIO_set_retry_read(b);
+        }
+    }
+    return ret;
+}
+
+static int fd_write(BIO *b, const char *in, int inl)
+{
+    int ret;
+    clear_sys_error();
+    ret = UP_write(b->num, in, inl);
+    BIO_clear_retry_flags(b);
+    if (ret <= 0) {
+        if (BIO_fd_should_retry(ret))
+            BIO_set_retry_write(b);
+    }
+    return ret;
+}
+
+static long fd_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    long ret = 1;
+    int *ip;
+
+    switch (cmd) {
+    case BIO_CTRL_RESET:
+        num = 0;
+        /* fall thru */
+    case BIO_C_FILE_SEEK:
+        ret = (long)UP_lseek(b->num, num, 0);
+        break;
+    case BIO_C_FILE_TELL:
+    case BIO_CTRL_INFO:
+        ret = (long)UP_lseek(b->num, 0, 1);
+        break;
+    case BIO_C_SET_FD:
+        fd_free(b);
+        b->num = *((int *)ptr);
+        b->shutdown = (int)num;
+        b->init = 1;
+        break;
+    case BIO_C_GET_FD:
+        if (b->init) {
+            ip = (int *)ptr;
+            if (ip != NULL)
+                *ip = b->num;
+            ret = b->num;
+        } else
+            ret = -1;
+        break;
+    case BIO_CTRL_GET_CLOSE:
+        ret = b->shutdown;
+        break;
+    case BIO_CTRL_SET_CLOSE:
+        b->shutdown = (int)num;
+        break;
+    case BIO_CTRL_PENDING:
+    case BIO_CTRL_WPENDING:
+        ret = 0;
+        break;
+    case BIO_CTRL_DUP:
+    case BIO_CTRL_FLUSH:
+        ret = 1;
+        break;
+    default:
+        ret = 0;
+        break;
+    }
+    return ret;
+}
+
+static int fd_puts(BIO *bp, const char *str)
+{
+    int n, ret;
+
+    n = strlen(str);
+    ret = fd_write(bp, str, n);
+    return ret;
+}
+
+static int fd_gets(BIO *bp, char *buf, int size)
+{
+    int ret = 0;
+    char *ptr = buf;
+    char *end = buf + size - 1;
+
+    while (ptr < end && fd_read(bp, ptr, 1) > 0) {
+        if (*ptr++ == '\n')
+           break;
+    }
+
+    ptr[0] = '\0';
+
+    if (buf[0] != '\0')
+        ret = strlen(buf);
+    return ret;
+}
+
+int BIO_fd_should_retry(int i)
+{
+    int err;
+
+    if ((i == 0) || (i == -1)) {
+        err = get_last_sys_error();
+
+        return BIO_fd_non_fatal_error(err);
+    }
+    return 0;
+}
+
+int BIO_fd_non_fatal_error(int err)
+{
+    switch (err) {
+
+# ifdef EWOULDBLOCK
+#  ifdef WSAEWOULDBLOCK
+#   if WSAEWOULDBLOCK != EWOULDBLOCK
+    case EWOULDBLOCK:
+#   endif
+#  else
+    case EWOULDBLOCK:
+#  endif
+# endif
+
+# if defined(ENOTCONN)
+    case ENOTCONN:
+# endif
+
+# ifdef EINTR
+    case EINTR:
+# endif
+
+# ifdef EAGAIN
+#  if EWOULDBLOCK != EAGAIN
+    case EAGAIN:
+#  endif
+# endif
+
+# ifdef EPROTO
+    case EPROTO:
+# endif
+
+# ifdef EINPROGRESS
+    case EINPROGRESS:
+# endif
+
+# ifdef EALREADY
+    case EALREADY:
+# endif
+        return 1;
+    default:
+        break;
+    }
+    return 0;
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_file.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_file.c
new file mode 100644
index 000000000..057344783
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_file.c
@@ -0,0 +1,427 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_BSS_FILE_C
+# define HEADER_BSS_FILE_C
+
+# if defined(__linux) || defined(__sun) || defined(__hpux)
+/*
+ * Following definition aliases fopen to fopen64 on above mentioned
+ * platforms. This makes it possible to open and sequentially access files
+ * larger than 2GB from 32-bit application. It does not allow to traverse
+ * them beyond 2GB with fseek/ftell, but on the other hand *no* 32-bit
+ * platform permits that, not with fseek/ftell. Not to mention that breaking
+ * 2GB limit for seeking would require surgery to *our* API. But sequential
+ * access suffices for practical cases when you can run into large files,
+ * such as fingerprinting, so we can let API alone. For reference, the list
+ * of 32-bit platforms which allow for sequential access of large files
+ * without extra "magic" comprise *BSD, Darwin, IRIX...
+ */
+#  ifndef _FILE_OFFSET_BITS
+#   define _FILE_OFFSET_BITS 64
+#  endif
+# endif
+
+# include <stdio.h>
+# include <errno.h>
+# include "bio_lcl.h"
+# include <openssl/err.h>
+
+# if !defined(OPENSSL_NO_STDIO)
+
+static int file_write(BIO *h, const char *buf, int num);
+static int file_read(BIO *h, char *buf, int size);
+static int file_puts(BIO *h, const char *str);
+static int file_gets(BIO *h, char *str, int size);
+static long file_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int file_new(BIO *h);
+static int file_free(BIO *data);
+static const BIO_METHOD methods_filep = {
+    BIO_TYPE_FILE,
+    "FILE pointer",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
+    file_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
+    file_read,
+    file_puts,
+    file_gets,
+    file_ctrl,
+    file_new,
+    file_free,
+    NULL,                      /* file_callback_ctrl */
+};
+
+BIO *BIO_new_file(const char *filename, const char *mode)
+{
+    BIO  *ret;
+    FILE *file = openssl_fopen(filename, mode);
+    int fp_flags = BIO_CLOSE;
+
+    if (strchr(mode, 'b') == NULL)
+        fp_flags |= BIO_FP_TEXT;
+
+    if (file == NULL) {
+        SYSerr(SYS_F_FOPEN, get_last_sys_error());
+        ERR_add_error_data(5, "fopen('", filename, "','", mode, "')");
+        if (errno == ENOENT
+# ifdef ENXIO
+            || errno == ENXIO
+# endif
+            )
+            BIOerr(BIO_F_BIO_NEW_FILE, BIO_R_NO_SUCH_FILE);
+        else
+            BIOerr(BIO_F_BIO_NEW_FILE, ERR_R_SYS_LIB);
+        return NULL;
+    }
+    if ((ret = BIO_new(BIO_s_file())) == NULL) {
+        fclose(file);
+        return NULL;
+    }
+
+    BIO_clear_flags(ret, BIO_FLAGS_UPLINK); /* we did fopen -> we disengage
+                                             * UPLINK */
+    BIO_set_fp(ret, file, fp_flags);
+    return ret;
+}
+
+BIO *BIO_new_fp(FILE *stream, int close_flag)
+{
+    BIO *ret;
+
+    if ((ret = BIO_new(BIO_s_file())) == NULL)
+        return NULL;
+
+    /* redundant flag, left for documentation purposes */
+    BIO_set_flags(ret, BIO_FLAGS_UPLINK);
+    BIO_set_fp(ret, stream, close_flag);
+    return ret;
+}
+
+const BIO_METHOD *BIO_s_file(void)
+{
+    return &methods_filep;
+}
+
+static int file_new(BIO *bi)
+{
+    bi->init = 0;
+    bi->num = 0;
+    bi->ptr = NULL;
+    bi->flags = BIO_FLAGS_UPLINK; /* default to UPLINK */
+    return 1;
+}
+
+static int file_free(BIO *a)
+{
+    if (a == NULL)
+        return 0;
+    if (a->shutdown) {
+        if ((a->init) && (a->ptr != NULL)) {
+            if (a->flags & BIO_FLAGS_UPLINK)
+                UP_fclose(a->ptr);
+            else
+                fclose(a->ptr);
+            a->ptr = NULL;
+            a->flags = BIO_FLAGS_UPLINK;
+        }
+        a->init = 0;
+    }
+    return 1;
+}
+
+static int file_read(BIO *b, char *out, int outl)
+{
+    int ret = 0;
+
+    if (b->init && (out != NULL)) {
+        if (b->flags & BIO_FLAGS_UPLINK)
+            ret = UP_fread(out, 1, (int)outl, b->ptr);
+        else
+            ret = fread(out, 1, (int)outl, (FILE *)b->ptr);
+        if (ret == 0
+            && (b->flags & BIO_FLAGS_UPLINK) ? UP_ferror((FILE *)b->ptr) :
+                                               ferror((FILE *)b->ptr)) {
+            SYSerr(SYS_F_FREAD, get_last_sys_error());
+            BIOerr(BIO_F_FILE_READ, ERR_R_SYS_LIB);
+            ret = -1;
+        }
+    }
+    return ret;
+}
+
+static int file_write(BIO *b, const char *in, int inl)
+{
+    int ret = 0;
+
+    if (b->init && (in != NULL)) {
+        if (b->flags & BIO_FLAGS_UPLINK)
+            ret = UP_fwrite(in, (int)inl, 1, b->ptr);
+        else
+            ret = fwrite(in, (int)inl, 1, (FILE *)b->ptr);
+        if (ret)
+            ret = inl;
+        /* ret=fwrite(in,1,(int)inl,(FILE *)b->ptr); */
+        /*
+         * according to Tim Hudson <tjh@openssl.org>, the commented out
+         * version above can cause 'inl' write calls under some stupid stdio
+         * implementations (VMS)
+         */
+    }
+    return ret;
+}
+
+static long file_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    long ret = 1;
+    FILE *fp = (FILE *)b->ptr;
+    FILE **fpp;
+    char p[4];
+    int st;
+
+    switch (cmd) {
+    case BIO_C_FILE_SEEK:
+    case BIO_CTRL_RESET:
+        if (b->flags & BIO_FLAGS_UPLINK)
+            ret = (long)UP_fseek(b->ptr, num, 0);
+        else
+            ret = (long)fseek(fp, num, 0);
+        break;
+    case BIO_CTRL_EOF:
+        if (b->flags & BIO_FLAGS_UPLINK)
+            ret = (long)UP_feof(fp);
+        else
+            ret = (long)feof(fp);
+        break;
+    case BIO_C_FILE_TELL:
+    case BIO_CTRL_INFO:
+        if (b->flags & BIO_FLAGS_UPLINK)
+            ret = UP_ftell(b->ptr);
+        else
+            ret = ftell(fp);
+        break;
+    case BIO_C_SET_FILE_PTR:
+        file_free(b);
+        b->shutdown = (int)num & BIO_CLOSE;
+        b->ptr = ptr;
+        b->init = 1;
+#  if BIO_FLAGS_UPLINK!=0
+#   if defined(__MINGW32__) && defined(__MSVCRT__) && !defined(_IOB_ENTRIES)
+#    define _IOB_ENTRIES 20
+#   endif
+        /* Safety net to catch purely internal BIO_set_fp calls */
+#   if defined(_MSC_VER) && _MSC_VER>=1900
+        if (ptr == stdin || ptr == stdout || ptr == stderr)
+            BIO_clear_flags(b, BIO_FLAGS_UPLINK);
+#   elif defined(_IOB_ENTRIES)
+        if ((size_t)ptr >= (size_t)stdin &&
+            (size_t)ptr < (size_t)(stdin + _IOB_ENTRIES))
+            BIO_clear_flags(b, BIO_FLAGS_UPLINK);
+#   endif
+#  endif
+#  ifdef UP_fsetmod
+        if (b->flags & BIO_FLAGS_UPLINK)
+            UP_fsetmod(b->ptr, (char)((num & BIO_FP_TEXT) ? 't' : 'b'));
+        else
+#  endif
+        {
+#  if defined(OPENSSL_SYS_WINDOWS)
+            int fd = _fileno((FILE *)ptr);
+            if (num & BIO_FP_TEXT)
+                _setmode(fd, _O_TEXT);
+            else
+                _setmode(fd, _O_BINARY);
+#  elif defined(OPENSSL_SYS_MSDOS)
+            int fd = fileno((FILE *)ptr);
+            /* Set correct text/binary mode */
+            if (num & BIO_FP_TEXT)
+                _setmode(fd, _O_TEXT);
+            /* Dangerous to set stdin/stdout to raw (unless redirected) */
+            else {
+                if (fd == STDIN_FILENO || fd == STDOUT_FILENO) {
+                    if (isatty(fd) <= 0)
+                        _setmode(fd, _O_BINARY);
+                } else
+                    _setmode(fd, _O_BINARY);
+            }
+#  elif defined(OPENSSL_SYS_WIN32_CYGWIN)
+            int fd = fileno((FILE *)ptr);
+            if (!(num & BIO_FP_TEXT))
+                setmode(fd, O_BINARY);
+#  endif
+        }
+        break;
+    case BIO_C_SET_FILENAME:
+        file_free(b);
+        b->shutdown = (int)num & BIO_CLOSE;
+        if (num & BIO_FP_APPEND) {
+            if (num & BIO_FP_READ)
+                OPENSSL_strlcpy(p, "a+", sizeof(p));
+            else
+                OPENSSL_strlcpy(p, "a", sizeof(p));
+        } else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE))
+            OPENSSL_strlcpy(p, "r+", sizeof(p));
+        else if (num & BIO_FP_WRITE)
+            OPENSSL_strlcpy(p, "w", sizeof(p));
+        else if (num & BIO_FP_READ)
+            OPENSSL_strlcpy(p, "r", sizeof(p));
+        else {
+            BIOerr(BIO_F_FILE_CTRL, BIO_R_BAD_FOPEN_MODE);
+            ret = 0;
+            break;
+        }
+#  if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS)
+        if (!(num & BIO_FP_TEXT))
+            OPENSSL_strlcat(p, "b", sizeof(p));
+        else
+            OPENSSL_strlcat(p, "t", sizeof(p));
+#  elif defined(OPENSSL_SYS_WIN32_CYGWIN)
+        if (!(num & BIO_FP_TEXT))
+            OPENSSL_strlcat(p, "b", sizeof(p));
+#  endif
+        fp = openssl_fopen(ptr, p);
+        if (fp == NULL) {
+            SYSerr(SYS_F_FOPEN, get_last_sys_error());
+            ERR_add_error_data(5, "fopen('", ptr, "','", p, "')");
+            BIOerr(BIO_F_FILE_CTRL, ERR_R_SYS_LIB);
+            ret = 0;
+            break;
+        }
+        b->ptr = fp;
+        b->init = 1;
+        BIO_clear_flags(b, BIO_FLAGS_UPLINK); /* we did fopen -> we disengage
+                                               * UPLINK */
+        break;
+    case BIO_C_GET_FILE_PTR:
+        /* the ptr parameter is actually a FILE ** in this case. */
+        if (ptr != NULL) {
+            fpp = (FILE **)ptr;
+            *fpp = (FILE *)b->ptr;
+        }
+        break;
+    case BIO_CTRL_GET_CLOSE:
+        ret = (long)b->shutdown;
+        break;
+    case BIO_CTRL_SET_CLOSE:
+        b->shutdown = (int)num;
+        break;
+    case BIO_CTRL_FLUSH:
+        st = b->flags & BIO_FLAGS_UPLINK
+                ? UP_fflush(b->ptr) : fflush((FILE *)b->ptr);
+        if (st == EOF) {
+            SYSerr(SYS_F_FFLUSH, get_last_sys_error());
+            ERR_add_error_data(1, "fflush()");
+            BIOerr(BIO_F_FILE_CTRL, ERR_R_SYS_LIB);
+            ret = 0;
+        }
+        break;
+    case BIO_CTRL_DUP:
+        ret = 1;
+        break;
+
+    case BIO_CTRL_WPENDING:
+    case BIO_CTRL_PENDING:
+    case BIO_CTRL_PUSH:
+    case BIO_CTRL_POP:
+    default:
+        ret = 0;
+        break;
+    }
+    return ret;
+}
+
+static int file_gets(BIO *bp, char *buf, int size)
+{
+    int ret = 0;
+
+    buf[0] = '\0';
+    if (bp->flags & BIO_FLAGS_UPLINK) {
+        if (!UP_fgets(buf, size, bp->ptr))
+            goto err;
+    } else {
+        if (!fgets(buf, size, (FILE *)bp->ptr))
+            goto err;
+    }
+    if (buf[0] != '\0')
+        ret = strlen(buf);
+ err:
+    return ret;
+}
+
+static int file_puts(BIO *bp, const char *str)
+{
+    int n, ret;
+
+    n = strlen(str);
+    ret = file_write(bp, str, n);
+    return ret;
+}
+
+#else
+
+static int file_write(BIO *b, const char *in, int inl)
+{
+    return -1;
+}
+static int file_read(BIO *b, char *out, int outl)
+{
+    return -1;
+}
+static int file_puts(BIO *bp, const char *str)
+{
+    return -1;
+}
+static int file_gets(BIO *bp, char *buf, int size)
+{
+    return 0;
+}
+static long file_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    return 0;
+}
+static int file_new(BIO *bi)
+{
+    return 0;
+}
+static int file_free(BIO *a)
+{
+    return 0;
+}
+
+static const BIO_METHOD methods_filep = {
+    BIO_TYPE_FILE,
+    "FILE pointer",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
+    file_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
+    file_read,
+    file_puts,
+    file_gets,
+    file_ctrl,
+    file_new,
+    file_free,
+    NULL,                      /* file_callback_ctrl */
+};
+
+const BIO_METHOD *BIO_s_file(void)
+{
+    return &methods_filep;
+}
+
+BIO *BIO_new_file(const char *filename, const char *mode)
+{
+    return NULL;
+}
+
+# endif                         /* OPENSSL_NO_STDIO */
+
+#endif                          /* HEADER_BSS_FILE_C */
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_log.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_log.c
new file mode 100644
index 000000000..e9ab932ec
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_log.c
@@ -0,0 +1,416 @@
+/*
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Why BIO_s_log?
+ *
+ * BIO_s_log is useful for system daemons (or services under NT). It is
+ * one-way BIO, it sends all stuff to syslogd (on system that commonly use
+ * that), or event log (on NT), or OPCOM (on OpenVMS).
+ *
+ */
+
+#include <stdio.h>
+#include <errno.h>
+
+#include "bio_lcl.h"
+#include "internal/cryptlib.h"
+
+#if defined(OPENSSL_SYS_WINCE)
+#elif defined(OPENSSL_SYS_WIN32)
+#elif defined(OPENSSL_SYS_VMS)
+# include <opcdef.h>
+# include <descrip.h>
+# include <lib$routines.h>
+# include <starlet.h>
+/* Some compiler options may mask the declaration of "_malloc32". */
+# if __INITIAL_POINTER_SIZE && defined _ANSI_C_SOURCE
+#  if __INITIAL_POINTER_SIZE == 64
+#   pragma pointer_size save
+#   pragma pointer_size 32
+void *_malloc32(__size_t);
+#   pragma pointer_size restore
+#  endif                        /* __INITIAL_POINTER_SIZE == 64 */
+# endif                         /* __INITIAL_POINTER_SIZE && defined
+                                 * _ANSI_C_SOURCE */
+#elif defined(__DJGPP__) && defined(OPENSSL_NO_SOCK)
+# define NO_SYSLOG
+#elif (!defined(MSDOS) || defined(WATT32)) && !defined(OPENSSL_SYS_VXWORKS) && !defined(NO_SYSLOG)
+# include <syslog.h>
+#endif
+
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+
+#ifndef NO_SYSLOG
+
+# if defined(OPENSSL_SYS_WIN32)
+#  define LOG_EMERG       0
+#  define LOG_ALERT       1
+#  define LOG_CRIT        2
+#  define LOG_ERR         3
+#  define LOG_WARNING     4
+#  define LOG_NOTICE      5
+#  define LOG_INFO        6
+#  define LOG_DEBUG       7
+
+#  define LOG_DAEMON      (3<<3)
+# elif defined(OPENSSL_SYS_VMS)
+/* On VMS, we don't really care about these, but we need them to compile */
+#  define LOG_EMERG       0
+#  define LOG_ALERT       1
+#  define LOG_CRIT        2
+#  define LOG_ERR         3
+#  define LOG_WARNING     4
+#  define LOG_NOTICE      5
+#  define LOG_INFO        6
+#  define LOG_DEBUG       7
+
+#  define LOG_DAEMON      OPC$M_NM_NTWORK
+# endif
+
+static int slg_write(BIO *h, const char *buf, int num);
+static int slg_puts(BIO *h, const char *str);
+static long slg_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int slg_new(BIO *h);
+static int slg_free(BIO *data);
+static void xopenlog(BIO *bp, char *name, int level);
+static void xsyslog(BIO *bp, int priority, const char *string);
+static void xcloselog(BIO *bp);
+
+static const BIO_METHOD methods_slg = {
+    BIO_TYPE_MEM,
+    "syslog",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
+    slg_write,
+    NULL,                      /* slg_write_old,    */
+    NULL,                      /* slg_read,         */
+    slg_puts,
+    NULL,
+    slg_ctrl,
+    slg_new,
+    slg_free,
+    NULL,                      /* slg_callback_ctrl */
+};
+
+const BIO_METHOD *BIO_s_log(void)
+{
+    return &methods_slg;
+}
+
+static int slg_new(BIO *bi)
+{
+    bi->init = 1;
+    bi->num = 0;
+    bi->ptr = NULL;
+    xopenlog(bi, "application", LOG_DAEMON);
+    return 1;
+}
+
+static int slg_free(BIO *a)
+{
+    if (a == NULL)
+        return 0;
+    xcloselog(a);
+    return 1;
+}
+
+static int slg_write(BIO *b, const char *in, int inl)
+{
+    int ret = inl;
+    char *buf;
+    char *pp;
+    int priority, i;
+    static const struct {
+        int strl;
+        char str[10];
+        int log_level;
+    } mapping[] = {
+        {
+            6, "PANIC ", LOG_EMERG
+        },
+        {
+            6, "EMERG ", LOG_EMERG
+        },
+        {
+            4, "EMR ", LOG_EMERG
+        },
+        {
+            6, "ALERT ", LOG_ALERT
+        },
+        {
+            4, "ALR ", LOG_ALERT
+        },
+        {
+            5, "CRIT ", LOG_CRIT
+        },
+        {
+            4, "CRI ", LOG_CRIT
+        },
+        {
+            6, "ERROR ", LOG_ERR
+        },
+        {
+            4, "ERR ", LOG_ERR
+        },
+        {
+            8, "WARNING ", LOG_WARNING
+        },
+        {
+            5, "WARN ", LOG_WARNING
+        },
+        {
+            4, "WAR ", LOG_WARNING
+        },
+        {
+            7, "NOTICE ", LOG_NOTICE
+        },
+        {
+            5, "NOTE ", LOG_NOTICE
+        },
+        {
+            4, "NOT ", LOG_NOTICE
+        },
+        {
+            5, "INFO ", LOG_INFO
+        },
+        {
+            4, "INF ", LOG_INFO
+        },
+        {
+            6, "DEBUG ", LOG_DEBUG
+        },
+        {
+            4, "DBG ", LOG_DEBUG
+        },
+        {
+            0, "", LOG_ERR
+        }
+        /* The default */
+    };
+
+    if ((buf = OPENSSL_malloc(inl + 1)) == NULL) {
+        BIOerr(BIO_F_SLG_WRITE, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    memcpy(buf, in, inl);
+    buf[inl] = '\0';
+
+    i = 0;
+    while (strncmp(buf, mapping[i].str, mapping[i].strl) != 0)
+        i++;
+    priority = mapping[i].log_level;
+    pp = buf + mapping[i].strl;
+
+    xsyslog(b, priority, pp);
+
+    OPENSSL_free(buf);
+    return ret;
+}
+
+static long slg_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    switch (cmd) {
+    case BIO_CTRL_SET:
+        xcloselog(b);
+        xopenlog(b, ptr, num);
+        break;
+    default:
+        break;
+    }
+    return 0;
+}
+
+static int slg_puts(BIO *bp, const char *str)
+{
+    int n, ret;
+
+    n = strlen(str);
+    ret = slg_write(bp, str, n);
+    return ret;
+}
+
+# if defined(OPENSSL_SYS_WIN32)
+
+static void xopenlog(BIO *bp, char *name, int level)
+{
+    if (check_winnt())
+        bp->ptr = RegisterEventSourceA(NULL, name);
+    else
+        bp->ptr = NULL;
+}
+
+static void xsyslog(BIO *bp, int priority, const char *string)
+{
+    LPCSTR lpszStrings[2];
+    WORD evtype = EVENTLOG_ERROR_TYPE;
+    char pidbuf[DECIMAL_SIZE(DWORD) + 4];
+
+    if (bp->ptr == NULL)
+        return;
+
+    switch (priority) {
+    case LOG_EMERG:
+    case LOG_ALERT:
+    case LOG_CRIT:
+    case LOG_ERR:
+        evtype = EVENTLOG_ERROR_TYPE;
+        break;
+    case LOG_WARNING:
+        evtype = EVENTLOG_WARNING_TYPE;
+        break;
+    case LOG_NOTICE:
+    case LOG_INFO:
+    case LOG_DEBUG:
+        evtype = EVENTLOG_INFORMATION_TYPE;
+        break;
+    default:
+        /*
+         * Should never happen, but set it
+         * as error anyway.
+         */
+        evtype = EVENTLOG_ERROR_TYPE;
+        break;
+    }
+
+    sprintf(pidbuf, "[%lu] ", GetCurrentProcessId());
+    lpszStrings[0] = pidbuf;
+    lpszStrings[1] = string;
+
+    ReportEventA(bp->ptr, evtype, 0, 1024, NULL, 2, 0, lpszStrings, NULL);
+}
+
+static void xcloselog(BIO *bp)
+{
+    if (bp->ptr)
+        DeregisterEventSource((HANDLE) (bp->ptr));
+    bp->ptr = NULL;
+}
+
+# elif defined(OPENSSL_SYS_VMS)
+
+static int VMS_OPC_target = LOG_DAEMON;
+
+static void xopenlog(BIO *bp, char *name, int level)
+{
+    VMS_OPC_target = level;
+}
+
+static void xsyslog(BIO *bp, int priority, const char *string)
+{
+    struct dsc$descriptor_s opc_dsc;
+
+/* Arrange 32-bit pointer to opcdef buffer and malloc(), if needed. */
+#  if __INITIAL_POINTER_SIZE == 64
+#   pragma pointer_size save
+#   pragma pointer_size 32
+#   define OPCDEF_TYPE __char_ptr32
+#   define OPCDEF_MALLOC _malloc32
+#  else                         /* __INITIAL_POINTER_SIZE == 64 */
+#   define OPCDEF_TYPE char *
+#   define OPCDEF_MALLOC OPENSSL_malloc
+#  endif                        /* __INITIAL_POINTER_SIZE == 64 [else] */
+
+    struct opcdef *opcdef_p;
+
+#  if __INITIAL_POINTER_SIZE == 64
+#   pragma pointer_size restore
+#  endif                        /* __INITIAL_POINTER_SIZE == 64 */
+
+    char buf[10240];
+    unsigned int len;
+    struct dsc$descriptor_s buf_dsc;
+    $DESCRIPTOR(fao_cmd, "!AZ: !AZ");
+    char *priority_tag;
+
+    switch (priority) {
+    case LOG_EMERG:
+        priority_tag = "Emergency";
+        break;
+    case LOG_ALERT:
+        priority_tag = "Alert";
+        break;
+    case LOG_CRIT:
+        priority_tag = "Critical";
+        break;
+    case LOG_ERR:
+        priority_tag = "Error";
+        break;
+    case LOG_WARNING:
+        priority_tag = "Warning";
+        break;
+    case LOG_NOTICE:
+        priority_tag = "Notice";
+        break;
+    case LOG_INFO:
+        priority_tag = "Info";
+        break;
+    case LOG_DEBUG:
+        priority_tag = "DEBUG";
+        break;
+    }
+
+    buf_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+    buf_dsc.dsc$b_class = DSC$K_CLASS_S;
+    buf_dsc.dsc$a_pointer = buf;
+    buf_dsc.dsc$w_length = sizeof(buf) - 1;
+
+    lib$sys_fao(&fao_cmd, &len, &buf_dsc, priority_tag, string);
+
+    /* We know there's an 8-byte header.  That's documented. */
+    opcdef_p = OPCDEF_MALLOC(8 + len);
+    opcdef_p->opc$b_ms_type = OPC$_RQ_RQST;
+    memcpy(opcdef_p->opc$z_ms_target_classes, &VMS_OPC_target, 3);
+    opcdef_p->opc$l_ms_rqstid = 0;
+    memcpy(&opcdef_p->opc$l_ms_text, buf, len);
+
+    opc_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+    opc_dsc.dsc$b_class = DSC$K_CLASS_S;
+    opc_dsc.dsc$a_pointer = (OPCDEF_TYPE) opcdef_p;
+    opc_dsc.dsc$w_length = len + 8;
+
+    sys$sndopr(opc_dsc, 0);
+
+    OPENSSL_free(opcdef_p);
+}
+
+static void xcloselog(BIO *bp)
+{
+}
+
+# else                          /* Unix/Watt32 */
+
+static void xopenlog(BIO *bp, char *name, int level)
+{
+#  ifdef WATT32                 /* djgpp/DOS */
+    openlog(name, LOG_PID | LOG_CONS | LOG_NDELAY, level);
+#  else
+    openlog(name, LOG_PID | LOG_CONS, level);
+#  endif
+}
+
+static void xsyslog(BIO *bp, int priority, const char *string)
+{
+    syslog(priority, "%s", string);
+}
+
+static void xcloselog(BIO *bp)
+{
+    closelog();
+}
+
+# endif                         /* Unix */
+
+#else                           /* NO_SYSLOG */
+const BIO_METHOD *BIO_s_log(void)
+{
+    return NULL;
+}
+#endif                          /* NO_SYSLOG */
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_mem.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_mem.c
new file mode 100644
index 000000000..10fcbf7a7
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_mem.c
@@ -0,0 +1,357 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "bio_lcl.h"
+#include "internal/cryptlib.h"
+
+static int mem_write(BIO *h, const char *buf, int num);
+static int mem_read(BIO *h, char *buf, int size);
+static int mem_puts(BIO *h, const char *str);
+static int mem_gets(BIO *h, char *str, int size);
+static long mem_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int mem_new(BIO *h);
+static int secmem_new(BIO *h);
+static int mem_free(BIO *data);
+static int mem_buf_free(BIO *data);
+static int mem_buf_sync(BIO *h);
+
+static const BIO_METHOD mem_method = {
+    BIO_TYPE_MEM,
+    "memory buffer",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
+    mem_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
+    mem_read,
+    mem_puts,
+    mem_gets,
+    mem_ctrl,
+    mem_new,
+    mem_free,
+    NULL,                      /* mem_callback_ctrl */
+};
+
+static const BIO_METHOD secmem_method = {
+    BIO_TYPE_MEM,
+    "secure memory buffer",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
+    mem_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
+    mem_read,
+    mem_puts,
+    mem_gets,
+    mem_ctrl,
+    secmem_new,
+    mem_free,
+    NULL,                      /* mem_callback_ctrl */
+};
+
+/* BIO memory stores buffer and read pointer  */
+typedef struct bio_buf_mem_st {
+    struct buf_mem_st *buf;   /* allocated buffer */
+    struct buf_mem_st *readp; /* read pointer */
+} BIO_BUF_MEM;
+
+/*
+ * bio->num is used to hold the value to return on 'empty', if it is 0,
+ * should_retry is not set
+ */
+
+const BIO_METHOD *BIO_s_mem(void)
+{
+    return &mem_method;
+}
+
+const BIO_METHOD *BIO_s_secmem(void)
+{
+    return(&secmem_method);
+}
+
+BIO *BIO_new_mem_buf(const void *buf, int len)
+{
+    BIO *ret;
+    BUF_MEM *b;
+    BIO_BUF_MEM *bb;
+    size_t sz;
+
+    if (buf == NULL) {
+        BIOerr(BIO_F_BIO_NEW_MEM_BUF, BIO_R_NULL_PARAMETER);
+        return NULL;
+    }
+    sz = (len < 0) ? strlen(buf) : (size_t)len;
+    if ((ret = BIO_new(BIO_s_mem())) == NULL)
+        return NULL;
+    bb = (BIO_BUF_MEM *)ret->ptr;
+    b = bb->buf;
+    /* Cast away const and trust in the MEM_RDONLY flag. */
+    b->data = (void *)buf;
+    b->length = sz;
+    b->max = sz;
+    *bb->readp = *bb->buf;
+    ret->flags |= BIO_FLAGS_MEM_RDONLY;
+    /* Since this is static data retrying won't help */
+    ret->num = 0;
+    return ret;
+}
+
+static int mem_init(BIO *bi, unsigned long flags)
+{
+    BIO_BUF_MEM *bb = OPENSSL_zalloc(sizeof(*bb));
+
+    if (bb == NULL)
+        return 0;
+    if ((bb->buf = BUF_MEM_new_ex(flags)) == NULL) {
+        OPENSSL_free(bb);
+        return 0;
+    }
+    if ((bb->readp = OPENSSL_zalloc(sizeof(*bb->readp))) == NULL) {
+        BUF_MEM_free(bb->buf);
+        OPENSSL_free(bb);
+        return 0;
+    }
+    *bb->readp = *bb->buf;
+    bi->shutdown = 1;
+    bi->init = 1;
+    bi->num = -1;
+    bi->ptr = (char *)bb;
+    return 1;
+}
+
+static int mem_new(BIO *bi)
+{
+    return mem_init(bi, 0L);
+}
+
+static int secmem_new(BIO *bi)
+{
+    return mem_init(bi, BUF_MEM_FLAG_SECURE);
+}
+
+static int mem_free(BIO *a)
+{
+    BIO_BUF_MEM *bb;
+
+    if (a == NULL)
+        return 0;
+
+    bb = (BIO_BUF_MEM *)a->ptr;
+    if (!mem_buf_free(a))
+        return 0;
+    OPENSSL_free(bb->readp);
+    OPENSSL_free(bb);
+    return 1;
+}
+
+static int mem_buf_free(BIO *a)
+{
+    if (a == NULL)
+        return 0;
+
+    if (a->shutdown && a->init && a->ptr != NULL) {
+        BIO_BUF_MEM *bb = (BIO_BUF_MEM *)a->ptr;
+        BUF_MEM *b = bb->buf;
+
+        if (a->flags & BIO_FLAGS_MEM_RDONLY)
+            b->data = NULL;
+        BUF_MEM_free(b);
+    }
+    return 1;
+}
+
+/*
+ * Reallocate memory buffer if read pointer differs
+ */
+static int mem_buf_sync(BIO *b)
+{
+    if (b != NULL && b->init != 0 && b->ptr != NULL) {
+        BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)b->ptr;
+
+        if (bbm->readp->data != bbm->buf->data) {
+            memmove(bbm->buf->data, bbm->readp->data, bbm->readp->length);
+            bbm->buf->length = bbm->readp->length;
+            bbm->readp->data = bbm->buf->data;
+        }
+    }
+    return 0;
+}
+
+static int mem_read(BIO *b, char *out, int outl)
+{
+    int ret = -1;
+    BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)b->ptr;
+    BUF_MEM *bm = bbm->readp;
+
+    BIO_clear_retry_flags(b);
+    ret = (outl >= 0 && (size_t)outl > bm->length) ? (int)bm->length : outl;
+    if ((out != NULL) && (ret > 0)) {
+        memcpy(out, bm->data, ret);
+        bm->length -= ret;
+        bm->data += ret;
+    } else if (bm->length == 0) {
+        ret = b->num;
+        if (ret != 0)
+            BIO_set_retry_read(b);
+    }
+    return ret;
+}
+
+static int mem_write(BIO *b, const char *in, int inl)
+{
+    int ret = -1;
+    int blen;
+    BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)b->ptr;
+
+    if (in == NULL) {
+        BIOerr(BIO_F_MEM_WRITE, BIO_R_NULL_PARAMETER);
+        goto end;
+    }
+    if (b->flags & BIO_FLAGS_MEM_RDONLY) {
+        BIOerr(BIO_F_MEM_WRITE, BIO_R_WRITE_TO_READ_ONLY_BIO);
+        goto end;
+    }
+    BIO_clear_retry_flags(b);
+    if (inl == 0)
+        return 0;
+    blen = bbm->readp->length;
+    mem_buf_sync(b);
+    if (BUF_MEM_grow_clean(bbm->buf, blen + inl) == 0)
+        goto end;
+    memcpy(bbm->buf->data + blen, in, inl);
+    *bbm->readp = *bbm->buf;
+    ret = inl;
+ end:
+    return ret;
+}
+
+static long mem_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    long ret = 1;
+    char **pptr;
+    BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)b->ptr;
+    BUF_MEM *bm;
+
+    switch (cmd) {
+    case BIO_CTRL_RESET:
+        bm = bbm->buf;
+        if (bm->data != NULL) {
+            /* For read only case reset to the start again */
+            if ((b->flags & BIO_FLAGS_MEM_RDONLY) || (b->flags & BIO_FLAGS_NONCLEAR_RST)) {
+                bm->length = bm->max;
+            } else {
+                memset(bm->data, 0, bm->max);
+                bm->length = 0;
+            }
+            *bbm->readp = *bbm->buf;
+        }
+        break;
+    case BIO_CTRL_EOF:
+        bm = bbm->readp;
+        ret = (long)(bm->length == 0);
+        break;
+    case BIO_C_SET_BUF_MEM_EOF_RETURN:
+        b->num = (int)num;
+        break;
+    case BIO_CTRL_INFO:
+        bm = bbm->readp;
+        ret = (long)bm->length;
+        if (ptr != NULL) {
+            pptr = (char **)ptr;
+            *pptr = (char *)&(bm->data[0]);
+        }
+        break;
+    case BIO_C_SET_BUF_MEM:
+        mem_buf_free(b);
+        b->shutdown = (int)num;
+        bbm->buf = ptr;
+        *bbm->readp = *bbm->buf;
+        break;
+    case BIO_C_GET_BUF_MEM_PTR:
+        if (ptr != NULL) {
+            mem_buf_sync(b);
+            bm = bbm->readp;
+            pptr = (char **)ptr;
+            *pptr = (char *)bm;
+        }
+        break;
+    case BIO_CTRL_GET_CLOSE:
+        ret = (long)b->shutdown;
+        break;
+    case BIO_CTRL_SET_CLOSE:
+        b->shutdown = (int)num;
+        break;
+    case BIO_CTRL_WPENDING:
+        ret = 0L;
+        break;
+    case BIO_CTRL_PENDING:
+        bm = bbm->readp;
+        ret = (long)bm->length;
+        break;
+    case BIO_CTRL_DUP:
+    case BIO_CTRL_FLUSH:
+        ret = 1;
+        break;
+    case BIO_CTRL_PUSH:
+    case BIO_CTRL_POP:
+    default:
+        ret = 0;
+        break;
+    }
+    return ret;
+}
+
+static int mem_gets(BIO *bp, char *buf, int size)
+{
+    int i, j;
+    int ret = -1;
+    char *p;
+    BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)bp->ptr;
+    BUF_MEM *bm = bbm->readp;
+
+    BIO_clear_retry_flags(bp);
+    j = bm->length;
+    if ((size - 1) < j)
+        j = size - 1;
+    if (j <= 0) {
+        *buf = '\0';
+        return 0;
+    }
+    p = bm->data;
+    for (i = 0; i < j; i++) {
+        if (p[i] == '\n') {
+            i++;
+            break;
+        }
+    }
+
+    /*
+     * i is now the max num of bytes to copy, either j or up to
+     * and including the first newline
+     */
+
+    i = mem_read(bp, buf, i);
+    if (i > 0)
+        buf[i] = '\0';
+    ret = i;
+    return ret;
+}
+
+static int mem_puts(BIO *bp, const char *str)
+{
+    int n, ret;
+
+    n = strlen(str);
+    ret = mem_write(bp, str, n);
+    /* memory semantics is that it will always work */
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_null.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_null.c
new file mode 100644
index 000000000..08f1d2bc9
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_null.c
@@ -0,0 +1,87 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "bio_lcl.h"
+#include "internal/cryptlib.h"
+
+static int null_write(BIO *h, const char *buf, int num);
+static int null_read(BIO *h, char *buf, int size);
+static int null_puts(BIO *h, const char *str);
+static int null_gets(BIO *h, char *str, int size);
+static long null_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static const BIO_METHOD null_method = {
+    BIO_TYPE_NULL,
+    "NULL",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
+    null_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
+    null_read,
+    null_puts,
+    null_gets,
+    null_ctrl,
+    NULL,
+    NULL,
+    NULL,                     /* null_callback_ctrl */
+};
+
+const BIO_METHOD *BIO_s_null(void)
+{
+    return &null_method;
+}
+
+static int null_read(BIO *b, char *out, int outl)
+{
+    return 0;
+}
+
+static int null_write(BIO *b, const char *in, int inl)
+{
+    return inl;
+}
+
+static long null_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    long ret = 1;
+
+    switch (cmd) {
+    case BIO_CTRL_RESET:
+    case BIO_CTRL_EOF:
+    case BIO_CTRL_SET:
+    case BIO_CTRL_SET_CLOSE:
+    case BIO_CTRL_FLUSH:
+    case BIO_CTRL_DUP:
+        ret = 1;
+        break;
+    case BIO_CTRL_GET_CLOSE:
+    case BIO_CTRL_INFO:
+    case BIO_CTRL_GET:
+    case BIO_CTRL_PENDING:
+    case BIO_CTRL_WPENDING:
+    default:
+        ret = 0;
+        break;
+    }
+    return ret;
+}
+
+static int null_gets(BIO *bp, char *buf, int size)
+{
+    return 0;
+}
+
+static int null_puts(BIO *bp, const char *str)
+{
+    if (str == NULL)
+        return 0;
+    return strlen(str);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_sock.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_sock.c
new file mode 100644
index 000000000..ad3845320
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_sock.c
@@ -0,0 +1,233 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "bio_lcl.h"
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_SOCK
+
+# include <openssl/bio.h>
+
+# ifdef WATT32
+/* Watt-32 uses same names */
+#  undef sock_write
+#  undef sock_read
+#  undef sock_puts
+#  define sock_write SockWrite
+#  define sock_read  SockRead
+#  define sock_puts  SockPuts
+# endif
+
+static int sock_write(BIO *h, const char *buf, int num);
+static int sock_read(BIO *h, char *buf, int size);
+static int sock_puts(BIO *h, const char *str);
+static long sock_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int sock_new(BIO *h);
+static int sock_free(BIO *data);
+int BIO_sock_should_retry(int s);
+
+static const BIO_METHOD methods_sockp = {
+    BIO_TYPE_SOCKET,
+    "socket",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
+    sock_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
+    sock_read,
+    sock_puts,
+    NULL,                       /* sock_gets,         */
+    sock_ctrl,
+    sock_new,
+    sock_free,
+    NULL,                       /* sock_callback_ctrl */
+};
+
+const BIO_METHOD *BIO_s_socket(void)
+{
+    return &methods_sockp;
+}
+
+BIO *BIO_new_socket(int fd, int close_flag)
+{
+    BIO *ret;
+
+    ret = BIO_new(BIO_s_socket());
+    if (ret == NULL)
+        return NULL;
+    BIO_set_fd(ret, fd, close_flag);
+    return ret;
+}
+
+static int sock_new(BIO *bi)
+{
+    bi->init = 0;
+    bi->num = 0;
+    bi->ptr = NULL;
+    bi->flags = 0;
+    return 1;
+}
+
+static int sock_free(BIO *a)
+{
+    if (a == NULL)
+        return 0;
+    if (a->shutdown) {
+        if (a->init) {
+            BIO_closesocket(a->num);
+        }
+        a->init = 0;
+        a->flags = 0;
+    }
+    return 1;
+}
+
+static int sock_read(BIO *b, char *out, int outl)
+{
+    int ret = 0;
+
+    if (out != NULL) {
+        clear_socket_error();
+        ret = readsocket(b->num, out, outl);
+        BIO_clear_retry_flags(b);
+        if (ret <= 0) {
+            if (BIO_sock_should_retry(ret))
+                BIO_set_retry_read(b);
+        }
+    }
+    return ret;
+}
+
+static int sock_write(BIO *b, const char *in, int inl)
+{
+    int ret;
+
+    clear_socket_error();
+    ret = writesocket(b->num, in, inl);
+    BIO_clear_retry_flags(b);
+    if (ret <= 0) {
+        if (BIO_sock_should_retry(ret))
+            BIO_set_retry_write(b);
+    }
+    return ret;
+}
+
+static long sock_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    long ret = 1;
+    int *ip;
+
+    switch (cmd) {
+    case BIO_C_SET_FD:
+        sock_free(b);
+        b->num = *((int *)ptr);
+        b->shutdown = (int)num;
+        b->init = 1;
+        break;
+    case BIO_C_GET_FD:
+        if (b->init) {
+            ip = (int *)ptr;
+            if (ip != NULL)
+                *ip = b->num;
+            ret = b->num;
+        } else
+            ret = -1;
+        break;
+    case BIO_CTRL_GET_CLOSE:
+        ret = b->shutdown;
+        break;
+    case BIO_CTRL_SET_CLOSE:
+        b->shutdown = (int)num;
+        break;
+    case BIO_CTRL_DUP:
+    case BIO_CTRL_FLUSH:
+        ret = 1;
+        break;
+    default:
+        ret = 0;
+        break;
+    }
+    return ret;
+}
+
+static int sock_puts(BIO *bp, const char *str)
+{
+    int n, ret;
+
+    n = strlen(str);
+    ret = sock_write(bp, str, n);
+    return ret;
+}
+
+int BIO_sock_should_retry(int i)
+{
+    int err;
+
+    if ((i == 0) || (i == -1)) {
+        err = get_last_socket_error();
+
+        return BIO_sock_non_fatal_error(err);
+    }
+    return 0;
+}
+
+int BIO_sock_non_fatal_error(int err)
+{
+    switch (err) {
+# if defined(OPENSSL_SYS_WINDOWS)
+#  if defined(WSAEWOULDBLOCK)
+    case WSAEWOULDBLOCK:
+#  endif
+# endif
+
+# ifdef EWOULDBLOCK
+#  ifdef WSAEWOULDBLOCK
+#   if WSAEWOULDBLOCK != EWOULDBLOCK
+    case EWOULDBLOCK:
+#   endif
+#  else
+    case EWOULDBLOCK:
+#  endif
+# endif
+
+# if defined(ENOTCONN)
+    case ENOTCONN:
+# endif
+
+# ifdef EINTR
+    case EINTR:
+# endif
+
+# ifdef EAGAIN
+#  if EWOULDBLOCK != EAGAIN
+    case EAGAIN:
+#  endif
+# endif
+
+# ifdef EPROTO
+    case EPROTO:
+# endif
+
+# ifdef EINPROGRESS
+    case EINPROGRESS:
+# endif
+
+# ifdef EALREADY
+    case EALREADY:
+# endif
+        return 1;
+    default:
+        break;
+    }
+    return 0;
+}
+
+#endif                          /* #ifndef OPENSSL_NO_SOCK */
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/build.info
new file mode 100644
index 000000000..d1e7d73c5
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/build.info
@@ -0,0 +1,8 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        bio_lib.c bio_cb.c bio_err.c \
+        bss_mem.c bss_null.c bss_fd.c \
+        bss_file.c bss_sock.c bss_conn.c \
+        bf_null.c bf_buff.c b_print.c b_dump.c b_addr.c \
+        b_sock.c b_sock2.c bss_acpt.c bf_nbio.c bss_log.c bss_bio.c \
+        bss_dgram.c bio_meth.c bf_lbuf.c
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/blake2/blake2_impl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/blake2/blake2_impl.h
new file mode 100644
index 000000000..80b717e79
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/blake2/blake2_impl.h
@@ -0,0 +1,129 @@
+/*
+ * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Derived from the BLAKE2 reference implementation written by Samuel Neves.
+ * Copyright 2012, Samuel Neves <sneves@dei.uc.pt>
+ * More information about the BLAKE2 hash function and its implementations
+ * can be found at https://blake2.net.
+ */
+
+#include <string.h>
+
+static ossl_inline uint32_t load32(const uint8_t *src)
+{
+    const union {
+        long one;
+        char little;
+    } is_endian = { 1 };
+
+    if (is_endian.little) {
+        uint32_t w;
+        memcpy(&w, src, sizeof(w));
+        return w;
+    } else {
+        uint32_t w = ((uint32_t)src[0])
+                   | ((uint32_t)src[1] <<  8)
+                   | ((uint32_t)src[2] << 16)
+                   | ((uint32_t)src[3] << 24);
+        return w;
+    }
+}
+
+static ossl_inline uint64_t load64(const uint8_t *src)
+{
+    const union {
+        long one;
+        char little;
+    } is_endian = { 1 };
+
+    if (is_endian.little) {
+        uint64_t w;
+        memcpy(&w, src, sizeof(w));
+        return w;
+    } else {
+        uint64_t w = ((uint64_t)src[0])
+                   | ((uint64_t)src[1] <<  8)
+                   | ((uint64_t)src[2] << 16)
+                   | ((uint64_t)src[3] << 24)
+                   | ((uint64_t)src[4] << 32)
+                   | ((uint64_t)src[5] << 40)
+                   | ((uint64_t)src[6] << 48)
+                   | ((uint64_t)src[7] << 56);
+        return w;
+    }
+}
+
+static ossl_inline void store32(uint8_t *dst, uint32_t w)
+{
+    const union {
+        long one;
+        char little;
+    } is_endian = { 1 };
+
+    if (is_endian.little) {
+        memcpy(dst, &w, sizeof(w));
+    } else {
+        uint8_t *p = (uint8_t *)dst;
+        int i;
+
+        for (i = 0; i < 4; i++)
+            p[i] = (uint8_t)(w >> (8 * i));
+    }
+}
+
+static ossl_inline void store64(uint8_t *dst, uint64_t w)
+{
+    const union {
+        long one;
+        char little;
+    } is_endian = { 1 };
+
+    if (is_endian.little) {
+        memcpy(dst, &w, sizeof(w));
+    } else {
+        uint8_t *p = (uint8_t *)dst;
+        int i;
+
+        for (i = 0; i < 8; i++)
+            p[i] = (uint8_t)(w >> (8 * i));
+    }
+}
+
+static ossl_inline uint64_t load48(const uint8_t *src)
+{
+    uint64_t w = ((uint64_t)src[0])
+               | ((uint64_t)src[1] <<  8)
+               | ((uint64_t)src[2] << 16)
+               | ((uint64_t)src[3] << 24)
+               | ((uint64_t)src[4] << 32)
+               | ((uint64_t)src[5] << 40);
+    return w;
+}
+
+static ossl_inline void store48(uint8_t *dst, uint64_t w)
+{
+    uint8_t *p = (uint8_t *)dst;
+    p[0] = (uint8_t)w;
+    p[1] = (uint8_t)(w>>8);
+    p[2] = (uint8_t)(w>>16);
+    p[3] = (uint8_t)(w>>24);
+    p[4] = (uint8_t)(w>>32);
+    p[5] = (uint8_t)(w>>40);
+}
+
+static ossl_inline uint32_t rotr32(const uint32_t w, const unsigned int c)
+{
+    return (w >> c) | (w << (32 - c));
+}
+
+static ossl_inline uint64_t rotr64(const uint64_t w, const unsigned int c)
+{
+    return (w >> c) | (w << (64 - c));
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/blake2/blake2_locl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/blake2/blake2_locl.h
new file mode 100644
index 000000000..926bae944
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/blake2/blake2_locl.h
@@ -0,0 +1,90 @@
+/*
+ * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Derived from the BLAKE2 reference implementation written by Samuel Neves.
+ * Copyright 2012, Samuel Neves <sneves@dei.uc.pt>
+ * More information about the BLAKE2 hash function and its implementations
+ * can be found at https://blake2.net.
+ */
+
+#include <stddef.h>
+
+#define BLAKE2S_BLOCKBYTES    64
+#define BLAKE2S_OUTBYTES      32
+#define BLAKE2S_KEYBYTES      32
+#define BLAKE2S_SALTBYTES     8
+#define BLAKE2S_PERSONALBYTES 8
+
+#define BLAKE2B_BLOCKBYTES    128
+#define BLAKE2B_OUTBYTES      64
+#define BLAKE2B_KEYBYTES      64
+#define BLAKE2B_SALTBYTES     16
+#define BLAKE2B_PERSONALBYTES 16
+
+struct blake2s_param_st {
+    uint8_t  digest_length; /* 1 */
+    uint8_t  key_length;    /* 2 */
+    uint8_t  fanout;        /* 3 */
+    uint8_t  depth;         /* 4 */
+    uint8_t  leaf_length[4];/* 8 */
+    uint8_t  node_offset[6];/* 14 */
+    uint8_t  node_depth;    /* 15 */
+    uint8_t  inner_length;  /* 16 */
+    uint8_t  salt[BLAKE2S_SALTBYTES]; /* 24 */
+    uint8_t  personal[BLAKE2S_PERSONALBYTES];  /* 32 */
+};
+
+typedef struct blake2s_param_st BLAKE2S_PARAM;
+
+struct blake2s_ctx_st {
+    uint32_t h[8];
+    uint32_t t[2];
+    uint32_t f[2];
+    uint8_t  buf[BLAKE2S_BLOCKBYTES];
+    size_t   buflen;
+};
+
+struct blake2b_param_st {
+    uint8_t  digest_length; /* 1 */
+    uint8_t  key_length;    /* 2 */
+    uint8_t  fanout;        /* 3 */
+    uint8_t  depth;         /* 4 */
+    uint8_t  leaf_length[4];/* 8 */
+    uint8_t  node_offset[8];/* 16 */
+    uint8_t  node_depth;    /* 17 */
+    uint8_t  inner_length;  /* 18 */
+    uint8_t  reserved[14];  /* 32 */
+    uint8_t  salt[BLAKE2B_SALTBYTES]; /* 48 */
+    uint8_t  personal[BLAKE2B_PERSONALBYTES];  /* 64 */
+};
+
+typedef struct blake2b_param_st BLAKE2B_PARAM;
+
+struct blake2b_ctx_st {
+    uint64_t h[8];
+    uint64_t t[2];
+    uint64_t f[2];
+    uint8_t  buf[BLAKE2B_BLOCKBYTES];
+    size_t   buflen;
+};
+
+#define BLAKE2B_DIGEST_LENGTH 64
+#define BLAKE2S_DIGEST_LENGTH 32
+
+typedef struct blake2s_ctx_st BLAKE2S_CTX;
+typedef struct blake2b_ctx_st BLAKE2B_CTX;
+
+int BLAKE2b_Init(BLAKE2B_CTX *c);
+int BLAKE2b_Update(BLAKE2B_CTX *c, const void *data, size_t datalen);
+int BLAKE2b_Final(unsigned char *md, BLAKE2B_CTX *c);
+
+int BLAKE2s_Init(BLAKE2S_CTX *c);
+int BLAKE2s_Update(BLAKE2S_CTX *c, const void *data, size_t datalen);
+int BLAKE2s_Final(unsigned char *md, BLAKE2S_CTX *c);
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/blake2/blake2b.c b/trunk/3rdparty/openssl-1.1-fit/crypto/blake2/blake2b.c
new file mode 100644
index 000000000..829ba5b50
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/blake2/blake2b.c
@@ -0,0 +1,269 @@
+/*
+ * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Derived from the BLAKE2 reference implementation written by Samuel Neves.
+ * Copyright 2012, Samuel Neves <sneves@dei.uc.pt>
+ * More information about the BLAKE2 hash function and its implementations
+ * can be found at https://blake2.net.
+ */
+
+#include <assert.h>
+#include <string.h>
+#include <openssl/crypto.h>
+
+#include "blake2_locl.h"
+#include "blake2_impl.h"
+
+static const uint64_t blake2b_IV[8] =
+{
+    0x6a09e667f3bcc908U, 0xbb67ae8584caa73bU,
+    0x3c6ef372fe94f82bU, 0xa54ff53a5f1d36f1U,
+    0x510e527fade682d1U, 0x9b05688c2b3e6c1fU,
+    0x1f83d9abfb41bd6bU, 0x5be0cd19137e2179U
+};
+
+static const uint8_t blake2b_sigma[12][16] =
+{
+    {  0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15 } ,
+    { 14, 10,  4,  8,  9, 15, 13,  6,  1, 12,  0,  2, 11,  7,  5,  3 } ,
+    { 11,  8, 12,  0,  5,  2, 15, 13, 10, 14,  3,  6,  7,  1,  9,  4 } ,
+    {  7,  9,  3,  1, 13, 12, 11, 14,  2,  6,  5, 10,  4,  0, 15,  8 } ,
+    {  9,  0,  5,  7,  2,  4, 10, 15, 14,  1, 11, 12,  6,  8,  3, 13 } ,
+    {  2, 12,  6, 10,  0, 11,  8,  3,  4, 13,  7,  5, 15, 14,  1,  9 } ,
+    { 12,  5,  1, 15, 14, 13,  4, 10,  0,  7,  6,  3,  9,  2,  8, 11 } ,
+    { 13, 11,  7, 14, 12,  1,  3,  9,  5,  0, 15,  4,  8,  6,  2, 10 } ,
+    {  6, 15, 14,  9, 11,  3,  0,  8, 12,  2, 13,  7,  1,  4, 10,  5 } ,
+    { 10,  2,  8,  4,  7,  6,  1,  5, 15, 11,  9, 14,  3, 12, 13 , 0 } ,
+    {  0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15 } ,
+    { 14, 10,  4,  8,  9, 15, 13,  6,  1, 12,  0,  2, 11,  7,  5,  3 }
+};
+
+/* Set that it's the last block we'll compress */
+static ossl_inline void blake2b_set_lastblock(BLAKE2B_CTX *S)
+{
+    S->f[0] = -1;
+}
+
+/* Initialize the hashing state. */
+static ossl_inline void blake2b_init0(BLAKE2B_CTX *S)
+{
+    int i;
+
+    memset(S, 0, sizeof(BLAKE2B_CTX));
+    for (i = 0; i < 8; ++i) {
+        S->h[i] = blake2b_IV[i];
+    }
+}
+
+/* init xors IV with input parameter block */
+static void blake2b_init_param(BLAKE2B_CTX *S, const BLAKE2B_PARAM *P)
+{
+    size_t i;
+    const uint8_t *p = (const uint8_t *)(P);
+    blake2b_init0(S);
+
+    /* The param struct is carefully hand packed, and should be 64 bytes on
+     * every platform. */
+    assert(sizeof(BLAKE2B_PARAM) == 64);
+    /* IV XOR ParamBlock */
+    for (i = 0; i < 8; ++i) {
+        S->h[i] ^= load64(p + sizeof(S->h[i]) * i);
+    }
+}
+
+/* Initialize the hashing context.  Always returns 1. */
+int BLAKE2b_Init(BLAKE2B_CTX *c)
+{
+    BLAKE2B_PARAM P[1];
+    P->digest_length = BLAKE2B_DIGEST_LENGTH;
+    P->key_length    = 0;
+    P->fanout        = 1;
+    P->depth         = 1;
+    store32(P->leaf_length, 0);
+    store64(P->node_offset, 0);
+    P->node_depth    = 0;
+    P->inner_length  = 0;
+    memset(P->reserved, 0, sizeof(P->reserved));
+    memset(P->salt,     0, sizeof(P->salt));
+    memset(P->personal, 0, sizeof(P->personal));
+    blake2b_init_param(c, P);
+    return 1;
+}
+
+/* Permute the state while xoring in the block of data. */
+static void blake2b_compress(BLAKE2B_CTX *S,
+                            const uint8_t *blocks,
+                            size_t len)
+{
+    uint64_t m[16];
+    uint64_t v[16];
+    int i;
+    size_t increment;
+
+    /*
+     * There are two distinct usage vectors for this function:
+     *
+     * a) BLAKE2b_Update uses it to process complete blocks,
+     *    possibly more than one at a time;
+     *
+     * b) BLAK2b_Final uses it to process last block, always
+     *    single but possibly incomplete, in which case caller
+     *    pads input with zeros.
+     */
+    assert(len < BLAKE2B_BLOCKBYTES || len % BLAKE2B_BLOCKBYTES == 0);
+
+    /*
+     * Since last block is always processed with separate call,
+     * |len| not being multiple of complete blocks can be observed
+     * only with |len| being less than BLAKE2B_BLOCKBYTES ("less"
+     * including even zero), which is why following assignment doesn't
+     * have to reside inside the main loop below.
+     */
+    increment = len < BLAKE2B_BLOCKBYTES ? len : BLAKE2B_BLOCKBYTES;
+
+    for (i = 0; i < 8; ++i) {
+        v[i] = S->h[i];
+    }
+
+    do {
+        for (i = 0; i < 16; ++i) {
+            m[i] = load64(blocks + i * sizeof(m[i]));
+        }
+
+        /* blake2b_increment_counter */
+        S->t[0] += increment;
+        S->t[1] += (S->t[0] < increment);
+
+        v[8]  = blake2b_IV[0];
+        v[9]  = blake2b_IV[1];
+        v[10] = blake2b_IV[2];
+        v[11] = blake2b_IV[3];
+        v[12] = S->t[0] ^ blake2b_IV[4];
+        v[13] = S->t[1] ^ blake2b_IV[5];
+        v[14] = S->f[0] ^ blake2b_IV[6];
+        v[15] = S->f[1] ^ blake2b_IV[7];
+#define G(r,i,a,b,c,d) \
+        do { \
+            a = a + b + m[blake2b_sigma[r][2*i+0]]; \
+            d = rotr64(d ^ a, 32); \
+            c = c + d; \
+            b = rotr64(b ^ c, 24); \
+            a = a + b + m[blake2b_sigma[r][2*i+1]]; \
+            d = rotr64(d ^ a, 16); \
+            c = c + d; \
+            b = rotr64(b ^ c, 63); \
+        } while (0)
+#define ROUND(r)  \
+        do { \
+            G(r,0,v[ 0],v[ 4],v[ 8],v[12]); \
+            G(r,1,v[ 1],v[ 5],v[ 9],v[13]); \
+            G(r,2,v[ 2],v[ 6],v[10],v[14]); \
+            G(r,3,v[ 3],v[ 7],v[11],v[15]); \
+            G(r,4,v[ 0],v[ 5],v[10],v[15]); \
+            G(r,5,v[ 1],v[ 6],v[11],v[12]); \
+            G(r,6,v[ 2],v[ 7],v[ 8],v[13]); \
+            G(r,7,v[ 3],v[ 4],v[ 9],v[14]); \
+        } while (0)
+#if defined(OPENSSL_SMALL_FOOTPRINT)
+        /* 3x size reduction on x86_64, almost 7x on ARMv8, 9x on ARMv4 */
+        for (i = 0; i < 12; i++) {
+            ROUND(i);
+        }
+#else
+        ROUND(0);
+        ROUND(1);
+        ROUND(2);
+        ROUND(3);
+        ROUND(4);
+        ROUND(5);
+        ROUND(6);
+        ROUND(7);
+        ROUND(8);
+        ROUND(9);
+        ROUND(10);
+        ROUND(11);
+#endif
+
+        for (i = 0; i < 8; ++i) {
+            S->h[i] = v[i] ^= v[i + 8] ^ S->h[i];
+        }
+#undef G
+#undef ROUND
+        blocks += increment;
+        len -= increment;
+    } while (len);
+}
+
+/* Absorb the input data into the hash state.  Always returns 1. */
+int BLAKE2b_Update(BLAKE2B_CTX *c, const void *data, size_t datalen)
+{
+    const uint8_t *in = data;
+    size_t fill;
+
+    /*
+     * Intuitively one would expect intermediate buffer, c->buf, to
+     * store incomplete blocks. But in this case we are interested to
+     * temporarily stash even complete blocks, because last one in the
+     * stream has to be treated in special way, and at this point we
+     * don't know if last block in *this* call is last one "ever". This
+     * is the reason for why |datalen| is compared as >, and not >=.
+     */
+    fill = sizeof(c->buf) - c->buflen;
+    if (datalen > fill) {
+        if (c->buflen) {
+            memcpy(c->buf + c->buflen, in, fill); /* Fill buffer */
+            blake2b_compress(c, c->buf, BLAKE2B_BLOCKBYTES);
+            c->buflen = 0;
+            in += fill;
+            datalen -= fill;
+        }
+        if (datalen > BLAKE2B_BLOCKBYTES) {
+            size_t stashlen = datalen % BLAKE2B_BLOCKBYTES;
+            /*
+             * If |datalen| is a multiple of the blocksize, stash
+             * last complete block, it can be final one...
+             */
+            stashlen = stashlen ? stashlen : BLAKE2B_BLOCKBYTES;
+            datalen -= stashlen;
+            blake2b_compress(c, in, datalen);
+            in += datalen;
+            datalen = stashlen;
+        }
+    }
+
+    assert(datalen <= BLAKE2B_BLOCKBYTES);
+
+    memcpy(c->buf + c->buflen, in, datalen);
+    c->buflen += datalen; /* Be lazy, do not compress */
+
+    return 1;
+}
+
+/*
+ * Calculate the final hash and save it in md.
+ * Always returns 1.
+ */
+int BLAKE2b_Final(unsigned char *md, BLAKE2B_CTX *c)
+{
+    int i;
+
+    blake2b_set_lastblock(c);
+    /* Padding */
+    memset(c->buf + c->buflen, 0, sizeof(c->buf) - c->buflen);
+    blake2b_compress(c, c->buf, c->buflen);
+
+    /* Output full hash to message digest */
+    for (i = 0; i < 8; ++i) {
+        store64(md + sizeof(c->h[i]) * i, c->h[i]);
+    }
+
+    OPENSSL_cleanse(c, sizeof(BLAKE2B_CTX));
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/blake2/blake2s.c b/trunk/3rdparty/openssl-1.1-fit/crypto/blake2/blake2s.c
new file mode 100644
index 000000000..8211374d1
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/blake2/blake2s.c
@@ -0,0 +1,263 @@
+/*
+ * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Derived from the BLAKE2 reference implementation written by Samuel Neves.
+ * Copyright 2012, Samuel Neves <sneves@dei.uc.pt>
+ * More information about the BLAKE2 hash function and its implementations
+ * can be found at https://blake2.net.
+ */
+
+#include <assert.h>
+#include <string.h>
+#include <openssl/crypto.h>
+
+#include "blake2_locl.h"
+#include "blake2_impl.h"
+
+static const uint32_t blake2s_IV[8] =
+{
+    0x6A09E667U, 0xBB67AE85U, 0x3C6EF372U, 0xA54FF53AU,
+    0x510E527FU, 0x9B05688CU, 0x1F83D9ABU, 0x5BE0CD19U
+};
+
+static const uint8_t blake2s_sigma[10][16] =
+{
+    {  0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15 } ,
+    { 14, 10,  4,  8,  9, 15, 13,  6,  1, 12,  0,  2, 11,  7,  5,  3 } ,
+    { 11,  8, 12,  0,  5,  2, 15, 13, 10, 14,  3,  6,  7,  1,  9,  4 } ,
+    {  7,  9,  3,  1, 13, 12, 11, 14,  2,  6,  5, 10,  4,  0, 15,  8 } ,
+    {  9,  0,  5,  7,  2,  4, 10, 15, 14,  1, 11, 12,  6,  8,  3, 13 } ,
+    {  2, 12,  6, 10,  0, 11,  8,  3,  4, 13,  7,  5, 15, 14,  1,  9 } ,
+    { 12,  5,  1, 15, 14, 13,  4, 10,  0,  7,  6,  3,  9,  2,  8, 11 } ,
+    { 13, 11,  7, 14, 12,  1,  3,  9,  5,  0, 15,  4,  8,  6,  2, 10 } ,
+    {  6, 15, 14,  9, 11,  3,  0,  8, 12,  2, 13,  7,  1,  4, 10,  5 } ,
+    { 10,  2,  8,  4,  7,  6,  1,  5, 15, 11,  9, 14,  3, 12, 13 , 0 } ,
+};
+
+/* Set that it's the last block we'll compress */
+static ossl_inline void blake2s_set_lastblock(BLAKE2S_CTX *S)
+{
+    S->f[0] = -1;
+}
+
+/* Initialize the hashing state. */
+static ossl_inline void blake2s_init0(BLAKE2S_CTX *S)
+{
+    int i;
+
+    memset(S, 0, sizeof(BLAKE2S_CTX));
+    for (i = 0; i < 8; ++i) {
+        S->h[i] = blake2s_IV[i];
+    }
+}
+
+/* init2 xors IV with input parameter block */
+static void blake2s_init_param(BLAKE2S_CTX *S, const BLAKE2S_PARAM *P)
+{
+    const uint8_t *p = (const uint8_t *)(P);
+    size_t i;
+
+    /* The param struct is carefully hand packed, and should be 32 bytes on
+     * every platform. */
+    assert(sizeof(BLAKE2S_PARAM) == 32);
+    blake2s_init0(S);
+    /* IV XOR ParamBlock */
+    for (i = 0; i < 8; ++i) {
+        S->h[i] ^= load32(&p[i*4]);
+    }
+}
+
+/* Initialize the hashing context.  Always returns 1. */
+int BLAKE2s_Init(BLAKE2S_CTX *c)
+{
+    BLAKE2S_PARAM P[1];
+
+    P->digest_length = BLAKE2S_DIGEST_LENGTH;
+    P->key_length    = 0;
+    P->fanout        = 1;
+    P->depth         = 1;
+    store32(P->leaf_length, 0);
+    store48(P->node_offset, 0);
+    P->node_depth    = 0;
+    P->inner_length  = 0;
+    memset(P->salt,     0, sizeof(P->salt));
+    memset(P->personal, 0, sizeof(P->personal));
+    blake2s_init_param(c, P);
+    return 1;
+}
+
+/* Permute the state while xoring in the block of data. */
+static void blake2s_compress(BLAKE2S_CTX *S,
+                            const uint8_t *blocks,
+                            size_t len)
+{
+    uint32_t m[16];
+    uint32_t v[16];
+    size_t i;
+    size_t increment;
+
+    /*
+     * There are two distinct usage vectors for this function:
+     *
+     * a) BLAKE2s_Update uses it to process complete blocks,
+     *    possibly more than one at a time;
+     *
+     * b) BLAK2s_Final uses it to process last block, always
+     *    single but possibly incomplete, in which case caller
+     *    pads input with zeros.
+     */
+    assert(len < BLAKE2S_BLOCKBYTES || len % BLAKE2S_BLOCKBYTES == 0);
+
+    /*
+     * Since last block is always processed with separate call,
+     * |len| not being multiple of complete blocks can be observed
+     * only with |len| being less than BLAKE2S_BLOCKBYTES ("less"
+     * including even zero), which is why following assignment doesn't
+     * have to reside inside the main loop below.
+     */
+    increment = len < BLAKE2S_BLOCKBYTES ? len : BLAKE2S_BLOCKBYTES;
+
+    for (i = 0; i < 8; ++i) {
+        v[i] = S->h[i];
+    }
+
+    do {
+        for (i = 0; i < 16; ++i) {
+            m[i] = load32(blocks + i * sizeof(m[i]));
+        }
+
+        /* blake2s_increment_counter */
+        S->t[0] += increment;
+        S->t[1] += (S->t[0] < increment);
+
+        v[ 8] = blake2s_IV[0];
+        v[ 9] = blake2s_IV[1];
+        v[10] = blake2s_IV[2];
+        v[11] = blake2s_IV[3];
+        v[12] = S->t[0] ^ blake2s_IV[4];
+        v[13] = S->t[1] ^ blake2s_IV[5];
+        v[14] = S->f[0] ^ blake2s_IV[6];
+        v[15] = S->f[1] ^ blake2s_IV[7];
+#define G(r,i,a,b,c,d) \
+        do { \
+            a = a + b + m[blake2s_sigma[r][2*i+0]]; \
+            d = rotr32(d ^ a, 16); \
+            c = c + d; \
+            b = rotr32(b ^ c, 12); \
+            a = a + b + m[blake2s_sigma[r][2*i+1]]; \
+            d = rotr32(d ^ a, 8); \
+            c = c + d; \
+            b = rotr32(b ^ c, 7); \
+        } while (0)
+#define ROUND(r)  \
+        do { \
+            G(r,0,v[ 0],v[ 4],v[ 8],v[12]); \
+            G(r,1,v[ 1],v[ 5],v[ 9],v[13]); \
+            G(r,2,v[ 2],v[ 6],v[10],v[14]); \
+            G(r,3,v[ 3],v[ 7],v[11],v[15]); \
+            G(r,4,v[ 0],v[ 5],v[10],v[15]); \
+            G(r,5,v[ 1],v[ 6],v[11],v[12]); \
+            G(r,6,v[ 2],v[ 7],v[ 8],v[13]); \
+            G(r,7,v[ 3],v[ 4],v[ 9],v[14]); \
+        } while (0)
+#if defined(OPENSSL_SMALL_FOOTPRINT)
+        /* almost 3x reduction on x86_64, 4.5x on ARMv8, 4x on ARMv4 */
+        for (i = 0; i < 10; i++) {
+            ROUND(i);
+        }
+#else
+        ROUND(0);
+        ROUND(1);
+        ROUND(2);
+        ROUND(3);
+        ROUND(4);
+        ROUND(5);
+        ROUND(6);
+        ROUND(7);
+        ROUND(8);
+        ROUND(9);
+#endif
+
+        for (i = 0; i < 8; ++i) {
+            S->h[i] = v[i] ^= v[i + 8] ^ S->h[i];
+        }
+#undef G
+#undef ROUND
+        blocks += increment;
+        len -= increment;
+    } while (len);
+}
+
+/* Absorb the input data into the hash state.  Always returns 1. */
+int BLAKE2s_Update(BLAKE2S_CTX *c, const void *data, size_t datalen)
+{
+    const uint8_t *in = data;
+    size_t fill;
+
+    /*
+     * Intuitively one would expect intermediate buffer, c->buf, to
+     * store incomplete blocks. But in this case we are interested to
+     * temporarily stash even complete blocks, because last one in the
+     * stream has to be treated in special way, and at this point we
+     * don't know if last block in *this* call is last one "ever". This
+     * is the reason for why |datalen| is compared as >, and not >=.
+     */
+    fill = sizeof(c->buf) - c->buflen;
+    if (datalen > fill) {
+        if (c->buflen) {
+            memcpy(c->buf + c->buflen, in, fill); /* Fill buffer */
+            blake2s_compress(c, c->buf, BLAKE2S_BLOCKBYTES);
+            c->buflen = 0;
+            in += fill;
+            datalen -= fill;
+        }
+        if (datalen > BLAKE2S_BLOCKBYTES) {
+            size_t stashlen = datalen % BLAKE2S_BLOCKBYTES;
+            /*
+             * If |datalen| is a multiple of the blocksize, stash
+             * last complete block, it can be final one...
+             */
+            stashlen = stashlen ? stashlen : BLAKE2S_BLOCKBYTES;
+            datalen -= stashlen;
+            blake2s_compress(c, in, datalen);
+            in += datalen;
+            datalen = stashlen;
+        }
+    }
+
+    assert(datalen <= BLAKE2S_BLOCKBYTES);
+
+    memcpy(c->buf + c->buflen, in, datalen);
+    c->buflen += datalen; /* Be lazy, do not compress */
+
+    return 1;
+}
+
+/*
+ * Calculate the final hash and save it in md.
+ * Always returns 1.
+ */
+int BLAKE2s_Final(unsigned char *md, BLAKE2S_CTX *c)
+{
+    int i;
+
+    blake2s_set_lastblock(c);
+    /* Padding */
+    memset(c->buf + c->buflen, 0, sizeof(c->buf) - c->buflen);
+    blake2s_compress(c, c->buf, c->buflen);
+
+    /* Output full hash to temp buffer */
+    for (i = 0; i < 8; ++i) {
+        store32(md + sizeof(c->h[i]) * i, c->h[i]);
+    }
+
+    OPENSSL_cleanse(c, sizeof(BLAKE2S_CTX));
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/blake2/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/blake2/build.info
new file mode 100644
index 000000000..0036f0848
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/blake2/build.info
@@ -0,0 +1,3 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        blake2b.c blake2s.c m_blake2b.c m_blake2s.c
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/blake2/m_blake2b.c b/trunk/3rdparty/openssl-1.1-fit/crypto/blake2/m_blake2b.c
new file mode 100644
index 000000000..c493648c3
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/blake2/m_blake2b.c
@@ -0,0 +1,59 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Derived from the BLAKE2 reference implementation written by Samuel Neves.
+ * Copyright 2012, Samuel Neves <sneves@dei.uc.pt>
+ * More information about the BLAKE2 hash function and its implementations
+ * can be found at https://blake2.net.
+ */
+
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_BLAKE2
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include "blake2_locl.h"
+# include "internal/evp_int.h"
+
+static int init(EVP_MD_CTX *ctx)
+{
+    return BLAKE2b_Init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return BLAKE2b_Update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return BLAKE2b_Final(md, EVP_MD_CTX_md_data(ctx));
+}
+
+static const EVP_MD blake2b_md = {
+    NID_blake2b512,
+    0,
+    BLAKE2B_DIGEST_LENGTH,
+    0,
+    init,
+    update,
+    final,
+    NULL,
+    NULL,
+    BLAKE2B_BLOCKBYTES,
+    sizeof(EVP_MD *) + sizeof(BLAKE2B_CTX),
+};
+
+const EVP_MD *EVP_blake2b512(void)
+{
+    return &blake2b_md;
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/blake2/m_blake2s.c b/trunk/3rdparty/openssl-1.1-fit/crypto/blake2/m_blake2s.c
new file mode 100644
index 000000000..83b2811e4
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/blake2/m_blake2s.c
@@ -0,0 +1,59 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Derived from the BLAKE2 reference implementation written by Samuel Neves.
+ * Copyright 2012, Samuel Neves <sneves@dei.uc.pt>
+ * More information about the BLAKE2 hash function and its implementations
+ * can be found at https://blake2.net.
+ */
+
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_BLAKE2
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include "blake2_locl.h"
+# include "internal/evp_int.h"
+
+static int init(EVP_MD_CTX *ctx)
+{
+    return BLAKE2s_Init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return BLAKE2s_Update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return BLAKE2s_Final(md, EVP_MD_CTX_md_data(ctx));
+}
+
+static const EVP_MD blake2s_md = {
+    NID_blake2s256,
+    0,
+    BLAKE2S_DIGEST_LENGTH,
+    0,
+    init,
+    update,
+    final,
+    NULL,
+    NULL,
+    BLAKE2S_BLOCKBYTES,
+    sizeof(EVP_MD *) + sizeof(BLAKE2S_CTX),
+};
+
+const EVP_MD *EVP_blake2s256(void)
+{
+    return &blake2s_md;
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/README.pod b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/README.pod
new file mode 100644
index 000000000..706a14034
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/README.pod
@@ -0,0 +1,241 @@
+=pod
+
+=head1 NAME
+
+bn_mul_words, bn_mul_add_words, bn_sqr_words, bn_div_words,
+bn_add_words, bn_sub_words, bn_mul_comba4, bn_mul_comba8,
+bn_sqr_comba4, bn_sqr_comba8, bn_cmp_words, bn_mul_normal,
+bn_mul_low_normal, bn_mul_recursive, bn_mul_part_recursive,
+bn_mul_low_recursive, bn_sqr_normal, bn_sqr_recursive,
+bn_expand, bn_wexpand, bn_expand2, bn_fix_top, bn_check_top,
+bn_print, bn_dump, bn_set_max, bn_set_high, bn_set_low - BIGNUM
+library internal functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w);
+ BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num,
+   BN_ULONG w);
+ void     bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num);
+ BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
+ BN_ULONG bn_add_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,
+   int num);
+ BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,
+   int num);
+
+ void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
+ void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
+ void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a);
+ void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a);
+
+ int bn_cmp_words(BN_ULONG *a, BN_ULONG *b, int n);
+
+ void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b,
+   int nb);
+ void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n);
+ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
+   int dna, int dnb, BN_ULONG *tmp);
+ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b,
+   int n, int tna, int tnb, BN_ULONG *tmp);
+ void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b,
+   int n2, BN_ULONG *tmp);
+
+ void bn_sqr_normal(BN_ULONG *r, BN_ULONG *a, int n, BN_ULONG *tmp);
+ void bn_sqr_recursive(BN_ULONG *r, BN_ULONG *a, int n2, BN_ULONG *tmp);
+
+ void mul(BN_ULONG r, BN_ULONG a, BN_ULONG w, BN_ULONG c);
+ void mul_add(BN_ULONG r, BN_ULONG a, BN_ULONG w, BN_ULONG c);
+ void sqr(BN_ULONG r0, BN_ULONG r1, BN_ULONG a);
+
+ BIGNUM *bn_expand(BIGNUM *a, int bits);
+ BIGNUM *bn_wexpand(BIGNUM *a, int n);
+ BIGNUM *bn_expand2(BIGNUM *a, int n);
+ void bn_fix_top(BIGNUM *a);
+
+ void bn_check_top(BIGNUM *a);
+ void bn_print(BIGNUM *a);
+ void bn_dump(BN_ULONG *d, int n);
+ void bn_set_max(BIGNUM *a);
+ void bn_set_high(BIGNUM *r, BIGNUM *a, int n);
+ void bn_set_low(BIGNUM *r, BIGNUM *a, int n);
+
+=head1 DESCRIPTION
+
+This page documents the internal functions used by the OpenSSL
+B<BIGNUM> implementation. They are described here to facilitate
+debugging and extending the library. They are I<not> to be used by
+applications.
+
+=head2 The BIGNUM structure
+
+ typedef struct bignum_st BIGNUM;
+
+ struct bignum_st
+        {
+        BN_ULONG *d;    /* Pointer to an array of 'BN_BITS2' bit chunks. */
+        int top;        /* Index of last used d +1. */
+        /* The next are internal book keeping for bn_expand. */
+        int dmax;       /* Size of the d array. */
+        int neg;        /* one if the number is negative */
+        int flags;
+        };
+
+
+The integer value is stored in B<d>, a malloc()ed array of words (B<BN_ULONG>),
+least significant word first. A B<BN_ULONG> can be either 16, 32 or 64 bits
+in size, depending on the 'number of bits' (B<BITS2>) specified in
+C<openssl/bn.h>.
+
+B<dmax> is the size of the B<d> array that has been allocated.  B<top>
+is the number of words being used, so for a value of 4, bn.d[0]=4 and
+bn.top=1.  B<neg> is 1 if the number is negative.  When a B<BIGNUM> is
+B<0>, the B<d> field can be B<NULL> and B<top> == B<0>.
+
+B<flags> is a bit field of flags which are defined in C<openssl/bn.h>. The
+flags begin with B<BN_FLG_>. The macros BN_set_flags(b, n) and
+BN_get_flags(b, n) exist to enable or fetch flag(s) B<n> from B<BIGNUM>
+structure B<b>.
+
+Various routines in this library require the use of temporary
+B<BIGNUM> variables during their execution.  Since dynamic memory
+allocation to create B<BIGNUM>s is rather expensive when used in
+conjunction with repeated subroutine calls, the B<BN_CTX> structure is
+used.  This structure contains B<BN_CTX_NUM> B<BIGNUM>s, see
+L<BN_CTX_start(3)>.
+
+=head2 Low-level arithmetic operations
+
+These functions are implemented in C and for several platforms in
+assembly language:
+
+bn_mul_words(B<rp>, B<ap>, B<num>, B<w>) operates on the B<num> word
+arrays B<rp> and B<ap>.  It computes B<ap> * B<w>, places the result
+in B<rp>, and returns the high word (carry).
+
+bn_mul_add_words(B<rp>, B<ap>, B<num>, B<w>) operates on the B<num>
+word arrays B<rp> and B<ap>.  It computes B<ap> * B<w> + B<rp>, places
+the result in B<rp>, and returns the high word (carry).
+
+bn_sqr_words(B<rp>, B<ap>, B<n>) operates on the B<num> word array
+B<ap> and the 2*B<num> word array B<ap>.  It computes B<ap> * B<ap>
+word-wise, and places the low and high bytes of the result in B<rp>.
+
+bn_div_words(B<h>, B<l>, B<d>) divides the two word number (B<h>, B<l>)
+by B<d> and returns the result.
+
+bn_add_words(B<rp>, B<ap>, B<bp>, B<num>) operates on the B<num> word
+arrays B<ap>, B<bp> and B<rp>.  It computes B<ap> + B<bp>, places the
+result in B<rp>, and returns the high word (carry).
+
+bn_sub_words(B<rp>, B<ap>, B<bp>, B<num>) operates on the B<num> word
+arrays B<ap>, B<bp> and B<rp>.  It computes B<ap> - B<bp>, places the
+result in B<rp>, and returns the carry (1 if B<bp> E<gt> B<ap>, 0
+otherwise).
+
+bn_mul_comba4(B<r>, B<a>, B<b>) operates on the 4 word arrays B<a> and
+B<b> and the 8 word array B<r>.  It computes B<a>*B<b> and places the
+result in B<r>.
+
+bn_mul_comba8(B<r>, B<a>, B<b>) operates on the 8 word arrays B<a> and
+B<b> and the 16 word array B<r>.  It computes B<a>*B<b> and places the
+result in B<r>.
+
+bn_sqr_comba4(B<r>, B<a>, B<b>) operates on the 4 word arrays B<a> and
+B<b> and the 8 word array B<r>.
+
+bn_sqr_comba8(B<r>, B<a>, B<b>) operates on the 8 word arrays B<a> and
+B<b> and the 16 word array B<r>.
+
+The following functions are implemented in C:
+
+bn_cmp_words(B<a>, B<b>, B<n>) operates on the B<n> word arrays B<a>
+and B<b>.  It returns 1, 0 and -1 if B<a> is greater than, equal and
+less than B<b>.
+
+bn_mul_normal(B<r>, B<a>, B<na>, B<b>, B<nb>) operates on the B<na>
+word array B<a>, the B<nb> word array B<b> and the B<na>+B<nb> word
+array B<r>.  It computes B<a>*B<b> and places the result in B<r>.
+
+bn_mul_low_normal(B<r>, B<a>, B<b>, B<n>) operates on the B<n> word
+arrays B<r>, B<a> and B<b>.  It computes the B<n> low words of
+B<a>*B<b> and places the result in B<r>.
+
+bn_mul_recursive(B<r>, B<a>, B<b>, B<n2>, B<dna>, B<dnb>, B<t>) operates
+on the word arrays B<a> and B<b> of length B<n2>+B<dna> and B<n2>+B<dnb>
+(B<dna> and B<dnb> are currently allowed to be 0 or negative) and the 2*B<n2>
+word arrays B<r> and B<t>.  B<n2> must be a power of 2.  It computes
+B<a>*B<b> and places the result in B<r>.
+
+bn_mul_part_recursive(B<r>, B<a>, B<b>, B<n>, B<tna>, B<tnb>, B<tmp>)
+operates on the word arrays B<a> and B<b> of length B<n>+B<tna> and
+B<n>+B<tnb> and the 4*B<n> word arrays B<r> and B<tmp>.
+
+bn_mul_low_recursive(B<r>, B<a>, B<b>, B<n2>, B<tmp>) operates on the
+B<n2> word arrays B<r> and B<tmp> and the B<n2>/2 word arrays B<a>
+and B<b>.
+
+BN_mul() calls bn_mul_normal(), or an optimized implementation if the
+factors have the same size: bn_mul_comba8() is used if they are 8
+words long, bn_mul_recursive() if they are larger than
+B<BN_MULL_SIZE_NORMAL> and the size is an exact multiple of the word
+size, and bn_mul_part_recursive() for others that are larger than
+B<BN_MULL_SIZE_NORMAL>.
+
+bn_sqr_normal(B<r>, B<a>, B<n>, B<tmp>) operates on the B<n> word array
+B<a> and the 2*B<n> word arrays B<tmp> and B<r>.
+
+The implementations use the following macros which, depending on the
+architecture, may use "long long" C operations or inline assembler.
+They are defined in C<bn_lcl.h>.
+
+mul(B<r>, B<a>, B<w>, B<c>) computes B<w>*B<a>+B<c> and places the
+low word of the result in B<r> and the high word in B<c>.
+
+mul_add(B<r>, B<a>, B<w>, B<c>) computes B<w>*B<a>+B<r>+B<c> and
+places the low word of the result in B<r> and the high word in B<c>.
+
+sqr(B<r0>, B<r1>, B<a>) computes B<a>*B<a> and places the low word
+of the result in B<r0> and the high word in B<r1>.
+
+=head2 Size changes
+
+bn_expand() ensures that B<b> has enough space for a B<bits> bit
+number.  bn_wexpand() ensures that B<b> has enough space for an
+B<n> word number.  If the number has to be expanded, both macros
+call bn_expand2(), which allocates a new B<d> array and copies the
+data.  They return B<NULL> on error, B<b> otherwise.
+
+The bn_fix_top() macro reduces B<a-E<gt>top> to point to the most
+significant non-zero word plus one when B<a> has shrunk.
+
+=head2 Debugging
+
+bn_check_top() verifies that C<((a)-E<gt>top E<gt>= 0 && (a)-E<gt>top
+E<lt>= (a)-E<gt>dmax)>.  A violation will cause the program to abort.
+
+bn_print() prints B<a> to stderr. bn_dump() prints B<n> words at B<d>
+(in reverse order, i.e. most significant word first) to stderr.
+
+bn_set_max() makes B<a> a static number with a B<dmax> of its current size.
+This is used by bn_set_low() and bn_set_high() to make B<r> a read-only
+B<BIGNUM> that contains the B<n> low or high words of B<a>.
+
+If B<BN_DEBUG> is not defined, bn_check_top(), bn_print(), bn_dump()
+and bn_set_max() are defined as empty macros.
+
+=head1 SEE ALSO
+
+L<bn(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/alpha-mont.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/alpha-mont.pl
new file mode 100644
index 000000000..c9b962a15
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/alpha-mont.pl
@@ -0,0 +1,328 @@
+#! /usr/bin/env perl
+# Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# On 21264 RSA sign performance improves by 70/35/20/15 percent for
+# 512/1024/2048/4096 bit key lengths. This is against vendor compiler
+# instructed to '-tune host' code with in-line assembler. Other
+# benchmarks improve by 15-20%. To anchor it to something else, the
+# code provides approximately the same performance per GHz as AMD64.
+# I.e. if you compare 1GHz 21264 and 2GHz Opteron, you'll observe ~2x
+# difference.
+
+$output=pop;
+open STDOUT,">$output";
+
+# int bn_mul_mont(
+$rp="a0";	# BN_ULONG *rp,
+$ap="a1";	# const BN_ULONG *ap,
+$bp="a2";	# const BN_ULONG *bp,
+$np="a3";	# const BN_ULONG *np,
+$n0="a4";	# const BN_ULONG *n0,
+$num="a5";	# int num);
+
+$lo0="t0";
+$hi0="t1";
+$lo1="t2";
+$hi1="t3";
+$aj="t4";
+$bi="t5";
+$nj="t6";
+$tp="t7";
+$alo="t8";
+$ahi="t9";
+$nlo="t10";
+$nhi="t11";
+$tj="t12";
+$i="s3";
+$j="s4";
+$m1="s5";
+
+$code=<<___;
+#ifdef __linux__
+#include <asm/regdef.h>
+#else
+#include <asm.h>
+#include <regdef.h>
+#endif
+
+.text
+
+.set	noat
+.set	noreorder
+
+.globl	bn_mul_mont
+.align	5
+.ent	bn_mul_mont
+bn_mul_mont:
+	lda	sp,-48(sp)
+	stq	ra,0(sp)
+	stq	s3,8(sp)
+	stq	s4,16(sp)
+	stq	s5,24(sp)
+	stq	fp,32(sp)
+	mov	sp,fp
+	.mask	0x0400f000,-48
+	.frame	fp,48,ra
+	.prologue 0
+
+	.align	4
+	.set	reorder
+	sextl	$num,$num
+	mov	0,v0
+	cmplt	$num,4,AT
+	bne	AT,.Lexit
+
+	ldq	$hi0,0($ap)	# ap[0]
+	s8addq	$num,16,AT
+	ldq	$aj,8($ap)
+	subq	sp,AT,sp
+	ldq	$bi,0($bp)	# bp[0]
+	lda	AT,-4096(zero)	# mov	-4096,AT
+	ldq	$n0,0($n0)
+	and	sp,AT,sp
+
+	mulq	$hi0,$bi,$lo0
+	ldq	$hi1,0($np)	# np[0]
+	umulh	$hi0,$bi,$hi0
+	ldq	$nj,8($np)
+
+	mulq	$lo0,$n0,$m1
+
+	mulq	$hi1,$m1,$lo1
+	umulh	$hi1,$m1,$hi1
+
+	addq	$lo1,$lo0,$lo1
+	cmpult	$lo1,$lo0,AT
+	addq	$hi1,AT,$hi1
+
+	mulq	$aj,$bi,$alo
+	mov	2,$j
+	umulh	$aj,$bi,$ahi
+	mov	sp,$tp
+
+	mulq	$nj,$m1,$nlo
+	s8addq	$j,$ap,$aj
+	umulh	$nj,$m1,$nhi
+	s8addq	$j,$np,$nj
+.align	4
+.L1st:
+	.set	noreorder
+	ldq	$aj,0($aj)
+	addl	$j,1,$j
+	ldq	$nj,0($nj)
+	lda	$tp,8($tp)
+
+	addq	$alo,$hi0,$lo0
+	mulq	$aj,$bi,$alo
+	cmpult	$lo0,$hi0,AT
+	addq	$nlo,$hi1,$lo1
+
+	mulq	$nj,$m1,$nlo
+	addq	$ahi,AT,$hi0
+	cmpult	$lo1,$hi1,v0
+	cmplt	$j,$num,$tj
+
+	umulh	$aj,$bi,$ahi
+	addq	$nhi,v0,$hi1
+	addq	$lo1,$lo0,$lo1
+	s8addq	$j,$ap,$aj
+
+	umulh	$nj,$m1,$nhi
+	cmpult	$lo1,$lo0,v0
+	addq	$hi1,v0,$hi1
+	s8addq	$j,$np,$nj
+
+	stq	$lo1,-8($tp)
+	nop
+	unop
+	bne	$tj,.L1st
+	.set	reorder
+
+	addq	$alo,$hi0,$lo0
+	addq	$nlo,$hi1,$lo1
+	cmpult	$lo0,$hi0,AT
+	cmpult	$lo1,$hi1,v0
+	addq	$ahi,AT,$hi0
+	addq	$nhi,v0,$hi1
+
+	addq	$lo1,$lo0,$lo1
+	cmpult	$lo1,$lo0,v0
+	addq	$hi1,v0,$hi1
+
+	stq	$lo1,0($tp)
+
+	addq	$hi1,$hi0,$hi1
+	cmpult	$hi1,$hi0,AT
+	stq	$hi1,8($tp)
+	stq	AT,16($tp)
+
+	mov	1,$i
+.align	4
+.Louter:
+	s8addq	$i,$bp,$bi
+	ldq	$hi0,0($ap)
+	ldq	$aj,8($ap)
+	ldq	$bi,0($bi)
+	ldq	$hi1,0($np)
+	ldq	$nj,8($np)
+	ldq	$tj,0(sp)
+
+	mulq	$hi0,$bi,$lo0
+	umulh	$hi0,$bi,$hi0
+
+	addq	$lo0,$tj,$lo0
+	cmpult	$lo0,$tj,AT
+	addq	$hi0,AT,$hi0
+
+	mulq	$lo0,$n0,$m1
+
+	mulq	$hi1,$m1,$lo1
+	umulh	$hi1,$m1,$hi1
+
+	addq	$lo1,$lo0,$lo1
+	cmpult	$lo1,$lo0,AT
+	mov	2,$j
+	addq	$hi1,AT,$hi1
+
+	mulq	$aj,$bi,$alo
+	mov	sp,$tp
+	umulh	$aj,$bi,$ahi
+
+	mulq	$nj,$m1,$nlo
+	s8addq	$j,$ap,$aj
+	umulh	$nj,$m1,$nhi
+.align	4
+.Linner:
+	.set	noreorder
+	ldq	$tj,8($tp)	#L0
+	nop			#U1
+	ldq	$aj,0($aj)	#L1
+	s8addq	$j,$np,$nj	#U0
+
+	ldq	$nj,0($nj)	#L0
+	nop			#U1
+	addq	$alo,$hi0,$lo0	#L1
+	lda	$tp,8($tp)
+
+	mulq	$aj,$bi,$alo	#U1
+	cmpult	$lo0,$hi0,AT	#L0
+	addq	$nlo,$hi1,$lo1	#L1
+	addl	$j,1,$j
+
+	mulq	$nj,$m1,$nlo	#U1
+	addq	$ahi,AT,$hi0	#L0
+	addq	$lo0,$tj,$lo0	#L1
+	cmpult	$lo1,$hi1,v0	#U0
+
+	umulh	$aj,$bi,$ahi	#U1
+	cmpult	$lo0,$tj,AT	#L0
+	addq	$lo1,$lo0,$lo1	#L1
+	addq	$nhi,v0,$hi1	#U0
+
+	umulh	$nj,$m1,$nhi	#U1
+	s8addq	$j,$ap,$aj	#L0
+	cmpult	$lo1,$lo0,v0	#L1
+	cmplt	$j,$num,$tj	#U0	# borrow $tj
+
+	addq	$hi0,AT,$hi0	#L0
+	addq	$hi1,v0,$hi1	#U1
+	stq	$lo1,-8($tp)	#L1
+	bne	$tj,.Linner	#U0
+	.set	reorder
+
+	ldq	$tj,8($tp)
+	addq	$alo,$hi0,$lo0
+	addq	$nlo,$hi1,$lo1
+	cmpult	$lo0,$hi0,AT
+	cmpult	$lo1,$hi1,v0
+	addq	$ahi,AT,$hi0
+	addq	$nhi,v0,$hi1
+
+	addq	$lo0,$tj,$lo0
+	cmpult	$lo0,$tj,AT
+	addq	$hi0,AT,$hi0
+
+	ldq	$tj,16($tp)
+	addq	$lo1,$lo0,$j
+	cmpult	$j,$lo0,v0
+	addq	$hi1,v0,$hi1
+
+	addq	$hi1,$hi0,$lo1
+	stq	$j,0($tp)
+	cmpult	$lo1,$hi0,$hi1
+	addq	$lo1,$tj,$lo1
+	cmpult	$lo1,$tj,AT
+	addl	$i,1,$i
+	addq	$hi1,AT,$hi1
+	stq	$lo1,8($tp)
+	cmplt	$i,$num,$tj	# borrow $tj
+	stq	$hi1,16($tp)
+	bne	$tj,.Louter
+
+	s8addq	$num,sp,$tj	# &tp[num]
+	mov	$rp,$bp		# put rp aside
+	mov	sp,$tp
+	mov	sp,$ap
+	mov	0,$hi0		# clear borrow bit
+
+.align	4
+.Lsub:	ldq	$lo0,0($tp)
+	ldq	$lo1,0($np)
+	lda	$tp,8($tp)
+	lda	$np,8($np)
+	subq	$lo0,$lo1,$lo1	# tp[i]-np[i]
+	cmpult	$lo0,$lo1,AT
+	subq	$lo1,$hi0,$lo0
+	cmpult	$lo1,$lo0,$hi0
+	or	$hi0,AT,$hi0
+	stq	$lo0,0($rp)
+	cmpult	$tp,$tj,v0
+	lda	$rp,8($rp)
+	bne	v0,.Lsub
+
+	subq	$hi1,$hi0,$hi0	# handle upmost overflow bit
+	mov	sp,$tp
+	mov	$bp,$rp		# restore rp
+
+.align	4
+.Lcopy:	ldq	$aj,0($tp)	# conditional copy
+	ldq	$nj,0($rp)
+	lda	$tp,8($tp)
+	lda	$rp,8($rp)
+	cmoveq	$hi0,$nj,$aj
+	stq	zero,-8($tp)	# zap tp
+	cmpult	$tp,$tj,AT
+	stq	$aj,-8($rp)
+	bne	AT,.Lcopy
+	mov	1,v0
+
+.Lexit:
+	.set	noreorder
+	mov	fp,sp
+	/*ldq	ra,0(sp)*/
+	ldq	s3,8(sp)
+	ldq	s4,16(sp)
+	ldq	s5,24(sp)
+	ldq	fp,32(sp)
+	lda	sp,48(sp)
+	ret	(ra)
+.end	bn_mul_mont
+.ascii	"Montgomery Multiplication for Alpha, CRYPTOGAMS by <appro\@openssl.org>"
+.align	2
+___
+
+print $code;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/armv4-gf2m.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/armv4-gf2m.pl
new file mode 100644
index 000000000..7a0cdb2e8
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/armv4-gf2m.pl
@@ -0,0 +1,332 @@
+#! /usr/bin/env perl
+# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# May 2011
+#
+# The module implements bn_GF2m_mul_2x2 polynomial multiplication
+# used in bn_gf2m.c. It's kind of low-hanging mechanical port from
+# C for the time being... Except that it has two code paths: pure
+# integer code suitable for any ARMv4 and later CPU and NEON code
+# suitable for ARMv7. Pure integer 1x1 multiplication subroutine runs
+# in ~45 cycles on dual-issue core such as Cortex A8, which is ~50%
+# faster than compiler-generated code. For ECDH and ECDSA verify (but
+# not for ECDSA sign) it means 25%-45% improvement depending on key
+# length, more for longer keys. Even though NEON 1x1 multiplication
+# runs in even less cycles, ~30, improvement is measurable only on
+# longer keys. One has to optimize code elsewhere to get NEON glow...
+#
+# April 2014
+#
+# Double bn_GF2m_mul_2x2 performance by using algorithm from paper
+# referred below, which improves ECDH and ECDSA verify benchmarks
+# by 18-40%.
+#
+# Câmara, D.; Gouvêa, C. P. L.; López, J. & Dahab, R.: Fast Software
+# Polynomial Multiplication on ARM Processors using the NEON Engine.
+#
+# http://conradoplg.cryptoland.net/files/2010/12/mocrysen13.pdf
+
+$flavour = shift;
+if ($flavour=~/\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; }
+else { while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} }
+
+if ($flavour && $flavour ne "void") {
+    $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+    ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
+    ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
+    die "can't locate arm-xlate.pl";
+
+    open STDOUT,"| \"$^X\" $xlate $flavour $output";
+} else {
+    open STDOUT,">$output";
+}
+
+$code=<<___;
+#include "arm_arch.h"
+
+.text
+#if defined(__thumb2__)
+.syntax	unified
+.thumb
+#else
+.code	32
+#endif
+___
+################
+# private interface to mul_1x1_ialu
+#
+$a="r1";
+$b="r0";
+
+($a0,$a1,$a2,$a12,$a4,$a14)=
+($hi,$lo,$t0,$t1, $i0,$i1 )=map("r$_",(4..9),12);
+
+$mask="r12";
+
+$code.=<<___;
+.type	mul_1x1_ialu,%function
+.align	5
+mul_1x1_ialu:
+	mov	$a0,#0
+	bic	$a1,$a,#3<<30		@ a1=a&0x3fffffff
+	str	$a0,[sp,#0]		@ tab[0]=0
+	add	$a2,$a1,$a1		@ a2=a1<<1
+	str	$a1,[sp,#4]		@ tab[1]=a1
+	eor	$a12,$a1,$a2		@ a1^a2
+	str	$a2,[sp,#8]		@ tab[2]=a2
+	mov	$a4,$a1,lsl#2		@ a4=a1<<2
+	str	$a12,[sp,#12]		@ tab[3]=a1^a2
+	eor	$a14,$a1,$a4		@ a1^a4
+	str	$a4,[sp,#16]		@ tab[4]=a4
+	eor	$a0,$a2,$a4		@ a2^a4
+	str	$a14,[sp,#20]		@ tab[5]=a1^a4
+	eor	$a12,$a12,$a4		@ a1^a2^a4
+	str	$a0,[sp,#24]		@ tab[6]=a2^a4
+	and	$i0,$mask,$b,lsl#2
+	str	$a12,[sp,#28]		@ tab[7]=a1^a2^a4
+
+	and	$i1,$mask,$b,lsr#1
+	ldr	$lo,[sp,$i0]		@ tab[b       & 0x7]
+	and	$i0,$mask,$b,lsr#4
+	ldr	$t1,[sp,$i1]		@ tab[b >>  3 & 0x7]
+	and	$i1,$mask,$b,lsr#7
+	ldr	$t0,[sp,$i0]		@ tab[b >>  6 & 0x7]
+	eor	$lo,$lo,$t1,lsl#3	@ stall
+	mov	$hi,$t1,lsr#29
+	ldr	$t1,[sp,$i1]		@ tab[b >>  9 & 0x7]
+
+	and	$i0,$mask,$b,lsr#10
+	eor	$lo,$lo,$t0,lsl#6
+	eor	$hi,$hi,$t0,lsr#26
+	ldr	$t0,[sp,$i0]		@ tab[b >> 12 & 0x7]
+
+	and	$i1,$mask,$b,lsr#13
+	eor	$lo,$lo,$t1,lsl#9
+	eor	$hi,$hi,$t1,lsr#23
+	ldr	$t1,[sp,$i1]		@ tab[b >> 15 & 0x7]
+
+	and	$i0,$mask,$b,lsr#16
+	eor	$lo,$lo,$t0,lsl#12
+	eor	$hi,$hi,$t0,lsr#20
+	ldr	$t0,[sp,$i0]		@ tab[b >> 18 & 0x7]
+
+	and	$i1,$mask,$b,lsr#19
+	eor	$lo,$lo,$t1,lsl#15
+	eor	$hi,$hi,$t1,lsr#17
+	ldr	$t1,[sp,$i1]		@ tab[b >> 21 & 0x7]
+
+	and	$i0,$mask,$b,lsr#22
+	eor	$lo,$lo,$t0,lsl#18
+	eor	$hi,$hi,$t0,lsr#14
+	ldr	$t0,[sp,$i0]		@ tab[b >> 24 & 0x7]
+
+	and	$i1,$mask,$b,lsr#25
+	eor	$lo,$lo,$t1,lsl#21
+	eor	$hi,$hi,$t1,lsr#11
+	ldr	$t1,[sp,$i1]		@ tab[b >> 27 & 0x7]
+
+	tst	$a,#1<<30
+	and	$i0,$mask,$b,lsr#28
+	eor	$lo,$lo,$t0,lsl#24
+	eor	$hi,$hi,$t0,lsr#8
+	ldr	$t0,[sp,$i0]		@ tab[b >> 30      ]
+
+#ifdef	__thumb2__
+	itt	ne
+#endif
+	eorne	$lo,$lo,$b,lsl#30
+	eorne	$hi,$hi,$b,lsr#2
+	tst	$a,#1<<31
+	eor	$lo,$lo,$t1,lsl#27
+	eor	$hi,$hi,$t1,lsr#5
+#ifdef	__thumb2__
+	itt	ne
+#endif
+	eorne	$lo,$lo,$b,lsl#31
+	eorne	$hi,$hi,$b,lsr#1
+	eor	$lo,$lo,$t0,lsl#30
+	eor	$hi,$hi,$t0,lsr#2
+
+	mov	pc,lr
+.size	mul_1x1_ialu,.-mul_1x1_ialu
+___
+################
+# void	bn_GF2m_mul_2x2(BN_ULONG *r,
+#	BN_ULONG a1,BN_ULONG a0,
+#	BN_ULONG b1,BN_ULONG b0);	# r[3..0]=a1a0·b1b0
+{
+$code.=<<___;
+.global	bn_GF2m_mul_2x2
+.type	bn_GF2m_mul_2x2,%function
+.align	5
+bn_GF2m_mul_2x2:
+#if __ARM_MAX_ARCH__>=7
+	stmdb	sp!,{r10,lr}
+	ldr	r12,.LOPENSSL_armcap
+	adr	r10,.LOPENSSL_armcap
+	ldr	r12,[r12,r10]
+#ifdef	__APPLE__
+	ldr	r12,[r12]
+#endif
+	tst	r12,#ARMV7_NEON
+	itt	ne
+	ldrne	r10,[sp],#8
+	bne	.LNEON
+	stmdb	sp!,{r4-r9}
+#else
+	stmdb	sp!,{r4-r10,lr}
+#endif
+___
+$ret="r10";	# reassigned 1st argument
+$code.=<<___;
+	mov	$ret,r0			@ reassign 1st argument
+	mov	$b,r3			@ $b=b1
+	sub	r7,sp,#36
+	mov	r8,sp
+	and	r7,r7,#-32
+	ldr	r3,[sp,#32]		@ load b0
+	mov	$mask,#7<<2
+	mov	sp,r7			@ allocate tab[8]
+	str	r8,[r7,#32]
+
+	bl	mul_1x1_ialu		@ a1·b1
+	str	$lo,[$ret,#8]
+	str	$hi,[$ret,#12]
+
+	eor	$b,$b,r3		@ flip b0 and b1
+	 eor	$a,$a,r2		@ flip a0 and a1
+	eor	r3,r3,$b
+	 eor	r2,r2,$a
+	eor	$b,$b,r3
+	 eor	$a,$a,r2
+	bl	mul_1x1_ialu		@ a0·b0
+	str	$lo,[$ret]
+	str	$hi,[$ret,#4]
+
+	eor	$a,$a,r2
+	eor	$b,$b,r3
+	bl	mul_1x1_ialu		@ (a1+a0)·(b1+b0)
+___
+@r=map("r$_",(6..9));
+$code.=<<___;
+	ldmia	$ret,{@r[0]-@r[3]}
+	eor	$lo,$lo,$hi
+	ldr	sp,[sp,#32]		@ destroy tab[8]
+	eor	$hi,$hi,@r[1]
+	eor	$lo,$lo,@r[0]
+	eor	$hi,$hi,@r[2]
+	eor	$lo,$lo,@r[3]
+	eor	$hi,$hi,@r[3]
+	str	$hi,[$ret,#8]
+	eor	$lo,$lo,$hi
+	str	$lo,[$ret,#4]
+
+#if __ARM_ARCH__>=5
+	ldmia	sp!,{r4-r10,pc}
+#else
+	ldmia	sp!,{r4-r10,lr}
+	tst	lr,#1
+	moveq	pc,lr			@ be binary compatible with V4, yet
+	bx	lr			@ interoperable with Thumb ISA:-)
+#endif
+___
+}
+{
+my ($r,$t0,$t1,$t2,$t3)=map("q$_",(0..3,8..12));
+my ($a,$b,$k48,$k32,$k16)=map("d$_",(26..31));
+
+$code.=<<___;
+#if __ARM_MAX_ARCH__>=7
+.arch	armv7-a
+.fpu	neon
+
+.align	5
+.LNEON:
+	ldr		r12, [sp]		@ 5th argument
+	vmov		$a, r2, r1
+	vmov		$b, r12, r3
+	vmov.i64	$k48, #0x0000ffffffffffff
+	vmov.i64	$k32, #0x00000000ffffffff
+	vmov.i64	$k16, #0x000000000000ffff
+
+	vext.8		$t0#lo, $a, $a, #1	@ A1
+	vmull.p8	$t0, $t0#lo, $b		@ F = A1*B
+	vext.8		$r#lo, $b, $b, #1	@ B1
+	vmull.p8	$r, $a, $r#lo		@ E = A*B1
+	vext.8		$t1#lo, $a, $a, #2	@ A2
+	vmull.p8	$t1, $t1#lo, $b		@ H = A2*B
+	vext.8		$t3#lo, $b, $b, #2	@ B2
+	vmull.p8	$t3, $a, $t3#lo		@ G = A*B2
+	vext.8		$t2#lo, $a, $a, #3	@ A3
+	veor		$t0, $t0, $r		@ L = E + F
+	vmull.p8	$t2, $t2#lo, $b		@ J = A3*B
+	vext.8		$r#lo, $b, $b, #3	@ B3
+	veor		$t1, $t1, $t3		@ M = G + H
+	vmull.p8	$r, $a, $r#lo		@ I = A*B3
+	veor		$t0#lo, $t0#lo, $t0#hi	@ t0 = (L) (P0 + P1) << 8
+	vand		$t0#hi, $t0#hi, $k48
+	vext.8		$t3#lo, $b, $b, #4	@ B4
+	veor		$t1#lo, $t1#lo, $t1#hi	@ t1 = (M) (P2 + P3) << 16
+	vand		$t1#hi, $t1#hi, $k32
+	vmull.p8	$t3, $a, $t3#lo		@ K = A*B4
+	veor		$t2, $t2, $r		@ N = I + J
+	veor		$t0#lo, $t0#lo, $t0#hi
+	veor		$t1#lo, $t1#lo, $t1#hi
+	veor		$t2#lo, $t2#lo, $t2#hi	@ t2 = (N) (P4 + P5) << 24
+	vand		$t2#hi, $t2#hi, $k16
+	vext.8		$t0, $t0, $t0, #15
+	veor		$t3#lo, $t3#lo, $t3#hi	@ t3 = (K) (P6 + P7) << 32
+	vmov.i64	$t3#hi, #0
+	vext.8		$t1, $t1, $t1, #14
+	veor		$t2#lo, $t2#lo, $t2#hi
+	vmull.p8	$r, $a, $b		@ D = A*B
+	vext.8		$t3, $t3, $t3, #12
+	vext.8		$t2, $t2, $t2, #13
+	veor		$t0, $t0, $t1
+	veor		$t2, $t2, $t3
+	veor		$r, $r, $t0
+	veor		$r, $r, $t2
+
+	vst1.32		{$r}, [r0]
+	ret		@ bx lr
+#endif
+___
+}
+$code.=<<___;
+.size	bn_GF2m_mul_2x2,.-bn_GF2m_mul_2x2
+#if __ARM_MAX_ARCH__>=7
+.align	5
+.LOPENSSL_armcap:
+.word	OPENSSL_armcap_P-.
+#endif
+.asciz	"GF(2^m) Multiplication for ARMv4/NEON, CRYPTOGAMS by <appro\@openssl.org>"
+.align	5
+
+#if __ARM_MAX_ARCH__>=7
+.comm	OPENSSL_armcap_P,4,4
+#endif
+___
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/geo;
+
+	s/\bq([0-9]+)#(lo|hi)/sprintf "d%d",2*$1+($2 eq "hi")/geo	or
+	s/\bret\b/bx	lr/go		or
+	s/\bbx\s+lr\b/.word\t0xe12fff1e/go;    # make it possible to compile with -march=armv4
+
+	print $_,"\n";
+}
+close STDOUT;   # enforce flush
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/armv4-mont.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/armv4-mont.pl
new file mode 100644
index 000000000..6bedc62ba
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/armv4-mont.pl
@@ -0,0 +1,757 @@
+#! /usr/bin/env perl
+# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# January 2007.
+
+# Montgomery multiplication for ARMv4.
+#
+# Performance improvement naturally varies among CPU implementations
+# and compilers. The code was observed to provide +65-35% improvement
+# [depending on key length, less for longer keys] on ARM920T, and
+# +115-80% on Intel IXP425. This is compared to pre-bn_mul_mont code
+# base and compiler generated code with in-lined umull and even umlal
+# instructions. The latter means that this code didn't really have an
+# "advantage" of utilizing some "secret" instruction.
+#
+# The code is interoperable with Thumb ISA and is rather compact, less
+# than 1/2KB. Windows CE port would be trivial, as it's exclusively
+# about decorations, ABI and instruction syntax are identical.
+
+# November 2013
+#
+# Add NEON code path, which handles lengths divisible by 8. RSA/DSA
+# performance improvement on Cortex-A8 is ~45-100% depending on key
+# length, more for longer keys. On Cortex-A15 the span is ~10-105%.
+# On Snapdragon S4 improvement was measured to vary from ~70% to
+# incredible ~380%, yes, 4.8x faster, for RSA4096 sign. But this is
+# rather because original integer-only code seems to perform
+# suboptimally on S4. Situation on Cortex-A9 is unfortunately
+# different. It's being looked into, but the trouble is that
+# performance for vectors longer than 256 bits is actually couple
+# of percent worse than for integer-only code. The code is chosen
+# for execution on all NEON-capable processors, because gain on
+# others outweighs the marginal loss on Cortex-A9.
+
+# September 2015
+#
+# Align Cortex-A9 performance with November 2013 improvements, i.e.
+# NEON code is now ~20-105% faster than integer-only one on this
+# processor. But this optimization further improved performance even
+# on other processors: NEON code path is ~45-180% faster than original
+# integer-only on Cortex-A8, ~10-210% on Cortex-A15, ~70-450% on
+# Snapdragon S4.
+
+$flavour = shift;
+if ($flavour=~/\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; }
+else { while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} }
+
+if ($flavour && $flavour ne "void") {
+    $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+    ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
+    ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
+    die "can't locate arm-xlate.pl";
+
+    open STDOUT,"| \"$^X\" $xlate $flavour $output";
+} else {
+    open STDOUT,">$output";
+}
+
+$num="r0";	# starts as num argument, but holds &tp[num-1]
+$ap="r1";
+$bp="r2"; $bi="r2"; $rp="r2";
+$np="r3";
+$tp="r4";
+$aj="r5";
+$nj="r6";
+$tj="r7";
+$n0="r8";
+###########	# r9 is reserved by ELF as platform specific, e.g. TLS pointer
+$alo="r10";	# sl, gcc uses it to keep @GOT
+$ahi="r11";	# fp
+$nlo="r12";	# ip
+###########	# r13 is stack pointer
+$nhi="r14";	# lr
+###########	# r15 is program counter
+
+#### argument block layout relative to &tp[num-1], a.k.a. $num
+$_rp="$num,#12*4";
+# ap permanently resides in r1
+$_bp="$num,#13*4";
+# np permanently resides in r3
+$_n0="$num,#14*4";
+$_num="$num,#15*4";	$_bpend=$_num;
+
+$code=<<___;
+#include "arm_arch.h"
+
+.text
+#if defined(__thumb2__)
+.syntax	unified
+.thumb
+#else
+.code	32
+#endif
+
+#if __ARM_MAX_ARCH__>=7
+.align	5
+.LOPENSSL_armcap:
+.word	OPENSSL_armcap_P-.Lbn_mul_mont
+#endif
+
+.global	bn_mul_mont
+.type	bn_mul_mont,%function
+
+.align	5
+bn_mul_mont:
+.Lbn_mul_mont:
+	ldr	ip,[sp,#4]		@ load num
+	stmdb	sp!,{r0,r2}		@ sp points at argument block
+#if __ARM_MAX_ARCH__>=7
+	tst	ip,#7
+	bne	.Lialu
+	adr	r0,.Lbn_mul_mont
+	ldr	r2,.LOPENSSL_armcap
+	ldr	r0,[r0,r2]
+#ifdef	__APPLE__
+	ldr	r0,[r0]
+#endif
+	tst	r0,#ARMV7_NEON		@ NEON available?
+	ldmia	sp, {r0,r2}
+	beq	.Lialu
+	add	sp,sp,#8
+	b	bn_mul8x_mont_neon
+.align	4
+.Lialu:
+#endif
+	cmp	ip,#2
+	mov	$num,ip			@ load num
+#ifdef	__thumb2__
+	ittt	lt
+#endif
+	movlt	r0,#0
+	addlt	sp,sp,#2*4
+	blt	.Labrt
+
+	stmdb	sp!,{r4-r12,lr}		@ save 10 registers
+
+	mov	$num,$num,lsl#2		@ rescale $num for byte count
+	sub	sp,sp,$num		@ alloca(4*num)
+	sub	sp,sp,#4		@ +extra dword
+	sub	$num,$num,#4		@ "num=num-1"
+	add	$tp,$bp,$num		@ &bp[num-1]
+
+	add	$num,sp,$num		@ $num to point at &tp[num-1]
+	ldr	$n0,[$_n0]		@ &n0
+	ldr	$bi,[$bp]		@ bp[0]
+	ldr	$aj,[$ap],#4		@ ap[0],ap++
+	ldr	$nj,[$np],#4		@ np[0],np++
+	ldr	$n0,[$n0]		@ *n0
+	str	$tp,[$_bpend]		@ save &bp[num]
+
+	umull	$alo,$ahi,$aj,$bi	@ ap[0]*bp[0]
+	str	$n0,[$_n0]		@ save n0 value
+	mul	$n0,$alo,$n0		@ "tp[0]"*n0
+	mov	$nlo,#0
+	umlal	$alo,$nlo,$nj,$n0	@ np[0]*n0+"t[0]"
+	mov	$tp,sp
+
+.L1st:
+	ldr	$aj,[$ap],#4		@ ap[j],ap++
+	mov	$alo,$ahi
+	ldr	$nj,[$np],#4		@ np[j],np++
+	mov	$ahi,#0
+	umlal	$alo,$ahi,$aj,$bi	@ ap[j]*bp[0]
+	mov	$nhi,#0
+	umlal	$nlo,$nhi,$nj,$n0	@ np[j]*n0
+	adds	$nlo,$nlo,$alo
+	str	$nlo,[$tp],#4		@ tp[j-1]=,tp++
+	adc	$nlo,$nhi,#0
+	cmp	$tp,$num
+	bne	.L1st
+
+	adds	$nlo,$nlo,$ahi
+	ldr	$tp,[$_bp]		@ restore bp
+	mov	$nhi,#0
+	ldr	$n0,[$_n0]		@ restore n0
+	adc	$nhi,$nhi,#0
+	str	$nlo,[$num]		@ tp[num-1]=
+	mov	$tj,sp
+	str	$nhi,[$num,#4]		@ tp[num]=
+
+.Louter:
+	sub	$tj,$num,$tj		@ "original" $num-1 value
+	sub	$ap,$ap,$tj		@ "rewind" ap to &ap[1]
+	ldr	$bi,[$tp,#4]!		@ *(++bp)
+	sub	$np,$np,$tj		@ "rewind" np to &np[1]
+	ldr	$aj,[$ap,#-4]		@ ap[0]
+	ldr	$alo,[sp]		@ tp[0]
+	ldr	$nj,[$np,#-4]		@ np[0]
+	ldr	$tj,[sp,#4]		@ tp[1]
+
+	mov	$ahi,#0
+	umlal	$alo,$ahi,$aj,$bi	@ ap[0]*bp[i]+tp[0]
+	str	$tp,[$_bp]		@ save bp
+	mul	$n0,$alo,$n0
+	mov	$nlo,#0
+	umlal	$alo,$nlo,$nj,$n0	@ np[0]*n0+"tp[0]"
+	mov	$tp,sp
+
+.Linner:
+	ldr	$aj,[$ap],#4		@ ap[j],ap++
+	adds	$alo,$ahi,$tj		@ +=tp[j]
+	ldr	$nj,[$np],#4		@ np[j],np++
+	mov	$ahi,#0
+	umlal	$alo,$ahi,$aj,$bi	@ ap[j]*bp[i]
+	mov	$nhi,#0
+	umlal	$nlo,$nhi,$nj,$n0	@ np[j]*n0
+	adc	$ahi,$ahi,#0
+	ldr	$tj,[$tp,#8]		@ tp[j+1]
+	adds	$nlo,$nlo,$alo
+	str	$nlo,[$tp],#4		@ tp[j-1]=,tp++
+	adc	$nlo,$nhi,#0
+	cmp	$tp,$num
+	bne	.Linner
+
+	adds	$nlo,$nlo,$ahi
+	mov	$nhi,#0
+	ldr	$tp,[$_bp]		@ restore bp
+	adc	$nhi,$nhi,#0
+	ldr	$n0,[$_n0]		@ restore n0
+	adds	$nlo,$nlo,$tj
+	ldr	$tj,[$_bpend]		@ restore &bp[num]
+	adc	$nhi,$nhi,#0
+	str	$nlo,[$num]		@ tp[num-1]=
+	str	$nhi,[$num,#4]		@ tp[num]=
+
+	cmp	$tp,$tj
+#ifdef	__thumb2__
+	itt	ne
+#endif
+	movne	$tj,sp
+	bne	.Louter
+
+	ldr	$rp,[$_rp]		@ pull rp
+	mov	$aj,sp
+	add	$num,$num,#4		@ $num to point at &tp[num]
+	sub	$aj,$num,$aj		@ "original" num value
+	mov	$tp,sp			@ "rewind" $tp
+	mov	$ap,$tp			@ "borrow" $ap
+	sub	$np,$np,$aj		@ "rewind" $np to &np[0]
+
+	subs	$tj,$tj,$tj		@ "clear" carry flag
+.Lsub:	ldr	$tj,[$tp],#4
+	ldr	$nj,[$np],#4
+	sbcs	$tj,$tj,$nj		@ tp[j]-np[j]
+	str	$tj,[$rp],#4		@ rp[j]=
+	teq	$tp,$num		@ preserve carry
+	bne	.Lsub
+	sbcs	$nhi,$nhi,#0		@ upmost carry
+	mov	$tp,sp			@ "rewind" $tp
+	sub	$rp,$rp,$aj		@ "rewind" $rp
+
+.Lcopy:	ldr	$tj,[$tp]		@ conditional copy
+	ldr	$aj,[$rp]
+	str	sp,[$tp],#4		@ zap tp
+#ifdef	__thumb2__
+	it	cc
+#endif
+	movcc	$aj,$tj
+	str	$aj,[$rp],#4
+	teq	$tp,$num		@ preserve carry
+	bne	.Lcopy
+
+	mov	sp,$num
+	add	sp,sp,#4		@ skip over tp[num+1]
+	ldmia	sp!,{r4-r12,lr}		@ restore registers
+	add	sp,sp,#2*4		@ skip over {r0,r2}
+	mov	r0,#1
+.Labrt:
+#if __ARM_ARCH__>=5
+	ret				@ bx lr
+#else
+	tst	lr,#1
+	moveq	pc,lr			@ be binary compatible with V4, yet
+	bx	lr			@ interoperable with Thumb ISA:-)
+#endif
+.size	bn_mul_mont,.-bn_mul_mont
+___
+{
+my ($A0,$A1,$A2,$A3)=map("d$_",(0..3));
+my ($N0,$N1,$N2,$N3)=map("d$_",(4..7));
+my ($Z,$Temp)=("q4","q5");
+my @ACC=map("q$_",(6..13));
+my ($Bi,$Ni,$M0)=map("d$_",(28..31));
+my $zero="$Z#lo";
+my $temp="$Temp#lo";
+
+my ($rptr,$aptr,$bptr,$nptr,$n0,$num)=map("r$_",(0..5));
+my ($tinptr,$toutptr,$inner,$outer,$bnptr)=map("r$_",(6..11));
+
+$code.=<<___;
+#if __ARM_MAX_ARCH__>=7
+.arch	armv7-a
+.fpu	neon
+
+.type	bn_mul8x_mont_neon,%function
+.align	5
+bn_mul8x_mont_neon:
+	mov	ip,sp
+	stmdb	sp!,{r4-r11}
+	vstmdb	sp!,{d8-d15}		@ ABI specification says so
+	ldmia	ip,{r4-r5}		@ load rest of parameter block
+	mov	ip,sp
+
+	cmp	$num,#8
+	bhi	.LNEON_8n
+
+	@ special case for $num==8, everything is in register bank...
+
+	vld1.32		{${Bi}[0]}, [$bptr,:32]!
+	veor		$zero,$zero,$zero
+	sub		$toutptr,sp,$num,lsl#4
+	vld1.32		{$A0-$A3},  [$aptr]!		@ can't specify :32 :-(
+	and		$toutptr,$toutptr,#-64
+	vld1.32		{${M0}[0]}, [$n0,:32]
+	mov		sp,$toutptr			@ alloca
+	vzip.16		$Bi,$zero
+
+	vmull.u32	@ACC[0],$Bi,${A0}[0]
+	vmull.u32	@ACC[1],$Bi,${A0}[1]
+	vmull.u32	@ACC[2],$Bi,${A1}[0]
+	vshl.i64	$Ni,@ACC[0]#hi,#16
+	vmull.u32	@ACC[3],$Bi,${A1}[1]
+
+	vadd.u64	$Ni,$Ni,@ACC[0]#lo
+	veor		$zero,$zero,$zero
+	vmul.u32	$Ni,$Ni,$M0
+
+	vmull.u32	@ACC[4],$Bi,${A2}[0]
+	 vld1.32	{$N0-$N3}, [$nptr]!
+	vmull.u32	@ACC[5],$Bi,${A2}[1]
+	vmull.u32	@ACC[6],$Bi,${A3}[0]
+	vzip.16		$Ni,$zero
+	vmull.u32	@ACC[7],$Bi,${A3}[1]
+
+	vmlal.u32	@ACC[0],$Ni,${N0}[0]
+	sub		$outer,$num,#1
+	vmlal.u32	@ACC[1],$Ni,${N0}[1]
+	vmlal.u32	@ACC[2],$Ni,${N1}[0]
+	vmlal.u32	@ACC[3],$Ni,${N1}[1]
+
+	vmlal.u32	@ACC[4],$Ni,${N2}[0]
+	vmov		$Temp,@ACC[0]
+	vmlal.u32	@ACC[5],$Ni,${N2}[1]
+	vmov		@ACC[0],@ACC[1]
+	vmlal.u32	@ACC[6],$Ni,${N3}[0]
+	vmov		@ACC[1],@ACC[2]
+	vmlal.u32	@ACC[7],$Ni,${N3}[1]
+	vmov		@ACC[2],@ACC[3]
+	vmov		@ACC[3],@ACC[4]
+	vshr.u64	$temp,$temp,#16
+	vmov		@ACC[4],@ACC[5]
+	vmov		@ACC[5],@ACC[6]
+	vadd.u64	$temp,$temp,$Temp#hi
+	vmov		@ACC[6],@ACC[7]
+	veor		@ACC[7],@ACC[7]
+	vshr.u64	$temp,$temp,#16
+
+	b	.LNEON_outer8
+
+.align	4
+.LNEON_outer8:
+	vld1.32		{${Bi}[0]}, [$bptr,:32]!
+	veor		$zero,$zero,$zero
+	vzip.16		$Bi,$zero
+	vadd.u64	@ACC[0]#lo,@ACC[0]#lo,$temp
+
+	vmlal.u32	@ACC[0],$Bi,${A0}[0]
+	vmlal.u32	@ACC[1],$Bi,${A0}[1]
+	vmlal.u32	@ACC[2],$Bi,${A1}[0]
+	vshl.i64	$Ni,@ACC[0]#hi,#16
+	vmlal.u32	@ACC[3],$Bi,${A1}[1]
+
+	vadd.u64	$Ni,$Ni,@ACC[0]#lo
+	veor		$zero,$zero,$zero
+	subs		$outer,$outer,#1
+	vmul.u32	$Ni,$Ni,$M0
+
+	vmlal.u32	@ACC[4],$Bi,${A2}[0]
+	vmlal.u32	@ACC[5],$Bi,${A2}[1]
+	vmlal.u32	@ACC[6],$Bi,${A3}[0]
+	vzip.16		$Ni,$zero
+	vmlal.u32	@ACC[7],$Bi,${A3}[1]
+
+	vmlal.u32	@ACC[0],$Ni,${N0}[0]
+	vmlal.u32	@ACC[1],$Ni,${N0}[1]
+	vmlal.u32	@ACC[2],$Ni,${N1}[0]
+	vmlal.u32	@ACC[3],$Ni,${N1}[1]
+
+	vmlal.u32	@ACC[4],$Ni,${N2}[0]
+	vmov		$Temp,@ACC[0]
+	vmlal.u32	@ACC[5],$Ni,${N2}[1]
+	vmov		@ACC[0],@ACC[1]
+	vmlal.u32	@ACC[6],$Ni,${N3}[0]
+	vmov		@ACC[1],@ACC[2]
+	vmlal.u32	@ACC[7],$Ni,${N3}[1]
+	vmov		@ACC[2],@ACC[3]
+	vmov		@ACC[3],@ACC[4]
+	vshr.u64	$temp,$temp,#16
+	vmov		@ACC[4],@ACC[5]
+	vmov		@ACC[5],@ACC[6]
+	vadd.u64	$temp,$temp,$Temp#hi
+	vmov		@ACC[6],@ACC[7]
+	veor		@ACC[7],@ACC[7]
+	vshr.u64	$temp,$temp,#16
+
+	bne	.LNEON_outer8
+
+	vadd.u64	@ACC[0]#lo,@ACC[0]#lo,$temp
+	mov		$toutptr,sp
+	vshr.u64	$temp,@ACC[0]#lo,#16
+	mov		$inner,$num
+	vadd.u64	@ACC[0]#hi,@ACC[0]#hi,$temp
+	add		$tinptr,sp,#96
+	vshr.u64	$temp,@ACC[0]#hi,#16
+	vzip.16		@ACC[0]#lo,@ACC[0]#hi
+
+	b	.LNEON_tail_entry
+
+.align	4
+.LNEON_8n:
+	veor		@ACC[0],@ACC[0],@ACC[0]
+	 sub		$toutptr,sp,#128
+	veor		@ACC[1],@ACC[1],@ACC[1]
+	 sub		$toutptr,$toutptr,$num,lsl#4
+	veor		@ACC[2],@ACC[2],@ACC[2]
+	 and		$toutptr,$toutptr,#-64
+	veor		@ACC[3],@ACC[3],@ACC[3]
+	 mov		sp,$toutptr			@ alloca
+	veor		@ACC[4],@ACC[4],@ACC[4]
+	 add		$toutptr,$toutptr,#256
+	veor		@ACC[5],@ACC[5],@ACC[5]
+	 sub		$inner,$num,#8
+	veor		@ACC[6],@ACC[6],@ACC[6]
+	veor		@ACC[7],@ACC[7],@ACC[7]
+
+.LNEON_8n_init:
+	vst1.64		{@ACC[0]-@ACC[1]},[$toutptr,:256]!
+	subs		$inner,$inner,#8
+	vst1.64		{@ACC[2]-@ACC[3]},[$toutptr,:256]!
+	vst1.64		{@ACC[4]-@ACC[5]},[$toutptr,:256]!
+	vst1.64		{@ACC[6]-@ACC[7]},[$toutptr,:256]!
+	bne		.LNEON_8n_init
+
+	add		$tinptr,sp,#256
+	vld1.32		{$A0-$A3},[$aptr]!
+	add		$bnptr,sp,#8
+	vld1.32		{${M0}[0]},[$n0,:32]
+	mov		$outer,$num
+	b		.LNEON_8n_outer
+
+.align	4
+.LNEON_8n_outer:
+	vld1.32		{${Bi}[0]},[$bptr,:32]!	@ *b++
+	veor		$zero,$zero,$zero
+	vzip.16		$Bi,$zero
+	add		$toutptr,sp,#128
+	vld1.32		{$N0-$N3},[$nptr]!
+
+	vmlal.u32	@ACC[0],$Bi,${A0}[0]
+	vmlal.u32	@ACC[1],$Bi,${A0}[1]
+	 veor		$zero,$zero,$zero
+	vmlal.u32	@ACC[2],$Bi,${A1}[0]
+	 vshl.i64	$Ni,@ACC[0]#hi,#16
+	vmlal.u32	@ACC[3],$Bi,${A1}[1]
+	 vadd.u64	$Ni,$Ni,@ACC[0]#lo
+	vmlal.u32	@ACC[4],$Bi,${A2}[0]
+	 vmul.u32	$Ni,$Ni,$M0
+	vmlal.u32	@ACC[5],$Bi,${A2}[1]
+	vst1.32		{$Bi},[sp,:64]		@ put aside smashed b[8*i+0]
+	vmlal.u32	@ACC[6],$Bi,${A3}[0]
+	 vzip.16	$Ni,$zero
+	vmlal.u32	@ACC[7],$Bi,${A3}[1]
+___
+for ($i=0; $i<7;) {
+$code.=<<___;
+	vld1.32		{${Bi}[0]},[$bptr,:32]!	@ *b++
+	vmlal.u32	@ACC[0],$Ni,${N0}[0]
+	veor		$temp,$temp,$temp
+	vmlal.u32	@ACC[1],$Ni,${N0}[1]
+	vzip.16		$Bi,$temp
+	vmlal.u32	@ACC[2],$Ni,${N1}[0]
+	 vshr.u64	@ACC[0]#lo,@ACC[0]#lo,#16
+	vmlal.u32	@ACC[3],$Ni,${N1}[1]
+	vmlal.u32	@ACC[4],$Ni,${N2}[0]
+	 vadd.u64	@ACC[0]#lo,@ACC[0]#lo,@ACC[0]#hi
+	vmlal.u32	@ACC[5],$Ni,${N2}[1]
+	 vshr.u64	@ACC[0]#lo,@ACC[0]#lo,#16
+	vmlal.u32	@ACC[6],$Ni,${N3}[0]
+	vmlal.u32	@ACC[7],$Ni,${N3}[1]
+	 vadd.u64	@ACC[1]#lo,@ACC[1]#lo,@ACC[0]#lo
+	vst1.32		{$Ni},[$bnptr,:64]!	@ put aside smashed m[8*i+$i]
+___
+	push(@ACC,shift(@ACC));	$i++;
+$code.=<<___;
+	vmlal.u32	@ACC[0],$Bi,${A0}[0]
+	vld1.64		{@ACC[7]},[$tinptr,:128]!
+	vmlal.u32	@ACC[1],$Bi,${A0}[1]
+	 veor		$zero,$zero,$zero
+	vmlal.u32	@ACC[2],$Bi,${A1}[0]
+	 vshl.i64	$Ni,@ACC[0]#hi,#16
+	vmlal.u32	@ACC[3],$Bi,${A1}[1]
+	 vadd.u64	$Ni,$Ni,@ACC[0]#lo
+	vmlal.u32	@ACC[4],$Bi,${A2}[0]
+	 vmul.u32	$Ni,$Ni,$M0
+	vmlal.u32	@ACC[5],$Bi,${A2}[1]
+	vst1.32		{$Bi},[$bnptr,:64]!	@ put aside smashed b[8*i+$i]
+	vmlal.u32	@ACC[6],$Bi,${A3}[0]
+	 vzip.16	$Ni,$zero
+	vmlal.u32	@ACC[7],$Bi,${A3}[1]
+___
+}
+$code.=<<___;
+	vld1.32		{$Bi},[sp,:64]		@ pull smashed b[8*i+0]
+	vmlal.u32	@ACC[0],$Ni,${N0}[0]
+	vld1.32		{$A0-$A3},[$aptr]!
+	vmlal.u32	@ACC[1],$Ni,${N0}[1]
+	vmlal.u32	@ACC[2],$Ni,${N1}[0]
+	 vshr.u64	@ACC[0]#lo,@ACC[0]#lo,#16
+	vmlal.u32	@ACC[3],$Ni,${N1}[1]
+	vmlal.u32	@ACC[4],$Ni,${N2}[0]
+	 vadd.u64	@ACC[0]#lo,@ACC[0]#lo,@ACC[0]#hi
+	vmlal.u32	@ACC[5],$Ni,${N2}[1]
+	 vshr.u64	@ACC[0]#lo,@ACC[0]#lo,#16
+	vmlal.u32	@ACC[6],$Ni,${N3}[0]
+	vmlal.u32	@ACC[7],$Ni,${N3}[1]
+	 vadd.u64	@ACC[1]#lo,@ACC[1]#lo,@ACC[0]#lo
+	vst1.32		{$Ni},[$bnptr,:64]	@ put aside smashed m[8*i+$i]
+	add		$bnptr,sp,#8		@ rewind
+___
+	push(@ACC,shift(@ACC));
+$code.=<<___;
+	sub		$inner,$num,#8
+	b		.LNEON_8n_inner
+
+.align	4
+.LNEON_8n_inner:
+	subs		$inner,$inner,#8
+	vmlal.u32	@ACC[0],$Bi,${A0}[0]
+	vld1.64		{@ACC[7]},[$tinptr,:128]
+	vmlal.u32	@ACC[1],$Bi,${A0}[1]
+	vld1.32		{$Ni},[$bnptr,:64]!	@ pull smashed m[8*i+0]
+	vmlal.u32	@ACC[2],$Bi,${A1}[0]
+	vld1.32		{$N0-$N3},[$nptr]!
+	vmlal.u32	@ACC[3],$Bi,${A1}[1]
+	it		ne
+	addne		$tinptr,$tinptr,#16	@ don't advance in last iteration
+	vmlal.u32	@ACC[4],$Bi,${A2}[0]
+	vmlal.u32	@ACC[5],$Bi,${A2}[1]
+	vmlal.u32	@ACC[6],$Bi,${A3}[0]
+	vmlal.u32	@ACC[7],$Bi,${A3}[1]
+___
+for ($i=1; $i<8; $i++) {
+$code.=<<___;
+	vld1.32		{$Bi},[$bnptr,:64]!	@ pull smashed b[8*i+$i]
+	vmlal.u32	@ACC[0],$Ni,${N0}[0]
+	vmlal.u32	@ACC[1],$Ni,${N0}[1]
+	vmlal.u32	@ACC[2],$Ni,${N1}[0]
+	vmlal.u32	@ACC[3],$Ni,${N1}[1]
+	vmlal.u32	@ACC[4],$Ni,${N2}[0]
+	vmlal.u32	@ACC[5],$Ni,${N2}[1]
+	vmlal.u32	@ACC[6],$Ni,${N3}[0]
+	vmlal.u32	@ACC[7],$Ni,${N3}[1]
+	vst1.64		{@ACC[0]},[$toutptr,:128]!
+___
+	push(@ACC,shift(@ACC));
+$code.=<<___;
+	vmlal.u32	@ACC[0],$Bi,${A0}[0]
+	vld1.64		{@ACC[7]},[$tinptr,:128]
+	vmlal.u32	@ACC[1],$Bi,${A0}[1]
+	vld1.32		{$Ni},[$bnptr,:64]!	@ pull smashed m[8*i+$i]
+	vmlal.u32	@ACC[2],$Bi,${A1}[0]
+	it		ne
+	addne		$tinptr,$tinptr,#16	@ don't advance in last iteration
+	vmlal.u32	@ACC[3],$Bi,${A1}[1]
+	vmlal.u32	@ACC[4],$Bi,${A2}[0]
+	vmlal.u32	@ACC[5],$Bi,${A2}[1]
+	vmlal.u32	@ACC[6],$Bi,${A3}[0]
+	vmlal.u32	@ACC[7],$Bi,${A3}[1]
+___
+}
+$code.=<<___;
+	it		eq
+	subeq		$aptr,$aptr,$num,lsl#2	@ rewind
+	vmlal.u32	@ACC[0],$Ni,${N0}[0]
+	vld1.32		{$Bi},[sp,:64]		@ pull smashed b[8*i+0]
+	vmlal.u32	@ACC[1],$Ni,${N0}[1]
+	vld1.32		{$A0-$A3},[$aptr]!
+	vmlal.u32	@ACC[2],$Ni,${N1}[0]
+	add		$bnptr,sp,#8		@ rewind
+	vmlal.u32	@ACC[3],$Ni,${N1}[1]
+	vmlal.u32	@ACC[4],$Ni,${N2}[0]
+	vmlal.u32	@ACC[5],$Ni,${N2}[1]
+	vmlal.u32	@ACC[6],$Ni,${N3}[0]
+	vst1.64		{@ACC[0]},[$toutptr,:128]!
+	vmlal.u32	@ACC[7],$Ni,${N3}[1]
+
+	bne		.LNEON_8n_inner
+___
+	push(@ACC,shift(@ACC));
+$code.=<<___;
+	add		$tinptr,sp,#128
+	vst1.64		{@ACC[0]-@ACC[1]},[$toutptr,:256]!
+	veor		q2,q2,q2		@ $N0-$N1
+	vst1.64		{@ACC[2]-@ACC[3]},[$toutptr,:256]!
+	veor		q3,q3,q3		@ $N2-$N3
+	vst1.64		{@ACC[4]-@ACC[5]},[$toutptr,:256]!
+	vst1.64		{@ACC[6]},[$toutptr,:128]
+
+	subs		$outer,$outer,#8
+	vld1.64		{@ACC[0]-@ACC[1]},[$tinptr,:256]!
+	vld1.64		{@ACC[2]-@ACC[3]},[$tinptr,:256]!
+	vld1.64		{@ACC[4]-@ACC[5]},[$tinptr,:256]!
+	vld1.64		{@ACC[6]-@ACC[7]},[$tinptr,:256]!
+
+	itt		ne
+	subne		$nptr,$nptr,$num,lsl#2	@ rewind
+	bne		.LNEON_8n_outer
+
+	add		$toutptr,sp,#128
+	vst1.64		{q2-q3}, [sp,:256]!	@ start wiping stack frame
+	vshr.u64	$temp,@ACC[0]#lo,#16
+	vst1.64		{q2-q3},[sp,:256]!
+	vadd.u64	@ACC[0]#hi,@ACC[0]#hi,$temp
+	vst1.64		{q2-q3}, [sp,:256]!
+	vshr.u64	$temp,@ACC[0]#hi,#16
+	vst1.64		{q2-q3}, [sp,:256]!
+	vzip.16		@ACC[0]#lo,@ACC[0]#hi
+
+	mov		$inner,$num
+	b		.LNEON_tail_entry
+
+.align	4
+.LNEON_tail:
+	vadd.u64	@ACC[0]#lo,@ACC[0]#lo,$temp
+	vshr.u64	$temp,@ACC[0]#lo,#16
+	vld1.64		{@ACC[2]-@ACC[3]}, [$tinptr, :256]!
+	vadd.u64	@ACC[0]#hi,@ACC[0]#hi,$temp
+	vld1.64		{@ACC[4]-@ACC[5]}, [$tinptr, :256]!
+	vshr.u64	$temp,@ACC[0]#hi,#16
+	vld1.64		{@ACC[6]-@ACC[7]}, [$tinptr, :256]!
+	vzip.16		@ACC[0]#lo,@ACC[0]#hi
+
+.LNEON_tail_entry:
+___
+for ($i=1; $i<8; $i++) {
+$code.=<<___;
+	vadd.u64	@ACC[1]#lo,@ACC[1]#lo,$temp
+	vst1.32		{@ACC[0]#lo[0]}, [$toutptr, :32]!
+	vshr.u64	$temp,@ACC[1]#lo,#16
+	vadd.u64	@ACC[1]#hi,@ACC[1]#hi,$temp
+	vshr.u64	$temp,@ACC[1]#hi,#16
+	vzip.16		@ACC[1]#lo,@ACC[1]#hi
+___
+	push(@ACC,shift(@ACC));
+}
+	push(@ACC,shift(@ACC));
+$code.=<<___;
+	vld1.64		{@ACC[0]-@ACC[1]}, [$tinptr, :256]!
+	subs		$inner,$inner,#8
+	vst1.32		{@ACC[7]#lo[0]},   [$toutptr, :32]!
+	bne	.LNEON_tail
+
+	vst1.32	{${temp}[0]}, [$toutptr, :32]		@ top-most bit
+	sub	$nptr,$nptr,$num,lsl#2			@ rewind $nptr
+	subs	$aptr,sp,#0				@ clear carry flag
+	add	$bptr,sp,$num,lsl#2
+
+.LNEON_sub:
+	ldmia	$aptr!, {r4-r7}
+	ldmia	$nptr!, {r8-r11}
+	sbcs	r8, r4,r8
+	sbcs	r9, r5,r9
+	sbcs	r10,r6,r10
+	sbcs	r11,r7,r11
+	teq	$aptr,$bptr				@ preserves carry
+	stmia	$rptr!, {r8-r11}
+	bne	.LNEON_sub
+
+	ldr	r10, [$aptr]				@ load top-most bit
+	mov	r11,sp
+	veor	q0,q0,q0
+	sub	r11,$bptr,r11				@ this is num*4
+	veor	q1,q1,q1
+	mov	$aptr,sp
+	sub	$rptr,$rptr,r11				@ rewind $rptr
+	mov	$nptr,$bptr				@ second 3/4th of frame
+	sbcs	r10,r10,#0				@ result is carry flag
+
+.LNEON_copy_n_zap:
+	ldmia	$aptr!, {r4-r7}
+	ldmia	$rptr,  {r8-r11}
+	it	cc
+	movcc	r8, r4
+	vst1.64	{q0-q1}, [$nptr,:256]!			@ wipe
+	itt	cc
+	movcc	r9, r5
+	movcc	r10,r6
+	vst1.64	{q0-q1}, [$nptr,:256]!			@ wipe
+	it	cc
+	movcc	r11,r7
+	ldmia	$aptr, {r4-r7}
+	stmia	$rptr!, {r8-r11}
+	sub	$aptr,$aptr,#16
+	ldmia	$rptr, {r8-r11}
+	it	cc
+	movcc	r8, r4
+	vst1.64	{q0-q1}, [$aptr,:256]!			@ wipe
+	itt	cc
+	movcc	r9, r5
+	movcc	r10,r6
+	vst1.64	{q0-q1}, [$nptr,:256]!			@ wipe
+	it	cc
+	movcc	r11,r7
+	teq	$aptr,$bptr				@ preserves carry
+	stmia	$rptr!, {r8-r11}
+	bne	.LNEON_copy_n_zap
+
+	mov	sp,ip
+        vldmia  sp!,{d8-d15}
+        ldmia   sp!,{r4-r11}
+	ret						@ bx lr
+.size	bn_mul8x_mont_neon,.-bn_mul8x_mont_neon
+#endif
+___
+}
+$code.=<<___;
+.asciz	"Montgomery multiplication for ARMv4/NEON, CRYPTOGAMS by <appro\@openssl.org>"
+.align	2
+#if __ARM_MAX_ARCH__>=7
+.comm	OPENSSL_armcap_P,4,4
+#endif
+___
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/ge;
+
+	s/\bq([0-9]+)#(lo|hi)/sprintf "d%d",2*$1+($2 eq "hi")/ge	or
+	s/\bret\b/bx    lr/g						or
+	s/\bbx\s+lr\b/.word\t0xe12fff1e/g;	# make it possible to compile with -march=armv4
+
+	print $_,"\n";
+}
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/armv8-mont.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/armv8-mont.pl
new file mode 100755
index 000000000..d8347bf93
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/armv8-mont.pl
@@ -0,0 +1,1514 @@
+#! /usr/bin/env perl
+# Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# March 2015
+#
+# "Teaser" Montgomery multiplication module for ARMv8. Needs more
+# work. While it does improve RSA sign performance by 20-30% (less for
+# longer keys) on most processors, for some reason RSA2048 is not
+# faster and RSA4096 goes 15-20% slower on Cortex-A57. Multiplication
+# instruction issue rate is limited on processor in question, meaning
+# that dedicated squaring procedure is a must. Well, actually all
+# contemporary AArch64 processors seem to have limited multiplication
+# issue rate, i.e. they can't issue multiplication every cycle, which
+# explains moderate improvement coefficients in comparison to
+# compiler-generated code. Recall that compiler is instructed to use
+# umulh and therefore uses same amount of multiplication instructions
+# to do the job. Assembly's edge is to minimize number of "collateral"
+# instructions and of course instruction scheduling.
+#
+# April 2015
+#
+# Squaring procedure that handles lengths divisible by 8 improves
+# RSA/DSA performance by 25-40-60% depending on processor and key
+# length. Overall improvement coefficients are always positive in
+# comparison to compiler-generated code. On Cortex-A57 improvement
+# is still modest on longest key lengths, while others exhibit e.g.
+# 50-70% improvement for RSA4096 sign. RSA2048 sign is ~25% faster
+# on Cortex-A57 and ~60-100% faster on others.
+
+$flavour = shift;
+$output  = shift;
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
+die "can't locate arm-xlate.pl";
+
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
+
+($lo0,$hi0,$aj,$m0,$alo,$ahi,
+ $lo1,$hi1,$nj,$m1,$nlo,$nhi,
+ $ovf, $i,$j,$tp,$tj) = map("x$_",6..17,19..24);
+
+# int bn_mul_mont(
+$rp="x0";	# BN_ULONG *rp,
+$ap="x1";	# const BN_ULONG *ap,
+$bp="x2";	# const BN_ULONG *bp,
+$np="x3";	# const BN_ULONG *np,
+$n0="x4";	# const BN_ULONG *n0,
+$num="x5";	# int num);
+
+$code.=<<___;
+.text
+
+.globl	bn_mul_mont
+.type	bn_mul_mont,%function
+.align	5
+bn_mul_mont:
+	tst	$num,#7
+	b.eq	__bn_sqr8x_mont
+	tst	$num,#3
+	b.eq	__bn_mul4x_mont
+.Lmul_mont:
+	stp	x29,x30,[sp,#-64]!
+	add	x29,sp,#0
+	stp	x19,x20,[sp,#16]
+	stp	x21,x22,[sp,#32]
+	stp	x23,x24,[sp,#48]
+
+	ldr	$m0,[$bp],#8		// bp[0]
+	sub	$tp,sp,$num,lsl#3
+	ldp	$hi0,$aj,[$ap],#16	// ap[0..1]
+	lsl	$num,$num,#3
+	ldr	$n0,[$n0]		// *n0
+	and	$tp,$tp,#-16		// ABI says so
+	ldp	$hi1,$nj,[$np],#16	// np[0..1]
+
+	mul	$lo0,$hi0,$m0		// ap[0]*bp[0]
+	sub	$j,$num,#16		// j=num-2
+	umulh	$hi0,$hi0,$m0
+	mul	$alo,$aj,$m0		// ap[1]*bp[0]
+	umulh	$ahi,$aj,$m0
+
+	mul	$m1,$lo0,$n0		// "tp[0]"*n0
+	mov	sp,$tp			// alloca
+
+	// (*)	mul	$lo1,$hi1,$m1	// np[0]*m1
+	umulh	$hi1,$hi1,$m1
+	mul	$nlo,$nj,$m1		// np[1]*m1
+	// (*)	adds	$lo1,$lo1,$lo0	// discarded
+	// (*)	As for removal of first multiplication and addition
+	//	instructions. The outcome of first addition is
+	//	guaranteed to be zero, which leaves two computationally
+	//	significant outcomes: it either carries or not. Then
+	//	question is when does it carry? Is there alternative
+	//	way to deduce it? If you follow operations, you can
+	//	observe that condition for carry is quite simple:
+	//	$lo0 being non-zero. So that carry can be calculated
+	//	by adding -1 to $lo0. That's what next instruction does.
+	subs	xzr,$lo0,#1		// (*)
+	umulh	$nhi,$nj,$m1
+	adc	$hi1,$hi1,xzr
+	cbz	$j,.L1st_skip
+
+.L1st:
+	ldr	$aj,[$ap],#8
+	adds	$lo0,$alo,$hi0
+	sub	$j,$j,#8		// j--
+	adc	$hi0,$ahi,xzr
+
+	ldr	$nj,[$np],#8
+	adds	$lo1,$nlo,$hi1
+	mul	$alo,$aj,$m0		// ap[j]*bp[0]
+	adc	$hi1,$nhi,xzr
+	umulh	$ahi,$aj,$m0
+
+	adds	$lo1,$lo1,$lo0
+	mul	$nlo,$nj,$m1		// np[j]*m1
+	adc	$hi1,$hi1,xzr
+	umulh	$nhi,$nj,$m1
+	str	$lo1,[$tp],#8		// tp[j-1]
+	cbnz	$j,.L1st
+
+.L1st_skip:
+	adds	$lo0,$alo,$hi0
+	sub	$ap,$ap,$num		// rewind $ap
+	adc	$hi0,$ahi,xzr
+
+	adds	$lo1,$nlo,$hi1
+	sub	$np,$np,$num		// rewind $np
+	adc	$hi1,$nhi,xzr
+
+	adds	$lo1,$lo1,$lo0
+	sub	$i,$num,#8		// i=num-1
+	adcs	$hi1,$hi1,$hi0
+
+	adc	$ovf,xzr,xzr		// upmost overflow bit
+	stp	$lo1,$hi1,[$tp]
+
+.Louter:
+	ldr	$m0,[$bp],#8		// bp[i]
+	ldp	$hi0,$aj,[$ap],#16
+	ldr	$tj,[sp]		// tp[0]
+	add	$tp,sp,#8
+
+	mul	$lo0,$hi0,$m0		// ap[0]*bp[i]
+	sub	$j,$num,#16		// j=num-2
+	umulh	$hi0,$hi0,$m0
+	ldp	$hi1,$nj,[$np],#16
+	mul	$alo,$aj,$m0		// ap[1]*bp[i]
+	adds	$lo0,$lo0,$tj
+	umulh	$ahi,$aj,$m0
+	adc	$hi0,$hi0,xzr
+
+	mul	$m1,$lo0,$n0
+	sub	$i,$i,#8		// i--
+
+	// (*)	mul	$lo1,$hi1,$m1	// np[0]*m1
+	umulh	$hi1,$hi1,$m1
+	mul	$nlo,$nj,$m1		// np[1]*m1
+	// (*)	adds	$lo1,$lo1,$lo0
+	subs	xzr,$lo0,#1		// (*)
+	umulh	$nhi,$nj,$m1
+	cbz	$j,.Linner_skip
+
+.Linner:
+	ldr	$aj,[$ap],#8
+	adc	$hi1,$hi1,xzr
+	ldr	$tj,[$tp],#8		// tp[j]
+	adds	$lo0,$alo,$hi0
+	sub	$j,$j,#8		// j--
+	adc	$hi0,$ahi,xzr
+
+	adds	$lo1,$nlo,$hi1
+	ldr	$nj,[$np],#8
+	adc	$hi1,$nhi,xzr
+
+	mul	$alo,$aj,$m0		// ap[j]*bp[i]
+	adds	$lo0,$lo0,$tj
+	umulh	$ahi,$aj,$m0
+	adc	$hi0,$hi0,xzr
+
+	mul	$nlo,$nj,$m1		// np[j]*m1
+	adds	$lo1,$lo1,$lo0
+	umulh	$nhi,$nj,$m1
+	str	$lo1,[$tp,#-16]		// tp[j-1]
+	cbnz	$j,.Linner
+
+.Linner_skip:
+	ldr	$tj,[$tp],#8		// tp[j]
+	adc	$hi1,$hi1,xzr
+	adds	$lo0,$alo,$hi0
+	sub	$ap,$ap,$num		// rewind $ap
+	adc	$hi0,$ahi,xzr
+
+	adds	$lo1,$nlo,$hi1
+	sub	$np,$np,$num		// rewind $np
+	adcs	$hi1,$nhi,$ovf
+	adc	$ovf,xzr,xzr
+
+	adds	$lo0,$lo0,$tj
+	adc	$hi0,$hi0,xzr
+
+	adds	$lo1,$lo1,$lo0
+	adcs	$hi1,$hi1,$hi0
+	adc	$ovf,$ovf,xzr		// upmost overflow bit
+	stp	$lo1,$hi1,[$tp,#-16]
+
+	cbnz	$i,.Louter
+
+	// Final step. We see if result is larger than modulus, and
+	// if it is, subtract the modulus. But comparison implies
+	// subtraction. So we subtract modulus, see if it borrowed,
+	// and conditionally copy original value.
+	ldr	$tj,[sp]		// tp[0]
+	add	$tp,sp,#8
+	ldr	$nj,[$np],#8		// np[0]
+	subs	$j,$num,#8		// j=num-1 and clear borrow
+	mov	$ap,$rp
+.Lsub:
+	sbcs	$aj,$tj,$nj		// tp[j]-np[j]
+	ldr	$tj,[$tp],#8
+	sub	$j,$j,#8		// j--
+	ldr	$nj,[$np],#8
+	str	$aj,[$ap],#8		// rp[j]=tp[j]-np[j]
+	cbnz	$j,.Lsub
+
+	sbcs	$aj,$tj,$nj
+	sbcs	$ovf,$ovf,xzr		// did it borrow?
+	str	$aj,[$ap],#8		// rp[num-1]
+
+	ldr	$tj,[sp]		// tp[0]
+	add	$tp,sp,#8
+	ldr	$aj,[$rp],#8		// rp[0]
+	sub	$num,$num,#8		// num--
+	nop
+.Lcond_copy:
+	sub	$num,$num,#8		// num--
+	csel	$nj,$tj,$aj,lo		// did it borrow?
+	ldr	$tj,[$tp],#8
+	ldr	$aj,[$rp],#8
+	str	xzr,[$tp,#-16]		// wipe tp
+	str	$nj,[$rp,#-16]
+	cbnz	$num,.Lcond_copy
+
+	csel	$nj,$tj,$aj,lo
+	str	xzr,[$tp,#-8]		// wipe tp
+	str	$nj,[$rp,#-8]
+
+	ldp	x19,x20,[x29,#16]
+	mov	sp,x29
+	ldp	x21,x22,[x29,#32]
+	mov	x0,#1
+	ldp	x23,x24,[x29,#48]
+	ldr	x29,[sp],#64
+	ret
+.size	bn_mul_mont,.-bn_mul_mont
+___
+{
+########################################################################
+# Following is ARMv8 adaptation of sqrx8x_mont from x86_64-mont5 module.
+
+my ($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("x$_",(6..13));
+my ($t0,$t1,$t2,$t3)=map("x$_",(14..17));
+my ($acc0,$acc1,$acc2,$acc3,$acc4,$acc5,$acc6,$acc7)=map("x$_",(19..26));
+my ($cnt,$carry,$topmost)=("x27","x28","x30");
+my ($tp,$ap_end,$na0)=($bp,$np,$carry);
+
+$code.=<<___;
+.type	__bn_sqr8x_mont,%function
+.align	5
+__bn_sqr8x_mont:
+	cmp	$ap,$bp
+	b.ne	__bn_mul4x_mont
+.Lsqr8x_mont:
+	.inst	0xd503233f		// paciasp
+	stp	x29,x30,[sp,#-128]!
+	add	x29,sp,#0
+	stp	x19,x20,[sp,#16]
+	stp	x21,x22,[sp,#32]
+	stp	x23,x24,[sp,#48]
+	stp	x25,x26,[sp,#64]
+	stp	x27,x28,[sp,#80]
+	stp	$rp,$np,[sp,#96]	// offload rp and np
+
+	ldp	$a0,$a1,[$ap,#8*0]
+	ldp	$a2,$a3,[$ap,#8*2]
+	ldp	$a4,$a5,[$ap,#8*4]
+	ldp	$a6,$a7,[$ap,#8*6]
+
+	sub	$tp,sp,$num,lsl#4
+	lsl	$num,$num,#3
+	ldr	$n0,[$n0]		// *n0
+	mov	sp,$tp			// alloca
+	sub	$cnt,$num,#8*8
+	b	.Lsqr8x_zero_start
+
+.Lsqr8x_zero:
+	sub	$cnt,$cnt,#8*8
+	stp	xzr,xzr,[$tp,#8*0]
+	stp	xzr,xzr,[$tp,#8*2]
+	stp	xzr,xzr,[$tp,#8*4]
+	stp	xzr,xzr,[$tp,#8*6]
+.Lsqr8x_zero_start:
+	stp	xzr,xzr,[$tp,#8*8]
+	stp	xzr,xzr,[$tp,#8*10]
+	stp	xzr,xzr,[$tp,#8*12]
+	stp	xzr,xzr,[$tp,#8*14]
+	add	$tp,$tp,#8*16
+	cbnz	$cnt,.Lsqr8x_zero
+
+	add	$ap_end,$ap,$num
+	add	$ap,$ap,#8*8
+	mov	$acc0,xzr
+	mov	$acc1,xzr
+	mov	$acc2,xzr
+	mov	$acc3,xzr
+	mov	$acc4,xzr
+	mov	$acc5,xzr
+	mov	$acc6,xzr
+	mov	$acc7,xzr
+	mov	$tp,sp
+	str	$n0,[x29,#112]		// offload n0
+
+	// Multiply everything but a[i]*a[i]
+.align	4
+.Lsqr8x_outer_loop:
+        //                                                 a[1]a[0]	(i)
+        //                                             a[2]a[0]
+        //                                         a[3]a[0]
+        //                                     a[4]a[0]
+        //                                 a[5]a[0]
+        //                             a[6]a[0]
+        //                         a[7]a[0]
+        //                                         a[2]a[1]		(ii)
+        //                                     a[3]a[1]
+        //                                 a[4]a[1]
+        //                             a[5]a[1]
+        //                         a[6]a[1]
+        //                     a[7]a[1]
+        //                                 a[3]a[2]			(iii)
+        //                             a[4]a[2]
+        //                         a[5]a[2]
+        //                     a[6]a[2]
+        //                 a[7]a[2]
+        //                         a[4]a[3]				(iv)
+        //                     a[5]a[3]
+        //                 a[6]a[3]
+        //             a[7]a[3]
+        //                 a[5]a[4]					(v)
+        //             a[6]a[4]
+        //         a[7]a[4]
+        //         a[6]a[5]						(vi)
+        //     a[7]a[5]
+        // a[7]a[6]							(vii)
+
+	mul	$t0,$a1,$a0		// lo(a[1..7]*a[0])		(i)
+	mul	$t1,$a2,$a0
+	mul	$t2,$a3,$a0
+	mul	$t3,$a4,$a0
+	adds	$acc1,$acc1,$t0		// t[1]+lo(a[1]*a[0])
+	mul	$t0,$a5,$a0
+	adcs	$acc2,$acc2,$t1
+	mul	$t1,$a6,$a0
+	adcs	$acc3,$acc3,$t2
+	mul	$t2,$a7,$a0
+	adcs	$acc4,$acc4,$t3
+	umulh	$t3,$a1,$a0		// hi(a[1..7]*a[0])
+	adcs	$acc5,$acc5,$t0
+	umulh	$t0,$a2,$a0
+	adcs	$acc6,$acc6,$t1
+	umulh	$t1,$a3,$a0
+	adcs	$acc7,$acc7,$t2
+	umulh	$t2,$a4,$a0
+	stp	$acc0,$acc1,[$tp],#8*2	// t[0..1]
+	adc	$acc0,xzr,xzr		// t[8]
+	adds	$acc2,$acc2,$t3		// t[2]+lo(a[1]*a[0])
+	umulh	$t3,$a5,$a0
+	adcs	$acc3,$acc3,$t0
+	umulh	$t0,$a6,$a0
+	adcs	$acc4,$acc4,$t1
+	umulh	$t1,$a7,$a0
+	adcs	$acc5,$acc5,$t2
+	 mul	$t2,$a2,$a1		// lo(a[2..7]*a[1])		(ii)
+	adcs	$acc6,$acc6,$t3
+	 mul	$t3,$a3,$a1
+	adcs	$acc7,$acc7,$t0
+	 mul	$t0,$a4,$a1
+	adc	$acc0,$acc0,$t1
+
+	mul	$t1,$a5,$a1
+	adds	$acc3,$acc3,$t2
+	mul	$t2,$a6,$a1
+	adcs	$acc4,$acc4,$t3
+	mul	$t3,$a7,$a1
+	adcs	$acc5,$acc5,$t0
+	umulh	$t0,$a2,$a1		// hi(a[2..7]*a[1])
+	adcs	$acc6,$acc6,$t1
+	umulh	$t1,$a3,$a1
+	adcs	$acc7,$acc7,$t2
+	umulh	$t2,$a4,$a1
+	adcs	$acc0,$acc0,$t3
+	umulh	$t3,$a5,$a1
+	stp	$acc2,$acc3,[$tp],#8*2	// t[2..3]
+	adc	$acc1,xzr,xzr		// t[9]
+	adds	$acc4,$acc4,$t0
+	umulh	$t0,$a6,$a1
+	adcs	$acc5,$acc5,$t1
+	umulh	$t1,$a7,$a1
+	adcs	$acc6,$acc6,$t2
+	 mul	$t2,$a3,$a2		// lo(a[3..7]*a[2])		(iii)
+	adcs	$acc7,$acc7,$t3
+	 mul	$t3,$a4,$a2
+	adcs	$acc0,$acc0,$t0
+	 mul	$t0,$a5,$a2
+	adc	$acc1,$acc1,$t1
+
+	mul	$t1,$a6,$a2
+	adds	$acc5,$acc5,$t2
+	mul	$t2,$a7,$a2
+	adcs	$acc6,$acc6,$t3
+	umulh	$t3,$a3,$a2		// hi(a[3..7]*a[2])
+	adcs	$acc7,$acc7,$t0
+	umulh	$t0,$a4,$a2
+	adcs	$acc0,$acc0,$t1
+	umulh	$t1,$a5,$a2
+	adcs	$acc1,$acc1,$t2
+	umulh	$t2,$a6,$a2
+	stp	$acc4,$acc5,[$tp],#8*2	// t[4..5]
+	adc	$acc2,xzr,xzr		// t[10]
+	adds	$acc6,$acc6,$t3
+	umulh	$t3,$a7,$a2
+	adcs	$acc7,$acc7,$t0
+	 mul	$t0,$a4,$a3		// lo(a[4..7]*a[3])		(iv)
+	adcs	$acc0,$acc0,$t1
+	 mul	$t1,$a5,$a3
+	adcs	$acc1,$acc1,$t2
+	 mul	$t2,$a6,$a3
+	adc	$acc2,$acc2,$t3
+
+	mul	$t3,$a7,$a3
+	adds	$acc7,$acc7,$t0
+	umulh	$t0,$a4,$a3		// hi(a[4..7]*a[3])
+	adcs	$acc0,$acc0,$t1
+	umulh	$t1,$a5,$a3
+	adcs	$acc1,$acc1,$t2
+	umulh	$t2,$a6,$a3
+	adcs	$acc2,$acc2,$t3
+	umulh	$t3,$a7,$a3
+	stp	$acc6,$acc7,[$tp],#8*2	// t[6..7]
+	adc	$acc3,xzr,xzr		// t[11]
+	adds	$acc0,$acc0,$t0
+	 mul	$t0,$a5,$a4		// lo(a[5..7]*a[4])		(v)
+	adcs	$acc1,$acc1,$t1
+	 mul	$t1,$a6,$a4
+	adcs	$acc2,$acc2,$t2
+	 mul	$t2,$a7,$a4
+	adc	$acc3,$acc3,$t3
+
+	umulh	$t3,$a5,$a4		// hi(a[5..7]*a[4])
+	adds	$acc1,$acc1,$t0
+	umulh	$t0,$a6,$a4
+	adcs	$acc2,$acc2,$t1
+	umulh	$t1,$a7,$a4
+	adcs	$acc3,$acc3,$t2
+	 mul	$t2,$a6,$a5		// lo(a[6..7]*a[5])		(vi)
+	adc	$acc4,xzr,xzr		// t[12]
+	adds	$acc2,$acc2,$t3
+	 mul	$t3,$a7,$a5
+	adcs	$acc3,$acc3,$t0
+	 umulh	$t0,$a6,$a5		// hi(a[6..7]*a[5])
+	adc	$acc4,$acc4,$t1
+
+	umulh	$t1,$a7,$a5
+	adds	$acc3,$acc3,$t2
+	 mul	$t2,$a7,$a6		// lo(a[7]*a[6])		(vii)
+	adcs	$acc4,$acc4,$t3
+	 umulh	$t3,$a7,$a6		// hi(a[7]*a[6])
+	adc	$acc5,xzr,xzr		// t[13]
+	adds	$acc4,$acc4,$t0
+	sub	$cnt,$ap_end,$ap	// done yet?
+	adc	$acc5,$acc5,$t1
+
+	adds	$acc5,$acc5,$t2
+	sub	$t0,$ap_end,$num	// rewinded ap
+	adc	$acc6,xzr,xzr		// t[14]
+	add	$acc6,$acc6,$t3
+
+	cbz	$cnt,.Lsqr8x_outer_break
+
+	mov	$n0,$a0
+	ldp	$a0,$a1,[$tp,#8*0]
+	ldp	$a2,$a3,[$tp,#8*2]
+	ldp	$a4,$a5,[$tp,#8*4]
+	ldp	$a6,$a7,[$tp,#8*6]
+	adds	$acc0,$acc0,$a0
+	adcs	$acc1,$acc1,$a1
+	ldp	$a0,$a1,[$ap,#8*0]
+	adcs	$acc2,$acc2,$a2
+	adcs	$acc3,$acc3,$a3
+	ldp	$a2,$a3,[$ap,#8*2]
+	adcs	$acc4,$acc4,$a4
+	adcs	$acc5,$acc5,$a5
+	ldp	$a4,$a5,[$ap,#8*4]
+	adcs	$acc6,$acc6,$a6
+	mov	$rp,$ap
+	adcs	$acc7,xzr,$a7
+	ldp	$a6,$a7,[$ap,#8*6]
+	add	$ap,$ap,#8*8
+	//adc	$carry,xzr,xzr		// moved below
+	mov	$cnt,#-8*8
+
+	//                                                         a[8]a[0]
+	//                                                     a[9]a[0]
+	//                                                 a[a]a[0]
+	//                                             a[b]a[0]
+	//                                         a[c]a[0]
+	//                                     a[d]a[0]
+	//                                 a[e]a[0]
+	//                             a[f]a[0]
+	//                                                     a[8]a[1]
+	//                         a[f]a[1]........................
+	//                                                 a[8]a[2]
+	//                     a[f]a[2]........................
+	//                                             a[8]a[3]
+	//                 a[f]a[3]........................
+	//                                         a[8]a[4]
+	//             a[f]a[4]........................
+	//                                     a[8]a[5]
+	//         a[f]a[5]........................
+	//                                 a[8]a[6]
+	//     a[f]a[6]........................
+	//                             a[8]a[7]
+	// a[f]a[7]........................
+.Lsqr8x_mul:
+	mul	$t0,$a0,$n0
+	adc	$carry,xzr,xzr		// carry bit, modulo-scheduled
+	mul	$t1,$a1,$n0
+	add	$cnt,$cnt,#8
+	mul	$t2,$a2,$n0
+	mul	$t3,$a3,$n0
+	adds	$acc0,$acc0,$t0
+	mul	$t0,$a4,$n0
+	adcs	$acc1,$acc1,$t1
+	mul	$t1,$a5,$n0
+	adcs	$acc2,$acc2,$t2
+	mul	$t2,$a6,$n0
+	adcs	$acc3,$acc3,$t3
+	mul	$t3,$a7,$n0
+	adcs	$acc4,$acc4,$t0
+	umulh	$t0,$a0,$n0
+	adcs	$acc5,$acc5,$t1
+	umulh	$t1,$a1,$n0
+	adcs	$acc6,$acc6,$t2
+	umulh	$t2,$a2,$n0
+	adcs	$acc7,$acc7,$t3
+	umulh	$t3,$a3,$n0
+	adc	$carry,$carry,xzr
+	str	$acc0,[$tp],#8
+	adds	$acc0,$acc1,$t0
+	umulh	$t0,$a4,$n0
+	adcs	$acc1,$acc2,$t1
+	umulh	$t1,$a5,$n0
+	adcs	$acc2,$acc3,$t2
+	umulh	$t2,$a6,$n0
+	adcs	$acc3,$acc4,$t3
+	umulh	$t3,$a7,$n0
+	ldr	$n0,[$rp,$cnt]
+	adcs	$acc4,$acc5,$t0
+	adcs	$acc5,$acc6,$t1
+	adcs	$acc6,$acc7,$t2
+	adcs	$acc7,$carry,$t3
+	//adc	$carry,xzr,xzr		// moved above
+	cbnz	$cnt,.Lsqr8x_mul
+					// note that carry flag is guaranteed
+					// to be zero at this point
+	cmp	$ap,$ap_end		// done yet?
+	b.eq	.Lsqr8x_break
+
+	ldp	$a0,$a1,[$tp,#8*0]
+	ldp	$a2,$a3,[$tp,#8*2]
+	ldp	$a4,$a5,[$tp,#8*4]
+	ldp	$a6,$a7,[$tp,#8*6]
+	adds	$acc0,$acc0,$a0
+	ldr	$n0,[$rp,#-8*8]
+	adcs	$acc1,$acc1,$a1
+	ldp	$a0,$a1,[$ap,#8*0]
+	adcs	$acc2,$acc2,$a2
+	adcs	$acc3,$acc3,$a3
+	ldp	$a2,$a3,[$ap,#8*2]
+	adcs	$acc4,$acc4,$a4
+	adcs	$acc5,$acc5,$a5
+	ldp	$a4,$a5,[$ap,#8*4]
+	adcs	$acc6,$acc6,$a6
+	mov	$cnt,#-8*8
+	adcs	$acc7,$acc7,$a7
+	ldp	$a6,$a7,[$ap,#8*6]
+	add	$ap,$ap,#8*8
+	//adc	$carry,xzr,xzr		// moved above
+	b	.Lsqr8x_mul
+
+.align	4
+.Lsqr8x_break:
+	ldp	$a0,$a1,[$rp,#8*0]
+	add	$ap,$rp,#8*8
+	ldp	$a2,$a3,[$rp,#8*2]
+	sub	$t0,$ap_end,$ap		// is it last iteration?
+	ldp	$a4,$a5,[$rp,#8*4]
+	sub	$t1,$tp,$t0
+	ldp	$a6,$a7,[$rp,#8*6]
+	cbz	$t0,.Lsqr8x_outer_loop
+
+	stp	$acc0,$acc1,[$tp,#8*0]
+	ldp	$acc0,$acc1,[$t1,#8*0]
+	stp	$acc2,$acc3,[$tp,#8*2]
+	ldp	$acc2,$acc3,[$t1,#8*2]
+	stp	$acc4,$acc5,[$tp,#8*4]
+	ldp	$acc4,$acc5,[$t1,#8*4]
+	stp	$acc6,$acc7,[$tp,#8*6]
+	mov	$tp,$t1
+	ldp	$acc6,$acc7,[$t1,#8*6]
+	b	.Lsqr8x_outer_loop
+
+.align	4
+.Lsqr8x_outer_break:
+	// Now multiply above result by 2 and add a[n-1]*a[n-1]|...|a[0]*a[0]
+	ldp	$a1,$a3,[$t0,#8*0]	// recall that $t0 is &a[0]
+	ldp	$t1,$t2,[sp,#8*1]
+	ldp	$a5,$a7,[$t0,#8*2]
+	add	$ap,$t0,#8*4
+	ldp	$t3,$t0,[sp,#8*3]
+
+	stp	$acc0,$acc1,[$tp,#8*0]
+	mul	$acc0,$a1,$a1
+	stp	$acc2,$acc3,[$tp,#8*2]
+	umulh	$a1,$a1,$a1
+	stp	$acc4,$acc5,[$tp,#8*4]
+	mul	$a2,$a3,$a3
+	stp	$acc6,$acc7,[$tp,#8*6]
+	mov	$tp,sp
+	umulh	$a3,$a3,$a3
+	adds	$acc1,$a1,$t1,lsl#1
+	extr	$t1,$t2,$t1,#63
+	sub	$cnt,$num,#8*4
+
+.Lsqr4x_shift_n_add:
+	adcs	$acc2,$a2,$t1
+	extr	$t2,$t3,$t2,#63
+	sub	$cnt,$cnt,#8*4
+	adcs	$acc3,$a3,$t2
+	ldp	$t1,$t2,[$tp,#8*5]
+	mul	$a4,$a5,$a5
+	ldp	$a1,$a3,[$ap],#8*2
+	umulh	$a5,$a5,$a5
+	mul	$a6,$a7,$a7
+	umulh	$a7,$a7,$a7
+	extr	$t3,$t0,$t3,#63
+	stp	$acc0,$acc1,[$tp,#8*0]
+	adcs	$acc4,$a4,$t3
+	extr	$t0,$t1,$t0,#63
+	stp	$acc2,$acc3,[$tp,#8*2]
+	adcs	$acc5,$a5,$t0
+	ldp	$t3,$t0,[$tp,#8*7]
+	extr	$t1,$t2,$t1,#63
+	adcs	$acc6,$a6,$t1
+	extr	$t2,$t3,$t2,#63
+	adcs	$acc7,$a7,$t2
+	ldp	$t1,$t2,[$tp,#8*9]
+	mul	$a0,$a1,$a1
+	ldp	$a5,$a7,[$ap],#8*2
+	umulh	$a1,$a1,$a1
+	mul	$a2,$a3,$a3
+	umulh	$a3,$a3,$a3
+	stp	$acc4,$acc5,[$tp,#8*4]
+	extr	$t3,$t0,$t3,#63
+	stp	$acc6,$acc7,[$tp,#8*6]
+	add	$tp,$tp,#8*8
+	adcs	$acc0,$a0,$t3
+	extr	$t0,$t1,$t0,#63
+	adcs	$acc1,$a1,$t0
+	ldp	$t3,$t0,[$tp,#8*3]
+	extr	$t1,$t2,$t1,#63
+	cbnz	$cnt,.Lsqr4x_shift_n_add
+___
+my ($np,$np_end)=($ap,$ap_end);
+$code.=<<___;
+	 ldp	$np,$n0,[x29,#104]	// pull np and n0
+
+	adcs	$acc2,$a2,$t1
+	extr	$t2,$t3,$t2,#63
+	adcs	$acc3,$a3,$t2
+	ldp	$t1,$t2,[$tp,#8*5]
+	mul	$a4,$a5,$a5
+	umulh	$a5,$a5,$a5
+	stp	$acc0,$acc1,[$tp,#8*0]
+	mul	$a6,$a7,$a7
+	umulh	$a7,$a7,$a7
+	stp	$acc2,$acc3,[$tp,#8*2]
+	extr	$t3,$t0,$t3,#63
+	adcs	$acc4,$a4,$t3
+	extr	$t0,$t1,$t0,#63
+	 ldp	$acc0,$acc1,[sp,#8*0]
+	adcs	$acc5,$a5,$t0
+	extr	$t1,$t2,$t1,#63
+	 ldp	$a0,$a1,[$np,#8*0]
+	adcs	$acc6,$a6,$t1
+	extr	$t2,xzr,$t2,#63
+	 ldp	$a2,$a3,[$np,#8*2]
+	adc	$acc7,$a7,$t2
+	 ldp	$a4,$a5,[$np,#8*4]
+
+	// Reduce by 512 bits per iteration
+	mul	$na0,$n0,$acc0		// t[0]*n0
+	ldp	$a6,$a7,[$np,#8*6]
+	add	$np_end,$np,$num
+	ldp	$acc2,$acc3,[sp,#8*2]
+	stp	$acc4,$acc5,[$tp,#8*4]
+	ldp	$acc4,$acc5,[sp,#8*4]
+	stp	$acc6,$acc7,[$tp,#8*6]
+	ldp	$acc6,$acc7,[sp,#8*6]
+	add	$np,$np,#8*8
+	mov	$topmost,xzr		// initial top-most carry
+	mov	$tp,sp
+	mov	$cnt,#8
+
+.Lsqr8x_reduction:
+	// (*)	mul	$t0,$a0,$na0	// lo(n[0-7])*lo(t[0]*n0)
+	mul	$t1,$a1,$na0
+	sub	$cnt,$cnt,#1
+	mul	$t2,$a2,$na0
+	str	$na0,[$tp],#8		// put aside t[0]*n0 for tail processing
+	mul	$t3,$a3,$na0
+	// (*)	adds	xzr,$acc0,$t0
+	subs	xzr,$acc0,#1		// (*)
+	mul	$t0,$a4,$na0
+	adcs	$acc0,$acc1,$t1
+	mul	$t1,$a5,$na0
+	adcs	$acc1,$acc2,$t2
+	mul	$t2,$a6,$na0
+	adcs	$acc2,$acc3,$t3
+	mul	$t3,$a7,$na0
+	adcs	$acc3,$acc4,$t0
+	umulh	$t0,$a0,$na0		// hi(n[0-7])*lo(t[0]*n0)
+	adcs	$acc4,$acc5,$t1
+	umulh	$t1,$a1,$na0
+	adcs	$acc5,$acc6,$t2
+	umulh	$t2,$a2,$na0
+	adcs	$acc6,$acc7,$t3
+	umulh	$t3,$a3,$na0
+	adc	$acc7,xzr,xzr
+	adds	$acc0,$acc0,$t0
+	umulh	$t0,$a4,$na0
+	adcs	$acc1,$acc1,$t1
+	umulh	$t1,$a5,$na0
+	adcs	$acc2,$acc2,$t2
+	umulh	$t2,$a6,$na0
+	adcs	$acc3,$acc3,$t3
+	umulh	$t3,$a7,$na0
+	mul	$na0,$n0,$acc0		// next t[0]*n0
+	adcs	$acc4,$acc4,$t0
+	adcs	$acc5,$acc5,$t1
+	adcs	$acc6,$acc6,$t2
+	adc	$acc7,$acc7,$t3
+	cbnz	$cnt,.Lsqr8x_reduction
+
+	ldp	$t0,$t1,[$tp,#8*0]
+	ldp	$t2,$t3,[$tp,#8*2]
+	mov	$rp,$tp
+	sub	$cnt,$np_end,$np	// done yet?
+	adds	$acc0,$acc0,$t0
+	adcs	$acc1,$acc1,$t1
+	ldp	$t0,$t1,[$tp,#8*4]
+	adcs	$acc2,$acc2,$t2
+	adcs	$acc3,$acc3,$t3
+	ldp	$t2,$t3,[$tp,#8*6]
+	adcs	$acc4,$acc4,$t0
+	adcs	$acc5,$acc5,$t1
+	adcs	$acc6,$acc6,$t2
+	adcs	$acc7,$acc7,$t3
+	//adc	$carry,xzr,xzr		// moved below
+	cbz	$cnt,.Lsqr8x8_post_condition
+
+	ldr	$n0,[$tp,#-8*8]
+	ldp	$a0,$a1,[$np,#8*0]
+	ldp	$a2,$a3,[$np,#8*2]
+	ldp	$a4,$a5,[$np,#8*4]
+	mov	$cnt,#-8*8
+	ldp	$a6,$a7,[$np,#8*6]
+	add	$np,$np,#8*8
+
+.Lsqr8x_tail:
+	mul	$t0,$a0,$n0
+	adc	$carry,xzr,xzr		// carry bit, modulo-scheduled
+	mul	$t1,$a1,$n0
+	add	$cnt,$cnt,#8
+	mul	$t2,$a2,$n0
+	mul	$t3,$a3,$n0
+	adds	$acc0,$acc0,$t0
+	mul	$t0,$a4,$n0
+	adcs	$acc1,$acc1,$t1
+	mul	$t1,$a5,$n0
+	adcs	$acc2,$acc2,$t2
+	mul	$t2,$a6,$n0
+	adcs	$acc3,$acc3,$t3
+	mul	$t3,$a7,$n0
+	adcs	$acc4,$acc4,$t0
+	umulh	$t0,$a0,$n0
+	adcs	$acc5,$acc5,$t1
+	umulh	$t1,$a1,$n0
+	adcs	$acc6,$acc6,$t2
+	umulh	$t2,$a2,$n0
+	adcs	$acc7,$acc7,$t3
+	umulh	$t3,$a3,$n0
+	adc	$carry,$carry,xzr
+	str	$acc0,[$tp],#8
+	adds	$acc0,$acc1,$t0
+	umulh	$t0,$a4,$n0
+	adcs	$acc1,$acc2,$t1
+	umulh	$t1,$a5,$n0
+	adcs	$acc2,$acc3,$t2
+	umulh	$t2,$a6,$n0
+	adcs	$acc3,$acc4,$t3
+	umulh	$t3,$a7,$n0
+	ldr	$n0,[$rp,$cnt]
+	adcs	$acc4,$acc5,$t0
+	adcs	$acc5,$acc6,$t1
+	adcs	$acc6,$acc7,$t2
+	adcs	$acc7,$carry,$t3
+	//adc	$carry,xzr,xzr		// moved above
+	cbnz	$cnt,.Lsqr8x_tail
+					// note that carry flag is guaranteed
+					// to be zero at this point
+	ldp	$a0,$a1,[$tp,#8*0]
+	sub	$cnt,$np_end,$np	// done yet?
+	sub	$t2,$np_end,$num	// rewinded np
+	ldp	$a2,$a3,[$tp,#8*2]
+	ldp	$a4,$a5,[$tp,#8*4]
+	ldp	$a6,$a7,[$tp,#8*6]
+	cbz	$cnt,.Lsqr8x_tail_break
+
+	ldr	$n0,[$rp,#-8*8]
+	adds	$acc0,$acc0,$a0
+	adcs	$acc1,$acc1,$a1
+	ldp	$a0,$a1,[$np,#8*0]
+	adcs	$acc2,$acc2,$a2
+	adcs	$acc3,$acc3,$a3
+	ldp	$a2,$a3,[$np,#8*2]
+	adcs	$acc4,$acc4,$a4
+	adcs	$acc5,$acc5,$a5
+	ldp	$a4,$a5,[$np,#8*4]
+	adcs	$acc6,$acc6,$a6
+	mov	$cnt,#-8*8
+	adcs	$acc7,$acc7,$a7
+	ldp	$a6,$a7,[$np,#8*6]
+	add	$np,$np,#8*8
+	//adc	$carry,xzr,xzr		// moved above
+	b	.Lsqr8x_tail
+
+.align	4
+.Lsqr8x_tail_break:
+	ldr	$n0,[x29,#112]		// pull n0
+	add	$cnt,$tp,#8*8		// end of current t[num] window
+
+	subs	xzr,$topmost,#1		// "move" top-most carry to carry bit
+	adcs	$t0,$acc0,$a0
+	adcs	$t1,$acc1,$a1
+	ldp	$acc0,$acc1,[$rp,#8*0]
+	adcs	$acc2,$acc2,$a2
+	ldp	$a0,$a1,[$t2,#8*0]	// recall that $t2 is &n[0]
+	adcs	$acc3,$acc3,$a3
+	ldp	$a2,$a3,[$t2,#8*2]
+	adcs	$acc4,$acc4,$a4
+	adcs	$acc5,$acc5,$a5
+	ldp	$a4,$a5,[$t2,#8*4]
+	adcs	$acc6,$acc6,$a6
+	adcs	$acc7,$acc7,$a7
+	ldp	$a6,$a7,[$t2,#8*6]
+	add	$np,$t2,#8*8
+	adc	$topmost,xzr,xzr	// top-most carry
+	mul	$na0,$n0,$acc0
+	stp	$t0,$t1,[$tp,#8*0]
+	stp	$acc2,$acc3,[$tp,#8*2]
+	ldp	$acc2,$acc3,[$rp,#8*2]
+	stp	$acc4,$acc5,[$tp,#8*4]
+	ldp	$acc4,$acc5,[$rp,#8*4]
+	cmp	$cnt,x29		// did we hit the bottom?
+	stp	$acc6,$acc7,[$tp,#8*6]
+	mov	$tp,$rp			// slide the window
+	ldp	$acc6,$acc7,[$rp,#8*6]
+	mov	$cnt,#8
+	b.ne	.Lsqr8x_reduction
+
+	// Final step. We see if result is larger than modulus, and
+	// if it is, subtract the modulus. But comparison implies
+	// subtraction. So we subtract modulus, see if it borrowed,
+	// and conditionally copy original value.
+	ldr	$rp,[x29,#96]		// pull rp
+	add	$tp,$tp,#8*8
+	subs	$t0,$acc0,$a0
+	sbcs	$t1,$acc1,$a1
+	sub	$cnt,$num,#8*8
+	mov	$ap_end,$rp		// $rp copy
+
+.Lsqr8x_sub:
+	sbcs	$t2,$acc2,$a2
+	ldp	$a0,$a1,[$np,#8*0]
+	sbcs	$t3,$acc3,$a3
+	stp	$t0,$t1,[$rp,#8*0]
+	sbcs	$t0,$acc4,$a4
+	ldp	$a2,$a3,[$np,#8*2]
+	sbcs	$t1,$acc5,$a5
+	stp	$t2,$t3,[$rp,#8*2]
+	sbcs	$t2,$acc6,$a6
+	ldp	$a4,$a5,[$np,#8*4]
+	sbcs	$t3,$acc7,$a7
+	ldp	$a6,$a7,[$np,#8*6]
+	add	$np,$np,#8*8
+	ldp	$acc0,$acc1,[$tp,#8*0]
+	sub	$cnt,$cnt,#8*8
+	ldp	$acc2,$acc3,[$tp,#8*2]
+	ldp	$acc4,$acc5,[$tp,#8*4]
+	ldp	$acc6,$acc7,[$tp,#8*6]
+	add	$tp,$tp,#8*8
+	stp	$t0,$t1,[$rp,#8*4]
+	sbcs	$t0,$acc0,$a0
+	stp	$t2,$t3,[$rp,#8*6]
+	add	$rp,$rp,#8*8
+	sbcs	$t1,$acc1,$a1
+	cbnz	$cnt,.Lsqr8x_sub
+
+	sbcs	$t2,$acc2,$a2
+	 mov	$tp,sp
+	 add	$ap,sp,$num
+	 ldp	$a0,$a1,[$ap_end,#8*0]
+	sbcs	$t3,$acc3,$a3
+	stp	$t0,$t1,[$rp,#8*0]
+	sbcs	$t0,$acc4,$a4
+	 ldp	$a2,$a3,[$ap_end,#8*2]
+	sbcs	$t1,$acc5,$a5
+	stp	$t2,$t3,[$rp,#8*2]
+	sbcs	$t2,$acc6,$a6
+	 ldp	$acc0,$acc1,[$ap,#8*0]
+	sbcs	$t3,$acc7,$a7
+	 ldp	$acc2,$acc3,[$ap,#8*2]
+	sbcs	xzr,$topmost,xzr	// did it borrow?
+	ldr	x30,[x29,#8]		// pull return address
+	stp	$t0,$t1,[$rp,#8*4]
+	stp	$t2,$t3,[$rp,#8*6]
+
+	sub	$cnt,$num,#8*4
+.Lsqr4x_cond_copy:
+	sub	$cnt,$cnt,#8*4
+	csel	$t0,$acc0,$a0,lo
+	 stp	xzr,xzr,[$tp,#8*0]
+	csel	$t1,$acc1,$a1,lo
+	ldp	$a0,$a1,[$ap_end,#8*4]
+	ldp	$acc0,$acc1,[$ap,#8*4]
+	csel	$t2,$acc2,$a2,lo
+	 stp	xzr,xzr,[$tp,#8*2]
+	 add	$tp,$tp,#8*4
+	csel	$t3,$acc3,$a3,lo
+	ldp	$a2,$a3,[$ap_end,#8*6]
+	ldp	$acc2,$acc3,[$ap,#8*6]
+	add	$ap,$ap,#8*4
+	stp	$t0,$t1,[$ap_end,#8*0]
+	stp	$t2,$t3,[$ap_end,#8*2]
+	add	$ap_end,$ap_end,#8*4
+	 stp	xzr,xzr,[$ap,#8*0]
+	 stp	xzr,xzr,[$ap,#8*2]
+	cbnz	$cnt,.Lsqr4x_cond_copy
+
+	csel	$t0,$acc0,$a0,lo
+	 stp	xzr,xzr,[$tp,#8*0]
+	csel	$t1,$acc1,$a1,lo
+	 stp	xzr,xzr,[$tp,#8*2]
+	csel	$t2,$acc2,$a2,lo
+	csel	$t3,$acc3,$a3,lo
+	stp	$t0,$t1,[$ap_end,#8*0]
+	stp	$t2,$t3,[$ap_end,#8*2]
+
+	b	.Lsqr8x_done
+
+.align	4
+.Lsqr8x8_post_condition:
+	adc	$carry,xzr,xzr
+	ldr	x30,[x29,#8]		// pull return address
+	// $acc0-7,$carry hold result, $a0-7 hold modulus
+	subs	$a0,$acc0,$a0
+	ldr	$ap,[x29,#96]		// pull rp
+	sbcs	$a1,$acc1,$a1
+	 stp	xzr,xzr,[sp,#8*0]
+	sbcs	$a2,$acc2,$a2
+	 stp	xzr,xzr,[sp,#8*2]
+	sbcs	$a3,$acc3,$a3
+	 stp	xzr,xzr,[sp,#8*4]
+	sbcs	$a4,$acc4,$a4
+	 stp	xzr,xzr,[sp,#8*6]
+	sbcs	$a5,$acc5,$a5
+	 stp	xzr,xzr,[sp,#8*8]
+	sbcs	$a6,$acc6,$a6
+	 stp	xzr,xzr,[sp,#8*10]
+	sbcs	$a7,$acc7,$a7
+	 stp	xzr,xzr,[sp,#8*12]
+	sbcs	$carry,$carry,xzr	// did it borrow?
+	 stp	xzr,xzr,[sp,#8*14]
+
+	// $a0-7 hold result-modulus
+	csel	$a0,$acc0,$a0,lo
+	csel	$a1,$acc1,$a1,lo
+	csel	$a2,$acc2,$a2,lo
+	csel	$a3,$acc3,$a3,lo
+	stp	$a0,$a1,[$ap,#8*0]
+	csel	$a4,$acc4,$a4,lo
+	csel	$a5,$acc5,$a5,lo
+	stp	$a2,$a3,[$ap,#8*2]
+	csel	$a6,$acc6,$a6,lo
+	csel	$a7,$acc7,$a7,lo
+	stp	$a4,$a5,[$ap,#8*4]
+	stp	$a6,$a7,[$ap,#8*6]
+
+.Lsqr8x_done:
+	ldp	x19,x20,[x29,#16]
+	mov	sp,x29
+	ldp	x21,x22,[x29,#32]
+	mov	x0,#1
+	ldp	x23,x24,[x29,#48]
+	ldp	x25,x26,[x29,#64]
+	ldp	x27,x28,[x29,#80]
+	ldr	x29,[sp],#128
+	.inst	0xd50323bf		// autiasp
+	ret
+.size	__bn_sqr8x_mont,.-__bn_sqr8x_mont
+___
+}
+
+{
+########################################################################
+# Even though this might look as ARMv8 adaptation of mulx4x_mont from
+# x86_64-mont5 module, it's different in sense that it performs
+# reduction 256 bits at a time.
+
+my ($a0,$a1,$a2,$a3,
+    $t0,$t1,$t2,$t3,
+    $m0,$m1,$m2,$m3,
+    $acc0,$acc1,$acc2,$acc3,$acc4,
+    $bi,$mi,$tp,$ap_end,$cnt) = map("x$_",(6..17,19..28));
+my  $bp_end=$rp;
+my  ($carry,$topmost) = ($rp,"x30");
+
+$code.=<<___;
+.type	__bn_mul4x_mont,%function
+.align	5
+__bn_mul4x_mont:
+	.inst	0xd503233f		// paciasp
+	stp	x29,x30,[sp,#-128]!
+	add	x29,sp,#0
+	stp	x19,x20,[sp,#16]
+	stp	x21,x22,[sp,#32]
+	stp	x23,x24,[sp,#48]
+	stp	x25,x26,[sp,#64]
+	stp	x27,x28,[sp,#80]
+
+	sub	$tp,sp,$num,lsl#3
+	lsl	$num,$num,#3
+	ldr	$n0,[$n0]		// *n0
+	sub	sp,$tp,#8*4		// alloca
+
+	add	$t0,$bp,$num
+	add	$ap_end,$ap,$num
+	stp	$rp,$t0,[x29,#96]	// offload rp and &b[num]
+
+	ldr	$bi,[$bp,#8*0]		// b[0]
+	ldp	$a0,$a1,[$ap,#8*0]	// a[0..3]
+	ldp	$a2,$a3,[$ap,#8*2]
+	add	$ap,$ap,#8*4
+	mov	$acc0,xzr
+	mov	$acc1,xzr
+	mov	$acc2,xzr
+	mov	$acc3,xzr
+	ldp	$m0,$m1,[$np,#8*0]	// n[0..3]
+	ldp	$m2,$m3,[$np,#8*2]
+	adds	$np,$np,#8*4		// clear carry bit
+	mov	$carry,xzr
+	mov	$cnt,#0
+	mov	$tp,sp
+
+.Loop_mul4x_1st_reduction:
+	mul	$t0,$a0,$bi		// lo(a[0..3]*b[0])
+	adc	$carry,$carry,xzr	// modulo-scheduled
+	mul	$t1,$a1,$bi
+	add	$cnt,$cnt,#8
+	mul	$t2,$a2,$bi
+	and	$cnt,$cnt,#31
+	mul	$t3,$a3,$bi
+	adds	$acc0,$acc0,$t0
+	umulh	$t0,$a0,$bi		// hi(a[0..3]*b[0])
+	adcs	$acc1,$acc1,$t1
+	mul	$mi,$acc0,$n0		// t[0]*n0
+	adcs	$acc2,$acc2,$t2
+	umulh	$t1,$a1,$bi
+	adcs	$acc3,$acc3,$t3
+	umulh	$t2,$a2,$bi
+	adc	$acc4,xzr,xzr
+	umulh	$t3,$a3,$bi
+	ldr	$bi,[$bp,$cnt]		// next b[i] (or b[0])
+	adds	$acc1,$acc1,$t0
+	// (*)	mul	$t0,$m0,$mi	// lo(n[0..3]*t[0]*n0)
+	str	$mi,[$tp],#8		// put aside t[0]*n0 for tail processing
+	adcs	$acc2,$acc2,$t1
+	mul	$t1,$m1,$mi
+	adcs	$acc3,$acc3,$t2
+	mul	$t2,$m2,$mi
+	adc	$acc4,$acc4,$t3		// can't overflow
+	mul	$t3,$m3,$mi
+	// (*)	adds	xzr,$acc0,$t0
+	subs	xzr,$acc0,#1		// (*)
+	umulh	$t0,$m0,$mi		// hi(n[0..3]*t[0]*n0)
+	adcs	$acc0,$acc1,$t1
+	umulh	$t1,$m1,$mi
+	adcs	$acc1,$acc2,$t2
+	umulh	$t2,$m2,$mi
+	adcs	$acc2,$acc3,$t3
+	umulh	$t3,$m3,$mi
+	adcs	$acc3,$acc4,$carry
+	adc	$carry,xzr,xzr
+	adds	$acc0,$acc0,$t0
+	sub	$t0,$ap_end,$ap
+	adcs	$acc1,$acc1,$t1
+	adcs	$acc2,$acc2,$t2
+	adcs	$acc3,$acc3,$t3
+	//adc	$carry,$carry,xzr
+	cbnz	$cnt,.Loop_mul4x_1st_reduction
+
+	cbz	$t0,.Lmul4x4_post_condition
+
+	ldp	$a0,$a1,[$ap,#8*0]	// a[4..7]
+	ldp	$a2,$a3,[$ap,#8*2]
+	add	$ap,$ap,#8*4
+	ldr	$mi,[sp]		// a[0]*n0
+	ldp	$m0,$m1,[$np,#8*0]	// n[4..7]
+	ldp	$m2,$m3,[$np,#8*2]
+	add	$np,$np,#8*4
+
+.Loop_mul4x_1st_tail:
+	mul	$t0,$a0,$bi		// lo(a[4..7]*b[i])
+	adc	$carry,$carry,xzr	// modulo-scheduled
+	mul	$t1,$a1,$bi
+	add	$cnt,$cnt,#8
+	mul	$t2,$a2,$bi
+	and	$cnt,$cnt,#31
+	mul	$t3,$a3,$bi
+	adds	$acc0,$acc0,$t0
+	umulh	$t0,$a0,$bi		// hi(a[4..7]*b[i])
+	adcs	$acc1,$acc1,$t1
+	umulh	$t1,$a1,$bi
+	adcs	$acc2,$acc2,$t2
+	umulh	$t2,$a2,$bi
+	adcs	$acc3,$acc3,$t3
+	umulh	$t3,$a3,$bi
+	adc	$acc4,xzr,xzr
+	ldr	$bi,[$bp,$cnt]		// next b[i] (or b[0])
+	adds	$acc1,$acc1,$t0
+	mul	$t0,$m0,$mi		// lo(n[4..7]*a[0]*n0)
+	adcs	$acc2,$acc2,$t1
+	mul	$t1,$m1,$mi
+	adcs	$acc3,$acc3,$t2
+	mul	$t2,$m2,$mi
+	adc	$acc4,$acc4,$t3		// can't overflow
+	mul	$t3,$m3,$mi
+	adds	$acc0,$acc0,$t0
+	umulh	$t0,$m0,$mi		// hi(n[4..7]*a[0]*n0)
+	adcs	$acc1,$acc1,$t1
+	umulh	$t1,$m1,$mi
+	adcs	$acc2,$acc2,$t2
+	umulh	$t2,$m2,$mi
+	adcs	$acc3,$acc3,$t3
+	adcs	$acc4,$acc4,$carry
+	umulh	$t3,$m3,$mi
+	adc	$carry,xzr,xzr
+	ldr	$mi,[sp,$cnt]		// next t[0]*n0
+	str	$acc0,[$tp],#8		// result!!!
+	adds	$acc0,$acc1,$t0
+	sub	$t0,$ap_end,$ap		// done yet?
+	adcs	$acc1,$acc2,$t1
+	adcs	$acc2,$acc3,$t2
+	adcs	$acc3,$acc4,$t3
+	//adc	$carry,$carry,xzr
+	cbnz	$cnt,.Loop_mul4x_1st_tail
+
+	sub	$t1,$ap_end,$num	// rewinded $ap
+	cbz	$t0,.Lmul4x_proceed
+
+	ldp	$a0,$a1,[$ap,#8*0]
+	ldp	$a2,$a3,[$ap,#8*2]
+	add	$ap,$ap,#8*4
+	ldp	$m0,$m1,[$np,#8*0]
+	ldp	$m2,$m3,[$np,#8*2]
+	add	$np,$np,#8*4
+	b	.Loop_mul4x_1st_tail
+
+.align	5
+.Lmul4x_proceed:
+	ldr	$bi,[$bp,#8*4]!		// *++b
+	adc	$topmost,$carry,xzr
+	ldp	$a0,$a1,[$t1,#8*0]	// a[0..3]
+	sub	$np,$np,$num		// rewind np
+	ldp	$a2,$a3,[$t1,#8*2]
+	add	$ap,$t1,#8*4
+
+	stp	$acc0,$acc1,[$tp,#8*0]	// result!!!
+	ldp	$acc0,$acc1,[sp,#8*4]	// t[0..3]
+	stp	$acc2,$acc3,[$tp,#8*2]	// result!!!
+	ldp	$acc2,$acc3,[sp,#8*6]
+
+	ldp	$m0,$m1,[$np,#8*0]	// n[0..3]
+	mov	$tp,sp
+	ldp	$m2,$m3,[$np,#8*2]
+	adds	$np,$np,#8*4		// clear carry bit
+	mov	$carry,xzr
+
+.align	4
+.Loop_mul4x_reduction:
+	mul	$t0,$a0,$bi		// lo(a[0..3]*b[4])
+	adc	$carry,$carry,xzr	// modulo-scheduled
+	mul	$t1,$a1,$bi
+	add	$cnt,$cnt,#8
+	mul	$t2,$a2,$bi
+	and	$cnt,$cnt,#31
+	mul	$t3,$a3,$bi
+	adds	$acc0,$acc0,$t0
+	umulh	$t0,$a0,$bi		// hi(a[0..3]*b[4])
+	adcs	$acc1,$acc1,$t1
+	mul	$mi,$acc0,$n0		// t[0]*n0
+	adcs	$acc2,$acc2,$t2
+	umulh	$t1,$a1,$bi
+	adcs	$acc3,$acc3,$t3
+	umulh	$t2,$a2,$bi
+	adc	$acc4,xzr,xzr
+	umulh	$t3,$a3,$bi
+	ldr	$bi,[$bp,$cnt]		// next b[i]
+	adds	$acc1,$acc1,$t0
+	// (*)	mul	$t0,$m0,$mi
+	str	$mi,[$tp],#8		// put aside t[0]*n0 for tail processing
+	adcs	$acc2,$acc2,$t1
+	mul	$t1,$m1,$mi		// lo(n[0..3]*t[0]*n0
+	adcs	$acc3,$acc3,$t2
+	mul	$t2,$m2,$mi
+	adc	$acc4,$acc4,$t3		// can't overflow
+	mul	$t3,$m3,$mi
+	// (*)	adds	xzr,$acc0,$t0
+	subs	xzr,$acc0,#1		// (*)
+	umulh	$t0,$m0,$mi		// hi(n[0..3]*t[0]*n0
+	adcs	$acc0,$acc1,$t1
+	umulh	$t1,$m1,$mi
+	adcs	$acc1,$acc2,$t2
+	umulh	$t2,$m2,$mi
+	adcs	$acc2,$acc3,$t3
+	umulh	$t3,$m3,$mi
+	adcs	$acc3,$acc4,$carry
+	adc	$carry,xzr,xzr
+	adds	$acc0,$acc0,$t0
+	adcs	$acc1,$acc1,$t1
+	adcs	$acc2,$acc2,$t2
+	adcs	$acc3,$acc3,$t3
+	//adc	$carry,$carry,xzr
+	cbnz	$cnt,.Loop_mul4x_reduction
+
+	adc	$carry,$carry,xzr
+	ldp	$t0,$t1,[$tp,#8*4]	// t[4..7]
+	ldp	$t2,$t3,[$tp,#8*6]
+	ldp	$a0,$a1,[$ap,#8*0]	// a[4..7]
+	ldp	$a2,$a3,[$ap,#8*2]
+	add	$ap,$ap,#8*4
+	adds	$acc0,$acc0,$t0
+	adcs	$acc1,$acc1,$t1
+	adcs	$acc2,$acc2,$t2
+	adcs	$acc3,$acc3,$t3
+	//adc	$carry,$carry,xzr
+
+	ldr	$mi,[sp]		// t[0]*n0
+	ldp	$m0,$m1,[$np,#8*0]	// n[4..7]
+	ldp	$m2,$m3,[$np,#8*2]
+	add	$np,$np,#8*4
+
+.align	4
+.Loop_mul4x_tail:
+	mul	$t0,$a0,$bi		// lo(a[4..7]*b[4])
+	adc	$carry,$carry,xzr	// modulo-scheduled
+	mul	$t1,$a1,$bi
+	add	$cnt,$cnt,#8
+	mul	$t2,$a2,$bi
+	and	$cnt,$cnt,#31
+	mul	$t3,$a3,$bi
+	adds	$acc0,$acc0,$t0
+	umulh	$t0,$a0,$bi		// hi(a[4..7]*b[4])
+	adcs	$acc1,$acc1,$t1
+	umulh	$t1,$a1,$bi
+	adcs	$acc2,$acc2,$t2
+	umulh	$t2,$a2,$bi
+	adcs	$acc3,$acc3,$t3
+	umulh	$t3,$a3,$bi
+	adc	$acc4,xzr,xzr
+	ldr	$bi,[$bp,$cnt]		// next b[i]
+	adds	$acc1,$acc1,$t0
+	mul	$t0,$m0,$mi		// lo(n[4..7]*t[0]*n0)
+	adcs	$acc2,$acc2,$t1
+	mul	$t1,$m1,$mi
+	adcs	$acc3,$acc3,$t2
+	mul	$t2,$m2,$mi
+	adc	$acc4,$acc4,$t3		// can't overflow
+	mul	$t3,$m3,$mi
+	adds	$acc0,$acc0,$t0
+	umulh	$t0,$m0,$mi		// hi(n[4..7]*t[0]*n0)
+	adcs	$acc1,$acc1,$t1
+	umulh	$t1,$m1,$mi
+	adcs	$acc2,$acc2,$t2
+	umulh	$t2,$m2,$mi
+	adcs	$acc3,$acc3,$t3
+	umulh	$t3,$m3,$mi
+	adcs	$acc4,$acc4,$carry
+	ldr	$mi,[sp,$cnt]		// next a[0]*n0
+	adc	$carry,xzr,xzr
+	str	$acc0,[$tp],#8		// result!!!
+	adds	$acc0,$acc1,$t0
+	sub	$t0,$ap_end,$ap		// done yet?
+	adcs	$acc1,$acc2,$t1
+	adcs	$acc2,$acc3,$t2
+	adcs	$acc3,$acc4,$t3
+	//adc	$carry,$carry,xzr
+	cbnz	$cnt,.Loop_mul4x_tail
+
+	sub	$t1,$np,$num		// rewinded np?
+	adc	$carry,$carry,xzr
+	cbz	$t0,.Loop_mul4x_break
+
+	ldp	$t0,$t1,[$tp,#8*4]
+	ldp	$t2,$t3,[$tp,#8*6]
+	ldp	$a0,$a1,[$ap,#8*0]
+	ldp	$a2,$a3,[$ap,#8*2]
+	add	$ap,$ap,#8*4
+	adds	$acc0,$acc0,$t0
+	adcs	$acc1,$acc1,$t1
+	adcs	$acc2,$acc2,$t2
+	adcs	$acc3,$acc3,$t3
+	//adc	$carry,$carry,xzr
+	ldp	$m0,$m1,[$np,#8*0]
+	ldp	$m2,$m3,[$np,#8*2]
+	add	$np,$np,#8*4
+	b	.Loop_mul4x_tail
+
+.align	4
+.Loop_mul4x_break:
+	ldp	$t2,$t3,[x29,#96]	// pull rp and &b[num]
+	adds	$acc0,$acc0,$topmost
+	add	$bp,$bp,#8*4		// bp++
+	adcs	$acc1,$acc1,xzr
+	sub	$ap,$ap,$num		// rewind ap
+	adcs	$acc2,$acc2,xzr
+	stp	$acc0,$acc1,[$tp,#8*0]	// result!!!
+	adcs	$acc3,$acc3,xzr
+	ldp	$acc0,$acc1,[sp,#8*4]	// t[0..3]
+	adc	$topmost,$carry,xzr
+	stp	$acc2,$acc3,[$tp,#8*2]	// result!!!
+	cmp	$bp,$t3			// done yet?
+	ldp	$acc2,$acc3,[sp,#8*6]
+	ldp	$m0,$m1,[$t1,#8*0]	// n[0..3]
+	ldp	$m2,$m3,[$t1,#8*2]
+	add	$np,$t1,#8*4
+	b.eq	.Lmul4x_post
+
+	ldr	$bi,[$bp]
+	ldp	$a0,$a1,[$ap,#8*0]	// a[0..3]
+	ldp	$a2,$a3,[$ap,#8*2]
+	adds	$ap,$ap,#8*4		// clear carry bit
+	mov	$carry,xzr
+	mov	$tp,sp
+	b	.Loop_mul4x_reduction
+
+.align	4
+.Lmul4x_post:
+	// Final step. We see if result is larger than modulus, and
+	// if it is, subtract the modulus. But comparison implies
+	// subtraction. So we subtract modulus, see if it borrowed,
+	// and conditionally copy original value.
+	mov	$rp,$t2
+	mov	$ap_end,$t2		// $rp copy
+	subs	$t0,$acc0,$m0
+	add	$tp,sp,#8*8
+	sbcs	$t1,$acc1,$m1
+	sub	$cnt,$num,#8*4
+
+.Lmul4x_sub:
+	sbcs	$t2,$acc2,$m2
+	ldp	$m0,$m1,[$np,#8*0]
+	sub	$cnt,$cnt,#8*4
+	ldp	$acc0,$acc1,[$tp,#8*0]
+	sbcs	$t3,$acc3,$m3
+	ldp	$m2,$m3,[$np,#8*2]
+	add	$np,$np,#8*4
+	ldp	$acc2,$acc3,[$tp,#8*2]
+	add	$tp,$tp,#8*4
+	stp	$t0,$t1,[$rp,#8*0]
+	sbcs	$t0,$acc0,$m0
+	stp	$t2,$t3,[$rp,#8*2]
+	add	$rp,$rp,#8*4
+	sbcs	$t1,$acc1,$m1
+	cbnz	$cnt,.Lmul4x_sub
+
+	sbcs	$t2,$acc2,$m2
+	 mov	$tp,sp
+	 add	$ap,sp,#8*4
+	 ldp	$a0,$a1,[$ap_end,#8*0]
+	sbcs	$t3,$acc3,$m3
+	stp	$t0,$t1,[$rp,#8*0]
+	 ldp	$a2,$a3,[$ap_end,#8*2]
+	stp	$t2,$t3,[$rp,#8*2]
+	 ldp	$acc0,$acc1,[$ap,#8*0]
+	 ldp	$acc2,$acc3,[$ap,#8*2]
+	sbcs	xzr,$topmost,xzr	// did it borrow?
+	ldr	x30,[x29,#8]		// pull return address
+
+	sub	$cnt,$num,#8*4
+.Lmul4x_cond_copy:
+	sub	$cnt,$cnt,#8*4
+	csel	$t0,$acc0,$a0,lo
+	 stp	xzr,xzr,[$tp,#8*0]
+	csel	$t1,$acc1,$a1,lo
+	ldp	$a0,$a1,[$ap_end,#8*4]
+	ldp	$acc0,$acc1,[$ap,#8*4]
+	csel	$t2,$acc2,$a2,lo
+	 stp	xzr,xzr,[$tp,#8*2]
+	 add	$tp,$tp,#8*4
+	csel	$t3,$acc3,$a3,lo
+	ldp	$a2,$a3,[$ap_end,#8*6]
+	ldp	$acc2,$acc3,[$ap,#8*6]
+	add	$ap,$ap,#8*4
+	stp	$t0,$t1,[$ap_end,#8*0]
+	stp	$t2,$t3,[$ap_end,#8*2]
+	add	$ap_end,$ap_end,#8*4
+	cbnz	$cnt,.Lmul4x_cond_copy
+
+	csel	$t0,$acc0,$a0,lo
+	 stp	xzr,xzr,[$tp,#8*0]
+	csel	$t1,$acc1,$a1,lo
+	 stp	xzr,xzr,[$tp,#8*2]
+	csel	$t2,$acc2,$a2,lo
+	 stp	xzr,xzr,[$tp,#8*3]
+	csel	$t3,$acc3,$a3,lo
+	 stp	xzr,xzr,[$tp,#8*4]
+	stp	$t0,$t1,[$ap_end,#8*0]
+	stp	$t2,$t3,[$ap_end,#8*2]
+
+	b	.Lmul4x_done
+
+.align	4
+.Lmul4x4_post_condition:
+	adc	$carry,$carry,xzr
+	ldr	$ap,[x29,#96]		// pull rp
+	// $acc0-3,$carry hold result, $m0-7 hold modulus
+	subs	$a0,$acc0,$m0
+	ldr	x30,[x29,#8]		// pull return address
+	sbcs	$a1,$acc1,$m1
+	 stp	xzr,xzr,[sp,#8*0]
+	sbcs	$a2,$acc2,$m2
+	 stp	xzr,xzr,[sp,#8*2]
+	sbcs	$a3,$acc3,$m3
+	 stp	xzr,xzr,[sp,#8*4]
+	sbcs	xzr,$carry,xzr		// did it borrow?
+	 stp	xzr,xzr,[sp,#8*6]
+
+	// $a0-3 hold result-modulus
+	csel	$a0,$acc0,$a0,lo
+	csel	$a1,$acc1,$a1,lo
+	csel	$a2,$acc2,$a2,lo
+	csel	$a3,$acc3,$a3,lo
+	stp	$a0,$a1,[$ap,#8*0]
+	stp	$a2,$a3,[$ap,#8*2]
+
+.Lmul4x_done:
+	ldp	x19,x20,[x29,#16]
+	mov	sp,x29
+	ldp	x21,x22,[x29,#32]
+	mov	x0,#1
+	ldp	x23,x24,[x29,#48]
+	ldp	x25,x26,[x29,#64]
+	ldp	x27,x28,[x29,#80]
+	ldr	x29,[sp],#128
+	.inst	0xd50323bf		// autiasp
+	ret
+.size	__bn_mul4x_mont,.-__bn_mul4x_mont
+___
+}
+$code.=<<___;
+.asciz	"Montgomery Multiplication for ARMv8, CRYPTOGAMS by <appro\@openssl.org>"
+.align	4
+___
+
+print $code;
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/bn-586.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/bn-586.pl
new file mode 100644
index 000000000..58effc880
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/bn-586.pl
@@ -0,0 +1,785 @@
+#! /usr/bin/env perl
+# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+
+$output = pop;
+open STDOUT,">$output";
+
+&asm_init($ARGV[0]);
+
+$sse2=0;
+for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
+
+&external_label("OPENSSL_ia32cap_P") if ($sse2);
+
+&bn_mul_add_words("bn_mul_add_words");
+&bn_mul_words("bn_mul_words");
+&bn_sqr_words("bn_sqr_words");
+&bn_div_words("bn_div_words");
+&bn_add_words("bn_add_words");
+&bn_sub_words("bn_sub_words");
+&bn_sub_part_words("bn_sub_part_words");
+
+&asm_finish();
+
+close STDOUT;
+
+sub bn_mul_add_words
+	{
+	local($name)=@_;
+
+	&function_begin_B($name,$sse2?"EXTRN\t_OPENSSL_ia32cap_P:DWORD":"");
+
+	$r="eax";
+	$a="edx";
+	$c="ecx";
+
+	if ($sse2) {
+		&picmeup("eax","OPENSSL_ia32cap_P");
+		&bt(&DWP(0,"eax"),26);
+		&jnc(&label("maw_non_sse2"));
+
+		&mov($r,&wparam(0));
+		&mov($a,&wparam(1));
+		&mov($c,&wparam(2));
+		&movd("mm0",&wparam(3));	# mm0 = w
+		&pxor("mm1","mm1");		# mm1 = carry_in
+		&jmp(&label("maw_sse2_entry"));
+
+	&set_label("maw_sse2_unrolled",16);
+		&movd("mm3",&DWP(0,$r,"",0));	# mm3 = r[0]
+		&paddq("mm1","mm3");		# mm1 = carry_in + r[0]
+		&movd("mm2",&DWP(0,$a,"",0));	# mm2 = a[0]
+		&pmuludq("mm2","mm0");		# mm2 = w*a[0]
+		&movd("mm4",&DWP(4,$a,"",0));	# mm4 = a[1]
+		&pmuludq("mm4","mm0");		# mm4 = w*a[1]
+		&movd("mm6",&DWP(8,$a,"",0));	# mm6 = a[2]
+		&pmuludq("mm6","mm0");		# mm6 = w*a[2]
+		&movd("mm7",&DWP(12,$a,"",0));	# mm7 = a[3]
+		&pmuludq("mm7","mm0");		# mm7 = w*a[3]
+		&paddq("mm1","mm2");		# mm1 = carry_in + r[0] + w*a[0]
+		&movd("mm3",&DWP(4,$r,"",0));	# mm3 = r[1]
+		&paddq("mm3","mm4");		# mm3 = r[1] + w*a[1]
+		&movd("mm5",&DWP(8,$r,"",0));	# mm5 = r[2]
+		&paddq("mm5","mm6");		# mm5 = r[2] + w*a[2]
+		&movd("mm4",&DWP(12,$r,"",0));	# mm4 = r[3]
+		&paddq("mm7","mm4");		# mm7 = r[3] + w*a[3]
+		&movd(&DWP(0,$r,"",0),"mm1");
+		&movd("mm2",&DWP(16,$a,"",0));	# mm2 = a[4]
+		&pmuludq("mm2","mm0");		# mm2 = w*a[4]
+		&psrlq("mm1",32);		# mm1 = carry0
+		&movd("mm4",&DWP(20,$a,"",0));	# mm4 = a[5]
+		&pmuludq("mm4","mm0");		# mm4 = w*a[5]
+		&paddq("mm1","mm3");		# mm1 = carry0 + r[1] + w*a[1]
+		&movd("mm6",&DWP(24,$a,"",0));	# mm6 = a[6]
+		&pmuludq("mm6","mm0");		# mm6 = w*a[6]
+		&movd(&DWP(4,$r,"",0),"mm1");
+		&psrlq("mm1",32);		# mm1 = carry1
+		&movd("mm3",&DWP(28,$a,"",0));	# mm3 = a[7]
+		&add($a,32);
+		&pmuludq("mm3","mm0");		# mm3 = w*a[7]
+		&paddq("mm1","mm5");		# mm1 = carry1 + r[2] + w*a[2]
+		&movd("mm5",&DWP(16,$r,"",0));	# mm5 = r[4]
+		&paddq("mm2","mm5");		# mm2 = r[4] + w*a[4]
+		&movd(&DWP(8,$r,"",0),"mm1");
+		&psrlq("mm1",32);		# mm1 = carry2
+		&paddq("mm1","mm7");		# mm1 = carry2 + r[3] + w*a[3]
+		&movd("mm5",&DWP(20,$r,"",0));	# mm5 = r[5]
+		&paddq("mm4","mm5");		# mm4 = r[5] + w*a[5]
+		&movd(&DWP(12,$r,"",0),"mm1");
+		&psrlq("mm1",32);		# mm1 = carry3
+		&paddq("mm1","mm2");		# mm1 = carry3 + r[4] + w*a[4]
+		&movd("mm5",&DWP(24,$r,"",0));	# mm5 = r[6]
+		&paddq("mm6","mm5");		# mm6 = r[6] + w*a[6]
+		&movd(&DWP(16,$r,"",0),"mm1");
+		&psrlq("mm1",32);		# mm1 = carry4
+		&paddq("mm1","mm4");		# mm1 = carry4 + r[5] + w*a[5]
+		&movd("mm5",&DWP(28,$r,"",0));	# mm5 = r[7]
+		&paddq("mm3","mm5");		# mm3 = r[7] + w*a[7]
+		&movd(&DWP(20,$r,"",0),"mm1");
+		&psrlq("mm1",32);		# mm1 = carry5
+		&paddq("mm1","mm6");		# mm1 = carry5 + r[6] + w*a[6]
+		&movd(&DWP(24,$r,"",0),"mm1");
+		&psrlq("mm1",32);		# mm1 = carry6
+		&paddq("mm1","mm3");		# mm1 = carry6 + r[7] + w*a[7]
+		&movd(&DWP(28,$r,"",0),"mm1");
+		&lea($r,&DWP(32,$r));
+		&psrlq("mm1",32);		# mm1 = carry_out
+
+		&sub($c,8);
+		&jz(&label("maw_sse2_exit"));
+	&set_label("maw_sse2_entry");
+		&test($c,0xfffffff8);
+		&jnz(&label("maw_sse2_unrolled"));
+
+	&set_label("maw_sse2_loop",4);
+		&movd("mm2",&DWP(0,$a));	# mm2 = a[i]
+		&movd("mm3",&DWP(0,$r));	# mm3 = r[i]
+		&pmuludq("mm2","mm0");		# a[i] *= w
+		&lea($a,&DWP(4,$a));
+		&paddq("mm1","mm3");		# carry += r[i]
+		&paddq("mm1","mm2");		# carry += a[i]*w
+		&movd(&DWP(0,$r),"mm1");	# r[i] = carry_low
+		&sub($c,1);
+		&psrlq("mm1",32);		# carry = carry_high
+		&lea($r,&DWP(4,$r));
+		&jnz(&label("maw_sse2_loop"));
+	&set_label("maw_sse2_exit");
+		&movd("eax","mm1");		# c = carry_out
+		&emms();
+		&ret();
+
+	&set_label("maw_non_sse2",16);
+	}
+
+	# function_begin prologue
+	&push("ebp");
+	&push("ebx");
+	&push("esi");
+	&push("edi");
+
+	&comment("");
+	$Low="eax";
+	$High="edx";
+	$a="ebx";
+	$w="ebp";
+	$r="edi";
+	$c="esi";
+
+	&xor($c,$c);		# clear carry
+	&mov($r,&wparam(0));	#
+
+	&mov("ecx",&wparam(2));	#
+	&mov($a,&wparam(1));	#
+
+	&and("ecx",0xfffffff8);	# num / 8
+	&mov($w,&wparam(3));	#
+
+	&push("ecx");		# Up the stack for a tmp variable
+
+	&jz(&label("maw_finish"));
+
+	&set_label("maw_loop",16);
+
+	for ($i=0; $i<32; $i+=4)
+		{
+		&comment("Round $i");
+
+		 &mov("eax",&DWP($i,$a)); 	# *a
+		&mul($w);			# *a * w
+		&add("eax",$c);			# L(t)+= c
+		&adc("edx",0);			# H(t)+=carry
+		 &add("eax",&DWP($i,$r));	# L(t)+= *r
+		&adc("edx",0);			# H(t)+=carry
+		 &mov(&DWP($i,$r),"eax");	# *r= L(t);
+		&mov($c,"edx");			# c=  H(t);
+		}
+
+	&comment("");
+	&sub("ecx",8);
+	&lea($a,&DWP(32,$a));
+	&lea($r,&DWP(32,$r));
+	&jnz(&label("maw_loop"));
+
+	&set_label("maw_finish",0);
+	&mov("ecx",&wparam(2));	# get num
+	&and("ecx",7);
+	&jnz(&label("maw_finish2"));	# helps branch prediction
+	&jmp(&label("maw_end"));
+
+	&set_label("maw_finish2",1);
+	for ($i=0; $i<7; $i++)
+		{
+		&comment("Tail Round $i");
+		 &mov("eax",&DWP($i*4,$a));	# *a
+		&mul($w);			# *a * w
+		&add("eax",$c);			# L(t)+=c
+		&adc("edx",0);			# H(t)+=carry
+		 &add("eax",&DWP($i*4,$r));	# L(t)+= *r
+		&adc("edx",0);			# H(t)+=carry
+		 &dec("ecx") if ($i != 7-1);
+		&mov(&DWP($i*4,$r),"eax");	# *r= L(t);
+		 &mov($c,"edx");		# c=  H(t);
+		&jz(&label("maw_end")) if ($i != 7-1);
+		}
+	&set_label("maw_end",0);
+	&mov("eax",$c);
+
+	&pop("ecx");	# clear variable from
+
+	&function_end($name);
+	}
+
+sub bn_mul_words
+	{
+	local($name)=@_;
+
+	&function_begin_B($name,$sse2?"EXTRN\t_OPENSSL_ia32cap_P:DWORD":"");
+
+	$r="eax";
+	$a="edx";
+	$c="ecx";
+
+	if ($sse2) {
+		&picmeup("eax","OPENSSL_ia32cap_P");
+		&bt(&DWP(0,"eax"),26);
+		&jnc(&label("mw_non_sse2"));
+
+		&mov($r,&wparam(0));
+		&mov($a,&wparam(1));
+		&mov($c,&wparam(2));
+		&movd("mm0",&wparam(3));	# mm0 = w
+		&pxor("mm1","mm1");		# mm1 = carry = 0
+
+	&set_label("mw_sse2_loop",16);
+		&movd("mm2",&DWP(0,$a));	# mm2 = a[i]
+		&pmuludq("mm2","mm0");		# a[i] *= w
+		&lea($a,&DWP(4,$a));
+		&paddq("mm1","mm2");		# carry += a[i]*w
+		&movd(&DWP(0,$r),"mm1");	# r[i] = carry_low
+		&sub($c,1);
+		&psrlq("mm1",32);		# carry = carry_high
+		&lea($r,&DWP(4,$r));
+		&jnz(&label("mw_sse2_loop"));
+
+		&movd("eax","mm1");		# return carry
+		&emms();
+		&ret();
+	&set_label("mw_non_sse2",16);
+	}
+
+	# function_begin prologue
+	&push("ebp");
+	&push("ebx");
+	&push("esi");
+	&push("edi");
+
+	&comment("");
+	$Low="eax";
+	$High="edx";
+	$a="ebx";
+	$w="ecx";
+	$r="edi";
+	$c="esi";
+	$num="ebp";
+
+	&xor($c,$c);		# clear carry
+	&mov($r,&wparam(0));	#
+	&mov($a,&wparam(1));	#
+	&mov($num,&wparam(2));	#
+	&mov($w,&wparam(3));	#
+
+	&and($num,0xfffffff8);	# num / 8
+	&jz(&label("mw_finish"));
+
+	&set_label("mw_loop",0);
+	for ($i=0; $i<32; $i+=4)
+		{
+		&comment("Round $i");
+
+		 &mov("eax",&DWP($i,$a,"",0)); 	# *a
+		&mul($w);			# *a * w
+		&add("eax",$c);			# L(t)+=c
+		 # XXX
+
+		&adc("edx",0);			# H(t)+=carry
+		 &mov(&DWP($i,$r,"",0),"eax");	# *r= L(t);
+
+		&mov($c,"edx");			# c=  H(t);
+		}
+
+	&comment("");
+	&add($a,32);
+	&add($r,32);
+	&sub($num,8);
+	&jz(&label("mw_finish"));
+	&jmp(&label("mw_loop"));
+
+	&set_label("mw_finish",0);
+	&mov($num,&wparam(2));	# get num
+	&and($num,7);
+	&jnz(&label("mw_finish2"));
+	&jmp(&label("mw_end"));
+
+	&set_label("mw_finish2",1);
+	for ($i=0; $i<7; $i++)
+		{
+		&comment("Tail Round $i");
+		 &mov("eax",&DWP($i*4,$a,"",0));# *a
+		&mul($w);			# *a * w
+		&add("eax",$c);			# L(t)+=c
+		 # XXX
+		&adc("edx",0);			# H(t)+=carry
+		 &mov(&DWP($i*4,$r,"",0),"eax");# *r= L(t);
+		&mov($c,"edx");			# c=  H(t);
+		 &dec($num) if ($i != 7-1);
+		&jz(&label("mw_end")) if ($i != 7-1);
+		}
+	&set_label("mw_end",0);
+	&mov("eax",$c);
+
+	&function_end($name);
+	}
+
+sub bn_sqr_words
+	{
+	local($name)=@_;
+
+	&function_begin_B($name,$sse2?"EXTRN\t_OPENSSL_ia32cap_P:DWORD":"");
+
+	$r="eax";
+	$a="edx";
+	$c="ecx";
+
+	if ($sse2) {
+		&picmeup("eax","OPENSSL_ia32cap_P");
+		&bt(&DWP(0,"eax"),26);
+		&jnc(&label("sqr_non_sse2"));
+
+		&mov($r,&wparam(0));
+		&mov($a,&wparam(1));
+		&mov($c,&wparam(2));
+
+	&set_label("sqr_sse2_loop",16);
+		&movd("mm0",&DWP(0,$a));	# mm0 = a[i]
+		&pmuludq("mm0","mm0");		# a[i] *= a[i]
+		&lea($a,&DWP(4,$a));		# a++
+		&movq(&QWP(0,$r),"mm0");	# r[i] = a[i]*a[i]
+		&sub($c,1);
+		&lea($r,&DWP(8,$r));		# r += 2
+		&jnz(&label("sqr_sse2_loop"));
+
+		&emms();
+		&ret();
+	&set_label("sqr_non_sse2",16);
+	}
+
+	# function_begin prologue
+	&push("ebp");
+	&push("ebx");
+	&push("esi");
+	&push("edi");
+
+	&comment("");
+	$r="esi";
+	$a="edi";
+	$num="ebx";
+
+	&mov($r,&wparam(0));	#
+	&mov($a,&wparam(1));	#
+	&mov($num,&wparam(2));	#
+
+	&and($num,0xfffffff8);	# num / 8
+	&jz(&label("sw_finish"));
+
+	&set_label("sw_loop",0);
+	for ($i=0; $i<32; $i+=4)
+		{
+		&comment("Round $i");
+		&mov("eax",&DWP($i,$a,"",0)); 	# *a
+		 # XXX
+		&mul("eax");			# *a * *a
+		&mov(&DWP($i*2,$r,"",0),"eax");	#
+		 &mov(&DWP($i*2+4,$r,"",0),"edx");#
+		}
+
+	&comment("");
+	&add($a,32);
+	&add($r,64);
+	&sub($num,8);
+	&jnz(&label("sw_loop"));
+
+	&set_label("sw_finish",0);
+	&mov($num,&wparam(2));	# get num
+	&and($num,7);
+	&jz(&label("sw_end"));
+
+	for ($i=0; $i<7; $i++)
+		{
+		&comment("Tail Round $i");
+		&mov("eax",&DWP($i*4,$a,"",0));	# *a
+		 # XXX
+		&mul("eax");			# *a * *a
+		&mov(&DWP($i*8,$r,"",0),"eax");	#
+		 &dec($num) if ($i != 7-1);
+		&mov(&DWP($i*8+4,$r,"",0),"edx");
+		 &jz(&label("sw_end")) if ($i != 7-1);
+		}
+	&set_label("sw_end",0);
+
+	&function_end($name);
+	}
+
+sub bn_div_words
+	{
+	local($name)=@_;
+
+	&function_begin_B($name,"");
+	&mov("edx",&wparam(0));	#
+	&mov("eax",&wparam(1));	#
+	&mov("ecx",&wparam(2));	#
+	&div("ecx");
+	&ret();
+	&function_end_B($name);
+	}
+
+sub bn_add_words
+	{
+	local($name)=@_;
+
+	&function_begin($name,"");
+
+	&comment("");
+	$a="esi";
+	$b="edi";
+	$c="eax";
+	$r="ebx";
+	$tmp1="ecx";
+	$tmp2="edx";
+	$num="ebp";
+
+	&mov($r,&wparam(0));	# get r
+	 &mov($a,&wparam(1));	# get a
+	&mov($b,&wparam(2));	# get b
+	 &mov($num,&wparam(3));	# get num
+	&xor($c,$c);		# clear carry
+	 &and($num,0xfffffff8);	# num / 8
+
+	&jz(&label("aw_finish"));
+
+	&set_label("aw_loop",0);
+	for ($i=0; $i<8; $i++)
+		{
+		&comment("Round $i");
+
+		&mov($tmp1,&DWP($i*4,$a,"",0)); 	# *a
+		 &mov($tmp2,&DWP($i*4,$b,"",0)); 	# *b
+		&add($tmp1,$c);
+		 &mov($c,0);
+		&adc($c,$c);
+		 &add($tmp1,$tmp2);
+		&adc($c,0);
+		 &mov(&DWP($i*4,$r,"",0),$tmp1); 	# *r
+		}
+
+	&comment("");
+	&add($a,32);
+	 &add($b,32);
+	&add($r,32);
+	 &sub($num,8);
+	&jnz(&label("aw_loop"));
+
+	&set_label("aw_finish",0);
+	&mov($num,&wparam(3));	# get num
+	&and($num,7);
+	 &jz(&label("aw_end"));
+
+	for ($i=0; $i<7; $i++)
+		{
+		&comment("Tail Round $i");
+		&mov($tmp1,&DWP($i*4,$a,"",0));	# *a
+		 &mov($tmp2,&DWP($i*4,$b,"",0));# *b
+		&add($tmp1,$c);
+		 &mov($c,0);
+		&adc($c,$c);
+		 &add($tmp1,$tmp2);
+		&adc($c,0);
+		 &dec($num) if ($i != 6);
+		&mov(&DWP($i*4,$r,"",0),$tmp1);	# *r
+		 &jz(&label("aw_end")) if ($i != 6);
+		}
+	&set_label("aw_end",0);
+
+#	&mov("eax",$c);		# $c is "eax"
+
+	&function_end($name);
+	}
+
+sub bn_sub_words
+	{
+	local($name)=@_;
+
+	&function_begin($name,"");
+
+	&comment("");
+	$a="esi";
+	$b="edi";
+	$c="eax";
+	$r="ebx";
+	$tmp1="ecx";
+	$tmp2="edx";
+	$num="ebp";
+
+	&mov($r,&wparam(0));	# get r
+	 &mov($a,&wparam(1));	# get a
+	&mov($b,&wparam(2));	# get b
+	 &mov($num,&wparam(3));	# get num
+	&xor($c,$c);		# clear carry
+	 &and($num,0xfffffff8);	# num / 8
+
+	&jz(&label("aw_finish"));
+
+	&set_label("aw_loop",0);
+	for ($i=0; $i<8; $i++)
+		{
+		&comment("Round $i");
+
+		&mov($tmp1,&DWP($i*4,$a,"",0)); 	# *a
+		 &mov($tmp2,&DWP($i*4,$b,"",0)); 	# *b
+		&sub($tmp1,$c);
+		 &mov($c,0);
+		&adc($c,$c);
+		 &sub($tmp1,$tmp2);
+		&adc($c,0);
+		 &mov(&DWP($i*4,$r,"",0),$tmp1); 	# *r
+		}
+
+	&comment("");
+	&add($a,32);
+	 &add($b,32);
+	&add($r,32);
+	 &sub($num,8);
+	&jnz(&label("aw_loop"));
+
+	&set_label("aw_finish",0);
+	&mov($num,&wparam(3));	# get num
+	&and($num,7);
+	 &jz(&label("aw_end"));
+
+	for ($i=0; $i<7; $i++)
+		{
+		&comment("Tail Round $i");
+		&mov($tmp1,&DWP($i*4,$a,"",0));	# *a
+		 &mov($tmp2,&DWP($i*4,$b,"",0));# *b
+		&sub($tmp1,$c);
+		 &mov($c,0);
+		&adc($c,$c);
+		 &sub($tmp1,$tmp2);
+		&adc($c,0);
+		 &dec($num) if ($i != 6);
+		&mov(&DWP($i*4,$r,"",0),$tmp1);	# *r
+		 &jz(&label("aw_end")) if ($i != 6);
+		}
+	&set_label("aw_end",0);
+
+#	&mov("eax",$c);		# $c is "eax"
+
+	&function_end($name);
+	}
+
+sub bn_sub_part_words
+	{
+	local($name)=@_;
+
+	&function_begin($name,"");
+
+	&comment("");
+	$a="esi";
+	$b="edi";
+	$c="eax";
+	$r="ebx";
+	$tmp1="ecx";
+	$tmp2="edx";
+	$num="ebp";
+
+	&mov($r,&wparam(0));	# get r
+	 &mov($a,&wparam(1));	# get a
+	&mov($b,&wparam(2));	# get b
+	 &mov($num,&wparam(3));	# get num
+	&xor($c,$c);		# clear carry
+	 &and($num,0xfffffff8);	# num / 8
+
+	&jz(&label("aw_finish"));
+
+	&set_label("aw_loop",0);
+	for ($i=0; $i<8; $i++)
+		{
+		&comment("Round $i");
+
+		&mov($tmp1,&DWP($i*4,$a,"",0)); 	# *a
+		 &mov($tmp2,&DWP($i*4,$b,"",0)); 	# *b
+		&sub($tmp1,$c);
+		 &mov($c,0);
+		&adc($c,$c);
+		 &sub($tmp1,$tmp2);
+		&adc($c,0);
+		 &mov(&DWP($i*4,$r,"",0),$tmp1); 	# *r
+		}
+
+	&comment("");
+	&add($a,32);
+	 &add($b,32);
+	&add($r,32);
+	 &sub($num,8);
+	&jnz(&label("aw_loop"));
+
+	&set_label("aw_finish",0);
+	&mov($num,&wparam(3));	# get num
+	&and($num,7);
+	 &jz(&label("aw_end"));
+
+	for ($i=0; $i<7; $i++)
+		{
+		&comment("Tail Round $i");
+		&mov($tmp1,&DWP(0,$a,"",0));	# *a
+		 &mov($tmp2,&DWP(0,$b,"",0));# *b
+		&sub($tmp1,$c);
+		 &mov($c,0);
+		&adc($c,$c);
+		 &sub($tmp1,$tmp2);
+		&adc($c,0);
+		&mov(&DWP(0,$r,"",0),$tmp1);	# *r
+		&add($a, 4);
+		&add($b, 4);
+		&add($r, 4);
+		 &dec($num) if ($i != 6);
+		 &jz(&label("aw_end")) if ($i != 6);
+		}
+	&set_label("aw_end",0);
+
+	&cmp(&wparam(4),0);
+	&je(&label("pw_end"));
+
+	&mov($num,&wparam(4));	# get dl
+	&cmp($num,0);
+	&je(&label("pw_end"));
+	&jge(&label("pw_pos"));
+
+	&comment("pw_neg");
+	&mov($tmp2,0);
+	&sub($tmp2,$num);
+	&mov($num,$tmp2);
+	&and($num,0xfffffff8);	# num / 8
+	&jz(&label("pw_neg_finish"));
+
+	&set_label("pw_neg_loop",0);
+	for ($i=0; $i<8; $i++)
+	{
+	    &comment("dl<0 Round $i");
+
+	    &mov($tmp1,0);
+	    &mov($tmp2,&DWP($i*4,$b,"",0)); 	# *b
+	    &sub($tmp1,$c);
+	    &mov($c,0);
+	    &adc($c,$c);
+	    &sub($tmp1,$tmp2);
+	    &adc($c,0);
+	    &mov(&DWP($i*4,$r,"",0),$tmp1); 	# *r
+	}
+
+	&comment("");
+	&add($b,32);
+	&add($r,32);
+	&sub($num,8);
+	&jnz(&label("pw_neg_loop"));
+
+	&set_label("pw_neg_finish",0);
+	&mov($tmp2,&wparam(4));	# get dl
+	&mov($num,0);
+	&sub($num,$tmp2);
+	&and($num,7);
+	&jz(&label("pw_end"));
+
+	for ($i=0; $i<7; $i++)
+	{
+	    &comment("dl<0 Tail Round $i");
+	    &mov($tmp1,0);
+	    &mov($tmp2,&DWP($i*4,$b,"",0));# *b
+	    &sub($tmp1,$c);
+	    &mov($c,0);
+	    &adc($c,$c);
+	    &sub($tmp1,$tmp2);
+	    &adc($c,0);
+	    &dec($num) if ($i != 6);
+	    &mov(&DWP($i*4,$r,"",0),$tmp1);	# *r
+	    &jz(&label("pw_end")) if ($i != 6);
+	}
+
+	&jmp(&label("pw_end"));
+
+	&set_label("pw_pos",0);
+
+	&and($num,0xfffffff8);	# num / 8
+	&jz(&label("pw_pos_finish"));
+
+	&set_label("pw_pos_loop",0);
+
+	for ($i=0; $i<8; $i++)
+	{
+	    &comment("dl>0 Round $i");
+
+	    &mov($tmp1,&DWP($i*4,$a,"",0));	# *a
+	    &sub($tmp1,$c);
+	    &mov(&DWP($i*4,$r,"",0),$tmp1);	# *r
+	    &jnc(&label("pw_nc".$i));
+	}
+
+	&comment("");
+	&add($a,32);
+	&add($r,32);
+	&sub($num,8);
+	&jnz(&label("pw_pos_loop"));
+
+	&set_label("pw_pos_finish",0);
+	&mov($num,&wparam(4));	# get dl
+	&and($num,7);
+	&jz(&label("pw_end"));
+
+	for ($i=0; $i<7; $i++)
+	{
+	    &comment("dl>0 Tail Round $i");
+	    &mov($tmp1,&DWP($i*4,$a,"",0));	# *a
+	    &sub($tmp1,$c);
+	    &mov(&DWP($i*4,$r,"",0),$tmp1);	# *r
+	    &jnc(&label("pw_tail_nc".$i));
+	    &dec($num) if ($i != 6);
+	    &jz(&label("pw_end")) if ($i != 6);
+	}
+	&mov($c,1);
+	&jmp(&label("pw_end"));
+
+	&set_label("pw_nc_loop",0);
+	for ($i=0; $i<8; $i++)
+	{
+	    &mov($tmp1,&DWP($i*4,$a,"",0));	# *a
+	    &mov(&DWP($i*4,$r,"",0),$tmp1);	# *r
+	    &set_label("pw_nc".$i,0);
+	}
+
+	&comment("");
+	&add($a,32);
+	&add($r,32);
+	&sub($num,8);
+	&jnz(&label("pw_nc_loop"));
+
+	&mov($num,&wparam(4));	# get dl
+	&and($num,7);
+	&jz(&label("pw_nc_end"));
+
+	for ($i=0; $i<7; $i++)
+	{
+	    &mov($tmp1,&DWP($i*4,$a,"",0));	# *a
+	    &mov(&DWP($i*4,$r,"",0),$tmp1);	# *r
+	    &set_label("pw_tail_nc".$i,0);
+	    &dec($num) if ($i != 6);
+	    &jz(&label("pw_nc_end")) if ($i != 6);
+	}
+
+	&set_label("pw_nc_end",0);
+	&mov($c,0);
+
+	&set_label("pw_end",0);
+
+#	&mov("eax",$c);		# $c is "eax"
+
+	&function_end($name);
+	}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/bn-c64xplus.asm b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/bn-c64xplus.asm
new file mode 100644
index 000000000..de6d37728
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/bn-c64xplus.asm
@@ -0,0 +1,382 @@
+;; Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+;;
+;; Licensed under the OpenSSL license (the "License").  You may not use
+;; this file except in compliance with the License.  You can obtain a copy
+;; in the file LICENSE in the source distribution or at
+;; https://www.openssl.org/source/license.html
+;;
+;;====================================================================
+;; Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+;; project.
+;;
+;; Rights for redistribution and usage in source and binary forms are
+;; granted according to the OpenSSL license. Warranty of any kind is
+;; disclaimed.
+;;====================================================================
+;; Compiler-generated multiply-n-add SPLOOP runs at 12*n cycles, n
+;; being the number of 32-bit words, addition - 8*n. Corresponding 4x
+;; unrolled SPLOOP-free loops - at ~8*n and ~5*n. Below assembler
+;; SPLOOPs spin at ... 2*n cycles [plus epilogue].
+;;====================================================================
+	.text
+
+	.if	.ASSEMBLER_VERSION<7000000
+	.asg	0,__TI_EABI__
+	.endif
+	.if	__TI_EABI__
+	.asg	bn_mul_add_words,_bn_mul_add_words
+	.asg	bn_mul_words,_bn_mul_words
+	.asg	bn_sqr_words,_bn_sqr_words
+	.asg	bn_add_words,_bn_add_words
+	.asg	bn_sub_words,_bn_sub_words
+	.asg	bn_div_words,_bn_div_words
+	.asg	bn_sqr_comba8,_bn_sqr_comba8
+	.asg	bn_mul_comba8,_bn_mul_comba8
+	.asg	bn_sqr_comba4,_bn_sqr_comba4
+	.asg	bn_mul_comba4,_bn_mul_comba4
+	.endif
+
+	.asg	B3,RA
+	.asg	A4,ARG0
+	.asg	B4,ARG1
+	.asg	A6,ARG2
+	.asg	B6,ARG3
+	.asg	A8,ARG4
+	.asg	B8,ARG5
+	.asg	A4,RET
+	.asg	A15,FP
+	.asg	B14,DP
+	.asg	B15,SP
+
+	.global	_bn_mul_add_words
+_bn_mul_add_words:
+	.asmfunc
+	MV	ARG2,B0
+  [!B0]	BNOP	RA
+||[!B0]	MVK	0,RET
+   [B0]	MVC	B0,ILC
+   [B0]	ZERO	A19		; high part of accumulator
+|| [B0]	MV	ARG0,A2
+|| [B0]	MV	ARG3,A3
+	NOP	3
+
+	SPLOOP	2		; 2*n+10
+;;====================================================================
+	LDW	*ARG1++,B7	; ap[i]
+	NOP	3
+	LDW	*ARG0++,A7	; rp[i]
+	MPY32U	B7,A3,A17:A16
+	NOP	3		; [2,0] in epilogue
+	ADDU	A16,A7,A21:A20
+	ADDU	A19,A21:A20,A19:A18
+||	MV.S	A17,A23
+	SPKERNEL 2,1		; leave slot for "return value"
+||	STW	A18,*A2++	; rp[i]
+||	ADD	A19,A23,A19
+;;====================================================================
+	BNOP	RA,4
+	MV	A19,RET		; return value
+	.endasmfunc
+
+	.global	_bn_mul_words
+_bn_mul_words:
+	.asmfunc
+	MV	ARG2,B0
+  [!B0]	BNOP	RA
+||[!B0]	MVK	0,RET
+   [B0]	MVC	B0,ILC
+   [B0]	ZERO	A19		; high part of accumulator
+	NOP	3
+
+	SPLOOP	2		; 2*n+10
+;;====================================================================
+	LDW	*ARG1++,A7	; ap[i]
+	NOP	4
+	MPY32U	A7,ARG3,A17:A16
+	NOP	4		; [2,0] in epiloque
+	ADDU	A19,A16,A19:A18
+||	MV.S	A17,A21
+	SPKERNEL 2,1		; leave slot for "return value"
+||	STW	A18,*ARG0++	; rp[i]
+||	ADD.L	A19,A21,A19
+;;====================================================================
+	BNOP	RA,4
+	MV	A19,RET		; return value
+	.endasmfunc
+
+	.global	_bn_sqr_words
+_bn_sqr_words:
+	.asmfunc
+	MV	ARG2,B0
+  [!B0]	BNOP	RA
+||[!B0]	MVK	0,RET
+   [B0]	MVC	B0,ILC
+   [B0]	MV	ARG0,B2
+|| [B0]	ADD	4,ARG0,ARG0
+	NOP	3
+
+	SPLOOP	2		; 2*n+10
+;;====================================================================
+	LDW	*ARG1++,B7	; ap[i]
+	NOP	4
+	MPY32U	B7,B7,B1:B0
+	NOP	3		; [2,0] in epilogue
+	STW	B0,*B2++(8)	; rp[2*i]
+	MV	B1,A1
+	SPKERNEL 2,0		; fully overlap BNOP RA,5
+||	STW	A1,*ARG0++(8)	; rp[2*i+1]
+;;====================================================================
+	BNOP	RA,5
+	.endasmfunc
+
+	.global	_bn_add_words
+_bn_add_words:
+	.asmfunc
+	MV	ARG3,B0
+  [!B0]	BNOP	RA
+||[!B0]	MVK	0,RET
+   [B0]	MVC	B0,ILC
+   [B0]	ZERO	A1		; carry flag
+|| [B0]	MV	ARG0,A3
+	NOP	3
+
+	SPLOOP	2		; 2*n+6
+;;====================================================================
+	LDW	*ARG2++,A7	; bp[i]
+||	LDW	*ARG1++,B7	; ap[i]
+	NOP	4
+	ADDU	A7,B7,A9:A8
+	ADDU	A1,A9:A8,A1:A0
+	SPKERNEL 0,0		; fully overlap BNOP RA,5
+||	STW	A0,*A3++	; write result
+||	MV	A1,RET		; keep carry flag in RET
+;;====================================================================
+	BNOP	RA,5
+	.endasmfunc
+
+	.global	_bn_sub_words
+_bn_sub_words:
+	.asmfunc
+	MV	ARG3,B0
+  [!B0]	BNOP	RA
+||[!B0]	MVK	0,RET
+   [B0]	MVC	B0,ILC
+   [B0]	ZERO	A2		; borrow flag
+|| [B0]	MV	ARG0,A3
+	NOP	3
+
+	SPLOOP	2		; 2*n+6
+;;====================================================================
+	LDW	*ARG2++,A7	; bp[i]
+||	LDW	*ARG1++,B7	; ap[i]
+	NOP	4
+	SUBU	B7,A7,A1:A0
+  [A2]	SUB	A1:A0,1,A1:A0
+	SPKERNEL 0,1		; leave slot for "return borrow flag"
+||	STW	A0,*A3++	; write result
+||	AND	1,A1,A2		; pass on borrow flag
+;;====================================================================
+	BNOP	RA,4
+	AND	1,A1,RET	; return borrow flag
+	.endasmfunc
+
+	.global	_bn_div_words
+_bn_div_words:
+	.asmfunc
+	LMBD	1,A6,A0		; leading zero bits in dv
+	LMBD	1,A4,A1		; leading zero bits in hi
+||	MVK	32,B0
+	CMPLTU	A1,A0,A2
+||	ADD	A0,B0,B0
+  [ A2]	BNOP	RA
+||[ A2]	MVK	-1,A4		; return overflow
+||[!A2]	MV	A4,A3		; reassign hi
+  [!A2]	MV	B4,A4		; reassign lo, will be quotient
+||[!A2]	MVC	B0,ILC
+  [!A2]	SHL	A6,A0,A6	; normalize dv
+||	MVK	1,A1
+
+  [!A2]	CMPLTU	A3,A6,A1	; hi<dv?
+||[!A2]	SHL	A4,1,A5:A4	; lo<<1
+  [!A1]	SUB	A3,A6,A3	; hi-=dv
+||[!A1]	OR	1,A4,A4
+  [!A2]	SHRU	A3,31,A1	; upper bit
+||[!A2]	ADDAH	A5,A3,A3	; hi<<1|lo>>31
+
+	SPLOOP	3
+  [!A1]	CMPLTU	A3,A6,A1	; hi<dv?
+||[ A1]	ZERO	A1
+||	SHL	A4,1,A5:A4	; lo<<1
+  [!A1]	SUB	A3,A6,A3	; hi-=dv
+||[!A1]	OR	1,A4,A4		; quotient
+	SHRU	A3,31,A1	; upper bit
+||	ADDAH	A5,A3,A3	; hi<<1|lo>>31
+	SPKERNEL
+
+	BNOP	RA,5
+	.endasmfunc
+
+;;====================================================================
+;; Not really Comba algorithm, just straightforward NxM... Dedicated
+;; fully unrolled real Comba implementations are asymptotically 2x
+;; faster, but naturally larger undertaking. Purpose of this exercise
+;; was rather to learn to master nested SPLOOPs...
+;;====================================================================
+	.global	_bn_sqr_comba8
+	.global	_bn_mul_comba8
+_bn_sqr_comba8:
+	MV	ARG1,ARG2
+_bn_mul_comba8:
+	.asmfunc
+	MVK	8,B0		; N, RILC
+||	MVK	8,A0		; M, outer loop counter
+||	MV	ARG1,A5		; copy ap
+||	MV	ARG0,B4		; copy rp
+||	ZERO	B19		; high part of accumulator
+	MVC	B0,RILC
+||	SUB	B0,2,B1		; N-2, initial ILC
+||	SUB	B0,1,B2		; const B2=N-1
+||	LDW	*A5++,B6	; ap[0]
+||	MV	A0,A3		; const A3=M
+sploopNxM?:			; for best performance arrange M<=N
+   [A0]	SPLOOPD	2		; 2*n+10
+||	MVC	B1,ILC
+||	ADDAW	B4,B0,B5
+||	ZERO	B7
+||	LDW	*A5++,A9	; pre-fetch ap[1]
+||	ZERO	A1
+||	SUB	A0,1,A0
+;;====================================================================
+;; SPLOOP from bn_mul_add_words, but with flipped A<>B register files.
+;; This is because of Advisory 15 from TI publication SPRZ247I.
+	LDW	*ARG2++,A7	; bp[i]
+	NOP	3
+   [A1]	LDW	*B5++,B7	; rp[i]
+	MPY32U	A7,B6,B17:B16
+	NOP	3
+	ADDU	B16,B7,B21:B20
+	ADDU	B19,B21:B20,B19:B18
+||	MV.S	B17,B23
+	SPKERNEL
+||	STW	B18,*B4++	; rp[i]
+||	ADD.S	B19,B23,B19
+;;====================================================================
+outer?:				; m*2*(n+1)+10
+	SUBAW	ARG2,A3,ARG2	; rewind bp to bp[0]
+	SPMASKR
+||	CMPGT	A0,1,A2		; done pre-fetching ap[i+1]?
+	MVD	A9,B6		; move through .M unit(*)
+   [A2]	LDW	*A5++,A9	; pre-fetch ap[i+1]
+	SUBAW	B5,B2,B5	; rewind rp to rp[1]
+	MVK	1,A1
+   [A0]	BNOP.S1	outer?,4
+|| [A0]	SUB.L	A0,1,A0
+	STW	B19,*B4--[B2]	; rewind rp tp rp[1]
+||	ZERO.S	B19		; high part of accumulator
+;; end of outer?
+	BNOP	RA,5		; return
+	.endasmfunc
+;; (*)	It should be noted that B6 is used as input to MPY32U in
+;;	chronologically next cycle in *preceding* SPLOOP iteration.
+;;	Normally such arrangement would require DINT, but at this
+;;	point SPLOOP is draining and interrupts are disabled
+;;	implicitly.
+
+	.global	_bn_sqr_comba4
+	.global	_bn_mul_comba4
+_bn_sqr_comba4:
+	MV	ARG1,ARG2
+_bn_mul_comba4:
+	.asmfunc
+	.if	0
+	BNOP	sploopNxM?,3
+	;; Above mentioned m*2*(n+1)+10 does not apply in n=m=4 case,
+	;; because of low-counter effect, when prologue phase finishes
+	;; before SPKERNEL instruction is reached. As result it's 25%
+	;; slower than expected...
+	MVK	4,B0		; N, RILC
+||	MVK	4,A0		; M, outer loop counter
+||	MV	ARG1,A5		; copy ap
+||	MV	ARG0,B4		; copy rp
+||	ZERO	B19		; high part of accumulator
+	MVC	B0,RILC
+||	SUB	B0,2,B1		; first ILC
+||	SUB	B0,1,B2		; const B2=N-1
+||	LDW	*A5++,B6	; ap[0]
+||	MV	A0,A3		; const A3=M
+	.else
+	;; This alternative is an exercise in fully unrolled Comba
+	;; algorithm implementation that operates at n*(n+1)+12, or
+	;; as little as 32 cycles...
+	LDW	*ARG1[0],B16	; a[0]
+||	LDW	*ARG2[0],A16	; b[0]
+	LDW	*ARG1[1],B17	; a[1]
+||	LDW	*ARG2[1],A17	; b[1]
+	LDW	*ARG1[2],B18	; a[2]
+||	LDW	*ARG2[2],A18	; b[2]
+	LDW	*ARG1[3],B19	; a[3]
+||	LDW	*ARG2[3],A19	; b[3]
+	NOP
+	MPY32U	A16,B16,A1:A0	; a[0]*b[0]
+	MPY32U	A17,B16,A23:A22	; a[0]*b[1]
+	MPY32U	A16,B17,A25:A24	; a[1]*b[0]
+	MPY32U	A16,B18,A27:A26	; a[2]*b[0]
+	STW	A0,*ARG0[0]
+||	MPY32U	A17,B17,A29:A28	; a[1]*b[1]
+	MPY32U	A18,B16,A31:A30	; a[0]*b[2]
+||	ADDU	A22,A1,A1:A0
+	MV	A23,B0
+||	MPY32U	A19,B16,A21:A20	; a[3]*b[0]
+||	ADDU	A24,A1:A0,A1:A0
+	ADDU	A25,B0,B1:B0
+||	STW	A0,*ARG0[1]
+||	MPY32U	A18,B17,A23:A22	; a[2]*b[1]
+||	ADDU	A26,A1,A9:A8
+	ADDU	A27,B1,B9:B8
+||	MPY32U	A17,B18,A25:A24	; a[1]*b[2]
+||	ADDU	A28,A9:A8,A9:A8
+	ADDU	A29,B9:B8,B9:B8
+||	MPY32U	A16,B19,A27:A26	; a[0]*b[3]
+||	ADDU	A30,A9:A8,A9:A8
+	ADDU	A31,B9:B8,B9:B8
+||	ADDU	B0,A9:A8,A9:A8
+	STW	A8,*ARG0[2]
+||	ADDU	A20,A9,A1:A0
+	ADDU	A21,B9,B1:B0
+||	MPY32U	A19,B17,A21:A20	; a[3]*b[1]
+||	ADDU	A22,A1:A0,A1:A0
+	ADDU	A23,B1:B0,B1:B0
+||	MPY32U	A18,B18,A23:A22	; a[2]*b[2]
+||	ADDU	A24,A1:A0,A1:A0
+	ADDU	A25,B1:B0,B1:B0
+||	MPY32U	A17,B19,A25:A24	; a[1]*b[3]
+||	ADDU	A26,A1:A0,A1:A0
+	ADDU	A27,B1:B0,B1:B0
+||	ADDU	B8,A1:A0,A1:A0
+	STW	A0,*ARG0[3]
+||	MPY32U	A19,B18,A27:A26	; a[3]*b[2]
+||	ADDU	A20,A1,A9:A8
+	ADDU	A21,B1,B9:B8
+||	MPY32U	A18,B19,A29:A28	; a[2]*b[3]
+||	ADDU	A22,A9:A8,A9:A8
+	ADDU	A23,B9:B8,B9:B8
+||	MPY32U	A19,B19,A31:A30	; a[3]*b[3]
+||	ADDU	A24,A9:A8,A9:A8
+	ADDU	A25,B9:B8,B9:B8
+||	ADDU	B0,A9:A8,A9:A8
+	STW	A8,*ARG0[4]
+||	ADDU	A26,A9,A1:A0
+	ADDU	A27,B9,B1:B0
+||	ADDU	A28,A1:A0,A1:A0
+	ADDU	A29,B1:B0,B1:B0
+||	BNOP	RA
+||	ADDU	B8,A1:A0,A1:A0
+	STW	A0,*ARG0[5]
+||	ADDU	A30,A1,A9:A8
+	ADD	A31,B1,B8
+	ADDU	B0,A9:A8,A9:A8	; removed || to avoid cross-path stall below
+	ADD	B8,A9,A9
+||	STW	A8,*ARG0[6]
+	STW	A9,*ARG0[7]
+	.endif
+	.endasmfunc
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/c64xplus-gf2m.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/c64xplus-gf2m.pl
new file mode 100644
index 000000000..9c46da3af
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/c64xplus-gf2m.pl
@@ -0,0 +1,160 @@
+#! /usr/bin/env perl
+# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# February 2012
+#
+# The module implements bn_GF2m_mul_2x2 polynomial multiplication
+# used in bn_gf2m.c. It's kind of low-hanging mechanical port from
+# C for the time being... The subroutine runs in 37 cycles, which is
+# 4.5x faster than compiler-generated code. Though comparison is
+# totally unfair, because this module utilizes Galois Field Multiply
+# instruction.
+
+while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+open STDOUT,">$output";
+
+($rp,$a1,$a0,$b1,$b0)=("A4","B4","A6","B6","A8");   # argument vector
+
+($Alo,$Alox0,$Alox1,$Alox2,$Alox3)=map("A$_",(16..20));
+($Ahi,$Ahix0,$Ahix1,$Ahix2,$Ahix3)=map("B$_",(16..20));
+($B_0,$B_1,$B_2,$B_3)=("B5","A5","A7","B7");
+($A,$B)=($Alo,$B_1);
+$xFF="B1";
+
+sub mul_1x1_upper {
+my ($A,$B)=@_;
+$code.=<<___;
+	EXTU	$B,8,24,$B_2		; smash $B to 4 bytes
+||	AND	$B,$xFF,$B_0
+||	SHRU	$B,24,$B_3
+	SHRU	$A,16,   $Ahi		; smash $A to two halfwords
+||	EXTU	$A,16,16,$Alo
+
+	XORMPY	$Alo,$B_2,$Alox2	; 16x8 bits multiplication
+||	XORMPY	$Ahi,$B_2,$Ahix2
+||	EXTU	$B,16,24,$B_1
+	XORMPY	$Alo,$B_0,$Alox0
+||	XORMPY	$Ahi,$B_0,$Ahix0
+	XORMPY	$Alo,$B_3,$Alox3
+||	XORMPY	$Ahi,$B_3,$Ahix3
+	XORMPY	$Alo,$B_1,$Alox1
+||	XORMPY	$Ahi,$B_1,$Ahix1
+___
+}
+sub mul_1x1_merged {
+my ($OUTlo,$OUThi,$A,$B)=@_;
+$code.=<<___;
+	 EXTU	$B,8,24,$B_2		; smash $B to 4 bytes
+||	 AND	$B,$xFF,$B_0
+||	 SHRU	$B,24,$B_3
+	 SHRU	$A,16,   $Ahi		; smash $A to two halfwords
+||	 EXTU	$A,16,16,$Alo
+
+	XOR	$Ahix0,$Alox2,$Ahix0
+||	MV	$Ahix2,$OUThi
+||	 XORMPY	$Alo,$B_2,$Alox2
+	 XORMPY	$Ahi,$B_2,$Ahix2
+||	 EXTU	$B,16,24,$B_1
+||	 XORMPY	$Alo,$B_0,A1		; $Alox0
+	XOR	$Ahix1,$Alox3,$Ahix1
+||	SHL	$Ahix0,16,$OUTlo
+||	SHRU	$Ahix0,16,$Ahix0
+	XOR	$Alox0,$OUTlo,$OUTlo
+||	XOR	$Ahix0,$OUThi,$OUThi
+||	 XORMPY	$Ahi,$B_0,$Ahix0
+||	 XORMPY	$Alo,$B_3,$Alox3
+||	SHL	$Alox1,8,$Alox1
+||	SHL	$Ahix3,8,$Ahix3
+	XOR	$Alox1,$OUTlo,$OUTlo
+||	XOR	$Ahix3,$OUThi,$OUThi
+||	 XORMPY	$Ahi,$B_3,$Ahix3
+||	SHL	$Ahix1,24,$Alox1
+||	SHRU	$Ahix1,8, $Ahix1
+	XOR	$Alox1,$OUTlo,$OUTlo
+||	XOR	$Ahix1,$OUThi,$OUThi
+||	 XORMPY	$Alo,$B_1,$Alox1
+||	 XORMPY	$Ahi,$B_1,$Ahix1
+||	 MV	A1,$Alox0
+___
+}
+sub mul_1x1_lower {
+my ($OUTlo,$OUThi)=@_;
+$code.=<<___;
+	;NOP
+	XOR	$Ahix0,$Alox2,$Ahix0
+||	MV	$Ahix2,$OUThi
+	NOP
+	XOR	$Ahix1,$Alox3,$Ahix1
+||	SHL	$Ahix0,16,$OUTlo
+||	SHRU	$Ahix0,16,$Ahix0
+	XOR	$Alox0,$OUTlo,$OUTlo
+||	XOR	$Ahix0,$OUThi,$OUThi
+||	SHL	$Alox1,8,$Alox1
+||	SHL	$Ahix3,8,$Ahix3
+	XOR	$Alox1,$OUTlo,$OUTlo
+||	XOR	$Ahix3,$OUThi,$OUThi
+||	SHL	$Ahix1,24,$Alox1
+||	SHRU	$Ahix1,8, $Ahix1
+	XOR	$Alox1,$OUTlo,$OUTlo
+||	XOR	$Ahix1,$OUThi,$OUThi
+___
+}
+$code.=<<___;
+	.text
+
+	.if	.ASSEMBLER_VERSION<7000000
+	.asg	0,__TI_EABI__
+	.endif
+	.if	__TI_EABI__
+	.asg	bn_GF2m_mul_2x2,_bn_GF2m_mul_2x2
+	.endif
+
+	.global	_bn_GF2m_mul_2x2
+_bn_GF2m_mul_2x2:
+	.asmfunc
+	MVK	0xFF,$xFF
+___
+	&mul_1x1_upper($a0,$b0);		# a0·b0
+$code.=<<___;
+||	MV	$b1,$B
+	MV	$a1,$A
+___
+	&mul_1x1_merged("A28","B28",$A,$B);	# a0·b0/a1·b1
+$code.=<<___;
+||	XOR	$b0,$b1,$B
+	XOR	$a0,$a1,$A
+___
+	&mul_1x1_merged("A31","B31",$A,$B);	# a1·b1/(a0+a1)·(b0+b1)
+$code.=<<___;
+	XOR	A28,A31,A29
+||	XOR	B28,B31,B29			; a0·b0+a1·b1
+___
+	&mul_1x1_lower("A30","B30");		# (a0+a1)·(b0+b1)
+$code.=<<___;
+||	BNOP	B3
+	XOR	A29,A30,A30
+||	XOR	B29,B30,B30			; (a0+a1)·(b0+b1)-a0·b0-a1·b1
+	XOR	B28,A30,A30
+||	STW	A28,*${rp}[0]
+	XOR	B30,A31,A31
+||	STW	A30,*${rp}[1]
+	STW	A31,*${rp}[2]
+	STW	B31,*${rp}[3]
+	.endasmfunc
+___
+
+print $code;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/co-586.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/co-586.pl
new file mode 100644
index 000000000..97f5e3a19
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/co-586.pl
@@ -0,0 +1,298 @@
+#! /usr/bin/env perl
+# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+
+$output = pop;
+open STDOUT,">$output";
+
+&asm_init($ARGV[0]);
+
+&bn_mul_comba("bn_mul_comba8",8);
+&bn_mul_comba("bn_mul_comba4",4);
+&bn_sqr_comba("bn_sqr_comba8",8);
+&bn_sqr_comba("bn_sqr_comba4",4);
+
+&asm_finish();
+
+close STDOUT;
+
+sub mul_add_c
+	{
+	local($a,$ai,$b,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_;
+
+	# pos == -1 if eax and edx are pre-loaded, 0 to load from next
+	# words, and 1 if load return value
+
+	&comment("mul a[$ai]*b[$bi]");
+
+	# "eax" and "edx" will always be pre-loaded.
+	# &mov("eax",&DWP($ai*4,$a,"",0)) ;
+	# &mov("edx",&DWP($bi*4,$b,"",0));
+
+	&mul("edx");
+	&add($c0,"eax");
+	 &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0;	# laod next a
+	 &mov("eax",&wparam(0)) if $pos > 0;			# load r[]
+	 ###
+	&adc($c1,"edx");
+	 &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 0;	# laod next b
+	 &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 1;	# laod next b
+	 ###
+	&adc($c2,0);
+	 # is pos > 1, it means it is the last loop
+	 &mov(&DWP($i*4,"eax","",0),$c0) if $pos > 0;		# save r[];
+	&mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1;		# laod next a
+	}
+
+sub sqr_add_c
+	{
+	local($r,$a,$ai,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_;
+
+	# pos == -1 if eax and edx are pre-loaded, 0 to load from next
+	# words, and 1 if load return value
+
+	&comment("sqr a[$ai]*a[$bi]");
+
+	# "eax" and "edx" will always be pre-loaded.
+	# &mov("eax",&DWP($ai*4,$a,"",0)) ;
+	# &mov("edx",&DWP($bi*4,$b,"",0));
+
+	if ($ai == $bi)
+		{ &mul("eax");}
+	else
+		{ &mul("edx");}
+	&add($c0,"eax");
+	 &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0;	# load next a
+	 ###
+	&adc($c1,"edx");
+	 &mov("edx",&DWP(($nb)*4,$a,"",0)) if ($pos == 1) && ($na != $nb);
+	 ###
+	&adc($c2,0);
+	 # is pos > 1, it means it is the last loop
+	 &mov(&DWP($i*4,$r,"",0),$c0) if $pos > 0;		# save r[];
+	&mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1;		# load next b
+	}
+
+sub sqr_add_c2
+	{
+	local($r,$a,$ai,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_;
+
+	# pos == -1 if eax and edx are pre-loaded, 0 to load from next
+	# words, and 1 if load return value
+
+	&comment("sqr a[$ai]*a[$bi]");
+
+	# "eax" and "edx" will always be pre-loaded.
+	# &mov("eax",&DWP($ai*4,$a,"",0)) ;
+	# &mov("edx",&DWP($bi*4,$a,"",0));
+
+	if ($ai == $bi)
+		{ &mul("eax");}
+	else
+		{ &mul("edx");}
+	&add("eax","eax");
+	 ###
+	&adc("edx","edx");
+	 ###
+	&adc($c2,0);
+	 &add($c0,"eax");
+	&adc($c1,"edx");
+	 &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0;	# load next a
+	 &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1;	# load next b
+	&adc($c2,0);
+	&mov(&DWP($i*4,$r,"",0),$c0) if $pos > 0;		# save r[];
+	 &mov("edx",&DWP(($nb)*4,$a,"",0)) if ($pos <= 1) && ($na != $nb);
+	 ###
+	}
+
+sub bn_mul_comba
+	{
+	local($name,$num)=@_;
+	local($a,$b,$c0,$c1,$c2);
+	local($i,$as,$ae,$bs,$be,$ai,$bi);
+	local($tot,$end);
+
+	&function_begin_B($name,"");
+
+	$c0="ebx";
+	$c1="ecx";
+	$c2="ebp";
+	$a="esi";
+	$b="edi";
+
+	$as=0;
+	$ae=0;
+	$bs=0;
+	$be=0;
+	$tot=$num+$num-1;
+
+	&push("esi");
+	 &mov($a,&wparam(1));
+	&push("edi");
+	 &mov($b,&wparam(2));
+	&push("ebp");
+	 &push("ebx");
+
+	&xor($c0,$c0);
+	 &mov("eax",&DWP(0,$a,"",0));	# load the first word
+	&xor($c1,$c1);
+	 &mov("edx",&DWP(0,$b,"",0));	# load the first second
+
+	for ($i=0; $i<$tot; $i++)
+		{
+		$ai=$as;
+		$bi=$bs;
+		$end=$be+1;
+
+		&comment("################## Calculate word $i");
+
+		for ($j=$bs; $j<$end; $j++)
+			{
+			&xor($c2,$c2) if ($j == $bs);
+			if (($j+1) == $end)
+				{
+				$v=1;
+				$v=2 if (($i+1) == $tot);
+				}
+			else
+				{ $v=0; }
+			if (($j+1) != $end)
+				{
+				$na=($ai-1);
+				$nb=($bi+1);
+				}
+			else
+				{
+				$na=$as+($i < ($num-1));
+				$nb=$bs+($i >= ($num-1));
+				}
+#printf STDERR "[$ai,$bi] -> [$na,$nb]\n";
+			&mul_add_c($a,$ai,$b,$bi,$c0,$c1,$c2,$v,$i,$na,$nb);
+			if ($v)
+				{
+				&comment("saved r[$i]");
+				# &mov("eax",&wparam(0));
+				# &mov(&DWP($i*4,"eax","",0),$c0);
+				($c0,$c1,$c2)=($c1,$c2,$c0);
+				}
+			$ai--;
+			$bi++;
+			}
+		$as++ if ($i < ($num-1));
+		$ae++ if ($i >= ($num-1));
+
+		$bs++ if ($i >= ($num-1));
+		$be++ if ($i < ($num-1));
+		}
+	&comment("save r[$i]");
+	# &mov("eax",&wparam(0));
+	&mov(&DWP($i*4,"eax","",0),$c0);
+
+	&pop("ebx");
+	&pop("ebp");
+	&pop("edi");
+	&pop("esi");
+	&ret();
+	&function_end_B($name);
+	}
+
+sub bn_sqr_comba
+	{
+	local($name,$num)=@_;
+	local($r,$a,$c0,$c1,$c2)=@_;
+	local($i,$as,$ae,$bs,$be,$ai,$bi);
+	local($b,$tot,$end,$half);
+
+	&function_begin_B($name,"");
+
+	$c0="ebx";
+	$c1="ecx";
+	$c2="ebp";
+	$a="esi";
+	$r="edi";
+
+	&push("esi");
+	 &push("edi");
+	&push("ebp");
+	 &push("ebx");
+	&mov($r,&wparam(0));
+	 &mov($a,&wparam(1));
+	&xor($c0,$c0);
+	 &xor($c1,$c1);
+	&mov("eax",&DWP(0,$a,"",0)); # load the first word
+
+	$as=0;
+	$ae=0;
+	$bs=0;
+	$be=0;
+	$tot=$num+$num-1;
+
+	for ($i=0; $i<$tot; $i++)
+		{
+		$ai=$as;
+		$bi=$bs;
+		$end=$be+1;
+
+		&comment("############### Calculate word $i");
+		for ($j=$bs; $j<$end; $j++)
+			{
+			&xor($c2,$c2) if ($j == $bs);
+			if (($ai-1) < ($bi+1))
+				{
+				$v=1;
+				$v=2 if ($i+1) == $tot;
+				}
+			else
+				{ $v=0; }
+			if (!$v)
+				{
+				$na=$ai-1;
+				$nb=$bi+1;
+				}
+			else
+				{
+				$na=$as+($i < ($num-1));
+				$nb=$bs+($i >= ($num-1));
+				}
+			if ($ai == $bi)
+				{
+				&sqr_add_c($r,$a,$ai,$bi,
+					$c0,$c1,$c2,$v,$i,$na,$nb);
+				}
+			else
+				{
+				&sqr_add_c2($r,$a,$ai,$bi,
+					$c0,$c1,$c2,$v,$i,$na,$nb);
+				}
+			if ($v)
+				{
+				&comment("saved r[$i]");
+				#&mov(&DWP($i*4,$r,"",0),$c0);
+				($c0,$c1,$c2)=($c1,$c2,$c0);
+				last;
+				}
+			$ai--;
+			$bi++;
+			}
+		$as++ if ($i < ($num-1));
+		$ae++ if ($i >= ($num-1));
+
+		$bs++ if ($i >= ($num-1));
+		$be++ if ($i < ($num-1));
+		}
+	&mov(&DWP($i*4,$r,"",0),$c0);
+	&pop("ebx");
+	&pop("ebp");
+	&pop("edi");
+	&pop("esi");
+	&ret();
+	&function_end_B($name);
+	}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/ia64-mont.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/ia64-mont.pl
new file mode 100644
index 000000000..ec486f777
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/ia64-mont.pl
@@ -0,0 +1,860 @@
+#! /usr/bin/env perl
+# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# January 2010
+#
+# "Teaser" Montgomery multiplication module for IA-64. There are
+# several possibilities for improvement:
+#
+# - modulo-scheduling outer loop would eliminate quite a number of
+#   stalls after ldf8, xma and getf.sig outside inner loop and
+#   improve shorter key performance;
+# - shorter vector support [with input vectors being fetched only
+#   once] should be added;
+# - 2x unroll with help of n0[1] would make the code scalable on
+#   "wider" IA-64, "wider" than Itanium 2 that is, which is not of
+#   acute interest, because upcoming Tukwila's individual cores are
+#   reportedly based on Itanium 2 design;
+# - dedicated squaring procedure(?);
+#
+# January 2010
+#
+# Shorter vector support is implemented by zero-padding ap and np
+# vectors up to 8 elements, or 512 bits. This means that 256-bit
+# inputs will be processed only 2 times faster than 512-bit inputs,
+# not 4 [as one would expect, because algorithm complexity is n^2].
+# The reason for padding is that inputs shorter than 512 bits won't
+# be processed faster anyway, because minimal critical path of the
+# core loop happens to match 512-bit timing. Either way, it resulted
+# in >100% improvement of 512-bit RSA sign benchmark and 50% - of
+# 1024-bit one [in comparison to original version of *this* module].
+#
+# So far 'openssl speed rsa dsa' output on 900MHz Itanium 2 *with*
+# this module is:
+#                   sign    verify    sign/s verify/s
+# rsa  512 bits 0.000290s 0.000024s   3452.8  42031.4
+# rsa 1024 bits 0.000793s 0.000058s   1261.7  17172.0
+# rsa 2048 bits 0.005908s 0.000148s    169.3   6754.0
+# rsa 4096 bits 0.033456s 0.000469s     29.9   2133.6
+# dsa  512 bits 0.000253s 0.000198s   3949.9   5057.0
+# dsa 1024 bits 0.000585s 0.000607s   1708.4   1647.4
+# dsa 2048 bits 0.001453s 0.001703s    688.1    587.4
+#
+# ... and *without* (but still with ia64.S):
+#
+# rsa  512 bits 0.000670s 0.000041s   1491.8  24145.5
+# rsa 1024 bits 0.001988s 0.000080s    502.9  12499.3
+# rsa 2048 bits 0.008702s 0.000189s    114.9   5293.9
+# rsa 4096 bits 0.043860s 0.000533s     22.8   1875.9
+# dsa  512 bits 0.000441s 0.000427s   2265.3   2340.6
+# dsa 1024 bits 0.000823s 0.000867s   1215.6   1153.2
+# dsa 2048 bits 0.001894s 0.002179s    528.1    458.9
+#
+# As it can be seen, RSA sign performance improves by 130-30%,
+# hereafter less for longer keys, while verify - by 74-13%.
+# DSA performance improves by 115-30%.
+
+$output=pop;
+
+if ($^O eq "hpux") {
+    $ADDP="addp4";
+    for (@ARGV) { $ADDP="add" if (/[\+DD|\-mlp]64/); }
+} else { $ADDP="add"; }
+
+$code=<<___;
+.explicit
+.text
+
+// int bn_mul_mont (BN_ULONG *rp,const BN_ULONG *ap,
+//		    const BN_ULONG *bp,const BN_ULONG *np,
+//		    const BN_ULONG *n0p,int num);
+.align	64
+.global	bn_mul_mont#
+.proc	bn_mul_mont#
+bn_mul_mont:
+	.prologue
+	.body
+{ .mmi;	cmp4.le		p6,p7=2,r37;;
+(p6)	cmp4.lt.unc	p8,p9=8,r37
+	mov		ret0=r0		};;
+{ .bbb;
+(p9)	br.cond.dptk.many	bn_mul_mont_8
+(p8)	br.cond.dpnt.many	bn_mul_mont_general
+(p7)	br.ret.spnt.many	b0	};;
+.endp	bn_mul_mont#
+
+prevfs=r2;	prevpr=r3;	prevlc=r10;	prevsp=r11;
+
+rptr=r8;	aptr=r9;	bptr=r14;	nptr=r15;
+tptr=r16;	// &tp[0]
+tp_1=r17;	// &tp[-1]
+num=r18;	len=r19;	lc=r20;
+topbit=r21;	// carry bit from tmp[num]
+
+n0=f6;
+m0=f7;
+bi=f8;
+
+.align	64
+.local	bn_mul_mont_general#
+.proc	bn_mul_mont_general#
+bn_mul_mont_general:
+	.prologue
+{ .mmi;	.save	ar.pfs,prevfs
+	alloc	prevfs=ar.pfs,6,2,0,8
+	$ADDP	aptr=0,in1
+	.save	ar.lc,prevlc
+	mov	prevlc=ar.lc		}
+{ .mmi;	.vframe	prevsp
+	mov	prevsp=sp
+	$ADDP	bptr=0,in2
+	.save	pr,prevpr
+	mov	prevpr=pr		};;
+
+	.body
+	.rotf		alo[6],nlo[4],ahi[8],nhi[6]
+	.rotr		a[3],n[3],t[2]
+
+{ .mmi;	ldf8		bi=[bptr],8		// (*bp++)
+	ldf8		alo[4]=[aptr],16	// ap[0]
+	$ADDP		r30=8,in1	};;
+{ .mmi;	ldf8		alo[3]=[r30],16		// ap[1]
+	ldf8		alo[2]=[aptr],16	// ap[2]
+	$ADDP		in4=0,in4	};;
+{ .mmi;	ldf8		alo[1]=[r30]		// ap[3]
+	ldf8		n0=[in4]		// n0
+	$ADDP		rptr=0,in0		}
+{ .mmi;	$ADDP		nptr=0,in3
+	mov		r31=16
+	zxt4		num=in5		};;
+{ .mmi;	ldf8		nlo[2]=[nptr],8		// np[0]
+	shladd		len=num,3,r0
+	shladd		r31=num,3,r31	};;
+{ .mmi;	ldf8		nlo[1]=[nptr],8		// np[1]
+	add		lc=-5,num
+	sub		r31=sp,r31	};;
+{ .mfb;	and		sp=-16,r31		// alloca
+	xmpy.hu		ahi[2]=alo[4],bi	// ap[0]*bp[0]
+	nop.b		0		}
+{ .mfb;	nop.m		0
+	xmpy.lu		alo[4]=alo[4],bi
+	brp.loop.imp	.L1st_ctop,.L1st_cend-16
+					};;
+{ .mfi;	nop.m		0
+	xma.hu		ahi[1]=alo[3],bi,ahi[2]	// ap[1]*bp[0]
+	add		tp_1=8,sp	}
+{ .mfi;	nop.m		0
+	xma.lu		alo[3]=alo[3],bi,ahi[2]
+	mov		pr.rot=0x20001f<<16
+			// ------^----- (p40) at first (p23)
+			// ----------^^ p[16:20]=1
+					};;
+{ .mfi;	nop.m		0
+	xmpy.lu		m0=alo[4],n0		// (ap[0]*bp[0])*n0
+	mov		ar.lc=lc	}
+{ .mfi;	nop.m		0
+	fcvt.fxu.s1	nhi[1]=f0
+	mov		ar.ec=8		};;
+
+.align	32
+.L1st_ctop:
+.pred.rel	"mutex",p40,p42
+{ .mfi;	(p16)	ldf8		alo[0]=[aptr],8		    // *(aptr++)
+	(p18)	xma.hu		ahi[0]=alo[2],bi,ahi[1]
+	(p40)	add		n[2]=n[2],a[2]		}   // (p23)					}
+{ .mfi;	(p18)	ldf8		nlo[0]=[nptr],8		    // *(nptr++)(p16)
+	(p18)	xma.lu		alo[2]=alo[2],bi,ahi[1]
+	(p42)	add		n[2]=n[2],a[2],1	};; // (p23)
+{ .mfi;	(p21)	getf.sig	a[0]=alo[5]
+	(p20)	xma.hu		nhi[0]=nlo[2],m0,nhi[1]
+	(p42)	cmp.leu		p41,p39=n[2],a[2]   	}   // (p23)
+{ .mfi;	(p23)	st8		[tp_1]=n[2],8
+	(p20)	xma.lu		nlo[2]=nlo[2],m0,nhi[1]
+	(p40)	cmp.ltu		p41,p39=n[2],a[2]	}   // (p23)
+{ .mmb;	(p21)	getf.sig	n[0]=nlo[3]
+	(p16)	nop.m		0
+	br.ctop.sptk	.L1st_ctop			};;
+.L1st_cend:
+
+{ .mmi;	getf.sig	a[0]=ahi[6]		// (p24)
+	getf.sig	n[0]=nhi[4]
+	add		num=-1,num	};;	// num--
+{ .mmi;	.pred.rel	"mutex",p40,p42
+(p40)	add		n[0]=n[0],a[0]
+(p42)	add		n[0]=n[0],a[0],1
+	sub		aptr=aptr,len	};;	// rewind
+{ .mmi;	.pred.rel	"mutex",p40,p42
+(p40)	cmp.ltu		p41,p39=n[0],a[0]
+(p42)	cmp.leu		p41,p39=n[0],a[0]
+	sub		nptr=nptr,len	};;
+{ .mmi;	.pred.rel	"mutex",p39,p41
+(p39)	add		topbit=r0,r0
+(p41)	add		topbit=r0,r0,1
+	nop.i		0		}
+{ .mmi;	st8		[tp_1]=n[0]
+	add		tptr=16,sp
+	add		tp_1=8,sp	};;
+
+.Louter:
+{ .mmi;	ldf8		bi=[bptr],8		// (*bp++)
+	ldf8		ahi[3]=[tptr]		// tp[0]
+	add		r30=8,aptr	};;
+{ .mmi;	ldf8		alo[4]=[aptr],16	// ap[0]
+	ldf8		alo[3]=[r30],16		// ap[1]
+	add		r31=8,nptr	};;
+{ .mfb;	ldf8		alo[2]=[aptr],16	// ap[2]
+	xma.hu		ahi[2]=alo[4],bi,ahi[3]	// ap[0]*bp[i]+tp[0]
+	brp.loop.imp	.Linner_ctop,.Linner_cend-16
+					}
+{ .mfb;	ldf8		alo[1]=[r30]		// ap[3]
+	xma.lu		alo[4]=alo[4],bi,ahi[3]
+	clrrrb.pr			};;
+{ .mfi;	ldf8		nlo[2]=[nptr],16	// np[0]
+	xma.hu		ahi[1]=alo[3],bi,ahi[2]	// ap[1]*bp[i]
+	nop.i		0		}
+{ .mfi;	ldf8		nlo[1]=[r31]		// np[1]
+	xma.lu		alo[3]=alo[3],bi,ahi[2]
+	mov		pr.rot=0x20101f<<16
+			// ------^----- (p40) at first (p23)
+			// --------^--- (p30) at first (p22)
+			// ----------^^ p[16:20]=1
+					};;
+{ .mfi;	st8		[tptr]=r0		// tp[0] is already accounted
+	xmpy.lu		m0=alo[4],n0		// (ap[0]*bp[i]+tp[0])*n0
+	mov		ar.lc=lc	}
+{ .mfi;
+	fcvt.fxu.s1	nhi[1]=f0
+	mov		ar.ec=8		};;
+
+// This loop spins in 4*(n+7) ticks on Itanium 2 and should spin in
+// 7*(n+7) ticks on Itanium (the one codenamed Merced). Factor of 7
+// in latter case accounts for two-tick pipeline stall, which means
+// that its performance would be ~20% lower than optimal one. No
+// attempt was made to address this, because original Itanium is
+// hardly represented out in the wild...
+.align	32
+.Linner_ctop:
+.pred.rel	"mutex",p40,p42
+.pred.rel	"mutex",p30,p32
+{ .mfi;	(p16)	ldf8		alo[0]=[aptr],8		    // *(aptr++)
+	(p18)	xma.hu		ahi[0]=alo[2],bi,ahi[1]
+	(p40)	add		n[2]=n[2],a[2]		}   // (p23)
+{ .mfi;	(p16)	nop.m		0
+	(p18)	xma.lu		alo[2]=alo[2],bi,ahi[1]
+	(p42)	add		n[2]=n[2],a[2],1	};; // (p23)
+{ .mfi;	(p21)	getf.sig	a[0]=alo[5]
+	(p16)	nop.f		0
+	(p40)	cmp.ltu		p41,p39=n[2],a[2]	}   // (p23)
+{ .mfi;	(p21)	ld8		t[0]=[tptr],8
+	(p16)	nop.f		0
+	(p42)	cmp.leu		p41,p39=n[2],a[2]	};; // (p23)
+{ .mfi;	(p18)	ldf8		nlo[0]=[nptr],8		    // *(nptr++)
+	(p20)	xma.hu		nhi[0]=nlo[2],m0,nhi[1]
+	(p30)	add		a[1]=a[1],t[1]		}   // (p22)
+{ .mfi;	(p16)	nop.m		0
+	(p20)	xma.lu		nlo[2]=nlo[2],m0,nhi[1]
+	(p32)	add		a[1]=a[1],t[1],1	};; // (p22)
+{ .mmi;	(p21)	getf.sig	n[0]=nlo[3]
+	(p16)	nop.m		0
+	(p30)	cmp.ltu		p31,p29=a[1],t[1]	}   // (p22)
+{ .mmb;	(p23)	st8		[tp_1]=n[2],8
+	(p32)	cmp.leu		p31,p29=a[1],t[1]	    // (p22)
+	br.ctop.sptk	.Linner_ctop			};;
+.Linner_cend:
+
+{ .mmi;	getf.sig	a[0]=ahi[6]		// (p24)
+	getf.sig	n[0]=nhi[4]
+	nop.i		0		};;
+
+{ .mmi;	.pred.rel	"mutex",p31,p33
+(p31)	add		a[0]=a[0],topbit
+(p33)	add		a[0]=a[0],topbit,1
+	mov		topbit=r0	};;
+{ .mfi; .pred.rel	"mutex",p31,p33
+(p31)	cmp.ltu		p32,p30=a[0],topbit
+(p33)	cmp.leu		p32,p30=a[0],topbit
+					}
+{ .mfi;	.pred.rel	"mutex",p40,p42
+(p40)	add		n[0]=n[0],a[0]
+(p42)	add		n[0]=n[0],a[0],1
+					};;
+{ .mmi;	.pred.rel	"mutex",p44,p46
+(p40)	cmp.ltu		p41,p39=n[0],a[0]
+(p42)	cmp.leu		p41,p39=n[0],a[0]
+(p32)	add		topbit=r0,r0,1	}
+
+{ .mmi;	st8		[tp_1]=n[0],8
+	cmp4.ne		p6,p0=1,num
+	sub		aptr=aptr,len	};;	// rewind
+{ .mmi;	sub		nptr=nptr,len
+(p41)	add		topbit=r0,r0,1
+	add		tptr=16,sp	}
+{ .mmb;	add		tp_1=8,sp
+	add		num=-1,num		// num--
+(p6)	br.cond.sptk.many	.Louter	};;
+
+{ .mbb;	add		lc=4,lc
+	brp.loop.imp	.Lsub_ctop,.Lsub_cend-16
+	clrrrb.pr			};;
+{ .mii;	nop.m		0
+	mov		pr.rot=0x10001<<16
+			// ------^---- (p33) at first (p17)
+	mov		ar.lc=lc	}
+{ .mii;	nop.m		0
+	mov		ar.ec=3
+	nop.i		0		};;
+
+.Lsub_ctop:
+.pred.rel	"mutex",p33,p35
+{ .mfi;	(p16)	ld8		t[0]=[tptr],8		    // t=*(tp++)
+	(p16)	nop.f		0
+	(p33)	sub		n[1]=t[1],n[1]		}   // (p17)
+{ .mfi;	(p16)	ld8		n[0]=[nptr],8		    // n=*(np++)
+	(p16)	nop.f		0
+	(p35)	sub		n[1]=t[1],n[1],1	};; // (p17)
+{ .mib;	(p18)	st8		[rptr]=n[2],8		    // *(rp++)=r
+	(p33)	cmp.gtu		p34,p32=n[1],t[1]	    // (p17)
+	(p18)	nop.b		0			}
+{ .mib;	(p18)	nop.m		0
+	(p35)	cmp.geu		p34,p32=n[1],t[1]	    // (p17)
+	br.ctop.sptk	.Lsub_ctop			};;
+.Lsub_cend:
+
+{ .mmb;	.pred.rel	"mutex",p34,p36
+(p34)	sub	topbit=topbit,r0	// (p19)
+(p36)	sub	topbit=topbit,r0,1
+	brp.loop.imp	.Lcopy_ctop,.Lcopy_cend-16
+					}
+{ .mmb;	sub	rptr=rptr,len		// rewind
+	sub	tptr=tptr,len
+	clrrrb.pr			};;
+{ .mmi;	mov	aptr=rptr
+	mov	bptr=tptr
+	mov	pr.rot=1<<16		};;
+{ .mii;	cmp.eq	p0,p6=topbit,r0
+	mov	ar.lc=lc
+	mov	ar.ec=2			};;
+
+.Lcopy_ctop:
+{ .mmi;	(p16)	ld8	a[0]=[aptr],8
+	(p16)	ld8	t[0]=[bptr],8
+	(p6)	mov	a[1]=t[1]	};;	// (p17)
+{ .mmb;	(p17)	st8	[rptr]=a[1],8
+	(p17)	st8	[tptr]=r0,8
+	br.ctop.sptk	.Lcopy_ctop	};;
+.Lcopy_cend:
+
+{ .mmi;	mov		ret0=1			// signal "handled"
+	rum		1<<5			// clear um.mfh
+	mov		ar.lc=prevlc	}
+{ .mib;	.restore	sp
+	mov		sp=prevsp
+	mov		pr=prevpr,0x1ffff
+	br.ret.sptk.many	b0	};;
+.endp	bn_mul_mont_general#
+
+a1=r16;  a2=r17;  a3=r18;  a4=r19;  a5=r20;  a6=r21;  a7=r22;  a8=r23;
+n1=r24;  n2=r25;  n3=r26;  n4=r27;  n5=r28;  n6=r29;  n7=r30;  n8=r31;
+t0=r15;
+
+ai0=f8;  ai1=f9;  ai2=f10; ai3=f11; ai4=f12; ai5=f13; ai6=f14; ai7=f15;
+ni0=f16; ni1=f17; ni2=f18; ni3=f19; ni4=f20; ni5=f21; ni6=f22; ni7=f23;
+
+.align	64
+.skip	48		// aligns loop body
+.local	bn_mul_mont_8#
+.proc	bn_mul_mont_8#
+bn_mul_mont_8:
+	.prologue
+{ .mmi;	.save		ar.pfs,prevfs
+	alloc		prevfs=ar.pfs,6,2,0,8
+	.vframe		prevsp
+	mov		prevsp=sp
+	.save		ar.lc,prevlc
+	mov		prevlc=ar.lc	}
+{ .mmi;	add		r17=-6*16,sp
+	add		sp=-7*16,sp
+	.save		pr,prevpr
+	mov		prevpr=pr	};;
+
+{ .mmi;	.save.gf	0,0x10
+	stf.spill	[sp]=f16,-16
+	.save.gf	0,0x20
+	stf.spill	[r17]=f17,32
+	add		r16=-5*16,prevsp};;
+{ .mmi;	.save.gf	0,0x40
+	stf.spill	[r16]=f18,32
+	.save.gf	0,0x80
+	stf.spill	[r17]=f19,32
+	$ADDP		aptr=0,in1	};;
+{ .mmi;	.save.gf	0,0x100
+	stf.spill	[r16]=f20,32
+	.save.gf	0,0x200
+	stf.spill	[r17]=f21,32
+	$ADDP		r29=8,in1	};;
+{ .mmi;	.save.gf	0,0x400
+	stf.spill	[r16]=f22
+	.save.gf	0,0x800
+	stf.spill	[r17]=f23
+	$ADDP		rptr=0,in0	};;
+
+	.body
+	.rotf		bj[8],mj[2],tf[2],alo[10],ahi[10],nlo[10],nhi[10]
+	.rotr		t[8]
+
+// load input vectors padding them to 8 elements
+{ .mmi;	ldf8		ai0=[aptr],16		// ap[0]
+	ldf8		ai1=[r29],16		// ap[1]
+	$ADDP		bptr=0,in2	}
+{ .mmi;	$ADDP		r30=8,in2
+	$ADDP		nptr=0,in3
+	$ADDP		r31=8,in3	};;
+{ .mmi;	ldf8		bj[7]=[bptr],16		// bp[0]
+	ldf8		bj[6]=[r30],16		// bp[1]
+	cmp4.le		p4,p5=3,in5	}
+{ .mmi;	ldf8		ni0=[nptr],16		// np[0]
+	ldf8		ni1=[r31],16		// np[1]
+	cmp4.le		p6,p7=4,in5	};;
+
+{ .mfi;	(p4)ldf8	ai2=[aptr],16		// ap[2]
+	(p5)fcvt.fxu	ai2=f0
+	cmp4.le		p8,p9=5,in5	}
+{ .mfi;	(p6)ldf8	ai3=[r29],16		// ap[3]
+	(p7)fcvt.fxu	ai3=f0
+	cmp4.le		p10,p11=6,in5	}
+{ .mfi;	(p4)ldf8	bj[5]=[bptr],16		// bp[2]
+	(p5)fcvt.fxu	bj[5]=f0
+	cmp4.le		p12,p13=7,in5	}
+{ .mfi;	(p6)ldf8	bj[4]=[r30],16		// bp[3]
+	(p7)fcvt.fxu	bj[4]=f0
+	cmp4.le		p14,p15=8,in5	}
+{ .mfi;	(p4)ldf8	ni2=[nptr],16		// np[2]
+	(p5)fcvt.fxu	ni2=f0
+	addp4		r28=-1,in5	}
+{ .mfi;	(p6)ldf8	ni3=[r31],16		// np[3]
+	(p7)fcvt.fxu	ni3=f0
+	$ADDP		in4=0,in4	};;
+
+{ .mfi;	ldf8		n0=[in4]
+	fcvt.fxu	tf[1]=f0
+	nop.i		0		}
+
+{ .mfi;	(p8)ldf8	ai4=[aptr],16		// ap[4]
+	(p9)fcvt.fxu	ai4=f0
+	mov		t[0]=r0		}
+{ .mfi;	(p10)ldf8	ai5=[r29],16		// ap[5]
+	(p11)fcvt.fxu	ai5=f0
+	mov		t[1]=r0		}
+{ .mfi;	(p8)ldf8	bj[3]=[bptr],16		// bp[4]
+	(p9)fcvt.fxu	bj[3]=f0
+	mov		t[2]=r0		}
+{ .mfi;	(p10)ldf8	bj[2]=[r30],16		// bp[5]
+	(p11)fcvt.fxu	bj[2]=f0
+	mov		t[3]=r0		}
+{ .mfi;	(p8)ldf8	ni4=[nptr],16		// np[4]
+	(p9)fcvt.fxu	ni4=f0
+	mov		t[4]=r0		}
+{ .mfi;	(p10)ldf8	ni5=[r31],16		// np[5]
+	(p11)fcvt.fxu	ni5=f0
+	mov		t[5]=r0		};;
+
+{ .mfi;	(p12)ldf8	ai6=[aptr],16		// ap[6]
+	(p13)fcvt.fxu	ai6=f0
+	mov		t[6]=r0		}
+{ .mfi;	(p14)ldf8	ai7=[r29],16		// ap[7]
+	(p15)fcvt.fxu	ai7=f0
+	mov		t[7]=r0		}
+{ .mfi;	(p12)ldf8	bj[1]=[bptr],16		// bp[6]
+	(p13)fcvt.fxu	bj[1]=f0
+	mov		ar.lc=r28	}
+{ .mfi;	(p14)ldf8	bj[0]=[r30],16		// bp[7]
+	(p15)fcvt.fxu	bj[0]=f0
+	mov		ar.ec=1		}
+{ .mfi;	(p12)ldf8	ni6=[nptr],16		// np[6]
+	(p13)fcvt.fxu	ni6=f0
+	mov		pr.rot=1<<16	}
+{ .mfb;	(p14)ldf8	ni7=[r31],16		// np[7]
+	(p15)fcvt.fxu	ni7=f0
+	brp.loop.imp	.Louter_8_ctop,.Louter_8_cend-16
+					};;
+
+// The loop is scheduled for 32*n ticks on Itanium 2. Actual attempt
+// to measure with help of Interval Time Counter indicated that the
+// factor is a tad higher: 33 or 34, if not 35. Exact measurement and
+// addressing the issue is problematic, because I don't have access
+// to platform-specific instruction-level profiler. On Itanium it
+// should run in 56*n ticks, because of higher xma latency...
+.Louter_8_ctop:
+	.pred.rel		"mutex",p40,p42
+	.pred.rel		"mutex",p48,p50
+{ .mfi;	(p16)	nop.m		0			// 0:
+	(p16)	xma.hu		ahi[0]=ai0,bj[7],tf[1]	//	ap[0]*b[i]+t[0]
+	(p40)	add		a3=a3,n3	}	//	(p17) a3+=n3
+{ .mfi;	(p42)	add		a3=a3,n3,1
+	(p16)	xma.lu		alo[0]=ai0,bj[7],tf[1]
+	(p16)	nop.i		0		};;
+{ .mii;	(p17)	getf.sig	a7=alo[8]		// 1:
+	(p48)	add		t[6]=t[6],a3		//	(p17) t[6]+=a3
+	(p50)	add		t[6]=t[6],a3,1	};;
+{ .mfi;	(p17)	getf.sig	a8=ahi[8]		// 2:
+	(p17)	xma.hu		nhi[7]=ni6,mj[1],nhi[6]	//	np[6]*m0
+	(p40)	cmp.ltu		p43,p41=a3,n3	}
+{ .mfi;	(p42)	cmp.leu		p43,p41=a3,n3
+	(p17)	xma.lu		nlo[7]=ni6,mj[1],nhi[6]
+	(p16)	nop.i		0		};;
+{ .mii;	(p17)	getf.sig	n5=nlo[6]		// 3:
+	(p48)	cmp.ltu		p51,p49=t[6],a3
+	(p50)	cmp.leu		p51,p49=t[6],a3	};;
+	.pred.rel		"mutex",p41,p43
+	.pred.rel		"mutex",p49,p51
+{ .mfi;	(p16)	nop.m		0			// 4:
+	(p16)	xma.hu		ahi[1]=ai1,bj[7],ahi[0]	//	ap[1]*b[i]
+	(p41)	add		a4=a4,n4	}	//	(p17) a4+=n4
+{ .mfi;	(p43)	add		a4=a4,n4,1
+	(p16)	xma.lu		alo[1]=ai1,bj[7],ahi[0]
+	(p16)	nop.i		0		};;
+{ .mfi;	(p49)	add		t[5]=t[5],a4		// 5:	(p17) t[5]+=a4
+	(p16)	xmpy.lu		mj[0]=alo[0],n0		//	(ap[0]*b[i]+t[0])*n0
+	(p51)	add		t[5]=t[5],a4,1	};;
+{ .mfi;	(p16)	nop.m		0			// 6:
+	(p17)	xma.hu		nhi[8]=ni7,mj[1],nhi[7]	//	np[7]*m0
+	(p41)	cmp.ltu		p42,p40=a4,n4	}
+{ .mfi;	(p43)	cmp.leu		p42,p40=a4,n4
+	(p17)	xma.lu		nlo[8]=ni7,mj[1],nhi[7]
+	(p16)	nop.i		0		};;
+{ .mii;	(p17)	getf.sig	n6=nlo[7]		// 7:
+	(p49)	cmp.ltu		p50,p48=t[5],a4
+	(p51)	cmp.leu		p50,p48=t[5],a4	};;
+	.pred.rel		"mutex",p40,p42
+	.pred.rel		"mutex",p48,p50
+{ .mfi;	(p16)	nop.m		0			// 8:
+	(p16)	xma.hu		ahi[2]=ai2,bj[7],ahi[1]	//	ap[2]*b[i]
+	(p40)	add		a5=a5,n5	}	//	(p17) a5+=n5
+{ .mfi;	(p42)	add		a5=a5,n5,1
+	(p16)	xma.lu		alo[2]=ai2,bj[7],ahi[1]
+	(p16)	nop.i		0		};;
+{ .mii;	(p16)	getf.sig	a1=alo[1]		// 9:
+	(p48)	add		t[4]=t[4],a5		//	p(17) t[4]+=a5
+	(p50)	add		t[4]=t[4],a5,1	};;
+{ .mfi;	(p16)	nop.m		0			// 10:
+	(p16)	xma.hu		nhi[0]=ni0,mj[0],alo[0]	//	np[0]*m0
+	(p40)	cmp.ltu		p43,p41=a5,n5	}
+{ .mfi;	(p42)	cmp.leu		p43,p41=a5,n5
+	(p16)	xma.lu		nlo[0]=ni0,mj[0],alo[0]
+	(p16)	nop.i		0		};;
+{ .mii;	(p17)	getf.sig	n7=nlo[8]		// 11:
+	(p48)	cmp.ltu		p51,p49=t[4],a5
+	(p50)	cmp.leu		p51,p49=t[4],a5	};;
+	.pred.rel		"mutex",p41,p43
+	.pred.rel		"mutex",p49,p51
+{ .mfi;	(p17)	getf.sig	n8=nhi[8]		// 12:
+	(p16)	xma.hu		ahi[3]=ai3,bj[7],ahi[2]	//	ap[3]*b[i]
+	(p41)	add		a6=a6,n6	}	//	(p17) a6+=n6
+{ .mfi;	(p43)	add		a6=a6,n6,1
+	(p16)	xma.lu		alo[3]=ai3,bj[7],ahi[2]
+	(p16)	nop.i		0		};;
+{ .mii;	(p16)	getf.sig	a2=alo[2]		// 13:
+	(p49)	add		t[3]=t[3],a6		//	(p17) t[3]+=a6
+	(p51)	add		t[3]=t[3],a6,1	};;
+{ .mfi;	(p16)	nop.m		0			// 14:
+	(p16)	xma.hu		nhi[1]=ni1,mj[0],nhi[0]	//	np[1]*m0
+	(p41)	cmp.ltu		p42,p40=a6,n6	}
+{ .mfi;	(p43)	cmp.leu		p42,p40=a6,n6
+	(p16)	xma.lu		nlo[1]=ni1,mj[0],nhi[0]
+	(p16)	nop.i		0		};;
+{ .mii;	(p16)	nop.m		0			// 15:
+	(p49)	cmp.ltu		p50,p48=t[3],a6
+	(p51)	cmp.leu		p50,p48=t[3],a6	};;
+	.pred.rel		"mutex",p40,p42
+	.pred.rel		"mutex",p48,p50
+{ .mfi;	(p16)	nop.m		0			// 16:
+	(p16)	xma.hu		ahi[4]=ai4,bj[7],ahi[3]	//	ap[4]*b[i]
+	(p40)	add		a7=a7,n7	}	//	(p17) a7+=n7
+{ .mfi;	(p42)	add		a7=a7,n7,1
+	(p16)	xma.lu		alo[4]=ai4,bj[7],ahi[3]
+	(p16)	nop.i		0		};;
+{ .mii;	(p16)	getf.sig	a3=alo[3]		// 17:
+	(p48)	add		t[2]=t[2],a7		//	(p17) t[2]+=a7
+	(p50)	add		t[2]=t[2],a7,1	};;
+{ .mfi;	(p16)	nop.m		0			// 18:
+	(p16)	xma.hu		nhi[2]=ni2,mj[0],nhi[1]	//	np[2]*m0
+	(p40)	cmp.ltu		p43,p41=a7,n7	}
+{ .mfi;	(p42)	cmp.leu		p43,p41=a7,n7
+	(p16)	xma.lu		nlo[2]=ni2,mj[0],nhi[1]
+	(p16)	nop.i		0		};;
+{ .mii;	(p16)	getf.sig	n1=nlo[1]		// 19:
+	(p48)	cmp.ltu		p51,p49=t[2],a7
+	(p50)	cmp.leu		p51,p49=t[2],a7	};;
+	.pred.rel		"mutex",p41,p43
+	.pred.rel		"mutex",p49,p51
+{ .mfi;	(p16)	nop.m		0			// 20:
+	(p16)	xma.hu		ahi[5]=ai5,bj[7],ahi[4]	//	ap[5]*b[i]
+	(p41)	add		a8=a8,n8	}	//	(p17) a8+=n8
+{ .mfi;	(p43)	add		a8=a8,n8,1
+	(p16)	xma.lu		alo[5]=ai5,bj[7],ahi[4]
+	(p16)	nop.i		0		};;
+{ .mii;	(p16)	getf.sig	a4=alo[4]		// 21:
+	(p49)	add		t[1]=t[1],a8		//	(p17) t[1]+=a8
+	(p51)	add		t[1]=t[1],a8,1	};;
+{ .mfi;	(p16)	nop.m		0			// 22:
+	(p16)	xma.hu		nhi[3]=ni3,mj[0],nhi[2]	//	np[3]*m0
+	(p41)	cmp.ltu		p42,p40=a8,n8	}
+{ .mfi;	(p43)	cmp.leu		p42,p40=a8,n8
+	(p16)	xma.lu		nlo[3]=ni3,mj[0],nhi[2]
+	(p16)	nop.i		0		};;
+{ .mii;	(p16)	getf.sig	n2=nlo[2]		// 23:
+	(p49)	cmp.ltu		p50,p48=t[1],a8
+	(p51)	cmp.leu		p50,p48=t[1],a8	};;
+{ .mfi;	(p16)	nop.m		0			// 24:
+	(p16)	xma.hu		ahi[6]=ai6,bj[7],ahi[5]	//	ap[6]*b[i]
+	(p16)	add		a1=a1,n1	}	//	(p16) a1+=n1
+{ .mfi;	(p16)	nop.m		0
+	(p16)	xma.lu		alo[6]=ai6,bj[7],ahi[5]
+	(p17)	mov		t[0]=r0		};;
+{ .mii;	(p16)	getf.sig	a5=alo[5]		// 25:
+	(p16)	add		t0=t[7],a1		//	(p16) t[7]+=a1
+	(p42)	add		t[0]=t[0],r0,1	};;
+{ .mfi;	(p16)	setf.sig	tf[0]=t0		// 26:
+	(p16)	xma.hu		nhi[4]=ni4,mj[0],nhi[3]	//	np[4]*m0
+	(p50)	add		t[0]=t[0],r0,1	}
+{ .mfi;	(p16)	cmp.ltu.unc	p42,p40=a1,n1
+	(p16)	xma.lu		nlo[4]=ni4,mj[0],nhi[3]
+	(p16)	nop.i		0		};;
+{ .mii;	(p16)	getf.sig	n3=nlo[3]		// 27:
+	(p16)	cmp.ltu.unc	p50,p48=t0,a1
+	(p16)	nop.i		0		};;
+	.pred.rel		"mutex",p40,p42
+	.pred.rel		"mutex",p48,p50
+{ .mfi;	(p16)	nop.m		0			// 28:
+	(p16)	xma.hu		ahi[7]=ai7,bj[7],ahi[6]	//	ap[7]*b[i]
+	(p40)	add		a2=a2,n2	}	//	(p16) a2+=n2
+{ .mfi;	(p42)	add		a2=a2,n2,1
+	(p16)	xma.lu		alo[7]=ai7,bj[7],ahi[6]
+	(p16)	nop.i		0		};;
+{ .mii;	(p16)	getf.sig	a6=alo[6]		// 29:
+	(p48)	add		t[6]=t[6],a2		//	(p16) t[6]+=a2
+	(p50)	add		t[6]=t[6],a2,1	};;
+{ .mfi;	(p16)	nop.m		0			// 30:
+	(p16)	xma.hu		nhi[5]=ni5,mj[0],nhi[4]	//	np[5]*m0
+	(p40)	cmp.ltu		p41,p39=a2,n2	}
+{ .mfi;	(p42)	cmp.leu		p41,p39=a2,n2
+	(p16)	xma.lu		nlo[5]=ni5,mj[0],nhi[4]
+	(p16)	nop.i		0		};;
+{ .mfi;	(p16)	getf.sig	n4=nlo[4]		// 31:
+	(p16)	nop.f		0
+	(p48)	cmp.ltu		p49,p47=t[6],a2	}
+{ .mfb;	(p50)	cmp.leu		p49,p47=t[6],a2
+	(p16)	nop.f		0
+	br.ctop.sptk.many	.Louter_8_ctop	};;
+.Louter_8_cend:
+
+// above loop has to execute one more time, without (p16), which is
+// replaced with merged move of np[8] to GPR bank
+	.pred.rel		"mutex",p40,p42
+	.pred.rel		"mutex",p48,p50
+{ .mmi;	(p0)	getf.sig	n1=ni0			// 0:
+	(p40)	add		a3=a3,n3		//	(p17) a3+=n3
+	(p42)	add		a3=a3,n3,1	};;
+{ .mii;	(p17)	getf.sig	a7=alo[8]		// 1:
+	(p48)	add		t[6]=t[6],a3		//	(p17) t[6]+=a3
+	(p50)	add		t[6]=t[6],a3,1	};;
+{ .mfi;	(p17)	getf.sig	a8=ahi[8]		// 2:
+	(p17)	xma.hu		nhi[7]=ni6,mj[1],nhi[6]	//	np[6]*m0
+	(p40)	cmp.ltu		p43,p41=a3,n3	}
+{ .mfi;	(p42)	cmp.leu		p43,p41=a3,n3
+	(p17)	xma.lu		nlo[7]=ni6,mj[1],nhi[6]
+	(p0)	nop.i		0		};;
+{ .mii;	(p17)	getf.sig	n5=nlo[6]		// 3:
+	(p48)	cmp.ltu		p51,p49=t[6],a3
+	(p50)	cmp.leu		p51,p49=t[6],a3	};;
+	.pred.rel		"mutex",p41,p43
+	.pred.rel		"mutex",p49,p51
+{ .mmi;	(p0)	getf.sig	n2=ni1			// 4:
+	(p41)	add		a4=a4,n4		//	(p17) a4+=n4
+	(p43)	add		a4=a4,n4,1	};;
+{ .mfi;	(p49)	add		t[5]=t[5],a4		// 5:	(p17) t[5]+=a4
+	(p0)	nop.f		0
+	(p51)	add		t[5]=t[5],a4,1	};;
+{ .mfi;	(p0)	getf.sig	n3=ni2			// 6:
+	(p17)	xma.hu		nhi[8]=ni7,mj[1],nhi[7]	//	np[7]*m0
+	(p41)	cmp.ltu		p42,p40=a4,n4	}
+{ .mfi;	(p43)	cmp.leu		p42,p40=a4,n4
+	(p17)	xma.lu		nlo[8]=ni7,mj[1],nhi[7]
+	(p0)	nop.i		0		};;
+{ .mii;	(p17)	getf.sig	n6=nlo[7]		// 7:
+	(p49)	cmp.ltu		p50,p48=t[5],a4
+	(p51)	cmp.leu		p50,p48=t[5],a4	};;
+	.pred.rel		"mutex",p40,p42
+	.pred.rel		"mutex",p48,p50
+{ .mii;	(p0)	getf.sig	n4=ni3			// 8:
+	(p40)	add		a5=a5,n5		//	(p17) a5+=n5
+	(p42)	add		a5=a5,n5,1	};;
+{ .mii;	(p0)	nop.m		0			// 9:
+	(p48)	add		t[4]=t[4],a5		//	p(17) t[4]+=a5
+	(p50)	add		t[4]=t[4],a5,1	};;
+{ .mii;	(p0)	nop.m		0			// 10:
+	(p40)	cmp.ltu		p43,p41=a5,n5
+	(p42)	cmp.leu		p43,p41=a5,n5	};;
+{ .mii;	(p17)	getf.sig	n7=nlo[8]		// 11:
+	(p48)	cmp.ltu		p51,p49=t[4],a5
+	(p50)	cmp.leu		p51,p49=t[4],a5	};;
+	.pred.rel		"mutex",p41,p43
+	.pred.rel		"mutex",p49,p51
+{ .mii;	(p17)	getf.sig	n8=nhi[8]		// 12:
+	(p41)	add		a6=a6,n6		//	(p17) a6+=n6
+	(p43)	add		a6=a6,n6,1	};;
+{ .mii;	(p0)	getf.sig	n5=ni4			// 13:
+	(p49)	add		t[3]=t[3],a6		//	(p17) t[3]+=a6
+	(p51)	add		t[3]=t[3],a6,1	};;
+{ .mii;	(p0)	nop.m		0			// 14:
+	(p41)	cmp.ltu		p42,p40=a6,n6
+	(p43)	cmp.leu		p42,p40=a6,n6	};;
+{ .mii;	(p0)	getf.sig	n6=ni5			// 15:
+	(p49)	cmp.ltu		p50,p48=t[3],a6
+	(p51)	cmp.leu		p50,p48=t[3],a6	};;
+	.pred.rel		"mutex",p40,p42
+	.pred.rel		"mutex",p48,p50
+{ .mii;	(p0)	nop.m		0			// 16:
+	(p40)	add		a7=a7,n7		//	(p17) a7+=n7
+	(p42)	add		a7=a7,n7,1	};;
+{ .mii;	(p0)	nop.m		0			// 17:
+	(p48)	add		t[2]=t[2],a7		//	(p17) t[2]+=a7
+	(p50)	add		t[2]=t[2],a7,1	};;
+{ .mii;	(p0)	nop.m		0			// 18:
+	(p40)	cmp.ltu		p43,p41=a7,n7
+	(p42)	cmp.leu		p43,p41=a7,n7	};;
+{ .mii;	(p0)	getf.sig	n7=ni6			// 19:
+	(p48)	cmp.ltu		p51,p49=t[2],a7
+	(p50)	cmp.leu		p51,p49=t[2],a7	};;
+	.pred.rel		"mutex",p41,p43
+	.pred.rel		"mutex",p49,p51
+{ .mii;	(p0)	nop.m		0			// 20:
+	(p41)	add		a8=a8,n8		//	(p17) a8+=n8
+	(p43)	add		a8=a8,n8,1	};;
+{ .mmi;	(p0)	nop.m		0			// 21:
+	(p49)	add		t[1]=t[1],a8		//	(p17) t[1]+=a8
+	(p51)	add		t[1]=t[1],a8,1	}
+{ .mmi;	(p17)	mov		t[0]=r0
+	(p41)	cmp.ltu		p42,p40=a8,n8
+	(p43)	cmp.leu		p42,p40=a8,n8	};;
+{ .mmi;	(p0)	getf.sig	n8=ni7			// 22:
+	(p49)	cmp.ltu		p50,p48=t[1],a8
+	(p51)	cmp.leu		p50,p48=t[1],a8	}
+{ .mmi;	(p42)	add		t[0]=t[0],r0,1
+	(p0)	add		r16=-7*16,prevsp
+	(p0)	add		r17=-6*16,prevsp	};;
+
+// subtract np[8] from carrybit|tmp[8]
+// carrybit|tmp[8] layout upon exit from above loop is:
+//	t[0]|t[1]|t[2]|t[3]|t[4]|t[5]|t[6]|t[7]|t0 (least significant)
+{ .mmi;	(p50)add	t[0]=t[0],r0,1
+	add		r18=-5*16,prevsp
+	sub		n1=t0,n1	};;
+{ .mmi;	cmp.gtu		p34,p32=n1,t0;;
+	.pred.rel	"mutex",p32,p34
+	(p32)sub	n2=t[7],n2
+	(p34)sub	n2=t[7],n2,1	};;
+{ .mii;	(p32)cmp.gtu	p35,p33=n2,t[7]
+	(p34)cmp.geu	p35,p33=n2,t[7];;
+	.pred.rel	"mutex",p33,p35
+	(p33)sub	n3=t[6],n3	}
+{ .mmi;	(p35)sub	n3=t[6],n3,1;;
+	(p33)cmp.gtu	p34,p32=n3,t[6]
+	(p35)cmp.geu	p34,p32=n3,t[6]	};;
+	.pred.rel	"mutex",p32,p34
+{ .mii;	(p32)sub	n4=t[5],n4
+	(p34)sub	n4=t[5],n4,1;;
+	(p32)cmp.gtu	p35,p33=n4,t[5]	}
+{ .mmi;	(p34)cmp.geu	p35,p33=n4,t[5];;
+	.pred.rel	"mutex",p33,p35
+	(p33)sub	n5=t[4],n5
+	(p35)sub	n5=t[4],n5,1	};;
+{ .mii;	(p33)cmp.gtu	p34,p32=n5,t[4]
+	(p35)cmp.geu	p34,p32=n5,t[4];;
+	.pred.rel	"mutex",p32,p34
+	(p32)sub	n6=t[3],n6	}
+{ .mmi;	(p34)sub	n6=t[3],n6,1;;
+	(p32)cmp.gtu	p35,p33=n6,t[3]
+	(p34)cmp.geu	p35,p33=n6,t[3]	};;
+	.pred.rel	"mutex",p33,p35
+{ .mii;	(p33)sub	n7=t[2],n7
+	(p35)sub	n7=t[2],n7,1;;
+	(p33)cmp.gtu	p34,p32=n7,t[2]	}
+{ .mmi;	(p35)cmp.geu	p34,p32=n7,t[2];;
+	.pred.rel	"mutex",p32,p34
+	(p32)sub	n8=t[1],n8
+	(p34)sub	n8=t[1],n8,1	};;
+{ .mii;	(p32)cmp.gtu	p35,p33=n8,t[1]
+	(p34)cmp.geu	p35,p33=n8,t[1];;
+	.pred.rel	"mutex",p33,p35
+	(p33)sub	a8=t[0],r0	}
+{ .mmi;	(p35)sub	a8=t[0],r0,1;;
+	(p33)cmp.gtu	p34,p32=a8,t[0]
+	(p35)cmp.geu	p34,p32=a8,t[0]	};;
+
+// save the result, either tmp[num] or tmp[num]-np[num]
+	.pred.rel	"mutex",p32,p34
+{ .mmi;	(p32)st8	[rptr]=n1,8
+	(p34)st8	[rptr]=t0,8
+	add		r19=-4*16,prevsp};;
+{ .mmb;	(p32)st8	[rptr]=n2,8
+	(p34)st8	[rptr]=t[7],8
+	(p5)br.cond.dpnt.few	.Ldone	};;
+{ .mmb;	(p32)st8	[rptr]=n3,8
+	(p34)st8	[rptr]=t[6],8
+	(p7)br.cond.dpnt.few	.Ldone	};;
+{ .mmb;	(p32)st8	[rptr]=n4,8
+	(p34)st8	[rptr]=t[5],8
+	(p9)br.cond.dpnt.few	.Ldone	};;
+{ .mmb;	(p32)st8	[rptr]=n5,8
+	(p34)st8	[rptr]=t[4],8
+	(p11)br.cond.dpnt.few	.Ldone	};;
+{ .mmb;	(p32)st8	[rptr]=n6,8
+	(p34)st8	[rptr]=t[3],8
+	(p13)br.cond.dpnt.few	.Ldone	};;
+{ .mmb;	(p32)st8	[rptr]=n7,8
+	(p34)st8	[rptr]=t[2],8
+	(p15)br.cond.dpnt.few	.Ldone	};;
+{ .mmb;	(p32)st8	[rptr]=n8,8
+	(p34)st8	[rptr]=t[1],8
+	nop.b		0		};;
+.Ldone:						// epilogue
+{ .mmi;	ldf.fill	f16=[r16],64
+	ldf.fill	f17=[r17],64
+	nop.i		0		}
+{ .mmi;	ldf.fill	f18=[r18],64
+	ldf.fill	f19=[r19],64
+	mov		pr=prevpr,0x1ffff	};;
+{ .mmi;	ldf.fill	f20=[r16]
+	ldf.fill	f21=[r17]
+	mov		ar.lc=prevlc	}
+{ .mmi;	ldf.fill	f22=[r18]
+	ldf.fill	f23=[r19]
+	mov		ret0=1		}	// signal "handled"
+{ .mib;	rum		1<<5
+	.restore	sp
+	mov		sp=prevsp
+	br.ret.sptk.many	b0	};;
+.endp	bn_mul_mont_8#
+
+.type	copyright#,\@object
+copyright:
+stringz	"Montgomery multiplication for IA-64, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+open STDOUT,">$output" if $output;
+print $code;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/ia64.S b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/ia64.S
new file mode 100644
index 000000000..0a26735c6
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/ia64.S
@@ -0,0 +1,1565 @@
+.explicit
+.text
+.ident	"ia64.S, Version 2.1"
+.ident	"IA-64 ISA artwork by Andy Polyakov <appro@openssl.org>"
+
+// Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
+//
+// Licensed under the OpenSSL license (the "License").  You may not use
+// this file except in compliance with the License.  You can obtain a copy
+// in the file LICENSE in the source distribution or at
+// https://www.openssl.org/source/license.html
+
+//
+// ====================================================================
+// Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+// project.
+//
+// Rights for redistribution and usage in source and binary forms are
+// granted according to the OpenSSL license. Warranty of any kind is
+// disclaimed.
+// ====================================================================
+//
+// Version 2.x is Itanium2 re-tune. Few words about how Itanium2 is
+// different from Itanium to this module viewpoint. Most notably, is it
+// "wider" than Itanium? Can you experience loop scalability as
+// discussed in commentary sections? Not really:-( Itanium2 has 6
+// integer ALU ports, i.e. it's 2 ports wider, but it's not enough to
+// spin twice as fast, as I need 8 IALU ports. Amount of floating point
+// ports is the same, i.e. 2, while I need 4. In other words, to this
+// module Itanium2 remains effectively as "wide" as Itanium. Yet it's
+// essentially different in respect to this module, and a re-tune was
+// required. Well, because some instruction latencies has changed. Most
+// noticeably those intensively used:
+//
+//			Itanium	Itanium2
+//	ldf8		9	6		L2 hit
+//	ld8		2	1		L1 hit
+//	getf		2	5
+//	xma[->getf]	7[+1]	4[+0]
+//	add[->st8]	1[+1]	1[+0]
+//
+// What does it mean? You might ratiocinate that the original code
+// should run just faster... Because sum of latencies is smaller...
+// Wrong! Note that getf latency increased. This means that if a loop is
+// scheduled for lower latency (as they were), then it will suffer from
+// stall condition and the code will therefore turn anti-scalable, e.g.
+// original bn_mul_words spun at 5*n or 2.5 times slower than expected
+// on Itanium2! What to do? Reschedule loops for Itanium2? But then
+// Itanium would exhibit anti-scalability. So I've chosen to reschedule
+// for worst latency for every instruction aiming for best *all-round*
+// performance.
+
+// Q.	How much faster does it get?
+// A.	Here is the output from 'openssl speed rsa dsa' for vanilla
+//	0.9.6a compiled with gcc version 2.96 20000731 (Red Hat
+//	Linux 7.1 2.96-81):
+//
+//	                  sign    verify    sign/s verify/s
+//	rsa  512 bits   0.0036s   0.0003s    275.3   2999.2
+//	rsa 1024 bits   0.0203s   0.0011s     49.3    894.1
+//	rsa 2048 bits   0.1331s   0.0040s      7.5    250.9
+//	rsa 4096 bits   0.9270s   0.0147s      1.1     68.1
+//	                  sign    verify    sign/s verify/s
+//	dsa  512 bits   0.0035s   0.0043s    288.3    234.8
+//	dsa 1024 bits   0.0111s   0.0135s     90.0     74.2
+//
+//	And here is similar output but for this assembler
+//	implementation:-)
+//
+//	                  sign    verify    sign/s verify/s
+//	rsa  512 bits   0.0021s   0.0001s    549.4   9638.5
+//	rsa 1024 bits   0.0055s   0.0002s    183.8   4481.1
+//	rsa 2048 bits   0.0244s   0.0006s     41.4   1726.3
+//	rsa 4096 bits   0.1295s   0.0018s      7.7    561.5
+//	                  sign    verify    sign/s verify/s
+//	dsa  512 bits   0.0012s   0.0013s    891.9    756.6
+//	dsa 1024 bits   0.0023s   0.0028s    440.4    376.2
+//	
+//	Yes, you may argue that it's not fair comparison as it's
+//	possible to craft the C implementation with BN_UMULT_HIGH
+//	inline assembler macro. But of course! Here is the output
+//	with the macro:
+//
+//	                  sign    verify    sign/s verify/s
+//	rsa  512 bits   0.0020s   0.0002s    495.0   6561.0
+//	rsa 1024 bits   0.0086s   0.0004s    116.2   2235.7
+//	rsa 2048 bits   0.0519s   0.0015s     19.3    667.3
+//	rsa 4096 bits   0.3464s   0.0053s      2.9    187.7
+//	                  sign    verify    sign/s verify/s
+//	dsa  512 bits   0.0016s   0.0020s    613.1    510.5
+//	dsa 1024 bits   0.0045s   0.0054s    221.0    183.9
+//
+//	My code is still way faster, huh:-) And I believe that even
+//	higher performance can be achieved. Note that as keys get
+//	longer, performance gain is larger. Why? According to the
+//	profiler there is another player in the field, namely
+//	BN_from_montgomery consuming larger and larger portion of CPU
+//	time as keysize decreases. I therefore consider putting effort
+//	to assembler implementation of the following routine:
+//
+//	void bn_mul_add_mont (BN_ULONG *rp,BN_ULONG *np,int nl,BN_ULONG n0)
+//	{
+//	int      i,j;
+//	BN_ULONG v;
+//
+//	for (i=0; i<nl; i++)
+//		{
+//		v=bn_mul_add_words(rp,np,nl,(rp[0]*n0)&BN_MASK2);
+//		nrp++;
+//		rp++;
+//		if (((nrp[-1]+=v)&BN_MASK2) < v)
+//			for (j=0; ((++nrp[j])&BN_MASK2) == 0; j++) ;
+//		}
+//	}
+//
+//	It might as well be beneficial to implement even combaX
+//	variants, as it appears as it can literally unleash the
+//	performance (see comment section to bn_mul_comba8 below).
+//
+//	And finally for your reference the output for 0.9.6a compiled
+//	with SGIcc version 0.01.0-12 (keep in mind that for the moment
+//	of this writing it's not possible to convince SGIcc to use
+//	BN_UMULT_HIGH inline assembler macro, yet the code is fast,
+//	i.e. for a compiler generated one:-):
+//
+//	                  sign    verify    sign/s verify/s
+//	rsa  512 bits   0.0022s   0.0002s    452.7   5894.3
+//	rsa 1024 bits   0.0097s   0.0005s    102.7   2002.9
+//	rsa 2048 bits   0.0578s   0.0017s     17.3    600.2
+//	rsa 4096 bits   0.3838s   0.0061s      2.6    164.5
+//	                  sign    verify    sign/s verify/s
+//	dsa  512 bits   0.0018s   0.0022s    547.3    459.6
+//	dsa 1024 bits   0.0051s   0.0062s    196.6    161.3
+//
+//	Oh! Benchmarks were performed on 733MHz Lion-class Itanium
+//	system running Redhat Linux 7.1 (very special thanks to Ray
+//	McCaffity of Williams Communications for providing an account).
+//
+// Q.	What's the heck with 'rum 1<<5' at the end of every function?
+// A.	Well, by clearing the "upper FP registers written" bit of the
+//	User Mask I want to excuse the kernel from preserving upper
+//	(f32-f128) FP register bank over process context switch, thus
+//	minimizing bus bandwidth consumption during the switch (i.e.
+//	after PKI operation completes and the program is off doing
+//	something else like bulk symmetric encryption). Having said
+//	this, I also want to point out that it might be good idea
+//	to compile the whole toolkit (as well as majority of the
+//	programs for that matter) with -mfixed-range=f32-f127 command
+//	line option. No, it doesn't prevent the compiler from writing
+//	to upper bank, but at least discourages to do so. If you don't
+//	like the idea you have the option to compile the module with
+//	-Drum=nop.m in command line.
+//
+
+#if defined(_HPUX_SOURCE) && !defined(_LP64)
+#define	ADDP	addp4
+#else
+#define	ADDP	add
+#endif
+#ifdef __VMS
+.alias abort, "decc$abort"
+#endif
+
+#if 1
+//
+// bn_[add|sub]_words routines.
+//
+// Loops are spinning in 2*(n+5) ticks on Itanium (provided that the
+// data reside in L1 cache, i.e. 2 ticks away). It's possible to
+// compress the epilogue and get down to 2*n+6, but at the cost of
+// scalability (the neat feature of this implementation is that it
+// shall automagically spin in n+5 on "wider" IA-64 implementations:-)
+// I consider that the epilogue is short enough as it is to trade tiny
+// performance loss on Itanium for scalability.
+//
+// BN_ULONG bn_add_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num)
+//
+.global	bn_add_words#
+.proc	bn_add_words#
+.align	64
+.skip	32	// makes the loop body aligned at 64-byte boundary
+bn_add_words:
+	.prologue
+	.save	ar.pfs,r2
+{ .mii;	alloc		r2=ar.pfs,4,12,0,16
+	cmp4.le		p6,p0=r35,r0	};;
+{ .mfb;	mov		r8=r0			// return value
+(p6)	br.ret.spnt.many	b0	};;
+
+{ .mib;	sub		r10=r35,r0,1
+	.save	ar.lc,r3
+	mov		r3=ar.lc
+	brp.loop.imp	.L_bn_add_words_ctop,.L_bn_add_words_cend-16
+					}
+{ .mib;	ADDP		r14=0,r32		// rp
+	.save	pr,r9
+	mov		r9=pr		};;
+	.body
+{ .mii;	ADDP		r15=0,r33		// ap
+	mov		ar.lc=r10
+	mov		ar.ec=6		}
+{ .mib;	ADDP		r16=0,r34		// bp
+	mov		pr.rot=1<<16	};;
+
+.L_bn_add_words_ctop:
+{ .mii;	(p16)	ld8		r32=[r16],8	  // b=*(bp++)
+	(p18)	add		r39=r37,r34
+	(p19)	cmp.ltu.unc	p56,p0=r40,r38	}
+{ .mfb;	(p0)	nop.m		0x0
+	(p0)	nop.f		0x0
+	(p0)	nop.b		0x0		}
+{ .mii;	(p16)	ld8		r35=[r15],8	  // a=*(ap++)
+	(p58)	cmp.eq.or	p57,p0=-1,r41	  // (p20)
+	(p58)	add		r41=1,r41	} // (p20)
+{ .mfb;	(p21)	st8		[r14]=r42,8	  // *(rp++)=r
+	(p0)	nop.f		0x0
+	br.ctop.sptk	.L_bn_add_words_ctop	};;
+.L_bn_add_words_cend:
+
+{ .mii;
+(p59)	add		r8=1,r8		// return value
+	mov		pr=r9,0x1ffff
+	mov		ar.lc=r3	}
+{ .mbb;	nop.b		0x0
+	br.ret.sptk.many	b0	};;
+.endp	bn_add_words#
+
+//
+// BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num)
+//
+.global	bn_sub_words#
+.proc	bn_sub_words#
+.align	64
+.skip	32	// makes the loop body aligned at 64-byte boundary
+bn_sub_words:
+	.prologue
+	.save	ar.pfs,r2
+{ .mii;	alloc		r2=ar.pfs,4,12,0,16
+	cmp4.le		p6,p0=r35,r0	};;
+{ .mfb;	mov		r8=r0			// return value
+(p6)	br.ret.spnt.many	b0	};;
+
+{ .mib;	sub		r10=r35,r0,1
+	.save	ar.lc,r3
+	mov		r3=ar.lc
+	brp.loop.imp	.L_bn_sub_words_ctop,.L_bn_sub_words_cend-16
+					}
+{ .mib;	ADDP		r14=0,r32		// rp
+	.save	pr,r9
+	mov		r9=pr		};;
+	.body
+{ .mii;	ADDP		r15=0,r33		// ap
+	mov		ar.lc=r10
+	mov		ar.ec=6		}
+{ .mib;	ADDP		r16=0,r34		// bp
+	mov		pr.rot=1<<16	};;
+
+.L_bn_sub_words_ctop:
+{ .mii;	(p16)	ld8		r32=[r16],8	  // b=*(bp++)
+	(p18)	sub		r39=r37,r34
+	(p19)	cmp.gtu.unc	p56,p0=r40,r38	}
+{ .mfb;	(p0)	nop.m		0x0
+	(p0)	nop.f		0x0
+	(p0)	nop.b		0x0		}
+{ .mii;	(p16)	ld8		r35=[r15],8	  // a=*(ap++)
+	(p58)	cmp.eq.or	p57,p0=0,r41	  // (p20)
+	(p58)	add		r41=-1,r41	} // (p20)
+{ .mbb;	(p21)	st8		[r14]=r42,8	  // *(rp++)=r
+	(p0)	nop.b		0x0
+	br.ctop.sptk	.L_bn_sub_words_ctop	};;
+.L_bn_sub_words_cend:
+
+{ .mii;
+(p59)	add		r8=1,r8		// return value
+	mov		pr=r9,0x1ffff
+	mov		ar.lc=r3	}
+{ .mbb;	nop.b		0x0
+	br.ret.sptk.many	b0	};;
+.endp	bn_sub_words#
+#endif
+
+#if 0
+#define XMA_TEMPTATION
+#endif
+
+#if 1
+//
+// BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
+//
+.global	bn_mul_words#
+.proc	bn_mul_words#
+.align	64
+.skip	32	// makes the loop body aligned at 64-byte boundary
+bn_mul_words:
+	.prologue
+	.save	ar.pfs,r2
+#ifdef XMA_TEMPTATION
+{ .mfi;	alloc		r2=ar.pfs,4,0,0,0	};;
+#else
+{ .mfi;	alloc		r2=ar.pfs,4,12,0,16	};;
+#endif
+{ .mib;	mov		r8=r0			// return value
+	cmp4.le		p6,p0=r34,r0
+(p6)	br.ret.spnt.many	b0		};;
+
+{ .mii;	sub	r10=r34,r0,1
+	.save	ar.lc,r3
+	mov	r3=ar.lc
+	.save	pr,r9
+	mov	r9=pr			};;
+
+	.body
+{ .mib;	setf.sig	f8=r35	// w
+	mov		pr.rot=0x800001<<16
+			// ------^----- serves as (p50) at first (p27)
+	brp.loop.imp	.L_bn_mul_words_ctop,.L_bn_mul_words_cend-16
+					}
+
+#ifndef XMA_TEMPTATION
+
+{ .mmi;	ADDP		r14=0,r32	// rp
+	ADDP		r15=0,r33	// ap
+	mov		ar.lc=r10	}
+{ .mmi;	mov		r40=0		// serves as r35 at first (p27)
+	mov		ar.ec=13	};;
+
+// This loop spins in 2*(n+12) ticks. It's scheduled for data in Itanium
+// L2 cache (i.e. 9 ticks away) as floating point load/store instructions
+// bypass L1 cache and L2 latency is actually best-case scenario for
+// ldf8. The loop is not scalable and shall run in 2*(n+12) even on
+// "wider" IA-64 implementations. It's a trade-off here. n+24 loop
+// would give us ~5% in *overall* performance improvement on "wider"
+// IA-64, but would hurt Itanium for about same because of longer
+// epilogue. As it's a matter of few percents in either case I've
+// chosen to trade the scalability for development time (you can see
+// this very instruction sequence in bn_mul_add_words loop which in
+// turn is scalable).
+.L_bn_mul_words_ctop:
+{ .mfi;	(p25)	getf.sig	r36=f52			// low
+	(p21)	xmpy.lu		f48=f37,f8
+	(p28)	cmp.ltu		p54,p50=r41,r39	}
+{ .mfi;	(p16)	ldf8		f32=[r15],8
+	(p21)	xmpy.hu		f40=f37,f8
+	(p0)	nop.i		0x0		};;
+{ .mii;	(p25)	getf.sig	r32=f44			// high
+	.pred.rel	"mutex",p50,p54
+	(p50)	add		r40=r38,r35		// (p27)
+	(p54)	add		r40=r38,r35,1	}	// (p27)
+{ .mfb;	(p28)	st8		[r14]=r41,8
+	(p0)	nop.f		0x0
+	br.ctop.sptk	.L_bn_mul_words_ctop	};;
+.L_bn_mul_words_cend:
+
+{ .mii;	nop.m		0x0
+.pred.rel	"mutex",p51,p55
+(p51)	add		r8=r36,r0
+(p55)	add		r8=r36,r0,1	}
+{ .mfb;	nop.m	0x0
+	nop.f	0x0
+	nop.b	0x0			}
+
+#else	// XMA_TEMPTATION
+
+	setf.sig	f37=r0	// serves as carry at (p18) tick
+	mov		ar.lc=r10
+	mov		ar.ec=5;;
+
+// Most of you examining this code very likely wonder why in the name
+// of Intel the following loop is commented out? Indeed, it looks so
+// neat that you find it hard to believe that it's something wrong
+// with it, right? The catch is that every iteration depends on the
+// result from previous one and the latter isn't available instantly.
+// The loop therefore spins at the latency of xma minus 1, or in other
+// words at 6*(n+4) ticks:-( Compare to the "production" loop above
+// that runs in 2*(n+11) where the low latency problem is worked around
+// by moving the dependency to one-tick latent integer ALU. Note that
+// "distance" between ldf8 and xma is not latency of ldf8, but the
+// *difference* between xma and ldf8 latencies.
+.L_bn_mul_words_ctop:
+{ .mfi;	(p16)	ldf8		f32=[r33],8
+	(p18)	xma.hu		f38=f34,f8,f39	}
+{ .mfb;	(p20)	stf8		[r32]=f37,8
+	(p18)	xma.lu		f35=f34,f8,f39
+	br.ctop.sptk	.L_bn_mul_words_ctop	};;
+.L_bn_mul_words_cend:
+
+	getf.sig	r8=f41		// the return value
+
+#endif	// XMA_TEMPTATION
+
+{ .mii;	nop.m		0x0
+	mov		pr=r9,0x1ffff
+	mov		ar.lc=r3	}
+{ .mfb;	rum		1<<5		// clear um.mfh
+	nop.f		0x0
+	br.ret.sptk.many	b0	};;
+.endp	bn_mul_words#
+#endif
+
+#if 1
+//
+// BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
+//
+.global	bn_mul_add_words#
+.proc	bn_mul_add_words#
+.align	64
+.skip	48	// makes the loop body aligned at 64-byte boundary
+bn_mul_add_words:
+	.prologue
+	.save	ar.pfs,r2
+{ .mmi;	alloc		r2=ar.pfs,4,4,0,8
+	cmp4.le		p6,p0=r34,r0
+	.save	ar.lc,r3
+	mov		r3=ar.lc	};;
+{ .mib;	mov		r8=r0		// return value
+	sub		r10=r34,r0,1
+(p6)	br.ret.spnt.many	b0	};;
+
+{ .mib;	setf.sig	f8=r35		// w
+	.save	pr,r9
+	mov		r9=pr
+	brp.loop.imp	.L_bn_mul_add_words_ctop,.L_bn_mul_add_words_cend-16
+					}
+	.body
+{ .mmi;	ADDP		r14=0,r32	// rp
+	ADDP		r15=0,r33	// ap
+	mov		ar.lc=r10	}
+{ .mii;	ADDP		r16=0,r32	// rp copy
+	mov		pr.rot=0x2001<<16
+			// ------^----- serves as (p40) at first (p27)
+	mov		ar.ec=11	};;
+
+// This loop spins in 3*(n+10) ticks on Itanium and in 2*(n+10) on
+// Itanium 2. Yes, unlike previous versions it scales:-) Previous
+// version was performing *all* additions in IALU and was starving
+// for those even on Itanium 2. In this version one addition is
+// moved to FPU and is folded with multiplication. This is at cost
+// of propagating the result from previous call to this subroutine
+// to L2 cache... In other words negligible even for shorter keys.
+// *Overall* performance improvement [over previous version] varies
+// from 11 to 22 percent depending on key length.
+.L_bn_mul_add_words_ctop:
+.pred.rel	"mutex",p40,p42
+{ .mfi;	(p23)	getf.sig	r36=f45			// low
+	(p20)	xma.lu		f42=f36,f8,f50		// low
+	(p40)	add		r39=r39,r35	}	// (p27)
+{ .mfi;	(p16)	ldf8		f32=[r15],8		// *(ap++)
+	(p20)	xma.hu		f36=f36,f8,f50		// high
+	(p42)	add		r39=r39,r35,1	};;	// (p27)
+{ .mmi;	(p24)	getf.sig	r32=f40			// high
+	(p16)	ldf8		f46=[r16],8		// *(rp1++)
+	(p40)	cmp.ltu		p41,p39=r39,r35	}	// (p27)
+{ .mib;	(p26)	st8		[r14]=r39,8		// *(rp2++)
+	(p42)	cmp.leu		p41,p39=r39,r35		// (p27)
+	br.ctop.sptk	.L_bn_mul_add_words_ctop};;
+.L_bn_mul_add_words_cend:
+
+{ .mmi;	.pred.rel	"mutex",p40,p42
+(p40)	add		r8=r35,r0
+(p42)	add		r8=r35,r0,1
+	mov		pr=r9,0x1ffff	}
+{ .mib;	rum		1<<5		// clear um.mfh
+	mov		ar.lc=r3
+	br.ret.sptk.many	b0	};;
+.endp	bn_mul_add_words#
+#endif
+
+#if 1
+//
+// void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num)
+//
+.global	bn_sqr_words#
+.proc	bn_sqr_words#
+.align	64
+.skip	32	// makes the loop body aligned at 64-byte boundary
+bn_sqr_words:
+	.prologue
+	.save	ar.pfs,r2
+{ .mii;	alloc		r2=ar.pfs,3,0,0,0
+	sxt4		r34=r34		};;
+{ .mii;	cmp.le		p6,p0=r34,r0
+	mov		r8=r0		}	// return value
+{ .mfb;	ADDP		r32=0,r32
+	nop.f		0x0
+(p6)	br.ret.spnt.many	b0	};;
+
+{ .mii;	sub	r10=r34,r0,1
+	.save	ar.lc,r3
+	mov	r3=ar.lc
+	.save	pr,r9
+	mov	r9=pr			};;
+
+	.body
+{ .mib;	ADDP		r33=0,r33
+	mov		pr.rot=1<<16
+	brp.loop.imp	.L_bn_sqr_words_ctop,.L_bn_sqr_words_cend-16
+					}
+{ .mii;	add		r34=8,r32
+	mov		ar.lc=r10
+	mov		ar.ec=18	};;
+
+// 2*(n+17) on Itanium, (n+17) on "wider" IA-64 implementations. It's
+// possible to compress the epilogue (I'm getting tired to write this
+// comment over and over) and get down to 2*n+16 at the cost of
+// scalability. The decision will very likely be reconsidered after the
+// benchmark program is profiled. I.e. if performance gain on Itanium
+// will appear larger than loss on "wider" IA-64, then the loop should
+// be explicitly split and the epilogue compressed.
+.L_bn_sqr_words_ctop:
+{ .mfi;	(p16)	ldf8		f32=[r33],8
+	(p25)	xmpy.lu		f42=f41,f41
+	(p0)	nop.i		0x0		}
+{ .mib;	(p33)	stf8		[r32]=f50,16
+	(p0)	nop.i		0x0
+	(p0)	nop.b		0x0		}
+{ .mfi;	(p0)	nop.m		0x0
+	(p25)	xmpy.hu		f52=f41,f41
+	(p0)	nop.i		0x0		}
+{ .mib;	(p33)	stf8		[r34]=f60,16
+	(p0)	nop.i		0x0
+	br.ctop.sptk	.L_bn_sqr_words_ctop	};;
+.L_bn_sqr_words_cend:
+
+{ .mii;	nop.m		0x0
+	mov		pr=r9,0x1ffff
+	mov		ar.lc=r3	}
+{ .mfb;	rum		1<<5		// clear um.mfh
+	nop.f		0x0
+	br.ret.sptk.many	b0	};;
+.endp	bn_sqr_words#
+#endif
+
+#if 1
+// Apparently we win nothing by implementing special bn_sqr_comba8.
+// Yes, it is possible to reduce the number of multiplications by
+// almost factor of two, but then the amount of additions would
+// increase by factor of two (as we would have to perform those
+// otherwise performed by xma ourselves). Normally we would trade
+// anyway as multiplications are way more expensive, but not this
+// time... Multiplication kernel is fully pipelined and as we drain
+// one 128-bit multiplication result per clock cycle multiplications
+// are effectively as inexpensive as additions. Special implementation
+// might become of interest for "wider" IA-64 implementation as you'll
+// be able to get through the multiplication phase faster (there won't
+// be any stall issues as discussed in the commentary section below and
+// you therefore will be able to employ all 4 FP units)... But these
+// Itanium days it's simply too hard to justify the effort so I just
+// drop down to bn_mul_comba8 code:-)
+//
+// void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
+//
+.global	bn_sqr_comba8#
+.proc	bn_sqr_comba8#
+.align	64
+bn_sqr_comba8:
+	.prologue
+	.save	ar.pfs,r2
+#if defined(_HPUX_SOURCE) && !defined(_LP64)
+{ .mii;	alloc	r2=ar.pfs,2,1,0,0
+	addp4	r33=0,r33
+	addp4	r32=0,r32		};;
+{ .mii;
+#else
+{ .mii;	alloc	r2=ar.pfs,2,1,0,0
+#endif
+	mov	r34=r33
+	add	r14=8,r33		};;
+	.body
+{ .mii;	add	r17=8,r34
+	add	r15=16,r33
+	add	r18=16,r34		}
+{ .mfb;	add	r16=24,r33
+	br	.L_cheat_entry_point8	};;
+.endp	bn_sqr_comba8#
+#endif
+
+#if 1
+// I've estimated this routine to run in ~120 ticks, but in reality
+// (i.e. according to ar.itc) it takes ~160 ticks. Are those extra
+// cycles consumed for instructions fetch? Or did I misinterpret some
+// clause in Itanium µ-architecture manual? Comments are welcomed and
+// highly appreciated.
+//
+// On Itanium 2 it takes ~190 ticks. This is because of stalls on
+// result from getf.sig. I do nothing about it at this point for
+// reasons depicted below.
+//
+// However! It should be noted that even 160 ticks is darn good result
+// as it's over 10 (yes, ten, spelled as t-e-n) times faster than the
+// C version (compiled with gcc with inline assembler). I really
+// kicked compiler's butt here, didn't I? Yeah! This brings us to the
+// following statement. It's damn shame that this routine isn't called
+// very often nowadays! According to the profiler most CPU time is
+// consumed by bn_mul_add_words called from BN_from_montgomery. In
+// order to estimate what we're missing, I've compared the performance
+// of this routine against "traditional" implementation, i.e. against
+// following routine:
+//
+// void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+// {	r[ 8]=bn_mul_words(    &(r[0]),a,8,b[0]);
+//	r[ 9]=bn_mul_add_words(&(r[1]),a,8,b[1]);
+//	r[10]=bn_mul_add_words(&(r[2]),a,8,b[2]);
+//	r[11]=bn_mul_add_words(&(r[3]),a,8,b[3]);
+//	r[12]=bn_mul_add_words(&(r[4]),a,8,b[4]);
+//	r[13]=bn_mul_add_words(&(r[5]),a,8,b[5]);
+//	r[14]=bn_mul_add_words(&(r[6]),a,8,b[6]);
+//	r[15]=bn_mul_add_words(&(r[7]),a,8,b[7]);
+// }
+//
+// The one below is over 8 times faster than the one above:-( Even
+// more reasons to "combafy" bn_mul_add_mont...
+//
+// And yes, this routine really made me wish there were an optimizing
+// assembler! It also feels like it deserves a dedication.
+//
+//	To my wife for being there and to my kids...
+//
+// void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+//
+#define	carry1	r14
+#define	carry2	r15
+#define	carry3	r34
+.global	bn_mul_comba8#
+.proc	bn_mul_comba8#
+.align	64
+bn_mul_comba8:
+	.prologue
+	.save	ar.pfs,r2
+#if defined(_HPUX_SOURCE) && !defined(_LP64)
+{ .mii;	alloc	r2=ar.pfs,3,0,0,0
+	addp4	r33=0,r33
+	addp4	r34=0,r34		};;
+{ .mii;	addp4	r32=0,r32
+#else
+{ .mii;	alloc   r2=ar.pfs,3,0,0,0
+#endif
+	add	r14=8,r33
+	add	r17=8,r34		}
+	.body
+{ .mii;	add	r15=16,r33
+	add	r18=16,r34
+	add	r16=24,r33		}
+.L_cheat_entry_point8:
+{ .mmi;	add	r19=24,r34
+
+	ldf8	f32=[r33],32		};;
+
+{ .mmi;	ldf8	f120=[r34],32
+	ldf8	f121=[r17],32		}
+{ .mmi;	ldf8	f122=[r18],32
+	ldf8	f123=[r19],32		};;
+{ .mmi;	ldf8	f124=[r34]
+	ldf8	f125=[r17]		}
+{ .mmi;	ldf8	f126=[r18]
+	ldf8	f127=[r19]		}
+
+{ .mmi;	ldf8	f33=[r14],32
+	ldf8	f34=[r15],32		}
+{ .mmi;	ldf8	f35=[r16],32;;
+	ldf8	f36=[r33]		}
+{ .mmi;	ldf8	f37=[r14]
+	ldf8	f38=[r15]		}
+{ .mfi;	ldf8	f39=[r16]
+// -------\ Entering multiplier's heaven /-------
+// ------------\                    /------------
+// -----------------\          /-----------------
+// ----------------------\/----------------------
+		xma.hu	f41=f32,f120,f0		}
+{ .mfi;		xma.lu	f40=f32,f120,f0		};; // (*)
+{ .mfi;		xma.hu	f51=f32,f121,f0		}
+{ .mfi;		xma.lu	f50=f32,f121,f0		};;
+{ .mfi;		xma.hu	f61=f32,f122,f0		}
+{ .mfi;		xma.lu	f60=f32,f122,f0		};;
+{ .mfi;		xma.hu	f71=f32,f123,f0		}
+{ .mfi;		xma.lu	f70=f32,f123,f0		};;
+{ .mfi;		xma.hu	f81=f32,f124,f0		}
+{ .mfi;		xma.lu	f80=f32,f124,f0		};;
+{ .mfi;		xma.hu	f91=f32,f125,f0		}
+{ .mfi;		xma.lu	f90=f32,f125,f0		};;
+{ .mfi;		xma.hu	f101=f32,f126,f0	}
+{ .mfi;		xma.lu	f100=f32,f126,f0	};;
+{ .mfi;		xma.hu	f111=f32,f127,f0	}
+{ .mfi;		xma.lu	f110=f32,f127,f0	};;//
+// (*)	You can argue that splitting at every second bundle would
+//	prevent "wider" IA-64 implementations from achieving the peak
+//	performance. Well, not really... The catch is that if you
+//	intend to keep 4 FP units busy by splitting at every fourth
+//	bundle and thus perform these 16 multiplications in 4 ticks,
+//	the first bundle *below* would stall because the result from
+//	the first xma bundle *above* won't be available for another 3
+//	ticks (if not more, being an optimist, I assume that "wider"
+//	implementation will have same latency:-). This stall will hold
+//	you back and the performance would be as if every second bundle
+//	were split *anyway*...
+{ .mfi;	getf.sig	r16=f40
+		xma.hu	f42=f33,f120,f41
+	add		r33=8,r32		}
+{ .mfi;		xma.lu	f41=f33,f120,f41	};;
+{ .mfi;	getf.sig	r24=f50
+		xma.hu	f52=f33,f121,f51	}
+{ .mfi;		xma.lu	f51=f33,f121,f51	};;
+{ .mfi;	st8		[r32]=r16,16
+		xma.hu	f62=f33,f122,f61	}
+{ .mfi;		xma.lu	f61=f33,f122,f61	};;
+{ .mfi;		xma.hu	f72=f33,f123,f71	}
+{ .mfi;		xma.lu	f71=f33,f123,f71	};;
+{ .mfi;		xma.hu	f82=f33,f124,f81	}
+{ .mfi;		xma.lu	f81=f33,f124,f81	};;
+{ .mfi;		xma.hu	f92=f33,f125,f91	}
+{ .mfi;		xma.lu	f91=f33,f125,f91	};;
+{ .mfi;		xma.hu	f102=f33,f126,f101	}
+{ .mfi;		xma.lu	f101=f33,f126,f101	};;
+{ .mfi;		xma.hu	f112=f33,f127,f111	}
+{ .mfi;		xma.lu	f111=f33,f127,f111	};;//
+//-------------------------------------------------//
+{ .mfi;	getf.sig	r25=f41
+		xma.hu	f43=f34,f120,f42	}
+{ .mfi;		xma.lu	f42=f34,f120,f42	};;
+{ .mfi;	getf.sig	r16=f60
+		xma.hu	f53=f34,f121,f52	}
+{ .mfi;		xma.lu	f52=f34,f121,f52	};;
+{ .mfi;	getf.sig	r17=f51
+		xma.hu	f63=f34,f122,f62
+	add		r25=r25,r24		}
+{ .mfi;		xma.lu	f62=f34,f122,f62
+	mov		carry1=0		};;
+{ .mfi;	cmp.ltu		p6,p0=r25,r24
+		xma.hu	f73=f34,f123,f72	}
+{ .mfi;		xma.lu	f72=f34,f123,f72	};;
+{ .mfi;	st8		[r33]=r25,16
+		xma.hu	f83=f34,f124,f82
+(p6)	add		carry1=1,carry1		}
+{ .mfi;		xma.lu	f82=f34,f124,f82	};;
+{ .mfi;		xma.hu	f93=f34,f125,f92	}
+{ .mfi;		xma.lu	f92=f34,f125,f92	};;
+{ .mfi;		xma.hu	f103=f34,f126,f102	}
+{ .mfi;		xma.lu	f102=f34,f126,f102	};;
+{ .mfi;		xma.hu	f113=f34,f127,f112	}
+{ .mfi;		xma.lu	f112=f34,f127,f112	};;//
+//-------------------------------------------------//
+{ .mfi;	getf.sig	r18=f42
+		xma.hu	f44=f35,f120,f43
+	add		r17=r17,r16		}
+{ .mfi;		xma.lu	f43=f35,f120,f43	};;
+{ .mfi;	getf.sig	r24=f70
+		xma.hu	f54=f35,f121,f53	}
+{ .mfi;	mov		carry2=0
+		xma.lu	f53=f35,f121,f53	};;
+{ .mfi;	getf.sig	r25=f61
+		xma.hu	f64=f35,f122,f63
+	cmp.ltu		p7,p0=r17,r16		}
+{ .mfi;	add		r18=r18,r17
+		xma.lu	f63=f35,f122,f63	};;
+{ .mfi;	getf.sig	r26=f52
+		xma.hu	f74=f35,f123,f73
+(p7)	add		carry2=1,carry2		}
+{ .mfi;	cmp.ltu		p7,p0=r18,r17
+		xma.lu	f73=f35,f123,f73
+	add		r18=r18,carry1		};;
+{ .mfi;
+		xma.hu	f84=f35,f124,f83
+(p7)	add		carry2=1,carry2		}
+{ .mfi;	cmp.ltu		p7,p0=r18,carry1
+		xma.lu	f83=f35,f124,f83	};;
+{ .mfi;	st8		[r32]=r18,16
+		xma.hu	f94=f35,f125,f93
+(p7)	add		carry2=1,carry2		}
+{ .mfi;		xma.lu	f93=f35,f125,f93	};;
+{ .mfi;		xma.hu	f104=f35,f126,f103	}
+{ .mfi;		xma.lu	f103=f35,f126,f103	};;
+{ .mfi;		xma.hu	f114=f35,f127,f113	}
+{ .mfi;	mov		carry1=0
+		xma.lu	f113=f35,f127,f113
+	add		r25=r25,r24		};;//
+//-------------------------------------------------//
+{ .mfi;	getf.sig	r27=f43
+		xma.hu	f45=f36,f120,f44
+	cmp.ltu		p6,p0=r25,r24		}
+{ .mfi;		xma.lu	f44=f36,f120,f44	
+	add		r26=r26,r25		};;
+{ .mfi;	getf.sig	r16=f80
+		xma.hu	f55=f36,f121,f54
+(p6)	add		carry1=1,carry1		}
+{ .mfi;		xma.lu	f54=f36,f121,f54	};;
+{ .mfi;	getf.sig	r17=f71
+		xma.hu	f65=f36,f122,f64
+	cmp.ltu		p6,p0=r26,r25		}
+{ .mfi;		xma.lu	f64=f36,f122,f64
+	add		r27=r27,r26		};;
+{ .mfi;	getf.sig	r18=f62
+		xma.hu	f75=f36,f123,f74
+(p6)	add		carry1=1,carry1		}
+{ .mfi;	cmp.ltu		p6,p0=r27,r26
+		xma.lu	f74=f36,f123,f74
+	add		r27=r27,carry2		};;
+{ .mfi;	getf.sig	r19=f53
+		xma.hu	f85=f36,f124,f84
+(p6)	add		carry1=1,carry1		}
+{ .mfi;		xma.lu	f84=f36,f124,f84
+	cmp.ltu		p6,p0=r27,carry2	};;
+{ .mfi;	st8		[r33]=r27,16
+		xma.hu	f95=f36,f125,f94
+(p6)	add		carry1=1,carry1		}
+{ .mfi;		xma.lu	f94=f36,f125,f94	};;
+{ .mfi;		xma.hu	f105=f36,f126,f104	}
+{ .mfi;	mov		carry2=0
+		xma.lu	f104=f36,f126,f104
+	add		r17=r17,r16		};;
+{ .mfi;		xma.hu	f115=f36,f127,f114
+	cmp.ltu		p7,p0=r17,r16		}
+{ .mfi;		xma.lu	f114=f36,f127,f114
+	add		r18=r18,r17		};;//
+//-------------------------------------------------//
+{ .mfi;	getf.sig	r20=f44
+		xma.hu	f46=f37,f120,f45
+(p7)	add		carry2=1,carry2		}
+{ .mfi;	cmp.ltu		p7,p0=r18,r17
+		xma.lu	f45=f37,f120,f45
+	add		r19=r19,r18		};;
+{ .mfi;	getf.sig	r24=f90
+		xma.hu	f56=f37,f121,f55	}
+{ .mfi;		xma.lu	f55=f37,f121,f55	};;
+{ .mfi;	getf.sig	r25=f81
+		xma.hu	f66=f37,f122,f65
+(p7)	add		carry2=1,carry2		}
+{ .mfi;	cmp.ltu		p7,p0=r19,r18
+		xma.lu	f65=f37,f122,f65
+	add		r20=r20,r19		};;
+{ .mfi;	getf.sig	r26=f72
+		xma.hu	f76=f37,f123,f75
+(p7)	add		carry2=1,carry2		}
+{ .mfi;	cmp.ltu		p7,p0=r20,r19
+		xma.lu	f75=f37,f123,f75
+	add		r20=r20,carry1		};;
+{ .mfi;	getf.sig	r27=f63
+		xma.hu	f86=f37,f124,f85
+(p7)	add		carry2=1,carry2		}
+{ .mfi;		xma.lu	f85=f37,f124,f85
+	cmp.ltu		p7,p0=r20,carry1	};;
+{ .mfi;	getf.sig	r28=f54
+		xma.hu	f96=f37,f125,f95
+(p7)	add		carry2=1,carry2		}
+{ .mfi;	st8		[r32]=r20,16
+		xma.lu	f95=f37,f125,f95	};;
+{ .mfi;		xma.hu	f106=f37,f126,f105	}
+{ .mfi;	mov		carry1=0
+		xma.lu	f105=f37,f126,f105
+	add		r25=r25,r24		};;
+{ .mfi;		xma.hu	f116=f37,f127,f115
+	cmp.ltu		p6,p0=r25,r24		}
+{ .mfi;		xma.lu	f115=f37,f127,f115
+	add		r26=r26,r25		};;//
+//-------------------------------------------------//
+{ .mfi;	getf.sig	r29=f45
+		xma.hu	f47=f38,f120,f46
+(p6)	add		carry1=1,carry1		}
+{ .mfi;	cmp.ltu		p6,p0=r26,r25
+		xma.lu	f46=f38,f120,f46
+	add		r27=r27,r26		};;
+{ .mfi;	getf.sig	r16=f100
+		xma.hu	f57=f38,f121,f56
+(p6)	add		carry1=1,carry1		}
+{ .mfi;	cmp.ltu		p6,p0=r27,r26
+		xma.lu	f56=f38,f121,f56
+	add		r28=r28,r27		};;
+{ .mfi;	getf.sig	r17=f91
+		xma.hu	f67=f38,f122,f66
+(p6)	add		carry1=1,carry1		}
+{ .mfi;	cmp.ltu		p6,p0=r28,r27
+		xma.lu	f66=f38,f122,f66
+	add		r29=r29,r28		};;
+{ .mfi;	getf.sig	r18=f82
+		xma.hu	f77=f38,f123,f76
+(p6)	add		carry1=1,carry1		}
+{ .mfi;	cmp.ltu		p6,p0=r29,r28
+		xma.lu	f76=f38,f123,f76
+	add		r29=r29,carry2		};;
+{ .mfi;	getf.sig	r19=f73
+		xma.hu	f87=f38,f124,f86
+(p6)	add		carry1=1,carry1		}
+{ .mfi;		xma.lu	f86=f38,f124,f86
+	cmp.ltu		p6,p0=r29,carry2	};;
+{ .mfi;	getf.sig	r20=f64
+		xma.hu	f97=f38,f125,f96
+(p6)	add		carry1=1,carry1		}
+{ .mfi;	st8		[r33]=r29,16
+		xma.lu	f96=f38,f125,f96	};;
+{ .mfi;	getf.sig	r21=f55
+		xma.hu	f107=f38,f126,f106	}
+{ .mfi;	mov		carry2=0
+		xma.lu	f106=f38,f126,f106
+	add		r17=r17,r16		};;
+{ .mfi;		xma.hu	f117=f38,f127,f116
+	cmp.ltu		p7,p0=r17,r16		}
+{ .mfi;		xma.lu	f116=f38,f127,f116
+	add		r18=r18,r17		};;//
+//-------------------------------------------------//
+{ .mfi;	getf.sig	r22=f46
+		xma.hu	f48=f39,f120,f47
+(p7)	add		carry2=1,carry2		}
+{ .mfi;	cmp.ltu		p7,p0=r18,r17
+		xma.lu	f47=f39,f120,f47
+	add		r19=r19,r18		};;
+{ .mfi;	getf.sig	r24=f110
+		xma.hu	f58=f39,f121,f57
+(p7)	add		carry2=1,carry2		}
+{ .mfi;	cmp.ltu		p7,p0=r19,r18
+		xma.lu	f57=f39,f121,f57
+	add		r20=r20,r19		};;
+{ .mfi;	getf.sig	r25=f101
+		xma.hu	f68=f39,f122,f67
+(p7)	add		carry2=1,carry2		}
+{ .mfi;	cmp.ltu		p7,p0=r20,r19
+		xma.lu	f67=f39,f122,f67
+	add		r21=r21,r20		};;
+{ .mfi;	getf.sig	r26=f92
+		xma.hu	f78=f39,f123,f77
+(p7)	add		carry2=1,carry2		}
+{ .mfi;	cmp.ltu		p7,p0=r21,r20
+		xma.lu	f77=f39,f123,f77
+	add		r22=r22,r21		};;
+{ .mfi;	getf.sig	r27=f83
+		xma.hu	f88=f39,f124,f87
+(p7)	add		carry2=1,carry2		}
+{ .mfi;	cmp.ltu		p7,p0=r22,r21
+		xma.lu	f87=f39,f124,f87
+	add		r22=r22,carry1		};;
+{ .mfi;	getf.sig	r28=f74
+		xma.hu	f98=f39,f125,f97
+(p7)	add		carry2=1,carry2		}
+{ .mfi;		xma.lu	f97=f39,f125,f97
+	cmp.ltu		p7,p0=r22,carry1	};;
+{ .mfi;	getf.sig	r29=f65
+		xma.hu	f108=f39,f126,f107
+(p7)	add		carry2=1,carry2		}
+{ .mfi;	st8		[r32]=r22,16
+		xma.lu	f107=f39,f126,f107	};;
+{ .mfi;	getf.sig	r30=f56
+		xma.hu	f118=f39,f127,f117	}
+{ .mfi;		xma.lu	f117=f39,f127,f117	};;//
+//-------------------------------------------------//
+// Leaving multiplier's heaven... Quite a ride, huh?
+
+{ .mii;	getf.sig	r31=f47
+	add		r25=r25,r24
+	mov		carry1=0		};;
+{ .mii;		getf.sig	r16=f111
+	cmp.ltu		p6,p0=r25,r24
+	add		r26=r26,r25		};;
+{ .mfb;		getf.sig	r17=f102	}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r26,r25
+	add		r27=r27,r26		};;
+{ .mfb;	nop.m	0x0				}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r27,r26
+	add		r28=r28,r27		};;
+{ .mii;		getf.sig	r18=f93
+		add		r17=r17,r16
+		mov		carry3=0	}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r28,r27
+	add		r29=r29,r28		};;
+{ .mii;		getf.sig	r19=f84
+		cmp.ltu		p7,p0=r17,r16	}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r29,r28
+	add		r30=r30,r29		};;
+{ .mii;		getf.sig	r20=f75
+		add		r18=r18,r17	}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r30,r29
+	add		r31=r31,r30		};;
+{ .mfb;		getf.sig	r21=f66		}
+{ .mii;	(p7)	add		carry3=1,carry3
+		cmp.ltu		p7,p0=r18,r17
+		add		r19=r19,r18	}
+{ .mfb;	nop.m	0x0				}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r31,r30
+	add		r31=r31,carry2		};;
+{ .mfb;		getf.sig	r22=f57		}
+{ .mii;	(p7)	add		carry3=1,carry3
+		cmp.ltu		p7,p0=r19,r18
+		add		r20=r20,r19	}
+{ .mfb;	nop.m	0x0				}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r31,carry2	};;
+{ .mfb;		getf.sig	r23=f48		}
+{ .mii;	(p7)	add		carry3=1,carry3
+		cmp.ltu		p7,p0=r20,r19
+		add		r21=r21,r20	}
+{ .mii;
+(p6)	add		carry1=1,carry1		}
+{ .mfb;	st8		[r33]=r31,16		};;
+
+{ .mfb;	getf.sig	r24=f112		}
+{ .mii;	(p7)	add		carry3=1,carry3
+		cmp.ltu		p7,p0=r21,r20
+		add		r22=r22,r21	};;
+{ .mfb;	getf.sig	r25=f103		}
+{ .mii;	(p7)	add		carry3=1,carry3
+		cmp.ltu		p7,p0=r22,r21
+		add		r23=r23,r22	};;
+{ .mfb;	getf.sig	r26=f94			}
+{ .mii;	(p7)	add		carry3=1,carry3
+		cmp.ltu		p7,p0=r23,r22
+		add		r23=r23,carry1	};;
+{ .mfb;	getf.sig	r27=f85			}
+{ .mii;	(p7)	add		carry3=1,carry3
+		cmp.ltu		p7,p8=r23,carry1};;
+{ .mii;	getf.sig	r28=f76
+	add		r25=r25,r24
+	mov		carry1=0		}
+{ .mii;		st8		[r32]=r23,16
+	(p7)	add		carry2=1,carry3
+	(p8)	add		carry2=0,carry3	};;
+
+{ .mfb;	nop.m	0x0				}
+{ .mii;	getf.sig	r29=f67
+	cmp.ltu		p6,p0=r25,r24
+	add		r26=r26,r25		};;
+{ .mfb;	getf.sig	r30=f58			}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r26,r25
+	add		r27=r27,r26		};;
+{ .mfb;		getf.sig	r16=f113	}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r27,r26
+	add		r28=r28,r27		};;
+{ .mfb;		getf.sig	r17=f104	}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r28,r27
+	add		r29=r29,r28		};;
+{ .mfb;		getf.sig	r18=f95		}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r29,r28
+	add		r30=r30,r29		};;
+{ .mii;		getf.sig	r19=f86
+		add		r17=r17,r16
+		mov		carry3=0	}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r30,r29
+	add		r30=r30,carry2		};;
+{ .mii;		getf.sig	r20=f77
+		cmp.ltu		p7,p0=r17,r16
+		add		r18=r18,r17	}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r30,carry2	};;
+{ .mfb;		getf.sig	r21=f68		}
+{ .mii;	st8		[r33]=r30,16
+(p6)	add		carry1=1,carry1		};;
+
+{ .mfb;	getf.sig	r24=f114		}
+{ .mii;	(p7)	add		carry3=1,carry3
+		cmp.ltu		p7,p0=r18,r17
+		add		r19=r19,r18	};;
+{ .mfb;	getf.sig	r25=f105		}
+{ .mii;	(p7)	add		carry3=1,carry3
+		cmp.ltu		p7,p0=r19,r18
+		add		r20=r20,r19	};;
+{ .mfb;	getf.sig	r26=f96			}
+{ .mii;	(p7)	add		carry3=1,carry3
+		cmp.ltu		p7,p0=r20,r19
+		add		r21=r21,r20	};;
+{ .mfb;	getf.sig	r27=f87			}
+{ .mii;	(p7)	add		carry3=1,carry3
+		cmp.ltu		p7,p0=r21,r20
+		add		r21=r21,carry1	};;
+{ .mib;	getf.sig	r28=f78			
+	add		r25=r25,r24		}
+{ .mib;	(p7)	add		carry3=1,carry3
+		cmp.ltu		p7,p8=r21,carry1};;
+{ .mii;		st8		[r32]=r21,16
+	(p7)	add		carry2=1,carry3
+	(p8)	add		carry2=0,carry3	}
+
+{ .mii;	mov		carry1=0
+	cmp.ltu		p6,p0=r25,r24
+	add		r26=r26,r25		};;
+{ .mfb;		getf.sig	r16=f115	}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r26,r25
+	add		r27=r27,r26		};;
+{ .mfb;		getf.sig	r17=f106	}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r27,r26
+	add		r28=r28,r27		};;
+{ .mfb;		getf.sig	r18=f97		}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r28,r27
+	add		r28=r28,carry2		};;
+{ .mib;		getf.sig	r19=f88
+		add		r17=r17,r16	}
+{ .mib;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r28,carry2	};;
+{ .mii;	st8		[r33]=r28,16
+(p6)	add		carry1=1,carry1		}
+
+{ .mii;		mov		carry2=0
+		cmp.ltu		p7,p0=r17,r16
+		add		r18=r18,r17	};;
+{ .mfb;	getf.sig	r24=f116		}
+{ .mii;	(p7)	add		carry2=1,carry2
+		cmp.ltu		p7,p0=r18,r17
+		add		r19=r19,r18	};;
+{ .mfb;	getf.sig	r25=f107		}
+{ .mii;	(p7)	add		carry2=1,carry2
+		cmp.ltu		p7,p0=r19,r18
+		add		r19=r19,carry1	};;
+{ .mfb;	getf.sig	r26=f98			}
+{ .mii;	(p7)	add		carry2=1,carry2
+		cmp.ltu		p7,p0=r19,carry1};;
+{ .mii;		st8		[r32]=r19,16
+	(p7)	add		carry2=1,carry2	}
+
+{ .mfb;	add		r25=r25,r24		};;
+
+{ .mfb;		getf.sig	r16=f117	}
+{ .mii;	mov		carry1=0
+	cmp.ltu		p6,p0=r25,r24
+	add		r26=r26,r25		};;
+{ .mfb;		getf.sig	r17=f108	}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r26,r25
+	add		r26=r26,carry2		};;
+{ .mfb;	nop.m	0x0				}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r26,carry2	};;
+{ .mii;	st8		[r33]=r26,16
+(p6)	add		carry1=1,carry1		}
+
+{ .mfb;		add		r17=r17,r16	};;
+{ .mfb;	getf.sig	r24=f118		}
+{ .mii;		mov		carry2=0
+		cmp.ltu		p7,p0=r17,r16
+		add		r17=r17,carry1	};;
+{ .mii;	(p7)	add		carry2=1,carry2
+		cmp.ltu		p7,p0=r17,carry1};;
+{ .mii;		st8		[r32]=r17
+	(p7)	add		carry2=1,carry2	};;
+{ .mfb;	add		r24=r24,carry2		};;
+{ .mib;	st8		[r33]=r24		}
+
+{ .mib;	rum		1<<5		// clear um.mfh
+	br.ret.sptk.many	b0	};;
+.endp	bn_mul_comba8#
+#undef	carry3
+#undef	carry2
+#undef	carry1
+#endif
+
+#if 1
+// It's possible to make it faster (see comment to bn_sqr_comba8), but
+// I reckon it doesn't worth the effort. Basically because the routine
+// (actually both of them) practically never called... So I just play
+// same trick as with bn_sqr_comba8.
+//
+// void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
+//
+.global	bn_sqr_comba4#
+.proc	bn_sqr_comba4#
+.align	64
+bn_sqr_comba4:
+	.prologue
+	.save	ar.pfs,r2
+#if defined(_HPUX_SOURCE) && !defined(_LP64)
+{ .mii;	alloc   r2=ar.pfs,2,1,0,0
+	addp4	r32=0,r32
+	addp4	r33=0,r33		};;
+{ .mii;
+#else
+{ .mii;	alloc	r2=ar.pfs,2,1,0,0
+#endif
+	mov	r34=r33
+	add	r14=8,r33		};;
+	.body
+{ .mii;	add	r17=8,r34
+	add	r15=16,r33
+	add	r18=16,r34		}
+{ .mfb;	add	r16=24,r33
+	br	.L_cheat_entry_point4	};;
+.endp	bn_sqr_comba4#
+#endif
+
+#if 1
+// Runs in ~115 cycles and ~4.5 times faster than C. Well, whatever...
+//
+// void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+//
+#define	carry1	r14
+#define	carry2	r15
+.global	bn_mul_comba4#
+.proc	bn_mul_comba4#
+.align	64
+bn_mul_comba4:
+	.prologue
+	.save	ar.pfs,r2
+#if defined(_HPUX_SOURCE) && !defined(_LP64)
+{ .mii;	alloc   r2=ar.pfs,3,0,0,0
+	addp4	r33=0,r33
+	addp4	r34=0,r34		};;
+{ .mii;	addp4	r32=0,r32
+#else
+{ .mii;	alloc	r2=ar.pfs,3,0,0,0
+#endif
+	add	r14=8,r33
+	add	r17=8,r34		}
+	.body
+{ .mii;	add	r15=16,r33
+	add	r18=16,r34
+	add	r16=24,r33		};;
+.L_cheat_entry_point4:
+{ .mmi;	add	r19=24,r34
+
+	ldf8	f32=[r33]		}
+
+{ .mmi;	ldf8	f120=[r34]
+	ldf8	f121=[r17]		};;
+{ .mmi;	ldf8	f122=[r18]
+	ldf8	f123=[r19]		}
+
+{ .mmi;	ldf8	f33=[r14]
+	ldf8	f34=[r15]		}
+{ .mfi;	ldf8	f35=[r16]
+
+		xma.hu	f41=f32,f120,f0		}
+{ .mfi;		xma.lu	f40=f32,f120,f0		};;
+{ .mfi;		xma.hu	f51=f32,f121,f0		}
+{ .mfi;		xma.lu	f50=f32,f121,f0		};;
+{ .mfi;		xma.hu	f61=f32,f122,f0		}
+{ .mfi;		xma.lu	f60=f32,f122,f0		};;
+{ .mfi;		xma.hu	f71=f32,f123,f0		}
+{ .mfi;		xma.lu	f70=f32,f123,f0		};;//
+// Major stall takes place here, and 3 more places below. Result from
+// first xma is not available for another 3 ticks.
+{ .mfi;	getf.sig	r16=f40
+		xma.hu	f42=f33,f120,f41
+	add		r33=8,r32		}
+{ .mfi;		xma.lu	f41=f33,f120,f41	};;
+{ .mfi;	getf.sig	r24=f50
+		xma.hu	f52=f33,f121,f51	}
+{ .mfi;		xma.lu	f51=f33,f121,f51	};;
+{ .mfi;	st8		[r32]=r16,16
+		xma.hu	f62=f33,f122,f61	}
+{ .mfi;		xma.lu	f61=f33,f122,f61	};;
+{ .mfi;		xma.hu	f72=f33,f123,f71	}
+{ .mfi;		xma.lu	f71=f33,f123,f71	};;//
+//-------------------------------------------------//
+{ .mfi;	getf.sig	r25=f41
+		xma.hu	f43=f34,f120,f42	}
+{ .mfi;		xma.lu	f42=f34,f120,f42	};;
+{ .mfi;	getf.sig	r16=f60
+		xma.hu	f53=f34,f121,f52	}
+{ .mfi;		xma.lu	f52=f34,f121,f52	};;
+{ .mfi;	getf.sig	r17=f51
+		xma.hu	f63=f34,f122,f62
+	add		r25=r25,r24		}
+{ .mfi;	mov		carry1=0
+		xma.lu	f62=f34,f122,f62	};;
+{ .mfi;	st8		[r33]=r25,16
+		xma.hu	f73=f34,f123,f72
+	cmp.ltu		p6,p0=r25,r24		}
+{ .mfi;		xma.lu	f72=f34,f123,f72	};;//
+//-------------------------------------------------//
+{ .mfi;	getf.sig	r18=f42
+		xma.hu	f44=f35,f120,f43
+(p6)	add		carry1=1,carry1		}
+{ .mfi;	add		r17=r17,r16
+		xma.lu	f43=f35,f120,f43
+	mov		carry2=0		};;
+{ .mfi;	getf.sig	r24=f70
+		xma.hu	f54=f35,f121,f53
+	cmp.ltu		p7,p0=r17,r16		}
+{ .mfi;		xma.lu	f53=f35,f121,f53	};;
+{ .mfi;	getf.sig	r25=f61
+		xma.hu	f64=f35,f122,f63
+	add		r18=r18,r17		}
+{ .mfi;		xma.lu	f63=f35,f122,f63
+(p7)	add		carry2=1,carry2		};;
+{ .mfi;	getf.sig	r26=f52
+		xma.hu	f74=f35,f123,f73
+	cmp.ltu		p7,p0=r18,r17		}
+{ .mfi;		xma.lu	f73=f35,f123,f73
+	add		r18=r18,carry1		};;
+//-------------------------------------------------//
+{ .mii;	st8		[r32]=r18,16
+(p7)	add		carry2=1,carry2
+	cmp.ltu		p7,p0=r18,carry1	};;
+
+{ .mfi;	getf.sig	r27=f43	// last major stall
+(p7)	add		carry2=1,carry2		};;
+{ .mii;		getf.sig	r16=f71
+	add		r25=r25,r24
+	mov		carry1=0		};;
+{ .mii;		getf.sig	r17=f62	
+	cmp.ltu		p6,p0=r25,r24
+	add		r26=r26,r25		};;
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r26,r25
+	add		r27=r27,r26		};;
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r27,r26
+	add		r27=r27,carry2		};;
+{ .mii;		getf.sig	r18=f53
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r27,carry2	};;
+{ .mfi;	st8		[r33]=r27,16
+(p6)	add		carry1=1,carry1		}
+
+{ .mii;		getf.sig	r19=f44
+		add		r17=r17,r16
+		mov		carry2=0	};;
+{ .mii;	getf.sig	r24=f72
+		cmp.ltu		p7,p0=r17,r16
+		add		r18=r18,r17	};;
+{ .mii;	(p7)	add		carry2=1,carry2
+		cmp.ltu		p7,p0=r18,r17
+		add		r19=r19,r18	};;
+{ .mii;	(p7)	add		carry2=1,carry2
+		cmp.ltu		p7,p0=r19,r18
+		add		r19=r19,carry1	};;
+{ .mii;	getf.sig	r25=f63
+	(p7)	add		carry2=1,carry2
+		cmp.ltu		p7,p0=r19,carry1};;
+{ .mii;		st8		[r32]=r19,16
+	(p7)	add		carry2=1,carry2	}
+
+{ .mii;	getf.sig	r26=f54
+	add		r25=r25,r24
+	mov		carry1=0		};;
+{ .mii;		getf.sig	r16=f73
+	cmp.ltu		p6,p0=r25,r24
+	add		r26=r26,r25		};;
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r26,r25
+	add		r26=r26,carry2		};;
+{ .mii;		getf.sig	r17=f64
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r26,carry2	};;
+{ .mii;	st8		[r33]=r26,16
+(p6)	add		carry1=1,carry1		}
+
+{ .mii;	getf.sig	r24=f74
+		add		r17=r17,r16	
+		mov		carry2=0	};;
+{ .mii;		cmp.ltu		p7,p0=r17,r16
+		add		r17=r17,carry1	};;
+
+{ .mii;	(p7)	add		carry2=1,carry2
+		cmp.ltu		p7,p0=r17,carry1};;
+{ .mii;		st8		[r32]=r17,16
+	(p7)	add		carry2=1,carry2	};;
+
+{ .mii;	add		r24=r24,carry2		};;
+{ .mii;	st8		[r33]=r24		}
+
+{ .mib;	rum		1<<5		// clear um.mfh
+	br.ret.sptk.many	b0	};;
+.endp	bn_mul_comba4#
+#undef	carry2
+#undef	carry1
+#endif
+
+#if 1
+//
+// BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
+//
+// In the nutshell it's a port of my MIPS III/IV implementation.
+//
+#define	AT	r14
+#define	H	r16
+#define	HH	r20
+#define	L	r17
+#define	D	r18
+#define	DH	r22
+#define	I	r21
+
+#if 0
+// Some preprocessors (most notably HP-UX) appear to be allergic to
+// macros enclosed to parenthesis [as these three were].
+#define	cont	p16
+#define	break	p0	// p20
+#define	equ	p24
+#else
+cont=p16
+break=p0
+equ=p24
+#endif
+
+.global	abort#
+.global	bn_div_words#
+.proc	bn_div_words#
+.align	64
+bn_div_words:
+	.prologue
+	.save	ar.pfs,r2
+{ .mii;	alloc		r2=ar.pfs,3,5,0,8
+	.save	b0,r3
+	mov		r3=b0
+	.save	pr,r10
+	mov		r10=pr		};;
+{ .mmb;	cmp.eq		p6,p0=r34,r0
+	mov		r8=-1
+(p6)	br.ret.spnt.many	b0	};;
+
+	.body
+{ .mii;	mov		H=r32		// save h
+	mov		ar.ec=0		// don't rotate at exit
+	mov		pr.rot=0	}
+{ .mii;	mov		L=r33		// save l
+	mov		r25=r0		// needed if abort is called on VMS
+	mov		r36=r0		};;
+
+.L_divw_shift:	// -vv- note signed comparison
+{ .mfi;	(p0)	cmp.lt		p16,p0=r0,r34	// d
+	(p0)	shladd		r33=r34,1,r0	}
+{ .mfb;	(p0)	add		r35=1,r36
+	(p0)	nop.f		0x0
+(p16)	br.wtop.dpnt		.L_divw_shift	};;
+
+{ .mii;	mov		D=r34
+	shr.u		DH=r34,32
+	sub		r35=64,r36		};;
+{ .mii;	setf.sig	f7=DH
+	shr.u		AT=H,r35
+	mov		I=r36			};;
+{ .mib;	cmp.ne		p6,p0=r0,AT
+	shl		H=H,r36
+(p6)	br.call.spnt.clr	b0=abort	};;	// overflow, die...
+
+{ .mfi;	fcvt.xuf.s1	f7=f7
+	shr.u		AT=L,r35		};;
+{ .mii;	shl		L=L,r36
+	or		H=H,AT			};;
+
+{ .mii;	nop.m		0x0
+	cmp.leu		p6,p0=D,H;;
+(p6)	sub		H=H,D			}
+
+{ .mlx;	setf.sig	f14=D
+	movl		AT=0xffffffff		};;
+///////////////////////////////////////////////////////////
+{ .mii;	setf.sig	f6=H
+	shr.u		HH=H,32;;
+	cmp.eq		p6,p7=HH,DH		};;
+{ .mfb;
+(p6)	setf.sig	f8=AT
+(p7)	fcvt.xuf.s1	f6=f6
+(p7)	br.call.sptk	b6=.L_udiv64_32_b6	};;
+
+{ .mfi;	getf.sig	r33=f8				// q
+	xmpy.lu		f9=f8,f14		}
+{ .mfi;	xmpy.hu		f10=f8,f14
+	shrp		H=H,L,32		};;
+
+{ .mmi;	getf.sig	r35=f9				// tl
+	getf.sig	r31=f10			};;	// th
+
+.L_divw_1st_iter:
+{ .mii;	(p0)	add		r32=-1,r33
+	(p0)	cmp.eq		equ,cont=HH,r31		};;
+{ .mii;	(p0)	cmp.ltu		p8,p0=r35,D
+	(p0)	sub		r34=r35,D
+	(equ)	cmp.leu		break,cont=r35,H	};;
+{ .mib;	(cont)	cmp.leu		cont,break=HH,r31
+	(p8)	add		r31=-1,r31
+(cont)	br.wtop.spnt		.L_divw_1st_iter	};;
+///////////////////////////////////////////////////////////
+{ .mii;	sub		H=H,r35
+	shl		r8=r33,32
+	shl		L=L,32			};;
+///////////////////////////////////////////////////////////
+{ .mii;	setf.sig	f6=H
+	shr.u		HH=H,32;;
+	cmp.eq		p6,p7=HH,DH		};;
+{ .mfb;
+(p6)	setf.sig	f8=AT
+(p7)	fcvt.xuf.s1	f6=f6
+(p7)	br.call.sptk	b6=.L_udiv64_32_b6	};;
+
+{ .mfi;	getf.sig	r33=f8				// q
+	xmpy.lu		f9=f8,f14		}
+{ .mfi;	xmpy.hu		f10=f8,f14
+	shrp		H=H,L,32		};;
+
+{ .mmi;	getf.sig	r35=f9				// tl
+	getf.sig	r31=f10			};;	// th
+
+.L_divw_2nd_iter:
+{ .mii;	(p0)	add		r32=-1,r33
+	(p0)	cmp.eq		equ,cont=HH,r31		};;
+{ .mii;	(p0)	cmp.ltu		p8,p0=r35,D
+	(p0)	sub		r34=r35,D
+	(equ)	cmp.leu		break,cont=r35,H	};;
+{ .mib;	(cont)	cmp.leu		cont,break=HH,r31
+	(p8)	add		r31=-1,r31
+(cont)	br.wtop.spnt		.L_divw_2nd_iter	};;
+///////////////////////////////////////////////////////////
+{ .mii;	sub	H=H,r35
+	or	r8=r8,r33
+	mov	ar.pfs=r2		};;
+{ .mii;	shr.u	r9=H,I			// remainder if anybody wants it
+	mov	pr=r10,0x1ffff		}
+{ .mfb;	br.ret.sptk.many	b0	};;
+
+// Unsigned 64 by 32 (well, by 64 for the moment) bit integer division
+// procedure.
+//
+// inputs:	f6 = (double)a, f7 = (double)b
+// output:	f8 = (int)(a/b)
+// clobbered:	f8,f9,f10,f11,pred
+pred=p15
+// This snippet is based on text found in the "Divide, Square
+// Root and Remainder" section at
+// http://www.intel.com/software/products/opensource/libraries/num.htm.
+// Yes, I admit that the referred code was used as template,
+// but after I realized that there hardly is any other instruction
+// sequence which would perform this operation. I mean I figure that
+// any independent attempt to implement high-performance division
+// will result in code virtually identical to the Intel code. It
+// should be noted though that below division kernel is 1 cycle
+// faster than Intel one (note commented splits:-), not to mention
+// original prologue (rather lack of one) and epilogue.
+.align	32
+.skip	16
+.L_udiv64_32_b6:
+	frcpa.s1	f8,pred=f6,f7;;		// [0]  y0 = 1 / b
+
+(pred)	fnma.s1		f9=f7,f8,f1		// [5]  e0 = 1 - b * y0
+(pred)	fmpy.s1		f10=f6,f8;;		// [5]  q0 = a * y0
+(pred)	fmpy.s1		f11=f9,f9		// [10] e1 = e0 * e0
+(pred)	fma.s1		f10=f9,f10,f10;;	// [10] q1 = q0 + e0 * q0
+(pred)	fma.s1		f8=f9,f8,f8	//;;	// [15] y1 = y0 + e0 * y0
+(pred)	fma.s1		f9=f11,f10,f10;;	// [15] q2 = q1 + e1 * q1
+(pred)	fma.s1		f8=f11,f8,f8	//;;	// [20] y2 = y1 + e1 * y1
+(pred)	fnma.s1		f10=f7,f9,f6;;		// [20] r2 = a - b * q2
+(pred)	fma.s1		f8=f10,f8,f9;;		// [25] q3 = q2 + r2 * y2
+
+	fcvt.fxu.trunc.s1	f8=f8		// [30] q = trunc(q3)
+	br.ret.sptk.many	b6;;
+.endp	bn_div_words#
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/mips-mont.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/mips-mont.pl
new file mode 100644
index 000000000..fbe5d04f7
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/mips-mont.pl
@@ -0,0 +1,433 @@
+#! /usr/bin/env perl
+# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# This module doesn't present direct interest for OpenSSL, because it
+# doesn't provide better performance for longer keys, at least not on
+# in-order-execution cores. While 512-bit RSA sign operations can be
+# 65% faster in 64-bit mode, 1024-bit ones are only 15% faster, and
+# 4096-bit ones are up to 15% slower. In 32-bit mode it varies from
+# 16% improvement for 512-bit RSA sign to -33% for 4096-bit RSA
+# verify:-( All comparisons are against bn_mul_mont-free assembler.
+# The module might be of interest to embedded system developers, as
+# the code is smaller than 1KB, yet offers >3x improvement on MIPS64
+# and 75-30% [less for longer keys] on MIPS32 over compiler-generated
+# code.
+
+######################################################################
+# There is a number of MIPS ABI in use, O32 and N32/64 are most
+# widely used. Then there is a new contender: NUBI. It appears that if
+# one picks the latter, it's possible to arrange code in ABI neutral
+# manner. Therefore let's stick to NUBI register layout:
+#
+($zero,$at,$t0,$t1,$t2)=map("\$$_",(0..2,24,25));
+($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11));
+($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7,$s8,$s9,$s10,$s11)=map("\$$_",(12..23));
+($gp,$tp,$sp,$fp,$ra)=map("\$$_",(3,28..31));
+#
+# The return value is placed in $a0. Following coding rules facilitate
+# interoperability:
+#
+# - never ever touch $tp, "thread pointer", former $gp;
+# - copy return value to $t0, former $v0 [or to $a0 if you're adapting
+#   old code];
+# - on O32 populate $a4-$a7 with 'lw $aN,4*N($sp)' if necessary;
+#
+# For reference here is register layout for N32/64 MIPS ABIs:
+#
+# ($zero,$at,$v0,$v1)=map("\$$_",(0..3));
+# ($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11));
+# ($t0,$t1,$t2,$t3,$t8,$t9)=map("\$$_",(12..15,24,25));
+# ($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7)=map("\$$_",(16..23));
+# ($gp,$sp,$fp,$ra)=map("\$$_",(28..31));
+#
+$flavour = shift || "o32"; # supported flavours are o32,n32,64,nubi32,nubi64
+
+if ($flavour =~ /64|n32/i) {
+	$PTR_ADD="daddu";	# incidentally works even on n32
+	$PTR_SUB="dsubu";	# incidentally works even on n32
+	$REG_S="sd";
+	$REG_L="ld";
+	$SZREG=8;
+} else {
+	$PTR_ADD="addu";
+	$PTR_SUB="subu";
+	$REG_S="sw";
+	$REG_L="lw";
+	$SZREG=4;
+}
+$SAVED_REGS_MASK = ($flavour =~ /nubi/i) ? 0x00fff000 : 0x00ff0000;
+#
+# <appro@openssl.org>
+#
+######################################################################
+
+while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+open STDOUT,">$output";
+
+if ($flavour =~ /64|n32/i) {
+	$LD="ld";
+	$ST="sd";
+	$MULTU="dmultu";
+	$ADDU="daddu";
+	$SUBU="dsubu";
+	$BNSZ=8;
+} else {
+	$LD="lw";
+	$ST="sw";
+	$MULTU="multu";
+	$ADDU="addu";
+	$SUBU="subu";
+	$BNSZ=4;
+}
+
+# int bn_mul_mont(
+$rp=$a0;	# BN_ULONG *rp,
+$ap=$a1;	# const BN_ULONG *ap,
+$bp=$a2;	# const BN_ULONG *bp,
+$np=$a3;	# const BN_ULONG *np,
+$n0=$a4;	# const BN_ULONG *n0,
+$num=$a5;	# int num);
+
+$lo0=$a6;
+$hi0=$a7;
+$lo1=$t1;
+$hi1=$t2;
+$aj=$s0;
+$bi=$s1;
+$nj=$s2;
+$tp=$s3;
+$alo=$s4;
+$ahi=$s5;
+$nlo=$s6;
+$nhi=$s7;
+$tj=$s8;
+$i=$s9;
+$j=$s10;
+$m1=$s11;
+
+$FRAMESIZE=14;
+
+$code=<<___;
+#include "mips_arch.h"
+
+.text
+
+.set	noat
+.set	noreorder
+
+.align	5
+.globl	bn_mul_mont
+.ent	bn_mul_mont
+bn_mul_mont:
+___
+$code.=<<___ if ($flavour =~ /o32/i);
+	lw	$n0,16($sp)
+	lw	$num,20($sp)
+___
+$code.=<<___;
+	slt	$at,$num,4
+	bnez	$at,1f
+	li	$t0,0
+	slt	$at,$num,17	# on in-order CPU
+	bnez	$at,bn_mul_mont_internal
+	nop
+1:	jr	$ra
+	li	$a0,0
+.end	bn_mul_mont
+
+.align	5
+.ent	bn_mul_mont_internal
+bn_mul_mont_internal:
+	.frame	$fp,$FRAMESIZE*$SZREG,$ra
+	.mask	0x40000000|$SAVED_REGS_MASK,-$SZREG
+	$PTR_SUB $sp,$FRAMESIZE*$SZREG
+	$REG_S	$fp,($FRAMESIZE-1)*$SZREG($sp)
+	$REG_S	$s11,($FRAMESIZE-2)*$SZREG($sp)
+	$REG_S	$s10,($FRAMESIZE-3)*$SZREG($sp)
+	$REG_S	$s9,($FRAMESIZE-4)*$SZREG($sp)
+	$REG_S	$s8,($FRAMESIZE-5)*$SZREG($sp)
+	$REG_S	$s7,($FRAMESIZE-6)*$SZREG($sp)
+	$REG_S	$s6,($FRAMESIZE-7)*$SZREG($sp)
+	$REG_S	$s5,($FRAMESIZE-8)*$SZREG($sp)
+	$REG_S	$s4,($FRAMESIZE-9)*$SZREG($sp)
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	$REG_S	$s3,($FRAMESIZE-10)*$SZREG($sp)
+	$REG_S	$s2,($FRAMESIZE-11)*$SZREG($sp)
+	$REG_S	$s1,($FRAMESIZE-12)*$SZREG($sp)
+	$REG_S	$s0,($FRAMESIZE-13)*$SZREG($sp)
+___
+$code.=<<___;
+	move	$fp,$sp
+
+	.set	reorder
+	$LD	$n0,0($n0)
+	$LD	$bi,0($bp)	# bp[0]
+	$LD	$aj,0($ap)	# ap[0]
+	$LD	$nj,0($np)	# np[0]
+
+	$PTR_SUB $sp,2*$BNSZ	# place for two extra words
+	sll	$num,`log($BNSZ)/log(2)`
+	li	$at,-4096
+	$PTR_SUB $sp,$num
+	and	$sp,$at
+
+	$MULTU	($aj,$bi)
+	$LD	$ahi,$BNSZ($ap)
+	$LD	$nhi,$BNSZ($np)
+	mflo	($lo0,$aj,$bi)
+	mfhi	($hi0,$aj,$bi)
+	$MULTU	($lo0,$n0)
+	mflo	($m1,$lo0,$n0)
+
+	$MULTU	($ahi,$bi)
+	mflo	($alo,$ahi,$bi)
+	mfhi	($ahi,$ahi,$bi)
+
+	$MULTU	($nj,$m1)
+	mflo	($lo1,$nj,$m1)
+	mfhi	($hi1,$nj,$m1)
+	$MULTU	($nhi,$m1)
+	$ADDU	$lo1,$lo0
+	sltu	$at,$lo1,$lo0
+	$ADDU	$hi1,$at
+	mflo	($nlo,$nhi,$m1)
+	mfhi	($nhi,$nhi,$m1)
+
+	move	$tp,$sp
+	li	$j,2*$BNSZ
+.align	4
+.L1st:
+	.set	noreorder
+	$PTR_ADD $aj,$ap,$j
+	$PTR_ADD $nj,$np,$j
+	$LD	$aj,($aj)
+	$LD	$nj,($nj)
+
+	$MULTU	($aj,$bi)
+	$ADDU	$lo0,$alo,$hi0
+	$ADDU	$lo1,$nlo,$hi1
+	sltu	$at,$lo0,$hi0
+	sltu	$t0,$lo1,$hi1
+	$ADDU	$hi0,$ahi,$at
+	$ADDU	$hi1,$nhi,$t0
+	mflo	($alo,$aj,$bi)
+	mfhi	($ahi,$aj,$bi)
+
+	$ADDU	$lo1,$lo0
+	sltu	$at,$lo1,$lo0
+	$MULTU	($nj,$m1)
+	$ADDU	$hi1,$at
+	addu	$j,$BNSZ
+	$ST	$lo1,($tp)
+	sltu	$t0,$j,$num
+	mflo	($nlo,$nj,$m1)
+	mfhi	($nhi,$nj,$m1)
+
+	bnez	$t0,.L1st
+	$PTR_ADD $tp,$BNSZ
+	.set	reorder
+
+	$ADDU	$lo0,$alo,$hi0
+	sltu	$at,$lo0,$hi0
+	$ADDU	$hi0,$ahi,$at
+
+	$ADDU	$lo1,$nlo,$hi1
+	sltu	$t0,$lo1,$hi1
+	$ADDU	$hi1,$nhi,$t0
+	$ADDU	$lo1,$lo0
+	sltu	$at,$lo1,$lo0
+	$ADDU	$hi1,$at
+
+	$ST	$lo1,($tp)
+
+	$ADDU	$hi1,$hi0
+	sltu	$at,$hi1,$hi0
+	$ST	$hi1,$BNSZ($tp)
+	$ST	$at,2*$BNSZ($tp)
+
+	li	$i,$BNSZ
+.align	4
+.Louter:
+	$PTR_ADD $bi,$bp,$i
+	$LD	$bi,($bi)
+	$LD	$aj,($ap)
+	$LD	$ahi,$BNSZ($ap)
+	$LD	$tj,($sp)
+
+	$MULTU	($aj,$bi)
+	$LD	$nj,($np)
+	$LD	$nhi,$BNSZ($np)
+	mflo	($lo0,$aj,$bi)
+	mfhi	($hi0,$aj,$bi)
+	$ADDU	$lo0,$tj
+	$MULTU	($lo0,$n0)
+	sltu	$at,$lo0,$tj
+	$ADDU	$hi0,$at
+	mflo	($m1,$lo0,$n0)
+
+	$MULTU	($ahi,$bi)
+	mflo	($alo,$ahi,$bi)
+	mfhi	($ahi,$ahi,$bi)
+
+	$MULTU	($nj,$m1)
+	mflo	($lo1,$nj,$m1)
+	mfhi	($hi1,$nj,$m1)
+
+	$MULTU	($nhi,$m1)
+	$ADDU	$lo1,$lo0
+	sltu	$at,$lo1,$lo0
+	$ADDU	$hi1,$at
+	mflo	($nlo,$nhi,$m1)
+	mfhi	($nhi,$nhi,$m1)
+
+	move	$tp,$sp
+	li	$j,2*$BNSZ
+	$LD	$tj,$BNSZ($tp)
+.align	4
+.Linner:
+	.set	noreorder
+	$PTR_ADD $aj,$ap,$j
+	$PTR_ADD $nj,$np,$j
+	$LD	$aj,($aj)
+	$LD	$nj,($nj)
+
+	$MULTU	($aj,$bi)
+	$ADDU	$lo0,$alo,$hi0
+	$ADDU	$lo1,$nlo,$hi1
+	sltu	$at,$lo0,$hi0
+	sltu	$t0,$lo1,$hi1
+	$ADDU	$hi0,$ahi,$at
+	$ADDU	$hi1,$nhi,$t0
+	mflo	($alo,$aj,$bi)
+	mfhi	($ahi,$aj,$bi)
+
+	$ADDU	$lo0,$tj
+	addu	$j,$BNSZ
+	$MULTU	($nj,$m1)
+	sltu	$at,$lo0,$tj
+	$ADDU	$lo1,$lo0
+	$ADDU	$hi0,$at
+	sltu	$t0,$lo1,$lo0
+	$LD	$tj,2*$BNSZ($tp)
+	$ADDU	$hi1,$t0
+	sltu	$at,$j,$num
+	mflo	($nlo,$nj,$m1)
+	mfhi	($nhi,$nj,$m1)
+	$ST	$lo1,($tp)
+	bnez	$at,.Linner
+	$PTR_ADD $tp,$BNSZ
+	.set	reorder
+
+	$ADDU	$lo0,$alo,$hi0
+	sltu	$at,$lo0,$hi0
+	$ADDU	$hi0,$ahi,$at
+	$ADDU	$lo0,$tj
+	sltu	$t0,$lo0,$tj
+	$ADDU	$hi0,$t0
+
+	$LD	$tj,2*$BNSZ($tp)
+	$ADDU	$lo1,$nlo,$hi1
+	sltu	$at,$lo1,$hi1
+	$ADDU	$hi1,$nhi,$at
+	$ADDU	$lo1,$lo0
+	sltu	$t0,$lo1,$lo0
+	$ADDU	$hi1,$t0
+	$ST	$lo1,($tp)
+
+	$ADDU	$lo1,$hi1,$hi0
+	sltu	$hi1,$lo1,$hi0
+	$ADDU	$lo1,$tj
+	sltu	$at,$lo1,$tj
+	$ADDU	$hi1,$at
+	$ST	$lo1,$BNSZ($tp)
+	$ST	$hi1,2*$BNSZ($tp)
+
+	addu	$i,$BNSZ
+	sltu	$t0,$i,$num
+	bnez	$t0,.Louter
+
+	.set	noreorder
+	$PTR_ADD $tj,$sp,$num	# &tp[num]
+	move	$tp,$sp
+	move	$ap,$sp
+	li	$hi0,0		# clear borrow bit
+
+.align	4
+.Lsub:	$LD	$lo0,($tp)
+	$LD	$lo1,($np)
+	$PTR_ADD $tp,$BNSZ
+	$PTR_ADD $np,$BNSZ
+	$SUBU	$lo1,$lo0,$lo1	# tp[i]-np[i]
+	sgtu	$at,$lo1,$lo0
+	$SUBU	$lo0,$lo1,$hi0
+	sgtu	$hi0,$lo0,$lo1
+	$ST	$lo0,($rp)
+	or	$hi0,$at
+	sltu	$at,$tp,$tj
+	bnez	$at,.Lsub
+	$PTR_ADD $rp,$BNSZ
+
+	$SUBU	$hi0,$hi1,$hi0	# handle upmost overflow bit
+	move	$tp,$sp
+	$PTR_SUB $rp,$num	# restore rp
+	not	$hi1,$hi0
+
+.Lcopy:	$LD	$nj,($tp)	# conditional move
+	$LD	$aj,($rp)
+	$ST	$zero,($tp)
+	$PTR_ADD $tp,$BNSZ
+	and	$nj,$hi0
+	and	$aj,$hi1
+	or	$aj,$nj
+	sltu	$at,$tp,$tj
+	$ST	$aj,($rp)
+	bnez	$at,.Lcopy
+	$PTR_ADD $rp,$BNSZ
+
+	li	$a0,1
+	li	$t0,1
+
+	.set	noreorder
+	move	$sp,$fp
+	$REG_L	$fp,($FRAMESIZE-1)*$SZREG($sp)
+	$REG_L	$s11,($FRAMESIZE-2)*$SZREG($sp)
+	$REG_L	$s10,($FRAMESIZE-3)*$SZREG($sp)
+	$REG_L	$s9,($FRAMESIZE-4)*$SZREG($sp)
+	$REG_L	$s8,($FRAMESIZE-5)*$SZREG($sp)
+	$REG_L	$s7,($FRAMESIZE-6)*$SZREG($sp)
+	$REG_L	$s6,($FRAMESIZE-7)*$SZREG($sp)
+	$REG_L	$s5,($FRAMESIZE-8)*$SZREG($sp)
+	$REG_L	$s4,($FRAMESIZE-9)*$SZREG($sp)
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	$REG_L	$s3,($FRAMESIZE-10)*$SZREG($sp)
+	$REG_L	$s2,($FRAMESIZE-11)*$SZREG($sp)
+	$REG_L	$s1,($FRAMESIZE-12)*$SZREG($sp)
+	$REG_L	$s0,($FRAMESIZE-13)*$SZREG($sp)
+___
+$code.=<<___;
+	jr	$ra
+	$PTR_ADD $sp,$FRAMESIZE*$SZREG
+.end	bn_mul_mont_internal
+.rdata
+.asciiz	"Montgomery Multiplication for MIPS, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+
+print $code;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/mips.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/mips.pl
new file mode 100644
index 000000000..3875132bd
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/mips.pl
@@ -0,0 +1,2263 @@
+#! /usr/bin/env perl
+# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project.
+#
+# Rights for redistribution and usage in source and binary forms are
+# granted according to the OpenSSL license. Warranty of any kind is
+# disclaimed.
+# ====================================================================
+
+
+# July 1999
+#
+# This is drop-in MIPS III/IV ISA replacement for crypto/bn/bn_asm.c.
+#
+# The module is designed to work with either of the "new" MIPS ABI(5),
+# namely N32 or N64, offered by IRIX 6.x. It's not meant to work under
+# IRIX 5.x not only because it doesn't support new ABIs but also
+# because 5.x kernels put R4x00 CPU into 32-bit mode and all those
+# 64-bit instructions (daddu, dmultu, etc.) found below gonna only
+# cause illegal instruction exception:-(
+#
+# In addition the code depends on preprocessor flags set up by MIPSpro
+# compiler driver (either as or cc) and therefore (probably?) can't be
+# compiled by the GNU assembler. GNU C driver manages fine though...
+# I mean as long as -mmips-as is specified or is the default option,
+# because then it simply invokes /usr/bin/as which in turn takes
+# perfect care of the preprocessor definitions. Another neat feature
+# offered by the MIPSpro assembler is an optimization pass. This gave
+# me the opportunity to have the code looking more regular as all those
+# architecture dependent instruction rescheduling details were left to
+# the assembler. Cool, huh?
+#
+# Performance improvement is astonishing! 'apps/openssl speed rsa dsa'
+# goes way over 3 times faster!
+#
+#					<appro@openssl.org>
+
+# October 2010
+#
+# Adapt the module even for 32-bit ABIs and other OSes. The former was
+# achieved by mechanical replacement of 64-bit arithmetic instructions
+# such as dmultu, daddu, etc. with their 32-bit counterparts and
+# adjusting offsets denoting multiples of BN_ULONG. Above mentioned
+# >3x performance improvement naturally does not apply to 32-bit code
+# [because there is no instruction 32-bit compiler can't use], one
+# has to content with 40-85% improvement depending on benchmark and
+# key length, more for longer keys.
+
+$flavour = shift || "o32";
+while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+open STDOUT,">$output";
+
+if ($flavour =~ /64|n32/i) {
+	$LD="ld";
+	$ST="sd";
+	$MULTU="dmultu";
+	$DIVU="ddivu";
+	$ADDU="daddu";
+	$SUBU="dsubu";
+	$SRL="dsrl";
+	$SLL="dsll";
+	$BNSZ=8;
+	$PTR_ADD="daddu";
+	$PTR_SUB="dsubu";
+	$SZREG=8;
+	$REG_S="sd";
+	$REG_L="ld";
+} else {
+	$LD="lw";
+	$ST="sw";
+	$MULTU="multu";
+	$DIVU="divu";
+	$ADDU="addu";
+	$SUBU="subu";
+	$SRL="srl";
+	$SLL="sll";
+	$BNSZ=4;
+	$PTR_ADD="addu";
+	$PTR_SUB="subu";
+	$SZREG=4;
+	$REG_S="sw";
+	$REG_L="lw";
+	$code=".set	mips2\n";
+}
+
+# Below is N32/64 register layout used in the original module.
+#
+($zero,$at,$v0,$v1)=map("\$$_",(0..3));
+($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11));
+($t0,$t1,$t2,$t3,$t8,$t9)=map("\$$_",(12..15,24,25));
+($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7)=map("\$$_",(16..23));
+($gp,$sp,$fp,$ra)=map("\$$_",(28..31));
+($ta0,$ta1,$ta2,$ta3)=($a4,$a5,$a6,$a7);
+#
+# No special adaptation is required for O32. NUBI on the other hand
+# is treated by saving/restoring ($v1,$t0..$t3).
+
+$gp=$v1 if ($flavour =~ /nubi/i);
+
+$minus4=$v1;
+
+$code.=<<___;
+#include "mips_arch.h"
+
+#if defined(_MIPS_ARCH_MIPS64R6)
+# define ddivu(rs,rt)
+# define mfqt(rd,rs,rt)	ddivu	rd,rs,rt
+# define mfrm(rd,rs,rt)	dmodu	rd,rs,rt
+#elif defined(_MIPS_ARCH_MIPS32R6)
+# define divu(rs,rt)
+# define mfqt(rd,rs,rt)	divu	rd,rs,rt
+# define mfrm(rd,rs,rt)	modu	rd,rs,rt
+#else
+# define $DIVU(rs,rt)	$DIVU	$zero,rs,rt
+# define mfqt(rd,rs,rt)	mflo	rd
+# define mfrm(rd,rs,rt)	mfhi	rd
+#endif
+
+.rdata
+.asciiz	"mips3.s, Version 1.2"
+.asciiz	"MIPS II/III/IV ISA artwork by Andy Polyakov <appro\@fy.chalmers.se>"
+
+.text
+.set	noat
+
+.align	5
+.globl	bn_mul_add_words
+.ent	bn_mul_add_words
+bn_mul_add_words:
+	.set	noreorder
+	bgtz	$a2,bn_mul_add_words_internal
+	move	$v0,$zero
+	jr	$ra
+	move	$a0,$v0
+.end	bn_mul_add_words
+
+.align	5
+.ent	bn_mul_add_words_internal
+bn_mul_add_words_internal:
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	.frame	$sp,6*$SZREG,$ra
+	.mask	0x8000f008,-$SZREG
+	.set	noreorder
+	$PTR_SUB $sp,6*$SZREG
+	$REG_S	$ra,5*$SZREG($sp)
+	$REG_S	$t3,4*$SZREG($sp)
+	$REG_S	$t2,3*$SZREG($sp)
+	$REG_S	$t1,2*$SZREG($sp)
+	$REG_S	$t0,1*$SZREG($sp)
+	$REG_S	$gp,0*$SZREG($sp)
+___
+$code.=<<___;
+	.set	reorder
+	li	$minus4,-4
+	and	$ta0,$a2,$minus4
+	beqz	$ta0,.L_bn_mul_add_words_tail
+
+.L_bn_mul_add_words_loop:
+	$LD	$t0,0($a1)
+	$MULTU	($t0,$a3)
+	$LD	$t1,0($a0)
+	$LD	$t2,$BNSZ($a1)
+	$LD	$t3,$BNSZ($a0)
+	$LD	$ta0,2*$BNSZ($a1)
+	$LD	$ta1,2*$BNSZ($a0)
+	$ADDU	$t1,$v0
+	sltu	$v0,$t1,$v0	# All manuals say it "compares 32-bit
+				# values", but it seems to work fine
+				# even on 64-bit registers.
+	mflo	($at,$t0,$a3)
+	mfhi	($t0,$t0,$a3)
+	$ADDU	$t1,$at
+	$ADDU	$v0,$t0
+	 $MULTU	($t2,$a3)
+	sltu	$at,$t1,$at
+	$ST	$t1,0($a0)
+	$ADDU	$v0,$at
+
+	$LD	$ta2,3*$BNSZ($a1)
+	$LD	$ta3,3*$BNSZ($a0)
+	$ADDU	$t3,$v0
+	sltu	$v0,$t3,$v0
+	mflo	($at,$t2,$a3)
+	mfhi	($t2,$t2,$a3)
+	$ADDU	$t3,$at
+	$ADDU	$v0,$t2
+	 $MULTU	($ta0,$a3)
+	sltu	$at,$t3,$at
+	$ST	$t3,$BNSZ($a0)
+	$ADDU	$v0,$at
+
+	subu	$a2,4
+	$PTR_ADD $a0,4*$BNSZ
+	$PTR_ADD $a1,4*$BNSZ
+	$ADDU	$ta1,$v0
+	sltu	$v0,$ta1,$v0
+	mflo	($at,$ta0,$a3)
+	mfhi	($ta0,$ta0,$a3)
+	$ADDU	$ta1,$at
+	$ADDU	$v0,$ta0
+	 $MULTU	($ta2,$a3)
+	sltu	$at,$ta1,$at
+	$ST	$ta1,-2*$BNSZ($a0)
+	$ADDU	$v0,$at
+
+
+	and	$ta0,$a2,$minus4
+	$ADDU	$ta3,$v0
+	sltu	$v0,$ta3,$v0
+	mflo	($at,$ta2,$a3)
+	mfhi	($ta2,$ta2,$a3)
+	$ADDU	$ta3,$at
+	$ADDU	$v0,$ta2
+	sltu	$at,$ta3,$at
+	$ST	$ta3,-$BNSZ($a0)
+	.set	noreorder
+	bgtz	$ta0,.L_bn_mul_add_words_loop
+	$ADDU	$v0,$at
+
+	beqz	$a2,.L_bn_mul_add_words_return
+	nop
+
+.L_bn_mul_add_words_tail:
+	.set	reorder
+	$LD	$t0,0($a1)
+	$MULTU	($t0,$a3)
+	$LD	$t1,0($a0)
+	subu	$a2,1
+	$ADDU	$t1,$v0
+	sltu	$v0,$t1,$v0
+	mflo	($at,$t0,$a3)
+	mfhi	($t0,$t0,$a3)
+	$ADDU	$t1,$at
+	$ADDU	$v0,$t0
+	sltu	$at,$t1,$at
+	$ST	$t1,0($a0)
+	$ADDU	$v0,$at
+	beqz	$a2,.L_bn_mul_add_words_return
+
+	$LD	$t0,$BNSZ($a1)
+	$MULTU	($t0,$a3)
+	$LD	$t1,$BNSZ($a0)
+	subu	$a2,1
+	$ADDU	$t1,$v0
+	sltu	$v0,$t1,$v0
+	mflo	($at,$t0,$a3)
+	mfhi	($t0,$t0,$a3)
+	$ADDU	$t1,$at
+	$ADDU	$v0,$t0
+	sltu	$at,$t1,$at
+	$ST	$t1,$BNSZ($a0)
+	$ADDU	$v0,$at
+	beqz	$a2,.L_bn_mul_add_words_return
+
+	$LD	$t0,2*$BNSZ($a1)
+	$MULTU	($t0,$a3)
+	$LD	$t1,2*$BNSZ($a0)
+	$ADDU	$t1,$v0
+	sltu	$v0,$t1,$v0
+	mflo	($at,$t0,$a3)
+	mfhi	($t0,$t0,$a3)
+	$ADDU	$t1,$at
+	$ADDU	$v0,$t0
+	sltu	$at,$t1,$at
+	$ST	$t1,2*$BNSZ($a0)
+	$ADDU	$v0,$at
+
+.L_bn_mul_add_words_return:
+	.set	noreorder
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	$REG_L	$t3,4*$SZREG($sp)
+	$REG_L	$t2,3*$SZREG($sp)
+	$REG_L	$t1,2*$SZREG($sp)
+	$REG_L	$t0,1*$SZREG($sp)
+	$REG_L	$gp,0*$SZREG($sp)
+	$PTR_ADD $sp,6*$SZREG
+___
+$code.=<<___;
+	jr	$ra
+	move	$a0,$v0
+.end	bn_mul_add_words_internal
+
+.align	5
+.globl	bn_mul_words
+.ent	bn_mul_words
+bn_mul_words:
+	.set	noreorder
+	bgtz	$a2,bn_mul_words_internal
+	move	$v0,$zero
+	jr	$ra
+	move	$a0,$v0
+.end	bn_mul_words
+
+.align	5
+.ent	bn_mul_words_internal
+bn_mul_words_internal:
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	.frame	$sp,6*$SZREG,$ra
+	.mask	0x8000f008,-$SZREG
+	.set	noreorder
+	$PTR_SUB $sp,6*$SZREG
+	$REG_S	$ra,5*$SZREG($sp)
+	$REG_S	$t3,4*$SZREG($sp)
+	$REG_S	$t2,3*$SZREG($sp)
+	$REG_S	$t1,2*$SZREG($sp)
+	$REG_S	$t0,1*$SZREG($sp)
+	$REG_S	$gp,0*$SZREG($sp)
+___
+$code.=<<___;
+	.set	reorder
+	li	$minus4,-4
+	and	$ta0,$a2,$minus4
+	beqz	$ta0,.L_bn_mul_words_tail
+
+.L_bn_mul_words_loop:
+	$LD	$t0,0($a1)
+	$MULTU	($t0,$a3)
+	$LD	$t2,$BNSZ($a1)
+	$LD	$ta0,2*$BNSZ($a1)
+	$LD	$ta2,3*$BNSZ($a1)
+	mflo	($at,$t0,$a3)
+	mfhi	($t0,$t0,$a3)
+	$ADDU	$v0,$at
+	sltu	$t1,$v0,$at
+	 $MULTU	($t2,$a3)
+	$ST	$v0,0($a0)
+	$ADDU	$v0,$t1,$t0
+
+	subu	$a2,4
+	$PTR_ADD $a0,4*$BNSZ
+	$PTR_ADD $a1,4*$BNSZ
+	mflo	($at,$t2,$a3)
+	mfhi	($t2,$t2,$a3)
+	$ADDU	$v0,$at
+	sltu	$t3,$v0,$at
+	 $MULTU	($ta0,$a3)
+	$ST	$v0,-3*$BNSZ($a0)
+	$ADDU	$v0,$t3,$t2
+
+	mflo	($at,$ta0,$a3)
+	mfhi	($ta0,$ta0,$a3)
+	$ADDU	$v0,$at
+	sltu	$ta1,$v0,$at
+	 $MULTU	($ta2,$a3)
+	$ST	$v0,-2*$BNSZ($a0)
+	$ADDU	$v0,$ta1,$ta0
+
+	and	$ta0,$a2,$minus4
+	mflo	($at,$ta2,$a3)
+	mfhi	($ta2,$ta2,$a3)
+	$ADDU	$v0,$at
+	sltu	$ta3,$v0,$at
+	$ST	$v0,-$BNSZ($a0)
+	.set	noreorder
+	bgtz	$ta0,.L_bn_mul_words_loop
+	$ADDU	$v0,$ta3,$ta2
+
+	beqz	$a2,.L_bn_mul_words_return
+	nop
+
+.L_bn_mul_words_tail:
+	.set	reorder
+	$LD	$t0,0($a1)
+	$MULTU	($t0,$a3)
+	subu	$a2,1
+	mflo	($at,$t0,$a3)
+	mfhi	($t0,$t0,$a3)
+	$ADDU	$v0,$at
+	sltu	$t1,$v0,$at
+	$ST	$v0,0($a0)
+	$ADDU	$v0,$t1,$t0
+	beqz	$a2,.L_bn_mul_words_return
+
+	$LD	$t0,$BNSZ($a1)
+	$MULTU	($t0,$a3)
+	subu	$a2,1
+	mflo	($at,$t0,$a3)
+	mfhi	($t0,$t0,$a3)
+	$ADDU	$v0,$at
+	sltu	$t1,$v0,$at
+	$ST	$v0,$BNSZ($a0)
+	$ADDU	$v0,$t1,$t0
+	beqz	$a2,.L_bn_mul_words_return
+
+	$LD	$t0,2*$BNSZ($a1)
+	$MULTU	($t0,$a3)
+	mflo	($at,$t0,$a3)
+	mfhi	($t0,$t0,$a3)
+	$ADDU	$v0,$at
+	sltu	$t1,$v0,$at
+	$ST	$v0,2*$BNSZ($a0)
+	$ADDU	$v0,$t1,$t0
+
+.L_bn_mul_words_return:
+	.set	noreorder
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	$REG_L	$t3,4*$SZREG($sp)
+	$REG_L	$t2,3*$SZREG($sp)
+	$REG_L	$t1,2*$SZREG($sp)
+	$REG_L	$t0,1*$SZREG($sp)
+	$REG_L	$gp,0*$SZREG($sp)
+	$PTR_ADD $sp,6*$SZREG
+___
+$code.=<<___;
+	jr	$ra
+	move	$a0,$v0
+.end	bn_mul_words_internal
+
+.align	5
+.globl	bn_sqr_words
+.ent	bn_sqr_words
+bn_sqr_words:
+	.set	noreorder
+	bgtz	$a2,bn_sqr_words_internal
+	move	$v0,$zero
+	jr	$ra
+	move	$a0,$v0
+.end	bn_sqr_words
+
+.align	5
+.ent	bn_sqr_words_internal
+bn_sqr_words_internal:
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	.frame	$sp,6*$SZREG,$ra
+	.mask	0x8000f008,-$SZREG
+	.set	noreorder
+	$PTR_SUB $sp,6*$SZREG
+	$REG_S	$ra,5*$SZREG($sp)
+	$REG_S	$t3,4*$SZREG($sp)
+	$REG_S	$t2,3*$SZREG($sp)
+	$REG_S	$t1,2*$SZREG($sp)
+	$REG_S	$t0,1*$SZREG($sp)
+	$REG_S	$gp,0*$SZREG($sp)
+___
+$code.=<<___;
+	.set	reorder
+	li	$minus4,-4
+	and	$ta0,$a2,$minus4
+	beqz	$ta0,.L_bn_sqr_words_tail
+
+.L_bn_sqr_words_loop:
+	$LD	$t0,0($a1)
+	$MULTU	($t0,$t0)
+	$LD	$t2,$BNSZ($a1)
+	$LD	$ta0,2*$BNSZ($a1)
+	$LD	$ta2,3*$BNSZ($a1)
+	mflo	($t1,$t0,$t0)
+	mfhi	($t0,$t0,$t0)
+	$ST	$t1,0($a0)
+	$ST	$t0,$BNSZ($a0)
+
+	$MULTU	($t2,$t2)
+	subu	$a2,4
+	$PTR_ADD $a0,8*$BNSZ
+	$PTR_ADD $a1,4*$BNSZ
+	mflo	($t3,$t2,$t2)
+	mfhi	($t2,$t2,$t2)
+	$ST	$t3,-6*$BNSZ($a0)
+	$ST	$t2,-5*$BNSZ($a0)
+
+	$MULTU	($ta0,$ta0)
+	mflo	($ta1,$ta0,$ta0)
+	mfhi	($ta0,$ta0,$ta0)
+	$ST	$ta1,-4*$BNSZ($a0)
+	$ST	$ta0,-3*$BNSZ($a0)
+
+
+	$MULTU	($ta2,$ta2)
+	and	$ta0,$a2,$minus4
+	mflo	($ta3,$ta2,$ta2)
+	mfhi	($ta2,$ta2,$ta2)
+	$ST	$ta3,-2*$BNSZ($a0)
+
+	.set	noreorder
+	bgtz	$ta0,.L_bn_sqr_words_loop
+	$ST	$ta2,-$BNSZ($a0)
+
+	beqz	$a2,.L_bn_sqr_words_return
+	nop
+
+.L_bn_sqr_words_tail:
+	.set	reorder
+	$LD	$t0,0($a1)
+	$MULTU	($t0,$t0)
+	subu	$a2,1
+	mflo	($t1,$t0,$t0)
+	mfhi	($t0,$t0,$t0)
+	$ST	$t1,0($a0)
+	$ST	$t0,$BNSZ($a0)
+	beqz	$a2,.L_bn_sqr_words_return
+
+	$LD	$t0,$BNSZ($a1)
+	$MULTU	($t0,$t0)
+	subu	$a2,1
+	mflo	($t1,$t0,$t0)
+	mfhi	($t0,$t0,$t0)
+	$ST	$t1,2*$BNSZ($a0)
+	$ST	$t0,3*$BNSZ($a0)
+	beqz	$a2,.L_bn_sqr_words_return
+
+	$LD	$t0,2*$BNSZ($a1)
+	$MULTU	($t0,$t0)
+	mflo	($t1,$t0,$t0)
+	mfhi	($t0,$t0,$t0)
+	$ST	$t1,4*$BNSZ($a0)
+	$ST	$t0,5*$BNSZ($a0)
+
+.L_bn_sqr_words_return:
+	.set	noreorder
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	$REG_L	$t3,4*$SZREG($sp)
+	$REG_L	$t2,3*$SZREG($sp)
+	$REG_L	$t1,2*$SZREG($sp)
+	$REG_L	$t0,1*$SZREG($sp)
+	$REG_L	$gp,0*$SZREG($sp)
+	$PTR_ADD $sp,6*$SZREG
+___
+$code.=<<___;
+	jr	$ra
+	move	$a0,$v0
+
+.end	bn_sqr_words_internal
+
+.align	5
+.globl	bn_add_words
+.ent	bn_add_words
+bn_add_words:
+	.set	noreorder
+	bgtz	$a3,bn_add_words_internal
+	move	$v0,$zero
+	jr	$ra
+	move	$a0,$v0
+.end	bn_add_words
+
+.align	5
+.ent	bn_add_words_internal
+bn_add_words_internal:
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	.frame	$sp,6*$SZREG,$ra
+	.mask	0x8000f008,-$SZREG
+	.set	noreorder
+	$PTR_SUB $sp,6*$SZREG
+	$REG_S	$ra,5*$SZREG($sp)
+	$REG_S	$t3,4*$SZREG($sp)
+	$REG_S	$t2,3*$SZREG($sp)
+	$REG_S	$t1,2*$SZREG($sp)
+	$REG_S	$t0,1*$SZREG($sp)
+	$REG_S	$gp,0*$SZREG($sp)
+___
+$code.=<<___;
+	.set	reorder
+	li	$minus4,-4
+	and	$at,$a3,$minus4
+	beqz	$at,.L_bn_add_words_tail
+
+.L_bn_add_words_loop:
+	$LD	$t0,0($a1)
+	$LD	$ta0,0($a2)
+	subu	$a3,4
+	$LD	$t1,$BNSZ($a1)
+	and	$at,$a3,$minus4
+	$LD	$t2,2*$BNSZ($a1)
+	$PTR_ADD $a2,4*$BNSZ
+	$LD	$t3,3*$BNSZ($a1)
+	$PTR_ADD $a0,4*$BNSZ
+	$LD	$ta1,-3*$BNSZ($a2)
+	$PTR_ADD $a1,4*$BNSZ
+	$LD	$ta2,-2*$BNSZ($a2)
+	$LD	$ta3,-$BNSZ($a2)
+	$ADDU	$ta0,$t0
+	sltu	$t8,$ta0,$t0
+	$ADDU	$t0,$ta0,$v0
+	sltu	$v0,$t0,$ta0
+	$ST	$t0,-4*$BNSZ($a0)
+	$ADDU	$v0,$t8
+
+	$ADDU	$ta1,$t1
+	sltu	$t9,$ta1,$t1
+	$ADDU	$t1,$ta1,$v0
+	sltu	$v0,$t1,$ta1
+	$ST	$t1,-3*$BNSZ($a0)
+	$ADDU	$v0,$t9
+
+	$ADDU	$ta2,$t2
+	sltu	$t8,$ta2,$t2
+	$ADDU	$t2,$ta2,$v0
+	sltu	$v0,$t2,$ta2
+	$ST	$t2,-2*$BNSZ($a0)
+	$ADDU	$v0,$t8
+
+	$ADDU	$ta3,$t3
+	sltu	$t9,$ta3,$t3
+	$ADDU	$t3,$ta3,$v0
+	sltu	$v0,$t3,$ta3
+	$ST	$t3,-$BNSZ($a0)
+
+	.set	noreorder
+	bgtz	$at,.L_bn_add_words_loop
+	$ADDU	$v0,$t9
+
+	beqz	$a3,.L_bn_add_words_return
+	nop
+
+.L_bn_add_words_tail:
+	.set	reorder
+	$LD	$t0,0($a1)
+	$LD	$ta0,0($a2)
+	$ADDU	$ta0,$t0
+	subu	$a3,1
+	sltu	$t8,$ta0,$t0
+	$ADDU	$t0,$ta0,$v0
+	sltu	$v0,$t0,$ta0
+	$ST	$t0,0($a0)
+	$ADDU	$v0,$t8
+	beqz	$a3,.L_bn_add_words_return
+
+	$LD	$t1,$BNSZ($a1)
+	$LD	$ta1,$BNSZ($a2)
+	$ADDU	$ta1,$t1
+	subu	$a3,1
+	sltu	$t9,$ta1,$t1
+	$ADDU	$t1,$ta1,$v0
+	sltu	$v0,$t1,$ta1
+	$ST	$t1,$BNSZ($a0)
+	$ADDU	$v0,$t9
+	beqz	$a3,.L_bn_add_words_return
+
+	$LD	$t2,2*$BNSZ($a1)
+	$LD	$ta2,2*$BNSZ($a2)
+	$ADDU	$ta2,$t2
+	sltu	$t8,$ta2,$t2
+	$ADDU	$t2,$ta2,$v0
+	sltu	$v0,$t2,$ta2
+	$ST	$t2,2*$BNSZ($a0)
+	$ADDU	$v0,$t8
+
+.L_bn_add_words_return:
+	.set	noreorder
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	$REG_L	$t3,4*$SZREG($sp)
+	$REG_L	$t2,3*$SZREG($sp)
+	$REG_L	$t1,2*$SZREG($sp)
+	$REG_L	$t0,1*$SZREG($sp)
+	$REG_L	$gp,0*$SZREG($sp)
+	$PTR_ADD $sp,6*$SZREG
+___
+$code.=<<___;
+	jr	$ra
+	move	$a0,$v0
+
+.end	bn_add_words_internal
+
+.align	5
+.globl	bn_sub_words
+.ent	bn_sub_words
+bn_sub_words:
+	.set	noreorder
+	bgtz	$a3,bn_sub_words_internal
+	move	$v0,$zero
+	jr	$ra
+	move	$a0,$zero
+.end	bn_sub_words
+
+.align	5
+.ent	bn_sub_words_internal
+bn_sub_words_internal:
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	.frame	$sp,6*$SZREG,$ra
+	.mask	0x8000f008,-$SZREG
+	.set	noreorder
+	$PTR_SUB $sp,6*$SZREG
+	$REG_S	$ra,5*$SZREG($sp)
+	$REG_S	$t3,4*$SZREG($sp)
+	$REG_S	$t2,3*$SZREG($sp)
+	$REG_S	$t1,2*$SZREG($sp)
+	$REG_S	$t0,1*$SZREG($sp)
+	$REG_S	$gp,0*$SZREG($sp)
+___
+$code.=<<___;
+	.set	reorder
+	li	$minus4,-4
+	and	$at,$a3,$minus4
+	beqz	$at,.L_bn_sub_words_tail
+
+.L_bn_sub_words_loop:
+	$LD	$t0,0($a1)
+	$LD	$ta0,0($a2)
+	subu	$a3,4
+	$LD	$t1,$BNSZ($a1)
+	and	$at,$a3,$minus4
+	$LD	$t2,2*$BNSZ($a1)
+	$PTR_ADD $a2,4*$BNSZ
+	$LD	$t3,3*$BNSZ($a1)
+	$PTR_ADD $a0,4*$BNSZ
+	$LD	$ta1,-3*$BNSZ($a2)
+	$PTR_ADD $a1,4*$BNSZ
+	$LD	$ta2,-2*$BNSZ($a2)
+	$LD	$ta3,-$BNSZ($a2)
+	sltu	$t8,$t0,$ta0
+	$SUBU	$ta0,$t0,$ta0
+	$SUBU	$t0,$ta0,$v0
+	sgtu	$v0,$t0,$ta0
+	$ST	$t0,-4*$BNSZ($a0)
+	$ADDU	$v0,$t8
+
+	sltu	$t9,$t1,$ta1
+	$SUBU	$ta1,$t1,$ta1
+	$SUBU	$t1,$ta1,$v0
+	sgtu	$v0,$t1,$ta1
+	$ST	$t1,-3*$BNSZ($a0)
+	$ADDU	$v0,$t9
+
+
+	sltu	$t8,$t2,$ta2
+	$SUBU	$ta2,$t2,$ta2
+	$SUBU	$t2,$ta2,$v0
+	sgtu	$v0,$t2,$ta2
+	$ST	$t2,-2*$BNSZ($a0)
+	$ADDU	$v0,$t8
+
+	sltu	$t9,$t3,$ta3
+	$SUBU	$ta3,$t3,$ta3
+	$SUBU	$t3,$ta3,$v0
+	sgtu	$v0,$t3,$ta3
+	$ST	$t3,-$BNSZ($a0)
+
+	.set	noreorder
+	bgtz	$at,.L_bn_sub_words_loop
+	$ADDU	$v0,$t9
+
+	beqz	$a3,.L_bn_sub_words_return
+	nop
+
+.L_bn_sub_words_tail:
+	.set	reorder
+	$LD	$t0,0($a1)
+	$LD	$ta0,0($a2)
+	subu	$a3,1
+	sltu	$t8,$t0,$ta0
+	$SUBU	$ta0,$t0,$ta0
+	$SUBU	$t0,$ta0,$v0
+	sgtu	$v0,$t0,$ta0
+	$ST	$t0,0($a0)
+	$ADDU	$v0,$t8
+	beqz	$a3,.L_bn_sub_words_return
+
+	$LD	$t1,$BNSZ($a1)
+	subu	$a3,1
+	$LD	$ta1,$BNSZ($a2)
+	sltu	$t9,$t1,$ta1
+	$SUBU	$ta1,$t1,$ta1
+	$SUBU	$t1,$ta1,$v0
+	sgtu	$v0,$t1,$ta1
+	$ST	$t1,$BNSZ($a0)
+	$ADDU	$v0,$t9
+	beqz	$a3,.L_bn_sub_words_return
+
+	$LD	$t2,2*$BNSZ($a1)
+	$LD	$ta2,2*$BNSZ($a2)
+	sltu	$t8,$t2,$ta2
+	$SUBU	$ta2,$t2,$ta2
+	$SUBU	$t2,$ta2,$v0
+	sgtu	$v0,$t2,$ta2
+	$ST	$t2,2*$BNSZ($a0)
+	$ADDU	$v0,$t8
+
+.L_bn_sub_words_return:
+	.set	noreorder
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	$REG_L	$t3,4*$SZREG($sp)
+	$REG_L	$t2,3*$SZREG($sp)
+	$REG_L	$t1,2*$SZREG($sp)
+	$REG_L	$t0,1*$SZREG($sp)
+	$REG_L	$gp,0*$SZREG($sp)
+	$PTR_ADD $sp,6*$SZREG
+___
+$code.=<<___;
+	jr	$ra
+	move	$a0,$v0
+.end	bn_sub_words_internal
+
+#if 0
+/*
+ * The bn_div_3_words entry point is re-used for constant-time interface.
+ * Implementation is retained as hystorical reference.
+ */
+.align 5
+.globl	bn_div_3_words
+.ent	bn_div_3_words
+bn_div_3_words:
+	.set	noreorder
+	move	$a3,$a0		# we know that bn_div_words does not
+				# touch $a3, $ta2, $ta3 and preserves $a2
+				# so that we can save two arguments
+				# and return address in registers
+				# instead of stack:-)
+
+	$LD	$a0,($a3)
+	move	$ta2,$a1
+	bne	$a0,$a2,bn_div_3_words_internal
+	$LD	$a1,-$BNSZ($a3)
+	li	$v0,-1
+	jr	$ra
+	move	$a0,$v0
+.end	bn_div_3_words
+
+.align	5
+.ent	bn_div_3_words_internal
+bn_div_3_words_internal:
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	.frame	$sp,6*$SZREG,$ra
+	.mask	0x8000f008,-$SZREG
+	.set	noreorder
+	$PTR_SUB $sp,6*$SZREG
+	$REG_S	$ra,5*$SZREG($sp)
+	$REG_S	$t3,4*$SZREG($sp)
+	$REG_S	$t2,3*$SZREG($sp)
+	$REG_S	$t1,2*$SZREG($sp)
+	$REG_S	$t0,1*$SZREG($sp)
+	$REG_S	$gp,0*$SZREG($sp)
+___
+$code.=<<___;
+	.set	reorder
+	move	$ta3,$ra
+	bal	bn_div_words_internal
+	move	$ra,$ta3
+	$MULTU	($ta2,$v0)
+	$LD	$t2,-2*$BNSZ($a3)
+	move	$ta0,$zero
+	mfhi	($t1,$ta2,$v0)
+	mflo	($t0,$ta2,$v0)
+	sltu	$t8,$t1,$a1
+.L_bn_div_3_words_inner_loop:
+	bnez	$t8,.L_bn_div_3_words_inner_loop_done
+	sgeu	$at,$t2,$t0
+	seq	$t9,$t1,$a1
+	and	$at,$t9
+	sltu	$t3,$t0,$ta2
+	$ADDU	$a1,$a2
+	$SUBU	$t1,$t3
+	$SUBU	$t0,$ta2
+	sltu	$t8,$t1,$a1
+	sltu	$ta0,$a1,$a2
+	or	$t8,$ta0
+	.set	noreorder
+	beqz	$at,.L_bn_div_3_words_inner_loop
+	$SUBU	$v0,1
+	$ADDU	$v0,1
+	.set	reorder
+.L_bn_div_3_words_inner_loop_done:
+	.set	noreorder
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	$REG_L	$t3,4*$SZREG($sp)
+	$REG_L	$t2,3*$SZREG($sp)
+	$REG_L	$t1,2*$SZREG($sp)
+	$REG_L	$t0,1*$SZREG($sp)
+	$REG_L	$gp,0*$SZREG($sp)
+	$PTR_ADD $sp,6*$SZREG
+___
+$code.=<<___;
+	jr	$ra
+	move	$a0,$v0
+.end	bn_div_3_words_internal
+#endif
+
+.align	5
+.globl	bn_div_words
+.ent	bn_div_words
+bn_div_words:
+	.set	noreorder
+	bnez	$a2,bn_div_words_internal
+	li	$v0,-1		# I would rather signal div-by-zero
+				# which can be done with 'break 7'
+	jr	$ra
+	move	$a0,$v0
+.end	bn_div_words
+
+.align	5
+.ent	bn_div_words_internal
+bn_div_words_internal:
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	.frame	$sp,6*$SZREG,$ra
+	.mask	0x8000f008,-$SZREG
+	.set	noreorder
+	$PTR_SUB $sp,6*$SZREG
+	$REG_S	$ra,5*$SZREG($sp)
+	$REG_S	$t3,4*$SZREG($sp)
+	$REG_S	$t2,3*$SZREG($sp)
+	$REG_S	$t1,2*$SZREG($sp)
+	$REG_S	$t0,1*$SZREG($sp)
+	$REG_S	$gp,0*$SZREG($sp)
+___
+$code.=<<___;
+	move	$v1,$zero
+	bltz	$a2,.L_bn_div_words_body
+	move	$t9,$v1
+	$SLL	$a2,1
+	bgtz	$a2,.-4
+	addu	$t9,1
+
+	.set	reorder
+	negu	$t1,$t9
+	li	$t2,-1
+	$SLL	$t2,$t1
+	and	$t2,$a0
+	$SRL	$at,$a1,$t1
+	.set	noreorder
+	beqz	$t2,.+12
+	nop
+	break	6		# signal overflow
+	.set	reorder
+	$SLL	$a0,$t9
+	$SLL	$a1,$t9
+	or	$a0,$at
+___
+$QT=$ta0;
+$HH=$ta1;
+$DH=$v1;
+$code.=<<___;
+.L_bn_div_words_body:
+	$SRL	$DH,$a2,4*$BNSZ	# bits
+	sgeu	$at,$a0,$a2
+	.set	noreorder
+	beqz	$at,.+12
+	nop
+	$SUBU	$a0,$a2
+	.set	reorder
+
+	li	$QT,-1
+	$SRL	$HH,$a0,4*$BNSZ	# bits
+	$SRL	$QT,4*$BNSZ	# q=0xffffffff
+	beq	$DH,$HH,.L_bn_div_words_skip_div1
+	$DIVU	($a0,$DH)
+	mfqt	($QT,$a0,$DH)
+.L_bn_div_words_skip_div1:
+	$MULTU	($a2,$QT)
+	$SLL	$t3,$a0,4*$BNSZ	# bits
+	$SRL	$at,$a1,4*$BNSZ	# bits
+	or	$t3,$at
+	mflo	($t0,$a2,$QT)
+	mfhi	($t1,$a2,$QT)
+.L_bn_div_words_inner_loop1:
+	sltu	$t2,$t3,$t0
+	seq	$t8,$HH,$t1
+	sltu	$at,$HH,$t1
+	and	$t2,$t8
+	sltu	$v0,$t0,$a2
+	or	$at,$t2
+	.set	noreorder
+	beqz	$at,.L_bn_div_words_inner_loop1_done
+	$SUBU	$t1,$v0
+	$SUBU	$t0,$a2
+	b	.L_bn_div_words_inner_loop1
+	$SUBU	$QT,1
+	.set	reorder
+.L_bn_div_words_inner_loop1_done:
+
+	$SLL	$a1,4*$BNSZ	# bits
+	$SUBU	$a0,$t3,$t0
+	$SLL	$v0,$QT,4*$BNSZ	# bits
+
+	li	$QT,-1
+	$SRL	$HH,$a0,4*$BNSZ	# bits
+	$SRL	$QT,4*$BNSZ	# q=0xffffffff
+	beq	$DH,$HH,.L_bn_div_words_skip_div2
+	$DIVU	($a0,$DH)
+	mfqt	($QT,$a0,$DH)
+.L_bn_div_words_skip_div2:
+	$MULTU	($a2,$QT)
+	$SLL	$t3,$a0,4*$BNSZ	# bits
+	$SRL	$at,$a1,4*$BNSZ	# bits
+	or	$t3,$at
+	mflo	($t0,$a2,$QT)
+	mfhi	($t1,$a2,$QT)
+.L_bn_div_words_inner_loop2:
+	sltu	$t2,$t3,$t0
+	seq	$t8,$HH,$t1
+	sltu	$at,$HH,$t1
+	and	$t2,$t8
+	sltu	$v1,$t0,$a2
+	or	$at,$t2
+	.set	noreorder
+	beqz	$at,.L_bn_div_words_inner_loop2_done
+	$SUBU	$t1,$v1
+	$SUBU	$t0,$a2
+	b	.L_bn_div_words_inner_loop2
+	$SUBU	$QT,1
+	.set	reorder
+.L_bn_div_words_inner_loop2_done:
+
+	$SUBU	$a0,$t3,$t0
+	or	$v0,$QT
+	$SRL	$v1,$a0,$t9	# $v1 contains remainder if anybody wants it
+	$SRL	$a2,$t9		# restore $a2
+
+	.set	noreorder
+	move	$a1,$v1
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	$REG_L	$t3,4*$SZREG($sp)
+	$REG_L	$t2,3*$SZREG($sp)
+	$REG_L	$t1,2*$SZREG($sp)
+	$REG_L	$t0,1*$SZREG($sp)
+	$REG_L	$gp,0*$SZREG($sp)
+	$PTR_ADD $sp,6*$SZREG
+___
+$code.=<<___;
+	jr	$ra
+	move	$a0,$v0
+.end	bn_div_words_internal
+___
+undef $HH; undef $QT; undef $DH;
+
+($a_0,$a_1,$a_2,$a_3)=($t0,$t1,$t2,$t3);
+($b_0,$b_1,$b_2,$b_3)=($ta0,$ta1,$ta2,$ta3);
+
+($a_4,$a_5,$a_6,$a_7)=($s0,$s2,$s4,$a1); # once we load a[7], no use for $a1
+($b_4,$b_5,$b_6,$b_7)=($s1,$s3,$s5,$a2); # once we load b[7], no use for $a2
+
+($t_1,$t_2,$c_1,$c_2,$c_3)=($t8,$t9,$v0,$v1,$a3);
+
+$code.=<<___;
+
+.align	5
+.globl	bn_mul_comba8
+.ent	bn_mul_comba8
+bn_mul_comba8:
+	.set	noreorder
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	.frame	$sp,12*$SZREG,$ra
+	.mask	0x803ff008,-$SZREG
+	$PTR_SUB $sp,12*$SZREG
+	$REG_S	$ra,11*$SZREG($sp)
+	$REG_S	$s5,10*$SZREG($sp)
+	$REG_S	$s4,9*$SZREG($sp)
+	$REG_S	$s3,8*$SZREG($sp)
+	$REG_S	$s2,7*$SZREG($sp)
+	$REG_S	$s1,6*$SZREG($sp)
+	$REG_S	$s0,5*$SZREG($sp)
+	$REG_S	$t3,4*$SZREG($sp)
+	$REG_S	$t2,3*$SZREG($sp)
+	$REG_S	$t1,2*$SZREG($sp)
+	$REG_S	$t0,1*$SZREG($sp)
+	$REG_S	$gp,0*$SZREG($sp)
+___
+$code.=<<___ if ($flavour !~ /nubi/i);
+	.frame	$sp,6*$SZREG,$ra
+	.mask	0x003f0000,-$SZREG
+	$PTR_SUB $sp,6*$SZREG
+	$REG_S	$s5,5*$SZREG($sp)
+	$REG_S	$s4,4*$SZREG($sp)
+	$REG_S	$s3,3*$SZREG($sp)
+	$REG_S	$s2,2*$SZREG($sp)
+	$REG_S	$s1,1*$SZREG($sp)
+	$REG_S	$s0,0*$SZREG($sp)
+___
+$code.=<<___;
+
+	.set	reorder
+	$LD	$a_0,0($a1)	# If compiled with -mips3 option on
+				# R5000 box assembler barks on this
+				# 1ine with "should not have mult/div
+				# as last instruction in bb (R10K
+				# bug)" warning. If anybody out there
+				# has a clue about how to circumvent
+				# this do send me a note.
+				#		<appro\@fy.chalmers.se>
+
+	$LD	$b_0,0($a2)
+	$LD	$a_1,$BNSZ($a1)
+	$LD	$a_2,2*$BNSZ($a1)
+	$MULTU	($a_0,$b_0)		# mul_add_c(a[0],b[0],c1,c2,c3);
+	$LD	$a_3,3*$BNSZ($a1)
+	$LD	$b_1,$BNSZ($a2)
+	$LD	$b_2,2*$BNSZ($a2)
+	$LD	$b_3,3*$BNSZ($a2)
+	mflo	($c_1,$a_0,$b_0)
+	mfhi	($c_2,$a_0,$b_0)
+
+	$LD	$a_4,4*$BNSZ($a1)
+	$LD	$a_5,5*$BNSZ($a1)
+	$MULTU	($a_0,$b_1)		# mul_add_c(a[0],b[1],c2,c3,c1);
+	$LD	$a_6,6*$BNSZ($a1)
+	$LD	$a_7,7*$BNSZ($a1)
+	$LD	$b_4,4*$BNSZ($a2)
+	$LD	$b_5,5*$BNSZ($a2)
+	mflo	($t_1,$a_0,$b_1)
+	mfhi	($t_2,$a_0,$b_1)
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	$MULTU	($a_1,$b_0)		# mul_add_c(a[1],b[0],c2,c3,c1);
+	$ADDU	$c_3,$t_2,$at
+	$LD	$b_6,6*$BNSZ($a2)
+	$LD	$b_7,7*$BNSZ($a2)
+	$ST	$c_1,0($a0)	# r[0]=c1;
+	mflo	($t_1,$a_1,$b_0)
+	mfhi	($t_2,$a_1,$b_0)
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	 $MULTU	($a_2,$b_0)		# mul_add_c(a[2],b[0],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$c_1,$c_3,$t_2
+	$ST	$c_2,$BNSZ($a0)	# r[1]=c2;
+
+	mflo	($t_1,$a_2,$b_0)
+	mfhi	($t_2,$a_2,$b_0)
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	$MULTU	($a_1,$b_1)		# mul_add_c(a[1],b[1],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	mflo	($t_1,$a_1,$b_1)
+	mfhi	($t_2,$a_1,$b_1)
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	$MULTU	($a_0,$b_2)		# mul_add_c(a[0],b[2],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	sltu	$c_2,$c_1,$t_2
+	mflo	($t_1,$a_0,$b_2)
+	mfhi	($t_2,$a_0,$b_2)
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	 $MULTU	($a_0,$b_3)		# mul_add_c(a[0],b[3],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	sltu	$at,$c_1,$t_2
+	$ADDU	$c_2,$at
+	$ST	$c_3,2*$BNSZ($a0)	# r[2]=c3;
+
+	mflo	($t_1,$a_0,$b_3)
+	mfhi	($t_2,$a_0,$b_3)
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	$MULTU	($a_1,$b_2)		# mul_add_c(a[1],b[2],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	sltu	$c_3,$c_2,$t_2
+	mflo	($t_1,$a_1,$b_2)
+	mfhi	($t_2,$a_1,$b_2)
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	$MULTU	($a_2,$b_1)		# mul_add_c(a[2],b[1],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	sltu	$at,$c_2,$t_2
+	$ADDU	$c_3,$at
+	mflo	($t_1,$a_2,$b_1)
+	mfhi	($t_2,$a_2,$b_1)
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	$MULTU	($a_3,$b_0)		# mul_add_c(a[3],b[0],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	sltu	$at,$c_2,$t_2
+	$ADDU	$c_3,$at
+	mflo	($t_1,$a_3,$b_0)
+	mfhi	($t_2,$a_3,$b_0)
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	 $MULTU	($a_4,$b_0)		# mul_add_c(a[4],b[0],c2,c3,c1);
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	sltu	$at,$c_2,$t_2
+	$ADDU	$c_3,$at
+	$ST	$c_1,3*$BNSZ($a0)	# r[3]=c1;
+
+	mflo	($t_1,$a_4,$b_0)
+	mfhi	($t_2,$a_4,$b_0)
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	$MULTU	($a_3,$b_1)		# mul_add_c(a[3],b[1],c2,c3,c1);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$c_1,$c_3,$t_2
+	mflo	($t_1,$a_3,$b_1)
+	mfhi	($t_2,$a_3,$b_1)
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	$MULTU	($a_2,$b_2)		# mul_add_c(a[2],b[2],c2,c3,c1);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$at,$c_3,$t_2
+	$ADDU	$c_1,$at
+	mflo	($t_1,$a_2,$b_2)
+	mfhi	($t_2,$a_2,$b_2)
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	$MULTU	($a_1,$b_3)		# mul_add_c(a[1],b[3],c2,c3,c1);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$at,$c_3,$t_2
+	$ADDU	$c_1,$at
+	mflo	($t_1,$a_1,$b_3)
+	mfhi	($t_2,$a_1,$b_3)
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	$MULTU	($a_0,$b_4)		# mul_add_c(a[0],b[4],c2,c3,c1);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$at,$c_3,$t_2
+	$ADDU	$c_1,$at
+	mflo	($t_1,$a_0,$b_4)
+	mfhi	($t_2,$a_0,$b_4)
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	 $MULTU	($a_0,$b_5)		# mul_add_c(a[0],b[5],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$at,$c_3,$t_2
+	$ADDU	$c_1,$at
+	$ST	$c_2,4*$BNSZ($a0)	# r[4]=c2;
+
+	mflo	($t_1,$a_0,$b_5)
+	mfhi	($t_2,$a_0,$b_5)
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	$MULTU	($a_1,$b_4)		# mul_add_c(a[1],b[4],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	sltu	$c_2,$c_1,$t_2
+	mflo	($t_1,$a_1,$b_4)
+	mfhi	($t_2,$a_1,$b_4)
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	$MULTU	($a_2,$b_3)		# mul_add_c(a[2],b[3],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	sltu	$at,$c_1,$t_2
+	$ADDU	$c_2,$at
+	mflo	($t_1,$a_2,$b_3)
+	mfhi	($t_2,$a_2,$b_3)
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	$MULTU	($a_3,$b_2)		# mul_add_c(a[3],b[2],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	sltu	$at,$c_1,$t_2
+	$ADDU	$c_2,$at
+	mflo	($t_1,$a_3,$b_2)
+	mfhi	($t_2,$a_3,$b_2)
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	$MULTU	($a_4,$b_1)		# mul_add_c(a[4],b[1],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	sltu	$at,$c_1,$t_2
+	$ADDU	$c_2,$at
+	mflo	($t_1,$a_4,$b_1)
+	mfhi	($t_2,$a_4,$b_1)
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	$MULTU	($a_5,$b_0)		# mul_add_c(a[5],b[0],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	sltu	$at,$c_1,$t_2
+	$ADDU	$c_2,$at
+	mflo	($t_1,$a_5,$b_0)
+	mfhi	($t_2,$a_5,$b_0)
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	 $MULTU	($a_6,$b_0)		# mul_add_c(a[6],b[0],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	sltu	$at,$c_1,$t_2
+	$ADDU	$c_2,$at
+	$ST	$c_3,5*$BNSZ($a0)	# r[5]=c3;
+
+	mflo	($t_1,$a_6,$b_0)
+	mfhi	($t_2,$a_6,$b_0)
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	$MULTU	($a_5,$b_1)		# mul_add_c(a[5],b[1],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	sltu	$c_3,$c_2,$t_2
+	mflo	($t_1,$a_5,$b_1)
+	mfhi	($t_2,$a_5,$b_1)
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	$MULTU	($a_4,$b_2)		# mul_add_c(a[4],b[2],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	sltu	$at,$c_2,$t_2
+	$ADDU	$c_3,$at
+	mflo	($t_1,$a_4,$b_2)
+	mfhi	($t_2,$a_4,$b_2)
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	$MULTU	($a_3,$b_3)		# mul_add_c(a[3],b[3],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	sltu	$at,$c_2,$t_2
+	$ADDU	$c_3,$at
+	mflo	($t_1,$a_3,$b_3)
+	mfhi	($t_2,$a_3,$b_3)
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	$MULTU	($a_2,$b_4)		# mul_add_c(a[2],b[4],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	sltu	$at,$c_2,$t_2
+	$ADDU	$c_3,$at
+	mflo	($t_1,$a_2,$b_4)
+	mfhi	($t_2,$a_2,$b_4)
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	$MULTU	($a_1,$b_5)		# mul_add_c(a[1],b[5],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	sltu	$at,$c_2,$t_2
+	$ADDU	$c_3,$at
+	mflo	($t_1,$a_1,$b_5)
+	mfhi	($t_2,$a_1,$b_5)
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	$MULTU	($a_0,$b_6)		# mul_add_c(a[0],b[6],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	sltu	$at,$c_2,$t_2
+	$ADDU	$c_3,$at
+	mflo	($t_1,$a_0,$b_6)
+	mfhi	($t_2,$a_0,$b_6)
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	 $MULTU	($a_0,$b_7)		# mul_add_c(a[0],b[7],c2,c3,c1);
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	sltu	$at,$c_2,$t_2
+	$ADDU	$c_3,$at
+	$ST	$c_1,6*$BNSZ($a0)	# r[6]=c1;
+
+	mflo	($t_1,$a_0,$b_7)
+	mfhi	($t_2,$a_0,$b_7)
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	$MULTU	($a_1,$b_6)		# mul_add_c(a[1],b[6],c2,c3,c1);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$c_1,$c_3,$t_2
+	mflo	($t_1,$a_1,$b_6)
+	mfhi	($t_2,$a_1,$b_6)
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	$MULTU	($a_2,$b_5)		# mul_add_c(a[2],b[5],c2,c3,c1);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$at,$c_3,$t_2
+	$ADDU	$c_1,$at
+	mflo	($t_1,$a_2,$b_5)
+	mfhi	($t_2,$a_2,$b_5)
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	$MULTU	($a_3,$b_4)		# mul_add_c(a[3],b[4],c2,c3,c1);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$at,$c_3,$t_2
+	$ADDU	$c_1,$at
+	mflo	($t_1,$a_3,$b_4)
+	mfhi	($t_2,$a_3,$b_4)
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	$MULTU	($a_4,$b_3)		# mul_add_c(a[4],b[3],c2,c3,c1);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$at,$c_3,$t_2
+	$ADDU	$c_1,$at
+	mflo	($t_1,$a_4,$b_3)
+	mfhi	($t_2,$a_4,$b_3)
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	$MULTU	($a_5,$b_2)		# mul_add_c(a[5],b[2],c2,c3,c1);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$at,$c_3,$t_2
+	$ADDU	$c_1,$at
+	mflo	($t_1,$a_5,$b_2)
+	mfhi	($t_2,$a_5,$b_2)
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	$MULTU	($a_6,$b_1)		# mul_add_c(a[6],b[1],c2,c3,c1);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$at,$c_3,$t_2
+	$ADDU	$c_1,$at
+	mflo	($t_1,$a_6,$b_1)
+	mfhi	($t_2,$a_6,$b_1)
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	$MULTU	($a_7,$b_0)		# mul_add_c(a[7],b[0],c2,c3,c1);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$at,$c_3,$t_2
+	$ADDU	$c_1,$at
+	mflo	($t_1,$a_7,$b_0)
+	mfhi	($t_2,$a_7,$b_0)
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	 $MULTU	($a_7,$b_1)		# mul_add_c(a[7],b[1],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$at,$c_3,$t_2
+	$ADDU	$c_1,$at
+	$ST	$c_2,7*$BNSZ($a0)	# r[7]=c2;
+
+	mflo	($t_1,$a_7,$b_1)
+	mfhi	($t_2,$a_7,$b_1)
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	$MULTU	($a_6,$b_2)		# mul_add_c(a[6],b[2],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	sltu	$c_2,$c_1,$t_2
+	mflo	($t_1,$a_6,$b_2)
+	mfhi	($t_2,$a_6,$b_2)
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	$MULTU	($a_5,$b_3)		# mul_add_c(a[5],b[3],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	sltu	$at,$c_1,$t_2
+	$ADDU	$c_2,$at
+	mflo	($t_1,$a_5,$b_3)
+	mfhi	($t_2,$a_5,$b_3)
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	$MULTU	($a_4,$b_4)		# mul_add_c(a[4],b[4],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	sltu	$at,$c_1,$t_2
+	$ADDU	$c_2,$at
+	mflo	($t_1,$a_4,$b_4)
+	mfhi	($t_2,$a_4,$b_4)
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	$MULTU	($a_3,$b_5)		# mul_add_c(a[3],b[5],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	sltu	$at,$c_1,$t_2
+	$ADDU	$c_2,$at
+	mflo	($t_1,$a_3,$b_5)
+	mfhi	($t_2,$a_3,$b_5)
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	$MULTU	($a_2,$b_6)		# mul_add_c(a[2],b[6],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	sltu	$at,$c_1,$t_2
+	$ADDU	$c_2,$at
+	mflo	($t_1,$a_2,$b_6)
+	mfhi	($t_2,$a_2,$b_6)
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	$MULTU	($a_1,$b_7)		# mul_add_c(a[1],b[7],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	sltu	$at,$c_1,$t_2
+	$ADDU	$c_2,$at
+	mflo	($t_1,$a_1,$b_7)
+	mfhi	($t_2,$a_1,$b_7)
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	 $MULTU	($a_2,$b_7)		# mul_add_c(a[2],b[7],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	sltu	$at,$c_1,$t_2
+	$ADDU	$c_2,$at
+	$ST	$c_3,8*$BNSZ($a0)	# r[8]=c3;
+
+	mflo	($t_1,$a_2,$b_7)
+	mfhi	($t_2,$a_2,$b_7)
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	$MULTU	($a_3,$b_6)		# mul_add_c(a[3],b[6],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	sltu	$c_3,$c_2,$t_2
+	mflo	($t_1,$a_3,$b_6)
+	mfhi	($t_2,$a_3,$b_6)
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	$MULTU	($a_4,$b_5)		# mul_add_c(a[4],b[5],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	sltu	$at,$c_2,$t_2
+	$ADDU	$c_3,$at
+	mflo	($t_1,$a_4,$b_5)
+	mfhi	($t_2,$a_4,$b_5)
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	$MULTU	($a_5,$b_4)		# mul_add_c(a[5],b[4],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	sltu	$at,$c_2,$t_2
+	$ADDU	$c_3,$at
+	mflo	($t_1,$a_5,$b_4)
+	mfhi	($t_2,$a_5,$b_4)
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	$MULTU	($a_6,$b_3)		# mul_add_c(a[6],b[3],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	sltu	$at,$c_2,$t_2
+	$ADDU	$c_3,$at
+	mflo	($t_1,$a_6,$b_3)
+	mfhi	($t_2,$a_6,$b_3)
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	$MULTU	($a_7,$b_2)		# mul_add_c(a[7],b[2],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	sltu	$at,$c_2,$t_2
+	$ADDU	$c_3,$at
+	mflo	($t_1,$a_7,$b_2)
+	mfhi	($t_2,$a_7,$b_2)
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	 $MULTU	($a_7,$b_3)		# mul_add_c(a[7],b[3],c2,c3,c1);
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	sltu	$at,$c_2,$t_2
+	$ADDU	$c_3,$at
+	$ST	$c_1,9*$BNSZ($a0)	# r[9]=c1;
+
+	mflo	($t_1,$a_7,$b_3)
+	mfhi	($t_2,$a_7,$b_3)
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	$MULTU	($a_6,$b_4)		# mul_add_c(a[6],b[4],c2,c3,c1);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$c_1,$c_3,$t_2
+	mflo	($t_1,$a_6,$b_4)
+	mfhi	($t_2,$a_6,$b_4)
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	$MULTU	($a_5,$b_5)		# mul_add_c(a[5],b[5],c2,c3,c1);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$at,$c_3,$t_2
+	$ADDU	$c_1,$at
+	mflo	($t_1,$a_5,$b_5)
+	mfhi	($t_2,$a_5,$b_5)
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	$MULTU	($a_4,$b_6)		# mul_add_c(a[4],b[6],c2,c3,c1);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$at,$c_3,$t_2
+	$ADDU	$c_1,$at
+	mflo	($t_1,$a_4,$b_6)
+	mfhi	($t_2,$a_4,$b_6)
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	$MULTU	($a_3,$b_7)		# mul_add_c(a[3],b[7],c2,c3,c1);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$at,$c_3,$t_2
+	$ADDU	$c_1,$at
+	mflo	($t_1,$a_3,$b_7)
+	mfhi	($t_2,$a_3,$b_7)
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	$MULTU	($a_4,$b_7)		# mul_add_c(a[4],b[7],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$at,$c_3,$t_2
+	$ADDU	$c_1,$at
+	$ST	$c_2,10*$BNSZ($a0)	# r[10]=c2;
+
+	mflo	($t_1,$a_4,$b_7)
+	mfhi	($t_2,$a_4,$b_7)
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	$MULTU	($a_5,$b_6)		# mul_add_c(a[5],b[6],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	sltu	$c_2,$c_1,$t_2
+	mflo	($t_1,$a_5,$b_6)
+	mfhi	($t_2,$a_5,$b_6)
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	$MULTU	($a_6,$b_5)		# mul_add_c(a[6],b[5],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	sltu	$at,$c_1,$t_2
+	$ADDU	$c_2,$at
+	mflo	($t_1,$a_6,$b_5)
+	mfhi	($t_2,$a_6,$b_5)
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	$MULTU	($a_7,$b_4)		# mul_add_c(a[7],b[4],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	sltu	$at,$c_1,$t_2
+	$ADDU	$c_2,$at
+	mflo	($t_1,$a_7,$b_4)
+	mfhi	($t_2,$a_7,$b_4)
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	 $MULTU	($a_7,$b_5)		# mul_add_c(a[7],b[5],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	sltu	$at,$c_1,$t_2
+	$ADDU	$c_2,$at
+	$ST	$c_3,11*$BNSZ($a0)	# r[11]=c3;
+
+	mflo	($t_1,$a_7,$b_5)
+	mfhi	($t_2,$a_7,$b_5)
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	$MULTU	($a_6,$b_6)		# mul_add_c(a[6],b[6],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	sltu	$c_3,$c_2,$t_2
+	mflo	($t_1,$a_6,$b_6)
+	mfhi	($t_2,$a_6,$b_6)
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	$MULTU	($a_5,$b_7)		# mul_add_c(a[5],b[7],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	sltu	$at,$c_2,$t_2
+	$ADDU	$c_3,$at
+	mflo	($t_1,$a_5,$b_7)
+	mfhi	($t_2,$a_5,$b_7)
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	 $MULTU	($a_6,$b_7)		# mul_add_c(a[6],b[7],c2,c3,c1);
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	sltu	$at,$c_2,$t_2
+	$ADDU	$c_3,$at
+	$ST	$c_1,12*$BNSZ($a0)	# r[12]=c1;
+
+	mflo	($t_1,$a_6,$b_7)
+	mfhi	($t_2,$a_6,$b_7)
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	$MULTU	($a_7,$b_6)		# mul_add_c(a[7],b[6],c2,c3,c1);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$c_1,$c_3,$t_2
+	mflo	($t_1,$a_7,$b_6)
+	mfhi	($t_2,$a_7,$b_6)
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	$MULTU	($a_7,$b_7)		# mul_add_c(a[7],b[7],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$at,$c_3,$t_2
+	$ADDU	$c_1,$at
+	$ST	$c_2,13*$BNSZ($a0)	# r[13]=c2;
+
+	mflo	($t_1,$a_7,$b_7)
+	mfhi	($t_2,$a_7,$b_7)
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	$ST	$c_3,14*$BNSZ($a0)	# r[14]=c3;
+	$ST	$c_1,15*$BNSZ($a0)	# r[15]=c1;
+
+	.set	noreorder
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	$REG_L	$s5,10*$SZREG($sp)
+	$REG_L	$s4,9*$SZREG($sp)
+	$REG_L	$s3,8*$SZREG($sp)
+	$REG_L	$s2,7*$SZREG($sp)
+	$REG_L	$s1,6*$SZREG($sp)
+	$REG_L	$s0,5*$SZREG($sp)
+	$REG_L	$t3,4*$SZREG($sp)
+	$REG_L	$t2,3*$SZREG($sp)
+	$REG_L	$t1,2*$SZREG($sp)
+	$REG_L	$t0,1*$SZREG($sp)
+	$REG_L	$gp,0*$SZREG($sp)
+	jr	$ra
+	$PTR_ADD $sp,12*$SZREG
+___
+$code.=<<___ if ($flavour !~ /nubi/i);
+	$REG_L	$s5,5*$SZREG($sp)
+	$REG_L	$s4,4*$SZREG($sp)
+	$REG_L	$s3,3*$SZREG($sp)
+	$REG_L	$s2,2*$SZREG($sp)
+	$REG_L	$s1,1*$SZREG($sp)
+	$REG_L	$s0,0*$SZREG($sp)
+	jr	$ra
+	$PTR_ADD $sp,6*$SZREG
+___
+$code.=<<___;
+.end	bn_mul_comba8
+
+.align	5
+.globl	bn_mul_comba4
+.ent	bn_mul_comba4
+bn_mul_comba4:
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	.frame	$sp,6*$SZREG,$ra
+	.mask	0x8000f008,-$SZREG
+	.set	noreorder
+	$PTR_SUB $sp,6*$SZREG
+	$REG_S	$ra,5*$SZREG($sp)
+	$REG_S	$t3,4*$SZREG($sp)
+	$REG_S	$t2,3*$SZREG($sp)
+	$REG_S	$t1,2*$SZREG($sp)
+	$REG_S	$t0,1*$SZREG($sp)
+	$REG_S	$gp,0*$SZREG($sp)
+___
+$code.=<<___;
+	.set	reorder
+	$LD	$a_0,0($a1)
+	$LD	$b_0,0($a2)
+	$LD	$a_1,$BNSZ($a1)
+	$LD	$a_2,2*$BNSZ($a1)
+	$MULTU	($a_0,$b_0)		# mul_add_c(a[0],b[0],c1,c2,c3);
+	$LD	$a_3,3*$BNSZ($a1)
+	$LD	$b_1,$BNSZ($a2)
+	$LD	$b_2,2*$BNSZ($a2)
+	$LD	$b_3,3*$BNSZ($a2)
+	mflo	($c_1,$a_0,$b_0)
+	mfhi	($c_2,$a_0,$b_0)
+	$ST	$c_1,0($a0)
+
+	$MULTU	($a_0,$b_1)		# mul_add_c(a[0],b[1],c2,c3,c1);
+	mflo	($t_1,$a_0,$b_1)
+	mfhi	($t_2,$a_0,$b_1)
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	$MULTU	($a_1,$b_0)		# mul_add_c(a[1],b[0],c2,c3,c1);
+	$ADDU	$c_3,$t_2,$at
+	mflo	($t_1,$a_1,$b_0)
+	mfhi	($t_2,$a_1,$b_0)
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	 $MULTU	($a_2,$b_0)		# mul_add_c(a[2],b[0],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$c_1,$c_3,$t_2
+	$ST	$c_2,$BNSZ($a0)
+
+	mflo	($t_1,$a_2,$b_0)
+	mfhi	($t_2,$a_2,$b_0)
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	$MULTU	($a_1,$b_1)		# mul_add_c(a[1],b[1],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	mflo	($t_1,$a_1,$b_1)
+	mfhi	($t_2,$a_1,$b_1)
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	$MULTU	($a_0,$b_2)		# mul_add_c(a[0],b[2],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	sltu	$c_2,$c_1,$t_2
+	mflo	($t_1,$a_0,$b_2)
+	mfhi	($t_2,$a_0,$b_2)
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	 $MULTU	($a_0,$b_3)		# mul_add_c(a[0],b[3],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	sltu	$at,$c_1,$t_2
+	$ADDU	$c_2,$at
+	$ST	$c_3,2*$BNSZ($a0)
+
+	mflo	($t_1,$a_0,$b_3)
+	mfhi	($t_2,$a_0,$b_3)
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	$MULTU	($a_1,$b_2)		# mul_add_c(a[1],b[2],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	sltu	$c_3,$c_2,$t_2
+	mflo	($t_1,$a_1,$b_2)
+	mfhi	($t_2,$a_1,$b_2)
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	$MULTU	($a_2,$b_1)		# mul_add_c(a[2],b[1],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	sltu	$at,$c_2,$t_2
+	$ADDU	$c_3,$at
+	mflo	($t_1,$a_2,$b_1)
+	mfhi	($t_2,$a_2,$b_1)
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	$MULTU	($a_3,$b_0)		# mul_add_c(a[3],b[0],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	sltu	$at,$c_2,$t_2
+	$ADDU	$c_3,$at
+	mflo	($t_1,$a_3,$b_0)
+	mfhi	($t_2,$a_3,$b_0)
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	 $MULTU	($a_3,$b_1)		# mul_add_c(a[3],b[1],c2,c3,c1);
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	sltu	$at,$c_2,$t_2
+	$ADDU	$c_3,$at
+	$ST	$c_1,3*$BNSZ($a0)
+
+	mflo	($t_1,$a_3,$b_1)
+	mfhi	($t_2,$a_3,$b_1)
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	$MULTU	($a_2,$b_2)		# mul_add_c(a[2],b[2],c2,c3,c1);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$c_1,$c_3,$t_2
+	mflo	($t_1,$a_2,$b_2)
+	mfhi	($t_2,$a_2,$b_2)
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	$MULTU	($a_1,$b_3)		# mul_add_c(a[1],b[3],c2,c3,c1);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$at,$c_3,$t_2
+	$ADDU	$c_1,$at
+	mflo	($t_1,$a_1,$b_3)
+	mfhi	($t_2,$a_1,$b_3)
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	 $MULTU	($a_2,$b_3)		# mul_add_c(a[2],b[3],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$at,$c_3,$t_2
+	$ADDU	$c_1,$at
+	$ST	$c_2,4*$BNSZ($a0)
+
+	mflo	($t_1,$a_2,$b_3)
+	mfhi	($t_2,$a_2,$b_3)
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	$MULTU	($a_3,$b_2)		# mul_add_c(a[3],b[2],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	sltu	$c_2,$c_1,$t_2
+	mflo	($t_1,$a_3,$b_2)
+	mfhi	($t_2,$a_3,$b_2)
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	 $MULTU	($a_3,$b_3)		# mul_add_c(a[3],b[3],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	sltu	$at,$c_1,$t_2
+	$ADDU	$c_2,$at
+	$ST	$c_3,5*$BNSZ($a0)
+
+	mflo	($t_1,$a_3,$b_3)
+	mfhi	($t_2,$a_3,$b_3)
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	$ST	$c_1,6*$BNSZ($a0)
+	$ST	$c_2,7*$BNSZ($a0)
+
+	.set	noreorder
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	$REG_L	$t3,4*$SZREG($sp)
+	$REG_L	$t2,3*$SZREG($sp)
+	$REG_L	$t1,2*$SZREG($sp)
+	$REG_L	$t0,1*$SZREG($sp)
+	$REG_L	$gp,0*$SZREG($sp)
+	$PTR_ADD $sp,6*$SZREG
+___
+$code.=<<___;
+	jr	$ra
+	nop
+.end	bn_mul_comba4
+___
+
+($a_4,$a_5,$a_6,$a_7)=($b_0,$b_1,$b_2,$b_3);
+
+sub add_c2 () {
+my ($hi,$lo,$c0,$c1,$c2,
+    $warm,      # !$warm denotes first call with specific sequence of
+                # $c_[XYZ] when there is no Z-carry to accumulate yet;
+    $an,$bn     # these two are arguments for multiplication which
+                # result is used in *next* step [which is why it's
+                # commented as "forward multiplication" below];
+    )=@_;
+$code.=<<___;
+	$ADDU	$c0,$lo
+	sltu	$at,$c0,$lo
+	 $MULTU	($an,$bn)		# forward multiplication
+	$ADDU	$c0,$lo
+	$ADDU	$at,$hi
+	sltu	$lo,$c0,$lo
+	$ADDU	$c1,$at
+	$ADDU	$hi,$lo
+___
+$code.=<<___	if (!$warm);
+	sltu	$c2,$c1,$at
+	$ADDU	$c1,$hi
+___
+$code.=<<___	if ($warm);
+	sltu	$at,$c1,$at
+	$ADDU	$c1,$hi
+	$ADDU	$c2,$at
+___
+$code.=<<___;
+	sltu	$hi,$c1,$hi
+	$ADDU	$c2,$hi
+	mflo	($lo,$an,$bn)
+	mfhi	($hi,$an,$bn)
+___
+}
+
+$code.=<<___;
+
+.align	5
+.globl	bn_sqr_comba8
+.ent	bn_sqr_comba8
+bn_sqr_comba8:
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	.frame	$sp,6*$SZREG,$ra
+	.mask	0x8000f008,-$SZREG
+	.set	noreorder
+	$PTR_SUB $sp,6*$SZREG
+	$REG_S	$ra,5*$SZREG($sp)
+	$REG_S	$t3,4*$SZREG($sp)
+	$REG_S	$t2,3*$SZREG($sp)
+	$REG_S	$t1,2*$SZREG($sp)
+	$REG_S	$t0,1*$SZREG($sp)
+	$REG_S	$gp,0*$SZREG($sp)
+___
+$code.=<<___;
+	.set	reorder
+	$LD	$a_0,0($a1)
+	$LD	$a_1,$BNSZ($a1)
+	$LD	$a_2,2*$BNSZ($a1)
+	$LD	$a_3,3*$BNSZ($a1)
+
+	$MULTU	($a_0,$a_0)		# mul_add_c(a[0],b[0],c1,c2,c3);
+	$LD	$a_4,4*$BNSZ($a1)
+	$LD	$a_5,5*$BNSZ($a1)
+	$LD	$a_6,6*$BNSZ($a1)
+	$LD	$a_7,7*$BNSZ($a1)
+	mflo	($c_1,$a_0,$a_0)
+	mfhi	($c_2,$a_0,$a_0)
+	$ST	$c_1,0($a0)
+
+	$MULTU	($a_0,$a_1)		# mul_add_c2(a[0],b[1],c2,c3,c1);
+	mflo	($t_1,$a_0,$a_1)
+	mfhi	($t_2,$a_0,$a_1)
+	slt	$c_1,$t_2,$zero
+	$SLL	$t_2,1
+	 $MULTU	($a_2,$a_0)		# mul_add_c2(a[2],b[0],c3,c1,c2);
+	slt	$a2,$t_1,$zero
+	$ADDU	$t_2,$a2
+	$SLL	$t_1,1
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	$ADDU	$c_3,$t_2,$at
+	$ST	$c_2,$BNSZ($a0)
+	mflo	($t_1,$a_2,$a_0)
+	mfhi	($t_2,$a_2,$a_0)
+___
+	&add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0,
+		$a_1,$a_1);		# mul_add_c(a[1],b[1],c3,c1,c2);
+$code.=<<___;
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	 $MULTU	($a_0,$a_3)		# mul_add_c2(a[0],b[3],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	sltu	$at,$c_1,$t_2
+	$ADDU	$c_2,$at
+	$ST	$c_3,2*$BNSZ($a0)
+	mflo	($t_1,$a_0,$a_3)
+	mfhi	($t_2,$a_0,$a_3)
+___
+	&add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0,
+		$a_1,$a_2);		# mul_add_c2(a[1],b[2],c1,c2,c3);
+	&add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1,
+		$a_4,$a_0);		# mul_add_c2(a[4],b[0],c2,c3,c1);
+$code.=<<___;
+	$ST	$c_1,3*$BNSZ($a0)
+___
+	&add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0,
+		$a_3,$a_1);		# mul_add_c2(a[3],b[1],c2,c3,c1);
+	&add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1,
+		$a_2,$a_2);		# mul_add_c(a[2],b[2],c2,c3,c1);
+$code.=<<___;
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	 $MULTU	($a_0,$a_5)		# mul_add_c2(a[0],b[5],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$at,$c_3,$t_2
+	$ADDU	$c_1,$at
+	$ST	$c_2,4*$BNSZ($a0)
+	mflo	($t_1,$a_0,$a_5)
+	mfhi	($t_2,$a_0,$a_5)
+___
+	&add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0,
+		$a_1,$a_4);		# mul_add_c2(a[1],b[4],c3,c1,c2);
+	&add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1,
+		$a_2,$a_3);		# mul_add_c2(a[2],b[3],c3,c1,c2);
+	&add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1,
+		$a_6,$a_0);		# mul_add_c2(a[6],b[0],c1,c2,c3);
+$code.=<<___;
+	$ST	$c_3,5*$BNSZ($a0)
+___
+	&add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0,
+		$a_5,$a_1);		# mul_add_c2(a[5],b[1],c1,c2,c3);
+	&add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1,
+		$a_4,$a_2);		# mul_add_c2(a[4],b[2],c1,c2,c3);
+	&add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1,
+		$a_3,$a_3);		# mul_add_c(a[3],b[3],c1,c2,c3);
+$code.=<<___;
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	 $MULTU	($a_0,$a_7)		# mul_add_c2(a[0],b[7],c2,c3,c1);
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	sltu	$at,$c_2,$t_2
+	$ADDU	$c_3,$at
+	$ST	$c_1,6*$BNSZ($a0)
+	mflo	($t_1,$a_0,$a_7)
+	mfhi	($t_2,$a_0,$a_7)
+___
+	&add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0,
+		$a_1,$a_6);		# mul_add_c2(a[1],b[6],c2,c3,c1);
+	&add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1,
+		$a_2,$a_5);		# mul_add_c2(a[2],b[5],c2,c3,c1);
+	&add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1,
+		$a_3,$a_4);		# mul_add_c2(a[3],b[4],c2,c3,c1);
+	&add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1,
+		$a_7,$a_1);		# mul_add_c2(a[7],b[1],c3,c1,c2);
+$code.=<<___;
+	$ST	$c_2,7*$BNSZ($a0)
+___
+	&add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0,
+		$a_6,$a_2);		# mul_add_c2(a[6],b[2],c3,c1,c2);
+	&add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1,
+		$a_5,$a_3);		# mul_add_c2(a[5],b[3],c3,c1,c2);
+	&add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1,
+		$a_4,$a_4);		# mul_add_c(a[4],b[4],c3,c1,c2);
+$code.=<<___;
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	 $MULTU	($a_2,$a_7)		# mul_add_c2(a[2],b[7],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	sltu	$at,$c_1,$t_2
+	$ADDU	$c_2,$at
+	$ST	$c_3,8*$BNSZ($a0)
+	mflo	($t_1,$a_2,$a_7)
+	mfhi	($t_2,$a_2,$a_7)
+___
+	&add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0,
+		$a_3,$a_6);		# mul_add_c2(a[3],b[6],c1,c2,c3);
+	&add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1,
+		$a_4,$a_5);		# mul_add_c2(a[4],b[5],c1,c2,c3);
+	&add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1,
+		$a_7,$a_3);		# mul_add_c2(a[7],b[3],c2,c3,c1);
+$code.=<<___;
+	$ST	$c_1,9*$BNSZ($a0)
+___
+	&add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0,
+		$a_6,$a_4);		# mul_add_c2(a[6],b[4],c2,c3,c1);
+	&add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1,
+		$a_5,$a_5);		# mul_add_c(a[5],b[5],c2,c3,c1);
+$code.=<<___;
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	 $MULTU	($a_4,$a_7)		# mul_add_c2(a[4],b[7],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$at,$c_3,$t_2
+	$ADDU	$c_1,$at
+	$ST	$c_2,10*$BNSZ($a0)
+	mflo	($t_1,$a_4,$a_7)
+	mfhi	($t_2,$a_4,$a_7)
+___
+	&add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0,
+		$a_5,$a_6);		# mul_add_c2(a[5],b[6],c3,c1,c2);
+	&add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1,
+		$a_7,$a_5);		# mul_add_c2(a[7],b[5],c1,c2,c3);
+$code.=<<___;
+	$ST	$c_3,11*$BNSZ($a0)
+___
+	&add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0,
+		$a_6,$a_6);		# mul_add_c(a[6],b[6],c1,c2,c3);
+$code.=<<___;
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	 $MULTU	($a_6,$a_7)		# mul_add_c2(a[6],b[7],c2,c3,c1);
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	sltu	$at,$c_2,$t_2
+	$ADDU	$c_3,$at
+	$ST	$c_1,12*$BNSZ($a0)
+	mflo	($t_1,$a_6,$a_7)
+	mfhi	($t_2,$a_6,$a_7)
+___
+	&add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0,
+		$a_7,$a_7);		# mul_add_c(a[7],b[7],c3,c1,c2);
+$code.=<<___;
+	$ST	$c_2,13*$BNSZ($a0)
+
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	$ST	$c_3,14*$BNSZ($a0)
+	$ST	$c_1,15*$BNSZ($a0)
+
+	.set	noreorder
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	$REG_L	$t3,4*$SZREG($sp)
+	$REG_L	$t2,3*$SZREG($sp)
+	$REG_L	$t1,2*$SZREG($sp)
+	$REG_L	$t0,1*$SZREG($sp)
+	$REG_L	$gp,0*$SZREG($sp)
+	$PTR_ADD $sp,6*$SZREG
+___
+$code.=<<___;
+	jr	$ra
+	nop
+.end	bn_sqr_comba8
+
+.align	5
+.globl	bn_sqr_comba4
+.ent	bn_sqr_comba4
+bn_sqr_comba4:
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	.frame	$sp,6*$SZREG,$ra
+	.mask	0x8000f008,-$SZREG
+	.set	noreorder
+	$PTR_SUB $sp,6*$SZREG
+	$REG_S	$ra,5*$SZREG($sp)
+	$REG_S	$t3,4*$SZREG($sp)
+	$REG_S	$t2,3*$SZREG($sp)
+	$REG_S	$t1,2*$SZREG($sp)
+	$REG_S	$t0,1*$SZREG($sp)
+	$REG_S	$gp,0*$SZREG($sp)
+___
+$code.=<<___;
+	.set	reorder
+	$LD	$a_0,0($a1)
+	$LD	$a_1,$BNSZ($a1)
+	$MULTU	($a_0,$a_0)		# mul_add_c(a[0],b[0],c1,c2,c3);
+	$LD	$a_2,2*$BNSZ($a1)
+	$LD	$a_3,3*$BNSZ($a1)
+	mflo	($c_1,$a_0,$a_0)
+	mfhi	($c_2,$a_0,$a_0)
+	$ST	$c_1,0($a0)
+
+	$MULTU	($a_0,$a_1)		# mul_add_c2(a[0],b[1],c2,c3,c1);
+	mflo	($t_1,$a_0,$a_1)
+	mfhi	($t_2,$a_0,$a_1)
+	slt	$c_1,$t_2,$zero
+	$SLL	$t_2,1
+	 $MULTU	($a_2,$a_0)		# mul_add_c2(a[2],b[0],c3,c1,c2);
+	slt	$a2,$t_1,$zero
+	$ADDU	$t_2,$a2
+	$SLL	$t_1,1
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	$ADDU	$c_3,$t_2,$at
+	$ST	$c_2,$BNSZ($a0)
+	mflo	($t_1,$a_2,$a_0)
+	mfhi	($t_2,$a_2,$a_0)
+___
+	&add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0,
+		$a_1,$a_1);		# mul_add_c(a[1],b[1],c3,c1,c2);
+$code.=<<___;
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	 $MULTU	($a_0,$a_3)		# mul_add_c2(a[0],b[3],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	sltu	$at,$c_1,$t_2
+	$ADDU	$c_2,$at
+	$ST	$c_3,2*$BNSZ($a0)
+	mflo	($t_1,$a_0,$a_3)
+	mfhi	($t_2,$a_0,$a_3)
+___
+	&add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0,
+		$a_1,$a_2);		# mul_add_c2(a2[1],b[2],c1,c2,c3);
+	&add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1,
+		$a_3,$a_1);		# mul_add_c2(a[3],b[1],c2,c3,c1);
+$code.=<<___;
+	$ST	$c_1,3*$BNSZ($a0)
+___
+	&add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0,
+		$a_2,$a_2);		# mul_add_c(a[2],b[2],c2,c3,c1);
+$code.=<<___;
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	 $MULTU	($a_2,$a_3)		# mul_add_c2(a[2],b[3],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$at,$c_3,$t_2
+	$ADDU	$c_1,$at
+	$ST	$c_2,4*$BNSZ($a0)
+	mflo	($t_1,$a_2,$a_3)
+	mfhi	($t_2,$a_2,$a_3)
+___
+	&add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0,
+		$a_3,$a_3);		# mul_add_c(a[3],b[3],c1,c2,c3);
+$code.=<<___;
+	$ST	$c_3,5*$BNSZ($a0)
+
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	$ST	$c_1,6*$BNSZ($a0)
+	$ST	$c_2,7*$BNSZ($a0)
+
+	.set	noreorder
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	$REG_L	$t3,4*$SZREG($sp)
+	$REG_L	$t2,3*$SZREG($sp)
+	$REG_L	$t1,2*$SZREG($sp)
+	$REG_L	$t0,1*$SZREG($sp)
+	$REG_L	$gp,0*$SZREG($sp)
+	$PTR_ADD $sp,6*$SZREG
+___
+$code.=<<___;
+	jr	$ra
+	nop
+.end	bn_sqr_comba4
+___
+print $code;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/parisc-mont.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/parisc-mont.pl
new file mode 100644
index 000000000..aa9f626ed
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/parisc-mont.pl
@@ -0,0 +1,1006 @@
+#! /usr/bin/env perl
+# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# On PA-7100LC this module performs ~90-50% better, less for longer
+# keys, than code generated by gcc 3.2 for PA-RISC 1.1. Latter means
+# that compiler utilized xmpyu instruction to perform 32x32=64-bit
+# multiplication, which in turn means that "baseline" performance was
+# optimal in respect to instruction set capabilities. Fair comparison
+# with vendor compiler is problematic, because OpenSSL doesn't define
+# BN_LLONG [presumably] for historical reasons, which drives compiler
+# toward 4 times 16x16=32-bit multiplications [plus complementary
+# shifts and additions] instead. This means that you should observe
+# several times improvement over code generated by vendor compiler
+# for PA-RISC 1.1, but the "baseline" is far from optimal. The actual
+# improvement coefficient was never collected on PA-7100LC, or any
+# other 1.1 CPU, because I don't have access to such machine with
+# vendor compiler. But to give you a taste, PA-RISC 1.1 code path
+# reportedly outperformed code generated by cc +DA1.1 +O3 by factor
+# of ~5x on PA-8600.
+#
+# On PA-RISC 2.0 it has to compete with pa-risc2[W].s, which is
+# reportedly ~2x faster than vendor compiler generated code [according
+# to comment in pa-risc2[W].s]. Here comes a catch. Execution core of
+# this implementation is actually 32-bit one, in the sense that it
+# operates on 32-bit values. But pa-risc2[W].s operates on arrays of
+# 64-bit BN_LONGs... How do they interoperate then? No problem. This
+# module picks halves of 64-bit values in reverse order and pretends
+# they were 32-bit BN_LONGs. But can 32-bit core compete with "pure"
+# 64-bit code such as pa-risc2[W].s then? Well, the thing is that
+# 32x32=64-bit multiplication is the best even PA-RISC 2.0 can do,
+# i.e. there is no "wider" multiplication like on most other 64-bit
+# platforms. This means that even being effectively 32-bit, this
+# implementation performs "64-bit" computational task in same amount
+# of arithmetic operations, most notably multiplications. It requires
+# more memory references, most notably to tp[num], but this doesn't
+# seem to exhaust memory port capacity. And indeed, dedicated PA-RISC
+# 2.0 code path provides virtually same performance as pa-risc2[W].s:
+# it's ~10% better for shortest key length and ~10% worse for longest
+# one.
+#
+# In case it wasn't clear. The module has two distinct code paths:
+# PA-RISC 1.1 and PA-RISC 2.0 ones. Latter features carry-free 64-bit
+# additions and 64-bit integer loads, not to mention specific
+# instruction scheduling. In 64-bit build naturally only 2.0 code path
+# is assembled. In 32-bit application context both code paths are
+# assembled, PA-RISC 2.0 CPU is detected at run-time and proper path
+# is taken automatically. Also, in 32-bit build the module imposes
+# couple of limitations: vector lengths has to be even and vector
+# addresses has to be 64-bit aligned. Normally neither is a problem:
+# most common key lengths are even and vectors are commonly malloc-ed,
+# which ensures alignment.
+#
+# Special thanks to polarhome.com for providing HP-UX account on
+# PA-RISC 1.1 machine, and to correspondent who chose to remain
+# anonymous for testing the code on PA-RISC 2.0 machine.
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+
+$flavour = shift;
+$output = shift;
+
+open STDOUT,">$output";
+
+if ($flavour =~ /64/) {
+	$LEVEL		="2.0W";
+	$SIZE_T		=8;
+	$FRAME_MARKER	=80;
+	$SAVED_RP	=16;
+	$PUSH		="std";
+	$PUSHMA		="std,ma";
+	$POP		="ldd";
+	$POPMB		="ldd,mb";
+	$BN_SZ		=$SIZE_T;
+} else {
+	$LEVEL		="1.1";	#$LEVEL.="\n\t.ALLOW\t2.0";
+	$SIZE_T		=4;
+	$FRAME_MARKER	=48;
+	$SAVED_RP	=20;
+	$PUSH		="stw";
+	$PUSHMA		="stwm";
+	$POP		="ldw";
+	$POPMB		="ldwm";
+	$BN_SZ		=$SIZE_T;
+	if (open CONF,"<${dir}../../opensslconf.h") {
+	    while(<CONF>) {
+		if (m/#\s*define\s+SIXTY_FOUR_BIT/) {
+		    $BN_SZ=8;
+		    $LEVEL="2.0";
+		    last;
+		}
+	    }
+	    close CONF;
+	}
+}
+
+$FRAME=8*$SIZE_T+$FRAME_MARKER;	# 8 saved regs + frame marker
+				#                [+ argument transfer]
+$LOCALS=$FRAME-$FRAME_MARKER;
+$FRAME+=32;			# local variables
+
+$tp="%r31";
+$ti1="%r29";
+$ti0="%r28";
+
+$rp="%r26";
+$ap="%r25";
+$bp="%r24";
+$np="%r23";
+$n0="%r22";	# passed through stack in 32-bit
+$num="%r21";	# passed through stack in 32-bit
+$idx="%r20";
+$arrsz="%r19";
+
+$nm1="%r7";
+$nm0="%r6";
+$ab1="%r5";
+$ab0="%r4";
+
+$fp="%r3";
+$hi1="%r2";
+$hi0="%r1";
+
+$xfer=$n0;	# accommodates [-16..15] offset in fld[dw]s
+
+$fm0="%fr4";	$fti=$fm0;
+$fbi="%fr5L";
+$fn0="%fr5R";
+$fai="%fr6";	$fab0="%fr7";	$fab1="%fr8";
+$fni="%fr9";	$fnm0="%fr10";	$fnm1="%fr11";
+
+$code=<<___;
+	.LEVEL	$LEVEL
+	.SPACE	\$TEXT\$
+	.SUBSPA	\$CODE\$,QUAD=0,ALIGN=8,ACCESS=0x2C,CODE_ONLY
+
+	.EXPORT	bn_mul_mont,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR
+	.ALIGN	64
+bn_mul_mont
+	.PROC
+	.CALLINFO	FRAME=`$FRAME-8*$SIZE_T`,NO_CALLS,SAVE_RP,SAVE_SP,ENTRY_GR=6
+	.ENTRY
+	$PUSH	%r2,-$SAVED_RP(%sp)		; standard prologue
+	$PUSHMA	%r3,$FRAME(%sp)
+	$PUSH	%r4,`-$FRAME+1*$SIZE_T`(%sp)
+	$PUSH	%r5,`-$FRAME+2*$SIZE_T`(%sp)
+	$PUSH	%r6,`-$FRAME+3*$SIZE_T`(%sp)
+	$PUSH	%r7,`-$FRAME+4*$SIZE_T`(%sp)
+	$PUSH	%r8,`-$FRAME+5*$SIZE_T`(%sp)
+	$PUSH	%r9,`-$FRAME+6*$SIZE_T`(%sp)
+	$PUSH	%r10,`-$FRAME+7*$SIZE_T`(%sp)
+	ldo	-$FRAME(%sp),$fp
+___
+$code.=<<___ if ($SIZE_T==4);
+	ldw	`-$FRAME_MARKER-4`($fp),$n0
+	ldw	`-$FRAME_MARKER-8`($fp),$num
+	nop
+	nop					; alignment
+___
+$code.=<<___ if ($BN_SZ==4);
+	comiclr,<=	6,$num,%r0		; are vectors long enough?
+	b		L\$abort
+	ldi		0,%r28			; signal "unhandled"
+	add,ev		%r0,$num,$num		; is $num even?
+	b		L\$abort
+	nop
+	or		$ap,$np,$ti1
+	extru,=		$ti1,31,3,%r0		; are ap and np 64-bit aligned?
+	b		L\$abort
+	nop
+	nop					; alignment
+	nop
+
+	fldws		0($n0),${fn0}
+	fldws,ma	4($bp),${fbi}		; bp[0]
+___
+$code.=<<___ if ($BN_SZ==8);
+	comib,>		3,$num,L\$abort		; are vectors long enough?
+	ldi		0,%r28			; signal "unhandled"
+	addl		$num,$num,$num		; I operate on 32-bit values
+
+	fldws		4($n0),${fn0}		; only low part of n0
+	fldws		4($bp),${fbi}		; bp[0] in flipped word order
+___
+$code.=<<___;
+	fldds		0($ap),${fai}		; ap[0,1]
+	fldds		0($np),${fni}		; np[0,1]
+
+	sh2addl		$num,%r0,$arrsz
+	ldi		31,$hi0
+	ldo		36($arrsz),$hi1		; space for tp[num+1]
+	andcm		$hi1,$hi0,$hi1		; align
+	addl		$hi1,%sp,%sp
+	$PUSH		$fp,-$SIZE_T(%sp)
+
+	ldo		`$LOCALS+16`($fp),$xfer
+	ldo		`$LOCALS+32+4`($fp),$tp
+
+	xmpyu		${fai}L,${fbi},${fab0}	; ap[0]*bp[0]
+	xmpyu		${fai}R,${fbi},${fab1}	; ap[1]*bp[0]
+	xmpyu		${fn0},${fab0}R,${fm0}
+
+	addl		$arrsz,$ap,$ap		; point at the end
+	addl		$arrsz,$np,$np
+	subi		0,$arrsz,$idx		; j=0
+	ldo		8($idx),$idx		; j++++
+
+	xmpyu		${fni}L,${fm0}R,${fnm0}	; np[0]*m
+	xmpyu		${fni}R,${fm0}R,${fnm1}	; np[1]*m
+	fstds		${fab0},-16($xfer)
+	fstds		${fnm0},-8($xfer)
+	fstds		${fab1},0($xfer)
+	fstds		${fnm1},8($xfer)
+	 flddx		$idx($ap),${fai}	; ap[2,3]
+	 flddx		$idx($np),${fni}	; np[2,3]
+___
+$code.=<<___ if ($BN_SZ==4);
+	mtctl		$hi0,%cr11		; $hi0 still holds 31
+	extrd,u,*=	$hi0,%sar,1,$hi0	; executes on PA-RISC 1.0
+	b		L\$parisc11
+	nop
+___
+$code.=<<___;					# PA-RISC 2.0 code-path
+	xmpyu		${fai}L,${fbi},${fab0}	; ap[j]*bp[0]
+	xmpyu		${fni}L,${fm0}R,${fnm0}	; np[j]*m
+	ldd		-16($xfer),$ab0
+	fstds		${fab0},-16($xfer)
+
+	extrd,u		$ab0,31,32,$hi0
+	extrd,u		$ab0,63,32,$ab0
+	ldd		-8($xfer),$nm0
+	fstds		${fnm0},-8($xfer)
+	 ldo		8($idx),$idx		; j++++
+	 addl		$ab0,$nm0,$nm0		; low part is discarded
+	 extrd,u	$nm0,31,32,$hi1
+
+L\$1st
+	xmpyu		${fai}R,${fbi},${fab1}	; ap[j+1]*bp[0]
+	xmpyu		${fni}R,${fm0}R,${fnm1}	; np[j+1]*m
+	ldd		0($xfer),$ab1
+	fstds		${fab1},0($xfer)
+	 addl		$hi0,$ab1,$ab1
+	 extrd,u	$ab1,31,32,$hi0
+	ldd		8($xfer),$nm1
+	fstds		${fnm1},8($xfer)
+	 extrd,u	$ab1,63,32,$ab1
+	 addl		$hi1,$nm1,$nm1
+	flddx		$idx($ap),${fai}	; ap[j,j+1]
+	flddx		$idx($np),${fni}	; np[j,j+1]
+	 addl		$ab1,$nm1,$nm1
+	 extrd,u	$nm1,31,32,$hi1
+
+	xmpyu		${fai}L,${fbi},${fab0}	; ap[j]*bp[0]
+	xmpyu		${fni}L,${fm0}R,${fnm0}	; np[j]*m
+	ldd		-16($xfer),$ab0
+	fstds		${fab0},-16($xfer)
+	 addl		$hi0,$ab0,$ab0
+	 extrd,u	$ab0,31,32,$hi0
+	ldd		-8($xfer),$nm0
+	fstds		${fnm0},-8($xfer)
+	 extrd,u	$ab0,63,32,$ab0
+	 addl		$hi1,$nm0,$nm0
+	stw		$nm1,-4($tp)		; tp[j-1]
+	 addl		$ab0,$nm0,$nm0
+	 stw,ma		$nm0,8($tp)		; tp[j-1]
+	addib,<>	8,$idx,L\$1st		; j++++
+	 extrd,u	$nm0,31,32,$hi1
+
+	xmpyu		${fai}R,${fbi},${fab1}	; ap[j]*bp[0]
+	xmpyu		${fni}R,${fm0}R,${fnm1}	; np[j]*m
+	ldd		0($xfer),$ab1
+	fstds		${fab1},0($xfer)
+	 addl		$hi0,$ab1,$ab1
+	 extrd,u	$ab1,31,32,$hi0
+	ldd		8($xfer),$nm1
+	fstds		${fnm1},8($xfer)
+	 extrd,u	$ab1,63,32,$ab1
+	 addl		$hi1,$nm1,$nm1
+	ldd		-16($xfer),$ab0
+	 addl		$ab1,$nm1,$nm1
+	ldd		-8($xfer),$nm0
+	 extrd,u	$nm1,31,32,$hi1
+
+	 addl		$hi0,$ab0,$ab0
+	 extrd,u	$ab0,31,32,$hi0
+	stw		$nm1,-4($tp)		; tp[j-1]
+	 extrd,u	$ab0,63,32,$ab0
+	 addl		$hi1,$nm0,$nm0
+	ldd		0($xfer),$ab1
+	 addl		$ab0,$nm0,$nm0
+	ldd,mb		8($xfer),$nm1
+	 extrd,u	$nm0,31,32,$hi1
+	stw,ma		$nm0,8($tp)		; tp[j-1]
+
+	ldo		-1($num),$num		; i--
+	subi		0,$arrsz,$idx		; j=0
+___
+$code.=<<___ if ($BN_SZ==4);
+	fldws,ma	4($bp),${fbi}		; bp[1]
+___
+$code.=<<___ if ($BN_SZ==8);
+	fldws		0($bp),${fbi}		; bp[1] in flipped word order
+___
+$code.=<<___;
+	 flddx		$idx($ap),${fai}	; ap[0,1]
+	 flddx		$idx($np),${fni}	; np[0,1]
+	 fldws		8($xfer),${fti}R	; tp[0]
+	addl		$hi0,$ab1,$ab1
+	 extrd,u	$ab1,31,32,$hi0
+	 extrd,u	$ab1,63,32,$ab1
+	 ldo		8($idx),$idx		; j++++
+	 xmpyu		${fai}L,${fbi},${fab0}	; ap[0]*bp[1]
+	 xmpyu		${fai}R,${fbi},${fab1}	; ap[1]*bp[1]
+	addl		$hi1,$nm1,$nm1
+	addl		$ab1,$nm1,$nm1
+	extrd,u		$nm1,31,32,$hi1
+	 fstws,mb	${fab0}L,-8($xfer)	; save high part
+	stw		$nm1,-4($tp)		; tp[j-1]
+
+	 fcpy,sgl	%fr0,${fti}L		; zero high part
+	 fcpy,sgl	%fr0,${fab0}L
+	addl		$hi1,$hi0,$hi0
+	extrd,u		$hi0,31,32,$hi1
+	 fcnvxf,dbl,dbl	${fti},${fti}		; 32-bit unsigned int -> double
+	 fcnvxf,dbl,dbl	${fab0},${fab0}
+	stw		$hi0,0($tp)
+	stw		$hi1,4($tp)
+
+	fadd,dbl	${fti},${fab0},${fab0}	; add tp[0]
+	fcnvfx,dbl,dbl	${fab0},${fab0}		; double -> 33-bit unsigned int
+	xmpyu		${fn0},${fab0}R,${fm0}
+	ldo		`$LOCALS+32+4`($fp),$tp
+L\$outer
+	xmpyu		${fni}L,${fm0}R,${fnm0}	; np[0]*m
+	xmpyu		${fni}R,${fm0}R,${fnm1}	; np[1]*m
+	fstds		${fab0},-16($xfer)	; 33-bit value
+	fstds		${fnm0},-8($xfer)
+	 flddx		$idx($ap),${fai}	; ap[2]
+	 flddx		$idx($np),${fni}	; np[2]
+	 ldo		8($idx),$idx		; j++++
+	ldd		-16($xfer),$ab0		; 33-bit value
+	ldd		-8($xfer),$nm0
+	ldw		0($xfer),$hi0		; high part
+
+	xmpyu		${fai}L,${fbi},${fab0}	; ap[j]*bp[i]
+	xmpyu		${fni}L,${fm0}R,${fnm0}	; np[j]*m
+	 extrd,u	$ab0,31,32,$ti0		; carry bit
+	 extrd,u	$ab0,63,32,$ab0
+	fstds		${fab1},0($xfer)
+	 addl		$ti0,$hi0,$hi0		; account carry bit
+	fstds		${fnm1},8($xfer)
+	 addl		$ab0,$nm0,$nm0		; low part is discarded
+	ldw		0($tp),$ti1		; tp[1]
+	 extrd,u	$nm0,31,32,$hi1
+	fstds		${fab0},-16($xfer)
+	fstds		${fnm0},-8($xfer)
+
+L\$inner
+	xmpyu		${fai}R,${fbi},${fab1}	; ap[j+1]*bp[i]
+	xmpyu		${fni}R,${fm0}R,${fnm1}	; np[j+1]*m
+	ldd		0($xfer),$ab1
+	fstds		${fab1},0($xfer)
+	 addl		$hi0,$ti1,$ti1
+	 addl		$ti1,$ab1,$ab1
+	ldd		8($xfer),$nm1
+	fstds		${fnm1},8($xfer)
+	 extrd,u	$ab1,31,32,$hi0
+	 extrd,u	$ab1,63,32,$ab1
+	flddx		$idx($ap),${fai}	; ap[j,j+1]
+	flddx		$idx($np),${fni}	; np[j,j+1]
+	 addl		$hi1,$nm1,$nm1
+	 addl		$ab1,$nm1,$nm1
+	ldw		4($tp),$ti0		; tp[j]
+	stw		$nm1,-4($tp)		; tp[j-1]
+
+	xmpyu		${fai}L,${fbi},${fab0}	; ap[j]*bp[i]
+	xmpyu		${fni}L,${fm0}R,${fnm0}	; np[j]*m
+	ldd		-16($xfer),$ab0
+	fstds		${fab0},-16($xfer)
+	 addl		$hi0,$ti0,$ti0
+	 addl		$ti0,$ab0,$ab0
+	ldd		-8($xfer),$nm0
+	fstds		${fnm0},-8($xfer)
+	 extrd,u	$ab0,31,32,$hi0
+	 extrd,u	$nm1,31,32,$hi1
+	ldw		8($tp),$ti1		; tp[j]
+	 extrd,u	$ab0,63,32,$ab0
+	 addl		$hi1,$nm0,$nm0
+	 addl		$ab0,$nm0,$nm0
+	 stw,ma		$nm0,8($tp)		; tp[j-1]
+	addib,<>	8,$idx,L\$inner		; j++++
+	 extrd,u	$nm0,31,32,$hi1
+
+	xmpyu		${fai}R,${fbi},${fab1}	; ap[j]*bp[i]
+	xmpyu		${fni}R,${fm0}R,${fnm1}	; np[j]*m
+	ldd		0($xfer),$ab1
+	fstds		${fab1},0($xfer)
+	 addl		$hi0,$ti1,$ti1
+	 addl		$ti1,$ab1,$ab1
+	ldd		8($xfer),$nm1
+	fstds		${fnm1},8($xfer)
+	 extrd,u	$ab1,31,32,$hi0
+	 extrd,u	$ab1,63,32,$ab1
+	ldw		4($tp),$ti0		; tp[j]
+	 addl		$hi1,$nm1,$nm1
+	 addl		$ab1,$nm1,$nm1
+	ldd		-16($xfer),$ab0
+	ldd		-8($xfer),$nm0
+	 extrd,u	$nm1,31,32,$hi1
+
+	addl		$hi0,$ab0,$ab0
+	 addl		$ti0,$ab0,$ab0
+	 stw		$nm1,-4($tp)		; tp[j-1]
+	 extrd,u	$ab0,31,32,$hi0
+	ldw		8($tp),$ti1		; tp[j]
+	 extrd,u	$ab0,63,32,$ab0
+	 addl		$hi1,$nm0,$nm0
+	ldd		0($xfer),$ab1
+	 addl		$ab0,$nm0,$nm0
+	ldd,mb		8($xfer),$nm1
+	 extrd,u	$nm0,31,32,$hi1
+	 stw,ma		$nm0,8($tp)		; tp[j-1]
+
+	addib,=		-1,$num,L\$outerdone	; i--
+	subi		0,$arrsz,$idx		; j=0
+___
+$code.=<<___ if ($BN_SZ==4);
+	fldws,ma	4($bp),${fbi}		; bp[i]
+___
+$code.=<<___ if ($BN_SZ==8);
+	ldi		12,$ti0			; bp[i] in flipped word order
+	addl,ev		%r0,$num,$num
+	ldi		-4,$ti0
+	addl		$ti0,$bp,$bp
+	fldws		0($bp),${fbi}
+___
+$code.=<<___;
+	 flddx		$idx($ap),${fai}	; ap[0]
+	addl		$hi0,$ab1,$ab1
+	 flddx		$idx($np),${fni}	; np[0]
+	 fldws		8($xfer),${fti}R	; tp[0]
+	addl		$ti1,$ab1,$ab1
+	extrd,u		$ab1,31,32,$hi0
+	extrd,u		$ab1,63,32,$ab1
+
+	 ldo		8($idx),$idx		; j++++
+	 xmpyu		${fai}L,${fbi},${fab0}	; ap[0]*bp[i]
+	 xmpyu		${fai}R,${fbi},${fab1}	; ap[1]*bp[i]
+	ldw		4($tp),$ti0		; tp[j]
+
+	addl		$hi1,$nm1,$nm1
+	 fstws,mb	${fab0}L,-8($xfer)	; save high part
+	addl		$ab1,$nm1,$nm1
+	extrd,u		$nm1,31,32,$hi1
+	 fcpy,sgl	%fr0,${fti}L		; zero high part
+	 fcpy,sgl	%fr0,${fab0}L
+	stw		$nm1,-4($tp)		; tp[j-1]
+
+	 fcnvxf,dbl,dbl	${fti},${fti}		; 32-bit unsigned int -> double
+	 fcnvxf,dbl,dbl	${fab0},${fab0}
+	addl		$hi1,$hi0,$hi0
+	 fadd,dbl	${fti},${fab0},${fab0}	; add tp[0]
+	addl		$ti0,$hi0,$hi0
+	extrd,u		$hi0,31,32,$hi1
+	 fcnvfx,dbl,dbl	${fab0},${fab0}		; double -> 33-bit unsigned int
+	stw		$hi0,0($tp)
+	stw		$hi1,4($tp)
+	 xmpyu		${fn0},${fab0}R,${fm0}
+
+	b		L\$outer
+	ldo		`$LOCALS+32+4`($fp),$tp
+
+L\$outerdone
+	addl		$hi0,$ab1,$ab1
+	addl		$ti1,$ab1,$ab1
+	extrd,u		$ab1,31,32,$hi0
+	extrd,u		$ab1,63,32,$ab1
+
+	ldw		4($tp),$ti0		; tp[j]
+
+	addl		$hi1,$nm1,$nm1
+	addl		$ab1,$nm1,$nm1
+	extrd,u		$nm1,31,32,$hi1
+	stw		$nm1,-4($tp)		; tp[j-1]
+
+	addl		$hi1,$hi0,$hi0
+	addl		$ti0,$hi0,$hi0
+	extrd,u		$hi0,31,32,$hi1
+	stw		$hi0,0($tp)
+	stw		$hi1,4($tp)
+
+	ldo		`$LOCALS+32`($fp),$tp
+	sub		%r0,%r0,%r0		; clear borrow
+___
+$code.=<<___ if ($BN_SZ==4);
+	ldws,ma		4($tp),$ti0
+	extru,=		$rp,31,3,%r0		; is rp 64-bit aligned?
+	b		L\$sub_pa11
+	addl		$tp,$arrsz,$tp
+L\$sub
+	ldwx		$idx($np),$hi0
+	subb		$ti0,$hi0,$hi1
+	ldwx		$idx($tp),$ti0
+	addib,<>	4,$idx,L\$sub
+	stws,ma		$hi1,4($rp)
+
+	subb		$ti0,%r0,$hi1
+___
+$code.=<<___ if ($BN_SZ==8);
+	ldd,ma		8($tp),$ti0
+L\$sub
+	ldd		$idx($np),$hi0
+	shrpd		$ti0,$ti0,32,$ti0	; flip word order
+	std		$ti0,-8($tp)		; save flipped value
+	sub,db		$ti0,$hi0,$hi1
+	ldd,ma		8($tp),$ti0
+	addib,<>	8,$idx,L\$sub
+	std,ma		$hi1,8($rp)
+
+	extrd,u		$ti0,31,32,$ti0		; carry in flipped word order
+	sub,db		$ti0,%r0,$hi1
+___
+$code.=<<___;
+	ldo		`$LOCALS+32`($fp),$tp
+	sub		$rp,$arrsz,$rp		; rewind rp
+	subi		0,$arrsz,$idx
+L\$copy
+	ldd		0($tp),$ti0
+	ldd		0($rp),$hi0
+	std,ma		%r0,8($tp)
+	comiclr,=	0,$hi1,%r0
+	copy		$ti0,$hi0
+	addib,<>	8,$idx,L\$copy
+	std,ma		$hi0,8($rp)
+___
+
+if ($BN_SZ==4) {				# PA-RISC 1.1 code-path
+$ablo=$ab0;
+$abhi=$ab1;
+$nmlo0=$nm0;
+$nmhi0=$nm1;
+$nmlo1="%r9";
+$nmhi1="%r8";
+
+$code.=<<___;
+	b		L\$done
+	nop
+
+	.ALIGN		8
+L\$parisc11
+	xmpyu		${fai}L,${fbi},${fab0}	; ap[j]*bp[0]
+	xmpyu		${fni}L,${fm0}R,${fnm0}	; np[j]*m
+	ldw		-12($xfer),$ablo
+	ldw		-16($xfer),$hi0
+	ldw		-4($xfer),$nmlo0
+	ldw		-8($xfer),$nmhi0
+	fstds		${fab0},-16($xfer)
+	fstds		${fnm0},-8($xfer)
+
+	 ldo		8($idx),$idx		; j++++
+	 add		$ablo,$nmlo0,$nmlo0	; discarded
+	 addc		%r0,$nmhi0,$hi1
+	ldw		4($xfer),$ablo
+	ldw		0($xfer),$abhi
+	nop
+
+L\$1st_pa11
+	xmpyu		${fai}R,${fbi},${fab1}	; ap[j+1]*bp[0]
+	flddx		$idx($ap),${fai}	; ap[j,j+1]
+	xmpyu		${fni}R,${fm0}R,${fnm1}	; np[j+1]*m
+	flddx		$idx($np),${fni}	; np[j,j+1]
+	 add		$hi0,$ablo,$ablo
+	ldw		12($xfer),$nmlo1
+	 addc		%r0,$abhi,$hi0
+	ldw		8($xfer),$nmhi1
+	 add		$ablo,$nmlo1,$nmlo1
+	fstds		${fab1},0($xfer)
+	 addc		%r0,$nmhi1,$nmhi1
+	fstds		${fnm1},8($xfer)
+	 add		$hi1,$nmlo1,$nmlo1
+	ldw		-12($xfer),$ablo
+	 addc		%r0,$nmhi1,$hi1
+	ldw		-16($xfer),$abhi
+
+	xmpyu		${fai}L,${fbi},${fab0}	; ap[j]*bp[0]
+	ldw		-4($xfer),$nmlo0
+	xmpyu		${fni}L,${fm0}R,${fnm0}	; np[j]*m
+	ldw		-8($xfer),$nmhi0
+	 add		$hi0,$ablo,$ablo
+	stw		$nmlo1,-4($tp)		; tp[j-1]
+	 addc		%r0,$abhi,$hi0
+	fstds		${fab0},-16($xfer)
+	 add		$ablo,$nmlo0,$nmlo0
+	fstds		${fnm0},-8($xfer)
+	 addc		%r0,$nmhi0,$nmhi0
+	ldw		0($xfer),$abhi
+	 add		$hi1,$nmlo0,$nmlo0
+	ldw		4($xfer),$ablo
+	 stws,ma	$nmlo0,8($tp)		; tp[j-1]
+	addib,<>	8,$idx,L\$1st_pa11	; j++++
+	 addc		%r0,$nmhi0,$hi1
+
+	 ldw		8($xfer),$nmhi1
+	 ldw		12($xfer),$nmlo1
+	xmpyu		${fai}R,${fbi},${fab1}	; ap[j]*bp[0]
+	xmpyu		${fni}R,${fm0}R,${fnm1}	; np[j]*m
+	 add		$hi0,$ablo,$ablo
+	fstds		${fab1},0($xfer)
+	 addc		%r0,$abhi,$hi0
+	fstds		${fnm1},8($xfer)
+	 add		$ablo,$nmlo1,$nmlo1
+	ldw		-16($xfer),$abhi
+	 addc		%r0,$nmhi1,$nmhi1
+	ldw		-12($xfer),$ablo
+	 add		$hi1,$nmlo1,$nmlo1
+	ldw		-8($xfer),$nmhi0
+	 addc		%r0,$nmhi1,$hi1
+	ldw		-4($xfer),$nmlo0
+
+	 add		$hi0,$ablo,$ablo
+	stw		$nmlo1,-4($tp)		; tp[j-1]
+	 addc		%r0,$abhi,$hi0
+	ldw		0($xfer),$abhi
+	 add		$ablo,$nmlo0,$nmlo0
+	ldw		4($xfer),$ablo
+	 addc		%r0,$nmhi0,$nmhi0
+	ldws,mb		8($xfer),$nmhi1
+	 add		$hi1,$nmlo0,$nmlo0
+	ldw		4($xfer),$nmlo1
+	 addc		%r0,$nmhi0,$hi1
+	stws,ma		$nmlo0,8($tp)		; tp[j-1]
+
+	ldo		-1($num),$num		; i--
+	subi		0,$arrsz,$idx		; j=0
+
+	 fldws,ma	4($bp),${fbi}		; bp[1]
+	 flddx		$idx($ap),${fai}	; ap[0,1]
+	 flddx		$idx($np),${fni}	; np[0,1]
+	 fldws		8($xfer),${fti}R	; tp[0]
+	add		$hi0,$ablo,$ablo
+	addc		%r0,$abhi,$hi0
+	 ldo		8($idx),$idx		; j++++
+	 xmpyu		${fai}L,${fbi},${fab0}	; ap[0]*bp[1]
+	 xmpyu		${fai}R,${fbi},${fab1}	; ap[1]*bp[1]
+	add		$hi1,$nmlo1,$nmlo1
+	addc		%r0,$nmhi1,$nmhi1
+	add		$ablo,$nmlo1,$nmlo1
+	addc		%r0,$nmhi1,$hi1
+	 fstws,mb	${fab0}L,-8($xfer)	; save high part
+	stw		$nmlo1,-4($tp)		; tp[j-1]
+
+	 fcpy,sgl	%fr0,${fti}L		; zero high part
+	 fcpy,sgl	%fr0,${fab0}L
+	add		$hi1,$hi0,$hi0
+	addc		%r0,%r0,$hi1
+	 fcnvxf,dbl,dbl	${fti},${fti}		; 32-bit unsigned int -> double
+	 fcnvxf,dbl,dbl	${fab0},${fab0}
+	stw		$hi0,0($tp)
+	stw		$hi1,4($tp)
+
+	fadd,dbl	${fti},${fab0},${fab0}	; add tp[0]
+	fcnvfx,dbl,dbl	${fab0},${fab0}		; double -> 33-bit unsigned int
+	xmpyu		${fn0},${fab0}R,${fm0}
+	ldo		`$LOCALS+32+4`($fp),$tp
+L\$outer_pa11
+	xmpyu		${fni}L,${fm0}R,${fnm0}	; np[0]*m
+	xmpyu		${fni}R,${fm0}R,${fnm1}	; np[1]*m
+	fstds		${fab0},-16($xfer)	; 33-bit value
+	fstds		${fnm0},-8($xfer)
+	 flddx		$idx($ap),${fai}	; ap[2,3]
+	 flddx		$idx($np),${fni}	; np[2,3]
+	ldw		-16($xfer),$abhi	; carry bit actually
+	 ldo		8($idx),$idx		; j++++
+	ldw		-12($xfer),$ablo
+	ldw		-8($xfer),$nmhi0
+	ldw		-4($xfer),$nmlo0
+	ldw		0($xfer),$hi0		; high part
+
+	xmpyu		${fai}L,${fbi},${fab0}	; ap[j]*bp[i]
+	xmpyu		${fni}L,${fm0}R,${fnm0}	; np[j]*m
+	fstds		${fab1},0($xfer)
+	 addl		$abhi,$hi0,$hi0		; account carry bit
+	fstds		${fnm1},8($xfer)
+	 add		$ablo,$nmlo0,$nmlo0	; discarded
+	ldw		0($tp),$ti1		; tp[1]
+	 addc		%r0,$nmhi0,$hi1
+	fstds		${fab0},-16($xfer)
+	fstds		${fnm0},-8($xfer)
+	ldw		4($xfer),$ablo
+	ldw		0($xfer),$abhi
+
+L\$inner_pa11
+	xmpyu		${fai}R,${fbi},${fab1}	; ap[j+1]*bp[i]
+	flddx		$idx($ap),${fai}	; ap[j,j+1]
+	xmpyu		${fni}R,${fm0}R,${fnm1}	; np[j+1]*m
+	flddx		$idx($np),${fni}	; np[j,j+1]
+	 add		$hi0,$ablo,$ablo
+	ldw		4($tp),$ti0		; tp[j]
+	 addc		%r0,$abhi,$abhi
+	ldw		12($xfer),$nmlo1
+	 add		$ti1,$ablo,$ablo
+	ldw		8($xfer),$nmhi1
+	 addc		%r0,$abhi,$hi0
+	fstds		${fab1},0($xfer)
+	 add		$ablo,$nmlo1,$nmlo1
+	fstds		${fnm1},8($xfer)
+	 addc		%r0,$nmhi1,$nmhi1
+	ldw		-12($xfer),$ablo
+	 add		$hi1,$nmlo1,$nmlo1
+	ldw		-16($xfer),$abhi
+	 addc		%r0,$nmhi1,$hi1
+
+	xmpyu		${fai}L,${fbi},${fab0}	; ap[j]*bp[i]
+	ldw		8($tp),$ti1		; tp[j]
+	xmpyu		${fni}L,${fm0}R,${fnm0}	; np[j]*m
+	ldw		-4($xfer),$nmlo0
+	 add		$hi0,$ablo,$ablo
+	ldw		-8($xfer),$nmhi0
+	 addc		%r0,$abhi,$abhi
+	stw		$nmlo1,-4($tp)		; tp[j-1]
+	 add		$ti0,$ablo,$ablo
+	fstds		${fab0},-16($xfer)
+	 addc		%r0,$abhi,$hi0
+	fstds		${fnm0},-8($xfer)
+	 add		$ablo,$nmlo0,$nmlo0
+	ldw		4($xfer),$ablo
+	 addc		%r0,$nmhi0,$nmhi0
+	ldw		0($xfer),$abhi
+	 add		$hi1,$nmlo0,$nmlo0
+	 stws,ma	$nmlo0,8($tp)		; tp[j-1]
+	addib,<>	8,$idx,L\$inner_pa11	; j++++
+	 addc		%r0,$nmhi0,$hi1
+
+	xmpyu		${fai}R,${fbi},${fab1}	; ap[j]*bp[i]
+	ldw		12($xfer),$nmlo1
+	xmpyu		${fni}R,${fm0}R,${fnm1}	; np[j]*m
+	ldw		8($xfer),$nmhi1
+	 add		$hi0,$ablo,$ablo
+	ldw		4($tp),$ti0		; tp[j]
+	 addc		%r0,$abhi,$abhi
+	fstds		${fab1},0($xfer)
+	 add		$ti1,$ablo,$ablo
+	fstds		${fnm1},8($xfer)
+	 addc		%r0,$abhi,$hi0
+	ldw		-16($xfer),$abhi
+	 add		$ablo,$nmlo1,$nmlo1
+	ldw		-12($xfer),$ablo
+	 addc		%r0,$nmhi1,$nmhi1
+	ldw		-8($xfer),$nmhi0
+	 add		$hi1,$nmlo1,$nmlo1
+	ldw		-4($xfer),$nmlo0
+	 addc		%r0,$nmhi1,$hi1
+
+	add		$hi0,$ablo,$ablo
+	 stw		$nmlo1,-4($tp)		; tp[j-1]
+	addc		%r0,$abhi,$abhi
+	 add		$ti0,$ablo,$ablo
+	ldw		8($tp),$ti1		; tp[j]
+	 addc		%r0,$abhi,$hi0
+	ldw		0($xfer),$abhi
+	 add		$ablo,$nmlo0,$nmlo0
+	ldw		4($xfer),$ablo
+	 addc		%r0,$nmhi0,$nmhi0
+	ldws,mb		8($xfer),$nmhi1
+	 add		$hi1,$nmlo0,$nmlo0
+	ldw		4($xfer),$nmlo1
+	 addc		%r0,$nmhi0,$hi1
+	 stws,ma	$nmlo0,8($tp)		; tp[j-1]
+
+	addib,=		-1,$num,L\$outerdone_pa11; i--
+	subi		0,$arrsz,$idx		; j=0
+
+	 fldws,ma	4($bp),${fbi}		; bp[i]
+	 flddx		$idx($ap),${fai}	; ap[0]
+	add		$hi0,$ablo,$ablo
+	addc		%r0,$abhi,$abhi
+	 flddx		$idx($np),${fni}	; np[0]
+	 fldws		8($xfer),${fti}R	; tp[0]
+	add		$ti1,$ablo,$ablo
+	addc		%r0,$abhi,$hi0
+
+	 ldo		8($idx),$idx		; j++++
+	 xmpyu		${fai}L,${fbi},${fab0}	; ap[0]*bp[i]
+	 xmpyu		${fai}R,${fbi},${fab1}	; ap[1]*bp[i]
+	ldw		4($tp),$ti0		; tp[j]
+
+	add		$hi1,$nmlo1,$nmlo1
+	addc		%r0,$nmhi1,$nmhi1
+	 fstws,mb	${fab0}L,-8($xfer)	; save high part
+	add		$ablo,$nmlo1,$nmlo1
+	addc		%r0,$nmhi1,$hi1
+	 fcpy,sgl	%fr0,${fti}L		; zero high part
+	 fcpy,sgl	%fr0,${fab0}L
+	stw		$nmlo1,-4($tp)		; tp[j-1]
+
+	 fcnvxf,dbl,dbl	${fti},${fti}		; 32-bit unsigned int -> double
+	 fcnvxf,dbl,dbl	${fab0},${fab0}
+	add		$hi1,$hi0,$hi0
+	addc		%r0,%r0,$hi1
+	 fadd,dbl	${fti},${fab0},${fab0}	; add tp[0]
+	add		$ti0,$hi0,$hi0
+	addc		%r0,$hi1,$hi1
+	 fcnvfx,dbl,dbl	${fab0},${fab0}		; double -> 33-bit unsigned int
+	stw		$hi0,0($tp)
+	stw		$hi1,4($tp)
+	 xmpyu		${fn0},${fab0}R,${fm0}
+
+	b		L\$outer_pa11
+	ldo		`$LOCALS+32+4`($fp),$tp
+
+L\$outerdone_pa11
+	add		$hi0,$ablo,$ablo
+	addc		%r0,$abhi,$abhi
+	add		$ti1,$ablo,$ablo
+	addc		%r0,$abhi,$hi0
+
+	ldw		4($tp),$ti0		; tp[j]
+
+	add		$hi1,$nmlo1,$nmlo1
+	addc		%r0,$nmhi1,$nmhi1
+	add		$ablo,$nmlo1,$nmlo1
+	addc		%r0,$nmhi1,$hi1
+	stw		$nmlo1,-4($tp)		; tp[j-1]
+
+	add		$hi1,$hi0,$hi0
+	addc		%r0,%r0,$hi1
+	add		$ti0,$hi0,$hi0
+	addc		%r0,$hi1,$hi1
+	stw		$hi0,0($tp)
+	stw		$hi1,4($tp)
+
+	ldo		`$LOCALS+32+4`($fp),$tp
+	sub		%r0,%r0,%r0		; clear borrow
+	ldw		-4($tp),$ti0
+	addl		$tp,$arrsz,$tp
+L\$sub_pa11
+	ldwx		$idx($np),$hi0
+	subb		$ti0,$hi0,$hi1
+	ldwx		$idx($tp),$ti0
+	addib,<>	4,$idx,L\$sub_pa11
+	stws,ma		$hi1,4($rp)
+
+	subb		$ti0,%r0,$hi1
+
+	ldo		`$LOCALS+32`($fp),$tp
+	sub		$rp,$arrsz,$rp		; rewind rp
+	subi		0,$arrsz,$idx
+L\$copy_pa11
+	ldw		0($tp),$ti0
+	ldw		0($rp),$hi0
+	stws,ma		%r0,4($tp)
+	comiclr,=	0,$hi1,%r0
+	copy		$ti0,$hi0
+	addib,<>	4,$idx,L\$copy_pa11
+	stws,ma		$hi0,4($rp)
+
+	nop					; alignment
+L\$done
+___
+}
+
+$code.=<<___;
+	ldi		1,%r28			; signal "handled"
+	ldo		$FRAME($fp),%sp		; destroy tp[num+1]
+
+	$POP	`-$FRAME-$SAVED_RP`(%sp),%r2	; standard epilogue
+	$POP	`-$FRAME+1*$SIZE_T`(%sp),%r4
+	$POP	`-$FRAME+2*$SIZE_T`(%sp),%r5
+	$POP	`-$FRAME+3*$SIZE_T`(%sp),%r6
+	$POP	`-$FRAME+4*$SIZE_T`(%sp),%r7
+	$POP	`-$FRAME+5*$SIZE_T`(%sp),%r8
+	$POP	`-$FRAME+6*$SIZE_T`(%sp),%r9
+	$POP	`-$FRAME+7*$SIZE_T`(%sp),%r10
+L\$abort
+	bv	(%r2)
+	.EXIT
+	$POPMB	-$FRAME(%sp),%r3
+	.PROCEND
+	.STRINGZ "Montgomery Multiplication for PA-RISC, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+# Explicitly encode PA-RISC 2.0 instructions used in this module, so
+# that it can be compiled with .LEVEL 1.0. It should be noted that I
+# wouldn't have to do this, if GNU assembler understood .ALLOW 2.0
+# directive...
+
+my $ldd = sub {
+  my ($mod,$args) = @_;
+  my $orig = "ldd$mod\t$args";
+
+    if ($args =~ /%r([0-9]+)\(%r([0-9]+)\),%r([0-9]+)/)		# format 4
+    {	my $opcode=(0x03<<26)|($2<<21)|($1<<16)|(3<<6)|$3;
+	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
+    }
+    elsif ($args =~ /(\-?[0-9]+)\(%r([0-9]+)\),%r([0-9]+)/)	# format 5
+    {	my $opcode=(0x03<<26)|($2<<21)|(1<<12)|(3<<6)|$3;
+	$opcode|=(($1&0xF)<<17)|(($1&0x10)<<12);		# encode offset
+	$opcode|=(1<<5)  if ($mod =~ /^,m/);
+	$opcode|=(1<<13) if ($mod =~ /^,mb/);
+	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
+    }
+    else { "\t".$orig; }
+};
+
+my $std = sub {
+  my ($mod,$args) = @_;
+  my $orig = "std$mod\t$args";
+
+    if ($args =~ /%r([0-9]+),(\-?[0-9]+)\(%r([0-9]+)\)/)	# format 6
+    {	my $opcode=(0x03<<26)|($3<<21)|($1<<16)|(1<<12)|(0xB<<6);
+	$opcode|=(($2&0xF)<<1)|(($2&0x10)>>4);			# encode offset
+	$opcode|=(1<<5)  if ($mod =~ /^,m/);
+	$opcode|=(1<<13) if ($mod =~ /^,mb/);
+	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
+    }
+    else { "\t".$orig; }
+};
+
+my $extrd = sub {
+  my ($mod,$args) = @_;
+  my $orig = "extrd$mod\t$args";
+
+    # I only have ",u" completer, it's implicitly encoded...
+    if ($args =~ /%r([0-9]+),([0-9]+),([0-9]+),%r([0-9]+)/)	# format 15
+    {	my $opcode=(0x36<<26)|($1<<21)|($4<<16);
+	my $len=32-$3;
+	$opcode |= (($2&0x20)<<6)|(($2&0x1f)<<5);		# encode pos
+	$opcode |= (($len&0x20)<<7)|($len&0x1f);		# encode len
+	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
+    }
+    elsif ($args =~ /%r([0-9]+),%sar,([0-9]+),%r([0-9]+)/)	# format 12
+    {	my $opcode=(0x34<<26)|($1<<21)|($3<<16)|(2<<11)|(1<<9);
+	my $len=32-$2;
+	$opcode |= (($len&0x20)<<3)|($len&0x1f);		# encode len
+	$opcode |= (1<<13) if ($mod =~ /,\**=/);
+	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
+    }
+    else { "\t".$orig; }
+};
+
+my $shrpd = sub {
+  my ($mod,$args) = @_;
+  my $orig = "shrpd$mod\t$args";
+
+    if ($args =~ /%r([0-9]+),%r([0-9]+),([0-9]+),%r([0-9]+)/)	# format 14
+    {	my $opcode=(0x34<<26)|($2<<21)|($1<<16)|(1<<10)|$4;
+	my $cpos=63-$3;
+	$opcode |= (($cpos&0x20)<<6)|(($cpos&0x1f)<<5);		# encode sa
+	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
+    }
+    else { "\t".$orig; }
+};
+
+my $sub = sub {
+  my ($mod,$args) = @_;
+  my $orig = "sub$mod\t$args";
+
+    if ($mod eq ",db" && $args =~ /%r([0-9]+),%r([0-9]+),%r([0-9]+)/) {
+	my $opcode=(0x02<<26)|($2<<21)|($1<<16)|$3;
+	$opcode|=(1<<10);	# e1
+	$opcode|=(1<<8);	# e2
+	$opcode|=(1<<5);	# d
+	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig
+    }
+    else { "\t".$orig; }
+};
+
+sub assemble {
+  my ($mnemonic,$mod,$args)=@_;
+  my $opcode = eval("\$$mnemonic");
+
+    ref($opcode) eq 'CODE' ? &$opcode($mod,$args) : "\t$mnemonic$mod\t$args";
+}
+
+if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+	=~ /GNU assembler/) {
+    $gnuas = 1;
+}
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/ge;
+	# flip word order in 64-bit mode...
+	s/(xmpyu\s+)($fai|$fni)([LR])/$1.$2.($3 eq "L"?"R":"L")/e if ($BN_SZ==8);
+	# assemble 2.0 instructions in 32-bit mode...
+	s/^\s+([a-z]+)([\S]*)\s+([\S]*)/&assemble($1,$2,$3)/e if ($BN_SZ==4);
+
+	s/(\.LEVEL\s+2\.0)W/$1w/	if ($gnuas && $SIZE_T==8);
+	s/\.SPACE\s+\$TEXT\$/.text/	if ($gnuas && $SIZE_T==8);
+	s/\.SUBSPA.*//			if ($gnuas && $SIZE_T==8);
+	s/\bbv\b/bve/			if ($SIZE_T==8);
+
+	print $_,"\n";
+}
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/ppc-mont.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/ppc-mont.pl
new file mode 100644
index 000000000..ec7e019a4
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/ppc-mont.pl
@@ -0,0 +1,1990 @@
+#! /usr/bin/env perl
+# Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# April 2006
+
+# "Teaser" Montgomery multiplication module for PowerPC. It's possible
+# to gain a bit more by modulo-scheduling outer loop, then dedicated
+# squaring procedure should give further 20% and code can be adapted
+# for 32-bit application running on 64-bit CPU. As for the latter.
+# It won't be able to achieve "native" 64-bit performance, because in
+# 32-bit application context every addc instruction will have to be
+# expanded as addc, twice right shift by 32 and finally adde, etc.
+# So far RSA *sign* performance improvement over pre-bn_mul_mont asm
+# for 64-bit application running on PPC970/G5 is:
+#
+# 512-bit	+65%
+# 1024-bit	+35%
+# 2048-bit	+18%
+# 4096-bit	+4%
+
+# September 2016
+#
+# Add multiplication procedure operating on lengths divisible by 4
+# and squaring procedure operating on lengths divisible by 8. Length
+# is expressed in number of limbs. RSA private key operations are
+# ~35-50% faster (more for longer keys) on contemporary high-end POWER
+# processors in 64-bit builds, [mysteriously enough] more in 32-bit
+# builds. On low-end 32-bit processors performance improvement turned
+# to be marginal...
+
+$flavour = shift;
+
+if ($flavour =~ /32/) {
+	$BITS=	32;
+	$BNSZ=	$BITS/8;
+	$SIZE_T=4;
+	$RZONE=	224;
+
+	$LD=	"lwz";		# load
+	$LDU=	"lwzu";		# load and update
+	$LDX=	"lwzx";		# load indexed
+	$ST=	"stw";		# store
+	$STU=	"stwu";		# store and update
+	$STX=	"stwx";		# store indexed
+	$STUX=	"stwux";	# store indexed and update
+	$UMULL=	"mullw";	# unsigned multiply low
+	$UMULH=	"mulhwu";	# unsigned multiply high
+	$UCMP=	"cmplw";	# unsigned compare
+	$SHRI=	"srwi";		# unsigned shift right by immediate
+	$SHLI=	"slwi";		# unsigned shift left by immediate
+	$PUSH=	$ST;
+	$POP=	$LD;
+} elsif ($flavour =~ /64/) {
+	$BITS=	64;
+	$BNSZ=	$BITS/8;
+	$SIZE_T=8;
+	$RZONE=	288;
+
+	# same as above, but 64-bit mnemonics...
+	$LD=	"ld";		# load
+	$LDU=	"ldu";		# load and update
+	$LDX=	"ldx";		# load indexed
+	$ST=	"std";		# store
+	$STU=	"stdu";		# store and update
+	$STX=	"stdx";		# store indexed
+	$STUX=	"stdux";	# store indexed and update
+	$UMULL=	"mulld";	# unsigned multiply low
+	$UMULH=	"mulhdu";	# unsigned multiply high
+	$UCMP=	"cmpld";	# unsigned compare
+	$SHRI=	"srdi";		# unsigned shift right by immediate
+	$SHLI=	"sldi";		# unsigned shift left by immediate
+	$PUSH=	$ST;
+	$POP=	$LD;
+} else { die "nonsense $flavour"; }
+
+$FRAME=8*$SIZE_T+$RZONE;
+$LOCALS=8*$SIZE_T;
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
+die "can't locate ppc-xlate.pl";
+
+open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!";
+
+$sp="r1";
+$toc="r2";
+$rp="r3";
+$ap="r4";
+$bp="r5";
+$np="r6";
+$n0="r7";
+$num="r8";
+
+{
+my $ovf=$rp;
+my $rp="r9";	# $rp is reassigned
+my $aj="r10";
+my $nj="r11";
+my $tj="r12";
+# non-volatile registers
+my $i="r20";
+my $j="r21";
+my $tp="r22";
+my $m0="r23";
+my $m1="r24";
+my $lo0="r25";
+my $hi0="r26";
+my $lo1="r27";
+my $hi1="r28";
+my $alo="r29";
+my $ahi="r30";
+my $nlo="r31";
+#
+my $nhi="r0";
+
+$code=<<___;
+.machine "any"
+.text
+
+.globl	.bn_mul_mont_int
+.align	5
+.bn_mul_mont_int:
+	mr	$rp,r3		; $rp is reassigned
+	li	r3,0
+___
+$code.=<<___ if ($BNSZ==4);
+	cmpwi	$num,32		; longer key performance is not better
+	bgelr
+___
+$code.=<<___;
+	slwi	$num,$num,`log($BNSZ)/log(2)`
+	li	$tj,-4096
+	addi	$ovf,$num,$FRAME
+	subf	$ovf,$ovf,$sp	; $sp-$ovf
+	and	$ovf,$ovf,$tj	; minimize TLB usage
+	subf	$ovf,$sp,$ovf	; $ovf-$sp
+	mr	$tj,$sp
+	srwi	$num,$num,`log($BNSZ)/log(2)`
+	$STUX	$sp,$sp,$ovf
+
+	$PUSH	r20,`-12*$SIZE_T`($tj)
+	$PUSH	r21,`-11*$SIZE_T`($tj)
+	$PUSH	r22,`-10*$SIZE_T`($tj)
+	$PUSH	r23,`-9*$SIZE_T`($tj)
+	$PUSH	r24,`-8*$SIZE_T`($tj)
+	$PUSH	r25,`-7*$SIZE_T`($tj)
+	$PUSH	r26,`-6*$SIZE_T`($tj)
+	$PUSH	r27,`-5*$SIZE_T`($tj)
+	$PUSH	r28,`-4*$SIZE_T`($tj)
+	$PUSH	r29,`-3*$SIZE_T`($tj)
+	$PUSH	r30,`-2*$SIZE_T`($tj)
+	$PUSH	r31,`-1*$SIZE_T`($tj)
+
+	$LD	$n0,0($n0)	; pull n0[0] value
+	addi	$num,$num,-2	; adjust $num for counter register
+
+	$LD	$m0,0($bp)	; m0=bp[0]
+	$LD	$aj,0($ap)	; ap[0]
+	addi	$tp,$sp,$LOCALS
+	$UMULL	$lo0,$aj,$m0	; ap[0]*bp[0]
+	$UMULH	$hi0,$aj,$m0
+
+	$LD	$aj,$BNSZ($ap)	; ap[1]
+	$LD	$nj,0($np)	; np[0]
+
+	$UMULL	$m1,$lo0,$n0	; "tp[0]"*n0
+
+	$UMULL	$alo,$aj,$m0	; ap[1]*bp[0]
+	$UMULH	$ahi,$aj,$m0
+
+	$UMULL	$lo1,$nj,$m1	; np[0]*m1
+	$UMULH	$hi1,$nj,$m1
+	$LD	$nj,$BNSZ($np)	; np[1]
+	addc	$lo1,$lo1,$lo0
+	addze	$hi1,$hi1
+
+	$UMULL	$nlo,$nj,$m1	; np[1]*m1
+	$UMULH	$nhi,$nj,$m1
+
+	mtctr	$num
+	li	$j,`2*$BNSZ`
+.align	4
+L1st:
+	$LDX	$aj,$ap,$j	; ap[j]
+	addc	$lo0,$alo,$hi0
+	$LDX	$nj,$np,$j	; np[j]
+	addze	$hi0,$ahi
+	$UMULL	$alo,$aj,$m0	; ap[j]*bp[0]
+	addc	$lo1,$nlo,$hi1
+	$UMULH	$ahi,$aj,$m0
+	addze	$hi1,$nhi
+	$UMULL	$nlo,$nj,$m1	; np[j]*m1
+	addc	$lo1,$lo1,$lo0	; np[j]*m1+ap[j]*bp[0]
+	$UMULH	$nhi,$nj,$m1
+	addze	$hi1,$hi1
+	$ST	$lo1,0($tp)	; tp[j-1]
+
+	addi	$j,$j,$BNSZ	; j++
+	addi	$tp,$tp,$BNSZ	; tp++
+	bdnz	L1st
+;L1st
+	addc	$lo0,$alo,$hi0
+	addze	$hi0,$ahi
+
+	addc	$lo1,$nlo,$hi1
+	addze	$hi1,$nhi
+	addc	$lo1,$lo1,$lo0	; np[j]*m1+ap[j]*bp[0]
+	addze	$hi1,$hi1
+	$ST	$lo1,0($tp)	; tp[j-1]
+
+	li	$ovf,0
+	addc	$hi1,$hi1,$hi0
+	addze	$ovf,$ovf	; upmost overflow bit
+	$ST	$hi1,$BNSZ($tp)
+
+	li	$i,$BNSZ
+.align	4
+Louter:
+	$LDX	$m0,$bp,$i	; m0=bp[i]
+	$LD	$aj,0($ap)	; ap[0]
+	addi	$tp,$sp,$LOCALS
+	$LD	$tj,$LOCALS($sp); tp[0]
+	$UMULL	$lo0,$aj,$m0	; ap[0]*bp[i]
+	$UMULH	$hi0,$aj,$m0
+	$LD	$aj,$BNSZ($ap)	; ap[1]
+	$LD	$nj,0($np)	; np[0]
+	addc	$lo0,$lo0,$tj	; ap[0]*bp[i]+tp[0]
+	$UMULL	$alo,$aj,$m0	; ap[j]*bp[i]
+	addze	$hi0,$hi0
+	$UMULL	$m1,$lo0,$n0	; tp[0]*n0
+	$UMULH	$ahi,$aj,$m0
+	$UMULL	$lo1,$nj,$m1	; np[0]*m1
+	$UMULH	$hi1,$nj,$m1
+	$LD	$nj,$BNSZ($np)	; np[1]
+	addc	$lo1,$lo1,$lo0
+	$UMULL	$nlo,$nj,$m1	; np[1]*m1
+	addze	$hi1,$hi1
+	$UMULH	$nhi,$nj,$m1
+
+	mtctr	$num
+	li	$j,`2*$BNSZ`
+.align	4
+Linner:
+	$LDX	$aj,$ap,$j	; ap[j]
+	addc	$lo0,$alo,$hi0
+	$LD	$tj,$BNSZ($tp)	; tp[j]
+	addze	$hi0,$ahi
+	$LDX	$nj,$np,$j	; np[j]
+	addc	$lo1,$nlo,$hi1
+	$UMULL	$alo,$aj,$m0	; ap[j]*bp[i]
+	addze	$hi1,$nhi
+	$UMULH	$ahi,$aj,$m0
+	addc	$lo0,$lo0,$tj	; ap[j]*bp[i]+tp[j]
+	$UMULL	$nlo,$nj,$m1	; np[j]*m1
+	addze	$hi0,$hi0
+	$UMULH	$nhi,$nj,$m1
+	addc	$lo1,$lo1,$lo0	; np[j]*m1+ap[j]*bp[i]+tp[j]
+	addi	$j,$j,$BNSZ	; j++
+	addze	$hi1,$hi1
+	$ST	$lo1,0($tp)	; tp[j-1]
+	addi	$tp,$tp,$BNSZ	; tp++
+	bdnz	Linner
+;Linner
+	$LD	$tj,$BNSZ($tp)	; tp[j]
+	addc	$lo0,$alo,$hi0
+	addze	$hi0,$ahi
+	addc	$lo0,$lo0,$tj	; ap[j]*bp[i]+tp[j]
+	addze	$hi0,$hi0
+
+	addc	$lo1,$nlo,$hi1
+	addze	$hi1,$nhi
+	addc	$lo1,$lo1,$lo0	; np[j]*m1+ap[j]*bp[i]+tp[j]
+	addze	$hi1,$hi1
+	$ST	$lo1,0($tp)	; tp[j-1]
+
+	addic	$ovf,$ovf,-1	; move upmost overflow to XER[CA]
+	li	$ovf,0
+	adde	$hi1,$hi1,$hi0
+	addze	$ovf,$ovf
+	$ST	$hi1,$BNSZ($tp)
+;
+	slwi	$tj,$num,`log($BNSZ)/log(2)`
+	$UCMP	$i,$tj
+	addi	$i,$i,$BNSZ
+	ble	Louter
+
+	addi	$num,$num,2	; restore $num
+	subfc	$j,$j,$j	; j=0 and "clear" XER[CA]
+	addi	$tp,$sp,$LOCALS
+	mtctr	$num
+
+.align	4
+Lsub:	$LDX	$tj,$tp,$j
+	$LDX	$nj,$np,$j
+	subfe	$aj,$nj,$tj	; tp[j]-np[j]
+	$STX	$aj,$rp,$j
+	addi	$j,$j,$BNSZ
+	bdnz	Lsub
+
+	li	$j,0
+	mtctr	$num
+	subfe	$ovf,$j,$ovf	; handle upmost overflow bit
+
+.align	4
+Lcopy:				; conditional copy
+	$LDX	$tj,$tp,$j
+	$LDX	$aj,$rp,$j
+	and	$tj,$tj,$ovf
+	andc	$aj,$aj,$ovf
+	$STX	$j,$tp,$j	; zap at once
+	or	$aj,$aj,$tj
+	$STX	$aj,$rp,$j
+	addi	$j,$j,$BNSZ
+	bdnz	Lcopy
+
+	$POP	$tj,0($sp)
+	li	r3,1
+	$POP	r20,`-12*$SIZE_T`($tj)
+	$POP	r21,`-11*$SIZE_T`($tj)
+	$POP	r22,`-10*$SIZE_T`($tj)
+	$POP	r23,`-9*$SIZE_T`($tj)
+	$POP	r24,`-8*$SIZE_T`($tj)
+	$POP	r25,`-7*$SIZE_T`($tj)
+	$POP	r26,`-6*$SIZE_T`($tj)
+	$POP	r27,`-5*$SIZE_T`($tj)
+	$POP	r28,`-4*$SIZE_T`($tj)
+	$POP	r29,`-3*$SIZE_T`($tj)
+	$POP	r30,`-2*$SIZE_T`($tj)
+	$POP	r31,`-1*$SIZE_T`($tj)
+	mr	$sp,$tj
+	blr
+	.long	0
+	.byte	0,12,4,0,0x80,12,6,0
+	.long	0
+.size	.bn_mul_mont_int,.-.bn_mul_mont_int
+___
+}
+if (1) {
+my ($a0,$a1,$a2,$a3,
+    $t0,$t1,$t2,$t3,
+    $m0,$m1,$m2,$m3,
+    $acc0,$acc1,$acc2,$acc3,$acc4,
+    $bi,$mi,$tp,$ap_end,$cnt) = map("r$_",(9..12,14..31));
+my  ($carry,$zero) = ($rp,"r0");
+
+# sp----------->+-------------------------------+
+#		| saved sp			|
+#		+-------------------------------+
+#		.				.
+# +8*size_t	+-------------------------------+
+#		| 4 "n0*t0"			|
+#		.				.
+#		.				.
+# +12*size_t	+-------------------------------+
+#		| size_t tmp[num]		|
+#		.				.
+#		.				.
+#		.				.
+#		+-------------------------------+
+#		| topmost carry			|
+#		.				.
+# -18*size_t	+-------------------------------+
+#		| 18 saved gpr, r14-r31		|
+#		.				.
+#		.				.
+#		+-------------------------------+
+$code.=<<___;
+.globl	.bn_mul4x_mont_int
+.align	5
+.bn_mul4x_mont_int:
+	andi.	r0,$num,7
+	bne	.Lmul4x_do
+	$UCMP	$ap,$bp
+	bne	.Lmul4x_do
+	b	.Lsqr8x_do
+.Lmul4x_do:
+	slwi	$num,$num,`log($SIZE_T)/log(2)`
+	mr	$a0,$sp
+	li	$a1,-32*$SIZE_T
+	sub	$a1,$a1,$num
+	$STUX	$sp,$sp,$a1		# alloca
+
+	$PUSH	r14,-$SIZE_T*18($a0)
+	$PUSH	r15,-$SIZE_T*17($a0)
+	$PUSH	r16,-$SIZE_T*16($a0)
+	$PUSH	r17,-$SIZE_T*15($a0)
+	$PUSH	r18,-$SIZE_T*14($a0)
+	$PUSH	r19,-$SIZE_T*13($a0)
+	$PUSH	r20,-$SIZE_T*12($a0)
+	$PUSH	r21,-$SIZE_T*11($a0)
+	$PUSH	r22,-$SIZE_T*10($a0)
+	$PUSH	r23,-$SIZE_T*9($a0)
+	$PUSH	r24,-$SIZE_T*8($a0)
+	$PUSH	r25,-$SIZE_T*7($a0)
+	$PUSH	r26,-$SIZE_T*6($a0)
+	$PUSH	r27,-$SIZE_T*5($a0)
+	$PUSH	r28,-$SIZE_T*4($a0)
+	$PUSH	r29,-$SIZE_T*3($a0)
+	$PUSH	r30,-$SIZE_T*2($a0)
+	$PUSH	r31,-$SIZE_T*1($a0)
+
+	subi	$ap,$ap,$SIZE_T		# bias by -1
+	subi	$np,$np,$SIZE_T		# bias by -1
+	subi	$rp,$rp,$SIZE_T		# bias by -1
+	$LD	$n0,0($n0)		# *n0
+
+	add	$t0,$bp,$num
+	add	$ap_end,$ap,$num
+	subi	$t0,$t0,$SIZE_T*4	# &b[num-4]
+
+	$LD	$bi,$SIZE_T*0($bp)	# b[0]
+	li	$acc0,0
+	$LD	$a0,$SIZE_T*1($ap)	# a[0..3]
+	li	$acc1,0
+	$LD	$a1,$SIZE_T*2($ap)
+	li	$acc2,0
+	$LD	$a2,$SIZE_T*3($ap)
+	li	$acc3,0
+	$LDU	$a3,$SIZE_T*4($ap)
+	$LD	$m0,$SIZE_T*1($np)	# n[0..3]
+	$LD	$m1,$SIZE_T*2($np)
+	$LD	$m2,$SIZE_T*3($np)
+	$LDU	$m3,$SIZE_T*4($np)
+
+	$PUSH	$rp,$SIZE_T*6($sp)	# offload rp and &b[num-4]
+	$PUSH	$t0,$SIZE_T*7($sp)
+	li	$carry,0
+	addic	$tp,$sp,$SIZE_T*7	# &t[-1], clear carry bit
+	li	$cnt,0
+	li	$zero,0
+	b	.Loop_mul4x_1st_reduction
+
+.align	5
+.Loop_mul4x_1st_reduction:
+	$UMULL	$t0,$a0,$bi		# lo(a[0..3]*b[0])
+	addze	$carry,$carry		# modulo-scheduled
+	$UMULL	$t1,$a1,$bi
+	addi	$cnt,$cnt,$SIZE_T
+	$UMULL	$t2,$a2,$bi
+	andi.	$cnt,$cnt,$SIZE_T*4-1
+	$UMULL	$t3,$a3,$bi
+	addc	$acc0,$acc0,$t0
+	$UMULH	$t0,$a0,$bi		# hi(a[0..3]*b[0])
+	adde	$acc1,$acc1,$t1
+	$UMULH	$t1,$a1,$bi
+	adde	$acc2,$acc2,$t2
+	$UMULL	$mi,$acc0,$n0		# t[0]*n0
+	adde	$acc3,$acc3,$t3
+	$UMULH	$t2,$a2,$bi
+	addze	$acc4,$zero
+	$UMULH	$t3,$a3,$bi
+	$LDX	$bi,$bp,$cnt		# next b[i] (or b[0])
+	addc	$acc1,$acc1,$t0
+	# (*)	mul	$t0,$m0,$mi	# lo(n[0..3]*t[0]*n0)
+	$STU	$mi,$SIZE_T($tp)	# put aside t[0]*n0 for tail processing
+	adde	$acc2,$acc2,$t1
+	$UMULL	$t1,$m1,$mi
+	adde	$acc3,$acc3,$t2
+	$UMULL	$t2,$m2,$mi
+	adde	$acc4,$acc4,$t3		# can't overflow
+	$UMULL	$t3,$m3,$mi
+	# (*)	addc	$acc0,$acc0,$t0
+	# (*)	As for removal of first multiplication and addition
+	#	instructions. The outcome of first addition is
+	#	guaranteed to be zero, which leaves two computationally
+	#	significant outcomes: it either carries or not. Then
+	#	question is when does it carry? Is there alternative
+	#	way to deduce it? If you follow operations, you can
+	#	observe that condition for carry is quite simple:
+	#	$acc0 being non-zero. So that carry can be calculated
+	#	by adding -1 to $acc0. That's what next instruction does.
+	addic	$acc0,$acc0,-1		# (*), discarded
+	$UMULH	$t0,$m0,$mi		# hi(n[0..3]*t[0]*n0)
+	adde	$acc0,$acc1,$t1
+	$UMULH	$t1,$m1,$mi
+	adde	$acc1,$acc2,$t2
+	$UMULH	$t2,$m2,$mi
+	adde	$acc2,$acc3,$t3
+	$UMULH	$t3,$m3,$mi
+	adde	$acc3,$acc4,$carry
+	addze	$carry,$zero
+	addc	$acc0,$acc0,$t0
+	adde	$acc1,$acc1,$t1
+	adde	$acc2,$acc2,$t2
+	adde	$acc3,$acc3,$t3
+	#addze	$carry,$carry
+	bne	.Loop_mul4x_1st_reduction
+
+	$UCMP	$ap_end,$ap
+	beq	.Lmul4x4_post_condition
+
+	$LD	$a0,$SIZE_T*1($ap)	# a[4..7]
+	$LD	$a1,$SIZE_T*2($ap)
+	$LD	$a2,$SIZE_T*3($ap)
+	$LDU	$a3,$SIZE_T*4($ap)
+	$LD	$mi,$SIZE_T*8($sp)	# a[0]*n0
+	$LD	$m0,$SIZE_T*1($np)	# n[4..7]
+	$LD	$m1,$SIZE_T*2($np)
+	$LD	$m2,$SIZE_T*3($np)
+	$LDU	$m3,$SIZE_T*4($np)
+	b	.Loop_mul4x_1st_tail
+
+.align	5
+.Loop_mul4x_1st_tail:
+	$UMULL	$t0,$a0,$bi		# lo(a[4..7]*b[i])
+	addze	$carry,$carry		# modulo-scheduled
+	$UMULL	$t1,$a1,$bi
+	addi	$cnt,$cnt,$SIZE_T
+	$UMULL	$t2,$a2,$bi
+	andi.	$cnt,$cnt,$SIZE_T*4-1
+	$UMULL	$t3,$a3,$bi
+	addc	$acc0,$acc0,$t0
+	$UMULH	$t0,$a0,$bi		# hi(a[4..7]*b[i])
+	adde	$acc1,$acc1,$t1
+	$UMULH	$t1,$a1,$bi
+	adde	$acc2,$acc2,$t2
+	$UMULH	$t2,$a2,$bi
+	adde	$acc3,$acc3,$t3
+	$UMULH	$t3,$a3,$bi
+	addze	$acc4,$zero
+	$LDX	$bi,$bp,$cnt		# next b[i] (or b[0])
+	addc	$acc1,$acc1,$t0
+	$UMULL	$t0,$m0,$mi		# lo(n[4..7]*a[0]*n0)
+	adde	$acc2,$acc2,$t1
+	$UMULL	$t1,$m1,$mi
+	adde	$acc3,$acc3,$t2
+	$UMULL	$t2,$m2,$mi
+	adde	$acc4,$acc4,$t3		# can't overflow
+	$UMULL	$t3,$m3,$mi
+	addc	$acc0,$acc0,$t0
+	$UMULH	$t0,$m0,$mi		# hi(n[4..7]*a[0]*n0)
+	adde	$acc1,$acc1,$t1
+	$UMULH	$t1,$m1,$mi
+	adde	$acc2,$acc2,$t2
+	$UMULH	$t2,$m2,$mi
+	adde	$acc3,$acc3,$t3
+	adde	$acc4,$acc4,$carry
+	$UMULH	$t3,$m3,$mi
+	addze	$carry,$zero
+	addi	$mi,$sp,$SIZE_T*8
+	$LDX	$mi,$mi,$cnt		# next t[0]*n0
+	$STU	$acc0,$SIZE_T($tp)	# word of result
+	addc	$acc0,$acc1,$t0
+	adde	$acc1,$acc2,$t1
+	adde	$acc2,$acc3,$t2
+	adde	$acc3,$acc4,$t3
+	#addze	$carry,$carry
+	bne	.Loop_mul4x_1st_tail
+
+	sub	$t1,$ap_end,$num	# rewinded $ap
+	$UCMP	$ap_end,$ap		# done yet?
+	beq	.Lmul4x_proceed
+
+	$LD	$a0,$SIZE_T*1($ap)
+	$LD	$a1,$SIZE_T*2($ap)
+	$LD	$a2,$SIZE_T*3($ap)
+	$LDU	$a3,$SIZE_T*4($ap)
+	$LD	$m0,$SIZE_T*1($np)
+	$LD	$m1,$SIZE_T*2($np)
+	$LD	$m2,$SIZE_T*3($np)
+	$LDU	$m3,$SIZE_T*4($np)
+	b	.Loop_mul4x_1st_tail
+
+.align	5
+.Lmul4x_proceed:
+	$LDU	$bi,$SIZE_T*4($bp)	# *++b
+	addze	$carry,$carry		# topmost carry
+	$LD	$a0,$SIZE_T*1($t1)
+	$LD	$a1,$SIZE_T*2($t1)
+	$LD	$a2,$SIZE_T*3($t1)
+	$LD	$a3,$SIZE_T*4($t1)
+	addi	$ap,$t1,$SIZE_T*4
+	sub	$np,$np,$num		# rewind np
+
+	$ST	$acc0,$SIZE_T*1($tp)	# result
+	$ST	$acc1,$SIZE_T*2($tp)
+	$ST	$acc2,$SIZE_T*3($tp)
+	$ST	$acc3,$SIZE_T*4($tp)
+	$ST	$carry,$SIZE_T*5($tp)	# save topmost carry
+	$LD	$acc0,$SIZE_T*12($sp)	# t[0..3]
+	$LD	$acc1,$SIZE_T*13($sp)
+	$LD	$acc2,$SIZE_T*14($sp)
+	$LD	$acc3,$SIZE_T*15($sp)
+
+	$LD	$m0,$SIZE_T*1($np)	# n[0..3]
+	$LD	$m1,$SIZE_T*2($np)
+	$LD	$m2,$SIZE_T*3($np)
+	$LDU	$m3,$SIZE_T*4($np)
+	addic	$tp,$sp,$SIZE_T*7	# &t[-1], clear carry bit
+	li	$carry,0
+	b	.Loop_mul4x_reduction
+
+.align	5
+.Loop_mul4x_reduction:
+	$UMULL	$t0,$a0,$bi		# lo(a[0..3]*b[4])
+	addze	$carry,$carry		# modulo-scheduled
+	$UMULL	$t1,$a1,$bi
+	addi	$cnt,$cnt,$SIZE_T
+	$UMULL	$t2,$a2,$bi
+	andi.	$cnt,$cnt,$SIZE_T*4-1
+	$UMULL	$t3,$a3,$bi
+	addc	$acc0,$acc0,$t0
+	$UMULH	$t0,$a0,$bi		# hi(a[0..3]*b[4])
+	adde	$acc1,$acc1,$t1
+	$UMULH	$t1,$a1,$bi
+	adde	$acc2,$acc2,$t2
+	$UMULL	$mi,$acc0,$n0		# t[0]*n0
+	adde	$acc3,$acc3,$t3
+	$UMULH	$t2,$a2,$bi
+	addze	$acc4,$zero
+	$UMULH	$t3,$a3,$bi
+	$LDX	$bi,$bp,$cnt		# next b[i]
+	addc	$acc1,$acc1,$t0
+	# (*)	mul	$t0,$m0,$mi
+	$STU	$mi,$SIZE_T($tp)	# put aside t[0]*n0 for tail processing
+	adde	$acc2,$acc2,$t1
+	$UMULL	$t1,$m1,$mi		# lo(n[0..3]*t[0]*n0
+	adde	$acc3,$acc3,$t2
+	$UMULL	$t2,$m2,$mi
+	adde	$acc4,$acc4,$t3		# can't overflow
+	$UMULL	$t3,$m3,$mi
+	# (*)	addc	$acc0,$acc0,$t0
+	addic	$acc0,$acc0,-1		# (*), discarded
+	$UMULH	$t0,$m0,$mi		# hi(n[0..3]*t[0]*n0
+	adde	$acc0,$acc1,$t1
+	$UMULH	$t1,$m1,$mi
+	adde	$acc1,$acc2,$t2
+	$UMULH	$t2,$m2,$mi
+	adde	$acc2,$acc3,$t3
+	$UMULH	$t3,$m3,$mi
+	adde	$acc3,$acc4,$carry
+	addze	$carry,$zero
+	addc	$acc0,$acc0,$t0
+	adde	$acc1,$acc1,$t1
+	adde	$acc2,$acc2,$t2
+	adde	$acc3,$acc3,$t3
+	#addze	$carry,$carry
+	bne	.Loop_mul4x_reduction
+
+	$LD	$t0,$SIZE_T*5($tp)	# t[4..7]
+	addze	$carry,$carry
+	$LD	$t1,$SIZE_T*6($tp)
+	$LD	$t2,$SIZE_T*7($tp)
+	$LD	$t3,$SIZE_T*8($tp)
+	$LD	$a0,$SIZE_T*1($ap)	# a[4..7]
+	$LD	$a1,$SIZE_T*2($ap)
+	$LD	$a2,$SIZE_T*3($ap)
+	$LDU	$a3,$SIZE_T*4($ap)
+	addc	$acc0,$acc0,$t0
+	adde	$acc1,$acc1,$t1
+	adde	$acc2,$acc2,$t2
+	adde	$acc3,$acc3,$t3
+	#addze	$carry,$carry
+
+	$LD	$mi,$SIZE_T*8($sp)	# t[0]*n0
+	$LD	$m0,$SIZE_T*1($np)	# n[4..7]
+	$LD	$m1,$SIZE_T*2($np)
+	$LD	$m2,$SIZE_T*3($np)
+	$LDU	$m3,$SIZE_T*4($np)
+	b	.Loop_mul4x_tail
+
+.align	5
+.Loop_mul4x_tail:
+	$UMULL	$t0,$a0,$bi		# lo(a[4..7]*b[4])
+	addze	$carry,$carry		# modulo-scheduled
+	$UMULL	$t1,$a1,$bi
+	addi	$cnt,$cnt,$SIZE_T
+	$UMULL	$t2,$a2,$bi
+	andi.	$cnt,$cnt,$SIZE_T*4-1
+	$UMULL	$t3,$a3,$bi
+	addc	$acc0,$acc0,$t0
+	$UMULH	$t0,$a0,$bi		# hi(a[4..7]*b[4])
+	adde	$acc1,$acc1,$t1
+	$UMULH	$t1,$a1,$bi
+	adde	$acc2,$acc2,$t2
+	$UMULH	$t2,$a2,$bi
+	adde	$acc3,$acc3,$t3
+	$UMULH	$t3,$a3,$bi
+	addze	$acc4,$zero
+	$LDX	$bi,$bp,$cnt		# next b[i]
+	addc	$acc1,$acc1,$t0
+	$UMULL	$t0,$m0,$mi		# lo(n[4..7]*t[0]*n0)
+	adde	$acc2,$acc2,$t1
+	$UMULL	$t1,$m1,$mi
+	adde	$acc3,$acc3,$t2
+	$UMULL	$t2,$m2,$mi
+	adde	$acc4,$acc4,$t3		# can't overflow
+	$UMULL	$t3,$m3,$mi
+	addc	$acc0,$acc0,$t0
+	$UMULH	$t0,$m0,$mi		# hi(n[4..7]*t[0]*n0)
+	adde	$acc1,$acc1,$t1
+	$UMULH	$t1,$m1,$mi
+	adde	$acc2,$acc2,$t2
+	$UMULH	$t2,$m2,$mi
+	adde	$acc3,$acc3,$t3
+	$UMULH	$t3,$m3,$mi
+	adde	$acc4,$acc4,$carry
+	addi	$mi,$sp,$SIZE_T*8
+	$LDX	$mi,$mi,$cnt		# next a[0]*n0
+	addze	$carry,$zero
+	$STU	$acc0,$SIZE_T($tp)	# word of result
+	addc	$acc0,$acc1,$t0
+	adde	$acc1,$acc2,$t1
+	adde	$acc2,$acc3,$t2
+	adde	$acc3,$acc4,$t3
+	#addze	$carry,$carry
+	bne	.Loop_mul4x_tail
+
+	$LD	$t0,$SIZE_T*5($tp)	# next t[i] or topmost carry
+	sub	$t1,$np,$num		# rewinded np?
+	addze	$carry,$carry
+	$UCMP	$ap_end,$ap		# done yet?
+	beq	.Loop_mul4x_break
+
+	$LD	$t1,$SIZE_T*6($tp)
+	$LD	$t2,$SIZE_T*7($tp)
+	$LD	$t3,$SIZE_T*8($tp)
+	$LD	$a0,$SIZE_T*1($ap)
+	$LD	$a1,$SIZE_T*2($ap)
+	$LD	$a2,$SIZE_T*3($ap)
+	$LDU	$a3,$SIZE_T*4($ap)
+	addc	$acc0,$acc0,$t0
+	adde	$acc1,$acc1,$t1
+	adde	$acc2,$acc2,$t2
+	adde	$acc3,$acc3,$t3
+	#addze	$carry,$carry
+
+	$LD	$m0,$SIZE_T*1($np)	# n[4..7]
+	$LD	$m1,$SIZE_T*2($np)
+	$LD	$m2,$SIZE_T*3($np)
+	$LDU	$m3,$SIZE_T*4($np)
+	b	.Loop_mul4x_tail
+
+.align	5
+.Loop_mul4x_break:
+	$POP	$t2,$SIZE_T*6($sp)	# pull rp and &b[num-4]
+	$POP	$t3,$SIZE_T*7($sp)
+	addc	$a0,$acc0,$t0		# accumulate topmost carry
+	$LD	$acc0,$SIZE_T*12($sp)	# t[0..3]
+	addze	$a1,$acc1
+	$LD	$acc1,$SIZE_T*13($sp)
+	addze	$a2,$acc2
+	$LD	$acc2,$SIZE_T*14($sp)
+	addze	$a3,$acc3
+	$LD	$acc3,$SIZE_T*15($sp)
+	addze	$carry,$carry		# topmost carry
+	$ST	$a0,$SIZE_T*1($tp)	# result
+	sub	$ap,$ap_end,$num	# rewind ap
+	$ST	$a1,$SIZE_T*2($tp)
+	$ST	$a2,$SIZE_T*3($tp)
+	$ST	$a3,$SIZE_T*4($tp)
+	$ST	$carry,$SIZE_T*5($tp)	# store topmost carry
+
+	$LD	$m0,$SIZE_T*1($t1)	# n[0..3]
+	$LD	$m1,$SIZE_T*2($t1)
+	$LD	$m2,$SIZE_T*3($t1)
+	$LD	$m3,$SIZE_T*4($t1)
+	addi	$np,$t1,$SIZE_T*4
+	$UCMP	$bp,$t3			# done yet?
+	beq	.Lmul4x_post
+
+	$LDU	$bi,$SIZE_T*4($bp)
+	$LD	$a0,$SIZE_T*1($ap)	# a[0..3]
+	$LD	$a1,$SIZE_T*2($ap)
+	$LD	$a2,$SIZE_T*3($ap)
+	$LDU	$a3,$SIZE_T*4($ap)
+	li	$carry,0
+	addic	$tp,$sp,$SIZE_T*7	# &t[-1], clear carry bit
+	b	.Loop_mul4x_reduction
+
+.align	5
+.Lmul4x_post:
+	# Final step. We see if result is larger than modulus, and
+	# if it is, subtract the modulus. But comparison implies
+	# subtraction. So we subtract modulus, see if it borrowed,
+	# and conditionally copy original value.
+	srwi	$cnt,$num,`log($SIZE_T)/log(2)+2`
+	mr	$bp,$t2			# &rp[-1]
+	subi	$cnt,$cnt,1
+	mr	$ap_end,$t2		# &rp[-1] copy
+	subfc	$t0,$m0,$acc0
+	addi	$tp,$sp,$SIZE_T*15
+	subfe	$t1,$m1,$acc1
+
+	mtctr	$cnt
+.Lmul4x_sub:
+	$LD	$m0,$SIZE_T*1($np)
+	$LD	$acc0,$SIZE_T*1($tp)
+	subfe	$t2,$m2,$acc2
+	$LD	$m1,$SIZE_T*2($np)
+	$LD	$acc1,$SIZE_T*2($tp)
+	subfe	$t3,$m3,$acc3
+	$LD	$m2,$SIZE_T*3($np)
+	$LD	$acc2,$SIZE_T*3($tp)
+	$LDU	$m3,$SIZE_T*4($np)
+	$LDU	$acc3,$SIZE_T*4($tp)
+	$ST	$t0,$SIZE_T*1($bp)
+	$ST	$t1,$SIZE_T*2($bp)
+	subfe	$t0,$m0,$acc0
+	$ST	$t2,$SIZE_T*3($bp)
+	$STU	$t3,$SIZE_T*4($bp)
+	subfe	$t1,$m1,$acc1
+	bdnz	.Lmul4x_sub
+
+	 $LD	$a0,$SIZE_T*1($ap_end)
+	$ST	$t0,$SIZE_T*1($bp)
+	 $LD	$t0,$SIZE_T*12($sp)
+	subfe	$t2,$m2,$acc2
+	 $LD	$a1,$SIZE_T*2($ap_end)
+	$ST	$t1,$SIZE_T*2($bp)
+	 $LD	$t1,$SIZE_T*13($sp)
+	subfe	$t3,$m3,$acc3
+	subfe	$carry,$zero,$carry	# did it borrow?
+	 addi	$tp,$sp,$SIZE_T*12
+	 $LD	$a2,$SIZE_T*3($ap_end)
+	$ST	$t2,$SIZE_T*3($bp)
+	 $LD	$t2,$SIZE_T*14($sp)
+	 $LD	$a3,$SIZE_T*4($ap_end)
+	$ST	$t3,$SIZE_T*4($bp)
+	 $LD	$t3,$SIZE_T*15($sp)
+
+	mtctr	$cnt
+.Lmul4x_cond_copy:
+	and	$t0,$t0,$carry
+	andc	$a0,$a0,$carry
+	$ST	$zero,$SIZE_T*0($tp)	# wipe stack clean
+	and	$t1,$t1,$carry
+	andc	$a1,$a1,$carry
+	$ST	$zero,$SIZE_T*1($tp)
+	and	$t2,$t2,$carry
+	andc	$a2,$a2,$carry
+	$ST	$zero,$SIZE_T*2($tp)
+	and	$t3,$t3,$carry
+	andc	$a3,$a3,$carry
+	$ST	$zero,$SIZE_T*3($tp)
+	or	$acc0,$t0,$a0
+	$LD	$a0,$SIZE_T*5($ap_end)
+	$LD	$t0,$SIZE_T*4($tp)
+	or	$acc1,$t1,$a1
+	$LD	$a1,$SIZE_T*6($ap_end)
+	$LD	$t1,$SIZE_T*5($tp)
+	or	$acc2,$t2,$a2
+	$LD	$a2,$SIZE_T*7($ap_end)
+	$LD	$t2,$SIZE_T*6($tp)
+	or	$acc3,$t3,$a3
+	$LD	$a3,$SIZE_T*8($ap_end)
+	$LD	$t3,$SIZE_T*7($tp)
+	addi	$tp,$tp,$SIZE_T*4
+	$ST	$acc0,$SIZE_T*1($ap_end)
+	$ST	$acc1,$SIZE_T*2($ap_end)
+	$ST	$acc2,$SIZE_T*3($ap_end)
+	$STU	$acc3,$SIZE_T*4($ap_end)
+	bdnz	.Lmul4x_cond_copy
+
+	$POP	$bp,0($sp)		# pull saved sp
+	and	$t0,$t0,$carry
+	andc	$a0,$a0,$carry
+	$ST	$zero,$SIZE_T*0($tp)
+	and	$t1,$t1,$carry
+	andc	$a1,$a1,$carry
+	$ST	$zero,$SIZE_T*1($tp)
+	and	$t2,$t2,$carry
+	andc	$a2,$a2,$carry
+	$ST	$zero,$SIZE_T*2($tp)
+	and	$t3,$t3,$carry
+	andc	$a3,$a3,$carry
+	$ST	$zero,$SIZE_T*3($tp)
+	or	$acc0,$t0,$a0
+	or	$acc1,$t1,$a1
+	$ST	$zero,$SIZE_T*4($tp)
+	or	$acc2,$t2,$a2
+	or	$acc3,$t3,$a3
+	$ST	$acc0,$SIZE_T*1($ap_end)
+	$ST	$acc1,$SIZE_T*2($ap_end)
+	$ST	$acc2,$SIZE_T*3($ap_end)
+	$ST	$acc3,$SIZE_T*4($ap_end)
+
+	b	.Lmul4x_done
+
+.align	4
+.Lmul4x4_post_condition:
+	$POP	$ap,$SIZE_T*6($sp)	# pull &rp[-1]
+	$POP	$bp,0($sp)		# pull saved sp
+	addze	$carry,$carry		# modulo-scheduled
+	# $acc0-3,$carry hold result, $m0-3 hold modulus
+	subfc	$a0,$m0,$acc0
+	subfe	$a1,$m1,$acc1
+	subfe	$a2,$m2,$acc2
+	subfe	$a3,$m3,$acc3
+	subfe	$carry,$zero,$carry	# did it borrow?
+
+	and	$m0,$m0,$carry
+	and	$m1,$m1,$carry
+	addc	$a0,$a0,$m0
+	and	$m2,$m2,$carry
+	adde	$a1,$a1,$m1
+	and	$m3,$m3,$carry
+	adde	$a2,$a2,$m2
+	adde	$a3,$a3,$m3
+
+	$ST	$a0,$SIZE_T*1($ap)	# write result
+	$ST	$a1,$SIZE_T*2($ap)
+	$ST	$a2,$SIZE_T*3($ap)
+	$ST	$a3,$SIZE_T*4($ap)
+
+.Lmul4x_done:
+	$ST	$zero,$SIZE_T*8($sp)	# wipe stack clean
+	$ST	$zero,$SIZE_T*9($sp)
+	$ST	$zero,$SIZE_T*10($sp)
+	$ST	$zero,$SIZE_T*11($sp)
+	li	r3,1			# signal "done"
+	$POP	r14,-$SIZE_T*18($bp)
+	$POP	r15,-$SIZE_T*17($bp)
+	$POP	r16,-$SIZE_T*16($bp)
+	$POP	r17,-$SIZE_T*15($bp)
+	$POP	r18,-$SIZE_T*14($bp)
+	$POP	r19,-$SIZE_T*13($bp)
+	$POP	r20,-$SIZE_T*12($bp)
+	$POP	r21,-$SIZE_T*11($bp)
+	$POP	r22,-$SIZE_T*10($bp)
+	$POP	r23,-$SIZE_T*9($bp)
+	$POP	r24,-$SIZE_T*8($bp)
+	$POP	r25,-$SIZE_T*7($bp)
+	$POP	r26,-$SIZE_T*6($bp)
+	$POP	r27,-$SIZE_T*5($bp)
+	$POP	r28,-$SIZE_T*4($bp)
+	$POP	r29,-$SIZE_T*3($bp)
+	$POP	r30,-$SIZE_T*2($bp)
+	$POP	r31,-$SIZE_T*1($bp)
+	mr	$sp,$bp
+	blr
+	.long	0
+	.byte	0,12,4,0x20,0x80,18,6,0
+	.long	0
+.size	.bn_mul4x_mont_int,.-.bn_mul4x_mont_int
+___
+}
+
+if (1) {
+########################################################################
+# Following is PPC adaptation of sqrx8x_mont from x86_64-mont5 module.
+
+my ($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("r$_",(9..12,14..17));
+my ($t0,$t1,$t2,$t3)=map("r$_",(18..21));
+my ($acc0,$acc1,$acc2,$acc3,$acc4,$acc5,$acc6,$acc7)=map("r$_",(22..29));
+my ($cnt,$carry,$zero)=("r30","r31","r0");
+my ($tp,$ap_end,$na0)=($bp,$np,$carry);
+
+# sp----------->+-------------------------------+
+#		| saved sp			|
+#		+-------------------------------+
+#		.				.
+# +12*size_t	+-------------------------------+
+#		| size_t tmp[2*num]		|
+#		.				.
+#		.				.
+#		.				.
+#		+-------------------------------+
+#		.				.
+# -18*size_t	+-------------------------------+
+#		| 18 saved gpr, r14-r31		|
+#		.				.
+#		.				.
+#		+-------------------------------+
+$code.=<<___;
+.align	5
+__bn_sqr8x_mont:
+.Lsqr8x_do:
+	mr	$a0,$sp
+	slwi	$a1,$num,`log($SIZE_T)/log(2)+1`
+	li	$a2,-32*$SIZE_T
+	sub	$a1,$a2,$a1
+	slwi	$num,$num,`log($SIZE_T)/log(2)`
+	$STUX	$sp,$sp,$a1		# alloca
+
+	$PUSH	r14,-$SIZE_T*18($a0)
+	$PUSH	r15,-$SIZE_T*17($a0)
+	$PUSH	r16,-$SIZE_T*16($a0)
+	$PUSH	r17,-$SIZE_T*15($a0)
+	$PUSH	r18,-$SIZE_T*14($a0)
+	$PUSH	r19,-$SIZE_T*13($a0)
+	$PUSH	r20,-$SIZE_T*12($a0)
+	$PUSH	r21,-$SIZE_T*11($a0)
+	$PUSH	r22,-$SIZE_T*10($a0)
+	$PUSH	r23,-$SIZE_T*9($a0)
+	$PUSH	r24,-$SIZE_T*8($a0)
+	$PUSH	r25,-$SIZE_T*7($a0)
+	$PUSH	r26,-$SIZE_T*6($a0)
+	$PUSH	r27,-$SIZE_T*5($a0)
+	$PUSH	r28,-$SIZE_T*4($a0)
+	$PUSH	r29,-$SIZE_T*3($a0)
+	$PUSH	r30,-$SIZE_T*2($a0)
+	$PUSH	r31,-$SIZE_T*1($a0)
+
+	subi	$ap,$ap,$SIZE_T		# bias by -1
+	subi	$t0,$np,$SIZE_T		# bias by -1
+	subi	$rp,$rp,$SIZE_T		# bias by -1
+	$LD	$n0,0($n0)		# *n0
+	li	$zero,0
+
+	add	$ap_end,$ap,$num
+	$LD	$a0,$SIZE_T*1($ap)
+	#li	$acc0,0
+	$LD	$a1,$SIZE_T*2($ap)
+	li	$acc1,0
+	$LD	$a2,$SIZE_T*3($ap)
+	li	$acc2,0
+	$LD	$a3,$SIZE_T*4($ap)
+	li	$acc3,0
+	$LD	$a4,$SIZE_T*5($ap)
+	li	$acc4,0
+	$LD	$a5,$SIZE_T*6($ap)
+	li	$acc5,0
+	$LD	$a6,$SIZE_T*7($ap)
+	li	$acc6,0
+	$LDU	$a7,$SIZE_T*8($ap)
+	li	$acc7,0
+
+	addi	$tp,$sp,$SIZE_T*11	# &tp[-1]
+	subic.	$cnt,$num,$SIZE_T*8
+	b	.Lsqr8x_zero_start
+
+.align	5
+.Lsqr8x_zero:
+	subic.	$cnt,$cnt,$SIZE_T*8
+	$ST	$zero,$SIZE_T*1($tp)
+	$ST	$zero,$SIZE_T*2($tp)
+	$ST	$zero,$SIZE_T*3($tp)
+	$ST	$zero,$SIZE_T*4($tp)
+	$ST	$zero,$SIZE_T*5($tp)
+	$ST	$zero,$SIZE_T*6($tp)
+	$ST	$zero,$SIZE_T*7($tp)
+	$ST	$zero,$SIZE_T*8($tp)
+.Lsqr8x_zero_start:
+	$ST	$zero,$SIZE_T*9($tp)
+	$ST	$zero,$SIZE_T*10($tp)
+	$ST	$zero,$SIZE_T*11($tp)
+	$ST	$zero,$SIZE_T*12($tp)
+	$ST	$zero,$SIZE_T*13($tp)
+	$ST	$zero,$SIZE_T*14($tp)
+	$ST	$zero,$SIZE_T*15($tp)
+	$STU	$zero,$SIZE_T*16($tp)
+	bne	.Lsqr8x_zero
+
+	$PUSH	$rp,$SIZE_T*6($sp)	# offload &rp[-1]
+	$PUSH	$t0,$SIZE_T*7($sp)	# offload &np[-1]
+	$PUSH	$n0,$SIZE_T*8($sp)	# offload n0
+	$PUSH	$tp,$SIZE_T*9($sp)	# &tp[2*num-1]
+	$PUSH	$zero,$SIZE_T*10($sp)	# initial top-most carry
+	addi	$tp,$sp,$SIZE_T*11	# &tp[-1]
+
+	# Multiply everything but a[i]*a[i]
+.align	5
+.Lsqr8x_outer_loop:
+	#						  a[1]a[0]     (i)
+	#					      a[2]a[0]
+	#					  a[3]a[0]
+	#				      a[4]a[0]
+	#				  a[5]a[0]
+	#			      a[6]a[0]
+	#			  a[7]a[0]
+	#					  a[2]a[1]	       (ii)
+	#				      a[3]a[1]
+	#				  a[4]a[1]
+	#			      a[5]a[1]
+	#			  a[6]a[1]
+	#		      a[7]a[1]
+	#				  a[3]a[2]		       (iii)
+	#			      a[4]a[2]
+	#			  a[5]a[2]
+	#		      a[6]a[2]
+	#		  a[7]a[2]
+	#			  a[4]a[3]			       (iv)
+	#		      a[5]a[3]
+	#		  a[6]a[3]
+	#	      a[7]a[3]
+	#		  a[5]a[4]				       (v)
+	#	      a[6]a[4]
+	#	  a[7]a[4]
+	#	  a[6]a[5]					       (vi)
+	#     a[7]a[5]
+	# a[7]a[6]						       (vii)
+
+	$UMULL	$t0,$a1,$a0		# lo(a[1..7]*a[0])		(i)
+	$UMULL	$t1,$a2,$a0
+	$UMULL	$t2,$a3,$a0
+	$UMULL	$t3,$a4,$a0
+	addc	$acc1,$acc1,$t0		# t[1]+lo(a[1]*a[0])
+	$UMULL	$t0,$a5,$a0
+	adde	$acc2,$acc2,$t1
+	$UMULL	$t1,$a6,$a0
+	adde	$acc3,$acc3,$t2
+	$UMULL	$t2,$a7,$a0
+	adde	$acc4,$acc4,$t3
+	$UMULH	$t3,$a1,$a0		# hi(a[1..7]*a[0])
+	adde	$acc5,$acc5,$t0
+	$UMULH	$t0,$a2,$a0
+	adde	$acc6,$acc6,$t1
+	$UMULH	$t1,$a3,$a0
+	adde	$acc7,$acc7,$t2
+	$UMULH	$t2,$a4,$a0
+	$ST	$acc0,$SIZE_T*1($tp)	# t[0]
+	addze	$acc0,$zero		# t[8]
+	$ST	$acc1,$SIZE_T*2($tp)	# t[1]
+	addc	$acc2,$acc2,$t3		# t[2]+lo(a[1]*a[0])
+	$UMULH	$t3,$a5,$a0
+	adde	$acc3,$acc3,$t0
+	$UMULH	$t0,$a6,$a0
+	adde	$acc4,$acc4,$t1
+	$UMULH	$t1,$a7,$a0
+	adde	$acc5,$acc5,$t2
+	 $UMULL	$t2,$a2,$a1		# lo(a[2..7]*a[1])		(ii)
+	adde	$acc6,$acc6,$t3
+	 $UMULL	$t3,$a3,$a1
+	adde	$acc7,$acc7,$t0
+	 $UMULL	$t0,$a4,$a1
+	adde	$acc0,$acc0,$t1
+
+	$UMULL	$t1,$a5,$a1
+	addc	$acc3,$acc3,$t2
+	$UMULL	$t2,$a6,$a1
+	adde	$acc4,$acc4,$t3
+	$UMULL	$t3,$a7,$a1
+	adde	$acc5,$acc5,$t0
+	$UMULH	$t0,$a2,$a1		# hi(a[2..7]*a[1])
+	adde	$acc6,$acc6,$t1
+	$UMULH	$t1,$a3,$a1
+	adde	$acc7,$acc7,$t2
+	$UMULH	$t2,$a4,$a1
+	adde	$acc0,$acc0,$t3
+	$UMULH	$t3,$a5,$a1
+	$ST	$acc2,$SIZE_T*3($tp)	# t[2]
+	addze	$acc1,$zero		# t[9]
+	$ST	$acc3,$SIZE_T*4($tp)	# t[3]
+	addc	$acc4,$acc4,$t0
+	$UMULH	$t0,$a6,$a1
+	adde	$acc5,$acc5,$t1
+	$UMULH	$t1,$a7,$a1
+	adde	$acc6,$acc6,$t2
+	 $UMULL	$t2,$a3,$a2		# lo(a[3..7]*a[2])		(iii)
+	adde	$acc7,$acc7,$t3
+	 $UMULL	$t3,$a4,$a2
+	adde	$acc0,$acc0,$t0
+	 $UMULL	$t0,$a5,$a2
+	adde	$acc1,$acc1,$t1
+
+	$UMULL	$t1,$a6,$a2
+	addc	$acc5,$acc5,$t2
+	$UMULL	$t2,$a7,$a2
+	adde	$acc6,$acc6,$t3
+	$UMULH	$t3,$a3,$a2		# hi(a[3..7]*a[2])
+	adde	$acc7,$acc7,$t0
+	$UMULH	$t0,$a4,$a2
+	adde	$acc0,$acc0,$t1
+	$UMULH	$t1,$a5,$a2
+	adde	$acc1,$acc1,$t2
+	$UMULH	$t2,$a6,$a2
+	$ST	$acc4,$SIZE_T*5($tp)	# t[4]
+	addze	$acc2,$zero		# t[10]
+	$ST	$acc5,$SIZE_T*6($tp)	# t[5]
+	addc	$acc6,$acc6,$t3
+	$UMULH	$t3,$a7,$a2
+	adde	$acc7,$acc7,$t0
+	 $UMULL	$t0,$a4,$a3		# lo(a[4..7]*a[3])		(iv)
+	adde	$acc0,$acc0,$t1
+	 $UMULL	$t1,$a5,$a3
+	adde	$acc1,$acc1,$t2
+	 $UMULL	$t2,$a6,$a3
+	adde	$acc2,$acc2,$t3
+
+	$UMULL	$t3,$a7,$a3
+	addc	$acc7,$acc7,$t0
+	$UMULH	$t0,$a4,$a3		# hi(a[4..7]*a[3])
+	adde	$acc0,$acc0,$t1
+	$UMULH	$t1,$a5,$a3
+	adde	$acc1,$acc1,$t2
+	$UMULH	$t2,$a6,$a3
+	adde	$acc2,$acc2,$t3
+	$UMULH	$t3,$a7,$a3
+	$ST	$acc6,$SIZE_T*7($tp)	# t[6]
+	addze	$acc3,$zero		# t[11]
+	$STU	$acc7,$SIZE_T*8($tp)	# t[7]
+	addc	$acc0,$acc0,$t0
+	 $UMULL	$t0,$a5,$a4		# lo(a[5..7]*a[4])		(v)
+	adde	$acc1,$acc1,$t1
+	 $UMULL	$t1,$a6,$a4
+	adde	$acc2,$acc2,$t2
+	 $UMULL	$t2,$a7,$a4
+	adde	$acc3,$acc3,$t3
+
+	$UMULH	$t3,$a5,$a4		# hi(a[5..7]*a[4])
+	addc	$acc1,$acc1,$t0
+	$UMULH	$t0,$a6,$a4
+	adde	$acc2,$acc2,$t1
+	$UMULH	$t1,$a7,$a4
+	adde	$acc3,$acc3,$t2
+	 $UMULL	$t2,$a6,$a5		# lo(a[6..7]*a[5])		(vi)
+	addze	$acc4,$zero		# t[12]
+	addc	$acc2,$acc2,$t3
+	 $UMULL	$t3,$a7,$a5
+	adde	$acc3,$acc3,$t0
+	 $UMULH	$t0,$a6,$a5		# hi(a[6..7]*a[5])
+	adde	$acc4,$acc4,$t1
+
+	$UMULH	$t1,$a7,$a5
+	addc	$acc3,$acc3,$t2
+	 $UMULL	$t2,$a7,$a6		# lo(a[7]*a[6])			(vii)
+	adde	$acc4,$acc4,$t3
+	 $UMULH	$t3,$a7,$a6		# hi(a[7]*a[6])
+	addze	$acc5,$zero		# t[13]
+	addc	$acc4,$acc4,$t0
+	$UCMP	$ap_end,$ap		# done yet?
+	adde	$acc5,$acc5,$t1
+
+	addc	$acc5,$acc5,$t2
+	sub	$t0,$ap_end,$num	# rewinded ap
+	addze	$acc6,$zero		# t[14]
+	add	$acc6,$acc6,$t3
+
+	beq	.Lsqr8x_outer_break
+
+	mr	$n0,$a0
+	$LD	$a0,$SIZE_T*1($tp)
+	$LD	$a1,$SIZE_T*2($tp)
+	$LD	$a2,$SIZE_T*3($tp)
+	$LD	$a3,$SIZE_T*4($tp)
+	$LD	$a4,$SIZE_T*5($tp)
+	$LD	$a5,$SIZE_T*6($tp)
+	$LD	$a6,$SIZE_T*7($tp)
+	$LD	$a7,$SIZE_T*8($tp)
+	addc	$acc0,$acc0,$a0
+	$LD	$a0,$SIZE_T*1($ap)
+	adde	$acc1,$acc1,$a1
+	$LD	$a1,$SIZE_T*2($ap)
+	adde	$acc2,$acc2,$a2
+	$LD	$a2,$SIZE_T*3($ap)
+	adde	$acc3,$acc3,$a3
+	$LD	$a3,$SIZE_T*4($ap)
+	adde	$acc4,$acc4,$a4
+	$LD	$a4,$SIZE_T*5($ap)
+	adde	$acc5,$acc5,$a5
+	$LD	$a5,$SIZE_T*6($ap)
+	adde	$acc6,$acc6,$a6
+	$LD	$a6,$SIZE_T*7($ap)
+	subi	$rp,$ap,$SIZE_T*7
+	addze	$acc7,$a7
+	$LDU	$a7,$SIZE_T*8($ap)
+	#addze	$carry,$zero		# moved below
+	li	$cnt,0
+	b	.Lsqr8x_mul
+
+	#                                                          a[8]a[0]
+	#                                                      a[9]a[0]
+	#                                                  a[a]a[0]
+	#                                              a[b]a[0]
+	#                                          a[c]a[0]
+	#                                      a[d]a[0]
+	#                                  a[e]a[0]
+	#                              a[f]a[0]
+	#                                                      a[8]a[1]
+	#                          a[f]a[1]........................
+	#                                                  a[8]a[2]
+	#                      a[f]a[2]........................
+	#                                              a[8]a[3]
+	#                  a[f]a[3]........................
+	#                                          a[8]a[4]
+	#              a[f]a[4]........................
+	#                                      a[8]a[5]
+	#          a[f]a[5]........................
+	#                                  a[8]a[6]
+	#      a[f]a[6]........................
+	#                              a[8]a[7]
+	#  a[f]a[7]........................
+.align	5
+.Lsqr8x_mul:
+	$UMULL	$t0,$a0,$n0
+	addze	$carry,$zero		# carry bit, modulo-scheduled
+	$UMULL	$t1,$a1,$n0
+	addi	$cnt,$cnt,$SIZE_T
+	$UMULL	$t2,$a2,$n0
+	andi.	$cnt,$cnt,$SIZE_T*8-1
+	$UMULL	$t3,$a3,$n0
+	addc	$acc0,$acc0,$t0
+	$UMULL	$t0,$a4,$n0
+	adde	$acc1,$acc1,$t1
+	$UMULL	$t1,$a5,$n0
+	adde	$acc2,$acc2,$t2
+	$UMULL	$t2,$a6,$n0
+	adde	$acc3,$acc3,$t3
+	$UMULL	$t3,$a7,$n0
+	adde	$acc4,$acc4,$t0
+	$UMULH	$t0,$a0,$n0
+	adde	$acc5,$acc5,$t1
+	$UMULH	$t1,$a1,$n0
+	adde	$acc6,$acc6,$t2
+	$UMULH	$t2,$a2,$n0
+	adde	$acc7,$acc7,$t3
+	$UMULH	$t3,$a3,$n0
+	addze	$carry,$carry
+	$STU	$acc0,$SIZE_T($tp)
+	addc	$acc0,$acc1,$t0
+	$UMULH	$t0,$a4,$n0
+	adde	$acc1,$acc2,$t1
+	$UMULH	$t1,$a5,$n0
+	adde	$acc2,$acc3,$t2
+	$UMULH	$t2,$a6,$n0
+	adde	$acc3,$acc4,$t3
+	$UMULH	$t3,$a7,$n0
+	$LDX	$n0,$rp,$cnt
+	adde	$acc4,$acc5,$t0
+	adde	$acc5,$acc6,$t1
+	adde	$acc6,$acc7,$t2
+	adde	$acc7,$carry,$t3
+	#addze	$carry,$zero		# moved above
+	bne	.Lsqr8x_mul
+					# note that carry flag is guaranteed
+					# to be zero at this point
+	$UCMP	$ap,$ap_end		# done yet?
+	beq	.Lsqr8x_break
+
+	$LD	$a0,$SIZE_T*1($tp)
+	$LD	$a1,$SIZE_T*2($tp)
+	$LD	$a2,$SIZE_T*3($tp)
+	$LD	$a3,$SIZE_T*4($tp)
+	$LD	$a4,$SIZE_T*5($tp)
+	$LD	$a5,$SIZE_T*6($tp)
+	$LD	$a6,$SIZE_T*7($tp)
+	$LD	$a7,$SIZE_T*8($tp)
+	addc	$acc0,$acc0,$a0
+	$LD	$a0,$SIZE_T*1($ap)
+	adde	$acc1,$acc1,$a1
+	$LD	$a1,$SIZE_T*2($ap)
+	adde	$acc2,$acc2,$a2
+	$LD	$a2,$SIZE_T*3($ap)
+	adde	$acc3,$acc3,$a3
+	$LD	$a3,$SIZE_T*4($ap)
+	adde	$acc4,$acc4,$a4
+	$LD	$a4,$SIZE_T*5($ap)
+	adde	$acc5,$acc5,$a5
+	$LD	$a5,$SIZE_T*6($ap)
+	adde	$acc6,$acc6,$a6
+	$LD	$a6,$SIZE_T*7($ap)
+	adde	$acc7,$acc7,$a7
+	$LDU	$a7,$SIZE_T*8($ap)
+	#addze	$carry,$zero		# moved above
+	b	.Lsqr8x_mul
+
+.align	5
+.Lsqr8x_break:
+	$LD	$a0,$SIZE_T*8($rp)
+	addi	$ap,$rp,$SIZE_T*15
+	$LD	$a1,$SIZE_T*9($rp)
+	sub.	$t0,$ap_end,$ap		# is it last iteration?
+	$LD	$a2,$SIZE_T*10($rp)
+	sub	$t1,$tp,$t0
+	$LD	$a3,$SIZE_T*11($rp)
+	$LD	$a4,$SIZE_T*12($rp)
+	$LD	$a5,$SIZE_T*13($rp)
+	$LD	$a6,$SIZE_T*14($rp)
+	$LD	$a7,$SIZE_T*15($rp)
+	beq	.Lsqr8x_outer_loop
+
+	$ST	$acc0,$SIZE_T*1($tp)
+	$LD	$acc0,$SIZE_T*1($t1)
+	$ST	$acc1,$SIZE_T*2($tp)
+	$LD	$acc1,$SIZE_T*2($t1)
+	$ST	$acc2,$SIZE_T*3($tp)
+	$LD	$acc2,$SIZE_T*3($t1)
+	$ST	$acc3,$SIZE_T*4($tp)
+	$LD	$acc3,$SIZE_T*4($t1)
+	$ST	$acc4,$SIZE_T*5($tp)
+	$LD	$acc4,$SIZE_T*5($t1)
+	$ST	$acc5,$SIZE_T*6($tp)
+	$LD	$acc5,$SIZE_T*6($t1)
+	$ST	$acc6,$SIZE_T*7($tp)
+	$LD	$acc6,$SIZE_T*7($t1)
+	$ST	$acc7,$SIZE_T*8($tp)
+	$LD	$acc7,$SIZE_T*8($t1)
+	mr	$tp,$t1
+	b	.Lsqr8x_outer_loop
+
+.align	5
+.Lsqr8x_outer_break:
+	####################################################################
+	# Now multiply above result by 2 and add a[n-1]*a[n-1]|...|a[0]*a[0]
+	$LD	$a1,$SIZE_T*1($t0)	# recall that $t0 is &a[-1]
+	$LD	$a3,$SIZE_T*2($t0)
+	$LD	$a5,$SIZE_T*3($t0)
+	$LD	$a7,$SIZE_T*4($t0)
+	addi	$ap,$t0,$SIZE_T*4
+					# "tp[x]" comments are for num==8 case
+	$LD	$t1,$SIZE_T*13($sp)	# =tp[1], t[0] is not interesting
+	$LD	$t2,$SIZE_T*14($sp)
+	$LD	$t3,$SIZE_T*15($sp)
+	$LD	$t0,$SIZE_T*16($sp)
+
+	$ST	$acc0,$SIZE_T*1($tp)	# tp[8]=
+	srwi	$cnt,$num,`log($SIZE_T)/log(2)+2`
+	$ST	$acc1,$SIZE_T*2($tp)
+	subi	$cnt,$cnt,1
+	$ST	$acc2,$SIZE_T*3($tp)
+	$ST	$acc3,$SIZE_T*4($tp)
+	$ST	$acc4,$SIZE_T*5($tp)
+	$ST	$acc5,$SIZE_T*6($tp)
+	$ST	$acc6,$SIZE_T*7($tp)
+	#$ST	$acc7,$SIZE_T*8($tp)	# tp[15] is not interesting
+	addi	$tp,$sp,$SIZE_T*11	# &tp[-1]
+	$UMULL	$acc0,$a1,$a1
+	$UMULH	$a1,$a1,$a1
+	add	$acc1,$t1,$t1		# <<1
+	$SHRI	$t1,$t1,$BITS-1
+	$UMULL	$a2,$a3,$a3
+	$UMULH	$a3,$a3,$a3
+	addc	$acc1,$acc1,$a1
+	add	$acc2,$t2,$t2
+	$SHRI	$t2,$t2,$BITS-1
+	add	$acc3,$t3,$t3
+	$SHRI	$t3,$t3,$BITS-1
+	or	$acc2,$acc2,$t1
+
+	mtctr	$cnt
+.Lsqr4x_shift_n_add:
+	$UMULL	$a4,$a5,$a5
+	$UMULH	$a5,$a5,$a5
+	$LD	$t1,$SIZE_T*6($tp)	# =tp[5]
+	$LD	$a1,$SIZE_T*1($ap)
+	adde	$acc2,$acc2,$a2
+	add	$acc4,$t0,$t0
+	$SHRI	$t0,$t0,$BITS-1
+	or	$acc3,$acc3,$t2
+	$LD	$t2,$SIZE_T*7($tp)	# =tp[6]
+	adde	$acc3,$acc3,$a3
+	$LD	$a3,$SIZE_T*2($ap)
+	add	$acc5,$t1,$t1
+	$SHRI	$t1,$t1,$BITS-1
+	or	$acc4,$acc4,$t3
+	$LD	$t3,$SIZE_T*8($tp)	# =tp[7]
+	$UMULL	$a6,$a7,$a7
+	$UMULH	$a7,$a7,$a7
+	adde	$acc4,$acc4,$a4
+	add	$acc6,$t2,$t2
+	$SHRI	$t2,$t2,$BITS-1
+	or	$acc5,$acc5,$t0
+	$LD	$t0,$SIZE_T*9($tp)	# =tp[8]
+	adde	$acc5,$acc5,$a5
+	$LD	$a5,$SIZE_T*3($ap)
+	add	$acc7,$t3,$t3
+	$SHRI	$t3,$t3,$BITS-1
+	or	$acc6,$acc6,$t1
+	$LD	$t1,$SIZE_T*10($tp)	# =tp[9]
+	$UMULL	$a0,$a1,$a1
+	$UMULH	$a1,$a1,$a1
+	adde	$acc6,$acc6,$a6
+	$ST	$acc0,$SIZE_T*1($tp)	# tp[0]=
+	add	$acc0,$t0,$t0
+	$SHRI	$t0,$t0,$BITS-1
+	or	$acc7,$acc7,$t2
+	$LD	$t2,$SIZE_T*11($tp)	# =tp[10]
+	adde	$acc7,$acc7,$a7
+	$LDU	$a7,$SIZE_T*4($ap)
+	$ST	$acc1,$SIZE_T*2($tp)	# tp[1]=
+	add	$acc1,$t1,$t1
+	$SHRI	$t1,$t1,$BITS-1
+	or	$acc0,$acc0,$t3
+	$LD	$t3,$SIZE_T*12($tp)	# =tp[11]
+	$UMULL	$a2,$a3,$a3
+	$UMULH	$a3,$a3,$a3
+	adde	$acc0,$acc0,$a0
+	$ST	$acc2,$SIZE_T*3($tp)	# tp[2]=
+	add	$acc2,$t2,$t2
+	$SHRI	$t2,$t2,$BITS-1
+	or	$acc1,$acc1,$t0
+	$LD	$t0,$SIZE_T*13($tp)	# =tp[12]
+	adde	$acc1,$acc1,$a1
+	$ST	$acc3,$SIZE_T*4($tp)	# tp[3]=
+	$ST	$acc4,$SIZE_T*5($tp)	# tp[4]=
+	$ST	$acc5,$SIZE_T*6($tp)	# tp[5]=
+	$ST	$acc6,$SIZE_T*7($tp)	# tp[6]=
+	$STU	$acc7,$SIZE_T*8($tp)	# tp[7]=
+	add	$acc3,$t3,$t3
+	$SHRI	$t3,$t3,$BITS-1
+	or	$acc2,$acc2,$t1
+	bdnz	.Lsqr4x_shift_n_add
+___
+my ($np,$np_end)=($ap,$ap_end);
+$code.=<<___;
+	 $POP	$np,$SIZE_T*7($sp)	# pull &np[-1] and n0
+	 $POP	$n0,$SIZE_T*8($sp)
+
+	$UMULL	$a4,$a5,$a5
+	$UMULH	$a5,$a5,$a5
+	$ST	$acc0,$SIZE_T*1($tp)	# tp[8]=
+	 $LD	$acc0,$SIZE_T*12($sp)	# =tp[0]
+	$LD	$t1,$SIZE_T*6($tp)	# =tp[13]
+	adde	$acc2,$acc2,$a2
+	add	$acc4,$t0,$t0
+	$SHRI	$t0,$t0,$BITS-1
+	or	$acc3,$acc3,$t2
+	$LD	$t2,$SIZE_T*7($tp)	# =tp[14]
+	adde	$acc3,$acc3,$a3
+	add	$acc5,$t1,$t1
+	$SHRI	$t1,$t1,$BITS-1
+	or	$acc4,$acc4,$t3
+	$UMULL	$a6,$a7,$a7
+	$UMULH	$a7,$a7,$a7
+	adde	$acc4,$acc4,$a4
+	add	$acc6,$t2,$t2
+	$SHRI	$t2,$t2,$BITS-1
+	or	$acc5,$acc5,$t0
+	$ST	$acc1,$SIZE_T*2($tp)	# tp[9]=
+	 $LD	$acc1,$SIZE_T*13($sp)	# =tp[1]
+	adde	$acc5,$acc5,$a5
+	or	$acc6,$acc6,$t1
+	 $LD	$a0,$SIZE_T*1($np)
+	 $LD	$a1,$SIZE_T*2($np)
+	adde	$acc6,$acc6,$a6
+	 $LD	$a2,$SIZE_T*3($np)
+	 $LD	$a3,$SIZE_T*4($np)
+	adde	$acc7,$a7,$t2
+	 $LD	$a4,$SIZE_T*5($np)
+	 $LD	$a5,$SIZE_T*6($np)
+
+	################################################################
+	# Reduce by 8 limbs per iteration
+	$UMULL	$na0,$n0,$acc0		# t[0]*n0
+	li	$cnt,8
+	$LD	$a6,$SIZE_T*7($np)
+	add	$np_end,$np,$num
+	$LDU	$a7,$SIZE_T*8($np)
+	$ST	$acc2,$SIZE_T*3($tp)	# tp[10]=
+	$LD	$acc2,$SIZE_T*14($sp)
+	$ST	$acc3,$SIZE_T*4($tp)	# tp[11]=
+	$LD	$acc3,$SIZE_T*15($sp)
+	$ST	$acc4,$SIZE_T*5($tp)	# tp[12]=
+	$LD	$acc4,$SIZE_T*16($sp)
+	$ST	$acc5,$SIZE_T*6($tp)	# tp[13]=
+	$LD	$acc5,$SIZE_T*17($sp)
+	$ST	$acc6,$SIZE_T*7($tp)	# tp[14]=
+	$LD	$acc6,$SIZE_T*18($sp)
+	$ST	$acc7,$SIZE_T*8($tp)	# tp[15]=
+	$LD	$acc7,$SIZE_T*19($sp)
+	addi	$tp,$sp,$SIZE_T*11	# &tp[-1]
+	mtctr	$cnt
+	b	.Lsqr8x_reduction
+
+.align	5
+.Lsqr8x_reduction:
+	# (*)	$UMULL	$t0,$a0,$na0	# lo(n[0-7])*lo(t[0]*n0)
+	$UMULL	$t1,$a1,$na0
+	$UMULL	$t2,$a2,$na0
+	$STU	$na0,$SIZE_T($tp)	# put aside t[0]*n0 for tail processing
+	$UMULL	$t3,$a3,$na0
+	# (*)	addc	$acc0,$acc0,$t0
+	addic	$acc0,$acc0,-1		# (*)
+	$UMULL	$t0,$a4,$na0
+	adde	$acc0,$acc1,$t1
+	$UMULL	$t1,$a5,$na0
+	adde	$acc1,$acc2,$t2
+	$UMULL	$t2,$a6,$na0
+	adde	$acc2,$acc3,$t3
+	$UMULL	$t3,$a7,$na0
+	adde	$acc3,$acc4,$t0
+	$UMULH	$t0,$a0,$na0		# hi(n[0-7])*lo(t[0]*n0)
+	adde	$acc4,$acc5,$t1
+	$UMULH	$t1,$a1,$na0
+	adde	$acc5,$acc6,$t2
+	$UMULH	$t2,$a2,$na0
+	adde	$acc6,$acc7,$t3
+	$UMULH	$t3,$a3,$na0
+	addze	$acc7,$zero
+	addc	$acc0,$acc0,$t0
+	$UMULH	$t0,$a4,$na0
+	adde	$acc1,$acc1,$t1
+	$UMULH	$t1,$a5,$na0
+	adde	$acc2,$acc2,$t2
+	$UMULH	$t2,$a6,$na0
+	adde	$acc3,$acc3,$t3
+	$UMULH	$t3,$a7,$na0
+	$UMULL	$na0,$n0,$acc0		# next t[0]*n0
+	adde	$acc4,$acc4,$t0
+	adde	$acc5,$acc5,$t1
+	adde	$acc6,$acc6,$t2
+	adde	$acc7,$acc7,$t3
+	bdnz	.Lsqr8x_reduction
+
+	$LD	$t0,$SIZE_T*1($tp)
+	$LD	$t1,$SIZE_T*2($tp)
+	$LD	$t2,$SIZE_T*3($tp)
+	$LD	$t3,$SIZE_T*4($tp)
+	subi	$rp,$tp,$SIZE_T*7
+	$UCMP	$np_end,$np		# done yet?
+	addc	$acc0,$acc0,$t0
+	$LD	$t0,$SIZE_T*5($tp)
+	adde	$acc1,$acc1,$t1
+	$LD	$t1,$SIZE_T*6($tp)
+	adde	$acc2,$acc2,$t2
+	$LD	$t2,$SIZE_T*7($tp)
+	adde	$acc3,$acc3,$t3
+	$LD	$t3,$SIZE_T*8($tp)
+	adde	$acc4,$acc4,$t0
+	adde	$acc5,$acc5,$t1
+	adde	$acc6,$acc6,$t2
+	adde	$acc7,$acc7,$t3
+	#addze	$carry,$zero		# moved below
+	beq	.Lsqr8x8_post_condition
+
+	$LD	$n0,$SIZE_T*0($rp)
+	$LD	$a0,$SIZE_T*1($np)
+	$LD	$a1,$SIZE_T*2($np)
+	$LD	$a2,$SIZE_T*3($np)
+	$LD	$a3,$SIZE_T*4($np)
+	$LD	$a4,$SIZE_T*5($np)
+	$LD	$a5,$SIZE_T*6($np)
+	$LD	$a6,$SIZE_T*7($np)
+	$LDU	$a7,$SIZE_T*8($np)
+	li	$cnt,0
+
+.align	5
+.Lsqr8x_tail:
+	$UMULL	$t0,$a0,$n0
+	addze	$carry,$zero		# carry bit, modulo-scheduled
+	$UMULL	$t1,$a1,$n0
+	addi	$cnt,$cnt,$SIZE_T
+	$UMULL	$t2,$a2,$n0
+	andi.	$cnt,$cnt,$SIZE_T*8-1
+	$UMULL	$t3,$a3,$n0
+	addc	$acc0,$acc0,$t0
+	$UMULL	$t0,$a4,$n0
+	adde	$acc1,$acc1,$t1
+	$UMULL	$t1,$a5,$n0
+	adde	$acc2,$acc2,$t2
+	$UMULL	$t2,$a6,$n0
+	adde	$acc3,$acc3,$t3
+	$UMULL	$t3,$a7,$n0
+	adde	$acc4,$acc4,$t0
+	$UMULH	$t0,$a0,$n0
+	adde	$acc5,$acc5,$t1
+	$UMULH	$t1,$a1,$n0
+	adde	$acc6,$acc6,$t2
+	$UMULH	$t2,$a2,$n0
+	adde	$acc7,$acc7,$t3
+	$UMULH	$t3,$a3,$n0
+	addze	$carry,$carry
+	$STU	$acc0,$SIZE_T($tp)
+	addc	$acc0,$acc1,$t0
+	$UMULH	$t0,$a4,$n0
+	adde	$acc1,$acc2,$t1
+	$UMULH	$t1,$a5,$n0
+	adde	$acc2,$acc3,$t2
+	$UMULH	$t2,$a6,$n0
+	adde	$acc3,$acc4,$t3
+	$UMULH	$t3,$a7,$n0
+	$LDX	$n0,$rp,$cnt
+	adde	$acc4,$acc5,$t0
+	adde	$acc5,$acc6,$t1
+	adde	$acc6,$acc7,$t2
+	adde	$acc7,$carry,$t3
+	#addze	$carry,$zero		# moved above
+	bne	.Lsqr8x_tail
+					# note that carry flag is guaranteed
+					# to be zero at this point
+	$LD	$a0,$SIZE_T*1($tp)
+	$POP	$carry,$SIZE_T*10($sp)	# pull top-most carry in case we break
+	$UCMP	$np_end,$np		# done yet?
+	$LD	$a1,$SIZE_T*2($tp)
+	sub	$t2,$np_end,$num	# rewinded np
+	$LD	$a2,$SIZE_T*3($tp)
+	$LD	$a3,$SIZE_T*4($tp)
+	$LD	$a4,$SIZE_T*5($tp)
+	$LD	$a5,$SIZE_T*6($tp)
+	$LD	$a6,$SIZE_T*7($tp)
+	$LD	$a7,$SIZE_T*8($tp)
+	beq	.Lsqr8x_tail_break
+
+	addc	$acc0,$acc0,$a0
+	$LD	$a0,$SIZE_T*1($np)
+	adde	$acc1,$acc1,$a1
+	$LD	$a1,$SIZE_T*2($np)
+	adde	$acc2,$acc2,$a2
+	$LD	$a2,$SIZE_T*3($np)
+	adde	$acc3,$acc3,$a3
+	$LD	$a3,$SIZE_T*4($np)
+	adde	$acc4,$acc4,$a4
+	$LD	$a4,$SIZE_T*5($np)
+	adde	$acc5,$acc5,$a5
+	$LD	$a5,$SIZE_T*6($np)
+	adde	$acc6,$acc6,$a6
+	$LD	$a6,$SIZE_T*7($np)
+	adde	$acc7,$acc7,$a7
+	$LDU	$a7,$SIZE_T*8($np)
+	#addze	$carry,$zero		# moved above
+	b	.Lsqr8x_tail
+
+.align	5
+.Lsqr8x_tail_break:
+	$POP	$n0,$SIZE_T*8($sp)	# pull n0
+	$POP	$t3,$SIZE_T*9($sp)	# &tp[2*num-1]
+	addi	$cnt,$tp,$SIZE_T*8	# end of current t[num] window
+
+	addic	$carry,$carry,-1	# "move" top-most carry to carry bit
+	adde	$t0,$acc0,$a0
+	$LD	$acc0,$SIZE_T*8($rp)
+	$LD	$a0,$SIZE_T*1($t2)	# recall that $t2 is &n[-1]
+	adde	$t1,$acc1,$a1
+	$LD	$acc1,$SIZE_T*9($rp)
+	$LD	$a1,$SIZE_T*2($t2)
+	adde	$acc2,$acc2,$a2
+	$LD	$a2,$SIZE_T*3($t2)
+	adde	$acc3,$acc3,$a3
+	$LD	$a3,$SIZE_T*4($t2)
+	adde	$acc4,$acc4,$a4
+	$LD	$a4,$SIZE_T*5($t2)
+	adde	$acc5,$acc5,$a5
+	$LD	$a5,$SIZE_T*6($t2)
+	adde	$acc6,$acc6,$a6
+	$LD	$a6,$SIZE_T*7($t2)
+	adde	$acc7,$acc7,$a7
+	$LD	$a7,$SIZE_T*8($t2)
+	addi	$np,$t2,$SIZE_T*8
+	addze	$t2,$zero		# top-most carry
+	$UMULL	$na0,$n0,$acc0
+	$ST	$t0,$SIZE_T*1($tp)
+	$UCMP	$cnt,$t3		# did we hit the bottom?
+	$ST	$t1,$SIZE_T*2($tp)
+	li	$cnt,8
+	$ST	$acc2,$SIZE_T*3($tp)
+	$LD	$acc2,$SIZE_T*10($rp)
+	$ST	$acc3,$SIZE_T*4($tp)
+	$LD	$acc3,$SIZE_T*11($rp)
+	$ST	$acc4,$SIZE_T*5($tp)
+	$LD	$acc4,$SIZE_T*12($rp)
+	$ST	$acc5,$SIZE_T*6($tp)
+	$LD	$acc5,$SIZE_T*13($rp)
+	$ST	$acc6,$SIZE_T*7($tp)
+	$LD	$acc6,$SIZE_T*14($rp)
+	$ST	$acc7,$SIZE_T*8($tp)
+	$LD	$acc7,$SIZE_T*15($rp)
+	$PUSH	$t2,$SIZE_T*10($sp)	# off-load top-most carry
+	addi	$tp,$rp,$SIZE_T*7	# slide the window
+	mtctr	$cnt
+	bne	.Lsqr8x_reduction
+
+	################################################################
+	# Final step. We see if result is larger than modulus, and
+	# if it is, subtract the modulus. But comparison implies
+	# subtraction. So we subtract modulus, see if it borrowed,
+	# and conditionally copy original value.
+	$POP	$rp,$SIZE_T*6($sp)	# pull &rp[-1]
+	srwi	$cnt,$num,`log($SIZE_T)/log(2)+3`
+	mr	$n0,$tp			# put tp aside
+	addi	$tp,$tp,$SIZE_T*8
+	subi	$cnt,$cnt,1
+	subfc	$t0,$a0,$acc0
+	subfe	$t1,$a1,$acc1
+	mr	$carry,$t2
+	mr	$ap_end,$rp		# $rp copy
+
+	mtctr	$cnt
+	b	.Lsqr8x_sub
+
+.align	5
+.Lsqr8x_sub:
+	$LD	$a0,$SIZE_T*1($np)
+	$LD	$acc0,$SIZE_T*1($tp)
+	$LD	$a1,$SIZE_T*2($np)
+	$LD	$acc1,$SIZE_T*2($tp)
+	subfe	$t2,$a2,$acc2
+	$LD	$a2,$SIZE_T*3($np)
+	$LD	$acc2,$SIZE_T*3($tp)
+	subfe	$t3,$a3,$acc3
+	$LD	$a3,$SIZE_T*4($np)
+	$LD	$acc3,$SIZE_T*4($tp)
+	$ST	$t0,$SIZE_T*1($rp)
+	subfe	$t0,$a4,$acc4
+	$LD	$a4,$SIZE_T*5($np)
+	$LD	$acc4,$SIZE_T*5($tp)
+	$ST	$t1,$SIZE_T*2($rp)
+	subfe	$t1,$a5,$acc5
+	$LD	$a5,$SIZE_T*6($np)
+	$LD	$acc5,$SIZE_T*6($tp)
+	$ST	$t2,$SIZE_T*3($rp)
+	subfe	$t2,$a6,$acc6
+	$LD	$a6,$SIZE_T*7($np)
+	$LD	$acc6,$SIZE_T*7($tp)
+	$ST	$t3,$SIZE_T*4($rp)
+	subfe	$t3,$a7,$acc7
+	$LDU	$a7,$SIZE_T*8($np)
+	$LDU	$acc7,$SIZE_T*8($tp)
+	$ST	$t0,$SIZE_T*5($rp)
+	subfe	$t0,$a0,$acc0
+	$ST	$t1,$SIZE_T*6($rp)
+	subfe	$t1,$a1,$acc1
+	$ST	$t2,$SIZE_T*7($rp)
+	$STU	$t3,$SIZE_T*8($rp)
+	bdnz	.Lsqr8x_sub
+
+	srwi	$cnt,$num,`log($SIZE_T)/log(2)+2`
+	 $LD	$a0,$SIZE_T*1($ap_end)	# original $rp
+	 $LD	$acc0,$SIZE_T*1($n0)	# original $tp
+	subi	$cnt,$cnt,1
+	 $LD	$a1,$SIZE_T*2($ap_end)
+	 $LD	$acc1,$SIZE_T*2($n0)
+	subfe	$t2,$a2,$acc2
+	 $LD	$a2,$SIZE_T*3($ap_end)
+	 $LD	$acc2,$SIZE_T*3($n0)
+	subfe	$t3,$a3,$acc3
+	 $LD	$a3,$SIZE_T*4($ap_end)
+	 $LDU	$acc3,$SIZE_T*4($n0)
+	$ST	$t0,$SIZE_T*1($rp)
+	subfe	$t0,$a4,$acc4
+	$ST	$t1,$SIZE_T*2($rp)
+	subfe	$t1,$a5,$acc5
+	$ST	$t2,$SIZE_T*3($rp)
+	subfe	$t2,$a6,$acc6
+	$ST	$t3,$SIZE_T*4($rp)
+	subfe	$t3,$a7,$acc7
+	$ST	$t0,$SIZE_T*5($rp)
+	subfe	$carry,$zero,$carry	# did it borrow?
+	$ST	$t1,$SIZE_T*6($rp)
+	$ST	$t2,$SIZE_T*7($rp)
+	$ST	$t3,$SIZE_T*8($rp)
+
+	addi	$tp,$sp,$SIZE_T*11
+	mtctr	$cnt
+
+.Lsqr4x_cond_copy:
+	andc	$a0,$a0,$carry
+	 $ST	$zero,-$SIZE_T*3($n0)	# wipe stack clean
+	and	$acc0,$acc0,$carry
+	 $ST	$zero,-$SIZE_T*2($n0)
+	andc	$a1,$a1,$carry
+	 $ST	$zero,-$SIZE_T*1($n0)
+	and	$acc1,$acc1,$carry
+	 $ST	$zero,-$SIZE_T*0($n0)
+	andc	$a2,$a2,$carry
+	 $ST	$zero,$SIZE_T*1($tp)
+	and	$acc2,$acc2,$carry
+	 $ST	$zero,$SIZE_T*2($tp)
+	andc	$a3,$a3,$carry
+	 $ST	$zero,$SIZE_T*3($tp)
+	and	$acc3,$acc3,$carry
+	 $STU	$zero,$SIZE_T*4($tp)
+	or	$t0,$a0,$acc0
+	$LD	$a0,$SIZE_T*5($ap_end)
+	$LD	$acc0,$SIZE_T*1($n0)
+	or	$t1,$a1,$acc1
+	$LD	$a1,$SIZE_T*6($ap_end)
+	$LD	$acc1,$SIZE_T*2($n0)
+	or	$t2,$a2,$acc2
+	$LD	$a2,$SIZE_T*7($ap_end)
+	$LD	$acc2,$SIZE_T*3($n0)
+	or	$t3,$a3,$acc3
+	$LD	$a3,$SIZE_T*8($ap_end)
+	$LDU	$acc3,$SIZE_T*4($n0)
+	$ST	$t0,$SIZE_T*1($ap_end)
+	$ST	$t1,$SIZE_T*2($ap_end)
+	$ST	$t2,$SIZE_T*3($ap_end)
+	$STU	$t3,$SIZE_T*4($ap_end)
+	bdnz	.Lsqr4x_cond_copy
+
+	$POP	$ap,0($sp)		# pull saved sp
+	andc	$a0,$a0,$carry
+	and	$acc0,$acc0,$carry
+	andc	$a1,$a1,$carry
+	and	$acc1,$acc1,$carry
+	andc	$a2,$a2,$carry
+	and	$acc2,$acc2,$carry
+	andc	$a3,$a3,$carry
+	and	$acc3,$acc3,$carry
+	or	$t0,$a0,$acc0
+	or	$t1,$a1,$acc1
+	or	$t2,$a2,$acc2
+	or	$t3,$a3,$acc3
+	$ST	$t0,$SIZE_T*1($ap_end)
+	$ST	$t1,$SIZE_T*2($ap_end)
+	$ST	$t2,$SIZE_T*3($ap_end)
+	$ST	$t3,$SIZE_T*4($ap_end)
+
+	b	.Lsqr8x_done
+
+.align	5
+.Lsqr8x8_post_condition:
+	$POP	$rp,$SIZE_T*6($sp)	# pull rp
+	$POP	$ap,0($sp)		# pull saved sp
+	addze	$carry,$zero
+
+	# $acc0-7,$carry hold result, $a0-7 hold modulus
+	subfc	$acc0,$a0,$acc0
+	subfe	$acc1,$a1,$acc1
+	 $ST	$zero,$SIZE_T*12($sp)	# wipe stack clean
+	 $ST	$zero,$SIZE_T*13($sp)
+	subfe	$acc2,$a2,$acc2
+	 $ST	$zero,$SIZE_T*14($sp)
+	 $ST	$zero,$SIZE_T*15($sp)
+	subfe	$acc3,$a3,$acc3
+	 $ST	$zero,$SIZE_T*16($sp)
+	 $ST	$zero,$SIZE_T*17($sp)
+	subfe	$acc4,$a4,$acc4
+	 $ST	$zero,$SIZE_T*18($sp)
+	 $ST	$zero,$SIZE_T*19($sp)
+	subfe	$acc5,$a5,$acc5
+	 $ST	$zero,$SIZE_T*20($sp)
+	 $ST	$zero,$SIZE_T*21($sp)
+	subfe	$acc6,$a6,$acc6
+	 $ST	$zero,$SIZE_T*22($sp)
+	 $ST	$zero,$SIZE_T*23($sp)
+	subfe	$acc7,$a7,$acc7
+	 $ST	$zero,$SIZE_T*24($sp)
+	 $ST	$zero,$SIZE_T*25($sp)
+	subfe	$carry,$zero,$carry	# did it borrow?
+	 $ST	$zero,$SIZE_T*26($sp)
+	 $ST	$zero,$SIZE_T*27($sp)
+
+	and	$a0,$a0,$carry
+	and	$a1,$a1,$carry
+	addc	$acc0,$acc0,$a0		# add modulus back if borrowed
+	and	$a2,$a2,$carry
+	adde	$acc1,$acc1,$a1
+	and	$a3,$a3,$carry
+	adde	$acc2,$acc2,$a2
+	and	$a4,$a4,$carry
+	adde	$acc3,$acc3,$a3
+	and	$a5,$a5,$carry
+	adde	$acc4,$acc4,$a4
+	and	$a6,$a6,$carry
+	adde	$acc5,$acc5,$a5
+	and	$a7,$a7,$carry
+	adde	$acc6,$acc6,$a6
+	adde	$acc7,$acc7,$a7
+	$ST	$acc0,$SIZE_T*1($rp)
+	$ST	$acc1,$SIZE_T*2($rp)
+	$ST	$acc2,$SIZE_T*3($rp)
+	$ST	$acc3,$SIZE_T*4($rp)
+	$ST	$acc4,$SIZE_T*5($rp)
+	$ST	$acc5,$SIZE_T*6($rp)
+	$ST	$acc6,$SIZE_T*7($rp)
+	$ST	$acc7,$SIZE_T*8($rp)
+
+.Lsqr8x_done:
+	$PUSH	$zero,$SIZE_T*8($sp)
+	$PUSH	$zero,$SIZE_T*10($sp)
+
+	$POP	r14,-$SIZE_T*18($ap)
+	li	r3,1			# signal "done"
+	$POP	r15,-$SIZE_T*17($ap)
+	$POP	r16,-$SIZE_T*16($ap)
+	$POP	r17,-$SIZE_T*15($ap)
+	$POP	r18,-$SIZE_T*14($ap)
+	$POP	r19,-$SIZE_T*13($ap)
+	$POP	r20,-$SIZE_T*12($ap)
+	$POP	r21,-$SIZE_T*11($ap)
+	$POP	r22,-$SIZE_T*10($ap)
+	$POP	r23,-$SIZE_T*9($ap)
+	$POP	r24,-$SIZE_T*8($ap)
+	$POP	r25,-$SIZE_T*7($ap)
+	$POP	r26,-$SIZE_T*6($ap)
+	$POP	r27,-$SIZE_T*5($ap)
+	$POP	r28,-$SIZE_T*4($ap)
+	$POP	r29,-$SIZE_T*3($ap)
+	$POP	r30,-$SIZE_T*2($ap)
+	$POP	r31,-$SIZE_T*1($ap)
+	mr	$sp,$ap
+	blr
+	.long	0
+	.byte	0,12,4,0x20,0x80,18,6,0
+	.long	0
+.size	__bn_sqr8x_mont,.-__bn_sqr8x_mont
+___
+}
+$code.=<<___;
+.asciz  "Montgomery Multiplication for PPC, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/ppc.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/ppc.pl
new file mode 100644
index 000000000..e37068192
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/ppc.pl
@@ -0,0 +1,2011 @@
+#! /usr/bin/env perl
+# Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# Implemented as a Perl wrapper as we want to support several different
+# architectures with single file. We pick up the target based on the
+# file name we are asked to generate.
+#
+# It should be noted though that this perl code is nothing like
+# <openssl>/crypto/perlasm/x86*. In this case perl is used pretty much
+# as pre-processor to cover for platform differences in name decoration,
+# linker tables, 32-/64-bit instruction sets...
+#
+# As you might know there're several PowerPC ABI in use. Most notably
+# Linux and AIX use different 32-bit ABIs. Good news are that these ABIs
+# are similar enough to implement leaf(!) functions, which would be ABI
+# neutral. And that's what you find here: ABI neutral leaf functions.
+# In case you wonder what that is...
+#
+#       AIX performance
+#
+#	MEASUREMENTS WITH cc ON a 200 MhZ PowerPC 604e.
+#
+#	The following is the performance of 32-bit compiler
+#	generated code:
+#
+#	OpenSSL 0.9.6c 21 dec 2001
+#	built on: Tue Jun 11 11:06:51 EDT 2002
+#	options:bn(64,32) ...
+#compiler: cc -DTHREADS  -DAIX -DB_ENDIAN -DBN_LLONG -O3
+#                  sign    verify    sign/s verify/s
+#rsa  512 bits   0.0098s   0.0009s    102.0   1170.6
+#rsa 1024 bits   0.0507s   0.0026s     19.7    387.5
+#rsa 2048 bits   0.3036s   0.0085s      3.3    117.1
+#rsa 4096 bits   2.0040s   0.0299s      0.5     33.4
+#dsa  512 bits   0.0087s   0.0106s    114.3     94.5
+#dsa 1024 bits   0.0256s   0.0313s     39.0     32.0
+#
+#	Same benchmark with this assembler code:
+#
+#rsa  512 bits   0.0056s   0.0005s    178.6   2049.2
+#rsa 1024 bits   0.0283s   0.0015s     35.3    674.1
+#rsa 2048 bits   0.1744s   0.0050s      5.7    201.2
+#rsa 4096 bits   1.1644s   0.0179s      0.9     55.7
+#dsa  512 bits   0.0052s   0.0062s    191.6    162.0
+#dsa 1024 bits   0.0149s   0.0180s     67.0     55.5
+#
+#	Number of operations increases by at almost 75%
+#
+#	Here are performance numbers for 64-bit compiler
+#	generated code:
+#
+#	OpenSSL 0.9.6g [engine] 9 Aug 2002
+#	built on: Fri Apr 18 16:59:20 EDT 2003
+#	options:bn(64,64) ...
+#	compiler: cc -DTHREADS -D_REENTRANT -q64 -DB_ENDIAN -O3
+#                  sign    verify    sign/s verify/s
+#rsa  512 bits   0.0028s   0.0003s    357.1   3844.4
+#rsa 1024 bits   0.0148s   0.0008s     67.5   1239.7
+#rsa 2048 bits   0.0963s   0.0028s     10.4    353.0
+#rsa 4096 bits   0.6538s   0.0102s      1.5     98.1
+#dsa  512 bits   0.0026s   0.0032s    382.5    313.7
+#dsa 1024 bits   0.0081s   0.0099s    122.8    100.6
+#
+#	Same benchmark with this assembler code:
+#
+#rsa  512 bits   0.0020s   0.0002s    510.4   6273.7
+#rsa 1024 bits   0.0088s   0.0005s    114.1   2128.3
+#rsa 2048 bits   0.0540s   0.0016s     18.5    622.5
+#rsa 4096 bits   0.3700s   0.0058s      2.7    171.0
+#dsa  512 bits   0.0016s   0.0020s    610.7    507.1
+#dsa 1024 bits   0.0047s   0.0058s    212.5    173.2
+#
+#	Again, performance increases by at about 75%
+#
+#       Mac OS X, Apple G5 1.8GHz (Note this is 32 bit code)
+#       OpenSSL 0.9.7c 30 Sep 2003
+#
+#       Original code.
+#
+#rsa  512 bits   0.0011s   0.0001s    906.1  11012.5
+#rsa 1024 bits   0.0060s   0.0003s    166.6   3363.1
+#rsa 2048 bits   0.0370s   0.0010s     27.1    982.4
+#rsa 4096 bits   0.2426s   0.0036s      4.1    280.4
+#dsa  512 bits   0.0010s   0.0012s   1038.1    841.5
+#dsa 1024 bits   0.0030s   0.0037s    329.6    269.7
+#dsa 2048 bits   0.0101s   0.0127s     98.9     78.6
+#
+#       Same benchmark with this assembler code:
+#
+#rsa  512 bits   0.0007s   0.0001s   1416.2  16645.9
+#rsa 1024 bits   0.0036s   0.0002s    274.4   5380.6
+#rsa 2048 bits   0.0222s   0.0006s     45.1   1589.5
+#rsa 4096 bits   0.1469s   0.0022s      6.8    449.6
+#dsa  512 bits   0.0006s   0.0007s   1664.2   1376.2
+#dsa 1024 bits   0.0018s   0.0023s    545.0    442.2
+#dsa 2048 bits   0.0061s   0.0075s    163.5    132.8
+#
+#        Performance increase of ~60%
+#        Based on submission from Suresh N. Chari of IBM
+
+$flavour = shift;
+
+if ($flavour =~ /32/) {
+	$BITS=	32;
+	$BNSZ=	$BITS/8;
+	$ISA=	"\"ppc\"";
+
+	$LD=	"lwz";		# load
+	$LDU=	"lwzu";		# load and update
+	$ST=	"stw";		# store
+	$STU=	"stwu";		# store and update
+	$UMULL=	"mullw";	# unsigned multiply low
+	$UMULH=	"mulhwu";	# unsigned multiply high
+	$UDIV=	"divwu";	# unsigned divide
+	$UCMPI=	"cmplwi";	# unsigned compare with immediate
+	$UCMP=	"cmplw";	# unsigned compare
+	$CNTLZ=	"cntlzw";	# count leading zeros
+	$SHL=	"slw";		# shift left
+	$SHR=	"srw";		# unsigned shift right
+	$SHRI=	"srwi";		# unsigned shift right by immediate
+	$SHLI=	"slwi";		# shift left by immediate
+	$CLRU=	"clrlwi";	# clear upper bits
+	$INSR=	"insrwi";	# insert right
+	$ROTL=	"rotlwi";	# rotate left by immediate
+	$TR=	"tw";		# conditional trap
+} elsif ($flavour =~ /64/) {
+	$BITS=	64;
+	$BNSZ=	$BITS/8;
+	$ISA=	"\"ppc64\"";
+
+	# same as above, but 64-bit mnemonics...
+	$LD=	"ld";		# load
+	$LDU=	"ldu";		# load and update
+	$ST=	"std";		# store
+	$STU=	"stdu";		# store and update
+	$UMULL=	"mulld";	# unsigned multiply low
+	$UMULH=	"mulhdu";	# unsigned multiply high
+	$UDIV=	"divdu";	# unsigned divide
+	$UCMPI=	"cmpldi";	# unsigned compare with immediate
+	$UCMP=	"cmpld";	# unsigned compare
+	$CNTLZ=	"cntlzd";	# count leading zeros
+	$SHL=	"sld";		# shift left
+	$SHR=	"srd";		# unsigned shift right
+	$SHRI=	"srdi";		# unsigned shift right by immediate
+	$SHLI=	"sldi";		# shift left by immediate
+	$CLRU=	"clrldi";	# clear upper bits
+	$INSR=	"insrdi";	# insert right
+	$ROTL=	"rotldi";	# rotate left by immediate
+	$TR=	"td";		# conditional trap
+} else { die "nonsense $flavour"; }
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
+die "can't locate ppc-xlate.pl";
+
+open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!";
+
+$data=<<EOF;
+#--------------------------------------------------------------------
+#
+#
+#
+#
+#	File:		ppc32.s
+#
+#	Created by:	Suresh Chari
+#			IBM Thomas J. Watson Research Library
+#			Hawthorne, NY
+#
+#
+#	Description:	Optimized assembly routines for OpenSSL crypto
+#			on the 32 bitPowerPC platform.
+#
+#
+#	Version History
+#
+#	2. Fixed bn_add,bn_sub and bn_div_words, added comments,
+#	   cleaned up code. Also made a single version which can
+#	   be used for both the AIX and Linux compilers. See NOTE
+#	   below.
+#				12/05/03		Suresh Chari
+#			(with lots of help from)        Andy Polyakov
+##
+#	1. Initial version	10/20/02		Suresh Chari
+#
+#
+#	The following file works for the xlc,cc
+#	and gcc compilers.
+#
+#	NOTE:	To get the file to link correctly with the gcc compiler
+#	        you have to change the names of the routines and remove
+#		the first .(dot) character. This should automatically
+#		be done in the build process.
+#
+#	Hand optimized assembly code for the following routines
+#
+#	bn_sqr_comba4
+#	bn_sqr_comba8
+#	bn_mul_comba4
+#	bn_mul_comba8
+#	bn_sub_words
+#	bn_add_words
+#	bn_div_words
+#	bn_sqr_words
+#	bn_mul_words
+#	bn_mul_add_words
+#
+#	NOTE:	It is possible to optimize this code more for
+#	specific PowerPC or Power architectures. On the Northstar
+#	architecture the optimizations in this file do
+#	 NOT provide much improvement.
+#
+#	If you have comments or suggestions to improve code send
+#	me a note at schari\@us.ibm.com
+#
+#--------------------------------------------------------------------------
+#
+#	Defines to be used in the assembly code.
+#
+#.set r0,0	# we use it as storage for value of 0
+#.set SP,1	# preserved
+#.set RTOC,2	# preserved
+#.set r3,3	# 1st argument/return value
+#.set r4,4	# 2nd argument/volatile register
+#.set r5,5	# 3rd argument/volatile register
+#.set r6,6	# ...
+#.set r7,7
+#.set r8,8
+#.set r9,9
+#.set r10,10
+#.set r11,11
+#.set r12,12
+#.set r13,13	# not used, nor any other "below" it...
+
+#	Declare function names to be global
+#	NOTE:	For gcc these names MUST be changed to remove
+#	        the first . i.e. for example change ".bn_sqr_comba4"
+#		to "bn_sqr_comba4". This should be automatically done
+#		in the build.
+
+	.globl	.bn_sqr_comba4
+	.globl	.bn_sqr_comba8
+	.globl	.bn_mul_comba4
+	.globl	.bn_mul_comba8
+	.globl	.bn_sub_words
+	.globl	.bn_add_words
+	.globl	.bn_div_words
+	.globl	.bn_sqr_words
+	.globl	.bn_mul_words
+	.globl	.bn_mul_add_words
+
+# .text section
+
+	.machine	"any"
+
+#
+#	NOTE:	The following label name should be changed to
+#		"bn_sqr_comba4" i.e. remove the first dot
+#		for the gcc compiler. This should be automatically
+#		done in the build
+#
+
+.align	4
+.bn_sqr_comba4:
+#
+# Optimized version of bn_sqr_comba4.
+#
+# void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
+# r3 contains r
+# r4 contains a
+#
+# Freely use registers r5,r6,r7,r8,r9,r10,r11 as follows:
+#
+# r5,r6 are the two BN_ULONGs being multiplied.
+# r7,r8 are the results of the 32x32 giving 64 bit multiply.
+# r9,r10, r11 are the equivalents of c1,c2, c3.
+# Here's the assembly
+#
+#
+	xor		r0,r0,r0		# set r0 = 0. Used in the addze
+						# instructions below
+
+						#sqr_add_c(a,0,c1,c2,c3)
+	$LD		r5,`0*$BNSZ`(r4)
+	$UMULL		r9,r5,r5
+	$UMULH		r10,r5,r5		#in first iteration. No need
+						#to add since c1=c2=c3=0.
+						# Note c3(r11) is NOT set to 0
+						# but will be.
+
+	$ST		r9,`0*$BNSZ`(r3)	# r[0]=c1;
+						# sqr_add_c2(a,1,0,c2,c3,c1);
+	$LD		r6,`1*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+
+	addc		r7,r7,r7		# compute (r7,r8)=2*(r7,r8)
+	adde		r8,r8,r8
+	addze		r9,r0			# catch carry if any.
+						# r9= r0(=0) and carry
+
+	addc		r10,r7,r10		# now add to temp result.
+	addze		r11,r8                  # r8 added to r11 which is 0
+	addze		r9,r9
+
+	$ST		r10,`1*$BNSZ`(r3)	#r[1]=c2;
+						#sqr_add_c(a,1,c3,c1,c2)
+	$UMULL		r7,r6,r6
+	$UMULH		r8,r6,r6
+	addc		r11,r7,r11
+	adde		r9,r8,r9
+	addze		r10,r0
+						#sqr_add_c2(a,2,0,c3,c1,c2)
+	$LD		r6,`2*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+
+	addc		r7,r7,r7
+	adde		r8,r8,r8
+	addze		r10,r10
+
+	addc		r11,r7,r11
+	adde		r9,r8,r9
+	addze		r10,r10
+	$ST		r11,`2*$BNSZ`(r3)	#r[2]=c3
+						#sqr_add_c2(a,3,0,c1,c2,c3);
+	$LD		r6,`3*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+	addc		r7,r7,r7
+	adde		r8,r8,r8
+	addze		r11,r0
+
+	addc		r9,r7,r9
+	adde		r10,r8,r10
+	addze		r11,r11
+						#sqr_add_c2(a,2,1,c1,c2,c3);
+	$LD		r5,`1*$BNSZ`(r4)
+	$LD		r6,`2*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+
+	addc		r7,r7,r7
+	adde		r8,r8,r8
+	addze		r11,r11
+	addc		r9,r7,r9
+	adde		r10,r8,r10
+	addze		r11,r11
+	$ST		r9,`3*$BNSZ`(r3)	#r[3]=c1
+						#sqr_add_c(a,2,c2,c3,c1);
+	$UMULL		r7,r6,r6
+	$UMULH		r8,r6,r6
+	addc		r10,r7,r10
+	adde		r11,r8,r11
+	addze		r9,r0
+						#sqr_add_c2(a,3,1,c2,c3,c1);
+	$LD		r6,`3*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+	addc		r7,r7,r7
+	adde		r8,r8,r8
+	addze		r9,r9
+
+	addc		r10,r7,r10
+	adde		r11,r8,r11
+	addze		r9,r9
+	$ST		r10,`4*$BNSZ`(r3)	#r[4]=c2
+						#sqr_add_c2(a,3,2,c3,c1,c2);
+	$LD		r5,`2*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+	addc		r7,r7,r7
+	adde		r8,r8,r8
+	addze		r10,r0
+
+	addc		r11,r7,r11
+	adde		r9,r8,r9
+	addze		r10,r10
+	$ST		r11,`5*$BNSZ`(r3)	#r[5] = c3
+						#sqr_add_c(a,3,c1,c2,c3);
+	$UMULL		r7,r6,r6
+	$UMULH		r8,r6,r6
+	addc		r9,r7,r9
+	adde		r10,r8,r10
+
+	$ST		r9,`6*$BNSZ`(r3)	#r[6]=c1
+	$ST		r10,`7*$BNSZ`(r3)	#r[7]=c2
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,2,0
+	.long	0
+.size	.bn_sqr_comba4,.-.bn_sqr_comba4
+
+#
+#	NOTE:	The following label name should be changed to
+#		"bn_sqr_comba8" i.e. remove the first dot
+#		for the gcc compiler. This should be automatically
+#		done in the build
+#
+
+.align	4
+.bn_sqr_comba8:
+#
+# This is an optimized version of the bn_sqr_comba8 routine.
+# Tightly uses the adde instruction
+#
+#
+# void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
+# r3 contains r
+# r4 contains a
+#
+# Freely use registers r5,r6,r7,r8,r9,r10,r11 as follows:
+#
+# r5,r6 are the two BN_ULONGs being multiplied.
+# r7,r8 are the results of the 32x32 giving 64 bit multiply.
+# r9,r10, r11 are the equivalents of c1,c2, c3.
+#
+# Possible optimization of loading all 8 longs of a into registers
+# doesn't provide any speedup
+#
+
+	xor		r0,r0,r0		#set r0 = 0.Used in addze
+						#instructions below.
+
+						#sqr_add_c(a,0,c1,c2,c3);
+	$LD		r5,`0*$BNSZ`(r4)
+	$UMULL		r9,r5,r5		#1st iteration:	no carries.
+	$UMULH		r10,r5,r5
+	$ST		r9,`0*$BNSZ`(r3)	# r[0]=c1;
+						#sqr_add_c2(a,1,0,c2,c3,c1);
+	$LD		r6,`1*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+
+	addc		r10,r7,r10		#add the two register number
+	adde		r11,r8,r0 		# (r8,r7) to the three register
+	addze		r9,r0			# number (r9,r11,r10).NOTE:r0=0
+
+	addc		r10,r7,r10		#add the two register number
+	adde		r11,r8,r11 		# (r8,r7) to the three register
+	addze		r9,r9			# number (r9,r11,r10).
+
+	$ST		r10,`1*$BNSZ`(r3)	# r[1]=c2
+
+						#sqr_add_c(a,1,c3,c1,c2);
+	$UMULL		r7,r6,r6
+	$UMULH		r8,r6,r6
+	addc		r11,r7,r11
+	adde		r9,r8,r9
+	addze		r10,r0
+						#sqr_add_c2(a,2,0,c3,c1,c2);
+	$LD		r6,`2*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+
+	addc		r11,r7,r11
+	adde		r9,r8,r9
+	addze		r10,r10
+
+	addc		r11,r7,r11
+	adde		r9,r8,r9
+	addze		r10,r10
+
+	$ST		r11,`2*$BNSZ`(r3)	#r[2]=c3
+						#sqr_add_c2(a,3,0,c1,c2,c3);
+	$LD		r6,`3*$BNSZ`(r4)	#r6 = a[3]. r5 is already a[0].
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+
+	addc		r9,r7,r9
+	adde		r10,r8,r10
+	addze		r11,r0
+
+	addc		r9,r7,r9
+	adde		r10,r8,r10
+	addze		r11,r11
+						#sqr_add_c2(a,2,1,c1,c2,c3);
+	$LD		r5,`1*$BNSZ`(r4)
+	$LD		r6,`2*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+
+	addc		r9,r7,r9
+	adde		r10,r8,r10
+	addze		r11,r11
+
+	addc		r9,r7,r9
+	adde		r10,r8,r10
+	addze		r11,r11
+
+	$ST		r9,`3*$BNSZ`(r3)	#r[3]=c1;
+						#sqr_add_c(a,2,c2,c3,c1);
+	$UMULL		r7,r6,r6
+	$UMULH		r8,r6,r6
+
+	addc		r10,r7,r10
+	adde		r11,r8,r11
+	addze		r9,r0
+						#sqr_add_c2(a,3,1,c2,c3,c1);
+	$LD		r6,`3*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+
+	addc		r10,r7,r10
+	adde		r11,r8,r11
+	addze		r9,r9
+
+	addc		r10,r7,r10
+	adde		r11,r8,r11
+	addze		r9,r9
+						#sqr_add_c2(a,4,0,c2,c3,c1);
+	$LD		r5,`0*$BNSZ`(r4)
+	$LD		r6,`4*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+
+	addc		r10,r7,r10
+	adde		r11,r8,r11
+	addze		r9,r9
+
+	addc		r10,r7,r10
+	adde		r11,r8,r11
+	addze		r9,r9
+	$ST		r10,`4*$BNSZ`(r3)	#r[4]=c2;
+						#sqr_add_c2(a,5,0,c3,c1,c2);
+	$LD		r6,`5*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+
+	addc		r11,r7,r11
+	adde		r9,r8,r9
+	addze		r10,r0
+
+	addc		r11,r7,r11
+	adde		r9,r8,r9
+	addze		r10,r10
+						#sqr_add_c2(a,4,1,c3,c1,c2);
+	$LD		r5,`1*$BNSZ`(r4)
+	$LD		r6,`4*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+
+	addc		r11,r7,r11
+	adde		r9,r8,r9
+	addze		r10,r10
+
+	addc		r11,r7,r11
+	adde		r9,r8,r9
+	addze		r10,r10
+						#sqr_add_c2(a,3,2,c3,c1,c2);
+	$LD		r5,`2*$BNSZ`(r4)
+	$LD		r6,`3*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+
+	addc		r11,r7,r11
+	adde		r9,r8,r9
+	addze		r10,r10
+
+	addc		r11,r7,r11
+	adde		r9,r8,r9
+	addze		r10,r10
+	$ST		r11,`5*$BNSZ`(r3)	#r[5]=c3;
+						#sqr_add_c(a,3,c1,c2,c3);
+	$UMULL		r7,r6,r6
+	$UMULH		r8,r6,r6
+	addc		r9,r7,r9
+	adde		r10,r8,r10
+	addze		r11,r0
+						#sqr_add_c2(a,4,2,c1,c2,c3);
+	$LD		r6,`4*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+
+	addc		r9,r7,r9
+	adde		r10,r8,r10
+	addze		r11,r11
+
+	addc		r9,r7,r9
+	adde		r10,r8,r10
+	addze		r11,r11
+						#sqr_add_c2(a,5,1,c1,c2,c3);
+	$LD		r5,`1*$BNSZ`(r4)
+	$LD		r6,`5*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+
+	addc		r9,r7,r9
+	adde		r10,r8,r10
+	addze		r11,r11
+
+	addc		r9,r7,r9
+	adde		r10,r8,r10
+	addze		r11,r11
+						#sqr_add_c2(a,6,0,c1,c2,c3);
+	$LD		r5,`0*$BNSZ`(r4)
+	$LD		r6,`6*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+	addc		r9,r7,r9
+	adde		r10,r8,r10
+	addze		r11,r11
+	addc		r9,r7,r9
+	adde		r10,r8,r10
+	addze		r11,r11
+	$ST		r9,`6*$BNSZ`(r3)	#r[6]=c1;
+						#sqr_add_c2(a,7,0,c2,c3,c1);
+	$LD		r6,`7*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+
+	addc		r10,r7,r10
+	adde		r11,r8,r11
+	addze		r9,r0
+	addc		r10,r7,r10
+	adde		r11,r8,r11
+	addze		r9,r9
+						#sqr_add_c2(a,6,1,c2,c3,c1);
+	$LD		r5,`1*$BNSZ`(r4)
+	$LD		r6,`6*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+
+	addc		r10,r7,r10
+	adde		r11,r8,r11
+	addze		r9,r9
+	addc		r10,r7,r10
+	adde		r11,r8,r11
+	addze		r9,r9
+						#sqr_add_c2(a,5,2,c2,c3,c1);
+	$LD		r5,`2*$BNSZ`(r4)
+	$LD		r6,`5*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+	addc		r10,r7,r10
+	adde		r11,r8,r11
+	addze		r9,r9
+	addc		r10,r7,r10
+	adde		r11,r8,r11
+	addze		r9,r9
+						#sqr_add_c2(a,4,3,c2,c3,c1);
+	$LD		r5,`3*$BNSZ`(r4)
+	$LD		r6,`4*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+
+	addc		r10,r7,r10
+	adde		r11,r8,r11
+	addze		r9,r9
+	addc		r10,r7,r10
+	adde		r11,r8,r11
+	addze		r9,r9
+	$ST		r10,`7*$BNSZ`(r3)	#r[7]=c2;
+						#sqr_add_c(a,4,c3,c1,c2);
+	$UMULL		r7,r6,r6
+	$UMULH		r8,r6,r6
+	addc		r11,r7,r11
+	adde		r9,r8,r9
+	addze		r10,r0
+						#sqr_add_c2(a,5,3,c3,c1,c2);
+	$LD		r6,`5*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+	addc		r11,r7,r11
+	adde		r9,r8,r9
+	addze		r10,r10
+	addc		r11,r7,r11
+	adde		r9,r8,r9
+	addze		r10,r10
+						#sqr_add_c2(a,6,2,c3,c1,c2);
+	$LD		r5,`2*$BNSZ`(r4)
+	$LD		r6,`6*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+	addc		r11,r7,r11
+	adde		r9,r8,r9
+	addze		r10,r10
+
+	addc		r11,r7,r11
+	adde		r9,r8,r9
+	addze		r10,r10
+						#sqr_add_c2(a,7,1,c3,c1,c2);
+	$LD		r5,`1*$BNSZ`(r4)
+	$LD		r6,`7*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+	addc		r11,r7,r11
+	adde		r9,r8,r9
+	addze		r10,r10
+	addc		r11,r7,r11
+	adde		r9,r8,r9
+	addze		r10,r10
+	$ST		r11,`8*$BNSZ`(r3)	#r[8]=c3;
+						#sqr_add_c2(a,7,2,c1,c2,c3);
+	$LD		r5,`2*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+
+	addc		r9,r7,r9
+	adde		r10,r8,r10
+	addze		r11,r0
+	addc		r9,r7,r9
+	adde		r10,r8,r10
+	addze		r11,r11
+						#sqr_add_c2(a,6,3,c1,c2,c3);
+	$LD		r5,`3*$BNSZ`(r4)
+	$LD		r6,`6*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+	addc		r9,r7,r9
+	adde		r10,r8,r10
+	addze		r11,r11
+	addc		r9,r7,r9
+	adde		r10,r8,r10
+	addze		r11,r11
+						#sqr_add_c2(a,5,4,c1,c2,c3);
+	$LD		r5,`4*$BNSZ`(r4)
+	$LD		r6,`5*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+	addc		r9,r7,r9
+	adde		r10,r8,r10
+	addze		r11,r11
+	addc		r9,r7,r9
+	adde		r10,r8,r10
+	addze		r11,r11
+	$ST		r9,`9*$BNSZ`(r3)	#r[9]=c1;
+						#sqr_add_c(a,5,c2,c3,c1);
+	$UMULL		r7,r6,r6
+	$UMULH		r8,r6,r6
+	addc		r10,r7,r10
+	adde		r11,r8,r11
+	addze		r9,r0
+						#sqr_add_c2(a,6,4,c2,c3,c1);
+	$LD		r6,`6*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+	addc		r10,r7,r10
+	adde		r11,r8,r11
+	addze		r9,r9
+	addc		r10,r7,r10
+	adde		r11,r8,r11
+	addze		r9,r9
+						#sqr_add_c2(a,7,3,c2,c3,c1);
+	$LD		r5,`3*$BNSZ`(r4)
+	$LD		r6,`7*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+	addc		r10,r7,r10
+	adde		r11,r8,r11
+	addze		r9,r9
+	addc		r10,r7,r10
+	adde		r11,r8,r11
+	addze		r9,r9
+	$ST		r10,`10*$BNSZ`(r3)	#r[10]=c2;
+						#sqr_add_c2(a,7,4,c3,c1,c2);
+	$LD		r5,`4*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+	addc		r11,r7,r11
+	adde		r9,r8,r9
+	addze		r10,r0
+	addc		r11,r7,r11
+	adde		r9,r8,r9
+	addze		r10,r10
+						#sqr_add_c2(a,6,5,c3,c1,c2);
+	$LD		r5,`5*$BNSZ`(r4)
+	$LD		r6,`6*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+	addc		r11,r7,r11
+	adde		r9,r8,r9
+	addze		r10,r10
+	addc		r11,r7,r11
+	adde		r9,r8,r9
+	addze		r10,r10
+	$ST		r11,`11*$BNSZ`(r3)	#r[11]=c3;
+						#sqr_add_c(a,6,c1,c2,c3);
+	$UMULL		r7,r6,r6
+	$UMULH		r8,r6,r6
+	addc		r9,r7,r9
+	adde		r10,r8,r10
+	addze		r11,r0
+						#sqr_add_c2(a,7,5,c1,c2,c3)
+	$LD		r6,`7*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+	addc		r9,r7,r9
+	adde		r10,r8,r10
+	addze		r11,r11
+	addc		r9,r7,r9
+	adde		r10,r8,r10
+	addze		r11,r11
+	$ST		r9,`12*$BNSZ`(r3)	#r[12]=c1;
+
+						#sqr_add_c2(a,7,6,c2,c3,c1)
+	$LD		r5,`6*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+	addc		r10,r7,r10
+	adde		r11,r8,r11
+	addze		r9,r0
+	addc		r10,r7,r10
+	adde		r11,r8,r11
+	addze		r9,r9
+	$ST		r10,`13*$BNSZ`(r3)	#r[13]=c2;
+						#sqr_add_c(a,7,c3,c1,c2);
+	$UMULL		r7,r6,r6
+	$UMULH		r8,r6,r6
+	addc		r11,r7,r11
+	adde		r9,r8,r9
+	$ST		r11,`14*$BNSZ`(r3)	#r[14]=c3;
+	$ST		r9, `15*$BNSZ`(r3)	#r[15]=c1;
+
+
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,2,0
+	.long	0
+.size	.bn_sqr_comba8,.-.bn_sqr_comba8
+
+#
+#	NOTE:	The following label name should be changed to
+#		"bn_mul_comba4" i.e. remove the first dot
+#		for the gcc compiler. This should be automatically
+#		done in the build
+#
+
+.align	4
+.bn_mul_comba4:
+#
+# This is an optimized version of the bn_mul_comba4 routine.
+#
+# void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+# r3 contains r
+# r4 contains a
+# r5 contains b
+# r6, r7 are the 2 BN_ULONGs being multiplied.
+# r8, r9 are the results of the 32x32 giving 64 multiply.
+# r10, r11, r12 are the equivalents of c1, c2, and c3.
+#
+	xor	r0,r0,r0		#r0=0. Used in addze below.
+					#mul_add_c(a[0],b[0],c1,c2,c3);
+	$LD	r6,`0*$BNSZ`(r4)
+	$LD	r7,`0*$BNSZ`(r5)
+	$UMULL	r10,r6,r7
+	$UMULH	r11,r6,r7
+	$ST	r10,`0*$BNSZ`(r3)	#r[0]=c1
+					#mul_add_c(a[0],b[1],c2,c3,c1);
+	$LD	r7,`1*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r8,r11
+	adde	r12,r9,r0
+	addze	r10,r0
+					#mul_add_c(a[1],b[0],c2,c3,c1);
+	$LD	r6, `1*$BNSZ`(r4)
+	$LD	r7, `0*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r8,r11
+	adde	r12,r9,r12
+	addze	r10,r10
+	$ST	r11,`1*$BNSZ`(r3)	#r[1]=c2
+					#mul_add_c(a[2],b[0],c3,c1,c2);
+	$LD	r6,`2*$BNSZ`(r4)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r12,r8,r12
+	adde	r10,r9,r10
+	addze	r11,r0
+					#mul_add_c(a[1],b[1],c3,c1,c2);
+	$LD	r6,`1*$BNSZ`(r4)
+	$LD	r7,`1*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r12,r8,r12
+	adde	r10,r9,r10
+	addze	r11,r11
+					#mul_add_c(a[0],b[2],c3,c1,c2);
+	$LD	r6,`0*$BNSZ`(r4)
+	$LD	r7,`2*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r12,r8,r12
+	adde	r10,r9,r10
+	addze	r11,r11
+	$ST	r12,`2*$BNSZ`(r3)	#r[2]=c3
+					#mul_add_c(a[0],b[3],c1,c2,c3);
+	$LD	r7,`3*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r10,r8,r10
+	adde	r11,r9,r11
+	addze	r12,r0
+					#mul_add_c(a[1],b[2],c1,c2,c3);
+	$LD	r6,`1*$BNSZ`(r4)
+	$LD	r7,`2*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r10,r8,r10
+	adde	r11,r9,r11
+	addze	r12,r12
+					#mul_add_c(a[2],b[1],c1,c2,c3);
+	$LD	r6,`2*$BNSZ`(r4)
+	$LD	r7,`1*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r10,r8,r10
+	adde	r11,r9,r11
+	addze	r12,r12
+					#mul_add_c(a[3],b[0],c1,c2,c3);
+	$LD	r6,`3*$BNSZ`(r4)
+	$LD	r7,`0*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r10,r8,r10
+	adde	r11,r9,r11
+	addze	r12,r12
+	$ST	r10,`3*$BNSZ`(r3)	#r[3]=c1
+					#mul_add_c(a[3],b[1],c2,c3,c1);
+	$LD	r7,`1*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r8,r11
+	adde	r12,r9,r12
+	addze	r10,r0
+					#mul_add_c(a[2],b[2],c2,c3,c1);
+	$LD	r6,`2*$BNSZ`(r4)
+	$LD	r7,`2*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r8,r11
+	adde	r12,r9,r12
+	addze	r10,r10
+					#mul_add_c(a[1],b[3],c2,c3,c1);
+	$LD	r6,`1*$BNSZ`(r4)
+	$LD	r7,`3*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r8,r11
+	adde	r12,r9,r12
+	addze	r10,r10
+	$ST	r11,`4*$BNSZ`(r3)	#r[4]=c2
+					#mul_add_c(a[2],b[3],c3,c1,c2);
+	$LD	r6,`2*$BNSZ`(r4)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r12,r8,r12
+	adde	r10,r9,r10
+	addze	r11,r0
+					#mul_add_c(a[3],b[2],c3,c1,c2);
+	$LD	r6,`3*$BNSZ`(r4)
+	$LD	r7,`2*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r12,r8,r12
+	adde	r10,r9,r10
+	addze	r11,r11
+	$ST	r12,`5*$BNSZ`(r3)	#r[5]=c3
+					#mul_add_c(a[3],b[3],c1,c2,c3);
+	$LD	r7,`3*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r10,r8,r10
+	adde	r11,r9,r11
+
+	$ST	r10,`6*$BNSZ`(r3)	#r[6]=c1
+	$ST	r11,`7*$BNSZ`(r3)	#r[7]=c2
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,3,0
+	.long	0
+.size	.bn_mul_comba4,.-.bn_mul_comba4
+
+#
+#	NOTE:	The following label name should be changed to
+#		"bn_mul_comba8" i.e. remove the first dot
+#		for the gcc compiler. This should be automatically
+#		done in the build
+#
+
+.align	4
+.bn_mul_comba8:
+#
+# Optimized version of the bn_mul_comba8 routine.
+#
+# void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+# r3 contains r
+# r4 contains a
+# r5 contains b
+# r6, r7 are the 2 BN_ULONGs being multiplied.
+# r8, r9 are the results of the 32x32 giving 64 multiply.
+# r10, r11, r12 are the equivalents of c1, c2, and c3.
+#
+	xor	r0,r0,r0		#r0=0. Used in addze below.
+
+					#mul_add_c(a[0],b[0],c1,c2,c3);
+	$LD	r6,`0*$BNSZ`(r4)	#a[0]
+	$LD	r7,`0*$BNSZ`(r5)	#b[0]
+	$UMULL	r10,r6,r7
+	$UMULH	r11,r6,r7
+	$ST	r10,`0*$BNSZ`(r3)	#r[0]=c1;
+					#mul_add_c(a[0],b[1],c2,c3,c1);
+	$LD	r7,`1*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r11,r8
+	addze	r12,r9			# since we didn't set r12 to zero before.
+	addze	r10,r0
+					#mul_add_c(a[1],b[0],c2,c3,c1);
+	$LD	r6,`1*$BNSZ`(r4)
+	$LD	r7,`0*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r11,r8
+	adde	r12,r12,r9
+	addze	r10,r10
+	$ST	r11,`1*$BNSZ`(r3)	#r[1]=c2;
+					#mul_add_c(a[2],b[0],c3,c1,c2);
+	$LD	r6,`2*$BNSZ`(r4)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r12,r12,r8
+	adde	r10,r10,r9
+	addze	r11,r0
+					#mul_add_c(a[1],b[1],c3,c1,c2);
+	$LD	r6,`1*$BNSZ`(r4)
+	$LD	r7,`1*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r12,r12,r8
+	adde	r10,r10,r9
+	addze	r11,r11
+					#mul_add_c(a[0],b[2],c3,c1,c2);
+	$LD	r6,`0*$BNSZ`(r4)
+	$LD	r7,`2*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r12,r12,r8
+	adde	r10,r10,r9
+	addze	r11,r11
+	$ST	r12,`2*$BNSZ`(r3)	#r[2]=c3;
+					#mul_add_c(a[0],b[3],c1,c2,c3);
+	$LD	r7,`3*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r10,r10,r8
+	adde	r11,r11,r9
+	addze	r12,r0
+					#mul_add_c(a[1],b[2],c1,c2,c3);
+	$LD	r6,`1*$BNSZ`(r4)
+	$LD	r7,`2*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r10,r10,r8
+	adde	r11,r11,r9
+	addze	r12,r12
+
+					#mul_add_c(a[2],b[1],c1,c2,c3);
+	$LD	r6,`2*$BNSZ`(r4)
+	$LD	r7,`1*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r10,r10,r8
+	adde	r11,r11,r9
+	addze	r12,r12
+					#mul_add_c(a[3],b[0],c1,c2,c3);
+	$LD	r6,`3*$BNSZ`(r4)
+	$LD	r7,`0*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r10,r10,r8
+	adde	r11,r11,r9
+	addze	r12,r12
+	$ST	r10,`3*$BNSZ`(r3)	#r[3]=c1;
+					#mul_add_c(a[4],b[0],c2,c3,c1);
+	$LD	r6,`4*$BNSZ`(r4)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r11,r8
+	adde	r12,r12,r9
+	addze	r10,r0
+					#mul_add_c(a[3],b[1],c2,c3,c1);
+	$LD	r6,`3*$BNSZ`(r4)
+	$LD	r7,`1*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r11,r8
+	adde	r12,r12,r9
+	addze	r10,r10
+					#mul_add_c(a[2],b[2],c2,c3,c1);
+	$LD	r6,`2*$BNSZ`(r4)
+	$LD	r7,`2*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r11,r8
+	adde	r12,r12,r9
+	addze	r10,r10
+					#mul_add_c(a[1],b[3],c2,c3,c1);
+	$LD	r6,`1*$BNSZ`(r4)
+	$LD	r7,`3*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r11,r8
+	adde	r12,r12,r9
+	addze	r10,r10
+					#mul_add_c(a[0],b[4],c2,c3,c1);
+	$LD	r6,`0*$BNSZ`(r4)
+	$LD	r7,`4*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r11,r8
+	adde	r12,r12,r9
+	addze	r10,r10
+	$ST	r11,`4*$BNSZ`(r3)	#r[4]=c2;
+					#mul_add_c(a[0],b[5],c3,c1,c2);
+	$LD	r7,`5*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r12,r12,r8
+	adde	r10,r10,r9
+	addze	r11,r0
+					#mul_add_c(a[1],b[4],c3,c1,c2);
+	$LD	r6,`1*$BNSZ`(r4)
+	$LD	r7,`4*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r12,r12,r8
+	adde	r10,r10,r9
+	addze	r11,r11
+					#mul_add_c(a[2],b[3],c3,c1,c2);
+	$LD	r6,`2*$BNSZ`(r4)
+	$LD	r7,`3*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r12,r12,r8
+	adde	r10,r10,r9
+	addze	r11,r11
+					#mul_add_c(a[3],b[2],c3,c1,c2);
+	$LD	r6,`3*$BNSZ`(r4)
+	$LD	r7,`2*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r12,r12,r8
+	adde	r10,r10,r9
+	addze	r11,r11
+					#mul_add_c(a[4],b[1],c3,c1,c2);
+	$LD	r6,`4*$BNSZ`(r4)
+	$LD	r7,`1*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r12,r12,r8
+	adde	r10,r10,r9
+	addze	r11,r11
+					#mul_add_c(a[5],b[0],c3,c1,c2);
+	$LD	r6,`5*$BNSZ`(r4)
+	$LD	r7,`0*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r12,r12,r8
+	adde	r10,r10,r9
+	addze	r11,r11
+	$ST	r12,`5*$BNSZ`(r3)	#r[5]=c3;
+					#mul_add_c(a[6],b[0],c1,c2,c3);
+	$LD	r6,`6*$BNSZ`(r4)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r10,r10,r8
+	adde	r11,r11,r9
+	addze	r12,r0
+					#mul_add_c(a[5],b[1],c1,c2,c3);
+	$LD	r6,`5*$BNSZ`(r4)
+	$LD	r7,`1*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r10,r10,r8
+	adde	r11,r11,r9
+	addze	r12,r12
+					#mul_add_c(a[4],b[2],c1,c2,c3);
+	$LD	r6,`4*$BNSZ`(r4)
+	$LD	r7,`2*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r10,r10,r8
+	adde	r11,r11,r9
+	addze	r12,r12
+					#mul_add_c(a[3],b[3],c1,c2,c3);
+	$LD	r6,`3*$BNSZ`(r4)
+	$LD	r7,`3*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r10,r10,r8
+	adde	r11,r11,r9
+	addze	r12,r12
+					#mul_add_c(a[2],b[4],c1,c2,c3);
+	$LD	r6,`2*$BNSZ`(r4)
+	$LD	r7,`4*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r10,r10,r8
+	adde	r11,r11,r9
+	addze	r12,r12
+					#mul_add_c(a[1],b[5],c1,c2,c3);
+	$LD	r6,`1*$BNSZ`(r4)
+	$LD	r7,`5*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r10,r10,r8
+	adde	r11,r11,r9
+	addze	r12,r12
+					#mul_add_c(a[0],b[6],c1,c2,c3);
+	$LD	r6,`0*$BNSZ`(r4)
+	$LD	r7,`6*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r10,r10,r8
+	adde	r11,r11,r9
+	addze	r12,r12
+	$ST	r10,`6*$BNSZ`(r3)	#r[6]=c1;
+					#mul_add_c(a[0],b[7],c2,c3,c1);
+	$LD	r7,`7*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r11,r8
+	adde	r12,r12,r9
+	addze	r10,r0
+					#mul_add_c(a[1],b[6],c2,c3,c1);
+	$LD	r6,`1*$BNSZ`(r4)
+	$LD	r7,`6*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r11,r8
+	adde	r12,r12,r9
+	addze	r10,r10
+					#mul_add_c(a[2],b[5],c2,c3,c1);
+	$LD	r6,`2*$BNSZ`(r4)
+	$LD	r7,`5*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r11,r8
+	adde	r12,r12,r9
+	addze	r10,r10
+					#mul_add_c(a[3],b[4],c2,c3,c1);
+	$LD	r6,`3*$BNSZ`(r4)
+	$LD	r7,`4*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r11,r8
+	adde	r12,r12,r9
+	addze	r10,r10
+					#mul_add_c(a[4],b[3],c2,c3,c1);
+	$LD	r6,`4*$BNSZ`(r4)
+	$LD	r7,`3*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r11,r8
+	adde	r12,r12,r9
+	addze	r10,r10
+					#mul_add_c(a[5],b[2],c2,c3,c1);
+	$LD	r6,`5*$BNSZ`(r4)
+	$LD	r7,`2*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r11,r8
+	adde	r12,r12,r9
+	addze	r10,r10
+					#mul_add_c(a[6],b[1],c2,c3,c1);
+	$LD	r6,`6*$BNSZ`(r4)
+	$LD	r7,`1*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r11,r8
+	adde	r12,r12,r9
+	addze	r10,r10
+					#mul_add_c(a[7],b[0],c2,c3,c1);
+	$LD	r6,`7*$BNSZ`(r4)
+	$LD	r7,`0*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r11,r8
+	adde	r12,r12,r9
+	addze	r10,r10
+	$ST	r11,`7*$BNSZ`(r3)	#r[7]=c2;
+					#mul_add_c(a[7],b[1],c3,c1,c2);
+	$LD	r7,`1*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r12,r12,r8
+	adde	r10,r10,r9
+	addze	r11,r0
+					#mul_add_c(a[6],b[2],c3,c1,c2);
+	$LD	r6,`6*$BNSZ`(r4)
+	$LD	r7,`2*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r12,r12,r8
+	adde	r10,r10,r9
+	addze	r11,r11
+					#mul_add_c(a[5],b[3],c3,c1,c2);
+	$LD	r6,`5*$BNSZ`(r4)
+	$LD	r7,`3*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r12,r12,r8
+	adde	r10,r10,r9
+	addze	r11,r11
+					#mul_add_c(a[4],b[4],c3,c1,c2);
+	$LD	r6,`4*$BNSZ`(r4)
+	$LD	r7,`4*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r12,r12,r8
+	adde	r10,r10,r9
+	addze	r11,r11
+					#mul_add_c(a[3],b[5],c3,c1,c2);
+	$LD	r6,`3*$BNSZ`(r4)
+	$LD	r7,`5*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r12,r12,r8
+	adde	r10,r10,r9
+	addze	r11,r11
+					#mul_add_c(a[2],b[6],c3,c1,c2);
+	$LD	r6,`2*$BNSZ`(r4)
+	$LD	r7,`6*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r12,r12,r8
+	adde	r10,r10,r9
+	addze	r11,r11
+					#mul_add_c(a[1],b[7],c3,c1,c2);
+	$LD	r6,`1*$BNSZ`(r4)
+	$LD	r7,`7*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r12,r12,r8
+	adde	r10,r10,r9
+	addze	r11,r11
+	$ST	r12,`8*$BNSZ`(r3)	#r[8]=c3;
+					#mul_add_c(a[2],b[7],c1,c2,c3);
+	$LD	r6,`2*$BNSZ`(r4)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r10,r10,r8
+	adde	r11,r11,r9
+	addze	r12,r0
+					#mul_add_c(a[3],b[6],c1,c2,c3);
+	$LD	r6,`3*$BNSZ`(r4)
+	$LD	r7,`6*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r10,r10,r8
+	adde	r11,r11,r9
+	addze	r12,r12
+					#mul_add_c(a[4],b[5],c1,c2,c3);
+	$LD	r6,`4*$BNSZ`(r4)
+	$LD	r7,`5*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r10,r10,r8
+	adde	r11,r11,r9
+	addze	r12,r12
+					#mul_add_c(a[5],b[4],c1,c2,c3);
+	$LD	r6,`5*$BNSZ`(r4)
+	$LD	r7,`4*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r10,r10,r8
+	adde	r11,r11,r9
+	addze	r12,r12
+					#mul_add_c(a[6],b[3],c1,c2,c3);
+	$LD	r6,`6*$BNSZ`(r4)
+	$LD	r7,`3*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r10,r10,r8
+	adde	r11,r11,r9
+	addze	r12,r12
+					#mul_add_c(a[7],b[2],c1,c2,c3);
+	$LD	r6,`7*$BNSZ`(r4)
+	$LD	r7,`2*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r10,r10,r8
+	adde	r11,r11,r9
+	addze	r12,r12
+	$ST	r10,`9*$BNSZ`(r3)	#r[9]=c1;
+					#mul_add_c(a[7],b[3],c2,c3,c1);
+	$LD	r7,`3*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r11,r8
+	adde	r12,r12,r9
+	addze	r10,r0
+					#mul_add_c(a[6],b[4],c2,c3,c1);
+	$LD	r6,`6*$BNSZ`(r4)
+	$LD	r7,`4*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r11,r8
+	adde	r12,r12,r9
+	addze	r10,r10
+					#mul_add_c(a[5],b[5],c2,c3,c1);
+	$LD	r6,`5*$BNSZ`(r4)
+	$LD	r7,`5*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r11,r8
+	adde	r12,r12,r9
+	addze	r10,r10
+					#mul_add_c(a[4],b[6],c2,c3,c1);
+	$LD	r6,`4*$BNSZ`(r4)
+	$LD	r7,`6*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r11,r8
+	adde	r12,r12,r9
+	addze	r10,r10
+					#mul_add_c(a[3],b[7],c2,c3,c1);
+	$LD	r6,`3*$BNSZ`(r4)
+	$LD	r7,`7*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r11,r8
+	adde	r12,r12,r9
+	addze	r10,r10
+	$ST	r11,`10*$BNSZ`(r3)	#r[10]=c2;
+					#mul_add_c(a[4],b[7],c3,c1,c2);
+	$LD	r6,`4*$BNSZ`(r4)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r12,r12,r8
+	adde	r10,r10,r9
+	addze	r11,r0
+					#mul_add_c(a[5],b[6],c3,c1,c2);
+	$LD	r6,`5*$BNSZ`(r4)
+	$LD	r7,`6*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r12,r12,r8
+	adde	r10,r10,r9
+	addze	r11,r11
+					#mul_add_c(a[6],b[5],c3,c1,c2);
+	$LD	r6,`6*$BNSZ`(r4)
+	$LD	r7,`5*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r12,r12,r8
+	adde	r10,r10,r9
+	addze	r11,r11
+					#mul_add_c(a[7],b[4],c3,c1,c2);
+	$LD	r6,`7*$BNSZ`(r4)
+	$LD	r7,`4*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r12,r12,r8
+	adde	r10,r10,r9
+	addze	r11,r11
+	$ST	r12,`11*$BNSZ`(r3)	#r[11]=c3;
+					#mul_add_c(a[7],b[5],c1,c2,c3);
+	$LD	r7,`5*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r10,r10,r8
+	adde	r11,r11,r9
+	addze	r12,r0
+					#mul_add_c(a[6],b[6],c1,c2,c3);
+	$LD	r6,`6*$BNSZ`(r4)
+	$LD	r7,`6*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r10,r10,r8
+	adde	r11,r11,r9
+	addze	r12,r12
+					#mul_add_c(a[5],b[7],c1,c2,c3);
+	$LD	r6,`5*$BNSZ`(r4)
+	$LD	r7,`7*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r10,r10,r8
+	adde	r11,r11,r9
+	addze	r12,r12
+	$ST	r10,`12*$BNSZ`(r3)	#r[12]=c1;
+					#mul_add_c(a[6],b[7],c2,c3,c1);
+	$LD	r6,`6*$BNSZ`(r4)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r11,r8
+	adde	r12,r12,r9
+	addze	r10,r0
+					#mul_add_c(a[7],b[6],c2,c3,c1);
+	$LD	r6,`7*$BNSZ`(r4)
+	$LD	r7,`6*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r11,r8
+	adde	r12,r12,r9
+	addze	r10,r10
+	$ST	r11,`13*$BNSZ`(r3)	#r[13]=c2;
+					#mul_add_c(a[7],b[7],c3,c1,c2);
+	$LD	r7,`7*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r12,r12,r8
+	adde	r10,r10,r9
+	$ST	r12,`14*$BNSZ`(r3)	#r[14]=c3;
+	$ST	r10,`15*$BNSZ`(r3)	#r[15]=c1;
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,3,0
+	.long	0
+.size	.bn_mul_comba8,.-.bn_mul_comba8
+
+#
+#	NOTE:	The following label name should be changed to
+#		"bn_sub_words" i.e. remove the first dot
+#		for the gcc compiler. This should be automatically
+#		done in the build
+#
+#
+.align	4
+.bn_sub_words:
+#
+#	Handcoded version of bn_sub_words
+#
+#BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+#
+#	r3 = r
+#	r4 = a
+#	r5 = b
+#	r6 = n
+#
+#       Note:	No loop unrolling done since this is not a performance
+#               critical loop.
+
+	xor	r0,r0,r0	#set r0 = 0
+#
+#	check for r6 = 0 AND set carry bit.
+#
+	subfc.	r7,r0,r6        # If r6 is 0 then result is 0.
+				# if r6 > 0 then result !=0
+				# In either case carry bit is set.
+	beq	Lppcasm_sub_adios
+	addi	r4,r4,-$BNSZ
+	addi	r3,r3,-$BNSZ
+	addi	r5,r5,-$BNSZ
+	mtctr	r6
+Lppcasm_sub_mainloop:
+	$LDU	r7,$BNSZ(r4)
+	$LDU	r8,$BNSZ(r5)
+	subfe	r6,r8,r7	# r6 = r7+carry bit + onescomplement(r8)
+				# if carry = 1 this is r7-r8. Else it
+				# is r7-r8 -1 as we need.
+	$STU	r6,$BNSZ(r3)
+	bdnz	Lppcasm_sub_mainloop
+Lppcasm_sub_adios:
+	subfze	r3,r0		# if carry bit is set then r3 = 0 else -1
+	andi.	r3,r3,1         # keep only last bit.
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,4,0
+	.long	0
+.size	.bn_sub_words,.-.bn_sub_words
+
+#
+#	NOTE:	The following label name should be changed to
+#		"bn_add_words" i.e. remove the first dot
+#		for the gcc compiler. This should be automatically
+#		done in the build
+#
+
+.align	4
+.bn_add_words:
+#
+#	Handcoded version of bn_add_words
+#
+#BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+#
+#	r3 = r
+#	r4 = a
+#	r5 = b
+#	r6 = n
+#
+#       Note:	No loop unrolling done since this is not a performance
+#               critical loop.
+
+	xor	r0,r0,r0
+#
+#	check for r6 = 0. Is this needed?
+#
+	addic.	r6,r6,0		#test r6 and clear carry bit.
+	beq	Lppcasm_add_adios
+	addi	r4,r4,-$BNSZ
+	addi	r3,r3,-$BNSZ
+	addi	r5,r5,-$BNSZ
+	mtctr	r6
+Lppcasm_add_mainloop:
+	$LDU	r7,$BNSZ(r4)
+	$LDU	r8,$BNSZ(r5)
+	adde	r8,r7,r8
+	$STU	r8,$BNSZ(r3)
+	bdnz	Lppcasm_add_mainloop
+Lppcasm_add_adios:
+	addze	r3,r0			#return carry bit.
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,4,0
+	.long	0
+.size	.bn_add_words,.-.bn_add_words
+
+#
+#	NOTE:	The following label name should be changed to
+#		"bn_div_words" i.e. remove the first dot
+#		for the gcc compiler. This should be automatically
+#		done in the build
+#
+
+.align	4
+.bn_div_words:
+#
+#	This is a cleaned up version of code generated by
+#	the AIX compiler. The only optimization is to use
+#	the PPC instruction to count leading zeros instead
+#	of call to num_bits_word. Since this was compiled
+#	only at level -O2 we can possibly squeeze it more?
+#
+#	r3 = h
+#	r4 = l
+#	r5 = d
+
+	$UCMPI	0,r5,0			# compare r5 and 0
+	bne	Lppcasm_div1		# proceed if d!=0
+	li	r3,-1			# d=0 return -1
+	blr
+Lppcasm_div1:
+	xor	r0,r0,r0		#r0=0
+	li	r8,$BITS
+	$CNTLZ.	r7,r5			#r7 = num leading 0s in d.
+	beq	Lppcasm_div2		#proceed if no leading zeros
+	subf	r8,r7,r8		#r8 = BN_num_bits_word(d)
+	$SHR.	r9,r3,r8		#are there any bits above r8'th?
+	$TR	16,r9,r0		#if there're, signal to dump core...
+Lppcasm_div2:
+	$UCMP	0,r3,r5			#h>=d?
+	blt	Lppcasm_div3		#goto Lppcasm_div3 if not
+	subf	r3,r5,r3		#h-=d ;
+Lppcasm_div3:				#r7 = BN_BITS2-i. so r7=i
+	cmpi	0,0,r7,0		# is (i == 0)?
+	beq	Lppcasm_div4
+	$SHL	r3,r3,r7		# h = (h<< i)
+	$SHR	r8,r4,r8		# r8 = (l >> BN_BITS2 -i)
+	$SHL	r5,r5,r7		# d<<=i
+	or	r3,r3,r8		# h = (h<<i)|(l>>(BN_BITS2-i))
+	$SHL	r4,r4,r7		# l <<=i
+Lppcasm_div4:
+	$SHRI	r9,r5,`$BITS/2`		# r9 = dh
+					# dl will be computed when needed
+					# as it saves registers.
+	li	r6,2			#r6=2
+	mtctr	r6			#counter will be in count.
+Lppcasm_divouterloop:
+	$SHRI	r8,r3,`$BITS/2`		#r8 = (h>>BN_BITS4)
+	$SHRI	r11,r4,`$BITS/2`	#r11= (l&BN_MASK2h)>>BN_BITS4
+					# compute here for innerloop.
+	$UCMP	0,r8,r9			# is (h>>BN_BITS4)==dh
+	bne	Lppcasm_div5		# goto Lppcasm_div5 if not
+
+	li	r8,-1
+	$CLRU	r8,r8,`$BITS/2`		#q = BN_MASK2l
+	b	Lppcasm_div6
+Lppcasm_div5:
+	$UDIV	r8,r3,r9		#q = h/dh
+Lppcasm_div6:
+	$UMULL	r12,r9,r8		#th = q*dh
+	$CLRU	r10,r5,`$BITS/2`	#r10=dl
+	$UMULL	r6,r8,r10		#tl = q*dl
+
+Lppcasm_divinnerloop:
+	subf	r10,r12,r3		#t = h -th
+	$SHRI	r7,r10,`$BITS/2`	#r7= (t &BN_MASK2H), sort of...
+	addic.	r7,r7,0			#test if r7 == 0. used below.
+					# now want to compute
+					# r7 = (t<<BN_BITS4)|((l&BN_MASK2h)>>BN_BITS4)
+					# the following 2 instructions do that
+	$SHLI	r7,r10,`$BITS/2`	# r7 = (t<<BN_BITS4)
+	or	r7,r7,r11		# r7|=((l&BN_MASK2h)>>BN_BITS4)
+	$UCMP	cr1,r6,r7		# compare (tl <= r7)
+	bne	Lppcasm_divinnerexit
+	ble	cr1,Lppcasm_divinnerexit
+	addi	r8,r8,-1		#q--
+	subf	r12,r9,r12		#th -=dh
+	$CLRU	r10,r5,`$BITS/2`	#r10=dl. t is no longer needed in loop.
+	subf	r6,r10,r6		#tl -=dl
+	b	Lppcasm_divinnerloop
+Lppcasm_divinnerexit:
+	$SHRI	r10,r6,`$BITS/2`	#t=(tl>>BN_BITS4)
+	$SHLI	r11,r6,`$BITS/2`	#tl=(tl<<BN_BITS4)&BN_MASK2h;
+	$UCMP	cr1,r4,r11		# compare l and tl
+	add	r12,r12,r10		# th+=t
+	bge	cr1,Lppcasm_div7	# if (l>=tl) goto Lppcasm_div7
+	addi	r12,r12,1		# th++
+Lppcasm_div7:
+	subf	r11,r11,r4		#r11=l-tl
+	$UCMP	cr1,r3,r12		#compare h and th
+	bge	cr1,Lppcasm_div8	#if (h>=th) goto Lppcasm_div8
+	addi	r8,r8,-1		# q--
+	add	r3,r5,r3		# h+=d
+Lppcasm_div8:
+	subf	r12,r12,r3		#r12 = h-th
+	$SHLI	r4,r11,`$BITS/2`	#l=(l&BN_MASK2l)<<BN_BITS4
+					# want to compute
+					# h = ((h<<BN_BITS4)|(l>>BN_BITS4))&BN_MASK2
+					# the following 2 instructions will do this.
+	$INSR	r11,r12,`$BITS/2`,`$BITS/2`	# r11 is the value we want rotated $BITS/2.
+	$ROTL	r3,r11,`$BITS/2`	# rotate by $BITS/2 and store in r3
+	bdz	Lppcasm_div9		#if (count==0) break ;
+	$SHLI	r0,r8,`$BITS/2`		#ret =q<<BN_BITS4
+	b	Lppcasm_divouterloop
+Lppcasm_div9:
+	or	r3,r8,r0
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,3,0
+	.long	0
+.size	.bn_div_words,.-.bn_div_words
+
+#
+#	NOTE:	The following label name should be changed to
+#		"bn_sqr_words" i.e. remove the first dot
+#		for the gcc compiler. This should be automatically
+#		done in the build
+#
+.align	4
+.bn_sqr_words:
+#
+#	Optimized version of bn_sqr_words
+#
+#	void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n)
+#
+#	r3 = r
+#	r4 = a
+#	r5 = n
+#
+#	r6 = a[i].
+#	r7,r8 = product.
+#
+#	No unrolling done here. Not performance critical.
+
+	addic.	r5,r5,0			#test r5.
+	beq	Lppcasm_sqr_adios
+	addi	r4,r4,-$BNSZ
+	addi	r3,r3,-$BNSZ
+	mtctr	r5
+Lppcasm_sqr_mainloop:
+					#sqr(r[0],r[1],a[0]);
+	$LDU	r6,$BNSZ(r4)
+	$UMULL	r7,r6,r6
+	$UMULH  r8,r6,r6
+	$STU	r7,$BNSZ(r3)
+	$STU	r8,$BNSZ(r3)
+	bdnz	Lppcasm_sqr_mainloop
+Lppcasm_sqr_adios:
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,3,0
+	.long	0
+.size	.bn_sqr_words,.-.bn_sqr_words
+
+#
+#	NOTE:	The following label name should be changed to
+#		"bn_mul_words" i.e. remove the first dot
+#		for the gcc compiler. This should be automatically
+#		done in the build
+#
+
+.align	4
+.bn_mul_words:
+#
+# BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
+#
+# r3 = rp
+# r4 = ap
+# r5 = num
+# r6 = w
+	xor	r0,r0,r0
+	xor	r12,r12,r12		# used for carry
+	rlwinm.	r7,r5,30,2,31		# num >> 2
+	beq	Lppcasm_mw_REM
+	mtctr	r7
+Lppcasm_mw_LOOP:
+					#mul(rp[0],ap[0],w,c1);
+	$LD	r8,`0*$BNSZ`(r4)
+	$UMULL	r9,r6,r8
+	$UMULH  r10,r6,r8
+	addc	r9,r9,r12
+	#addze	r10,r10			#carry is NOT ignored.
+					#will be taken care of
+					#in second spin below
+					#using adde.
+	$ST	r9,`0*$BNSZ`(r3)
+					#mul(rp[1],ap[1],w,c1);
+	$LD	r8,`1*$BNSZ`(r4)
+	$UMULL	r11,r6,r8
+	$UMULH  r12,r6,r8
+	adde	r11,r11,r10
+	#addze	r12,r12
+	$ST	r11,`1*$BNSZ`(r3)
+					#mul(rp[2],ap[2],w,c1);
+	$LD	r8,`2*$BNSZ`(r4)
+	$UMULL	r9,r6,r8
+	$UMULH  r10,r6,r8
+	adde	r9,r9,r12
+	#addze	r10,r10
+	$ST	r9,`2*$BNSZ`(r3)
+					#mul_add(rp[3],ap[3],w,c1);
+	$LD	r8,`3*$BNSZ`(r4)
+	$UMULL	r11,r6,r8
+	$UMULH  r12,r6,r8
+	adde	r11,r11,r10
+	addze	r12,r12			#this spin we collect carry into
+					#r12
+	$ST	r11,`3*$BNSZ`(r3)
+
+	addi	r3,r3,`4*$BNSZ`
+	addi	r4,r4,`4*$BNSZ`
+	bdnz	Lppcasm_mw_LOOP
+
+Lppcasm_mw_REM:
+	andi.	r5,r5,0x3
+	beq	Lppcasm_mw_OVER
+					#mul(rp[0],ap[0],w,c1);
+	$LD	r8,`0*$BNSZ`(r4)
+	$UMULL	r9,r6,r8
+	$UMULH  r10,r6,r8
+	addc	r9,r9,r12
+	addze	r10,r10
+	$ST	r9,`0*$BNSZ`(r3)
+	addi	r12,r10,0
+
+	addi	r5,r5,-1
+	cmpli	0,0,r5,0
+	beq	Lppcasm_mw_OVER
+
+
+					#mul(rp[1],ap[1],w,c1);
+	$LD	r8,`1*$BNSZ`(r4)
+	$UMULL	r9,r6,r8
+	$UMULH  r10,r6,r8
+	addc	r9,r9,r12
+	addze	r10,r10
+	$ST	r9,`1*$BNSZ`(r3)
+	addi	r12,r10,0
+
+	addi	r5,r5,-1
+	cmpli	0,0,r5,0
+	beq	Lppcasm_mw_OVER
+
+					#mul_add(rp[2],ap[2],w,c1);
+	$LD	r8,`2*$BNSZ`(r4)
+	$UMULL	r9,r6,r8
+	$UMULH  r10,r6,r8
+	addc	r9,r9,r12
+	addze	r10,r10
+	$ST	r9,`2*$BNSZ`(r3)
+	addi	r12,r10,0
+
+Lppcasm_mw_OVER:
+	addi	r3,r12,0
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,4,0
+	.long	0
+.size	.bn_mul_words,.-.bn_mul_words
+
+#
+#	NOTE:	The following label name should be changed to
+#		"bn_mul_add_words" i.e. remove the first dot
+#		for the gcc compiler. This should be automatically
+#		done in the build
+#
+
+.align	4
+.bn_mul_add_words:
+#
+# BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
+#
+# r3 = rp
+# r4 = ap
+# r5 = num
+# r6 = w
+#
+# empirical evidence suggests that unrolled version performs best!!
+#
+	xor	r0,r0,r0		#r0 = 0
+	xor	r12,r12,r12  		#r12 = 0 . used for carry
+	rlwinm.	r7,r5,30,2,31		# num >> 2
+	beq	Lppcasm_maw_leftover	# if (num < 4) go LPPCASM_maw_leftover
+	mtctr	r7
+Lppcasm_maw_mainloop:
+					#mul_add(rp[0],ap[0],w,c1);
+	$LD	r8,`0*$BNSZ`(r4)
+	$LD	r11,`0*$BNSZ`(r3)
+	$UMULL	r9,r6,r8
+	$UMULH  r10,r6,r8
+	addc	r9,r9,r12		#r12 is carry.
+	addze	r10,r10
+	addc	r9,r9,r11
+	#addze	r10,r10
+					#the above instruction addze
+					#is NOT needed. Carry will NOT
+					#be ignored. It's not affected
+					#by multiply and will be collected
+					#in the next spin
+	$ST	r9,`0*$BNSZ`(r3)
+
+					#mul_add(rp[1],ap[1],w,c1);
+	$LD	r8,`1*$BNSZ`(r4)
+	$LD	r9,`1*$BNSZ`(r3)
+	$UMULL	r11,r6,r8
+	$UMULH  r12,r6,r8
+	adde	r11,r11,r10		#r10 is carry.
+	addze	r12,r12
+	addc	r11,r11,r9
+	#addze	r12,r12
+	$ST	r11,`1*$BNSZ`(r3)
+
+					#mul_add(rp[2],ap[2],w,c1);
+	$LD	r8,`2*$BNSZ`(r4)
+	$UMULL	r9,r6,r8
+	$LD	r11,`2*$BNSZ`(r3)
+	$UMULH  r10,r6,r8
+	adde	r9,r9,r12
+	addze	r10,r10
+	addc	r9,r9,r11
+	#addze	r10,r10
+	$ST	r9,`2*$BNSZ`(r3)
+
+					#mul_add(rp[3],ap[3],w,c1);
+	$LD	r8,`3*$BNSZ`(r4)
+	$UMULL	r11,r6,r8
+	$LD	r9,`3*$BNSZ`(r3)
+	$UMULH  r12,r6,r8
+	adde	r11,r11,r10
+	addze	r12,r12
+	addc	r11,r11,r9
+	addze	r12,r12
+	$ST	r11,`3*$BNSZ`(r3)
+	addi	r3,r3,`4*$BNSZ`
+	addi	r4,r4,`4*$BNSZ`
+	bdnz	Lppcasm_maw_mainloop
+
+Lppcasm_maw_leftover:
+	andi.	r5,r5,0x3
+	beq	Lppcasm_maw_adios
+	addi	r3,r3,-$BNSZ
+	addi	r4,r4,-$BNSZ
+					#mul_add(rp[0],ap[0],w,c1);
+	mtctr	r5
+	$LDU	r8,$BNSZ(r4)
+	$UMULL	r9,r6,r8
+	$UMULH  r10,r6,r8
+	$LDU	r11,$BNSZ(r3)
+	addc	r9,r9,r11
+	addze	r10,r10
+	addc	r9,r9,r12
+	addze	r12,r10
+	$ST	r9,0(r3)
+
+	bdz	Lppcasm_maw_adios
+					#mul_add(rp[1],ap[1],w,c1);
+	$LDU	r8,$BNSZ(r4)
+	$UMULL	r9,r6,r8
+	$UMULH  r10,r6,r8
+	$LDU	r11,$BNSZ(r3)
+	addc	r9,r9,r11
+	addze	r10,r10
+	addc	r9,r9,r12
+	addze	r12,r10
+	$ST	r9,0(r3)
+
+	bdz	Lppcasm_maw_adios
+					#mul_add(rp[2],ap[2],w,c1);
+	$LDU	r8,$BNSZ(r4)
+	$UMULL	r9,r6,r8
+	$UMULH  r10,r6,r8
+	$LDU	r11,$BNSZ(r3)
+	addc	r9,r9,r11
+	addze	r10,r10
+	addc	r9,r9,r12
+	addze	r12,r10
+	$ST	r9,0(r3)
+
+Lppcasm_maw_adios:
+	addi	r3,r12,0
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,4,0
+	.long	0
+.size	.bn_mul_add_words,.-.bn_mul_add_words
+	.align	4
+EOF
+$data =~ s/\`([^\`]*)\`/eval $1/gem;
+print $data;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/ppc64-mont.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/ppc64-mont.pl
new file mode 100644
index 000000000..c41b620bc
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/ppc64-mont.pl
@@ -0,0 +1,1652 @@
+#! /usr/bin/env perl
+# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# December 2007
+
+# The reason for undertaken effort is basically following. Even though
+# Power 6 CPU operates at incredible 4.7GHz clock frequency, its PKI
+# performance was observed to be less than impressive, essentially as
+# fast as 1.8GHz PPC970, or 2.6 times(!) slower than one would hope.
+# Well, it's not surprising that IBM had to make some sacrifices to
+# boost the clock frequency that much, but no overall improvement?
+# Having observed how much difference did switching to FPU make on
+# UltraSPARC, playing same stunt on Power 6 appeared appropriate...
+# Unfortunately the resulting performance improvement is not as
+# impressive, ~30%, and in absolute terms is still very far from what
+# one would expect from 4.7GHz CPU. There is a chance that I'm doing
+# something wrong, but in the lack of assembler level micro-profiling
+# data or at least decent platform guide I can't tell... Or better
+# results might be achieved with VMX... Anyway, this module provides
+# *worse* performance on other PowerPC implementations, ~40-15% slower
+# on PPC970 depending on key length and ~40% slower on Power 5 for all
+# key lengths. As it's obviously inappropriate as "best all-round"
+# alternative, it has to be complemented with run-time CPU family
+# detection. Oh! It should also be noted that unlike other PowerPC
+# implementation IALU ppc-mont.pl module performs *suboptimally* on
+# >=1024-bit key lengths on Power 6. It should also be noted that
+# *everything* said so far applies to 64-bit builds! As far as 32-bit
+# application executed on 64-bit CPU goes, this module is likely to
+# become preferred choice, because it's easy to adapt it for such
+# case and *is* faster than 32-bit ppc-mont.pl on *all* processors.
+
+# February 2008
+
+# Micro-profiling assisted optimization results in ~15% improvement
+# over original ppc64-mont.pl version, or overall ~50% improvement
+# over ppc.pl module on Power 6. If compared to ppc-mont.pl on same
+# Power 6 CPU, this module is 5-150% faster depending on key length,
+# [hereafter] more for longer keys. But if compared to ppc-mont.pl
+# on 1.8GHz PPC970, it's only 5-55% faster. Still far from impressive
+# in absolute terms, but it's apparently the way Power 6 is...
+
+# December 2009
+
+# Adapted for 32-bit build this module delivers 25-120%, yes, more
+# than *twice* for longer keys, performance improvement over 32-bit
+# ppc-mont.pl on 1.8GHz PPC970. However! This implementation utilizes
+# even 64-bit integer operations and the trouble is that most PPC
+# operating systems don't preserve upper halves of general purpose
+# registers upon 32-bit signal delivery. They do preserve them upon
+# context switch, but not signalling:-( This means that asynchronous
+# signals have to be blocked upon entry to this subroutine. Signal
+# masking (and of course complementary unmasking) has quite an impact
+# on performance, naturally larger for shorter keys. It's so severe
+# that 512-bit key performance can be as low as 1/3 of expected one.
+# This is why this routine can be engaged for longer key operations
+# only on these OSes, see crypto/ppccap.c for further details. MacOS X
+# is an exception from this and doesn't require signal masking, and
+# that's where above improvement coefficients were collected. For
+# others alternative would be to break dependence on upper halves of
+# GPRs by sticking to 32-bit integer operations...
+
+# December 2012
+
+# Remove above mentioned dependence on GPRs' upper halves in 32-bit
+# build. No signal masking overhead, but integer instructions are
+# *more* numerous... It's still "universally" faster than 32-bit
+# ppc-mont.pl, but improvement coefficient is not as impressive
+# for longer keys...
+
+$flavour = shift;
+
+if ($flavour =~ /32/) {
+	$SIZE_T=4;
+	$RZONE=	224;
+	$fname=	"bn_mul_mont_fpu64";
+
+	$STUX=	"stwux";	# store indexed and update
+	$PUSH=	"stw";
+	$POP=	"lwz";
+} elsif ($flavour =~ /64/) {
+	$SIZE_T=8;
+	$RZONE=	288;
+	$fname=	"bn_mul_mont_fpu64";
+
+	# same as above, but 64-bit mnemonics...
+	$STUX=	"stdux";	# store indexed and update
+	$PUSH=	"std";
+	$POP=	"ld";
+} else { die "nonsense $flavour"; }
+
+$LITTLE_ENDIAN = ($flavour=~/le$/) ? 4 : 0;
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
+die "can't locate ppc-xlate.pl";
+
+open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!";
+
+$FRAME=64;	# padded frame header
+$TRANSFER=16*8;
+
+$carry="r0";
+$sp="r1";
+$toc="r2";
+$rp="r3";	$ovf="r3";
+$ap="r4";
+$bp="r5";
+$np="r6";
+$n0="r7";
+$num="r8";
+$rp="r9";	# $rp is reassigned
+$tp="r10";
+$j="r11";
+$i="r12";
+# non-volatile registers
+$c1="r19";
+$n1="r20";
+$a1="r21";
+$nap_d="r22";	# interleaved ap and np in double format
+$a0="r23";	# ap[0]
+$t0="r24";	# temporary registers
+$t1="r25";
+$t2="r26";
+$t3="r27";
+$t4="r28";
+$t5="r29";
+$t6="r30";
+$t7="r31";
+
+# PPC offers enough register bank capacity to unroll inner loops twice
+#
+#     ..A3A2A1A0
+#           dcba
+#    -----------
+#            A0a
+#           A0b
+#          A0c
+#         A0d
+#          A1a
+#         A1b
+#        A1c
+#       A1d
+#        A2a
+#       A2b
+#      A2c
+#     A2d
+#      A3a
+#     A3b
+#    A3c
+#   A3d
+#    ..a
+#   ..b
+#
+$ba="f0";	$bb="f1";	$bc="f2";	$bd="f3";
+$na="f4";	$nb="f5";	$nc="f6";	$nd="f7";
+$dota="f8";	$dotb="f9";
+$A0="f10";	$A1="f11";	$A2="f12";	$A3="f13";
+$N0="f20";	$N1="f21";	$N2="f22";	$N3="f23";
+$T0a="f24";	$T0b="f25";
+$T1a="f26";	$T1b="f27";
+$T2a="f28";	$T2b="f29";
+$T3a="f30";	$T3b="f31";
+
+# sp----------->+-------------------------------+
+#		| saved sp			|
+#		+-------------------------------+
+#		.				.
+#   +64		+-------------------------------+
+#		| 16 gpr<->fpr transfer zone	|
+#		.				.
+#		.				.
+#   +16*8	+-------------------------------+
+#		| __int64 tmp[-1]		|
+#		+-------------------------------+
+#		| __int64 tmp[num]		|
+#		.				.
+#		.				.
+#		.				.
+#   +(num+1)*8	+-------------------------------+
+#		| padding to 64 byte boundary	|
+#		.				.
+#   +X		+-------------------------------+
+#		| double nap_d[4*num]		|
+#		.				.
+#		.				.
+#		.				.
+#		+-------------------------------+
+#		.				.
+#   -13*size_t	+-------------------------------+
+#		| 13 saved gpr, r19-r31		|
+#		.				.
+#		.				.
+#   -12*8	+-------------------------------+
+#		| 12 saved fpr, f20-f31		|
+#		.				.
+#		.				.
+#		+-------------------------------+
+
+$code=<<___;
+.machine "any"
+.text
+
+.globl	.$fname
+.align	5
+.$fname:
+	cmpwi	$num,`3*8/$SIZE_T`
+	mr	$rp,r3		; $rp is reassigned
+	li	r3,0		; possible "not handled" return code
+	bltlr-
+	andi.	r0,$num,`16/$SIZE_T-1`		; $num has to be "even"
+	bnelr-
+
+	slwi	$num,$num,`log($SIZE_T)/log(2)`	; num*=sizeof(BN_LONG)
+	li	$i,-4096
+	slwi	$tp,$num,2	; place for {an}p_{lh}[num], i.e. 4*num
+	add	$tp,$tp,$num	; place for tp[num+1]
+	addi	$tp,$tp,`$FRAME+$TRANSFER+8+64+$RZONE`
+	subf	$tp,$tp,$sp	; $sp-$tp
+	and	$tp,$tp,$i	; minimize TLB usage
+	subf	$tp,$sp,$tp	; $tp-$sp
+	mr	$i,$sp
+	$STUX	$sp,$sp,$tp	; alloca
+
+	$PUSH	r19,`-12*8-13*$SIZE_T`($i)
+	$PUSH	r20,`-12*8-12*$SIZE_T`($i)
+	$PUSH	r21,`-12*8-11*$SIZE_T`($i)
+	$PUSH	r22,`-12*8-10*$SIZE_T`($i)
+	$PUSH	r23,`-12*8-9*$SIZE_T`($i)
+	$PUSH	r24,`-12*8-8*$SIZE_T`($i)
+	$PUSH	r25,`-12*8-7*$SIZE_T`($i)
+	$PUSH	r26,`-12*8-6*$SIZE_T`($i)
+	$PUSH	r27,`-12*8-5*$SIZE_T`($i)
+	$PUSH	r28,`-12*8-4*$SIZE_T`($i)
+	$PUSH	r29,`-12*8-3*$SIZE_T`($i)
+	$PUSH	r30,`-12*8-2*$SIZE_T`($i)
+	$PUSH	r31,`-12*8-1*$SIZE_T`($i)
+	stfd	f20,`-12*8`($i)
+	stfd	f21,`-11*8`($i)
+	stfd	f22,`-10*8`($i)
+	stfd	f23,`-9*8`($i)
+	stfd	f24,`-8*8`($i)
+	stfd	f25,`-7*8`($i)
+	stfd	f26,`-6*8`($i)
+	stfd	f27,`-5*8`($i)
+	stfd	f28,`-4*8`($i)
+	stfd	f29,`-3*8`($i)
+	stfd	f30,`-2*8`($i)
+	stfd	f31,`-1*8`($i)
+
+	addi	$tp,$sp,`$FRAME+$TRANSFER+8+64`
+	li	$i,-64
+	add	$nap_d,$tp,$num
+	and	$nap_d,$nap_d,$i	; align to 64 bytes
+	; nap_d is off by 1, because it's used with stfdu/lfdu
+	addi	$nap_d,$nap_d,-8
+	srwi	$j,$num,`3+1`	; counter register, num/2
+	addi	$j,$j,-1
+	addi	$tp,$sp,`$FRAME+$TRANSFER-8`
+	li	$carry,0
+	mtctr	$j
+___
+
+$code.=<<___ if ($SIZE_T==8);
+	ld	$a0,0($ap)		; pull ap[0] value
+	ld	$t3,0($bp)		; bp[0]
+	ld	$n0,0($n0)		; pull n0[0] value
+
+	mulld	$t7,$a0,$t3		; ap[0]*bp[0]
+	; transfer bp[0] to FPU as 4x16-bit values
+	extrdi	$t0,$t3,16,48
+	extrdi	$t1,$t3,16,32
+	extrdi	$t2,$t3,16,16
+	extrdi	$t3,$t3,16,0
+	std	$t0,`$FRAME+0`($sp)
+	std	$t1,`$FRAME+8`($sp)
+	std	$t2,`$FRAME+16`($sp)
+	std	$t3,`$FRAME+24`($sp)
+
+	mulld	$t7,$t7,$n0		; tp[0]*n0
+	; transfer (ap[0]*bp[0])*n0 to FPU as 4x16-bit values
+	extrdi	$t4,$t7,16,48
+	extrdi	$t5,$t7,16,32
+	extrdi	$t6,$t7,16,16
+	extrdi	$t7,$t7,16,0
+	std	$t4,`$FRAME+32`($sp)
+	std	$t5,`$FRAME+40`($sp)
+	std	$t6,`$FRAME+48`($sp)
+	std	$t7,`$FRAME+56`($sp)
+
+	extrdi	$t0,$a0,32,32		; lwz	$t0,4($ap)
+	extrdi	$t1,$a0,32,0		; lwz	$t1,0($ap)
+	lwz	$t2,`12^$LITTLE_ENDIAN`($ap)	; load a[1] as 32-bit word pair
+	lwz	$t3,`8^$LITTLE_ENDIAN`($ap)
+	lwz	$t4,`4^$LITTLE_ENDIAN`($np)	; load n[0] as 32-bit word pair
+	lwz	$t5,`0^$LITTLE_ENDIAN`($np)
+	lwz	$t6,`12^$LITTLE_ENDIAN`($np)	; load n[1] as 32-bit word pair
+	lwz	$t7,`8^$LITTLE_ENDIAN`($np)
+___
+$code.=<<___ if ($SIZE_T==4);
+	lwz	$a0,0($ap)		; pull ap[0,1] value
+	mr	$n1,$n0
+	lwz	$a1,4($ap)
+	li	$c1,0
+	lwz	$t1,0($bp)		; bp[0,1]
+	lwz	$t3,4($bp)
+	lwz	$n0,0($n1)		; pull n0[0,1] value
+	lwz	$n1,4($n1)
+
+	mullw	$t4,$a0,$t1		; mulld ap[0]*bp[0]
+	mulhwu	$t5,$a0,$t1
+	mullw	$t6,$a1,$t1
+	mullw	$t7,$a0,$t3
+	add	$t5,$t5,$t6
+	add	$t5,$t5,$t7
+	; transfer bp[0] to FPU as 4x16-bit values
+	extrwi	$t0,$t1,16,16
+	extrwi	$t1,$t1,16,0
+	extrwi	$t2,$t3,16,16
+	extrwi	$t3,$t3,16,0
+	std	$t0,`$FRAME+0`($sp)	; yes, std in 32-bit build
+	std	$t1,`$FRAME+8`($sp)
+	std	$t2,`$FRAME+16`($sp)
+	std	$t3,`$FRAME+24`($sp)
+
+	mullw	$t0,$t4,$n0		; mulld tp[0]*n0
+	mulhwu	$t1,$t4,$n0
+	mullw	$t2,$t5,$n0
+	mullw	$t3,$t4,$n1
+	add	$t1,$t1,$t2
+	add	$t1,$t1,$t3
+	; transfer (ap[0]*bp[0])*n0 to FPU as 4x16-bit values
+	extrwi	$t4,$t0,16,16
+	extrwi	$t5,$t0,16,0
+	extrwi	$t6,$t1,16,16
+	extrwi	$t7,$t1,16,0
+	std	$t4,`$FRAME+32`($sp)	; yes, std in 32-bit build
+	std	$t5,`$FRAME+40`($sp)
+	std	$t6,`$FRAME+48`($sp)
+	std	$t7,`$FRAME+56`($sp)
+
+	mr	$t0,$a0			; lwz	$t0,0($ap)
+	mr	$t1,$a1			; lwz	$t1,4($ap)
+	lwz	$t2,8($ap)		; load a[j..j+3] as 32-bit word pairs
+	lwz	$t3,12($ap)
+	lwz	$t4,0($np)		; load n[j..j+3] as 32-bit word pairs
+	lwz	$t5,4($np)
+	lwz	$t6,8($np)
+	lwz	$t7,12($np)
+___
+$code.=<<___;
+	lfd	$ba,`$FRAME+0`($sp)
+	lfd	$bb,`$FRAME+8`($sp)
+	lfd	$bc,`$FRAME+16`($sp)
+	lfd	$bd,`$FRAME+24`($sp)
+	lfd	$na,`$FRAME+32`($sp)
+	lfd	$nb,`$FRAME+40`($sp)
+	lfd	$nc,`$FRAME+48`($sp)
+	lfd	$nd,`$FRAME+56`($sp)
+	std	$t0,`$FRAME+64`($sp)	; yes, std even in 32-bit build
+	std	$t1,`$FRAME+72`($sp)
+	std	$t2,`$FRAME+80`($sp)
+	std	$t3,`$FRAME+88`($sp)
+	std	$t4,`$FRAME+96`($sp)
+	std	$t5,`$FRAME+104`($sp)
+	std	$t6,`$FRAME+112`($sp)
+	std	$t7,`$FRAME+120`($sp)
+	fcfid	$ba,$ba
+	fcfid	$bb,$bb
+	fcfid	$bc,$bc
+	fcfid	$bd,$bd
+	fcfid	$na,$na
+	fcfid	$nb,$nb
+	fcfid	$nc,$nc
+	fcfid	$nd,$nd
+
+	lfd	$A0,`$FRAME+64`($sp)
+	lfd	$A1,`$FRAME+72`($sp)
+	lfd	$A2,`$FRAME+80`($sp)
+	lfd	$A3,`$FRAME+88`($sp)
+	lfd	$N0,`$FRAME+96`($sp)
+	lfd	$N1,`$FRAME+104`($sp)
+	lfd	$N2,`$FRAME+112`($sp)
+	lfd	$N3,`$FRAME+120`($sp)
+	fcfid	$A0,$A0
+	fcfid	$A1,$A1
+	fcfid	$A2,$A2
+	fcfid	$A3,$A3
+	fcfid	$N0,$N0
+	fcfid	$N1,$N1
+	fcfid	$N2,$N2
+	fcfid	$N3,$N3
+	addi	$ap,$ap,16
+	addi	$np,$np,16
+
+	fmul	$T1a,$A1,$ba
+	fmul	$T1b,$A1,$bb
+	stfd	$A0,8($nap_d)		; save a[j] in double format
+	stfd	$A1,16($nap_d)
+	fmul	$T2a,$A2,$ba
+	fmul	$T2b,$A2,$bb
+	stfd	$A2,24($nap_d)		; save a[j+1] in double format
+	stfd	$A3,32($nap_d)
+	fmul	$T3a,$A3,$ba
+	fmul	$T3b,$A3,$bb
+	stfd	$N0,40($nap_d)		; save n[j] in double format
+	stfd	$N1,48($nap_d)
+	fmul	$T0a,$A0,$ba
+	fmul	$T0b,$A0,$bb
+	stfd	$N2,56($nap_d)		; save n[j+1] in double format
+	stfdu	$N3,64($nap_d)
+
+	fmadd	$T1a,$A0,$bc,$T1a
+	fmadd	$T1b,$A0,$bd,$T1b
+	fmadd	$T2a,$A1,$bc,$T2a
+	fmadd	$T2b,$A1,$bd,$T2b
+	fmadd	$T3a,$A2,$bc,$T3a
+	fmadd	$T3b,$A2,$bd,$T3b
+	fmul	$dota,$A3,$bc
+	fmul	$dotb,$A3,$bd
+
+	fmadd	$T1a,$N1,$na,$T1a
+	fmadd	$T1b,$N1,$nb,$T1b
+	fmadd	$T2a,$N2,$na,$T2a
+	fmadd	$T2b,$N2,$nb,$T2b
+	fmadd	$T3a,$N3,$na,$T3a
+	fmadd	$T3b,$N3,$nb,$T3b
+	fmadd	$T0a,$N0,$na,$T0a
+	fmadd	$T0b,$N0,$nb,$T0b
+
+	fmadd	$T1a,$N0,$nc,$T1a
+	fmadd	$T1b,$N0,$nd,$T1b
+	fmadd	$T2a,$N1,$nc,$T2a
+	fmadd	$T2b,$N1,$nd,$T2b
+	fmadd	$T3a,$N2,$nc,$T3a
+	fmadd	$T3b,$N2,$nd,$T3b
+	fmadd	$dota,$N3,$nc,$dota
+	fmadd	$dotb,$N3,$nd,$dotb
+
+	fctid	$T0a,$T0a
+	fctid	$T0b,$T0b
+	fctid	$T1a,$T1a
+	fctid	$T1b,$T1b
+	fctid	$T2a,$T2a
+	fctid	$T2b,$T2b
+	fctid	$T3a,$T3a
+	fctid	$T3b,$T3b
+
+	stfd	$T0a,`$FRAME+0`($sp)
+	stfd	$T0b,`$FRAME+8`($sp)
+	stfd	$T1a,`$FRAME+16`($sp)
+	stfd	$T1b,`$FRAME+24`($sp)
+	stfd	$T2a,`$FRAME+32`($sp)
+	stfd	$T2b,`$FRAME+40`($sp)
+	stfd	$T3a,`$FRAME+48`($sp)
+	stfd	$T3b,`$FRAME+56`($sp)
+
+.align	5
+L1st:
+___
+$code.=<<___ if ($SIZE_T==8);
+	lwz	$t0,`4^$LITTLE_ENDIAN`($ap)	; load a[j] as 32-bit word pair
+	lwz	$t1,`0^$LITTLE_ENDIAN`($ap)
+	lwz	$t2,`12^$LITTLE_ENDIAN`($ap)	; load a[j+1] as 32-bit word pair
+	lwz	$t3,`8^$LITTLE_ENDIAN`($ap)
+	lwz	$t4,`4^$LITTLE_ENDIAN`($np)	; load n[j] as 32-bit word pair
+	lwz	$t5,`0^$LITTLE_ENDIAN`($np)
+	lwz	$t6,`12^$LITTLE_ENDIAN`($np)	; load n[j+1] as 32-bit word pair
+	lwz	$t7,`8^$LITTLE_ENDIAN`($np)
+___
+$code.=<<___ if ($SIZE_T==4);
+	lwz	$t0,0($ap)		; load a[j..j+3] as 32-bit word pairs
+	lwz	$t1,4($ap)
+	lwz	$t2,8($ap)
+	lwz	$t3,12($ap)
+	lwz	$t4,0($np)		; load n[j..j+3] as 32-bit word pairs
+	lwz	$t5,4($np)
+	lwz	$t6,8($np)
+	lwz	$t7,12($np)
+___
+$code.=<<___;
+	std	$t0,`$FRAME+64`($sp)	; yes, std even in 32-bit build
+	std	$t1,`$FRAME+72`($sp)
+	std	$t2,`$FRAME+80`($sp)
+	std	$t3,`$FRAME+88`($sp)
+	std	$t4,`$FRAME+96`($sp)
+	std	$t5,`$FRAME+104`($sp)
+	std	$t6,`$FRAME+112`($sp)
+	std	$t7,`$FRAME+120`($sp)
+___
+if ($SIZE_T==8 or $flavour =~ /osx/) {
+$code.=<<___;
+	ld	$t0,`$FRAME+0`($sp)
+	ld	$t1,`$FRAME+8`($sp)
+	ld	$t2,`$FRAME+16`($sp)
+	ld	$t3,`$FRAME+24`($sp)
+	ld	$t4,`$FRAME+32`($sp)
+	ld	$t5,`$FRAME+40`($sp)
+	ld	$t6,`$FRAME+48`($sp)
+	ld	$t7,`$FRAME+56`($sp)
+___
+} else {
+$code.=<<___;
+	lwz	$t1,`$FRAME+0^$LITTLE_ENDIAN`($sp)
+	lwz	$t0,`$FRAME+4^$LITTLE_ENDIAN`($sp)
+	lwz	$t3,`$FRAME+8^$LITTLE_ENDIAN`($sp)
+	lwz	$t2,`$FRAME+12^$LITTLE_ENDIAN`($sp)
+	lwz	$t5,`$FRAME+16^$LITTLE_ENDIAN`($sp)
+	lwz	$t4,`$FRAME+20^$LITTLE_ENDIAN`($sp)
+	lwz	$t7,`$FRAME+24^$LITTLE_ENDIAN`($sp)
+	lwz	$t6,`$FRAME+28^$LITTLE_ENDIAN`($sp)
+___
+}
+$code.=<<___;
+	lfd	$A0,`$FRAME+64`($sp)
+	lfd	$A1,`$FRAME+72`($sp)
+	lfd	$A2,`$FRAME+80`($sp)
+	lfd	$A3,`$FRAME+88`($sp)
+	lfd	$N0,`$FRAME+96`($sp)
+	lfd	$N1,`$FRAME+104`($sp)
+	lfd	$N2,`$FRAME+112`($sp)
+	lfd	$N3,`$FRAME+120`($sp)
+	fcfid	$A0,$A0
+	fcfid	$A1,$A1
+	fcfid	$A2,$A2
+	fcfid	$A3,$A3
+	fcfid	$N0,$N0
+	fcfid	$N1,$N1
+	fcfid	$N2,$N2
+	fcfid	$N3,$N3
+	addi	$ap,$ap,16
+	addi	$np,$np,16
+
+	fmul	$T1a,$A1,$ba
+	fmul	$T1b,$A1,$bb
+	fmul	$T2a,$A2,$ba
+	fmul	$T2b,$A2,$bb
+	stfd	$A0,8($nap_d)		; save a[j] in double format
+	stfd	$A1,16($nap_d)
+	fmul	$T3a,$A3,$ba
+	fmul	$T3b,$A3,$bb
+	fmadd	$T0a,$A0,$ba,$dota
+	fmadd	$T0b,$A0,$bb,$dotb
+	stfd	$A2,24($nap_d)		; save a[j+1] in double format
+	stfd	$A3,32($nap_d)
+___
+if ($SIZE_T==8 or $flavour =~ /osx/) {
+$code.=<<___;
+	fmadd	$T1a,$A0,$bc,$T1a
+	fmadd	$T1b,$A0,$bd,$T1b
+	fmadd	$T2a,$A1,$bc,$T2a
+	fmadd	$T2b,$A1,$bd,$T2b
+	stfd	$N0,40($nap_d)		; save n[j] in double format
+	stfd	$N1,48($nap_d)
+	fmadd	$T3a,$A2,$bc,$T3a
+	fmadd	$T3b,$A2,$bd,$T3b
+	 add	$t0,$t0,$carry		; can not overflow
+	fmul	$dota,$A3,$bc
+	fmul	$dotb,$A3,$bd
+	stfd	$N2,56($nap_d)		; save n[j+1] in double format
+	stfdu	$N3,64($nap_d)
+	 srdi	$carry,$t0,16
+	 add	$t1,$t1,$carry
+	 srdi	$carry,$t1,16
+
+	fmadd	$T1a,$N1,$na,$T1a
+	fmadd	$T1b,$N1,$nb,$T1b
+	 insrdi	$t0,$t1,16,32
+	fmadd	$T2a,$N2,$na,$T2a
+	fmadd	$T2b,$N2,$nb,$T2b
+	 add	$t2,$t2,$carry
+	fmadd	$T3a,$N3,$na,$T3a
+	fmadd	$T3b,$N3,$nb,$T3b
+	 srdi	$carry,$t2,16
+	fmadd	$T0a,$N0,$na,$T0a
+	fmadd	$T0b,$N0,$nb,$T0b
+	 insrdi	$t0,$t2,16,16
+	 add	$t3,$t3,$carry
+	 srdi	$carry,$t3,16
+
+	fmadd	$T1a,$N0,$nc,$T1a
+	fmadd	$T1b,$N0,$nd,$T1b
+	 insrdi	$t0,$t3,16,0		; 0..63 bits
+	fmadd	$T2a,$N1,$nc,$T2a
+	fmadd	$T2b,$N1,$nd,$T2b
+	 add	$t4,$t4,$carry
+	fmadd	$T3a,$N2,$nc,$T3a
+	fmadd	$T3b,$N2,$nd,$T3b
+	 srdi	$carry,$t4,16
+	fmadd	$dota,$N3,$nc,$dota
+	fmadd	$dotb,$N3,$nd,$dotb
+	 add	$t5,$t5,$carry
+	 srdi	$carry,$t5,16
+	 insrdi	$t4,$t5,16,32
+
+	fctid	$T0a,$T0a
+	fctid	$T0b,$T0b
+	 add	$t6,$t6,$carry
+	fctid	$T1a,$T1a
+	fctid	$T1b,$T1b
+	 srdi	$carry,$t6,16
+	fctid	$T2a,$T2a
+	fctid	$T2b,$T2b
+	 insrdi	$t4,$t6,16,16
+	fctid	$T3a,$T3a
+	fctid	$T3b,$T3b
+	 add	$t7,$t7,$carry
+	 insrdi	$t4,$t7,16,0		; 64..127 bits
+	 srdi	$carry,$t7,16		; upper 33 bits
+
+	stfd	$T0a,`$FRAME+0`($sp)
+	stfd	$T0b,`$FRAME+8`($sp)
+	stfd	$T1a,`$FRAME+16`($sp)
+	stfd	$T1b,`$FRAME+24`($sp)
+	stfd	$T2a,`$FRAME+32`($sp)
+	stfd	$T2b,`$FRAME+40`($sp)
+	stfd	$T3a,`$FRAME+48`($sp)
+	stfd	$T3b,`$FRAME+56`($sp)
+	 std	$t0,8($tp)		; tp[j-1]
+	 stdu	$t4,16($tp)		; tp[j]
+___
+} else {
+$code.=<<___;
+	fmadd	$T1a,$A0,$bc,$T1a
+	fmadd	$T1b,$A0,$bd,$T1b
+	 addc	$t0,$t0,$carry
+	 adde	$t1,$t1,$c1
+	 srwi	$carry,$t0,16
+	fmadd	$T2a,$A1,$bc,$T2a
+	fmadd	$T2b,$A1,$bd,$T2b
+	stfd	$N0,40($nap_d)		; save n[j] in double format
+	stfd	$N1,48($nap_d)
+	 srwi	$c1,$t1,16
+	 insrwi	$carry,$t1,16,0
+	fmadd	$T3a,$A2,$bc,$T3a
+	fmadd	$T3b,$A2,$bd,$T3b
+	 addc	$t2,$t2,$carry
+	 adde	$t3,$t3,$c1
+	 srwi	$carry,$t2,16
+	fmul	$dota,$A3,$bc
+	fmul	$dotb,$A3,$bd
+	stfd	$N2,56($nap_d)		; save n[j+1] in double format
+	stfdu	$N3,64($nap_d)
+	 insrwi	$t0,$t2,16,0		; 0..31 bits
+	 srwi	$c1,$t3,16
+	 insrwi	$carry,$t3,16,0
+
+	fmadd	$T1a,$N1,$na,$T1a
+	fmadd	$T1b,$N1,$nb,$T1b
+	 lwz	$t3,`$FRAME+32^$LITTLE_ENDIAN`($sp)	; permuted $t1
+	 lwz	$t2,`$FRAME+36^$LITTLE_ENDIAN`($sp)	; permuted $t0
+	 addc	$t4,$t4,$carry
+	 adde	$t5,$t5,$c1
+	 srwi	$carry,$t4,16
+	fmadd	$T2a,$N2,$na,$T2a
+	fmadd	$T2b,$N2,$nb,$T2b
+	 srwi	$c1,$t5,16
+	 insrwi	$carry,$t5,16,0
+	fmadd	$T3a,$N3,$na,$T3a
+	fmadd	$T3b,$N3,$nb,$T3b
+	 addc	$t6,$t6,$carry
+	 adde	$t7,$t7,$c1
+	 srwi	$carry,$t6,16
+	fmadd	$T0a,$N0,$na,$T0a
+	fmadd	$T0b,$N0,$nb,$T0b
+	 insrwi	$t4,$t6,16,0		; 32..63 bits
+	 srwi	$c1,$t7,16
+	 insrwi	$carry,$t7,16,0
+
+	fmadd	$T1a,$N0,$nc,$T1a
+	fmadd	$T1b,$N0,$nd,$T1b
+	 lwz	$t7,`$FRAME+40^$LITTLE_ENDIAN`($sp)	; permuted $t3
+	 lwz	$t6,`$FRAME+44^$LITTLE_ENDIAN`($sp)	; permuted $t2
+	 addc	$t2,$t2,$carry
+	 adde	$t3,$t3,$c1
+	 srwi	$carry,$t2,16
+	fmadd	$T2a,$N1,$nc,$T2a
+	fmadd	$T2b,$N1,$nd,$T2b
+	 stw	$t0,12($tp)		; tp[j-1]
+	 stw	$t4,8($tp)
+	 srwi	$c1,$t3,16
+	 insrwi	$carry,$t3,16,0
+	fmadd	$T3a,$N2,$nc,$T3a
+	fmadd	$T3b,$N2,$nd,$T3b
+	 lwz	$t1,`$FRAME+48^$LITTLE_ENDIAN`($sp)	; permuted $t5
+	 lwz	$t0,`$FRAME+52^$LITTLE_ENDIAN`($sp)	; permuted $t4
+	 addc	$t6,$t6,$carry
+	 adde	$t7,$t7,$c1
+	 srwi	$carry,$t6,16
+	fmadd	$dota,$N3,$nc,$dota
+	fmadd	$dotb,$N3,$nd,$dotb
+	 insrwi	$t2,$t6,16,0		; 64..95 bits
+	 srwi	$c1,$t7,16
+	 insrwi	$carry,$t7,16,0
+
+	fctid	$T0a,$T0a
+	fctid	$T0b,$T0b
+	 lwz	$t5,`$FRAME+56^$LITTLE_ENDIAN`($sp)	; permuted $t7
+	 lwz	$t4,`$FRAME+60^$LITTLE_ENDIAN`($sp)	; permuted $t6
+	 addc	$t0,$t0,$carry
+	 adde	$t1,$t1,$c1
+	 srwi	$carry,$t0,16
+	fctid	$T1a,$T1a
+	fctid	$T1b,$T1b
+	 srwi	$c1,$t1,16
+	 insrwi	$carry,$t1,16,0
+	fctid	$T2a,$T2a
+	fctid	$T2b,$T2b
+	 addc	$t4,$t4,$carry
+	 adde	$t5,$t5,$c1
+	 srwi	$carry,$t4,16
+	fctid	$T3a,$T3a
+	fctid	$T3b,$T3b
+	 insrwi	$t0,$t4,16,0		; 96..127 bits
+	 srwi	$c1,$t5,16
+	 insrwi	$carry,$t5,16,0
+
+	stfd	$T0a,`$FRAME+0`($sp)
+	stfd	$T0b,`$FRAME+8`($sp)
+	stfd	$T1a,`$FRAME+16`($sp)
+	stfd	$T1b,`$FRAME+24`($sp)
+	stfd	$T2a,`$FRAME+32`($sp)
+	stfd	$T2b,`$FRAME+40`($sp)
+	stfd	$T3a,`$FRAME+48`($sp)
+	stfd	$T3b,`$FRAME+56`($sp)
+	 stw	$t2,20($tp)		; tp[j]
+	 stwu	$t0,16($tp)
+___
+}
+$code.=<<___;
+	bdnz	L1st
+
+	fctid	$dota,$dota
+	fctid	$dotb,$dotb
+___
+if ($SIZE_T==8 or $flavour =~ /osx/) {
+$code.=<<___;
+	ld	$t0,`$FRAME+0`($sp)
+	ld	$t1,`$FRAME+8`($sp)
+	ld	$t2,`$FRAME+16`($sp)
+	ld	$t3,`$FRAME+24`($sp)
+	ld	$t4,`$FRAME+32`($sp)
+	ld	$t5,`$FRAME+40`($sp)
+	ld	$t6,`$FRAME+48`($sp)
+	ld	$t7,`$FRAME+56`($sp)
+	stfd	$dota,`$FRAME+64`($sp)
+	stfd	$dotb,`$FRAME+72`($sp)
+
+	add	$t0,$t0,$carry		; can not overflow
+	srdi	$carry,$t0,16
+	add	$t1,$t1,$carry
+	srdi	$carry,$t1,16
+	insrdi	$t0,$t1,16,32
+	add	$t2,$t2,$carry
+	srdi	$carry,$t2,16
+	insrdi	$t0,$t2,16,16
+	add	$t3,$t3,$carry
+	srdi	$carry,$t3,16
+	insrdi	$t0,$t3,16,0		; 0..63 bits
+	add	$t4,$t4,$carry
+	srdi	$carry,$t4,16
+	add	$t5,$t5,$carry
+	srdi	$carry,$t5,16
+	insrdi	$t4,$t5,16,32
+	add	$t6,$t6,$carry
+	srdi	$carry,$t6,16
+	insrdi	$t4,$t6,16,16
+	add	$t7,$t7,$carry
+	insrdi	$t4,$t7,16,0		; 64..127 bits
+	srdi	$carry,$t7,16		; upper 33 bits
+	ld	$t6,`$FRAME+64`($sp)
+	ld	$t7,`$FRAME+72`($sp)
+
+	std	$t0,8($tp)		; tp[j-1]
+	stdu	$t4,16($tp)		; tp[j]
+
+	add	$t6,$t6,$carry		; can not overflow
+	srdi	$carry,$t6,16
+	add	$t7,$t7,$carry
+	insrdi	$t6,$t7,48,0
+	srdi	$ovf,$t7,48
+	std	$t6,8($tp)		; tp[num-1]
+___
+} else {
+$code.=<<___;
+	lwz	$t1,`$FRAME+0^$LITTLE_ENDIAN`($sp)
+	lwz	$t0,`$FRAME+4^$LITTLE_ENDIAN`($sp)
+	lwz	$t3,`$FRAME+8^$LITTLE_ENDIAN`($sp)
+	lwz	$t2,`$FRAME+12^$LITTLE_ENDIAN`($sp)
+	lwz	$t5,`$FRAME+16^$LITTLE_ENDIAN`($sp)
+	lwz	$t4,`$FRAME+20^$LITTLE_ENDIAN`($sp)
+	lwz	$t7,`$FRAME+24^$LITTLE_ENDIAN`($sp)
+	lwz	$t6,`$FRAME+28^$LITTLE_ENDIAN`($sp)
+	stfd	$dota,`$FRAME+64`($sp)
+	stfd	$dotb,`$FRAME+72`($sp)
+
+	addc	$t0,$t0,$carry
+	adde	$t1,$t1,$c1
+	srwi	$carry,$t0,16
+	insrwi	$carry,$t1,16,0
+	srwi	$c1,$t1,16
+	addc	$t2,$t2,$carry
+	adde	$t3,$t3,$c1
+	srwi	$carry,$t2,16
+	 insrwi	$t0,$t2,16,0		; 0..31 bits
+	insrwi	$carry,$t3,16,0
+	srwi	$c1,$t3,16
+	addc	$t4,$t4,$carry
+	adde	$t5,$t5,$c1
+	srwi	$carry,$t4,16
+	insrwi	$carry,$t5,16,0
+	srwi	$c1,$t5,16
+	addc	$t6,$t6,$carry
+	adde	$t7,$t7,$c1
+	srwi	$carry,$t6,16
+	 insrwi	$t4,$t6,16,0		; 32..63 bits
+	insrwi	$carry,$t7,16,0
+	srwi	$c1,$t7,16
+	 stw	$t0,12($tp)		; tp[j-1]
+	 stw	$t4,8($tp)
+
+	lwz	$t3,`$FRAME+32^$LITTLE_ENDIAN`($sp)	; permuted $t1
+	lwz	$t2,`$FRAME+36^$LITTLE_ENDIAN`($sp)	; permuted $t0
+	lwz	$t7,`$FRAME+40^$LITTLE_ENDIAN`($sp)	; permuted $t3
+	lwz	$t6,`$FRAME+44^$LITTLE_ENDIAN`($sp)	; permuted $t2
+	lwz	$t1,`$FRAME+48^$LITTLE_ENDIAN`($sp)	; permuted $t5
+	lwz	$t0,`$FRAME+52^$LITTLE_ENDIAN`($sp)	; permuted $t4
+	lwz	$t5,`$FRAME+56^$LITTLE_ENDIAN`($sp)	; permuted $t7
+	lwz	$t4,`$FRAME+60^$LITTLE_ENDIAN`($sp)	; permuted $t6
+
+	addc	$t2,$t2,$carry
+	adde	$t3,$t3,$c1
+	srwi	$carry,$t2,16
+	insrwi	$carry,$t3,16,0
+	srwi	$c1,$t3,16
+	addc	$t6,$t6,$carry
+	adde	$t7,$t7,$c1
+	srwi	$carry,$t6,16
+	 insrwi	$t2,$t6,16,0		; 64..95 bits
+	insrwi	$carry,$t7,16,0
+	srwi	$c1,$t7,16
+	addc	$t0,$t0,$carry
+	adde	$t1,$t1,$c1
+	srwi	$carry,$t0,16
+	insrwi	$carry,$t1,16,0
+	srwi	$c1,$t1,16
+	addc	$t4,$t4,$carry
+	adde	$t5,$t5,$c1
+	srwi	$carry,$t4,16
+	 insrwi	$t0,$t4,16,0		; 96..127 bits
+	insrwi	$carry,$t5,16,0
+	srwi	$c1,$t5,16
+	 stw	$t2,20($tp)		; tp[j]
+	 stwu	$t0,16($tp)
+
+	lwz	$t7,`$FRAME+64^$LITTLE_ENDIAN`($sp)
+	lwz	$t6,`$FRAME+68^$LITTLE_ENDIAN`($sp)
+	lwz	$t5,`$FRAME+72^$LITTLE_ENDIAN`($sp)
+	lwz	$t4,`$FRAME+76^$LITTLE_ENDIAN`($sp)
+
+	addc	$t6,$t6,$carry
+	adde	$t7,$t7,$c1
+	srwi	$carry,$t6,16
+	insrwi	$carry,$t7,16,0
+	srwi	$c1,$t7,16
+	addc	$t4,$t4,$carry
+	adde	$t5,$t5,$c1
+
+	insrwi	$t6,$t4,16,0
+	srwi	$t4,$t4,16
+	insrwi	$t4,$t5,16,0
+	srwi	$ovf,$t5,16
+	stw	$t6,12($tp)		; tp[num-1]
+	stw	$t4,8($tp)
+___
+}
+$code.=<<___;
+	slwi	$t7,$num,2
+	subf	$nap_d,$t7,$nap_d	; rewind pointer
+
+	li	$i,8			; i=1
+.align	5
+Louter:
+	addi	$tp,$sp,`$FRAME+$TRANSFER`
+	li	$carry,0
+	mtctr	$j
+___
+$code.=<<___ if ($SIZE_T==8);
+	ldx	$t3,$bp,$i		; bp[i]
+
+	ld	$t6,`$FRAME+$TRANSFER+8`($sp)	; tp[0]
+	mulld	$t7,$a0,$t3		; ap[0]*bp[i]
+	add	$t7,$t7,$t6		; ap[0]*bp[i]+tp[0]
+	; transfer bp[i] to FPU as 4x16-bit values
+	extrdi	$t0,$t3,16,48
+	extrdi	$t1,$t3,16,32
+	extrdi	$t2,$t3,16,16
+	extrdi	$t3,$t3,16,0
+	std	$t0,`$FRAME+0`($sp)
+	std	$t1,`$FRAME+8`($sp)
+	std	$t2,`$FRAME+16`($sp)
+	std	$t3,`$FRAME+24`($sp)
+
+	mulld	$t7,$t7,$n0		; tp[0]*n0
+	; transfer (ap[0]*bp[i]+tp[0])*n0 to FPU as 4x16-bit values
+	extrdi	$t4,$t7,16,48
+	extrdi	$t5,$t7,16,32
+	extrdi	$t6,$t7,16,16
+	extrdi	$t7,$t7,16,0
+	std	$t4,`$FRAME+32`($sp)
+	std	$t5,`$FRAME+40`($sp)
+	std	$t6,`$FRAME+48`($sp)
+	std	$t7,`$FRAME+56`($sp)
+___
+$code.=<<___ if ($SIZE_T==4);
+	add	$t0,$bp,$i
+	li	$c1,0
+	lwz	$t1,0($t0)		; bp[i,i+1]
+	lwz	$t3,4($t0)
+
+	mullw	$t4,$a0,$t1		; ap[0]*bp[i]
+	lwz	$t0,`$FRAME+$TRANSFER+8+4`($sp)	; tp[0]
+	mulhwu	$t5,$a0,$t1
+	lwz	$t2,`$FRAME+$TRANSFER+8`($sp)	; tp[0]
+	mullw	$t6,$a1,$t1
+	mullw	$t7,$a0,$t3
+	add	$t5,$t5,$t6
+	add	$t5,$t5,$t7
+	addc	$t4,$t4,$t0		; ap[0]*bp[i]+tp[0]
+	adde	$t5,$t5,$t2
+	; transfer bp[i] to FPU as 4x16-bit values
+	extrwi	$t0,$t1,16,16
+	extrwi	$t1,$t1,16,0
+	extrwi	$t2,$t3,16,16
+	extrwi	$t3,$t3,16,0
+	std	$t0,`$FRAME+0`($sp)	; yes, std in 32-bit build
+	std	$t1,`$FRAME+8`($sp)
+	std	$t2,`$FRAME+16`($sp)
+	std	$t3,`$FRAME+24`($sp)
+
+	mullw	$t0,$t4,$n0		; mulld tp[0]*n0
+	mulhwu	$t1,$t4,$n0
+	mullw	$t2,$t5,$n0
+	mullw	$t3,$t4,$n1
+	add	$t1,$t1,$t2
+	add	$t1,$t1,$t3
+	; transfer (ap[0]*bp[i]+tp[0])*n0 to FPU as 4x16-bit values
+	extrwi	$t4,$t0,16,16
+	extrwi	$t5,$t0,16,0
+	extrwi	$t6,$t1,16,16
+	extrwi	$t7,$t1,16,0
+	std	$t4,`$FRAME+32`($sp)	; yes, std in 32-bit build
+	std	$t5,`$FRAME+40`($sp)
+	std	$t6,`$FRAME+48`($sp)
+	std	$t7,`$FRAME+56`($sp)
+___
+$code.=<<___;
+	lfd	$A0,8($nap_d)		; load a[j] in double format
+	lfd	$A1,16($nap_d)
+	lfd	$A2,24($nap_d)		; load a[j+1] in double format
+	lfd	$A3,32($nap_d)
+	lfd	$N0,40($nap_d)		; load n[j] in double format
+	lfd	$N1,48($nap_d)
+	lfd	$N2,56($nap_d)		; load n[j+1] in double format
+	lfdu	$N3,64($nap_d)
+
+	lfd	$ba,`$FRAME+0`($sp)
+	lfd	$bb,`$FRAME+8`($sp)
+	lfd	$bc,`$FRAME+16`($sp)
+	lfd	$bd,`$FRAME+24`($sp)
+	lfd	$na,`$FRAME+32`($sp)
+	lfd	$nb,`$FRAME+40`($sp)
+	lfd	$nc,`$FRAME+48`($sp)
+	lfd	$nd,`$FRAME+56`($sp)
+
+	fcfid	$ba,$ba
+	fcfid	$bb,$bb
+	fcfid	$bc,$bc
+	fcfid	$bd,$bd
+	fcfid	$na,$na
+	fcfid	$nb,$nb
+	fcfid	$nc,$nc
+	fcfid	$nd,$nd
+
+	fmul	$T1a,$A1,$ba
+	fmul	$T1b,$A1,$bb
+	fmul	$T2a,$A2,$ba
+	fmul	$T2b,$A2,$bb
+	fmul	$T3a,$A3,$ba
+	fmul	$T3b,$A3,$bb
+	fmul	$T0a,$A0,$ba
+	fmul	$T0b,$A0,$bb
+
+	fmadd	$T1a,$A0,$bc,$T1a
+	fmadd	$T1b,$A0,$bd,$T1b
+	fmadd	$T2a,$A1,$bc,$T2a
+	fmadd	$T2b,$A1,$bd,$T2b
+	fmadd	$T3a,$A2,$bc,$T3a
+	fmadd	$T3b,$A2,$bd,$T3b
+	fmul	$dota,$A3,$bc
+	fmul	$dotb,$A3,$bd
+
+	fmadd	$T1a,$N1,$na,$T1a
+	fmadd	$T1b,$N1,$nb,$T1b
+	 lfd	$A0,8($nap_d)		; load a[j] in double format
+	 lfd	$A1,16($nap_d)
+	fmadd	$T2a,$N2,$na,$T2a
+	fmadd	$T2b,$N2,$nb,$T2b
+	 lfd	$A2,24($nap_d)		; load a[j+1] in double format
+	 lfd	$A3,32($nap_d)
+	fmadd	$T3a,$N3,$na,$T3a
+	fmadd	$T3b,$N3,$nb,$T3b
+	fmadd	$T0a,$N0,$na,$T0a
+	fmadd	$T0b,$N0,$nb,$T0b
+
+	fmadd	$T1a,$N0,$nc,$T1a
+	fmadd	$T1b,$N0,$nd,$T1b
+	fmadd	$T2a,$N1,$nc,$T2a
+	fmadd	$T2b,$N1,$nd,$T2b
+	fmadd	$T3a,$N2,$nc,$T3a
+	fmadd	$T3b,$N2,$nd,$T3b
+	fmadd	$dota,$N3,$nc,$dota
+	fmadd	$dotb,$N3,$nd,$dotb
+
+	fctid	$T0a,$T0a
+	fctid	$T0b,$T0b
+	fctid	$T1a,$T1a
+	fctid	$T1b,$T1b
+	fctid	$T2a,$T2a
+	fctid	$T2b,$T2b
+	fctid	$T3a,$T3a
+	fctid	$T3b,$T3b
+
+	stfd	$T0a,`$FRAME+0`($sp)
+	stfd	$T0b,`$FRAME+8`($sp)
+	stfd	$T1a,`$FRAME+16`($sp)
+	stfd	$T1b,`$FRAME+24`($sp)
+	stfd	$T2a,`$FRAME+32`($sp)
+	stfd	$T2b,`$FRAME+40`($sp)
+	stfd	$T3a,`$FRAME+48`($sp)
+	stfd	$T3b,`$FRAME+56`($sp)
+
+.align	5
+Linner:
+	fmul	$T1a,$A1,$ba
+	fmul	$T1b,$A1,$bb
+	fmul	$T2a,$A2,$ba
+	fmul	$T2b,$A2,$bb
+	lfd	$N0,40($nap_d)		; load n[j] in double format
+	lfd	$N1,48($nap_d)
+	fmul	$T3a,$A3,$ba
+	fmul	$T3b,$A3,$bb
+	fmadd	$T0a,$A0,$ba,$dota
+	fmadd	$T0b,$A0,$bb,$dotb
+	lfd	$N2,56($nap_d)		; load n[j+1] in double format
+	lfdu	$N3,64($nap_d)
+
+	fmadd	$T1a,$A0,$bc,$T1a
+	fmadd	$T1b,$A0,$bd,$T1b
+	fmadd	$T2a,$A1,$bc,$T2a
+	fmadd	$T2b,$A1,$bd,$T2b
+	 lfd	$A0,8($nap_d)		; load a[j] in double format
+	 lfd	$A1,16($nap_d)
+	fmadd	$T3a,$A2,$bc,$T3a
+	fmadd	$T3b,$A2,$bd,$T3b
+	fmul	$dota,$A3,$bc
+	fmul	$dotb,$A3,$bd
+	 lfd	$A2,24($nap_d)		; load a[j+1] in double format
+	 lfd	$A3,32($nap_d)
+___
+if ($SIZE_T==8 or $flavour =~ /osx/) {
+$code.=<<___;
+	fmadd	$T1a,$N1,$na,$T1a
+	fmadd	$T1b,$N1,$nb,$T1b
+	 ld	$t0,`$FRAME+0`($sp)
+	 ld	$t1,`$FRAME+8`($sp)
+	fmadd	$T2a,$N2,$na,$T2a
+	fmadd	$T2b,$N2,$nb,$T2b
+	 ld	$t2,`$FRAME+16`($sp)
+	 ld	$t3,`$FRAME+24`($sp)
+	fmadd	$T3a,$N3,$na,$T3a
+	fmadd	$T3b,$N3,$nb,$T3b
+	 add	$t0,$t0,$carry		; can not overflow
+	 ld	$t4,`$FRAME+32`($sp)
+	 ld	$t5,`$FRAME+40`($sp)
+	fmadd	$T0a,$N0,$na,$T0a
+	fmadd	$T0b,$N0,$nb,$T0b
+	 srdi	$carry,$t0,16
+	 add	$t1,$t1,$carry
+	 srdi	$carry,$t1,16
+	 ld	$t6,`$FRAME+48`($sp)
+	 ld	$t7,`$FRAME+56`($sp)
+
+	fmadd	$T1a,$N0,$nc,$T1a
+	fmadd	$T1b,$N0,$nd,$T1b
+	 insrdi	$t0,$t1,16,32
+	 ld	$t1,8($tp)		; tp[j]
+	fmadd	$T2a,$N1,$nc,$T2a
+	fmadd	$T2b,$N1,$nd,$T2b
+	 add	$t2,$t2,$carry
+	fmadd	$T3a,$N2,$nc,$T3a
+	fmadd	$T3b,$N2,$nd,$T3b
+	 srdi	$carry,$t2,16
+	 insrdi	$t0,$t2,16,16
+	fmadd	$dota,$N3,$nc,$dota
+	fmadd	$dotb,$N3,$nd,$dotb
+	 add	$t3,$t3,$carry
+	 ldu	$t2,16($tp)		; tp[j+1]
+	 srdi	$carry,$t3,16
+	 insrdi	$t0,$t3,16,0		; 0..63 bits
+	 add	$t4,$t4,$carry
+
+	fctid	$T0a,$T0a
+	fctid	$T0b,$T0b
+	 srdi	$carry,$t4,16
+	fctid	$T1a,$T1a
+	fctid	$T1b,$T1b
+	 add	$t5,$t5,$carry
+	fctid	$T2a,$T2a
+	fctid	$T2b,$T2b
+	 srdi	$carry,$t5,16
+	 insrdi	$t4,$t5,16,32
+	fctid	$T3a,$T3a
+	fctid	$T3b,$T3b
+	 add	$t6,$t6,$carry
+	 srdi	$carry,$t6,16
+	 insrdi	$t4,$t6,16,16
+
+	stfd	$T0a,`$FRAME+0`($sp)
+	stfd	$T0b,`$FRAME+8`($sp)
+	 add	$t7,$t7,$carry
+	 addc	$t3,$t0,$t1
+___
+$code.=<<___ if ($SIZE_T==4);		# adjust XER[CA]
+	extrdi	$t0,$t0,32,0
+	extrdi	$t1,$t1,32,0
+	adde	$t0,$t0,$t1
+___
+$code.=<<___;
+	stfd	$T1a,`$FRAME+16`($sp)
+	stfd	$T1b,`$FRAME+24`($sp)
+	 insrdi	$t4,$t7,16,0		; 64..127 bits
+	 srdi	$carry,$t7,16		; upper 33 bits
+	stfd	$T2a,`$FRAME+32`($sp)
+	stfd	$T2b,`$FRAME+40`($sp)
+	 adde	$t5,$t4,$t2
+___
+$code.=<<___ if ($SIZE_T==4);		# adjust XER[CA]
+	extrdi	$t4,$t4,32,0
+	extrdi	$t2,$t2,32,0
+	adde	$t4,$t4,$t2
+___
+$code.=<<___;
+	stfd	$T3a,`$FRAME+48`($sp)
+	stfd	$T3b,`$FRAME+56`($sp)
+	 addze	$carry,$carry
+	 std	$t3,-16($tp)		; tp[j-1]
+	 std	$t5,-8($tp)		; tp[j]
+___
+} else {
+$code.=<<___;
+	fmadd	$T1a,$N1,$na,$T1a
+	fmadd	$T1b,$N1,$nb,$T1b
+	 lwz	$t1,`$FRAME+0^$LITTLE_ENDIAN`($sp)
+	 lwz	$t0,`$FRAME+4^$LITTLE_ENDIAN`($sp)
+	fmadd	$T2a,$N2,$na,$T2a
+	fmadd	$T2b,$N2,$nb,$T2b
+	 lwz	$t3,`$FRAME+8^$LITTLE_ENDIAN`($sp)
+	 lwz	$t2,`$FRAME+12^$LITTLE_ENDIAN`($sp)
+	fmadd	$T3a,$N3,$na,$T3a
+	fmadd	$T3b,$N3,$nb,$T3b
+	 lwz	$t5,`$FRAME+16^$LITTLE_ENDIAN`($sp)
+	 lwz	$t4,`$FRAME+20^$LITTLE_ENDIAN`($sp)
+	 addc	$t0,$t0,$carry
+	 adde	$t1,$t1,$c1
+	 srwi	$carry,$t0,16
+	fmadd	$T0a,$N0,$na,$T0a
+	fmadd	$T0b,$N0,$nb,$T0b
+	 lwz	$t7,`$FRAME+24^$LITTLE_ENDIAN`($sp)
+	 lwz	$t6,`$FRAME+28^$LITTLE_ENDIAN`($sp)
+	 srwi	$c1,$t1,16
+	 insrwi	$carry,$t1,16,0
+
+	fmadd	$T1a,$N0,$nc,$T1a
+	fmadd	$T1b,$N0,$nd,$T1b
+	 addc	$t2,$t2,$carry
+	 adde	$t3,$t3,$c1
+	 srwi	$carry,$t2,16
+	fmadd	$T2a,$N1,$nc,$T2a
+	fmadd	$T2b,$N1,$nd,$T2b
+	 insrwi	$t0,$t2,16,0		; 0..31 bits
+	 srwi	$c1,$t3,16
+	 insrwi	$carry,$t3,16,0
+	fmadd	$T3a,$N2,$nc,$T3a
+	fmadd	$T3b,$N2,$nd,$T3b
+	 lwz	$t2,12($tp)		; tp[j]
+	 lwz	$t3,8($tp)
+	 addc	$t4,$t4,$carry
+	 adde	$t5,$t5,$c1
+	 srwi	$carry,$t4,16
+	fmadd	$dota,$N3,$nc,$dota
+	fmadd	$dotb,$N3,$nd,$dotb
+	 srwi	$c1,$t5,16
+	 insrwi	$carry,$t5,16,0
+
+	fctid	$T0a,$T0a
+	 addc	$t6,$t6,$carry
+	 adde	$t7,$t7,$c1
+	 srwi	$carry,$t6,16
+	fctid	$T0b,$T0b
+	 insrwi	$t4,$t6,16,0		; 32..63 bits
+	 srwi	$c1,$t7,16
+	 insrwi	$carry,$t7,16,0
+	fctid	$T1a,$T1a
+	 addc	$t0,$t0,$t2
+	 adde	$t4,$t4,$t3
+	 lwz	$t3,`$FRAME+32^$LITTLE_ENDIAN`($sp)	; permuted $t1
+	 lwz	$t2,`$FRAME+36^$LITTLE_ENDIAN`($sp)	; permuted $t0
+	fctid	$T1b,$T1b
+	 addze	$carry,$carry
+	 addze	$c1,$c1
+	 stw	$t0,4($tp)		; tp[j-1]
+	 stw	$t4,0($tp)
+	fctid	$T2a,$T2a
+	 addc	$t2,$t2,$carry
+	 adde	$t3,$t3,$c1
+	 srwi	$carry,$t2,16
+	 lwz	$t7,`$FRAME+40^$LITTLE_ENDIAN`($sp)	; permuted $t3
+	 lwz	$t6,`$FRAME+44^$LITTLE_ENDIAN`($sp)	; permuted $t2
+	fctid	$T2b,$T2b
+	 srwi	$c1,$t3,16
+	 insrwi	$carry,$t3,16,0
+	 lwz	$t1,`$FRAME+48^$LITTLE_ENDIAN`($sp)	; permuted $t5
+	 lwz	$t0,`$FRAME+52^$LITTLE_ENDIAN`($sp)	; permuted $t4
+	fctid	$T3a,$T3a
+	 addc	$t6,$t6,$carry
+	 adde	$t7,$t7,$c1
+	 srwi	$carry,$t6,16
+	 lwz	$t5,`$FRAME+56^$LITTLE_ENDIAN`($sp)	; permuted $t7
+	 lwz	$t4,`$FRAME+60^$LITTLE_ENDIAN`($sp)	; permuted $t6
+	fctid	$T3b,$T3b
+
+	 insrwi	$t2,$t6,16,0		; 64..95 bits
+	insrwi	$carry,$t7,16,0
+	srwi	$c1,$t7,16
+	 lwz	$t6,20($tp)
+	 lwzu	$t7,16($tp)
+	addc	$t0,$t0,$carry
+	 stfd	$T0a,`$FRAME+0`($sp)
+	adde	$t1,$t1,$c1
+	srwi	$carry,$t0,16
+	 stfd	$T0b,`$FRAME+8`($sp)
+	insrwi	$carry,$t1,16,0
+	srwi	$c1,$t1,16
+	addc	$t4,$t4,$carry
+	 stfd	$T1a,`$FRAME+16`($sp)
+	adde	$t5,$t5,$c1
+	srwi	$carry,$t4,16
+	 insrwi	$t0,$t4,16,0		; 96..127 bits
+	 stfd	$T1b,`$FRAME+24`($sp)
+	insrwi	$carry,$t5,16,0
+	srwi	$c1,$t5,16
+
+	addc	$t2,$t2,$t6
+	 stfd	$T2a,`$FRAME+32`($sp)
+	adde	$t0,$t0,$t7
+	 stfd	$T2b,`$FRAME+40`($sp)
+	addze	$carry,$carry
+	 stfd	$T3a,`$FRAME+48`($sp)
+	addze	$c1,$c1
+	 stfd	$T3b,`$FRAME+56`($sp)
+	 stw	$t2,-4($tp)		; tp[j]
+	 stw	$t0,-8($tp)
+___
+}
+$code.=<<___;
+	bdnz	Linner
+
+	fctid	$dota,$dota
+	fctid	$dotb,$dotb
+___
+if ($SIZE_T==8 or $flavour =~ /osx/) {
+$code.=<<___;
+	ld	$t0,`$FRAME+0`($sp)
+	ld	$t1,`$FRAME+8`($sp)
+	ld	$t2,`$FRAME+16`($sp)
+	ld	$t3,`$FRAME+24`($sp)
+	ld	$t4,`$FRAME+32`($sp)
+	ld	$t5,`$FRAME+40`($sp)
+	ld	$t6,`$FRAME+48`($sp)
+	ld	$t7,`$FRAME+56`($sp)
+	stfd	$dota,`$FRAME+64`($sp)
+	stfd	$dotb,`$FRAME+72`($sp)
+
+	add	$t0,$t0,$carry		; can not overflow
+	srdi	$carry,$t0,16
+	add	$t1,$t1,$carry
+	srdi	$carry,$t1,16
+	insrdi	$t0,$t1,16,32
+	add	$t2,$t2,$carry
+	ld	$t1,8($tp)		; tp[j]
+	srdi	$carry,$t2,16
+	insrdi	$t0,$t2,16,16
+	add	$t3,$t3,$carry
+	ldu	$t2,16($tp)		; tp[j+1]
+	srdi	$carry,$t3,16
+	insrdi	$t0,$t3,16,0		; 0..63 bits
+	add	$t4,$t4,$carry
+	srdi	$carry,$t4,16
+	add	$t5,$t5,$carry
+	srdi	$carry,$t5,16
+	insrdi	$t4,$t5,16,32
+	add	$t6,$t6,$carry
+	srdi	$carry,$t6,16
+	insrdi	$t4,$t6,16,16
+	add	$t7,$t7,$carry
+	insrdi	$t4,$t7,16,0		; 64..127 bits
+	srdi	$carry,$t7,16		; upper 33 bits
+	ld	$t6,`$FRAME+64`($sp)
+	ld	$t7,`$FRAME+72`($sp)
+
+	addc	$t3,$t0,$t1
+___
+$code.=<<___ if ($SIZE_T==4);		# adjust XER[CA]
+	extrdi	$t0,$t0,32,0
+	extrdi	$t1,$t1,32,0
+	adde	$t0,$t0,$t1
+___
+$code.=<<___;
+	adde	$t5,$t4,$t2
+___
+$code.=<<___ if ($SIZE_T==4);		# adjust XER[CA]
+	extrdi	$t4,$t4,32,0
+	extrdi	$t2,$t2,32,0
+	adde	$t4,$t4,$t2
+___
+$code.=<<___;
+	addze	$carry,$carry
+
+	std	$t3,-16($tp)		; tp[j-1]
+	std	$t5,-8($tp)		; tp[j]
+
+	add	$carry,$carry,$ovf	; consume upmost overflow
+	add	$t6,$t6,$carry		; can not overflow
+	srdi	$carry,$t6,16
+	add	$t7,$t7,$carry
+	insrdi	$t6,$t7,48,0
+	srdi	$ovf,$t7,48
+	std	$t6,0($tp)		; tp[num-1]
+___
+} else {
+$code.=<<___;
+	lwz	$t1,`$FRAME+0^$LITTLE_ENDIAN`($sp)
+	lwz	$t0,`$FRAME+4^$LITTLE_ENDIAN`($sp)
+	lwz	$t3,`$FRAME+8^$LITTLE_ENDIAN`($sp)
+	lwz	$t2,`$FRAME+12^$LITTLE_ENDIAN`($sp)
+	lwz	$t5,`$FRAME+16^$LITTLE_ENDIAN`($sp)
+	lwz	$t4,`$FRAME+20^$LITTLE_ENDIAN`($sp)
+	lwz	$t7,`$FRAME+24^$LITTLE_ENDIAN`($sp)
+	lwz	$t6,`$FRAME+28^$LITTLE_ENDIAN`($sp)
+	stfd	$dota,`$FRAME+64`($sp)
+	stfd	$dotb,`$FRAME+72`($sp)
+
+	addc	$t0,$t0,$carry
+	adde	$t1,$t1,$c1
+	srwi	$carry,$t0,16
+	insrwi	$carry,$t1,16,0
+	srwi	$c1,$t1,16
+	addc	$t2,$t2,$carry
+	adde	$t3,$t3,$c1
+	srwi	$carry,$t2,16
+	 insrwi	$t0,$t2,16,0		; 0..31 bits
+	 lwz	$t2,12($tp)		; tp[j]
+	insrwi	$carry,$t3,16,0
+	srwi	$c1,$t3,16
+	 lwz	$t3,8($tp)
+	addc	$t4,$t4,$carry
+	adde	$t5,$t5,$c1
+	srwi	$carry,$t4,16
+	insrwi	$carry,$t5,16,0
+	srwi	$c1,$t5,16
+	addc	$t6,$t6,$carry
+	adde	$t7,$t7,$c1
+	srwi	$carry,$t6,16
+	 insrwi	$t4,$t6,16,0		; 32..63 bits
+	insrwi	$carry,$t7,16,0
+	srwi	$c1,$t7,16
+
+	addc	$t0,$t0,$t2
+	adde	$t4,$t4,$t3
+	addze	$carry,$carry
+	addze	$c1,$c1
+	 stw	$t0,4($tp)		; tp[j-1]
+	 stw	$t4,0($tp)
+
+	lwz	$t3,`$FRAME+32^$LITTLE_ENDIAN`($sp)	; permuted $t1
+	lwz	$t2,`$FRAME+36^$LITTLE_ENDIAN`($sp)	; permuted $t0
+	lwz	$t7,`$FRAME+40^$LITTLE_ENDIAN`($sp)	; permuted $t3
+	lwz	$t6,`$FRAME+44^$LITTLE_ENDIAN`($sp)	; permuted $t2
+	lwz	$t1,`$FRAME+48^$LITTLE_ENDIAN`($sp)	; permuted $t5
+	lwz	$t0,`$FRAME+52^$LITTLE_ENDIAN`($sp)	; permuted $t4
+	lwz	$t5,`$FRAME+56^$LITTLE_ENDIAN`($sp)	; permuted $t7
+	lwz	$t4,`$FRAME+60^$LITTLE_ENDIAN`($sp)	; permuted $t6
+
+	addc	$t2,$t2,$carry
+	adde	$t3,$t3,$c1
+	srwi	$carry,$t2,16
+	insrwi	$carry,$t3,16,0
+	srwi	$c1,$t3,16
+	addc	$t6,$t6,$carry
+	adde	$t7,$t7,$c1
+	srwi	$carry,$t6,16
+	 insrwi	$t2,$t6,16,0		; 64..95 bits
+	 lwz	$t6,20($tp)
+	insrwi	$carry,$t7,16,0
+	srwi	$c1,$t7,16
+	 lwzu	$t7,16($tp)
+	addc	$t0,$t0,$carry
+	adde	$t1,$t1,$c1
+	srwi	$carry,$t0,16
+	insrwi	$carry,$t1,16,0
+	srwi	$c1,$t1,16
+	addc	$t4,$t4,$carry
+	adde	$t5,$t5,$c1
+	srwi	$carry,$t4,16
+	 insrwi	$t0,$t4,16,0		; 96..127 bits
+	insrwi	$carry,$t5,16,0
+	srwi	$c1,$t5,16
+
+	addc	$t2,$t2,$t6
+	adde	$t0,$t0,$t7
+	 lwz	$t7,`$FRAME+64^$LITTLE_ENDIAN`($sp)
+	 lwz	$t6,`$FRAME+68^$LITTLE_ENDIAN`($sp)
+	addze	$carry,$carry
+	addze	$c1,$c1
+	 lwz	$t5,`$FRAME+72^$LITTLE_ENDIAN`($sp)
+	 lwz	$t4,`$FRAME+76^$LITTLE_ENDIAN`($sp)
+
+	addc	$t6,$t6,$carry
+	adde	$t7,$t7,$c1
+	 stw	$t2,-4($tp)		; tp[j]
+	 stw	$t0,-8($tp)
+	addc	$t6,$t6,$ovf
+	addze	$t7,$t7
+	srwi	$carry,$t6,16
+	insrwi	$carry,$t7,16,0
+	srwi	$c1,$t7,16
+	addc	$t4,$t4,$carry
+	adde	$t5,$t5,$c1
+
+	insrwi	$t6,$t4,16,0
+	srwi	$t4,$t4,16
+	insrwi	$t4,$t5,16,0
+	srwi	$ovf,$t5,16
+	stw	$t6,4($tp)		; tp[num-1]
+	stw	$t4,0($tp)
+___
+}
+$code.=<<___;
+	slwi	$t7,$num,2
+	addi	$i,$i,8
+	subf	$nap_d,$t7,$nap_d	; rewind pointer
+	cmpw	$i,$num
+	blt-	Louter
+___
+
+$code.=<<___ if ($SIZE_T==8);
+	subf	$np,$num,$np	; rewind np
+	addi	$j,$j,1		; restore counter
+	subfc	$i,$i,$i	; j=0 and "clear" XER[CA]
+	addi	$tp,$sp,`$FRAME+$TRANSFER+8`
+	addi	$t4,$sp,`$FRAME+$TRANSFER+16`
+	addi	$t5,$np,8
+	addi	$t6,$rp,8
+	mtctr	$j
+
+.align	4
+Lsub:	ldx	$t0,$tp,$i
+	ldx	$t1,$np,$i
+	ldx	$t2,$t4,$i
+	ldx	$t3,$t5,$i
+	subfe	$t0,$t1,$t0	; tp[j]-np[j]
+	subfe	$t2,$t3,$t2	; tp[j+1]-np[j+1]
+	stdx	$t0,$rp,$i
+	stdx	$t2,$t6,$i
+	addi	$i,$i,16
+	bdnz	Lsub
+
+	li	$i,0
+	subfe	$ovf,$i,$ovf	; handle upmost overflow bit
+	mtctr	$j
+
+.align	4
+Lcopy:				; conditional copy
+	ldx	$t0,$tp,$i
+	ldx	$t1,$t4,$i
+	ldx	$t2,$rp,$i
+	ldx	$t3,$t6,$i
+	std	$i,8($nap_d)	; zap nap_d
+	std	$i,16($nap_d)
+	std	$i,24($nap_d)
+	std	$i,32($nap_d)
+	std	$i,40($nap_d)
+	std	$i,48($nap_d)
+	std	$i,56($nap_d)
+	stdu	$i,64($nap_d)
+	and	$t0,$t0,$ovf
+	and	$t1,$t1,$ovf
+	andc	$t2,$t2,$ovf
+	andc	$t3,$t3,$ovf
+	or	$t0,$t0,$t2
+	or	$t1,$t1,$t3
+	stdx	$t0,$rp,$i
+	stdx	$t1,$t6,$i
+	stdx	$i,$tp,$i	; zap tp at once
+	stdx	$i,$t4,$i
+	addi	$i,$i,16
+	bdnz	Lcopy
+___
+$code.=<<___ if ($SIZE_T==4);
+	subf	$np,$num,$np	; rewind np
+	addi	$j,$j,1		; restore counter
+	subfc	$i,$i,$i	; j=0 and "clear" XER[CA]
+	addi	$tp,$sp,`$FRAME+$TRANSFER`
+	addi	$np,$np,-4
+	addi	$rp,$rp,-4
+	addi	$ap,$sp,`$FRAME+$TRANSFER+4`
+	mtctr	$j
+
+.align	4
+Lsub:	lwz	$t0,12($tp)	; load tp[j..j+3] in 64-bit word order
+	lwz	$t1,8($tp)
+	lwz	$t2,20($tp)
+	lwzu	$t3,16($tp)
+	lwz	$t4,4($np)	; load np[j..j+3] in 32-bit word order
+	lwz	$t5,8($np)
+	lwz	$t6,12($np)
+	lwzu	$t7,16($np)
+	subfe	$t4,$t4,$t0	; tp[j]-np[j]
+	 stw	$t0,4($ap)	; save tp[j..j+3] in 32-bit word order
+	subfe	$t5,$t5,$t1	; tp[j+1]-np[j+1]
+	 stw	$t1,8($ap)
+	subfe	$t6,$t6,$t2	; tp[j+2]-np[j+2]
+	 stw	$t2,12($ap)
+	subfe	$t7,$t7,$t3	; tp[j+3]-np[j+3]
+	 stwu	$t3,16($ap)
+	stw	$t4,4($rp)
+	stw	$t5,8($rp)
+	stw	$t6,12($rp)
+	stwu	$t7,16($rp)
+	bdnz	Lsub
+
+	li	$i,0
+	subfe	$ovf,$i,$ovf	; handle upmost overflow bit
+	addi	$ap,$sp,`$FRAME+$TRANSFER+4`
+	subf	$rp,$num,$rp	; rewind rp
+	addi	$tp,$sp,`$FRAME+$TRANSFER`
+	mtctr	$j
+
+.align	4
+Lcopy:				; conditional copy
+	lwz	$t0,4($ap)
+	lwz	$t1,8($ap)
+	lwz	$t2,12($ap)
+	lwzu	$t3,16($ap)
+	lwz	$t4,4($rp)
+	lwz	$t5,8($rp)
+	lwz	$t6,12($rp)
+	lwz	$t7,16($rp)
+	std	$i,8($nap_d)	; zap nap_d
+	std	$i,16($nap_d)
+	std	$i,24($nap_d)
+	std	$i,32($nap_d)
+	std	$i,40($nap_d)
+	std	$i,48($nap_d)
+	std	$i,56($nap_d)
+	stdu	$i,64($nap_d)
+	and	$t0,$t0,$ovf
+	and	$t1,$t1,$ovf
+	and	$t2,$t2,$ovf
+	and	$t3,$t3,$ovf
+	andc	$t4,$t4,$ovf
+	andc	$t5,$t5,$ovf
+	andc	$t6,$t6,$ovf
+	andc	$t7,$t7,$ovf
+	or	$t0,$t0,$t4
+	or	$t1,$t1,$t5
+	or	$t2,$t2,$t6
+	or	$t3,$t3,$t7
+	stw	$t0,4($rp)
+	stw	$t1,8($rp)
+	stw	$t2,12($rp)
+	stwu	$t3,16($rp)
+	std	$i,8($tp)	; zap tp at once
+	stdu	$i,16($tp)
+	bdnz	Lcopy
+___
+
+$code.=<<___;
+	$POP	$i,0($sp)
+	li	r3,1	; signal "handled"
+	$POP	r19,`-12*8-13*$SIZE_T`($i)
+	$POP	r20,`-12*8-12*$SIZE_T`($i)
+	$POP	r21,`-12*8-11*$SIZE_T`($i)
+	$POP	r22,`-12*8-10*$SIZE_T`($i)
+	$POP	r23,`-12*8-9*$SIZE_T`($i)
+	$POP	r24,`-12*8-8*$SIZE_T`($i)
+	$POP	r25,`-12*8-7*$SIZE_T`($i)
+	$POP	r26,`-12*8-6*$SIZE_T`($i)
+	$POP	r27,`-12*8-5*$SIZE_T`($i)
+	$POP	r28,`-12*8-4*$SIZE_T`($i)
+	$POP	r29,`-12*8-3*$SIZE_T`($i)
+	$POP	r30,`-12*8-2*$SIZE_T`($i)
+	$POP	r31,`-12*8-1*$SIZE_T`($i)
+	lfd	f20,`-12*8`($i)
+	lfd	f21,`-11*8`($i)
+	lfd	f22,`-10*8`($i)
+	lfd	f23,`-9*8`($i)
+	lfd	f24,`-8*8`($i)
+	lfd	f25,`-7*8`($i)
+	lfd	f26,`-6*8`($i)
+	lfd	f27,`-5*8`($i)
+	lfd	f28,`-4*8`($i)
+	lfd	f29,`-3*8`($i)
+	lfd	f30,`-2*8`($i)
+	lfd	f31,`-1*8`($i)
+	mr	$sp,$i
+	blr
+	.long	0
+	.byte	0,12,4,0,0x8c,13,6,0
+	.long	0
+.size	.$fname,.-.$fname
+
+.asciz  "Montgomery Multiplication for PPC64, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/rsaz-avx2.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/rsaz-avx2.pl
new file mode 100755
index 000000000..85cd73c66
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/rsaz-avx2.pl
@@ -0,0 +1,1982 @@
+#! /usr/bin/env perl
+# Copyright 2013-2019 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright (c) 2012, Intel Corporation. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+#
+# Originally written by Shay Gueron (1, 2), and Vlad Krasnov (1)
+# (1) Intel Corporation, Israel Development Center, Haifa, Israel
+# (2) University of Haifa, Israel
+#
+# References:
+# [1] S. Gueron, V. Krasnov: "Software Implementation of Modular
+#     Exponentiation,  Using Advanced Vector Instructions Architectures",
+#     F. Ozbudak and F. Rodriguez-Henriquez (Eds.): WAIFI 2012, LNCS 7369,
+#     pp. 119?135, 2012. Springer-Verlag Berlin Heidelberg 2012
+# [2] S. Gueron: "Efficient Software Implementations of Modular
+#     Exponentiation", Journal of Cryptographic Engineering 2:31-43 (2012).
+# [3] S. Gueron, V. Krasnov: "Speeding up Big-numbers Squaring",IEEE
+#     Proceedings of 9th International Conference on Information Technology:
+#     New Generations (ITNG 2012), pp.821-823 (2012)
+# [4] S. Gueron, V. Krasnov: "[PATCH] Efficient and side channel analysis
+#     resistant 1024-bit modular exponentiation, for optimizing RSA2048
+#     on AVX2 capable x86_64 platforms",
+#     http://rt.openssl.org/Ticket/Display.html?id=2850&user=guest&pass=guest
+#
+# +13% improvement over original submission by <appro@openssl.org>
+#
+# rsa2048 sign/sec	OpenSSL 1.0.1	scalar(*)	this
+# 2.3GHz Haswell	621		765/+23%	1113/+79%
+# 2.3GHz Broadwell(**)	688		1200(***)/+74%	1120/+63%
+#
+# (*)	if system doesn't support AVX2, for reference purposes;
+# (**)	scaled to 2.3GHz to simplify comparison;
+# (***)	scalar AD*X code is faster than AVX2 and is preferred code
+#	path for Broadwell;
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+		=~ /GNU assembler version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.19) + ($1>=2.22);
+	$addx = ($1>=2.23);
+}
+
+if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
+	    `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.09) + ($1>=2.10);
+	$addx = ($1>=2.10);
+}
+
+if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
+	    `ml64 2>&1` =~ /Version ([0-9]+)\./) {
+	$avx = ($1>=10) + ($1>=11);
+	$addx = ($1>=11);
+}
+
+if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9])\.([0-9]+)/) {
+	my $ver = $2 + $3/100.0;	# 3.1->3.01, 3.10->3.10
+	$avx = ($ver>=3.0) + ($ver>=3.01);
+	$addx = ($ver>=3.03);
+}
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT = *OUT;
+
+if ($avx>1) {{{
+{ # void AMS_WW(
+my $rp="%rdi";	# BN_ULONG *rp,
+my $ap="%rsi";	# const BN_ULONG *ap,
+my $np="%rdx";	# const BN_ULONG *np,
+my $n0="%ecx";	# const BN_ULONG n0,
+my $rep="%r8d";	# int repeat);
+
+# The registers that hold the accumulated redundant result
+# The AMM works on 1024 bit operands, and redundant word size is 29
+# Therefore: ceil(1024/29)/4 = 9
+my $ACC0="%ymm0";
+my $ACC1="%ymm1";
+my $ACC2="%ymm2";
+my $ACC3="%ymm3";
+my $ACC4="%ymm4";
+my $ACC5="%ymm5";
+my $ACC6="%ymm6";
+my $ACC7="%ymm7";
+my $ACC8="%ymm8";
+my $ACC9="%ymm9";
+# Registers that hold the broadcasted words of bp, currently used
+my $B1="%ymm10";
+my $B2="%ymm11";
+# Registers that hold the broadcasted words of Y, currently used
+my $Y1="%ymm12";
+my $Y2="%ymm13";
+# Helper registers
+my $TEMP1="%ymm14";
+my $AND_MASK="%ymm15";
+# alu registers that hold the first words of the ACC
+my $r0="%r9";
+my $r1="%r10";
+my $r2="%r11";
+my $r3="%r12";
+
+my $i="%r14d";			# loop counter
+my $tmp = "%r15";
+
+my $FrameSize=32*18+32*8;	# place for A^2 and 2*A
+
+my $aap=$r0;
+my $tp0="%rbx";
+my $tp1=$r3;
+my $tpa=$tmp;
+
+$np="%r13";			# reassigned argument
+
+$code.=<<___;
+.text
+
+.globl	rsaz_1024_sqr_avx2
+.type	rsaz_1024_sqr_avx2,\@function,5
+.align	64
+rsaz_1024_sqr_avx2:		# 702 cycles, 14% faster than rsaz_1024_mul_avx2
+.cfi_startproc
+	lea	(%rsp), %rax
+.cfi_def_cfa_register	%rax
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+	vzeroupper
+___
+$code.=<<___ if ($win64);
+	lea	-0xa8(%rsp),%rsp
+	vmovaps	%xmm6,-0xd8(%rax)
+	vmovaps	%xmm7,-0xc8(%rax)
+	vmovaps	%xmm8,-0xb8(%rax)
+	vmovaps	%xmm9,-0xa8(%rax)
+	vmovaps	%xmm10,-0x98(%rax)
+	vmovaps	%xmm11,-0x88(%rax)
+	vmovaps	%xmm12,-0x78(%rax)
+	vmovaps	%xmm13,-0x68(%rax)
+	vmovaps	%xmm14,-0x58(%rax)
+	vmovaps	%xmm15,-0x48(%rax)
+.Lsqr_1024_body:
+___
+$code.=<<___;
+	mov	%rax,%rbp
+.cfi_def_cfa_register	%rbp
+	mov	%rdx, $np			# reassigned argument
+	sub	\$$FrameSize, %rsp
+	mov	$np, $tmp
+	sub	\$-128, $rp			# size optimization
+	sub	\$-128, $ap
+	sub	\$-128, $np
+
+	and	\$4095, $tmp			# see if $np crosses page
+	add	\$32*10, $tmp
+	shr	\$12, $tmp
+	vpxor	$ACC9,$ACC9,$ACC9
+	jz	.Lsqr_1024_no_n_copy
+
+	# unaligned 256-bit load that crosses page boundary can
+	# cause >2x performance degradation here, so if $np does
+	# cross page boundary, copy it to stack and make sure stack
+	# frame doesn't...
+	sub		\$32*10,%rsp
+	vmovdqu		32*0-128($np), $ACC0
+	and		\$-2048, %rsp
+	vmovdqu		32*1-128($np), $ACC1
+	vmovdqu		32*2-128($np), $ACC2
+	vmovdqu		32*3-128($np), $ACC3
+	vmovdqu		32*4-128($np), $ACC4
+	vmovdqu		32*5-128($np), $ACC5
+	vmovdqu		32*6-128($np), $ACC6
+	vmovdqu		32*7-128($np), $ACC7
+	vmovdqu		32*8-128($np), $ACC8
+	lea		$FrameSize+128(%rsp),$np
+	vmovdqu		$ACC0, 32*0-128($np)
+	vmovdqu		$ACC1, 32*1-128($np)
+	vmovdqu		$ACC2, 32*2-128($np)
+	vmovdqu		$ACC3, 32*3-128($np)
+	vmovdqu		$ACC4, 32*4-128($np)
+	vmovdqu		$ACC5, 32*5-128($np)
+	vmovdqu		$ACC6, 32*6-128($np)
+	vmovdqu		$ACC7, 32*7-128($np)
+	vmovdqu		$ACC8, 32*8-128($np)
+	vmovdqu		$ACC9, 32*9-128($np)	# $ACC9 is zero
+
+.Lsqr_1024_no_n_copy:
+	and		\$-1024, %rsp
+
+	vmovdqu		32*1-128($ap), $ACC1
+	vmovdqu		32*2-128($ap), $ACC2
+	vmovdqu		32*3-128($ap), $ACC3
+	vmovdqu		32*4-128($ap), $ACC4
+	vmovdqu		32*5-128($ap), $ACC5
+	vmovdqu		32*6-128($ap), $ACC6
+	vmovdqu		32*7-128($ap), $ACC7
+	vmovdqu		32*8-128($ap), $ACC8
+
+	lea	192(%rsp), $tp0			# 64+128=192
+	vmovdqu	.Land_mask(%rip), $AND_MASK
+	jmp	.LOOP_GRANDE_SQR_1024
+
+.align	32
+.LOOP_GRANDE_SQR_1024:
+	lea	32*18+128(%rsp), $aap		# size optimization
+	lea	448(%rsp), $tp1			# 64+128+256=448
+
+	# the squaring is performed as described in Variant B of
+	# "Speeding up Big-Number Squaring", so start by calculating
+	# the A*2=A+A vector
+	vpaddq		$ACC1, $ACC1, $ACC1
+	 vpbroadcastq	32*0-128($ap), $B1
+	vpaddq		$ACC2, $ACC2, $ACC2
+	vmovdqa		$ACC1, 32*0-128($aap)
+	vpaddq		$ACC3, $ACC3, $ACC3
+	vmovdqa		$ACC2, 32*1-128($aap)
+	vpaddq		$ACC4, $ACC4, $ACC4
+	vmovdqa		$ACC3, 32*2-128($aap)
+	vpaddq		$ACC5, $ACC5, $ACC5
+	vmovdqa		$ACC4, 32*3-128($aap)
+	vpaddq		$ACC6, $ACC6, $ACC6
+	vmovdqa		$ACC5, 32*4-128($aap)
+	vpaddq		$ACC7, $ACC7, $ACC7
+	vmovdqa		$ACC6, 32*5-128($aap)
+	vpaddq		$ACC8, $ACC8, $ACC8
+	vmovdqa		$ACC7, 32*6-128($aap)
+	vpxor		$ACC9, $ACC9, $ACC9
+	vmovdqa		$ACC8, 32*7-128($aap)
+
+	vpmuludq	32*0-128($ap), $B1, $ACC0
+	 vpbroadcastq	32*1-128($ap), $B2
+	 vmovdqu	$ACC9, 32*9-192($tp0)	# zero upper half
+	vpmuludq	$B1, $ACC1, $ACC1
+	 vmovdqu	$ACC9, 32*10-448($tp1)
+	vpmuludq	$B1, $ACC2, $ACC2
+	 vmovdqu	$ACC9, 32*11-448($tp1)
+	vpmuludq	$B1, $ACC3, $ACC3
+	 vmovdqu	$ACC9, 32*12-448($tp1)
+	vpmuludq	$B1, $ACC4, $ACC4
+	 vmovdqu	$ACC9, 32*13-448($tp1)
+	vpmuludq	$B1, $ACC5, $ACC5
+	 vmovdqu	$ACC9, 32*14-448($tp1)
+	vpmuludq	$B1, $ACC6, $ACC6
+	 vmovdqu	$ACC9, 32*15-448($tp1)
+	vpmuludq	$B1, $ACC7, $ACC7
+	 vmovdqu	$ACC9, 32*16-448($tp1)
+	vpmuludq	$B1, $ACC8, $ACC8
+	 vpbroadcastq	32*2-128($ap), $B1
+	 vmovdqu	$ACC9, 32*17-448($tp1)
+
+	mov	$ap, $tpa
+	mov 	\$4, $i
+	jmp	.Lsqr_entry_1024
+___
+$TEMP0=$Y1;
+$TEMP2=$Y2;
+$code.=<<___;
+.align	32
+.LOOP_SQR_1024:
+	 vpbroadcastq	32*1-128($tpa), $B2
+	vpmuludq	32*0-128($ap), $B1, $ACC0
+	vpaddq		32*0-192($tp0), $ACC0, $ACC0
+	vpmuludq	32*0-128($aap), $B1, $ACC1
+	vpaddq		32*1-192($tp0), $ACC1, $ACC1
+	vpmuludq	32*1-128($aap), $B1, $ACC2
+	vpaddq		32*2-192($tp0), $ACC2, $ACC2
+	vpmuludq	32*2-128($aap), $B1, $ACC3
+	vpaddq		32*3-192($tp0), $ACC3, $ACC3
+	vpmuludq	32*3-128($aap), $B1, $ACC4
+	vpaddq		32*4-192($tp0), $ACC4, $ACC4
+	vpmuludq	32*4-128($aap), $B1, $ACC5
+	vpaddq		32*5-192($tp0), $ACC5, $ACC5
+	vpmuludq	32*5-128($aap), $B1, $ACC6
+	vpaddq		32*6-192($tp0), $ACC6, $ACC6
+	vpmuludq	32*6-128($aap), $B1, $ACC7
+	vpaddq		32*7-192($tp0), $ACC7, $ACC7
+	vpmuludq	32*7-128($aap), $B1, $ACC8
+	 vpbroadcastq	32*2-128($tpa), $B1
+	vpaddq		32*8-192($tp0), $ACC8, $ACC8
+.Lsqr_entry_1024:
+	vmovdqu		$ACC0, 32*0-192($tp0)
+	vmovdqu		$ACC1, 32*1-192($tp0)
+
+	vpmuludq	32*1-128($ap), $B2, $TEMP0
+	vpaddq		$TEMP0, $ACC2, $ACC2
+	vpmuludq	32*1-128($aap), $B2, $TEMP1
+	vpaddq		$TEMP1, $ACC3, $ACC3
+	vpmuludq	32*2-128($aap), $B2, $TEMP2
+	vpaddq		$TEMP2, $ACC4, $ACC4
+	vpmuludq	32*3-128($aap), $B2, $TEMP0
+	vpaddq		$TEMP0, $ACC5, $ACC5
+	vpmuludq	32*4-128($aap), $B2, $TEMP1
+	vpaddq		$TEMP1, $ACC6, $ACC6
+	vpmuludq	32*5-128($aap), $B2, $TEMP2
+	vpaddq		$TEMP2, $ACC7, $ACC7
+	vpmuludq	32*6-128($aap), $B2, $TEMP0
+	vpaddq		$TEMP0, $ACC8, $ACC8
+	vpmuludq	32*7-128($aap), $B2, $ACC0
+	 vpbroadcastq	32*3-128($tpa), $B2
+	vpaddq		32*9-192($tp0), $ACC0, $ACC0
+
+	vmovdqu		$ACC2, 32*2-192($tp0)
+	vmovdqu		$ACC3, 32*3-192($tp0)
+
+	vpmuludq	32*2-128($ap), $B1, $TEMP2
+	vpaddq		$TEMP2, $ACC4, $ACC4
+	vpmuludq	32*2-128($aap), $B1, $TEMP0
+	vpaddq		$TEMP0, $ACC5, $ACC5
+	vpmuludq	32*3-128($aap), $B1, $TEMP1
+	vpaddq		$TEMP1, $ACC6, $ACC6
+	vpmuludq	32*4-128($aap), $B1, $TEMP2
+	vpaddq		$TEMP2, $ACC7, $ACC7
+	vpmuludq	32*5-128($aap), $B1, $TEMP0
+	vpaddq		$TEMP0, $ACC8, $ACC8
+	vpmuludq	32*6-128($aap), $B1, $TEMP1
+	vpaddq		$TEMP1, $ACC0, $ACC0
+	vpmuludq	32*7-128($aap), $B1, $ACC1
+	 vpbroadcastq	32*4-128($tpa), $B1
+	vpaddq		32*10-448($tp1), $ACC1, $ACC1
+
+	vmovdqu		$ACC4, 32*4-192($tp0)
+	vmovdqu		$ACC5, 32*5-192($tp0)
+
+	vpmuludq	32*3-128($ap), $B2, $TEMP0
+	vpaddq		$TEMP0, $ACC6, $ACC6
+	vpmuludq	32*3-128($aap), $B2, $TEMP1
+	vpaddq		$TEMP1, $ACC7, $ACC7
+	vpmuludq	32*4-128($aap), $B2, $TEMP2
+	vpaddq		$TEMP2, $ACC8, $ACC8
+	vpmuludq	32*5-128($aap), $B2, $TEMP0
+	vpaddq		$TEMP0, $ACC0, $ACC0
+	vpmuludq	32*6-128($aap), $B2, $TEMP1
+	vpaddq		$TEMP1, $ACC1, $ACC1
+	vpmuludq	32*7-128($aap), $B2, $ACC2
+	 vpbroadcastq	32*5-128($tpa), $B2
+	vpaddq		32*11-448($tp1), $ACC2, $ACC2
+
+	vmovdqu		$ACC6, 32*6-192($tp0)
+	vmovdqu		$ACC7, 32*7-192($tp0)
+
+	vpmuludq	32*4-128($ap), $B1, $TEMP0
+	vpaddq		$TEMP0, $ACC8, $ACC8
+	vpmuludq	32*4-128($aap), $B1, $TEMP1
+	vpaddq		$TEMP1, $ACC0, $ACC0
+	vpmuludq	32*5-128($aap), $B1, $TEMP2
+	vpaddq		$TEMP2, $ACC1, $ACC1
+	vpmuludq	32*6-128($aap), $B1, $TEMP0
+	vpaddq		$TEMP0, $ACC2, $ACC2
+	vpmuludq	32*7-128($aap), $B1, $ACC3
+	 vpbroadcastq	32*6-128($tpa), $B1
+	vpaddq		32*12-448($tp1), $ACC3, $ACC3
+
+	vmovdqu		$ACC8, 32*8-192($tp0)
+	vmovdqu		$ACC0, 32*9-192($tp0)
+	lea		8($tp0), $tp0
+
+	vpmuludq	32*5-128($ap), $B2, $TEMP2
+	vpaddq		$TEMP2, $ACC1, $ACC1
+	vpmuludq	32*5-128($aap), $B2, $TEMP0
+	vpaddq		$TEMP0, $ACC2, $ACC2
+	vpmuludq	32*6-128($aap), $B2, $TEMP1
+	vpaddq		$TEMP1, $ACC3, $ACC3
+	vpmuludq	32*7-128($aap), $B2, $ACC4
+	 vpbroadcastq	32*7-128($tpa), $B2
+	vpaddq		32*13-448($tp1), $ACC4, $ACC4
+
+	vmovdqu		$ACC1, 32*10-448($tp1)
+	vmovdqu		$ACC2, 32*11-448($tp1)
+
+	vpmuludq	32*6-128($ap), $B1, $TEMP0
+	vpaddq		$TEMP0, $ACC3, $ACC3
+	vpmuludq	32*6-128($aap), $B1, $TEMP1
+	 vpbroadcastq	32*8-128($tpa), $ACC0		# borrow $ACC0 for $B1
+	vpaddq		$TEMP1, $ACC4, $ACC4
+	vpmuludq	32*7-128($aap), $B1, $ACC5
+	 vpbroadcastq	32*0+8-128($tpa), $B1		# for next iteration
+	vpaddq		32*14-448($tp1), $ACC5, $ACC5
+
+	vmovdqu		$ACC3, 32*12-448($tp1)
+	vmovdqu		$ACC4, 32*13-448($tp1)
+	lea		8($tpa), $tpa
+
+	vpmuludq	32*7-128($ap), $B2, $TEMP0
+	vpaddq		$TEMP0, $ACC5, $ACC5
+	vpmuludq	32*7-128($aap), $B2, $ACC6
+	vpaddq		32*15-448($tp1), $ACC6, $ACC6
+
+	vpmuludq	32*8-128($ap), $ACC0, $ACC7
+	vmovdqu		$ACC5, 32*14-448($tp1)
+	vpaddq		32*16-448($tp1), $ACC7, $ACC7
+	vmovdqu		$ACC6, 32*15-448($tp1)
+	vmovdqu		$ACC7, 32*16-448($tp1)
+	lea		8($tp1), $tp1
+
+	dec	$i
+	jnz	.LOOP_SQR_1024
+___
+$ZERO = $ACC9;
+$TEMP0 = $B1;
+$TEMP2 = $B2;
+$TEMP3 = $Y1;
+$TEMP4 = $Y2;
+$code.=<<___;
+	# we need to fix indices 32-39 to avoid overflow
+	vmovdqu		32*8(%rsp), $ACC8		# 32*8-192($tp0),
+	vmovdqu		32*9(%rsp), $ACC1		# 32*9-192($tp0)
+	vmovdqu		32*10(%rsp), $ACC2		# 32*10-192($tp0)
+	lea		192(%rsp), $tp0			# 64+128=192
+
+	vpsrlq		\$29, $ACC8, $TEMP1
+	vpand		$AND_MASK, $ACC8, $ACC8
+	vpsrlq		\$29, $ACC1, $TEMP2
+	vpand		$AND_MASK, $ACC1, $ACC1
+
+	vpermq		\$0x93, $TEMP1, $TEMP1
+	vpxor		$ZERO, $ZERO, $ZERO
+	vpermq		\$0x93, $TEMP2, $TEMP2
+
+	vpblendd	\$3, $ZERO, $TEMP1, $TEMP0
+	vpblendd	\$3, $TEMP1, $TEMP2, $TEMP1
+	vpaddq		$TEMP0, $ACC8, $ACC8
+	vpblendd	\$3, $TEMP2, $ZERO, $TEMP2
+	vpaddq		$TEMP1, $ACC1, $ACC1
+	vpaddq		$TEMP2, $ACC2, $ACC2
+	vmovdqu		$ACC1, 32*9-192($tp0)
+	vmovdqu		$ACC2, 32*10-192($tp0)
+
+	mov	(%rsp), %rax
+	mov	8(%rsp), $r1
+	mov	16(%rsp), $r2
+	mov	24(%rsp), $r3
+	vmovdqu	32*1(%rsp), $ACC1
+	vmovdqu	32*2-192($tp0), $ACC2
+	vmovdqu	32*3-192($tp0), $ACC3
+	vmovdqu	32*4-192($tp0), $ACC4
+	vmovdqu	32*5-192($tp0), $ACC5
+	vmovdqu	32*6-192($tp0), $ACC6
+	vmovdqu	32*7-192($tp0), $ACC7
+
+	mov	%rax, $r0
+	imull	$n0, %eax
+	and	\$0x1fffffff, %eax
+	vmovd	%eax, $Y1
+
+	mov	%rax, %rdx
+	imulq	-128($np), %rax
+	 vpbroadcastq	$Y1, $Y1
+	add	%rax, $r0
+	mov	%rdx, %rax
+	imulq	8-128($np), %rax
+	shr	\$29, $r0
+	add	%rax, $r1
+	mov	%rdx, %rax
+	imulq	16-128($np), %rax
+	add	$r0, $r1
+	add	%rax, $r2
+	imulq	24-128($np), %rdx
+	add	%rdx, $r3
+
+	mov	$r1, %rax
+	imull	$n0, %eax
+	and	\$0x1fffffff, %eax
+
+	mov \$9, $i
+	jmp .LOOP_REDUCE_1024
+
+.align	32
+.LOOP_REDUCE_1024:
+	vmovd	%eax, $Y2
+	vpbroadcastq	$Y2, $Y2
+
+	vpmuludq	32*1-128($np), $Y1, $TEMP0
+	 mov	%rax, %rdx
+	 imulq	-128($np), %rax
+	vpaddq		$TEMP0, $ACC1, $ACC1
+	 add	%rax, $r1
+	vpmuludq	32*2-128($np), $Y1, $TEMP1
+	 mov	%rdx, %rax
+	 imulq	8-128($np), %rax
+	vpaddq		$TEMP1, $ACC2, $ACC2
+	vpmuludq	32*3-128($np), $Y1, $TEMP2
+	 .byte	0x67
+	 add	%rax, $r2
+	 .byte	0x67
+	 mov	%rdx, %rax
+	 imulq	16-128($np), %rax
+	 shr	\$29, $r1
+	vpaddq		$TEMP2, $ACC3, $ACC3
+	vpmuludq	32*4-128($np), $Y1, $TEMP0
+	 add	%rax, $r3
+	 add	$r1, $r2
+	vpaddq		$TEMP0, $ACC4, $ACC4
+	vpmuludq	32*5-128($np), $Y1, $TEMP1
+	 mov	$r2, %rax
+	 imull	$n0, %eax
+	vpaddq		$TEMP1, $ACC5, $ACC5
+	vpmuludq	32*6-128($np), $Y1, $TEMP2
+	 and	\$0x1fffffff, %eax
+	vpaddq		$TEMP2, $ACC6, $ACC6
+	vpmuludq	32*7-128($np), $Y1, $TEMP0
+	vpaddq		$TEMP0, $ACC7, $ACC7
+	vpmuludq	32*8-128($np), $Y1, $TEMP1
+	 vmovd	%eax, $Y1
+	 #vmovdqu	32*1-8-128($np), $TEMP2		# moved below
+	vpaddq		$TEMP1, $ACC8, $ACC8
+	 #vmovdqu	32*2-8-128($np), $TEMP0		# moved below
+	 vpbroadcastq	$Y1, $Y1
+
+	vpmuludq	32*1-8-128($np), $Y2, $TEMP2	# see above
+	vmovdqu		32*3-8-128($np), $TEMP1
+	 mov	%rax, %rdx
+	 imulq	-128($np), %rax
+	vpaddq		$TEMP2, $ACC1, $ACC1
+	vpmuludq	32*2-8-128($np), $Y2, $TEMP0	# see above
+	vmovdqu		32*4-8-128($np), $TEMP2
+	 add	%rax, $r2
+	 mov	%rdx, %rax
+	 imulq	8-128($np), %rax
+	vpaddq		$TEMP0, $ACC2, $ACC2
+	 add	$r3, %rax
+	 shr	\$29, $r2
+	vpmuludq	$Y2, $TEMP1, $TEMP1
+	vmovdqu		32*5-8-128($np), $TEMP0
+	 add	$r2, %rax
+	vpaddq		$TEMP1, $ACC3, $ACC3
+	vpmuludq	$Y2, $TEMP2, $TEMP2
+	vmovdqu		32*6-8-128($np), $TEMP1
+	 .byte	0x67
+	 mov	%rax, $r3
+	 imull	$n0, %eax
+	vpaddq		$TEMP2, $ACC4, $ACC4
+	vpmuludq	$Y2, $TEMP0, $TEMP0
+	.byte	0xc4,0x41,0x7e,0x6f,0x9d,0x58,0x00,0x00,0x00	# vmovdqu		32*7-8-128($np), $TEMP2
+	 and	\$0x1fffffff, %eax
+	vpaddq		$TEMP0, $ACC5, $ACC5
+	vpmuludq	$Y2, $TEMP1, $TEMP1
+	vmovdqu		32*8-8-128($np), $TEMP0
+	vpaddq		$TEMP1, $ACC6, $ACC6
+	vpmuludq	$Y2, $TEMP2, $TEMP2
+	vmovdqu		32*9-8-128($np), $ACC9
+	 vmovd	%eax, $ACC0			# borrow ACC0 for Y2
+	 imulq	-128($np), %rax
+	vpaddq		$TEMP2, $ACC7, $ACC7
+	vpmuludq	$Y2, $TEMP0, $TEMP0
+	 vmovdqu	32*1-16-128($np), $TEMP1
+	 vpbroadcastq	$ACC0, $ACC0
+	vpaddq		$TEMP0, $ACC8, $ACC8
+	vpmuludq	$Y2, $ACC9, $ACC9
+	 vmovdqu	32*2-16-128($np), $TEMP2
+	 add	%rax, $r3
+
+___
+($ACC0,$Y2)=($Y2,$ACC0);
+$code.=<<___;
+	 vmovdqu	32*1-24-128($np), $ACC0
+	vpmuludq	$Y1, $TEMP1, $TEMP1
+	vmovdqu		32*3-16-128($np), $TEMP0
+	vpaddq		$TEMP1, $ACC1, $ACC1
+	 vpmuludq	$Y2, $ACC0, $ACC0
+	vpmuludq	$Y1, $TEMP2, $TEMP2
+	.byte	0xc4,0x41,0x7e,0x6f,0xb5,0xf0,0xff,0xff,0xff	# vmovdqu		32*4-16-128($np), $TEMP1
+	 vpaddq		$ACC1, $ACC0, $ACC0
+	vpaddq		$TEMP2, $ACC2, $ACC2
+	vpmuludq	$Y1, $TEMP0, $TEMP0
+	vmovdqu		32*5-16-128($np), $TEMP2
+	 .byte	0x67
+	 vmovq		$ACC0, %rax
+	 vmovdqu	$ACC0, (%rsp)		# transfer $r0-$r3
+	vpaddq		$TEMP0, $ACC3, $ACC3
+	vpmuludq	$Y1, $TEMP1, $TEMP1
+	vmovdqu		32*6-16-128($np), $TEMP0
+	vpaddq		$TEMP1, $ACC4, $ACC4
+	vpmuludq	$Y1, $TEMP2, $TEMP2
+	vmovdqu		32*7-16-128($np), $TEMP1
+	vpaddq		$TEMP2, $ACC5, $ACC5
+	vpmuludq	$Y1, $TEMP0, $TEMP0
+	vmovdqu		32*8-16-128($np), $TEMP2
+	vpaddq		$TEMP0, $ACC6, $ACC6
+	vpmuludq	$Y1, $TEMP1, $TEMP1
+	 shr	\$29, $r3
+	vmovdqu		32*9-16-128($np), $TEMP0
+	 add	$r3, %rax
+	vpaddq		$TEMP1, $ACC7, $ACC7
+	vpmuludq	$Y1, $TEMP2, $TEMP2
+	 #vmovdqu	32*2-24-128($np), $TEMP1	# moved below
+	 mov	%rax, $r0
+	 imull	$n0, %eax
+	vpaddq		$TEMP2, $ACC8, $ACC8
+	vpmuludq	$Y1, $TEMP0, $TEMP0
+	 and	\$0x1fffffff, %eax
+	 vmovd	%eax, $Y1
+	 vmovdqu	32*3-24-128($np), $TEMP2
+	.byte	0x67
+	vpaddq		$TEMP0, $ACC9, $ACC9
+	 vpbroadcastq	$Y1, $Y1
+
+	vpmuludq	32*2-24-128($np), $Y2, $TEMP1	# see above
+	vmovdqu		32*4-24-128($np), $TEMP0
+	 mov	%rax, %rdx
+	 imulq	-128($np), %rax
+	 mov	8(%rsp), $r1
+	vpaddq		$TEMP1, $ACC2, $ACC1
+	vpmuludq	$Y2, $TEMP2, $TEMP2
+	vmovdqu		32*5-24-128($np), $TEMP1
+	 add	%rax, $r0
+	 mov	%rdx, %rax
+	 imulq	8-128($np), %rax
+	 .byte	0x67
+	 shr	\$29, $r0
+	 mov	16(%rsp), $r2
+	vpaddq		$TEMP2, $ACC3, $ACC2
+	vpmuludq	$Y2, $TEMP0, $TEMP0
+	vmovdqu		32*6-24-128($np), $TEMP2
+	 add	%rax, $r1
+	 mov	%rdx, %rax
+	 imulq	16-128($np), %rax
+	vpaddq		$TEMP0, $ACC4, $ACC3
+	vpmuludq	$Y2, $TEMP1, $TEMP1
+	vmovdqu		32*7-24-128($np), $TEMP0
+	 imulq	24-128($np), %rdx		# future $r3
+	 add	%rax, $r2
+	 lea	($r0,$r1), %rax
+	vpaddq		$TEMP1, $ACC5, $ACC4
+	vpmuludq	$Y2, $TEMP2, $TEMP2
+	vmovdqu		32*8-24-128($np), $TEMP1
+	 mov	%rax, $r1
+	 imull	$n0, %eax
+	vpmuludq	$Y2, $TEMP0, $TEMP0
+	vpaddq		$TEMP2, $ACC6, $ACC5
+	vmovdqu		32*9-24-128($np), $TEMP2
+	 and	\$0x1fffffff, %eax
+	vpaddq		$TEMP0, $ACC7, $ACC6
+	vpmuludq	$Y2, $TEMP1, $TEMP1
+	 add	24(%rsp), %rdx
+	vpaddq		$TEMP1, $ACC8, $ACC7
+	vpmuludq	$Y2, $TEMP2, $TEMP2
+	vpaddq		$TEMP2, $ACC9, $ACC8
+	 vmovq	$r3, $ACC9
+	 mov	%rdx, $r3
+
+	dec	$i
+	jnz	.LOOP_REDUCE_1024
+___
+($ACC0,$Y2)=($Y2,$ACC0);
+$code.=<<___;
+	lea	448(%rsp), $tp1			# size optimization
+	vpaddq	$ACC9, $Y2, $ACC0
+	vpxor	$ZERO, $ZERO, $ZERO
+
+	vpaddq		32*9-192($tp0), $ACC0, $ACC0
+	vpaddq		32*10-448($tp1), $ACC1, $ACC1
+	vpaddq		32*11-448($tp1), $ACC2, $ACC2
+	vpaddq		32*12-448($tp1), $ACC3, $ACC3
+	vpaddq		32*13-448($tp1), $ACC4, $ACC4
+	vpaddq		32*14-448($tp1), $ACC5, $ACC5
+	vpaddq		32*15-448($tp1), $ACC6, $ACC6
+	vpaddq		32*16-448($tp1), $ACC7, $ACC7
+	vpaddq		32*17-448($tp1), $ACC8, $ACC8
+
+	vpsrlq		\$29, $ACC0, $TEMP1
+	vpand		$AND_MASK, $ACC0, $ACC0
+	vpsrlq		\$29, $ACC1, $TEMP2
+	vpand		$AND_MASK, $ACC1, $ACC1
+	vpsrlq		\$29, $ACC2, $TEMP3
+	vpermq		\$0x93, $TEMP1, $TEMP1
+	vpand		$AND_MASK, $ACC2, $ACC2
+	vpsrlq		\$29, $ACC3, $TEMP4
+	vpermq		\$0x93, $TEMP2, $TEMP2
+	vpand		$AND_MASK, $ACC3, $ACC3
+	vpermq		\$0x93, $TEMP3, $TEMP3
+
+	vpblendd	\$3, $ZERO, $TEMP1, $TEMP0
+	vpermq		\$0x93, $TEMP4, $TEMP4
+	vpblendd	\$3, $TEMP1, $TEMP2, $TEMP1
+	vpaddq		$TEMP0, $ACC0, $ACC0
+	vpblendd	\$3, $TEMP2, $TEMP3, $TEMP2
+	vpaddq		$TEMP1, $ACC1, $ACC1
+	vpblendd	\$3, $TEMP3, $TEMP4, $TEMP3
+	vpaddq		$TEMP2, $ACC2, $ACC2
+	vpblendd	\$3, $TEMP4, $ZERO, $TEMP4
+	vpaddq		$TEMP3, $ACC3, $ACC3
+	vpaddq		$TEMP4, $ACC4, $ACC4
+
+	vpsrlq		\$29, $ACC0, $TEMP1
+	vpand		$AND_MASK, $ACC0, $ACC0
+	vpsrlq		\$29, $ACC1, $TEMP2
+	vpand		$AND_MASK, $ACC1, $ACC1
+	vpsrlq		\$29, $ACC2, $TEMP3
+	vpermq		\$0x93, $TEMP1, $TEMP1
+	vpand		$AND_MASK, $ACC2, $ACC2
+	vpsrlq		\$29, $ACC3, $TEMP4
+	vpermq		\$0x93, $TEMP2, $TEMP2
+	vpand		$AND_MASK, $ACC3, $ACC3
+	vpermq		\$0x93, $TEMP3, $TEMP3
+
+	vpblendd	\$3, $ZERO, $TEMP1, $TEMP0
+	vpermq		\$0x93, $TEMP4, $TEMP4
+	vpblendd	\$3, $TEMP1, $TEMP2, $TEMP1
+	vpaddq		$TEMP0, $ACC0, $ACC0
+	vpblendd	\$3, $TEMP2, $TEMP3, $TEMP2
+	vpaddq		$TEMP1, $ACC1, $ACC1
+	vmovdqu		$ACC0, 32*0-128($rp)
+	vpblendd	\$3, $TEMP3, $TEMP4, $TEMP3
+	vpaddq		$TEMP2, $ACC2, $ACC2
+	vmovdqu		$ACC1, 32*1-128($rp)
+	vpblendd	\$3, $TEMP4, $ZERO, $TEMP4
+	vpaddq		$TEMP3, $ACC3, $ACC3
+	vmovdqu		$ACC2, 32*2-128($rp)
+	vpaddq		$TEMP4, $ACC4, $ACC4
+	vmovdqu		$ACC3, 32*3-128($rp)
+___
+$TEMP5=$ACC0;
+$code.=<<___;
+	vpsrlq		\$29, $ACC4, $TEMP1
+	vpand		$AND_MASK, $ACC4, $ACC4
+	vpsrlq		\$29, $ACC5, $TEMP2
+	vpand		$AND_MASK, $ACC5, $ACC5
+	vpsrlq		\$29, $ACC6, $TEMP3
+	vpermq		\$0x93, $TEMP1, $TEMP1
+	vpand		$AND_MASK, $ACC6, $ACC6
+	vpsrlq		\$29, $ACC7, $TEMP4
+	vpermq		\$0x93, $TEMP2, $TEMP2
+	vpand		$AND_MASK, $ACC7, $ACC7
+	vpsrlq		\$29, $ACC8, $TEMP5
+	vpermq		\$0x93, $TEMP3, $TEMP3
+	vpand		$AND_MASK, $ACC8, $ACC8
+	vpermq		\$0x93, $TEMP4, $TEMP4
+
+	vpblendd	\$3, $ZERO, $TEMP1, $TEMP0
+	vpermq		\$0x93, $TEMP5, $TEMP5
+	vpblendd	\$3, $TEMP1, $TEMP2, $TEMP1
+	vpaddq		$TEMP0, $ACC4, $ACC4
+	vpblendd	\$3, $TEMP2, $TEMP3, $TEMP2
+	vpaddq		$TEMP1, $ACC5, $ACC5
+	vpblendd	\$3, $TEMP3, $TEMP4, $TEMP3
+	vpaddq		$TEMP2, $ACC6, $ACC6
+	vpblendd	\$3, $TEMP4, $TEMP5, $TEMP4
+	vpaddq		$TEMP3, $ACC7, $ACC7
+	vpaddq		$TEMP4, $ACC8, $ACC8
+
+	vpsrlq		\$29, $ACC4, $TEMP1
+	vpand		$AND_MASK, $ACC4, $ACC4
+	vpsrlq		\$29, $ACC5, $TEMP2
+	vpand		$AND_MASK, $ACC5, $ACC5
+	vpsrlq		\$29, $ACC6, $TEMP3
+	vpermq		\$0x93, $TEMP1, $TEMP1
+	vpand		$AND_MASK, $ACC6, $ACC6
+	vpsrlq		\$29, $ACC7, $TEMP4
+	vpermq		\$0x93, $TEMP2, $TEMP2
+	vpand		$AND_MASK, $ACC7, $ACC7
+	vpsrlq		\$29, $ACC8, $TEMP5
+	vpermq		\$0x93, $TEMP3, $TEMP3
+	vpand		$AND_MASK, $ACC8, $ACC8
+	vpermq		\$0x93, $TEMP4, $TEMP4
+
+	vpblendd	\$3, $ZERO, $TEMP1, $TEMP0
+	vpermq		\$0x93, $TEMP5, $TEMP5
+	vpblendd	\$3, $TEMP1, $TEMP2, $TEMP1
+	vpaddq		$TEMP0, $ACC4, $ACC4
+	vpblendd	\$3, $TEMP2, $TEMP3, $TEMP2
+	vpaddq		$TEMP1, $ACC5, $ACC5
+	vmovdqu		$ACC4, 32*4-128($rp)
+	vpblendd	\$3, $TEMP3, $TEMP4, $TEMP3
+	vpaddq		$TEMP2, $ACC6, $ACC6
+	vmovdqu		$ACC5, 32*5-128($rp)
+	vpblendd	\$3, $TEMP4, $TEMP5, $TEMP4
+	vpaddq		$TEMP3, $ACC7, $ACC7
+	vmovdqu		$ACC6, 32*6-128($rp)
+	vpaddq		$TEMP4, $ACC8, $ACC8
+	vmovdqu		$ACC7, 32*7-128($rp)
+	vmovdqu		$ACC8, 32*8-128($rp)
+
+	mov	$rp, $ap
+	dec	$rep
+	jne	.LOOP_GRANDE_SQR_1024
+
+	vzeroall
+	mov	%rbp, %rax
+.cfi_def_cfa_register	%rax
+___
+$code.=<<___ if ($win64);
+.Lsqr_1024_in_tail:
+	movaps	-0xd8(%rax),%xmm6
+	movaps	-0xc8(%rax),%xmm7
+	movaps	-0xb8(%rax),%xmm8
+	movaps	-0xa8(%rax),%xmm9
+	movaps	-0x98(%rax),%xmm10
+	movaps	-0x88(%rax),%xmm11
+	movaps	-0x78(%rax),%xmm12
+	movaps	-0x68(%rax),%xmm13
+	movaps	-0x58(%rax),%xmm14
+	movaps	-0x48(%rax),%xmm15
+___
+$code.=<<___;
+	mov	-48(%rax),%r15
+.cfi_restore	%r15
+	mov	-40(%rax),%r14
+.cfi_restore	%r14
+	mov	-32(%rax),%r13
+.cfi_restore	%r13
+	mov	-24(%rax),%r12
+.cfi_restore	%r12
+	mov	-16(%rax),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rax),%rbx
+.cfi_restore	%rbx
+	lea	(%rax),%rsp		# restore %rsp
+.cfi_def_cfa_register	%rsp
+.Lsqr_1024_epilogue:
+	ret
+.cfi_endproc
+.size	rsaz_1024_sqr_avx2,.-rsaz_1024_sqr_avx2
+___
+}
+
+{ # void AMM_WW(
+my $rp="%rdi";	# BN_ULONG *rp,
+my $ap="%rsi";	# const BN_ULONG *ap,
+my $bp="%rdx";	# const BN_ULONG *bp,
+my $np="%rcx";	# const BN_ULONG *np,
+my $n0="%r8d";	# unsigned int n0);
+
+# The registers that hold the accumulated redundant result
+# The AMM works on 1024 bit operands, and redundant word size is 29
+# Therefore: ceil(1024/29)/4 = 9
+my $ACC0="%ymm0";
+my $ACC1="%ymm1";
+my $ACC2="%ymm2";
+my $ACC3="%ymm3";
+my $ACC4="%ymm4";
+my $ACC5="%ymm5";
+my $ACC6="%ymm6";
+my $ACC7="%ymm7";
+my $ACC8="%ymm8";
+my $ACC9="%ymm9";
+
+# Registers that hold the broadcasted words of multiplier, currently used
+my $Bi="%ymm10";
+my $Yi="%ymm11";
+
+# Helper registers
+my $TEMP0=$ACC0;
+my $TEMP1="%ymm12";
+my $TEMP2="%ymm13";
+my $ZERO="%ymm14";
+my $AND_MASK="%ymm15";
+
+# alu registers that hold the first words of the ACC
+my $r0="%r9";
+my $r1="%r10";
+my $r2="%r11";
+my $r3="%r12";
+
+my $i="%r14d";
+my $tmp="%r15";
+
+$bp="%r13";	# reassigned argument
+
+$code.=<<___;
+.globl	rsaz_1024_mul_avx2
+.type	rsaz_1024_mul_avx2,\@function,5
+.align	64
+rsaz_1024_mul_avx2:
+.cfi_startproc
+	lea	(%rsp), %rax
+.cfi_def_cfa_register	%rax
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+___
+$code.=<<___ if ($win64);
+	vzeroupper
+	lea	-0xa8(%rsp),%rsp
+	vmovaps	%xmm6,-0xd8(%rax)
+	vmovaps	%xmm7,-0xc8(%rax)
+	vmovaps	%xmm8,-0xb8(%rax)
+	vmovaps	%xmm9,-0xa8(%rax)
+	vmovaps	%xmm10,-0x98(%rax)
+	vmovaps	%xmm11,-0x88(%rax)
+	vmovaps	%xmm12,-0x78(%rax)
+	vmovaps	%xmm13,-0x68(%rax)
+	vmovaps	%xmm14,-0x58(%rax)
+	vmovaps	%xmm15,-0x48(%rax)
+.Lmul_1024_body:
+___
+$code.=<<___;
+	mov	%rax,%rbp
+.cfi_def_cfa_register	%rbp
+	vzeroall
+	mov	%rdx, $bp	# reassigned argument
+	sub	\$64,%rsp
+
+	# unaligned 256-bit load that crosses page boundary can
+	# cause severe performance degradation here, so if $ap does
+	# cross page boundary, swap it with $bp [meaning that caller
+	# is advised to lay down $ap and $bp next to each other, so
+	# that only one can cross page boundary].
+	.byte	0x67,0x67
+	mov	$ap, $tmp
+	and	\$4095, $tmp
+	add	\$32*10, $tmp
+	shr	\$12, $tmp
+	mov	$ap, $tmp
+	cmovnz	$bp, $ap
+	cmovnz	$tmp, $bp
+
+	mov	$np, $tmp
+	sub	\$-128,$ap	# size optimization
+	sub	\$-128,$np
+	sub	\$-128,$rp
+
+	and	\$4095, $tmp	# see if $np crosses page
+	add	\$32*10, $tmp
+	.byte	0x67,0x67
+	shr	\$12, $tmp
+	jz	.Lmul_1024_no_n_copy
+
+	# unaligned 256-bit load that crosses page boundary can
+	# cause severe performance degradation here, so if $np does
+	# cross page boundary, copy it to stack and make sure stack
+	# frame doesn't...
+	sub		\$32*10,%rsp
+	vmovdqu		32*0-128($np), $ACC0
+	and		\$-512, %rsp
+	vmovdqu		32*1-128($np), $ACC1
+	vmovdqu		32*2-128($np), $ACC2
+	vmovdqu		32*3-128($np), $ACC3
+	vmovdqu		32*4-128($np), $ACC4
+	vmovdqu		32*5-128($np), $ACC5
+	vmovdqu		32*6-128($np), $ACC6
+	vmovdqu		32*7-128($np), $ACC7
+	vmovdqu		32*8-128($np), $ACC8
+	lea		64+128(%rsp),$np
+	vmovdqu		$ACC0, 32*0-128($np)
+	vpxor		$ACC0, $ACC0, $ACC0
+	vmovdqu		$ACC1, 32*1-128($np)
+	vpxor		$ACC1, $ACC1, $ACC1
+	vmovdqu		$ACC2, 32*2-128($np)
+	vpxor		$ACC2, $ACC2, $ACC2
+	vmovdqu		$ACC3, 32*3-128($np)
+	vpxor		$ACC3, $ACC3, $ACC3
+	vmovdqu		$ACC4, 32*4-128($np)
+	vpxor		$ACC4, $ACC4, $ACC4
+	vmovdqu		$ACC5, 32*5-128($np)
+	vpxor		$ACC5, $ACC5, $ACC5
+	vmovdqu		$ACC6, 32*6-128($np)
+	vpxor		$ACC6, $ACC6, $ACC6
+	vmovdqu		$ACC7, 32*7-128($np)
+	vpxor		$ACC7, $ACC7, $ACC7
+	vmovdqu		$ACC8, 32*8-128($np)
+	vmovdqa		$ACC0, $ACC8
+	vmovdqu		$ACC9, 32*9-128($np)	# $ACC9 is zero after vzeroall
+.Lmul_1024_no_n_copy:
+	and	\$-64,%rsp
+
+	mov	($bp), %rbx
+	vpbroadcastq ($bp), $Bi
+	vmovdqu	$ACC0, (%rsp)			# clear top of stack
+	xor	$r0, $r0
+	.byte	0x67
+	xor	$r1, $r1
+	xor	$r2, $r2
+	xor	$r3, $r3
+
+	vmovdqu	.Land_mask(%rip), $AND_MASK
+	mov	\$9, $i
+	vmovdqu	$ACC9, 32*9-128($rp)		# $ACC9 is zero after vzeroall
+	jmp	.Loop_mul_1024
+
+.align	32
+.Loop_mul_1024:
+	 vpsrlq		\$29, $ACC3, $ACC9		# correct $ACC3(*)
+	mov	%rbx, %rax
+	imulq	-128($ap), %rax
+	add	$r0, %rax
+	mov	%rbx, $r1
+	imulq	8-128($ap), $r1
+	add	8(%rsp), $r1
+
+	mov	%rax, $r0
+	imull	$n0, %eax
+	and	\$0x1fffffff, %eax
+
+	 mov	%rbx, $r2
+	 imulq	16-128($ap), $r2
+	 add	16(%rsp), $r2
+
+	 mov	%rbx, $r3
+	 imulq	24-128($ap), $r3
+	 add	24(%rsp), $r3
+	vpmuludq	32*1-128($ap),$Bi,$TEMP0
+	 vmovd		%eax, $Yi
+	vpaddq		$TEMP0,$ACC1,$ACC1
+	vpmuludq	32*2-128($ap),$Bi,$TEMP1
+	 vpbroadcastq	$Yi, $Yi
+	vpaddq		$TEMP1,$ACC2,$ACC2
+	vpmuludq	32*3-128($ap),$Bi,$TEMP2
+	 vpand		$AND_MASK, $ACC3, $ACC3		# correct $ACC3
+	vpaddq		$TEMP2,$ACC3,$ACC3
+	vpmuludq	32*4-128($ap),$Bi,$TEMP0
+	vpaddq		$TEMP0,$ACC4,$ACC4
+	vpmuludq	32*5-128($ap),$Bi,$TEMP1
+	vpaddq		$TEMP1,$ACC5,$ACC5
+	vpmuludq	32*6-128($ap),$Bi,$TEMP2
+	vpaddq		$TEMP2,$ACC6,$ACC6
+	vpmuludq	32*7-128($ap),$Bi,$TEMP0
+	 vpermq		\$0x93, $ACC9, $ACC9		# correct $ACC3
+	vpaddq		$TEMP0,$ACC7,$ACC7
+	vpmuludq	32*8-128($ap),$Bi,$TEMP1
+	 vpbroadcastq	8($bp), $Bi
+	vpaddq		$TEMP1,$ACC8,$ACC8
+
+	mov	%rax,%rdx
+	imulq	-128($np),%rax
+	add	%rax,$r0
+	mov	%rdx,%rax
+	imulq	8-128($np),%rax
+	add	%rax,$r1
+	mov	%rdx,%rax
+	imulq	16-128($np),%rax
+	add	%rax,$r2
+	shr	\$29, $r0
+	imulq	24-128($np),%rdx
+	add	%rdx,$r3
+	add	$r0, $r1
+
+	vpmuludq	32*1-128($np),$Yi,$TEMP2
+	 vmovq		$Bi, %rbx
+	vpaddq		$TEMP2,$ACC1,$ACC1
+	vpmuludq	32*2-128($np),$Yi,$TEMP0
+	vpaddq		$TEMP0,$ACC2,$ACC2
+	vpmuludq	32*3-128($np),$Yi,$TEMP1
+	vpaddq		$TEMP1,$ACC3,$ACC3
+	vpmuludq	32*4-128($np),$Yi,$TEMP2
+	vpaddq		$TEMP2,$ACC4,$ACC4
+	vpmuludq	32*5-128($np),$Yi,$TEMP0
+	vpaddq		$TEMP0,$ACC5,$ACC5
+	vpmuludq	32*6-128($np),$Yi,$TEMP1
+	vpaddq		$TEMP1,$ACC6,$ACC6
+	vpmuludq	32*7-128($np),$Yi,$TEMP2
+	 vpblendd	\$3, $ZERO, $ACC9, $TEMP1	# correct $ACC3
+	vpaddq		$TEMP2,$ACC7,$ACC7
+	vpmuludq	32*8-128($np),$Yi,$TEMP0
+	 vpaddq		$TEMP1, $ACC3, $ACC3		# correct $ACC3
+	vpaddq		$TEMP0,$ACC8,$ACC8
+
+	mov	%rbx, %rax
+	imulq	-128($ap),%rax
+	add	%rax,$r1
+	 vmovdqu	-8+32*1-128($ap),$TEMP1
+	mov	%rbx, %rax
+	imulq	8-128($ap),%rax
+	add	%rax,$r2
+	 vmovdqu	-8+32*2-128($ap),$TEMP2
+
+	mov	$r1, %rax
+	 vpblendd	\$0xfc, $ZERO, $ACC9, $ACC9	# correct $ACC3
+	imull	$n0, %eax
+	 vpaddq		$ACC9,$ACC4,$ACC4		# correct $ACC3
+	and	\$0x1fffffff, %eax
+
+	 imulq	16-128($ap),%rbx
+	 add	%rbx,$r3
+	vpmuludq	$Bi,$TEMP1,$TEMP1
+	 vmovd		%eax, $Yi
+	vmovdqu		-8+32*3-128($ap),$TEMP0
+	vpaddq		$TEMP1,$ACC1,$ACC1
+	vpmuludq	$Bi,$TEMP2,$TEMP2
+	 vpbroadcastq	$Yi, $Yi
+	vmovdqu		-8+32*4-128($ap),$TEMP1
+	vpaddq		$TEMP2,$ACC2,$ACC2
+	vpmuludq	$Bi,$TEMP0,$TEMP0
+	vmovdqu		-8+32*5-128($ap),$TEMP2
+	vpaddq		$TEMP0,$ACC3,$ACC3
+	vpmuludq	$Bi,$TEMP1,$TEMP1
+	vmovdqu		-8+32*6-128($ap),$TEMP0
+	vpaddq		$TEMP1,$ACC4,$ACC4
+	vpmuludq	$Bi,$TEMP2,$TEMP2
+	vmovdqu		-8+32*7-128($ap),$TEMP1
+	vpaddq		$TEMP2,$ACC5,$ACC5
+	vpmuludq	$Bi,$TEMP0,$TEMP0
+	vmovdqu		-8+32*8-128($ap),$TEMP2
+	vpaddq		$TEMP0,$ACC6,$ACC6
+	vpmuludq	$Bi,$TEMP1,$TEMP1
+	vmovdqu		-8+32*9-128($ap),$ACC9
+	vpaddq		$TEMP1,$ACC7,$ACC7
+	vpmuludq	$Bi,$TEMP2,$TEMP2
+	vpaddq		$TEMP2,$ACC8,$ACC8
+	vpmuludq	$Bi,$ACC9,$ACC9
+	 vpbroadcastq	16($bp), $Bi
+
+	mov	%rax,%rdx
+	imulq	-128($np),%rax
+	add	%rax,$r1
+	 vmovdqu	-8+32*1-128($np),$TEMP0
+	mov	%rdx,%rax
+	imulq	8-128($np),%rax
+	add	%rax,$r2
+	 vmovdqu	-8+32*2-128($np),$TEMP1
+	shr	\$29, $r1
+	imulq	16-128($np),%rdx
+	add	%rdx,$r3
+	add	$r1, $r2
+
+	vpmuludq	$Yi,$TEMP0,$TEMP0
+	 vmovq		$Bi, %rbx
+	vmovdqu		-8+32*3-128($np),$TEMP2
+	vpaddq		$TEMP0,$ACC1,$ACC1
+	vpmuludq	$Yi,$TEMP1,$TEMP1
+	vmovdqu		-8+32*4-128($np),$TEMP0
+	vpaddq		$TEMP1,$ACC2,$ACC2
+	vpmuludq	$Yi,$TEMP2,$TEMP2
+	vmovdqu		-8+32*5-128($np),$TEMP1
+	vpaddq		$TEMP2,$ACC3,$ACC3
+	vpmuludq	$Yi,$TEMP0,$TEMP0
+	vmovdqu		-8+32*6-128($np),$TEMP2
+	vpaddq		$TEMP0,$ACC4,$ACC4
+	vpmuludq	$Yi,$TEMP1,$TEMP1
+	vmovdqu		-8+32*7-128($np),$TEMP0
+	vpaddq		$TEMP1,$ACC5,$ACC5
+	vpmuludq	$Yi,$TEMP2,$TEMP2
+	vmovdqu		-8+32*8-128($np),$TEMP1
+	vpaddq		$TEMP2,$ACC6,$ACC6
+	vpmuludq	$Yi,$TEMP0,$TEMP0
+	vmovdqu		-8+32*9-128($np),$TEMP2
+	vpaddq		$TEMP0,$ACC7,$ACC7
+	vpmuludq	$Yi,$TEMP1,$TEMP1
+	vpaddq		$TEMP1,$ACC8,$ACC8
+	vpmuludq	$Yi,$TEMP2,$TEMP2
+	vpaddq		$TEMP2,$ACC9,$ACC9
+
+	 vmovdqu	-16+32*1-128($ap),$TEMP0
+	mov	%rbx,%rax
+	imulq	-128($ap),%rax
+	add	$r2,%rax
+
+	 vmovdqu	-16+32*2-128($ap),$TEMP1
+	mov	%rax,$r2
+	imull	$n0, %eax
+	and	\$0x1fffffff, %eax
+
+	 imulq	8-128($ap),%rbx
+	 add	%rbx,$r3
+	vpmuludq	$Bi,$TEMP0,$TEMP0
+	 vmovd		%eax, $Yi
+	vmovdqu		-16+32*3-128($ap),$TEMP2
+	vpaddq		$TEMP0,$ACC1,$ACC1
+	vpmuludq	$Bi,$TEMP1,$TEMP1
+	 vpbroadcastq	$Yi, $Yi
+	vmovdqu		-16+32*4-128($ap),$TEMP0
+	vpaddq		$TEMP1,$ACC2,$ACC2
+	vpmuludq	$Bi,$TEMP2,$TEMP2
+	vmovdqu		-16+32*5-128($ap),$TEMP1
+	vpaddq		$TEMP2,$ACC3,$ACC3
+	vpmuludq	$Bi,$TEMP0,$TEMP0
+	vmovdqu		-16+32*6-128($ap),$TEMP2
+	vpaddq		$TEMP0,$ACC4,$ACC4
+	vpmuludq	$Bi,$TEMP1,$TEMP1
+	vmovdqu		-16+32*7-128($ap),$TEMP0
+	vpaddq		$TEMP1,$ACC5,$ACC5
+	vpmuludq	$Bi,$TEMP2,$TEMP2
+	vmovdqu		-16+32*8-128($ap),$TEMP1
+	vpaddq		$TEMP2,$ACC6,$ACC6
+	vpmuludq	$Bi,$TEMP0,$TEMP0
+	vmovdqu		-16+32*9-128($ap),$TEMP2
+	vpaddq		$TEMP0,$ACC7,$ACC7
+	vpmuludq	$Bi,$TEMP1,$TEMP1
+	vpaddq		$TEMP1,$ACC8,$ACC8
+	vpmuludq	$Bi,$TEMP2,$TEMP2
+	 vpbroadcastq	24($bp), $Bi
+	vpaddq		$TEMP2,$ACC9,$ACC9
+
+	 vmovdqu	-16+32*1-128($np),$TEMP0
+	mov	%rax,%rdx
+	imulq	-128($np),%rax
+	add	%rax,$r2
+	 vmovdqu	-16+32*2-128($np),$TEMP1
+	imulq	8-128($np),%rdx
+	add	%rdx,$r3
+	shr	\$29, $r2
+
+	vpmuludq	$Yi,$TEMP0,$TEMP0
+	 vmovq		$Bi, %rbx
+	vmovdqu		-16+32*3-128($np),$TEMP2
+	vpaddq		$TEMP0,$ACC1,$ACC1
+	vpmuludq	$Yi,$TEMP1,$TEMP1
+	vmovdqu		-16+32*4-128($np),$TEMP0
+	vpaddq		$TEMP1,$ACC2,$ACC2
+	vpmuludq	$Yi,$TEMP2,$TEMP2
+	vmovdqu		-16+32*5-128($np),$TEMP1
+	vpaddq		$TEMP2,$ACC3,$ACC3
+	vpmuludq	$Yi,$TEMP0,$TEMP0
+	vmovdqu		-16+32*6-128($np),$TEMP2
+	vpaddq		$TEMP0,$ACC4,$ACC4
+	vpmuludq	$Yi,$TEMP1,$TEMP1
+	vmovdqu		-16+32*7-128($np),$TEMP0
+	vpaddq		$TEMP1,$ACC5,$ACC5
+	vpmuludq	$Yi,$TEMP2,$TEMP2
+	vmovdqu		-16+32*8-128($np),$TEMP1
+	vpaddq		$TEMP2,$ACC6,$ACC6
+	vpmuludq	$Yi,$TEMP0,$TEMP0
+	vmovdqu		-16+32*9-128($np),$TEMP2
+	vpaddq		$TEMP0,$ACC7,$ACC7
+	vpmuludq	$Yi,$TEMP1,$TEMP1
+	 vmovdqu	-24+32*1-128($ap),$TEMP0
+	vpaddq		$TEMP1,$ACC8,$ACC8
+	vpmuludq	$Yi,$TEMP2,$TEMP2
+	 vmovdqu	-24+32*2-128($ap),$TEMP1
+	vpaddq		$TEMP2,$ACC9,$ACC9
+
+	add	$r2, $r3
+	imulq	-128($ap),%rbx
+	add	%rbx,$r3
+
+	mov	$r3, %rax
+	imull	$n0, %eax
+	and	\$0x1fffffff, %eax
+
+	vpmuludq	$Bi,$TEMP0,$TEMP0
+	 vmovd		%eax, $Yi
+	vmovdqu		-24+32*3-128($ap),$TEMP2
+	vpaddq		$TEMP0,$ACC1,$ACC1
+	vpmuludq	$Bi,$TEMP1,$TEMP1
+	 vpbroadcastq	$Yi, $Yi
+	vmovdqu		-24+32*4-128($ap),$TEMP0
+	vpaddq		$TEMP1,$ACC2,$ACC2
+	vpmuludq	$Bi,$TEMP2,$TEMP2
+	vmovdqu		-24+32*5-128($ap),$TEMP1
+	vpaddq		$TEMP2,$ACC3,$ACC3
+	vpmuludq	$Bi,$TEMP0,$TEMP0
+	vmovdqu		-24+32*6-128($ap),$TEMP2
+	vpaddq		$TEMP0,$ACC4,$ACC4
+	vpmuludq	$Bi,$TEMP1,$TEMP1
+	vmovdqu		-24+32*7-128($ap),$TEMP0
+	vpaddq		$TEMP1,$ACC5,$ACC5
+	vpmuludq	$Bi,$TEMP2,$TEMP2
+	vmovdqu		-24+32*8-128($ap),$TEMP1
+	vpaddq		$TEMP2,$ACC6,$ACC6
+	vpmuludq	$Bi,$TEMP0,$TEMP0
+	vmovdqu		-24+32*9-128($ap),$TEMP2
+	vpaddq		$TEMP0,$ACC7,$ACC7
+	vpmuludq	$Bi,$TEMP1,$TEMP1
+	vpaddq		$TEMP1,$ACC8,$ACC8
+	vpmuludq	$Bi,$TEMP2,$TEMP2
+	 vpbroadcastq	32($bp), $Bi
+	vpaddq		$TEMP2,$ACC9,$ACC9
+	 add		\$32, $bp			# $bp++
+
+	vmovdqu		-24+32*1-128($np),$TEMP0
+	imulq	-128($np),%rax
+	add	%rax,$r3
+	shr	\$29, $r3
+
+	vmovdqu		-24+32*2-128($np),$TEMP1
+	vpmuludq	$Yi,$TEMP0,$TEMP0
+	 vmovq		$Bi, %rbx
+	vmovdqu		-24+32*3-128($np),$TEMP2
+	vpaddq		$TEMP0,$ACC1,$ACC0		# $ACC0==$TEMP0
+	vpmuludq	$Yi,$TEMP1,$TEMP1
+	 vmovdqu	$ACC0, (%rsp)			# transfer $r0-$r3
+	vpaddq		$TEMP1,$ACC2,$ACC1
+	vmovdqu		-24+32*4-128($np),$TEMP0
+	vpmuludq	$Yi,$TEMP2,$TEMP2
+	vmovdqu		-24+32*5-128($np),$TEMP1
+	vpaddq		$TEMP2,$ACC3,$ACC2
+	vpmuludq	$Yi,$TEMP0,$TEMP0
+	vmovdqu		-24+32*6-128($np),$TEMP2
+	vpaddq		$TEMP0,$ACC4,$ACC3
+	vpmuludq	$Yi,$TEMP1,$TEMP1
+	vmovdqu		-24+32*7-128($np),$TEMP0
+	vpaddq		$TEMP1,$ACC5,$ACC4
+	vpmuludq	$Yi,$TEMP2,$TEMP2
+	vmovdqu		-24+32*8-128($np),$TEMP1
+	vpaddq		$TEMP2,$ACC6,$ACC5
+	vpmuludq	$Yi,$TEMP0,$TEMP0
+	vmovdqu		-24+32*9-128($np),$TEMP2
+	 mov	$r3, $r0
+	vpaddq		$TEMP0,$ACC7,$ACC6
+	vpmuludq	$Yi,$TEMP1,$TEMP1
+	 add	(%rsp), $r0
+	vpaddq		$TEMP1,$ACC8,$ACC7
+	vpmuludq	$Yi,$TEMP2,$TEMP2
+	 vmovq	$r3, $TEMP1
+	vpaddq		$TEMP2,$ACC9,$ACC8
+
+	dec	$i
+	jnz	.Loop_mul_1024
+___
+
+# (*)	Original implementation was correcting ACC1-ACC3 for overflow
+#	after 7 loop runs, or after 28 iterations, or 56 additions.
+#	But as we underutilize resources, it's possible to correct in
+#	each iteration with marginal performance loss. But then, as
+#	we do it in each iteration, we can correct less digits, and
+#	avoid performance penalties completely.
+
+$TEMP0 = $ACC9;
+$TEMP3 = $Bi;
+$TEMP4 = $Yi;
+$code.=<<___;
+	vpaddq		(%rsp), $TEMP1, $ACC0
+
+	vpsrlq		\$29, $ACC0, $TEMP1
+	vpand		$AND_MASK, $ACC0, $ACC0
+	vpsrlq		\$29, $ACC1, $TEMP2
+	vpand		$AND_MASK, $ACC1, $ACC1
+	vpsrlq		\$29, $ACC2, $TEMP3
+	vpermq		\$0x93, $TEMP1, $TEMP1
+	vpand		$AND_MASK, $ACC2, $ACC2
+	vpsrlq		\$29, $ACC3, $TEMP4
+	vpermq		\$0x93, $TEMP2, $TEMP2
+	vpand		$AND_MASK, $ACC3, $ACC3
+
+	vpblendd	\$3, $ZERO, $TEMP1, $TEMP0
+	vpermq		\$0x93, $TEMP3, $TEMP3
+	vpblendd	\$3, $TEMP1, $TEMP2, $TEMP1
+	vpermq		\$0x93, $TEMP4, $TEMP4
+	vpaddq		$TEMP0, $ACC0, $ACC0
+	vpblendd	\$3, $TEMP2, $TEMP3, $TEMP2
+	vpaddq		$TEMP1, $ACC1, $ACC1
+	vpblendd	\$3, $TEMP3, $TEMP4, $TEMP3
+	vpaddq		$TEMP2, $ACC2, $ACC2
+	vpblendd	\$3, $TEMP4, $ZERO, $TEMP4
+	vpaddq		$TEMP3, $ACC3, $ACC3
+	vpaddq		$TEMP4, $ACC4, $ACC4
+
+	vpsrlq		\$29, $ACC0, $TEMP1
+	vpand		$AND_MASK, $ACC0, $ACC0
+	vpsrlq		\$29, $ACC1, $TEMP2
+	vpand		$AND_MASK, $ACC1, $ACC1
+	vpsrlq		\$29, $ACC2, $TEMP3
+	vpermq		\$0x93, $TEMP1, $TEMP1
+	vpand		$AND_MASK, $ACC2, $ACC2
+	vpsrlq		\$29, $ACC3, $TEMP4
+	vpermq		\$0x93, $TEMP2, $TEMP2
+	vpand		$AND_MASK, $ACC3, $ACC3
+	vpermq		\$0x93, $TEMP3, $TEMP3
+
+	vpblendd	\$3, $ZERO, $TEMP1, $TEMP0
+	vpermq		\$0x93, $TEMP4, $TEMP4
+	vpblendd	\$3, $TEMP1, $TEMP2, $TEMP1
+	vpaddq		$TEMP0, $ACC0, $ACC0
+	vpblendd	\$3, $TEMP2, $TEMP3, $TEMP2
+	vpaddq		$TEMP1, $ACC1, $ACC1
+	vpblendd	\$3, $TEMP3, $TEMP4, $TEMP3
+	vpaddq		$TEMP2, $ACC2, $ACC2
+	vpblendd	\$3, $TEMP4, $ZERO, $TEMP4
+	vpaddq		$TEMP3, $ACC3, $ACC3
+	vpaddq		$TEMP4, $ACC4, $ACC4
+
+	vmovdqu		$ACC0, 0-128($rp)
+	vmovdqu		$ACC1, 32-128($rp)
+	vmovdqu		$ACC2, 64-128($rp)
+	vmovdqu		$ACC3, 96-128($rp)
+___
+
+$TEMP5=$ACC0;
+$code.=<<___;
+	vpsrlq		\$29, $ACC4, $TEMP1
+	vpand		$AND_MASK, $ACC4, $ACC4
+	vpsrlq		\$29, $ACC5, $TEMP2
+	vpand		$AND_MASK, $ACC5, $ACC5
+	vpsrlq		\$29, $ACC6, $TEMP3
+	vpermq		\$0x93, $TEMP1, $TEMP1
+	vpand		$AND_MASK, $ACC6, $ACC6
+	vpsrlq		\$29, $ACC7, $TEMP4
+	vpermq		\$0x93, $TEMP2, $TEMP2
+	vpand		$AND_MASK, $ACC7, $ACC7
+	vpsrlq		\$29, $ACC8, $TEMP5
+	vpermq		\$0x93, $TEMP3, $TEMP3
+	vpand		$AND_MASK, $ACC8, $ACC8
+	vpermq		\$0x93, $TEMP4, $TEMP4
+
+	vpblendd	\$3, $ZERO, $TEMP1, $TEMP0
+	vpermq		\$0x93, $TEMP5, $TEMP5
+	vpblendd	\$3, $TEMP1, $TEMP2, $TEMP1
+	vpaddq		$TEMP0, $ACC4, $ACC4
+	vpblendd	\$3, $TEMP2, $TEMP3, $TEMP2
+	vpaddq		$TEMP1, $ACC5, $ACC5
+	vpblendd	\$3, $TEMP3, $TEMP4, $TEMP3
+	vpaddq		$TEMP2, $ACC6, $ACC6
+	vpblendd	\$3, $TEMP4, $TEMP5, $TEMP4
+	vpaddq		$TEMP3, $ACC7, $ACC7
+	vpaddq		$TEMP4, $ACC8, $ACC8
+
+	vpsrlq		\$29, $ACC4, $TEMP1
+	vpand		$AND_MASK, $ACC4, $ACC4
+	vpsrlq		\$29, $ACC5, $TEMP2
+	vpand		$AND_MASK, $ACC5, $ACC5
+	vpsrlq		\$29, $ACC6, $TEMP3
+	vpermq		\$0x93, $TEMP1, $TEMP1
+	vpand		$AND_MASK, $ACC6, $ACC6
+	vpsrlq		\$29, $ACC7, $TEMP4
+	vpermq		\$0x93, $TEMP2, $TEMP2
+	vpand		$AND_MASK, $ACC7, $ACC7
+	vpsrlq		\$29, $ACC8, $TEMP5
+	vpermq		\$0x93, $TEMP3, $TEMP3
+	vpand		$AND_MASK, $ACC8, $ACC8
+	vpermq		\$0x93, $TEMP4, $TEMP4
+
+	vpblendd	\$3, $ZERO, $TEMP1, $TEMP0
+	vpermq		\$0x93, $TEMP5, $TEMP5
+	vpblendd	\$3, $TEMP1, $TEMP2, $TEMP1
+	vpaddq		$TEMP0, $ACC4, $ACC4
+	vpblendd	\$3, $TEMP2, $TEMP3, $TEMP2
+	vpaddq		$TEMP1, $ACC5, $ACC5
+	vpblendd	\$3, $TEMP3, $TEMP4, $TEMP3
+	vpaddq		$TEMP2, $ACC6, $ACC6
+	vpblendd	\$3, $TEMP4, $TEMP5, $TEMP4
+	vpaddq		$TEMP3, $ACC7, $ACC7
+	vpaddq		$TEMP4, $ACC8, $ACC8
+
+	vmovdqu		$ACC4, 128-128($rp)
+	vmovdqu		$ACC5, 160-128($rp)
+	vmovdqu		$ACC6, 192-128($rp)
+	vmovdqu		$ACC7, 224-128($rp)
+	vmovdqu		$ACC8, 256-128($rp)
+	vzeroupper
+
+	mov	%rbp, %rax
+.cfi_def_cfa_register	%rax
+___
+$code.=<<___ if ($win64);
+.Lmul_1024_in_tail:
+	movaps	-0xd8(%rax),%xmm6
+	movaps	-0xc8(%rax),%xmm7
+	movaps	-0xb8(%rax),%xmm8
+	movaps	-0xa8(%rax),%xmm9
+	movaps	-0x98(%rax),%xmm10
+	movaps	-0x88(%rax),%xmm11
+	movaps	-0x78(%rax),%xmm12
+	movaps	-0x68(%rax),%xmm13
+	movaps	-0x58(%rax),%xmm14
+	movaps	-0x48(%rax),%xmm15
+___
+$code.=<<___;
+	mov	-48(%rax),%r15
+.cfi_restore	%r15
+	mov	-40(%rax),%r14
+.cfi_restore	%r14
+	mov	-32(%rax),%r13
+.cfi_restore	%r13
+	mov	-24(%rax),%r12
+.cfi_restore	%r12
+	mov	-16(%rax),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rax),%rbx
+.cfi_restore	%rbx
+	lea	(%rax),%rsp		# restore %rsp
+.cfi_def_cfa_register	%rsp
+.Lmul_1024_epilogue:
+	ret
+.cfi_endproc
+.size	rsaz_1024_mul_avx2,.-rsaz_1024_mul_avx2
+___
+}
+{
+my ($out,$inp) = $win64 ? ("%rcx","%rdx") : ("%rdi","%rsi");
+my @T = map("%r$_",(8..11));
+
+$code.=<<___;
+.globl	rsaz_1024_red2norm_avx2
+.type	rsaz_1024_red2norm_avx2,\@abi-omnipotent
+.align	32
+rsaz_1024_red2norm_avx2:
+.cfi_startproc
+	sub	\$-128,$inp	# size optimization
+	xor	%rax,%rax
+___
+
+for ($j=0,$i=0; $i<16; $i++) {
+    my $k=0;
+    while (29*$j<64*($i+1)) {	# load data till boundary
+	$code.="	mov	`8*$j-128`($inp), @T[0]\n";
+	$j++; $k++; push(@T,shift(@T));
+    }
+    $l=$k;
+    while ($k>1) {		# shift loaded data but last value
+	$code.="	shl	\$`29*($j-$k)`,@T[-$k]\n";
+	$k--;
+    }
+    $code.=<<___;		# shift last value
+	mov	@T[-1], @T[0]
+	shl	\$`29*($j-1)`, @T[-1]
+	shr	\$`-29*($j-1)`, @T[0]
+___
+    while ($l) {		# accumulate all values
+	$code.="	add	@T[-$l], %rax\n";
+	$l--;
+    }
+	$code.=<<___;
+	adc	\$0, @T[0]	# consume eventual carry
+	mov	%rax, 8*$i($out)
+	mov	@T[0], %rax
+___
+    push(@T,shift(@T));
+}
+$code.=<<___;
+	ret
+.cfi_endproc
+.size	rsaz_1024_red2norm_avx2,.-rsaz_1024_red2norm_avx2
+
+.globl	rsaz_1024_norm2red_avx2
+.type	rsaz_1024_norm2red_avx2,\@abi-omnipotent
+.align	32
+rsaz_1024_norm2red_avx2:
+.cfi_startproc
+	sub	\$-128,$out	# size optimization
+	mov	($inp),@T[0]
+	mov	\$0x1fffffff,%eax
+___
+for ($j=0,$i=0; $i<16; $i++) {
+    $code.="	mov	`8*($i+1)`($inp),@T[1]\n"	if ($i<15);
+    $code.="	xor	@T[1],@T[1]\n"			if ($i==15);
+    my $k=1;
+    while (29*($j+1)<64*($i+1)) {
+    	$code.=<<___;
+	mov	@T[0],@T[-$k]
+	shr	\$`29*$j`,@T[-$k]
+	and	%rax,@T[-$k]				# &0x1fffffff
+	mov	@T[-$k],`8*$j-128`($out)
+___
+	$j++; $k++;
+    }
+    $code.=<<___;
+	shrd	\$`29*$j`,@T[1],@T[0]
+	and	%rax,@T[0]
+	mov	@T[0],`8*$j-128`($out)
+___
+    $j++;
+    push(@T,shift(@T));
+}
+$code.=<<___;
+	mov	@T[0],`8*$j-128`($out)			# zero
+	mov	@T[0],`8*($j+1)-128`($out)
+	mov	@T[0],`8*($j+2)-128`($out)
+	mov	@T[0],`8*($j+3)-128`($out)
+	ret
+.cfi_endproc
+.size	rsaz_1024_norm2red_avx2,.-rsaz_1024_norm2red_avx2
+___
+}
+{
+my ($out,$inp,$power) = $win64 ? ("%rcx","%rdx","%r8d") : ("%rdi","%rsi","%edx");
+
+$code.=<<___;
+.globl	rsaz_1024_scatter5_avx2
+.type	rsaz_1024_scatter5_avx2,\@abi-omnipotent
+.align	32
+rsaz_1024_scatter5_avx2:
+.cfi_startproc
+	vzeroupper
+	vmovdqu	.Lscatter_permd(%rip),%ymm5
+	shl	\$4,$power
+	lea	($out,$power),$out
+	mov	\$9,%eax
+	jmp	.Loop_scatter_1024
+
+.align	32
+.Loop_scatter_1024:
+	vmovdqu		($inp),%ymm0
+	lea		32($inp),$inp
+	vpermd		%ymm0,%ymm5,%ymm0
+	vmovdqu		%xmm0,($out)
+	lea		16*32($out),$out
+	dec	%eax
+	jnz	.Loop_scatter_1024
+
+	vzeroupper
+	ret
+.cfi_endproc
+.size	rsaz_1024_scatter5_avx2,.-rsaz_1024_scatter5_avx2
+
+.globl	rsaz_1024_gather5_avx2
+.type	rsaz_1024_gather5_avx2,\@abi-omnipotent
+.align	32
+rsaz_1024_gather5_avx2:
+.cfi_startproc
+	vzeroupper
+	mov	%rsp,%r11
+.cfi_def_cfa_register	%r11
+___
+$code.=<<___ if ($win64);
+	lea	-0x88(%rsp),%rax
+.LSEH_begin_rsaz_1024_gather5:
+	# I can't trust assembler to use specific encoding:-(
+	.byte	0x48,0x8d,0x60,0xe0		# lea	-0x20(%rax),%rsp
+	.byte	0xc5,0xf8,0x29,0x70,0xe0	# vmovaps %xmm6,-0x20(%rax)
+	.byte	0xc5,0xf8,0x29,0x78,0xf0	# vmovaps %xmm7,-0x10(%rax)
+	.byte	0xc5,0x78,0x29,0x40,0x00	# vmovaps %xmm8,0(%rax)
+	.byte	0xc5,0x78,0x29,0x48,0x10	# vmovaps %xmm9,0x10(%rax)
+	.byte	0xc5,0x78,0x29,0x50,0x20	# vmovaps %xmm10,0x20(%rax)
+	.byte	0xc5,0x78,0x29,0x58,0x30	# vmovaps %xmm11,0x30(%rax)
+	.byte	0xc5,0x78,0x29,0x60,0x40	# vmovaps %xmm12,0x40(%rax)
+	.byte	0xc5,0x78,0x29,0x68,0x50	# vmovaps %xmm13,0x50(%rax)
+	.byte	0xc5,0x78,0x29,0x70,0x60	# vmovaps %xmm14,0x60(%rax)
+	.byte	0xc5,0x78,0x29,0x78,0x70	# vmovaps %xmm15,0x70(%rax)
+___
+$code.=<<___;
+	lea	-0x100(%rsp),%rsp
+	and	\$-32, %rsp
+	lea	.Linc(%rip), %r10
+	lea	-128(%rsp),%rax			# control u-op density
+
+	vmovd		$power, %xmm4
+	vmovdqa		(%r10),%ymm0
+	vmovdqa		32(%r10),%ymm1
+	vmovdqa		64(%r10),%ymm5
+	vpbroadcastd	%xmm4,%ymm4
+
+	vpaddd		%ymm5, %ymm0, %ymm2
+	vpcmpeqd	%ymm4, %ymm0, %ymm0
+	vpaddd		%ymm5, %ymm1, %ymm3
+	vpcmpeqd	%ymm4, %ymm1, %ymm1
+	vmovdqa		%ymm0, 32*0+128(%rax)
+	vpaddd		%ymm5, %ymm2, %ymm0
+	vpcmpeqd	%ymm4, %ymm2, %ymm2
+	vmovdqa		%ymm1, 32*1+128(%rax)
+	vpaddd		%ymm5, %ymm3, %ymm1
+	vpcmpeqd	%ymm4, %ymm3, %ymm3
+	vmovdqa		%ymm2, 32*2+128(%rax)
+	vpaddd		%ymm5, %ymm0, %ymm2
+	vpcmpeqd	%ymm4, %ymm0, %ymm0
+	vmovdqa		%ymm3, 32*3+128(%rax)
+	vpaddd		%ymm5, %ymm1, %ymm3
+	vpcmpeqd	%ymm4, %ymm1, %ymm1
+	vmovdqa		%ymm0, 32*4+128(%rax)
+	vpaddd		%ymm5, %ymm2, %ymm8
+	vpcmpeqd	%ymm4, %ymm2, %ymm2
+	vmovdqa		%ymm1, 32*5+128(%rax)
+	vpaddd		%ymm5, %ymm3, %ymm9
+	vpcmpeqd	%ymm4, %ymm3, %ymm3
+	vmovdqa		%ymm2, 32*6+128(%rax)
+	vpaddd		%ymm5, %ymm8, %ymm10
+	vpcmpeqd	%ymm4, %ymm8, %ymm8
+	vmovdqa		%ymm3, 32*7+128(%rax)
+	vpaddd		%ymm5, %ymm9, %ymm11
+	vpcmpeqd	%ymm4, %ymm9, %ymm9
+	vpaddd		%ymm5, %ymm10, %ymm12
+	vpcmpeqd	%ymm4, %ymm10, %ymm10
+	vpaddd		%ymm5, %ymm11, %ymm13
+	vpcmpeqd	%ymm4, %ymm11, %ymm11
+	vpaddd		%ymm5, %ymm12, %ymm14
+	vpcmpeqd	%ymm4, %ymm12, %ymm12
+	vpaddd		%ymm5, %ymm13, %ymm15
+	vpcmpeqd	%ymm4, %ymm13, %ymm13
+	vpcmpeqd	%ymm4, %ymm14, %ymm14
+	vpcmpeqd	%ymm4, %ymm15, %ymm15
+
+	vmovdqa	-32(%r10),%ymm7			# .Lgather_permd
+	lea	128($inp), $inp
+	mov	\$9,$power
+
+.Loop_gather_1024:
+	vmovdqa		32*0-128($inp),	%ymm0
+	vmovdqa		32*1-128($inp),	%ymm1
+	vmovdqa		32*2-128($inp),	%ymm2
+	vmovdqa		32*3-128($inp),	%ymm3
+	vpand		32*0+128(%rax),	%ymm0,	%ymm0
+	vpand		32*1+128(%rax),	%ymm1,	%ymm1
+	vpand		32*2+128(%rax),	%ymm2,	%ymm2
+	vpor		%ymm0, %ymm1, %ymm4
+	vpand		32*3+128(%rax),	%ymm3,	%ymm3
+	vmovdqa		32*4-128($inp),	%ymm0
+	vmovdqa		32*5-128($inp),	%ymm1
+	vpor		%ymm2, %ymm3, %ymm5
+	vmovdqa		32*6-128($inp),	%ymm2
+	vmovdqa		32*7-128($inp),	%ymm3
+	vpand		32*4+128(%rax),	%ymm0,	%ymm0
+	vpand		32*5+128(%rax),	%ymm1,	%ymm1
+	vpand		32*6+128(%rax),	%ymm2,	%ymm2
+	vpor		%ymm0, %ymm4, %ymm4
+	vpand		32*7+128(%rax),	%ymm3,	%ymm3
+	vpand		32*8-128($inp),	%ymm8,	%ymm0
+	vpor		%ymm1, %ymm5, %ymm5
+	vpand		32*9-128($inp),	%ymm9,	%ymm1
+	vpor		%ymm2, %ymm4, %ymm4
+	vpand		32*10-128($inp),%ymm10,	%ymm2
+	vpor		%ymm3, %ymm5, %ymm5
+	vpand		32*11-128($inp),%ymm11,	%ymm3
+	vpor		%ymm0, %ymm4, %ymm4
+	vpand		32*12-128($inp),%ymm12,	%ymm0
+	vpor		%ymm1, %ymm5, %ymm5
+	vpand		32*13-128($inp),%ymm13,	%ymm1
+	vpor		%ymm2, %ymm4, %ymm4
+	vpand		32*14-128($inp),%ymm14,	%ymm2
+	vpor		%ymm3, %ymm5, %ymm5
+	vpand		32*15-128($inp),%ymm15,	%ymm3
+	lea		32*16($inp), $inp
+	vpor		%ymm0, %ymm4, %ymm4
+	vpor		%ymm1, %ymm5, %ymm5
+	vpor		%ymm2, %ymm4, %ymm4
+	vpor		%ymm3, %ymm5, %ymm5
+
+	vpor		%ymm5, %ymm4, %ymm4
+	vextracti128	\$1, %ymm4, %xmm5	# upper half is cleared
+	vpor		%xmm4, %xmm5, %xmm5
+	vpermd		%ymm5,%ymm7,%ymm5
+	vmovdqu		%ymm5,($out)
+	lea		32($out),$out
+	dec	$power
+	jnz	.Loop_gather_1024
+
+	vpxor	%ymm0,%ymm0,%ymm0
+	vmovdqu	%ymm0,($out)
+	vzeroupper
+___
+$code.=<<___ if ($win64);
+	movaps	-0xa8(%r11),%xmm6
+	movaps	-0x98(%r11),%xmm7
+	movaps	-0x88(%r11),%xmm8
+	movaps	-0x78(%r11),%xmm9
+	movaps	-0x68(%r11),%xmm10
+	movaps	-0x58(%r11),%xmm11
+	movaps	-0x48(%r11),%xmm12
+	movaps	-0x38(%r11),%xmm13
+	movaps	-0x28(%r11),%xmm14
+	movaps	-0x18(%r11),%xmm15
+___
+$code.=<<___;
+	lea	(%r11),%rsp
+.cfi_def_cfa_register	%rsp
+	ret
+.cfi_endproc
+.LSEH_end_rsaz_1024_gather5:
+.size	rsaz_1024_gather5_avx2,.-rsaz_1024_gather5_avx2
+___
+}
+
+$code.=<<___;
+.extern	OPENSSL_ia32cap_P
+.globl	rsaz_avx2_eligible
+.type	rsaz_avx2_eligible,\@abi-omnipotent
+.align	32
+rsaz_avx2_eligible:
+	mov	OPENSSL_ia32cap_P+8(%rip),%eax
+___
+$code.=<<___	if ($addx);
+	mov	\$`1<<8|1<<19`,%ecx
+	mov	\$0,%edx
+	and	%eax,%ecx
+	cmp	\$`1<<8|1<<19`,%ecx	# check for BMI2+AD*X
+	cmove	%edx,%eax
+___
+$code.=<<___;
+	and	\$`1<<5`,%eax
+	shr	\$5,%eax
+	ret
+.size	rsaz_avx2_eligible,.-rsaz_avx2_eligible
+
+.align	64
+.Land_mask:
+	.quad	0x1fffffff,0x1fffffff,0x1fffffff,0x1fffffff
+.Lscatter_permd:
+	.long	0,2,4,6,7,7,7,7
+.Lgather_permd:
+	.long	0,7,1,7,2,7,3,7
+.Linc:
+	.long	0,0,0,0, 1,1,1,1
+	.long	2,2,2,2, 3,3,3,3
+	.long	4,4,4,4, 4,4,4,4
+.align	64
+___
+
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___
+.extern	__imp_RtlVirtualUnwind
+.type	rsaz_se_handler,\@abi-omnipotent
+.align	16
+rsaz_se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# prologue label
+	cmp	%r10,%rbx		# context->Rip<prologue label
+	jb	.Lcommon_seh_tail
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lcommon_seh_tail
+
+	mov	160($context),%rbp	# pull context->Rbp
+
+	mov	8(%r11),%r10d		# HandlerData[2]
+	lea	(%rsi,%r10),%r10	# "in tail" label
+	cmp	%r10,%rbx		# context->Rip>="in tail" label
+	cmovc	%rbp,%rax
+
+	mov	-48(%rax),%r15
+	mov	-40(%rax),%r14
+	mov	-32(%rax),%r13
+	mov	-24(%rax),%r12
+	mov	-16(%rax),%rbp
+	mov	-8(%rax),%rbx
+	mov	%r15,240($context)
+	mov	%r14,232($context)
+	mov	%r13,224($context)
+	mov	%r12,216($context)
+	mov	%rbp,160($context)
+	mov	%rbx,144($context)
+
+	lea	-0xd8(%rax),%rsi	# %xmm save area
+	lea	512($context),%rdi	# & context.Xmm6
+	mov	\$20,%ecx		# 10*sizeof(%xmm0)/sizeof(%rax)
+	.long	0xa548f3fc		# cld; rep movsq
+
+.Lcommon_seh_tail:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$154,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	rsaz_se_handler,.-rsaz_se_handler
+
+.section	.pdata
+.align	4
+	.rva	.LSEH_begin_rsaz_1024_sqr_avx2
+	.rva	.LSEH_end_rsaz_1024_sqr_avx2
+	.rva	.LSEH_info_rsaz_1024_sqr_avx2
+
+	.rva	.LSEH_begin_rsaz_1024_mul_avx2
+	.rva	.LSEH_end_rsaz_1024_mul_avx2
+	.rva	.LSEH_info_rsaz_1024_mul_avx2
+
+	.rva	.LSEH_begin_rsaz_1024_gather5
+	.rva	.LSEH_end_rsaz_1024_gather5
+	.rva	.LSEH_info_rsaz_1024_gather5
+.section	.xdata
+.align	8
+.LSEH_info_rsaz_1024_sqr_avx2:
+	.byte	9,0,0,0
+	.rva	rsaz_se_handler
+	.rva	.Lsqr_1024_body,.Lsqr_1024_epilogue,.Lsqr_1024_in_tail
+	.long	0
+.LSEH_info_rsaz_1024_mul_avx2:
+	.byte	9,0,0,0
+	.rva	rsaz_se_handler
+	.rva	.Lmul_1024_body,.Lmul_1024_epilogue,.Lmul_1024_in_tail
+	.long	0
+.LSEH_info_rsaz_1024_gather5:
+	.byte	0x01,0x36,0x17,0x0b
+	.byte	0x36,0xf8,0x09,0x00	# vmovaps 0x90(rsp),xmm15
+	.byte	0x31,0xe8,0x08,0x00	# vmovaps 0x80(rsp),xmm14
+	.byte	0x2c,0xd8,0x07,0x00	# vmovaps 0x70(rsp),xmm13
+	.byte	0x27,0xc8,0x06,0x00	# vmovaps 0x60(rsp),xmm12
+	.byte	0x22,0xb8,0x05,0x00	# vmovaps 0x50(rsp),xmm11
+	.byte	0x1d,0xa8,0x04,0x00	# vmovaps 0x40(rsp),xmm10
+	.byte	0x18,0x98,0x03,0x00	# vmovaps 0x30(rsp),xmm9
+	.byte	0x13,0x88,0x02,0x00	# vmovaps 0x20(rsp),xmm8
+	.byte	0x0e,0x78,0x01,0x00	# vmovaps 0x10(rsp),xmm7
+	.byte	0x09,0x68,0x00,0x00	# vmovaps 0x00(rsp),xmm6
+	.byte	0x04,0x01,0x15,0x00	# sub	  rsp,0xa8
+	.byte	0x00,0xb3,0x00,0x00	# set_frame r11
+___
+}
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval($1)/ge;
+
+	s/\b(sh[rl]d?\s+\$)(-?[0-9]+)/$1.$2%64/ge		or
+
+	s/\b(vmov[dq])\b(.+)%ymm([0-9]+)/$1$2%xmm$3/go		or
+	s/\b(vmovdqu)\b(.+)%x%ymm([0-9]+)/$1$2%xmm$3/go		or
+	s/\b(vpinsr[qd])\b(.+)%ymm([0-9]+)/$1$2%xmm$3/go	or
+	s/\b(vpextr[qd])\b(.+)%ymm([0-9]+)/$1$2%xmm$3/go	or
+	s/\b(vpbroadcast[qd]\s+)%ymm([0-9]+)/$1%xmm$2/go;
+	print $_,"\n";
+}
+
+}}} else {{{
+print <<___;	# assembler is too old
+.text
+
+.globl	rsaz_avx2_eligible
+.type	rsaz_avx2_eligible,\@abi-omnipotent
+rsaz_avx2_eligible:
+	xor	%eax,%eax
+	ret
+.size	rsaz_avx2_eligible,.-rsaz_avx2_eligible
+
+.globl	rsaz_1024_sqr_avx2
+.globl	rsaz_1024_mul_avx2
+.globl	rsaz_1024_norm2red_avx2
+.globl	rsaz_1024_red2norm_avx2
+.globl	rsaz_1024_scatter5_avx2
+.globl	rsaz_1024_gather5_avx2
+.type	rsaz_1024_sqr_avx2,\@abi-omnipotent
+rsaz_1024_sqr_avx2:
+rsaz_1024_mul_avx2:
+rsaz_1024_norm2red_avx2:
+rsaz_1024_red2norm_avx2:
+rsaz_1024_scatter5_avx2:
+rsaz_1024_gather5_avx2:
+	.byte	0x0f,0x0b	# ud2
+	ret
+.size	rsaz_1024_sqr_avx2,.-rsaz_1024_sqr_avx2
+___
+}}}
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/rsaz-x86_64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/rsaz-x86_64.pl
new file mode 100755
index 000000000..b1797b649
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/rsaz-x86_64.pl
@@ -0,0 +1,2404 @@
+#! /usr/bin/env perl
+# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright (c) 2012, Intel Corporation. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+#
+# Originally written by Shay Gueron (1, 2), and Vlad Krasnov (1)
+# (1) Intel Corporation, Israel Development Center, Haifa, Israel
+# (2) University of Haifa, Israel
+#
+# References:
+# [1] S. Gueron, "Efficient Software Implementations of Modular
+#     Exponentiation", http://eprint.iacr.org/2011/239
+# [2] S. Gueron, V. Krasnov. "Speeding up Big-Numbers Squaring".
+#     IEEE Proceedings of 9th International Conference on Information
+#     Technology: New Generations (ITNG 2012), 821-823 (2012).
+# [3] S. Gueron, Efficient Software Implementations of Modular Exponentiation
+#     Journal of Cryptographic Engineering 2:31-43 (2012).
+# [4] S. Gueron, V. Krasnov: "[PATCH] Efficient and side channel analysis
+#     resistant 512-bit and 1024-bit modular exponentiation for optimizing
+#     RSA1024 and RSA2048 on x86_64 platforms",
+#     http://rt.openssl.org/Ticket/Display.html?id=2582&user=guest&pass=guest
+#
+# While original submission covers 512- and 1024-bit exponentiation,
+# this module is limited to 512-bit version only (and as such
+# accelerates RSA1024 sign). This is because improvement for longer
+# keys is not high enough to justify the effort, highest measured
+# was ~5% on Westmere. [This is relative to OpenSSL 1.0.2, upcoming
+# for the moment of this writing!] Nor does this module implement
+# "monolithic" complete exponentiation jumbo-subroutine, but adheres
+# to more modular mixture of C and assembly. And it's optimized even
+# for processors other than Intel Core family (see table below for
+# improvement coefficients).
+# 						<appro@openssl.org>
+#
+# RSA1024 sign/sec	this/original	|this/rsax(*)	this/fips(*)
+#			----------------+---------------------------
+# Opteron		+13%		|+5%		+20%
+# Bulldozer		-0%		|-1%		+10%
+# P4			+11%		|+7%		+8%
+# Westmere		+5%		|+14%		+17%
+# Sandy Bridge		+2%		|+12%		+29%
+# Ivy Bridge		+1%		|+11%		+35%
+# Haswell(**)		-0%		|+12%		+39%
+# Atom			+13%		|+11%		+4%
+# VIA Nano		+70%		|+9%		+25%
+#
+# (*)	rsax engine and fips numbers are presented for reference
+#	purposes;
+# (**)	MULX was attempted, but found to give only marginal improvement;
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+		=~ /GNU assembler version ([2-9]\.[0-9]+)/) {
+	$addx = ($1>=2.23);
+}
+
+if (!$addx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
+	    `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
+	$addx = ($1>=2.10);
+}
+
+if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
+	    `ml64 2>&1` =~ /Version ([0-9]+)\./) {
+	$addx = ($1>=12);
+}
+
+if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) {
+	my $ver = $2 + $3/100.0;	# 3.1->3.01, 3.10->3.10
+	$addx = ($ver>=3.03);
+}
+
+($out, $inp, $mod) = ("%rdi", "%rsi", "%rbp");	# common internal API
+{
+my ($out,$inp,$mod,$n0,$times) = ("%rdi","%rsi","%rdx","%rcx","%r8d");
+
+$code.=<<___;
+.text
+
+.extern	OPENSSL_ia32cap_P
+
+.globl	rsaz_512_sqr
+.type	rsaz_512_sqr,\@function,5
+.align	32
+rsaz_512_sqr:				# 25-29% faster than rsaz_512_mul
+.cfi_startproc
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+
+	subq	\$128+24, %rsp
+.cfi_adjust_cfa_offset	128+24
+.Lsqr_body:
+	movq	$mod, %rbp		# common argument
+	movq	($inp), %rdx
+	movq	8($inp), %rax
+	movq	$n0, 128(%rsp)
+___
+$code.=<<___ if ($addx);
+	movl	\$0x80100,%r11d
+	andl	OPENSSL_ia32cap_P+8(%rip),%r11d
+	cmpl	\$0x80100,%r11d		# check for MULX and ADO/CX
+	je	.Loop_sqrx
+___
+$code.=<<___;
+	jmp	.Loop_sqr
+
+.align	32
+.Loop_sqr:
+	movl	$times,128+8(%rsp)
+#first iteration
+	movq	%rdx, %rbx
+	mulq	%rdx
+	movq	%rax, %r8
+	movq	16($inp), %rax
+	movq	%rdx, %r9
+
+	mulq	%rbx
+	addq	%rax, %r9
+	movq	24($inp), %rax
+	movq	%rdx, %r10
+	adcq	\$0, %r10
+
+	mulq	%rbx
+	addq	%rax, %r10
+	movq	32($inp), %rax
+	movq	%rdx, %r11
+	adcq	\$0, %r11
+
+	mulq	%rbx
+	addq	%rax, %r11
+	movq	40($inp), %rax
+	movq	%rdx, %r12
+	adcq	\$0, %r12
+
+	mulq	%rbx
+	addq	%rax, %r12
+	movq	48($inp), %rax
+	movq	%rdx, %r13
+	adcq	\$0, %r13
+
+	mulq	%rbx
+	addq	%rax, %r13
+	movq	56($inp), %rax
+	movq	%rdx, %r14
+	adcq	\$0, %r14
+
+	mulq	%rbx
+	addq	%rax, %r14
+	movq	%rbx, %rax
+	movq	%rdx, %r15
+	adcq	\$0, %r15
+
+	addq	%r8, %r8		#shlq	\$1, %r8
+	movq	%r9, %rcx
+	adcq	%r9, %r9		#shld	\$1, %r8, %r9
+
+	mulq	%rax
+	movq	%rax, (%rsp)
+	addq	%rdx, %r8
+	adcq	\$0, %r9
+
+	movq	%r8, 8(%rsp)
+	shrq	\$63, %rcx
+
+#second iteration
+	movq	8($inp), %r8
+	movq	16($inp), %rax
+	mulq	%r8
+	addq	%rax, %r10
+	movq	24($inp), %rax
+	movq	%rdx, %rbx
+	adcq	\$0, %rbx
+
+	mulq	%r8
+	addq	%rax, %r11
+	movq	32($inp), %rax
+	adcq	\$0, %rdx
+	addq	%rbx, %r11
+	movq	%rdx, %rbx
+	adcq	\$0, %rbx
+
+	mulq	%r8
+	addq	%rax, %r12
+	movq	40($inp), %rax
+	adcq	\$0, %rdx
+	addq	%rbx, %r12
+	movq	%rdx, %rbx
+	adcq	\$0, %rbx
+
+	mulq	%r8
+	addq	%rax, %r13
+	movq	48($inp), %rax
+	adcq	\$0, %rdx
+	addq	%rbx, %r13
+	movq	%rdx, %rbx
+	adcq	\$0, %rbx
+
+	mulq	%r8
+	addq	%rax, %r14
+	movq	56($inp), %rax
+	adcq	\$0, %rdx
+	addq	%rbx, %r14
+	movq	%rdx, %rbx
+	adcq	\$0, %rbx
+
+	mulq	%r8
+	addq	%rax, %r15
+	movq	%r8, %rax
+	adcq	\$0, %rdx
+	addq	%rbx, %r15
+	movq	%rdx, %r8
+	movq	%r10, %rdx
+	adcq	\$0, %r8
+
+	add	%rdx, %rdx
+	lea	(%rcx,%r10,2), %r10	#shld	\$1, %rcx, %r10
+	movq	%r11, %rbx
+	adcq	%r11, %r11		#shld	\$1, %r10, %r11
+
+	mulq	%rax
+	addq	%rax, %r9
+	adcq	%rdx, %r10
+	adcq	\$0, %r11
+
+	movq	%r9, 16(%rsp)
+	movq	%r10, 24(%rsp)
+	shrq	\$63, %rbx
+
+#third iteration
+	movq	16($inp), %r9
+	movq	24($inp), %rax
+	mulq	%r9
+	addq	%rax, %r12
+	movq	32($inp), %rax
+	movq	%rdx, %rcx
+	adcq	\$0, %rcx
+
+	mulq	%r9
+	addq	%rax, %r13
+	movq	40($inp), %rax
+	adcq	\$0, %rdx
+	addq	%rcx, %r13
+	movq	%rdx, %rcx
+	adcq	\$0, %rcx
+
+	mulq	%r9
+	addq	%rax, %r14
+	movq	48($inp), %rax
+	adcq	\$0, %rdx
+	addq	%rcx, %r14
+	movq	%rdx, %rcx
+	adcq	\$0, %rcx
+
+	mulq	%r9
+	 movq	%r12, %r10
+	 lea	(%rbx,%r12,2), %r12	#shld	\$1, %rbx, %r12
+	addq	%rax, %r15
+	movq	56($inp), %rax
+	adcq	\$0, %rdx
+	addq	%rcx, %r15
+	movq	%rdx, %rcx
+	adcq	\$0, %rcx
+
+	mulq	%r9
+	 shrq	\$63, %r10
+	addq	%rax, %r8
+	movq	%r9, %rax
+	adcq	\$0, %rdx
+	addq	%rcx, %r8
+	movq	%rdx, %r9
+	adcq	\$0, %r9
+
+	movq	%r13, %rcx
+	leaq	(%r10,%r13,2), %r13	#shld	\$1, %r12, %r13
+
+	mulq	%rax
+	addq	%rax, %r11
+	adcq	%rdx, %r12
+	adcq	\$0, %r13
+
+	movq	%r11, 32(%rsp)
+	movq	%r12, 40(%rsp)
+	shrq	\$63, %rcx
+
+#fourth iteration
+	movq	24($inp), %r10
+	movq	32($inp), %rax
+	mulq	%r10
+	addq	%rax, %r14
+	movq	40($inp), %rax
+	movq	%rdx, %rbx
+	adcq	\$0, %rbx
+
+	mulq	%r10
+	addq	%rax, %r15
+	movq	48($inp), %rax
+	adcq	\$0, %rdx
+	addq	%rbx, %r15
+	movq	%rdx, %rbx
+	adcq	\$0, %rbx
+
+	mulq	%r10
+	 movq	%r14, %r12
+	 leaq	(%rcx,%r14,2), %r14	#shld	\$1, %rcx, %r14
+	addq	%rax, %r8
+	movq	56($inp), %rax
+	adcq	\$0, %rdx
+	addq	%rbx, %r8
+	movq	%rdx, %rbx
+	adcq	\$0, %rbx
+
+	mulq	%r10
+	 shrq	\$63, %r12
+	addq	%rax, %r9
+	movq	%r10, %rax
+	adcq	\$0, %rdx
+	addq	%rbx, %r9
+	movq	%rdx, %r10
+	adcq	\$0, %r10
+
+	movq	%r15, %rbx
+	leaq	(%r12,%r15,2),%r15	#shld	\$1, %r14, %r15
+
+	mulq	%rax
+	addq	%rax, %r13
+	adcq	%rdx, %r14
+	adcq	\$0, %r15
+
+	movq	%r13, 48(%rsp)
+	movq	%r14, 56(%rsp)
+	shrq	\$63, %rbx
+
+#fifth iteration
+	movq	32($inp), %r11
+	movq	40($inp), %rax
+	mulq	%r11
+	addq	%rax, %r8
+	movq	48($inp), %rax
+	movq	%rdx, %rcx
+	adcq	\$0, %rcx
+
+	mulq	%r11
+	addq	%rax, %r9
+	movq	56($inp), %rax
+	adcq	\$0, %rdx
+	 movq	%r8, %r12
+	 leaq	(%rbx,%r8,2), %r8	#shld	\$1, %rbx, %r8
+	addq	%rcx, %r9
+	movq	%rdx, %rcx
+	adcq	\$0, %rcx
+
+	mulq	%r11
+	 shrq	\$63, %r12
+	addq	%rax, %r10
+	movq	%r11, %rax
+	adcq	\$0, %rdx
+	addq	%rcx, %r10
+	movq	%rdx, %r11
+	adcq	\$0, %r11
+
+	movq	%r9, %rcx
+	leaq	(%r12,%r9,2), %r9	#shld	\$1, %r8, %r9
+
+	mulq	%rax
+	addq	%rax, %r15
+	adcq	%rdx, %r8
+	adcq	\$0, %r9
+
+	movq	%r15, 64(%rsp)
+	movq	%r8, 72(%rsp)
+	shrq	\$63, %rcx
+
+#sixth iteration
+	movq	40($inp), %r12
+	movq	48($inp), %rax
+	mulq	%r12
+	addq	%rax, %r10
+	movq	56($inp), %rax
+	movq	%rdx, %rbx
+	adcq	\$0, %rbx
+
+	mulq	%r12
+	addq	%rax, %r11
+	movq	%r12, %rax
+	 movq	%r10, %r15
+	 leaq	(%rcx,%r10,2), %r10	#shld	\$1, %rcx, %r10
+	adcq	\$0, %rdx
+	 shrq	\$63, %r15
+	addq	%rbx, %r11
+	movq	%rdx, %r12
+	adcq	\$0, %r12
+
+	movq	%r11, %rbx
+	leaq	(%r15,%r11,2), %r11	#shld	\$1, %r10, %r11
+
+	mulq	%rax
+	addq	%rax, %r9
+	adcq	%rdx, %r10
+	adcq	\$0, %r11
+
+	movq	%r9, 80(%rsp)
+	movq	%r10, 88(%rsp)
+
+#seventh iteration
+	movq	48($inp), %r13
+	movq	56($inp), %rax
+	mulq	%r13
+	addq	%rax, %r12
+	movq	%r13, %rax
+	movq	%rdx, %r13
+	adcq	\$0, %r13
+
+	xorq	%r14, %r14
+	shlq	\$1, %rbx
+	adcq	%r12, %r12		#shld	\$1, %rbx, %r12
+	adcq	%r13, %r13		#shld	\$1, %r12, %r13
+	adcq	%r14, %r14		#shld	\$1, %r13, %r14
+
+	mulq	%rax
+	addq	%rax, %r11
+	adcq	%rdx, %r12
+	adcq	\$0, %r13
+
+	movq	%r11, 96(%rsp)
+	movq	%r12, 104(%rsp)
+
+#eighth iteration
+	movq	56($inp), %rax
+	mulq	%rax
+	addq	%rax, %r13
+	adcq	\$0, %rdx
+
+	addq	%rdx, %r14
+
+	movq	%r13, 112(%rsp)
+	movq	%r14, 120(%rsp)
+
+	movq	(%rsp), %r8
+	movq	8(%rsp), %r9
+	movq	16(%rsp), %r10
+	movq	24(%rsp), %r11
+	movq	32(%rsp), %r12
+	movq	40(%rsp), %r13
+	movq	48(%rsp), %r14
+	movq	56(%rsp), %r15
+
+	call	__rsaz_512_reduce
+
+	addq	64(%rsp), %r8
+	adcq	72(%rsp), %r9
+	adcq	80(%rsp), %r10
+	adcq	88(%rsp), %r11
+	adcq	96(%rsp), %r12
+	adcq	104(%rsp), %r13
+	adcq	112(%rsp), %r14
+	adcq	120(%rsp), %r15
+	sbbq	%rcx, %rcx
+
+	call	__rsaz_512_subtract
+
+	movq	%r8, %rdx
+	movq	%r9, %rax
+	movl	128+8(%rsp), $times
+	movq	$out, $inp
+
+	decl	$times
+	jnz	.Loop_sqr
+___
+if ($addx) {
+$code.=<<___;
+	jmp	.Lsqr_tail
+
+.align	32
+.Loop_sqrx:
+	movl	$times,128+8(%rsp)
+	movq	$out, %xmm0		# off-load
+	movq	%rbp, %xmm1		# off-load
+#first iteration
+	mulx	%rax, %r8, %r9
+
+	mulx	16($inp), %rcx, %r10
+	xor	%rbp, %rbp		# cf=0, of=0
+
+	mulx	24($inp), %rax, %r11
+	adcx	%rcx, %r9
+
+	mulx	32($inp), %rcx, %r12
+	adcx	%rax, %r10
+
+	mulx	40($inp), %rax, %r13
+	adcx	%rcx, %r11
+
+	.byte	0xc4,0x62,0xf3,0xf6,0xb6,0x30,0x00,0x00,0x00	# mulx	48($inp), %rcx, %r14
+	adcx	%rax, %r12
+	adcx	%rcx, %r13
+
+	.byte	0xc4,0x62,0xfb,0xf6,0xbe,0x38,0x00,0x00,0x00	# mulx	56($inp), %rax, %r15
+	adcx	%rax, %r14
+	adcx	%rbp, %r15		# %rbp is 0
+
+	mov	%r9, %rcx
+	shld	\$1, %r8, %r9
+	shl	\$1, %r8
+
+	xor	%ebp, %ebp
+	mulx	%rdx, %rax, %rdx
+	adcx	%rdx, %r8
+	 mov	8($inp), %rdx
+	adcx	%rbp, %r9
+
+	mov	%rax, (%rsp)
+	mov	%r8, 8(%rsp)
+
+#second iteration
+	mulx	16($inp), %rax, %rbx
+	adox	%rax, %r10
+	adcx	%rbx, %r11
+
+	.byte	0xc4,0x62,0xc3,0xf6,0x86,0x18,0x00,0x00,0x00	# mulx	24($inp), $out, %r8
+	adox	$out, %r11
+	adcx	%r8, %r12
+
+	mulx	32($inp), %rax, %rbx
+	adox	%rax, %r12
+	adcx	%rbx, %r13
+
+	mulx	40($inp), $out, %r8
+	adox	$out, %r13
+	adcx	%r8, %r14
+
+	.byte	0xc4,0xe2,0xfb,0xf6,0x9e,0x30,0x00,0x00,0x00	# mulx	48($inp), %rax, %rbx
+	adox	%rax, %r14
+	adcx	%rbx, %r15
+
+	.byte	0xc4,0x62,0xc3,0xf6,0x86,0x38,0x00,0x00,0x00	# mulx	56($inp), $out, %r8
+	adox	$out, %r15
+	adcx	%rbp, %r8
+	adox	%rbp, %r8
+
+	mov	%r11, %rbx
+	shld	\$1, %r10, %r11
+	shld	\$1, %rcx, %r10
+
+	xor	%ebp,%ebp
+	mulx	%rdx, %rax, %rcx
+	 mov	16($inp), %rdx
+	adcx	%rax, %r9
+	adcx	%rcx, %r10
+	adcx	%rbp, %r11
+
+	mov	%r9, 16(%rsp)
+	.byte	0x4c,0x89,0x94,0x24,0x18,0x00,0x00,0x00		# mov	%r10, 24(%rsp)
+
+#third iteration
+	.byte	0xc4,0x62,0xc3,0xf6,0x8e,0x18,0x00,0x00,0x00	# mulx	24($inp), $out, %r9
+	adox	$out, %r12
+	adcx	%r9, %r13
+
+	mulx	32($inp), %rax, %rcx
+	adox	%rax, %r13
+	adcx	%rcx, %r14
+
+	mulx	40($inp), $out, %r9
+	adox	$out, %r14
+	adcx	%r9, %r15
+
+	.byte	0xc4,0xe2,0xfb,0xf6,0x8e,0x30,0x00,0x00,0x00	# mulx	48($inp), %rax, %rcx
+	adox	%rax, %r15
+	adcx	%rcx, %r8
+
+	.byte	0xc4,0x62,0xc3,0xf6,0x8e,0x38,0x00,0x00,0x00	# mulx	56($inp), $out, %r9
+	adox	$out, %r8
+	adcx	%rbp, %r9
+	adox	%rbp, %r9
+
+	mov	%r13, %rcx
+	shld	\$1, %r12, %r13
+	shld	\$1, %rbx, %r12
+
+	xor	%ebp, %ebp
+	mulx	%rdx, %rax, %rdx
+	adcx	%rax, %r11
+	adcx	%rdx, %r12
+	 mov	24($inp), %rdx
+	adcx	%rbp, %r13
+
+	mov	%r11, 32(%rsp)
+	.byte	0x4c,0x89,0xa4,0x24,0x28,0x00,0x00,0x00		# mov	%r12, 40(%rsp)
+
+#fourth iteration
+	.byte	0xc4,0xe2,0xfb,0xf6,0x9e,0x20,0x00,0x00,0x00	# mulx	32($inp), %rax, %rbx
+	adox	%rax, %r14
+	adcx	%rbx, %r15
+
+	mulx	40($inp), $out, %r10
+	adox	$out, %r15
+	adcx	%r10, %r8
+
+	mulx	48($inp), %rax, %rbx
+	adox	%rax, %r8
+	adcx	%rbx, %r9
+
+	mulx	56($inp), $out, %r10
+	adox	$out, %r9
+	adcx	%rbp, %r10
+	adox	%rbp, %r10
+
+	.byte	0x66
+	mov	%r15, %rbx
+	shld	\$1, %r14, %r15
+	shld	\$1, %rcx, %r14
+
+	xor	%ebp, %ebp
+	mulx	%rdx, %rax, %rdx
+	adcx	%rax, %r13
+	adcx	%rdx, %r14
+	 mov	32($inp), %rdx
+	adcx	%rbp, %r15
+
+	mov	%r13, 48(%rsp)
+	mov	%r14, 56(%rsp)
+
+#fifth iteration
+	.byte	0xc4,0x62,0xc3,0xf6,0x9e,0x28,0x00,0x00,0x00	# mulx	40($inp), $out, %r11
+	adox	$out, %r8
+	adcx	%r11, %r9
+
+	mulx	48($inp), %rax, %rcx
+	adox	%rax, %r9
+	adcx	%rcx, %r10
+
+	mulx	56($inp), $out, %r11
+	adox	$out, %r10
+	adcx	%rbp, %r11
+	adox	%rbp, %r11
+
+	mov	%r9, %rcx
+	shld	\$1, %r8, %r9
+	shld	\$1, %rbx, %r8
+
+	xor	%ebp, %ebp
+	mulx	%rdx, %rax, %rdx
+	adcx	%rax, %r15
+	adcx	%rdx, %r8
+	 mov	40($inp), %rdx
+	adcx	%rbp, %r9
+
+	mov	%r15, 64(%rsp)
+	mov	%r8, 72(%rsp)
+
+#sixth iteration
+	.byte	0xc4,0xe2,0xfb,0xf6,0x9e,0x30,0x00,0x00,0x00	# mulx	48($inp), %rax, %rbx
+	adox	%rax, %r10
+	adcx	%rbx, %r11
+
+	.byte	0xc4,0x62,0xc3,0xf6,0xa6,0x38,0x00,0x00,0x00	# mulx	56($inp), $out, %r12
+	adox	$out, %r11
+	adcx	%rbp, %r12
+	adox	%rbp, %r12
+
+	mov	%r11, %rbx
+	shld	\$1, %r10, %r11
+	shld	\$1, %rcx, %r10
+
+	xor	%ebp, %ebp
+	mulx	%rdx, %rax, %rdx
+	adcx	%rax, %r9
+	adcx	%rdx, %r10
+	 mov	48($inp), %rdx
+	adcx	%rbp, %r11
+
+	mov	%r9, 80(%rsp)
+	mov	%r10, 88(%rsp)
+
+#seventh iteration
+	.byte	0xc4,0x62,0xfb,0xf6,0xae,0x38,0x00,0x00,0x00	# mulx	56($inp), %rax, %r13
+	adox	%rax, %r12
+	adox	%rbp, %r13
+
+	xor	%r14, %r14
+	shld	\$1, %r13, %r14
+	shld	\$1, %r12, %r13
+	shld	\$1, %rbx, %r12
+
+	xor	%ebp, %ebp
+	mulx	%rdx, %rax, %rdx
+	adcx	%rax, %r11
+	adcx	%rdx, %r12
+	 mov	56($inp), %rdx
+	adcx	%rbp, %r13
+
+	.byte	0x4c,0x89,0x9c,0x24,0x60,0x00,0x00,0x00		# mov	%r11, 96(%rsp)
+	.byte	0x4c,0x89,0xa4,0x24,0x68,0x00,0x00,0x00		# mov	%r12, 104(%rsp)
+
+#eighth iteration
+	mulx	%rdx, %rax, %rdx
+	adox	%rax, %r13
+	adox	%rbp, %rdx
+
+	.byte	0x66
+	add	%rdx, %r14
+
+	movq	%r13, 112(%rsp)
+	movq	%r14, 120(%rsp)
+	movq	%xmm0, $out
+	movq	%xmm1, %rbp
+
+	movq	128(%rsp), %rdx		# pull $n0
+	movq	(%rsp), %r8
+	movq	8(%rsp), %r9
+	movq	16(%rsp), %r10
+	movq	24(%rsp), %r11
+	movq	32(%rsp), %r12
+	movq	40(%rsp), %r13
+	movq	48(%rsp), %r14
+	movq	56(%rsp), %r15
+
+	call	__rsaz_512_reducex
+
+	addq	64(%rsp), %r8
+	adcq	72(%rsp), %r9
+	adcq	80(%rsp), %r10
+	adcq	88(%rsp), %r11
+	adcq	96(%rsp), %r12
+	adcq	104(%rsp), %r13
+	adcq	112(%rsp), %r14
+	adcq	120(%rsp), %r15
+	sbbq	%rcx, %rcx
+
+	call	__rsaz_512_subtract
+
+	movq	%r8, %rdx
+	movq	%r9, %rax
+	movl	128+8(%rsp), $times
+	movq	$out, $inp
+
+	decl	$times
+	jnz	.Loop_sqrx
+
+.Lsqr_tail:
+___
+}
+$code.=<<___;
+
+	leaq	128+24+48(%rsp), %rax
+.cfi_def_cfa	%rax,8
+	movq	-48(%rax), %r15
+.cfi_restore	%r15
+	movq	-40(%rax), %r14
+.cfi_restore	%r14
+	movq	-32(%rax), %r13
+.cfi_restore	%r13
+	movq	-24(%rax), %r12
+.cfi_restore	%r12
+	movq	-16(%rax), %rbp
+.cfi_restore	%rbp
+	movq	-8(%rax), %rbx
+.cfi_restore	%rbx
+	leaq	(%rax), %rsp
+.cfi_def_cfa_register	%rsp
+.Lsqr_epilogue:
+	ret
+.cfi_endproc
+.size	rsaz_512_sqr,.-rsaz_512_sqr
+___
+}
+{
+my ($out,$ap,$bp,$mod,$n0) = ("%rdi","%rsi","%rdx","%rcx","%r8");
+$code.=<<___;
+.globl	rsaz_512_mul
+.type	rsaz_512_mul,\@function,5
+.align	32
+rsaz_512_mul:
+.cfi_startproc
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+
+	subq	\$128+24, %rsp
+.cfi_adjust_cfa_offset	128+24
+.Lmul_body:
+	movq	$out, %xmm0		# off-load arguments
+	movq	$mod, %xmm1
+	movq	$n0, 128(%rsp)
+___
+$code.=<<___ if ($addx);
+	movl	\$0x80100,%r11d
+	andl	OPENSSL_ia32cap_P+8(%rip),%r11d
+	cmpl	\$0x80100,%r11d		# check for MULX and ADO/CX
+	je	.Lmulx
+___
+$code.=<<___;
+	movq	($bp), %rbx		# pass b[0]
+	movq	$bp, %rbp		# pass argument
+	call	__rsaz_512_mul
+
+	movq	%xmm0, $out
+	movq	%xmm1, %rbp
+
+	movq	(%rsp), %r8
+	movq	8(%rsp), %r9
+	movq	16(%rsp), %r10
+	movq	24(%rsp), %r11
+	movq	32(%rsp), %r12
+	movq	40(%rsp), %r13
+	movq	48(%rsp), %r14
+	movq	56(%rsp), %r15
+
+	call	__rsaz_512_reduce
+___
+$code.=<<___ if ($addx);
+	jmp	.Lmul_tail
+
+.align	32
+.Lmulx:
+	movq	$bp, %rbp		# pass argument
+	movq	($bp), %rdx		# pass b[0]
+	call	__rsaz_512_mulx
+
+	movq	%xmm0, $out
+	movq	%xmm1, %rbp
+
+	movq	128(%rsp), %rdx		# pull $n0
+	movq	(%rsp), %r8
+	movq	8(%rsp), %r9
+	movq	16(%rsp), %r10
+	movq	24(%rsp), %r11
+	movq	32(%rsp), %r12
+	movq	40(%rsp), %r13
+	movq	48(%rsp), %r14
+	movq	56(%rsp), %r15
+
+	call	__rsaz_512_reducex
+.Lmul_tail:
+___
+$code.=<<___;
+	addq	64(%rsp), %r8
+	adcq	72(%rsp), %r9
+	adcq	80(%rsp), %r10
+	adcq	88(%rsp), %r11
+	adcq	96(%rsp), %r12
+	adcq	104(%rsp), %r13
+	adcq	112(%rsp), %r14
+	adcq	120(%rsp), %r15
+	sbbq	%rcx, %rcx
+
+	call	__rsaz_512_subtract
+
+	leaq	128+24+48(%rsp), %rax
+.cfi_def_cfa	%rax,8
+	movq	-48(%rax), %r15
+.cfi_restore	%r15
+	movq	-40(%rax), %r14
+.cfi_restore	%r14
+	movq	-32(%rax), %r13
+.cfi_restore	%r13
+	movq	-24(%rax), %r12
+.cfi_restore	%r12
+	movq	-16(%rax), %rbp
+.cfi_restore	%rbp
+	movq	-8(%rax), %rbx
+.cfi_restore	%rbx
+	leaq	(%rax), %rsp
+.cfi_def_cfa_register	%rsp
+.Lmul_epilogue:
+	ret
+.cfi_endproc
+.size	rsaz_512_mul,.-rsaz_512_mul
+___
+}
+{
+my ($out,$ap,$bp,$mod,$n0,$pwr) = ("%rdi","%rsi","%rdx","%rcx","%r8","%r9d");
+$code.=<<___;
+.globl	rsaz_512_mul_gather4
+.type	rsaz_512_mul_gather4,\@function,6
+.align	32
+rsaz_512_mul_gather4:
+.cfi_startproc
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+
+	subq	\$`128+24+($win64?0xb0:0)`, %rsp
+.cfi_adjust_cfa_offset	`128+24+($win64?0xb0:0)`
+___
+$code.=<<___	if ($win64);
+	movaps	%xmm6,0xa0(%rsp)
+	movaps	%xmm7,0xb0(%rsp)
+	movaps	%xmm8,0xc0(%rsp)
+	movaps	%xmm9,0xd0(%rsp)
+	movaps	%xmm10,0xe0(%rsp)
+	movaps	%xmm11,0xf0(%rsp)
+	movaps	%xmm12,0x100(%rsp)
+	movaps	%xmm13,0x110(%rsp)
+	movaps	%xmm14,0x120(%rsp)
+	movaps	%xmm15,0x130(%rsp)
+___
+$code.=<<___;
+.Lmul_gather4_body:
+	movd	$pwr,%xmm8
+	movdqa	.Linc+16(%rip),%xmm1	# 00000002000000020000000200000002
+	movdqa	.Linc(%rip),%xmm0	# 00000001000000010000000000000000
+
+	pshufd	\$0,%xmm8,%xmm8		# broadcast $power
+	movdqa	%xmm1,%xmm7
+	movdqa	%xmm1,%xmm2
+___
+########################################################################
+# calculate mask by comparing 0..15 to $power
+#
+for($i=0;$i<4;$i++) {
+$code.=<<___;
+	paddd	%xmm`$i`,%xmm`$i+1`
+	pcmpeqd	%xmm8,%xmm`$i`
+	movdqa	%xmm7,%xmm`$i+3`
+___
+}
+for(;$i<7;$i++) {
+$code.=<<___;
+	paddd	%xmm`$i`,%xmm`$i+1`
+	pcmpeqd	%xmm8,%xmm`$i`
+___
+}
+$code.=<<___;
+	pcmpeqd	%xmm8,%xmm7
+
+	movdqa	16*0($bp),%xmm8
+	movdqa	16*1($bp),%xmm9
+	movdqa	16*2($bp),%xmm10
+	movdqa	16*3($bp),%xmm11
+	pand	%xmm0,%xmm8
+	movdqa	16*4($bp),%xmm12
+	pand	%xmm1,%xmm9
+	movdqa	16*5($bp),%xmm13
+	pand	%xmm2,%xmm10
+	movdqa	16*6($bp),%xmm14
+	pand	%xmm3,%xmm11
+	movdqa	16*7($bp),%xmm15
+	leaq	128($bp), %rbp
+	pand	%xmm4,%xmm12
+	pand	%xmm5,%xmm13
+	pand	%xmm6,%xmm14
+	pand	%xmm7,%xmm15
+	por	%xmm10,%xmm8
+	por	%xmm11,%xmm9
+	por	%xmm12,%xmm8
+	por	%xmm13,%xmm9
+	por	%xmm14,%xmm8
+	por	%xmm15,%xmm9
+
+	por	%xmm9,%xmm8
+	pshufd	\$0x4e,%xmm8,%xmm9
+	por	%xmm9,%xmm8
+___
+$code.=<<___ if ($addx);
+	movl	\$0x80100,%r11d
+	andl	OPENSSL_ia32cap_P+8(%rip),%r11d
+	cmpl	\$0x80100,%r11d		# check for MULX and ADO/CX
+	je	.Lmulx_gather
+___
+$code.=<<___;
+	movq	%xmm8,%rbx
+
+	movq	$n0, 128(%rsp)		# off-load arguments
+	movq	$out, 128+8(%rsp)
+	movq	$mod, 128+16(%rsp)
+
+	movq	($ap), %rax
+	 movq	8($ap), %rcx
+	mulq	%rbx			# 0 iteration
+	movq	%rax, (%rsp)
+	movq	%rcx, %rax
+	movq	%rdx, %r8
+
+	mulq	%rbx
+	addq	%rax, %r8
+	movq	16($ap), %rax
+	movq	%rdx, %r9
+	adcq	\$0, %r9
+
+	mulq	%rbx
+	addq	%rax, %r9
+	movq	24($ap), %rax
+	movq	%rdx, %r10
+	adcq	\$0, %r10
+
+	mulq	%rbx
+	addq	%rax, %r10
+	movq	32($ap), %rax
+	movq	%rdx, %r11
+	adcq	\$0, %r11
+
+	mulq	%rbx
+	addq	%rax, %r11
+	movq	40($ap), %rax
+	movq	%rdx, %r12
+	adcq	\$0, %r12
+
+	mulq	%rbx
+	addq	%rax, %r12
+	movq	48($ap), %rax
+	movq	%rdx, %r13
+	adcq	\$0, %r13
+
+	mulq	%rbx
+	addq	%rax, %r13
+	movq	56($ap), %rax
+	movq	%rdx, %r14
+	adcq	\$0, %r14
+
+	mulq	%rbx
+	addq	%rax, %r14
+	 movq	($ap), %rax
+	movq	%rdx, %r15
+	adcq	\$0, %r15
+
+	leaq	8(%rsp), %rdi
+	movl	\$7, %ecx
+	jmp	.Loop_mul_gather
+
+.align	32
+.Loop_mul_gather:
+	movdqa	16*0(%rbp),%xmm8
+	movdqa	16*1(%rbp),%xmm9
+	movdqa	16*2(%rbp),%xmm10
+	movdqa	16*3(%rbp),%xmm11
+	pand	%xmm0,%xmm8
+	movdqa	16*4(%rbp),%xmm12
+	pand	%xmm1,%xmm9
+	movdqa	16*5(%rbp),%xmm13
+	pand	%xmm2,%xmm10
+	movdqa	16*6(%rbp),%xmm14
+	pand	%xmm3,%xmm11
+	movdqa	16*7(%rbp),%xmm15
+	leaq	128(%rbp), %rbp
+	pand	%xmm4,%xmm12
+	pand	%xmm5,%xmm13
+	pand	%xmm6,%xmm14
+	pand	%xmm7,%xmm15
+	por	%xmm10,%xmm8
+	por	%xmm11,%xmm9
+	por	%xmm12,%xmm8
+	por	%xmm13,%xmm9
+	por	%xmm14,%xmm8
+	por	%xmm15,%xmm9
+
+	por	%xmm9,%xmm8
+	pshufd	\$0x4e,%xmm8,%xmm9
+	por	%xmm9,%xmm8
+	movq	%xmm8,%rbx
+
+	mulq	%rbx
+	addq	%rax, %r8
+	movq	8($ap), %rax
+	movq	%r8, (%rdi)
+	movq	%rdx, %r8
+	adcq	\$0, %r8
+
+	mulq	%rbx
+	addq	%rax, %r9
+	movq	16($ap), %rax
+	adcq	\$0, %rdx
+	addq	%r9, %r8
+	movq	%rdx, %r9
+	adcq	\$0, %r9
+
+	mulq	%rbx
+	addq	%rax, %r10
+	movq	24($ap), %rax
+	adcq	\$0, %rdx
+	addq	%r10, %r9
+	movq	%rdx, %r10
+	adcq	\$0, %r10
+
+	mulq	%rbx
+	addq	%rax, %r11
+	movq	32($ap), %rax
+	adcq	\$0, %rdx
+	addq	%r11, %r10
+	movq	%rdx, %r11
+	adcq	\$0, %r11
+
+	mulq	%rbx
+	addq	%rax, %r12
+	movq	40($ap), %rax
+	adcq	\$0, %rdx
+	addq	%r12, %r11
+	movq	%rdx, %r12
+	adcq	\$0, %r12
+
+	mulq	%rbx
+	addq	%rax, %r13
+	movq	48($ap), %rax
+	adcq	\$0, %rdx
+	addq	%r13, %r12
+	movq	%rdx, %r13
+	adcq	\$0, %r13
+
+	mulq	%rbx
+	addq	%rax, %r14
+	movq	56($ap), %rax
+	adcq	\$0, %rdx
+	addq	%r14, %r13
+	movq	%rdx, %r14
+	adcq	\$0, %r14
+
+	mulq	%rbx
+	addq	%rax, %r15
+	 movq	($ap), %rax
+	adcq	\$0, %rdx
+	addq	%r15, %r14
+	movq	%rdx, %r15
+	adcq	\$0, %r15
+
+	leaq	8(%rdi), %rdi
+
+	decl	%ecx
+	jnz	.Loop_mul_gather
+
+	movq	%r8, (%rdi)
+	movq	%r9, 8(%rdi)
+	movq	%r10, 16(%rdi)
+	movq	%r11, 24(%rdi)
+	movq	%r12, 32(%rdi)
+	movq	%r13, 40(%rdi)
+	movq	%r14, 48(%rdi)
+	movq	%r15, 56(%rdi)
+
+	movq	128+8(%rsp), $out
+	movq	128+16(%rsp), %rbp
+
+	movq	(%rsp), %r8
+	movq	8(%rsp), %r9
+	movq	16(%rsp), %r10
+	movq	24(%rsp), %r11
+	movq	32(%rsp), %r12
+	movq	40(%rsp), %r13
+	movq	48(%rsp), %r14
+	movq	56(%rsp), %r15
+
+	call	__rsaz_512_reduce
+___
+$code.=<<___ if ($addx);
+	jmp	.Lmul_gather_tail
+
+.align	32
+.Lmulx_gather:
+	movq	%xmm8,%rdx
+
+	mov	$n0, 128(%rsp)		# off-load arguments
+	mov	$out, 128+8(%rsp)
+	mov	$mod, 128+16(%rsp)
+
+	mulx	($ap), %rbx, %r8	# 0 iteration
+	mov	%rbx, (%rsp)
+	xor	%edi, %edi		# cf=0, of=0
+
+	mulx	8($ap), %rax, %r9
+
+	mulx	16($ap), %rbx, %r10
+	adcx	%rax, %r8
+
+	mulx	24($ap), %rax, %r11
+	adcx	%rbx, %r9
+
+	mulx	32($ap), %rbx, %r12
+	adcx	%rax, %r10
+
+	mulx	40($ap), %rax, %r13
+	adcx	%rbx, %r11
+
+	mulx	48($ap), %rbx, %r14
+	adcx	%rax, %r12
+
+	mulx	56($ap), %rax, %r15
+	adcx	%rbx, %r13
+	adcx	%rax, %r14
+	.byte	0x67
+	mov	%r8, %rbx
+	adcx	%rdi, %r15		# %rdi is 0
+
+	mov	\$-7, %rcx
+	jmp	.Loop_mulx_gather
+
+.align	32
+.Loop_mulx_gather:
+	movdqa	16*0(%rbp),%xmm8
+	movdqa	16*1(%rbp),%xmm9
+	movdqa	16*2(%rbp),%xmm10
+	movdqa	16*3(%rbp),%xmm11
+	pand	%xmm0,%xmm8
+	movdqa	16*4(%rbp),%xmm12
+	pand	%xmm1,%xmm9
+	movdqa	16*5(%rbp),%xmm13
+	pand	%xmm2,%xmm10
+	movdqa	16*6(%rbp),%xmm14
+	pand	%xmm3,%xmm11
+	movdqa	16*7(%rbp),%xmm15
+	leaq	128(%rbp), %rbp
+	pand	%xmm4,%xmm12
+	pand	%xmm5,%xmm13
+	pand	%xmm6,%xmm14
+	pand	%xmm7,%xmm15
+	por	%xmm10,%xmm8
+	por	%xmm11,%xmm9
+	por	%xmm12,%xmm8
+	por	%xmm13,%xmm9
+	por	%xmm14,%xmm8
+	por	%xmm15,%xmm9
+
+	por	%xmm9,%xmm8
+	pshufd	\$0x4e,%xmm8,%xmm9
+	por	%xmm9,%xmm8
+	movq	%xmm8,%rdx
+
+	.byte	0xc4,0x62,0xfb,0xf6,0x86,0x00,0x00,0x00,0x00	# mulx	($ap), %rax, %r8
+	adcx	%rax, %rbx
+	adox	%r9, %r8
+
+	mulx	8($ap), %rax, %r9
+	adcx	%rax, %r8
+	adox	%r10, %r9
+
+	mulx	16($ap), %rax, %r10
+	adcx	%rax, %r9
+	adox	%r11, %r10
+
+	.byte	0xc4,0x62,0xfb,0xf6,0x9e,0x18,0x00,0x00,0x00	# mulx	24($ap), %rax, %r11
+	adcx	%rax, %r10
+	adox	%r12, %r11
+
+	mulx	32($ap), %rax, %r12
+	adcx	%rax, %r11
+	adox	%r13, %r12
+
+	mulx	40($ap), %rax, %r13
+	adcx	%rax, %r12
+	adox	%r14, %r13
+
+	.byte	0xc4,0x62,0xfb,0xf6,0xb6,0x30,0x00,0x00,0x00	# mulx	48($ap), %rax, %r14
+	adcx	%rax, %r13
+	.byte	0x67
+	adox	%r15, %r14
+
+	mulx	56($ap), %rax, %r15
+	 mov	%rbx, 64(%rsp,%rcx,8)
+	adcx	%rax, %r14
+	adox	%rdi, %r15
+	mov	%r8, %rbx
+	adcx	%rdi, %r15		# cf=0
+
+	inc	%rcx			# of=0
+	jnz	.Loop_mulx_gather
+
+	mov	%r8, 64(%rsp)
+	mov	%r9, 64+8(%rsp)
+	mov	%r10, 64+16(%rsp)
+	mov	%r11, 64+24(%rsp)
+	mov	%r12, 64+32(%rsp)
+	mov	%r13, 64+40(%rsp)
+	mov	%r14, 64+48(%rsp)
+	mov	%r15, 64+56(%rsp)
+
+	mov	128(%rsp), %rdx		# pull arguments
+	mov	128+8(%rsp), $out
+	mov	128+16(%rsp), %rbp
+
+	mov	(%rsp), %r8
+	mov	8(%rsp), %r9
+	mov	16(%rsp), %r10
+	mov	24(%rsp), %r11
+	mov	32(%rsp), %r12
+	mov	40(%rsp), %r13
+	mov	48(%rsp), %r14
+	mov	56(%rsp), %r15
+
+	call	__rsaz_512_reducex
+
+.Lmul_gather_tail:
+___
+$code.=<<___;
+	addq	64(%rsp), %r8
+	adcq	72(%rsp), %r9
+	adcq	80(%rsp), %r10
+	adcq	88(%rsp), %r11
+	adcq	96(%rsp), %r12
+	adcq	104(%rsp), %r13
+	adcq	112(%rsp), %r14
+	adcq	120(%rsp), %r15
+	sbbq	%rcx, %rcx
+
+	call	__rsaz_512_subtract
+
+	leaq	128+24+48(%rsp), %rax
+___
+$code.=<<___	if ($win64);
+	movaps	0xa0-0xc8(%rax),%xmm6
+	movaps	0xb0-0xc8(%rax),%xmm7
+	movaps	0xc0-0xc8(%rax),%xmm8
+	movaps	0xd0-0xc8(%rax),%xmm9
+	movaps	0xe0-0xc8(%rax),%xmm10
+	movaps	0xf0-0xc8(%rax),%xmm11
+	movaps	0x100-0xc8(%rax),%xmm12
+	movaps	0x110-0xc8(%rax),%xmm13
+	movaps	0x120-0xc8(%rax),%xmm14
+	movaps	0x130-0xc8(%rax),%xmm15
+	lea	0xb0(%rax),%rax
+___
+$code.=<<___;
+.cfi_def_cfa	%rax,8
+	movq	-48(%rax), %r15
+.cfi_restore	%r15
+	movq	-40(%rax), %r14
+.cfi_restore	%r14
+	movq	-32(%rax), %r13
+.cfi_restore	%r13
+	movq	-24(%rax), %r12
+.cfi_restore	%r12
+	movq	-16(%rax), %rbp
+.cfi_restore	%rbp
+	movq	-8(%rax), %rbx
+.cfi_restore	%rbx
+	leaq	(%rax), %rsp
+.cfi_def_cfa_register	%rsp
+.Lmul_gather4_epilogue:
+	ret
+.cfi_endproc
+.size	rsaz_512_mul_gather4,.-rsaz_512_mul_gather4
+___
+}
+{
+my ($out,$ap,$mod,$n0,$tbl,$pwr) = ("%rdi","%rsi","%rdx","%rcx","%r8","%r9d");
+$code.=<<___;
+.globl	rsaz_512_mul_scatter4
+.type	rsaz_512_mul_scatter4,\@function,6
+.align	32
+rsaz_512_mul_scatter4:
+.cfi_startproc
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+
+	mov	$pwr, $pwr
+	subq	\$128+24, %rsp
+.cfi_adjust_cfa_offset	128+24
+.Lmul_scatter4_body:
+	leaq	($tbl,$pwr,8), $tbl
+	movq	$out, %xmm0		# off-load arguments
+	movq	$mod, %xmm1
+	movq	$tbl, %xmm2
+	movq	$n0, 128(%rsp)
+
+	movq	$out, %rbp
+___
+$code.=<<___ if ($addx);
+	movl	\$0x80100,%r11d
+	andl	OPENSSL_ia32cap_P+8(%rip),%r11d
+	cmpl	\$0x80100,%r11d		# check for MULX and ADO/CX
+	je	.Lmulx_scatter
+___
+$code.=<<___;
+	movq	($out),%rbx		# pass b[0]
+	call	__rsaz_512_mul
+
+	movq	%xmm0, $out
+	movq	%xmm1, %rbp
+
+	movq	(%rsp), %r8
+	movq	8(%rsp), %r9
+	movq	16(%rsp), %r10
+	movq	24(%rsp), %r11
+	movq	32(%rsp), %r12
+	movq	40(%rsp), %r13
+	movq	48(%rsp), %r14
+	movq	56(%rsp), %r15
+
+	call	__rsaz_512_reduce
+___
+$code.=<<___ if ($addx);
+	jmp	.Lmul_scatter_tail
+
+.align	32
+.Lmulx_scatter:
+	movq	($out), %rdx		# pass b[0]
+	call	__rsaz_512_mulx
+
+	movq	%xmm0, $out
+	movq	%xmm1, %rbp
+
+	movq	128(%rsp), %rdx		# pull $n0
+	movq	(%rsp), %r8
+	movq	8(%rsp), %r9
+	movq	16(%rsp), %r10
+	movq	24(%rsp), %r11
+	movq	32(%rsp), %r12
+	movq	40(%rsp), %r13
+	movq	48(%rsp), %r14
+	movq	56(%rsp), %r15
+
+	call	__rsaz_512_reducex
+
+.Lmul_scatter_tail:
+___
+$code.=<<___;
+	addq	64(%rsp), %r8
+	adcq	72(%rsp), %r9
+	adcq	80(%rsp), %r10
+	adcq	88(%rsp), %r11
+	adcq	96(%rsp), %r12
+	adcq	104(%rsp), %r13
+	adcq	112(%rsp), %r14
+	adcq	120(%rsp), %r15
+	movq	%xmm2, $inp
+	sbbq	%rcx, %rcx
+
+	call	__rsaz_512_subtract
+
+	movq	%r8, 128*0($inp)	# scatter
+	movq	%r9, 128*1($inp)
+	movq	%r10, 128*2($inp)
+	movq	%r11, 128*3($inp)
+	movq	%r12, 128*4($inp)
+	movq	%r13, 128*5($inp)
+	movq	%r14, 128*6($inp)
+	movq	%r15, 128*7($inp)
+
+	leaq	128+24+48(%rsp), %rax
+.cfi_def_cfa	%rax,8
+	movq	-48(%rax), %r15
+.cfi_restore	%r15
+	movq	-40(%rax), %r14
+.cfi_restore	%r14
+	movq	-32(%rax), %r13
+.cfi_restore	%r13
+	movq	-24(%rax), %r12
+.cfi_restore	%r12
+	movq	-16(%rax), %rbp
+.cfi_restore	%rbp
+	movq	-8(%rax), %rbx
+.cfi_restore	%rbx
+	leaq	(%rax), %rsp
+.cfi_def_cfa_register	%rsp
+.Lmul_scatter4_epilogue:
+	ret
+.cfi_endproc
+.size	rsaz_512_mul_scatter4,.-rsaz_512_mul_scatter4
+___
+}
+{
+my ($out,$inp,$mod,$n0) = ("%rdi","%rsi","%rdx","%rcx");
+$code.=<<___;
+.globl	rsaz_512_mul_by_one
+.type	rsaz_512_mul_by_one,\@function,4
+.align	32
+rsaz_512_mul_by_one:
+.cfi_startproc
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+
+	subq	\$128+24, %rsp
+.cfi_adjust_cfa_offset	128+24
+.Lmul_by_one_body:
+___
+$code.=<<___ if ($addx);
+	movl	OPENSSL_ia32cap_P+8(%rip),%eax
+___
+$code.=<<___;
+	movq	$mod, %rbp	# reassign argument
+	movq	$n0, 128(%rsp)
+
+	movq	($inp), %r8
+	pxor	%xmm0, %xmm0
+	movq	8($inp), %r9
+	movq	16($inp), %r10
+	movq	24($inp), %r11
+	movq	32($inp), %r12
+	movq	40($inp), %r13
+	movq	48($inp), %r14
+	movq	56($inp), %r15
+
+	movdqa	%xmm0, (%rsp)
+	movdqa	%xmm0, 16(%rsp)
+	movdqa	%xmm0, 32(%rsp)
+	movdqa	%xmm0, 48(%rsp)
+	movdqa	%xmm0, 64(%rsp)
+	movdqa	%xmm0, 80(%rsp)
+	movdqa	%xmm0, 96(%rsp)
+___
+$code.=<<___ if ($addx);
+	andl	\$0x80100,%eax
+	cmpl	\$0x80100,%eax		# check for MULX and ADO/CX
+	je	.Lby_one_callx
+___
+$code.=<<___;
+	call	__rsaz_512_reduce
+___
+$code.=<<___ if ($addx);
+	jmp	.Lby_one_tail
+.align	32
+.Lby_one_callx:
+	movq	128(%rsp), %rdx		# pull $n0
+	call	__rsaz_512_reducex
+.Lby_one_tail:
+___
+$code.=<<___;
+	movq	%r8, ($out)
+	movq	%r9, 8($out)
+	movq	%r10, 16($out)
+	movq	%r11, 24($out)
+	movq	%r12, 32($out)
+	movq	%r13, 40($out)
+	movq	%r14, 48($out)
+	movq	%r15, 56($out)
+
+	leaq	128+24+48(%rsp), %rax
+.cfi_def_cfa	%rax,8
+	movq	-48(%rax), %r15
+.cfi_restore	%r15
+	movq	-40(%rax), %r14
+.cfi_restore	%r14
+	movq	-32(%rax), %r13
+.cfi_restore	%r13
+	movq	-24(%rax), %r12
+.cfi_restore	%r12
+	movq	-16(%rax), %rbp
+.cfi_restore	%rbp
+	movq	-8(%rax), %rbx
+.cfi_restore	%rbx
+	leaq	(%rax), %rsp
+.cfi_def_cfa_register	%rsp
+.Lmul_by_one_epilogue:
+	ret
+.cfi_endproc
+.size	rsaz_512_mul_by_one,.-rsaz_512_mul_by_one
+___
+}
+{	# __rsaz_512_reduce
+	#
+	# input:	%r8-%r15, %rbp - mod, 128(%rsp) - n0
+	# output:	%r8-%r15
+	# clobbers:	everything except %rbp and %rdi
+$code.=<<___;
+.type	__rsaz_512_reduce,\@abi-omnipotent
+.align	32
+__rsaz_512_reduce:
+	movq	%r8, %rbx
+	imulq	128+8(%rsp), %rbx
+	movq	0(%rbp), %rax
+	movl	\$8, %ecx
+	jmp	.Lreduction_loop
+
+.align	32
+.Lreduction_loop:
+	mulq	%rbx
+	movq	8(%rbp), %rax
+	negq	%r8
+	movq	%rdx, %r8
+	adcq	\$0, %r8
+
+	mulq	%rbx
+	addq	%rax, %r9
+	movq	16(%rbp), %rax
+	adcq	\$0, %rdx
+	addq	%r9, %r8
+	movq	%rdx, %r9
+	adcq	\$0, %r9
+
+	mulq	%rbx
+	addq	%rax, %r10
+	movq	24(%rbp), %rax
+	adcq	\$0, %rdx
+	addq	%r10, %r9
+	movq	%rdx, %r10
+	adcq	\$0, %r10
+
+	mulq	%rbx
+	addq	%rax, %r11
+	movq	32(%rbp), %rax
+	adcq	\$0, %rdx
+	addq	%r11, %r10
+	 movq	128+8(%rsp), %rsi
+	#movq	%rdx, %r11
+	#adcq	\$0, %r11
+	adcq	\$0, %rdx
+	movq	%rdx, %r11
+
+	mulq	%rbx
+	addq	%rax, %r12
+	movq	40(%rbp), %rax
+	adcq	\$0, %rdx
+	 imulq	%r8, %rsi
+	addq	%r12, %r11
+	movq	%rdx, %r12
+	adcq	\$0, %r12
+
+	mulq	%rbx
+	addq	%rax, %r13
+	movq	48(%rbp), %rax
+	adcq	\$0, %rdx
+	addq	%r13, %r12
+	movq	%rdx, %r13
+	adcq	\$0, %r13
+
+	mulq	%rbx
+	addq	%rax, %r14
+	movq	56(%rbp), %rax
+	adcq	\$0, %rdx
+	addq	%r14, %r13
+	movq	%rdx, %r14
+	adcq	\$0, %r14
+
+	mulq	%rbx
+	 movq	%rsi, %rbx
+	addq	%rax, %r15
+	 movq	0(%rbp), %rax
+	adcq	\$0, %rdx
+	addq	%r15, %r14
+	movq	%rdx, %r15
+	adcq	\$0, %r15
+
+	decl	%ecx
+	jne	.Lreduction_loop
+
+	ret
+.size	__rsaz_512_reduce,.-__rsaz_512_reduce
+___
+}
+if ($addx) {
+	# __rsaz_512_reducex
+	#
+	# input:	%r8-%r15, %rbp - mod, 128(%rsp) - n0
+	# output:	%r8-%r15
+	# clobbers:	everything except %rbp and %rdi
+$code.=<<___;
+.type	__rsaz_512_reducex,\@abi-omnipotent
+.align	32
+__rsaz_512_reducex:
+	#movq	128+8(%rsp), %rdx		# pull $n0
+	imulq	%r8, %rdx
+	xorq	%rsi, %rsi			# cf=0,of=0
+	movl	\$8, %ecx
+	jmp	.Lreduction_loopx
+
+.align	32
+.Lreduction_loopx:
+	mov	%r8, %rbx
+	mulx	0(%rbp), %rax, %r8
+	adcx	%rbx, %rax
+	adox	%r9, %r8
+
+	mulx	8(%rbp), %rax, %r9
+	adcx	%rax, %r8
+	adox	%r10, %r9
+
+	mulx	16(%rbp), %rbx, %r10
+	adcx	%rbx, %r9
+	adox	%r11, %r10
+
+	mulx	24(%rbp), %rbx, %r11
+	adcx	%rbx, %r10
+	adox	%r12, %r11
+
+	.byte	0xc4,0x62,0xe3,0xf6,0xa5,0x20,0x00,0x00,0x00	# mulx	32(%rbp), %rbx, %r12
+	 mov	%rdx, %rax
+	 mov	%r8, %rdx
+	adcx	%rbx, %r11
+	adox	%r13, %r12
+
+	 mulx	128+8(%rsp), %rbx, %rdx
+	 mov	%rax, %rdx
+
+	mulx	40(%rbp), %rax, %r13
+	adcx	%rax, %r12
+	adox	%r14, %r13
+
+	.byte	0xc4,0x62,0xfb,0xf6,0xb5,0x30,0x00,0x00,0x00	# mulx	48(%rbp), %rax, %r14
+	adcx	%rax, %r13
+	adox	%r15, %r14
+
+	mulx	56(%rbp), %rax, %r15
+	 mov	%rbx, %rdx
+	adcx	%rax, %r14
+	adox	%rsi, %r15			# %rsi is 0
+	adcx	%rsi, %r15			# cf=0
+
+	decl	%ecx				# of=0
+	jne	.Lreduction_loopx
+
+	ret
+.size	__rsaz_512_reducex,.-__rsaz_512_reducex
+___
+}
+{	# __rsaz_512_subtract
+	# input: %r8-%r15, %rdi - $out, %rbp - $mod, %rcx - mask
+	# output:
+	# clobbers: everything but %rdi, %rsi and %rbp
+$code.=<<___;
+.type	__rsaz_512_subtract,\@abi-omnipotent
+.align	32
+__rsaz_512_subtract:
+	movq	%r8, ($out)
+	movq	%r9, 8($out)
+	movq	%r10, 16($out)
+	movq	%r11, 24($out)
+	movq	%r12, 32($out)
+	movq	%r13, 40($out)
+	movq	%r14, 48($out)
+	movq	%r15, 56($out)
+
+	movq	0($mod), %r8
+	movq	8($mod), %r9
+	negq	%r8
+	notq	%r9
+	andq	%rcx, %r8
+	movq	16($mod), %r10
+	andq	%rcx, %r9
+	notq	%r10
+	movq	24($mod), %r11
+	andq	%rcx, %r10
+	notq	%r11
+	movq	32($mod), %r12
+	andq	%rcx, %r11
+	notq	%r12
+	movq	40($mod), %r13
+	andq	%rcx, %r12
+	notq	%r13
+	movq	48($mod), %r14
+	andq	%rcx, %r13
+	notq	%r14
+	movq	56($mod), %r15
+	andq	%rcx, %r14
+	notq	%r15
+	andq	%rcx, %r15
+
+	addq	($out), %r8
+	adcq	8($out), %r9
+	adcq	16($out), %r10
+	adcq	24($out), %r11
+	adcq	32($out), %r12
+	adcq	40($out), %r13
+	adcq	48($out), %r14
+	adcq	56($out), %r15
+
+	movq	%r8, ($out)
+	movq	%r9, 8($out)
+	movq	%r10, 16($out)
+	movq	%r11, 24($out)
+	movq	%r12, 32($out)
+	movq	%r13, 40($out)
+	movq	%r14, 48($out)
+	movq	%r15, 56($out)
+
+	ret
+.size	__rsaz_512_subtract,.-__rsaz_512_subtract
+___
+}
+{	# __rsaz_512_mul
+	#
+	# input: %rsi - ap, %rbp - bp
+	# output:
+	# clobbers: everything
+my ($ap,$bp) = ("%rsi","%rbp");
+$code.=<<___;
+.type	__rsaz_512_mul,\@abi-omnipotent
+.align	32
+__rsaz_512_mul:
+	leaq	8(%rsp), %rdi
+
+	movq	($ap), %rax
+	mulq	%rbx
+	movq	%rax, (%rdi)
+	movq	8($ap), %rax
+	movq	%rdx, %r8
+
+	mulq	%rbx
+	addq	%rax, %r8
+	movq	16($ap), %rax
+	movq	%rdx, %r9
+	adcq	\$0, %r9
+
+	mulq	%rbx
+	addq	%rax, %r9
+	movq	24($ap), %rax
+	movq	%rdx, %r10
+	adcq	\$0, %r10
+
+	mulq	%rbx
+	addq	%rax, %r10
+	movq	32($ap), %rax
+	movq	%rdx, %r11
+	adcq	\$0, %r11
+
+	mulq	%rbx
+	addq	%rax, %r11
+	movq	40($ap), %rax
+	movq	%rdx, %r12
+	adcq	\$0, %r12
+
+	mulq	%rbx
+	addq	%rax, %r12
+	movq	48($ap), %rax
+	movq	%rdx, %r13
+	adcq	\$0, %r13
+
+	mulq	%rbx
+	addq	%rax, %r13
+	movq	56($ap), %rax
+	movq	%rdx, %r14
+	adcq	\$0, %r14
+
+	mulq	%rbx
+	addq	%rax, %r14
+	 movq	($ap), %rax
+	movq	%rdx, %r15
+	adcq	\$0, %r15
+
+	leaq	8($bp), $bp
+	leaq	8(%rdi), %rdi
+
+	movl	\$7, %ecx
+	jmp	.Loop_mul
+
+.align	32
+.Loop_mul:
+	movq	($bp), %rbx
+	mulq	%rbx
+	addq	%rax, %r8
+	movq	8($ap), %rax
+	movq	%r8, (%rdi)
+	movq	%rdx, %r8
+	adcq	\$0, %r8
+
+	mulq	%rbx
+	addq	%rax, %r9
+	movq	16($ap), %rax
+	adcq	\$0, %rdx
+	addq	%r9, %r8
+	movq	%rdx, %r9
+	adcq	\$0, %r9
+
+	mulq	%rbx
+	addq	%rax, %r10
+	movq	24($ap), %rax
+	adcq	\$0, %rdx
+	addq	%r10, %r9
+	movq	%rdx, %r10
+	adcq	\$0, %r10
+
+	mulq	%rbx
+	addq	%rax, %r11
+	movq	32($ap), %rax
+	adcq	\$0, %rdx
+	addq	%r11, %r10
+	movq	%rdx, %r11
+	adcq	\$0, %r11
+
+	mulq	%rbx
+	addq	%rax, %r12
+	movq	40($ap), %rax
+	adcq	\$0, %rdx
+	addq	%r12, %r11
+	movq	%rdx, %r12
+	adcq	\$0, %r12
+
+	mulq	%rbx
+	addq	%rax, %r13
+	movq	48($ap), %rax
+	adcq	\$0, %rdx
+	addq	%r13, %r12
+	movq	%rdx, %r13
+	adcq	\$0, %r13
+
+	mulq	%rbx
+	addq	%rax, %r14
+	movq	56($ap), %rax
+	adcq	\$0, %rdx
+	addq	%r14, %r13
+	movq	%rdx, %r14
+	 leaq	8($bp), $bp
+	adcq	\$0, %r14
+
+	mulq	%rbx
+	addq	%rax, %r15
+	 movq	($ap), %rax
+	adcq	\$0, %rdx
+	addq	%r15, %r14
+	movq	%rdx, %r15
+	adcq	\$0, %r15
+
+	leaq	8(%rdi), %rdi
+
+	decl	%ecx
+	jnz	.Loop_mul
+
+	movq	%r8, (%rdi)
+	movq	%r9, 8(%rdi)
+	movq	%r10, 16(%rdi)
+	movq	%r11, 24(%rdi)
+	movq	%r12, 32(%rdi)
+	movq	%r13, 40(%rdi)
+	movq	%r14, 48(%rdi)
+	movq	%r15, 56(%rdi)
+
+	ret
+.size	__rsaz_512_mul,.-__rsaz_512_mul
+___
+}
+if ($addx) {
+	# __rsaz_512_mulx
+	#
+	# input: %rsi - ap, %rbp - bp
+	# output:
+	# clobbers: everything
+my ($ap,$bp,$zero) = ("%rsi","%rbp","%rdi");
+$code.=<<___;
+.type	__rsaz_512_mulx,\@abi-omnipotent
+.align	32
+__rsaz_512_mulx:
+	mulx	($ap), %rbx, %r8	# initial %rdx preloaded by caller
+	mov	\$-6, %rcx
+
+	mulx	8($ap), %rax, %r9
+	movq	%rbx, 8(%rsp)
+
+	mulx	16($ap), %rbx, %r10
+	adc	%rax, %r8
+
+	mulx	24($ap), %rax, %r11
+	adc	%rbx, %r9
+
+	mulx	32($ap), %rbx, %r12
+	adc	%rax, %r10
+
+	mulx	40($ap), %rax, %r13
+	adc	%rbx, %r11
+
+	mulx	48($ap), %rbx, %r14
+	adc	%rax, %r12
+
+	mulx	56($ap), %rax, %r15
+	 mov	8($bp), %rdx
+	adc	%rbx, %r13
+	adc	%rax, %r14
+	adc	\$0, %r15
+
+	xor	$zero, $zero		# cf=0,of=0
+	jmp	.Loop_mulx
+
+.align	32
+.Loop_mulx:
+	movq	%r8, %rbx
+	mulx	($ap), %rax, %r8
+	adcx	%rax, %rbx
+	adox	%r9, %r8
+
+	mulx	8($ap), %rax, %r9
+	adcx	%rax, %r8
+	adox	%r10, %r9
+
+	mulx	16($ap), %rax, %r10
+	adcx	%rax, %r9
+	adox	%r11, %r10
+
+	mulx	24($ap), %rax, %r11
+	adcx	%rax, %r10
+	adox	%r12, %r11
+
+	.byte	0x3e,0xc4,0x62,0xfb,0xf6,0xa6,0x20,0x00,0x00,0x00	# mulx	32($ap), %rax, %r12
+	adcx	%rax, %r11
+	adox	%r13, %r12
+
+	mulx	40($ap), %rax, %r13
+	adcx	%rax, %r12
+	adox	%r14, %r13
+
+	mulx	48($ap), %rax, %r14
+	adcx	%rax, %r13
+	adox	%r15, %r14
+
+	mulx	56($ap), %rax, %r15
+	 movq	64($bp,%rcx,8), %rdx
+	 movq	%rbx, 8+64-8(%rsp,%rcx,8)
+	adcx	%rax, %r14
+	adox	$zero, %r15
+	adcx	$zero, %r15		# cf=0
+
+	inc	%rcx			# of=0
+	jnz	.Loop_mulx
+
+	movq	%r8, %rbx
+	mulx	($ap), %rax, %r8
+	adcx	%rax, %rbx
+	adox	%r9, %r8
+
+	.byte	0xc4,0x62,0xfb,0xf6,0x8e,0x08,0x00,0x00,0x00	# mulx	8($ap), %rax, %r9
+	adcx	%rax, %r8
+	adox	%r10, %r9
+
+	.byte	0xc4,0x62,0xfb,0xf6,0x96,0x10,0x00,0x00,0x00	# mulx	16($ap), %rax, %r10
+	adcx	%rax, %r9
+	adox	%r11, %r10
+
+	mulx	24($ap), %rax, %r11
+	adcx	%rax, %r10
+	adox	%r12, %r11
+
+	mulx	32($ap), %rax, %r12
+	adcx	%rax, %r11
+	adox	%r13, %r12
+
+	mulx	40($ap), %rax, %r13
+	adcx	%rax, %r12
+	adox	%r14, %r13
+
+	.byte	0xc4,0x62,0xfb,0xf6,0xb6,0x30,0x00,0x00,0x00	# mulx	48($ap), %rax, %r14
+	adcx	%rax, %r13
+	adox	%r15, %r14
+
+	.byte	0xc4,0x62,0xfb,0xf6,0xbe,0x38,0x00,0x00,0x00	# mulx	56($ap), %rax, %r15
+	adcx	%rax, %r14
+	adox	$zero, %r15
+	adcx	$zero, %r15
+
+	mov	%rbx, 8+64-8(%rsp)
+	mov	%r8, 8+64(%rsp)
+	mov	%r9, 8+64+8(%rsp)
+	mov	%r10, 8+64+16(%rsp)
+	mov	%r11, 8+64+24(%rsp)
+	mov	%r12, 8+64+32(%rsp)
+	mov	%r13, 8+64+40(%rsp)
+	mov	%r14, 8+64+48(%rsp)
+	mov	%r15, 8+64+56(%rsp)
+
+	ret
+.size	__rsaz_512_mulx,.-__rsaz_512_mulx
+___
+}
+{
+my ($out,$inp,$power)= $win64 ? ("%rcx","%rdx","%r8d") : ("%rdi","%rsi","%edx");
+$code.=<<___;
+.globl	rsaz_512_scatter4
+.type	rsaz_512_scatter4,\@abi-omnipotent
+.align	16
+rsaz_512_scatter4:
+	leaq	($out,$power,8), $out
+	movl	\$8, %r9d
+	jmp	.Loop_scatter
+.align	16
+.Loop_scatter:
+	movq	($inp), %rax
+	leaq	8($inp), $inp
+	movq	%rax, ($out)
+	leaq	128($out), $out
+	decl	%r9d
+	jnz	.Loop_scatter
+	ret
+.size	rsaz_512_scatter4,.-rsaz_512_scatter4
+
+.globl	rsaz_512_gather4
+.type	rsaz_512_gather4,\@abi-omnipotent
+.align	16
+rsaz_512_gather4:
+___
+$code.=<<___	if ($win64);
+.LSEH_begin_rsaz_512_gather4:
+	.byte	0x48,0x81,0xec,0xa8,0x00,0x00,0x00	# sub    $0xa8,%rsp
+	.byte	0x0f,0x29,0x34,0x24			# movaps %xmm6,(%rsp)
+	.byte	0x0f,0x29,0x7c,0x24,0x10		# movaps %xmm7,0x10(%rsp)
+	.byte	0x44,0x0f,0x29,0x44,0x24,0x20		# movaps %xmm8,0x20(%rsp)
+	.byte	0x44,0x0f,0x29,0x4c,0x24,0x30		# movaps %xmm9,0x30(%rsp)
+	.byte	0x44,0x0f,0x29,0x54,0x24,0x40		# movaps %xmm10,0x40(%rsp)
+	.byte	0x44,0x0f,0x29,0x5c,0x24,0x50		# movaps %xmm11,0x50(%rsp)
+	.byte	0x44,0x0f,0x29,0x64,0x24,0x60		# movaps %xmm12,0x60(%rsp)
+	.byte	0x44,0x0f,0x29,0x6c,0x24,0x70		# movaps %xmm13,0x70(%rsp)
+	.byte	0x44,0x0f,0x29,0xb4,0x24,0x80,0,0,0	# movaps %xmm14,0x80(%rsp)
+	.byte	0x44,0x0f,0x29,0xbc,0x24,0x90,0,0,0	# movaps %xmm15,0x90(%rsp)
+___
+$code.=<<___;
+	movd	$power,%xmm8
+	movdqa	.Linc+16(%rip),%xmm1	# 00000002000000020000000200000002
+	movdqa	.Linc(%rip),%xmm0	# 00000001000000010000000000000000
+
+	pshufd	\$0,%xmm8,%xmm8		# broadcast $power
+	movdqa	%xmm1,%xmm7
+	movdqa	%xmm1,%xmm2
+___
+########################################################################
+# calculate mask by comparing 0..15 to $power
+#
+for($i=0;$i<4;$i++) {
+$code.=<<___;
+	paddd	%xmm`$i`,%xmm`$i+1`
+	pcmpeqd	%xmm8,%xmm`$i`
+	movdqa	%xmm7,%xmm`$i+3`
+___
+}
+for(;$i<7;$i++) {
+$code.=<<___;
+	paddd	%xmm`$i`,%xmm`$i+1`
+	pcmpeqd	%xmm8,%xmm`$i`
+___
+}
+$code.=<<___;
+	pcmpeqd	%xmm8,%xmm7
+	movl	\$8, %r9d
+	jmp	.Loop_gather
+.align	16
+.Loop_gather:
+	movdqa	16*0($inp),%xmm8
+	movdqa	16*1($inp),%xmm9
+	movdqa	16*2($inp),%xmm10
+	movdqa	16*3($inp),%xmm11
+	pand	%xmm0,%xmm8
+	movdqa	16*4($inp),%xmm12
+	pand	%xmm1,%xmm9
+	movdqa	16*5($inp),%xmm13
+	pand	%xmm2,%xmm10
+	movdqa	16*6($inp),%xmm14
+	pand	%xmm3,%xmm11
+	movdqa	16*7($inp),%xmm15
+	leaq	128($inp), $inp
+	pand	%xmm4,%xmm12
+	pand	%xmm5,%xmm13
+	pand	%xmm6,%xmm14
+	pand	%xmm7,%xmm15
+	por	%xmm10,%xmm8
+	por	%xmm11,%xmm9
+	por	%xmm12,%xmm8
+	por	%xmm13,%xmm9
+	por	%xmm14,%xmm8
+	por	%xmm15,%xmm9
+
+	por	%xmm9,%xmm8
+	pshufd	\$0x4e,%xmm8,%xmm9
+	por	%xmm9,%xmm8
+	movq	%xmm8,($out)
+	leaq	8($out), $out
+	decl	%r9d
+	jnz	.Loop_gather
+___
+$code.=<<___	if ($win64);
+	movaps	0x00(%rsp),%xmm6
+	movaps	0x10(%rsp),%xmm7
+	movaps	0x20(%rsp),%xmm8
+	movaps	0x30(%rsp),%xmm9
+	movaps	0x40(%rsp),%xmm10
+	movaps	0x50(%rsp),%xmm11
+	movaps	0x60(%rsp),%xmm12
+	movaps	0x70(%rsp),%xmm13
+	movaps	0x80(%rsp),%xmm14
+	movaps	0x90(%rsp),%xmm15
+	add	\$0xa8,%rsp
+___
+$code.=<<___;
+	ret
+.LSEH_end_rsaz_512_gather4:
+.size	rsaz_512_gather4,.-rsaz_512_gather4
+
+.align	64
+.Linc:
+	.long	0,0, 1,1
+	.long	2,2, 2,2
+___
+}
+
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern	__imp_RtlVirtualUnwind
+.type	se_handler,\@abi-omnipotent
+.align	16
+se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# end of prologue label
+	cmp	%r10,%rbx		# context->Rip<end of prologue label
+	jb	.Lcommon_seh_tail
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lcommon_seh_tail
+
+	lea	128+24+48(%rax),%rax
+
+	lea	.Lmul_gather4_epilogue(%rip),%rbx
+	cmp	%r10,%rbx
+	jne	.Lse_not_in_mul_gather4
+
+	lea	0xb0(%rax),%rax
+
+	lea	-48-0xa8(%rax),%rsi
+	lea	512($context),%rdi
+	mov	\$20,%ecx
+	.long	0xa548f3fc		# cld; rep movsq
+
+.Lse_not_in_mul_gather4:
+	mov	-8(%rax),%rbx
+	mov	-16(%rax),%rbp
+	mov	-24(%rax),%r12
+	mov	-32(%rax),%r13
+	mov	-40(%rax),%r14
+	mov	-48(%rax),%r15
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+	mov	%r14,232($context)	# restore context->R14
+	mov	%r15,240($context)	# restore context->R15
+
+.Lcommon_seh_tail:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$154,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	se_handler,.-se_handler
+
+.section	.pdata
+.align	4
+	.rva	.LSEH_begin_rsaz_512_sqr
+	.rva	.LSEH_end_rsaz_512_sqr
+	.rva	.LSEH_info_rsaz_512_sqr
+
+	.rva	.LSEH_begin_rsaz_512_mul
+	.rva	.LSEH_end_rsaz_512_mul
+	.rva	.LSEH_info_rsaz_512_mul
+
+	.rva	.LSEH_begin_rsaz_512_mul_gather4
+	.rva	.LSEH_end_rsaz_512_mul_gather4
+	.rva	.LSEH_info_rsaz_512_mul_gather4
+
+	.rva	.LSEH_begin_rsaz_512_mul_scatter4
+	.rva	.LSEH_end_rsaz_512_mul_scatter4
+	.rva	.LSEH_info_rsaz_512_mul_scatter4
+
+	.rva	.LSEH_begin_rsaz_512_mul_by_one
+	.rva	.LSEH_end_rsaz_512_mul_by_one
+	.rva	.LSEH_info_rsaz_512_mul_by_one
+
+	.rva	.LSEH_begin_rsaz_512_gather4
+	.rva	.LSEH_end_rsaz_512_gather4
+	.rva	.LSEH_info_rsaz_512_gather4
+
+.section	.xdata
+.align	8
+.LSEH_info_rsaz_512_sqr:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lsqr_body,.Lsqr_epilogue			# HandlerData[]
+.LSEH_info_rsaz_512_mul:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lmul_body,.Lmul_epilogue			# HandlerData[]
+.LSEH_info_rsaz_512_mul_gather4:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lmul_gather4_body,.Lmul_gather4_epilogue	# HandlerData[]
+.LSEH_info_rsaz_512_mul_scatter4:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lmul_scatter4_body,.Lmul_scatter4_epilogue	# HandlerData[]
+.LSEH_info_rsaz_512_mul_by_one:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lmul_by_one_body,.Lmul_by_one_epilogue		# HandlerData[]
+.LSEH_info_rsaz_512_gather4:
+	.byte	0x01,0x46,0x16,0x00
+	.byte	0x46,0xf8,0x09,0x00	# vmovaps 0x90(rsp),xmm15
+	.byte	0x3d,0xe8,0x08,0x00	# vmovaps 0x80(rsp),xmm14
+	.byte	0x34,0xd8,0x07,0x00	# vmovaps 0x70(rsp),xmm13
+	.byte	0x2e,0xc8,0x06,0x00	# vmovaps 0x60(rsp),xmm12
+	.byte	0x28,0xb8,0x05,0x00	# vmovaps 0x50(rsp),xmm11
+	.byte	0x22,0xa8,0x04,0x00	# vmovaps 0x40(rsp),xmm10
+	.byte	0x1c,0x98,0x03,0x00	# vmovaps 0x30(rsp),xmm9
+	.byte	0x16,0x88,0x02,0x00	# vmovaps 0x20(rsp),xmm8
+	.byte	0x10,0x78,0x01,0x00	# vmovaps 0x10(rsp),xmm7
+	.byte	0x0b,0x68,0x00,0x00	# vmovaps 0x00(rsp),xmm6
+	.byte	0x07,0x01,0x15,0x00	# sub     rsp,0xa8
+___
+}
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/s390x-gf2m.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/s390x-gf2m.pl
new file mode 100644
index 000000000..06181bf9b
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/s390x-gf2m.pl
@@ -0,0 +1,228 @@
+#! /usr/bin/env perl
+# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# May 2011
+#
+# The module implements bn_GF2m_mul_2x2 polynomial multiplication used
+# in bn_gf2m.c. It's kind of low-hanging mechanical port from C for
+# the time being... gcc 4.3 appeared to generate poor code, therefore
+# the effort. And indeed, the module delivers 55%-90%(*) improvement
+# on heaviest ECDSA verify and ECDH benchmarks for 163- and 571-bit
+# key lengths on z990, 30%-55%(*) - on z10, and 70%-110%(*) - on z196.
+# This is for 64-bit build. In 32-bit "highgprs" case improvement is
+# even higher, for example on z990 it was measured 80%-150%. ECDSA
+# sign is modest 9%-12% faster. Keep in mind that these coefficients
+# are not ones for bn_GF2m_mul_2x2 itself, as not all CPU time is
+# burnt in it...
+#
+# (*)	gcc 4.1 was observed to deliver better results than gcc 4.3,
+#	so that improvement coefficients can vary from one specific
+#	setup to another.
+
+$flavour = shift;
+
+if ($flavour =~ /3[12]/) {
+        $SIZE_T=4;
+        $g="";
+} else {
+        $SIZE_T=8;
+        $g="g";
+}
+
+while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+open STDOUT,">$output";
+
+$stdframe=16*$SIZE_T+4*8;
+
+$rp="%r2";
+$a1="%r3";
+$a0="%r4";
+$b1="%r5";
+$b0="%r6";
+
+$ra="%r14";
+$sp="%r15";
+
+@T=("%r0","%r1");
+@i=("%r12","%r13");
+
+($a1,$a2,$a4,$a8,$a12,$a48)=map("%r$_",(6..11));
+($lo,$hi,$b)=map("%r$_",(3..5)); $a=$lo; $mask=$a8;
+
+$code.=<<___;
+.text
+
+.type	_mul_1x1,\@function
+.align	16
+_mul_1x1:
+	lgr	$a1,$a
+	sllg	$a2,$a,1
+	sllg	$a4,$a,2
+	sllg	$a8,$a,3
+
+	srag	$lo,$a1,63			# broadcast 63rd bit
+	nihh	$a1,0x1fff
+	srag	@i[0],$a2,63			# broadcast 62nd bit
+	nihh	$a2,0x3fff
+	srag	@i[1],$a4,63			# broadcast 61st bit
+	nihh	$a4,0x7fff
+	ngr	$lo,$b
+	ngr	@i[0],$b
+	ngr	@i[1],$b
+
+	lghi	@T[0],0
+	lgr	$a12,$a1
+	stg	@T[0],`$stdframe+0*8`($sp)	# tab[0]=0
+	xgr	$a12,$a2
+	stg	$a1,`$stdframe+1*8`($sp)	# tab[1]=a1
+	 lgr	$a48,$a4
+	stg	$a2,`$stdframe+2*8`($sp)	# tab[2]=a2
+	 xgr	$a48,$a8
+	stg	$a12,`$stdframe+3*8`($sp)	# tab[3]=a1^a2
+	 xgr	$a1,$a4
+
+	stg	$a4,`$stdframe+4*8`($sp)	# tab[4]=a4
+	xgr	$a2,$a4
+	stg	$a1,`$stdframe+5*8`($sp)	# tab[5]=a1^a4
+	xgr	$a12,$a4
+	stg	$a2,`$stdframe+6*8`($sp)	# tab[6]=a2^a4
+	 xgr	$a1,$a48
+	stg	$a12,`$stdframe+7*8`($sp)	# tab[7]=a1^a2^a4
+	 xgr	$a2,$a48
+
+	stg	$a8,`$stdframe+8*8`($sp)	# tab[8]=a8
+	xgr	$a12,$a48
+	stg	$a1,`$stdframe+9*8`($sp)	# tab[9]=a1^a8
+	 xgr	$a1,$a4
+	stg	$a2,`$stdframe+10*8`($sp)	# tab[10]=a2^a8
+	 xgr	$a2,$a4
+	stg	$a12,`$stdframe+11*8`($sp)	# tab[11]=a1^a2^a8
+
+	xgr	$a12,$a4
+	stg	$a48,`$stdframe+12*8`($sp)	# tab[12]=a4^a8
+	 srlg	$hi,$lo,1
+	stg	$a1,`$stdframe+13*8`($sp)	# tab[13]=a1^a4^a8
+	 sllg	$lo,$lo,63
+	stg	$a2,`$stdframe+14*8`($sp)	# tab[14]=a2^a4^a8
+	 srlg	@T[0],@i[0],2
+	stg	$a12,`$stdframe+15*8`($sp)	# tab[15]=a1^a2^a4^a8
+
+	lghi	$mask,`0xf<<3`
+	sllg	$a1,@i[0],62
+	 sllg	@i[0],$b,3
+	srlg	@T[1],@i[1],3
+	 ngr	@i[0],$mask
+	sllg	$a2,@i[1],61
+	 srlg	@i[1],$b,4-3
+	xgr	$hi,@T[0]
+	 ngr	@i[1],$mask
+	xgr	$lo,$a1
+	xgr	$hi,@T[1]
+	xgr	$lo,$a2
+
+	xg	$lo,$stdframe(@i[0],$sp)
+	srlg	@i[0],$b,8-3
+	ngr	@i[0],$mask
+___
+for($n=1;$n<14;$n++) {
+$code.=<<___;
+	lg	@T[1],$stdframe(@i[1],$sp)
+	srlg	@i[1],$b,`($n+2)*4`-3
+	sllg	@T[0],@T[1],`$n*4`
+	ngr	@i[1],$mask
+	srlg	@T[1],@T[1],`64-$n*4`
+	xgr	$lo,@T[0]
+	xgr	$hi,@T[1]
+___
+	push(@i,shift(@i)); push(@T,shift(@T));
+}
+$code.=<<___;
+	lg	@T[1],$stdframe(@i[1],$sp)
+	sllg	@T[0],@T[1],`$n*4`
+	srlg	@T[1],@T[1],`64-$n*4`
+	xgr	$lo,@T[0]
+	xgr	$hi,@T[1]
+
+	lg	@T[0],$stdframe(@i[0],$sp)
+	sllg	@T[1],@T[0],`($n+1)*4`
+	srlg	@T[0],@T[0],`64-($n+1)*4`
+	xgr	$lo,@T[1]
+	xgr	$hi,@T[0]
+
+	br	$ra
+.size	_mul_1x1,.-_mul_1x1
+
+.globl	bn_GF2m_mul_2x2
+.type	bn_GF2m_mul_2x2,\@function
+.align	16
+bn_GF2m_mul_2x2:
+	stm${g}	%r3,%r15,3*$SIZE_T($sp)
+
+	lghi	%r1,-$stdframe-128
+	la	%r0,0($sp)
+	la	$sp,0(%r1,$sp)			# alloca
+	st${g}	%r0,0($sp)			# back chain
+___
+if ($SIZE_T==8) {
+my @r=map("%r$_",(6..9));
+$code.=<<___;
+	bras	$ra,_mul_1x1			# a1·b1
+	stmg	$lo,$hi,16($rp)
+
+	lg	$a,`$stdframe+128+4*$SIZE_T`($sp)
+	lg	$b,`$stdframe+128+6*$SIZE_T`($sp)
+	bras	$ra,_mul_1x1			# a0·b0
+	stmg	$lo,$hi,0($rp)
+
+	lg	$a,`$stdframe+128+3*$SIZE_T`($sp)
+	lg	$b,`$stdframe+128+5*$SIZE_T`($sp)
+	xg	$a,`$stdframe+128+4*$SIZE_T`($sp)
+	xg	$b,`$stdframe+128+6*$SIZE_T`($sp)
+	bras	$ra,_mul_1x1			# (a0+a1)·(b0+b1)
+	lmg	@r[0],@r[3],0($rp)
+
+	xgr	$lo,$hi
+	xgr	$hi,@r[1]
+	xgr	$lo,@r[0]
+	xgr	$hi,@r[2]
+	xgr	$lo,@r[3]
+	xgr	$hi,@r[3]
+	xgr	$lo,$hi
+	stg	$hi,16($rp)
+	stg	$lo,8($rp)
+___
+} else {
+$code.=<<___;
+	sllg	%r3,%r3,32
+	sllg	%r5,%r5,32
+	or	%r3,%r4
+	or	%r5,%r6
+	bras	$ra,_mul_1x1
+	rllg	$lo,$lo,32
+	rllg	$hi,$hi,32
+	stmg	$lo,$hi,0($rp)
+___
+}
+$code.=<<___;
+	lm${g}	%r6,%r15,`$stdframe+128+6*$SIZE_T`($sp)
+	br	$ra
+.size	bn_GF2m_mul_2x2,.-bn_GF2m_mul_2x2
+.string	"GF(2^m) Multiplication for s390x, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+$code =~ s/\`([^\`]*)\`/eval($1)/gem;
+print $code;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/s390x-mont.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/s390x-mont.pl
new file mode 100644
index 000000000..c2fc5adff
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/s390x-mont.pl
@@ -0,0 +1,284 @@
+#! /usr/bin/env perl
+# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# April 2007.
+#
+# Performance improvement over vanilla C code varies from 85% to 45%
+# depending on key length and benchmark. Unfortunately in this context
+# these are not very impressive results [for code that utilizes "wide"
+# 64x64=128-bit multiplication, which is not commonly available to C
+# programmers], at least hand-coded bn_asm.c replacement is known to
+# provide 30-40% better results for longest keys. Well, on a second
+# thought it's not very surprising, because z-CPUs are single-issue
+# and _strictly_ in-order execution, while bn_mul_mont is more or less
+# dependent on CPU ability to pipe-line instructions and have several
+# of them "in-flight" at the same time. I mean while other methods,
+# for example Karatsuba, aim to minimize amount of multiplications at
+# the cost of other operations increase, bn_mul_mont aim to neatly
+# "overlap" multiplications and the other operations [and on most
+# platforms even minimize the amount of the other operations, in
+# particular references to memory]. But it's possible to improve this
+# module performance by implementing dedicated squaring code-path and
+# possibly by unrolling loops...
+
+# January 2009.
+#
+# Reschedule to minimize/avoid Address Generation Interlock hazard,
+# make inner loops counter-based.
+
+# November 2010.
+#
+# Adapt for -m31 build. If kernel supports what's called "highgprs"
+# feature on Linux [see /proc/cpuinfo], it's possible to use 64-bit
+# instructions and achieve "64-bit" performance even in 31-bit legacy
+# application context. The feature is not specific to any particular
+# processor, as long as it's "z-CPU". Latter implies that the code
+# remains z/Architecture specific. Compatibility with 32-bit BN_ULONG
+# is achieved by swapping words after 64-bit loads, follow _dswap-s.
+# On z990 it was measured to perform 2.6-2.2 times better than
+# compiler-generated code, less for longer keys...
+
+$flavour = shift;
+
+if ($flavour =~ /3[12]/) {
+	$SIZE_T=4;
+	$g="";
+} else {
+	$SIZE_T=8;
+	$g="g";
+}
+
+while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+open STDOUT,">$output";
+
+$stdframe=16*$SIZE_T+4*8;
+
+$mn0="%r0";
+$num="%r1";
+
+# int bn_mul_mont(
+$rp="%r2";		# BN_ULONG *rp,
+$ap="%r3";		# const BN_ULONG *ap,
+$bp="%r4";		# const BN_ULONG *bp,
+$np="%r5";		# const BN_ULONG *np,
+$n0="%r6";		# const BN_ULONG *n0,
+#$num="160(%r15)"	# int num);
+
+$bi="%r2";	# zaps rp
+$j="%r7";
+
+$ahi="%r8";
+$alo="%r9";
+$nhi="%r10";
+$nlo="%r11";
+$AHI="%r12";
+$NHI="%r13";
+$count="%r14";
+$sp="%r15";
+
+$code.=<<___;
+.text
+.globl	bn_mul_mont
+.type	bn_mul_mont,\@function
+bn_mul_mont:
+	lgf	$num,`$stdframe+$SIZE_T-4`($sp)	# pull $num
+	sla	$num,`log($SIZE_T)/log(2)`	# $num to enumerate bytes
+	la	$bp,0($num,$bp)
+
+	st${g}	%r2,2*$SIZE_T($sp)
+
+	cghi	$num,16		#
+	lghi	%r2,0		#
+	blr	%r14		# if($num<16) return 0;
+___
+$code.=<<___ if ($flavour =~ /3[12]/);
+	tmll	$num,4
+	bnzr	%r14		# if ($num&1) return 0;
+___
+$code.=<<___ if ($flavour !~ /3[12]/);
+	cghi	$num,96		#
+	bhr	%r14		# if($num>96) return 0;
+___
+$code.=<<___;
+	stm${g}	%r3,%r15,3*$SIZE_T($sp)
+
+	lghi	$rp,-$stdframe-8	# leave room for carry bit
+	lcgr	$j,$num		# -$num
+	lgr	%r0,$sp
+	la	$rp,0($rp,$sp)
+	la	$sp,0($j,$rp)	# alloca
+	st${g}	%r0,0($sp)	# back chain
+
+	sra	$num,3		# restore $num
+	la	$bp,0($j,$bp)	# restore $bp
+	ahi	$num,-1		# adjust $num for inner loop
+	lg	$n0,0($n0)	# pull n0
+	_dswap	$n0
+
+	lg	$bi,0($bp)
+	_dswap	$bi
+	lg	$alo,0($ap)
+	_dswap	$alo
+	mlgr	$ahi,$bi	# ap[0]*bp[0]
+	lgr	$AHI,$ahi
+
+	lgr	$mn0,$alo	# "tp[0]"*n0
+	msgr	$mn0,$n0
+
+	lg	$nlo,0($np)	#
+	_dswap	$nlo
+	mlgr	$nhi,$mn0	# np[0]*m1
+	algr	$nlo,$alo	# +="tp[0]"
+	lghi	$NHI,0
+	alcgr	$NHI,$nhi
+
+	la	$j,8(%r0)	# j=1
+	lr	$count,$num
+
+.align	16
+.L1st:
+	lg	$alo,0($j,$ap)
+	_dswap	$alo
+	mlgr	$ahi,$bi	# ap[j]*bp[0]
+	algr	$alo,$AHI
+	lghi	$AHI,0
+	alcgr	$AHI,$ahi
+
+	lg	$nlo,0($j,$np)
+	_dswap	$nlo
+	mlgr	$nhi,$mn0	# np[j]*m1
+	algr	$nlo,$NHI
+	lghi	$NHI,0
+	alcgr	$nhi,$NHI	# +="tp[j]"
+	algr	$nlo,$alo
+	alcgr	$NHI,$nhi
+
+	stg	$nlo,$stdframe-8($j,$sp)	# tp[j-1]=
+	la	$j,8($j)	# j++
+	brct	$count,.L1st
+
+	algr	$NHI,$AHI
+	lghi	$AHI,0
+	alcgr	$AHI,$AHI	# upmost overflow bit
+	stg	$NHI,$stdframe-8($j,$sp)
+	stg	$AHI,$stdframe($j,$sp)
+	la	$bp,8($bp)	# bp++
+
+.Louter:
+	lg	$bi,0($bp)	# bp[i]
+	_dswap	$bi
+	lg	$alo,0($ap)
+	_dswap	$alo
+	mlgr	$ahi,$bi	# ap[0]*bp[i]
+	alg	$alo,$stdframe($sp)	# +=tp[0]
+	lghi	$AHI,0
+	alcgr	$AHI,$ahi
+
+	lgr	$mn0,$alo
+	msgr	$mn0,$n0	# tp[0]*n0
+
+	lg	$nlo,0($np)	# np[0]
+	_dswap	$nlo
+	mlgr	$nhi,$mn0	# np[0]*m1
+	algr	$nlo,$alo	# +="tp[0]"
+	lghi	$NHI,0
+	alcgr	$NHI,$nhi
+
+	la	$j,8(%r0)	# j=1
+	lr	$count,$num
+
+.align	16
+.Linner:
+	lg	$alo,0($j,$ap)
+	_dswap	$alo
+	mlgr	$ahi,$bi	# ap[j]*bp[i]
+	algr	$alo,$AHI
+	lghi	$AHI,0
+	alcgr	$ahi,$AHI
+	alg	$alo,$stdframe($j,$sp)# +=tp[j]
+	alcgr	$AHI,$ahi
+
+	lg	$nlo,0($j,$np)
+	_dswap	$nlo
+	mlgr	$nhi,$mn0	# np[j]*m1
+	algr	$nlo,$NHI
+	lghi	$NHI,0
+	alcgr	$nhi,$NHI
+	algr	$nlo,$alo	# +="tp[j]"
+	alcgr	$NHI,$nhi
+
+	stg	$nlo,$stdframe-8($j,$sp)	# tp[j-1]=
+	la	$j,8($j)	# j++
+	brct	$count,.Linner
+
+	algr	$NHI,$AHI
+	lghi	$AHI,0
+	alcgr	$AHI,$AHI
+	alg	$NHI,$stdframe($j,$sp)# accumulate previous upmost overflow bit
+	lghi	$ahi,0
+	alcgr	$AHI,$ahi	# new upmost overflow bit
+	stg	$NHI,$stdframe-8($j,$sp)
+	stg	$AHI,$stdframe($j,$sp)
+
+	la	$bp,8($bp)	# bp++
+	cl${g}	$bp,`$stdframe+8+4*$SIZE_T`($j,$sp)	# compare to &bp[num]
+	jne	.Louter
+
+	l${g}	$rp,`$stdframe+8+2*$SIZE_T`($j,$sp)	# reincarnate rp
+	la	$ap,$stdframe($sp)
+	ahi	$num,1		# restore $num, incidentally clears "borrow"
+
+	la	$j,0(%r0)
+	lr	$count,$num
+.Lsub:	lg	$alo,0($j,$ap)
+	lg	$nlo,0($j,$np)
+	_dswap	$nlo
+	slbgr	$alo,$nlo
+	stg	$alo,0($j,$rp)
+	la	$j,8($j)
+	brct	$count,.Lsub
+	lghi	$ahi,0
+	slbgr	$AHI,$ahi	# handle upmost carry
+	lghi	$NHI,-1
+	xgr	$NHI,$AHI
+
+	la	$j,0(%r0)
+	lgr	$count,$num
+.Lcopy:	lg	$ahi,$stdframe($j,$sp)	# conditional copy
+	lg	$alo,0($j,$rp)
+	ngr	$ahi,$AHI
+	ngr	$alo,$NHI
+	ogr	$alo,$ahi
+	_dswap	$alo
+	stg	$j,$stdframe($j,$sp)	# zap tp
+	stg	$alo,0($j,$rp)
+	la	$j,8($j)
+	brct	$count,.Lcopy
+
+	la	%r1,`$stdframe+8+6*$SIZE_T`($j,$sp)
+	lm${g}	%r6,%r15,0(%r1)
+	lghi	%r2,1		# signal "processed"
+	br	%r14
+.size	bn_mul_mont,.-bn_mul_mont
+.string	"Montgomery Multiplication for s390x, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/ge;
+	s/_dswap\s+(%r[0-9]+)/sprintf("rllg\t%s,%s,32",$1,$1) if($SIZE_T==4)/e;
+	print $_,"\n";
+}
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/s390x.S b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/s390x.S
new file mode 100644
index 000000000..292a7a999
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/s390x.S
@@ -0,0 +1,713 @@
+.ident "s390x.S, version 1.1"
+// ====================================================================
+// Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+//
+// Licensed under the OpenSSL license (the "License").  You may not use
+// this file except in compliance with the License.  You can obtain a copy
+// in the file LICENSE in the source distribution or at
+// https://www.openssl.org/source/license.html
+// ====================================================================
+
+.text
+
+#define zero	%r0
+
+// BN_ULONG bn_mul_add_words(BN_ULONG *r2,BN_ULONG *r3,int r4,BN_ULONG r5);
+.globl	bn_mul_add_words
+.type	bn_mul_add_words,@function
+.align	4
+bn_mul_add_words:
+	lghi	zero,0		// zero = 0
+	la	%r1,0(%r2)	// put rp aside [to give way to]
+	lghi	%r2,0		// return value
+	ltgfr	%r4,%r4
+	bler	%r14		// if (len<=0) return 0;
+
+	stmg	%r6,%r13,48(%r15)
+	lghi	%r2,3
+	lghi	%r12,0		// carry = 0
+	slgr	%r1,%r3		// rp-=ap
+	nr	%r2,%r4		// len%4
+	sra	%r4,2		// cnt=len/4
+	jz	.Loop1_madd	// carry is incidentally cleared if branch taken
+	algr	zero,zero	// clear carry
+
+	lg	%r7,0(%r3)	// ap[0]
+	lg	%r9,8(%r3)	// ap[1]
+	mlgr	%r6,%r5		// *=w
+	brct	%r4,.Loop4_madd
+	j	.Loop4_madd_tail
+
+.Loop4_madd:
+	mlgr	%r8,%r5
+	lg	%r11,16(%r3)	// ap[i+2]
+	alcgr	%r7,%r12	// +=carry
+	alcgr	%r6,zero
+	alg	%r7,0(%r3,%r1)	// +=rp[i]
+	stg	%r7,0(%r3,%r1)	// rp[i]=
+
+	mlgr	%r10,%r5
+	lg	%r13,24(%r3)
+	alcgr	%r9,%r6
+	alcgr	%r8,zero
+	alg	%r9,8(%r3,%r1)
+	stg	%r9,8(%r3,%r1)
+
+	mlgr	%r12,%r5
+	lg	%r7,32(%r3)
+	alcgr	%r11,%r8
+	alcgr	%r10,zero
+	alg	%r11,16(%r3,%r1)
+	stg	%r11,16(%r3,%r1)
+
+	mlgr	%r6,%r5
+	lg	%r9,40(%r3)
+	alcgr	%r13,%r10
+	alcgr	%r12,zero
+	alg	%r13,24(%r3,%r1)
+	stg	%r13,24(%r3,%r1)
+
+	la	%r3,32(%r3)	// i+=4
+	brct	%r4,.Loop4_madd
+
+.Loop4_madd_tail:
+	mlgr	%r8,%r5
+	lg	%r11,16(%r3)
+	alcgr	%r7,%r12	// +=carry
+	alcgr	%r6,zero
+	alg	%r7,0(%r3,%r1)	// +=rp[i]
+	stg	%r7,0(%r3,%r1)	// rp[i]=
+
+	mlgr	%r10,%r5
+	lg	%r13,24(%r3)
+	alcgr	%r9,%r6
+	alcgr	%r8,zero
+	alg	%r9,8(%r3,%r1)
+	stg	%r9,8(%r3,%r1)
+
+	mlgr	%r12,%r5
+	alcgr	%r11,%r8
+	alcgr	%r10,zero
+	alg	%r11,16(%r3,%r1)
+	stg	%r11,16(%r3,%r1)
+
+	alcgr	%r13,%r10
+	alcgr	%r12,zero
+	alg	%r13,24(%r3,%r1)
+	stg	%r13,24(%r3,%r1)
+
+	la	%r3,32(%r3)	// i+=4
+
+	la	%r2,1(%r2)	// see if len%4 is zero ...
+	brct	%r2,.Loop1_madd	// without touching condition code:-)
+
+.Lend_madd:
+	lgr	%r2,zero	// return value
+	alcgr	%r2,%r12	// collect even carry bit
+	lmg	%r6,%r13,48(%r15)
+	br	%r14
+
+.Loop1_madd:
+	lg	%r7,0(%r3)	// ap[i]
+	mlgr	%r6,%r5		// *=w
+	alcgr	%r7,%r12	// +=carry
+	alcgr	%r6,zero
+	alg	%r7,0(%r3,%r1)	// +=rp[i]
+	stg	%r7,0(%r3,%r1)	// rp[i]=
+
+	lgr	%r12,%r6
+	la	%r3,8(%r3)	// i++
+	brct	%r2,.Loop1_madd
+
+	j	.Lend_madd
+.size	bn_mul_add_words,.-bn_mul_add_words
+
+// BN_ULONG bn_mul_words(BN_ULONG *r2,BN_ULONG *r3,int r4,BN_ULONG r5);
+.globl	bn_mul_words
+.type	bn_mul_words,@function
+.align	4
+bn_mul_words:
+	lghi	zero,0		// zero = 0
+	la	%r1,0(%r2)	// put rp aside
+	lghi	%r2,0		// i=0;
+	ltgfr	%r4,%r4
+	bler	%r14		// if (len<=0) return 0;
+
+	stmg	%r6,%r10,48(%r15)
+	lghi	%r10,3
+	lghi	%r8,0		// carry = 0
+	nr	%r10,%r4	// len%4
+	sra	%r4,2		// cnt=len/4
+	jz	.Loop1_mul	// carry is incidentally cleared if branch taken
+	algr	zero,zero	// clear carry
+
+.Loop4_mul:
+	lg	%r7,0(%r2,%r3)	// ap[i]
+	mlgr	%r6,%r5		// *=w
+	alcgr	%r7,%r8		// +=carry
+	stg	%r7,0(%r2,%r1)	// rp[i]=
+
+	lg	%r9,8(%r2,%r3)
+	mlgr	%r8,%r5
+	alcgr	%r9,%r6
+	stg	%r9,8(%r2,%r1)
+
+	lg	%r7,16(%r2,%r3)
+	mlgr	%r6,%r5
+	alcgr	%r7,%r8
+	stg	%r7,16(%r2,%r1)
+
+	lg	%r9,24(%r2,%r3)
+	mlgr	%r8,%r5
+	alcgr	%r9,%r6
+	stg	%r9,24(%r2,%r1)
+
+	la	%r2,32(%r2)	// i+=4
+	brct	%r4,.Loop4_mul
+
+	la	%r10,1(%r10)		// see if len%4 is zero ...
+	brct	%r10,.Loop1_mul		// without touching condition code:-)
+
+.Lend_mul:
+	alcgr	%r8,zero	// collect carry bit
+	lgr	%r2,%r8
+	lmg	%r6,%r10,48(%r15)
+	br	%r14
+
+.Loop1_mul:
+	lg	%r7,0(%r2,%r3)	// ap[i]
+	mlgr	%r6,%r5		// *=w
+	alcgr	%r7,%r8		// +=carry
+	stg	%r7,0(%r2,%r1)	// rp[i]=
+
+	lgr	%r8,%r6
+	la	%r2,8(%r2)	// i++
+	brct	%r10,.Loop1_mul
+
+	j	.Lend_mul
+.size	bn_mul_words,.-bn_mul_words
+
+// void bn_sqr_words(BN_ULONG *r2,BN_ULONG *r2,int r4)
+.globl	bn_sqr_words
+.type	bn_sqr_words,@function
+.align	4
+bn_sqr_words:
+	ltgfr	%r4,%r4
+	bler	%r14
+
+	stmg	%r6,%r7,48(%r15)
+	srag	%r1,%r4,2	// cnt=len/4
+	jz	.Loop1_sqr
+
+.Loop4_sqr:
+	lg	%r7,0(%r3)
+	mlgr	%r6,%r7
+	stg	%r7,0(%r2)
+	stg	%r6,8(%r2)
+
+	lg	%r7,8(%r3)
+	mlgr	%r6,%r7
+	stg	%r7,16(%r2)
+	stg	%r6,24(%r2)
+
+	lg	%r7,16(%r3)
+	mlgr	%r6,%r7
+	stg	%r7,32(%r2)
+	stg	%r6,40(%r2)
+
+	lg	%r7,24(%r3)
+	mlgr	%r6,%r7
+	stg	%r7,48(%r2)
+	stg	%r6,56(%r2)
+
+	la	%r3,32(%r3)
+	la	%r2,64(%r2)
+	brct	%r1,.Loop4_sqr
+
+	lghi	%r1,3
+	nr	%r4,%r1		// cnt=len%4
+	jz	.Lend_sqr
+
+.Loop1_sqr:
+	lg	%r7,0(%r3)
+	mlgr	%r6,%r7
+	stg	%r7,0(%r2)
+	stg	%r6,8(%r2)
+
+	la	%r3,8(%r3)
+	la	%r2,16(%r2)
+	brct	%r4,.Loop1_sqr
+
+.Lend_sqr:
+	lmg	%r6,%r7,48(%r15)
+	br	%r14
+.size	bn_sqr_words,.-bn_sqr_words
+
+// BN_ULONG bn_div_words(BN_ULONG h,BN_ULONG l,BN_ULONG d);
+.globl	bn_div_words
+.type	bn_div_words,@function
+.align	4
+bn_div_words:
+	dlgr	%r2,%r4
+	lgr	%r2,%r3
+	br	%r14
+.size	bn_div_words,.-bn_div_words
+
+// BN_ULONG bn_add_words(BN_ULONG *r2,BN_ULONG *r3,BN_ULONG *r4,int r5);
+.globl	bn_add_words
+.type	bn_add_words,@function
+.align	4
+bn_add_words:
+	la	%r1,0(%r2)	// put rp aside
+	lghi	%r2,0		// i=0
+	ltgfr	%r5,%r5
+	bler	%r14		// if (len<=0) return 0;
+
+	stg	%r6,48(%r15)
+	lghi	%r6,3
+	nr	%r6,%r5		// len%4
+	sra	%r5,2		// len/4, use sra because it sets condition code
+	jz	.Loop1_add	// carry is incidentally cleared if branch taken
+	algr	%r2,%r2		// clear carry
+
+.Loop4_add:
+	lg	%r0,0(%r2,%r3)
+	alcg	%r0,0(%r2,%r4)
+	stg	%r0,0(%r2,%r1)
+	lg	%r0,8(%r2,%r3)
+	alcg	%r0,8(%r2,%r4)
+	stg	%r0,8(%r2,%r1)
+	lg	%r0,16(%r2,%r3)
+	alcg	%r0,16(%r2,%r4)
+	stg	%r0,16(%r2,%r1)
+	lg	%r0,24(%r2,%r3)
+	alcg	%r0,24(%r2,%r4)
+	stg	%r0,24(%r2,%r1)
+
+	la	%r2,32(%r2)	// i+=4
+	brct	%r5,.Loop4_add
+
+	la	%r6,1(%r6)	// see if len%4 is zero ...
+	brct	%r6,.Loop1_add	// without touching condition code:-)
+
+.Lexit_add:
+	lghi	%r2,0
+	alcgr	%r2,%r2
+	lg	%r6,48(%r15)
+	br	%r14
+
+.Loop1_add:
+	lg	%r0,0(%r2,%r3)
+	alcg	%r0,0(%r2,%r4)
+	stg	%r0,0(%r2,%r1)
+
+	la	%r2,8(%r2)	// i++
+	brct	%r6,.Loop1_add
+
+	j	.Lexit_add
+.size	bn_add_words,.-bn_add_words
+
+// BN_ULONG bn_sub_words(BN_ULONG *r2,BN_ULONG *r3,BN_ULONG *r4,int r5);
+.globl	bn_sub_words
+.type	bn_sub_words,@function
+.align	4
+bn_sub_words:
+	la	%r1,0(%r2)	// put rp aside
+	lghi	%r2,0		// i=0
+	ltgfr	%r5,%r5
+	bler	%r14		// if (len<=0) return 0;
+
+	stg	%r6,48(%r15)
+	lghi	%r6,3
+	nr	%r6,%r5		// len%4
+	sra	%r5,2		// len/4, use sra because it sets condition code
+	jnz	.Loop4_sub	// borrow is incidentally cleared if branch taken
+	slgr	%r2,%r2		// clear borrow
+
+.Loop1_sub:
+	lg	%r0,0(%r2,%r3)
+	slbg	%r0,0(%r2,%r4)
+	stg	%r0,0(%r2,%r1)
+
+	la	%r2,8(%r2)	// i++
+	brct	%r6,.Loop1_sub
+	j	.Lexit_sub
+
+.Loop4_sub:
+	lg	%r0,0(%r2,%r3)
+	slbg	%r0,0(%r2,%r4)
+	stg	%r0,0(%r2,%r1)
+	lg	%r0,8(%r2,%r3)
+	slbg	%r0,8(%r2,%r4)
+	stg	%r0,8(%r2,%r1)
+	lg	%r0,16(%r2,%r3)
+	slbg	%r0,16(%r2,%r4)
+	stg	%r0,16(%r2,%r1)
+	lg	%r0,24(%r2,%r3)
+	slbg	%r0,24(%r2,%r4)
+	stg	%r0,24(%r2,%r1)
+
+	la	%r2,32(%r2)	// i+=4
+	brct	%r5,.Loop4_sub
+
+	la	%r6,1(%r6)	// see if len%4 is zero ...
+	brct	%r6,.Loop1_sub	// without touching condition code:-)
+
+.Lexit_sub:
+	lghi	%r2,0
+	slbgr	%r2,%r2
+	lcgr	%r2,%r2
+	lg	%r6,48(%r15)
+	br	%r14
+.size	bn_sub_words,.-bn_sub_words
+
+#define c1	%r1
+#define c2	%r5
+#define c3	%r8
+
+#define mul_add_c(ai,bi,c1,c2,c3)	\
+	lg	%r7,ai*8(%r3);		\
+	mlg	%r6,bi*8(%r4);		\
+	algr	c1,%r7;			\
+	alcgr	c2,%r6;			\
+	alcgr	c3,zero
+
+// void bn_mul_comba8(BN_ULONG *r2,BN_ULONG *r3,BN_ULONG *r4);
+.globl	bn_mul_comba8
+.type	bn_mul_comba8,@function
+.align	4
+bn_mul_comba8:
+	stmg	%r6,%r8,48(%r15)
+
+	lghi	c1,0
+	lghi	c2,0
+	lghi	c3,0
+	lghi	zero,0
+
+	mul_add_c(0,0,c1,c2,c3);
+	stg	c1,0*8(%r2)
+	lghi	c1,0
+
+	mul_add_c(0,1,c2,c3,c1);
+	mul_add_c(1,0,c2,c3,c1);
+	stg	c2,1*8(%r2)
+	lghi	c2,0
+
+	mul_add_c(2,0,c3,c1,c2);
+	mul_add_c(1,1,c3,c1,c2);
+	mul_add_c(0,2,c3,c1,c2);
+	stg	c3,2*8(%r2)
+	lghi	c3,0
+
+	mul_add_c(0,3,c1,c2,c3);
+	mul_add_c(1,2,c1,c2,c3);
+	mul_add_c(2,1,c1,c2,c3);
+	mul_add_c(3,0,c1,c2,c3);
+	stg	c1,3*8(%r2)
+	lghi	c1,0
+
+	mul_add_c(4,0,c2,c3,c1);
+	mul_add_c(3,1,c2,c3,c1);
+	mul_add_c(2,2,c2,c3,c1);
+	mul_add_c(1,3,c2,c3,c1);
+	mul_add_c(0,4,c2,c3,c1);
+	stg	c2,4*8(%r2)
+	lghi	c2,0
+
+	mul_add_c(0,5,c3,c1,c2);
+	mul_add_c(1,4,c3,c1,c2);
+	mul_add_c(2,3,c3,c1,c2);
+	mul_add_c(3,2,c3,c1,c2);
+	mul_add_c(4,1,c3,c1,c2);
+	mul_add_c(5,0,c3,c1,c2);
+	stg	c3,5*8(%r2)
+	lghi	c3,0
+
+	mul_add_c(6,0,c1,c2,c3);
+	mul_add_c(5,1,c1,c2,c3);
+	mul_add_c(4,2,c1,c2,c3);
+	mul_add_c(3,3,c1,c2,c3);
+	mul_add_c(2,4,c1,c2,c3);
+	mul_add_c(1,5,c1,c2,c3);
+	mul_add_c(0,6,c1,c2,c3);
+	stg	c1,6*8(%r2)
+	lghi	c1,0
+
+	mul_add_c(0,7,c2,c3,c1);
+	mul_add_c(1,6,c2,c3,c1);
+	mul_add_c(2,5,c2,c3,c1);
+	mul_add_c(3,4,c2,c3,c1);
+	mul_add_c(4,3,c2,c3,c1);
+	mul_add_c(5,2,c2,c3,c1);
+	mul_add_c(6,1,c2,c3,c1);
+	mul_add_c(7,0,c2,c3,c1);
+	stg	c2,7*8(%r2)
+	lghi	c2,0
+
+	mul_add_c(7,1,c3,c1,c2);
+	mul_add_c(6,2,c3,c1,c2);
+	mul_add_c(5,3,c3,c1,c2);
+	mul_add_c(4,4,c3,c1,c2);
+	mul_add_c(3,5,c3,c1,c2);
+	mul_add_c(2,6,c3,c1,c2);
+	mul_add_c(1,7,c3,c1,c2);
+	stg	c3,8*8(%r2)
+	lghi	c3,0
+
+	mul_add_c(2,7,c1,c2,c3);
+	mul_add_c(3,6,c1,c2,c3);
+	mul_add_c(4,5,c1,c2,c3);
+	mul_add_c(5,4,c1,c2,c3);
+	mul_add_c(6,3,c1,c2,c3);
+	mul_add_c(7,2,c1,c2,c3);
+	stg	c1,9*8(%r2)
+	lghi	c1,0
+
+	mul_add_c(7,3,c2,c3,c1);
+	mul_add_c(6,4,c2,c3,c1);
+	mul_add_c(5,5,c2,c3,c1);
+	mul_add_c(4,6,c2,c3,c1);
+	mul_add_c(3,7,c2,c3,c1);
+	stg	c2,10*8(%r2)
+	lghi	c2,0
+
+	mul_add_c(4,7,c3,c1,c2);
+	mul_add_c(5,6,c3,c1,c2);
+	mul_add_c(6,5,c3,c1,c2);
+	mul_add_c(7,4,c3,c1,c2);
+	stg	c3,11*8(%r2)
+	lghi	c3,0
+
+	mul_add_c(7,5,c1,c2,c3);
+	mul_add_c(6,6,c1,c2,c3);
+	mul_add_c(5,7,c1,c2,c3);
+	stg	c1,12*8(%r2)
+	lghi	c1,0
+
+
+	mul_add_c(6,7,c2,c3,c1);
+	mul_add_c(7,6,c2,c3,c1);
+	stg	c2,13*8(%r2)
+	lghi	c2,0
+
+	mul_add_c(7,7,c3,c1,c2);
+	stg	c3,14*8(%r2)
+	stg	c1,15*8(%r2)
+
+	lmg	%r6,%r8,48(%r15)
+	br	%r14
+.size	bn_mul_comba8,.-bn_mul_comba8
+
+// void bn_mul_comba4(BN_ULONG *r2,BN_ULONG *r3,BN_ULONG *r4);
+.globl	bn_mul_comba4
+.type	bn_mul_comba4,@function
+.align	4
+bn_mul_comba4:
+	stmg	%r6,%r8,48(%r15)
+
+	lghi	c1,0
+	lghi	c2,0
+	lghi	c3,0
+	lghi	zero,0
+
+	mul_add_c(0,0,c1,c2,c3);
+	stg	c1,0*8(%r3)
+	lghi	c1,0
+
+	mul_add_c(0,1,c2,c3,c1);
+	mul_add_c(1,0,c2,c3,c1);
+	stg	c2,1*8(%r2)
+	lghi	c2,0
+
+	mul_add_c(2,0,c3,c1,c2);
+	mul_add_c(1,1,c3,c1,c2);
+	mul_add_c(0,2,c3,c1,c2);
+	stg	c3,2*8(%r2)
+	lghi	c3,0
+
+	mul_add_c(0,3,c1,c2,c3);
+	mul_add_c(1,2,c1,c2,c3);
+	mul_add_c(2,1,c1,c2,c3);
+	mul_add_c(3,0,c1,c2,c3);
+	stg	c1,3*8(%r2)
+	lghi	c1,0
+
+	mul_add_c(3,1,c2,c3,c1);
+	mul_add_c(2,2,c2,c3,c1);
+	mul_add_c(1,3,c2,c3,c1);
+	stg	c2,4*8(%r2)
+	lghi	c2,0
+
+	mul_add_c(2,3,c3,c1,c2);
+	mul_add_c(3,2,c3,c1,c2);
+	stg	c3,5*8(%r2)
+	lghi	c3,0
+
+	mul_add_c(3,3,c1,c2,c3);
+	stg	c1,6*8(%r2)
+	stg	c2,7*8(%r2)
+
+	stmg	%r6,%r8,48(%r15)
+	br	%r14
+.size	bn_mul_comba4,.-bn_mul_comba4
+
+#define sqr_add_c(ai,c1,c2,c3)		\
+	lg	%r7,ai*8(%r3);		\
+	mlgr	%r6,%r7;		\
+	algr	c1,%r7;			\
+	alcgr	c2,%r6;			\
+	alcgr	c3,zero
+
+#define sqr_add_c2(ai,aj,c1,c2,c3)	\
+	lg	%r7,ai*8(%r3);		\
+	mlg	%r6,aj*8(%r3);		\
+	algr	c1,%r7;			\
+	alcgr	c2,%r6;			\
+	alcgr	c3,zero;		\
+	algr	c1,%r7;			\
+	alcgr	c2,%r6;			\
+	alcgr	c3,zero
+
+// void bn_sqr_comba8(BN_ULONG *r2,BN_ULONG *r3);
+.globl	bn_sqr_comba8
+.type	bn_sqr_comba8,@function
+.align	4
+bn_sqr_comba8:
+	stmg	%r6,%r8,48(%r15)
+
+	lghi	c1,0
+	lghi	c2,0
+	lghi	c3,0
+	lghi	zero,0
+
+	sqr_add_c(0,c1,c2,c3);
+	stg	c1,0*8(%r2)
+	lghi	c1,0
+
+	sqr_add_c2(1,0,c2,c3,c1);
+	stg	c2,1*8(%r2)
+	lghi	c2,0
+
+	sqr_add_c(1,c3,c1,c2);
+	sqr_add_c2(2,0,c3,c1,c2);
+	stg	c3,2*8(%r2)
+	lghi	c3,0
+
+	sqr_add_c2(3,0,c1,c2,c3);
+	sqr_add_c2(2,1,c1,c2,c3);
+	stg	c1,3*8(%r2)
+	lghi	c1,0
+
+	sqr_add_c(2,c2,c3,c1);
+	sqr_add_c2(3,1,c2,c3,c1);
+	sqr_add_c2(4,0,c2,c3,c1);
+	stg	c2,4*8(%r2)
+	lghi	c2,0
+
+	sqr_add_c2(5,0,c3,c1,c2);
+	sqr_add_c2(4,1,c3,c1,c2);
+	sqr_add_c2(3,2,c3,c1,c2);
+	stg	c3,5*8(%r2)
+	lghi	c3,0
+
+	sqr_add_c(3,c1,c2,c3);
+	sqr_add_c2(4,2,c1,c2,c3);
+	sqr_add_c2(5,1,c1,c2,c3);
+	sqr_add_c2(6,0,c1,c2,c3);
+	stg	c1,6*8(%r2)
+	lghi	c1,0
+
+	sqr_add_c2(7,0,c2,c3,c1);
+	sqr_add_c2(6,1,c2,c3,c1);
+	sqr_add_c2(5,2,c2,c3,c1);
+	sqr_add_c2(4,3,c2,c3,c1);
+	stg	c2,7*8(%r2)
+	lghi	c2,0
+
+	sqr_add_c(4,c3,c1,c2);
+	sqr_add_c2(5,3,c3,c1,c2);
+	sqr_add_c2(6,2,c3,c1,c2);
+	sqr_add_c2(7,1,c3,c1,c2);
+	stg	c3,8*8(%r2)
+	lghi	c3,0
+
+	sqr_add_c2(7,2,c1,c2,c3);
+	sqr_add_c2(6,3,c1,c2,c3);
+	sqr_add_c2(5,4,c1,c2,c3);
+	stg	c1,9*8(%r2)
+	lghi	c1,0
+
+	sqr_add_c(5,c2,c3,c1);
+	sqr_add_c2(6,4,c2,c3,c1);
+	sqr_add_c2(7,3,c2,c3,c1);
+	stg	c2,10*8(%r2)
+	lghi	c2,0
+
+	sqr_add_c2(7,4,c3,c1,c2);
+	sqr_add_c2(6,5,c3,c1,c2);
+	stg	c3,11*8(%r2)
+	lghi	c3,0
+
+	sqr_add_c(6,c1,c2,c3);
+	sqr_add_c2(7,5,c1,c2,c3);
+	stg	c1,12*8(%r2)
+	lghi	c1,0
+
+	sqr_add_c2(7,6,c2,c3,c1);
+	stg	c2,13*8(%r2)
+	lghi	c2,0
+
+	sqr_add_c(7,c3,c1,c2);
+	stg	c3,14*8(%r2)
+	stg	c1,15*8(%r2)
+
+	lmg	%r6,%r8,48(%r15)
+	br	%r14
+.size	bn_sqr_comba8,.-bn_sqr_comba8
+
+// void bn_sqr_comba4(BN_ULONG *r2,BN_ULONG *r3);
+.globl bn_sqr_comba4
+.type	bn_sqr_comba4,@function
+.align	4
+bn_sqr_comba4:
+	stmg	%r6,%r8,48(%r15)
+
+	lghi	c1,0
+	lghi	c2,0
+	lghi	c3,0
+	lghi	zero,0
+
+	sqr_add_c(0,c1,c2,c3);
+	stg	c1,0*8(%r2)
+	lghi	c1,0
+
+	sqr_add_c2(1,0,c2,c3,c1);
+	stg	c2,1*8(%r2)
+	lghi	c2,0
+
+	sqr_add_c(1,c3,c1,c2);
+	sqr_add_c2(2,0,c3,c1,c2);
+	stg	c3,2*8(%r2)
+	lghi	c3,0
+
+	sqr_add_c2(3,0,c1,c2,c3);
+	sqr_add_c2(2,1,c1,c2,c3);
+	stg	c1,3*8(%r2)
+	lghi	c1,0
+
+	sqr_add_c(2,c2,c3,c1);
+	sqr_add_c2(3,1,c2,c3,c1);
+	stg	c2,4*8(%r2)
+	lghi	c2,0
+
+	sqr_add_c2(3,2,c3,c1,c2);
+	stg	c3,5*8(%r2)
+	lghi	c3,0
+
+	sqr_add_c(3,c1,c2,c3);
+	stg	c1,6*8(%r2)
+	stg	c2,7*8(%r2)
+
+	lmg	%r6,%r8,48(%r15)
+	br	%r14
+.size	bn_sqr_comba4,.-bn_sqr_comba4
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/sparct4-mont.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/sparct4-mont.pl
new file mode 100755
index 000000000..fcae9cfc5
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/sparct4-mont.pl
@@ -0,0 +1,1228 @@
+#! /usr/bin/env perl
+# Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by David S. Miller and Andy Polyakov
+# The module is licensed under 2-clause BSD license.
+# November 2012. All rights reserved.
+# ====================================================================
+
+######################################################################
+# Montgomery squaring-n-multiplication module for SPARC T4.
+#
+# The module consists of three parts:
+#
+# 1) collection of "single-op" subroutines that perform single
+#    operation, Montgomery squaring or multiplication, on 512-,
+#    1024-, 1536- and 2048-bit operands;
+# 2) collection of "multi-op" subroutines that perform 5 squaring and
+#    1 multiplication operations on operands of above lengths;
+# 3) fall-back and helper VIS3 subroutines.
+#
+# RSA sign is dominated by multi-op subroutine, while RSA verify and
+# DSA - by single-op. Special note about 4096-bit RSA verify result.
+# Operands are too long for dedicated hardware and it's handled by
+# VIS3 code, which is why you don't see any improvement. It's surely
+# possible to improve it [by deploying 'mpmul' instruction], maybe in
+# the future...
+#
+# Performance improvement.
+#
+# 64-bit process, VIS3:
+#                   sign    verify    sign/s verify/s
+# rsa 1024 bits 0.000628s 0.000028s   1592.4  35434.4
+# rsa 2048 bits 0.003282s 0.000106s    304.7   9438.3
+# rsa 4096 bits 0.025866s 0.000340s     38.7   2940.9
+# dsa 1024 bits 0.000301s 0.000332s   3323.7   3013.9
+# dsa 2048 bits 0.001056s 0.001233s    946.9    810.8
+#
+# 64-bit process, this module:
+#                   sign    verify    sign/s verify/s
+# rsa 1024 bits 0.000256s 0.000016s   3904.4  61411.9
+# rsa 2048 bits 0.000946s 0.000029s   1056.8  34292.7
+# rsa 4096 bits 0.005061s 0.000340s    197.6   2940.5
+# dsa 1024 bits 0.000176s 0.000195s   5674.7   5130.5
+# dsa 2048 bits 0.000296s 0.000354s   3383.2   2827.6
+#
+######################################################################
+# 32-bit process, VIS3:
+#                   sign    verify    sign/s verify/s
+# rsa 1024 bits 0.000665s 0.000028s   1504.8  35233.3
+# rsa 2048 bits 0.003349s 0.000106s    298.6   9433.4
+# rsa 4096 bits 0.025959s 0.000341s     38.5   2934.8
+# dsa 1024 bits 0.000320s 0.000341s   3123.3   2929.6
+# dsa 2048 bits 0.001101s 0.001260s    908.2    793.4
+#
+# 32-bit process, this module:
+#                   sign    verify    sign/s verify/s
+# rsa 1024 bits 0.000301s 0.000017s   3317.1  60240.0
+# rsa 2048 bits 0.001034s 0.000030s    966.9  33812.7
+# rsa 4096 bits 0.005244s 0.000341s    190.7   2935.4
+# dsa 1024 bits 0.000201s 0.000205s   4976.1   4879.2
+# dsa 2048 bits 0.000328s 0.000360s   3051.1   2774.2
+#
+# 32-bit code is prone to performance degradation as interrupt rate
+# dispatched to CPU executing the code grows. This is because in
+# standard process of handling interrupt in 32-bit process context
+# upper halves of most integer registers used as input or output are
+# zeroed. This renders result invalid, and operation has to be re-run.
+# If CPU is "bothered" with timer interrupts only, the penalty is
+# hardly measurable. But in order to mitigate this problem for higher
+# interrupt rates contemporary Linux kernel recognizes biased stack
+# even in 32-bit process context and preserves full register contents.
+# See http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=517ffce4e1a03aea979fe3a18a3dd1761a24fafb
+# for details.
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "sparcv9_modes.pl";
+
+$output = pop;
+open STDOUT,">$output";
+
+$code.=<<___;
+#include "sparc_arch.h"
+
+#ifdef	__arch64__
+.register	%g2,#scratch
+.register	%g3,#scratch
+#endif
+
+.section	".text",#alloc,#execinstr
+
+#ifdef	__PIC__
+SPARC_PIC_THUNK(%g1)
+#endif
+___
+
+########################################################################
+# Register layout for mont[mul|sqr] instructions.
+# For details see "Oracle SPARC Architecture 2011" manual at
+# http://www.oracle.com/technetwork/server-storage/sun-sparc-enterprise/documentation/.
+#
+my @R=map("%f".2*$_,(0..11,30,31,12..29));
+my @N=(map("%l$_",(0..7)),map("%o$_",(0..5))); @N=(@N,@N,@N[0..3]);
+my @A=(@N[0..13],@R[14..31]);
+my @B=(map("%i$_",(0..5)),map("%l$_",(0..7))); @B=(@B,@B,map("%o$_",(0..3)));
+
+########################################################################
+# int bn_mul_mont_t4_$NUM(u64 *rp,const u64 *ap,const u64 *bp,
+#			  const u64 *np,const BN_ULONG *n0);
+#
+sub generate_bn_mul_mont_t4() {
+my $NUM=shift;
+my ($rp,$ap,$bp,$np,$sentinel)=map("%g$_",(1..5));
+
+$code.=<<___;
+.globl	bn_mul_mont_t4_$NUM
+.align	32
+bn_mul_mont_t4_$NUM:
+#ifdef	__arch64__
+	mov	0,$sentinel
+	mov	-128,%g4
+#elif defined(SPARCV9_64BIT_STACK)
+	SPARC_LOAD_ADDRESS_LEAF(OPENSSL_sparcv9cap_P,%g1,%g5)
+	ld	[%g1+0],%g1	! OPENSSL_sparcv9_P[0]
+	mov	-2047,%g4
+	and	%g1,SPARCV9_64BIT_STACK,%g1
+	movrz	%g1,0,%g4
+	mov	-1,$sentinel
+	add	%g4,-128,%g4
+#else
+	mov	-1,$sentinel
+	mov	-128,%g4
+#endif
+	sllx	$sentinel,32,$sentinel
+	save	%sp,%g4,%sp
+#ifndef	__arch64__
+	save	%sp,-128,%sp	! warm it up
+	save	%sp,-128,%sp
+	save	%sp,-128,%sp
+	save	%sp,-128,%sp
+	save	%sp,-128,%sp
+	save	%sp,-128,%sp
+	restore
+	restore
+	restore
+	restore
+	restore
+	restore
+#endif
+	and	%sp,1,%g4
+	or	$sentinel,%fp,%fp
+	or	%g4,$sentinel,$sentinel
+
+	! copy arguments to global registers
+	mov	%i0,$rp
+	mov	%i1,$ap
+	mov	%i2,$bp
+	mov	%i3,$np
+	ld	[%i4+0],%f1	! load *n0
+	ld	[%i4+4],%f0
+	fsrc2	%f0,%f60
+___
+
+# load ap[$NUM] ########################################################
+$code.=<<___;
+	save	%sp,-128,%sp;		or	$sentinel,%fp,%fp
+___
+for($i=0; $i<14 && $i<$NUM; $i++) {
+my $lo=$i<13?@A[$i+1]:"%o7";
+$code.=<<___;
+	ld	[$ap+$i*8+0],$lo
+	ld	[$ap+$i*8+4],@A[$i]
+	sllx	@A[$i],32,@A[$i]
+	or	$lo,@A[$i],@A[$i]
+___
+}
+for(; $i<$NUM; $i++) {
+my ($hi,$lo)=("%f".2*($i%4),"%f".(2*($i%4)+1));
+$code.=<<___;
+	ld	[$ap+$i*8+0],$lo
+	ld	[$ap+$i*8+4],$hi
+	fsrc2	$hi,@A[$i]
+___
+}
+# load np[$NUM] ########################################################
+$code.=<<___;
+	save	%sp,-128,%sp;		or	$sentinel,%fp,%fp
+___
+for($i=0; $i<14 && $i<$NUM; $i++) {
+my $lo=$i<13?@N[$i+1]:"%o7";
+$code.=<<___;
+	ld	[$np+$i*8+0],$lo
+	ld	[$np+$i*8+4],@N[$i]
+	sllx	@N[$i],32,@N[$i]
+	or	$lo,@N[$i],@N[$i]
+___
+}
+$code.=<<___;
+	save	%sp,-128,%sp;		or	$sentinel,%fp,%fp
+___
+for(; $i<28 && $i<$NUM; $i++) {
+my $lo=$i<27?@N[$i+1]:"%o7";
+$code.=<<___;
+	ld	[$np+$i*8+0],$lo
+	ld	[$np+$i*8+4],@N[$i]
+	sllx	@N[$i],32,@N[$i]
+	or	$lo,@N[$i],@N[$i]
+___
+}
+$code.=<<___;
+	save	%sp,-128,%sp;		or	$sentinel,%fp,%fp
+___
+for(; $i<$NUM; $i++) {
+my $lo=($i<$NUM-1)?@N[$i+1]:"%o7";
+$code.=<<___;
+	ld	[$np+$i*8+0],$lo
+	ld	[$np+$i*8+4],@N[$i]
+	sllx	@N[$i],32,@N[$i]
+	or	$lo,@N[$i],@N[$i]
+___
+}
+$code.=<<___;
+	cmp	$ap,$bp
+	be	SIZE_T_CC,.Lmsquare_$NUM
+	nop
+___
+
+# load bp[$NUM] ########################################################
+$code.=<<___;
+	save	%sp,-128,%sp;		or	$sentinel,%fp,%fp
+___
+for($i=0; $i<14 && $i<$NUM; $i++) {
+my $lo=$i<13?@B[$i+1]:"%o7";
+$code.=<<___;
+	ld	[$bp+$i*8+0],$lo
+	ld	[$bp+$i*8+4],@B[$i]
+	sllx	@B[$i],32,@B[$i]
+	or	$lo,@B[$i],@B[$i]
+___
+}
+$code.=<<___;
+	save	%sp,-128,%sp;		or	$sentinel,%fp,%fp
+___
+for(; $i<$NUM; $i++) {
+my $lo=($i<$NUM-1)?@B[$i+1]:"%o7";
+$code.=<<___;
+	ld	[$bp+$i*8+0],$lo
+	ld	[$bp+$i*8+4],@B[$i]
+	sllx	@B[$i],32,@B[$i]
+	or	$lo,@B[$i],@B[$i]
+___
+}
+# magic ################################################################
+$code.=<<___;
+	.word	0x81b02920+$NUM-1	! montmul	$NUM-1
+.Lmresume_$NUM:
+	fbu,pn	%fcc3,.Lmabort_$NUM
+#ifndef	__arch64__
+	and	%fp,$sentinel,$sentinel
+	brz,pn	$sentinel,.Lmabort_$NUM
+#endif
+	nop
+#ifdef	__arch64__
+	restore
+	restore
+	restore
+	restore
+	restore
+#else
+	restore;		and	%fp,$sentinel,$sentinel
+	restore;		and	%fp,$sentinel,$sentinel
+	restore;		and	%fp,$sentinel,$sentinel
+	restore;		and	%fp,$sentinel,$sentinel
+	 brz,pn	$sentinel,.Lmabort1_$NUM
+	restore
+#endif
+___
+
+# save tp[$NUM] ########################################################
+for($i=0; $i<14 && $i<$NUM; $i++) {
+$code.=<<___;
+	movxtod	@A[$i],@R[$i]
+___
+}
+$code.=<<___;
+#ifdef	__arch64__
+	restore
+#else
+	 and	%fp,$sentinel,$sentinel
+	restore
+	 and	$sentinel,1,%o7
+	 and	%fp,$sentinel,$sentinel
+	 srl	%fp,0,%fp		! just in case?
+	 or	%o7,$sentinel,$sentinel
+	brz,a,pn $sentinel,.Lmdone_$NUM
+	mov	0,%i0		! return failure
+#endif
+___
+for($i=0; $i<12 && $i<$NUM; $i++) {
+@R[$i] =~ /%f([0-9]+)/;
+my $lo = "%f".($1+1);
+$code.=<<___;
+	st	$lo,[$rp+$i*8+0]
+	st	@R[$i],[$rp+$i*8+4]
+___
+}
+for(; $i<$NUM; $i++) {
+my ($hi,$lo)=("%f".2*($i%4),"%f".(2*($i%4)+1));
+$code.=<<___;
+	fsrc2	@R[$i],$hi
+	st	$lo,[$rp+$i*8+0]
+	st	$hi,[$rp+$i*8+4]
+___
+}
+$code.=<<___;
+	mov	1,%i0		! return success
+.Lmdone_$NUM:
+	ret
+	restore
+
+.Lmabort_$NUM:
+	restore
+	restore
+	restore
+	restore
+	restore
+.Lmabort1_$NUM:
+	restore
+
+	mov	0,%i0		! return failure
+	ret
+	restore
+
+.align	32
+.Lmsquare_$NUM:
+	save	%sp,-128,%sp;		or	$sentinel,%fp,%fp
+	save	%sp,-128,%sp;		or	$sentinel,%fp,%fp
+	.word   0x81b02940+$NUM-1	! montsqr	$NUM-1
+	ba	.Lmresume_$NUM
+	nop
+.type	bn_mul_mont_t4_$NUM, #function
+.size	bn_mul_mont_t4_$NUM, .-bn_mul_mont_t4_$NUM
+___
+}
+
+for ($i=8;$i<=32;$i+=8) {
+	&generate_bn_mul_mont_t4($i);
+}
+
+########################################################################
+#
+sub load_ccr {
+my ($ptbl,$pwr,$ccr,$skip_wr)=@_;
+$code.=<<___;
+	srl	$pwr,	2,	%o4
+	and	$pwr,	3,	%o5
+	and	%o4,	7,	%o4
+	sll	%o5,	3,	%o5	! offset within first cache line
+	add	%o5,	$ptbl,	$ptbl	! of the pwrtbl
+	or	%g0,	1,	%o5
+	sll	%o5,	%o4,	$ccr
+___
+$code.=<<___	if (!$skip_wr);
+	wr	$ccr,	%g0,	%ccr
+___
+}
+sub load_b_pair {
+my ($pwrtbl,$B0,$B1)=@_;
+
+$code.=<<___;
+	ldx	[$pwrtbl+0*32],	$B0
+	ldx	[$pwrtbl+8*32],	$B1
+	ldx	[$pwrtbl+1*32],	%o4
+	ldx	[$pwrtbl+9*32],	%o5
+	movvs	%icc,	%o4,	$B0
+	ldx	[$pwrtbl+2*32],	%o4
+	movvs	%icc,	%o5,	$B1
+	ldx	[$pwrtbl+10*32],%o5
+	move	%icc,	%o4,	$B0
+	ldx	[$pwrtbl+3*32],	%o4
+	move	%icc,	%o5,	$B1
+	ldx	[$pwrtbl+11*32],%o5
+	movneg	%icc,	%o4,	$B0
+	ldx	[$pwrtbl+4*32],	%o4
+	movneg	%icc,	%o5,	$B1
+	ldx	[$pwrtbl+12*32],%o5
+	movcs	%xcc,	%o4,	$B0
+	ldx	[$pwrtbl+5*32],%o4
+	movcs	%xcc,	%o5,	$B1
+	ldx	[$pwrtbl+13*32],%o5
+	movvs	%xcc,	%o4,	$B0
+	ldx	[$pwrtbl+6*32],	%o4
+	movvs	%xcc,	%o5,	$B1
+	ldx	[$pwrtbl+14*32],%o5
+	move	%xcc,	%o4,	$B0
+	ldx	[$pwrtbl+7*32],	%o4
+	move	%xcc,	%o5,	$B1
+	ldx	[$pwrtbl+15*32],%o5
+	movneg	%xcc,	%o4,	$B0
+	add	$pwrtbl,16*32,	$pwrtbl
+	movneg	%xcc,	%o5,	$B1
+___
+}
+sub load_b {
+my ($pwrtbl,$Bi)=@_;
+
+$code.=<<___;
+	ldx	[$pwrtbl+0*32],	$Bi
+	ldx	[$pwrtbl+1*32],	%o4
+	ldx	[$pwrtbl+2*32],	%o5
+	movvs	%icc,	%o4,	$Bi
+	ldx	[$pwrtbl+3*32],	%o4
+	move	%icc,	%o5,	$Bi
+	ldx	[$pwrtbl+4*32],	%o5
+	movneg	%icc,	%o4,	$Bi
+	ldx	[$pwrtbl+5*32],	%o4
+	movcs	%xcc,	%o5,	$Bi
+	ldx	[$pwrtbl+6*32],	%o5
+	movvs	%xcc,	%o4,	$Bi
+	ldx	[$pwrtbl+7*32],	%o4
+	move	%xcc,	%o5,	$Bi
+	add	$pwrtbl,8*32,	$pwrtbl
+	movneg	%xcc,	%o4,	$Bi
+___
+}
+
+########################################################################
+# int bn_pwr5_mont_t4_$NUM(u64 *tp,const u64 *np,const BN_ULONG *n0,
+#			   const u64 *pwrtbl,int pwr,int stride);
+#
+sub generate_bn_pwr5_mont_t4() {
+my $NUM=shift;
+my ($tp,$np,$pwrtbl,$pwr,$sentinel)=map("%g$_",(1..5));
+
+$code.=<<___;
+.globl	bn_pwr5_mont_t4_$NUM
+.align	32
+bn_pwr5_mont_t4_$NUM:
+#ifdef	__arch64__
+	mov	0,$sentinel
+	mov	-128,%g4
+#elif defined(SPARCV9_64BIT_STACK)
+	SPARC_LOAD_ADDRESS_LEAF(OPENSSL_sparcv9cap_P,%g1,%g5)
+	ld	[%g1+0],%g1	! OPENSSL_sparcv9_P[0]
+	mov	-2047,%g4
+	and	%g1,SPARCV9_64BIT_STACK,%g1
+	movrz	%g1,0,%g4
+	mov	-1,$sentinel
+	add	%g4,-128,%g4
+#else
+	mov	-1,$sentinel
+	mov	-128,%g4
+#endif
+	sllx	$sentinel,32,$sentinel
+	save	%sp,%g4,%sp
+#ifndef	__arch64__
+	save	%sp,-128,%sp	! warm it up
+	save	%sp,-128,%sp
+	save	%sp,-128,%sp
+	save	%sp,-128,%sp
+	save	%sp,-128,%sp
+	save	%sp,-128,%sp
+	restore
+	restore
+	restore
+	restore
+	restore
+	restore
+#endif
+	and	%sp,1,%g4
+	or	$sentinel,%fp,%fp
+	or	%g4,$sentinel,$sentinel
+
+	! copy arguments to global registers
+	mov	%i0,$tp
+	mov	%i1,$np
+	ld	[%i2+0],%f1	! load *n0
+	ld	[%i2+4],%f0
+	mov	%i3,$pwrtbl
+	srl	%i4,%g0,%i4	! pack last arguments
+	sllx	%i5,32,$pwr
+	or	%i4,$pwr,$pwr
+	fsrc2	%f0,%f60
+___
+
+# load tp[$NUM] ########################################################
+$code.=<<___;
+	save	%sp,-128,%sp;		or	$sentinel,%fp,%fp
+___
+for($i=0; $i<14 && $i<$NUM; $i++) {
+$code.=<<___;
+	ldx	[$tp+$i*8],@A[$i]
+___
+}
+for(; $i<$NUM; $i++) {
+$code.=<<___;
+	ldd	[$tp+$i*8],@A[$i]
+___
+}
+# load np[$NUM] ########################################################
+$code.=<<___;
+	save	%sp,-128,%sp;		or	$sentinel,%fp,%fp
+___
+for($i=0; $i<14 && $i<$NUM; $i++) {
+$code.=<<___;
+	ldx	[$np+$i*8],@N[$i]
+___
+}
+$code.=<<___;
+	save	%sp,-128,%sp;		or	$sentinel,%fp,%fp
+___
+for(; $i<28 && $i<$NUM; $i++) {
+$code.=<<___;
+	ldx	[$np+$i*8],@N[$i]
+___
+}
+$code.=<<___;
+	save	%sp,-128,%sp;		or	$sentinel,%fp,%fp
+___
+for(; $i<$NUM; $i++) {
+$code.=<<___;
+	ldx	[$np+$i*8],@N[$i]
+___
+}
+# load pwrtbl[pwr] ########################################################
+$code.=<<___;
+	save	%sp,-128,%sp;		or	$sentinel,%fp,%fp
+
+	srlx	$pwr,	32,	%o4		! unpack $pwr
+	srl	$pwr,	%g0,	%o5
+	sub	%o4,	5,	%o4
+	mov	$pwrtbl,	%o7
+	sllx	%o4,	32,	$pwr		! re-pack $pwr
+	or	%o5,	$pwr,	$pwr
+	srl	%o5,	%o4,	%o5
+___
+	&load_ccr("%o7","%o5","%o4");
+$code.=<<___;
+	b	.Lstride_$NUM
+	nop
+.align	16
+.Lstride_$NUM:
+___
+for($i=0; $i<14 && $i<$NUM; $i+=2) {
+	&load_b_pair("%o7",@B[$i],@B[$i+1]);
+}
+$code.=<<___;
+	save	%sp,-128,%sp;		or	$sentinel,%fp,%fp
+___
+for(; $i<$NUM; $i+=2) {
+	&load_b_pair("%i7",@B[$i],@B[$i+1]);
+}
+$code.=<<___;
+	srax	$pwr,	32,	%o4		! unpack $pwr
+	srl	$pwr,	%g0,	%o5
+	sub	%o4,	5,	%o4
+	mov	$pwrtbl,	%i7
+	sllx	%o4,	32,	$pwr		! re-pack $pwr
+	or	%o5,	$pwr,	$pwr
+	srl	%o5,	%o4,	%o5
+___
+	&load_ccr("%i7","%o5","%o4",1);
+
+# magic ################################################################
+for($i=0; $i<5; $i++) {
+$code.=<<___;
+	.word	0x81b02940+$NUM-1	! montsqr	$NUM-1
+	fbu,pn	%fcc3,.Labort_$NUM
+#ifndef	__arch64__
+	and	%fp,$sentinel,$sentinel
+	brz,pn	$sentinel,.Labort_$NUM
+#endif
+	nop
+___
+}
+$code.=<<___;
+	wr	%o4,	%g0,	%ccr
+	.word	0x81b02920+$NUM-1	! montmul	$NUM-1
+	fbu,pn	%fcc3,.Labort_$NUM
+#ifndef	__arch64__
+	and	%fp,$sentinel,$sentinel
+	brz,pn	$sentinel,.Labort_$NUM
+#endif
+
+	srax	$pwr,	32,	%o4
+#ifdef	__arch64__
+	brgez	%o4,.Lstride_$NUM
+	restore
+	restore
+	restore
+	restore
+	restore
+#else
+	brgez	%o4,.Lstride_$NUM
+	restore;		and	%fp,$sentinel,$sentinel
+	restore;		and	%fp,$sentinel,$sentinel
+	restore;		and	%fp,$sentinel,$sentinel
+	restore;		and	%fp,$sentinel,$sentinel
+	 brz,pn	$sentinel,.Labort1_$NUM
+	restore
+#endif
+___
+
+# save tp[$NUM] ########################################################
+for($i=0; $i<14 && $i<$NUM; $i++) {
+$code.=<<___;
+	movxtod	@A[$i],@R[$i]
+___
+}
+$code.=<<___;
+#ifdef	__arch64__
+	restore
+#else
+	 and	%fp,$sentinel,$sentinel
+	restore
+	 and	$sentinel,1,%o7
+	 and	%fp,$sentinel,$sentinel
+	 srl	%fp,0,%fp		! just in case?
+	 or	%o7,$sentinel,$sentinel
+	brz,a,pn $sentinel,.Ldone_$NUM
+	mov	0,%i0		! return failure
+#endif
+___
+for($i=0; $i<$NUM; $i++) {
+$code.=<<___;
+	std	@R[$i],[$tp+$i*8]
+___
+}
+$code.=<<___;
+	mov	1,%i0		! return success
+.Ldone_$NUM:
+	ret
+	restore
+
+.Labort_$NUM:
+	restore
+	restore
+	restore
+	restore
+	restore
+.Labort1_$NUM:
+	restore
+
+	mov	0,%i0		! return failure
+	ret
+	restore
+.type	bn_pwr5_mont_t4_$NUM, #function
+.size	bn_pwr5_mont_t4_$NUM, .-bn_pwr5_mont_t4_$NUM
+___
+}
+
+for ($i=8;$i<=32;$i+=8) {
+	&generate_bn_pwr5_mont_t4($i);
+}
+
+{
+########################################################################
+# Fall-back subroutines
+#
+# copy of bn_mul_mont_vis3 adjusted for vectors of 64-bit values
+#
+($n0,$m0,$m1,$lo0,$hi0, $lo1,$hi1,$aj,$alo,$nj,$nlo,$tj)=
+	(map("%g$_",(1..5)),map("%o$_",(0..5,7)));
+
+# int bn_mul_mont(
+$rp="%o0";	# u64 *rp,
+$ap="%o1";	# const u64 *ap,
+$bp="%o2";	# const u64 *bp,
+$np="%o3";	# const u64 *np,
+$n0p="%o4";	# const BN_ULONG *n0,
+$num="%o5";	# int num);	# caller ensures that num is >=3
+$code.=<<___;
+.globl	bn_mul_mont_t4
+.align	32
+bn_mul_mont_t4:
+	add	%sp,	STACK_BIAS,	%g4	! real top of stack
+	sll	$num,	3,	$num		! size in bytes
+	add	$num,	63,	%g1
+	andn	%g1,	63,	%g1		! buffer size rounded up to 64 bytes
+	sub	%g4,	%g1,	%g1
+	andn	%g1,	63,	%g1		! align at 64 byte
+	sub	%g1,	STACK_FRAME,	%g1	! new top of stack
+	sub	%g1,	%g4,	%g1
+
+	save	%sp,	%g1,	%sp
+___
+#	+-------------------------------+<-----	%sp
+#	.				.
+#	+-------------------------------+<-----	aligned at 64 bytes
+#	| __int64 tmp[0]		|
+#	+-------------------------------+
+#	.				.
+#	.				.
+#	+-------------------------------+<-----	aligned at 64 bytes
+#	.				.
+($rp,$ap,$bp,$np,$n0p,$num)=map("%i$_",(0..5));
+($t0,$t1,$t2,$t3,$cnt,$tp,$bufsz)=map("%l$_",(0..7));
+($ovf,$i)=($t0,$t1);
+$code.=<<___;
+	ld	[$n0p+0],	$t0	! pull n0[0..1] value
+	ld	[$n0p+4],	$t1
+	add	%sp, STACK_BIAS+STACK_FRAME, $tp
+	ldx	[$bp+0],	$m0	! m0=bp[0]
+	sllx	$t1,	32,	$n0
+	add	$bp,	8,	$bp
+	or	$t0,	$n0,	$n0
+
+	ldx	[$ap+0],	$aj	! ap[0]
+
+	mulx	$aj,	$m0,	$lo0	! ap[0]*bp[0]
+	umulxhi	$aj,	$m0,	$hi0
+
+	ldx	[$ap+8],	$aj	! ap[1]
+	add	$ap,	16,	$ap
+	ldx	[$np+0],	$nj	! np[0]
+
+	mulx	$lo0,	$n0,	$m1	! "tp[0]"*n0
+
+	mulx	$aj,	$m0,	$alo	! ap[1]*bp[0]
+	umulxhi	$aj,	$m0,	$aj	! ahi=aj
+
+	mulx	$nj,	$m1,	$lo1	! np[0]*m1
+	umulxhi	$nj,	$m1,	$hi1
+
+	ldx	[$np+8],	$nj	! np[1]
+
+	addcc	$lo0,	$lo1,	$lo1
+	add	$np,	16,	$np
+	addxc	%g0,	$hi1,	$hi1
+
+	mulx	$nj,	$m1,	$nlo	! np[1]*m1
+	umulxhi	$nj,	$m1,	$nj	! nhi=nj
+
+	ba	.L1st
+	sub	$num,	24,	$cnt	! cnt=num-3
+
+.align	16
+.L1st:
+	addcc	$alo,	$hi0,	$lo0
+	addxc	$aj,	%g0,	$hi0
+
+	ldx	[$ap+0],	$aj	! ap[j]
+	addcc	$nlo,	$hi1,	$lo1
+	add	$ap,	8,	$ap
+	addxc	$nj,	%g0,	$hi1	! nhi=nj
+
+	ldx	[$np+0],	$nj	! np[j]
+	mulx	$aj,	$m0,	$alo	! ap[j]*bp[0]
+	add	$np,	8,	$np
+	umulxhi	$aj,	$m0,	$aj	! ahi=aj
+
+	mulx	$nj,	$m1,	$nlo	! np[j]*m1
+	addcc	$lo0,	$lo1,	$lo1	! np[j]*m1+ap[j]*bp[0]
+	umulxhi	$nj,	$m1,	$nj	! nhi=nj
+	addxc	%g0,	$hi1,	$hi1
+	stxa	$lo1,	[$tp]0xe2	! tp[j-1]
+	add	$tp,	8,	$tp	! tp++
+
+	brnz,pt	$cnt,	.L1st
+	sub	$cnt,	8,	$cnt	! j--
+!.L1st
+	addcc	$alo,	$hi0,	$lo0
+	addxc	$aj,	%g0,	$hi0	! ahi=aj
+
+	addcc	$nlo,	$hi1,	$lo1
+	addxc	$nj,	%g0,	$hi1
+	addcc	$lo0,	$lo1,	$lo1	! np[j]*m1+ap[j]*bp[0]
+	addxc	%g0,	$hi1,	$hi1
+	stxa	$lo1,	[$tp]0xe2	! tp[j-1]
+	add	$tp,	8,	$tp
+
+	addcc	$hi0,	$hi1,	$hi1
+	addxc	%g0,	%g0,	$ovf	! upmost overflow bit
+	stxa	$hi1,	[$tp]0xe2
+	add	$tp,	8,	$tp
+
+	ba	.Louter
+	sub	$num,	16,	$i	! i=num-2
+
+.align	16
+.Louter:
+	ldx	[$bp+0],	$m0	! m0=bp[i]
+	add	$bp,	8,	$bp
+
+	sub	$ap,	$num,	$ap	! rewind
+	sub	$np,	$num,	$np
+	sub	$tp,	$num,	$tp
+
+	ldx	[$ap+0],	$aj	! ap[0]
+	ldx	[$np+0],	$nj	! np[0]
+
+	mulx	$aj,	$m0,	$lo0	! ap[0]*bp[i]
+	ldx	[$tp],		$tj	! tp[0]
+	umulxhi	$aj,	$m0,	$hi0
+	ldx	[$ap+8],	$aj	! ap[1]
+	addcc	$lo0,	$tj,	$lo0	! ap[0]*bp[i]+tp[0]
+	mulx	$aj,	$m0,	$alo	! ap[1]*bp[i]
+	addxc	%g0,	$hi0,	$hi0
+	mulx	$lo0,	$n0,	$m1	! tp[0]*n0
+	umulxhi	$aj,	$m0,	$aj	! ahi=aj
+	mulx	$nj,	$m1,	$lo1	! np[0]*m1
+	add	$ap,	16,	$ap
+	umulxhi	$nj,	$m1,	$hi1
+	ldx	[$np+8],	$nj	! np[1]
+	add	$np,	16,	$np
+	addcc	$lo1,	$lo0,	$lo1
+	mulx	$nj,	$m1,	$nlo	! np[1]*m1
+	addxc	%g0,	$hi1,	$hi1
+	umulxhi	$nj,	$m1,	$nj	! nhi=nj
+
+	ba	.Linner
+	sub	$num,	24,	$cnt	! cnt=num-3
+.align	16
+.Linner:
+	addcc	$alo,	$hi0,	$lo0
+	ldx	[$tp+8],	$tj	! tp[j]
+	addxc	$aj,	%g0,	$hi0	! ahi=aj
+	ldx	[$ap+0],	$aj	! ap[j]
+	add	$ap,	8,	$ap
+	addcc	$nlo,	$hi1,	$lo1
+	mulx	$aj,	$m0,	$alo	! ap[j]*bp[i]
+	addxc	$nj,	%g0,	$hi1	! nhi=nj
+	ldx	[$np+0],	$nj	! np[j]
+	add	$np,	8,	$np
+	umulxhi	$aj,	$m0,	$aj	! ahi=aj
+	addcc	$lo0,	$tj,	$lo0	! ap[j]*bp[i]+tp[j]
+	mulx	$nj,	$m1,	$nlo	! np[j]*m1
+	addxc	%g0,	$hi0,	$hi0
+	umulxhi	$nj,	$m1,	$nj	! nhi=nj
+	addcc	$lo1,	$lo0,	$lo1	! np[j]*m1+ap[j]*bp[i]+tp[j]
+	addxc	%g0,	$hi1,	$hi1
+	stx	$lo1,	[$tp]		! tp[j-1]
+	add	$tp,	8,	$tp
+	brnz,pt	$cnt,	.Linner
+	sub	$cnt,	8,	$cnt
+!.Linner
+	ldx	[$tp+8],	$tj	! tp[j]
+	addcc	$alo,	$hi0,	$lo0
+	addxc	$aj,	%g0,	$hi0	! ahi=aj
+	addcc	$lo0,	$tj,	$lo0	! ap[j]*bp[i]+tp[j]
+	addxc	%g0,	$hi0,	$hi0
+
+	addcc	$nlo,	$hi1,	$lo1
+	addxc	$nj,	%g0,	$hi1	! nhi=nj
+	addcc	$lo1,	$lo0,	$lo1	! np[j]*m1+ap[j]*bp[i]+tp[j]
+	addxc	%g0,	$hi1,	$hi1
+	stx	$lo1,	[$tp]		! tp[j-1]
+
+	subcc	%g0,	$ovf,	%g0	! move upmost overflow to CCR.xcc
+	addxccc	$hi1,	$hi0,	$hi1
+	addxc	%g0,	%g0,	$ovf
+	stx	$hi1,	[$tp+8]
+	add	$tp,	16,	$tp
+
+	brnz,pt	$i,	.Louter
+	sub	$i,	8,	$i
+
+	sub	$ap,	$num,	$ap	! rewind
+	sub	$np,	$num,	$np
+	sub	$tp,	$num,	$tp
+	ba	.Lsub
+	subcc	$num,	8,	$cnt	! cnt=num-1 and clear CCR.xcc
+
+.align	16
+.Lsub:
+	ldx	[$tp],		$tj
+	add	$tp,	8,	$tp
+	ldx	[$np+0],	$nj
+	add	$np,	8,	$np
+	subccc	$tj,	$nj,	$t2	! tp[j]-np[j]
+	srlx	$tj,	32,	$tj
+	srlx	$nj,	32,	$nj
+	subccc	$tj,	$nj,	$t3
+	add	$rp,	8,	$rp
+	st	$t2,	[$rp-4]		! reverse order
+	st	$t3,	[$rp-8]
+	brnz,pt	$cnt,	.Lsub
+	sub	$cnt,	8,	$cnt
+
+	sub	$np,	$num,	$np	! rewind
+	sub	$tp,	$num,	$tp
+	sub	$rp,	$num,	$rp
+
+	subccc	$ovf,	%g0,	$ovf	! handle upmost overflow bit
+	ba	.Lcopy
+	sub	$num,	8,	$cnt
+
+.align	16
+.Lcopy:					! conditional copy
+	ldx	[$tp],		$tj
+	ldx	[$rp+0],	$t2
+	stx	%g0,	[$tp]		! zap
+	add	$tp,	8,	$tp
+	movcs	%icc,	$tj,	$t2
+	stx	$t2,	[$rp+0]
+	add	$rp,	8,	$rp
+	brnz	$cnt,	.Lcopy
+	sub	$cnt,	8,	$cnt
+
+	mov	1,	%o0
+	ret
+	restore
+.type	bn_mul_mont_t4, #function
+.size	bn_mul_mont_t4, .-bn_mul_mont_t4
+___
+
+# int bn_mul_mont_gather5(
+$rp="%o0";	# u64 *rp,
+$ap="%o1";	# const u64 *ap,
+$bp="%o2";	# const u64 *pwrtbl,
+$np="%o3";	# const u64 *np,
+$n0p="%o4";	# const BN_ULONG *n0,
+$num="%o5";	# int num,	# caller ensures that num is >=3
+		# int power);
+$code.=<<___;
+.globl	bn_mul_mont_gather5_t4
+.align	32
+bn_mul_mont_gather5_t4:
+	add	%sp,	STACK_BIAS,	%g4	! real top of stack
+	sll	$num,	3,	$num		! size in bytes
+	add	$num,	63,	%g1
+	andn	%g1,	63,	%g1		! buffer size rounded up to 64 bytes
+	sub	%g4,	%g1,	%g1
+	andn	%g1,	63,	%g1		! align at 64 byte
+	sub	%g1,	STACK_FRAME,	%g1	! new top of stack
+	sub	%g1,	%g4,	%g1
+	LDPTR	[%sp+STACK_7thARG],	%g4	! load power, 7th argument
+
+	save	%sp,	%g1,	%sp
+___
+#	+-------------------------------+<-----	%sp
+#	.				.
+#	+-------------------------------+<-----	aligned at 64 bytes
+#	| __int64 tmp[0]		|
+#	+-------------------------------+
+#	.				.
+#	.				.
+#	+-------------------------------+<-----	aligned at 64 bytes
+#	.				.
+($rp,$ap,$bp,$np,$n0p,$num)=map("%i$_",(0..5));
+($t0,$t1,$t2,$t3,$cnt,$tp,$bufsz,$ccr)=map("%l$_",(0..7));
+($ovf,$i)=($t0,$t1);
+	&load_ccr($bp,"%g4",$ccr);
+	&load_b($bp,$m0,"%o7");		# m0=bp[0]
+
+$code.=<<___;
+	ld	[$n0p+0],	$t0	! pull n0[0..1] value
+	ld	[$n0p+4],	$t1
+	add	%sp, STACK_BIAS+STACK_FRAME, $tp
+	sllx	$t1,	32,	$n0
+	or	$t0,	$n0,	$n0
+
+	ldx	[$ap+0],	$aj	! ap[0]
+
+	mulx	$aj,	$m0,	$lo0	! ap[0]*bp[0]
+	umulxhi	$aj,	$m0,	$hi0
+
+	ldx	[$ap+8],	$aj	! ap[1]
+	add	$ap,	16,	$ap
+	ldx	[$np+0],	$nj	! np[0]
+
+	mulx	$lo0,	$n0,	$m1	! "tp[0]"*n0
+
+	mulx	$aj,	$m0,	$alo	! ap[1]*bp[0]
+	umulxhi	$aj,	$m0,	$aj	! ahi=aj
+
+	mulx	$nj,	$m1,	$lo1	! np[0]*m1
+	umulxhi	$nj,	$m1,	$hi1
+
+	ldx	[$np+8],	$nj	! np[1]
+
+	addcc	$lo0,	$lo1,	$lo1
+	add	$np,	16,	$np
+	addxc	%g0,	$hi1,	$hi1
+
+	mulx	$nj,	$m1,	$nlo	! np[1]*m1
+	umulxhi	$nj,	$m1,	$nj	! nhi=nj
+
+	ba	.L1st_g5
+	sub	$num,	24,	$cnt	! cnt=num-3
+
+.align	16
+.L1st_g5:
+	addcc	$alo,	$hi0,	$lo0
+	addxc	$aj,	%g0,	$hi0
+
+	ldx	[$ap+0],	$aj	! ap[j]
+	addcc	$nlo,	$hi1,	$lo1
+	add	$ap,	8,	$ap
+	addxc	$nj,	%g0,	$hi1	! nhi=nj
+
+	ldx	[$np+0],	$nj	! np[j]
+	mulx	$aj,	$m0,	$alo	! ap[j]*bp[0]
+	add	$np,	8,	$np
+	umulxhi	$aj,	$m0,	$aj	! ahi=aj
+
+	mulx	$nj,	$m1,	$nlo	! np[j]*m1
+	addcc	$lo0,	$lo1,	$lo1	! np[j]*m1+ap[j]*bp[0]
+	umulxhi	$nj,	$m1,	$nj	! nhi=nj
+	addxc	%g0,	$hi1,	$hi1
+	stxa	$lo1,	[$tp]0xe2	! tp[j-1]
+	add	$tp,	8,	$tp	! tp++
+
+	brnz,pt	$cnt,	.L1st_g5
+	sub	$cnt,	8,	$cnt	! j--
+!.L1st_g5
+	addcc	$alo,	$hi0,	$lo0
+	addxc	$aj,	%g0,	$hi0	! ahi=aj
+
+	addcc	$nlo,	$hi1,	$lo1
+	addxc	$nj,	%g0,	$hi1
+	addcc	$lo0,	$lo1,	$lo1	! np[j]*m1+ap[j]*bp[0]
+	addxc	%g0,	$hi1,	$hi1
+	stxa	$lo1,	[$tp]0xe2	! tp[j-1]
+	add	$tp,	8,	$tp
+
+	addcc	$hi0,	$hi1,	$hi1
+	addxc	%g0,	%g0,	$ovf	! upmost overflow bit
+	stxa	$hi1,	[$tp]0xe2
+	add	$tp,	8,	$tp
+
+	ba	.Louter_g5
+	sub	$num,	16,	$i	! i=num-2
+
+.align	16
+.Louter_g5:
+	wr	$ccr,	%g0,	%ccr
+___
+	&load_b($bp,$m0);		# m0=bp[i]
+$code.=<<___;
+	sub	$ap,	$num,	$ap	! rewind
+	sub	$np,	$num,	$np
+	sub	$tp,	$num,	$tp
+
+	ldx	[$ap+0],	$aj	! ap[0]
+	ldx	[$np+0],	$nj	! np[0]
+
+	mulx	$aj,	$m0,	$lo0	! ap[0]*bp[i]
+	ldx	[$tp],		$tj	! tp[0]
+	umulxhi	$aj,	$m0,	$hi0
+	ldx	[$ap+8],	$aj	! ap[1]
+	addcc	$lo0,	$tj,	$lo0	! ap[0]*bp[i]+tp[0]
+	mulx	$aj,	$m0,	$alo	! ap[1]*bp[i]
+	addxc	%g0,	$hi0,	$hi0
+	mulx	$lo0,	$n0,	$m1	! tp[0]*n0
+	umulxhi	$aj,	$m0,	$aj	! ahi=aj
+	mulx	$nj,	$m1,	$lo1	! np[0]*m1
+	add	$ap,	16,	$ap
+	umulxhi	$nj,	$m1,	$hi1
+	ldx	[$np+8],	$nj	! np[1]
+	add	$np,	16,	$np
+	addcc	$lo1,	$lo0,	$lo1
+	mulx	$nj,	$m1,	$nlo	! np[1]*m1
+	addxc	%g0,	$hi1,	$hi1
+	umulxhi	$nj,	$m1,	$nj	! nhi=nj
+
+	ba	.Linner_g5
+	sub	$num,	24,	$cnt	! cnt=num-3
+.align	16
+.Linner_g5:
+	addcc	$alo,	$hi0,	$lo0
+	ldx	[$tp+8],	$tj	! tp[j]
+	addxc	$aj,	%g0,	$hi0	! ahi=aj
+	ldx	[$ap+0],	$aj	! ap[j]
+	add	$ap,	8,	$ap
+	addcc	$nlo,	$hi1,	$lo1
+	mulx	$aj,	$m0,	$alo	! ap[j]*bp[i]
+	addxc	$nj,	%g0,	$hi1	! nhi=nj
+	ldx	[$np+0],	$nj	! np[j]
+	add	$np,	8,	$np
+	umulxhi	$aj,	$m0,	$aj	! ahi=aj
+	addcc	$lo0,	$tj,	$lo0	! ap[j]*bp[i]+tp[j]
+	mulx	$nj,	$m1,	$nlo	! np[j]*m1
+	addxc	%g0,	$hi0,	$hi0
+	umulxhi	$nj,	$m1,	$nj	! nhi=nj
+	addcc	$lo1,	$lo0,	$lo1	! np[j]*m1+ap[j]*bp[i]+tp[j]
+	addxc	%g0,	$hi1,	$hi1
+	stx	$lo1,	[$tp]		! tp[j-1]
+	add	$tp,	8,	$tp
+	brnz,pt	$cnt,	.Linner_g5
+	sub	$cnt,	8,	$cnt
+!.Linner_g5
+	ldx	[$tp+8],	$tj	! tp[j]
+	addcc	$alo,	$hi0,	$lo0
+	addxc	$aj,	%g0,	$hi0	! ahi=aj
+	addcc	$lo0,	$tj,	$lo0	! ap[j]*bp[i]+tp[j]
+	addxc	%g0,	$hi0,	$hi0
+
+	addcc	$nlo,	$hi1,	$lo1
+	addxc	$nj,	%g0,	$hi1	! nhi=nj
+	addcc	$lo1,	$lo0,	$lo1	! np[j]*m1+ap[j]*bp[i]+tp[j]
+	addxc	%g0,	$hi1,	$hi1
+	stx	$lo1,	[$tp]		! tp[j-1]
+
+	subcc	%g0,	$ovf,	%g0	! move upmost overflow to CCR.xcc
+	addxccc	$hi1,	$hi0,	$hi1
+	addxc	%g0,	%g0,	$ovf
+	stx	$hi1,	[$tp+8]
+	add	$tp,	16,	$tp
+
+	brnz,pt	$i,	.Louter_g5
+	sub	$i,	8,	$i
+
+	sub	$ap,	$num,	$ap	! rewind
+	sub	$np,	$num,	$np
+	sub	$tp,	$num,	$tp
+	ba	.Lsub_g5
+	subcc	$num,	8,	$cnt	! cnt=num-1 and clear CCR.xcc
+
+.align	16
+.Lsub_g5:
+	ldx	[$tp],		$tj
+	add	$tp,	8,	$tp
+	ldx	[$np+0],	$nj
+	add	$np,	8,	$np
+	subccc	$tj,	$nj,	$t2	! tp[j]-np[j]
+	srlx	$tj,	32,	$tj
+	srlx	$nj,	32,	$nj
+	subccc	$tj,	$nj,	$t3
+	add	$rp,	8,	$rp
+	st	$t2,	[$rp-4]		! reverse order
+	st	$t3,	[$rp-8]
+	brnz,pt	$cnt,	.Lsub_g5
+	sub	$cnt,	8,	$cnt
+
+	sub	$np,	$num,	$np	! rewind
+	sub	$tp,	$num,	$tp
+	sub	$rp,	$num,	$rp
+
+	subccc	$ovf,	%g0,	$ovf	! handle upmost overflow bit
+	ba	.Lcopy_g5
+	sub	$num,	8,	$cnt
+
+.align	16
+.Lcopy_g5:				! conditional copy
+	ldx	[$tp],		$tj
+	ldx	[$rp+0],	$t2
+	stx	%g0,	[$tp]		! zap
+	add	$tp,	8,	$tp
+	movcs	%icc,	$tj,	$t2
+	stx	$t2,	[$rp+0]
+	add	$rp,	8,	$rp
+	brnz	$cnt,	.Lcopy_g5
+	sub	$cnt,	8,	$cnt
+
+	mov	1,	%o0
+	ret
+	restore
+.type	bn_mul_mont_gather5_t4, #function
+.size	bn_mul_mont_gather5_t4, .-bn_mul_mont_gather5_t4
+___
+}
+
+$code.=<<___;
+.globl	bn_flip_t4
+.align	32
+bn_flip_t4:
+.Loop_flip:
+	ld	[%o1+0],	%o4
+	sub	%o2,	1,	%o2
+	ld	[%o1+4],	%o5
+	add	%o1,	8,	%o1
+	st	%o5,	[%o0+0]
+	st	%o4,	[%o0+4]
+	brnz	%o2,	.Loop_flip
+	add	%o0,	8,	%o0
+	retl
+	nop
+.type	bn_flip_t4, #function
+.size	bn_flip_t4, .-bn_flip_t4
+
+.globl	bn_flip_n_scatter5_t4
+.align	32
+bn_flip_n_scatter5_t4:
+	sll	%o3,	3,	%o3
+	srl	%o1,	1,	%o1
+	add	%o3,	%o2,	%o2	! &pwrtbl[pwr]
+	sub	%o1,	1,	%o1
+.Loop_flip_n_scatter5:
+	ld	[%o0+0],	%o4	! inp[i]
+	ld	[%o0+4],	%o5
+	add	%o0,	8,	%o0
+	sllx	%o5,	32,	%o5
+	or	%o4,	%o5,	%o5
+	stx	%o5,	[%o2]
+	add	%o2,	32*8,	%o2
+	brnz	%o1,	.Loop_flip_n_scatter5
+	sub	%o1,	1,	%o1
+	retl
+	nop
+.type	bn_flip_n_scatter5_t4, #function
+.size	bn_flip_n_scatter5_t4, .-bn_flip_n_scatter5_t4
+
+.globl	bn_gather5_t4
+.align	32
+bn_gather5_t4:
+___
+	&load_ccr("%o2","%o3","%g1");
+$code.=<<___;
+	sub	%o1,	1,	%o1
+.Loop_gather5:
+___
+	&load_b("%o2","%g1");
+$code.=<<___;
+	stx	%g1,	[%o0]
+	add	%o0,	8,	%o0
+	brnz	%o1,	.Loop_gather5
+	sub	%o1,	1,	%o1
+
+	retl
+	nop
+.type	bn_gather5_t4, #function
+.size	bn_gather5_t4, .-bn_gather5_t4
+
+.asciz	"Montgomery Multiplication for SPARC T4, David S. Miller, Andy Polyakov"
+.align	4
+___
+
+&emit_assembler();
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/sparcv8.S b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/sparcv8.S
new file mode 100644
index 000000000..75d72eb92
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/sparcv8.S
@@ -0,0 +1,1458 @@
+.ident	"sparcv8.s, Version 1.4"
+.ident	"SPARC v8 ISA artwork by Andy Polyakov <appro@openssl.org>"
+
+/*
+ * ====================================================================
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ * ====================================================================
+ */
+
+/*
+ * This is my modest contribution to OpenSSL project (see
+ * http://www.openssl.org/ for more information about it) and is
+ * a drop-in SuperSPARC ISA replacement for crypto/bn/bn_asm.c
+ * module. For updates see http://fy.chalmers.se/~appro/hpe/.
+ *
+ * See bn_asm.sparc.v8plus.S for more details.
+ */
+
+/*
+ * Revision history.
+ *
+ * 1.1	- new loop unrolling model(*);
+ * 1.2	- made gas friendly;
+ * 1.3	- fixed problem with /usr/ccs/lib/cpp;
+ * 1.4	- some retunes;
+ *
+ * (*)	see bn_asm.sparc.v8plus.S for details
+ */
+
+.section	".text",#alloc,#execinstr
+.file		"bn_asm.sparc.v8.S"
+
+.align	32
+
+.global bn_mul_add_words
+/*
+ * BN_ULONG bn_mul_add_words(rp,ap,num,w)
+ * BN_ULONG *rp,*ap;
+ * int num;
+ * BN_ULONG w;
+ */
+bn_mul_add_words:
+	cmp	%o2,0
+	bg,a	.L_bn_mul_add_words_proceed
+	ld	[%o1],%g2
+	retl
+	clr	%o0
+
+.L_bn_mul_add_words_proceed:
+	andcc	%o2,-4,%g0
+	bz	.L_bn_mul_add_words_tail
+	clr	%o5
+
+.L_bn_mul_add_words_loop:
+	ld	[%o0],%o4
+	ld	[%o1+4],%g3
+	umul	%o3,%g2,%g2
+	rd	%y,%g1
+	addcc	%o4,%o5,%o4
+	addx	%g1,0,%g1
+	addcc	%o4,%g2,%o4
+	st	%o4,[%o0]
+	addx	%g1,0,%o5
+
+	ld	[%o0+4],%o4
+	ld	[%o1+8],%g2
+	umul	%o3,%g3,%g3
+	dec	4,%o2
+	rd	%y,%g1
+	addcc	%o4,%o5,%o4
+	addx	%g1,0,%g1
+	addcc	%o4,%g3,%o4
+	st	%o4,[%o0+4]
+	addx	%g1,0,%o5
+
+	ld	[%o0+8],%o4
+	ld	[%o1+12],%g3
+	umul	%o3,%g2,%g2
+	inc	16,%o1
+	rd	%y,%g1
+	addcc	%o4,%o5,%o4
+	addx	%g1,0,%g1
+	addcc	%o4,%g2,%o4
+	st	%o4,[%o0+8]
+	addx	%g1,0,%o5
+
+	ld	[%o0+12],%o4
+	umul	%o3,%g3,%g3
+	inc	16,%o0
+	rd	%y,%g1
+	addcc	%o4,%o5,%o4
+	addx	%g1,0,%g1
+	addcc	%o4,%g3,%o4
+	st	%o4,[%o0-4]
+	addx	%g1,0,%o5
+	andcc	%o2,-4,%g0
+	bnz,a	.L_bn_mul_add_words_loop
+	ld	[%o1],%g2
+
+	tst	%o2
+	bnz,a	.L_bn_mul_add_words_tail
+	ld	[%o1],%g2
+.L_bn_mul_add_words_return:
+	retl
+	mov	%o5,%o0
+	nop
+
+.L_bn_mul_add_words_tail:
+	ld	[%o0],%o4
+	umul	%o3,%g2,%g2
+	addcc	%o4,%o5,%o4
+	rd	%y,%g1
+	addx	%g1,0,%g1
+	addcc	%o4,%g2,%o4
+	addx	%g1,0,%o5
+	deccc	%o2
+	bz	.L_bn_mul_add_words_return
+	st	%o4,[%o0]
+
+	ld	[%o1+4],%g2
+	ld	[%o0+4],%o4
+	umul	%o3,%g2,%g2
+	rd	%y,%g1
+	addcc	%o4,%o5,%o4
+	addx	%g1,0,%g1
+	addcc	%o4,%g2,%o4
+	addx	%g1,0,%o5
+	deccc	%o2
+	bz	.L_bn_mul_add_words_return
+	st	%o4,[%o0+4]
+
+	ld	[%o1+8],%g2
+	ld	[%o0+8],%o4
+	umul	%o3,%g2,%g2
+	rd	%y,%g1
+	addcc	%o4,%o5,%o4
+	addx	%g1,0,%g1
+	addcc	%o4,%g2,%o4
+	st	%o4,[%o0+8]
+	retl
+	addx	%g1,0,%o0
+
+.type	bn_mul_add_words,#function
+.size	bn_mul_add_words,(.-bn_mul_add_words)
+
+.align	32
+
+.global bn_mul_words
+/*
+ * BN_ULONG bn_mul_words(rp,ap,num,w)
+ * BN_ULONG *rp,*ap;
+ * int num;
+ * BN_ULONG w;
+ */
+bn_mul_words:
+	cmp	%o2,0
+	bg,a	.L_bn_mul_words_proceed
+	ld	[%o1],%g2
+	retl
+	clr	%o0
+
+.L_bn_mul_words_proceed:
+	andcc	%o2,-4,%g0
+	bz	.L_bn_mul_words_tail
+	clr	%o5
+
+.L_bn_mul_words_loop:
+	ld	[%o1+4],%g3
+	umul	%o3,%g2,%g2
+	addcc	%g2,%o5,%g2
+	rd	%y,%g1
+	addx	%g1,0,%o5
+	st	%g2,[%o0]
+
+	ld	[%o1+8],%g2
+	umul	%o3,%g3,%g3
+	addcc	%g3,%o5,%g3
+	rd	%y,%g1
+	dec	4,%o2
+	addx	%g1,0,%o5
+	st	%g3,[%o0+4]
+
+	ld	[%o1+12],%g3
+	umul	%o3,%g2,%g2
+	addcc	%g2,%o5,%g2
+	rd	%y,%g1
+	inc	16,%o1
+	st	%g2,[%o0+8]
+	addx	%g1,0,%o5
+
+	umul	%o3,%g3,%g3
+	addcc	%g3,%o5,%g3
+	rd	%y,%g1
+	inc	16,%o0
+	addx	%g1,0,%o5
+	st	%g3,[%o0-4]
+	andcc	%o2,-4,%g0
+	nop
+	bnz,a	.L_bn_mul_words_loop
+	ld	[%o1],%g2
+
+	tst	%o2
+	bnz,a	.L_bn_mul_words_tail
+	ld	[%o1],%g2
+.L_bn_mul_words_return:
+	retl
+	mov	%o5,%o0
+	nop
+
+.L_bn_mul_words_tail:
+	umul	%o3,%g2,%g2
+	addcc	%g2,%o5,%g2
+	rd	%y,%g1
+	addx	%g1,0,%o5
+	deccc	%o2
+	bz	.L_bn_mul_words_return
+	st	%g2,[%o0]
+	nop
+
+	ld	[%o1+4],%g2
+	umul	%o3,%g2,%g2
+	addcc	%g2,%o5,%g2
+	rd	%y,%g1
+	addx	%g1,0,%o5
+	deccc	%o2
+	bz	.L_bn_mul_words_return
+	st	%g2,[%o0+4]
+
+	ld	[%o1+8],%g2
+	umul	%o3,%g2,%g2
+	addcc	%g2,%o5,%g2
+	rd	%y,%g1
+	st	%g2,[%o0+8]
+	retl
+	addx	%g1,0,%o0
+
+.type	bn_mul_words,#function
+.size	bn_mul_words,(.-bn_mul_words)
+
+.align  32
+.global	bn_sqr_words
+/*
+ * void bn_sqr_words(r,a,n)
+ * BN_ULONG *r,*a;
+ * int n;
+ */
+bn_sqr_words:
+	cmp	%o2,0
+	bg,a	.L_bn_sqr_words_proceed
+	ld	[%o1],%g2
+	retl
+	clr	%o0
+
+.L_bn_sqr_words_proceed:
+	andcc	%o2,-4,%g0
+	bz	.L_bn_sqr_words_tail
+	clr	%o5
+
+.L_bn_sqr_words_loop:
+	ld	[%o1+4],%g3
+	umul	%g2,%g2,%o4
+	st	%o4,[%o0]
+	rd	%y,%o5
+	st	%o5,[%o0+4]
+
+	ld	[%o1+8],%g2
+	umul	%g3,%g3,%o4
+	dec	4,%o2
+	st	%o4,[%o0+8]
+	rd	%y,%o5
+	st	%o5,[%o0+12]
+	nop
+
+	ld	[%o1+12],%g3
+	umul	%g2,%g2,%o4
+	st	%o4,[%o0+16]
+	rd	%y,%o5
+	inc	16,%o1
+	st	%o5,[%o0+20]
+
+	umul	%g3,%g3,%o4
+	inc	32,%o0
+	st	%o4,[%o0-8]
+	rd	%y,%o5
+	st	%o5,[%o0-4]
+	andcc	%o2,-4,%g2
+	bnz,a	.L_bn_sqr_words_loop
+	ld	[%o1],%g2
+
+	tst	%o2
+	nop
+	bnz,a	.L_bn_sqr_words_tail
+	ld	[%o1],%g2
+.L_bn_sqr_words_return:
+	retl
+	clr	%o0
+
+.L_bn_sqr_words_tail:
+	umul	%g2,%g2,%o4
+	st	%o4,[%o0]
+	deccc	%o2
+	rd	%y,%o5
+	bz	.L_bn_sqr_words_return
+	st	%o5,[%o0+4]
+
+	ld	[%o1+4],%g2
+	umul	%g2,%g2,%o4
+	st	%o4,[%o0+8]
+	deccc	%o2
+	rd	%y,%o5
+	nop
+	bz	.L_bn_sqr_words_return
+	st	%o5,[%o0+12]
+
+	ld	[%o1+8],%g2
+	umul	%g2,%g2,%o4
+	st	%o4,[%o0+16]
+	rd	%y,%o5
+	st	%o5,[%o0+20]
+	retl
+	clr	%o0
+
+.type	bn_sqr_words,#function
+.size	bn_sqr_words,(.-bn_sqr_words)
+
+.align	32
+
+.global bn_div_words
+/*
+ * BN_ULONG bn_div_words(h,l,d)
+ * BN_ULONG h,l,d;
+ */
+bn_div_words:
+	wr	%o0,%y
+	udiv	%o1,%o2,%o0
+	retl
+	nop
+
+.type	bn_div_words,#function
+.size	bn_div_words,(.-bn_div_words)
+
+.align	32
+
+.global bn_add_words
+/*
+ * BN_ULONG bn_add_words(rp,ap,bp,n)
+ * BN_ULONG *rp,*ap,*bp;
+ * int n;
+ */
+bn_add_words:
+	cmp	%o3,0
+	bg,a	.L_bn_add_words_proceed
+	ld	[%o1],%o4
+	retl
+	clr	%o0
+
+.L_bn_add_words_proceed:
+	andcc	%o3,-4,%g0
+	bz	.L_bn_add_words_tail
+	clr	%g1
+	ba	.L_bn_add_words_warn_loop
+	addcc	%g0,0,%g0	! clear carry flag
+
+.L_bn_add_words_loop:
+	ld	[%o1],%o4
+.L_bn_add_words_warn_loop:
+	ld	[%o2],%o5
+	ld	[%o1+4],%g3
+	ld	[%o2+4],%g4
+	dec	4,%o3
+	addxcc	%o5,%o4,%o5
+	st	%o5,[%o0]
+
+	ld	[%o1+8],%o4
+	ld	[%o2+8],%o5
+	inc	16,%o1
+	addxcc	%g3,%g4,%g3
+	st	%g3,[%o0+4]
+	
+	ld	[%o1-4],%g3
+	ld	[%o2+12],%g4
+	inc	16,%o2
+	addxcc	%o5,%o4,%o5
+	st	%o5,[%o0+8]
+
+	inc	16,%o0
+	addxcc	%g3,%g4,%g3
+	st	%g3,[%o0-4]
+	addx	%g0,0,%g1
+	andcc	%o3,-4,%g0
+	bnz,a	.L_bn_add_words_loop
+	addcc	%g1,-1,%g0
+
+	tst	%o3
+	bnz,a	.L_bn_add_words_tail
+	ld	[%o1],%o4
+.L_bn_add_words_return:
+	retl
+	mov	%g1,%o0
+
+.L_bn_add_words_tail:
+	addcc	%g1,-1,%g0
+	ld	[%o2],%o5
+	addxcc	%o5,%o4,%o5
+	addx	%g0,0,%g1
+	deccc	%o3
+	bz	.L_bn_add_words_return
+	st	%o5,[%o0]
+
+	ld	[%o1+4],%o4
+	addcc	%g1,-1,%g0
+	ld	[%o2+4],%o5
+	addxcc	%o5,%o4,%o5
+	addx	%g0,0,%g1
+	deccc	%o3
+	bz	.L_bn_add_words_return
+	st	%o5,[%o0+4]
+
+	ld	[%o1+8],%o4
+	addcc	%g1,-1,%g0
+	ld	[%o2+8],%o5
+	addxcc	%o5,%o4,%o5
+	st	%o5,[%o0+8]
+	retl
+	addx	%g0,0,%o0
+
+.type	bn_add_words,#function
+.size	bn_add_words,(.-bn_add_words)
+
+.align	32
+
+.global bn_sub_words
+/*
+ * BN_ULONG bn_sub_words(rp,ap,bp,n)
+ * BN_ULONG *rp,*ap,*bp;
+ * int n;
+ */
+bn_sub_words:
+	cmp	%o3,0
+	bg,a	.L_bn_sub_words_proceed
+	ld	[%o1],%o4
+	retl
+	clr	%o0
+
+.L_bn_sub_words_proceed:
+	andcc	%o3,-4,%g0
+	bz	.L_bn_sub_words_tail
+	clr	%g1
+	ba	.L_bn_sub_words_warm_loop
+	addcc	%g0,0,%g0	! clear carry flag
+
+.L_bn_sub_words_loop:
+	ld	[%o1],%o4
+.L_bn_sub_words_warm_loop:
+	ld	[%o2],%o5
+	ld	[%o1+4],%g3
+	ld	[%o2+4],%g4
+	dec	4,%o3
+	subxcc	%o4,%o5,%o5
+	st	%o5,[%o0]
+
+	ld	[%o1+8],%o4
+	ld	[%o2+8],%o5
+	inc	16,%o1
+	subxcc	%g3,%g4,%g4
+	st	%g4,[%o0+4]
+	
+	ld	[%o1-4],%g3
+	ld	[%o2+12],%g4
+	inc	16,%o2
+	subxcc	%o4,%o5,%o5
+	st	%o5,[%o0+8]
+
+	inc	16,%o0
+	subxcc	%g3,%g4,%g4
+	st	%g4,[%o0-4]
+	addx	%g0,0,%g1
+	andcc	%o3,-4,%g0
+	bnz,a	.L_bn_sub_words_loop
+	addcc	%g1,-1,%g0
+
+	tst	%o3
+	nop
+	bnz,a	.L_bn_sub_words_tail
+	ld	[%o1],%o4
+.L_bn_sub_words_return:
+	retl
+	mov	%g1,%o0
+
+.L_bn_sub_words_tail:
+	addcc	%g1,-1,%g0
+	ld	[%o2],%o5
+	subxcc	%o4,%o5,%o5
+	addx	%g0,0,%g1
+	deccc	%o3
+	bz	.L_bn_sub_words_return
+	st	%o5,[%o0]
+	nop
+
+	ld	[%o1+4],%o4
+	addcc	%g1,-1,%g0
+	ld	[%o2+4],%o5
+	subxcc	%o4,%o5,%o5
+	addx	%g0,0,%g1
+	deccc	%o3
+	bz	.L_bn_sub_words_return
+	st	%o5,[%o0+4]
+
+	ld	[%o1+8],%o4
+	addcc	%g1,-1,%g0
+	ld	[%o2+8],%o5
+	subxcc	%o4,%o5,%o5
+	st	%o5,[%o0+8]
+	retl
+	addx	%g0,0,%o0
+
+.type	bn_sub_words,#function
+.size	bn_sub_words,(.-bn_sub_words)
+
+#define FRAME_SIZE	-96
+
+/*
+ * Here is register usage map for *all* routines below.
+ */
+#define t_1	%o0
+#define	t_2	%o1
+#define c_1	%o2
+#define c_2	%o3
+#define c_3	%o4
+
+#define ap(I)	[%i1+4*I]
+#define bp(I)	[%i2+4*I]
+#define rp(I)	[%i0+4*I]
+
+#define	a_0	%l0
+#define	a_1	%l1
+#define	a_2	%l2
+#define	a_3	%l3
+#define	a_4	%l4
+#define	a_5	%l5
+#define	a_6	%l6
+#define	a_7	%l7
+
+#define	b_0	%i3
+#define	b_1	%i4
+#define	b_2	%i5
+#define	b_3	%o5
+#define	b_4	%g1
+#define	b_5	%g2
+#define	b_6	%g3
+#define	b_7	%g4
+
+.align	32
+.global bn_mul_comba8
+/*
+ * void bn_mul_comba8(r,a,b)
+ * BN_ULONG *r,*a,*b;
+ */
+bn_mul_comba8:
+	save	%sp,FRAME_SIZE,%sp
+	ld	ap(0),a_0
+	ld	bp(0),b_0
+	umul	a_0,b_0,c_1	!=!mul_add_c(a[0],b[0],c1,c2,c3);
+	ld	bp(1),b_1
+	rd	%y,c_2
+	st	c_1,rp(0)	!r[0]=c1;
+
+	umul	a_0,b_1,t_1	!=!mul_add_c(a[0],b[1],c2,c3,c1);
+	ld	ap(1),a_1
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	%g0,t_2,c_3	!=
+	addx	%g0,%g0,c_1
+	ld	ap(2),a_2
+	umul	a_1,b_0,t_1	!mul_add_c(a[1],b[0],c2,c3,c1);
+	addcc	c_2,t_1,c_2	!=
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	st	c_2,rp(1)	!r[1]=c2;
+	addx	c_1,%g0,c_1	!=
+
+	umul	a_2,b_0,t_1	!mul_add_c(a[2],b[0],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!=
+	addx	%g0,%g0,c_2
+	ld	bp(2),b_2
+	umul	a_1,b_1,t_1	!mul_add_c(a[1],b[1],c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	ld	bp(3),b_3
+	addx	c_2,%g0,c_2	!=
+	umul	a_0,b_2,t_1	!mul_add_c(a[0],b[2],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!=
+	addx	c_2,%g0,c_2
+	st	c_3,rp(2)	!r[2]=c3;
+
+	umul	a_0,b_3,t_1	!mul_add_c(a[0],b[3],c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	%g0,%g0,c_3
+	umul	a_1,b_2,t_1	!=!mul_add_c(a[1],b[2],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	ld	ap(3),a_3
+	umul	a_2,b_1,t_1	!mul_add_c(a[2],b[1],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2		!=
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	ld	ap(4),a_4
+	umul	a_3,b_0,t_1	!mul_add_c(a[3],b[0],c1,c2,c3);!=
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	st	c_1,rp(3)	!r[3]=c1;
+
+	umul	a_4,b_0,t_1	!mul_add_c(a[4],b[0],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	%g0,%g0,c_1
+	umul	a_3,b_1,t_1	!mul_add_c(a[3],b[1],c2,c3,c1);
+	addcc	c_2,t_1,c_2	!=
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	umul	a_2,b_2,t_1	!=!mul_add_c(a[2],b[2],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1	!=
+	ld	bp(4),b_4
+	umul	a_1,b_3,t_1	!mul_add_c(a[1],b[3],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	ld	bp(5),b_5
+	umul	a_0,b_4,t_1	!=!mul_add_c(a[0],b[4],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1	!=
+	st	c_2,rp(4)	!r[4]=c2;
+
+	umul	a_0,b_5,t_1	!mul_add_c(a[0],b[5],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2		!=
+	addxcc	c_1,t_2,c_1
+	addx	%g0,%g0,c_2
+	umul	a_1,b_4,t_1	!mul_add_c(a[1],b[4],c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	umul	a_2,b_3,t_1	!=!mul_add_c(a[2],b[3],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2	!=
+	umul	a_3,b_2,t_1	!mul_add_c(a[3],b[2],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!=
+	addx	c_2,%g0,c_2
+	ld	ap(5),a_5
+	umul	a_4,b_1,t_1	!mul_add_c(a[4],b[1],c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	ld	ap(6),a_6
+	addx	c_2,%g0,c_2	!=
+	umul	a_5,b_0,t_1	!mul_add_c(a[5],b[0],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!=
+	addx	c_2,%g0,c_2
+	st	c_3,rp(5)	!r[5]=c3;
+
+	umul	a_6,b_0,t_1	!mul_add_c(a[6],b[0],c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	%g0,%g0,c_3
+	umul	a_5,b_1,t_1	!=!mul_add_c(a[5],b[1],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	umul	a_4,b_2,t_1	!mul_add_c(a[4],b[2],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	c_3,%g0,c_3
+	umul	a_3,b_3,t_1	!mul_add_c(a[3],b[3],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2		!=
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	umul	a_2,b_4,t_1	!mul_add_c(a[2],b[4],c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	ld	bp(6),b_6
+	addx	c_3,%g0,c_3	!=
+	umul	a_1,b_5,t_1	!mul_add_c(a[1],b[5],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	c_3,%g0,c_3
+	ld	bp(7),b_7
+	umul	a_0,b_6,t_1	!mul_add_c(a[0],b[6],c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	st	c_1,rp(6)	!r[6]=c1;
+	addx	c_3,%g0,c_3	!=
+
+	umul	a_0,b_7,t_1	!mul_add_c(a[0],b[7],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	%g0,%g0,c_1
+	umul	a_1,b_6,t_1	!mul_add_c(a[1],b[6],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	umul	a_2,b_5,t_1	!mul_add_c(a[2],b[5],c2,c3,c1);
+	addcc	c_2,t_1,c_2	!=
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	umul	a_3,b_4,t_1	!=!mul_add_c(a[3],b[4],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1	!=
+	umul	a_4,b_3,t_1	!mul_add_c(a[4],b[3],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	umul	a_5,b_2,t_1	!mul_add_c(a[5],b[2],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	ld	ap(7),a_7
+	umul	a_6,b_1,t_1	!=!mul_add_c(a[6],b[1],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1	!=
+	umul	a_7,b_0,t_1	!mul_add_c(a[7],b[0],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	st	c_2,rp(7)	!r[7]=c2;
+
+	umul	a_7,b_1,t_1	!mul_add_c(a[7],b[1],c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	%g0,%g0,c_2
+	umul	a_6,b_2,t_1	!=!mul_add_c(a[6],b[2],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2	!=
+	umul	a_5,b_3,t_1	!mul_add_c(a[5],b[3],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!=
+	addx	c_2,%g0,c_2
+	umul	a_4,b_4,t_1	!mul_add_c(a[4],b[4],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2		!=
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	umul	a_3,b_5,t_1	!mul_add_c(a[3],b[5],c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	umul	a_2,b_6,t_1	!=!mul_add_c(a[2],b[6],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2	!=
+	umul	a_1,b_7,t_1	!mul_add_c(a[1],b[7],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!
+	addx	c_2,%g0,c_2
+	st	c_3,rp(8)	!r[8]=c3;
+
+	umul	a_2,b_7,t_1	!mul_add_c(a[2],b[7],c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	%g0,%g0,c_3
+	umul	a_3,b_6,t_1	!=!mul_add_c(a[3],b[6],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	umul	a_4,b_5,t_1	!mul_add_c(a[4],b[5],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	c_3,%g0,c_3
+	umul	a_5,b_4,t_1	!mul_add_c(a[5],b[4],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2		!=
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	umul	a_6,b_3,t_1	!mul_add_c(a[6],b[3],c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	umul	a_7,b_2,t_1	!=!mul_add_c(a[7],b[2],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	st	c_1,rp(9)	!r[9]=c1;
+
+	umul	a_7,b_3,t_1	!mul_add_c(a[7],b[3],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	%g0,%g0,c_1
+	umul	a_6,b_4,t_1	!mul_add_c(a[6],b[4],c2,c3,c1);
+	addcc	c_2,t_1,c_2	!=
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	umul	a_5,b_5,t_1	!=!mul_add_c(a[5],b[5],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1	!=
+	umul	a_4,b_6,t_1	!mul_add_c(a[4],b[6],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	umul	a_3,b_7,t_1	!mul_add_c(a[3],b[7],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	st	c_2,rp(10)	!r[10]=c2;
+
+	umul	a_4,b_7,t_1	!=!mul_add_c(a[4],b[7],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	%g0,%g0,c_2	!=
+	umul	a_5,b_6,t_1	!mul_add_c(a[5],b[6],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!=
+	addx	c_2,%g0,c_2
+	umul	a_6,b_5,t_1	!mul_add_c(a[6],b[5],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2		!=
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	umul	a_7,b_4,t_1	!mul_add_c(a[7],b[4],c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	st	c_3,rp(11)	!r[11]=c3;
+	addx	c_2,%g0,c_2	!=
+
+	umul	a_7,b_5,t_1	!mul_add_c(a[7],b[5],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	%g0,%g0,c_3
+	umul	a_6,b_6,t_1	!mul_add_c(a[6],b[6],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2		!=
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	umul	a_5,b_7,t_1	!mul_add_c(a[5],b[7],c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	st	c_1,rp(12)	!r[12]=c1;
+	addx	c_3,%g0,c_3	!=
+
+	umul	a_6,b_7,t_1	!mul_add_c(a[6],b[7],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	%g0,%g0,c_1
+	umul	a_7,b_6,t_1	!mul_add_c(a[7],b[6],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	st	c_2,rp(13)	!r[13]=c2;
+
+	umul	a_7,b_7,t_1	!=!mul_add_c(a[7],b[7],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	nop			!=
+	st	c_3,rp(14)	!r[14]=c3;
+	st	c_1,rp(15)	!r[15]=c1;
+
+	ret
+	restore	%g0,%g0,%o0
+
+.type	bn_mul_comba8,#function
+.size	bn_mul_comba8,(.-bn_mul_comba8)
+
+.align	32
+
+.global bn_mul_comba4
+/*
+ * void bn_mul_comba4(r,a,b)
+ * BN_ULONG *r,*a,*b;
+ */
+bn_mul_comba4:
+	save	%sp,FRAME_SIZE,%sp
+	ld	ap(0),a_0
+	ld	bp(0),b_0
+	umul	a_0,b_0,c_1	!=!mul_add_c(a[0],b[0],c1,c2,c3);
+	ld	bp(1),b_1
+	rd	%y,c_2
+	st	c_1,rp(0)	!r[0]=c1;
+
+	umul	a_0,b_1,t_1	!=!mul_add_c(a[0],b[1],c2,c3,c1);
+	ld	ap(1),a_1
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	%g0,t_2,c_3
+	addx	%g0,%g0,c_1
+	ld	ap(2),a_2
+	umul	a_1,b_0,t_1	!=!mul_add_c(a[1],b[0],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1	!=
+	st	c_2,rp(1)	!r[1]=c2;
+
+	umul	a_2,b_0,t_1	!mul_add_c(a[2],b[0],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2		!=
+	addxcc	c_1,t_2,c_1
+	addx	%g0,%g0,c_2
+	ld	bp(2),b_2
+	umul	a_1,b_1,t_1	!=!mul_add_c(a[1],b[1],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2	!=
+	ld	bp(3),b_3
+	umul	a_0,b_2,t_1	!mul_add_c(a[0],b[2],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2		!=
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	st	c_3,rp(2)	!r[2]=c3;
+
+	umul	a_0,b_3,t_1	!=!mul_add_c(a[0],b[3],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	%g0,%g0,c_3	!=
+	umul	a_1,b_2,t_1	!mul_add_c(a[1],b[2],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	c_3,%g0,c_3
+	ld	ap(3),a_3
+	umul	a_2,b_1,t_1	!mul_add_c(a[2],b[1],c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	umul	a_3,b_0,t_1	!=!mul_add_c(a[3],b[0],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	st	c_1,rp(3)	!r[3]=c1;
+
+	umul	a_3,b_1,t_1	!mul_add_c(a[3],b[1],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	%g0,%g0,c_1
+	umul	a_2,b_2,t_1	!mul_add_c(a[2],b[2],c2,c3,c1);
+	addcc	c_2,t_1,c_2	!=
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	umul	a_1,b_3,t_1	!=!mul_add_c(a[1],b[3],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1	!=
+	st	c_2,rp(4)	!r[4]=c2;
+
+	umul	a_2,b_3,t_1	!mul_add_c(a[2],b[3],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2		!=
+	addxcc	c_1,t_2,c_1
+	addx	%g0,%g0,c_2
+	umul	a_3,b_2,t_1	!mul_add_c(a[3],b[2],c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	st	c_3,rp(5)	!r[5]=c3;
+	addx	c_2,%g0,c_2	!=
+
+	umul	a_3,b_3,t_1	!mul_add_c(a[3],b[3],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	st	c_1,rp(6)	!r[6]=c1;
+	st	c_2,rp(7)	!r[7]=c2;
+	
+	ret
+	restore	%g0,%g0,%o0
+
+.type	bn_mul_comba4,#function
+.size	bn_mul_comba4,(.-bn_mul_comba4)
+
+.align	32
+
+.global bn_sqr_comba8
+bn_sqr_comba8:
+	save	%sp,FRAME_SIZE,%sp
+	ld	ap(0),a_0
+	ld	ap(1),a_1
+	umul	a_0,a_0,c_1	!=!sqr_add_c(a,0,c1,c2,c3);
+	rd	%y,c_2
+	st	c_1,rp(0)	!r[0]=c1;
+
+	ld	ap(2),a_2
+	umul	a_0,a_1,t_1	!=!sqr_add_c2(a,1,0,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	%g0,t_2,c_3
+	addx	%g0,%g0,c_1	!=
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3
+	st	c_2,rp(1)	!r[1]=c2;
+	addx	c_1,%g0,c_1	!=
+
+	umul	a_2,a_0,t_1	!sqr_add_c2(a,2,0,c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!=
+	addx	%g0,%g0,c_2
+	addcc	c_3,t_1,c_3
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2	!=
+	ld	ap(3),a_3
+	umul	a_1,a_1,t_1	!sqr_add_c(a,1,c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2		!=
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	st	c_3,rp(2)	!r[2]=c3;
+
+	umul	a_0,a_3,t_1	!=!sqr_add_c2(a,3,0,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	%g0,%g0,c_3	!=
+	addcc	c_1,t_1,c_1
+	addxcc	c_2,t_2,c_2
+	ld	ap(4),a_4
+	addx	c_3,%g0,c_3	!=
+	umul	a_1,a_2,t_1	!sqr_add_c2(a,2,1,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	c_3,%g0,c_3
+	addcc	c_1,t_1,c_1
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	st	c_1,rp(3)	!r[3]=c1;
+
+	umul	a_4,a_0,t_1	!sqr_add_c2(a,4,0,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	%g0,%g0,c_1
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	umul	a_3,a_1,t_1	!sqr_add_c2(a,3,1,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	ld	ap(5),a_5
+	umul	a_2,a_2,t_1	!sqr_add_c(a,2,c2,c3,c1);
+	addcc	c_2,t_1,c_2	!=
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	st	c_2,rp(4)	!r[4]=c2;
+	addx	c_1,%g0,c_1	!=
+
+	umul	a_0,a_5,t_1	!sqr_add_c2(a,5,0,c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!=
+	addx	%g0,%g0,c_2
+	addcc	c_3,t_1,c_3
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2	!=
+	umul	a_1,a_4,t_1	!sqr_add_c2(a,4,1,c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!=
+	addx	c_2,%g0,c_2
+	addcc	c_3,t_1,c_3
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2	!=
+	ld	ap(6),a_6
+	umul	a_2,a_3,t_1	!sqr_add_c2(a,3,2,c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2		!=
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	addcc	c_3,t_1,c_3
+	addxcc	c_1,t_2,c_1	!=
+	addx	c_2,%g0,c_2
+	st	c_3,rp(5)	!r[5]=c3;
+
+	umul	a_6,a_0,t_1	!sqr_add_c2(a,6,0,c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	%g0,%g0,c_3
+	addcc	c_1,t_1,c_1	!=
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	umul	a_5,a_1,t_1	!sqr_add_c2(a,5,1,c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	addcc	c_1,t_1,c_1	!=
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	umul	a_4,a_2,t_1	!sqr_add_c2(a,4,2,c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	addcc	c_1,t_1,c_1	!=
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	ld	ap(7),a_7
+	umul	a_3,a_3,t_1	!=!sqr_add_c(a,3,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	st	c_1,rp(6)	!r[6]=c1;
+
+	umul	a_0,a_7,t_1	!sqr_add_c2(a,7,0,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	%g0,%g0,c_1
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	umul	a_1,a_6,t_1	!sqr_add_c2(a,6,1,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	umul	a_2,a_5,t_1	!sqr_add_c2(a,5,2,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	umul	a_3,a_4,t_1	!sqr_add_c2(a,4,3,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	st	c_2,rp(7)	!r[7]=c2;
+
+	umul	a_7,a_1,t_1	!sqr_add_c2(a,7,1,c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	%g0,%g0,c_2
+	addcc	c_3,t_1,c_3	!=
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	umul	a_6,a_2,t_1	!sqr_add_c2(a,6,2,c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	addcc	c_3,t_1,c_3	!=
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	umul	a_5,a_3,t_1	!sqr_add_c2(a,5,3,c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	addcc	c_3,t_1,c_3	!=
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	umul	a_4,a_4,t_1	!sqr_add_c(a,4,c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	st	c_3,rp(8)	!r[8]=c3;
+	addx	c_2,%g0,c_2	!=
+
+	umul	a_2,a_7,t_1	!sqr_add_c2(a,7,2,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	%g0,%g0,c_3
+	addcc	c_1,t_1,c_1
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	umul	a_3,a_6,t_1	!sqr_add_c2(a,6,3,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	c_3,%g0,c_3
+	addcc	c_1,t_1,c_1
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	umul	a_4,a_5,t_1	!sqr_add_c2(a,5,4,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	c_3,%g0,c_3
+	addcc	c_1,t_1,c_1
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	st	c_1,rp(9)	!r[9]=c1;
+
+	umul	a_7,a_3,t_1	!sqr_add_c2(a,7,3,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	%g0,%g0,c_1
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	umul	a_6,a_4,t_1	!sqr_add_c2(a,6,4,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	umul	a_5,a_5,t_1	!sqr_add_c(a,5,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	st	c_2,rp(10)	!r[10]=c2;
+
+	umul	a_4,a_7,t_1	!=!sqr_add_c2(a,7,4,c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	%g0,%g0,c_2	!=
+	addcc	c_3,t_1,c_3
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	umul	a_5,a_6,t_1	!=!sqr_add_c2(a,6,5,c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2	!=
+	addcc	c_3,t_1,c_3
+	addxcc	c_1,t_2,c_1
+	st	c_3,rp(11)	!r[11]=c3;
+	addx	c_2,%g0,c_2	!=
+
+	umul	a_7,a_5,t_1	!sqr_add_c2(a,7,5,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	%g0,%g0,c_3
+	addcc	c_1,t_1,c_1
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	umul	a_6,a_6,t_1	!sqr_add_c(a,6,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	c_3,%g0,c_3
+	st	c_1,rp(12)	!r[12]=c1;
+
+	umul	a_6,a_7,t_1	!sqr_add_c2(a,7,6,c2,c3,c1);
+	addcc	c_2,t_1,c_2	!=
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	%g0,%g0,c_1
+	addcc	c_2,t_1,c_2	!=
+	addxcc	c_3,t_2,c_3
+	st	c_2,rp(13)	!r[13]=c2;
+	addx	c_1,%g0,c_1	!=
+
+	umul	a_7,a_7,t_1	!sqr_add_c(a,7,c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!=
+	st	c_3,rp(14)	!r[14]=c3;
+	st	c_1,rp(15)	!r[15]=c1;
+
+	ret
+	restore	%g0,%g0,%o0
+
+.type	bn_sqr_comba8,#function
+.size	bn_sqr_comba8,(.-bn_sqr_comba8)
+
+.align	32
+
+.global bn_sqr_comba4
+/*
+ * void bn_sqr_comba4(r,a)
+ * BN_ULONG *r,*a;
+ */
+bn_sqr_comba4:
+	save	%sp,FRAME_SIZE,%sp
+	ld	ap(0),a_0
+	umul	a_0,a_0,c_1	!sqr_add_c(a,0,c1,c2,c3);
+	ld	ap(1),a_1	!=
+	rd	%y,c_2
+	st	c_1,rp(0)	!r[0]=c1;
+
+	ld	ap(2),a_2
+	umul	a_0,a_1,t_1	!=!sqr_add_c2(a,1,0,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	%g0,t_2,c_3
+	addx	%g0,%g0,c_1	!=
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1	!=
+	st	c_2,rp(1)	!r[1]=c2;
+
+	umul	a_2,a_0,t_1	!sqr_add_c2(a,2,0,c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2		!=
+	addxcc	c_1,t_2,c_1
+	addx	%g0,%g0,c_2
+	addcc	c_3,t_1,c_3
+	addxcc	c_1,t_2,c_1	!=
+	addx	c_2,%g0,c_2
+	ld	ap(3),a_3
+	umul	a_1,a_1,t_1	!sqr_add_c(a,1,c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	st	c_3,rp(2)	!r[2]=c3;
+	addx	c_2,%g0,c_2	!=
+
+	umul	a_0,a_3,t_1	!sqr_add_c2(a,3,0,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	%g0,%g0,c_3
+	addcc	c_1,t_1,c_1
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	umul	a_1,a_2,t_1	!sqr_add_c2(a,2,1,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	c_3,%g0,c_3
+	addcc	c_1,t_1,c_1
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	st	c_1,rp(3)	!r[3]=c1;
+
+	umul	a_3,a_1,t_1	!sqr_add_c2(a,3,1,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	%g0,%g0,c_1
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	umul	a_2,a_2,t_1	!sqr_add_c(a,2,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	st	c_2,rp(4)	!r[4]=c2;
+
+	umul	a_2,a_3,t_1	!=!sqr_add_c2(a,3,2,c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	%g0,%g0,c_2	!=
+	addcc	c_3,t_1,c_3
+	addxcc	c_1,t_2,c_1
+	st	c_3,rp(5)	!r[5]=c3;
+	addx	c_2,%g0,c_2	!=
+
+	umul	a_3,a_3,t_1	!sqr_add_c(a,3,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	st	c_1,rp(6)	!r[6]=c1;
+	st	c_2,rp(7)	!r[7]=c2;
+	
+	ret
+	restore	%g0,%g0,%o0
+
+.type	bn_sqr_comba4,#function
+.size	bn_sqr_comba4,(.-bn_sqr_comba4)
+
+.align	32
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/sparcv8plus.S b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/sparcv8plus.S
new file mode 100644
index 000000000..d520ffa7c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/sparcv8plus.S
@@ -0,0 +1,1558 @@
+.ident	"sparcv8plus.s, Version 1.4"
+.ident	"SPARC v9 ISA artwork by Andy Polyakov <appro@openssl.org>"
+
+/*
+ * ====================================================================
+ * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ * ====================================================================
+ */
+
+/*
+ * This is my modest contribution to OpenSSL project (see
+ * http://www.openssl.org/ for more information about it) and is
+ * a drop-in UltraSPARC ISA replacement for crypto/bn/bn_asm.c
+ * module. For updates see http://fy.chalmers.se/~appro/hpe/.
+ *
+ * Questions-n-answers.
+ *
+ * Q. How to compile?
+ * A. With SC4.x/SC5.x:
+ *
+ *	cc -xarch=v8plus -c bn_asm.sparc.v8plus.S -o bn_asm.o
+ *
+ *    and with gcc:
+ *
+ *	gcc -mcpu=ultrasparc -c bn_asm.sparc.v8plus.S -o bn_asm.o
+ *
+ *    or if above fails (it does if you have gas installed):
+ *
+ *	gcc -E bn_asm.sparc.v8plus.S | as -xarch=v8plus /dev/fd/0 -o bn_asm.o
+ *
+ *    Quick-n-dirty way to fuse the module into the library.
+ *    Provided that the library is already configured and built
+ *    (in 0.9.2 case with no-asm option):
+ *
+ *	# cd crypto/bn
+ *	# cp /some/place/bn_asm.sparc.v8plus.S .
+ *	# cc -xarch=v8plus -c bn_asm.sparc.v8plus.S -o bn_asm.o
+ *	# make
+ *	# cd ../..
+ *	# make; make test
+ *
+ *    Quick-n-dirty way to get rid of it:
+ *
+ *	# cd crypto/bn
+ *	# touch bn_asm.c
+ *	# make
+ *	# cd ../..
+ *	# make; make test
+ *
+ * Q. V8plus architecture? What kind of beast is that?
+ * A. Well, it's rather a programming model than an architecture...
+ *    It's actually v9-compliant, i.e. *any* UltraSPARC, CPU under
+ *    special conditions, namely when kernel doesn't preserve upper
+ *    32 bits of otherwise 64-bit registers during a context switch.
+ *
+ * Q. Why just UltraSPARC? What about SuperSPARC?
+ * A. Original release did target UltraSPARC only. Now SuperSPARC
+ *    version is provided along. Both version share bn_*comba[48]
+ *    implementations (see comment later in code for explanation).
+ *    But what's so special about this UltraSPARC implementation?
+ *    Why didn't I let compiler do the job? Trouble is that most of
+ *    available compilers (well, SC5.0 is the only exception) don't
+ *    attempt to take advantage of UltraSPARC's 64-bitness under
+ *    32-bit kernels even though it's perfectly possible (see next
+ *    question).
+ *
+ * Q. 64-bit registers under 32-bit kernels? Didn't you just say it
+ *    doesn't work?
+ * A. You can't address *all* registers as 64-bit wide:-( The catch is
+ *    that you actually may rely upon %o0-%o5 and %g1-%g4 being fully
+ *    preserved if you're in a leaf function, i.e. such never calling
+ *    any other functions. All functions in this module are leaf and
+ *    10 registers is a handful. And as a matter of fact none-"comba"
+ *    routines don't require even that much and I could even afford to
+ *    not allocate own stack frame for 'em:-)
+ *
+ * Q. What about 64-bit kernels?
+ * A. What about 'em? Just kidding:-) Pure 64-bit version is currently
+ *    under evaluation and development...
+ *
+ * Q. What about shared libraries?
+ * A. What about 'em? Kidding again:-) Code does *not* contain any
+ *    code position dependencies and it's safe to include it into
+ *    shared library as is.
+ *
+ * Q. How much faster does it go?
+ * A. Do you have a good benchmark? In either case below is what I
+ *    experience with crypto/bn/expspeed.c test program:
+ *
+ *	v8plus module on U10/300MHz against bn_asm.c compiled with:
+ *
+ *	cc-5.0 -xarch=v8plus -xO5 -xdepend	+7-12%
+ *	cc-4.2 -xarch=v8plus -xO5 -xdepend	+25-35%
+ *	egcs-1.1.2 -mcpu=ultrasparc -O3		+35-45%
+ *
+ *	v8 module on SS10/60MHz against bn_asm.c compiled with:
+ *
+ *	cc-5.0 -xarch=v8 -xO5 -xdepend		+7-10%
+ *	cc-4.2 -xarch=v8 -xO5 -xdepend		+10%
+ *	egcs-1.1.2 -mv8 -O3			+35-45%
+ *
+ *    As you can see it's damn hard to beat the new Sun C compiler
+ *    and it's in first place GNU C users who will appreciate this
+ *    assembler implementation:-)	
+ */
+
+/*
+ * Revision history.
+ *
+ * 1.0	- initial release;
+ * 1.1	- new loop unrolling model(*);
+ *	- some more fine tuning;
+ * 1.2	- made gas friendly;
+ *	- updates to documentation concerning v9;
+ *	- new performance comparison matrix;
+ * 1.3	- fixed problem with /usr/ccs/lib/cpp;
+ * 1.4	- native V9 bn_*_comba[48] implementation (15% more efficient)
+ *	  resulting in slight overall performance kick;
+ *	- some retunes;
+ *	- support for GNU as added;
+ *
+ * (*)	Originally unrolled loop looked like this:
+ *	    for (;;) {
+ *		op(p+0); if (--n==0) break;
+ *		op(p+1); if (--n==0) break;
+ *		op(p+2); if (--n==0) break;
+ *		op(p+3); if (--n==0) break;
+ *		p+=4;
+ *	    }
+ *	I unroll according to following:
+ *	    while (n&~3) {
+ *		op(p+0); op(p+1); op(p+2); op(p+3);
+ *		p+=4; n=-4;
+ *	    }
+ *	    if (n) {
+ *		op(p+0); if (--n==0) return;
+ *		op(p+2); if (--n==0) return;
+ *		op(p+3); return;
+ *	    }
+ */
+
+#if defined(__SUNPRO_C) && defined(__sparcv9)
+  /* They've said -xarch=v9 at command line */
+  .register	%g2,#scratch
+  .register	%g3,#scratch
+# define	FRAME_SIZE	-192
+#elif defined(__GNUC__) && defined(__arch64__)
+  /* They've said -m64 at command line */
+  .register	%g2,#scratch
+  .register	%g3,#scratch
+# define	FRAME_SIZE	-192
+#else
+# define	FRAME_SIZE	-96
+#endif
+/*
+ * GNU assembler can't stand stuw:-(
+ */
+#define stuw st
+
+.section	".text",#alloc,#execinstr
+.file		"bn_asm.sparc.v8plus.S"
+
+.align	32
+
+.global bn_mul_add_words
+/*
+ * BN_ULONG bn_mul_add_words(rp,ap,num,w)
+ * BN_ULONG *rp,*ap;
+ * int num;
+ * BN_ULONG w;
+ */
+bn_mul_add_words:
+	sra	%o2,%g0,%o2	! signx %o2
+	brgz,a	%o2,.L_bn_mul_add_words_proceed
+	lduw	[%o1],%g2
+	retl
+	clr	%o0
+	nop
+	nop
+	nop
+
+.L_bn_mul_add_words_proceed:
+	srl	%o3,%g0,%o3	! clruw	%o3
+	andcc	%o2,-4,%g0
+	bz,pn	%icc,.L_bn_mul_add_words_tail
+	clr	%o5
+
+.L_bn_mul_add_words_loop:	! wow! 32 aligned!
+	lduw	[%o0],%g1
+	lduw	[%o1+4],%g3
+	mulx	%o3,%g2,%g2
+	add	%g1,%o5,%o4
+	nop
+	add	%o4,%g2,%o4
+	stuw	%o4,[%o0]
+	srlx	%o4,32,%o5
+
+	lduw	[%o0+4],%g1
+	lduw	[%o1+8],%g2
+	mulx	%o3,%g3,%g3
+	add	%g1,%o5,%o4
+	dec	4,%o2
+	add	%o4,%g3,%o4
+	stuw	%o4,[%o0+4]
+	srlx	%o4,32,%o5
+
+	lduw	[%o0+8],%g1
+	lduw	[%o1+12],%g3
+	mulx	%o3,%g2,%g2
+	add	%g1,%o5,%o4
+	inc	16,%o1
+	add	%o4,%g2,%o4
+	stuw	%o4,[%o0+8]
+	srlx	%o4,32,%o5
+
+	lduw	[%o0+12],%g1
+	mulx	%o3,%g3,%g3
+	add	%g1,%o5,%o4
+	inc	16,%o0
+	add	%o4,%g3,%o4
+	andcc	%o2,-4,%g0
+	stuw	%o4,[%o0-4]
+	srlx	%o4,32,%o5
+	bnz,a,pt	%icc,.L_bn_mul_add_words_loop
+	lduw	[%o1],%g2
+
+	brnz,a,pn	%o2,.L_bn_mul_add_words_tail
+	lduw	[%o1],%g2
+.L_bn_mul_add_words_return:
+	retl
+	mov	%o5,%o0
+
+.L_bn_mul_add_words_tail:
+	lduw	[%o0],%g1
+	mulx	%o3,%g2,%g2
+	add	%g1,%o5,%o4
+	dec	%o2
+	add	%o4,%g2,%o4
+	srlx	%o4,32,%o5
+	brz,pt	%o2,.L_bn_mul_add_words_return
+	stuw	%o4,[%o0]
+
+	lduw	[%o1+4],%g2
+	lduw	[%o0+4],%g1
+	mulx	%o3,%g2,%g2
+	add	%g1,%o5,%o4
+	dec	%o2
+	add	%o4,%g2,%o4
+	srlx	%o4,32,%o5
+	brz,pt	%o2,.L_bn_mul_add_words_return
+	stuw	%o4,[%o0+4]
+
+	lduw	[%o1+8],%g2
+	lduw	[%o0+8],%g1
+	mulx	%o3,%g2,%g2
+	add	%g1,%o5,%o4
+	add	%o4,%g2,%o4
+	stuw	%o4,[%o0+8]
+	retl
+	srlx	%o4,32,%o0
+
+.type	bn_mul_add_words,#function
+.size	bn_mul_add_words,(.-bn_mul_add_words)
+
+.align	32
+
+.global bn_mul_words
+/*
+ * BN_ULONG bn_mul_words(rp,ap,num,w)
+ * BN_ULONG *rp,*ap;
+ * int num;
+ * BN_ULONG w;
+ */
+bn_mul_words:
+	sra	%o2,%g0,%o2	! signx %o2
+	brgz,a	%o2,.L_bn_mul_words_proceed
+	lduw	[%o1],%g2
+	retl
+	clr	%o0
+	nop
+	nop
+	nop
+
+.L_bn_mul_words_proceed:
+	srl	%o3,%g0,%o3	! clruw	%o3
+	andcc	%o2,-4,%g0
+	bz,pn	%icc,.L_bn_mul_words_tail
+	clr	%o5
+
+.L_bn_mul_words_loop:		! wow! 32 aligned!
+	lduw	[%o1+4],%g3
+	mulx	%o3,%g2,%g2
+	add	%g2,%o5,%o4
+	nop
+	stuw	%o4,[%o0]
+	srlx	%o4,32,%o5
+
+	lduw	[%o1+8],%g2
+	mulx	%o3,%g3,%g3
+	add	%g3,%o5,%o4
+	dec	4,%o2
+	stuw	%o4,[%o0+4]
+	srlx	%o4,32,%o5
+
+	lduw	[%o1+12],%g3
+	mulx	%o3,%g2,%g2
+	add	%g2,%o5,%o4
+	inc	16,%o1
+	stuw	%o4,[%o0+8]
+	srlx	%o4,32,%o5
+
+	mulx	%o3,%g3,%g3
+	add	%g3,%o5,%o4
+	inc	16,%o0
+	stuw	%o4,[%o0-4]
+	srlx	%o4,32,%o5
+	andcc	%o2,-4,%g0
+	bnz,a,pt	%icc,.L_bn_mul_words_loop
+	lduw	[%o1],%g2
+	nop
+	nop
+
+	brnz,a,pn	%o2,.L_bn_mul_words_tail
+	lduw	[%o1],%g2
+.L_bn_mul_words_return:
+	retl
+	mov	%o5,%o0
+
+.L_bn_mul_words_tail:
+	mulx	%o3,%g2,%g2
+	add	%g2,%o5,%o4
+	dec	%o2
+	srlx	%o4,32,%o5
+	brz,pt	%o2,.L_bn_mul_words_return
+	stuw	%o4,[%o0]
+
+	lduw	[%o1+4],%g2
+	mulx	%o3,%g2,%g2
+	add	%g2,%o5,%o4
+	dec	%o2
+	srlx	%o4,32,%o5
+	brz,pt	%o2,.L_bn_mul_words_return
+	stuw	%o4,[%o0+4]
+
+	lduw	[%o1+8],%g2
+	mulx	%o3,%g2,%g2
+	add	%g2,%o5,%o4
+	stuw	%o4,[%o0+8]
+	retl
+	srlx	%o4,32,%o0
+
+.type	bn_mul_words,#function
+.size	bn_mul_words,(.-bn_mul_words)
+
+.align  32
+.global	bn_sqr_words
+/*
+ * void bn_sqr_words(r,a,n)
+ * BN_ULONG *r,*a;
+ * int n;
+ */
+bn_sqr_words:
+	sra	%o2,%g0,%o2	! signx %o2
+	brgz,a	%o2,.L_bn_sqr_words_proceed
+	lduw	[%o1],%g2
+	retl
+	clr	%o0
+	nop
+	nop
+	nop
+
+.L_bn_sqr_words_proceed:
+	andcc	%o2,-4,%g0
+	nop
+	bz,pn	%icc,.L_bn_sqr_words_tail
+	nop
+
+.L_bn_sqr_words_loop:		! wow! 32 aligned!
+	lduw	[%o1+4],%g3
+	mulx	%g2,%g2,%o4
+	stuw	%o4,[%o0]
+	srlx	%o4,32,%o5
+	stuw	%o5,[%o0+4]
+	nop
+
+	lduw	[%o1+8],%g2
+	mulx	%g3,%g3,%o4
+	dec	4,%o2
+	stuw	%o4,[%o0+8]
+	srlx	%o4,32,%o5
+	stuw	%o5,[%o0+12]
+
+	lduw	[%o1+12],%g3
+	mulx	%g2,%g2,%o4
+	srlx	%o4,32,%o5
+	stuw	%o4,[%o0+16]
+	inc	16,%o1
+	stuw	%o5,[%o0+20]
+
+	mulx	%g3,%g3,%o4
+	inc	32,%o0
+	stuw	%o4,[%o0-8]
+	srlx	%o4,32,%o5
+	andcc	%o2,-4,%g2
+	stuw	%o5,[%o0-4]
+	bnz,a,pt	%icc,.L_bn_sqr_words_loop
+	lduw	[%o1],%g2
+	nop
+
+	brnz,a,pn	%o2,.L_bn_sqr_words_tail
+	lduw	[%o1],%g2
+.L_bn_sqr_words_return:
+	retl
+	clr	%o0
+
+.L_bn_sqr_words_tail:
+	mulx	%g2,%g2,%o4
+	dec	%o2
+	stuw	%o4,[%o0]
+	srlx	%o4,32,%o5
+	brz,pt	%o2,.L_bn_sqr_words_return
+	stuw	%o5,[%o0+4]
+
+	lduw	[%o1+4],%g2
+	mulx	%g2,%g2,%o4
+	dec	%o2
+	stuw	%o4,[%o0+8]
+	srlx	%o4,32,%o5
+	brz,pt	%o2,.L_bn_sqr_words_return
+	stuw	%o5,[%o0+12]
+
+	lduw	[%o1+8],%g2
+	mulx	%g2,%g2,%o4
+	srlx	%o4,32,%o5
+	stuw	%o4,[%o0+16]
+	stuw	%o5,[%o0+20]
+	retl
+	clr	%o0
+
+.type	bn_sqr_words,#function
+.size	bn_sqr_words,(.-bn_sqr_words)
+
+.align	32
+.global bn_div_words
+/*
+ * BN_ULONG bn_div_words(h,l,d)
+ * BN_ULONG h,l,d;
+ */
+bn_div_words:
+	sllx	%o0,32,%o0
+	or	%o0,%o1,%o0
+	udivx	%o0,%o2,%o0
+	retl
+	srl	%o0,%g0,%o0	! clruw	%o0
+
+.type	bn_div_words,#function
+.size	bn_div_words,(.-bn_div_words)
+
+.align	32
+
+.global bn_add_words
+/*
+ * BN_ULONG bn_add_words(rp,ap,bp,n)
+ * BN_ULONG *rp,*ap,*bp;
+ * int n;
+ */
+bn_add_words:
+	sra	%o3,%g0,%o3	! signx %o3
+	brgz,a	%o3,.L_bn_add_words_proceed
+	lduw	[%o1],%o4
+	retl
+	clr	%o0
+
+.L_bn_add_words_proceed:
+	andcc	%o3,-4,%g0
+	bz,pn	%icc,.L_bn_add_words_tail
+	addcc	%g0,0,%g0	! clear carry flag
+
+.L_bn_add_words_loop:		! wow! 32 aligned!
+	dec	4,%o3
+	lduw	[%o2],%o5
+	lduw	[%o1+4],%g1
+	lduw	[%o2+4],%g2
+	lduw	[%o1+8],%g3
+	lduw	[%o2+8],%g4
+	addccc	%o5,%o4,%o5
+	stuw	%o5,[%o0]
+
+	lduw	[%o1+12],%o4
+	lduw	[%o2+12],%o5
+	inc	16,%o1
+	addccc	%g1,%g2,%g1
+	stuw	%g1,[%o0+4]
+	
+	inc	16,%o2
+	addccc	%g3,%g4,%g3
+	stuw	%g3,[%o0+8]
+
+	inc	16,%o0
+	addccc	%o5,%o4,%o5
+	stuw	%o5,[%o0-4]
+	and	%o3,-4,%g1
+	brnz,a,pt	%g1,.L_bn_add_words_loop
+	lduw	[%o1],%o4
+
+	brnz,a,pn	%o3,.L_bn_add_words_tail
+	lduw	[%o1],%o4
+.L_bn_add_words_return:
+	clr	%o0
+	retl
+	movcs	%icc,1,%o0
+	nop
+
+.L_bn_add_words_tail:
+	lduw	[%o2],%o5
+	dec	%o3
+	addccc	%o5,%o4,%o5
+	brz,pt	%o3,.L_bn_add_words_return
+	stuw	%o5,[%o0]
+
+	lduw	[%o1+4],%o4
+	lduw	[%o2+4],%o5
+	dec	%o3
+	addccc	%o5,%o4,%o5
+	brz,pt	%o3,.L_bn_add_words_return
+	stuw	%o5,[%o0+4]
+
+	lduw	[%o1+8],%o4
+	lduw	[%o2+8],%o5
+	addccc	%o5,%o4,%o5
+	stuw	%o5,[%o0+8]
+	clr	%o0
+	retl
+	movcs	%icc,1,%o0
+
+.type	bn_add_words,#function
+.size	bn_add_words,(.-bn_add_words)
+
+.global bn_sub_words
+/*
+ * BN_ULONG bn_sub_words(rp,ap,bp,n)
+ * BN_ULONG *rp,*ap,*bp;
+ * int n;
+ */
+bn_sub_words:
+	sra	%o3,%g0,%o3	! signx %o3
+	brgz,a	%o3,.L_bn_sub_words_proceed
+	lduw	[%o1],%o4
+	retl
+	clr	%o0
+
+.L_bn_sub_words_proceed:
+	andcc	%o3,-4,%g0
+	bz,pn	%icc,.L_bn_sub_words_tail
+	addcc	%g0,0,%g0	! clear carry flag
+
+.L_bn_sub_words_loop:		! wow! 32 aligned!
+	dec	4,%o3
+	lduw	[%o2],%o5
+	lduw	[%o1+4],%g1
+	lduw	[%o2+4],%g2
+	lduw	[%o1+8],%g3
+	lduw	[%o2+8],%g4
+	subccc	%o4,%o5,%o5
+	stuw	%o5,[%o0]
+
+	lduw	[%o1+12],%o4
+	lduw	[%o2+12],%o5
+	inc	16,%o1
+	subccc	%g1,%g2,%g2
+	stuw	%g2,[%o0+4]
+
+	inc	16,%o2
+	subccc	%g3,%g4,%g4
+	stuw	%g4,[%o0+8]
+
+	inc	16,%o0
+	subccc	%o4,%o5,%o5
+	stuw	%o5,[%o0-4]
+	and	%o3,-4,%g1
+	brnz,a,pt	%g1,.L_bn_sub_words_loop
+	lduw	[%o1],%o4
+
+	brnz,a,pn	%o3,.L_bn_sub_words_tail
+	lduw	[%o1],%o4
+.L_bn_sub_words_return:
+	clr	%o0
+	retl
+	movcs	%icc,1,%o0
+	nop
+
+.L_bn_sub_words_tail:		! wow! 32 aligned!
+	lduw	[%o2],%o5
+	dec	%o3
+	subccc	%o4,%o5,%o5
+	brz,pt	%o3,.L_bn_sub_words_return
+	stuw	%o5,[%o0]
+
+	lduw	[%o1+4],%o4
+	lduw	[%o2+4],%o5
+	dec	%o3
+	subccc	%o4,%o5,%o5
+	brz,pt	%o3,.L_bn_sub_words_return
+	stuw	%o5,[%o0+4]
+
+	lduw	[%o1+8],%o4
+	lduw	[%o2+8],%o5
+	subccc	%o4,%o5,%o5
+	stuw	%o5,[%o0+8]
+	clr	%o0
+	retl
+	movcs	%icc,1,%o0
+
+.type	bn_sub_words,#function
+.size	bn_sub_words,(.-bn_sub_words)
+
+/*
+ * Code below depends on the fact that upper parts of the %l0-%l7
+ * and %i0-%i7 are zeroed by kernel after context switch. In
+ * previous versions this comment stated that "the trouble is that
+ * it's not feasible to implement the mumbo-jumbo in less V9
+ * instructions:-(" which apparently isn't true thanks to
+ * 'bcs,a %xcc,.+8; inc %rd' pair. But the performance improvement
+ * results not from the shorter code, but from elimination of
+ * multicycle none-pairable 'rd %y,%rd' instructions.
+ *
+ *							Andy.
+ */
+
+/*
+ * Here is register usage map for *all* routines below.
+ */
+#define t_1	%o0
+#define	t_2	%o1
+#define c_12	%o2
+#define c_3	%o3
+
+#define ap(I)	[%i1+4*I]
+#define bp(I)	[%i2+4*I]
+#define rp(I)	[%i0+4*I]
+
+#define	a_0	%l0
+#define	a_1	%l1
+#define	a_2	%l2
+#define	a_3	%l3
+#define	a_4	%l4
+#define	a_5	%l5
+#define	a_6	%l6
+#define	a_7	%l7
+
+#define	b_0	%i3
+#define	b_1	%i4
+#define	b_2	%i5
+#define	b_3	%o4
+#define	b_4	%o5
+#define	b_5	%o7
+#define	b_6	%g1
+#define	b_7	%g4
+
+.align	32
+.global bn_mul_comba8
+/*
+ * void bn_mul_comba8(r,a,b)
+ * BN_ULONG *r,*a,*b;
+ */
+bn_mul_comba8:
+	save	%sp,FRAME_SIZE,%sp
+	mov	1,t_2
+	lduw	ap(0),a_0
+	sllx	t_2,32,t_2
+	lduw	bp(0),b_0	!=
+	lduw	bp(1),b_1
+	mulx	a_0,b_0,t_1	!mul_add_c(a[0],b[0],c1,c2,c3);
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(0)	!=!r[0]=c1;
+
+	lduw	ap(1),a_1
+	mulx	a_0,b_1,t_1	!mul_add_c(a[0],b[1],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3		!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	ap(2),a_2
+	mulx	a_1,b_0,t_1	!=!mul_add_c(a[1],b[0],c2,c3,c1);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12	!=
+	stuw	t_1,rp(1)	!r[1]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_2,b_0,t_1	!mul_add_c(a[2],b[0],c3,c1,c2);
+	addcc	c_12,t_1,c_12	!=
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	bp(2),b_2	!=
+	mulx	a_1,b_1,t_1	!mul_add_c(a[1],b[1],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	lduw	bp(3),b_3
+	mulx	a_0,b_2,t_1	!mul_add_c(a[0],b[2],c3,c1,c2);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(2)	!r[2]=c3;
+	or	c_12,c_3,c_12	!=
+
+	mulx	a_0,b_3,t_1	!mul_add_c(a[0],b[3],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_1,b_2,t_1	!=!mul_add_c(a[1],b[2],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	lduw	ap(3),a_3
+	mulx	a_2,b_1,t_1	!mul_add_c(a[2],b[1],c1,c2,c3);
+	addcc	c_12,t_1,c_12	!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	ap(4),a_4
+	mulx	a_3,b_0,t_1	!=!mul_add_c(a[3],b[0],c1,c2,c3);!=
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12	!=
+	stuw	t_1,rp(3)	!r[3]=c1;
+	or	c_12,c_3,c_12
+
+	mulx	a_4,b_0,t_1	!mul_add_c(a[4],b[0],c2,c3,c1);
+	addcc	c_12,t_1,c_12	!=
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_3,b_1,t_1	!=!mul_add_c(a[3],b[1],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_2,b_2,t_1	!=!mul_add_c(a[2],b[2],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	bp(4),b_4	!=
+	mulx	a_1,b_3,t_1	!mul_add_c(a[1],b[3],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	lduw	bp(5),b_5
+	mulx	a_0,b_4,t_1	!mul_add_c(a[0],b[4],c2,c3,c1);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(4)	!r[4]=c2;
+	or	c_12,c_3,c_12	!=
+
+	mulx	a_0,b_5,t_1	!mul_add_c(a[0],b[5],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_1,b_4,t_1	!mul_add_c(a[1],b[4],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_2,b_3,t_1	!mul_add_c(a[2],b[3],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_3,b_2,t_1	!mul_add_c(a[3],b[2],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	lduw	ap(5),a_5
+	mulx	a_4,b_1,t_1	!mul_add_c(a[4],b[1],c3,c1,c2);
+	addcc	c_12,t_1,c_12	!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	ap(6),a_6
+	mulx	a_5,b_0,t_1	!=!mul_add_c(a[5],b[0],c3,c1,c2);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12	!=
+	stuw	t_1,rp(5)	!r[5]=c3;
+	or	c_12,c_3,c_12
+
+	mulx	a_6,b_0,t_1	!mul_add_c(a[6],b[0],c1,c2,c3);
+	addcc	c_12,t_1,c_12	!=
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_5,b_1,t_1	!=!mul_add_c(a[5],b[1],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_4,b_2,t_1	!=!mul_add_c(a[4],b[2],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_3,b_3,t_1	!=!mul_add_c(a[3],b[3],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_2,b_4,t_1	!=!mul_add_c(a[2],b[4],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	bp(6),b_6	!=
+	mulx	a_1,b_5,t_1	!mul_add_c(a[1],b[5],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	lduw	bp(7),b_7
+	mulx	a_0,b_6,t_1	!mul_add_c(a[0],b[6],c1,c2,c3);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(6)	!r[6]=c1;
+	or	c_12,c_3,c_12	!=
+
+	mulx	a_0,b_7,t_1	!mul_add_c(a[0],b[7],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_1,b_6,t_1	!mul_add_c(a[1],b[6],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_2,b_5,t_1	!mul_add_c(a[2],b[5],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_3,b_4,t_1	!mul_add_c(a[3],b[4],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_4,b_3,t_1	!mul_add_c(a[4],b[3],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_5,b_2,t_1	!mul_add_c(a[5],b[2],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	lduw	ap(7),a_7
+	mulx	a_6,b_1,t_1	!=!mul_add_c(a[6],b[1],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_7,b_0,t_1	!=!mul_add_c(a[7],b[0],c2,c3,c1);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12	!=
+	stuw	t_1,rp(7)	!r[7]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_7,b_1,t_1	!=!mul_add_c(a[7],b[1],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	mulx	a_6,b_2,t_1	!mul_add_c(a[6],b[2],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	mulx	a_5,b_3,t_1	!mul_add_c(a[5],b[3],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	mulx	a_4,b_4,t_1	!mul_add_c(a[4],b[4],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	mulx	a_3,b_5,t_1	!mul_add_c(a[3],b[5],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	mulx	a_2,b_6,t_1	!mul_add_c(a[2],b[6],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	mulx	a_1,b_7,t_1	!mul_add_c(a[1],b[7],c3,c1,c2);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(8)	!r[8]=c3;
+	or	c_12,c_3,c_12
+
+	mulx	a_2,b_7,t_1	!=!mul_add_c(a[2],b[7],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	mulx	a_3,b_6,t_1	!mul_add_c(a[3],b[6],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_4,b_5,t_1	!mul_add_c(a[4],b[5],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_5,b_4,t_1	!mul_add_c(a[5],b[4],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_6,b_3,t_1	!mul_add_c(a[6],b[3],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_7,b_2,t_1	!mul_add_c(a[7],b[2],c1,c2,c3);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(9)	!r[9]=c1;
+	or	c_12,c_3,c_12	!=
+
+	mulx	a_7,b_3,t_1	!mul_add_c(a[7],b[3],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_6,b_4,t_1	!mul_add_c(a[6],b[4],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_5,b_5,t_1	!mul_add_c(a[5],b[5],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_4,b_6,t_1	!mul_add_c(a[4],b[6],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_3,b_7,t_1	!mul_add_c(a[3],b[7],c2,c3,c1);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(10)	!r[10]=c2;
+	or	c_12,c_3,c_12	!=
+
+	mulx	a_4,b_7,t_1	!mul_add_c(a[4],b[7],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_5,b_6,t_1	!mul_add_c(a[5],b[6],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_6,b_5,t_1	!mul_add_c(a[6],b[5],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_7,b_4,t_1	!mul_add_c(a[7],b[4],c3,c1,c2);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(11)	!r[11]=c3;
+	or	c_12,c_3,c_12	!=
+
+	mulx	a_7,b_5,t_1	!mul_add_c(a[7],b[5],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_6,b_6,t_1	!mul_add_c(a[6],b[6],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_5,b_7,t_1	!mul_add_c(a[5],b[7],c1,c2,c3);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(12)	!r[12]=c1;
+	or	c_12,c_3,c_12	!=
+
+	mulx	a_6,b_7,t_1	!mul_add_c(a[6],b[7],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_7,b_6,t_1	!mul_add_c(a[7],b[6],c2,c3,c1);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	st	t_1,rp(13)	!r[13]=c2;
+	or	c_12,c_3,c_12	!=
+
+	mulx	a_7,b_7,t_1	!mul_add_c(a[7],b[7],c3,c1,c2);
+	addcc	c_12,t_1,t_1
+	srlx	t_1,32,c_12	!=
+	stuw	t_1,rp(14)	!r[14]=c3;
+	stuw	c_12,rp(15)	!r[15]=c1;
+
+	ret
+	restore	%g0,%g0,%o0	!=
+
+.type	bn_mul_comba8,#function
+.size	bn_mul_comba8,(.-bn_mul_comba8)
+
+.align	32
+
+.global bn_mul_comba4
+/*
+ * void bn_mul_comba4(r,a,b)
+ * BN_ULONG *r,*a,*b;
+ */
+bn_mul_comba4:
+	save	%sp,FRAME_SIZE,%sp
+	lduw	ap(0),a_0
+	mov	1,t_2
+	lduw	bp(0),b_0
+	sllx	t_2,32,t_2	!=
+	lduw	bp(1),b_1
+	mulx	a_0,b_0,t_1	!mul_add_c(a[0],b[0],c1,c2,c3);
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(0)	!=!r[0]=c1;
+
+	lduw	ap(1),a_1
+	mulx	a_0,b_1,t_1	!mul_add_c(a[0],b[1],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3		!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	ap(2),a_2
+	mulx	a_1,b_0,t_1	!=!mul_add_c(a[1],b[0],c2,c3,c1);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12	!=
+	stuw	t_1,rp(1)	!r[1]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_2,b_0,t_1	!mul_add_c(a[2],b[0],c3,c1,c2);
+	addcc	c_12,t_1,c_12	!=
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	bp(2),b_2	!=
+	mulx	a_1,b_1,t_1	!mul_add_c(a[1],b[1],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	lduw	bp(3),b_3
+	mulx	a_0,b_2,t_1	!mul_add_c(a[0],b[2],c3,c1,c2);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(2)	!r[2]=c3;
+	or	c_12,c_3,c_12	!=
+
+	mulx	a_0,b_3,t_1	!mul_add_c(a[0],b[3],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_1,b_2,t_1	!mul_add_c(a[1],b[2],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	lduw	ap(3),a_3
+	mulx	a_2,b_1,t_1	!mul_add_c(a[2],b[1],c1,c2,c3);
+	addcc	c_12,t_1,c_12	!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_3,b_0,t_1	!mul_add_c(a[3],b[0],c1,c2,c3);!=
+	addcc	c_12,t_1,t_1	!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(3)	!=!r[3]=c1;
+	or	c_12,c_3,c_12
+
+	mulx	a_3,b_1,t_1	!mul_add_c(a[3],b[1],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3		!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_2,b_2,t_1	!mul_add_c(a[2],b[2],c2,c3,c1);
+	addcc	c_12,t_1,c_12	!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_1,b_3,t_1	!mul_add_c(a[1],b[3],c2,c3,c1);
+	addcc	c_12,t_1,t_1	!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(4)	!=!r[4]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_2,b_3,t_1	!mul_add_c(a[2],b[3],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	clr	c_3		!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_3,b_2,t_1	!mul_add_c(a[3],b[2],c3,c1,c2);
+	addcc	c_12,t_1,t_1	!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(5)	!=!r[5]=c3;
+	or	c_12,c_3,c_12
+
+	mulx	a_3,b_3,t_1	!mul_add_c(a[3],b[3],c1,c2,c3);
+	addcc	c_12,t_1,t_1
+	srlx	t_1,32,c_12	!=
+	stuw	t_1,rp(6)	!r[6]=c1;
+	stuw	c_12,rp(7)	!r[7]=c2;
+	
+	ret
+	restore	%g0,%g0,%o0
+
+.type	bn_mul_comba4,#function
+.size	bn_mul_comba4,(.-bn_mul_comba4)
+
+.align	32
+
+.global bn_sqr_comba8
+bn_sqr_comba8:
+	save	%sp,FRAME_SIZE,%sp
+	mov	1,t_2
+	lduw	ap(0),a_0
+	sllx	t_2,32,t_2
+	lduw	ap(1),a_1
+	mulx	a_0,a_0,t_1	!sqr_add_c(a,0,c1,c2,c3);
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(0)	!r[0]=c1;
+
+	lduw	ap(2),a_2
+	mulx	a_0,a_1,t_1	!=!sqr_add_c2(a,1,0,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(1)	!r[1]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_2,a_0,t_1	!sqr_add_c2(a,2,0,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	ap(3),a_3
+	mulx	a_1,a_1,t_1	!sqr_add_c(a,1,c3,c1,c2);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(2)	!r[2]=c3;
+	or	c_12,c_3,c_12
+
+	mulx	a_0,a_3,t_1	!sqr_add_c2(a,3,0,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	ap(4),a_4
+	mulx	a_1,a_2,t_1	!sqr_add_c2(a,2,1,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	st	t_1,rp(3)	!r[3]=c1;
+	or	c_12,c_3,c_12
+
+	mulx	a_4,a_0,t_1	!sqr_add_c2(a,4,0,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_3,a_1,t_1	!sqr_add_c2(a,3,1,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	ap(5),a_5
+	mulx	a_2,a_2,t_1	!sqr_add_c(a,2,c2,c3,c1);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(4)	!r[4]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_0,a_5,t_1	!sqr_add_c2(a,5,0,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_1,a_4,t_1	!sqr_add_c2(a,4,1,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	ap(6),a_6
+	mulx	a_2,a_3,t_1	!sqr_add_c2(a,3,2,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(5)	!r[5]=c3;
+	or	c_12,c_3,c_12
+
+	mulx	a_6,a_0,t_1	!sqr_add_c2(a,6,0,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_5,a_1,t_1	!sqr_add_c2(a,5,1,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_4,a_2,t_1	!sqr_add_c2(a,4,2,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	ap(7),a_7
+	mulx	a_3,a_3,t_1	!=!sqr_add_c(a,3,c1,c2,c3);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(6)	!r[6]=c1;
+	or	c_12,c_3,c_12
+
+	mulx	a_0,a_7,t_1	!sqr_add_c2(a,7,0,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_1,a_6,t_1	!sqr_add_c2(a,6,1,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_2,a_5,t_1	!sqr_add_c2(a,5,2,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_3,a_4,t_1	!sqr_add_c2(a,4,3,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(7)	!r[7]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_7,a_1,t_1	!sqr_add_c2(a,7,1,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_6,a_2,t_1	!sqr_add_c2(a,6,2,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_5,a_3,t_1	!sqr_add_c2(a,5,3,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_4,a_4,t_1	!sqr_add_c(a,4,c3,c1,c2);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(8)	!r[8]=c3;
+	or	c_12,c_3,c_12
+
+	mulx	a_2,a_7,t_1	!sqr_add_c2(a,7,2,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_3,a_6,t_1	!sqr_add_c2(a,6,3,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_4,a_5,t_1	!sqr_add_c2(a,5,4,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(9)	!r[9]=c1;
+	or	c_12,c_3,c_12
+
+	mulx	a_7,a_3,t_1	!sqr_add_c2(a,7,3,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_6,a_4,t_1	!sqr_add_c2(a,6,4,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_5,a_5,t_1	!sqr_add_c(a,5,c2,c3,c1);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(10)	!r[10]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_4,a_7,t_1	!sqr_add_c2(a,7,4,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_5,a_6,t_1	!sqr_add_c2(a,6,5,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(11)	!r[11]=c3;
+	or	c_12,c_3,c_12
+
+	mulx	a_7,a_5,t_1	!sqr_add_c2(a,7,5,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_6,a_6,t_1	!sqr_add_c(a,6,c1,c2,c3);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(12)	!r[12]=c1;
+	or	c_12,c_3,c_12
+
+	mulx	a_6,a_7,t_1	!sqr_add_c2(a,7,6,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(13)	!r[13]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_7,a_7,t_1	!sqr_add_c(a,7,c3,c1,c2);
+	addcc	c_12,t_1,t_1
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(14)	!r[14]=c3;
+	stuw	c_12,rp(15)	!r[15]=c1;
+
+	ret
+	restore	%g0,%g0,%o0
+
+.type	bn_sqr_comba8,#function
+.size	bn_sqr_comba8,(.-bn_sqr_comba8)
+
+.align	32
+
+.global bn_sqr_comba4
+/*
+ * void bn_sqr_comba4(r,a)
+ * BN_ULONG *r,*a;
+ */
+bn_sqr_comba4:
+	save	%sp,FRAME_SIZE,%sp
+	mov	1,t_2
+	lduw	ap(0),a_0
+	sllx	t_2,32,t_2
+	lduw	ap(1),a_1
+	mulx	a_0,a_0,t_1	!sqr_add_c(a,0,c1,c2,c3);
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(0)	!r[0]=c1;
+
+	lduw	ap(2),a_2
+	mulx	a_0,a_1,t_1	!sqr_add_c2(a,1,0,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(1)	!r[1]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_2,a_0,t_1	!sqr_add_c2(a,2,0,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	ap(3),a_3
+	mulx	a_1,a_1,t_1	!sqr_add_c(a,1,c3,c1,c2);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(2)	!r[2]=c3;
+	or	c_12,c_3,c_12
+
+	mulx	a_0,a_3,t_1	!sqr_add_c2(a,3,0,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_1,a_2,t_1	!sqr_add_c2(a,2,1,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(3)	!r[3]=c1;
+	or	c_12,c_3,c_12
+
+	mulx	a_3,a_1,t_1	!sqr_add_c2(a,3,1,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_2,a_2,t_1	!sqr_add_c(a,2,c2,c3,c1);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(4)	!r[4]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_2,a_3,t_1	!sqr_add_c2(a,3,2,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(5)	!r[5]=c3;
+	or	c_12,c_3,c_12
+
+	mulx	a_3,a_3,t_1	!sqr_add_c(a,3,c1,c2,c3);
+	addcc	c_12,t_1,t_1
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(6)	!r[6]=c1;
+	stuw	c_12,rp(7)	!r[7]=c2;
+	
+	ret
+	restore	%g0,%g0,%o0
+
+.type	bn_sqr_comba4,#function
+.size	bn_sqr_comba4,(.-bn_sqr_comba4)
+
+.align	32
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/sparcv9-gf2m.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/sparcv9-gf2m.pl
new file mode 100644
index 000000000..dcf11a87a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/sparcv9-gf2m.pl
@@ -0,0 +1,200 @@
+#! /usr/bin/env perl
+# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# October 2012
+#
+# The module implements bn_GF2m_mul_2x2 polynomial multiplication used
+# in bn_gf2m.c. It's kind of low-hanging mechanical port from C for
+# the time being... Except that it has two code paths: one suitable
+# for all SPARCv9 processors and one for VIS3-capable ones. Former
+# delivers ~25-45% more, more for longer keys, heaviest DH and DSA
+# verify operations on venerable UltraSPARC II. On T4 VIS3 code is
+# ~100-230% faster than gcc-generated code and ~35-90% faster than
+# the pure SPARCv9 code path.
+
+$output = pop;
+open STDOUT,">$output";
+
+$locals=16*8;
+
+$tab="%l0";
+
+@T=("%g2","%g3");
+@i=("%g4","%g5");
+
+($a1,$a2,$a4,$a8,$a12,$a48)=map("%o$_",(0..5));
+($lo,$hi,$b)=("%g1",$a8,"%o7"); $a=$lo;
+
+$code.=<<___;
+#include <sparc_arch.h>
+
+#ifdef __arch64__
+.register	%g2,#scratch
+.register	%g3,#scratch
+#endif
+
+#ifdef __PIC__
+SPARC_PIC_THUNK(%g1)
+#endif
+
+.globl	bn_GF2m_mul_2x2
+.align	16
+bn_GF2m_mul_2x2:
+        SPARC_LOAD_ADDRESS_LEAF(OPENSSL_sparcv9cap_P,%g1,%g5)
+        ld	[%g1+0],%g1             	! OPENSSL_sparcv9cap_P[0]
+
+        andcc	%g1, SPARCV9_VIS3, %g0
+        bz,pn	%icc,.Lsoftware
+        nop
+
+	sllx	%o1, 32, %o1
+	sllx	%o3, 32, %o3
+	or	%o2, %o1, %o1
+	or	%o4, %o3, %o3
+	.word	0x95b262ab			! xmulx   %o1, %o3, %o2
+	.word	0x99b262cb			! xmulxhi %o1, %o3, %o4
+	srlx	%o2, 32, %o1			! 13 cycles later
+	st	%o2, [%o0+0]
+	st	%o1, [%o0+4]
+	srlx	%o4, 32, %o3
+	st	%o4, [%o0+8]
+	retl
+	st	%o3, [%o0+12]
+
+.align	16
+.Lsoftware:
+	save	%sp,-STACK_FRAME-$locals,%sp
+
+	sllx	%i1,32,$a
+	mov	-1,$a12
+	sllx	%i3,32,$b
+	or	%i2,$a,$a
+	srlx	$a12,1,$a48			! 0x7fff...
+	or	%i4,$b,$b
+	srlx	$a12,2,$a12			! 0x3fff...
+	add	%sp,STACK_BIAS+STACK_FRAME,$tab
+
+	sllx	$a,2,$a4
+	mov	$a,$a1
+	sllx	$a,1,$a2
+
+	srax	$a4,63,@i[1]			! broadcast 61st bit
+	and	$a48,$a4,$a4			! (a<<2)&0x7fff...
+	srlx	$a48,2,$a48
+	srax	$a2,63,@i[0]			! broadcast 62nd bit
+	and	$a12,$a2,$a2			! (a<<1)&0x3fff...
+	srax	$a1,63,$lo			! broadcast 63rd bit
+	and	$a48,$a1,$a1			! (a<<0)&0x1fff...
+
+	sllx	$a1,3,$a8
+	and	$b,$lo,$lo
+	and	$b,@i[0],@i[0]
+	and	$b,@i[1],@i[1]
+
+	stx	%g0,[$tab+0*8]			! tab[0]=0
+	xor	$a1,$a2,$a12
+	stx	$a1,[$tab+1*8]			! tab[1]=a1
+	stx	$a2,[$tab+2*8]			! tab[2]=a2
+	 xor	$a4,$a8,$a48
+	stx	$a12,[$tab+3*8]			! tab[3]=a1^a2
+	 xor	$a4,$a1,$a1
+
+	stx	$a4,[$tab+4*8]			! tab[4]=a4
+	xor	$a4,$a2,$a2
+	stx	$a1,[$tab+5*8]			! tab[5]=a1^a4
+	xor	$a4,$a12,$a12
+	stx	$a2,[$tab+6*8]			! tab[6]=a2^a4
+	 xor	$a48,$a1,$a1
+	stx	$a12,[$tab+7*8]			! tab[7]=a1^a2^a4
+	 xor	$a48,$a2,$a2
+
+	stx	$a8,[$tab+8*8]			! tab[8]=a8
+	xor	$a48,$a12,$a12
+	stx	$a1,[$tab+9*8]			! tab[9]=a1^a8
+	 xor	$a4,$a1,$a1
+	stx	$a2,[$tab+10*8]			! tab[10]=a2^a8
+	 xor	$a4,$a2,$a2
+	stx	$a12,[$tab+11*8]		! tab[11]=a1^a2^a8
+
+	xor	$a4,$a12,$a12
+	stx	$a48,[$tab+12*8]		! tab[12]=a4^a8
+	 srlx	$lo,1,$hi
+	stx	$a1,[$tab+13*8]			! tab[13]=a1^a4^a8
+	 sllx	$lo,63,$lo
+	stx	$a2,[$tab+14*8]			! tab[14]=a2^a4^a8
+	 srlx	@i[0],2,@T[0]
+	stx	$a12,[$tab+15*8]		! tab[15]=a1^a2^a4^a8
+
+	sllx	@i[0],62,$a1
+	 sllx	$b,3,@i[0]
+	srlx	@i[1],3,@T[1]
+	 and	@i[0],`0xf<<3`,@i[0]
+	sllx	@i[1],61,$a2
+	 ldx	[$tab+@i[0]],@i[0]
+	 srlx	$b,4-3,@i[1]
+	xor	@T[0],$hi,$hi
+	 and	@i[1],`0xf<<3`,@i[1]
+	xor	$a1,$lo,$lo
+	 ldx	[$tab+@i[1]],@i[1]
+	xor	@T[1],$hi,$hi
+
+	xor	@i[0],$lo,$lo
+	srlx	$b,8-3,@i[0]
+	 xor	$a2,$lo,$lo
+	and	@i[0],`0xf<<3`,@i[0]
+___
+for($n=1;$n<14;$n++) {
+$code.=<<___;
+	sllx	@i[1],`$n*4`,@T[0]
+	ldx	[$tab+@i[0]],@i[0]
+	srlx	@i[1],`64-$n*4`,@T[1]
+	xor	@T[0],$lo,$lo
+	srlx	$b,`($n+2)*4`-3,@i[1]
+	xor	@T[1],$hi,$hi
+	and	@i[1],`0xf<<3`,@i[1]
+___
+	push(@i,shift(@i)); push(@T,shift(@T));
+}
+$code.=<<___;
+	sllx	@i[1],`$n*4`,@T[0]
+	ldx	[$tab+@i[0]],@i[0]
+	srlx	@i[1],`64-$n*4`,@T[1]
+	xor	@T[0],$lo,$lo
+
+	sllx	@i[0],`($n+1)*4`,@T[0]
+	 xor	@T[1],$hi,$hi
+	srlx	@i[0],`64-($n+1)*4`,@T[1]
+	xor	@T[0],$lo,$lo
+	xor	@T[1],$hi,$hi
+
+	srlx	$lo,32,%i1
+	st	$lo,[%i0+0]
+	st	%i1,[%i0+4]
+	srlx	$hi,32,%i2
+	st	$hi,[%i0+8]
+	st	%i2,[%i0+12]
+
+	ret
+	restore
+.type	bn_GF2m_mul_2x2,#function
+.size	bn_GF2m_mul_2x2,.-bn_GF2m_mul_2x2
+.asciz	"GF(2^m) Multiplication for SPARCv9, CRYPTOGAMS by <appro\@openssl.org>"
+.align	4
+___
+
+$code =~ s/\`([^\`]*)\`/eval($1)/gem;
+print $code;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/sparcv9-mont.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/sparcv9-mont.pl
new file mode 100644
index 000000000..b41903af9
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/sparcv9-mont.pl
@@ -0,0 +1,620 @@
+#! /usr/bin/env perl
+# Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# December 2005
+#
+# Pure SPARCv9/8+ and IALU-only bn_mul_mont implementation. The reasons
+# for undertaken effort are multiple. First of all, UltraSPARC is not
+# the whole SPARCv9 universe and other VIS-free implementations deserve
+# optimized code as much. Secondly, newly introduced UltraSPARC T1,
+# a.k.a. Niagara, has shared FPU and concurrent FPU-intensive paths,
+# such as sparcv9a-mont, will simply sink it. Yes, T1 is equipped with
+# several integrated RSA/DSA accelerator circuits accessible through
+# kernel driver [only(*)], but having decent user-land software
+# implementation is important too. Finally, reasons like desire to
+# experiment with dedicated squaring procedure. Yes, this module
+# implements one, because it was easiest to draft it in SPARCv9
+# instructions...
+
+# (*)	Engine accessing the driver in question is on my TODO list.
+#	For reference, accelerator is estimated to give 6 to 10 times
+#	improvement on single-threaded RSA sign. It should be noted
+#	that 6-10x improvement coefficient does not actually mean
+#	something extraordinary in terms of absolute [single-threaded]
+#	performance, as SPARCv9 instruction set is by all means least
+#	suitable for high performance crypto among other 64 bit
+#	platforms. 6-10x factor simply places T1 in same performance
+#	domain as say AMD64 and IA-64. Improvement of RSA verify don't
+#	appear impressive at all, but it's the sign operation which is
+#	far more critical/interesting.
+
+# You might notice that inner loops are modulo-scheduled:-) This has
+# essentially negligible impact on UltraSPARC performance, it's
+# Fujitsu SPARC64 V users who should notice and hopefully appreciate
+# the advantage... Currently this module surpasses sparcv9a-mont.pl
+# by ~20% on UltraSPARC-III and later cores, but recall that sparcv9a
+# module still have hidden potential [see TODO list there], which is
+# estimated to be larger than 20%...
+
+$output = pop;
+open STDOUT,">$output";
+
+# int bn_mul_mont(
+$rp="%i0";	# BN_ULONG *rp,
+$ap="%i1";	# const BN_ULONG *ap,
+$bp="%i2";	# const BN_ULONG *bp,
+$np="%i3";	# const BN_ULONG *np,
+$n0="%i4";	# const BN_ULONG *n0,
+$num="%i5";	# int num);
+
+$frame="STACK_FRAME";
+$bias="STACK_BIAS";
+
+$car0="%o0";
+$car1="%o1";
+$car2="%o2";	# 1 bit
+$acc0="%o3";
+$acc1="%o4";
+$mask="%g1";	# 32 bits, what a waste...
+$tmp0="%g4";
+$tmp1="%g5";
+
+$i="%l0";
+$j="%l1";
+$mul0="%l2";
+$mul1="%l3";
+$tp="%l4";
+$apj="%l5";
+$npj="%l6";
+$tpj="%l7";
+
+$fname="bn_mul_mont_int";
+
+$code=<<___;
+#include "sparc_arch.h"
+
+.section	".text",#alloc,#execinstr
+
+.global	$fname
+.align	32
+$fname:
+	cmp	%o5,4			! 128 bits minimum
+	bge,pt	%icc,.Lenter
+	sethi	%hi(0xffffffff),$mask
+	retl
+	clr	%o0
+.align	32
+.Lenter:
+	save	%sp,-$frame,%sp
+	sll	$num,2,$num		! num*=4
+	or	$mask,%lo(0xffffffff),$mask
+	ld	[$n0],$n0
+	cmp	$ap,$bp
+	and	$num,$mask,$num
+	ld	[$bp],$mul0		! bp[0]
+	nop
+
+	add	%sp,$bias,%o7		! real top of stack
+	ld	[$ap],$car0		! ap[0] ! redundant in squaring context
+	sub	%o7,$num,%o7
+	ld	[$ap+4],$apj		! ap[1]
+	and	%o7,-1024,%o7
+	ld	[$np],$car1		! np[0]
+	sub	%o7,$bias,%sp		! alloca
+	ld	[$np+4],$npj		! np[1]
+	be,pt	SIZE_T_CC,.Lbn_sqr_mont
+	mov	12,$j
+
+	mulx	$car0,$mul0,$car0	! ap[0]*bp[0]
+	mulx	$apj,$mul0,$tmp0	!prologue! ap[1]*bp[0]
+	and	$car0,$mask,$acc0
+	add	%sp,$bias+$frame,$tp
+	ld	[$ap+8],$apj		!prologue!
+
+	mulx	$n0,$acc0,$mul1		! "t[0]"*n0
+	and	$mul1,$mask,$mul1
+
+	mulx	$car1,$mul1,$car1	! np[0]*"t[0]"*n0
+	mulx	$npj,$mul1,$acc1	!prologue! np[1]*"t[0]"*n0
+	srlx	$car0,32,$car0
+	add	$acc0,$car1,$car1
+	ld	[$np+8],$npj		!prologue!
+	srlx	$car1,32,$car1
+	mov	$tmp0,$acc0		!prologue!
+
+.L1st:
+	mulx	$apj,$mul0,$tmp0
+	mulx	$npj,$mul1,$tmp1
+	add	$acc0,$car0,$car0
+	ld	[$ap+$j],$apj		! ap[j]
+	and	$car0,$mask,$acc0
+	add	$acc1,$car1,$car1
+	ld	[$np+$j],$npj		! np[j]
+	srlx	$car0,32,$car0
+	add	$acc0,$car1,$car1
+	add	$j,4,$j			! j++
+	mov	$tmp0,$acc0
+	st	$car1,[$tp]
+	cmp	$j,$num
+	mov	$tmp1,$acc1
+	srlx	$car1,32,$car1
+	bl	%icc,.L1st
+	add	$tp,4,$tp		! tp++
+!.L1st
+
+	mulx	$apj,$mul0,$tmp0	!epilogue!
+	mulx	$npj,$mul1,$tmp1
+	add	$acc0,$car0,$car0
+	and	$car0,$mask,$acc0
+	add	$acc1,$car1,$car1
+	srlx	$car0,32,$car0
+	add	$acc0,$car1,$car1
+	st	$car1,[$tp]
+	srlx	$car1,32,$car1
+
+	add	$tmp0,$car0,$car0
+	and	$car0,$mask,$acc0
+	add	$tmp1,$car1,$car1
+	srlx	$car0,32,$car0
+	add	$acc0,$car1,$car1
+	st	$car1,[$tp+4]
+	srlx	$car1,32,$car1
+
+	add	$car0,$car1,$car1
+	st	$car1,[$tp+8]
+	srlx	$car1,32,$car2
+
+	mov	4,$i			! i++
+	ld	[$bp+4],$mul0		! bp[1]
+.Louter:
+	add	%sp,$bias+$frame,$tp
+	ld	[$ap],$car0		! ap[0]
+	ld	[$ap+4],$apj		! ap[1]
+	ld	[$np],$car1		! np[0]
+	ld	[$np+4],$npj		! np[1]
+	ld	[$tp],$tmp1		! tp[0]
+	ld	[$tp+4],$tpj		! tp[1]
+	mov	12,$j
+
+	mulx	$car0,$mul0,$car0
+	mulx	$apj,$mul0,$tmp0	!prologue!
+	add	$tmp1,$car0,$car0
+	ld	[$ap+8],$apj		!prologue!
+	and	$car0,$mask,$acc0
+
+	mulx	$n0,$acc0,$mul1
+	and	$mul1,$mask,$mul1
+
+	mulx	$car1,$mul1,$car1
+	mulx	$npj,$mul1,$acc1	!prologue!
+	srlx	$car0,32,$car0
+	add	$acc0,$car1,$car1
+	ld	[$np+8],$npj		!prologue!
+	srlx	$car1,32,$car1
+	mov	$tmp0,$acc0		!prologue!
+
+.Linner:
+	mulx	$apj,$mul0,$tmp0
+	mulx	$npj,$mul1,$tmp1
+	add	$tpj,$car0,$car0
+	ld	[$ap+$j],$apj		! ap[j]
+	add	$acc0,$car0,$car0
+	add	$acc1,$car1,$car1
+	ld	[$np+$j],$npj		! np[j]
+	and	$car0,$mask,$acc0
+	ld	[$tp+8],$tpj		! tp[j]
+	srlx	$car0,32,$car0
+	add	$acc0,$car1,$car1
+	add	$j,4,$j			! j++
+	mov	$tmp0,$acc0
+	st	$car1,[$tp]		! tp[j-1]
+	srlx	$car1,32,$car1
+	mov	$tmp1,$acc1
+	cmp	$j,$num
+	bl	%icc,.Linner
+	add	$tp,4,$tp		! tp++
+!.Linner
+
+	mulx	$apj,$mul0,$tmp0	!epilogue!
+	mulx	$npj,$mul1,$tmp1
+	add	$tpj,$car0,$car0
+	add	$acc0,$car0,$car0
+	ld	[$tp+8],$tpj		! tp[j]
+	and	$car0,$mask,$acc0
+	add	$acc1,$car1,$car1
+	srlx	$car0,32,$car0
+	add	$acc0,$car1,$car1
+	st	$car1,[$tp]		! tp[j-1]
+	srlx	$car1,32,$car1
+
+	add	$tpj,$car0,$car0
+	add	$tmp0,$car0,$car0
+	and	$car0,$mask,$acc0
+	add	$tmp1,$car1,$car1
+	add	$acc0,$car1,$car1
+	st	$car1,[$tp+4]		! tp[j-1]
+	srlx	$car0,32,$car0
+	add	$i,4,$i			! i++
+	srlx	$car1,32,$car1
+
+	add	$car0,$car1,$car1
+	cmp	$i,$num
+	add	$car2,$car1,$car1
+	st	$car1,[$tp+8]
+
+	srlx	$car1,32,$car2
+	bl,a	%icc,.Louter
+	ld	[$bp+$i],$mul0		! bp[i]
+!.Louter
+
+	add	$tp,12,$tp
+
+.Ltail:
+	add	$np,$num,$np
+	add	$rp,$num,$rp
+	sub	%g0,$num,%o7		! k=-num
+	ba	.Lsub
+	subcc	%g0,%g0,%g0		! clear %icc.c
+.align	16
+.Lsub:
+	ld	[$tp+%o7],%o0
+	ld	[$np+%o7],%o1
+	subccc	%o0,%o1,%o1		! tp[j]-np[j]
+	add	$rp,%o7,$i
+	add	%o7,4,%o7
+	brnz	%o7,.Lsub
+	st	%o1,[$i]
+	subccc	$car2,0,$car2		! handle upmost overflow bit
+	sub	%g0,$num,%o7
+
+.Lcopy:
+	ld	[$tp+%o7],%o1		! conditional copy
+	ld	[$rp+%o7],%o0
+	st	%g0,[$tp+%o7]		! zap tp
+	movcs	%icc,%o1,%o0
+	st	%o0,[$rp+%o7]
+	add	%o7,4,%o7
+	brnz	%o7,.Lcopy
+	nop
+	mov	1,%i0
+	ret
+	restore
+___
+
+########
+######## .Lbn_sqr_mont gives up to 20% *overall* improvement over
+######## code without following dedicated squaring procedure.
+########
+$sbit="%o5";
+
+$code.=<<___;
+.align	32
+.Lbn_sqr_mont:
+	mulx	$mul0,$mul0,$car0		! ap[0]*ap[0]
+	mulx	$apj,$mul0,$tmp0		!prologue!
+	and	$car0,$mask,$acc0
+	add	%sp,$bias+$frame,$tp
+	ld	[$ap+8],$apj			!prologue!
+
+	mulx	$n0,$acc0,$mul1			! "t[0]"*n0
+	srlx	$car0,32,$car0
+	and	$mul1,$mask,$mul1
+
+	mulx	$car1,$mul1,$car1		! np[0]*"t[0]"*n0
+	mulx	$npj,$mul1,$acc1		!prologue!
+	and	$car0,1,$sbit
+	ld	[$np+8],$npj			!prologue!
+	srlx	$car0,1,$car0
+	add	$acc0,$car1,$car1
+	srlx	$car1,32,$car1
+	mov	$tmp0,$acc0			!prologue!
+
+.Lsqr_1st:
+	mulx	$apj,$mul0,$tmp0
+	mulx	$npj,$mul1,$tmp1
+	add	$acc0,$car0,$car0		! ap[j]*a0+c0
+	add	$acc1,$car1,$car1
+	ld	[$ap+$j],$apj			! ap[j]
+	and	$car0,$mask,$acc0
+	ld	[$np+$j],$npj			! np[j]
+	srlx	$car0,32,$car0
+	add	$acc0,$acc0,$acc0
+	or	$sbit,$acc0,$acc0
+	mov	$tmp1,$acc1
+	srlx	$acc0,32,$sbit
+	add	$j,4,$j				! j++
+	and	$acc0,$mask,$acc0
+	cmp	$j,$num
+	add	$acc0,$car1,$car1
+	st	$car1,[$tp]
+	mov	$tmp0,$acc0
+	srlx	$car1,32,$car1
+	bl	%icc,.Lsqr_1st
+	add	$tp,4,$tp			! tp++
+!.Lsqr_1st
+
+	mulx	$apj,$mul0,$tmp0		! epilogue
+	mulx	$npj,$mul1,$tmp1
+	add	$acc0,$car0,$car0		! ap[j]*a0+c0
+	add	$acc1,$car1,$car1
+	and	$car0,$mask,$acc0
+	srlx	$car0,32,$car0
+	add	$acc0,$acc0,$acc0
+	or	$sbit,$acc0,$acc0
+	srlx	$acc0,32,$sbit
+	and	$acc0,$mask,$acc0
+	add	$acc0,$car1,$car1
+	st	$car1,[$tp]
+	srlx	$car1,32,$car1
+
+	add	$tmp0,$car0,$car0		! ap[j]*a0+c0
+	add	$tmp1,$car1,$car1
+	and	$car0,$mask,$acc0
+	srlx	$car0,32,$car0
+	add	$acc0,$acc0,$acc0
+	or	$sbit,$acc0,$acc0
+	srlx	$acc0,32,$sbit
+	and	$acc0,$mask,$acc0
+	add	$acc0,$car1,$car1
+	st	$car1,[$tp+4]
+	srlx	$car1,32,$car1
+
+	add	$car0,$car0,$car0
+	or	$sbit,$car0,$car0
+	add	$car0,$car1,$car1
+	st	$car1,[$tp+8]
+	srlx	$car1,32,$car2
+
+	ld	[%sp+$bias+$frame],$tmp0	! tp[0]
+	ld	[%sp+$bias+$frame+4],$tmp1	! tp[1]
+	ld	[%sp+$bias+$frame+8],$tpj	! tp[2]
+	ld	[$ap+4],$mul0			! ap[1]
+	ld	[$ap+8],$apj			! ap[2]
+	ld	[$np],$car1			! np[0]
+	ld	[$np+4],$npj			! np[1]
+	mulx	$n0,$tmp0,$mul1
+
+	mulx	$mul0,$mul0,$car0
+	and	$mul1,$mask,$mul1
+
+	mulx	$car1,$mul1,$car1
+	mulx	$npj,$mul1,$acc1
+	add	$tmp0,$car1,$car1
+	and	$car0,$mask,$acc0
+	ld	[$np+8],$npj			! np[2]
+	srlx	$car1,32,$car1
+	add	$tmp1,$car1,$car1
+	srlx	$car0,32,$car0
+	add	$acc0,$car1,$car1
+	and	$car0,1,$sbit
+	add	$acc1,$car1,$car1
+	srlx	$car0,1,$car0
+	mov	12,$j
+	st	$car1,[%sp+$bias+$frame]	! tp[0]=
+	srlx	$car1,32,$car1
+	add	%sp,$bias+$frame+4,$tp
+
+.Lsqr_2nd:
+	mulx	$apj,$mul0,$acc0
+	mulx	$npj,$mul1,$acc1
+	add	$acc0,$car0,$car0
+	add	$tpj,$sbit,$sbit
+	ld	[$ap+$j],$apj			! ap[j]
+	and	$car0,$mask,$acc0
+	ld	[$np+$j],$npj			! np[j]
+	srlx	$car0,32,$car0
+	add	$acc1,$car1,$car1
+	ld	[$tp+8],$tpj			! tp[j]
+	add	$acc0,$acc0,$acc0
+	add	$j,4,$j				! j++
+	add	$sbit,$acc0,$acc0
+	srlx	$acc0,32,$sbit
+	and	$acc0,$mask,$acc0
+	cmp	$j,$num
+	add	$acc0,$car1,$car1
+	st	$car1,[$tp]			! tp[j-1]
+	srlx	$car1,32,$car1
+	bl	%icc,.Lsqr_2nd
+	add	$tp,4,$tp			! tp++
+!.Lsqr_2nd
+
+	mulx	$apj,$mul0,$acc0
+	mulx	$npj,$mul1,$acc1
+	add	$acc0,$car0,$car0
+	add	$tpj,$sbit,$sbit
+	and	$car0,$mask,$acc0
+	srlx	$car0,32,$car0
+	add	$acc1,$car1,$car1
+	add	$acc0,$acc0,$acc0
+	add	$sbit,$acc0,$acc0
+	srlx	$acc0,32,$sbit
+	and	$acc0,$mask,$acc0
+	add	$acc0,$car1,$car1
+	st	$car1,[$tp]			! tp[j-1]
+	srlx	$car1,32,$car1
+
+	add	$car0,$car0,$car0
+	add	$sbit,$car0,$car0
+	add	$car0,$car1,$car1
+	add	$car2,$car1,$car1
+	st	$car1,[$tp+4]
+	srlx	$car1,32,$car2
+
+	ld	[%sp+$bias+$frame],$tmp1	! tp[0]
+	ld	[%sp+$bias+$frame+4],$tpj	! tp[1]
+	ld	[$ap+8],$mul0			! ap[2]
+	ld	[$np],$car1			! np[0]
+	ld	[$np+4],$npj			! np[1]
+	mulx	$n0,$tmp1,$mul1
+	and	$mul1,$mask,$mul1
+	mov	8,$i
+
+	mulx	$mul0,$mul0,$car0
+	mulx	$car1,$mul1,$car1
+	and	$car0,$mask,$acc0
+	add	$tmp1,$car1,$car1
+	srlx	$car0,32,$car0
+	add	%sp,$bias+$frame,$tp
+	srlx	$car1,32,$car1
+	and	$car0,1,$sbit
+	srlx	$car0,1,$car0
+	mov	4,$j
+
+.Lsqr_outer:
+.Lsqr_inner1:
+	mulx	$npj,$mul1,$acc1
+	add	$tpj,$car1,$car1
+	add	$j,4,$j
+	ld	[$tp+8],$tpj
+	cmp	$j,$i
+	add	$acc1,$car1,$car1
+	ld	[$np+$j],$npj
+	st	$car1,[$tp]
+	srlx	$car1,32,$car1
+	bl	%icc,.Lsqr_inner1
+	add	$tp,4,$tp
+!.Lsqr_inner1
+
+	add	$j,4,$j
+	ld	[$ap+$j],$apj			! ap[j]
+	mulx	$npj,$mul1,$acc1
+	add	$tpj,$car1,$car1
+	ld	[$np+$j],$npj			! np[j]
+	srlx	$car1,32,$tmp0
+	and	$car1,$mask,$car1
+	add	$tmp0,$sbit,$sbit
+	add	$acc0,$car1,$car1
+	ld	[$tp+8],$tpj			! tp[j]
+	add	$acc1,$car1,$car1
+	st	$car1,[$tp]
+	srlx	$car1,32,$car1
+
+	add	$j,4,$j
+	cmp	$j,$num
+	be,pn	%icc,.Lsqr_no_inner2
+	add	$tp,4,$tp
+
+.Lsqr_inner2:
+	mulx	$apj,$mul0,$acc0
+	mulx	$npj,$mul1,$acc1
+	add	$tpj,$sbit,$sbit
+	add	$acc0,$car0,$car0
+	ld	[$ap+$j],$apj			! ap[j]
+	and	$car0,$mask,$acc0
+	ld	[$np+$j],$npj			! np[j]
+	srlx	$car0,32,$car0
+	add	$acc0,$acc0,$acc0
+	ld	[$tp+8],$tpj			! tp[j]
+	add	$sbit,$acc0,$acc0
+	add	$j,4,$j				! j++
+	srlx	$acc0,32,$sbit
+	and	$acc0,$mask,$acc0
+	cmp	$j,$num
+	add	$acc0,$car1,$car1
+	add	$acc1,$car1,$car1
+	st	$car1,[$tp]			! tp[j-1]
+	srlx	$car1,32,$car1
+	bl	%icc,.Lsqr_inner2
+	add	$tp,4,$tp			! tp++
+
+.Lsqr_no_inner2:
+	mulx	$apj,$mul0,$acc0
+	mulx	$npj,$mul1,$acc1
+	add	$tpj,$sbit,$sbit
+	add	$acc0,$car0,$car0
+	and	$car0,$mask,$acc0
+	srlx	$car0,32,$car0
+	add	$acc0,$acc0,$acc0
+	add	$sbit,$acc0,$acc0
+	srlx	$acc0,32,$sbit
+	and	$acc0,$mask,$acc0
+	add	$acc0,$car1,$car1
+	add	$acc1,$car1,$car1
+	st	$car1,[$tp]			! tp[j-1]
+	srlx	$car1,32,$car1
+
+	add	$car0,$car0,$car0
+	add	$sbit,$car0,$car0
+	add	$car0,$car1,$car1
+	add	$car2,$car1,$car1
+	st	$car1,[$tp+4]
+	srlx	$car1,32,$car2
+
+	add	$i,4,$i				! i++
+	ld	[%sp+$bias+$frame],$tmp1	! tp[0]
+	ld	[%sp+$bias+$frame+4],$tpj	! tp[1]
+	ld	[$ap+$i],$mul0			! ap[j]
+	ld	[$np],$car1			! np[0]
+	ld	[$np+4],$npj			! np[1]
+	mulx	$n0,$tmp1,$mul1
+	and	$mul1,$mask,$mul1
+	add	$i,4,$tmp0
+
+	mulx	$mul0,$mul0,$car0
+	mulx	$car1,$mul1,$car1
+	and	$car0,$mask,$acc0
+	add	$tmp1,$car1,$car1
+	srlx	$car0,32,$car0
+	add	%sp,$bias+$frame,$tp
+	srlx	$car1,32,$car1
+	and	$car0,1,$sbit
+	srlx	$car0,1,$car0
+
+	cmp	$tmp0,$num			! i<num-1
+	bl	%icc,.Lsqr_outer
+	mov	4,$j
+
+.Lsqr_last:
+	mulx	$npj,$mul1,$acc1
+	add	$tpj,$car1,$car1
+	add	$j,4,$j
+	ld	[$tp+8],$tpj
+	cmp	$j,$i
+	add	$acc1,$car1,$car1
+	ld	[$np+$j],$npj
+	st	$car1,[$tp]
+	srlx	$car1,32,$car1
+	bl	%icc,.Lsqr_last
+	add	$tp,4,$tp
+!.Lsqr_last
+
+	mulx	$npj,$mul1,$acc1
+	add	$tpj,$acc0,$acc0
+	srlx	$acc0,32,$tmp0
+	and	$acc0,$mask,$acc0
+	add	$tmp0,$sbit,$sbit
+	add	$acc0,$car1,$car1
+	add	$acc1,$car1,$car1
+	st	$car1,[$tp]
+	srlx	$car1,32,$car1
+
+	add	$car0,$car0,$car0		! recover $car0
+	add	$sbit,$car0,$car0
+	add	$car0,$car1,$car1
+	add	$car2,$car1,$car1
+	st	$car1,[$tp+4]
+	srlx	$car1,32,$car2
+
+	ba	.Ltail
+	add	$tp,8,$tp
+.type	$fname,#function
+.size	$fname,(.-$fname)
+.asciz	"Montgomery Multiplication for SPARCv9, CRYPTOGAMS by <appro\@openssl.org>"
+.align	32
+___
+$code =~ s/\`([^\`]*)\`/eval($1)/gem;
+print $code;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/sparcv9a-mont.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/sparcv9a-mont.pl
new file mode 100755
index 000000000..c8f759df9
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/sparcv9a-mont.pl
@@ -0,0 +1,887 @@
+#! /usr/bin/env perl
+# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# October 2005
+#
+# "Teaser" Montgomery multiplication module for UltraSPARC. Why FPU?
+# Because unlike integer multiplier, which simply stalls whole CPU,
+# FPU is fully pipelined and can effectively emit 48 bit partial
+# product every cycle. Why not blended SPARC v9? One can argue that
+# making this module dependent on UltraSPARC VIS extension limits its
+# binary compatibility. Well yes, it does exclude SPARC64 prior-V(!)
+# implementations from compatibility matrix. But the rest, whole Sun
+# UltraSPARC family and brand new Fujitsu's SPARC64 V, all support
+# VIS extension instructions used in this module. This is considered
+# good enough to not care about HAL SPARC64 users [if any] who have
+# integer-only pure SPARCv9 module to "fall down" to.
+
+# USI&II cores currently exhibit uniform 2x improvement [over pre-
+# bn_mul_mont codebase] for all key lengths and benchmarks. On USIII
+# performance improves few percents for shorter keys and worsens few
+# percents for longer keys. This is because USIII integer multiplier
+# is >3x faster than USI&II one, which is harder to match [but see
+# TODO list below]. It should also be noted that SPARC64 V features
+# out-of-order execution, which *might* mean that integer multiplier
+# is pipelined, which in turn *might* be impossible to match... On
+# additional note, SPARC64 V implements FP Multiply-Add instruction,
+# which is perfectly usable in this context... In other words, as far
+# as Fujitsu SPARC64 V goes, talk to the author:-)
+
+# The implementation implies following "non-natural" limitations on
+# input arguments:
+# - num may not be less than 4;
+# - num has to be even;
+# Failure to meet either condition has no fatal effects, simply
+# doesn't give any performance gain.
+
+# TODO:
+# - modulo-schedule inner loop for better performance (on in-order
+#   execution core such as UltraSPARC this shall result in further
+#   noticeable(!) improvement);
+# - dedicated squaring procedure[?];
+
+######################################################################
+# November 2006
+#
+# Modulo-scheduled inner loops allow to interleave floating point and
+# integer instructions and minimize Read-After-Write penalties. This
+# results in *further* 20-50% performance improvement [depending on
+# key length, more for longer keys] on USI&II cores and 30-80% - on
+# USIII&IV.
+
+$output = pop;
+open STDOUT,">$output";
+
+$fname="bn_mul_mont_fpu";
+
+$frame="STACK_FRAME";
+$bias="STACK_BIAS";
+$locals=64;
+
+# In order to provide for 32-/64-bit ABI duality, I keep integers wider
+# than 32 bit in %g1-%g4 and %o0-%o5. %l0-%l7 and %i0-%i5 are used
+# exclusively for pointers, indexes and other small values...
+# int bn_mul_mont(
+$rp="%i0";	# BN_ULONG *rp,
+$ap="%i1";	# const BN_ULONG *ap,
+$bp="%i2";	# const BN_ULONG *bp,
+$np="%i3";	# const BN_ULONG *np,
+$n0="%i4";	# const BN_ULONG *n0,
+$num="%i5";	# int num);
+
+$tp="%l0";	# t[num]
+$ap_l="%l1";	# a[num],n[num] are smashed to 32-bit words and saved
+$ap_h="%l2";	# to these four vectors as double-precision FP values.
+$np_l="%l3";	# This way a bunch of fxtods are eliminated in second
+$np_h="%l4";	# loop and L1-cache aliasing is minimized...
+$i="%l5";
+$j="%l6";
+$mask="%l7";	# 16-bit mask, 0xffff
+
+$n0="%g4";	# reassigned(!) to "64-bit" register
+$carry="%i4";	# %i4 reused(!) for a carry bit
+
+# FP register naming chart
+#
+#     ..HILO
+#       dcba
+#   --------
+#        LOa
+#       LOb
+#      LOc
+#     LOd
+#      HIa
+#     HIb
+#    HIc
+#   HId
+#    ..a
+#   ..b
+$ba="%f0";    $bb="%f2";    $bc="%f4";    $bd="%f6";
+$na="%f8";    $nb="%f10";   $nc="%f12";   $nd="%f14";
+$alo="%f16";  $alo_="%f17"; $ahi="%f18";  $ahi_="%f19";
+$nlo="%f20";  $nlo_="%f21"; $nhi="%f22";  $nhi_="%f23";
+
+$dota="%f24"; $dotb="%f26";
+
+$aloa="%f32"; $alob="%f34"; $aloc="%f36"; $alod="%f38";
+$ahia="%f40"; $ahib="%f42"; $ahic="%f44"; $ahid="%f46";
+$nloa="%f48"; $nlob="%f50"; $nloc="%f52"; $nlod="%f54";
+$nhia="%f56"; $nhib="%f58"; $nhic="%f60"; $nhid="%f62";
+
+$ASI_FL16_P=0xD2;	# magic ASI value to engage 16-bit FP load
+
+$code=<<___;
+#include "sparc_arch.h"
+
+.section	".text",#alloc,#execinstr
+
+.global $fname
+.align  32
+$fname:
+	save	%sp,-$frame-$locals,%sp
+
+	cmp	$num,4
+	bl,a,pn %icc,.Lret
+	clr	%i0
+	andcc	$num,1,%g0		! $num has to be even...
+	bnz,a,pn %icc,.Lret
+	clr	%i0			! signal "unsupported input value"
+
+	srl	$num,1,$num
+	sethi	%hi(0xffff),$mask
+	ld	[%i4+0],$n0		! $n0 reassigned, remember?
+	or	$mask,%lo(0xffff),$mask
+	ld	[%i4+4],%o0
+	sllx	%o0,32,%o0
+	or	%o0,$n0,$n0		! $n0=n0[1].n0[0]
+
+	sll	$num,3,$num		! num*=8
+
+	add	%sp,$bias,%o0		! real top of stack
+	sll	$num,2,%o1
+	add	%o1,$num,%o1		! %o1=num*5
+	sub	%o0,%o1,%o0
+	and	%o0,-2048,%o0		! optimize TLB utilization
+	sub	%o0,$bias,%sp		! alloca(5*num*8)
+
+	rd	%asi,%o7		! save %asi
+	add	%sp,$bias+$frame+$locals,$tp
+	add	$tp,$num,$ap_l
+	add	$ap_l,$num,$ap_l	! [an]p_[lh] point at the vectors' ends !
+	add	$ap_l,$num,$ap_h
+	add	$ap_h,$num,$np_l
+	add	$np_l,$num,$np_h
+
+	wr	%g0,$ASI_FL16_P,%asi	! setup %asi for 16-bit FP loads
+
+	add	$rp,$num,$rp		! readjust input pointers to point
+	add	$ap,$num,$ap		! at the ends too...
+	add	$bp,$num,$bp
+	add	$np,$num,$np
+
+	stx	%o7,[%sp+$bias+$frame+48]	! save %asi
+
+	sub	%g0,$num,$i		! i=-num
+	sub	%g0,$num,$j		! j=-num
+
+	add	$ap,$j,%o3
+	add	$bp,$i,%o4
+
+	ld	[%o3+4],%g1		! bp[0]
+	ld	[%o3+0],%o0
+	ld	[%o4+4],%g5		! ap[0]
+	sllx	%g1,32,%g1
+	ld	[%o4+0],%o1
+	sllx	%g5,32,%g5
+	or	%g1,%o0,%o0
+	or	%g5,%o1,%o1
+
+	add	$np,$j,%o5
+
+	mulx	%o1,%o0,%o0		! ap[0]*bp[0]
+	mulx	$n0,%o0,%o0		! ap[0]*bp[0]*n0
+	stx	%o0,[%sp+$bias+$frame+0]
+
+	ld	[%o3+0],$alo_	! load a[j] as pair of 32-bit words
+	fzeros	$alo
+	ld	[%o3+4],$ahi_
+	fzeros	$ahi
+	ld	[%o5+0],$nlo_	! load n[j] as pair of 32-bit words
+	fzeros	$nlo
+	ld	[%o5+4],$nhi_
+	fzeros	$nhi
+
+	! transfer b[i] to FPU as 4x16-bit values
+	ldda	[%o4+2]%asi,$ba
+	fxtod	$alo,$alo
+	ldda	[%o4+0]%asi,$bb
+	fxtod	$ahi,$ahi
+	ldda	[%o4+6]%asi,$bc
+	fxtod	$nlo,$nlo
+	ldda	[%o4+4]%asi,$bd
+	fxtod	$nhi,$nhi
+
+	! transfer ap[0]*b[0]*n0 to FPU as 4x16-bit values
+	ldda	[%sp+$bias+$frame+6]%asi,$na
+	fxtod	$ba,$ba
+	ldda	[%sp+$bias+$frame+4]%asi,$nb
+	fxtod	$bb,$bb
+	ldda	[%sp+$bias+$frame+2]%asi,$nc
+	fxtod	$bc,$bc
+	ldda	[%sp+$bias+$frame+0]%asi,$nd
+	fxtod	$bd,$bd
+
+	std	$alo,[$ap_l+$j]		! save smashed ap[j] in double format
+	fxtod	$na,$na
+	std	$ahi,[$ap_h+$j]
+	fxtod	$nb,$nb
+	std	$nlo,[$np_l+$j]		! save smashed np[j] in double format
+	fxtod	$nc,$nc
+	std	$nhi,[$np_h+$j]
+	fxtod	$nd,$nd
+
+		fmuld	$alo,$ba,$aloa
+		fmuld	$nlo,$na,$nloa
+		fmuld	$alo,$bb,$alob
+		fmuld	$nlo,$nb,$nlob
+		fmuld	$alo,$bc,$aloc
+	faddd	$aloa,$nloa,$nloa
+		fmuld	$nlo,$nc,$nloc
+		fmuld	$alo,$bd,$alod
+	faddd	$alob,$nlob,$nlob
+		fmuld	$nlo,$nd,$nlod
+		fmuld	$ahi,$ba,$ahia
+	faddd	$aloc,$nloc,$nloc
+		fmuld	$nhi,$na,$nhia
+		fmuld	$ahi,$bb,$ahib
+	faddd	$alod,$nlod,$nlod
+		fmuld	$nhi,$nb,$nhib
+		fmuld	$ahi,$bc,$ahic
+	faddd	$ahia,$nhia,$nhia
+		fmuld	$nhi,$nc,$nhic
+		fmuld	$ahi,$bd,$ahid
+	faddd	$ahib,$nhib,$nhib
+		fmuld	$nhi,$nd,$nhid
+
+	faddd	$ahic,$nhic,$dota	! $nhic
+	faddd	$ahid,$nhid,$dotb	! $nhid
+
+	faddd	$nloc,$nhia,$nloc
+	faddd	$nlod,$nhib,$nlod
+
+	fdtox	$nloa,$nloa
+	fdtox	$nlob,$nlob
+	fdtox	$nloc,$nloc
+	fdtox	$nlod,$nlod
+
+	std	$nloa,[%sp+$bias+$frame+0]
+	add	$j,8,$j
+	std	$nlob,[%sp+$bias+$frame+8]
+	add	$ap,$j,%o4
+	std	$nloc,[%sp+$bias+$frame+16]
+	add	$np,$j,%o5
+	std	$nlod,[%sp+$bias+$frame+24]
+
+	ld	[%o4+0],$alo_	! load a[j] as pair of 32-bit words
+	fzeros	$alo
+	ld	[%o4+4],$ahi_
+	fzeros	$ahi
+	ld	[%o5+0],$nlo_	! load n[j] as pair of 32-bit words
+	fzeros	$nlo
+	ld	[%o5+4],$nhi_
+	fzeros	$nhi
+
+	fxtod	$alo,$alo
+	fxtod	$ahi,$ahi
+	fxtod	$nlo,$nlo
+	fxtod	$nhi,$nhi
+
+	ldx	[%sp+$bias+$frame+0],%o0
+		fmuld	$alo,$ba,$aloa
+	ldx	[%sp+$bias+$frame+8],%o1
+		fmuld	$nlo,$na,$nloa
+	ldx	[%sp+$bias+$frame+16],%o2
+		fmuld	$alo,$bb,$alob
+	ldx	[%sp+$bias+$frame+24],%o3
+		fmuld	$nlo,$nb,$nlob
+
+	srlx	%o0,16,%o7
+	std	$alo,[$ap_l+$j]		! save smashed ap[j] in double format
+		fmuld	$alo,$bc,$aloc
+	add	%o7,%o1,%o1
+	std	$ahi,[$ap_h+$j]
+		faddd	$aloa,$nloa,$nloa
+		fmuld	$nlo,$nc,$nloc
+	srlx	%o1,16,%o7
+	std	$nlo,[$np_l+$j]		! save smashed np[j] in double format
+		fmuld	$alo,$bd,$alod
+	add	%o7,%o2,%o2
+	std	$nhi,[$np_h+$j]
+		faddd	$alob,$nlob,$nlob
+		fmuld	$nlo,$nd,$nlod
+	srlx	%o2,16,%o7
+		fmuld	$ahi,$ba,$ahia
+	add	%o7,%o3,%o3		! %o3.%o2[0..15].%o1[0..15].%o0[0..15]
+		faddd	$aloc,$nloc,$nloc
+		fmuld	$nhi,$na,$nhia
+	!and	%o0,$mask,%o0
+	!and	%o1,$mask,%o1
+	!and	%o2,$mask,%o2
+	!sllx	%o1,16,%o1
+	!sllx	%o2,32,%o2
+	!sllx	%o3,48,%o7
+	!or	%o1,%o0,%o0
+	!or	%o2,%o0,%o0
+	!or	%o7,%o0,%o0		! 64-bit result
+	srlx	%o3,16,%g1		! 34-bit carry
+		fmuld	$ahi,$bb,$ahib
+
+	faddd	$alod,$nlod,$nlod
+		fmuld	$nhi,$nb,$nhib
+		fmuld	$ahi,$bc,$ahic
+	faddd	$ahia,$nhia,$nhia
+		fmuld	$nhi,$nc,$nhic
+		fmuld	$ahi,$bd,$ahid
+	faddd	$ahib,$nhib,$nhib
+		fmuld	$nhi,$nd,$nhid
+
+	faddd	$dota,$nloa,$nloa
+	faddd	$dotb,$nlob,$nlob
+	faddd	$ahic,$nhic,$dota	! $nhic
+	faddd	$ahid,$nhid,$dotb	! $nhid
+
+	faddd	$nloc,$nhia,$nloc
+	faddd	$nlod,$nhib,$nlod
+
+	fdtox	$nloa,$nloa
+	fdtox	$nlob,$nlob
+	fdtox	$nloc,$nloc
+	fdtox	$nlod,$nlod
+
+	std	$nloa,[%sp+$bias+$frame+0]
+	std	$nlob,[%sp+$bias+$frame+8]
+	addcc	$j,8,$j
+	std	$nloc,[%sp+$bias+$frame+16]
+	bz,pn	%icc,.L1stskip
+	std	$nlod,[%sp+$bias+$frame+24]
+
+.align	32			! incidentally already aligned !
+.L1st:
+	add	$ap,$j,%o4
+	add	$np,$j,%o5
+	ld	[%o4+0],$alo_	! load a[j] as pair of 32-bit words
+	fzeros	$alo
+	ld	[%o4+4],$ahi_
+	fzeros	$ahi
+	ld	[%o5+0],$nlo_	! load n[j] as pair of 32-bit words
+	fzeros	$nlo
+	ld	[%o5+4],$nhi_
+	fzeros	$nhi
+
+	fxtod	$alo,$alo
+	fxtod	$ahi,$ahi
+	fxtod	$nlo,$nlo
+	fxtod	$nhi,$nhi
+
+	ldx	[%sp+$bias+$frame+0],%o0
+		fmuld	$alo,$ba,$aloa
+	ldx	[%sp+$bias+$frame+8],%o1
+		fmuld	$nlo,$na,$nloa
+	ldx	[%sp+$bias+$frame+16],%o2
+		fmuld	$alo,$bb,$alob
+	ldx	[%sp+$bias+$frame+24],%o3
+		fmuld	$nlo,$nb,$nlob
+
+	srlx	%o0,16,%o7
+	std	$alo,[$ap_l+$j]		! save smashed ap[j] in double format
+		fmuld	$alo,$bc,$aloc
+	add	%o7,%o1,%o1
+	std	$ahi,[$ap_h+$j]
+		faddd	$aloa,$nloa,$nloa
+		fmuld	$nlo,$nc,$nloc
+	srlx	%o1,16,%o7
+	std	$nlo,[$np_l+$j]		! save smashed np[j] in double format
+		fmuld	$alo,$bd,$alod
+	add	%o7,%o2,%o2
+	std	$nhi,[$np_h+$j]
+		faddd	$alob,$nlob,$nlob
+		fmuld	$nlo,$nd,$nlod
+	srlx	%o2,16,%o7
+		fmuld	$ahi,$ba,$ahia
+	add	%o7,%o3,%o3		! %o3.%o2[0..15].%o1[0..15].%o0[0..15]
+	and	%o0,$mask,%o0
+		faddd	$aloc,$nloc,$nloc
+		fmuld	$nhi,$na,$nhia
+	and	%o1,$mask,%o1
+	and	%o2,$mask,%o2
+		fmuld	$ahi,$bb,$ahib
+	sllx	%o1,16,%o1
+		faddd	$alod,$nlod,$nlod
+		fmuld	$nhi,$nb,$nhib
+	sllx	%o2,32,%o2
+		fmuld	$ahi,$bc,$ahic
+	sllx	%o3,48,%o7
+	or	%o1,%o0,%o0
+		faddd	$ahia,$nhia,$nhia
+		fmuld	$nhi,$nc,$nhic
+	or	%o2,%o0,%o0
+		fmuld	$ahi,$bd,$ahid
+	or	%o7,%o0,%o0		! 64-bit result
+		faddd	$ahib,$nhib,$nhib
+		fmuld	$nhi,$nd,$nhid
+	addcc	%g1,%o0,%o0
+		faddd	$dota,$nloa,$nloa
+	srlx	%o3,16,%g1		! 34-bit carry
+		faddd	$dotb,$nlob,$nlob
+	bcs,a	%xcc,.+8
+	add	%g1,1,%g1
+
+	stx	%o0,[$tp]		! tp[j-1]=
+
+	faddd	$ahic,$nhic,$dota	! $nhic
+	faddd	$ahid,$nhid,$dotb	! $nhid
+
+	faddd	$nloc,$nhia,$nloc
+	faddd	$nlod,$nhib,$nlod
+
+	fdtox	$nloa,$nloa
+	fdtox	$nlob,$nlob
+	fdtox	$nloc,$nloc
+	fdtox	$nlod,$nlod
+
+	std	$nloa,[%sp+$bias+$frame+0]
+	std	$nlob,[%sp+$bias+$frame+8]
+	std	$nloc,[%sp+$bias+$frame+16]
+	std	$nlod,[%sp+$bias+$frame+24]
+
+	addcc	$j,8,$j
+	bnz,pt	%icc,.L1st
+	add	$tp,8,$tp
+
+.L1stskip:
+	fdtox	$dota,$dota
+	fdtox	$dotb,$dotb
+
+	ldx	[%sp+$bias+$frame+0],%o0
+	ldx	[%sp+$bias+$frame+8],%o1
+	ldx	[%sp+$bias+$frame+16],%o2
+	ldx	[%sp+$bias+$frame+24],%o3
+
+	srlx	%o0,16,%o7
+	std	$dota,[%sp+$bias+$frame+32]
+	add	%o7,%o1,%o1
+	std	$dotb,[%sp+$bias+$frame+40]
+	srlx	%o1,16,%o7
+	add	%o7,%o2,%o2
+	srlx	%o2,16,%o7
+	add	%o7,%o3,%o3		! %o3.%o2[0..15].%o1[0..15].%o0[0..15]
+	and	%o0,$mask,%o0
+	and	%o1,$mask,%o1
+	and	%o2,$mask,%o2
+	sllx	%o1,16,%o1
+	sllx	%o2,32,%o2
+	sllx	%o3,48,%o7
+	or	%o1,%o0,%o0
+	or	%o2,%o0,%o0
+	or	%o7,%o0,%o0		! 64-bit result
+	ldx	[%sp+$bias+$frame+32],%o4
+	addcc	%g1,%o0,%o0
+	ldx	[%sp+$bias+$frame+40],%o5
+	srlx	%o3,16,%g1		! 34-bit carry
+	bcs,a	%xcc,.+8
+	add	%g1,1,%g1
+
+	stx	%o0,[$tp]		! tp[j-1]=
+	add	$tp,8,$tp
+
+	srlx	%o4,16,%o7
+	add	%o7,%o5,%o5
+	and	%o4,$mask,%o4
+	sllx	%o5,16,%o7
+	or	%o7,%o4,%o4
+	addcc	%g1,%o4,%o4
+	srlx	%o5,48,%g1
+	bcs,a	%xcc,.+8
+	add	%g1,1,%g1
+
+	mov	%g1,$carry
+	stx	%o4,[$tp]		! tp[num-1]=
+
+	ba	.Louter
+	add	$i,8,$i
+.align	32
+.Louter:
+	sub	%g0,$num,$j		! j=-num
+	add	%sp,$bias+$frame+$locals,$tp
+
+	add	$ap,$j,%o3
+	add	$bp,$i,%o4
+
+	ld	[%o3+4],%g1		! bp[i]
+	ld	[%o3+0],%o0
+	ld	[%o4+4],%g5		! ap[0]
+	sllx	%g1,32,%g1
+	ld	[%o4+0],%o1
+	sllx	%g5,32,%g5
+	or	%g1,%o0,%o0
+	or	%g5,%o1,%o1
+
+	ldx	[$tp],%o2		! tp[0]
+	mulx	%o1,%o0,%o0
+	addcc	%o2,%o0,%o0
+	mulx	$n0,%o0,%o0		! (ap[0]*bp[i]+t[0])*n0
+	stx	%o0,[%sp+$bias+$frame+0]
+
+	! transfer b[i] to FPU as 4x16-bit values
+	ldda	[%o4+2]%asi,$ba
+	ldda	[%o4+0]%asi,$bb
+	ldda	[%o4+6]%asi,$bc
+	ldda	[%o4+4]%asi,$bd
+
+	! transfer (ap[0]*b[i]+t[0])*n0 to FPU as 4x16-bit values
+	ldda	[%sp+$bias+$frame+6]%asi,$na
+	fxtod	$ba,$ba
+	ldda	[%sp+$bias+$frame+4]%asi,$nb
+	fxtod	$bb,$bb
+	ldda	[%sp+$bias+$frame+2]%asi,$nc
+	fxtod	$bc,$bc
+	ldda	[%sp+$bias+$frame+0]%asi,$nd
+	fxtod	$bd,$bd
+	ldd	[$ap_l+$j],$alo		! load a[j] in double format
+	fxtod	$na,$na
+	ldd	[$ap_h+$j],$ahi
+	fxtod	$nb,$nb
+	ldd	[$np_l+$j],$nlo		! load n[j] in double format
+	fxtod	$nc,$nc
+	ldd	[$np_h+$j],$nhi
+	fxtod	$nd,$nd
+
+		fmuld	$alo,$ba,$aloa
+		fmuld	$nlo,$na,$nloa
+		fmuld	$alo,$bb,$alob
+		fmuld	$nlo,$nb,$nlob
+		fmuld	$alo,$bc,$aloc
+	faddd	$aloa,$nloa,$nloa
+		fmuld	$nlo,$nc,$nloc
+		fmuld	$alo,$bd,$alod
+	faddd	$alob,$nlob,$nlob
+		fmuld	$nlo,$nd,$nlod
+		fmuld	$ahi,$ba,$ahia
+	faddd	$aloc,$nloc,$nloc
+		fmuld	$nhi,$na,$nhia
+		fmuld	$ahi,$bb,$ahib
+	faddd	$alod,$nlod,$nlod
+		fmuld	$nhi,$nb,$nhib
+		fmuld	$ahi,$bc,$ahic
+	faddd	$ahia,$nhia,$nhia
+		fmuld	$nhi,$nc,$nhic
+		fmuld	$ahi,$bd,$ahid
+	faddd	$ahib,$nhib,$nhib
+		fmuld	$nhi,$nd,$nhid
+
+	faddd	$ahic,$nhic,$dota	! $nhic
+	faddd	$ahid,$nhid,$dotb	! $nhid
+
+	faddd	$nloc,$nhia,$nloc
+	faddd	$nlod,$nhib,$nlod
+
+	fdtox	$nloa,$nloa
+	fdtox	$nlob,$nlob
+	fdtox	$nloc,$nloc
+	fdtox	$nlod,$nlod
+
+	std	$nloa,[%sp+$bias+$frame+0]
+	std	$nlob,[%sp+$bias+$frame+8]
+	std	$nloc,[%sp+$bias+$frame+16]
+	add	$j,8,$j
+	std	$nlod,[%sp+$bias+$frame+24]
+
+	ldd	[$ap_l+$j],$alo		! load a[j] in double format
+	ldd	[$ap_h+$j],$ahi
+	ldd	[$np_l+$j],$nlo		! load n[j] in double format
+	ldd	[$np_h+$j],$nhi
+
+		fmuld	$alo,$ba,$aloa
+		fmuld	$nlo,$na,$nloa
+		fmuld	$alo,$bb,$alob
+		fmuld	$nlo,$nb,$nlob
+		fmuld	$alo,$bc,$aloc
+	ldx	[%sp+$bias+$frame+0],%o0
+		faddd	$aloa,$nloa,$nloa
+		fmuld	$nlo,$nc,$nloc
+	ldx	[%sp+$bias+$frame+8],%o1
+		fmuld	$alo,$bd,$alod
+	ldx	[%sp+$bias+$frame+16],%o2
+		faddd	$alob,$nlob,$nlob
+		fmuld	$nlo,$nd,$nlod
+	ldx	[%sp+$bias+$frame+24],%o3
+		fmuld	$ahi,$ba,$ahia
+
+	srlx	%o0,16,%o7
+		faddd	$aloc,$nloc,$nloc
+		fmuld	$nhi,$na,$nhia
+	add	%o7,%o1,%o1
+		fmuld	$ahi,$bb,$ahib
+	srlx	%o1,16,%o7
+		faddd	$alod,$nlod,$nlod
+		fmuld	$nhi,$nb,$nhib
+	add	%o7,%o2,%o2
+		fmuld	$ahi,$bc,$ahic
+	srlx	%o2,16,%o7
+		faddd	$ahia,$nhia,$nhia
+		fmuld	$nhi,$nc,$nhic
+	add	%o7,%o3,%o3		! %o3.%o2[0..15].%o1[0..15].%o0[0..15]
+	! why?
+	and	%o0,$mask,%o0
+		fmuld	$ahi,$bd,$ahid
+	and	%o1,$mask,%o1
+	and	%o2,$mask,%o2
+		faddd	$ahib,$nhib,$nhib
+		fmuld	$nhi,$nd,$nhid
+	sllx	%o1,16,%o1
+		faddd	$dota,$nloa,$nloa
+	sllx	%o2,32,%o2
+		faddd	$dotb,$nlob,$nlob
+	sllx	%o3,48,%o7
+	or	%o1,%o0,%o0
+		faddd	$ahic,$nhic,$dota	! $nhic
+	or	%o2,%o0,%o0
+		faddd	$ahid,$nhid,$dotb	! $nhid
+	or	%o7,%o0,%o0		! 64-bit result
+	ldx	[$tp],%o7
+		faddd	$nloc,$nhia,$nloc
+	addcc	%o7,%o0,%o0
+	! end-of-why?
+		faddd	$nlod,$nhib,$nlod
+	srlx	%o3,16,%g1		! 34-bit carry
+		fdtox	$nloa,$nloa
+	bcs,a	%xcc,.+8
+	add	%g1,1,%g1
+
+	fdtox	$nlob,$nlob
+	fdtox	$nloc,$nloc
+	fdtox	$nlod,$nlod
+
+	std	$nloa,[%sp+$bias+$frame+0]
+	std	$nlob,[%sp+$bias+$frame+8]
+	addcc	$j,8,$j
+	std	$nloc,[%sp+$bias+$frame+16]
+	bz,pn	%icc,.Linnerskip
+	std	$nlod,[%sp+$bias+$frame+24]
+
+	ba	.Linner
+	nop
+.align	32
+.Linner:
+	ldd	[$ap_l+$j],$alo		! load a[j] in double format
+	ldd	[$ap_h+$j],$ahi
+	ldd	[$np_l+$j],$nlo		! load n[j] in double format
+	ldd	[$np_h+$j],$nhi
+
+		fmuld	$alo,$ba,$aloa
+		fmuld	$nlo,$na,$nloa
+		fmuld	$alo,$bb,$alob
+		fmuld	$nlo,$nb,$nlob
+		fmuld	$alo,$bc,$aloc
+	ldx	[%sp+$bias+$frame+0],%o0
+		faddd	$aloa,$nloa,$nloa
+		fmuld	$nlo,$nc,$nloc
+	ldx	[%sp+$bias+$frame+8],%o1
+		fmuld	$alo,$bd,$alod
+	ldx	[%sp+$bias+$frame+16],%o2
+		faddd	$alob,$nlob,$nlob
+		fmuld	$nlo,$nd,$nlod
+	ldx	[%sp+$bias+$frame+24],%o3
+		fmuld	$ahi,$ba,$ahia
+
+	srlx	%o0,16,%o7
+		faddd	$aloc,$nloc,$nloc
+		fmuld	$nhi,$na,$nhia
+	add	%o7,%o1,%o1
+		fmuld	$ahi,$bb,$ahib
+	srlx	%o1,16,%o7
+		faddd	$alod,$nlod,$nlod
+		fmuld	$nhi,$nb,$nhib
+	add	%o7,%o2,%o2
+		fmuld	$ahi,$bc,$ahic
+	srlx	%o2,16,%o7
+		faddd	$ahia,$nhia,$nhia
+		fmuld	$nhi,$nc,$nhic
+	add	%o7,%o3,%o3		! %o3.%o2[0..15].%o1[0..15].%o0[0..15]
+	and	%o0,$mask,%o0
+		fmuld	$ahi,$bd,$ahid
+	and	%o1,$mask,%o1
+	and	%o2,$mask,%o2
+		faddd	$ahib,$nhib,$nhib
+		fmuld	$nhi,$nd,$nhid
+	sllx	%o1,16,%o1
+		faddd	$dota,$nloa,$nloa
+	sllx	%o2,32,%o2
+		faddd	$dotb,$nlob,$nlob
+	sllx	%o3,48,%o7
+	or	%o1,%o0,%o0
+		faddd	$ahic,$nhic,$dota	! $nhic
+	or	%o2,%o0,%o0
+		faddd	$ahid,$nhid,$dotb	! $nhid
+	or	%o7,%o0,%o0		! 64-bit result
+		faddd	$nloc,$nhia,$nloc
+	addcc	%g1,%o0,%o0
+	ldx	[$tp+8],%o7		! tp[j]
+		faddd	$nlod,$nhib,$nlod
+	srlx	%o3,16,%g1		! 34-bit carry
+		fdtox	$nloa,$nloa
+	bcs,a	%xcc,.+8
+	add	%g1,1,%g1
+		fdtox	$nlob,$nlob
+	addcc	%o7,%o0,%o0
+		fdtox	$nloc,$nloc
+	bcs,a	%xcc,.+8
+	add	%g1,1,%g1
+
+	stx	%o0,[$tp]		! tp[j-1]
+		fdtox	$nlod,$nlod
+
+	std	$nloa,[%sp+$bias+$frame+0]
+	std	$nlob,[%sp+$bias+$frame+8]
+	std	$nloc,[%sp+$bias+$frame+16]
+	addcc	$j,8,$j
+	std	$nlod,[%sp+$bias+$frame+24]
+	bnz,pt	%icc,.Linner
+	add	$tp,8,$tp
+
+.Linnerskip:
+	fdtox	$dota,$dota
+	fdtox	$dotb,$dotb
+
+	ldx	[%sp+$bias+$frame+0],%o0
+	ldx	[%sp+$bias+$frame+8],%o1
+	ldx	[%sp+$bias+$frame+16],%o2
+	ldx	[%sp+$bias+$frame+24],%o3
+
+	srlx	%o0,16,%o7
+	std	$dota,[%sp+$bias+$frame+32]
+	add	%o7,%o1,%o1
+	std	$dotb,[%sp+$bias+$frame+40]
+	srlx	%o1,16,%o7
+	add	%o7,%o2,%o2
+	srlx	%o2,16,%o7
+	add	%o7,%o3,%o3		! %o3.%o2[0..15].%o1[0..15].%o0[0..15]
+	and	%o0,$mask,%o0
+	and	%o1,$mask,%o1
+	and	%o2,$mask,%o2
+	sllx	%o1,16,%o1
+	sllx	%o2,32,%o2
+	sllx	%o3,48,%o7
+	or	%o1,%o0,%o0
+	or	%o2,%o0,%o0
+	ldx	[%sp+$bias+$frame+32],%o4
+	or	%o7,%o0,%o0		! 64-bit result
+	ldx	[%sp+$bias+$frame+40],%o5
+	addcc	%g1,%o0,%o0
+	ldx	[$tp+8],%o7		! tp[j]
+	srlx	%o3,16,%g1		! 34-bit carry
+	bcs,a	%xcc,.+8
+	add	%g1,1,%g1
+
+	addcc	%o7,%o0,%o0
+	bcs,a	%xcc,.+8
+	add	%g1,1,%g1
+
+	stx	%o0,[$tp]		! tp[j-1]
+	add	$tp,8,$tp
+
+	srlx	%o4,16,%o7
+	add	%o7,%o5,%o5
+	and	%o4,$mask,%o4
+	sllx	%o5,16,%o7
+	or	%o7,%o4,%o4
+	addcc	%g1,%o4,%o4
+	srlx	%o5,48,%g1
+	bcs,a	%xcc,.+8
+	add	%g1,1,%g1
+
+	addcc	$carry,%o4,%o4
+	stx	%o4,[$tp]		! tp[num-1]
+	mov	%g1,$carry
+	bcs,a	%xcc,.+8
+	add	$carry,1,$carry
+
+	addcc	$i,8,$i
+	bnz	%icc,.Louter
+	nop
+
+	add	$tp,8,$tp		! adjust tp to point at the end
+	orn	%g0,%g0,%g4
+	sub	%g0,$num,%o7		! n=-num
+	ba	.Lsub
+	subcc	%g0,%g0,%g0		! clear %icc.c
+
+.align	32
+.Lsub:
+	ldx	[$tp+%o7],%o0
+	add	$np,%o7,%g1
+	ld	[%g1+0],%o2
+	ld	[%g1+4],%o3
+	srlx	%o0,32,%o1
+	subccc	%o0,%o2,%o2
+	add	$rp,%o7,%g1
+	subccc	%o1,%o3,%o3
+	st	%o2,[%g1+0]
+	add	%o7,8,%o7
+	brnz,pt	%o7,.Lsub
+	st	%o3,[%g1+4]
+	subc	$carry,0,%g4
+	sub	%g0,$num,%o7		! n=-num
+	ba	.Lcopy
+	nop
+
+.align	32
+.Lcopy:
+	ldx	[$tp+%o7],%o0
+	add	$rp,%o7,%g1
+	ld	[%g1+0],%o2
+	ld	[%g1+4],%o3
+	stx	%g0,[$tp+%o7]
+	and	%o0,%g4,%o0
+	srlx	%o0,32,%o1
+	andn	%o2,%g4,%o2
+	andn	%o3,%g4,%o3
+	or	%o2,%o0,%o0
+	or	%o3,%o1,%o1
+	st	%o0,[%g1+0]
+	add	%o7,8,%o7
+	brnz,pt	%o7,.Lcopy
+	st	%o1,[%g1+4]
+	sub	%g0,$num,%o7		! n=-num
+
+.Lzap:
+	stx	%g0,[$ap_l+%o7]
+	stx	%g0,[$ap_h+%o7]
+	stx	%g0,[$np_l+%o7]
+	stx	%g0,[$np_h+%o7]
+	add	%o7,8,%o7
+	brnz,pt	%o7,.Lzap
+	nop
+
+	ldx	[%sp+$bias+$frame+48],%o7
+	wr	%g0,%o7,%asi		! restore %asi
+
+	mov	1,%i0
+.Lret:
+	ret
+	restore
+.type   $fname,#function
+.size	$fname,(.-$fname)
+.asciz	"Montgomery Multiplication for UltraSPARC, CRYPTOGAMS by <appro\@openssl.org>"
+.align	32
+___
+
+$code =~ s/\`([^\`]*)\`/eval($1)/gem;
+
+# Below substitution makes it possible to compile without demanding
+# VIS extensions on command line, e.g. -xarch=v9 vs. -xarch=v9a. I
+# dare to do this, because VIS capability is detected at run-time now
+# and this routine is not called on CPU not capable to execute it. Do
+# note that fzeros is not the only VIS dependency! Another dependency
+# is implicit and is just _a_ numerical value loaded to %asi register,
+# which assembler can't recognize as VIS specific...
+$code =~ s/fzeros\s+%f([0-9]+)/
+	   sprintf(".word\t0x%x\t! fzeros %%f%d",0x81b00c20|($1<<25),$1)
+	  /gem;
+
+print $code;
+# flush
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/via-mont.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/via-mont.pl
new file mode 100644
index 000000000..9cf717e84
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/via-mont.pl
@@ -0,0 +1,251 @@
+#! /usr/bin/env perl
+# Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# Wrapper around 'rep montmul', VIA-specific instruction accessing
+# PadLock Montgomery Multiplier. The wrapper is designed as drop-in
+# replacement for OpenSSL bn_mul_mont [first implemented in 0.9.9].
+#
+# Below are interleaved outputs from 'openssl speed rsa dsa' for 4
+# different software configurations on 1.5GHz VIA Esther processor.
+# Lines marked with "software integer" denote performance of hand-
+# coded integer-only assembler found in OpenSSL 0.9.7. "Software SSE2"
+# refers to hand-coded SSE2 Montgomery multiplication procedure found
+# OpenSSL 0.9.9. "Hardware VIA SDK" refers to padlock_pmm routine from
+# Padlock SDK 2.0.1 available for download from VIA, which naturally
+# utilizes the magic 'repz montmul' instruction. And finally "hardware
+# this" refers to *this* implementation which also uses 'repz montmul'
+#
+#                   sign    verify    sign/s verify/s
+# rsa  512 bits 0.001720s 0.000140s    581.4   7149.7	software integer
+# rsa  512 bits 0.000690s 0.000086s   1450.3  11606.0	software SSE2
+# rsa  512 bits 0.006136s 0.000201s    163.0   4974.5	hardware VIA SDK
+# rsa  512 bits 0.000712s 0.000050s   1404.9  19858.5	hardware this
+#
+# rsa 1024 bits 0.008518s 0.000413s    117.4   2420.8	software integer
+# rsa 1024 bits 0.004275s 0.000277s    233.9   3609.7	software SSE2
+# rsa 1024 bits 0.012136s 0.000260s     82.4   3844.5	hardware VIA SDK
+# rsa 1024 bits 0.002522s 0.000116s    396.5   8650.9	hardware this
+#
+# rsa 2048 bits 0.050101s 0.001371s     20.0    729.6	software integer
+# rsa 2048 bits 0.030273s 0.001008s     33.0    991.9	software SSE2
+# rsa 2048 bits 0.030833s 0.000976s     32.4   1025.1	hardware VIA SDK
+# rsa 2048 bits 0.011879s 0.000342s     84.2   2921.7	hardware this
+#
+# rsa 4096 bits 0.327097s 0.004859s      3.1    205.8	software integer
+# rsa 4096 bits 0.229318s 0.003859s      4.4    259.2	software SSE2
+# rsa 4096 bits 0.233953s 0.003274s      4.3    305.4	hardware VIA SDK
+# rsa 4096 bits 0.070493s 0.001166s     14.2    857.6	hardware this
+#
+# dsa  512 bits 0.001342s 0.001651s    745.2    605.7	software integer
+# dsa  512 bits 0.000844s 0.000987s   1185.3   1013.1	software SSE2
+# dsa  512 bits 0.001902s 0.002247s    525.6    444.9	hardware VIA SDK
+# dsa  512 bits 0.000458s 0.000524s   2182.2   1909.1	hardware this
+#
+# dsa 1024 bits 0.003964s 0.004926s    252.3    203.0	software integer
+# dsa 1024 bits 0.002686s 0.003166s    372.3    315.8	software SSE2
+# dsa 1024 bits 0.002397s 0.002823s    417.1    354.3	hardware VIA SDK
+# dsa 1024 bits 0.000978s 0.001170s   1022.2    855.0	hardware this
+#
+# dsa 2048 bits 0.013280s 0.016518s     75.3     60.5	software integer
+# dsa 2048 bits 0.009911s 0.011522s    100.9     86.8	software SSE2
+# dsa 2048 bits 0.009542s 0.011763s    104.8     85.0	hardware VIA SDK
+# dsa 2048 bits 0.002884s 0.003352s    346.8    298.3	hardware this
+#
+# To give you some other reference point here is output for 2.4GHz P4
+# running hand-coded SSE2 bn_mul_mont found in 0.9.9, i.e. "software
+# SSE2" in above terms.
+#
+# rsa  512 bits 0.000407s 0.000047s   2454.2  21137.0
+# rsa 1024 bits 0.002426s 0.000141s    412.1   7100.0
+# rsa 2048 bits 0.015046s 0.000491s     66.5   2034.9
+# rsa 4096 bits 0.109770s 0.002379s      9.1    420.3
+# dsa  512 bits 0.000438s 0.000525s   2281.1   1904.1
+# dsa 1024 bits 0.001346s 0.001595s    742.7    627.0
+# dsa 2048 bits 0.004745s 0.005582s    210.7    179.1
+#
+# Conclusions:
+# - VIA SDK leaves a *lot* of room for improvement (which this
+#   implementation successfully fills:-);
+# - 'rep montmul' gives up to >3x performance improvement depending on
+#   key length;
+# - in terms of absolute performance it delivers approximately as much
+#   as modern out-of-order 32-bit cores [again, for longer keys].
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+
+$output = pop;
+open STDOUT,">$output";
+
+&asm_init($ARGV[0]);
+
+# int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num);
+$func="bn_mul_mont_padlock";
+
+$pad=16*1;	# amount of reserved bytes on top of every vector
+
+# stack layout
+$mZeroPrime=&DWP(0,"esp");		# these are specified by VIA
+$A=&DWP(4,"esp");
+$B=&DWP(8,"esp");
+$T=&DWP(12,"esp");
+$M=&DWP(16,"esp");
+$scratch=&DWP(20,"esp");
+$rp=&DWP(24,"esp");			# these are mine
+$sp=&DWP(28,"esp");
+# &DWP(32,"esp")			# 32 byte scratch area
+# &DWP(64+(4*$num+$pad)*0,"esp")	# padded tp[num]
+# &DWP(64+(4*$num+$pad)*1,"esp")	# padded copy of ap[num]
+# &DWP(64+(4*$num+$pad)*2,"esp")	# padded copy of bp[num]
+# &DWP(64+(4*$num+$pad)*3,"esp")	# padded copy of np[num]
+# Note that SDK suggests to unconditionally allocate 2K per vector. This
+# has quite an impact on performance. It naturally depends on key length,
+# but to give an example 1024 bit private RSA key operations suffer >30%
+# penalty. I allocate only as much as actually required...
+
+&function_begin($func);
+	&xor	("eax","eax");
+	&mov	("ecx",&wparam(5));	# num
+	# meet VIA's limitations for num [note that the specification
+	# expresses them in bits, while we work with amount of 32-bit words]
+	&test	("ecx",3);
+	&jnz	(&label("leave"));	# num % 4 != 0
+	&cmp	("ecx",8);
+	&jb	(&label("leave"));	# num < 8
+	&cmp	("ecx",1024);
+	&ja	(&label("leave"));	# num > 1024
+
+	&pushf	();
+	&cld	();
+
+	&mov	("edi",&wparam(0));	# rp
+	&mov	("eax",&wparam(1));	# ap
+	&mov	("ebx",&wparam(2));	# bp
+	&mov	("edx",&wparam(3));	# np
+	&mov	("esi",&wparam(4));	# n0
+	&mov	("esi",&DWP(0,"esi"));	# *n0
+
+	&lea	("ecx",&DWP($pad,"","ecx",4));	# ecx becomes vector size in bytes
+	&lea	("ebp",&DWP(64,"","ecx",4));	# allocate 4 vectors + 64 bytes
+	&neg	("ebp");
+	&add	("ebp","esp");
+	&and	("ebp",-64);		# align to cache-line
+	&xchg	("ebp","esp");		# alloca
+
+	&mov	($rp,"edi");		# save rp
+	&mov	($sp,"ebp");		# save esp
+
+	&mov	($mZeroPrime,"esi");
+	&lea	("esi",&DWP(64,"esp"));	# tp
+	&mov	($T,"esi");
+	&lea	("edi",&DWP(32,"esp"));	# scratch area
+	&mov	($scratch,"edi");
+	&mov	("esi","eax");
+
+	&lea	("ebp",&DWP(-$pad,"ecx"));
+	&shr	("ebp",2);		# restore original num value in ebp
+
+	&xor	("eax","eax");
+
+	&mov	("ecx","ebp");
+	&lea	("ecx",&DWP((32+$pad)/4,"ecx"));# padded tp + scratch
+	&data_byte(0xf3,0xab);		# rep stosl, bzero
+
+	&mov	("ecx","ebp");
+	&lea	("edi",&DWP(64+$pad,"esp","ecx",4));# pointer to ap copy
+	&mov	($A,"edi");
+	&data_byte(0xf3,0xa5);		# rep movsl, memcpy
+	&mov	("ecx",$pad/4);
+	&data_byte(0xf3,0xab);		# rep stosl, bzero pad
+	# edi points at the end of padded ap copy...
+
+	&mov	("ecx","ebp");
+	&mov	("esi","ebx");
+	&mov	($B,"edi");
+	&data_byte(0xf3,0xa5);		# rep movsl, memcpy
+	&mov	("ecx",$pad/4);
+	&data_byte(0xf3,0xab);		# rep stosl, bzero pad
+	# edi points at the end of padded bp copy...
+
+	&mov	("ecx","ebp");
+	&mov	("esi","edx");
+	&mov	($M,"edi");
+	&data_byte(0xf3,0xa5);		# rep movsl, memcpy
+	&mov	("ecx",$pad/4);
+	&data_byte(0xf3,0xab);		# rep stosl, bzero pad
+	# edi points at the end of padded np copy...
+
+	# let magic happen...
+	&mov	("ecx","ebp");
+	&mov	("esi","esp");
+	&shl	("ecx",5);		# convert word counter to bit counter
+	&align	(4);
+	&data_byte(0xf3,0x0f,0xa6,0xc0);# rep montmul
+
+	&mov	("ecx","ebp");
+	&lea	("esi",&DWP(64,"esp"));		# tp
+	# edi still points at the end of padded np copy...
+	&neg	("ebp");
+	&lea	("ebp",&DWP(-$pad,"edi","ebp",4));	# so just "rewind"
+	&mov	("edi",$rp);			# restore rp
+	&xor	("edx","edx");			# i=0 and clear CF
+
+&set_label("sub",8);
+	&mov	("eax",&DWP(0,"esi","edx",4));
+	&sbb	("eax",&DWP(0,"ebp","edx",4));
+	&mov	(&DWP(0,"edi","edx",4),"eax");	# rp[i]=tp[i]-np[i]
+	&lea	("edx",&DWP(1,"edx"));		# i++
+	&loop	(&label("sub"));		# doesn't affect CF!
+
+	&mov	("eax",&DWP(0,"esi","edx",4));	# upmost overflow bit
+	&sbb	("eax",0);
+
+	&mov	("ecx","edx");			# num
+	&mov	("edx",0);			# i=0
+
+&set_label("copy",8);
+	&mov	("ebx",&DWP(0,"esi","edx",4));
+	&mov	("eax",&DWP(0,"edi","edx",4));
+	&mov	(&DWP(0,"esi","edx",4),"ecx");	# zap tp
+	&cmovc	("eax","ebx");
+	&mov	(&DWP(0,"edi","edx",4),"eax");
+	&lea	("edx",&DWP(1,"edx"));		# i++
+	&loop	(&label("copy"));
+
+	&mov	("ebp",$sp);
+	&xor	("eax","eax");
+
+	&mov	("ecx",64/4);
+	&mov	("edi","esp");		# zap frame including scratch area
+	&data_byte(0xf3,0xab);		# rep stosl, bzero
+
+	# zap copies of ap, bp and np
+	&lea	("edi",&DWP(64+$pad,"esp","edx",4));# pointer to ap
+	&lea	("ecx",&DWP(3*$pad/4,"edx","edx",2));
+	&data_byte(0xf3,0xab);		# rep stosl, bzero
+
+	&mov	("esp","ebp");
+	&inc	("eax");		# signal "done"
+	&popf	();
+&set_label("leave");
+&function_end($func);
+
+&asciz("Padlock Montgomery Multiplication, CRYPTOGAMS by <appro\@openssl.org>");
+
+&asm_finish();
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/vis3-mont.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/vis3-mont.pl
new file mode 100644
index 000000000..04833a0c8
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/vis3-mont.pl
@@ -0,0 +1,384 @@
+#! /usr/bin/env perl
+# Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# October 2012.
+#
+# SPARCv9 VIS3 Montgomery multiplication procedure suitable for T3 and
+# onward. There are three new instructions used here: umulxhi,
+# addxc[cc] and initializing store. On T3 RSA private key operations
+# are 1.54/1.87/2.11/2.26 times faster for 512/1024/2048/4096-bit key
+# lengths. This is without dedicated squaring procedure. On T4
+# corresponding coefficients are 1.47/2.10/2.80/2.90x, which is mostly
+# for reference purposes, because T4 has dedicated Montgomery
+# multiplication and squaring *instructions* that deliver even more.
+
+$output = pop;
+open STDOUT,">$output";
+
+$frame = "STACK_FRAME";
+$bias = "STACK_BIAS";
+
+$code.=<<___;
+#include "sparc_arch.h"
+
+#ifdef	__arch64__
+.register	%g2,#scratch
+.register	%g3,#scratch
+#endif
+
+.section	".text",#alloc,#execinstr
+___
+
+($n0,$m0,$m1,$lo0,$hi0, $lo1,$hi1,$aj,$alo,$nj,$nlo,$tj)=
+	(map("%g$_",(1..5)),map("%o$_",(0..5,7)));
+
+# int bn_mul_mont(
+$rp="%o0";	# BN_ULONG *rp,
+$ap="%o1";	# const BN_ULONG *ap,
+$bp="%o2";	# const BN_ULONG *bp,
+$np="%o3";	# const BN_ULONG *np,
+$n0p="%o4";	# const BN_ULONG *n0,
+$num="%o5";	# int num);	# caller ensures that num is even
+				# and >=6
+$code.=<<___;
+.globl	bn_mul_mont_vis3
+.align	32
+bn_mul_mont_vis3:
+	add	%sp,	$bias,	%g4	! real top of stack
+	sll	$num,	2,	$num	! size in bytes
+	add	$num,	63,	%g5
+	andn	%g5,	63,	%g5	! buffer size rounded up to 64 bytes
+	add	%g5,	%g5,	%g1
+	add	%g5,	%g1,	%g1	! 3*buffer size
+	sub	%g4,	%g1,	%g1
+	andn	%g1,	63,	%g1	! align at 64 byte
+	sub	%g1,	$frame,	%g1	! new top of stack
+	sub	%g1,	%g4,	%g1
+
+	save	%sp,	%g1,	%sp
+___
+
+#	+-------------------------------+<-----	%sp
+#	.				.
+#	+-------------------------------+<-----	aligned at 64 bytes
+#	| __int64 tmp[0]		|
+#	+-------------------------------+
+#	.				.
+#	.				.
+#	+-------------------------------+<----- aligned at 64 bytes
+#	| __int64 ap[1..0]		|	converted ap[]
+#	+-------------------------------+
+#	| __int64 np[1..0]		|	converted np[]
+#	+-------------------------------+
+#	| __int64 ap[3..2]		|
+#	.				.
+#	.				.
+#	+-------------------------------+
+($rp,$ap,$bp,$np,$n0p,$num)=map("%i$_",(0..5));
+($t0,$t1,$t2,$t3,$cnt,$tp,$bufsz,$anp)=map("%l$_",(0..7));
+($ovf,$i)=($t0,$t1);
+$code.=<<___;
+	ld	[$n0p+0],	$t0	! pull n0[0..1] value
+	add	%sp, $bias+$frame, $tp
+	ld	[$n0p+4],	$t1
+	add	$tp,	%g5,	$anp
+	ld	[$bp+0],	$t2	! m0=bp[0]
+	sllx	$t1,	32,	$n0
+	ld	[$bp+4],	$t3
+	or	$t0,	$n0,	$n0
+	add	$bp,	8,	$bp
+
+	ld	[$ap+0],	$t0	! ap[0]
+	sllx	$t3,	32,	$m0
+	ld	[$ap+4],	$t1
+	or	$t2,	$m0,	$m0
+
+	ld	[$ap+8],	$t2	! ap[1]
+	sllx	$t1,	32,	$aj
+	ld	[$ap+12],	$t3
+	or	$t0,	$aj,	$aj
+	add	$ap,	16,	$ap
+	stx	$aj,	[$anp]		! converted ap[0]
+
+	mulx	$aj,	$m0,	$lo0	! ap[0]*bp[0]
+	umulxhi	$aj,	$m0,	$hi0
+
+	ld	[$np+0],	$t0	! np[0]
+	sllx	$t3,	32,	$aj
+	ld	[$np+4],	$t1
+	or	$t2,	$aj,	$aj
+
+	ld	[$np+8],	$t2	! np[1]
+	sllx	$t1,	32,	$nj
+	ld	[$np+12],	$t3
+	or	$t0, $nj,	$nj
+	add	$np,	16,	$np
+	stx	$nj,	[$anp+8]	! converted np[0]
+
+	mulx	$lo0,	$n0,	$m1	! "tp[0]"*n0
+	stx	$aj,	[$anp+16]	! converted ap[1]
+
+	mulx	$aj,	$m0,	$alo	! ap[1]*bp[0]
+	umulxhi	$aj,	$m0,	$aj	! ahi=aj
+
+	mulx	$nj,	$m1,	$lo1	! np[0]*m1
+	umulxhi	$nj,	$m1,	$hi1
+
+	sllx	$t3,	32,	$nj
+	or	$t2,	$nj,	$nj
+	stx	$nj,	[$anp+24]	! converted np[1]
+	add	$anp,	32,	$anp
+
+	addcc	$lo0,	$lo1,	$lo1
+	addxc	%g0,	$hi1,	$hi1
+
+	mulx	$nj,	$m1,	$nlo	! np[1]*m1
+	umulxhi	$nj,	$m1,	$nj	! nhi=nj
+
+	ba	.L1st
+	sub	$num,	24,	$cnt	! cnt=num-3
+
+.align	16
+.L1st:
+	ld	[$ap+0],	$t0	! ap[j]
+	addcc	$alo,	$hi0,	$lo0
+	ld	[$ap+4],	$t1
+	addxc	$aj,	%g0,	$hi0
+
+	sllx	$t1,	32,	$aj
+	add	$ap,	8,	$ap
+	or	$t0,	$aj,	$aj
+	stx	$aj,	[$anp]		! converted ap[j]
+
+	ld	[$np+0],	$t2	! np[j]
+	addcc	$nlo,	$hi1,	$lo1
+	ld	[$np+4],	$t3
+	addxc	$nj,	%g0,	$hi1	! nhi=nj
+
+	sllx	$t3,	32,	$nj
+	add	$np,	8,	$np
+	mulx	$aj,	$m0,	$alo	! ap[j]*bp[0]
+	or	$t2,	$nj,	$nj
+	umulxhi	$aj,	$m0,	$aj	! ahi=aj
+	stx	$nj,	[$anp+8]	! converted np[j]
+	add	$anp,	16,	$anp	! anp++
+
+	mulx	$nj,	$m1,	$nlo	! np[j]*m1
+	addcc	$lo0,	$lo1,	$lo1	! np[j]*m1+ap[j]*bp[0]
+	umulxhi	$nj,	$m1,	$nj	! nhi=nj
+	addxc	%g0,	$hi1,	$hi1
+	stx	$lo1,	[$tp]		! tp[j-1]
+	add	$tp,	8,	$tp	! tp++
+
+	brnz,pt	$cnt,	.L1st
+	sub	$cnt,	8,	$cnt	! j--
+!.L1st
+	addcc	$alo,	$hi0,	$lo0
+	addxc	$aj,	%g0,	$hi0	! ahi=aj
+
+	addcc	$nlo,	$hi1,	$lo1
+	addxc	$nj,	%g0,	$hi1
+	addcc	$lo0,	$lo1,	$lo1	! np[j]*m1+ap[j]*bp[0]
+	addxc	%g0,	$hi1,	$hi1
+	stx	$lo1,	[$tp]		! tp[j-1]
+	add	$tp,	8,	$tp
+
+	addcc	$hi0,	$hi1,	$hi1
+	addxc	%g0,	%g0,	$ovf	! upmost overflow bit
+	stx	$hi1,	[$tp]
+	add	$tp,	8,	$tp
+
+	ba	.Louter
+	sub	$num,	16,	$i	! i=num-2
+
+.align	16
+.Louter:
+	ld	[$bp+0],	$t2	! m0=bp[i]
+	ld	[$bp+4],	$t3
+
+	sub	$anp,	$num,	$anp	! rewind
+	sub	$tp,	$num,	$tp
+	sub	$anp,	$num,	$anp
+
+	add	$bp,	8,	$bp
+	sllx	$t3,	32,	$m0
+	ldx	[$anp+0],	$aj	! ap[0]
+	or	$t2,	$m0,	$m0
+	ldx	[$anp+8],	$nj	! np[0]
+
+	mulx	$aj,	$m0,	$lo0	! ap[0]*bp[i]
+	ldx	[$tp],		$tj	! tp[0]
+	umulxhi	$aj,	$m0,	$hi0
+	ldx	[$anp+16],	$aj	! ap[1]
+	addcc	$lo0,	$tj,	$lo0	! ap[0]*bp[i]+tp[0]
+	mulx	$aj,	$m0,	$alo	! ap[1]*bp[i]
+	addxc	%g0,	$hi0,	$hi0
+	mulx	$lo0,	$n0,	$m1	! tp[0]*n0
+	umulxhi	$aj,	$m0,	$aj	! ahi=aj
+	mulx	$nj,	$m1,	$lo1	! np[0]*m1
+	umulxhi	$nj,	$m1,	$hi1
+	ldx	[$anp+24],	$nj	! np[1]
+	add	$anp,	32,	$anp
+	addcc	$lo1,	$lo0,	$lo1
+	mulx	$nj,	$m1,	$nlo	! np[1]*m1
+	addxc	%g0,	$hi1,	$hi1
+	umulxhi	$nj,	$m1,	$nj	! nhi=nj
+
+	ba	.Linner
+	sub	$num,	24,	$cnt	! cnt=num-3
+.align	16
+.Linner:
+	addcc	$alo,	$hi0,	$lo0
+	ldx	[$tp+8],	$tj	! tp[j]
+	addxc	$aj,	%g0,	$hi0	! ahi=aj
+	ldx	[$anp+0],	$aj	! ap[j]
+	addcc	$nlo,	$hi1,	$lo1
+	mulx	$aj,	$m0,	$alo	! ap[j]*bp[i]
+	addxc	$nj,	%g0,	$hi1	! nhi=nj
+	ldx	[$anp+8],	$nj	! np[j]
+	add	$anp,	16,	$anp
+	umulxhi	$aj,	$m0,	$aj	! ahi=aj
+	addcc	$lo0,	$tj,	$lo0	! ap[j]*bp[i]+tp[j]
+	mulx	$nj,	$m1,	$nlo	! np[j]*m1
+	addxc	%g0,	$hi0,	$hi0
+	umulxhi	$nj,	$m1,	$nj	! nhi=nj
+	addcc	$lo1,	$lo0,	$lo1	! np[j]*m1+ap[j]*bp[i]+tp[j]
+	addxc	%g0,	$hi1,	$hi1
+	stx	$lo1,	[$tp]		! tp[j-1]
+	add	$tp,	8,	$tp
+	brnz,pt	$cnt,	.Linner
+	sub	$cnt,	8,	$cnt
+!.Linner
+	ldx	[$tp+8],	$tj	! tp[j]
+	addcc	$alo,	$hi0,	$lo0
+	addxc	$aj,	%g0,	$hi0	! ahi=aj
+	addcc	$lo0,	$tj,	$lo0	! ap[j]*bp[i]+tp[j]
+	addxc	%g0,	$hi0,	$hi0
+
+	addcc	$nlo,	$hi1,	$lo1
+	addxc	$nj,	%g0,	$hi1	! nhi=nj
+	addcc	$lo1,	$lo0,	$lo1	! np[j]*m1+ap[j]*bp[i]+tp[j]
+	addxc	%g0,	$hi1,	$hi1
+	stx	$lo1,	[$tp]		! tp[j-1]
+
+	subcc	%g0,	$ovf,	%g0	! move upmost overflow to CCR.xcc
+	addxccc	$hi1,	$hi0,	$hi1
+	addxc	%g0,	%g0,	$ovf
+	stx	$hi1,	[$tp+8]
+	add	$tp,	16,	$tp
+
+	brnz,pt	$i,	.Louter
+	sub	$i,	8,	$i
+
+	sub	$anp,	$num,	$anp	! rewind
+	sub	$tp,	$num,	$tp
+	sub	$anp,	$num,	$anp
+	ba	.Lsub
+	subcc	$num,	8,	$cnt	! cnt=num-1 and clear CCR.xcc
+
+.align	16
+.Lsub:
+	ldx	[$tp],		$tj
+	add	$tp,	8,	$tp
+	ldx	[$anp+8],	$nj
+	add	$anp,	16,	$anp
+	subccc	$tj,	$nj,	$t2	! tp[j]-np[j]
+	srlx	$tj,	32,	$tj
+	srlx	$nj,	32,	$nj
+	subccc	$tj,	$nj,	$t3
+	add	$rp,	8,	$rp
+	st	$t2,	[$rp-4]		! reverse order
+	st	$t3,	[$rp-8]
+	brnz,pt	$cnt,	.Lsub
+	sub	$cnt,	8,	$cnt
+
+	sub	$anp,	$num,	$anp	! rewind
+	sub	$tp,	$num,	$tp
+	sub	$anp,	$num,	$anp
+	sub	$rp,	$num,	$rp
+
+	subccc	$ovf,	%g0,	$ovf	! handle upmost overflow bit
+	ba	.Lcopy
+	sub	$num,	8,	$cnt
+
+.align	16
+.Lcopy:					! conditional copy
+	ld	[$tp+0],	$t0
+	ld	[$tp+4],	$t1
+	ld	[$rp+0],	$t2
+	ld	[$rp+4],	$t3
+	stx	%g0,	[$tp]		! zap
+	add	$tp,	8,	$tp
+	stx	%g0,	[$anp]		! zap
+	stx	%g0,	[$anp+8]
+	add	$anp,	16,	$anp
+	movcs	%icc,	$t0,	$t2
+	movcs	%icc,	$t1,	$t3
+	st	$t3,	[$rp+0]		! flip order
+	st	$t2,	[$rp+4]
+	add	$rp,	8,	$rp
+	brnz	$cnt,	.Lcopy
+	sub	$cnt,	8,	$cnt
+
+	mov	1,	%o0
+	ret
+	restore
+.type	bn_mul_mont_vis3, #function
+.size	bn_mul_mont_vis3, .-bn_mul_mont_vis3
+.asciz  "Montgomery Multiplication for SPARCv9 VIS3, CRYPTOGAMS by <appro\@openssl.org>"
+.align	4
+___
+
+# Purpose of these subroutines is to explicitly encode VIS instructions,
+# so that one can compile the module without having to specify VIS
+# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
+# Idea is to reserve for option to produce "universal" binary and let
+# programmer detect if current CPU is VIS capable at run-time.
+sub unvis3 {
+my ($mnemonic,$rs1,$rs2,$rd)=@_;
+my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24 );
+my ($ref,$opf);
+my %visopf = (	"addxc"		=> 0x011,
+		"addxccc"	=> 0x013,
+		"umulxhi"	=> 0x016	);
+
+    $ref = "$mnemonic\t$rs1,$rs2,$rd";
+
+    if ($opf=$visopf{$mnemonic}) {
+	foreach ($rs1,$rs2,$rd) {
+	    return $ref if (!/%([goli])([0-9])/);
+	    $_=$bias{$1}+$2;
+	}
+
+	return	sprintf ".word\t0x%08x !%s",
+			0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2,
+			$ref;
+    } else {
+	return $ref;
+    }
+}
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/ge;
+
+	s/\b(umulxhi|addxc[c]{0,2})\s+(%[goli][0-7]),\s*(%[goli][0-7]),\s*(%[goli][0-7])/
+		&unvis3($1,$2,$3,$4)
+	 /ge;
+
+	print $_,"\n";
+}
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/x86-gf2m.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/x86-gf2m.pl
new file mode 100644
index 000000000..d03efcc75
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/x86-gf2m.pl
@@ -0,0 +1,325 @@
+#! /usr/bin/env perl
+# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# May 2011
+#
+# The module implements bn_GF2m_mul_2x2 polynomial multiplication used
+# in bn_gf2m.c. It's kind of low-hanging mechanical port from C for
+# the time being... Except that it has three code paths: pure integer
+# code suitable for any x86 CPU, MMX code suitable for PIII and later
+# and PCLMULQDQ suitable for Westmere and later. Improvement varies
+# from one benchmark and µ-arch to another. Below are interval values
+# for 163- and 571-bit ECDH benchmarks relative to compiler-generated
+# code:
+#
+# PIII		16%-30%
+# P4		12%-12%
+# Opteron	18%-40%
+# Core2		19%-44%
+# Atom		38%-64%
+# Westmere	53%-121%(PCLMULQDQ)/20%-32%(MMX)
+# Sandy Bridge	72%-127%(PCLMULQDQ)/27%-23%(MMX)
+#
+# Note that above improvement coefficients are not coefficients for
+# bn_GF2m_mul_2x2 itself. For example 120% ECDH improvement is result
+# of bn_GF2m_mul_2x2 being >4x faster. As it gets faster, benchmark
+# is more and more dominated by other subroutines, most notably by
+# BN_GF2m_mod[_mul]_arr...
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+
+$output = pop;
+open STDOUT,">$output";
+
+&asm_init($ARGV[0],$x86only = $ARGV[$#ARGV] eq "386");
+
+$sse2=0;
+for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
+
+&external_label("OPENSSL_ia32cap_P") if ($sse2);
+
+$a="eax";
+$b="ebx";
+($a1,$a2,$a4)=("ecx","edx","ebp");
+
+$R="mm0";
+@T=("mm1","mm2");
+($A,$B,$B30,$B31)=("mm2","mm3","mm4","mm5");
+@i=("esi","edi");
+
+					if (!$x86only) {
+&function_begin_B("_mul_1x1_mmx");
+	&sub	("esp",32+4);
+	 &mov	($a1,$a);
+	 &lea	($a2,&DWP(0,$a,$a));
+	 &and	($a1,0x3fffffff);
+	 &lea	($a4,&DWP(0,$a2,$a2));
+	 &mov	(&DWP(0*4,"esp"),0);
+	 &and	($a2,0x7fffffff);
+	&movd	($A,$a);
+	&movd	($B,$b);
+	 &mov	(&DWP(1*4,"esp"),$a1);	# a1
+	 &xor	($a1,$a2);		# a1^a2
+	&pxor	($B31,$B31);
+	&pxor	($B30,$B30);
+	 &mov	(&DWP(2*4,"esp"),$a2);	# a2
+	 &xor	($a2,$a4);		# a2^a4
+	 &mov	(&DWP(3*4,"esp"),$a1);	# a1^a2
+	&pcmpgtd($B31,$A);		# broadcast 31st bit
+	&paddd	($A,$A);		# $A<<=1
+	 &xor	($a1,$a2);		# a1^a4=a1^a2^a2^a4
+	 &mov	(&DWP(4*4,"esp"),$a4);	# a4
+	 &xor	($a4,$a2);		# a2=a4^a2^a4
+	&pand	($B31,$B);
+	&pcmpgtd($B30,$A);		# broadcast 30th bit
+	 &mov	(&DWP(5*4,"esp"),$a1);	# a1^a4
+	 &xor	($a4,$a1);		# a1^a2^a4
+	&psllq	($B31,31);
+	&pand	($B30,$B);
+	 &mov	(&DWP(6*4,"esp"),$a2);	# a2^a4
+	&mov	(@i[0],0x7);
+	 &mov	(&DWP(7*4,"esp"),$a4);	# a1^a2^a4
+	 &mov	($a4,@i[0]);
+	&and	(@i[0],$b);
+	&shr	($b,3);
+	&mov	(@i[1],$a4);
+	&psllq	($B30,30);
+	&and	(@i[1],$b);
+	&shr	($b,3);
+	&movd	($R,&DWP(0,"esp",@i[0],4));
+	&mov	(@i[0],$a4);
+	&and	(@i[0],$b);
+	&shr	($b,3);
+	for($n=1;$n<9;$n++) {
+		&movd	(@T[1],&DWP(0,"esp",@i[1],4));
+		&mov	(@i[1],$a4);
+		&psllq	(@T[1],3*$n);
+		&and	(@i[1],$b);
+		&shr	($b,3);
+		&pxor	($R,@T[1]);
+
+		push(@i,shift(@i)); push(@T,shift(@T));
+	}
+	&movd	(@T[1],&DWP(0,"esp",@i[1],4));
+	&pxor	($R,$B30);
+	&psllq	(@T[1],3*$n++);
+	&pxor	($R,@T[1]);
+
+	&movd	(@T[0],&DWP(0,"esp",@i[0],4));
+	&pxor	($R,$B31);
+	&psllq	(@T[0],3*$n);
+	&add	("esp",32+4);
+	&pxor	($R,@T[0]);
+	&ret	();
+&function_end_B("_mul_1x1_mmx");
+					}
+
+($lo,$hi)=("eax","edx");
+@T=("ecx","ebp");
+
+&function_begin_B("_mul_1x1_ialu");
+	&sub	("esp",32+4);
+	 &mov	($a1,$a);
+	 &lea	($a2,&DWP(0,$a,$a));
+	 &lea	($a4,&DWP(0,"",$a,4));
+	 &and	($a1,0x3fffffff);
+	&lea	(@i[1],&DWP(0,$lo,$lo));
+	&sar	($lo,31);		# broadcast 31st bit
+	 &mov	(&DWP(0*4,"esp"),0);
+	 &and	($a2,0x7fffffff);
+	 &mov	(&DWP(1*4,"esp"),$a1);	# a1
+	 &xor	($a1,$a2);		# a1^a2
+	 &mov	(&DWP(2*4,"esp"),$a2);	# a2
+	 &xor	($a2,$a4);		# a2^a4
+	 &mov	(&DWP(3*4,"esp"),$a1);	# a1^a2
+	 &xor	($a1,$a2);		# a1^a4=a1^a2^a2^a4
+	 &mov	(&DWP(4*4,"esp"),$a4);	# a4
+	 &xor	($a4,$a2);		# a2=a4^a2^a4
+	 &mov	(&DWP(5*4,"esp"),$a1);	# a1^a4
+	 &xor	($a4,$a1);		# a1^a2^a4
+	&sar	(@i[1],31);		# broadcast 30th bit
+	&and	($lo,$b);
+	 &mov	(&DWP(6*4,"esp"),$a2);	# a2^a4
+	&and	(@i[1],$b);
+	 &mov	(&DWP(7*4,"esp"),$a4);	# a1^a2^a4
+	&mov	($hi,$lo);
+	&shl	($lo,31);
+	&mov	(@T[0],@i[1]);
+	&shr	($hi,1);
+
+	 &mov	(@i[0],0x7);
+	&shl	(@i[1],30);
+	 &and	(@i[0],$b);
+	&shr	(@T[0],2);
+	&xor	($lo,@i[1]);
+
+	&shr	($b,3);
+	&mov	(@i[1],0x7);		# 5-byte instruction!?
+	&and	(@i[1],$b);
+	&shr	($b,3);
+	 &xor	($hi,@T[0]);
+	&xor	($lo,&DWP(0,"esp",@i[0],4));
+	&mov	(@i[0],0x7);
+	&and	(@i[0],$b);
+	&shr	($b,3);
+	for($n=1;$n<9;$n++) {
+		&mov	(@T[1],&DWP(0,"esp",@i[1],4));
+		&mov	(@i[1],0x7);
+		&mov	(@T[0],@T[1]);
+		&shl	(@T[1],3*$n);
+		&and	(@i[1],$b);
+		&shr	(@T[0],32-3*$n);
+		&xor	($lo,@T[1]);
+		&shr	($b,3);
+		&xor	($hi,@T[0]);
+
+		push(@i,shift(@i)); push(@T,shift(@T));
+	}
+	&mov	(@T[1],&DWP(0,"esp",@i[1],4));
+	&mov	(@T[0],@T[1]);
+	&shl	(@T[1],3*$n);
+	&mov	(@i[1],&DWP(0,"esp",@i[0],4));
+	&shr	(@T[0],32-3*$n);	$n++;
+	&mov	(@i[0],@i[1]);
+	&xor	($lo,@T[1]);
+	&shl	(@i[1],3*$n);
+	&xor	($hi,@T[0]);
+	&shr	(@i[0],32-3*$n);
+	&xor	($lo,@i[1]);
+	&xor	($hi,@i[0]);
+
+	&add	("esp",32+4);
+	&ret	();
+&function_end_B("_mul_1x1_ialu");
+
+# void bn_GF2m_mul_2x2(BN_ULONG *r, BN_ULONG a1, BN_ULONG a0, BN_ULONG b1, BN_ULONG b0);
+&function_begin_B("bn_GF2m_mul_2x2");
+if (!$x86only) {
+	&picmeup("edx","OPENSSL_ia32cap_P");
+	&mov	("eax",&DWP(0,"edx"));
+	&mov	("edx",&DWP(4,"edx"));
+	&test	("eax",1<<23);		# check MMX bit
+	&jz	(&label("ialu"));
+if ($sse2) {
+	&test	("eax",1<<24);		# check FXSR bit
+	&jz	(&label("mmx"));
+	&test	("edx",1<<1);		# check PCLMULQDQ bit
+	&jz	(&label("mmx"));
+
+	&movups		("xmm0",&QWP(8,"esp"));
+	&shufps		("xmm0","xmm0",0b10110001);
+	&pclmulqdq	("xmm0","xmm0",1);
+	&mov		("eax",&DWP(4,"esp"));
+	&movups		(&QWP(0,"eax"),"xmm0");
+	&ret	();
+
+&set_label("mmx",16);
+}
+	&push	("ebp");
+	&push	("ebx");
+	&push	("esi");
+	&push	("edi");
+	&mov	($a,&wparam(1));
+	&mov	($b,&wparam(3));
+	&call	("_mul_1x1_mmx");	# a1·b1
+	&movq	("mm7",$R);
+
+	&mov	($a,&wparam(2));
+	&mov	($b,&wparam(4));
+	&call	("_mul_1x1_mmx");	# a0·b0
+	&movq	("mm6",$R);
+
+	&mov	($a,&wparam(1));
+	&mov	($b,&wparam(3));
+	&xor	($a,&wparam(2));
+	&xor	($b,&wparam(4));
+	&call	("_mul_1x1_mmx");	# (a0+a1)·(b0+b1)
+	&pxor	($R,"mm7");
+	&mov	($a,&wparam(0));
+	&pxor	($R,"mm6");		# (a0+a1)·(b0+b1)-a1·b1-a0·b0
+
+	&movq	($A,$R);
+	&psllq	($R,32);
+	&pop	("edi");
+	&psrlq	($A,32);
+	&pop	("esi");
+	&pxor	($R,"mm6");
+	&pop	("ebx");
+	&pxor	($A,"mm7");
+	&movq	(&QWP(0,$a),$R);
+	&pop	("ebp");
+	&movq	(&QWP(8,$a),$A);
+	&emms	();
+	&ret	();
+&set_label("ialu",16);
+}
+	&push	("ebp");
+	&push	("ebx");
+	&push	("esi");
+	&push	("edi");
+	&stack_push(4+1);
+
+	&mov	($a,&wparam(1));
+	&mov	($b,&wparam(3));
+	&call	("_mul_1x1_ialu");	# a1·b1
+	&mov	(&DWP(8,"esp"),$lo);
+	&mov	(&DWP(12,"esp"),$hi);
+
+	&mov	($a,&wparam(2));
+	&mov	($b,&wparam(4));
+	&call	("_mul_1x1_ialu");	# a0·b0
+	&mov	(&DWP(0,"esp"),$lo);
+	&mov	(&DWP(4,"esp"),$hi);
+
+	&mov	($a,&wparam(1));
+	&mov	($b,&wparam(3));
+	&xor	($a,&wparam(2));
+	&xor	($b,&wparam(4));
+	&call	("_mul_1x1_ialu");	# (a0+a1)·(b0+b1)
+
+	&mov	("ebp",&wparam(0));
+		 @r=("ebx","ecx","edi","esi");
+	&mov	(@r[0],&DWP(0,"esp"));
+	&mov	(@r[1],&DWP(4,"esp"));
+	&mov	(@r[2],&DWP(8,"esp"));
+	&mov	(@r[3],&DWP(12,"esp"));
+
+	&xor	($lo,$hi);
+	&xor	($hi,@r[1]);
+	&xor	($lo,@r[0]);
+	&mov	(&DWP(0,"ebp"),@r[0]);
+	&xor	($hi,@r[2]);
+	&mov	(&DWP(12,"ebp"),@r[3]);
+	&xor	($lo,@r[3]);
+	&stack_pop(4+1);
+	&xor	($hi,@r[3]);
+	&pop	("edi");
+	&xor	($lo,$hi);
+	&pop	("esi");
+	&mov	(&DWP(8,"ebp"),$hi);
+	&pop	("ebx");
+	&mov	(&DWP(4,"ebp"),$lo);
+	&pop	("ebp");
+	&ret	();
+&function_end_B("bn_GF2m_mul_2x2");
+
+&asciz	("GF(2^m) Multiplication for x86, CRYPTOGAMS by <appro\@openssl.org>");
+
+&asm_finish();
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/x86-mont.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/x86-mont.pl
new file mode 100755
index 000000000..7ba2133ac
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/x86-mont.pl
@@ -0,0 +1,631 @@
+#! /usr/bin/env perl
+# Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# October 2005
+#
+# This is a "teaser" code, as it can be improved in several ways...
+# First of all non-SSE2 path should be implemented (yes, for now it
+# performs Montgomery multiplication/convolution only on SSE2-capable
+# CPUs such as P4, others fall down to original code). Then inner loop
+# can be unrolled and modulo-scheduled to improve ILP and possibly
+# moved to 128-bit XMM register bank (though it would require input
+# rearrangement and/or increase bus bandwidth utilization). Dedicated
+# squaring procedure should give further performance improvement...
+# Yet, for being draft, the code improves rsa512 *sign* benchmark by
+# 110%(!), rsa1024 one - by 70% and rsa4096 - by 20%:-)
+
+# December 2006
+#
+# Modulo-scheduling SSE2 loops results in further 15-20% improvement.
+# Integer-only code [being equipped with dedicated squaring procedure]
+# gives ~40% on rsa512 sign benchmark...
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+
+$output = pop;
+open STDOUT,">$output";
+
+&asm_init($ARGV[0]);
+
+$sse2=0;
+for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
+
+&external_label("OPENSSL_ia32cap_P") if ($sse2);
+
+&function_begin("bn_mul_mont");
+
+$i="edx";
+$j="ecx";
+$ap="esi";	$tp="esi";		# overlapping variables!!!
+$rp="edi";	$bp="edi";		# overlapping variables!!!
+$np="ebp";
+$num="ebx";
+
+$_num=&DWP(4*0,"esp");			# stack top layout
+$_rp=&DWP(4*1,"esp");
+$_ap=&DWP(4*2,"esp");
+$_bp=&DWP(4*3,"esp");
+$_np=&DWP(4*4,"esp");
+$_n0=&DWP(4*5,"esp");	$_n0q=&QWP(4*5,"esp");
+$_sp=&DWP(4*6,"esp");
+$_bpend=&DWP(4*7,"esp");
+$frame=32;				# size of above frame rounded up to 16n
+
+	&xor	("eax","eax");
+	&mov	("edi",&wparam(5));	# int num
+	&cmp	("edi",4);
+	&jl	(&label("just_leave"));
+
+	&lea	("esi",&wparam(0));	# put aside pointer to argument block
+	&lea	("edx",&wparam(1));	# load ap
+	&add	("edi",2);		# extra two words on top of tp
+	&neg	("edi");
+	&lea	("ebp",&DWP(-$frame,"esp","edi",4));	# future alloca($frame+4*(num+2))
+	&neg	("edi");
+
+	# minimize cache contention by arranging 2K window between stack
+	# pointer and ap argument [np is also position sensitive vector,
+	# but it's assumed to be near ap, as it's allocated at ~same
+	# time].
+	&mov	("eax","ebp");
+	&sub	("eax","edx");
+	&and	("eax",2047);
+	&sub	("ebp","eax");		# this aligns sp and ap modulo 2048
+
+	&xor	("edx","ebp");
+	&and	("edx",2048);
+	&xor	("edx",2048);
+	&sub	("ebp","edx");		# this splits them apart modulo 4096
+
+	&and	("ebp",-64);		# align to cache line
+
+	# An OS-agnostic version of __chkstk.
+	#
+	# Some OSes (Windows) insist on stack being "wired" to
+	# physical memory in strictly sequential manner, i.e. if stack
+	# allocation spans two pages, then reference to farmost one can
+	# be punishable by SEGV. But page walking can do good even on
+	# other OSes, because it guarantees that villain thread hits
+	# the guard page before it can make damage to innocent one...
+	&mov	("eax","esp");
+	&sub	("eax","ebp");
+	&and	("eax",-4096);
+	&mov	("edx","esp");		# saved stack pointer!
+	&lea	("esp",&DWP(0,"ebp","eax"));
+	&mov	("eax",&DWP(0,"esp"));
+	&cmp	("esp","ebp");
+	&ja	(&label("page_walk"));
+	&jmp	(&label("page_walk_done"));
+
+&set_label("page_walk",16);
+	&lea	("esp",&DWP(-4096,"esp"));
+	&mov	("eax",&DWP(0,"esp"));
+	&cmp	("esp","ebp");
+	&ja	(&label("page_walk"));
+&set_label("page_walk_done");
+
+	################################# load argument block...
+	&mov	("eax",&DWP(0*4,"esi"));# BN_ULONG *rp
+	&mov	("ebx",&DWP(1*4,"esi"));# const BN_ULONG *ap
+	&mov	("ecx",&DWP(2*4,"esi"));# const BN_ULONG *bp
+	&mov	("ebp",&DWP(3*4,"esi"));# const BN_ULONG *np
+	&mov	("esi",&DWP(4*4,"esi"));# const BN_ULONG *n0
+	#&mov	("edi",&DWP(5*4,"esi"));# int num
+
+	&mov	("esi",&DWP(0,"esi"));	# pull n0[0]
+	&mov	($_rp,"eax");		# ... save a copy of argument block
+	&mov	($_ap,"ebx");
+	&mov	($_bp,"ecx");
+	&mov	($_np,"ebp");
+	&mov	($_n0,"esi");
+	&lea	($num,&DWP(-3,"edi"));	# num=num-1 to assist modulo-scheduling
+	#&mov	($_num,$num);		# redundant as $num is not reused
+	&mov	($_sp,"edx");		# saved stack pointer!
+
+if($sse2) {
+$acc0="mm0";	# mmx register bank layout
+$acc1="mm1";
+$car0="mm2";
+$car1="mm3";
+$mul0="mm4";
+$mul1="mm5";
+$temp="mm6";
+$mask="mm7";
+
+	&picmeup("eax","OPENSSL_ia32cap_P");
+	&bt	(&DWP(0,"eax"),26);
+	&jnc	(&label("non_sse2"));
+
+	&mov	("eax",-1);
+	&movd	($mask,"eax");		# mask 32 lower bits
+
+	&mov	($ap,$_ap);		# load input pointers
+	&mov	($bp,$_bp);
+	&mov	($np,$_np);
+
+	&xor	($i,$i);		# i=0
+	&xor	($j,$j);		# j=0
+
+	&movd	($mul0,&DWP(0,$bp));		# bp[0]
+	&movd	($mul1,&DWP(0,$ap));		# ap[0]
+	&movd	($car1,&DWP(0,$np));		# np[0]
+
+	&pmuludq($mul1,$mul0);			# ap[0]*bp[0]
+	&movq	($car0,$mul1);
+	&movq	($acc0,$mul1);			# I wish movd worked for
+	&pand	($acc0,$mask);			# inter-register transfers
+
+	&pmuludq($mul1,$_n0q);			# *=n0
+
+	&pmuludq($car1,$mul1);			# "t[0]"*np[0]*n0
+	&paddq	($car1,$acc0);
+
+	&movd	($acc1,&DWP(4,$np));		# np[1]
+	&movd	($acc0,&DWP(4,$ap));		# ap[1]
+
+	&psrlq	($car0,32);
+	&psrlq	($car1,32);
+
+	&inc	($j);				# j++
+&set_label("1st",16);
+	&pmuludq($acc0,$mul0);			# ap[j]*bp[0]
+	&pmuludq($acc1,$mul1);			# np[j]*m1
+	&paddq	($car0,$acc0);			# +=c0
+	&paddq	($car1,$acc1);			# +=c1
+
+	&movq	($acc0,$car0);
+	&pand	($acc0,$mask);
+	&movd	($acc1,&DWP(4,$np,$j,4));	# np[j+1]
+	&paddq	($car1,$acc0);			# +=ap[j]*bp[0];
+	&movd	($acc0,&DWP(4,$ap,$j,4));	# ap[j+1]
+	&psrlq	($car0,32);
+	&movd	(&DWP($frame-4,"esp",$j,4),$car1);	# tp[j-1]=
+	&psrlq	($car1,32);
+
+	&lea	($j,&DWP(1,$j));
+	&cmp	($j,$num);
+	&jl	(&label("1st"));
+
+	&pmuludq($acc0,$mul0);			# ap[num-1]*bp[0]
+	&pmuludq($acc1,$mul1);			# np[num-1]*m1
+	&paddq	($car0,$acc0);			# +=c0
+	&paddq	($car1,$acc1);			# +=c1
+
+	&movq	($acc0,$car0);
+	&pand	($acc0,$mask);
+	&paddq	($car1,$acc0);			# +=ap[num-1]*bp[0];
+	&movd	(&DWP($frame-4,"esp",$j,4),$car1);	# tp[num-2]=
+
+	&psrlq	($car0,32);
+	&psrlq	($car1,32);
+
+	&paddq	($car1,$car0);
+	&movq	(&QWP($frame,"esp",$num,4),$car1);	# tp[num].tp[num-1]
+
+	&inc	($i);				# i++
+&set_label("outer");
+	&xor	($j,$j);			# j=0
+
+	&movd	($mul0,&DWP(0,$bp,$i,4));	# bp[i]
+	&movd	($mul1,&DWP(0,$ap));		# ap[0]
+	&movd	($temp,&DWP($frame,"esp"));	# tp[0]
+	&movd	($car1,&DWP(0,$np));		# np[0]
+	&pmuludq($mul1,$mul0);			# ap[0]*bp[i]
+
+	&paddq	($mul1,$temp);			# +=tp[0]
+	&movq	($acc0,$mul1);
+	&movq	($car0,$mul1);
+	&pand	($acc0,$mask);
+
+	&pmuludq($mul1,$_n0q);			# *=n0
+
+	&pmuludq($car1,$mul1);
+	&paddq	($car1,$acc0);
+
+	&movd	($temp,&DWP($frame+4,"esp"));	# tp[1]
+	&movd	($acc1,&DWP(4,$np));		# np[1]
+	&movd	($acc0,&DWP(4,$ap));		# ap[1]
+
+	&psrlq	($car0,32);
+	&psrlq	($car1,32);
+	&paddq	($car0,$temp);			# +=tp[1]
+
+	&inc	($j);				# j++
+	&dec	($num);
+&set_label("inner");
+	&pmuludq($acc0,$mul0);			# ap[j]*bp[i]
+	&pmuludq($acc1,$mul1);			# np[j]*m1
+	&paddq	($car0,$acc0);			# +=c0
+	&paddq	($car1,$acc1);			# +=c1
+
+	&movq	($acc0,$car0);
+	&movd	($temp,&DWP($frame+4,"esp",$j,4));# tp[j+1]
+	&pand	($acc0,$mask);
+	&movd	($acc1,&DWP(4,$np,$j,4));	# np[j+1]
+	&paddq	($car1,$acc0);			# +=ap[j]*bp[i]+tp[j]
+	&movd	($acc0,&DWP(4,$ap,$j,4));	# ap[j+1]
+	&psrlq	($car0,32);
+	&movd	(&DWP($frame-4,"esp",$j,4),$car1);# tp[j-1]=
+	&psrlq	($car1,32);
+	&paddq	($car0,$temp);			# +=tp[j+1]
+
+	&dec	($num);
+	&lea	($j,&DWP(1,$j));		# j++
+	&jnz	(&label("inner"));
+
+	&mov	($num,$j);
+	&pmuludq($acc0,$mul0);			# ap[num-1]*bp[i]
+	&pmuludq($acc1,$mul1);			# np[num-1]*m1
+	&paddq	($car0,$acc0);			# +=c0
+	&paddq	($car1,$acc1);			# +=c1
+
+	&movq	($acc0,$car0);
+	&pand	($acc0,$mask);
+	&paddq	($car1,$acc0);			# +=ap[num-1]*bp[i]+tp[num-1]
+	&movd	(&DWP($frame-4,"esp",$j,4),$car1);	# tp[num-2]=
+	&psrlq	($car0,32);
+	&psrlq	($car1,32);
+
+	&movd	($temp,&DWP($frame+4,"esp",$num,4));	# += tp[num]
+	&paddq	($car1,$car0);
+	&paddq	($car1,$temp);
+	&movq	(&QWP($frame,"esp",$num,4),$car1);	# tp[num].tp[num-1]
+
+	&lea	($i,&DWP(1,$i));		# i++
+	&cmp	($i,$num);
+	&jle	(&label("outer"));
+
+	&emms	();				# done with mmx bank
+	&jmp	(&label("common_tail"));
+
+&set_label("non_sse2",16);
+}
+
+if (0) {
+	&mov	("esp",$_sp);
+	&xor	("eax","eax");	# signal "not fast enough [yet]"
+	&jmp	(&label("just_leave"));
+	# While the below code provides competitive performance for
+	# all key lengths on modern Intel cores, it's still more
+	# than 10% slower for 4096-bit key elsewhere:-( "Competitive"
+	# means compared to the original integer-only assembler.
+	# 512-bit RSA sign is better by ~40%, but that's about all
+	# one can say about all CPUs...
+} else {
+$inp="esi";	# integer path uses these registers differently
+$word="edi";
+$carry="ebp";
+
+	&mov	($inp,$_ap);
+	&lea	($carry,&DWP(1,$num));
+	&mov	($word,$_bp);
+	&xor	($j,$j);				# j=0
+	&mov	("edx",$inp);
+	&and	($carry,1);				# see if num is even
+	&sub	("edx",$word);				# see if ap==bp
+	&lea	("eax",&DWP(4,$word,$num,4));		# &bp[num]
+	&or	($carry,"edx");
+	&mov	($word,&DWP(0,$word));			# bp[0]
+	&jz	(&label("bn_sqr_mont"));
+	&mov	($_bpend,"eax");
+	&mov	("eax",&DWP(0,$inp));
+	&xor	("edx","edx");
+
+&set_label("mull",16);
+	&mov	($carry,"edx");
+	&mul	($word);				# ap[j]*bp[0]
+	&add	($carry,"eax");
+	&lea	($j,&DWP(1,$j));
+	&adc	("edx",0);
+	&mov	("eax",&DWP(0,$inp,$j,4));		# ap[j+1]
+	&cmp	($j,$num);
+	&mov	(&DWP($frame-4,"esp",$j,4),$carry);	# tp[j]=
+	&jl	(&label("mull"));
+
+	&mov	($carry,"edx");
+	&mul	($word);				# ap[num-1]*bp[0]
+	 &mov	($word,$_n0);
+	&add	("eax",$carry);
+	 &mov	($inp,$_np);
+	&adc	("edx",0);
+	 &imul	($word,&DWP($frame,"esp"));		# n0*tp[0]
+
+	&mov	(&DWP($frame,"esp",$num,4),"eax");	# tp[num-1]=
+	&xor	($j,$j);
+	&mov	(&DWP($frame+4,"esp",$num,4),"edx");	# tp[num]=
+	&mov	(&DWP($frame+8,"esp",$num,4),$j);	# tp[num+1]=
+
+	&mov	("eax",&DWP(0,$inp));			# np[0]
+	&mul	($word);				# np[0]*m
+	&add	("eax",&DWP($frame,"esp"));		# +=tp[0]
+	&mov	("eax",&DWP(4,$inp));			# np[1]
+	&adc	("edx",0);
+	&inc	($j);
+
+	&jmp	(&label("2ndmadd"));
+
+&set_label("1stmadd",16);
+	&mov	($carry,"edx");
+	&mul	($word);				# ap[j]*bp[i]
+	&add	($carry,&DWP($frame,"esp",$j,4));	# +=tp[j]
+	&lea	($j,&DWP(1,$j));
+	&adc	("edx",0);
+	&add	($carry,"eax");
+	&mov	("eax",&DWP(0,$inp,$j,4));		# ap[j+1]
+	&adc	("edx",0);
+	&cmp	($j,$num);
+	&mov	(&DWP($frame-4,"esp",$j,4),$carry);	# tp[j]=
+	&jl	(&label("1stmadd"));
+
+	&mov	($carry,"edx");
+	&mul	($word);				# ap[num-1]*bp[i]
+	&add	("eax",&DWP($frame,"esp",$num,4));	# +=tp[num-1]
+	 &mov	($word,$_n0);
+	&adc	("edx",0);
+	 &mov	($inp,$_np);
+	&add	($carry,"eax");
+	&adc	("edx",0);
+	 &imul	($word,&DWP($frame,"esp"));		# n0*tp[0]
+
+	&xor	($j,$j);
+	&add	("edx",&DWP($frame+4,"esp",$num,4));	# carry+=tp[num]
+	&mov	(&DWP($frame,"esp",$num,4),$carry);	# tp[num-1]=
+	&adc	($j,0);
+	 &mov	("eax",&DWP(0,$inp));			# np[0]
+	&mov	(&DWP($frame+4,"esp",$num,4),"edx");	# tp[num]=
+	&mov	(&DWP($frame+8,"esp",$num,4),$j);	# tp[num+1]=
+
+	&mul	($word);				# np[0]*m
+	&add	("eax",&DWP($frame,"esp"));		# +=tp[0]
+	&mov	("eax",&DWP(4,$inp));			# np[1]
+	&adc	("edx",0);
+	&mov	($j,1);
+
+&set_label("2ndmadd",16);
+	&mov	($carry,"edx");
+	&mul	($word);				# np[j]*m
+	&add	($carry,&DWP($frame,"esp",$j,4));	# +=tp[j]
+	&lea	($j,&DWP(1,$j));
+	&adc	("edx",0);
+	&add	($carry,"eax");
+	&mov	("eax",&DWP(0,$inp,$j,4));		# np[j+1]
+	&adc	("edx",0);
+	&cmp	($j,$num);
+	&mov	(&DWP($frame-8,"esp",$j,4),$carry);	# tp[j-1]=
+	&jl	(&label("2ndmadd"));
+
+	&mov	($carry,"edx");
+	&mul	($word);				# np[j]*m
+	&add	($carry,&DWP($frame,"esp",$num,4));	# +=tp[num-1]
+	&adc	("edx",0);
+	&add	($carry,"eax");
+	&adc	("edx",0);
+	&mov	(&DWP($frame-4,"esp",$num,4),$carry);	# tp[num-2]=
+
+	&xor	("eax","eax");
+	 &mov	($j,$_bp);				# &bp[i]
+	&add	("edx",&DWP($frame+4,"esp",$num,4));	# carry+=tp[num]
+	&adc	("eax",&DWP($frame+8,"esp",$num,4));	# +=tp[num+1]
+	 &lea	($j,&DWP(4,$j));
+	&mov	(&DWP($frame,"esp",$num,4),"edx");	# tp[num-1]=
+	 &cmp	($j,$_bpend);
+	&mov	(&DWP($frame+4,"esp",$num,4),"eax");	# tp[num]=
+	&je	(&label("common_tail"));
+
+	&mov	($word,&DWP(0,$j));			# bp[i+1]
+	&mov	($inp,$_ap);
+	&mov	($_bp,$j);				# &bp[++i]
+	&xor	($j,$j);
+	&xor	("edx","edx");
+	&mov	("eax",&DWP(0,$inp));
+	&jmp	(&label("1stmadd"));
+
+&set_label("bn_sqr_mont",16);
+$sbit=$num;
+	&mov	($_num,$num);
+	&mov	($_bp,$j);				# i=0
+
+	&mov	("eax",$word);				# ap[0]
+	&mul	($word);				# ap[0]*ap[0]
+	&mov	(&DWP($frame,"esp"),"eax");		# tp[0]=
+	&mov	($sbit,"edx");
+	&shr	("edx",1);
+	&and	($sbit,1);
+	&inc	($j);
+&set_label("sqr",16);
+	&mov	("eax",&DWP(0,$inp,$j,4));		# ap[j]
+	&mov	($carry,"edx");
+	&mul	($word);				# ap[j]*ap[0]
+	&add	("eax",$carry);
+	&lea	($j,&DWP(1,$j));
+	&adc	("edx",0);
+	&lea	($carry,&DWP(0,$sbit,"eax",2));
+	&shr	("eax",31);
+	&cmp	($j,$_num);
+	&mov	($sbit,"eax");
+	&mov	(&DWP($frame-4,"esp",$j,4),$carry);	# tp[j]=
+	&jl	(&label("sqr"));
+
+	&mov	("eax",&DWP(0,$inp,$j,4));		# ap[num-1]
+	&mov	($carry,"edx");
+	&mul	($word);				# ap[num-1]*ap[0]
+	&add	("eax",$carry);
+	 &mov	($word,$_n0);
+	&adc	("edx",0);
+	 &mov	($inp,$_np);
+	&lea	($carry,&DWP(0,$sbit,"eax",2));
+	 &imul	($word,&DWP($frame,"esp"));		# n0*tp[0]
+	&shr	("eax",31);
+	&mov	(&DWP($frame,"esp",$j,4),$carry);	# tp[num-1]=
+
+	&lea	($carry,&DWP(0,"eax","edx",2));
+	 &mov	("eax",&DWP(0,$inp));			# np[0]
+	&shr	("edx",31);
+	&mov	(&DWP($frame+4,"esp",$j,4),$carry);	# tp[num]=
+	&mov	(&DWP($frame+8,"esp",$j,4),"edx");	# tp[num+1]=
+
+	&mul	($word);				# np[0]*m
+	&add	("eax",&DWP($frame,"esp"));		# +=tp[0]
+	&mov	($num,$j);
+	&adc	("edx",0);
+	&mov	("eax",&DWP(4,$inp));			# np[1]
+	&mov	($j,1);
+
+&set_label("3rdmadd",16);
+	&mov	($carry,"edx");
+	&mul	($word);				# np[j]*m
+	&add	($carry,&DWP($frame,"esp",$j,4));	# +=tp[j]
+	&adc	("edx",0);
+	&add	($carry,"eax");
+	&mov	("eax",&DWP(4,$inp,$j,4));		# np[j+1]
+	&adc	("edx",0);
+	&mov	(&DWP($frame-4,"esp",$j,4),$carry);	# tp[j-1]=
+
+	&mov	($carry,"edx");
+	&mul	($word);				# np[j+1]*m
+	&add	($carry,&DWP($frame+4,"esp",$j,4));	# +=tp[j+1]
+	&lea	($j,&DWP(2,$j));
+	&adc	("edx",0);
+	&add	($carry,"eax");
+	&mov	("eax",&DWP(0,$inp,$j,4));		# np[j+2]
+	&adc	("edx",0);
+	&cmp	($j,$num);
+	&mov	(&DWP($frame-8,"esp",$j,4),$carry);	# tp[j]=
+	&jl	(&label("3rdmadd"));
+
+	&mov	($carry,"edx");
+	&mul	($word);				# np[j]*m
+	&add	($carry,&DWP($frame,"esp",$num,4));	# +=tp[num-1]
+	&adc	("edx",0);
+	&add	($carry,"eax");
+	&adc	("edx",0);
+	&mov	(&DWP($frame-4,"esp",$num,4),$carry);	# tp[num-2]=
+
+	&mov	($j,$_bp);				# i
+	&xor	("eax","eax");
+	&mov	($inp,$_ap);
+	&add	("edx",&DWP($frame+4,"esp",$num,4));	# carry+=tp[num]
+	&adc	("eax",&DWP($frame+8,"esp",$num,4));	# +=tp[num+1]
+	&mov	(&DWP($frame,"esp",$num,4),"edx");	# tp[num-1]=
+	&cmp	($j,$num);
+	&mov	(&DWP($frame+4,"esp",$num,4),"eax");	# tp[num]=
+	&je	(&label("common_tail"));
+
+	&mov	($word,&DWP(4,$inp,$j,4));		# ap[i]
+	&lea	($j,&DWP(1,$j));
+	&mov	("eax",$word);
+	&mov	($_bp,$j);				# ++i
+	&mul	($word);				# ap[i]*ap[i]
+	&add	("eax",&DWP($frame,"esp",$j,4));	# +=tp[i]
+	&adc	("edx",0);
+	&mov	(&DWP($frame,"esp",$j,4),"eax");	# tp[i]=
+	&xor	($carry,$carry);
+	&cmp	($j,$num);
+	&lea	($j,&DWP(1,$j));
+	&je	(&label("sqrlast"));
+
+	&mov	($sbit,"edx");				# zaps $num
+	&shr	("edx",1);
+	&and	($sbit,1);
+&set_label("sqradd",16);
+	&mov	("eax",&DWP(0,$inp,$j,4));		# ap[j]
+	&mov	($carry,"edx");
+	&mul	($word);				# ap[j]*ap[i]
+	&add	("eax",$carry);
+	&lea	($carry,&DWP(0,"eax","eax"));
+	&adc	("edx",0);
+	&shr	("eax",31);
+	&add	($carry,&DWP($frame,"esp",$j,4));	# +=tp[j]
+	&lea	($j,&DWP(1,$j));
+	&adc	("eax",0);
+	&add	($carry,$sbit);
+	&adc	("eax",0);
+	&cmp	($j,$_num);
+	&mov	(&DWP($frame-4,"esp",$j,4),$carry);	# tp[j]=
+	&mov	($sbit,"eax");
+	&jle	(&label("sqradd"));
+
+	&mov	($carry,"edx");
+	&add	("edx","edx");
+	&shr	($carry,31);
+	&add	("edx",$sbit);
+	&adc	($carry,0);
+&set_label("sqrlast");
+	&mov	($word,$_n0);
+	&mov	($inp,$_np);
+	&imul	($word,&DWP($frame,"esp"));		# n0*tp[0]
+
+	&add	("edx",&DWP($frame,"esp",$j,4));	# +=tp[num]
+	&mov	("eax",&DWP(0,$inp));			# np[0]
+	&adc	($carry,0);
+	&mov	(&DWP($frame,"esp",$j,4),"edx");	# tp[num]=
+	&mov	(&DWP($frame+4,"esp",$j,4),$carry);	# tp[num+1]=
+
+	&mul	($word);				# np[0]*m
+	&add	("eax",&DWP($frame,"esp"));		# +=tp[0]
+	&lea	($num,&DWP(-1,$j));
+	&adc	("edx",0);
+	&mov	($j,1);
+	&mov	("eax",&DWP(4,$inp));			# np[1]
+
+	&jmp	(&label("3rdmadd"));
+}
+
+&set_label("common_tail",16);
+	&mov	($np,$_np);			# load modulus pointer
+	&mov	($rp,$_rp);			# load result pointer
+	&lea	($tp,&DWP($frame,"esp"));	# [$ap and $bp are zapped]
+
+	&mov	("eax",&DWP(0,$tp));		# tp[0]
+	&mov	($j,$num);			# j=num-1
+	&xor	($i,$i);			# i=0 and clear CF!
+
+&set_label("sub",16);
+	&sbb	("eax",&DWP(0,$np,$i,4));
+	&mov	(&DWP(0,$rp,$i,4),"eax");	# rp[i]=tp[i]-np[i]
+	&dec	($j);				# doesn't affect CF!
+	&mov	("eax",&DWP(4,$tp,$i,4));	# tp[i+1]
+	&lea	($i,&DWP(1,$i));		# i++
+	&jge	(&label("sub"));
+
+	&sbb	("eax",0);			# handle upmost overflow bit
+	&mov	("edx",-1);
+	&xor	("edx","eax");
+	&jmp	(&label("copy"));
+
+&set_label("copy",16);				# conditional copy
+	&mov	($tp,&DWP($frame,"esp",$num,4));
+	&mov	($np,&DWP(0,$rp,$num,4));
+	&mov	(&DWP($frame,"esp",$num,4),$j);	# zap temporary vector
+	&and	($tp,"eax");
+	&and	($np,"edx");
+	&or	($np,$tp);
+	&mov	(&DWP(0,$rp,$num,4),$np);
+	&dec	($num);
+	&jge	(&label("copy"));
+
+	&mov	("esp",$_sp);		# pull saved stack pointer
+	&mov	("eax",1);
+&set_label("just_leave");
+&function_end("bn_mul_mont");
+
+&asciz("Montgomery Multiplication for x86, CRYPTOGAMS by <appro\@openssl.org>");
+
+&asm_finish();
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/x86_64-gcc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/x86_64-gcc.c
new file mode 100644
index 000000000..31839ba06
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/x86_64-gcc.c
@@ -0,0 +1,643 @@
+/*
+ * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "../bn_lcl.h"
+#if !(defined(__GNUC__) && __GNUC__>=2)
+# include "../bn_asm.c"         /* kind of dirty hack for Sun Studio */
+#else
+/*-
+ * x86_64 BIGNUM accelerator version 0.1, December 2002.
+ *
+ * Implemented by Andy Polyakov <appro@openssl.org> for the OpenSSL
+ * project.
+ *
+ * Rights for redistribution and usage in source and binary forms are
+ * granted according to the OpenSSL license. Warranty of any kind is
+ * disclaimed.
+ *
+ * Q. Version 0.1? It doesn't sound like Andy, he used to assign real
+ *    versions, like 1.0...
+ * A. Well, that's because this code is basically a quick-n-dirty
+ *    proof-of-concept hack. As you can see it's implemented with
+ *    inline assembler, which means that you're bound to GCC and that
+ *    there might be enough room for further improvement.
+ *
+ * Q. Why inline assembler?
+ * A. x86_64 features own ABI which I'm not familiar with. This is
+ *    why I decided to let the compiler take care of subroutine
+ *    prologue/epilogue as well as register allocation. For reference.
+ *    Win64 implements different ABI for AMD64, different from Linux.
+ *
+ * Q. How much faster does it get?
+ * A. 'apps/openssl speed rsa dsa' output with no-asm:
+ *
+ *                        sign    verify    sign/s verify/s
+ *      rsa  512 bits   0.0006s   0.0001s   1683.8  18456.2
+ *      rsa 1024 bits   0.0028s   0.0002s    356.0   6407.0
+ *      rsa 2048 bits   0.0172s   0.0005s     58.0   1957.8
+ *      rsa 4096 bits   0.1155s   0.0018s      8.7    555.6
+ *                        sign    verify    sign/s verify/s
+ *      dsa  512 bits   0.0005s   0.0006s   2100.8   1768.3
+ *      dsa 1024 bits   0.0014s   0.0018s    692.3    559.2
+ *      dsa 2048 bits   0.0049s   0.0061s    204.7    165.0
+ *
+ *    'apps/openssl speed rsa dsa' output with this module:
+ *
+ *                        sign    verify    sign/s verify/s
+ *      rsa  512 bits   0.0004s   0.0000s   2767.1  33297.9
+ *      rsa 1024 bits   0.0012s   0.0001s    867.4  14674.7
+ *      rsa 2048 bits   0.0061s   0.0002s    164.0   5270.0
+ *      rsa 4096 bits   0.0384s   0.0006s     26.1   1650.8
+ *                        sign    verify    sign/s verify/s
+ *      dsa  512 bits   0.0002s   0.0003s   4442.2   3786.3
+ *      dsa 1024 bits   0.0005s   0.0007s   1835.1   1497.4
+ *      dsa 2048 bits   0.0016s   0.0020s    620.4    504.6
+ *
+ *    For the reference. IA-32 assembler implementation performs
+ *    very much like 64-bit code compiled with no-asm on the same
+ *    machine.
+ */
+
+# undef mul
+# undef mul_add
+
+/*-
+ * "m"(a), "+m"(r)      is the way to favor DirectPath µ-code;
+ * "g"(0)               let the compiler to decide where does it
+ *                      want to keep the value of zero;
+ */
+# define mul_add(r,a,word,carry) do {   \
+        register BN_ULONG high,low;     \
+        asm ("mulq %3"                  \
+                : "=a"(low),"=d"(high)  \
+                : "a"(word),"m"(a)      \
+                : "cc");                \
+        asm ("addq %2,%0; adcq %3,%1"   \
+                : "+r"(carry),"+d"(high)\
+                : "a"(low),"g"(0)       \
+                : "cc");                \
+        asm ("addq %2,%0; adcq %3,%1"   \
+                : "+m"(r),"+d"(high)    \
+                : "r"(carry),"g"(0)     \
+                : "cc");                \
+        carry=high;                     \
+        } while (0)
+
+# define mul(r,a,word,carry) do {       \
+        register BN_ULONG high,low;     \
+        asm ("mulq %3"                  \
+                : "=a"(low),"=d"(high)  \
+                : "a"(word),"g"(a)      \
+                : "cc");                \
+        asm ("addq %2,%0; adcq %3,%1"   \
+                : "+r"(carry),"+d"(high)\
+                : "a"(low),"g"(0)       \
+                : "cc");                \
+        (r)=carry, carry=high;          \
+        } while (0)
+# undef sqr
+# define sqr(r0,r1,a)                   \
+        asm ("mulq %2"                  \
+                : "=a"(r0),"=d"(r1)     \
+                : "a"(a)                \
+                : "cc");
+
+BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num,
+                          BN_ULONG w)
+{
+    BN_ULONG c1 = 0;
+
+    if (num <= 0)
+        return c1;
+
+    while (num & ~3) {
+        mul_add(rp[0], ap[0], w, c1);
+        mul_add(rp[1], ap[1], w, c1);
+        mul_add(rp[2], ap[2], w, c1);
+        mul_add(rp[3], ap[3], w, c1);
+        ap += 4;
+        rp += 4;
+        num -= 4;
+    }
+    if (num) {
+        mul_add(rp[0], ap[0], w, c1);
+        if (--num == 0)
+            return c1;
+        mul_add(rp[1], ap[1], w, c1);
+        if (--num == 0)
+            return c1;
+        mul_add(rp[2], ap[2], w, c1);
+        return c1;
+    }
+
+    return c1;
+}
+
+BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
+{
+    BN_ULONG c1 = 0;
+
+    if (num <= 0)
+        return c1;
+
+    while (num & ~3) {
+        mul(rp[0], ap[0], w, c1);
+        mul(rp[1], ap[1], w, c1);
+        mul(rp[2], ap[2], w, c1);
+        mul(rp[3], ap[3], w, c1);
+        ap += 4;
+        rp += 4;
+        num -= 4;
+    }
+    if (num) {
+        mul(rp[0], ap[0], w, c1);
+        if (--num == 0)
+            return c1;
+        mul(rp[1], ap[1], w, c1);
+        if (--num == 0)
+            return c1;
+        mul(rp[2], ap[2], w, c1);
+    }
+    return c1;
+}
+
+void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
+{
+    if (n <= 0)
+        return;
+
+    while (n & ~3) {
+        sqr(r[0], r[1], a[0]);
+        sqr(r[2], r[3], a[1]);
+        sqr(r[4], r[5], a[2]);
+        sqr(r[6], r[7], a[3]);
+        a += 4;
+        r += 8;
+        n -= 4;
+    }
+    if (n) {
+        sqr(r[0], r[1], a[0]);
+        if (--n == 0)
+            return;
+        sqr(r[2], r[3], a[1]);
+        if (--n == 0)
+            return;
+        sqr(r[4], r[5], a[2]);
+    }
+}
+
+BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
+{
+    BN_ULONG ret, waste;
+
+ asm("divq      %4":"=a"(ret), "=d"(waste)
+ :     "a"(l), "d"(h), "r"(d)
+ :     "cc");
+
+    return ret;
+}
+
+BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                      int n)
+{
+    BN_ULONG ret;
+    size_t i = 0;
+
+    if (n <= 0)
+        return 0;
+
+    asm volatile ("       subq    %0,%0           \n" /* clear carry */
+                  "       jmp     1f              \n"
+                  ".p2align 4                     \n"
+                  "1:     movq    (%4,%2,8),%0    \n"
+                  "       adcq    (%5,%2,8),%0    \n"
+                  "       movq    %0,(%3,%2,8)    \n"
+                  "       lea     1(%2),%2        \n"
+                  "       dec     %1              \n"
+                  "       jnz     1b              \n"
+                  "       sbbq    %0,%0           \n"
+                  :"=&r" (ret), "+c"(n), "+r"(i)
+                  :"r"(rp), "r"(ap), "r"(bp)
+                  :"cc", "memory");
+
+    return ret & 1;
+}
+
+# ifndef SIMICS
+BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                      int n)
+{
+    BN_ULONG ret;
+    size_t i = 0;
+
+    if (n <= 0)
+        return 0;
+
+    asm volatile ("       subq    %0,%0           \n" /* clear borrow */
+                  "       jmp     1f              \n"
+                  ".p2align 4                     \n"
+                  "1:     movq    (%4,%2,8),%0    \n"
+                  "       sbbq    (%5,%2,8),%0    \n"
+                  "       movq    %0,(%3,%2,8)    \n"
+                  "       lea     1(%2),%2        \n"
+                  "       dec     %1              \n"
+                  "       jnz     1b              \n"
+                  "       sbbq    %0,%0           \n"
+                  :"=&r" (ret), "+c"(n), "+r"(i)
+                  :"r"(rp), "r"(ap), "r"(bp)
+                  :"cc", "memory");
+
+    return ret & 1;
+}
+# else
+/* Simics 1.4<7 has buggy sbbq:-( */
+#  define BN_MASK2 0xffffffffffffffffL
+BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+{
+    BN_ULONG t1, t2;
+    int c = 0;
+
+    if (n <= 0)
+        return (BN_ULONG)0;
+
+    for (;;) {
+        t1 = a[0];
+        t2 = b[0];
+        r[0] = (t1 - t2 - c) & BN_MASK2;
+        if (t1 != t2)
+            c = (t1 < t2);
+        if (--n <= 0)
+            break;
+
+        t1 = a[1];
+        t2 = b[1];
+        r[1] = (t1 - t2 - c) & BN_MASK2;
+        if (t1 != t2)
+            c = (t1 < t2);
+        if (--n <= 0)
+            break;
+
+        t1 = a[2];
+        t2 = b[2];
+        r[2] = (t1 - t2 - c) & BN_MASK2;
+        if (t1 != t2)
+            c = (t1 < t2);
+        if (--n <= 0)
+            break;
+
+        t1 = a[3];
+        t2 = b[3];
+        r[3] = (t1 - t2 - c) & BN_MASK2;
+        if (t1 != t2)
+            c = (t1 < t2);
+        if (--n <= 0)
+            break;
+
+        a += 4;
+        b += 4;
+        r += 4;
+    }
+    return c;
+}
+# endif
+
+/* mul_add_c(a,b,c0,c1,c2)  -- c+=a*b for three word number c=(c2,c1,c0) */
+/* mul_add_c2(a,b,c0,c1,c2) -- c+=2*a*b for three word number c=(c2,c1,c0) */
+/* sqr_add_c(a,i,c0,c1,c2)  -- c+=a[i]^2 for three word number c=(c2,c1,c0) */
+/*
+ * sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number
+ * c=(c2,c1,c0)
+ */
+
+/*
+ * Keep in mind that carrying into high part of multiplication result
+ * can not overflow, because it cannot be all-ones.
+ */
+# if 0
+/* original macros are kept for reference purposes */
+#  define mul_add_c(a,b,c0,c1,c2)       do {    \
+        BN_ULONG ta = (a), tb = (b);            \
+        BN_ULONG lo, hi;                        \
+        BN_UMULT_LOHI(lo,hi,ta,tb);             \
+        c0 += lo; hi += (c0<lo)?1:0;            \
+        c1 += hi; c2 += (c1<hi)?1:0;            \
+        } while(0)
+
+#  define mul_add_c2(a,b,c0,c1,c2)      do {    \
+        BN_ULONG ta = (a), tb = (b);            \
+        BN_ULONG lo, hi, tt;                    \
+        BN_UMULT_LOHI(lo,hi,ta,tb);             \
+        c0 += lo; tt = hi+((c0<lo)?1:0);        \
+        c1 += tt; c2 += (c1<tt)?1:0;            \
+        c0 += lo; hi += (c0<lo)?1:0;            \
+        c1 += hi; c2 += (c1<hi)?1:0;            \
+        } while(0)
+
+#  define sqr_add_c(a,i,c0,c1,c2)       do {    \
+        BN_ULONG ta = (a)[i];                   \
+        BN_ULONG lo, hi;                        \
+        BN_UMULT_LOHI(lo,hi,ta,ta);             \
+        c0 += lo; hi += (c0<lo)?1:0;            \
+        c1 += hi; c2 += (c1<hi)?1:0;            \
+        } while(0)
+# else
+#  define mul_add_c(a,b,c0,c1,c2) do {  \
+        BN_ULONG t1,t2;                 \
+        asm ("mulq %3"                  \
+                : "=a"(t1),"=d"(t2)     \
+                : "a"(a),"m"(b)         \
+                : "cc");                \
+        asm ("addq %3,%0; adcq %4,%1; adcq %5,%2"       \
+                : "+r"(c0),"+r"(c1),"+r"(c2)            \
+                : "r"(t1),"r"(t2),"g"(0)                \
+                : "cc");                                \
+        } while (0)
+
+#  define sqr_add_c(a,i,c0,c1,c2) do {  \
+        BN_ULONG t1,t2;                 \
+        asm ("mulq %2"                  \
+                : "=a"(t1),"=d"(t2)     \
+                : "a"(a[i])             \
+                : "cc");                \
+        asm ("addq %3,%0; adcq %4,%1; adcq %5,%2"       \
+                : "+r"(c0),"+r"(c1),"+r"(c2)            \
+                : "r"(t1),"r"(t2),"g"(0)                \
+                : "cc");                                \
+        } while (0)
+
+#  define mul_add_c2(a,b,c0,c1,c2) do { \
+        BN_ULONG t1,t2;                 \
+        asm ("mulq %3"                  \
+                : "=a"(t1),"=d"(t2)     \
+                : "a"(a),"m"(b)         \
+                : "cc");                \
+        asm ("addq %3,%0; adcq %4,%1; adcq %5,%2"       \
+                : "+r"(c0),"+r"(c1),"+r"(c2)            \
+                : "r"(t1),"r"(t2),"g"(0)                \
+                : "cc");                                \
+        asm ("addq %3,%0; adcq %4,%1; adcq %5,%2"       \
+                : "+r"(c0),"+r"(c1),"+r"(c2)            \
+                : "r"(t1),"r"(t2),"g"(0)                \
+                : "cc");                                \
+        } while (0)
+# endif
+
+# define sqr_add_c2(a,i,j,c0,c1,c2)      \
+        mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+
+void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+{
+    BN_ULONG c1, c2, c3;
+
+    c1 = 0;
+    c2 = 0;
+    c3 = 0;
+    mul_add_c(a[0], b[0], c1, c2, c3);
+    r[0] = c1;
+    c1 = 0;
+    mul_add_c(a[0], b[1], c2, c3, c1);
+    mul_add_c(a[1], b[0], c2, c3, c1);
+    r[1] = c2;
+    c2 = 0;
+    mul_add_c(a[2], b[0], c3, c1, c2);
+    mul_add_c(a[1], b[1], c3, c1, c2);
+    mul_add_c(a[0], b[2], c3, c1, c2);
+    r[2] = c3;
+    c3 = 0;
+    mul_add_c(a[0], b[3], c1, c2, c3);
+    mul_add_c(a[1], b[2], c1, c2, c3);
+    mul_add_c(a[2], b[1], c1, c2, c3);
+    mul_add_c(a[3], b[0], c1, c2, c3);
+    r[3] = c1;
+    c1 = 0;
+    mul_add_c(a[4], b[0], c2, c3, c1);
+    mul_add_c(a[3], b[1], c2, c3, c1);
+    mul_add_c(a[2], b[2], c2, c3, c1);
+    mul_add_c(a[1], b[3], c2, c3, c1);
+    mul_add_c(a[0], b[4], c2, c3, c1);
+    r[4] = c2;
+    c2 = 0;
+    mul_add_c(a[0], b[5], c3, c1, c2);
+    mul_add_c(a[1], b[4], c3, c1, c2);
+    mul_add_c(a[2], b[3], c3, c1, c2);
+    mul_add_c(a[3], b[2], c3, c1, c2);
+    mul_add_c(a[4], b[1], c3, c1, c2);
+    mul_add_c(a[5], b[0], c3, c1, c2);
+    r[5] = c3;
+    c3 = 0;
+    mul_add_c(a[6], b[0], c1, c2, c3);
+    mul_add_c(a[5], b[1], c1, c2, c3);
+    mul_add_c(a[4], b[2], c1, c2, c3);
+    mul_add_c(a[3], b[3], c1, c2, c3);
+    mul_add_c(a[2], b[4], c1, c2, c3);
+    mul_add_c(a[1], b[5], c1, c2, c3);
+    mul_add_c(a[0], b[6], c1, c2, c3);
+    r[6] = c1;
+    c1 = 0;
+    mul_add_c(a[0], b[7], c2, c3, c1);
+    mul_add_c(a[1], b[6], c2, c3, c1);
+    mul_add_c(a[2], b[5], c2, c3, c1);
+    mul_add_c(a[3], b[4], c2, c3, c1);
+    mul_add_c(a[4], b[3], c2, c3, c1);
+    mul_add_c(a[5], b[2], c2, c3, c1);
+    mul_add_c(a[6], b[1], c2, c3, c1);
+    mul_add_c(a[7], b[0], c2, c3, c1);
+    r[7] = c2;
+    c2 = 0;
+    mul_add_c(a[7], b[1], c3, c1, c2);
+    mul_add_c(a[6], b[2], c3, c1, c2);
+    mul_add_c(a[5], b[3], c3, c1, c2);
+    mul_add_c(a[4], b[4], c3, c1, c2);
+    mul_add_c(a[3], b[5], c3, c1, c2);
+    mul_add_c(a[2], b[6], c3, c1, c2);
+    mul_add_c(a[1], b[7], c3, c1, c2);
+    r[8] = c3;
+    c3 = 0;
+    mul_add_c(a[2], b[7], c1, c2, c3);
+    mul_add_c(a[3], b[6], c1, c2, c3);
+    mul_add_c(a[4], b[5], c1, c2, c3);
+    mul_add_c(a[5], b[4], c1, c2, c3);
+    mul_add_c(a[6], b[3], c1, c2, c3);
+    mul_add_c(a[7], b[2], c1, c2, c3);
+    r[9] = c1;
+    c1 = 0;
+    mul_add_c(a[7], b[3], c2, c3, c1);
+    mul_add_c(a[6], b[4], c2, c3, c1);
+    mul_add_c(a[5], b[5], c2, c3, c1);
+    mul_add_c(a[4], b[6], c2, c3, c1);
+    mul_add_c(a[3], b[7], c2, c3, c1);
+    r[10] = c2;
+    c2 = 0;
+    mul_add_c(a[4], b[7], c3, c1, c2);
+    mul_add_c(a[5], b[6], c3, c1, c2);
+    mul_add_c(a[6], b[5], c3, c1, c2);
+    mul_add_c(a[7], b[4], c3, c1, c2);
+    r[11] = c3;
+    c3 = 0;
+    mul_add_c(a[7], b[5], c1, c2, c3);
+    mul_add_c(a[6], b[6], c1, c2, c3);
+    mul_add_c(a[5], b[7], c1, c2, c3);
+    r[12] = c1;
+    c1 = 0;
+    mul_add_c(a[6], b[7], c2, c3, c1);
+    mul_add_c(a[7], b[6], c2, c3, c1);
+    r[13] = c2;
+    c2 = 0;
+    mul_add_c(a[7], b[7], c3, c1, c2);
+    r[14] = c3;
+    r[15] = c1;
+}
+
+void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+{
+    BN_ULONG c1, c2, c3;
+
+    c1 = 0;
+    c2 = 0;
+    c3 = 0;
+    mul_add_c(a[0], b[0], c1, c2, c3);
+    r[0] = c1;
+    c1 = 0;
+    mul_add_c(a[0], b[1], c2, c3, c1);
+    mul_add_c(a[1], b[0], c2, c3, c1);
+    r[1] = c2;
+    c2 = 0;
+    mul_add_c(a[2], b[0], c3, c1, c2);
+    mul_add_c(a[1], b[1], c3, c1, c2);
+    mul_add_c(a[0], b[2], c3, c1, c2);
+    r[2] = c3;
+    c3 = 0;
+    mul_add_c(a[0], b[3], c1, c2, c3);
+    mul_add_c(a[1], b[2], c1, c2, c3);
+    mul_add_c(a[2], b[1], c1, c2, c3);
+    mul_add_c(a[3], b[0], c1, c2, c3);
+    r[3] = c1;
+    c1 = 0;
+    mul_add_c(a[3], b[1], c2, c3, c1);
+    mul_add_c(a[2], b[2], c2, c3, c1);
+    mul_add_c(a[1], b[3], c2, c3, c1);
+    r[4] = c2;
+    c2 = 0;
+    mul_add_c(a[2], b[3], c3, c1, c2);
+    mul_add_c(a[3], b[2], c3, c1, c2);
+    r[5] = c3;
+    c3 = 0;
+    mul_add_c(a[3], b[3], c1, c2, c3);
+    r[6] = c1;
+    r[7] = c2;
+}
+
+void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a)
+{
+    BN_ULONG c1, c2, c3;
+
+    c1 = 0;
+    c2 = 0;
+    c3 = 0;
+    sqr_add_c(a, 0, c1, c2, c3);
+    r[0] = c1;
+    c1 = 0;
+    sqr_add_c2(a, 1, 0, c2, c3, c1);
+    r[1] = c2;
+    c2 = 0;
+    sqr_add_c(a, 1, c3, c1, c2);
+    sqr_add_c2(a, 2, 0, c3, c1, c2);
+    r[2] = c3;
+    c3 = 0;
+    sqr_add_c2(a, 3, 0, c1, c2, c3);
+    sqr_add_c2(a, 2, 1, c1, c2, c3);
+    r[3] = c1;
+    c1 = 0;
+    sqr_add_c(a, 2, c2, c3, c1);
+    sqr_add_c2(a, 3, 1, c2, c3, c1);
+    sqr_add_c2(a, 4, 0, c2, c3, c1);
+    r[4] = c2;
+    c2 = 0;
+    sqr_add_c2(a, 5, 0, c3, c1, c2);
+    sqr_add_c2(a, 4, 1, c3, c1, c2);
+    sqr_add_c2(a, 3, 2, c3, c1, c2);
+    r[5] = c3;
+    c3 = 0;
+    sqr_add_c(a, 3, c1, c2, c3);
+    sqr_add_c2(a, 4, 2, c1, c2, c3);
+    sqr_add_c2(a, 5, 1, c1, c2, c3);
+    sqr_add_c2(a, 6, 0, c1, c2, c3);
+    r[6] = c1;
+    c1 = 0;
+    sqr_add_c2(a, 7, 0, c2, c3, c1);
+    sqr_add_c2(a, 6, 1, c2, c3, c1);
+    sqr_add_c2(a, 5, 2, c2, c3, c1);
+    sqr_add_c2(a, 4, 3, c2, c3, c1);
+    r[7] = c2;
+    c2 = 0;
+    sqr_add_c(a, 4, c3, c1, c2);
+    sqr_add_c2(a, 5, 3, c3, c1, c2);
+    sqr_add_c2(a, 6, 2, c3, c1, c2);
+    sqr_add_c2(a, 7, 1, c3, c1, c2);
+    r[8] = c3;
+    c3 = 0;
+    sqr_add_c2(a, 7, 2, c1, c2, c3);
+    sqr_add_c2(a, 6, 3, c1, c2, c3);
+    sqr_add_c2(a, 5, 4, c1, c2, c3);
+    r[9] = c1;
+    c1 = 0;
+    sqr_add_c(a, 5, c2, c3, c1);
+    sqr_add_c2(a, 6, 4, c2, c3, c1);
+    sqr_add_c2(a, 7, 3, c2, c3, c1);
+    r[10] = c2;
+    c2 = 0;
+    sqr_add_c2(a, 7, 4, c3, c1, c2);
+    sqr_add_c2(a, 6, 5, c3, c1, c2);
+    r[11] = c3;
+    c3 = 0;
+    sqr_add_c(a, 6, c1, c2, c3);
+    sqr_add_c2(a, 7, 5, c1, c2, c3);
+    r[12] = c1;
+    c1 = 0;
+    sqr_add_c2(a, 7, 6, c2, c3, c1);
+    r[13] = c2;
+    c2 = 0;
+    sqr_add_c(a, 7, c3, c1, c2);
+    r[14] = c3;
+    r[15] = c1;
+}
+
+void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a)
+{
+    BN_ULONG c1, c2, c3;
+
+    c1 = 0;
+    c2 = 0;
+    c3 = 0;
+    sqr_add_c(a, 0, c1, c2, c3);
+    r[0] = c1;
+    c1 = 0;
+    sqr_add_c2(a, 1, 0, c2, c3, c1);
+    r[1] = c2;
+    c2 = 0;
+    sqr_add_c(a, 1, c3, c1, c2);
+    sqr_add_c2(a, 2, 0, c3, c1, c2);
+    r[2] = c3;
+    c3 = 0;
+    sqr_add_c2(a, 3, 0, c1, c2, c3);
+    sqr_add_c2(a, 2, 1, c1, c2, c3);
+    r[3] = c1;
+    c1 = 0;
+    sqr_add_c(a, 2, c2, c3, c1);
+    sqr_add_c2(a, 3, 1, c2, c3, c1);
+    r[4] = c2;
+    c2 = 0;
+    sqr_add_c2(a, 3, 2, c3, c1, c2);
+    r[5] = c3;
+    c3 = 0;
+    sqr_add_c(a, 3, c1, c2, c3);
+    r[6] = c1;
+    r[7] = c2;
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/x86_64-gf2m.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/x86_64-gf2m.pl
new file mode 100644
index 000000000..0fd6e985d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/x86_64-gf2m.pl
@@ -0,0 +1,424 @@
+#! /usr/bin/env perl
+# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# May 2011
+#
+# The module implements bn_GF2m_mul_2x2 polynomial multiplication used
+# in bn_gf2m.c. It's kind of low-hanging mechanical port from C for
+# the time being... Except that it has two code paths: code suitable
+# for any x86_64 CPU and PCLMULQDQ one suitable for Westmere and
+# later. Improvement varies from one benchmark and µ-arch to another.
+# Vanilla code path is at most 20% faster than compiler-generated code
+# [not very impressive], while PCLMULQDQ - whole 85%-160% better on
+# 163- and 571-bit ECDH benchmarks on Intel CPUs. Keep in mind that
+# these coefficients are not ones for bn_GF2m_mul_2x2 itself, as not
+# all CPU time is burnt in it...
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+($lo,$hi)=("%rax","%rdx");	$a=$lo;
+($i0,$i1)=("%rsi","%rdi");
+($t0,$t1)=("%rbx","%rcx");
+($b,$mask)=("%rbp","%r8");
+($a1,$a2,$a4,$a8,$a12,$a48)=map("%r$_",(9..15));
+($R,$Tx)=("%xmm0","%xmm1");
+
+$code.=<<___;
+.text
+
+.type	_mul_1x1,\@abi-omnipotent
+.align	16
+_mul_1x1:
+.cfi_startproc
+	sub	\$128+8,%rsp
+.cfi_adjust_cfa_offset	128+8
+	mov	\$-1,$a1
+	lea	($a,$a),$i0
+	shr	\$3,$a1
+	lea	(,$a,4),$i1
+	and	$a,$a1			# a1=a&0x1fffffffffffffff
+	lea	(,$a,8),$a8
+	sar	\$63,$a			# broadcast 63rd bit
+	lea	($a1,$a1),$a2
+	sar	\$63,$i0		# broadcast 62nd bit
+	lea	(,$a1,4),$a4
+	and	$b,$a
+	sar	\$63,$i1		# broadcast 61st bit
+	mov	$a,$hi			# $a is $lo
+	shl	\$63,$lo
+	and	$b,$i0
+	shr	\$1,$hi
+	mov	$i0,$t1
+	shl	\$62,$i0
+	and	$b,$i1
+	shr	\$2,$t1
+	xor	$i0,$lo
+	mov	$i1,$t0
+	shl	\$61,$i1
+	xor	$t1,$hi
+	shr	\$3,$t0
+	xor	$i1,$lo
+	xor	$t0,$hi
+
+	mov	$a1,$a12
+	movq	\$0,0(%rsp)		# tab[0]=0
+	xor	$a2,$a12		# a1^a2
+	mov	$a1,8(%rsp)		# tab[1]=a1
+	 mov	$a4,$a48
+	mov	$a2,16(%rsp)		# tab[2]=a2
+	 xor	$a8,$a48		# a4^a8
+	mov	$a12,24(%rsp)		# tab[3]=a1^a2
+
+	xor	$a4,$a1
+	mov	$a4,32(%rsp)		# tab[4]=a4
+	xor	$a4,$a2
+	mov	$a1,40(%rsp)		# tab[5]=a1^a4
+	xor	$a4,$a12
+	mov	$a2,48(%rsp)		# tab[6]=a2^a4
+	 xor	$a48,$a1		# a1^a4^a4^a8=a1^a8
+	mov	$a12,56(%rsp)		# tab[7]=a1^a2^a4
+	 xor	$a48,$a2		# a2^a4^a4^a8=a1^a8
+
+	mov	$a8,64(%rsp)		# tab[8]=a8
+	xor	$a48,$a12		# a1^a2^a4^a4^a8=a1^a2^a8
+	mov	$a1,72(%rsp)		# tab[9]=a1^a8
+	 xor	$a4,$a1			# a1^a8^a4
+	mov	$a2,80(%rsp)		# tab[10]=a2^a8
+	 xor	$a4,$a2			# a2^a8^a4
+	mov	$a12,88(%rsp)		# tab[11]=a1^a2^a8
+
+	xor	$a4,$a12		# a1^a2^a8^a4
+	mov	$a48,96(%rsp)		# tab[12]=a4^a8
+	 mov	$mask,$i0
+	mov	$a1,104(%rsp)		# tab[13]=a1^a4^a8
+	 and	$b,$i0
+	mov	$a2,112(%rsp)		# tab[14]=a2^a4^a8
+	 shr	\$4,$b
+	mov	$a12,120(%rsp)		# tab[15]=a1^a2^a4^a8
+	 mov	$mask,$i1
+	 and	$b,$i1
+	 shr	\$4,$b
+
+	movq	(%rsp,$i0,8),$R		# half of calculations is done in SSE2
+	mov	$mask,$i0
+	and	$b,$i0
+	shr	\$4,$b
+___
+    for ($n=1;$n<8;$n++) {
+	$code.=<<___;
+	mov	(%rsp,$i1,8),$t1
+	mov	$mask,$i1
+	mov	$t1,$t0
+	shl	\$`8*$n-4`,$t1
+	and	$b,$i1
+	 movq	(%rsp,$i0,8),$Tx
+	shr	\$`64-(8*$n-4)`,$t0
+	xor	$t1,$lo
+	 pslldq	\$$n,$Tx
+	 mov	$mask,$i0
+	shr	\$4,$b
+	xor	$t0,$hi
+	 and	$b,$i0
+	 shr	\$4,$b
+	 pxor	$Tx,$R
+___
+    }
+$code.=<<___;
+	mov	(%rsp,$i1,8),$t1
+	mov	$t1,$t0
+	shl	\$`8*$n-4`,$t1
+	movq	$R,$i0
+	shr	\$`64-(8*$n-4)`,$t0
+	xor	$t1,$lo
+	psrldq	\$8,$R
+	xor	$t0,$hi
+	movq	$R,$i1
+	xor	$i0,$lo
+	xor	$i1,$hi
+
+	add	\$128+8,%rsp
+.cfi_adjust_cfa_offset	-128-8
+	ret
+.Lend_mul_1x1:
+.cfi_endproc
+.size	_mul_1x1,.-_mul_1x1
+___
+
+($rp,$a1,$a0,$b1,$b0) = $win64?	("%rcx","%rdx","%r8", "%r9","%r10") :	# Win64 order
+				("%rdi","%rsi","%rdx","%rcx","%r8");	# Unix order
+
+$code.=<<___;
+.extern	OPENSSL_ia32cap_P
+.globl	bn_GF2m_mul_2x2
+.type	bn_GF2m_mul_2x2,\@abi-omnipotent
+.align	16
+bn_GF2m_mul_2x2:
+.cfi_startproc
+	mov	%rsp,%rax
+	mov	OPENSSL_ia32cap_P(%rip),%r10
+	bt	\$33,%r10
+	jnc	.Lvanilla_mul_2x2
+
+	movq		$a1,%xmm0
+	movq		$b1,%xmm1
+	movq		$a0,%xmm2
+___
+$code.=<<___ if ($win64);
+	movq		40(%rsp),%xmm3
+___
+$code.=<<___ if (!$win64);
+	movq		$b0,%xmm3
+___
+$code.=<<___;
+	movdqa		%xmm0,%xmm4
+	movdqa		%xmm1,%xmm5
+	pclmulqdq	\$0,%xmm1,%xmm0	# a1·b1
+	pxor		%xmm2,%xmm4
+	pxor		%xmm3,%xmm5
+	pclmulqdq	\$0,%xmm3,%xmm2	# a0·b0
+	pclmulqdq	\$0,%xmm5,%xmm4	# (a0+a1)·(b0+b1)
+	xorps		%xmm0,%xmm4
+	xorps		%xmm2,%xmm4	# (a0+a1)·(b0+b1)-a0·b0-a1·b1
+	movdqa		%xmm4,%xmm5
+	pslldq		\$8,%xmm4
+	psrldq		\$8,%xmm5
+	pxor		%xmm4,%xmm2
+	pxor		%xmm5,%xmm0
+	movdqu		%xmm2,0($rp)
+	movdqu		%xmm0,16($rp)
+	ret
+
+.align	16
+.Lvanilla_mul_2x2:
+	lea	-8*17(%rsp),%rsp
+.cfi_adjust_cfa_offset	8*17
+___
+$code.=<<___ if ($win64);
+	mov	`8*17+40`(%rsp),$b0
+	mov	%rdi,8*15(%rsp)
+	mov	%rsi,8*16(%rsp)
+___
+$code.=<<___;
+	mov	%r14,8*10(%rsp)
+.cfi_rel_offset	%r14,8*10
+	mov	%r13,8*11(%rsp)
+.cfi_rel_offset	%r13,8*11
+	mov	%r12,8*12(%rsp)
+.cfi_rel_offset	%r12,8*12
+	mov	%rbp,8*13(%rsp)
+.cfi_rel_offset	%rbp,8*13
+	mov	%rbx,8*14(%rsp)
+.cfi_rel_offset	%rbx,8*14
+.Lbody_mul_2x2:
+	mov	$rp,32(%rsp)		# save the arguments
+	mov	$a1,40(%rsp)
+	mov	$a0,48(%rsp)
+	mov	$b1,56(%rsp)
+	mov	$b0,64(%rsp)
+
+	mov	\$0xf,$mask
+	mov	$a1,$a
+	mov	$b1,$b
+	call	_mul_1x1		# a1·b1
+	mov	$lo,16(%rsp)
+	mov	$hi,24(%rsp)
+
+	mov	48(%rsp),$a
+	mov	64(%rsp),$b
+	call	_mul_1x1		# a0·b0
+	mov	$lo,0(%rsp)
+	mov	$hi,8(%rsp)
+
+	mov	40(%rsp),$a
+	mov	56(%rsp),$b
+	xor	48(%rsp),$a
+	xor	64(%rsp),$b
+	call	_mul_1x1		# (a0+a1)·(b0+b1)
+___
+	@r=("%rbx","%rcx","%rdi","%rsi");
+$code.=<<___;
+	mov	0(%rsp),@r[0]
+	mov	8(%rsp),@r[1]
+	mov	16(%rsp),@r[2]
+	mov	24(%rsp),@r[3]
+	mov	32(%rsp),%rbp
+
+	xor	$hi,$lo
+	xor	@r[1],$hi
+	xor	@r[0],$lo
+	mov	@r[0],0(%rbp)
+	xor	@r[2],$hi
+	mov	@r[3],24(%rbp)
+	xor	@r[3],$lo
+	xor	@r[3],$hi
+	xor	$hi,$lo
+	mov	$hi,16(%rbp)
+	mov	$lo,8(%rbp)
+
+	mov	8*10(%rsp),%r14
+.cfi_restore	%r14
+	mov	8*11(%rsp),%r13
+.cfi_restore	%r13
+	mov	8*12(%rsp),%r12
+.cfi_restore	%r12
+	mov	8*13(%rsp),%rbp
+.cfi_restore	%rbp
+	mov	8*14(%rsp),%rbx
+.cfi_restore	%rbx
+___
+$code.=<<___ if ($win64);
+	mov	8*15(%rsp),%rdi
+	mov	8*16(%rsp),%rsi
+___
+$code.=<<___;
+	lea	8*17(%rsp),%rsp
+.cfi_adjust_cfa_offset	-8*17
+.Lepilogue_mul_2x2:
+	ret
+.Lend_mul_2x2:
+.cfi_endproc
+.size	bn_GF2m_mul_2x2,.-bn_GF2m_mul_2x2
+.asciz	"GF(2^m) Multiplication for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+.align	16
+___
+
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#               CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern __imp_RtlVirtualUnwind
+
+.type	se_handler,\@abi-omnipotent
+.align	16
+se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	lea	.Lbody_mul_2x2(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip<"prologue" label
+	jb	.Lin_prologue
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	lea	.Lepilogue_mul_2x2(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip>="epilogue" label
+	jae	.Lin_prologue
+
+	mov	8*10(%rax),%r14		# mimic epilogue
+	mov	8*11(%rax),%r13
+	mov	8*12(%rax),%r12
+	mov	8*13(%rax),%rbp
+	mov	8*14(%rax),%rbx
+	mov	8*15(%rax),%rdi
+	mov	8*16(%rax),%rsi
+
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+	mov	%r14,232($context)	# restore context->R14
+
+	lea	8*17(%rax),%rax
+
+.Lin_prologue:
+	mov	%rax,152($context)	# restore context->Rsp
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$154,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	se_handler,.-se_handler
+
+.section	.pdata
+.align	4
+	.rva	_mul_1x1
+	.rva	.Lend_mul_1x1
+	.rva	.LSEH_info_1x1
+
+	.rva	.Lvanilla_mul_2x2
+	.rva	.Lend_mul_2x2
+	.rva	.LSEH_info_2x2
+.section	.xdata
+.align	8
+.LSEH_info_1x1:
+	.byte	0x01,0x07,0x02,0x00
+	.byte	0x07,0x01,0x11,0x00	# sub rsp,128+8
+.LSEH_info_2x2:
+	.byte	9,0,0,0
+	.rva	se_handler
+___
+}
+
+$code =~ s/\`([^\`]*)\`/eval($1)/gem;
+print $code;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/x86_64-mont.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/x86_64-mont.pl
new file mode 100755
index 000000000..c051135e3
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/x86_64-mont.pl
@@ -0,0 +1,1592 @@
+#! /usr/bin/env perl
+# Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# October 2005.
+#
+# Montgomery multiplication routine for x86_64. While it gives modest
+# 9% improvement of rsa4096 sign on Opteron, rsa512 sign runs more
+# than twice, >2x, as fast. Most common rsa1024 sign is improved by
+# respectful 50%. It remains to be seen if loop unrolling and
+# dedicated squaring routine can provide further improvement...
+
+# July 2011.
+#
+# Add dedicated squaring procedure. Performance improvement varies
+# from platform to platform, but in average it's ~5%/15%/25%/33%
+# for 512-/1024-/2048-/4096-bit RSA *sign* benchmarks respectively.
+
+# August 2011.
+#
+# Unroll and modulo-schedule inner loops in such manner that they
+# are "fallen through" for input lengths of 8, which is critical for
+# 1024-bit RSA *sign*. Average performance improvement in comparison
+# to *initial* version of this module from 2005 is ~0%/30%/40%/45%
+# for 512-/1024-/2048-/4096-bit RSA *sign* benchmarks respectively.
+
+# June 2013.
+#
+# Optimize reduction in squaring procedure and improve 1024+-bit RSA
+# sign performance by 10-16% on Intel Sandy Bridge and later
+# (virtually same on non-Intel processors).
+
+# August 2013.
+#
+# Add MULX/ADOX/ADCX code path.
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+		=~ /GNU assembler version ([2-9]\.[0-9]+)/) {
+	$addx = ($1>=2.23);
+}
+
+if (!$addx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
+	    `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
+	$addx = ($1>=2.10);
+}
+
+if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
+	    `ml64 2>&1` =~ /Version ([0-9]+)\./) {
+	$addx = ($1>=12);
+}
+
+if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) {
+	my $ver = $2 + $3/100.0;	# 3.1->3.01, 3.10->3.10
+	$addx = ($ver>=3.03);
+}
+
+# int bn_mul_mont(
+$rp="%rdi";	# BN_ULONG *rp,
+$ap="%rsi";	# const BN_ULONG *ap,
+$bp="%rdx";	# const BN_ULONG *bp,
+$np="%rcx";	# const BN_ULONG *np,
+$n0="%r8";	# const BN_ULONG *n0,
+$num="%r9";	# int num);
+$lo0="%r10";
+$hi0="%r11";
+$hi1="%r13";
+$i="%r14";
+$j="%r15";
+$m0="%rbx";
+$m1="%rbp";
+
+$code=<<___;
+.text
+
+.extern	OPENSSL_ia32cap_P
+
+.globl	bn_mul_mont
+.type	bn_mul_mont,\@function,6
+.align	16
+bn_mul_mont:
+.cfi_startproc
+	mov	${num}d,${num}d
+	mov	%rsp,%rax
+.cfi_def_cfa_register	%rax
+	test	\$3,${num}d
+	jnz	.Lmul_enter
+	cmp	\$8,${num}d
+	jb	.Lmul_enter
+___
+$code.=<<___ if ($addx);
+	mov	OPENSSL_ia32cap_P+8(%rip),%r11d
+___
+$code.=<<___;
+	cmp	$ap,$bp
+	jne	.Lmul4x_enter
+	test	\$7,${num}d
+	jz	.Lsqr8x_enter
+	jmp	.Lmul4x_enter
+
+.align	16
+.Lmul_enter:
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+
+	neg	$num
+	mov	%rsp,%r11
+	lea	-16(%rsp,$num,8),%r10	# future alloca(8*(num+2))
+	neg	$num			# restore $num
+	and	\$-1024,%r10		# minimize TLB usage
+
+	# An OS-agnostic version of __chkstk.
+	#
+	# Some OSes (Windows) insist on stack being "wired" to
+	# physical memory in strictly sequential manner, i.e. if stack
+	# allocation spans two pages, then reference to farmost one can
+	# be punishable by SEGV. But page walking can do good even on
+	# other OSes, because it guarantees that villain thread hits
+	# the guard page before it can make damage to innocent one...
+	sub	%r10,%r11
+	and	\$-4096,%r11
+	lea	(%r10,%r11),%rsp
+	mov	(%rsp),%r11
+	cmp	%r10,%rsp
+	ja	.Lmul_page_walk
+	jmp	.Lmul_page_walk_done
+
+.align	16
+.Lmul_page_walk:
+	lea	-4096(%rsp),%rsp
+	mov	(%rsp),%r11
+	cmp	%r10,%rsp
+	ja	.Lmul_page_walk
+.Lmul_page_walk_done:
+
+	mov	%rax,8(%rsp,$num,8)	# tp[num+1]=%rsp
+.cfi_cfa_expression	%rsp+8,$num,8,mul,plus,deref,+8
+.Lmul_body:
+	mov	$bp,%r12		# reassign $bp
+___
+		$bp="%r12";
+$code.=<<___;
+	mov	($n0),$n0		# pull n0[0] value
+	mov	($bp),$m0		# m0=bp[0]
+	mov	($ap),%rax
+
+	xor	$i,$i			# i=0
+	xor	$j,$j			# j=0
+
+	mov	$n0,$m1
+	mulq	$m0			# ap[0]*bp[0]
+	mov	%rax,$lo0
+	mov	($np),%rax
+
+	imulq	$lo0,$m1		# "tp[0]"*n0
+	mov	%rdx,$hi0
+
+	mulq	$m1			# np[0]*m1
+	add	%rax,$lo0		# discarded
+	mov	8($ap),%rax
+	adc	\$0,%rdx
+	mov	%rdx,$hi1
+
+	lea	1($j),$j		# j++
+	jmp	.L1st_enter
+
+.align	16
+.L1st:
+	add	%rax,$hi1
+	mov	($ap,$j,8),%rax
+	adc	\$0,%rdx
+	add	$hi0,$hi1		# np[j]*m1+ap[j]*bp[0]
+	mov	$lo0,$hi0
+	adc	\$0,%rdx
+	mov	$hi1,-16(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$hi1
+
+.L1st_enter:
+	mulq	$m0			# ap[j]*bp[0]
+	add	%rax,$hi0
+	mov	($np,$j,8),%rax
+	adc	\$0,%rdx
+	lea	1($j),$j		# j++
+	mov	%rdx,$lo0
+
+	mulq	$m1			# np[j]*m1
+	cmp	$num,$j
+	jne	.L1st
+
+	add	%rax,$hi1
+	mov	($ap),%rax		# ap[0]
+	adc	\$0,%rdx
+	add	$hi0,$hi1		# np[j]*m1+ap[j]*bp[0]
+	adc	\$0,%rdx
+	mov	$hi1,-16(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$hi1
+	mov	$lo0,$hi0
+
+	xor	%rdx,%rdx
+	add	$hi0,$hi1
+	adc	\$0,%rdx
+	mov	$hi1,-8(%rsp,$num,8)
+	mov	%rdx,(%rsp,$num,8)	# store upmost overflow bit
+
+	lea	1($i),$i		# i++
+	jmp	.Louter
+.align	16
+.Louter:
+	mov	($bp,$i,8),$m0		# m0=bp[i]
+	xor	$j,$j			# j=0
+	mov	$n0,$m1
+	mov	(%rsp),$lo0
+	mulq	$m0			# ap[0]*bp[i]
+	add	%rax,$lo0		# ap[0]*bp[i]+tp[0]
+	mov	($np),%rax
+	adc	\$0,%rdx
+
+	imulq	$lo0,$m1		# tp[0]*n0
+	mov	%rdx,$hi0
+
+	mulq	$m1			# np[0]*m1
+	add	%rax,$lo0		# discarded
+	mov	8($ap),%rax
+	adc	\$0,%rdx
+	mov	8(%rsp),$lo0		# tp[1]
+	mov	%rdx,$hi1
+
+	lea	1($j),$j		# j++
+	jmp	.Linner_enter
+
+.align	16
+.Linner:
+	add	%rax,$hi1
+	mov	($ap,$j,8),%rax
+	adc	\$0,%rdx
+	add	$lo0,$hi1		# np[j]*m1+ap[j]*bp[i]+tp[j]
+	mov	(%rsp,$j,8),$lo0
+	adc	\$0,%rdx
+	mov	$hi1,-16(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$hi1
+
+.Linner_enter:
+	mulq	$m0			# ap[j]*bp[i]
+	add	%rax,$hi0
+	mov	($np,$j,8),%rax
+	adc	\$0,%rdx
+	add	$hi0,$lo0		# ap[j]*bp[i]+tp[j]
+	mov	%rdx,$hi0
+	adc	\$0,$hi0
+	lea	1($j),$j		# j++
+
+	mulq	$m1			# np[j]*m1
+	cmp	$num,$j
+	jne	.Linner
+
+	add	%rax,$hi1
+	mov	($ap),%rax		# ap[0]
+	adc	\$0,%rdx
+	add	$lo0,$hi1		# np[j]*m1+ap[j]*bp[i]+tp[j]
+	mov	(%rsp,$j,8),$lo0
+	adc	\$0,%rdx
+	mov	$hi1,-16(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$hi1
+
+	xor	%rdx,%rdx
+	add	$hi0,$hi1
+	adc	\$0,%rdx
+	add	$lo0,$hi1		# pull upmost overflow bit
+	adc	\$0,%rdx
+	mov	$hi1,-8(%rsp,$num,8)
+	mov	%rdx,(%rsp,$num,8)	# store upmost overflow bit
+
+	lea	1($i),$i		# i++
+	cmp	$num,$i
+	jb	.Louter
+
+	xor	$i,$i			# i=0 and clear CF!
+	mov	(%rsp),%rax		# tp[0]
+	mov	$num,$j			# j=num
+
+.align	16
+.Lsub:	sbb	($np,$i,8),%rax
+	mov	%rax,($rp,$i,8)		# rp[i]=tp[i]-np[i]
+	mov	8(%rsp,$i,8),%rax	# tp[i+1]
+	lea	1($i),$i		# i++
+	dec	$j			# doesn't affect CF!
+	jnz	.Lsub
+
+	sbb	\$0,%rax		# handle upmost overflow bit
+	mov	\$-1,%rbx
+	xor	%rax,%rbx		# not %rax
+	xor	$i,$i
+	mov	$num,$j			# j=num
+
+.Lcopy:					# conditional copy
+	mov	($rp,$i,8),%rcx
+	mov	(%rsp,$i,8),%rdx
+	and	%rbx,%rcx
+	and	%rax,%rdx
+	mov	$num,(%rsp,$i,8)	# zap temporary vector
+	or	%rcx,%rdx
+	mov	%rdx,($rp,$i,8)		# rp[i]=tp[i]
+	lea	1($i),$i
+	sub	\$1,$j
+	jnz	.Lcopy
+
+	mov	8(%rsp,$num,8),%rsi	# restore %rsp
+.cfi_def_cfa	%rsi,8
+	mov	\$1,%rax
+	mov	-48(%rsi),%r15
+.cfi_restore	%r15
+	mov	-40(%rsi),%r14
+.cfi_restore	%r14
+	mov	-32(%rsi),%r13
+.cfi_restore	%r13
+	mov	-24(%rsi),%r12
+.cfi_restore	%r12
+	mov	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lmul_epilogue:
+	ret
+.cfi_endproc
+.size	bn_mul_mont,.-bn_mul_mont
+___
+{{{
+my @A=("%r10","%r11");
+my @N=("%r13","%rdi");
+$code.=<<___;
+.type	bn_mul4x_mont,\@function,6
+.align	16
+bn_mul4x_mont:
+.cfi_startproc
+	mov	${num}d,${num}d
+	mov	%rsp,%rax
+.cfi_def_cfa_register	%rax
+.Lmul4x_enter:
+___
+$code.=<<___ if ($addx);
+	and	\$0x80100,%r11d
+	cmp	\$0x80100,%r11d
+	je	.Lmulx4x_enter
+___
+$code.=<<___;
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+
+	neg	$num
+	mov	%rsp,%r11
+	lea	-32(%rsp,$num,8),%r10	# future alloca(8*(num+4))
+	neg	$num			# restore
+	and	\$-1024,%r10		# minimize TLB usage
+
+	sub	%r10,%r11
+	and	\$-4096,%r11
+	lea	(%r10,%r11),%rsp
+	mov	(%rsp),%r11
+	cmp	%r10,%rsp
+	ja	.Lmul4x_page_walk
+	jmp	.Lmul4x_page_walk_done
+
+.Lmul4x_page_walk:
+	lea	-4096(%rsp),%rsp
+	mov	(%rsp),%r11
+	cmp	%r10,%rsp
+	ja	.Lmul4x_page_walk
+.Lmul4x_page_walk_done:
+
+	mov	%rax,8(%rsp,$num,8)	# tp[num+1]=%rsp
+.cfi_cfa_expression	%rsp+8,$num,8,mul,plus,deref,+8
+.Lmul4x_body:
+	mov	$rp,16(%rsp,$num,8)	# tp[num+2]=$rp
+	mov	%rdx,%r12		# reassign $bp
+___
+		$bp="%r12";
+$code.=<<___;
+	mov	($n0),$n0		# pull n0[0] value
+	mov	($bp),$m0		# m0=bp[0]
+	mov	($ap),%rax
+
+	xor	$i,$i			# i=0
+	xor	$j,$j			# j=0
+
+	mov	$n0,$m1
+	mulq	$m0			# ap[0]*bp[0]
+	mov	%rax,$A[0]
+	mov	($np),%rax
+
+	imulq	$A[0],$m1		# "tp[0]"*n0
+	mov	%rdx,$A[1]
+
+	mulq	$m1			# np[0]*m1
+	add	%rax,$A[0]		# discarded
+	mov	8($ap),%rax
+	adc	\$0,%rdx
+	mov	%rdx,$N[1]
+
+	mulq	$m0
+	add	%rax,$A[1]
+	mov	8($np),%rax
+	adc	\$0,%rdx
+	mov	%rdx,$A[0]
+
+	mulq	$m1
+	add	%rax,$N[1]
+	mov	16($ap),%rax
+	adc	\$0,%rdx
+	add	$A[1],$N[1]
+	lea	4($j),$j		# j++
+	adc	\$0,%rdx
+	mov	$N[1],(%rsp)
+	mov	%rdx,$N[0]
+	jmp	.L1st4x
+.align	16
+.L1st4x:
+	mulq	$m0			# ap[j]*bp[0]
+	add	%rax,$A[0]
+	mov	-16($np,$j,8),%rax
+	adc	\$0,%rdx
+	mov	%rdx,$A[1]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[0]
+	mov	-8($ap,$j,8),%rax
+	adc	\$0,%rdx
+	add	$A[0],$N[0]		# np[j]*m1+ap[j]*bp[0]
+	adc	\$0,%rdx
+	mov	$N[0],-24(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$N[1]
+
+	mulq	$m0			# ap[j]*bp[0]
+	add	%rax,$A[1]
+	mov	-8($np,$j,8),%rax
+	adc	\$0,%rdx
+	mov	%rdx,$A[0]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[1]
+	mov	($ap,$j,8),%rax
+	adc	\$0,%rdx
+	add	$A[1],$N[1]		# np[j]*m1+ap[j]*bp[0]
+	adc	\$0,%rdx
+	mov	$N[1],-16(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$N[0]
+
+	mulq	$m0			# ap[j]*bp[0]
+	add	%rax,$A[0]
+	mov	($np,$j,8),%rax
+	adc	\$0,%rdx
+	mov	%rdx,$A[1]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[0]
+	mov	8($ap,$j,8),%rax
+	adc	\$0,%rdx
+	add	$A[0],$N[0]		# np[j]*m1+ap[j]*bp[0]
+	adc	\$0,%rdx
+	mov	$N[0],-8(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$N[1]
+
+	mulq	$m0			# ap[j]*bp[0]
+	add	%rax,$A[1]
+	mov	8($np,$j,8),%rax
+	adc	\$0,%rdx
+	lea	4($j),$j		# j++
+	mov	%rdx,$A[0]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[1]
+	mov	-16($ap,$j,8),%rax
+	adc	\$0,%rdx
+	add	$A[1],$N[1]		# np[j]*m1+ap[j]*bp[0]
+	adc	\$0,%rdx
+	mov	$N[1],-32(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$N[0]
+	cmp	$num,$j
+	jb	.L1st4x
+
+	mulq	$m0			# ap[j]*bp[0]
+	add	%rax,$A[0]
+	mov	-16($np,$j,8),%rax
+	adc	\$0,%rdx
+	mov	%rdx,$A[1]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[0]
+	mov	-8($ap,$j,8),%rax
+	adc	\$0,%rdx
+	add	$A[0],$N[0]		# np[j]*m1+ap[j]*bp[0]
+	adc	\$0,%rdx
+	mov	$N[0],-24(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$N[1]
+
+	mulq	$m0			# ap[j]*bp[0]
+	add	%rax,$A[1]
+	mov	-8($np,$j,8),%rax
+	adc	\$0,%rdx
+	mov	%rdx,$A[0]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[1]
+	mov	($ap),%rax		# ap[0]
+	adc	\$0,%rdx
+	add	$A[1],$N[1]		# np[j]*m1+ap[j]*bp[0]
+	adc	\$0,%rdx
+	mov	$N[1],-16(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$N[0]
+
+	xor	$N[1],$N[1]
+	add	$A[0],$N[0]
+	adc	\$0,$N[1]
+	mov	$N[0],-8(%rsp,$j,8)
+	mov	$N[1],(%rsp,$j,8)	# store upmost overflow bit
+
+	lea	1($i),$i		# i++
+.align	4
+.Louter4x:
+	mov	($bp,$i,8),$m0		# m0=bp[i]
+	xor	$j,$j			# j=0
+	mov	(%rsp),$A[0]
+	mov	$n0,$m1
+	mulq	$m0			# ap[0]*bp[i]
+	add	%rax,$A[0]		# ap[0]*bp[i]+tp[0]
+	mov	($np),%rax
+	adc	\$0,%rdx
+
+	imulq	$A[0],$m1		# tp[0]*n0
+	mov	%rdx,$A[1]
+
+	mulq	$m1			# np[0]*m1
+	add	%rax,$A[0]		# "$N[0]", discarded
+	mov	8($ap),%rax
+	adc	\$0,%rdx
+	mov	%rdx,$N[1]
+
+	mulq	$m0			# ap[j]*bp[i]
+	add	%rax,$A[1]
+	mov	8($np),%rax
+	adc	\$0,%rdx
+	add	8(%rsp),$A[1]		# +tp[1]
+	adc	\$0,%rdx
+	mov	%rdx,$A[0]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[1]
+	mov	16($ap),%rax
+	adc	\$0,%rdx
+	add	$A[1],$N[1]		# np[j]*m1+ap[j]*bp[i]+tp[j]
+	lea	4($j),$j		# j+=2
+	adc	\$0,%rdx
+	mov	$N[1],(%rsp)		# tp[j-1]
+	mov	%rdx,$N[0]
+	jmp	.Linner4x
+.align	16
+.Linner4x:
+	mulq	$m0			# ap[j]*bp[i]
+	add	%rax,$A[0]
+	mov	-16($np,$j,8),%rax
+	adc	\$0,%rdx
+	add	-16(%rsp,$j,8),$A[0]	# ap[j]*bp[i]+tp[j]
+	adc	\$0,%rdx
+	mov	%rdx,$A[1]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[0]
+	mov	-8($ap,$j,8),%rax
+	adc	\$0,%rdx
+	add	$A[0],$N[0]
+	adc	\$0,%rdx
+	mov	$N[0],-24(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$N[1]
+
+	mulq	$m0			# ap[j]*bp[i]
+	add	%rax,$A[1]
+	mov	-8($np,$j,8),%rax
+	adc	\$0,%rdx
+	add	-8(%rsp,$j,8),$A[1]
+	adc	\$0,%rdx
+	mov	%rdx,$A[0]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[1]
+	mov	($ap,$j,8),%rax
+	adc	\$0,%rdx
+	add	$A[1],$N[1]
+	adc	\$0,%rdx
+	mov	$N[1],-16(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$N[0]
+
+	mulq	$m0			# ap[j]*bp[i]
+	add	%rax,$A[0]
+	mov	($np,$j,8),%rax
+	adc	\$0,%rdx
+	add	(%rsp,$j,8),$A[0]	# ap[j]*bp[i]+tp[j]
+	adc	\$0,%rdx
+	mov	%rdx,$A[1]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[0]
+	mov	8($ap,$j,8),%rax
+	adc	\$0,%rdx
+	add	$A[0],$N[0]
+	adc	\$0,%rdx
+	mov	$N[0],-8(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$N[1]
+
+	mulq	$m0			# ap[j]*bp[i]
+	add	%rax,$A[1]
+	mov	8($np,$j,8),%rax
+	adc	\$0,%rdx
+	add	8(%rsp,$j,8),$A[1]
+	adc	\$0,%rdx
+	lea	4($j),$j		# j++
+	mov	%rdx,$A[0]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[1]
+	mov	-16($ap,$j,8),%rax
+	adc	\$0,%rdx
+	add	$A[1],$N[1]
+	adc	\$0,%rdx
+	mov	$N[1],-32(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$N[0]
+	cmp	$num,$j
+	jb	.Linner4x
+
+	mulq	$m0			# ap[j]*bp[i]
+	add	%rax,$A[0]
+	mov	-16($np,$j,8),%rax
+	adc	\$0,%rdx
+	add	-16(%rsp,$j,8),$A[0]	# ap[j]*bp[i]+tp[j]
+	adc	\$0,%rdx
+	mov	%rdx,$A[1]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[0]
+	mov	-8($ap,$j,8),%rax
+	adc	\$0,%rdx
+	add	$A[0],$N[0]
+	adc	\$0,%rdx
+	mov	$N[0],-24(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$N[1]
+
+	mulq	$m0			# ap[j]*bp[i]
+	add	%rax,$A[1]
+	mov	-8($np,$j,8),%rax
+	adc	\$0,%rdx
+	add	-8(%rsp,$j,8),$A[1]
+	adc	\$0,%rdx
+	lea	1($i),$i		# i++
+	mov	%rdx,$A[0]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[1]
+	mov	($ap),%rax		# ap[0]
+	adc	\$0,%rdx
+	add	$A[1],$N[1]
+	adc	\$0,%rdx
+	mov	$N[1],-16(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$N[0]
+
+	xor	$N[1],$N[1]
+	add	$A[0],$N[0]
+	adc	\$0,$N[1]
+	add	(%rsp,$num,8),$N[0]	# pull upmost overflow bit
+	adc	\$0,$N[1]
+	mov	$N[0],-8(%rsp,$j,8)
+	mov	$N[1],(%rsp,$j,8)	# store upmost overflow bit
+
+	cmp	$num,$i
+	jb	.Louter4x
+___
+{
+my @ri=("%rax","%rdx",$m0,$m1);
+$code.=<<___;
+	mov	16(%rsp,$num,8),$rp	# restore $rp
+	lea	-4($num),$j
+	mov	0(%rsp),@ri[0]		# tp[0]
+	mov	8(%rsp),@ri[1]		# tp[1]
+	shr	\$2,$j			# j=num/4-1
+	lea	(%rsp),$ap		# borrow ap for tp
+	xor	$i,$i			# i=0 and clear CF!
+
+	sub	0($np),@ri[0]
+	mov	16($ap),@ri[2]		# tp[2]
+	mov	24($ap),@ri[3]		# tp[3]
+	sbb	8($np),@ri[1]
+
+.Lsub4x:
+	mov	@ri[0],0($rp,$i,8)	# rp[i]=tp[i]-np[i]
+	mov	@ri[1],8($rp,$i,8)	# rp[i]=tp[i]-np[i]
+	sbb	16($np,$i,8),@ri[2]
+	mov	32($ap,$i,8),@ri[0]	# tp[i+1]
+	mov	40($ap,$i,8),@ri[1]
+	sbb	24($np,$i,8),@ri[3]
+	mov	@ri[2],16($rp,$i,8)	# rp[i]=tp[i]-np[i]
+	mov	@ri[3],24($rp,$i,8)	# rp[i]=tp[i]-np[i]
+	sbb	32($np,$i,8),@ri[0]
+	mov	48($ap,$i,8),@ri[2]
+	mov	56($ap,$i,8),@ri[3]
+	sbb	40($np,$i,8),@ri[1]
+	lea	4($i),$i		# i++
+	dec	$j			# doesn't affect CF!
+	jnz	.Lsub4x
+
+	mov	@ri[0],0($rp,$i,8)	# rp[i]=tp[i]-np[i]
+	mov	32($ap,$i,8),@ri[0]	# load overflow bit
+	sbb	16($np,$i,8),@ri[2]
+	mov	@ri[1],8($rp,$i,8)	# rp[i]=tp[i]-np[i]
+	sbb	24($np,$i,8),@ri[3]
+	mov	@ri[2],16($rp,$i,8)	# rp[i]=tp[i]-np[i]
+
+	sbb	\$0,@ri[0]		# handle upmost overflow bit
+	mov	@ri[3],24($rp,$i,8)	# rp[i]=tp[i]-np[i]
+	pxor	%xmm0,%xmm0
+	movq	@ri[0],%xmm4
+	pcmpeqd	%xmm5,%xmm5
+	pshufd	\$0,%xmm4,%xmm4
+	mov	$num,$j
+	pxor	%xmm4,%xmm5
+	shr	\$2,$j			# j=num/4
+	xor	%eax,%eax		# i=0
+
+	jmp	.Lcopy4x
+.align	16
+.Lcopy4x:				# conditional copy
+	movdqa	(%rsp,%rax),%xmm1
+	movdqu	($rp,%rax),%xmm2
+	pand	%xmm4,%xmm1
+	pand	%xmm5,%xmm2
+	movdqa	16(%rsp,%rax),%xmm3
+	movdqa	%xmm0,(%rsp,%rax)
+	por	%xmm2,%xmm1
+	movdqu	16($rp,%rax),%xmm2
+	movdqu	%xmm1,($rp,%rax)
+	pand	%xmm4,%xmm3
+	pand	%xmm5,%xmm2
+	movdqa	%xmm0,16(%rsp,%rax)
+	por	%xmm2,%xmm3
+	movdqu	%xmm3,16($rp,%rax)
+	lea	32(%rax),%rax
+	dec	$j
+	jnz	.Lcopy4x
+___
+}
+$code.=<<___;
+	mov	8(%rsp,$num,8),%rsi	# restore %rsp
+.cfi_def_cfa	%rsi, 8
+	mov	\$1,%rax
+	mov	-48(%rsi),%r15
+.cfi_restore	%r15
+	mov	-40(%rsi),%r14
+.cfi_restore	%r14
+	mov	-32(%rsi),%r13
+.cfi_restore	%r13
+	mov	-24(%rsi),%r12
+.cfi_restore	%r12
+	mov	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lmul4x_epilogue:
+	ret
+.cfi_endproc
+.size	bn_mul4x_mont,.-bn_mul4x_mont
+___
+}}}
+{{{
+######################################################################
+# void bn_sqr8x_mont(
+my $rptr="%rdi";	# const BN_ULONG *rptr,
+my $aptr="%rsi";	# const BN_ULONG *aptr,
+my $bptr="%rdx";	# not used
+my $nptr="%rcx";	# const BN_ULONG *nptr,
+my $n0  ="%r8";		# const BN_ULONG *n0);
+my $num ="%r9";		# int num, has to be divisible by 8
+
+my ($i,$j,$tptr)=("%rbp","%rcx",$rptr);
+my @A0=("%r10","%r11");
+my @A1=("%r12","%r13");
+my ($a0,$a1,$ai)=("%r14","%r15","%rbx");
+
+$code.=<<___	if ($addx);
+.extern	bn_sqrx8x_internal		# see x86_64-mont5 module
+___
+$code.=<<___;
+.extern	bn_sqr8x_internal		# see x86_64-mont5 module
+
+.type	bn_sqr8x_mont,\@function,6
+.align	32
+bn_sqr8x_mont:
+.cfi_startproc
+	mov	%rsp,%rax
+.cfi_def_cfa_register	%rax
+.Lsqr8x_enter:
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+.Lsqr8x_prologue:
+
+	mov	${num}d,%r10d
+	shl	\$3,${num}d		# convert $num to bytes
+	shl	\$3+2,%r10		# 4*$num
+	neg	$num
+
+	##############################################################
+	# ensure that stack frame doesn't alias with $aptr modulo
+	# 4096. this is done to allow memory disambiguation logic
+	# do its job.
+	#
+	lea	-64(%rsp,$num,2),%r11
+	mov	%rsp,%rbp
+	mov	($n0),$n0		# *n0
+	sub	$aptr,%r11
+	and	\$4095,%r11
+	cmp	%r11,%r10
+	jb	.Lsqr8x_sp_alt
+	sub	%r11,%rbp		# align with $aptr
+	lea	-64(%rbp,$num,2),%rbp	# future alloca(frame+2*$num)
+	jmp	.Lsqr8x_sp_done
+
+.align	32
+.Lsqr8x_sp_alt:
+	lea	4096-64(,$num,2),%r10	# 4096-frame-2*$num
+	lea	-64(%rbp,$num,2),%rbp	# future alloca(frame+2*$num)
+	sub	%r10,%r11
+	mov	\$0,%r10
+	cmovc	%r10,%r11
+	sub	%r11,%rbp
+.Lsqr8x_sp_done:
+	and	\$-64,%rbp
+	mov	%rsp,%r11
+	sub	%rbp,%r11
+	and	\$-4096,%r11
+	lea	(%rbp,%r11),%rsp
+	mov	(%rsp),%r10
+	cmp	%rbp,%rsp
+	ja	.Lsqr8x_page_walk
+	jmp	.Lsqr8x_page_walk_done
+
+.align	16
+.Lsqr8x_page_walk:
+	lea	-4096(%rsp),%rsp
+	mov	(%rsp),%r10
+	cmp	%rbp,%rsp
+	ja	.Lsqr8x_page_walk
+.Lsqr8x_page_walk_done:
+
+	mov	$num,%r10
+	neg	$num
+
+	mov	$n0,  32(%rsp)
+	mov	%rax, 40(%rsp)		# save original %rsp
+.cfi_cfa_expression	%rsp+40,deref,+8
+.Lsqr8x_body:
+
+	movq	$nptr, %xmm2		# save pointer to modulus
+	pxor	%xmm0,%xmm0
+	movq	$rptr,%xmm1		# save $rptr
+	movq	%r10, %xmm3		# -$num
+___
+$code.=<<___ if ($addx);
+	mov	OPENSSL_ia32cap_P+8(%rip),%eax
+	and	\$0x80100,%eax
+	cmp	\$0x80100,%eax
+	jne	.Lsqr8x_nox
+
+	call	bn_sqrx8x_internal	# see x86_64-mont5 module
+					# %rax	top-most carry
+					# %rbp	nptr
+					# %rcx	-8*num
+					# %r8	end of tp[2*num]
+	lea	(%r8,%rcx),%rbx
+	mov	%rcx,$num
+	mov	%rcx,%rdx
+	movq	%xmm1,$rptr
+	sar	\$3+2,%rcx		# %cf=0
+	jmp	.Lsqr8x_sub
+
+.align	32
+.Lsqr8x_nox:
+___
+$code.=<<___;
+	call	bn_sqr8x_internal	# see x86_64-mont5 module
+					# %rax	top-most carry
+					# %rbp	nptr
+					# %r8	-8*num
+					# %rdi	end of tp[2*num]
+	lea	(%rdi,$num),%rbx
+	mov	$num,%rcx
+	mov	$num,%rdx
+	movq	%xmm1,$rptr
+	sar	\$3+2,%rcx		# %cf=0
+	jmp	.Lsqr8x_sub
+
+.align	32
+.Lsqr8x_sub:
+	mov	8*0(%rbx),%r12
+	mov	8*1(%rbx),%r13
+	mov	8*2(%rbx),%r14
+	mov	8*3(%rbx),%r15
+	lea	8*4(%rbx),%rbx
+	sbb	8*0(%rbp),%r12
+	sbb	8*1(%rbp),%r13
+	sbb	8*2(%rbp),%r14
+	sbb	8*3(%rbp),%r15
+	lea	8*4(%rbp),%rbp
+	mov	%r12,8*0($rptr)
+	mov	%r13,8*1($rptr)
+	mov	%r14,8*2($rptr)
+	mov	%r15,8*3($rptr)
+	lea	8*4($rptr),$rptr
+	inc	%rcx			# preserves %cf
+	jnz	.Lsqr8x_sub
+
+	sbb	\$0,%rax		# top-most carry
+	lea	(%rbx,$num),%rbx	# rewind
+	lea	($rptr,$num),$rptr	# rewind
+
+	movq	%rax,%xmm1
+	pxor	%xmm0,%xmm0
+	pshufd	\$0,%xmm1,%xmm1
+	mov	40(%rsp),%rsi		# restore %rsp
+.cfi_def_cfa	%rsi,8
+	jmp	.Lsqr8x_cond_copy
+
+.align	32
+.Lsqr8x_cond_copy:
+	movdqa	16*0(%rbx),%xmm2
+	movdqa	16*1(%rbx),%xmm3
+	lea	16*2(%rbx),%rbx
+	movdqu	16*0($rptr),%xmm4
+	movdqu	16*1($rptr),%xmm5
+	lea	16*2($rptr),$rptr
+	movdqa	%xmm0,-16*2(%rbx)	# zero tp
+	movdqa	%xmm0,-16*1(%rbx)
+	movdqa	%xmm0,-16*2(%rbx,%rdx)
+	movdqa	%xmm0,-16*1(%rbx,%rdx)
+	pcmpeqd	%xmm1,%xmm0
+	pand	%xmm1,%xmm2
+	pand	%xmm1,%xmm3
+	pand	%xmm0,%xmm4
+	pand	%xmm0,%xmm5
+	pxor	%xmm0,%xmm0
+	por	%xmm2,%xmm4
+	por	%xmm3,%xmm5
+	movdqu	%xmm4,-16*2($rptr)
+	movdqu	%xmm5,-16*1($rptr)
+	add	\$32,$num
+	jnz	.Lsqr8x_cond_copy
+
+	mov	\$1,%rax
+	mov	-48(%rsi),%r15
+.cfi_restore	%r15
+	mov	-40(%rsi),%r14
+.cfi_restore	%r14
+	mov	-32(%rsi),%r13
+.cfi_restore	%r13
+	mov	-24(%rsi),%r12
+.cfi_restore	%r12
+	mov	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lsqr8x_epilogue:
+	ret
+.cfi_endproc
+.size	bn_sqr8x_mont,.-bn_sqr8x_mont
+___
+}}}
+
+if ($addx) {{{
+my $bp="%rdx";	# original value
+
+$code.=<<___;
+.type	bn_mulx4x_mont,\@function,6
+.align	32
+bn_mulx4x_mont:
+.cfi_startproc
+	mov	%rsp,%rax
+.cfi_def_cfa_register	%rax
+.Lmulx4x_enter:
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+.Lmulx4x_prologue:
+
+	shl	\$3,${num}d		# convert $num to bytes
+	xor	%r10,%r10
+	sub	$num,%r10		# -$num
+	mov	($n0),$n0		# *n0
+	lea	-72(%rsp,%r10),%rbp	# future alloca(frame+$num+8)
+	and	\$-128,%rbp
+	mov	%rsp,%r11
+	sub	%rbp,%r11
+	and	\$-4096,%r11
+	lea	(%rbp,%r11),%rsp
+	mov	(%rsp),%r10
+	cmp	%rbp,%rsp
+	ja	.Lmulx4x_page_walk
+	jmp	.Lmulx4x_page_walk_done
+
+.align	16
+.Lmulx4x_page_walk:
+	lea	-4096(%rsp),%rsp
+	mov	(%rsp),%r10
+	cmp	%rbp,%rsp
+	ja	.Lmulx4x_page_walk
+.Lmulx4x_page_walk_done:
+
+	lea	($bp,$num),%r10
+	##############################################################
+	# Stack layout
+	# +0	num
+	# +8	off-loaded &b[i]
+	# +16	end of b[num]
+	# +24	saved n0
+	# +32	saved rp
+	# +40	saved %rsp
+	# +48	inner counter
+	# +56
+	# +64	tmp[num+1]
+	#
+	mov	$num,0(%rsp)		# save $num
+	shr	\$5,$num
+	mov	%r10,16(%rsp)		# end of b[num]
+	sub	\$1,$num
+	mov	$n0, 24(%rsp)		# save *n0
+	mov	$rp, 32(%rsp)		# save $rp
+	mov	%rax,40(%rsp)		# save original %rsp
+.cfi_cfa_expression	%rsp+40,deref,+8
+	mov	$num,48(%rsp)		# inner counter
+	jmp	.Lmulx4x_body
+
+.align	32
+.Lmulx4x_body:
+___
+my ($aptr, $bptr, $nptr, $tptr, $mi,  $bi,  $zero, $num)=
+   ("%rsi","%rdi","%rcx","%rbx","%r8","%r9","%rbp","%rax");
+my $rptr=$bptr;
+$code.=<<___;
+	lea	8($bp),$bptr
+	mov	($bp),%rdx		# b[0], $bp==%rdx actually
+	lea	64+32(%rsp),$tptr
+	mov	%rdx,$bi
+
+	mulx	0*8($aptr),$mi,%rax	# a[0]*b[0]
+	mulx	1*8($aptr),%r11,%r14	# a[1]*b[0]
+	add	%rax,%r11
+	mov	$bptr,8(%rsp)		# off-load &b[i]
+	mulx	2*8($aptr),%r12,%r13	# ...
+	adc	%r14,%r12
+	adc	\$0,%r13
+
+	mov	$mi,$bptr		# borrow $bptr
+	imulq	24(%rsp),$mi		# "t[0]"*n0
+	xor	$zero,$zero		# cf=0, of=0
+
+	mulx	3*8($aptr),%rax,%r14
+	 mov	$mi,%rdx
+	lea	4*8($aptr),$aptr
+	adcx	%rax,%r13
+	adcx	$zero,%r14		# cf=0
+
+	mulx	0*8($nptr),%rax,%r10
+	adcx	%rax,$bptr		# discarded
+	adox	%r11,%r10
+	mulx	1*8($nptr),%rax,%r11
+	adcx	%rax,%r10
+	adox	%r12,%r11
+	.byte	0xc4,0x62,0xfb,0xf6,0xa1,0x10,0x00,0x00,0x00	# mulx	2*8($nptr),%rax,%r12
+	mov	48(%rsp),$bptr		# counter value
+	mov	%r10,-4*8($tptr)
+	adcx	%rax,%r11
+	adox	%r13,%r12
+	mulx	3*8($nptr),%rax,%r15
+	 mov	$bi,%rdx
+	mov	%r11,-3*8($tptr)
+	adcx	%rax,%r12
+	adox	$zero,%r15		# of=0
+	lea	4*8($nptr),$nptr
+	mov	%r12,-2*8($tptr)
+
+	jmp	.Lmulx4x_1st
+
+.align	32
+.Lmulx4x_1st:
+	adcx	$zero,%r15		# cf=0, modulo-scheduled
+	mulx	0*8($aptr),%r10,%rax	# a[4]*b[0]
+	adcx	%r14,%r10
+	mulx	1*8($aptr),%r11,%r14	# a[5]*b[0]
+	adcx	%rax,%r11
+	mulx	2*8($aptr),%r12,%rax	# ...
+	adcx	%r14,%r12
+	mulx	3*8($aptr),%r13,%r14
+	 .byte	0x67,0x67
+	 mov	$mi,%rdx
+	adcx	%rax,%r13
+	adcx	$zero,%r14		# cf=0
+	lea	4*8($aptr),$aptr
+	lea	4*8($tptr),$tptr
+
+	adox	%r15,%r10
+	mulx	0*8($nptr),%rax,%r15
+	adcx	%rax,%r10
+	adox	%r15,%r11
+	mulx	1*8($nptr),%rax,%r15
+	adcx	%rax,%r11
+	adox	%r15,%r12
+	mulx	2*8($nptr),%rax,%r15
+	mov	%r10,-5*8($tptr)
+	adcx	%rax,%r12
+	mov	%r11,-4*8($tptr)
+	adox	%r15,%r13
+	mulx	3*8($nptr),%rax,%r15
+	 mov	$bi,%rdx
+	mov	%r12,-3*8($tptr)
+	adcx	%rax,%r13
+	adox	$zero,%r15
+	lea	4*8($nptr),$nptr
+	mov	%r13,-2*8($tptr)
+
+	dec	$bptr			# of=0, pass cf
+	jnz	.Lmulx4x_1st
+
+	mov	0(%rsp),$num		# load num
+	mov	8(%rsp),$bptr		# re-load &b[i]
+	adc	$zero,%r15		# modulo-scheduled
+	add	%r15,%r14
+	sbb	%r15,%r15		# top-most carry
+	mov	%r14,-1*8($tptr)
+	jmp	.Lmulx4x_outer
+
+.align	32
+.Lmulx4x_outer:
+	mov	($bptr),%rdx		# b[i]
+	lea	8($bptr),$bptr		# b++
+	sub	$num,$aptr		# rewind $aptr
+	mov	%r15,($tptr)		# save top-most carry
+	lea	64+4*8(%rsp),$tptr
+	sub	$num,$nptr		# rewind $nptr
+
+	mulx	0*8($aptr),$mi,%r11	# a[0]*b[i]
+	xor	%ebp,%ebp		# xor	$zero,$zero	# cf=0, of=0
+	mov	%rdx,$bi
+	mulx	1*8($aptr),%r14,%r12	# a[1]*b[i]
+	adox	-4*8($tptr),$mi
+	adcx	%r14,%r11
+	mulx	2*8($aptr),%r15,%r13	# ...
+	adox	-3*8($tptr),%r11
+	adcx	%r15,%r12
+	adox	-2*8($tptr),%r12
+	adcx	$zero,%r13
+	adox	$zero,%r13
+
+	mov	$bptr,8(%rsp)		# off-load &b[i]
+	mov	$mi,%r15
+	imulq	24(%rsp),$mi		# "t[0]"*n0
+	xor	%ebp,%ebp		# xor	$zero,$zero	# cf=0, of=0
+
+	mulx	3*8($aptr),%rax,%r14
+	 mov	$mi,%rdx
+	adcx	%rax,%r13
+	adox	-1*8($tptr),%r13
+	adcx	$zero,%r14
+	lea	4*8($aptr),$aptr
+	adox	$zero,%r14
+
+	mulx	0*8($nptr),%rax,%r10
+	adcx	%rax,%r15		# discarded
+	adox	%r11,%r10
+	mulx	1*8($nptr),%rax,%r11
+	adcx	%rax,%r10
+	adox	%r12,%r11
+	mulx	2*8($nptr),%rax,%r12
+	mov	%r10,-4*8($tptr)
+	adcx	%rax,%r11
+	adox	%r13,%r12
+	mulx	3*8($nptr),%rax,%r15
+	 mov	$bi,%rdx
+	mov	%r11,-3*8($tptr)
+	lea	4*8($nptr),$nptr
+	adcx	%rax,%r12
+	adox	$zero,%r15		# of=0
+	mov	48(%rsp),$bptr		# counter value
+	mov	%r12,-2*8($tptr)
+
+	jmp	.Lmulx4x_inner
+
+.align	32
+.Lmulx4x_inner:
+	mulx	0*8($aptr),%r10,%rax	# a[4]*b[i]
+	adcx	$zero,%r15		# cf=0, modulo-scheduled
+	adox	%r14,%r10
+	mulx	1*8($aptr),%r11,%r14	# a[5]*b[i]
+	adcx	0*8($tptr),%r10
+	adox	%rax,%r11
+	mulx	2*8($aptr),%r12,%rax	# ...
+	adcx	1*8($tptr),%r11
+	adox	%r14,%r12
+	mulx	3*8($aptr),%r13,%r14
+	 mov	$mi,%rdx
+	adcx	2*8($tptr),%r12
+	adox	%rax,%r13
+	adcx	3*8($tptr),%r13
+	adox	$zero,%r14		# of=0
+	lea	4*8($aptr),$aptr
+	lea	4*8($tptr),$tptr
+	adcx	$zero,%r14		# cf=0
+
+	adox	%r15,%r10
+	mulx	0*8($nptr),%rax,%r15
+	adcx	%rax,%r10
+	adox	%r15,%r11
+	mulx	1*8($nptr),%rax,%r15
+	adcx	%rax,%r11
+	adox	%r15,%r12
+	mulx	2*8($nptr),%rax,%r15
+	mov	%r10,-5*8($tptr)
+	adcx	%rax,%r12
+	adox	%r15,%r13
+	mulx	3*8($nptr),%rax,%r15
+	 mov	$bi,%rdx
+	mov	%r11,-4*8($tptr)
+	mov	%r12,-3*8($tptr)
+	adcx	%rax,%r13
+	adox	$zero,%r15
+	lea	4*8($nptr),$nptr
+	mov	%r13,-2*8($tptr)
+
+	dec	$bptr			# of=0, pass cf
+	jnz	.Lmulx4x_inner
+
+	mov	0(%rsp),$num		# load num
+	mov	8(%rsp),$bptr		# re-load &b[i]
+	adc	$zero,%r15		# modulo-scheduled
+	sub	0*8($tptr),$zero	# pull top-most carry
+	adc	%r15,%r14
+	sbb	%r15,%r15		# top-most carry
+	mov	%r14,-1*8($tptr)
+
+	cmp	16(%rsp),$bptr
+	jne	.Lmulx4x_outer
+
+	lea	64(%rsp),$tptr
+	sub	$num,$nptr		# rewind $nptr
+	neg	%r15
+	mov	$num,%rdx
+	shr	\$3+2,$num		# %cf=0
+	mov	32(%rsp),$rptr		# restore rp
+	jmp	.Lmulx4x_sub
+
+.align	32
+.Lmulx4x_sub:
+	mov	8*0($tptr),%r11
+	mov	8*1($tptr),%r12
+	mov	8*2($tptr),%r13
+	mov	8*3($tptr),%r14
+	lea	8*4($tptr),$tptr
+	sbb	8*0($nptr),%r11
+	sbb	8*1($nptr),%r12
+	sbb	8*2($nptr),%r13
+	sbb	8*3($nptr),%r14
+	lea	8*4($nptr),$nptr
+	mov	%r11,8*0($rptr)
+	mov	%r12,8*1($rptr)
+	mov	%r13,8*2($rptr)
+	mov	%r14,8*3($rptr)
+	lea	8*4($rptr),$rptr
+	dec	$num			# preserves %cf
+	jnz	.Lmulx4x_sub
+
+	sbb	\$0,%r15		# top-most carry
+	lea	64(%rsp),$tptr
+	sub	%rdx,$rptr		# rewind
+
+	movq	%r15,%xmm1
+	pxor	%xmm0,%xmm0
+	pshufd	\$0,%xmm1,%xmm1
+	mov	40(%rsp),%rsi		# restore %rsp
+.cfi_def_cfa	%rsi,8
+	jmp	.Lmulx4x_cond_copy
+
+.align	32
+.Lmulx4x_cond_copy:
+	movdqa	16*0($tptr),%xmm2
+	movdqa	16*1($tptr),%xmm3
+	lea	16*2($tptr),$tptr
+	movdqu	16*0($rptr),%xmm4
+	movdqu	16*1($rptr),%xmm5
+	lea	16*2($rptr),$rptr
+	movdqa	%xmm0,-16*2($tptr)	# zero tp
+	movdqa	%xmm0,-16*1($tptr)
+	pcmpeqd	%xmm1,%xmm0
+	pand	%xmm1,%xmm2
+	pand	%xmm1,%xmm3
+	pand	%xmm0,%xmm4
+	pand	%xmm0,%xmm5
+	pxor	%xmm0,%xmm0
+	por	%xmm2,%xmm4
+	por	%xmm3,%xmm5
+	movdqu	%xmm4,-16*2($rptr)
+	movdqu	%xmm5,-16*1($rptr)
+	sub	\$32,%rdx
+	jnz	.Lmulx4x_cond_copy
+
+	mov	%rdx,($tptr)
+
+	mov	\$1,%rax
+	mov	-48(%rsi),%r15
+.cfi_restore	%r15
+	mov	-40(%rsi),%r14
+.cfi_restore	%r14
+	mov	-32(%rsi),%r13
+.cfi_restore	%r13
+	mov	-24(%rsi),%r12
+.cfi_restore	%r12
+	mov	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lmulx4x_epilogue:
+	ret
+.cfi_endproc
+.size	bn_mulx4x_mont,.-bn_mulx4x_mont
+___
+}}}
+$code.=<<___;
+.asciz	"Montgomery Multiplication for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+.align	16
+___
+
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern	__imp_RtlVirtualUnwind
+.type	mul_handler,\@abi-omnipotent
+.align	16
+mul_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# end of prologue label
+	cmp	%r10,%rbx		# context->Rip<end of prologue label
+	jb	.Lcommon_seh_tail
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lcommon_seh_tail
+
+	mov	192($context),%r10	# pull $num
+	mov	8(%rax,%r10,8),%rax	# pull saved stack pointer
+
+	jmp	.Lcommon_pop_regs
+.size	mul_handler,.-mul_handler
+
+.type	sqr_handler,\@abi-omnipotent
+.align	16
+sqr_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# end of prologue label
+	cmp	%r10,%rbx		# context->Rip<.Lsqr_prologue
+	jb	.Lcommon_seh_tail
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# body label
+	cmp	%r10,%rbx		# context->Rip<.Lsqr_body
+	jb	.Lcommon_pop_regs
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	8(%r11),%r10d		# HandlerData[2]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=.Lsqr_epilogue
+	jae	.Lcommon_seh_tail
+
+	mov	40(%rax),%rax		# pull saved stack pointer
+
+.Lcommon_pop_regs:
+	mov	-8(%rax),%rbx
+	mov	-16(%rax),%rbp
+	mov	-24(%rax),%r12
+	mov	-32(%rax),%r13
+	mov	-40(%rax),%r14
+	mov	-48(%rax),%r15
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+	mov	%r14,232($context)	# restore context->R14
+	mov	%r15,240($context)	# restore context->R15
+
+.Lcommon_seh_tail:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$154,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	sqr_handler,.-sqr_handler
+
+.section	.pdata
+.align	4
+	.rva	.LSEH_begin_bn_mul_mont
+	.rva	.LSEH_end_bn_mul_mont
+	.rva	.LSEH_info_bn_mul_mont
+
+	.rva	.LSEH_begin_bn_mul4x_mont
+	.rva	.LSEH_end_bn_mul4x_mont
+	.rva	.LSEH_info_bn_mul4x_mont
+
+	.rva	.LSEH_begin_bn_sqr8x_mont
+	.rva	.LSEH_end_bn_sqr8x_mont
+	.rva	.LSEH_info_bn_sqr8x_mont
+___
+$code.=<<___ if ($addx);
+	.rva	.LSEH_begin_bn_mulx4x_mont
+	.rva	.LSEH_end_bn_mulx4x_mont
+	.rva	.LSEH_info_bn_mulx4x_mont
+___
+$code.=<<___;
+.section	.xdata
+.align	8
+.LSEH_info_bn_mul_mont:
+	.byte	9,0,0,0
+	.rva	mul_handler
+	.rva	.Lmul_body,.Lmul_epilogue	# HandlerData[]
+.LSEH_info_bn_mul4x_mont:
+	.byte	9,0,0,0
+	.rva	mul_handler
+	.rva	.Lmul4x_body,.Lmul4x_epilogue	# HandlerData[]
+.LSEH_info_bn_sqr8x_mont:
+	.byte	9,0,0,0
+	.rva	sqr_handler
+	.rva	.Lsqr8x_prologue,.Lsqr8x_body,.Lsqr8x_epilogue		# HandlerData[]
+.align	8
+___
+$code.=<<___ if ($addx);
+.LSEH_info_bn_mulx4x_mont:
+	.byte	9,0,0,0
+	.rva	sqr_handler
+	.rva	.Lmulx4x_prologue,.Lmulx4x_body,.Lmulx4x_epilogue	# HandlerData[]
+.align	8
+___
+}
+
+print $code;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/x86_64-mont5.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/x86_64-mont5.pl
new file mode 100755
index 000000000..f43e13d11
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/x86_64-mont5.pl
@@ -0,0 +1,3945 @@
+#! /usr/bin/env perl
+# Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# August 2011.
+#
+# Companion to x86_64-mont.pl that optimizes cache-timing attack
+# countermeasures. The subroutines are produced by replacing bp[i]
+# references in their x86_64-mont.pl counterparts with cache-neutral
+# references to powers table computed in BN_mod_exp_mont_consttime.
+# In addition subroutine that scatters elements of the powers table
+# is implemented, so that scatter-/gathering can be tuned without
+# bn_exp.c modifications.
+
+# August 2013.
+#
+# Add MULX/AD*X code paths and additional interfaces to optimize for
+# branch prediction unit. For input lengths that are multiples of 8
+# the np argument is not just modulus value, but one interleaved
+# with 0. This is to optimize post-condition...
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+		=~ /GNU assembler version ([2-9]\.[0-9]+)/) {
+	$addx = ($1>=2.23);
+}
+
+if (!$addx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
+	    `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
+	$addx = ($1>=2.10);
+}
+
+if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
+	    `ml64 2>&1` =~ /Version ([0-9]+)\./) {
+	$addx = ($1>=12);
+}
+
+if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) {
+	my $ver = $2 + $3/100.0;	# 3.1->3.01, 3.10->3.10
+	$addx = ($ver>=3.03);
+}
+
+# int bn_mul_mont_gather5(
+$rp="%rdi";	# BN_ULONG *rp,
+$ap="%rsi";	# const BN_ULONG *ap,
+$bp="%rdx";	# const BN_ULONG *bp,
+$np="%rcx";	# const BN_ULONG *np,
+$n0="%r8";	# const BN_ULONG *n0,
+$num="%r9";	# int num,
+		# int idx);	# 0 to 2^5-1, "index" in $bp holding
+				# pre-computed powers of a', interlaced
+				# in such manner that b[0] is $bp[idx],
+				# b[1] is [2^5+idx], etc.
+$lo0="%r10";
+$hi0="%r11";
+$hi1="%r13";
+$i="%r14";
+$j="%r15";
+$m0="%rbx";
+$m1="%rbp";
+
+$code=<<___;
+.text
+
+.extern	OPENSSL_ia32cap_P
+
+.globl	bn_mul_mont_gather5
+.type	bn_mul_mont_gather5,\@function,6
+.align	64
+bn_mul_mont_gather5:
+.cfi_startproc
+	mov	${num}d,${num}d
+	mov	%rsp,%rax
+.cfi_def_cfa_register	%rax
+	test	\$7,${num}d
+	jnz	.Lmul_enter
+___
+$code.=<<___ if ($addx);
+	mov	OPENSSL_ia32cap_P+8(%rip),%r11d
+___
+$code.=<<___;
+	jmp	.Lmul4x_enter
+
+.align	16
+.Lmul_enter:
+	movd	`($win64?56:8)`(%rsp),%xmm5	# load 7th argument
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+
+	neg	$num
+	mov	%rsp,%r11
+	lea	-280(%rsp,$num,8),%r10	# future alloca(8*(num+2)+256+8)
+	neg	$num			# restore $num
+	and	\$-1024,%r10		# minimize TLB usage
+
+	# An OS-agnostic version of __chkstk.
+	#
+	# Some OSes (Windows) insist on stack being "wired" to
+	# physical memory in strictly sequential manner, i.e. if stack
+	# allocation spans two pages, then reference to farmost one can
+	# be punishable by SEGV. But page walking can do good even on
+	# other OSes, because it guarantees that villain thread hits
+	# the guard page before it can make damage to innocent one...
+	sub	%r10,%r11
+	and	\$-4096,%r11
+	lea	(%r10,%r11),%rsp
+	mov	(%rsp),%r11
+	cmp	%r10,%rsp
+	ja	.Lmul_page_walk
+	jmp	.Lmul_page_walk_done
+
+.Lmul_page_walk:
+	lea	-4096(%rsp),%rsp
+	mov	(%rsp),%r11
+	cmp	%r10,%rsp
+	ja	.Lmul_page_walk
+.Lmul_page_walk_done:
+
+	lea	.Linc(%rip),%r10
+	mov	%rax,8(%rsp,$num,8)	# tp[num+1]=%rsp
+.cfi_cfa_expression	%rsp+8,$num,8,mul,plus,deref,+8
+.Lmul_body:
+
+	lea	128($bp),%r12		# reassign $bp (+size optimization)
+___
+		$bp="%r12";
+		$STRIDE=2**5*8;		# 5 is "window size"
+		$N=$STRIDE/4;		# should match cache line size
+$code.=<<___;
+	movdqa	0(%r10),%xmm0		# 00000001000000010000000000000000
+	movdqa	16(%r10),%xmm1		# 00000002000000020000000200000002
+	lea	24-112(%rsp,$num,8),%r10# place the mask after tp[num+3] (+ICache optimization)
+	and	\$-16,%r10
+
+	pshufd	\$0,%xmm5,%xmm5		# broadcast index
+	movdqa	%xmm1,%xmm4
+	movdqa	%xmm1,%xmm2
+___
+########################################################################
+# calculate mask by comparing 0..31 to index and save result to stack
+#
+$code.=<<___;
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm5,%xmm0		# compare to 1,0
+	.byte	0x67
+	movdqa	%xmm4,%xmm3
+___
+for($k=0;$k<$STRIDE/16-4;$k+=4) {
+$code.=<<___;
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm5,%xmm1		# compare to 3,2
+	movdqa	%xmm0,`16*($k+0)+112`(%r10)
+	movdqa	%xmm4,%xmm0
+
+	paddd	%xmm2,%xmm3
+	pcmpeqd	%xmm5,%xmm2		# compare to 5,4
+	movdqa	%xmm1,`16*($k+1)+112`(%r10)
+	movdqa	%xmm4,%xmm1
+
+	paddd	%xmm3,%xmm0
+	pcmpeqd	%xmm5,%xmm3		# compare to 7,6
+	movdqa	%xmm2,`16*($k+2)+112`(%r10)
+	movdqa	%xmm4,%xmm2
+
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm5,%xmm0
+	movdqa	%xmm3,`16*($k+3)+112`(%r10)
+	movdqa	%xmm4,%xmm3
+___
+}
+$code.=<<___;				# last iteration can be optimized
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm5,%xmm1
+	movdqa	%xmm0,`16*($k+0)+112`(%r10)
+
+	paddd	%xmm2,%xmm3
+	.byte	0x67
+	pcmpeqd	%xmm5,%xmm2
+	movdqa	%xmm1,`16*($k+1)+112`(%r10)
+
+	pcmpeqd	%xmm5,%xmm3
+	movdqa	%xmm2,`16*($k+2)+112`(%r10)
+	pand	`16*($k+0)-128`($bp),%xmm0	# while it's still in register
+
+	pand	`16*($k+1)-128`($bp),%xmm1
+	pand	`16*($k+2)-128`($bp),%xmm2
+	movdqa	%xmm3,`16*($k+3)+112`(%r10)
+	pand	`16*($k+3)-128`($bp),%xmm3
+	por	%xmm2,%xmm0
+	por	%xmm3,%xmm1
+___
+for($k=0;$k<$STRIDE/16-4;$k+=4) {
+$code.=<<___;
+	movdqa	`16*($k+0)-128`($bp),%xmm4
+	movdqa	`16*($k+1)-128`($bp),%xmm5
+	movdqa	`16*($k+2)-128`($bp),%xmm2
+	pand	`16*($k+0)+112`(%r10),%xmm4
+	movdqa	`16*($k+3)-128`($bp),%xmm3
+	pand	`16*($k+1)+112`(%r10),%xmm5
+	por	%xmm4,%xmm0
+	pand	`16*($k+2)+112`(%r10),%xmm2
+	por	%xmm5,%xmm1
+	pand	`16*($k+3)+112`(%r10),%xmm3
+	por	%xmm2,%xmm0
+	por	%xmm3,%xmm1
+___
+}
+$code.=<<___;
+	por	%xmm1,%xmm0
+	pshufd	\$0x4e,%xmm0,%xmm1
+	por	%xmm1,%xmm0
+	lea	$STRIDE($bp),$bp
+	movq	%xmm0,$m0		# m0=bp[0]
+
+	mov	($n0),$n0		# pull n0[0] value
+	mov	($ap),%rax
+
+	xor	$i,$i			# i=0
+	xor	$j,$j			# j=0
+
+	mov	$n0,$m1
+	mulq	$m0			# ap[0]*bp[0]
+	mov	%rax,$lo0
+	mov	($np),%rax
+
+	imulq	$lo0,$m1		# "tp[0]"*n0
+	mov	%rdx,$hi0
+
+	mulq	$m1			# np[0]*m1
+	add	%rax,$lo0		# discarded
+	mov	8($ap),%rax
+	adc	\$0,%rdx
+	mov	%rdx,$hi1
+
+	lea	1($j),$j		# j++
+	jmp	.L1st_enter
+
+.align	16
+.L1st:
+	add	%rax,$hi1
+	mov	($ap,$j,8),%rax
+	adc	\$0,%rdx
+	add	$hi0,$hi1		# np[j]*m1+ap[j]*bp[0]
+	mov	$lo0,$hi0
+	adc	\$0,%rdx
+	mov	$hi1,-16(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$hi1
+
+.L1st_enter:
+	mulq	$m0			# ap[j]*bp[0]
+	add	%rax,$hi0
+	mov	($np,$j,8),%rax
+	adc	\$0,%rdx
+	lea	1($j),$j		# j++
+	mov	%rdx,$lo0
+
+	mulq	$m1			# np[j]*m1
+	cmp	$num,$j
+	jne	.L1st			# note that upon exit $j==$num, so
+					# they can be used interchangeably
+
+	add	%rax,$hi1
+	adc	\$0,%rdx
+	add	$hi0,$hi1		# np[j]*m1+ap[j]*bp[0]
+	adc	\$0,%rdx
+	mov	$hi1,-16(%rsp,$num,8)	# tp[num-1]
+	mov	%rdx,$hi1
+	mov	$lo0,$hi0
+
+	xor	%rdx,%rdx
+	add	$hi0,$hi1
+	adc	\$0,%rdx
+	mov	$hi1,-8(%rsp,$num,8)
+	mov	%rdx,(%rsp,$num,8)	# store upmost overflow bit
+
+	lea	1($i),$i		# i++
+	jmp	.Louter
+.align	16
+.Louter:
+	lea	24+128(%rsp,$num,8),%rdx	# where 256-byte mask is (+size optimization)
+	and	\$-16,%rdx
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+___
+for($k=0;$k<$STRIDE/16;$k+=4) {
+$code.=<<___;
+	movdqa	`16*($k+0)-128`($bp),%xmm0
+	movdqa	`16*($k+1)-128`($bp),%xmm1
+	movdqa	`16*($k+2)-128`($bp),%xmm2
+	movdqa	`16*($k+3)-128`($bp),%xmm3
+	pand	`16*($k+0)-128`(%rdx),%xmm0
+	pand	`16*($k+1)-128`(%rdx),%xmm1
+	por	%xmm0,%xmm4
+	pand	`16*($k+2)-128`(%rdx),%xmm2
+	por	%xmm1,%xmm5
+	pand	`16*($k+3)-128`(%rdx),%xmm3
+	por	%xmm2,%xmm4
+	por	%xmm3,%xmm5
+___
+}
+$code.=<<___;
+	por	%xmm5,%xmm4
+	pshufd	\$0x4e,%xmm4,%xmm0
+	por	%xmm4,%xmm0
+	lea	$STRIDE($bp),$bp
+
+	mov	($ap),%rax		# ap[0]
+	movq	%xmm0,$m0		# m0=bp[i]
+
+	xor	$j,$j			# j=0
+	mov	$n0,$m1
+	mov	(%rsp),$lo0
+
+	mulq	$m0			# ap[0]*bp[i]
+	add	%rax,$lo0		# ap[0]*bp[i]+tp[0]
+	mov	($np),%rax
+	adc	\$0,%rdx
+
+	imulq	$lo0,$m1		# tp[0]*n0
+	mov	%rdx,$hi0
+
+	mulq	$m1			# np[0]*m1
+	add	%rax,$lo0		# discarded
+	mov	8($ap),%rax
+	adc	\$0,%rdx
+	mov	8(%rsp),$lo0		# tp[1]
+	mov	%rdx,$hi1
+
+	lea	1($j),$j		# j++
+	jmp	.Linner_enter
+
+.align	16
+.Linner:
+	add	%rax,$hi1
+	mov	($ap,$j,8),%rax
+	adc	\$0,%rdx
+	add	$lo0,$hi1		# np[j]*m1+ap[j]*bp[i]+tp[j]
+	mov	(%rsp,$j,8),$lo0
+	adc	\$0,%rdx
+	mov	$hi1,-16(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$hi1
+
+.Linner_enter:
+	mulq	$m0			# ap[j]*bp[i]
+	add	%rax,$hi0
+	mov	($np,$j,8),%rax
+	adc	\$0,%rdx
+	add	$hi0,$lo0		# ap[j]*bp[i]+tp[j]
+	mov	%rdx,$hi0
+	adc	\$0,$hi0
+	lea	1($j),$j		# j++
+
+	mulq	$m1			# np[j]*m1
+	cmp	$num,$j
+	jne	.Linner			# note that upon exit $j==$num, so
+					# they can be used interchangeably
+	add	%rax,$hi1
+	adc	\$0,%rdx
+	add	$lo0,$hi1		# np[j]*m1+ap[j]*bp[i]+tp[j]
+	mov	(%rsp,$num,8),$lo0
+	adc	\$0,%rdx
+	mov	$hi1,-16(%rsp,$num,8)	# tp[num-1]
+	mov	%rdx,$hi1
+
+	xor	%rdx,%rdx
+	add	$hi0,$hi1
+	adc	\$0,%rdx
+	add	$lo0,$hi1		# pull upmost overflow bit
+	adc	\$0,%rdx
+	mov	$hi1,-8(%rsp,$num,8)
+	mov	%rdx,(%rsp,$num,8)	# store upmost overflow bit
+
+	lea	1($i),$i		# i++
+	cmp	$num,$i
+	jb	.Louter
+
+	xor	$i,$i			# i=0 and clear CF!
+	mov	(%rsp),%rax		# tp[0]
+	lea	(%rsp),$ap		# borrow ap for tp
+	mov	$num,$j			# j=num
+	jmp	.Lsub
+.align	16
+.Lsub:	sbb	($np,$i,8),%rax
+	mov	%rax,($rp,$i,8)		# rp[i]=tp[i]-np[i]
+	mov	8($ap,$i,8),%rax	# tp[i+1]
+	lea	1($i),$i		# i++
+	dec	$j			# doesn't affect CF!
+	jnz	.Lsub
+
+	sbb	\$0,%rax		# handle upmost overflow bit
+	mov	\$-1,%rbx
+	xor	%rax,%rbx
+	xor	$i,$i
+	mov	$num,$j			# j=num
+
+.Lcopy:					# conditional copy
+	mov	($rp,$i,8),%rcx
+	mov	(%rsp,$i,8),%rdx
+	and	%rbx,%rcx
+	and	%rax,%rdx
+	mov	$i,(%rsp,$i,8)		# zap temporary vector
+	or	%rcx,%rdx
+	mov	%rdx,($rp,$i,8)		# rp[i]=tp[i]
+	lea	1($i),$i
+	sub	\$1,$j
+	jnz	.Lcopy
+
+	mov	8(%rsp,$num,8),%rsi	# restore %rsp
+.cfi_def_cfa	%rsi,8
+	mov	\$1,%rax
+
+	mov	-48(%rsi),%r15
+.cfi_restore	%r15
+	mov	-40(%rsi),%r14
+.cfi_restore	%r14
+	mov	-32(%rsi),%r13
+.cfi_restore	%r13
+	mov	-24(%rsi),%r12
+.cfi_restore	%r12
+	mov	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lmul_epilogue:
+	ret
+.cfi_endproc
+.size	bn_mul_mont_gather5,.-bn_mul_mont_gather5
+___
+{{{
+my @A=("%r10","%r11");
+my @N=("%r13","%rdi");
+$code.=<<___;
+.type	bn_mul4x_mont_gather5,\@function,6
+.align	32
+bn_mul4x_mont_gather5:
+.cfi_startproc
+	.byte	0x67
+	mov	%rsp,%rax
+.cfi_def_cfa_register	%rax
+.Lmul4x_enter:
+___
+$code.=<<___ if ($addx);
+	and	\$0x80108,%r11d
+	cmp	\$0x80108,%r11d		# check for AD*X+BMI2+BMI1
+	je	.Lmulx4x_enter
+___
+$code.=<<___;
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+.Lmul4x_prologue:
+
+	.byte	0x67
+	shl	\$3,${num}d		# convert $num to bytes
+	lea	($num,$num,2),%r10	# 3*$num in bytes
+	neg	$num			# -$num
+
+	##############################################################
+	# Ensure that stack frame doesn't alias with $rptr+3*$num
+	# modulo 4096, which covers ret[num], am[num] and n[num]
+	# (see bn_exp.c). This is done to allow memory disambiguation
+	# logic do its magic. [Extra [num] is allocated in order
+	# to align with bn_power5's frame, which is cleansed after
+	# completing exponentiation. Extra 256 bytes is for power mask
+	# calculated from 7th argument, the index.]
+	#
+	lea	-320(%rsp,$num,2),%r11
+	mov	%rsp,%rbp
+	sub	$rp,%r11
+	and	\$4095,%r11
+	cmp	%r11,%r10
+	jb	.Lmul4xsp_alt
+	sub	%r11,%rbp		# align with $rp
+	lea	-320(%rbp,$num,2),%rbp	# future alloca(frame+2*num*8+256)
+	jmp	.Lmul4xsp_done
+
+.align	32
+.Lmul4xsp_alt:
+	lea	4096-320(,$num,2),%r10
+	lea	-320(%rbp,$num,2),%rbp	# future alloca(frame+2*num*8+256)
+	sub	%r10,%r11
+	mov	\$0,%r10
+	cmovc	%r10,%r11
+	sub	%r11,%rbp
+.Lmul4xsp_done:
+	and	\$-64,%rbp
+	mov	%rsp,%r11
+	sub	%rbp,%r11
+	and	\$-4096,%r11
+	lea	(%rbp,%r11),%rsp
+	mov	(%rsp),%r10
+	cmp	%rbp,%rsp
+	ja	.Lmul4x_page_walk
+	jmp	.Lmul4x_page_walk_done
+
+.Lmul4x_page_walk:
+	lea	-4096(%rsp),%rsp
+	mov	(%rsp),%r10
+	cmp	%rbp,%rsp
+	ja	.Lmul4x_page_walk
+.Lmul4x_page_walk_done:
+
+	neg	$num
+
+	mov	%rax,40(%rsp)
+.cfi_cfa_expression	%rsp+40,deref,+8
+.Lmul4x_body:
+
+	call	mul4x_internal
+
+	mov	40(%rsp),%rsi		# restore %rsp
+.cfi_def_cfa	%rsi,8
+	mov	\$1,%rax
+
+	mov	-48(%rsi),%r15
+.cfi_restore	%r15
+	mov	-40(%rsi),%r14
+.cfi_restore	%r14
+	mov	-32(%rsi),%r13
+.cfi_restore	%r13
+	mov	-24(%rsi),%r12
+.cfi_restore	%r12
+	mov	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lmul4x_epilogue:
+	ret
+.cfi_endproc
+.size	bn_mul4x_mont_gather5,.-bn_mul4x_mont_gather5
+
+.type	mul4x_internal,\@abi-omnipotent
+.align	32
+mul4x_internal:
+	shl	\$5,$num		# $num was in bytes
+	movd	`($win64?56:8)`(%rax),%xmm5	# load 7th argument, index
+	lea	.Linc(%rip),%rax
+	lea	128(%rdx,$num),%r13	# end of powers table (+size optimization)
+	shr	\$5,$num		# restore $num
+___
+		$bp="%r12";
+		$STRIDE=2**5*8;		# 5 is "window size"
+		$N=$STRIDE/4;		# should match cache line size
+		$tp=$i;
+$code.=<<___;
+	movdqa	0(%rax),%xmm0		# 00000001000000010000000000000000
+	movdqa	16(%rax),%xmm1		# 00000002000000020000000200000002
+	lea	88-112(%rsp,$num),%r10	# place the mask after tp[num+1] (+ICache optimization)
+	lea	128(%rdx),$bp		# size optimization
+
+	pshufd	\$0,%xmm5,%xmm5		# broadcast index
+	movdqa	%xmm1,%xmm4
+	.byte	0x67,0x67
+	movdqa	%xmm1,%xmm2
+___
+########################################################################
+# calculate mask by comparing 0..31 to index and save result to stack
+#
+$code.=<<___;
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm5,%xmm0		# compare to 1,0
+	.byte	0x67
+	movdqa	%xmm4,%xmm3
+___
+for($i=0;$i<$STRIDE/16-4;$i+=4) {
+$code.=<<___;
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm5,%xmm1		# compare to 3,2
+	movdqa	%xmm0,`16*($i+0)+112`(%r10)
+	movdqa	%xmm4,%xmm0
+
+	paddd	%xmm2,%xmm3
+	pcmpeqd	%xmm5,%xmm2		# compare to 5,4
+	movdqa	%xmm1,`16*($i+1)+112`(%r10)
+	movdqa	%xmm4,%xmm1
+
+	paddd	%xmm3,%xmm0
+	pcmpeqd	%xmm5,%xmm3		# compare to 7,6
+	movdqa	%xmm2,`16*($i+2)+112`(%r10)
+	movdqa	%xmm4,%xmm2
+
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm5,%xmm0
+	movdqa	%xmm3,`16*($i+3)+112`(%r10)
+	movdqa	%xmm4,%xmm3
+___
+}
+$code.=<<___;				# last iteration can be optimized
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm5,%xmm1
+	movdqa	%xmm0,`16*($i+0)+112`(%r10)
+
+	paddd	%xmm2,%xmm3
+	.byte	0x67
+	pcmpeqd	%xmm5,%xmm2
+	movdqa	%xmm1,`16*($i+1)+112`(%r10)
+
+	pcmpeqd	%xmm5,%xmm3
+	movdqa	%xmm2,`16*($i+2)+112`(%r10)
+	pand	`16*($i+0)-128`($bp),%xmm0	# while it's still in register
+
+	pand	`16*($i+1)-128`($bp),%xmm1
+	pand	`16*($i+2)-128`($bp),%xmm2
+	movdqa	%xmm3,`16*($i+3)+112`(%r10)
+	pand	`16*($i+3)-128`($bp),%xmm3
+	por	%xmm2,%xmm0
+	por	%xmm3,%xmm1
+___
+for($i=0;$i<$STRIDE/16-4;$i+=4) {
+$code.=<<___;
+	movdqa	`16*($i+0)-128`($bp),%xmm4
+	movdqa	`16*($i+1)-128`($bp),%xmm5
+	movdqa	`16*($i+2)-128`($bp),%xmm2
+	pand	`16*($i+0)+112`(%r10),%xmm4
+	movdqa	`16*($i+3)-128`($bp),%xmm3
+	pand	`16*($i+1)+112`(%r10),%xmm5
+	por	%xmm4,%xmm0
+	pand	`16*($i+2)+112`(%r10),%xmm2
+	por	%xmm5,%xmm1
+	pand	`16*($i+3)+112`(%r10),%xmm3
+	por	%xmm2,%xmm0
+	por	%xmm3,%xmm1
+___
+}
+$code.=<<___;
+	por	%xmm1,%xmm0
+	pshufd	\$0x4e,%xmm0,%xmm1
+	por	%xmm1,%xmm0
+	lea	$STRIDE($bp),$bp
+	movq	%xmm0,$m0		# m0=bp[0]
+
+	mov	%r13,16+8(%rsp)		# save end of b[num]
+	mov	$rp, 56+8(%rsp)		# save $rp
+
+	mov	($n0),$n0		# pull n0[0] value
+	mov	($ap),%rax
+	lea	($ap,$num),$ap		# end of a[num]
+	neg	$num
+
+	mov	$n0,$m1
+	mulq	$m0			# ap[0]*bp[0]
+	mov	%rax,$A[0]
+	mov	($np),%rax
+
+	imulq	$A[0],$m1		# "tp[0]"*n0
+	lea	64+8(%rsp),$tp
+	mov	%rdx,$A[1]
+
+	mulq	$m1			# np[0]*m1
+	add	%rax,$A[0]		# discarded
+	mov	8($ap,$num),%rax
+	adc	\$0,%rdx
+	mov	%rdx,$N[1]
+
+	mulq	$m0
+	add	%rax,$A[1]
+	mov	8*1($np),%rax
+	adc	\$0,%rdx
+	mov	%rdx,$A[0]
+
+	mulq	$m1
+	add	%rax,$N[1]
+	mov	16($ap,$num),%rax
+	adc	\$0,%rdx
+	add	$A[1],$N[1]
+	lea	4*8($num),$j		# j=4
+	lea	8*4($np),$np
+	adc	\$0,%rdx
+	mov	$N[1],($tp)
+	mov	%rdx,$N[0]
+	jmp	.L1st4x
+
+.align	32
+.L1st4x:
+	mulq	$m0			# ap[j]*bp[0]
+	add	%rax,$A[0]
+	mov	-8*2($np),%rax
+	lea	32($tp),$tp
+	adc	\$0,%rdx
+	mov	%rdx,$A[1]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[0]
+	mov	-8($ap,$j),%rax
+	adc	\$0,%rdx
+	add	$A[0],$N[0]		# np[j]*m1+ap[j]*bp[0]
+	adc	\$0,%rdx
+	mov	$N[0],-24($tp)		# tp[j-1]
+	mov	%rdx,$N[1]
+
+	mulq	$m0			# ap[j]*bp[0]
+	add	%rax,$A[1]
+	mov	-8*1($np),%rax
+	adc	\$0,%rdx
+	mov	%rdx,$A[0]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[1]
+	mov	($ap,$j),%rax
+	adc	\$0,%rdx
+	add	$A[1],$N[1]		# np[j]*m1+ap[j]*bp[0]
+	adc	\$0,%rdx
+	mov	$N[1],-16($tp)		# tp[j-1]
+	mov	%rdx,$N[0]
+
+	mulq	$m0			# ap[j]*bp[0]
+	add	%rax,$A[0]
+	mov	8*0($np),%rax
+	adc	\$0,%rdx
+	mov	%rdx,$A[1]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[0]
+	mov	8($ap,$j),%rax
+	adc	\$0,%rdx
+	add	$A[0],$N[0]		# np[j]*m1+ap[j]*bp[0]
+	adc	\$0,%rdx
+	mov	$N[0],-8($tp)		# tp[j-1]
+	mov	%rdx,$N[1]
+
+	mulq	$m0			# ap[j]*bp[0]
+	add	%rax,$A[1]
+	mov	8*1($np),%rax
+	adc	\$0,%rdx
+	mov	%rdx,$A[0]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[1]
+	mov	16($ap,$j),%rax
+	adc	\$0,%rdx
+	add	$A[1],$N[1]		# np[j]*m1+ap[j]*bp[0]
+	lea	8*4($np),$np
+	adc	\$0,%rdx
+	mov	$N[1],($tp)		# tp[j-1]
+	mov	%rdx,$N[0]
+
+	add	\$32,$j			# j+=4
+	jnz	.L1st4x
+
+	mulq	$m0			# ap[j]*bp[0]
+	add	%rax,$A[0]
+	mov	-8*2($np),%rax
+	lea	32($tp),$tp
+	adc	\$0,%rdx
+	mov	%rdx,$A[1]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[0]
+	mov	-8($ap),%rax
+	adc	\$0,%rdx
+	add	$A[0],$N[0]		# np[j]*m1+ap[j]*bp[0]
+	adc	\$0,%rdx
+	mov	$N[0],-24($tp)		# tp[j-1]
+	mov	%rdx,$N[1]
+
+	mulq	$m0			# ap[j]*bp[0]
+	add	%rax,$A[1]
+	mov	-8*1($np),%rax
+	adc	\$0,%rdx
+	mov	%rdx,$A[0]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[1]
+	mov	($ap,$num),%rax		# ap[0]
+	adc	\$0,%rdx
+	add	$A[1],$N[1]		# np[j]*m1+ap[j]*bp[0]
+	adc	\$0,%rdx
+	mov	$N[1],-16($tp)		# tp[j-1]
+	mov	%rdx,$N[0]
+
+	lea	($np,$num),$np		# rewind $np
+
+	xor	$N[1],$N[1]
+	add	$A[0],$N[0]
+	adc	\$0,$N[1]
+	mov	$N[0],-8($tp)
+
+	jmp	.Louter4x
+
+.align	32
+.Louter4x:
+	lea	16+128($tp),%rdx	# where 256-byte mask is (+size optimization)
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+___
+for($i=0;$i<$STRIDE/16;$i+=4) {
+$code.=<<___;
+	movdqa	`16*($i+0)-128`($bp),%xmm0
+	movdqa	`16*($i+1)-128`($bp),%xmm1
+	movdqa	`16*($i+2)-128`($bp),%xmm2
+	movdqa	`16*($i+3)-128`($bp),%xmm3
+	pand	`16*($i+0)-128`(%rdx),%xmm0
+	pand	`16*($i+1)-128`(%rdx),%xmm1
+	por	%xmm0,%xmm4
+	pand	`16*($i+2)-128`(%rdx),%xmm2
+	por	%xmm1,%xmm5
+	pand	`16*($i+3)-128`(%rdx),%xmm3
+	por	%xmm2,%xmm4
+	por	%xmm3,%xmm5
+___
+}
+$code.=<<___;
+	por	%xmm5,%xmm4
+	pshufd	\$0x4e,%xmm4,%xmm0
+	por	%xmm4,%xmm0
+	lea	$STRIDE($bp),$bp
+	movq	%xmm0,$m0		# m0=bp[i]
+
+	mov	($tp,$num),$A[0]
+	mov	$n0,$m1
+	mulq	$m0			# ap[0]*bp[i]
+	add	%rax,$A[0]		# ap[0]*bp[i]+tp[0]
+	mov	($np),%rax
+	adc	\$0,%rdx
+
+	imulq	$A[0],$m1		# tp[0]*n0
+	mov	%rdx,$A[1]
+	mov	$N[1],($tp)		# store upmost overflow bit
+
+	lea	($tp,$num),$tp		# rewind $tp
+
+	mulq	$m1			# np[0]*m1
+	add	%rax,$A[0]		# "$N[0]", discarded
+	mov	8($ap,$num),%rax
+	adc	\$0,%rdx
+	mov	%rdx,$N[1]
+
+	mulq	$m0			# ap[j]*bp[i]
+	add	%rax,$A[1]
+	mov	8*1($np),%rax
+	adc	\$0,%rdx
+	add	8($tp),$A[1]		# +tp[1]
+	adc	\$0,%rdx
+	mov	%rdx,$A[0]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[1]
+	mov	16($ap,$num),%rax
+	adc	\$0,%rdx
+	add	$A[1],$N[1]		# np[j]*m1+ap[j]*bp[i]+tp[j]
+	lea	4*8($num),$j		# j=4
+	lea	8*4($np),$np
+	adc	\$0,%rdx
+	mov	%rdx,$N[0]
+	jmp	.Linner4x
+
+.align	32
+.Linner4x:
+	mulq	$m0			# ap[j]*bp[i]
+	add	%rax,$A[0]
+	mov	-8*2($np),%rax
+	adc	\$0,%rdx
+	add	16($tp),$A[0]		# ap[j]*bp[i]+tp[j]
+	lea	32($tp),$tp
+	adc	\$0,%rdx
+	mov	%rdx,$A[1]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[0]
+	mov	-8($ap,$j),%rax
+	adc	\$0,%rdx
+	add	$A[0],$N[0]
+	adc	\$0,%rdx
+	mov	$N[1],-32($tp)		# tp[j-1]
+	mov	%rdx,$N[1]
+
+	mulq	$m0			# ap[j]*bp[i]
+	add	%rax,$A[1]
+	mov	-8*1($np),%rax
+	adc	\$0,%rdx
+	add	-8($tp),$A[1]
+	adc	\$0,%rdx
+	mov	%rdx,$A[0]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[1]
+	mov	($ap,$j),%rax
+	adc	\$0,%rdx
+	add	$A[1],$N[1]
+	adc	\$0,%rdx
+	mov	$N[0],-24($tp)		# tp[j-1]
+	mov	%rdx,$N[0]
+
+	mulq	$m0			# ap[j]*bp[i]
+	add	%rax,$A[0]
+	mov	8*0($np),%rax
+	adc	\$0,%rdx
+	add	($tp),$A[0]		# ap[j]*bp[i]+tp[j]
+	adc	\$0,%rdx
+	mov	%rdx,$A[1]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[0]
+	mov	8($ap,$j),%rax
+	adc	\$0,%rdx
+	add	$A[0],$N[0]
+	adc	\$0,%rdx
+	mov	$N[1],-16($tp)		# tp[j-1]
+	mov	%rdx,$N[1]
+
+	mulq	$m0			# ap[j]*bp[i]
+	add	%rax,$A[1]
+	mov	8*1($np),%rax
+	adc	\$0,%rdx
+	add	8($tp),$A[1]
+	adc	\$0,%rdx
+	mov	%rdx,$A[0]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[1]
+	mov	16($ap,$j),%rax
+	adc	\$0,%rdx
+	add	$A[1],$N[1]
+	lea	8*4($np),$np
+	adc	\$0,%rdx
+	mov	$N[0],-8($tp)		# tp[j-1]
+	mov	%rdx,$N[0]
+
+	add	\$32,$j			# j+=4
+	jnz	.Linner4x
+
+	mulq	$m0			# ap[j]*bp[i]
+	add	%rax,$A[0]
+	mov	-8*2($np),%rax
+	adc	\$0,%rdx
+	add	16($tp),$A[0]		# ap[j]*bp[i]+tp[j]
+	lea	32($tp),$tp
+	adc	\$0,%rdx
+	mov	%rdx,$A[1]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[0]
+	mov	-8($ap),%rax
+	adc	\$0,%rdx
+	add	$A[0],$N[0]
+	adc	\$0,%rdx
+	mov	$N[1],-32($tp)		# tp[j-1]
+	mov	%rdx,$N[1]
+
+	mulq	$m0			# ap[j]*bp[i]
+	add	%rax,$A[1]
+	mov	$m1,%rax
+	mov	-8*1($np),$m1
+	adc	\$0,%rdx
+	add	-8($tp),$A[1]
+	adc	\$0,%rdx
+	mov	%rdx,$A[0]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[1]
+	mov	($ap,$num),%rax		# ap[0]
+	adc	\$0,%rdx
+	add	$A[1],$N[1]
+	adc	\$0,%rdx
+	mov	$N[0],-24($tp)		# tp[j-1]
+	mov	%rdx,$N[0]
+
+	mov	$N[1],-16($tp)		# tp[j-1]
+	lea	($np,$num),$np		# rewind $np
+
+	xor	$N[1],$N[1]
+	add	$A[0],$N[0]
+	adc	\$0,$N[1]
+	add	($tp),$N[0]		# pull upmost overflow bit
+	adc	\$0,$N[1]		# upmost overflow bit
+	mov	$N[0],-8($tp)
+
+	cmp	16+8(%rsp),$bp
+	jb	.Louter4x
+___
+if (1) {
+$code.=<<___;
+	xor	%rax,%rax
+	sub	$N[0],$m1		# compare top-most words
+	adc	$j,$j			# $j is zero
+	or	$j,$N[1]
+	sub	$N[1],%rax		# %rax=-$N[1]
+	lea	($tp,$num),%rbx		# tptr in .sqr4x_sub
+	mov	($np),%r12
+	lea	($np),%rbp		# nptr in .sqr4x_sub
+	mov	%r9,%rcx
+	sar	\$3+2,%rcx
+	mov	56+8(%rsp),%rdi		# rptr in .sqr4x_sub
+	dec	%r12			# so that after 'not' we get -n[0]
+	xor	%r10,%r10
+	mov	8*1(%rbp),%r13
+	mov	8*2(%rbp),%r14
+	mov	8*3(%rbp),%r15
+	jmp	.Lsqr4x_sub_entry
+___
+} else {
+my @ri=("%rax",$bp,$m0,$m1);
+my $rp="%rdx";
+$code.=<<___
+	xor	\$1,$N[1]
+	lea	($tp,$num),$tp		# rewind $tp
+	sar	\$5,$num		# cf=0
+	lea	($np,$N[1],8),$np
+	mov	56+8(%rsp),$rp		# restore $rp
+	jmp	.Lsub4x
+
+.align	32
+.Lsub4x:
+	.byte	0x66
+	mov	8*0($tp),@ri[0]
+	mov	8*1($tp),@ri[1]
+	.byte	0x66
+	sbb	16*0($np),@ri[0]
+	mov	8*2($tp),@ri[2]
+	sbb	16*1($np),@ri[1]
+	mov	3*8($tp),@ri[3]
+	lea	4*8($tp),$tp
+	sbb	16*2($np),@ri[2]
+	mov	@ri[0],8*0($rp)
+	sbb	16*3($np),@ri[3]
+	lea	16*4($np),$np
+	mov	@ri[1],8*1($rp)
+	mov	@ri[2],8*2($rp)
+	mov	@ri[3],8*3($rp)
+	lea	8*4($rp),$rp
+
+	inc	$num
+	jnz	.Lsub4x
+
+	ret
+___
+}
+$code.=<<___;
+.size	mul4x_internal,.-mul4x_internal
+___
+}}}
+{{{
+######################################################################
+# void bn_power5(
+my $rptr="%rdi";	# BN_ULONG *rptr,
+my $aptr="%rsi";	# const BN_ULONG *aptr,
+my $bptr="%rdx";	# const void *table,
+my $nptr="%rcx";	# const BN_ULONG *nptr,
+my $n0  ="%r8";		# const BN_ULONG *n0);
+my $num ="%r9";		# int num, has to be divisible by 8
+			# int pwr
+
+my ($i,$j,$tptr)=("%rbp","%rcx",$rptr);
+my @A0=("%r10","%r11");
+my @A1=("%r12","%r13");
+my ($a0,$a1,$ai)=("%r14","%r15","%rbx");
+
+$code.=<<___;
+.globl	bn_power5
+.type	bn_power5,\@function,6
+.align	32
+bn_power5:
+.cfi_startproc
+	mov	%rsp,%rax
+.cfi_def_cfa_register	%rax
+___
+$code.=<<___ if ($addx);
+	mov	OPENSSL_ia32cap_P+8(%rip),%r11d
+	and	\$0x80108,%r11d
+	cmp	\$0x80108,%r11d		# check for AD*X+BMI2+BMI1
+	je	.Lpowerx5_enter
+___
+$code.=<<___;
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+.Lpower5_prologue:
+
+	shl	\$3,${num}d		# convert $num to bytes
+	lea	($num,$num,2),%r10d	# 3*$num
+	neg	$num
+	mov	($n0),$n0		# *n0
+
+	##############################################################
+	# Ensure that stack frame doesn't alias with $rptr+3*$num
+	# modulo 4096, which covers ret[num], am[num] and n[num]
+	# (see bn_exp.c). This is done to allow memory disambiguation
+	# logic do its magic. [Extra 256 bytes is for power mask
+	# calculated from 7th argument, the index.]
+	#
+	lea	-320(%rsp,$num,2),%r11
+	mov	%rsp,%rbp
+	sub	$rptr,%r11
+	and	\$4095,%r11
+	cmp	%r11,%r10
+	jb	.Lpwr_sp_alt
+	sub	%r11,%rbp		# align with $aptr
+	lea	-320(%rbp,$num,2),%rbp	# future alloca(frame+2*num*8+256)
+	jmp	.Lpwr_sp_done
+
+.align	32
+.Lpwr_sp_alt:
+	lea	4096-320(,$num,2),%r10
+	lea	-320(%rbp,$num,2),%rbp	# future alloca(frame+2*num*8+256)
+	sub	%r10,%r11
+	mov	\$0,%r10
+	cmovc	%r10,%r11
+	sub	%r11,%rbp
+.Lpwr_sp_done:
+	and	\$-64,%rbp
+	mov	%rsp,%r11
+	sub	%rbp,%r11
+	and	\$-4096,%r11
+	lea	(%rbp,%r11),%rsp
+	mov	(%rsp),%r10
+	cmp	%rbp,%rsp
+	ja	.Lpwr_page_walk
+	jmp	.Lpwr_page_walk_done
+
+.Lpwr_page_walk:
+	lea	-4096(%rsp),%rsp
+	mov	(%rsp),%r10
+	cmp	%rbp,%rsp
+	ja	.Lpwr_page_walk
+.Lpwr_page_walk_done:
+
+	mov	$num,%r10
+	neg	$num
+
+	##############################################################
+	# Stack layout
+	#
+	# +0	saved $num, used in reduction section
+	# +8	&t[2*$num], used in reduction section
+	# +32	saved *n0
+	# +40	saved %rsp
+	# +48	t[2*$num]
+	#
+	mov	$n0,  32(%rsp)
+	mov	%rax, 40(%rsp)		# save original %rsp
+.cfi_cfa_expression	%rsp+40,deref,+8
+.Lpower5_body:
+	movq	$rptr,%xmm1		# save $rptr, used in sqr8x
+	movq	$nptr,%xmm2		# save $nptr
+	movq	%r10, %xmm3		# -$num, used in sqr8x
+	movq	$bptr,%xmm4
+
+	call	__bn_sqr8x_internal
+	call	__bn_post4x_internal
+	call	__bn_sqr8x_internal
+	call	__bn_post4x_internal
+	call	__bn_sqr8x_internal
+	call	__bn_post4x_internal
+	call	__bn_sqr8x_internal
+	call	__bn_post4x_internal
+	call	__bn_sqr8x_internal
+	call	__bn_post4x_internal
+
+	movq	%xmm2,$nptr
+	movq	%xmm4,$bptr
+	mov	$aptr,$rptr
+	mov	40(%rsp),%rax
+	lea	32(%rsp),$n0
+
+	call	mul4x_internal
+
+	mov	40(%rsp),%rsi		# restore %rsp
+.cfi_def_cfa	%rsi,8
+	mov	\$1,%rax
+	mov	-48(%rsi),%r15
+.cfi_restore	%r15
+	mov	-40(%rsi),%r14
+.cfi_restore	%r14
+	mov	-32(%rsi),%r13
+.cfi_restore	%r13
+	mov	-24(%rsi),%r12
+.cfi_restore	%r12
+	mov	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lpower5_epilogue:
+	ret
+.cfi_endproc
+.size	bn_power5,.-bn_power5
+
+.globl	bn_sqr8x_internal
+.hidden	bn_sqr8x_internal
+.type	bn_sqr8x_internal,\@abi-omnipotent
+.align	32
+bn_sqr8x_internal:
+__bn_sqr8x_internal:
+	##############################################################
+	# Squaring part:
+	#
+	# a) multiply-n-add everything but a[i]*a[i];
+	# b) shift result of a) by 1 to the left and accumulate
+	#    a[i]*a[i] products;
+	#
+	##############################################################
+	#                                                     a[1]a[0]
+	#                                                 a[2]a[0]
+	#                                             a[3]a[0]
+	#                                             a[2]a[1]
+	#                                         a[4]a[0]
+	#                                         a[3]a[1]
+	#                                     a[5]a[0]
+	#                                     a[4]a[1]
+	#                                     a[3]a[2]
+	#                                 a[6]a[0]
+	#                                 a[5]a[1]
+	#                                 a[4]a[2]
+	#                             a[7]a[0]
+	#                             a[6]a[1]
+	#                             a[5]a[2]
+	#                             a[4]a[3]
+	#                         a[7]a[1]
+	#                         a[6]a[2]
+	#                         a[5]a[3]
+	#                     a[7]a[2]
+	#                     a[6]a[3]
+	#                     a[5]a[4]
+	#                 a[7]a[3]
+	#                 a[6]a[4]
+	#             a[7]a[4]
+	#             a[6]a[5]
+	#         a[7]a[5]
+	#     a[7]a[6]
+	#                                                     a[1]a[0]
+	#                                                 a[2]a[0]
+	#                                             a[3]a[0]
+	#                                         a[4]a[0]
+	#                                     a[5]a[0]
+	#                                 a[6]a[0]
+	#                             a[7]a[0]
+	#                                             a[2]a[1]
+	#                                         a[3]a[1]
+	#                                     a[4]a[1]
+	#                                 a[5]a[1]
+	#                             a[6]a[1]
+	#                         a[7]a[1]
+	#                                     a[3]a[2]
+	#                                 a[4]a[2]
+	#                             a[5]a[2]
+	#                         a[6]a[2]
+	#                     a[7]a[2]
+	#                             a[4]a[3]
+	#                         a[5]a[3]
+	#                     a[6]a[3]
+	#                 a[7]a[3]
+	#                     a[5]a[4]
+	#                 a[6]a[4]
+	#             a[7]a[4]
+	#             a[6]a[5]
+	#         a[7]a[5]
+	#     a[7]a[6]
+	#                                                         a[0]a[0]
+	#                                                 a[1]a[1]
+	#                                         a[2]a[2]
+	#                                 a[3]a[3]
+	#                         a[4]a[4]
+	#                 a[5]a[5]
+	#         a[6]a[6]
+	# a[7]a[7]
+
+	lea	32(%r10),$i		# $i=-($num-32)
+	lea	($aptr,$num),$aptr	# end of a[] buffer, ($aptr,$i)=&ap[2]
+
+	mov	$num,$j			# $j=$num
+
+					# comments apply to $num==8 case
+	mov	-32($aptr,$i),$a0	# a[0]
+	lea	48+8(%rsp,$num,2),$tptr	# end of tp[] buffer, &tp[2*$num]
+	mov	-24($aptr,$i),%rax	# a[1]
+	lea	-32($tptr,$i),$tptr	# end of tp[] window, &tp[2*$num-"$i"]
+	mov	-16($aptr,$i),$ai	# a[2]
+	mov	%rax,$a1
+
+	mul	$a0			# a[1]*a[0]
+	mov	%rax,$A0[0]		# a[1]*a[0]
+	 mov	$ai,%rax		# a[2]
+	mov	%rdx,$A0[1]
+	mov	$A0[0],-24($tptr,$i)	# t[1]
+
+	mul	$a0			# a[2]*a[0]
+	add	%rax,$A0[1]
+	 mov	$ai,%rax
+	adc	\$0,%rdx
+	mov	$A0[1],-16($tptr,$i)	# t[2]
+	mov	%rdx,$A0[0]
+
+
+	 mov	-8($aptr,$i),$ai	# a[3]
+	mul	$a1			# a[2]*a[1]
+	mov	%rax,$A1[0]		# a[2]*a[1]+t[3]
+	 mov	$ai,%rax
+	mov	%rdx,$A1[1]
+
+	 lea	($i),$j
+	mul	$a0			# a[3]*a[0]
+	add	%rax,$A0[0]		# a[3]*a[0]+a[2]*a[1]+t[3]
+	 mov	$ai,%rax
+	mov	%rdx,$A0[1]
+	adc	\$0,$A0[1]
+	add	$A1[0],$A0[0]
+	adc	\$0,$A0[1]
+	mov	$A0[0],-8($tptr,$j)	# t[3]
+	jmp	.Lsqr4x_1st
+
+.align	32
+.Lsqr4x_1st:
+	 mov	($aptr,$j),$ai		# a[4]
+	mul	$a1			# a[3]*a[1]
+	add	%rax,$A1[1]		# a[3]*a[1]+t[4]
+	 mov	$ai,%rax
+	mov	%rdx,$A1[0]
+	adc	\$0,$A1[0]
+
+	mul	$a0			# a[4]*a[0]
+	add	%rax,$A0[1]		# a[4]*a[0]+a[3]*a[1]+t[4]
+	 mov	$ai,%rax		# a[3]
+	 mov	8($aptr,$j),$ai		# a[5]
+	mov	%rdx,$A0[0]
+	adc	\$0,$A0[0]
+	add	$A1[1],$A0[1]
+	adc	\$0,$A0[0]
+
+
+	mul	$a1			# a[4]*a[3]
+	add	%rax,$A1[0]		# a[4]*a[3]+t[5]
+	 mov	$ai,%rax
+	 mov	$A0[1],($tptr,$j)	# t[4]
+	mov	%rdx,$A1[1]
+	adc	\$0,$A1[1]
+
+	mul	$a0			# a[5]*a[2]
+	add	%rax,$A0[0]		# a[5]*a[2]+a[4]*a[3]+t[5]
+	 mov	$ai,%rax
+	 mov	16($aptr,$j),$ai	# a[6]
+	mov	%rdx,$A0[1]
+	adc	\$0,$A0[1]
+	add	$A1[0],$A0[0]
+	adc	\$0,$A0[1]
+
+	mul	$a1			# a[5]*a[3]
+	add	%rax,$A1[1]		# a[5]*a[3]+t[6]
+	 mov	$ai,%rax
+	 mov	$A0[0],8($tptr,$j)	# t[5]
+	mov	%rdx,$A1[0]
+	adc	\$0,$A1[0]
+
+	mul	$a0			# a[6]*a[2]
+	add	%rax,$A0[1]		# a[6]*a[2]+a[5]*a[3]+t[6]
+	 mov	$ai,%rax		# a[3]
+	 mov	24($aptr,$j),$ai	# a[7]
+	mov	%rdx,$A0[0]
+	adc	\$0,$A0[0]
+	add	$A1[1],$A0[1]
+	adc	\$0,$A0[0]
+
+
+	mul	$a1			# a[6]*a[5]
+	add	%rax,$A1[0]		# a[6]*a[5]+t[7]
+	 mov	$ai,%rax
+	 mov	$A0[1],16($tptr,$j)	# t[6]
+	mov	%rdx,$A1[1]
+	adc	\$0,$A1[1]
+	 lea	32($j),$j
+
+	mul	$a0			# a[7]*a[4]
+	add	%rax,$A0[0]		# a[7]*a[4]+a[6]*a[5]+t[6]
+	 mov	$ai,%rax
+	mov	%rdx,$A0[1]
+	adc	\$0,$A0[1]
+	add	$A1[0],$A0[0]
+	adc	\$0,$A0[1]
+	mov	$A0[0],-8($tptr,$j)	# t[7]
+
+	cmp	\$0,$j
+	jne	.Lsqr4x_1st
+
+	mul	$a1			# a[7]*a[5]
+	add	%rax,$A1[1]
+	lea	16($i),$i
+	adc	\$0,%rdx
+	add	$A0[1],$A1[1]
+	adc	\$0,%rdx
+
+	mov	$A1[1],($tptr)		# t[8]
+	mov	%rdx,$A1[0]
+	mov	%rdx,8($tptr)		# t[9]
+	jmp	.Lsqr4x_outer
+
+.align	32
+.Lsqr4x_outer:				# comments apply to $num==6 case
+	mov	-32($aptr,$i),$a0	# a[0]
+	lea	48+8(%rsp,$num,2),$tptr	# end of tp[] buffer, &tp[2*$num]
+	mov	-24($aptr,$i),%rax	# a[1]
+	lea	-32($tptr,$i),$tptr	# end of tp[] window, &tp[2*$num-"$i"]
+	mov	-16($aptr,$i),$ai	# a[2]
+	mov	%rax,$a1
+
+	mul	$a0			# a[1]*a[0]
+	mov	-24($tptr,$i),$A0[0]	# t[1]
+	add	%rax,$A0[0]		# a[1]*a[0]+t[1]
+	 mov	$ai,%rax		# a[2]
+	adc	\$0,%rdx
+	mov	$A0[0],-24($tptr,$i)	# t[1]
+	mov	%rdx,$A0[1]
+
+	mul	$a0			# a[2]*a[0]
+	add	%rax,$A0[1]
+	 mov	$ai,%rax
+	adc	\$0,%rdx
+	add	-16($tptr,$i),$A0[1]	# a[2]*a[0]+t[2]
+	mov	%rdx,$A0[0]
+	adc	\$0,$A0[0]
+	mov	$A0[1],-16($tptr,$i)	# t[2]
+
+	xor	$A1[0],$A1[0]
+
+	 mov	-8($aptr,$i),$ai	# a[3]
+	mul	$a1			# a[2]*a[1]
+	add	%rax,$A1[0]		# a[2]*a[1]+t[3]
+	 mov	$ai,%rax
+	adc	\$0,%rdx
+	add	-8($tptr,$i),$A1[0]
+	mov	%rdx,$A1[1]
+	adc	\$0,$A1[1]
+
+	mul	$a0			# a[3]*a[0]
+	add	%rax,$A0[0]		# a[3]*a[0]+a[2]*a[1]+t[3]
+	 mov	$ai,%rax
+	adc	\$0,%rdx
+	add	$A1[0],$A0[0]
+	mov	%rdx,$A0[1]
+	adc	\$0,$A0[1]
+	mov	$A0[0],-8($tptr,$i)	# t[3]
+
+	lea	($i),$j
+	jmp	.Lsqr4x_inner
+
+.align	32
+.Lsqr4x_inner:
+	 mov	($aptr,$j),$ai		# a[4]
+	mul	$a1			# a[3]*a[1]
+	add	%rax,$A1[1]		# a[3]*a[1]+t[4]
+	 mov	$ai,%rax
+	mov	%rdx,$A1[0]
+	adc	\$0,$A1[0]
+	add	($tptr,$j),$A1[1]
+	adc	\$0,$A1[0]
+
+	.byte	0x67
+	mul	$a0			# a[4]*a[0]
+	add	%rax,$A0[1]		# a[4]*a[0]+a[3]*a[1]+t[4]
+	 mov	$ai,%rax		# a[3]
+	 mov	8($aptr,$j),$ai		# a[5]
+	mov	%rdx,$A0[0]
+	adc	\$0,$A0[0]
+	add	$A1[1],$A0[1]
+	adc	\$0,$A0[0]
+
+	mul	$a1			# a[4]*a[3]
+	add	%rax,$A1[0]		# a[4]*a[3]+t[5]
+	mov	$A0[1],($tptr,$j)	# t[4]
+	 mov	$ai,%rax
+	mov	%rdx,$A1[1]
+	adc	\$0,$A1[1]
+	add	8($tptr,$j),$A1[0]
+	lea	16($j),$j		# j++
+	adc	\$0,$A1[1]
+
+	mul	$a0			# a[5]*a[2]
+	add	%rax,$A0[0]		# a[5]*a[2]+a[4]*a[3]+t[5]
+	 mov	$ai,%rax
+	adc	\$0,%rdx
+	add	$A1[0],$A0[0]
+	mov	%rdx,$A0[1]
+	adc	\$0,$A0[1]
+	mov	$A0[0],-8($tptr,$j)	# t[5], "preloaded t[1]" below
+
+	cmp	\$0,$j
+	jne	.Lsqr4x_inner
+
+	.byte	0x67
+	mul	$a1			# a[5]*a[3]
+	add	%rax,$A1[1]
+	adc	\$0,%rdx
+	add	$A0[1],$A1[1]
+	adc	\$0,%rdx
+
+	mov	$A1[1],($tptr)		# t[6], "preloaded t[2]" below
+	mov	%rdx,$A1[0]
+	mov	%rdx,8($tptr)		# t[7], "preloaded t[3]" below
+
+	add	\$16,$i
+	jnz	.Lsqr4x_outer
+
+					# comments apply to $num==4 case
+	mov	-32($aptr),$a0		# a[0]
+	lea	48+8(%rsp,$num,2),$tptr	# end of tp[] buffer, &tp[2*$num]
+	mov	-24($aptr),%rax		# a[1]
+	lea	-32($tptr,$i),$tptr	# end of tp[] window, &tp[2*$num-"$i"]
+	mov	-16($aptr),$ai		# a[2]
+	mov	%rax,$a1
+
+	mul	$a0			# a[1]*a[0]
+	add	%rax,$A0[0]		# a[1]*a[0]+t[1], preloaded t[1]
+	 mov	$ai,%rax		# a[2]
+	mov	%rdx,$A0[1]
+	adc	\$0,$A0[1]
+
+	mul	$a0			# a[2]*a[0]
+	add	%rax,$A0[1]
+	 mov	$ai,%rax
+	 mov	$A0[0],-24($tptr)	# t[1]
+	mov	%rdx,$A0[0]
+	adc	\$0,$A0[0]
+	add	$A1[1],$A0[1]		# a[2]*a[0]+t[2], preloaded t[2]
+	 mov	-8($aptr),$ai		# a[3]
+	adc	\$0,$A0[0]
+
+	mul	$a1			# a[2]*a[1]
+	add	%rax,$A1[0]		# a[2]*a[1]+t[3], preloaded t[3]
+	 mov	$ai,%rax
+	 mov	$A0[1],-16($tptr)	# t[2]
+	mov	%rdx,$A1[1]
+	adc	\$0,$A1[1]
+
+	mul	$a0			# a[3]*a[0]
+	add	%rax,$A0[0]		# a[3]*a[0]+a[2]*a[1]+t[3]
+	 mov	$ai,%rax
+	mov	%rdx,$A0[1]
+	adc	\$0,$A0[1]
+	add	$A1[0],$A0[0]
+	adc	\$0,$A0[1]
+	mov	$A0[0],-8($tptr)	# t[3]
+
+	mul	$a1			# a[3]*a[1]
+	add	%rax,$A1[1]
+	 mov	-16($aptr),%rax		# a[2]
+	adc	\$0,%rdx
+	add	$A0[1],$A1[1]
+	adc	\$0,%rdx
+
+	mov	$A1[1],($tptr)		# t[4]
+	mov	%rdx,$A1[0]
+	mov	%rdx,8($tptr)		# t[5]
+
+	mul	$ai			# a[2]*a[3]
+___
+{
+my ($shift,$carry)=($a0,$a1);
+my @S=(@A1,$ai,$n0);
+$code.=<<___;
+	 add	\$16,$i
+	 xor	$shift,$shift
+	 sub	$num,$i			# $i=16-$num
+	 xor	$carry,$carry
+
+	add	$A1[0],%rax		# t[5]
+	adc	\$0,%rdx
+	mov	%rax,8($tptr)		# t[5]
+	mov	%rdx,16($tptr)		# t[6]
+	mov	$carry,24($tptr)	# t[7]
+
+	 mov	-16($aptr,$i),%rax	# a[0]
+	lea	48+8(%rsp),$tptr
+	 xor	$A0[0],$A0[0]		# t[0]
+	 mov	8($tptr),$A0[1]		# t[1]
+
+	lea	($shift,$A0[0],2),$S[0]	# t[2*i]<<1 | shift
+	shr	\$63,$A0[0]
+	lea	($j,$A0[1],2),$S[1]	# t[2*i+1]<<1 |
+	shr	\$63,$A0[1]
+	or	$A0[0],$S[1]		# | t[2*i]>>63
+	 mov	16($tptr),$A0[0]	# t[2*i+2]	# prefetch
+	mov	$A0[1],$shift		# shift=t[2*i+1]>>63
+	mul	%rax			# a[i]*a[i]
+	neg	$carry			# mov $carry,cf
+	 mov	24($tptr),$A0[1]	# t[2*i+2+1]	# prefetch
+	adc	%rax,$S[0]
+	 mov	-8($aptr,$i),%rax	# a[i+1]	# prefetch
+	mov	$S[0],($tptr)
+	adc	%rdx,$S[1]
+
+	lea	($shift,$A0[0],2),$S[2]	# t[2*i]<<1 | shift
+	 mov	$S[1],8($tptr)
+	 sbb	$carry,$carry		# mov cf,$carry
+	shr	\$63,$A0[0]
+	lea	($j,$A0[1],2),$S[3]	# t[2*i+1]<<1 |
+	shr	\$63,$A0[1]
+	or	$A0[0],$S[3]		# | t[2*i]>>63
+	 mov	32($tptr),$A0[0]	# t[2*i+2]	# prefetch
+	mov	$A0[1],$shift		# shift=t[2*i+1]>>63
+	mul	%rax			# a[i]*a[i]
+	neg	$carry			# mov $carry,cf
+	 mov	40($tptr),$A0[1]	# t[2*i+2+1]	# prefetch
+	adc	%rax,$S[2]
+	 mov	0($aptr,$i),%rax	# a[i+1]	# prefetch
+	mov	$S[2],16($tptr)
+	adc	%rdx,$S[3]
+	lea	16($i),$i
+	mov	$S[3],24($tptr)
+	sbb	$carry,$carry		# mov cf,$carry
+	lea	64($tptr),$tptr
+	jmp	.Lsqr4x_shift_n_add
+
+.align	32
+.Lsqr4x_shift_n_add:
+	lea	($shift,$A0[0],2),$S[0]	# t[2*i]<<1 | shift
+	shr	\$63,$A0[0]
+	lea	($j,$A0[1],2),$S[1]	# t[2*i+1]<<1 |
+	shr	\$63,$A0[1]
+	or	$A0[0],$S[1]		# | t[2*i]>>63
+	 mov	-16($tptr),$A0[0]	# t[2*i+2]	# prefetch
+	mov	$A0[1],$shift		# shift=t[2*i+1]>>63
+	mul	%rax			# a[i]*a[i]
+	neg	$carry			# mov $carry,cf
+	 mov	-8($tptr),$A0[1]	# t[2*i+2+1]	# prefetch
+	adc	%rax,$S[0]
+	 mov	-8($aptr,$i),%rax	# a[i+1]	# prefetch
+	mov	$S[0],-32($tptr)
+	adc	%rdx,$S[1]
+
+	lea	($shift,$A0[0],2),$S[2]	# t[2*i]<<1 | shift
+	 mov	$S[1],-24($tptr)
+	 sbb	$carry,$carry		# mov cf,$carry
+	shr	\$63,$A0[0]
+	lea	($j,$A0[1],2),$S[3]	# t[2*i+1]<<1 |
+	shr	\$63,$A0[1]
+	or	$A0[0],$S[3]		# | t[2*i]>>63
+	 mov	0($tptr),$A0[0]		# t[2*i+2]	# prefetch
+	mov	$A0[1],$shift		# shift=t[2*i+1]>>63
+	mul	%rax			# a[i]*a[i]
+	neg	$carry			# mov $carry,cf
+	 mov	8($tptr),$A0[1]		# t[2*i+2+1]	# prefetch
+	adc	%rax,$S[2]
+	 mov	0($aptr,$i),%rax	# a[i+1]	# prefetch
+	mov	$S[2],-16($tptr)
+	adc	%rdx,$S[3]
+
+	lea	($shift,$A0[0],2),$S[0]	# t[2*i]<<1 | shift
+	 mov	$S[3],-8($tptr)
+	 sbb	$carry,$carry		# mov cf,$carry
+	shr	\$63,$A0[0]
+	lea	($j,$A0[1],2),$S[1]	# t[2*i+1]<<1 |
+	shr	\$63,$A0[1]
+	or	$A0[0],$S[1]		# | t[2*i]>>63
+	 mov	16($tptr),$A0[0]	# t[2*i+2]	# prefetch
+	mov	$A0[1],$shift		# shift=t[2*i+1]>>63
+	mul	%rax			# a[i]*a[i]
+	neg	$carry			# mov $carry,cf
+	 mov	24($tptr),$A0[1]	# t[2*i+2+1]	# prefetch
+	adc	%rax,$S[0]
+	 mov	8($aptr,$i),%rax	# a[i+1]	# prefetch
+	mov	$S[0],0($tptr)
+	adc	%rdx,$S[1]
+
+	lea	($shift,$A0[0],2),$S[2]	# t[2*i]<<1 | shift
+	 mov	$S[1],8($tptr)
+	 sbb	$carry,$carry		# mov cf,$carry
+	shr	\$63,$A0[0]
+	lea	($j,$A0[1],2),$S[3]	# t[2*i+1]<<1 |
+	shr	\$63,$A0[1]
+	or	$A0[0],$S[3]		# | t[2*i]>>63
+	 mov	32($tptr),$A0[0]	# t[2*i+2]	# prefetch
+	mov	$A0[1],$shift		# shift=t[2*i+1]>>63
+	mul	%rax			# a[i]*a[i]
+	neg	$carry			# mov $carry,cf
+	 mov	40($tptr),$A0[1]	# t[2*i+2+1]	# prefetch
+	adc	%rax,$S[2]
+	 mov	16($aptr,$i),%rax	# a[i+1]	# prefetch
+	mov	$S[2],16($tptr)
+	adc	%rdx,$S[3]
+	mov	$S[3],24($tptr)
+	sbb	$carry,$carry		# mov cf,$carry
+	lea	64($tptr),$tptr
+	add	\$32,$i
+	jnz	.Lsqr4x_shift_n_add
+
+	lea	($shift,$A0[0],2),$S[0]	# t[2*i]<<1 | shift
+	.byte	0x67
+	shr	\$63,$A0[0]
+	lea	($j,$A0[1],2),$S[1]	# t[2*i+1]<<1 |
+	shr	\$63,$A0[1]
+	or	$A0[0],$S[1]		# | t[2*i]>>63
+	 mov	-16($tptr),$A0[0]	# t[2*i+2]	# prefetch
+	mov	$A0[1],$shift		# shift=t[2*i+1]>>63
+	mul	%rax			# a[i]*a[i]
+	neg	$carry			# mov $carry,cf
+	 mov	-8($tptr),$A0[1]	# t[2*i+2+1]	# prefetch
+	adc	%rax,$S[0]
+	 mov	-8($aptr),%rax		# a[i+1]	# prefetch
+	mov	$S[0],-32($tptr)
+	adc	%rdx,$S[1]
+
+	lea	($shift,$A0[0],2),$S[2]	# t[2*i]<<1|shift
+	 mov	$S[1],-24($tptr)
+	 sbb	$carry,$carry		# mov cf,$carry
+	shr	\$63,$A0[0]
+	lea	($j,$A0[1],2),$S[3]	# t[2*i+1]<<1 |
+	shr	\$63,$A0[1]
+	or	$A0[0],$S[3]		# | t[2*i]>>63
+	mul	%rax			# a[i]*a[i]
+	neg	$carry			# mov $carry,cf
+	adc	%rax,$S[2]
+	adc	%rdx,$S[3]
+	mov	$S[2],-16($tptr)
+	mov	$S[3],-8($tptr)
+___
+}
+######################################################################
+# Montgomery reduction part, "word-by-word" algorithm.
+#
+# This new path is inspired by multiple submissions from Intel, by
+# Shay Gueron, Vlad Krasnov, Erdinc Ozturk, James Guilford,
+# Vinodh Gopal...
+{
+my ($nptr,$tptr,$carry,$m0)=("%rbp","%rdi","%rsi","%rbx");
+
+$code.=<<___;
+	movq	%xmm2,$nptr
+__bn_sqr8x_reduction:
+	xor	%rax,%rax
+	lea	($nptr,$num),%rcx	# end of n[]
+	lea	48+8(%rsp,$num,2),%rdx	# end of t[] buffer
+	mov	%rcx,0+8(%rsp)
+	lea	48+8(%rsp,$num),$tptr	# end of initial t[] window
+	mov	%rdx,8+8(%rsp)
+	neg	$num
+	jmp	.L8x_reduction_loop
+
+.align	32
+.L8x_reduction_loop:
+	lea	($tptr,$num),$tptr	# start of current t[] window
+	.byte	0x66
+	mov	8*0($tptr),$m0
+	mov	8*1($tptr),%r9
+	mov	8*2($tptr),%r10
+	mov	8*3($tptr),%r11
+	mov	8*4($tptr),%r12
+	mov	8*5($tptr),%r13
+	mov	8*6($tptr),%r14
+	mov	8*7($tptr),%r15
+	mov	%rax,(%rdx)		# store top-most carry bit
+	lea	8*8($tptr),$tptr
+
+	.byte	0x67
+	mov	$m0,%r8
+	imulq	32+8(%rsp),$m0		# n0*a[0]
+	mov	8*0($nptr),%rax		# n[0]
+	mov	\$8,%ecx
+	jmp	.L8x_reduce
+
+.align	32
+.L8x_reduce:
+	mulq	$m0
+	 mov	8*1($nptr),%rax		# n[1]
+	neg	%r8
+	mov	%rdx,%r8
+	adc	\$0,%r8
+
+	mulq	$m0
+	add	%rax,%r9
+	 mov	8*2($nptr),%rax
+	adc	\$0,%rdx
+	add	%r9,%r8
+	 mov	$m0,48-8+8(%rsp,%rcx,8)	# put aside n0*a[i]
+	mov	%rdx,%r9
+	adc	\$0,%r9
+
+	mulq	$m0
+	add	%rax,%r10
+	 mov	8*3($nptr),%rax
+	adc	\$0,%rdx
+	add	%r10,%r9
+	 mov	32+8(%rsp),$carry	# pull n0, borrow $carry
+	mov	%rdx,%r10
+	adc	\$0,%r10
+
+	mulq	$m0
+	add	%rax,%r11
+	 mov	8*4($nptr),%rax
+	adc	\$0,%rdx
+	 imulq	%r8,$carry		# modulo-scheduled
+	add	%r11,%r10
+	mov	%rdx,%r11
+	adc	\$0,%r11
+
+	mulq	$m0
+	add	%rax,%r12
+	 mov	8*5($nptr),%rax
+	adc	\$0,%rdx
+	add	%r12,%r11
+	mov	%rdx,%r12
+	adc	\$0,%r12
+
+	mulq	$m0
+	add	%rax,%r13
+	 mov	8*6($nptr),%rax
+	adc	\$0,%rdx
+	add	%r13,%r12
+	mov	%rdx,%r13
+	adc	\$0,%r13
+
+	mulq	$m0
+	add	%rax,%r14
+	 mov	8*7($nptr),%rax
+	adc	\$0,%rdx
+	add	%r14,%r13
+	mov	%rdx,%r14
+	adc	\$0,%r14
+
+	mulq	$m0
+	 mov	$carry,$m0		# n0*a[i]
+	add	%rax,%r15
+	 mov	8*0($nptr),%rax		# n[0]
+	adc	\$0,%rdx
+	add	%r15,%r14
+	mov	%rdx,%r15
+	adc	\$0,%r15
+
+	dec	%ecx
+	jnz	.L8x_reduce
+
+	lea	8*8($nptr),$nptr
+	xor	%rax,%rax
+	mov	8+8(%rsp),%rdx		# pull end of t[]
+	cmp	0+8(%rsp),$nptr		# end of n[]?
+	jae	.L8x_no_tail
+
+	.byte	0x66
+	add	8*0($tptr),%r8
+	adc	8*1($tptr),%r9
+	adc	8*2($tptr),%r10
+	adc	8*3($tptr),%r11
+	adc	8*4($tptr),%r12
+	adc	8*5($tptr),%r13
+	adc	8*6($tptr),%r14
+	adc	8*7($tptr),%r15
+	sbb	$carry,$carry		# top carry
+
+	mov	48+56+8(%rsp),$m0	# pull n0*a[0]
+	mov	\$8,%ecx
+	mov	8*0($nptr),%rax
+	jmp	.L8x_tail
+
+.align	32
+.L8x_tail:
+	mulq	$m0
+	add	%rax,%r8
+	 mov	8*1($nptr),%rax
+	 mov	%r8,($tptr)		# save result
+	mov	%rdx,%r8
+	adc	\$0,%r8
+
+	mulq	$m0
+	add	%rax,%r9
+	 mov	8*2($nptr),%rax
+	adc	\$0,%rdx
+	add	%r9,%r8
+	 lea	8($tptr),$tptr		# $tptr++
+	mov	%rdx,%r9
+	adc	\$0,%r9
+
+	mulq	$m0
+	add	%rax,%r10
+	 mov	8*3($nptr),%rax
+	adc	\$0,%rdx
+	add	%r10,%r9
+	mov	%rdx,%r10
+	adc	\$0,%r10
+
+	mulq	$m0
+	add	%rax,%r11
+	 mov	8*4($nptr),%rax
+	adc	\$0,%rdx
+	add	%r11,%r10
+	mov	%rdx,%r11
+	adc	\$0,%r11
+
+	mulq	$m0
+	add	%rax,%r12
+	 mov	8*5($nptr),%rax
+	adc	\$0,%rdx
+	add	%r12,%r11
+	mov	%rdx,%r12
+	adc	\$0,%r12
+
+	mulq	$m0
+	add	%rax,%r13
+	 mov	8*6($nptr),%rax
+	adc	\$0,%rdx
+	add	%r13,%r12
+	mov	%rdx,%r13
+	adc	\$0,%r13
+
+	mulq	$m0
+	add	%rax,%r14
+	 mov	8*7($nptr),%rax
+	adc	\$0,%rdx
+	add	%r14,%r13
+	mov	%rdx,%r14
+	adc	\$0,%r14
+
+	mulq	$m0
+	 mov	48-16+8(%rsp,%rcx,8),$m0# pull n0*a[i]
+	add	%rax,%r15
+	adc	\$0,%rdx
+	add	%r15,%r14
+	 mov	8*0($nptr),%rax		# pull n[0]
+	mov	%rdx,%r15
+	adc	\$0,%r15
+
+	dec	%ecx
+	jnz	.L8x_tail
+
+	lea	8*8($nptr),$nptr
+	mov	8+8(%rsp),%rdx		# pull end of t[]
+	cmp	0+8(%rsp),$nptr		# end of n[]?
+	jae	.L8x_tail_done		# break out of loop
+
+	 mov	48+56+8(%rsp),$m0	# pull n0*a[0]
+	neg	$carry
+	 mov	8*0($nptr),%rax		# pull n[0]
+	adc	8*0($tptr),%r8
+	adc	8*1($tptr),%r9
+	adc	8*2($tptr),%r10
+	adc	8*3($tptr),%r11
+	adc	8*4($tptr),%r12
+	adc	8*5($tptr),%r13
+	adc	8*6($tptr),%r14
+	adc	8*7($tptr),%r15
+	sbb	$carry,$carry		# top carry
+
+	mov	\$8,%ecx
+	jmp	.L8x_tail
+
+.align	32
+.L8x_tail_done:
+	xor	%rax,%rax
+	add	(%rdx),%r8		# can this overflow?
+	adc	\$0,%r9
+	adc	\$0,%r10
+	adc	\$0,%r11
+	adc	\$0,%r12
+	adc	\$0,%r13
+	adc	\$0,%r14
+	adc	\$0,%r15
+	adc	\$0,%rax
+
+	neg	$carry
+.L8x_no_tail:
+	adc	8*0($tptr),%r8
+	adc	8*1($tptr),%r9
+	adc	8*2($tptr),%r10
+	adc	8*3($tptr),%r11
+	adc	8*4($tptr),%r12
+	adc	8*5($tptr),%r13
+	adc	8*6($tptr),%r14
+	adc	8*7($tptr),%r15
+	adc	\$0,%rax		# top-most carry
+	 mov	-8($nptr),%rcx		# np[num-1]
+	 xor	$carry,$carry
+
+	movq	%xmm2,$nptr		# restore $nptr
+
+	mov	%r8,8*0($tptr)		# store top 512 bits
+	mov	%r9,8*1($tptr)
+	 movq	%xmm3,$num		# $num is %r9, can't be moved upwards
+	mov	%r10,8*2($tptr)
+	mov	%r11,8*3($tptr)
+	mov	%r12,8*4($tptr)
+	mov	%r13,8*5($tptr)
+	mov	%r14,8*6($tptr)
+	mov	%r15,8*7($tptr)
+	lea	8*8($tptr),$tptr
+
+	cmp	%rdx,$tptr		# end of t[]?
+	jb	.L8x_reduction_loop
+	ret
+.size	bn_sqr8x_internal,.-bn_sqr8x_internal
+___
+}
+##############################################################
+# Post-condition, 4x unrolled
+#
+{
+my ($tptr,$nptr)=("%rbx","%rbp");
+$code.=<<___;
+.type	__bn_post4x_internal,\@abi-omnipotent
+.align	32
+__bn_post4x_internal:
+	mov	8*0($nptr),%r12
+	lea	(%rdi,$num),$tptr	# %rdi was $tptr above
+	mov	$num,%rcx
+	movq	%xmm1,$rptr		# restore $rptr
+	neg	%rax
+	movq	%xmm1,$aptr		# prepare for back-to-back call
+	sar	\$3+2,%rcx
+	dec	%r12			# so that after 'not' we get -n[0]
+	xor	%r10,%r10
+	mov	8*1($nptr),%r13
+	mov	8*2($nptr),%r14
+	mov	8*3($nptr),%r15
+	jmp	.Lsqr4x_sub_entry
+
+.align	16
+.Lsqr4x_sub:
+	mov	8*0($nptr),%r12
+	mov	8*1($nptr),%r13
+	mov	8*2($nptr),%r14
+	mov	8*3($nptr),%r15
+.Lsqr4x_sub_entry:
+	lea	8*4($nptr),$nptr
+	not	%r12
+	not	%r13
+	not	%r14
+	not	%r15
+	and	%rax,%r12
+	and	%rax,%r13
+	and	%rax,%r14
+	and	%rax,%r15
+
+	neg	%r10			# mov %r10,%cf
+	adc	8*0($tptr),%r12
+	adc	8*1($tptr),%r13
+	adc	8*2($tptr),%r14
+	adc	8*3($tptr),%r15
+	mov	%r12,8*0($rptr)
+	lea	8*4($tptr),$tptr
+	mov	%r13,8*1($rptr)
+	sbb	%r10,%r10		# mov %cf,%r10
+	mov	%r14,8*2($rptr)
+	mov	%r15,8*3($rptr)
+	lea	8*4($rptr),$rptr
+
+	inc	%rcx			# pass %cf
+	jnz	.Lsqr4x_sub
+
+	mov	$num,%r10		# prepare for back-to-back call
+	neg	$num			# restore $num
+	ret
+.size	__bn_post4x_internal,.-__bn_post4x_internal
+___
+}
+{
+$code.=<<___;
+.globl	bn_from_montgomery
+.type	bn_from_montgomery,\@abi-omnipotent
+.align	32
+bn_from_montgomery:
+	testl	\$7,`($win64?"48(%rsp)":"%r9d")`
+	jz	bn_from_mont8x
+	xor	%eax,%eax
+	ret
+.size	bn_from_montgomery,.-bn_from_montgomery
+
+.type	bn_from_mont8x,\@function,6
+.align	32
+bn_from_mont8x:
+.cfi_startproc
+	.byte	0x67
+	mov	%rsp,%rax
+.cfi_def_cfa_register	%rax
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+.Lfrom_prologue:
+
+	shl	\$3,${num}d		# convert $num to bytes
+	lea	($num,$num,2),%r10	# 3*$num in bytes
+	neg	$num
+	mov	($n0),$n0		# *n0
+
+	##############################################################
+	# Ensure that stack frame doesn't alias with $rptr+3*$num
+	# modulo 4096, which covers ret[num], am[num] and n[num]
+	# (see bn_exp.c). The stack is allocated to aligned with
+	# bn_power5's frame, and as bn_from_montgomery happens to be
+	# last operation, we use the opportunity to cleanse it.
+	#
+	lea	-320(%rsp,$num,2),%r11
+	mov	%rsp,%rbp
+	sub	$rptr,%r11
+	and	\$4095,%r11
+	cmp	%r11,%r10
+	jb	.Lfrom_sp_alt
+	sub	%r11,%rbp		# align with $aptr
+	lea	-320(%rbp,$num,2),%rbp	# future alloca(frame+2*$num*8+256)
+	jmp	.Lfrom_sp_done
+
+.align	32
+.Lfrom_sp_alt:
+	lea	4096-320(,$num,2),%r10
+	lea	-320(%rbp,$num,2),%rbp	# future alloca(frame+2*$num*8+256)
+	sub	%r10,%r11
+	mov	\$0,%r10
+	cmovc	%r10,%r11
+	sub	%r11,%rbp
+.Lfrom_sp_done:
+	and	\$-64,%rbp
+	mov	%rsp,%r11
+	sub	%rbp,%r11
+	and	\$-4096,%r11
+	lea	(%rbp,%r11),%rsp
+	mov	(%rsp),%r10
+	cmp	%rbp,%rsp
+	ja	.Lfrom_page_walk
+	jmp	.Lfrom_page_walk_done
+
+.Lfrom_page_walk:
+	lea	-4096(%rsp),%rsp
+	mov	(%rsp),%r10
+	cmp	%rbp,%rsp
+	ja	.Lfrom_page_walk
+.Lfrom_page_walk_done:
+
+	mov	$num,%r10
+	neg	$num
+
+	##############################################################
+	# Stack layout
+	#
+	# +0	saved $num, used in reduction section
+	# +8	&t[2*$num], used in reduction section
+	# +32	saved *n0
+	# +40	saved %rsp
+	# +48	t[2*$num]
+	#
+	mov	$n0,  32(%rsp)
+	mov	%rax, 40(%rsp)		# save original %rsp
+.cfi_cfa_expression	%rsp+40,deref,+8
+.Lfrom_body:
+	mov	$num,%r11
+	lea	48(%rsp),%rax
+	pxor	%xmm0,%xmm0
+	jmp	.Lmul_by_1
+
+.align	32
+.Lmul_by_1:
+	movdqu	($aptr),%xmm1
+	movdqu	16($aptr),%xmm2
+	movdqu	32($aptr),%xmm3
+	movdqa	%xmm0,(%rax,$num)
+	movdqu	48($aptr),%xmm4
+	movdqa	%xmm0,16(%rax,$num)
+	.byte	0x48,0x8d,0xb6,0x40,0x00,0x00,0x00	# lea	64($aptr),$aptr
+	movdqa	%xmm1,(%rax)
+	movdqa	%xmm0,32(%rax,$num)
+	movdqa	%xmm2,16(%rax)
+	movdqa	%xmm0,48(%rax,$num)
+	movdqa	%xmm3,32(%rax)
+	movdqa	%xmm4,48(%rax)
+	lea	64(%rax),%rax
+	sub	\$64,%r11
+	jnz	.Lmul_by_1
+
+	movq	$rptr,%xmm1
+	movq	$nptr,%xmm2
+	.byte	0x67
+	mov	$nptr,%rbp
+	movq	%r10, %xmm3		# -num
+___
+$code.=<<___ if ($addx);
+	mov	OPENSSL_ia32cap_P+8(%rip),%r11d
+	and	\$0x80108,%r11d
+	cmp	\$0x80108,%r11d		# check for AD*X+BMI2+BMI1
+	jne	.Lfrom_mont_nox
+
+	lea	(%rax,$num),$rptr
+	call	__bn_sqrx8x_reduction
+	call	__bn_postx4x_internal
+
+	pxor	%xmm0,%xmm0
+	lea	48(%rsp),%rax
+	jmp	.Lfrom_mont_zero
+
+.align	32
+.Lfrom_mont_nox:
+___
+$code.=<<___;
+	call	__bn_sqr8x_reduction
+	call	__bn_post4x_internal
+
+	pxor	%xmm0,%xmm0
+	lea	48(%rsp),%rax
+	jmp	.Lfrom_mont_zero
+
+.align	32
+.Lfrom_mont_zero:
+	mov	40(%rsp),%rsi		# restore %rsp
+.cfi_def_cfa	%rsi,8
+	movdqa	%xmm0,16*0(%rax)
+	movdqa	%xmm0,16*1(%rax)
+	movdqa	%xmm0,16*2(%rax)
+	movdqa	%xmm0,16*3(%rax)
+	lea	16*4(%rax),%rax
+	sub	\$32,$num
+	jnz	.Lfrom_mont_zero
+
+	mov	\$1,%rax
+	mov	-48(%rsi),%r15
+.cfi_restore	%r15
+	mov	-40(%rsi),%r14
+.cfi_restore	%r14
+	mov	-32(%rsi),%r13
+.cfi_restore	%r13
+	mov	-24(%rsi),%r12
+.cfi_restore	%r12
+	mov	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lfrom_epilogue:
+	ret
+.cfi_endproc
+.size	bn_from_mont8x,.-bn_from_mont8x
+___
+}
+}}}
+
+if ($addx) {{{
+my $bp="%rdx";	# restore original value
+
+$code.=<<___;
+.type	bn_mulx4x_mont_gather5,\@function,6
+.align	32
+bn_mulx4x_mont_gather5:
+.cfi_startproc
+	mov	%rsp,%rax
+.cfi_def_cfa_register	%rax
+.Lmulx4x_enter:
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+.Lmulx4x_prologue:
+
+	shl	\$3,${num}d		# convert $num to bytes
+	lea	($num,$num,2),%r10	# 3*$num in bytes
+	neg	$num			# -$num
+	mov	($n0),$n0		# *n0
+
+	##############################################################
+	# Ensure that stack frame doesn't alias with $rptr+3*$num
+	# modulo 4096, which covers ret[num], am[num] and n[num]
+	# (see bn_exp.c). This is done to allow memory disambiguation
+	# logic do its magic. [Extra [num] is allocated in order
+	# to align with bn_power5's frame, which is cleansed after
+	# completing exponentiation. Extra 256 bytes is for power mask
+	# calculated from 7th argument, the index.]
+	#
+	lea	-320(%rsp,$num,2),%r11
+	mov	%rsp,%rbp
+	sub	$rp,%r11
+	and	\$4095,%r11
+	cmp	%r11,%r10
+	jb	.Lmulx4xsp_alt
+	sub	%r11,%rbp		# align with $aptr
+	lea	-320(%rbp,$num,2),%rbp	# future alloca(frame+2*$num*8+256)
+	jmp	.Lmulx4xsp_done
+
+.Lmulx4xsp_alt:
+	lea	4096-320(,$num,2),%r10
+	lea	-320(%rbp,$num,2),%rbp	# future alloca(frame+2*$num*8+256)
+	sub	%r10,%r11
+	mov	\$0,%r10
+	cmovc	%r10,%r11
+	sub	%r11,%rbp
+.Lmulx4xsp_done:
+	and	\$-64,%rbp		# ensure alignment
+	mov	%rsp,%r11
+	sub	%rbp,%r11
+	and	\$-4096,%r11
+	lea	(%rbp,%r11),%rsp
+	mov	(%rsp),%r10
+	cmp	%rbp,%rsp
+	ja	.Lmulx4x_page_walk
+	jmp	.Lmulx4x_page_walk_done
+
+.Lmulx4x_page_walk:
+	lea	-4096(%rsp),%rsp
+	mov	(%rsp),%r10
+	cmp	%rbp,%rsp
+	ja	.Lmulx4x_page_walk
+.Lmulx4x_page_walk_done:
+
+	##############################################################
+	# Stack layout
+	# +0	-num
+	# +8	off-loaded &b[i]
+	# +16	end of b[num]
+	# +24	inner counter
+	# +32	saved n0
+	# +40	saved %rsp
+	# +48
+	# +56	saved rp
+	# +64	tmp[num+1]
+	#
+	mov	$n0, 32(%rsp)		# save *n0
+	mov	%rax,40(%rsp)		# save original %rsp
+.cfi_cfa_expression	%rsp+40,deref,+8
+.Lmulx4x_body:
+	call	mulx4x_internal
+
+	mov	40(%rsp),%rsi		# restore %rsp
+.cfi_def_cfa	%rsi,8
+	mov	\$1,%rax
+
+	mov	-48(%rsi),%r15
+.cfi_restore	%r15
+	mov	-40(%rsi),%r14
+.cfi_restore	%r14
+	mov	-32(%rsi),%r13
+.cfi_restore	%r13
+	mov	-24(%rsi),%r12
+.cfi_restore	%r12
+	mov	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lmulx4x_epilogue:
+	ret
+.cfi_endproc
+.size	bn_mulx4x_mont_gather5,.-bn_mulx4x_mont_gather5
+
+.type	mulx4x_internal,\@abi-omnipotent
+.align	32
+mulx4x_internal:
+	mov	$num,8(%rsp)		# save -$num (it was in bytes)
+	mov	$num,%r10
+	neg	$num			# restore $num
+	shl	\$5,$num
+	neg	%r10			# restore $num
+	lea	128($bp,$num),%r13	# end of powers table (+size optimization)
+	shr	\$5+5,$num
+	movd	`($win64?56:8)`(%rax),%xmm5	# load 7th argument
+	sub	\$1,$num
+	lea	.Linc(%rip),%rax
+	mov	%r13,16+8(%rsp)		# end of b[num]
+	mov	$num,24+8(%rsp)		# inner counter
+	mov	$rp, 56+8(%rsp)		# save $rp
+___
+my ($aptr, $bptr, $nptr, $tptr, $mi,  $bi,  $zero, $num)=
+   ("%rsi","%rdi","%rcx","%rbx","%r8","%r9","%rbp","%rax");
+my $rptr=$bptr;
+my $STRIDE=2**5*8;		# 5 is "window size"
+my $N=$STRIDE/4;		# should match cache line size
+$code.=<<___;
+	movdqa	0(%rax),%xmm0		# 00000001000000010000000000000000
+	movdqa	16(%rax),%xmm1		# 00000002000000020000000200000002
+	lea	88-112(%rsp,%r10),%r10	# place the mask after tp[num+1] (+ICache optimization)
+	lea	128($bp),$bptr		# size optimization
+
+	pshufd	\$0,%xmm5,%xmm5		# broadcast index
+	movdqa	%xmm1,%xmm4
+	.byte	0x67
+	movdqa	%xmm1,%xmm2
+___
+########################################################################
+# calculate mask by comparing 0..31 to index and save result to stack
+#
+$code.=<<___;
+	.byte	0x67
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm5,%xmm0		# compare to 1,0
+	movdqa	%xmm4,%xmm3
+___
+for($i=0;$i<$STRIDE/16-4;$i+=4) {
+$code.=<<___;
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm5,%xmm1		# compare to 3,2
+	movdqa	%xmm0,`16*($i+0)+112`(%r10)
+	movdqa	%xmm4,%xmm0
+
+	paddd	%xmm2,%xmm3
+	pcmpeqd	%xmm5,%xmm2		# compare to 5,4
+	movdqa	%xmm1,`16*($i+1)+112`(%r10)
+	movdqa	%xmm4,%xmm1
+
+	paddd	%xmm3,%xmm0
+	pcmpeqd	%xmm5,%xmm3		# compare to 7,6
+	movdqa	%xmm2,`16*($i+2)+112`(%r10)
+	movdqa	%xmm4,%xmm2
+
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm5,%xmm0
+	movdqa	%xmm3,`16*($i+3)+112`(%r10)
+	movdqa	%xmm4,%xmm3
+___
+}
+$code.=<<___;				# last iteration can be optimized
+	.byte	0x67
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm5,%xmm1
+	movdqa	%xmm0,`16*($i+0)+112`(%r10)
+
+	paddd	%xmm2,%xmm3
+	pcmpeqd	%xmm5,%xmm2
+	movdqa	%xmm1,`16*($i+1)+112`(%r10)
+
+	pcmpeqd	%xmm5,%xmm3
+	movdqa	%xmm2,`16*($i+2)+112`(%r10)
+
+	pand	`16*($i+0)-128`($bptr),%xmm0	# while it's still in register
+	pand	`16*($i+1)-128`($bptr),%xmm1
+	pand	`16*($i+2)-128`($bptr),%xmm2
+	movdqa	%xmm3,`16*($i+3)+112`(%r10)
+	pand	`16*($i+3)-128`($bptr),%xmm3
+	por	%xmm2,%xmm0
+	por	%xmm3,%xmm1
+___
+for($i=0;$i<$STRIDE/16-4;$i+=4) {
+$code.=<<___;
+	movdqa	`16*($i+0)-128`($bptr),%xmm4
+	movdqa	`16*($i+1)-128`($bptr),%xmm5
+	movdqa	`16*($i+2)-128`($bptr),%xmm2
+	pand	`16*($i+0)+112`(%r10),%xmm4
+	movdqa	`16*($i+3)-128`($bptr),%xmm3
+	pand	`16*($i+1)+112`(%r10),%xmm5
+	por	%xmm4,%xmm0
+	pand	`16*($i+2)+112`(%r10),%xmm2
+	por	%xmm5,%xmm1
+	pand	`16*($i+3)+112`(%r10),%xmm3
+	por	%xmm2,%xmm0
+	por	%xmm3,%xmm1
+___
+}
+$code.=<<___;
+	pxor	%xmm1,%xmm0
+	pshufd	\$0x4e,%xmm0,%xmm1
+	por	%xmm1,%xmm0
+	lea	$STRIDE($bptr),$bptr
+	movq	%xmm0,%rdx		# bp[0]
+	lea	64+8*4+8(%rsp),$tptr
+
+	mov	%rdx,$bi
+	mulx	0*8($aptr),$mi,%rax	# a[0]*b[0]
+	mulx	1*8($aptr),%r11,%r12	# a[1]*b[0]
+	add	%rax,%r11
+	mulx	2*8($aptr),%rax,%r13	# ...
+	adc	%rax,%r12
+	adc	\$0,%r13
+	mulx	3*8($aptr),%rax,%r14
+
+	mov	$mi,%r15
+	imulq	32+8(%rsp),$mi		# "t[0]"*n0
+	xor	$zero,$zero		# cf=0, of=0
+	mov	$mi,%rdx
+
+	mov	$bptr,8+8(%rsp)		# off-load &b[i]
+
+	lea	4*8($aptr),$aptr
+	adcx	%rax,%r13
+	adcx	$zero,%r14		# cf=0
+
+	mulx	0*8($nptr),%rax,%r10
+	adcx	%rax,%r15		# discarded
+	adox	%r11,%r10
+	mulx	1*8($nptr),%rax,%r11
+	adcx	%rax,%r10
+	adox	%r12,%r11
+	mulx	2*8($nptr),%rax,%r12
+	mov	24+8(%rsp),$bptr	# counter value
+	mov	%r10,-8*4($tptr)
+	adcx	%rax,%r11
+	adox	%r13,%r12
+	mulx	3*8($nptr),%rax,%r15
+	 mov	$bi,%rdx
+	mov	%r11,-8*3($tptr)
+	adcx	%rax,%r12
+	adox	$zero,%r15		# of=0
+	lea	4*8($nptr),$nptr
+	mov	%r12,-8*2($tptr)
+	jmp	.Lmulx4x_1st
+
+.align	32
+.Lmulx4x_1st:
+	adcx	$zero,%r15		# cf=0, modulo-scheduled
+	mulx	0*8($aptr),%r10,%rax	# a[4]*b[0]
+	adcx	%r14,%r10
+	mulx	1*8($aptr),%r11,%r14	# a[5]*b[0]
+	adcx	%rax,%r11
+	mulx	2*8($aptr),%r12,%rax	# ...
+	adcx	%r14,%r12
+	mulx	3*8($aptr),%r13,%r14
+	 .byte	0x67,0x67
+	 mov	$mi,%rdx
+	adcx	%rax,%r13
+	adcx	$zero,%r14		# cf=0
+	lea	4*8($aptr),$aptr
+	lea	4*8($tptr),$tptr
+
+	adox	%r15,%r10
+	mulx	0*8($nptr),%rax,%r15
+	adcx	%rax,%r10
+	adox	%r15,%r11
+	mulx	1*8($nptr),%rax,%r15
+	adcx	%rax,%r11
+	adox	%r15,%r12
+	mulx	2*8($nptr),%rax,%r15
+	mov	%r10,-5*8($tptr)
+	adcx	%rax,%r12
+	mov	%r11,-4*8($tptr)
+	adox	%r15,%r13
+	mulx	3*8($nptr),%rax,%r15
+	 mov	$bi,%rdx
+	mov	%r12,-3*8($tptr)
+	adcx	%rax,%r13
+	adox	$zero,%r15
+	lea	4*8($nptr),$nptr
+	mov	%r13,-2*8($tptr)
+
+	dec	$bptr			# of=0, pass cf
+	jnz	.Lmulx4x_1st
+
+	mov	8(%rsp),$num		# load -num
+	adc	$zero,%r15		# modulo-scheduled
+	lea	($aptr,$num),$aptr	# rewind $aptr
+	add	%r15,%r14
+	mov	8+8(%rsp),$bptr		# re-load &b[i]
+	adc	$zero,$zero		# top-most carry
+	mov	%r14,-1*8($tptr)
+	jmp	.Lmulx4x_outer
+
+.align	32
+.Lmulx4x_outer:
+	lea	16-256($tptr),%r10	# where 256-byte mask is (+density control)
+	pxor	%xmm4,%xmm4
+	.byte	0x67,0x67
+	pxor	%xmm5,%xmm5
+___
+for($i=0;$i<$STRIDE/16;$i+=4) {
+$code.=<<___;
+	movdqa	`16*($i+0)-128`($bptr),%xmm0
+	movdqa	`16*($i+1)-128`($bptr),%xmm1
+	movdqa	`16*($i+2)-128`($bptr),%xmm2
+	pand	`16*($i+0)+256`(%r10),%xmm0
+	movdqa	`16*($i+3)-128`($bptr),%xmm3
+	pand	`16*($i+1)+256`(%r10),%xmm1
+	por	%xmm0,%xmm4
+	pand	`16*($i+2)+256`(%r10),%xmm2
+	por	%xmm1,%xmm5
+	pand	`16*($i+3)+256`(%r10),%xmm3
+	por	%xmm2,%xmm4
+	por	%xmm3,%xmm5
+___
+}
+$code.=<<___;
+	por	%xmm5,%xmm4
+	pshufd	\$0x4e,%xmm4,%xmm0
+	por	%xmm4,%xmm0
+	lea	$STRIDE($bptr),$bptr
+	movq	%xmm0,%rdx		# m0=bp[i]
+
+	mov	$zero,($tptr)		# save top-most carry
+	lea	4*8($tptr,$num),$tptr	# rewind $tptr
+	mulx	0*8($aptr),$mi,%r11	# a[0]*b[i]
+	xor	$zero,$zero		# cf=0, of=0
+	mov	%rdx,$bi
+	mulx	1*8($aptr),%r14,%r12	# a[1]*b[i]
+	adox	-4*8($tptr),$mi		# +t[0]
+	adcx	%r14,%r11
+	mulx	2*8($aptr),%r15,%r13	# ...
+	adox	-3*8($tptr),%r11
+	adcx	%r15,%r12
+	mulx	3*8($aptr),%rdx,%r14
+	adox	-2*8($tptr),%r12
+	adcx	%rdx,%r13
+	lea	($nptr,$num),$nptr	# rewind $nptr
+	lea	4*8($aptr),$aptr
+	adox	-1*8($tptr),%r13
+	adcx	$zero,%r14
+	adox	$zero,%r14
+
+	mov	$mi,%r15
+	imulq	32+8(%rsp),$mi		# "t[0]"*n0
+
+	mov	$mi,%rdx
+	xor	$zero,$zero		# cf=0, of=0
+	mov	$bptr,8+8(%rsp)		# off-load &b[i]
+
+	mulx	0*8($nptr),%rax,%r10
+	adcx	%rax,%r15		# discarded
+	adox	%r11,%r10
+	mulx	1*8($nptr),%rax,%r11
+	adcx	%rax,%r10
+	adox	%r12,%r11
+	mulx	2*8($nptr),%rax,%r12
+	adcx	%rax,%r11
+	adox	%r13,%r12
+	mulx	3*8($nptr),%rax,%r15
+	 mov	$bi,%rdx
+	mov	24+8(%rsp),$bptr	# counter value
+	mov	%r10,-8*4($tptr)
+	adcx	%rax,%r12
+	mov	%r11,-8*3($tptr)
+	adox	$zero,%r15		# of=0
+	mov	%r12,-8*2($tptr)
+	lea	4*8($nptr),$nptr
+	jmp	.Lmulx4x_inner
+
+.align	32
+.Lmulx4x_inner:
+	mulx	0*8($aptr),%r10,%rax	# a[4]*b[i]
+	adcx	$zero,%r15		# cf=0, modulo-scheduled
+	adox	%r14,%r10
+	mulx	1*8($aptr),%r11,%r14	# a[5]*b[i]
+	adcx	0*8($tptr),%r10
+	adox	%rax,%r11
+	mulx	2*8($aptr),%r12,%rax	# ...
+	adcx	1*8($tptr),%r11
+	adox	%r14,%r12
+	mulx	3*8($aptr),%r13,%r14
+	 mov	$mi,%rdx
+	adcx	2*8($tptr),%r12
+	adox	%rax,%r13
+	adcx	3*8($tptr),%r13
+	adox	$zero,%r14		# of=0
+	lea	4*8($aptr),$aptr
+	lea	4*8($tptr),$tptr
+	adcx	$zero,%r14		# cf=0
+
+	adox	%r15,%r10
+	mulx	0*8($nptr),%rax,%r15
+	adcx	%rax,%r10
+	adox	%r15,%r11
+	mulx	1*8($nptr),%rax,%r15
+	adcx	%rax,%r11
+	adox	%r15,%r12
+	mulx	2*8($nptr),%rax,%r15
+	mov	%r10,-5*8($tptr)
+	adcx	%rax,%r12
+	adox	%r15,%r13
+	mov	%r11,-4*8($tptr)
+	mulx	3*8($nptr),%rax,%r15
+	 mov	$bi,%rdx
+	lea	4*8($nptr),$nptr
+	mov	%r12,-3*8($tptr)
+	adcx	%rax,%r13
+	adox	$zero,%r15
+	mov	%r13,-2*8($tptr)
+
+	dec	$bptr			# of=0, pass cf
+	jnz	.Lmulx4x_inner
+
+	mov	0+8(%rsp),$num		# load -num
+	adc	$zero,%r15		# modulo-scheduled
+	sub	0*8($tptr),$bptr	# pull top-most carry to %cf
+	mov	8+8(%rsp),$bptr		# re-load &b[i]
+	mov	16+8(%rsp),%r10
+	adc	%r15,%r14
+	lea	($aptr,$num),$aptr	# rewind $aptr
+	adc	$zero,$zero		# top-most carry
+	mov	%r14,-1*8($tptr)
+
+	cmp	%r10,$bptr
+	jb	.Lmulx4x_outer
+
+	mov	-8($nptr),%r10
+	mov	$zero,%r8
+	mov	($nptr,$num),%r12
+	lea	($nptr,$num),%rbp	# rewind $nptr
+	mov	$num,%rcx
+	lea	($tptr,$num),%rdi	# rewind $tptr
+	xor	%eax,%eax
+	xor	%r15,%r15
+	sub	%r14,%r10		# compare top-most words
+	adc	%r15,%r15
+	or	%r15,%r8
+	sar	\$3+2,%rcx
+	sub	%r8,%rax		# %rax=-%r8
+	mov	56+8(%rsp),%rdx		# restore rp
+	dec	%r12			# so that after 'not' we get -n[0]
+	mov	8*1(%rbp),%r13
+	xor	%r8,%r8
+	mov	8*2(%rbp),%r14
+	mov	8*3(%rbp),%r15
+	jmp	.Lsqrx4x_sub_entry	# common post-condition
+.size	mulx4x_internal,.-mulx4x_internal
+___
+}{
+######################################################################
+# void bn_power5(
+my $rptr="%rdi";	# BN_ULONG *rptr,
+my $aptr="%rsi";	# const BN_ULONG *aptr,
+my $bptr="%rdx";	# const void *table,
+my $nptr="%rcx";	# const BN_ULONG *nptr,
+my $n0  ="%r8";		# const BN_ULONG *n0);
+my $num ="%r9";		# int num, has to be divisible by 8
+			# int pwr);
+
+my ($i,$j,$tptr)=("%rbp","%rcx",$rptr);
+my @A0=("%r10","%r11");
+my @A1=("%r12","%r13");
+my ($a0,$a1,$ai)=("%r14","%r15","%rbx");
+
+$code.=<<___;
+.type	bn_powerx5,\@function,6
+.align	32
+bn_powerx5:
+.cfi_startproc
+	mov	%rsp,%rax
+.cfi_def_cfa_register	%rax
+.Lpowerx5_enter:
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+.Lpowerx5_prologue:
+
+	shl	\$3,${num}d		# convert $num to bytes
+	lea	($num,$num,2),%r10	# 3*$num in bytes
+	neg	$num
+	mov	($n0),$n0		# *n0
+
+	##############################################################
+	# Ensure that stack frame doesn't alias with $rptr+3*$num
+	# modulo 4096, which covers ret[num], am[num] and n[num]
+	# (see bn_exp.c). This is done to allow memory disambiguation
+	# logic do its magic. [Extra 256 bytes is for power mask
+	# calculated from 7th argument, the index.]
+	#
+	lea	-320(%rsp,$num,2),%r11
+	mov	%rsp,%rbp
+	sub	$rptr,%r11
+	and	\$4095,%r11
+	cmp	%r11,%r10
+	jb	.Lpwrx_sp_alt
+	sub	%r11,%rbp		# align with $aptr
+	lea	-320(%rbp,$num,2),%rbp	# future alloca(frame+2*$num*8+256)
+	jmp	.Lpwrx_sp_done
+
+.align	32
+.Lpwrx_sp_alt:
+	lea	4096-320(,$num,2),%r10
+	lea	-320(%rbp,$num,2),%rbp	# alloca(frame+2*$num*8+256)
+	sub	%r10,%r11
+	mov	\$0,%r10
+	cmovc	%r10,%r11
+	sub	%r11,%rbp
+.Lpwrx_sp_done:
+	and	\$-64,%rbp
+	mov	%rsp,%r11
+	sub	%rbp,%r11
+	and	\$-4096,%r11
+	lea	(%rbp,%r11),%rsp
+	mov	(%rsp),%r10
+	cmp	%rbp,%rsp
+	ja	.Lpwrx_page_walk
+	jmp	.Lpwrx_page_walk_done
+
+.Lpwrx_page_walk:
+	lea	-4096(%rsp),%rsp
+	mov	(%rsp),%r10
+	cmp	%rbp,%rsp
+	ja	.Lpwrx_page_walk
+.Lpwrx_page_walk_done:
+
+	mov	$num,%r10
+	neg	$num
+
+	##############################################################
+	# Stack layout
+	#
+	# +0	saved $num, used in reduction section
+	# +8	&t[2*$num], used in reduction section
+	# +16	intermediate carry bit
+	# +24	top-most carry bit, used in reduction section
+	# +32	saved *n0
+	# +40	saved %rsp
+	# +48	t[2*$num]
+	#
+	pxor	%xmm0,%xmm0
+	movq	$rptr,%xmm1		# save $rptr
+	movq	$nptr,%xmm2		# save $nptr
+	movq	%r10, %xmm3		# -$num
+	movq	$bptr,%xmm4
+	mov	$n0,  32(%rsp)
+	mov	%rax, 40(%rsp)		# save original %rsp
+.cfi_cfa_expression	%rsp+40,deref,+8
+.Lpowerx5_body:
+
+	call	__bn_sqrx8x_internal
+	call	__bn_postx4x_internal
+	call	__bn_sqrx8x_internal
+	call	__bn_postx4x_internal
+	call	__bn_sqrx8x_internal
+	call	__bn_postx4x_internal
+	call	__bn_sqrx8x_internal
+	call	__bn_postx4x_internal
+	call	__bn_sqrx8x_internal
+	call	__bn_postx4x_internal
+
+	mov	%r10,$num		# -num
+	mov	$aptr,$rptr
+	movq	%xmm2,$nptr
+	movq	%xmm4,$bptr
+	mov	40(%rsp),%rax
+
+	call	mulx4x_internal
+
+	mov	40(%rsp),%rsi		# restore %rsp
+.cfi_def_cfa	%rsi,8
+	mov	\$1,%rax
+
+	mov	-48(%rsi),%r15
+.cfi_restore	%r15
+	mov	-40(%rsi),%r14
+.cfi_restore	%r14
+	mov	-32(%rsi),%r13
+.cfi_restore	%r13
+	mov	-24(%rsi),%r12
+.cfi_restore	%r12
+	mov	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lpowerx5_epilogue:
+	ret
+.cfi_endproc
+.size	bn_powerx5,.-bn_powerx5
+
+.globl	bn_sqrx8x_internal
+.hidden	bn_sqrx8x_internal
+.type	bn_sqrx8x_internal,\@abi-omnipotent
+.align	32
+bn_sqrx8x_internal:
+__bn_sqrx8x_internal:
+.cfi_startproc
+	##################################################################
+	# Squaring part:
+	#
+	# a) multiply-n-add everything but a[i]*a[i];
+	# b) shift result of a) by 1 to the left and accumulate
+	#    a[i]*a[i] products;
+	#
+	##################################################################
+	# a[7]a[7]a[6]a[6]a[5]a[5]a[4]a[4]a[3]a[3]a[2]a[2]a[1]a[1]a[0]a[0]
+	#                                                     a[1]a[0]
+	#                                                 a[2]a[0]
+	#                                             a[3]a[0]
+	#                                             a[2]a[1]
+	#                                         a[3]a[1]
+	#                                     a[3]a[2]
+	#
+	#                                         a[4]a[0]
+	#                                     a[5]a[0]
+	#                                 a[6]a[0]
+	#                             a[7]a[0]
+	#                                     a[4]a[1]
+	#                                 a[5]a[1]
+	#                             a[6]a[1]
+	#                         a[7]a[1]
+	#                                 a[4]a[2]
+	#                             a[5]a[2]
+	#                         a[6]a[2]
+	#                     a[7]a[2]
+	#                             a[4]a[3]
+	#                         a[5]a[3]
+	#                     a[6]a[3]
+	#                 a[7]a[3]
+	#
+	#                     a[5]a[4]
+	#                 a[6]a[4]
+	#             a[7]a[4]
+	#             a[6]a[5]
+	#         a[7]a[5]
+	#     a[7]a[6]
+	# a[7]a[7]a[6]a[6]a[5]a[5]a[4]a[4]a[3]a[3]a[2]a[2]a[1]a[1]a[0]a[0]
+___
+{
+my ($zero,$carry)=("%rbp","%rcx");
+my $aaptr=$zero;
+$code.=<<___;
+	lea	48+8(%rsp),$tptr
+	lea	($aptr,$num),$aaptr
+	mov	$num,0+8(%rsp)			# save $num
+	mov	$aaptr,8+8(%rsp)		# save end of $aptr
+	jmp	.Lsqr8x_zero_start
+
+.align	32
+.byte	0x66,0x66,0x66,0x2e,0x0f,0x1f,0x84,0x00,0x00,0x00,0x00,0x00
+.Lsqrx8x_zero:
+	.byte	0x3e
+	movdqa	%xmm0,0*8($tptr)
+	movdqa	%xmm0,2*8($tptr)
+	movdqa	%xmm0,4*8($tptr)
+	movdqa	%xmm0,6*8($tptr)
+.Lsqr8x_zero_start:			# aligned at 32
+	movdqa	%xmm0,8*8($tptr)
+	movdqa	%xmm0,10*8($tptr)
+	movdqa	%xmm0,12*8($tptr)
+	movdqa	%xmm0,14*8($tptr)
+	lea	16*8($tptr),$tptr
+	sub	\$64,$num
+	jnz	.Lsqrx8x_zero
+
+	mov	0*8($aptr),%rdx		# a[0], modulo-scheduled
+	#xor	%r9,%r9			# t[1], ex-$num, zero already
+	xor	%r10,%r10
+	xor	%r11,%r11
+	xor	%r12,%r12
+	xor	%r13,%r13
+	xor	%r14,%r14
+	xor	%r15,%r15
+	lea	48+8(%rsp),$tptr
+	xor	$zero,$zero		# cf=0, cf=0
+	jmp	.Lsqrx8x_outer_loop
+
+.align	32
+.Lsqrx8x_outer_loop:
+	mulx	1*8($aptr),%r8,%rax	# a[1]*a[0]
+	adcx	%r9,%r8			# a[1]*a[0]+=t[1]
+	adox	%rax,%r10
+	mulx	2*8($aptr),%r9,%rax	# a[2]*a[0]
+	adcx	%r10,%r9
+	adox	%rax,%r11
+	.byte	0xc4,0xe2,0xab,0xf6,0x86,0x18,0x00,0x00,0x00	# mulx	3*8($aptr),%r10,%rax	# ...
+	adcx	%r11,%r10
+	adox	%rax,%r12
+	.byte	0xc4,0xe2,0xa3,0xf6,0x86,0x20,0x00,0x00,0x00	# mulx	4*8($aptr),%r11,%rax
+	adcx	%r12,%r11
+	adox	%rax,%r13
+	mulx	5*8($aptr),%r12,%rax
+	adcx	%r13,%r12
+	adox	%rax,%r14
+	mulx	6*8($aptr),%r13,%rax
+	adcx	%r14,%r13
+	adox	%r15,%rax
+	mulx	7*8($aptr),%r14,%r15
+	 mov	1*8($aptr),%rdx		# a[1]
+	adcx	%rax,%r14
+	adox	$zero,%r15
+	adc	8*8($tptr),%r15
+	mov	%r8,1*8($tptr)		# t[1]
+	mov	%r9,2*8($tptr)		# t[2]
+	sbb	$carry,$carry		# mov %cf,$carry
+	xor	$zero,$zero		# cf=0, of=0
+
+
+	mulx	2*8($aptr),%r8,%rbx	# a[2]*a[1]
+	mulx	3*8($aptr),%r9,%rax	# a[3]*a[1]
+	adcx	%r10,%r8
+	adox	%rbx,%r9
+	mulx	4*8($aptr),%r10,%rbx	# ...
+	adcx	%r11,%r9
+	adox	%rax,%r10
+	.byte	0xc4,0xe2,0xa3,0xf6,0x86,0x28,0x00,0x00,0x00	# mulx	5*8($aptr),%r11,%rax
+	adcx	%r12,%r10
+	adox	%rbx,%r11
+	.byte	0xc4,0xe2,0x9b,0xf6,0x9e,0x30,0x00,0x00,0x00	# mulx	6*8($aptr),%r12,%rbx
+	adcx	%r13,%r11
+	adox	%r14,%r12
+	.byte	0xc4,0x62,0x93,0xf6,0xb6,0x38,0x00,0x00,0x00	# mulx	7*8($aptr),%r13,%r14
+	 mov	2*8($aptr),%rdx		# a[2]
+	adcx	%rax,%r12
+	adox	%rbx,%r13
+	adcx	%r15,%r13
+	adox	$zero,%r14		# of=0
+	adcx	$zero,%r14		# cf=0
+
+	mov	%r8,3*8($tptr)		# t[3]
+	mov	%r9,4*8($tptr)		# t[4]
+
+	mulx	3*8($aptr),%r8,%rbx	# a[3]*a[2]
+	mulx	4*8($aptr),%r9,%rax	# a[4]*a[2]
+	adcx	%r10,%r8
+	adox	%rbx,%r9
+	mulx	5*8($aptr),%r10,%rbx	# ...
+	adcx	%r11,%r9
+	adox	%rax,%r10
+	.byte	0xc4,0xe2,0xa3,0xf6,0x86,0x30,0x00,0x00,0x00	# mulx	6*8($aptr),%r11,%rax
+	adcx	%r12,%r10
+	adox	%r13,%r11
+	.byte	0xc4,0x62,0x9b,0xf6,0xae,0x38,0x00,0x00,0x00	# mulx	7*8($aptr),%r12,%r13
+	.byte	0x3e
+	 mov	3*8($aptr),%rdx		# a[3]
+	adcx	%rbx,%r11
+	adox	%rax,%r12
+	adcx	%r14,%r12
+	mov	%r8,5*8($tptr)		# t[5]
+	mov	%r9,6*8($tptr)		# t[6]
+	 mulx	4*8($aptr),%r8,%rax	# a[4]*a[3]
+	adox	$zero,%r13		# of=0
+	adcx	$zero,%r13		# cf=0
+
+	mulx	5*8($aptr),%r9,%rbx	# a[5]*a[3]
+	adcx	%r10,%r8
+	adox	%rax,%r9
+	mulx	6*8($aptr),%r10,%rax	# ...
+	adcx	%r11,%r9
+	adox	%r12,%r10
+	mulx	7*8($aptr),%r11,%r12
+	 mov	4*8($aptr),%rdx		# a[4]
+	 mov	5*8($aptr),%r14		# a[5]
+	adcx	%rbx,%r10
+	adox	%rax,%r11
+	 mov	6*8($aptr),%r15		# a[6]
+	adcx	%r13,%r11
+	adox	$zero,%r12		# of=0
+	adcx	$zero,%r12		# cf=0
+
+	mov	%r8,7*8($tptr)		# t[7]
+	mov	%r9,8*8($tptr)		# t[8]
+
+	mulx	%r14,%r9,%rax		# a[5]*a[4]
+	 mov	7*8($aptr),%r8		# a[7]
+	adcx	%r10,%r9
+	mulx	%r15,%r10,%rbx		# a[6]*a[4]
+	adox	%rax,%r10
+	adcx	%r11,%r10
+	mulx	%r8,%r11,%rax		# a[7]*a[4]
+	 mov	%r14,%rdx		# a[5]
+	adox	%rbx,%r11
+	adcx	%r12,%r11
+	#adox	$zero,%rax		# of=0
+	adcx	$zero,%rax		# cf=0
+
+	mulx	%r15,%r14,%rbx		# a[6]*a[5]
+	mulx	%r8,%r12,%r13		# a[7]*a[5]
+	 mov	%r15,%rdx		# a[6]
+	 lea	8*8($aptr),$aptr
+	adcx	%r14,%r11
+	adox	%rbx,%r12
+	adcx	%rax,%r12
+	adox	$zero,%r13
+
+	.byte	0x67,0x67
+	mulx	%r8,%r8,%r14		# a[7]*a[6]
+	adcx	%r8,%r13
+	adcx	$zero,%r14
+
+	cmp	8+8(%rsp),$aptr
+	je	.Lsqrx8x_outer_break
+
+	neg	$carry			# mov $carry,%cf
+	mov	\$-8,%rcx
+	mov	$zero,%r15
+	mov	8*8($tptr),%r8
+	adcx	9*8($tptr),%r9		# +=t[9]
+	adcx	10*8($tptr),%r10	# ...
+	adcx	11*8($tptr),%r11
+	adc	12*8($tptr),%r12
+	adc	13*8($tptr),%r13
+	adc	14*8($tptr),%r14
+	adc	15*8($tptr),%r15
+	lea	($aptr),$aaptr
+	lea	2*64($tptr),$tptr
+	sbb	%rax,%rax		# mov %cf,$carry
+
+	mov	-64($aptr),%rdx		# a[0]
+	mov	%rax,16+8(%rsp)		# offload $carry
+	mov	$tptr,24+8(%rsp)
+
+	#lea	8*8($tptr),$tptr	# see 2*8*8($tptr) above
+	xor	%eax,%eax		# cf=0, of=0
+	jmp	.Lsqrx8x_loop
+
+.align	32
+.Lsqrx8x_loop:
+	mov	%r8,%rbx
+	mulx	0*8($aaptr),%rax,%r8	# a[8]*a[i]
+	adcx	%rax,%rbx		# +=t[8]
+	adox	%r9,%r8
+
+	mulx	1*8($aaptr),%rax,%r9	# ...
+	adcx	%rax,%r8
+	adox	%r10,%r9
+
+	mulx	2*8($aaptr),%rax,%r10
+	adcx	%rax,%r9
+	adox	%r11,%r10
+
+	mulx	3*8($aaptr),%rax,%r11
+	adcx	%rax,%r10
+	adox	%r12,%r11
+
+	.byte	0xc4,0x62,0xfb,0xf6,0xa5,0x20,0x00,0x00,0x00	# mulx	4*8($aaptr),%rax,%r12
+	adcx	%rax,%r11
+	adox	%r13,%r12
+
+	mulx	5*8($aaptr),%rax,%r13
+	adcx	%rax,%r12
+	adox	%r14,%r13
+
+	mulx	6*8($aaptr),%rax,%r14
+	 mov	%rbx,($tptr,%rcx,8)	# store t[8+i]
+	 mov	\$0,%ebx
+	adcx	%rax,%r13
+	adox	%r15,%r14
+
+	.byte	0xc4,0x62,0xfb,0xf6,0xbd,0x38,0x00,0x00,0x00	# mulx	7*8($aaptr),%rax,%r15
+	 mov	8($aptr,%rcx,8),%rdx	# a[i]
+	adcx	%rax,%r14
+	adox	%rbx,%r15		# %rbx is 0, of=0
+	adcx	%rbx,%r15		# cf=0
+
+	.byte	0x67
+	inc	%rcx			# of=0
+	jnz	.Lsqrx8x_loop
+
+	lea	8*8($aaptr),$aaptr
+	mov	\$-8,%rcx
+	cmp	8+8(%rsp),$aaptr	# done?
+	je	.Lsqrx8x_break
+
+	sub	16+8(%rsp),%rbx		# mov 16(%rsp),%cf
+	.byte	0x66
+	mov	-64($aptr),%rdx
+	adcx	0*8($tptr),%r8
+	adcx	1*8($tptr),%r9
+	adc	2*8($tptr),%r10
+	adc	3*8($tptr),%r11
+	adc	4*8($tptr),%r12
+	adc	5*8($tptr),%r13
+	adc	6*8($tptr),%r14
+	adc	7*8($tptr),%r15
+	lea	8*8($tptr),$tptr
+	.byte	0x67
+	sbb	%rax,%rax		# mov %cf,%rax
+	xor	%ebx,%ebx		# cf=0, of=0
+	mov	%rax,16+8(%rsp)		# offload carry
+	jmp	.Lsqrx8x_loop
+
+.align	32
+.Lsqrx8x_break:
+	xor	$zero,$zero
+	sub	16+8(%rsp),%rbx		# mov 16(%rsp),%cf
+	adcx	$zero,%r8
+	mov	24+8(%rsp),$carry	# initial $tptr, borrow $carry
+	adcx	$zero,%r9
+	mov	0*8($aptr),%rdx		# a[8], modulo-scheduled
+	adc	\$0,%r10
+	mov	%r8,0*8($tptr)
+	adc	\$0,%r11
+	adc	\$0,%r12
+	adc	\$0,%r13
+	adc	\$0,%r14
+	adc	\$0,%r15
+	cmp	$carry,$tptr		# cf=0, of=0
+	je	.Lsqrx8x_outer_loop
+
+	mov	%r9,1*8($tptr)
+	 mov	1*8($carry),%r9
+	mov	%r10,2*8($tptr)
+	 mov	2*8($carry),%r10
+	mov	%r11,3*8($tptr)
+	 mov	3*8($carry),%r11
+	mov	%r12,4*8($tptr)
+	 mov	4*8($carry),%r12
+	mov	%r13,5*8($tptr)
+	 mov	5*8($carry),%r13
+	mov	%r14,6*8($tptr)
+	 mov	6*8($carry),%r14
+	mov	%r15,7*8($tptr)
+	 mov	7*8($carry),%r15
+	mov	$carry,$tptr
+	jmp	.Lsqrx8x_outer_loop
+
+.align	32
+.Lsqrx8x_outer_break:
+	mov	%r9,9*8($tptr)		# t[9]
+	 movq	%xmm3,%rcx		# -$num
+	mov	%r10,10*8($tptr)	# ...
+	mov	%r11,11*8($tptr)
+	mov	%r12,12*8($tptr)
+	mov	%r13,13*8($tptr)
+	mov	%r14,14*8($tptr)
+___
+}{
+my $i="%rcx";
+$code.=<<___;
+	lea	48+8(%rsp),$tptr
+	mov	($aptr,$i),%rdx		# a[0]
+
+	mov	8($tptr),$A0[1]		# t[1]
+	xor	$A0[0],$A0[0]		# t[0], of=0, cf=0
+	mov	0+8(%rsp),$num		# restore $num
+	adox	$A0[1],$A0[1]
+	 mov	16($tptr),$A1[0]	# t[2]	# prefetch
+	 mov	24($tptr),$A1[1]	# t[3]	# prefetch
+	#jmp	.Lsqrx4x_shift_n_add	# happens to be aligned
+
+.align	32
+.Lsqrx4x_shift_n_add:
+	mulx	%rdx,%rax,%rbx
+	 adox	$A1[0],$A1[0]
+	adcx	$A0[0],%rax
+	 .byte	0x48,0x8b,0x94,0x0e,0x08,0x00,0x00,0x00	# mov	8($aptr,$i),%rdx	# a[i+1]	# prefetch
+	 .byte	0x4c,0x8b,0x97,0x20,0x00,0x00,0x00	# mov	32($tptr),$A0[0]	# t[2*i+4]	# prefetch
+	 adox	$A1[1],$A1[1]
+	adcx	$A0[1],%rbx
+	 mov	40($tptr),$A0[1]		# t[2*i+4+1]	# prefetch
+	mov	%rax,0($tptr)
+	mov	%rbx,8($tptr)
+
+	mulx	%rdx,%rax,%rbx
+	 adox	$A0[0],$A0[0]
+	adcx	$A1[0],%rax
+	 mov	16($aptr,$i),%rdx	# a[i+2]	# prefetch
+	 mov	48($tptr),$A1[0]	# t[2*i+6]	# prefetch
+	 adox	$A0[1],$A0[1]
+	adcx	$A1[1],%rbx
+	 mov	56($tptr),$A1[1]	# t[2*i+6+1]	# prefetch
+	mov	%rax,16($tptr)
+	mov	%rbx,24($tptr)
+
+	mulx	%rdx,%rax,%rbx
+	 adox	$A1[0],$A1[0]
+	adcx	$A0[0],%rax
+	 mov	24($aptr,$i),%rdx	# a[i+3]	# prefetch
+	 lea	32($i),$i
+	 mov	64($tptr),$A0[0]	# t[2*i+8]	# prefetch
+	 adox	$A1[1],$A1[1]
+	adcx	$A0[1],%rbx
+	 mov	72($tptr),$A0[1]	# t[2*i+8+1]	# prefetch
+	mov	%rax,32($tptr)
+	mov	%rbx,40($tptr)
+
+	mulx	%rdx,%rax,%rbx
+	 adox	$A0[0],$A0[0]
+	adcx	$A1[0],%rax
+	jrcxz	.Lsqrx4x_shift_n_add_break
+	 .byte	0x48,0x8b,0x94,0x0e,0x00,0x00,0x00,0x00	# mov	0($aptr,$i),%rdx	# a[i+4]	# prefetch
+	 adox	$A0[1],$A0[1]
+	adcx	$A1[1],%rbx
+	 mov	80($tptr),$A1[0]	# t[2*i+10]	# prefetch
+	 mov	88($tptr),$A1[1]	# t[2*i+10+1]	# prefetch
+	mov	%rax,48($tptr)
+	mov	%rbx,56($tptr)
+	lea	64($tptr),$tptr
+	nop
+	jmp	.Lsqrx4x_shift_n_add
+
+.align	32
+.Lsqrx4x_shift_n_add_break:
+	adcx	$A1[1],%rbx
+	mov	%rax,48($tptr)
+	mov	%rbx,56($tptr)
+	lea	64($tptr),$tptr		# end of t[] buffer
+___
+}
+######################################################################
+# Montgomery reduction part, "word-by-word" algorithm.
+#
+# This new path is inspired by multiple submissions from Intel, by
+# Shay Gueron, Vlad Krasnov, Erdinc Ozturk, James Guilford,
+# Vinodh Gopal...
+{
+my ($nptr,$carry,$m0)=("%rbp","%rsi","%rdx");
+
+$code.=<<___;
+	movq	%xmm2,$nptr
+__bn_sqrx8x_reduction:
+	xor	%eax,%eax		# initial top-most carry bit
+	mov	32+8(%rsp),%rbx		# n0
+	mov	48+8(%rsp),%rdx		# "%r8", 8*0($tptr)
+	lea	-8*8($nptr,$num),%rcx	# end of n[]
+	#lea	48+8(%rsp,$num,2),$tptr	# end of t[] buffer
+	mov	%rcx, 0+8(%rsp)		# save end of n[]
+	mov	$tptr,8+8(%rsp)		# save end of t[]
+
+	lea	48+8(%rsp),$tptr		# initial t[] window
+	jmp	.Lsqrx8x_reduction_loop
+
+.align	32
+.Lsqrx8x_reduction_loop:
+	mov	8*1($tptr),%r9
+	mov	8*2($tptr),%r10
+	mov	8*3($tptr),%r11
+	mov	8*4($tptr),%r12
+	mov	%rdx,%r8
+	imulq	%rbx,%rdx		# n0*a[i]
+	mov	8*5($tptr),%r13
+	mov	8*6($tptr),%r14
+	mov	8*7($tptr),%r15
+	mov	%rax,24+8(%rsp)		# store top-most carry bit
+
+	lea	8*8($tptr),$tptr
+	xor	$carry,$carry		# cf=0,of=0
+	mov	\$-8,%rcx
+	jmp	.Lsqrx8x_reduce
+
+.align	32
+.Lsqrx8x_reduce:
+	mov	%r8, %rbx
+	mulx	8*0($nptr),%rax,%r8	# n[0]
+	adcx	%rbx,%rax		# discarded
+	adox	%r9,%r8
+
+	mulx	8*1($nptr),%rbx,%r9	# n[1]
+	adcx	%rbx,%r8
+	adox	%r10,%r9
+
+	mulx	8*2($nptr),%rbx,%r10
+	adcx	%rbx,%r9
+	adox	%r11,%r10
+
+	mulx	8*3($nptr),%rbx,%r11
+	adcx	%rbx,%r10
+	adox	%r12,%r11
+
+	.byte	0xc4,0x62,0xe3,0xf6,0xa5,0x20,0x00,0x00,0x00	# mulx	8*4($nptr),%rbx,%r12
+	 mov	%rdx,%rax
+	 mov	%r8,%rdx
+	adcx	%rbx,%r11
+	adox	%r13,%r12
+
+	 mulx	32+8(%rsp),%rbx,%rdx	# %rdx discarded
+	 mov	%rax,%rdx
+	 mov	%rax,64+48+8(%rsp,%rcx,8)	# put aside n0*a[i]
+
+	mulx	8*5($nptr),%rax,%r13
+	adcx	%rax,%r12
+	adox	%r14,%r13
+
+	mulx	8*6($nptr),%rax,%r14
+	adcx	%rax,%r13
+	adox	%r15,%r14
+
+	mulx	8*7($nptr),%rax,%r15
+	 mov	%rbx,%rdx
+	adcx	%rax,%r14
+	adox	$carry,%r15		# $carry is 0
+	adcx	$carry,%r15		# cf=0
+
+	.byte	0x67,0x67,0x67
+	inc	%rcx			# of=0
+	jnz	.Lsqrx8x_reduce
+
+	mov	$carry,%rax		# xor	%rax,%rax
+	cmp	0+8(%rsp),$nptr		# end of n[]?
+	jae	.Lsqrx8x_no_tail
+
+	mov	48+8(%rsp),%rdx		# pull n0*a[0]
+	add	8*0($tptr),%r8
+	lea	8*8($nptr),$nptr
+	mov	\$-8,%rcx
+	adcx	8*1($tptr),%r9
+	adcx	8*2($tptr),%r10
+	adc	8*3($tptr),%r11
+	adc	8*4($tptr),%r12
+	adc	8*5($tptr),%r13
+	adc	8*6($tptr),%r14
+	adc	8*7($tptr),%r15
+	lea	8*8($tptr),$tptr
+	sbb	%rax,%rax		# top carry
+
+	xor	$carry,$carry		# of=0, cf=0
+	mov	%rax,16+8(%rsp)
+	jmp	.Lsqrx8x_tail
+
+.align	32
+.Lsqrx8x_tail:
+	mov	%r8,%rbx
+	mulx	8*0($nptr),%rax,%r8
+	adcx	%rax,%rbx
+	adox	%r9,%r8
+
+	mulx	8*1($nptr),%rax,%r9
+	adcx	%rax,%r8
+	adox	%r10,%r9
+
+	mulx	8*2($nptr),%rax,%r10
+	adcx	%rax,%r9
+	adox	%r11,%r10
+
+	mulx	8*3($nptr),%rax,%r11
+	adcx	%rax,%r10
+	adox	%r12,%r11
+
+	.byte	0xc4,0x62,0xfb,0xf6,0xa5,0x20,0x00,0x00,0x00	# mulx	8*4($nptr),%rax,%r12
+	adcx	%rax,%r11
+	adox	%r13,%r12
+
+	mulx	8*5($nptr),%rax,%r13
+	adcx	%rax,%r12
+	adox	%r14,%r13
+
+	mulx	8*6($nptr),%rax,%r14
+	adcx	%rax,%r13
+	adox	%r15,%r14
+
+	mulx	8*7($nptr),%rax,%r15
+	 mov	72+48+8(%rsp,%rcx,8),%rdx	# pull n0*a[i]
+	adcx	%rax,%r14
+	adox	$carry,%r15
+	 mov	%rbx,($tptr,%rcx,8)	# save result
+	 mov	%r8,%rbx
+	adcx	$carry,%r15		# cf=0
+
+	inc	%rcx			# of=0
+	jnz	.Lsqrx8x_tail
+
+	cmp	0+8(%rsp),$nptr		# end of n[]?
+	jae	.Lsqrx8x_tail_done	# break out of loop
+
+	sub	16+8(%rsp),$carry	# mov 16(%rsp),%cf
+	 mov	48+8(%rsp),%rdx		# pull n0*a[0]
+	 lea	8*8($nptr),$nptr
+	adc	8*0($tptr),%r8
+	adc	8*1($tptr),%r9
+	adc	8*2($tptr),%r10
+	adc	8*3($tptr),%r11
+	adc	8*4($tptr),%r12
+	adc	8*5($tptr),%r13
+	adc	8*6($tptr),%r14
+	adc	8*7($tptr),%r15
+	lea	8*8($tptr),$tptr
+	sbb	%rax,%rax
+	sub	\$8,%rcx		# mov	\$-8,%rcx
+
+	xor	$carry,$carry		# of=0, cf=0
+	mov	%rax,16+8(%rsp)
+	jmp	.Lsqrx8x_tail
+
+.align	32
+.Lsqrx8x_tail_done:
+	xor	%rax,%rax
+	add	24+8(%rsp),%r8		# can this overflow?
+	adc	\$0,%r9
+	adc	\$0,%r10
+	adc	\$0,%r11
+	adc	\$0,%r12
+	adc	\$0,%r13
+	adc	\$0,%r14
+	adc	\$0,%r15
+	adc	\$0,%rax
+
+	sub	16+8(%rsp),$carry	# mov 16(%rsp),%cf
+.Lsqrx8x_no_tail:			# %cf is 0 if jumped here
+	adc	8*0($tptr),%r8
+	 movq	%xmm3,%rcx
+	adc	8*1($tptr),%r9
+	 mov	8*7($nptr),$carry
+	 movq	%xmm2,$nptr		# restore $nptr
+	adc	8*2($tptr),%r10
+	adc	8*3($tptr),%r11
+	adc	8*4($tptr),%r12
+	adc	8*5($tptr),%r13
+	adc	8*6($tptr),%r14
+	adc	8*7($tptr),%r15
+	adc	\$0,%rax		# top-most carry
+
+	mov	32+8(%rsp),%rbx		# n0
+	mov	8*8($tptr,%rcx),%rdx	# modulo-scheduled "%r8"
+
+	mov	%r8,8*0($tptr)		# store top 512 bits
+	 lea	8*8($tptr),%r8		# borrow %r8
+	mov	%r9,8*1($tptr)
+	mov	%r10,8*2($tptr)
+	mov	%r11,8*3($tptr)
+	mov	%r12,8*4($tptr)
+	mov	%r13,8*5($tptr)
+	mov	%r14,8*6($tptr)
+	mov	%r15,8*7($tptr)
+
+	lea	8*8($tptr,%rcx),$tptr	# start of current t[] window
+	cmp	8+8(%rsp),%r8		# end of t[]?
+	jb	.Lsqrx8x_reduction_loop
+	ret
+.cfi_endproc
+.size	bn_sqrx8x_internal,.-bn_sqrx8x_internal
+___
+}
+##############################################################
+# Post-condition, 4x unrolled
+#
+{
+my ($rptr,$nptr)=("%rdx","%rbp");
+$code.=<<___;
+.align	32
+__bn_postx4x_internal:
+	mov	8*0($nptr),%r12
+	mov	%rcx,%r10		# -$num
+	mov	%rcx,%r9		# -$num
+	neg	%rax
+	sar	\$3+2,%rcx
+	#lea	48+8(%rsp,%r9),$tptr
+	movq	%xmm1,$rptr		# restore $rptr
+	movq	%xmm1,$aptr		# prepare for back-to-back call
+	dec	%r12			# so that after 'not' we get -n[0]
+	mov	8*1($nptr),%r13
+	xor	%r8,%r8
+	mov	8*2($nptr),%r14
+	mov	8*3($nptr),%r15
+	jmp	.Lsqrx4x_sub_entry
+
+.align	16
+.Lsqrx4x_sub:
+	mov	8*0($nptr),%r12
+	mov	8*1($nptr),%r13
+	mov	8*2($nptr),%r14
+	mov	8*3($nptr),%r15
+.Lsqrx4x_sub_entry:
+	andn	%rax,%r12,%r12
+	lea	8*4($nptr),$nptr
+	andn	%rax,%r13,%r13
+	andn	%rax,%r14,%r14
+	andn	%rax,%r15,%r15
+
+	neg	%r8			# mov %r8,%cf
+	adc	8*0($tptr),%r12
+	adc	8*1($tptr),%r13
+	adc	8*2($tptr),%r14
+	adc	8*3($tptr),%r15
+	mov	%r12,8*0($rptr)
+	lea	8*4($tptr),$tptr
+	mov	%r13,8*1($rptr)
+	sbb	%r8,%r8			# mov %cf,%r8
+	mov	%r14,8*2($rptr)
+	mov	%r15,8*3($rptr)
+	lea	8*4($rptr),$rptr
+
+	inc	%rcx
+	jnz	.Lsqrx4x_sub
+
+	neg	%r9			# restore $num
+
+	ret
+.size	__bn_postx4x_internal,.-__bn_postx4x_internal
+___
+}
+}}}
+{
+my ($inp,$num,$tbl,$idx)=$win64?("%rcx","%edx","%r8", "%r9d") : # Win64 order
+				("%rdi","%esi","%rdx","%ecx");  # Unix order
+my $out=$inp;
+my $STRIDE=2**5*8;
+my $N=$STRIDE/4;
+
+$code.=<<___;
+.globl	bn_get_bits5
+.type	bn_get_bits5,\@abi-omnipotent
+.align	16
+bn_get_bits5:
+	lea	0($inp),%r10
+	lea	1($inp),%r11
+	mov	$num,%ecx
+	shr	\$4,$num
+	and	\$15,%ecx
+	lea	-8(%ecx),%eax
+	cmp	\$11,%ecx
+	cmova	%r11,%r10
+	cmova	%eax,%ecx
+	movzw	(%r10,$num,2),%eax
+	shrl	%cl,%eax
+	and	\$31,%eax
+	ret
+.size	bn_get_bits5,.-bn_get_bits5
+
+.globl	bn_scatter5
+.type	bn_scatter5,\@abi-omnipotent
+.align	16
+bn_scatter5:
+	cmp	\$0, $num
+	jz	.Lscatter_epilogue
+	lea	($tbl,$idx,8),$tbl
+.Lscatter:
+	mov	($inp),%rax
+	lea	8($inp),$inp
+	mov	%rax,($tbl)
+	lea	32*8($tbl),$tbl
+	sub	\$1,$num
+	jnz	.Lscatter
+.Lscatter_epilogue:
+	ret
+.size	bn_scatter5,.-bn_scatter5
+
+.globl	bn_gather5
+.type	bn_gather5,\@abi-omnipotent
+.align	32
+bn_gather5:
+.LSEH_begin_bn_gather5:			# Win64 thing, but harmless in other cases
+	# I can't trust assembler to use specific encoding:-(
+	.byte	0x4c,0x8d,0x14,0x24			#lea    (%rsp),%r10
+	.byte	0x48,0x81,0xec,0x08,0x01,0x00,0x00	#sub	$0x108,%rsp
+	lea	.Linc(%rip),%rax
+	and	\$-16,%rsp		# shouldn't be formally required
+
+	movd	$idx,%xmm5
+	movdqa	0(%rax),%xmm0		# 00000001000000010000000000000000
+	movdqa	16(%rax),%xmm1		# 00000002000000020000000200000002
+	lea	128($tbl),%r11		# size optimization
+	lea	128(%rsp),%rax		# size optimization
+
+	pshufd	\$0,%xmm5,%xmm5		# broadcast $idx
+	movdqa	%xmm1,%xmm4
+	movdqa	%xmm1,%xmm2
+___
+########################################################################
+# calculate mask by comparing 0..31 to $idx and save result to stack
+#
+for($i=0;$i<$STRIDE/16;$i+=4) {
+$code.=<<___;
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm5,%xmm0		# compare to 1,0
+___
+$code.=<<___	if ($i);
+	movdqa	%xmm3,`16*($i-1)-128`(%rax)
+___
+$code.=<<___;
+	movdqa	%xmm4,%xmm3
+
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm5,%xmm1		# compare to 3,2
+	movdqa	%xmm0,`16*($i+0)-128`(%rax)
+	movdqa	%xmm4,%xmm0
+
+	paddd	%xmm2,%xmm3
+	pcmpeqd	%xmm5,%xmm2		# compare to 5,4
+	movdqa	%xmm1,`16*($i+1)-128`(%rax)
+	movdqa	%xmm4,%xmm1
+
+	paddd	%xmm3,%xmm0
+	pcmpeqd	%xmm5,%xmm3		# compare to 7,6
+	movdqa	%xmm2,`16*($i+2)-128`(%rax)
+	movdqa	%xmm4,%xmm2
+___
+}
+$code.=<<___;
+	movdqa	%xmm3,`16*($i-1)-128`(%rax)
+	jmp	.Lgather
+
+.align	32
+.Lgather:
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+___
+for($i=0;$i<$STRIDE/16;$i+=4) {
+$code.=<<___;
+	movdqa	`16*($i+0)-128`(%r11),%xmm0
+	movdqa	`16*($i+1)-128`(%r11),%xmm1
+	movdqa	`16*($i+2)-128`(%r11),%xmm2
+	pand	`16*($i+0)-128`(%rax),%xmm0
+	movdqa	`16*($i+3)-128`(%r11),%xmm3
+	pand	`16*($i+1)-128`(%rax),%xmm1
+	por	%xmm0,%xmm4
+	pand	`16*($i+2)-128`(%rax),%xmm2
+	por	%xmm1,%xmm5
+	pand	`16*($i+3)-128`(%rax),%xmm3
+	por	%xmm2,%xmm4
+	por	%xmm3,%xmm5
+___
+}
+$code.=<<___;
+	por	%xmm5,%xmm4
+	lea	$STRIDE(%r11),%r11
+	pshufd	\$0x4e,%xmm4,%xmm0
+	por	%xmm4,%xmm0
+	movq	%xmm0,($out)		# m0=bp[0]
+	lea	8($out),$out
+	sub	\$1,$num
+	jnz	.Lgather
+
+	lea	(%r10),%rsp
+	ret
+.LSEH_end_bn_gather5:
+.size	bn_gather5,.-bn_gather5
+___
+}
+$code.=<<___;
+.align	64
+.Linc:
+	.long	0,0, 1,1
+	.long	2,2, 2,2
+.asciz	"Montgomery Multiplication with scatter/gather for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern	__imp_RtlVirtualUnwind
+.type	mul_handler,\@abi-omnipotent
+.align	16
+mul_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# end of prologue label
+	cmp	%r10,%rbx		# context->Rip<end of prologue label
+	jb	.Lcommon_seh_tail
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# beginning of body label
+	cmp	%r10,%rbx		# context->Rip<body label
+	jb	.Lcommon_pop_regs
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	8(%r11),%r10d		# HandlerData[2]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lcommon_seh_tail
+
+	lea	.Lmul_epilogue(%rip),%r10
+	cmp	%r10,%rbx
+	ja	.Lbody_40
+
+	mov	192($context),%r10	# pull $num
+	mov	8(%rax,%r10,8),%rax	# pull saved stack pointer
+
+	jmp	.Lcommon_pop_regs
+
+.Lbody_40:
+	mov	40(%rax),%rax		# pull saved stack pointer
+.Lcommon_pop_regs:
+	mov	-8(%rax),%rbx
+	mov	-16(%rax),%rbp
+	mov	-24(%rax),%r12
+	mov	-32(%rax),%r13
+	mov	-40(%rax),%r14
+	mov	-48(%rax),%r15
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+	mov	%r14,232($context)	# restore context->R14
+	mov	%r15,240($context)	# restore context->R15
+
+.Lcommon_seh_tail:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$154,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	mul_handler,.-mul_handler
+
+.section	.pdata
+.align	4
+	.rva	.LSEH_begin_bn_mul_mont_gather5
+	.rva	.LSEH_end_bn_mul_mont_gather5
+	.rva	.LSEH_info_bn_mul_mont_gather5
+
+	.rva	.LSEH_begin_bn_mul4x_mont_gather5
+	.rva	.LSEH_end_bn_mul4x_mont_gather5
+	.rva	.LSEH_info_bn_mul4x_mont_gather5
+
+	.rva	.LSEH_begin_bn_power5
+	.rva	.LSEH_end_bn_power5
+	.rva	.LSEH_info_bn_power5
+
+	.rva	.LSEH_begin_bn_from_mont8x
+	.rva	.LSEH_end_bn_from_mont8x
+	.rva	.LSEH_info_bn_from_mont8x
+___
+$code.=<<___ if ($addx);
+	.rva	.LSEH_begin_bn_mulx4x_mont_gather5
+	.rva	.LSEH_end_bn_mulx4x_mont_gather5
+	.rva	.LSEH_info_bn_mulx4x_mont_gather5
+
+	.rva	.LSEH_begin_bn_powerx5
+	.rva	.LSEH_end_bn_powerx5
+	.rva	.LSEH_info_bn_powerx5
+___
+$code.=<<___;
+	.rva	.LSEH_begin_bn_gather5
+	.rva	.LSEH_end_bn_gather5
+	.rva	.LSEH_info_bn_gather5
+
+.section	.xdata
+.align	8
+.LSEH_info_bn_mul_mont_gather5:
+	.byte	9,0,0,0
+	.rva	mul_handler
+	.rva	.Lmul_body,.Lmul_body,.Lmul_epilogue		# HandlerData[]
+.align	8
+.LSEH_info_bn_mul4x_mont_gather5:
+	.byte	9,0,0,0
+	.rva	mul_handler
+	.rva	.Lmul4x_prologue,.Lmul4x_body,.Lmul4x_epilogue		# HandlerData[]
+.align	8
+.LSEH_info_bn_power5:
+	.byte	9,0,0,0
+	.rva	mul_handler
+	.rva	.Lpower5_prologue,.Lpower5_body,.Lpower5_epilogue	# HandlerData[]
+.align	8
+.LSEH_info_bn_from_mont8x:
+	.byte	9,0,0,0
+	.rva	mul_handler
+	.rva	.Lfrom_prologue,.Lfrom_body,.Lfrom_epilogue		# HandlerData[]
+___
+$code.=<<___ if ($addx);
+.align	8
+.LSEH_info_bn_mulx4x_mont_gather5:
+	.byte	9,0,0,0
+	.rva	mul_handler
+	.rva	.Lmulx4x_prologue,.Lmulx4x_body,.Lmulx4x_epilogue	# HandlerData[]
+.align	8
+.LSEH_info_bn_powerx5:
+	.byte	9,0,0,0
+	.rva	mul_handler
+	.rva	.Lpowerx5_prologue,.Lpowerx5_body,.Lpowerx5_epilogue	# HandlerData[]
+___
+$code.=<<___;
+.align	8
+.LSEH_info_bn_gather5:
+	.byte	0x01,0x0b,0x03,0x0a
+	.byte	0x0b,0x01,0x21,0x00	# sub	rsp,0x108
+	.byte	0x04,0xa3,0x00,0x00	# lea	r10,(rsp)
+.align	8
+___
+}
+
+$code =~ s/\`([^\`]*)\`/eval($1)/gem;
+
+print $code;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_add.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_add.c
new file mode 100644
index 000000000..f2736b8f6
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_add.c
@@ -0,0 +1,171 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include "bn_lcl.h"
+
+/* signed add of b to a. */
+int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+{
+    int ret, r_neg, cmp_res;
+
+    bn_check_top(a);
+    bn_check_top(b);
+
+    if (a->neg == b->neg) {
+        r_neg = a->neg;
+        ret = BN_uadd(r, a, b);
+    } else {
+        cmp_res = BN_ucmp(a, b);
+        if (cmp_res > 0) {
+            r_neg = a->neg;
+            ret = BN_usub(r, a, b);
+        } else if (cmp_res < 0) {
+            r_neg = b->neg;
+            ret = BN_usub(r, b, a);
+        } else {
+            r_neg = 0;
+            BN_zero(r);
+            ret = 1;
+        }
+    }
+
+    r->neg = r_neg;
+    bn_check_top(r);
+    return ret;
+}
+
+/* signed sub of b from a. */
+int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+{
+    int ret, r_neg, cmp_res;
+
+    bn_check_top(a);
+    bn_check_top(b);
+
+    if (a->neg != b->neg) {
+        r_neg = a->neg;
+        ret = BN_uadd(r, a, b);
+    } else {
+        cmp_res = BN_ucmp(a, b);
+        if (cmp_res > 0) {
+            r_neg = a->neg;
+            ret = BN_usub(r, a, b);
+        } else if (cmp_res < 0) {
+            r_neg = !b->neg;
+            ret = BN_usub(r, b, a);
+        } else {
+            r_neg = 0;
+            BN_zero(r);
+            ret = 1;
+        }
+    }
+
+    r->neg = r_neg;
+    bn_check_top(r);
+    return ret;
+}
+
+/* unsigned add of b to a, r can be equal to a or b. */
+int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+{
+    int max, min, dif;
+    const BN_ULONG *ap, *bp;
+    BN_ULONG *rp, carry, t1, t2;
+
+    bn_check_top(a);
+    bn_check_top(b);
+
+    if (a->top < b->top) {
+        const BIGNUM *tmp;
+
+        tmp = a;
+        a = b;
+        b = tmp;
+    }
+    max = a->top;
+    min = b->top;
+    dif = max - min;
+
+    if (bn_wexpand(r, max + 1) == NULL)
+        return 0;
+
+    r->top = max;
+
+    ap = a->d;
+    bp = b->d;
+    rp = r->d;
+
+    carry = bn_add_words(rp, ap, bp, min);
+    rp += min;
+    ap += min;
+
+    while (dif) {
+        dif--;
+        t1 = *(ap++);
+        t2 = (t1 + carry) & BN_MASK2;
+        *(rp++) = t2;
+        carry &= (t2 == 0);
+    }
+    *rp = carry;
+    r->top += carry;
+
+    r->neg = 0;
+    bn_check_top(r);
+    return 1;
+}
+
+/* unsigned subtraction of b from a, a must be larger than b. */
+int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+{
+    int max, min, dif;
+    BN_ULONG t1, t2, borrow, *rp;
+    const BN_ULONG *ap, *bp;
+
+    bn_check_top(a);
+    bn_check_top(b);
+
+    max = a->top;
+    min = b->top;
+    dif = max - min;
+
+    if (dif < 0) {              /* hmm... should not be happening */
+        BNerr(BN_F_BN_USUB, BN_R_ARG2_LT_ARG3);
+        return 0;
+    }
+
+    if (bn_wexpand(r, max) == NULL)
+        return 0;
+
+    ap = a->d;
+    bp = b->d;
+    rp = r->d;
+
+    borrow = bn_sub_words(rp, ap, bp, min);
+    ap += min;
+    rp += min;
+
+    while (dif) {
+        dif--;
+        t1 = *(ap++);
+        t2 = (t1 - borrow) & BN_MASK2;
+        *(rp++) = t2;
+        borrow &= (t1 == 0);
+    }
+
+    while (max && *--rp == 0)
+        max--;
+
+    r->top = max;
+    r->neg = 0;
+    bn_pollute(r);
+
+    return 1;
+}
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_asm.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_asm.c
new file mode 100644
index 000000000..729b2480a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_asm.c
@@ -0,0 +1,1039 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <assert.h>
+#include <openssl/crypto.h>
+#include "internal/cryptlib.h"
+#include "bn_lcl.h"
+
+#if defined(BN_LLONG) || defined(BN_UMULT_HIGH)
+
+BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num,
+                          BN_ULONG w)
+{
+    BN_ULONG c1 = 0;
+
+    assert(num >= 0);
+    if (num <= 0)
+        return c1;
+
+# ifndef OPENSSL_SMALL_FOOTPRINT
+    while (num & ~3) {
+        mul_add(rp[0], ap[0], w, c1);
+        mul_add(rp[1], ap[1], w, c1);
+        mul_add(rp[2], ap[2], w, c1);
+        mul_add(rp[3], ap[3], w, c1);
+        ap += 4;
+        rp += 4;
+        num -= 4;
+    }
+# endif
+    while (num) {
+        mul_add(rp[0], ap[0], w, c1);
+        ap++;
+        rp++;
+        num--;
+    }
+
+    return c1;
+}
+
+BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
+{
+    BN_ULONG c1 = 0;
+
+    assert(num >= 0);
+    if (num <= 0)
+        return c1;
+
+# ifndef OPENSSL_SMALL_FOOTPRINT
+    while (num & ~3) {
+        mul(rp[0], ap[0], w, c1);
+        mul(rp[1], ap[1], w, c1);
+        mul(rp[2], ap[2], w, c1);
+        mul(rp[3], ap[3], w, c1);
+        ap += 4;
+        rp += 4;
+        num -= 4;
+    }
+# endif
+    while (num) {
+        mul(rp[0], ap[0], w, c1);
+        ap++;
+        rp++;
+        num--;
+    }
+    return c1;
+}
+
+void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
+{
+    assert(n >= 0);
+    if (n <= 0)
+        return;
+
+# ifndef OPENSSL_SMALL_FOOTPRINT
+    while (n & ~3) {
+        sqr(r[0], r[1], a[0]);
+        sqr(r[2], r[3], a[1]);
+        sqr(r[4], r[5], a[2]);
+        sqr(r[6], r[7], a[3]);
+        a += 4;
+        r += 8;
+        n -= 4;
+    }
+# endif
+    while (n) {
+        sqr(r[0], r[1], a[0]);
+        a++;
+        r += 2;
+        n--;
+    }
+}
+
+#else                           /* !(defined(BN_LLONG) ||
+                                 * defined(BN_UMULT_HIGH)) */
+
+BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num,
+                          BN_ULONG w)
+{
+    BN_ULONG c = 0;
+    BN_ULONG bl, bh;
+
+    assert(num >= 0);
+    if (num <= 0)
+        return (BN_ULONG)0;
+
+    bl = LBITS(w);
+    bh = HBITS(w);
+
+# ifndef OPENSSL_SMALL_FOOTPRINT
+    while (num & ~3) {
+        mul_add(rp[0], ap[0], bl, bh, c);
+        mul_add(rp[1], ap[1], bl, bh, c);
+        mul_add(rp[2], ap[2], bl, bh, c);
+        mul_add(rp[3], ap[3], bl, bh, c);
+        ap += 4;
+        rp += 4;
+        num -= 4;
+    }
+# endif
+    while (num) {
+        mul_add(rp[0], ap[0], bl, bh, c);
+        ap++;
+        rp++;
+        num--;
+    }
+    return c;
+}
+
+BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
+{
+    BN_ULONG carry = 0;
+    BN_ULONG bl, bh;
+
+    assert(num >= 0);
+    if (num <= 0)
+        return (BN_ULONG)0;
+
+    bl = LBITS(w);
+    bh = HBITS(w);
+
+# ifndef OPENSSL_SMALL_FOOTPRINT
+    while (num & ~3) {
+        mul(rp[0], ap[0], bl, bh, carry);
+        mul(rp[1], ap[1], bl, bh, carry);
+        mul(rp[2], ap[2], bl, bh, carry);
+        mul(rp[3], ap[3], bl, bh, carry);
+        ap += 4;
+        rp += 4;
+        num -= 4;
+    }
+# endif
+    while (num) {
+        mul(rp[0], ap[0], bl, bh, carry);
+        ap++;
+        rp++;
+        num--;
+    }
+    return carry;
+}
+
+void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
+{
+    assert(n >= 0);
+    if (n <= 0)
+        return;
+
+# ifndef OPENSSL_SMALL_FOOTPRINT
+    while (n & ~3) {
+        sqr64(r[0], r[1], a[0]);
+        sqr64(r[2], r[3], a[1]);
+        sqr64(r[4], r[5], a[2]);
+        sqr64(r[6], r[7], a[3]);
+        a += 4;
+        r += 8;
+        n -= 4;
+    }
+# endif
+    while (n) {
+        sqr64(r[0], r[1], a[0]);
+        a++;
+        r += 2;
+        n--;
+    }
+}
+
+#endif                          /* !(defined(BN_LLONG) ||
+                                 * defined(BN_UMULT_HIGH)) */
+
+#if defined(BN_LLONG) && defined(BN_DIV2W)
+
+BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
+{
+    return ((BN_ULONG)(((((BN_ULLONG) h) << BN_BITS2) | l) / (BN_ULLONG) d));
+}
+
+#else
+
+/* Divide h,l by d and return the result. */
+/* I need to test this some more :-( */
+BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
+{
+    BN_ULONG dh, dl, q, ret = 0, th, tl, t;
+    int i, count = 2;
+
+    if (d == 0)
+        return BN_MASK2;
+
+    i = BN_num_bits_word(d);
+    assert((i == BN_BITS2) || (h <= (BN_ULONG)1 << i));
+
+    i = BN_BITS2 - i;
+    if (h >= d)
+        h -= d;
+
+    if (i) {
+        d <<= i;
+        h = (h << i) | (l >> (BN_BITS2 - i));
+        l <<= i;
+    }
+    dh = (d & BN_MASK2h) >> BN_BITS4;
+    dl = (d & BN_MASK2l);
+    for (;;) {
+        if ((h >> BN_BITS4) == dh)
+            q = BN_MASK2l;
+        else
+            q = h / dh;
+
+        th = q * dh;
+        tl = dl * q;
+        for (;;) {
+            t = h - th;
+            if ((t & BN_MASK2h) ||
+                ((tl) <= ((t << BN_BITS4) | ((l & BN_MASK2h) >> BN_BITS4))))
+                break;
+            q--;
+            th -= dh;
+            tl -= dl;
+        }
+        t = (tl >> BN_BITS4);
+        tl = (tl << BN_BITS4) & BN_MASK2h;
+        th += t;
+
+        if (l < tl)
+            th++;
+        l -= tl;
+        if (h < th) {
+            h += d;
+            q--;
+        }
+        h -= th;
+
+        if (--count == 0)
+            break;
+
+        ret = q << BN_BITS4;
+        h = ((h << BN_BITS4) | (l >> BN_BITS4)) & BN_MASK2;
+        l = (l & BN_MASK2l) << BN_BITS4;
+    }
+    ret |= q;
+    return ret;
+}
+#endif                          /* !defined(BN_LLONG) && defined(BN_DIV2W) */
+
+#ifdef BN_LLONG
+BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
+                      int n)
+{
+    BN_ULLONG ll = 0;
+
+    assert(n >= 0);
+    if (n <= 0)
+        return (BN_ULONG)0;
+
+# ifndef OPENSSL_SMALL_FOOTPRINT
+    while (n & ~3) {
+        ll += (BN_ULLONG) a[0] + b[0];
+        r[0] = (BN_ULONG)ll & BN_MASK2;
+        ll >>= BN_BITS2;
+        ll += (BN_ULLONG) a[1] + b[1];
+        r[1] = (BN_ULONG)ll & BN_MASK2;
+        ll >>= BN_BITS2;
+        ll += (BN_ULLONG) a[2] + b[2];
+        r[2] = (BN_ULONG)ll & BN_MASK2;
+        ll >>= BN_BITS2;
+        ll += (BN_ULLONG) a[3] + b[3];
+        r[3] = (BN_ULONG)ll & BN_MASK2;
+        ll >>= BN_BITS2;
+        a += 4;
+        b += 4;
+        r += 4;
+        n -= 4;
+    }
+# endif
+    while (n) {
+        ll += (BN_ULLONG) a[0] + b[0];
+        r[0] = (BN_ULONG)ll & BN_MASK2;
+        ll >>= BN_BITS2;
+        a++;
+        b++;
+        r++;
+        n--;
+    }
+    return (BN_ULONG)ll;
+}
+#else                           /* !BN_LLONG */
+BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
+                      int n)
+{
+    BN_ULONG c, l, t;
+
+    assert(n >= 0);
+    if (n <= 0)
+        return (BN_ULONG)0;
+
+    c = 0;
+# ifndef OPENSSL_SMALL_FOOTPRINT
+    while (n & ~3) {
+        t = a[0];
+        t = (t + c) & BN_MASK2;
+        c = (t < c);
+        l = (t + b[0]) & BN_MASK2;
+        c += (l < t);
+        r[0] = l;
+        t = a[1];
+        t = (t + c) & BN_MASK2;
+        c = (t < c);
+        l = (t + b[1]) & BN_MASK2;
+        c += (l < t);
+        r[1] = l;
+        t = a[2];
+        t = (t + c) & BN_MASK2;
+        c = (t < c);
+        l = (t + b[2]) & BN_MASK2;
+        c += (l < t);
+        r[2] = l;
+        t = a[3];
+        t = (t + c) & BN_MASK2;
+        c = (t < c);
+        l = (t + b[3]) & BN_MASK2;
+        c += (l < t);
+        r[3] = l;
+        a += 4;
+        b += 4;
+        r += 4;
+        n -= 4;
+    }
+# endif
+    while (n) {
+        t = a[0];
+        t = (t + c) & BN_MASK2;
+        c = (t < c);
+        l = (t + b[0]) & BN_MASK2;
+        c += (l < t);
+        r[0] = l;
+        a++;
+        b++;
+        r++;
+        n--;
+    }
+    return (BN_ULONG)c;
+}
+#endif                          /* !BN_LLONG */
+
+BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
+                      int n)
+{
+    BN_ULONG t1, t2;
+    int c = 0;
+
+    assert(n >= 0);
+    if (n <= 0)
+        return (BN_ULONG)0;
+
+#ifndef OPENSSL_SMALL_FOOTPRINT
+    while (n & ~3) {
+        t1 = a[0];
+        t2 = b[0];
+        r[0] = (t1 - t2 - c) & BN_MASK2;
+        if (t1 != t2)
+            c = (t1 < t2);
+        t1 = a[1];
+        t2 = b[1];
+        r[1] = (t1 - t2 - c) & BN_MASK2;
+        if (t1 != t2)
+            c = (t1 < t2);
+        t1 = a[2];
+        t2 = b[2];
+        r[2] = (t1 - t2 - c) & BN_MASK2;
+        if (t1 != t2)
+            c = (t1 < t2);
+        t1 = a[3];
+        t2 = b[3];
+        r[3] = (t1 - t2 - c) & BN_MASK2;
+        if (t1 != t2)
+            c = (t1 < t2);
+        a += 4;
+        b += 4;
+        r += 4;
+        n -= 4;
+    }
+#endif
+    while (n) {
+        t1 = a[0];
+        t2 = b[0];
+        r[0] = (t1 - t2 - c) & BN_MASK2;
+        if (t1 != t2)
+            c = (t1 < t2);
+        a++;
+        b++;
+        r++;
+        n--;
+    }
+    return c;
+}
+
+#if defined(BN_MUL_COMBA) && !defined(OPENSSL_SMALL_FOOTPRINT)
+
+# undef bn_mul_comba8
+# undef bn_mul_comba4
+# undef bn_sqr_comba8
+# undef bn_sqr_comba4
+
+/* mul_add_c(a,b,c0,c1,c2)  -- c+=a*b for three word number c=(c2,c1,c0) */
+/* mul_add_c2(a,b,c0,c1,c2) -- c+=2*a*b for three word number c=(c2,c1,c0) */
+/* sqr_add_c(a,i,c0,c1,c2)  -- c+=a[i]^2 for three word number c=(c2,c1,c0) */
+/*
+ * sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number
+ * c=(c2,c1,c0)
+ */
+
+# ifdef BN_LLONG
+/*
+ * Keep in mind that additions to multiplication result can not
+ * overflow, because its high half cannot be all-ones.
+ */
+#  define mul_add_c(a,b,c0,c1,c2)       do {    \
+        BN_ULONG hi;                            \
+        BN_ULLONG t = (BN_ULLONG)(a)*(b);       \
+        t += c0;                /* no carry */  \
+        c0 = (BN_ULONG)Lw(t);                   \
+        hi = (BN_ULONG)Hw(t);                   \
+        c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++; \
+        } while(0)
+
+#  define mul_add_c2(a,b,c0,c1,c2)      do {    \
+        BN_ULONG hi;                            \
+        BN_ULLONG t = (BN_ULLONG)(a)*(b);       \
+        BN_ULLONG tt = t+c0;    /* no carry */  \
+        c0 = (BN_ULONG)Lw(tt);                  \
+        hi = (BN_ULONG)Hw(tt);                  \
+        c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++; \
+        t += c0;                /* no carry */  \
+        c0 = (BN_ULONG)Lw(t);                   \
+        hi = (BN_ULONG)Hw(t);                   \
+        c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++; \
+        } while(0)
+
+#  define sqr_add_c(a,i,c0,c1,c2)       do {    \
+        BN_ULONG hi;                            \
+        BN_ULLONG t = (BN_ULLONG)a[i]*a[i];     \
+        t += c0;                /* no carry */  \
+        c0 = (BN_ULONG)Lw(t);                   \
+        hi = (BN_ULONG)Hw(t);                   \
+        c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++; \
+        } while(0)
+
+#  define sqr_add_c2(a,i,j,c0,c1,c2) \
+        mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+
+# elif defined(BN_UMULT_LOHI)
+/*
+ * Keep in mind that additions to hi can not overflow, because
+ * the high word of a multiplication result cannot be all-ones.
+ */
+#  define mul_add_c(a,b,c0,c1,c2)       do {    \
+        BN_ULONG ta = (a), tb = (b);            \
+        BN_ULONG lo, hi;                        \
+        BN_UMULT_LOHI(lo,hi,ta,tb);             \
+        c0 += lo; hi += (c0<lo)?1:0;            \
+        c1 += hi; c2 += (c1<hi)?1:0;            \
+        } while(0)
+
+#  define mul_add_c2(a,b,c0,c1,c2)      do {    \
+        BN_ULONG ta = (a), tb = (b);            \
+        BN_ULONG lo, hi, tt;                    \
+        BN_UMULT_LOHI(lo,hi,ta,tb);             \
+        c0 += lo; tt = hi+((c0<lo)?1:0);        \
+        c1 += tt; c2 += (c1<tt)?1:0;            \
+        c0 += lo; hi += (c0<lo)?1:0;            \
+        c1 += hi; c2 += (c1<hi)?1:0;            \
+        } while(0)
+
+#  define sqr_add_c(a,i,c0,c1,c2)       do {    \
+        BN_ULONG ta = (a)[i];                   \
+        BN_ULONG lo, hi;                        \
+        BN_UMULT_LOHI(lo,hi,ta,ta);             \
+        c0 += lo; hi += (c0<lo)?1:0;            \
+        c1 += hi; c2 += (c1<hi)?1:0;            \
+        } while(0)
+
+#  define sqr_add_c2(a,i,j,c0,c1,c2)    \
+        mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+
+# elif defined(BN_UMULT_HIGH)
+/*
+ * Keep in mind that additions to hi can not overflow, because
+ * the high word of a multiplication result cannot be all-ones.
+ */
+#  define mul_add_c(a,b,c0,c1,c2)       do {    \
+        BN_ULONG ta = (a), tb = (b);            \
+        BN_ULONG lo = ta * tb;                  \
+        BN_ULONG hi = BN_UMULT_HIGH(ta,tb);     \
+        c0 += lo; hi += (c0<lo)?1:0;            \
+        c1 += hi; c2 += (c1<hi)?1:0;            \
+        } while(0)
+
+#  define mul_add_c2(a,b,c0,c1,c2)      do {    \
+        BN_ULONG ta = (a), tb = (b), tt;        \
+        BN_ULONG lo = ta * tb;                  \
+        BN_ULONG hi = BN_UMULT_HIGH(ta,tb);     \
+        c0 += lo; tt = hi + ((c0<lo)?1:0);      \
+        c1 += tt; c2 += (c1<tt)?1:0;            \
+        c0 += lo; hi += (c0<lo)?1:0;            \
+        c1 += hi; c2 += (c1<hi)?1:0;            \
+        } while(0)
+
+#  define sqr_add_c(a,i,c0,c1,c2)       do {    \
+        BN_ULONG ta = (a)[i];                   \
+        BN_ULONG lo = ta * ta;                  \
+        BN_ULONG hi = BN_UMULT_HIGH(ta,ta);     \
+        c0 += lo; hi += (c0<lo)?1:0;            \
+        c1 += hi; c2 += (c1<hi)?1:0;            \
+        } while(0)
+
+#  define sqr_add_c2(a,i,j,c0,c1,c2)      \
+        mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+
+# else                          /* !BN_LLONG */
+/*
+ * Keep in mind that additions to hi can not overflow, because
+ * the high word of a multiplication result cannot be all-ones.
+ */
+#  define mul_add_c(a,b,c0,c1,c2)       do {    \
+        BN_ULONG lo = LBITS(a), hi = HBITS(a);  \
+        BN_ULONG bl = LBITS(b), bh = HBITS(b);  \
+        mul64(lo,hi,bl,bh);                     \
+        c0 = (c0+lo)&BN_MASK2; if (c0<lo) hi++; \
+        c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++; \
+        } while(0)
+
+#  define mul_add_c2(a,b,c0,c1,c2)      do {    \
+        BN_ULONG tt;                            \
+        BN_ULONG lo = LBITS(a), hi = HBITS(a);  \
+        BN_ULONG bl = LBITS(b), bh = HBITS(b);  \
+        mul64(lo,hi,bl,bh);                     \
+        tt = hi;                                \
+        c0 = (c0+lo)&BN_MASK2; if (c0<lo) tt++; \
+        c1 = (c1+tt)&BN_MASK2; if (c1<tt) c2++; \
+        c0 = (c0+lo)&BN_MASK2; if (c0<lo) hi++; \
+        c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++; \
+        } while(0)
+
+#  define sqr_add_c(a,i,c0,c1,c2)       do {    \
+        BN_ULONG lo, hi;                        \
+        sqr64(lo,hi,(a)[i]);                    \
+        c0 = (c0+lo)&BN_MASK2; if (c0<lo) hi++; \
+        c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++; \
+        } while(0)
+
+#  define sqr_add_c2(a,i,j,c0,c1,c2) \
+        mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+# endif                         /* !BN_LLONG */
+
+void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+{
+    BN_ULONG c1, c2, c3;
+
+    c1 = 0;
+    c2 = 0;
+    c3 = 0;
+    mul_add_c(a[0], b[0], c1, c2, c3);
+    r[0] = c1;
+    c1 = 0;
+    mul_add_c(a[0], b[1], c2, c3, c1);
+    mul_add_c(a[1], b[0], c2, c3, c1);
+    r[1] = c2;
+    c2 = 0;
+    mul_add_c(a[2], b[0], c3, c1, c2);
+    mul_add_c(a[1], b[1], c3, c1, c2);
+    mul_add_c(a[0], b[2], c3, c1, c2);
+    r[2] = c3;
+    c3 = 0;
+    mul_add_c(a[0], b[3], c1, c2, c3);
+    mul_add_c(a[1], b[2], c1, c2, c3);
+    mul_add_c(a[2], b[1], c1, c2, c3);
+    mul_add_c(a[3], b[0], c1, c2, c3);
+    r[3] = c1;
+    c1 = 0;
+    mul_add_c(a[4], b[0], c2, c3, c1);
+    mul_add_c(a[3], b[1], c2, c3, c1);
+    mul_add_c(a[2], b[2], c2, c3, c1);
+    mul_add_c(a[1], b[3], c2, c3, c1);
+    mul_add_c(a[0], b[4], c2, c3, c1);
+    r[4] = c2;
+    c2 = 0;
+    mul_add_c(a[0], b[5], c3, c1, c2);
+    mul_add_c(a[1], b[4], c3, c1, c2);
+    mul_add_c(a[2], b[3], c3, c1, c2);
+    mul_add_c(a[3], b[2], c3, c1, c2);
+    mul_add_c(a[4], b[1], c3, c1, c2);
+    mul_add_c(a[5], b[0], c3, c1, c2);
+    r[5] = c3;
+    c3 = 0;
+    mul_add_c(a[6], b[0], c1, c2, c3);
+    mul_add_c(a[5], b[1], c1, c2, c3);
+    mul_add_c(a[4], b[2], c1, c2, c3);
+    mul_add_c(a[3], b[3], c1, c2, c3);
+    mul_add_c(a[2], b[4], c1, c2, c3);
+    mul_add_c(a[1], b[5], c1, c2, c3);
+    mul_add_c(a[0], b[6], c1, c2, c3);
+    r[6] = c1;
+    c1 = 0;
+    mul_add_c(a[0], b[7], c2, c3, c1);
+    mul_add_c(a[1], b[6], c2, c3, c1);
+    mul_add_c(a[2], b[5], c2, c3, c1);
+    mul_add_c(a[3], b[4], c2, c3, c1);
+    mul_add_c(a[4], b[3], c2, c3, c1);
+    mul_add_c(a[5], b[2], c2, c3, c1);
+    mul_add_c(a[6], b[1], c2, c3, c1);
+    mul_add_c(a[7], b[0], c2, c3, c1);
+    r[7] = c2;
+    c2 = 0;
+    mul_add_c(a[7], b[1], c3, c1, c2);
+    mul_add_c(a[6], b[2], c3, c1, c2);
+    mul_add_c(a[5], b[3], c3, c1, c2);
+    mul_add_c(a[4], b[4], c3, c1, c2);
+    mul_add_c(a[3], b[5], c3, c1, c2);
+    mul_add_c(a[2], b[6], c3, c1, c2);
+    mul_add_c(a[1], b[7], c3, c1, c2);
+    r[8] = c3;
+    c3 = 0;
+    mul_add_c(a[2], b[7], c1, c2, c3);
+    mul_add_c(a[3], b[6], c1, c2, c3);
+    mul_add_c(a[4], b[5], c1, c2, c3);
+    mul_add_c(a[5], b[4], c1, c2, c3);
+    mul_add_c(a[6], b[3], c1, c2, c3);
+    mul_add_c(a[7], b[2], c1, c2, c3);
+    r[9] = c1;
+    c1 = 0;
+    mul_add_c(a[7], b[3], c2, c3, c1);
+    mul_add_c(a[6], b[4], c2, c3, c1);
+    mul_add_c(a[5], b[5], c2, c3, c1);
+    mul_add_c(a[4], b[6], c2, c3, c1);
+    mul_add_c(a[3], b[7], c2, c3, c1);
+    r[10] = c2;
+    c2 = 0;
+    mul_add_c(a[4], b[7], c3, c1, c2);
+    mul_add_c(a[5], b[6], c3, c1, c2);
+    mul_add_c(a[6], b[5], c3, c1, c2);
+    mul_add_c(a[7], b[4], c3, c1, c2);
+    r[11] = c3;
+    c3 = 0;
+    mul_add_c(a[7], b[5], c1, c2, c3);
+    mul_add_c(a[6], b[6], c1, c2, c3);
+    mul_add_c(a[5], b[7], c1, c2, c3);
+    r[12] = c1;
+    c1 = 0;
+    mul_add_c(a[6], b[7], c2, c3, c1);
+    mul_add_c(a[7], b[6], c2, c3, c1);
+    r[13] = c2;
+    c2 = 0;
+    mul_add_c(a[7], b[7], c3, c1, c2);
+    r[14] = c3;
+    r[15] = c1;
+}
+
+void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+{
+    BN_ULONG c1, c2, c3;
+
+    c1 = 0;
+    c2 = 0;
+    c3 = 0;
+    mul_add_c(a[0], b[0], c1, c2, c3);
+    r[0] = c1;
+    c1 = 0;
+    mul_add_c(a[0], b[1], c2, c3, c1);
+    mul_add_c(a[1], b[0], c2, c3, c1);
+    r[1] = c2;
+    c2 = 0;
+    mul_add_c(a[2], b[0], c3, c1, c2);
+    mul_add_c(a[1], b[1], c3, c1, c2);
+    mul_add_c(a[0], b[2], c3, c1, c2);
+    r[2] = c3;
+    c3 = 0;
+    mul_add_c(a[0], b[3], c1, c2, c3);
+    mul_add_c(a[1], b[2], c1, c2, c3);
+    mul_add_c(a[2], b[1], c1, c2, c3);
+    mul_add_c(a[3], b[0], c1, c2, c3);
+    r[3] = c1;
+    c1 = 0;
+    mul_add_c(a[3], b[1], c2, c3, c1);
+    mul_add_c(a[2], b[2], c2, c3, c1);
+    mul_add_c(a[1], b[3], c2, c3, c1);
+    r[4] = c2;
+    c2 = 0;
+    mul_add_c(a[2], b[3], c3, c1, c2);
+    mul_add_c(a[3], b[2], c3, c1, c2);
+    r[5] = c3;
+    c3 = 0;
+    mul_add_c(a[3], b[3], c1, c2, c3);
+    r[6] = c1;
+    r[7] = c2;
+}
+
+void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a)
+{
+    BN_ULONG c1, c2, c3;
+
+    c1 = 0;
+    c2 = 0;
+    c3 = 0;
+    sqr_add_c(a, 0, c1, c2, c3);
+    r[0] = c1;
+    c1 = 0;
+    sqr_add_c2(a, 1, 0, c2, c3, c1);
+    r[1] = c2;
+    c2 = 0;
+    sqr_add_c(a, 1, c3, c1, c2);
+    sqr_add_c2(a, 2, 0, c3, c1, c2);
+    r[2] = c3;
+    c3 = 0;
+    sqr_add_c2(a, 3, 0, c1, c2, c3);
+    sqr_add_c2(a, 2, 1, c1, c2, c3);
+    r[3] = c1;
+    c1 = 0;
+    sqr_add_c(a, 2, c2, c3, c1);
+    sqr_add_c2(a, 3, 1, c2, c3, c1);
+    sqr_add_c2(a, 4, 0, c2, c3, c1);
+    r[4] = c2;
+    c2 = 0;
+    sqr_add_c2(a, 5, 0, c3, c1, c2);
+    sqr_add_c2(a, 4, 1, c3, c1, c2);
+    sqr_add_c2(a, 3, 2, c3, c1, c2);
+    r[5] = c3;
+    c3 = 0;
+    sqr_add_c(a, 3, c1, c2, c3);
+    sqr_add_c2(a, 4, 2, c1, c2, c3);
+    sqr_add_c2(a, 5, 1, c1, c2, c3);
+    sqr_add_c2(a, 6, 0, c1, c2, c3);
+    r[6] = c1;
+    c1 = 0;
+    sqr_add_c2(a, 7, 0, c2, c3, c1);
+    sqr_add_c2(a, 6, 1, c2, c3, c1);
+    sqr_add_c2(a, 5, 2, c2, c3, c1);
+    sqr_add_c2(a, 4, 3, c2, c3, c1);
+    r[7] = c2;
+    c2 = 0;
+    sqr_add_c(a, 4, c3, c1, c2);
+    sqr_add_c2(a, 5, 3, c3, c1, c2);
+    sqr_add_c2(a, 6, 2, c3, c1, c2);
+    sqr_add_c2(a, 7, 1, c3, c1, c2);
+    r[8] = c3;
+    c3 = 0;
+    sqr_add_c2(a, 7, 2, c1, c2, c3);
+    sqr_add_c2(a, 6, 3, c1, c2, c3);
+    sqr_add_c2(a, 5, 4, c1, c2, c3);
+    r[9] = c1;
+    c1 = 0;
+    sqr_add_c(a, 5, c2, c3, c1);
+    sqr_add_c2(a, 6, 4, c2, c3, c1);
+    sqr_add_c2(a, 7, 3, c2, c3, c1);
+    r[10] = c2;
+    c2 = 0;
+    sqr_add_c2(a, 7, 4, c3, c1, c2);
+    sqr_add_c2(a, 6, 5, c3, c1, c2);
+    r[11] = c3;
+    c3 = 0;
+    sqr_add_c(a, 6, c1, c2, c3);
+    sqr_add_c2(a, 7, 5, c1, c2, c3);
+    r[12] = c1;
+    c1 = 0;
+    sqr_add_c2(a, 7, 6, c2, c3, c1);
+    r[13] = c2;
+    c2 = 0;
+    sqr_add_c(a, 7, c3, c1, c2);
+    r[14] = c3;
+    r[15] = c1;
+}
+
+void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a)
+{
+    BN_ULONG c1, c2, c3;
+
+    c1 = 0;
+    c2 = 0;
+    c3 = 0;
+    sqr_add_c(a, 0, c1, c2, c3);
+    r[0] = c1;
+    c1 = 0;
+    sqr_add_c2(a, 1, 0, c2, c3, c1);
+    r[1] = c2;
+    c2 = 0;
+    sqr_add_c(a, 1, c3, c1, c2);
+    sqr_add_c2(a, 2, 0, c3, c1, c2);
+    r[2] = c3;
+    c3 = 0;
+    sqr_add_c2(a, 3, 0, c1, c2, c3);
+    sqr_add_c2(a, 2, 1, c1, c2, c3);
+    r[3] = c1;
+    c1 = 0;
+    sqr_add_c(a, 2, c2, c3, c1);
+    sqr_add_c2(a, 3, 1, c2, c3, c1);
+    r[4] = c2;
+    c2 = 0;
+    sqr_add_c2(a, 3, 2, c3, c1, c2);
+    r[5] = c3;
+    c3 = 0;
+    sqr_add_c(a, 3, c1, c2, c3);
+    r[6] = c1;
+    r[7] = c2;
+}
+
+# ifdef OPENSSL_NO_ASM
+#  ifdef OPENSSL_BN_ASM_MONT
+#   include <alloca.h>
+/*
+ * This is essentially reference implementation, which may or may not
+ * result in performance improvement. E.g. on IA-32 this routine was
+ * observed to give 40% faster rsa1024 private key operations and 10%
+ * faster rsa4096 ones, while on AMD64 it improves rsa1024 sign only
+ * by 10% and *worsens* rsa4096 sign by 15%. Once again, it's a
+ * reference implementation, one to be used as starting point for
+ * platform-specific assembler. Mentioned numbers apply to compiler
+ * generated code compiled with and without -DOPENSSL_BN_ASM_MONT and
+ * can vary not only from platform to platform, but even for compiler
+ * versions. Assembler vs. assembler improvement coefficients can
+ * [and are known to] differ and are to be documented elsewhere.
+ */
+int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                const BN_ULONG *np, const BN_ULONG *n0p, int num)
+{
+    BN_ULONG c0, c1, ml, *tp, n0;
+#   ifdef mul64
+    BN_ULONG mh;
+#   endif
+    volatile BN_ULONG *vp;
+    int i = 0, j;
+
+#   if 0                        /* template for platform-specific
+                                 * implementation */
+    if (ap == bp)
+        return bn_sqr_mont(rp, ap, np, n0p, num);
+#   endif
+    vp = tp = alloca((num + 2) * sizeof(BN_ULONG));
+
+    n0 = *n0p;
+
+    c0 = 0;
+    ml = bp[0];
+#   ifdef mul64
+    mh = HBITS(ml);
+    ml = LBITS(ml);
+    for (j = 0; j < num; ++j)
+        mul(tp[j], ap[j], ml, mh, c0);
+#   else
+    for (j = 0; j < num; ++j)
+        mul(tp[j], ap[j], ml, c0);
+#   endif
+
+    tp[num] = c0;
+    tp[num + 1] = 0;
+    goto enter;
+
+    for (i = 0; i < num; i++) {
+        c0 = 0;
+        ml = bp[i];
+#   ifdef mul64
+        mh = HBITS(ml);
+        ml = LBITS(ml);
+        for (j = 0; j < num; ++j)
+            mul_add(tp[j], ap[j], ml, mh, c0);
+#   else
+        for (j = 0; j < num; ++j)
+            mul_add(tp[j], ap[j], ml, c0);
+#   endif
+        c1 = (tp[num] + c0) & BN_MASK2;
+        tp[num] = c1;
+        tp[num + 1] = (c1 < c0 ? 1 : 0);
+ enter:
+        c1 = tp[0];
+        ml = (c1 * n0) & BN_MASK2;
+        c0 = 0;
+#   ifdef mul64
+        mh = HBITS(ml);
+        ml = LBITS(ml);
+        mul_add(c1, np[0], ml, mh, c0);
+#   else
+        mul_add(c1, ml, np[0], c0);
+#   endif
+        for (j = 1; j < num; j++) {
+            c1 = tp[j];
+#   ifdef mul64
+            mul_add(c1, np[j], ml, mh, c0);
+#   else
+            mul_add(c1, ml, np[j], c0);
+#   endif
+            tp[j - 1] = c1 & BN_MASK2;
+        }
+        c1 = (tp[num] + c0) & BN_MASK2;
+        tp[num - 1] = c1;
+        tp[num] = tp[num + 1] + (c1 < c0 ? 1 : 0);
+    }
+
+    if (tp[num] != 0 || tp[num - 1] >= np[num - 1]) {
+        c0 = bn_sub_words(rp, tp, np, num);
+        if (tp[num] != 0 || c0 == 0) {
+            for (i = 0; i < num + 2; i++)
+                vp[i] = 0;
+            return 1;
+        }
+    }
+    for (i = 0; i < num; i++)
+        rp[i] = tp[i], vp[i] = 0;
+    vp[num] = 0;
+    vp[num + 1] = 0;
+    return 1;
+}
+#  else
+/*
+ * Return value of 0 indicates that multiplication/convolution was not
+ * performed to signal the caller to fall down to alternative/original
+ * code-path.
+ */
+int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                const BN_ULONG *np, const BN_ULONG *n0, int num)
+{
+    return 0;
+}
+#  endif                        /* OPENSSL_BN_ASM_MONT */
+# endif
+
+#else                           /* !BN_MUL_COMBA */
+
+/* hmm... is it faster just to do a multiply? */
+# undef bn_sqr_comba4
+# undef bn_sqr_comba8
+void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a)
+{
+    BN_ULONG t[8];
+    bn_sqr_normal(r, a, 4, t);
+}
+
+void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a)
+{
+    BN_ULONG t[16];
+    bn_sqr_normal(r, a, 8, t);
+}
+
+void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+{
+    r[4] = bn_mul_words(&(r[0]), a, 4, b[0]);
+    r[5] = bn_mul_add_words(&(r[1]), a, 4, b[1]);
+    r[6] = bn_mul_add_words(&(r[2]), a, 4, b[2]);
+    r[7] = bn_mul_add_words(&(r[3]), a, 4, b[3]);
+}
+
+void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+{
+    r[8] = bn_mul_words(&(r[0]), a, 8, b[0]);
+    r[9] = bn_mul_add_words(&(r[1]), a, 8, b[1]);
+    r[10] = bn_mul_add_words(&(r[2]), a, 8, b[2]);
+    r[11] = bn_mul_add_words(&(r[3]), a, 8, b[3]);
+    r[12] = bn_mul_add_words(&(r[4]), a, 8, b[4]);
+    r[13] = bn_mul_add_words(&(r[5]), a, 8, b[5]);
+    r[14] = bn_mul_add_words(&(r[6]), a, 8, b[6]);
+    r[15] = bn_mul_add_words(&(r[7]), a, 8, b[7]);
+}
+
+# ifdef OPENSSL_NO_ASM
+#  ifdef OPENSSL_BN_ASM_MONT
+#   include <alloca.h>
+int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                const BN_ULONG *np, const BN_ULONG *n0p, int num)
+{
+    BN_ULONG c0, c1, *tp, n0 = *n0p;
+    volatile BN_ULONG *vp;
+    int i = 0, j;
+
+    vp = tp = alloca((num + 2) * sizeof(BN_ULONG));
+
+    for (i = 0; i <= num; i++)
+        tp[i] = 0;
+
+    for (i = 0; i < num; i++) {
+        c0 = bn_mul_add_words(tp, ap, num, bp[i]);
+        c1 = (tp[num] + c0) & BN_MASK2;
+        tp[num] = c1;
+        tp[num + 1] = (c1 < c0 ? 1 : 0);
+
+        c0 = bn_mul_add_words(tp, np, num, tp[0] * n0);
+        c1 = (tp[num] + c0) & BN_MASK2;
+        tp[num] = c1;
+        tp[num + 1] += (c1 < c0 ? 1 : 0);
+        for (j = 0; j <= num; j++)
+            tp[j] = tp[j + 1];
+    }
+
+    if (tp[num] != 0 || tp[num - 1] >= np[num - 1]) {
+        c0 = bn_sub_words(rp, tp, np, num);
+        if (tp[num] != 0 || c0 == 0) {
+            for (i = 0; i < num + 2; i++)
+                vp[i] = 0;
+            return 1;
+        }
+    }
+    for (i = 0; i < num; i++)
+        rp[i] = tp[i], vp[i] = 0;
+    vp[num] = 0;
+    vp[num + 1] = 0;
+    return 1;
+}
+#  else
+int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                const BN_ULONG *np, const BN_ULONG *n0, int num)
+{
+    return 0;
+}
+#  endif                        /* OPENSSL_BN_ASM_MONT */
+# endif
+
+#endif                          /* !BN_MUL_COMBA */
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_blind.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_blind.c
new file mode 100644
index 000000000..450cdfb34
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_blind.c
@@ -0,0 +1,312 @@
+/*
+ * Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#include "internal/cryptlib.h"
+#include "bn_lcl.h"
+
+#define BN_BLINDING_COUNTER     32
+
+struct bn_blinding_st {
+    BIGNUM *A;
+    BIGNUM *Ai;
+    BIGNUM *e;
+    BIGNUM *mod;                /* just a reference */
+    CRYPTO_THREAD_ID tid;
+    int counter;
+    unsigned long flags;
+    BN_MONT_CTX *m_ctx;
+    int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                       const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+    CRYPTO_RWLOCK *lock;
+};
+
+BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod)
+{
+    BN_BLINDING *ret = NULL;
+
+    bn_check_top(mod);
+
+    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) {
+        BNerr(BN_F_BN_BLINDING_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        BNerr(BN_F_BN_BLINDING_NEW, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+
+    BN_BLINDING_set_current_thread(ret);
+
+    if (A != NULL) {
+        if ((ret->A = BN_dup(A)) == NULL)
+            goto err;
+    }
+
+    if (Ai != NULL) {
+        if ((ret->Ai = BN_dup(Ai)) == NULL)
+            goto err;
+    }
+
+    /* save a copy of mod in the BN_BLINDING structure */
+    if ((ret->mod = BN_dup(mod)) == NULL)
+        goto err;
+
+    if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
+        BN_set_flags(ret->mod, BN_FLG_CONSTTIME);
+
+    /*
+     * Set the counter to the special value -1 to indicate that this is
+     * never-used fresh blinding that does not need updating before first
+     * use.
+     */
+    ret->counter = -1;
+
+    return ret;
+
+ err:
+    BN_BLINDING_free(ret);
+    return NULL;
+}
+
+void BN_BLINDING_free(BN_BLINDING *r)
+{
+    if (r == NULL)
+        return;
+    BN_free(r->A);
+    BN_free(r->Ai);
+    BN_free(r->e);
+    BN_free(r->mod);
+    CRYPTO_THREAD_lock_free(r->lock);
+    OPENSSL_free(r);
+}
+
+int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx)
+{
+    int ret = 0;
+
+    if ((b->A == NULL) || (b->Ai == NULL)) {
+        BNerr(BN_F_BN_BLINDING_UPDATE, BN_R_NOT_INITIALIZED);
+        goto err;
+    }
+
+    if (b->counter == -1)
+        b->counter = 0;
+
+    if (++b->counter == BN_BLINDING_COUNTER && b->e != NULL &&
+        !(b->flags & BN_BLINDING_NO_RECREATE)) {
+        /* re-create blinding parameters */
+        if (!BN_BLINDING_create_param(b, NULL, NULL, ctx, NULL, NULL))
+            goto err;
+    } else if (!(b->flags & BN_BLINDING_NO_UPDATE)) {
+        if (b->m_ctx != NULL) {
+            if (!bn_mul_mont_fixed_top(b->Ai, b->Ai, b->Ai, b->m_ctx, ctx)
+                || !bn_mul_mont_fixed_top(b->A, b->A, b->A, b->m_ctx, ctx))
+                goto err;
+        } else {
+            if (!BN_mod_mul(b->Ai, b->Ai, b->Ai, b->mod, ctx)
+                || !BN_mod_mul(b->A, b->A, b->A, b->mod, ctx))
+                goto err;
+        }
+    }
+
+    ret = 1;
+ err:
+    if (b->counter == BN_BLINDING_COUNTER)
+        b->counter = 0;
+    return ret;
+}
+
+int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx)
+{
+    return BN_BLINDING_convert_ex(n, NULL, b, ctx);
+}
+
+int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx)
+{
+    int ret = 1;
+
+    bn_check_top(n);
+
+    if ((b->A == NULL) || (b->Ai == NULL)) {
+        BNerr(BN_F_BN_BLINDING_CONVERT_EX, BN_R_NOT_INITIALIZED);
+        return 0;
+    }
+
+    if (b->counter == -1)
+        /* Fresh blinding, doesn't need updating. */
+        b->counter = 0;
+    else if (!BN_BLINDING_update(b, ctx))
+        return 0;
+
+    if (r != NULL && (BN_copy(r, b->Ai) == NULL))
+        return 0;
+
+    if (b->m_ctx != NULL)
+        ret = BN_mod_mul_montgomery(n, n, b->A, b->m_ctx, ctx);
+    else
+        ret = BN_mod_mul(n, n, b->A, b->mod, ctx);
+
+    return ret;
+}
+
+int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx)
+{
+    return BN_BLINDING_invert_ex(n, NULL, b, ctx);
+}
+
+int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b,
+                          BN_CTX *ctx)
+{
+    int ret;
+
+    bn_check_top(n);
+
+    if (r == NULL && (r = b->Ai) == NULL) {
+        BNerr(BN_F_BN_BLINDING_INVERT_EX, BN_R_NOT_INITIALIZED);
+        return 0;
+    }
+
+    if (b->m_ctx != NULL) {
+        /* ensure that BN_mod_mul_montgomery takes pre-defined path */
+        if (n->dmax >= r->top) {
+            size_t i, rtop = r->top, ntop = n->top;
+            BN_ULONG mask;
+
+            for (i = 0; i < rtop; i++) {
+                mask = (BN_ULONG)0 - ((i - ntop) >> (8 * sizeof(i) - 1));
+                n->d[i] &= mask;
+            }
+            mask = (BN_ULONG)0 - ((rtop - ntop) >> (8 * sizeof(ntop) - 1));
+            /* always true, if (rtop >= ntop) n->top = r->top; */
+            n->top = (int)(rtop & ~mask) | (ntop & mask);
+            n->flags |= (BN_FLG_FIXED_TOP & ~mask);
+        }
+        ret = BN_mod_mul_montgomery(n, n, r, b->m_ctx, ctx);
+    } else {
+        ret = BN_mod_mul(n, n, r, b->mod, ctx);
+    }
+
+    bn_check_top(n);
+    return ret;
+}
+
+int BN_BLINDING_is_current_thread(BN_BLINDING *b)
+{
+    return CRYPTO_THREAD_compare_id(CRYPTO_THREAD_get_current_id(), b->tid);
+}
+
+void BN_BLINDING_set_current_thread(BN_BLINDING *b)
+{
+    b->tid = CRYPTO_THREAD_get_current_id();
+}
+
+int BN_BLINDING_lock(BN_BLINDING *b)
+{
+    return CRYPTO_THREAD_write_lock(b->lock);
+}
+
+int BN_BLINDING_unlock(BN_BLINDING *b)
+{
+    return CRYPTO_THREAD_unlock(b->lock);
+}
+
+unsigned long BN_BLINDING_get_flags(const BN_BLINDING *b)
+{
+    return b->flags;
+}
+
+void BN_BLINDING_set_flags(BN_BLINDING *b, unsigned long flags)
+{
+    b->flags = flags;
+}
+
+BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
+                                      const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
+                                      int (*bn_mod_exp) (BIGNUM *r,
+                                                         const BIGNUM *a,
+                                                         const BIGNUM *p,
+                                                         const BIGNUM *m,
+                                                         BN_CTX *ctx,
+                                                         BN_MONT_CTX *m_ctx),
+                                      BN_MONT_CTX *m_ctx)
+{
+    int retry_counter = 32;
+    BN_BLINDING *ret = NULL;
+
+    if (b == NULL)
+        ret = BN_BLINDING_new(NULL, NULL, m);
+    else
+        ret = b;
+
+    if (ret == NULL)
+        goto err;
+
+    if (ret->A == NULL && (ret->A = BN_new()) == NULL)
+        goto err;
+    if (ret->Ai == NULL && (ret->Ai = BN_new()) == NULL)
+        goto err;
+
+    if (e != NULL) {
+        BN_free(ret->e);
+        ret->e = BN_dup(e);
+    }
+    if (ret->e == NULL)
+        goto err;
+
+    if (bn_mod_exp != NULL)
+        ret->bn_mod_exp = bn_mod_exp;
+    if (m_ctx != NULL)
+        ret->m_ctx = m_ctx;
+
+    do {
+        int rv;
+        if (!BN_priv_rand_range(ret->A, ret->mod))
+            goto err;
+        if (int_bn_mod_inverse(ret->Ai, ret->A, ret->mod, ctx, &rv))
+            break;
+
+        /*
+         * this should almost never happen for good RSA keys
+         */
+        if (!rv)
+            goto err;
+
+        if (retry_counter-- == 0) {
+            BNerr(BN_F_BN_BLINDING_CREATE_PARAM, BN_R_TOO_MANY_ITERATIONS);
+            goto err;
+        }
+    } while (1);
+
+    if (ret->bn_mod_exp != NULL && ret->m_ctx != NULL) {
+        if (!ret->bn_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx, ret->m_ctx))
+            goto err;
+    } else {
+        if (!BN_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx))
+            goto err;
+    }
+
+    if (ret->m_ctx != NULL) {
+        if (!bn_to_mont_fixed_top(ret->Ai, ret->Ai, ret->m_ctx, ctx)
+            || !bn_to_mont_fixed_top(ret->A, ret->A, ret->m_ctx, ctx))
+            goto err;
+    }
+
+    return ret;
+ err:
+    if (b == NULL) {
+        BN_BLINDING_free(ret);
+        ret = NULL;
+    }
+
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_const.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_const.c
new file mode 100644
index 000000000..39dd61202
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_const.c
@@ -0,0 +1,553 @@
+/*
+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/bn.h>
+
+/*-
+ * "First Oakley Default Group" from RFC2409, section 6.1.
+ *
+ * The prime is: 2^768 - 2 ^704 - 1 + 2^64 * { [2^638 pi] + 149686 }
+ *
+ * RFC2409 specifies a generator of 2.
+ * RFC2412 specifies a generator of of 22.
+ */
+
+BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn)
+{
+    static const unsigned char RFC2409_PRIME_768[] = {
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
+        0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+        0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
+        0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
+        0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+        0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
+        0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
+        0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+        0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
+        0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x3A, 0x36, 0x20,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    };
+    return BN_bin2bn(RFC2409_PRIME_768, sizeof(RFC2409_PRIME_768), bn);
+}
+
+/*-
+ * "Second Oakley Default Group" from RFC2409, section 6.2.
+ *
+ * The prime is: 2^1024 - 2^960 - 1 + 2^64 * { [2^894 pi] + 129093 }.
+ *
+ * RFC2409 specifies a generator of 2.
+ * RFC2412 specifies a generator of 22.
+ */
+
+BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn)
+{
+    static const unsigned char RFC2409_PRIME_1024[] = {
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
+        0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+        0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
+        0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
+        0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+        0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
+        0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
+        0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+        0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
+        0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
+        0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+        0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
+        0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
+        0x49, 0x28, 0x66, 0x51, 0xEC, 0xE6, 0x53, 0x81,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    };
+    return BN_bin2bn(RFC2409_PRIME_1024, sizeof(RFC2409_PRIME_1024), bn);
+}
+
+/*-
+ * "1536-bit MODP Group" from RFC3526, Section 2.
+ *
+ * The prime is: 2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 }
+ *
+ * RFC3526 specifies a generator of 2.
+ * RFC2312 specifies a generator of 22.
+ */
+
+BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn)
+{
+    static const unsigned char RFC3526_PRIME_1536[] = {
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
+        0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+        0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
+        0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
+        0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+        0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
+        0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
+        0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+        0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
+        0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
+        0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+        0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
+        0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
+        0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+        0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
+        0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A,
+        0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+        0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96,
+        0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
+        0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+        0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
+        0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x23, 0x73, 0x27,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    };
+    return BN_bin2bn(RFC3526_PRIME_1536, sizeof(RFC3526_PRIME_1536), bn);
+}
+
+/*-
+ * "2048-bit MODP Group" from RFC3526, Section 3.
+ *
+ * The prime is: 2^2048 - 2^1984 - 1 + 2^64 * { [2^1918 pi] + 124476 }
+ *
+ * RFC3526 specifies a generator of 2.
+ */
+
+BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn)
+{
+    static const unsigned char RFC3526_PRIME_2048[] = {
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
+        0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+        0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
+        0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
+        0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+        0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
+        0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
+        0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+        0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
+        0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
+        0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+        0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
+        0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
+        0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+        0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
+        0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A,
+        0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+        0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96,
+        0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
+        0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+        0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
+        0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C,
+        0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+        0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03,
+        0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
+        0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+        0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
+        0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5,
+        0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+        0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    };
+    return BN_bin2bn(RFC3526_PRIME_2048, sizeof(RFC3526_PRIME_2048), bn);
+}
+
+/*-
+ * "3072-bit MODP Group" from RFC3526, Section 4.
+ *
+ * The prime is: 2^3072 - 2^3008 - 1 + 2^64 * { [2^2942 pi] + 1690314 }
+ *
+ * RFC3526 specifies a generator of 2.
+ */
+
+BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn)
+{
+    static const unsigned char RFC3526_PRIME_3072[] = {
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
+        0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+        0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
+        0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
+        0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+        0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
+        0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
+        0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+        0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
+        0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
+        0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+        0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
+        0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
+        0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+        0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
+        0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A,
+        0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+        0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96,
+        0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
+        0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+        0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
+        0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C,
+        0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+        0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03,
+        0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
+        0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+        0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
+        0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5,
+        0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+        0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D,
+        0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33,
+        0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
+        0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A,
+        0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D,
+        0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
+        0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7,
+        0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D,
+        0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
+        0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64,
+        0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64,
+        0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
+        0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C,
+        0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2,
+        0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
+        0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E,
+        0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x3A, 0xD2, 0xCA,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    };
+    return BN_bin2bn(RFC3526_PRIME_3072, sizeof(RFC3526_PRIME_3072), bn);
+}
+
+/*-
+ * "4096-bit MODP Group" from RFC3526, Section 5.
+ *
+ * The prime is: 2^4096 - 2^4032 - 1 + 2^64 * { [2^3966 pi] + 240904 }
+ *
+ * RFC3526 specifies a generator of 2.
+ */
+
+BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn)
+{
+    static const unsigned char RFC3526_PRIME_4096[] = {
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
+        0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+        0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
+        0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
+        0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+        0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
+        0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
+        0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+        0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
+        0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
+        0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+        0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
+        0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
+        0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+        0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
+        0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A,
+        0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+        0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96,
+        0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
+        0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+        0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
+        0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C,
+        0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+        0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03,
+        0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
+        0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+        0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
+        0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5,
+        0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+        0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D,
+        0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33,
+        0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
+        0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A,
+        0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D,
+        0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
+        0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7,
+        0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D,
+        0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
+        0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64,
+        0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64,
+        0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
+        0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C,
+        0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2,
+        0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
+        0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E,
+        0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01,
+        0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
+        0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26,
+        0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C,
+        0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA,
+        0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8,
+        0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9,
+        0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
+        0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D,
+        0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2,
+        0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED,
+        0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF,
+        0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C,
+        0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
+        0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1,
+        0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F,
+        0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 0x99,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    };
+    return BN_bin2bn(RFC3526_PRIME_4096, sizeof(RFC3526_PRIME_4096), bn);
+}
+
+/*-
+ * "6144-bit MODP Group" from RFC3526, Section 6.
+ *
+ * The prime is: 2^6144 - 2^6080 - 1 + 2^64 * { [2^6014 pi] + 929484 }
+ *
+ * RFC3526 specifies a generator of 2.
+ */
+
+BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn)
+{
+    static const unsigned char RFC3526_PRIME_6144[] = {
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
+        0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+        0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
+        0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
+        0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+        0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
+        0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
+        0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+        0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
+        0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
+        0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+        0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
+        0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
+        0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+        0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
+        0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A,
+        0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+        0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96,
+        0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
+        0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+        0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
+        0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C,
+        0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+        0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03,
+        0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
+        0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+        0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
+        0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5,
+        0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+        0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D,
+        0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33,
+        0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
+        0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A,
+        0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D,
+        0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
+        0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7,
+        0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D,
+        0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
+        0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64,
+        0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64,
+        0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
+        0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C,
+        0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2,
+        0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
+        0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E,
+        0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01,
+        0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
+        0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26,
+        0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C,
+        0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA,
+        0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8,
+        0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9,
+        0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
+        0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D,
+        0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2,
+        0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED,
+        0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF,
+        0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C,
+        0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
+        0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1,
+        0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F,
+        0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92,
+        0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, 0x26,
+        0xC1, 0xD4, 0xDC, 0xB2, 0x60, 0x26, 0x46, 0xDE,
+        0xC9, 0x75, 0x1E, 0x76, 0x3D, 0xBA, 0x37, 0xBD,
+        0xF8, 0xFF, 0x94, 0x06, 0xAD, 0x9E, 0x53, 0x0E,
+        0xE5, 0xDB, 0x38, 0x2F, 0x41, 0x30, 0x01, 0xAE,
+        0xB0, 0x6A, 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31,
+        0x17, 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18,
+        0xDA, 0x3E, 0xDB, 0xEB, 0xCF, 0x9B, 0x14, 0xED,
+        0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, 0xBB, 0x1B,
+        0xDB, 0x7F, 0x14, 0x47, 0xE6, 0xCC, 0x25, 0x4B,
+        0x33, 0x20, 0x51, 0x51, 0x2B, 0xD7, 0xAF, 0x42,
+        0x6F, 0xB8, 0xF4, 0x01, 0x37, 0x8C, 0xD2, 0xBF,
+        0x59, 0x83, 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC,
+        0xF0, 0x32, 0xEA, 0x15, 0xD1, 0x72, 0x1D, 0x03,
+        0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, 0xF6,
+        0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, 0x0C, 0x82,
+        0xB5, 0xA8, 0x40, 0x31, 0x90, 0x0B, 0x1C, 0x9E,
+        0x59, 0xE7, 0xC9, 0x7F, 0xBE, 0xC7, 0xE8, 0xF3,
+        0x23, 0xA9, 0x7A, 0x7E, 0x36, 0xCC, 0x88, 0xBE,
+        0x0F, 0x1D, 0x45, 0xB7, 0xFF, 0x58, 0x5A, 0xC5,
+        0x4B, 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA,
+        0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, 0xD8,
+        0x14, 0xCC, 0x5E, 0xD2, 0x0F, 0x80, 0x37, 0xE0,
+        0xA7, 0x97, 0x15, 0xEE, 0xF2, 0x9B, 0xE3, 0x28,
+        0x06, 0xA1, 0xD5, 0x8B, 0xB7, 0xC5, 0xDA, 0x76,
+        0xF5, 0x50, 0xAA, 0x3D, 0x8A, 0x1F, 0xBF, 0xF0,
+        0xEB, 0x19, 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C,
+        0xDA, 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32,
+        0x38, 0x7F, 0xE8, 0xD7, 0x6E, 0x3C, 0x04, 0x68,
+        0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, 0x60, 0xEE,
+        0x12, 0xBF, 0x2D, 0x5B, 0x0B, 0x74, 0x74, 0xD6,
+        0xE6, 0x94, 0xF9, 0x1E, 0x6D, 0xCC, 0x40, 0x24,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    };
+    return BN_bin2bn(RFC3526_PRIME_6144, sizeof(RFC3526_PRIME_6144), bn);
+}
+
+/*-
+ * "8192-bit MODP Group" from RFC3526, Section 7.
+ *
+ * The prime is: 2^8192 - 2^8128 - 1 + 2^64 * { [2^8062 pi] + 4743158 }
+ *
+ * RFC3526 specifies a generator of 2.
+ */
+
+BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn)
+{
+    static const unsigned char RFC3526_PRIME_8192[] = {
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
+        0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+        0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
+        0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
+        0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+        0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
+        0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
+        0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+        0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
+        0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
+        0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+        0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
+        0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
+        0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+        0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
+        0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A,
+        0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+        0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96,
+        0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
+        0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+        0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
+        0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C,
+        0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+        0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03,
+        0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
+        0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+        0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
+        0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5,
+        0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+        0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D,
+        0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33,
+        0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
+        0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A,
+        0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D,
+        0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
+        0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7,
+        0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D,
+        0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
+        0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64,
+        0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64,
+        0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
+        0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C,
+        0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2,
+        0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
+        0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E,
+        0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01,
+        0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
+        0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26,
+        0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C,
+        0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA,
+        0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8,
+        0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9,
+        0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
+        0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D,
+        0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2,
+        0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED,
+        0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF,
+        0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C,
+        0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
+        0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1,
+        0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F,
+        0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92,
+        0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, 0x26,
+        0xC1, 0xD4, 0xDC, 0xB2, 0x60, 0x26, 0x46, 0xDE,
+        0xC9, 0x75, 0x1E, 0x76, 0x3D, 0xBA, 0x37, 0xBD,
+        0xF8, 0xFF, 0x94, 0x06, 0xAD, 0x9E, 0x53, 0x0E,
+        0xE5, 0xDB, 0x38, 0x2F, 0x41, 0x30, 0x01, 0xAE,
+        0xB0, 0x6A, 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31,
+        0x17, 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18,
+        0xDA, 0x3E, 0xDB, 0xEB, 0xCF, 0x9B, 0x14, 0xED,
+        0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, 0xBB, 0x1B,
+        0xDB, 0x7F, 0x14, 0x47, 0xE6, 0xCC, 0x25, 0x4B,
+        0x33, 0x20, 0x51, 0x51, 0x2B, 0xD7, 0xAF, 0x42,
+        0x6F, 0xB8, 0xF4, 0x01, 0x37, 0x8C, 0xD2, 0xBF,
+        0x59, 0x83, 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC,
+        0xF0, 0x32, 0xEA, 0x15, 0xD1, 0x72, 0x1D, 0x03,
+        0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, 0xF6,
+        0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, 0x0C, 0x82,
+        0xB5, 0xA8, 0x40, 0x31, 0x90, 0x0B, 0x1C, 0x9E,
+        0x59, 0xE7, 0xC9, 0x7F, 0xBE, 0xC7, 0xE8, 0xF3,
+        0x23, 0xA9, 0x7A, 0x7E, 0x36, 0xCC, 0x88, 0xBE,
+        0x0F, 0x1D, 0x45, 0xB7, 0xFF, 0x58, 0x5A, 0xC5,
+        0x4B, 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA,
+        0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, 0xD8,
+        0x14, 0xCC, 0x5E, 0xD2, 0x0F, 0x80, 0x37, 0xE0,
+        0xA7, 0x97, 0x15, 0xEE, 0xF2, 0x9B, 0xE3, 0x28,
+        0x06, 0xA1, 0xD5, 0x8B, 0xB7, 0xC5, 0xDA, 0x76,
+        0xF5, 0x50, 0xAA, 0x3D, 0x8A, 0x1F, 0xBF, 0xF0,
+        0xEB, 0x19, 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C,
+        0xDA, 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32,
+        0x38, 0x7F, 0xE8, 0xD7, 0x6E, 0x3C, 0x04, 0x68,
+        0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, 0x60, 0xEE,
+        0x12, 0xBF, 0x2D, 0x5B, 0x0B, 0x74, 0x74, 0xD6,
+        0xE6, 0x94, 0xF9, 0x1E, 0x6D, 0xBE, 0x11, 0x59,
+        0x74, 0xA3, 0x92, 0x6F, 0x12, 0xFE, 0xE5, 0xE4,
+        0x38, 0x77, 0x7C, 0xB6, 0xA9, 0x32, 0xDF, 0x8C,
+        0xD8, 0xBE, 0xC4, 0xD0, 0x73, 0xB9, 0x31, 0xBA,
+        0x3B, 0xC8, 0x32, 0xB6, 0x8D, 0x9D, 0xD3, 0x00,
+        0x74, 0x1F, 0xA7, 0xBF, 0x8A, 0xFC, 0x47, 0xED,
+        0x25, 0x76, 0xF6, 0x93, 0x6B, 0xA4, 0x24, 0x66,
+        0x3A, 0xAB, 0x63, 0x9C, 0x5A, 0xE4, 0xF5, 0x68,
+        0x34, 0x23, 0xB4, 0x74, 0x2B, 0xF1, 0xC9, 0x78,
+        0x23, 0x8F, 0x16, 0xCB, 0xE3, 0x9D, 0x65, 0x2D,
+        0xE3, 0xFD, 0xB8, 0xBE, 0xFC, 0x84, 0x8A, 0xD9,
+        0x22, 0x22, 0x2E, 0x04, 0xA4, 0x03, 0x7C, 0x07,
+        0x13, 0xEB, 0x57, 0xA8, 0x1A, 0x23, 0xF0, 0xC7,
+        0x34, 0x73, 0xFC, 0x64, 0x6C, 0xEA, 0x30, 0x6B,
+        0x4B, 0xCB, 0xC8, 0x86, 0x2F, 0x83, 0x85, 0xDD,
+        0xFA, 0x9D, 0x4B, 0x7F, 0xA2, 0xC0, 0x87, 0xE8,
+        0x79, 0x68, 0x33, 0x03, 0xED, 0x5B, 0xDD, 0x3A,
+        0x06, 0x2B, 0x3C, 0xF5, 0xB3, 0xA2, 0x78, 0xA6,
+        0x6D, 0x2A, 0x13, 0xF8, 0x3F, 0x44, 0xF8, 0x2D,
+        0xDF, 0x31, 0x0E, 0xE0, 0x74, 0xAB, 0x6A, 0x36,
+        0x45, 0x97, 0xE8, 0x99, 0xA0, 0x25, 0x5D, 0xC1,
+        0x64, 0xF3, 0x1C, 0xC5, 0x08, 0x46, 0x85, 0x1D,
+        0xF9, 0xAB, 0x48, 0x19, 0x5D, 0xED, 0x7E, 0xA1,
+        0xB1, 0xD5, 0x10, 0xBD, 0x7E, 0xE7, 0x4D, 0x73,
+        0xFA, 0xF3, 0x6B, 0xC3, 0x1E, 0xCF, 0xA2, 0x68,
+        0x35, 0x90, 0x46, 0xF4, 0xEB, 0x87, 0x9F, 0x92,
+        0x40, 0x09, 0x43, 0x8B, 0x48, 0x1C, 0x6C, 0xD7,
+        0x88, 0x9A, 0x00, 0x2E, 0xD5, 0xEE, 0x38, 0x2B,
+        0xC9, 0x19, 0x0D, 0xA6, 0xFC, 0x02, 0x6E, 0x47,
+        0x95, 0x58, 0xE4, 0x47, 0x56, 0x77, 0xE9, 0xAA,
+        0x9E, 0x30, 0x50, 0xE2, 0x76, 0x56, 0x94, 0xDF,
+        0xC8, 0x1F, 0x56, 0xE8, 0x80, 0xB9, 0x6E, 0x71,
+        0x60, 0xC9, 0x80, 0xDD, 0x98, 0xED, 0xD3, 0xDF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    };
+    return BN_bin2bn(RFC3526_PRIME_8192, sizeof(RFC3526_PRIME_8192), bn);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_ctx.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_ctx.c
new file mode 100644
index 000000000..54b799961
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_ctx.c
@@ -0,0 +1,361 @@
+/*
+ * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include "bn_lcl.h"
+
+/*-
+ * TODO list
+ *
+ * 1. Check a bunch of "(words+1)" type hacks in various bignum functions and
+ * check they can be safely removed.
+ *  - Check +1 and other ugliness in BN_from_montgomery()
+ *
+ * 2. Consider allowing a BN_new_ex() that, at least, lets you specify an
+ * appropriate 'block' size that will be honoured by bn_expand_internal() to
+ * prevent piddly little reallocations. OTOH, profiling bignum expansions in
+ * BN_CTX doesn't show this to be a big issue.
+ */
+
+/* How many bignums are in each "pool item"; */
+#define BN_CTX_POOL_SIZE        16
+/* The stack frame info is resizing, set a first-time expansion size; */
+#define BN_CTX_START_FRAMES     32
+
+/***********/
+/* BN_POOL */
+/***********/
+
+/* A bundle of bignums that can be linked with other bundles */
+typedef struct bignum_pool_item {
+    /* The bignum values */
+    BIGNUM vals[BN_CTX_POOL_SIZE];
+    /* Linked-list admin */
+    struct bignum_pool_item *prev, *next;
+} BN_POOL_ITEM;
+/* A linked-list of bignums grouped in bundles */
+typedef struct bignum_pool {
+    /* Linked-list admin */
+    BN_POOL_ITEM *head, *current, *tail;
+    /* Stack depth and allocation size */
+    unsigned used, size;
+} BN_POOL;
+static void BN_POOL_init(BN_POOL *);
+static void BN_POOL_finish(BN_POOL *);
+static BIGNUM *BN_POOL_get(BN_POOL *, int);
+static void BN_POOL_release(BN_POOL *, unsigned int);
+
+/************/
+/* BN_STACK */
+/************/
+
+/* A wrapper to manage the "stack frames" */
+typedef struct bignum_ctx_stack {
+    /* Array of indexes into the bignum stack */
+    unsigned int *indexes;
+    /* Number of stack frames, and the size of the allocated array */
+    unsigned int depth, size;
+} BN_STACK;
+static void BN_STACK_init(BN_STACK *);
+static void BN_STACK_finish(BN_STACK *);
+static int BN_STACK_push(BN_STACK *, unsigned int);
+static unsigned int BN_STACK_pop(BN_STACK *);
+
+/**********/
+/* BN_CTX */
+/**********/
+
+/* The opaque BN_CTX type */
+struct bignum_ctx {
+    /* The bignum bundles */
+    BN_POOL pool;
+    /* The "stack frames", if you will */
+    BN_STACK stack;
+    /* The number of bignums currently assigned */
+    unsigned int used;
+    /* Depth of stack overflow */
+    int err_stack;
+    /* Block "gets" until an "end" (compatibility behaviour) */
+    int too_many;
+    /* Flags. */
+    int flags;
+};
+
+/* Enable this to find BN_CTX bugs */
+#ifdef BN_CTX_DEBUG
+static const char *ctxdbg_cur = NULL;
+static void ctxdbg(BN_CTX *ctx)
+{
+    unsigned int bnidx = 0, fpidx = 0;
+    BN_POOL_ITEM *item = ctx->pool.head;
+    BN_STACK *stack = &ctx->stack;
+    fprintf(stderr, "(%16p): ", ctx);
+    while (bnidx < ctx->used) {
+        fprintf(stderr, "%03x ", item->vals[bnidx++ % BN_CTX_POOL_SIZE].dmax);
+        if (!(bnidx % BN_CTX_POOL_SIZE))
+            item = item->next;
+    }
+    fprintf(stderr, "\n");
+    bnidx = 0;
+    fprintf(stderr, "          : ");
+    while (fpidx < stack->depth) {
+        while (bnidx++ < stack->indexes[fpidx])
+            fprintf(stderr, "    ");
+        fprintf(stderr, "^^^ ");
+        bnidx++;
+        fpidx++;
+    }
+    fprintf(stderr, "\n");
+}
+
+# define CTXDBG_ENTRY(str, ctx)  do { \
+                                ctxdbg_cur = (str); \
+                                fprintf(stderr,"Starting %s\n", ctxdbg_cur); \
+                                ctxdbg(ctx); \
+                                } while(0)
+# define CTXDBG_EXIT(ctx)        do { \
+                                fprintf(stderr,"Ending %s\n", ctxdbg_cur); \
+                                ctxdbg(ctx); \
+                                } while(0)
+# define CTXDBG_RET(ctx,ret)
+#else
+# define CTXDBG_ENTRY(str, ctx)
+# define CTXDBG_EXIT(ctx)
+# define CTXDBG_RET(ctx,ret)
+#endif
+
+
+BN_CTX *BN_CTX_new(void)
+{
+    BN_CTX *ret;
+
+    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) {
+        BNerr(BN_F_BN_CTX_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    /* Initialise the structure */
+    BN_POOL_init(&ret->pool);
+    BN_STACK_init(&ret->stack);
+    return ret;
+}
+
+BN_CTX *BN_CTX_secure_new(void)
+{
+    BN_CTX *ret = BN_CTX_new();
+
+    if (ret != NULL)
+        ret->flags = BN_FLG_SECURE;
+    return ret;
+}
+
+void BN_CTX_free(BN_CTX *ctx)
+{
+    if (ctx == NULL)
+        return;
+#ifdef BN_CTX_DEBUG
+    {
+        BN_POOL_ITEM *pool = ctx->pool.head;
+        fprintf(stderr, "BN_CTX_free, stack-size=%d, pool-bignums=%d\n",
+                ctx->stack.size, ctx->pool.size);
+        fprintf(stderr, "dmaxs: ");
+        while (pool) {
+            unsigned loop = 0;
+            while (loop < BN_CTX_POOL_SIZE)
+                fprintf(stderr, "%02x ", pool->vals[loop++].dmax);
+            pool = pool->next;
+        }
+        fprintf(stderr, "\n");
+    }
+#endif
+    BN_STACK_finish(&ctx->stack);
+    BN_POOL_finish(&ctx->pool);
+    OPENSSL_free(ctx);
+}
+
+void BN_CTX_start(BN_CTX *ctx)
+{
+    CTXDBG_ENTRY("BN_CTX_start", ctx);
+    /* If we're already overflowing ... */
+    if (ctx->err_stack || ctx->too_many)
+        ctx->err_stack++;
+    /* (Try to) get a new frame pointer */
+    else if (!BN_STACK_push(&ctx->stack, ctx->used)) {
+        BNerr(BN_F_BN_CTX_START, BN_R_TOO_MANY_TEMPORARY_VARIABLES);
+        ctx->err_stack++;
+    }
+    CTXDBG_EXIT(ctx);
+}
+
+void BN_CTX_end(BN_CTX *ctx)
+{
+    CTXDBG_ENTRY("BN_CTX_end", ctx);
+    if (ctx->err_stack)
+        ctx->err_stack--;
+    else {
+        unsigned int fp = BN_STACK_pop(&ctx->stack);
+        /* Does this stack frame have anything to release? */
+        if (fp < ctx->used)
+            BN_POOL_release(&ctx->pool, ctx->used - fp);
+        ctx->used = fp;
+        /* Unjam "too_many" in case "get" had failed */
+        ctx->too_many = 0;
+    }
+    CTXDBG_EXIT(ctx);
+}
+
+BIGNUM *BN_CTX_get(BN_CTX *ctx)
+{
+    BIGNUM *ret;
+
+    CTXDBG_ENTRY("BN_CTX_get", ctx);
+    if (ctx->err_stack || ctx->too_many)
+        return NULL;
+    if ((ret = BN_POOL_get(&ctx->pool, ctx->flags)) == NULL) {
+        /*
+         * Setting too_many prevents repeated "get" attempts from cluttering
+         * the error stack.
+         */
+        ctx->too_many = 1;
+        BNerr(BN_F_BN_CTX_GET, BN_R_TOO_MANY_TEMPORARY_VARIABLES);
+        return NULL;
+    }
+    /* OK, make sure the returned bignum is "zero" */
+    BN_zero(ret);
+    /* clear BN_FLG_CONSTTIME if leaked from previous frames */
+    ret->flags &= (~BN_FLG_CONSTTIME);
+    ctx->used++;
+    CTXDBG_RET(ctx, ret);
+    return ret;
+}
+
+/************/
+/* BN_STACK */
+/************/
+
+static void BN_STACK_init(BN_STACK *st)
+{
+    st->indexes = NULL;
+    st->depth = st->size = 0;
+}
+
+static void BN_STACK_finish(BN_STACK *st)
+{
+    OPENSSL_free(st->indexes);
+    st->indexes = NULL;
+}
+
+
+static int BN_STACK_push(BN_STACK *st, unsigned int idx)
+{
+    if (st->depth == st->size) {
+        /* Need to expand */
+        unsigned int newsize =
+            st->size ? (st->size * 3 / 2) : BN_CTX_START_FRAMES;
+        unsigned int *newitems;
+
+        if ((newitems = OPENSSL_malloc(sizeof(*newitems) * newsize)) == NULL) {
+            BNerr(BN_F_BN_STACK_PUSH, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        if (st->depth)
+            memcpy(newitems, st->indexes, sizeof(*newitems) * st->depth);
+        OPENSSL_free(st->indexes);
+        st->indexes = newitems;
+        st->size = newsize;
+    }
+    st->indexes[(st->depth)++] = idx;
+    return 1;
+}
+
+static unsigned int BN_STACK_pop(BN_STACK *st)
+{
+    return st->indexes[--(st->depth)];
+}
+
+/***********/
+/* BN_POOL */
+/***********/
+
+static void BN_POOL_init(BN_POOL *p)
+{
+    p->head = p->current = p->tail = NULL;
+    p->used = p->size = 0;
+}
+
+static void BN_POOL_finish(BN_POOL *p)
+{
+    unsigned int loop;
+    BIGNUM *bn;
+
+    while (p->head) {
+        for (loop = 0, bn = p->head->vals; loop++ < BN_CTX_POOL_SIZE; bn++)
+            if (bn->d)
+                BN_clear_free(bn);
+        p->current = p->head->next;
+        OPENSSL_free(p->head);
+        p->head = p->current;
+    }
+}
+
+
+static BIGNUM *BN_POOL_get(BN_POOL *p, int flag)
+{
+    BIGNUM *bn;
+    unsigned int loop;
+
+    /* Full; allocate a new pool item and link it in. */
+    if (p->used == p->size) {
+        BN_POOL_ITEM *item;
+
+        if ((item = OPENSSL_malloc(sizeof(*item))) == NULL) {
+            BNerr(BN_F_BN_POOL_GET, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+        for (loop = 0, bn = item->vals; loop++ < BN_CTX_POOL_SIZE; bn++) {
+            bn_init(bn);
+            if ((flag & BN_FLG_SECURE) != 0)
+                BN_set_flags(bn, BN_FLG_SECURE);
+        }
+        item->prev = p->tail;
+        item->next = NULL;
+
+        if (p->head == NULL)
+            p->head = p->current = p->tail = item;
+        else {
+            p->tail->next = item;
+            p->tail = item;
+            p->current = item;
+        }
+        p->size += BN_CTX_POOL_SIZE;
+        p->used++;
+        /* Return the first bignum from the new pool */
+        return item->vals;
+    }
+
+    if (!p->used)
+        p->current = p->head;
+    else if ((p->used % BN_CTX_POOL_SIZE) == 0)
+        p->current = p->current->next;
+    return p->current->vals + ((p->used++) % BN_CTX_POOL_SIZE);
+}
+
+static void BN_POOL_release(BN_POOL *p, unsigned int num)
+{
+    unsigned int offset = (p->used - 1) % BN_CTX_POOL_SIZE;
+
+    p->used -= num;
+    while (num--) {
+        bn_check_top(p->current->vals + offset);
+        if (offset == 0) {
+            offset = BN_CTX_POOL_SIZE - 1;
+            p->current = p->current->prev;
+        } else
+            offset--;
+    }
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_depr.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_depr.c
new file mode 100644
index 000000000..58bcf197a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_depr.c
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Support for deprecated functions goes here - static linkage will only
+ * slurp this code if applications are using them directly.
+ */
+
+#include <openssl/opensslconf.h>
+#if OPENSSL_API_COMPAT >= 0x00908000L
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <stdio.h>
+# include <time.h>
+# include "internal/cryptlib.h"
+# include "bn_lcl.h"
+
+BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
+                          const BIGNUM *add, const BIGNUM *rem,
+                          void (*callback) (int, int, void *), void *cb_arg)
+{
+    BN_GENCB cb;
+    BIGNUM *rnd = NULL;
+
+    BN_GENCB_set_old(&cb, callback, cb_arg);
+
+    if (ret == NULL) {
+        if ((rnd = BN_new()) == NULL)
+            goto err;
+    } else
+        rnd = ret;
+    if (!BN_generate_prime_ex(rnd, bits, safe, add, rem, &cb))
+        goto err;
+
+    /* we have a prime :-) */
+    return rnd;
+ err:
+    BN_free(rnd);
+    return NULL;
+}
+
+int BN_is_prime(const BIGNUM *a, int checks,
+                void (*callback) (int, int, void *), BN_CTX *ctx_passed,
+                void *cb_arg)
+{
+    BN_GENCB cb;
+    BN_GENCB_set_old(&cb, callback, cb_arg);
+    return BN_is_prime_ex(a, checks, ctx_passed, &cb);
+}
+
+int BN_is_prime_fasttest(const BIGNUM *a, int checks,
+                         void (*callback) (int, int, void *),
+                         BN_CTX *ctx_passed, void *cb_arg,
+                         int do_trial_division)
+{
+    BN_GENCB cb;
+    BN_GENCB_set_old(&cb, callback, cb_arg);
+    return BN_is_prime_fasttest_ex(a, checks, ctx_passed,
+                                   do_trial_division, &cb);
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_dh.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_dh.c
new file mode 100644
index 000000000..38acdee23
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_dh.c
@@ -0,0 +1,512 @@
+/*
+ * Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "bn_lcl.h"
+#include "internal/nelem.h"
+
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+#include "internal/bn_dh.h"
+/* DH parameters from RFC5114 */
+
+# if BN_BITS2 == 64
+static const BN_ULONG dh1024_160_p[] = {
+    0xDF1FB2BC2E4A4371ULL, 0xE68CFDA76D4DA708ULL, 0x45BF37DF365C1A65ULL,
+    0xA151AF5F0DC8B4BDULL, 0xFAA31A4FF55BCCC0ULL, 0x4EFFD6FAE5644738ULL,
+    0x98488E9C219A7372ULL, 0xACCBDD7D90C4BD70ULL, 0x24975C3CD49B83BFULL,
+    0x13ECB4AEA9061123ULL, 0x9838EF1E2EE652C0ULL, 0x6073E28675A23D18ULL,
+    0x9A6A9DCA52D23B61ULL, 0x52C99FBCFB06A3C6ULL, 0xDE92DE5EAE5D54ECULL,
+    0xB10B8F96A080E01DULL
+};
+
+static const BN_ULONG dh1024_160_g[] = {
+    0x855E6EEB22B3B2E5ULL, 0x858F4DCEF97C2A24ULL, 0x2D779D5918D08BC8ULL,
+    0xD662A4D18E73AFA3ULL, 0x1DBF0A0169B6A28AULL, 0xA6A24C087A091F53ULL,
+    0x909D0D2263F80A76ULL, 0xD7FBD7D3B9A92EE1ULL, 0x5E91547F9E2749F4ULL,
+    0x160217B4B01B886AULL, 0x777E690F5504F213ULL, 0x266FEA1E5C41564BULL,
+    0xD6406CFF14266D31ULL, 0xF8104DD258AC507FULL, 0x6765A442EFB99905ULL,
+    0xA4D1CBD5C3FD3412ULL
+};
+
+static const BN_ULONG dh1024_160_q[] = {
+    0x64B7CB9D49462353ULL, 0x81A8DF278ABA4E7DULL, 0x00000000F518AA87ULL
+};
+
+static const BN_ULONG dh2048_224_p[] = {
+    0x0AC4DFFE0C10E64FULL, 0xCF9DE5384E71B81CULL, 0x7EF363E2FFA31F71ULL,
+    0xE3FB73C16B8E75B9ULL, 0xC9B53DCF4BA80A29ULL, 0x23F10B0E16E79763ULL,
+    0xC52172E413042E9BULL, 0xBE60E69CC928B2B9ULL, 0x80CD86A1B9E587E8ULL,
+    0x315D75E198C641A4ULL, 0xCDF93ACC44328387ULL, 0x15987D9ADC0A486DULL,
+    0x7310F7121FD5A074ULL, 0x278273C7DE31EFDCULL, 0x1602E714415D9330ULL,
+    0x81286130BC8985DBULL, 0xB3BF8A3170918836ULL, 0x6A00E0A0B9C49708ULL,
+    0xC6BA0B2C8BBC27BEULL, 0xC9F98D11ED34DBF6ULL, 0x7AD5B7D0B6C12207ULL,
+    0xD91E8FEF55B7394BULL, 0x9037C9EDEFDA4DF8ULL, 0x6D3F8152AD6AC212ULL,
+    0x1DE6B85A1274A0A6ULL, 0xEB3D688A309C180EULL, 0xAF9A3C407BA1DF15ULL,
+    0xE6FA141DF95A56DBULL, 0xB54B1597B61D0A75ULL, 0xA20D64E5683B9FD1ULL,
+    0xD660FAA79559C51FULL, 0xAD107E1E9123A9D0ULL
+};
+
+static const BN_ULONG dh2048_224_g[] = {
+    0x84B890D3191F2BFAULL, 0x81BC087F2A7065B3ULL, 0x19C418E1F6EC0179ULL,
+    0x7B5A0F1C71CFFF4CULL, 0xEDFE72FE9B6AA4BDULL, 0x81E1BCFE94B30269ULL,
+    0x566AFBB48D6C0191ULL, 0xB539CCE3409D13CDULL, 0x6AA21E7F5F2FF381ULL,
+    0xD9E263E4770589EFULL, 0x10E183EDD19963DDULL, 0xB70A8137150B8EEBULL,
+    0x051AE3D428C8F8ACULL, 0xBB77A86F0C1AB15BULL, 0x6E3025E316A330EFULL,
+    0x19529A45D6F83456ULL, 0xF180EB34118E98D1ULL, 0xB5F6C6B250717CBEULL,
+    0x09939D54DA7460CDULL, 0xE247150422EA1ED4ULL, 0xB8A762D0521BC98AULL,
+    0xF4D027275AC1348BULL, 0xC17669101999024AULL, 0xBE5E9001A8D66AD7ULL,
+    0xC57DB17C620A8652ULL, 0xAB739D7700C29F52ULL, 0xDD921F01A70C4AFAULL,
+    0xA6824A4E10B9A6F0ULL, 0x74866A08CFE4FFE3ULL, 0x6CDEBE7B89998CAFULL,
+    0x9DF30B5C8FFDAC50ULL, 0xAC4032EF4F2D9AE3ULL
+};
+
+static const BN_ULONG dh2048_224_q[] = {
+    0xBF389A99B36371EBULL, 0x1F80535A4738CEBCULL, 0xC58D93FE99717710ULL,
+    0x00000000801C0D34ULL
+};
+
+static const BN_ULONG dh2048_256_p[] = {
+    0xDB094AE91E1A1597ULL, 0x693877FAD7EF09CAULL, 0x6116D2276E11715FULL,
+    0xA4B54330C198AF12ULL, 0x75F26375D7014103ULL, 0xC3A3960A54E710C3ULL,
+    0xDED4010ABD0BE621ULL, 0xC0B857F689962856ULL, 0xB3CA3F7971506026ULL,
+    0x1CCACB83E6B486F6ULL, 0x67E144E514056425ULL, 0xF6A167B5A41825D9ULL,
+    0x3AD8347796524D8EULL, 0xF13C6D9A51BFA4ABULL, 0x2D52526735488A0EULL,
+    0xB63ACAE1CAA6B790ULL, 0x4FDB70C581B23F76ULL, 0xBC39A0BF12307F5CULL,
+    0xB941F54EB1E59BB8ULL, 0x6C5BFC11D45F9088ULL, 0x22E0B1EF4275BF7BULL,
+    0x91F9E6725B4758C0ULL, 0x5A8A9D306BCF67EDULL, 0x209E0C6497517ABDULL,
+    0x3BF4296D830E9A7CULL, 0x16C3D91134096FAAULL, 0xFAF7DF4561B2AA30ULL,
+    0xE00DF8F1D61957D4ULL, 0x5D2CEED4435E3B00ULL, 0x8CEEF608660DD0F2ULL,
+    0xFFBBD19C65195999ULL, 0x87A8E61DB4B6663CULL
+};
+
+static const BN_ULONG dh2048_256_g[] = {
+    0x664B4C0F6CC41659ULL, 0x5E2327CFEF98C582ULL, 0xD647D148D4795451ULL,
+    0x2F63078490F00EF8ULL, 0x184B523D1DB246C3ULL, 0xC7891428CDC67EB6ULL,
+    0x7FD028370DF92B52ULL, 0xB3353BBB64E0EC37ULL, 0xECD06E1557CD0915ULL,
+    0xB7D2BBD2DF016199ULL, 0xC8484B1E052588B9ULL, 0xDB2A3B7313D3FE14ULL,
+    0xD052B985D182EA0AULL, 0xA4BD1BFFE83B9C80ULL, 0xDFC967C1FB3F2E55ULL,
+    0xB5045AF2767164E1ULL, 0x1D14348F6F2F9193ULL, 0x64E67982428EBC83ULL,
+    0x8AC376D282D6ED38ULL, 0x777DE62AAAB8A862ULL, 0xDDF463E5E9EC144BULL,
+    0x0196F931C77A57F2ULL, 0xA55AE31341000A65ULL, 0x901228F8C28CBB18ULL,
+    0xBC3773BF7E8C6F62ULL, 0xBE3A6C1B0C6B47B1ULL, 0xFF4FED4AAC0BB555ULL,
+    0x10DBC15077BE463FULL, 0x07F4793A1A0BA125ULL, 0x4CA7B18F21EF2054ULL,
+    0x2E77506660EDBD48ULL, 0x3FB32C9B73134D0BULL
+};
+
+static const BN_ULONG dh2048_256_q[] = {
+    0xA308B0FE64F5FBD3ULL, 0x99B1A47D1EB3750BULL, 0xB447997640129DA2ULL,
+    0x8CF83642A709A097ULL
+};
+
+/* Primes from RFC 7919 */
+static const BN_ULONG ffdhe2048_p[] = {
+    0xFFFFFFFFFFFFFFFFULL, 0x886B423861285C97ULL, 0xC6F34A26C1B2EFFAULL,
+    0xC58EF1837D1683B2ULL, 0x3BB5FCBC2EC22005ULL, 0xC3FE3B1B4C6FAD73ULL,
+    0x8E4F1232EEF28183ULL, 0x9172FE9CE98583FFULL, 0xC03404CD28342F61ULL,
+    0x9E02FCE1CDF7E2ECULL, 0x0B07A7C8EE0A6D70ULL, 0xAE56EDE76372BB19ULL,
+    0x1D4F42A3DE394DF4ULL, 0xB96ADAB760D7F468ULL, 0xD108A94BB2C8E3FBULL,
+    0xBC0AB182B324FB61ULL, 0x30ACCA4F483A797AULL, 0x1DF158A136ADE735ULL,
+    0xE2A689DAF3EFE872ULL, 0x984F0C70E0E68B77ULL, 0xB557135E7F57C935ULL,
+    0x856365553DED1AF3ULL, 0x2433F51F5F066ED0ULL, 0xD3DF1ED5D5FD6561ULL,
+    0xF681B202AEC4617AULL, 0x7D2FE363630C75D8ULL, 0xCC939DCE249B3EF9ULL,
+    0xA9E13641146433FBULL, 0xD8B9C583CE2D3695ULL, 0xAFDC5620273D3CF1ULL,
+    0xADF85458A2BB4A9AULL, 0xFFFFFFFFFFFFFFFFULL
+};
+
+static const BN_ULONG ffdhe3072_p[] = {
+    0xFFFFFFFFFFFFFFFFULL, 0x25E41D2B66C62E37ULL, 0x3C1B20EE3FD59D7CULL,
+    0x0ABCD06BFA53DDEFULL, 0x1DBF9A42D5C4484EULL, 0xABC521979B0DEADAULL,
+    0xE86D2BC522363A0DULL, 0x5CAE82AB9C9DF69EULL, 0x64F2E21E71F54BFFULL,
+    0xF4FD4452E2D74DD3ULL, 0xB4130C93BC437944ULL, 0xAEFE130985139270ULL,
+    0x598CB0FAC186D91CULL, 0x7AD91D2691F7F7EEULL, 0x61B46FC9D6E6C907ULL,
+    0xBC34F4DEF99C0238ULL, 0xDE355B3B6519035BULL, 0x886B4238611FCFDCULL,
+    0xC6F34A26C1B2EFFAULL, 0xC58EF1837D1683B2ULL, 0x3BB5FCBC2EC22005ULL,
+    0xC3FE3B1B4C6FAD73ULL, 0x8E4F1232EEF28183ULL, 0x9172FE9CE98583FFULL,
+    0xC03404CD28342F61ULL, 0x9E02FCE1CDF7E2ECULL, 0x0B07A7C8EE0A6D70ULL,
+    0xAE56EDE76372BB19ULL, 0x1D4F42A3DE394DF4ULL, 0xB96ADAB760D7F468ULL,
+    0xD108A94BB2C8E3FBULL, 0xBC0AB182B324FB61ULL, 0x30ACCA4F483A797AULL,
+    0x1DF158A136ADE735ULL, 0xE2A689DAF3EFE872ULL, 0x984F0C70E0E68B77ULL,
+    0xB557135E7F57C935ULL, 0x856365553DED1AF3ULL, 0x2433F51F5F066ED0ULL,
+    0xD3DF1ED5D5FD6561ULL, 0xF681B202AEC4617AULL, 0x7D2FE363630C75D8ULL,
+    0xCC939DCE249B3EF9ULL, 0xA9E13641146433FBULL, 0xD8B9C583CE2D3695ULL,
+    0xAFDC5620273D3CF1ULL, 0xADF85458A2BB4A9AULL, 0xFFFFFFFFFFFFFFFFULL
+};
+
+static const BN_ULONG ffdhe4096_p[] = {
+    0xFFFFFFFFFFFFFFFFULL, 0xC68A007E5E655F6AULL, 0x4DB5A851F44182E1ULL,
+    0x8EC9B55A7F88A46BULL, 0x0A8291CDCEC97DCFULL, 0x2A4ECEA9F98D0ACCULL,
+    0x1A1DB93D7140003CULL, 0x092999A333CB8B7AULL, 0x6DC778F971AD0038ULL,
+    0xA907600A918130C4ULL, 0xED6A1E012D9E6832ULL, 0x7135C886EFB4318AULL,
+    0x87F55BA57E31CC7AULL, 0x7763CF1D55034004ULL, 0xAC7D5F42D69F6D18ULL,
+    0x7930E9E4E58857B6ULL, 0x6E6F52C3164DF4FBULL, 0x25E41D2B669E1EF1ULL,
+    0x3C1B20EE3FD59D7CULL, 0x0ABCD06BFA53DDEFULL, 0x1DBF9A42D5C4484EULL,
+    0xABC521979B0DEADAULL, 0xE86D2BC522363A0DULL, 0x5CAE82AB9C9DF69EULL,
+    0x64F2E21E71F54BFFULL, 0xF4FD4452E2D74DD3ULL, 0xB4130C93BC437944ULL,
+    0xAEFE130985139270ULL, 0x598CB0FAC186D91CULL, 0x7AD91D2691F7F7EEULL,
+    0x61B46FC9D6E6C907ULL, 0xBC34F4DEF99C0238ULL, 0xDE355B3B6519035BULL,
+    0x886B4238611FCFDCULL, 0xC6F34A26C1B2EFFAULL, 0xC58EF1837D1683B2ULL,
+    0x3BB5FCBC2EC22005ULL, 0xC3FE3B1B4C6FAD73ULL, 0x8E4F1232EEF28183ULL,
+    0x9172FE9CE98583FFULL, 0xC03404CD28342F61ULL, 0x9E02FCE1CDF7E2ECULL,
+    0x0B07A7C8EE0A6D70ULL, 0xAE56EDE76372BB19ULL, 0x1D4F42A3DE394DF4ULL,
+    0xB96ADAB760D7F468ULL, 0xD108A94BB2C8E3FBULL, 0xBC0AB182B324FB61ULL,
+    0x30ACCA4F483A797AULL, 0x1DF158A136ADE735ULL, 0xE2A689DAF3EFE872ULL,
+    0x984F0C70E0E68B77ULL, 0xB557135E7F57C935ULL, 0x856365553DED1AF3ULL,
+    0x2433F51F5F066ED0ULL, 0xD3DF1ED5D5FD6561ULL, 0xF681B202AEC4617AULL,
+    0x7D2FE363630C75D8ULL, 0xCC939DCE249B3EF9ULL, 0xA9E13641146433FBULL,
+    0xD8B9C583CE2D3695ULL, 0xAFDC5620273D3CF1ULL, 0xADF85458A2BB4A9AULL,
+    0xFFFFFFFFFFFFFFFFULL
+};
+
+static const BN_ULONG ffdhe6144_p[] = {
+    0xFFFFFFFFFFFFFFFFULL, 0xA40E329CD0E40E65ULL, 0xA41D570D7938DAD4ULL,
+    0x62A69526D43161C1ULL, 0x3FDD4A8E9ADB1E69ULL, 0x5B3B71F9DC6B80D6ULL,
+    0xEC9D1810C6272B04ULL, 0x8CCF2DD5CACEF403ULL, 0xE49F5235C95B9117ULL,
+    0x505DC82DB854338AULL, 0x62292C311562A846ULL, 0xD72B03746AE77F5EULL,
+    0xF9C9091B462D538CULL, 0x0AE8DB5847A67CBEULL, 0xB3A739C122611682ULL,
+    0xEEAAC0232A281BF6ULL, 0x94C6651E77CAF992ULL, 0x763E4E4B94B2BBC1ULL,
+    0x587E38DA0077D9B4ULL, 0x7FB29F8C183023C3ULL, 0x0ABEC1FFF9E3A26EULL,
+    0xA00EF092350511E3ULL, 0xB855322EDB6340D8ULL, 0xA52471F7A9A96910ULL,
+    0x388147FB4CFDB477ULL, 0x9B1F5C3E4E46041FULL, 0xCDAD0657FCCFEC71ULL,
+    0xB38E8C334C701C3AULL, 0x917BDD64B1C0FD4CULL, 0x3BB454329B7624C8ULL,
+    0x23BA4442CAF53EA6ULL, 0x4E677D2C38532A3AULL, 0x0BFD64B645036C7AULL,
+    0xC68A007E5E0DD902ULL, 0x4DB5A851F44182E1ULL, 0x8EC9B55A7F88A46BULL,
+    0x0A8291CDCEC97DCFULL, 0x2A4ECEA9F98D0ACCULL, 0x1A1DB93D7140003CULL,
+    0x092999A333CB8B7AULL, 0x6DC778F971AD0038ULL, 0xA907600A918130C4ULL,
+    0xED6A1E012D9E6832ULL, 0x7135C886EFB4318AULL, 0x87F55BA57E31CC7AULL,
+    0x7763CF1D55034004ULL, 0xAC7D5F42D69F6D18ULL, 0x7930E9E4E58857B6ULL,
+    0x6E6F52C3164DF4FBULL, 0x25E41D2B669E1EF1ULL, 0x3C1B20EE3FD59D7CULL,
+    0x0ABCD06BFA53DDEFULL, 0x1DBF9A42D5C4484EULL, 0xABC521979B0DEADAULL,
+    0xE86D2BC522363A0DULL, 0x5CAE82AB9C9DF69EULL, 0x64F2E21E71F54BFFULL,
+    0xF4FD4452E2D74DD3ULL, 0xB4130C93BC437944ULL, 0xAEFE130985139270ULL,
+    0x598CB0FAC186D91CULL, 0x7AD91D2691F7F7EEULL, 0x61B46FC9D6E6C907ULL,
+    0xBC34F4DEF99C0238ULL, 0xDE355B3B6519035BULL, 0x886B4238611FCFDCULL,
+    0xC6F34A26C1B2EFFAULL, 0xC58EF1837D1683B2ULL, 0x3BB5FCBC2EC22005ULL,
+    0xC3FE3B1B4C6FAD73ULL, 0x8E4F1232EEF28183ULL, 0x9172FE9CE98583FFULL,
+    0xC03404CD28342F61ULL, 0x9E02FCE1CDF7E2ECULL, 0x0B07A7C8EE0A6D70ULL,
+    0xAE56EDE76372BB19ULL, 0x1D4F42A3DE394DF4ULL, 0xB96ADAB760D7F468ULL,
+    0xD108A94BB2C8E3FBULL, 0xBC0AB182B324FB61ULL, 0x30ACCA4F483A797AULL,
+    0x1DF158A136ADE735ULL, 0xE2A689DAF3EFE872ULL, 0x984F0C70E0E68B77ULL,
+    0xB557135E7F57C935ULL, 0x856365553DED1AF3ULL, 0x2433F51F5F066ED0ULL,
+    0xD3DF1ED5D5FD6561ULL, 0xF681B202AEC4617AULL, 0x7D2FE363630C75D8ULL,
+    0xCC939DCE249B3EF9ULL, 0xA9E13641146433FBULL, 0xD8B9C583CE2D3695ULL,
+    0xAFDC5620273D3CF1ULL, 0xADF85458A2BB4A9AULL, 0xFFFFFFFFFFFFFFFFULL
+};
+
+static const BN_ULONG ffdhe8192_p[] = {
+    0xFFFFFFFFFFFFFFFFULL, 0xD68C8BB7C5C6424CULL, 0x011E2A94838FF88CULL,
+    0x0822E506A9F4614EULL, 0x97D11D49F7A8443DULL, 0xA6BBFDE530677F0DULL,
+    0x2F741EF8C1FE86FEULL, 0xFAFABE1C5D71A87EULL, 0xDED2FBABFBE58A30ULL,
+    0xB6855DFE72B0A66EULL, 0x1EFC8CE0BA8A4FE8ULL, 0x83F81D4A3F2FA457ULL,
+    0xA1FE3075A577E231ULL, 0xD5B8019488D9C0A0ULL, 0x624816CDAD9A95F9ULL,
+    0x99E9E31650C1217BULL, 0x51AA691E0E423CFCULL, 0x1C217E6C3826E52CULL,
+    0x51A8A93109703FEEULL, 0xBB7099876A460E74ULL, 0x541FC68C9C86B022ULL,
+    0x59160CC046FD8251ULL, 0x2846C0BA35C35F5CULL, 0x54504AC78B758282ULL,
+    0x29388839D2AF05E4ULL, 0xCB2C0F1CC01BD702ULL, 0x555B2F747C932665ULL,
+    0x86B63142A3AB8829ULL, 0x0B8CC3BDF64B10EFULL, 0x687FEB69EDD1CC5EULL,
+    0xFDB23FCEC9509D43ULL, 0x1E425A31D951AE64ULL, 0x36AD004CF600C838ULL,
+    0xA40E329CCFF46AAAULL, 0xA41D570D7938DAD4ULL, 0x62A69526D43161C1ULL,
+    0x3FDD4A8E9ADB1E69ULL, 0x5B3B71F9DC6B80D6ULL, 0xEC9D1810C6272B04ULL,
+    0x8CCF2DD5CACEF403ULL, 0xE49F5235C95B9117ULL, 0x505DC82DB854338AULL,
+    0x62292C311562A846ULL, 0xD72B03746AE77F5EULL, 0xF9C9091B462D538CULL,
+    0x0AE8DB5847A67CBEULL, 0xB3A739C122611682ULL, 0xEEAAC0232A281BF6ULL,
+    0x94C6651E77CAF992ULL, 0x763E4E4B94B2BBC1ULL, 0x587E38DA0077D9B4ULL,
+    0x7FB29F8C183023C3ULL, 0x0ABEC1FFF9E3A26EULL, 0xA00EF092350511E3ULL,
+    0xB855322EDB6340D8ULL, 0xA52471F7A9A96910ULL, 0x388147FB4CFDB477ULL,
+    0x9B1F5C3E4E46041FULL, 0xCDAD0657FCCFEC71ULL, 0xB38E8C334C701C3AULL,
+    0x917BDD64B1C0FD4CULL, 0x3BB454329B7624C8ULL, 0x23BA4442CAF53EA6ULL,
+    0x4E677D2C38532A3AULL, 0x0BFD64B645036C7AULL, 0xC68A007E5E0DD902ULL,
+    0x4DB5A851F44182E1ULL, 0x8EC9B55A7F88A46BULL, 0x0A8291CDCEC97DCFULL,
+    0x2A4ECEA9F98D0ACCULL, 0x1A1DB93D7140003CULL, 0x092999A333CB8B7AULL,
+    0x6DC778F971AD0038ULL, 0xA907600A918130C4ULL, 0xED6A1E012D9E6832ULL,
+    0x7135C886EFB4318AULL, 0x87F55BA57E31CC7AULL, 0x7763CF1D55034004ULL,
+    0xAC7D5F42D69F6D18ULL, 0x7930E9E4E58857B6ULL, 0x6E6F52C3164DF4FBULL,
+    0x25E41D2B669E1EF1ULL, 0x3C1B20EE3FD59D7CULL, 0x0ABCD06BFA53DDEFULL,
+    0x1DBF9A42D5C4484EULL, 0xABC521979B0DEADAULL, 0xE86D2BC522363A0DULL,
+    0x5CAE82AB9C9DF69EULL, 0x64F2E21E71F54BFFULL, 0xF4FD4452E2D74DD3ULL,
+    0xB4130C93BC437944ULL, 0xAEFE130985139270ULL, 0x598CB0FAC186D91CULL,
+    0x7AD91D2691F7F7EEULL, 0x61B46FC9D6E6C907ULL, 0xBC34F4DEF99C0238ULL,
+    0xDE355B3B6519035BULL, 0x886B4238611FCFDCULL, 0xC6F34A26C1B2EFFAULL,
+    0xC58EF1837D1683B2ULL, 0x3BB5FCBC2EC22005ULL, 0xC3FE3B1B4C6FAD73ULL,
+    0x8E4F1232EEF28183ULL, 0x9172FE9CE98583FFULL, 0xC03404CD28342F61ULL,
+    0x9E02FCE1CDF7E2ECULL, 0x0B07A7C8EE0A6D70ULL, 0xAE56EDE76372BB19ULL,
+    0x1D4F42A3DE394DF4ULL, 0xB96ADAB760D7F468ULL, 0xD108A94BB2C8E3FBULL,
+    0xBC0AB182B324FB61ULL, 0x30ACCA4F483A797AULL, 0x1DF158A136ADE735ULL,
+    0xE2A689DAF3EFE872ULL, 0x984F0C70E0E68B77ULL, 0xB557135E7F57C935ULL,
+    0x856365553DED1AF3ULL, 0x2433F51F5F066ED0ULL, 0xD3DF1ED5D5FD6561ULL,
+    0xF681B202AEC4617AULL, 0x7D2FE363630C75D8ULL, 0xCC939DCE249B3EF9ULL,
+    0xA9E13641146433FBULL, 0xD8B9C583CE2D3695ULL, 0xAFDC5620273D3CF1ULL,
+    0xADF85458A2BB4A9AULL, 0xFFFFFFFFFFFFFFFFULL
+};
+
+# elif BN_BITS2 == 32
+
+static const BN_ULONG dh1024_160_p[] = {
+    0x2E4A4371, 0xDF1FB2BC, 0x6D4DA708, 0xE68CFDA7, 0x365C1A65, 0x45BF37DF,
+    0x0DC8B4BD, 0xA151AF5F, 0xF55BCCC0, 0xFAA31A4F, 0xE5644738, 0x4EFFD6FA,
+    0x219A7372, 0x98488E9C, 0x90C4BD70, 0xACCBDD7D, 0xD49B83BF, 0x24975C3C,
+    0xA9061123, 0x13ECB4AE, 0x2EE652C0, 0x9838EF1E, 0x75A23D18, 0x6073E286,
+    0x52D23B61, 0x9A6A9DCA, 0xFB06A3C6, 0x52C99FBC, 0xAE5D54EC, 0xDE92DE5E,
+    0xA080E01D, 0xB10B8F96
+};
+
+static const BN_ULONG dh1024_160_g[] = {
+    0x22B3B2E5, 0x855E6EEB, 0xF97C2A24, 0x858F4DCE, 0x18D08BC8, 0x2D779D59,
+    0x8E73AFA3, 0xD662A4D1, 0x69B6A28A, 0x1DBF0A01, 0x7A091F53, 0xA6A24C08,
+    0x63F80A76, 0x909D0D22, 0xB9A92EE1, 0xD7FBD7D3, 0x9E2749F4, 0x5E91547F,
+    0xB01B886A, 0x160217B4, 0x5504F213, 0x777E690F, 0x5C41564B, 0x266FEA1E,
+    0x14266D31, 0xD6406CFF, 0x58AC507F, 0xF8104DD2, 0xEFB99905, 0x6765A442,
+    0xC3FD3412, 0xA4D1CBD5
+};
+
+static const BN_ULONG dh1024_160_q[] = {
+    0x49462353, 0x64B7CB9D, 0x8ABA4E7D, 0x81A8DF27, 0xF518AA87
+};
+
+static const BN_ULONG dh2048_224_p[] = {
+    0x0C10E64F, 0x0AC4DFFE, 0x4E71B81C, 0xCF9DE538, 0xFFA31F71, 0x7EF363E2,
+    0x6B8E75B9, 0xE3FB73C1, 0x4BA80A29, 0xC9B53DCF, 0x16E79763, 0x23F10B0E,
+    0x13042E9B, 0xC52172E4, 0xC928B2B9, 0xBE60E69C, 0xB9E587E8, 0x80CD86A1,
+    0x98C641A4, 0x315D75E1, 0x44328387, 0xCDF93ACC, 0xDC0A486D, 0x15987D9A,
+    0x1FD5A074, 0x7310F712, 0xDE31EFDC, 0x278273C7, 0x415D9330, 0x1602E714,
+    0xBC8985DB, 0x81286130, 0x70918836, 0xB3BF8A31, 0xB9C49708, 0x6A00E0A0,
+    0x8BBC27BE, 0xC6BA0B2C, 0xED34DBF6, 0xC9F98D11, 0xB6C12207, 0x7AD5B7D0,
+    0x55B7394B, 0xD91E8FEF, 0xEFDA4DF8, 0x9037C9ED, 0xAD6AC212, 0x6D3F8152,
+    0x1274A0A6, 0x1DE6B85A, 0x309C180E, 0xEB3D688A, 0x7BA1DF15, 0xAF9A3C40,
+    0xF95A56DB, 0xE6FA141D, 0xB61D0A75, 0xB54B1597, 0x683B9FD1, 0xA20D64E5,
+    0x9559C51F, 0xD660FAA7, 0x9123A9D0, 0xAD107E1E
+};
+
+static const BN_ULONG dh2048_224_g[] = {
+    0x191F2BFA, 0x84B890D3, 0x2A7065B3, 0x81BC087F, 0xF6EC0179, 0x19C418E1,
+    0x71CFFF4C, 0x7B5A0F1C, 0x9B6AA4BD, 0xEDFE72FE, 0x94B30269, 0x81E1BCFE,
+    0x8D6C0191, 0x566AFBB4, 0x409D13CD, 0xB539CCE3, 0x5F2FF381, 0x6AA21E7F,
+    0x770589EF, 0xD9E263E4, 0xD19963DD, 0x10E183ED, 0x150B8EEB, 0xB70A8137,
+    0x28C8F8AC, 0x051AE3D4, 0x0C1AB15B, 0xBB77A86F, 0x16A330EF, 0x6E3025E3,
+    0xD6F83456, 0x19529A45, 0x118E98D1, 0xF180EB34, 0x50717CBE, 0xB5F6C6B2,
+    0xDA7460CD, 0x09939D54, 0x22EA1ED4, 0xE2471504, 0x521BC98A, 0xB8A762D0,
+    0x5AC1348B, 0xF4D02727, 0x1999024A, 0xC1766910, 0xA8D66AD7, 0xBE5E9001,
+    0x620A8652, 0xC57DB17C, 0x00C29F52, 0xAB739D77, 0xA70C4AFA, 0xDD921F01,
+    0x10B9A6F0, 0xA6824A4E, 0xCFE4FFE3, 0x74866A08, 0x89998CAF, 0x6CDEBE7B,
+    0x8FFDAC50, 0x9DF30B5C, 0x4F2D9AE3, 0xAC4032EF
+};
+
+static const BN_ULONG dh2048_224_q[] = {
+    0xB36371EB, 0xBF389A99, 0x4738CEBC, 0x1F80535A, 0x99717710, 0xC58D93FE,
+    0x801C0D34
+};
+
+static const BN_ULONG dh2048_256_p[] = {
+    0x1E1A1597, 0xDB094AE9, 0xD7EF09CA, 0x693877FA, 0x6E11715F, 0x6116D227,
+    0xC198AF12, 0xA4B54330, 0xD7014103, 0x75F26375, 0x54E710C3, 0xC3A3960A,
+    0xBD0BE621, 0xDED4010A, 0x89962856, 0xC0B857F6, 0x71506026, 0xB3CA3F79,
+    0xE6B486F6, 0x1CCACB83, 0x14056425, 0x67E144E5, 0xA41825D9, 0xF6A167B5,
+    0x96524D8E, 0x3AD83477, 0x51BFA4AB, 0xF13C6D9A, 0x35488A0E, 0x2D525267,
+    0xCAA6B790, 0xB63ACAE1, 0x81B23F76, 0x4FDB70C5, 0x12307F5C, 0xBC39A0BF,
+    0xB1E59BB8, 0xB941F54E, 0xD45F9088, 0x6C5BFC11, 0x4275BF7B, 0x22E0B1EF,
+    0x5B4758C0, 0x91F9E672, 0x6BCF67ED, 0x5A8A9D30, 0x97517ABD, 0x209E0C64,
+    0x830E9A7C, 0x3BF4296D, 0x34096FAA, 0x16C3D911, 0x61B2AA30, 0xFAF7DF45,
+    0xD61957D4, 0xE00DF8F1, 0x435E3B00, 0x5D2CEED4, 0x660DD0F2, 0x8CEEF608,
+    0x65195999, 0xFFBBD19C, 0xB4B6663C, 0x87A8E61D
+};
+
+static const BN_ULONG dh2048_256_g[] = {
+    0x6CC41659, 0x664B4C0F, 0xEF98C582, 0x5E2327CF, 0xD4795451, 0xD647D148,
+    0x90F00EF8, 0x2F630784, 0x1DB246C3, 0x184B523D, 0xCDC67EB6, 0xC7891428,
+    0x0DF92B52, 0x7FD02837, 0x64E0EC37, 0xB3353BBB, 0x57CD0915, 0xECD06E15,
+    0xDF016199, 0xB7D2BBD2, 0x052588B9, 0xC8484B1E, 0x13D3FE14, 0xDB2A3B73,
+    0xD182EA0A, 0xD052B985, 0xE83B9C80, 0xA4BD1BFF, 0xFB3F2E55, 0xDFC967C1,
+    0x767164E1, 0xB5045AF2, 0x6F2F9193, 0x1D14348F, 0x428EBC83, 0x64E67982,
+    0x82D6ED38, 0x8AC376D2, 0xAAB8A862, 0x777DE62A, 0xE9EC144B, 0xDDF463E5,
+    0xC77A57F2, 0x0196F931, 0x41000A65, 0xA55AE313, 0xC28CBB18, 0x901228F8,
+    0x7E8C6F62, 0xBC3773BF, 0x0C6B47B1, 0xBE3A6C1B, 0xAC0BB555, 0xFF4FED4A,
+    0x77BE463F, 0x10DBC150, 0x1A0BA125, 0x07F4793A, 0x21EF2054, 0x4CA7B18F,
+    0x60EDBD48, 0x2E775066, 0x73134D0B, 0x3FB32C9B
+};
+
+static const BN_ULONG dh2048_256_q[] = {
+    0x64F5FBD3, 0xA308B0FE, 0x1EB3750B, 0x99B1A47D, 0x40129DA2, 0xB4479976,
+    0xA709A097, 0x8CF83642
+};
+
+/* Primes from RFC 7919 */
+
+static const BN_ULONG ffdhe2048_p[] = {
+    0xFFFFFFFF, 0xFFFFFFFF, 0x61285C97, 0x886B4238, 0xC1B2EFFA, 0xC6F34A26,
+    0x7D1683B2, 0xC58EF183, 0x2EC22005, 0x3BB5FCBC, 0x4C6FAD73, 0xC3FE3B1B,
+    0xEEF28183, 0x8E4F1232, 0xE98583FF, 0x9172FE9C, 0x28342F61, 0xC03404CD,
+    0xCDF7E2EC, 0x9E02FCE1, 0xEE0A6D70, 0x0B07A7C8, 0x6372BB19, 0xAE56EDE7,
+    0xDE394DF4, 0x1D4F42A3, 0x60D7F468, 0xB96ADAB7, 0xB2C8E3FB, 0xD108A94B,
+    0xB324FB61, 0xBC0AB182, 0x483A797A, 0x30ACCA4F, 0x36ADE735, 0x1DF158A1,
+    0xF3EFE872, 0xE2A689DA, 0xE0E68B77, 0x984F0C70, 0x7F57C935, 0xB557135E,
+    0x3DED1AF3, 0x85636555, 0x5F066ED0, 0x2433F51F, 0xD5FD6561, 0xD3DF1ED5,
+    0xAEC4617A, 0xF681B202, 0x630C75D8, 0x7D2FE363, 0x249B3EF9, 0xCC939DCE,
+    0x146433FB, 0xA9E13641, 0xCE2D3695, 0xD8B9C583, 0x273D3CF1, 0xAFDC5620,
+    0xA2BB4A9A, 0xADF85458, 0xFFFFFFFF, 0xFFFFFFFF
+};
+
+static const BN_ULONG ffdhe3072_p[] = {
+    0xFFFFFFFF, 0xFFFFFFFF, 0x66C62E37, 0x25E41D2B, 0x3FD59D7C, 0x3C1B20EE,
+    0xFA53DDEF, 0x0ABCD06B, 0xD5C4484E, 0x1DBF9A42, 0x9B0DEADA, 0xABC52197,
+    0x22363A0D, 0xE86D2BC5, 0x9C9DF69E, 0x5CAE82AB, 0x71F54BFF, 0x64F2E21E,
+    0xE2D74DD3, 0xF4FD4452, 0xBC437944, 0xB4130C93, 0x85139270, 0xAEFE1309,
+    0xC186D91C, 0x598CB0FA, 0x91F7F7EE, 0x7AD91D26, 0xD6E6C907, 0x61B46FC9,
+    0xF99C0238, 0xBC34F4DE, 0x6519035B, 0xDE355B3B, 0x611FCFDC, 0x886B4238,
+    0xC1B2EFFA, 0xC6F34A26, 0x7D1683B2, 0xC58EF183, 0x2EC22005, 0x3BB5FCBC,
+    0x4C6FAD73, 0xC3FE3B1B, 0xEEF28183, 0x8E4F1232, 0xE98583FF, 0x9172FE9C,
+    0x28342F61, 0xC03404CD, 0xCDF7E2EC, 0x9E02FCE1, 0xEE0A6D70, 0x0B07A7C8,
+    0x6372BB19, 0xAE56EDE7, 0xDE394DF4, 0x1D4F42A3, 0x60D7F468, 0xB96ADAB7,
+    0xB2C8E3FB, 0xD108A94B, 0xB324FB61, 0xBC0AB182, 0x483A797A, 0x30ACCA4F,
+    0x36ADE735, 0x1DF158A1, 0xF3EFE872, 0xE2A689DA, 0xE0E68B77, 0x984F0C70,
+    0x7F57C935, 0xB557135E, 0x3DED1AF3, 0x85636555, 0x5F066ED0, 0x2433F51F,
+    0xD5FD6561, 0xD3DF1ED5, 0xAEC4617A, 0xF681B202, 0x630C75D8, 0x7D2FE363,
+    0x249B3EF9, 0xCC939DCE, 0x146433FB, 0xA9E13641, 0xCE2D3695, 0xD8B9C583,
+    0x273D3CF1, 0xAFDC5620, 0xA2BB4A9A, 0xADF85458, 0xFFFFFFFF, 0xFFFFFFFF
+};
+
+static const BN_ULONG ffdhe4096_p[] = {
+    0xFFFFFFFF, 0xFFFFFFFF, 0x5E655F6A, 0xC68A007E, 0xF44182E1, 0x4DB5A851,
+    0x7F88A46B, 0x8EC9B55A, 0xCEC97DCF, 0x0A8291CD, 0xF98D0ACC, 0x2A4ECEA9,
+    0x7140003C, 0x1A1DB93D, 0x33CB8B7A, 0x092999A3, 0x71AD0038, 0x6DC778F9,
+    0x918130C4, 0xA907600A, 0x2D9E6832, 0xED6A1E01, 0xEFB4318A, 0x7135C886,
+    0x7E31CC7A, 0x87F55BA5, 0x55034004, 0x7763CF1D, 0xD69F6D18, 0xAC7D5F42,
+    0xE58857B6, 0x7930E9E4, 0x164DF4FB, 0x6E6F52C3, 0x669E1EF1, 0x25E41D2B,
+    0x3FD59D7C, 0x3C1B20EE, 0xFA53DDEF, 0x0ABCD06B, 0xD5C4484E, 0x1DBF9A42,
+    0x9B0DEADA, 0xABC52197, 0x22363A0D, 0xE86D2BC5, 0x9C9DF69E, 0x5CAE82AB,
+    0x71F54BFF, 0x64F2E21E, 0xE2D74DD3, 0xF4FD4452, 0xBC437944, 0xB4130C93,
+    0x85139270, 0xAEFE1309, 0xC186D91C, 0x598CB0FA, 0x91F7F7EE, 0x7AD91D26,
+    0xD6E6C907, 0x61B46FC9, 0xF99C0238, 0xBC34F4DE, 0x6519035B, 0xDE355B3B,
+    0x611FCFDC, 0x886B4238, 0xC1B2EFFA, 0xC6F34A26, 0x7D1683B2, 0xC58EF183,
+    0x2EC22005, 0x3BB5FCBC, 0x4C6FAD73, 0xC3FE3B1B, 0xEEF28183, 0x8E4F1232,
+    0xE98583FF, 0x9172FE9C, 0x28342F61, 0xC03404CD, 0xCDF7E2EC, 0x9E02FCE1,
+    0xEE0A6D70, 0x0B07A7C8, 0x6372BB19, 0xAE56EDE7, 0xDE394DF4, 0x1D4F42A3,
+    0x60D7F468, 0xB96ADAB7, 0xB2C8E3FB, 0xD108A94B, 0xB324FB61, 0xBC0AB182,
+    0x483A797A, 0x30ACCA4F, 0x36ADE735, 0x1DF158A1, 0xF3EFE872, 0xE2A689DA,
+    0xE0E68B77, 0x984F0C70, 0x7F57C935, 0xB557135E, 0x3DED1AF3, 0x85636555,
+    0x5F066ED0, 0x2433F51F, 0xD5FD6561, 0xD3DF1ED5, 0xAEC4617A, 0xF681B202,
+    0x630C75D8, 0x7D2FE363, 0x249B3EF9, 0xCC939DCE, 0x146433FB, 0xA9E13641,
+    0xCE2D3695, 0xD8B9C583, 0x273D3CF1, 0xAFDC5620, 0xA2BB4A9A, 0xADF85458,
+    0xFFFFFFFF, 0xFFFFFFFF
+};
+
+static const BN_ULONG ffdhe6144_p[] = {
+    0xFFFFFFFF, 0xFFFFFFFF, 0xD0E40E65, 0xA40E329C, 0x7938DAD4, 0xA41D570D,
+    0xD43161C1, 0x62A69526, 0x9ADB1E69, 0x3FDD4A8E, 0xDC6B80D6, 0x5B3B71F9,
+    0xC6272B04, 0xEC9D1810, 0xCACEF403, 0x8CCF2DD5, 0xC95B9117, 0xE49F5235,
+    0xB854338A, 0x505DC82D, 0x1562A846, 0x62292C31, 0x6AE77F5E, 0xD72B0374,
+    0x462D538C, 0xF9C9091B, 0x47A67CBE, 0x0AE8DB58, 0x22611682, 0xB3A739C1,
+    0x2A281BF6, 0xEEAAC023, 0x77CAF992, 0x94C6651E, 0x94B2BBC1, 0x763E4E4B,
+    0x0077D9B4, 0x587E38DA, 0x183023C3, 0x7FB29F8C, 0xF9E3A26E, 0x0ABEC1FF,
+    0x350511E3, 0xA00EF092, 0xDB6340D8, 0xB855322E, 0xA9A96910, 0xA52471F7,
+    0x4CFDB477, 0x388147FB, 0x4E46041F, 0x9B1F5C3E, 0xFCCFEC71, 0xCDAD0657,
+    0x4C701C3A, 0xB38E8C33, 0xB1C0FD4C, 0x917BDD64, 0x9B7624C8, 0x3BB45432,
+    0xCAF53EA6, 0x23BA4442, 0x38532A3A, 0x4E677D2C, 0x45036C7A, 0x0BFD64B6,
+    0x5E0DD902, 0xC68A007E, 0xF44182E1, 0x4DB5A851, 0x7F88A46B, 0x8EC9B55A,
+    0xCEC97DCF, 0x0A8291CD, 0xF98D0ACC, 0x2A4ECEA9, 0x7140003C, 0x1A1DB93D,
+    0x33CB8B7A, 0x092999A3, 0x71AD0038, 0x6DC778F9, 0x918130C4, 0xA907600A,
+    0x2D9E6832, 0xED6A1E01, 0xEFB4318A, 0x7135C886, 0x7E31CC7A, 0x87F55BA5,
+    0x55034004, 0x7763CF1D, 0xD69F6D18, 0xAC7D5F42, 0xE58857B6, 0x7930E9E4,
+    0x164DF4FB, 0x6E6F52C3, 0x669E1EF1, 0x25E41D2B, 0x3FD59D7C, 0x3C1B20EE,
+    0xFA53DDEF, 0x0ABCD06B, 0xD5C4484E, 0x1DBF9A42, 0x9B0DEADA, 0xABC52197,
+    0x22363A0D, 0xE86D2BC5, 0x9C9DF69E, 0x5CAE82AB, 0x71F54BFF, 0x64F2E21E,
+    0xE2D74DD3, 0xF4FD4452, 0xBC437944, 0xB4130C93, 0x85139270, 0xAEFE1309,
+    0xC186D91C, 0x598CB0FA, 0x91F7F7EE, 0x7AD91D26, 0xD6E6C907, 0x61B46FC9,
+    0xF99C0238, 0xBC34F4DE, 0x6519035B, 0xDE355B3B, 0x611FCFDC, 0x886B4238,
+    0xC1B2EFFA, 0xC6F34A26, 0x7D1683B2, 0xC58EF183, 0x2EC22005, 0x3BB5FCBC,
+    0x4C6FAD73, 0xC3FE3B1B, 0xEEF28183, 0x8E4F1232, 0xE98583FF, 0x9172FE9C,
+    0x28342F61, 0xC03404CD, 0xCDF7E2EC, 0x9E02FCE1, 0xEE0A6D70, 0x0B07A7C8,
+    0x6372BB19, 0xAE56EDE7, 0xDE394DF4, 0x1D4F42A3, 0x60D7F468, 0xB96ADAB7,
+    0xB2C8E3FB, 0xD108A94B, 0xB324FB61, 0xBC0AB182, 0x483A797A, 0x30ACCA4F,
+    0x36ADE735, 0x1DF158A1, 0xF3EFE872, 0xE2A689DA, 0xE0E68B77, 0x984F0C70,
+    0x7F57C935, 0xB557135E, 0x3DED1AF3, 0x85636555, 0x5F066ED0, 0x2433F51F,
+    0xD5FD6561, 0xD3DF1ED5, 0xAEC4617A, 0xF681B202, 0x630C75D8, 0x7D2FE363,
+    0x249B3EF9, 0xCC939DCE, 0x146433FB, 0xA9E13641, 0xCE2D3695, 0xD8B9C583,
+    0x273D3CF1, 0xAFDC5620, 0xA2BB4A9A, 0xADF85458, 0xFFFFFFFF, 0xFFFFFFFF
+};
+
+static const BN_ULONG ffdhe8192_p[] = {
+    0xFFFFFFFF, 0xFFFFFFFF, 0xC5C6424C, 0xD68C8BB7, 0x838FF88C, 0x011E2A94,
+    0xA9F4614E, 0x0822E506, 0xF7A8443D, 0x97D11D49, 0x30677F0D, 0xA6BBFDE5,
+    0xC1FE86FE, 0x2F741EF8, 0x5D71A87E, 0xFAFABE1C, 0xFBE58A30, 0xDED2FBAB,
+    0x72B0A66E, 0xB6855DFE, 0xBA8A4FE8, 0x1EFC8CE0, 0x3F2FA457, 0x83F81D4A,
+    0xA577E231, 0xA1FE3075, 0x88D9C0A0, 0xD5B80194, 0xAD9A95F9, 0x624816CD,
+    0x50C1217B, 0x99E9E316, 0x0E423CFC, 0x51AA691E, 0x3826E52C, 0x1C217E6C,
+    0x09703FEE, 0x51A8A931, 0x6A460E74, 0xBB709987, 0x9C86B022, 0x541FC68C,
+    0x46FD8251, 0x59160CC0, 0x35C35F5C, 0x2846C0BA, 0x8B758282, 0x54504AC7,
+    0xD2AF05E4, 0x29388839, 0xC01BD702, 0xCB2C0F1C, 0x7C932665, 0x555B2F74,
+    0xA3AB8829, 0x86B63142, 0xF64B10EF, 0x0B8CC3BD, 0xEDD1CC5E, 0x687FEB69,
+    0xC9509D43, 0xFDB23FCE, 0xD951AE64, 0x1E425A31, 0xF600C838, 0x36AD004C,
+    0xCFF46AAA, 0xA40E329C, 0x7938DAD4, 0xA41D570D, 0xD43161C1, 0x62A69526,
+    0x9ADB1E69, 0x3FDD4A8E, 0xDC6B80D6, 0x5B3B71F9, 0xC6272B04, 0xEC9D1810,
+    0xCACEF403, 0x8CCF2DD5, 0xC95B9117, 0xE49F5235, 0xB854338A, 0x505DC82D,
+    0x1562A846, 0x62292C31, 0x6AE77F5E, 0xD72B0374, 0x462D538C, 0xF9C9091B,
+    0x47A67CBE, 0x0AE8DB58, 0x22611682, 0xB3A739C1, 0x2A281BF6, 0xEEAAC023,
+    0x77CAF992, 0x94C6651E, 0x94B2BBC1, 0x763E4E4B, 0x0077D9B4, 0x587E38DA,
+    0x183023C3, 0x7FB29F8C, 0xF9E3A26E, 0x0ABEC1FF, 0x350511E3, 0xA00EF092,
+    0xDB6340D8, 0xB855322E, 0xA9A96910, 0xA52471F7, 0x4CFDB477, 0x388147FB,
+    0x4E46041F, 0x9B1F5C3E, 0xFCCFEC71, 0xCDAD0657, 0x4C701C3A, 0xB38E8C33,
+    0xB1C0FD4C, 0x917BDD64, 0x9B7624C8, 0x3BB45432, 0xCAF53EA6, 0x23BA4442,
+    0x38532A3A, 0x4E677D2C, 0x45036C7A, 0x0BFD64B6, 0x5E0DD902, 0xC68A007E,
+    0xF44182E1, 0x4DB5A851, 0x7F88A46B, 0x8EC9B55A, 0xCEC97DCF, 0x0A8291CD,
+    0xF98D0ACC, 0x2A4ECEA9, 0x7140003C, 0x1A1DB93D, 0x33CB8B7A, 0x092999A3,
+    0x71AD0038, 0x6DC778F9, 0x918130C4, 0xA907600A, 0x2D9E6832, 0xED6A1E01,
+    0xEFB4318A, 0x7135C886, 0x7E31CC7A, 0x87F55BA5, 0x55034004, 0x7763CF1D,
+    0xD69F6D18, 0xAC7D5F42, 0xE58857B6, 0x7930E9E4, 0x164DF4FB, 0x6E6F52C3,
+    0x669E1EF1, 0x25E41D2B, 0x3FD59D7C, 0x3C1B20EE, 0xFA53DDEF, 0x0ABCD06B,
+    0xD5C4484E, 0x1DBF9A42, 0x9B0DEADA, 0xABC52197, 0x22363A0D, 0xE86D2BC5,
+    0x9C9DF69E, 0x5CAE82AB, 0x71F54BFF, 0x64F2E21E, 0xE2D74DD3, 0xF4FD4452,
+    0xBC437944, 0xB4130C93, 0x85139270, 0xAEFE1309, 0xC186D91C, 0x598CB0FA,
+    0x91F7F7EE, 0x7AD91D26, 0xD6E6C907, 0x61B46FC9, 0xF99C0238, 0xBC34F4DE,
+    0x6519035B, 0xDE355B3B, 0x611FCFDC, 0x886B4238, 0xC1B2EFFA, 0xC6F34A26,
+    0x7D1683B2, 0xC58EF183, 0x2EC22005, 0x3BB5FCBC, 0x4C6FAD73, 0xC3FE3B1B,
+    0xEEF28183, 0x8E4F1232, 0xE98583FF, 0x9172FE9C, 0x28342F61, 0xC03404CD,
+    0xCDF7E2EC, 0x9E02FCE1, 0xEE0A6D70, 0x0B07A7C8, 0x6372BB19, 0xAE56EDE7,
+    0xDE394DF4, 0x1D4F42A3, 0x60D7F468, 0xB96ADAB7, 0xB2C8E3FB, 0xD108A94B,
+    0xB324FB61, 0xBC0AB182, 0x483A797A, 0x30ACCA4F, 0x36ADE735, 0x1DF158A1,
+    0xF3EFE872, 0xE2A689DA, 0xE0E68B77, 0x984F0C70, 0x7F57C935, 0xB557135E,
+    0x3DED1AF3, 0x85636555, 0x5F066ED0, 0x2433F51F, 0xD5FD6561, 0xD3DF1ED5,
+    0xAEC4617A, 0xF681B202, 0x630C75D8, 0x7D2FE363, 0x249B3EF9, 0xCC939DCE,
+    0x146433FB, 0xA9E13641, 0xCE2D3695, 0xD8B9C583, 0x273D3CF1, 0xAFDC5620,
+    0xA2BB4A9A, 0xADF85458, 0xFFFFFFFF, 0xFFFFFFFF
+};
+
+# else
+#  error "unsupported BN_BITS2"
+# endif
+
+/* Macro to make a BIGNUM from static data */
+
+# define make_dh_bn(x) extern const BIGNUM _bignum_##x; \
+                       const BIGNUM _bignum_##x = { (BN_ULONG *) x, \
+                        OSSL_NELEM(x),\
+                        OSSL_NELEM(x),\
+                        0, BN_FLG_STATIC_DATA };
+
+static const BN_ULONG value_2 = 2;
+
+const BIGNUM _bignum_const_2 =
+    { (BN_ULONG *)&value_2, 1, 1, 0, BN_FLG_STATIC_DATA };
+
+make_dh_bn(dh1024_160_p)
+make_dh_bn(dh1024_160_g)
+make_dh_bn(dh1024_160_q)
+make_dh_bn(dh2048_224_p)
+make_dh_bn(dh2048_224_g)
+make_dh_bn(dh2048_224_q)
+make_dh_bn(dh2048_256_p)
+make_dh_bn(dh2048_256_g)
+make_dh_bn(dh2048_256_q)
+
+make_dh_bn(ffdhe2048_p)
+make_dh_bn(ffdhe3072_p)
+make_dh_bn(ffdhe4096_p)
+make_dh_bn(ffdhe6144_p)
+make_dh_bn(ffdhe8192_p)
+
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_div.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_div.c
new file mode 100644
index 000000000..3a6fa0a1b
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_div.c
@@ -0,0 +1,457 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <assert.h>
+#include <openssl/bn.h>
+#include "internal/cryptlib.h"
+#include "bn_lcl.h"
+
+/* The old slow way */
+#if 0
+int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
+           BN_CTX *ctx)
+{
+    int i, nm, nd;
+    int ret = 0;
+    BIGNUM *D;
+
+    bn_check_top(m);
+    bn_check_top(d);
+    if (BN_is_zero(d)) {
+        BNerr(BN_F_BN_DIV, BN_R_DIV_BY_ZERO);
+        return 0;
+    }
+
+    if (BN_ucmp(m, d) < 0) {
+        if (rem != NULL) {
+            if (BN_copy(rem, m) == NULL)
+                return 0;
+        }
+        if (dv != NULL)
+            BN_zero(dv);
+        return 1;
+    }
+
+    BN_CTX_start(ctx);
+    D = BN_CTX_get(ctx);
+    if (dv == NULL)
+        dv = BN_CTX_get(ctx);
+    if (rem == NULL)
+        rem = BN_CTX_get(ctx);
+    if (D == NULL || dv == NULL || rem == NULL)
+        goto end;
+
+    nd = BN_num_bits(d);
+    nm = BN_num_bits(m);
+    if (BN_copy(D, d) == NULL)
+        goto end;
+    if (BN_copy(rem, m) == NULL)
+        goto end;
+
+    /*
+     * The next 2 are needed so we can do a dv->d[0]|=1 later since
+     * BN_lshift1 will only work once there is a value :-)
+     */
+    BN_zero(dv);
+    if (bn_wexpand(dv, 1) == NULL)
+        goto end;
+    dv->top = 1;
+
+    if (!BN_lshift(D, D, nm - nd))
+        goto end;
+    for (i = nm - nd; i >= 0; i--) {
+        if (!BN_lshift1(dv, dv))
+            goto end;
+        if (BN_ucmp(rem, D) >= 0) {
+            dv->d[0] |= 1;
+            if (!BN_usub(rem, rem, D))
+                goto end;
+        }
+/* CAN IMPROVE (and have now :=) */
+        if (!BN_rshift1(D, D))
+            goto end;
+    }
+    rem->neg = BN_is_zero(rem) ? 0 : m->neg;
+    dv->neg = m->neg ^ d->neg;
+    ret = 1;
+ end:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+#else
+
+# if defined(BN_DIV3W)
+BN_ULONG bn_div_3_words(const BN_ULONG *m, BN_ULONG d1, BN_ULONG d0);
+# elif 0
+/*
+ * This is #if-ed away, because it's a reference for assembly implementations,
+ * where it can and should be made constant-time. But if you want to test it,
+ * just replace 0 with 1.
+ */
+#  if BN_BITS2 == 64 && defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16
+#   undef BN_ULLONG
+#   define BN_ULLONG __uint128_t
+#   define BN_LLONG
+#  endif
+
+#  ifdef BN_LLONG
+#   define BN_DIV3W
+/*
+ * Interface is somewhat quirky, |m| is pointer to most significant limb,
+ * and less significant limb is referred at |m[-1]|. This means that caller
+ * is responsible for ensuring that |m[-1]| is valid. Second condition that
+ * has to be met is that |d0|'s most significant bit has to be set. Or in
+ * other words divisor has to be "bit-aligned to the left." bn_div_fixed_top
+ * does all this. The subroutine considers four limbs, two of which are
+ * "overlapping," hence the name...
+ */
+static BN_ULONG bn_div_3_words(const BN_ULONG *m, BN_ULONG d1, BN_ULONG d0)
+{
+    BN_ULLONG R = ((BN_ULLONG)m[0] << BN_BITS2) | m[-1];
+    BN_ULLONG D = ((BN_ULLONG)d0 << BN_BITS2) | d1;
+    BN_ULONG Q = 0, mask;
+    int i;
+
+    for (i = 0; i < BN_BITS2; i++) {
+        Q <<= 1;
+        if (R >= D) {
+            Q |= 1;
+            R -= D;
+        }
+        D >>= 1;
+    }
+
+    mask = 0 - (Q >> (BN_BITS2 - 1));   /* does it overflow? */
+
+    Q <<= 1;
+    Q |= (R >= D);
+
+    return (Q | mask) & BN_MASK2;
+}
+#  endif
+# endif
+
+static int bn_left_align(BIGNUM *num)
+{
+    BN_ULONG *d = num->d, n, m, rmask;
+    int top = num->top;
+    int rshift = BN_num_bits_word(d[top - 1]), lshift, i;
+
+    lshift = BN_BITS2 - rshift;
+    rshift %= BN_BITS2;            /* say no to undefined behaviour */
+    rmask = (BN_ULONG)0 - rshift;  /* rmask = 0 - (rshift != 0) */
+    rmask |= rmask >> 8;
+
+    for (i = 0, m = 0; i < top; i++) {
+        n = d[i];
+        d[i] = ((n << lshift) | m) & BN_MASK2;
+        m = (n >> rshift) & rmask;
+    }
+
+    return lshift;
+}
+
+# if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) \
+    && !defined(PEDANTIC) && !defined(BN_DIV3W)
+#  if defined(__GNUC__) && __GNUC__>=2
+#   if defined(__i386) || defined (__i386__)
+   /*-
+    * There were two reasons for implementing this template:
+    * - GNU C generates a call to a function (__udivdi3 to be exact)
+    *   in reply to ((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0 (I fail to
+    *   understand why...);
+    * - divl doesn't only calculate quotient, but also leaves
+    *   remainder in %edx which we can definitely use here:-)
+    */
+#    undef bn_div_words
+#    define bn_div_words(n0,n1,d0)                \
+        ({  asm volatile (                      \
+                "divl   %4"                     \
+                : "=a"(q), "=d"(rem)            \
+                : "a"(n1), "d"(n0), "r"(d0)     \
+                : "cc");                        \
+            q;                                  \
+        })
+#    define REMAINDER_IS_ALREADY_CALCULATED
+#   elif defined(__x86_64) && defined(SIXTY_FOUR_BIT_LONG)
+   /*
+    * Same story here, but it's 128-bit by 64-bit division. Wow!
+    */
+#    undef bn_div_words
+#    define bn_div_words(n0,n1,d0)                \
+        ({  asm volatile (                      \
+                "divq   %4"                     \
+                : "=a"(q), "=d"(rem)            \
+                : "a"(n1), "d"(n0), "r"(d0)     \
+                : "cc");                        \
+            q;                                  \
+        })
+#    define REMAINDER_IS_ALREADY_CALCULATED
+#   endif                       /* __<cpu> */
+#  endif                        /* __GNUC__ */
+# endif                         /* OPENSSL_NO_ASM */
+
+/*-
+ * BN_div computes  dv := num / divisor, rounding towards
+ * zero, and sets up rm  such that  dv*divisor + rm = num  holds.
+ * Thus:
+ *     dv->neg == num->neg ^ divisor->neg  (unless the result is zero)
+ *     rm->neg == num->neg                 (unless the remainder is zero)
+ * If 'dv' or 'rm' is NULL, the respective value is not returned.
+ */
+int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
+           BN_CTX *ctx)
+{
+    int ret;
+
+    if (BN_is_zero(divisor)) {
+        BNerr(BN_F_BN_DIV, BN_R_DIV_BY_ZERO);
+        return 0;
+    }
+
+    /*
+     * Invalid zero-padding would have particularly bad consequences so don't
+     * just rely on bn_check_top() here (bn_check_top() works only for
+     * BN_DEBUG builds)
+     */
+    if (divisor->d[divisor->top - 1] == 0) {
+        BNerr(BN_F_BN_DIV, BN_R_NOT_INITIALIZED);
+        return 0;
+    }
+
+    ret = bn_div_fixed_top(dv, rm, num, divisor, ctx);
+
+    if (ret) {
+        if (dv != NULL)
+            bn_correct_top(dv);
+        if (rm != NULL)
+            bn_correct_top(rm);
+    }
+
+    return ret;
+}
+
+/*
+ * It's argued that *length* of *significant* part of divisor is public.
+ * Even if it's private modulus that is. Again, *length* is assumed
+ * public, but not *value*. Former is likely to be pre-defined by
+ * algorithm with bit granularity, though below subroutine is invariant
+ * of limb length. Thanks to this assumption we can require that |divisor|
+ * may not be zero-padded, yet claim this subroutine "constant-time"(*).
+ * This is because zero-padded dividend, |num|, is tolerated, so that
+ * caller can pass dividend of public length(*), but with smaller amount
+ * of significant limbs. This naturally means that quotient, |dv|, would
+ * contain correspongly less significant limbs as well, and will be zero-
+ * padded accordingly. Returned remainder, |rm|, will have same bit length
+ * as divisor, also zero-padded if needed. These actually leave sign bits
+ * in ambiguous state. In sense that we try to avoid negative zeros, while
+ * zero-padded zeros would retain sign.
+ *
+ * (*) "Constant-time-ness" has two pre-conditions:
+ *
+ *     - availability of constant-time bn_div_3_words;
+ *     - dividend is at least as "wide" as divisor, limb-wise, zero-padded
+ *       if so requied, which shouldn't be a privacy problem, because
+ *       divisor's length is considered public;
+ */
+int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,
+                     const BIGNUM *divisor, BN_CTX *ctx)
+{
+    int norm_shift, i, j, loop;
+    BIGNUM *tmp, *snum, *sdiv, *res;
+    BN_ULONG *resp, *wnum, *wnumtop;
+    BN_ULONG d0, d1;
+    int num_n, div_n;
+
+    assert(divisor->top > 0 && divisor->d[divisor->top - 1] != 0);
+
+    bn_check_top(num);
+    bn_check_top(divisor);
+    bn_check_top(dv);
+    bn_check_top(rm);
+
+    BN_CTX_start(ctx);
+    res = (dv == NULL) ? BN_CTX_get(ctx) : dv;
+    tmp = BN_CTX_get(ctx);
+    snum = BN_CTX_get(ctx);
+    sdiv = BN_CTX_get(ctx);
+    if (sdiv == NULL)
+        goto err;
+
+    /* First we normalise the numbers */
+    if (!BN_copy(sdiv, divisor))
+        goto err;
+    norm_shift = bn_left_align(sdiv);
+    sdiv->neg = 0;
+    /*
+     * Note that bn_lshift_fixed_top's output is always one limb longer
+     * than input, even when norm_shift is zero. This means that amount of
+     * inner loop iterations is invariant of dividend value, and that one
+     * doesn't need to compare dividend and divisor if they were originally
+     * of the same bit length.
+     */
+    if (!(bn_lshift_fixed_top(snum, num, norm_shift)))
+        goto err;
+
+    div_n = sdiv->top;
+    num_n = snum->top;
+
+    if (num_n <= div_n) {
+        /* caller didn't pad dividend -> no constant-time guarantee... */
+        if (bn_wexpand(snum, div_n + 1) == NULL)
+            goto err;
+        memset(&(snum->d[num_n]), 0, (div_n - num_n + 1) * sizeof(BN_ULONG));
+        snum->top = num_n = div_n + 1;
+    }
+
+    loop = num_n - div_n;
+    /*
+     * Lets setup a 'window' into snum This is the part that corresponds to
+     * the current 'area' being divided
+     */
+    wnum = &(snum->d[loop]);
+    wnumtop = &(snum->d[num_n - 1]);
+
+    /* Get the top 2 words of sdiv */
+    d0 = sdiv->d[div_n - 1];
+    d1 = (div_n == 1) ? 0 : sdiv->d[div_n - 2];
+
+    /* Setup quotient */
+    if (!bn_wexpand(res, loop))
+        goto err;
+    res->neg = (num->neg ^ divisor->neg);
+    res->top = loop;
+    res->flags |= BN_FLG_FIXED_TOP;
+    resp = &(res->d[loop]);
+
+    /* space for temp */
+    if (!bn_wexpand(tmp, (div_n + 1)))
+        goto err;
+
+    for (i = 0; i < loop; i++, wnumtop--) {
+        BN_ULONG q, l0;
+        /*
+         * the first part of the loop uses the top two words of snum and sdiv
+         * to calculate a BN_ULONG q such that | wnum - sdiv * q | < sdiv
+         */
+# if defined(BN_DIV3W)
+        q = bn_div_3_words(wnumtop, d1, d0);
+# else
+        BN_ULONG n0, n1, rem = 0;
+
+        n0 = wnumtop[0];
+        n1 = wnumtop[-1];
+        if (n0 == d0)
+            q = BN_MASK2;
+        else {                  /* n0 < d0 */
+            BN_ULONG n2 = (wnumtop == wnum) ? 0 : wnumtop[-2];
+#  ifdef BN_LLONG
+            BN_ULLONG t2;
+
+#   if defined(BN_LLONG) && defined(BN_DIV2W) && !defined(bn_div_words)
+            q = (BN_ULONG)(((((BN_ULLONG) n0) << BN_BITS2) | n1) / d0);
+#   else
+            q = bn_div_words(n0, n1, d0);
+#   endif
+
+#   ifndef REMAINDER_IS_ALREADY_CALCULATED
+            /*
+             * rem doesn't have to be BN_ULLONG. The least we
+             * know it's less that d0, isn't it?
+             */
+            rem = (n1 - q * d0) & BN_MASK2;
+#   endif
+            t2 = (BN_ULLONG) d1 *q;
+
+            for (;;) {
+                if (t2 <= ((((BN_ULLONG) rem) << BN_BITS2) | n2))
+                    break;
+                q--;
+                rem += d0;
+                if (rem < d0)
+                    break;      /* don't let rem overflow */
+                t2 -= d1;
+            }
+#  else                         /* !BN_LLONG */
+            BN_ULONG t2l, t2h;
+
+            q = bn_div_words(n0, n1, d0);
+#   ifndef REMAINDER_IS_ALREADY_CALCULATED
+            rem = (n1 - q * d0) & BN_MASK2;
+#   endif
+
+#   if defined(BN_UMULT_LOHI)
+            BN_UMULT_LOHI(t2l, t2h, d1, q);
+#   elif defined(BN_UMULT_HIGH)
+            t2l = d1 * q;
+            t2h = BN_UMULT_HIGH(d1, q);
+#   else
+            {
+                BN_ULONG ql, qh;
+                t2l = LBITS(d1);
+                t2h = HBITS(d1);
+                ql = LBITS(q);
+                qh = HBITS(q);
+                mul64(t2l, t2h, ql, qh); /* t2=(BN_ULLONG)d1*q; */
+            }
+#   endif
+
+            for (;;) {
+                if ((t2h < rem) || ((t2h == rem) && (t2l <= n2)))
+                    break;
+                q--;
+                rem += d0;
+                if (rem < d0)
+                    break;      /* don't let rem overflow */
+                if (t2l < d1)
+                    t2h--;
+                t2l -= d1;
+            }
+#  endif                        /* !BN_LLONG */
+        }
+# endif                         /* !BN_DIV3W */
+
+        l0 = bn_mul_words(tmp->d, sdiv->d, div_n, q);
+        tmp->d[div_n] = l0;
+        wnum--;
+        /*
+         * ignore top values of the bignums just sub the two BN_ULONG arrays
+         * with bn_sub_words
+         */
+        l0 = bn_sub_words(wnum, wnum, tmp->d, div_n + 1);
+        q -= l0;
+        /*
+         * Note: As we have considered only the leading two BN_ULONGs in
+         * the calculation of q, sdiv * q might be greater than wnum (but
+         * then (q-1) * sdiv is less or equal than wnum)
+         */
+        for (l0 = 0 - l0, j = 0; j < div_n; j++)
+            tmp->d[j] = sdiv->d[j] & l0;
+        l0 = bn_add_words(wnum, wnum, tmp->d, div_n);
+        (*wnumtop) += l0;
+        assert((*wnumtop) == 0);
+
+        /* store part of the result */
+        *--resp = q;
+    }
+    /* snum holds remainder, it's as wide as divisor */
+    snum->neg = num->neg;
+    snum->top = div_n;
+    snum->flags |= BN_FLG_FIXED_TOP;
+    if (rm != NULL)
+        bn_rshift_fixed_top(rm, snum, norm_shift);
+    BN_CTX_end(ctx);
+    return 1;
+ err:
+    bn_check_top(rm);
+    BN_CTX_end(ctx);
+    return 0;
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_err.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_err.c
new file mode 100644
index 000000000..dd87c152c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_err.c
@@ -0,0 +1,118 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/bnerr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA BN_str_functs[] = {
+    {ERR_PACK(ERR_LIB_BN, BN_F_BNRAND, 0), "bnrand"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BNRAND_RANGE, 0), "bnrand_range"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_BLINDING_CONVERT_EX, 0),
+     "BN_BLINDING_convert_ex"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_BLINDING_CREATE_PARAM, 0),
+     "BN_BLINDING_create_param"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_BLINDING_INVERT_EX, 0),
+     "BN_BLINDING_invert_ex"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_BLINDING_NEW, 0), "BN_BLINDING_new"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_BLINDING_UPDATE, 0), "BN_BLINDING_update"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_BN2DEC, 0), "BN_bn2dec"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_BN2HEX, 0), "BN_bn2hex"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_COMPUTE_WNAF, 0), "bn_compute_wNAF"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_CTX_GET, 0), "BN_CTX_get"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_CTX_NEW, 0), "BN_CTX_new"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_CTX_START, 0), "BN_CTX_start"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_DIV, 0), "BN_div"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_DIV_RECP, 0), "BN_div_recp"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_EXP, 0), "BN_exp"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_EXPAND_INTERNAL, 0), "bn_expand_internal"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_GENCB_NEW, 0), "BN_GENCB_new"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_GENERATE_DSA_NONCE, 0),
+     "BN_generate_dsa_nonce"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_GENERATE_PRIME_EX, 0),
+     "BN_generate_prime_ex"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD, 0), "BN_GF2m_mod"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD_EXP, 0), "BN_GF2m_mod_exp"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD_MUL, 0), "BN_GF2m_mod_mul"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD_SOLVE_QUAD, 0),
+     "BN_GF2m_mod_solve_quad"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR, 0),
+     "BN_GF2m_mod_solve_quad_arr"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD_SQR, 0), "BN_GF2m_mod_sqr"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD_SQRT, 0), "BN_GF2m_mod_sqrt"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_LSHIFT, 0), "BN_lshift"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_EXP2_MONT, 0), "BN_mod_exp2_mont"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_EXP_MONT, 0), "BN_mod_exp_mont"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_EXP_MONT_CONSTTIME, 0),
+     "BN_mod_exp_mont_consttime"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_EXP_MONT_WORD, 0),
+     "BN_mod_exp_mont_word"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_EXP_RECP, 0), "BN_mod_exp_recp"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_EXP_SIMPLE, 0), "BN_mod_exp_simple"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_INVERSE, 0), "BN_mod_inverse"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_INVERSE_NO_BRANCH, 0),
+     "BN_mod_inverse_no_branch"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_LSHIFT_QUICK, 0), "BN_mod_lshift_quick"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_SQRT, 0), "BN_mod_sqrt"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_MONT_CTX_NEW, 0), "BN_MONT_CTX_new"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_MPI2BN, 0), "BN_mpi2bn"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_NEW, 0), "BN_new"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_POOL_GET, 0), "BN_POOL_get"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_RAND, 0), "BN_rand"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_RAND_RANGE, 0), "BN_rand_range"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_RECP_CTX_NEW, 0), "BN_RECP_CTX_new"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_RSHIFT, 0), "BN_rshift"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_SET_WORDS, 0), "bn_set_words"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_STACK_PUSH, 0), "BN_STACK_push"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_USUB, 0), "BN_usub"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA BN_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_ARG2_LT_ARG3), "arg2 lt arg3"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_BAD_RECIPROCAL), "bad reciprocal"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_BIGNUM_TOO_LONG), "bignum too long"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_BITS_TOO_SMALL), "bits too small"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_CALLED_WITH_EVEN_MODULUS),
+    "called with even modulus"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_DIV_BY_ZERO), "div by zero"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_ENCODING_ERROR), "encoding error"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_EXPAND_ON_STATIC_BIGNUM_DATA),
+    "expand on static bignum data"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_INPUT_NOT_REDUCED), "input not reduced"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_INVALID_LENGTH), "invalid length"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_INVALID_RANGE), "invalid range"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_INVALID_SHIFT), "invalid shift"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_NOT_A_SQUARE), "not a square"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_NOT_INITIALIZED), "not initialized"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_NO_INVERSE), "no inverse"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_NO_SOLUTION), "no solution"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_PRIVATE_KEY_TOO_LARGE),
+    "private key too large"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_P_IS_NOT_PRIME), "p is not prime"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_TOO_MANY_ITERATIONS), "too many iterations"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_TOO_MANY_TEMPORARY_VARIABLES),
+    "too many temporary variables"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_BN_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(BN_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(BN_str_functs);
+        ERR_load_strings_const(BN_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_exp.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_exp.c
new file mode 100644
index 000000000..88f2baf0e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_exp.c
@@ -0,0 +1,1395 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include "internal/constant_time_locl.h"
+#include "bn_lcl.h"
+
+#include <stdlib.h>
+#ifdef _WIN32
+# include <malloc.h>
+# ifndef alloca
+#  define alloca _alloca
+# endif
+#elif defined(__GNUC__)
+# ifndef alloca
+#  define alloca(s) __builtin_alloca((s))
+# endif
+#elif defined(__sun)
+# include <alloca.h>
+#endif
+
+#include "rsaz_exp.h"
+
+#undef SPARC_T4_MONT
+#if defined(OPENSSL_BN_ASM_MONT) && (defined(__sparc__) || defined(__sparc))
+# include "sparc_arch.h"
+extern unsigned int OPENSSL_sparcv9cap_P[];
+# define SPARC_T4_MONT
+#endif
+
+/* maximum precomputation table size for *variable* sliding windows */
+#define TABLE_SIZE      32
+
+/* this one works - simple but works */
+int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+{
+    int i, bits, ret = 0;
+    BIGNUM *v, *rr;
+
+    if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0
+            || BN_get_flags(a, BN_FLG_CONSTTIME) != 0) {
+        /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
+        BNerr(BN_F_BN_EXP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+
+    BN_CTX_start(ctx);
+    rr = ((r == a) || (r == p)) ? BN_CTX_get(ctx) : r;
+    v = BN_CTX_get(ctx);
+    if (rr == NULL || v == NULL)
+        goto err;
+
+    if (BN_copy(v, a) == NULL)
+        goto err;
+    bits = BN_num_bits(p);
+
+    if (BN_is_odd(p)) {
+        if (BN_copy(rr, a) == NULL)
+            goto err;
+    } else {
+        if (!BN_one(rr))
+            goto err;
+    }
+
+    for (i = 1; i < bits; i++) {
+        if (!BN_sqr(v, v, ctx))
+            goto err;
+        if (BN_is_bit_set(p, i)) {
+            if (!BN_mul(rr, rr, v, ctx))
+                goto err;
+        }
+    }
+    if (r != rr && BN_copy(r, rr) == NULL)
+        goto err;
+
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    bn_check_top(r);
+    return ret;
+}
+
+int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
+               BN_CTX *ctx)
+{
+    int ret;
+
+    bn_check_top(a);
+    bn_check_top(p);
+    bn_check_top(m);
+
+    /*-
+     * For even modulus  m = 2^k*m_odd, it might make sense to compute
+     * a^p mod m_odd  and  a^p mod 2^k  separately (with Montgomery
+     * exponentiation for the odd part), using appropriate exponent
+     * reductions, and combine the results using the CRT.
+     *
+     * For now, we use Montgomery only if the modulus is odd; otherwise,
+     * exponentiation using the reciprocal-based quick remaindering
+     * algorithm is used.
+     *
+     * (Timing obtained with expspeed.c [computations  a^p mod m
+     * where  a, p, m  are of the same length: 256, 512, 1024, 2048,
+     * 4096, 8192 bits], compared to the running time of the
+     * standard algorithm:
+     *
+     *   BN_mod_exp_mont   33 .. 40 %  [AMD K6-2, Linux, debug configuration]
+     *                     55 .. 77 %  [UltraSparc processor, but
+     *                                  debug-solaris-sparcv8-gcc conf.]
+     *
+     *   BN_mod_exp_recp   50 .. 70 %  [AMD K6-2, Linux, debug configuration]
+     *                     62 .. 118 % [UltraSparc, debug-solaris-sparcv8-gcc]
+     *
+     * On the Sparc, BN_mod_exp_recp was faster than BN_mod_exp_mont
+     * at 2048 and more bits, but at 512 and 1024 bits, it was
+     * slower even than the standard algorithm!
+     *
+     * "Real" timings [linux-elf, solaris-sparcv9-gcc configurations]
+     * should be obtained when the new Montgomery reduction code
+     * has been integrated into OpenSSL.)
+     */
+
+#define MONT_MUL_MOD
+#define MONT_EXP_WORD
+#define RECP_MUL_MOD
+
+#ifdef MONT_MUL_MOD
+    if (BN_is_odd(m)) {
+# ifdef MONT_EXP_WORD
+        if (a->top == 1 && !a->neg
+            && (BN_get_flags(p, BN_FLG_CONSTTIME) == 0)
+            && (BN_get_flags(a, BN_FLG_CONSTTIME) == 0)
+            && (BN_get_flags(m, BN_FLG_CONSTTIME) == 0)) {
+            BN_ULONG A = a->d[0];
+            ret = BN_mod_exp_mont_word(r, A, p, m, ctx, NULL);
+        } else
+# endif
+            ret = BN_mod_exp_mont(r, a, p, m, ctx, NULL);
+    } else
+#endif
+#ifdef RECP_MUL_MOD
+    {
+        ret = BN_mod_exp_recp(r, a, p, m, ctx);
+    }
+#else
+    {
+        ret = BN_mod_exp_simple(r, a, p, m, ctx);
+    }
+#endif
+
+    bn_check_top(r);
+    return ret;
+}
+
+int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                    const BIGNUM *m, BN_CTX *ctx)
+{
+    int i, j, bits, ret = 0, wstart, wend, window, wvalue;
+    int start = 1;
+    BIGNUM *aa;
+    /* Table of variables obtained from 'ctx' */
+    BIGNUM *val[TABLE_SIZE];
+    BN_RECP_CTX recp;
+
+    if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0
+            || BN_get_flags(a, BN_FLG_CONSTTIME) != 0
+            || BN_get_flags(m, BN_FLG_CONSTTIME) != 0) {
+        /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
+        BNerr(BN_F_BN_MOD_EXP_RECP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+
+    bits = BN_num_bits(p);
+    if (bits == 0) {
+        /* x**0 mod 1, or x**0 mod -1 is still zero. */
+        if (BN_abs_is_word(m, 1)) {
+            ret = 1;
+            BN_zero(r);
+        } else {
+            ret = BN_one(r);
+        }
+        return ret;
+    }
+
+    BN_CTX_start(ctx);
+    aa = BN_CTX_get(ctx);
+    val[0] = BN_CTX_get(ctx);
+    if (val[0] == NULL)
+        goto err;
+
+    BN_RECP_CTX_init(&recp);
+    if (m->neg) {
+        /* ignore sign of 'm' */
+        if (!BN_copy(aa, m))
+            goto err;
+        aa->neg = 0;
+        if (BN_RECP_CTX_set(&recp, aa, ctx) <= 0)
+            goto err;
+    } else {
+        if (BN_RECP_CTX_set(&recp, m, ctx) <= 0)
+            goto err;
+    }
+
+    if (!BN_nnmod(val[0], a, m, ctx))
+        goto err;               /* 1 */
+    if (BN_is_zero(val[0])) {
+        BN_zero(r);
+        ret = 1;
+        goto err;
+    }
+
+    window = BN_window_bits_for_exponent_size(bits);
+    if (window > 1) {
+        if (!BN_mod_mul_reciprocal(aa, val[0], val[0], &recp, ctx))
+            goto err;           /* 2 */
+        j = 1 << (window - 1);
+        for (i = 1; i < j; i++) {
+            if (((val[i] = BN_CTX_get(ctx)) == NULL) ||
+                !BN_mod_mul_reciprocal(val[i], val[i - 1], aa, &recp, ctx))
+                goto err;
+        }
+    }
+
+    start = 1;                  /* This is used to avoid multiplication etc
+                                 * when there is only the value '1' in the
+                                 * buffer. */
+    wvalue = 0;                 /* The 'value' of the window */
+    wstart = bits - 1;          /* The top bit of the window */
+    wend = 0;                   /* The bottom bit of the window */
+
+    if (!BN_one(r))
+        goto err;
+
+    for (;;) {
+        if (BN_is_bit_set(p, wstart) == 0) {
+            if (!start)
+                if (!BN_mod_mul_reciprocal(r, r, r, &recp, ctx))
+                    goto err;
+            if (wstart == 0)
+                break;
+            wstart--;
+            continue;
+        }
+        /*
+         * We now have wstart on a 'set' bit, we now need to work out how bit
+         * a window to do.  To do this we need to scan forward until the last
+         * set bit before the end of the window
+         */
+        j = wstart;
+        wvalue = 1;
+        wend = 0;
+        for (i = 1; i < window; i++) {
+            if (wstart - i < 0)
+                break;
+            if (BN_is_bit_set(p, wstart - i)) {
+                wvalue <<= (i - wend);
+                wvalue |= 1;
+                wend = i;
+            }
+        }
+
+        /* wend is the size of the current window */
+        j = wend + 1;
+        /* add the 'bytes above' */
+        if (!start)
+            for (i = 0; i < j; i++) {
+                if (!BN_mod_mul_reciprocal(r, r, r, &recp, ctx))
+                    goto err;
+            }
+
+        /* wvalue will be an odd number < 2^window */
+        if (!BN_mod_mul_reciprocal(r, r, val[wvalue >> 1], &recp, ctx))
+            goto err;
+
+        /* move the 'window' down further */
+        wstart -= wend + 1;
+        wvalue = 0;
+        start = 0;
+        if (wstart < 0)
+            break;
+    }
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    BN_RECP_CTX_free(&recp);
+    bn_check_top(r);
+    return ret;
+}
+
+int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+                    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+{
+    int i, j, bits, ret = 0, wstart, wend, window, wvalue;
+    int start = 1;
+    BIGNUM *d, *r;
+    const BIGNUM *aa;
+    /* Table of variables obtained from 'ctx' */
+    BIGNUM *val[TABLE_SIZE];
+    BN_MONT_CTX *mont = NULL;
+
+    if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0
+            || BN_get_flags(a, BN_FLG_CONSTTIME) != 0
+            || BN_get_flags(m, BN_FLG_CONSTTIME) != 0) {
+        return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont);
+    }
+
+    bn_check_top(a);
+    bn_check_top(p);
+    bn_check_top(m);
+
+    if (!BN_is_odd(m)) {
+        BNerr(BN_F_BN_MOD_EXP_MONT, BN_R_CALLED_WITH_EVEN_MODULUS);
+        return 0;
+    }
+    bits = BN_num_bits(p);
+    if (bits == 0) {
+        /* x**0 mod 1, or x**0 mod -1 is still zero. */
+        if (BN_abs_is_word(m, 1)) {
+            ret = 1;
+            BN_zero(rr);
+        } else {
+            ret = BN_one(rr);
+        }
+        return ret;
+    }
+
+    BN_CTX_start(ctx);
+    d = BN_CTX_get(ctx);
+    r = BN_CTX_get(ctx);
+    val[0] = BN_CTX_get(ctx);
+    if (val[0] == NULL)
+        goto err;
+
+    /*
+     * If this is not done, things will break in the montgomery part
+     */
+
+    if (in_mont != NULL)
+        mont = in_mont;
+    else {
+        if ((mont = BN_MONT_CTX_new()) == NULL)
+            goto err;
+        if (!BN_MONT_CTX_set(mont, m, ctx))
+            goto err;
+    }
+
+    if (a->neg || BN_ucmp(a, m) >= 0) {
+        if (!BN_nnmod(val[0], a, m, ctx))
+            goto err;
+        aa = val[0];
+    } else
+        aa = a;
+    if (!bn_to_mont_fixed_top(val[0], aa, mont, ctx))
+        goto err;               /* 1 */
+
+    window = BN_window_bits_for_exponent_size(bits);
+    if (window > 1) {
+        if (!bn_mul_mont_fixed_top(d, val[0], val[0], mont, ctx))
+            goto err;           /* 2 */
+        j = 1 << (window - 1);
+        for (i = 1; i < j; i++) {
+            if (((val[i] = BN_CTX_get(ctx)) == NULL) ||
+                !bn_mul_mont_fixed_top(val[i], val[i - 1], d, mont, ctx))
+                goto err;
+        }
+    }
+
+    start = 1;                  /* This is used to avoid multiplication etc
+                                 * when there is only the value '1' in the
+                                 * buffer. */
+    wvalue = 0;                 /* The 'value' of the window */
+    wstart = bits - 1;          /* The top bit of the window */
+    wend = 0;                   /* The bottom bit of the window */
+
+#if 1                           /* by Shay Gueron's suggestion */
+    j = m->top;                 /* borrow j */
+    if (m->d[j - 1] & (((BN_ULONG)1) << (BN_BITS2 - 1))) {
+        if (bn_wexpand(r, j) == NULL)
+            goto err;
+        /* 2^(top*BN_BITS2) - m */
+        r->d[0] = (0 - m->d[0]) & BN_MASK2;
+        for (i = 1; i < j; i++)
+            r->d[i] = (~m->d[i]) & BN_MASK2;
+        r->top = j;
+        r->flags |= BN_FLG_FIXED_TOP;
+    } else
+#endif
+    if (!bn_to_mont_fixed_top(r, BN_value_one(), mont, ctx))
+        goto err;
+    for (;;) {
+        if (BN_is_bit_set(p, wstart) == 0) {
+            if (!start) {
+                if (!bn_mul_mont_fixed_top(r, r, r, mont, ctx))
+                    goto err;
+            }
+            if (wstart == 0)
+                break;
+            wstart--;
+            continue;
+        }
+        /*
+         * We now have wstart on a 'set' bit, we now need to work out how bit
+         * a window to do.  To do this we need to scan forward until the last
+         * set bit before the end of the window
+         */
+        j = wstart;
+        wvalue = 1;
+        wend = 0;
+        for (i = 1; i < window; i++) {
+            if (wstart - i < 0)
+                break;
+            if (BN_is_bit_set(p, wstart - i)) {
+                wvalue <<= (i - wend);
+                wvalue |= 1;
+                wend = i;
+            }
+        }
+
+        /* wend is the size of the current window */
+        j = wend + 1;
+        /* add the 'bytes above' */
+        if (!start)
+            for (i = 0; i < j; i++) {
+                if (!bn_mul_mont_fixed_top(r, r, r, mont, ctx))
+                    goto err;
+            }
+
+        /* wvalue will be an odd number < 2^window */
+        if (!bn_mul_mont_fixed_top(r, r, val[wvalue >> 1], mont, ctx))
+            goto err;
+
+        /* move the 'window' down further */
+        wstart -= wend + 1;
+        wvalue = 0;
+        start = 0;
+        if (wstart < 0)
+            break;
+    }
+    /*
+     * Done with zero-padded intermediate BIGNUMs. Final BN_from_montgomery
+     * removes padding [if any] and makes return value suitable for public
+     * API consumer.
+     */
+#if defined(SPARC_T4_MONT)
+    if (OPENSSL_sparcv9cap_P[0] & (SPARCV9_VIS3 | SPARCV9_PREFER_FPU)) {
+        j = mont->N.top;        /* borrow j */
+        val[0]->d[0] = 1;       /* borrow val[0] */
+        for (i = 1; i < j; i++)
+            val[0]->d[i] = 0;
+        val[0]->top = j;
+        if (!BN_mod_mul_montgomery(rr, r, val[0], mont, ctx))
+            goto err;
+    } else
+#endif
+    if (!BN_from_montgomery(rr, r, mont, ctx))
+        goto err;
+    ret = 1;
+ err:
+    if (in_mont == NULL)
+        BN_MONT_CTX_free(mont);
+    BN_CTX_end(ctx);
+    bn_check_top(rr);
+    return ret;
+}
+
+static BN_ULONG bn_get_bits(const BIGNUM *a, int bitpos)
+{
+    BN_ULONG ret = 0;
+    int wordpos;
+
+    wordpos = bitpos / BN_BITS2;
+    bitpos %= BN_BITS2;
+    if (wordpos >= 0 && wordpos < a->top) {
+        ret = a->d[wordpos] & BN_MASK2;
+        if (bitpos) {
+            ret >>= bitpos;
+            if (++wordpos < a->top)
+                ret |= a->d[wordpos] << (BN_BITS2 - bitpos);
+        }
+    }
+
+    return ret & BN_MASK2;
+}
+
+/*
+ * BN_mod_exp_mont_consttime() stores the precomputed powers in a specific
+ * layout so that accessing any of these table values shows the same access
+ * pattern as far as cache lines are concerned.  The following functions are
+ * used to transfer a BIGNUM from/to that table.
+ */
+
+static int MOD_EXP_CTIME_COPY_TO_PREBUF(const BIGNUM *b, int top,
+                                        unsigned char *buf, int idx,
+                                        int window)
+{
+    int i, j;
+    int width = 1 << window;
+    BN_ULONG *table = (BN_ULONG *)buf;
+
+    if (top > b->top)
+        top = b->top;           /* this works because 'buf' is explicitly
+                                 * zeroed */
+    for (i = 0, j = idx; i < top; i++, j += width) {
+        table[j] = b->d[i];
+    }
+
+    return 1;
+}
+
+static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top,
+                                          unsigned char *buf, int idx,
+                                          int window)
+{
+    int i, j;
+    int width = 1 << window;
+    /*
+     * We declare table 'volatile' in order to discourage compiler
+     * from reordering loads from the table. Concern is that if
+     * reordered in specific manner loads might give away the
+     * information we are trying to conceal. Some would argue that
+     * compiler can reorder them anyway, but it can as well be
+     * argued that doing so would be violation of standard...
+     */
+    volatile BN_ULONG *table = (volatile BN_ULONG *)buf;
+
+    if (bn_wexpand(b, top) == NULL)
+        return 0;
+
+    if (window <= 3) {
+        for (i = 0; i < top; i++, table += width) {
+            BN_ULONG acc = 0;
+
+            for (j = 0; j < width; j++) {
+                acc |= table[j] &
+                       ((BN_ULONG)0 - (constant_time_eq_int(j,idx)&1));
+            }
+
+            b->d[i] = acc;
+        }
+    } else {
+        int xstride = 1 << (window - 2);
+        BN_ULONG y0, y1, y2, y3;
+
+        i = idx >> (window - 2);        /* equivalent of idx / xstride */
+        idx &= xstride - 1;             /* equivalent of idx % xstride */
+
+        y0 = (BN_ULONG)0 - (constant_time_eq_int(i,0)&1);
+        y1 = (BN_ULONG)0 - (constant_time_eq_int(i,1)&1);
+        y2 = (BN_ULONG)0 - (constant_time_eq_int(i,2)&1);
+        y3 = (BN_ULONG)0 - (constant_time_eq_int(i,3)&1);
+
+        for (i = 0; i < top; i++, table += width) {
+            BN_ULONG acc = 0;
+
+            for (j = 0; j < xstride; j++) {
+                acc |= ( (table[j + 0 * xstride] & y0) |
+                         (table[j + 1 * xstride] & y1) |
+                         (table[j + 2 * xstride] & y2) |
+                         (table[j + 3 * xstride] & y3) )
+                       & ((BN_ULONG)0 - (constant_time_eq_int(j,idx)&1));
+            }
+
+            b->d[i] = acc;
+        }
+    }
+
+    b->top = top;
+    b->flags |= BN_FLG_FIXED_TOP;
+    return 1;
+}
+
+/*
+ * Given a pointer value, compute the next address that is a cache line
+ * multiple.
+ */
+#define MOD_EXP_CTIME_ALIGN(x_) \
+        ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
+
+/*
+ * This variant of BN_mod_exp_mont() uses fixed windows and the special
+ * precomputation memory layout to limit data-dependency to a minimum to
+ * protect secret exponents (cf. the hyper-threading timing attacks pointed
+ * out by Colin Percival,
+ * http://www.daemonology.net/hyperthreading-considered-harmful/)
+ */
+int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+                              const BIGNUM *m, BN_CTX *ctx,
+                              BN_MONT_CTX *in_mont)
+{
+    int i, bits, ret = 0, window, wvalue, wmask, window0;
+    int top;
+    BN_MONT_CTX *mont = NULL;
+
+    int numPowers;
+    unsigned char *powerbufFree = NULL;
+    int powerbufLen = 0;
+    unsigned char *powerbuf = NULL;
+    BIGNUM tmp, am;
+#if defined(SPARC_T4_MONT)
+    unsigned int t4 = 0;
+#endif
+
+    bn_check_top(a);
+    bn_check_top(p);
+    bn_check_top(m);
+
+    if (!BN_is_odd(m)) {
+        BNerr(BN_F_BN_MOD_EXP_MONT_CONSTTIME, BN_R_CALLED_WITH_EVEN_MODULUS);
+        return 0;
+    }
+
+    top = m->top;
+
+    /*
+     * Use all bits stored in |p|, rather than |BN_num_bits|, so we do not leak
+     * whether the top bits are zero.
+     */
+    bits = p->top * BN_BITS2;
+    if (bits == 0) {
+        /* x**0 mod 1, or x**0 mod -1 is still zero. */
+        if (BN_abs_is_word(m, 1)) {
+            ret = 1;
+            BN_zero(rr);
+        } else {
+            ret = BN_one(rr);
+        }
+        return ret;
+    }
+
+    BN_CTX_start(ctx);
+
+    /*
+     * Allocate a montgomery context if it was not supplied by the caller. If
+     * this is not done, things will break in the montgomery part.
+     */
+    if (in_mont != NULL)
+        mont = in_mont;
+    else {
+        if ((mont = BN_MONT_CTX_new()) == NULL)
+            goto err;
+        if (!BN_MONT_CTX_set(mont, m, ctx))
+            goto err;
+    }
+
+    if (a->neg || BN_ucmp(a, m) >= 0) {
+        BIGNUM *reduced = BN_CTX_get(ctx);
+        if (reduced == NULL
+            || !BN_nnmod(reduced, a, m, ctx)) {
+            goto err;
+        }
+        a = reduced;
+    }
+
+#ifdef RSAZ_ENABLED
+    /*
+     * If the size of the operands allow it, perform the optimized
+     * RSAZ exponentiation. For further information see
+     * crypto/bn/rsaz_exp.c and accompanying assembly modules.
+     */
+    if ((16 == a->top) && (16 == p->top) && (BN_num_bits(m) == 1024)
+        && rsaz_avx2_eligible()) {
+        if (NULL == bn_wexpand(rr, 16))
+            goto err;
+        RSAZ_1024_mod_exp_avx2(rr->d, a->d, p->d, m->d, mont->RR.d,
+                               mont->n0[0]);
+        rr->top = 16;
+        rr->neg = 0;
+        bn_correct_top(rr);
+        ret = 1;
+        goto err;
+    } else if ((8 == a->top) && (8 == p->top) && (BN_num_bits(m) == 512)) {
+        if (NULL == bn_wexpand(rr, 8))
+            goto err;
+        RSAZ_512_mod_exp(rr->d, a->d, p->d, m->d, mont->n0[0], mont->RR.d);
+        rr->top = 8;
+        rr->neg = 0;
+        bn_correct_top(rr);
+        ret = 1;
+        goto err;
+    }
+#endif
+
+    /* Get the window size to use with size of p. */
+    window = BN_window_bits_for_ctime_exponent_size(bits);
+#if defined(SPARC_T4_MONT)
+    if (window >= 5 && (top & 15) == 0 && top <= 64 &&
+        (OPENSSL_sparcv9cap_P[1] & (CFR_MONTMUL | CFR_MONTSQR)) ==
+        (CFR_MONTMUL | CFR_MONTSQR) && (t4 = OPENSSL_sparcv9cap_P[0]))
+        window = 5;
+    else
+#endif
+#if defined(OPENSSL_BN_ASM_MONT5)
+    if (window >= 5) {
+        window = 5;             /* ~5% improvement for RSA2048 sign, and even
+                                 * for RSA4096 */
+        /* reserve space for mont->N.d[] copy */
+        powerbufLen += top * sizeof(mont->N.d[0]);
+    }
+#endif
+    (void)0;
+
+    /*
+     * Allocate a buffer large enough to hold all of the pre-computed powers
+     * of am, am itself and tmp.
+     */
+    numPowers = 1 << window;
+    powerbufLen += sizeof(m->d[0]) * (top * numPowers +
+                                      ((2 * top) >
+                                       numPowers ? (2 * top) : numPowers));
+#ifdef alloca
+    if (powerbufLen < 3072)
+        powerbufFree =
+            alloca(powerbufLen + MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH);
+    else
+#endif
+        if ((powerbufFree =
+             OPENSSL_malloc(powerbufLen + MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH))
+            == NULL)
+        goto err;
+
+    powerbuf = MOD_EXP_CTIME_ALIGN(powerbufFree);
+    memset(powerbuf, 0, powerbufLen);
+
+#ifdef alloca
+    if (powerbufLen < 3072)
+        powerbufFree = NULL;
+#endif
+
+    /* lay down tmp and am right after powers table */
+    tmp.d = (BN_ULONG *)(powerbuf + sizeof(m->d[0]) * top * numPowers);
+    am.d = tmp.d + top;
+    tmp.top = am.top = 0;
+    tmp.dmax = am.dmax = top;
+    tmp.neg = am.neg = 0;
+    tmp.flags = am.flags = BN_FLG_STATIC_DATA;
+
+    /* prepare a^0 in Montgomery domain */
+#if 1                           /* by Shay Gueron's suggestion */
+    if (m->d[top - 1] & (((BN_ULONG)1) << (BN_BITS2 - 1))) {
+        /* 2^(top*BN_BITS2) - m */
+        tmp.d[0] = (0 - m->d[0]) & BN_MASK2;
+        for (i = 1; i < top; i++)
+            tmp.d[i] = (~m->d[i]) & BN_MASK2;
+        tmp.top = top;
+    } else
+#endif
+    if (!bn_to_mont_fixed_top(&tmp, BN_value_one(), mont, ctx))
+        goto err;
+
+    /* prepare a^1 in Montgomery domain */
+    if (!bn_to_mont_fixed_top(&am, a, mont, ctx))
+        goto err;
+
+#if defined(SPARC_T4_MONT)
+    if (t4) {
+        typedef int (*bn_pwr5_mont_f) (BN_ULONG *tp, const BN_ULONG *np,
+                                       const BN_ULONG *n0, const void *table,
+                                       int power, int bits);
+        int bn_pwr5_mont_t4_8(BN_ULONG *tp, const BN_ULONG *np,
+                              const BN_ULONG *n0, const void *table,
+                              int power, int bits);
+        int bn_pwr5_mont_t4_16(BN_ULONG *tp, const BN_ULONG *np,
+                               const BN_ULONG *n0, const void *table,
+                               int power, int bits);
+        int bn_pwr5_mont_t4_24(BN_ULONG *tp, const BN_ULONG *np,
+                               const BN_ULONG *n0, const void *table,
+                               int power, int bits);
+        int bn_pwr5_mont_t4_32(BN_ULONG *tp, const BN_ULONG *np,
+                               const BN_ULONG *n0, const void *table,
+                               int power, int bits);
+        static const bn_pwr5_mont_f pwr5_funcs[4] = {
+            bn_pwr5_mont_t4_8, bn_pwr5_mont_t4_16,
+            bn_pwr5_mont_t4_24, bn_pwr5_mont_t4_32
+        };
+        bn_pwr5_mont_f pwr5_worker = pwr5_funcs[top / 16 - 1];
+
+        typedef int (*bn_mul_mont_f) (BN_ULONG *rp, const BN_ULONG *ap,
+                                      const void *bp, const BN_ULONG *np,
+                                      const BN_ULONG *n0);
+        int bn_mul_mont_t4_8(BN_ULONG *rp, const BN_ULONG *ap, const void *bp,
+                             const BN_ULONG *np, const BN_ULONG *n0);
+        int bn_mul_mont_t4_16(BN_ULONG *rp, const BN_ULONG *ap,
+                              const void *bp, const BN_ULONG *np,
+                              const BN_ULONG *n0);
+        int bn_mul_mont_t4_24(BN_ULONG *rp, const BN_ULONG *ap,
+                              const void *bp, const BN_ULONG *np,
+                              const BN_ULONG *n0);
+        int bn_mul_mont_t4_32(BN_ULONG *rp, const BN_ULONG *ap,
+                              const void *bp, const BN_ULONG *np,
+                              const BN_ULONG *n0);
+        static const bn_mul_mont_f mul_funcs[4] = {
+            bn_mul_mont_t4_8, bn_mul_mont_t4_16,
+            bn_mul_mont_t4_24, bn_mul_mont_t4_32
+        };
+        bn_mul_mont_f mul_worker = mul_funcs[top / 16 - 1];
+
+        void bn_mul_mont_vis3(BN_ULONG *rp, const BN_ULONG *ap,
+                              const void *bp, const BN_ULONG *np,
+                              const BN_ULONG *n0, int num);
+        void bn_mul_mont_t4(BN_ULONG *rp, const BN_ULONG *ap,
+                            const void *bp, const BN_ULONG *np,
+                            const BN_ULONG *n0, int num);
+        void bn_mul_mont_gather5_t4(BN_ULONG *rp, const BN_ULONG *ap,
+                                    const void *table, const BN_ULONG *np,
+                                    const BN_ULONG *n0, int num, int power);
+        void bn_flip_n_scatter5_t4(const BN_ULONG *inp, size_t num,
+                                   void *table, size_t power);
+        void bn_gather5_t4(BN_ULONG *out, size_t num,
+                           void *table, size_t power);
+        void bn_flip_t4(BN_ULONG *dst, BN_ULONG *src, size_t num);
+
+        BN_ULONG *np = mont->N.d, *n0 = mont->n0;
+        int stride = 5 * (6 - (top / 16 - 1)); /* multiple of 5, but less
+                                                * than 32 */
+
+        /*
+         * BN_to_montgomery can contaminate words above .top [in
+         * BN_DEBUG[_DEBUG] build]...
+         */
+        for (i = am.top; i < top; i++)
+            am.d[i] = 0;
+        for (i = tmp.top; i < top; i++)
+            tmp.d[i] = 0;
+
+        bn_flip_n_scatter5_t4(tmp.d, top, powerbuf, 0);
+        bn_flip_n_scatter5_t4(am.d, top, powerbuf, 1);
+        if (!(*mul_worker) (tmp.d, am.d, am.d, np, n0) &&
+            !(*mul_worker) (tmp.d, am.d, am.d, np, n0))
+            bn_mul_mont_vis3(tmp.d, am.d, am.d, np, n0, top);
+        bn_flip_n_scatter5_t4(tmp.d, top, powerbuf, 2);
+
+        for (i = 3; i < 32; i++) {
+            /* Calculate a^i = a^(i-1) * a */
+            if (!(*mul_worker) (tmp.d, tmp.d, am.d, np, n0) &&
+                !(*mul_worker) (tmp.d, tmp.d, am.d, np, n0))
+                bn_mul_mont_vis3(tmp.d, tmp.d, am.d, np, n0, top);
+            bn_flip_n_scatter5_t4(tmp.d, top, powerbuf, i);
+        }
+
+        /* switch to 64-bit domain */
+        np = alloca(top * sizeof(BN_ULONG));
+        top /= 2;
+        bn_flip_t4(np, mont->N.d, top);
+
+        /*
+         * The exponent may not have a whole number of fixed-size windows.
+         * To simplify the main loop, the initial window has between 1 and
+         * full-window-size bits such that what remains is always a whole
+         * number of windows
+         */
+        window0 = (bits - 1) % 5 + 1;
+        wmask = (1 << window0) - 1;
+        bits -= window0;
+        wvalue = bn_get_bits(p, bits) & wmask;
+        bn_gather5_t4(tmp.d, top, powerbuf, wvalue);
+
+        /*
+         * Scan the exponent one window at a time starting from the most
+         * significant bits.
+         */
+        while (bits > 0) {
+            if (bits < stride)
+                stride = bits;
+            bits -= stride;
+            wvalue = bn_get_bits(p, bits);
+
+            if ((*pwr5_worker) (tmp.d, np, n0, powerbuf, wvalue, stride))
+                continue;
+            /* retry once and fall back */
+            if ((*pwr5_worker) (tmp.d, np, n0, powerbuf, wvalue, stride))
+                continue;
+
+            bits += stride - 5;
+            wvalue >>= stride - 5;
+            wvalue &= 31;
+            bn_mul_mont_t4(tmp.d, tmp.d, tmp.d, np, n0, top);
+            bn_mul_mont_t4(tmp.d, tmp.d, tmp.d, np, n0, top);
+            bn_mul_mont_t4(tmp.d, tmp.d, tmp.d, np, n0, top);
+            bn_mul_mont_t4(tmp.d, tmp.d, tmp.d, np, n0, top);
+            bn_mul_mont_t4(tmp.d, tmp.d, tmp.d, np, n0, top);
+            bn_mul_mont_gather5_t4(tmp.d, tmp.d, powerbuf, np, n0, top,
+                                   wvalue);
+        }
+
+        bn_flip_t4(tmp.d, tmp.d, top);
+        top *= 2;
+        /* back to 32-bit domain */
+        tmp.top = top;
+        bn_correct_top(&tmp);
+        OPENSSL_cleanse(np, top * sizeof(BN_ULONG));
+    } else
+#endif
+#if defined(OPENSSL_BN_ASM_MONT5)
+    if (window == 5 && top > 1) {
+        /*
+         * This optimization uses ideas from http://eprint.iacr.org/2011/239,
+         * specifically optimization of cache-timing attack countermeasures
+         * and pre-computation optimization.
+         */
+
+        /*
+         * Dedicated window==4 case improves 512-bit RSA sign by ~15%, but as
+         * 512-bit RSA is hardly relevant, we omit it to spare size...
+         */
+        void bn_mul_mont_gather5(BN_ULONG *rp, const BN_ULONG *ap,
+                                 const void *table, const BN_ULONG *np,
+                                 const BN_ULONG *n0, int num, int power);
+        void bn_scatter5(const BN_ULONG *inp, size_t num,
+                         void *table, size_t power);
+        void bn_gather5(BN_ULONG *out, size_t num, void *table, size_t power);
+        void bn_power5(BN_ULONG *rp, const BN_ULONG *ap,
+                       const void *table, const BN_ULONG *np,
+                       const BN_ULONG *n0, int num, int power);
+        int bn_get_bits5(const BN_ULONG *ap, int off);
+        int bn_from_montgomery(BN_ULONG *rp, const BN_ULONG *ap,
+                               const BN_ULONG *not_used, const BN_ULONG *np,
+                               const BN_ULONG *n0, int num);
+
+        BN_ULONG *n0 = mont->n0, *np;
+
+        /*
+         * BN_to_montgomery can contaminate words above .top [in
+         * BN_DEBUG[_DEBUG] build]...
+         */
+        for (i = am.top; i < top; i++)
+            am.d[i] = 0;
+        for (i = tmp.top; i < top; i++)
+            tmp.d[i] = 0;
+
+        /*
+         * copy mont->N.d[] to improve cache locality
+         */
+        for (np = am.d + top, i = 0; i < top; i++)
+            np[i] = mont->N.d[i];
+
+        bn_scatter5(tmp.d, top, powerbuf, 0);
+        bn_scatter5(am.d, am.top, powerbuf, 1);
+        bn_mul_mont(tmp.d, am.d, am.d, np, n0, top);
+        bn_scatter5(tmp.d, top, powerbuf, 2);
+
+# if 0
+        for (i = 3; i < 32; i++) {
+            /* Calculate a^i = a^(i-1) * a */
+            bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1);
+            bn_scatter5(tmp.d, top, powerbuf, i);
+        }
+# else
+        /* same as above, but uses squaring for 1/2 of operations */
+        for (i = 4; i < 32; i *= 2) {
+            bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
+            bn_scatter5(tmp.d, top, powerbuf, i);
+        }
+        for (i = 3; i < 8; i += 2) {
+            int j;
+            bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1);
+            bn_scatter5(tmp.d, top, powerbuf, i);
+            for (j = 2 * i; j < 32; j *= 2) {
+                bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
+                bn_scatter5(tmp.d, top, powerbuf, j);
+            }
+        }
+        for (; i < 16; i += 2) {
+            bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1);
+            bn_scatter5(tmp.d, top, powerbuf, i);
+            bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
+            bn_scatter5(tmp.d, top, powerbuf, 2 * i);
+        }
+        for (; i < 32; i += 2) {
+            bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1);
+            bn_scatter5(tmp.d, top, powerbuf, i);
+        }
+# endif
+        /*
+         * The exponent may not have a whole number of fixed-size windows.
+         * To simplify the main loop, the initial window has between 1 and
+         * full-window-size bits such that what remains is always a whole
+         * number of windows
+         */
+        window0 = (bits - 1) % 5 + 1;
+        wmask = (1 << window0) - 1;
+        bits -= window0;
+        wvalue = bn_get_bits(p, bits) & wmask;
+        bn_gather5(tmp.d, top, powerbuf, wvalue);
+
+        /*
+         * Scan the exponent one window at a time starting from the most
+         * significant bits.
+         */
+        if (top & 7) {
+            while (bits > 0) {
+                bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
+                bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
+                bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
+                bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
+                bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
+                bn_mul_mont_gather5(tmp.d, tmp.d, powerbuf, np, n0, top,
+                                    bn_get_bits5(p->d, bits -= 5));
+            }
+        } else {
+            while (bits > 0) {
+                bn_power5(tmp.d, tmp.d, powerbuf, np, n0, top,
+                          bn_get_bits5(p->d, bits -= 5));
+            }
+        }
+
+        ret = bn_from_montgomery(tmp.d, tmp.d, NULL, np, n0, top);
+        tmp.top = top;
+        bn_correct_top(&tmp);
+        if (ret) {
+            if (!BN_copy(rr, &tmp))
+                ret = 0;
+            goto err;           /* non-zero ret means it's not error */
+        }
+    } else
+#endif
+    {
+        if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 0, window))
+            goto err;
+        if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&am, top, powerbuf, 1, window))
+            goto err;
+
+        /*
+         * If the window size is greater than 1, then calculate
+         * val[i=2..2^winsize-1]. Powers are computed as a*a^(i-1) (even
+         * powers could instead be computed as (a^(i/2))^2 to use the slight
+         * performance advantage of sqr over mul).
+         */
+        if (window > 1) {
+            if (!bn_mul_mont_fixed_top(&tmp, &am, &am, mont, ctx))
+                goto err;
+            if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 2,
+                                              window))
+                goto err;
+            for (i = 3; i < numPowers; i++) {
+                /* Calculate a^i = a^(i-1) * a */
+                if (!bn_mul_mont_fixed_top(&tmp, &am, &tmp, mont, ctx))
+                    goto err;
+                if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, i,
+                                                  window))
+                    goto err;
+            }
+        }
+
+        /*
+         * The exponent may not have a whole number of fixed-size windows.
+         * To simplify the main loop, the initial window has between 1 and
+         * full-window-size bits such that what remains is always a whole
+         * number of windows
+         */
+        window0 = (bits - 1) % window + 1;
+        wmask = (1 << window0) - 1;
+        bits -= window0;
+        wvalue = bn_get_bits(p, bits) & wmask;
+        if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&tmp, top, powerbuf, wvalue,
+                                            window))
+            goto err;
+
+        wmask = (1 << window) - 1;
+        /*
+         * Scan the exponent one window at a time starting from the most
+         * significant bits.
+         */
+        while (bits > 0) {
+
+            /* Square the result window-size times */
+            for (i = 0; i < window; i++)
+                if (!bn_mul_mont_fixed_top(&tmp, &tmp, &tmp, mont, ctx))
+                    goto err;
+
+            /*
+             * Get a window's worth of bits from the exponent
+             * This avoids calling BN_is_bit_set for each bit, which
+             * is not only slower but also makes each bit vulnerable to
+             * EM (and likely other) side-channel attacks like One&Done
+             * (for details see "One&Done: A Single-Decryption EM-Based
+             *  Attack on OpenSSL's Constant-Time Blinded RSA" by M. Alam,
+             *  H. Khan, M. Dey, N. Sinha, R. Callan, A. Zajic, and
+             *  M. Prvulovic, in USENIX Security'18)
+             */
+            bits -= window;
+            wvalue = bn_get_bits(p, bits) & wmask;
+            /*
+             * Fetch the appropriate pre-computed value from the pre-buf
+             */
+            if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&am, top, powerbuf, wvalue,
+                                                window))
+                goto err;
+
+            /* Multiply the result into the intermediate result */
+            if (!bn_mul_mont_fixed_top(&tmp, &tmp, &am, mont, ctx))
+                goto err;
+        }
+    }
+
+    /*
+     * Done with zero-padded intermediate BIGNUMs. Final BN_from_montgomery
+     * removes padding [if any] and makes return value suitable for public
+     * API consumer.
+     */
+#if defined(SPARC_T4_MONT)
+    if (OPENSSL_sparcv9cap_P[0] & (SPARCV9_VIS3 | SPARCV9_PREFER_FPU)) {
+        am.d[0] = 1;            /* borrow am */
+        for (i = 1; i < top; i++)
+            am.d[i] = 0;
+        if (!BN_mod_mul_montgomery(rr, &tmp, &am, mont, ctx))
+            goto err;
+    } else
+#endif
+    if (!BN_from_montgomery(rr, &tmp, mont, ctx))
+        goto err;
+    ret = 1;
+ err:
+    if (in_mont == NULL)
+        BN_MONT_CTX_free(mont);
+    if (powerbuf != NULL) {
+        OPENSSL_cleanse(powerbuf, powerbufLen);
+        OPENSSL_free(powerbufFree);
+    }
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
+                         const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+{
+    BN_MONT_CTX *mont = NULL;
+    int b, bits, ret = 0;
+    int r_is_one;
+    BN_ULONG w, next_w;
+    BIGNUM *r, *t;
+    BIGNUM *swap_tmp;
+#define BN_MOD_MUL_WORD(r, w, m) \
+                (BN_mul_word(r, (w)) && \
+                (/* BN_ucmp(r, (m)) < 0 ? 1 :*/  \
+                        (BN_mod(t, r, m, ctx) && (swap_tmp = r, r = t, t = swap_tmp, 1))))
+    /*
+     * BN_MOD_MUL_WORD is only used with 'w' large, so the BN_ucmp test is
+     * probably more overhead than always using BN_mod (which uses BN_copy if
+     * a similar test returns true).
+     */
+    /*
+     * We can use BN_mod and do not need BN_nnmod because our accumulator is
+     * never negative (the result of BN_mod does not depend on the sign of
+     * the modulus).
+     */
+#define BN_TO_MONTGOMERY_WORD(r, w, mont) \
+                (BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx))
+
+    if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0
+            || BN_get_flags(m, BN_FLG_CONSTTIME) != 0) {
+        /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
+        BNerr(BN_F_BN_MOD_EXP_MONT_WORD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+
+    bn_check_top(p);
+    bn_check_top(m);
+
+    if (!BN_is_odd(m)) {
+        BNerr(BN_F_BN_MOD_EXP_MONT_WORD, BN_R_CALLED_WITH_EVEN_MODULUS);
+        return 0;
+    }
+    if (m->top == 1)
+        a %= m->d[0];           /* make sure that 'a' is reduced */
+
+    bits = BN_num_bits(p);
+    if (bits == 0) {
+        /* x**0 mod 1, or x**0 mod -1 is still zero. */
+        if (BN_abs_is_word(m, 1)) {
+            ret = 1;
+            BN_zero(rr);
+        } else {
+            ret = BN_one(rr);
+        }
+        return ret;
+    }
+    if (a == 0) {
+        BN_zero(rr);
+        ret = 1;
+        return ret;
+    }
+
+    BN_CTX_start(ctx);
+    r = BN_CTX_get(ctx);
+    t = BN_CTX_get(ctx);
+    if (t == NULL)
+        goto err;
+
+    if (in_mont != NULL)
+        mont = in_mont;
+    else {
+        if ((mont = BN_MONT_CTX_new()) == NULL)
+            goto err;
+        if (!BN_MONT_CTX_set(mont, m, ctx))
+            goto err;
+    }
+
+    r_is_one = 1;               /* except for Montgomery factor */
+
+    /* bits-1 >= 0 */
+
+    /* The result is accumulated in the product r*w. */
+    w = a;                      /* bit 'bits-1' of 'p' is always set */
+    for (b = bits - 2; b >= 0; b--) {
+        /* First, square r*w. */
+        next_w = w * w;
+        if ((next_w / w) != w) { /* overflow */
+            if (r_is_one) {
+                if (!BN_TO_MONTGOMERY_WORD(r, w, mont))
+                    goto err;
+                r_is_one = 0;
+            } else {
+                if (!BN_MOD_MUL_WORD(r, w, m))
+                    goto err;
+            }
+            next_w = 1;
+        }
+        w = next_w;
+        if (!r_is_one) {
+            if (!BN_mod_mul_montgomery(r, r, r, mont, ctx))
+                goto err;
+        }
+
+        /* Second, multiply r*w by 'a' if exponent bit is set. */
+        if (BN_is_bit_set(p, b)) {
+            next_w = w * a;
+            if ((next_w / a) != w) { /* overflow */
+                if (r_is_one) {
+                    if (!BN_TO_MONTGOMERY_WORD(r, w, mont))
+                        goto err;
+                    r_is_one = 0;
+                } else {
+                    if (!BN_MOD_MUL_WORD(r, w, m))
+                        goto err;
+                }
+                next_w = a;
+            }
+            w = next_w;
+        }
+    }
+
+    /* Finally, set r:=r*w. */
+    if (w != 1) {
+        if (r_is_one) {
+            if (!BN_TO_MONTGOMERY_WORD(r, w, mont))
+                goto err;
+            r_is_one = 0;
+        } else {
+            if (!BN_MOD_MUL_WORD(r, w, m))
+                goto err;
+        }
+    }
+
+    if (r_is_one) {             /* can happen only if a == 1 */
+        if (!BN_one(rr))
+            goto err;
+    } else {
+        if (!BN_from_montgomery(rr, r, mont, ctx))
+            goto err;
+    }
+    ret = 1;
+ err:
+    if (in_mont == NULL)
+        BN_MONT_CTX_free(mont);
+    BN_CTX_end(ctx);
+    bn_check_top(rr);
+    return ret;
+}
+
+/* The old fallback, simple version :-) */
+int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                      const BIGNUM *m, BN_CTX *ctx)
+{
+    int i, j, bits, ret = 0, wstart, wend, window, wvalue;
+    int start = 1;
+    BIGNUM *d;
+    /* Table of variables obtained from 'ctx' */
+    BIGNUM *val[TABLE_SIZE];
+
+    if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0
+            || BN_get_flags(a, BN_FLG_CONSTTIME) != 0
+            || BN_get_flags(m, BN_FLG_CONSTTIME) != 0) {
+        /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
+        BNerr(BN_F_BN_MOD_EXP_SIMPLE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+
+    bits = BN_num_bits(p);
+    if (bits == 0) {
+        /* x**0 mod 1, or x**0 mod -1 is still zero. */
+        if (BN_abs_is_word(m, 1)) {
+            ret = 1;
+            BN_zero(r);
+        } else {
+            ret = BN_one(r);
+        }
+        return ret;
+    }
+
+    BN_CTX_start(ctx);
+    d = BN_CTX_get(ctx);
+    val[0] = BN_CTX_get(ctx);
+    if (val[0] == NULL)
+        goto err;
+
+    if (!BN_nnmod(val[0], a, m, ctx))
+        goto err;               /* 1 */
+    if (BN_is_zero(val[0])) {
+        BN_zero(r);
+        ret = 1;
+        goto err;
+    }
+
+    window = BN_window_bits_for_exponent_size(bits);
+    if (window > 1) {
+        if (!BN_mod_mul(d, val[0], val[0], m, ctx))
+            goto err;           /* 2 */
+        j = 1 << (window - 1);
+        for (i = 1; i < j; i++) {
+            if (((val[i] = BN_CTX_get(ctx)) == NULL) ||
+                !BN_mod_mul(val[i], val[i - 1], d, m, ctx))
+                goto err;
+        }
+    }
+
+    start = 1;                  /* This is used to avoid multiplication etc
+                                 * when there is only the value '1' in the
+                                 * buffer. */
+    wvalue = 0;                 /* The 'value' of the window */
+    wstart = bits - 1;          /* The top bit of the window */
+    wend = 0;                   /* The bottom bit of the window */
+
+    if (!BN_one(r))
+        goto err;
+
+    for (;;) {
+        if (BN_is_bit_set(p, wstart) == 0) {
+            if (!start)
+                if (!BN_mod_mul(r, r, r, m, ctx))
+                    goto err;
+            if (wstart == 0)
+                break;
+            wstart--;
+            continue;
+        }
+        /*
+         * We now have wstart on a 'set' bit, we now need to work out how bit
+         * a window to do.  To do this we need to scan forward until the last
+         * set bit before the end of the window
+         */
+        j = wstart;
+        wvalue = 1;
+        wend = 0;
+        for (i = 1; i < window; i++) {
+            if (wstart - i < 0)
+                break;
+            if (BN_is_bit_set(p, wstart - i)) {
+                wvalue <<= (i - wend);
+                wvalue |= 1;
+                wend = i;
+            }
+        }
+
+        /* wend is the size of the current window */
+        j = wend + 1;
+        /* add the 'bytes above' */
+        if (!start)
+            for (i = 0; i < j; i++) {
+                if (!BN_mod_mul(r, r, r, m, ctx))
+                    goto err;
+            }
+
+        /* wvalue will be an odd number < 2^window */
+        if (!BN_mod_mul(r, r, val[wvalue >> 1], m, ctx))
+            goto err;
+
+        /* move the 'window' down further */
+        wstart -= wend + 1;
+        wvalue = 0;
+        start = 0;
+        if (wstart < 0)
+            break;
+    }
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    bn_check_top(r);
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_exp2.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_exp2.c
new file mode 100644
index 000000000..082c9286a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_exp2.c
@@ -0,0 +1,201 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "bn_lcl.h"
+
+#define TABLE_SIZE      32
+
+int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
+                     const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m,
+                     BN_CTX *ctx, BN_MONT_CTX *in_mont)
+{
+    int i, j, bits, b, bits1, bits2, ret =
+        0, wpos1, wpos2, window1, window2, wvalue1, wvalue2;
+    int r_is_one = 1;
+    BIGNUM *d, *r;
+    const BIGNUM *a_mod_m;
+    /* Tables of variables obtained from 'ctx' */
+    BIGNUM *val1[TABLE_SIZE], *val2[TABLE_SIZE];
+    BN_MONT_CTX *mont = NULL;
+
+    bn_check_top(a1);
+    bn_check_top(p1);
+    bn_check_top(a2);
+    bn_check_top(p2);
+    bn_check_top(m);
+
+    if (!(m->d[0] & 1)) {
+        BNerr(BN_F_BN_MOD_EXP2_MONT, BN_R_CALLED_WITH_EVEN_MODULUS);
+        return 0;
+    }
+    bits1 = BN_num_bits(p1);
+    bits2 = BN_num_bits(p2);
+    if ((bits1 == 0) && (bits2 == 0)) {
+        ret = BN_one(rr);
+        return ret;
+    }
+
+    bits = (bits1 > bits2) ? bits1 : bits2;
+
+    BN_CTX_start(ctx);
+    d = BN_CTX_get(ctx);
+    r = BN_CTX_get(ctx);
+    val1[0] = BN_CTX_get(ctx);
+    val2[0] = BN_CTX_get(ctx);
+    if (val2[0] == NULL)
+        goto err;
+
+    if (in_mont != NULL)
+        mont = in_mont;
+    else {
+        if ((mont = BN_MONT_CTX_new()) == NULL)
+            goto err;
+        if (!BN_MONT_CTX_set(mont, m, ctx))
+            goto err;
+    }
+
+    window1 = BN_window_bits_for_exponent_size(bits1);
+    window2 = BN_window_bits_for_exponent_size(bits2);
+
+    /*
+     * Build table for a1:   val1[i] := a1^(2*i + 1) mod m  for i = 0 .. 2^(window1-1)
+     */
+    if (a1->neg || BN_ucmp(a1, m) >= 0) {
+        if (!BN_mod(val1[0], a1, m, ctx))
+            goto err;
+        a_mod_m = val1[0];
+    } else
+        a_mod_m = a1;
+    if (BN_is_zero(a_mod_m)) {
+        BN_zero(rr);
+        ret = 1;
+        goto err;
+    }
+
+    if (!BN_to_montgomery(val1[0], a_mod_m, mont, ctx))
+        goto err;
+    if (window1 > 1) {
+        if (!BN_mod_mul_montgomery(d, val1[0], val1[0], mont, ctx))
+            goto err;
+
+        j = 1 << (window1 - 1);
+        for (i = 1; i < j; i++) {
+            if (((val1[i] = BN_CTX_get(ctx)) == NULL) ||
+                !BN_mod_mul_montgomery(val1[i], val1[i - 1], d, mont, ctx))
+                goto err;
+        }
+    }
+
+    /*
+     * Build table for a2:   val2[i] := a2^(2*i + 1) mod m  for i = 0 .. 2^(window2-1)
+     */
+    if (a2->neg || BN_ucmp(a2, m) >= 0) {
+        if (!BN_mod(val2[0], a2, m, ctx))
+            goto err;
+        a_mod_m = val2[0];
+    } else
+        a_mod_m = a2;
+    if (BN_is_zero(a_mod_m)) {
+        BN_zero(rr);
+        ret = 1;
+        goto err;
+    }
+    if (!BN_to_montgomery(val2[0], a_mod_m, mont, ctx))
+        goto err;
+    if (window2 > 1) {
+        if (!BN_mod_mul_montgomery(d, val2[0], val2[0], mont, ctx))
+            goto err;
+
+        j = 1 << (window2 - 1);
+        for (i = 1; i < j; i++) {
+            if (((val2[i] = BN_CTX_get(ctx)) == NULL) ||
+                !BN_mod_mul_montgomery(val2[i], val2[i - 1], d, mont, ctx))
+                goto err;
+        }
+    }
+
+    /* Now compute the power product, using independent windows. */
+    r_is_one = 1;
+    wvalue1 = 0;                /* The 'value' of the first window */
+    wvalue2 = 0;                /* The 'value' of the second window */
+    wpos1 = 0;                  /* If wvalue1 > 0, the bottom bit of the
+                                 * first window */
+    wpos2 = 0;                  /* If wvalue2 > 0, the bottom bit of the
+                                 * second window */
+
+    if (!BN_to_montgomery(r, BN_value_one(), mont, ctx))
+        goto err;
+    for (b = bits - 1; b >= 0; b--) {
+        if (!r_is_one) {
+            if (!BN_mod_mul_montgomery(r, r, r, mont, ctx))
+                goto err;
+        }
+
+        if (!wvalue1)
+            if (BN_is_bit_set(p1, b)) {
+                /*
+                 * consider bits b-window1+1 .. b for this window
+                 */
+                i = b - window1 + 1;
+                while (!BN_is_bit_set(p1, i)) /* works for i<0 */
+                    i++;
+                wpos1 = i;
+                wvalue1 = 1;
+                for (i = b - 1; i >= wpos1; i--) {
+                    wvalue1 <<= 1;
+                    if (BN_is_bit_set(p1, i))
+                        wvalue1++;
+                }
+            }
+
+        if (!wvalue2)
+            if (BN_is_bit_set(p2, b)) {
+                /*
+                 * consider bits b-window2+1 .. b for this window
+                 */
+                i = b - window2 + 1;
+                while (!BN_is_bit_set(p2, i))
+                    i++;
+                wpos2 = i;
+                wvalue2 = 1;
+                for (i = b - 1; i >= wpos2; i--) {
+                    wvalue2 <<= 1;
+                    if (BN_is_bit_set(p2, i))
+                        wvalue2++;
+                }
+            }
+
+        if (wvalue1 && b == wpos1) {
+            /* wvalue1 is odd and < 2^window1 */
+            if (!BN_mod_mul_montgomery(r, r, val1[wvalue1 >> 1], mont, ctx))
+                goto err;
+            wvalue1 = 0;
+            r_is_one = 0;
+        }
+
+        if (wvalue2 && b == wpos2) {
+            /* wvalue2 is odd and < 2^window2 */
+            if (!BN_mod_mul_montgomery(r, r, val2[wvalue2 >> 1], mont, ctx))
+                goto err;
+            wvalue2 = 0;
+            r_is_one = 0;
+        }
+    }
+    if (!BN_from_montgomery(rr, r, mont, ctx))
+        goto err;
+    ret = 1;
+ err:
+    if (in_mont == NULL)
+        BN_MONT_CTX_free(mont);
+    BN_CTX_end(ctx);
+    bn_check_top(rr);
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_gcd.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_gcd.c
new file mode 100644
index 000000000..0091ea4e0
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_gcd.c
@@ -0,0 +1,623 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include "bn_lcl.h"
+
+static BIGNUM *euclid(BIGNUM *a, BIGNUM *b);
+
+int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx)
+{
+    BIGNUM *a, *b, *t;
+    int ret = 0;
+
+    bn_check_top(in_a);
+    bn_check_top(in_b);
+
+    BN_CTX_start(ctx);
+    a = BN_CTX_get(ctx);
+    b = BN_CTX_get(ctx);
+    if (b == NULL)
+        goto err;
+
+    if (BN_copy(a, in_a) == NULL)
+        goto err;
+    if (BN_copy(b, in_b) == NULL)
+        goto err;
+    a->neg = 0;
+    b->neg = 0;
+
+    if (BN_cmp(a, b) < 0) {
+        t = a;
+        a = b;
+        b = t;
+    }
+    t = euclid(a, b);
+    if (t == NULL)
+        goto err;
+
+    if (BN_copy(r, t) == NULL)
+        goto err;
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    bn_check_top(r);
+    return ret;
+}
+
+static BIGNUM *euclid(BIGNUM *a, BIGNUM *b)
+{
+    BIGNUM *t;
+    int shifts = 0;
+
+    bn_check_top(a);
+    bn_check_top(b);
+
+    /* 0 <= b <= a */
+    while (!BN_is_zero(b)) {
+        /* 0 < b <= a */
+
+        if (BN_is_odd(a)) {
+            if (BN_is_odd(b)) {
+                if (!BN_sub(a, a, b))
+                    goto err;
+                if (!BN_rshift1(a, a))
+                    goto err;
+                if (BN_cmp(a, b) < 0) {
+                    t = a;
+                    a = b;
+                    b = t;
+                }
+            } else {            /* a odd - b even */
+
+                if (!BN_rshift1(b, b))
+                    goto err;
+                if (BN_cmp(a, b) < 0) {
+                    t = a;
+                    a = b;
+                    b = t;
+                }
+            }
+        } else {                /* a is even */
+
+            if (BN_is_odd(b)) {
+                if (!BN_rshift1(a, a))
+                    goto err;
+                if (BN_cmp(a, b) < 0) {
+                    t = a;
+                    a = b;
+                    b = t;
+                }
+            } else {            /* a even - b even */
+
+                if (!BN_rshift1(a, a))
+                    goto err;
+                if (!BN_rshift1(b, b))
+                    goto err;
+                shifts++;
+            }
+        }
+        /* 0 <= b <= a */
+    }
+
+    if (shifts) {
+        if (!BN_lshift(a, a, shifts))
+            goto err;
+    }
+    bn_check_top(a);
+    return a;
+ err:
+    return NULL;
+}
+
+/* solves ax == 1 (mod n) */
+static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
+                                        const BIGNUM *a, const BIGNUM *n,
+                                        BN_CTX *ctx);
+
+BIGNUM *BN_mod_inverse(BIGNUM *in,
+                       const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
+{
+    BIGNUM *rv;
+    int noinv;
+    rv = int_bn_mod_inverse(in, a, n, ctx, &noinv);
+    if (noinv)
+        BNerr(BN_F_BN_MOD_INVERSE, BN_R_NO_INVERSE);
+    return rv;
+}
+
+BIGNUM *int_bn_mod_inverse(BIGNUM *in,
+                           const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx,
+                           int *pnoinv)
+{
+    BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL;
+    BIGNUM *ret = NULL;
+    int sign;
+
+    /* This is invalid input so we don't worry about constant time here */
+    if (BN_abs_is_word(n, 1) || BN_is_zero(n)) {
+        if (pnoinv != NULL)
+            *pnoinv = 1;
+        return NULL;
+    }
+
+    if (pnoinv != NULL)
+        *pnoinv = 0;
+
+    if ((BN_get_flags(a, BN_FLG_CONSTTIME) != 0)
+        || (BN_get_flags(n, BN_FLG_CONSTTIME) != 0)) {
+        return BN_mod_inverse_no_branch(in, a, n, ctx);
+    }
+
+    bn_check_top(a);
+    bn_check_top(n);
+
+    BN_CTX_start(ctx);
+    A = BN_CTX_get(ctx);
+    B = BN_CTX_get(ctx);
+    X = BN_CTX_get(ctx);
+    D = BN_CTX_get(ctx);
+    M = BN_CTX_get(ctx);
+    Y = BN_CTX_get(ctx);
+    T = BN_CTX_get(ctx);
+    if (T == NULL)
+        goto err;
+
+    if (in == NULL)
+        R = BN_new();
+    else
+        R = in;
+    if (R == NULL)
+        goto err;
+
+    BN_one(X);
+    BN_zero(Y);
+    if (BN_copy(B, a) == NULL)
+        goto err;
+    if (BN_copy(A, n) == NULL)
+        goto err;
+    A->neg = 0;
+    if (B->neg || (BN_ucmp(B, A) >= 0)) {
+        if (!BN_nnmod(B, B, A, ctx))
+            goto err;
+    }
+    sign = -1;
+    /*-
+     * From  B = a mod |n|,  A = |n|  it follows that
+     *
+     *      0 <= B < A,
+     *     -sign*X*a  ==  B   (mod |n|),
+     *      sign*Y*a  ==  A   (mod |n|).
+     */
+
+    if (BN_is_odd(n) && (BN_num_bits(n) <= 2048)) {
+        /*
+         * Binary inversion algorithm; requires odd modulus. This is faster
+         * than the general algorithm if the modulus is sufficiently small
+         * (about 400 .. 500 bits on 32-bit systems, but much more on 64-bit
+         * systems)
+         */
+        int shift;
+
+        while (!BN_is_zero(B)) {
+            /*-
+             *      0 < B < |n|,
+             *      0 < A <= |n|,
+             * (1) -sign*X*a  ==  B   (mod |n|),
+             * (2)  sign*Y*a  ==  A   (mod |n|)
+             */
+
+            /*
+             * Now divide B by the maximum possible power of two in the
+             * integers, and divide X by the same value mod |n|. When we're
+             * done, (1) still holds.
+             */
+            shift = 0;
+            while (!BN_is_bit_set(B, shift)) { /* note that 0 < B */
+                shift++;
+
+                if (BN_is_odd(X)) {
+                    if (!BN_uadd(X, X, n))
+                        goto err;
+                }
+                /*
+                 * now X is even, so we can easily divide it by two
+                 */
+                if (!BN_rshift1(X, X))
+                    goto err;
+            }
+            if (shift > 0) {
+                if (!BN_rshift(B, B, shift))
+                    goto err;
+            }
+
+            /*
+             * Same for A and Y.  Afterwards, (2) still holds.
+             */
+            shift = 0;
+            while (!BN_is_bit_set(A, shift)) { /* note that 0 < A */
+                shift++;
+
+                if (BN_is_odd(Y)) {
+                    if (!BN_uadd(Y, Y, n))
+                        goto err;
+                }
+                /* now Y is even */
+                if (!BN_rshift1(Y, Y))
+                    goto err;
+            }
+            if (shift > 0) {
+                if (!BN_rshift(A, A, shift))
+                    goto err;
+            }
+
+            /*-
+             * We still have (1) and (2).
+             * Both  A  and  B  are odd.
+             * The following computations ensure that
+             *
+             *     0 <= B < |n|,
+             *      0 < A < |n|,
+             * (1) -sign*X*a  ==  B   (mod |n|),
+             * (2)  sign*Y*a  ==  A   (mod |n|),
+             *
+             * and that either  A  or  B  is even in the next iteration.
+             */
+            if (BN_ucmp(B, A) >= 0) {
+                /* -sign*(X + Y)*a == B - A  (mod |n|) */
+                if (!BN_uadd(X, X, Y))
+                    goto err;
+                /*
+                 * NB: we could use BN_mod_add_quick(X, X, Y, n), but that
+                 * actually makes the algorithm slower
+                 */
+                if (!BN_usub(B, B, A))
+                    goto err;
+            } else {
+                /*  sign*(X + Y)*a == A - B  (mod |n|) */
+                if (!BN_uadd(Y, Y, X))
+                    goto err;
+                /*
+                 * as above, BN_mod_add_quick(Y, Y, X, n) would slow things down
+                 */
+                if (!BN_usub(A, A, B))
+                    goto err;
+            }
+        }
+    } else {
+        /* general inversion algorithm */
+
+        while (!BN_is_zero(B)) {
+            BIGNUM *tmp;
+
+            /*-
+             *      0 < B < A,
+             * (*) -sign*X*a  ==  B   (mod |n|),
+             *      sign*Y*a  ==  A   (mod |n|)
+             */
+
+            /* (D, M) := (A/B, A%B) ... */
+            if (BN_num_bits(A) == BN_num_bits(B)) {
+                if (!BN_one(D))
+                    goto err;
+                if (!BN_sub(M, A, B))
+                    goto err;
+            } else if (BN_num_bits(A) == BN_num_bits(B) + 1) {
+                /* A/B is 1, 2, or 3 */
+                if (!BN_lshift1(T, B))
+                    goto err;
+                if (BN_ucmp(A, T) < 0) {
+                    /* A < 2*B, so D=1 */
+                    if (!BN_one(D))
+                        goto err;
+                    if (!BN_sub(M, A, B))
+                        goto err;
+                } else {
+                    /* A >= 2*B, so D=2 or D=3 */
+                    if (!BN_sub(M, A, T))
+                        goto err;
+                    if (!BN_add(D, T, B))
+                        goto err; /* use D (:= 3*B) as temp */
+                    if (BN_ucmp(A, D) < 0) {
+                        /* A < 3*B, so D=2 */
+                        if (!BN_set_word(D, 2))
+                            goto err;
+                        /*
+                         * M (= A - 2*B) already has the correct value
+                         */
+                    } else {
+                        /* only D=3 remains */
+                        if (!BN_set_word(D, 3))
+                            goto err;
+                        /*
+                         * currently M = A - 2*B, but we need M = A - 3*B
+                         */
+                        if (!BN_sub(M, M, B))
+                            goto err;
+                    }
+                }
+            } else {
+                if (!BN_div(D, M, A, B, ctx))
+                    goto err;
+            }
+
+            /*-
+             * Now
+             *      A = D*B + M;
+             * thus we have
+             * (**)  sign*Y*a  ==  D*B + M   (mod |n|).
+             */
+
+            tmp = A;    /* keep the BIGNUM object, the value does not matter */
+
+            /* (A, B) := (B, A mod B) ... */
+            A = B;
+            B = M;
+            /* ... so we have  0 <= B < A  again */
+
+            /*-
+             * Since the former  M  is now  B  and the former  B  is now  A,
+             * (**) translates into
+             *       sign*Y*a  ==  D*A + B    (mod |n|),
+             * i.e.
+             *       sign*Y*a - D*A  ==  B    (mod |n|).
+             * Similarly, (*) translates into
+             *      -sign*X*a  ==  A          (mod |n|).
+             *
+             * Thus,
+             *   sign*Y*a + D*sign*X*a  ==  B  (mod |n|),
+             * i.e.
+             *        sign*(Y + D*X)*a  ==  B  (mod |n|).
+             *
+             * So if we set  (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at
+             *      -sign*X*a  ==  B   (mod |n|),
+             *       sign*Y*a  ==  A   (mod |n|).
+             * Note that  X  and  Y  stay non-negative all the time.
+             */
+
+            /*
+             * most of the time D is very small, so we can optimize tmp := D*X+Y
+             */
+            if (BN_is_one(D)) {
+                if (!BN_add(tmp, X, Y))
+                    goto err;
+            } else {
+                if (BN_is_word(D, 2)) {
+                    if (!BN_lshift1(tmp, X))
+                        goto err;
+                } else if (BN_is_word(D, 4)) {
+                    if (!BN_lshift(tmp, X, 2))
+                        goto err;
+                } else if (D->top == 1) {
+                    if (!BN_copy(tmp, X))
+                        goto err;
+                    if (!BN_mul_word(tmp, D->d[0]))
+                        goto err;
+                } else {
+                    if (!BN_mul(tmp, D, X, ctx))
+                        goto err;
+                }
+                if (!BN_add(tmp, tmp, Y))
+                    goto err;
+            }
+
+            M = Y;      /* keep the BIGNUM object, the value does not matter */
+            Y = X;
+            X = tmp;
+            sign = -sign;
+        }
+    }
+
+    /*-
+     * The while loop (Euclid's algorithm) ends when
+     *      A == gcd(a,n);
+     * we have
+     *       sign*Y*a  ==  A  (mod |n|),
+     * where  Y  is non-negative.
+     */
+
+    if (sign < 0) {
+        if (!BN_sub(Y, n, Y))
+            goto err;
+    }
+    /* Now  Y*a  ==  A  (mod |n|).  */
+
+    if (BN_is_one(A)) {
+        /* Y*a == 1  (mod |n|) */
+        if (!Y->neg && BN_ucmp(Y, n) < 0) {
+            if (!BN_copy(R, Y))
+                goto err;
+        } else {
+            if (!BN_nnmod(R, Y, n, ctx))
+                goto err;
+        }
+    } else {
+        if (pnoinv)
+            *pnoinv = 1;
+        goto err;
+    }
+    ret = R;
+ err:
+    if ((ret == NULL) && (in == NULL))
+        BN_free(R);
+    BN_CTX_end(ctx);
+    bn_check_top(ret);
+    return ret;
+}
+
+/*
+ * BN_mod_inverse_no_branch is a special version of BN_mod_inverse. It does
+ * not contain branches that may leak sensitive information.
+ */
+static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
+                                        const BIGNUM *a, const BIGNUM *n,
+                                        BN_CTX *ctx)
+{
+    BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL;
+    BIGNUM *ret = NULL;
+    int sign;
+
+    bn_check_top(a);
+    bn_check_top(n);
+
+    BN_CTX_start(ctx);
+    A = BN_CTX_get(ctx);
+    B = BN_CTX_get(ctx);
+    X = BN_CTX_get(ctx);
+    D = BN_CTX_get(ctx);
+    M = BN_CTX_get(ctx);
+    Y = BN_CTX_get(ctx);
+    T = BN_CTX_get(ctx);
+    if (T == NULL)
+        goto err;
+
+    if (in == NULL)
+        R = BN_new();
+    else
+        R = in;
+    if (R == NULL)
+        goto err;
+
+    BN_one(X);
+    BN_zero(Y);
+    if (BN_copy(B, a) == NULL)
+        goto err;
+    if (BN_copy(A, n) == NULL)
+        goto err;
+    A->neg = 0;
+
+    if (B->neg || (BN_ucmp(B, A) >= 0)) {
+        /*
+         * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked,
+         * BN_div_no_branch will be called eventually.
+         */
+         {
+            BIGNUM local_B;
+            bn_init(&local_B);
+            BN_with_flags(&local_B, B, BN_FLG_CONSTTIME);
+            if (!BN_nnmod(B, &local_B, A, ctx))
+                goto err;
+            /* Ensure local_B goes out of scope before any further use of B */
+        }
+    }
+    sign = -1;
+    /*-
+     * From  B = a mod |n|,  A = |n|  it follows that
+     *
+     *      0 <= B < A,
+     *     -sign*X*a  ==  B   (mod |n|),
+     *      sign*Y*a  ==  A   (mod |n|).
+     */
+
+    while (!BN_is_zero(B)) {
+        BIGNUM *tmp;
+
+        /*-
+         *      0 < B < A,
+         * (*) -sign*X*a  ==  B   (mod |n|),
+         *      sign*Y*a  ==  A   (mod |n|)
+         */
+
+        /*
+         * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked,
+         * BN_div_no_branch will be called eventually.
+         */
+        {
+            BIGNUM local_A;
+            bn_init(&local_A);
+            BN_with_flags(&local_A, A, BN_FLG_CONSTTIME);
+
+            /* (D, M) := (A/B, A%B) ... */
+            if (!BN_div(D, M, &local_A, B, ctx))
+                goto err;
+            /* Ensure local_A goes out of scope before any further use of A */
+        }
+
+        /*-
+         * Now
+         *      A = D*B + M;
+         * thus we have
+         * (**)  sign*Y*a  ==  D*B + M   (mod |n|).
+         */
+
+        tmp = A;                /* keep the BIGNUM object, the value does not
+                                 * matter */
+
+        /* (A, B) := (B, A mod B) ... */
+        A = B;
+        B = M;
+        /* ... so we have  0 <= B < A  again */
+
+        /*-
+         * Since the former  M  is now  B  and the former  B  is now  A,
+         * (**) translates into
+         *       sign*Y*a  ==  D*A + B    (mod |n|),
+         * i.e.
+         *       sign*Y*a - D*A  ==  B    (mod |n|).
+         * Similarly, (*) translates into
+         *      -sign*X*a  ==  A          (mod |n|).
+         *
+         * Thus,
+         *   sign*Y*a + D*sign*X*a  ==  B  (mod |n|),
+         * i.e.
+         *        sign*(Y + D*X)*a  ==  B  (mod |n|).
+         *
+         * So if we set  (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at
+         *      -sign*X*a  ==  B   (mod |n|),
+         *       sign*Y*a  ==  A   (mod |n|).
+         * Note that  X  and  Y  stay non-negative all the time.
+         */
+
+        if (!BN_mul(tmp, D, X, ctx))
+            goto err;
+        if (!BN_add(tmp, tmp, Y))
+            goto err;
+
+        M = Y;                  /* keep the BIGNUM object, the value does not
+                                 * matter */
+        Y = X;
+        X = tmp;
+        sign = -sign;
+    }
+
+    /*-
+     * The while loop (Euclid's algorithm) ends when
+     *      A == gcd(a,n);
+     * we have
+     *       sign*Y*a  ==  A  (mod |n|),
+     * where  Y  is non-negative.
+     */
+
+    if (sign < 0) {
+        if (!BN_sub(Y, n, Y))
+            goto err;
+    }
+    /* Now  Y*a  ==  A  (mod |n|).  */
+
+    if (BN_is_one(A)) {
+        /* Y*a == 1  (mod |n|) */
+        if (!Y->neg && BN_ucmp(Y, n) < 0) {
+            if (!BN_copy(R, Y))
+                goto err;
+        } else {
+            if (!BN_nnmod(R, Y, n, ctx))
+                goto err;
+        }
+    } else {
+        BNerr(BN_F_BN_MOD_INVERSE_NO_BRANCH, BN_R_NO_INVERSE);
+        goto err;
+    }
+    ret = R;
+ err:
+    if ((ret == NULL) && (in == NULL))
+        BN_free(R);
+    BN_CTX_end(ctx);
+    bn_check_top(ret);
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_gf2m.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_gf2m.c
new file mode 100644
index 000000000..34d8b69c1
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_gf2m.c
@@ -0,0 +1,1166 @@
+/*
+ * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <assert.h>
+#include <limits.h>
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "bn_lcl.h"
+
+#ifndef OPENSSL_NO_EC2M
+
+/*
+ * Maximum number of iterations before BN_GF2m_mod_solve_quad_arr should
+ * fail.
+ */
+# define MAX_ITERATIONS 50
+
+# define SQR_nibble(w)   ((((w) & 8) << 3) \
+                       |  (((w) & 4) << 2) \
+                       |  (((w) & 2) << 1) \
+                       |   ((w) & 1))
+
+
+/* Platform-specific macros to accelerate squaring. */
+# if defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
+#  define SQR1(w) \
+    SQR_nibble((w) >> 60) << 56 | SQR_nibble((w) >> 56) << 48 | \
+    SQR_nibble((w) >> 52) << 40 | SQR_nibble((w) >> 48) << 32 | \
+    SQR_nibble((w) >> 44) << 24 | SQR_nibble((w) >> 40) << 16 | \
+    SQR_nibble((w) >> 36) <<  8 | SQR_nibble((w) >> 32)
+#  define SQR0(w) \
+    SQR_nibble((w) >> 28) << 56 | SQR_nibble((w) >> 24) << 48 | \
+    SQR_nibble((w) >> 20) << 40 | SQR_nibble((w) >> 16) << 32 | \
+    SQR_nibble((w) >> 12) << 24 | SQR_nibble((w) >>  8) << 16 | \
+    SQR_nibble((w) >>  4) <<  8 | SQR_nibble((w)      )
+# endif
+# ifdef THIRTY_TWO_BIT
+#  define SQR1(w) \
+    SQR_nibble((w) >> 28) << 24 | SQR_nibble((w) >> 24) << 16 | \
+    SQR_nibble((w) >> 20) <<  8 | SQR_nibble((w) >> 16)
+#  define SQR0(w) \
+    SQR_nibble((w) >> 12) << 24 | SQR_nibble((w) >>  8) << 16 | \
+    SQR_nibble((w) >>  4) <<  8 | SQR_nibble((w)      )
+# endif
+
+# if !defined(OPENSSL_BN_ASM_GF2m)
+/*
+ * Product of two polynomials a, b each with degree < BN_BITS2 - 1, result is
+ * a polynomial r with degree < 2 * BN_BITS - 1 The caller MUST ensure that
+ * the variables have the right amount of space allocated.
+ */
+#  ifdef THIRTY_TWO_BIT
+static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a,
+                            const BN_ULONG b)
+{
+    register BN_ULONG h, l, s;
+    BN_ULONG tab[8], top2b = a >> 30;
+    register BN_ULONG a1, a2, a4;
+
+    a1 = a & (0x3FFFFFFF);
+    a2 = a1 << 1;
+    a4 = a2 << 1;
+
+    tab[0] = 0;
+    tab[1] = a1;
+    tab[2] = a2;
+    tab[3] = a1 ^ a2;
+    tab[4] = a4;
+    tab[5] = a1 ^ a4;
+    tab[6] = a2 ^ a4;
+    tab[7] = a1 ^ a2 ^ a4;
+
+    s = tab[b & 0x7];
+    l = s;
+    s = tab[b >> 3 & 0x7];
+    l ^= s << 3;
+    h = s >> 29;
+    s = tab[b >> 6 & 0x7];
+    l ^= s << 6;
+    h ^= s >> 26;
+    s = tab[b >> 9 & 0x7];
+    l ^= s << 9;
+    h ^= s >> 23;
+    s = tab[b >> 12 & 0x7];
+    l ^= s << 12;
+    h ^= s >> 20;
+    s = tab[b >> 15 & 0x7];
+    l ^= s << 15;
+    h ^= s >> 17;
+    s = tab[b >> 18 & 0x7];
+    l ^= s << 18;
+    h ^= s >> 14;
+    s = tab[b >> 21 & 0x7];
+    l ^= s << 21;
+    h ^= s >> 11;
+    s = tab[b >> 24 & 0x7];
+    l ^= s << 24;
+    h ^= s >> 8;
+    s = tab[b >> 27 & 0x7];
+    l ^= s << 27;
+    h ^= s >> 5;
+    s = tab[b >> 30];
+    l ^= s << 30;
+    h ^= s >> 2;
+
+    /* compensate for the top two bits of a */
+
+    if (top2b & 01) {
+        l ^= b << 30;
+        h ^= b >> 2;
+    }
+    if (top2b & 02) {
+        l ^= b << 31;
+        h ^= b >> 1;
+    }
+
+    *r1 = h;
+    *r0 = l;
+}
+#  endif
+#  if defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
+static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a,
+                            const BN_ULONG b)
+{
+    register BN_ULONG h, l, s;
+    BN_ULONG tab[16], top3b = a >> 61;
+    register BN_ULONG a1, a2, a4, a8;
+
+    a1 = a & (0x1FFFFFFFFFFFFFFFULL);
+    a2 = a1 << 1;
+    a4 = a2 << 1;
+    a8 = a4 << 1;
+
+    tab[0] = 0;
+    tab[1] = a1;
+    tab[2] = a2;
+    tab[3] = a1 ^ a2;
+    tab[4] = a4;
+    tab[5] = a1 ^ a4;
+    tab[6] = a2 ^ a4;
+    tab[7] = a1 ^ a2 ^ a4;
+    tab[8] = a8;
+    tab[9] = a1 ^ a8;
+    tab[10] = a2 ^ a8;
+    tab[11] = a1 ^ a2 ^ a8;
+    tab[12] = a4 ^ a8;
+    tab[13] = a1 ^ a4 ^ a8;
+    tab[14] = a2 ^ a4 ^ a8;
+    tab[15] = a1 ^ a2 ^ a4 ^ a8;
+
+    s = tab[b & 0xF];
+    l = s;
+    s = tab[b >> 4 & 0xF];
+    l ^= s << 4;
+    h = s >> 60;
+    s = tab[b >> 8 & 0xF];
+    l ^= s << 8;
+    h ^= s >> 56;
+    s = tab[b >> 12 & 0xF];
+    l ^= s << 12;
+    h ^= s >> 52;
+    s = tab[b >> 16 & 0xF];
+    l ^= s << 16;
+    h ^= s >> 48;
+    s = tab[b >> 20 & 0xF];
+    l ^= s << 20;
+    h ^= s >> 44;
+    s = tab[b >> 24 & 0xF];
+    l ^= s << 24;
+    h ^= s >> 40;
+    s = tab[b >> 28 & 0xF];
+    l ^= s << 28;
+    h ^= s >> 36;
+    s = tab[b >> 32 & 0xF];
+    l ^= s << 32;
+    h ^= s >> 32;
+    s = tab[b >> 36 & 0xF];
+    l ^= s << 36;
+    h ^= s >> 28;
+    s = tab[b >> 40 & 0xF];
+    l ^= s << 40;
+    h ^= s >> 24;
+    s = tab[b >> 44 & 0xF];
+    l ^= s << 44;
+    h ^= s >> 20;
+    s = tab[b >> 48 & 0xF];
+    l ^= s << 48;
+    h ^= s >> 16;
+    s = tab[b >> 52 & 0xF];
+    l ^= s << 52;
+    h ^= s >> 12;
+    s = tab[b >> 56 & 0xF];
+    l ^= s << 56;
+    h ^= s >> 8;
+    s = tab[b >> 60];
+    l ^= s << 60;
+    h ^= s >> 4;
+
+    /* compensate for the top three bits of a */
+
+    if (top3b & 01) {
+        l ^= b << 61;
+        h ^= b >> 3;
+    }
+    if (top3b & 02) {
+        l ^= b << 62;
+        h ^= b >> 2;
+    }
+    if (top3b & 04) {
+        l ^= b << 63;
+        h ^= b >> 1;
+    }
+
+    *r1 = h;
+    *r0 = l;
+}
+#  endif
+
+/*
+ * Product of two polynomials a, b each with degree < 2 * BN_BITS2 - 1,
+ * result is a polynomial r with degree < 4 * BN_BITS2 - 1 The caller MUST
+ * ensure that the variables have the right amount of space allocated.
+ */
+static void bn_GF2m_mul_2x2(BN_ULONG *r, const BN_ULONG a1, const BN_ULONG a0,
+                            const BN_ULONG b1, const BN_ULONG b0)
+{
+    BN_ULONG m1, m0;
+    /* r[3] = h1, r[2] = h0; r[1] = l1; r[0] = l0 */
+    bn_GF2m_mul_1x1(r + 3, r + 2, a1, b1);
+    bn_GF2m_mul_1x1(r + 1, r, a0, b0);
+    bn_GF2m_mul_1x1(&m1, &m0, a0 ^ a1, b0 ^ b1);
+    /* Correction on m1 ^= l1 ^ h1; m0 ^= l0 ^ h0; */
+    r[2] ^= m1 ^ r[1] ^ r[3];   /* h0 ^= m1 ^ l1 ^ h1; */
+    r[1] = r[3] ^ r[2] ^ r[0] ^ m1 ^ m0; /* l1 ^= l0 ^ h0 ^ m0; */
+}
+# else
+void bn_GF2m_mul_2x2(BN_ULONG *r, BN_ULONG a1, BN_ULONG a0, BN_ULONG b1,
+                     BN_ULONG b0);
+# endif
+
+/*
+ * Add polynomials a and b and store result in r; r could be a or b, a and b
+ * could be equal; r is the bitwise XOR of a and b.
+ */
+int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+{
+    int i;
+    const BIGNUM *at, *bt;
+
+    bn_check_top(a);
+    bn_check_top(b);
+
+    if (a->top < b->top) {
+        at = b;
+        bt = a;
+    } else {
+        at = a;
+        bt = b;
+    }
+
+    if (bn_wexpand(r, at->top) == NULL)
+        return 0;
+
+    for (i = 0; i < bt->top; i++) {
+        r->d[i] = at->d[i] ^ bt->d[i];
+    }
+    for (; i < at->top; i++) {
+        r->d[i] = at->d[i];
+    }
+
+    r->top = at->top;
+    bn_correct_top(r);
+
+    return 1;
+}
+
+/*-
+ * Some functions allow for representation of the irreducible polynomials
+ * as an int[], say p.  The irreducible f(t) is then of the form:
+ *     t^p[0] + t^p[1] + ... + t^p[k]
+ * where m = p[0] > p[1] > ... > p[k] = 0.
+ */
+
+/* Performs modular reduction of a and store result in r.  r could be a. */
+int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[])
+{
+    int j, k;
+    int n, dN, d0, d1;
+    BN_ULONG zz, *z;
+
+    bn_check_top(a);
+
+    if (!p[0]) {
+        /* reduction mod 1 => return 0 */
+        BN_zero(r);
+        return 1;
+    }
+
+    /*
+     * Since the algorithm does reduction in the r value, if a != r, copy the
+     * contents of a into r so we can do reduction in r.
+     */
+    if (a != r) {
+        if (!bn_wexpand(r, a->top))
+            return 0;
+        for (j = 0; j < a->top; j++) {
+            r->d[j] = a->d[j];
+        }
+        r->top = a->top;
+    }
+    z = r->d;
+
+    /* start reduction */
+    dN = p[0] / BN_BITS2;
+    for (j = r->top - 1; j > dN;) {
+        zz = z[j];
+        if (z[j] == 0) {
+            j--;
+            continue;
+        }
+        z[j] = 0;
+
+        for (k = 1; p[k] != 0; k++) {
+            /* reducing component t^p[k] */
+            n = p[0] - p[k];
+            d0 = n % BN_BITS2;
+            d1 = BN_BITS2 - d0;
+            n /= BN_BITS2;
+            z[j - n] ^= (zz >> d0);
+            if (d0)
+                z[j - n - 1] ^= (zz << d1);
+        }
+
+        /* reducing component t^0 */
+        n = dN;
+        d0 = p[0] % BN_BITS2;
+        d1 = BN_BITS2 - d0;
+        z[j - n] ^= (zz >> d0);
+        if (d0)
+            z[j - n - 1] ^= (zz << d1);
+    }
+
+    /* final round of reduction */
+    while (j == dN) {
+
+        d0 = p[0] % BN_BITS2;
+        zz = z[dN] >> d0;
+        if (zz == 0)
+            break;
+        d1 = BN_BITS2 - d0;
+
+        /* clear up the top d1 bits */
+        if (d0)
+            z[dN] = (z[dN] << d1) >> d1;
+        else
+            z[dN] = 0;
+        z[0] ^= zz;             /* reduction t^0 component */
+
+        for (k = 1; p[k] != 0; k++) {
+            BN_ULONG tmp_ulong;
+
+            /* reducing component t^p[k] */
+            n = p[k] / BN_BITS2;
+            d0 = p[k] % BN_BITS2;
+            d1 = BN_BITS2 - d0;
+            z[n] ^= (zz << d0);
+            if (d0 && (tmp_ulong = zz >> d1))
+                z[n + 1] ^= tmp_ulong;
+        }
+
+    }
+
+    bn_correct_top(r);
+    return 1;
+}
+
+/*
+ * Performs modular reduction of a by p and store result in r.  r could be a.
+ * This function calls down to the BN_GF2m_mod_arr implementation; this wrapper
+ * function is only provided for convenience; for best performance, use the
+ * BN_GF2m_mod_arr function.
+ */
+int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p)
+{
+    int ret = 0;
+    int arr[6];
+    bn_check_top(a);
+    bn_check_top(p);
+    ret = BN_GF2m_poly2arr(p, arr, OSSL_NELEM(arr));
+    if (!ret || ret > (int)OSSL_NELEM(arr)) {
+        BNerr(BN_F_BN_GF2M_MOD, BN_R_INVALID_LENGTH);
+        return 0;
+    }
+    ret = BN_GF2m_mod_arr(r, a, arr);
+    bn_check_top(r);
+    return ret;
+}
+
+/*
+ * Compute the product of two polynomials a and b, reduce modulo p, and store
+ * the result in r.  r could be a or b; a could be b.
+ */
+int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                        const int p[], BN_CTX *ctx)
+{
+    int zlen, i, j, k, ret = 0;
+    BIGNUM *s;
+    BN_ULONG x1, x0, y1, y0, zz[4];
+
+    bn_check_top(a);
+    bn_check_top(b);
+
+    if (a == b) {
+        return BN_GF2m_mod_sqr_arr(r, a, p, ctx);
+    }
+
+    BN_CTX_start(ctx);
+    if ((s = BN_CTX_get(ctx)) == NULL)
+        goto err;
+
+    zlen = a->top + b->top + 4;
+    if (!bn_wexpand(s, zlen))
+        goto err;
+    s->top = zlen;
+
+    for (i = 0; i < zlen; i++)
+        s->d[i] = 0;
+
+    for (j = 0; j < b->top; j += 2) {
+        y0 = b->d[j];
+        y1 = ((j + 1) == b->top) ? 0 : b->d[j + 1];
+        for (i = 0; i < a->top; i += 2) {
+            x0 = a->d[i];
+            x1 = ((i + 1) == a->top) ? 0 : a->d[i + 1];
+            bn_GF2m_mul_2x2(zz, x1, x0, y1, y0);
+            for (k = 0; k < 4; k++)
+                s->d[i + j + k] ^= zz[k];
+        }
+    }
+
+    bn_correct_top(s);
+    if (BN_GF2m_mod_arr(r, s, p))
+        ret = 1;
+    bn_check_top(r);
+
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+/*
+ * Compute the product of two polynomials a and b, reduce modulo p, and store
+ * the result in r.  r could be a or b; a could equal b. This function calls
+ * down to the BN_GF2m_mod_mul_arr implementation; this wrapper function is
+ * only provided for convenience; for best performance, use the
+ * BN_GF2m_mod_mul_arr function.
+ */
+int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                    const BIGNUM *p, BN_CTX *ctx)
+{
+    int ret = 0;
+    const int max = BN_num_bits(p) + 1;
+    int *arr = NULL;
+    bn_check_top(a);
+    bn_check_top(b);
+    bn_check_top(p);
+    if ((arr = OPENSSL_malloc(sizeof(*arr) * max)) == NULL)
+        goto err;
+    ret = BN_GF2m_poly2arr(p, arr, max);
+    if (!ret || ret > max) {
+        BNerr(BN_F_BN_GF2M_MOD_MUL, BN_R_INVALID_LENGTH);
+        goto err;
+    }
+    ret = BN_GF2m_mod_mul_arr(r, a, b, arr, ctx);
+    bn_check_top(r);
+ err:
+    OPENSSL_free(arr);
+    return ret;
+}
+
+/* Square a, reduce the result mod p, and store it in a.  r could be a. */
+int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[],
+                        BN_CTX *ctx)
+{
+    int i, ret = 0;
+    BIGNUM *s;
+
+    bn_check_top(a);
+    BN_CTX_start(ctx);
+    if ((s = BN_CTX_get(ctx)) == NULL)
+        goto err;
+    if (!bn_wexpand(s, 2 * a->top))
+        goto err;
+
+    for (i = a->top - 1; i >= 0; i--) {
+        s->d[2 * i + 1] = SQR1(a->d[i]);
+        s->d[2 * i] = SQR0(a->d[i]);
+    }
+
+    s->top = 2 * a->top;
+    bn_correct_top(s);
+    if (!BN_GF2m_mod_arr(r, s, p))
+        goto err;
+    bn_check_top(r);
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+/*
+ * Square a, reduce the result mod p, and store it in a.  r could be a. This
+ * function calls down to the BN_GF2m_mod_sqr_arr implementation; this
+ * wrapper function is only provided for convenience; for best performance,
+ * use the BN_GF2m_mod_sqr_arr function.
+ */
+int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+{
+    int ret = 0;
+    const int max = BN_num_bits(p) + 1;
+    int *arr = NULL;
+
+    bn_check_top(a);
+    bn_check_top(p);
+    if ((arr = OPENSSL_malloc(sizeof(*arr) * max)) == NULL)
+        goto err;
+    ret = BN_GF2m_poly2arr(p, arr, max);
+    if (!ret || ret > max) {
+        BNerr(BN_F_BN_GF2M_MOD_SQR, BN_R_INVALID_LENGTH);
+        goto err;
+    }
+    ret = BN_GF2m_mod_sqr_arr(r, a, arr, ctx);
+    bn_check_top(r);
+ err:
+    OPENSSL_free(arr);
+    return ret;
+}
+
+/*
+ * Invert a, reduce modulo p, and store the result in r. r could be a. Uses
+ * Modified Almost Inverse Algorithm (Algorithm 10) from Hankerson, D.,
+ * Hernandez, J.L., and Menezes, A.  "Software Implementation of Elliptic
+ * Curve Cryptography Over Binary Fields".
+ */
+static int BN_GF2m_mod_inv_vartime(BIGNUM *r, const BIGNUM *a,
+                                   const BIGNUM *p, BN_CTX *ctx)
+{
+    BIGNUM *b, *c = NULL, *u = NULL, *v = NULL, *tmp;
+    int ret = 0;
+
+    bn_check_top(a);
+    bn_check_top(p);
+
+    BN_CTX_start(ctx);
+
+    b = BN_CTX_get(ctx);
+    c = BN_CTX_get(ctx);
+    u = BN_CTX_get(ctx);
+    v = BN_CTX_get(ctx);
+    if (v == NULL)
+        goto err;
+
+    if (!BN_GF2m_mod(u, a, p))
+        goto err;
+    if (BN_is_zero(u))
+        goto err;
+
+    if (!BN_copy(v, p))
+        goto err;
+# if 0
+    if (!BN_one(b))
+        goto err;
+
+    while (1) {
+        while (!BN_is_odd(u)) {
+            if (BN_is_zero(u))
+                goto err;
+            if (!BN_rshift1(u, u))
+                goto err;
+            if (BN_is_odd(b)) {
+                if (!BN_GF2m_add(b, b, p))
+                    goto err;
+            }
+            if (!BN_rshift1(b, b))
+                goto err;
+        }
+
+        if (BN_abs_is_word(u, 1))
+            break;
+
+        if (BN_num_bits(u) < BN_num_bits(v)) {
+            tmp = u;
+            u = v;
+            v = tmp;
+            tmp = b;
+            b = c;
+            c = tmp;
+        }
+
+        if (!BN_GF2m_add(u, u, v))
+            goto err;
+        if (!BN_GF2m_add(b, b, c))
+            goto err;
+    }
+# else
+    {
+        int i;
+        int ubits = BN_num_bits(u);
+        int vbits = BN_num_bits(v); /* v is copy of p */
+        int top = p->top;
+        BN_ULONG *udp, *bdp, *vdp, *cdp;
+
+        if (!bn_wexpand(u, top))
+            goto err;
+        udp = u->d;
+        for (i = u->top; i < top; i++)
+            udp[i] = 0;
+        u->top = top;
+        if (!bn_wexpand(b, top))
+          goto err;
+        bdp = b->d;
+        bdp[0] = 1;
+        for (i = 1; i < top; i++)
+            bdp[i] = 0;
+        b->top = top;
+        if (!bn_wexpand(c, top))
+          goto err;
+        cdp = c->d;
+        for (i = 0; i < top; i++)
+            cdp[i] = 0;
+        c->top = top;
+        vdp = v->d;             /* It pays off to "cache" *->d pointers,
+                                 * because it allows optimizer to be more
+                                 * aggressive. But we don't have to "cache"
+                                 * p->d, because *p is declared 'const'... */
+        while (1) {
+            while (ubits && !(udp[0] & 1)) {
+                BN_ULONG u0, u1, b0, b1, mask;
+
+                u0 = udp[0];
+                b0 = bdp[0];
+                mask = (BN_ULONG)0 - (b0 & 1);
+                b0 ^= p->d[0] & mask;
+                for (i = 0; i < top - 1; i++) {
+                    u1 = udp[i + 1];
+                    udp[i] = ((u0 >> 1) | (u1 << (BN_BITS2 - 1))) & BN_MASK2;
+                    u0 = u1;
+                    b1 = bdp[i + 1] ^ (p->d[i + 1] & mask);
+                    bdp[i] = ((b0 >> 1) | (b1 << (BN_BITS2 - 1))) & BN_MASK2;
+                    b0 = b1;
+                }
+                udp[i] = u0 >> 1;
+                bdp[i] = b0 >> 1;
+                ubits--;
+            }
+
+            if (ubits <= BN_BITS2) {
+                if (udp[0] == 0) /* poly was reducible */
+                    goto err;
+                if (udp[0] == 1)
+                    break;
+            }
+
+            if (ubits < vbits) {
+                i = ubits;
+                ubits = vbits;
+                vbits = i;
+                tmp = u;
+                u = v;
+                v = tmp;
+                tmp = b;
+                b = c;
+                c = tmp;
+                udp = vdp;
+                vdp = v->d;
+                bdp = cdp;
+                cdp = c->d;
+            }
+            for (i = 0; i < top; i++) {
+                udp[i] ^= vdp[i];
+                bdp[i] ^= cdp[i];
+            }
+            if (ubits == vbits) {
+                BN_ULONG ul;
+                int utop = (ubits - 1) / BN_BITS2;
+
+                while ((ul = udp[utop]) == 0 && utop)
+                    utop--;
+                ubits = utop * BN_BITS2 + BN_num_bits_word(ul);
+            }
+        }
+        bn_correct_top(b);
+    }
+# endif
+
+    if (!BN_copy(r, b))
+        goto err;
+    bn_check_top(r);
+    ret = 1;
+
+ err:
+# ifdef BN_DEBUG                /* BN_CTX_end would complain about the
+                                 * expanded form */
+    bn_correct_top(c);
+    bn_correct_top(u);
+    bn_correct_top(v);
+# endif
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+/*-
+ * Wrapper for BN_GF2m_mod_inv_vartime that blinds the input before calling.
+ * This is not constant time.
+ * But it does eliminate first order deduction on the input.
+ */
+int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+{
+    BIGNUM *b = NULL;
+    int ret = 0;
+
+    BN_CTX_start(ctx);
+    if ((b = BN_CTX_get(ctx)) == NULL)
+        goto err;
+
+    /* generate blinding value */
+    do {
+        if (!BN_priv_rand(b, BN_num_bits(p) - 1,
+                          BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY))
+            goto err;
+    } while (BN_is_zero(b));
+
+    /* r := a * b */
+    if (!BN_GF2m_mod_mul(r, a, b, p, ctx))
+        goto err;
+
+    /* r := 1/(a * b) */
+    if (!BN_GF2m_mod_inv_vartime(r, r, p, ctx))
+        goto err;
+
+    /* r := b/(a * b) = 1/a */
+    if (!BN_GF2m_mod_mul(r, r, b, p, ctx))
+        goto err;
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+/*
+ * Invert xx, reduce modulo p, and store the result in r. r could be xx.
+ * This function calls down to the BN_GF2m_mod_inv implementation; this
+ * wrapper function is only provided for convenience; for best performance,
+ * use the BN_GF2m_mod_inv function.
+ */
+int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *xx, const int p[],
+                        BN_CTX *ctx)
+{
+    BIGNUM *field;
+    int ret = 0;
+
+    bn_check_top(xx);
+    BN_CTX_start(ctx);
+    if ((field = BN_CTX_get(ctx)) == NULL)
+        goto err;
+    if (!BN_GF2m_arr2poly(p, field))
+        goto err;
+
+    ret = BN_GF2m_mod_inv(r, xx, field, ctx);
+    bn_check_top(r);
+
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+/*
+ * Divide y by x, reduce modulo p, and store the result in r. r could be x
+ * or y, x could equal y.
+ */
+int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x,
+                    const BIGNUM *p, BN_CTX *ctx)
+{
+    BIGNUM *xinv = NULL;
+    int ret = 0;
+
+    bn_check_top(y);
+    bn_check_top(x);
+    bn_check_top(p);
+
+    BN_CTX_start(ctx);
+    xinv = BN_CTX_get(ctx);
+    if (xinv == NULL)
+        goto err;
+
+    if (!BN_GF2m_mod_inv(xinv, x, p, ctx))
+        goto err;
+    if (!BN_GF2m_mod_mul(r, y, xinv, p, ctx))
+        goto err;
+    bn_check_top(r);
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+/*
+ * Divide yy by xx, reduce modulo p, and store the result in r. r could be xx
+ * * or yy, xx could equal yy. This function calls down to the
+ * BN_GF2m_mod_div implementation; this wrapper function is only provided for
+ * convenience; for best performance, use the BN_GF2m_mod_div function.
+ */
+int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *yy, const BIGNUM *xx,
+                        const int p[], BN_CTX *ctx)
+{
+    BIGNUM *field;
+    int ret = 0;
+
+    bn_check_top(yy);
+    bn_check_top(xx);
+
+    BN_CTX_start(ctx);
+    if ((field = BN_CTX_get(ctx)) == NULL)
+        goto err;
+    if (!BN_GF2m_arr2poly(p, field))
+        goto err;
+
+    ret = BN_GF2m_mod_div(r, yy, xx, field, ctx);
+    bn_check_top(r);
+
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+/*
+ * Compute the bth power of a, reduce modulo p, and store the result in r.  r
+ * could be a. Uses simple square-and-multiply algorithm A.5.1 from IEEE
+ * P1363.
+ */
+int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                        const int p[], BN_CTX *ctx)
+{
+    int ret = 0, i, n;
+    BIGNUM *u;
+
+    bn_check_top(a);
+    bn_check_top(b);
+
+    if (BN_is_zero(b))
+        return BN_one(r);
+
+    if (BN_abs_is_word(b, 1))
+        return (BN_copy(r, a) != NULL);
+
+    BN_CTX_start(ctx);
+    if ((u = BN_CTX_get(ctx)) == NULL)
+        goto err;
+
+    if (!BN_GF2m_mod_arr(u, a, p))
+        goto err;
+
+    n = BN_num_bits(b) - 1;
+    for (i = n - 1; i >= 0; i--) {
+        if (!BN_GF2m_mod_sqr_arr(u, u, p, ctx))
+            goto err;
+        if (BN_is_bit_set(b, i)) {
+            if (!BN_GF2m_mod_mul_arr(u, u, a, p, ctx))
+                goto err;
+        }
+    }
+    if (!BN_copy(r, u))
+        goto err;
+    bn_check_top(r);
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+/*
+ * Compute the bth power of a, reduce modulo p, and store the result in r.  r
+ * could be a. This function calls down to the BN_GF2m_mod_exp_arr
+ * implementation; this wrapper function is only provided for convenience;
+ * for best performance, use the BN_GF2m_mod_exp_arr function.
+ */
+int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                    const BIGNUM *p, BN_CTX *ctx)
+{
+    int ret = 0;
+    const int max = BN_num_bits(p) + 1;
+    int *arr = NULL;
+    bn_check_top(a);
+    bn_check_top(b);
+    bn_check_top(p);
+    if ((arr = OPENSSL_malloc(sizeof(*arr) * max)) == NULL)
+        goto err;
+    ret = BN_GF2m_poly2arr(p, arr, max);
+    if (!ret || ret > max) {
+        BNerr(BN_F_BN_GF2M_MOD_EXP, BN_R_INVALID_LENGTH);
+        goto err;
+    }
+    ret = BN_GF2m_mod_exp_arr(r, a, b, arr, ctx);
+    bn_check_top(r);
+ err:
+    OPENSSL_free(arr);
+    return ret;
+}
+
+/*
+ * Compute the square root of a, reduce modulo p, and store the result in r.
+ * r could be a. Uses exponentiation as in algorithm A.4.1 from IEEE P1363.
+ */
+int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, const int p[],
+                         BN_CTX *ctx)
+{
+    int ret = 0;
+    BIGNUM *u;
+
+    bn_check_top(a);
+
+    if (!p[0]) {
+        /* reduction mod 1 => return 0 */
+        BN_zero(r);
+        return 1;
+    }
+
+    BN_CTX_start(ctx);
+    if ((u = BN_CTX_get(ctx)) == NULL)
+        goto err;
+
+    if (!BN_set_bit(u, p[0] - 1))
+        goto err;
+    ret = BN_GF2m_mod_exp_arr(r, a, u, p, ctx);
+    bn_check_top(r);
+
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+/*
+ * Compute the square root of a, reduce modulo p, and store the result in r.
+ * r could be a. This function calls down to the BN_GF2m_mod_sqrt_arr
+ * implementation; this wrapper function is only provided for convenience;
+ * for best performance, use the BN_GF2m_mod_sqrt_arr function.
+ */
+int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+{
+    int ret = 0;
+    const int max = BN_num_bits(p) + 1;
+    int *arr = NULL;
+    bn_check_top(a);
+    bn_check_top(p);
+    if ((arr = OPENSSL_malloc(sizeof(*arr) * max)) == NULL)
+        goto err;
+    ret = BN_GF2m_poly2arr(p, arr, max);
+    if (!ret || ret > max) {
+        BNerr(BN_F_BN_GF2M_MOD_SQRT, BN_R_INVALID_LENGTH);
+        goto err;
+    }
+    ret = BN_GF2m_mod_sqrt_arr(r, a, arr, ctx);
+    bn_check_top(r);
+ err:
+    OPENSSL_free(arr);
+    return ret;
+}
+
+/*
+ * Find r such that r^2 + r = a mod p.  r could be a. If no r exists returns
+ * 0. Uses algorithms A.4.7 and A.4.6 from IEEE P1363.
+ */
+int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const int p[],
+                               BN_CTX *ctx)
+{
+    int ret = 0, count = 0, j;
+    BIGNUM *a, *z, *rho, *w, *w2, *tmp;
+
+    bn_check_top(a_);
+
+    if (!p[0]) {
+        /* reduction mod 1 => return 0 */
+        BN_zero(r);
+        return 1;
+    }
+
+    BN_CTX_start(ctx);
+    a = BN_CTX_get(ctx);
+    z = BN_CTX_get(ctx);
+    w = BN_CTX_get(ctx);
+    if (w == NULL)
+        goto err;
+
+    if (!BN_GF2m_mod_arr(a, a_, p))
+        goto err;
+
+    if (BN_is_zero(a)) {
+        BN_zero(r);
+        ret = 1;
+        goto err;
+    }
+
+    if (p[0] & 0x1) {           /* m is odd */
+        /* compute half-trace of a */
+        if (!BN_copy(z, a))
+            goto err;
+        for (j = 1; j <= (p[0] - 1) / 2; j++) {
+            if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx))
+                goto err;
+            if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx))
+                goto err;
+            if (!BN_GF2m_add(z, z, a))
+                goto err;
+        }
+
+    } else {                    /* m is even */
+
+        rho = BN_CTX_get(ctx);
+        w2 = BN_CTX_get(ctx);
+        tmp = BN_CTX_get(ctx);
+        if (tmp == NULL)
+            goto err;
+        do {
+            if (!BN_priv_rand(rho, p[0], BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY))
+                goto err;
+            if (!BN_GF2m_mod_arr(rho, rho, p))
+                goto err;
+            BN_zero(z);
+            if (!BN_copy(w, rho))
+                goto err;
+            for (j = 1; j <= p[0] - 1; j++) {
+                if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx))
+                    goto err;
+                if (!BN_GF2m_mod_sqr_arr(w2, w, p, ctx))
+                    goto err;
+                if (!BN_GF2m_mod_mul_arr(tmp, w2, a, p, ctx))
+                    goto err;
+                if (!BN_GF2m_add(z, z, tmp))
+                    goto err;
+                if (!BN_GF2m_add(w, w2, rho))
+                    goto err;
+            }
+            count++;
+        } while (BN_is_zero(w) && (count < MAX_ITERATIONS));
+        if (BN_is_zero(w)) {
+            BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR, BN_R_TOO_MANY_ITERATIONS);
+            goto err;
+        }
+    }
+
+    if (!BN_GF2m_mod_sqr_arr(w, z, p, ctx))
+        goto err;
+    if (!BN_GF2m_add(w, z, w))
+        goto err;
+    if (BN_GF2m_cmp(w, a)) {
+        BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR, BN_R_NO_SOLUTION);
+        goto err;
+    }
+
+    if (!BN_copy(r, z))
+        goto err;
+    bn_check_top(r);
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+/*
+ * Find r such that r^2 + r = a mod p.  r could be a. If no r exists returns
+ * 0. This function calls down to the BN_GF2m_mod_solve_quad_arr
+ * implementation; this wrapper function is only provided for convenience;
+ * for best performance, use the BN_GF2m_mod_solve_quad_arr function.
+ */
+int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                           BN_CTX *ctx)
+{
+    int ret = 0;
+    const int max = BN_num_bits(p) + 1;
+    int *arr = NULL;
+    bn_check_top(a);
+    bn_check_top(p);
+    if ((arr = OPENSSL_malloc(sizeof(*arr) * max)) == NULL)
+        goto err;
+    ret = BN_GF2m_poly2arr(p, arr, max);
+    if (!ret || ret > max) {
+        BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD, BN_R_INVALID_LENGTH);
+        goto err;
+    }
+    ret = BN_GF2m_mod_solve_quad_arr(r, a, arr, ctx);
+    bn_check_top(r);
+ err:
+    OPENSSL_free(arr);
+    return ret;
+}
+
+/*
+ * Convert the bit-string representation of a polynomial ( \sum_{i=0}^n a_i *
+ * x^i) into an array of integers corresponding to the bits with non-zero
+ * coefficient.  Array is terminated with -1. Up to max elements of the array
+ * will be filled.  Return value is total number of array elements that would
+ * be filled if array was large enough.
+ */
+int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max)
+{
+    int i, j, k = 0;
+    BN_ULONG mask;
+
+    if (BN_is_zero(a))
+        return 0;
+
+    for (i = a->top - 1; i >= 0; i--) {
+        if (!a->d[i])
+            /* skip word if a->d[i] == 0 */
+            continue;
+        mask = BN_TBIT;
+        for (j = BN_BITS2 - 1; j >= 0; j--) {
+            if (a->d[i] & mask) {
+                if (k < max)
+                    p[k] = BN_BITS2 * i + j;
+                k++;
+            }
+            mask >>= 1;
+        }
+    }
+
+    if (k < max) {
+        p[k] = -1;
+        k++;
+    }
+
+    return k;
+}
+
+/*
+ * Convert the coefficient array representation of a polynomial to a
+ * bit-string.  The array must be terminated by -1.
+ */
+int BN_GF2m_arr2poly(const int p[], BIGNUM *a)
+{
+    int i;
+
+    bn_check_top(a);
+    BN_zero(a);
+    for (i = 0; p[i] != -1; i++) {
+        if (BN_set_bit(a, p[i]) == 0)
+            return 0;
+    }
+    bn_check_top(a);
+
+    return 1;
+}
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_intern.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_intern.c
new file mode 100644
index 000000000..46bc97575
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_intern.c
@@ -0,0 +1,199 @@
+/*
+ * Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include "bn_lcl.h"
+
+/*
+ * Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'.
+ * This is an array  r[]  of values that are either zero or odd with an
+ * absolute value less than  2^w  satisfying
+ *     scalar = \sum_j r[j]*2^j
+ * where at most one of any  w+1  consecutive digits is non-zero
+ * with the exception that the most significant digit may be only
+ * w-1 zeros away from that next non-zero digit.
+ */
+signed char *bn_compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len)
+{
+    int window_val;
+    signed char *r = NULL;
+    int sign = 1;
+    int bit, next_bit, mask;
+    size_t len = 0, j;
+
+    if (BN_is_zero(scalar)) {
+        r = OPENSSL_malloc(1);
+        if (r == NULL) {
+            BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        r[0] = 0;
+        *ret_len = 1;
+        return r;
+    }
+
+    if (w <= 0 || w > 7) {      /* 'signed char' can represent integers with
+                                 * absolute values less than 2^7 */
+        BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    bit = 1 << w;               /* at most 128 */
+    next_bit = bit << 1;        /* at most 256 */
+    mask = next_bit - 1;        /* at most 255 */
+
+    if (BN_is_negative(scalar)) {
+        sign = -1;
+    }
+
+    if (scalar->d == NULL || scalar->top == 0) {
+        BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    len = BN_num_bits(scalar);
+    r = OPENSSL_malloc(len + 1); /*
+                                  * Modified wNAF may be one digit longer than binary representation
+                                  * (*ret_len will be set to the actual length, i.e. at most
+                                  * BN_num_bits(scalar) + 1)
+                                  */
+    if (r == NULL) {
+        BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    window_val = scalar->d[0] & mask;
+    j = 0;
+    while ((window_val != 0) || (j + w + 1 < len)) { /* if j+w+1 >= len,
+                                                      * window_val will not
+                                                      * increase */
+        int digit = 0;
+
+        /* 0 <= window_val <= 2^(w+1) */
+
+        if (window_val & 1) {
+            /* 0 < window_val < 2^(w+1) */
+
+            if (window_val & bit) {
+                digit = window_val - next_bit; /* -2^w < digit < 0 */
+
+#if 1                           /* modified wNAF */
+                if (j + w + 1 >= len) {
+                    /*
+                     * Special case for generating modified wNAFs:
+                     * no new bits will be added into window_val,
+                     * so using a positive digit here will decrease
+                     * the total length of the representation
+                     */
+
+                    digit = window_val & (mask >> 1); /* 0 < digit < 2^w */
+                }
+#endif
+            } else {
+                digit = window_val; /* 0 < digit < 2^w */
+            }
+
+            if (digit <= -bit || digit >= bit || !(digit & 1)) {
+                BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+
+            window_val -= digit;
+
+            /*
+             * now window_val is 0 or 2^(w+1) in standard wNAF generation;
+             * for modified window NAFs, it may also be 2^w
+             */
+            if (window_val != 0 && window_val != next_bit
+                && window_val != bit) {
+                BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+        }
+
+        r[j++] = sign * digit;
+
+        window_val >>= 1;
+        window_val += bit * BN_is_bit_set(scalar, j + w);
+
+        if (window_val > next_bit) {
+            BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+    }
+
+    if (j > len + 1) {
+        BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    *ret_len = j;
+    return r;
+
+ err:
+    OPENSSL_free(r);
+    return NULL;
+}
+
+int bn_get_top(const BIGNUM *a)
+{
+    return a->top;
+}
+
+int bn_get_dmax(const BIGNUM *a)
+{
+    return a->dmax;
+}
+
+void bn_set_all_zero(BIGNUM *a)
+{
+    int i;
+
+    for (i = a->top; i < a->dmax; i++)
+        a->d[i] = 0;
+}
+
+int bn_copy_words(BN_ULONG *out, const BIGNUM *in, int size)
+{
+    if (in->top > size)
+        return 0;
+
+    memset(out, 0, sizeof(*out) * size);
+    if (in->d != NULL)
+        memcpy(out, in->d, sizeof(*out) * in->top);
+    return 1;
+}
+
+BN_ULONG *bn_get_words(const BIGNUM *a)
+{
+    return a->d;
+}
+
+void bn_set_static_words(BIGNUM *a, const BN_ULONG *words, int size)
+{
+    /*
+     * |const| qualifier omission is compensated by BN_FLG_STATIC_DATA
+     * flag, which effectively means "read-only data".
+     */
+    a->d = (BN_ULONG *)words;
+    a->dmax = a->top = size;
+    a->neg = 0;
+    a->flags |= BN_FLG_STATIC_DATA;
+    bn_correct_top(a);
+}
+
+int bn_set_words(BIGNUM *a, const BN_ULONG *words, int num_words)
+{
+    if (bn_wexpand(a, num_words) == NULL) {
+        BNerr(BN_F_BN_SET_WORDS, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    memcpy(a->d, words, sizeof(BN_ULONG) * num_words);
+    a->top = num_words;
+    bn_correct_top(a);
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_kron.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_kron.c
new file mode 100644
index 000000000..b9bc6cca2
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_kron.c
@@ -0,0 +1,140 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include "bn_lcl.h"
+
+/* least significant word */
+#define BN_lsw(n) (((n)->top == 0) ? (BN_ULONG) 0 : (n)->d[0])
+
+/* Returns -2 for errors because both -1 and 0 are valid results. */
+int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+{
+    int i;
+    int ret = -2;               /* avoid 'uninitialized' warning */
+    int err = 0;
+    BIGNUM *A, *B, *tmp;
+    /*-
+     * In 'tab', only odd-indexed entries are relevant:
+     * For any odd BIGNUM n,
+     *     tab[BN_lsw(n) & 7]
+     * is $(-1)^{(n^2-1)/8}$ (using TeX notation).
+     * Note that the sign of n does not matter.
+     */
+    static const int tab[8] = { 0, 1, 0, -1, 0, -1, 0, 1 };
+
+    bn_check_top(a);
+    bn_check_top(b);
+
+    BN_CTX_start(ctx);
+    A = BN_CTX_get(ctx);
+    B = BN_CTX_get(ctx);
+    if (B == NULL)
+        goto end;
+
+    err = !BN_copy(A, a);
+    if (err)
+        goto end;
+    err = !BN_copy(B, b);
+    if (err)
+        goto end;
+
+    /*
+     * Kronecker symbol, implemented according to Henri Cohen,
+     * "A Course in Computational Algebraic Number Theory"
+     * (algorithm 1.4.10).
+     */
+
+    /* Cohen's step 1: */
+
+    if (BN_is_zero(B)) {
+        ret = BN_abs_is_word(A, 1);
+        goto end;
+    }
+
+    /* Cohen's step 2: */
+
+    if (!BN_is_odd(A) && !BN_is_odd(B)) {
+        ret = 0;
+        goto end;
+    }
+
+    /* now  B  is non-zero */
+    i = 0;
+    while (!BN_is_bit_set(B, i))
+        i++;
+    err = !BN_rshift(B, B, i);
+    if (err)
+        goto end;
+    if (i & 1) {
+        /* i is odd */
+        /* (thus  B  was even, thus  A  must be odd!)  */
+
+        /* set 'ret' to $(-1)^{(A^2-1)/8}$ */
+        ret = tab[BN_lsw(A) & 7];
+    } else {
+        /* i is even */
+        ret = 1;
+    }
+
+    if (B->neg) {
+        B->neg = 0;
+        if (A->neg)
+            ret = -ret;
+    }
+
+    /*
+     * now B is positive and odd, so what remains to be done is to compute
+     * the Jacobi symbol (A/B) and multiply it by 'ret'
+     */
+
+    while (1) {
+        /* Cohen's step 3: */
+
+        /*  B  is positive and odd */
+
+        if (BN_is_zero(A)) {
+            ret = BN_is_one(B) ? ret : 0;
+            goto end;
+        }
+
+        /* now  A  is non-zero */
+        i = 0;
+        while (!BN_is_bit_set(A, i))
+            i++;
+        err = !BN_rshift(A, A, i);
+        if (err)
+            goto end;
+        if (i & 1) {
+            /* i is odd */
+            /* multiply 'ret' by  $(-1)^{(B^2-1)/8}$ */
+            ret = ret * tab[BN_lsw(B) & 7];
+        }
+
+        /* Cohen's step 4: */
+        /* multiply 'ret' by  $(-1)^{(A-1)(B-1)/4}$ */
+        if ((A->neg ? ~BN_lsw(A) : BN_lsw(A)) & BN_lsw(B) & 2)
+            ret = -ret;
+
+        /* (A, B) := (B mod |A|, |A|) */
+        err = !BN_nnmod(B, B, A, ctx);
+        if (err)
+            goto end;
+        tmp = A;
+        A = B;
+        B = tmp;
+        tmp->neg = 0;
+    }
+ end:
+    BN_CTX_end(ctx);
+    if (err)
+        return -2;
+    else
+        return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_lcl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_lcl.h
new file mode 100644
index 000000000..8a36db2e8
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_lcl.h
@@ -0,0 +1,671 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_BN_LCL_H
+# define HEADER_BN_LCL_H
+
+/*
+ * The EDK2 build doesn't use bn_conf.h; it sets THIRTY_TWO_BIT or
+ * SIXTY_FOUR_BIT in its own environment since it doesn't re-run our
+ * Configure script and needs to support both 32-bit and 64-bit.
+ */
+# include <openssl/opensslconf.h>
+
+# if !defined(OPENSSL_SYS_UEFI)
+#  include "internal/bn_conf.h"
+# endif
+
+# include "internal/bn_int.h"
+
+/*
+ * These preprocessor symbols control various aspects of the bignum headers
+ * and library code. They're not defined by any "normal" configuration, as
+ * they are intended for development and testing purposes. NB: defining all
+ * three can be useful for debugging application code as well as openssl
+ * itself. BN_DEBUG - turn on various debugging alterations to the bignum
+ * code BN_DEBUG_RAND - uses random poisoning of unused words to trip up
+ * mismanagement of bignum internals. You must also define BN_DEBUG.
+ */
+/* #define BN_DEBUG */
+/* #define BN_DEBUG_RAND */
+
+# ifndef OPENSSL_SMALL_FOOTPRINT
+#  define BN_MUL_COMBA
+#  define BN_SQR_COMBA
+#  define BN_RECURSION
+# endif
+
+/*
+ * This next option uses the C libraries (2 word)/(1 word) function. If it is
+ * not defined, I use my C version (which is slower). The reason for this
+ * flag is that when the particular C compiler library routine is used, and
+ * the library is linked with a different compiler, the library is missing.
+ * This mostly happens when the library is built with gcc and then linked
+ * using normal cc.  This would be a common occurrence because gcc normally
+ * produces code that is 2 times faster than system compilers for the big
+ * number stuff. For machines with only one compiler (or shared libraries),
+ * this should be on.  Again this in only really a problem on machines using
+ * "long long's", are 32bit, and are not using my assembler code.
+ */
+# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || \
+    defined(OPENSSL_SYS_WIN32) || defined(linux)
+#  define BN_DIV2W
+# endif
+
+/*
+ * 64-bit processor with LP64 ABI
+ */
+# ifdef SIXTY_FOUR_BIT_LONG
+#  define BN_ULLONG       unsigned long long
+#  define BN_BITS4        32
+#  define BN_MASK2        (0xffffffffffffffffL)
+#  define BN_MASK2l       (0xffffffffL)
+#  define BN_MASK2h       (0xffffffff00000000L)
+#  define BN_MASK2h1      (0xffffffff80000000L)
+#  define BN_DEC_CONV     (10000000000000000000UL)
+#  define BN_DEC_NUM      19
+#  define BN_DEC_FMT1     "%lu"
+#  define BN_DEC_FMT2     "%019lu"
+# endif
+
+/*
+ * 64-bit processor other than LP64 ABI
+ */
+# ifdef SIXTY_FOUR_BIT
+#  undef BN_LLONG
+#  undef BN_ULLONG
+#  define BN_BITS4        32
+#  define BN_MASK2        (0xffffffffffffffffLL)
+#  define BN_MASK2l       (0xffffffffL)
+#  define BN_MASK2h       (0xffffffff00000000LL)
+#  define BN_MASK2h1      (0xffffffff80000000LL)
+#  define BN_DEC_CONV     (10000000000000000000ULL)
+#  define BN_DEC_NUM      19
+#  define BN_DEC_FMT1     "%llu"
+#  define BN_DEC_FMT2     "%019llu"
+# endif
+
+# ifdef THIRTY_TWO_BIT
+#  ifdef BN_LLONG
+#   if defined(_WIN32) && !defined(__GNUC__)
+#    define BN_ULLONG     unsigned __int64
+#   else
+#    define BN_ULLONG     unsigned long long
+#   endif
+#  endif
+#  define BN_BITS4        16
+#  define BN_MASK2        (0xffffffffL)
+#  define BN_MASK2l       (0xffff)
+#  define BN_MASK2h1      (0xffff8000L)
+#  define BN_MASK2h       (0xffff0000L)
+#  define BN_DEC_CONV     (1000000000L)
+#  define BN_DEC_NUM      9
+#  define BN_DEC_FMT1     "%u"
+#  define BN_DEC_FMT2     "%09u"
+# endif
+
+
+/*-
+ * Bignum consistency macros
+ * There is one "API" macro, bn_fix_top(), for stripping leading zeroes from
+ * bignum data after direct manipulations on the data. There is also an
+ * "internal" macro, bn_check_top(), for verifying that there are no leading
+ * zeroes. Unfortunately, some auditing is required due to the fact that
+ * bn_fix_top() has become an overabused duct-tape because bignum data is
+ * occasionally passed around in an inconsistent state. So the following
+ * changes have been made to sort this out;
+ * - bn_fix_top()s implementation has been moved to bn_correct_top()
+ * - if BN_DEBUG isn't defined, bn_fix_top() maps to bn_correct_top(), and
+ *   bn_check_top() is as before.
+ * - if BN_DEBUG *is* defined;
+ *   - bn_check_top() tries to pollute unused words even if the bignum 'top' is
+ *     consistent. (ed: only if BN_DEBUG_RAND is defined)
+ *   - bn_fix_top() maps to bn_check_top() rather than "fixing" anything.
+ * The idea is to have debug builds flag up inconsistent bignums when they
+ * occur. If that occurs in a bn_fix_top(), we examine the code in question; if
+ * the use of bn_fix_top() was appropriate (ie. it follows directly after code
+ * that manipulates the bignum) it is converted to bn_correct_top(), and if it
+ * was not appropriate, we convert it permanently to bn_check_top() and track
+ * down the cause of the bug. Eventually, no internal code should be using the
+ * bn_fix_top() macro. External applications and libraries should try this with
+ * their own code too, both in terms of building against the openssl headers
+ * with BN_DEBUG defined *and* linking with a version of OpenSSL built with it
+ * defined. This not only improves external code, it provides more test
+ * coverage for openssl's own code.
+ */
+
+# ifdef BN_DEBUG
+/*
+ * The new BN_FLG_FIXED_TOP flag marks vectors that were not treated with
+ * bn_correct_top, in other words such vectors are permitted to have zeros
+ * in most significant limbs. Such vectors are used internally to achieve
+ * execution time invariance for critical operations with private keys.
+ * It's BN_DEBUG-only flag, because user application is not supposed to
+ * observe it anyway. Moreover, optimizing compiler would actually remove
+ * all operations manipulating the bit in question in non-BN_DEBUG build.
+ */
+#  define BN_FLG_FIXED_TOP 0x10000
+#  ifdef BN_DEBUG_RAND
+#   define bn_pollute(a) \
+        do { \
+            const BIGNUM *_bnum1 = (a); \
+            if (_bnum1->top < _bnum1->dmax) { \
+                unsigned char _tmp_char; \
+                /* We cast away const without the compiler knowing, any \
+                 * *genuinely* constant variables that aren't mutable \
+                 * wouldn't be constructed with top!=dmax. */ \
+                BN_ULONG *_not_const; \
+                memcpy(&_not_const, &_bnum1->d, sizeof(_not_const)); \
+                RAND_bytes(&_tmp_char, 1); /* Debug only - safe to ignore error return */\
+                memset(_not_const + _bnum1->top, _tmp_char, \
+                       sizeof(*_not_const) * (_bnum1->dmax - _bnum1->top)); \
+            } \
+        } while(0)
+#  else
+#   define bn_pollute(a)
+#  endif
+#  define bn_check_top(a) \
+        do { \
+                const BIGNUM *_bnum2 = (a); \
+                if (_bnum2 != NULL) { \
+                        int _top = _bnum2->top; \
+                        (void)ossl_assert((_top == 0 && !_bnum2->neg) || \
+                                  (_top && ((_bnum2->flags & BN_FLG_FIXED_TOP) \
+                                            || _bnum2->d[_top - 1] != 0))); \
+                        bn_pollute(_bnum2); \
+                } \
+        } while(0)
+
+#  define bn_fix_top(a)           bn_check_top(a)
+
+#  define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2)
+#  define bn_wcheck_size(bn, words) \
+        do { \
+                const BIGNUM *_bnum2 = (bn); \
+                assert((words) <= (_bnum2)->dmax && \
+                       (words) >= (_bnum2)->top); \
+                /* avoid unused variable warning with NDEBUG */ \
+                (void)(_bnum2); \
+        } while(0)
+
+# else                          /* !BN_DEBUG */
+
+#  define BN_FLG_FIXED_TOP 0
+#  define bn_pollute(a)
+#  define bn_check_top(a)
+#  define bn_fix_top(a)           bn_correct_top(a)
+#  define bn_check_size(bn, bits)
+#  define bn_wcheck_size(bn, words)
+
+# endif
+
+BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num,
+                          BN_ULONG w);
+BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
+void bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num);
+BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
+BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                      int num);
+BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                      int num);
+
+struct bignum_st {
+    BN_ULONG *d;                /* Pointer to an array of 'BN_BITS2' bit
+                                 * chunks. */
+    int top;                    /* Index of last used d +1. */
+    /* The next are internal book keeping for bn_expand. */
+    int dmax;                   /* Size of the d array. */
+    int neg;                    /* one if the number is negative */
+    int flags;
+};
+
+/* Used for montgomery multiplication */
+struct bn_mont_ctx_st {
+    int ri;                     /* number of bits in R */
+    BIGNUM RR;                  /* used to convert to montgomery form,
+                                   possibly zero-padded */
+    BIGNUM N;                   /* The modulus */
+    BIGNUM Ni;                  /* R*(1/R mod N) - N*Ni = 1 (Ni is only
+                                 * stored for bignum algorithm) */
+    BN_ULONG n0[2];             /* least significant word(s) of Ni; (type
+                                 * changed with 0.9.9, was "BN_ULONG n0;"
+                                 * before) */
+    int flags;
+};
+
+/*
+ * Used for reciprocal division/mod functions It cannot be shared between
+ * threads
+ */
+struct bn_recp_ctx_st {
+    BIGNUM N;                   /* the divisor */
+    BIGNUM Nr;                  /* the reciprocal */
+    int num_bits;
+    int shift;
+    int flags;
+};
+
+/* Used for slow "generation" functions. */
+struct bn_gencb_st {
+    unsigned int ver;           /* To handle binary (in)compatibility */
+    void *arg;                  /* callback-specific data */
+    union {
+        /* if (ver==1) - handles old style callbacks */
+        void (*cb_1) (int, int, void *);
+        /* if (ver==2) - new callback style */
+        int (*cb_2) (int, int, BN_GENCB *);
+    } cb;
+};
+
+/*-
+ * BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions
+ *
+ *
+ * For window size 'w' (w >= 2) and a random 'b' bits exponent,
+ * the number of multiplications is a constant plus on average
+ *
+ *    2^(w-1) + (b-w)/(w+1);
+ *
+ * here  2^(w-1)  is for precomputing the table (we actually need
+ * entries only for windows that have the lowest bit set), and
+ * (b-w)/(w+1)  is an approximation for the expected number of
+ * w-bit windows, not counting the first one.
+ *
+ * Thus we should use
+ *
+ *    w >= 6  if        b > 671
+ *     w = 5  if  671 > b > 239
+ *     w = 4  if  239 > b >  79
+ *     w = 3  if   79 > b >  23
+ *    w <= 2  if   23 > b
+ *
+ * (with draws in between).  Very small exponents are often selected
+ * with low Hamming weight, so we use  w = 1  for b <= 23.
+ */
+# define BN_window_bits_for_exponent_size(b) \
+                ((b) > 671 ? 6 : \
+                 (b) > 239 ? 5 : \
+                 (b) >  79 ? 4 : \
+                 (b) >  23 ? 3 : 1)
+
+/*
+ * BN_mod_exp_mont_conttime is based on the assumption that the L1 data cache
+ * line width of the target processor is at least the following value.
+ */
+# define MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH      ( 64 )
+# define MOD_EXP_CTIME_MIN_CACHE_LINE_MASK       (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - 1)
+
+/*
+ * Window sizes optimized for fixed window size modular exponentiation
+ * algorithm (BN_mod_exp_mont_consttime). To achieve the security goals of
+ * BN_mode_exp_mont_consttime, the maximum size of the window must not exceed
+ * log_2(MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH). Window size thresholds are
+ * defined for cache line sizes of 32 and 64, cache line sizes where
+ * log_2(32)=5 and log_2(64)=6 respectively. A window size of 7 should only be
+ * used on processors that have a 128 byte or greater cache line size.
+ */
+# if MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 64
+
+#  define BN_window_bits_for_ctime_exponent_size(b) \
+                ((b) > 937 ? 6 : \
+                 (b) > 306 ? 5 : \
+                 (b) >  89 ? 4 : \
+                 (b) >  22 ? 3 : 1)
+#  define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE    (6)
+
+# elif MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 32
+
+#  define BN_window_bits_for_ctime_exponent_size(b) \
+                ((b) > 306 ? 5 : \
+                 (b) >  89 ? 4 : \
+                 (b) >  22 ? 3 : 1)
+#  define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE    (5)
+
+# endif
+
+/* Pentium pro 16,16,16,32,64 */
+/* Alpha       16,16,16,16.64 */
+# define BN_MULL_SIZE_NORMAL                     (16)/* 32 */
+# define BN_MUL_RECURSIVE_SIZE_NORMAL            (16)/* 32 less than */
+# define BN_SQR_RECURSIVE_SIZE_NORMAL            (16)/* 32 */
+# define BN_MUL_LOW_RECURSIVE_SIZE_NORMAL        (32)/* 32 */
+# define BN_MONT_CTX_SET_SIZE_WORD               (64)/* 32 */
+
+/*
+ * 2011-02-22 SMS. In various places, a size_t variable or a type cast to
+ * size_t was used to perform integer-only operations on pointers.  This
+ * failed on VMS with 64-bit pointers (CC /POINTER_SIZE = 64) because size_t
+ * is still only 32 bits.  What's needed in these cases is an integer type
+ * with the same size as a pointer, which size_t is not certain to be. The
+ * only fix here is VMS-specific.
+ */
+# if defined(OPENSSL_SYS_VMS)
+#  if __INITIAL_POINTER_SIZE == 64
+#   define PTR_SIZE_INT long long
+#  else                         /* __INITIAL_POINTER_SIZE == 64 */
+#   define PTR_SIZE_INT int
+#  endif                        /* __INITIAL_POINTER_SIZE == 64 [else] */
+# elif !defined(PTR_SIZE_INT)   /* defined(OPENSSL_SYS_VMS) */
+#  define PTR_SIZE_INT size_t
+# endif                         /* defined(OPENSSL_SYS_VMS) [else] */
+
+# if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC)
+/*
+ * BN_UMULT_HIGH section.
+ * If the compiler doesn't support 2*N integer type, then you have to
+ * replace every N*N multiplication with 4 (N/2)*(N/2) accompanied by some
+ * shifts and additions which unavoidably results in severe performance
+ * penalties. Of course provided that the hardware is capable of producing
+ * 2*N result... That's when you normally start considering assembler
+ * implementation. However! It should be pointed out that some CPUs (e.g.,
+ * PowerPC, Alpha, and IA-64) provide *separate* instruction calculating
+ * the upper half of the product placing the result into a general
+ * purpose register. Now *if* the compiler supports inline assembler,
+ * then it's not impossible to implement the "bignum" routines (and have
+ * the compiler optimize 'em) exhibiting "native" performance in C. That's
+ * what BN_UMULT_HIGH macro is about:-) Note that more recent compilers do
+ * support 2*64 integer type, which is also used here.
+ */
+#  if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16 && \
+      (defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG))
+#   define BN_UMULT_HIGH(a,b)          (((__uint128_t)(a)*(b))>>64)
+#   define BN_UMULT_LOHI(low,high,a,b) ({       \
+        __uint128_t ret=(__uint128_t)(a)*(b);   \
+        (high)=ret>>64; (low)=ret;      })
+#  elif defined(__alpha) && (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT))
+#   if defined(__DECC)
+#    include <c_asm.h>
+#    define BN_UMULT_HIGH(a,b)   (BN_ULONG)asm("umulh %a0,%a1,%v0",(a),(b))
+#   elif defined(__GNUC__) && __GNUC__>=2
+#    define BN_UMULT_HIGH(a,b)   ({     \
+        register BN_ULONG ret;          \
+        asm ("umulh     %1,%2,%0"       \
+             : "=r"(ret)                \
+             : "r"(a), "r"(b));         \
+        ret;                      })
+#   endif                       /* compiler */
+#  elif defined(_ARCH_PPC64) && defined(SIXTY_FOUR_BIT_LONG)
+#   if defined(__GNUC__) && __GNUC__>=2
+#    define BN_UMULT_HIGH(a,b)   ({     \
+        register BN_ULONG ret;          \
+        asm ("mulhdu    %0,%1,%2"       \
+             : "=r"(ret)                \
+             : "r"(a), "r"(b));         \
+        ret;                      })
+#   endif                       /* compiler */
+#  elif (defined(__x86_64) || defined(__x86_64__)) && \
+       (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT))
+#   if defined(__GNUC__) && __GNUC__>=2
+#    define BN_UMULT_HIGH(a,b)   ({     \
+        register BN_ULONG ret,discard;  \
+        asm ("mulq      %3"             \
+             : "=a"(discard),"=d"(ret)  \
+             : "a"(a), "g"(b)           \
+             : "cc");                   \
+        ret;                      })
+#    define BN_UMULT_LOHI(low,high,a,b) \
+        asm ("mulq      %3"             \
+                : "=a"(low),"=d"(high)  \
+                : "a"(a),"g"(b)         \
+                : "cc");
+#   endif
+#  elif (defined(_M_AMD64) || defined(_M_X64)) && defined(SIXTY_FOUR_BIT)
+#   if defined(_MSC_VER) && _MSC_VER>=1400
+unsigned __int64 __umulh(unsigned __int64 a, unsigned __int64 b);
+unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b,
+                          unsigned __int64 *h);
+#    pragma intrinsic(__umulh,_umul128)
+#    define BN_UMULT_HIGH(a,b)           __umulh((a),(b))
+#    define BN_UMULT_LOHI(low,high,a,b)  ((low)=_umul128((a),(b),&(high)))
+#   endif
+#  elif defined(__mips) && (defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG))
+#   if defined(__GNUC__) && __GNUC__>=2
+#    define BN_UMULT_HIGH(a,b) ({       \
+        register BN_ULONG ret;          \
+        asm ("dmultu    %1,%2"          \
+             : "=h"(ret)                \
+             : "r"(a), "r"(b) : "l");   \
+        ret;                    })
+#    define BN_UMULT_LOHI(low,high,a,b) \
+        asm ("dmultu    %2,%3"          \
+             : "=l"(low),"=h"(high)     \
+             : "r"(a), "r"(b));
+#   endif
+#  elif defined(__aarch64__) && defined(SIXTY_FOUR_BIT_LONG)
+#   if defined(__GNUC__) && __GNUC__>=2
+#    define BN_UMULT_HIGH(a,b)   ({     \
+        register BN_ULONG ret;          \
+        asm ("umulh     %0,%1,%2"       \
+             : "=r"(ret)                \
+             : "r"(a), "r"(b));         \
+        ret;                      })
+#   endif
+#  endif                        /* cpu */
+# endif                         /* OPENSSL_NO_ASM */
+
+# ifdef BN_DEBUG_RAND
+#  define bn_clear_top2max(a) \
+        { \
+        int      ind = (a)->dmax - (a)->top; \
+        BN_ULONG *ftl = &(a)->d[(a)->top-1]; \
+        for (; ind != 0; ind--) \
+                *(++ftl) = 0x0; \
+        }
+# else
+#  define bn_clear_top2max(a)
+# endif
+
+# ifdef BN_LLONG
+/*******************************************************************
+ * Using the long long type, has to be twice as wide as BN_ULONG...
+ */
+#  define Lw(t)    (((BN_ULONG)(t))&BN_MASK2)
+#  define Hw(t)    (((BN_ULONG)((t)>>BN_BITS2))&BN_MASK2)
+
+#  define mul_add(r,a,w,c) { \
+        BN_ULLONG t; \
+        t=(BN_ULLONG)w * (a) + (r) + (c); \
+        (r)= Lw(t); \
+        (c)= Hw(t); \
+        }
+
+#  define mul(r,a,w,c) { \
+        BN_ULLONG t; \
+        t=(BN_ULLONG)w * (a) + (c); \
+        (r)= Lw(t); \
+        (c)= Hw(t); \
+        }
+
+#  define sqr(r0,r1,a) { \
+        BN_ULLONG t; \
+        t=(BN_ULLONG)(a)*(a); \
+        (r0)=Lw(t); \
+        (r1)=Hw(t); \
+        }
+
+# elif defined(BN_UMULT_LOHI)
+#  define mul_add(r,a,w,c) {              \
+        BN_ULONG high,low,ret,tmp=(a);  \
+        ret =  (r);                     \
+        BN_UMULT_LOHI(low,high,w,tmp);  \
+        ret += (c);                     \
+        (c) =  (ret<(c))?1:0;           \
+        (c) += high;                    \
+        ret += low;                     \
+        (c) += (ret<low)?1:0;           \
+        (r) =  ret;                     \
+        }
+
+#  define mul(r,a,w,c)    {               \
+        BN_ULONG high,low,ret,ta=(a);   \
+        BN_UMULT_LOHI(low,high,w,ta);   \
+        ret =  low + (c);               \
+        (c) =  high;                    \
+        (c) += (ret<low)?1:0;           \
+        (r) =  ret;                     \
+        }
+
+#  define sqr(r0,r1,a)    {               \
+        BN_ULONG tmp=(a);               \
+        BN_UMULT_LOHI(r0,r1,tmp,tmp);   \
+        }
+
+# elif defined(BN_UMULT_HIGH)
+#  define mul_add(r,a,w,c) {              \
+        BN_ULONG high,low,ret,tmp=(a);  \
+        ret =  (r);                     \
+        high=  BN_UMULT_HIGH(w,tmp);    \
+        ret += (c);                     \
+        low =  (w) * tmp;               \
+        (c) =  (ret<(c))?1:0;           \
+        (c) += high;                    \
+        ret += low;                     \
+        (c) += (ret<low)?1:0;           \
+        (r) =  ret;                     \
+        }
+
+#  define mul(r,a,w,c)    {               \
+        BN_ULONG high,low,ret,ta=(a);   \
+        low =  (w) * ta;                \
+        high=  BN_UMULT_HIGH(w,ta);     \
+        ret =  low + (c);               \
+        (c) =  high;                    \
+        (c) += (ret<low)?1:0;           \
+        (r) =  ret;                     \
+        }
+
+#  define sqr(r0,r1,a)    {               \
+        BN_ULONG tmp=(a);               \
+        (r0) = tmp * tmp;               \
+        (r1) = BN_UMULT_HIGH(tmp,tmp);  \
+        }
+
+# else
+/*************************************************************
+ * No long long type
+ */
+
+#  define LBITS(a)        ((a)&BN_MASK2l)
+#  define HBITS(a)        (((a)>>BN_BITS4)&BN_MASK2l)
+#  define L2HBITS(a)      (((a)<<BN_BITS4)&BN_MASK2)
+
+#  define LLBITS(a)       ((a)&BN_MASKl)
+#  define LHBITS(a)       (((a)>>BN_BITS2)&BN_MASKl)
+#  define LL2HBITS(a)     ((BN_ULLONG)((a)&BN_MASKl)<<BN_BITS2)
+
+#  define mul64(l,h,bl,bh) \
+        { \
+        BN_ULONG m,m1,lt,ht; \
+ \
+        lt=l; \
+        ht=h; \
+        m =(bh)*(lt); \
+        lt=(bl)*(lt); \
+        m1=(bl)*(ht); \
+        ht =(bh)*(ht); \
+        m=(m+m1)&BN_MASK2; if (m < m1) ht+=L2HBITS((BN_ULONG)1); \
+        ht+=HBITS(m); \
+        m1=L2HBITS(m); \
+        lt=(lt+m1)&BN_MASK2; if (lt < m1) ht++; \
+        (l)=lt; \
+        (h)=ht; \
+        }
+
+#  define sqr64(lo,ho,in) \
+        { \
+        BN_ULONG l,h,m; \
+ \
+        h=(in); \
+        l=LBITS(h); \
+        h=HBITS(h); \
+        m =(l)*(h); \
+        l*=l; \
+        h*=h; \
+        h+=(m&BN_MASK2h1)>>(BN_BITS4-1); \
+        m =(m&BN_MASK2l)<<(BN_BITS4+1); \
+        l=(l+m)&BN_MASK2; if (l < m) h++; \
+        (lo)=l; \
+        (ho)=h; \
+        }
+
+#  define mul_add(r,a,bl,bh,c) { \
+        BN_ULONG l,h; \
+ \
+        h= (a); \
+        l=LBITS(h); \
+        h=HBITS(h); \
+        mul64(l,h,(bl),(bh)); \
+ \
+        /* non-multiply part */ \
+        l=(l+(c))&BN_MASK2; if (l < (c)) h++; \
+        (c)=(r); \
+        l=(l+(c))&BN_MASK2; if (l < (c)) h++; \
+        (c)=h&BN_MASK2; \
+        (r)=l; \
+        }
+
+#  define mul(r,a,bl,bh,c) { \
+        BN_ULONG l,h; \
+ \
+        h= (a); \
+        l=LBITS(h); \
+        h=HBITS(h); \
+        mul64(l,h,(bl),(bh)); \
+ \
+        /* non-multiply part */ \
+        l+=(c); if ((l&BN_MASK2) < (c)) h++; \
+        (c)=h&BN_MASK2; \
+        (r)=l&BN_MASK2; \
+        }
+# endif                         /* !BN_LLONG */
+
+void BN_RECP_CTX_init(BN_RECP_CTX *recp);
+void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
+
+void bn_init(BIGNUM *a);
+void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb);
+void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
+void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
+void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp);
+void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a);
+void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a);
+int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n);
+int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, int cl, int dl);
+void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
+                      int dna, int dnb, BN_ULONG *t);
+void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b,
+                           int n, int tna, int tnb, BN_ULONG *t);
+void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t);
+void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n);
+void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
+                          BN_ULONG *t);
+BN_ULONG bn_sub_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
+                           int cl, int dl);
+int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                const BN_ULONG *np, const BN_ULONG *n0, int num);
+
+BIGNUM *int_bn_mod_inverse(BIGNUM *in,
+                           const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx,
+                           int *noinv);
+
+int bn_probable_prime_dh(BIGNUM *rnd, int bits,
+                         const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx);
+
+static ossl_inline BIGNUM *bn_expand(BIGNUM *a, int bits)
+{
+    if (bits > (INT_MAX - BN_BITS2 + 1))
+        return NULL;
+
+    if (((bits+BN_BITS2-1)/BN_BITS2) <= (a)->dmax)
+        return a;
+
+    return bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2);
+}
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_lib.c
new file mode 100644
index 000000000..8286b3855
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_lib.c
@@ -0,0 +1,964 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <assert.h>
+#include <limits.h>
+#include "internal/cryptlib.h"
+#include "bn_lcl.h"
+#include <openssl/opensslconf.h>
+#include "internal/constant_time_locl.h"
+
+/* This stuff appears to be completely unused, so is deprecated */
+#if OPENSSL_API_COMPAT < 0x00908000L
+/*-
+ * For a 32 bit machine
+ * 2 -   4 ==  128
+ * 3 -   8 ==  256
+ * 4 -  16 ==  512
+ * 5 -  32 == 1024
+ * 6 -  64 == 2048
+ * 7 - 128 == 4096
+ * 8 - 256 == 8192
+ */
+static int bn_limit_bits = 0;
+static int bn_limit_num = 8;    /* (1<<bn_limit_bits) */
+static int bn_limit_bits_low = 0;
+static int bn_limit_num_low = 8; /* (1<<bn_limit_bits_low) */
+static int bn_limit_bits_high = 0;
+static int bn_limit_num_high = 8; /* (1<<bn_limit_bits_high) */
+static int bn_limit_bits_mont = 0;
+static int bn_limit_num_mont = 8; /* (1<<bn_limit_bits_mont) */
+
+void BN_set_params(int mult, int high, int low, int mont)
+{
+    if (mult >= 0) {
+        if (mult > (int)(sizeof(int) * 8) - 1)
+            mult = sizeof(int) * 8 - 1;
+        bn_limit_bits = mult;
+        bn_limit_num = 1 << mult;
+    }
+    if (high >= 0) {
+        if (high > (int)(sizeof(int) * 8) - 1)
+            high = sizeof(int) * 8 - 1;
+        bn_limit_bits_high = high;
+        bn_limit_num_high = 1 << high;
+    }
+    if (low >= 0) {
+        if (low > (int)(sizeof(int) * 8) - 1)
+            low = sizeof(int) * 8 - 1;
+        bn_limit_bits_low = low;
+        bn_limit_num_low = 1 << low;
+    }
+    if (mont >= 0) {
+        if (mont > (int)(sizeof(int) * 8) - 1)
+            mont = sizeof(int) * 8 - 1;
+        bn_limit_bits_mont = mont;
+        bn_limit_num_mont = 1 << mont;
+    }
+}
+
+int BN_get_params(int which)
+{
+    if (which == 0)
+        return bn_limit_bits;
+    else if (which == 1)
+        return bn_limit_bits_high;
+    else if (which == 2)
+        return bn_limit_bits_low;
+    else if (which == 3)
+        return bn_limit_bits_mont;
+    else
+        return 0;
+}
+#endif
+
+const BIGNUM *BN_value_one(void)
+{
+    static const BN_ULONG data_one = 1L;
+    static const BIGNUM const_one =
+        { (BN_ULONG *)&data_one, 1, 1, 0, BN_FLG_STATIC_DATA };
+
+    return &const_one;
+}
+
+int BN_num_bits_word(BN_ULONG l)
+{
+    BN_ULONG x, mask;
+    int bits = (l != 0);
+
+#if BN_BITS2 > 32
+    x = l >> 32;
+    mask = (0 - x) & BN_MASK2;
+    mask = (0 - (mask >> (BN_BITS2 - 1)));
+    bits += 32 & mask;
+    l ^= (x ^ l) & mask;
+#endif
+
+    x = l >> 16;
+    mask = (0 - x) & BN_MASK2;
+    mask = (0 - (mask >> (BN_BITS2 - 1)));
+    bits += 16 & mask;
+    l ^= (x ^ l) & mask;
+
+    x = l >> 8;
+    mask = (0 - x) & BN_MASK2;
+    mask = (0 - (mask >> (BN_BITS2 - 1)));
+    bits += 8 & mask;
+    l ^= (x ^ l) & mask;
+
+    x = l >> 4;
+    mask = (0 - x) & BN_MASK2;
+    mask = (0 - (mask >> (BN_BITS2 - 1)));
+    bits += 4 & mask;
+    l ^= (x ^ l) & mask;
+
+    x = l >> 2;
+    mask = (0 - x) & BN_MASK2;
+    mask = (0 - (mask >> (BN_BITS2 - 1)));
+    bits += 2 & mask;
+    l ^= (x ^ l) & mask;
+
+    x = l >> 1;
+    mask = (0 - x) & BN_MASK2;
+    mask = (0 - (mask >> (BN_BITS2 - 1)));
+    bits += 1 & mask;
+
+    return bits;
+}
+
+int BN_num_bits(const BIGNUM *a)
+{
+    int i = a->top - 1;
+    bn_check_top(a);
+
+    if (BN_is_zero(a))
+        return 0;
+    return ((i * BN_BITS2) + BN_num_bits_word(a->d[i]));
+}
+
+static void bn_free_d(BIGNUM *a)
+{
+    if (BN_get_flags(a, BN_FLG_SECURE))
+        OPENSSL_secure_free(a->d);
+    else
+        OPENSSL_free(a->d);
+}
+
+
+void BN_clear_free(BIGNUM *a)
+{
+    if (a == NULL)
+        return;
+    if (a->d != NULL && !BN_get_flags(a, BN_FLG_STATIC_DATA)) {
+        OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0]));
+        bn_free_d(a);
+    }
+    if (BN_get_flags(a, BN_FLG_MALLOCED)) {
+        OPENSSL_cleanse(a, sizeof(*a));
+        OPENSSL_free(a);
+    }
+}
+
+void BN_free(BIGNUM *a)
+{
+    if (a == NULL)
+        return;
+    if (!BN_get_flags(a, BN_FLG_STATIC_DATA))
+        bn_free_d(a);
+    if (a->flags & BN_FLG_MALLOCED)
+        OPENSSL_free(a);
+}
+
+void bn_init(BIGNUM *a)
+{
+    static BIGNUM nilbn;
+
+    *a = nilbn;
+    bn_check_top(a);
+}
+
+BIGNUM *BN_new(void)
+{
+    BIGNUM *ret;
+
+    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) {
+        BNerr(BN_F_BN_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    ret->flags = BN_FLG_MALLOCED;
+    bn_check_top(ret);
+    return ret;
+}
+
+ BIGNUM *BN_secure_new(void)
+ {
+     BIGNUM *ret = BN_new();
+     if (ret != NULL)
+         ret->flags |= BN_FLG_SECURE;
+     return ret;
+ }
+
+/* This is used by bn_expand2() */
+/* The caller MUST check that words > b->dmax before calling this */
+static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
+{
+    BN_ULONG *a = NULL;
+
+    if (words > (INT_MAX / (4 * BN_BITS2))) {
+        BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_BIGNUM_TOO_LONG);
+        return NULL;
+    }
+    if (BN_get_flags(b, BN_FLG_STATIC_DATA)) {
+        BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
+        return NULL;
+    }
+    if (BN_get_flags(b, BN_FLG_SECURE))
+        a = OPENSSL_secure_zalloc(words * sizeof(*a));
+    else
+        a = OPENSSL_zalloc(words * sizeof(*a));
+    if (a == NULL) {
+        BNerr(BN_F_BN_EXPAND_INTERNAL, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    assert(b->top <= words);
+    if (b->top > 0)
+        memcpy(a, b->d, sizeof(*a) * b->top);
+
+    return a;
+}
+
+/*
+ * This is an internal function that should not be used in applications. It
+ * ensures that 'b' has enough room for a 'words' word number and initialises
+ * any unused part of b->d with leading zeros. It is mostly used by the
+ * various BIGNUM routines. If there is an error, NULL is returned. If not,
+ * 'b' is returned.
+ */
+
+BIGNUM *bn_expand2(BIGNUM *b, int words)
+{
+    if (words > b->dmax) {
+        BN_ULONG *a = bn_expand_internal(b, words);
+        if (!a)
+            return NULL;
+        if (b->d) {
+            OPENSSL_cleanse(b->d, b->dmax * sizeof(b->d[0]));
+            bn_free_d(b);
+        }
+        b->d = a;
+        b->dmax = words;
+    }
+
+    return b;
+}
+
+BIGNUM *BN_dup(const BIGNUM *a)
+{
+    BIGNUM *t;
+
+    if (a == NULL)
+        return NULL;
+    bn_check_top(a);
+
+    t = BN_get_flags(a, BN_FLG_SECURE) ? BN_secure_new() : BN_new();
+    if (t == NULL)
+        return NULL;
+    if (!BN_copy(t, a)) {
+        BN_free(t);
+        return NULL;
+    }
+    bn_check_top(t);
+    return t;
+}
+
+BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
+{
+    bn_check_top(b);
+
+    if (a == b)
+        return a;
+    if (bn_wexpand(a, b->top) == NULL)
+        return NULL;
+
+    if (b->top > 0)
+        memcpy(a->d, b->d, sizeof(b->d[0]) * b->top);
+
+    a->neg = b->neg;
+    a->top = b->top;
+    a->flags |= b->flags & BN_FLG_FIXED_TOP;
+    bn_check_top(a);
+    return a;
+}
+
+#define FLAGS_DATA(flags) ((flags) & (BN_FLG_STATIC_DATA \
+                                    | BN_FLG_CONSTTIME   \
+                                    | BN_FLG_SECURE      \
+                                    | BN_FLG_FIXED_TOP))
+#define FLAGS_STRUCT(flags) ((flags) & (BN_FLG_MALLOCED))
+
+void BN_swap(BIGNUM *a, BIGNUM *b)
+{
+    int flags_old_a, flags_old_b;
+    BN_ULONG *tmp_d;
+    int tmp_top, tmp_dmax, tmp_neg;
+
+    bn_check_top(a);
+    bn_check_top(b);
+
+    flags_old_a = a->flags;
+    flags_old_b = b->flags;
+
+    tmp_d = a->d;
+    tmp_top = a->top;
+    tmp_dmax = a->dmax;
+    tmp_neg = a->neg;
+
+    a->d = b->d;
+    a->top = b->top;
+    a->dmax = b->dmax;
+    a->neg = b->neg;
+
+    b->d = tmp_d;
+    b->top = tmp_top;
+    b->dmax = tmp_dmax;
+    b->neg = tmp_neg;
+
+    a->flags = FLAGS_STRUCT(flags_old_a) | FLAGS_DATA(flags_old_b);
+    b->flags = FLAGS_STRUCT(flags_old_b) | FLAGS_DATA(flags_old_a);
+    bn_check_top(a);
+    bn_check_top(b);
+}
+
+void BN_clear(BIGNUM *a)
+{
+    bn_check_top(a);
+    if (a->d != NULL)
+        OPENSSL_cleanse(a->d, sizeof(*a->d) * a->dmax);
+    a->neg = 0;
+    a->top = 0;
+    a->flags &= ~BN_FLG_FIXED_TOP;
+}
+
+BN_ULONG BN_get_word(const BIGNUM *a)
+{
+    if (a->top > 1)
+        return BN_MASK2;
+    else if (a->top == 1)
+        return a->d[0];
+    /* a->top == 0 */
+    return 0;
+}
+
+int BN_set_word(BIGNUM *a, BN_ULONG w)
+{
+    bn_check_top(a);
+    if (bn_expand(a, (int)sizeof(BN_ULONG) * 8) == NULL)
+        return 0;
+    a->neg = 0;
+    a->d[0] = w;
+    a->top = (w ? 1 : 0);
+    a->flags &= ~BN_FLG_FIXED_TOP;
+    bn_check_top(a);
+    return 1;
+}
+
+BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
+{
+    unsigned int i, m;
+    unsigned int n;
+    BN_ULONG l;
+    BIGNUM *bn = NULL;
+
+    if (ret == NULL)
+        ret = bn = BN_new();
+    if (ret == NULL)
+        return NULL;
+    bn_check_top(ret);
+    /* Skip leading zero's. */
+    for ( ; len > 0 && *s == 0; s++, len--)
+        continue;
+    n = len;
+    if (n == 0) {
+        ret->top = 0;
+        return ret;
+    }
+    i = ((n - 1) / BN_BYTES) + 1;
+    m = ((n - 1) % (BN_BYTES));
+    if (bn_wexpand(ret, (int)i) == NULL) {
+        BN_free(bn);
+        return NULL;
+    }
+    ret->top = i;
+    ret->neg = 0;
+    l = 0;
+    while (n--) {
+        l = (l << 8L) | *(s++);
+        if (m-- == 0) {
+            ret->d[--i] = l;
+            l = 0;
+            m = BN_BYTES - 1;
+        }
+    }
+    /*
+     * need to call this due to clear byte at top if avoiding having the top
+     * bit set (-ve number)
+     */
+    bn_correct_top(ret);
+    return ret;
+}
+
+/* ignore negative */
+static int bn2binpad(const BIGNUM *a, unsigned char *to, int tolen)
+{
+    int n;
+    size_t i, lasti, j, atop, mask;
+    BN_ULONG l;
+
+    /*
+     * In case |a| is fixed-top, BN_num_bytes can return bogus length,
+     * but it's assumed that fixed-top inputs ought to be "nominated"
+     * even for padded output, so it works out...
+     */
+    n = BN_num_bytes(a);
+    if (tolen == -1) {
+        tolen = n;
+    } else if (tolen < n) {     /* uncommon/unlike case */
+        BIGNUM temp = *a;
+
+        bn_correct_top(&temp);
+        n = BN_num_bytes(&temp);
+        if (tolen < n)
+            return -1;
+    }
+
+    /* Swipe through whole available data and don't give away padded zero. */
+    atop = a->dmax * BN_BYTES;
+    if (atop == 0) {
+        OPENSSL_cleanse(to, tolen);
+        return tolen;
+    }
+
+    lasti = atop - 1;
+    atop = a->top * BN_BYTES;
+    for (i = 0, j = 0, to += tolen; j < (size_t)tolen; j++) {
+        l = a->d[i / BN_BYTES];
+        mask = 0 - ((j - atop) >> (8 * sizeof(i) - 1));
+        *--to = (unsigned char)(l >> (8 * (i % BN_BYTES)) & mask);
+        i += (i - lasti) >> (8 * sizeof(i) - 1); /* stay on last limb */
+    }
+
+    return tolen;
+}
+
+int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen)
+{
+    if (tolen < 0)
+        return -1;
+    return bn2binpad(a, to, tolen);
+}
+
+int BN_bn2bin(const BIGNUM *a, unsigned char *to)
+{
+    return bn2binpad(a, to, -1);
+}
+
+BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret)
+{
+    unsigned int i, m;
+    unsigned int n;
+    BN_ULONG l;
+    BIGNUM *bn = NULL;
+
+    if (ret == NULL)
+        ret = bn = BN_new();
+    if (ret == NULL)
+        return NULL;
+    bn_check_top(ret);
+    s += len;
+    /* Skip trailing zeroes. */
+    for ( ; len > 0 && s[-1] == 0; s--, len--)
+        continue;
+    n = len;
+    if (n == 0) {
+        ret->top = 0;
+        return ret;
+    }
+    i = ((n - 1) / BN_BYTES) + 1;
+    m = ((n - 1) % (BN_BYTES));
+    if (bn_wexpand(ret, (int)i) == NULL) {
+        BN_free(bn);
+        return NULL;
+    }
+    ret->top = i;
+    ret->neg = 0;
+    l = 0;
+    while (n--) {
+        s--;
+        l = (l << 8L) | *s;
+        if (m-- == 0) {
+            ret->d[--i] = l;
+            l = 0;
+            m = BN_BYTES - 1;
+        }
+    }
+    /*
+     * need to call this due to clear byte at top if avoiding having the top
+     * bit set (-ve number)
+     */
+    bn_correct_top(ret);
+    return ret;
+}
+
+int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen)
+{
+    int i;
+    BN_ULONG l;
+    bn_check_top(a);
+    i = BN_num_bytes(a);
+    if (tolen < i)
+        return -1;
+    /* Add trailing zeroes if necessary */
+    if (tolen > i)
+        memset(to + i, 0, tolen - i);
+    to += i;
+    while (i--) {
+        l = a->d[i / BN_BYTES];
+        to--;
+        *to = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff;
+    }
+    return tolen;
+}
+
+int BN_ucmp(const BIGNUM *a, const BIGNUM *b)
+{
+    int i;
+    BN_ULONG t1, t2, *ap, *bp;
+
+    bn_check_top(a);
+    bn_check_top(b);
+
+    i = a->top - b->top;
+    if (i != 0)
+        return i;
+    ap = a->d;
+    bp = b->d;
+    for (i = a->top - 1; i >= 0; i--) {
+        t1 = ap[i];
+        t2 = bp[i];
+        if (t1 != t2)
+            return ((t1 > t2) ? 1 : -1);
+    }
+    return 0;
+}
+
+int BN_cmp(const BIGNUM *a, const BIGNUM *b)
+{
+    int i;
+    int gt, lt;
+    BN_ULONG t1, t2;
+
+    if ((a == NULL) || (b == NULL)) {
+        if (a != NULL)
+            return -1;
+        else if (b != NULL)
+            return 1;
+        else
+            return 0;
+    }
+
+    bn_check_top(a);
+    bn_check_top(b);
+
+    if (a->neg != b->neg) {
+        if (a->neg)
+            return -1;
+        else
+            return 1;
+    }
+    if (a->neg == 0) {
+        gt = 1;
+        lt = -1;
+    } else {
+        gt = -1;
+        lt = 1;
+    }
+
+    if (a->top > b->top)
+        return gt;
+    if (a->top < b->top)
+        return lt;
+    for (i = a->top - 1; i >= 0; i--) {
+        t1 = a->d[i];
+        t2 = b->d[i];
+        if (t1 > t2)
+            return gt;
+        if (t1 < t2)
+            return lt;
+    }
+    return 0;
+}
+
+int BN_set_bit(BIGNUM *a, int n)
+{
+    int i, j, k;
+
+    if (n < 0)
+        return 0;
+
+    i = n / BN_BITS2;
+    j = n % BN_BITS2;
+    if (a->top <= i) {
+        if (bn_wexpand(a, i + 1) == NULL)
+            return 0;
+        for (k = a->top; k < i + 1; k++)
+            a->d[k] = 0;
+        a->top = i + 1;
+        a->flags &= ~BN_FLG_FIXED_TOP;
+    }
+
+    a->d[i] |= (((BN_ULONG)1) << j);
+    bn_check_top(a);
+    return 1;
+}
+
+int BN_clear_bit(BIGNUM *a, int n)
+{
+    int i, j;
+
+    bn_check_top(a);
+    if (n < 0)
+        return 0;
+
+    i = n / BN_BITS2;
+    j = n % BN_BITS2;
+    if (a->top <= i)
+        return 0;
+
+    a->d[i] &= (~(((BN_ULONG)1) << j));
+    bn_correct_top(a);
+    return 1;
+}
+
+int BN_is_bit_set(const BIGNUM *a, int n)
+{
+    int i, j;
+
+    bn_check_top(a);
+    if (n < 0)
+        return 0;
+    i = n / BN_BITS2;
+    j = n % BN_BITS2;
+    if (a->top <= i)
+        return 0;
+    return (int)(((a->d[i]) >> j) & ((BN_ULONG)1));
+}
+
+int BN_mask_bits(BIGNUM *a, int n)
+{
+    int b, w;
+
+    bn_check_top(a);
+    if (n < 0)
+        return 0;
+
+    w = n / BN_BITS2;
+    b = n % BN_BITS2;
+    if (w >= a->top)
+        return 0;
+    if (b == 0)
+        a->top = w;
+    else {
+        a->top = w + 1;
+        a->d[w] &= ~(BN_MASK2 << b);
+    }
+    bn_correct_top(a);
+    return 1;
+}
+
+void BN_set_negative(BIGNUM *a, int b)
+{
+    if (b && !BN_is_zero(a))
+        a->neg = 1;
+    else
+        a->neg = 0;
+}
+
+int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n)
+{
+    int i;
+    BN_ULONG aa, bb;
+
+    if (n == 0)
+        return 0;
+
+    aa = a[n - 1];
+    bb = b[n - 1];
+    if (aa != bb)
+        return ((aa > bb) ? 1 : -1);
+    for (i = n - 2; i >= 0; i--) {
+        aa = a[i];
+        bb = b[i];
+        if (aa != bb)
+            return ((aa > bb) ? 1 : -1);
+    }
+    return 0;
+}
+
+/*
+ * Here follows a specialised variants of bn_cmp_words().  It has the
+ * capability of performing the operation on arrays of different sizes. The
+ * sizes of those arrays is expressed through cl, which is the common length
+ * ( basically, min(len(a),len(b)) ), and dl, which is the delta between the
+ * two lengths, calculated as len(a)-len(b). All lengths are the number of
+ * BN_ULONGs...
+ */
+
+int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, int cl, int dl)
+{
+    int n, i;
+    n = cl - 1;
+
+    if (dl < 0) {
+        for (i = dl; i < 0; i++) {
+            if (b[n - i] != 0)
+                return -1;      /* a < b */
+        }
+    }
+    if (dl > 0) {
+        for (i = dl; i > 0; i--) {
+            if (a[n + i] != 0)
+                return 1;       /* a > b */
+        }
+    }
+    return bn_cmp_words(a, b, cl);
+}
+
+/*-
+ * Constant-time conditional swap of a and b.
+ * a and b are swapped if condition is not 0.
+ * nwords is the number of words to swap.
+ * Assumes that at least nwords are allocated in both a and b.
+ * Assumes that no more than nwords are used by either a or b.
+ */
+void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
+{
+    BN_ULONG t;
+    int i;
+
+    if (a == b)
+        return;
+
+    bn_wcheck_size(a, nwords);
+    bn_wcheck_size(b, nwords);
+
+    condition = ((~condition & ((condition - 1))) >> (BN_BITS2 - 1)) - 1;
+
+    t = (a->top ^ b->top) & condition;
+    a->top ^= t;
+    b->top ^= t;
+
+    t = (a->neg ^ b->neg) & condition;
+    a->neg ^= t;
+    b->neg ^= t;
+
+    /*-
+     * BN_FLG_STATIC_DATA: indicates that data may not be written to. Intention
+     * is actually to treat it as it's read-only data, and some (if not most)
+     * of it does reside in read-only segment. In other words observation of
+     * BN_FLG_STATIC_DATA in BN_consttime_swap should be treated as fatal
+     * condition. It would either cause SEGV or effectively cause data
+     * corruption.
+     *
+     * BN_FLG_MALLOCED: refers to BN structure itself, and hence must be
+     * preserved.
+     *
+     * BN_FLG_SECURE: must be preserved, because it determines how x->d was
+     * allocated and hence how to free it.
+     *
+     * BN_FLG_CONSTTIME: sufficient to mask and swap
+     *
+     * BN_FLG_FIXED_TOP: indicates that we haven't called bn_correct_top() on
+     * the data, so the d array may be padded with additional 0 values (i.e.
+     * top could be greater than the minimal value that it could be). We should
+     * be swapping it
+     */
+
+#define BN_CONSTTIME_SWAP_FLAGS (BN_FLG_CONSTTIME | BN_FLG_FIXED_TOP)
+
+    t = ((a->flags ^ b->flags) & BN_CONSTTIME_SWAP_FLAGS) & condition;
+    a->flags ^= t;
+    b->flags ^= t;
+
+    /* conditionally swap the data */
+    for (i = 0; i < nwords; i++) {
+        t = (a->d[i] ^ b->d[i]) & condition;
+        a->d[i] ^= t;
+        b->d[i] ^= t;
+    }
+}
+
+#undef BN_CONSTTIME_SWAP_FLAGS
+
+/* Bits of security, see SP800-57 */
+
+int BN_security_bits(int L, int N)
+{
+    int secbits, bits;
+    if (L >= 15360)
+        secbits = 256;
+    else if (L >= 7680)
+        secbits = 192;
+    else if (L >= 3072)
+        secbits = 128;
+    else if (L >= 2048)
+        secbits = 112;
+    else if (L >= 1024)
+        secbits = 80;
+    else
+        return 0;
+    if (N == -1)
+        return secbits;
+    bits = N / 2;
+    if (bits < 80)
+        return 0;
+    return bits >= secbits ? secbits : bits;
+}
+
+void BN_zero_ex(BIGNUM *a)
+{
+    a->neg = 0;
+    a->top = 0;
+    a->flags &= ~BN_FLG_FIXED_TOP;
+}
+
+int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w)
+{
+    return ((a->top == 1) && (a->d[0] == w)) || ((w == 0) && (a->top == 0));
+}
+
+int BN_is_zero(const BIGNUM *a)
+{
+    return a->top == 0;
+}
+
+int BN_is_one(const BIGNUM *a)
+{
+    return BN_abs_is_word(a, 1) && !a->neg;
+}
+
+int BN_is_word(const BIGNUM *a, const BN_ULONG w)
+{
+    return BN_abs_is_word(a, w) && (!w || !a->neg);
+}
+
+int BN_is_odd(const BIGNUM *a)
+{
+    return (a->top > 0) && (a->d[0] & 1);
+}
+
+int BN_is_negative(const BIGNUM *a)
+{
+    return (a->neg != 0);
+}
+
+int BN_to_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
+                     BN_CTX *ctx)
+{
+    return BN_mod_mul_montgomery(r, a, &(mont->RR), mont, ctx);
+}
+
+void BN_with_flags(BIGNUM *dest, const BIGNUM *b, int flags)
+{
+    dest->d = b->d;
+    dest->top = b->top;
+    dest->dmax = b->dmax;
+    dest->neg = b->neg;
+    dest->flags = ((dest->flags & BN_FLG_MALLOCED)
+                   | (b->flags & ~BN_FLG_MALLOCED)
+                   | BN_FLG_STATIC_DATA | flags);
+}
+
+BN_GENCB *BN_GENCB_new(void)
+{
+    BN_GENCB *ret;
+
+    if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) {
+        BNerr(BN_F_BN_GENCB_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    return ret;
+}
+
+void BN_GENCB_free(BN_GENCB *cb)
+{
+    if (cb == NULL)
+        return;
+    OPENSSL_free(cb);
+}
+
+void BN_set_flags(BIGNUM *b, int n)
+{
+    b->flags |= n;
+}
+
+int BN_get_flags(const BIGNUM *b, int n)
+{
+    return b->flags & n;
+}
+
+/* Populate a BN_GENCB structure with an "old"-style callback */
+void BN_GENCB_set_old(BN_GENCB *gencb, void (*callback) (int, int, void *),
+                      void *cb_arg)
+{
+    BN_GENCB *tmp_gencb = gencb;
+    tmp_gencb->ver = 1;
+    tmp_gencb->arg = cb_arg;
+    tmp_gencb->cb.cb_1 = callback;
+}
+
+/* Populate a BN_GENCB structure with a "new"-style callback */
+void BN_GENCB_set(BN_GENCB *gencb, int (*callback) (int, int, BN_GENCB *),
+                  void *cb_arg)
+{
+    BN_GENCB *tmp_gencb = gencb;
+    tmp_gencb->ver = 2;
+    tmp_gencb->arg = cb_arg;
+    tmp_gencb->cb.cb_2 = callback;
+}
+
+void *BN_GENCB_get_arg(BN_GENCB *cb)
+{
+    return cb->arg;
+}
+
+BIGNUM *bn_wexpand(BIGNUM *a, int words)
+{
+    return (words <= a->dmax) ? a : bn_expand2(a, words);
+}
+
+void bn_correct_top(BIGNUM *a)
+{
+    BN_ULONG *ftl;
+    int tmp_top = a->top;
+
+    if (tmp_top > 0) {
+        for (ftl = &(a->d[tmp_top]); tmp_top > 0; tmp_top--) {
+            ftl--;
+            if (*ftl != 0)
+                break;
+        }
+        a->top = tmp_top;
+    }
+    if (a->top == 0)
+        a->neg = 0;
+    a->flags &= ~BN_FLG_FIXED_TOP;
+    bn_pollute(a);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_mod.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_mod.c
new file mode 100644
index 000000000..712fc8ac1
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_mod.c
@@ -0,0 +1,321 @@
+/*
+ * Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include "bn_lcl.h"
+
+int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
+{
+    /*
+     * like BN_mod, but returns non-negative remainder (i.e., 0 <= r < |d|
+     * always holds)
+     */
+
+    if (!(BN_mod(r, m, d, ctx)))
+        return 0;
+    if (!r->neg)
+        return 1;
+    /* now   -|d| < r < 0,  so we have to set  r := r + |d| */
+    return (d->neg ? BN_sub : BN_add) (r, r, d);
+}
+
+int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
+               BN_CTX *ctx)
+{
+    if (!BN_add(r, a, b))
+        return 0;
+    return BN_nnmod(r, r, m, ctx);
+}
+
+/*
+ * BN_mod_add variant that may be used if both a and b are non-negative and
+ * less than m. The original algorithm was
+ *
+ *    if (!BN_uadd(r, a, b))
+ *       return 0;
+ *    if (BN_ucmp(r, m) >= 0)
+ *       return BN_usub(r, r, m);
+ *
+ * which is replaced with addition, subtracting modulus, and conditional
+ * move depending on whether or not subtraction borrowed.
+ */
+int bn_mod_add_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                         const BIGNUM *m)
+{
+    size_t i, ai, bi, mtop = m->top;
+    BN_ULONG storage[1024 / BN_BITS2];
+    BN_ULONG carry, temp, mask, *rp, *tp = storage;
+    const BN_ULONG *ap, *bp;
+
+    if (bn_wexpand(r, mtop) == NULL)
+        return 0;
+
+    if (mtop > sizeof(storage) / sizeof(storage[0])
+        && (tp = OPENSSL_malloc(mtop * sizeof(BN_ULONG))) == NULL)
+        return 0;
+
+    ap = a->d != NULL ? a->d : tp;
+    bp = b->d != NULL ? b->d : tp;
+
+    for (i = 0, ai = 0, bi = 0, carry = 0; i < mtop;) {
+        mask = (BN_ULONG)0 - ((i - a->top) >> (8 * sizeof(i) - 1));
+        temp = ((ap[ai] & mask) + carry) & BN_MASK2;
+        carry = (temp < carry);
+
+        mask = (BN_ULONG)0 - ((i - b->top) >> (8 * sizeof(i) - 1));
+        tp[i] = ((bp[bi] & mask) + temp) & BN_MASK2;
+        carry += (tp[i] < temp);
+
+        i++;
+        ai += (i - a->dmax) >> (8 * sizeof(i) - 1);
+        bi += (i - b->dmax) >> (8 * sizeof(i) - 1);
+    }
+    rp = r->d;
+    carry -= bn_sub_words(rp, tp, m->d, mtop);
+    for (i = 0; i < mtop; i++) {
+        rp[i] = (carry & tp[i]) | (~carry & rp[i]);
+        ((volatile BN_ULONG *)tp)[i] = 0;
+    }
+    r->top = mtop;
+    r->flags |= BN_FLG_FIXED_TOP;
+    r->neg = 0;
+
+    if (tp != storage)
+        OPENSSL_free(tp);
+
+    return 1;
+}
+
+int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                     const BIGNUM *m)
+{
+    int ret = bn_mod_add_fixed_top(r, a, b, m);
+
+    if (ret)
+        bn_correct_top(r);
+
+    return ret;
+}
+
+int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
+               BN_CTX *ctx)
+{
+    if (!BN_sub(r, a, b))
+        return 0;
+    return BN_nnmod(r, r, m, ctx);
+}
+
+/*
+ * BN_mod_sub variant that may be used if both a and b are non-negative,
+ * a is less than m, while b is of same bit width as m. It's implemented
+ * as subtraction followed by two conditional additions.
+ *
+ * 0 <= a < m
+ * 0 <= b < 2^w < 2*m
+ *
+ * after subtraction
+ *
+ * -2*m < r = a - b < m
+ *
+ * Thus it takes up to two conditional additions to make |r| positive.
+ */
+int bn_mod_sub_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                         const BIGNUM *m)
+{
+    size_t i, ai, bi, mtop = m->top;
+    BN_ULONG borrow, carry, ta, tb, mask, *rp;
+    const BN_ULONG *ap, *bp;
+
+    if (bn_wexpand(r, mtop) == NULL)
+        return 0;
+
+    rp = r->d;
+    ap = a->d != NULL ? a->d : rp;
+    bp = b->d != NULL ? b->d : rp;
+
+    for (i = 0, ai = 0, bi = 0, borrow = 0; i < mtop;) {
+        mask = (BN_ULONG)0 - ((i - a->top) >> (8 * sizeof(i) - 1));
+        ta = ap[ai] & mask;
+
+        mask = (BN_ULONG)0 - ((i - b->top) >> (8 * sizeof(i) - 1));
+        tb = bp[bi] & mask;
+        rp[i] = ta - tb - borrow;
+        if (ta != tb)
+            borrow = (ta < tb);
+
+        i++;
+        ai += (i - a->dmax) >> (8 * sizeof(i) - 1);
+        bi += (i - b->dmax) >> (8 * sizeof(i) - 1);
+    }
+    ap = m->d;
+    for (i = 0, mask = 0 - borrow, carry = 0; i < mtop; i++) {
+        ta = ((ap[i] & mask) + carry) & BN_MASK2;
+        carry = (ta < carry);
+        rp[i] = (rp[i] + ta) & BN_MASK2;
+        carry += (rp[i] < ta);
+    }
+    borrow -= carry;
+    for (i = 0, mask = 0 - borrow, carry = 0; i < mtop; i++) {
+        ta = ((ap[i] & mask) + carry) & BN_MASK2;
+        carry = (ta < carry);
+        rp[i] = (rp[i] + ta) & BN_MASK2;
+        carry += (rp[i] < ta);
+    }
+
+    r->top = mtop;
+    r->flags |= BN_FLG_FIXED_TOP;
+    r->neg = 0;
+
+    return 1;
+}
+
+/*
+ * BN_mod_sub variant that may be used if both a and b are non-negative and
+ * less than m
+ */
+int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                     const BIGNUM *m)
+{
+    if (!BN_sub(r, a, b))
+        return 0;
+    if (r->neg)
+        return BN_add(r, r, m);
+    return 1;
+}
+
+/* slow but works */
+int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
+               BN_CTX *ctx)
+{
+    BIGNUM *t;
+    int ret = 0;
+
+    bn_check_top(a);
+    bn_check_top(b);
+    bn_check_top(m);
+
+    BN_CTX_start(ctx);
+    if ((t = BN_CTX_get(ctx)) == NULL)
+        goto err;
+    if (a == b) {
+        if (!BN_sqr(t, a, ctx))
+            goto err;
+    } else {
+        if (!BN_mul(t, a, b, ctx))
+            goto err;
+    }
+    if (!BN_nnmod(r, t, m, ctx))
+        goto err;
+    bn_check_top(r);
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
+{
+    if (!BN_sqr(r, a, ctx))
+        return 0;
+    /* r->neg == 0,  thus we don't need BN_nnmod */
+    return BN_mod(r, r, m, ctx);
+}
+
+int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
+{
+    if (!BN_lshift1(r, a))
+        return 0;
+    bn_check_top(r);
+    return BN_nnmod(r, r, m, ctx);
+}
+
+/*
+ * BN_mod_lshift1 variant that may be used if a is non-negative and less than
+ * m
+ */
+int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m)
+{
+    if (!BN_lshift1(r, a))
+        return 0;
+    bn_check_top(r);
+    if (BN_cmp(r, m) >= 0)
+        return BN_sub(r, r, m);
+    return 1;
+}
+
+int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m,
+                  BN_CTX *ctx)
+{
+    BIGNUM *abs_m = NULL;
+    int ret;
+
+    if (!BN_nnmod(r, a, m, ctx))
+        return 0;
+
+    if (m->neg) {
+        abs_m = BN_dup(m);
+        if (abs_m == NULL)
+            return 0;
+        abs_m->neg = 0;
+    }
+
+    ret = BN_mod_lshift_quick(r, r, n, (abs_m ? abs_m : m));
+    bn_check_top(r);
+
+    BN_free(abs_m);
+    return ret;
+}
+
+/*
+ * BN_mod_lshift variant that may be used if a is non-negative and less than
+ * m
+ */
+int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m)
+{
+    if (r != a) {
+        if (BN_copy(r, a) == NULL)
+            return 0;
+    }
+
+    while (n > 0) {
+        int max_shift;
+
+        /* 0 < r < m */
+        max_shift = BN_num_bits(m) - BN_num_bits(r);
+        /* max_shift >= 0 */
+
+        if (max_shift < 0) {
+            BNerr(BN_F_BN_MOD_LSHIFT_QUICK, BN_R_INPUT_NOT_REDUCED);
+            return 0;
+        }
+
+        if (max_shift > n)
+            max_shift = n;
+
+        if (max_shift) {
+            if (!BN_lshift(r, r, max_shift))
+                return 0;
+            n -= max_shift;
+        } else {
+            if (!BN_lshift1(r, r))
+                return 0;
+            --n;
+        }
+
+        /* BN_num_bits(r) <= BN_num_bits(m) */
+
+        if (BN_cmp(r, m) >= 0) {
+            if (!BN_sub(r, r, m))
+                return 0;
+        }
+    }
+    bn_check_top(r);
+
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_mont.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_mont.c
new file mode 100644
index 000000000..393d27c39
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_mont.c
@@ -0,0 +1,464 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Details about Montgomery multiplication algorithms can be found at
+ * http://security.ece.orst.edu/publications.html, e.g.
+ * http://security.ece.orst.edu/koc/papers/j37acmon.pdf and
+ * sections 3.8 and 4.2 in http://security.ece.orst.edu/koc/papers/r01rsasw.pdf
+ */
+
+#include "internal/cryptlib.h"
+#include "bn_lcl.h"
+
+#define MONT_WORD               /* use the faster word-based algorithm */
+
+#ifdef MONT_WORD
+static int bn_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont);
+#endif
+
+int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                          BN_MONT_CTX *mont, BN_CTX *ctx)
+{
+    int ret = bn_mul_mont_fixed_top(r, a, b, mont, ctx);
+
+    bn_correct_top(r);
+    bn_check_top(r);
+
+    return ret;
+}
+
+int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                          BN_MONT_CTX *mont, BN_CTX *ctx)
+{
+    BIGNUM *tmp;
+    int ret = 0;
+    int num = mont->N.top;
+
+#if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD)
+    if (num > 1 && a->top == num && b->top == num) {
+        if (bn_wexpand(r, num) == NULL)
+            return 0;
+        if (bn_mul_mont(r->d, a->d, b->d, mont->N.d, mont->n0, num)) {
+            r->neg = a->neg ^ b->neg;
+            r->top = num;
+            r->flags |= BN_FLG_FIXED_TOP;
+            return 1;
+        }
+    }
+#endif
+
+    if ((a->top + b->top) > 2 * num)
+        return 0;
+
+    BN_CTX_start(ctx);
+    tmp = BN_CTX_get(ctx);
+    if (tmp == NULL)
+        goto err;
+
+    bn_check_top(tmp);
+    if (a == b) {
+        if (!bn_sqr_fixed_top(tmp, a, ctx))
+            goto err;
+    } else {
+        if (!bn_mul_fixed_top(tmp, a, b, ctx))
+            goto err;
+    }
+    /* reduce from aRR to aR */
+#ifdef MONT_WORD
+    if (!bn_from_montgomery_word(r, tmp, mont))
+        goto err;
+#else
+    if (!BN_from_montgomery(r, tmp, mont, ctx))
+        goto err;
+#endif
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+#ifdef MONT_WORD
+static int bn_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
+{
+    BIGNUM *n;
+    BN_ULONG *ap, *np, *rp, n0, v, carry;
+    int nl, max, i;
+    unsigned int rtop;
+
+    n = &(mont->N);
+    nl = n->top;
+    if (nl == 0) {
+        ret->top = 0;
+        return 1;
+    }
+
+    max = (2 * nl);             /* carry is stored separately */
+    if (bn_wexpand(r, max) == NULL)
+        return 0;
+
+    r->neg ^= n->neg;
+    np = n->d;
+    rp = r->d;
+
+    /* clear the top words of T */
+    for (rtop = r->top, i = 0; i < max; i++) {
+        v = (BN_ULONG)0 - ((i - rtop) >> (8 * sizeof(rtop) - 1));
+        rp[i] &= v;
+    }
+
+    r->top = max;
+    r->flags |= BN_FLG_FIXED_TOP;
+    n0 = mont->n0[0];
+
+    /*
+     * Add multiples of |n| to |r| until R = 2^(nl * BN_BITS2) divides it. On
+     * input, we had |r| < |n| * R, so now |r| < 2 * |n| * R. Note that |r|
+     * includes |carry| which is stored separately.
+     */
+    for (carry = 0, i = 0; i < nl; i++, rp++) {
+        v = bn_mul_add_words(rp, np, nl, (rp[0] * n0) & BN_MASK2);
+        v = (v + carry + rp[nl]) & BN_MASK2;
+        carry |= (v != rp[nl]);
+        carry &= (v <= rp[nl]);
+        rp[nl] = v;
+    }
+
+    if (bn_wexpand(ret, nl) == NULL)
+        return 0;
+    ret->top = nl;
+    ret->flags |= BN_FLG_FIXED_TOP;
+    ret->neg = r->neg;
+
+    rp = ret->d;
+
+    /*
+     * Shift |nl| words to divide by R. We have |ap| < 2 * |n|. Note that |ap|
+     * includes |carry| which is stored separately.
+     */
+    ap = &(r->d[nl]);
+
+    carry -= bn_sub_words(rp, ap, np, nl);
+    /*
+     * |carry| is -1 if |ap| - |np| underflowed or zero if it did not. Note
+     * |carry| cannot be 1. That would imply the subtraction did not fit in
+     * |nl| words, and we know at most one subtraction is needed.
+     */
+    for (i = 0; i < nl; i++) {
+        rp[i] = (carry & ap[i]) | (~carry & rp[i]);
+        ap[i] = 0;
+    }
+
+    return 1;
+}
+#endif                          /* MONT_WORD */
+
+int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
+                       BN_CTX *ctx)
+{
+    int retn;
+
+    retn = bn_from_mont_fixed_top(ret, a, mont, ctx);
+    bn_correct_top(ret);
+    bn_check_top(ret);
+
+    return retn;
+}
+
+int bn_from_mont_fixed_top(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
+                           BN_CTX *ctx)
+{
+    int retn = 0;
+#ifdef MONT_WORD
+    BIGNUM *t;
+
+    BN_CTX_start(ctx);
+    if ((t = BN_CTX_get(ctx)) && BN_copy(t, a)) {
+        retn = bn_from_montgomery_word(ret, t, mont);
+    }
+    BN_CTX_end(ctx);
+#else                           /* !MONT_WORD */
+    BIGNUM *t1, *t2;
+
+    BN_CTX_start(ctx);
+    t1 = BN_CTX_get(ctx);
+    t2 = BN_CTX_get(ctx);
+    if (t2 == NULL)
+        goto err;
+
+    if (!BN_copy(t1, a))
+        goto err;
+    BN_mask_bits(t1, mont->ri);
+
+    if (!BN_mul(t2, t1, &mont->Ni, ctx))
+        goto err;
+    BN_mask_bits(t2, mont->ri);
+
+    if (!BN_mul(t1, t2, &mont->N, ctx))
+        goto err;
+    if (!BN_add(t2, a, t1))
+        goto err;
+    if (!BN_rshift(ret, t2, mont->ri))
+        goto err;
+
+    if (BN_ucmp(ret, &(mont->N)) >= 0) {
+        if (!BN_usub(ret, ret, &(mont->N)))
+            goto err;
+    }
+    retn = 1;
+    bn_check_top(ret);
+ err:
+    BN_CTX_end(ctx);
+#endif                          /* MONT_WORD */
+    return retn;
+}
+
+int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
+                         BN_CTX *ctx)
+{
+    return bn_mul_mont_fixed_top(r, a, &(mont->RR), mont, ctx);
+}
+
+BN_MONT_CTX *BN_MONT_CTX_new(void)
+{
+    BN_MONT_CTX *ret;
+
+    if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) {
+        BNerr(BN_F_BN_MONT_CTX_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    BN_MONT_CTX_init(ret);
+    ret->flags = BN_FLG_MALLOCED;
+    return ret;
+}
+
+void BN_MONT_CTX_init(BN_MONT_CTX *ctx)
+{
+    ctx->ri = 0;
+    bn_init(&ctx->RR);
+    bn_init(&ctx->N);
+    bn_init(&ctx->Ni);
+    ctx->n0[0] = ctx->n0[1] = 0;
+    ctx->flags = 0;
+}
+
+void BN_MONT_CTX_free(BN_MONT_CTX *mont)
+{
+    if (mont == NULL)
+        return;
+    BN_clear_free(&mont->RR);
+    BN_clear_free(&mont->N);
+    BN_clear_free(&mont->Ni);
+    if (mont->flags & BN_FLG_MALLOCED)
+        OPENSSL_free(mont);
+}
+
+int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
+{
+    int i, ret = 0;
+    BIGNUM *Ri, *R;
+
+    if (BN_is_zero(mod))
+        return 0;
+
+    BN_CTX_start(ctx);
+    if ((Ri = BN_CTX_get(ctx)) == NULL)
+        goto err;
+    R = &(mont->RR);            /* grab RR as a temp */
+    if (!BN_copy(&(mont->N), mod))
+        goto err;               /* Set N */
+    if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
+        BN_set_flags(&(mont->N), BN_FLG_CONSTTIME);
+    mont->N.neg = 0;
+
+#ifdef MONT_WORD
+    {
+        BIGNUM tmod;
+        BN_ULONG buf[2];
+
+        bn_init(&tmod);
+        tmod.d = buf;
+        tmod.dmax = 2;
+        tmod.neg = 0;
+
+        if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
+            BN_set_flags(&tmod, BN_FLG_CONSTTIME);
+
+        mont->ri = (BN_num_bits(mod) + (BN_BITS2 - 1)) / BN_BITS2 * BN_BITS2;
+
+# if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)
+        /*
+         * Only certain BN_BITS2<=32 platforms actually make use of n0[1],
+         * and we could use the #else case (with a shorter R value) for the
+         * others.  However, currently only the assembler files do know which
+         * is which.
+         */
+
+        BN_zero(R);
+        if (!(BN_set_bit(R, 2 * BN_BITS2)))
+            goto err;
+
+        tmod.top = 0;
+        if ((buf[0] = mod->d[0]))
+            tmod.top = 1;
+        if ((buf[1] = mod->top > 1 ? mod->d[1] : 0))
+            tmod.top = 2;
+
+        if (BN_is_one(&tmod))
+            BN_zero(Ri);
+        else if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL)
+            goto err;
+        if (!BN_lshift(Ri, Ri, 2 * BN_BITS2))
+            goto err;           /* R*Ri */
+        if (!BN_is_zero(Ri)) {
+            if (!BN_sub_word(Ri, 1))
+                goto err;
+        } else {                /* if N mod word size == 1 */
+
+            if (bn_expand(Ri, (int)sizeof(BN_ULONG) * 2) == NULL)
+                goto err;
+            /* Ri-- (mod double word size) */
+            Ri->neg = 0;
+            Ri->d[0] = BN_MASK2;
+            Ri->d[1] = BN_MASK2;
+            Ri->top = 2;
+        }
+        if (!BN_div(Ri, NULL, Ri, &tmod, ctx))
+            goto err;
+        /*
+         * Ni = (R*Ri-1)/N, keep only couple of least significant words:
+         */
+        mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0;
+        mont->n0[1] = (Ri->top > 1) ? Ri->d[1] : 0;
+# else
+        BN_zero(R);
+        if (!(BN_set_bit(R, BN_BITS2)))
+            goto err;           /* R */
+
+        buf[0] = mod->d[0];     /* tmod = N mod word size */
+        buf[1] = 0;
+        tmod.top = buf[0] != 0 ? 1 : 0;
+        /* Ri = R^-1 mod N */
+        if (BN_is_one(&tmod))
+            BN_zero(Ri);
+        else if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL)
+            goto err;
+        if (!BN_lshift(Ri, Ri, BN_BITS2))
+            goto err;           /* R*Ri */
+        if (!BN_is_zero(Ri)) {
+            if (!BN_sub_word(Ri, 1))
+                goto err;
+        } else {                /* if N mod word size == 1 */
+
+            if (!BN_set_word(Ri, BN_MASK2))
+                goto err;       /* Ri-- (mod word size) */
+        }
+        if (!BN_div(Ri, NULL, Ri, &tmod, ctx))
+            goto err;
+        /*
+         * Ni = (R*Ri-1)/N, keep only least significant word:
+         */
+        mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0;
+        mont->n0[1] = 0;
+# endif
+    }
+#else                           /* !MONT_WORD */
+    {                           /* bignum version */
+        mont->ri = BN_num_bits(&mont->N);
+        BN_zero(R);
+        if (!BN_set_bit(R, mont->ri))
+            goto err;           /* R = 2^ri */
+        /* Ri = R^-1 mod N */
+        if ((BN_mod_inverse(Ri, R, &mont->N, ctx)) == NULL)
+            goto err;
+        if (!BN_lshift(Ri, Ri, mont->ri))
+            goto err;           /* R*Ri */
+        if (!BN_sub_word(Ri, 1))
+            goto err;
+        /*
+         * Ni = (R*Ri-1) / N
+         */
+        if (!BN_div(&(mont->Ni), NULL, Ri, &mont->N, ctx))
+            goto err;
+    }
+#endif
+
+    /* setup RR for conversions */
+    BN_zero(&(mont->RR));
+    if (!BN_set_bit(&(mont->RR), mont->ri * 2))
+        goto err;
+    if (!BN_mod(&(mont->RR), &(mont->RR), &(mont->N), ctx))
+        goto err;
+
+    for (i = mont->RR.top, ret = mont->N.top; i < ret; i++)
+        mont->RR.d[i] = 0;
+    mont->RR.top = ret;
+    mont->RR.flags |= BN_FLG_FIXED_TOP;
+
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from)
+{
+    if (to == from)
+        return to;
+
+    if (!BN_copy(&(to->RR), &(from->RR)))
+        return NULL;
+    if (!BN_copy(&(to->N), &(from->N)))
+        return NULL;
+    if (!BN_copy(&(to->Ni), &(from->Ni)))
+        return NULL;
+    to->ri = from->ri;
+    to->n0[0] = from->n0[0];
+    to->n0[1] = from->n0[1];
+    return to;
+}
+
+BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_RWLOCK *lock,
+                                    const BIGNUM *mod, BN_CTX *ctx)
+{
+    BN_MONT_CTX *ret;
+
+    CRYPTO_THREAD_read_lock(lock);
+    ret = *pmont;
+    CRYPTO_THREAD_unlock(lock);
+    if (ret)
+        return ret;
+
+    /*
+     * We don't want to serialise globally while doing our lazy-init math in
+     * BN_MONT_CTX_set. That punishes threads that are doing independent
+     * things. Instead, punish the case where more than one thread tries to
+     * lazy-init the same 'pmont', by having each do the lazy-init math work
+     * independently and only use the one from the thread that wins the race
+     * (the losers throw away the work they've done).
+     */
+    ret = BN_MONT_CTX_new();
+    if (ret == NULL)
+        return NULL;
+    if (!BN_MONT_CTX_set(ret, mod, ctx)) {
+        BN_MONT_CTX_free(ret);
+        return NULL;
+    }
+
+    /* The locked compare-and-set, after the local work is done. */
+    CRYPTO_THREAD_write_lock(lock);
+    if (*pmont) {
+        BN_MONT_CTX_free(ret);
+        ret = *pmont;
+    } else
+        *pmont = ret;
+    CRYPTO_THREAD_unlock(lock);
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_mpi.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_mpi.c
new file mode 100644
index 000000000..043e21d26
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_mpi.c
@@ -0,0 +1,86 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "bn_lcl.h"
+
+int BN_bn2mpi(const BIGNUM *a, unsigned char *d)
+{
+    int bits;
+    int num = 0;
+    int ext = 0;
+    long l;
+
+    bits = BN_num_bits(a);
+    num = (bits + 7) / 8;
+    if (bits > 0) {
+        ext = ((bits & 0x07) == 0);
+    }
+    if (d == NULL)
+        return (num + 4 + ext);
+
+    l = num + ext;
+    d[0] = (unsigned char)(l >> 24) & 0xff;
+    d[1] = (unsigned char)(l >> 16) & 0xff;
+    d[2] = (unsigned char)(l >> 8) & 0xff;
+    d[3] = (unsigned char)(l) & 0xff;
+    if (ext)
+        d[4] = 0;
+    num = BN_bn2bin(a, &(d[4 + ext]));
+    if (a->neg)
+        d[4] |= 0x80;
+    return (num + 4 + ext);
+}
+
+BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *ain)
+{
+    long len;
+    int neg = 0;
+    BIGNUM *a = NULL;
+
+    if (n < 4) {
+        BNerr(BN_F_BN_MPI2BN, BN_R_INVALID_LENGTH);
+        return NULL;
+    }
+    len = ((long)d[0] << 24) | ((long)d[1] << 16) | ((int)d[2] << 8) | (int)
+        d[3];
+    if ((len + 4) != n) {
+        BNerr(BN_F_BN_MPI2BN, BN_R_ENCODING_ERROR);
+        return NULL;
+    }
+
+    if (ain == NULL)
+        a = BN_new();
+    else
+        a = ain;
+
+    if (a == NULL)
+        return NULL;
+
+    if (len == 0) {
+        a->neg = 0;
+        a->top = 0;
+        return a;
+    }
+    d += 4;
+    if ((*d) & 0x80)
+        neg = 1;
+    if (BN_bin2bn(d, (int)len, a) == NULL) {
+        if (ain == NULL)
+            BN_free(a);
+        return NULL;
+    }
+    a->neg = neg;
+    if (neg) {
+        BN_clear_bit(a, BN_num_bits(a) - 1);
+    }
+    bn_check_top(a);
+    return a;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_mul.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_mul.c
new file mode 100644
index 000000000..5eda65cfb
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_mul.c
@@ -0,0 +1,684 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <assert.h>
+#include "internal/cryptlib.h"
+#include "bn_lcl.h"
+
+#if defined(OPENSSL_NO_ASM) || !defined(OPENSSL_BN_ASM_PART_WORDS)
+/*
+ * Here follows specialised variants of bn_add_words() and bn_sub_words().
+ * They have the property performing operations on arrays of different sizes.
+ * The sizes of those arrays is expressed through cl, which is the common
+ * length ( basically, min(len(a),len(b)) ), and dl, which is the delta
+ * between the two lengths, calculated as len(a)-len(b). All lengths are the
+ * number of BN_ULONGs...  For the operations that require a result array as
+ * parameter, it must have the length cl+abs(dl). These functions should
+ * probably end up in bn_asm.c as soon as there are assembler counterparts
+ * for the systems that use assembler files.
+ */
+
+BN_ULONG bn_sub_part_words(BN_ULONG *r,
+                           const BN_ULONG *a, const BN_ULONG *b,
+                           int cl, int dl)
+{
+    BN_ULONG c, t;
+
+    assert(cl >= 0);
+    c = bn_sub_words(r, a, b, cl);
+
+    if (dl == 0)
+        return c;
+
+    r += cl;
+    a += cl;
+    b += cl;
+
+    if (dl < 0) {
+        for (;;) {
+            t = b[0];
+            r[0] = (0 - t - c) & BN_MASK2;
+            if (t != 0)
+                c = 1;
+            if (++dl >= 0)
+                break;
+
+            t = b[1];
+            r[1] = (0 - t - c) & BN_MASK2;
+            if (t != 0)
+                c = 1;
+            if (++dl >= 0)
+                break;
+
+            t = b[2];
+            r[2] = (0 - t - c) & BN_MASK2;
+            if (t != 0)
+                c = 1;
+            if (++dl >= 0)
+                break;
+
+            t = b[3];
+            r[3] = (0 - t - c) & BN_MASK2;
+            if (t != 0)
+                c = 1;
+            if (++dl >= 0)
+                break;
+
+            b += 4;
+            r += 4;
+        }
+    } else {
+        int save_dl = dl;
+        while (c) {
+            t = a[0];
+            r[0] = (t - c) & BN_MASK2;
+            if (t != 0)
+                c = 0;
+            if (--dl <= 0)
+                break;
+
+            t = a[1];
+            r[1] = (t - c) & BN_MASK2;
+            if (t != 0)
+                c = 0;
+            if (--dl <= 0)
+                break;
+
+            t = a[2];
+            r[2] = (t - c) & BN_MASK2;
+            if (t != 0)
+                c = 0;
+            if (--dl <= 0)
+                break;
+
+            t = a[3];
+            r[3] = (t - c) & BN_MASK2;
+            if (t != 0)
+                c = 0;
+            if (--dl <= 0)
+                break;
+
+            save_dl = dl;
+            a += 4;
+            r += 4;
+        }
+        if (dl > 0) {
+            if (save_dl > dl) {
+                switch (save_dl - dl) {
+                case 1:
+                    r[1] = a[1];
+                    if (--dl <= 0)
+                        break;
+                    /* fall thru */
+                case 2:
+                    r[2] = a[2];
+                    if (--dl <= 0)
+                        break;
+                    /* fall thru */
+                case 3:
+                    r[3] = a[3];
+                    if (--dl <= 0)
+                        break;
+                }
+                a += 4;
+                r += 4;
+            }
+        }
+        if (dl > 0) {
+            for (;;) {
+                r[0] = a[0];
+                if (--dl <= 0)
+                    break;
+                r[1] = a[1];
+                if (--dl <= 0)
+                    break;
+                r[2] = a[2];
+                if (--dl <= 0)
+                    break;
+                r[3] = a[3];
+                if (--dl <= 0)
+                    break;
+
+                a += 4;
+                r += 4;
+            }
+        }
+    }
+    return c;
+}
+#endif
+
+#ifdef BN_RECURSION
+/*
+ * Karatsuba recursive multiplication algorithm (cf. Knuth, The Art of
+ * Computer Programming, Vol. 2)
+ */
+
+/*-
+ * r is 2*n2 words in size,
+ * a and b are both n2 words in size.
+ * n2 must be a power of 2.
+ * We multiply and return the result.
+ * t must be 2*n2 words in size
+ * We calculate
+ * a[0]*b[0]
+ * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
+ * a[1]*b[1]
+ */
+/* dnX may not be positive, but n2/2+dnX has to be */
+void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
+                      int dna, int dnb, BN_ULONG *t)
+{
+    int n = n2 / 2, c1, c2;
+    int tna = n + dna, tnb = n + dnb;
+    unsigned int neg, zero;
+    BN_ULONG ln, lo, *p;
+
+# ifdef BN_MUL_COMBA
+#  if 0
+    if (n2 == 4) {
+        bn_mul_comba4(r, a, b);
+        return;
+    }
+#  endif
+    /*
+     * Only call bn_mul_comba 8 if n2 == 8 and the two arrays are complete
+     * [steve]
+     */
+    if (n2 == 8 && dna == 0 && dnb == 0) {
+        bn_mul_comba8(r, a, b);
+        return;
+    }
+# endif                         /* BN_MUL_COMBA */
+    /* Else do normal multiply */
+    if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL) {
+        bn_mul_normal(r, a, n2 + dna, b, n2 + dnb);
+        if ((dna + dnb) < 0)
+            memset(&r[2 * n2 + dna + dnb], 0,
+                   sizeof(BN_ULONG) * -(dna + dnb));
+        return;
+    }
+    /* r=(a[0]-a[1])*(b[1]-b[0]) */
+    c1 = bn_cmp_part_words(a, &(a[n]), tna, n - tna);
+    c2 = bn_cmp_part_words(&(b[n]), b, tnb, tnb - n);
+    zero = neg = 0;
+    switch (c1 * 3 + c2) {
+    case -4:
+        bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */
+        bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */
+        break;
+    case -3:
+        zero = 1;
+        break;
+    case -2:
+        bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */
+        bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n); /* + */
+        neg = 1;
+        break;
+    case -1:
+    case 0:
+    case 1:
+        zero = 1;
+        break;
+    case 2:
+        bn_sub_part_words(t, a, &(a[n]), tna, n - tna); /* + */
+        bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */
+        neg = 1;
+        break;
+    case 3:
+        zero = 1;
+        break;
+    case 4:
+        bn_sub_part_words(t, a, &(a[n]), tna, n - tna);
+        bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n);
+        break;
+    }
+
+# ifdef BN_MUL_COMBA
+    if (n == 4 && dna == 0 && dnb == 0) { /* XXX: bn_mul_comba4 could take
+                                           * extra args to do this well */
+        if (!zero)
+            bn_mul_comba4(&(t[n2]), t, &(t[n]));
+        else
+            memset(&t[n2], 0, sizeof(*t) * 8);
+
+        bn_mul_comba4(r, a, b);
+        bn_mul_comba4(&(r[n2]), &(a[n]), &(b[n]));
+    } else if (n == 8 && dna == 0 && dnb == 0) { /* XXX: bn_mul_comba8 could
+                                                  * take extra args to do
+                                                  * this well */
+        if (!zero)
+            bn_mul_comba8(&(t[n2]), t, &(t[n]));
+        else
+            memset(&t[n2], 0, sizeof(*t) * 16);
+
+        bn_mul_comba8(r, a, b);
+        bn_mul_comba8(&(r[n2]), &(a[n]), &(b[n]));
+    } else
+# endif                         /* BN_MUL_COMBA */
+    {
+        p = &(t[n2 * 2]);
+        if (!zero)
+            bn_mul_recursive(&(t[n2]), t, &(t[n]), n, 0, 0, p);
+        else
+            memset(&t[n2], 0, sizeof(*t) * n2);
+        bn_mul_recursive(r, a, b, n, 0, 0, p);
+        bn_mul_recursive(&(r[n2]), &(a[n]), &(b[n]), n, dna, dnb, p);
+    }
+
+    /*-
+     * t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
+     * r[10] holds (a[0]*b[0])
+     * r[32] holds (b[1]*b[1])
+     */
+
+    c1 = (int)(bn_add_words(t, r, &(r[n2]), n2));
+
+    if (neg) {                  /* if t[32] is negative */
+        c1 -= (int)(bn_sub_words(&(t[n2]), t, &(t[n2]), n2));
+    } else {
+        /* Might have a carry */
+        c1 += (int)(bn_add_words(&(t[n2]), &(t[n2]), t, n2));
+    }
+
+    /*-
+     * t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
+     * r[10] holds (a[0]*b[0])
+     * r[32] holds (b[1]*b[1])
+     * c1 holds the carry bits
+     */
+    c1 += (int)(bn_add_words(&(r[n]), &(r[n]), &(t[n2]), n2));
+    if (c1) {
+        p = &(r[n + n2]);
+        lo = *p;
+        ln = (lo + c1) & BN_MASK2;
+        *p = ln;
+
+        /*
+         * The overflow will stop before we over write words we should not
+         * overwrite
+         */
+        if (ln < (BN_ULONG)c1) {
+            do {
+                p++;
+                lo = *p;
+                ln = (lo + 1) & BN_MASK2;
+                *p = ln;
+            } while (ln == 0);
+        }
+    }
+}
+
+/*
+ * n+tn is the word length t needs to be n*4 is size, as does r
+ */
+/* tnX may not be negative but less than n */
+void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
+                           int tna, int tnb, BN_ULONG *t)
+{
+    int i, j, n2 = n * 2;
+    int c1, c2, neg;
+    BN_ULONG ln, lo, *p;
+
+    if (n < 8) {
+        bn_mul_normal(r, a, n + tna, b, n + tnb);
+        return;
+    }
+
+    /* r=(a[0]-a[1])*(b[1]-b[0]) */
+    c1 = bn_cmp_part_words(a, &(a[n]), tna, n - tna);
+    c2 = bn_cmp_part_words(&(b[n]), b, tnb, tnb - n);
+    neg = 0;
+    switch (c1 * 3 + c2) {
+    case -4:
+        bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */
+        bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */
+        break;
+    case -3:
+    case -2:
+        bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */
+        bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n); /* + */
+        neg = 1;
+        break;
+    case -1:
+    case 0:
+    case 1:
+    case 2:
+        bn_sub_part_words(t, a, &(a[n]), tna, n - tna); /* + */
+        bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */
+        neg = 1;
+        break;
+    case 3:
+    case 4:
+        bn_sub_part_words(t, a, &(a[n]), tna, n - tna);
+        bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n);
+        break;
+    }
+    /*
+     * The zero case isn't yet implemented here. The speedup would probably
+     * be negligible.
+     */
+# if 0
+    if (n == 4) {
+        bn_mul_comba4(&(t[n2]), t, &(t[n]));
+        bn_mul_comba4(r, a, b);
+        bn_mul_normal(&(r[n2]), &(a[n]), tn, &(b[n]), tn);
+        memset(&r[n2 + tn * 2], 0, sizeof(*r) * (n2 - tn * 2));
+    } else
+# endif
+    if (n == 8) {
+        bn_mul_comba8(&(t[n2]), t, &(t[n]));
+        bn_mul_comba8(r, a, b);
+        bn_mul_normal(&(r[n2]), &(a[n]), tna, &(b[n]), tnb);
+        memset(&r[n2 + tna + tnb], 0, sizeof(*r) * (n2 - tna - tnb));
+    } else {
+        p = &(t[n2 * 2]);
+        bn_mul_recursive(&(t[n2]), t, &(t[n]), n, 0, 0, p);
+        bn_mul_recursive(r, a, b, n, 0, 0, p);
+        i = n / 2;
+        /*
+         * If there is only a bottom half to the number, just do it
+         */
+        if (tna > tnb)
+            j = tna - i;
+        else
+            j = tnb - i;
+        if (j == 0) {
+            bn_mul_recursive(&(r[n2]), &(a[n]), &(b[n]),
+                             i, tna - i, tnb - i, p);
+            memset(&r[n2 + i * 2], 0, sizeof(*r) * (n2 - i * 2));
+        } else if (j > 0) {     /* eg, n == 16, i == 8 and tn == 11 */
+            bn_mul_part_recursive(&(r[n2]), &(a[n]), &(b[n]),
+                                  i, tna - i, tnb - i, p);
+            memset(&(r[n2 + tna + tnb]), 0,
+                   sizeof(BN_ULONG) * (n2 - tna - tnb));
+        } else {                /* (j < 0) eg, n == 16, i == 8 and tn == 5 */
+
+            memset(&r[n2], 0, sizeof(*r) * n2);
+            if (tna < BN_MUL_RECURSIVE_SIZE_NORMAL
+                && tnb < BN_MUL_RECURSIVE_SIZE_NORMAL) {
+                bn_mul_normal(&(r[n2]), &(a[n]), tna, &(b[n]), tnb);
+            } else {
+                for (;;) {
+                    i /= 2;
+                    /*
+                     * these simplified conditions work exclusively because
+                     * difference between tna and tnb is 1 or 0
+                     */
+                    if (i < tna || i < tnb) {
+                        bn_mul_part_recursive(&(r[n2]),
+                                              &(a[n]), &(b[n]),
+                                              i, tna - i, tnb - i, p);
+                        break;
+                    } else if (i == tna || i == tnb) {
+                        bn_mul_recursive(&(r[n2]),
+                                         &(a[n]), &(b[n]),
+                                         i, tna - i, tnb - i, p);
+                        break;
+                    }
+                }
+            }
+        }
+    }
+
+    /*-
+     * t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
+     * r[10] holds (a[0]*b[0])
+     * r[32] holds (b[1]*b[1])
+     */
+
+    c1 = (int)(bn_add_words(t, r, &(r[n2]), n2));
+
+    if (neg) {                  /* if t[32] is negative */
+        c1 -= (int)(bn_sub_words(&(t[n2]), t, &(t[n2]), n2));
+    } else {
+        /* Might have a carry */
+        c1 += (int)(bn_add_words(&(t[n2]), &(t[n2]), t, n2));
+    }
+
+    /*-
+     * t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
+     * r[10] holds (a[0]*b[0])
+     * r[32] holds (b[1]*b[1])
+     * c1 holds the carry bits
+     */
+    c1 += (int)(bn_add_words(&(r[n]), &(r[n]), &(t[n2]), n2));
+    if (c1) {
+        p = &(r[n + n2]);
+        lo = *p;
+        ln = (lo + c1) & BN_MASK2;
+        *p = ln;
+
+        /*
+         * The overflow will stop before we over write words we should not
+         * overwrite
+         */
+        if (ln < (BN_ULONG)c1) {
+            do {
+                p++;
+                lo = *p;
+                ln = (lo + 1) & BN_MASK2;
+                *p = ln;
+            } while (ln == 0);
+        }
+    }
+}
+
+/*-
+ * a and b must be the same size, which is n2.
+ * r needs to be n2 words and t needs to be n2*2
+ */
+void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
+                          BN_ULONG *t)
+{
+    int n = n2 / 2;
+
+    bn_mul_recursive(r, a, b, n, 0, 0, &(t[0]));
+    if (n >= BN_MUL_LOW_RECURSIVE_SIZE_NORMAL) {
+        bn_mul_low_recursive(&(t[0]), &(a[0]), &(b[n]), n, &(t[n2]));
+        bn_add_words(&(r[n]), &(r[n]), &(t[0]), n);
+        bn_mul_low_recursive(&(t[0]), &(a[n]), &(b[0]), n, &(t[n2]));
+        bn_add_words(&(r[n]), &(r[n]), &(t[0]), n);
+    } else {
+        bn_mul_low_normal(&(t[0]), &(a[0]), &(b[n]), n);
+        bn_mul_low_normal(&(t[n]), &(a[n]), &(b[0]), n);
+        bn_add_words(&(r[n]), &(r[n]), &(t[0]), n);
+        bn_add_words(&(r[n]), &(r[n]), &(t[n]), n);
+    }
+}
+#endif                          /* BN_RECURSION */
+
+int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+{
+    int ret = bn_mul_fixed_top(r, a, b, ctx);
+
+    bn_correct_top(r);
+    bn_check_top(r);
+
+    return ret;
+}
+
+int bn_mul_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+{
+    int ret = 0;
+    int top, al, bl;
+    BIGNUM *rr;
+#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
+    int i;
+#endif
+#ifdef BN_RECURSION
+    BIGNUM *t = NULL;
+    int j = 0, k;
+#endif
+
+    bn_check_top(a);
+    bn_check_top(b);
+    bn_check_top(r);
+
+    al = a->top;
+    bl = b->top;
+
+    if ((al == 0) || (bl == 0)) {
+        BN_zero(r);
+        return 1;
+    }
+    top = al + bl;
+
+    BN_CTX_start(ctx);
+    if ((r == a) || (r == b)) {
+        if ((rr = BN_CTX_get(ctx)) == NULL)
+            goto err;
+    } else
+        rr = r;
+
+#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
+    i = al - bl;
+#endif
+#ifdef BN_MUL_COMBA
+    if (i == 0) {
+# if 0
+        if (al == 4) {
+            if (bn_wexpand(rr, 8) == NULL)
+                goto err;
+            rr->top = 8;
+            bn_mul_comba4(rr->d, a->d, b->d);
+            goto end;
+        }
+# endif
+        if (al == 8) {
+            if (bn_wexpand(rr, 16) == NULL)
+                goto err;
+            rr->top = 16;
+            bn_mul_comba8(rr->d, a->d, b->d);
+            goto end;
+        }
+    }
+#endif                          /* BN_MUL_COMBA */
+#ifdef BN_RECURSION
+    if ((al >= BN_MULL_SIZE_NORMAL) && (bl >= BN_MULL_SIZE_NORMAL)) {
+        if (i >= -1 && i <= 1) {
+            /*
+             * Find out the power of two lower or equal to the longest of the
+             * two numbers
+             */
+            if (i >= 0) {
+                j = BN_num_bits_word((BN_ULONG)al);
+            }
+            if (i == -1) {
+                j = BN_num_bits_word((BN_ULONG)bl);
+            }
+            j = 1 << (j - 1);
+            assert(j <= al || j <= bl);
+            k = j + j;
+            t = BN_CTX_get(ctx);
+            if (t == NULL)
+                goto err;
+            if (al > j || bl > j) {
+                if (bn_wexpand(t, k * 4) == NULL)
+                    goto err;
+                if (bn_wexpand(rr, k * 4) == NULL)
+                    goto err;
+                bn_mul_part_recursive(rr->d, a->d, b->d,
+                                      j, al - j, bl - j, t->d);
+            } else {            /* al <= j || bl <= j */
+
+                if (bn_wexpand(t, k * 2) == NULL)
+                    goto err;
+                if (bn_wexpand(rr, k * 2) == NULL)
+                    goto err;
+                bn_mul_recursive(rr->d, a->d, b->d, j, al - j, bl - j, t->d);
+            }
+            rr->top = top;
+            goto end;
+        }
+    }
+#endif                          /* BN_RECURSION */
+    if (bn_wexpand(rr, top) == NULL)
+        goto err;
+    rr->top = top;
+    bn_mul_normal(rr->d, a->d, al, b->d, bl);
+
+#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
+ end:
+#endif
+    rr->neg = a->neg ^ b->neg;
+    rr->flags |= BN_FLG_FIXED_TOP;
+    if (r != rr && BN_copy(r, rr) == NULL)
+        goto err;
+
+    ret = 1;
+ err:
+    bn_check_top(r);
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb)
+{
+    BN_ULONG *rr;
+
+    if (na < nb) {
+        int itmp;
+        BN_ULONG *ltmp;
+
+        itmp = na;
+        na = nb;
+        nb = itmp;
+        ltmp = a;
+        a = b;
+        b = ltmp;
+
+    }
+    rr = &(r[na]);
+    if (nb <= 0) {
+        (void)bn_mul_words(r, a, na, 0);
+        return;
+    } else
+        rr[0] = bn_mul_words(r, a, na, b[0]);
+
+    for (;;) {
+        if (--nb <= 0)
+            return;
+        rr[1] = bn_mul_add_words(&(r[1]), a, na, b[1]);
+        if (--nb <= 0)
+            return;
+        rr[2] = bn_mul_add_words(&(r[2]), a, na, b[2]);
+        if (--nb <= 0)
+            return;
+        rr[3] = bn_mul_add_words(&(r[3]), a, na, b[3]);
+        if (--nb <= 0)
+            return;
+        rr[4] = bn_mul_add_words(&(r[4]), a, na, b[4]);
+        rr += 4;
+        r += 4;
+        b += 4;
+    }
+}
+
+void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+{
+    bn_mul_words(r, a, n, b[0]);
+
+    for (;;) {
+        if (--n <= 0)
+            return;
+        bn_mul_add_words(&(r[1]), a, n, b[1]);
+        if (--n <= 0)
+            return;
+        bn_mul_add_words(&(r[2]), a, n, b[2]);
+        if (--n <= 0)
+            return;
+        bn_mul_add_words(&(r[3]), a, n, b[3]);
+        if (--n <= 0)
+            return;
+        bn_mul_add_words(&(r[4]), a, n, b[4]);
+        r += 4;
+        b += 4;
+    }
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_nist.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_nist.c
new file mode 100644
index 000000000..dcdd321c6
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_nist.c
@@ -0,0 +1,1239 @@
+/*
+ * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "bn_lcl.h"
+#include "internal/cryptlib.h"
+
+#define BN_NIST_192_TOP (192+BN_BITS2-1)/BN_BITS2
+#define BN_NIST_224_TOP (224+BN_BITS2-1)/BN_BITS2
+#define BN_NIST_256_TOP (256+BN_BITS2-1)/BN_BITS2
+#define BN_NIST_384_TOP (384+BN_BITS2-1)/BN_BITS2
+#define BN_NIST_521_TOP (521+BN_BITS2-1)/BN_BITS2
+
+/* pre-computed tables are "carry-less" values of modulus*(i+1) */
+#if BN_BITS2 == 64
+static const BN_ULONG _nist_p_192[][BN_NIST_192_TOP] = {
+    {0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFEULL, 0xFFFFFFFFFFFFFFFFULL},
+    {0xFFFFFFFFFFFFFFFEULL, 0xFFFFFFFFFFFFFFFDULL, 0xFFFFFFFFFFFFFFFFULL},
+    {0xFFFFFFFFFFFFFFFDULL, 0xFFFFFFFFFFFFFFFCULL, 0xFFFFFFFFFFFFFFFFULL}
+};
+
+static const BN_ULONG _nist_p_192_sqr[] = {
+    0x0000000000000001ULL, 0x0000000000000002ULL, 0x0000000000000001ULL,
+    0xFFFFFFFFFFFFFFFEULL, 0xFFFFFFFFFFFFFFFDULL, 0xFFFFFFFFFFFFFFFFULL
+};
+
+static const BN_ULONG _nist_p_224[][BN_NIST_224_TOP] = {
+    {0x0000000000000001ULL, 0xFFFFFFFF00000000ULL,
+     0xFFFFFFFFFFFFFFFFULL, 0x00000000FFFFFFFFULL},
+    {0x0000000000000002ULL, 0xFFFFFFFE00000000ULL,
+     0xFFFFFFFFFFFFFFFFULL, 0x00000001FFFFFFFFULL} /* this one is
+                                                    * "carry-full" */
+};
+
+static const BN_ULONG _nist_p_224_sqr[] = {
+    0x0000000000000001ULL, 0xFFFFFFFE00000000ULL,
+    0xFFFFFFFFFFFFFFFFULL, 0x0000000200000000ULL,
+    0x0000000000000000ULL, 0xFFFFFFFFFFFFFFFEULL,
+    0xFFFFFFFFFFFFFFFFULL
+};
+
+static const BN_ULONG _nist_p_256[][BN_NIST_256_TOP] = {
+    {0xFFFFFFFFFFFFFFFFULL, 0x00000000FFFFFFFFULL,
+     0x0000000000000000ULL, 0xFFFFFFFF00000001ULL},
+    {0xFFFFFFFFFFFFFFFEULL, 0x00000001FFFFFFFFULL,
+     0x0000000000000000ULL, 0xFFFFFFFE00000002ULL},
+    {0xFFFFFFFFFFFFFFFDULL, 0x00000002FFFFFFFFULL,
+     0x0000000000000000ULL, 0xFFFFFFFD00000003ULL},
+    {0xFFFFFFFFFFFFFFFCULL, 0x00000003FFFFFFFFULL,
+     0x0000000000000000ULL, 0xFFFFFFFC00000004ULL},
+    {0xFFFFFFFFFFFFFFFBULL, 0x00000004FFFFFFFFULL,
+     0x0000000000000000ULL, 0xFFFFFFFB00000005ULL},
+};
+
+static const BN_ULONG _nist_p_256_sqr[] = {
+    0x0000000000000001ULL, 0xFFFFFFFE00000000ULL,
+    0xFFFFFFFFFFFFFFFFULL, 0x00000001FFFFFFFEULL,
+    0x00000001FFFFFFFEULL, 0x00000001FFFFFFFEULL,
+    0xFFFFFFFE00000001ULL, 0xFFFFFFFE00000002ULL
+};
+
+static const BN_ULONG _nist_p_384[][BN_NIST_384_TOP] = {
+    {0x00000000FFFFFFFFULL, 0xFFFFFFFF00000000ULL, 0xFFFFFFFFFFFFFFFEULL,
+     0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL},
+    {0x00000001FFFFFFFEULL, 0xFFFFFFFE00000000ULL, 0xFFFFFFFFFFFFFFFDULL,
+     0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL},
+    {0x00000002FFFFFFFDULL, 0xFFFFFFFD00000000ULL, 0xFFFFFFFFFFFFFFFCULL,
+     0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL},
+    {0x00000003FFFFFFFCULL, 0xFFFFFFFC00000000ULL, 0xFFFFFFFFFFFFFFFBULL,
+     0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL},
+    {0x00000004FFFFFFFBULL, 0xFFFFFFFB00000000ULL, 0xFFFFFFFFFFFFFFFAULL,
+     0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL},
+};
+
+static const BN_ULONG _nist_p_384_sqr[] = {
+    0xFFFFFFFE00000001ULL, 0x0000000200000000ULL, 0xFFFFFFFE00000000ULL,
+    0x0000000200000000ULL, 0x0000000000000001ULL, 0x0000000000000000ULL,
+    0x00000001FFFFFFFEULL, 0xFFFFFFFE00000000ULL, 0xFFFFFFFFFFFFFFFDULL,
+    0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL
+};
+
+static const BN_ULONG _nist_p_521[] =
+    { 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL,
+    0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL,
+    0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL,
+    0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL,
+    0x00000000000001FFULL
+};
+
+static const BN_ULONG _nist_p_521_sqr[] = {
+    0x0000000000000001ULL, 0x0000000000000000ULL, 0x0000000000000000ULL,
+    0x0000000000000000ULL, 0x0000000000000000ULL, 0x0000000000000000ULL,
+    0x0000000000000000ULL, 0x0000000000000000ULL, 0xFFFFFFFFFFFFFC00ULL,
+    0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL,
+    0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL,
+    0xFFFFFFFFFFFFFFFFULL, 0x000000000003FFFFULL
+};
+#elif BN_BITS2 == 32
+static const BN_ULONG _nist_p_192[][BN_NIST_192_TOP] = {
+    {0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
+    {0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
+    {0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFC, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}
+};
+
+static const BN_ULONG _nist_p_192_sqr[] = {
+    0x00000001, 0x00000000, 0x00000002, 0x00000000, 0x00000001, 0x00000000,
+    0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF
+};
+
+static const BN_ULONG _nist_p_224[][BN_NIST_224_TOP] = {
+    {0x00000001, 0x00000000, 0x00000000, 0xFFFFFFFF,
+     0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
+    {0x00000002, 0x00000000, 0x00000000, 0xFFFFFFFE,
+     0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}
+};
+
+static const BN_ULONG _nist_p_224_sqr[] = {
+    0x00000001, 0x00000000, 0x00000000, 0xFFFFFFFE,
+    0xFFFFFFFF, 0xFFFFFFFF, 0x00000000, 0x00000002,
+    0x00000000, 0x00000000, 0xFFFFFFFE, 0xFFFFFFFF,
+    0xFFFFFFFF, 0xFFFFFFFF
+};
+
+static const BN_ULONG _nist_p_256[][BN_NIST_256_TOP] = {
+    {0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000000,
+     0x00000000, 0x00000000, 0x00000001, 0xFFFFFFFF},
+    {0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000001,
+     0x00000000, 0x00000000, 0x00000002, 0xFFFFFFFE},
+    {0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000002,
+     0x00000000, 0x00000000, 0x00000003, 0xFFFFFFFD},
+    {0xFFFFFFFC, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000003,
+     0x00000000, 0x00000000, 0x00000004, 0xFFFFFFFC},
+    {0xFFFFFFFB, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000004,
+     0x00000000, 0x00000000, 0x00000005, 0xFFFFFFFB},
+};
+
+static const BN_ULONG _nist_p_256_sqr[] = {
+    0x00000001, 0x00000000, 0x00000000, 0xFFFFFFFE,
+    0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFE, 0x00000001,
+    0xFFFFFFFE, 0x00000001, 0xFFFFFFFE, 0x00000001,
+    0x00000001, 0xFFFFFFFE, 0x00000002, 0xFFFFFFFE
+};
+
+static const BN_ULONG _nist_p_384[][BN_NIST_384_TOP] = {
+    {0xFFFFFFFF, 0x00000000, 0x00000000, 0xFFFFFFFF, 0xFFFFFFFE, 0xFFFFFFFF,
+     0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
+    {0xFFFFFFFE, 0x00000001, 0x00000000, 0xFFFFFFFE, 0xFFFFFFFD, 0xFFFFFFFF,
+     0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
+    {0xFFFFFFFD, 0x00000002, 0x00000000, 0xFFFFFFFD, 0xFFFFFFFC, 0xFFFFFFFF,
+     0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
+    {0xFFFFFFFC, 0x00000003, 0x00000000, 0xFFFFFFFC, 0xFFFFFFFB, 0xFFFFFFFF,
+     0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
+    {0xFFFFFFFB, 0x00000004, 0x00000000, 0xFFFFFFFB, 0xFFFFFFFA, 0xFFFFFFFF,
+     0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
+};
+
+static const BN_ULONG _nist_p_384_sqr[] = {
+    0x00000001, 0xFFFFFFFE, 0x00000000, 0x00000002, 0x00000000, 0xFFFFFFFE,
+    0x00000000, 0x00000002, 0x00000001, 0x00000000, 0x00000000, 0x00000000,
+    0xFFFFFFFE, 0x00000001, 0x00000000, 0xFFFFFFFE, 0xFFFFFFFD, 0xFFFFFFFF,
+    0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF
+};
+
+static const BN_ULONG _nist_p_521[] = { 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
+    0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
+    0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
+    0xFFFFFFFF, 0x000001FF
+};
+
+static const BN_ULONG _nist_p_521_sqr[] = {
+    0x00000001, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000,
+    0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000,
+    0x00000000, 0x00000000, 0x00000000, 0x00000000, 0xFFFFFC00, 0xFFFFFFFF,
+    0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
+    0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
+    0xFFFFFFFF, 0xFFFFFFFF, 0x0003FFFF
+};
+#else
+# error "unsupported BN_BITS2"
+#endif
+
+static const BIGNUM _bignum_nist_p_192 = {
+    (BN_ULONG *)_nist_p_192[0],
+    BN_NIST_192_TOP,
+    BN_NIST_192_TOP,
+    0,
+    BN_FLG_STATIC_DATA
+};
+
+static const BIGNUM _bignum_nist_p_224 = {
+    (BN_ULONG *)_nist_p_224[0],
+    BN_NIST_224_TOP,
+    BN_NIST_224_TOP,
+    0,
+    BN_FLG_STATIC_DATA
+};
+
+static const BIGNUM _bignum_nist_p_256 = {
+    (BN_ULONG *)_nist_p_256[0],
+    BN_NIST_256_TOP,
+    BN_NIST_256_TOP,
+    0,
+    BN_FLG_STATIC_DATA
+};
+
+static const BIGNUM _bignum_nist_p_384 = {
+    (BN_ULONG *)_nist_p_384[0],
+    BN_NIST_384_TOP,
+    BN_NIST_384_TOP,
+    0,
+    BN_FLG_STATIC_DATA
+};
+
+static const BIGNUM _bignum_nist_p_521 = {
+    (BN_ULONG *)_nist_p_521,
+    BN_NIST_521_TOP,
+    BN_NIST_521_TOP,
+    0,
+    BN_FLG_STATIC_DATA
+};
+
+const BIGNUM *BN_get0_nist_prime_192(void)
+{
+    return &_bignum_nist_p_192;
+}
+
+const BIGNUM *BN_get0_nist_prime_224(void)
+{
+    return &_bignum_nist_p_224;
+}
+
+const BIGNUM *BN_get0_nist_prime_256(void)
+{
+    return &_bignum_nist_p_256;
+}
+
+const BIGNUM *BN_get0_nist_prime_384(void)
+{
+    return &_bignum_nist_p_384;
+}
+
+const BIGNUM *BN_get0_nist_prime_521(void)
+{
+    return &_bignum_nist_p_521;
+}
+
+static void nist_cp_bn_0(BN_ULONG *dst, const BN_ULONG *src, int top, int max)
+{
+    int i;
+
+#ifdef BN_DEBUG
+    (void)ossl_assert(top <= max);
+#endif
+    for (i = 0; i < top; i++)
+        dst[i] = src[i];
+    for (; i < max; i++)
+        dst[i] = 0;
+}
+
+static void nist_cp_bn(BN_ULONG *dst, const BN_ULONG *src, int top)
+{
+    int i;
+
+    for (i = 0; i < top; i++)
+        dst[i] = src[i];
+}
+
+#if BN_BITS2 == 64
+# define bn_cp_64(to, n, from, m)        (to)[n] = (m>=0)?((from)[m]):0;
+# define bn_64_set_0(to, n)              (to)[n] = (BN_ULONG)0;
+/*
+ * two following macros are implemented under assumption that they
+ * are called in a sequence with *ascending* n, i.e. as they are...
+ */
+# define bn_cp_32_naked(to, n, from, m)  (((n)&1)?(to[(n)/2]|=((m)&1)?(from[(m)/2]&BN_MASK2h):(from[(m)/2]<<32))\
+                                                :(to[(n)/2] =((m)&1)?(from[(m)/2]>>32):(from[(m)/2]&BN_MASK2l)))
+# define bn_32_set_0(to, n)              (((n)&1)?(to[(n)/2]&=BN_MASK2l):(to[(n)/2]=0));
+# define bn_cp_32(to,n,from,m)           ((m)>=0)?bn_cp_32_naked(to,n,from,m):bn_32_set_0(to,n)
+# if defined(L_ENDIAN)
+#  if defined(__arch64__)
+#   define NIST_INT64 long
+#  else
+#   define NIST_INT64 long long
+#  endif
+# endif
+#else
+# define bn_cp_64(to, n, from, m) \
+        { \
+        bn_cp_32(to, (n)*2, from, (m)*2); \
+        bn_cp_32(to, (n)*2+1, from, (m)*2+1); \
+        }
+# define bn_64_set_0(to, n) \
+        { \
+        bn_32_set_0(to, (n)*2); \
+        bn_32_set_0(to, (n)*2+1); \
+        }
+# define bn_cp_32(to, n, from, m)        (to)[n] = (m>=0)?((from)[m]):0;
+# define bn_32_set_0(to, n)              (to)[n] = (BN_ULONG)0;
+# if defined(_WIN32) && !defined(__GNUC__)
+#  define NIST_INT64 __int64
+# elif defined(BN_LLONG)
+#  define NIST_INT64 long long
+# endif
+#endif                          /* BN_BITS2 != 64 */
+
+#define nist_set_192(to, from, a1, a2, a3) \
+        { \
+        bn_cp_64(to, 0, from, (a3) - 3) \
+        bn_cp_64(to, 1, from, (a2) - 3) \
+        bn_cp_64(to, 2, from, (a1) - 3) \
+        }
+
+int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
+                    BN_CTX *ctx)
+{
+    int top = a->top, i;
+    int carry;
+    register BN_ULONG *r_d, *a_d = a->d;
+    union {
+        BN_ULONG bn[BN_NIST_192_TOP];
+        unsigned int ui[BN_NIST_192_TOP * sizeof(BN_ULONG) /
+                        sizeof(unsigned int)];
+    } buf;
+    BN_ULONG c_d[BN_NIST_192_TOP], *res;
+    PTR_SIZE_INT mask;
+    static const BIGNUM _bignum_nist_p_192_sqr = {
+        (BN_ULONG *)_nist_p_192_sqr,
+        OSSL_NELEM(_nist_p_192_sqr),
+        OSSL_NELEM(_nist_p_192_sqr),
+        0, BN_FLG_STATIC_DATA
+    };
+
+    field = &_bignum_nist_p_192; /* just to make sure */
+
+    if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_192_sqr) >= 0)
+        return BN_nnmod(r, a, field, ctx);
+
+    i = BN_ucmp(field, a);
+    if (i == 0) {
+        BN_zero(r);
+        return 1;
+    } else if (i > 0)
+        return (r == a) ? 1 : (BN_copy(r, a) != NULL);
+
+    if (r != a) {
+        if (!bn_wexpand(r, BN_NIST_192_TOP))
+            return 0;
+        r_d = r->d;
+        nist_cp_bn(r_d, a_d, BN_NIST_192_TOP);
+    } else
+        r_d = a_d;
+
+    nist_cp_bn_0(buf.bn, a_d + BN_NIST_192_TOP, top - BN_NIST_192_TOP,
+                 BN_NIST_192_TOP);
+
+#if defined(NIST_INT64)
+    {
+        NIST_INT64 acc;         /* accumulator */
+        unsigned int *rp = (unsigned int *)r_d;
+        const unsigned int *bp = (const unsigned int *)buf.ui;
+
+        acc = rp[0];
+        acc += bp[3 * 2 - 6];
+        acc += bp[5 * 2 - 6];
+        rp[0] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[1];
+        acc += bp[3 * 2 - 5];
+        acc += bp[5 * 2 - 5];
+        rp[1] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[2];
+        acc += bp[3 * 2 - 6];
+        acc += bp[4 * 2 - 6];
+        acc += bp[5 * 2 - 6];
+        rp[2] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[3];
+        acc += bp[3 * 2 - 5];
+        acc += bp[4 * 2 - 5];
+        acc += bp[5 * 2 - 5];
+        rp[3] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[4];
+        acc += bp[4 * 2 - 6];
+        acc += bp[5 * 2 - 6];
+        rp[4] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[5];
+        acc += bp[4 * 2 - 5];
+        acc += bp[5 * 2 - 5];
+        rp[5] = (unsigned int)acc;
+
+        carry = (int)(acc >> 32);
+    }
+#else
+    {
+        BN_ULONG t_d[BN_NIST_192_TOP];
+
+        nist_set_192(t_d, buf.bn, 0, 3, 3);
+        carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP);
+        nist_set_192(t_d, buf.bn, 4, 4, 0);
+        carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP);
+        nist_set_192(t_d, buf.bn, 5, 5, 5)
+            carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP);
+    }
+#endif
+    if (carry > 0)
+        carry =
+            (int)bn_sub_words(r_d, r_d, _nist_p_192[carry - 1],
+                              BN_NIST_192_TOP);
+    else
+        carry = 1;
+
+    /*
+     * we need 'if (carry==0 || result>=modulus) result-=modulus;'
+     * as comparison implies subtraction, we can write
+     * 'tmp=result-modulus; if (!carry || !borrow) result=tmp;'
+     * this is what happens below, but without explicit if:-) a.
+     */
+    mask =
+        0 - (PTR_SIZE_INT) bn_sub_words(c_d, r_d, _nist_p_192[0],
+                                        BN_NIST_192_TOP);
+    mask &= 0 - (PTR_SIZE_INT) carry;
+    res = c_d;
+    res = (BN_ULONG *)
+        (((PTR_SIZE_INT) res & ~mask) | ((PTR_SIZE_INT) r_d & mask));
+    nist_cp_bn(r_d, res, BN_NIST_192_TOP);
+    r->top = BN_NIST_192_TOP;
+    bn_correct_top(r);
+
+    return 1;
+}
+
+typedef BN_ULONG (*bn_addsub_f) (BN_ULONG *, const BN_ULONG *,
+                                 const BN_ULONG *, int);
+
+#define nist_set_224(to, from, a1, a2, a3, a4, a5, a6, a7) \
+        { \
+        bn_cp_32(to, 0, from, (a7) - 7) \
+        bn_cp_32(to, 1, from, (a6) - 7) \
+        bn_cp_32(to, 2, from, (a5) - 7) \
+        bn_cp_32(to, 3, from, (a4) - 7) \
+        bn_cp_32(to, 4, from, (a3) - 7) \
+        bn_cp_32(to, 5, from, (a2) - 7) \
+        bn_cp_32(to, 6, from, (a1) - 7) \
+        }
+
+int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
+                    BN_CTX *ctx)
+{
+    int top = a->top, i;
+    int carry;
+    BN_ULONG *r_d, *a_d = a->d;
+    union {
+        BN_ULONG bn[BN_NIST_224_TOP];
+        unsigned int ui[BN_NIST_224_TOP * sizeof(BN_ULONG) /
+                        sizeof(unsigned int)];
+    } buf;
+    BN_ULONG c_d[BN_NIST_224_TOP], *res;
+    PTR_SIZE_INT mask;
+    union {
+        bn_addsub_f f;
+        PTR_SIZE_INT p;
+    } u;
+    static const BIGNUM _bignum_nist_p_224_sqr = {
+        (BN_ULONG *)_nist_p_224_sqr,
+        OSSL_NELEM(_nist_p_224_sqr),
+        OSSL_NELEM(_nist_p_224_sqr),
+        0, BN_FLG_STATIC_DATA
+    };
+
+    field = &_bignum_nist_p_224; /* just to make sure */
+
+    if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_224_sqr) >= 0)
+        return BN_nnmod(r, a, field, ctx);
+
+    i = BN_ucmp(field, a);
+    if (i == 0) {
+        BN_zero(r);
+        return 1;
+    } else if (i > 0)
+        return (r == a) ? 1 : (BN_copy(r, a) != NULL);
+
+    if (r != a) {
+        if (!bn_wexpand(r, BN_NIST_224_TOP))
+            return 0;
+        r_d = r->d;
+        nist_cp_bn(r_d, a_d, BN_NIST_224_TOP);
+    } else
+        r_d = a_d;
+
+#if BN_BITS2==64
+    /* copy upper 256 bits of 448 bit number ... */
+    nist_cp_bn_0(c_d, a_d + (BN_NIST_224_TOP - 1),
+                 top - (BN_NIST_224_TOP - 1), BN_NIST_224_TOP);
+    /* ... and right shift by 32 to obtain upper 224 bits */
+    nist_set_224(buf.bn, c_d, 14, 13, 12, 11, 10, 9, 8);
+    /* truncate lower part to 224 bits too */
+    r_d[BN_NIST_224_TOP - 1] &= BN_MASK2l;
+#else
+    nist_cp_bn_0(buf.bn, a_d + BN_NIST_224_TOP, top - BN_NIST_224_TOP,
+                 BN_NIST_224_TOP);
+#endif
+
+#if defined(NIST_INT64) && BN_BITS2!=64
+    {
+        NIST_INT64 acc;         /* accumulator */
+        unsigned int *rp = (unsigned int *)r_d;
+        const unsigned int *bp = (const unsigned int *)buf.ui;
+
+        acc = rp[0];
+        acc -= bp[7 - 7];
+        acc -= bp[11 - 7];
+        rp[0] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[1];
+        acc -= bp[8 - 7];
+        acc -= bp[12 - 7];
+        rp[1] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[2];
+        acc -= bp[9 - 7];
+        acc -= bp[13 - 7];
+        rp[2] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[3];
+        acc += bp[7 - 7];
+        acc += bp[11 - 7];
+        acc -= bp[10 - 7];
+        rp[3] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[4];
+        acc += bp[8 - 7];
+        acc += bp[12 - 7];
+        acc -= bp[11 - 7];
+        rp[4] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[5];
+        acc += bp[9 - 7];
+        acc += bp[13 - 7];
+        acc -= bp[12 - 7];
+        rp[5] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[6];
+        acc += bp[10 - 7];
+        acc -= bp[13 - 7];
+        rp[6] = (unsigned int)acc;
+
+        carry = (int)(acc >> 32);
+# if BN_BITS2==64
+        rp[7] = carry;
+# endif
+    }
+#else
+    {
+        BN_ULONG t_d[BN_NIST_224_TOP];
+
+        nist_set_224(t_d, buf.bn, 10, 9, 8, 7, 0, 0, 0);
+        carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
+        nist_set_224(t_d, buf.bn, 0, 13, 12, 11, 0, 0, 0);
+        carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
+        nist_set_224(t_d, buf.bn, 13, 12, 11, 10, 9, 8, 7);
+        carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP);
+        nist_set_224(t_d, buf.bn, 0, 0, 0, 0, 13, 12, 11);
+        carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP);
+
+# if BN_BITS2==64
+        carry = (int)(r_d[BN_NIST_224_TOP - 1] >> 32);
+# endif
+    }
+#endif
+    u.f = bn_sub_words;
+    if (carry > 0) {
+        carry =
+            (int)bn_sub_words(r_d, r_d, _nist_p_224[carry - 1],
+                              BN_NIST_224_TOP);
+#if BN_BITS2==64
+        carry = (int)(~(r_d[BN_NIST_224_TOP - 1] >> 32)) & 1;
+#endif
+    } else if (carry < 0) {
+        /*
+         * it's a bit more complicated logic in this case. if bn_add_words
+         * yields no carry, then result has to be adjusted by unconditionally
+         * *adding* the modulus. but if it does, then result has to be
+         * compared to the modulus and conditionally adjusted by
+         * *subtracting* the latter.
+         */
+        carry =
+            (int)bn_add_words(r_d, r_d, _nist_p_224[-carry - 1],
+                              BN_NIST_224_TOP);
+        mask = 0 - (PTR_SIZE_INT) carry;
+        u.p = ((PTR_SIZE_INT) bn_sub_words & mask) |
+            ((PTR_SIZE_INT) bn_add_words & ~mask);
+    } else
+        carry = 1;
+
+    /* otherwise it's effectively same as in BN_nist_mod_192... */
+    mask =
+        0 - (PTR_SIZE_INT) (*u.f) (c_d, r_d, _nist_p_224[0], BN_NIST_224_TOP);
+    mask &= 0 - (PTR_SIZE_INT) carry;
+    res = c_d;
+    res = (BN_ULONG *)(((PTR_SIZE_INT) res & ~mask) |
+                       ((PTR_SIZE_INT) r_d & mask));
+    nist_cp_bn(r_d, res, BN_NIST_224_TOP);
+    r->top = BN_NIST_224_TOP;
+    bn_correct_top(r);
+
+    return 1;
+}
+
+#define nist_set_256(to, from, a1, a2, a3, a4, a5, a6, a7, a8) \
+        { \
+        bn_cp_32(to, 0, from, (a8) - 8) \
+        bn_cp_32(to, 1, from, (a7) - 8) \
+        bn_cp_32(to, 2, from, (a6) - 8) \
+        bn_cp_32(to, 3, from, (a5) - 8) \
+        bn_cp_32(to, 4, from, (a4) - 8) \
+        bn_cp_32(to, 5, from, (a3) - 8) \
+        bn_cp_32(to, 6, from, (a2) - 8) \
+        bn_cp_32(to, 7, from, (a1) - 8) \
+        }
+
+int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
+                    BN_CTX *ctx)
+{
+    int i, top = a->top;
+    int carry = 0;
+    register BN_ULONG *a_d = a->d, *r_d;
+    union {
+        BN_ULONG bn[BN_NIST_256_TOP];
+        unsigned int ui[BN_NIST_256_TOP * sizeof(BN_ULONG) /
+                        sizeof(unsigned int)];
+    } buf;
+    BN_ULONG c_d[BN_NIST_256_TOP], *res;
+    PTR_SIZE_INT mask;
+    union {
+        bn_addsub_f f;
+        PTR_SIZE_INT p;
+    } u;
+    static const BIGNUM _bignum_nist_p_256_sqr = {
+        (BN_ULONG *)_nist_p_256_sqr,
+        OSSL_NELEM(_nist_p_256_sqr),
+        OSSL_NELEM(_nist_p_256_sqr),
+        0, BN_FLG_STATIC_DATA
+    };
+
+    field = &_bignum_nist_p_256; /* just to make sure */
+
+    if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_256_sqr) >= 0)
+        return BN_nnmod(r, a, field, ctx);
+
+    i = BN_ucmp(field, a);
+    if (i == 0) {
+        BN_zero(r);
+        return 1;
+    } else if (i > 0)
+        return (r == a) ? 1 : (BN_copy(r, a) != NULL);
+
+    if (r != a) {
+        if (!bn_wexpand(r, BN_NIST_256_TOP))
+            return 0;
+        r_d = r->d;
+        nist_cp_bn(r_d, a_d, BN_NIST_256_TOP);
+    } else
+        r_d = a_d;
+
+    nist_cp_bn_0(buf.bn, a_d + BN_NIST_256_TOP, top - BN_NIST_256_TOP,
+                 BN_NIST_256_TOP);
+
+#if defined(NIST_INT64)
+    {
+        NIST_INT64 acc;         /* accumulator */
+        unsigned int *rp = (unsigned int *)r_d;
+        const unsigned int *bp = (const unsigned int *)buf.ui;
+
+        acc = rp[0];
+        acc += bp[8 - 8];
+        acc += bp[9 - 8];
+        acc -= bp[11 - 8];
+        acc -= bp[12 - 8];
+        acc -= bp[13 - 8];
+        acc -= bp[14 - 8];
+        rp[0] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[1];
+        acc += bp[9 - 8];
+        acc += bp[10 - 8];
+        acc -= bp[12 - 8];
+        acc -= bp[13 - 8];
+        acc -= bp[14 - 8];
+        acc -= bp[15 - 8];
+        rp[1] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[2];
+        acc += bp[10 - 8];
+        acc += bp[11 - 8];
+        acc -= bp[13 - 8];
+        acc -= bp[14 - 8];
+        acc -= bp[15 - 8];
+        rp[2] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[3];
+        acc += bp[11 - 8];
+        acc += bp[11 - 8];
+        acc += bp[12 - 8];
+        acc += bp[12 - 8];
+        acc += bp[13 - 8];
+        acc -= bp[15 - 8];
+        acc -= bp[8 - 8];
+        acc -= bp[9 - 8];
+        rp[3] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[4];
+        acc += bp[12 - 8];
+        acc += bp[12 - 8];
+        acc += bp[13 - 8];
+        acc += bp[13 - 8];
+        acc += bp[14 - 8];
+        acc -= bp[9 - 8];
+        acc -= bp[10 - 8];
+        rp[4] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[5];
+        acc += bp[13 - 8];
+        acc += bp[13 - 8];
+        acc += bp[14 - 8];
+        acc += bp[14 - 8];
+        acc += bp[15 - 8];
+        acc -= bp[10 - 8];
+        acc -= bp[11 - 8];
+        rp[5] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[6];
+        acc += bp[14 - 8];
+        acc += bp[14 - 8];
+        acc += bp[15 - 8];
+        acc += bp[15 - 8];
+        acc += bp[14 - 8];
+        acc += bp[13 - 8];
+        acc -= bp[8 - 8];
+        acc -= bp[9 - 8];
+        rp[6] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[7];
+        acc += bp[15 - 8];
+        acc += bp[15 - 8];
+        acc += bp[15 - 8];
+        acc += bp[8 - 8];
+        acc -= bp[10 - 8];
+        acc -= bp[11 - 8];
+        acc -= bp[12 - 8];
+        acc -= bp[13 - 8];
+        rp[7] = (unsigned int)acc;
+
+        carry = (int)(acc >> 32);
+    }
+#else
+    {
+        BN_ULONG t_d[BN_NIST_256_TOP];
+
+        /*
+         * S1
+         */
+        nist_set_256(t_d, buf.bn, 15, 14, 13, 12, 11, 0, 0, 0);
+        /*
+         * S2
+         */
+        nist_set_256(c_d, buf.bn, 0, 15, 14, 13, 12, 0, 0, 0);
+        carry = (int)bn_add_words(t_d, t_d, c_d, BN_NIST_256_TOP);
+        /* left shift */
+        {
+            register BN_ULONG *ap, t, c;
+            ap = t_d;
+            c = 0;
+            for (i = BN_NIST_256_TOP; i != 0; --i) {
+                t = *ap;
+                *(ap++) = ((t << 1) | c) & BN_MASK2;
+                c = (t & BN_TBIT) ? 1 : 0;
+            }
+            carry <<= 1;
+            carry |= c;
+        }
+        carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP);
+        /*
+         * S3
+         */
+        nist_set_256(t_d, buf.bn, 15, 14, 0, 0, 0, 10, 9, 8);
+        carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP);
+        /*
+         * S4
+         */
+        nist_set_256(t_d, buf.bn, 8, 13, 15, 14, 13, 11, 10, 9);
+        carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP);
+        /*
+         * D1
+         */
+        nist_set_256(t_d, buf.bn, 10, 8, 0, 0, 0, 13, 12, 11);
+        carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
+        /*
+         * D2
+         */
+        nist_set_256(t_d, buf.bn, 11, 9, 0, 0, 15, 14, 13, 12);
+        carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
+        /*
+         * D3
+         */
+        nist_set_256(t_d, buf.bn, 12, 0, 10, 9, 8, 15, 14, 13);
+        carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
+        /*
+         * D4
+         */
+        nist_set_256(t_d, buf.bn, 13, 0, 11, 10, 9, 0, 15, 14);
+        carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
+
+    }
+#endif
+    /* see BN_nist_mod_224 for explanation */
+    u.f = bn_sub_words;
+    if (carry > 0)
+        carry =
+            (int)bn_sub_words(r_d, r_d, _nist_p_256[carry - 1],
+                              BN_NIST_256_TOP);
+    else if (carry < 0) {
+        carry =
+            (int)bn_add_words(r_d, r_d, _nist_p_256[-carry - 1],
+                              BN_NIST_256_TOP);
+        mask = 0 - (PTR_SIZE_INT) carry;
+        u.p = ((PTR_SIZE_INT) bn_sub_words & mask) |
+            ((PTR_SIZE_INT) bn_add_words & ~mask);
+    } else
+        carry = 1;
+
+    mask =
+        0 - (PTR_SIZE_INT) (*u.f) (c_d, r_d, _nist_p_256[0], BN_NIST_256_TOP);
+    mask &= 0 - (PTR_SIZE_INT) carry;
+    res = c_d;
+    res = (BN_ULONG *)(((PTR_SIZE_INT) res & ~mask) |
+                       ((PTR_SIZE_INT) r_d & mask));
+    nist_cp_bn(r_d, res, BN_NIST_256_TOP);
+    r->top = BN_NIST_256_TOP;
+    bn_correct_top(r);
+
+    return 1;
+}
+
+#define nist_set_384(to,from,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,a11,a12) \
+        { \
+        bn_cp_32(to, 0, from,  (a12) - 12) \
+        bn_cp_32(to, 1, from,  (a11) - 12) \
+        bn_cp_32(to, 2, from,  (a10) - 12) \
+        bn_cp_32(to, 3, from,  (a9) - 12)  \
+        bn_cp_32(to, 4, from,  (a8) - 12)  \
+        bn_cp_32(to, 5, from,  (a7) - 12)  \
+        bn_cp_32(to, 6, from,  (a6) - 12)  \
+        bn_cp_32(to, 7, from,  (a5) - 12)  \
+        bn_cp_32(to, 8, from,  (a4) - 12)  \
+        bn_cp_32(to, 9, from,  (a3) - 12)  \
+        bn_cp_32(to, 10, from, (a2) - 12)  \
+        bn_cp_32(to, 11, from, (a1) - 12)  \
+        }
+
+int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
+                    BN_CTX *ctx)
+{
+    int i, top = a->top;
+    int carry = 0;
+    register BN_ULONG *r_d, *a_d = a->d;
+    union {
+        BN_ULONG bn[BN_NIST_384_TOP];
+        unsigned int ui[BN_NIST_384_TOP * sizeof(BN_ULONG) /
+                        sizeof(unsigned int)];
+    } buf;
+    BN_ULONG c_d[BN_NIST_384_TOP], *res;
+    PTR_SIZE_INT mask;
+    union {
+        bn_addsub_f f;
+        PTR_SIZE_INT p;
+    } u;
+    static const BIGNUM _bignum_nist_p_384_sqr = {
+        (BN_ULONG *)_nist_p_384_sqr,
+        OSSL_NELEM(_nist_p_384_sqr),
+        OSSL_NELEM(_nist_p_384_sqr),
+        0, BN_FLG_STATIC_DATA
+    };
+
+    field = &_bignum_nist_p_384; /* just to make sure */
+
+    if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_384_sqr) >= 0)
+        return BN_nnmod(r, a, field, ctx);
+
+    i = BN_ucmp(field, a);
+    if (i == 0) {
+        BN_zero(r);
+        return 1;
+    } else if (i > 0)
+        return (r == a) ? 1 : (BN_copy(r, a) != NULL);
+
+    if (r != a) {
+        if (!bn_wexpand(r, BN_NIST_384_TOP))
+            return 0;
+        r_d = r->d;
+        nist_cp_bn(r_d, a_d, BN_NIST_384_TOP);
+    } else
+        r_d = a_d;
+
+    nist_cp_bn_0(buf.bn, a_d + BN_NIST_384_TOP, top - BN_NIST_384_TOP,
+                 BN_NIST_384_TOP);
+
+#if defined(NIST_INT64)
+    {
+        NIST_INT64 acc;         /* accumulator */
+        unsigned int *rp = (unsigned int *)r_d;
+        const unsigned int *bp = (const unsigned int *)buf.ui;
+
+        acc = rp[0];
+        acc += bp[12 - 12];
+        acc += bp[21 - 12];
+        acc += bp[20 - 12];
+        acc -= bp[23 - 12];
+        rp[0] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[1];
+        acc += bp[13 - 12];
+        acc += bp[22 - 12];
+        acc += bp[23 - 12];
+        acc -= bp[12 - 12];
+        acc -= bp[20 - 12];
+        rp[1] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[2];
+        acc += bp[14 - 12];
+        acc += bp[23 - 12];
+        acc -= bp[13 - 12];
+        acc -= bp[21 - 12];
+        rp[2] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[3];
+        acc += bp[15 - 12];
+        acc += bp[12 - 12];
+        acc += bp[20 - 12];
+        acc += bp[21 - 12];
+        acc -= bp[14 - 12];
+        acc -= bp[22 - 12];
+        acc -= bp[23 - 12];
+        rp[3] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[4];
+        acc += bp[21 - 12];
+        acc += bp[21 - 12];
+        acc += bp[16 - 12];
+        acc += bp[13 - 12];
+        acc += bp[12 - 12];
+        acc += bp[20 - 12];
+        acc += bp[22 - 12];
+        acc -= bp[15 - 12];
+        acc -= bp[23 - 12];
+        acc -= bp[23 - 12];
+        rp[4] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[5];
+        acc += bp[22 - 12];
+        acc += bp[22 - 12];
+        acc += bp[17 - 12];
+        acc += bp[14 - 12];
+        acc += bp[13 - 12];
+        acc += bp[21 - 12];
+        acc += bp[23 - 12];
+        acc -= bp[16 - 12];
+        rp[5] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[6];
+        acc += bp[23 - 12];
+        acc += bp[23 - 12];
+        acc += bp[18 - 12];
+        acc += bp[15 - 12];
+        acc += bp[14 - 12];
+        acc += bp[22 - 12];
+        acc -= bp[17 - 12];
+        rp[6] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[7];
+        acc += bp[19 - 12];
+        acc += bp[16 - 12];
+        acc += bp[15 - 12];
+        acc += bp[23 - 12];
+        acc -= bp[18 - 12];
+        rp[7] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[8];
+        acc += bp[20 - 12];
+        acc += bp[17 - 12];
+        acc += bp[16 - 12];
+        acc -= bp[19 - 12];
+        rp[8] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[9];
+        acc += bp[21 - 12];
+        acc += bp[18 - 12];
+        acc += bp[17 - 12];
+        acc -= bp[20 - 12];
+        rp[9] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[10];
+        acc += bp[22 - 12];
+        acc += bp[19 - 12];
+        acc += bp[18 - 12];
+        acc -= bp[21 - 12];
+        rp[10] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[11];
+        acc += bp[23 - 12];
+        acc += bp[20 - 12];
+        acc += bp[19 - 12];
+        acc -= bp[22 - 12];
+        rp[11] = (unsigned int)acc;
+
+        carry = (int)(acc >> 32);
+    }
+#else
+    {
+        BN_ULONG t_d[BN_NIST_384_TOP];
+
+        /*
+         * S1
+         */
+        nist_set_256(t_d, buf.bn, 0, 0, 0, 0, 0, 23 - 4, 22 - 4, 21 - 4);
+        /* left shift */
+        {
+            register BN_ULONG *ap, t, c;
+            ap = t_d;
+            c = 0;
+            for (i = 3; i != 0; --i) {
+                t = *ap;
+                *(ap++) = ((t << 1) | c) & BN_MASK2;
+                c = (t & BN_TBIT) ? 1 : 0;
+            }
+            *ap = c;
+        }
+        carry =
+            (int)bn_add_words(r_d + (128 / BN_BITS2), r_d + (128 / BN_BITS2),
+                              t_d, BN_NIST_256_TOP);
+        /*
+         * S2
+         */
+        carry += (int)bn_add_words(r_d, r_d, buf.bn, BN_NIST_384_TOP);
+        /*
+         * S3
+         */
+        nist_set_384(t_d, buf.bn, 20, 19, 18, 17, 16, 15, 14, 13, 12, 23, 22,
+                     21);
+        carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
+        /*
+         * S4
+         */
+        nist_set_384(t_d, buf.bn, 19, 18, 17, 16, 15, 14, 13, 12, 20, 0, 23,
+                     0);
+        carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
+        /*
+         * S5
+         */
+        nist_set_384(t_d, buf.bn, 0, 0, 0, 0, 23, 22, 21, 20, 0, 0, 0, 0);
+        carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
+        /*
+         * S6
+         */
+        nist_set_384(t_d, buf.bn, 0, 0, 0, 0, 0, 0, 23, 22, 21, 0, 0, 20);
+        carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
+        /*
+         * D1
+         */
+        nist_set_384(t_d, buf.bn, 22, 21, 20, 19, 18, 17, 16, 15, 14, 13, 12,
+                     23);
+        carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP);
+        /*
+         * D2
+         */
+        nist_set_384(t_d, buf.bn, 0, 0, 0, 0, 0, 0, 0, 23, 22, 21, 20, 0);
+        carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP);
+        /*
+         * D3
+         */
+        nist_set_384(t_d, buf.bn, 0, 0, 0, 0, 0, 0, 0, 23, 23, 0, 0, 0);
+        carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP);
+
+    }
+#endif
+    /* see BN_nist_mod_224 for explanation */
+    u.f = bn_sub_words;
+    if (carry > 0)
+        carry =
+            (int)bn_sub_words(r_d, r_d, _nist_p_384[carry - 1],
+                              BN_NIST_384_TOP);
+    else if (carry < 0) {
+        carry =
+            (int)bn_add_words(r_d, r_d, _nist_p_384[-carry - 1],
+                              BN_NIST_384_TOP);
+        mask = 0 - (PTR_SIZE_INT) carry;
+        u.p = ((PTR_SIZE_INT) bn_sub_words & mask) |
+            ((PTR_SIZE_INT) bn_add_words & ~mask);
+    } else
+        carry = 1;
+
+    mask =
+        0 - (PTR_SIZE_INT) (*u.f) (c_d, r_d, _nist_p_384[0], BN_NIST_384_TOP);
+    mask &= 0 - (PTR_SIZE_INT) carry;
+    res = c_d;
+    res = (BN_ULONG *)(((PTR_SIZE_INT) res & ~mask) |
+                       ((PTR_SIZE_INT) r_d & mask));
+    nist_cp_bn(r_d, res, BN_NIST_384_TOP);
+    r->top = BN_NIST_384_TOP;
+    bn_correct_top(r);
+
+    return 1;
+}
+
+#define BN_NIST_521_RSHIFT      (521%BN_BITS2)
+#define BN_NIST_521_LSHIFT      (BN_BITS2-BN_NIST_521_RSHIFT)
+#define BN_NIST_521_TOP_MASK    ((BN_ULONG)BN_MASK2>>BN_NIST_521_LSHIFT)
+
+int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
+                    BN_CTX *ctx)
+{
+    int top = a->top, i;
+    BN_ULONG *r_d, *a_d = a->d, t_d[BN_NIST_521_TOP], val, tmp, *res;
+    PTR_SIZE_INT mask;
+    static const BIGNUM _bignum_nist_p_521_sqr = {
+        (BN_ULONG *)_nist_p_521_sqr,
+        OSSL_NELEM(_nist_p_521_sqr),
+        OSSL_NELEM(_nist_p_521_sqr),
+        0, BN_FLG_STATIC_DATA
+    };
+
+    field = &_bignum_nist_p_521; /* just to make sure */
+
+    if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_521_sqr) >= 0)
+        return BN_nnmod(r, a, field, ctx);
+
+    i = BN_ucmp(field, a);
+    if (i == 0) {
+        BN_zero(r);
+        return 1;
+    } else if (i > 0)
+        return (r == a) ? 1 : (BN_copy(r, a) != NULL);
+
+    if (r != a) {
+        if (!bn_wexpand(r, BN_NIST_521_TOP))
+            return 0;
+        r_d = r->d;
+        nist_cp_bn(r_d, a_d, BN_NIST_521_TOP);
+    } else
+        r_d = a_d;
+
+    /* upper 521 bits, copy ... */
+    nist_cp_bn_0(t_d, a_d + (BN_NIST_521_TOP - 1),
+                 top - (BN_NIST_521_TOP - 1), BN_NIST_521_TOP);
+    /* ... and right shift */
+    for (val = t_d[0], i = 0; i < BN_NIST_521_TOP - 1; i++) {
+#if 0
+        /*
+         * MSC ARM compiler [version 2013, presumably even earlier,
+         * much earlier] miscompiles this code, but not one in
+         * #else section. See RT#3541.
+         */
+        tmp = val >> BN_NIST_521_RSHIFT;
+        val = t_d[i + 1];
+        t_d[i] = (tmp | val << BN_NIST_521_LSHIFT) & BN_MASK2;
+#else
+        t_d[i] = (val >> BN_NIST_521_RSHIFT |
+                  (tmp = t_d[i + 1]) << BN_NIST_521_LSHIFT) & BN_MASK2;
+        val = tmp;
+#endif
+    }
+    t_d[i] = val >> BN_NIST_521_RSHIFT;
+    /* lower 521 bits */
+    r_d[i] &= BN_NIST_521_TOP_MASK;
+
+    bn_add_words(r_d, r_d, t_d, BN_NIST_521_TOP);
+    mask =
+        0 - (PTR_SIZE_INT) bn_sub_words(t_d, r_d, _nist_p_521,
+                                        BN_NIST_521_TOP);
+    res = t_d;
+    res = (BN_ULONG *)(((PTR_SIZE_INT) res & ~mask) |
+                       ((PTR_SIZE_INT) r_d & mask));
+    nist_cp_bn(r_d, res, BN_NIST_521_TOP);
+    r->top = BN_NIST_521_TOP;
+    bn_correct_top(r);
+
+    return 1;
+}
+
+int (*BN_nist_mod_func(const BIGNUM *p)) (BIGNUM *r, const BIGNUM *a,
+                                          const BIGNUM *field, BN_CTX *ctx) {
+    if (BN_ucmp(&_bignum_nist_p_192, p) == 0)
+        return BN_nist_mod_192;
+    if (BN_ucmp(&_bignum_nist_p_224, p) == 0)
+        return BN_nist_mod_224;
+    if (BN_ucmp(&_bignum_nist_p_256, p) == 0)
+        return BN_nist_mod_256;
+    if (BN_ucmp(&_bignum_nist_p_384, p) == 0)
+        return BN_nist_mod_384;
+    if (BN_ucmp(&_bignum_nist_p_521, p) == 0)
+        return BN_nist_mod_521;
+    return 0;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_prime.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_prime.c
new file mode 100644
index 000000000..b91b31b1f
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_prime.c
@@ -0,0 +1,469 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "internal/cryptlib.h"
+#include "bn_lcl.h"
+
+/*
+ * The quick sieve algorithm approach to weeding out primes is Philip
+ * Zimmermann's, as implemented in PGP.  I have had a read of his comments
+ * and implemented my own version.
+ */
+#include "bn_prime.h"
+
+static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
+                   const BIGNUM *a1_odd, int k, BN_CTX *ctx,
+                   BN_MONT_CTX *mont);
+static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods);
+static int probable_prime_dh_safe(BIGNUM *rnd, int bits,
+                                  const BIGNUM *add, const BIGNUM *rem,
+                                  BN_CTX *ctx);
+
+int BN_GENCB_call(BN_GENCB *cb, int a, int b)
+{
+    /* No callback means continue */
+    if (!cb)
+        return 1;
+    switch (cb->ver) {
+    case 1:
+        /* Deprecated-style callbacks */
+        if (!cb->cb.cb_1)
+            return 1;
+        cb->cb.cb_1(a, b, cb->arg);
+        return 1;
+    case 2:
+        /* New-style callbacks */
+        return cb->cb.cb_2(a, b, cb);
+    default:
+        break;
+    }
+    /* Unrecognised callback type */
+    return 0;
+}
+
+int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
+                         const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb)
+{
+    BIGNUM *t;
+    int found = 0;
+    int i, j, c1 = 0;
+    BN_CTX *ctx = NULL;
+    prime_t *mods = NULL;
+    int checks = BN_prime_checks_for_size(bits);
+
+    if (bits < 2) {
+        /* There are no prime numbers this small. */
+        BNerr(BN_F_BN_GENERATE_PRIME_EX, BN_R_BITS_TOO_SMALL);
+        return 0;
+    } else if (bits == 2 && safe) {
+        /* The smallest safe prime (7) is three bits. */
+        BNerr(BN_F_BN_GENERATE_PRIME_EX, BN_R_BITS_TOO_SMALL);
+        return 0;
+    }
+
+    mods = OPENSSL_zalloc(sizeof(*mods) * NUMPRIMES);
+    if (mods == NULL)
+        goto err;
+
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+    t = BN_CTX_get(ctx);
+    if (t == NULL)
+        goto err;
+ loop:
+    /* make a random number and set the top and bottom bits */
+    if (add == NULL) {
+        if (!probable_prime(ret, bits, mods))
+            goto err;
+    } else {
+        if (safe) {
+            if (!probable_prime_dh_safe(ret, bits, add, rem, ctx))
+                goto err;
+        } else {
+            if (!bn_probable_prime_dh(ret, bits, add, rem, ctx))
+                goto err;
+        }
+    }
+
+    if (!BN_GENCB_call(cb, 0, c1++))
+        /* aborted */
+        goto err;
+
+    if (!safe) {
+        i = BN_is_prime_fasttest_ex(ret, checks, ctx, 0, cb);
+        if (i == -1)
+            goto err;
+        if (i == 0)
+            goto loop;
+    } else {
+        /*
+         * for "safe prime" generation, check that (p-1)/2 is prime. Since a
+         * prime is odd, We just need to divide by 2
+         */
+        if (!BN_rshift1(t, ret))
+            goto err;
+
+        for (i = 0; i < checks; i++) {
+            j = BN_is_prime_fasttest_ex(ret, 1, ctx, 0, cb);
+            if (j == -1)
+                goto err;
+            if (j == 0)
+                goto loop;
+
+            j = BN_is_prime_fasttest_ex(t, 1, ctx, 0, cb);
+            if (j == -1)
+                goto err;
+            if (j == 0)
+                goto loop;
+
+            if (!BN_GENCB_call(cb, 2, c1 - 1))
+                goto err;
+            /* We have a safe prime test pass */
+        }
+    }
+    /* we have a prime :-) */
+    found = 1;
+ err:
+    OPENSSL_free(mods);
+    if (ctx != NULL)
+        BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    bn_check_top(ret);
+    return found;
+}
+
+int BN_is_prime_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
+                   BN_GENCB *cb)
+{
+    return BN_is_prime_fasttest_ex(a, checks, ctx_passed, 0, cb);
+}
+
+int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
+                            int do_trial_division, BN_GENCB *cb)
+{
+    int i, j, ret = -1;
+    int k;
+    BN_CTX *ctx = NULL;
+    BIGNUM *A1, *A1_odd, *A3, *check; /* taken from ctx */
+    BN_MONT_CTX *mont = NULL;
+
+    /* Take care of the really small primes 2 & 3 */
+    if (BN_is_word(a, 2) || BN_is_word(a, 3))
+        return 1;
+
+    /* Check odd and bigger than 1 */
+    if (!BN_is_odd(a) || BN_cmp(a, BN_value_one()) <= 0)
+        return 0;
+
+    if (checks == BN_prime_checks)
+        checks = BN_prime_checks_for_size(BN_num_bits(a));
+
+    /* first look for small factors */
+    if (do_trial_division) {
+        for (i = 1; i < NUMPRIMES; i++) {
+            BN_ULONG mod = BN_mod_word(a, primes[i]);
+            if (mod == (BN_ULONG)-1)
+                goto err;
+            if (mod == 0)
+                return BN_is_word(a, primes[i]);
+        }
+        if (!BN_GENCB_call(cb, 1, -1))
+            goto err;
+    }
+
+    if (ctx_passed != NULL)
+        ctx = ctx_passed;
+    else if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+
+    A1 = BN_CTX_get(ctx);
+    A3 = BN_CTX_get(ctx);
+    A1_odd = BN_CTX_get(ctx);
+    check = BN_CTX_get(ctx);
+    if (check == NULL)
+        goto err;
+
+    /* compute A1 := a - 1 */
+    if (!BN_copy(A1, a) || !BN_sub_word(A1, 1))
+        goto err;
+    /* compute A3 := a - 3 */
+    if (!BN_copy(A3, a) || !BN_sub_word(A3, 3))
+        goto err;
+
+    /* write  A1  as  A1_odd * 2^k */
+    k = 1;
+    while (!BN_is_bit_set(A1, k))
+        k++;
+    if (!BN_rshift(A1_odd, A1, k))
+        goto err;
+
+    /* Montgomery setup for computations mod a */
+    mont = BN_MONT_CTX_new();
+    if (mont == NULL)
+        goto err;
+    if (!BN_MONT_CTX_set(mont, a, ctx))
+        goto err;
+
+    for (i = 0; i < checks; i++) {
+        /* 1 < check < a-1 */
+        if (!BN_priv_rand_range(check, A3) || !BN_add_word(check, 2))
+            goto err;
+
+        j = witness(check, a, A1, A1_odd, k, ctx, mont);
+        if (j == -1)
+            goto err;
+        if (j) {
+            ret = 0;
+            goto err;
+        }
+        if (!BN_GENCB_call(cb, 1, i))
+            goto err;
+    }
+    ret = 1;
+ err:
+    if (ctx != NULL) {
+        BN_CTX_end(ctx);
+        if (ctx_passed == NULL)
+            BN_CTX_free(ctx);
+    }
+    BN_MONT_CTX_free(mont);
+
+    return ret;
+}
+
+static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
+                   const BIGNUM *a1_odd, int k, BN_CTX *ctx,
+                   BN_MONT_CTX *mont)
+{
+    if (!BN_mod_exp_mont(w, w, a1_odd, a, ctx, mont)) /* w := w^a1_odd mod a */
+        return -1;
+    if (BN_is_one(w))
+        return 0;               /* probably prime */
+    if (BN_cmp(w, a1) == 0)
+        return 0;               /* w == -1 (mod a), 'a' is probably prime */
+    while (--k) {
+        if (!BN_mod_mul(w, w, w, a, ctx)) /* w := w^2 mod a */
+            return -1;
+        if (BN_is_one(w))
+            return 1;           /* 'a' is composite, otherwise a previous 'w'
+                                 * would have been == -1 (mod 'a') */
+        if (BN_cmp(w, a1) == 0)
+            return 0;           /* w == -1 (mod a), 'a' is probably prime */
+    }
+    /*
+     * If we get here, 'w' is the (a-1)/2-th power of the original 'w', and
+     * it is neither -1 nor +1 -- so 'a' cannot be prime
+     */
+    bn_check_top(w);
+    return 1;
+}
+
+static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods)
+{
+    int i;
+    BN_ULONG delta;
+    BN_ULONG maxdelta = BN_MASK2 - primes[NUMPRIMES - 1];
+    char is_single_word = bits <= BN_BITS2;
+
+ again:
+    /* TODO: Not all primes are private */
+    if (!BN_priv_rand(rnd, bits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ODD))
+        return 0;
+    /* we now have a random number 'rnd' to test. */
+    for (i = 1; i < NUMPRIMES; i++) {
+        BN_ULONG mod = BN_mod_word(rnd, (BN_ULONG)primes[i]);
+        if (mod == (BN_ULONG)-1)
+            return 0;
+        mods[i] = (prime_t) mod;
+    }
+    /*
+     * If bits is so small that it fits into a single word then we
+     * additionally don't want to exceed that many bits.
+     */
+    if (is_single_word) {
+        BN_ULONG size_limit;
+
+        if (bits == BN_BITS2) {
+            /*
+             * Shifting by this much has undefined behaviour so we do it a
+             * different way
+             */
+            size_limit = ~((BN_ULONG)0) - BN_get_word(rnd);
+        } else {
+            size_limit = (((BN_ULONG)1) << bits) - BN_get_word(rnd) - 1;
+        }
+        if (size_limit < maxdelta)
+            maxdelta = size_limit;
+    }
+    delta = 0;
+ loop:
+    if (is_single_word) {
+        BN_ULONG rnd_word = BN_get_word(rnd);
+
+        /*-
+         * In the case that the candidate prime is a single word then
+         * we check that:
+         *   1) It's greater than primes[i] because we shouldn't reject
+         *      3 as being a prime number because it's a multiple of
+         *      three.
+         *   2) That it's not a multiple of a known prime. We don't
+         *      check that rnd-1 is also coprime to all the known
+         *      primes because there aren't many small primes where
+         *      that's true.
+         */
+        for (i = 1; i < NUMPRIMES && primes[i] < rnd_word; i++) {
+            if ((mods[i] + delta) % primes[i] == 0) {
+                delta += 2;
+                if (delta > maxdelta)
+                    goto again;
+                goto loop;
+            }
+        }
+    } else {
+        for (i = 1; i < NUMPRIMES; i++) {
+            /*
+             * check that rnd is not a prime and also that gcd(rnd-1,primes)
+             * == 1 (except for 2)
+             */
+            if (((mods[i] + delta) % primes[i]) <= 1) {
+                delta += 2;
+                if (delta > maxdelta)
+                    goto again;
+                goto loop;
+            }
+        }
+    }
+    if (!BN_add_word(rnd, delta))
+        return 0;
+    if (BN_num_bits(rnd) != bits)
+        goto again;
+    bn_check_top(rnd);
+    return 1;
+}
+
+int bn_probable_prime_dh(BIGNUM *rnd, int bits,
+                         const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx)
+{
+    int i, ret = 0;
+    BIGNUM *t1;
+
+    BN_CTX_start(ctx);
+    if ((t1 = BN_CTX_get(ctx)) == NULL)
+        goto err;
+
+    if (!BN_rand(rnd, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD))
+        goto err;
+
+    /* we need ((rnd-rem) % add) == 0 */
+
+    if (!BN_mod(t1, rnd, add, ctx))
+        goto err;
+    if (!BN_sub(rnd, rnd, t1))
+        goto err;
+    if (rem == NULL) {
+        if (!BN_add_word(rnd, 1))
+            goto err;
+    } else {
+        if (!BN_add(rnd, rnd, rem))
+            goto err;
+    }
+
+    /* we now have a random number 'rand' to test. */
+
+ loop:
+    for (i = 1; i < NUMPRIMES; i++) {
+        /* check that rnd is a prime */
+        BN_ULONG mod = BN_mod_word(rnd, (BN_ULONG)primes[i]);
+        if (mod == (BN_ULONG)-1)
+            goto err;
+        if (mod <= 1) {
+            if (!BN_add(rnd, rnd, add))
+                goto err;
+            goto loop;
+        }
+    }
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    bn_check_top(rnd);
+    return ret;
+}
+
+static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd,
+                                  const BIGNUM *rem, BN_CTX *ctx)
+{
+    int i, ret = 0;
+    BIGNUM *t1, *qadd, *q;
+
+    bits--;
+    BN_CTX_start(ctx);
+    t1 = BN_CTX_get(ctx);
+    q = BN_CTX_get(ctx);
+    qadd = BN_CTX_get(ctx);
+    if (qadd == NULL)
+        goto err;
+
+    if (!BN_rshift1(qadd, padd))
+        goto err;
+
+    if (!BN_rand(q, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD))
+        goto err;
+
+    /* we need ((rnd-rem) % add) == 0 */
+    if (!BN_mod(t1, q, qadd, ctx))
+        goto err;
+    if (!BN_sub(q, q, t1))
+        goto err;
+    if (rem == NULL) {
+        if (!BN_add_word(q, 1))
+            goto err;
+    } else {
+        if (!BN_rshift1(t1, rem))
+            goto err;
+        if (!BN_add(q, q, t1))
+            goto err;
+    }
+
+    /* we now have a random number 'rand' to test. */
+    if (!BN_lshift1(p, q))
+        goto err;
+    if (!BN_add_word(p, 1))
+        goto err;
+
+ loop:
+    for (i = 1; i < NUMPRIMES; i++) {
+        /* check that p and q are prime */
+        /*
+         * check that for p and q gcd(p-1,primes) == 1 (except for 2)
+         */
+        BN_ULONG pmod = BN_mod_word(p, (BN_ULONG)primes[i]);
+        BN_ULONG qmod = BN_mod_word(q, (BN_ULONG)primes[i]);
+        if (pmod == (BN_ULONG)-1 || qmod == (BN_ULONG)-1)
+            goto err;
+        if (pmod == 0 || qmod == 0) {
+            if (!BN_add(p, p, padd))
+                goto err;
+            if (!BN_add(q, q, qadd))
+                goto err;
+            goto loop;
+        }
+    }
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    bn_check_top(p);
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_prime.h b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_prime.h
new file mode 100644
index 000000000..2eb7b52f7
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_prime.h
@@ -0,0 +1,273 @@
+/*
+ * WARNING: do not edit!
+ * Generated by crypto/bn/bn_prime.pl
+ *
+ * Copyright 1998-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+typedef unsigned short prime_t;
+# define NUMPRIMES 2048
+
+static const prime_t primes[2048] = {
+        2,     3,     5,     7,    11,    13,    17,    19,
+       23,    29,    31,    37,    41,    43,    47,    53,
+       59,    61,    67,    71,    73,    79,    83,    89,
+       97,   101,   103,   107,   109,   113,   127,   131,
+      137,   139,   149,   151,   157,   163,   167,   173,
+      179,   181,   191,   193,   197,   199,   211,   223,
+      227,   229,   233,   239,   241,   251,   257,   263,
+      269,   271,   277,   281,   283,   293,   307,   311,
+      313,   317,   331,   337,   347,   349,   353,   359,
+      367,   373,   379,   383,   389,   397,   401,   409,
+      419,   421,   431,   433,   439,   443,   449,   457,
+      461,   463,   467,   479,   487,   491,   499,   503,
+      509,   521,   523,   541,   547,   557,   563,   569,
+      571,   577,   587,   593,   599,   601,   607,   613,
+      617,   619,   631,   641,   643,   647,   653,   659,
+      661,   673,   677,   683,   691,   701,   709,   719,
+      727,   733,   739,   743,   751,   757,   761,   769,
+      773,   787,   797,   809,   811,   821,   823,   827,
+      829,   839,   853,   857,   859,   863,   877,   881,
+      883,   887,   907,   911,   919,   929,   937,   941,
+      947,   953,   967,   971,   977,   983,   991,   997,
+     1009,  1013,  1019,  1021,  1031,  1033,  1039,  1049,
+     1051,  1061,  1063,  1069,  1087,  1091,  1093,  1097,
+     1103,  1109,  1117,  1123,  1129,  1151,  1153,  1163,
+     1171,  1181,  1187,  1193,  1201,  1213,  1217,  1223,
+     1229,  1231,  1237,  1249,  1259,  1277,  1279,  1283,
+     1289,  1291,  1297,  1301,  1303,  1307,  1319,  1321,
+     1327,  1361,  1367,  1373,  1381,  1399,  1409,  1423,
+     1427,  1429,  1433,  1439,  1447,  1451,  1453,  1459,
+     1471,  1481,  1483,  1487,  1489,  1493,  1499,  1511,
+     1523,  1531,  1543,  1549,  1553,  1559,  1567,  1571,
+     1579,  1583,  1597,  1601,  1607,  1609,  1613,  1619,
+     1621,  1627,  1637,  1657,  1663,  1667,  1669,  1693,
+     1697,  1699,  1709,  1721,  1723,  1733,  1741,  1747,
+     1753,  1759,  1777,  1783,  1787,  1789,  1801,  1811,
+     1823,  1831,  1847,  1861,  1867,  1871,  1873,  1877,
+     1879,  1889,  1901,  1907,  1913,  1931,  1933,  1949,
+     1951,  1973,  1979,  1987,  1993,  1997,  1999,  2003,
+     2011,  2017,  2027,  2029,  2039,  2053,  2063,  2069,
+     2081,  2083,  2087,  2089,  2099,  2111,  2113,  2129,
+     2131,  2137,  2141,  2143,  2153,  2161,  2179,  2203,
+     2207,  2213,  2221,  2237,  2239,  2243,  2251,  2267,
+     2269,  2273,  2281,  2287,  2293,  2297,  2309,  2311,
+     2333,  2339,  2341,  2347,  2351,  2357,  2371,  2377,
+     2381,  2383,  2389,  2393,  2399,  2411,  2417,  2423,
+     2437,  2441,  2447,  2459,  2467,  2473,  2477,  2503,
+     2521,  2531,  2539,  2543,  2549,  2551,  2557,  2579,
+     2591,  2593,  2609,  2617,  2621,  2633,  2647,  2657,
+     2659,  2663,  2671,  2677,  2683,  2687,  2689,  2693,
+     2699,  2707,  2711,  2713,  2719,  2729,  2731,  2741,
+     2749,  2753,  2767,  2777,  2789,  2791,  2797,  2801,
+     2803,  2819,  2833,  2837,  2843,  2851,  2857,  2861,
+     2879,  2887,  2897,  2903,  2909,  2917,  2927,  2939,
+     2953,  2957,  2963,  2969,  2971,  2999,  3001,  3011,
+     3019,  3023,  3037,  3041,  3049,  3061,  3067,  3079,
+     3083,  3089,  3109,  3119,  3121,  3137,  3163,  3167,
+     3169,  3181,  3187,  3191,  3203,  3209,  3217,  3221,
+     3229,  3251,  3253,  3257,  3259,  3271,  3299,  3301,
+     3307,  3313,  3319,  3323,  3329,  3331,  3343,  3347,
+     3359,  3361,  3371,  3373,  3389,  3391,  3407,  3413,
+     3433,  3449,  3457,  3461,  3463,  3467,  3469,  3491,
+     3499,  3511,  3517,  3527,  3529,  3533,  3539,  3541,
+     3547,  3557,  3559,  3571,  3581,  3583,  3593,  3607,
+     3613,  3617,  3623,  3631,  3637,  3643,  3659,  3671,
+     3673,  3677,  3691,  3697,  3701,  3709,  3719,  3727,
+     3733,  3739,  3761,  3767,  3769,  3779,  3793,  3797,
+     3803,  3821,  3823,  3833,  3847,  3851,  3853,  3863,
+     3877,  3881,  3889,  3907,  3911,  3917,  3919,  3923,
+     3929,  3931,  3943,  3947,  3967,  3989,  4001,  4003,
+     4007,  4013,  4019,  4021,  4027,  4049,  4051,  4057,
+     4073,  4079,  4091,  4093,  4099,  4111,  4127,  4129,
+     4133,  4139,  4153,  4157,  4159,  4177,  4201,  4211,
+     4217,  4219,  4229,  4231,  4241,  4243,  4253,  4259,
+     4261,  4271,  4273,  4283,  4289,  4297,  4327,  4337,
+     4339,  4349,  4357,  4363,  4373,  4391,  4397,  4409,
+     4421,  4423,  4441,  4447,  4451,  4457,  4463,  4481,
+     4483,  4493,  4507,  4513,  4517,  4519,  4523,  4547,
+     4549,  4561,  4567,  4583,  4591,  4597,  4603,  4621,
+     4637,  4639,  4643,  4649,  4651,  4657,  4663,  4673,
+     4679,  4691,  4703,  4721,  4723,  4729,  4733,  4751,
+     4759,  4783,  4787,  4789,  4793,  4799,  4801,  4813,
+     4817,  4831,  4861,  4871,  4877,  4889,  4903,  4909,
+     4919,  4931,  4933,  4937,  4943,  4951,  4957,  4967,
+     4969,  4973,  4987,  4993,  4999,  5003,  5009,  5011,
+     5021,  5023,  5039,  5051,  5059,  5077,  5081,  5087,
+     5099,  5101,  5107,  5113,  5119,  5147,  5153,  5167,
+     5171,  5179,  5189,  5197,  5209,  5227,  5231,  5233,
+     5237,  5261,  5273,  5279,  5281,  5297,  5303,  5309,
+     5323,  5333,  5347,  5351,  5381,  5387,  5393,  5399,
+     5407,  5413,  5417,  5419,  5431,  5437,  5441,  5443,
+     5449,  5471,  5477,  5479,  5483,  5501,  5503,  5507,
+     5519,  5521,  5527,  5531,  5557,  5563,  5569,  5573,
+     5581,  5591,  5623,  5639,  5641,  5647,  5651,  5653,
+     5657,  5659,  5669,  5683,  5689,  5693,  5701,  5711,
+     5717,  5737,  5741,  5743,  5749,  5779,  5783,  5791,
+     5801,  5807,  5813,  5821,  5827,  5839,  5843,  5849,
+     5851,  5857,  5861,  5867,  5869,  5879,  5881,  5897,
+     5903,  5923,  5927,  5939,  5953,  5981,  5987,  6007,
+     6011,  6029,  6037,  6043,  6047,  6053,  6067,  6073,
+     6079,  6089,  6091,  6101,  6113,  6121,  6131,  6133,
+     6143,  6151,  6163,  6173,  6197,  6199,  6203,  6211,
+     6217,  6221,  6229,  6247,  6257,  6263,  6269,  6271,
+     6277,  6287,  6299,  6301,  6311,  6317,  6323,  6329,
+     6337,  6343,  6353,  6359,  6361,  6367,  6373,  6379,
+     6389,  6397,  6421,  6427,  6449,  6451,  6469,  6473,
+     6481,  6491,  6521,  6529,  6547,  6551,  6553,  6563,
+     6569,  6571,  6577,  6581,  6599,  6607,  6619,  6637,
+     6653,  6659,  6661,  6673,  6679,  6689,  6691,  6701,
+     6703,  6709,  6719,  6733,  6737,  6761,  6763,  6779,
+     6781,  6791,  6793,  6803,  6823,  6827,  6829,  6833,
+     6841,  6857,  6863,  6869,  6871,  6883,  6899,  6907,
+     6911,  6917,  6947,  6949,  6959,  6961,  6967,  6971,
+     6977,  6983,  6991,  6997,  7001,  7013,  7019,  7027,
+     7039,  7043,  7057,  7069,  7079,  7103,  7109,  7121,
+     7127,  7129,  7151,  7159,  7177,  7187,  7193,  7207,
+     7211,  7213,  7219,  7229,  7237,  7243,  7247,  7253,
+     7283,  7297,  7307,  7309,  7321,  7331,  7333,  7349,
+     7351,  7369,  7393,  7411,  7417,  7433,  7451,  7457,
+     7459,  7477,  7481,  7487,  7489,  7499,  7507,  7517,
+     7523,  7529,  7537,  7541,  7547,  7549,  7559,  7561,
+     7573,  7577,  7583,  7589,  7591,  7603,  7607,  7621,
+     7639,  7643,  7649,  7669,  7673,  7681,  7687,  7691,
+     7699,  7703,  7717,  7723,  7727,  7741,  7753,  7757,
+     7759,  7789,  7793,  7817,  7823,  7829,  7841,  7853,
+     7867,  7873,  7877,  7879,  7883,  7901,  7907,  7919,
+     7927,  7933,  7937,  7949,  7951,  7963,  7993,  8009,
+     8011,  8017,  8039,  8053,  8059,  8069,  8081,  8087,
+     8089,  8093,  8101,  8111,  8117,  8123,  8147,  8161,
+     8167,  8171,  8179,  8191,  8209,  8219,  8221,  8231,
+     8233,  8237,  8243,  8263,  8269,  8273,  8287,  8291,
+     8293,  8297,  8311,  8317,  8329,  8353,  8363,  8369,
+     8377,  8387,  8389,  8419,  8423,  8429,  8431,  8443,
+     8447,  8461,  8467,  8501,  8513,  8521,  8527,  8537,
+     8539,  8543,  8563,  8573,  8581,  8597,  8599,  8609,
+     8623,  8627,  8629,  8641,  8647,  8663,  8669,  8677,
+     8681,  8689,  8693,  8699,  8707,  8713,  8719,  8731,
+     8737,  8741,  8747,  8753,  8761,  8779,  8783,  8803,
+     8807,  8819,  8821,  8831,  8837,  8839,  8849,  8861,
+     8863,  8867,  8887,  8893,  8923,  8929,  8933,  8941,
+     8951,  8963,  8969,  8971,  8999,  9001,  9007,  9011,
+     9013,  9029,  9041,  9043,  9049,  9059,  9067,  9091,
+     9103,  9109,  9127,  9133,  9137,  9151,  9157,  9161,
+     9173,  9181,  9187,  9199,  9203,  9209,  9221,  9227,
+     9239,  9241,  9257,  9277,  9281,  9283,  9293,  9311,
+     9319,  9323,  9337,  9341,  9343,  9349,  9371,  9377,
+     9391,  9397,  9403,  9413,  9419,  9421,  9431,  9433,
+     9437,  9439,  9461,  9463,  9467,  9473,  9479,  9491,
+     9497,  9511,  9521,  9533,  9539,  9547,  9551,  9587,
+     9601,  9613,  9619,  9623,  9629,  9631,  9643,  9649,
+     9661,  9677,  9679,  9689,  9697,  9719,  9721,  9733,
+     9739,  9743,  9749,  9767,  9769,  9781,  9787,  9791,
+     9803,  9811,  9817,  9829,  9833,  9839,  9851,  9857,
+     9859,  9871,  9883,  9887,  9901,  9907,  9923,  9929,
+     9931,  9941,  9949,  9967,  9973, 10007, 10009, 10037,
+    10039, 10061, 10067, 10069, 10079, 10091, 10093, 10099,
+    10103, 10111, 10133, 10139, 10141, 10151, 10159, 10163,
+    10169, 10177, 10181, 10193, 10211, 10223, 10243, 10247,
+    10253, 10259, 10267, 10271, 10273, 10289, 10301, 10303,
+    10313, 10321, 10331, 10333, 10337, 10343, 10357, 10369,
+    10391, 10399, 10427, 10429, 10433, 10453, 10457, 10459,
+    10463, 10477, 10487, 10499, 10501, 10513, 10529, 10531,
+    10559, 10567, 10589, 10597, 10601, 10607, 10613, 10627,
+    10631, 10639, 10651, 10657, 10663, 10667, 10687, 10691,
+    10709, 10711, 10723, 10729, 10733, 10739, 10753, 10771,
+    10781, 10789, 10799, 10831, 10837, 10847, 10853, 10859,
+    10861, 10867, 10883, 10889, 10891, 10903, 10909, 10937,
+    10939, 10949, 10957, 10973, 10979, 10987, 10993, 11003,
+    11027, 11047, 11057, 11059, 11069, 11071, 11083, 11087,
+    11093, 11113, 11117, 11119, 11131, 11149, 11159, 11161,
+    11171, 11173, 11177, 11197, 11213, 11239, 11243, 11251,
+    11257, 11261, 11273, 11279, 11287, 11299, 11311, 11317,
+    11321, 11329, 11351, 11353, 11369, 11383, 11393, 11399,
+    11411, 11423, 11437, 11443, 11447, 11467, 11471, 11483,
+    11489, 11491, 11497, 11503, 11519, 11527, 11549, 11551,
+    11579, 11587, 11593, 11597, 11617, 11621, 11633, 11657,
+    11677, 11681, 11689, 11699, 11701, 11717, 11719, 11731,
+    11743, 11777, 11779, 11783, 11789, 11801, 11807, 11813,
+    11821, 11827, 11831, 11833, 11839, 11863, 11867, 11887,
+    11897, 11903, 11909, 11923, 11927, 11933, 11939, 11941,
+    11953, 11959, 11969, 11971, 11981, 11987, 12007, 12011,
+    12037, 12041, 12043, 12049, 12071, 12073, 12097, 12101,
+    12107, 12109, 12113, 12119, 12143, 12149, 12157, 12161,
+    12163, 12197, 12203, 12211, 12227, 12239, 12241, 12251,
+    12253, 12263, 12269, 12277, 12281, 12289, 12301, 12323,
+    12329, 12343, 12347, 12373, 12377, 12379, 12391, 12401,
+    12409, 12413, 12421, 12433, 12437, 12451, 12457, 12473,
+    12479, 12487, 12491, 12497, 12503, 12511, 12517, 12527,
+    12539, 12541, 12547, 12553, 12569, 12577, 12583, 12589,
+    12601, 12611, 12613, 12619, 12637, 12641, 12647, 12653,
+    12659, 12671, 12689, 12697, 12703, 12713, 12721, 12739,
+    12743, 12757, 12763, 12781, 12791, 12799, 12809, 12821,
+    12823, 12829, 12841, 12853, 12889, 12893, 12899, 12907,
+    12911, 12917, 12919, 12923, 12941, 12953, 12959, 12967,
+    12973, 12979, 12983, 13001, 13003, 13007, 13009, 13033,
+    13037, 13043, 13049, 13063, 13093, 13099, 13103, 13109,
+    13121, 13127, 13147, 13151, 13159, 13163, 13171, 13177,
+    13183, 13187, 13217, 13219, 13229, 13241, 13249, 13259,
+    13267, 13291, 13297, 13309, 13313, 13327, 13331, 13337,
+    13339, 13367, 13381, 13397, 13399, 13411, 13417, 13421,
+    13441, 13451, 13457, 13463, 13469, 13477, 13487, 13499,
+    13513, 13523, 13537, 13553, 13567, 13577, 13591, 13597,
+    13613, 13619, 13627, 13633, 13649, 13669, 13679, 13681,
+    13687, 13691, 13693, 13697, 13709, 13711, 13721, 13723,
+    13729, 13751, 13757, 13759, 13763, 13781, 13789, 13799,
+    13807, 13829, 13831, 13841, 13859, 13873, 13877, 13879,
+    13883, 13901, 13903, 13907, 13913, 13921, 13931, 13933,
+    13963, 13967, 13997, 13999, 14009, 14011, 14029, 14033,
+    14051, 14057, 14071, 14081, 14083, 14087, 14107, 14143,
+    14149, 14153, 14159, 14173, 14177, 14197, 14207, 14221,
+    14243, 14249, 14251, 14281, 14293, 14303, 14321, 14323,
+    14327, 14341, 14347, 14369, 14387, 14389, 14401, 14407,
+    14411, 14419, 14423, 14431, 14437, 14447, 14449, 14461,
+    14479, 14489, 14503, 14519, 14533, 14537, 14543, 14549,
+    14551, 14557, 14561, 14563, 14591, 14593, 14621, 14627,
+    14629, 14633, 14639, 14653, 14657, 14669, 14683, 14699,
+    14713, 14717, 14723, 14731, 14737, 14741, 14747, 14753,
+    14759, 14767, 14771, 14779, 14783, 14797, 14813, 14821,
+    14827, 14831, 14843, 14851, 14867, 14869, 14879, 14887,
+    14891, 14897, 14923, 14929, 14939, 14947, 14951, 14957,
+    14969, 14983, 15013, 15017, 15031, 15053, 15061, 15073,
+    15077, 15083, 15091, 15101, 15107, 15121, 15131, 15137,
+    15139, 15149, 15161, 15173, 15187, 15193, 15199, 15217,
+    15227, 15233, 15241, 15259, 15263, 15269, 15271, 15277,
+    15287, 15289, 15299, 15307, 15313, 15319, 15329, 15331,
+    15349, 15359, 15361, 15373, 15377, 15383, 15391, 15401,
+    15413, 15427, 15439, 15443, 15451, 15461, 15467, 15473,
+    15493, 15497, 15511, 15527, 15541, 15551, 15559, 15569,
+    15581, 15583, 15601, 15607, 15619, 15629, 15641, 15643,
+    15647, 15649, 15661, 15667, 15671, 15679, 15683, 15727,
+    15731, 15733, 15737, 15739, 15749, 15761, 15767, 15773,
+    15787, 15791, 15797, 15803, 15809, 15817, 15823, 15859,
+    15877, 15881, 15887, 15889, 15901, 15907, 15913, 15919,
+    15923, 15937, 15959, 15971, 15973, 15991, 16001, 16007,
+    16033, 16057, 16061, 16063, 16067, 16069, 16073, 16087,
+    16091, 16097, 16103, 16111, 16127, 16139, 16141, 16183,
+    16187, 16189, 16193, 16217, 16223, 16229, 16231, 16249,
+    16253, 16267, 16273, 16301, 16319, 16333, 16339, 16349,
+    16361, 16363, 16369, 16381, 16411, 16417, 16421, 16427,
+    16433, 16447, 16451, 16453, 16477, 16481, 16487, 16493,
+    16519, 16529, 16547, 16553, 16561, 16567, 16573, 16603,
+    16607, 16619, 16631, 16633, 16649, 16651, 16657, 16661,
+    16673, 16691, 16693, 16699, 16703, 16729, 16741, 16747,
+    16759, 16763, 16787, 16811, 16823, 16829, 16831, 16843,
+    16871, 16879, 16883, 16889, 16901, 16903, 16921, 16927,
+    16931, 16937, 16943, 16963, 16979, 16981, 16987, 16993,
+    17011, 17021, 17027, 17029, 17033, 17041, 17047, 17053,
+    17077, 17093, 17099, 17107, 17117, 17123, 17137, 17159,
+    17167, 17183, 17189, 17191, 17203, 17207, 17209, 17231,
+    17239, 17257, 17291, 17293, 17299, 17317, 17321, 17327,
+    17333, 17341, 17351, 17359, 17377, 17383, 17387, 17389,
+    17393, 17401, 17417, 17419, 17431, 17443, 17449, 17467,
+    17471, 17477, 17483, 17489, 17491, 17497, 17509, 17519,
+    17539, 17551, 17569, 17573, 17579, 17581, 17597, 17599,
+    17609, 17623, 17627, 17657, 17659, 17669, 17681, 17683,
+    17707, 17713, 17729, 17737, 17747, 17749, 17761, 17783,
+    17789, 17791, 17807, 17827, 17837, 17839, 17851, 17863,
+};
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_prime.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_prime.pl
new file mode 100644
index 000000000..b0b160874
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_prime.pl
@@ -0,0 +1,48 @@
+#! /usr/bin/env perl
+# Copyright 1998-2019 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# Output year depends on the year of the script.
+my $YEAR = [localtime([stat($0)]->[9])]->[5] + 1900;
+print <<"EOF";
+/*
+ * WARNING: do not edit!
+ * Generated by crypto/bn/bn_prime.pl
+ *
+ * Copyright 1998-$YEAR The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+EOF
+
+
+my $num = shift || 2048;
+my @primes = ( 2 );
+my $p = 1;
+loop: while ($#primes < $num-1) {
+    $p += 2;
+    my $s = int(sqrt($p));
+
+    for (my $i = 0; defined($primes[$i]) && $primes[$i] <= $s; $i++) {
+        next loop if ($p % $primes[$i]) == 0;
+    }
+    push(@primes, $p);
+}
+
+print "typedef unsigned short prime_t;\n";
+printf "# define NUMPRIMES %d\n\n", $num;
+
+printf "static const prime_t primes[%d] = {", $num;
+for (my $i = 0; $i <= $#primes; $i++) {
+    printf "\n   " if ($i % 8) == 0;
+    printf " %5d,", $primes[$i];
+}
+print "\n};\n";
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_print.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_print.c
new file mode 100644
index 000000000..1853269d9
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_print.c
@@ -0,0 +1,345 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/ctype.h"
+#include <limits.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include "bn_lcl.h"
+
+static const char Hex[] = "0123456789ABCDEF";
+
+/* Must 'OPENSSL_free' the returned data */
+char *BN_bn2hex(const BIGNUM *a)
+{
+    int i, j, v, z = 0;
+    char *buf;
+    char *p;
+
+    if (BN_is_zero(a))
+        return OPENSSL_strdup("0");
+    buf = OPENSSL_malloc(a->top * BN_BYTES * 2 + 2);
+    if (buf == NULL) {
+        BNerr(BN_F_BN_BN2HEX, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    p = buf;
+    if (a->neg)
+        *p++ = '-';
+    for (i = a->top - 1; i >= 0; i--) {
+        for (j = BN_BITS2 - 8; j >= 0; j -= 8) {
+            /* strip leading zeros */
+            v = (int)((a->d[i] >> j) & 0xff);
+            if (z || v != 0) {
+                *p++ = Hex[v >> 4];
+                *p++ = Hex[v & 0x0f];
+                z = 1;
+            }
+        }
+    }
+    *p = '\0';
+ err:
+    return buf;
+}
+
+/* Must 'OPENSSL_free' the returned data */
+char *BN_bn2dec(const BIGNUM *a)
+{
+    int i = 0, num, ok = 0, n, tbytes;
+    char *buf = NULL;
+    char *p;
+    BIGNUM *t = NULL;
+    BN_ULONG *bn_data = NULL, *lp;
+    int bn_data_num;
+
+    /*-
+     * get an upper bound for the length of the decimal integer
+     * num <= (BN_num_bits(a) + 1) * log(2)
+     *     <= 3 * BN_num_bits(a) * 0.101 + log(2) + 1     (rounding error)
+     *     <= 3 * BN_num_bits(a) / 10 + 3 * BN_num_bits / 1000 + 1 + 1
+     */
+    i = BN_num_bits(a) * 3;
+    num = (i / 10 + i / 1000 + 1) + 1;
+    tbytes = num + 3;   /* negative and terminator and one spare? */
+    bn_data_num = num / BN_DEC_NUM + 1;
+    bn_data = OPENSSL_malloc(bn_data_num * sizeof(BN_ULONG));
+    buf = OPENSSL_malloc(tbytes);
+    if (buf == NULL || bn_data == NULL) {
+        BNerr(BN_F_BN_BN2DEC, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if ((t = BN_dup(a)) == NULL)
+        goto err;
+
+    p = buf;
+    lp = bn_data;
+    if (BN_is_zero(t)) {
+        *p++ = '0';
+        *p++ = '\0';
+    } else {
+        if (BN_is_negative(t))
+            *p++ = '-';
+
+        while (!BN_is_zero(t)) {
+            if (lp - bn_data >= bn_data_num)
+                goto err;
+            *lp = BN_div_word(t, BN_DEC_CONV);
+            if (*lp == (BN_ULONG)-1)
+                goto err;
+            lp++;
+        }
+        lp--;
+        /*
+         * We now have a series of blocks, BN_DEC_NUM chars in length, where
+         * the last one needs truncation. The blocks need to be reversed in
+         * order.
+         */
+        n = BIO_snprintf(p, tbytes - (size_t)(p - buf), BN_DEC_FMT1, *lp);
+        if (n < 0)
+            goto err;
+        p += n;
+        while (lp != bn_data) {
+            lp--;
+            n = BIO_snprintf(p, tbytes - (size_t)(p - buf), BN_DEC_FMT2, *lp);
+            if (n < 0)
+                goto err;
+            p += n;
+        }
+    }
+    ok = 1;
+ err:
+    OPENSSL_free(bn_data);
+    BN_free(t);
+    if (ok)
+        return buf;
+    OPENSSL_free(buf);
+    return NULL;
+}
+
+int BN_hex2bn(BIGNUM **bn, const char *a)
+{
+    BIGNUM *ret = NULL;
+    BN_ULONG l = 0;
+    int neg = 0, h, m, i, j, k, c;
+    int num;
+
+    if (a == NULL || *a == '\0')
+        return 0;
+
+    if (*a == '-') {
+        neg = 1;
+        a++;
+    }
+
+    for (i = 0; i <= INT_MAX / 4 && ossl_isxdigit(a[i]); i++)
+        continue;
+
+    if (i == 0 || i > INT_MAX / 4)
+        goto err;
+
+    num = i + neg;
+    if (bn == NULL)
+        return num;
+
+    /* a is the start of the hex digits, and it is 'i' long */
+    if (*bn == NULL) {
+        if ((ret = BN_new()) == NULL)
+            return 0;
+    } else {
+        ret = *bn;
+        BN_zero(ret);
+    }
+
+    /* i is the number of hex digits */
+    if (bn_expand(ret, i * 4) == NULL)
+        goto err;
+
+    j = i;                      /* least significant 'hex' */
+    m = 0;
+    h = 0;
+    while (j > 0) {
+        m = (BN_BYTES * 2 <= j) ? BN_BYTES * 2 : j;
+        l = 0;
+        for (;;) {
+            c = a[j - m];
+            k = OPENSSL_hexchar2int(c);
+            if (k < 0)
+                k = 0;          /* paranoia */
+            l = (l << 4) | k;
+
+            if (--m <= 0) {
+                ret->d[h++] = l;
+                break;
+            }
+        }
+        j -= BN_BYTES * 2;
+    }
+    ret->top = h;
+    bn_correct_top(ret);
+
+    *bn = ret;
+    bn_check_top(ret);
+    /* Don't set the negative flag if it's zero. */
+    if (ret->top != 0)
+        ret->neg = neg;
+    return num;
+ err:
+    if (*bn == NULL)
+        BN_free(ret);
+    return 0;
+}
+
+int BN_dec2bn(BIGNUM **bn, const char *a)
+{
+    BIGNUM *ret = NULL;
+    BN_ULONG l = 0;
+    int neg = 0, i, j;
+    int num;
+
+    if (a == NULL || *a == '\0')
+        return 0;
+    if (*a == '-') {
+        neg = 1;
+        a++;
+    }
+
+    for (i = 0; i <= INT_MAX / 4 && ossl_isdigit(a[i]); i++)
+        continue;
+
+    if (i == 0 || i > INT_MAX / 4)
+        goto err;
+
+    num = i + neg;
+    if (bn == NULL)
+        return num;
+
+    /*
+     * a is the start of the digits, and it is 'i' long. We chop it into
+     * BN_DEC_NUM digits at a time
+     */
+    if (*bn == NULL) {
+        if ((ret = BN_new()) == NULL)
+            return 0;
+    } else {
+        ret = *bn;
+        BN_zero(ret);
+    }
+
+    /* i is the number of digits, a bit of an over expand */
+    if (bn_expand(ret, i * 4) == NULL)
+        goto err;
+
+    j = BN_DEC_NUM - i % BN_DEC_NUM;
+    if (j == BN_DEC_NUM)
+        j = 0;
+    l = 0;
+    while (--i >= 0) {
+        l *= 10;
+        l += *a - '0';
+        a++;
+        if (++j == BN_DEC_NUM) {
+            if (!BN_mul_word(ret, BN_DEC_CONV)
+                || !BN_add_word(ret, l))
+                goto err;
+            l = 0;
+            j = 0;
+        }
+    }
+
+    bn_correct_top(ret);
+    *bn = ret;
+    bn_check_top(ret);
+    /* Don't set the negative flag if it's zero. */
+    if (ret->top != 0)
+        ret->neg = neg;
+    return num;
+ err:
+    if (*bn == NULL)
+        BN_free(ret);
+    return 0;
+}
+
+int BN_asc2bn(BIGNUM **bn, const char *a)
+{
+    const char *p = a;
+
+    if (*p == '-')
+        p++;
+
+    if (p[0] == '0' && (p[1] == 'X' || p[1] == 'x')) {
+        if (!BN_hex2bn(bn, p + 2))
+            return 0;
+    } else {
+        if (!BN_dec2bn(bn, p))
+            return 0;
+    }
+    /* Don't set the negative flag if it's zero. */
+    if (*a == '-' && (*bn)->top != 0)
+        (*bn)->neg = 1;
+    return 1;
+}
+
+# ifndef OPENSSL_NO_STDIO
+int BN_print_fp(FILE *fp, const BIGNUM *a)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL)
+        return 0;
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = BN_print(b, a);
+    BIO_free(b);
+    return ret;
+}
+# endif
+
+int BN_print(BIO *bp, const BIGNUM *a)
+{
+    int i, j, v, z = 0;
+    int ret = 0;
+
+    if ((a->neg) && BIO_write(bp, "-", 1) != 1)
+        goto end;
+    if (BN_is_zero(a) && BIO_write(bp, "0", 1) != 1)
+        goto end;
+    for (i = a->top - 1; i >= 0; i--) {
+        for (j = BN_BITS2 - 4; j >= 0; j -= 4) {
+            /* strip leading zeros */
+            v = (int)((a->d[i] >> j) & 0x0f);
+            if (z || v != 0) {
+                if (BIO_write(bp, &Hex[v], 1) != 1)
+                    goto end;
+                z = 1;
+            }
+        }
+    }
+    ret = 1;
+ end:
+    return ret;
+}
+
+char *BN_options(void)
+{
+    static int init = 0;
+    static char data[16];
+
+    if (!init) {
+        init++;
+#ifdef BN_LLONG
+        BIO_snprintf(data, sizeof(data), "bn(%zu,%zu)",
+                     sizeof(BN_ULLONG) * 8, sizeof(BN_ULONG) * 8);
+#else
+        BIO_snprintf(data, sizeof(data), "bn(%zu,%zu)",
+                     sizeof(BN_ULONG) * 8, sizeof(BN_ULONG) * 8);
+#endif
+    }
+    return data;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_rand.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_rand.c
new file mode 100644
index 000000000..c0d1a3229
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_rand.c
@@ -0,0 +1,268 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "internal/cryptlib.h"
+#include "bn_lcl.h"
+#include <openssl/rand.h>
+#include <openssl/sha.h>
+
+typedef enum bnrand_flag_e {
+    NORMAL, TESTING, PRIVATE
+} BNRAND_FLAG;
+
+static int bnrand(BNRAND_FLAG flag, BIGNUM *rnd, int bits, int top, int bottom)
+{
+    unsigned char *buf = NULL;
+    int b, ret = 0, bit, bytes, mask;
+
+    if (bits == 0) {
+        if (top != BN_RAND_TOP_ANY || bottom != BN_RAND_BOTTOM_ANY)
+            goto toosmall;
+        BN_zero(rnd);
+        return 1;
+    }
+    if (bits < 0 || (bits == 1 && top > 0))
+        goto toosmall;
+
+    bytes = (bits + 7) / 8;
+    bit = (bits - 1) % 8;
+    mask = 0xff << (bit + 1);
+
+    buf = OPENSSL_malloc(bytes);
+    if (buf == NULL) {
+        BNerr(BN_F_BNRAND, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* make a random number and set the top and bottom bits */
+    b = flag == NORMAL ? RAND_bytes(buf, bytes) : RAND_priv_bytes(buf, bytes);
+    if (b <= 0)
+        goto err;
+
+    if (flag == TESTING) {
+        /*
+         * generate patterns that are more likely to trigger BN library bugs
+         */
+        int i;
+        unsigned char c;
+
+        for (i = 0; i < bytes; i++) {
+            if (RAND_bytes(&c, 1) <= 0)
+                goto err;
+            if (c >= 128 && i > 0)
+                buf[i] = buf[i - 1];
+            else if (c < 42)
+                buf[i] = 0;
+            else if (c < 84)
+                buf[i] = 255;
+        }
+    }
+
+    if (top >= 0) {
+        if (top) {
+            if (bit == 0) {
+                buf[0] = 1;
+                buf[1] |= 0x80;
+            } else {
+                buf[0] |= (3 << (bit - 1));
+            }
+        } else {
+            buf[0] |= (1 << bit);
+        }
+    }
+    buf[0] &= ~mask;
+    if (bottom)                 /* set bottom bit if requested */
+        buf[bytes - 1] |= 1;
+    if (!BN_bin2bn(buf, bytes, rnd))
+        goto err;
+    ret = 1;
+ err:
+    OPENSSL_clear_free(buf, bytes);
+    bn_check_top(rnd);
+    return ret;
+
+toosmall:
+    BNerr(BN_F_BNRAND, BN_R_BITS_TOO_SMALL);
+    return 0;
+}
+
+int BN_rand(BIGNUM *rnd, int bits, int top, int bottom)
+{
+    return bnrand(NORMAL, rnd, bits, top, bottom);
+}
+
+int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom)
+{
+    return bnrand(TESTING, rnd, bits, top, bottom);
+}
+
+int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom)
+{
+    return bnrand(PRIVATE, rnd, bits, top, bottom);
+}
+
+/* random number r:  0 <= r < range */
+static int bnrand_range(BNRAND_FLAG flag, BIGNUM *r, const BIGNUM *range)
+{
+    int n;
+    int count = 100;
+
+    if (range->neg || BN_is_zero(range)) {
+        BNerr(BN_F_BNRAND_RANGE, BN_R_INVALID_RANGE);
+        return 0;
+    }
+
+    n = BN_num_bits(range);     /* n > 0 */
+
+    /* BN_is_bit_set(range, n - 1) always holds */
+
+    if (n == 1)
+        BN_zero(r);
+    else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3)) {
+        /*
+         * range = 100..._2, so 3*range (= 11..._2) is exactly one bit longer
+         * than range
+         */
+        do {
+            if (!bnrand(flag, r, n + 1, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY))
+                return 0;
+
+            /*
+             * If r < 3*range, use r := r MOD range (which is either r, r -
+             * range, or r - 2*range). Otherwise, iterate once more. Since
+             * 3*range = 11..._2, each iteration succeeds with probability >=
+             * .75.
+             */
+            if (BN_cmp(r, range) >= 0) {
+                if (!BN_sub(r, r, range))
+                    return 0;
+                if (BN_cmp(r, range) >= 0)
+                    if (!BN_sub(r, r, range))
+                        return 0;
+            }
+
+            if (!--count) {
+                BNerr(BN_F_BNRAND_RANGE, BN_R_TOO_MANY_ITERATIONS);
+                return 0;
+            }
+
+        }
+        while (BN_cmp(r, range) >= 0);
+    } else {
+        do {
+            /* range = 11..._2  or  range = 101..._2 */
+            if (!bnrand(flag, r, n, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY))
+                return 0;
+
+            if (!--count) {
+                BNerr(BN_F_BNRAND_RANGE, BN_R_TOO_MANY_ITERATIONS);
+                return 0;
+            }
+        }
+        while (BN_cmp(r, range) >= 0);
+    }
+
+    bn_check_top(r);
+    return 1;
+}
+
+int BN_rand_range(BIGNUM *r, const BIGNUM *range)
+{
+    return bnrand_range(NORMAL, r, range);
+}
+
+int BN_priv_rand_range(BIGNUM *r, const BIGNUM *range)
+{
+    return bnrand_range(PRIVATE, r, range);
+}
+
+int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom)
+{
+    return BN_rand(rnd, bits, top, bottom);
+}
+
+int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range)
+{
+    return BN_rand_range(r, range);
+}
+
+/*
+ * BN_generate_dsa_nonce generates a random number 0 <= out < range. Unlike
+ * BN_rand_range, it also includes the contents of |priv| and |message| in
+ * the generation so that an RNG failure isn't fatal as long as |priv|
+ * remains secret. This is intended for use in DSA and ECDSA where an RNG
+ * weakness leads directly to private key exposure unless this function is
+ * used.
+ */
+int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range,
+                          const BIGNUM *priv, const unsigned char *message,
+                          size_t message_len, BN_CTX *ctx)
+{
+    SHA512_CTX sha;
+    /*
+     * We use 512 bits of random data per iteration to ensure that we have at
+     * least |range| bits of randomness.
+     */
+    unsigned char random_bytes[64];
+    unsigned char digest[SHA512_DIGEST_LENGTH];
+    unsigned done, todo;
+    /* We generate |range|+8 bytes of random output. */
+    const unsigned num_k_bytes = BN_num_bytes(range) + 8;
+    unsigned char private_bytes[96];
+    unsigned char *k_bytes;
+    int ret = 0;
+
+    k_bytes = OPENSSL_malloc(num_k_bytes);
+    if (k_bytes == NULL)
+        goto err;
+
+    /* We copy |priv| into a local buffer to avoid exposing its length. */
+    todo = sizeof(priv->d[0]) * priv->top;
+    if (todo > sizeof(private_bytes)) {
+        /*
+         * No reasonable DSA or ECDSA key should have a private key this
+         * large and we don't handle this case in order to avoid leaking the
+         * length of the private key.
+         */
+        BNerr(BN_F_BN_GENERATE_DSA_NONCE, BN_R_PRIVATE_KEY_TOO_LARGE);
+        goto err;
+    }
+    memcpy(private_bytes, priv->d, todo);
+    memset(private_bytes + todo, 0, sizeof(private_bytes) - todo);
+
+    for (done = 0; done < num_k_bytes;) {
+        if (RAND_priv_bytes(random_bytes, sizeof(random_bytes)) != 1)
+            goto err;
+        SHA512_Init(&sha);
+        SHA512_Update(&sha, &done, sizeof(done));
+        SHA512_Update(&sha, private_bytes, sizeof(private_bytes));
+        SHA512_Update(&sha, message, message_len);
+        SHA512_Update(&sha, random_bytes, sizeof(random_bytes));
+        SHA512_Final(digest, &sha);
+
+        todo = num_k_bytes - done;
+        if (todo > SHA512_DIGEST_LENGTH)
+            todo = SHA512_DIGEST_LENGTH;
+        memcpy(k_bytes + done, digest, todo);
+        done += todo;
+    }
+
+    if (!BN_bin2bn(k_bytes, num_k_bytes, out))
+        goto err;
+    if (BN_mod(out, out, range, ctx) != 1)
+        goto err;
+    ret = 1;
+
+ err:
+    OPENSSL_free(k_bytes);
+    OPENSSL_cleanse(private_bytes, sizeof(private_bytes));
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_recp.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_recp.c
new file mode 100644
index 000000000..9ab767f42
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_recp.c
@@ -0,0 +1,194 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include "bn_lcl.h"
+
+void BN_RECP_CTX_init(BN_RECP_CTX *recp)
+{
+    memset(recp, 0, sizeof(*recp));
+    bn_init(&(recp->N));
+    bn_init(&(recp->Nr));
+}
+
+BN_RECP_CTX *BN_RECP_CTX_new(void)
+{
+    BN_RECP_CTX *ret;
+
+    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) {
+        BNerr(BN_F_BN_RECP_CTX_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    bn_init(&(ret->N));
+    bn_init(&(ret->Nr));
+    ret->flags = BN_FLG_MALLOCED;
+    return ret;
+}
+
+void BN_RECP_CTX_free(BN_RECP_CTX *recp)
+{
+    if (recp == NULL)
+        return;
+    BN_free(&recp->N);
+    BN_free(&recp->Nr);
+    if (recp->flags & BN_FLG_MALLOCED)
+        OPENSSL_free(recp);
+}
+
+int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx)
+{
+    if (!BN_copy(&(recp->N), d))
+        return 0;
+    BN_zero(&(recp->Nr));
+    recp->num_bits = BN_num_bits(d);
+    recp->shift = 0;
+    return 1;
+}
+
+int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
+                          BN_RECP_CTX *recp, BN_CTX *ctx)
+{
+    int ret = 0;
+    BIGNUM *a;
+    const BIGNUM *ca;
+
+    BN_CTX_start(ctx);
+    if ((a = BN_CTX_get(ctx)) == NULL)
+        goto err;
+    if (y != NULL) {
+        if (x == y) {
+            if (!BN_sqr(a, x, ctx))
+                goto err;
+        } else {
+            if (!BN_mul(a, x, y, ctx))
+                goto err;
+        }
+        ca = a;
+    } else
+        ca = x;                 /* Just do the mod */
+
+    ret = BN_div_recp(NULL, r, ca, recp, ctx);
+ err:
+    BN_CTX_end(ctx);
+    bn_check_top(r);
+    return ret;
+}
+
+int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
+                BN_RECP_CTX *recp, BN_CTX *ctx)
+{
+    int i, j, ret = 0;
+    BIGNUM *a, *b, *d, *r;
+
+    BN_CTX_start(ctx);
+    d = (dv != NULL) ? dv : BN_CTX_get(ctx);
+    r = (rem != NULL) ? rem : BN_CTX_get(ctx);
+    a = BN_CTX_get(ctx);
+    b = BN_CTX_get(ctx);
+    if (b == NULL)
+        goto err;
+
+    if (BN_ucmp(m, &(recp->N)) < 0) {
+        BN_zero(d);
+        if (!BN_copy(r, m)) {
+            BN_CTX_end(ctx);
+            return 0;
+        }
+        BN_CTX_end(ctx);
+        return 1;
+    }
+
+    /*
+     * We want the remainder Given input of ABCDEF / ab we need multiply
+     * ABCDEF by 3 digests of the reciprocal of ab
+     */
+
+    /* i := max(BN_num_bits(m), 2*BN_num_bits(N)) */
+    i = BN_num_bits(m);
+    j = recp->num_bits << 1;
+    if (j > i)
+        i = j;
+
+    /* Nr := round(2^i / N) */
+    if (i != recp->shift)
+        recp->shift = BN_reciprocal(&(recp->Nr), &(recp->N), i, ctx);
+    /* BN_reciprocal could have returned -1 for an error */
+    if (recp->shift == -1)
+        goto err;
+
+    /*-
+     * d := |round(round(m / 2^BN_num_bits(N)) * recp->Nr / 2^(i - BN_num_bits(N)))|
+     *    = |round(round(m / 2^BN_num_bits(N)) * round(2^i / N) / 2^(i - BN_num_bits(N)))|
+     *   <= |(m / 2^BN_num_bits(N)) * (2^i / N) * (2^BN_num_bits(N) / 2^i)|
+     *    = |m/N|
+     */
+    if (!BN_rshift(a, m, recp->num_bits))
+        goto err;
+    if (!BN_mul(b, a, &(recp->Nr), ctx))
+        goto err;
+    if (!BN_rshift(d, b, i - recp->num_bits))
+        goto err;
+    d->neg = 0;
+
+    if (!BN_mul(b, &(recp->N), d, ctx))
+        goto err;
+    if (!BN_usub(r, m, b))
+        goto err;
+    r->neg = 0;
+
+    j = 0;
+    while (BN_ucmp(r, &(recp->N)) >= 0) {
+        if (j++ > 2) {
+            BNerr(BN_F_BN_DIV_RECP, BN_R_BAD_RECIPROCAL);
+            goto err;
+        }
+        if (!BN_usub(r, r, &(recp->N)))
+            goto err;
+        if (!BN_add_word(d, 1))
+            goto err;
+    }
+
+    r->neg = BN_is_zero(r) ? 0 : m->neg;
+    d->neg = m->neg ^ recp->N.neg;
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    bn_check_top(dv);
+    bn_check_top(rem);
+    return ret;
+}
+
+/*
+ * len is the expected size of the result We actually calculate with an extra
+ * word of precision, so we can do faster division if the remainder is not
+ * required.
+ */
+/* r := 2^len / m */
+int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx)
+{
+    int ret = -1;
+    BIGNUM *t;
+
+    BN_CTX_start(ctx);
+    if ((t = BN_CTX_get(ctx)) == NULL)
+        goto err;
+
+    if (!BN_set_bit(t, len))
+        goto err;
+
+    if (!BN_div(r, NULL, t, m, ctx))
+        goto err;
+
+    ret = len;
+ err:
+    bn_check_top(r);
+    BN_CTX_end(ctx);
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_shift.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_shift.c
new file mode 100644
index 000000000..b7a1e0ff9
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_shift.c
@@ -0,0 +1,257 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <assert.h>
+#include "internal/cryptlib.h"
+#include "bn_lcl.h"
+
+int BN_lshift1(BIGNUM *r, const BIGNUM *a)
+{
+    register BN_ULONG *ap, *rp, t, c;
+    int i;
+
+    bn_check_top(r);
+    bn_check_top(a);
+
+    if (r != a) {
+        r->neg = a->neg;
+        if (bn_wexpand(r, a->top + 1) == NULL)
+            return 0;
+        r->top = a->top;
+    } else {
+        if (bn_wexpand(r, a->top + 1) == NULL)
+            return 0;
+    }
+    ap = a->d;
+    rp = r->d;
+    c = 0;
+    for (i = 0; i < a->top; i++) {
+        t = *(ap++);
+        *(rp++) = ((t << 1) | c) & BN_MASK2;
+        c = (t & BN_TBIT) ? 1 : 0;
+    }
+    if (c) {
+        *rp = 1;
+        r->top++;
+    }
+    bn_check_top(r);
+    return 1;
+}
+
+int BN_rshift1(BIGNUM *r, const BIGNUM *a)
+{
+    BN_ULONG *ap, *rp, t, c;
+    int i, j;
+
+    bn_check_top(r);
+    bn_check_top(a);
+
+    if (BN_is_zero(a)) {
+        BN_zero(r);
+        return 1;
+    }
+    i = a->top;
+    ap = a->d;
+    j = i - (ap[i - 1] == 1);
+    if (a != r) {
+        if (bn_wexpand(r, j) == NULL)
+            return 0;
+        r->neg = a->neg;
+    }
+    rp = r->d;
+    t = ap[--i];
+    c = (t & 1) ? BN_TBIT : 0;
+    if (t >>= 1)
+        rp[i] = t;
+    while (i > 0) {
+        t = ap[--i];
+        rp[i] = ((t >> 1) & BN_MASK2) | c;
+        c = (t & 1) ? BN_TBIT : 0;
+    }
+    r->top = j;
+    if (!r->top)
+        r->neg = 0; /* don't allow negative zero */
+    bn_check_top(r);
+    return 1;
+}
+
+int BN_lshift(BIGNUM *r, const BIGNUM *a, int n)
+{
+    int ret;
+
+    if (n < 0) {
+        BNerr(BN_F_BN_LSHIFT, BN_R_INVALID_SHIFT);
+        return 0;
+    }
+
+    ret = bn_lshift_fixed_top(r, a, n);
+
+    bn_correct_top(r);
+    bn_check_top(r);
+
+    return ret;
+}
+
+/*
+ * In respect to shift factor the execution time is invariant of
+ * |n % BN_BITS2|, but not |n / BN_BITS2|. Or in other words pre-condition
+ * for constant-time-ness is |n < BN_BITS2| or |n / BN_BITS2| being
+ * non-secret.
+ */
+int bn_lshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n)
+{
+    int i, nw;
+    unsigned int lb, rb;
+    BN_ULONG *t, *f;
+    BN_ULONG l, m, rmask = 0;
+
+    assert(n >= 0);
+
+    bn_check_top(r);
+    bn_check_top(a);
+
+    nw = n / BN_BITS2;
+    if (bn_wexpand(r, a->top + nw + 1) == NULL)
+        return 0;
+
+    if (a->top != 0) {
+        lb = (unsigned int)n % BN_BITS2;
+        rb = BN_BITS2 - lb;
+        rb %= BN_BITS2;            /* say no to undefined behaviour */
+        rmask = (BN_ULONG)0 - rb;  /* rmask = 0 - (rb != 0) */
+        rmask |= rmask >> 8;
+        f = &(a->d[0]);
+        t = &(r->d[nw]);
+        l = f[a->top - 1];
+        t[a->top] = (l >> rb) & rmask;
+        for (i = a->top - 1; i > 0; i--) {
+            m = l << lb;
+            l = f[i - 1];
+            t[i] = (m | ((l >> rb) & rmask)) & BN_MASK2;
+        }
+        t[0] = (l << lb) & BN_MASK2;
+    } else {
+        /* shouldn't happen, but formally required */
+        r->d[nw] = 0;
+    }
+    if (nw != 0)
+        memset(r->d, 0, sizeof(*t) * nw);
+
+    r->neg = a->neg;
+    r->top = a->top + nw + 1;
+    r->flags |= BN_FLG_FIXED_TOP;
+
+    return 1;
+}
+
+int BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
+{
+    int i, j, nw, lb, rb;
+    BN_ULONG *t, *f;
+    BN_ULONG l, tmp;
+
+    bn_check_top(r);
+    bn_check_top(a);
+
+    if (n < 0) {
+        BNerr(BN_F_BN_RSHIFT, BN_R_INVALID_SHIFT);
+        return 0;
+    }
+
+    nw = n / BN_BITS2;
+    rb = n % BN_BITS2;
+    lb = BN_BITS2 - rb;
+    if (nw >= a->top || a->top == 0) {
+        BN_zero(r);
+        return 1;
+    }
+    i = (BN_num_bits(a) - n + (BN_BITS2 - 1)) / BN_BITS2;
+    if (r != a) {
+        if (bn_wexpand(r, i) == NULL)
+            return 0;
+        r->neg = a->neg;
+    } else {
+        if (n == 0)
+            return 1;           /* or the copying loop will go berserk */
+    }
+
+    f = &(a->d[nw]);
+    t = r->d;
+    j = a->top - nw;
+    r->top = i;
+
+    if (rb == 0) {
+        for (i = j; i != 0; i--)
+            *(t++) = *(f++);
+    } else {
+        l = *(f++);
+        for (i = j - 1; i != 0; i--) {
+            tmp = (l >> rb) & BN_MASK2;
+            l = *(f++);
+            *(t++) = (tmp | (l << lb)) & BN_MASK2;
+        }
+        if ((l = (l >> rb) & BN_MASK2))
+            *(t) = l;
+    }
+    if (!r->top)
+        r->neg = 0; /* don't allow negative zero */
+    bn_check_top(r);
+    return 1;
+}
+
+/*
+ * In respect to shift factor the execution time is invariant of
+ * |n % BN_BITS2|, but not |n / BN_BITS2|. Or in other words pre-condition
+ * for constant-time-ness for sufficiently[!] zero-padded inputs is
+ * |n < BN_BITS2| or |n / BN_BITS2| being non-secret.
+ */
+int bn_rshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n)
+{
+    int i, top, nw;
+    unsigned int lb, rb;
+    BN_ULONG *t, *f;
+    BN_ULONG l, m, mask;
+
+    bn_check_top(r);
+    bn_check_top(a);
+
+    assert(n >= 0);
+
+    nw = n / BN_BITS2;
+    if (nw >= a->top) {
+        /* shouldn't happen, but formally required */
+        BN_zero(r);
+        return 1;
+    }
+
+    rb = (unsigned int)n % BN_BITS2;
+    lb = BN_BITS2 - rb;
+    lb %= BN_BITS2;            /* say no to undefined behaviour */
+    mask = (BN_ULONG)0 - lb;   /* mask = 0 - (lb != 0) */
+    mask |= mask >> 8;
+    top = a->top - nw;
+    if (r != a && bn_wexpand(r, top) == NULL)
+        return 0;
+
+    t = &(r->d[0]);
+    f = &(a->d[nw]);
+    l = f[0];
+    for (i = 0; i < top - 1; i++) {
+        m = f[i + 1];
+        t[i] = (l >> rb) | ((m << lb) & mask);
+        l = m;
+    }
+    t[i] = l >> rb;
+
+    r->neg = a->neg;
+    r->top = top;
+    r->flags |= BN_FLG_FIXED_TOP;
+
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_sqr.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_sqr.c
new file mode 100644
index 000000000..0c0a590f0
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_sqr.c
@@ -0,0 +1,239 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include "bn_lcl.h"
+
+/* r must not be a */
+/*
+ * I've just gone over this and it is now %20 faster on x86 - eay - 27 Jun 96
+ */
+int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
+{
+    int ret = bn_sqr_fixed_top(r, a, ctx);
+
+    bn_correct_top(r);
+    bn_check_top(r);
+
+    return ret;
+}
+
+int bn_sqr_fixed_top(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
+{
+    int max, al;
+    int ret = 0;
+    BIGNUM *tmp, *rr;
+
+    bn_check_top(a);
+
+    al = a->top;
+    if (al <= 0) {
+        r->top = 0;
+        r->neg = 0;
+        return 1;
+    }
+
+    BN_CTX_start(ctx);
+    rr = (a != r) ? r : BN_CTX_get(ctx);
+    tmp = BN_CTX_get(ctx);
+    if (rr == NULL || tmp == NULL)
+        goto err;
+
+    max = 2 * al;               /* Non-zero (from above) */
+    if (bn_wexpand(rr, max) == NULL)
+        goto err;
+
+    if (al == 4) {
+#ifndef BN_SQR_COMBA
+        BN_ULONG t[8];
+        bn_sqr_normal(rr->d, a->d, 4, t);
+#else
+        bn_sqr_comba4(rr->d, a->d);
+#endif
+    } else if (al == 8) {
+#ifndef BN_SQR_COMBA
+        BN_ULONG t[16];
+        bn_sqr_normal(rr->d, a->d, 8, t);
+#else
+        bn_sqr_comba8(rr->d, a->d);
+#endif
+    } else {
+#if defined(BN_RECURSION)
+        if (al < BN_SQR_RECURSIVE_SIZE_NORMAL) {
+            BN_ULONG t[BN_SQR_RECURSIVE_SIZE_NORMAL * 2];
+            bn_sqr_normal(rr->d, a->d, al, t);
+        } else {
+            int j, k;
+
+            j = BN_num_bits_word((BN_ULONG)al);
+            j = 1 << (j - 1);
+            k = j + j;
+            if (al == j) {
+                if (bn_wexpand(tmp, k * 2) == NULL)
+                    goto err;
+                bn_sqr_recursive(rr->d, a->d, al, tmp->d);
+            } else {
+                if (bn_wexpand(tmp, max) == NULL)
+                    goto err;
+                bn_sqr_normal(rr->d, a->d, al, tmp->d);
+            }
+        }
+#else
+        if (bn_wexpand(tmp, max) == NULL)
+            goto err;
+        bn_sqr_normal(rr->d, a->d, al, tmp->d);
+#endif
+    }
+
+    rr->neg = 0;
+    rr->top = max;
+    rr->flags |= BN_FLG_FIXED_TOP;
+    if (r != rr && BN_copy(r, rr) == NULL)
+        goto err;
+
+    ret = 1;
+ err:
+    bn_check_top(rr);
+    bn_check_top(tmp);
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+/* tmp must have 2*n words */
+void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp)
+{
+    int i, j, max;
+    const BN_ULONG *ap;
+    BN_ULONG *rp;
+
+    max = n * 2;
+    ap = a;
+    rp = r;
+    rp[0] = rp[max - 1] = 0;
+    rp++;
+    j = n;
+
+    if (--j > 0) {
+        ap++;
+        rp[j] = bn_mul_words(rp, ap, j, ap[-1]);
+        rp += 2;
+    }
+
+    for (i = n - 2; i > 0; i--) {
+        j--;
+        ap++;
+        rp[j] = bn_mul_add_words(rp, ap, j, ap[-1]);
+        rp += 2;
+    }
+
+    bn_add_words(r, r, r, max);
+
+    /* There will not be a carry */
+
+    bn_sqr_words(tmp, a, n);
+
+    bn_add_words(r, r, tmp, max);
+}
+
+#ifdef BN_RECURSION
+/*-
+ * r is 2*n words in size,
+ * a and b are both n words in size.    (There's not actually a 'b' here ...)
+ * n must be a power of 2.
+ * We multiply and return the result.
+ * t must be 2*n words in size
+ * We calculate
+ * a[0]*b[0]
+ * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
+ * a[1]*b[1]
+ */
+void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t)
+{
+    int n = n2 / 2;
+    int zero, c1;
+    BN_ULONG ln, lo, *p;
+
+    if (n2 == 4) {
+# ifndef BN_SQR_COMBA
+        bn_sqr_normal(r, a, 4, t);
+# else
+        bn_sqr_comba4(r, a);
+# endif
+        return;
+    } else if (n2 == 8) {
+# ifndef BN_SQR_COMBA
+        bn_sqr_normal(r, a, 8, t);
+# else
+        bn_sqr_comba8(r, a);
+# endif
+        return;
+    }
+    if (n2 < BN_SQR_RECURSIVE_SIZE_NORMAL) {
+        bn_sqr_normal(r, a, n2, t);
+        return;
+    }
+    /* r=(a[0]-a[1])*(a[1]-a[0]) */
+    c1 = bn_cmp_words(a, &(a[n]), n);
+    zero = 0;
+    if (c1 > 0)
+        bn_sub_words(t, a, &(a[n]), n);
+    else if (c1 < 0)
+        bn_sub_words(t, &(a[n]), a, n);
+    else
+        zero = 1;
+
+    /* The result will always be negative unless it is zero */
+    p = &(t[n2 * 2]);
+
+    if (!zero)
+        bn_sqr_recursive(&(t[n2]), t, n, p);
+    else
+        memset(&t[n2], 0, sizeof(*t) * n2);
+    bn_sqr_recursive(r, a, n, p);
+    bn_sqr_recursive(&(r[n2]), &(a[n]), n, p);
+
+    /*-
+     * t[32] holds (a[0]-a[1])*(a[1]-a[0]), it is negative or zero
+     * r[10] holds (a[0]*b[0])
+     * r[32] holds (b[1]*b[1])
+     */
+
+    c1 = (int)(bn_add_words(t, r, &(r[n2]), n2));
+
+    /* t[32] is negative */
+    c1 -= (int)(bn_sub_words(&(t[n2]), t, &(t[n2]), n2));
+
+    /*-
+     * t[32] holds (a[0]-a[1])*(a[1]-a[0])+(a[0]*a[0])+(a[1]*a[1])
+     * r[10] holds (a[0]*a[0])
+     * r[32] holds (a[1]*a[1])
+     * c1 holds the carry bits
+     */
+    c1 += (int)(bn_add_words(&(r[n]), &(r[n]), &(t[n2]), n2));
+    if (c1) {
+        p = &(r[n + n2]);
+        lo = *p;
+        ln = (lo + c1) & BN_MASK2;
+        *p = ln;
+
+        /*
+         * The overflow will stop before we over write words we should not
+         * overwrite
+         */
+        if (ln < (BN_ULONG)c1) {
+            do {
+                p++;
+                lo = *p;
+                ln = (lo + 1) & BN_MASK2;
+                *p = ln;
+            } while (ln == 0);
+        }
+    }
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_sqrt.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_sqrt.c
new file mode 100644
index 000000000..b97d8ca43
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_sqrt.c
@@ -0,0 +1,358 @@
+/*
+ * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include "bn_lcl.h"
+
+BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+/*
+ * Returns 'ret' such that ret^2 == a (mod p), using the Tonelli/Shanks
+ * algorithm (cf. Henri Cohen, "A Course in Algebraic Computational Number
+ * Theory", algorithm 1.5.1). 'p' must be prime!
+ */
+{
+    BIGNUM *ret = in;
+    int err = 1;
+    int r;
+    BIGNUM *A, *b, *q, *t, *x, *y;
+    int e, i, j;
+
+    if (!BN_is_odd(p) || BN_abs_is_word(p, 1)) {
+        if (BN_abs_is_word(p, 2)) {
+            if (ret == NULL)
+                ret = BN_new();
+            if (ret == NULL)
+                goto end;
+            if (!BN_set_word(ret, BN_is_bit_set(a, 0))) {
+                if (ret != in)
+                    BN_free(ret);
+                return NULL;
+            }
+            bn_check_top(ret);
+            return ret;
+        }
+
+        BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
+        return NULL;
+    }
+
+    if (BN_is_zero(a) || BN_is_one(a)) {
+        if (ret == NULL)
+            ret = BN_new();
+        if (ret == NULL)
+            goto end;
+        if (!BN_set_word(ret, BN_is_one(a))) {
+            if (ret != in)
+                BN_free(ret);
+            return NULL;
+        }
+        bn_check_top(ret);
+        return ret;
+    }
+
+    BN_CTX_start(ctx);
+    A = BN_CTX_get(ctx);
+    b = BN_CTX_get(ctx);
+    q = BN_CTX_get(ctx);
+    t = BN_CTX_get(ctx);
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    if (y == NULL)
+        goto end;
+
+    if (ret == NULL)
+        ret = BN_new();
+    if (ret == NULL)
+        goto end;
+
+    /* A = a mod p */
+    if (!BN_nnmod(A, a, p, ctx))
+        goto end;
+
+    /* now write  |p| - 1  as  2^e*q  where  q  is odd */
+    e = 1;
+    while (!BN_is_bit_set(p, e))
+        e++;
+    /* we'll set  q  later (if needed) */
+
+    if (e == 1) {
+        /*-
+         * The easy case:  (|p|-1)/2  is odd, so 2 has an inverse
+         * modulo  (|p|-1)/2,  and square roots can be computed
+         * directly by modular exponentiation.
+         * We have
+         *     2 * (|p|+1)/4 == 1   (mod (|p|-1)/2),
+         * so we can use exponent  (|p|+1)/4,  i.e.  (|p|-3)/4 + 1.
+         */
+        if (!BN_rshift(q, p, 2))
+            goto end;
+        q->neg = 0;
+        if (!BN_add_word(q, 1))
+            goto end;
+        if (!BN_mod_exp(ret, A, q, p, ctx))
+            goto end;
+        err = 0;
+        goto vrfy;
+    }
+
+    if (e == 2) {
+        /*-
+         * |p| == 5  (mod 8)
+         *
+         * In this case  2  is always a non-square since
+         * Legendre(2,p) = (-1)^((p^2-1)/8)  for any odd prime.
+         * So if  a  really is a square, then  2*a  is a non-square.
+         * Thus for
+         *      b := (2*a)^((|p|-5)/8),
+         *      i := (2*a)*b^2
+         * we have
+         *     i^2 = (2*a)^((1 + (|p|-5)/4)*2)
+         *         = (2*a)^((p-1)/2)
+         *         = -1;
+         * so if we set
+         *      x := a*b*(i-1),
+         * then
+         *     x^2 = a^2 * b^2 * (i^2 - 2*i + 1)
+         *         = a^2 * b^2 * (-2*i)
+         *         = a*(-i)*(2*a*b^2)
+         *         = a*(-i)*i
+         *         = a.
+         *
+         * (This is due to A.O.L. Atkin,
+         * <URL: http://listserv.nodak.edu/scripts/wa.exe?A2=ind9211&L=nmbrthry&O=T&P=562>,
+         * November 1992.)
+         */
+
+        /* t := 2*a */
+        if (!BN_mod_lshift1_quick(t, A, p))
+            goto end;
+
+        /* b := (2*a)^((|p|-5)/8) */
+        if (!BN_rshift(q, p, 3))
+            goto end;
+        q->neg = 0;
+        if (!BN_mod_exp(b, t, q, p, ctx))
+            goto end;
+
+        /* y := b^2 */
+        if (!BN_mod_sqr(y, b, p, ctx))
+            goto end;
+
+        /* t := (2*a)*b^2 - 1 */
+        if (!BN_mod_mul(t, t, y, p, ctx))
+            goto end;
+        if (!BN_sub_word(t, 1))
+            goto end;
+
+        /* x = a*b*t */
+        if (!BN_mod_mul(x, A, b, p, ctx))
+            goto end;
+        if (!BN_mod_mul(x, x, t, p, ctx))
+            goto end;
+
+        if (!BN_copy(ret, x))
+            goto end;
+        err = 0;
+        goto vrfy;
+    }
+
+    /*
+     * e > 2, so we really have to use the Tonelli/Shanks algorithm. First,
+     * find some y that is not a square.
+     */
+    if (!BN_copy(q, p))
+        goto end;               /* use 'q' as temp */
+    q->neg = 0;
+    i = 2;
+    do {
+        /*
+         * For efficiency, try small numbers first; if this fails, try random
+         * numbers.
+         */
+        if (i < 22) {
+            if (!BN_set_word(y, i))
+                goto end;
+        } else {
+            if (!BN_priv_rand(y, BN_num_bits(p), 0, 0))
+                goto end;
+            if (BN_ucmp(y, p) >= 0) {
+                if (!(p->neg ? BN_add : BN_sub) (y, y, p))
+                    goto end;
+            }
+            /* now 0 <= y < |p| */
+            if (BN_is_zero(y))
+                if (!BN_set_word(y, i))
+                    goto end;
+        }
+
+        r = BN_kronecker(y, q, ctx); /* here 'q' is |p| */
+        if (r < -1)
+            goto end;
+        if (r == 0) {
+            /* m divides p */
+            BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
+            goto end;
+        }
+    }
+    while (r == 1 && ++i < 82);
+
+    if (r != -1) {
+        /*
+         * Many rounds and still no non-square -- this is more likely a bug
+         * than just bad luck. Even if p is not prime, we should have found
+         * some y such that r == -1.
+         */
+        BNerr(BN_F_BN_MOD_SQRT, BN_R_TOO_MANY_ITERATIONS);
+        goto end;
+    }
+
+    /* Here's our actual 'q': */
+    if (!BN_rshift(q, q, e))
+        goto end;
+
+    /*
+     * Now that we have some non-square, we can find an element of order 2^e
+     * by computing its q'th power.
+     */
+    if (!BN_mod_exp(y, y, q, p, ctx))
+        goto end;
+    if (BN_is_one(y)) {
+        BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
+        goto end;
+    }
+
+    /*-
+     * Now we know that (if  p  is indeed prime) there is an integer
+     * k,  0 <= k < 2^e,  such that
+     *
+     *      a^q * y^k == 1   (mod p).
+     *
+     * As  a^q  is a square and  y  is not,  k  must be even.
+     * q+1  is even, too, so there is an element
+     *
+     *     X := a^((q+1)/2) * y^(k/2),
+     *
+     * and it satisfies
+     *
+     *     X^2 = a^q * a     * y^k
+     *         = a,
+     *
+     * so it is the square root that we are looking for.
+     */
+
+    /* t := (q-1)/2  (note that  q  is odd) */
+    if (!BN_rshift1(t, q))
+        goto end;
+
+    /* x := a^((q-1)/2) */
+    if (BN_is_zero(t)) {        /* special case: p = 2^e + 1 */
+        if (!BN_nnmod(t, A, p, ctx))
+            goto end;
+        if (BN_is_zero(t)) {
+            /* special case: a == 0  (mod p) */
+            BN_zero(ret);
+            err = 0;
+            goto end;
+        } else if (!BN_one(x))
+            goto end;
+    } else {
+        if (!BN_mod_exp(x, A, t, p, ctx))
+            goto end;
+        if (BN_is_zero(x)) {
+            /* special case: a == 0  (mod p) */
+            BN_zero(ret);
+            err = 0;
+            goto end;
+        }
+    }
+
+    /* b := a*x^2  (= a^q) */
+    if (!BN_mod_sqr(b, x, p, ctx))
+        goto end;
+    if (!BN_mod_mul(b, b, A, p, ctx))
+        goto end;
+
+    /* x := a*x    (= a^((q+1)/2)) */
+    if (!BN_mod_mul(x, x, A, p, ctx))
+        goto end;
+
+    while (1) {
+        /*-
+         * Now  b  is  a^q * y^k  for some even  k  (0 <= k < 2^E
+         * where  E  refers to the original value of  e,  which we
+         * don't keep in a variable),  and  x  is  a^((q+1)/2) * y^(k/2).
+         *
+         * We have  a*b = x^2,
+         *    y^2^(e-1) = -1,
+         *    b^2^(e-1) = 1.
+         */
+
+        if (BN_is_one(b)) {
+            if (!BN_copy(ret, x))
+                goto end;
+            err = 0;
+            goto vrfy;
+        }
+
+        /* find smallest  i  such that  b^(2^i) = 1 */
+        i = 1;
+        if (!BN_mod_sqr(t, b, p, ctx))
+            goto end;
+        while (!BN_is_one(t)) {
+            i++;
+            if (i == e) {
+                BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
+                goto end;
+            }
+            if (!BN_mod_mul(t, t, t, p, ctx))
+                goto end;
+        }
+
+        /* t := y^2^(e - i - 1) */
+        if (!BN_copy(t, y))
+            goto end;
+        for (j = e - i - 1; j > 0; j--) {
+            if (!BN_mod_sqr(t, t, p, ctx))
+                goto end;
+        }
+        if (!BN_mod_mul(y, t, t, p, ctx))
+            goto end;
+        if (!BN_mod_mul(x, x, t, p, ctx))
+            goto end;
+        if (!BN_mod_mul(b, b, y, p, ctx))
+            goto end;
+        e = i;
+    }
+
+ vrfy:
+    if (!err) {
+        /*
+         * verify the result -- the input might have been not a square (test
+         * added in 0.9.8)
+         */
+
+        if (!BN_mod_sqr(x, ret, p, ctx))
+            err = 1;
+
+        if (!err && 0 != BN_cmp(x, A)) {
+            BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
+            err = 1;
+        }
+    }
+
+ end:
+    if (err) {
+        if (ret != in)
+            BN_clear_free(ret);
+        ret = NULL;
+    }
+    BN_CTX_end(ctx);
+    bn_check_top(ret);
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_srp.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_srp.c
new file mode 100644
index 000000000..27b6ebe51
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_srp.c
@@ -0,0 +1,545 @@
+/*
+ * Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "bn_lcl.h"
+#include "internal/nelem.h"
+
+#ifndef OPENSSL_NO_SRP
+
+#include <openssl/srp.h>
+#include "internal/bn_srp.h"
+
+# if (BN_BYTES == 8)
+#  if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
+#   define bn_pack4(a1,a2,a3,a4) ((a1##UI64<<48)|(a2##UI64<<32)|(a3##UI64<<16)|a4##UI64)
+#  elif defined(__arch64__)
+#   define bn_pack4(a1,a2,a3,a4) ((a1##UL<<48)|(a2##UL<<32)|(a3##UL<<16)|a4##UL)
+#  else
+#   define bn_pack4(a1,a2,a3,a4) ((a1##ULL<<48)|(a2##ULL<<32)|(a3##ULL<<16)|a4##ULL)
+#  endif
+# elif (BN_BYTES == 4)
+#  define bn_pack4(a1,a2,a3,a4)  ((a3##UL<<16)|a4##UL), ((a1##UL<<16)|a2##UL)
+# else
+#  error "unsupported BN_BYTES"
+# endif
+
+static const BN_ULONG bn_group_1024_value[] = {
+    bn_pack4(0x9FC6, 0x1D2F, 0xC0EB, 0x06E3),
+    bn_pack4(0xFD51, 0x38FE, 0x8376, 0x435B),
+    bn_pack4(0x2FD4, 0xCBF4, 0x976E, 0xAA9A),
+    bn_pack4(0x68ED, 0xBC3C, 0x0572, 0x6CC0),
+    bn_pack4(0xC529, 0xF566, 0x660E, 0x57EC),
+    bn_pack4(0x8255, 0x9B29, 0x7BCF, 0x1885),
+    bn_pack4(0xCE8E, 0xF4AD, 0x69B1, 0x5D49),
+    bn_pack4(0x5DC7, 0xD7B4, 0x6154, 0xD6B6),
+    bn_pack4(0x8E49, 0x5C1D, 0x6089, 0xDAD1),
+    bn_pack4(0xE0D5, 0xD8E2, 0x50B9, 0x8BE4),
+    bn_pack4(0x383B, 0x4813, 0xD692, 0xC6E0),
+    bn_pack4(0xD674, 0xDF74, 0x96EA, 0x81D3),
+    bn_pack4(0x9EA2, 0x314C, 0x9C25, 0x6576),
+    bn_pack4(0x6072, 0x6187, 0x75FF, 0x3C0B),
+    bn_pack4(0x9C33, 0xF80A, 0xFA8F, 0xC5E8),
+    bn_pack4(0xEEAF, 0x0AB9, 0xADB3, 0x8DD6)
+};
+
+const BIGNUM bn_group_1024 = {
+    (BN_ULONG *)bn_group_1024_value,
+    OSSL_NELEM(bn_group_1024_value),
+    OSSL_NELEM(bn_group_1024_value),
+    0,
+    BN_FLG_STATIC_DATA
+};
+
+static const BN_ULONG bn_group_1536_value[] = {
+    bn_pack4(0xCF76, 0xE3FE, 0xD135, 0xF9BB),
+    bn_pack4(0x1518, 0x0F93, 0x499A, 0x234D),
+    bn_pack4(0x8CE7, 0xA28C, 0x2442, 0xC6F3),
+    bn_pack4(0x5A02, 0x1FFF, 0x5E91, 0x479E),
+    bn_pack4(0x7F8A, 0x2FE9, 0xB8B5, 0x292E),
+    bn_pack4(0x837C, 0x264A, 0xE3A9, 0xBEB8),
+    bn_pack4(0xE442, 0x734A, 0xF7CC, 0xB7AE),
+    bn_pack4(0x6577, 0x2E43, 0x7D6C, 0x7F8C),
+    bn_pack4(0xDB2F, 0xD53D, 0x24B7, 0xC486),
+    bn_pack4(0x6EDF, 0x0195, 0x3934, 0x9627),
+    bn_pack4(0x158B, 0xFD3E, 0x2B9C, 0x8CF5),
+    bn_pack4(0x764E, 0x3F4B, 0x53DD, 0x9DA1),
+    bn_pack4(0x4754, 0x8381, 0xDBC5, 0xB1FC),
+    bn_pack4(0x9B60, 0x9E0B, 0xE3BA, 0xB63D),
+    bn_pack4(0x8134, 0xB1C8, 0xB979, 0x8914),
+    bn_pack4(0xDF02, 0x8A7C, 0xEC67, 0xF0D0),
+    bn_pack4(0x80B6, 0x55BB, 0x9A22, 0xE8DC),
+    bn_pack4(0x1558, 0x903B, 0xA0D0, 0xF843),
+    bn_pack4(0x51C6, 0xA94B, 0xE460, 0x7A29),
+    bn_pack4(0x5F4F, 0x5F55, 0x6E27, 0xCBDE),
+    bn_pack4(0xBEEE, 0xA961, 0x4B19, 0xCC4D),
+    bn_pack4(0xDBA5, 0x1DF4, 0x99AC, 0x4C80),
+    bn_pack4(0xB1F1, 0x2A86, 0x17A4, 0x7BBB),
+    bn_pack4(0x9DEF, 0x3CAF, 0xB939, 0x277A)
+};
+
+const BIGNUM bn_group_1536 = {
+    (BN_ULONG *)bn_group_1536_value,
+    OSSL_NELEM(bn_group_1536_value),
+    OSSL_NELEM(bn_group_1536_value),
+    0,
+    BN_FLG_STATIC_DATA
+};
+
+static const BN_ULONG bn_group_2048_value[] = {
+    bn_pack4(0x0FA7, 0x111F, 0x9E4A, 0xFF73),
+    bn_pack4(0x9B65, 0xE372, 0xFCD6, 0x8EF2),
+    bn_pack4(0x35DE, 0x236D, 0x525F, 0x5475),
+    bn_pack4(0x94B5, 0xC803, 0xD89F, 0x7AE4),
+    bn_pack4(0x71AE, 0x35F8, 0xE9DB, 0xFBB6),
+    bn_pack4(0x2A56, 0x98F3, 0xA8D0, 0xC382),
+    bn_pack4(0x9CCC, 0x041C, 0x7BC3, 0x08D8),
+    bn_pack4(0xAF87, 0x4E73, 0x03CE, 0x5329),
+    bn_pack4(0x6160, 0x2790, 0x04E5, 0x7AE6),
+    bn_pack4(0x032C, 0xFBDB, 0xF52F, 0xB378),
+    bn_pack4(0x5EA7, 0x7A27, 0x75D2, 0xECFA),
+    bn_pack4(0x5445, 0x23B5, 0x24B0, 0xD57D),
+    bn_pack4(0x5B9D, 0x32E6, 0x88F8, 0x7748),
+    bn_pack4(0xF1D2, 0xB907, 0x8717, 0x461A),
+    bn_pack4(0x76BD, 0x207A, 0x436C, 0x6481),
+    bn_pack4(0xCA97, 0xB43A, 0x23FB, 0x8016),
+    bn_pack4(0x1D28, 0x1E44, 0x6B14, 0x773B),
+    bn_pack4(0x7359, 0xD041, 0xD5C3, 0x3EA7),
+    bn_pack4(0xA80D, 0x740A, 0xDBF4, 0xFF74),
+    bn_pack4(0x55F9, 0x7993, 0xEC97, 0x5EEA),
+    bn_pack4(0x2918, 0xA996, 0x2F0B, 0x93B8),
+    bn_pack4(0x661A, 0x05FB, 0xD5FA, 0xAAE8),
+    bn_pack4(0xCF60, 0x9517, 0x9A16, 0x3AB3),
+    bn_pack4(0xE808, 0x3969, 0xEDB7, 0x67B0),
+    bn_pack4(0xCD7F, 0x48A9, 0xDA04, 0xFD50),
+    bn_pack4(0xD523, 0x12AB, 0x4B03, 0x310D),
+    bn_pack4(0x8193, 0xE075, 0x7767, 0xA13D),
+    bn_pack4(0xA373, 0x29CB, 0xB4A0, 0x99ED),
+    bn_pack4(0xFC31, 0x9294, 0x3DB5, 0x6050),
+    bn_pack4(0xAF72, 0xB665, 0x1987, 0xEE07),
+    bn_pack4(0xF166, 0xDE5E, 0x1389, 0x582F),
+    bn_pack4(0xAC6B, 0xDB41, 0x324A, 0x9A9B)
+};
+
+const BIGNUM bn_group_2048 = {
+    (BN_ULONG *)bn_group_2048_value,
+    OSSL_NELEM(bn_group_2048_value),
+    OSSL_NELEM(bn_group_2048_value),
+    0,
+    BN_FLG_STATIC_DATA
+};
+
+static const BN_ULONG bn_group_3072_value[] = {
+    bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF),
+    bn_pack4(0x4B82, 0xD120, 0xA93A, 0xD2CA),
+    bn_pack4(0x43DB, 0x5BFC, 0xE0FD, 0x108E),
+    bn_pack4(0x08E2, 0x4FA0, 0x74E5, 0xAB31),
+    bn_pack4(0x7709, 0x88C0, 0xBAD9, 0x46E2),
+    bn_pack4(0xBBE1, 0x1757, 0x7A61, 0x5D6C),
+    bn_pack4(0x521F, 0x2B18, 0x177B, 0x200C),
+    bn_pack4(0xD876, 0x0273, 0x3EC8, 0x6A64),
+    bn_pack4(0xF12F, 0xFA06, 0xD98A, 0x0864),
+    bn_pack4(0xCEE3, 0xD226, 0x1AD2, 0xEE6B),
+    bn_pack4(0x1E8C, 0x94E0, 0x4A25, 0x619D),
+    bn_pack4(0xABF5, 0xAE8C, 0xDB09, 0x33D7),
+    bn_pack4(0xB397, 0x0F85, 0xA6E1, 0xE4C7),
+    bn_pack4(0x8AEA, 0x7157, 0x5D06, 0x0C7D),
+    bn_pack4(0xECFB, 0x8504, 0x58DB, 0xEF0A),
+    bn_pack4(0xA855, 0x21AB, 0xDF1C, 0xBA64),
+    bn_pack4(0xAD33, 0x170D, 0x0450, 0x7A33),
+    bn_pack4(0x1572, 0x8E5A, 0x8AAA, 0xC42D),
+    bn_pack4(0x15D2, 0x2618, 0x98FA, 0x0510),
+    bn_pack4(0x3995, 0x497C, 0xEA95, 0x6AE5),
+    bn_pack4(0xDE2B, 0xCBF6, 0x9558, 0x1718),
+    bn_pack4(0xB5C5, 0x5DF0, 0x6F4C, 0x52C9),
+    bn_pack4(0x9B27, 0x83A2, 0xEC07, 0xA28F),
+    bn_pack4(0xE39E, 0x772C, 0x180E, 0x8603),
+    bn_pack4(0x3290, 0x5E46, 0x2E36, 0xCE3B),
+    bn_pack4(0xF174, 0x6C08, 0xCA18, 0x217C),
+    bn_pack4(0x670C, 0x354E, 0x4ABC, 0x9804),
+    bn_pack4(0x9ED5, 0x2907, 0x7096, 0x966D),
+    bn_pack4(0x1C62, 0xF356, 0x2085, 0x52BB),
+    bn_pack4(0x8365, 0x5D23, 0xDCA3, 0xAD96),
+    bn_pack4(0x6916, 0x3FA8, 0xFD24, 0xCF5F),
+    bn_pack4(0x98DA, 0x4836, 0x1C55, 0xD39A),
+    bn_pack4(0xC200, 0x7CB8, 0xA163, 0xBF05),
+    bn_pack4(0x4928, 0x6651, 0xECE4, 0x5B3D),
+    bn_pack4(0xAE9F, 0x2411, 0x7C4B, 0x1FE6),
+    bn_pack4(0xEE38, 0x6BFB, 0x5A89, 0x9FA5),
+    bn_pack4(0x0BFF, 0x5CB6, 0xF406, 0xB7ED),
+    bn_pack4(0xF44C, 0x42E9, 0xA637, 0xED6B),
+    bn_pack4(0xE485, 0xB576, 0x625E, 0x7EC6),
+    bn_pack4(0x4FE1, 0x356D, 0x6D51, 0xC245),
+    bn_pack4(0x302B, 0x0A6D, 0xF25F, 0x1437),
+    bn_pack4(0xEF95, 0x19B3, 0xCD3A, 0x431B),
+    bn_pack4(0x514A, 0x0879, 0x8E34, 0x04DD),
+    bn_pack4(0x020B, 0xBEA6, 0x3B13, 0x9B22),
+    bn_pack4(0x2902, 0x4E08, 0x8A67, 0xCC74),
+    bn_pack4(0xC4C6, 0x628B, 0x80DC, 0x1CD1),
+    bn_pack4(0xC90F, 0xDAA2, 0x2168, 0xC234),
+    bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF)
+};
+
+const BIGNUM bn_group_3072 = {
+    (BN_ULONG *)bn_group_3072_value,
+    OSSL_NELEM(bn_group_3072_value),
+    OSSL_NELEM(bn_group_3072_value),
+    0,
+    BN_FLG_STATIC_DATA
+};
+
+static const BN_ULONG bn_group_4096_value[] = {
+    bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF),
+    bn_pack4(0x4DF4, 0x35C9, 0x3406, 0x3199),
+    bn_pack4(0x86FF, 0xB7DC, 0x90A6, 0xC08F),
+    bn_pack4(0x93B4, 0xEA98, 0x8D8F, 0xDDC1),
+    bn_pack4(0xD006, 0x9127, 0xD5B0, 0x5AA9),
+    bn_pack4(0xB81B, 0xDD76, 0x2170, 0x481C),
+    bn_pack4(0x1F61, 0x2970, 0xCEE2, 0xD7AF),
+    bn_pack4(0x233B, 0xA186, 0x515B, 0xE7ED),
+    bn_pack4(0x99B2, 0x964F, 0xA090, 0xC3A2),
+    bn_pack4(0x287C, 0x5947, 0x4E6B, 0xC05D),
+    bn_pack4(0x2E8E, 0xFC14, 0x1FBE, 0xCAA6),
+    bn_pack4(0xDBBB, 0xC2DB, 0x04DE, 0x8EF9),
+    bn_pack4(0x2583, 0xE9CA, 0x2AD4, 0x4CE8),
+    bn_pack4(0x1A94, 0x6834, 0xB615, 0x0BDA),
+    bn_pack4(0x99C3, 0x2718, 0x6AF4, 0xE23C),
+    bn_pack4(0x8871, 0x9A10, 0xBDBA, 0x5B26),
+    bn_pack4(0x1A72, 0x3C12, 0xA787, 0xE6D7),
+    bn_pack4(0x4B82, 0xD120, 0xA921, 0x0801),
+    bn_pack4(0x43DB, 0x5BFC, 0xE0FD, 0x108E),
+    bn_pack4(0x08E2, 0x4FA0, 0x74E5, 0xAB31),
+    bn_pack4(0x7709, 0x88C0, 0xBAD9, 0x46E2),
+    bn_pack4(0xBBE1, 0x1757, 0x7A61, 0x5D6C),
+    bn_pack4(0x521F, 0x2B18, 0x177B, 0x200C),
+    bn_pack4(0xD876, 0x0273, 0x3EC8, 0x6A64),
+    bn_pack4(0xF12F, 0xFA06, 0xD98A, 0x0864),
+    bn_pack4(0xCEE3, 0xD226, 0x1AD2, 0xEE6B),
+    bn_pack4(0x1E8C, 0x94E0, 0x4A25, 0x619D),
+    bn_pack4(0xABF5, 0xAE8C, 0xDB09, 0x33D7),
+    bn_pack4(0xB397, 0x0F85, 0xA6E1, 0xE4C7),
+    bn_pack4(0x8AEA, 0x7157, 0x5D06, 0x0C7D),
+    bn_pack4(0xECFB, 0x8504, 0x58DB, 0xEF0A),
+    bn_pack4(0xA855, 0x21AB, 0xDF1C, 0xBA64),
+    bn_pack4(0xAD33, 0x170D, 0x0450, 0x7A33),
+    bn_pack4(0x1572, 0x8E5A, 0x8AAA, 0xC42D),
+    bn_pack4(0x15D2, 0x2618, 0x98FA, 0x0510),
+    bn_pack4(0x3995, 0x497C, 0xEA95, 0x6AE5),
+    bn_pack4(0xDE2B, 0xCBF6, 0x9558, 0x1718),
+    bn_pack4(0xB5C5, 0x5DF0, 0x6F4C, 0x52C9),
+    bn_pack4(0x9B27, 0x83A2, 0xEC07, 0xA28F),
+    bn_pack4(0xE39E, 0x772C, 0x180E, 0x8603),
+    bn_pack4(0x3290, 0x5E46, 0x2E36, 0xCE3B),
+    bn_pack4(0xF174, 0x6C08, 0xCA18, 0x217C),
+    bn_pack4(0x670C, 0x354E, 0x4ABC, 0x9804),
+    bn_pack4(0x9ED5, 0x2907, 0x7096, 0x966D),
+    bn_pack4(0x1C62, 0xF356, 0x2085, 0x52BB),
+    bn_pack4(0x8365, 0x5D23, 0xDCA3, 0xAD96),
+    bn_pack4(0x6916, 0x3FA8, 0xFD24, 0xCF5F),
+    bn_pack4(0x98DA, 0x4836, 0x1C55, 0xD39A),
+    bn_pack4(0xC200, 0x7CB8, 0xA163, 0xBF05),
+    bn_pack4(0x4928, 0x6651, 0xECE4, 0x5B3D),
+    bn_pack4(0xAE9F, 0x2411, 0x7C4B, 0x1FE6),
+    bn_pack4(0xEE38, 0x6BFB, 0x5A89, 0x9FA5),
+    bn_pack4(0x0BFF, 0x5CB6, 0xF406, 0xB7ED),
+    bn_pack4(0xF44C, 0x42E9, 0xA637, 0xED6B),
+    bn_pack4(0xE485, 0xB576, 0x625E, 0x7EC6),
+    bn_pack4(0x4FE1, 0x356D, 0x6D51, 0xC245),
+    bn_pack4(0x302B, 0x0A6D, 0xF25F, 0x1437),
+    bn_pack4(0xEF95, 0x19B3, 0xCD3A, 0x431B),
+    bn_pack4(0x514A, 0x0879, 0x8E34, 0x04DD),
+    bn_pack4(0x020B, 0xBEA6, 0x3B13, 0x9B22),
+    bn_pack4(0x2902, 0x4E08, 0x8A67, 0xCC74),
+    bn_pack4(0xC4C6, 0x628B, 0x80DC, 0x1CD1),
+    bn_pack4(0xC90F, 0xDAA2, 0x2168, 0xC234),
+    bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF)
+};
+
+const BIGNUM bn_group_4096 = {
+    (BN_ULONG *)bn_group_4096_value,
+    OSSL_NELEM(bn_group_4096_value),
+    OSSL_NELEM(bn_group_4096_value),
+    0,
+    BN_FLG_STATIC_DATA
+};
+
+static const BN_ULONG bn_group_6144_value[] = {
+    bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF),
+    bn_pack4(0xE694, 0xF91E, 0x6DCC, 0x4024),
+    bn_pack4(0x12BF, 0x2D5B, 0x0B74, 0x74D6),
+    bn_pack4(0x043E, 0x8F66, 0x3F48, 0x60EE),
+    bn_pack4(0x387F, 0xE8D7, 0x6E3C, 0x0468),
+    bn_pack4(0xDA56, 0xC9EC, 0x2EF2, 0x9632),
+    bn_pack4(0xEB19, 0xCCB1, 0xA313, 0xD55C),
+    bn_pack4(0xF550, 0xAA3D, 0x8A1F, 0xBFF0),
+    bn_pack4(0x06A1, 0xD58B, 0xB7C5, 0xDA76),
+    bn_pack4(0xA797, 0x15EE, 0xF29B, 0xE328),
+    bn_pack4(0x14CC, 0x5ED2, 0x0F80, 0x37E0),
+    bn_pack4(0xCC8F, 0x6D7E, 0xBF48, 0xE1D8),
+    bn_pack4(0x4BD4, 0x07B2, 0x2B41, 0x54AA),
+    bn_pack4(0x0F1D, 0x45B7, 0xFF58, 0x5AC5),
+    bn_pack4(0x23A9, 0x7A7E, 0x36CC, 0x88BE),
+    bn_pack4(0x59E7, 0xC97F, 0xBEC7, 0xE8F3),
+    bn_pack4(0xB5A8, 0x4031, 0x900B, 0x1C9E),
+    bn_pack4(0xD55E, 0x702F, 0x4698, 0x0C82),
+    bn_pack4(0xF482, 0xD7CE, 0x6E74, 0xFEF6),
+    bn_pack4(0xF032, 0xEA15, 0xD172, 0x1D03),
+    bn_pack4(0x5983, 0xCA01, 0xC64B, 0x92EC),
+    bn_pack4(0x6FB8, 0xF401, 0x378C, 0xD2BF),
+    bn_pack4(0x3320, 0x5151, 0x2BD7, 0xAF42),
+    bn_pack4(0xDB7F, 0x1447, 0xE6CC, 0x254B),
+    bn_pack4(0x44CE, 0x6CBA, 0xCED4, 0xBB1B),
+    bn_pack4(0xDA3E, 0xDBEB, 0xCF9B, 0x14ED),
+    bn_pack4(0x1797, 0x27B0, 0x865A, 0x8918),
+    bn_pack4(0xB06A, 0x53ED, 0x9027, 0xD831),
+    bn_pack4(0xE5DB, 0x382F, 0x4130, 0x01AE),
+    bn_pack4(0xF8FF, 0x9406, 0xAD9E, 0x530E),
+    bn_pack4(0xC975, 0x1E76, 0x3DBA, 0x37BD),
+    bn_pack4(0xC1D4, 0xDCB2, 0x6026, 0x46DE),
+    bn_pack4(0x36C3, 0xFAB4, 0xD27C, 0x7026),
+    bn_pack4(0x4DF4, 0x35C9, 0x3402, 0x8492),
+    bn_pack4(0x86FF, 0xB7DC, 0x90A6, 0xC08F),
+    bn_pack4(0x93B4, 0xEA98, 0x8D8F, 0xDDC1),
+    bn_pack4(0xD006, 0x9127, 0xD5B0, 0x5AA9),
+    bn_pack4(0xB81B, 0xDD76, 0x2170, 0x481C),
+    bn_pack4(0x1F61, 0x2970, 0xCEE2, 0xD7AF),
+    bn_pack4(0x233B, 0xA186, 0x515B, 0xE7ED),
+    bn_pack4(0x99B2, 0x964F, 0xA090, 0xC3A2),
+    bn_pack4(0x287C, 0x5947, 0x4E6B, 0xC05D),
+    bn_pack4(0x2E8E, 0xFC14, 0x1FBE, 0xCAA6),
+    bn_pack4(0xDBBB, 0xC2DB, 0x04DE, 0x8EF9),
+    bn_pack4(0x2583, 0xE9CA, 0x2AD4, 0x4CE8),
+    bn_pack4(0x1A94, 0x6834, 0xB615, 0x0BDA),
+    bn_pack4(0x99C3, 0x2718, 0x6AF4, 0xE23C),
+    bn_pack4(0x8871, 0x9A10, 0xBDBA, 0x5B26),
+    bn_pack4(0x1A72, 0x3C12, 0xA787, 0xE6D7),
+    bn_pack4(0x4B82, 0xD120, 0xA921, 0x0801),
+    bn_pack4(0x43DB, 0x5BFC, 0xE0FD, 0x108E),
+    bn_pack4(0x08E2, 0x4FA0, 0x74E5, 0xAB31),
+    bn_pack4(0x7709, 0x88C0, 0xBAD9, 0x46E2),
+    bn_pack4(0xBBE1, 0x1757, 0x7A61, 0x5D6C),
+    bn_pack4(0x521F, 0x2B18, 0x177B, 0x200C),
+    bn_pack4(0xD876, 0x0273, 0x3EC8, 0x6A64),
+    bn_pack4(0xF12F, 0xFA06, 0xD98A, 0x0864),
+    bn_pack4(0xCEE3, 0xD226, 0x1AD2, 0xEE6B),
+    bn_pack4(0x1E8C, 0x94E0, 0x4A25, 0x619D),
+    bn_pack4(0xABF5, 0xAE8C, 0xDB09, 0x33D7),
+    bn_pack4(0xB397, 0x0F85, 0xA6E1, 0xE4C7),
+    bn_pack4(0x8AEA, 0x7157, 0x5D06, 0x0C7D),
+    bn_pack4(0xECFB, 0x8504, 0x58DB, 0xEF0A),
+    bn_pack4(0xA855, 0x21AB, 0xDF1C, 0xBA64),
+    bn_pack4(0xAD33, 0x170D, 0x0450, 0x7A33),
+    bn_pack4(0x1572, 0x8E5A, 0x8AAA, 0xC42D),
+    bn_pack4(0x15D2, 0x2618, 0x98FA, 0x0510),
+    bn_pack4(0x3995, 0x497C, 0xEA95, 0x6AE5),
+    bn_pack4(0xDE2B, 0xCBF6, 0x9558, 0x1718),
+    bn_pack4(0xB5C5, 0x5DF0, 0x6F4C, 0x52C9),
+    bn_pack4(0x9B27, 0x83A2, 0xEC07, 0xA28F),
+    bn_pack4(0xE39E, 0x772C, 0x180E, 0x8603),
+    bn_pack4(0x3290, 0x5E46, 0x2E36, 0xCE3B),
+    bn_pack4(0xF174, 0x6C08, 0xCA18, 0x217C),
+    bn_pack4(0x670C, 0x354E, 0x4ABC, 0x9804),
+    bn_pack4(0x9ED5, 0x2907, 0x7096, 0x966D),
+    bn_pack4(0x1C62, 0xF356, 0x2085, 0x52BB),
+    bn_pack4(0x8365, 0x5D23, 0xDCA3, 0xAD96),
+    bn_pack4(0x6916, 0x3FA8, 0xFD24, 0xCF5F),
+    bn_pack4(0x98DA, 0x4836, 0x1C55, 0xD39A),
+    bn_pack4(0xC200, 0x7CB8, 0xA163, 0xBF05),
+    bn_pack4(0x4928, 0x6651, 0xECE4, 0x5B3D),
+    bn_pack4(0xAE9F, 0x2411, 0x7C4B, 0x1FE6),
+    bn_pack4(0xEE38, 0x6BFB, 0x5A89, 0x9FA5),
+    bn_pack4(0x0BFF, 0x5CB6, 0xF406, 0xB7ED),
+    bn_pack4(0xF44C, 0x42E9, 0xA637, 0xED6B),
+    bn_pack4(0xE485, 0xB576, 0x625E, 0x7EC6),
+    bn_pack4(0x4FE1, 0x356D, 0x6D51, 0xC245),
+    bn_pack4(0x302B, 0x0A6D, 0xF25F, 0x1437),
+    bn_pack4(0xEF95, 0x19B3, 0xCD3A, 0x431B),
+    bn_pack4(0x514A, 0x0879, 0x8E34, 0x04DD),
+    bn_pack4(0x020B, 0xBEA6, 0x3B13, 0x9B22),
+    bn_pack4(0x2902, 0x4E08, 0x8A67, 0xCC74),
+    bn_pack4(0xC4C6, 0x628B, 0x80DC, 0x1CD1),
+    bn_pack4(0xC90F, 0xDAA2, 0x2168, 0xC234),
+    bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF)
+};
+
+const BIGNUM bn_group_6144 = {
+    (BN_ULONG *)bn_group_6144_value,
+    OSSL_NELEM(bn_group_6144_value),
+    OSSL_NELEM(bn_group_6144_value),
+    0,
+    BN_FLG_STATIC_DATA
+};
+
+static const BN_ULONG bn_group_8192_value[] = {
+    bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF),
+    bn_pack4(0x60C9, 0x80DD, 0x98ED, 0xD3DF),
+    bn_pack4(0xC81F, 0x56E8, 0x80B9, 0x6E71),
+    bn_pack4(0x9E30, 0x50E2, 0x7656, 0x94DF),
+    bn_pack4(0x9558, 0xE447, 0x5677, 0xE9AA),
+    bn_pack4(0xC919, 0x0DA6, 0xFC02, 0x6E47),
+    bn_pack4(0x889A, 0x002E, 0xD5EE, 0x382B),
+    bn_pack4(0x4009, 0x438B, 0x481C, 0x6CD7),
+    bn_pack4(0x3590, 0x46F4, 0xEB87, 0x9F92),
+    bn_pack4(0xFAF3, 0x6BC3, 0x1ECF, 0xA268),
+    bn_pack4(0xB1D5, 0x10BD, 0x7EE7, 0x4D73),
+    bn_pack4(0xF9AB, 0x4819, 0x5DED, 0x7EA1),
+    bn_pack4(0x64F3, 0x1CC5, 0x0846, 0x851D),
+    bn_pack4(0x4597, 0xE899, 0xA025, 0x5DC1),
+    bn_pack4(0xDF31, 0x0EE0, 0x74AB, 0x6A36),
+    bn_pack4(0x6D2A, 0x13F8, 0x3F44, 0xF82D),
+    bn_pack4(0x062B, 0x3CF5, 0xB3A2, 0x78A6),
+    bn_pack4(0x7968, 0x3303, 0xED5B, 0xDD3A),
+    bn_pack4(0xFA9D, 0x4B7F, 0xA2C0, 0x87E8),
+    bn_pack4(0x4BCB, 0xC886, 0x2F83, 0x85DD),
+    bn_pack4(0x3473, 0xFC64, 0x6CEA, 0x306B),
+    bn_pack4(0x13EB, 0x57A8, 0x1A23, 0xF0C7),
+    bn_pack4(0x2222, 0x2E04, 0xA403, 0x7C07),
+    bn_pack4(0xE3FD, 0xB8BE, 0xFC84, 0x8AD9),
+    bn_pack4(0x238F, 0x16CB, 0xE39D, 0x652D),
+    bn_pack4(0x3423, 0xB474, 0x2BF1, 0xC978),
+    bn_pack4(0x3AAB, 0x639C, 0x5AE4, 0xF568),
+    bn_pack4(0x2576, 0xF693, 0x6BA4, 0x2466),
+    bn_pack4(0x741F, 0xA7BF, 0x8AFC, 0x47ED),
+    bn_pack4(0x3BC8, 0x32B6, 0x8D9D, 0xD300),
+    bn_pack4(0xD8BE, 0xC4D0, 0x73B9, 0x31BA),
+    bn_pack4(0x3877, 0x7CB6, 0xA932, 0xDF8C),
+    bn_pack4(0x74A3, 0x926F, 0x12FE, 0xE5E4),
+    bn_pack4(0xE694, 0xF91E, 0x6DBE, 0x1159),
+    bn_pack4(0x12BF, 0x2D5B, 0x0B74, 0x74D6),
+    bn_pack4(0x043E, 0x8F66, 0x3F48, 0x60EE),
+    bn_pack4(0x387F, 0xE8D7, 0x6E3C, 0x0468),
+    bn_pack4(0xDA56, 0xC9EC, 0x2EF2, 0x9632),
+    bn_pack4(0xEB19, 0xCCB1, 0xA313, 0xD55C),
+    bn_pack4(0xF550, 0xAA3D, 0x8A1F, 0xBFF0),
+    bn_pack4(0x06A1, 0xD58B, 0xB7C5, 0xDA76),
+    bn_pack4(0xA797, 0x15EE, 0xF29B, 0xE328),
+    bn_pack4(0x14CC, 0x5ED2, 0x0F80, 0x37E0),
+    bn_pack4(0xCC8F, 0x6D7E, 0xBF48, 0xE1D8),
+    bn_pack4(0x4BD4, 0x07B2, 0x2B41, 0x54AA),
+    bn_pack4(0x0F1D, 0x45B7, 0xFF58, 0x5AC5),
+    bn_pack4(0x23A9, 0x7A7E, 0x36CC, 0x88BE),
+    bn_pack4(0x59E7, 0xC97F, 0xBEC7, 0xE8F3),
+    bn_pack4(0xB5A8, 0x4031, 0x900B, 0x1C9E),
+    bn_pack4(0xD55E, 0x702F, 0x4698, 0x0C82),
+    bn_pack4(0xF482, 0xD7CE, 0x6E74, 0xFEF6),
+    bn_pack4(0xF032, 0xEA15, 0xD172, 0x1D03),
+    bn_pack4(0x5983, 0xCA01, 0xC64B, 0x92EC),
+    bn_pack4(0x6FB8, 0xF401, 0x378C, 0xD2BF),
+    bn_pack4(0x3320, 0x5151, 0x2BD7, 0xAF42),
+    bn_pack4(0xDB7F, 0x1447, 0xE6CC, 0x254B),
+    bn_pack4(0x44CE, 0x6CBA, 0xCED4, 0xBB1B),
+    bn_pack4(0xDA3E, 0xDBEB, 0xCF9B, 0x14ED),
+    bn_pack4(0x1797, 0x27B0, 0x865A, 0x8918),
+    bn_pack4(0xB06A, 0x53ED, 0x9027, 0xD831),
+    bn_pack4(0xE5DB, 0x382F, 0x4130, 0x01AE),
+    bn_pack4(0xF8FF, 0x9406, 0xAD9E, 0x530E),
+    bn_pack4(0xC975, 0x1E76, 0x3DBA, 0x37BD),
+    bn_pack4(0xC1D4, 0xDCB2, 0x6026, 0x46DE),
+    bn_pack4(0x36C3, 0xFAB4, 0xD27C, 0x7026),
+    bn_pack4(0x4DF4, 0x35C9, 0x3402, 0x8492),
+    bn_pack4(0x86FF, 0xB7DC, 0x90A6, 0xC08F),
+    bn_pack4(0x93B4, 0xEA98, 0x8D8F, 0xDDC1),
+    bn_pack4(0xD006, 0x9127, 0xD5B0, 0x5AA9),
+    bn_pack4(0xB81B, 0xDD76, 0x2170, 0x481C),
+    bn_pack4(0x1F61, 0x2970, 0xCEE2, 0xD7AF),
+    bn_pack4(0x233B, 0xA186, 0x515B, 0xE7ED),
+    bn_pack4(0x99B2, 0x964F, 0xA090, 0xC3A2),
+    bn_pack4(0x287C, 0x5947, 0x4E6B, 0xC05D),
+    bn_pack4(0x2E8E, 0xFC14, 0x1FBE, 0xCAA6),
+    bn_pack4(0xDBBB, 0xC2DB, 0x04DE, 0x8EF9),
+    bn_pack4(0x2583, 0xE9CA, 0x2AD4, 0x4CE8),
+    bn_pack4(0x1A94, 0x6834, 0xB615, 0x0BDA),
+    bn_pack4(0x99C3, 0x2718, 0x6AF4, 0xE23C),
+    bn_pack4(0x8871, 0x9A10, 0xBDBA, 0x5B26),
+    bn_pack4(0x1A72, 0x3C12, 0xA787, 0xE6D7),
+    bn_pack4(0x4B82, 0xD120, 0xA921, 0x0801),
+    bn_pack4(0x43DB, 0x5BFC, 0xE0FD, 0x108E),
+    bn_pack4(0x08E2, 0x4FA0, 0x74E5, 0xAB31),
+    bn_pack4(0x7709, 0x88C0, 0xBAD9, 0x46E2),
+    bn_pack4(0xBBE1, 0x1757, 0x7A61, 0x5D6C),
+    bn_pack4(0x521F, 0x2B18, 0x177B, 0x200C),
+    bn_pack4(0xD876, 0x0273, 0x3EC8, 0x6A64),
+    bn_pack4(0xF12F, 0xFA06, 0xD98A, 0x0864),
+    bn_pack4(0xCEE3, 0xD226, 0x1AD2, 0xEE6B),
+    bn_pack4(0x1E8C, 0x94E0, 0x4A25, 0x619D),
+    bn_pack4(0xABF5, 0xAE8C, 0xDB09, 0x33D7),
+    bn_pack4(0xB397, 0x0F85, 0xA6E1, 0xE4C7),
+    bn_pack4(0x8AEA, 0x7157, 0x5D06, 0x0C7D),
+    bn_pack4(0xECFB, 0x8504, 0x58DB, 0xEF0A),
+    bn_pack4(0xA855, 0x21AB, 0xDF1C, 0xBA64),
+    bn_pack4(0xAD33, 0x170D, 0x0450, 0x7A33),
+    bn_pack4(0x1572, 0x8E5A, 0x8AAA, 0xC42D),
+    bn_pack4(0x15D2, 0x2618, 0x98FA, 0x0510),
+    bn_pack4(0x3995, 0x497C, 0xEA95, 0x6AE5),
+    bn_pack4(0xDE2B, 0xCBF6, 0x9558, 0x1718),
+    bn_pack4(0xB5C5, 0x5DF0, 0x6F4C, 0x52C9),
+    bn_pack4(0x9B27, 0x83A2, 0xEC07, 0xA28F),
+    bn_pack4(0xE39E, 0x772C, 0x180E, 0x8603),
+    bn_pack4(0x3290, 0x5E46, 0x2E36, 0xCE3B),
+    bn_pack4(0xF174, 0x6C08, 0xCA18, 0x217C),
+    bn_pack4(0x670C, 0x354E, 0x4ABC, 0x9804),
+    bn_pack4(0x9ED5, 0x2907, 0x7096, 0x966D),
+    bn_pack4(0x1C62, 0xF356, 0x2085, 0x52BB),
+    bn_pack4(0x8365, 0x5D23, 0xDCA3, 0xAD96),
+    bn_pack4(0x6916, 0x3FA8, 0xFD24, 0xCF5F),
+    bn_pack4(0x98DA, 0x4836, 0x1C55, 0xD39A),
+    bn_pack4(0xC200, 0x7CB8, 0xA163, 0xBF05),
+    bn_pack4(0x4928, 0x6651, 0xECE4, 0x5B3D),
+    bn_pack4(0xAE9F, 0x2411, 0x7C4B, 0x1FE6),
+    bn_pack4(0xEE38, 0x6BFB, 0x5A89, 0x9FA5),
+    bn_pack4(0x0BFF, 0x5CB6, 0xF406, 0xB7ED),
+    bn_pack4(0xF44C, 0x42E9, 0xA637, 0xED6B),
+    bn_pack4(0xE485, 0xB576, 0x625E, 0x7EC6),
+    bn_pack4(0x4FE1, 0x356D, 0x6D51, 0xC245),
+    bn_pack4(0x302B, 0x0A6D, 0xF25F, 0x1437),
+    bn_pack4(0xEF95, 0x19B3, 0xCD3A, 0x431B),
+    bn_pack4(0x514A, 0x0879, 0x8E34, 0x04DD),
+    bn_pack4(0x020B, 0xBEA6, 0x3B13, 0x9B22),
+    bn_pack4(0x2902, 0x4E08, 0x8A67, 0xCC74),
+    bn_pack4(0xC4C6, 0x628B, 0x80DC, 0x1CD1),
+    bn_pack4(0xC90F, 0xDAA2, 0x2168, 0xC234),
+    bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF)
+};
+
+const BIGNUM bn_group_8192 = {
+    (BN_ULONG *)bn_group_8192_value,
+    OSSL_NELEM(bn_group_8192_value),
+    OSSL_NELEM(bn_group_8192_value),
+    0,
+    BN_FLG_STATIC_DATA
+};
+
+static const BN_ULONG bn_generator_19_value[] = { 19 };
+
+const BIGNUM bn_generator_19 = {
+    (BN_ULONG *)bn_generator_19_value,
+    1,
+    1,
+    0,
+    BN_FLG_STATIC_DATA
+};
+static const BN_ULONG bn_generator_5_value[] = { 5 };
+
+const BIGNUM bn_generator_5 = {
+    (BN_ULONG *)bn_generator_5_value,
+    1,
+    1,
+    0,
+    BN_FLG_STATIC_DATA
+};
+static const BN_ULONG bn_generator_2_value[] = { 2 };
+
+const BIGNUM bn_generator_2 = {
+    (BN_ULONG *)bn_generator_2_value,
+    1,
+    1,
+    0,
+    BN_FLG_STATIC_DATA
+};
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_word.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_word.c
new file mode 100644
index 000000000..262d7668f
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_word.c
@@ -0,0 +1,201 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include "bn_lcl.h"
+
+BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w)
+{
+#ifndef BN_LLONG
+    BN_ULONG ret = 0;
+#else
+    BN_ULLONG ret = 0;
+#endif
+    int i;
+
+    if (w == 0)
+        return (BN_ULONG)-1;
+
+#ifndef BN_LLONG
+    /*
+     * If |w| is too long and we don't have BN_ULLONG then we need to fall
+     * back to using BN_div_word
+     */
+    if (w > ((BN_ULONG)1 << BN_BITS4)) {
+        BIGNUM *tmp = BN_dup(a);
+        if (tmp == NULL)
+            return (BN_ULONG)-1;
+
+        ret = BN_div_word(tmp, w);
+        BN_free(tmp);
+
+        return ret;
+    }
+#endif
+
+    bn_check_top(a);
+    w &= BN_MASK2;
+    for (i = a->top - 1; i >= 0; i--) {
+#ifndef BN_LLONG
+        /*
+         * We can assume here that | w <= ((BN_ULONG)1 << BN_BITS4) | and so
+         * | ret < ((BN_ULONG)1 << BN_BITS4) | and therefore the shifts here are
+         * safe and will not overflow
+         */
+        ret = ((ret << BN_BITS4) | ((a->d[i] >> BN_BITS4) & BN_MASK2l)) % w;
+        ret = ((ret << BN_BITS4) | (a->d[i] & BN_MASK2l)) % w;
+#else
+        ret = (BN_ULLONG) (((ret << (BN_ULLONG) BN_BITS2) | a->d[i]) %
+                           (BN_ULLONG) w);
+#endif
+    }
+    return (BN_ULONG)ret;
+}
+
+BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w)
+{
+    BN_ULONG ret = 0;
+    int i, j;
+
+    bn_check_top(a);
+    w &= BN_MASK2;
+
+    if (!w)
+        /* actually this an error (division by zero) */
+        return (BN_ULONG)-1;
+    if (a->top == 0)
+        return 0;
+
+    /* normalize input (so bn_div_words doesn't complain) */
+    j = BN_BITS2 - BN_num_bits_word(w);
+    w <<= j;
+    if (!BN_lshift(a, a, j))
+        return (BN_ULONG)-1;
+
+    for (i = a->top - 1; i >= 0; i--) {
+        BN_ULONG l, d;
+
+        l = a->d[i];
+        d = bn_div_words(ret, l, w);
+        ret = (l - ((d * w) & BN_MASK2)) & BN_MASK2;
+        a->d[i] = d;
+    }
+    if ((a->top > 0) && (a->d[a->top - 1] == 0))
+        a->top--;
+    ret >>= j;
+    if (!a->top)
+        a->neg = 0; /* don't allow negative zero */
+    bn_check_top(a);
+    return ret;
+}
+
+int BN_add_word(BIGNUM *a, BN_ULONG w)
+{
+    BN_ULONG l;
+    int i;
+
+    bn_check_top(a);
+    w &= BN_MASK2;
+
+    /* degenerate case: w is zero */
+    if (!w)
+        return 1;
+    /* degenerate case: a is zero */
+    if (BN_is_zero(a))
+        return BN_set_word(a, w);
+    /* handle 'a' when negative */
+    if (a->neg) {
+        a->neg = 0;
+        i = BN_sub_word(a, w);
+        if (!BN_is_zero(a))
+            a->neg = !(a->neg);
+        return i;
+    }
+    for (i = 0; w != 0 && i < a->top; i++) {
+        a->d[i] = l = (a->d[i] + w) & BN_MASK2;
+        w = (w > l) ? 1 : 0;
+    }
+    if (w && i == a->top) {
+        if (bn_wexpand(a, a->top + 1) == NULL)
+            return 0;
+        a->top++;
+        a->d[i] = w;
+    }
+    bn_check_top(a);
+    return 1;
+}
+
+int BN_sub_word(BIGNUM *a, BN_ULONG w)
+{
+    int i;
+
+    bn_check_top(a);
+    w &= BN_MASK2;
+
+    /* degenerate case: w is zero */
+    if (!w)
+        return 1;
+    /* degenerate case: a is zero */
+    if (BN_is_zero(a)) {
+        i = BN_set_word(a, w);
+        if (i != 0)
+            BN_set_negative(a, 1);
+        return i;
+    }
+    /* handle 'a' when negative */
+    if (a->neg) {
+        a->neg = 0;
+        i = BN_add_word(a, w);
+        a->neg = 1;
+        return i;
+    }
+
+    if ((a->top == 1) && (a->d[0] < w)) {
+        a->d[0] = w - a->d[0];
+        a->neg = 1;
+        return 1;
+    }
+    i = 0;
+    for (;;) {
+        if (a->d[i] >= w) {
+            a->d[i] -= w;
+            break;
+        } else {
+            a->d[i] = (a->d[i] - w) & BN_MASK2;
+            i++;
+            w = 1;
+        }
+    }
+    if ((a->d[i] == 0) && (i == (a->top - 1)))
+        a->top--;
+    bn_check_top(a);
+    return 1;
+}
+
+int BN_mul_word(BIGNUM *a, BN_ULONG w)
+{
+    BN_ULONG ll;
+
+    bn_check_top(a);
+    w &= BN_MASK2;
+    if (a->top) {
+        if (w == 0)
+            BN_zero(a);
+        else {
+            ll = bn_mul_words(a->d, a->d, a->top, w);
+            if (ll) {
+                if (bn_wexpand(a, a->top + 1) == NULL)
+                    return 0;
+                a->d[a->top++] = ll;
+            }
+        }
+    }
+    bn_check_top(a);
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_x931p.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_x931p.c
new file mode 100644
index 000000000..9eb8384fd
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_x931p.c
@@ -0,0 +1,244 @@
+/*
+ * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/bn.h>
+#include "bn_lcl.h"
+
+/* X9.31 routines for prime derivation */
+
+/*
+ * X9.31 prime derivation. This is used to generate the primes pi (p1, p2,
+ * q1, q2) from a parameter Xpi by checking successive odd integers.
+ */
+
+static int bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx,
+                             BN_GENCB *cb)
+{
+    int i = 0, is_prime;
+    if (!BN_copy(pi, Xpi))
+        return 0;
+    if (!BN_is_odd(pi) && !BN_add_word(pi, 1))
+        return 0;
+    for (;;) {
+        i++;
+        BN_GENCB_call(cb, 0, i);
+        /* NB 27 MR is specified in X9.31 */
+        is_prime = BN_is_prime_fasttest_ex(pi, 27, ctx, 1, cb);
+        if (is_prime < 0)
+            return 0;
+        if (is_prime)
+            break;
+        if (!BN_add_word(pi, 2))
+            return 0;
+    }
+    BN_GENCB_call(cb, 2, i);
+    return 1;
+}
+
+/*
+ * This is the main X9.31 prime derivation function. From parameters Xp1, Xp2
+ * and Xp derive the prime p. If the parameters p1 or p2 are not NULL they
+ * will be returned too: this is needed for testing.
+ */
+
+int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
+                            const BIGNUM *Xp, const BIGNUM *Xp1,
+                            const BIGNUM *Xp2, const BIGNUM *e, BN_CTX *ctx,
+                            BN_GENCB *cb)
+{
+    int ret = 0;
+
+    BIGNUM *t, *p1p2, *pm1;
+
+    /* Only even e supported */
+    if (!BN_is_odd(e))
+        return 0;
+
+    BN_CTX_start(ctx);
+    if (p1 == NULL)
+        p1 = BN_CTX_get(ctx);
+
+    if (p2 == NULL)
+        p2 = BN_CTX_get(ctx);
+
+    t = BN_CTX_get(ctx);
+
+    p1p2 = BN_CTX_get(ctx);
+
+    pm1 = BN_CTX_get(ctx);
+
+    if (pm1 == NULL)
+        goto err;
+
+    if (!bn_x931_derive_pi(p1, Xp1, ctx, cb))
+        goto err;
+
+    if (!bn_x931_derive_pi(p2, Xp2, ctx, cb))
+        goto err;
+
+    if (!BN_mul(p1p2, p1, p2, ctx))
+        goto err;
+
+    /* First set p to value of Rp */
+
+    if (!BN_mod_inverse(p, p2, p1, ctx))
+        goto err;
+
+    if (!BN_mul(p, p, p2, ctx))
+        goto err;
+
+    if (!BN_mod_inverse(t, p1, p2, ctx))
+        goto err;
+
+    if (!BN_mul(t, t, p1, ctx))
+        goto err;
+
+    if (!BN_sub(p, p, t))
+        goto err;
+
+    if (p->neg && !BN_add(p, p, p1p2))
+        goto err;
+
+    /* p now equals Rp */
+
+    if (!BN_mod_sub(p, p, Xp, p1p2, ctx))
+        goto err;
+
+    if (!BN_add(p, p, Xp))
+        goto err;
+
+    /* p now equals Yp0 */
+
+    for (;;) {
+        int i = 1;
+        BN_GENCB_call(cb, 0, i++);
+        if (!BN_copy(pm1, p))
+            goto err;
+        if (!BN_sub_word(pm1, 1))
+            goto err;
+        if (!BN_gcd(t, pm1, e, ctx))
+            goto err;
+        if (BN_is_one(t)) {
+            /*
+             * X9.31 specifies 8 MR and 1 Lucas test or any prime test
+             * offering similar or better guarantees 50 MR is considerably
+             * better.
+             */
+            int r = BN_is_prime_fasttest_ex(p, 50, ctx, 1, cb);
+            if (r < 0)
+                goto err;
+            if (r)
+                break;
+        }
+        if (!BN_add(p, p, p1p2))
+            goto err;
+    }
+
+    BN_GENCB_call(cb, 3, 0);
+
+    ret = 1;
+
+ err:
+
+    BN_CTX_end(ctx);
+
+    return ret;
+}
+
+/*
+ * Generate pair of parameters Xp, Xq for X9.31 prime generation. Note: nbits
+ * parameter is sum of number of bits in both.
+ */
+
+int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx)
+{
+    BIGNUM *t;
+    int i;
+    /*
+     * Number of bits for each prime is of the form 512+128s for s = 0, 1,
+     * ...
+     */
+    if ((nbits < 1024) || (nbits & 0xff))
+        return 0;
+    nbits >>= 1;
+    /*
+     * The random value Xp must be between sqrt(2) * 2^(nbits-1) and 2^nbits
+     * - 1. By setting the top two bits we ensure that the lower bound is
+     * exceeded.
+     */
+    if (!BN_priv_rand(Xp, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY))
+        goto err;
+
+    BN_CTX_start(ctx);
+    t = BN_CTX_get(ctx);
+    if (t == NULL)
+        goto err;
+
+    for (i = 0; i < 1000; i++) {
+        if (!BN_priv_rand(Xq, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY))
+            goto err;
+
+        /* Check that |Xp - Xq| > 2^(nbits - 100) */
+        if (!BN_sub(t, Xp, Xq))
+            goto err;
+        if (BN_num_bits(t) > (nbits - 100))
+            break;
+    }
+
+    BN_CTX_end(ctx);
+
+    if (i < 1000)
+        return 1;
+
+    return 0;
+
+ err:
+    BN_CTX_end(ctx);
+    return 0;
+}
+
+/*
+ * Generate primes using X9.31 algorithm. Of the values p, p1, p2, Xp1 and
+ * Xp2 only 'p' needs to be non-NULL. If any of the others are not NULL the
+ * relevant parameter will be stored in it. Due to the fact that |Xp - Xq| >
+ * 2^(nbits - 100) must be satisfied Xp and Xq are generated using the
+ * previous function and supplied as input.
+ */
+
+int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
+                              BIGNUM *Xp1, BIGNUM *Xp2,
+                              const BIGNUM *Xp,
+                              const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb)
+{
+    int ret = 0;
+
+    BN_CTX_start(ctx);
+    if (Xp1 == NULL)
+        Xp1 = BN_CTX_get(ctx);
+    if (Xp2 == NULL)
+        Xp2 = BN_CTX_get(ctx);
+    if (Xp1 == NULL || Xp2 == NULL)
+        goto error;
+
+    if (!BN_priv_rand(Xp1, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY))
+        goto error;
+    if (!BN_priv_rand(Xp2, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY))
+        goto error;
+    if (!BN_X931_derive_prime_ex(p, p1, p2, Xp, Xp1, Xp2, e, ctx, cb))
+        goto error;
+
+    ret = 1;
+
+ error:
+    BN_CTX_end(ctx);
+
+    return ret;
+
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/build.info
new file mode 100644
index 000000000..a463eddab
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/build.info
@@ -0,0 +1,67 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c bn_mod.c \
+        bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \
+        bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c \
+        {- $target{bn_asm_src} -} \
+        bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \
+        bn_depr.c bn_const.c bn_x931p.c bn_intern.c bn_dh.c bn_srp.c
+INCLUDE[../../libcrypto]=../../crypto/include
+
+INCLUDE[bn_exp.o]=..
+
+GENERATE[bn-586.s]=asm/bn-586.pl \
+	$(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR)
+DEPEND[bn-586.s]=../perlasm/x86asm.pl
+GENERATE[co-586.s]=asm/co-586.pl \
+	$(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR)
+DEPEND[co-586.s]=../perlasm/x86asm.pl
+GENERATE[x86-mont.s]=asm/x86-mont.pl \
+	$(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR)
+DEPEND[x86-mont.s]=../perlasm/x86asm.pl
+GENERATE[x86-gf2m.s]=asm/x86-gf2m.pl \
+	$(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR)
+DEPEND[x86-gf2m.s]=../perlasm/x86asm.pl
+
+GENERATE[sparcv9a-mont.S]=asm/sparcv9a-mont.pl $(PERLASM_SCHEME)
+INCLUDE[sparcv9a-mont.o]=..
+GENERATE[sparcv9-mont.S]=asm/sparcv9-mont.pl $(PERLASM_SCHEME)
+INCLUDE[sparcv9-mont.o]=..
+GENERATE[vis3-mont.S]=asm/vis3-mont.pl $(PERLASM_SCHEME)
+INCLUDE[vis3-mont.o]=..
+GENERATE[sparct4-mont.S]=asm/sparct4-mont.pl $(PERLASM_SCHEME)
+INCLUDE[sparct4-mont.o]=..
+GENERATE[sparcv9-gf2m.S]=asm/sparcv9-gf2m.pl $(PERLASM_SCHEME)
+INCLUDE[sparcv9-gf2m.o]=..
+
+GENERATE[bn-mips.S]=asm/mips.pl $(PERLASM_SCHEME)
+INCLUDE[bn-mips.o]=..
+GENERATE[mips-mont.S]=asm/mips-mont.pl $(PERLASM_SCHEME)
+INCLUDE[mips-mont.o]=..
+
+GENERATE[s390x-mont.S]=asm/s390x-mont.pl $(PERLASM_SCHEME)
+GENERATE[s390x-gf2m.s]=asm/s390x-gf2m.pl $(PERLASM_SCHEME)
+
+GENERATE[x86_64-mont.s]=asm/x86_64-mont.pl $(PERLASM_SCHEME)
+GENERATE[x86_64-mont5.s]=asm/x86_64-mont5.pl $(PERLASM_SCHEME)
+GENERATE[x86_64-gf2m.s]=asm/x86_64-gf2m.pl $(PERLASM_SCHEME)
+GENERATE[rsaz-x86_64.s]=asm/rsaz-x86_64.pl $(PERLASM_SCHEME)
+GENERATE[rsaz-avx2.s]=asm/rsaz-avx2.pl $(PERLASM_SCHEME)
+
+GENERATE[bn-ia64.s]=asm/ia64.S
+GENERATE[ia64-mont.s]=asm/ia64-mont.pl $(LIB_CFLAGS) $(LIB_CPPFLAGS)
+
+GENERATE[parisc-mont.s]=asm/parisc-mont.pl $(PERLASM_SCHEME)
+
+# ppc - AIX, Linux, MacOS X...
+GENERATE[bn-ppc.s]=asm/ppc.pl $(PERLASM_SCHEME)
+GENERATE[ppc-mont.s]=asm/ppc-mont.pl $(PERLASM_SCHEME)
+GENERATE[ppc64-mont.s]=asm/ppc64-mont.pl $(PERLASM_SCHEME)
+
+GENERATE[alpha-mont.S]=asm/alpha-mont.pl $(PERLASM_SCHEME)
+
+GENERATE[armv4-mont.S]=asm/armv4-mont.pl $(PERLASM_SCHEME)
+INCLUDE[armv4-mont.o]=..
+GENERATE[armv4-gf2m.S]=asm/armv4-gf2m.pl $(PERLASM_SCHEME)
+INCLUDE[armv4-gf2m.o]=..
+GENERATE[armv8-mont.S]=asm/armv8-mont.pl $(PERLASM_SCHEME)
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/rsaz_exp.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/rsaz_exp.c
new file mode 100644
index 000000000..22455b8a6
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/rsaz_exp.c
@@ -0,0 +1,315 @@
+/*
+ * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2012, Intel Corporation. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Shay Gueron (1, 2), and Vlad Krasnov (1)
+ * (1) Intel Corporation, Israel Development Center, Haifa, Israel
+ * (2) University of Haifa, Israel
+ */
+
+#include <openssl/opensslconf.h>
+#include "rsaz_exp.h"
+
+#ifndef RSAZ_ENABLED
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+/*
+ * See crypto/bn/asm/rsaz-avx2.pl for further details.
+ */
+void rsaz_1024_norm2red_avx2(void *red, const void *norm);
+void rsaz_1024_mul_avx2(void *ret, const void *a, const void *b,
+                        const void *n, BN_ULONG k);
+void rsaz_1024_sqr_avx2(void *ret, const void *a, const void *n, BN_ULONG k,
+                        int cnt);
+void rsaz_1024_scatter5_avx2(void *tbl, const void *val, int i);
+void rsaz_1024_gather5_avx2(void *val, const void *tbl, int i);
+void rsaz_1024_red2norm_avx2(void *norm, const void *red);
+
+#if defined(__GNUC__)
+# define ALIGN64        __attribute__((aligned(64)))
+#elif defined(_MSC_VER)
+# define ALIGN64        __declspec(align(64))
+#elif defined(__SUNPRO_C)
+# define ALIGN64
+# pragma align 64(one,two80)
+#else
+/* not fatal, might hurt performance a little */
+# define ALIGN64
+#endif
+
+ALIGN64 static const BN_ULONG one[40] = {
+    1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+};
+
+ALIGN64 static const BN_ULONG two80[40] = {
+    0, 0, 1 << 22, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+};
+
+void RSAZ_1024_mod_exp_avx2(BN_ULONG result_norm[16],
+                            const BN_ULONG base_norm[16],
+                            const BN_ULONG exponent[16],
+                            const BN_ULONG m_norm[16], const BN_ULONG RR[16],
+                            BN_ULONG k0)
+{
+    unsigned char storage[320 * 3 + 32 * 9 * 16 + 64]; /* 5.5KB */
+    unsigned char *p_str = storage + (64 - ((size_t)storage % 64));
+    unsigned char *a_inv, *m, *result;
+    unsigned char *table_s = p_str + 320 * 3;
+    unsigned char *R2 = table_s; /* borrow */
+    int index;
+    int wvalue;
+
+    if ((((size_t)p_str & 4095) + 320) >> 12) {
+        result = p_str;
+        a_inv = p_str + 320;
+        m = p_str + 320 * 2;    /* should not cross page */
+    } else {
+        m = p_str;              /* should not cross page */
+        result = p_str + 320;
+        a_inv = p_str + 320 * 2;
+    }
+
+    rsaz_1024_norm2red_avx2(m, m_norm);
+    rsaz_1024_norm2red_avx2(a_inv, base_norm);
+    rsaz_1024_norm2red_avx2(R2, RR);
+
+    rsaz_1024_mul_avx2(R2, R2, R2, m, k0);
+    rsaz_1024_mul_avx2(R2, R2, two80, m, k0);
+
+    /* table[0] = 1 */
+    rsaz_1024_mul_avx2(result, R2, one, m, k0);
+    /* table[1] = a_inv^1 */
+    rsaz_1024_mul_avx2(a_inv, a_inv, R2, m, k0);
+
+    rsaz_1024_scatter5_avx2(table_s, result, 0);
+    rsaz_1024_scatter5_avx2(table_s, a_inv, 1);
+
+    /* table[2] = a_inv^2 */
+    rsaz_1024_sqr_avx2(result, a_inv, m, k0, 1);
+    rsaz_1024_scatter5_avx2(table_s, result, 2);
+#if 0
+    /* this is almost 2x smaller and less than 1% slower */
+    for (index = 3; index < 32; index++) {
+        rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+        rsaz_1024_scatter5_avx2(table_s, result, index);
+    }
+#else
+    /* table[4] = a_inv^4 */
+    rsaz_1024_sqr_avx2(result, result, m, k0, 1);
+    rsaz_1024_scatter5_avx2(table_s, result, 4);
+    /* table[8] = a_inv^8 */
+    rsaz_1024_sqr_avx2(result, result, m, k0, 1);
+    rsaz_1024_scatter5_avx2(table_s, result, 8);
+    /* table[16] = a_inv^16 */
+    rsaz_1024_sqr_avx2(result, result, m, k0, 1);
+    rsaz_1024_scatter5_avx2(table_s, result, 16);
+    /* table[17] = a_inv^17 */
+    rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+    rsaz_1024_scatter5_avx2(table_s, result, 17);
+
+    /* table[3] */
+    rsaz_1024_gather5_avx2(result, table_s, 2);
+    rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+    rsaz_1024_scatter5_avx2(table_s, result, 3);
+    /* table[6] */
+    rsaz_1024_sqr_avx2(result, result, m, k0, 1);
+    rsaz_1024_scatter5_avx2(table_s, result, 6);
+    /* table[12] */
+    rsaz_1024_sqr_avx2(result, result, m, k0, 1);
+    rsaz_1024_scatter5_avx2(table_s, result, 12);
+    /* table[24] */
+    rsaz_1024_sqr_avx2(result, result, m, k0, 1);
+    rsaz_1024_scatter5_avx2(table_s, result, 24);
+    /* table[25] */
+    rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+    rsaz_1024_scatter5_avx2(table_s, result, 25);
+
+    /* table[5] */
+    rsaz_1024_gather5_avx2(result, table_s, 4);
+    rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+    rsaz_1024_scatter5_avx2(table_s, result, 5);
+    /* table[10] */
+    rsaz_1024_sqr_avx2(result, result, m, k0, 1);
+    rsaz_1024_scatter5_avx2(table_s, result, 10);
+    /* table[20] */
+    rsaz_1024_sqr_avx2(result, result, m, k0, 1);
+    rsaz_1024_scatter5_avx2(table_s, result, 20);
+    /* table[21] */
+    rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+    rsaz_1024_scatter5_avx2(table_s, result, 21);
+
+    /* table[7] */
+    rsaz_1024_gather5_avx2(result, table_s, 6);
+    rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+    rsaz_1024_scatter5_avx2(table_s, result, 7);
+    /* table[14] */
+    rsaz_1024_sqr_avx2(result, result, m, k0, 1);
+    rsaz_1024_scatter5_avx2(table_s, result, 14);
+    /* table[28] */
+    rsaz_1024_sqr_avx2(result, result, m, k0, 1);
+    rsaz_1024_scatter5_avx2(table_s, result, 28);
+    /* table[29] */
+    rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+    rsaz_1024_scatter5_avx2(table_s, result, 29);
+
+    /* table[9] */
+    rsaz_1024_gather5_avx2(result, table_s, 8);
+    rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+    rsaz_1024_scatter5_avx2(table_s, result, 9);
+    /* table[18] */
+    rsaz_1024_sqr_avx2(result, result, m, k0, 1);
+    rsaz_1024_scatter5_avx2(table_s, result, 18);
+    /* table[19] */
+    rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+    rsaz_1024_scatter5_avx2(table_s, result, 19);
+
+    /* table[11] */
+    rsaz_1024_gather5_avx2(result, table_s, 10);
+    rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+    rsaz_1024_scatter5_avx2(table_s, result, 11);
+    /* table[22] */
+    rsaz_1024_sqr_avx2(result, result, m, k0, 1);
+    rsaz_1024_scatter5_avx2(table_s, result, 22);
+    /* table[23] */
+    rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+    rsaz_1024_scatter5_avx2(table_s, result, 23);
+
+    /* table[13] */
+    rsaz_1024_gather5_avx2(result, table_s, 12);
+    rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+    rsaz_1024_scatter5_avx2(table_s, result, 13);
+    /* table[26] */
+    rsaz_1024_sqr_avx2(result, result, m, k0, 1);
+    rsaz_1024_scatter5_avx2(table_s, result, 26);
+    /* table[27] */
+    rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+    rsaz_1024_scatter5_avx2(table_s, result, 27);
+
+    /* table[15] */
+    rsaz_1024_gather5_avx2(result, table_s, 14);
+    rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+    rsaz_1024_scatter5_avx2(table_s, result, 15);
+    /* table[30] */
+    rsaz_1024_sqr_avx2(result, result, m, k0, 1);
+    rsaz_1024_scatter5_avx2(table_s, result, 30);
+    /* table[31] */
+    rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+    rsaz_1024_scatter5_avx2(table_s, result, 31);
+#endif
+
+    /* load first window */
+    p_str = (unsigned char *)exponent;
+    wvalue = p_str[127] >> 3;
+    rsaz_1024_gather5_avx2(result, table_s, wvalue);
+
+    index = 1014;
+
+    while (index > -1) {        /* loop for the remaining 127 windows */
+
+        rsaz_1024_sqr_avx2(result, result, m, k0, 5);
+
+        wvalue = (p_str[(index / 8) + 1] << 8) | p_str[index / 8];
+        wvalue = (wvalue >> (index % 8)) & 31;
+        index -= 5;
+
+        rsaz_1024_gather5_avx2(a_inv, table_s, wvalue); /* borrow a_inv */
+        rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+    }
+
+    /* square four times */
+    rsaz_1024_sqr_avx2(result, result, m, k0, 4);
+
+    wvalue = p_str[0] & 15;
+
+    rsaz_1024_gather5_avx2(a_inv, table_s, wvalue); /* borrow a_inv */
+    rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+
+    /* from Montgomery */
+    rsaz_1024_mul_avx2(result, result, one, m, k0);
+
+    rsaz_1024_red2norm_avx2(result_norm, result);
+
+    OPENSSL_cleanse(storage, sizeof(storage));
+}
+
+/*
+ * See crypto/bn/rsaz-x86_64.pl for further details.
+ */
+void rsaz_512_mul(void *ret, const void *a, const void *b, const void *n,
+                  BN_ULONG k);
+void rsaz_512_mul_scatter4(void *ret, const void *a, const void *n,
+                           BN_ULONG k, const void *tbl, unsigned int power);
+void rsaz_512_mul_gather4(void *ret, const void *a, const void *tbl,
+                          const void *n, BN_ULONG k, unsigned int power);
+void rsaz_512_mul_by_one(void *ret, const void *a, const void *n, BN_ULONG k);
+void rsaz_512_sqr(void *ret, const void *a, const void *n, BN_ULONG k,
+                  int cnt);
+void rsaz_512_scatter4(void *tbl, const BN_ULONG *val, int power);
+void rsaz_512_gather4(BN_ULONG *val, const void *tbl, int power);
+
+void RSAZ_512_mod_exp(BN_ULONG result[8],
+                      const BN_ULONG base[8], const BN_ULONG exponent[8],
+                      const BN_ULONG m[8], BN_ULONG k0, const BN_ULONG RR[8])
+{
+    unsigned char storage[16 * 8 * 8 + 64 * 2 + 64]; /* 1.2KB */
+    unsigned char *table = storage + (64 - ((size_t)storage % 64));
+    BN_ULONG *a_inv = (BN_ULONG *)(table + 16 * 8 * 8);
+    BN_ULONG *temp = (BN_ULONG *)(table + 16 * 8 * 8 + 8 * 8);
+    unsigned char *p_str = (unsigned char *)exponent;
+    int index;
+    unsigned int wvalue;
+
+    /* table[0] = 1_inv */
+    temp[0] = 0 - m[0];
+    temp[1] = ~m[1];
+    temp[2] = ~m[2];
+    temp[3] = ~m[3];
+    temp[4] = ~m[4];
+    temp[5] = ~m[5];
+    temp[6] = ~m[6];
+    temp[7] = ~m[7];
+    rsaz_512_scatter4(table, temp, 0);
+
+    /* table [1] = a_inv^1 */
+    rsaz_512_mul(a_inv, base, RR, m, k0);
+    rsaz_512_scatter4(table, a_inv, 1);
+
+    /* table [2] = a_inv^2 */
+    rsaz_512_sqr(temp, a_inv, m, k0, 1);
+    rsaz_512_scatter4(table, temp, 2);
+
+    for (index = 3; index < 16; index++)
+        rsaz_512_mul_scatter4(temp, a_inv, m, k0, table, index);
+
+    /* load first window */
+    wvalue = p_str[63];
+
+    rsaz_512_gather4(temp, table, wvalue >> 4);
+    rsaz_512_sqr(temp, temp, m, k0, 4);
+    rsaz_512_mul_gather4(temp, temp, table, m, k0, wvalue & 0xf);
+
+    for (index = 62; index >= 0; index--) {
+        wvalue = p_str[index];
+
+        rsaz_512_sqr(temp, temp, m, k0, 4);
+        rsaz_512_mul_gather4(temp, temp, table, m, k0, wvalue >> 4);
+
+        rsaz_512_sqr(temp, temp, m, k0, 4);
+        rsaz_512_mul_gather4(temp, temp, table, m, k0, wvalue & 0x0f);
+    }
+
+    /* from Montgomery */
+    rsaz_512_mul_by_one(result, temp, m, k0);
+
+    OPENSSL_cleanse(storage, sizeof(storage));
+}
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/rsaz_exp.h b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/rsaz_exp.h
new file mode 100644
index 000000000..c5864f8aa
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/rsaz_exp.h
@@ -0,0 +1,40 @@
+/*
+ * Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2012, Intel Corporation. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Shay Gueron (1, 2), and Vlad Krasnov (1)
+ * (1) Intel Corporation, Israel Development Center, Haifa, Israel
+ * (2) University of Haifa, Israel
+ */
+
+#ifndef RSAZ_EXP_H
+# define RSAZ_EXP_H
+
+# undef RSAZ_ENABLED
+# if defined(OPENSSL_BN_ASM_MONT) && \
+        (defined(__x86_64) || defined(__x86_64__) || \
+         defined(_M_AMD64) || defined(_M_X64))
+#  define RSAZ_ENABLED
+
+#  include <openssl/bn.h>
+
+void RSAZ_1024_mod_exp_avx2(BN_ULONG result[16],
+                            const BN_ULONG base_norm[16],
+                            const BN_ULONG exponent[16],
+                            const BN_ULONG m_norm[16], const BN_ULONG RR[16],
+                            BN_ULONG k0);
+int rsaz_avx2_eligible(void);
+
+void RSAZ_512_mod_exp(BN_ULONG result[8],
+                      const BN_ULONG base_norm[8], const BN_ULONG exponent[8],
+                      const BN_ULONG m_norm[8], BN_ULONG k0,
+                      const BN_ULONG RR[8]);
+
+# endif
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/buffer/buf_err.c b/trunk/3rdparty/openssl-1.1-fit/crypto/buffer/buf_err.c
new file mode 100644
index 000000000..7e6e53226
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/buffer/buf_err.c
@@ -0,0 +1,38 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/buffererr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA BUF_str_functs[] = {
+    {ERR_PACK(ERR_LIB_BUF, BUF_F_BUF_MEM_GROW, 0), "BUF_MEM_grow"},
+    {ERR_PACK(ERR_LIB_BUF, BUF_F_BUF_MEM_GROW_CLEAN, 0), "BUF_MEM_grow_clean"},
+    {ERR_PACK(ERR_LIB_BUF, BUF_F_BUF_MEM_NEW, 0), "BUF_MEM_new"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA BUF_str_reasons[] = {
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_BUF_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(BUF_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(BUF_str_functs);
+        ERR_load_strings_const(BUF_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/buffer/buffer.c b/trunk/3rdparty/openssl-1.1-fit/crypto/buffer/buffer.c
new file mode 100644
index 000000000..72258abb9
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/buffer/buffer.c
@@ -0,0 +1,165 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+
+/*
+ * LIMIT_BEFORE_EXPANSION is the maximum n such that (n+3)/3*4 < 2**31. That
+ * function is applied in several functions in this file and this limit
+ * ensures that the result fits in an int.
+ */
+#define LIMIT_BEFORE_EXPANSION 0x5ffffffc
+
+BUF_MEM *BUF_MEM_new_ex(unsigned long flags)
+{
+    BUF_MEM *ret;
+
+    ret = BUF_MEM_new();
+    if (ret != NULL)
+        ret->flags = flags;
+    return ret;
+}
+
+BUF_MEM *BUF_MEM_new(void)
+{
+    BUF_MEM *ret;
+
+    ret = OPENSSL_zalloc(sizeof(*ret));
+    if (ret == NULL) {
+        BUFerr(BUF_F_BUF_MEM_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    return ret;
+}
+
+void BUF_MEM_free(BUF_MEM *a)
+{
+    if (a == NULL)
+        return;
+    if (a->data != NULL) {
+        if (a->flags & BUF_MEM_FLAG_SECURE)
+            OPENSSL_secure_clear_free(a->data, a->max);
+        else
+            OPENSSL_clear_free(a->data, a->max);
+    }
+    OPENSSL_free(a);
+}
+
+/* Allocate a block of secure memory; copy over old data if there
+ * was any, and then free it. */
+static char *sec_alloc_realloc(BUF_MEM *str, size_t len)
+{
+    char *ret;
+
+    ret = OPENSSL_secure_malloc(len);
+    if (str->data != NULL) {
+        if (ret != NULL) {
+            memcpy(ret, str->data, str->length);
+            OPENSSL_secure_clear_free(str->data, str->length);
+            str->data = NULL;
+        }
+    }
+    return ret;
+}
+
+size_t BUF_MEM_grow(BUF_MEM *str, size_t len)
+{
+    char *ret;
+    size_t n;
+
+    if (str->length >= len) {
+        str->length = len;
+        return len;
+    }
+    if (str->max >= len) {
+        if (str->data != NULL)
+            memset(&str->data[str->length], 0, len - str->length);
+        str->length = len;
+        return len;
+    }
+    /* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
+    if (len > LIMIT_BEFORE_EXPANSION) {
+        BUFerr(BUF_F_BUF_MEM_GROW, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    n = (len + 3) / 3 * 4;
+    if ((str->flags & BUF_MEM_FLAG_SECURE))
+        ret = sec_alloc_realloc(str, n);
+    else
+        ret = OPENSSL_realloc(str->data, n);
+    if (ret == NULL) {
+        BUFerr(BUF_F_BUF_MEM_GROW, ERR_R_MALLOC_FAILURE);
+        len = 0;
+    } else {
+        str->data = ret;
+        str->max = n;
+        memset(&str->data[str->length], 0, len - str->length);
+        str->length = len;
+    }
+    return len;
+}
+
+size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len)
+{
+    char *ret;
+    size_t n;
+
+    if (str->length >= len) {
+        if (str->data != NULL)
+            memset(&str->data[len], 0, str->length - len);
+        str->length = len;
+        return len;
+    }
+    if (str->max >= len) {
+        memset(&str->data[str->length], 0, len - str->length);
+        str->length = len;
+        return len;
+    }
+    /* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
+    if (len > LIMIT_BEFORE_EXPANSION) {
+        BUFerr(BUF_F_BUF_MEM_GROW_CLEAN, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    n = (len + 3) / 3 * 4;
+    if ((str->flags & BUF_MEM_FLAG_SECURE))
+        ret = sec_alloc_realloc(str, n);
+    else
+        ret = OPENSSL_clear_realloc(str->data, str->max, n);
+    if (ret == NULL) {
+        BUFerr(BUF_F_BUF_MEM_GROW_CLEAN, ERR_R_MALLOC_FAILURE);
+        len = 0;
+    } else {
+        str->data = ret;
+        str->max = n;
+        memset(&str->data[str->length], 0, len - str->length);
+        str->length = len;
+    }
+    return len;
+}
+
+void BUF_reverse(unsigned char *out, const unsigned char *in, size_t size)
+{
+    size_t i;
+    if (in) {
+        out += size - 1;
+        for (i = 0; i < size; i++)
+            *out-- = *in++;
+    } else {
+        unsigned char *q;
+        char c;
+        q = out + size - 1;
+        for (i = 0; i < size / 2; i++) {
+            c = *q;
+            *q-- = *out;
+            *out++ = c;
+        }
+    }
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/buffer/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/buffer/build.info
new file mode 100644
index 000000000..54da1f92a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/buffer/build.info
@@ -0,0 +1,2 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=buffer.c buf_err.c
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/build.info
new file mode 100644
index 000000000..2c619c62e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/build.info
@@ -0,0 +1,39 @@
+LIBS=../libcrypto
+SOURCE[../libcrypto]=\
+        cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c cpt_err.c \
+        ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fopen.c ctype.c \
+        threads_pthread.c threads_win.c threads_none.c getenv.c \
+        o_init.c o_fips.c mem_sec.c init.c {- $target{cpuid_asm_src} -} \
+        {- $target{uplink_aux_src} -}
+EXTRA=  ../ms/uplink-x86.pl ../ms/uplink.c ../ms/applink.c \
+        x86cpuid.pl x86_64cpuid.pl ia64cpuid.S \
+        ppccpuid.pl pariscid.pl alphacpuid.pl arm64cpuid.pl armv4cpuid.pl
+
+DEPEND[cversion.o]=buildinf.h
+GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)"
+DEPEND[buildinf.h]=../configdata.pm
+
+GENERATE[uplink-x86.s]=../ms/uplink-x86.pl $(PERLASM_SCHEME)
+GENERATE[uplink-x86_64.s]=../ms/uplink-x86_64.pl $(PERLASM_SCHEME)
+GENERATE[uplink-ia64.s]=../ms/uplink-ia64.pl $(PERLASM_SCHEME)
+
+GENERATE[x86cpuid.s]=x86cpuid.pl \
+        $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR)
+DEPEND[x86cpuid.s]=perlasm/x86asm.pl
+
+GENERATE[x86_64cpuid.s]=x86_64cpuid.pl $(PERLASM_SCHEME)
+
+GENERATE[ia64cpuid.s]=ia64cpuid.S
+GENERATE[ppccpuid.s]=ppccpuid.pl $(PERLASM_SCHEME)
+GENERATE[pariscid.s]=pariscid.pl $(PERLASM_SCHEME)
+GENERATE[alphacpuid.s]=alphacpuid.pl
+GENERATE[arm64cpuid.S]=arm64cpuid.pl $(PERLASM_SCHEME)
+INCLUDE[arm64cpuid.o]=.
+GENERATE[armv4cpuid.S]=armv4cpuid.pl $(PERLASM_SCHEME)
+INCLUDE[armv4cpuid.o]=.
+GENERATE[s390xcpuid.S]=s390xcpuid.pl $(PERLASM_SCHEME)
+INCLUDE[s390xcpuid.o]=.
+
+IF[{- $config{target} =~ /^(?:Cygwin|mingw|VC-)/ -}]
+  SHARED_SOURCE[../libcrypto]=dllmain.c
+ENDIF
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/c64xpluscpuid.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/c64xpluscpuid.pl
new file mode 100644
index 000000000..b7b11d503
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/c64xpluscpuid.pl
@@ -0,0 +1,287 @@
+#! /usr/bin/env perl
+# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+open STDOUT,">$output";
+
+$code.=<<___;
+	.text
+
+	.if	.ASSEMBLER_VERSION<7000000
+	.asg	0,__TI_EABI__
+	.endif
+	.if	__TI_EABI__
+	.asg	OPENSSL_rdtsc,_OPENSSL_rdtsc
+	.asg	OPENSSL_cleanse,_OPENSSL_cleanse
+	.asg	CRYPTO_memcmp,_CRYPTO_memcmp
+	.asg	OPENSSL_atomic_add,_OPENSSL_atomic_add
+	.asg	OPENSSL_wipe_cpu,_OPENSSL_wipe_cpu
+	.asg	OPENSSL_instrument_bus,_OPENSSL_instrument_bus
+	.asg	OPENSSL_instrument_bus2,_OPENSSL_instrument_bus2
+	.endif
+
+	.asg	B3,RA
+
+	.global	_OPENSSL_rdtsc
+_OPENSSL_rdtsc:
+	.asmfunc
+	B	RA
+	MVC	TSCL,B0
+	MVC	TSCH,B1
+  [!B0]	MVC	B0,TSCL		; start TSC
+	MV	B0,A4
+	MV	B1,A5
+	.endasmfunc
+
+	.global	_OPENSSL_cleanse
+_OPENSSL_cleanse:
+	.asmfunc
+	ZERO	A3:A2
+||	ZERO	B2
+||	SHRU	B4,3,B0		; is length >= 8
+||	ADD	1,A4,B6
+  [!B0]	BNOP	RA
+||	ZERO	A1
+||	ZERO	B1
+   [B0]	MVC	B0,ILC
+||[!B0]	CMPLT	0,B4,A1
+||[!B0]	CMPLT	1,B4,B1
+   [A1]	STB	A2,*A4++[2]
+|| [B1] STB	B2,*B6++[2]
+||[!B0]	CMPLT	2,B4,A1
+||[!B0]	CMPLT	3,B4,B1
+   [A1]	STB	A2,*A4++[2]
+|| [B1] STB	B2,*B6++[2]
+||[!B0]	CMPLT	4,B4,A1
+||[!B0]	CMPLT	5,B4,B1
+   [A1]	STB	A2,*A4++[2]
+|| [B1] STB	B2,*B6++[2]
+||[!B0]	CMPLT	6,B4,A1
+   [A1]	STB	A2,*A4++[2]
+
+	SPLOOP	1
+	STNDW	A3:A2,*A4++
+||	SUB	B4,8,B4
+	SPKERNEL
+
+	MV	B4,B0		; remaining bytes
+||	ADD	1,A4,B6
+||	BNOP	RA
+   [B0]	CMPLT	0,B0,A1
+|| [B0]	CMPLT	1,B0,B1
+   [A1]	STB	A2,*A4++[2]
+|| [B1] STB	B2,*B6++[2]
+|| [B0]	CMPLT	2,B0,A1
+|| [B0]	CMPLT	3,B0,B1
+   [A1]	STB	A2,*A4++[2]
+|| [B1] STB	B2,*B6++[2]
+|| [B0]	CMPLT	4,B0,A1
+|| [B0]	CMPLT	5,B0,B1
+   [A1]	STB	A2,*A4++[2]
+|| [B1] STB	B2,*B6++[2]
+|| [B0]	CMPLT	6,B0,A1
+   [A1]	STB	A2,*A4++[2]
+	.endasmfunc
+
+	.global	_CRYPTO_memcmp
+_CRYPTO_memcmp:
+	.asmfunc
+	MV	A6,B0
+  [!B0]	BNOP	RA
+||[!B0]	ZERO	A4
+   [B0]	MVC	B0,ILC
+|| [B0]	ZERO	A0
+	NOP	4
+
+	SPLOOP	1
+	LDBU	*A4++,A1
+||	LDBU	*B4++,B1
+	NOP	4
+	XOR.L	B1,A1,A2
+	SPKERNEL 1,0
+||	OR.S	A2,A0,A0
+
+	BNOP	RA,3
+	ZERO.L	A4
+  [A0]	MVK	1,A4
+	.endasmfunc
+
+	.global	_OPENSSL_atomic_add
+_OPENSSL_atomic_add:
+	.asmfunc
+	MV	A4,B0
+atomic_add?:
+	LL	*B0,B5
+	NOP	4
+	ADD	B4,B5,B5
+	SL	B5,*B0
+	CMTL	*B0,B1
+	NOP	4
+  [!B1]	B	atomic_add?
+   [B1]	BNOP	RA,4
+	MV	B5,A4
+	.endasmfunc
+
+	.global	_OPENSSL_wipe_cpu
+_OPENSSL_wipe_cpu:
+	.asmfunc
+	ZERO	A0
+||	ZERO	B0
+||	ZERO	A1
+||	ZERO	B1
+	ZERO	A3:A2
+||	MVD	B0,B2
+||	ZERO	A4
+||	ZERO	B4
+||	ZERO	A5
+||	ZERO	B5
+||	BNOP	RA
+	ZERO	A7:A6
+||	ZERO	B7:B6
+||	ZERO	A8
+||	ZERO	B8
+||	ZERO	A9
+||	ZERO	B9
+	ZERO	A17:A16
+||	ZERO	B17:B16
+||	ZERO	A18
+||	ZERO	B18
+||	ZERO	A19
+||	ZERO	B19
+	ZERO	A21:A20
+||	ZERO	B21:B20
+||	ZERO	A22
+||	ZERO	B22
+||	ZERO	A23
+||	ZERO	B23
+	ZERO	A25:A24
+||	ZERO	B25:B24
+||	ZERO	A26
+||	ZERO	B26
+||	ZERO	A27
+||	ZERO	B27
+	ZERO	A29:A28
+||	ZERO	B29:B28
+||	ZERO	A30
+||	ZERO	B30
+||	ZERO	A31
+||	ZERO	B31
+	.endasmfunc
+
+CLFLUSH	.macro	CONTROL,ADDR,LEN
+	B	passthrough?
+||	STW	ADDR,*CONTROL[0]
+	STW	LEN,*CONTROL[1]
+spinlock?:
+	LDW	*CONTROL[1],A0
+	NOP	3
+passthrough?:
+	NOP
+  [A0]	BNOP	spinlock?,5
+	.endm
+
+	.global	_OPENSSL_instrument_bus
+_OPENSSL_instrument_bus:
+	.asmfunc
+	MV	B4,B0			; reassign sizeof(output)
+||	MV	A4,B4			; reassign output
+||	MVK	0x00004030,A3
+	MV	B0,A4			; return value
+||	MVK	1,A1
+||	MVKH	0x01840000,A3		; L1DWIBAR
+	MVC	TSCL,B8			; collect 1st tick
+||	MVK	0x00004010,A5
+	MV	B8,B9			; lasttick = tick
+||	MVK	0,B7			; lastdiff = 0
+||	MVKH	0x01840000,A5		; L2WIBAR
+	CLFLUSH	A3,B4,A1		; write-back and invalidate L1D line
+	CLFLUSH	A5,B4,A1		; write-back and invalidate L2 line
+	LL	*B4,B5
+	NOP	4
+	ADD	B7,B5,B5
+	SL	B5,*B4
+	CMTL	*B4,B1
+	NOP	4
+	STW	B5,*B4
+bus_loop1?:
+	MVC	TSCL,B8
+|| [B0]	SUB	B0,1,B0
+	SUB	B8,B9,B7		; lastdiff = tick - lasttick
+||	MV	B8,B9			; lasttick = tick
+	CLFLUSH	A3,B4,A1		; write-back and invalidate L1D line
+	CLFLUSH	A5,B4,A1		; write-back and invalidate L2 line
+	LL	*B4,B5
+	NOP	4
+	ADD	B7,B5,B5
+	SL	B5,*B4
+	CMTL	*B4,B1
+	STW	B5,*B4			; [!B1] is removed to flatten samples
+||	ADDK	4,B4
+|| [B0]	BNOP	bus_loop1?,5
+
+	BNOP	RA,5
+	.endasmfunc
+
+	.global	_OPENSSL_instrument_bus2
+_OPENSSL_instrument_bus2:
+	.asmfunc
+	MV	A6,B0			; reassign max
+||	MV	B4,A6			; reassign sizeof(output)
+||	MVK	0x00004030,A3
+	MV	A4,B4			; reassign output
+||	MVK	0,A4			; return value
+||	MVK	1,A1
+||	MVKH	0x01840000,A3		; L1DWIBAR
+
+	MVC	TSCL,B8			; collect 1st tick
+||	MVK	0x00004010,A5
+	MV	B8,B9			; lasttick = tick
+||	MVK	0,B7			; lastdiff = 0
+||	MVKH	0x01840000,A5		; L2WIBAR
+	CLFLUSH	A3,B4,A1		; write-back and invalidate L1D line
+	CLFLUSH	A5,B4,A1		; write-back and invalidate L2 line
+	LL	*B4,B5
+	NOP	4
+	ADD	B7,B5,B5
+	SL	B5,*B4
+	CMTL	*B4,B1
+	NOP	4
+	STW	B5,*B4
+
+	MVC	TSCL,B8			; collect 1st diff
+	SUB	B8,B9,B7		; lastdiff = tick - lasttick
+||	MV	B8,B9			; lasttick = tick
+||	SUB	B0,1,B0
+bus_loop2?:
+	CLFLUSH	A3,B4,A1		; write-back and invalidate L1D line
+	CLFLUSH	A5,B4,A1		; write-back and invalidate L2 line
+	LL	*B4,B5
+	NOP	4
+	ADD	B7,B5,B5
+	SL	B5,*B4
+	CMTL	*B4,B1
+	STW	B5,*B4			; [!B1] is removed to flatten samples
+||[!B0]	BNOP	bus_loop2_done?,2
+||	SUB	B0,1,B0
+	MVC	TSCL,B8
+	SUB	B8,B9,B8
+||	MV	B8,B9
+	CMPEQ	B8,B7,B2
+||	MV	B8,B7
+  [!B2]	ADDAW	B4,1,B4
+||[!B2]	ADDK	1,A4
+	CMPEQ	A4,A6,A2
+  [!A2]	BNOP	bus_loop2?,5
+
+bus_loop2_done?:
+	BNOP	RA,5
+	.endasmfunc
+___
+
+print $code;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/asm/cmll-x86.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/asm/cmll-x86.pl
new file mode 100644
index 000000000..55af9b4e3
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/asm/cmll-x86.pl
@@ -0,0 +1,1150 @@
+#! /usr/bin/env perl
+# Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Copyright (c) 2008 Andy Polyakov <appro@openssl.org>
+#
+# This module may be used under the terms of either the GNU General
+# Public License version 2 or later, the GNU Lesser General Public
+# License version 2.1 or later, the Mozilla Public License version
+# 1.1 or the BSD License. The exact terms of either license are
+# distributed along with this module. For further details see
+# http://www.openssl.org/~appro/camellia/.
+# ====================================================================
+
+# Performance in cycles per processed byte (less is better) in
+# 'openssl speed ...' benchmark:
+#
+#			AMD K8	Core2	PIII	P4
+# -evp camellia-128-ecb	21.5	22.8	27.0	28.9
+# + over gcc 3.4.6	+90/11% +70/10%	+53/4%	+160/64%
+# + over icc 8.0	+48/19% +21/15%	+21/17%	+55/37%
+#
+# camellia-128-cbc	17.3	21.1	23.9	25.9
+#
+# 128-bit key setup	196	280	256	240	cycles/key
+# + over gcc 3.4.6	+30/0%	+17/11%	+11/0%	+63/40%
+# + over icc 8.0	+18/3%	+10/0%	+10/3%	+21/10%
+#
+# Pairs of numbers in "+" rows represent performance improvement over
+# compiler generated position-independent code, PIC, and non-PIC
+# respectively. PIC results are of greater relevance, as this module
+# is position-independent, i.e. suitable for a shared library or PIE.
+# Position independence "costs" one register, which is why compilers
+# are so close with non-PIC results, they have an extra register to
+# spare. CBC results are better than ECB ones thanks to "zero-copy"
+# private _x86_* interface, and are ~30-40% better than with compiler
+# generated cmll_cbc.o, and reach ~80-90% of x86_64 performance on
+# same CPU (where applicable).
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+
+$OPENSSL=1;
+
+$output = pop;
+open STDOUT,">$output";
+
+&asm_init($ARGV[0],$ARGV[$#ARGV] eq "386");
+
+@T=("eax","ebx","ecx","edx");
+$idx="esi";
+$key="edi";
+$Tbl="ebp";
+
+# stack frame layout in _x86_Camellia_* routines, frame is allocated
+# by caller
+$__ra=&DWP(0,"esp");	# return address
+$__s0=&DWP(4,"esp");	# s0 backing store
+$__s1=&DWP(8,"esp");	# s1 backing store
+$__s2=&DWP(12,"esp");	# s2 backing store
+$__s3=&DWP(16,"esp");	# s3 backing store
+$__end=&DWP(20,"esp");	# pointer to end/start of key schedule
+
+# stack frame layout in Camellia_[en|crypt] routines, which differs from
+# above by 4 and overlaps by pointer to end/start of key schedule
+$_end=&DWP(16,"esp");
+$_esp=&DWP(20,"esp");
+
+# const unsigned int Camellia_SBOX[4][256];
+# Well, sort of... Camellia_SBOX[0][] is interleaved with [1][],
+# and [2][] - with [3][]. This is done to optimize code size.
+$SBOX1_1110=0;		# Camellia_SBOX[0]
+$SBOX4_4404=4;		# Camellia_SBOX[1]
+$SBOX2_0222=2048;	# Camellia_SBOX[2]
+$SBOX3_3033=2052;	# Camellia_SBOX[3]
+&static_label("Camellia_SIGMA");
+&static_label("Camellia_SBOX");
+
+sub Camellia_Feistel {
+my $i=@_[0];
+my $seed=defined(@_[1])?@_[1]:0;
+my $scale=$seed<0?-8:8;
+my $frame=defined(@_[2])?@_[2]:0;
+my $j=($i&1)*2;
+my $t0=@T[($j)%4],$t1=@T[($j+1)%4],$t2=@T[($j+2)%4],$t3=@T[($j+3)%4];
+
+	&xor	($t0,$idx);				# t0^=key[0]
+	&xor	($t1,&DWP($seed+$i*$scale+4,$key));	# t1^=key[1]
+	&movz	($idx,&HB($t0));			# (t0>>8)&0xff
+	&mov	($t3,&DWP($SBOX3_3033,$Tbl,$idx,8));	# t3=SBOX3_3033[0]
+	&movz	($idx,&LB($t0));			# (t0>>0)&0xff
+	&xor	($t3,&DWP($SBOX4_4404,$Tbl,$idx,8));	# t3^=SBOX4_4404[0]
+	&shr	($t0,16);
+	&movz	($idx,&LB($t1));			# (t1>>0)&0xff
+	&mov	($t2,&DWP($SBOX1_1110,$Tbl,$idx,8));	# t2=SBOX1_1110[1]
+	&movz	($idx,&HB($t0));			# (t0>>24)&0xff
+	&xor	($t3,&DWP($SBOX1_1110,$Tbl,$idx,8));	# t3^=SBOX1_1110[0]
+	&movz	($idx,&HB($t1));			# (t1>>8)&0xff
+	&xor	($t2,&DWP($SBOX4_4404,$Tbl,$idx,8));	# t2^=SBOX4_4404[1]
+	&shr	($t1,16);
+	&movz	($t0,&LB($t0));				# (t0>>16)&0xff
+	&xor	($t3,&DWP($SBOX2_0222,$Tbl,$t0,8));	# t3^=SBOX2_0222[0]
+	&movz	($idx,&HB($t1));			# (t1>>24)&0xff
+	&mov	($t0,&DWP($frame+4*(($j+3)%4),"esp"));	# prefetch "s3"
+	&xor	($t2,$t3);				# t2^=t3
+	&rotr	($t3,8);				# t3=RightRotate(t3,8)
+	&xor	($t2,&DWP($SBOX2_0222,$Tbl,$idx,8));	# t2^=SBOX2_0222[1]
+	&movz	($idx,&LB($t1));			# (t1>>16)&0xff
+	&mov	($t1,&DWP($frame+4*(($j+2)%4),"esp"));	# prefetch "s2"
+	&xor	($t3,$t0);				# t3^=s3
+	&xor	($t2,&DWP($SBOX3_3033,$Tbl,$idx,8));	# t2^=SBOX3_3033[1]
+	&mov	($idx,&DWP($seed+($i+1)*$scale,$key));	# prefetch key[i+1]
+	&xor	($t3,$t2);				# t3^=t2
+	&mov	(&DWP($frame+4*(($j+3)%4),"esp"),$t3);	# s3=t3
+	&xor	($t2,$t1);				# t2^=s2
+	&mov	(&DWP($frame+4*(($j+2)%4),"esp"),$t2);	# s2=t2
+}
+
+# void Camellia_EncryptBlock_Rounds(
+#		int grandRounds,
+#		const Byte plaintext[],
+#		const KEY_TABLE_TYPE keyTable,
+#		Byte ciphertext[])
+&function_begin("Camellia_EncryptBlock_Rounds");
+	&mov	("eax",&wparam(0));	# load grandRounds
+	&mov	($idx,&wparam(1));	# load plaintext pointer
+	&mov	($key,&wparam(2));	# load key schedule pointer
+
+	&mov	("ebx","esp");
+	&sub	("esp",7*4);		# place for s[0-3],keyEnd,esp and ra
+	&and	("esp",-64);
+
+	# place stack frame just "above mod 1024" the key schedule
+	# this ensures that cache associativity of 2 suffices
+	&lea	("ecx",&DWP(-64-63,$key));
+	&sub	("ecx","esp");
+	&neg	("ecx");
+	&and	("ecx",0x3C0);	# modulo 1024, but aligned to cache-line
+	&sub	("esp","ecx");
+	&add	("esp",4);	# 4 is reserved for callee's return address
+
+	&shl	("eax",6);
+	&lea	("eax",&DWP(0,$key,"eax"));
+	&mov	($_esp,"ebx");	# save %esp
+	&mov	($_end,"eax");	# save keyEnd
+
+	&call	(&label("pic_point"));
+	&set_label("pic_point");
+	&blindpop($Tbl);
+	&lea	($Tbl,&DWP(&label("Camellia_SBOX")."-".&label("pic_point"),$Tbl));
+
+	&mov	(@T[0],&DWP(0,$idx));	# load plaintext
+	&mov	(@T[1],&DWP(4,$idx));
+	&mov	(@T[2],&DWP(8,$idx));
+	&bswap	(@T[0]);
+	&mov	(@T[3],&DWP(12,$idx));
+	&bswap	(@T[1]);
+	&bswap	(@T[2]);
+	&bswap	(@T[3]);
+
+	&call	("_x86_Camellia_encrypt");
+
+	&mov	("esp",$_esp);
+	&bswap	(@T[0]);
+	&mov	($idx,&wparam(3));	# load ciphertext pointer
+	&bswap	(@T[1]);
+	&bswap	(@T[2]);
+	&bswap	(@T[3]);
+	&mov	(&DWP(0,$idx),@T[0]);	# write ciphertext
+	&mov	(&DWP(4,$idx),@T[1]);
+	&mov	(&DWP(8,$idx),@T[2]);
+	&mov	(&DWP(12,$idx),@T[3]);
+&function_end("Camellia_EncryptBlock_Rounds");
+# V1.x API
+&function_begin_B("Camellia_EncryptBlock");
+	&mov	("eax",128);
+	&sub	("eax",&wparam(0));	# load keyBitLength
+	&mov	("eax",3);
+	&adc	("eax",0);		# keyBitLength==128?3:4
+	&mov	(&wparam(0),"eax");
+	&jmp	(&label("Camellia_EncryptBlock_Rounds"));
+&function_end_B("Camellia_EncryptBlock");
+
+if ($OPENSSL) {
+# void Camellia_encrypt(
+#		const unsigned char *in,
+#		unsigned char *out,
+#		const CAMELLIA_KEY *key)
+&function_begin("Camellia_encrypt");
+	&mov	($idx,&wparam(0));	# load plaintext pointer
+	&mov	($key,&wparam(2));	# load key schedule pointer
+
+	&mov	("ebx","esp");
+	&sub	("esp",7*4);		# place for s[0-3],keyEnd,esp and ra
+	&and	("esp",-64);
+	&mov	("eax",&DWP(272,$key));	# load grandRounds counter
+
+	# place stack frame just "above mod 1024" the key schedule
+	# this ensures that cache associativity of 2 suffices
+	&lea	("ecx",&DWP(-64-63,$key));
+	&sub	("ecx","esp");
+	&neg	("ecx");
+	&and	("ecx",0x3C0);	# modulo 1024, but aligned to cache-line
+	&sub	("esp","ecx");
+	&add	("esp",4);	# 4 is reserved for callee's return address
+
+	&shl	("eax",6);
+	&lea	("eax",&DWP(0,$key,"eax"));
+	&mov	($_esp,"ebx");	# save %esp
+	&mov	($_end,"eax");	# save keyEnd
+
+	&call	(&label("pic_point"));
+	&set_label("pic_point");
+	&blindpop($Tbl);
+	&lea	($Tbl,&DWP(&label("Camellia_SBOX")."-".&label("pic_point"),$Tbl));
+
+	&mov	(@T[0],&DWP(0,$idx));	# load plaintext
+	&mov	(@T[1],&DWP(4,$idx));
+	&mov	(@T[2],&DWP(8,$idx));
+	&bswap	(@T[0]);
+	&mov	(@T[3],&DWP(12,$idx));
+	&bswap	(@T[1]);
+	&bswap	(@T[2]);
+	&bswap	(@T[3]);
+
+	&call	("_x86_Camellia_encrypt");
+
+	&mov	("esp",$_esp);
+	&bswap	(@T[0]);
+	&mov	($idx,&wparam(1));	# load ciphertext pointer
+	&bswap	(@T[1]);
+	&bswap	(@T[2]);
+	&bswap	(@T[3]);
+	&mov	(&DWP(0,$idx),@T[0]);	# write ciphertext
+	&mov	(&DWP(4,$idx),@T[1]);
+	&mov	(&DWP(8,$idx),@T[2]);
+	&mov	(&DWP(12,$idx),@T[3]);
+&function_end("Camellia_encrypt");
+}
+
+&function_begin_B("_x86_Camellia_encrypt");
+	&xor	(@T[0],&DWP(0,$key));	# ^=key[0-3]
+	&xor	(@T[1],&DWP(4,$key));
+	&xor	(@T[2],&DWP(8,$key));
+	&xor	(@T[3],&DWP(12,$key));
+	&mov	($idx,&DWP(16,$key));	# prefetch key[4]
+
+	&mov	($__s0,@T[0]);		# save s[0-3]
+	&mov	($__s1,@T[1]);
+	&mov	($__s2,@T[2]);
+	&mov	($__s3,@T[3]);
+
+&set_label("loop",16);
+	for ($i=0;$i<6;$i++) { Camellia_Feistel($i,16,4); }
+
+	&add	($key,16*4);
+	&cmp	($key,$__end);
+	&je	(&label("done"));
+
+	# @T[0-1] are preloaded, $idx is preloaded with key[0]
+	&and	($idx,@T[0]);
+	 &mov	 (@T[3],$__s3);
+	&rotl	($idx,1);
+	 &mov	 (@T[2],@T[3]);
+	&xor	(@T[1],$idx);
+	 &or	 (@T[2],&DWP(12,$key));
+	&mov	($__s1,@T[1]);		# s1^=LeftRotate(s0&key[0],1);
+	 &xor	 (@T[2],$__s2);
+
+	&mov	($idx,&DWP(4,$key));
+	 &mov	 ($__s2,@T[2]);		# s2^=s3|key[3];
+	&or	($idx,@T[1]);
+	 &and	 (@T[2],&DWP(8,$key));
+	&xor	(@T[0],$idx);
+	 &rotl	 (@T[2],1);
+	&mov	($__s0,@T[0]);		# s0^=s1|key[1];
+	 &xor	 (@T[3],@T[2]);
+	&mov	($idx,&DWP(16,$key));		# prefetch key[4]
+	 &mov	 ($__s3,@T[3]);		# s3^=LeftRotate(s2&key[2],1);
+	&jmp	(&label("loop"));
+
+&set_label("done",8);
+	&mov	(@T[2],@T[0]);		# SwapHalf
+	&mov	(@T[3],@T[1]);
+	&mov	(@T[0],$__s2);
+	&mov	(@T[1],$__s3);
+	&xor	(@T[0],$idx);		# $idx is preloaded with key[0]
+	&xor	(@T[1],&DWP(4,$key));
+	&xor	(@T[2],&DWP(8,$key));
+	&xor	(@T[3],&DWP(12,$key));
+	&ret	();
+&function_end_B("_x86_Camellia_encrypt");
+
+# void Camellia_DecryptBlock_Rounds(
+#		int grandRounds,
+#		const Byte ciphertext[],
+#		const KEY_TABLE_TYPE keyTable,
+#		Byte plaintext[])
+&function_begin("Camellia_DecryptBlock_Rounds");
+	&mov	("eax",&wparam(0));	# load grandRounds
+	&mov	($idx,&wparam(1));	# load ciphertext pointer
+	&mov	($key,&wparam(2));	# load key schedule pointer
+
+	&mov	("ebx","esp");
+	&sub	("esp",7*4);		# place for s[0-3],keyEnd,esp and ra
+	&and	("esp",-64);
+
+	# place stack frame just "above mod 1024" the key schedule
+	# this ensures that cache associativity of 2 suffices
+	&lea	("ecx",&DWP(-64-63,$key));
+	&sub	("ecx","esp");
+	&neg	("ecx");
+	&and	("ecx",0x3C0);	# modulo 1024, but aligned to cache-line
+	&sub	("esp","ecx");
+	&add	("esp",4);	# 4 is reserved for callee's return address
+
+	&shl	("eax",6);
+	&mov	(&DWP(4*4,"esp"),$key);	# save keyStart
+	&lea	($key,&DWP(0,$key,"eax"));
+	&mov	(&DWP(5*4,"esp"),"ebx");# save %esp
+
+	&call	(&label("pic_point"));
+	&set_label("pic_point");
+	&blindpop($Tbl);
+	&lea	($Tbl,&DWP(&label("Camellia_SBOX")."-".&label("pic_point"),$Tbl));
+
+	&mov	(@T[0],&DWP(0,$idx));	# load ciphertext
+	&mov	(@T[1],&DWP(4,$idx));
+	&mov	(@T[2],&DWP(8,$idx));
+	&bswap	(@T[0]);
+	&mov	(@T[3],&DWP(12,$idx));
+	&bswap	(@T[1]);
+	&bswap	(@T[2]);
+	&bswap	(@T[3]);
+
+	&call	("_x86_Camellia_decrypt");
+
+	&mov	("esp",&DWP(5*4,"esp"));
+	&bswap	(@T[0]);
+	&mov	($idx,&wparam(3));	# load plaintext pointer
+	&bswap	(@T[1]);
+	&bswap	(@T[2]);
+	&bswap	(@T[3]);
+	&mov	(&DWP(0,$idx),@T[0]);	# write plaintext
+	&mov	(&DWP(4,$idx),@T[1]);
+	&mov	(&DWP(8,$idx),@T[2]);
+	&mov	(&DWP(12,$idx),@T[3]);
+&function_end("Camellia_DecryptBlock_Rounds");
+# V1.x API
+&function_begin_B("Camellia_DecryptBlock");
+	&mov	("eax",128);
+	&sub	("eax",&wparam(0));	# load keyBitLength
+	&mov	("eax",3);
+	&adc	("eax",0);		# keyBitLength==128?3:4
+	&mov	(&wparam(0),"eax");
+	&jmp	(&label("Camellia_DecryptBlock_Rounds"));
+&function_end_B("Camellia_DecryptBlock");
+
+if ($OPENSSL) {
+# void Camellia_decrypt(
+#		const unsigned char *in,
+#		unsigned char *out,
+#		const CAMELLIA_KEY *key)
+&function_begin("Camellia_decrypt");
+	&mov	($idx,&wparam(0));	# load ciphertext pointer
+	&mov	($key,&wparam(2));	# load key schedule pointer
+
+	&mov	("ebx","esp");
+	&sub	("esp",7*4);		# place for s[0-3],keyEnd,esp and ra
+	&and	("esp",-64);
+	&mov	("eax",&DWP(272,$key));	# load grandRounds counter
+
+	# place stack frame just "above mod 1024" the key schedule
+	# this ensures that cache associativity of 2 suffices
+	&lea	("ecx",&DWP(-64-63,$key));
+	&sub	("ecx","esp");
+	&neg	("ecx");
+	&and	("ecx",0x3C0);	# modulo 1024, but aligned to cache-line
+	&sub	("esp","ecx");
+	&add	("esp",4);	# 4 is reserved for callee's return address
+
+	&shl	("eax",6);
+	&mov	(&DWP(4*4,"esp"),$key);	# save keyStart
+	&lea	($key,&DWP(0,$key,"eax"));
+	&mov	(&DWP(5*4,"esp"),"ebx");# save %esp
+
+	&call	(&label("pic_point"));
+	&set_label("pic_point");
+	&blindpop($Tbl);
+	&lea	($Tbl,&DWP(&label("Camellia_SBOX")."-".&label("pic_point"),$Tbl));
+
+	&mov	(@T[0],&DWP(0,$idx));	# load ciphertext
+	&mov	(@T[1],&DWP(4,$idx));
+	&mov	(@T[2],&DWP(8,$idx));
+	&bswap	(@T[0]);
+	&mov	(@T[3],&DWP(12,$idx));
+	&bswap	(@T[1]);
+	&bswap	(@T[2]);
+	&bswap	(@T[3]);
+
+	&call	("_x86_Camellia_decrypt");
+
+	&mov	("esp",&DWP(5*4,"esp"));
+	&bswap	(@T[0]);
+	&mov	($idx,&wparam(1));	# load plaintext pointer
+	&bswap	(@T[1]);
+	&bswap	(@T[2]);
+	&bswap	(@T[3]);
+	&mov	(&DWP(0,$idx),@T[0]);	# write plaintext
+	&mov	(&DWP(4,$idx),@T[1]);
+	&mov	(&DWP(8,$idx),@T[2]);
+	&mov	(&DWP(12,$idx),@T[3]);
+&function_end("Camellia_decrypt");
+}
+
+&function_begin_B("_x86_Camellia_decrypt");
+	&xor	(@T[0],&DWP(0,$key));	# ^=key[0-3]
+	&xor	(@T[1],&DWP(4,$key));
+	&xor	(@T[2],&DWP(8,$key));
+	&xor	(@T[3],&DWP(12,$key));
+	&mov	($idx,&DWP(-8,$key));	# prefetch key[-2]
+
+	&mov	($__s0,@T[0]);		# save s[0-3]
+	&mov	($__s1,@T[1]);
+	&mov	($__s2,@T[2]);
+	&mov	($__s3,@T[3]);
+
+&set_label("loop",16);
+	for ($i=0;$i<6;$i++) { Camellia_Feistel($i,-8,4); }
+
+	&sub	($key,16*4);
+	&cmp	($key,$__end);
+	&je	(&label("done"));
+
+	# @T[0-1] are preloaded, $idx is preloaded with key[2]
+	&and	($idx,@T[0]);
+	 &mov	 (@T[3],$__s3);
+	&rotl	($idx,1);
+	 &mov	 (@T[2],@T[3]);
+	&xor	(@T[1],$idx);
+	 &or	 (@T[2],&DWP(4,$key));
+	&mov	($__s1,@T[1]);		# s1^=LeftRotate(s0&key[0],1);
+	 &xor	 (@T[2],$__s2);
+
+	&mov	($idx,&DWP(12,$key));
+	 &mov	 ($__s2,@T[2]);		# s2^=s3|key[3];
+	&or	($idx,@T[1]);
+	 &and	 (@T[2],&DWP(0,$key));
+	&xor	(@T[0],$idx);
+	 &rotl	 (@T[2],1);
+	&mov	($__s0,@T[0]);		# s0^=s1|key[1];
+	 &xor	 (@T[3],@T[2]);
+	&mov	($idx,&DWP(-8,$key));	# prefetch key[4]
+	 &mov	 ($__s3,@T[3]);		# s3^=LeftRotate(s2&key[2],1);
+	&jmp	(&label("loop"));
+
+&set_label("done",8);
+	&mov	(@T[2],@T[0]);		# SwapHalf
+	&mov	(@T[3],@T[1]);
+	&mov	(@T[0],$__s2);
+	&mov	(@T[1],$__s3);
+	&xor	(@T[2],$idx);		# $idx is preloaded with key[2]
+	&xor	(@T[3],&DWP(12,$key));
+	&xor	(@T[0],&DWP(0,$key));
+	&xor	(@T[1],&DWP(4,$key));
+	&ret	();
+&function_end_B("_x86_Camellia_decrypt");
+
+# shld is very slow on Intel P4 family. Even on AMD it limits
+# instruction decode rate [because it's VectorPath] and consequently
+# performance. PIII, PM and Core[2] seem to be the only ones which
+# execute this code ~7% faster...
+sub __rotl128 {
+  my ($i0,$i1,$i2,$i3,$rot,$rnd,@T)=@_;
+
+    $rnd *= 2;
+    if ($rot) {
+	&mov	($idx,$i0);
+	&shld	($i0,$i1,$rot);
+	&shld	($i1,$i2,$rot);
+	&shld	($i2,$i3,$rot);
+	&shld	($i3,$idx,$rot);
+    }
+    &mov	(&DWP(-128+4*$rnd++,$key),shift(@T))	if ($i0 eq @T[0]);
+    &mov	(&DWP(-128+4*$rnd++,$key),shift(@T))	if ($i1 eq @T[0]);
+    &mov	(&DWP(-128+4*$rnd++,$key),shift(@T))	if ($i2 eq @T[0]);
+    &mov	(&DWP(-128+4*$rnd++,$key),shift(@T))	if ($i3 eq @T[0]);
+}
+
+# ... Implementing 128-bit rotate without shld gives >3x performance
+# improvement on P4, only ~7% degradation on other Intel CPUs and
+# not worse performance on AMD. This is therefore preferred.
+sub _rotl128 {
+  my ($i0,$i1,$i2,$i3,$rot,$rnd,@T)=@_;
+
+    $rnd *= 2;
+    if ($rot) {
+	&mov	($Tbl,$i0);
+	&shl	($i0,$rot);
+	&mov	($idx,$i1);
+	&shr	($idx,32-$rot);
+	&shl	($i1,$rot);
+	&or	($i0,$idx);
+	&mov	($idx,$i2);
+	&shl	($i2,$rot);
+	&mov	(&DWP(-128+4*$rnd++,$key),shift(@T))	if ($i0 eq @T[0]);
+	&shr	($idx,32-$rot);
+	&or	($i1,$idx);
+	&shr	($Tbl,32-$rot);
+	&mov	($idx,$i3);
+	&shr	($idx,32-$rot);
+	&mov	(&DWP(-128+4*$rnd++,$key),shift(@T))	if ($i1 eq @T[0]);
+	&shl	($i3,$rot);
+	&or	($i2,$idx);
+	&or	($i3,$Tbl);
+	&mov	(&DWP(-128+4*$rnd++,$key),shift(@T))	if ($i2 eq @T[0]);
+	&mov	(&DWP(-128+4*$rnd++,$key),shift(@T))	if ($i3 eq @T[0]);
+    } else {
+	&mov	(&DWP(-128+4*$rnd++,$key),shift(@T))	if ($i0 eq @T[0]);
+	&mov	(&DWP(-128+4*$rnd++,$key),shift(@T))	if ($i1 eq @T[0]);
+	&mov	(&DWP(-128+4*$rnd++,$key),shift(@T))	if ($i2 eq @T[0]);
+	&mov	(&DWP(-128+4*$rnd++,$key),shift(@T))	if ($i3 eq @T[0]);
+    }
+}
+
+sub _saveround {
+my ($rnd,$key,@T)=@_;
+my $bias=int(@T[0])?shift(@T):0;
+
+	&mov	(&DWP($bias+$rnd*8+0,$key),@T[0]);
+	&mov	(&DWP($bias+$rnd*8+4,$key),@T[1])	if ($#T>=1);
+	&mov	(&DWP($bias+$rnd*8+8,$key),@T[2])	if ($#T>=2);
+	&mov	(&DWP($bias+$rnd*8+12,$key),@T[3])	if ($#T>=3);
+}
+
+sub _loadround {
+my ($rnd,$key,@T)=@_;
+my $bias=int(@T[0])?shift(@T):0;
+
+	&mov	(@T[0],&DWP($bias+$rnd*8+0,$key));
+	&mov	(@T[1],&DWP($bias+$rnd*8+4,$key))	if ($#T>=1);
+	&mov	(@T[2],&DWP($bias+$rnd*8+8,$key))	if ($#T>=2);
+	&mov	(@T[3],&DWP($bias+$rnd*8+12,$key))	if ($#T>=3);
+}
+
+# void Camellia_Ekeygen(
+#		const int keyBitLength,
+#		const Byte *rawKey,
+#		KEY_TABLE_TYPE keyTable)
+&function_begin("Camellia_Ekeygen");
+{ my $step=0;
+
+	&stack_push(4);				# place for s[0-3]
+
+	&mov	($Tbl,&wparam(0));		# load arguments
+	&mov	($idx,&wparam(1));
+	&mov	($key,&wparam(2));
+
+	&mov	(@T[0],&DWP(0,$idx));		# load 0-127 bits
+	&mov	(@T[1],&DWP(4,$idx));
+	&mov	(@T[2],&DWP(8,$idx));
+	&mov	(@T[3],&DWP(12,$idx));
+
+	&bswap	(@T[0]);
+	&bswap	(@T[1]);
+	&bswap	(@T[2]);
+	&bswap	(@T[3]);
+
+	&_saveround	(0,$key,@T);		# KL<<<0
+
+	&cmp	($Tbl,128);
+	&je	(&label("1st128"));
+
+	&mov	(@T[0],&DWP(16,$idx));		# load 128-191 bits
+	&mov	(@T[1],&DWP(20,$idx));
+	&cmp	($Tbl,192);
+	&je	(&label("1st192"));
+	&mov	(@T[2],&DWP(24,$idx));		# load 192-255 bits
+	&mov	(@T[3],&DWP(28,$idx));
+	&jmp	(&label("1st256"));
+&set_label("1st192",4);
+	&mov	(@T[2],@T[0]);
+	&mov	(@T[3],@T[1]);
+	&not	(@T[2]);
+	&not	(@T[3]);
+&set_label("1st256",4);
+	&bswap	(@T[0]);
+	&bswap	(@T[1]);
+	&bswap	(@T[2]);
+	&bswap	(@T[3]);
+
+	&_saveround	(4,$key,@T);		# temporary storage for KR!
+
+	&xor	(@T[0],&DWP(0*8+0,$key));	# KR^KL
+	&xor	(@T[1],&DWP(0*8+4,$key));
+	&xor	(@T[2],&DWP(1*8+0,$key));
+	&xor	(@T[3],&DWP(1*8+4,$key));
+
+&set_label("1st128",4);
+	&call	(&label("pic_point"));
+	&set_label("pic_point");
+	&blindpop($Tbl);
+	&lea	($Tbl,&DWP(&label("Camellia_SBOX")."-".&label("pic_point"),$Tbl));
+	&lea	($key,&DWP(&label("Camellia_SIGMA")."-".&label("Camellia_SBOX"),$Tbl));
+
+	&mov	($idx,&DWP($step*8,$key));	# prefetch SIGMA[0]
+	&mov	(&swtmp(0),@T[0]);		# save s[0-3]
+	&mov	(&swtmp(1),@T[1]);
+	&mov	(&swtmp(2),@T[2]);
+	&mov	(&swtmp(3),@T[3]);
+	&Camellia_Feistel($step++);
+	&Camellia_Feistel($step++);
+	&mov	(@T[2],&swtmp(2));
+	&mov	(@T[3],&swtmp(3));
+
+	&mov	($idx,&wparam(2));
+	&xor	(@T[0],&DWP(0*8+0,$idx));	# ^KL
+	&xor	(@T[1],&DWP(0*8+4,$idx));
+	&xor	(@T[2],&DWP(1*8+0,$idx));
+	&xor	(@T[3],&DWP(1*8+4,$idx));
+
+	&mov	($idx,&DWP($step*8,$key));	# prefetch SIGMA[4]
+	&mov	(&swtmp(0),@T[0]);		# save s[0-3]
+	&mov	(&swtmp(1),@T[1]);
+	&mov	(&swtmp(2),@T[2]);
+	&mov	(&swtmp(3),@T[3]);
+	&Camellia_Feistel($step++);
+	&Camellia_Feistel($step++);
+	&mov	(@T[2],&swtmp(2));
+	&mov	(@T[3],&swtmp(3));
+
+	&mov	($idx,&wparam(0));
+	&cmp	($idx,128);
+	&jne	(&label("2nd256"));
+
+	&mov	($key,&wparam(2));
+	&lea	($key,&DWP(128,$key));		# size optimization
+
+	####### process KA
+	&_saveround	(2,$key,-128,@T);	# KA<<<0
+	&_rotl128	(@T,15,6,@T);		# KA<<<15
+	&_rotl128	(@T,15,8,@T);		# KA<<<(15+15=30)
+	&_rotl128	(@T,15,12,@T[0],@T[1]);	# KA<<<(30+15=45)
+	&_rotl128	(@T,15,14,@T);		# KA<<<(45+15=60)
+	push		(@T,shift(@T));		# rotl128(@T,32);
+	&_rotl128	(@T,2,20,@T);		# KA<<<(60+32+2=94)
+	&_rotl128	(@T,17,24,@T);		# KA<<<(94+17=111)
+
+	####### process KL
+	&_loadround	(0,$key,-128,@T);	# load KL
+	&_rotl128	(@T,15,4,@T);		# KL<<<15
+	&_rotl128	(@T,30,10,@T);		# KL<<<(15+30=45)
+	&_rotl128	(@T,15,13,@T[2],@T[3]);	# KL<<<(45+15=60)
+	&_rotl128	(@T,17,16,@T);		# KL<<<(60+17=77)
+	&_rotl128	(@T,17,18,@T);		# KL<<<(77+17=94)
+	&_rotl128	(@T,17,22,@T);		# KL<<<(94+17=111)
+
+	while (@T[0] ne "eax")			# restore order
+	{   unshift	(@T,pop(@T));   }
+
+	&mov	("eax",3);			# 3 grandRounds
+	&jmp	(&label("done"));
+
+&set_label("2nd256",16);
+	&mov	($idx,&wparam(2));
+	&_saveround	(6,$idx,@T);		# temporary storage for KA!
+
+	&xor	(@T[0],&DWP(4*8+0,$idx));	# KA^KR
+	&xor	(@T[1],&DWP(4*8+4,$idx));
+	&xor	(@T[2],&DWP(5*8+0,$idx));
+	&xor	(@T[3],&DWP(5*8+4,$idx));
+
+	&mov	($idx,&DWP($step*8,$key));	# prefetch SIGMA[8]
+	&mov	(&swtmp(0),@T[0]);		# save s[0-3]
+	&mov	(&swtmp(1),@T[1]);
+	&mov	(&swtmp(2),@T[2]);
+	&mov	(&swtmp(3),@T[3]);
+	&Camellia_Feistel($step++);
+	&Camellia_Feistel($step++);
+	&mov	(@T[2],&swtmp(2));
+	&mov	(@T[3],&swtmp(3));
+
+	&mov	($key,&wparam(2));
+	&lea	($key,&DWP(128,$key));		# size optimization
+
+	####### process KB
+	&_saveround	(2,$key,-128,@T);	# KB<<<0
+	&_rotl128	(@T,30,10,@T);		# KB<<<30
+	&_rotl128	(@T,30,20,@T);		# KB<<<(30+30=60)
+	push		(@T,shift(@T));		# rotl128(@T,32);
+	&_rotl128	(@T,19,32,@T);		# KB<<<(60+32+19=111)
+
+	####### process KR
+	&_loadround	(4,$key,-128,@T);	# load KR
+	&_rotl128	(@T,15,4,@T);		# KR<<<15
+	&_rotl128	(@T,15,8,@T);		# KR<<<(15+15=30)
+	&_rotl128	(@T,30,18,@T);		# KR<<<(30+30=60)
+	push		(@T,shift(@T));		# rotl128(@T,32);
+	&_rotl128	(@T,2,26,@T);		# KR<<<(60+32+2=94)
+
+	####### process KA
+	&_loadround	(6,$key,-128,@T);	# load KA
+	&_rotl128	(@T,15,6,@T);		# KA<<<15
+	&_rotl128	(@T,30,14,@T);		# KA<<<(15+30=45)
+	push		(@T,shift(@T));		# rotl128(@T,32);
+	&_rotl128	(@T,0,24,@T);		# KA<<<(45+32+0=77)
+	&_rotl128	(@T,17,28,@T);		# KA<<<(77+17=94)
+
+	####### process KL
+	&_loadround	(0,$key,-128,@T);	# load KL
+	push		(@T,shift(@T));		# rotl128(@T,32);
+	&_rotl128	(@T,13,12,@T);		# KL<<<(32+13=45)
+	&_rotl128	(@T,15,16,@T);		# KL<<<(45+15=60)
+	&_rotl128	(@T,17,22,@T);		# KL<<<(60+17=77)
+	push		(@T,shift(@T));		# rotl128(@T,32);
+	&_rotl128	(@T,2,30,@T);		# KL<<<(77+32+2=111)
+
+	while (@T[0] ne "eax")			# restore order
+	{   unshift	(@T,pop(@T));   }
+
+	&mov	("eax",4);			# 4 grandRounds
+&set_label("done");
+	&lea	("edx",&DWP(272-128,$key));	# end of key schedule
+	&stack_pop(4);
+}
+&function_end("Camellia_Ekeygen");
+
+if ($OPENSSL) {
+# int Camellia_set_key (
+#		const unsigned char *userKey,
+#		int bits,
+#		CAMELLIA_KEY *key)
+&function_begin_B("Camellia_set_key");
+	&push	("ebx");
+	&mov	("ecx",&wparam(0));	# pull arguments
+	&mov	("ebx",&wparam(1));
+	&mov	("edx",&wparam(2));
+
+	&mov	("eax",-1);
+	&test	("ecx","ecx");
+	&jz	(&label("done"));	# userKey==NULL?
+	&test	("edx","edx");
+	&jz	(&label("done"));	# key==NULL?
+
+	&mov	("eax",-2);
+	&cmp	("ebx",256);
+	&je	(&label("arg_ok"));	# bits==256?
+	&cmp	("ebx",192);
+	&je	(&label("arg_ok"));	# bits==192?
+	&cmp	("ebx",128);
+	&jne	(&label("done"));	# bits!=128?
+&set_label("arg_ok",4);
+
+	&push	("edx");		# push arguments
+	&push	("ecx");
+	&push	("ebx");
+	&call	("Camellia_Ekeygen");
+	&stack_pop(3);
+
+	# eax holds grandRounds and edx points at where to put it
+	&mov	(&DWP(0,"edx"),"eax");
+	&xor	("eax","eax");
+&set_label("done",4);
+	&pop	("ebx");
+	&ret	();
+&function_end_B("Camellia_set_key");
+}
+
+@SBOX=(
+112,130, 44,236,179, 39,192,229,228,133, 87, 53,234, 12,174, 65,
+ 35,239,107,147, 69, 25,165, 33,237, 14, 79, 78, 29,101,146,189,
+134,184,175,143,124,235, 31,206, 62, 48,220, 95, 94,197, 11, 26,
+166,225, 57,202,213, 71, 93, 61,217,  1, 90,214, 81, 86,108, 77,
+139, 13,154,102,251,204,176, 45,116, 18, 43, 32,240,177,132,153,
+223, 76,203,194, 52,126,118,  5,109,183,169, 49,209, 23,  4,215,
+ 20, 88, 58, 97,222, 27, 17, 28, 50, 15,156, 22, 83, 24,242, 34,
+254, 68,207,178,195,181,122,145, 36,  8,232,168, 96,252,105, 80,
+170,208,160,125,161,137, 98,151, 84, 91, 30,149,224,255,100,210,
+ 16,196,  0, 72,163,247,117,219,138,  3,230,218,  9, 63,221,148,
+135, 92,131,  2,205, 74,144, 51,115,103,246,243,157,127,191,226,
+ 82,155,216, 38,200, 55,198, 59,129,150,111, 75, 19,190, 99, 46,
+233,121,167,140,159,110,188,142, 41,245,249,182, 47,253,180, 89,
+120,152,  6,106,231, 70,113,186,212, 37,171, 66,136,162,141,250,
+114,  7,185, 85,248,238,172, 10, 54, 73, 42,104, 60, 56,241,164,
+ 64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158);
+
+sub S1110 { my $i=shift; $i=@SBOX[$i]; return $i<<24|$i<<16|$i<<8; }
+sub S4404 { my $i=shift; $i=($i<<1|$i>>7)&0xff; $i=@SBOX[$i]; return $i<<24|$i<<16|$i; }
+sub S0222 { my $i=shift; $i=@SBOX[$i]; $i=($i<<1|$i>>7)&0xff; return $i<<16|$i<<8|$i; }
+sub S3033 { my $i=shift; $i=@SBOX[$i]; $i=($i>>1|$i<<7)&0xff; return $i<<24|$i<<8|$i; }
+
+&set_label("Camellia_SIGMA",64);
+&data_word(
+    0xa09e667f, 0x3bcc908b, 0xb67ae858, 0x4caa73b2,
+    0xc6ef372f, 0xe94f82be, 0x54ff53a5, 0xf1d36f1c,
+    0x10e527fa, 0xde682d1d, 0xb05688c2, 0xb3e6c1fd,
+    0,          0,          0,          0);
+&set_label("Camellia_SBOX",64);
+# tables are interleaved, remember?
+for ($i=0;$i<256;$i++) { &data_word(&S1110($i),&S4404($i)); }
+for ($i=0;$i<256;$i++) { &data_word(&S0222($i),&S3033($i)); }
+
+# void Camellia_cbc_encrypt (const void char *inp, unsigned char *out,
+#			size_t length, const CAMELLIA_KEY *key,
+#			unsigned char *ivp,const int enc);
+{
+# stack frame layout
+#             -4(%esp)		# return address	 0(%esp)
+#              0(%esp)		# s0			 4(%esp)
+#              4(%esp)		# s1			 8(%esp)
+#              8(%esp)		# s2			12(%esp)
+#             12(%esp)		# s3			16(%esp)
+#             16(%esp)		# end of key schedule	20(%esp)
+#             20(%esp)		# %esp backup
+my $_inp=&DWP(24,"esp");	#copy of wparam(0)
+my $_out=&DWP(28,"esp");	#copy of wparam(1)
+my $_len=&DWP(32,"esp");	#copy of wparam(2)
+my $_key=&DWP(36,"esp");	#copy of wparam(3)
+my $_ivp=&DWP(40,"esp");	#copy of wparam(4)
+my $ivec=&DWP(44,"esp");	#ivec[16]
+my $_tmp=&DWP(44,"esp");	#volatile variable [yes, aliases with ivec]
+my ($s0,$s1,$s2,$s3) = @T;
+
+&function_begin("Camellia_cbc_encrypt");
+	&mov	($s2 eq "ecx"? $s2 : "",&wparam(2));	# load len
+	&cmp	($s2,0);
+	&je	(&label("enc_out"));
+
+	&pushf	();
+	&cld	();
+
+	&mov	($s0,&wparam(0));	# load inp
+	&mov	($s1,&wparam(1));	# load out
+	#&mov	($s2,&wparam(2));	# load len
+	&mov	($s3,&wparam(3));	# load key
+	&mov	($Tbl,&wparam(4));	# load ivp
+
+	# allocate aligned stack frame...
+	&lea	($idx,&DWP(-64,"esp"));
+	&and	($idx,-64);
+
+	# place stack frame just "above mod 1024" the key schedule
+	# this ensures that cache associativity of 2 suffices
+	&lea	($key,&DWP(-64-63,$s3));
+	&sub	($key,$idx);
+	&neg	($key);
+	&and	($key,0x3C0);	# modulo 1024, but aligned to cache-line
+	&sub	($idx,$key);
+
+	&mov	($key,&wparam(5));	# load enc
+
+	&exch	("esp",$idx);
+	&add	("esp",4);		# reserve for return address!
+	&mov	($_esp,$idx);		# save %esp
+
+	&mov	($_inp,$s0);		# save copy of inp
+	&mov	($_out,$s1);		# save copy of out
+	&mov	($_len,$s2);		# save copy of len
+	&mov	($_key,$s3);		# save copy of key
+	&mov	($_ivp,$Tbl);		# save copy of ivp
+
+	&call   (&label("pic_point"));	# make it PIC!
+	&set_label("pic_point");
+	&blindpop($Tbl);
+	&lea    ($Tbl,&DWP(&label("Camellia_SBOX")."-".&label("pic_point"),$Tbl));
+
+	&mov	($idx,32);
+	&set_label("prefetch_sbox",4);
+		&mov	($s0,&DWP(0,$Tbl));
+		&mov	($s1,&DWP(32,$Tbl));
+		&mov	($s2,&DWP(64,$Tbl));
+		&mov	($s3,&DWP(96,$Tbl));
+		&lea	($Tbl,&DWP(128,$Tbl));
+		&dec	($idx);
+	&jnz	(&label("prefetch_sbox"));
+	&mov	($s0,$_key);
+	&sub	($Tbl,4096);
+	&mov	($idx,$_inp);
+	&mov	($s3,&DWP(272,$s0));		# load grandRounds
+
+	&cmp	($key,0);
+	&je	(&label("DECRYPT"));
+
+	&mov	($s2,$_len);
+	&mov	($key,$_ivp);
+	&shl	($s3,6);
+	&lea	($s3,&DWP(0,$s0,$s3));
+	&mov	($_end,$s3);
+
+	&test	($s2,0xFFFFFFF0);
+	&jz	(&label("enc_tail"));		# short input...
+
+	&mov	($s0,&DWP(0,$key));		# load iv
+	&mov	($s1,&DWP(4,$key));
+
+	&set_label("enc_loop",4);
+		&mov	($s2,&DWP(8,$key));
+		&mov	($s3,&DWP(12,$key));
+
+		&xor	($s0,&DWP(0,$idx));	# xor input data
+		&xor	($s1,&DWP(4,$idx));
+		&xor	($s2,&DWP(8,$idx));
+		&bswap	($s0);
+		&xor	($s3,&DWP(12,$idx));
+		&bswap	($s1);
+		&mov	($key,$_key);		# load key
+		&bswap	($s2);
+		&bswap	($s3);
+
+		&call	("_x86_Camellia_encrypt");
+
+		&mov	($idx,$_inp);		# load inp
+		&mov	($key,$_out);		# load out
+
+		&bswap	($s0);
+		&bswap	($s1);
+		&bswap	($s2);
+		&mov	(&DWP(0,$key),$s0);	# save output data
+		&bswap	($s3);
+		&mov	(&DWP(4,$key),$s1);
+		&mov	(&DWP(8,$key),$s2);
+		&mov	(&DWP(12,$key),$s3);
+
+		&mov	($s2,$_len);		# load len
+
+		&lea	($idx,&DWP(16,$idx));
+		&mov	($_inp,$idx);		# save inp
+
+		&lea	($s3,&DWP(16,$key));
+		&mov	($_out,$s3);		# save out
+
+		&sub	($s2,16);
+		&test	($s2,0xFFFFFFF0);
+		&mov	($_len,$s2);		# save len
+	&jnz	(&label("enc_loop"));
+	&test	($s2,15);
+	&jnz	(&label("enc_tail"));
+	&mov	($idx,$_ivp);		# load ivp
+	&mov	($s2,&DWP(8,$key));	# restore last dwords
+	&mov	($s3,&DWP(12,$key));
+	&mov	(&DWP(0,$idx),$s0);	# save ivec
+	&mov	(&DWP(4,$idx),$s1);
+	&mov	(&DWP(8,$idx),$s2);
+	&mov	(&DWP(12,$idx),$s3);
+
+	&mov	("esp",$_esp);
+	&popf	();
+    &set_label("enc_out");
+	&function_end_A();
+	&pushf	();			# kludge, never executed
+
+    &set_label("enc_tail",4);
+	&mov	($s0,$key eq "edi" ? $key : "");
+	&mov	($key,$_out);			# load out
+	&push	($s0);				# push ivp
+	&mov	($s1,16);
+	&sub	($s1,$s2);
+	&cmp	($key,$idx);			# compare with inp
+	&je	(&label("enc_in_place"));
+	&align	(4);
+	&data_word(0xA4F3F689);	# rep movsb	# copy input
+	&jmp	(&label("enc_skip_in_place"));
+    &set_label("enc_in_place");
+	&lea	($key,&DWP(0,$key,$s2));
+    &set_label("enc_skip_in_place");
+	&mov	($s2,$s1);
+	&xor	($s0,$s0);
+	&align	(4);
+	&data_word(0xAAF3F689);	# rep stosb	# zero tail
+	&pop	($key);				# pop ivp
+
+	&mov	($idx,$_out);			# output as input
+	&mov	($s0,&DWP(0,$key));
+	&mov	($s1,&DWP(4,$key));
+	&mov	($_len,16);			# len=16
+	&jmp	(&label("enc_loop"));		# one more spin...
+
+#----------------------------- DECRYPT -----------------------------#
+&set_label("DECRYPT",16);
+	&shl	($s3,6);
+	&lea	($s3,&DWP(0,$s0,$s3));
+	&mov	($_end,$s0);
+	&mov	($_key,$s3);
+
+	&cmp	($idx,$_out);
+	&je	(&label("dec_in_place"));	# in-place processing...
+
+	&mov	($key,$_ivp);			# load ivp
+	&mov	($_tmp,$key);
+
+	&set_label("dec_loop",4);
+		&mov	($s0,&DWP(0,$idx));	# read input
+		&mov	($s1,&DWP(4,$idx));
+		&mov	($s2,&DWP(8,$idx));
+		&bswap	($s0);
+		&mov	($s3,&DWP(12,$idx));
+		&bswap	($s1);
+		&mov	($key,$_key);		# load key
+		&bswap	($s2);
+		&bswap	($s3);
+
+		&call	("_x86_Camellia_decrypt");
+
+		&mov	($key,$_tmp);		# load ivp
+		&mov	($idx,$_len);		# load len
+
+		&bswap	($s0);
+		&bswap	($s1);
+		&bswap	($s2);
+		&xor	($s0,&DWP(0,$key));	# xor iv
+		&bswap	($s3);
+		&xor	($s1,&DWP(4,$key));
+		&xor	($s2,&DWP(8,$key));
+		&xor	($s3,&DWP(12,$key));
+
+		&sub	($idx,16);
+		&jc	(&label("dec_partial"));
+		&mov	($_len,$idx);		# save len
+		&mov	($idx,$_inp);		# load inp
+		&mov	($key,$_out);		# load out
+
+		&mov	(&DWP(0,$key),$s0);	# write output
+		&mov	(&DWP(4,$key),$s1);
+		&mov	(&DWP(8,$key),$s2);
+		&mov	(&DWP(12,$key),$s3);
+
+		&mov	($_tmp,$idx);		# save ivp
+		&lea	($idx,&DWP(16,$idx));
+		&mov	($_inp,$idx);		# save inp
+
+		&lea	($key,&DWP(16,$key));
+		&mov	($_out,$key);		# save out
+
+	&jnz	(&label("dec_loop"));
+	&mov	($key,$_tmp);		# load temp ivp
+    &set_label("dec_end");
+	&mov	($idx,$_ivp);		# load user ivp
+	&mov	($s0,&DWP(0,$key));	# load iv
+	&mov	($s1,&DWP(4,$key));
+	&mov	($s2,&DWP(8,$key));
+	&mov	($s3,&DWP(12,$key));
+	&mov	(&DWP(0,$idx),$s0);	# copy back to user
+	&mov	(&DWP(4,$idx),$s1);
+	&mov	(&DWP(8,$idx),$s2);
+	&mov	(&DWP(12,$idx),$s3);
+	&jmp	(&label("dec_out"));
+
+    &set_label("dec_partial",4);
+	&lea	($key,$ivec);
+	&mov	(&DWP(0,$key),$s0);	# dump output to stack
+	&mov	(&DWP(4,$key),$s1);
+	&mov	(&DWP(8,$key),$s2);
+	&mov	(&DWP(12,$key),$s3);
+	&lea	($s2 eq "ecx" ? $s2 : "",&DWP(16,$idx));
+	&mov	($idx eq "esi" ? $idx : "",$key);
+	&mov	($key eq "edi" ? $key : "",$_out);	# load out
+	&data_word(0xA4F3F689);	# rep movsb		# copy output
+	&mov	($key,$_inp);				# use inp as temp ivp
+	&jmp	(&label("dec_end"));
+
+    &set_label("dec_in_place",4);
+	&set_label("dec_in_place_loop");
+		&lea	($key,$ivec);
+		&mov	($s0,&DWP(0,$idx));	# read input
+		&mov	($s1,&DWP(4,$idx));
+		&mov	($s2,&DWP(8,$idx));
+		&mov	($s3,&DWP(12,$idx));
+
+		&mov	(&DWP(0,$key),$s0);	# copy to temp
+		&mov	(&DWP(4,$key),$s1);
+		&mov	(&DWP(8,$key),$s2);
+		&bswap	($s0);
+		&mov	(&DWP(12,$key),$s3);
+		&bswap	($s1);
+		&mov	($key,$_key);		# load key
+		&bswap	($s2);
+		&bswap	($s3);
+
+		&call	("_x86_Camellia_decrypt");
+
+		&mov	($key,$_ivp);		# load ivp
+		&mov	($idx,$_out);		# load out
+
+		&bswap	($s0);
+		&bswap	($s1);
+		&bswap	($s2);
+		&xor	($s0,&DWP(0,$key));	# xor iv
+		&bswap	($s3);
+		&xor	($s1,&DWP(4,$key));
+		&xor	($s2,&DWP(8,$key));
+		&xor	($s3,&DWP(12,$key));
+
+		&mov	(&DWP(0,$idx),$s0);	# write output
+		&mov	(&DWP(4,$idx),$s1);
+		&mov	(&DWP(8,$idx),$s2);
+		&mov	(&DWP(12,$idx),$s3);
+
+		&lea	($idx,&DWP(16,$idx));
+		&mov	($_out,$idx);		# save out
+
+		&lea	($idx,$ivec);
+		&mov	($s0,&DWP(0,$idx));	# read temp
+		&mov	($s1,&DWP(4,$idx));
+		&mov	($s2,&DWP(8,$idx));
+		&mov	($s3,&DWP(12,$idx));
+
+		&mov	(&DWP(0,$key),$s0);	# copy iv
+		&mov	(&DWP(4,$key),$s1);
+		&mov	(&DWP(8,$key),$s2);
+		&mov	(&DWP(12,$key),$s3);
+
+		&mov	($idx,$_inp);		# load inp
+
+		&lea	($idx,&DWP(16,$idx));
+		&mov	($_inp,$idx);		# save inp
+
+		&mov	($s2,$_len);		# load len
+		&sub	($s2,16);
+		&jc	(&label("dec_in_place_partial"));
+		&mov	($_len,$s2);		# save len
+	&jnz	(&label("dec_in_place_loop"));
+	&jmp	(&label("dec_out"));
+
+    &set_label("dec_in_place_partial",4);
+	# one can argue if this is actually required...
+	&mov	($key eq "edi" ? $key : "",$_out);
+	&lea	($idx eq "esi" ? $idx : "",$ivec);
+	&lea	($key,&DWP(0,$key,$s2));
+	&lea	($idx,&DWP(16,$idx,$s2));
+	&neg	($s2 eq "ecx" ? $s2 : "");
+	&data_word(0xA4F3F689);	# rep movsb	# restore tail
+
+    &set_label("dec_out",4);
+    &mov	("esp",$_esp);
+    &popf	();
+&function_end("Camellia_cbc_encrypt");
+}
+
+&asciz("Camellia for x86 by <appro\@openssl.org>");
+
+&asm_finish();
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/asm/cmll-x86_64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/asm/cmll-x86_64.pl
new file mode 100644
index 000000000..02c52c3ef
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/asm/cmll-x86_64.pl
@@ -0,0 +1,1145 @@
+#! /usr/bin/env perl
+# Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Copyright (c) 2008 Andy Polyakov <appro@openssl.org>
+#
+# This module may be used under the terms of either the GNU General
+# Public License version 2 or later, the GNU Lesser General Public
+# License version 2.1 or later, the Mozilla Public License version
+# 1.1 or the BSD License. The exact terms of either license are
+# distributed along with this module. For further details see
+# http://www.openssl.org/~appro/camellia/.
+# ====================================================================
+
+# Performance in cycles per processed byte (less is better) in
+# 'openssl speed ...' benchmark:
+#
+#			AMD64	Core2	EM64T
+# -evp camellia-128-ecb	16.7	21.0	22.7
+# + over gcc 3.4.6	+25%	+5%	0%
+#
+# camellia-128-cbc	15.7	20.4	21.1
+#
+# 128-bit key setup	128	216	205	cycles/key
+# + over gcc 3.4.6	+54%	+39%	+15%
+#
+# Numbers in "+" rows represent performance improvement over compiler
+# generated code. Key setup timings are impressive on AMD and Core2
+# thanks to 64-bit operations being covertly deployed. Improvement on
+# EM64T, pre-Core2 Intel x86_64 CPU, is not as impressive, because it
+# apparently emulates some of 64-bit operations in [32-bit] microcode.
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+sub hi() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1h/;    $r; }
+sub lo() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1l/;
+                        $r =~ s/%[er]([sd]i)/%\1l/;
+                        $r =~ s/%(r[0-9]+)[d]?/%\1b/;   $r; }
+
+$t0="%eax";$t1="%ebx";$t2="%ecx";$t3="%edx";
+@S=("%r8d","%r9d","%r10d","%r11d");
+$i0="%esi";
+$i1="%edi";
+$Tbl="%rbp";	# size optimization
+$inp="%r12";
+$out="%r13";
+$key="%r14";
+$keyend="%r15";
+$arg0d=$win64?"%ecx":"%edi";
+
+# const unsigned int Camellia_SBOX[4][256];
+# Well, sort of... Camellia_SBOX[0][] is interleaved with [1][],
+# and [2][] - with [3][]. This is done to minimize code size.
+$SBOX1_1110=0;		# Camellia_SBOX[0]
+$SBOX4_4404=4;		# Camellia_SBOX[1]
+$SBOX2_0222=2048;	# Camellia_SBOX[2]
+$SBOX3_3033=2052;	# Camellia_SBOX[3]
+
+sub Camellia_Feistel {
+my $i=@_[0];
+my $seed=defined(@_[1])?@_[1]:0;
+my $scale=$seed<0?-8:8;
+my $j=($i&1)*2;
+my ($s0,$s1,$s2,$s3)=(@S[($j)%4],@S[($j+1)%4],@S[($j+2)%4],@S[($j+3)%4]);
+
+$code.=<<___;
+	xor	$s0,$t0				# t0^=key[0]
+	xor	$s1,$t1				# t1^=key[1]
+	movz	`&hi("$t0")`,$i0		# (t0>>8)&0xff
+	movz	`&lo("$t1")`,$i1		# (t1>>0)&0xff
+	mov	$SBOX3_3033($Tbl,$i0,8),$t3	# t3=SBOX3_3033[0]
+	mov	$SBOX1_1110($Tbl,$i1,8),$t2	# t2=SBOX1_1110[1]
+	movz	`&lo("$t0")`,$i0		# (t0>>0)&0xff
+	shr	\$16,$t0
+	movz	`&hi("$t1")`,$i1		# (t1>>8)&0xff
+	xor	$SBOX4_4404($Tbl,$i0,8),$t3	# t3^=SBOX4_4404[0]
+	shr	\$16,$t1
+	xor	$SBOX4_4404($Tbl,$i1,8),$t2	# t2^=SBOX4_4404[1]
+	movz	`&hi("$t0")`,$i0		# (t0>>24)&0xff
+	movz	`&lo("$t1")`,$i1		# (t1>>16)&0xff
+	xor	$SBOX1_1110($Tbl,$i0,8),$t3	# t3^=SBOX1_1110[0]
+	xor	$SBOX3_3033($Tbl,$i1,8),$t2	# t2^=SBOX3_3033[1]
+	movz	`&lo("$t0")`,$i0		# (t0>>16)&0xff
+	movz	`&hi("$t1")`,$i1		# (t1>>24)&0xff
+	xor	$SBOX2_0222($Tbl,$i0,8),$t3	# t3^=SBOX2_0222[0]
+	xor	$SBOX2_0222($Tbl,$i1,8),$t2	# t2^=SBOX2_0222[1]
+	mov	`$seed+($i+1)*$scale`($key),$t1	# prefetch key[i+1]
+	mov	`$seed+($i+1)*$scale+4`($key),$t0
+	xor	$t3,$t2				# t2^=t3
+	ror	\$8,$t3				# t3=RightRotate(t3,8)
+	xor	$t2,$s2
+	xor	$t2,$s3
+	xor	$t3,$s3
+___
+}
+
+# void Camellia_EncryptBlock_Rounds(
+#		int grandRounds,
+#		const Byte plaintext[],
+#		const KEY_TABLE_TYPE keyTable,
+#		Byte ciphertext[])
+$code=<<___;
+.text
+
+# V1.x API
+.globl	Camellia_EncryptBlock
+.type	Camellia_EncryptBlock,\@abi-omnipotent
+.align	16
+Camellia_EncryptBlock:
+	movl	\$128,%eax
+	subl	$arg0d,%eax
+	movl	\$3,$arg0d
+	adcl	\$0,$arg0d	# keyBitLength==128?3:4
+	jmp	.Lenc_rounds
+.size	Camellia_EncryptBlock,.-Camellia_EncryptBlock
+# V2
+.globl	Camellia_EncryptBlock_Rounds
+.type	Camellia_EncryptBlock_Rounds,\@function,4
+.align	16
+.Lenc_rounds:
+Camellia_EncryptBlock_Rounds:
+.cfi_startproc
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+.Lenc_prologue:
+
+	#mov	%rsi,$inp		# put away arguments
+	mov	%rcx,$out
+	mov	%rdx,$key
+
+	shl	\$6,%edi		# process grandRounds
+	lea	.LCamellia_SBOX(%rip),$Tbl
+	lea	($key,%rdi),$keyend
+
+	mov	0(%rsi),@S[0]		# load plaintext
+	mov	4(%rsi),@S[1]
+	mov	8(%rsi),@S[2]
+	bswap	@S[0]
+	mov	12(%rsi),@S[3]
+	bswap	@S[1]
+	bswap	@S[2]
+	bswap	@S[3]
+
+	call	_x86_64_Camellia_encrypt
+
+	bswap	@S[0]
+	bswap	@S[1]
+	bswap	@S[2]
+	mov	@S[0],0($out)
+	bswap	@S[3]
+	mov	@S[1],4($out)
+	mov	@S[2],8($out)
+	mov	@S[3],12($out)
+
+	mov	0(%rsp),%r15
+.cfi_restore	%r15
+	mov	8(%rsp),%r14
+.cfi_restore	%r14
+	mov	16(%rsp),%r13
+.cfi_restore	%r13
+	mov	24(%rsp),%rbp
+.cfi_restore	%rbp
+	mov	32(%rsp),%rbx
+.cfi_restore	%rbx
+	lea	40(%rsp),%rsp
+.cfi_adjust_cfa_offset	-40
+.Lenc_epilogue:
+	ret
+.cfi_endproc
+.size	Camellia_EncryptBlock_Rounds,.-Camellia_EncryptBlock_Rounds
+
+.type	_x86_64_Camellia_encrypt,\@abi-omnipotent
+.align	16
+_x86_64_Camellia_encrypt:
+	xor	0($key),@S[1]
+	xor	4($key),@S[0]		# ^=key[0-3]
+	xor	8($key),@S[3]
+	xor	12($key),@S[2]
+.align	16
+.Leloop:
+	mov	16($key),$t1		# prefetch key[4-5]
+	mov	20($key),$t0
+
+___
+	for ($i=0;$i<6;$i++) { Camellia_Feistel($i,16); }
+$code.=<<___;
+	lea	16*4($key),$key
+	cmp	$keyend,$key
+	mov	8($key),$t3		# prefetch key[2-3]
+	mov	12($key),$t2
+	je	.Ledone
+
+	and	@S[0],$t0
+	or	@S[3],$t3
+	rol	\$1,$t0
+	xor	$t3,@S[2]		# s2^=s3|key[3];
+	xor	$t0,@S[1]		# s1^=LeftRotate(s0&key[0],1);
+	and	@S[2],$t2
+	or	@S[1],$t1
+	rol	\$1,$t2
+	xor	$t1,@S[0]		# s0^=s1|key[1];
+	xor	$t2,@S[3]		# s3^=LeftRotate(s2&key[2],1);
+	jmp	.Leloop
+
+.align	16
+.Ledone:
+	xor	@S[2],$t0		# SwapHalf
+	xor	@S[3],$t1
+	xor	@S[0],$t2
+	xor	@S[1],$t3
+
+	mov	$t0,@S[0]
+	mov	$t1,@S[1]
+	mov	$t2,@S[2]
+	mov	$t3,@S[3]
+
+	.byte	0xf3,0xc3		# rep ret
+.size	_x86_64_Camellia_encrypt,.-_x86_64_Camellia_encrypt
+
+# V1.x API
+.globl	Camellia_DecryptBlock
+.type	Camellia_DecryptBlock,\@abi-omnipotent
+.align	16
+Camellia_DecryptBlock:
+	movl	\$128,%eax
+	subl	$arg0d,%eax
+	movl	\$3,$arg0d
+	adcl	\$0,$arg0d	# keyBitLength==128?3:4
+	jmp	.Ldec_rounds
+.size	Camellia_DecryptBlock,.-Camellia_DecryptBlock
+# V2
+.globl	Camellia_DecryptBlock_Rounds
+.type	Camellia_DecryptBlock_Rounds,\@function,4
+.align	16
+.Ldec_rounds:
+Camellia_DecryptBlock_Rounds:
+.cfi_startproc
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+.Ldec_prologue:
+
+	#mov	%rsi,$inp		# put away arguments
+	mov	%rcx,$out
+	mov	%rdx,$keyend
+
+	shl	\$6,%edi		# process grandRounds
+	lea	.LCamellia_SBOX(%rip),$Tbl
+	lea	($keyend,%rdi),$key
+
+	mov	0(%rsi),@S[0]		# load plaintext
+	mov	4(%rsi),@S[1]
+	mov	8(%rsi),@S[2]
+	bswap	@S[0]
+	mov	12(%rsi),@S[3]
+	bswap	@S[1]
+	bswap	@S[2]
+	bswap	@S[3]
+
+	call	_x86_64_Camellia_decrypt
+
+	bswap	@S[0]
+	bswap	@S[1]
+	bswap	@S[2]
+	mov	@S[0],0($out)
+	bswap	@S[3]
+	mov	@S[1],4($out)
+	mov	@S[2],8($out)
+	mov	@S[3],12($out)
+
+	mov	0(%rsp),%r15
+.cfi_restore	%r15
+	mov	8(%rsp),%r14
+.cfi_restore	%r14
+	mov	16(%rsp),%r13
+.cfi_restore	%r13
+	mov	24(%rsp),%rbp
+.cfi_restore	%rbp
+	mov	32(%rsp),%rbx
+.cfi_restore	%rbx
+	lea	40(%rsp),%rsp
+.cfi_adjust_cfa_offset	-40
+.Ldec_epilogue:
+	ret
+.cfi_endproc
+.size	Camellia_DecryptBlock_Rounds,.-Camellia_DecryptBlock_Rounds
+
+.type	_x86_64_Camellia_decrypt,\@abi-omnipotent
+.align	16
+_x86_64_Camellia_decrypt:
+	xor	0($key),@S[1]
+	xor	4($key),@S[0]		# ^=key[0-3]
+	xor	8($key),@S[3]
+	xor	12($key),@S[2]
+.align	16
+.Ldloop:
+	mov	-8($key),$t1		# prefetch key[4-5]
+	mov	-4($key),$t0
+
+___
+	for ($i=0;$i<6;$i++) { Camellia_Feistel($i,-8); }
+$code.=<<___;
+	lea	-16*4($key),$key
+	cmp	$keyend,$key
+	mov	0($key),$t3		# prefetch key[2-3]
+	mov	4($key),$t2
+	je	.Lddone
+
+	and	@S[0],$t0
+	or	@S[3],$t3
+	rol	\$1,$t0
+	xor	$t3,@S[2]		# s2^=s3|key[3];
+	xor	$t0,@S[1]		# s1^=LeftRotate(s0&key[0],1);
+	and	@S[2],$t2
+	or	@S[1],$t1
+	rol	\$1,$t2
+	xor	$t1,@S[0]		# s0^=s1|key[1];
+	xor	$t2,@S[3]		# s3^=LeftRotate(s2&key[2],1);
+
+	jmp	.Ldloop
+
+.align	16
+.Lddone:
+	xor	@S[2],$t2
+	xor	@S[3],$t3
+	xor	@S[0],$t0
+	xor	@S[1],$t1
+
+	mov	$t2,@S[0]		# SwapHalf
+	mov	$t3,@S[1]
+	mov	$t0,@S[2]
+	mov	$t1,@S[3]
+
+	.byte	0xf3,0xc3		# rep ret
+.size	_x86_64_Camellia_decrypt,.-_x86_64_Camellia_decrypt
+___
+
+sub _saveround {
+my ($rnd,$key,@T)=@_;
+my $bias=int(@T[0])?shift(@T):0;
+
+    if ($#T==3) {
+	$code.=<<___;
+	mov	@T[1],`$bias+$rnd*8+0`($key)
+	mov	@T[0],`$bias+$rnd*8+4`($key)
+	mov	@T[3],`$bias+$rnd*8+8`($key)
+	mov	@T[2],`$bias+$rnd*8+12`($key)
+___
+    } else {
+	$code.="	mov	@T[0],`$bias+$rnd*8+0`($key)\n";
+	$code.="	mov	@T[1],`$bias+$rnd*8+8`($key)\n"	if ($#T>=1);
+    }
+}
+
+sub _loadround {
+my ($rnd,$key,@T)=@_;
+my $bias=int(@T[0])?shift(@T):0;
+
+$code.="	mov	`$bias+$rnd*8+0`($key),@T[0]\n";
+$code.="	mov	`$bias+$rnd*8+8`($key),@T[1]\n"	if ($#T>=1);
+}
+
+# shld is very slow on Intel EM64T family. Even on AMD it limits
+# instruction decode rate [because it's VectorPath] and consequently
+# performance...
+sub __rotl128 {
+my ($i0,$i1,$rot)=@_;
+
+    if ($rot) {
+	$code.=<<___;
+	mov	$i0,%r11
+	shld	\$$rot,$i1,$i0
+	shld	\$$rot,%r11,$i1
+___
+    }
+}
+
+# ... Implementing 128-bit rotate without shld gives 80% better
+# performance EM64T, +15% on AMD64 and only ~7% degradation on
+# Core2. This is therefore preferred.
+sub _rotl128 {
+my ($i0,$i1,$rot)=@_;
+
+    if ($rot) {
+	$code.=<<___;
+	mov	$i0,%r11
+	shl	\$$rot,$i0
+	mov	$i1,%r9
+	shr	\$`64-$rot`,%r9
+	shr	\$`64-$rot`,%r11
+	or	%r9,$i0
+	shl	\$$rot,$i1
+	or	%r11,$i1
+___
+    }
+}
+
+{ my $step=0;
+
+$code.=<<___;
+.globl	Camellia_Ekeygen
+.type	Camellia_Ekeygen,\@function,3
+.align	16
+Camellia_Ekeygen:
+.cfi_startproc
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+.Lkey_prologue:
+
+	mov	%edi,${keyend}d		# put away arguments, keyBitLength
+	mov	%rdx,$out		# keyTable
+
+	mov	0(%rsi),@S[0]		# load 0-127 bits
+	mov	4(%rsi),@S[1]
+	mov	8(%rsi),@S[2]
+	mov	12(%rsi),@S[3]
+
+	bswap	@S[0]
+	bswap	@S[1]
+	bswap	@S[2]
+	bswap	@S[3]
+___
+	&_saveround	(0,$out,@S);	# KL<<<0
+$code.=<<___;
+	cmp	\$128,$keyend		# check keyBitLength
+	je	.L1st128
+
+	mov	16(%rsi),@S[0]		# load 128-191 bits
+	mov	20(%rsi),@S[1]
+	cmp	\$192,$keyend
+	je	.L1st192
+	mov	24(%rsi),@S[2]		# load 192-255 bits
+	mov	28(%rsi),@S[3]
+	jmp	.L1st256
+.L1st192:
+	mov	@S[0],@S[2]
+	mov	@S[1],@S[3]
+	not	@S[2]
+	not	@S[3]
+.L1st256:
+	bswap	@S[0]
+	bswap	@S[1]
+	bswap	@S[2]
+	bswap	@S[3]
+___
+	&_saveround	(4,$out,@S);	# temp storage for KR!
+$code.=<<___;
+	xor	0($out),@S[1]		# KR^KL
+	xor	4($out),@S[0]
+	xor	8($out),@S[3]
+	xor	12($out),@S[2]
+
+.L1st128:
+	lea	.LCamellia_SIGMA(%rip),$key
+	lea	.LCamellia_SBOX(%rip),$Tbl
+
+	mov	0($key),$t1
+	mov	4($key),$t0
+___
+	&Camellia_Feistel($step++);
+	&Camellia_Feistel($step++);
+$code.=<<___;
+	xor	0($out),@S[1]		# ^KL
+	xor	4($out),@S[0]
+	xor	8($out),@S[3]
+	xor	12($out),@S[2]
+___
+	&Camellia_Feistel($step++);
+	&Camellia_Feistel($step++);
+$code.=<<___;
+	cmp	\$128,$keyend
+	jne	.L2nd256
+
+	lea	128($out),$out		# size optimization
+	shl	\$32,%r8		# @S[0]||
+	shl	\$32,%r10		# @S[2]||
+	or	%r9,%r8			# ||@S[1]
+	or	%r11,%r10		# ||@S[3]
+___
+	&_loadround	(0,$out,-128,"%rax","%rbx");	# KL
+	&_saveround	(2,$out,-128,"%r8","%r10");	# KA<<<0
+	&_rotl128	("%rax","%rbx",15);
+	&_saveround	(4,$out,-128,"%rax","%rbx");	# KL<<<15
+	&_rotl128	("%r8","%r10",15);
+	&_saveround	(6,$out,-128,"%r8","%r10");	# KA<<<15
+	&_rotl128	("%r8","%r10",15);		# 15+15=30
+	&_saveround	(8,$out,-128,"%r8","%r10");	# KA<<<30
+	&_rotl128	("%rax","%rbx",30);		# 15+30=45
+	&_saveround	(10,$out,-128,"%rax","%rbx");	# KL<<<45
+	&_rotl128	("%r8","%r10",15);		# 30+15=45
+	&_saveround	(12,$out,-128,"%r8");		# KA<<<45
+	&_rotl128	("%rax","%rbx",15);		# 45+15=60
+	&_saveround	(13,$out,-128,"%rbx");		# KL<<<60
+	&_rotl128	("%r8","%r10",15);		# 45+15=60
+	&_saveround	(14,$out,-128,"%r8","%r10");	# KA<<<60
+	&_rotl128	("%rax","%rbx",17);		# 60+17=77
+	&_saveround	(16,$out,-128,"%rax","%rbx");	# KL<<<77
+	&_rotl128	("%rax","%rbx",17);		# 77+17=94
+	&_saveround	(18,$out,-128,"%rax","%rbx");	# KL<<<94
+	&_rotl128	("%r8","%r10",34);		# 60+34=94
+	&_saveround	(20,$out,-128,"%r8","%r10");	# KA<<<94
+	&_rotl128	("%rax","%rbx",17);		# 94+17=111
+	&_saveround	(22,$out,-128,"%rax","%rbx");	# KL<<<111
+	&_rotl128	("%r8","%r10",17);		# 94+17=111
+	&_saveround	(24,$out,-128,"%r8","%r10");	# KA<<<111
+$code.=<<___;
+	mov	\$3,%eax
+	jmp	.Ldone
+.align	16
+.L2nd256:
+___
+	&_saveround	(6,$out,@S);	# temp storage for KA!
+$code.=<<___;
+	xor	`4*8+0`($out),@S[1]	# KA^KR
+	xor	`4*8+4`($out),@S[0]
+	xor	`5*8+0`($out),@S[3]
+	xor	`5*8+4`($out),@S[2]
+___
+	&Camellia_Feistel($step++);
+	&Camellia_Feistel($step++);
+
+	&_loadround	(0,$out,"%rax","%rbx");	# KL
+	&_loadround	(4,$out,"%rcx","%rdx");	# KR
+	&_loadround	(6,$out,"%r14","%r15");	# KA
+$code.=<<___;
+	lea	128($out),$out		# size optimization
+	shl	\$32,%r8		# @S[0]||
+	shl	\$32,%r10		# @S[2]||
+	or	%r9,%r8			# ||@S[1]
+	or	%r11,%r10		# ||@S[3]
+___
+	&_saveround	(2,$out,-128,"%r8","%r10");	# KB<<<0
+	&_rotl128	("%rcx","%rdx",15);
+	&_saveround	(4,$out,-128,"%rcx","%rdx");	# KR<<<15
+	&_rotl128	("%r14","%r15",15);
+	&_saveround	(6,$out,-128,"%r14","%r15");	# KA<<<15
+	&_rotl128	("%rcx","%rdx",15);		# 15+15=30
+	&_saveround	(8,$out,-128,"%rcx","%rdx");	# KR<<<30
+	&_rotl128	("%r8","%r10",30);
+	&_saveround	(10,$out,-128,"%r8","%r10");	# KB<<<30
+	&_rotl128	("%rax","%rbx",45);
+	&_saveround	(12,$out,-128,"%rax","%rbx");	# KL<<<45
+	&_rotl128	("%r14","%r15",30);		# 15+30=45
+	&_saveround	(14,$out,-128,"%r14","%r15");	# KA<<<45
+	&_rotl128	("%rax","%rbx",15);		# 45+15=60
+	&_saveround	(16,$out,-128,"%rax","%rbx");	# KL<<<60
+	&_rotl128	("%rcx","%rdx",30);		# 30+30=60
+	&_saveround	(18,$out,-128,"%rcx","%rdx");	# KR<<<60
+	&_rotl128	("%r8","%r10",30);		# 30+30=60
+	&_saveround	(20,$out,-128,"%r8","%r10");	# KB<<<60
+	&_rotl128	("%rax","%rbx",17);		# 60+17=77
+	&_saveround	(22,$out,-128,"%rax","%rbx");	# KL<<<77
+	&_rotl128	("%r14","%r15",32);		# 45+32=77
+	&_saveround	(24,$out,-128,"%r14","%r15");	# KA<<<77
+	&_rotl128	("%rcx","%rdx",34);		# 60+34=94
+	&_saveround	(26,$out,-128,"%rcx","%rdx");	# KR<<<94
+	&_rotl128	("%r14","%r15",17);		# 77+17=94
+	&_saveround	(28,$out,-128,"%r14","%r15");	# KA<<<77
+	&_rotl128	("%rax","%rbx",34);		# 77+34=111
+	&_saveround	(30,$out,-128,"%rax","%rbx");	# KL<<<111
+	&_rotl128	("%r8","%r10",51);		# 60+51=111
+	&_saveround	(32,$out,-128,"%r8","%r10");	# KB<<<111
+$code.=<<___;
+	mov	\$4,%eax
+.Ldone:
+	mov	0(%rsp),%r15
+.cfi_restore	%r15
+	mov	8(%rsp),%r14
+.cfi_restore	%r14
+	mov	16(%rsp),%r13
+.cfi_restore	%r13
+	mov	24(%rsp),%rbp
+.cfi_restore	%rbp
+	mov	32(%rsp),%rbx
+.cfi_restore	%rbx
+	lea	40(%rsp),%rsp
+.cfi_adjust_cfa_offset	-40
+.Lkey_epilogue:
+	ret
+.cfi_endproc
+.size	Camellia_Ekeygen,.-Camellia_Ekeygen
+___
+}
+
+@SBOX=(
+112,130, 44,236,179, 39,192,229,228,133, 87, 53,234, 12,174, 65,
+ 35,239,107,147, 69, 25,165, 33,237, 14, 79, 78, 29,101,146,189,
+134,184,175,143,124,235, 31,206, 62, 48,220, 95, 94,197, 11, 26,
+166,225, 57,202,213, 71, 93, 61,217,  1, 90,214, 81, 86,108, 77,
+139, 13,154,102,251,204,176, 45,116, 18, 43, 32,240,177,132,153,
+223, 76,203,194, 52,126,118,  5,109,183,169, 49,209, 23,  4,215,
+ 20, 88, 58, 97,222, 27, 17, 28, 50, 15,156, 22, 83, 24,242, 34,
+254, 68,207,178,195,181,122,145, 36,  8,232,168, 96,252,105, 80,
+170,208,160,125,161,137, 98,151, 84, 91, 30,149,224,255,100,210,
+ 16,196,  0, 72,163,247,117,219,138,  3,230,218,  9, 63,221,148,
+135, 92,131,  2,205, 74,144, 51,115,103,246,243,157,127,191,226,
+ 82,155,216, 38,200, 55,198, 59,129,150,111, 75, 19,190, 99, 46,
+233,121,167,140,159,110,188,142, 41,245,249,182, 47,253,180, 89,
+120,152,  6,106,231, 70,113,186,212, 37,171, 66,136,162,141,250,
+114,  7,185, 85,248,238,172, 10, 54, 73, 42,104, 60, 56,241,164,
+ 64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158);
+
+sub S1110 { my $i=shift; $i=@SBOX[$i]; $i=$i<<24|$i<<16|$i<<8; sprintf("0x%08x",$i); }
+sub S4404 { my $i=shift; $i=($i<<1|$i>>7)&0xff; $i=@SBOX[$i]; $i=$i<<24|$i<<16|$i; sprintf("0x%08x",$i); }
+sub S0222 { my $i=shift; $i=@SBOX[$i]; $i=($i<<1|$i>>7)&0xff; $i=$i<<16|$i<<8|$i; sprintf("0x%08x",$i); }
+sub S3033 { my $i=shift; $i=@SBOX[$i]; $i=($i>>1|$i<<7)&0xff; $i=$i<<24|$i<<8|$i; sprintf("0x%08x",$i); }
+
+$code.=<<___;
+.align	64
+.LCamellia_SIGMA:
+.long	0x3bcc908b, 0xa09e667f, 0x4caa73b2, 0xb67ae858
+.long	0xe94f82be, 0xc6ef372f, 0xf1d36f1c, 0x54ff53a5
+.long	0xde682d1d, 0x10e527fa, 0xb3e6c1fd, 0xb05688c2
+.long	0,          0,          0,          0
+.LCamellia_SBOX:
+___
+# tables are interleaved, remember?
+sub data_word { $code.=".long\t".join(',',@_)."\n"; }
+for ($i=0;$i<256;$i++) { &data_word(&S1110($i),&S4404($i)); }
+for ($i=0;$i<256;$i++) { &data_word(&S0222($i),&S3033($i)); }
+
+# void Camellia_cbc_encrypt (const void char *inp, unsigned char *out,
+#			size_t length, const CAMELLIA_KEY *key,
+#			unsigned char *ivp,const int enc);
+{
+$_key="0(%rsp)";
+$_end="8(%rsp)";	# inp+len&~15
+$_res="16(%rsp)";	# len&15
+$ivec="24(%rsp)";
+$_ivp="40(%rsp)";
+$_rsp="48(%rsp)";
+
+$code.=<<___;
+.globl	Camellia_cbc_encrypt
+.type	Camellia_cbc_encrypt,\@function,6
+.align	16
+Camellia_cbc_encrypt:
+.cfi_startproc
+	cmp	\$0,%rdx
+	je	.Lcbc_abort
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+.Lcbc_prologue:
+
+	mov	%rsp,%rbp
+.cfi_def_cfa_register	%rbp
+	sub	\$64,%rsp
+	and	\$-64,%rsp
+
+	# place stack frame just "above mod 1024" the key schedule,
+	# this ensures that cache associativity suffices
+	lea	-64-63(%rcx),%r10
+	sub	%rsp,%r10
+	neg	%r10
+	and	\$0x3C0,%r10
+	sub	%r10,%rsp
+	#add	\$8,%rsp		# 8 is reserved for callee's ra
+
+	mov	%rdi,$inp		# inp argument
+	mov	%rsi,$out		# out argument
+	mov	%r8,%rbx		# ivp argument
+	mov	%rcx,$key		# key argument
+	mov	272(%rcx),${keyend}d	# grandRounds
+
+	mov	%r8,$_ivp
+	mov	%rbp,$_rsp
+.cfi_cfa_expression	$_rsp,deref,+56
+
+.Lcbc_body:
+	lea	.LCamellia_SBOX(%rip),$Tbl
+
+	mov	\$32,%ecx
+.align	4
+.Lcbc_prefetch_sbox:
+	mov	0($Tbl),%rax
+	mov	32($Tbl),%rsi
+	mov	64($Tbl),%rdi
+	mov	96($Tbl),%r11
+	lea	128($Tbl),$Tbl
+	loop	.Lcbc_prefetch_sbox
+	sub	\$4096,$Tbl
+	shl	\$6,$keyend
+	mov	%rdx,%rcx		# len argument
+	lea	($key,$keyend),$keyend
+
+	cmp	\$0,%r9d		# enc argument
+	je	.LCBC_DECRYPT
+
+	and	\$-16,%rdx
+	and	\$15,%rcx		# length residue
+	lea	($inp,%rdx),%rdx
+	mov	$key,$_key
+	mov	%rdx,$_end
+	mov	%rcx,$_res
+
+	cmp	$inp,%rdx
+	mov	0(%rbx),@S[0]		# load IV
+	mov	4(%rbx),@S[1]
+	mov	8(%rbx),@S[2]
+	mov	12(%rbx),@S[3]
+	je	.Lcbc_enc_tail
+	jmp	.Lcbc_eloop
+
+.align	16
+.Lcbc_eloop:
+	xor	0($inp),@S[0]
+	xor	4($inp),@S[1]
+	xor	8($inp),@S[2]
+	bswap	@S[0]
+	xor	12($inp),@S[3]
+	bswap	@S[1]
+	bswap	@S[2]
+	bswap	@S[3]
+
+	call	_x86_64_Camellia_encrypt
+
+	mov	$_key,$key		# "rewind" the key
+	bswap	@S[0]
+	mov	$_end,%rdx
+	bswap	@S[1]
+	mov	$_res,%rcx
+	bswap	@S[2]
+	mov	@S[0],0($out)
+	bswap	@S[3]
+	mov	@S[1],4($out)
+	mov	@S[2],8($out)
+	lea	16($inp),$inp
+	mov	@S[3],12($out)
+	cmp	%rdx,$inp
+	lea	16($out),$out
+	jne	.Lcbc_eloop
+
+	cmp	\$0,%rcx
+	jne	.Lcbc_enc_tail
+
+	mov	$_ivp,$out
+	mov	@S[0],0($out)		# write out IV residue
+	mov	@S[1],4($out)
+	mov	@S[2],8($out)
+	mov	@S[3],12($out)
+	jmp	.Lcbc_done
+
+.align	16
+.Lcbc_enc_tail:
+	xor	%rax,%rax
+	mov	%rax,0+$ivec
+	mov	%rax,8+$ivec
+	mov	%rax,$_res
+
+.Lcbc_enc_pushf:
+	pushfq
+	cld
+	mov	$inp,%rsi
+	lea	8+$ivec,%rdi
+	.long	0x9066A4F3		# rep movsb
+	popfq
+.Lcbc_enc_popf:
+
+	lea	$ivec,$inp
+	lea	16+$ivec,%rax
+	mov	%rax,$_end
+	jmp	.Lcbc_eloop		# one more time
+
+.align	16
+.LCBC_DECRYPT:
+	xchg	$key,$keyend
+	add	\$15,%rdx
+	and	\$15,%rcx		# length residue
+	and	\$-16,%rdx
+	mov	$key,$_key
+	lea	($inp,%rdx),%rdx
+	mov	%rdx,$_end
+	mov	%rcx,$_res
+
+	mov	(%rbx),%rax		# load IV
+	mov	8(%rbx),%rbx
+	jmp	.Lcbc_dloop
+.align	16
+.Lcbc_dloop:
+	mov	0($inp),@S[0]
+	mov	4($inp),@S[1]
+	mov	8($inp),@S[2]
+	bswap	@S[0]
+	mov	12($inp),@S[3]
+	bswap	@S[1]
+	mov	%rax,0+$ivec		# save IV to temporary storage
+	bswap	@S[2]
+	mov	%rbx,8+$ivec
+	bswap	@S[3]
+
+	call	_x86_64_Camellia_decrypt
+
+	mov	$_key,$key		# "rewind" the key
+	mov	$_end,%rdx
+	mov	$_res,%rcx
+
+	bswap	@S[0]
+	mov	($inp),%rax		# load IV for next iteration
+	bswap	@S[1]
+	mov	8($inp),%rbx
+	bswap	@S[2]
+	xor	0+$ivec,@S[0]
+	bswap	@S[3]
+	xor	4+$ivec,@S[1]
+	xor	8+$ivec,@S[2]
+	lea	16($inp),$inp
+	xor	12+$ivec,@S[3]
+	cmp	%rdx,$inp
+	je	.Lcbc_ddone
+
+	mov	@S[0],0($out)
+	mov	@S[1],4($out)
+	mov	@S[2],8($out)
+	mov	@S[3],12($out)
+
+	lea	16($out),$out
+	jmp	.Lcbc_dloop
+
+.align	16
+.Lcbc_ddone:
+	mov	$_ivp,%rdx
+	cmp	\$0,%rcx
+	jne	.Lcbc_dec_tail
+
+	mov	@S[0],0($out)
+	mov	@S[1],4($out)
+	mov	@S[2],8($out)
+	mov	@S[3],12($out)
+
+	mov	%rax,(%rdx)		# write out IV residue
+	mov	%rbx,8(%rdx)
+	jmp	.Lcbc_done
+.align	16
+.Lcbc_dec_tail:
+	mov	@S[0],0+$ivec
+	mov	@S[1],4+$ivec
+	mov	@S[2],8+$ivec
+	mov	@S[3],12+$ivec
+
+.Lcbc_dec_pushf:
+	pushfq
+	cld
+	lea	8+$ivec,%rsi
+	lea	($out),%rdi
+	.long	0x9066A4F3		# rep movsb
+	popfq
+.Lcbc_dec_popf:
+
+	mov	%rax,(%rdx)		# write out IV residue
+	mov	%rbx,8(%rdx)
+	jmp	.Lcbc_done
+
+.align	16
+.Lcbc_done:
+	mov	$_rsp,%rcx
+.cfi_def_cfa	%rcx,56
+	mov	0(%rcx),%r15
+.cfi_restore	%r15
+	mov	8(%rcx),%r14
+.cfi_restore	%r14
+	mov	16(%rcx),%r13
+.cfi_restore	%r13
+	mov	24(%rcx),%r12
+.cfi_restore	%r12
+	mov	32(%rcx),%rbp
+.cfi_restore	%rbp
+	mov	40(%rcx),%rbx
+.cfi_restore	%rbx
+	lea	48(%rcx),%rsp
+.cfi_def_cfa	%rsp,8
+.Lcbc_abort:
+	ret
+.cfi_endproc
+.size	Camellia_cbc_encrypt,.-Camellia_cbc_encrypt
+
+.asciz	"Camellia for x86_64 by <appro\@openssl.org>"
+___
+}
+
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern	__imp_RtlVirtualUnwind
+.type	common_se_handler,\@abi-omnipotent
+.align	16
+common_se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	lea	-64(%rsp),%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# prologue label
+	cmp	%r10,%rbx		# context->Rip<prologue label
+	jb	.Lin_prologue
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lin_prologue
+
+	lea	40(%rax),%rax
+	mov	-8(%rax),%rbx
+	mov	-16(%rax),%rbp
+	mov	-24(%rax),%r13
+	mov	-32(%rax),%r14
+	mov	-40(%rax),%r15
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r13,224($context)	# restore context->R13
+	mov	%r14,232($context)	# restore context->R14
+	mov	%r15,240($context)	# restore context->R15
+
+.Lin_prologue:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	jmp	.Lcommon_seh_exit
+.size	common_se_handler,.-common_se_handler
+
+.type	cbc_se_handler,\@abi-omnipotent
+.align	16
+cbc_se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	lea	-64(%rsp),%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	lea	.Lcbc_prologue(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip<.Lcbc_prologue
+	jb	.Lin_cbc_prologue
+
+	lea	.Lcbc_body(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip<.Lcbc_body
+	jb	.Lin_cbc_frame_setup
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	lea	.Lcbc_abort(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip>=.Lcbc_abort
+	jae	.Lin_cbc_prologue
+
+	# handle pushf/popf in Camellia_cbc_encrypt
+	lea	.Lcbc_enc_pushf(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip<=.Lcbc_enc_pushf
+	jbe	.Lin_cbc_no_flag
+	lea	8(%rax),%rax
+	lea	.Lcbc_enc_popf(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip<.Lcbc_enc_popf
+	jb	.Lin_cbc_no_flag
+	lea	-8(%rax),%rax
+	lea	.Lcbc_dec_pushf(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip<=.Lcbc_dec_pushf
+	jbe	.Lin_cbc_no_flag
+	lea	8(%rax),%rax
+	lea	.Lcbc_dec_popf(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip<.Lcbc_dec_popf
+	jb	.Lin_cbc_no_flag
+	lea	-8(%rax),%rax
+
+.Lin_cbc_no_flag:
+	mov	48(%rax),%rax		# $_rsp
+	lea	48(%rax),%rax
+
+.Lin_cbc_frame_setup:
+	mov	-8(%rax),%rbx
+	mov	-16(%rax),%rbp
+	mov	-24(%rax),%r12
+	mov	-32(%rax),%r13
+	mov	-40(%rax),%r14
+	mov	-48(%rax),%r15
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+	mov	%r14,232($context)	# restore context->R14
+	mov	%r15,240($context)	# restore context->R15
+
+.Lin_cbc_prologue:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+.align	4
+.Lcommon_seh_exit:
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$`1232/8`,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	lea	64(%rsp),%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	cbc_se_handler,.-cbc_se_handler
+
+.section	.pdata
+.align	4
+	.rva	.LSEH_begin_Camellia_EncryptBlock_Rounds
+	.rva	.LSEH_end_Camellia_EncryptBlock_Rounds
+	.rva	.LSEH_info_Camellia_EncryptBlock_Rounds
+
+	.rva	.LSEH_begin_Camellia_DecryptBlock_Rounds
+	.rva	.LSEH_end_Camellia_DecryptBlock_Rounds
+	.rva	.LSEH_info_Camellia_DecryptBlock_Rounds
+
+	.rva	.LSEH_begin_Camellia_Ekeygen
+	.rva	.LSEH_end_Camellia_Ekeygen
+	.rva	.LSEH_info_Camellia_Ekeygen
+
+	.rva	.LSEH_begin_Camellia_cbc_encrypt
+	.rva	.LSEH_end_Camellia_cbc_encrypt
+	.rva	.LSEH_info_Camellia_cbc_encrypt
+
+.section	.xdata
+.align	8
+.LSEH_info_Camellia_EncryptBlock_Rounds:
+	.byte	9,0,0,0
+	.rva	common_se_handler
+	.rva	.Lenc_prologue,.Lenc_epilogue	# HandlerData[]
+.LSEH_info_Camellia_DecryptBlock_Rounds:
+	.byte	9,0,0,0
+	.rva	common_se_handler
+	.rva	.Ldec_prologue,.Ldec_epilogue	# HandlerData[]
+.LSEH_info_Camellia_Ekeygen:
+	.byte	9,0,0,0
+	.rva	common_se_handler
+	.rva	.Lkey_prologue,.Lkey_epilogue	# HandlerData[]
+.LSEH_info_Camellia_cbc_encrypt:
+	.byte	9,0,0,0
+	.rva	cbc_se_handler
+___
+}
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/asm/cmllt4-sparcv9.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/asm/cmllt4-sparcv9.pl
new file mode 100644
index 000000000..6396679a5
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/asm/cmllt4-sparcv9.pl
@@ -0,0 +1,939 @@
+#! /usr/bin/env perl
+# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by David S. Miller and Andy Polyakov.
+# The module is licensed under 2-clause BSD
+# license. October 2012. All rights reserved.
+# ====================================================================
+
+######################################################################
+# Camellia for SPARC T4.
+#
+# As with AES below results [for aligned data] are virtually identical
+# to critical path lengths for 3-cycle instruction latency:
+#
+#		128-bit key	192/256-
+# CBC encrypt	4.14/4.21(*)	5.46/5.52
+#			 (*) numbers after slash are for
+#			     misaligned data.
+#
+# As with Intel AES-NI, question is if it's possible to improve
+# performance of parallelizable modes by interleaving round
+# instructions. In Camellia every instruction is dependent on
+# previous, which means that there is place for 2 additional ones
+# in between two dependent. Can we expect 3x performance improvement?
+# At least one can argue that it should be possible to break 2x
+# barrier... For some reason not even 2x appears to be possible:
+#
+#		128-bit key	192/256-
+# CBC decrypt	2.21/2.74	2.99/3.40
+# CTR		2.15/2.68(*)	2.93/3.34
+#			 (*) numbers after slash are for
+#			     misaligned data.
+#
+# This is for 2x interleave. But compared to 1x interleave CBC decrypt
+# improved by ... 0% for 128-bit key, and 11% for 192/256-bit one.
+# So that out-of-order execution logic can take non-interleaved code
+# to 1.87x, but can't take 2x interleaved one any further. There
+# surely is some explanation... As result 3x interleave was not even
+# attempted. Instead an effort was made to share specific modes
+# implementations with AES module (therefore sparct4_modes.pl).
+#
+# To anchor to something else, software C implementation processes
+# one byte in 38 cycles with 128-bit key on same processor.
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "sparcv9_modes.pl";
+
+$output = pop;
+open STDOUT,">$output";
+
+$::evp=1;	# if $evp is set to 0, script generates module with
+# Camellia_[en|de]crypt, Camellia_set_key and Camellia_cbc_encrypt
+# entry points. These are fully compatible with openssl/camellia.h.
+
+######################################################################
+# single-round subroutines
+#
+{
+my ($inp,$out,$key,$rounds,$tmp,$mask)=map("%o$_",(0..5));
+
+$code=<<___;
+#include "sparc_arch.h"
+
+.text
+
+.globl	cmll_t4_encrypt
+.align	32
+cmll_t4_encrypt:
+	andcc		$inp, 7, %g1		! is input aligned?
+	andn		$inp, 7, $inp
+
+	ldx		[$key + 0], %g4
+	ldx		[$key + 8], %g5
+
+	ldx		[$inp + 0], %o4
+	bz,pt		%icc, 1f
+	ldx		[$inp + 8], %o5
+	ldx		[$inp + 16], $inp
+	sll		%g1, 3, %g1
+	sub		%g0, %g1, %o3
+	sllx		%o4, %g1, %o4
+	sllx		%o5, %g1, %g1
+	srlx		%o5, %o3, %o5
+	srlx		$inp, %o3, %o3
+	or		%o5, %o4, %o4
+	or		%o3, %g1, %o5
+1:
+	ld		[$key + 272], $rounds	! grandRounds, 3 or 4
+	ldd		[$key + 16], %f12
+	ldd		[$key + 24], %f14
+	xor		%g4, %o4, %o4
+	xor		%g5, %o5, %o5
+	ldd		[$key + 32], %f16
+	ldd		[$key + 40], %f18
+	movxtod		%o4, %f0
+	movxtod		%o5, %f2
+	ldd		[$key + 48], %f20
+	ldd		[$key + 56], %f22
+	sub		$rounds, 1, $rounds
+	ldd		[$key + 64], %f24
+	ldd		[$key + 72], %f26
+	add		$key, 80, $key
+
+.Lenc:
+	camellia_f	%f12, %f2, %f0, %f2
+	ldd		[$key + 0], %f12
+	sub		$rounds,1,$rounds
+	camellia_f	%f14, %f0, %f2, %f0
+	ldd		[$key + 8], %f14
+	camellia_f	%f16, %f2, %f0, %f2
+	ldd		[$key + 16], %f16
+	camellia_f	%f18, %f0, %f2, %f0
+	ldd		[$key + 24], %f18
+	camellia_f	%f20, %f2, %f0, %f2
+	ldd		[$key + 32], %f20
+	camellia_f	%f22, %f0, %f2, %f0
+	ldd		[$key + 40], %f22
+	camellia_fl	%f24, %f0, %f0
+	ldd		[$key + 48], %f24
+	camellia_fli	%f26, %f2, %f2
+	ldd		[$key + 56], %f26
+	brnz,pt		$rounds, .Lenc
+	add		$key, 64, $key
+
+	andcc		$out, 7, $tmp		! is output aligned?
+	camellia_f	%f12, %f2, %f0, %f2
+	camellia_f	%f14, %f0, %f2, %f0
+	camellia_f	%f16, %f2, %f0, %f2
+	camellia_f	%f18, %f0, %f2, %f0
+	camellia_f	%f20, %f2, %f0, %f4
+	camellia_f	%f22, %f0, %f4, %f2
+	fxor		%f24, %f4, %f0
+	fxor		%f26, %f2, %f2
+
+	bnz,pn		%icc, 2f
+	nop
+
+	std		%f0, [$out + 0]
+	retl
+	std		%f2, [$out + 8]
+
+2:	alignaddrl	$out, %g0, $out
+	mov		0xff, $mask
+	srl		$mask, $tmp, $mask
+
+	faligndata	%f0, %f0, %f4
+	faligndata	%f0, %f2, %f6
+	faligndata	%f2, %f2, %f8
+
+	stda		%f4, [$out + $mask]0xc0	! partial store
+	std		%f6, [$out + 8]
+	add		$out, 16, $out
+	orn		%g0, $mask, $mask
+	retl
+	stda		%f8, [$out + $mask]0xc0	! partial store
+.type	cmll_t4_encrypt,#function
+.size	cmll_t4_encrypt,.-cmll_t4_encrypt
+
+.globl	cmll_t4_decrypt
+.align	32
+cmll_t4_decrypt:
+	ld		[$key + 272], $rounds	! grandRounds, 3 or 4
+	andcc		$inp, 7, %g1		! is input aligned?
+	andn		$inp, 7, $inp
+
+	sll		$rounds, 6, $rounds
+	add		$rounds, $key, $key
+
+	ldx		[$inp + 0], %o4
+	bz,pt		%icc, 1f
+	ldx		[$inp + 8], %o5
+	ldx		[$inp + 16], $inp
+	sll		%g1, 3, %g1
+	sub		%g0, %g1, %g4
+	sllx		%o4, %g1, %o4
+	sllx		%o5, %g1, %g1
+	srlx		%o5, %g4, %o5
+	srlx		$inp, %g4, %g4
+	or		%o5, %o4, %o4
+	or		%g4, %g1, %o5
+1:
+	ldx		[$key + 0], %g4
+	ldx		[$key + 8], %g5
+	ldd		[$key - 8], %f12
+	ldd		[$key - 16], %f14
+	xor		%g4, %o4, %o4
+	xor		%g5, %o5, %o5
+	ldd		[$key - 24], %f16
+	ldd		[$key - 32], %f18
+	movxtod		%o4, %f0
+	movxtod		%o5, %f2
+	ldd		[$key - 40], %f20
+	ldd		[$key - 48], %f22
+	sub		$rounds, 64, $rounds
+	ldd		[$key - 56], %f24
+	ldd		[$key - 64], %f26
+	sub		$key, 64, $key
+
+.Ldec:
+	camellia_f	%f12, %f2, %f0, %f2
+	ldd		[$key - 8], %f12
+	sub		$rounds, 64, $rounds
+	camellia_f	%f14, %f0, %f2, %f0
+	ldd		[$key - 16], %f14
+	camellia_f	%f16, %f2, %f0, %f2
+	ldd		[$key - 24], %f16
+	camellia_f	%f18, %f0, %f2, %f0
+	ldd		[$key - 32], %f18
+	camellia_f	%f20, %f2, %f0, %f2
+	ldd		[$key - 40], %f20
+	camellia_f	%f22, %f0, %f2, %f0
+	ldd		[$key - 48], %f22
+	camellia_fl	%f24, %f0, %f0
+	ldd		[$key - 56], %f24
+	camellia_fli	%f26, %f2, %f2
+	ldd		[$key - 64], %f26
+	brnz,pt		$rounds, .Ldec
+	sub		$key, 64, $key
+
+	andcc		$out, 7, $tmp		! is output aligned?
+	camellia_f	%f12, %f2, %f0, %f2
+	camellia_f	%f14, %f0, %f2, %f0
+	camellia_f	%f16, %f2, %f0, %f2
+	camellia_f	%f18, %f0, %f2, %f0
+	camellia_f	%f20, %f2, %f0, %f4
+	camellia_f	%f22, %f0, %f4, %f2
+	fxor		%f26, %f4, %f0
+	fxor		%f24, %f2, %f2
+
+	bnz,pn		%icc, 2f
+	nop
+
+	std		%f0, [$out + 0]
+	retl
+	std		%f2, [$out + 8]
+
+2:	alignaddrl	$out, %g0, $out
+	mov		0xff, $mask
+	srl		$mask, $tmp, $mask
+
+	faligndata	%f0, %f0, %f4
+	faligndata	%f0, %f2, %f6
+	faligndata	%f2, %f2, %f8
+
+	stda		%f4, [$out + $mask]0xc0	! partial store
+	std		%f6, [$out + 8]
+	add		$out, 16, $out
+	orn		%g0, $mask, $mask
+	retl
+	stda		%f8, [$out + $mask]0xc0	! partial store
+.type	cmll_t4_decrypt,#function
+.size	cmll_t4_decrypt,.-cmll_t4_decrypt
+___
+}
+
+######################################################################
+# key setup subroutines
+#
+{
+sub ROTL128 {
+  my $rot = shift;
+
+	"srlx	%o4, 64-$rot, %g4\n\t".
+	"sllx	%o4, $rot, %o4\n\t".
+	"srlx	%o5, 64-$rot, %g5\n\t".
+	"sllx	%o5, $rot, %o5\n\t".
+	"or	%o4, %g5, %o4\n\t".
+	"or	%o5, %g4, %o5";
+}
+
+my ($inp,$bits,$out,$tmp)=map("%o$_",(0..5));
+$code.=<<___;
+.globl	cmll_t4_set_key
+.align	32
+cmll_t4_set_key:
+	and		$inp, 7, $tmp
+	alignaddr	$inp, %g0, $inp
+	cmp		$bits, 192
+	ldd		[$inp + 0], %f0
+	bl,pt		%icc,.L128
+	ldd		[$inp + 8], %f2
+
+	be,pt		%icc,.L192
+	ldd		[$inp + 16], %f4
+
+	brz,pt		$tmp, .L256aligned
+	ldd		[$inp + 24], %f6
+
+	ldd		[$inp + 32], %f8
+	faligndata	%f0, %f2, %f0
+	faligndata	%f2, %f4, %f2
+	faligndata	%f4, %f6, %f4
+	b		.L256aligned
+	faligndata	%f6, %f8, %f6
+
+.align	16
+.L192:
+	brz,a,pt	$tmp, .L256aligned
+	fnot2		%f4, %f6
+
+	ldd		[$inp + 24], %f6
+	nop
+	faligndata	%f0, %f2, %f0
+	faligndata	%f2, %f4, %f2
+	faligndata	%f4, %f6, %f4
+	fnot2		%f4, %f6
+
+.L256aligned:
+	std		%f0, [$out + 0]		! k[0, 1]
+	fsrc2		%f0, %f28
+	std		%f2, [$out + 8]		! k[2, 3]
+	fsrc2		%f2, %f30
+	fxor		%f4, %f0, %f0
+	b		.L128key
+	fxor		%f6, %f2, %f2
+
+.align	16
+.L128:
+	brz,pt		$tmp, .L128aligned
+	nop
+
+	ldd		[$inp + 16], %f4
+	nop
+	faligndata	%f0, %f2, %f0
+	faligndata	%f2, %f4, %f2
+
+.L128aligned:
+	std		%f0, [$out + 0]		! k[0, 1]
+	fsrc2		%f0, %f28
+	std		%f2, [$out + 8]		! k[2, 3]
+	fsrc2		%f2, %f30
+
+.L128key:
+	mov		%o7, %o5
+1:	call		.+8
+	add		%o7, SIGMA-1b, %o4
+	mov		%o5, %o7
+
+	ldd		[%o4 + 0], %f16
+	ldd		[%o4 + 8], %f18
+	ldd		[%o4 + 16], %f20
+	ldd		[%o4 + 24], %f22
+
+	camellia_f	%f16, %f2, %f0, %f2
+	camellia_f	%f18, %f0, %f2, %f0
+	fxor		%f28, %f0, %f0
+	fxor		%f30, %f2, %f2
+	camellia_f	%f20, %f2, %f0, %f2
+	camellia_f	%f22, %f0, %f2, %f0
+
+	bge,pn		%icc, .L256key
+	nop
+	std	%f0, [$out + 0x10]	! k[ 4,  5]
+	std	%f2, [$out + 0x18]	! k[ 6,  7]
+
+	movdtox	%f0, %o4
+	movdtox	%f2, %o5
+	`&ROTL128(15)`
+	stx	%o4, [$out + 0x30]	! k[12, 13]
+	stx	%o5, [$out + 0x38]	! k[14, 15]
+	`&ROTL128(15)`
+	stx	%o4, [$out + 0x40]	! k[16, 17]
+	stx	%o5, [$out + 0x48]	! k[18, 19]
+	`&ROTL128(15)`
+	stx	%o4, [$out + 0x60]	! k[24, 25]
+	`&ROTL128(15)`
+	stx	%o4, [$out + 0x70]	! k[28, 29]
+	stx	%o5, [$out + 0x78]	! k[30, 31]
+	`&ROTL128(34)`
+	stx	%o4, [$out + 0xa0]	! k[40, 41]
+	stx	%o5, [$out + 0xa8]	! k[42, 43]
+	`&ROTL128(17)`
+	stx	%o4, [$out + 0xc0]	! k[48, 49]
+	stx	%o5, [$out + 0xc8]	! k[50, 51]
+
+	movdtox	%f28, %o4		! k[ 0,  1]
+	movdtox	%f30, %o5		! k[ 2,  3]
+	`&ROTL128(15)`
+	stx	%o4, [$out + 0x20]	! k[ 8,  9]
+	stx	%o5, [$out + 0x28]	! k[10, 11]
+	`&ROTL128(30)`
+	stx	%o4, [$out + 0x50]	! k[20, 21]
+	stx	%o5, [$out + 0x58]	! k[22, 23]
+	`&ROTL128(15)`
+	stx	%o5, [$out + 0x68]	! k[26, 27]
+	`&ROTL128(17)`
+	stx	%o4, [$out + 0x80]	! k[32, 33]
+	stx	%o5, [$out + 0x88]	! k[34, 35]
+	`&ROTL128(17)`
+	stx	%o4, [$out + 0x90]	! k[36, 37]
+	stx	%o5, [$out + 0x98]	! k[38, 39]
+	`&ROTL128(17)`
+	stx	%o4, [$out + 0xb0]	! k[44, 45]
+	stx	%o5, [$out + 0xb8]	! k[46, 47]
+
+	mov		3, $tmp
+	st		$tmp, [$out + 0x110]
+	retl
+	xor		%o0, %o0, %o0
+
+.align	16
+.L256key:
+	ldd		[%o4 + 32], %f24
+	ldd		[%o4 + 40], %f26
+
+	std		%f0, [$out + 0x30]	! k[12, 13]
+	std		%f2, [$out + 0x38]	! k[14, 15]
+
+	fxor		%f4, %f0, %f0
+	fxor		%f6, %f2, %f2
+	camellia_f	%f24, %f2, %f0, %f2
+	camellia_f	%f26, %f0, %f2, %f0
+
+	std	%f0, [$out + 0x10]	! k[ 4,  5]
+	std	%f2, [$out + 0x18]	! k[ 6,  7]
+
+	movdtox	%f0, %o4
+	movdtox	%f2, %o5
+	`&ROTL128(30)`
+	stx	%o4, [$out + 0x50]	! k[20, 21]
+	stx	%o5, [$out + 0x58]	! k[22, 23]
+	`&ROTL128(30)`
+	stx	%o4, [$out + 0xa0]	! k[40, 41]
+	stx	%o5, [$out + 0xa8]	! k[42, 43]
+	`&ROTL128(51)`
+	stx	%o4, [$out + 0x100]	! k[64, 65]
+	stx	%o5, [$out + 0x108]	! k[66, 67]
+
+	movdtox	%f4, %o4		! k[ 8,  9]
+	movdtox	%f6, %o5		! k[10, 11]
+	`&ROTL128(15)`
+	stx	%o4, [$out + 0x20]	! k[ 8,  9]
+	stx	%o5, [$out + 0x28]	! k[10, 11]
+	`&ROTL128(15)`
+	stx	%o4, [$out + 0x40]	! k[16, 17]
+	stx	%o5, [$out + 0x48]	! k[18, 19]
+	`&ROTL128(30)`
+	stx	%o4, [$out + 0x90]	! k[36, 37]
+	stx	%o5, [$out + 0x98]	! k[38, 39]
+	`&ROTL128(34)`
+	stx	%o4, [$out + 0xd0]	! k[52, 53]
+	stx	%o5, [$out + 0xd8]	! k[54, 55]
+	ldx	[$out + 0x30], %o4	! k[12, 13]
+	ldx	[$out + 0x38], %o5	! k[14, 15]
+	`&ROTL128(15)`
+	stx	%o4, [$out + 0x30]	! k[12, 13]
+	stx	%o5, [$out + 0x38]	! k[14, 15]
+	`&ROTL128(30)`
+	stx	%o4, [$out + 0x70]	! k[28, 29]
+	stx	%o5, [$out + 0x78]	! k[30, 31]
+	srlx	%o4, 32, %g4
+	srlx	%o5, 32, %g5
+	st	%o4, [$out + 0xc0]	! k[48]
+	st	%g5, [$out + 0xc4]	! k[49]
+	st	%o5, [$out + 0xc8]	! k[50]
+	st	%g4, [$out + 0xcc]	! k[51]
+	`&ROTL128(49)`
+	stx	%o4, [$out + 0xe0]	! k[56, 57]
+	stx	%o5, [$out + 0xe8]	! k[58, 59]
+
+	movdtox	%f28, %o4		! k[ 0,  1]
+	movdtox	%f30, %o5		! k[ 2,  3]
+	`&ROTL128(45)`
+	stx	%o4, [$out + 0x60]	! k[24, 25]
+	stx	%o5, [$out + 0x68]	! k[26, 27]
+	`&ROTL128(15)`
+	stx	%o4, [$out + 0x80]	! k[32, 33]
+	stx	%o5, [$out + 0x88]	! k[34, 35]
+	`&ROTL128(17)`
+	stx	%o4, [$out + 0xb0]	! k[44, 45]
+	stx	%o5, [$out + 0xb8]	! k[46, 47]
+	`&ROTL128(34)`
+	stx	%o4, [$out + 0xf0]	! k[60, 61]
+	stx	%o5, [$out + 0xf8]	! k[62, 63]
+
+	mov		4, $tmp
+	st		$tmp, [$out + 0x110]
+	retl
+	xor		%o0, %o0, %o0
+.type	cmll_t4_set_key,#function
+.size	cmll_t4_set_key,.-cmll_t4_set_key
+.align	32
+SIGMA:
+	.long	0xa09e667f, 0x3bcc908b, 0xb67ae858, 0x4caa73b2
+	.long	0xc6ef372f, 0xe94f82be, 0x54ff53a5, 0xf1d36f1c
+	.long	0x10e527fa, 0xde682d1d, 0xb05688c2, 0xb3e6c1fd
+.type	SIGMA,#object
+.size	SIGMA,.-SIGMA
+.asciz	"Camellia for SPARC T4, David S. Miller, Andy Polyakov"
+___
+}
+
+{{{
+my ($inp,$out,$len,$key,$ivec,$enc)=map("%i$_",(0..5));
+my ($ileft,$iright,$ooff,$omask,$ivoff)=map("%l$_",(1..7));
+
+$code.=<<___;
+.align	32
+_cmll128_load_enckey:
+	ldx		[$key + 0], %g4
+	ldx		[$key + 8], %g5
+___
+for ($i=2; $i<26;$i++) {			# load key schedule
+    $code.=<<___;
+	ldd		[$key + `8*$i`], %f`12+2*$i`
+___
+}
+$code.=<<___;
+	retl
+	nop
+.type	_cmll128_load_enckey,#function
+.size	_cmll128_load_enckey,.-_cmll128_load_enckey
+_cmll256_load_enckey=_cmll128_load_enckey
+
+.align	32
+_cmll256_load_deckey:
+	ldd		[$key + 64], %f62
+	ldd		[$key + 72], %f60
+	b		.Load_deckey
+	add		$key, 64, $key
+_cmll128_load_deckey:
+	ldd		[$key + 0], %f60
+	ldd		[$key + 8], %f62
+.Load_deckey:
+___
+for ($i=2; $i<24;$i++) {			# load key schedule
+    $code.=<<___;
+	ldd		[$key + `8*$i`], %f`62-2*$i`
+___
+}
+$code.=<<___;
+	ldx		[$key + 192], %g4
+	retl
+	ldx		[$key + 200], %g5
+.type	_cmll256_load_deckey,#function
+.size	_cmll256_load_deckey,.-_cmll256_load_deckey
+
+.align	32
+_cmll128_encrypt_1x:
+___
+for ($i=0; $i<3; $i++) {
+    $code.=<<___;
+	camellia_f	%f`16+16*$i+0`, %f2, %f0, %f2
+	camellia_f	%f`16+16*$i+2`, %f0, %f2, %f0
+	camellia_f	%f`16+16*$i+4`, %f2, %f0, %f2
+	camellia_f	%f`16+16*$i+6`, %f0, %f2, %f0
+___
+$code.=<<___ if ($i<2);
+	camellia_f	%f`16+16*$i+8`, %f2, %f0, %f2
+	camellia_f	%f`16+16*$i+10`, %f0, %f2, %f0
+	camellia_fl	%f`16+16*$i+12`, %f0,      %f0
+	camellia_fli	%f`16+16*$i+14`, %f2,      %f2
+___
+}
+$code.=<<___;
+	camellia_f	%f56, %f2, %f0, %f4
+	camellia_f	%f58, %f0, %f4, %f2
+	fxor		%f60, %f4, %f0
+	retl
+	fxor		%f62, %f2, %f2
+.type	_cmll128_encrypt_1x,#function
+.size	_cmll128_encrypt_1x,.-_cmll128_encrypt_1x
+_cmll128_decrypt_1x=_cmll128_encrypt_1x
+
+.align	32
+_cmll128_encrypt_2x:
+___
+for ($i=0; $i<3; $i++) {
+    $code.=<<___;
+	camellia_f	%f`16+16*$i+0`, %f2, %f0, %f2
+	camellia_f	%f`16+16*$i+0`, %f6, %f4, %f6
+	camellia_f	%f`16+16*$i+2`, %f0, %f2, %f0
+	camellia_f	%f`16+16*$i+2`, %f4, %f6, %f4
+	camellia_f	%f`16+16*$i+4`, %f2, %f0, %f2
+	camellia_f	%f`16+16*$i+4`, %f6, %f4, %f6
+	camellia_f	%f`16+16*$i+6`, %f0, %f2, %f0
+	camellia_f	%f`16+16*$i+6`, %f4, %f6, %f4
+___
+$code.=<<___ if ($i<2);
+	camellia_f	%f`16+16*$i+8`, %f2, %f0, %f2
+	camellia_f	%f`16+16*$i+8`, %f6, %f4, %f6
+	camellia_f	%f`16+16*$i+10`, %f0, %f2, %f0
+	camellia_f	%f`16+16*$i+10`, %f4, %f6, %f4
+	camellia_fl	%f`16+16*$i+12`, %f0,      %f0
+	camellia_fl	%f`16+16*$i+12`, %f4,      %f4
+	camellia_fli	%f`16+16*$i+14`, %f2,      %f2
+	camellia_fli	%f`16+16*$i+14`, %f6,      %f6
+___
+}
+$code.=<<___;
+	camellia_f	%f56, %f2, %f0, %f8
+	camellia_f	%f56, %f6, %f4, %f10
+	camellia_f	%f58, %f0, %f8, %f2
+	camellia_f	%f58, %f4, %f10, %f6
+	fxor		%f60, %f8, %f0
+	fxor		%f60, %f10, %f4
+	fxor		%f62, %f2, %f2
+	retl
+	fxor		%f62, %f6, %f6
+.type	_cmll128_encrypt_2x,#function
+.size	_cmll128_encrypt_2x,.-_cmll128_encrypt_2x
+_cmll128_decrypt_2x=_cmll128_encrypt_2x
+
+.align	32
+_cmll256_encrypt_1x:
+	camellia_f	%f16, %f2, %f0, %f2
+	camellia_f	%f18, %f0, %f2, %f0
+	ldd		[$key + 208], %f16
+	ldd		[$key + 216], %f18
+	camellia_f	%f20, %f2, %f0, %f2
+	camellia_f	%f22, %f0, %f2, %f0
+	ldd		[$key + 224], %f20
+	ldd		[$key + 232], %f22
+	camellia_f	%f24, %f2, %f0, %f2
+	camellia_f	%f26, %f0, %f2, %f0
+	ldd		[$key + 240], %f24
+	ldd		[$key + 248], %f26
+	camellia_fl	%f28, %f0, %f0
+	camellia_fli	%f30, %f2, %f2
+	ldd		[$key + 256], %f28
+	ldd		[$key + 264], %f30
+___
+for ($i=1; $i<3; $i++) {
+    $code.=<<___;
+	camellia_f	%f`16+16*$i+0`, %f2, %f0, %f2
+	camellia_f	%f`16+16*$i+2`, %f0, %f2, %f0
+	camellia_f	%f`16+16*$i+4`, %f2, %f0, %f2
+	camellia_f	%f`16+16*$i+6`, %f0, %f2, %f0
+	camellia_f	%f`16+16*$i+8`, %f2, %f0, %f2
+	camellia_f	%f`16+16*$i+10`, %f0, %f2, %f0
+	camellia_fl	%f`16+16*$i+12`, %f0,      %f0
+	camellia_fli	%f`16+16*$i+14`, %f2,      %f2
+___
+}
+$code.=<<___;
+	camellia_f	%f16, %f2, %f0, %f2
+	camellia_f	%f18, %f0, %f2, %f0
+	ldd		[$key + 16], %f16
+	ldd		[$key + 24], %f18
+	camellia_f	%f20, %f2, %f0, %f2
+	camellia_f	%f22, %f0, %f2, %f0
+	ldd		[$key + 32], %f20
+	ldd		[$key + 40], %f22
+	camellia_f	%f24, %f2, %f0, %f4
+	camellia_f	%f26, %f0, %f4, %f2
+	ldd		[$key + 48], %f24
+	ldd		[$key + 56], %f26
+	fxor		%f28, %f4, %f0
+	fxor		%f30, %f2, %f2
+	ldd		[$key + 64], %f28
+	retl
+	ldd		[$key + 72], %f30
+.type	_cmll256_encrypt_1x,#function
+.size	_cmll256_encrypt_1x,.-_cmll256_encrypt_1x
+
+.align	32
+_cmll256_encrypt_2x:
+	camellia_f	%f16, %f2, %f0, %f2
+	camellia_f	%f16, %f6, %f4, %f6
+	camellia_f	%f18, %f0, %f2, %f0
+	camellia_f	%f18, %f4, %f6, %f4
+	ldd		[$key + 208], %f16
+	ldd		[$key + 216], %f18
+	camellia_f	%f20, %f2, %f0, %f2
+	camellia_f	%f20, %f6, %f4, %f6
+	camellia_f	%f22, %f0, %f2, %f0
+	camellia_f	%f22, %f4, %f6, %f4
+	ldd		[$key + 224], %f20
+	ldd		[$key + 232], %f22
+	camellia_f	%f24, %f2, %f0, %f2
+	camellia_f	%f24, %f6, %f4, %f6
+	camellia_f	%f26, %f0, %f2, %f0
+	camellia_f	%f26, %f4, %f6, %f4
+	ldd		[$key + 240], %f24
+	ldd		[$key + 248], %f26
+	camellia_fl	%f28, %f0, %f0
+	camellia_fl	%f28, %f4, %f4
+	camellia_fli	%f30, %f2, %f2
+	camellia_fli	%f30, %f6, %f6
+	ldd		[$key + 256], %f28
+	ldd		[$key + 264], %f30
+___
+for ($i=1; $i<3; $i++) {
+    $code.=<<___;
+	camellia_f	%f`16+16*$i+0`, %f2, %f0, %f2
+	camellia_f	%f`16+16*$i+0`, %f6, %f4, %f6
+	camellia_f	%f`16+16*$i+2`, %f0, %f2, %f0
+	camellia_f	%f`16+16*$i+2`, %f4, %f6, %f4
+	camellia_f	%f`16+16*$i+4`, %f2, %f0, %f2
+	camellia_f	%f`16+16*$i+4`, %f6, %f4, %f6
+	camellia_f	%f`16+16*$i+6`, %f0, %f2, %f0
+	camellia_f	%f`16+16*$i+6`, %f4, %f6, %f4
+	camellia_f	%f`16+16*$i+8`, %f2, %f0, %f2
+	camellia_f	%f`16+16*$i+8`, %f6, %f4, %f6
+	camellia_f	%f`16+16*$i+10`, %f0, %f2, %f0
+	camellia_f	%f`16+16*$i+10`, %f4, %f6, %f4
+	camellia_fl	%f`16+16*$i+12`, %f0,      %f0
+	camellia_fl	%f`16+16*$i+12`, %f4,      %f4
+	camellia_fli	%f`16+16*$i+14`, %f2,      %f2
+	camellia_fli	%f`16+16*$i+14`, %f6,      %f6
+___
+}
+$code.=<<___;
+	camellia_f	%f16, %f2, %f0, %f2
+	camellia_f	%f16, %f6, %f4, %f6
+	camellia_f	%f18, %f0, %f2, %f0
+	camellia_f	%f18, %f4, %f6, %f4
+	ldd		[$key + 16], %f16
+	ldd		[$key + 24], %f18
+	camellia_f	%f20, %f2, %f0, %f2
+	camellia_f	%f20, %f6, %f4, %f6
+	camellia_f	%f22, %f0, %f2, %f0
+	camellia_f	%f22, %f4, %f6, %f4
+	ldd		[$key + 32], %f20
+	ldd		[$key + 40], %f22
+	camellia_f	%f24, %f2, %f0, %f8
+	camellia_f	%f24, %f6, %f4, %f10
+	camellia_f	%f26, %f0, %f8, %f2
+	camellia_f	%f26, %f4, %f10, %f6
+	ldd		[$key + 48], %f24
+	ldd		[$key + 56], %f26
+	fxor		%f28, %f8, %f0
+	fxor		%f28, %f10, %f4
+	fxor		%f30, %f2, %f2
+	fxor		%f30, %f6, %f6
+	ldd		[$key + 64], %f28
+	retl
+	ldd		[$key + 72], %f30
+.type	_cmll256_encrypt_2x,#function
+.size	_cmll256_encrypt_2x,.-_cmll256_encrypt_2x
+
+.align	32
+_cmll256_decrypt_1x:
+	camellia_f	%f16, %f2, %f0, %f2
+	camellia_f	%f18, %f0, %f2, %f0
+	ldd		[$key - 8], %f16
+	ldd		[$key - 16], %f18
+	camellia_f	%f20, %f2, %f0, %f2
+	camellia_f	%f22, %f0, %f2, %f0
+	ldd		[$key - 24], %f20
+	ldd		[$key - 32], %f22
+	camellia_f	%f24, %f2, %f0, %f2
+	camellia_f	%f26, %f0, %f2, %f0
+	ldd		[$key - 40], %f24
+	ldd		[$key - 48], %f26
+	camellia_fl	%f28, %f0, %f0
+	camellia_fli	%f30, %f2, %f2
+	ldd		[$key - 56], %f28
+	ldd		[$key - 64], %f30
+___
+for ($i=1; $i<3; $i++) {
+    $code.=<<___;
+	camellia_f	%f`16+16*$i+0`, %f2, %f0, %f2
+	camellia_f	%f`16+16*$i+2`, %f0, %f2, %f0
+	camellia_f	%f`16+16*$i+4`, %f2, %f0, %f2
+	camellia_f	%f`16+16*$i+6`, %f0, %f2, %f0
+	camellia_f	%f`16+16*$i+8`, %f2, %f0, %f2
+	camellia_f	%f`16+16*$i+10`, %f0, %f2, %f0
+	camellia_fl	%f`16+16*$i+12`, %f0,      %f0
+	camellia_fli	%f`16+16*$i+14`, %f2,      %f2
+___
+}
+$code.=<<___;
+	camellia_f	%f16, %f2, %f0, %f2
+	camellia_f	%f18, %f0, %f2, %f0
+	ldd		[$key + 184], %f16
+	ldd		[$key + 176], %f18
+	camellia_f	%f20, %f2, %f0, %f2
+	camellia_f	%f22, %f0, %f2, %f0
+	ldd		[$key + 168], %f20
+	ldd		[$key + 160], %f22
+	camellia_f	%f24, %f2, %f0, %f4
+	camellia_f	%f26, %f0, %f4, %f2
+	ldd		[$key + 152], %f24
+	ldd		[$key + 144], %f26
+	fxor		%f30, %f4, %f0
+	fxor		%f28, %f2, %f2
+	ldd		[$key + 136], %f28
+	retl
+	ldd		[$key + 128], %f30
+.type	_cmll256_decrypt_1x,#function
+.size	_cmll256_decrypt_1x,.-_cmll256_decrypt_1x
+
+.align	32
+_cmll256_decrypt_2x:
+	camellia_f	%f16, %f2, %f0, %f2
+	camellia_f	%f16, %f6, %f4, %f6
+	camellia_f	%f18, %f0, %f2, %f0
+	camellia_f	%f18, %f4, %f6, %f4
+	ldd		[$key - 8], %f16
+	ldd		[$key - 16], %f18
+	camellia_f	%f20, %f2, %f0, %f2
+	camellia_f	%f20, %f6, %f4, %f6
+	camellia_f	%f22, %f0, %f2, %f0
+	camellia_f	%f22, %f4, %f6, %f4
+	ldd		[$key - 24], %f20
+	ldd		[$key - 32], %f22
+	camellia_f	%f24, %f2, %f0, %f2
+	camellia_f	%f24, %f6, %f4, %f6
+	camellia_f	%f26, %f0, %f2, %f0
+	camellia_f	%f26, %f4, %f6, %f4
+	ldd		[$key - 40], %f24
+	ldd		[$key - 48], %f26
+	camellia_fl	%f28, %f0, %f0
+	camellia_fl	%f28, %f4, %f4
+	camellia_fli	%f30, %f2, %f2
+	camellia_fli	%f30, %f6, %f6
+	ldd		[$key - 56], %f28
+	ldd		[$key - 64], %f30
+___
+for ($i=1; $i<3; $i++) {
+    $code.=<<___;
+	camellia_f	%f`16+16*$i+0`, %f2, %f0, %f2
+	camellia_f	%f`16+16*$i+0`, %f6, %f4, %f6
+	camellia_f	%f`16+16*$i+2`, %f0, %f2, %f0
+	camellia_f	%f`16+16*$i+2`, %f4, %f6, %f4
+	camellia_f	%f`16+16*$i+4`, %f2, %f0, %f2
+	camellia_f	%f`16+16*$i+4`, %f6, %f4, %f6
+	camellia_f	%f`16+16*$i+6`, %f0, %f2, %f0
+	camellia_f	%f`16+16*$i+6`, %f4, %f6, %f4
+	camellia_f	%f`16+16*$i+8`, %f2, %f0, %f2
+	camellia_f	%f`16+16*$i+8`, %f6, %f4, %f6
+	camellia_f	%f`16+16*$i+10`, %f0, %f2, %f0
+	camellia_f	%f`16+16*$i+10`, %f4, %f6, %f4
+	camellia_fl	%f`16+16*$i+12`, %f0,      %f0
+	camellia_fl	%f`16+16*$i+12`, %f4,      %f4
+	camellia_fli	%f`16+16*$i+14`, %f2,      %f2
+	camellia_fli	%f`16+16*$i+14`, %f6,      %f6
+___
+}
+$code.=<<___;
+	camellia_f	%f16, %f2, %f0, %f2
+	camellia_f	%f16, %f6, %f4, %f6
+	camellia_f	%f18, %f0, %f2, %f0
+	camellia_f	%f18, %f4, %f6, %f4
+	ldd		[$key + 184], %f16
+	ldd		[$key + 176], %f18
+	camellia_f	%f20, %f2, %f0, %f2
+	camellia_f	%f20, %f6, %f4, %f6
+	camellia_f	%f22, %f0, %f2, %f0
+	camellia_f	%f22, %f4, %f6, %f4
+	ldd		[$key + 168], %f20
+	ldd		[$key + 160], %f22
+	camellia_f	%f24, %f2, %f0, %f8
+	camellia_f	%f24, %f6, %f4, %f10
+	camellia_f	%f26, %f0, %f8, %f2
+	camellia_f	%f26, %f4, %f10, %f6
+	ldd		[$key + 152], %f24
+	ldd		[$key + 144], %f26
+	fxor		%f30, %f8, %f0
+	fxor		%f30, %f10, %f4
+	fxor		%f28, %f2, %f2
+	fxor		%f28, %f6, %f6
+	ldd		[$key + 136], %f28
+	retl
+	ldd		[$key + 128], %f30
+.type	_cmll256_decrypt_2x,#function
+.size	_cmll256_decrypt_2x,.-_cmll256_decrypt_2x
+___
+
+&alg_cbc_encrypt_implement("cmll",128);
+&alg_cbc_encrypt_implement("cmll",256);
+
+&alg_cbc_decrypt_implement("cmll",128);
+&alg_cbc_decrypt_implement("cmll",256);
+
+if ($::evp) {
+    &alg_ctr32_implement("cmll",128);
+    &alg_ctr32_implement("cmll",256);
+}
+}}}
+
+if (!$::evp) {
+$code.=<<___;
+.global	Camellia_encrypt
+Camellia_encrypt=cmll_t4_encrypt
+.global	Camellia_decrypt
+Camellia_decrypt=cmll_t4_decrypt
+.global	Camellia_set_key
+.align	32
+Camellia_set_key:
+	andcc		%o2, 7, %g0		! double-check alignment
+	bnz,a,pn	%icc, 1f
+	mov		-1, %o0
+	brz,a,pn	%o0, 1f
+	mov		-1, %o0
+	brz,a,pn	%o2, 1f
+	mov		-1, %o0
+	andncc		%o1, 0x1c0, %g0
+	bnz,a,pn	%icc, 1f
+	mov		-2, %o0
+	cmp		%o1, 128
+	bl,a,pn		%icc, 1f
+	mov		-2, %o0
+	b		cmll_t4_set_key
+	nop
+1:	retl
+	nop
+.type	Camellia_set_key,#function
+.size	Camellia_set_key,.-Camellia_set_key
+___
+
+my ($inp,$out,$len,$key,$ivec,$enc)=map("%o$_",(0..5));
+
+$code.=<<___;
+.globl	Camellia_cbc_encrypt
+.align	32
+Camellia_cbc_encrypt:
+	ld		[$key + 272], %g1
+	nop
+	brz		$enc, .Lcbc_decrypt
+	cmp		%g1, 3
+
+	be,pt		%icc, cmll128_t4_cbc_encrypt
+	nop
+	ba		cmll256_t4_cbc_encrypt
+	nop
+
+.Lcbc_decrypt:
+	be,pt		%icc, cmll128_t4_cbc_decrypt
+	nop
+	ba		cmll256_t4_cbc_decrypt
+	nop
+.type	Camellia_cbc_encrypt,#function
+.size	Camellia_cbc_encrypt,.-Camellia_cbc_encrypt
+___
+}
+
+&emit_assembler();
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/build.info
new file mode 100644
index 000000000..e36a19bd4
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/build.info
@@ -0,0 +1,13 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        cmll_ecb.c cmll_ofb.c cmll_cfb.c cmll_ctr.c \
+        {- $target{cmll_asm_src} -}
+
+GENERATE[cmll-x86.s]=asm/cmll-x86.pl \
+        $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) \
+        $(PROCESSOR)
+DEPEND[cmll-x86.s]=../perlasm/x86asm.pl
+GENERATE[cmll-x86_64.s]=asm/cmll-x86_64.pl $(PERLASM_SCHEME)
+GENERATE[cmllt4-sparcv9.S]=asm/cmllt4-sparcv9.pl $(PERLASM_SCHEME)
+INCLUDE[cmllt4-sparcv9.o]=..
+DEPEND[cmllt4-sparcv9.S]=../perlasm/sparcv9_modes.pl
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/camellia.c b/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/camellia.c
new file mode 100644
index 000000000..c200b8230
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/camellia.c
@@ -0,0 +1,501 @@
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) .
+ * ALL RIGHTS RESERVED.
+ *
+ * Intellectual Property information for Camellia:
+ *     http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html
+ *
+ * News Release for Announcement of Camellia open source:
+ *     http://www.ntt.co.jp/news/news06e/0604/060413a.html
+ *
+ * The Camellia Code included herein is developed by
+ * NTT (Nippon Telegraph and Telephone Corporation), and is contributed
+ * to the OpenSSL project.
+ */
+
+/*
+ * Algorithm Specification
+ * http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
+ */
+
+/*
+ * This release balances code size and performance. In particular key
+ * schedule setup is fully unrolled, because doing so *significantly*
+ * reduces amount of instructions per setup round and code increase is
+ * justifiable. In block functions on the other hand only inner loops
+ * are unrolled, as full unroll gives only nominal performance boost,
+ * while code size grows 4 or 7 times. Also, unlike previous versions
+ * this one "encourages" compiler to keep intermediate variables in
+ * registers, which should give better "all round" results, in other
+ * words reasonable performance even with not so modern compilers.
+ */
+
+#include <openssl/camellia.h>
+#include "cmll_locl.h"
+#include <string.h>
+#include <stdlib.h>
+
+#define RightRotate(x, s) ( ((x) >> (s)) + ((x) << (32 - s)) )
+#define LeftRotate(x, s)  ( ((x) << (s)) + ((x) >> (32 - s)) )
+
+#define GETU32(p)   (((u32)(p)[0] << 24) ^ ((u32)(p)[1] << 16) ^ ((u32)(p)[2] <<  8) ^ ((u32)(p)[3]))
+#define PUTU32(p,v) ((p)[0] = (u8)((v) >> 24), (p)[1] = (u8)((v) >> 16), (p)[2] = (u8)((v) >>  8), (p)[3] = (u8)(v))
+
+/* S-box data */
+#define SBOX1_1110 Camellia_SBOX[0]
+#define SBOX4_4404 Camellia_SBOX[1]
+#define SBOX2_0222 Camellia_SBOX[2]
+#define SBOX3_3033 Camellia_SBOX[3]
+static const u32 Camellia_SBOX[][256] = {
+    {0x70707000, 0x82828200, 0x2c2c2c00, 0xececec00, 0xb3b3b300, 0x27272700,
+     0xc0c0c000, 0xe5e5e500, 0xe4e4e400, 0x85858500, 0x57575700, 0x35353500,
+     0xeaeaea00, 0x0c0c0c00, 0xaeaeae00, 0x41414100, 0x23232300, 0xefefef00,
+     0x6b6b6b00, 0x93939300, 0x45454500, 0x19191900, 0xa5a5a500, 0x21212100,
+     0xededed00, 0x0e0e0e00, 0x4f4f4f00, 0x4e4e4e00, 0x1d1d1d00, 0x65656500,
+     0x92929200, 0xbdbdbd00, 0x86868600, 0xb8b8b800, 0xafafaf00, 0x8f8f8f00,
+     0x7c7c7c00, 0xebebeb00, 0x1f1f1f00, 0xcecece00, 0x3e3e3e00, 0x30303000,
+     0xdcdcdc00, 0x5f5f5f00, 0x5e5e5e00, 0xc5c5c500, 0x0b0b0b00, 0x1a1a1a00,
+     0xa6a6a600, 0xe1e1e100, 0x39393900, 0xcacaca00, 0xd5d5d500, 0x47474700,
+     0x5d5d5d00, 0x3d3d3d00, 0xd9d9d900, 0x01010100, 0x5a5a5a00, 0xd6d6d600,
+     0x51515100, 0x56565600, 0x6c6c6c00, 0x4d4d4d00, 0x8b8b8b00, 0x0d0d0d00,
+     0x9a9a9a00, 0x66666600, 0xfbfbfb00, 0xcccccc00, 0xb0b0b000, 0x2d2d2d00,
+     0x74747400, 0x12121200, 0x2b2b2b00, 0x20202000, 0xf0f0f000, 0xb1b1b100,
+     0x84848400, 0x99999900, 0xdfdfdf00, 0x4c4c4c00, 0xcbcbcb00, 0xc2c2c200,
+     0x34343400, 0x7e7e7e00, 0x76767600, 0x05050500, 0x6d6d6d00, 0xb7b7b700,
+     0xa9a9a900, 0x31313100, 0xd1d1d100, 0x17171700, 0x04040400, 0xd7d7d700,
+     0x14141400, 0x58585800, 0x3a3a3a00, 0x61616100, 0xdedede00, 0x1b1b1b00,
+     0x11111100, 0x1c1c1c00, 0x32323200, 0x0f0f0f00, 0x9c9c9c00, 0x16161600,
+     0x53535300, 0x18181800, 0xf2f2f200, 0x22222200, 0xfefefe00, 0x44444400,
+     0xcfcfcf00, 0xb2b2b200, 0xc3c3c300, 0xb5b5b500, 0x7a7a7a00, 0x91919100,
+     0x24242400, 0x08080800, 0xe8e8e800, 0xa8a8a800, 0x60606000, 0xfcfcfc00,
+     0x69696900, 0x50505000, 0xaaaaaa00, 0xd0d0d000, 0xa0a0a000, 0x7d7d7d00,
+     0xa1a1a100, 0x89898900, 0x62626200, 0x97979700, 0x54545400, 0x5b5b5b00,
+     0x1e1e1e00, 0x95959500, 0xe0e0e000, 0xffffff00, 0x64646400, 0xd2d2d200,
+     0x10101000, 0xc4c4c400, 0x00000000, 0x48484800, 0xa3a3a300, 0xf7f7f700,
+     0x75757500, 0xdbdbdb00, 0x8a8a8a00, 0x03030300, 0xe6e6e600, 0xdadada00,
+     0x09090900, 0x3f3f3f00, 0xdddddd00, 0x94949400, 0x87878700, 0x5c5c5c00,
+     0x83838300, 0x02020200, 0xcdcdcd00, 0x4a4a4a00, 0x90909000, 0x33333300,
+     0x73737300, 0x67676700, 0xf6f6f600, 0xf3f3f300, 0x9d9d9d00, 0x7f7f7f00,
+     0xbfbfbf00, 0xe2e2e200, 0x52525200, 0x9b9b9b00, 0xd8d8d800, 0x26262600,
+     0xc8c8c800, 0x37373700, 0xc6c6c600, 0x3b3b3b00, 0x81818100, 0x96969600,
+     0x6f6f6f00, 0x4b4b4b00, 0x13131300, 0xbebebe00, 0x63636300, 0x2e2e2e00,
+     0xe9e9e900, 0x79797900, 0xa7a7a700, 0x8c8c8c00, 0x9f9f9f00, 0x6e6e6e00,
+     0xbcbcbc00, 0x8e8e8e00, 0x29292900, 0xf5f5f500, 0xf9f9f900, 0xb6b6b600,
+     0x2f2f2f00, 0xfdfdfd00, 0xb4b4b400, 0x59595900, 0x78787800, 0x98989800,
+     0x06060600, 0x6a6a6a00, 0xe7e7e700, 0x46464600, 0x71717100, 0xbababa00,
+     0xd4d4d400, 0x25252500, 0xababab00, 0x42424200, 0x88888800, 0xa2a2a200,
+     0x8d8d8d00, 0xfafafa00, 0x72727200, 0x07070700, 0xb9b9b900, 0x55555500,
+     0xf8f8f800, 0xeeeeee00, 0xacacac00, 0x0a0a0a00, 0x36363600, 0x49494900,
+     0x2a2a2a00, 0x68686800, 0x3c3c3c00, 0x38383800, 0xf1f1f100, 0xa4a4a400,
+     0x40404000, 0x28282800, 0xd3d3d300, 0x7b7b7b00, 0xbbbbbb00, 0xc9c9c900,
+     0x43434300, 0xc1c1c100, 0x15151500, 0xe3e3e300, 0xadadad00, 0xf4f4f400,
+     0x77777700, 0xc7c7c700, 0x80808000, 0x9e9e9e00},
+    {0x70700070, 0x2c2c002c, 0xb3b300b3, 0xc0c000c0, 0xe4e400e4, 0x57570057,
+     0xeaea00ea, 0xaeae00ae, 0x23230023, 0x6b6b006b, 0x45450045, 0xa5a500a5,
+     0xeded00ed, 0x4f4f004f, 0x1d1d001d, 0x92920092, 0x86860086, 0xafaf00af,
+     0x7c7c007c, 0x1f1f001f, 0x3e3e003e, 0xdcdc00dc, 0x5e5e005e, 0x0b0b000b,
+     0xa6a600a6, 0x39390039, 0xd5d500d5, 0x5d5d005d, 0xd9d900d9, 0x5a5a005a,
+     0x51510051, 0x6c6c006c, 0x8b8b008b, 0x9a9a009a, 0xfbfb00fb, 0xb0b000b0,
+     0x74740074, 0x2b2b002b, 0xf0f000f0, 0x84840084, 0xdfdf00df, 0xcbcb00cb,
+     0x34340034, 0x76760076, 0x6d6d006d, 0xa9a900a9, 0xd1d100d1, 0x04040004,
+     0x14140014, 0x3a3a003a, 0xdede00de, 0x11110011, 0x32320032, 0x9c9c009c,
+     0x53530053, 0xf2f200f2, 0xfefe00fe, 0xcfcf00cf, 0xc3c300c3, 0x7a7a007a,
+     0x24240024, 0xe8e800e8, 0x60600060, 0x69690069, 0xaaaa00aa, 0xa0a000a0,
+     0xa1a100a1, 0x62620062, 0x54540054, 0x1e1e001e, 0xe0e000e0, 0x64640064,
+     0x10100010, 0x00000000, 0xa3a300a3, 0x75750075, 0x8a8a008a, 0xe6e600e6,
+     0x09090009, 0xdddd00dd, 0x87870087, 0x83830083, 0xcdcd00cd, 0x90900090,
+     0x73730073, 0xf6f600f6, 0x9d9d009d, 0xbfbf00bf, 0x52520052, 0xd8d800d8,
+     0xc8c800c8, 0xc6c600c6, 0x81810081, 0x6f6f006f, 0x13130013, 0x63630063,
+     0xe9e900e9, 0xa7a700a7, 0x9f9f009f, 0xbcbc00bc, 0x29290029, 0xf9f900f9,
+     0x2f2f002f, 0xb4b400b4, 0x78780078, 0x06060006, 0xe7e700e7, 0x71710071,
+     0xd4d400d4, 0xabab00ab, 0x88880088, 0x8d8d008d, 0x72720072, 0xb9b900b9,
+     0xf8f800f8, 0xacac00ac, 0x36360036, 0x2a2a002a, 0x3c3c003c, 0xf1f100f1,
+     0x40400040, 0xd3d300d3, 0xbbbb00bb, 0x43430043, 0x15150015, 0xadad00ad,
+     0x77770077, 0x80800080, 0x82820082, 0xecec00ec, 0x27270027, 0xe5e500e5,
+     0x85850085, 0x35350035, 0x0c0c000c, 0x41410041, 0xefef00ef, 0x93930093,
+     0x19190019, 0x21210021, 0x0e0e000e, 0x4e4e004e, 0x65650065, 0xbdbd00bd,
+     0xb8b800b8, 0x8f8f008f, 0xebeb00eb, 0xcece00ce, 0x30300030, 0x5f5f005f,
+     0xc5c500c5, 0x1a1a001a, 0xe1e100e1, 0xcaca00ca, 0x47470047, 0x3d3d003d,
+     0x01010001, 0xd6d600d6, 0x56560056, 0x4d4d004d, 0x0d0d000d, 0x66660066,
+     0xcccc00cc, 0x2d2d002d, 0x12120012, 0x20200020, 0xb1b100b1, 0x99990099,
+     0x4c4c004c, 0xc2c200c2, 0x7e7e007e, 0x05050005, 0xb7b700b7, 0x31310031,
+     0x17170017, 0xd7d700d7, 0x58580058, 0x61610061, 0x1b1b001b, 0x1c1c001c,
+     0x0f0f000f, 0x16160016, 0x18180018, 0x22220022, 0x44440044, 0xb2b200b2,
+     0xb5b500b5, 0x91910091, 0x08080008, 0xa8a800a8, 0xfcfc00fc, 0x50500050,
+     0xd0d000d0, 0x7d7d007d, 0x89890089, 0x97970097, 0x5b5b005b, 0x95950095,
+     0xffff00ff, 0xd2d200d2, 0xc4c400c4, 0x48480048, 0xf7f700f7, 0xdbdb00db,
+     0x03030003, 0xdada00da, 0x3f3f003f, 0x94940094, 0x5c5c005c, 0x02020002,
+     0x4a4a004a, 0x33330033, 0x67670067, 0xf3f300f3, 0x7f7f007f, 0xe2e200e2,
+     0x9b9b009b, 0x26260026, 0x37370037, 0x3b3b003b, 0x96960096, 0x4b4b004b,
+     0xbebe00be, 0x2e2e002e, 0x79790079, 0x8c8c008c, 0x6e6e006e, 0x8e8e008e,
+     0xf5f500f5, 0xb6b600b6, 0xfdfd00fd, 0x59590059, 0x98980098, 0x6a6a006a,
+     0x46460046, 0xbaba00ba, 0x25250025, 0x42420042, 0xa2a200a2, 0xfafa00fa,
+     0x07070007, 0x55550055, 0xeeee00ee, 0x0a0a000a, 0x49490049, 0x68680068,
+     0x38380038, 0xa4a400a4, 0x28280028, 0x7b7b007b, 0xc9c900c9, 0xc1c100c1,
+     0xe3e300e3, 0xf4f400f4, 0xc7c700c7, 0x9e9e009e},
+    {0x00e0e0e0, 0x00050505, 0x00585858, 0x00d9d9d9, 0x00676767, 0x004e4e4e,
+     0x00818181, 0x00cbcbcb, 0x00c9c9c9, 0x000b0b0b, 0x00aeaeae, 0x006a6a6a,
+     0x00d5d5d5, 0x00181818, 0x005d5d5d, 0x00828282, 0x00464646, 0x00dfdfdf,
+     0x00d6d6d6, 0x00272727, 0x008a8a8a, 0x00323232, 0x004b4b4b, 0x00424242,
+     0x00dbdbdb, 0x001c1c1c, 0x009e9e9e, 0x009c9c9c, 0x003a3a3a, 0x00cacaca,
+     0x00252525, 0x007b7b7b, 0x000d0d0d, 0x00717171, 0x005f5f5f, 0x001f1f1f,
+     0x00f8f8f8, 0x00d7d7d7, 0x003e3e3e, 0x009d9d9d, 0x007c7c7c, 0x00606060,
+     0x00b9b9b9, 0x00bebebe, 0x00bcbcbc, 0x008b8b8b, 0x00161616, 0x00343434,
+     0x004d4d4d, 0x00c3c3c3, 0x00727272, 0x00959595, 0x00ababab, 0x008e8e8e,
+     0x00bababa, 0x007a7a7a, 0x00b3b3b3, 0x00020202, 0x00b4b4b4, 0x00adadad,
+     0x00a2a2a2, 0x00acacac, 0x00d8d8d8, 0x009a9a9a, 0x00171717, 0x001a1a1a,
+     0x00353535, 0x00cccccc, 0x00f7f7f7, 0x00999999, 0x00616161, 0x005a5a5a,
+     0x00e8e8e8, 0x00242424, 0x00565656, 0x00404040, 0x00e1e1e1, 0x00636363,
+     0x00090909, 0x00333333, 0x00bfbfbf, 0x00989898, 0x00979797, 0x00858585,
+     0x00686868, 0x00fcfcfc, 0x00ececec, 0x000a0a0a, 0x00dadada, 0x006f6f6f,
+     0x00535353, 0x00626262, 0x00a3a3a3, 0x002e2e2e, 0x00080808, 0x00afafaf,
+     0x00282828, 0x00b0b0b0, 0x00747474, 0x00c2c2c2, 0x00bdbdbd, 0x00363636,
+     0x00222222, 0x00383838, 0x00646464, 0x001e1e1e, 0x00393939, 0x002c2c2c,
+     0x00a6a6a6, 0x00303030, 0x00e5e5e5, 0x00444444, 0x00fdfdfd, 0x00888888,
+     0x009f9f9f, 0x00656565, 0x00878787, 0x006b6b6b, 0x00f4f4f4, 0x00232323,
+     0x00484848, 0x00101010, 0x00d1d1d1, 0x00515151, 0x00c0c0c0, 0x00f9f9f9,
+     0x00d2d2d2, 0x00a0a0a0, 0x00555555, 0x00a1a1a1, 0x00414141, 0x00fafafa,
+     0x00434343, 0x00131313, 0x00c4c4c4, 0x002f2f2f, 0x00a8a8a8, 0x00b6b6b6,
+     0x003c3c3c, 0x002b2b2b, 0x00c1c1c1, 0x00ffffff, 0x00c8c8c8, 0x00a5a5a5,
+     0x00202020, 0x00898989, 0x00000000, 0x00909090, 0x00474747, 0x00efefef,
+     0x00eaeaea, 0x00b7b7b7, 0x00151515, 0x00060606, 0x00cdcdcd, 0x00b5b5b5,
+     0x00121212, 0x007e7e7e, 0x00bbbbbb, 0x00292929, 0x000f0f0f, 0x00b8b8b8,
+     0x00070707, 0x00040404, 0x009b9b9b, 0x00949494, 0x00212121, 0x00666666,
+     0x00e6e6e6, 0x00cecece, 0x00ededed, 0x00e7e7e7, 0x003b3b3b, 0x00fefefe,
+     0x007f7f7f, 0x00c5c5c5, 0x00a4a4a4, 0x00373737, 0x00b1b1b1, 0x004c4c4c,
+     0x00919191, 0x006e6e6e, 0x008d8d8d, 0x00767676, 0x00030303, 0x002d2d2d,
+     0x00dedede, 0x00969696, 0x00262626, 0x007d7d7d, 0x00c6c6c6, 0x005c5c5c,
+     0x00d3d3d3, 0x00f2f2f2, 0x004f4f4f, 0x00191919, 0x003f3f3f, 0x00dcdcdc,
+     0x00797979, 0x001d1d1d, 0x00525252, 0x00ebebeb, 0x00f3f3f3, 0x006d6d6d,
+     0x005e5e5e, 0x00fbfbfb, 0x00696969, 0x00b2b2b2, 0x00f0f0f0, 0x00313131,
+     0x000c0c0c, 0x00d4d4d4, 0x00cfcfcf, 0x008c8c8c, 0x00e2e2e2, 0x00757575,
+     0x00a9a9a9, 0x004a4a4a, 0x00575757, 0x00848484, 0x00111111, 0x00454545,
+     0x001b1b1b, 0x00f5f5f5, 0x00e4e4e4, 0x000e0e0e, 0x00737373, 0x00aaaaaa,
+     0x00f1f1f1, 0x00dddddd, 0x00595959, 0x00141414, 0x006c6c6c, 0x00929292,
+     0x00545454, 0x00d0d0d0, 0x00787878, 0x00707070, 0x00e3e3e3, 0x00494949,
+     0x00808080, 0x00505050, 0x00a7a7a7, 0x00f6f6f6, 0x00777777, 0x00939393,
+     0x00868686, 0x00838383, 0x002a2a2a, 0x00c7c7c7, 0x005b5b5b, 0x00e9e9e9,
+     0x00eeeeee, 0x008f8f8f, 0x00010101, 0x003d3d3d},
+    {0x38003838, 0x41004141, 0x16001616, 0x76007676, 0xd900d9d9, 0x93009393,
+     0x60006060, 0xf200f2f2, 0x72007272, 0xc200c2c2, 0xab00abab, 0x9a009a9a,
+     0x75007575, 0x06000606, 0x57005757, 0xa000a0a0, 0x91009191, 0xf700f7f7,
+     0xb500b5b5, 0xc900c9c9, 0xa200a2a2, 0x8c008c8c, 0xd200d2d2, 0x90009090,
+     0xf600f6f6, 0x07000707, 0xa700a7a7, 0x27002727, 0x8e008e8e, 0xb200b2b2,
+     0x49004949, 0xde00dede, 0x43004343, 0x5c005c5c, 0xd700d7d7, 0xc700c7c7,
+     0x3e003e3e, 0xf500f5f5, 0x8f008f8f, 0x67006767, 0x1f001f1f, 0x18001818,
+     0x6e006e6e, 0xaf00afaf, 0x2f002f2f, 0xe200e2e2, 0x85008585, 0x0d000d0d,
+     0x53005353, 0xf000f0f0, 0x9c009c9c, 0x65006565, 0xea00eaea, 0xa300a3a3,
+     0xae00aeae, 0x9e009e9e, 0xec00ecec, 0x80008080, 0x2d002d2d, 0x6b006b6b,
+     0xa800a8a8, 0x2b002b2b, 0x36003636, 0xa600a6a6, 0xc500c5c5, 0x86008686,
+     0x4d004d4d, 0x33003333, 0xfd00fdfd, 0x66006666, 0x58005858, 0x96009696,
+     0x3a003a3a, 0x09000909, 0x95009595, 0x10001010, 0x78007878, 0xd800d8d8,
+     0x42004242, 0xcc00cccc, 0xef00efef, 0x26002626, 0xe500e5e5, 0x61006161,
+     0x1a001a1a, 0x3f003f3f, 0x3b003b3b, 0x82008282, 0xb600b6b6, 0xdb00dbdb,
+     0xd400d4d4, 0x98009898, 0xe800e8e8, 0x8b008b8b, 0x02000202, 0xeb00ebeb,
+     0x0a000a0a, 0x2c002c2c, 0x1d001d1d, 0xb000b0b0, 0x6f006f6f, 0x8d008d8d,
+     0x88008888, 0x0e000e0e, 0x19001919, 0x87008787, 0x4e004e4e, 0x0b000b0b,
+     0xa900a9a9, 0x0c000c0c, 0x79007979, 0x11001111, 0x7f007f7f, 0x22002222,
+     0xe700e7e7, 0x59005959, 0xe100e1e1, 0xda00dada, 0x3d003d3d, 0xc800c8c8,
+     0x12001212, 0x04000404, 0x74007474, 0x54005454, 0x30003030, 0x7e007e7e,
+     0xb400b4b4, 0x28002828, 0x55005555, 0x68006868, 0x50005050, 0xbe00bebe,
+     0xd000d0d0, 0xc400c4c4, 0x31003131, 0xcb00cbcb, 0x2a002a2a, 0xad00adad,
+     0x0f000f0f, 0xca00caca, 0x70007070, 0xff00ffff, 0x32003232, 0x69006969,
+     0x08000808, 0x62006262, 0x00000000, 0x24002424, 0xd100d1d1, 0xfb00fbfb,
+     0xba00baba, 0xed00eded, 0x45004545, 0x81008181, 0x73007373, 0x6d006d6d,
+     0x84008484, 0x9f009f9f, 0xee00eeee, 0x4a004a4a, 0xc300c3c3, 0x2e002e2e,
+     0xc100c1c1, 0x01000101, 0xe600e6e6, 0x25002525, 0x48004848, 0x99009999,
+     0xb900b9b9, 0xb300b3b3, 0x7b007b7b, 0xf900f9f9, 0xce00cece, 0xbf00bfbf,
+     0xdf00dfdf, 0x71007171, 0x29002929, 0xcd00cdcd, 0x6c006c6c, 0x13001313,
+     0x64006464, 0x9b009b9b, 0x63006363, 0x9d009d9d, 0xc000c0c0, 0x4b004b4b,
+     0xb700b7b7, 0xa500a5a5, 0x89008989, 0x5f005f5f, 0xb100b1b1, 0x17001717,
+     0xf400f4f4, 0xbc00bcbc, 0xd300d3d3, 0x46004646, 0xcf00cfcf, 0x37003737,
+     0x5e005e5e, 0x47004747, 0x94009494, 0xfa00fafa, 0xfc00fcfc, 0x5b005b5b,
+     0x97009797, 0xfe00fefe, 0x5a005a5a, 0xac00acac, 0x3c003c3c, 0x4c004c4c,
+     0x03000303, 0x35003535, 0xf300f3f3, 0x23002323, 0xb800b8b8, 0x5d005d5d,
+     0x6a006a6a, 0x92009292, 0xd500d5d5, 0x21002121, 0x44004444, 0x51005151,
+     0xc600c6c6, 0x7d007d7d, 0x39003939, 0x83008383, 0xdc00dcdc, 0xaa00aaaa,
+     0x7c007c7c, 0x77007777, 0x56005656, 0x05000505, 0x1b001b1b, 0xa400a4a4,
+     0x15001515, 0x34003434, 0x1e001e1e, 0x1c001c1c, 0xf800f8f8, 0x52005252,
+     0x20002020, 0x14001414, 0xe900e9e9, 0xbd00bdbd, 0xdd00dddd, 0xe400e4e4,
+     0xa100a1a1, 0xe000e0e0, 0x8a008a8a, 0xf100f1f1, 0xd600d6d6, 0x7a007a7a,
+     0xbb00bbbb, 0xe300e3e3, 0x40004040, 0x4f004f4f}
+};
+
+/* Key generation constants */
+static const u32 SIGMA[] = {
+    0xa09e667f, 0x3bcc908b, 0xb67ae858, 0x4caa73b2, 0xc6ef372f, 0xe94f82be,
+    0x54ff53a5, 0xf1d36f1c, 0x10e527fa, 0xde682d1d, 0xb05688c2, 0xb3e6c1fd
+};
+
+/* The phi algorithm given in C.2.7 of the Camellia spec document. */
+/*
+ * This version does not attempt to minimize amount of temporary
+ * variables, but instead explicitly exposes algorithm's parallelism.
+ * It is therefore most appropriate for platforms with not less than
+ * ~16 registers. For platforms with less registers [well, x86 to be
+ * specific] assembler version should be/is provided anyway...
+ */
+#define Camellia_Feistel(_s0,_s1,_s2,_s3,_key) do {\
+        register u32 _t0,_t1,_t2,_t3;\
+\
+        _t0  = _s0 ^ (_key)[0];\
+        _t3  = SBOX4_4404[_t0&0xff];\
+        _t1  = _s1 ^ (_key)[1];\
+        _t3 ^= SBOX3_3033[(_t0 >> 8)&0xff];\
+        _t2  = SBOX1_1110[_t1&0xff];\
+        _t3 ^= SBOX2_0222[(_t0 >> 16)&0xff];\
+        _t2 ^= SBOX4_4404[(_t1 >> 8)&0xff];\
+        _t3 ^= SBOX1_1110[(_t0 >> 24)];\
+        _t2 ^= _t3;\
+        _t3  = RightRotate(_t3,8);\
+        _t2 ^= SBOX3_3033[(_t1 >> 16)&0xff];\
+        _s3 ^= _t3;\
+        _t2 ^= SBOX2_0222[(_t1 >> 24)];\
+        _s2 ^= _t2; \
+        _s3 ^= _t2;\
+} while(0)
+
+/*
+ * Note that n has to be less than 32. Rotations for larger amount
+ * of bits are achieved by "rotating" order of s-elements and
+ * adjusting n accordingly, e.g. RotLeft128(s1,s2,s3,s0,n-32).
+ */
+#define RotLeft128(_s0,_s1,_s2,_s3,_n) do {\
+        u32 _t0=_s0>>(32-_n);\
+        _s0 = (_s0<<_n) | (_s1>>(32-_n));\
+        _s1 = (_s1<<_n) | (_s2>>(32-_n));\
+        _s2 = (_s2<<_n) | (_s3>>(32-_n));\
+        _s3 = (_s3<<_n) | _t0;\
+} while (0)
+
+int Camellia_Ekeygen(int keyBitLength, const u8 *rawKey, KEY_TABLE_TYPE k)
+{
+    register u32 s0, s1, s2, s3;
+
+    k[0] = s0 = GETU32(rawKey);
+    k[1] = s1 = GETU32(rawKey + 4);
+    k[2] = s2 = GETU32(rawKey + 8);
+    k[3] = s3 = GETU32(rawKey + 12);
+
+    if (keyBitLength != 128) {
+        k[8] = s0 = GETU32(rawKey + 16);
+        k[9] = s1 = GETU32(rawKey + 20);
+        if (keyBitLength == 192) {
+            k[10] = s2 = ~s0;
+            k[11] = s3 = ~s1;
+        } else {
+            k[10] = s2 = GETU32(rawKey + 24);
+            k[11] = s3 = GETU32(rawKey + 28);
+        }
+        s0 ^= k[0], s1 ^= k[1], s2 ^= k[2], s3 ^= k[3];
+    }
+
+    /* Use the Feistel routine to scramble the key material */
+    Camellia_Feistel(s0, s1, s2, s3, SIGMA + 0);
+    Camellia_Feistel(s2, s3, s0, s1, SIGMA + 2);
+
+    s0 ^= k[0], s1 ^= k[1], s2 ^= k[2], s3 ^= k[3];
+    Camellia_Feistel(s0, s1, s2, s3, SIGMA + 4);
+    Camellia_Feistel(s2, s3, s0, s1, SIGMA + 6);
+
+    /* Fill the keyTable. Requires many block rotations. */
+    if (keyBitLength == 128) {
+        k[4] = s0, k[5] = s1, k[6] = s2, k[7] = s3;
+        RotLeft128(s0, s1, s2, s3, 15); /* KA <<< 15 */
+        k[12] = s0, k[13] = s1, k[14] = s2, k[15] = s3;
+        RotLeft128(s0, s1, s2, s3, 15); /* KA <<< 30 */
+        k[16] = s0, k[17] = s1, k[18] = s2, k[19] = s3;
+        RotLeft128(s0, s1, s2, s3, 15); /* KA <<< 45 */
+        k[24] = s0, k[25] = s1;
+        RotLeft128(s0, s1, s2, s3, 15); /* KA <<< 60 */
+        k[28] = s0, k[29] = s1, k[30] = s2, k[31] = s3;
+        RotLeft128(s1, s2, s3, s0, 2); /* KA <<< 94 */
+        k[40] = s1, k[41] = s2, k[42] = s3, k[43] = s0;
+        RotLeft128(s1, s2, s3, s0, 17); /* KA <<<111 */
+        k[48] = s1, k[49] = s2, k[50] = s3, k[51] = s0;
+
+        s0 = k[0], s1 = k[1], s2 = k[2], s3 = k[3];
+        RotLeft128(s0, s1, s2, s3, 15); /* KL <<< 15 */
+        k[8] = s0, k[9] = s1, k[10] = s2, k[11] = s3;
+        RotLeft128(s0, s1, s2, s3, 30); /* KL <<< 45 */
+        k[20] = s0, k[21] = s1, k[22] = s2, k[23] = s3;
+        RotLeft128(s0, s1, s2, s3, 15); /* KL <<< 60 */
+        k[26] = s2, k[27] = s3;
+        RotLeft128(s0, s1, s2, s3, 17); /* KL <<< 77 */
+        k[32] = s0, k[33] = s1, k[34] = s2, k[35] = s3;
+        RotLeft128(s0, s1, s2, s3, 17); /* KL <<< 94 */
+        k[36] = s0, k[37] = s1, k[38] = s2, k[39] = s3;
+        RotLeft128(s0, s1, s2, s3, 17); /* KL <<<111 */
+        k[44] = s0, k[45] = s1, k[46] = s2, k[47] = s3;
+
+        return 3;               /* grand rounds */
+    } else {
+        k[12] = s0, k[13] = s1, k[14] = s2, k[15] = s3;
+        s0 ^= k[8], s1 ^= k[9], s2 ^= k[10], s3 ^= k[11];
+        Camellia_Feistel(s0, s1, s2, s3, (SIGMA + 8));
+        Camellia_Feistel(s2, s3, s0, s1, (SIGMA + 10));
+
+        k[4] = s0, k[5] = s1, k[6] = s2, k[7] = s3;
+        RotLeft128(s0, s1, s2, s3, 30); /* KB <<< 30 */
+        k[20] = s0, k[21] = s1, k[22] = s2, k[23] = s3;
+        RotLeft128(s0, s1, s2, s3, 30); /* KB <<< 60 */
+        k[40] = s0, k[41] = s1, k[42] = s2, k[43] = s3;
+        RotLeft128(s1, s2, s3, s0, 19); /* KB <<<111 */
+        k[64] = s1, k[65] = s2, k[66] = s3, k[67] = s0;
+
+        s0 = k[8], s1 = k[9], s2 = k[10], s3 = k[11];
+        RotLeft128(s0, s1, s2, s3, 15); /* KR <<< 15 */
+        k[8] = s0, k[9] = s1, k[10] = s2, k[11] = s3;
+        RotLeft128(s0, s1, s2, s3, 15); /* KR <<< 30 */
+        k[16] = s0, k[17] = s1, k[18] = s2, k[19] = s3;
+        RotLeft128(s0, s1, s2, s3, 30); /* KR <<< 60 */
+        k[36] = s0, k[37] = s1, k[38] = s2, k[39] = s3;
+        RotLeft128(s1, s2, s3, s0, 2); /* KR <<< 94 */
+        k[52] = s1, k[53] = s2, k[54] = s3, k[55] = s0;
+
+        s0 = k[12], s1 = k[13], s2 = k[14], s3 = k[15];
+        RotLeft128(s0, s1, s2, s3, 15); /* KA <<< 15 */
+        k[12] = s0, k[13] = s1, k[14] = s2, k[15] = s3;
+        RotLeft128(s0, s1, s2, s3, 30); /* KA <<< 45 */
+        k[28] = s0, k[29] = s1, k[30] = s2, k[31] = s3;
+        /* KA <<< 77 */
+        k[48] = s1, k[49] = s2, k[50] = s3, k[51] = s0;
+        RotLeft128(s1, s2, s3, s0, 17); /* KA <<< 94 */
+        k[56] = s1, k[57] = s2, k[58] = s3, k[59] = s0;
+
+        s0 = k[0], s1 = k[1], s2 = k[2], s3 = k[3];
+        RotLeft128(s1, s2, s3, s0, 13); /* KL <<< 45 */
+        k[24] = s1, k[25] = s2, k[26] = s3, k[27] = s0;
+        RotLeft128(s1, s2, s3, s0, 15); /* KL <<< 60 */
+        k[32] = s1, k[33] = s2, k[34] = s3, k[35] = s0;
+        RotLeft128(s1, s2, s3, s0, 17); /* KL <<< 77 */
+        k[44] = s1, k[45] = s2, k[46] = s3, k[47] = s0;
+        RotLeft128(s2, s3, s0, s1, 2); /* KL <<<111 */
+        k[60] = s2, k[61] = s3, k[62] = s0, k[63] = s1;
+
+        return 4;               /* grand rounds */
+    }
+    /*
+     * It is possible to perform certain precalculations, which
+     * would spare few cycles in block procedure. It's not done,
+     * because it upsets the performance balance between key
+     * setup and block procedures, negatively affecting overall
+     * throughput in applications operating on short messages
+     * and volatile keys.
+     */
+}
+
+void Camellia_EncryptBlock_Rounds(int grandRounds, const u8 plaintext[],
+                                  const KEY_TABLE_TYPE keyTable,
+                                  u8 ciphertext[])
+{
+    register u32 s0, s1, s2, s3;
+    const u32 *k = keyTable, *kend = keyTable + grandRounds * 16;
+
+    s0 = GETU32(plaintext) ^ k[0];
+    s1 = GETU32(plaintext + 4) ^ k[1];
+    s2 = GETU32(plaintext + 8) ^ k[2];
+    s3 = GETU32(plaintext + 12) ^ k[3];
+    k += 4;
+
+    while (1) {
+        /* Camellia makes 6 Feistel rounds */
+        Camellia_Feistel(s0, s1, s2, s3, k + 0);
+        Camellia_Feistel(s2, s3, s0, s1, k + 2);
+        Camellia_Feistel(s0, s1, s2, s3, k + 4);
+        Camellia_Feistel(s2, s3, s0, s1, k + 6);
+        Camellia_Feistel(s0, s1, s2, s3, k + 8);
+        Camellia_Feistel(s2, s3, s0, s1, k + 10);
+        k += 12;
+
+        if (k == kend)
+            break;
+
+        /*
+         * This is the same function as the diffusion function D of the
+         * accompanying documentation. See section 3.2 for properties of the
+         * FLlayer function.
+         */
+        s1 ^= LeftRotate(s0 & k[0], 1);
+        s2 ^= s3 | k[3];
+        s0 ^= s1 | k[1];
+        s3 ^= LeftRotate(s2 & k[2], 1);
+        k += 4;
+    }
+
+    s2 ^= k[0], s3 ^= k[1], s0 ^= k[2], s1 ^= k[3];
+
+    PUTU32(ciphertext, s2);
+    PUTU32(ciphertext + 4, s3);
+    PUTU32(ciphertext + 8, s0);
+    PUTU32(ciphertext + 12, s1);
+}
+
+void Camellia_EncryptBlock(int keyBitLength, const u8 plaintext[],
+                           const KEY_TABLE_TYPE keyTable, u8 ciphertext[])
+{
+    Camellia_EncryptBlock_Rounds(keyBitLength == 128 ? 3 : 4,
+                                 plaintext, keyTable, ciphertext);
+}
+
+void Camellia_DecryptBlock_Rounds(int grandRounds, const u8 ciphertext[],
+                                  const KEY_TABLE_TYPE keyTable,
+                                  u8 plaintext[])
+{
+    u32 s0, s1, s2, s3;
+    const u32 *k = keyTable + grandRounds * 16, *kend = keyTable + 4;
+
+    s0 = GETU32(ciphertext) ^ k[0];
+    s1 = GETU32(ciphertext + 4) ^ k[1];
+    s2 = GETU32(ciphertext + 8) ^ k[2];
+    s3 = GETU32(ciphertext + 12) ^ k[3];
+
+    while (1) {
+        /* Camellia makes 6 Feistel rounds */
+        k -= 12;
+        Camellia_Feistel(s0, s1, s2, s3, k + 10);
+        Camellia_Feistel(s2, s3, s0, s1, k + 8);
+        Camellia_Feistel(s0, s1, s2, s3, k + 6);
+        Camellia_Feistel(s2, s3, s0, s1, k + 4);
+        Camellia_Feistel(s0, s1, s2, s3, k + 2);
+        Camellia_Feistel(s2, s3, s0, s1, k + 0);
+
+        if (k == kend)
+            break;
+
+        /*
+         * This is the same function as the diffusion function D of the
+         * accompanying documentation. See section 3.2 for properties of the
+         * FLlayer function.
+         */
+        k -= 4;
+        s1 ^= LeftRotate(s0 & k[2], 1);
+        s2 ^= s3 | k[1];
+        s0 ^= s1 | k[3];
+        s3 ^= LeftRotate(s2 & k[0], 1);
+    }
+
+    k -= 4;
+    s2 ^= k[0], s3 ^= k[1], s0 ^= k[2], s1 ^= k[3];
+
+    PUTU32(plaintext, s2);
+    PUTU32(plaintext + 4, s3);
+    PUTU32(plaintext + 8, s0);
+    PUTU32(plaintext + 12, s1);
+}
+
+void Camellia_DecryptBlock(int keyBitLength, const u8 plaintext[],
+                           const KEY_TABLE_TYPE keyTable, u8 ciphertext[])
+{
+    Camellia_DecryptBlock_Rounds(keyBitLength == 128 ? 3 : 4,
+                                 plaintext, keyTable, ciphertext);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/cmll_cbc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/cmll_cbc.c
new file mode 100644
index 000000000..b19171ded
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/cmll_cbc.c
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/camellia.h>
+#include <openssl/modes.h>
+
+void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                          size_t len, const CAMELLIA_KEY *key,
+                          unsigned char *ivec, const int enc)
+{
+
+    if (enc)
+        CRYPTO_cbc128_encrypt(in, out, len, key, ivec,
+                              (block128_f) Camellia_encrypt);
+    else
+        CRYPTO_cbc128_decrypt(in, out, len, key, ivec,
+                              (block128_f) Camellia_decrypt);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/cmll_cfb.c b/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/cmll_cfb.c
new file mode 100644
index 000000000..4f49eaded
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/cmll_cfb.c
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/camellia.h>
+#include <openssl/modes.h>
+
+/*
+ * The input and output encrypted as though 128bit cfb mode is being used.
+ * The extra state information to record how much of the 128bit block we have
+ * used is contained in *num;
+ */
+
+void Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t length, const CAMELLIA_KEY *key,
+                             unsigned char *ivec, int *num, const int enc)
+{
+
+    CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc,
+                          (block128_f) Camellia_encrypt);
+}
+
+/* N.B. This expects the input to be packed, MS bit first */
+void Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t length, const CAMELLIA_KEY *key,
+                           unsigned char *ivec, int *num, const int enc)
+{
+    CRYPTO_cfb128_1_encrypt(in, out, length, key, ivec, num, enc,
+                            (block128_f) Camellia_encrypt);
+}
+
+void Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t length, const CAMELLIA_KEY *key,
+                           unsigned char *ivec, int *num, const int enc)
+{
+    CRYPTO_cfb128_8_encrypt(in, out, length, key, ivec, num, enc,
+                            (block128_f) Camellia_encrypt);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/cmll_ctr.c b/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/cmll_ctr.c
new file mode 100644
index 000000000..161d1e18c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/cmll_ctr.c
@@ -0,0 +1,22 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/camellia.h>
+#include <openssl/modes.h>
+
+void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t length, const CAMELLIA_KEY *key,
+                             unsigned char ivec[CAMELLIA_BLOCK_SIZE],
+                             unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE],
+                             unsigned int *num)
+{
+
+    CRYPTO_ctr128_encrypt(in, out, length, key, ivec, ecount_buf, num,
+                          (block128_f) Camellia_encrypt);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/cmll_ecb.c b/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/cmll_ecb.c
new file mode 100644
index 000000000..d932f1b37
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/cmll_ecb.c
@@ -0,0 +1,20 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/camellia.h>
+#include "cmll_locl.h"
+
+void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                          const CAMELLIA_KEY *key, const int enc)
+{
+    if (CAMELLIA_ENCRYPT == enc)
+        Camellia_encrypt(in, out, key);
+    else
+        Camellia_decrypt(in, out, key);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/cmll_locl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/cmll_locl.h
new file mode 100644
index 000000000..6403b390d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/cmll_locl.h
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) .
+ * ALL RIGHTS RESERVED.
+ *
+ * Intellectual Property information for Camellia:
+ *     http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html
+ *
+ * News Release for Announcement of Camellia open source:
+ *     http://www.ntt.co.jp/news/news06e/0604/060413a.html
+ *
+ * The Camellia Code included herein is developed by
+ * NTT (Nippon Telegraph and Telephone Corporation), and is contributed
+ * to the OpenSSL project.
+ */
+
+#ifndef HEADER_CAMELLIA_LOCL_H
+# define HEADER_CAMELLIA_LOCL_H
+
+typedef unsigned int u32;
+typedef unsigned char u8;
+
+int Camellia_Ekeygen(int keyBitLength, const u8 *rawKey,
+                     KEY_TABLE_TYPE keyTable);
+void Camellia_EncryptBlock_Rounds(int grandRounds, const u8 plaintext[],
+                                  const KEY_TABLE_TYPE keyTable,
+                                  u8 ciphertext[]);
+void Camellia_DecryptBlock_Rounds(int grandRounds, const u8 ciphertext[],
+                                  const KEY_TABLE_TYPE keyTable,
+                                  u8 plaintext[]);
+void Camellia_EncryptBlock(int keyBitLength, const u8 plaintext[],
+                           const KEY_TABLE_TYPE keyTable, u8 ciphertext[]);
+void Camellia_DecryptBlock(int keyBitLength, const u8 ciphertext[],
+                           const KEY_TABLE_TYPE keyTable, u8 plaintext[]);
+#endif                          /* #ifndef HEADER_CAMELLIA_LOCL_H */
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/cmll_misc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/cmll_misc.c
new file mode 100644
index 000000000..e5f014b79
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/cmll_misc.c
@@ -0,0 +1,35 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslv.h>
+#include <openssl/camellia.h>
+#include "cmll_locl.h"
+
+int Camellia_set_key(const unsigned char *userKey, const int bits,
+                     CAMELLIA_KEY *key)
+{
+    if (!userKey || !key)
+        return -1;
+    if (bits != 128 && bits != 192 && bits != 256)
+        return -2;
+    key->grand_rounds = Camellia_Ekeygen(bits, userKey, key->u.rd_key);
+    return 0;
+}
+
+void Camellia_encrypt(const unsigned char *in, unsigned char *out,
+                      const CAMELLIA_KEY *key)
+{
+    Camellia_EncryptBlock_Rounds(key->grand_rounds, in, key->u.rd_key, out);
+}
+
+void Camellia_decrypt(const unsigned char *in, unsigned char *out,
+                      const CAMELLIA_KEY *key)
+{
+    Camellia_DecryptBlock_Rounds(key->grand_rounds, in, key->u.rd_key, out);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/cmll_ofb.c b/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/cmll_ofb.c
new file mode 100644
index 000000000..b43c685c7
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/cmll_ofb.c
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/camellia.h>
+#include <openssl/modes.h>
+
+/*
+ * The input and output encrypted as though 128bit ofb mode is being used.
+ * The extra state information to record how much of the 128bit block we have
+ * used is contained in *num;
+ */
+void Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t length, const CAMELLIA_KEY *key,
+                             unsigned char *ivec, int *num)
+{
+    CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num,
+                          (block128_f) Camellia_encrypt);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cast/asm/cast-586.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/cast/asm/cast-586.pl
new file mode 100644
index 000000000..d5d38965c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cast/asm/cast-586.pl
@@ -0,0 +1,192 @@
+#! /usr/bin/env perl
+# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# This flag makes the inner loop one cycle longer, but generates
+# code that runs %30 faster on the pentium pro/II, 44% faster
+# of PIII, while only %7 slower on the pentium.
+# By default, this flag is on.
+$ppro=1;
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+require "cbc.pl";
+
+$output=pop;
+open STDOUT,">$output";
+
+&asm_init($ARGV[0],$ARGV[$#ARGV] eq "386");
+
+$CAST_ROUNDS=16;
+$L="edi";
+$R="esi";
+$K="ebp";
+$tmp1="ecx";
+$tmp2="ebx";
+$tmp3="eax";
+$tmp4="edx";
+$S1="CAST_S_table0";
+$S2="CAST_S_table1";
+$S3="CAST_S_table2";
+$S4="CAST_S_table3";
+
+@F1=("add","xor","sub");
+@F2=("xor","sub","add");
+@F3=("sub","add","xor");
+
+&CAST_encrypt("CAST_encrypt",1);
+&CAST_encrypt("CAST_decrypt",0);
+&cbc("CAST_cbc_encrypt","CAST_encrypt","CAST_decrypt",1,4,5,3,-1,-1);
+
+&asm_finish();
+
+close STDOUT;
+
+sub CAST_encrypt {
+    local($name,$enc)=@_;
+
+    local($win_ex)=<<"EOF";
+EXTERN	_CAST_S_table0:DWORD
+EXTERN	_CAST_S_table1:DWORD
+EXTERN	_CAST_S_table2:DWORD
+EXTERN	_CAST_S_table3:DWORD
+EOF
+    &main::external_label(
+			  "CAST_S_table0",
+			  "CAST_S_table1",
+			  "CAST_S_table2",
+			  "CAST_S_table3",
+			  );
+
+    &function_begin_B($name,$win_ex);
+
+    &comment("");
+
+    &push("ebp");
+    &push("ebx");
+    &mov($tmp2,&wparam(0));
+    &mov($K,&wparam(1));
+    &push("esi");
+    &push("edi");
+
+    &comment("Load the 2 words");
+    &mov($L,&DWP(0,$tmp2,"",0));
+    &mov($R,&DWP(4,$tmp2,"",0));
+
+    &comment('Get short key flag');
+    &mov($tmp3,&DWP(128,$K,"",0));
+    if($enc) {
+	&push($tmp3);
+    } else {
+	&or($tmp3,$tmp3);
+	&jnz(&label('cast_dec_skip'));
+    }
+
+    &xor($tmp3,	$tmp3);
+
+    # encrypting part
+
+    if ($enc) {
+	&E_CAST( 0,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 1,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 2,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 3,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 4,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 5,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 6,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 7,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 8,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 9,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST(10,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST(11,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+	&comment('test short key flag');
+	&pop($tmp4);
+	&or($tmp4,$tmp4);
+	&jnz(&label('cast_enc_done'));
+	&E_CAST(12,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST(13,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST(14,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST(15,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+    } else {
+	&E_CAST(15,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST(14,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST(13,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST(12,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+	&set_label('cast_dec_skip');
+	&E_CAST(11,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST(10,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 9,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 8,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 7,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 6,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 5,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 4,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 3,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 2,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 1,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 0,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+    }
+
+    &set_label('cast_enc_done') if $enc;
+# Why the nop? - Ben 17/1/99
+    &nop();
+    &mov($tmp3,&wparam(0));
+    &mov(&DWP(4,$tmp3,"",0),$L);
+    &mov(&DWP(0,$tmp3,"",0),$R);
+    &function_end($name);
+}
+
+sub E_CAST {
+    local($i,$S,$L,$R,$K,$OP1,$OP2,$OP3,$tmp1,$tmp2,$tmp3,$tmp4)=@_;
+    # Ri needs to have 16 pre added.
+
+    &comment("round $i");
+    &mov(	$tmp4,		&DWP($i*8,$K,"",1));
+
+    &mov(	$tmp1,		&DWP($i*8+4,$K,"",1));
+    &$OP1(	$tmp4,		$R);
+
+    &rotl(	$tmp4,		&LB($tmp1));
+
+    if ($ppro) {
+	&xor(	$tmp1,		$tmp1);
+	&mov(	$tmp2,		0xff);
+
+	&movb(	&LB($tmp1),	&HB($tmp4));	# A
+	&and(	$tmp2,		$tmp4);
+
+	&shr(	$tmp4,		16); 		#
+	&xor(	$tmp3,		$tmp3);
+    } else {
+	&mov(	$tmp2,		$tmp4);		# B
+	&movb(	&LB($tmp1),	&HB($tmp4));	# A	# BAD BAD BAD
+
+	&shr(	$tmp4,		16); 		#
+	&and(	$tmp2,		0xff);
+    }
+
+    &movb(	&LB($tmp3),	&HB($tmp4));	# C	# BAD BAD BAD
+    &and(	$tmp4,		0xff);		# D
+
+    &mov(	$tmp1,		&DWP($S1,"",$tmp1,4));
+    &mov(	$tmp2,		&DWP($S2,"",$tmp2,4));
+
+    &$OP2(	$tmp1,		$tmp2);
+    &mov(	$tmp2,		&DWP($S3,"",$tmp3,4));
+
+    &$OP3(	$tmp1,		$tmp2);
+    &mov(	$tmp2,		&DWP($S4,"",$tmp4,4));
+
+    &$OP1(	$tmp1,		$tmp2);
+    # XXX
+
+    &xor(	$L,		$tmp1);
+    # XXX
+}
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cast/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/cast/build.info
new file mode 100644
index 000000000..b0f59f380
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cast/build.info
@@ -0,0 +1,7 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        c_skey.c c_ecb.c {- $target{cast_asm_src} -} c_cfb64.c c_ofb64.c
+
+GENERATE[cast-586.s]=asm/cast-586.pl \
+        $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR)
+DEPEND[cast-586.s]=../perlasm/x86asm.pl ../perlasm/cbc.pl
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cast/c_cfb64.c b/trunk/3rdparty/openssl-1.1-fit/crypto/cast/c_cfb64.c
new file mode 100644
index 000000000..bd7cb2f46
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cast/c_cfb64.c
@@ -0,0 +1,74 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/cast.h>
+#include "cast_lcl.h"
+
+/*
+ * The input and output encrypted as though 64bit cfb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+
+void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                        long length, const CAST_KEY *schedule,
+                        unsigned char *ivec, int *num, int enc)
+{
+    register CAST_LONG v0, v1, t;
+    register int n = *num;
+    register long l = length;
+    CAST_LONG ti[2];
+    unsigned char *iv, c, cc;
+
+    iv = ivec;
+    if (enc) {
+        while (l--) {
+            if (n == 0) {
+                n2l(iv, v0);
+                ti[0] = v0;
+                n2l(iv, v1);
+                ti[1] = v1;
+                CAST_encrypt((CAST_LONG *)ti, schedule);
+                iv = ivec;
+                t = ti[0];
+                l2n(t, iv);
+                t = ti[1];
+                l2n(t, iv);
+                iv = ivec;
+            }
+            c = *(in++) ^ iv[n];
+            *(out++) = c;
+            iv[n] = c;
+            n = (n + 1) & 0x07;
+        }
+    } else {
+        while (l--) {
+            if (n == 0) {
+                n2l(iv, v0);
+                ti[0] = v0;
+                n2l(iv, v1);
+                ti[1] = v1;
+                CAST_encrypt((CAST_LONG *)ti, schedule);
+                iv = ivec;
+                t = ti[0];
+                l2n(t, iv);
+                t = ti[1];
+                l2n(t, iv);
+                iv = ivec;
+            }
+            cc = *(in++);
+            c = iv[n];
+            iv[n] = cc;
+            *(out++) = c ^ cc;
+            n = (n + 1) & 0x07;
+        }
+    }
+    v0 = v1 = ti[0] = ti[1] = t = c = cc = 0;
+    *num = n;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cast/c_ecb.c b/trunk/3rdparty/openssl-1.1-fit/crypto/cast/c_ecb.c
new file mode 100644
index 000000000..da4179438
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cast/c_ecb.c
@@ -0,0 +1,32 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/cast.h>
+#include "cast_lcl.h"
+#include <openssl/opensslv.h>
+
+void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                      const CAST_KEY *ks, int enc)
+{
+    CAST_LONG l, d[2];
+
+    n2l(in, l);
+    d[0] = l;
+    n2l(in, l);
+    d[1] = l;
+    if (enc)
+        CAST_encrypt(d, ks);
+    else
+        CAST_decrypt(d, ks);
+    l = d[0];
+    l2n(l, out);
+    l = d[1];
+    l2n(l, out);
+    l = d[0] = d[1] = 0;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cast/c_enc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/cast/c_enc.c
new file mode 100644
index 000000000..700b6d162
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cast/c_enc.c
@@ -0,0 +1,151 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/cast.h>
+#include "cast_lcl.h"
+
+void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key)
+{
+    CAST_LONG l, r, t;
+    const CAST_LONG *k;
+
+    k = &(key->data[0]);
+    l = data[0];
+    r = data[1];
+
+    E_CAST(0, k, l, r, +, ^, -);
+    E_CAST(1, k, r, l, ^, -, +);
+    E_CAST(2, k, l, r, -, +, ^);
+    E_CAST(3, k, r, l, +, ^, -);
+    E_CAST(4, k, l, r, ^, -, +);
+    E_CAST(5, k, r, l, -, +, ^);
+    E_CAST(6, k, l, r, +, ^, -);
+    E_CAST(7, k, r, l, ^, -, +);
+    E_CAST(8, k, l, r, -, +, ^);
+    E_CAST(9, k, r, l, +, ^, -);
+    E_CAST(10, k, l, r, ^, -, +);
+    E_CAST(11, k, r, l, -, +, ^);
+    if (!key->short_key) {
+        E_CAST(12, k, l, r, +, ^, -);
+        E_CAST(13, k, r, l, ^, -, +);
+        E_CAST(14, k, l, r, -, +, ^);
+        E_CAST(15, k, r, l, +, ^, -);
+    }
+
+    data[1] = l & 0xffffffffL;
+    data[0] = r & 0xffffffffL;
+}
+
+void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key)
+{
+    CAST_LONG l, r, t;
+    const CAST_LONG *k;
+
+    k = &(key->data[0]);
+    l = data[0];
+    r = data[1];
+
+    if (!key->short_key) {
+        E_CAST(15, k, l, r, +, ^, -);
+        E_CAST(14, k, r, l, -, +, ^);
+        E_CAST(13, k, l, r, ^, -, +);
+        E_CAST(12, k, r, l, +, ^, -);
+    }
+    E_CAST(11, k, l, r, -, +, ^);
+    E_CAST(10, k, r, l, ^, -, +);
+    E_CAST(9, k, l, r, +, ^, -);
+    E_CAST(8, k, r, l, -, +, ^);
+    E_CAST(7, k, l, r, ^, -, +);
+    E_CAST(6, k, r, l, +, ^, -);
+    E_CAST(5, k, l, r, -, +, ^);
+    E_CAST(4, k, r, l, ^, -, +);
+    E_CAST(3, k, l, r, +, ^, -);
+    E_CAST(2, k, r, l, -, +, ^);
+    E_CAST(1, k, l, r, ^, -, +);
+    E_CAST(0, k, r, l, +, ^, -);
+
+    data[1] = l & 0xffffffffL;
+    data[0] = r & 0xffffffffL;
+}
+
+void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                      long length, const CAST_KEY *ks, unsigned char *iv,
+                      int enc)
+{
+    register CAST_LONG tin0, tin1;
+    register CAST_LONG tout0, tout1, xor0, xor1;
+    register long l = length;
+    CAST_LONG tin[2];
+
+    if (enc) {
+        n2l(iv, tout0);
+        n2l(iv, tout1);
+        iv -= 8;
+        for (l -= 8; l >= 0; l -= 8) {
+            n2l(in, tin0);
+            n2l(in, tin1);
+            tin0 ^= tout0;
+            tin1 ^= tout1;
+            tin[0] = tin0;
+            tin[1] = tin1;
+            CAST_encrypt(tin, ks);
+            tout0 = tin[0];
+            tout1 = tin[1];
+            l2n(tout0, out);
+            l2n(tout1, out);
+        }
+        if (l != -8) {
+            n2ln(in, tin0, tin1, l + 8);
+            tin0 ^= tout0;
+            tin1 ^= tout1;
+            tin[0] = tin0;
+            tin[1] = tin1;
+            CAST_encrypt(tin, ks);
+            tout0 = tin[0];
+            tout1 = tin[1];
+            l2n(tout0, out);
+            l2n(tout1, out);
+        }
+        l2n(tout0, iv);
+        l2n(tout1, iv);
+    } else {
+        n2l(iv, xor0);
+        n2l(iv, xor1);
+        iv -= 8;
+        for (l -= 8; l >= 0; l -= 8) {
+            n2l(in, tin0);
+            n2l(in, tin1);
+            tin[0] = tin0;
+            tin[1] = tin1;
+            CAST_decrypt(tin, ks);
+            tout0 = tin[0] ^ xor0;
+            tout1 = tin[1] ^ xor1;
+            l2n(tout0, out);
+            l2n(tout1, out);
+            xor0 = tin0;
+            xor1 = tin1;
+        }
+        if (l != -8) {
+            n2l(in, tin0);
+            n2l(in, tin1);
+            tin[0] = tin0;
+            tin[1] = tin1;
+            CAST_decrypt(tin, ks);
+            tout0 = tin[0] ^ xor0;
+            tout1 = tin[1] ^ xor1;
+            l2nn(tout0, tout1, out, l + 8);
+            xor0 = tin0;
+            xor1 = tin1;
+        }
+        l2n(xor0, iv);
+        l2n(xor1, iv);
+    }
+    tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
+    tin[0] = tin[1] = 0;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cast/c_ofb64.c b/trunk/3rdparty/openssl-1.1-fit/crypto/cast/c_ofb64.c
new file mode 100644
index 000000000..dffb07476
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cast/c_ofb64.c
@@ -0,0 +1,61 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/cast.h>
+#include "cast_lcl.h"
+
+/*
+ * The input and output encrypted as though 64bit ofb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                        long length, const CAST_KEY *schedule,
+                        unsigned char *ivec, int *num)
+{
+    register CAST_LONG v0, v1, t;
+    register int n = *num;
+    register long l = length;
+    unsigned char d[8];
+    register char *dp;
+    CAST_LONG ti[2];
+    unsigned char *iv;
+    int save = 0;
+
+    iv = ivec;
+    n2l(iv, v0);
+    n2l(iv, v1);
+    ti[0] = v0;
+    ti[1] = v1;
+    dp = (char *)d;
+    l2n(v0, dp);
+    l2n(v1, dp);
+    while (l--) {
+        if (n == 0) {
+            CAST_encrypt((CAST_LONG *)ti, schedule);
+            dp = (char *)d;
+            t = ti[0];
+            l2n(t, dp);
+            t = ti[1];
+            l2n(t, dp);
+            save++;
+        }
+        *(out++) = *(in++) ^ d[n];
+        n = (n + 1) & 0x07;
+    }
+    if (save) {
+        v0 = ti[0];
+        v1 = ti[1];
+        iv = ivec;
+        l2n(v0, iv);
+        l2n(v1, iv);
+    }
+    t = v0 = v1 = ti[0] = ti[1] = 0;
+    *num = n;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cast/c_skey.c b/trunk/3rdparty/openssl-1.1-fit/crypto/cast/c_skey.c
new file mode 100644
index 000000000..962d2a60b
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cast/c_skey.c
@@ -0,0 +1,118 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/cast.h>
+#include "cast_lcl.h"
+#include "cast_s.h"
+
+#define CAST_exp(l,A,a,n) \
+        A[n/4]=l; \
+        a[n+3]=(l    )&0xff; \
+        a[n+2]=(l>> 8)&0xff; \
+        a[n+1]=(l>>16)&0xff; \
+        a[n+0]=(l>>24)&0xff;
+
+#define S4 CAST_S_table4
+#define S5 CAST_S_table5
+#define S6 CAST_S_table6
+#define S7 CAST_S_table7
+
+void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data)
+{
+    CAST_LONG x[16];
+    CAST_LONG z[16];
+    CAST_LONG k[32];
+    CAST_LONG X[4], Z[4];
+    CAST_LONG l, *K;
+    int i;
+
+    for (i = 0; i < 16; i++)
+        x[i] = 0;
+    if (len > 16)
+        len = 16;
+    for (i = 0; i < len; i++)
+        x[i] = data[i];
+    if (len <= 10)
+        key->short_key = 1;
+    else
+        key->short_key = 0;
+
+    K = &k[0];
+    X[0] = ((x[0] << 24) | (x[1] << 16) | (x[2] << 8) | x[3]) & 0xffffffffL;
+    X[1] = ((x[4] << 24) | (x[5] << 16) | (x[6] << 8) | x[7]) & 0xffffffffL;
+    X[2] = ((x[8] << 24) | (x[9] << 16) | (x[10] << 8) | x[11]) & 0xffffffffL;
+    X[3] =
+        ((x[12] << 24) | (x[13] << 16) | (x[14] << 8) | x[15]) & 0xffffffffL;
+
+    for (;;) {
+        l = X[0] ^ S4[x[13]] ^ S5[x[15]] ^ S6[x[12]] ^ S7[x[14]] ^ S6[x[8]];
+        CAST_exp(l, Z, z, 0);
+        l = X[2] ^ S4[z[0]] ^ S5[z[2]] ^ S6[z[1]] ^ S7[z[3]] ^ S7[x[10]];
+        CAST_exp(l, Z, z, 4);
+        l = X[3] ^ S4[z[7]] ^ S5[z[6]] ^ S6[z[5]] ^ S7[z[4]] ^ S4[x[9]];
+        CAST_exp(l, Z, z, 8);
+        l = X[1] ^ S4[z[10]] ^ S5[z[9]] ^ S6[z[11]] ^ S7[z[8]] ^ S5[x[11]];
+        CAST_exp(l, Z, z, 12);
+
+        K[0] = S4[z[8]] ^ S5[z[9]] ^ S6[z[7]] ^ S7[z[6]] ^ S4[z[2]];
+        K[1] = S4[z[10]] ^ S5[z[11]] ^ S6[z[5]] ^ S7[z[4]] ^ S5[z[6]];
+        K[2] = S4[z[12]] ^ S5[z[13]] ^ S6[z[3]] ^ S7[z[2]] ^ S6[z[9]];
+        K[3] = S4[z[14]] ^ S5[z[15]] ^ S6[z[1]] ^ S7[z[0]] ^ S7[z[12]];
+
+        l = Z[2] ^ S4[z[5]] ^ S5[z[7]] ^ S6[z[4]] ^ S7[z[6]] ^ S6[z[0]];
+        CAST_exp(l, X, x, 0);
+        l = Z[0] ^ S4[x[0]] ^ S5[x[2]] ^ S6[x[1]] ^ S7[x[3]] ^ S7[z[2]];
+        CAST_exp(l, X, x, 4);
+        l = Z[1] ^ S4[x[7]] ^ S5[x[6]] ^ S6[x[5]] ^ S7[x[4]] ^ S4[z[1]];
+        CAST_exp(l, X, x, 8);
+        l = Z[3] ^ S4[x[10]] ^ S5[x[9]] ^ S6[x[11]] ^ S7[x[8]] ^ S5[z[3]];
+        CAST_exp(l, X, x, 12);
+
+        K[4] = S4[x[3]] ^ S5[x[2]] ^ S6[x[12]] ^ S7[x[13]] ^ S4[x[8]];
+        K[5] = S4[x[1]] ^ S5[x[0]] ^ S6[x[14]] ^ S7[x[15]] ^ S5[x[13]];
+        K[6] = S4[x[7]] ^ S5[x[6]] ^ S6[x[8]] ^ S7[x[9]] ^ S6[x[3]];
+        K[7] = S4[x[5]] ^ S5[x[4]] ^ S6[x[10]] ^ S7[x[11]] ^ S7[x[7]];
+
+        l = X[0] ^ S4[x[13]] ^ S5[x[15]] ^ S6[x[12]] ^ S7[x[14]] ^ S6[x[8]];
+        CAST_exp(l, Z, z, 0);
+        l = X[2] ^ S4[z[0]] ^ S5[z[2]] ^ S6[z[1]] ^ S7[z[3]] ^ S7[x[10]];
+        CAST_exp(l, Z, z, 4);
+        l = X[3] ^ S4[z[7]] ^ S5[z[6]] ^ S6[z[5]] ^ S7[z[4]] ^ S4[x[9]];
+        CAST_exp(l, Z, z, 8);
+        l = X[1] ^ S4[z[10]] ^ S5[z[9]] ^ S6[z[11]] ^ S7[z[8]] ^ S5[x[11]];
+        CAST_exp(l, Z, z, 12);
+
+        K[8] = S4[z[3]] ^ S5[z[2]] ^ S6[z[12]] ^ S7[z[13]] ^ S4[z[9]];
+        K[9] = S4[z[1]] ^ S5[z[0]] ^ S6[z[14]] ^ S7[z[15]] ^ S5[z[12]];
+        K[10] = S4[z[7]] ^ S5[z[6]] ^ S6[z[8]] ^ S7[z[9]] ^ S6[z[2]];
+        K[11] = S4[z[5]] ^ S5[z[4]] ^ S6[z[10]] ^ S7[z[11]] ^ S7[z[6]];
+
+        l = Z[2] ^ S4[z[5]] ^ S5[z[7]] ^ S6[z[4]] ^ S7[z[6]] ^ S6[z[0]];
+        CAST_exp(l, X, x, 0);
+        l = Z[0] ^ S4[x[0]] ^ S5[x[2]] ^ S6[x[1]] ^ S7[x[3]] ^ S7[z[2]];
+        CAST_exp(l, X, x, 4);
+        l = Z[1] ^ S4[x[7]] ^ S5[x[6]] ^ S6[x[5]] ^ S7[x[4]] ^ S4[z[1]];
+        CAST_exp(l, X, x, 8);
+        l = Z[3] ^ S4[x[10]] ^ S5[x[9]] ^ S6[x[11]] ^ S7[x[8]] ^ S5[z[3]];
+        CAST_exp(l, X, x, 12);
+
+        K[12] = S4[x[8]] ^ S5[x[9]] ^ S6[x[7]] ^ S7[x[6]] ^ S4[x[3]];
+        K[13] = S4[x[10]] ^ S5[x[11]] ^ S6[x[5]] ^ S7[x[4]] ^ S5[x[7]];
+        K[14] = S4[x[12]] ^ S5[x[13]] ^ S6[x[3]] ^ S7[x[2]] ^ S6[x[8]];
+        K[15] = S4[x[14]] ^ S5[x[15]] ^ S6[x[1]] ^ S7[x[0]] ^ S7[x[13]];
+        if (K != k)
+            break;
+        K += 16;
+    }
+
+    for (i = 0; i < 16; i++) {
+        key->data[i * 2] = k[i];
+        key->data[i * 2 + 1] = ((k[i + 16]) + 16) & 0x1f;
+    }
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cast/cast_lcl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/cast/cast_lcl.h
new file mode 100644
index 000000000..35e89930a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cast/cast_lcl.h
@@ -0,0 +1,188 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifdef OPENSSL_SYS_WIN32
+# include <stdlib.h>
+#endif
+
+#undef c2l
+#define c2l(c,l)        (l =((unsigned long)(*((c)++)))    , \
+                         l|=((unsigned long)(*((c)++)))<< 8L, \
+                         l|=((unsigned long)(*((c)++)))<<16L, \
+                         l|=((unsigned long)(*((c)++)))<<24L)
+
+/* NOTE - c is not incremented as per c2l */
+#undef c2ln
+#define c2ln(c,l1,l2,n) { \
+                        c+=n; \
+                        l1=l2=0; \
+                        switch (n) { \
+                        case 8: l2 =((unsigned long)(*(--(c))))<<24L; \
+                        case 7: l2|=((unsigned long)(*(--(c))))<<16L; \
+                        case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \
+                        case 5: l2|=((unsigned long)(*(--(c))));     \
+                        case 4: l1 =((unsigned long)(*(--(c))))<<24L; \
+                        case 3: l1|=((unsigned long)(*(--(c))))<<16L; \
+                        case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \
+                        case 1: l1|=((unsigned long)(*(--(c))));     \
+                                } \
+                        }
+
+#undef l2c
+#define l2c(l,c)        (*((c)++)=(unsigned char)(((l)     )&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>24L)&0xff))
+
+/* NOTE - c is not incremented as per l2c */
+#undef l2cn
+#define l2cn(l1,l2,c,n) { \
+                        c+=n; \
+                        switch (n) { \
+                        case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
+                        case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
+                        case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
+                        case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \
+                        case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
+                        case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
+                        case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
+                        case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \
+                                } \
+                        }
+
+/* NOTE - c is not incremented as per n2l */
+#define n2ln(c,l1,l2,n) { \
+                        c+=n; \
+                        l1=l2=0; \
+                        switch (n) { \
+                        case 8: l2 =((unsigned long)(*(--(c))))    ; \
+                        /* fall thru */                              \
+                        case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
+                        /* fall thru */                              \
+                        case 6: l2|=((unsigned long)(*(--(c))))<<16; \
+                        /* fall thru */                              \
+                        case 5: l2|=((unsigned long)(*(--(c))))<<24; \
+                        /* fall thru */                              \
+                        case 4: l1 =((unsigned long)(*(--(c))))    ; \
+                        /* fall thru */                              \
+                        case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
+                        /* fall thru */                              \
+                        case 2: l1|=((unsigned long)(*(--(c))))<<16; \
+                        /* fall thru */                              \
+                        case 1: l1|=((unsigned long)(*(--(c))))<<24; \
+                                } \
+                        }
+
+/* NOTE - c is not incremented as per l2n */
+#define l2nn(l1,l2,c,n) { \
+                        c+=n; \
+                        switch (n) { \
+                        case 8: *(--(c))=(unsigned char)(((l2)    )&0xff); \
+                        /* fall thru */                                    \
+                        case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
+                        /* fall thru */                                    \
+                        case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
+                        /* fall thru */                                    \
+                        case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
+                        /* fall thru */                                    \
+                        case 4: *(--(c))=(unsigned char)(((l1)    )&0xff); \
+                        /* fall thru */                                    \
+                        case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
+                        /* fall thru */                                    \
+                        case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
+                        /* fall thru */                                    \
+                        case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
+                                } \
+                        }
+
+#undef n2l
+#define n2l(c,l)        (l =((unsigned long)(*((c)++)))<<24L, \
+                         l|=((unsigned long)(*((c)++)))<<16L, \
+                         l|=((unsigned long)(*((c)++)))<< 8L, \
+                         l|=((unsigned long)(*((c)++))))
+
+#undef l2n
+#define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)     )&0xff))
+
+#if defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)
+# define ROTL(a,n)     (_lrotl(a,n))
+#else
+# define ROTL(a,n)     ((((a)<<(n))&0xffffffffL)|((a)>>((32-(n))&31)))
+#endif
+
+#define C_M    0x3fc
+#define C_0    22L
+#define C_1    14L
+#define C_2     6L
+#define C_3     2L              /* left shift */
+
+/* The rotate has an extra 16 added to it to help the x86 asm */
+#if defined(CAST_PTR)
+# define E_CAST(n,key,L,R,OP1,OP2,OP3) \
+        { \
+        int i; \
+        t=(key[n*2] OP1 R)&0xffffffffL; \
+        i=key[n*2+1]; \
+        t=ROTL(t,i); \
+        L^= (((((*(CAST_LONG *)((unsigned char *) \
+                        CAST_S_table0+((t>>C_2)&C_M)) OP2 \
+                *(CAST_LONG *)((unsigned char *) \
+                        CAST_S_table1+((t<<C_3)&C_M)))&0xffffffffL) OP3 \
+                *(CAST_LONG *)((unsigned char *) \
+                        CAST_S_table2+((t>>C_0)&C_M)))&0xffffffffL) OP1 \
+                *(CAST_LONG *)((unsigned char *) \
+                        CAST_S_table3+((t>>C_1)&C_M)))&0xffffffffL; \
+        }
+#elif defined(CAST_PTR2)
+# define E_CAST(n,key,L,R,OP1,OP2,OP3) \
+        { \
+        int i; \
+        CAST_LONG u,v,w; \
+        w=(key[n*2] OP1 R)&0xffffffffL; \
+        i=key[n*2+1]; \
+        w=ROTL(w,i); \
+        u=w>>C_2; \
+        v=w<<C_3; \
+        u&=C_M; \
+        v&=C_M; \
+        t= *(CAST_LONG *)((unsigned char *)CAST_S_table0+u); \
+        u=w>>C_0; \
+        t=(t OP2 *(CAST_LONG *)((unsigned char *)CAST_S_table1+v))&0xffffffffL;\
+        v=w>>C_1; \
+        u&=C_M; \
+        v&=C_M; \
+        t=(t OP3 *(CAST_LONG *)((unsigned char *)CAST_S_table2+u)&0xffffffffL);\
+        t=(t OP1 *(CAST_LONG *)((unsigned char *)CAST_S_table3+v)&0xffffffffL);\
+        L^=(t&0xffffffff); \
+        }
+#else
+# define E_CAST(n,key,L,R,OP1,OP2,OP3) \
+        { \
+        CAST_LONG a,b,c,d; \
+        t=(key[n*2] OP1 R)&0xffffffff; \
+        t=ROTL(t,(key[n*2+1])); \
+        a=CAST_S_table0[(t>> 8)&0xff]; \
+        b=CAST_S_table1[(t    )&0xff]; \
+        c=CAST_S_table2[(t>>24)&0xff]; \
+        d=CAST_S_table3[(t>>16)&0xff]; \
+        L^=(((((a OP2 b)&0xffffffffL) OP3 c)&0xffffffffL) OP1 d)&0xffffffffL; \
+        }
+#endif
+
+extern const CAST_LONG CAST_S_table0[256];
+extern const CAST_LONG CAST_S_table1[256];
+extern const CAST_LONG CAST_S_table2[256];
+extern const CAST_LONG CAST_S_table3[256];
+extern const CAST_LONG CAST_S_table4[256];
+extern const CAST_LONG CAST_S_table5[256];
+extern const CAST_LONG CAST_S_table6[256];
+extern const CAST_LONG CAST_S_table7[256];
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cast/cast_s.h b/trunk/3rdparty/openssl-1.1-fit/crypto/cast/cast_s.h
new file mode 100644
index 000000000..b27415b96
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cast/cast_s.h
@@ -0,0 +1,544 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+const CAST_LONG CAST_S_table0[256] = {
+    0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a,
+    0x1e213f2f, 0x9c004dd3, 0x6003e540, 0xcf9fc949,
+    0xbfd4af27, 0x88bbbdb5, 0xe2034090, 0x98d09675,
+    0x6e63a0e0, 0x15c361d2, 0xc2e7661d, 0x22d4ff8e,
+    0x28683b6f, 0xc07fd059, 0xff2379c8, 0x775f50e2,
+    0x43c340d3, 0xdf2f8656, 0x887ca41a, 0xa2d2bd2d,
+    0xa1c9e0d6, 0x346c4819, 0x61b76d87, 0x22540f2f,
+    0x2abe32e1, 0xaa54166b, 0x22568e3a, 0xa2d341d0,
+    0x66db40c8, 0xa784392f, 0x004dff2f, 0x2db9d2de,
+    0x97943fac, 0x4a97c1d8, 0x527644b7, 0xb5f437a7,
+    0xb82cbaef, 0xd751d159, 0x6ff7f0ed, 0x5a097a1f,
+    0x827b68d0, 0x90ecf52e, 0x22b0c054, 0xbc8e5935,
+    0x4b6d2f7f, 0x50bb64a2, 0xd2664910, 0xbee5812d,
+    0xb7332290, 0xe93b159f, 0xb48ee411, 0x4bff345d,
+    0xfd45c240, 0xad31973f, 0xc4f6d02e, 0x55fc8165,
+    0xd5b1caad, 0xa1ac2dae, 0xa2d4b76d, 0xc19b0c50,
+    0x882240f2, 0x0c6e4f38, 0xa4e4bfd7, 0x4f5ba272,
+    0x564c1d2f, 0xc59c5319, 0xb949e354, 0xb04669fe,
+    0xb1b6ab8a, 0xc71358dd, 0x6385c545, 0x110f935d,
+    0x57538ad5, 0x6a390493, 0xe63d37e0, 0x2a54f6b3,
+    0x3a787d5f, 0x6276a0b5, 0x19a6fcdf, 0x7a42206a,
+    0x29f9d4d5, 0xf61b1891, 0xbb72275e, 0xaa508167,
+    0x38901091, 0xc6b505eb, 0x84c7cb8c, 0x2ad75a0f,
+    0x874a1427, 0xa2d1936b, 0x2ad286af, 0xaa56d291,
+    0xd7894360, 0x425c750d, 0x93b39e26, 0x187184c9,
+    0x6c00b32d, 0x73e2bb14, 0xa0bebc3c, 0x54623779,
+    0x64459eab, 0x3f328b82, 0x7718cf82, 0x59a2cea6,
+    0x04ee002e, 0x89fe78e6, 0x3fab0950, 0x325ff6c2,
+    0x81383f05, 0x6963c5c8, 0x76cb5ad6, 0xd49974c9,
+    0xca180dcf, 0x380782d5, 0xc7fa5cf6, 0x8ac31511,
+    0x35e79e13, 0x47da91d0, 0xf40f9086, 0xa7e2419e,
+    0x31366241, 0x051ef495, 0xaa573b04, 0x4a805d8d,
+    0x548300d0, 0x00322a3c, 0xbf64cddf, 0xba57a68e,
+    0x75c6372b, 0x50afd341, 0xa7c13275, 0x915a0bf5,
+    0x6b54bfab, 0x2b0b1426, 0xab4cc9d7, 0x449ccd82,
+    0xf7fbf265, 0xab85c5f3, 0x1b55db94, 0xaad4e324,
+    0xcfa4bd3f, 0x2deaa3e2, 0x9e204d02, 0xc8bd25ac,
+    0xeadf55b3, 0xd5bd9e98, 0xe31231b2, 0x2ad5ad6c,
+    0x954329de, 0xadbe4528, 0xd8710f69, 0xaa51c90f,
+    0xaa786bf6, 0x22513f1e, 0xaa51a79b, 0x2ad344cc,
+    0x7b5a41f0, 0xd37cfbad, 0x1b069505, 0x41ece491,
+    0xb4c332e6, 0x032268d4, 0xc9600acc, 0xce387e6d,
+    0xbf6bb16c, 0x6a70fb78, 0x0d03d9c9, 0xd4df39de,
+    0xe01063da, 0x4736f464, 0x5ad328d8, 0xb347cc96,
+    0x75bb0fc3, 0x98511bfb, 0x4ffbcc35, 0xb58bcf6a,
+    0xe11f0abc, 0xbfc5fe4a, 0xa70aec10, 0xac39570a,
+    0x3f04442f, 0x6188b153, 0xe0397a2e, 0x5727cb79,
+    0x9ceb418f, 0x1cacd68d, 0x2ad37c96, 0x0175cb9d,
+    0xc69dff09, 0xc75b65f0, 0xd9db40d8, 0xec0e7779,
+    0x4744ead4, 0xb11c3274, 0xdd24cb9e, 0x7e1c54bd,
+    0xf01144f9, 0xd2240eb1, 0x9675b3fd, 0xa3ac3755,
+    0xd47c27af, 0x51c85f4d, 0x56907596, 0xa5bb15e6,
+    0x580304f0, 0xca042cf1, 0x011a37ea, 0x8dbfaadb,
+    0x35ba3e4a, 0x3526ffa0, 0xc37b4d09, 0xbc306ed9,
+    0x98a52666, 0x5648f725, 0xff5e569d, 0x0ced63d0,
+    0x7c63b2cf, 0x700b45e1, 0xd5ea50f1, 0x85a92872,
+    0xaf1fbda7, 0xd4234870, 0xa7870bf3, 0x2d3b4d79,
+    0x42e04198, 0x0cd0ede7, 0x26470db8, 0xf881814c,
+    0x474d6ad7, 0x7c0c5e5c, 0xd1231959, 0x381b7298,
+    0xf5d2f4db, 0xab838653, 0x6e2f1e23, 0x83719c9e,
+    0xbd91e046, 0x9a56456e, 0xdc39200c, 0x20c8c571,
+    0x962bda1c, 0xe1e696ff, 0xb141ab08, 0x7cca89b9,
+    0x1a69e783, 0x02cc4843, 0xa2f7c579, 0x429ef47d,
+    0x427b169c, 0x5ac9f049, 0xdd8f0f00, 0x5c8165bf,
+};
+
+const CAST_LONG CAST_S_table1[256] = {
+    0x1f201094, 0xef0ba75b, 0x69e3cf7e, 0x393f4380,
+    0xfe61cf7a, 0xeec5207a, 0x55889c94, 0x72fc0651,
+    0xada7ef79, 0x4e1d7235, 0xd55a63ce, 0xde0436ba,
+    0x99c430ef, 0x5f0c0794, 0x18dcdb7d, 0xa1d6eff3,
+    0xa0b52f7b, 0x59e83605, 0xee15b094, 0xe9ffd909,
+    0xdc440086, 0xef944459, 0xba83ccb3, 0xe0c3cdfb,
+    0xd1da4181, 0x3b092ab1, 0xf997f1c1, 0xa5e6cf7b,
+    0x01420ddb, 0xe4e7ef5b, 0x25a1ff41, 0xe180f806,
+    0x1fc41080, 0x179bee7a, 0xd37ac6a9, 0xfe5830a4,
+    0x98de8b7f, 0x77e83f4e, 0x79929269, 0x24fa9f7b,
+    0xe113c85b, 0xacc40083, 0xd7503525, 0xf7ea615f,
+    0x62143154, 0x0d554b63, 0x5d681121, 0xc866c359,
+    0x3d63cf73, 0xcee234c0, 0xd4d87e87, 0x5c672b21,
+    0x071f6181, 0x39f7627f, 0x361e3084, 0xe4eb573b,
+    0x602f64a4, 0xd63acd9c, 0x1bbc4635, 0x9e81032d,
+    0x2701f50c, 0x99847ab4, 0xa0e3df79, 0xba6cf38c,
+    0x10843094, 0x2537a95e, 0xf46f6ffe, 0xa1ff3b1f,
+    0x208cfb6a, 0x8f458c74, 0xd9e0a227, 0x4ec73a34,
+    0xfc884f69, 0x3e4de8df, 0xef0e0088, 0x3559648d,
+    0x8a45388c, 0x1d804366, 0x721d9bfd, 0xa58684bb,
+    0xe8256333, 0x844e8212, 0x128d8098, 0xfed33fb4,
+    0xce280ae1, 0x27e19ba5, 0xd5a6c252, 0xe49754bd,
+    0xc5d655dd, 0xeb667064, 0x77840b4d, 0xa1b6a801,
+    0x84db26a9, 0xe0b56714, 0x21f043b7, 0xe5d05860,
+    0x54f03084, 0x066ff472, 0xa31aa153, 0xdadc4755,
+    0xb5625dbf, 0x68561be6, 0x83ca6b94, 0x2d6ed23b,
+    0xeccf01db, 0xa6d3d0ba, 0xb6803d5c, 0xaf77a709,
+    0x33b4a34c, 0x397bc8d6, 0x5ee22b95, 0x5f0e5304,
+    0x81ed6f61, 0x20e74364, 0xb45e1378, 0xde18639b,
+    0x881ca122, 0xb96726d1, 0x8049a7e8, 0x22b7da7b,
+    0x5e552d25, 0x5272d237, 0x79d2951c, 0xc60d894c,
+    0x488cb402, 0x1ba4fe5b, 0xa4b09f6b, 0x1ca815cf,
+    0xa20c3005, 0x8871df63, 0xb9de2fcb, 0x0cc6c9e9,
+    0x0beeff53, 0xe3214517, 0xb4542835, 0x9f63293c,
+    0xee41e729, 0x6e1d2d7c, 0x50045286, 0x1e6685f3,
+    0xf33401c6, 0x30a22c95, 0x31a70850, 0x60930f13,
+    0x73f98417, 0xa1269859, 0xec645c44, 0x52c877a9,
+    0xcdff33a6, 0xa02b1741, 0x7cbad9a2, 0x2180036f,
+    0x50d99c08, 0xcb3f4861, 0xc26bd765, 0x64a3f6ab,
+    0x80342676, 0x25a75e7b, 0xe4e6d1fc, 0x20c710e6,
+    0xcdf0b680, 0x17844d3b, 0x31eef84d, 0x7e0824e4,
+    0x2ccb49eb, 0x846a3bae, 0x8ff77888, 0xee5d60f6,
+    0x7af75673, 0x2fdd5cdb, 0xa11631c1, 0x30f66f43,
+    0xb3faec54, 0x157fd7fa, 0xef8579cc, 0xd152de58,
+    0xdb2ffd5e, 0x8f32ce19, 0x306af97a, 0x02f03ef8,
+    0x99319ad5, 0xc242fa0f, 0xa7e3ebb0, 0xc68e4906,
+    0xb8da230c, 0x80823028, 0xdcdef3c8, 0xd35fb171,
+    0x088a1bc8, 0xbec0c560, 0x61a3c9e8, 0xbca8f54d,
+    0xc72feffa, 0x22822e99, 0x82c570b4, 0xd8d94e89,
+    0x8b1c34bc, 0x301e16e6, 0x273be979, 0xb0ffeaa6,
+    0x61d9b8c6, 0x00b24869, 0xb7ffce3f, 0x08dc283b,
+    0x43daf65a, 0xf7e19798, 0x7619b72f, 0x8f1c9ba4,
+    0xdc8637a0, 0x16a7d3b1, 0x9fc393b7, 0xa7136eeb,
+    0xc6bcc63e, 0x1a513742, 0xef6828bc, 0x520365d6,
+    0x2d6a77ab, 0x3527ed4b, 0x821fd216, 0x095c6e2e,
+    0xdb92f2fb, 0x5eea29cb, 0x145892f5, 0x91584f7f,
+    0x5483697b, 0x2667a8cc, 0x85196048, 0x8c4bacea,
+    0x833860d4, 0x0d23e0f9, 0x6c387e8a, 0x0ae6d249,
+    0xb284600c, 0xd835731d, 0xdcb1c647, 0xac4c56ea,
+    0x3ebd81b3, 0x230eabb0, 0x6438bc87, 0xf0b5b1fa,
+    0x8f5ea2b3, 0xfc184642, 0x0a036b7a, 0x4fb089bd,
+    0x649da589, 0xa345415e, 0x5c038323, 0x3e5d3bb9,
+    0x43d79572, 0x7e6dd07c, 0x06dfdf1e, 0x6c6cc4ef,
+    0x7160a539, 0x73bfbe70, 0x83877605, 0x4523ecf1,
+};
+
+const CAST_LONG CAST_S_table2[256] = {
+    0x8defc240, 0x25fa5d9f, 0xeb903dbf, 0xe810c907,
+    0x47607fff, 0x369fe44b, 0x8c1fc644, 0xaececa90,
+    0xbeb1f9bf, 0xeefbcaea, 0xe8cf1950, 0x51df07ae,
+    0x920e8806, 0xf0ad0548, 0xe13c8d83, 0x927010d5,
+    0x11107d9f, 0x07647db9, 0xb2e3e4d4, 0x3d4f285e,
+    0xb9afa820, 0xfade82e0, 0xa067268b, 0x8272792e,
+    0x553fb2c0, 0x489ae22b, 0xd4ef9794, 0x125e3fbc,
+    0x21fffcee, 0x825b1bfd, 0x9255c5ed, 0x1257a240,
+    0x4e1a8302, 0xbae07fff, 0x528246e7, 0x8e57140e,
+    0x3373f7bf, 0x8c9f8188, 0xa6fc4ee8, 0xc982b5a5,
+    0xa8c01db7, 0x579fc264, 0x67094f31, 0xf2bd3f5f,
+    0x40fff7c1, 0x1fb78dfc, 0x8e6bd2c1, 0x437be59b,
+    0x99b03dbf, 0xb5dbc64b, 0x638dc0e6, 0x55819d99,
+    0xa197c81c, 0x4a012d6e, 0xc5884a28, 0xccc36f71,
+    0xb843c213, 0x6c0743f1, 0x8309893c, 0x0feddd5f,
+    0x2f7fe850, 0xd7c07f7e, 0x02507fbf, 0x5afb9a04,
+    0xa747d2d0, 0x1651192e, 0xaf70bf3e, 0x58c31380,
+    0x5f98302e, 0x727cc3c4, 0x0a0fb402, 0x0f7fef82,
+    0x8c96fdad, 0x5d2c2aae, 0x8ee99a49, 0x50da88b8,
+    0x8427f4a0, 0x1eac5790, 0x796fb449, 0x8252dc15,
+    0xefbd7d9b, 0xa672597d, 0xada840d8, 0x45f54504,
+    0xfa5d7403, 0xe83ec305, 0x4f91751a, 0x925669c2,
+    0x23efe941, 0xa903f12e, 0x60270df2, 0x0276e4b6,
+    0x94fd6574, 0x927985b2, 0x8276dbcb, 0x02778176,
+    0xf8af918d, 0x4e48f79e, 0x8f616ddf, 0xe29d840e,
+    0x842f7d83, 0x340ce5c8, 0x96bbb682, 0x93b4b148,
+    0xef303cab, 0x984faf28, 0x779faf9b, 0x92dc560d,
+    0x224d1e20, 0x8437aa88, 0x7d29dc96, 0x2756d3dc,
+    0x8b907cee, 0xb51fd240, 0xe7c07ce3, 0xe566b4a1,
+    0xc3e9615e, 0x3cf8209d, 0x6094d1e3, 0xcd9ca341,
+    0x5c76460e, 0x00ea983b, 0xd4d67881, 0xfd47572c,
+    0xf76cedd9, 0xbda8229c, 0x127dadaa, 0x438a074e,
+    0x1f97c090, 0x081bdb8a, 0x93a07ebe, 0xb938ca15,
+    0x97b03cff, 0x3dc2c0f8, 0x8d1ab2ec, 0x64380e51,
+    0x68cc7bfb, 0xd90f2788, 0x12490181, 0x5de5ffd4,
+    0xdd7ef86a, 0x76a2e214, 0xb9a40368, 0x925d958f,
+    0x4b39fffa, 0xba39aee9, 0xa4ffd30b, 0xfaf7933b,
+    0x6d498623, 0x193cbcfa, 0x27627545, 0x825cf47a,
+    0x61bd8ba0, 0xd11e42d1, 0xcead04f4, 0x127ea392,
+    0x10428db7, 0x8272a972, 0x9270c4a8, 0x127de50b,
+    0x285ba1c8, 0x3c62f44f, 0x35c0eaa5, 0xe805d231,
+    0x428929fb, 0xb4fcdf82, 0x4fb66a53, 0x0e7dc15b,
+    0x1f081fab, 0x108618ae, 0xfcfd086d, 0xf9ff2889,
+    0x694bcc11, 0x236a5cae, 0x12deca4d, 0x2c3f8cc5,
+    0xd2d02dfe, 0xf8ef5896, 0xe4cf52da, 0x95155b67,
+    0x494a488c, 0xb9b6a80c, 0x5c8f82bc, 0x89d36b45,
+    0x3a609437, 0xec00c9a9, 0x44715253, 0x0a874b49,
+    0xd773bc40, 0x7c34671c, 0x02717ef6, 0x4feb5536,
+    0xa2d02fff, 0xd2bf60c4, 0xd43f03c0, 0x50b4ef6d,
+    0x07478cd1, 0x006e1888, 0xa2e53f55, 0xb9e6d4bc,
+    0xa2048016, 0x97573833, 0xd7207d67, 0xde0f8f3d,
+    0x72f87b33, 0xabcc4f33, 0x7688c55d, 0x7b00a6b0,
+    0x947b0001, 0x570075d2, 0xf9bb88f8, 0x8942019e,
+    0x4264a5ff, 0x856302e0, 0x72dbd92b, 0xee971b69,
+    0x6ea22fde, 0x5f08ae2b, 0xaf7a616d, 0xe5c98767,
+    0xcf1febd2, 0x61efc8c2, 0xf1ac2571, 0xcc8239c2,
+    0x67214cb8, 0xb1e583d1, 0xb7dc3e62, 0x7f10bdce,
+    0xf90a5c38, 0x0ff0443d, 0x606e6dc6, 0x60543a49,
+    0x5727c148, 0x2be98a1d, 0x8ab41738, 0x20e1be24,
+    0xaf96da0f, 0x68458425, 0x99833be5, 0x600d457d,
+    0x282f9350, 0x8334b362, 0xd91d1120, 0x2b6d8da0,
+    0x642b1e31, 0x9c305a00, 0x52bce688, 0x1b03588a,
+    0xf7baefd5, 0x4142ed9c, 0xa4315c11, 0x83323ec5,
+    0xdfef4636, 0xa133c501, 0xe9d3531c, 0xee353783,
+};
+
+const CAST_LONG CAST_S_table3[256] = {
+    0x9db30420, 0x1fb6e9de, 0xa7be7bef, 0xd273a298,
+    0x4a4f7bdb, 0x64ad8c57, 0x85510443, 0xfa020ed1,
+    0x7e287aff, 0xe60fb663, 0x095f35a1, 0x79ebf120,
+    0xfd059d43, 0x6497b7b1, 0xf3641f63, 0x241e4adf,
+    0x28147f5f, 0x4fa2b8cd, 0xc9430040, 0x0cc32220,
+    0xfdd30b30, 0xc0a5374f, 0x1d2d00d9, 0x24147b15,
+    0xee4d111a, 0x0fca5167, 0x71ff904c, 0x2d195ffe,
+    0x1a05645f, 0x0c13fefe, 0x081b08ca, 0x05170121,
+    0x80530100, 0xe83e5efe, 0xac9af4f8, 0x7fe72701,
+    0xd2b8ee5f, 0x06df4261, 0xbb9e9b8a, 0x7293ea25,
+    0xce84ffdf, 0xf5718801, 0x3dd64b04, 0xa26f263b,
+    0x7ed48400, 0x547eebe6, 0x446d4ca0, 0x6cf3d6f5,
+    0x2649abdf, 0xaea0c7f5, 0x36338cc1, 0x503f7e93,
+    0xd3772061, 0x11b638e1, 0x72500e03, 0xf80eb2bb,
+    0xabe0502e, 0xec8d77de, 0x57971e81, 0xe14f6746,
+    0xc9335400, 0x6920318f, 0x081dbb99, 0xffc304a5,
+    0x4d351805, 0x7f3d5ce3, 0xa6c866c6, 0x5d5bcca9,
+    0xdaec6fea, 0x9f926f91, 0x9f46222f, 0x3991467d,
+    0xa5bf6d8e, 0x1143c44f, 0x43958302, 0xd0214eeb,
+    0x022083b8, 0x3fb6180c, 0x18f8931e, 0x281658e6,
+    0x26486e3e, 0x8bd78a70, 0x7477e4c1, 0xb506e07c,
+    0xf32d0a25, 0x79098b02, 0xe4eabb81, 0x28123b23,
+    0x69dead38, 0x1574ca16, 0xdf871b62, 0x211c40b7,
+    0xa51a9ef9, 0x0014377b, 0x041e8ac8, 0x09114003,
+    0xbd59e4d2, 0xe3d156d5, 0x4fe876d5, 0x2f91a340,
+    0x557be8de, 0x00eae4a7, 0x0ce5c2ec, 0x4db4bba6,
+    0xe756bdff, 0xdd3369ac, 0xec17b035, 0x06572327,
+    0x99afc8b0, 0x56c8c391, 0x6b65811c, 0x5e146119,
+    0x6e85cb75, 0xbe07c002, 0xc2325577, 0x893ff4ec,
+    0x5bbfc92d, 0xd0ec3b25, 0xb7801ab7, 0x8d6d3b24,
+    0x20c763ef, 0xc366a5fc, 0x9c382880, 0x0ace3205,
+    0xaac9548a, 0xeca1d7c7, 0x041afa32, 0x1d16625a,
+    0x6701902c, 0x9b757a54, 0x31d477f7, 0x9126b031,
+    0x36cc6fdb, 0xc70b8b46, 0xd9e66a48, 0x56e55a79,
+    0x026a4ceb, 0x52437eff, 0x2f8f76b4, 0x0df980a5,
+    0x8674cde3, 0xedda04eb, 0x17a9be04, 0x2c18f4df,
+    0xb7747f9d, 0xab2af7b4, 0xefc34d20, 0x2e096b7c,
+    0x1741a254, 0xe5b6a035, 0x213d42f6, 0x2c1c7c26,
+    0x61c2f50f, 0x6552daf9, 0xd2c231f8, 0x25130f69,
+    0xd8167fa2, 0x0418f2c8, 0x001a96a6, 0x0d1526ab,
+    0x63315c21, 0x5e0a72ec, 0x49bafefd, 0x187908d9,
+    0x8d0dbd86, 0x311170a7, 0x3e9b640c, 0xcc3e10d7,
+    0xd5cad3b6, 0x0caec388, 0xf73001e1, 0x6c728aff,
+    0x71eae2a1, 0x1f9af36e, 0xcfcbd12f, 0xc1de8417,
+    0xac07be6b, 0xcb44a1d8, 0x8b9b0f56, 0x013988c3,
+    0xb1c52fca, 0xb4be31cd, 0xd8782806, 0x12a3a4e2,
+    0x6f7de532, 0x58fd7eb6, 0xd01ee900, 0x24adffc2,
+    0xf4990fc5, 0x9711aac5, 0x001d7b95, 0x82e5e7d2,
+    0x109873f6, 0x00613096, 0xc32d9521, 0xada121ff,
+    0x29908415, 0x7fbb977f, 0xaf9eb3db, 0x29c9ed2a,
+    0x5ce2a465, 0xa730f32c, 0xd0aa3fe8, 0x8a5cc091,
+    0xd49e2ce7, 0x0ce454a9, 0xd60acd86, 0x015f1919,
+    0x77079103, 0xdea03af6, 0x78a8565e, 0xdee356df,
+    0x21f05cbe, 0x8b75e387, 0xb3c50651, 0xb8a5c3ef,
+    0xd8eeb6d2, 0xe523be77, 0xc2154529, 0x2f69efdf,
+    0xafe67afb, 0xf470c4b2, 0xf3e0eb5b, 0xd6cc9876,
+    0x39e4460c, 0x1fda8538, 0x1987832f, 0xca007367,
+    0xa99144f8, 0x296b299e, 0x492fc295, 0x9266beab,
+    0xb5676e69, 0x9bd3ddda, 0xdf7e052f, 0xdb25701c,
+    0x1b5e51ee, 0xf65324e6, 0x6afce36c, 0x0316cc04,
+    0x8644213e, 0xb7dc59d0, 0x7965291f, 0xccd6fd43,
+    0x41823979, 0x932bcdf6, 0xb657c34d, 0x4edfd282,
+    0x7ae5290c, 0x3cb9536b, 0x851e20fe, 0x9833557e,
+    0x13ecf0b0, 0xd3ffb372, 0x3f85c5c1, 0x0aef7ed2,
+};
+
+const CAST_LONG CAST_S_table4[256] = {
+    0x7ec90c04, 0x2c6e74b9, 0x9b0e66df, 0xa6337911,
+    0xb86a7fff, 0x1dd358f5, 0x44dd9d44, 0x1731167f,
+    0x08fbf1fa, 0xe7f511cc, 0xd2051b00, 0x735aba00,
+    0x2ab722d8, 0x386381cb, 0xacf6243a, 0x69befd7a,
+    0xe6a2e77f, 0xf0c720cd, 0xc4494816, 0xccf5c180,
+    0x38851640, 0x15b0a848, 0xe68b18cb, 0x4caadeff,
+    0x5f480a01, 0x0412b2aa, 0x259814fc, 0x41d0efe2,
+    0x4e40b48d, 0x248eb6fb, 0x8dba1cfe, 0x41a99b02,
+    0x1a550a04, 0xba8f65cb, 0x7251f4e7, 0x95a51725,
+    0xc106ecd7, 0x97a5980a, 0xc539b9aa, 0x4d79fe6a,
+    0xf2f3f763, 0x68af8040, 0xed0c9e56, 0x11b4958b,
+    0xe1eb5a88, 0x8709e6b0, 0xd7e07156, 0x4e29fea7,
+    0x6366e52d, 0x02d1c000, 0xc4ac8e05, 0x9377f571,
+    0x0c05372a, 0x578535f2, 0x2261be02, 0xd642a0c9,
+    0xdf13a280, 0x74b55bd2, 0x682199c0, 0xd421e5ec,
+    0x53fb3ce8, 0xc8adedb3, 0x28a87fc9, 0x3d959981,
+    0x5c1ff900, 0xfe38d399, 0x0c4eff0b, 0x062407ea,
+    0xaa2f4fb1, 0x4fb96976, 0x90c79505, 0xb0a8a774,
+    0xef55a1ff, 0xe59ca2c2, 0xa6b62d27, 0xe66a4263,
+    0xdf65001f, 0x0ec50966, 0xdfdd55bc, 0x29de0655,
+    0x911e739a, 0x17af8975, 0x32c7911c, 0x89f89468,
+    0x0d01e980, 0x524755f4, 0x03b63cc9, 0x0cc844b2,
+    0xbcf3f0aa, 0x87ac36e9, 0xe53a7426, 0x01b3d82b,
+    0x1a9e7449, 0x64ee2d7e, 0xcddbb1da, 0x01c94910,
+    0xb868bf80, 0x0d26f3fd, 0x9342ede7, 0x04a5c284,
+    0x636737b6, 0x50f5b616, 0xf24766e3, 0x8eca36c1,
+    0x136e05db, 0xfef18391, 0xfb887a37, 0xd6e7f7d4,
+    0xc7fb7dc9, 0x3063fcdf, 0xb6f589de, 0xec2941da,
+    0x26e46695, 0xb7566419, 0xf654efc5, 0xd08d58b7,
+    0x48925401, 0xc1bacb7f, 0xe5ff550f, 0xb6083049,
+    0x5bb5d0e8, 0x87d72e5a, 0xab6a6ee1, 0x223a66ce,
+    0xc62bf3cd, 0x9e0885f9, 0x68cb3e47, 0x086c010f,
+    0xa21de820, 0xd18b69de, 0xf3f65777, 0xfa02c3f6,
+    0x407edac3, 0xcbb3d550, 0x1793084d, 0xb0d70eba,
+    0x0ab378d5, 0xd951fb0c, 0xded7da56, 0x4124bbe4,
+    0x94ca0b56, 0x0f5755d1, 0xe0e1e56e, 0x6184b5be,
+    0x580a249f, 0x94f74bc0, 0xe327888e, 0x9f7b5561,
+    0xc3dc0280, 0x05687715, 0x646c6bd7, 0x44904db3,
+    0x66b4f0a3, 0xc0f1648a, 0x697ed5af, 0x49e92ff6,
+    0x309e374f, 0x2cb6356a, 0x85808573, 0x4991f840,
+    0x76f0ae02, 0x083be84d, 0x28421c9a, 0x44489406,
+    0x736e4cb8, 0xc1092910, 0x8bc95fc6, 0x7d869cf4,
+    0x134f616f, 0x2e77118d, 0xb31b2be1, 0xaa90b472,
+    0x3ca5d717, 0x7d161bba, 0x9cad9010, 0xaf462ba2,
+    0x9fe459d2, 0x45d34559, 0xd9f2da13, 0xdbc65487,
+    0xf3e4f94e, 0x176d486f, 0x097c13ea, 0x631da5c7,
+    0x445f7382, 0x175683f4, 0xcdc66a97, 0x70be0288,
+    0xb3cdcf72, 0x6e5dd2f3, 0x20936079, 0x459b80a5,
+    0xbe60e2db, 0xa9c23101, 0xeba5315c, 0x224e42f2,
+    0x1c5c1572, 0xf6721b2c, 0x1ad2fff3, 0x8c25404e,
+    0x324ed72f, 0x4067b7fd, 0x0523138e, 0x5ca3bc78,
+    0xdc0fd66e, 0x75922283, 0x784d6b17, 0x58ebb16e,
+    0x44094f85, 0x3f481d87, 0xfcfeae7b, 0x77b5ff76,
+    0x8c2302bf, 0xaaf47556, 0x5f46b02a, 0x2b092801,
+    0x3d38f5f7, 0x0ca81f36, 0x52af4a8a, 0x66d5e7c0,
+    0xdf3b0874, 0x95055110, 0x1b5ad7a8, 0xf61ed5ad,
+    0x6cf6e479, 0x20758184, 0xd0cefa65, 0x88f7be58,
+    0x4a046826, 0x0ff6f8f3, 0xa09c7f70, 0x5346aba0,
+    0x5ce96c28, 0xe176eda3, 0x6bac307f, 0x376829d2,
+    0x85360fa9, 0x17e3fe2a, 0x24b79767, 0xf5a96b20,
+    0xd6cd2595, 0x68ff1ebf, 0x7555442c, 0xf19f06be,
+    0xf9e0659a, 0xeeb9491d, 0x34010718, 0xbb30cab8,
+    0xe822fe15, 0x88570983, 0x750e6249, 0xda627e55,
+    0x5e76ffa8, 0xb1534546, 0x6d47de08, 0xefe9e7d4,
+};
+
+const CAST_LONG CAST_S_table5[256] = {
+    0xf6fa8f9d, 0x2cac6ce1, 0x4ca34867, 0xe2337f7c,
+    0x95db08e7, 0x016843b4, 0xeced5cbc, 0x325553ac,
+    0xbf9f0960, 0xdfa1e2ed, 0x83f0579d, 0x63ed86b9,
+    0x1ab6a6b8, 0xde5ebe39, 0xf38ff732, 0x8989b138,
+    0x33f14961, 0xc01937bd, 0xf506c6da, 0xe4625e7e,
+    0xa308ea99, 0x4e23e33c, 0x79cbd7cc, 0x48a14367,
+    0xa3149619, 0xfec94bd5, 0xa114174a, 0xeaa01866,
+    0xa084db2d, 0x09a8486f, 0xa888614a, 0x2900af98,
+    0x01665991, 0xe1992863, 0xc8f30c60, 0x2e78ef3c,
+    0xd0d51932, 0xcf0fec14, 0xf7ca07d2, 0xd0a82072,
+    0xfd41197e, 0x9305a6b0, 0xe86be3da, 0x74bed3cd,
+    0x372da53c, 0x4c7f4448, 0xdab5d440, 0x6dba0ec3,
+    0x083919a7, 0x9fbaeed9, 0x49dbcfb0, 0x4e670c53,
+    0x5c3d9c01, 0x64bdb941, 0x2c0e636a, 0xba7dd9cd,
+    0xea6f7388, 0xe70bc762, 0x35f29adb, 0x5c4cdd8d,
+    0xf0d48d8c, 0xb88153e2, 0x08a19866, 0x1ae2eac8,
+    0x284caf89, 0xaa928223, 0x9334be53, 0x3b3a21bf,
+    0x16434be3, 0x9aea3906, 0xefe8c36e, 0xf890cdd9,
+    0x80226dae, 0xc340a4a3, 0xdf7e9c09, 0xa694a807,
+    0x5b7c5ecc, 0x221db3a6, 0x9a69a02f, 0x68818a54,
+    0xceb2296f, 0x53c0843a, 0xfe893655, 0x25bfe68a,
+    0xb4628abc, 0xcf222ebf, 0x25ac6f48, 0xa9a99387,
+    0x53bddb65, 0xe76ffbe7, 0xe967fd78, 0x0ba93563,
+    0x8e342bc1, 0xe8a11be9, 0x4980740d, 0xc8087dfc,
+    0x8de4bf99, 0xa11101a0, 0x7fd37975, 0xda5a26c0,
+    0xe81f994f, 0x9528cd89, 0xfd339fed, 0xb87834bf,
+    0x5f04456d, 0x22258698, 0xc9c4c83b, 0x2dc156be,
+    0x4f628daa, 0x57f55ec5, 0xe2220abe, 0xd2916ebf,
+    0x4ec75b95, 0x24f2c3c0, 0x42d15d99, 0xcd0d7fa0,
+    0x7b6e27ff, 0xa8dc8af0, 0x7345c106, 0xf41e232f,
+    0x35162386, 0xe6ea8926, 0x3333b094, 0x157ec6f2,
+    0x372b74af, 0x692573e4, 0xe9a9d848, 0xf3160289,
+    0x3a62ef1d, 0xa787e238, 0xf3a5f676, 0x74364853,
+    0x20951063, 0x4576698d, 0xb6fad407, 0x592af950,
+    0x36f73523, 0x4cfb6e87, 0x7da4cec0, 0x6c152daa,
+    0xcb0396a8, 0xc50dfe5d, 0xfcd707ab, 0x0921c42f,
+    0x89dff0bb, 0x5fe2be78, 0x448f4f33, 0x754613c9,
+    0x2b05d08d, 0x48b9d585, 0xdc049441, 0xc8098f9b,
+    0x7dede786, 0xc39a3373, 0x42410005, 0x6a091751,
+    0x0ef3c8a6, 0x890072d6, 0x28207682, 0xa9a9f7be,
+    0xbf32679d, 0xd45b5b75, 0xb353fd00, 0xcbb0e358,
+    0x830f220a, 0x1f8fb214, 0xd372cf08, 0xcc3c4a13,
+    0x8cf63166, 0x061c87be, 0x88c98f88, 0x6062e397,
+    0x47cf8e7a, 0xb6c85283, 0x3cc2acfb, 0x3fc06976,
+    0x4e8f0252, 0x64d8314d, 0xda3870e3, 0x1e665459,
+    0xc10908f0, 0x513021a5, 0x6c5b68b7, 0x822f8aa0,
+    0x3007cd3e, 0x74719eef, 0xdc872681, 0x073340d4,
+    0x7e432fd9, 0x0c5ec241, 0x8809286c, 0xf592d891,
+    0x08a930f6, 0x957ef305, 0xb7fbffbd, 0xc266e96f,
+    0x6fe4ac98, 0xb173ecc0, 0xbc60b42a, 0x953498da,
+    0xfba1ae12, 0x2d4bd736, 0x0f25faab, 0xa4f3fceb,
+    0xe2969123, 0x257f0c3d, 0x9348af49, 0x361400bc,
+    0xe8816f4a, 0x3814f200, 0xa3f94043, 0x9c7a54c2,
+    0xbc704f57, 0xda41e7f9, 0xc25ad33a, 0x54f4a084,
+    0xb17f5505, 0x59357cbe, 0xedbd15c8, 0x7f97c5ab,
+    0xba5ac7b5, 0xb6f6deaf, 0x3a479c3a, 0x5302da25,
+    0x653d7e6a, 0x54268d49, 0x51a477ea, 0x5017d55b,
+    0xd7d25d88, 0x44136c76, 0x0404a8c8, 0xb8e5a121,
+    0xb81a928a, 0x60ed5869, 0x97c55b96, 0xeaec991b,
+    0x29935913, 0x01fdb7f1, 0x088e8dfa, 0x9ab6f6f5,
+    0x3b4cbf9f, 0x4a5de3ab, 0xe6051d35, 0xa0e1d855,
+    0xd36b4cf1, 0xf544edeb, 0xb0e93524, 0xbebb8fbd,
+    0xa2d762cf, 0x49c92f54, 0x38b5f331, 0x7128a454,
+    0x48392905, 0xa65b1db8, 0x851c97bd, 0xd675cf2f,
+};
+
+const CAST_LONG CAST_S_table6[256] = {
+    0x85e04019, 0x332bf567, 0x662dbfff, 0xcfc65693,
+    0x2a8d7f6f, 0xab9bc912, 0xde6008a1, 0x2028da1f,
+    0x0227bce7, 0x4d642916, 0x18fac300, 0x50f18b82,
+    0x2cb2cb11, 0xb232e75c, 0x4b3695f2, 0xb28707de,
+    0xa05fbcf6, 0xcd4181e9, 0xe150210c, 0xe24ef1bd,
+    0xb168c381, 0xfde4e789, 0x5c79b0d8, 0x1e8bfd43,
+    0x4d495001, 0x38be4341, 0x913cee1d, 0x92a79c3f,
+    0x089766be, 0xbaeeadf4, 0x1286becf, 0xb6eacb19,
+    0x2660c200, 0x7565bde4, 0x64241f7a, 0x8248dca9,
+    0xc3b3ad66, 0x28136086, 0x0bd8dfa8, 0x356d1cf2,
+    0x107789be, 0xb3b2e9ce, 0x0502aa8f, 0x0bc0351e,
+    0x166bf52a, 0xeb12ff82, 0xe3486911, 0xd34d7516,
+    0x4e7b3aff, 0x5f43671b, 0x9cf6e037, 0x4981ac83,
+    0x334266ce, 0x8c9341b7, 0xd0d854c0, 0xcb3a6c88,
+    0x47bc2829, 0x4725ba37, 0xa66ad22b, 0x7ad61f1e,
+    0x0c5cbafa, 0x4437f107, 0xb6e79962, 0x42d2d816,
+    0x0a961288, 0xe1a5c06e, 0x13749e67, 0x72fc081a,
+    0xb1d139f7, 0xf9583745, 0xcf19df58, 0xbec3f756,
+    0xc06eba30, 0x07211b24, 0x45c28829, 0xc95e317f,
+    0xbc8ec511, 0x38bc46e9, 0xc6e6fa14, 0xbae8584a,
+    0xad4ebc46, 0x468f508b, 0x7829435f, 0xf124183b,
+    0x821dba9f, 0xaff60ff4, 0xea2c4e6d, 0x16e39264,
+    0x92544a8b, 0x009b4fc3, 0xaba68ced, 0x9ac96f78,
+    0x06a5b79a, 0xb2856e6e, 0x1aec3ca9, 0xbe838688,
+    0x0e0804e9, 0x55f1be56, 0xe7e5363b, 0xb3a1f25d,
+    0xf7debb85, 0x61fe033c, 0x16746233, 0x3c034c28,
+    0xda6d0c74, 0x79aac56c, 0x3ce4e1ad, 0x51f0c802,
+    0x98f8f35a, 0x1626a49f, 0xeed82b29, 0x1d382fe3,
+    0x0c4fb99a, 0xbb325778, 0x3ec6d97b, 0x6e77a6a9,
+    0xcb658b5c, 0xd45230c7, 0x2bd1408b, 0x60c03eb7,
+    0xb9068d78, 0xa33754f4, 0xf430c87d, 0xc8a71302,
+    0xb96d8c32, 0xebd4e7be, 0xbe8b9d2d, 0x7979fb06,
+    0xe7225308, 0x8b75cf77, 0x11ef8da4, 0xe083c858,
+    0x8d6b786f, 0x5a6317a6, 0xfa5cf7a0, 0x5dda0033,
+    0xf28ebfb0, 0xf5b9c310, 0xa0eac280, 0x08b9767a,
+    0xa3d9d2b0, 0x79d34217, 0x021a718d, 0x9ac6336a,
+    0x2711fd60, 0x438050e3, 0x069908a8, 0x3d7fedc4,
+    0x826d2bef, 0x4eeb8476, 0x488dcf25, 0x36c9d566,
+    0x28e74e41, 0xc2610aca, 0x3d49a9cf, 0xbae3b9df,
+    0xb65f8de6, 0x92aeaf64, 0x3ac7d5e6, 0x9ea80509,
+    0xf22b017d, 0xa4173f70, 0xdd1e16c3, 0x15e0d7f9,
+    0x50b1b887, 0x2b9f4fd5, 0x625aba82, 0x6a017962,
+    0x2ec01b9c, 0x15488aa9, 0xd716e740, 0x40055a2c,
+    0x93d29a22, 0xe32dbf9a, 0x058745b9, 0x3453dc1e,
+    0xd699296e, 0x496cff6f, 0x1c9f4986, 0xdfe2ed07,
+    0xb87242d1, 0x19de7eae, 0x053e561a, 0x15ad6f8c,
+    0x66626c1c, 0x7154c24c, 0xea082b2a, 0x93eb2939,
+    0x17dcb0f0, 0x58d4f2ae, 0x9ea294fb, 0x52cf564c,
+    0x9883fe66, 0x2ec40581, 0x763953c3, 0x01d6692e,
+    0xd3a0c108, 0xa1e7160e, 0xe4f2dfa6, 0x693ed285,
+    0x74904698, 0x4c2b0edd, 0x4f757656, 0x5d393378,
+    0xa132234f, 0x3d321c5d, 0xc3f5e194, 0x4b269301,
+    0xc79f022f, 0x3c997e7e, 0x5e4f9504, 0x3ffafbbd,
+    0x76f7ad0e, 0x296693f4, 0x3d1fce6f, 0xc61e45be,
+    0xd3b5ab34, 0xf72bf9b7, 0x1b0434c0, 0x4e72b567,
+    0x5592a33d, 0xb5229301, 0xcfd2a87f, 0x60aeb767,
+    0x1814386b, 0x30bcc33d, 0x38a0c07d, 0xfd1606f2,
+    0xc363519b, 0x589dd390, 0x5479f8e6, 0x1cb8d647,
+    0x97fd61a9, 0xea7759f4, 0x2d57539d, 0x569a58cf,
+    0xe84e63ad, 0x462e1b78, 0x6580f87e, 0xf3817914,
+    0x91da55f4, 0x40a230f3, 0xd1988f35, 0xb6e318d2,
+    0x3ffa50bc, 0x3d40f021, 0xc3c0bdae, 0x4958c24c,
+    0x518f36b2, 0x84b1d370, 0x0fedce83, 0x878ddada,
+    0xf2a279c7, 0x94e01be8, 0x90716f4b, 0x954b8aa3,
+};
+
+const CAST_LONG CAST_S_table7[256] = {
+    0xe216300d, 0xbbddfffc, 0xa7ebdabd, 0x35648095,
+    0x7789f8b7, 0xe6c1121b, 0x0e241600, 0x052ce8b5,
+    0x11a9cfb0, 0xe5952f11, 0xece7990a, 0x9386d174,
+    0x2a42931c, 0x76e38111, 0xb12def3a, 0x37ddddfc,
+    0xde9adeb1, 0x0a0cc32c, 0xbe197029, 0x84a00940,
+    0xbb243a0f, 0xb4d137cf, 0xb44e79f0, 0x049eedfd,
+    0x0b15a15d, 0x480d3168, 0x8bbbde5a, 0x669ded42,
+    0xc7ece831, 0x3f8f95e7, 0x72df191b, 0x7580330d,
+    0x94074251, 0x5c7dcdfa, 0xabbe6d63, 0xaa402164,
+    0xb301d40a, 0x02e7d1ca, 0x53571dae, 0x7a3182a2,
+    0x12a8ddec, 0xfdaa335d, 0x176f43e8, 0x71fb46d4,
+    0x38129022, 0xce949ad4, 0xb84769ad, 0x965bd862,
+    0x82f3d055, 0x66fb9767, 0x15b80b4e, 0x1d5b47a0,
+    0x4cfde06f, 0xc28ec4b8, 0x57e8726e, 0x647a78fc,
+    0x99865d44, 0x608bd593, 0x6c200e03, 0x39dc5ff6,
+    0x5d0b00a3, 0xae63aff2, 0x7e8bd632, 0x70108c0c,
+    0xbbd35049, 0x2998df04, 0x980cf42a, 0x9b6df491,
+    0x9e7edd53, 0x06918548, 0x58cb7e07, 0x3b74ef2e,
+    0x522fffb1, 0xd24708cc, 0x1c7e27cd, 0xa4eb215b,
+    0x3cf1d2e2, 0x19b47a38, 0x424f7618, 0x35856039,
+    0x9d17dee7, 0x27eb35e6, 0xc9aff67b, 0x36baf5b8,
+    0x09c467cd, 0xc18910b1, 0xe11dbf7b, 0x06cd1af8,
+    0x7170c608, 0x2d5e3354, 0xd4de495a, 0x64c6d006,
+    0xbcc0c62c, 0x3dd00db3, 0x708f8f34, 0x77d51b42,
+    0x264f620f, 0x24b8d2bf, 0x15c1b79e, 0x46a52564,
+    0xf8d7e54e, 0x3e378160, 0x7895cda5, 0x859c15a5,
+    0xe6459788, 0xc37bc75f, 0xdb07ba0c, 0x0676a3ab,
+    0x7f229b1e, 0x31842e7b, 0x24259fd7, 0xf8bef472,
+    0x835ffcb8, 0x6df4c1f2, 0x96f5b195, 0xfd0af0fc,
+    0xb0fe134c, 0xe2506d3d, 0x4f9b12ea, 0xf215f225,
+    0xa223736f, 0x9fb4c428, 0x25d04979, 0x34c713f8,
+    0xc4618187, 0xea7a6e98, 0x7cd16efc, 0x1436876c,
+    0xf1544107, 0xbedeee14, 0x56e9af27, 0xa04aa441,
+    0x3cf7c899, 0x92ecbae6, 0xdd67016d, 0x151682eb,
+    0xa842eedf, 0xfdba60b4, 0xf1907b75, 0x20e3030f,
+    0x24d8c29e, 0xe139673b, 0xefa63fb8, 0x71873054,
+    0xb6f2cf3b, 0x9f326442, 0xcb15a4cc, 0xb01a4504,
+    0xf1e47d8d, 0x844a1be5, 0xbae7dfdc, 0x42cbda70,
+    0xcd7dae0a, 0x57e85b7a, 0xd53f5af6, 0x20cf4d8c,
+    0xcea4d428, 0x79d130a4, 0x3486ebfb, 0x33d3cddc,
+    0x77853b53, 0x37effcb5, 0xc5068778, 0xe580b3e6,
+    0x4e68b8f4, 0xc5c8b37e, 0x0d809ea2, 0x398feb7c,
+    0x132a4f94, 0x43b7950e, 0x2fee7d1c, 0x223613bd,
+    0xdd06caa2, 0x37df932b, 0xc4248289, 0xacf3ebc3,
+    0x5715f6b7, 0xef3478dd, 0xf267616f, 0xc148cbe4,
+    0x9052815e, 0x5e410fab, 0xb48a2465, 0x2eda7fa4,
+    0xe87b40e4, 0xe98ea084, 0x5889e9e1, 0xefd390fc,
+    0xdd07d35b, 0xdb485694, 0x38d7e5b2, 0x57720101,
+    0x730edebc, 0x5b643113, 0x94917e4f, 0x503c2fba,
+    0x646f1282, 0x7523d24a, 0xe0779695, 0xf9c17a8f,
+    0x7a5b2121, 0xd187b896, 0x29263a4d, 0xba510cdf,
+    0x81f47c9f, 0xad1163ed, 0xea7b5965, 0x1a00726e,
+    0x11403092, 0x00da6d77, 0x4a0cdd61, 0xad1f4603,
+    0x605bdfb0, 0x9eedc364, 0x22ebe6a8, 0xcee7d28a,
+    0xa0e736a0, 0x5564a6b9, 0x10853209, 0xc7eb8f37,
+    0x2de705ca, 0x8951570f, 0xdf09822b, 0xbd691a6c,
+    0xaa12e4f2, 0x87451c0f, 0xe0f6a27a, 0x3ada4819,
+    0x4cf1764f, 0x0d771c2b, 0x67cdb156, 0x350d8384,
+    0x5938fa0f, 0x42399ef3, 0x36997b07, 0x0e84093d,
+    0x4aa93e61, 0x8360d87b, 0x1fa98b0c, 0x1149382c,
+    0xe97625a5, 0x0614d1b7, 0x0e25244b, 0x0c768347,
+    0x589e8d82, 0x0d2059d1, 0xa466bb1e, 0xf8da0a82,
+    0x04f19130, 0xba6e4ec0, 0x99265164, 0x1ee7230d,
+    0x50b2ad80, 0xeaee6801, 0x8db2a283, 0xea8bf59e,
+};
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/asm/chacha-armv4.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/asm/chacha-armv4.pl
new file mode 100755
index 000000000..d3fadcc63
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/asm/chacha-armv4.pl
@@ -0,0 +1,1160 @@
+#! /usr/bin/env perl
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# December 2014
+#
+# ChaCha20 for ARMv4.
+#
+# Performance in cycles per byte out of large buffer.
+#
+#			IALU/gcc-4.4    1xNEON      3xNEON+1xIALU
+#
+# Cortex-A5		19.3(*)/+95%    21.8        14.1
+# Cortex-A8		10.5(*)/+160%   13.9        6.35
+# Cortex-A9		12.9(**)/+110%  14.3        6.50
+# Cortex-A15		11.0/+40%       16.0        5.00
+# Snapdragon S4		11.5/+125%      13.6        4.90
+#
+# (*)	most "favourable" result for aligned data on little-endian
+#	processor, result for misaligned data is 10-15% lower;
+# (**)	this result is a trade-off: it can be improved by 20%,
+#	but then Snapdragon S4 and Cortex-A8 results get
+#	20-25% worse;
+
+$flavour = shift;
+if ($flavour=~/\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; }
+else { while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} }
+
+if ($flavour && $flavour ne "void") {
+    $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+    ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
+    ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
+    die "can't locate arm-xlate.pl";
+
+    open STDOUT,"| \"$^X\" $xlate $flavour $output";
+} else {
+    open STDOUT,">$output";
+}
+
+sub AUTOLOAD()		# thunk [simplified] x86-style perlasm
+{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://; $opcode =~ s/_/\./;
+  my $arg = pop;
+    $arg = "#$arg" if ($arg*1 eq $arg);
+    $code .= "\t$opcode\t".join(',',@_,$arg)."\n";
+}
+
+my @x=map("r$_",(0..7,"x","x","x","x",12,"x",14,"x"));
+my @t=map("r$_",(8..11));
+
+sub ROUND {
+my ($a0,$b0,$c0,$d0)=@_;
+my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0));
+my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1));
+my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2));
+my $odd = $d0&1;
+my ($xc,$xc_) = (@t[0..1]);
+my ($xd,$xd_) = $odd ? (@t[2],@x[$d1]) : (@x[$d0],@t[2]);
+my @ret;
+
+	# Consider order in which variables are addressed by their
+	# index:
+	#
+	#       a   b   c   d
+	#
+	#       0   4   8  12 < even round
+	#       1   5   9  13
+	#       2   6  10  14
+	#       3   7  11  15
+	#       0   5  10  15 < odd round
+	#       1   6  11  12
+	#       2   7   8  13
+	#       3   4   9  14
+	#
+	# 'a', 'b' are permanently allocated in registers, @x[0..7],
+	# while 'c's and pair of 'd's are maintained in memory. If
+	# you observe 'c' column, you'll notice that pair of 'c's is
+	# invariant between rounds. This means that we have to reload
+	# them once per round, in the middle. This is why you'll see
+	# bunch of 'c' stores and loads in the middle, but none in
+	# the beginning or end. If you observe 'd' column, you'll
+	# notice that 15 and 13 are reused in next pair of rounds.
+	# This is why these two are chosen for offloading to memory,
+	# to make loads count more.
+							push @ret,(
+	"&add	(@x[$a0],@x[$a0],@x[$b0])",
+	"&mov	($xd,$xd,'ror#16')",
+	 "&add	(@x[$a1],@x[$a1],@x[$b1])",
+	 "&mov	($xd_,$xd_,'ror#16')",
+	"&eor	($xd,$xd,@x[$a0],'ror#16')",
+	 "&eor	($xd_,$xd_,@x[$a1],'ror#16')",
+
+	"&add	($xc,$xc,$xd)",
+	"&mov	(@x[$b0],@x[$b0],'ror#20')",
+	 "&add	($xc_,$xc_,$xd_)",
+	 "&mov	(@x[$b1],@x[$b1],'ror#20')",
+	"&eor	(@x[$b0],@x[$b0],$xc,'ror#20')",
+	 "&eor	(@x[$b1],@x[$b1],$xc_,'ror#20')",
+
+	"&add	(@x[$a0],@x[$a0],@x[$b0])",
+	"&mov	($xd,$xd,'ror#24')",
+	 "&add	(@x[$a1],@x[$a1],@x[$b1])",
+	 "&mov	($xd_,$xd_,'ror#24')",
+	"&eor	($xd,$xd,@x[$a0],'ror#24')",
+	 "&eor	($xd_,$xd_,@x[$a1],'ror#24')",
+
+	"&add	($xc,$xc,$xd)",
+	"&mov	(@x[$b0],@x[$b0],'ror#25')"		);
+							push @ret,(
+	"&str	($xd,'[sp,#4*(16+$d0)]')",
+	"&ldr	($xd,'[sp,#4*(16+$d2)]')"		) if ($odd);
+							push @ret,(
+	 "&add	($xc_,$xc_,$xd_)",
+	 "&mov	(@x[$b1],@x[$b1],'ror#25')"		);
+							push @ret,(
+	 "&str	($xd_,'[sp,#4*(16+$d1)]')",
+	 "&ldr	($xd_,'[sp,#4*(16+$d3)]')"		) if (!$odd);
+							push @ret,(
+	"&eor	(@x[$b0],@x[$b0],$xc,'ror#25')",
+	 "&eor	(@x[$b1],@x[$b1],$xc_,'ror#25')"	);
+
+	$xd=@x[$d2]					if (!$odd);
+	$xd_=@x[$d3]					if ($odd);
+							push @ret,(
+	"&str	($xc,'[sp,#4*(16+$c0)]')",
+	"&ldr	($xc,'[sp,#4*(16+$c2)]')",
+	"&add	(@x[$a2],@x[$a2],@x[$b2])",
+	"&mov	($xd,$xd,'ror#16')",
+	 "&str	($xc_,'[sp,#4*(16+$c1)]')",
+	 "&ldr	($xc_,'[sp,#4*(16+$c3)]')",
+	 "&add	(@x[$a3],@x[$a3],@x[$b3])",
+	 "&mov	($xd_,$xd_,'ror#16')",
+	"&eor	($xd,$xd,@x[$a2],'ror#16')",
+	 "&eor	($xd_,$xd_,@x[$a3],'ror#16')",
+
+	"&add	($xc,$xc,$xd)",
+	"&mov	(@x[$b2],@x[$b2],'ror#20')",
+	 "&add	($xc_,$xc_,$xd_)",
+	 "&mov	(@x[$b3],@x[$b3],'ror#20')",
+	"&eor	(@x[$b2],@x[$b2],$xc,'ror#20')",
+	 "&eor	(@x[$b3],@x[$b3],$xc_,'ror#20')",
+
+	"&add	(@x[$a2],@x[$a2],@x[$b2])",
+	"&mov	($xd,$xd,'ror#24')",
+	 "&add	(@x[$a3],@x[$a3],@x[$b3])",
+	 "&mov	($xd_,$xd_,'ror#24')",
+	"&eor	($xd,$xd,@x[$a2],'ror#24')",
+	 "&eor	($xd_,$xd_,@x[$a3],'ror#24')",
+
+	"&add	($xc,$xc,$xd)",
+	"&mov	(@x[$b2],@x[$b2],'ror#25')",
+	 "&add	($xc_,$xc_,$xd_)",
+	 "&mov	(@x[$b3],@x[$b3],'ror#25')",
+	"&eor	(@x[$b2],@x[$b2],$xc,'ror#25')",
+	 "&eor	(@x[$b3],@x[$b3],$xc_,'ror#25')"	);
+
+	@ret;
+}
+
+$code.=<<___;
+#include "arm_arch.h"
+
+.text
+#if defined(__thumb2__) || defined(__clang__)
+.syntax	unified
+#endif
+#if defined(__thumb2__)
+.thumb
+#else
+.code	32
+#endif
+
+#if defined(__thumb2__) || defined(__clang__)
+#define ldrhsb	ldrbhs
+#endif
+
+.align	5
+.Lsigma:
+.long	0x61707865,0x3320646e,0x79622d32,0x6b206574	@ endian-neutral
+.Lone:
+.long	1,0,0,0
+#if __ARM_MAX_ARCH__>=7
+.LOPENSSL_armcap:
+.word   OPENSSL_armcap_P-.LChaCha20_ctr32
+#else
+.word	-1
+#endif
+
+.globl	ChaCha20_ctr32
+.type	ChaCha20_ctr32,%function
+.align	5
+ChaCha20_ctr32:
+.LChaCha20_ctr32:
+	ldr	r12,[sp,#0]		@ pull pointer to counter and nonce
+	stmdb	sp!,{r0-r2,r4-r11,lr}
+#if __ARM_ARCH__<7 && !defined(__thumb2__)
+	sub	r14,pc,#16		@ ChaCha20_ctr32
+#else
+	adr	r14,.LChaCha20_ctr32
+#endif
+	cmp	r2,#0			@ len==0?
+#ifdef	__thumb2__
+	itt	eq
+#endif
+	addeq	sp,sp,#4*3
+	beq	.Lno_data
+#if __ARM_MAX_ARCH__>=7
+	cmp	r2,#192			@ test len
+	bls	.Lshort
+	ldr	r4,[r14,#-32]
+	ldr	r4,[r14,r4]
+# ifdef	__APPLE__
+	ldr	r4,[r4]
+# endif
+	tst	r4,#ARMV7_NEON
+	bne	.LChaCha20_neon
+.Lshort:
+#endif
+	ldmia	r12,{r4-r7}		@ load counter and nonce
+	sub	sp,sp,#4*(16)		@ off-load area
+	sub	r14,r14,#64		@ .Lsigma
+	stmdb	sp!,{r4-r7}		@ copy counter and nonce
+	ldmia	r3,{r4-r11}		@ load key
+	ldmia	r14,{r0-r3}		@ load sigma
+	stmdb	sp!,{r4-r11}		@ copy key
+	stmdb	sp!,{r0-r3}		@ copy sigma
+	str	r10,[sp,#4*(16+10)]	@ off-load "@x[10]"
+	str	r11,[sp,#4*(16+11)]	@ off-load "@x[11]"
+	b	.Loop_outer_enter
+
+.align	4
+.Loop_outer:
+	ldmia	sp,{r0-r9}		@ load key material
+	str	@t[3],[sp,#4*(32+2)]	@ save len
+	str	r12,  [sp,#4*(32+1)]	@ save inp
+	str	r14,  [sp,#4*(32+0)]	@ save out
+.Loop_outer_enter:
+	ldr	@t[3], [sp,#4*(15)]
+	ldr	@x[12],[sp,#4*(12)]	@ modulo-scheduled load
+	ldr	@t[2], [sp,#4*(13)]
+	ldr	@x[14],[sp,#4*(14)]
+	str	@t[3], [sp,#4*(16+15)]
+	mov	@t[3],#10
+	b	.Loop
+
+.align	4
+.Loop:
+	subs	@t[3],@t[3],#1
+___
+	foreach (&ROUND(0, 4, 8,12)) { eval; }
+	foreach (&ROUND(0, 5,10,15)) { eval; }
+$code.=<<___;
+	bne	.Loop
+
+	ldr	@t[3],[sp,#4*(32+2)]	@ load len
+
+	str	@t[0], [sp,#4*(16+8)]	@ modulo-scheduled store
+	str	@t[1], [sp,#4*(16+9)]
+	str	@x[12],[sp,#4*(16+12)]
+	str	@t[2], [sp,#4*(16+13)]
+	str	@x[14],[sp,#4*(16+14)]
+
+	@ at this point we have first half of 512-bit result in
+	@ @x[0-7] and second half at sp+4*(16+8)
+
+	cmp	@t[3],#64		@ done yet?
+#ifdef	__thumb2__
+	itete	lo
+#endif
+	addlo	r12,sp,#4*(0)		@ shortcut or ...
+	ldrhs	r12,[sp,#4*(32+1)]	@ ... load inp
+	addlo	r14,sp,#4*(0)		@ shortcut or ...
+	ldrhs	r14,[sp,#4*(32+0)]	@ ... load out
+
+	ldr	@t[0],[sp,#4*(0)]	@ load key material
+	ldr	@t[1],[sp,#4*(1)]
+
+#if __ARM_ARCH__>=6 || !defined(__ARMEB__)
+# if __ARM_ARCH__<7
+	orr	@t[2],r12,r14
+	tst	@t[2],#3		@ are input and output aligned?
+	ldr	@t[2],[sp,#4*(2)]
+	bne	.Lunaligned
+	cmp	@t[3],#64		@ restore flags
+# else
+	ldr	@t[2],[sp,#4*(2)]
+# endif
+	ldr	@t[3],[sp,#4*(3)]
+
+	add	@x[0],@x[0],@t[0]	@ accumulate key material
+	add	@x[1],@x[1],@t[1]
+# ifdef	__thumb2__
+	itt	hs
+# endif
+	ldrhs	@t[0],[r12],#16		@ load input
+	ldrhs	@t[1],[r12,#-12]
+
+	add	@x[2],@x[2],@t[2]
+	add	@x[3],@x[3],@t[3]
+# ifdef	__thumb2__
+	itt	hs
+# endif
+	ldrhs	@t[2],[r12,#-8]
+	ldrhs	@t[3],[r12,#-4]
+# if __ARM_ARCH__>=6 && defined(__ARMEB__)
+	rev	@x[0],@x[0]
+	rev	@x[1],@x[1]
+	rev	@x[2],@x[2]
+	rev	@x[3],@x[3]
+# endif
+# ifdef	__thumb2__
+	itt	hs
+# endif
+	eorhs	@x[0],@x[0],@t[0]	@ xor with input
+	eorhs	@x[1],@x[1],@t[1]
+	 add	@t[0],sp,#4*(4)
+	str	@x[0],[r14],#16		@ store output
+# ifdef	__thumb2__
+	itt	hs
+# endif
+	eorhs	@x[2],@x[2],@t[2]
+	eorhs	@x[3],@x[3],@t[3]
+	 ldmia	@t[0],{@t[0]-@t[3]}	@ load key material
+	str	@x[1],[r14,#-12]
+	str	@x[2],[r14,#-8]
+	str	@x[3],[r14,#-4]
+
+	add	@x[4],@x[4],@t[0]	@ accumulate key material
+	add	@x[5],@x[5],@t[1]
+# ifdef	__thumb2__
+	itt	hs
+# endif
+	ldrhs	@t[0],[r12],#16		@ load input
+	ldrhs	@t[1],[r12,#-12]
+	add	@x[6],@x[6],@t[2]
+	add	@x[7],@x[7],@t[3]
+# ifdef	__thumb2__
+	itt	hs
+# endif
+	ldrhs	@t[2],[r12,#-8]
+	ldrhs	@t[3],[r12,#-4]
+# if __ARM_ARCH__>=6 && defined(__ARMEB__)
+	rev	@x[4],@x[4]
+	rev	@x[5],@x[5]
+	rev	@x[6],@x[6]
+	rev	@x[7],@x[7]
+# endif
+# ifdef	__thumb2__
+	itt	hs
+# endif
+	eorhs	@x[4],@x[4],@t[0]
+	eorhs	@x[5],@x[5],@t[1]
+	 add	@t[0],sp,#4*(8)
+	str	@x[4],[r14],#16		@ store output
+# ifdef	__thumb2__
+	itt	hs
+# endif
+	eorhs	@x[6],@x[6],@t[2]
+	eorhs	@x[7],@x[7],@t[3]
+	str	@x[5],[r14,#-12]
+	 ldmia	@t[0],{@t[0]-@t[3]}	@ load key material
+	str	@x[6],[r14,#-8]
+	 add	@x[0],sp,#4*(16+8)
+	str	@x[7],[r14,#-4]
+
+	ldmia	@x[0],{@x[0]-@x[7]}	@ load second half
+
+	add	@x[0],@x[0],@t[0]	@ accumulate key material
+	add	@x[1],@x[1],@t[1]
+# ifdef	__thumb2__
+	itt	hs
+# endif
+	ldrhs	@t[0],[r12],#16		@ load input
+	ldrhs	@t[1],[r12,#-12]
+# ifdef	__thumb2__
+	itt	hi
+# endif
+	 strhi	@t[2],[sp,#4*(16+10)]	@ copy "@x[10]" while at it
+	 strhi	@t[3],[sp,#4*(16+11)]	@ copy "@x[11]" while at it
+	add	@x[2],@x[2],@t[2]
+	add	@x[3],@x[3],@t[3]
+# ifdef	__thumb2__
+	itt	hs
+# endif
+	ldrhs	@t[2],[r12,#-8]
+	ldrhs	@t[3],[r12,#-4]
+# if __ARM_ARCH__>=6 && defined(__ARMEB__)
+	rev	@x[0],@x[0]
+	rev	@x[1],@x[1]
+	rev	@x[2],@x[2]
+	rev	@x[3],@x[3]
+# endif
+# ifdef	__thumb2__
+	itt	hs
+# endif
+	eorhs	@x[0],@x[0],@t[0]
+	eorhs	@x[1],@x[1],@t[1]
+	 add	@t[0],sp,#4*(12)
+	str	@x[0],[r14],#16		@ store output
+# ifdef	__thumb2__
+	itt	hs
+# endif
+	eorhs	@x[2],@x[2],@t[2]
+	eorhs	@x[3],@x[3],@t[3]
+	str	@x[1],[r14,#-12]
+	 ldmia	@t[0],{@t[0]-@t[3]}	@ load key material
+	str	@x[2],[r14,#-8]
+	str	@x[3],[r14,#-4]
+
+	add	@x[4],@x[4],@t[0]	@ accumulate key material
+	add	@x[5],@x[5],@t[1]
+# ifdef	__thumb2__
+	itt	hi
+# endif
+	 addhi	@t[0],@t[0],#1		@ next counter value
+	 strhi	@t[0],[sp,#4*(12)]	@ save next counter value
+# ifdef	__thumb2__
+	itt	hs
+# endif
+	ldrhs	@t[0],[r12],#16		@ load input
+	ldrhs	@t[1],[r12,#-12]
+	add	@x[6],@x[6],@t[2]
+	add	@x[7],@x[7],@t[3]
+# ifdef	__thumb2__
+	itt	hs
+# endif
+	ldrhs	@t[2],[r12,#-8]
+	ldrhs	@t[3],[r12,#-4]
+# if __ARM_ARCH__>=6 && defined(__ARMEB__)
+	rev	@x[4],@x[4]
+	rev	@x[5],@x[5]
+	rev	@x[6],@x[6]
+	rev	@x[7],@x[7]
+# endif
+# ifdef	__thumb2__
+	itt	hs
+# endif
+	eorhs	@x[4],@x[4],@t[0]
+	eorhs	@x[5],@x[5],@t[1]
+# ifdef	__thumb2__
+	 it	ne
+# endif
+	 ldrne	@t[0],[sp,#4*(32+2)]	@ re-load len
+# ifdef	__thumb2__
+	itt	hs
+# endif
+	eorhs	@x[6],@x[6],@t[2]
+	eorhs	@x[7],@x[7],@t[3]
+	str	@x[4],[r14],#16		@ store output
+	str	@x[5],[r14,#-12]
+# ifdef	__thumb2__
+	it	hs
+# endif
+	 subhs	@t[3],@t[0],#64		@ len-=64
+	str	@x[6],[r14,#-8]
+	str	@x[7],[r14,#-4]
+	bhi	.Loop_outer
+
+	beq	.Ldone
+# if __ARM_ARCH__<7
+	b	.Ltail
+
+.align	4
+.Lunaligned:				@ unaligned endian-neutral path
+	cmp	@t[3],#64		@ restore flags
+# endif
+#endif
+#if __ARM_ARCH__<7
+	ldr	@t[3],[sp,#4*(3)]
+___
+for ($i=0;$i<16;$i+=4) {
+my $j=$i&0x7;
+
+$code.=<<___	if ($i==4);
+	add	@x[0],sp,#4*(16+8)
+___
+$code.=<<___	if ($i==8);
+	ldmia	@x[0],{@x[0]-@x[7]}		@ load second half
+# ifdef	__thumb2__
+	itt	hi
+# endif
+	strhi	@t[2],[sp,#4*(16+10)]		@ copy "@x[10]"
+	strhi	@t[3],[sp,#4*(16+11)]		@ copy "@x[11]"
+___
+$code.=<<___;
+	add	@x[$j+0],@x[$j+0],@t[0]		@ accumulate key material
+___
+$code.=<<___	if ($i==12);
+# ifdef	__thumb2__
+	itt	hi
+# endif
+	addhi	@t[0],@t[0],#1			@ next counter value
+	strhi	@t[0],[sp,#4*(12)]		@ save next counter value
+___
+$code.=<<___;
+	add	@x[$j+1],@x[$j+1],@t[1]
+	add	@x[$j+2],@x[$j+2],@t[2]
+# ifdef	__thumb2__
+	itete	lo
+# endif
+	eorlo	@t[0],@t[0],@t[0]		@ zero or ...
+	ldrhsb	@t[0],[r12],#16			@ ... load input
+	eorlo	@t[1],@t[1],@t[1]
+	ldrhsb	@t[1],[r12,#-12]
+
+	add	@x[$j+3],@x[$j+3],@t[3]
+# ifdef	__thumb2__
+	itete	lo
+# endif
+	eorlo	@t[2],@t[2],@t[2]
+	ldrhsb	@t[2],[r12,#-8]
+	eorlo	@t[3],@t[3],@t[3]
+	ldrhsb	@t[3],[r12,#-4]
+
+	eor	@x[$j+0],@t[0],@x[$j+0]		@ xor with input (or zero)
+	eor	@x[$j+1],@t[1],@x[$j+1]
+# ifdef	__thumb2__
+	itt	hs
+# endif
+	ldrhsb	@t[0],[r12,#-15]		@ load more input
+	ldrhsb	@t[1],[r12,#-11]
+	eor	@x[$j+2],@t[2],@x[$j+2]
+	 strb	@x[$j+0],[r14],#16		@ store output
+	eor	@x[$j+3],@t[3],@x[$j+3]
+# ifdef	__thumb2__
+	itt	hs
+# endif
+	ldrhsb	@t[2],[r12,#-7]
+	ldrhsb	@t[3],[r12,#-3]
+	 strb	@x[$j+1],[r14,#-12]
+	eor	@x[$j+0],@t[0],@x[$j+0],lsr#8
+	 strb	@x[$j+2],[r14,#-8]
+	eor	@x[$j+1],@t[1],@x[$j+1],lsr#8
+# ifdef	__thumb2__
+	itt	hs
+# endif
+	ldrhsb	@t[0],[r12,#-14]		@ load more input
+	ldrhsb	@t[1],[r12,#-10]
+	 strb	@x[$j+3],[r14,#-4]
+	eor	@x[$j+2],@t[2],@x[$j+2],lsr#8
+	 strb	@x[$j+0],[r14,#-15]
+	eor	@x[$j+3],@t[3],@x[$j+3],lsr#8
+# ifdef	__thumb2__
+	itt	hs
+# endif
+	ldrhsb	@t[2],[r12,#-6]
+	ldrhsb	@t[3],[r12,#-2]
+	 strb	@x[$j+1],[r14,#-11]
+	eor	@x[$j+0],@t[0],@x[$j+0],lsr#8
+	 strb	@x[$j+2],[r14,#-7]
+	eor	@x[$j+1],@t[1],@x[$j+1],lsr#8
+# ifdef	__thumb2__
+	itt	hs
+# endif
+	ldrhsb	@t[0],[r12,#-13]		@ load more input
+	ldrhsb	@t[1],[r12,#-9]
+	 strb	@x[$j+3],[r14,#-3]
+	eor	@x[$j+2],@t[2],@x[$j+2],lsr#8
+	 strb	@x[$j+0],[r14,#-14]
+	eor	@x[$j+3],@t[3],@x[$j+3],lsr#8
+# ifdef	__thumb2__
+	itt	hs
+# endif
+	ldrhsb	@t[2],[r12,#-5]
+	ldrhsb	@t[3],[r12,#-1]
+	 strb	@x[$j+1],[r14,#-10]
+	 strb	@x[$j+2],[r14,#-6]
+	eor	@x[$j+0],@t[0],@x[$j+0],lsr#8
+	 strb	@x[$j+3],[r14,#-2]
+	eor	@x[$j+1],@t[1],@x[$j+1],lsr#8
+	 strb	@x[$j+0],[r14,#-13]
+	eor	@x[$j+2],@t[2],@x[$j+2],lsr#8
+	 strb	@x[$j+1],[r14,#-9]
+	eor	@x[$j+3],@t[3],@x[$j+3],lsr#8
+	 strb	@x[$j+2],[r14,#-5]
+	 strb	@x[$j+3],[r14,#-1]
+___
+$code.=<<___	if ($i<12);
+	add	@t[0],sp,#4*(4+$i)
+	ldmia	@t[0],{@t[0]-@t[3]}		@ load key material
+___
+}
+$code.=<<___;
+# ifdef	__thumb2__
+	it	ne
+# endif
+	ldrne	@t[0],[sp,#4*(32+2)]		@ re-load len
+# ifdef	__thumb2__
+	it	hs
+# endif
+	subhs	@t[3],@t[0],#64			@ len-=64
+	bhi	.Loop_outer
+
+	beq	.Ldone
+#endif
+
+.Ltail:
+	ldr	r12,[sp,#4*(32+1)]	@ load inp
+	add	@t[1],sp,#4*(0)
+	ldr	r14,[sp,#4*(32+0)]	@ load out
+
+.Loop_tail:
+	ldrb	@t[2],[@t[1]],#1	@ read buffer on stack
+	ldrb	@t[3],[r12],#1		@ read input
+	subs	@t[0],@t[0],#1
+	eor	@t[3],@t[3],@t[2]
+	strb	@t[3],[r14],#1		@ store output
+	bne	.Loop_tail
+
+.Ldone:
+	add	sp,sp,#4*(32+3)
+.Lno_data:
+	ldmia	sp!,{r4-r11,pc}
+.size	ChaCha20_ctr32,.-ChaCha20_ctr32
+___
+
+{{{
+my ($a0,$b0,$c0,$d0,$a1,$b1,$c1,$d1,$a2,$b2,$c2,$d2,$t0,$t1,$t2,$t3) =
+    map("q$_",(0..15));
+
+sub NEONROUND {
+my $odd = pop;
+my ($a,$b,$c,$d,$t)=@_;
+
+	(
+	"&vadd_i32	($a,$a,$b)",
+	"&veor		($d,$d,$a)",
+	"&vrev32_16	($d,$d)",	# vrot ($d,16)
+
+	"&vadd_i32	($c,$c,$d)",
+	"&veor		($t,$b,$c)",
+	"&vshr_u32	($b,$t,20)",
+	"&vsli_32	($b,$t,12)",
+
+	"&vadd_i32	($a,$a,$b)",
+	"&veor		($t,$d,$a)",
+	"&vshr_u32	($d,$t,24)",
+	"&vsli_32	($d,$t,8)",
+
+	"&vadd_i32	($c,$c,$d)",
+	"&veor		($t,$b,$c)",
+	"&vshr_u32	($b,$t,25)",
+	"&vsli_32	($b,$t,7)",
+
+	"&vext_8	($c,$c,$c,8)",
+	"&vext_8	($b,$b,$b,$odd?12:4)",
+	"&vext_8	($d,$d,$d,$odd?4:12)"
+	);
+}
+
+$code.=<<___;
+#if __ARM_MAX_ARCH__>=7
+.arch	armv7-a
+.fpu	neon
+
+.type	ChaCha20_neon,%function
+.align	5
+ChaCha20_neon:
+	ldr		r12,[sp,#0]		@ pull pointer to counter and nonce
+	stmdb		sp!,{r0-r2,r4-r11,lr}
+.LChaCha20_neon:
+	adr		r14,.Lsigma
+	vstmdb		sp!,{d8-d15}		@ ABI spec says so
+	stmdb		sp!,{r0-r3}
+
+	vld1.32		{$b0-$c0},[r3]		@ load key
+	ldmia		r3,{r4-r11}		@ load key
+
+	sub		sp,sp,#4*(16+16)
+	vld1.32		{$d0},[r12]		@ load counter and nonce
+	add		r12,sp,#4*8
+	ldmia		r14,{r0-r3}		@ load sigma
+	vld1.32		{$a0},[r14]!		@ load sigma
+	vld1.32		{$t0},[r14]		@ one
+	vst1.32		{$c0-$d0},[r12]		@ copy 1/2key|counter|nonce
+	vst1.32		{$a0-$b0},[sp]		@ copy sigma|1/2key
+
+	str		r10,[sp,#4*(16+10)]	@ off-load "@x[10]"
+	str		r11,[sp,#4*(16+11)]	@ off-load "@x[11]"
+	vshl.i32	$t1#lo,$t0#lo,#1	@ two
+	vstr		$t0#lo,[sp,#4*(16+0)]
+	vshl.i32	$t2#lo,$t0#lo,#2	@ four
+	vstr		$t1#lo,[sp,#4*(16+2)]
+	vmov		$a1,$a0
+	vstr		$t2#lo,[sp,#4*(16+4)]
+	vmov		$a2,$a0
+	vmov		$b1,$b0
+	vmov		$b2,$b0
+	b		.Loop_neon_enter
+
+.align	4
+.Loop_neon_outer:
+	ldmia		sp,{r0-r9}		@ load key material
+	cmp		@t[3],#64*2		@ if len<=64*2
+	bls		.Lbreak_neon		@ switch to integer-only
+	vmov		$a1,$a0
+	str		@t[3],[sp,#4*(32+2)]	@ save len
+	vmov		$a2,$a0
+	str		r12,  [sp,#4*(32+1)]	@ save inp
+	vmov		$b1,$b0
+	str		r14,  [sp,#4*(32+0)]	@ save out
+	vmov		$b2,$b0
+.Loop_neon_enter:
+	ldr		@t[3], [sp,#4*(15)]
+	vadd.i32	$d1,$d0,$t0		@ counter+1
+	ldr		@x[12],[sp,#4*(12)]	@ modulo-scheduled load
+	vmov		$c1,$c0
+	ldr		@t[2], [sp,#4*(13)]
+	vmov		$c2,$c0
+	ldr		@x[14],[sp,#4*(14)]
+	vadd.i32	$d2,$d1,$t0		@ counter+2
+	str		@t[3], [sp,#4*(16+15)]
+	mov		@t[3],#10
+	add		@x[12],@x[12],#3	@ counter+3
+	b		.Loop_neon
+
+.align	4
+.Loop_neon:
+	subs		@t[3],@t[3],#1
+___
+	my @thread0=&NEONROUND($a0,$b0,$c0,$d0,$t0,0);
+	my @thread1=&NEONROUND($a1,$b1,$c1,$d1,$t1,0);
+	my @thread2=&NEONROUND($a2,$b2,$c2,$d2,$t2,0);
+	my @thread3=&ROUND(0,4,8,12);
+
+	foreach (@thread0) {
+		eval;			eval(shift(@thread3));
+		eval(shift(@thread1));	eval(shift(@thread3));
+		eval(shift(@thread2));	eval(shift(@thread3));
+	}
+
+	@thread0=&NEONROUND($a0,$b0,$c0,$d0,$t0,1);
+	@thread1=&NEONROUND($a1,$b1,$c1,$d1,$t1,1);
+	@thread2=&NEONROUND($a2,$b2,$c2,$d2,$t2,1);
+	@thread3=&ROUND(0,5,10,15);
+
+	foreach (@thread0) {
+		eval;			eval(shift(@thread3));
+		eval(shift(@thread1));	eval(shift(@thread3));
+		eval(shift(@thread2));	eval(shift(@thread3));
+	}
+$code.=<<___;
+	bne		.Loop_neon
+
+	add		@t[3],sp,#32
+	vld1.32		{$t0-$t1},[sp]		@ load key material
+	vld1.32		{$t2-$t3},[@t[3]]
+
+	ldr		@t[3],[sp,#4*(32+2)]	@ load len
+
+	str		@t[0], [sp,#4*(16+8)]	@ modulo-scheduled store
+	str		@t[1], [sp,#4*(16+9)]
+	str		@x[12],[sp,#4*(16+12)]
+	str		@t[2], [sp,#4*(16+13)]
+	str		@x[14],[sp,#4*(16+14)]
+
+	@ at this point we have first half of 512-bit result in
+	@ @x[0-7] and second half at sp+4*(16+8)
+
+	ldr		r12,[sp,#4*(32+1)]	@ load inp
+	ldr		r14,[sp,#4*(32+0)]	@ load out
+
+	vadd.i32	$a0,$a0,$t0		@ accumulate key material
+	vadd.i32	$a1,$a1,$t0
+	vadd.i32	$a2,$a2,$t0
+	vldr		$t0#lo,[sp,#4*(16+0)]	@ one
+
+	vadd.i32	$b0,$b0,$t1
+	vadd.i32	$b1,$b1,$t1
+	vadd.i32	$b2,$b2,$t1
+	vldr		$t1#lo,[sp,#4*(16+2)]	@ two
+
+	vadd.i32	$c0,$c0,$t2
+	vadd.i32	$c1,$c1,$t2
+	vadd.i32	$c2,$c2,$t2
+	vadd.i32	$d1#lo,$d1#lo,$t0#lo	@ counter+1
+	vadd.i32	$d2#lo,$d2#lo,$t1#lo	@ counter+2
+
+	vadd.i32	$d0,$d0,$t3
+	vadd.i32	$d1,$d1,$t3
+	vadd.i32	$d2,$d2,$t3
+
+	cmp		@t[3],#64*4
+	blo		.Ltail_neon
+
+	vld1.8		{$t0-$t1},[r12]!	@ load input
+	 mov		@t[3],sp
+	vld1.8		{$t2-$t3},[r12]!
+	veor		$a0,$a0,$t0		@ xor with input
+	veor		$b0,$b0,$t1
+	vld1.8		{$t0-$t1},[r12]!
+	veor		$c0,$c0,$t2
+	veor		$d0,$d0,$t3
+	vld1.8		{$t2-$t3},[r12]!
+
+	veor		$a1,$a1,$t0
+	 vst1.8		{$a0-$b0},[r14]!	@ store output
+	veor		$b1,$b1,$t1
+	vld1.8		{$t0-$t1},[r12]!
+	veor		$c1,$c1,$t2
+	 vst1.8		{$c0-$d0},[r14]!
+	veor		$d1,$d1,$t3
+	vld1.8		{$t2-$t3},[r12]!
+
+	veor		$a2,$a2,$t0
+	 vld1.32	{$a0-$b0},[@t[3]]!	@ load for next iteration
+	 veor		$t0#hi,$t0#hi,$t0#hi
+	 vldr		$t0#lo,[sp,#4*(16+4)]	@ four
+	veor		$b2,$b2,$t1
+	 vld1.32	{$c0-$d0},[@t[3]]
+	veor		$c2,$c2,$t2
+	 vst1.8		{$a1-$b1},[r14]!
+	veor		$d2,$d2,$t3
+	 vst1.8		{$c1-$d1},[r14]!
+
+	vadd.i32	$d0#lo,$d0#lo,$t0#lo	@ next counter value
+	vldr		$t0#lo,[sp,#4*(16+0)]	@ one
+
+	ldmia		sp,{@t[0]-@t[3]}	@ load key material
+	add		@x[0],@x[0],@t[0]	@ accumulate key material
+	ldr		@t[0],[r12],#16		@ load input
+	 vst1.8		{$a2-$b2},[r14]!
+	add		@x[1],@x[1],@t[1]
+	ldr		@t[1],[r12,#-12]
+	 vst1.8		{$c2-$d2},[r14]!
+	add		@x[2],@x[2],@t[2]
+	ldr		@t[2],[r12,#-8]
+	add		@x[3],@x[3],@t[3]
+	ldr		@t[3],[r12,#-4]
+# ifdef	__ARMEB__
+	rev		@x[0],@x[0]
+	rev		@x[1],@x[1]
+	rev		@x[2],@x[2]
+	rev		@x[3],@x[3]
+# endif
+	eor		@x[0],@x[0],@t[0]	@ xor with input
+	 add		@t[0],sp,#4*(4)
+	eor		@x[1],@x[1],@t[1]
+	str		@x[0],[r14],#16		@ store output
+	eor		@x[2],@x[2],@t[2]
+	str		@x[1],[r14,#-12]
+	eor		@x[3],@x[3],@t[3]
+	 ldmia		@t[0],{@t[0]-@t[3]}	@ load key material
+	str		@x[2],[r14,#-8]
+	str		@x[3],[r14,#-4]
+
+	add		@x[4],@x[4],@t[0]	@ accumulate key material
+	ldr		@t[0],[r12],#16		@ load input
+	add		@x[5],@x[5],@t[1]
+	ldr		@t[1],[r12,#-12]
+	add		@x[6],@x[6],@t[2]
+	ldr		@t[2],[r12,#-8]
+	add		@x[7],@x[7],@t[3]
+	ldr		@t[3],[r12,#-4]
+# ifdef	__ARMEB__
+	rev		@x[4],@x[4]
+	rev		@x[5],@x[5]
+	rev		@x[6],@x[6]
+	rev		@x[7],@x[7]
+# endif
+	eor		@x[4],@x[4],@t[0]
+	 add		@t[0],sp,#4*(8)
+	eor		@x[5],@x[5],@t[1]
+	str		@x[4],[r14],#16		@ store output
+	eor		@x[6],@x[6],@t[2]
+	str		@x[5],[r14,#-12]
+	eor		@x[7],@x[7],@t[3]
+	 ldmia		@t[0],{@t[0]-@t[3]}	@ load key material
+	str		@x[6],[r14,#-8]
+	 add		@x[0],sp,#4*(16+8)
+	str		@x[7],[r14,#-4]
+
+	ldmia		@x[0],{@x[0]-@x[7]}	@ load second half
+
+	add		@x[0],@x[0],@t[0]	@ accumulate key material
+	ldr		@t[0],[r12],#16		@ load input
+	add		@x[1],@x[1],@t[1]
+	ldr		@t[1],[r12,#-12]
+# ifdef	__thumb2__
+	it	hi
+# endif
+	 strhi		@t[2],[sp,#4*(16+10)]	@ copy "@x[10]" while at it
+	add		@x[2],@x[2],@t[2]
+	ldr		@t[2],[r12,#-8]
+# ifdef	__thumb2__
+	it	hi
+# endif
+	 strhi		@t[3],[sp,#4*(16+11)]	@ copy "@x[11]" while at it
+	add		@x[3],@x[3],@t[3]
+	ldr		@t[3],[r12,#-4]
+# ifdef	__ARMEB__
+	rev		@x[0],@x[0]
+	rev		@x[1],@x[1]
+	rev		@x[2],@x[2]
+	rev		@x[3],@x[3]
+# endif
+	eor		@x[0],@x[0],@t[0]
+	 add		@t[0],sp,#4*(12)
+	eor		@x[1],@x[1],@t[1]
+	str		@x[0],[r14],#16		@ store output
+	eor		@x[2],@x[2],@t[2]
+	str		@x[1],[r14,#-12]
+	eor		@x[3],@x[3],@t[3]
+	 ldmia		@t[0],{@t[0]-@t[3]}	@ load key material
+	str		@x[2],[r14,#-8]
+	str		@x[3],[r14,#-4]
+
+	add		@x[4],@x[4],@t[0]	@ accumulate key material
+	 add		@t[0],@t[0],#4		@ next counter value
+	add		@x[5],@x[5],@t[1]
+	 str		@t[0],[sp,#4*(12)]	@ save next counter value
+	ldr		@t[0],[r12],#16		@ load input
+	add		@x[6],@x[6],@t[2]
+	 add		@x[4],@x[4],#3		@ counter+3
+	ldr		@t[1],[r12,#-12]
+	add		@x[7],@x[7],@t[3]
+	ldr		@t[2],[r12,#-8]
+	ldr		@t[3],[r12,#-4]
+# ifdef	__ARMEB__
+	rev		@x[4],@x[4]
+	rev		@x[5],@x[5]
+	rev		@x[6],@x[6]
+	rev		@x[7],@x[7]
+# endif
+	eor		@x[4],@x[4],@t[0]
+# ifdef	__thumb2__
+	it	hi
+# endif
+	 ldrhi		@t[0],[sp,#4*(32+2)]	@ re-load len
+	eor		@x[5],@x[5],@t[1]
+	eor		@x[6],@x[6],@t[2]
+	str		@x[4],[r14],#16		@ store output
+	eor		@x[7],@x[7],@t[3]
+	str		@x[5],[r14,#-12]
+	 sub		@t[3],@t[0],#64*4	@ len-=64*4
+	str		@x[6],[r14,#-8]
+	str		@x[7],[r14,#-4]
+	bhi		.Loop_neon_outer
+
+	b		.Ldone_neon
+
+.align	4
+.Lbreak_neon:
+	@ harmonize NEON and integer-only stack frames: load data
+	@ from NEON frame, but save to integer-only one; distance
+	@ between the two is 4*(32+4+16-32)=4*(20).
+
+	str		@t[3], [sp,#4*(20+32+2)]	@ save len
+	 add		@t[3],sp,#4*(32+4)
+	str		r12,   [sp,#4*(20+32+1)]	@ save inp
+	str		r14,   [sp,#4*(20+32+0)]	@ save out
+
+	ldr		@x[12],[sp,#4*(16+10)]
+	ldr		@x[14],[sp,#4*(16+11)]
+	 vldmia		@t[3],{d8-d15}			@ fulfill ABI requirement
+	str		@x[12],[sp,#4*(20+16+10)]	@ copy "@x[10]"
+	str		@x[14],[sp,#4*(20+16+11)]	@ copy "@x[11]"
+
+	ldr		@t[3], [sp,#4*(15)]
+	ldr		@x[12],[sp,#4*(12)]		@ modulo-scheduled load
+	ldr		@t[2], [sp,#4*(13)]
+	ldr		@x[14],[sp,#4*(14)]
+	str		@t[3], [sp,#4*(20+16+15)]
+	add		@t[3],sp,#4*(20)
+	vst1.32		{$a0-$b0},[@t[3]]!		@ copy key
+	add		sp,sp,#4*(20)			@ switch frame
+	vst1.32		{$c0-$d0},[@t[3]]
+	mov		@t[3],#10
+	b		.Loop				@ go integer-only
+
+.align	4
+.Ltail_neon:
+	cmp		@t[3],#64*3
+	bhs		.L192_or_more_neon
+	cmp		@t[3],#64*2
+	bhs		.L128_or_more_neon
+	cmp		@t[3],#64*1
+	bhs		.L64_or_more_neon
+
+	add		@t[0],sp,#4*(8)
+	vst1.8		{$a0-$b0},[sp]
+	add		@t[2],sp,#4*(0)
+	vst1.8		{$c0-$d0},[@t[0]]
+	b		.Loop_tail_neon
+
+.align	4
+.L64_or_more_neon:
+	vld1.8		{$t0-$t1},[r12]!
+	vld1.8		{$t2-$t3},[r12]!
+	veor		$a0,$a0,$t0
+	veor		$b0,$b0,$t1
+	veor		$c0,$c0,$t2
+	veor		$d0,$d0,$t3
+	vst1.8		{$a0-$b0},[r14]!
+	vst1.8		{$c0-$d0},[r14]!
+
+	beq		.Ldone_neon
+
+	add		@t[0],sp,#4*(8)
+	vst1.8		{$a1-$b1},[sp]
+	add		@t[2],sp,#4*(0)
+	vst1.8		{$c1-$d1},[@t[0]]
+	sub		@t[3],@t[3],#64*1	@ len-=64*1
+	b		.Loop_tail_neon
+
+.align	4
+.L128_or_more_neon:
+	vld1.8		{$t0-$t1},[r12]!
+	vld1.8		{$t2-$t3},[r12]!
+	veor		$a0,$a0,$t0
+	veor		$b0,$b0,$t1
+	vld1.8		{$t0-$t1},[r12]!
+	veor		$c0,$c0,$t2
+	veor		$d0,$d0,$t3
+	vld1.8		{$t2-$t3},[r12]!
+
+	veor		$a1,$a1,$t0
+	veor		$b1,$b1,$t1
+	 vst1.8		{$a0-$b0},[r14]!
+	veor		$c1,$c1,$t2
+	 vst1.8		{$c0-$d0},[r14]!
+	veor		$d1,$d1,$t3
+	vst1.8		{$a1-$b1},[r14]!
+	vst1.8		{$c1-$d1},[r14]!
+
+	beq		.Ldone_neon
+
+	add		@t[0],sp,#4*(8)
+	vst1.8		{$a2-$b2},[sp]
+	add		@t[2],sp,#4*(0)
+	vst1.8		{$c2-$d2},[@t[0]]
+	sub		@t[3],@t[3],#64*2	@ len-=64*2
+	b		.Loop_tail_neon
+
+.align	4
+.L192_or_more_neon:
+	vld1.8		{$t0-$t1},[r12]!
+	vld1.8		{$t2-$t3},[r12]!
+	veor		$a0,$a0,$t0
+	veor		$b0,$b0,$t1
+	vld1.8		{$t0-$t1},[r12]!
+	veor		$c0,$c0,$t2
+	veor		$d0,$d0,$t3
+	vld1.8		{$t2-$t3},[r12]!
+
+	veor		$a1,$a1,$t0
+	veor		$b1,$b1,$t1
+	vld1.8		{$t0-$t1},[r12]!
+	veor		$c1,$c1,$t2
+	 vst1.8		{$a0-$b0},[r14]!
+	veor		$d1,$d1,$t3
+	vld1.8		{$t2-$t3},[r12]!
+
+	veor		$a2,$a2,$t0
+	 vst1.8		{$c0-$d0},[r14]!
+	veor		$b2,$b2,$t1
+	 vst1.8		{$a1-$b1},[r14]!
+	veor		$c2,$c2,$t2
+	 vst1.8		{$c1-$d1},[r14]!
+	veor		$d2,$d2,$t3
+	vst1.8		{$a2-$b2},[r14]!
+	vst1.8		{$c2-$d2},[r14]!
+
+	beq		.Ldone_neon
+
+	ldmia		sp,{@t[0]-@t[3]}	@ load key material
+	add		@x[0],@x[0],@t[0]	@ accumulate key material
+	 add		@t[0],sp,#4*(4)
+	add		@x[1],@x[1],@t[1]
+	add		@x[2],@x[2],@t[2]
+	add		@x[3],@x[3],@t[3]
+	 ldmia		@t[0],{@t[0]-@t[3]}	@ load key material
+
+	add		@x[4],@x[4],@t[0]	@ accumulate key material
+	 add		@t[0],sp,#4*(8)
+	add		@x[5],@x[5],@t[1]
+	add		@x[6],@x[6],@t[2]
+	add		@x[7],@x[7],@t[3]
+	 ldmia		@t[0],{@t[0]-@t[3]}	@ load key material
+# ifdef	__ARMEB__
+	rev		@x[0],@x[0]
+	rev		@x[1],@x[1]
+	rev		@x[2],@x[2]
+	rev		@x[3],@x[3]
+	rev		@x[4],@x[4]
+	rev		@x[5],@x[5]
+	rev		@x[6],@x[6]
+	rev		@x[7],@x[7]
+# endif
+	stmia		sp,{@x[0]-@x[7]}
+	 add		@x[0],sp,#4*(16+8)
+
+	ldmia		@x[0],{@x[0]-@x[7]}	@ load second half
+
+	add		@x[0],@x[0],@t[0]	@ accumulate key material
+	 add		@t[0],sp,#4*(12)
+	add		@x[1],@x[1],@t[1]
+	add		@x[2],@x[2],@t[2]
+	add		@x[3],@x[3],@t[3]
+	 ldmia		@t[0],{@t[0]-@t[3]}	@ load key material
+
+	add		@x[4],@x[4],@t[0]	@ accumulate key material
+	 add		@t[0],sp,#4*(8)
+	add		@x[5],@x[5],@t[1]
+	 add		@x[4],@x[4],#3		@ counter+3
+	add		@x[6],@x[6],@t[2]
+	add		@x[7],@x[7],@t[3]
+	 ldr		@t[3],[sp,#4*(32+2)]	@ re-load len
+# ifdef	__ARMEB__
+	rev		@x[0],@x[0]
+	rev		@x[1],@x[1]
+	rev		@x[2],@x[2]
+	rev		@x[3],@x[3]
+	rev		@x[4],@x[4]
+	rev		@x[5],@x[5]
+	rev		@x[6],@x[6]
+	rev		@x[7],@x[7]
+# endif
+	stmia		@t[0],{@x[0]-@x[7]}
+	 add		@t[2],sp,#4*(0)
+	 sub		@t[3],@t[3],#64*3	@ len-=64*3
+
+.Loop_tail_neon:
+	ldrb		@t[0],[@t[2]],#1	@ read buffer on stack
+	ldrb		@t[1],[r12],#1		@ read input
+	subs		@t[3],@t[3],#1
+	eor		@t[0],@t[0],@t[1]
+	strb		@t[0],[r14],#1		@ store output
+	bne		.Loop_tail_neon
+
+.Ldone_neon:
+	add		sp,sp,#4*(32+4)
+	vldmia		sp,{d8-d15}
+	add		sp,sp,#4*(16+3)
+	ldmia		sp!,{r4-r11,pc}
+.size	ChaCha20_neon,.-ChaCha20_neon
+.comm	OPENSSL_armcap_P,4,4
+#endif
+___
+}}}
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/geo;
+
+	s/\bq([0-9]+)#(lo|hi)/sprintf "d%d",2*$1+($2 eq "hi")/geo;
+
+	print $_,"\n";
+}
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/asm/chacha-armv8.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/asm/chacha-armv8.pl
new file mode 100755
index 000000000..e90be6d0e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/asm/chacha-armv8.pl
@@ -0,0 +1,1144 @@
+#! /usr/bin/env perl
+# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# June 2015
+#
+# ChaCha20 for ARMv8.
+#
+# Performance in cycles per byte out of large buffer.
+#
+#			IALU/gcc-4.9    3xNEON+1xIALU	6xNEON+2xIALU
+#
+# Apple A7		5.50/+49%       3.33            1.70
+# Cortex-A53		8.40/+80%       4.72		4.72(*)
+# Cortex-A57		8.06/+43%       4.90            4.43(**)
+# Denver		4.50/+82%       2.63		2.67(*)
+# X-Gene		9.50/+46%       8.82		8.89(*)
+# Mongoose		8.00/+44%	3.64		3.25
+# Kryo			8.17/+50%	4.83		4.65
+#
+# (*)	it's expected that doubling interleave factor doesn't help
+#	all processors, only those with higher NEON latency and
+#	higher instruction issue rate;
+# (**)	expected improvement was actually higher;
+
+$flavour=shift;
+$output=shift;
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
+die "can't locate arm-xlate.pl";
+
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
+
+sub AUTOLOAD()		# thunk [simplified] x86-style perlasm
+{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://; $opcode =~ s/_/\./;
+  my $arg = pop;
+    $arg = "#$arg" if ($arg*1 eq $arg);
+    $code .= "\t$opcode\t".join(',',@_,$arg)."\n";
+}
+
+my ($out,$inp,$len,$key,$ctr) = map("x$_",(0..4));
+
+my @x=map("x$_",(5..17,19..21));
+my @d=map("x$_",(22..28,30));
+
+sub ROUND {
+my ($a0,$b0,$c0,$d0)=@_;
+my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0));
+my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1));
+my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2));
+
+    (
+	"&add_32	(@x[$a0],@x[$a0],@x[$b0])",
+	 "&add_32	(@x[$a1],@x[$a1],@x[$b1])",
+	  "&add_32	(@x[$a2],@x[$a2],@x[$b2])",
+	   "&add_32	(@x[$a3],@x[$a3],@x[$b3])",
+	"&eor_32	(@x[$d0],@x[$d0],@x[$a0])",
+	 "&eor_32	(@x[$d1],@x[$d1],@x[$a1])",
+	  "&eor_32	(@x[$d2],@x[$d2],@x[$a2])",
+	   "&eor_32	(@x[$d3],@x[$d3],@x[$a3])",
+	"&ror_32	(@x[$d0],@x[$d0],16)",
+	 "&ror_32	(@x[$d1],@x[$d1],16)",
+	  "&ror_32	(@x[$d2],@x[$d2],16)",
+	   "&ror_32	(@x[$d3],@x[$d3],16)",
+
+	"&add_32	(@x[$c0],@x[$c0],@x[$d0])",
+	 "&add_32	(@x[$c1],@x[$c1],@x[$d1])",
+	  "&add_32	(@x[$c2],@x[$c2],@x[$d2])",
+	   "&add_32	(@x[$c3],@x[$c3],@x[$d3])",
+	"&eor_32	(@x[$b0],@x[$b0],@x[$c0])",
+	 "&eor_32	(@x[$b1],@x[$b1],@x[$c1])",
+	  "&eor_32	(@x[$b2],@x[$b2],@x[$c2])",
+	   "&eor_32	(@x[$b3],@x[$b3],@x[$c3])",
+	"&ror_32	(@x[$b0],@x[$b0],20)",
+	 "&ror_32	(@x[$b1],@x[$b1],20)",
+	  "&ror_32	(@x[$b2],@x[$b2],20)",
+	   "&ror_32	(@x[$b3],@x[$b3],20)",
+
+	"&add_32	(@x[$a0],@x[$a0],@x[$b0])",
+	 "&add_32	(@x[$a1],@x[$a1],@x[$b1])",
+	  "&add_32	(@x[$a2],@x[$a2],@x[$b2])",
+	   "&add_32	(@x[$a3],@x[$a3],@x[$b3])",
+	"&eor_32	(@x[$d0],@x[$d0],@x[$a0])",
+	 "&eor_32	(@x[$d1],@x[$d1],@x[$a1])",
+	  "&eor_32	(@x[$d2],@x[$d2],@x[$a2])",
+	   "&eor_32	(@x[$d3],@x[$d3],@x[$a3])",
+	"&ror_32	(@x[$d0],@x[$d0],24)",
+	 "&ror_32	(@x[$d1],@x[$d1],24)",
+	  "&ror_32	(@x[$d2],@x[$d2],24)",
+	   "&ror_32	(@x[$d3],@x[$d3],24)",
+
+	"&add_32	(@x[$c0],@x[$c0],@x[$d0])",
+	 "&add_32	(@x[$c1],@x[$c1],@x[$d1])",
+	  "&add_32	(@x[$c2],@x[$c2],@x[$d2])",
+	   "&add_32	(@x[$c3],@x[$c3],@x[$d3])",
+	"&eor_32	(@x[$b0],@x[$b0],@x[$c0])",
+	 "&eor_32	(@x[$b1],@x[$b1],@x[$c1])",
+	  "&eor_32	(@x[$b2],@x[$b2],@x[$c2])",
+	   "&eor_32	(@x[$b3],@x[$b3],@x[$c3])",
+	"&ror_32	(@x[$b0],@x[$b0],25)",
+	 "&ror_32	(@x[$b1],@x[$b1],25)",
+	  "&ror_32	(@x[$b2],@x[$b2],25)",
+	   "&ror_32	(@x[$b3],@x[$b3],25)"
+    );
+}
+
+$code.=<<___;
+#include "arm_arch.h"
+
+.text
+
+.extern	OPENSSL_armcap_P
+
+.align	5
+.Lsigma:
+.quad	0x3320646e61707865,0x6b20657479622d32		// endian-neutral
+.Lone:
+.long	1,0,0,0
+.LOPENSSL_armcap_P:
+#ifdef	__ILP32__
+.long	OPENSSL_armcap_P-.
+#else
+.quad	OPENSSL_armcap_P-.
+#endif
+.asciz	"ChaCha20 for ARMv8, CRYPTOGAMS by <appro\@openssl.org>"
+
+.globl	ChaCha20_ctr32
+.type	ChaCha20_ctr32,%function
+.align	5
+ChaCha20_ctr32:
+	cbz	$len,.Labort
+	adr	@x[0],.LOPENSSL_armcap_P
+	cmp	$len,#192
+	b.lo	.Lshort
+#ifdef	__ILP32__
+	ldrsw	@x[1],[@x[0]]
+#else
+	ldr	@x[1],[@x[0]]
+#endif
+	ldr	w17,[@x[1],@x[0]]
+	tst	w17,#ARMV7_NEON
+	b.ne	ChaCha20_neon
+
+.Lshort:
+	.inst	0xd503233f			// paciasp
+	stp	x29,x30,[sp,#-96]!
+	add	x29,sp,#0
+
+	adr	@x[0],.Lsigma
+	stp	x19,x20,[sp,#16]
+	stp	x21,x22,[sp,#32]
+	stp	x23,x24,[sp,#48]
+	stp	x25,x26,[sp,#64]
+	stp	x27,x28,[sp,#80]
+	sub	sp,sp,#64
+
+	ldp	@d[0],@d[1],[@x[0]]		// load sigma
+	ldp	@d[2],@d[3],[$key]		// load key
+	ldp	@d[4],@d[5],[$key,#16]
+	ldp	@d[6],@d[7],[$ctr]		// load counter
+#ifdef	__ARMEB__
+	ror	@d[2],@d[2],#32
+	ror	@d[3],@d[3],#32
+	ror	@d[4],@d[4],#32
+	ror	@d[5],@d[5],#32
+	ror	@d[6],@d[6],#32
+	ror	@d[7],@d[7],#32
+#endif
+
+.Loop_outer:
+	mov.32	@x[0],@d[0]			// unpack key block
+	lsr	@x[1],@d[0],#32
+	mov.32	@x[2],@d[1]
+	lsr	@x[3],@d[1],#32
+	mov.32	@x[4],@d[2]
+	lsr	@x[5],@d[2],#32
+	mov.32	@x[6],@d[3]
+	lsr	@x[7],@d[3],#32
+	mov.32	@x[8],@d[4]
+	lsr	@x[9],@d[4],#32
+	mov.32	@x[10],@d[5]
+	lsr	@x[11],@d[5],#32
+	mov.32	@x[12],@d[6]
+	lsr	@x[13],@d[6],#32
+	mov.32	@x[14],@d[7]
+	lsr	@x[15],@d[7],#32
+
+	mov	$ctr,#10
+	subs	$len,$len,#64
+.Loop:
+	sub	$ctr,$ctr,#1
+___
+	foreach (&ROUND(0, 4, 8,12)) { eval; }
+	foreach (&ROUND(0, 5,10,15)) { eval; }
+$code.=<<___;
+	cbnz	$ctr,.Loop
+
+	add.32	@x[0],@x[0],@d[0]		// accumulate key block
+	add	@x[1],@x[1],@d[0],lsr#32
+	add.32	@x[2],@x[2],@d[1]
+	add	@x[3],@x[3],@d[1],lsr#32
+	add.32	@x[4],@x[4],@d[2]
+	add	@x[5],@x[5],@d[2],lsr#32
+	add.32	@x[6],@x[6],@d[3]
+	add	@x[7],@x[7],@d[3],lsr#32
+	add.32	@x[8],@x[8],@d[4]
+	add	@x[9],@x[9],@d[4],lsr#32
+	add.32	@x[10],@x[10],@d[5]
+	add	@x[11],@x[11],@d[5],lsr#32
+	add.32	@x[12],@x[12],@d[6]
+	add	@x[13],@x[13],@d[6],lsr#32
+	add.32	@x[14],@x[14],@d[7]
+	add	@x[15],@x[15],@d[7],lsr#32
+
+	b.lo	.Ltail
+
+	add	@x[0],@x[0],@x[1],lsl#32	// pack
+	add	@x[2],@x[2],@x[3],lsl#32
+	ldp	@x[1],@x[3],[$inp,#0]		// load input
+	add	@x[4],@x[4],@x[5],lsl#32
+	add	@x[6],@x[6],@x[7],lsl#32
+	ldp	@x[5],@x[7],[$inp,#16]
+	add	@x[8],@x[8],@x[9],lsl#32
+	add	@x[10],@x[10],@x[11],lsl#32
+	ldp	@x[9],@x[11],[$inp,#32]
+	add	@x[12],@x[12],@x[13],lsl#32
+	add	@x[14],@x[14],@x[15],lsl#32
+	ldp	@x[13],@x[15],[$inp,#48]
+	add	$inp,$inp,#64
+#ifdef	__ARMEB__
+	rev	@x[0],@x[0]
+	rev	@x[2],@x[2]
+	rev	@x[4],@x[4]
+	rev	@x[6],@x[6]
+	rev	@x[8],@x[8]
+	rev	@x[10],@x[10]
+	rev	@x[12],@x[12]
+	rev	@x[14],@x[14]
+#endif
+	eor	@x[0],@x[0],@x[1]
+	eor	@x[2],@x[2],@x[3]
+	eor	@x[4],@x[4],@x[5]
+	eor	@x[6],@x[6],@x[7]
+	eor	@x[8],@x[8],@x[9]
+	eor	@x[10],@x[10],@x[11]
+	eor	@x[12],@x[12],@x[13]
+	eor	@x[14],@x[14],@x[15]
+
+	stp	@x[0],@x[2],[$out,#0]		// store output
+	 add	@d[6],@d[6],#1			// increment counter
+	stp	@x[4],@x[6],[$out,#16]
+	stp	@x[8],@x[10],[$out,#32]
+	stp	@x[12],@x[14],[$out,#48]
+	add	$out,$out,#64
+
+	b.hi	.Loop_outer
+
+	ldp	x19,x20,[x29,#16]
+	add	sp,sp,#64
+	ldp	x21,x22,[x29,#32]
+	ldp	x23,x24,[x29,#48]
+	ldp	x25,x26,[x29,#64]
+	ldp	x27,x28,[x29,#80]
+	ldp	x29,x30,[sp],#96
+	.inst	0xd50323bf			// autiasp
+.Labort:
+	ret
+
+.align	4
+.Ltail:
+	add	$len,$len,#64
+.Less_than_64:
+	sub	$out,$out,#1
+	add	$inp,$inp,$len
+	add	$out,$out,$len
+	add	$ctr,sp,$len
+	neg	$len,$len
+
+	add	@x[0],@x[0],@x[1],lsl#32	// pack
+	add	@x[2],@x[2],@x[3],lsl#32
+	add	@x[4],@x[4],@x[5],lsl#32
+	add	@x[6],@x[6],@x[7],lsl#32
+	add	@x[8],@x[8],@x[9],lsl#32
+	add	@x[10],@x[10],@x[11],lsl#32
+	add	@x[12],@x[12],@x[13],lsl#32
+	add	@x[14],@x[14],@x[15],lsl#32
+#ifdef	__ARMEB__
+	rev	@x[0],@x[0]
+	rev	@x[2],@x[2]
+	rev	@x[4],@x[4]
+	rev	@x[6],@x[6]
+	rev	@x[8],@x[8]
+	rev	@x[10],@x[10]
+	rev	@x[12],@x[12]
+	rev	@x[14],@x[14]
+#endif
+	stp	@x[0],@x[2],[sp,#0]
+	stp	@x[4],@x[6],[sp,#16]
+	stp	@x[8],@x[10],[sp,#32]
+	stp	@x[12],@x[14],[sp,#48]
+
+.Loop_tail:
+	ldrb	w10,[$inp,$len]
+	ldrb	w11,[$ctr,$len]
+	add	$len,$len,#1
+	eor	w10,w10,w11
+	strb	w10,[$out,$len]
+	cbnz	$len,.Loop_tail
+
+	stp	xzr,xzr,[sp,#0]
+	stp	xzr,xzr,[sp,#16]
+	stp	xzr,xzr,[sp,#32]
+	stp	xzr,xzr,[sp,#48]
+
+	ldp	x19,x20,[x29,#16]
+	add	sp,sp,#64
+	ldp	x21,x22,[x29,#32]
+	ldp	x23,x24,[x29,#48]
+	ldp	x25,x26,[x29,#64]
+	ldp	x27,x28,[x29,#80]
+	ldp	x29,x30,[sp],#96
+	.inst	0xd50323bf			// autiasp
+	ret
+.size	ChaCha20_ctr32,.-ChaCha20_ctr32
+___
+
+{{{
+my ($A0,$B0,$C0,$D0,$A1,$B1,$C1,$D1,$A2,$B2,$C2,$D2,$T0,$T1,$T2,$T3) =
+    map("v$_.4s",(0..7,16..23));
+my (@K)=map("v$_.4s",(24..30));
+my $ONE="v31.4s";
+
+sub NEONROUND {
+my $odd = pop;
+my ($a,$b,$c,$d,$t)=@_;
+
+	(
+	"&add		('$a','$a','$b')",
+	"&eor		('$d','$d','$a')",
+	"&rev32_16	('$d','$d')",		# vrot ($d,16)
+
+	"&add		('$c','$c','$d')",
+	"&eor		('$t','$b','$c')",
+	"&ushr		('$b','$t',20)",
+	"&sli		('$b','$t',12)",
+
+	"&add		('$a','$a','$b')",
+	"&eor		('$t','$d','$a')",
+	"&ushr		('$d','$t',24)",
+	"&sli		('$d','$t',8)",
+
+	"&add		('$c','$c','$d')",
+	"&eor		('$t','$b','$c')",
+	"&ushr		('$b','$t',25)",
+	"&sli		('$b','$t',7)",
+
+	"&ext		('$c','$c','$c',8)",
+	"&ext		('$d','$d','$d',$odd?4:12)",
+	"&ext		('$b','$b','$b',$odd?12:4)"
+	);
+}
+
+$code.=<<___;
+
+.type	ChaCha20_neon,%function
+.align	5
+ChaCha20_neon:
+	.inst	0xd503233f			// paciasp
+	stp	x29,x30,[sp,#-96]!
+	add	x29,sp,#0
+
+	adr	@x[0],.Lsigma
+	stp	x19,x20,[sp,#16]
+	stp	x21,x22,[sp,#32]
+	stp	x23,x24,[sp,#48]
+	stp	x25,x26,[sp,#64]
+	stp	x27,x28,[sp,#80]
+	cmp	$len,#512
+	b.hs	.L512_or_more_neon
+
+	sub	sp,sp,#64
+
+	ldp	@d[0],@d[1],[@x[0]]		// load sigma
+	ld1	{@K[0]},[@x[0]],#16
+	ldp	@d[2],@d[3],[$key]		// load key
+	ldp	@d[4],@d[5],[$key,#16]
+	ld1	{@K[1],@K[2]},[$key]
+	ldp	@d[6],@d[7],[$ctr]		// load counter
+	ld1	{@K[3]},[$ctr]
+	ld1	{$ONE},[@x[0]]
+#ifdef	__ARMEB__
+	rev64	@K[0],@K[0]
+	ror	@d[2],@d[2],#32
+	ror	@d[3],@d[3],#32
+	ror	@d[4],@d[4],#32
+	ror	@d[5],@d[5],#32
+	ror	@d[6],@d[6],#32
+	ror	@d[7],@d[7],#32
+#endif
+	add	@K[3],@K[3],$ONE		// += 1
+	add	@K[4],@K[3],$ONE
+	add	@K[5],@K[4],$ONE
+	shl	$ONE,$ONE,#2			// 1 -> 4
+
+.Loop_outer_neon:
+	mov.32	@x[0],@d[0]			// unpack key block
+	lsr	@x[1],@d[0],#32
+	 mov	$A0,@K[0]
+	mov.32	@x[2],@d[1]
+	lsr	@x[3],@d[1],#32
+	 mov	$A1,@K[0]
+	mov.32	@x[4],@d[2]
+	lsr	@x[5],@d[2],#32
+	 mov	$A2,@K[0]
+	mov.32	@x[6],@d[3]
+	 mov	$B0,@K[1]
+	lsr	@x[7],@d[3],#32
+	 mov	$B1,@K[1]
+	mov.32	@x[8],@d[4]
+	 mov	$B2,@K[1]
+	lsr	@x[9],@d[4],#32
+	 mov	$D0,@K[3]
+	mov.32	@x[10],@d[5]
+	 mov	$D1,@K[4]
+	lsr	@x[11],@d[5],#32
+	 mov	$D2,@K[5]
+	mov.32	@x[12],@d[6]
+	 mov	$C0,@K[2]
+	lsr	@x[13],@d[6],#32
+	 mov	$C1,@K[2]
+	mov.32	@x[14],@d[7]
+	 mov	$C2,@K[2]
+	lsr	@x[15],@d[7],#32
+
+	mov	$ctr,#10
+	subs	$len,$len,#256
+.Loop_neon:
+	sub	$ctr,$ctr,#1
+___
+	my @thread0=&NEONROUND($A0,$B0,$C0,$D0,$T0,0);
+	my @thread1=&NEONROUND($A1,$B1,$C1,$D1,$T1,0);
+	my @thread2=&NEONROUND($A2,$B2,$C2,$D2,$T2,0);
+	my @thread3=&ROUND(0,4,8,12);
+
+	foreach (@thread0) {
+		eval;			eval(shift(@thread3));
+		eval(shift(@thread1));	eval(shift(@thread3));
+		eval(shift(@thread2));	eval(shift(@thread3));
+	}
+
+	@thread0=&NEONROUND($A0,$B0,$C0,$D0,$T0,1);
+	@thread1=&NEONROUND($A1,$B1,$C1,$D1,$T1,1);
+	@thread2=&NEONROUND($A2,$B2,$C2,$D2,$T2,1);
+	@thread3=&ROUND(0,5,10,15);
+
+	foreach (@thread0) {
+		eval;			eval(shift(@thread3));
+		eval(shift(@thread1));	eval(shift(@thread3));
+		eval(shift(@thread2));	eval(shift(@thread3));
+	}
+$code.=<<___;
+	cbnz	$ctr,.Loop_neon
+
+	add.32	@x[0],@x[0],@d[0]		// accumulate key block
+	 add	$A0,$A0,@K[0]
+	add	@x[1],@x[1],@d[0],lsr#32
+	 add	$A1,$A1,@K[0]
+	add.32	@x[2],@x[2],@d[1]
+	 add	$A2,$A2,@K[0]
+	add	@x[3],@x[3],@d[1],lsr#32
+	 add	$C0,$C0,@K[2]
+	add.32	@x[4],@x[4],@d[2]
+	 add	$C1,$C1,@K[2]
+	add	@x[5],@x[5],@d[2],lsr#32
+	 add	$C2,$C2,@K[2]
+	add.32	@x[6],@x[6],@d[3]
+	 add	$D0,$D0,@K[3]
+	add	@x[7],@x[7],@d[3],lsr#32
+	add.32	@x[8],@x[8],@d[4]
+	 add	$D1,$D1,@K[4]
+	add	@x[9],@x[9],@d[4],lsr#32
+	add.32	@x[10],@x[10],@d[5]
+	 add	$D2,$D2,@K[5]
+	add	@x[11],@x[11],@d[5],lsr#32
+	add.32	@x[12],@x[12],@d[6]
+	 add	$B0,$B0,@K[1]
+	add	@x[13],@x[13],@d[6],lsr#32
+	add.32	@x[14],@x[14],@d[7]
+	 add	$B1,$B1,@K[1]
+	add	@x[15],@x[15],@d[7],lsr#32
+	 add	$B2,$B2,@K[1]
+
+	b.lo	.Ltail_neon
+
+	add	@x[0],@x[0],@x[1],lsl#32	// pack
+	add	@x[2],@x[2],@x[3],lsl#32
+	ldp	@x[1],@x[3],[$inp,#0]		// load input
+	add	@x[4],@x[4],@x[5],lsl#32
+	add	@x[6],@x[6],@x[7],lsl#32
+	ldp	@x[5],@x[7],[$inp,#16]
+	add	@x[8],@x[8],@x[9],lsl#32
+	add	@x[10],@x[10],@x[11],lsl#32
+	ldp	@x[9],@x[11],[$inp,#32]
+	add	@x[12],@x[12],@x[13],lsl#32
+	add	@x[14],@x[14],@x[15],lsl#32
+	ldp	@x[13],@x[15],[$inp,#48]
+	add	$inp,$inp,#64
+#ifdef	__ARMEB__
+	rev	@x[0],@x[0]
+	rev	@x[2],@x[2]
+	rev	@x[4],@x[4]
+	rev	@x[6],@x[6]
+	rev	@x[8],@x[8]
+	rev	@x[10],@x[10]
+	rev	@x[12],@x[12]
+	rev	@x[14],@x[14]
+#endif
+	ld1.8	{$T0-$T3},[$inp],#64
+	eor	@x[0],@x[0],@x[1]
+	eor	@x[2],@x[2],@x[3]
+	eor	@x[4],@x[4],@x[5]
+	eor	@x[6],@x[6],@x[7]
+	eor	@x[8],@x[8],@x[9]
+	 eor	$A0,$A0,$T0
+	eor	@x[10],@x[10],@x[11]
+	 eor	$B0,$B0,$T1
+	eor	@x[12],@x[12],@x[13]
+	 eor	$C0,$C0,$T2
+	eor	@x[14],@x[14],@x[15]
+	 eor	$D0,$D0,$T3
+	 ld1.8	{$T0-$T3},[$inp],#64
+
+	stp	@x[0],@x[2],[$out,#0]		// store output
+	 add	@d[6],@d[6],#4			// increment counter
+	stp	@x[4],@x[6],[$out,#16]
+	 add	@K[3],@K[3],$ONE		// += 4
+	stp	@x[8],@x[10],[$out,#32]
+	 add	@K[4],@K[4],$ONE
+	stp	@x[12],@x[14],[$out,#48]
+	 add	@K[5],@K[5],$ONE
+	add	$out,$out,#64
+
+	st1.8	{$A0-$D0},[$out],#64
+	ld1.8	{$A0-$D0},[$inp],#64
+
+	eor	$A1,$A1,$T0
+	eor	$B1,$B1,$T1
+	eor	$C1,$C1,$T2
+	eor	$D1,$D1,$T3
+	st1.8	{$A1-$D1},[$out],#64
+
+	eor	$A2,$A2,$A0
+	eor	$B2,$B2,$B0
+	eor	$C2,$C2,$C0
+	eor	$D2,$D2,$D0
+	st1.8	{$A2-$D2},[$out],#64
+
+	b.hi	.Loop_outer_neon
+
+	ldp	x19,x20,[x29,#16]
+	add	sp,sp,#64
+	ldp	x21,x22,[x29,#32]
+	ldp	x23,x24,[x29,#48]
+	ldp	x25,x26,[x29,#64]
+	ldp	x27,x28,[x29,#80]
+	ldp	x29,x30,[sp],#96
+	.inst	0xd50323bf			// autiasp
+	ret
+
+.Ltail_neon:
+	add	$len,$len,#256
+	cmp	$len,#64
+	b.lo	.Less_than_64
+
+	add	@x[0],@x[0],@x[1],lsl#32	// pack
+	add	@x[2],@x[2],@x[3],lsl#32
+	ldp	@x[1],@x[3],[$inp,#0]		// load input
+	add	@x[4],@x[4],@x[5],lsl#32
+	add	@x[6],@x[6],@x[7],lsl#32
+	ldp	@x[5],@x[7],[$inp,#16]
+	add	@x[8],@x[8],@x[9],lsl#32
+	add	@x[10],@x[10],@x[11],lsl#32
+	ldp	@x[9],@x[11],[$inp,#32]
+	add	@x[12],@x[12],@x[13],lsl#32
+	add	@x[14],@x[14],@x[15],lsl#32
+	ldp	@x[13],@x[15],[$inp,#48]
+	add	$inp,$inp,#64
+#ifdef	__ARMEB__
+	rev	@x[0],@x[0]
+	rev	@x[2],@x[2]
+	rev	@x[4],@x[4]
+	rev	@x[6],@x[6]
+	rev	@x[8],@x[8]
+	rev	@x[10],@x[10]
+	rev	@x[12],@x[12]
+	rev	@x[14],@x[14]
+#endif
+	eor	@x[0],@x[0],@x[1]
+	eor	@x[2],@x[2],@x[3]
+	eor	@x[4],@x[4],@x[5]
+	eor	@x[6],@x[6],@x[7]
+	eor	@x[8],@x[8],@x[9]
+	eor	@x[10],@x[10],@x[11]
+	eor	@x[12],@x[12],@x[13]
+	eor	@x[14],@x[14],@x[15]
+
+	stp	@x[0],@x[2],[$out,#0]		// store output
+	 add	@d[6],@d[6],#4			// increment counter
+	stp	@x[4],@x[6],[$out,#16]
+	stp	@x[8],@x[10],[$out,#32]
+	stp	@x[12],@x[14],[$out,#48]
+	add	$out,$out,#64
+	b.eq	.Ldone_neon
+	sub	$len,$len,#64
+	cmp	$len,#64
+	b.lo	.Less_than_128
+
+	ld1.8	{$T0-$T3},[$inp],#64
+	eor	$A0,$A0,$T0
+	eor	$B0,$B0,$T1
+	eor	$C0,$C0,$T2
+	eor	$D0,$D0,$T3
+	st1.8	{$A0-$D0},[$out],#64
+	b.eq	.Ldone_neon
+	sub	$len,$len,#64
+	cmp	$len,#64
+	b.lo	.Less_than_192
+
+	ld1.8	{$T0-$T3},[$inp],#64
+	eor	$A1,$A1,$T0
+	eor	$B1,$B1,$T1
+	eor	$C1,$C1,$T2
+	eor	$D1,$D1,$T3
+	st1.8	{$A1-$D1},[$out],#64
+	b.eq	.Ldone_neon
+	sub	$len,$len,#64
+
+	st1.8	{$A2-$D2},[sp]
+	b	.Last_neon
+
+.Less_than_128:
+	st1.8	{$A0-$D0},[sp]
+	b	.Last_neon
+.Less_than_192:
+	st1.8	{$A1-$D1},[sp]
+	b	.Last_neon
+
+.align	4
+.Last_neon:
+	sub	$out,$out,#1
+	add	$inp,$inp,$len
+	add	$out,$out,$len
+	add	$ctr,sp,$len
+	neg	$len,$len
+
+.Loop_tail_neon:
+	ldrb	w10,[$inp,$len]
+	ldrb	w11,[$ctr,$len]
+	add	$len,$len,#1
+	eor	w10,w10,w11
+	strb	w10,[$out,$len]
+	cbnz	$len,.Loop_tail_neon
+
+	stp	xzr,xzr,[sp,#0]
+	stp	xzr,xzr,[sp,#16]
+	stp	xzr,xzr,[sp,#32]
+	stp	xzr,xzr,[sp,#48]
+
+.Ldone_neon:
+	ldp	x19,x20,[x29,#16]
+	add	sp,sp,#64
+	ldp	x21,x22,[x29,#32]
+	ldp	x23,x24,[x29,#48]
+	ldp	x25,x26,[x29,#64]
+	ldp	x27,x28,[x29,#80]
+	ldp	x29,x30,[sp],#96
+	.inst	0xd50323bf			// autiasp
+	ret
+.size	ChaCha20_neon,.-ChaCha20_neon
+___
+{
+my ($T0,$T1,$T2,$T3,$T4,$T5)=@K;
+my ($A0,$B0,$C0,$D0,$A1,$B1,$C1,$D1,$A2,$B2,$C2,$D2,
+    $A3,$B3,$C3,$D3,$A4,$B4,$C4,$D4,$A5,$B5,$C5,$D5) = map("v$_.4s",(0..23));
+
+$code.=<<___;
+.type	ChaCha20_512_neon,%function
+.align	5
+ChaCha20_512_neon:
+	.inst	0xd503233f			// paciasp
+	stp	x29,x30,[sp,#-96]!
+	add	x29,sp,#0
+
+	adr	@x[0],.Lsigma
+	stp	x19,x20,[sp,#16]
+	stp	x21,x22,[sp,#32]
+	stp	x23,x24,[sp,#48]
+	stp	x25,x26,[sp,#64]
+	stp	x27,x28,[sp,#80]
+
+.L512_or_more_neon:
+	sub	sp,sp,#128+64
+
+	ldp	@d[0],@d[1],[@x[0]]		// load sigma
+	ld1	{@K[0]},[@x[0]],#16
+	ldp	@d[2],@d[3],[$key]		// load key
+	ldp	@d[4],@d[5],[$key,#16]
+	ld1	{@K[1],@K[2]},[$key]
+	ldp	@d[6],@d[7],[$ctr]		// load counter
+	ld1	{@K[3]},[$ctr]
+	ld1	{$ONE},[@x[0]]
+#ifdef	__ARMEB__
+	rev64	@K[0],@K[0]
+	ror	@d[2],@d[2],#32
+	ror	@d[3],@d[3],#32
+	ror	@d[4],@d[4],#32
+	ror	@d[5],@d[5],#32
+	ror	@d[6],@d[6],#32
+	ror	@d[7],@d[7],#32
+#endif
+	add	@K[3],@K[3],$ONE		// += 1
+	stp	@K[0],@K[1],[sp,#0]		// off-load key block, invariant part
+	add	@K[3],@K[3],$ONE		// not typo
+	str	@K[2],[sp,#32]
+	add	@K[4],@K[3],$ONE
+	add	@K[5],@K[4],$ONE
+	add	@K[6],@K[5],$ONE
+	shl	$ONE,$ONE,#2			// 1 -> 4
+
+	stp	d8,d9,[sp,#128+0]		// meet ABI requirements
+	stp	d10,d11,[sp,#128+16]
+	stp	d12,d13,[sp,#128+32]
+	stp	d14,d15,[sp,#128+48]
+
+	sub	$len,$len,#512			// not typo
+
+.Loop_outer_512_neon:
+	 mov	$A0,@K[0]
+	 mov	$A1,@K[0]
+	 mov	$A2,@K[0]
+	 mov	$A3,@K[0]
+	 mov	$A4,@K[0]
+	 mov	$A5,@K[0]
+	 mov	$B0,@K[1]
+	mov.32	@x[0],@d[0]			// unpack key block
+	 mov	$B1,@K[1]
+	lsr	@x[1],@d[0],#32
+	 mov	$B2,@K[1]
+	mov.32	@x[2],@d[1]
+	 mov	$B3,@K[1]
+	lsr	@x[3],@d[1],#32
+	 mov	$B4,@K[1]
+	mov.32	@x[4],@d[2]
+	 mov	$B5,@K[1]
+	lsr	@x[5],@d[2],#32
+	 mov	$D0,@K[3]
+	mov.32	@x[6],@d[3]
+	 mov	$D1,@K[4]
+	lsr	@x[7],@d[3],#32
+	 mov	$D2,@K[5]
+	mov.32	@x[8],@d[4]
+	 mov	$D3,@K[6]
+	lsr	@x[9],@d[4],#32
+	 mov	$C0,@K[2]
+	mov.32	@x[10],@d[5]
+	 mov	$C1,@K[2]
+	lsr	@x[11],@d[5],#32
+	 add	$D4,$D0,$ONE			// +4
+	mov.32	@x[12],@d[6]
+	 add	$D5,$D1,$ONE			// +4
+	lsr	@x[13],@d[6],#32
+	 mov	$C2,@K[2]
+	mov.32	@x[14],@d[7]
+	 mov	$C3,@K[2]
+	lsr	@x[15],@d[7],#32
+	 mov	$C4,@K[2]
+	 stp	@K[3],@K[4],[sp,#48]		// off-load key block, variable part
+	 mov	$C5,@K[2]
+	 str	@K[5],[sp,#80]
+
+	mov	$ctr,#5
+	subs	$len,$len,#512
+.Loop_upper_neon:
+	sub	$ctr,$ctr,#1
+___
+	my @thread0=&NEONROUND($A0,$B0,$C0,$D0,$T0,0);
+	my @thread1=&NEONROUND($A1,$B1,$C1,$D1,$T1,0);
+	my @thread2=&NEONROUND($A2,$B2,$C2,$D2,$T2,0);
+	my @thread3=&NEONROUND($A3,$B3,$C3,$D3,$T3,0);
+	my @thread4=&NEONROUND($A4,$B4,$C4,$D4,$T4,0);
+	my @thread5=&NEONROUND($A5,$B5,$C5,$D5,$T5,0);
+	my @thread67=(&ROUND(0,4,8,12),&ROUND(0,5,10,15));
+	my $diff = ($#thread0+1)*6 - $#thread67 - 1;
+	my $i = 0;
+
+	foreach (@thread0) {
+		eval;			eval(shift(@thread67));
+		eval(shift(@thread1));	eval(shift(@thread67));
+		eval(shift(@thread2));	eval(shift(@thread67));
+		eval(shift(@thread3));	eval(shift(@thread67));
+		eval(shift(@thread4));	eval(shift(@thread67));
+		eval(shift(@thread5));	eval(shift(@thread67));
+	}
+
+	@thread0=&NEONROUND($A0,$B0,$C0,$D0,$T0,1);
+	@thread1=&NEONROUND($A1,$B1,$C1,$D1,$T1,1);
+	@thread2=&NEONROUND($A2,$B2,$C2,$D2,$T2,1);
+	@thread3=&NEONROUND($A3,$B3,$C3,$D3,$T3,1);
+	@thread4=&NEONROUND($A4,$B4,$C4,$D4,$T4,1);
+	@thread5=&NEONROUND($A5,$B5,$C5,$D5,$T5,1);
+	@thread67=(&ROUND(0,4,8,12),&ROUND(0,5,10,15));
+
+	foreach (@thread0) {
+		eval;			eval(shift(@thread67));
+		eval(shift(@thread1));	eval(shift(@thread67));
+		eval(shift(@thread2));	eval(shift(@thread67));
+		eval(shift(@thread3));	eval(shift(@thread67));
+		eval(shift(@thread4));	eval(shift(@thread67));
+		eval(shift(@thread5));	eval(shift(@thread67));
+	}
+$code.=<<___;
+	cbnz	$ctr,.Loop_upper_neon
+
+	add.32	@x[0],@x[0],@d[0]		// accumulate key block
+	add	@x[1],@x[1],@d[0],lsr#32
+	add.32	@x[2],@x[2],@d[1]
+	add	@x[3],@x[3],@d[1],lsr#32
+	add.32	@x[4],@x[4],@d[2]
+	add	@x[5],@x[5],@d[2],lsr#32
+	add.32	@x[6],@x[6],@d[3]
+	add	@x[7],@x[7],@d[3],lsr#32
+	add.32	@x[8],@x[8],@d[4]
+	add	@x[9],@x[9],@d[4],lsr#32
+	add.32	@x[10],@x[10],@d[5]
+	add	@x[11],@x[11],@d[5],lsr#32
+	add.32	@x[12],@x[12],@d[6]
+	add	@x[13],@x[13],@d[6],lsr#32
+	add.32	@x[14],@x[14],@d[7]
+	add	@x[15],@x[15],@d[7],lsr#32
+
+	add	@x[0],@x[0],@x[1],lsl#32	// pack
+	add	@x[2],@x[2],@x[3],lsl#32
+	ldp	@x[1],@x[3],[$inp,#0]		// load input
+	add	@x[4],@x[4],@x[5],lsl#32
+	add	@x[6],@x[6],@x[7],lsl#32
+	ldp	@x[5],@x[7],[$inp,#16]
+	add	@x[8],@x[8],@x[9],lsl#32
+	add	@x[10],@x[10],@x[11],lsl#32
+	ldp	@x[9],@x[11],[$inp,#32]
+	add	@x[12],@x[12],@x[13],lsl#32
+	add	@x[14],@x[14],@x[15],lsl#32
+	ldp	@x[13],@x[15],[$inp,#48]
+	add	$inp,$inp,#64
+#ifdef	__ARMEB__
+	rev	@x[0],@x[0]
+	rev	@x[2],@x[2]
+	rev	@x[4],@x[4]
+	rev	@x[6],@x[6]
+	rev	@x[8],@x[8]
+	rev	@x[10],@x[10]
+	rev	@x[12],@x[12]
+	rev	@x[14],@x[14]
+#endif
+	eor	@x[0],@x[0],@x[1]
+	eor	@x[2],@x[2],@x[3]
+	eor	@x[4],@x[4],@x[5]
+	eor	@x[6],@x[6],@x[7]
+	eor	@x[8],@x[8],@x[9]
+	eor	@x[10],@x[10],@x[11]
+	eor	@x[12],@x[12],@x[13]
+	eor	@x[14],@x[14],@x[15]
+
+	 stp	@x[0],@x[2],[$out,#0]		// store output
+	 add	@d[6],@d[6],#1			// increment counter
+	mov.32	@x[0],@d[0]			// unpack key block
+	lsr	@x[1],@d[0],#32
+	 stp	@x[4],@x[6],[$out,#16]
+	mov.32	@x[2],@d[1]
+	lsr	@x[3],@d[1],#32
+	 stp	@x[8],@x[10],[$out,#32]
+	mov.32	@x[4],@d[2]
+	lsr	@x[5],@d[2],#32
+	 stp	@x[12],@x[14],[$out,#48]
+	 add	$out,$out,#64
+	mov.32	@x[6],@d[3]
+	lsr	@x[7],@d[3],#32
+	mov.32	@x[8],@d[4]
+	lsr	@x[9],@d[4],#32
+	mov.32	@x[10],@d[5]
+	lsr	@x[11],@d[5],#32
+	mov.32	@x[12],@d[6]
+	lsr	@x[13],@d[6],#32
+	mov.32	@x[14],@d[7]
+	lsr	@x[15],@d[7],#32
+
+	mov	$ctr,#5
+.Loop_lower_neon:
+	sub	$ctr,$ctr,#1
+___
+	@thread0=&NEONROUND($A0,$B0,$C0,$D0,$T0,0);
+	@thread1=&NEONROUND($A1,$B1,$C1,$D1,$T1,0);
+	@thread2=&NEONROUND($A2,$B2,$C2,$D2,$T2,0);
+	@thread3=&NEONROUND($A3,$B3,$C3,$D3,$T3,0);
+	@thread4=&NEONROUND($A4,$B4,$C4,$D4,$T4,0);
+	@thread5=&NEONROUND($A5,$B5,$C5,$D5,$T5,0);
+	@thread67=(&ROUND(0,4,8,12),&ROUND(0,5,10,15));
+
+	foreach (@thread0) {
+		eval;			eval(shift(@thread67));
+		eval(shift(@thread1));	eval(shift(@thread67));
+		eval(shift(@thread2));	eval(shift(@thread67));
+		eval(shift(@thread3));	eval(shift(@thread67));
+		eval(shift(@thread4));	eval(shift(@thread67));
+		eval(shift(@thread5));	eval(shift(@thread67));
+	}
+
+	@thread0=&NEONROUND($A0,$B0,$C0,$D0,$T0,1);
+	@thread1=&NEONROUND($A1,$B1,$C1,$D1,$T1,1);
+	@thread2=&NEONROUND($A2,$B2,$C2,$D2,$T2,1);
+	@thread3=&NEONROUND($A3,$B3,$C3,$D3,$T3,1);
+	@thread4=&NEONROUND($A4,$B4,$C4,$D4,$T4,1);
+	@thread5=&NEONROUND($A5,$B5,$C5,$D5,$T5,1);
+	@thread67=(&ROUND(0,4,8,12),&ROUND(0,5,10,15));
+
+	foreach (@thread0) {
+		eval;			eval(shift(@thread67));
+		eval(shift(@thread1));	eval(shift(@thread67));
+		eval(shift(@thread2));	eval(shift(@thread67));
+		eval(shift(@thread3));	eval(shift(@thread67));
+		eval(shift(@thread4));	eval(shift(@thread67));
+		eval(shift(@thread5));	eval(shift(@thread67));
+	}
+$code.=<<___;
+	cbnz	$ctr,.Loop_lower_neon
+
+	add.32	@x[0],@x[0],@d[0]		// accumulate key block
+	 ldp	@K[0],@K[1],[sp,#0]
+	add	@x[1],@x[1],@d[0],lsr#32
+	 ldp	@K[2],@K[3],[sp,#32]
+	add.32	@x[2],@x[2],@d[1]
+	 ldp	@K[4],@K[5],[sp,#64]
+	add	@x[3],@x[3],@d[1],lsr#32
+	 add	$A0,$A0,@K[0]
+	add.32	@x[4],@x[4],@d[2]
+	 add	$A1,$A1,@K[0]
+	add	@x[5],@x[5],@d[2],lsr#32
+	 add	$A2,$A2,@K[0]
+	add.32	@x[6],@x[6],@d[3]
+	 add	$A3,$A3,@K[0]
+	add	@x[7],@x[7],@d[3],lsr#32
+	 add	$A4,$A4,@K[0]
+	add.32	@x[8],@x[8],@d[4]
+	 add	$A5,$A5,@K[0]
+	add	@x[9],@x[9],@d[4],lsr#32
+	 add	$C0,$C0,@K[2]
+	add.32	@x[10],@x[10],@d[5]
+	 add	$C1,$C1,@K[2]
+	add	@x[11],@x[11],@d[5],lsr#32
+	 add	$C2,$C2,@K[2]
+	add.32	@x[12],@x[12],@d[6]
+	 add	$C3,$C3,@K[2]
+	add	@x[13],@x[13],@d[6],lsr#32
+	 add	$C4,$C4,@K[2]
+	add.32	@x[14],@x[14],@d[7]
+	 add	$C5,$C5,@K[2]
+	add	@x[15],@x[15],@d[7],lsr#32
+	 add	$D4,$D4,$ONE			// +4
+	add	@x[0],@x[0],@x[1],lsl#32	// pack
+	 add	$D5,$D5,$ONE			// +4
+	add	@x[2],@x[2],@x[3],lsl#32
+	 add	$D0,$D0,@K[3]
+	ldp	@x[1],@x[3],[$inp,#0]		// load input
+	 add	$D1,$D1,@K[4]
+	add	@x[4],@x[4],@x[5],lsl#32
+	 add	$D2,$D2,@K[5]
+	add	@x[6],@x[6],@x[7],lsl#32
+	 add	$D3,$D3,@K[6]
+	ldp	@x[5],@x[7],[$inp,#16]
+	 add	$D4,$D4,@K[3]
+	add	@x[8],@x[8],@x[9],lsl#32
+	 add	$D5,$D5,@K[4]
+	add	@x[10],@x[10],@x[11],lsl#32
+	 add	$B0,$B0,@K[1]
+	ldp	@x[9],@x[11],[$inp,#32]
+	 add	$B1,$B1,@K[1]
+	add	@x[12],@x[12],@x[13],lsl#32
+	 add	$B2,$B2,@K[1]
+	add	@x[14],@x[14],@x[15],lsl#32
+	 add	$B3,$B3,@K[1]
+	ldp	@x[13],@x[15],[$inp,#48]
+	 add	$B4,$B4,@K[1]
+	add	$inp,$inp,#64
+	 add	$B5,$B5,@K[1]
+
+#ifdef	__ARMEB__
+	rev	@x[0],@x[0]
+	rev	@x[2],@x[2]
+	rev	@x[4],@x[4]
+	rev	@x[6],@x[6]
+	rev	@x[8],@x[8]
+	rev	@x[10],@x[10]
+	rev	@x[12],@x[12]
+	rev	@x[14],@x[14]
+#endif
+	ld1.8	{$T0-$T3},[$inp],#64
+	eor	@x[0],@x[0],@x[1]
+	eor	@x[2],@x[2],@x[3]
+	eor	@x[4],@x[4],@x[5]
+	eor	@x[6],@x[6],@x[7]
+	eor	@x[8],@x[8],@x[9]
+	 eor	$A0,$A0,$T0
+	eor	@x[10],@x[10],@x[11]
+	 eor	$B0,$B0,$T1
+	eor	@x[12],@x[12],@x[13]
+	 eor	$C0,$C0,$T2
+	eor	@x[14],@x[14],@x[15]
+	 eor	$D0,$D0,$T3
+	 ld1.8	{$T0-$T3},[$inp],#64
+
+	stp	@x[0],@x[2],[$out,#0]		// store output
+	 add	@d[6],@d[6],#7			// increment counter
+	stp	@x[4],@x[6],[$out,#16]
+	stp	@x[8],@x[10],[$out,#32]
+	stp	@x[12],@x[14],[$out,#48]
+	add	$out,$out,#64
+	st1.8	{$A0-$D0},[$out],#64
+
+	ld1.8	{$A0-$D0},[$inp],#64
+	eor	$A1,$A1,$T0
+	eor	$B1,$B1,$T1
+	eor	$C1,$C1,$T2
+	eor	$D1,$D1,$T3
+	st1.8	{$A1-$D1},[$out],#64
+
+	ld1.8	{$A1-$D1},[$inp],#64
+	eor	$A2,$A2,$A0
+	 ldp	@K[0],@K[1],[sp,#0]
+	eor	$B2,$B2,$B0
+	 ldp	@K[2],@K[3],[sp,#32]
+	eor	$C2,$C2,$C0
+	eor	$D2,$D2,$D0
+	st1.8	{$A2-$D2},[$out],#64
+
+	ld1.8	{$A2-$D2},[$inp],#64
+	eor	$A3,$A3,$A1
+	eor	$B3,$B3,$B1
+	eor	$C3,$C3,$C1
+	eor	$D3,$D3,$D1
+	st1.8	{$A3-$D3},[$out],#64
+
+	ld1.8	{$A3-$D3},[$inp],#64
+	eor	$A4,$A4,$A2
+	eor	$B4,$B4,$B2
+	eor	$C4,$C4,$C2
+	eor	$D4,$D4,$D2
+	st1.8	{$A4-$D4},[$out],#64
+
+	shl	$A0,$ONE,#1			// 4 -> 8
+	eor	$A5,$A5,$A3
+	eor	$B5,$B5,$B3
+	eor	$C5,$C5,$C3
+	eor	$D5,$D5,$D3
+	st1.8	{$A5-$D5},[$out],#64
+
+	add	@K[3],@K[3],$A0			// += 8
+	add	@K[4],@K[4],$A0
+	add	@K[5],@K[5],$A0
+	add	@K[6],@K[6],$A0
+
+	b.hs	.Loop_outer_512_neon
+
+	adds	$len,$len,#512
+	ushr	$A0,$ONE,#2			// 4 -> 1
+
+	ldp	d8,d9,[sp,#128+0]		// meet ABI requirements
+	ldp	d10,d11,[sp,#128+16]
+	ldp	d12,d13,[sp,#128+32]
+	ldp	d14,d15,[sp,#128+48]
+
+	stp	@K[0],$ONE,[sp,#0]		// wipe off-load area
+	stp	@K[0],$ONE,[sp,#32]
+	stp	@K[0],$ONE,[sp,#64]
+
+	b.eq	.Ldone_512_neon
+
+	cmp	$len,#192
+	sub	@K[3],@K[3],$A0			// -= 1
+	sub	@K[4],@K[4],$A0
+	sub	@K[5],@K[5],$A0
+	add	sp,sp,#128
+	b.hs	.Loop_outer_neon
+
+	eor	@K[1],@K[1],@K[1]
+	eor	@K[2],@K[2],@K[2]
+	eor	@K[3],@K[3],@K[3]
+	eor	@K[4],@K[4],@K[4]
+	eor	@K[5],@K[5],@K[5]
+	eor	@K[6],@K[6],@K[6]
+	b	.Loop_outer
+
+.Ldone_512_neon:
+	ldp	x19,x20,[x29,#16]
+	add	sp,sp,#128+64
+	ldp	x21,x22,[x29,#32]
+	ldp	x23,x24,[x29,#48]
+	ldp	x25,x26,[x29,#64]
+	ldp	x27,x28,[x29,#80]
+	ldp	x29,x30,[sp],#96
+	.inst	0xd50323bf			// autiasp
+	ret
+.size	ChaCha20_512_neon,.-ChaCha20_512_neon
+___
+}
+}}}
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/geo;
+
+	(s/\b([a-z]+)\.32\b/$1/ and (s/x([0-9]+)/w$1/g or 1))	or
+	(m/\b(eor|ext|mov)\b/ and (s/\.4s/\.16b/g or 1))	or
+	(s/\b((?:ld|st)1)\.8\b/$1/ and (s/\.4s/\.16b/g or 1))	or
+	(m/\b(ld|st)[rp]\b/ and (s/v([0-9]+)\.4s/q$1/g or 1))	or
+	(s/\brev32\.16\b/rev32/ and (s/\.4s/\.8h/g or 1));
+
+	#s/\bq([0-9]+)#(lo|hi)/sprintf "d%d",2*$1+($2 eq "hi")/geo;
+
+	print $_,"\n";
+}
+close STDOUT;	# flush
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/asm/chacha-c64xplus.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/asm/chacha-c64xplus.pl
new file mode 100755
index 000000000..266401eb1
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/asm/chacha-c64xplus.pl
@@ -0,0 +1,926 @@
+#! /usr/bin/env perl
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# ChaCha20 for C64x+.
+#
+# October 2015
+#
+# Performance is 3.54 cycles per processed byte, which is ~4.3 times
+# faster than code generated by TI compiler. Compiler also disables
+# interrupts for some reason, thus making interrupt response time
+# dependent on input length. This module on the other hand is free
+# from such limitation.
+
+$output=pop;
+open STDOUT,">$output";
+
+($OUT,$INP,$LEN,$KEYB,$COUNTERA)=("A4","B4","A6","B6","A8");
+($KEYA,$COUNTERB,$STEP)=("A7","B7","A3");
+
+@X=  ("A16","B16","A17","B17","A18","B18","A19","B19",
+      "A20","B20","A21","B21","A22","B22","A23","B23");
+@Y=  ("A24","B24","A25","B25","A26","B26","A27","B27",
+      "A28","B28","A29","B29","A30","B30","A31","B31");
+@DAT=("A6", "A7", "B6", "B7", "A8", "A9", "B8", "B9",
+      "A10","A11","B10","B11","A12","A13","B12","B13");
+
+# yes, overlaps with @DAT, used only in 2x interleave code path...
+@K2x=("A6", "B6", "A7", "B7", "A8", "B8", "A9", "B9",
+      "A10","B10","A11","B11","A2", "B2", "A13","B13");
+
+$code.=<<___;
+	.text
+
+	.if	.ASSEMBLER_VERSION<7000000
+	.asg	0,__TI_EABI__
+	.endif
+	.if	__TI_EABI__
+	.asg	ChaCha20_ctr32,_ChaCha20_ctr32
+	.endif
+
+	.asg	B3,RA
+	.asg	A15,FP
+	.asg	B15,SP
+
+	.global	_ChaCha20_ctr32
+	.align	32
+_ChaCha20_ctr32:
+	.asmfunc	stack_usage(40+64)
+	MV	$LEN,A0			; reassign
+  [!A0]	BNOP	RA			; no data
+|| [A0]	STW	FP,*SP--(40+64)		; save frame pointer and alloca(40+64)
+|| [A0]	MV	SP,FP
+   [A0]	STDW	B13:B12,*SP[4+8]	; ABI says so
+|| [A0]	MV	$KEYB,$KEYA
+|| [A0]	MV	$COUNTERA,$COUNTERB
+   [A0]	STDW	B11:B10,*SP[3+8]
+|| [A0]	STDW	A13:A12,*FP[-3]
+   [A0]	STDW	A11:A10,*FP[-4]
+|| [A0]	MVK	128,$STEP		; 2 * input block size
+
+   [A0]	LDW	*${KEYA}[0],@Y[4]	; load key
+|| [A0]	LDW	*${KEYB}[1],@Y[5]
+|| [A0]	MVK	0x00007865,@Y[0]	; synthesize sigma
+|| [A0]	MVK	0x0000646e,@Y[1]
+   [A0]	LDW	*${KEYA}[2],@Y[6]
+|| [A0]	LDW	*${KEYB}[3],@Y[7]
+|| [A0]	MVKH	0x61700000,@Y[0]
+|| [A0]	MVKH	0x33200000,@Y[1]
+	LDW	*${KEYA}[4],@Y[8]
+||	LDW	*${KEYB}[5],@Y[9]
+||	MVK	0x00002d32,@Y[2]
+||	MVK	0x00006574,@Y[3]
+	LDW	*${KEYA}[6],@Y[10]
+||	LDW	*${KEYB}[7],@Y[11]
+||	MVKH	0x79620000,@Y[2]
+||	MVKH	0x6b200000,@Y[3]
+	LDW	*${COUNTERA}[0],@Y[12]	; load counter||nonce
+||	LDW	*${COUNTERB}[1],@Y[13]
+||	CMPLTU	A0,$STEP,A1		; is length < 2*blocks?
+	LDW	*${COUNTERA}[2],@Y[14]
+||	LDW	*${COUNTERB}[3],@Y[15]
+|| [A1]	BNOP	top1x?
+   [A1]	MVK	64,$STEP		; input block size
+||	MVK	10,B0			; inner loop counter
+
+	DMV	@Y[2],@Y[0],@X[2]:@X[0]	; copy block
+||	DMV	@Y[3],@Y[1],@X[3]:@X[1]
+||[!A1]	STDW	@Y[2]:@Y[0],*FP[-12]	; offload key material to stack
+||[!A1]	STDW	@Y[3]:@Y[1],*SP[2]
+	DMV	@Y[6],@Y[4],@X[6]:@X[4]
+||	DMV	@Y[7],@Y[5],@X[7]:@X[5]
+||[!A1]	STDW	@Y[6]:@Y[4],*FP[-10]
+||[!A1]	STDW	@Y[7]:@Y[5],*SP[4]
+	DMV	@Y[10],@Y[8],@X[10]:@X[8]
+||	DMV	@Y[11],@Y[9],@X[11]:@X[9]
+||[!A1]	STDW	@Y[10]:@Y[8],*FP[-8]
+||[!A1]	STDW	@Y[11]:@Y[9],*SP[6]
+	DMV	@Y[14],@Y[12],@X[14]:@X[12]
+||	DMV	@Y[15],@Y[13],@X[15]:@X[13]
+||[!A1]	MV	@Y[12],@K2x[12]		; counter
+||[!A1]	MV	@Y[13],@K2x[13]
+||[!A1]	STW	@Y[14],*FP[-6*2]
+||[!A1]	STW	@Y[15],*SP[8*2]
+___
+{	################################################################
+	# 2x interleave gives 50% performance improvement
+	#
+my ($a0,$a1,$a2,$a3) = (0..3);
+my ($b0,$b1,$b2,$b3) = (4..7);
+my ($c0,$c1,$c2,$c3) = (8..11);
+my ($d0,$d1,$d2,$d3) = (12..15);
+
+$code.=<<___;
+outer2x?:
+	ADD	@X[$b1],@X[$a1],@X[$a1]
+||	ADD	@X[$b2],@X[$a2],@X[$a2]
+||	ADD	@X[$b0],@X[$a0],@X[$a0]
+||	ADD	@X[$b3],@X[$a3],@X[$a3]
+||	 DMV	@Y[2],@Y[0],@K2x[2]:@K2x[0]
+||	 DMV	@Y[3],@Y[1],@K2x[3]:@K2x[1]
+	XOR	@X[$a1],@X[$d1],@X[$d1]
+||	XOR	@X[$a2],@X[$d2],@X[$d2]
+||	XOR	@X[$a0],@X[$d0],@X[$d0]
+||	XOR	@X[$a3],@X[$d3],@X[$d3]
+||	 DMV	@Y[6],@Y[4],@K2x[6]:@K2x[4]
+||	 DMV	@Y[7],@Y[5],@K2x[7]:@K2x[5]
+	SWAP2	@X[$d1],@X[$d1]		; rotate by 16
+||	SWAP2	@X[$d2],@X[$d2]
+||	SWAP2	@X[$d0],@X[$d0]
+||	SWAP2	@X[$d3],@X[$d3]
+
+	ADD	@X[$d1],@X[$c1],@X[$c1]
+||	ADD	@X[$d2],@X[$c2],@X[$c2]
+||	ADD	@X[$d0],@X[$c0],@X[$c0]
+||	ADD	@X[$d3],@X[$c3],@X[$c3]
+||	 DMV	@Y[10],@Y[8],@K2x[10]:@K2x[8]
+||	 DMV	@Y[11],@Y[9],@K2x[11]:@K2x[9]
+	XOR	@X[$c1],@X[$b1],@X[$b1]
+||	XOR	@X[$c2],@X[$b2],@X[$b2]
+||	XOR	@X[$c0],@X[$b0],@X[$b0]
+||	XOR	@X[$c3],@X[$b3],@X[$b3]
+||	 ADD	1,@Y[12],@Y[12]		; adjust counter for 2nd block
+	ROTL	@X[$b1],12,@X[$b1]
+||	ROTL	@X[$b2],12,@X[$b2]
+||	 MV	@Y[14],@K2x[14]
+||	 MV	@Y[15],@K2x[15]
+top2x?:
+	ROTL	@X[$b0],12,@X[$b0]
+||	ROTL	@X[$b3],12,@X[$b3]
+||	 ADD	@Y[$b1],@Y[$a1],@Y[$a1]
+||	 ADD	@Y[$b2],@Y[$a2],@Y[$a2]
+	 ADD	@Y[$b0],@Y[$a0],@Y[$a0]
+||	 ADD	@Y[$b3],@Y[$a3],@Y[$a3]
+
+||	ADD	@X[$b1],@X[$a1],@X[$a1]
+||	ADD	@X[$b2],@X[$a2],@X[$a2]
+||	 XOR	@Y[$a1],@Y[$d1],@Y[$d1]
+||	 XOR	@Y[$a2],@Y[$d2],@Y[$d2]
+	 XOR	@Y[$a0],@Y[$d0],@Y[$d0]
+||	 XOR	@Y[$a3],@Y[$d3],@Y[$d3]
+||	ADD	@X[$b0],@X[$a0],@X[$a0]
+||	ADD	@X[$b3],@X[$a3],@X[$a3]
+||	XOR	@X[$a1],@X[$d1],@X[$d1]
+||	XOR	@X[$a2],@X[$d2],@X[$d2]
+	XOR	@X[$a0],@X[$d0],@X[$d0]
+||	XOR	@X[$a3],@X[$d3],@X[$d3]
+||	ROTL	@X[$d1],8,@X[$d1]
+||	ROTL	@X[$d2],8,@X[$d2]
+||	 SWAP2	@Y[$d1],@Y[$d1]		; rotate by 16
+||	 SWAP2	@Y[$d2],@Y[$d2]
+||	 SWAP2	@Y[$d0],@Y[$d0]
+||	 SWAP2	@Y[$d3],@Y[$d3]
+	ROTL	@X[$d0],8,@X[$d0]
+||	ROTL	@X[$d3],8,@X[$d3]
+||	 ADD	@Y[$d1],@Y[$c1],@Y[$c1]
+||	 ADD	@Y[$d2],@Y[$c2],@Y[$c2]
+||	 ADD	@Y[$d0],@Y[$c0],@Y[$c0]
+||	 ADD	@Y[$d3],@Y[$c3],@Y[$c3]
+||	BNOP	middle2x1?		; protect from interrupt
+
+	ADD	@X[$d1],@X[$c1],@X[$c1]
+||	ADD	@X[$d2],@X[$c2],@X[$c2]
+||	 XOR	@Y[$c1],@Y[$b1],@Y[$b1]
+||	 XOR	@Y[$c2],@Y[$b2],@Y[$b2]
+||	 XOR	@Y[$c0],@Y[$b0],@Y[$b0]
+||	 XOR	@Y[$c3],@Y[$b3],@Y[$b3]
+	ADD	@X[$d0],@X[$c0],@X[$c0]
+||	ADD	@X[$d3],@X[$c3],@X[$c3]
+||	XOR	@X[$c1],@X[$b1],@X[$b1]
+||	XOR	@X[$c2],@X[$b2],@X[$b2]
+||	ROTL	@X[$d1],0,@X[$d2]	; moved to avoid cross-path stall
+||	ROTL	@X[$d2],0,@X[$d3]
+	XOR	@X[$c0],@X[$b0],@X[$b0]
+||	XOR	@X[$c3],@X[$b3],@X[$b3]
+||	MV	@X[$d0],@X[$d1]
+||	MV	@X[$d3],@X[$d0]
+||	 ROTL	@Y[$b1],12,@Y[$b1]
+||	 ROTL	@Y[$b2],12,@Y[$b2]
+	ROTL	@X[$b1],7,@X[$b0]	; avoided cross-path stall
+||	ROTL	@X[$b2],7,@X[$b1]
+	ROTL	@X[$b0],7,@X[$b3]
+||	ROTL	@X[$b3],7,@X[$b2]
+middle2x1?:
+
+	 ROTL	@Y[$b0],12,@Y[$b0]
+||	 ROTL	@Y[$b3],12,@Y[$b3]
+||	ADD	@X[$b0],@X[$a0],@X[$a0]
+||	ADD	@X[$b1],@X[$a1],@X[$a1]
+	ADD	@X[$b2],@X[$a2],@X[$a2]
+||	ADD	@X[$b3],@X[$a3],@X[$a3]
+
+||	 ADD	@Y[$b1],@Y[$a1],@Y[$a1]
+||	 ADD	@Y[$b2],@Y[$a2],@Y[$a2]
+||	XOR	@X[$a0],@X[$d0],@X[$d0]
+||	XOR	@X[$a1],@X[$d1],@X[$d1]
+	XOR	@X[$a2],@X[$d2],@X[$d2]
+||	XOR	@X[$a3],@X[$d3],@X[$d3]
+||	 ADD	@Y[$b0],@Y[$a0],@Y[$a0]
+||	 ADD	@Y[$b3],@Y[$a3],@Y[$a3]
+||	 XOR	@Y[$a1],@Y[$d1],@Y[$d1]
+||	 XOR	@Y[$a2],@Y[$d2],@Y[$d2]
+	 XOR	@Y[$a0],@Y[$d0],@Y[$d0]
+||	 XOR	@Y[$a3],@Y[$d3],@Y[$d3]
+||	 ROTL	@Y[$d1],8,@Y[$d1]
+||	 ROTL	@Y[$d2],8,@Y[$d2]
+||	SWAP2	@X[$d0],@X[$d0]		; rotate by 16
+||	SWAP2	@X[$d1],@X[$d1]
+||	SWAP2	@X[$d2],@X[$d2]
+||	SWAP2	@X[$d3],@X[$d3]
+	 ROTL	@Y[$d0],8,@Y[$d0]
+||	 ROTL	@Y[$d3],8,@Y[$d3]
+||	ADD	@X[$d0],@X[$c2],@X[$c2]
+||	ADD	@X[$d1],@X[$c3],@X[$c3]
+||	ADD	@X[$d2],@X[$c0],@X[$c0]
+||	ADD	@X[$d3],@X[$c1],@X[$c1]
+||	BNOP	middle2x2?		; protect from interrupt
+
+	 ADD	@Y[$d1],@Y[$c1],@Y[$c1]
+||	 ADD	@Y[$d2],@Y[$c2],@Y[$c2]
+||	XOR	@X[$c2],@X[$b0],@X[$b0]
+||	XOR	@X[$c3],@X[$b1],@X[$b1]
+||	XOR	@X[$c0],@X[$b2],@X[$b2]
+||	XOR	@X[$c1],@X[$b3],@X[$b3]
+	 ADD	@Y[$d0],@Y[$c0],@Y[$c0]
+||	 ADD	@Y[$d3],@Y[$c3],@Y[$c3]
+||	 XOR	@Y[$c1],@Y[$b1],@Y[$b1]
+||	 XOR	@Y[$c2],@Y[$b2],@Y[$b2]
+||	 ROTL	@Y[$d1],0,@Y[$d2]	; moved to avoid cross-path stall
+||	 ROTL	@Y[$d2],0,@Y[$d3]
+	 XOR	@Y[$c0],@Y[$b0],@Y[$b0]
+||	 XOR	@Y[$c3],@Y[$b3],@Y[$b3]
+||	 MV	@Y[$d0],@Y[$d1]
+||	 MV	@Y[$d3],@Y[$d0]
+||	ROTL	@X[$b0],12,@X[$b0]
+||	ROTL	@X[$b1],12,@X[$b1]
+	 ROTL	@Y[$b1],7,@Y[$b0]	; avoided cross-path stall
+||	 ROTL	@Y[$b2],7,@Y[$b1]
+	 ROTL	@Y[$b0],7,@Y[$b3]
+||	 ROTL	@Y[$b3],7,@Y[$b2]
+middle2x2?:
+
+	ROTL	@X[$b2],12,@X[$b2]
+||	ROTL	@X[$b3],12,@X[$b3]
+||	 ADD	@Y[$b0],@Y[$a0],@Y[$a0]
+||	 ADD	@Y[$b1],@Y[$a1],@Y[$a1]
+	 ADD	@Y[$b2],@Y[$a2],@Y[$a2]
+||	 ADD	@Y[$b3],@Y[$a3],@Y[$a3]
+
+||	ADD	@X[$b0],@X[$a0],@X[$a0]
+||	ADD	@X[$b1],@X[$a1],@X[$a1]
+||	 XOR	@Y[$a0],@Y[$d0],@Y[$d0]
+||	 XOR	@Y[$a1],@Y[$d1],@Y[$d1]
+	 XOR	@Y[$a2],@Y[$d2],@Y[$d2]
+||	 XOR	@Y[$a3],@Y[$d3],@Y[$d3]
+||	ADD	@X[$b2],@X[$a2],@X[$a2]
+||	ADD	@X[$b3],@X[$a3],@X[$a3]
+||	XOR	@X[$a0],@X[$d0],@X[$d0]
+||	XOR	@X[$a1],@X[$d1],@X[$d1]
+	XOR	@X[$a2],@X[$d2],@X[$d2]
+||	XOR	@X[$a3],@X[$d3],@X[$d3]
+||	ROTL	@X[$d0],8,@X[$d0]
+||	ROTL	@X[$d1],8,@X[$d1]
+||	 SWAP2	@Y[$d0],@Y[$d0]		; rotate by 16
+||	 SWAP2	@Y[$d1],@Y[$d1]
+||	 SWAP2	@Y[$d2],@Y[$d2]
+||	 SWAP2	@Y[$d3],@Y[$d3]
+	ROTL	@X[$d2],8,@X[$d2]
+||	ROTL	@X[$d3],8,@X[$d3]
+||	 ADD	@Y[$d0],@Y[$c2],@Y[$c2]
+||	 ADD	@Y[$d1],@Y[$c3],@Y[$c3]
+||	 ADD	@Y[$d2],@Y[$c0],@Y[$c0]
+||	 ADD	@Y[$d3],@Y[$c1],@Y[$c1]
+||	BNOP	bottom2x1?		; protect from interrupt
+
+	ADD	@X[$d0],@X[$c2],@X[$c2]
+||	ADD	@X[$d1],@X[$c3],@X[$c3]
+||	 XOR	@Y[$c2],@Y[$b0],@Y[$b0]
+||	 XOR	@Y[$c3],@Y[$b1],@Y[$b1]
+||	 XOR	@Y[$c0],@Y[$b2],@Y[$b2]
+||	 XOR	@Y[$c1],@Y[$b3],@Y[$b3]
+	ADD	@X[$d2],@X[$c0],@X[$c0]
+||	ADD	@X[$d3],@X[$c1],@X[$c1]
+||	XOR	@X[$c2],@X[$b0],@X[$b0]
+||	XOR	@X[$c3],@X[$b1],@X[$b1]
+||	ROTL	@X[$d0],0,@X[$d3]	; moved to avoid cross-path stall
+||	ROTL	@X[$d1],0,@X[$d0]
+	XOR	@X[$c0],@X[$b2],@X[$b2]
+||	XOR	@X[$c1],@X[$b3],@X[$b3]
+||	MV	@X[$d2],@X[$d1]
+||	MV	@X[$d3],@X[$d2]
+||	 ROTL	@Y[$b0],12,@Y[$b0]
+||	 ROTL	@Y[$b1],12,@Y[$b1]
+	ROTL	@X[$b0],7,@X[$b1]	; avoided cross-path stall
+||	ROTL	@X[$b1],7,@X[$b2]
+	ROTL	@X[$b2],7,@X[$b3]
+||	ROTL	@X[$b3],7,@X[$b0]
+|| [B0]	SUB	B0,1,B0			; decrement inner loop counter
+bottom2x1?:
+
+	 ROTL	@Y[$b2],12,@Y[$b2]
+||	 ROTL	@Y[$b3],12,@Y[$b3]
+|| [B0]	ADD	@X[$b1],@X[$a1],@X[$a1]	; modulo-scheduled
+|| [B0]	ADD	@X[$b2],@X[$a2],@X[$a2]
+   [B0]	ADD	@X[$b0],@X[$a0],@X[$a0]
+|| [B0]	ADD	@X[$b3],@X[$a3],@X[$a3]
+
+||	 ADD	@Y[$b0],@Y[$a0],@Y[$a0]
+||	 ADD	@Y[$b1],@Y[$a1],@Y[$a1]
+|| [B0]	XOR	@X[$a1],@X[$d1],@X[$d1]
+|| [B0]	XOR	@X[$a2],@X[$d2],@X[$d2]
+   [B0]	XOR	@X[$a0],@X[$d0],@X[$d0]
+|| [B0]	XOR	@X[$a3],@X[$d3],@X[$d3]
+||	 ADD	@Y[$b2],@Y[$a2],@Y[$a2]
+||	 ADD	@Y[$b3],@Y[$a3],@Y[$a3]
+||	 XOR	@Y[$a0],@Y[$d0],@Y[$d0]
+||	 XOR	@Y[$a1],@Y[$d1],@Y[$d1]
+	 XOR	@Y[$a2],@Y[$d2],@Y[$d2]
+||	 XOR	@Y[$a3],@Y[$d3],@Y[$d3]
+||	 ROTL	@Y[$d0],8,@Y[$d0]
+||	 ROTL	@Y[$d1],8,@Y[$d1]
+|| [B0]	SWAP2	@X[$d1],@X[$d1]		; rotate by 16
+|| [B0]	SWAP2	@X[$d2],@X[$d2]
+|| [B0]	SWAP2	@X[$d0],@X[$d0]
+|| [B0]	SWAP2	@X[$d3],@X[$d3]
+	 ROTL	@Y[$d2],8,@Y[$d2]
+||	 ROTL	@Y[$d3],8,@Y[$d3]
+|| [B0]	ADD	@X[$d1],@X[$c1],@X[$c1]
+|| [B0]	ADD	@X[$d2],@X[$c2],@X[$c2]
+|| [B0]	ADD	@X[$d0],@X[$c0],@X[$c0]
+|| [B0]	ADD	@X[$d3],@X[$c3],@X[$c3]
+|| [B0]	BNOP	top2x?			; even protects from interrupt
+
+	 ADD	@Y[$d0],@Y[$c2],@Y[$c2]
+||	 ADD	@Y[$d1],@Y[$c3],@Y[$c3]
+|| [B0]	XOR	@X[$c1],@X[$b1],@X[$b1]
+|| [B0]	XOR	@X[$c2],@X[$b2],@X[$b2]
+|| [B0]	XOR	@X[$c0],@X[$b0],@X[$b0]
+|| [B0]	XOR	@X[$c3],@X[$b3],@X[$b3]
+	 ADD	@Y[$d2],@Y[$c0],@Y[$c0]
+||	 ADD	@Y[$d3],@Y[$c1],@Y[$c1]
+||	 XOR	@Y[$c2],@Y[$b0],@Y[$b0]
+||	 XOR	@Y[$c3],@Y[$b1],@Y[$b1]
+||	 ROTL	@Y[$d0],0,@Y[$d3]	; moved to avoid cross-path stall
+||	 ROTL	@Y[$d1],0,@Y[$d0]
+	 XOR	@Y[$c0],@Y[$b2],@Y[$b2]
+||	 XOR	@Y[$c1],@Y[$b3],@Y[$b3]
+||	 MV	@Y[$d2],@Y[$d1]
+||	 MV	@Y[$d3],@Y[$d2]
+|| [B0]	ROTL	@X[$b1],12,@X[$b1]
+|| [B0]	ROTL	@X[$b2],12,@X[$b2]
+	 ROTL	@Y[$b0],7,@Y[$b1]	; avoided cross-path stall
+||	 ROTL	@Y[$b1],7,@Y[$b2]
+	 ROTL	@Y[$b2],7,@Y[$b3]
+||	 ROTL	@Y[$b3],7,@Y[$b0]
+bottom2x2?:
+___
+}
+
+$code.=<<___;
+	ADD	@K2x[0],@X[0],@X[0]	; accumulate key material
+||	ADD	@K2x[1],@X[1],@X[1]
+||	ADD	@K2x[2],@X[2],@X[2]
+||	ADD	@K2x[3],@X[3],@X[3]
+	 ADD	@K2x[0],@Y[0],@Y[0]
+||	 ADD	@K2x[1],@Y[1],@Y[1]
+||	 ADD	@K2x[2],@Y[2],@Y[2]
+||	 ADD	@K2x[3],@Y[3],@Y[3]
+||	LDNDW	*${INP}++[8],@DAT[1]:@DAT[0]
+	ADD	@K2x[4],@X[4],@X[4]
+||	ADD	@K2x[5],@X[5],@X[5]
+||	ADD	@K2x[6],@X[6],@X[6]
+||	ADD	@K2x[7],@X[7],@X[7]
+||	LDNDW	*${INP}[-7],@DAT[3]:@DAT[2]
+	 ADD	@K2x[4],@Y[4],@Y[4]
+||	 ADD	@K2x[5],@Y[5],@Y[5]
+||	 ADD	@K2x[6],@Y[6],@Y[6]
+||	 ADD	@K2x[7],@Y[7],@Y[7]
+||	LDNDW	*${INP}[-6],@DAT[5]:@DAT[4]
+	ADD	@K2x[8],@X[8],@X[8]
+||	ADD	@K2x[9],@X[9],@X[9]
+||	ADD	@K2x[10],@X[10],@X[10]
+||	ADD	@K2x[11],@X[11],@X[11]
+||	LDNDW	*${INP}[-5],@DAT[7]:@DAT[6]
+	 ADD	@K2x[8],@Y[8],@Y[8]
+||	 ADD	@K2x[9],@Y[9],@Y[9]
+||	 ADD	@K2x[10],@Y[10],@Y[10]
+||	 ADD	@K2x[11],@Y[11],@Y[11]
+||	LDNDW	*${INP}[-4],@DAT[9]:@DAT[8]
+	ADD	@K2x[12],@X[12],@X[12]
+||	ADD	@K2x[13],@X[13],@X[13]
+||	ADD	@K2x[14],@X[14],@X[14]
+||	ADD	@K2x[15],@X[15],@X[15]
+||	LDNDW	*${INP}[-3],@DAT[11]:@DAT[10]
+	 ADD	@K2x[12],@Y[12],@Y[12]
+||	 ADD	@K2x[13],@Y[13],@Y[13]
+||	 ADD	@K2x[14],@Y[14],@Y[14]
+||	 ADD	@K2x[15],@Y[15],@Y[15]
+||	LDNDW	*${INP}[-2],@DAT[13]:@DAT[12]
+	 ADD	1,@Y[12],@Y[12]		; adjust counter for 2nd block
+||	ADD	2,@K2x[12],@K2x[12]	; increment counter
+||	LDNDW	*${INP}[-1],@DAT[15]:@DAT[14]
+
+	.if	.BIG_ENDIAN
+	SWAP2	@X[0],@X[0]
+||	SWAP2	@X[1],@X[1]
+||	SWAP2	@X[2],@X[2]
+||	SWAP2	@X[3],@X[3]
+	SWAP2	@X[4],@X[4]
+||	SWAP2	@X[5],@X[5]
+||	SWAP2	@X[6],@X[6]
+||	SWAP2	@X[7],@X[7]
+	SWAP2	@X[8],@X[8]
+||	SWAP2	@X[9],@X[9]
+||	SWAP4	@X[0],@X[1]
+||	SWAP4	@X[1],@X[0]
+	SWAP2	@X[10],@X[10]
+||	SWAP2	@X[11],@X[11]
+||	SWAP4	@X[2],@X[3]
+||	SWAP4	@X[3],@X[2]
+	SWAP2	@X[12],@X[12]
+||	SWAP2	@X[13],@X[13]
+||	SWAP4	@X[4],@X[5]
+||	SWAP4	@X[5],@X[4]
+	SWAP2	@X[14],@X[14]
+||	SWAP2	@X[15],@X[15]
+||	SWAP4	@X[6],@X[7]
+||	SWAP4	@X[7],@X[6]
+	SWAP4	@X[8],@X[9]
+||	SWAP4	@X[9],@X[8]
+||	 SWAP2	@Y[0],@Y[0]
+||	 SWAP2	@Y[1],@Y[1]
+	SWAP4	@X[10],@X[11]
+||	SWAP4	@X[11],@X[10]
+||	 SWAP2	@Y[2],@Y[2]
+||	 SWAP2	@Y[3],@Y[3]
+	SWAP4	@X[12],@X[13]
+||	SWAP4	@X[13],@X[12]
+||	 SWAP2	@Y[4],@Y[4]
+||	 SWAP2	@Y[5],@Y[5]
+	SWAP4	@X[14],@X[15]
+||	SWAP4	@X[15],@X[14]
+||	 SWAP2	@Y[6],@Y[6]
+||	 SWAP2	@Y[7],@Y[7]
+	 SWAP2	@Y[8],@Y[8]
+||	 SWAP2	@Y[9],@Y[9]
+||	 SWAP4	@Y[0],@Y[1]
+||	 SWAP4	@Y[1],@Y[0]
+	 SWAP2	@Y[10],@Y[10]
+||	 SWAP2	@Y[11],@Y[11]
+||	 SWAP4	@Y[2],@Y[3]
+||	 SWAP4	@Y[3],@Y[2]
+	 SWAP2	@Y[12],@Y[12]
+||	 SWAP2	@Y[13],@Y[13]
+||	 SWAP4	@Y[4],@Y[5]
+||	 SWAP4	@Y[5],@Y[4]
+	 SWAP2	@Y[14],@Y[14]
+||	 SWAP2	@Y[15],@Y[15]
+||	 SWAP4	@Y[6],@Y[7]
+||	 SWAP4	@Y[7],@Y[6]
+	 SWAP4	@Y[8],@Y[9]
+||	 SWAP4	@Y[9],@Y[8]
+	 SWAP4	@Y[10],@Y[11]
+||	 SWAP4	@Y[11],@Y[10]
+	 SWAP4	@Y[12],@Y[13]
+||	 SWAP4	@Y[13],@Y[12]
+	 SWAP4	@Y[14],@Y[15]
+||	 SWAP4	@Y[15],@Y[14]
+	.endif
+
+	XOR	@DAT[0],@X[0],@X[0]	; xor 1st block
+||	XOR	@DAT[3],@X[3],@X[3]
+||	XOR	@DAT[2],@X[2],@X[1]
+||	XOR	@DAT[1],@X[1],@X[2]
+||	LDNDW	*${INP}++[8],@DAT[1]:@DAT[0]
+	XOR	@DAT[4],@X[4],@X[4]
+||	XOR	@DAT[7],@X[7],@X[7]
+||	LDNDW	*${INP}[-7],@DAT[3]:@DAT[2]
+	XOR	@DAT[6],@X[6],@X[5]
+||	XOR	@DAT[5],@X[5],@X[6]
+||	LDNDW	*${INP}[-6],@DAT[5]:@DAT[4]
+	XOR	@DAT[8],@X[8],@X[8]
+||	XOR	@DAT[11],@X[11],@X[11]
+||	LDNDW	*${INP}[-5],@DAT[7]:@DAT[6]
+	XOR	@DAT[10],@X[10],@X[9]
+||	XOR	@DAT[9],@X[9],@X[10]
+||	LDNDW	*${INP}[-4],@DAT[9]:@DAT[8]
+	XOR	@DAT[12],@X[12],@X[12]
+||	XOR	@DAT[15],@X[15],@X[15]
+||	LDNDW	*${INP}[-3],@DAT[11]:@DAT[10]
+	XOR	@DAT[14],@X[14],@X[13]
+||	XOR	@DAT[13],@X[13],@X[14]
+||	LDNDW	*${INP}[-2],@DAT[13]:@DAT[12]
+   [A0]	SUB	A0,$STEP,A0		; SUB	A0,128,A0
+||	LDNDW	*${INP}[-1],@DAT[15]:@DAT[14]
+
+	XOR	@Y[0],@DAT[0],@DAT[0]	; xor 2nd block
+||	XOR	@Y[1],@DAT[1],@DAT[1]
+||	STNDW	@X[2]:@X[0],*${OUT}++[8]
+	XOR	@Y[2],@DAT[2],@DAT[2]
+||	XOR	@Y[3],@DAT[3],@DAT[3]
+||	STNDW	@X[3]:@X[1],*${OUT}[-7]
+	XOR	@Y[4],@DAT[4],@DAT[4]
+|| [A0]	LDDW	*FP[-12],@X[2]:@X[0]	; re-load key material from stack
+|| [A0]	LDDW	*SP[2],  @X[3]:@X[1]
+	XOR	@Y[5],@DAT[5],@DAT[5]
+||	STNDW	@X[6]:@X[4],*${OUT}[-6]
+	XOR	@Y[6],@DAT[6],@DAT[6]
+||	XOR	@Y[7],@DAT[7],@DAT[7]
+||	STNDW	@X[7]:@X[5],*${OUT}[-5]
+	XOR	@Y[8],@DAT[8],@DAT[8]
+|| [A0]	LDDW	*FP[-10],@X[6]:@X[4]
+|| [A0]	LDDW	*SP[4],  @X[7]:@X[5]
+	XOR	@Y[9],@DAT[9],@DAT[9]
+||	STNDW	@X[10]:@X[8],*${OUT}[-4]
+	XOR	@Y[10],@DAT[10],@DAT[10]
+||	XOR	@Y[11],@DAT[11],@DAT[11]
+||	STNDW	@X[11]:@X[9],*${OUT}[-3]
+	XOR	@Y[12],@DAT[12],@DAT[12]
+|| [A0]	LDDW	*FP[-8], @X[10]:@X[8]
+|| [A0]	LDDW	*SP[6],  @X[11]:@X[9]
+	XOR	@Y[13],@DAT[13],@DAT[13]
+||	STNDW	@X[14]:@X[12],*${OUT}[-2]
+	XOR	@Y[14],@DAT[14],@DAT[14]
+||	XOR	@Y[15],@DAT[15],@DAT[15]
+||	STNDW	@X[15]:@X[13],*${OUT}[-1]
+
+   [A0]	MV	@K2x[12],@X[12]
+|| [A0]	MV	@K2x[13],@X[13]
+|| [A0]	LDW	*FP[-6*2], @X[14]
+|| [A0]	LDW	*SP[8*2],  @X[15]
+
+   [A0]	DMV	@X[2],@X[0],@Y[2]:@Y[0]	; duplicate key material
+||	STNDW	@DAT[1]:@DAT[0],*${OUT}++[8]
+   [A0]	DMV	@X[3],@X[1],@Y[3]:@Y[1]
+||	STNDW	@DAT[3]:@DAT[2],*${OUT}[-7]
+   [A0]	DMV	@X[6],@X[4],@Y[6]:@Y[4]
+||	STNDW	@DAT[5]:@DAT[4],*${OUT}[-6]
+||	CMPLTU	A0,$STEP,A1		; is remaining length < 2*blocks?
+||[!A0]	BNOP	epilogue?
+   [A0]	DMV	@X[7],@X[5],@Y[7]:@Y[5]
+||	STNDW	@DAT[7]:@DAT[6],*${OUT}[-5]
+||[!A1]	BNOP	outer2x?
+   [A0]	DMV	@X[10],@X[8],@Y[10]:@Y[8]
+||	STNDW	@DAT[9]:@DAT[8],*${OUT}[-4]
+   [A0]	DMV	@X[11],@X[9],@Y[11]:@Y[9]
+||	STNDW	@DAT[11]:@DAT[10],*${OUT}[-3]
+   [A0]	DMV	@X[14],@X[12],@Y[14]:@Y[12]
+||	STNDW	@DAT[13]:@DAT[12],*${OUT}[-2]
+   [A0]	DMV	@X[15],@X[13],@Y[15]:@Y[13]
+||	STNDW	@DAT[15]:@DAT[14],*${OUT}[-1]
+;;===== branch to epilogue? is taken here
+   [A1]	MVK	64,$STEP
+|| [A0]	MVK	10,B0			; inner loop counter
+;;===== branch to outer2x? is taken here
+___
+{
+my ($a0,$a1,$a2,$a3) = (0..3);
+my ($b0,$b1,$b2,$b3) = (4..7);
+my ($c0,$c1,$c2,$c3) = (8..11);
+my ($d0,$d1,$d2,$d3) = (12..15);
+
+$code.=<<___;
+top1x?:
+	ADD	@X[$b1],@X[$a1],@X[$a1]
+||	ADD	@X[$b2],@X[$a2],@X[$a2]
+	ADD	@X[$b0],@X[$a0],@X[$a0]
+||	ADD	@X[$b3],@X[$a3],@X[$a3]
+||	XOR	@X[$a1],@X[$d1],@X[$d1]
+||	XOR	@X[$a2],@X[$d2],@X[$d2]
+	XOR	@X[$a0],@X[$d0],@X[$d0]
+||	XOR	@X[$a3],@X[$d3],@X[$d3]
+||	SWAP2	@X[$d1],@X[$d1]		; rotate by 16
+||	SWAP2	@X[$d2],@X[$d2]
+	SWAP2	@X[$d0],@X[$d0]
+||	SWAP2	@X[$d3],@X[$d3]
+
+||	ADD	@X[$d1],@X[$c1],@X[$c1]
+||	ADD	@X[$d2],@X[$c2],@X[$c2]
+	ADD	@X[$d0],@X[$c0],@X[$c0]
+||	ADD	@X[$d3],@X[$c3],@X[$c3]
+||	XOR	@X[$c1],@X[$b1],@X[$b1]
+||	XOR	@X[$c2],@X[$b2],@X[$b2]
+	XOR	@X[$c0],@X[$b0],@X[$b0]
+||	XOR	@X[$c3],@X[$b3],@X[$b3]
+||	ROTL	@X[$b1],12,@X[$b1]
+||	ROTL	@X[$b2],12,@X[$b2]
+	ROTL	@X[$b0],12,@X[$b0]
+||	ROTL	@X[$b3],12,@X[$b3]
+
+	ADD	@X[$b1],@X[$a1],@X[$a1]
+||	ADD	@X[$b2],@X[$a2],@X[$a2]
+	ADD	@X[$b0],@X[$a0],@X[$a0]
+||	ADD	@X[$b3],@X[$a3],@X[$a3]
+||	XOR	@X[$a1],@X[$d1],@X[$d1]
+||	XOR	@X[$a2],@X[$d2],@X[$d2]
+	XOR	@X[$a0],@X[$d0],@X[$d0]
+||	XOR	@X[$a3],@X[$d3],@X[$d3]
+||	ROTL	@X[$d1],8,@X[$d1]
+||	ROTL	@X[$d2],8,@X[$d2]
+	ROTL	@X[$d0],8,@X[$d0]
+||	ROTL	@X[$d3],8,@X[$d3]
+||	BNOP	middle1x?		; protect from interrupt
+
+	ADD	@X[$d1],@X[$c1],@X[$c1]
+||	ADD	@X[$d2],@X[$c2],@X[$c2]
+	ADD	@X[$d0],@X[$c0],@X[$c0]
+||	ADD	@X[$d3],@X[$c3],@X[$c3]
+||	XOR	@X[$c1],@X[$b1],@X[$b1]
+||	XOR	@X[$c2],@X[$b2],@X[$b2]
+||	ROTL	@X[$d1],0,@X[$d2]	; moved to avoid cross-path stall
+||	ROTL	@X[$d2],0,@X[$d3]
+	XOR	@X[$c0],@X[$b0],@X[$b0]
+||	XOR	@X[$c3],@X[$b3],@X[$b3]
+||	ROTL	@X[$d0],0,@X[$d1]
+||	ROTL	@X[$d3],0,@X[$d0]
+	ROTL	@X[$b1],7,@X[$b0]	; avoided cross-path stall
+||	ROTL	@X[$b2],7,@X[$b1]
+	ROTL	@X[$b0],7,@X[$b3]
+||	ROTL	@X[$b3],7,@X[$b2]
+middle1x?:
+
+	ADD	@X[$b0],@X[$a0],@X[$a0]
+||	ADD	@X[$b1],@X[$a1],@X[$a1]
+	ADD	@X[$b2],@X[$a2],@X[$a2]
+||	ADD	@X[$b3],@X[$a3],@X[$a3]
+||	XOR	@X[$a0],@X[$d0],@X[$d0]
+||	XOR	@X[$a1],@X[$d1],@X[$d1]
+	XOR	@X[$a2],@X[$d2],@X[$d2]
+||	XOR	@X[$a3],@X[$d3],@X[$d3]
+||	SWAP2	@X[$d0],@X[$d0]		; rotate by 16
+||	SWAP2	@X[$d1],@X[$d1]
+	SWAP2	@X[$d2],@X[$d2]
+||	SWAP2	@X[$d3],@X[$d3]
+
+||	ADD	@X[$d0],@X[$c2],@X[$c2]
+||	ADD	@X[$d1],@X[$c3],@X[$c3]
+	ADD	@X[$d2],@X[$c0],@X[$c0]
+||	ADD	@X[$d3],@X[$c1],@X[$c1]
+||	XOR	@X[$c2],@X[$b0],@X[$b0]
+||	XOR	@X[$c3],@X[$b1],@X[$b1]
+	XOR	@X[$c0],@X[$b2],@X[$b2]
+||	XOR	@X[$c1],@X[$b3],@X[$b3]
+||	ROTL	@X[$b0],12,@X[$b0]
+||	ROTL	@X[$b1],12,@X[$b1]
+	ROTL	@X[$b2],12,@X[$b2]
+||	ROTL	@X[$b3],12,@X[$b3]
+
+	ADD	@X[$b0],@X[$a0],@X[$a0]
+||	ADD	@X[$b1],@X[$a1],@X[$a1]
+|| [B0]	SUB	B0,1,B0			; decrement inner loop counter
+	ADD	@X[$b2],@X[$a2],@X[$a2]
+||	ADD	@X[$b3],@X[$a3],@X[$a3]
+||	XOR	@X[$a0],@X[$d0],@X[$d0]
+||	XOR	@X[$a1],@X[$d1],@X[$d1]
+	XOR	@X[$a2],@X[$d2],@X[$d2]
+||	XOR	@X[$a3],@X[$d3],@X[$d3]
+||	ROTL	@X[$d0],8,@X[$d0]
+||	ROTL	@X[$d1],8,@X[$d1]
+	ROTL	@X[$d2],8,@X[$d2]
+||	ROTL	@X[$d3],8,@X[$d3]
+|| [B0]	BNOP	top1x?			; even protects from interrupt
+
+	ADD	@X[$d0],@X[$c2],@X[$c2]
+||	ADD	@X[$d1],@X[$c3],@X[$c3]
+	ADD	@X[$d2],@X[$c0],@X[$c0]
+||	ADD	@X[$d3],@X[$c1],@X[$c1]
+||	XOR	@X[$c2],@X[$b0],@X[$b0]
+||	XOR	@X[$c3],@X[$b1],@X[$b1]
+||	ROTL	@X[$d0],0,@X[$d3]	; moved to avoid cross-path stall
+||	ROTL	@X[$d1],0,@X[$d0]
+	XOR	@X[$c0],@X[$b2],@X[$b2]
+||	XOR	@X[$c1],@X[$b3],@X[$b3]
+||	ROTL	@X[$d2],0,@X[$d1]
+||	ROTL	@X[$d3],0,@X[$d2]
+	ROTL	@X[$b0],7,@X[$b1]	; avoided cross-path stall
+||	ROTL	@X[$b1],7,@X[$b2]
+	ROTL	@X[$b2],7,@X[$b3]
+||	ROTL	@X[$b3],7,@X[$b0]
+||[!B0]	CMPLTU	A0,$STEP,A1		; less than 64 bytes left?
+bottom1x?:
+___
+}
+
+$code.=<<___;
+	ADD	@Y[0],@X[0],@X[0]	; accumulate key material
+||	ADD	@Y[1],@X[1],@X[1]
+||	ADD	@Y[2],@X[2],@X[2]
+||	ADD	@Y[3],@X[3],@X[3]
+||[!A1]	LDNDW	*${INP}++[8],@DAT[1]:@DAT[0]
+|| [A1]	BNOP	tail?
+	ADD	@Y[4],@X[4],@X[4]
+||	ADD	@Y[5],@X[5],@X[5]
+||	ADD	@Y[6],@X[6],@X[6]
+||	ADD	@Y[7],@X[7],@X[7]
+||[!A1]	LDNDW	*${INP}[-7],@DAT[3]:@DAT[2]
+	ADD	@Y[8],@X[8],@X[8]
+||	ADD	@Y[9],@X[9],@X[9]
+||	ADD	@Y[10],@X[10],@X[10]
+||	ADD	@Y[11],@X[11],@X[11]
+||[!A1]	LDNDW	*${INP}[-6],@DAT[5]:@DAT[4]
+	ADD	@Y[12],@X[12],@X[12]
+||	ADD	@Y[13],@X[13],@X[13]
+||	ADD	@Y[14],@X[14],@X[14]
+||	ADD	@Y[15],@X[15],@X[15]
+||[!A1]	LDNDW	*${INP}[-5],@DAT[7]:@DAT[6]
+  [!A1]	LDNDW	*${INP}[-4],@DAT[9]:@DAT[8]
+  [!A1]	LDNDW	*${INP}[-3],@DAT[11]:@DAT[10]
+	LDNDW	*${INP}[-2],@DAT[13]:@DAT[12]
+	LDNDW	*${INP}[-1],@DAT[15]:@DAT[14]
+
+	.if	.BIG_ENDIAN
+	SWAP2	@X[0],@X[0]
+||	SWAP2	@X[1],@X[1]
+||	SWAP2	@X[2],@X[2]
+||	SWAP2	@X[3],@X[3]
+	SWAP2	@X[4],@X[4]
+||	SWAP2	@X[5],@X[5]
+||	SWAP2	@X[6],@X[6]
+||	SWAP2	@X[7],@X[7]
+	SWAP2	@X[8],@X[8]
+||	SWAP2	@X[9],@X[9]
+||	SWAP4	@X[0],@X[1]
+||	SWAP4	@X[1],@X[0]
+	SWAP2	@X[10],@X[10]
+||	SWAP2	@X[11],@X[11]
+||	SWAP4	@X[2],@X[3]
+||	SWAP4	@X[3],@X[2]
+	SWAP2	@X[12],@X[12]
+||	SWAP2	@X[13],@X[13]
+||	SWAP4	@X[4],@X[5]
+||	SWAP4	@X[5],@X[4]
+	SWAP2	@X[14],@X[14]
+||	SWAP2	@X[15],@X[15]
+||	SWAP4	@X[6],@X[7]
+||	SWAP4	@X[7],@X[6]
+	SWAP4	@X[8],@X[9]
+||	SWAP4	@X[9],@X[8]
+	SWAP4	@X[10],@X[11]
+||	SWAP4	@X[11],@X[10]
+	SWAP4	@X[12],@X[13]
+||	SWAP4	@X[13],@X[12]
+	SWAP4	@X[14],@X[15]
+||	SWAP4	@X[15],@X[14]
+	.else
+	NOP	1
+	.endif
+
+	XOR	@X[0],@DAT[0],@DAT[0]	; xor with input
+||	XOR	@X[1],@DAT[1],@DAT[1]
+||	XOR	@X[2],@DAT[2],@DAT[2]
+||	XOR	@X[3],@DAT[3],@DAT[3]
+|| [A0]	SUB	A0,$STEP,A0		; SUB	A0,64,A0
+	XOR	@X[4],@DAT[4],@DAT[4]
+||	XOR	@X[5],@DAT[5],@DAT[5]
+||	XOR	@X[6],@DAT[6],@DAT[6]
+||	XOR	@X[7],@DAT[7],@DAT[7]
+||	STNDW	@DAT[1]:@DAT[0],*${OUT}++[8]
+	XOR	@X[8],@DAT[8],@DAT[8]
+||	XOR	@X[9],@DAT[9],@DAT[9]
+||	XOR	@X[10],@DAT[10],@DAT[10]
+||	XOR	@X[11],@DAT[11],@DAT[11]
+||	STNDW	@DAT[3]:@DAT[2],*${OUT}[-7]
+	XOR	@X[12],@DAT[12],@DAT[12]
+||	XOR	@X[13],@DAT[13],@DAT[13]
+||	XOR	@X[14],@DAT[14],@DAT[14]
+||	XOR	@X[15],@DAT[15],@DAT[15]
+||	STNDW	@DAT[5]:@DAT[4],*${OUT}[-6]
+|| [A0]	BNOP	top1x?
+   [A0]	DMV	@Y[2],@Y[0],@X[2]:@X[0]	; duplicate key material
+|| [A0]	DMV	@Y[3],@Y[1],@X[3]:@X[1]
+||	STNDW	@DAT[7]:@DAT[6],*${OUT}[-5]
+   [A0]	DMV	@Y[6],@Y[4],@X[6]:@X[4]
+|| [A0]	DMV	@Y[7],@Y[5],@X[7]:@X[5]
+||	STNDW	@DAT[9]:@DAT[8],*${OUT}[-4]
+   [A0]	DMV	@Y[10],@Y[8],@X[10]:@X[8]
+|| [A0]	DMV	@Y[11],@Y[9],@X[11]:@X[9]
+|| [A0]	ADD	1,@Y[12],@Y[12]		; increment counter
+||	STNDW	@DAT[11]:@DAT[10],*${OUT}[-3]
+   [A0]	DMV	@Y[14],@Y[12],@X[14]:@X[12]
+|| [A0]	DMV	@Y[15],@Y[13],@X[15]:@X[13]
+||	STNDW	@DAT[13]:@DAT[12],*${OUT}[-2]
+   [A0]	MVK	10,B0			; inner loop counter
+||	STNDW	@DAT[15]:@DAT[14],*${OUT}[-1]
+;;===== branch to top1x? is taken here
+
+epilogue?:
+	LDDW	*FP[-4],A11:A10		; ABI says so
+	LDDW	*FP[-3],A13:A12
+||	LDDW	*SP[3+8],B11:B10
+	LDDW	*SP[4+8],B13:B12
+||	BNOP	RA
+	LDW	*++SP(40+64),FP		; restore frame pointer
+	NOP	4
+
+tail?:
+	LDBU	*${INP}++[1],B24	; load byte by byte
+||	SUB	A0,1,A0
+||	SUB	A0,1,B1
+  [!B1]	BNOP	epilogue?		; interrupts are disabled for whole time
+|| [A0] LDBU	*${INP}++[1],B24
+|| [A0]	SUB	A0,1,A0
+||	SUB	B1,1,B1
+  [!B1]	BNOP	epilogue?
+|| [A0] LDBU	*${INP}++[1],B24
+|| [A0]	SUB	A0,1,A0
+||	SUB	B1,1,B1
+  [!B1]	BNOP	epilogue?
+||	ROTL	@X[0],0,A24
+|| [A0] LDBU	*${INP}++[1],B24
+|| [A0]	SUB	A0,1,A0
+||	SUB	B1,1,B1
+  [!B1]	BNOP	epilogue?
+||	ROTL	@X[0],24,A24
+|| [A0] LDBU	*${INP}++[1],A24
+|| [A0]	SUB	A0,1,A0
+||	SUB	B1,1,B1
+  [!B1]	BNOP	epilogue?
+||	ROTL	@X[0],16,A24
+|| [A0] LDBU	*${INP}++[1],A24
+|| [A0]	SUB	A0,1,A0
+||	SUB	B1,1,B1
+||	XOR	A24,B24,B25
+	STB	B25,*${OUT}++[1]	; store byte by byte
+||[!B1]	BNOP	epilogue?
+||	ROTL	@X[0],8,A24
+|| [A0] LDBU	*${INP}++[1],A24
+|| [A0]	SUB	A0,1,A0
+||	SUB	B1,1,B1
+||	XOR	A24,B24,B25
+	STB	B25,*${OUT}++[1]
+___
+sub TAIL_STEP {
+my $Xi= shift;
+my $T = ($Xi=~/^B/?"B24":"A24");	# match @X[i] to avoid cross path
+my $D = $T; $D=~tr/AB/BA/;
+my $O = $D; $O=~s/24/25/;
+
+$code.=<<___;
+||[!B1]	BNOP	epilogue?
+||	ROTL	$Xi,0,$T
+|| [A0] LDBU	*${INP}++[1],$D
+|| [A0]	SUB	A0,1,A0
+||	SUB	B1,1,B1
+||	XOR	A24,B24,$O
+	STB	$O,*${OUT}++[1]
+||[!B1]	BNOP	epilogue?
+||	ROTL	$Xi,24,$T
+|| [A0] LDBU	*${INP}++[1],$T
+|| [A0]	SUB	A0,1,A0
+||	SUB	B1,1,B1
+||	XOR	A24,B24,$O
+	STB	$O,*${OUT}++[1]
+||[!B1]	BNOP	epilogue?
+||	ROTL	$Xi,16,$T
+|| [A0] LDBU	*${INP}++[1],$T
+|| [A0]	SUB	A0,1,A0
+||	SUB	B1,1,B1
+||	XOR	A24,B24,$O
+	STB	$O,*${OUT}++[1]
+||[!B1]	BNOP	epilogue?
+||	ROTL	$Xi,8,$T
+|| [A0] LDBU	*${INP}++[1],$T
+|| [A0]	SUB	A0,1,A0
+||	SUB	B1,1,B1
+||	XOR	A24,B24,$O
+	STB	$O,*${OUT}++[1]
+___
+}
+	foreach (1..14) { TAIL_STEP(@X[$_]); }
+$code.=<<___;
+||[!B1]	BNOP	epilogue?
+||	ROTL	@X[15],0,B24
+||	XOR	A24,B24,A25
+	STB	A25,*${OUT}++[1]
+||	ROTL	@X[15],24,B24
+||	XOR	A24,B24,A25
+	STB	A25,*${OUT}++[1]
+||	ROTL	@X[15],16,B24
+||	XOR	A24,B24,A25
+	STB	A25,*${OUT}++[1]
+||	XOR	A24,B24,A25
+	STB	A25,*${OUT}++[1]
+||	XOR	A24,B24,B25
+	STB	B25,*${OUT}++[1]
+	.endasmfunc
+
+	.sect	.const
+	.cstring "ChaCha20 for C64x+, CRYPTOGAMS by <appro\@openssl.org>"
+	.align	4
+___
+
+print $code;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/asm/chacha-ppc.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/asm/chacha-ppc.pl
new file mode 100755
index 000000000..f4f8610bf
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/asm/chacha-ppc.pl
@@ -0,0 +1,1348 @@
+#! /usr/bin/env perl
+# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# October 2015
+#
+# ChaCha20 for PowerPC/AltiVec.
+#
+# June 2018
+#
+# Add VSX 2.07 code path. Original 3xAltiVec+1xIALU is well-suited for
+# processors that can't issue more than one vector instruction per
+# cycle. But POWER8 (and POWER9) can issue a pair, and vector-only 4x
+# interleave would perform better. Incidentally PowerISA 2.07 (first
+# implemented by POWER8) defined new usable instructions, hence 4xVSX
+# code path...
+#
+# Performance in cycles per byte out of large buffer.
+#
+#			IALU/gcc-4.x    3xAltiVec+1xIALU	4xVSX
+#
+# Freescale e300	13.6/+115%	-			-
+# PPC74x0/G4e		6.81/+310%	3.81			-
+# PPC970/G5		9.29/+160%	?			-
+# POWER7		8.62/+61%	3.35			-
+# POWER8		8.70/+51%	2.91			2.09
+# POWER9		8.80/+29%	4.44(*)			2.45(**)
+#
+# (*)	this is trade-off result, it's possible to improve it, but
+#	then it would negatively affect all others;
+# (**)	POWER9 seems to be "allergic" to mixing vector and integer
+#	instructions, which is why switch to vector-only code pays
+#	off that much;
+
+$flavour = shift;
+
+if ($flavour =~ /64/) {
+	$SIZE_T	=8;
+	$LRSAVE	=2*$SIZE_T;
+	$STU	="stdu";
+	$POP	="ld";
+	$PUSH	="std";
+	$UCMP	="cmpld";
+} elsif ($flavour =~ /32/) {
+	$SIZE_T	=4;
+	$LRSAVE	=$SIZE_T;
+	$STU	="stwu";
+	$POP	="lwz";
+	$PUSH	="stw";
+	$UCMP	="cmplw";
+} else { die "nonsense $flavour"; }
+
+$LITTLE_ENDIAN = ($flavour=~/le$/) ? 1 : 0;
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
+die "can't locate ppc-xlate.pl";
+
+open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!";
+
+$LOCALS=6*$SIZE_T;
+$FRAME=$LOCALS+64+18*$SIZE_T;	# 64 is for local variables
+
+sub AUTOLOAD()		# thunk [simplified] x86-style perlasm
+{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://; $opcode =~ s/_/\./;
+    $code .= "\t$opcode\t".join(',',@_)."\n";
+}
+
+my $sp = "r1";
+
+my ($out,$inp,$len,$key,$ctr) = map("r$_",(3..7));
+
+my @x=map("r$_",(16..31));
+my @d=map("r$_",(11,12,14,15));
+my @t=map("r$_",(7..10));
+
+sub ROUND {
+my ($a0,$b0,$c0,$d0)=@_;
+my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0));
+my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1));
+my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2));
+
+    (
+	"&add		(@x[$a0],@x[$a0],@x[$b0])",
+	 "&add		(@x[$a1],@x[$a1],@x[$b1])",
+	  "&add		(@x[$a2],@x[$a2],@x[$b2])",
+	   "&add	(@x[$a3],@x[$a3],@x[$b3])",
+	"&xor		(@x[$d0],@x[$d0],@x[$a0])",
+	 "&xor		(@x[$d1],@x[$d1],@x[$a1])",
+	  "&xor		(@x[$d2],@x[$d2],@x[$a2])",
+	   "&xor	(@x[$d3],@x[$d3],@x[$a3])",
+	"&rotlwi	(@x[$d0],@x[$d0],16)",
+	 "&rotlwi	(@x[$d1],@x[$d1],16)",
+	  "&rotlwi	(@x[$d2],@x[$d2],16)",
+	   "&rotlwi	(@x[$d3],@x[$d3],16)",
+
+	"&add		(@x[$c0],@x[$c0],@x[$d0])",
+	 "&add		(@x[$c1],@x[$c1],@x[$d1])",
+	  "&add		(@x[$c2],@x[$c2],@x[$d2])",
+	   "&add	(@x[$c3],@x[$c3],@x[$d3])",
+	"&xor		(@x[$b0],@x[$b0],@x[$c0])",
+	 "&xor		(@x[$b1],@x[$b1],@x[$c1])",
+	  "&xor		(@x[$b2],@x[$b2],@x[$c2])",
+	   "&xor	(@x[$b3],@x[$b3],@x[$c3])",
+	"&rotlwi	(@x[$b0],@x[$b0],12)",
+	 "&rotlwi	(@x[$b1],@x[$b1],12)",
+	  "&rotlwi	(@x[$b2],@x[$b2],12)",
+	   "&rotlwi	(@x[$b3],@x[$b3],12)",
+
+	"&add		(@x[$a0],@x[$a0],@x[$b0])",
+	 "&add		(@x[$a1],@x[$a1],@x[$b1])",
+	  "&add		(@x[$a2],@x[$a2],@x[$b2])",
+	   "&add	(@x[$a3],@x[$a3],@x[$b3])",
+	"&xor		(@x[$d0],@x[$d0],@x[$a0])",
+	 "&xor		(@x[$d1],@x[$d1],@x[$a1])",
+	  "&xor		(@x[$d2],@x[$d2],@x[$a2])",
+	   "&xor	(@x[$d3],@x[$d3],@x[$a3])",
+	"&rotlwi	(@x[$d0],@x[$d0],8)",
+	 "&rotlwi	(@x[$d1],@x[$d1],8)",
+	  "&rotlwi	(@x[$d2],@x[$d2],8)",
+	   "&rotlwi	(@x[$d3],@x[$d3],8)",
+
+	"&add		(@x[$c0],@x[$c0],@x[$d0])",
+	 "&add		(@x[$c1],@x[$c1],@x[$d1])",
+	  "&add		(@x[$c2],@x[$c2],@x[$d2])",
+	   "&add	(@x[$c3],@x[$c3],@x[$d3])",
+	"&xor		(@x[$b0],@x[$b0],@x[$c0])",
+	 "&xor		(@x[$b1],@x[$b1],@x[$c1])",
+	  "&xor		(@x[$b2],@x[$b2],@x[$c2])",
+	   "&xor	(@x[$b3],@x[$b3],@x[$c3])",
+	"&rotlwi	(@x[$b0],@x[$b0],7)",
+	 "&rotlwi	(@x[$b1],@x[$b1],7)",
+	  "&rotlwi	(@x[$b2],@x[$b2],7)",
+	   "&rotlwi	(@x[$b3],@x[$b3],7)"
+    );
+}
+
+$code.=<<___;
+.machine	"any"
+.text
+
+.globl	.ChaCha20_ctr32_int
+.align	5
+.ChaCha20_ctr32_int:
+__ChaCha20_ctr32_int:
+	${UCMP}i $len,0
+	beqlr-
+
+	$STU	$sp,-$FRAME($sp)
+	mflr	r0
+
+	$PUSH	r14,`$FRAME-$SIZE_T*18`($sp)
+	$PUSH	r15,`$FRAME-$SIZE_T*17`($sp)
+	$PUSH	r16,`$FRAME-$SIZE_T*16`($sp)
+	$PUSH	r17,`$FRAME-$SIZE_T*15`($sp)
+	$PUSH	r18,`$FRAME-$SIZE_T*14`($sp)
+	$PUSH	r19,`$FRAME-$SIZE_T*13`($sp)
+	$PUSH	r20,`$FRAME-$SIZE_T*12`($sp)
+	$PUSH	r21,`$FRAME-$SIZE_T*11`($sp)
+	$PUSH	r22,`$FRAME-$SIZE_T*10`($sp)
+	$PUSH	r23,`$FRAME-$SIZE_T*9`($sp)
+	$PUSH	r24,`$FRAME-$SIZE_T*8`($sp)
+	$PUSH	r25,`$FRAME-$SIZE_T*7`($sp)
+	$PUSH	r26,`$FRAME-$SIZE_T*6`($sp)
+	$PUSH	r27,`$FRAME-$SIZE_T*5`($sp)
+	$PUSH	r28,`$FRAME-$SIZE_T*4`($sp)
+	$PUSH	r29,`$FRAME-$SIZE_T*3`($sp)
+	$PUSH	r30,`$FRAME-$SIZE_T*2`($sp)
+	$PUSH	r31,`$FRAME-$SIZE_T*1`($sp)
+	$PUSH	r0,`$FRAME+$LRSAVE`($sp)
+
+	lwz	@d[0],0($ctr)			# load counter
+	lwz	@d[1],4($ctr)
+	lwz	@d[2],8($ctr)
+	lwz	@d[3],12($ctr)
+
+	bl	__ChaCha20_1x
+
+	$POP	r0,`$FRAME+$LRSAVE`($sp)
+	$POP	r14,`$FRAME-$SIZE_T*18`($sp)
+	$POP	r15,`$FRAME-$SIZE_T*17`($sp)
+	$POP	r16,`$FRAME-$SIZE_T*16`($sp)
+	$POP	r17,`$FRAME-$SIZE_T*15`($sp)
+	$POP	r18,`$FRAME-$SIZE_T*14`($sp)
+	$POP	r19,`$FRAME-$SIZE_T*13`($sp)
+	$POP	r20,`$FRAME-$SIZE_T*12`($sp)
+	$POP	r21,`$FRAME-$SIZE_T*11`($sp)
+	$POP	r22,`$FRAME-$SIZE_T*10`($sp)
+	$POP	r23,`$FRAME-$SIZE_T*9`($sp)
+	$POP	r24,`$FRAME-$SIZE_T*8`($sp)
+	$POP	r25,`$FRAME-$SIZE_T*7`($sp)
+	$POP	r26,`$FRAME-$SIZE_T*6`($sp)
+	$POP	r27,`$FRAME-$SIZE_T*5`($sp)
+	$POP	r28,`$FRAME-$SIZE_T*4`($sp)
+	$POP	r29,`$FRAME-$SIZE_T*3`($sp)
+	$POP	r30,`$FRAME-$SIZE_T*2`($sp)
+	$POP	r31,`$FRAME-$SIZE_T*1`($sp)
+	mtlr	r0
+	addi	$sp,$sp,$FRAME
+	blr
+	.long	0
+	.byte	0,12,4,1,0x80,18,5,0
+	.long	0
+.size	.ChaCha20_ctr32_int,.-.ChaCha20_ctr32_int
+
+.align	5
+__ChaCha20_1x:
+Loop_outer:
+	lis	@x[0],0x6170			# synthesize sigma
+	lis	@x[1],0x3320
+	lis	@x[2],0x7962
+	lis	@x[3],0x6b20
+	ori	@x[0],@x[0],0x7865
+	ori	@x[1],@x[1],0x646e
+	ori	@x[2],@x[2],0x2d32
+	ori	@x[3],@x[3],0x6574
+
+	li	r0,10				# inner loop counter
+	lwz	@x[4],0($key)			# load key
+	lwz	@x[5],4($key)
+	lwz	@x[6],8($key)
+	lwz	@x[7],12($key)
+	lwz	@x[8],16($key)
+	mr	@x[12],@d[0]			# copy counter
+	lwz	@x[9],20($key)
+	mr	@x[13],@d[1]
+	lwz	@x[10],24($key)
+	mr	@x[14],@d[2]
+	lwz	@x[11],28($key)
+	mr	@x[15],@d[3]
+
+	mr	@t[0],@x[4]
+	mr	@t[1],@x[5]
+	mr	@t[2],@x[6]
+	mr	@t[3],@x[7]
+
+	mtctr	r0
+Loop:
+___
+	foreach (&ROUND(0, 4, 8,12)) { eval; }
+	foreach (&ROUND(0, 5,10,15)) { eval; }
+$code.=<<___;
+	bdnz	Loop
+
+	subic	$len,$len,64			# $len-=64
+	addi	@x[0],@x[0],0x7865		# accumulate key block
+	addi	@x[1],@x[1],0x646e
+	addi	@x[2],@x[2],0x2d32
+	addi	@x[3],@x[3],0x6574
+	addis	@x[0],@x[0],0x6170
+	addis	@x[1],@x[1],0x3320
+	addis	@x[2],@x[2],0x7962
+	addis	@x[3],@x[3],0x6b20
+
+	subfe.	r0,r0,r0			# borrow?-1:0
+	add	@x[4],@x[4],@t[0]
+	lwz	@t[0],16($key)
+	add	@x[5],@x[5],@t[1]
+	lwz	@t[1],20($key)
+	add	@x[6],@x[6],@t[2]
+	lwz	@t[2],24($key)
+	add	@x[7],@x[7],@t[3]
+	lwz	@t[3],28($key)
+	add	@x[8],@x[8],@t[0]
+	add	@x[9],@x[9],@t[1]
+	add	@x[10],@x[10],@t[2]
+	add	@x[11],@x[11],@t[3]
+
+	add	@x[12],@x[12],@d[0]
+	add	@x[13],@x[13],@d[1]
+	add	@x[14],@x[14],@d[2]
+	add	@x[15],@x[15],@d[3]
+	addi	@d[0],@d[0],1			# increment counter
+___
+if (!$LITTLE_ENDIAN) { for($i=0;$i<16;$i++) {	# flip byte order
+$code.=<<___;
+	mr	@t[$i&3],@x[$i]
+	rotlwi	@x[$i],@x[$i],8
+	rlwimi	@x[$i],@t[$i&3],24,0,7
+	rlwimi	@x[$i],@t[$i&3],24,16,23
+___
+} }
+$code.=<<___;
+	bne	Ltail				# $len-=64 borrowed
+
+	lwz	@t[0],0($inp)			# load input, aligned or not
+	lwz	@t[1],4($inp)
+	${UCMP}i $len,0				# done already?
+	lwz	@t[2],8($inp)
+	lwz	@t[3],12($inp)
+	xor	@x[0],@x[0],@t[0]		# xor with input
+	lwz	@t[0],16($inp)
+	xor	@x[1],@x[1],@t[1]
+	lwz	@t[1],20($inp)
+	xor	@x[2],@x[2],@t[2]
+	lwz	@t[2],24($inp)
+	xor	@x[3],@x[3],@t[3]
+	lwz	@t[3],28($inp)
+	xor	@x[4],@x[4],@t[0]
+	lwz	@t[0],32($inp)
+	xor	@x[5],@x[5],@t[1]
+	lwz	@t[1],36($inp)
+	xor	@x[6],@x[6],@t[2]
+	lwz	@t[2],40($inp)
+	xor	@x[7],@x[7],@t[3]
+	lwz	@t[3],44($inp)
+	xor	@x[8],@x[8],@t[0]
+	lwz	@t[0],48($inp)
+	xor	@x[9],@x[9],@t[1]
+	lwz	@t[1],52($inp)
+	xor	@x[10],@x[10],@t[2]
+	lwz	@t[2],56($inp)
+	xor	@x[11],@x[11],@t[3]
+	lwz	@t[3],60($inp)
+	xor	@x[12],@x[12],@t[0]
+	stw	@x[0],0($out)			# store output, aligned or not
+	xor	@x[13],@x[13],@t[1]
+	stw	@x[1],4($out)
+	xor	@x[14],@x[14],@t[2]
+	stw	@x[2],8($out)
+	xor	@x[15],@x[15],@t[3]
+	stw	@x[3],12($out)
+	stw	@x[4],16($out)
+	stw	@x[5],20($out)
+	stw	@x[6],24($out)
+	stw	@x[7],28($out)
+	stw	@x[8],32($out)
+	stw	@x[9],36($out)
+	stw	@x[10],40($out)
+	stw	@x[11],44($out)
+	stw	@x[12],48($out)
+	stw	@x[13],52($out)
+	stw	@x[14],56($out)
+	addi	$inp,$inp,64
+	stw	@x[15],60($out)
+	addi	$out,$out,64
+
+	bne	Loop_outer
+
+	blr
+
+.align	4
+Ltail:
+	addi	$len,$len,64			# restore tail length
+	subi	$inp,$inp,1			# prepare for *++ptr
+	subi	$out,$out,1
+	addi	@t[0],$sp,$LOCALS-1
+	mtctr	$len
+
+	stw	@x[0],`$LOCALS+0`($sp)		# save whole block to stack
+	stw	@x[1],`$LOCALS+4`($sp)
+	stw	@x[2],`$LOCALS+8`($sp)
+	stw	@x[3],`$LOCALS+12`($sp)
+	stw	@x[4],`$LOCALS+16`($sp)
+	stw	@x[5],`$LOCALS+20`($sp)
+	stw	@x[6],`$LOCALS+24`($sp)
+	stw	@x[7],`$LOCALS+28`($sp)
+	stw	@x[8],`$LOCALS+32`($sp)
+	stw	@x[9],`$LOCALS+36`($sp)
+	stw	@x[10],`$LOCALS+40`($sp)
+	stw	@x[11],`$LOCALS+44`($sp)
+	stw	@x[12],`$LOCALS+48`($sp)
+	stw	@x[13],`$LOCALS+52`($sp)
+	stw	@x[14],`$LOCALS+56`($sp)
+	stw	@x[15],`$LOCALS+60`($sp)
+
+Loop_tail:					# byte-by-byte loop
+	lbzu	@d[0],1($inp)
+	lbzu	@x[0],1(@t[0])
+	xor	@d[1],@d[0],@x[0]
+	stbu	@d[1],1($out)
+	bdnz	Loop_tail
+
+	stw	$sp,`$LOCALS+0`($sp)		# wipe block on stack
+	stw	$sp,`$LOCALS+4`($sp)
+	stw	$sp,`$LOCALS+8`($sp)
+	stw	$sp,`$LOCALS+12`($sp)
+	stw	$sp,`$LOCALS+16`($sp)
+	stw	$sp,`$LOCALS+20`($sp)
+	stw	$sp,`$LOCALS+24`($sp)
+	stw	$sp,`$LOCALS+28`($sp)
+	stw	$sp,`$LOCALS+32`($sp)
+	stw	$sp,`$LOCALS+36`($sp)
+	stw	$sp,`$LOCALS+40`($sp)
+	stw	$sp,`$LOCALS+44`($sp)
+	stw	$sp,`$LOCALS+48`($sp)
+	stw	$sp,`$LOCALS+52`($sp)
+	stw	$sp,`$LOCALS+56`($sp)
+	stw	$sp,`$LOCALS+60`($sp)
+
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+___
+
+{{{
+my ($A0,$B0,$C0,$D0,$A1,$B1,$C1,$D1,$A2,$B2,$C2,$D2)
+				= map("v$_",(0..11));
+my @K				= map("v$_",(12..17));
+my ($FOUR,$sixteen,$twenty4)	= map("v$_",(18..19,23));
+my ($inpperm,$outperm,$outmask)	= map("v$_",(24..26));
+my @D				= map("v$_",(27..31));
+my ($twelve,$seven,$T0,$T1) = @D;
+
+my $FRAME=$LOCALS+64+10*16+18*$SIZE_T;	# 10*16 is for v23-v31 offload
+
+sub VMXROUND {
+my $odd = pop;
+my ($a,$b,$c,$d)=@_;
+
+	(
+	"&vadduwm	('$a','$a','$b')",
+	"&vxor		('$d','$d','$a')",
+	"&vperm		('$d','$d','$d','$sixteen')",
+
+	"&vadduwm	('$c','$c','$d')",
+	"&vxor		('$b','$b','$c')",
+	"&vrlw		('$b','$b','$twelve')",
+
+	"&vadduwm	('$a','$a','$b')",
+	"&vxor		('$d','$d','$a')",
+	"&vperm		('$d','$d','$d','$twenty4')",
+
+	"&vadduwm	('$c','$c','$d')",
+	"&vxor		('$b','$b','$c')",
+	"&vrlw		('$b','$b','$seven')",
+
+	"&vrldoi	('$c','$c',8)",
+	"&vrldoi	('$b','$b',$odd?4:12)",
+	"&vrldoi	('$d','$d',$odd?12:4)"
+	);
+}
+
+$code.=<<___;
+
+.globl	.ChaCha20_ctr32_vmx
+.align	5
+.ChaCha20_ctr32_vmx:
+	${UCMP}i $len,256
+	blt	__ChaCha20_ctr32_int
+
+	$STU	$sp,-$FRAME($sp)
+	mflr	r0
+	li	r10,`15+$LOCALS+64`
+	li	r11,`31+$LOCALS+64`
+	mfspr	r12,256
+	stvx	v23,r10,$sp
+	addi	r10,r10,32
+	stvx	v24,r11,$sp
+	addi	r11,r11,32
+	stvx	v25,r10,$sp
+	addi	r10,r10,32
+	stvx	v26,r11,$sp
+	addi	r11,r11,32
+	stvx	v27,r10,$sp
+	addi	r10,r10,32
+	stvx	v28,r11,$sp
+	addi	r11,r11,32
+	stvx	v29,r10,$sp
+	addi	r10,r10,32
+	stvx	v30,r11,$sp
+	stvx	v31,r10,$sp
+	stw	r12,`$FRAME-$SIZE_T*18-4`($sp)	# save vrsave
+	$PUSH	r14,`$FRAME-$SIZE_T*18`($sp)
+	$PUSH	r15,`$FRAME-$SIZE_T*17`($sp)
+	$PUSH	r16,`$FRAME-$SIZE_T*16`($sp)
+	$PUSH	r17,`$FRAME-$SIZE_T*15`($sp)
+	$PUSH	r18,`$FRAME-$SIZE_T*14`($sp)
+	$PUSH	r19,`$FRAME-$SIZE_T*13`($sp)
+	$PUSH	r20,`$FRAME-$SIZE_T*12`($sp)
+	$PUSH	r21,`$FRAME-$SIZE_T*11`($sp)
+	$PUSH	r22,`$FRAME-$SIZE_T*10`($sp)
+	$PUSH	r23,`$FRAME-$SIZE_T*9`($sp)
+	$PUSH	r24,`$FRAME-$SIZE_T*8`($sp)
+	$PUSH	r25,`$FRAME-$SIZE_T*7`($sp)
+	$PUSH	r26,`$FRAME-$SIZE_T*6`($sp)
+	$PUSH	r27,`$FRAME-$SIZE_T*5`($sp)
+	$PUSH	r28,`$FRAME-$SIZE_T*4`($sp)
+	$PUSH	r29,`$FRAME-$SIZE_T*3`($sp)
+	$PUSH	r30,`$FRAME-$SIZE_T*2`($sp)
+	$PUSH	r31,`$FRAME-$SIZE_T*1`($sp)
+	li	r12,-4096+511
+	$PUSH	r0, `$FRAME+$LRSAVE`($sp)
+	mtspr	256,r12				# preserve 29 AltiVec registers
+
+	bl	Lconsts				# returns pointer Lsigma in r12
+	li	@x[0],16
+	li	@x[1],32
+	li	@x[2],48
+	li	@x[3],64
+	li	@x[4],31			# 31 is not a typo
+	li	@x[5],15			# nor is 15
+
+	lvx	@K[1],0,$key			# load key
+	?lvsr	$T0,0,$key			# prepare unaligned load
+	lvx	@K[2],@x[0],$key
+	lvx	@D[0],@x[4],$key
+
+	lvx	@K[3],0,$ctr			# load counter
+	?lvsr	$T1,0,$ctr			# prepare unaligned load
+	lvx	@D[1],@x[5],$ctr
+
+	lvx	@K[0],0,r12			# load constants
+	lvx	@K[5],@x[0],r12			# one
+	lvx	$FOUR,@x[1],r12
+	lvx	$sixteen,@x[2],r12
+	lvx	$twenty4,@x[3],r12
+
+	?vperm	@K[1],@K[2],@K[1],$T0		# align key
+	?vperm	@K[2],@D[0],@K[2],$T0
+	?vperm	@K[3],@D[1],@K[3],$T1		# align counter
+
+	lwz	@d[0],0($ctr)			# load counter to GPR
+	lwz	@d[1],4($ctr)
+	vadduwm	@K[3],@K[3],@K[5]		# adjust AltiVec counter
+	lwz	@d[2],8($ctr)
+	vadduwm	@K[4],@K[3],@K[5]
+	lwz	@d[3],12($ctr)
+	vadduwm	@K[5],@K[4],@K[5]
+
+	vxor	$T0,$T0,$T0			# 0x00..00
+	vspltisw $outmask,-1			# 0xff..ff
+	?lvsr	$inpperm,0,$inp			# prepare for unaligned load
+	?lvsl	$outperm,0,$out			# prepare for unaligned store
+	?vperm	$outmask,$outmask,$T0,$outperm
+
+	be?lvsl	$T0,0,@x[0]			# 0x00..0f
+	be?vspltisb $T1,3			# 0x03..03
+	be?vxor	$T0,$T0,$T1			# swap bytes within words
+	be?vxor	$outperm,$outperm,$T1
+	be?vperm $inpperm,$inpperm,$inpperm,$T0
+
+	li	r0,10				# inner loop counter
+	b	Loop_outer_vmx
+
+.align	4
+Loop_outer_vmx:
+	lis	@x[0],0x6170			# synthesize sigma
+	lis	@x[1],0x3320
+	 vmr	$A0,@K[0]
+	lis	@x[2],0x7962
+	lis	@x[3],0x6b20
+	 vmr	$A1,@K[0]
+	ori	@x[0],@x[0],0x7865
+	ori	@x[1],@x[1],0x646e
+	 vmr	$A2,@K[0]
+	ori	@x[2],@x[2],0x2d32
+	ori	@x[3],@x[3],0x6574
+	 vmr	$B0,@K[1]
+
+	lwz	@x[4],0($key)			# load key to GPR
+	 vmr	$B1,@K[1]
+	lwz	@x[5],4($key)
+	 vmr	$B2,@K[1]
+	lwz	@x[6],8($key)
+	 vmr	$C0,@K[2]
+	lwz	@x[7],12($key)
+	 vmr	$C1,@K[2]
+	lwz	@x[8],16($key)
+	 vmr	$C2,@K[2]
+	mr	@x[12],@d[0]			# copy GPR counter
+	lwz	@x[9],20($key)
+	 vmr	$D0,@K[3]
+	mr	@x[13],@d[1]
+	lwz	@x[10],24($key)
+	 vmr	$D1,@K[4]
+	mr	@x[14],@d[2]
+	lwz	@x[11],28($key)
+	 vmr	$D2,@K[5]
+	mr	@x[15],@d[3]
+
+	mr	@t[0],@x[4]
+	mr	@t[1],@x[5]
+	mr	@t[2],@x[6]
+	mr	@t[3],@x[7]
+
+	vspltisw $twelve,12			# synthesize constants
+	vspltisw $seven,7
+
+	mtctr	r0
+	nop
+Loop_vmx:
+___
+	my @thread0=&VMXROUND($A0,$B0,$C0,$D0,0);
+	my @thread1=&VMXROUND($A1,$B1,$C1,$D1,0);
+	my @thread2=&VMXROUND($A2,$B2,$C2,$D2,0);
+	my @thread3=&ROUND(0,4,8,12);
+
+	foreach (@thread0) {
+		eval;
+		eval(shift(@thread1));
+		eval(shift(@thread2));
+
+		eval(shift(@thread3));
+		eval(shift(@thread3));
+		eval(shift(@thread3));
+	}
+	foreach (@thread3) { eval; }
+
+	@thread0=&VMXROUND($A0,$B0,$C0,$D0,1);
+	@thread1=&VMXROUND($A1,$B1,$C1,$D1,1);
+	@thread2=&VMXROUND($A2,$B2,$C2,$D2,1);
+	@thread3=&ROUND(0,5,10,15);
+
+	foreach (@thread0) {
+		eval;
+		eval(shift(@thread1));
+		eval(shift(@thread2));
+
+		eval(shift(@thread3));
+		eval(shift(@thread3));
+		eval(shift(@thread3));
+	}
+	foreach (@thread3) { eval; }
+$code.=<<___;
+	bdnz	Loop_vmx
+
+	subi	$len,$len,256			# $len-=256
+	addi	@x[0],@x[0],0x7865		# accumulate key block
+	addi	@x[1],@x[1],0x646e
+	addi	@x[2],@x[2],0x2d32
+	addi	@x[3],@x[3],0x6574
+	addis	@x[0],@x[0],0x6170
+	addis	@x[1],@x[1],0x3320
+	addis	@x[2],@x[2],0x7962
+	addis	@x[3],@x[3],0x6b20
+	add	@x[4],@x[4],@t[0]
+	lwz	@t[0],16($key)
+	add	@x[5],@x[5],@t[1]
+	lwz	@t[1],20($key)
+	add	@x[6],@x[6],@t[2]
+	lwz	@t[2],24($key)
+	add	@x[7],@x[7],@t[3]
+	lwz	@t[3],28($key)
+	add	@x[8],@x[8],@t[0]
+	add	@x[9],@x[9],@t[1]
+	add	@x[10],@x[10],@t[2]
+	add	@x[11],@x[11],@t[3]
+	add	@x[12],@x[12],@d[0]
+	add	@x[13],@x[13],@d[1]
+	add	@x[14],@x[14],@d[2]
+	add	@x[15],@x[15],@d[3]
+
+	vadduwm	$A0,$A0,@K[0]			# accumulate key block
+	vadduwm	$A1,$A1,@K[0]
+	vadduwm	$A2,$A2,@K[0]
+	vadduwm	$B0,$B0,@K[1]
+	vadduwm	$B1,$B1,@K[1]
+	vadduwm	$B2,$B2,@K[1]
+	vadduwm	$C0,$C0,@K[2]
+	vadduwm	$C1,$C1,@K[2]
+	vadduwm	$C2,$C2,@K[2]
+	vadduwm	$D0,$D0,@K[3]
+	vadduwm	$D1,$D1,@K[4]
+	vadduwm	$D2,$D2,@K[5]
+
+	addi	@d[0],@d[0],4			# increment counter
+	vadduwm	@K[3],@K[3],$FOUR
+	vadduwm	@K[4],@K[4],$FOUR
+	vadduwm	@K[5],@K[5],$FOUR
+
+___
+if (!$LITTLE_ENDIAN) { for($i=0;$i<16;$i++) {	# flip byte order
+$code.=<<___;
+	mr	@t[$i&3],@x[$i]
+	rotlwi	@x[$i],@x[$i],8
+	rlwimi	@x[$i],@t[$i&3],24,0,7
+	rlwimi	@x[$i],@t[$i&3],24,16,23
+___
+} }
+$code.=<<___;
+	lwz	@t[0],0($inp)			# load input, aligned or not
+	lwz	@t[1],4($inp)
+	lwz	@t[2],8($inp)
+	lwz	@t[3],12($inp)
+	xor	@x[0],@x[0],@t[0]		# xor with input
+	lwz	@t[0],16($inp)
+	xor	@x[1],@x[1],@t[1]
+	lwz	@t[1],20($inp)
+	xor	@x[2],@x[2],@t[2]
+	lwz	@t[2],24($inp)
+	xor	@x[3],@x[3],@t[3]
+	lwz	@t[3],28($inp)
+	xor	@x[4],@x[4],@t[0]
+	lwz	@t[0],32($inp)
+	xor	@x[5],@x[5],@t[1]
+	lwz	@t[1],36($inp)
+	xor	@x[6],@x[6],@t[2]
+	lwz	@t[2],40($inp)
+	xor	@x[7],@x[7],@t[3]
+	lwz	@t[3],44($inp)
+	xor	@x[8],@x[8],@t[0]
+	lwz	@t[0],48($inp)
+	xor	@x[9],@x[9],@t[1]
+	lwz	@t[1],52($inp)
+	xor	@x[10],@x[10],@t[2]
+	lwz	@t[2],56($inp)
+	xor	@x[11],@x[11],@t[3]
+	lwz	@t[3],60($inp)
+	xor	@x[12],@x[12],@t[0]
+	stw	@x[0],0($out)			# store output, aligned or not
+	xor	@x[13],@x[13],@t[1]
+	stw	@x[1],4($out)
+	xor	@x[14],@x[14],@t[2]
+	stw	@x[2],8($out)
+	xor	@x[15],@x[15],@t[3]
+	stw	@x[3],12($out)
+	addi	$inp,$inp,64
+	stw	@x[4],16($out)
+	li	@t[0],16
+	stw	@x[5],20($out)
+	li	@t[1],32
+	stw	@x[6],24($out)
+	li	@t[2],48
+	stw	@x[7],28($out)
+	li	@t[3],64
+	stw	@x[8],32($out)
+	stw	@x[9],36($out)
+	stw	@x[10],40($out)
+	stw	@x[11],44($out)
+	stw	@x[12],48($out)
+	stw	@x[13],52($out)
+	stw	@x[14],56($out)
+	stw	@x[15],60($out)
+	addi	$out,$out,64
+
+	lvx	@D[0],0,$inp			# load input
+	lvx	@D[1],@t[0],$inp
+	lvx	@D[2],@t[1],$inp
+	lvx	@D[3],@t[2],$inp
+	lvx	@D[4],@t[3],$inp
+	addi	$inp,$inp,64
+
+	?vperm	@D[0],@D[1],@D[0],$inpperm	# align input
+	?vperm	@D[1],@D[2],@D[1],$inpperm
+	?vperm	@D[2],@D[3],@D[2],$inpperm
+	?vperm	@D[3],@D[4],@D[3],$inpperm
+	vxor	$A0,$A0,@D[0]			# xor with input
+	vxor	$B0,$B0,@D[1]
+	lvx	@D[1],@t[0],$inp		# keep loading input
+	vxor	$C0,$C0,@D[2]
+	lvx	@D[2],@t[1],$inp
+	vxor	$D0,$D0,@D[3]
+	lvx	@D[3],@t[2],$inp
+	lvx	@D[0],@t[3],$inp
+	addi	$inp,$inp,64
+	li	@t[3],63			# 63 is not a typo
+	vperm	$A0,$A0,$A0,$outperm		# pre-misalign output
+	vperm	$B0,$B0,$B0,$outperm
+	vperm	$C0,$C0,$C0,$outperm
+	vperm	$D0,$D0,$D0,$outperm
+
+	?vperm	@D[4],@D[1],@D[4],$inpperm	# align input
+	?vperm	@D[1],@D[2],@D[1],$inpperm
+	?vperm	@D[2],@D[3],@D[2],$inpperm
+	?vperm	@D[3],@D[0],@D[3],$inpperm
+	vxor	$A1,$A1,@D[4]
+	vxor	$B1,$B1,@D[1]
+	lvx	@D[1],@t[0],$inp		# keep loading input
+	vxor	$C1,$C1,@D[2]
+	lvx	@D[2],@t[1],$inp
+	vxor	$D1,$D1,@D[3]
+	lvx	@D[3],@t[2],$inp
+	lvx	@D[4],@t[3],$inp		# redundant in aligned case
+	addi	$inp,$inp,64
+	vperm	$A1,$A1,$A1,$outperm		# pre-misalign output
+	vperm	$B1,$B1,$B1,$outperm
+	vperm	$C1,$C1,$C1,$outperm
+	vperm	$D1,$D1,$D1,$outperm
+
+	?vperm	@D[0],@D[1],@D[0],$inpperm	# align input
+	?vperm	@D[1],@D[2],@D[1],$inpperm
+	?vperm	@D[2],@D[3],@D[2],$inpperm
+	?vperm	@D[3],@D[4],@D[3],$inpperm
+	vxor	$A2,$A2,@D[0]
+	vxor	$B2,$B2,@D[1]
+	vxor	$C2,$C2,@D[2]
+	vxor	$D2,$D2,@D[3]
+	vperm	$A2,$A2,$A2,$outperm		# pre-misalign output
+	vperm	$B2,$B2,$B2,$outperm
+	vperm	$C2,$C2,$C2,$outperm
+	vperm	$D2,$D2,$D2,$outperm
+
+	andi.	@x[1],$out,15			# is $out aligned?
+	mr	@x[0],$out
+
+	vsel	@D[0],$A0,$B0,$outmask		# collect pre-misaligned output
+	vsel	@D[1],$B0,$C0,$outmask
+	vsel	@D[2],$C0,$D0,$outmask
+	vsel	@D[3],$D0,$A1,$outmask
+	vsel	$B0,$A1,$B1,$outmask
+	vsel	$C0,$B1,$C1,$outmask
+	vsel	$D0,$C1,$D1,$outmask
+	vsel	$A1,$D1,$A2,$outmask
+	vsel	$B1,$A2,$B2,$outmask
+	vsel	$C1,$B2,$C2,$outmask
+	vsel	$D1,$C2,$D2,$outmask
+
+	#stvx	$A0,0,$out			# take it easy on the edges
+	stvx	@D[0],@t[0],$out		# store output
+	stvx	@D[1],@t[1],$out
+	stvx	@D[2],@t[2],$out
+	addi	$out,$out,64
+	stvx	@D[3],0,$out
+	stvx	$B0,@t[0],$out
+	stvx	$C0,@t[1],$out
+	stvx	$D0,@t[2],$out
+	addi	$out,$out,64
+	stvx	$A1,0,$out
+	stvx	$B1,@t[0],$out
+	stvx	$C1,@t[1],$out
+	stvx	$D1,@t[2],$out
+	addi	$out,$out,64
+
+	beq	Laligned_vmx
+
+	sub	@x[2],$out,@x[1]		# in misaligned case edges
+	li	@x[3],0				# are written byte-by-byte
+Lunaligned_tail_vmx:
+	stvebx	$D2,@x[3],@x[2]
+	addi	@x[3],@x[3],1
+	cmpw	@x[3],@x[1]
+	bne	Lunaligned_tail_vmx
+
+	sub	@x[2],@x[0],@x[1]
+Lunaligned_head_vmx:
+	stvebx	$A0,@x[1],@x[2]
+	cmpwi	@x[1],15
+	addi	@x[1],@x[1],1
+	bne	Lunaligned_head_vmx
+
+	${UCMP}i $len,255			# done with 256-byte blocks yet?
+	bgt	Loop_outer_vmx
+
+	b	Ldone_vmx
+
+.align	4
+Laligned_vmx:
+	stvx	$A0,0,@x[0]			# head hexaword was not stored
+
+	${UCMP}i $len,255			# done with 256-byte blocks yet?
+	bgt	Loop_outer_vmx
+	nop
+
+Ldone_vmx:
+	${UCMP}i $len,0				# done yet?
+	bnel	__ChaCha20_1x
+
+	lwz	r12,`$FRAME-$SIZE_T*18-4`($sp)	# pull vrsave
+	li	r10,`15+$LOCALS+64`
+	li	r11,`31+$LOCALS+64`
+	mtspr	256,r12				# restore vrsave
+	lvx	v23,r10,$sp
+	addi	r10,r10,32
+	lvx	v24,r11,$sp
+	addi	r11,r11,32
+	lvx	v25,r10,$sp
+	addi	r10,r10,32
+	lvx	v26,r11,$sp
+	addi	r11,r11,32
+	lvx	v27,r10,$sp
+	addi	r10,r10,32
+	lvx	v28,r11,$sp
+	addi	r11,r11,32
+	lvx	v29,r10,$sp
+	addi	r10,r10,32
+	lvx	v30,r11,$sp
+	lvx	v31,r10,$sp
+	$POP	r0, `$FRAME+$LRSAVE`($sp)
+	$POP	r14,`$FRAME-$SIZE_T*18`($sp)
+	$POP	r15,`$FRAME-$SIZE_T*17`($sp)
+	$POP	r16,`$FRAME-$SIZE_T*16`($sp)
+	$POP	r17,`$FRAME-$SIZE_T*15`($sp)
+	$POP	r18,`$FRAME-$SIZE_T*14`($sp)
+	$POP	r19,`$FRAME-$SIZE_T*13`($sp)
+	$POP	r20,`$FRAME-$SIZE_T*12`($sp)
+	$POP	r21,`$FRAME-$SIZE_T*11`($sp)
+	$POP	r22,`$FRAME-$SIZE_T*10`($sp)
+	$POP	r23,`$FRAME-$SIZE_T*9`($sp)
+	$POP	r24,`$FRAME-$SIZE_T*8`($sp)
+	$POP	r25,`$FRAME-$SIZE_T*7`($sp)
+	$POP	r26,`$FRAME-$SIZE_T*6`($sp)
+	$POP	r27,`$FRAME-$SIZE_T*5`($sp)
+	$POP	r28,`$FRAME-$SIZE_T*4`($sp)
+	$POP	r29,`$FRAME-$SIZE_T*3`($sp)
+	$POP	r30,`$FRAME-$SIZE_T*2`($sp)
+	$POP	r31,`$FRAME-$SIZE_T*1`($sp)
+	mtlr	r0
+	addi	$sp,$sp,$FRAME
+	blr
+	.long	0
+	.byte	0,12,0x04,1,0x80,18,5,0
+	.long	0
+.size	.ChaCha20_ctr32_vmx,.-.ChaCha20_ctr32_vmx
+___
+}}}
+{{{
+my ($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3,
+    $xc0,$xc1,$xc2,$xc3, $xd0,$xd1,$xd2,$xd3) = map("v$_",(0..15));
+my @K = map("v$_",(16..19));
+my $CTR = "v26";
+my ($xt0,$xt1,$xt2,$xt3) = map("v$_",(27..30));
+my ($sixteen,$twelve,$eight,$seven) = ($xt0,$xt1,$xt2,$xt3);
+my $beperm = "v31";
+
+my ($x00,$x10,$x20,$x30) = (0, map("r$_",(8..10)));
+
+my $FRAME=$LOCALS+64+7*16;	# 7*16 is for v26-v31 offload
+
+sub VSX_lane_ROUND {
+my ($a0,$b0,$c0,$d0)=@_;
+my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0));
+my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1));
+my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2));
+my @x=map("\"v$_\"",(0..15));
+
+	(
+	"&vadduwm	(@x[$a0],@x[$a0],@x[$b0])",	# Q1
+	 "&vadduwm	(@x[$a1],@x[$a1],@x[$b1])",	# Q2
+	  "&vadduwm	(@x[$a2],@x[$a2],@x[$b2])",	# Q3
+	   "&vadduwm	(@x[$a3],@x[$a3],@x[$b3])",	# Q4
+	"&vxor		(@x[$d0],@x[$d0],@x[$a0])",
+	 "&vxor		(@x[$d1],@x[$d1],@x[$a1])",
+	  "&vxor	(@x[$d2],@x[$d2],@x[$a2])",
+	   "&vxor	(@x[$d3],@x[$d3],@x[$a3])",
+	"&vrlw		(@x[$d0],@x[$d0],'$sixteen')",
+	 "&vrlw		(@x[$d1],@x[$d1],'$sixteen')",
+	  "&vrlw	(@x[$d2],@x[$d2],'$sixteen')",
+	   "&vrlw	(@x[$d3],@x[$d3],'$sixteen')",
+
+	"&vadduwm	(@x[$c0],@x[$c0],@x[$d0])",
+	 "&vadduwm	(@x[$c1],@x[$c1],@x[$d1])",
+	  "&vadduwm	(@x[$c2],@x[$c2],@x[$d2])",
+	   "&vadduwm	(@x[$c3],@x[$c3],@x[$d3])",
+	"&vxor		(@x[$b0],@x[$b0],@x[$c0])",
+	 "&vxor		(@x[$b1],@x[$b1],@x[$c1])",
+	  "&vxor	(@x[$b2],@x[$b2],@x[$c2])",
+	   "&vxor	(@x[$b3],@x[$b3],@x[$c3])",
+	"&vrlw		(@x[$b0],@x[$b0],'$twelve')",
+	 "&vrlw		(@x[$b1],@x[$b1],'$twelve')",
+	  "&vrlw	(@x[$b2],@x[$b2],'$twelve')",
+	   "&vrlw	(@x[$b3],@x[$b3],'$twelve')",
+
+	"&vadduwm	(@x[$a0],@x[$a0],@x[$b0])",
+	 "&vadduwm	(@x[$a1],@x[$a1],@x[$b1])",
+	  "&vadduwm	(@x[$a2],@x[$a2],@x[$b2])",
+	   "&vadduwm	(@x[$a3],@x[$a3],@x[$b3])",
+	"&vxor		(@x[$d0],@x[$d0],@x[$a0])",
+	 "&vxor		(@x[$d1],@x[$d1],@x[$a1])",
+	  "&vxor	(@x[$d2],@x[$d2],@x[$a2])",
+	   "&vxor	(@x[$d3],@x[$d3],@x[$a3])",
+	"&vrlw		(@x[$d0],@x[$d0],'$eight')",
+	 "&vrlw		(@x[$d1],@x[$d1],'$eight')",
+	  "&vrlw	(@x[$d2],@x[$d2],'$eight')",
+	   "&vrlw	(@x[$d3],@x[$d3],'$eight')",
+
+	"&vadduwm	(@x[$c0],@x[$c0],@x[$d0])",
+	 "&vadduwm	(@x[$c1],@x[$c1],@x[$d1])",
+	  "&vadduwm	(@x[$c2],@x[$c2],@x[$d2])",
+	   "&vadduwm	(@x[$c3],@x[$c3],@x[$d3])",
+	"&vxor		(@x[$b0],@x[$b0],@x[$c0])",
+	 "&vxor		(@x[$b1],@x[$b1],@x[$c1])",
+	  "&vxor	(@x[$b2],@x[$b2],@x[$c2])",
+	   "&vxor	(@x[$b3],@x[$b3],@x[$c3])",
+	"&vrlw		(@x[$b0],@x[$b0],'$seven')",
+	 "&vrlw		(@x[$b1],@x[$b1],'$seven')",
+	  "&vrlw	(@x[$b2],@x[$b2],'$seven')",
+	   "&vrlw	(@x[$b3],@x[$b3],'$seven')"
+	);
+}
+
+$code.=<<___;
+
+.globl	.ChaCha20_ctr32_vsx
+.align	5
+.ChaCha20_ctr32_vsx:
+	$STU	$sp,-$FRAME($sp)
+	mflr	r0
+	li	r10,`15+$LOCALS+64`
+	li	r11,`31+$LOCALS+64`
+	mfspr	r12,256
+	stvx	v26,r10,$sp
+	addi	r10,r10,32
+	stvx	v27,r11,$sp
+	addi	r11,r11,32
+	stvx	v28,r10,$sp
+	addi	r10,r10,32
+	stvx	v29,r11,$sp
+	addi	r11,r11,32
+	stvx	v30,r10,$sp
+	stvx	v31,r11,$sp
+	stw	r12,`$FRAME-4`($sp)		# save vrsave
+	li	r12,-4096+63
+	$PUSH	r0, `$FRAME+$LRSAVE`($sp)
+	mtspr	256,r12				# preserve 29 AltiVec registers
+
+	bl	Lconsts				# returns pointer Lsigma in r12
+	lvx_4w	@K[0],0,r12			# load sigma
+	addi	r12,r12,0x50
+	li	$x10,16
+	li	$x20,32
+	li	$x30,48
+	li	r11,64
+
+	lvx_4w	@K[1],0,$key			# load key
+	lvx_4w	@K[2],$x10,$key
+	lvx_4w	@K[3],0,$ctr			# load counter
+
+	vxor	$xt0,$xt0,$xt0
+	lvx_4w	$xt1,r11,r12
+	vspltw	$CTR,@K[3],0
+	vsldoi	@K[3],@K[3],$xt0,4
+	vsldoi	@K[3],$xt0,@K[3],12		# clear @K[3].word[0]
+	vadduwm	$CTR,$CTR,$xt1
+
+	be?lvsl	$beperm,0,$x10			# 0x00..0f
+	be?vspltisb $xt0,3			# 0x03..03
+	be?vxor	$beperm,$beperm,$xt0		# swap bytes within words
+
+	li	r0,10				# inner loop counter
+	mtctr	r0
+	b	Loop_outer_vsx
+
+.align	5
+Loop_outer_vsx:
+	lvx	$xa0,$x00,r12			# load [smashed] sigma
+	lvx	$xa1,$x10,r12
+	lvx	$xa2,$x20,r12
+	lvx	$xa3,$x30,r12
+
+	vspltw	$xb0,@K[1],0			# smash the key
+	vspltw	$xb1,@K[1],1
+	vspltw	$xb2,@K[1],2
+	vspltw	$xb3,@K[1],3
+
+	vspltw	$xc0,@K[2],0
+	vspltw	$xc1,@K[2],1
+	vspltw	$xc2,@K[2],2
+	vspltw	$xc3,@K[2],3
+
+	vmr	$xd0,$CTR			# smash the counter
+	vspltw	$xd1,@K[3],1
+	vspltw	$xd2,@K[3],2
+	vspltw	$xd3,@K[3],3
+
+	vspltisw $sixteen,-16			# synthesize constants
+	vspltisw $twelve,12
+	vspltisw $eight,8
+	vspltisw $seven,7
+
+Loop_vsx:
+___
+	foreach (&VSX_lane_ROUND(0, 4, 8,12)) { eval; }
+	foreach (&VSX_lane_ROUND(0, 5,10,15)) { eval; }
+$code.=<<___;
+	bdnz	Loop_vsx
+
+	vadduwm	$xd0,$xd0,$CTR
+
+	vmrgew	$xt0,$xa0,$xa1			# transpose data
+	vmrgew	$xt1,$xa2,$xa3
+	vmrgow	$xa0,$xa0,$xa1
+	vmrgow	$xa2,$xa2,$xa3
+	 vmrgew	$xt2,$xb0,$xb1
+	 vmrgew	$xt3,$xb2,$xb3
+	vpermdi	$xa1,$xa0,$xa2,0b00
+	vpermdi	$xa3,$xa0,$xa2,0b11
+	vpermdi	$xa0,$xt0,$xt1,0b00
+	vpermdi	$xa2,$xt0,$xt1,0b11
+
+	vmrgow	$xb0,$xb0,$xb1
+	vmrgow	$xb2,$xb2,$xb3
+	 vmrgew	$xt0,$xc0,$xc1
+	 vmrgew	$xt1,$xc2,$xc3
+	vpermdi	$xb1,$xb0,$xb2,0b00
+	vpermdi	$xb3,$xb0,$xb2,0b11
+	vpermdi	$xb0,$xt2,$xt3,0b00
+	vpermdi	$xb2,$xt2,$xt3,0b11
+
+	vmrgow	$xc0,$xc0,$xc1
+	vmrgow	$xc2,$xc2,$xc3
+	 vmrgew	$xt2,$xd0,$xd1
+	 vmrgew	$xt3,$xd2,$xd3
+	vpermdi	$xc1,$xc0,$xc2,0b00
+	vpermdi	$xc3,$xc0,$xc2,0b11
+	vpermdi	$xc0,$xt0,$xt1,0b00
+	vpermdi	$xc2,$xt0,$xt1,0b11
+
+	vmrgow	$xd0,$xd0,$xd1
+	vmrgow	$xd2,$xd2,$xd3
+	 vspltisw $xt0,4
+	 vadduwm  $CTR,$CTR,$xt0		# next counter value
+	vpermdi	$xd1,$xd0,$xd2,0b00
+	vpermdi	$xd3,$xd0,$xd2,0b11
+	vpermdi	$xd0,$xt2,$xt3,0b00
+	vpermdi	$xd2,$xt2,$xt3,0b11
+
+	vadduwm	$xa0,$xa0,@K[0]
+	vadduwm	$xb0,$xb0,@K[1]
+	vadduwm	$xc0,$xc0,@K[2]
+	vadduwm	$xd0,$xd0,@K[3]
+
+	be?vperm $xa0,$xa0,$xa0,$beperm
+	be?vperm $xb0,$xb0,$xb0,$beperm
+	be?vperm $xc0,$xc0,$xc0,$beperm
+	be?vperm $xd0,$xd0,$xd0,$beperm
+
+	${UCMP}i $len,0x40
+	blt	Ltail_vsx
+
+	lvx_4w	$xt0,$x00,$inp
+	lvx_4w	$xt1,$x10,$inp
+	lvx_4w	$xt2,$x20,$inp
+	lvx_4w	$xt3,$x30,$inp
+
+	vxor	$xt0,$xt0,$xa0
+	vxor	$xt1,$xt1,$xb0
+	vxor	$xt2,$xt2,$xc0
+	vxor	$xt3,$xt3,$xd0
+
+	stvx_4w	$xt0,$x00,$out
+	stvx_4w	$xt1,$x10,$out
+	addi	$inp,$inp,0x40
+	stvx_4w	$xt2,$x20,$out
+	subi	$len,$len,0x40
+	stvx_4w	$xt3,$x30,$out
+	addi	$out,$out,0x40
+	beq	Ldone_vsx
+
+	vadduwm	$xa0,$xa1,@K[0]
+	vadduwm	$xb0,$xb1,@K[1]
+	vadduwm	$xc0,$xc1,@K[2]
+	vadduwm	$xd0,$xd1,@K[3]
+
+	be?vperm $xa0,$xa0,$xa0,$beperm
+	be?vperm $xb0,$xb0,$xb0,$beperm
+	be?vperm $xc0,$xc0,$xc0,$beperm
+	be?vperm $xd0,$xd0,$xd0,$beperm
+
+	${UCMP}i $len,0x40
+	blt	Ltail_vsx
+
+	lvx_4w	$xt0,$x00,$inp
+	lvx_4w	$xt1,$x10,$inp
+	lvx_4w	$xt2,$x20,$inp
+	lvx_4w	$xt3,$x30,$inp
+
+	vxor	$xt0,$xt0,$xa0
+	vxor	$xt1,$xt1,$xb0
+	vxor	$xt2,$xt2,$xc0
+	vxor	$xt3,$xt3,$xd0
+
+	stvx_4w	$xt0,$x00,$out
+	stvx_4w	$xt1,$x10,$out
+	addi	$inp,$inp,0x40
+	stvx_4w	$xt2,$x20,$out
+	subi	$len,$len,0x40
+	stvx_4w	$xt3,$x30,$out
+	addi	$out,$out,0x40
+	beq	Ldone_vsx
+
+	vadduwm	$xa0,$xa2,@K[0]
+	vadduwm	$xb0,$xb2,@K[1]
+	vadduwm	$xc0,$xc2,@K[2]
+	vadduwm	$xd0,$xd2,@K[3]
+
+	be?vperm $xa0,$xa0,$xa0,$beperm
+	be?vperm $xb0,$xb0,$xb0,$beperm
+	be?vperm $xc0,$xc0,$xc0,$beperm
+	be?vperm $xd0,$xd0,$xd0,$beperm
+
+	${UCMP}i $len,0x40
+	blt	Ltail_vsx
+
+	lvx_4w	$xt0,$x00,$inp
+	lvx_4w	$xt1,$x10,$inp
+	lvx_4w	$xt2,$x20,$inp
+	lvx_4w	$xt3,$x30,$inp
+
+	vxor	$xt0,$xt0,$xa0
+	vxor	$xt1,$xt1,$xb0
+	vxor	$xt2,$xt2,$xc0
+	vxor	$xt3,$xt3,$xd0
+
+	stvx_4w	$xt0,$x00,$out
+	stvx_4w	$xt1,$x10,$out
+	addi	$inp,$inp,0x40
+	stvx_4w	$xt2,$x20,$out
+	subi	$len,$len,0x40
+	stvx_4w	$xt3,$x30,$out
+	addi	$out,$out,0x40
+	beq	Ldone_vsx
+
+	vadduwm	$xa0,$xa3,@K[0]
+	vadduwm	$xb0,$xb3,@K[1]
+	vadduwm	$xc0,$xc3,@K[2]
+	vadduwm	$xd0,$xd3,@K[3]
+
+	be?vperm $xa0,$xa0,$xa0,$beperm
+	be?vperm $xb0,$xb0,$xb0,$beperm
+	be?vperm $xc0,$xc0,$xc0,$beperm
+	be?vperm $xd0,$xd0,$xd0,$beperm
+
+	${UCMP}i $len,0x40
+	blt	Ltail_vsx
+
+	lvx_4w	$xt0,$x00,$inp
+	lvx_4w	$xt1,$x10,$inp
+	lvx_4w	$xt2,$x20,$inp
+	lvx_4w	$xt3,$x30,$inp
+
+	vxor	$xt0,$xt0,$xa0
+	vxor	$xt1,$xt1,$xb0
+	vxor	$xt2,$xt2,$xc0
+	vxor	$xt3,$xt3,$xd0
+
+	stvx_4w	$xt0,$x00,$out
+	stvx_4w	$xt1,$x10,$out
+	addi	$inp,$inp,0x40
+	stvx_4w	$xt2,$x20,$out
+	subi	$len,$len,0x40
+	stvx_4w	$xt3,$x30,$out
+	addi	$out,$out,0x40
+	mtctr	r0
+	bne	Loop_outer_vsx
+
+Ldone_vsx:
+	lwz	r12,`$FRAME-4`($sp)		# pull vrsave
+	li	r10,`15+$LOCALS+64`
+	li	r11,`31+$LOCALS+64`
+	$POP	r0, `$FRAME+$LRSAVE`($sp)
+	mtspr	256,r12				# restore vrsave
+	lvx	v26,r10,$sp
+	addi	r10,r10,32
+	lvx	v27,r11,$sp
+	addi	r11,r11,32
+	lvx	v28,r10,$sp
+	addi	r10,r10,32
+	lvx	v29,r11,$sp
+	addi	r11,r11,32
+	lvx	v30,r10,$sp
+	lvx	v31,r11,$sp
+	mtlr	r0
+	addi	$sp,$sp,$FRAME
+	blr
+
+.align	4
+Ltail_vsx:
+	addi	r11,$sp,$LOCALS
+	mtctr	$len
+	stvx_4w	$xa0,$x00,r11			# offload block to stack
+	stvx_4w	$xb0,$x10,r11
+	stvx_4w	$xc0,$x20,r11
+	stvx_4w	$xd0,$x30,r11
+	subi	r12,r11,1			# prepare for *++ptr
+	subi	$inp,$inp,1
+	subi	$out,$out,1
+
+Loop_tail_vsx:
+	lbzu	r6,1(r12)
+	lbzu	r7,1($inp)
+	xor	r6,r6,r7
+	stbu	r6,1($out)
+	bdnz	Loop_tail_vsx
+
+	stvx_4w	$K[0],$x00,r11			# wipe copy of the block
+	stvx_4w	$K[0],$x10,r11
+	stvx_4w	$K[0],$x20,r11
+	stvx_4w	$K[0],$x30,r11
+
+	b	Ldone_vsx
+	.long	0
+	.byte	0,12,0x04,1,0x80,0,5,0
+	.long	0
+.size	.ChaCha20_ctr32_vsx,.-.ChaCha20_ctr32_vsx
+___
+}}}
+$code.=<<___;
+.align	5
+Lconsts:
+	mflr	r0
+	bcl	20,31,\$+4
+	mflr	r12	#vvvvv "distance between . and Lsigma
+	addi	r12,r12,`64-8`
+	mtlr	r0
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+	.space	`64-9*4`
+Lsigma:
+	.long   0x61707865,0x3320646e,0x79622d32,0x6b206574
+	.long	1,0,0,0
+	.long	4,0,0,0
+___
+$code.=<<___ 	if ($LITTLE_ENDIAN);
+	.long	0x0e0f0c0d,0x0a0b0809,0x06070405,0x02030001
+	.long	0x0d0e0f0c,0x090a0b08,0x05060704,0x01020300
+___
+$code.=<<___ 	if (!$LITTLE_ENDIAN);	# flipped words
+	.long	0x02030001,0x06070405,0x0a0b0809,0x0e0f0c0d
+	.long	0x01020300,0x05060704,0x090a0b08,0x0d0e0f0c
+___
+$code.=<<___;
+	.long	0x61707865,0x61707865,0x61707865,0x61707865
+	.long	0x3320646e,0x3320646e,0x3320646e,0x3320646e
+	.long	0x79622d32,0x79622d32,0x79622d32,0x79622d32
+	.long	0x6b206574,0x6b206574,0x6b206574,0x6b206574
+	.long	0,1,2,3
+.asciz  "ChaCha20 for PowerPC/AltiVec, CRYPTOGAMS by <appro\@openssl.org>"
+.align	2
+___
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/ge;
+
+	# instructions prefixed with '?' are endian-specific and need
+	# to be adjusted accordingly...
+	if ($flavour !~ /le$/) {	# big-endian
+	    s/be\?//		or
+	    s/le\?/#le#/	or
+	    s/\?lvsr/lvsl/	or
+	    s/\?lvsl/lvsr/	or
+	    s/\?(vperm\s+v[0-9]+,\s*)(v[0-9]+,\s*)(v[0-9]+,\s*)(v[0-9]+)/$1$3$2$4/ or
+	    s/vrldoi(\s+v[0-9]+,\s*)(v[0-9]+,)\s*([0-9]+)/vsldoi$1$2$2 16-$3/;
+	} else {			# little-endian
+	    s/le\?//		or
+	    s/be\?/#be#/	or
+	    s/\?([a-z]+)/$1/	or
+	    s/vrldoi(\s+v[0-9]+,\s*)(v[0-9]+,)\s*([0-9]+)/vsldoi$1$2$2 $3/;
+	}
+
+	print $_,"\n";
+}
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/asm/chacha-s390x.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/asm/chacha-s390x.pl
new file mode 100755
index 000000000..c31526473
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/asm/chacha-s390x.pl
@@ -0,0 +1,326 @@
+#! /usr/bin/env perl
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# December 2015
+#
+# ChaCha20 for s390x.
+#
+# 3 times faster than compiler-generated code.
+
+$flavour = shift;
+
+if ($flavour =~ /3[12]/) {
+	$SIZE_T=4;
+	$g="";
+} else {
+	$SIZE_T=8;
+	$g="g";
+}
+
+while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+open STDOUT,">$output";
+
+sub AUTOLOAD()		# thunk [simplified] x86-style perlasm
+{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://;
+    $code .= "\t$opcode\t".join(',',@_)."\n";
+}
+
+my $sp="%r15";
+
+my $stdframe=16*$SIZE_T+4*8;
+my $frame=$stdframe+4*20;
+
+my ($out,$inp,$len,$key,$counter)=map("%r$_",(2..6));
+
+my @x=map("%r$_",(0..7,"x","x","x","x",(10..13)));
+my @t=map("%r$_",(8,9));
+
+sub ROUND {
+my ($a0,$b0,$c0,$d0)=@_;
+my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0));
+my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1));
+my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2));
+my ($xc,$xc_)=map("\"$_\"",@t);
+my @x=map("\"$_\"",@x);
+
+	# Consider order in which variables are addressed by their
+	# index:
+	#
+	#	a   b   c   d
+	#
+	#	0   4   8  12 < even round
+	#	1   5   9  13
+	#	2   6  10  14
+	#	3   7  11  15
+	#	0   5  10  15 < odd round
+	#	1   6  11  12
+	#	2   7   8  13
+	#	3   4   9  14
+	#
+	# 'a', 'b' and 'd's are permanently allocated in registers,
+	# @x[0..7,12..15], while 'c's are maintained in memory. If
+	# you observe 'c' column, you'll notice that pair of 'c's is
+	# invariant between rounds. This means that we have to reload
+	# them once per round, in the middle. This is why you'll see
+	# 'c' stores and loads in the middle, but none in the beginning
+	# or end.
+
+	(
+	"&alr	(@x[$a0],@x[$b0])",	# Q1
+	 "&alr	(@x[$a1],@x[$b1])",	# Q2
+	"&xr	(@x[$d0],@x[$a0])",
+	 "&xr	(@x[$d1],@x[$a1])",
+	"&rll	(@x[$d0],@x[$d0],16)",
+	 "&rll	(@x[$d1],@x[$d1],16)",
+
+	"&alr	($xc,@x[$d0])",
+	 "&alr	($xc_,@x[$d1])",
+	"&xr	(@x[$b0],$xc)",
+	 "&xr	(@x[$b1],$xc_)",
+	"&rll	(@x[$b0],@x[$b0],12)",
+	 "&rll	(@x[$b1],@x[$b1],12)",
+
+	"&alr	(@x[$a0],@x[$b0])",
+	 "&alr	(@x[$a1],@x[$b1])",
+	"&xr	(@x[$d0],@x[$a0])",
+	 "&xr	(@x[$d1],@x[$a1])",
+	"&rll	(@x[$d0],@x[$d0],8)",
+	 "&rll	(@x[$d1],@x[$d1],8)",
+
+	"&alr	($xc,@x[$d0])",
+	 "&alr	($xc_,@x[$d1])",
+	"&xr	(@x[$b0],$xc)",
+	 "&xr	(@x[$b1],$xc_)",
+	"&rll	(@x[$b0],@x[$b0],7)",
+	 "&rll	(@x[$b1],@x[$b1],7)",
+
+	"&stm	($xc,$xc_,'$stdframe+4*8+4*$c0($sp)')",	# reload pair of 'c's
+	"&lm	($xc,$xc_,'$stdframe+4*8+4*$c2($sp)')",
+
+	"&alr	(@x[$a2],@x[$b2])",	# Q3
+	 "&alr	(@x[$a3],@x[$b3])",	# Q4
+	"&xr	(@x[$d2],@x[$a2])",
+	 "&xr	(@x[$d3],@x[$a3])",
+	"&rll	(@x[$d2],@x[$d2],16)",
+	 "&rll	(@x[$d3],@x[$d3],16)",
+
+	"&alr	($xc,@x[$d2])",
+	 "&alr	($xc_,@x[$d3])",
+	"&xr	(@x[$b2],$xc)",
+	 "&xr	(@x[$b3],$xc_)",
+	"&rll	(@x[$b2],@x[$b2],12)",
+	 "&rll	(@x[$b3],@x[$b3],12)",
+
+	"&alr	(@x[$a2],@x[$b2])",
+	 "&alr	(@x[$a3],@x[$b3])",
+	"&xr	(@x[$d2],@x[$a2])",
+	 "&xr	(@x[$d3],@x[$a3])",
+	"&rll	(@x[$d2],@x[$d2],8)",
+	 "&rll	(@x[$d3],@x[$d3],8)",
+
+	"&alr	($xc,@x[$d2])",
+	 "&alr	($xc_,@x[$d3])",
+	"&xr	(@x[$b2],$xc)",
+	 "&xr	(@x[$b3],$xc_)",
+	"&rll	(@x[$b2],@x[$b2],7)",
+	 "&rll	(@x[$b3],@x[$b3],7)"
+	);
+}
+
+$code.=<<___;
+.text
+
+.globl	ChaCha20_ctr32
+.type	ChaCha20_ctr32,\@function
+.align	32
+ChaCha20_ctr32:
+	lt${g}r	$len,$len			# $len==0?
+	bzr	%r14
+	a${g}hi	$len,-64
+	l${g}hi	%r1,-$frame
+	stm${g}	%r6,%r15,`6*$SIZE_T`($sp)
+	sl${g}r	$out,$inp			# difference
+	la	$len,0($inp,$len)		# end of input minus 64
+	larl	%r7,.Lsigma
+	lgr	%r0,$sp
+	la	$sp,0(%r1,$sp)
+	st${g}	%r0,0($sp)
+
+	lmg	%r8,%r11,0($key)		# load key
+	lmg	%r12,%r13,0($counter)		# load counter
+	lmg	%r6,%r7,0(%r7)			# load sigma constant
+
+	la	%r14,0($inp)
+	st${g}	$out,$frame+3*$SIZE_T($sp)
+	st${g}	$len,$frame+4*$SIZE_T($sp)
+	stmg	%r6,%r13,$stdframe($sp)		# copy key schedule to stack
+	srlg	@x[12],%r12,32			# 32-bit counter value
+	j	.Loop_outer
+
+.align	16
+.Loop_outer:
+	lm	@x[0],@x[7],$stdframe+4*0($sp)		# load x[0]-x[7]
+	lm	@t[0],@t[1],$stdframe+4*10($sp)		# load x[10]-x[11]
+	lm	@x[13],@x[15],$stdframe+4*13($sp)	# load x[13]-x[15]
+	stm	@t[0],@t[1],$stdframe+4*8+4*10($sp)	# offload x[10]-x[11]
+	lm	@t[0],@t[1],$stdframe+4*8($sp)		# load x[8]-x[9]
+	st	@x[12],$stdframe+4*12($sp)		# save counter
+	st${g}	%r14,$frame+2*$SIZE_T($sp)		# save input pointer
+	lhi	%r14,10
+	j	.Loop
+
+.align	4
+.Loop:
+___
+	foreach (&ROUND(0, 4, 8,12)) { eval; }
+	foreach (&ROUND(0, 5,10,15)) { eval; }
+$code.=<<___;
+	brct	%r14,.Loop
+
+	l${g}	%r14,$frame+2*$SIZE_T($sp)		# pull input pointer
+	stm	@t[0],@t[1],$stdframe+4*8+4*8($sp)	# offload x[8]-x[9]
+	lm${g}	@t[0],@t[1],$frame+3*$SIZE_T($sp)
+
+	al	@x[0],$stdframe+4*0($sp)	# accumulate key schedule
+	al	@x[1],$stdframe+4*1($sp)
+	al	@x[2],$stdframe+4*2($sp)
+	al	@x[3],$stdframe+4*3($sp)
+	al	@x[4],$stdframe+4*4($sp)
+	al	@x[5],$stdframe+4*5($sp)
+	al	@x[6],$stdframe+4*6($sp)
+	al	@x[7],$stdframe+4*7($sp)
+	lrvr	@x[0],@x[0]
+	lrvr	@x[1],@x[1]
+	lrvr	@x[2],@x[2]
+	lrvr	@x[3],@x[3]
+	lrvr	@x[4],@x[4]
+	lrvr	@x[5],@x[5]
+	lrvr	@x[6],@x[6]
+	lrvr	@x[7],@x[7]
+	al	@x[12],$stdframe+4*12($sp)
+	al	@x[13],$stdframe+4*13($sp)
+	al	@x[14],$stdframe+4*14($sp)
+	al	@x[15],$stdframe+4*15($sp)
+	lrvr	@x[12],@x[12]
+	lrvr	@x[13],@x[13]
+	lrvr	@x[14],@x[14]
+	lrvr	@x[15],@x[15]
+
+	la	@t[0],0(@t[0],%r14)		# reconstruct output pointer
+	cl${g}r	%r14,@t[1]
+	jh	.Ltail
+
+	x	@x[0],4*0(%r14)			# xor with input
+	x	@x[1],4*1(%r14)
+	st	@x[0],4*0(@t[0])		# store output
+	x	@x[2],4*2(%r14)
+	st	@x[1],4*1(@t[0])
+	x	@x[3],4*3(%r14)
+	st	@x[2],4*2(@t[0])
+	x	@x[4],4*4(%r14)
+	st	@x[3],4*3(@t[0])
+	 lm	@x[0],@x[3],$stdframe+4*8+4*8($sp)	# load x[8]-x[11]
+	x	@x[5],4*5(%r14)
+	st	@x[4],4*4(@t[0])
+	x	@x[6],4*6(%r14)
+	 al	@x[0],$stdframe+4*8($sp)
+	st	@x[5],4*5(@t[0])
+	x	@x[7],4*7(%r14)
+	 al	@x[1],$stdframe+4*9($sp)
+	st	@x[6],4*6(@t[0])
+	x	@x[12],4*12(%r14)
+	 al	@x[2],$stdframe+4*10($sp)
+	st	@x[7],4*7(@t[0])
+	x	@x[13],4*13(%r14)
+	 al	@x[3],$stdframe+4*11($sp)
+	st	@x[12],4*12(@t[0])
+	x	@x[14],4*14(%r14)
+	st	@x[13],4*13(@t[0])
+	x	@x[15],4*15(%r14)
+	st	@x[14],4*14(@t[0])
+	 lrvr	@x[0],@x[0]
+	st	@x[15],4*15(@t[0])
+	 lrvr	@x[1],@x[1]
+	 lrvr	@x[2],@x[2]
+	 lrvr	@x[3],@x[3]
+	lhi	@x[12],1
+	 x	@x[0],4*8(%r14)
+	al	@x[12],$stdframe+4*12($sp)	# increment counter
+	 x	@x[1],4*9(%r14)
+	 st	@x[0],4*8(@t[0])
+	 x	@x[2],4*10(%r14)
+	 st	@x[1],4*9(@t[0])
+	 x	@x[3],4*11(%r14)
+	 st	@x[2],4*10(@t[0])
+	 st	@x[3],4*11(@t[0])
+
+	cl${g}r	%r14,@t[1]			# done yet?
+	la	%r14,64(%r14)
+	jl	.Loop_outer
+
+.Ldone:
+	xgr	%r0,%r0
+	xgr	%r1,%r1
+	xgr	%r2,%r2
+	xgr	%r3,%r3
+	stmg	%r0,%r3,$stdframe+4*4($sp)	# wipe key copy
+	stmg	%r0,%r3,$stdframe+4*12($sp)
+
+	lm${g}	%r6,%r15,`$frame+6*$SIZE_T`($sp)
+	br	%r14
+
+.align	16
+.Ltail:
+	la	@t[1],64($t[1])
+	stm	@x[0],@x[7],$stdframe+4*0($sp)
+	sl${g}r	@t[1],%r14
+	lm	@x[0],@x[3],$stdframe+4*8+4*8($sp)
+	l${g}hi	@x[6],0
+	stm	@x[12],@x[15],$stdframe+4*12($sp)
+	al	@x[0],$stdframe+4*8($sp)
+	al	@x[1],$stdframe+4*9($sp)
+	al	@x[2],$stdframe+4*10($sp)
+	al	@x[3],$stdframe+4*11($sp)
+	lrvr	@x[0],@x[0]
+	lrvr	@x[1],@x[1]
+	lrvr	@x[2],@x[2]
+	lrvr	@x[3],@x[3]
+	stm	@x[0],@x[3],$stdframe+4*8($sp)
+
+.Loop_tail:
+	llgc	@x[4],0(@x[6],%r14)
+	llgc	@x[5],$stdframe(@x[6],$sp)
+	xr	@x[5],@x[4]
+	stc	@x[5],0(@x[6],@t[0])
+	la	@x[6],1(@x[6])
+	brct	@t[1],.Loop_tail
+
+	j	.Ldone
+.size	ChaCha20_ctr32,.-ChaCha20_ctr32
+
+.align	32
+.Lsigma:
+.long	0x61707865,0x3320646e,0x79622d32,0x6b206574	# endian-neutral
+.asciz	"ChaCha20 for s390x, CRYPTOGAMS by <appro\@openssl.org>"
+.align	4
+___
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/ge;
+
+	print $_,"\n";
+}
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/asm/chacha-x86.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/asm/chacha-x86.pl
new file mode 100755
index 000000000..13c217dcf
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/asm/chacha-x86.pl
@@ -0,0 +1,1155 @@
+#! /usr/bin/env perl
+# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# January 2015
+#
+# ChaCha20 for x86.
+#
+# Performance in cycles per byte out of large buffer.
+#
+#		1xIALU/gcc	4xSSSE3
+# Pentium	17.5/+80%
+# PIII		14.2/+60%
+# P4		18.6/+84%
+# Core2		9.56/+89%	4.83
+# Westmere	9.50/+45%	3.35
+# Sandy Bridge	10.5/+47%	3.20
+# Haswell	8.15/+50%	2.83
+# Skylake	7.53/+22%	2.75
+# Silvermont	17.4/+36%	8.35
+# Goldmont	13.4/+40%	4.36
+# Sledgehammer	10.2/+54%
+# Bulldozer	13.4/+50%	4.38(*)
+#
+# (*)	Bulldozer actually executes 4xXOP code path that delivers 3.55;
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+
+$output=pop;
+open STDOUT,">$output";
+
+&asm_init($ARGV[0],$ARGV[$#ARGV] eq "386");
+
+$xmm=$ymm=0;
+for (@ARGV) { $xmm=1 if (/-DOPENSSL_IA32_SSE2/); }
+
+$ymm=1 if ($xmm &&
+		`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+			=~ /GNU assembler version ([2-9]\.[0-9]+)/ &&
+		($gasver=$1)>=2.19);	# first version supporting AVX
+
+$ymm=1 if ($xmm && !$ymm && $ARGV[0] eq "win32n" &&
+		`nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/ &&
+		$1>=2.03);	# first version supporting AVX
+
+$ymm=1 if ($xmm && !$ymm && $ARGV[0] eq "win32" &&
+		`ml 2>&1` =~ /Version ([0-9]+)\./ &&
+		$1>=10);	# first version supporting AVX
+
+$ymm=1 if ($xmm && !$ymm &&
+		`$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/ &&
+		$2>=3.0);	# first version supporting AVX
+
+$a="eax";
+($b,$b_)=("ebx","ebp");
+($c,$c_)=("ecx","esi");
+($d,$d_)=("edx","edi");
+
+sub QUARTERROUND {
+my ($ai,$bi,$ci,$di,$i)=@_;
+my ($an,$bn,$cn,$dn)=map(($_&~3)+(($_+1)&3),($ai,$bi,$ci,$di));	# next
+my ($ap,$bp,$cp,$dp)=map(($_&~3)+(($_-1)&3),($ai,$bi,$ci,$di));	# previous
+
+	#       a   b   c   d
+	#
+	#       0   4   8  12 < even round
+	#       1   5   9  13
+	#       2   6  10  14
+	#       3   7  11  15
+	#       0   5  10  15 < odd round
+	#       1   6  11  12
+	#       2   7   8  13
+	#       3   4   9  14
+
+	if ($i==0) {
+            my $j=4;
+	    ($ap,$bp,$cp,$dp)=map(($_&~3)+(($_-$j--)&3),($ap,$bp,$cp,$dp));
+	} elsif ($i==3) {
+            my $j=0;
+	    ($an,$bn,$cn,$dn)=map(($_&~3)+(($_+$j++)&3),($an,$bn,$cn,$dn));
+	} elsif ($i==4) {
+            my $j=4;
+	    ($ap,$bp,$cp,$dp)=map(($_&~3)+(($_+$j--)&3),($ap,$bp,$cp,$dp));
+	} elsif ($i==7) {
+            my $j=0;
+	    ($an,$bn,$cn,$dn)=map(($_&~3)+(($_-$j++)&3),($an,$bn,$cn,$dn));
+	}
+
+	#&add	($a,$b);			# see elsewhere
+	&xor	($d,$a);
+	 &mov	(&DWP(4*$cp,"esp"),$c_)		if ($ai>0 && $ai<3);
+	&rol	($d,16);
+	 &mov	(&DWP(4*$bp,"esp"),$b_)		if ($i!=0);
+	&add	($c,$d);
+	 &mov	($c_,&DWP(4*$cn,"esp"))		if ($ai>0 && $ai<3);
+	&xor	($b,$c);
+	 &mov	($d_,&DWP(4*$dn,"esp"))		if ($di!=$dn);
+	&rol	($b,12);
+	 &mov	($b_,&DWP(4*$bn,"esp"))		if ($i<7);
+	 &mov	($b_,&DWP(128,"esp"))		if ($i==7);	# loop counter
+	&add	($a,$b);
+	&xor	($d,$a);
+	&mov	(&DWP(4*$ai,"esp"),$a);
+	&rol	($d,8);
+	&mov	($a,&DWP(4*$an,"esp"));
+	&add	($c,$d);
+	&mov	(&DWP(4*$di,"esp"),$d)		if ($di!=$dn);
+	&mov	($d_,$d)			if ($di==$dn);
+	&xor	($b,$c);
+	 &add	($a,$b_)			if ($i<7);	# elsewhere
+	&rol	($b,7);
+
+	($b,$b_)=($b_,$b);
+	($c,$c_)=($c_,$c);
+	($d,$d_)=($d_,$d);
+}
+
+&static_label("ssse3_shortcut");
+&static_label("xop_shortcut");
+&static_label("ssse3_data");
+&static_label("pic_point");
+
+&function_begin("ChaCha20_ctr32");
+	&xor	("eax","eax");
+	&cmp	("eax",&wparam(2));		# len==0?
+	&je	(&label("no_data"));
+if ($xmm) {
+	&call	(&label("pic_point"));
+&set_label("pic_point");
+	&blindpop("eax");
+	&picmeup("ebp","OPENSSL_ia32cap_P","eax",&label("pic_point"));
+	&test	(&DWP(0,"ebp"),1<<24);		# test FXSR bit
+	&jz	(&label("x86"));
+	&test	(&DWP(4,"ebp"),1<<9);		# test SSSE3 bit
+	&jz	(&label("x86"));
+	&jmp	(&label("ssse3_shortcut"));
+&set_label("x86");
+}
+	&mov	("esi",&wparam(3));		# key
+	&mov	("edi",&wparam(4));		# counter and nonce
+
+	&stack_push(33);
+
+	&mov	("eax",&DWP(4*0,"esi"));	# copy key
+	&mov	("ebx",&DWP(4*1,"esi"));
+	&mov	("ecx",&DWP(4*2,"esi"));
+	&mov	("edx",&DWP(4*3,"esi"));
+	&mov	(&DWP(64+4*4,"esp"),"eax");
+	&mov	(&DWP(64+4*5,"esp"),"ebx");
+	&mov	(&DWP(64+4*6,"esp"),"ecx");
+	&mov	(&DWP(64+4*7,"esp"),"edx");
+	&mov	("eax",&DWP(4*4,"esi"));
+	&mov	("ebx",&DWP(4*5,"esi"));
+	&mov	("ecx",&DWP(4*6,"esi"));
+	&mov	("edx",&DWP(4*7,"esi"));
+	&mov	(&DWP(64+4*8,"esp"),"eax");
+	&mov	(&DWP(64+4*9,"esp"),"ebx");
+	&mov	(&DWP(64+4*10,"esp"),"ecx");
+	&mov	(&DWP(64+4*11,"esp"),"edx");
+	&mov	("eax",&DWP(4*0,"edi"));	# copy counter and nonce
+	&mov	("ebx",&DWP(4*1,"edi"));
+	&mov	("ecx",&DWP(4*2,"edi"));
+	&mov	("edx",&DWP(4*3,"edi"));
+	&sub	("eax",1);
+	&mov	(&DWP(64+4*12,"esp"),"eax");
+	&mov	(&DWP(64+4*13,"esp"),"ebx");
+	&mov	(&DWP(64+4*14,"esp"),"ecx");
+	&mov	(&DWP(64+4*15,"esp"),"edx");
+	&jmp	(&label("entry"));
+
+&set_label("outer_loop",16);
+	&mov	(&wparam(1),$b);		# save input
+	&mov	(&wparam(0),$a);		# save output
+	&mov	(&wparam(2),$c);		# save len
+&set_label("entry");
+	&mov	($a,0x61707865);
+	&mov	(&DWP(4*1,"esp"),0x3320646e);
+	&mov	(&DWP(4*2,"esp"),0x79622d32);
+	&mov	(&DWP(4*3,"esp"),0x6b206574);
+
+	&mov	($b, &DWP(64+4*5,"esp"));	# copy key material
+	&mov	($b_,&DWP(64+4*6,"esp"));
+	&mov	($c, &DWP(64+4*10,"esp"));
+	&mov	($c_,&DWP(64+4*11,"esp"));
+	&mov	($d, &DWP(64+4*13,"esp"));
+	&mov	($d_,&DWP(64+4*14,"esp"));
+	&mov	(&DWP(4*5,"esp"),$b);
+	&mov	(&DWP(4*6,"esp"),$b_);
+	&mov	(&DWP(4*10,"esp"),$c);
+	&mov	(&DWP(4*11,"esp"),$c_);
+	&mov	(&DWP(4*13,"esp"),$d);
+	&mov	(&DWP(4*14,"esp"),$d_);
+
+	&mov	($b, &DWP(64+4*7,"esp"));
+	&mov	($d_,&DWP(64+4*15,"esp"));
+	&mov	($d, &DWP(64+4*12,"esp"));
+	&mov	($b_,&DWP(64+4*4,"esp"));
+	&mov	($c, &DWP(64+4*8,"esp"));
+	&mov	($c_,&DWP(64+4*9,"esp"));
+	&add	($d,1);				# counter value
+	&mov	(&DWP(4*7,"esp"),$b);
+	&mov	(&DWP(4*15,"esp"),$d_);
+	&mov	(&DWP(64+4*12,"esp"),$d);	# save counter value
+
+	&mov	($b,10);			# loop counter
+	&jmp	(&label("loop"));
+
+&set_label("loop",16);
+	&add	($a,$b_);			# elsewhere
+	&mov	(&DWP(128,"esp"),$b);		# save loop counter
+	&mov	($b,$b_);
+	&QUARTERROUND(0, 4, 8, 12, 0);
+	&QUARTERROUND(1, 5, 9, 13, 1);
+	&QUARTERROUND(2, 6,10, 14, 2);
+	&QUARTERROUND(3, 7,11, 15, 3);
+	&QUARTERROUND(0, 5,10, 15, 4);
+	&QUARTERROUND(1, 6,11, 12, 5);
+	&QUARTERROUND(2, 7, 8, 13, 6);
+	&QUARTERROUND(3, 4, 9, 14, 7);
+	&dec	($b);
+	&jnz	(&label("loop"));
+
+	&mov	($b,&wparam(2));		# load len
+
+	&add	($a,0x61707865);		# accumulate key material
+	&add	($b_,&DWP(64+4*4,"esp"));
+	&add	($c, &DWP(64+4*8,"esp"));
+	&add	($c_,&DWP(64+4*9,"esp"));
+
+	&cmp	($b,64);
+	&jb	(&label("tail"));
+
+	&mov	($b,&wparam(1));		# load input pointer
+	&add	($d, &DWP(64+4*12,"esp"));
+	&add	($d_,&DWP(64+4*14,"esp"));
+
+	&xor	($a, &DWP(4*0,$b));		# xor with input
+	&xor	($b_,&DWP(4*4,$b));
+	&mov	(&DWP(4*0,"esp"),$a);
+	&mov	($a,&wparam(0));		# load output pointer
+	&xor	($c, &DWP(4*8,$b));
+	&xor	($c_,&DWP(4*9,$b));
+	&xor	($d, &DWP(4*12,$b));
+	&xor	($d_,&DWP(4*14,$b));
+	&mov	(&DWP(4*4,$a),$b_);		# write output
+	&mov	(&DWP(4*8,$a),$c);
+	&mov	(&DWP(4*9,$a),$c_);
+	&mov	(&DWP(4*12,$a),$d);
+	&mov	(&DWP(4*14,$a),$d_);
+
+	&mov	($b_,&DWP(4*1,"esp"));
+	&mov	($c, &DWP(4*2,"esp"));
+	&mov	($c_,&DWP(4*3,"esp"));
+	&mov	($d, &DWP(4*5,"esp"));
+	&mov	($d_,&DWP(4*6,"esp"));
+	&add	($b_,0x3320646e);		# accumulate key material
+	&add	($c, 0x79622d32);
+	&add	($c_,0x6b206574);
+	&add	($d, &DWP(64+4*5,"esp"));
+	&add	($d_,&DWP(64+4*6,"esp"));
+	&xor	($b_,&DWP(4*1,$b));
+	&xor	($c, &DWP(4*2,$b));
+	&xor	($c_,&DWP(4*3,$b));
+	&xor	($d, &DWP(4*5,$b));
+	&xor	($d_,&DWP(4*6,$b));
+	&mov	(&DWP(4*1,$a),$b_);
+	&mov	(&DWP(4*2,$a),$c);
+	&mov	(&DWP(4*3,$a),$c_);
+	&mov	(&DWP(4*5,$a),$d);
+	&mov	(&DWP(4*6,$a),$d_);
+
+	&mov	($b_,&DWP(4*7,"esp"));
+	&mov	($c, &DWP(4*10,"esp"));
+	&mov	($c_,&DWP(4*11,"esp"));
+	&mov	($d, &DWP(4*13,"esp"));
+	&mov	($d_,&DWP(4*15,"esp"));
+	&add	($b_,&DWP(64+4*7,"esp"));
+	&add	($c, &DWP(64+4*10,"esp"));
+	&add	($c_,&DWP(64+4*11,"esp"));
+	&add	($d, &DWP(64+4*13,"esp"));
+	&add	($d_,&DWP(64+4*15,"esp"));
+	&xor	($b_,&DWP(4*7,$b));
+	&xor	($c, &DWP(4*10,$b));
+	&xor	($c_,&DWP(4*11,$b));
+	&xor	($d, &DWP(4*13,$b));
+	&xor	($d_,&DWP(4*15,$b));
+	&lea	($b,&DWP(4*16,$b));
+	&mov	(&DWP(4*7,$a),$b_);
+	&mov	($b_,&DWP(4*0,"esp"));
+	&mov	(&DWP(4*10,$a),$c);
+	&mov	($c,&wparam(2));		# len
+	&mov	(&DWP(4*11,$a),$c_);
+	&mov	(&DWP(4*13,$a),$d);
+	&mov	(&DWP(4*15,$a),$d_);
+	&mov	(&DWP(4*0,$a),$b_);
+	&lea	($a,&DWP(4*16,$a));
+	&sub	($c,64);
+	&jnz	(&label("outer_loop"));
+
+	&jmp	(&label("done"));
+
+&set_label("tail");
+	&add	($d, &DWP(64+4*12,"esp"));
+	&add	($d_,&DWP(64+4*14,"esp"));
+	&mov	(&DWP(4*0,"esp"),$a);
+	&mov	(&DWP(4*4,"esp"),$b_);
+	&mov	(&DWP(4*8,"esp"),$c);
+	&mov	(&DWP(4*9,"esp"),$c_);
+	&mov	(&DWP(4*12,"esp"),$d);
+	&mov	(&DWP(4*14,"esp"),$d_);
+
+	&mov	($b_,&DWP(4*1,"esp"));
+	&mov	($c, &DWP(4*2,"esp"));
+	&mov	($c_,&DWP(4*3,"esp"));
+	&mov	($d, &DWP(4*5,"esp"));
+	&mov	($d_,&DWP(4*6,"esp"));
+	&add	($b_,0x3320646e);		# accumulate key material
+	&add	($c, 0x79622d32);
+	&add	($c_,0x6b206574);
+	&add	($d, &DWP(64+4*5,"esp"));
+	&add	($d_,&DWP(64+4*6,"esp"));
+	&mov	(&DWP(4*1,"esp"),$b_);
+	&mov	(&DWP(4*2,"esp"),$c);
+	&mov	(&DWP(4*3,"esp"),$c_);
+	&mov	(&DWP(4*5,"esp"),$d);
+	&mov	(&DWP(4*6,"esp"),$d_);
+
+	&mov	($b_,&DWP(4*7,"esp"));
+	&mov	($c, &DWP(4*10,"esp"));
+	&mov	($c_,&DWP(4*11,"esp"));
+	&mov	($d, &DWP(4*13,"esp"));
+	&mov	($d_,&DWP(4*15,"esp"));
+	&add	($b_,&DWP(64+4*7,"esp"));
+	&add	($c, &DWP(64+4*10,"esp"));
+	&add	($c_,&DWP(64+4*11,"esp"));
+	&add	($d, &DWP(64+4*13,"esp"));
+	&add	($d_,&DWP(64+4*15,"esp"));
+	&mov	(&DWP(4*7,"esp"),$b_);
+	&mov	($b_,&wparam(1));		# load input
+	&mov	(&DWP(4*10,"esp"),$c);
+	&mov	($c,&wparam(0));		# load output
+	&mov	(&DWP(4*11,"esp"),$c_);
+	&xor	($c_,$c_);
+	&mov	(&DWP(4*13,"esp"),$d);
+	&mov	(&DWP(4*15,"esp"),$d_);
+
+	&xor	("eax","eax");
+	&xor	("edx","edx");
+&set_label("tail_loop");
+	&movb	("al",&BP(0,$c_,$b_));
+	&movb	("dl",&BP(0,"esp",$c_));
+	&lea	($c_,&DWP(1,$c_));
+	&xor	("al","dl");
+	&mov	(&BP(-1,$c,$c_),"al");
+	&dec	($b);
+	&jnz	(&label("tail_loop"));
+
+&set_label("done");
+	&stack_pop(33);
+&set_label("no_data");
+&function_end("ChaCha20_ctr32");
+
+if ($xmm) {
+my ($xa,$xa_,$xb,$xb_,$xc,$xc_,$xd,$xd_)=map("xmm$_",(0..7));
+my ($out,$inp,$len)=("edi","esi","ecx");
+
+sub QUARTERROUND_SSSE3 {
+my ($ai,$bi,$ci,$di,$i)=@_;
+my ($an,$bn,$cn,$dn)=map(($_&~3)+(($_+1)&3),($ai,$bi,$ci,$di));	# next
+my ($ap,$bp,$cp,$dp)=map(($_&~3)+(($_-1)&3),($ai,$bi,$ci,$di));	# previous
+
+	#       a   b   c   d
+	#
+	#       0   4   8  12 < even round
+	#       1   5   9  13
+	#       2   6  10  14
+	#       3   7  11  15
+	#       0   5  10  15 < odd round
+	#       1   6  11  12
+	#       2   7   8  13
+	#       3   4   9  14
+
+	if ($i==0) {
+            my $j=4;
+	    ($ap,$bp,$cp,$dp)=map(($_&~3)+(($_-$j--)&3),($ap,$bp,$cp,$dp));
+	} elsif ($i==3) {
+            my $j=0;
+	    ($an,$bn,$cn,$dn)=map(($_&~3)+(($_+$j++)&3),($an,$bn,$cn,$dn));
+	} elsif ($i==4) {
+            my $j=4;
+	    ($ap,$bp,$cp,$dp)=map(($_&~3)+(($_+$j--)&3),($ap,$bp,$cp,$dp));
+	} elsif ($i==7) {
+            my $j=0;
+	    ($an,$bn,$cn,$dn)=map(($_&~3)+(($_-$j++)&3),($an,$bn,$cn,$dn));
+	}
+
+	#&paddd	($xa,$xb);			# see elsewhere
+	#&pxor	($xd,$xa);			# see elsewhere
+	 &movdqa(&QWP(16*$cp-128,"ebx"),$xc_)	if ($ai>0 && $ai<3);
+	&pshufb	($xd,&QWP(0,"eax"));		# rot16
+	 &movdqa(&QWP(16*$bp-128,"ebx"),$xb_)	if ($i!=0);
+	&paddd	($xc,$xd);
+	 &movdqa($xc_,&QWP(16*$cn-128,"ebx"))	if ($ai>0 && $ai<3);
+	&pxor	($xb,$xc);
+	 &movdqa($xb_,&QWP(16*$bn-128,"ebx"))	if ($i<7);
+	&movdqa	($xa_,$xb);			# borrow as temporary
+	&pslld	($xb,12);
+	&psrld	($xa_,20);
+	&por	($xb,$xa_);
+	 &movdqa($xa_,&QWP(16*$an-128,"ebx"));
+	&paddd	($xa,$xb);
+	 &movdqa($xd_,&QWP(16*$dn-128,"ebx"))	if ($di!=$dn);
+	&pxor	($xd,$xa);
+	&movdqa	(&QWP(16*$ai-128,"ebx"),$xa);
+	&pshufb	($xd,&QWP(16,"eax"));		# rot8
+	&paddd	($xc,$xd);
+	&movdqa	(&QWP(16*$di-128,"ebx"),$xd)	if ($di!=$dn);
+	&movdqa	($xd_,$xd)			if ($di==$dn);
+	&pxor	($xb,$xc);
+	 &paddd	($xa_,$xb_)			if ($i<7);	# elsewhere
+	&movdqa	($xa,$xb);			# borrow as temporary
+	&pslld	($xb,7);
+	&psrld	($xa,25);
+	 &pxor	($xd_,$xa_)			if ($i<7);	# elsewhere
+	&por	($xb,$xa);
+
+	($xa,$xa_)=($xa_,$xa);
+	($xb,$xb_)=($xb_,$xb);
+	($xc,$xc_)=($xc_,$xc);
+	($xd,$xd_)=($xd_,$xd);
+}
+
+&function_begin("ChaCha20_ssse3");
+&set_label("ssse3_shortcut");
+if ($ymm) {
+	&test		(&DWP(4,"ebp"),1<<11);		# test XOP bit
+	&jnz		(&label("xop_shortcut"));
+}
+
+	&mov		($out,&wparam(0));
+	&mov		($inp,&wparam(1));
+	&mov		($len,&wparam(2));
+	&mov		("edx",&wparam(3));		# key
+	&mov		("ebx",&wparam(4));		# counter and nonce
+
+	&mov		("ebp","esp");
+	&stack_push	(131);
+	&and		("esp",-64);
+	&mov		(&DWP(512,"esp"),"ebp");
+
+	&lea		("eax",&DWP(&label("ssse3_data")."-".
+				    &label("pic_point"),"eax"));
+	&movdqu		("xmm3",&QWP(0,"ebx"));		# counter and nonce
+
+if (defined($gasver) && $gasver>=2.17) {		# even though we encode
+							# pshufb manually, we
+							# handle only register
+							# operands, while this
+							# segment uses memory
+							# operand...
+	&cmp		($len,64*4);
+	&jb		(&label("1x"));
+
+	&mov		(&DWP(512+4,"esp"),"edx");	# offload pointers
+	&mov		(&DWP(512+8,"esp"),"ebx");
+	&sub		($len,64*4);			# bias len
+	&lea		("ebp",&DWP(256+128,"esp"));	# size optimization
+
+	&movdqu		("xmm7",&QWP(0,"edx"));		# key
+	&pshufd		("xmm0","xmm3",0x00);
+	&pshufd		("xmm1","xmm3",0x55);
+	&pshufd		("xmm2","xmm3",0xaa);
+	&pshufd		("xmm3","xmm3",0xff);
+	 &paddd		("xmm0",&QWP(16*3,"eax"));	# fix counters
+	&pshufd		("xmm4","xmm7",0x00);
+	&pshufd		("xmm5","xmm7",0x55);
+	 &psubd		("xmm0",&QWP(16*4,"eax"));
+	&pshufd		("xmm6","xmm7",0xaa);
+	&pshufd		("xmm7","xmm7",0xff);
+	&movdqa		(&QWP(16*12-128,"ebp"),"xmm0");
+	&movdqa		(&QWP(16*13-128,"ebp"),"xmm1");
+	&movdqa		(&QWP(16*14-128,"ebp"),"xmm2");
+	&movdqa		(&QWP(16*15-128,"ebp"),"xmm3");
+	 &movdqu	("xmm3",&QWP(16,"edx"));	# key
+	&movdqa		(&QWP(16*4-128,"ebp"),"xmm4");
+	&movdqa		(&QWP(16*5-128,"ebp"),"xmm5");
+	&movdqa		(&QWP(16*6-128,"ebp"),"xmm6");
+	&movdqa		(&QWP(16*7-128,"ebp"),"xmm7");
+	 &movdqa	("xmm7",&QWP(16*2,"eax"));	# sigma
+	 &lea		("ebx",&DWP(128,"esp"));	# size optimization
+
+	&pshufd		("xmm0","xmm3",0x00);
+	&pshufd		("xmm1","xmm3",0x55);
+	&pshufd		("xmm2","xmm3",0xaa);
+	&pshufd		("xmm3","xmm3",0xff);
+	&pshufd		("xmm4","xmm7",0x00);
+	&pshufd		("xmm5","xmm7",0x55);
+	&pshufd		("xmm6","xmm7",0xaa);
+	&pshufd		("xmm7","xmm7",0xff);
+	&movdqa		(&QWP(16*8-128,"ebp"),"xmm0");
+	&movdqa		(&QWP(16*9-128,"ebp"),"xmm1");
+	&movdqa		(&QWP(16*10-128,"ebp"),"xmm2");
+	&movdqa		(&QWP(16*11-128,"ebp"),"xmm3");
+	&movdqa		(&QWP(16*0-128,"ebp"),"xmm4");
+	&movdqa		(&QWP(16*1-128,"ebp"),"xmm5");
+	&movdqa		(&QWP(16*2-128,"ebp"),"xmm6");
+	&movdqa		(&QWP(16*3-128,"ebp"),"xmm7");
+
+	&lea		($inp,&DWP(128,$inp));		# size optimization
+	&lea		($out,&DWP(128,$out));		# size optimization
+	&jmp		(&label("outer_loop"));
+
+&set_label("outer_loop",16);
+	#&movdqa	("xmm0",&QWP(16*0-128,"ebp"));	# copy key material
+	&movdqa		("xmm1",&QWP(16*1-128,"ebp"));
+	&movdqa		("xmm2",&QWP(16*2-128,"ebp"));
+	&movdqa		("xmm3",&QWP(16*3-128,"ebp"));
+	#&movdqa	("xmm4",&QWP(16*4-128,"ebp"));
+	&movdqa		("xmm5",&QWP(16*5-128,"ebp"));
+	&movdqa		("xmm6",&QWP(16*6-128,"ebp"));
+	&movdqa		("xmm7",&QWP(16*7-128,"ebp"));
+	#&movdqa	(&QWP(16*0-128,"ebx"),"xmm0");
+	&movdqa		(&QWP(16*1-128,"ebx"),"xmm1");
+	&movdqa		(&QWP(16*2-128,"ebx"),"xmm2");
+	&movdqa		(&QWP(16*3-128,"ebx"),"xmm3");
+	#&movdqa	(&QWP(16*4-128,"ebx"),"xmm4");
+	&movdqa		(&QWP(16*5-128,"ebx"),"xmm5");
+	&movdqa		(&QWP(16*6-128,"ebx"),"xmm6");
+	&movdqa		(&QWP(16*7-128,"ebx"),"xmm7");
+	#&movdqa	("xmm0",&QWP(16*8-128,"ebp"));
+	#&movdqa	("xmm1",&QWP(16*9-128,"ebp"));
+	&movdqa		("xmm2",&QWP(16*10-128,"ebp"));
+	&movdqa		("xmm3",&QWP(16*11-128,"ebp"));
+	&movdqa		("xmm4",&QWP(16*12-128,"ebp"));
+	&movdqa		("xmm5",&QWP(16*13-128,"ebp"));
+	&movdqa		("xmm6",&QWP(16*14-128,"ebp"));
+	&movdqa		("xmm7",&QWP(16*15-128,"ebp"));
+	&paddd		("xmm4",&QWP(16*4,"eax"));	# counter value
+	#&movdqa	(&QWP(16*8-128,"ebx"),"xmm0");
+	#&movdqa	(&QWP(16*9-128,"ebx"),"xmm1");
+	&movdqa		(&QWP(16*10-128,"ebx"),"xmm2");
+	&movdqa		(&QWP(16*11-128,"ebx"),"xmm3");
+	&movdqa		(&QWP(16*12-128,"ebx"),"xmm4");
+	&movdqa		(&QWP(16*13-128,"ebx"),"xmm5");
+	&movdqa		(&QWP(16*14-128,"ebx"),"xmm6");
+	&movdqa		(&QWP(16*15-128,"ebx"),"xmm7");
+	&movdqa		(&QWP(16*12-128,"ebp"),"xmm4");	# save counter value
+
+	&movdqa		($xa, &QWP(16*0-128,"ebp"));
+	&movdqa		($xd, "xmm4");
+	&movdqa		($xb_,&QWP(16*4-128,"ebp"));
+	&movdqa		($xc, &QWP(16*8-128,"ebp"));
+	&movdqa		($xc_,&QWP(16*9-128,"ebp"));
+
+	&mov		("edx",10);			# loop counter
+	&nop		();
+
+&set_label("loop",16);
+	&paddd		($xa,$xb_);			# elsewhere
+	&movdqa		($xb,$xb_);
+	&pxor		($xd,$xa);			# elsewhere
+	&QUARTERROUND_SSSE3(0, 4, 8, 12, 0);
+	&QUARTERROUND_SSSE3(1, 5, 9, 13, 1);
+	&QUARTERROUND_SSSE3(2, 6,10, 14, 2);
+	&QUARTERROUND_SSSE3(3, 7,11, 15, 3);
+	&QUARTERROUND_SSSE3(0, 5,10, 15, 4);
+	&QUARTERROUND_SSSE3(1, 6,11, 12, 5);
+	&QUARTERROUND_SSSE3(2, 7, 8, 13, 6);
+	&QUARTERROUND_SSSE3(3, 4, 9, 14, 7);
+	&dec		("edx");
+	&jnz		(&label("loop"));
+
+	&movdqa		(&QWP(16*4-128,"ebx"),$xb_);
+	&movdqa		(&QWP(16*8-128,"ebx"),$xc);
+	&movdqa		(&QWP(16*9-128,"ebx"),$xc_);
+	&movdqa		(&QWP(16*12-128,"ebx"),$xd);
+	&movdqa		(&QWP(16*14-128,"ebx"),$xd_);
+
+    my ($xa0,$xa1,$xa2,$xa3,$xt0,$xt1,$xt2,$xt3)=map("xmm$_",(0..7));
+
+	#&movdqa	($xa0,&QWP(16*0-128,"ebx"));	# it's there
+	&movdqa		($xa1,&QWP(16*1-128,"ebx"));
+	&movdqa		($xa2,&QWP(16*2-128,"ebx"));
+	&movdqa		($xa3,&QWP(16*3-128,"ebx"));
+
+    for($i=0;$i<256;$i+=64) {
+	&paddd		($xa0,&QWP($i+16*0-128,"ebp"));	# accumulate key material
+	&paddd		($xa1,&QWP($i+16*1-128,"ebp"));
+	&paddd		($xa2,&QWP($i+16*2-128,"ebp"));
+	&paddd		($xa3,&QWP($i+16*3-128,"ebp"));
+
+	&movdqa		($xt2,$xa0);		# "de-interlace" data
+	&punpckldq	($xa0,$xa1);
+	&movdqa		($xt3,$xa2);
+	&punpckldq	($xa2,$xa3);
+	&punpckhdq	($xt2,$xa1);
+	&punpckhdq	($xt3,$xa3);
+	&movdqa		($xa1,$xa0);
+	&punpcklqdq	($xa0,$xa2);		# "a0"
+	&movdqa		($xa3,$xt2);
+	&punpcklqdq	($xt2,$xt3);		# "a2"
+	&punpckhqdq	($xa1,$xa2);		# "a1"
+	&punpckhqdq	($xa3,$xt3);		# "a3"
+
+	#($xa2,$xt2)=($xt2,$xa2);
+
+	&movdqu		($xt0,&QWP(64*0-128,$inp));	# load input
+	&movdqu		($xt1,&QWP(64*1-128,$inp));
+	&movdqu		($xa2,&QWP(64*2-128,$inp));
+	&movdqu		($xt3,&QWP(64*3-128,$inp));
+	&lea		($inp,&QWP($i<192?16:(64*4-16*3),$inp));
+	&pxor		($xt0,$xa0);
+	&movdqa		($xa0,&QWP($i+16*4-128,"ebx"))	if ($i<192);
+	&pxor		($xt1,$xa1);
+	&movdqa		($xa1,&QWP($i+16*5-128,"ebx"))	if ($i<192);
+	&pxor		($xt2,$xa2);
+	&movdqa		($xa2,&QWP($i+16*6-128,"ebx"))	if ($i<192);
+	&pxor		($xt3,$xa3);
+	&movdqa		($xa3,&QWP($i+16*7-128,"ebx"))	if ($i<192);
+	&movdqu		(&QWP(64*0-128,$out),$xt0);	# store output
+	&movdqu		(&QWP(64*1-128,$out),$xt1);
+	&movdqu		(&QWP(64*2-128,$out),$xt2);
+	&movdqu		(&QWP(64*3-128,$out),$xt3);
+	&lea		($out,&QWP($i<192?16:(64*4-16*3),$out));
+    }
+	&sub		($len,64*4);
+	&jnc		(&label("outer_loop"));
+
+	&add		($len,64*4);
+	&jz		(&label("done"));
+
+	&mov		("ebx",&DWP(512+8,"esp"));	# restore pointers
+	&lea		($inp,&DWP(-128,$inp));
+	&mov		("edx",&DWP(512+4,"esp"));
+	&lea		($out,&DWP(-128,$out));
+
+	&movd		("xmm2",&DWP(16*12-128,"ebp"));	# counter value
+	&movdqu		("xmm3",&QWP(0,"ebx"));
+	&paddd		("xmm2",&QWP(16*6,"eax"));	# +four
+	&pand		("xmm3",&QWP(16*7,"eax"));
+	&por		("xmm3","xmm2");		# counter value
+}
+{
+my ($a,$b,$c,$d,$t,$t1,$rot16,$rot24)=map("xmm$_",(0..7));
+
+sub SSSE3ROUND {	# critical path is 20 "SIMD ticks" per round
+	&paddd		($a,$b);
+	&pxor		($d,$a);
+	&pshufb		($d,$rot16);
+
+	&paddd		($c,$d);
+	&pxor		($b,$c);
+	&movdqa		($t,$b);
+	&psrld		($b,20);
+	&pslld		($t,12);
+	&por		($b,$t);
+
+	&paddd		($a,$b);
+	&pxor		($d,$a);
+	&pshufb		($d,$rot24);
+
+	&paddd		($c,$d);
+	&pxor		($b,$c);
+	&movdqa		($t,$b);
+	&psrld		($b,25);
+	&pslld		($t,7);
+	&por		($b,$t);
+}
+
+&set_label("1x");
+	&movdqa		($a,&QWP(16*2,"eax"));		# sigma
+	&movdqu		($b,&QWP(0,"edx"));
+	&movdqu		($c,&QWP(16,"edx"));
+	#&movdqu	($d,&QWP(0,"ebx"));		# already loaded
+	&movdqa		($rot16,&QWP(0,"eax"));
+	&movdqa		($rot24,&QWP(16,"eax"));
+	&mov		(&DWP(16*3,"esp"),"ebp");
+
+	&movdqa		(&QWP(16*0,"esp"),$a);
+	&movdqa		(&QWP(16*1,"esp"),$b);
+	&movdqa		(&QWP(16*2,"esp"),$c);
+	&movdqa		(&QWP(16*3,"esp"),$d);
+	&mov		("edx",10);
+	&jmp		(&label("loop1x"));
+
+&set_label("outer1x",16);
+	&movdqa		($d,&QWP(16*5,"eax"));		# one
+	&movdqa		($a,&QWP(16*0,"esp"));
+	&movdqa		($b,&QWP(16*1,"esp"));
+	&movdqa		($c,&QWP(16*2,"esp"));
+	&paddd		($d,&QWP(16*3,"esp"));
+	&mov		("edx",10);
+	&movdqa		(&QWP(16*3,"esp"),$d);
+	&jmp		(&label("loop1x"));
+
+&set_label("loop1x",16);
+	&SSSE3ROUND();
+	&pshufd	($c,$c,0b01001110);
+	&pshufd	($b,$b,0b00111001);
+	&pshufd	($d,$d,0b10010011);
+	&nop	();
+
+	&SSSE3ROUND();
+	&pshufd	($c,$c,0b01001110);
+	&pshufd	($b,$b,0b10010011);
+	&pshufd	($d,$d,0b00111001);
+
+	&dec		("edx");
+	&jnz		(&label("loop1x"));
+
+	&paddd		($a,&QWP(16*0,"esp"));
+	&paddd		($b,&QWP(16*1,"esp"));
+	&paddd		($c,&QWP(16*2,"esp"));
+	&paddd		($d,&QWP(16*3,"esp"));
+
+	&cmp		($len,64);
+	&jb		(&label("tail"));
+
+	&movdqu		($t,&QWP(16*0,$inp));
+	&movdqu		($t1,&QWP(16*1,$inp));
+	&pxor		($a,$t);		# xor with input
+	&movdqu		($t,&QWP(16*2,$inp));
+	&pxor		($b,$t1);
+	&movdqu		($t1,&QWP(16*3,$inp));
+	&pxor		($c,$t);
+	&pxor		($d,$t1);
+	&lea		($inp,&DWP(16*4,$inp));	# inp+=64
+
+	&movdqu		(&QWP(16*0,$out),$a);	# write output
+	&movdqu		(&QWP(16*1,$out),$b);
+	&movdqu		(&QWP(16*2,$out),$c);
+	&movdqu		(&QWP(16*3,$out),$d);
+	&lea		($out,&DWP(16*4,$out));	# inp+=64
+
+	&sub		($len,64);
+	&jnz		(&label("outer1x"));
+
+	&jmp		(&label("done"));
+
+&set_label("tail");
+	&movdqa		(&QWP(16*0,"esp"),$a);
+	&movdqa		(&QWP(16*1,"esp"),$b);
+	&movdqa		(&QWP(16*2,"esp"),$c);
+	&movdqa		(&QWP(16*3,"esp"),$d);
+
+	&xor		("eax","eax");
+	&xor		("edx","edx");
+	&xor		("ebp","ebp");
+
+&set_label("tail_loop");
+	&movb		("al",&BP(0,"esp","ebp"));
+	&movb		("dl",&BP(0,$inp,"ebp"));
+	&lea		("ebp",&DWP(1,"ebp"));
+	&xor		("al","dl");
+	&movb		(&BP(-1,$out,"ebp"),"al");
+	&dec		($len);
+	&jnz		(&label("tail_loop"));
+}
+&set_label("done");
+	&mov		("esp",&DWP(512,"esp"));
+&function_end("ChaCha20_ssse3");
+
+&align	(64);
+&set_label("ssse3_data");
+&data_byte(0x2,0x3,0x0,0x1, 0x6,0x7,0x4,0x5, 0xa,0xb,0x8,0x9, 0xe,0xf,0xc,0xd);
+&data_byte(0x3,0x0,0x1,0x2, 0x7,0x4,0x5,0x6, 0xb,0x8,0x9,0xa, 0xf,0xc,0xd,0xe);
+&data_word(0x61707865,0x3320646e,0x79622d32,0x6b206574);
+&data_word(0,1,2,3);
+&data_word(4,4,4,4);
+&data_word(1,0,0,0);
+&data_word(4,0,0,0);
+&data_word(0,-1,-1,-1);
+&align	(64);
+}
+&asciz	("ChaCha20 for x86, CRYPTOGAMS by <appro\@openssl.org>");
+
+if ($ymm) {
+my ($xa,$xa_,$xb,$xb_,$xc,$xc_,$xd,$xd_)=map("xmm$_",(0..7));
+my ($out,$inp,$len)=("edi","esi","ecx");
+
+sub QUARTERROUND_XOP {
+my ($ai,$bi,$ci,$di,$i)=@_;
+my ($an,$bn,$cn,$dn)=map(($_&~3)+(($_+1)&3),($ai,$bi,$ci,$di));	# next
+my ($ap,$bp,$cp,$dp)=map(($_&~3)+(($_-1)&3),($ai,$bi,$ci,$di));	# previous
+
+	#       a   b   c   d
+	#
+	#       0   4   8  12 < even round
+	#       1   5   9  13
+	#       2   6  10  14
+	#       3   7  11  15
+	#       0   5  10  15 < odd round
+	#       1   6  11  12
+	#       2   7   8  13
+	#       3   4   9  14
+
+	if ($i==0) {
+            my $j=4;
+	    ($ap,$bp,$cp,$dp)=map(($_&~3)+(($_-$j--)&3),($ap,$bp,$cp,$dp));
+	} elsif ($i==3) {
+            my $j=0;
+	    ($an,$bn,$cn,$dn)=map(($_&~3)+(($_+$j++)&3),($an,$bn,$cn,$dn));
+	} elsif ($i==4) {
+            my $j=4;
+	    ($ap,$bp,$cp,$dp)=map(($_&~3)+(($_+$j--)&3),($ap,$bp,$cp,$dp));
+	} elsif ($i==7) {
+            my $j=0;
+	    ($an,$bn,$cn,$dn)=map(($_&~3)+(($_-$j++)&3),($an,$bn,$cn,$dn));
+	}
+
+	#&vpaddd	($xa,$xa,$xb);			# see elsewhere
+	#&vpxor		($xd,$xd,$xa);			# see elsewhere
+	 &vmovdqa	(&QWP(16*$cp-128,"ebx"),$xc_)	if ($ai>0 && $ai<3);
+	&vprotd		($xd,$xd,16);
+	 &vmovdqa	(&QWP(16*$bp-128,"ebx"),$xb_)	if ($i!=0);
+	&vpaddd		($xc,$xc,$xd);
+	 &vmovdqa	($xc_,&QWP(16*$cn-128,"ebx"))	if ($ai>0 && $ai<3);
+	&vpxor		($xb,$i!=0?$xb:$xb_,$xc);
+	 &vmovdqa	($xa_,&QWP(16*$an-128,"ebx"));
+	&vprotd		($xb,$xb,12);
+	 &vmovdqa	($xb_,&QWP(16*$bn-128,"ebx"))	if ($i<7);
+	&vpaddd		($xa,$xa,$xb);
+	 &vmovdqa	($xd_,&QWP(16*$dn-128,"ebx"))	if ($di!=$dn);
+	&vpxor		($xd,$xd,$xa);
+	 &vpaddd	($xa_,$xa_,$xb_)		if ($i<7);	# elsewhere
+	&vprotd		($xd,$xd,8);
+	&vmovdqa	(&QWP(16*$ai-128,"ebx"),$xa);
+	&vpaddd		($xc,$xc,$xd);
+	&vmovdqa	(&QWP(16*$di-128,"ebx"),$xd)	if ($di!=$dn);
+	&vpxor		($xb,$xb,$xc);
+	 &vpxor		($xd_,$di==$dn?$xd:$xd_,$xa_)	if ($i<7);	# elsewhere
+	&vprotd		($xb,$xb,7);
+
+	($xa,$xa_)=($xa_,$xa);
+	($xb,$xb_)=($xb_,$xb);
+	($xc,$xc_)=($xc_,$xc);
+	($xd,$xd_)=($xd_,$xd);
+}
+
+&function_begin("ChaCha20_xop");
+&set_label("xop_shortcut");
+	&mov		($out,&wparam(0));
+	&mov		($inp,&wparam(1));
+	&mov		($len,&wparam(2));
+	&mov		("edx",&wparam(3));		# key
+	&mov		("ebx",&wparam(4));		# counter and nonce
+	&vzeroupper	();
+
+	&mov		("ebp","esp");
+	&stack_push	(131);
+	&and		("esp",-64);
+	&mov		(&DWP(512,"esp"),"ebp");
+
+	&lea		("eax",&DWP(&label("ssse3_data")."-".
+				    &label("pic_point"),"eax"));
+	&vmovdqu	("xmm3",&QWP(0,"ebx"));		# counter and nonce
+
+	&cmp		($len,64*4);
+	&jb		(&label("1x"));
+
+	&mov		(&DWP(512+4,"esp"),"edx");	# offload pointers
+	&mov		(&DWP(512+8,"esp"),"ebx");
+	&sub		($len,64*4);			# bias len
+	&lea		("ebp",&DWP(256+128,"esp"));	# size optimization
+
+	&vmovdqu	("xmm7",&QWP(0,"edx"));		# key
+	&vpshufd	("xmm0","xmm3",0x00);
+	&vpshufd	("xmm1","xmm3",0x55);
+	&vpshufd	("xmm2","xmm3",0xaa);
+	&vpshufd	("xmm3","xmm3",0xff);
+	 &vpaddd	("xmm0","xmm0",&QWP(16*3,"eax"));	# fix counters
+	&vpshufd	("xmm4","xmm7",0x00);
+	&vpshufd	("xmm5","xmm7",0x55);
+	 &vpsubd	("xmm0","xmm0",&QWP(16*4,"eax"));
+	&vpshufd	("xmm6","xmm7",0xaa);
+	&vpshufd	("xmm7","xmm7",0xff);
+	&vmovdqa	(&QWP(16*12-128,"ebp"),"xmm0");
+	&vmovdqa	(&QWP(16*13-128,"ebp"),"xmm1");
+	&vmovdqa	(&QWP(16*14-128,"ebp"),"xmm2");
+	&vmovdqa	(&QWP(16*15-128,"ebp"),"xmm3");
+	 &vmovdqu	("xmm3",&QWP(16,"edx"));	# key
+	&vmovdqa	(&QWP(16*4-128,"ebp"),"xmm4");
+	&vmovdqa	(&QWP(16*5-128,"ebp"),"xmm5");
+	&vmovdqa	(&QWP(16*6-128,"ebp"),"xmm6");
+	&vmovdqa	(&QWP(16*7-128,"ebp"),"xmm7");
+	 &vmovdqa	("xmm7",&QWP(16*2,"eax"));	# sigma
+	 &lea		("ebx",&DWP(128,"esp"));	# size optimization
+
+	&vpshufd	("xmm0","xmm3",0x00);
+	&vpshufd	("xmm1","xmm3",0x55);
+	&vpshufd	("xmm2","xmm3",0xaa);
+	&vpshufd	("xmm3","xmm3",0xff);
+	&vpshufd	("xmm4","xmm7",0x00);
+	&vpshufd	("xmm5","xmm7",0x55);
+	&vpshufd	("xmm6","xmm7",0xaa);
+	&vpshufd	("xmm7","xmm7",0xff);
+	&vmovdqa	(&QWP(16*8-128,"ebp"),"xmm0");
+	&vmovdqa	(&QWP(16*9-128,"ebp"),"xmm1");
+	&vmovdqa	(&QWP(16*10-128,"ebp"),"xmm2");
+	&vmovdqa	(&QWP(16*11-128,"ebp"),"xmm3");
+	&vmovdqa	(&QWP(16*0-128,"ebp"),"xmm4");
+	&vmovdqa	(&QWP(16*1-128,"ebp"),"xmm5");
+	&vmovdqa	(&QWP(16*2-128,"ebp"),"xmm6");
+	&vmovdqa	(&QWP(16*3-128,"ebp"),"xmm7");
+
+	&lea		($inp,&DWP(128,$inp));		# size optimization
+	&lea		($out,&DWP(128,$out));		# size optimization
+	&jmp		(&label("outer_loop"));
+
+&set_label("outer_loop",32);
+	#&vmovdqa	("xmm0",&QWP(16*0-128,"ebp"));	# copy key material
+	&vmovdqa	("xmm1",&QWP(16*1-128,"ebp"));
+	&vmovdqa	("xmm2",&QWP(16*2-128,"ebp"));
+	&vmovdqa	("xmm3",&QWP(16*3-128,"ebp"));
+	#&vmovdqa	("xmm4",&QWP(16*4-128,"ebp"));
+	&vmovdqa	("xmm5",&QWP(16*5-128,"ebp"));
+	&vmovdqa	("xmm6",&QWP(16*6-128,"ebp"));
+	&vmovdqa	("xmm7",&QWP(16*7-128,"ebp"));
+	#&vmovdqa	(&QWP(16*0-128,"ebx"),"xmm0");
+	&vmovdqa	(&QWP(16*1-128,"ebx"),"xmm1");
+	&vmovdqa	(&QWP(16*2-128,"ebx"),"xmm2");
+	&vmovdqa	(&QWP(16*3-128,"ebx"),"xmm3");
+	#&vmovdqa	(&QWP(16*4-128,"ebx"),"xmm4");
+	&vmovdqa	(&QWP(16*5-128,"ebx"),"xmm5");
+	&vmovdqa	(&QWP(16*6-128,"ebx"),"xmm6");
+	&vmovdqa	(&QWP(16*7-128,"ebx"),"xmm7");
+	#&vmovdqa	("xmm0",&QWP(16*8-128,"ebp"));
+	#&vmovdqa	("xmm1",&QWP(16*9-128,"ebp"));
+	&vmovdqa	("xmm2",&QWP(16*10-128,"ebp"));
+	&vmovdqa	("xmm3",&QWP(16*11-128,"ebp"));
+	&vmovdqa	("xmm4",&QWP(16*12-128,"ebp"));
+	&vmovdqa	("xmm5",&QWP(16*13-128,"ebp"));
+	&vmovdqa	("xmm6",&QWP(16*14-128,"ebp"));
+	&vmovdqa	("xmm7",&QWP(16*15-128,"ebp"));
+	&vpaddd		("xmm4","xmm4",&QWP(16*4,"eax"));	# counter value
+	#&vmovdqa	(&QWP(16*8-128,"ebx"),"xmm0");
+	#&vmovdqa	(&QWP(16*9-128,"ebx"),"xmm1");
+	&vmovdqa	(&QWP(16*10-128,"ebx"),"xmm2");
+	&vmovdqa	(&QWP(16*11-128,"ebx"),"xmm3");
+	&vmovdqa	(&QWP(16*12-128,"ebx"),"xmm4");
+	&vmovdqa	(&QWP(16*13-128,"ebx"),"xmm5");
+	&vmovdqa	(&QWP(16*14-128,"ebx"),"xmm6");
+	&vmovdqa	(&QWP(16*15-128,"ebx"),"xmm7");
+	&vmovdqa	(&QWP(16*12-128,"ebp"),"xmm4");	# save counter value
+
+	&vmovdqa	($xa, &QWP(16*0-128,"ebp"));
+	&vmovdqa	($xd, "xmm4");
+	&vmovdqa	($xb_,&QWP(16*4-128,"ebp"));
+	&vmovdqa	($xc, &QWP(16*8-128,"ebp"));
+	&vmovdqa	($xc_,&QWP(16*9-128,"ebp"));
+
+	&mov		("edx",10);			# loop counter
+	&nop		();
+
+&set_label("loop",32);
+	&vpaddd		($xa,$xa,$xb_);			# elsewhere
+	&vpxor		($xd,$xd,$xa);			# elsewhere
+	&QUARTERROUND_XOP(0, 4, 8, 12, 0);
+	&QUARTERROUND_XOP(1, 5, 9, 13, 1);
+	&QUARTERROUND_XOP(2, 6,10, 14, 2);
+	&QUARTERROUND_XOP(3, 7,11, 15, 3);
+	&QUARTERROUND_XOP(0, 5,10, 15, 4);
+	&QUARTERROUND_XOP(1, 6,11, 12, 5);
+	&QUARTERROUND_XOP(2, 7, 8, 13, 6);
+	&QUARTERROUND_XOP(3, 4, 9, 14, 7);
+	&dec		("edx");
+	&jnz		(&label("loop"));
+
+	&vmovdqa	(&QWP(16*4-128,"ebx"),$xb_);
+	&vmovdqa	(&QWP(16*8-128,"ebx"),$xc);
+	&vmovdqa	(&QWP(16*9-128,"ebx"),$xc_);
+	&vmovdqa	(&QWP(16*12-128,"ebx"),$xd);
+	&vmovdqa	(&QWP(16*14-128,"ebx"),$xd_);
+
+    my ($xa0,$xa1,$xa2,$xa3,$xt0,$xt1,$xt2,$xt3)=map("xmm$_",(0..7));
+
+	#&vmovdqa	($xa0,&QWP(16*0-128,"ebx"));	# it's there
+	&vmovdqa	($xa1,&QWP(16*1-128,"ebx"));
+	&vmovdqa	($xa2,&QWP(16*2-128,"ebx"));
+	&vmovdqa	($xa3,&QWP(16*3-128,"ebx"));
+
+    for($i=0;$i<256;$i+=64) {
+	&vpaddd		($xa0,$xa0,&QWP($i+16*0-128,"ebp"));	# accumulate key material
+	&vpaddd		($xa1,$xa1,&QWP($i+16*1-128,"ebp"));
+	&vpaddd		($xa2,$xa2,&QWP($i+16*2-128,"ebp"));
+	&vpaddd		($xa3,$xa3,&QWP($i+16*3-128,"ebp"));
+
+	&vpunpckldq	($xt2,$xa0,$xa1);	# "de-interlace" data
+	&vpunpckldq	($xt3,$xa2,$xa3);
+	&vpunpckhdq	($xa0,$xa0,$xa1);
+	&vpunpckhdq	($xa2,$xa2,$xa3);
+	&vpunpcklqdq	($xa1,$xt2,$xt3);	# "a0"
+	&vpunpckhqdq	($xt2,$xt2,$xt3);	# "a1"
+	&vpunpcklqdq	($xt3,$xa0,$xa2);	# "a2"
+	&vpunpckhqdq	($xa3,$xa0,$xa2);	# "a3"
+
+	&vpxor		($xt0,$xa1,&QWP(64*0-128,$inp));
+	&vpxor		($xt1,$xt2,&QWP(64*1-128,$inp));
+	&vpxor		($xt2,$xt3,&QWP(64*2-128,$inp));
+	&vpxor		($xt3,$xa3,&QWP(64*3-128,$inp));
+	&lea		($inp,&QWP($i<192?16:(64*4-16*3),$inp));
+	&vmovdqa	($xa0,&QWP($i+16*4-128,"ebx"))	if ($i<192);
+	&vmovdqa	($xa1,&QWP($i+16*5-128,"ebx"))	if ($i<192);
+	&vmovdqa	($xa2,&QWP($i+16*6-128,"ebx"))	if ($i<192);
+	&vmovdqa	($xa3,&QWP($i+16*7-128,"ebx"))	if ($i<192);
+	&vmovdqu	(&QWP(64*0-128,$out),$xt0);	# store output
+	&vmovdqu	(&QWP(64*1-128,$out),$xt1);
+	&vmovdqu	(&QWP(64*2-128,$out),$xt2);
+	&vmovdqu	(&QWP(64*3-128,$out),$xt3);
+	&lea		($out,&QWP($i<192?16:(64*4-16*3),$out));
+    }
+	&sub		($len,64*4);
+	&jnc		(&label("outer_loop"));
+
+	&add		($len,64*4);
+	&jz		(&label("done"));
+
+	&mov		("ebx",&DWP(512+8,"esp"));	# restore pointers
+	&lea		($inp,&DWP(-128,$inp));
+	&mov		("edx",&DWP(512+4,"esp"));
+	&lea		($out,&DWP(-128,$out));
+
+	&vmovd		("xmm2",&DWP(16*12-128,"ebp"));	# counter value
+	&vmovdqu	("xmm3",&QWP(0,"ebx"));
+	&vpaddd		("xmm2","xmm2",&QWP(16*6,"eax"));# +four
+	&vpand		("xmm3","xmm3",&QWP(16*7,"eax"));
+	&vpor		("xmm3","xmm3","xmm2");		# counter value
+{
+my ($a,$b,$c,$d,$t,$t1,$rot16,$rot24)=map("xmm$_",(0..7));
+
+sub XOPROUND {
+	&vpaddd		($a,$a,$b);
+	&vpxor		($d,$d,$a);
+	&vprotd		($d,$d,16);
+
+	&vpaddd		($c,$c,$d);
+	&vpxor		($b,$b,$c);
+	&vprotd		($b,$b,12);
+
+	&vpaddd		($a,$a,$b);
+	&vpxor		($d,$d,$a);
+	&vprotd		($d,$d,8);
+
+	&vpaddd		($c,$c,$d);
+	&vpxor		($b,$b,$c);
+	&vprotd		($b,$b,7);
+}
+
+&set_label("1x");
+	&vmovdqa	($a,&QWP(16*2,"eax"));		# sigma
+	&vmovdqu	($b,&QWP(0,"edx"));
+	&vmovdqu	($c,&QWP(16,"edx"));
+	#&vmovdqu	($d,&QWP(0,"ebx"));		# already loaded
+	&vmovdqa	($rot16,&QWP(0,"eax"));
+	&vmovdqa	($rot24,&QWP(16,"eax"));
+	&mov		(&DWP(16*3,"esp"),"ebp");
+
+	&vmovdqa	(&QWP(16*0,"esp"),$a);
+	&vmovdqa	(&QWP(16*1,"esp"),$b);
+	&vmovdqa	(&QWP(16*2,"esp"),$c);
+	&vmovdqa	(&QWP(16*3,"esp"),$d);
+	&mov		("edx",10);
+	&jmp		(&label("loop1x"));
+
+&set_label("outer1x",16);
+	&vmovdqa	($d,&QWP(16*5,"eax"));		# one
+	&vmovdqa	($a,&QWP(16*0,"esp"));
+	&vmovdqa	($b,&QWP(16*1,"esp"));
+	&vmovdqa	($c,&QWP(16*2,"esp"));
+	&vpaddd		($d,$d,&QWP(16*3,"esp"));
+	&mov		("edx",10);
+	&vmovdqa	(&QWP(16*3,"esp"),$d);
+	&jmp		(&label("loop1x"));
+
+&set_label("loop1x",16);
+	&XOPROUND();
+	&vpshufd	($c,$c,0b01001110);
+	&vpshufd	($b,$b,0b00111001);
+	&vpshufd	($d,$d,0b10010011);
+
+	&XOPROUND();
+	&vpshufd	($c,$c,0b01001110);
+	&vpshufd	($b,$b,0b10010011);
+	&vpshufd	($d,$d,0b00111001);
+
+	&dec		("edx");
+	&jnz		(&label("loop1x"));
+
+	&vpaddd		($a,$a,&QWP(16*0,"esp"));
+	&vpaddd		($b,$b,&QWP(16*1,"esp"));
+	&vpaddd		($c,$c,&QWP(16*2,"esp"));
+	&vpaddd		($d,$d,&QWP(16*3,"esp"));
+
+	&cmp		($len,64);
+	&jb		(&label("tail"));
+
+	&vpxor		($a,$a,&QWP(16*0,$inp));	# xor with input
+	&vpxor		($b,$b,&QWP(16*1,$inp));
+	&vpxor		($c,$c,&QWP(16*2,$inp));
+	&vpxor		($d,$d,&QWP(16*3,$inp));
+	&lea		($inp,&DWP(16*4,$inp));		# inp+=64
+
+	&vmovdqu	(&QWP(16*0,$out),$a);		# write output
+	&vmovdqu	(&QWP(16*1,$out),$b);
+	&vmovdqu	(&QWP(16*2,$out),$c);
+	&vmovdqu	(&QWP(16*3,$out),$d);
+	&lea		($out,&DWP(16*4,$out));		# inp+=64
+
+	&sub		($len,64);
+	&jnz		(&label("outer1x"));
+
+	&jmp		(&label("done"));
+
+&set_label("tail");
+	&vmovdqa	(&QWP(16*0,"esp"),$a);
+	&vmovdqa	(&QWP(16*1,"esp"),$b);
+	&vmovdqa	(&QWP(16*2,"esp"),$c);
+	&vmovdqa	(&QWP(16*3,"esp"),$d);
+
+	&xor		("eax","eax");
+	&xor		("edx","edx");
+	&xor		("ebp","ebp");
+
+&set_label("tail_loop");
+	&movb		("al",&BP(0,"esp","ebp"));
+	&movb		("dl",&BP(0,$inp,"ebp"));
+	&lea		("ebp",&DWP(1,"ebp"));
+	&xor		("al","dl");
+	&movb		(&BP(-1,$out,"ebp"),"al");
+	&dec		($len);
+	&jnz		(&label("tail_loop"));
+}
+&set_label("done");
+	&vzeroupper	();
+	&mov		("esp",&DWP(512,"esp"));
+&function_end("ChaCha20_xop");
+}
+
+&asm_finish();
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/asm/chacha-x86_64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/asm/chacha-x86_64.pl
new file mode 100755
index 000000000..b54f3b152
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/asm/chacha-x86_64.pl
@@ -0,0 +1,4005 @@
+#! /usr/bin/env perl
+# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# November 2014
+#
+# ChaCha20 for x86_64.
+#
+# December 2016
+#
+# Add AVX512F code path.
+#
+# December 2017
+#
+# Add AVX512VL code path.
+#
+# Performance in cycles per byte out of large buffer.
+#
+#		IALU/gcc 4.8(i)	1x/2xSSSE3(ii)	4xSSSE3	    NxAVX(v)
+#
+# P4		9.48/+99%	-		-
+# Core2		7.83/+55%	7.90/5.76	4.35
+# Westmere	7.19/+50%	5.60/4.50	3.00
+# Sandy Bridge	8.31/+42%	5.45/4.00	2.72
+# Ivy Bridge	6.71/+46%	5.40/?		2.41
+# Haswell	5.92/+43%	5.20/3.45	2.42        1.23
+# Skylake[-X]	5.87/+39%	4.70/3.22	2.31        1.19[0.80(vi)]
+# Silvermont	12.0/+33%	7.75/6.90	7.03(iii)
+# Knights L	11.7/-		?		9.60(iii)   0.80
+# Goldmont	10.6/+17%	5.10/3.52	3.28
+# Sledgehammer	7.28/+52%	-		-
+# Bulldozer	9.66/+28%	9.85/5.35(iv)	3.06(iv)
+# Ryzen		5.96/+50%	5.19/3.00	2.40        2.09
+# VIA Nano	10.5/+46%	6.72/6.88	6.05
+#
+# (i)	compared to older gcc 3.x one can observe >2x improvement on
+#	most platforms;
+# (ii)	2xSSSE3 is code path optimized specifically for 128 bytes used
+#	by chacha20_poly1305_tls_cipher, results are EVP-free;
+# (iii)	this is not optimal result for Atom because of MSROM
+#	limitations, SSE2 can do better, but gain is considered too
+#	low to justify the [maintenance] effort;
+# (iv)	Bulldozer actually executes 4xXOP code path that delivers 2.20
+#	and 4.85 for 128-byte inputs;
+# (v)	8xAVX2, 8xAVX512VL or 16xAVX512F, whichever best applicable;
+# (vi)	even though Skylake-X can execute AVX512F code and deliver 0.57
+#	cpb in single thread, the corresponding capability is suppressed;
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+		=~ /GNU assembler version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.19) + ($1>=2.22) + ($1>=2.25);
+}
+
+if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
+	   `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)(?:\.([0-9]+))?/) {
+	$avx = ($1>=2.09) + ($1>=2.10) + ($1>=2.12);
+	$avx += 1 if ($1==2.11 && $2>=8);
+}
+
+if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
+	   `ml64 2>&1` =~ /Version ([0-9]+)\./) {
+	$avx = ($1>=10) + ($1>=11);
+}
+
+if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) {
+	$avx = ($2>=3.0) + ($2>3.0);
+}
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+# input parameter block
+($out,$inp,$len,$key,$counter)=("%rdi","%rsi","%rdx","%rcx","%r8");
+
+$code.=<<___;
+.text
+
+.extern OPENSSL_ia32cap_P
+
+.align	64
+.Lzero:
+.long	0,0,0,0
+.Lone:
+.long	1,0,0,0
+.Linc:
+.long	0,1,2,3
+.Lfour:
+.long	4,4,4,4
+.Lincy:
+.long	0,2,4,6,1,3,5,7
+.Leight:
+.long	8,8,8,8,8,8,8,8
+.Lrot16:
+.byte	0x2,0x3,0x0,0x1, 0x6,0x7,0x4,0x5, 0xa,0xb,0x8,0x9, 0xe,0xf,0xc,0xd
+.Lrot24:
+.byte	0x3,0x0,0x1,0x2, 0x7,0x4,0x5,0x6, 0xb,0x8,0x9,0xa, 0xf,0xc,0xd,0xe
+.Ltwoy:
+.long	2,0,0,0, 2,0,0,0
+.align	64
+.Lzeroz:
+.long	0,0,0,0, 1,0,0,0, 2,0,0,0, 3,0,0,0
+.Lfourz:
+.long	4,0,0,0, 4,0,0,0, 4,0,0,0, 4,0,0,0
+.Lincz:
+.long	0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15
+.Lsixteen:
+.long	16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16
+.Lsigma:
+.asciz	"expand 32-byte k"
+.asciz	"ChaCha20 for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+sub AUTOLOAD()          # thunk [simplified] 32-bit style perlasm
+{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://;
+  my $arg = pop;
+    $arg = "\$$arg" if ($arg*1 eq $arg);
+    $code .= "\t$opcode\t".join(',',$arg,reverse @_)."\n";
+}
+
+@x=("%eax","%ebx","%ecx","%edx",map("%r${_}d",(8..11)),
+    "%nox","%nox","%nox","%nox",map("%r${_}d",(12..15)));
+@t=("%esi","%edi");
+
+sub ROUND {			# critical path is 24 cycles per round
+my ($a0,$b0,$c0,$d0)=@_;
+my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0));
+my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1));
+my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2));
+my ($xc,$xc_)=map("\"$_\"",@t);
+my @x=map("\"$_\"",@x);
+
+	# Consider order in which variables are addressed by their
+	# index:
+	#
+	#	a   b   c   d
+	#
+	#	0   4   8  12 < even round
+	#	1   5   9  13
+	#	2   6  10  14
+	#	3   7  11  15
+	#	0   5  10  15 < odd round
+	#	1   6  11  12
+	#	2   7   8  13
+	#	3   4   9  14
+	#
+	# 'a', 'b' and 'd's are permanently allocated in registers,
+	# @x[0..7,12..15], while 'c's are maintained in memory. If
+	# you observe 'c' column, you'll notice that pair of 'c's is
+	# invariant between rounds. This means that we have to reload
+	# them once per round, in the middle. This is why you'll see
+	# bunch of 'c' stores and loads in the middle, but none in
+	# the beginning or end.
+
+	# Normally instructions would be interleaved to favour in-order
+	# execution. Generally out-of-order cores manage it gracefully,
+	# but not this time for some reason. As in-order execution
+	# cores are dying breed, old Atom is the only one around,
+	# instructions are left uninterleaved. Besides, Atom is better
+	# off executing 1xSSSE3 code anyway...
+
+	(
+	"&add	(@x[$a0],@x[$b0])",	# Q1
+	"&xor	(@x[$d0],@x[$a0])",
+	"&rol	(@x[$d0],16)",
+	 "&add	(@x[$a1],@x[$b1])",	# Q2
+	 "&xor	(@x[$d1],@x[$a1])",
+	 "&rol	(@x[$d1],16)",
+
+	"&add	($xc,@x[$d0])",
+	"&xor	(@x[$b0],$xc)",
+	"&rol	(@x[$b0],12)",
+	 "&add	($xc_,@x[$d1])",
+	 "&xor	(@x[$b1],$xc_)",
+	 "&rol	(@x[$b1],12)",
+
+	"&add	(@x[$a0],@x[$b0])",
+	"&xor	(@x[$d0],@x[$a0])",
+	"&rol	(@x[$d0],8)",
+	 "&add	(@x[$a1],@x[$b1])",
+	 "&xor	(@x[$d1],@x[$a1])",
+	 "&rol	(@x[$d1],8)",
+
+	"&add	($xc,@x[$d0])",
+	"&xor	(@x[$b0],$xc)",
+	"&rol	(@x[$b0],7)",
+	 "&add	($xc_,@x[$d1])",
+	 "&xor	(@x[$b1],$xc_)",
+	 "&rol	(@x[$b1],7)",
+
+	"&mov	(\"4*$c0(%rsp)\",$xc)",	# reload pair of 'c's
+	 "&mov	(\"4*$c1(%rsp)\",$xc_)",
+	"&mov	($xc,\"4*$c2(%rsp)\")",
+	 "&mov	($xc_,\"4*$c3(%rsp)\")",
+
+	"&add	(@x[$a2],@x[$b2])",	# Q3
+	"&xor	(@x[$d2],@x[$a2])",
+	"&rol	(@x[$d2],16)",
+	 "&add	(@x[$a3],@x[$b3])",	# Q4
+	 "&xor	(@x[$d3],@x[$a3])",
+	 "&rol	(@x[$d3],16)",
+
+	"&add	($xc,@x[$d2])",
+	"&xor	(@x[$b2],$xc)",
+	"&rol	(@x[$b2],12)",
+	 "&add	($xc_,@x[$d3])",
+	 "&xor	(@x[$b3],$xc_)",
+	 "&rol	(@x[$b3],12)",
+
+	"&add	(@x[$a2],@x[$b2])",
+	"&xor	(@x[$d2],@x[$a2])",
+	"&rol	(@x[$d2],8)",
+	 "&add	(@x[$a3],@x[$b3])",
+	 "&xor	(@x[$d3],@x[$a3])",
+	 "&rol	(@x[$d3],8)",
+
+	"&add	($xc,@x[$d2])",
+	"&xor	(@x[$b2],$xc)",
+	"&rol	(@x[$b2],7)",
+	 "&add	($xc_,@x[$d3])",
+	 "&xor	(@x[$b3],$xc_)",
+	 "&rol	(@x[$b3],7)"
+	);
+}
+
+########################################################################
+# Generic code path that handles all lengths on pre-SSSE3 processors.
+$code.=<<___;
+.globl	ChaCha20_ctr32
+.type	ChaCha20_ctr32,\@function,5
+.align	64
+ChaCha20_ctr32:
+.cfi_startproc
+	cmp	\$0,$len
+	je	.Lno_data
+	mov	OPENSSL_ia32cap_P+4(%rip),%r10
+___
+$code.=<<___	if ($avx>2);
+	bt	\$48,%r10		# check for AVX512F
+	jc	.LChaCha20_avx512
+	test	%r10,%r10		# check for AVX512VL
+	js	.LChaCha20_avx512vl
+___
+$code.=<<___;
+	test	\$`1<<(41-32)`,%r10d
+	jnz	.LChaCha20_ssse3
+
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+	sub	\$64+24,%rsp
+.cfi_adjust_cfa_offset	64+24
+.Lctr32_body:
+
+	#movdqa	.Lsigma(%rip),%xmm0
+	movdqu	($key),%xmm1
+	movdqu	16($key),%xmm2
+	movdqu	($counter),%xmm3
+	movdqa	.Lone(%rip),%xmm4
+
+	#movdqa	%xmm0,4*0(%rsp)		# key[0]
+	movdqa	%xmm1,4*4(%rsp)		# key[1]
+	movdqa	%xmm2,4*8(%rsp)		# key[2]
+	movdqa	%xmm3,4*12(%rsp)	# key[3]
+	mov	$len,%rbp		# reassign $len
+	jmp	.Loop_outer
+
+.align	32
+.Loop_outer:
+	mov	\$0x61707865,@x[0]      # 'expa'
+	mov	\$0x3320646e,@x[1]      # 'nd 3'
+	mov	\$0x79622d32,@x[2]      # '2-by'
+	mov	\$0x6b206574,@x[3]      # 'te k'
+	mov	4*4(%rsp),@x[4]
+	mov	4*5(%rsp),@x[5]
+	mov	4*6(%rsp),@x[6]
+	mov	4*7(%rsp),@x[7]
+	movd	%xmm3,@x[12]
+	mov	4*13(%rsp),@x[13]
+	mov	4*14(%rsp),@x[14]
+	mov	4*15(%rsp),@x[15]
+
+	mov	%rbp,64+0(%rsp)		# save len
+	mov	\$10,%ebp
+	mov	$inp,64+8(%rsp)		# save inp
+	movq	%xmm2,%rsi		# "@x[8]"
+	mov	$out,64+16(%rsp)	# save out
+	mov	%rsi,%rdi
+	shr	\$32,%rdi		# "@x[9]"
+	jmp	.Loop
+
+.align	32
+.Loop:
+___
+	foreach (&ROUND (0, 4, 8,12)) { eval; }
+	foreach (&ROUND	(0, 5,10,15)) { eval; }
+	&dec	("%ebp");
+	&jnz	(".Loop");
+
+$code.=<<___;
+	mov	@t[1],4*9(%rsp)		# modulo-scheduled
+	mov	@t[0],4*8(%rsp)
+	mov	64(%rsp),%rbp		# load len
+	movdqa	%xmm2,%xmm1
+	mov	64+8(%rsp),$inp		# load inp
+	paddd	%xmm4,%xmm3		# increment counter
+	mov	64+16(%rsp),$out	# load out
+
+	add	\$0x61707865,@x[0]      # 'expa'
+	add	\$0x3320646e,@x[1]      # 'nd 3'
+	add	\$0x79622d32,@x[2]      # '2-by'
+	add	\$0x6b206574,@x[3]      # 'te k'
+	add	4*4(%rsp),@x[4]
+	add	4*5(%rsp),@x[5]
+	add	4*6(%rsp),@x[6]
+	add	4*7(%rsp),@x[7]
+	add	4*12(%rsp),@x[12]
+	add	4*13(%rsp),@x[13]
+	add	4*14(%rsp),@x[14]
+	add	4*15(%rsp),@x[15]
+	paddd	4*8(%rsp),%xmm1
+
+	cmp	\$64,%rbp
+	jb	.Ltail
+
+	xor	4*0($inp),@x[0]		# xor with input
+	xor	4*1($inp),@x[1]
+	xor	4*2($inp),@x[2]
+	xor	4*3($inp),@x[3]
+	xor	4*4($inp),@x[4]
+	xor	4*5($inp),@x[5]
+	xor	4*6($inp),@x[6]
+	xor	4*7($inp),@x[7]
+	movdqu	4*8($inp),%xmm0
+	xor	4*12($inp),@x[12]
+	xor	4*13($inp),@x[13]
+	xor	4*14($inp),@x[14]
+	xor	4*15($inp),@x[15]
+	lea	4*16($inp),$inp		# inp+=64
+	pxor	%xmm1,%xmm0
+
+	movdqa	%xmm2,4*8(%rsp)
+	movd	%xmm3,4*12(%rsp)
+
+	mov	@x[0],4*0($out)		# write output
+	mov	@x[1],4*1($out)
+	mov	@x[2],4*2($out)
+	mov	@x[3],4*3($out)
+	mov	@x[4],4*4($out)
+	mov	@x[5],4*5($out)
+	mov	@x[6],4*6($out)
+	mov	@x[7],4*7($out)
+	movdqu	%xmm0,4*8($out)
+	mov	@x[12],4*12($out)
+	mov	@x[13],4*13($out)
+	mov	@x[14],4*14($out)
+	mov	@x[15],4*15($out)
+	lea	4*16($out),$out		# out+=64
+
+	sub	\$64,%rbp
+	jnz	.Loop_outer
+
+	jmp	.Ldone
+
+.align	16
+.Ltail:
+	mov	@x[0],4*0(%rsp)
+	mov	@x[1],4*1(%rsp)
+	xor	%rbx,%rbx
+	mov	@x[2],4*2(%rsp)
+	mov	@x[3],4*3(%rsp)
+	mov	@x[4],4*4(%rsp)
+	mov	@x[5],4*5(%rsp)
+	mov	@x[6],4*6(%rsp)
+	mov	@x[7],4*7(%rsp)
+	movdqa	%xmm1,4*8(%rsp)
+	mov	@x[12],4*12(%rsp)
+	mov	@x[13],4*13(%rsp)
+	mov	@x[14],4*14(%rsp)
+	mov	@x[15],4*15(%rsp)
+
+.Loop_tail:
+	movzb	($inp,%rbx),%eax
+	movzb	(%rsp,%rbx),%edx
+	lea	1(%rbx),%rbx
+	xor	%edx,%eax
+	mov	%al,-1($out,%rbx)
+	dec	%rbp
+	jnz	.Loop_tail
+
+.Ldone:
+	lea	64+24+48(%rsp),%rsi
+.cfi_def_cfa	%rsi,8
+	mov	-48(%rsi),%r15
+.cfi_restore	%r15
+	mov	-40(%rsi),%r14
+.cfi_restore	%r14
+	mov	-32(%rsi),%r13
+.cfi_restore	%r13
+	mov	-24(%rsi),%r12
+.cfi_restore	%r12
+	mov	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lno_data:
+	ret
+.cfi_endproc
+.size	ChaCha20_ctr32,.-ChaCha20_ctr32
+___
+
+########################################################################
+# SSSE3 code path that handles shorter lengths
+{
+my ($a,$b,$c,$d,$t,$t1,$rot16,$rot24)=map("%xmm$_",(0..7));
+
+sub SSSE3ROUND {	# critical path is 20 "SIMD ticks" per round
+	&paddd	($a,$b);
+	&pxor	($d,$a);
+	&pshufb	($d,$rot16);
+
+	&paddd	($c,$d);
+	&pxor	($b,$c);
+	&movdqa	($t,$b);
+	&psrld	($b,20);
+	&pslld	($t,12);
+	&por	($b,$t);
+
+	&paddd	($a,$b);
+	&pxor	($d,$a);
+	&pshufb	($d,$rot24);
+
+	&paddd	($c,$d);
+	&pxor	($b,$c);
+	&movdqa	($t,$b);
+	&psrld	($b,25);
+	&pslld	($t,7);
+	&por	($b,$t);
+}
+
+my $xframe = $win64 ? 32+8 : 8;
+
+$code.=<<___;
+.type	ChaCha20_ssse3,\@function,5
+.align	32
+ChaCha20_ssse3:
+.cfi_startproc
+.LChaCha20_ssse3:
+	mov	%rsp,%r9		# frame pointer
+.cfi_def_cfa_register	%r9
+___
+$code.=<<___	if ($avx);
+	test	\$`1<<(43-32)`,%r10d
+	jnz	.LChaCha20_4xop		# XOP is fastest even if we use 1/4
+___
+$code.=<<___;
+	cmp	\$128,$len		# we might throw away some data,
+	je	.LChaCha20_128
+	ja	.LChaCha20_4x		# but overall it won't be slower
+
+.Ldo_sse3_after_all:
+	sub	\$64+$xframe,%rsp
+___
+$code.=<<___	if ($win64);
+	movaps	%xmm6,-0x28(%r9)
+	movaps	%xmm7,-0x18(%r9)
+.Lssse3_body:
+___
+$code.=<<___;
+	movdqa	.Lsigma(%rip),$a
+	movdqu	($key),$b
+	movdqu	16($key),$c
+	movdqu	($counter),$d
+	movdqa	.Lrot16(%rip),$rot16
+	movdqa	.Lrot24(%rip),$rot24
+
+	movdqa	$a,0x00(%rsp)
+	movdqa	$b,0x10(%rsp)
+	movdqa	$c,0x20(%rsp)
+	movdqa	$d,0x30(%rsp)
+	mov	\$10,$counter		# reuse $counter
+	jmp	.Loop_ssse3
+
+.align	32
+.Loop_outer_ssse3:
+	movdqa	.Lone(%rip),$d
+	movdqa	0x00(%rsp),$a
+	movdqa	0x10(%rsp),$b
+	movdqa	0x20(%rsp),$c
+	paddd	0x30(%rsp),$d
+	mov	\$10,$counter
+	movdqa	$d,0x30(%rsp)
+	jmp	.Loop_ssse3
+
+.align	32
+.Loop_ssse3:
+___
+	&SSSE3ROUND();
+	&pshufd	($c,$c,0b01001110);
+	&pshufd	($b,$b,0b00111001);
+	&pshufd	($d,$d,0b10010011);
+	&nop	();
+
+	&SSSE3ROUND();
+	&pshufd	($c,$c,0b01001110);
+	&pshufd	($b,$b,0b10010011);
+	&pshufd	($d,$d,0b00111001);
+
+	&dec	($counter);
+	&jnz	(".Loop_ssse3");
+
+$code.=<<___;
+	paddd	0x00(%rsp),$a
+	paddd	0x10(%rsp),$b
+	paddd	0x20(%rsp),$c
+	paddd	0x30(%rsp),$d
+
+	cmp	\$64,$len
+	jb	.Ltail_ssse3
+
+	movdqu	0x00($inp),$t
+	movdqu	0x10($inp),$t1
+	pxor	$t,$a			# xor with input
+	movdqu	0x20($inp),$t
+	pxor	$t1,$b
+	movdqu	0x30($inp),$t1
+	lea	0x40($inp),$inp		# inp+=64
+	pxor	$t,$c
+	pxor	$t1,$d
+
+	movdqu	$a,0x00($out)		# write output
+	movdqu	$b,0x10($out)
+	movdqu	$c,0x20($out)
+	movdqu	$d,0x30($out)
+	lea	0x40($out),$out		# out+=64
+
+	sub	\$64,$len
+	jnz	.Loop_outer_ssse3
+
+	jmp	.Ldone_ssse3
+
+.align	16
+.Ltail_ssse3:
+	movdqa	$a,0x00(%rsp)
+	movdqa	$b,0x10(%rsp)
+	movdqa	$c,0x20(%rsp)
+	movdqa	$d,0x30(%rsp)
+	xor	$counter,$counter
+
+.Loop_tail_ssse3:
+	movzb	($inp,$counter),%eax
+	movzb	(%rsp,$counter),%ecx
+	lea	1($counter),$counter
+	xor	%ecx,%eax
+	mov	%al,-1($out,$counter)
+	dec	$len
+	jnz	.Loop_tail_ssse3
+
+.Ldone_ssse3:
+___
+$code.=<<___	if ($win64);
+	movaps	-0x28(%r9),%xmm6
+	movaps	-0x18(%r9),%xmm7
+___
+$code.=<<___;
+	lea	(%r9),%rsp
+.cfi_def_cfa_register	%rsp
+.Lssse3_epilogue:
+	ret
+.cfi_endproc
+.size	ChaCha20_ssse3,.-ChaCha20_ssse3
+___
+}
+
+########################################################################
+# SSSE3 code path that handles 128-byte inputs
+{
+my ($a,$b,$c,$d,$t,$t1,$rot16,$rot24)=map("%xmm$_",(8,9,2..7));
+my ($a1,$b1,$c1,$d1)=map("%xmm$_",(10,11,0,1));
+
+sub SSSE3ROUND_2x {
+	&paddd	($a,$b);
+	&pxor	($d,$a);
+	 &paddd	($a1,$b1);
+	 &pxor	($d1,$a1);
+	&pshufb	($d,$rot16);
+	 &pshufb($d1,$rot16);
+
+	&paddd	($c,$d);
+	 &paddd	($c1,$d1);
+	&pxor	($b,$c);
+	 &pxor	($b1,$c1);
+	&movdqa	($t,$b);
+	&psrld	($b,20);
+	 &movdqa($t1,$b1);
+	&pslld	($t,12);
+	 &psrld	($b1,20);
+	&por	($b,$t);
+	 &pslld	($t1,12);
+	 &por	($b1,$t1);
+
+	&paddd	($a,$b);
+	&pxor	($d,$a);
+	 &paddd	($a1,$b1);
+	 &pxor	($d1,$a1);
+	&pshufb	($d,$rot24);
+	 &pshufb($d1,$rot24);
+
+	&paddd	($c,$d);
+	 &paddd	($c1,$d1);
+	&pxor	($b,$c);
+	 &pxor	($b1,$c1);
+	&movdqa	($t,$b);
+	&psrld	($b,25);
+	 &movdqa($t1,$b1);
+	&pslld	($t,7);
+	 &psrld	($b1,25);
+	&por	($b,$t);
+	 &pslld	($t1,7);
+	 &por	($b1,$t1);
+}
+
+my $xframe = $win64 ? 0x68 : 8;
+
+$code.=<<___;
+.type	ChaCha20_128,\@function,5
+.align	32
+ChaCha20_128:
+.cfi_startproc
+.LChaCha20_128:
+	mov	%rsp,%r9		# frame pointer
+.cfi_def_cfa_register	%r9
+	sub	\$64+$xframe,%rsp
+___
+$code.=<<___	if ($win64);
+	movaps	%xmm6,-0x68(%r9)
+	movaps	%xmm7,-0x58(%r9)
+	movaps	%xmm8,-0x48(%r9)
+	movaps	%xmm9,-0x38(%r9)
+	movaps	%xmm10,-0x28(%r9)
+	movaps	%xmm11,-0x18(%r9)
+.L128_body:
+___
+$code.=<<___;
+	movdqa	.Lsigma(%rip),$a
+	movdqu	($key),$b
+	movdqu	16($key),$c
+	movdqu	($counter),$d
+	movdqa	.Lone(%rip),$d1
+	movdqa	.Lrot16(%rip),$rot16
+	movdqa	.Lrot24(%rip),$rot24
+
+	movdqa	$a,$a1
+	movdqa	$a,0x00(%rsp)
+	movdqa	$b,$b1
+	movdqa	$b,0x10(%rsp)
+	movdqa	$c,$c1
+	movdqa	$c,0x20(%rsp)
+	paddd	$d,$d1
+	movdqa	$d,0x30(%rsp)
+	mov	\$10,$counter		# reuse $counter
+	jmp	.Loop_128
+
+.align	32
+.Loop_128:
+___
+	&SSSE3ROUND_2x();
+	&pshufd	($c,$c,0b01001110);
+	&pshufd	($b,$b,0b00111001);
+	&pshufd	($d,$d,0b10010011);
+	&pshufd	($c1,$c1,0b01001110);
+	&pshufd	($b1,$b1,0b00111001);
+	&pshufd	($d1,$d1,0b10010011);
+
+	&SSSE3ROUND_2x();
+	&pshufd	($c,$c,0b01001110);
+	&pshufd	($b,$b,0b10010011);
+	&pshufd	($d,$d,0b00111001);
+	&pshufd	($c1,$c1,0b01001110);
+	&pshufd	($b1,$b1,0b10010011);
+	&pshufd	($d1,$d1,0b00111001);
+
+	&dec	($counter);
+	&jnz	(".Loop_128");
+
+$code.=<<___;
+	paddd	0x00(%rsp),$a
+	paddd	0x10(%rsp),$b
+	paddd	0x20(%rsp),$c
+	paddd	0x30(%rsp),$d
+	paddd	.Lone(%rip),$d1
+	paddd	0x00(%rsp),$a1
+	paddd	0x10(%rsp),$b1
+	paddd	0x20(%rsp),$c1
+	paddd	0x30(%rsp),$d1
+
+	movdqu	0x00($inp),$t
+	movdqu	0x10($inp),$t1
+	pxor	$t,$a			# xor with input
+	movdqu	0x20($inp),$t
+	pxor	$t1,$b
+	movdqu	0x30($inp),$t1
+	pxor	$t,$c
+	movdqu	0x40($inp),$t
+	pxor	$t1,$d
+	movdqu	0x50($inp),$t1
+	pxor	$t,$a1
+	movdqu	0x60($inp),$t
+	pxor	$t1,$b1
+	movdqu	0x70($inp),$t1
+	pxor	$t,$c1
+	pxor	$t1,$d1
+
+	movdqu	$a,0x00($out)		# write output
+	movdqu	$b,0x10($out)
+	movdqu	$c,0x20($out)
+	movdqu	$d,0x30($out)
+	movdqu	$a1,0x40($out)
+	movdqu	$b1,0x50($out)
+	movdqu	$c1,0x60($out)
+	movdqu	$d1,0x70($out)
+___
+$code.=<<___	if ($win64);
+	movaps	-0x68(%r9),%xmm6
+	movaps	-0x58(%r9),%xmm7
+	movaps	-0x48(%r9),%xmm8
+	movaps	-0x38(%r9),%xmm9
+	movaps	-0x28(%r9),%xmm10
+	movaps	-0x18(%r9),%xmm11
+___
+$code.=<<___;
+	lea	(%r9),%rsp
+.cfi_def_cfa_register	%rsp
+.L128_epilogue:
+	ret
+.cfi_endproc
+.size	ChaCha20_128,.-ChaCha20_128
+___
+}
+
+########################################################################
+# SSSE3 code path that handles longer messages.
+{
+# assign variables to favor Atom front-end
+my ($xd0,$xd1,$xd2,$xd3, $xt0,$xt1,$xt2,$xt3,
+    $xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3)=map("%xmm$_",(0..15));
+my  @xx=($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3,
+	"%nox","%nox","%nox","%nox", $xd0,$xd1,$xd2,$xd3);
+
+sub SSSE3_lane_ROUND {
+my ($a0,$b0,$c0,$d0)=@_;
+my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0));
+my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1));
+my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2));
+my ($xc,$xc_,$t0,$t1)=map("\"$_\"",$xt0,$xt1,$xt2,$xt3);
+my @x=map("\"$_\"",@xx);
+
+	# Consider order in which variables are addressed by their
+	# index:
+	#
+	#	a   b   c   d
+	#
+	#	0   4   8  12 < even round
+	#	1   5   9  13
+	#	2   6  10  14
+	#	3   7  11  15
+	#	0   5  10  15 < odd round
+	#	1   6  11  12
+	#	2   7   8  13
+	#	3   4   9  14
+	#
+	# 'a', 'b' and 'd's are permanently allocated in registers,
+	# @x[0..7,12..15], while 'c's are maintained in memory. If
+	# you observe 'c' column, you'll notice that pair of 'c's is
+	# invariant between rounds. This means that we have to reload
+	# them once per round, in the middle. This is why you'll see
+	# bunch of 'c' stores and loads in the middle, but none in
+	# the beginning or end.
+
+	(
+	"&paddd		(@x[$a0],@x[$b0])",	# Q1
+	 "&paddd	(@x[$a1],@x[$b1])",	# Q2
+	"&pxor		(@x[$d0],@x[$a0])",
+	 "&pxor		(@x[$d1],@x[$a1])",
+	"&pshufb	(@x[$d0],$t1)",
+	 "&pshufb	(@x[$d1],$t1)",
+
+	"&paddd		($xc,@x[$d0])",
+	 "&paddd	($xc_,@x[$d1])",
+	"&pxor		(@x[$b0],$xc)",
+	 "&pxor		(@x[$b1],$xc_)",
+	"&movdqa	($t0,@x[$b0])",
+	"&pslld		(@x[$b0],12)",
+	"&psrld		($t0,20)",
+	 "&movdqa	($t1,@x[$b1])",
+	 "&pslld	(@x[$b1],12)",
+	"&por		(@x[$b0],$t0)",
+	 "&psrld	($t1,20)",
+	"&movdqa	($t0,'(%r11)')",	# .Lrot24(%rip)
+	 "&por		(@x[$b1],$t1)",
+
+	"&paddd		(@x[$a0],@x[$b0])",
+	 "&paddd	(@x[$a1],@x[$b1])",
+	"&pxor		(@x[$d0],@x[$a0])",
+	 "&pxor		(@x[$d1],@x[$a1])",
+	"&pshufb	(@x[$d0],$t0)",
+	 "&pshufb	(@x[$d1],$t0)",
+
+	"&paddd		($xc,@x[$d0])",
+	 "&paddd	($xc_,@x[$d1])",
+	"&pxor		(@x[$b0],$xc)",
+	 "&pxor		(@x[$b1],$xc_)",
+	"&movdqa	($t1,@x[$b0])",
+	"&pslld		(@x[$b0],7)",
+	"&psrld		($t1,25)",
+	 "&movdqa	($t0,@x[$b1])",
+	 "&pslld	(@x[$b1],7)",
+	"&por		(@x[$b0],$t1)",
+	 "&psrld	($t0,25)",
+	"&movdqa	($t1,'(%r10)')",	# .Lrot16(%rip)
+	 "&por		(@x[$b1],$t0)",
+
+	"&movdqa	(\"`16*($c0-8)`(%rsp)\",$xc)",	# reload pair of 'c's
+	 "&movdqa	(\"`16*($c1-8)`(%rsp)\",$xc_)",
+	"&movdqa	($xc,\"`16*($c2-8)`(%rsp)\")",
+	 "&movdqa	($xc_,\"`16*($c3-8)`(%rsp)\")",
+
+	"&paddd		(@x[$a2],@x[$b2])",	# Q3
+	 "&paddd	(@x[$a3],@x[$b3])",	# Q4
+	"&pxor		(@x[$d2],@x[$a2])",
+	 "&pxor		(@x[$d3],@x[$a3])",
+	"&pshufb	(@x[$d2],$t1)",
+	 "&pshufb	(@x[$d3],$t1)",
+
+	"&paddd		($xc,@x[$d2])",
+	 "&paddd	($xc_,@x[$d3])",
+	"&pxor		(@x[$b2],$xc)",
+	 "&pxor		(@x[$b3],$xc_)",
+	"&movdqa	($t0,@x[$b2])",
+	"&pslld		(@x[$b2],12)",
+	"&psrld		($t0,20)",
+	 "&movdqa	($t1,@x[$b3])",
+	 "&pslld	(@x[$b3],12)",
+	"&por		(@x[$b2],$t0)",
+	 "&psrld	($t1,20)",
+	"&movdqa	($t0,'(%r11)')",	# .Lrot24(%rip)
+	 "&por		(@x[$b3],$t1)",
+
+	"&paddd		(@x[$a2],@x[$b2])",
+	 "&paddd	(@x[$a3],@x[$b3])",
+	"&pxor		(@x[$d2],@x[$a2])",
+	 "&pxor		(@x[$d3],@x[$a3])",
+	"&pshufb	(@x[$d2],$t0)",
+	 "&pshufb	(@x[$d3],$t0)",
+
+	"&paddd		($xc,@x[$d2])",
+	 "&paddd	($xc_,@x[$d3])",
+	"&pxor		(@x[$b2],$xc)",
+	 "&pxor		(@x[$b3],$xc_)",
+	"&movdqa	($t1,@x[$b2])",
+	"&pslld		(@x[$b2],7)",
+	"&psrld		($t1,25)",
+	 "&movdqa	($t0,@x[$b3])",
+	 "&pslld	(@x[$b3],7)",
+	"&por		(@x[$b2],$t1)",
+	 "&psrld	($t0,25)",
+	"&movdqa	($t1,'(%r10)')",	# .Lrot16(%rip)
+	 "&por		(@x[$b3],$t0)"
+	);
+}
+
+my $xframe = $win64 ? 0xa8 : 8;
+
+$code.=<<___;
+.type	ChaCha20_4x,\@function,5
+.align	32
+ChaCha20_4x:
+.cfi_startproc
+.LChaCha20_4x:
+	mov		%rsp,%r9		# frame pointer
+.cfi_def_cfa_register	%r9
+	mov		%r10,%r11
+___
+$code.=<<___	if ($avx>1);
+	shr		\$32,%r10		# OPENSSL_ia32cap_P+8
+	test		\$`1<<5`,%r10		# test AVX2
+	jnz		.LChaCha20_8x
+___
+$code.=<<___;
+	cmp		\$192,$len
+	ja		.Lproceed4x
+
+	and		\$`1<<26|1<<22`,%r11	# isolate XSAVE+MOVBE
+	cmp		\$`1<<22`,%r11		# check for MOVBE without XSAVE
+	je		.Ldo_sse3_after_all	# to detect Atom
+
+.Lproceed4x:
+	sub		\$0x140+$xframe,%rsp
+___
+	################ stack layout
+	# +0x00		SIMD equivalent of @x[8-12]
+	# ...
+	# +0x40		constant copy of key[0-2] smashed by lanes
+	# ...
+	# +0x100	SIMD counters (with nonce smashed by lanes)
+	# ...
+	# +0x140
+$code.=<<___	if ($win64);
+	movaps		%xmm6,-0xa8(%r9)
+	movaps		%xmm7,-0x98(%r9)
+	movaps		%xmm8,-0x88(%r9)
+	movaps		%xmm9,-0x78(%r9)
+	movaps		%xmm10,-0x68(%r9)
+	movaps		%xmm11,-0x58(%r9)
+	movaps		%xmm12,-0x48(%r9)
+	movaps		%xmm13,-0x38(%r9)
+	movaps		%xmm14,-0x28(%r9)
+	movaps		%xmm15,-0x18(%r9)
+.L4x_body:
+___
+$code.=<<___;
+	movdqa		.Lsigma(%rip),$xa3	# key[0]
+	movdqu		($key),$xb3		# key[1]
+	movdqu		16($key),$xt3		# key[2]
+	movdqu		($counter),$xd3		# key[3]
+	lea		0x100(%rsp),%rcx	# size optimization
+	lea		.Lrot16(%rip),%r10
+	lea		.Lrot24(%rip),%r11
+
+	pshufd		\$0x00,$xa3,$xa0	# smash key by lanes...
+	pshufd		\$0x55,$xa3,$xa1
+	movdqa		$xa0,0x40(%rsp)		# ... and offload
+	pshufd		\$0xaa,$xa3,$xa2
+	movdqa		$xa1,0x50(%rsp)
+	pshufd		\$0xff,$xa3,$xa3
+	movdqa		$xa2,0x60(%rsp)
+	movdqa		$xa3,0x70(%rsp)
+
+	pshufd		\$0x00,$xb3,$xb0
+	pshufd		\$0x55,$xb3,$xb1
+	movdqa		$xb0,0x80-0x100(%rcx)
+	pshufd		\$0xaa,$xb3,$xb2
+	movdqa		$xb1,0x90-0x100(%rcx)
+	pshufd		\$0xff,$xb3,$xb3
+	movdqa		$xb2,0xa0-0x100(%rcx)
+	movdqa		$xb3,0xb0-0x100(%rcx)
+
+	pshufd		\$0x00,$xt3,$xt0	# "$xc0"
+	pshufd		\$0x55,$xt3,$xt1	# "$xc1"
+	movdqa		$xt0,0xc0-0x100(%rcx)
+	pshufd		\$0xaa,$xt3,$xt2	# "$xc2"
+	movdqa		$xt1,0xd0-0x100(%rcx)
+	pshufd		\$0xff,$xt3,$xt3	# "$xc3"
+	movdqa		$xt2,0xe0-0x100(%rcx)
+	movdqa		$xt3,0xf0-0x100(%rcx)
+
+	pshufd		\$0x00,$xd3,$xd0
+	pshufd		\$0x55,$xd3,$xd1
+	paddd		.Linc(%rip),$xd0	# don't save counters yet
+	pshufd		\$0xaa,$xd3,$xd2
+	movdqa		$xd1,0x110-0x100(%rcx)
+	pshufd		\$0xff,$xd3,$xd3
+	movdqa		$xd2,0x120-0x100(%rcx)
+	movdqa		$xd3,0x130-0x100(%rcx)
+
+	jmp		.Loop_enter4x
+
+.align	32
+.Loop_outer4x:
+	movdqa		0x40(%rsp),$xa0		# re-load smashed key
+	movdqa		0x50(%rsp),$xa1
+	movdqa		0x60(%rsp),$xa2
+	movdqa		0x70(%rsp),$xa3
+	movdqa		0x80-0x100(%rcx),$xb0
+	movdqa		0x90-0x100(%rcx),$xb1
+	movdqa		0xa0-0x100(%rcx),$xb2
+	movdqa		0xb0-0x100(%rcx),$xb3
+	movdqa		0xc0-0x100(%rcx),$xt0	# "$xc0"
+	movdqa		0xd0-0x100(%rcx),$xt1	# "$xc1"
+	movdqa		0xe0-0x100(%rcx),$xt2	# "$xc2"
+	movdqa		0xf0-0x100(%rcx),$xt3	# "$xc3"
+	movdqa		0x100-0x100(%rcx),$xd0
+	movdqa		0x110-0x100(%rcx),$xd1
+	movdqa		0x120-0x100(%rcx),$xd2
+	movdqa		0x130-0x100(%rcx),$xd3
+	paddd		.Lfour(%rip),$xd0	# next SIMD counters
+
+.Loop_enter4x:
+	movdqa		$xt2,0x20(%rsp)		# SIMD equivalent of "@x[10]"
+	movdqa		$xt3,0x30(%rsp)		# SIMD equivalent of "@x[11]"
+	movdqa		(%r10),$xt3		# .Lrot16(%rip)
+	mov		\$10,%eax
+	movdqa		$xd0,0x100-0x100(%rcx)	# save SIMD counters
+	jmp		.Loop4x
+
+.align	32
+.Loop4x:
+___
+	foreach (&SSSE3_lane_ROUND(0, 4, 8,12)) { eval; }
+	foreach (&SSSE3_lane_ROUND(0, 5,10,15)) { eval; }
+$code.=<<___;
+	dec		%eax
+	jnz		.Loop4x
+
+	paddd		0x40(%rsp),$xa0		# accumulate key material
+	paddd		0x50(%rsp),$xa1
+	paddd		0x60(%rsp),$xa2
+	paddd		0x70(%rsp),$xa3
+
+	movdqa		$xa0,$xt2		# "de-interlace" data
+	punpckldq	$xa1,$xa0
+	movdqa		$xa2,$xt3
+	punpckldq	$xa3,$xa2
+	punpckhdq	$xa1,$xt2
+	punpckhdq	$xa3,$xt3
+	movdqa		$xa0,$xa1
+	punpcklqdq	$xa2,$xa0		# "a0"
+	movdqa		$xt2,$xa3
+	punpcklqdq	$xt3,$xt2		# "a2"
+	punpckhqdq	$xa2,$xa1		# "a1"
+	punpckhqdq	$xt3,$xa3		# "a3"
+___
+	($xa2,$xt2)=($xt2,$xa2);
+$code.=<<___;
+	paddd		0x80-0x100(%rcx),$xb0
+	paddd		0x90-0x100(%rcx),$xb1
+	paddd		0xa0-0x100(%rcx),$xb2
+	paddd		0xb0-0x100(%rcx),$xb3
+
+	movdqa		$xa0,0x00(%rsp)		# offload $xaN
+	movdqa		$xa1,0x10(%rsp)
+	movdqa		0x20(%rsp),$xa0		# "xc2"
+	movdqa		0x30(%rsp),$xa1		# "xc3"
+
+	movdqa		$xb0,$xt2
+	punpckldq	$xb1,$xb0
+	movdqa		$xb2,$xt3
+	punpckldq	$xb3,$xb2
+	punpckhdq	$xb1,$xt2
+	punpckhdq	$xb3,$xt3
+	movdqa		$xb0,$xb1
+	punpcklqdq	$xb2,$xb0		# "b0"
+	movdqa		$xt2,$xb3
+	punpcklqdq	$xt3,$xt2		# "b2"
+	punpckhqdq	$xb2,$xb1		# "b1"
+	punpckhqdq	$xt3,$xb3		# "b3"
+___
+	($xb2,$xt2)=($xt2,$xb2);
+	my ($xc0,$xc1,$xc2,$xc3)=($xt0,$xt1,$xa0,$xa1);
+$code.=<<___;
+	paddd		0xc0-0x100(%rcx),$xc0
+	paddd		0xd0-0x100(%rcx),$xc1
+	paddd		0xe0-0x100(%rcx),$xc2
+	paddd		0xf0-0x100(%rcx),$xc3
+
+	movdqa		$xa2,0x20(%rsp)		# keep offloading $xaN
+	movdqa		$xa3,0x30(%rsp)
+
+	movdqa		$xc0,$xt2
+	punpckldq	$xc1,$xc0
+	movdqa		$xc2,$xt3
+	punpckldq	$xc3,$xc2
+	punpckhdq	$xc1,$xt2
+	punpckhdq	$xc3,$xt3
+	movdqa		$xc0,$xc1
+	punpcklqdq	$xc2,$xc0		# "c0"
+	movdqa		$xt2,$xc3
+	punpcklqdq	$xt3,$xt2		# "c2"
+	punpckhqdq	$xc2,$xc1		# "c1"
+	punpckhqdq	$xt3,$xc3		# "c3"
+___
+	($xc2,$xt2)=($xt2,$xc2);
+	($xt0,$xt1)=($xa2,$xa3);		# use $xaN as temporary
+$code.=<<___;
+	paddd		0x100-0x100(%rcx),$xd0
+	paddd		0x110-0x100(%rcx),$xd1
+	paddd		0x120-0x100(%rcx),$xd2
+	paddd		0x130-0x100(%rcx),$xd3
+
+	movdqa		$xd0,$xt2
+	punpckldq	$xd1,$xd0
+	movdqa		$xd2,$xt3
+	punpckldq	$xd3,$xd2
+	punpckhdq	$xd1,$xt2
+	punpckhdq	$xd3,$xt3
+	movdqa		$xd0,$xd1
+	punpcklqdq	$xd2,$xd0		# "d0"
+	movdqa		$xt2,$xd3
+	punpcklqdq	$xt3,$xt2		# "d2"
+	punpckhqdq	$xd2,$xd1		# "d1"
+	punpckhqdq	$xt3,$xd3		# "d3"
+___
+	($xd2,$xt2)=($xt2,$xd2);
+$code.=<<___;
+	cmp		\$64*4,$len
+	jb		.Ltail4x
+
+	movdqu		0x00($inp),$xt0		# xor with input
+	movdqu		0x10($inp),$xt1
+	movdqu		0x20($inp),$xt2
+	movdqu		0x30($inp),$xt3
+	pxor		0x00(%rsp),$xt0		# $xaN is offloaded, remember?
+	pxor		$xb0,$xt1
+	pxor		$xc0,$xt2
+	pxor		$xd0,$xt3
+
+	 movdqu		$xt0,0x00($out)
+	movdqu		0x40($inp),$xt0
+	 movdqu		$xt1,0x10($out)
+	movdqu		0x50($inp),$xt1
+	 movdqu		$xt2,0x20($out)
+	movdqu		0x60($inp),$xt2
+	 movdqu		$xt3,0x30($out)
+	movdqu		0x70($inp),$xt3
+	lea		0x80($inp),$inp		# size optimization
+	pxor		0x10(%rsp),$xt0
+	pxor		$xb1,$xt1
+	pxor		$xc1,$xt2
+	pxor		$xd1,$xt3
+
+	 movdqu		$xt0,0x40($out)
+	movdqu		0x00($inp),$xt0
+	 movdqu		$xt1,0x50($out)
+	movdqu		0x10($inp),$xt1
+	 movdqu		$xt2,0x60($out)
+	movdqu		0x20($inp),$xt2
+	 movdqu		$xt3,0x70($out)
+	 lea		0x80($out),$out		# size optimization
+	movdqu		0x30($inp),$xt3
+	pxor		0x20(%rsp),$xt0
+	pxor		$xb2,$xt1
+	pxor		$xc2,$xt2
+	pxor		$xd2,$xt3
+
+	 movdqu		$xt0,0x00($out)
+	movdqu		0x40($inp),$xt0
+	 movdqu		$xt1,0x10($out)
+	movdqu		0x50($inp),$xt1
+	 movdqu		$xt2,0x20($out)
+	movdqu		0x60($inp),$xt2
+	 movdqu		$xt3,0x30($out)
+	movdqu		0x70($inp),$xt3
+	lea		0x80($inp),$inp		# inp+=64*4
+	pxor		0x30(%rsp),$xt0
+	pxor		$xb3,$xt1
+	pxor		$xc3,$xt2
+	pxor		$xd3,$xt3
+	movdqu		$xt0,0x40($out)
+	movdqu		$xt1,0x50($out)
+	movdqu		$xt2,0x60($out)
+	movdqu		$xt3,0x70($out)
+	lea		0x80($out),$out		# out+=64*4
+
+	sub		\$64*4,$len
+	jnz		.Loop_outer4x
+
+	jmp		.Ldone4x
+
+.Ltail4x:
+	cmp		\$192,$len
+	jae		.L192_or_more4x
+	cmp		\$128,$len
+	jae		.L128_or_more4x
+	cmp		\$64,$len
+	jae		.L64_or_more4x
+
+	#movdqa		0x00(%rsp),$xt0		# $xaN is offloaded, remember?
+	xor		%r10,%r10
+	#movdqa		$xt0,0x00(%rsp)
+	movdqa		$xb0,0x10(%rsp)
+	movdqa		$xc0,0x20(%rsp)
+	movdqa		$xd0,0x30(%rsp)
+	jmp		.Loop_tail4x
+
+.align	32
+.L64_or_more4x:
+	movdqu		0x00($inp),$xt0		# xor with input
+	movdqu		0x10($inp),$xt1
+	movdqu		0x20($inp),$xt2
+	movdqu		0x30($inp),$xt3
+	pxor		0x00(%rsp),$xt0		# $xaxN is offloaded, remember?
+	pxor		$xb0,$xt1
+	pxor		$xc0,$xt2
+	pxor		$xd0,$xt3
+	movdqu		$xt0,0x00($out)
+	movdqu		$xt1,0x10($out)
+	movdqu		$xt2,0x20($out)
+	movdqu		$xt3,0x30($out)
+	je		.Ldone4x
+
+	movdqa		0x10(%rsp),$xt0		# $xaN is offloaded, remember?
+	lea		0x40($inp),$inp		# inp+=64*1
+	xor		%r10,%r10
+	movdqa		$xt0,0x00(%rsp)
+	movdqa		$xb1,0x10(%rsp)
+	lea		0x40($out),$out		# out+=64*1
+	movdqa		$xc1,0x20(%rsp)
+	sub		\$64,$len		# len-=64*1
+	movdqa		$xd1,0x30(%rsp)
+	jmp		.Loop_tail4x
+
+.align	32
+.L128_or_more4x:
+	movdqu		0x00($inp),$xt0		# xor with input
+	movdqu		0x10($inp),$xt1
+	movdqu		0x20($inp),$xt2
+	movdqu		0x30($inp),$xt3
+	pxor		0x00(%rsp),$xt0		# $xaN is offloaded, remember?
+	pxor		$xb0,$xt1
+	pxor		$xc0,$xt2
+	pxor		$xd0,$xt3
+
+	 movdqu		$xt0,0x00($out)
+	movdqu		0x40($inp),$xt0
+	 movdqu		$xt1,0x10($out)
+	movdqu		0x50($inp),$xt1
+	 movdqu		$xt2,0x20($out)
+	movdqu		0x60($inp),$xt2
+	 movdqu		$xt3,0x30($out)
+	movdqu		0x70($inp),$xt3
+	pxor		0x10(%rsp),$xt0
+	pxor		$xb1,$xt1
+	pxor		$xc1,$xt2
+	pxor		$xd1,$xt3
+	movdqu		$xt0,0x40($out)
+	movdqu		$xt1,0x50($out)
+	movdqu		$xt2,0x60($out)
+	movdqu		$xt3,0x70($out)
+	je		.Ldone4x
+
+	movdqa		0x20(%rsp),$xt0		# $xaN is offloaded, remember?
+	lea		0x80($inp),$inp		# inp+=64*2
+	xor		%r10,%r10
+	movdqa		$xt0,0x00(%rsp)
+	movdqa		$xb2,0x10(%rsp)
+	lea		0x80($out),$out		# out+=64*2
+	movdqa		$xc2,0x20(%rsp)
+	sub		\$128,$len		# len-=64*2
+	movdqa		$xd2,0x30(%rsp)
+	jmp		.Loop_tail4x
+
+.align	32
+.L192_or_more4x:
+	movdqu		0x00($inp),$xt0		# xor with input
+	movdqu		0x10($inp),$xt1
+	movdqu		0x20($inp),$xt2
+	movdqu		0x30($inp),$xt3
+	pxor		0x00(%rsp),$xt0		# $xaN is offloaded, remember?
+	pxor		$xb0,$xt1
+	pxor		$xc0,$xt2
+	pxor		$xd0,$xt3
+
+	 movdqu		$xt0,0x00($out)
+	movdqu		0x40($inp),$xt0
+	 movdqu		$xt1,0x10($out)
+	movdqu		0x50($inp),$xt1
+	 movdqu		$xt2,0x20($out)
+	movdqu		0x60($inp),$xt2
+	 movdqu		$xt3,0x30($out)
+	movdqu		0x70($inp),$xt3
+	lea		0x80($inp),$inp		# size optimization
+	pxor		0x10(%rsp),$xt0
+	pxor		$xb1,$xt1
+	pxor		$xc1,$xt2
+	pxor		$xd1,$xt3
+
+	 movdqu		$xt0,0x40($out)
+	movdqu		0x00($inp),$xt0
+	 movdqu		$xt1,0x50($out)
+	movdqu		0x10($inp),$xt1
+	 movdqu		$xt2,0x60($out)
+	movdqu		0x20($inp),$xt2
+	 movdqu		$xt3,0x70($out)
+	 lea		0x80($out),$out		# size optimization
+	movdqu		0x30($inp),$xt3
+	pxor		0x20(%rsp),$xt0
+	pxor		$xb2,$xt1
+	pxor		$xc2,$xt2
+	pxor		$xd2,$xt3
+	movdqu		$xt0,0x00($out)
+	movdqu		$xt1,0x10($out)
+	movdqu		$xt2,0x20($out)
+	movdqu		$xt3,0x30($out)
+	je		.Ldone4x
+
+	movdqa		0x30(%rsp),$xt0		# $xaN is offloaded, remember?
+	lea		0x40($inp),$inp		# inp+=64*3
+	xor		%r10,%r10
+	movdqa		$xt0,0x00(%rsp)
+	movdqa		$xb3,0x10(%rsp)
+	lea		0x40($out),$out		# out+=64*3
+	movdqa		$xc3,0x20(%rsp)
+	sub		\$192,$len		# len-=64*3
+	movdqa		$xd3,0x30(%rsp)
+
+.Loop_tail4x:
+	movzb		($inp,%r10),%eax
+	movzb		(%rsp,%r10),%ecx
+	lea		1(%r10),%r10
+	xor		%ecx,%eax
+	mov		%al,-1($out,%r10)
+	dec		$len
+	jnz		.Loop_tail4x
+
+.Ldone4x:
+___
+$code.=<<___	if ($win64);
+	movaps		-0xa8(%r9),%xmm6
+	movaps		-0x98(%r9),%xmm7
+	movaps		-0x88(%r9),%xmm8
+	movaps		-0x78(%r9),%xmm9
+	movaps		-0x68(%r9),%xmm10
+	movaps		-0x58(%r9),%xmm11
+	movaps		-0x48(%r9),%xmm12
+	movaps		-0x38(%r9),%xmm13
+	movaps		-0x28(%r9),%xmm14
+	movaps		-0x18(%r9),%xmm15
+___
+$code.=<<___;
+	lea		(%r9),%rsp
+.cfi_def_cfa_register	%rsp
+.L4x_epilogue:
+	ret
+.cfi_endproc
+.size	ChaCha20_4x,.-ChaCha20_4x
+___
+}
+
+########################################################################
+# XOP code path that handles all lengths.
+if ($avx) {
+# There is some "anomaly" observed depending on instructions' size or
+# alignment. If you look closely at below code you'll notice that
+# sometimes argument order varies. The order affects instruction
+# encoding by making it larger, and such fiddling gives 5% performance
+# improvement. This is on FX-4100...
+
+my ($xb0,$xb1,$xb2,$xb3, $xd0,$xd1,$xd2,$xd3,
+    $xa0,$xa1,$xa2,$xa3, $xt0,$xt1,$xt2,$xt3)=map("%xmm$_",(0..15));
+my  @xx=($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3,
+	 $xt0,$xt1,$xt2,$xt3, $xd0,$xd1,$xd2,$xd3);
+
+sub XOP_lane_ROUND {
+my ($a0,$b0,$c0,$d0)=@_;
+my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0));
+my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1));
+my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2));
+my @x=map("\"$_\"",@xx);
+
+	(
+	"&vpaddd	(@x[$a0],@x[$a0],@x[$b0])",	# Q1
+	 "&vpaddd	(@x[$a1],@x[$a1],@x[$b1])",	# Q2
+	  "&vpaddd	(@x[$a2],@x[$a2],@x[$b2])",	# Q3
+	   "&vpaddd	(@x[$a3],@x[$a3],@x[$b3])",	# Q4
+	"&vpxor		(@x[$d0],@x[$a0],@x[$d0])",
+	 "&vpxor	(@x[$d1],@x[$a1],@x[$d1])",
+	  "&vpxor	(@x[$d2],@x[$a2],@x[$d2])",
+	   "&vpxor	(@x[$d3],@x[$a3],@x[$d3])",
+	"&vprotd	(@x[$d0],@x[$d0],16)",
+	 "&vprotd	(@x[$d1],@x[$d1],16)",
+	  "&vprotd	(@x[$d2],@x[$d2],16)",
+	   "&vprotd	(@x[$d3],@x[$d3],16)",
+
+	"&vpaddd	(@x[$c0],@x[$c0],@x[$d0])",
+	 "&vpaddd	(@x[$c1],@x[$c1],@x[$d1])",
+	  "&vpaddd	(@x[$c2],@x[$c2],@x[$d2])",
+	   "&vpaddd	(@x[$c3],@x[$c3],@x[$d3])",
+	"&vpxor		(@x[$b0],@x[$c0],@x[$b0])",
+	 "&vpxor	(@x[$b1],@x[$c1],@x[$b1])",
+	  "&vpxor	(@x[$b2],@x[$b2],@x[$c2])",	# flip
+	   "&vpxor	(@x[$b3],@x[$b3],@x[$c3])",	# flip
+	"&vprotd	(@x[$b0],@x[$b0],12)",
+	 "&vprotd	(@x[$b1],@x[$b1],12)",
+	  "&vprotd	(@x[$b2],@x[$b2],12)",
+	   "&vprotd	(@x[$b3],@x[$b3],12)",
+
+	"&vpaddd	(@x[$a0],@x[$b0],@x[$a0])",	# flip
+	 "&vpaddd	(@x[$a1],@x[$b1],@x[$a1])",	# flip
+	  "&vpaddd	(@x[$a2],@x[$a2],@x[$b2])",
+	   "&vpaddd	(@x[$a3],@x[$a3],@x[$b3])",
+	"&vpxor		(@x[$d0],@x[$a0],@x[$d0])",
+	 "&vpxor	(@x[$d1],@x[$a1],@x[$d1])",
+	  "&vpxor	(@x[$d2],@x[$a2],@x[$d2])",
+	   "&vpxor	(@x[$d3],@x[$a3],@x[$d3])",
+	"&vprotd	(@x[$d0],@x[$d0],8)",
+	 "&vprotd	(@x[$d1],@x[$d1],8)",
+	  "&vprotd	(@x[$d2],@x[$d2],8)",
+	   "&vprotd	(@x[$d3],@x[$d3],8)",
+
+	"&vpaddd	(@x[$c0],@x[$c0],@x[$d0])",
+	 "&vpaddd	(@x[$c1],@x[$c1],@x[$d1])",
+	  "&vpaddd	(@x[$c2],@x[$c2],@x[$d2])",
+	   "&vpaddd	(@x[$c3],@x[$c3],@x[$d3])",
+	"&vpxor		(@x[$b0],@x[$c0],@x[$b0])",
+	 "&vpxor	(@x[$b1],@x[$c1],@x[$b1])",
+	  "&vpxor	(@x[$b2],@x[$b2],@x[$c2])",	# flip
+	   "&vpxor	(@x[$b3],@x[$b3],@x[$c3])",	# flip
+	"&vprotd	(@x[$b0],@x[$b0],7)",
+	 "&vprotd	(@x[$b1],@x[$b1],7)",
+	  "&vprotd	(@x[$b2],@x[$b2],7)",
+	   "&vprotd	(@x[$b3],@x[$b3],7)"
+	);
+}
+
+my $xframe = $win64 ? 0xa8 : 8;
+
+$code.=<<___;
+.type	ChaCha20_4xop,\@function,5
+.align	32
+ChaCha20_4xop:
+.cfi_startproc
+.LChaCha20_4xop:
+	mov		%rsp,%r9		# frame pointer
+.cfi_def_cfa_register	%r9
+	sub		\$0x140+$xframe,%rsp
+___
+	################ stack layout
+	# +0x00		SIMD equivalent of @x[8-12]
+	# ...
+	# +0x40		constant copy of key[0-2] smashed by lanes
+	# ...
+	# +0x100	SIMD counters (with nonce smashed by lanes)
+	# ...
+	# +0x140
+$code.=<<___	if ($win64);
+	movaps		%xmm6,-0xa8(%r9)
+	movaps		%xmm7,-0x98(%r9)
+	movaps		%xmm8,-0x88(%r9)
+	movaps		%xmm9,-0x78(%r9)
+	movaps		%xmm10,-0x68(%r9)
+	movaps		%xmm11,-0x58(%r9)
+	movaps		%xmm12,-0x48(%r9)
+	movaps		%xmm13,-0x38(%r9)
+	movaps		%xmm14,-0x28(%r9)
+	movaps		%xmm15,-0x18(%r9)
+.L4xop_body:
+___
+$code.=<<___;
+	vzeroupper
+
+	vmovdqa		.Lsigma(%rip),$xa3	# key[0]
+	vmovdqu		($key),$xb3		# key[1]
+	vmovdqu		16($key),$xt3		# key[2]
+	vmovdqu		($counter),$xd3		# key[3]
+	lea		0x100(%rsp),%rcx	# size optimization
+
+	vpshufd		\$0x00,$xa3,$xa0	# smash key by lanes...
+	vpshufd		\$0x55,$xa3,$xa1
+	vmovdqa		$xa0,0x40(%rsp)		# ... and offload
+	vpshufd		\$0xaa,$xa3,$xa2
+	vmovdqa		$xa1,0x50(%rsp)
+	vpshufd		\$0xff,$xa3,$xa3
+	vmovdqa		$xa2,0x60(%rsp)
+	vmovdqa		$xa3,0x70(%rsp)
+
+	vpshufd		\$0x00,$xb3,$xb0
+	vpshufd		\$0x55,$xb3,$xb1
+	vmovdqa		$xb0,0x80-0x100(%rcx)
+	vpshufd		\$0xaa,$xb3,$xb2
+	vmovdqa		$xb1,0x90-0x100(%rcx)
+	vpshufd		\$0xff,$xb3,$xb3
+	vmovdqa		$xb2,0xa0-0x100(%rcx)
+	vmovdqa		$xb3,0xb0-0x100(%rcx)
+
+	vpshufd		\$0x00,$xt3,$xt0	# "$xc0"
+	vpshufd		\$0x55,$xt3,$xt1	# "$xc1"
+	vmovdqa		$xt0,0xc0-0x100(%rcx)
+	vpshufd		\$0xaa,$xt3,$xt2	# "$xc2"
+	vmovdqa		$xt1,0xd0-0x100(%rcx)
+	vpshufd		\$0xff,$xt3,$xt3	# "$xc3"
+	vmovdqa		$xt2,0xe0-0x100(%rcx)
+	vmovdqa		$xt3,0xf0-0x100(%rcx)
+
+	vpshufd		\$0x00,$xd3,$xd0
+	vpshufd		\$0x55,$xd3,$xd1
+	vpaddd		.Linc(%rip),$xd0,$xd0	# don't save counters yet
+	vpshufd		\$0xaa,$xd3,$xd2
+	vmovdqa		$xd1,0x110-0x100(%rcx)
+	vpshufd		\$0xff,$xd3,$xd3
+	vmovdqa		$xd2,0x120-0x100(%rcx)
+	vmovdqa		$xd3,0x130-0x100(%rcx)
+
+	jmp		.Loop_enter4xop
+
+.align	32
+.Loop_outer4xop:
+	vmovdqa		0x40(%rsp),$xa0		# re-load smashed key
+	vmovdqa		0x50(%rsp),$xa1
+	vmovdqa		0x60(%rsp),$xa2
+	vmovdqa		0x70(%rsp),$xa3
+	vmovdqa		0x80-0x100(%rcx),$xb0
+	vmovdqa		0x90-0x100(%rcx),$xb1
+	vmovdqa		0xa0-0x100(%rcx),$xb2
+	vmovdqa		0xb0-0x100(%rcx),$xb3
+	vmovdqa		0xc0-0x100(%rcx),$xt0	# "$xc0"
+	vmovdqa		0xd0-0x100(%rcx),$xt1	# "$xc1"
+	vmovdqa		0xe0-0x100(%rcx),$xt2	# "$xc2"
+	vmovdqa		0xf0-0x100(%rcx),$xt3	# "$xc3"
+	vmovdqa		0x100-0x100(%rcx),$xd0
+	vmovdqa		0x110-0x100(%rcx),$xd1
+	vmovdqa		0x120-0x100(%rcx),$xd2
+	vmovdqa		0x130-0x100(%rcx),$xd3
+	vpaddd		.Lfour(%rip),$xd0,$xd0	# next SIMD counters
+
+.Loop_enter4xop:
+	mov		\$10,%eax
+	vmovdqa		$xd0,0x100-0x100(%rcx)	# save SIMD counters
+	jmp		.Loop4xop
+
+.align	32
+.Loop4xop:
+___
+	foreach (&XOP_lane_ROUND(0, 4, 8,12)) { eval; }
+	foreach (&XOP_lane_ROUND(0, 5,10,15)) { eval; }
+$code.=<<___;
+	dec		%eax
+	jnz		.Loop4xop
+
+	vpaddd		0x40(%rsp),$xa0,$xa0	# accumulate key material
+	vpaddd		0x50(%rsp),$xa1,$xa1
+	vpaddd		0x60(%rsp),$xa2,$xa2
+	vpaddd		0x70(%rsp),$xa3,$xa3
+
+	vmovdqa		$xt2,0x20(%rsp)		# offload $xc2,3
+	vmovdqa		$xt3,0x30(%rsp)
+
+	vpunpckldq	$xa1,$xa0,$xt2		# "de-interlace" data
+	vpunpckldq	$xa3,$xa2,$xt3
+	vpunpckhdq	$xa1,$xa0,$xa0
+	vpunpckhdq	$xa3,$xa2,$xa2
+	vpunpcklqdq	$xt3,$xt2,$xa1		# "a0"
+	vpunpckhqdq	$xt3,$xt2,$xt2		# "a1"
+	vpunpcklqdq	$xa2,$xa0,$xa3		# "a2"
+	vpunpckhqdq	$xa2,$xa0,$xa0		# "a3"
+___
+        ($xa0,$xa1,$xa2,$xa3,$xt2)=($xa1,$xt2,$xa3,$xa0,$xa2);
+$code.=<<___;
+	vpaddd		0x80-0x100(%rcx),$xb0,$xb0
+	vpaddd		0x90-0x100(%rcx),$xb1,$xb1
+	vpaddd		0xa0-0x100(%rcx),$xb2,$xb2
+	vpaddd		0xb0-0x100(%rcx),$xb3,$xb3
+
+	vmovdqa		$xa0,0x00(%rsp)		# offload $xa0,1
+	vmovdqa		$xa1,0x10(%rsp)
+	vmovdqa		0x20(%rsp),$xa0		# "xc2"
+	vmovdqa		0x30(%rsp),$xa1		# "xc3"
+
+	vpunpckldq	$xb1,$xb0,$xt2
+	vpunpckldq	$xb3,$xb2,$xt3
+	vpunpckhdq	$xb1,$xb0,$xb0
+	vpunpckhdq	$xb3,$xb2,$xb2
+	vpunpcklqdq	$xt3,$xt2,$xb1		# "b0"
+	vpunpckhqdq	$xt3,$xt2,$xt2		# "b1"
+	vpunpcklqdq	$xb2,$xb0,$xb3		# "b2"
+	vpunpckhqdq	$xb2,$xb0,$xb0		# "b3"
+___
+	($xb0,$xb1,$xb2,$xb3,$xt2)=($xb1,$xt2,$xb3,$xb0,$xb2);
+	my ($xc0,$xc1,$xc2,$xc3)=($xt0,$xt1,$xa0,$xa1);
+$code.=<<___;
+	vpaddd		0xc0-0x100(%rcx),$xc0,$xc0
+	vpaddd		0xd0-0x100(%rcx),$xc1,$xc1
+	vpaddd		0xe0-0x100(%rcx),$xc2,$xc2
+	vpaddd		0xf0-0x100(%rcx),$xc3,$xc3
+
+	vpunpckldq	$xc1,$xc0,$xt2
+	vpunpckldq	$xc3,$xc2,$xt3
+	vpunpckhdq	$xc1,$xc0,$xc0
+	vpunpckhdq	$xc3,$xc2,$xc2
+	vpunpcklqdq	$xt3,$xt2,$xc1		# "c0"
+	vpunpckhqdq	$xt3,$xt2,$xt2		# "c1"
+	vpunpcklqdq	$xc2,$xc0,$xc3		# "c2"
+	vpunpckhqdq	$xc2,$xc0,$xc0		# "c3"
+___
+	($xc0,$xc1,$xc2,$xc3,$xt2)=($xc1,$xt2,$xc3,$xc0,$xc2);
+$code.=<<___;
+	vpaddd		0x100-0x100(%rcx),$xd0,$xd0
+	vpaddd		0x110-0x100(%rcx),$xd1,$xd1
+	vpaddd		0x120-0x100(%rcx),$xd2,$xd2
+	vpaddd		0x130-0x100(%rcx),$xd3,$xd3
+
+	vpunpckldq	$xd1,$xd0,$xt2
+	vpunpckldq	$xd3,$xd2,$xt3
+	vpunpckhdq	$xd1,$xd0,$xd0
+	vpunpckhdq	$xd3,$xd2,$xd2
+	vpunpcklqdq	$xt3,$xt2,$xd1		# "d0"
+	vpunpckhqdq	$xt3,$xt2,$xt2		# "d1"
+	vpunpcklqdq	$xd2,$xd0,$xd3		# "d2"
+	vpunpckhqdq	$xd2,$xd0,$xd0		# "d3"
+___
+	($xd0,$xd1,$xd2,$xd3,$xt2)=($xd1,$xt2,$xd3,$xd0,$xd2);
+	($xa0,$xa1)=($xt2,$xt3);
+$code.=<<___;
+	vmovdqa		0x00(%rsp),$xa0		# restore $xa0,1
+	vmovdqa		0x10(%rsp),$xa1
+
+	cmp		\$64*4,$len
+	jb		.Ltail4xop
+
+	vpxor		0x00($inp),$xa0,$xa0	# xor with input
+	vpxor		0x10($inp),$xb0,$xb0
+	vpxor		0x20($inp),$xc0,$xc0
+	vpxor		0x30($inp),$xd0,$xd0
+	vpxor		0x40($inp),$xa1,$xa1
+	vpxor		0x50($inp),$xb1,$xb1
+	vpxor		0x60($inp),$xc1,$xc1
+	vpxor		0x70($inp),$xd1,$xd1
+	lea		0x80($inp),$inp		# size optimization
+	vpxor		0x00($inp),$xa2,$xa2
+	vpxor		0x10($inp),$xb2,$xb2
+	vpxor		0x20($inp),$xc2,$xc2
+	vpxor		0x30($inp),$xd2,$xd2
+	vpxor		0x40($inp),$xa3,$xa3
+	vpxor		0x50($inp),$xb3,$xb3
+	vpxor		0x60($inp),$xc3,$xc3
+	vpxor		0x70($inp),$xd3,$xd3
+	lea		0x80($inp),$inp		# inp+=64*4
+
+	vmovdqu		$xa0,0x00($out)
+	vmovdqu		$xb0,0x10($out)
+	vmovdqu		$xc0,0x20($out)
+	vmovdqu		$xd0,0x30($out)
+	vmovdqu		$xa1,0x40($out)
+	vmovdqu		$xb1,0x50($out)
+	vmovdqu		$xc1,0x60($out)
+	vmovdqu		$xd1,0x70($out)
+	lea		0x80($out),$out		# size optimization
+	vmovdqu		$xa2,0x00($out)
+	vmovdqu		$xb2,0x10($out)
+	vmovdqu		$xc2,0x20($out)
+	vmovdqu		$xd2,0x30($out)
+	vmovdqu		$xa3,0x40($out)
+	vmovdqu		$xb3,0x50($out)
+	vmovdqu		$xc3,0x60($out)
+	vmovdqu		$xd3,0x70($out)
+	lea		0x80($out),$out		# out+=64*4
+
+	sub		\$64*4,$len
+	jnz		.Loop_outer4xop
+
+	jmp		.Ldone4xop
+
+.align	32
+.Ltail4xop:
+	cmp		\$192,$len
+	jae		.L192_or_more4xop
+	cmp		\$128,$len
+	jae		.L128_or_more4xop
+	cmp		\$64,$len
+	jae		.L64_or_more4xop
+
+	xor		%r10,%r10
+	vmovdqa		$xa0,0x00(%rsp)
+	vmovdqa		$xb0,0x10(%rsp)
+	vmovdqa		$xc0,0x20(%rsp)
+	vmovdqa		$xd0,0x30(%rsp)
+	jmp		.Loop_tail4xop
+
+.align	32
+.L64_or_more4xop:
+	vpxor		0x00($inp),$xa0,$xa0	# xor with input
+	vpxor		0x10($inp),$xb0,$xb0
+	vpxor		0x20($inp),$xc0,$xc0
+	vpxor		0x30($inp),$xd0,$xd0
+	vmovdqu		$xa0,0x00($out)
+	vmovdqu		$xb0,0x10($out)
+	vmovdqu		$xc0,0x20($out)
+	vmovdqu		$xd0,0x30($out)
+	je		.Ldone4xop
+
+	lea		0x40($inp),$inp		# inp+=64*1
+	vmovdqa		$xa1,0x00(%rsp)
+	xor		%r10,%r10
+	vmovdqa		$xb1,0x10(%rsp)
+	lea		0x40($out),$out		# out+=64*1
+	vmovdqa		$xc1,0x20(%rsp)
+	sub		\$64,$len		# len-=64*1
+	vmovdqa		$xd1,0x30(%rsp)
+	jmp		.Loop_tail4xop
+
+.align	32
+.L128_or_more4xop:
+	vpxor		0x00($inp),$xa0,$xa0	# xor with input
+	vpxor		0x10($inp),$xb0,$xb0
+	vpxor		0x20($inp),$xc0,$xc0
+	vpxor		0x30($inp),$xd0,$xd0
+	vpxor		0x40($inp),$xa1,$xa1
+	vpxor		0x50($inp),$xb1,$xb1
+	vpxor		0x60($inp),$xc1,$xc1
+	vpxor		0x70($inp),$xd1,$xd1
+
+	vmovdqu		$xa0,0x00($out)
+	vmovdqu		$xb0,0x10($out)
+	vmovdqu		$xc0,0x20($out)
+	vmovdqu		$xd0,0x30($out)
+	vmovdqu		$xa1,0x40($out)
+	vmovdqu		$xb1,0x50($out)
+	vmovdqu		$xc1,0x60($out)
+	vmovdqu		$xd1,0x70($out)
+	je		.Ldone4xop
+
+	lea		0x80($inp),$inp		# inp+=64*2
+	vmovdqa		$xa2,0x00(%rsp)
+	xor		%r10,%r10
+	vmovdqa		$xb2,0x10(%rsp)
+	lea		0x80($out),$out		# out+=64*2
+	vmovdqa		$xc2,0x20(%rsp)
+	sub		\$128,$len		# len-=64*2
+	vmovdqa		$xd2,0x30(%rsp)
+	jmp		.Loop_tail4xop
+
+.align	32
+.L192_or_more4xop:
+	vpxor		0x00($inp),$xa0,$xa0	# xor with input
+	vpxor		0x10($inp),$xb0,$xb0
+	vpxor		0x20($inp),$xc0,$xc0
+	vpxor		0x30($inp),$xd0,$xd0
+	vpxor		0x40($inp),$xa1,$xa1
+	vpxor		0x50($inp),$xb1,$xb1
+	vpxor		0x60($inp),$xc1,$xc1
+	vpxor		0x70($inp),$xd1,$xd1
+	lea		0x80($inp),$inp		# size optimization
+	vpxor		0x00($inp),$xa2,$xa2
+	vpxor		0x10($inp),$xb2,$xb2
+	vpxor		0x20($inp),$xc2,$xc2
+	vpxor		0x30($inp),$xd2,$xd2
+
+	vmovdqu		$xa0,0x00($out)
+	vmovdqu		$xb0,0x10($out)
+	vmovdqu		$xc0,0x20($out)
+	vmovdqu		$xd0,0x30($out)
+	vmovdqu		$xa1,0x40($out)
+	vmovdqu		$xb1,0x50($out)
+	vmovdqu		$xc1,0x60($out)
+	vmovdqu		$xd1,0x70($out)
+	lea		0x80($out),$out		# size optimization
+	vmovdqu		$xa2,0x00($out)
+	vmovdqu		$xb2,0x10($out)
+	vmovdqu		$xc2,0x20($out)
+	vmovdqu		$xd2,0x30($out)
+	je		.Ldone4xop
+
+	lea		0x40($inp),$inp		# inp+=64*3
+	vmovdqa		$xa3,0x00(%rsp)
+	xor		%r10,%r10
+	vmovdqa		$xb3,0x10(%rsp)
+	lea		0x40($out),$out		# out+=64*3
+	vmovdqa		$xc3,0x20(%rsp)
+	sub		\$192,$len		# len-=64*3
+	vmovdqa		$xd3,0x30(%rsp)
+
+.Loop_tail4xop:
+	movzb		($inp,%r10),%eax
+	movzb		(%rsp,%r10),%ecx
+	lea		1(%r10),%r10
+	xor		%ecx,%eax
+	mov		%al,-1($out,%r10)
+	dec		$len
+	jnz		.Loop_tail4xop
+
+.Ldone4xop:
+	vzeroupper
+___
+$code.=<<___	if ($win64);
+	movaps		-0xa8(%r9),%xmm6
+	movaps		-0x98(%r9),%xmm7
+	movaps		-0x88(%r9),%xmm8
+	movaps		-0x78(%r9),%xmm9
+	movaps		-0x68(%r9),%xmm10
+	movaps		-0x58(%r9),%xmm11
+	movaps		-0x48(%r9),%xmm12
+	movaps		-0x38(%r9),%xmm13
+	movaps		-0x28(%r9),%xmm14
+	movaps		-0x18(%r9),%xmm15
+___
+$code.=<<___;
+	lea		(%r9),%rsp
+.cfi_def_cfa_register	%rsp
+.L4xop_epilogue:
+	ret
+.cfi_endproc
+.size	ChaCha20_4xop,.-ChaCha20_4xop
+___
+}
+
+########################################################################
+# AVX2 code path
+if ($avx>1) {
+my ($xb0,$xb1,$xb2,$xb3, $xd0,$xd1,$xd2,$xd3,
+    $xa0,$xa1,$xa2,$xa3, $xt0,$xt1,$xt2,$xt3)=map("%ymm$_",(0..15));
+my @xx=($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3,
+	"%nox","%nox","%nox","%nox", $xd0,$xd1,$xd2,$xd3);
+
+sub AVX2_lane_ROUND {
+my ($a0,$b0,$c0,$d0)=@_;
+my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0));
+my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1));
+my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2));
+my ($xc,$xc_,$t0,$t1)=map("\"$_\"",$xt0,$xt1,$xt2,$xt3);
+my @x=map("\"$_\"",@xx);
+
+	# Consider order in which variables are addressed by their
+	# index:
+	#
+	#	a   b   c   d
+	#
+	#	0   4   8  12 < even round
+	#	1   5   9  13
+	#	2   6  10  14
+	#	3   7  11  15
+	#	0   5  10  15 < odd round
+	#	1   6  11  12
+	#	2   7   8  13
+	#	3   4   9  14
+	#
+	# 'a', 'b' and 'd's are permanently allocated in registers,
+	# @x[0..7,12..15], while 'c's are maintained in memory. If
+	# you observe 'c' column, you'll notice that pair of 'c's is
+	# invariant between rounds. This means that we have to reload
+	# them once per round, in the middle. This is why you'll see
+	# bunch of 'c' stores and loads in the middle, but none in
+	# the beginning or end.
+
+	(
+	"&vpaddd	(@x[$a0],@x[$a0],@x[$b0])",	# Q1
+	"&vpxor		(@x[$d0],@x[$a0],@x[$d0])",
+	"&vpshufb	(@x[$d0],@x[$d0],$t1)",
+	 "&vpaddd	(@x[$a1],@x[$a1],@x[$b1])",	# Q2
+	 "&vpxor	(@x[$d1],@x[$a1],@x[$d1])",
+	 "&vpshufb	(@x[$d1],@x[$d1],$t1)",
+
+	"&vpaddd	($xc,$xc,@x[$d0])",
+	"&vpxor		(@x[$b0],$xc,@x[$b0])",
+	"&vpslld	($t0,@x[$b0],12)",
+	"&vpsrld	(@x[$b0],@x[$b0],20)",
+	"&vpor		(@x[$b0],$t0,@x[$b0])",
+	"&vbroadcasti128($t0,'(%r11)')",		# .Lrot24(%rip)
+	 "&vpaddd	($xc_,$xc_,@x[$d1])",
+	 "&vpxor	(@x[$b1],$xc_,@x[$b1])",
+	 "&vpslld	($t1,@x[$b1],12)",
+	 "&vpsrld	(@x[$b1],@x[$b1],20)",
+	 "&vpor		(@x[$b1],$t1,@x[$b1])",
+
+	"&vpaddd	(@x[$a0],@x[$a0],@x[$b0])",
+	"&vpxor		(@x[$d0],@x[$a0],@x[$d0])",
+	"&vpshufb	(@x[$d0],@x[$d0],$t0)",
+	 "&vpaddd	(@x[$a1],@x[$a1],@x[$b1])",
+	 "&vpxor	(@x[$d1],@x[$a1],@x[$d1])",
+	 "&vpshufb	(@x[$d1],@x[$d1],$t0)",
+
+	"&vpaddd	($xc,$xc,@x[$d0])",
+	"&vpxor		(@x[$b0],$xc,@x[$b0])",
+	"&vpslld	($t1,@x[$b0],7)",
+	"&vpsrld	(@x[$b0],@x[$b0],25)",
+	"&vpor		(@x[$b0],$t1,@x[$b0])",
+	"&vbroadcasti128($t1,'(%r10)')",		# .Lrot16(%rip)
+	 "&vpaddd	($xc_,$xc_,@x[$d1])",
+	 "&vpxor	(@x[$b1],$xc_,@x[$b1])",
+	 "&vpslld	($t0,@x[$b1],7)",
+	 "&vpsrld	(@x[$b1],@x[$b1],25)",
+	 "&vpor		(@x[$b1],$t0,@x[$b1])",
+
+	"&vmovdqa	(\"`32*($c0-8)`(%rsp)\",$xc)",	# reload pair of 'c's
+	 "&vmovdqa	(\"`32*($c1-8)`(%rsp)\",$xc_)",
+	"&vmovdqa	($xc,\"`32*($c2-8)`(%rsp)\")",
+	 "&vmovdqa	($xc_,\"`32*($c3-8)`(%rsp)\")",
+
+	"&vpaddd	(@x[$a2],@x[$a2],@x[$b2])",	# Q3
+	"&vpxor		(@x[$d2],@x[$a2],@x[$d2])",
+	"&vpshufb	(@x[$d2],@x[$d2],$t1)",
+	 "&vpaddd	(@x[$a3],@x[$a3],@x[$b3])",	# Q4
+	 "&vpxor	(@x[$d3],@x[$a3],@x[$d3])",
+	 "&vpshufb	(@x[$d3],@x[$d3],$t1)",
+
+	"&vpaddd	($xc,$xc,@x[$d2])",
+	"&vpxor		(@x[$b2],$xc,@x[$b2])",
+	"&vpslld	($t0,@x[$b2],12)",
+	"&vpsrld	(@x[$b2],@x[$b2],20)",
+	"&vpor		(@x[$b2],$t0,@x[$b2])",
+	"&vbroadcasti128($t0,'(%r11)')",		# .Lrot24(%rip)
+	 "&vpaddd	($xc_,$xc_,@x[$d3])",
+	 "&vpxor	(@x[$b3],$xc_,@x[$b3])",
+	 "&vpslld	($t1,@x[$b3],12)",
+	 "&vpsrld	(@x[$b3],@x[$b3],20)",
+	 "&vpor		(@x[$b3],$t1,@x[$b3])",
+
+	"&vpaddd	(@x[$a2],@x[$a2],@x[$b2])",
+	"&vpxor		(@x[$d2],@x[$a2],@x[$d2])",
+	"&vpshufb	(@x[$d2],@x[$d2],$t0)",
+	 "&vpaddd	(@x[$a3],@x[$a3],@x[$b3])",
+	 "&vpxor	(@x[$d3],@x[$a3],@x[$d3])",
+	 "&vpshufb	(@x[$d3],@x[$d3],$t0)",
+
+	"&vpaddd	($xc,$xc,@x[$d2])",
+	"&vpxor		(@x[$b2],$xc,@x[$b2])",
+	"&vpslld	($t1,@x[$b2],7)",
+	"&vpsrld	(@x[$b2],@x[$b2],25)",
+	"&vpor		(@x[$b2],$t1,@x[$b2])",
+	"&vbroadcasti128($t1,'(%r10)')",		# .Lrot16(%rip)
+	 "&vpaddd	($xc_,$xc_,@x[$d3])",
+	 "&vpxor	(@x[$b3],$xc_,@x[$b3])",
+	 "&vpslld	($t0,@x[$b3],7)",
+	 "&vpsrld	(@x[$b3],@x[$b3],25)",
+	 "&vpor		(@x[$b3],$t0,@x[$b3])"
+	);
+}
+
+my $xframe = $win64 ? 0xa8 : 8;
+
+$code.=<<___;
+.type	ChaCha20_8x,\@function,5
+.align	32
+ChaCha20_8x:
+.cfi_startproc
+.LChaCha20_8x:
+	mov		%rsp,%r9		# frame register
+.cfi_def_cfa_register	%r9
+	sub		\$0x280+$xframe,%rsp
+	and		\$-32,%rsp
+___
+$code.=<<___	if ($win64);
+	movaps		%xmm6,-0xa8(%r9)
+	movaps		%xmm7,-0x98(%r9)
+	movaps		%xmm8,-0x88(%r9)
+	movaps		%xmm9,-0x78(%r9)
+	movaps		%xmm10,-0x68(%r9)
+	movaps		%xmm11,-0x58(%r9)
+	movaps		%xmm12,-0x48(%r9)
+	movaps		%xmm13,-0x38(%r9)
+	movaps		%xmm14,-0x28(%r9)
+	movaps		%xmm15,-0x18(%r9)
+.L8x_body:
+___
+$code.=<<___;
+	vzeroupper
+
+	################ stack layout
+	# +0x00		SIMD equivalent of @x[8-12]
+	# ...
+	# +0x80		constant copy of key[0-2] smashed by lanes
+	# ...
+	# +0x200	SIMD counters (with nonce smashed by lanes)
+	# ...
+	# +0x280
+
+	vbroadcasti128	.Lsigma(%rip),$xa3	# key[0]
+	vbroadcasti128	($key),$xb3		# key[1]
+	vbroadcasti128	16($key),$xt3		# key[2]
+	vbroadcasti128	($counter),$xd3		# key[3]
+	lea		0x100(%rsp),%rcx	# size optimization
+	lea		0x200(%rsp),%rax	# size optimization
+	lea		.Lrot16(%rip),%r10
+	lea		.Lrot24(%rip),%r11
+
+	vpshufd		\$0x00,$xa3,$xa0	# smash key by lanes...
+	vpshufd		\$0x55,$xa3,$xa1
+	vmovdqa		$xa0,0x80-0x100(%rcx)	# ... and offload
+	vpshufd		\$0xaa,$xa3,$xa2
+	vmovdqa		$xa1,0xa0-0x100(%rcx)
+	vpshufd		\$0xff,$xa3,$xa3
+	vmovdqa		$xa2,0xc0-0x100(%rcx)
+	vmovdqa		$xa3,0xe0-0x100(%rcx)
+
+	vpshufd		\$0x00,$xb3,$xb0
+	vpshufd		\$0x55,$xb3,$xb1
+	vmovdqa		$xb0,0x100-0x100(%rcx)
+	vpshufd		\$0xaa,$xb3,$xb2
+	vmovdqa		$xb1,0x120-0x100(%rcx)
+	vpshufd		\$0xff,$xb3,$xb3
+	vmovdqa		$xb2,0x140-0x100(%rcx)
+	vmovdqa		$xb3,0x160-0x100(%rcx)
+
+	vpshufd		\$0x00,$xt3,$xt0	# "xc0"
+	vpshufd		\$0x55,$xt3,$xt1	# "xc1"
+	vmovdqa		$xt0,0x180-0x200(%rax)
+	vpshufd		\$0xaa,$xt3,$xt2	# "xc2"
+	vmovdqa		$xt1,0x1a0-0x200(%rax)
+	vpshufd		\$0xff,$xt3,$xt3	# "xc3"
+	vmovdqa		$xt2,0x1c0-0x200(%rax)
+	vmovdqa		$xt3,0x1e0-0x200(%rax)
+
+	vpshufd		\$0x00,$xd3,$xd0
+	vpshufd		\$0x55,$xd3,$xd1
+	vpaddd		.Lincy(%rip),$xd0,$xd0	# don't save counters yet
+	vpshufd		\$0xaa,$xd3,$xd2
+	vmovdqa		$xd1,0x220-0x200(%rax)
+	vpshufd		\$0xff,$xd3,$xd3
+	vmovdqa		$xd2,0x240-0x200(%rax)
+	vmovdqa		$xd3,0x260-0x200(%rax)
+
+	jmp		.Loop_enter8x
+
+.align	32
+.Loop_outer8x:
+	vmovdqa		0x80-0x100(%rcx),$xa0	# re-load smashed key
+	vmovdqa		0xa0-0x100(%rcx),$xa1
+	vmovdqa		0xc0-0x100(%rcx),$xa2
+	vmovdqa		0xe0-0x100(%rcx),$xa3
+	vmovdqa		0x100-0x100(%rcx),$xb0
+	vmovdqa		0x120-0x100(%rcx),$xb1
+	vmovdqa		0x140-0x100(%rcx),$xb2
+	vmovdqa		0x160-0x100(%rcx),$xb3
+	vmovdqa		0x180-0x200(%rax),$xt0	# "xc0"
+	vmovdqa		0x1a0-0x200(%rax),$xt1	# "xc1"
+	vmovdqa		0x1c0-0x200(%rax),$xt2	# "xc2"
+	vmovdqa		0x1e0-0x200(%rax),$xt3	# "xc3"
+	vmovdqa		0x200-0x200(%rax),$xd0
+	vmovdqa		0x220-0x200(%rax),$xd1
+	vmovdqa		0x240-0x200(%rax),$xd2
+	vmovdqa		0x260-0x200(%rax),$xd3
+	vpaddd		.Leight(%rip),$xd0,$xd0	# next SIMD counters
+
+.Loop_enter8x:
+	vmovdqa		$xt2,0x40(%rsp)		# SIMD equivalent of "@x[10]"
+	vmovdqa		$xt3,0x60(%rsp)		# SIMD equivalent of "@x[11]"
+	vbroadcasti128	(%r10),$xt3
+	vmovdqa		$xd0,0x200-0x200(%rax)	# save SIMD counters
+	mov		\$10,%eax
+	jmp		.Loop8x
+
+.align	32
+.Loop8x:
+___
+	foreach (&AVX2_lane_ROUND(0, 4, 8,12)) { eval; }
+	foreach (&AVX2_lane_ROUND(0, 5,10,15)) { eval; }
+$code.=<<___;
+	dec		%eax
+	jnz		.Loop8x
+
+	lea		0x200(%rsp),%rax	# size optimization
+	vpaddd		0x80-0x100(%rcx),$xa0,$xa0	# accumulate key
+	vpaddd		0xa0-0x100(%rcx),$xa1,$xa1
+	vpaddd		0xc0-0x100(%rcx),$xa2,$xa2
+	vpaddd		0xe0-0x100(%rcx),$xa3,$xa3
+
+	vpunpckldq	$xa1,$xa0,$xt2		# "de-interlace" data
+	vpunpckldq	$xa3,$xa2,$xt3
+	vpunpckhdq	$xa1,$xa0,$xa0
+	vpunpckhdq	$xa3,$xa2,$xa2
+	vpunpcklqdq	$xt3,$xt2,$xa1		# "a0"
+	vpunpckhqdq	$xt3,$xt2,$xt2		# "a1"
+	vpunpcklqdq	$xa2,$xa0,$xa3		# "a2"
+	vpunpckhqdq	$xa2,$xa0,$xa0		# "a3"
+___
+	($xa0,$xa1,$xa2,$xa3,$xt2)=($xa1,$xt2,$xa3,$xa0,$xa2);
+$code.=<<___;
+	vpaddd		0x100-0x100(%rcx),$xb0,$xb0
+	vpaddd		0x120-0x100(%rcx),$xb1,$xb1
+	vpaddd		0x140-0x100(%rcx),$xb2,$xb2
+	vpaddd		0x160-0x100(%rcx),$xb3,$xb3
+
+	vpunpckldq	$xb1,$xb0,$xt2
+	vpunpckldq	$xb3,$xb2,$xt3
+	vpunpckhdq	$xb1,$xb0,$xb0
+	vpunpckhdq	$xb3,$xb2,$xb2
+	vpunpcklqdq	$xt3,$xt2,$xb1		# "b0"
+	vpunpckhqdq	$xt3,$xt2,$xt2		# "b1"
+	vpunpcklqdq	$xb2,$xb0,$xb3		# "b2"
+	vpunpckhqdq	$xb2,$xb0,$xb0		# "b3"
+___
+	($xb0,$xb1,$xb2,$xb3,$xt2)=($xb1,$xt2,$xb3,$xb0,$xb2);
+$code.=<<___;
+	vperm2i128	\$0x20,$xb0,$xa0,$xt3	# "de-interlace" further
+	vperm2i128	\$0x31,$xb0,$xa0,$xb0
+	vperm2i128	\$0x20,$xb1,$xa1,$xa0
+	vperm2i128	\$0x31,$xb1,$xa1,$xb1
+	vperm2i128	\$0x20,$xb2,$xa2,$xa1
+	vperm2i128	\$0x31,$xb2,$xa2,$xb2
+	vperm2i128	\$0x20,$xb3,$xa3,$xa2
+	vperm2i128	\$0x31,$xb3,$xa3,$xb3
+___
+	($xa0,$xa1,$xa2,$xa3,$xt3)=($xt3,$xa0,$xa1,$xa2,$xa3);
+	my ($xc0,$xc1,$xc2,$xc3)=($xt0,$xt1,$xa0,$xa1);
+$code.=<<___;
+	vmovdqa		$xa0,0x00(%rsp)		# offload $xaN
+	vmovdqa		$xa1,0x20(%rsp)
+	vmovdqa		0x40(%rsp),$xc2		# $xa0
+	vmovdqa		0x60(%rsp),$xc3		# $xa1
+
+	vpaddd		0x180-0x200(%rax),$xc0,$xc0
+	vpaddd		0x1a0-0x200(%rax),$xc1,$xc1
+	vpaddd		0x1c0-0x200(%rax),$xc2,$xc2
+	vpaddd		0x1e0-0x200(%rax),$xc3,$xc3
+
+	vpunpckldq	$xc1,$xc0,$xt2
+	vpunpckldq	$xc3,$xc2,$xt3
+	vpunpckhdq	$xc1,$xc0,$xc0
+	vpunpckhdq	$xc3,$xc2,$xc2
+	vpunpcklqdq	$xt3,$xt2,$xc1		# "c0"
+	vpunpckhqdq	$xt3,$xt2,$xt2		# "c1"
+	vpunpcklqdq	$xc2,$xc0,$xc3		# "c2"
+	vpunpckhqdq	$xc2,$xc0,$xc0		# "c3"
+___
+	($xc0,$xc1,$xc2,$xc3,$xt2)=($xc1,$xt2,$xc3,$xc0,$xc2);
+$code.=<<___;
+	vpaddd		0x200-0x200(%rax),$xd0,$xd0
+	vpaddd		0x220-0x200(%rax),$xd1,$xd1
+	vpaddd		0x240-0x200(%rax),$xd2,$xd2
+	vpaddd		0x260-0x200(%rax),$xd3,$xd3
+
+	vpunpckldq	$xd1,$xd0,$xt2
+	vpunpckldq	$xd3,$xd2,$xt3
+	vpunpckhdq	$xd1,$xd0,$xd0
+	vpunpckhdq	$xd3,$xd2,$xd2
+	vpunpcklqdq	$xt3,$xt2,$xd1		# "d0"
+	vpunpckhqdq	$xt3,$xt2,$xt2		# "d1"
+	vpunpcklqdq	$xd2,$xd0,$xd3		# "d2"
+	vpunpckhqdq	$xd2,$xd0,$xd0		# "d3"
+___
+	($xd0,$xd1,$xd2,$xd3,$xt2)=($xd1,$xt2,$xd3,$xd0,$xd2);
+$code.=<<___;
+	vperm2i128	\$0x20,$xd0,$xc0,$xt3	# "de-interlace" further
+	vperm2i128	\$0x31,$xd0,$xc0,$xd0
+	vperm2i128	\$0x20,$xd1,$xc1,$xc0
+	vperm2i128	\$0x31,$xd1,$xc1,$xd1
+	vperm2i128	\$0x20,$xd2,$xc2,$xc1
+	vperm2i128	\$0x31,$xd2,$xc2,$xd2
+	vperm2i128	\$0x20,$xd3,$xc3,$xc2
+	vperm2i128	\$0x31,$xd3,$xc3,$xd3
+___
+	($xc0,$xc1,$xc2,$xc3,$xt3)=($xt3,$xc0,$xc1,$xc2,$xc3);
+	($xb0,$xb1,$xb2,$xb3,$xc0,$xc1,$xc2,$xc3)=
+	($xc0,$xc1,$xc2,$xc3,$xb0,$xb1,$xb2,$xb3);
+	($xa0,$xa1)=($xt2,$xt3);
+$code.=<<___;
+	vmovdqa		0x00(%rsp),$xa0		# $xaN was offloaded, remember?
+	vmovdqa		0x20(%rsp),$xa1
+
+	cmp		\$64*8,$len
+	jb		.Ltail8x
+
+	vpxor		0x00($inp),$xa0,$xa0	# xor with input
+	vpxor		0x20($inp),$xb0,$xb0
+	vpxor		0x40($inp),$xc0,$xc0
+	vpxor		0x60($inp),$xd0,$xd0
+	lea		0x80($inp),$inp		# size optimization
+	vmovdqu		$xa0,0x00($out)
+	vmovdqu		$xb0,0x20($out)
+	vmovdqu		$xc0,0x40($out)
+	vmovdqu		$xd0,0x60($out)
+	lea		0x80($out),$out		# size optimization
+
+	vpxor		0x00($inp),$xa1,$xa1
+	vpxor		0x20($inp),$xb1,$xb1
+	vpxor		0x40($inp),$xc1,$xc1
+	vpxor		0x60($inp),$xd1,$xd1
+	lea		0x80($inp),$inp		# size optimization
+	vmovdqu		$xa1,0x00($out)
+	vmovdqu		$xb1,0x20($out)
+	vmovdqu		$xc1,0x40($out)
+	vmovdqu		$xd1,0x60($out)
+	lea		0x80($out),$out		# size optimization
+
+	vpxor		0x00($inp),$xa2,$xa2
+	vpxor		0x20($inp),$xb2,$xb2
+	vpxor		0x40($inp),$xc2,$xc2
+	vpxor		0x60($inp),$xd2,$xd2
+	lea		0x80($inp),$inp		# size optimization
+	vmovdqu		$xa2,0x00($out)
+	vmovdqu		$xb2,0x20($out)
+	vmovdqu		$xc2,0x40($out)
+	vmovdqu		$xd2,0x60($out)
+	lea		0x80($out),$out		# size optimization
+
+	vpxor		0x00($inp),$xa3,$xa3
+	vpxor		0x20($inp),$xb3,$xb3
+	vpxor		0x40($inp),$xc3,$xc3
+	vpxor		0x60($inp),$xd3,$xd3
+	lea		0x80($inp),$inp		# size optimization
+	vmovdqu		$xa3,0x00($out)
+	vmovdqu		$xb3,0x20($out)
+	vmovdqu		$xc3,0x40($out)
+	vmovdqu		$xd3,0x60($out)
+	lea		0x80($out),$out		# size optimization
+
+	sub		\$64*8,$len
+	jnz		.Loop_outer8x
+
+	jmp		.Ldone8x
+
+.Ltail8x:
+	cmp		\$448,$len
+	jae		.L448_or_more8x
+	cmp		\$384,$len
+	jae		.L384_or_more8x
+	cmp		\$320,$len
+	jae		.L320_or_more8x
+	cmp		\$256,$len
+	jae		.L256_or_more8x
+	cmp		\$192,$len
+	jae		.L192_or_more8x
+	cmp		\$128,$len
+	jae		.L128_or_more8x
+	cmp		\$64,$len
+	jae		.L64_or_more8x
+
+	xor		%r10,%r10
+	vmovdqa		$xa0,0x00(%rsp)
+	vmovdqa		$xb0,0x20(%rsp)
+	jmp		.Loop_tail8x
+
+.align	32
+.L64_or_more8x:
+	vpxor		0x00($inp),$xa0,$xa0	# xor with input
+	vpxor		0x20($inp),$xb0,$xb0
+	vmovdqu		$xa0,0x00($out)
+	vmovdqu		$xb0,0x20($out)
+	je		.Ldone8x
+
+	lea		0x40($inp),$inp		# inp+=64*1
+	xor		%r10,%r10
+	vmovdqa		$xc0,0x00(%rsp)
+	lea		0x40($out),$out		# out+=64*1
+	sub		\$64,$len		# len-=64*1
+	vmovdqa		$xd0,0x20(%rsp)
+	jmp		.Loop_tail8x
+
+.align	32
+.L128_or_more8x:
+	vpxor		0x00($inp),$xa0,$xa0	# xor with input
+	vpxor		0x20($inp),$xb0,$xb0
+	vpxor		0x40($inp),$xc0,$xc0
+	vpxor		0x60($inp),$xd0,$xd0
+	vmovdqu		$xa0,0x00($out)
+	vmovdqu		$xb0,0x20($out)
+	vmovdqu		$xc0,0x40($out)
+	vmovdqu		$xd0,0x60($out)
+	je		.Ldone8x
+
+	lea		0x80($inp),$inp		# inp+=64*2
+	xor		%r10,%r10
+	vmovdqa		$xa1,0x00(%rsp)
+	lea		0x80($out),$out		# out+=64*2
+	sub		\$128,$len		# len-=64*2
+	vmovdqa		$xb1,0x20(%rsp)
+	jmp		.Loop_tail8x
+
+.align	32
+.L192_or_more8x:
+	vpxor		0x00($inp),$xa0,$xa0	# xor with input
+	vpxor		0x20($inp),$xb0,$xb0
+	vpxor		0x40($inp),$xc0,$xc0
+	vpxor		0x60($inp),$xd0,$xd0
+	vpxor		0x80($inp),$xa1,$xa1
+	vpxor		0xa0($inp),$xb1,$xb1
+	vmovdqu		$xa0,0x00($out)
+	vmovdqu		$xb0,0x20($out)
+	vmovdqu		$xc0,0x40($out)
+	vmovdqu		$xd0,0x60($out)
+	vmovdqu		$xa1,0x80($out)
+	vmovdqu		$xb1,0xa0($out)
+	je		.Ldone8x
+
+	lea		0xc0($inp),$inp		# inp+=64*3
+	xor		%r10,%r10
+	vmovdqa		$xc1,0x00(%rsp)
+	lea		0xc0($out),$out		# out+=64*3
+	sub		\$192,$len		# len-=64*3
+	vmovdqa		$xd1,0x20(%rsp)
+	jmp		.Loop_tail8x
+
+.align	32
+.L256_or_more8x:
+	vpxor		0x00($inp),$xa0,$xa0	# xor with input
+	vpxor		0x20($inp),$xb0,$xb0
+	vpxor		0x40($inp),$xc0,$xc0
+	vpxor		0x60($inp),$xd0,$xd0
+	vpxor		0x80($inp),$xa1,$xa1
+	vpxor		0xa0($inp),$xb1,$xb1
+	vpxor		0xc0($inp),$xc1,$xc1
+	vpxor		0xe0($inp),$xd1,$xd1
+	vmovdqu		$xa0,0x00($out)
+	vmovdqu		$xb0,0x20($out)
+	vmovdqu		$xc0,0x40($out)
+	vmovdqu		$xd0,0x60($out)
+	vmovdqu		$xa1,0x80($out)
+	vmovdqu		$xb1,0xa0($out)
+	vmovdqu		$xc1,0xc0($out)
+	vmovdqu		$xd1,0xe0($out)
+	je		.Ldone8x
+
+	lea		0x100($inp),$inp	# inp+=64*4
+	xor		%r10,%r10
+	vmovdqa		$xa2,0x00(%rsp)
+	lea		0x100($out),$out	# out+=64*4
+	sub		\$256,$len		# len-=64*4
+	vmovdqa		$xb2,0x20(%rsp)
+	jmp		.Loop_tail8x
+
+.align	32
+.L320_or_more8x:
+	vpxor		0x00($inp),$xa0,$xa0	# xor with input
+	vpxor		0x20($inp),$xb0,$xb0
+	vpxor		0x40($inp),$xc0,$xc0
+	vpxor		0x60($inp),$xd0,$xd0
+	vpxor		0x80($inp),$xa1,$xa1
+	vpxor		0xa0($inp),$xb1,$xb1
+	vpxor		0xc0($inp),$xc1,$xc1
+	vpxor		0xe0($inp),$xd1,$xd1
+	vpxor		0x100($inp),$xa2,$xa2
+	vpxor		0x120($inp),$xb2,$xb2
+	vmovdqu		$xa0,0x00($out)
+	vmovdqu		$xb0,0x20($out)
+	vmovdqu		$xc0,0x40($out)
+	vmovdqu		$xd0,0x60($out)
+	vmovdqu		$xa1,0x80($out)
+	vmovdqu		$xb1,0xa0($out)
+	vmovdqu		$xc1,0xc0($out)
+	vmovdqu		$xd1,0xe0($out)
+	vmovdqu		$xa2,0x100($out)
+	vmovdqu		$xb2,0x120($out)
+	je		.Ldone8x
+
+	lea		0x140($inp),$inp	# inp+=64*5
+	xor		%r10,%r10
+	vmovdqa		$xc2,0x00(%rsp)
+	lea		0x140($out),$out	# out+=64*5
+	sub		\$320,$len		# len-=64*5
+	vmovdqa		$xd2,0x20(%rsp)
+	jmp		.Loop_tail8x
+
+.align	32
+.L384_or_more8x:
+	vpxor		0x00($inp),$xa0,$xa0	# xor with input
+	vpxor		0x20($inp),$xb0,$xb0
+	vpxor		0x40($inp),$xc0,$xc0
+	vpxor		0x60($inp),$xd0,$xd0
+	vpxor		0x80($inp),$xa1,$xa1
+	vpxor		0xa0($inp),$xb1,$xb1
+	vpxor		0xc0($inp),$xc1,$xc1
+	vpxor		0xe0($inp),$xd1,$xd1
+	vpxor		0x100($inp),$xa2,$xa2
+	vpxor		0x120($inp),$xb2,$xb2
+	vpxor		0x140($inp),$xc2,$xc2
+	vpxor		0x160($inp),$xd2,$xd2
+	vmovdqu		$xa0,0x00($out)
+	vmovdqu		$xb0,0x20($out)
+	vmovdqu		$xc0,0x40($out)
+	vmovdqu		$xd0,0x60($out)
+	vmovdqu		$xa1,0x80($out)
+	vmovdqu		$xb1,0xa0($out)
+	vmovdqu		$xc1,0xc0($out)
+	vmovdqu		$xd1,0xe0($out)
+	vmovdqu		$xa2,0x100($out)
+	vmovdqu		$xb2,0x120($out)
+	vmovdqu		$xc2,0x140($out)
+	vmovdqu		$xd2,0x160($out)
+	je		.Ldone8x
+
+	lea		0x180($inp),$inp	# inp+=64*6
+	xor		%r10,%r10
+	vmovdqa		$xa3,0x00(%rsp)
+	lea		0x180($out),$out	# out+=64*6
+	sub		\$384,$len		# len-=64*6
+	vmovdqa		$xb3,0x20(%rsp)
+	jmp		.Loop_tail8x
+
+.align	32
+.L448_or_more8x:
+	vpxor		0x00($inp),$xa0,$xa0	# xor with input
+	vpxor		0x20($inp),$xb0,$xb0
+	vpxor		0x40($inp),$xc0,$xc0
+	vpxor		0x60($inp),$xd0,$xd0
+	vpxor		0x80($inp),$xa1,$xa1
+	vpxor		0xa0($inp),$xb1,$xb1
+	vpxor		0xc0($inp),$xc1,$xc1
+	vpxor		0xe0($inp),$xd1,$xd1
+	vpxor		0x100($inp),$xa2,$xa2
+	vpxor		0x120($inp),$xb2,$xb2
+	vpxor		0x140($inp),$xc2,$xc2
+	vpxor		0x160($inp),$xd2,$xd2
+	vpxor		0x180($inp),$xa3,$xa3
+	vpxor		0x1a0($inp),$xb3,$xb3
+	vmovdqu		$xa0,0x00($out)
+	vmovdqu		$xb0,0x20($out)
+	vmovdqu		$xc0,0x40($out)
+	vmovdqu		$xd0,0x60($out)
+	vmovdqu		$xa1,0x80($out)
+	vmovdqu		$xb1,0xa0($out)
+	vmovdqu		$xc1,0xc0($out)
+	vmovdqu		$xd1,0xe0($out)
+	vmovdqu		$xa2,0x100($out)
+	vmovdqu		$xb2,0x120($out)
+	vmovdqu		$xc2,0x140($out)
+	vmovdqu		$xd2,0x160($out)
+	vmovdqu		$xa3,0x180($out)
+	vmovdqu		$xb3,0x1a0($out)
+	je		.Ldone8x
+
+	lea		0x1c0($inp),$inp	# inp+=64*7
+	xor		%r10,%r10
+	vmovdqa		$xc3,0x00(%rsp)
+	lea		0x1c0($out),$out	# out+=64*7
+	sub		\$448,$len		# len-=64*7
+	vmovdqa		$xd3,0x20(%rsp)
+
+.Loop_tail8x:
+	movzb		($inp,%r10),%eax
+	movzb		(%rsp,%r10),%ecx
+	lea		1(%r10),%r10
+	xor		%ecx,%eax
+	mov		%al,-1($out,%r10)
+	dec		$len
+	jnz		.Loop_tail8x
+
+.Ldone8x:
+	vzeroall
+___
+$code.=<<___	if ($win64);
+	movaps		-0xa8(%r9),%xmm6
+	movaps		-0x98(%r9),%xmm7
+	movaps		-0x88(%r9),%xmm8
+	movaps		-0x78(%r9),%xmm9
+	movaps		-0x68(%r9),%xmm10
+	movaps		-0x58(%r9),%xmm11
+	movaps		-0x48(%r9),%xmm12
+	movaps		-0x38(%r9),%xmm13
+	movaps		-0x28(%r9),%xmm14
+	movaps		-0x18(%r9),%xmm15
+___
+$code.=<<___;
+	lea		(%r9),%rsp
+.cfi_def_cfa_register	%rsp
+.L8x_epilogue:
+	ret
+.cfi_endproc
+.size	ChaCha20_8x,.-ChaCha20_8x
+___
+}
+
+########################################################################
+# AVX512 code paths
+if ($avx>2) {
+# This one handles shorter inputs...
+
+my ($a,$b,$c,$d, $a_,$b_,$c_,$d_,$fourz) = map("%zmm$_",(0..3,16..20));
+my ($t0,$t1,$t2,$t3) = map("%xmm$_",(4..7));
+
+sub vpxord()		# size optimization
+{ my $opcode = "vpxor";	# adhere to vpxor when possible
+
+    foreach (@_) {
+	if (/%([zy])mm([0-9]+)/ && ($1 eq "z" || $2>=16)) {
+	    $opcode = "vpxord";
+	    last;
+	}
+    }
+
+    $code .= "\t$opcode\t".join(',',reverse @_)."\n";
+}
+
+sub AVX512ROUND {	# critical path is 14 "SIMD ticks" per round
+	&vpaddd	($a,$a,$b);
+	&vpxord	($d,$d,$a);
+	&vprold	($d,$d,16);
+
+	&vpaddd	($c,$c,$d);
+	&vpxord	($b,$b,$c);
+	&vprold	($b,$b,12);
+
+	&vpaddd	($a,$a,$b);
+	&vpxord	($d,$d,$a);
+	&vprold	($d,$d,8);
+
+	&vpaddd	($c,$c,$d);
+	&vpxord	($b,$b,$c);
+	&vprold	($b,$b,7);
+}
+
+my $xframe = $win64 ? 32+8 : 8;
+
+$code.=<<___;
+.type	ChaCha20_avx512,\@function,5
+.align	32
+ChaCha20_avx512:
+.cfi_startproc
+.LChaCha20_avx512:
+	mov	%rsp,%r9		# frame pointer
+.cfi_def_cfa_register	%r9
+	cmp	\$512,$len
+	ja	.LChaCha20_16x
+
+	sub	\$64+$xframe,%rsp
+___
+$code.=<<___	if ($win64);
+	movaps	%xmm6,-0x28(%r9)
+	movaps	%xmm7,-0x18(%r9)
+.Lavx512_body:
+___
+$code.=<<___;
+	vbroadcasti32x4	.Lsigma(%rip),$a
+	vbroadcasti32x4	($key),$b
+	vbroadcasti32x4	16($key),$c
+	vbroadcasti32x4	($counter),$d
+
+	vmovdqa32	$a,$a_
+	vmovdqa32	$b,$b_
+	vmovdqa32	$c,$c_
+	vpaddd		.Lzeroz(%rip),$d,$d
+	vmovdqa32	.Lfourz(%rip),$fourz
+	mov		\$10,$counter	# reuse $counter
+	vmovdqa32	$d,$d_
+	jmp		.Loop_avx512
+
+.align	16
+.Loop_outer_avx512:
+	vmovdqa32	$a_,$a
+	vmovdqa32	$b_,$b
+	vmovdqa32	$c_,$c
+	vpaddd		$fourz,$d_,$d
+	mov		\$10,$counter
+	vmovdqa32	$d,$d_
+	jmp		.Loop_avx512
+
+.align	32
+.Loop_avx512:
+___
+	&AVX512ROUND();
+	&vpshufd	($c,$c,0b01001110);
+	&vpshufd	($b,$b,0b00111001);
+	&vpshufd	($d,$d,0b10010011);
+
+	&AVX512ROUND();
+	&vpshufd	($c,$c,0b01001110);
+	&vpshufd	($b,$b,0b10010011);
+	&vpshufd	($d,$d,0b00111001);
+
+	&dec		($counter);
+	&jnz		(".Loop_avx512");
+
+$code.=<<___;
+	vpaddd		$a_,$a,$a
+	vpaddd		$b_,$b,$b
+	vpaddd		$c_,$c,$c
+	vpaddd		$d_,$d,$d
+
+	sub		\$64,$len
+	jb		.Ltail64_avx512
+
+	vpxor		0x00($inp),%x#$a,$t0	# xor with input
+	vpxor		0x10($inp),%x#$b,$t1
+	vpxor		0x20($inp),%x#$c,$t2
+	vpxor		0x30($inp),%x#$d,$t3
+	lea		0x40($inp),$inp		# inp+=64
+
+	vmovdqu		$t0,0x00($out)		# write output
+	vmovdqu		$t1,0x10($out)
+	vmovdqu		$t2,0x20($out)
+	vmovdqu		$t3,0x30($out)
+	lea		0x40($out),$out		# out+=64
+
+	jz		.Ldone_avx512
+
+	vextracti32x4	\$1,$a,$t0
+	vextracti32x4	\$1,$b,$t1
+	vextracti32x4	\$1,$c,$t2
+	vextracti32x4	\$1,$d,$t3
+
+	sub		\$64,$len
+	jb		.Ltail_avx512
+
+	vpxor		0x00($inp),$t0,$t0	# xor with input
+	vpxor		0x10($inp),$t1,$t1
+	vpxor		0x20($inp),$t2,$t2
+	vpxor		0x30($inp),$t3,$t3
+	lea		0x40($inp),$inp		# inp+=64
+
+	vmovdqu		$t0,0x00($out)		# write output
+	vmovdqu		$t1,0x10($out)
+	vmovdqu		$t2,0x20($out)
+	vmovdqu		$t3,0x30($out)
+	lea		0x40($out),$out		# out+=64
+
+	jz		.Ldone_avx512
+
+	vextracti32x4	\$2,$a,$t0
+	vextracti32x4	\$2,$b,$t1
+	vextracti32x4	\$2,$c,$t2
+	vextracti32x4	\$2,$d,$t3
+
+	sub		\$64,$len
+	jb		.Ltail_avx512
+
+	vpxor		0x00($inp),$t0,$t0	# xor with input
+	vpxor		0x10($inp),$t1,$t1
+	vpxor		0x20($inp),$t2,$t2
+	vpxor		0x30($inp),$t3,$t3
+	lea		0x40($inp),$inp		# inp+=64
+
+	vmovdqu		$t0,0x00($out)		# write output
+	vmovdqu		$t1,0x10($out)
+	vmovdqu		$t2,0x20($out)
+	vmovdqu		$t3,0x30($out)
+	lea		0x40($out),$out		# out+=64
+
+	jz		.Ldone_avx512
+
+	vextracti32x4	\$3,$a,$t0
+	vextracti32x4	\$3,$b,$t1
+	vextracti32x4	\$3,$c,$t2
+	vextracti32x4	\$3,$d,$t3
+
+	sub		\$64,$len
+	jb		.Ltail_avx512
+
+	vpxor		0x00($inp),$t0,$t0	# xor with input
+	vpxor		0x10($inp),$t1,$t1
+	vpxor		0x20($inp),$t2,$t2
+	vpxor		0x30($inp),$t3,$t3
+	lea		0x40($inp),$inp		# inp+=64
+
+	vmovdqu		$t0,0x00($out)		# write output
+	vmovdqu		$t1,0x10($out)
+	vmovdqu		$t2,0x20($out)
+	vmovdqu		$t3,0x30($out)
+	lea		0x40($out),$out		# out+=64
+
+	jnz		.Loop_outer_avx512
+
+	jmp		.Ldone_avx512
+
+.align	16
+.Ltail64_avx512:
+	vmovdqa		%x#$a,0x00(%rsp)
+	vmovdqa		%x#$b,0x10(%rsp)
+	vmovdqa		%x#$c,0x20(%rsp)
+	vmovdqa		%x#$d,0x30(%rsp)
+	add		\$64,$len
+	jmp		.Loop_tail_avx512
+
+.align	16
+.Ltail_avx512:
+	vmovdqa		$t0,0x00(%rsp)
+	vmovdqa		$t1,0x10(%rsp)
+	vmovdqa		$t2,0x20(%rsp)
+	vmovdqa		$t3,0x30(%rsp)
+	add		\$64,$len
+
+.Loop_tail_avx512:
+	movzb		($inp,$counter),%eax
+	movzb		(%rsp,$counter),%ecx
+	lea		1($counter),$counter
+	xor		%ecx,%eax
+	mov		%al,-1($out,$counter)
+	dec		$len
+	jnz		.Loop_tail_avx512
+
+	vmovdqu32	$a_,0x00(%rsp)
+
+.Ldone_avx512:
+	vzeroall
+___
+$code.=<<___	if ($win64);
+	movaps	-0x28(%r9),%xmm6
+	movaps	-0x18(%r9),%xmm7
+___
+$code.=<<___;
+	lea	(%r9),%rsp
+.cfi_def_cfa_register	%rsp
+.Lavx512_epilogue:
+	ret
+.cfi_endproc
+.size	ChaCha20_avx512,.-ChaCha20_avx512
+___
+
+map(s/%z/%y/, $a,$b,$c,$d, $a_,$b_,$c_,$d_,$fourz);
+
+$code.=<<___;
+.type	ChaCha20_avx512vl,\@function,5
+.align	32
+ChaCha20_avx512vl:
+.cfi_startproc
+.LChaCha20_avx512vl:
+	mov	%rsp,%r9		# frame pointer
+.cfi_def_cfa_register	%r9
+	cmp	\$128,$len
+	ja	.LChaCha20_8xvl
+
+	sub	\$64+$xframe,%rsp
+___
+$code.=<<___	if ($win64);
+	movaps	%xmm6,-0x28(%r9)
+	movaps	%xmm7,-0x18(%r9)
+.Lavx512vl_body:
+___
+$code.=<<___;
+	vbroadcasti128	.Lsigma(%rip),$a
+	vbroadcasti128	($key),$b
+	vbroadcasti128	16($key),$c
+	vbroadcasti128	($counter),$d
+
+	vmovdqa32	$a,$a_
+	vmovdqa32	$b,$b_
+	vmovdqa32	$c,$c_
+	vpaddd		.Lzeroz(%rip),$d,$d
+	vmovdqa32	.Ltwoy(%rip),$fourz
+	mov		\$10,$counter	# reuse $counter
+	vmovdqa32	$d,$d_
+	jmp		.Loop_avx512vl
+
+.align	16
+.Loop_outer_avx512vl:
+	vmovdqa32	$c_,$c
+	vpaddd		$fourz,$d_,$d
+	mov		\$10,$counter
+	vmovdqa32	$d,$d_
+	jmp		.Loop_avx512vl
+
+.align	32
+.Loop_avx512vl:
+___
+	&AVX512ROUND();
+	&vpshufd	($c,$c,0b01001110);
+	&vpshufd	($b,$b,0b00111001);
+	&vpshufd	($d,$d,0b10010011);
+
+	&AVX512ROUND();
+	&vpshufd	($c,$c,0b01001110);
+	&vpshufd	($b,$b,0b10010011);
+	&vpshufd	($d,$d,0b00111001);
+
+	&dec		($counter);
+	&jnz		(".Loop_avx512vl");
+
+$code.=<<___;
+	vpaddd		$a_,$a,$a
+	vpaddd		$b_,$b,$b
+	vpaddd		$c_,$c,$c
+	vpaddd		$d_,$d,$d
+
+	sub		\$64,$len
+	jb		.Ltail64_avx512vl
+
+	vpxor		0x00($inp),%x#$a,$t0	# xor with input
+	vpxor		0x10($inp),%x#$b,$t1
+	vpxor		0x20($inp),%x#$c,$t2
+	vpxor		0x30($inp),%x#$d,$t3
+	lea		0x40($inp),$inp		# inp+=64
+
+	vmovdqu		$t0,0x00($out)		# write output
+	vmovdqu		$t1,0x10($out)
+	vmovdqu		$t2,0x20($out)
+	vmovdqu		$t3,0x30($out)
+	lea		0x40($out),$out		# out+=64
+
+	jz		.Ldone_avx512vl
+
+	vextracti128	\$1,$a,$t0
+	vextracti128	\$1,$b,$t1
+	vextracti128	\$1,$c,$t2
+	vextracti128	\$1,$d,$t3
+
+	sub		\$64,$len
+	jb		.Ltail_avx512vl
+
+	vpxor		0x00($inp),$t0,$t0	# xor with input
+	vpxor		0x10($inp),$t1,$t1
+	vpxor		0x20($inp),$t2,$t2
+	vpxor		0x30($inp),$t3,$t3
+	lea		0x40($inp),$inp		# inp+=64
+
+	vmovdqu		$t0,0x00($out)		# write output
+	vmovdqu		$t1,0x10($out)
+	vmovdqu		$t2,0x20($out)
+	vmovdqu		$t3,0x30($out)
+	lea		0x40($out),$out		# out+=64
+
+	vmovdqa32	$a_,$a
+	vmovdqa32	$b_,$b
+	jnz		.Loop_outer_avx512vl
+
+	jmp		.Ldone_avx512vl
+
+.align	16
+.Ltail64_avx512vl:
+	vmovdqa		%x#$a,0x00(%rsp)
+	vmovdqa		%x#$b,0x10(%rsp)
+	vmovdqa		%x#$c,0x20(%rsp)
+	vmovdqa		%x#$d,0x30(%rsp)
+	add		\$64,$len
+	jmp		.Loop_tail_avx512vl
+
+.align	16
+.Ltail_avx512vl:
+	vmovdqa		$t0,0x00(%rsp)
+	vmovdqa		$t1,0x10(%rsp)
+	vmovdqa		$t2,0x20(%rsp)
+	vmovdqa		$t3,0x30(%rsp)
+	add		\$64,$len
+
+.Loop_tail_avx512vl:
+	movzb		($inp,$counter),%eax
+	movzb		(%rsp,$counter),%ecx
+	lea		1($counter),$counter
+	xor		%ecx,%eax
+	mov		%al,-1($out,$counter)
+	dec		$len
+	jnz		.Loop_tail_avx512vl
+
+	vmovdqu32	$a_,0x00(%rsp)
+	vmovdqu32	$a_,0x20(%rsp)
+
+.Ldone_avx512vl:
+	vzeroall
+___
+$code.=<<___	if ($win64);
+	movaps	-0x28(%r9),%xmm6
+	movaps	-0x18(%r9),%xmm7
+___
+$code.=<<___;
+	lea	(%r9),%rsp
+.cfi_def_cfa_register	%rsp
+.Lavx512vl_epilogue:
+	ret
+.cfi_endproc
+.size	ChaCha20_avx512vl,.-ChaCha20_avx512vl
+___
+}
+if ($avx>2) {
+# This one handles longer inputs...
+
+my ($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3,
+    $xc0,$xc1,$xc2,$xc3, $xd0,$xd1,$xd2,$xd3)=map("%zmm$_",(0..15));
+my  @xx=($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3,
+	 $xc0,$xc1,$xc2,$xc3, $xd0,$xd1,$xd2,$xd3);
+my @key=map("%zmm$_",(16..31));
+my ($xt0,$xt1,$xt2,$xt3)=@key[0..3];
+
+sub AVX512_lane_ROUND {
+my ($a0,$b0,$c0,$d0)=@_;
+my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0));
+my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1));
+my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2));
+my @x=map("\"$_\"",@xx);
+
+	(
+	"&vpaddd	(@x[$a0],@x[$a0],@x[$b0])",	# Q1
+	 "&vpaddd	(@x[$a1],@x[$a1],@x[$b1])",	# Q2
+	  "&vpaddd	(@x[$a2],@x[$a2],@x[$b2])",	# Q3
+	   "&vpaddd	(@x[$a3],@x[$a3],@x[$b3])",	# Q4
+	"&vpxord	(@x[$d0],@x[$d0],@x[$a0])",
+	 "&vpxord	(@x[$d1],@x[$d1],@x[$a1])",
+	  "&vpxord	(@x[$d2],@x[$d2],@x[$a2])",
+	   "&vpxord	(@x[$d3],@x[$d3],@x[$a3])",
+	"&vprold	(@x[$d0],@x[$d0],16)",
+	 "&vprold	(@x[$d1],@x[$d1],16)",
+	  "&vprold	(@x[$d2],@x[$d2],16)",
+	   "&vprold	(@x[$d3],@x[$d3],16)",
+
+	"&vpaddd	(@x[$c0],@x[$c0],@x[$d0])",
+	 "&vpaddd	(@x[$c1],@x[$c1],@x[$d1])",
+	  "&vpaddd	(@x[$c2],@x[$c2],@x[$d2])",
+	   "&vpaddd	(@x[$c3],@x[$c3],@x[$d3])",
+	"&vpxord	(@x[$b0],@x[$b0],@x[$c0])",
+	 "&vpxord	(@x[$b1],@x[$b1],@x[$c1])",
+	  "&vpxord	(@x[$b2],@x[$b2],@x[$c2])",
+	   "&vpxord	(@x[$b3],@x[$b3],@x[$c3])",
+	"&vprold	(@x[$b0],@x[$b0],12)",
+	 "&vprold	(@x[$b1],@x[$b1],12)",
+	  "&vprold	(@x[$b2],@x[$b2],12)",
+	   "&vprold	(@x[$b3],@x[$b3],12)",
+
+	"&vpaddd	(@x[$a0],@x[$a0],@x[$b0])",
+	 "&vpaddd	(@x[$a1],@x[$a1],@x[$b1])",
+	  "&vpaddd	(@x[$a2],@x[$a2],@x[$b2])",
+	   "&vpaddd	(@x[$a3],@x[$a3],@x[$b3])",
+	"&vpxord	(@x[$d0],@x[$d0],@x[$a0])",
+	 "&vpxord	(@x[$d1],@x[$d1],@x[$a1])",
+	  "&vpxord	(@x[$d2],@x[$d2],@x[$a2])",
+	   "&vpxord	(@x[$d3],@x[$d3],@x[$a3])",
+	"&vprold	(@x[$d0],@x[$d0],8)",
+	 "&vprold	(@x[$d1],@x[$d1],8)",
+	  "&vprold	(@x[$d2],@x[$d2],8)",
+	   "&vprold	(@x[$d3],@x[$d3],8)",
+
+	"&vpaddd	(@x[$c0],@x[$c0],@x[$d0])",
+	 "&vpaddd	(@x[$c1],@x[$c1],@x[$d1])",
+	  "&vpaddd	(@x[$c2],@x[$c2],@x[$d2])",
+	   "&vpaddd	(@x[$c3],@x[$c3],@x[$d3])",
+	"&vpxord	(@x[$b0],@x[$b0],@x[$c0])",
+	 "&vpxord	(@x[$b1],@x[$b1],@x[$c1])",
+	  "&vpxord	(@x[$b2],@x[$b2],@x[$c2])",
+	   "&vpxord	(@x[$b3],@x[$b3],@x[$c3])",
+	"&vprold	(@x[$b0],@x[$b0],7)",
+	 "&vprold	(@x[$b1],@x[$b1],7)",
+	  "&vprold	(@x[$b2],@x[$b2],7)",
+	   "&vprold	(@x[$b3],@x[$b3],7)"
+	);
+}
+
+my $xframe = $win64 ? 0xa8 : 8;
+
+$code.=<<___;
+.type	ChaCha20_16x,\@function,5
+.align	32
+ChaCha20_16x:
+.cfi_startproc
+.LChaCha20_16x:
+	mov		%rsp,%r9		# frame register
+.cfi_def_cfa_register	%r9
+	sub		\$64+$xframe,%rsp
+	and		\$-64,%rsp
+___
+$code.=<<___	if ($win64);
+	movaps		%xmm6,-0xa8(%r9)
+	movaps		%xmm7,-0x98(%r9)
+	movaps		%xmm8,-0x88(%r9)
+	movaps		%xmm9,-0x78(%r9)
+	movaps		%xmm10,-0x68(%r9)
+	movaps		%xmm11,-0x58(%r9)
+	movaps		%xmm12,-0x48(%r9)
+	movaps		%xmm13,-0x38(%r9)
+	movaps		%xmm14,-0x28(%r9)
+	movaps		%xmm15,-0x18(%r9)
+.L16x_body:
+___
+$code.=<<___;
+	vzeroupper
+
+	lea		.Lsigma(%rip),%r10
+	vbroadcasti32x4	(%r10),$xa3		# key[0]
+	vbroadcasti32x4	($key),$xb3		# key[1]
+	vbroadcasti32x4	16($key),$xc3		# key[2]
+	vbroadcasti32x4	($counter),$xd3		# key[3]
+
+	vpshufd		\$0x00,$xa3,$xa0	# smash key by lanes...
+	vpshufd		\$0x55,$xa3,$xa1
+	vpshufd		\$0xaa,$xa3,$xa2
+	vpshufd		\$0xff,$xa3,$xa3
+	vmovdqa64	$xa0,@key[0]
+	vmovdqa64	$xa1,@key[1]
+	vmovdqa64	$xa2,@key[2]
+	vmovdqa64	$xa3,@key[3]
+
+	vpshufd		\$0x00,$xb3,$xb0
+	vpshufd		\$0x55,$xb3,$xb1
+	vpshufd		\$0xaa,$xb3,$xb2
+	vpshufd		\$0xff,$xb3,$xb3
+	vmovdqa64	$xb0,@key[4]
+	vmovdqa64	$xb1,@key[5]
+	vmovdqa64	$xb2,@key[6]
+	vmovdqa64	$xb3,@key[7]
+
+	vpshufd		\$0x00,$xc3,$xc0
+	vpshufd		\$0x55,$xc3,$xc1
+	vpshufd		\$0xaa,$xc3,$xc2
+	vpshufd		\$0xff,$xc3,$xc3
+	vmovdqa64	$xc0,@key[8]
+	vmovdqa64	$xc1,@key[9]
+	vmovdqa64	$xc2,@key[10]
+	vmovdqa64	$xc3,@key[11]
+
+	vpshufd		\$0x00,$xd3,$xd0
+	vpshufd		\$0x55,$xd3,$xd1
+	vpshufd		\$0xaa,$xd3,$xd2
+	vpshufd		\$0xff,$xd3,$xd3
+	vpaddd		.Lincz(%rip),$xd0,$xd0	# don't save counters yet
+	vmovdqa64	$xd0,@key[12]
+	vmovdqa64	$xd1,@key[13]
+	vmovdqa64	$xd2,@key[14]
+	vmovdqa64	$xd3,@key[15]
+
+	mov		\$10,%eax
+	jmp		.Loop16x
+
+.align	32
+.Loop_outer16x:
+	vpbroadcastd	0(%r10),$xa0		# reload key
+	vpbroadcastd	4(%r10),$xa1
+	vpbroadcastd	8(%r10),$xa2
+	vpbroadcastd	12(%r10),$xa3
+	vpaddd		.Lsixteen(%rip),@key[12],@key[12]	# next SIMD counters
+	vmovdqa64	@key[4],$xb0
+	vmovdqa64	@key[5],$xb1
+	vmovdqa64	@key[6],$xb2
+	vmovdqa64	@key[7],$xb3
+	vmovdqa64	@key[8],$xc0
+	vmovdqa64	@key[9],$xc1
+	vmovdqa64	@key[10],$xc2
+	vmovdqa64	@key[11],$xc3
+	vmovdqa64	@key[12],$xd0
+	vmovdqa64	@key[13],$xd1
+	vmovdqa64	@key[14],$xd2
+	vmovdqa64	@key[15],$xd3
+
+	vmovdqa64	$xa0,@key[0]
+	vmovdqa64	$xa1,@key[1]
+	vmovdqa64	$xa2,@key[2]
+	vmovdqa64	$xa3,@key[3]
+
+	mov		\$10,%eax
+	jmp		.Loop16x
+
+.align	32
+.Loop16x:
+___
+	foreach (&AVX512_lane_ROUND(0, 4, 8,12)) { eval; }
+	foreach (&AVX512_lane_ROUND(0, 5,10,15)) { eval; }
+$code.=<<___;
+	dec		%eax
+	jnz		.Loop16x
+
+	vpaddd		@key[0],$xa0,$xa0	# accumulate key
+	vpaddd		@key[1],$xa1,$xa1
+	vpaddd		@key[2],$xa2,$xa2
+	vpaddd		@key[3],$xa3,$xa3
+
+	vpunpckldq	$xa1,$xa0,$xt2		# "de-interlace" data
+	vpunpckldq	$xa3,$xa2,$xt3
+	vpunpckhdq	$xa1,$xa0,$xa0
+	vpunpckhdq	$xa3,$xa2,$xa2
+	vpunpcklqdq	$xt3,$xt2,$xa1		# "a0"
+	vpunpckhqdq	$xt3,$xt2,$xt2		# "a1"
+	vpunpcklqdq	$xa2,$xa0,$xa3		# "a2"
+	vpunpckhqdq	$xa2,$xa0,$xa0		# "a3"
+___
+	($xa0,$xa1,$xa2,$xa3,$xt2)=($xa1,$xt2,$xa3,$xa0,$xa2);
+$code.=<<___;
+	vpaddd		@key[4],$xb0,$xb0
+	vpaddd		@key[5],$xb1,$xb1
+	vpaddd		@key[6],$xb2,$xb2
+	vpaddd		@key[7],$xb3,$xb3
+
+	vpunpckldq	$xb1,$xb0,$xt2
+	vpunpckldq	$xb3,$xb2,$xt3
+	vpunpckhdq	$xb1,$xb0,$xb0
+	vpunpckhdq	$xb3,$xb2,$xb2
+	vpunpcklqdq	$xt3,$xt2,$xb1		# "b0"
+	vpunpckhqdq	$xt3,$xt2,$xt2		# "b1"
+	vpunpcklqdq	$xb2,$xb0,$xb3		# "b2"
+	vpunpckhqdq	$xb2,$xb0,$xb0		# "b3"
+___
+	($xb0,$xb1,$xb2,$xb3,$xt2)=($xb1,$xt2,$xb3,$xb0,$xb2);
+$code.=<<___;
+	vshufi32x4	\$0x44,$xb0,$xa0,$xt3	# "de-interlace" further
+	vshufi32x4	\$0xee,$xb0,$xa0,$xb0
+	vshufi32x4	\$0x44,$xb1,$xa1,$xa0
+	vshufi32x4	\$0xee,$xb1,$xa1,$xb1
+	vshufi32x4	\$0x44,$xb2,$xa2,$xa1
+	vshufi32x4	\$0xee,$xb2,$xa2,$xb2
+	vshufi32x4	\$0x44,$xb3,$xa3,$xa2
+	vshufi32x4	\$0xee,$xb3,$xa3,$xb3
+___
+	($xa0,$xa1,$xa2,$xa3,$xt3)=($xt3,$xa0,$xa1,$xa2,$xa3);
+$code.=<<___;
+	vpaddd		@key[8],$xc0,$xc0
+	vpaddd		@key[9],$xc1,$xc1
+	vpaddd		@key[10],$xc2,$xc2
+	vpaddd		@key[11],$xc3,$xc3
+
+	vpunpckldq	$xc1,$xc0,$xt2
+	vpunpckldq	$xc3,$xc2,$xt3
+	vpunpckhdq	$xc1,$xc0,$xc0
+	vpunpckhdq	$xc3,$xc2,$xc2
+	vpunpcklqdq	$xt3,$xt2,$xc1		# "c0"
+	vpunpckhqdq	$xt3,$xt2,$xt2		# "c1"
+	vpunpcklqdq	$xc2,$xc0,$xc3		# "c2"
+	vpunpckhqdq	$xc2,$xc0,$xc0		# "c3"
+___
+	($xc0,$xc1,$xc2,$xc3,$xt2)=($xc1,$xt2,$xc3,$xc0,$xc2);
+$code.=<<___;
+	vpaddd		@key[12],$xd0,$xd0
+	vpaddd		@key[13],$xd1,$xd1
+	vpaddd		@key[14],$xd2,$xd2
+	vpaddd		@key[15],$xd3,$xd3
+
+	vpunpckldq	$xd1,$xd0,$xt2
+	vpunpckldq	$xd3,$xd2,$xt3
+	vpunpckhdq	$xd1,$xd0,$xd0
+	vpunpckhdq	$xd3,$xd2,$xd2
+	vpunpcklqdq	$xt3,$xt2,$xd1		# "d0"
+	vpunpckhqdq	$xt3,$xt2,$xt2		# "d1"
+	vpunpcklqdq	$xd2,$xd0,$xd3		# "d2"
+	vpunpckhqdq	$xd2,$xd0,$xd0		# "d3"
+___
+	($xd0,$xd1,$xd2,$xd3,$xt2)=($xd1,$xt2,$xd3,$xd0,$xd2);
+$code.=<<___;
+	vshufi32x4	\$0x44,$xd0,$xc0,$xt3	# "de-interlace" further
+	vshufi32x4	\$0xee,$xd0,$xc0,$xd0
+	vshufi32x4	\$0x44,$xd1,$xc1,$xc0
+	vshufi32x4	\$0xee,$xd1,$xc1,$xd1
+	vshufi32x4	\$0x44,$xd2,$xc2,$xc1
+	vshufi32x4	\$0xee,$xd2,$xc2,$xd2
+	vshufi32x4	\$0x44,$xd3,$xc3,$xc2
+	vshufi32x4	\$0xee,$xd3,$xc3,$xd3
+___
+	($xc0,$xc1,$xc2,$xc3,$xt3)=($xt3,$xc0,$xc1,$xc2,$xc3);
+$code.=<<___;
+	vshufi32x4	\$0x88,$xc0,$xa0,$xt0	# "de-interlace" further
+	vshufi32x4	\$0xdd,$xc0,$xa0,$xa0
+	 vshufi32x4	\$0x88,$xd0,$xb0,$xc0
+	 vshufi32x4	\$0xdd,$xd0,$xb0,$xd0
+	vshufi32x4	\$0x88,$xc1,$xa1,$xt1
+	vshufi32x4	\$0xdd,$xc1,$xa1,$xa1
+	 vshufi32x4	\$0x88,$xd1,$xb1,$xc1
+	 vshufi32x4	\$0xdd,$xd1,$xb1,$xd1
+	vshufi32x4	\$0x88,$xc2,$xa2,$xt2
+	vshufi32x4	\$0xdd,$xc2,$xa2,$xa2
+	 vshufi32x4	\$0x88,$xd2,$xb2,$xc2
+	 vshufi32x4	\$0xdd,$xd2,$xb2,$xd2
+	vshufi32x4	\$0x88,$xc3,$xa3,$xt3
+	vshufi32x4	\$0xdd,$xc3,$xa3,$xa3
+	 vshufi32x4	\$0x88,$xd3,$xb3,$xc3
+	 vshufi32x4	\$0xdd,$xd3,$xb3,$xd3
+___
+	($xa0,$xa1,$xa2,$xa3,$xb0,$xb1,$xb2,$xb3)=
+	($xt0,$xt1,$xt2,$xt3,$xa0,$xa1,$xa2,$xa3);
+
+	($xa0,$xb0,$xc0,$xd0, $xa1,$xb1,$xc1,$xd1,
+	 $xa2,$xb2,$xc2,$xd2, $xa3,$xb3,$xc3,$xd3) =
+	($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3,
+	 $xc0,$xc1,$xc2,$xc3, $xd0,$xd1,$xd2,$xd3);
+$code.=<<___;
+	cmp		\$64*16,$len
+	jb		.Ltail16x
+
+	vpxord		0x00($inp),$xa0,$xa0	# xor with input
+	vpxord		0x40($inp),$xb0,$xb0
+	vpxord		0x80($inp),$xc0,$xc0
+	vpxord		0xc0($inp),$xd0,$xd0
+	vmovdqu32	$xa0,0x00($out)
+	vmovdqu32	$xb0,0x40($out)
+	vmovdqu32	$xc0,0x80($out)
+	vmovdqu32	$xd0,0xc0($out)
+
+	vpxord		0x100($inp),$xa1,$xa1
+	vpxord		0x140($inp),$xb1,$xb1
+	vpxord		0x180($inp),$xc1,$xc1
+	vpxord		0x1c0($inp),$xd1,$xd1
+	vmovdqu32	$xa1,0x100($out)
+	vmovdqu32	$xb1,0x140($out)
+	vmovdqu32	$xc1,0x180($out)
+	vmovdqu32	$xd1,0x1c0($out)
+
+	vpxord		0x200($inp),$xa2,$xa2
+	vpxord		0x240($inp),$xb2,$xb2
+	vpxord		0x280($inp),$xc2,$xc2
+	vpxord		0x2c0($inp),$xd2,$xd2
+	vmovdqu32	$xa2,0x200($out)
+	vmovdqu32	$xb2,0x240($out)
+	vmovdqu32	$xc2,0x280($out)
+	vmovdqu32	$xd2,0x2c0($out)
+
+	vpxord		0x300($inp),$xa3,$xa3
+	vpxord		0x340($inp),$xb3,$xb3
+	vpxord		0x380($inp),$xc3,$xc3
+	vpxord		0x3c0($inp),$xd3,$xd3
+	lea		0x400($inp),$inp
+	vmovdqu32	$xa3,0x300($out)
+	vmovdqu32	$xb3,0x340($out)
+	vmovdqu32	$xc3,0x380($out)
+	vmovdqu32	$xd3,0x3c0($out)
+	lea		0x400($out),$out
+
+	sub		\$64*16,$len
+	jnz		.Loop_outer16x
+
+	jmp		.Ldone16x
+
+.align	32
+.Ltail16x:
+	xor		%r10,%r10
+	sub		$inp,$out
+	cmp		\$64*1,$len
+	jb		.Less_than_64_16x
+	vpxord		($inp),$xa0,$xa0	# xor with input
+	vmovdqu32	$xa0,($out,$inp)
+	je		.Ldone16x
+	vmovdqa32	$xb0,$xa0
+	lea		64($inp),$inp
+
+	cmp		\$64*2,$len
+	jb		.Less_than_64_16x
+	vpxord		($inp),$xb0,$xb0
+	vmovdqu32	$xb0,($out,$inp)
+	je		.Ldone16x
+	vmovdqa32	$xc0,$xa0
+	lea		64($inp),$inp
+
+	cmp		\$64*3,$len
+	jb		.Less_than_64_16x
+	vpxord		($inp),$xc0,$xc0
+	vmovdqu32	$xc0,($out,$inp)
+	je		.Ldone16x
+	vmovdqa32	$xd0,$xa0
+	lea		64($inp),$inp
+
+	cmp		\$64*4,$len
+	jb		.Less_than_64_16x
+	vpxord		($inp),$xd0,$xd0
+	vmovdqu32	$xd0,($out,$inp)
+	je		.Ldone16x
+	vmovdqa32	$xa1,$xa0
+	lea		64($inp),$inp
+
+	cmp		\$64*5,$len
+	jb		.Less_than_64_16x
+	vpxord		($inp),$xa1,$xa1
+	vmovdqu32	$xa1,($out,$inp)
+	je		.Ldone16x
+	vmovdqa32	$xb1,$xa0
+	lea		64($inp),$inp
+
+	cmp		\$64*6,$len
+	jb		.Less_than_64_16x
+	vpxord		($inp),$xb1,$xb1
+	vmovdqu32	$xb1,($out,$inp)
+	je		.Ldone16x
+	vmovdqa32	$xc1,$xa0
+	lea		64($inp),$inp
+
+	cmp		\$64*7,$len
+	jb		.Less_than_64_16x
+	vpxord		($inp),$xc1,$xc1
+	vmovdqu32	$xc1,($out,$inp)
+	je		.Ldone16x
+	vmovdqa32	$xd1,$xa0
+	lea		64($inp),$inp
+
+	cmp		\$64*8,$len
+	jb		.Less_than_64_16x
+	vpxord		($inp),$xd1,$xd1
+	vmovdqu32	$xd1,($out,$inp)
+	je		.Ldone16x
+	vmovdqa32	$xa2,$xa0
+	lea		64($inp),$inp
+
+	cmp		\$64*9,$len
+	jb		.Less_than_64_16x
+	vpxord		($inp),$xa2,$xa2
+	vmovdqu32	$xa2,($out,$inp)
+	je		.Ldone16x
+	vmovdqa32	$xb2,$xa0
+	lea		64($inp),$inp
+
+	cmp		\$64*10,$len
+	jb		.Less_than_64_16x
+	vpxord		($inp),$xb2,$xb2
+	vmovdqu32	$xb2,($out,$inp)
+	je		.Ldone16x
+	vmovdqa32	$xc2,$xa0
+	lea		64($inp),$inp
+
+	cmp		\$64*11,$len
+	jb		.Less_than_64_16x
+	vpxord		($inp),$xc2,$xc2
+	vmovdqu32	$xc2,($out,$inp)
+	je		.Ldone16x
+	vmovdqa32	$xd2,$xa0
+	lea		64($inp),$inp
+
+	cmp		\$64*12,$len
+	jb		.Less_than_64_16x
+	vpxord		($inp),$xd2,$xd2
+	vmovdqu32	$xd2,($out,$inp)
+	je		.Ldone16x
+	vmovdqa32	$xa3,$xa0
+	lea		64($inp),$inp
+
+	cmp		\$64*13,$len
+	jb		.Less_than_64_16x
+	vpxord		($inp),$xa3,$xa3
+	vmovdqu32	$xa3,($out,$inp)
+	je		.Ldone16x
+	vmovdqa32	$xb3,$xa0
+	lea		64($inp),$inp
+
+	cmp		\$64*14,$len
+	jb		.Less_than_64_16x
+	vpxord		($inp),$xb3,$xb3
+	vmovdqu32	$xb3,($out,$inp)
+	je		.Ldone16x
+	vmovdqa32	$xc3,$xa0
+	lea		64($inp),$inp
+
+	cmp		\$64*15,$len
+	jb		.Less_than_64_16x
+	vpxord		($inp),$xc3,$xc3
+	vmovdqu32	$xc3,($out,$inp)
+	je		.Ldone16x
+	vmovdqa32	$xd3,$xa0
+	lea		64($inp),$inp
+
+.Less_than_64_16x:
+	vmovdqa32	$xa0,0x00(%rsp)
+	lea		($out,$inp),$out
+	and		\$63,$len
+
+.Loop_tail16x:
+	movzb		($inp,%r10),%eax
+	movzb		(%rsp,%r10),%ecx
+	lea		1(%r10),%r10
+	xor		%ecx,%eax
+	mov		%al,-1($out,%r10)
+	dec		$len
+	jnz		.Loop_tail16x
+
+	vpxord		$xa0,$xa0,$xa0
+	vmovdqa32	$xa0,0(%rsp)
+
+.Ldone16x:
+	vzeroall
+___
+$code.=<<___	if ($win64);
+	movaps		-0xa8(%r9),%xmm6
+	movaps		-0x98(%r9),%xmm7
+	movaps		-0x88(%r9),%xmm8
+	movaps		-0x78(%r9),%xmm9
+	movaps		-0x68(%r9),%xmm10
+	movaps		-0x58(%r9),%xmm11
+	movaps		-0x48(%r9),%xmm12
+	movaps		-0x38(%r9),%xmm13
+	movaps		-0x28(%r9),%xmm14
+	movaps		-0x18(%r9),%xmm15
+___
+$code.=<<___;
+	lea		(%r9),%rsp
+.cfi_def_cfa_register	%rsp
+.L16x_epilogue:
+	ret
+.cfi_endproc
+.size	ChaCha20_16x,.-ChaCha20_16x
+___
+
+# switch to %ymm domain
+($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3,
+ $xc0,$xc1,$xc2,$xc3, $xd0,$xd1,$xd2,$xd3)=map("%ymm$_",(0..15));
+@xx=($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3,
+     $xc0,$xc1,$xc2,$xc3, $xd0,$xd1,$xd2,$xd3);
+@key=map("%ymm$_",(16..31));
+($xt0,$xt1,$xt2,$xt3)=@key[0..3];
+
+$code.=<<___;
+.type	ChaCha20_8xvl,\@function,5
+.align	32
+ChaCha20_8xvl:
+.cfi_startproc
+.LChaCha20_8xvl:
+	mov		%rsp,%r9		# frame register
+.cfi_def_cfa_register	%r9
+	sub		\$64+$xframe,%rsp
+	and		\$-64,%rsp
+___
+$code.=<<___	if ($win64);
+	movaps		%xmm6,-0xa8(%r9)
+	movaps		%xmm7,-0x98(%r9)
+	movaps		%xmm8,-0x88(%r9)
+	movaps		%xmm9,-0x78(%r9)
+	movaps		%xmm10,-0x68(%r9)
+	movaps		%xmm11,-0x58(%r9)
+	movaps		%xmm12,-0x48(%r9)
+	movaps		%xmm13,-0x38(%r9)
+	movaps		%xmm14,-0x28(%r9)
+	movaps		%xmm15,-0x18(%r9)
+.L8xvl_body:
+___
+$code.=<<___;
+	vzeroupper
+
+	lea		.Lsigma(%rip),%r10
+	vbroadcasti128	(%r10),$xa3		# key[0]
+	vbroadcasti128	($key),$xb3		# key[1]
+	vbroadcasti128	16($key),$xc3		# key[2]
+	vbroadcasti128	($counter),$xd3		# key[3]
+
+	vpshufd		\$0x00,$xa3,$xa0	# smash key by lanes...
+	vpshufd		\$0x55,$xa3,$xa1
+	vpshufd		\$0xaa,$xa3,$xa2
+	vpshufd		\$0xff,$xa3,$xa3
+	vmovdqa64	$xa0,@key[0]
+	vmovdqa64	$xa1,@key[1]
+	vmovdqa64	$xa2,@key[2]
+	vmovdqa64	$xa3,@key[3]
+
+	vpshufd		\$0x00,$xb3,$xb0
+	vpshufd		\$0x55,$xb3,$xb1
+	vpshufd		\$0xaa,$xb3,$xb2
+	vpshufd		\$0xff,$xb3,$xb3
+	vmovdqa64	$xb0,@key[4]
+	vmovdqa64	$xb1,@key[5]
+	vmovdqa64	$xb2,@key[6]
+	vmovdqa64	$xb3,@key[7]
+
+	vpshufd		\$0x00,$xc3,$xc0
+	vpshufd		\$0x55,$xc3,$xc1
+	vpshufd		\$0xaa,$xc3,$xc2
+	vpshufd		\$0xff,$xc3,$xc3
+	vmovdqa64	$xc0,@key[8]
+	vmovdqa64	$xc1,@key[9]
+	vmovdqa64	$xc2,@key[10]
+	vmovdqa64	$xc3,@key[11]
+
+	vpshufd		\$0x00,$xd3,$xd0
+	vpshufd		\$0x55,$xd3,$xd1
+	vpshufd		\$0xaa,$xd3,$xd2
+	vpshufd		\$0xff,$xd3,$xd3
+	vpaddd		.Lincy(%rip),$xd0,$xd0	# don't save counters yet
+	vmovdqa64	$xd0,@key[12]
+	vmovdqa64	$xd1,@key[13]
+	vmovdqa64	$xd2,@key[14]
+	vmovdqa64	$xd3,@key[15]
+
+	mov		\$10,%eax
+	jmp		.Loop8xvl
+
+.align	32
+.Loop_outer8xvl:
+	#vpbroadcastd	0(%r10),$xa0		# reload key
+	#vpbroadcastd	4(%r10),$xa1
+	vpbroadcastd	8(%r10),$xa2
+	vpbroadcastd	12(%r10),$xa3
+	vpaddd		.Leight(%rip),@key[12],@key[12]	# next SIMD counters
+	vmovdqa64	@key[4],$xb0
+	vmovdqa64	@key[5],$xb1
+	vmovdqa64	@key[6],$xb2
+	vmovdqa64	@key[7],$xb3
+	vmovdqa64	@key[8],$xc0
+	vmovdqa64	@key[9],$xc1
+	vmovdqa64	@key[10],$xc2
+	vmovdqa64	@key[11],$xc3
+	vmovdqa64	@key[12],$xd0
+	vmovdqa64	@key[13],$xd1
+	vmovdqa64	@key[14],$xd2
+	vmovdqa64	@key[15],$xd3
+
+	vmovdqa64	$xa0,@key[0]
+	vmovdqa64	$xa1,@key[1]
+	vmovdqa64	$xa2,@key[2]
+	vmovdqa64	$xa3,@key[3]
+
+	mov		\$10,%eax
+	jmp		.Loop8xvl
+
+.align	32
+.Loop8xvl:
+___
+	foreach (&AVX512_lane_ROUND(0, 4, 8,12)) { eval; }
+	foreach (&AVX512_lane_ROUND(0, 5,10,15)) { eval; }
+$code.=<<___;
+	dec		%eax
+	jnz		.Loop8xvl
+
+	vpaddd		@key[0],$xa0,$xa0	# accumulate key
+	vpaddd		@key[1],$xa1,$xa1
+	vpaddd		@key[2],$xa2,$xa2
+	vpaddd		@key[3],$xa3,$xa3
+
+	vpunpckldq	$xa1,$xa0,$xt2		# "de-interlace" data
+	vpunpckldq	$xa3,$xa2,$xt3
+	vpunpckhdq	$xa1,$xa0,$xa0
+	vpunpckhdq	$xa3,$xa2,$xa2
+	vpunpcklqdq	$xt3,$xt2,$xa1		# "a0"
+	vpunpckhqdq	$xt3,$xt2,$xt2		# "a1"
+	vpunpcklqdq	$xa2,$xa0,$xa3		# "a2"
+	vpunpckhqdq	$xa2,$xa0,$xa0		# "a3"
+___
+	($xa0,$xa1,$xa2,$xa3,$xt2)=($xa1,$xt2,$xa3,$xa0,$xa2);
+$code.=<<___;
+	vpaddd		@key[4],$xb0,$xb0
+	vpaddd		@key[5],$xb1,$xb1
+	vpaddd		@key[6],$xb2,$xb2
+	vpaddd		@key[7],$xb3,$xb3
+
+	vpunpckldq	$xb1,$xb0,$xt2
+	vpunpckldq	$xb3,$xb2,$xt3
+	vpunpckhdq	$xb1,$xb0,$xb0
+	vpunpckhdq	$xb3,$xb2,$xb2
+	vpunpcklqdq	$xt3,$xt2,$xb1		# "b0"
+	vpunpckhqdq	$xt3,$xt2,$xt2		# "b1"
+	vpunpcklqdq	$xb2,$xb0,$xb3		# "b2"
+	vpunpckhqdq	$xb2,$xb0,$xb0		# "b3"
+___
+	($xb0,$xb1,$xb2,$xb3,$xt2)=($xb1,$xt2,$xb3,$xb0,$xb2);
+$code.=<<___;
+	vshufi32x4	\$0,$xb0,$xa0,$xt3	# "de-interlace" further
+	vshufi32x4	\$3,$xb0,$xa0,$xb0
+	vshufi32x4	\$0,$xb1,$xa1,$xa0
+	vshufi32x4	\$3,$xb1,$xa1,$xb1
+	vshufi32x4	\$0,$xb2,$xa2,$xa1
+	vshufi32x4	\$3,$xb2,$xa2,$xb2
+	vshufi32x4	\$0,$xb3,$xa3,$xa2
+	vshufi32x4	\$3,$xb3,$xa3,$xb3
+___
+	($xa0,$xa1,$xa2,$xa3,$xt3)=($xt3,$xa0,$xa1,$xa2,$xa3);
+$code.=<<___;
+	vpaddd		@key[8],$xc0,$xc0
+	vpaddd		@key[9],$xc1,$xc1
+	vpaddd		@key[10],$xc2,$xc2
+	vpaddd		@key[11],$xc3,$xc3
+
+	vpunpckldq	$xc1,$xc0,$xt2
+	vpunpckldq	$xc3,$xc2,$xt3
+	vpunpckhdq	$xc1,$xc0,$xc0
+	vpunpckhdq	$xc3,$xc2,$xc2
+	vpunpcklqdq	$xt3,$xt2,$xc1		# "c0"
+	vpunpckhqdq	$xt3,$xt2,$xt2		# "c1"
+	vpunpcklqdq	$xc2,$xc0,$xc3		# "c2"
+	vpunpckhqdq	$xc2,$xc0,$xc0		# "c3"
+___
+	($xc0,$xc1,$xc2,$xc3,$xt2)=($xc1,$xt2,$xc3,$xc0,$xc2);
+$code.=<<___;
+	vpaddd		@key[12],$xd0,$xd0
+	vpaddd		@key[13],$xd1,$xd1
+	vpaddd		@key[14],$xd2,$xd2
+	vpaddd		@key[15],$xd3,$xd3
+
+	vpunpckldq	$xd1,$xd0,$xt2
+	vpunpckldq	$xd3,$xd2,$xt3
+	vpunpckhdq	$xd1,$xd0,$xd0
+	vpunpckhdq	$xd3,$xd2,$xd2
+	vpunpcklqdq	$xt3,$xt2,$xd1		# "d0"
+	vpunpckhqdq	$xt3,$xt2,$xt2		# "d1"
+	vpunpcklqdq	$xd2,$xd0,$xd3		# "d2"
+	vpunpckhqdq	$xd2,$xd0,$xd0		# "d3"
+___
+	($xd0,$xd1,$xd2,$xd3,$xt2)=($xd1,$xt2,$xd3,$xd0,$xd2);
+$code.=<<___;
+	vperm2i128	\$0x20,$xd0,$xc0,$xt3	# "de-interlace" further
+	vperm2i128	\$0x31,$xd0,$xc0,$xd0
+	vperm2i128	\$0x20,$xd1,$xc1,$xc0
+	vperm2i128	\$0x31,$xd1,$xc1,$xd1
+	vperm2i128	\$0x20,$xd2,$xc2,$xc1
+	vperm2i128	\$0x31,$xd2,$xc2,$xd2
+	vperm2i128	\$0x20,$xd3,$xc3,$xc2
+	vperm2i128	\$0x31,$xd3,$xc3,$xd3
+___
+	($xc0,$xc1,$xc2,$xc3,$xt3)=($xt3,$xc0,$xc1,$xc2,$xc3);
+	($xb0,$xb1,$xb2,$xb3,$xc0,$xc1,$xc2,$xc3)=
+	($xc0,$xc1,$xc2,$xc3,$xb0,$xb1,$xb2,$xb3);
+$code.=<<___;
+	cmp		\$64*8,$len
+	jb		.Ltail8xvl
+
+	mov		\$0x80,%eax		# size optimization
+	vpxord		0x00($inp),$xa0,$xa0	# xor with input
+	vpxor		0x20($inp),$xb0,$xb0
+	vpxor		0x40($inp),$xc0,$xc0
+	vpxor		0x60($inp),$xd0,$xd0
+	lea		($inp,%rax),$inp	# size optimization
+	vmovdqu32	$xa0,0x00($out)
+	vmovdqu		$xb0,0x20($out)
+	vmovdqu		$xc0,0x40($out)
+	vmovdqu		$xd0,0x60($out)
+	lea		($out,%rax),$out	# size optimization
+
+	vpxor		0x00($inp),$xa1,$xa1
+	vpxor		0x20($inp),$xb1,$xb1
+	vpxor		0x40($inp),$xc1,$xc1
+	vpxor		0x60($inp),$xd1,$xd1
+	lea		($inp,%rax),$inp	# size optimization
+	vmovdqu		$xa1,0x00($out)
+	vmovdqu		$xb1,0x20($out)
+	vmovdqu		$xc1,0x40($out)
+	vmovdqu		$xd1,0x60($out)
+	lea		($out,%rax),$out	# size optimization
+
+	vpxord		0x00($inp),$xa2,$xa2
+	vpxor		0x20($inp),$xb2,$xb2
+	vpxor		0x40($inp),$xc2,$xc2
+	vpxor		0x60($inp),$xd2,$xd2
+	lea		($inp,%rax),$inp	# size optimization
+	vmovdqu32	$xa2,0x00($out)
+	vmovdqu		$xb2,0x20($out)
+	vmovdqu		$xc2,0x40($out)
+	vmovdqu		$xd2,0x60($out)
+	lea		($out,%rax),$out	# size optimization
+
+	vpxor		0x00($inp),$xa3,$xa3
+	vpxor		0x20($inp),$xb3,$xb3
+	vpxor		0x40($inp),$xc3,$xc3
+	vpxor		0x60($inp),$xd3,$xd3
+	lea		($inp,%rax),$inp	# size optimization
+	vmovdqu		$xa3,0x00($out)
+	vmovdqu		$xb3,0x20($out)
+	vmovdqu		$xc3,0x40($out)
+	vmovdqu		$xd3,0x60($out)
+	lea		($out,%rax),$out	# size optimization
+
+	vpbroadcastd	0(%r10),%ymm0		# reload key
+	vpbroadcastd	4(%r10),%ymm1
+
+	sub		\$64*8,$len
+	jnz		.Loop_outer8xvl
+
+	jmp		.Ldone8xvl
+
+.align	32
+.Ltail8xvl:
+	vmovdqa64	$xa0,%ymm8		# size optimization
+___
+$xa0 = "%ymm8";
+$code.=<<___;
+	xor		%r10,%r10
+	sub		$inp,$out
+	cmp		\$64*1,$len
+	jb		.Less_than_64_8xvl
+	vpxor		0x00($inp),$xa0,$xa0	# xor with input
+	vpxor		0x20($inp),$xb0,$xb0
+	vmovdqu		$xa0,0x00($out,$inp)
+	vmovdqu		$xb0,0x20($out,$inp)
+	je		.Ldone8xvl
+	vmovdqa		$xc0,$xa0
+	vmovdqa		$xd0,$xb0
+	lea		64($inp),$inp
+
+	cmp		\$64*2,$len
+	jb		.Less_than_64_8xvl
+	vpxor		0x00($inp),$xc0,$xc0
+	vpxor		0x20($inp),$xd0,$xd0
+	vmovdqu		$xc0,0x00($out,$inp)
+	vmovdqu		$xd0,0x20($out,$inp)
+	je		.Ldone8xvl
+	vmovdqa		$xa1,$xa0
+	vmovdqa		$xb1,$xb0
+	lea		64($inp),$inp
+
+	cmp		\$64*3,$len
+	jb		.Less_than_64_8xvl
+	vpxor		0x00($inp),$xa1,$xa1
+	vpxor		0x20($inp),$xb1,$xb1
+	vmovdqu		$xa1,0x00($out,$inp)
+	vmovdqu		$xb1,0x20($out,$inp)
+	je		.Ldone8xvl
+	vmovdqa		$xc1,$xa0
+	vmovdqa		$xd1,$xb0
+	lea		64($inp),$inp
+
+	cmp		\$64*4,$len
+	jb		.Less_than_64_8xvl
+	vpxor		0x00($inp),$xc1,$xc1
+	vpxor		0x20($inp),$xd1,$xd1
+	vmovdqu		$xc1,0x00($out,$inp)
+	vmovdqu		$xd1,0x20($out,$inp)
+	je		.Ldone8xvl
+	vmovdqa32	$xa2,$xa0
+	vmovdqa		$xb2,$xb0
+	lea		64($inp),$inp
+
+	cmp		\$64*5,$len
+	jb		.Less_than_64_8xvl
+	vpxord		0x00($inp),$xa2,$xa2
+	vpxor		0x20($inp),$xb2,$xb2
+	vmovdqu32	$xa2,0x00($out,$inp)
+	vmovdqu		$xb2,0x20($out,$inp)
+	je		.Ldone8xvl
+	vmovdqa		$xc2,$xa0
+	vmovdqa		$xd2,$xb0
+	lea		64($inp),$inp
+
+	cmp		\$64*6,$len
+	jb		.Less_than_64_8xvl
+	vpxor		0x00($inp),$xc2,$xc2
+	vpxor		0x20($inp),$xd2,$xd2
+	vmovdqu		$xc2,0x00($out,$inp)
+	vmovdqu		$xd2,0x20($out,$inp)
+	je		.Ldone8xvl
+	vmovdqa		$xa3,$xa0
+	vmovdqa		$xb3,$xb0
+	lea		64($inp),$inp
+
+	cmp		\$64*7,$len
+	jb		.Less_than_64_8xvl
+	vpxor		0x00($inp),$xa3,$xa3
+	vpxor		0x20($inp),$xb3,$xb3
+	vmovdqu		$xa3,0x00($out,$inp)
+	vmovdqu		$xb3,0x20($out,$inp)
+	je		.Ldone8xvl
+	vmovdqa		$xc3,$xa0
+	vmovdqa		$xd3,$xb0
+	lea		64($inp),$inp
+
+.Less_than_64_8xvl:
+	vmovdqa		$xa0,0x00(%rsp)
+	vmovdqa		$xb0,0x20(%rsp)
+	lea		($out,$inp),$out
+	and		\$63,$len
+
+.Loop_tail8xvl:
+	movzb		($inp,%r10),%eax
+	movzb		(%rsp,%r10),%ecx
+	lea		1(%r10),%r10
+	xor		%ecx,%eax
+	mov		%al,-1($out,%r10)
+	dec		$len
+	jnz		.Loop_tail8xvl
+
+	vpxor		$xa0,$xa0,$xa0
+	vmovdqa		$xa0,0x00(%rsp)
+	vmovdqa		$xa0,0x20(%rsp)
+
+.Ldone8xvl:
+	vzeroall
+___
+$code.=<<___	if ($win64);
+	movaps		-0xa8(%r9),%xmm6
+	movaps		-0x98(%r9),%xmm7
+	movaps		-0x88(%r9),%xmm8
+	movaps		-0x78(%r9),%xmm9
+	movaps		-0x68(%r9),%xmm10
+	movaps		-0x58(%r9),%xmm11
+	movaps		-0x48(%r9),%xmm12
+	movaps		-0x38(%r9),%xmm13
+	movaps		-0x28(%r9),%xmm14
+	movaps		-0x18(%r9),%xmm15
+___
+$code.=<<___;
+	lea		(%r9),%rsp
+.cfi_def_cfa_register	%rsp
+.L8xvl_epilogue:
+	ret
+.cfi_endproc
+.size	ChaCha20_8xvl,.-ChaCha20_8xvl
+___
+}
+
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern	__imp_RtlVirtualUnwind
+.type	se_handler,\@abi-omnipotent
+.align	16
+se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	lea	.Lctr32_body(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip<.Lprologue
+	jb	.Lcommon_seh_tail
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	lea	.Lno_data(%rip),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=.Lepilogue
+	jae	.Lcommon_seh_tail
+
+	lea	64+24+48(%rax),%rax
+
+	mov	-8(%rax),%rbx
+	mov	-16(%rax),%rbp
+	mov	-24(%rax),%r12
+	mov	-32(%rax),%r13
+	mov	-40(%rax),%r14
+	mov	-48(%rax),%r15
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+	mov	%r14,232($context)	# restore context->R14
+	mov	%r15,240($context)	# restore context->R14
+
+.Lcommon_seh_tail:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$154,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	se_handler,.-se_handler
+
+.type	simd_handler,\@abi-omnipotent
+.align	16
+simd_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# prologue label
+	cmp	%r10,%rbx		# context->Rip<prologue label
+	jb	.Lcommon_seh_tail
+
+	mov	192($context),%rax	# pull context->R9
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	mov	8(%r11),%ecx		# HandlerData[2]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lcommon_seh_tail
+
+	neg	%rcx
+	lea	-8(%rax,%rcx),%rsi
+	lea	512($context),%rdi	# &context.Xmm6
+	neg	%ecx
+	shr	\$3,%ecx
+	.long	0xa548f3fc		# cld; rep movsq
+
+	jmp	.Lcommon_seh_tail
+.size	simd_handler,.-simd_handler
+
+.section	.pdata
+.align	4
+	.rva	.LSEH_begin_ChaCha20_ctr32
+	.rva	.LSEH_end_ChaCha20_ctr32
+	.rva	.LSEH_info_ChaCha20_ctr32
+
+	.rva	.LSEH_begin_ChaCha20_ssse3
+	.rva	.LSEH_end_ChaCha20_ssse3
+	.rva	.LSEH_info_ChaCha20_ssse3
+
+	.rva	.LSEH_begin_ChaCha20_128
+	.rva	.LSEH_end_ChaCha20_128
+	.rva	.LSEH_info_ChaCha20_128
+
+	.rva	.LSEH_begin_ChaCha20_4x
+	.rva	.LSEH_end_ChaCha20_4x
+	.rva	.LSEH_info_ChaCha20_4x
+___
+$code.=<<___ if ($avx);
+	.rva	.LSEH_begin_ChaCha20_4xop
+	.rva	.LSEH_end_ChaCha20_4xop
+	.rva	.LSEH_info_ChaCha20_4xop
+___
+$code.=<<___ if ($avx>1);
+	.rva	.LSEH_begin_ChaCha20_8x
+	.rva	.LSEH_end_ChaCha20_8x
+	.rva	.LSEH_info_ChaCha20_8x
+___
+$code.=<<___ if ($avx>2);
+	.rva	.LSEH_begin_ChaCha20_avx512
+	.rva	.LSEH_end_ChaCha20_avx512
+	.rva	.LSEH_info_ChaCha20_avx512
+
+	.rva	.LSEH_begin_ChaCha20_avx512vl
+	.rva	.LSEH_end_ChaCha20_avx512vl
+	.rva	.LSEH_info_ChaCha20_avx512vl
+
+	.rva	.LSEH_begin_ChaCha20_16x
+	.rva	.LSEH_end_ChaCha20_16x
+	.rva	.LSEH_info_ChaCha20_16x
+
+	.rva	.LSEH_begin_ChaCha20_8xvl
+	.rva	.LSEH_end_ChaCha20_8xvl
+	.rva	.LSEH_info_ChaCha20_8xvl
+___
+$code.=<<___;
+.section	.xdata
+.align	8
+.LSEH_info_ChaCha20_ctr32:
+	.byte	9,0,0,0
+	.rva	se_handler
+
+.LSEH_info_ChaCha20_ssse3:
+	.byte	9,0,0,0
+	.rva	simd_handler
+	.rva	.Lssse3_body,.Lssse3_epilogue
+	.long	0x20,0
+
+.LSEH_info_ChaCha20_128:
+	.byte	9,0,0,0
+	.rva	simd_handler
+	.rva	.L128_body,.L128_epilogue
+	.long	0x60,0
+
+.LSEH_info_ChaCha20_4x:
+	.byte	9,0,0,0
+	.rva	simd_handler
+	.rva	.L4x_body,.L4x_epilogue
+	.long	0xa0,0
+___
+$code.=<<___ if ($avx);
+.LSEH_info_ChaCha20_4xop:
+	.byte	9,0,0,0
+	.rva	simd_handler
+	.rva	.L4xop_body,.L4xop_epilogue		# HandlerData[]
+	.long	0xa0,0
+___
+$code.=<<___ if ($avx>1);
+.LSEH_info_ChaCha20_8x:
+	.byte	9,0,0,0
+	.rva	simd_handler
+	.rva	.L8x_body,.L8x_epilogue			# HandlerData[]
+	.long	0xa0,0
+___
+$code.=<<___ if ($avx>2);
+.LSEH_info_ChaCha20_avx512:
+	.byte	9,0,0,0
+	.rva	simd_handler
+	.rva	.Lavx512_body,.Lavx512_epilogue		# HandlerData[]
+	.long	0x20,0
+
+.LSEH_info_ChaCha20_avx512vl:
+	.byte	9,0,0,0
+	.rva	simd_handler
+	.rva	.Lavx512vl_body,.Lavx512vl_epilogue	# HandlerData[]
+	.long	0x20,0
+
+.LSEH_info_ChaCha20_16x:
+	.byte	9,0,0,0
+	.rva	simd_handler
+	.rva	.L16x_body,.L16x_epilogue		# HandlerData[]
+	.long	0xa0,0
+
+.LSEH_info_ChaCha20_8xvl:
+	.byte	9,0,0,0
+	.rva	simd_handler
+	.rva	.L8xvl_body,.L8xvl_epilogue		# HandlerData[]
+	.long	0xa0,0
+___
+}
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/ge;
+
+	s/%x#%[yz]/%x/g;	# "down-shift"
+
+	print $_,"\n";
+}
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/build.info
new file mode 100644
index 000000000..02f8e518a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/build.info
@@ -0,0 +1,18 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]={- $target{chacha_asm_src} -}
+
+GENERATE[chacha-x86.s]=asm/chacha-x86.pl \
+        $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR)
+GENERATE[chacha-x86_64.s]=asm/chacha-x86_64.pl $(PERLASM_SCHEME)
+GENERATE[chacha-ppc.s]=asm/chacha-ppc.pl $(PERLASM_SCHEME)
+GENERATE[chacha-armv4.S]=asm/chacha-armv4.pl $(PERLASM_SCHEME)
+INCLUDE[chacha-armv4.o]=..
+GENERATE[chacha-armv8.S]=asm/chacha-armv8.pl $(PERLASM_SCHEME)
+INCLUDE[chacha-armv8.o]=..
+
+BEGINRAW[Makefile(unix)]
+##### CHACHA assembler implementations
+
+{- $builddir -}/chacha-%.S:	{- $sourcedir -}/asm/chacha-%.pl
+	CC="$(CC)" $(PERL) $< $(PERLASM_SCHEME) $@
+ENDRAW[Makefile(unix)]
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/chacha_enc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/chacha_enc.c
new file mode 100644
index 000000000..239f68ab8
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/chacha_enc.c
@@ -0,0 +1,121 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Adapted from the public domain code by D. Bernstein from SUPERCOP. */
+
+#include <string.h>
+
+#include "internal/chacha.h"
+
+typedef unsigned int u32;
+typedef unsigned char u8;
+typedef union {
+    u32 u[16];
+    u8 c[64];
+} chacha_buf;
+
+# define ROTATE(v, n) (((v) << (n)) | ((v) >> (32 - (n))))
+
+# define U32TO8_LITTLE(p, v) do { \
+                                (p)[0] = (u8)(v >>  0); \
+                                (p)[1] = (u8)(v >>  8); \
+                                (p)[2] = (u8)(v >> 16); \
+                                (p)[3] = (u8)(v >> 24); \
+                                } while(0)
+
+/* QUARTERROUND updates a, b, c, d with a ChaCha "quarter" round. */
+# define QUARTERROUND(a,b,c,d) ( \
+                x[a] += x[b], x[d] = ROTATE((x[d] ^ x[a]),16), \
+                x[c] += x[d], x[b] = ROTATE((x[b] ^ x[c]),12), \
+                x[a] += x[b], x[d] = ROTATE((x[d] ^ x[a]), 8), \
+                x[c] += x[d], x[b] = ROTATE((x[b] ^ x[c]), 7)  )
+
+/* chacha_core performs 20 rounds of ChaCha on the input words in
+ * |input| and writes the 64 output bytes to |output|. */
+static void chacha20_core(chacha_buf *output, const u32 input[16])
+{
+    u32 x[16];
+    int i;
+    const union {
+        long one;
+        char little;
+    } is_endian = { 1 };
+
+    memcpy(x, input, sizeof(x));
+
+    for (i = 20; i > 0; i -= 2) {
+        QUARTERROUND(0, 4, 8, 12);
+        QUARTERROUND(1, 5, 9, 13);
+        QUARTERROUND(2, 6, 10, 14);
+        QUARTERROUND(3, 7, 11, 15);
+        QUARTERROUND(0, 5, 10, 15);
+        QUARTERROUND(1, 6, 11, 12);
+        QUARTERROUND(2, 7, 8, 13);
+        QUARTERROUND(3, 4, 9, 14);
+    }
+
+    if (is_endian.little) {
+        for (i = 0; i < 16; ++i)
+            output->u[i] = x[i] + input[i];
+    } else {
+        for (i = 0; i < 16; ++i)
+            U32TO8_LITTLE(output->c + 4 * i, (x[i] + input[i]));
+    }
+}
+
+void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp,
+                    size_t len, const unsigned int key[8],
+                    const unsigned int counter[4])
+{
+    u32 input[16];
+    chacha_buf buf;
+    size_t todo, i;
+
+    /* sigma constant "expand 32-byte k" in little-endian encoding */
+    input[0] = ((u32)'e') | ((u32)'x'<<8) | ((u32)'p'<<16) | ((u32)'a'<<24);
+    input[1] = ((u32)'n') | ((u32)'d'<<8) | ((u32)' '<<16) | ((u32)'3'<<24);
+    input[2] = ((u32)'2') | ((u32)'-'<<8) | ((u32)'b'<<16) | ((u32)'y'<<24);
+    input[3] = ((u32)'t') | ((u32)'e'<<8) | ((u32)' '<<16) | ((u32)'k'<<24);
+
+    input[4] = key[0];
+    input[5] = key[1];
+    input[6] = key[2];
+    input[7] = key[3];
+    input[8] = key[4];
+    input[9] = key[5];
+    input[10] = key[6];
+    input[11] = key[7];
+
+    input[12] = counter[0];
+    input[13] = counter[1];
+    input[14] = counter[2];
+    input[15] = counter[3];
+
+    while (len > 0) {
+        todo = sizeof(buf);
+        if (len < todo)
+            todo = len;
+
+        chacha20_core(&buf, input);
+
+        for (i = 0; i < todo; i++)
+            out[i] = inp[i] ^ buf.c[i];
+        out += todo;
+        inp += todo;
+        len -= todo;
+
+        /*
+         * Advance 32-bit counter. Note that as subroutine is so to
+         * say nonce-agnostic, this limited counter width doesn't
+         * prevent caller from implementing wider counter. It would
+         * simply take two calls split on counter overflow...
+         */
+        input[12]++;
+    }
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cmac/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/cmac/build.info
new file mode 100644
index 000000000..c8a4949a0
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cmac/build.info
@@ -0,0 +1,2 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=cmac.c cm_ameth.c cm_pmeth.c
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cmac/cm_ameth.c b/trunk/3rdparty/openssl-1.1-fit/crypto/cmac/cm_ameth.c
new file mode 100644
index 000000000..a58454a08
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cmac/cm_ameth.c
@@ -0,0 +1,51 @@
+/*
+ * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/cmac.h>
+#include "internal/asn1_int.h"
+
+/*
+ * CMAC "ASN1" method. This is just here to indicate the maximum CMAC output
+ * length and to free up a CMAC key.
+ */
+
+static int cmac_size(const EVP_PKEY *pkey)
+{
+    return EVP_MAX_BLOCK_LENGTH;
+}
+
+static void cmac_key_free(EVP_PKEY *pkey)
+{
+    CMAC_CTX *cmctx = EVP_PKEY_get0(pkey);
+    CMAC_CTX_free(cmctx);
+}
+
+const EVP_PKEY_ASN1_METHOD cmac_asn1_meth = {
+    EVP_PKEY_CMAC,
+    EVP_PKEY_CMAC,
+    0,
+
+    "CMAC",
+    "OpenSSL CMAC method",
+
+    0, 0, 0, 0,
+
+    0, 0, 0,
+
+    cmac_size,
+    0, 0,
+    0, 0, 0, 0, 0, 0, 0,
+
+    cmac_key_free,
+    0,
+    0, 0
+};
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cmac/cm_pmeth.c b/trunk/3rdparty/openssl-1.1-fit/crypto/cmac/cm_pmeth.c
new file mode 100644
index 000000000..10748f148
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cmac/cm_pmeth.c
@@ -0,0 +1,161 @@
+/*
+ * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/evp.h>
+#include <openssl/cmac.h>
+#include "internal/evp_int.h"
+
+/* The context structure and "key" is simply a CMAC_CTX */
+
+static int pkey_cmac_init(EVP_PKEY_CTX *ctx)
+{
+    ctx->data = CMAC_CTX_new();
+    if (ctx->data == NULL)
+        return 0;
+    ctx->keygen_info_count = 0;
+    return 1;
+}
+
+static int pkey_cmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
+{
+    if (!pkey_cmac_init(dst))
+        return 0;
+    if (!CMAC_CTX_copy(dst->data, src->data))
+        return 0;
+    return 1;
+}
+
+static void pkey_cmac_cleanup(EVP_PKEY_CTX *ctx)
+{
+    CMAC_CTX_free(ctx->data);
+}
+
+static int pkey_cmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+    CMAC_CTX *cmkey = CMAC_CTX_new();
+    CMAC_CTX *cmctx = ctx->data;
+    if (cmkey == NULL)
+        return 0;
+    if (!CMAC_CTX_copy(cmkey, cmctx)) {
+        CMAC_CTX_free(cmkey);
+        return 0;
+    }
+    EVP_PKEY_assign(pkey, EVP_PKEY_CMAC, cmkey);
+
+    return 1;
+}
+
+static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    if (!CMAC_Update(EVP_MD_CTX_pkey_ctx(ctx)->data, data, count))
+        return 0;
+    return 1;
+}
+
+static int cmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
+{
+    EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT);
+    EVP_MD_CTX_set_update_fn(mctx, int_update);
+    return 1;
+}
+
+static int cmac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                        EVP_MD_CTX *mctx)
+{
+    return CMAC_Final(ctx->data, sig, siglen);
+}
+
+static int pkey_cmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    CMAC_CTX *cmctx = ctx->data;
+    switch (type) {
+
+    case EVP_PKEY_CTRL_SET_MAC_KEY:
+        if (!p2 || p1 < 0)
+            return 0;
+        if (!CMAC_Init(cmctx, p2, p1, NULL, NULL))
+            return 0;
+        break;
+
+    case EVP_PKEY_CTRL_CIPHER:
+        if (!CMAC_Init(cmctx, NULL, 0, p2, ctx->engine))
+            return 0;
+        break;
+
+    case EVP_PKEY_CTRL_MD:
+        if (ctx->pkey && !CMAC_CTX_copy(ctx->data,
+                                        (CMAC_CTX *)ctx->pkey->pkey.ptr))
+            return 0;
+        if (!CMAC_Init(cmctx, NULL, 0, NULL, NULL))
+            return 0;
+        break;
+
+    default:
+        return -2;
+
+    }
+    return 1;
+}
+
+static int pkey_cmac_ctrl_str(EVP_PKEY_CTX *ctx,
+                              const char *type, const char *value)
+{
+    if (!value) {
+        return 0;
+    }
+    if (strcmp(type, "cipher") == 0) {
+        const EVP_CIPHER *c;
+        c = EVP_get_cipherbyname(value);
+        if (!c)
+            return 0;
+        return pkey_cmac_ctrl(ctx, EVP_PKEY_CTRL_CIPHER, -1, (void *)c);
+    }
+    if (strcmp(type, "key") == 0)
+        return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value);
+    if (strcmp(type, "hexkey") == 0)
+        return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value);
+    return -2;
+}
+
+const EVP_PKEY_METHOD cmac_pkey_meth = {
+    EVP_PKEY_CMAC,
+    EVP_PKEY_FLAG_SIGCTX_CUSTOM,
+    pkey_cmac_init,
+    pkey_cmac_copy,
+    pkey_cmac_cleanup,
+
+    0, 0,
+
+    0,
+    pkey_cmac_keygen,
+
+    0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    cmac_signctx_init,
+    cmac_signctx,
+
+    0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    pkey_cmac_ctrl,
+    pkey_cmac_ctrl_str
+};
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cmac/cmac.c b/trunk/3rdparty/openssl-1.1-fit/crypto/cmac/cmac.c
new file mode 100644
index 000000000..6989c32d0
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cmac/cmac.c
@@ -0,0 +1,226 @@
+/*
+ * Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "internal/cryptlib.h"
+#include <openssl/cmac.h>
+#include <openssl/err.h>
+
+struct CMAC_CTX_st {
+    /* Cipher context to use */
+    EVP_CIPHER_CTX *cctx;
+    /* Keys k1 and k2 */
+    unsigned char k1[EVP_MAX_BLOCK_LENGTH];
+    unsigned char k2[EVP_MAX_BLOCK_LENGTH];
+    /* Temporary block */
+    unsigned char tbl[EVP_MAX_BLOCK_LENGTH];
+    /* Last (possibly partial) block */
+    unsigned char last_block[EVP_MAX_BLOCK_LENGTH];
+    /* Number of bytes in last block: -1 means context not initialised */
+    int nlast_block;
+};
+
+/* Make temporary keys K1 and K2 */
+
+static void make_kn(unsigned char *k1, const unsigned char *l, int bl)
+{
+    int i;
+    unsigned char c = l[0], carry = c >> 7, cnext;
+
+    /* Shift block to left, including carry */
+    for (i = 0; i < bl - 1; i++, c = cnext)
+        k1[i] = (c << 1) | ((cnext = l[i + 1]) >> 7);
+
+    /* If MSB set fixup with R */
+    k1[i] = (c << 1) ^ ((0 - carry) & (bl == 16 ? 0x87 : 0x1b));
+}
+
+CMAC_CTX *CMAC_CTX_new(void)
+{
+    CMAC_CTX *ctx;
+
+    if ((ctx = OPENSSL_malloc(sizeof(*ctx))) == NULL) {
+        CRYPTOerr(CRYPTO_F_CMAC_CTX_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    ctx->cctx = EVP_CIPHER_CTX_new();
+    if (ctx->cctx == NULL) {
+        OPENSSL_free(ctx);
+        return NULL;
+    }
+    ctx->nlast_block = -1;
+    return ctx;
+}
+
+void CMAC_CTX_cleanup(CMAC_CTX *ctx)
+{
+    EVP_CIPHER_CTX_reset(ctx->cctx);
+    OPENSSL_cleanse(ctx->tbl, EVP_MAX_BLOCK_LENGTH);
+    OPENSSL_cleanse(ctx->k1, EVP_MAX_BLOCK_LENGTH);
+    OPENSSL_cleanse(ctx->k2, EVP_MAX_BLOCK_LENGTH);
+    OPENSSL_cleanse(ctx->last_block, EVP_MAX_BLOCK_LENGTH);
+    ctx->nlast_block = -1;
+}
+
+EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx)
+{
+    return ctx->cctx;
+}
+
+void CMAC_CTX_free(CMAC_CTX *ctx)
+{
+    if (!ctx)
+        return;
+    CMAC_CTX_cleanup(ctx);
+    EVP_CIPHER_CTX_free(ctx->cctx);
+    OPENSSL_free(ctx);
+}
+
+int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in)
+{
+    int bl;
+    if (in->nlast_block == -1)
+        return 0;
+    if (!EVP_CIPHER_CTX_copy(out->cctx, in->cctx))
+        return 0;
+    bl = EVP_CIPHER_CTX_block_size(in->cctx);
+    memcpy(out->k1, in->k1, bl);
+    memcpy(out->k2, in->k2, bl);
+    memcpy(out->tbl, in->tbl, bl);
+    memcpy(out->last_block, in->last_block, bl);
+    out->nlast_block = in->nlast_block;
+    return 1;
+}
+
+int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
+              const EVP_CIPHER *cipher, ENGINE *impl)
+{
+    static const unsigned char zero_iv[EVP_MAX_BLOCK_LENGTH] = { 0 };
+    /* All zeros means restart */
+    if (!key && !cipher && !impl && keylen == 0) {
+        /* Not initialised */
+        if (ctx->nlast_block == -1)
+            return 0;
+        if (!EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, NULL, zero_iv))
+            return 0;
+        memset(ctx->tbl, 0, EVP_CIPHER_CTX_block_size(ctx->cctx));
+        ctx->nlast_block = 0;
+        return 1;
+    }
+    /* Initialise context */
+    if (cipher && !EVP_EncryptInit_ex(ctx->cctx, cipher, impl, NULL, NULL))
+        return 0;
+    /* Non-NULL key means initialisation complete */
+    if (key) {
+        int bl;
+        if (!EVP_CIPHER_CTX_cipher(ctx->cctx))
+            return 0;
+        if (!EVP_CIPHER_CTX_set_key_length(ctx->cctx, keylen))
+            return 0;
+        if (!EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, key, zero_iv))
+            return 0;
+        bl = EVP_CIPHER_CTX_block_size(ctx->cctx);
+        if (!EVP_Cipher(ctx->cctx, ctx->tbl, zero_iv, bl))
+            return 0;
+        make_kn(ctx->k1, ctx->tbl, bl);
+        make_kn(ctx->k2, ctx->k1, bl);
+        OPENSSL_cleanse(ctx->tbl, bl);
+        /* Reset context again ready for first data block */
+        if (!EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, NULL, zero_iv))
+            return 0;
+        /* Zero tbl so resume works */
+        memset(ctx->tbl, 0, bl);
+        ctx->nlast_block = 0;
+    }
+    return 1;
+}
+
+int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen)
+{
+    const unsigned char *data = in;
+    size_t bl;
+    if (ctx->nlast_block == -1)
+        return 0;
+    if (dlen == 0)
+        return 1;
+    bl = EVP_CIPHER_CTX_block_size(ctx->cctx);
+    /* Copy into partial block if we need to */
+    if (ctx->nlast_block > 0) {
+        size_t nleft;
+        nleft = bl - ctx->nlast_block;
+        if (dlen < nleft)
+            nleft = dlen;
+        memcpy(ctx->last_block + ctx->nlast_block, data, nleft);
+        dlen -= nleft;
+        ctx->nlast_block += nleft;
+        /* If no more to process return */
+        if (dlen == 0)
+            return 1;
+        data += nleft;
+        /* Else not final block so encrypt it */
+        if (!EVP_Cipher(ctx->cctx, ctx->tbl, ctx->last_block, bl))
+            return 0;
+    }
+    /* Encrypt all but one of the complete blocks left */
+    while (dlen > bl) {
+        if (!EVP_Cipher(ctx->cctx, ctx->tbl, data, bl))
+            return 0;
+        dlen -= bl;
+        data += bl;
+    }
+    /* Copy any data left to last block buffer */
+    memcpy(ctx->last_block, data, dlen);
+    ctx->nlast_block = dlen;
+    return 1;
+
+}
+
+int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen)
+{
+    int i, bl, lb;
+    if (ctx->nlast_block == -1)
+        return 0;
+    bl = EVP_CIPHER_CTX_block_size(ctx->cctx);
+    *poutlen = (size_t)bl;
+    if (!out)
+        return 1;
+    lb = ctx->nlast_block;
+    /* Is last block complete? */
+    if (lb == bl) {
+        for (i = 0; i < bl; i++)
+            out[i] = ctx->last_block[i] ^ ctx->k1[i];
+    } else {
+        ctx->last_block[lb] = 0x80;
+        if (bl - lb > 1)
+            memset(ctx->last_block + lb + 1, 0, bl - lb - 1);
+        for (i = 0; i < bl; i++)
+            out[i] = ctx->last_block[i] ^ ctx->k2[i];
+    }
+    if (!EVP_Cipher(ctx->cctx, out, out, bl)) {
+        OPENSSL_cleanse(out, bl);
+        return 0;
+    }
+    return 1;
+}
+
+int CMAC_resume(CMAC_CTX *ctx)
+{
+    if (ctx->nlast_block == -1)
+        return 0;
+    /*
+     * The buffer "tbl" contains the last fully encrypted block which is the
+     * last IV (or all zeroes if no last encrypted block). The last block has
+     * not been modified since CMAC_final(). So reinitialising using the last
+     * decrypted block will allow CMAC to continue after calling
+     * CMAC_Final().
+     */
+    return EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, NULL, ctx->tbl);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cms/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/build.info
new file mode 100644
index 000000000..cb675436e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/build.info
@@ -0,0 +1,5 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]= \
+        cms_lib.c cms_asn1.c cms_att.c cms_io.c cms_smime.c cms_err.c \
+        cms_sd.c cms_dd.c cms_cd.c cms_env.c cms_enc.c cms_ess.c \
+        cms_pwri.c cms_kari.c
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_asn1.c b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_asn1.c
new file mode 100644
index 000000000..993ea6b21
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_asn1.c
@@ -0,0 +1,403 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/cms.h>
+#include "cms_lcl.h"
+
+
+ASN1_SEQUENCE(CMS_IssuerAndSerialNumber) = {
+        ASN1_SIMPLE(CMS_IssuerAndSerialNumber, issuer, X509_NAME),
+        ASN1_SIMPLE(CMS_IssuerAndSerialNumber, serialNumber, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(CMS_IssuerAndSerialNumber)
+
+ASN1_SEQUENCE(CMS_OtherCertificateFormat) = {
+        ASN1_SIMPLE(CMS_OtherCertificateFormat, otherCertFormat, ASN1_OBJECT),
+        ASN1_OPT(CMS_OtherCertificateFormat, otherCert, ASN1_ANY)
+} static_ASN1_SEQUENCE_END(CMS_OtherCertificateFormat)
+
+ASN1_CHOICE(CMS_CertificateChoices) = {
+        ASN1_SIMPLE(CMS_CertificateChoices, d.certificate, X509),
+        ASN1_IMP(CMS_CertificateChoices, d.extendedCertificate, ASN1_SEQUENCE, 0),
+        ASN1_IMP(CMS_CertificateChoices, d.v1AttrCert, ASN1_SEQUENCE, 1),
+        ASN1_IMP(CMS_CertificateChoices, d.v2AttrCert, ASN1_SEQUENCE, 2),
+        ASN1_IMP(CMS_CertificateChoices, d.other, CMS_OtherCertificateFormat, 3)
+} ASN1_CHOICE_END(CMS_CertificateChoices)
+
+ASN1_CHOICE(CMS_SignerIdentifier) = {
+        ASN1_SIMPLE(CMS_SignerIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
+        ASN1_IMP(CMS_SignerIdentifier, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0)
+} static_ASN1_CHOICE_END(CMS_SignerIdentifier)
+
+ASN1_NDEF_SEQUENCE(CMS_EncapsulatedContentInfo) = {
+        ASN1_SIMPLE(CMS_EncapsulatedContentInfo, eContentType, ASN1_OBJECT),
+        ASN1_NDEF_EXP_OPT(CMS_EncapsulatedContentInfo, eContent, ASN1_OCTET_STRING_NDEF, 0)
+} static_ASN1_NDEF_SEQUENCE_END(CMS_EncapsulatedContentInfo)
+
+/* Minor tweak to operation: free up signer key, cert */
+static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                     void *exarg)
+{
+    if (operation == ASN1_OP_FREE_POST) {
+        CMS_SignerInfo *si = (CMS_SignerInfo *)*pval;
+        EVP_PKEY_free(si->pkey);
+        X509_free(si->signer);
+        EVP_MD_CTX_free(si->mctx);
+    }
+    return 1;
+}
+
+ASN1_SEQUENCE_cb(CMS_SignerInfo, cms_si_cb) = {
+        ASN1_EMBED(CMS_SignerInfo, version, INT32),
+        ASN1_SIMPLE(CMS_SignerInfo, sid, CMS_SignerIdentifier),
+        ASN1_SIMPLE(CMS_SignerInfo, digestAlgorithm, X509_ALGOR),
+        ASN1_IMP_SET_OF_OPT(CMS_SignerInfo, signedAttrs, X509_ATTRIBUTE, 0),
+        ASN1_SIMPLE(CMS_SignerInfo, signatureAlgorithm, X509_ALGOR),
+        ASN1_SIMPLE(CMS_SignerInfo, signature, ASN1_OCTET_STRING),
+        ASN1_IMP_SET_OF_OPT(CMS_SignerInfo, unsignedAttrs, X509_ATTRIBUTE, 1)
+} ASN1_SEQUENCE_END_cb(CMS_SignerInfo, CMS_SignerInfo)
+
+ASN1_SEQUENCE(CMS_OtherRevocationInfoFormat) = {
+        ASN1_SIMPLE(CMS_OtherRevocationInfoFormat, otherRevInfoFormat, ASN1_OBJECT),
+        ASN1_OPT(CMS_OtherRevocationInfoFormat, otherRevInfo, ASN1_ANY)
+} static_ASN1_SEQUENCE_END(CMS_OtherRevocationInfoFormat)
+
+ASN1_CHOICE(CMS_RevocationInfoChoice) = {
+        ASN1_SIMPLE(CMS_RevocationInfoChoice, d.crl, X509_CRL),
+        ASN1_IMP(CMS_RevocationInfoChoice, d.other, CMS_OtherRevocationInfoFormat, 1)
+} ASN1_CHOICE_END(CMS_RevocationInfoChoice)
+
+ASN1_NDEF_SEQUENCE(CMS_SignedData) = {
+        ASN1_EMBED(CMS_SignedData, version, INT32),
+        ASN1_SET_OF(CMS_SignedData, digestAlgorithms, X509_ALGOR),
+        ASN1_SIMPLE(CMS_SignedData, encapContentInfo, CMS_EncapsulatedContentInfo),
+        ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0),
+        ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1),
+        ASN1_SET_OF(CMS_SignedData, signerInfos, CMS_SignerInfo)
+} ASN1_NDEF_SEQUENCE_END(CMS_SignedData)
+
+ASN1_SEQUENCE(CMS_OriginatorInfo) = {
+        ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, certificates, CMS_CertificateChoices, 0),
+        ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1)
+} static_ASN1_SEQUENCE_END(CMS_OriginatorInfo)
+
+ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = {
+        ASN1_SIMPLE(CMS_EncryptedContentInfo, contentType, ASN1_OBJECT),
+        ASN1_SIMPLE(CMS_EncryptedContentInfo, contentEncryptionAlgorithm, X509_ALGOR),
+        ASN1_IMP_OPT(CMS_EncryptedContentInfo, encryptedContent, ASN1_OCTET_STRING_NDEF, 0)
+} static_ASN1_NDEF_SEQUENCE_END(CMS_EncryptedContentInfo)
+
+ASN1_SEQUENCE(CMS_KeyTransRecipientInfo) = {
+        ASN1_EMBED(CMS_KeyTransRecipientInfo, version, INT32),
+        ASN1_SIMPLE(CMS_KeyTransRecipientInfo, rid, CMS_SignerIdentifier),
+        ASN1_SIMPLE(CMS_KeyTransRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
+        ASN1_SIMPLE(CMS_KeyTransRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(CMS_KeyTransRecipientInfo)
+
+ASN1_SEQUENCE(CMS_OtherKeyAttribute) = {
+        ASN1_SIMPLE(CMS_OtherKeyAttribute, keyAttrId, ASN1_OBJECT),
+        ASN1_OPT(CMS_OtherKeyAttribute, keyAttr, ASN1_ANY)
+} ASN1_SEQUENCE_END(CMS_OtherKeyAttribute)
+
+ASN1_SEQUENCE(CMS_RecipientKeyIdentifier) = {
+        ASN1_SIMPLE(CMS_RecipientKeyIdentifier, subjectKeyIdentifier, ASN1_OCTET_STRING),
+        ASN1_OPT(CMS_RecipientKeyIdentifier, date, ASN1_GENERALIZEDTIME),
+        ASN1_OPT(CMS_RecipientKeyIdentifier, other, CMS_OtherKeyAttribute)
+} ASN1_SEQUENCE_END(CMS_RecipientKeyIdentifier)
+
+ASN1_CHOICE(CMS_KeyAgreeRecipientIdentifier) = {
+  ASN1_SIMPLE(CMS_KeyAgreeRecipientIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
+  ASN1_IMP(CMS_KeyAgreeRecipientIdentifier, d.rKeyId, CMS_RecipientKeyIdentifier, 0)
+} static_ASN1_CHOICE_END(CMS_KeyAgreeRecipientIdentifier)
+
+static int cms_rek_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                      void *exarg)
+{
+    CMS_RecipientEncryptedKey *rek = (CMS_RecipientEncryptedKey *)*pval;
+    if (operation == ASN1_OP_FREE_POST) {
+        EVP_PKEY_free(rek->pkey);
+    }
+    return 1;
+}
+
+ASN1_SEQUENCE_cb(CMS_RecipientEncryptedKey, cms_rek_cb) = {
+        ASN1_SIMPLE(CMS_RecipientEncryptedKey, rid, CMS_KeyAgreeRecipientIdentifier),
+        ASN1_SIMPLE(CMS_RecipientEncryptedKey, encryptedKey, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END_cb(CMS_RecipientEncryptedKey, CMS_RecipientEncryptedKey)
+
+ASN1_SEQUENCE(CMS_OriginatorPublicKey) = {
+  ASN1_SIMPLE(CMS_OriginatorPublicKey, algorithm, X509_ALGOR),
+  ASN1_SIMPLE(CMS_OriginatorPublicKey, publicKey, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END(CMS_OriginatorPublicKey)
+
+ASN1_CHOICE(CMS_OriginatorIdentifierOrKey) = {
+  ASN1_SIMPLE(CMS_OriginatorIdentifierOrKey, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
+  ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0),
+  ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.originatorKey, CMS_OriginatorPublicKey, 1)
+} static_ASN1_CHOICE_END(CMS_OriginatorIdentifierOrKey)
+
+static int cms_kari_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                       void *exarg)
+{
+    CMS_KeyAgreeRecipientInfo *kari = (CMS_KeyAgreeRecipientInfo *)*pval;
+    if (operation == ASN1_OP_NEW_POST) {
+        kari->ctx = EVP_CIPHER_CTX_new();
+        if (kari->ctx == NULL)
+            return 0;
+        EVP_CIPHER_CTX_set_flags(kari->ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
+        kari->pctx = NULL;
+    } else if (operation == ASN1_OP_FREE_POST) {
+        EVP_PKEY_CTX_free(kari->pctx);
+        EVP_CIPHER_CTX_free(kari->ctx);
+    }
+    return 1;
+}
+
+ASN1_SEQUENCE_cb(CMS_KeyAgreeRecipientInfo, cms_kari_cb) = {
+        ASN1_EMBED(CMS_KeyAgreeRecipientInfo, version, INT32),
+        ASN1_EXP(CMS_KeyAgreeRecipientInfo, originator, CMS_OriginatorIdentifierOrKey, 0),
+        ASN1_EXP_OPT(CMS_KeyAgreeRecipientInfo, ukm, ASN1_OCTET_STRING, 1),
+        ASN1_SIMPLE(CMS_KeyAgreeRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
+        ASN1_SEQUENCE_OF(CMS_KeyAgreeRecipientInfo, recipientEncryptedKeys, CMS_RecipientEncryptedKey)
+} ASN1_SEQUENCE_END_cb(CMS_KeyAgreeRecipientInfo, CMS_KeyAgreeRecipientInfo)
+
+ASN1_SEQUENCE(CMS_KEKIdentifier) = {
+        ASN1_SIMPLE(CMS_KEKIdentifier, keyIdentifier, ASN1_OCTET_STRING),
+        ASN1_OPT(CMS_KEKIdentifier, date, ASN1_GENERALIZEDTIME),
+        ASN1_OPT(CMS_KEKIdentifier, other, CMS_OtherKeyAttribute)
+} static_ASN1_SEQUENCE_END(CMS_KEKIdentifier)
+
+ASN1_SEQUENCE(CMS_KEKRecipientInfo) = {
+        ASN1_EMBED(CMS_KEKRecipientInfo, version, INT32),
+        ASN1_SIMPLE(CMS_KEKRecipientInfo, kekid, CMS_KEKIdentifier),
+        ASN1_SIMPLE(CMS_KEKRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
+        ASN1_SIMPLE(CMS_KEKRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(CMS_KEKRecipientInfo)
+
+ASN1_SEQUENCE(CMS_PasswordRecipientInfo) = {
+        ASN1_EMBED(CMS_PasswordRecipientInfo, version, INT32),
+        ASN1_IMP_OPT(CMS_PasswordRecipientInfo, keyDerivationAlgorithm, X509_ALGOR, 0),
+        ASN1_SIMPLE(CMS_PasswordRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
+        ASN1_SIMPLE(CMS_PasswordRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(CMS_PasswordRecipientInfo)
+
+ASN1_SEQUENCE(CMS_OtherRecipientInfo) = {
+  ASN1_SIMPLE(CMS_OtherRecipientInfo, oriType, ASN1_OBJECT),
+  ASN1_OPT(CMS_OtherRecipientInfo, oriValue, ASN1_ANY)
+} static_ASN1_SEQUENCE_END(CMS_OtherRecipientInfo)
+
+/* Free up RecipientInfo additional data */
+static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                     void *exarg)
+{
+    if (operation == ASN1_OP_FREE_PRE) {
+        CMS_RecipientInfo *ri = (CMS_RecipientInfo *)*pval;
+        if (ri->type == CMS_RECIPINFO_TRANS) {
+            CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
+            EVP_PKEY_free(ktri->pkey);
+            X509_free(ktri->recip);
+            EVP_PKEY_CTX_free(ktri->pctx);
+        } else if (ri->type == CMS_RECIPINFO_KEK) {
+            CMS_KEKRecipientInfo *kekri = ri->d.kekri;
+            OPENSSL_clear_free(kekri->key, kekri->keylen);
+        } else if (ri->type == CMS_RECIPINFO_PASS) {
+            CMS_PasswordRecipientInfo *pwri = ri->d.pwri;
+            OPENSSL_clear_free(pwri->pass, pwri->passlen);
+        }
+    }
+    return 1;
+}
+
+ASN1_CHOICE_cb(CMS_RecipientInfo, cms_ri_cb) = {
+        ASN1_SIMPLE(CMS_RecipientInfo, d.ktri, CMS_KeyTransRecipientInfo),
+        ASN1_IMP(CMS_RecipientInfo, d.kari, CMS_KeyAgreeRecipientInfo, 1),
+        ASN1_IMP(CMS_RecipientInfo, d.kekri, CMS_KEKRecipientInfo, 2),
+        ASN1_IMP(CMS_RecipientInfo, d.pwri, CMS_PasswordRecipientInfo, 3),
+        ASN1_IMP(CMS_RecipientInfo, d.ori, CMS_OtherRecipientInfo, 4)
+} ASN1_CHOICE_END_cb(CMS_RecipientInfo, CMS_RecipientInfo, type)
+
+ASN1_NDEF_SEQUENCE(CMS_EnvelopedData) = {
+        ASN1_EMBED(CMS_EnvelopedData, version, INT32),
+        ASN1_IMP_OPT(CMS_EnvelopedData, originatorInfo, CMS_OriginatorInfo, 0),
+        ASN1_SET_OF(CMS_EnvelopedData, recipientInfos, CMS_RecipientInfo),
+        ASN1_SIMPLE(CMS_EnvelopedData, encryptedContentInfo, CMS_EncryptedContentInfo),
+        ASN1_IMP_SET_OF_OPT(CMS_EnvelopedData, unprotectedAttrs, X509_ATTRIBUTE, 1)
+} ASN1_NDEF_SEQUENCE_END(CMS_EnvelopedData)
+
+ASN1_NDEF_SEQUENCE(CMS_DigestedData) = {
+        ASN1_EMBED(CMS_DigestedData, version, INT32),
+        ASN1_SIMPLE(CMS_DigestedData, digestAlgorithm, X509_ALGOR),
+        ASN1_SIMPLE(CMS_DigestedData, encapContentInfo, CMS_EncapsulatedContentInfo),
+        ASN1_SIMPLE(CMS_DigestedData, digest, ASN1_OCTET_STRING)
+} ASN1_NDEF_SEQUENCE_END(CMS_DigestedData)
+
+ASN1_NDEF_SEQUENCE(CMS_EncryptedData) = {
+        ASN1_EMBED(CMS_EncryptedData, version, INT32),
+        ASN1_SIMPLE(CMS_EncryptedData, encryptedContentInfo, CMS_EncryptedContentInfo),
+        ASN1_IMP_SET_OF_OPT(CMS_EncryptedData, unprotectedAttrs, X509_ATTRIBUTE, 1)
+} ASN1_NDEF_SEQUENCE_END(CMS_EncryptedData)
+
+ASN1_NDEF_SEQUENCE(CMS_AuthenticatedData) = {
+        ASN1_EMBED(CMS_AuthenticatedData, version, INT32),
+        ASN1_IMP_OPT(CMS_AuthenticatedData, originatorInfo, CMS_OriginatorInfo, 0),
+        ASN1_SET_OF(CMS_AuthenticatedData, recipientInfos, CMS_RecipientInfo),
+        ASN1_SIMPLE(CMS_AuthenticatedData, macAlgorithm, X509_ALGOR),
+        ASN1_IMP(CMS_AuthenticatedData, digestAlgorithm, X509_ALGOR, 1),
+        ASN1_SIMPLE(CMS_AuthenticatedData, encapContentInfo, CMS_EncapsulatedContentInfo),
+        ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, authAttrs, X509_ALGOR, 2),
+        ASN1_SIMPLE(CMS_AuthenticatedData, mac, ASN1_OCTET_STRING),
+        ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, unauthAttrs, X509_ALGOR, 3)
+} static_ASN1_NDEF_SEQUENCE_END(CMS_AuthenticatedData)
+
+ASN1_NDEF_SEQUENCE(CMS_CompressedData) = {
+        ASN1_EMBED(CMS_CompressedData, version, INT32),
+        ASN1_SIMPLE(CMS_CompressedData, compressionAlgorithm, X509_ALGOR),
+        ASN1_SIMPLE(CMS_CompressedData, encapContentInfo, CMS_EncapsulatedContentInfo),
+} ASN1_NDEF_SEQUENCE_END(CMS_CompressedData)
+
+/* This is the ANY DEFINED BY table for the top level ContentInfo structure */
+
+ASN1_ADB_TEMPLATE(cms_default) = ASN1_EXP(CMS_ContentInfo, d.other, ASN1_ANY, 0);
+
+ASN1_ADB(CMS_ContentInfo) = {
+        ADB_ENTRY(NID_pkcs7_data, ASN1_NDEF_EXP(CMS_ContentInfo, d.data, ASN1_OCTET_STRING_NDEF, 0)),
+        ADB_ENTRY(NID_pkcs7_signed, ASN1_NDEF_EXP(CMS_ContentInfo, d.signedData, CMS_SignedData, 0)),
+        ADB_ENTRY(NID_pkcs7_enveloped, ASN1_NDEF_EXP(CMS_ContentInfo, d.envelopedData, CMS_EnvelopedData, 0)),
+        ADB_ENTRY(NID_pkcs7_digest, ASN1_NDEF_EXP(CMS_ContentInfo, d.digestedData, CMS_DigestedData, 0)),
+        ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP(CMS_ContentInfo, d.encryptedData, CMS_EncryptedData, 0)),
+        ADB_ENTRY(NID_id_smime_ct_authData, ASN1_NDEF_EXP(CMS_ContentInfo, d.authenticatedData, CMS_AuthenticatedData, 0)),
+        ADB_ENTRY(NID_id_smime_ct_compressedData, ASN1_NDEF_EXP(CMS_ContentInfo, d.compressedData, CMS_CompressedData, 0)),
+} ASN1_ADB_END(CMS_ContentInfo, 0, contentType, 0, &cms_default_tt, NULL);
+
+/* CMS streaming support */
+static int cms_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                  void *exarg)
+{
+    ASN1_STREAM_ARG *sarg = exarg;
+    CMS_ContentInfo *cms = NULL;
+    if (pval)
+        cms = (CMS_ContentInfo *)*pval;
+    else
+        return 1;
+    switch (operation) {
+
+    case ASN1_OP_STREAM_PRE:
+        if (CMS_stream(&sarg->boundary, cms) <= 0)
+            return 0;
+        /* fall thru */
+    case ASN1_OP_DETACHED_PRE:
+        sarg->ndef_bio = CMS_dataInit(cms, sarg->out);
+        if (!sarg->ndef_bio)
+            return 0;
+        break;
+
+    case ASN1_OP_STREAM_POST:
+    case ASN1_OP_DETACHED_POST:
+        if (CMS_dataFinal(cms, sarg->ndef_bio) <= 0)
+            return 0;
+        break;
+
+    }
+    return 1;
+}
+
+ASN1_NDEF_SEQUENCE_cb(CMS_ContentInfo, cms_cb) = {
+        ASN1_SIMPLE(CMS_ContentInfo, contentType, ASN1_OBJECT),
+        ASN1_ADB_OBJECT(CMS_ContentInfo)
+} ASN1_NDEF_SEQUENCE_END_cb(CMS_ContentInfo, CMS_ContentInfo)
+
+/* Specials for signed attributes */
+
+/*
+ * When signing attributes we want to reorder them to match the sorted
+ * encoding.
+ */
+
+ASN1_ITEM_TEMPLATE(CMS_Attributes_Sign) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, CMS_ATTRIBUTES, X509_ATTRIBUTE)
+ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Sign)
+
+/*
+ * When verifying attributes we need to use the received order. So we use
+ * SEQUENCE OF and tag it to SET OF
+ */
+
+ASN1_ITEM_TEMPLATE(CMS_Attributes_Verify) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL,
+                                V_ASN1_SET, CMS_ATTRIBUTES, X509_ATTRIBUTE)
+ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Verify)
+
+
+
+ASN1_CHOICE(CMS_ReceiptsFrom) = {
+  ASN1_IMP_EMBED(CMS_ReceiptsFrom, d.allOrFirstTier, INT32, 0),
+  ASN1_IMP_SEQUENCE_OF(CMS_ReceiptsFrom, d.receiptList, GENERAL_NAMES, 1)
+} static_ASN1_CHOICE_END(CMS_ReceiptsFrom)
+
+ASN1_SEQUENCE(CMS_ReceiptRequest) = {
+  ASN1_SIMPLE(CMS_ReceiptRequest, signedContentIdentifier, ASN1_OCTET_STRING),
+  ASN1_SIMPLE(CMS_ReceiptRequest, receiptsFrom, CMS_ReceiptsFrom),
+  ASN1_SEQUENCE_OF(CMS_ReceiptRequest, receiptsTo, GENERAL_NAMES)
+} ASN1_SEQUENCE_END(CMS_ReceiptRequest)
+
+ASN1_SEQUENCE(CMS_Receipt) = {
+  ASN1_EMBED(CMS_Receipt, version, INT32),
+  ASN1_SIMPLE(CMS_Receipt, contentType, ASN1_OBJECT),
+  ASN1_SIMPLE(CMS_Receipt, signedContentIdentifier, ASN1_OCTET_STRING),
+  ASN1_SIMPLE(CMS_Receipt, originatorSignatureValue, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(CMS_Receipt)
+
+/*
+ * Utilities to encode the CMS_SharedInfo structure used during key
+ * derivation.
+ */
+
+typedef struct {
+    X509_ALGOR *keyInfo;
+    ASN1_OCTET_STRING *entityUInfo;
+    ASN1_OCTET_STRING *suppPubInfo;
+} CMS_SharedInfo;
+
+ASN1_SEQUENCE(CMS_SharedInfo) = {
+  ASN1_SIMPLE(CMS_SharedInfo, keyInfo, X509_ALGOR),
+  ASN1_EXP_OPT(CMS_SharedInfo, entityUInfo, ASN1_OCTET_STRING, 0),
+  ASN1_EXP_OPT(CMS_SharedInfo, suppPubInfo, ASN1_OCTET_STRING, 2),
+} static_ASN1_SEQUENCE_END(CMS_SharedInfo)
+
+int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg,
+                          ASN1_OCTET_STRING *ukm, int keylen)
+{
+    union {
+        CMS_SharedInfo *pecsi;
+        ASN1_VALUE *a;
+    } intsi = {
+        NULL
+    };
+
+    ASN1_OCTET_STRING oklen;
+    unsigned char kl[4];
+    CMS_SharedInfo ecsi;
+
+    keylen <<= 3;
+    kl[0] = (keylen >> 24) & 0xff;
+    kl[1] = (keylen >> 16) & 0xff;
+    kl[2] = (keylen >> 8) & 0xff;
+    kl[3] = keylen & 0xff;
+    oklen.length = 4;
+    oklen.data = kl;
+    oklen.type = V_ASN1_OCTET_STRING;
+    oklen.flags = 0;
+    ecsi.keyInfo = kekalg;
+    ecsi.entityUInfo = ukm;
+    ecsi.suppPubInfo = &oklen;
+    intsi.pecsi = &ecsi;
+    return ASN1_item_i2d(intsi.a, pder, ASN1_ITEM_rptr(CMS_SharedInfo));
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_att.c b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_att.c
new file mode 100644
index 000000000..664e64971
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_att.c
@@ -0,0 +1,152 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include "cms_lcl.h"
+
+/* CMS SignedData Attribute utilities */
+
+int CMS_signed_get_attr_count(const CMS_SignerInfo *si)
+{
+    return X509at_get_attr_count(si->signedAttrs);
+}
+
+int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, int lastpos)
+{
+    return X509at_get_attr_by_NID(si->signedAttrs, nid, lastpos);
+}
+
+int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, const ASN1_OBJECT *obj,
+                               int lastpos)
+{
+    return X509at_get_attr_by_OBJ(si->signedAttrs, obj, lastpos);
+}
+
+X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc)
+{
+    return X509at_get_attr(si->signedAttrs, loc);
+}
+
+X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc)
+{
+    return X509at_delete_attr(si->signedAttrs, loc);
+}
+
+int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr)
+{
+    if (X509at_add1_attr(&si->signedAttrs, attr))
+        return 1;
+    return 0;
+}
+
+int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si,
+                                const ASN1_OBJECT *obj, int type,
+                                const void *bytes, int len)
+{
+    if (X509at_add1_attr_by_OBJ(&si->signedAttrs, obj, type, bytes, len))
+        return 1;
+    return 0;
+}
+
+int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si,
+                                int nid, int type, const void *bytes, int len)
+{
+    if (X509at_add1_attr_by_NID(&si->signedAttrs, nid, type, bytes, len))
+        return 1;
+    return 0;
+}
+
+int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si,
+                                const char *attrname, int type,
+                                const void *bytes, int len)
+{
+    if (X509at_add1_attr_by_txt(&si->signedAttrs, attrname, type, bytes, len))
+        return 1;
+    return 0;
+}
+
+void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *oid,
+                                  int lastpos, int type)
+{
+    return X509at_get0_data_by_OBJ(si->signedAttrs, oid, lastpos, type);
+}
+
+int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si)
+{
+    return X509at_get_attr_count(si->unsignedAttrs);
+}
+
+int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
+                                 int lastpos)
+{
+    return X509at_get_attr_by_NID(si->unsignedAttrs, nid, lastpos);
+}
+
+int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si,
+                                 const ASN1_OBJECT *obj, int lastpos)
+{
+    return X509at_get_attr_by_OBJ(si->unsignedAttrs, obj, lastpos);
+}
+
+X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc)
+{
+    return X509at_get_attr(si->unsignedAttrs, loc);
+}
+
+X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc)
+{
+    return X509at_delete_attr(si->unsignedAttrs, loc);
+}
+
+int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr)
+{
+    if (X509at_add1_attr(&si->unsignedAttrs, attr))
+        return 1;
+    return 0;
+}
+
+int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si,
+                                  const ASN1_OBJECT *obj, int type,
+                                  const void *bytes, int len)
+{
+    if (X509at_add1_attr_by_OBJ(&si->unsignedAttrs, obj, type, bytes, len))
+        return 1;
+    return 0;
+}
+
+int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si,
+                                  int nid, int type,
+                                  const void *bytes, int len)
+{
+    if (X509at_add1_attr_by_NID(&si->unsignedAttrs, nid, type, bytes, len))
+        return 1;
+    return 0;
+}
+
+int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si,
+                                  const char *attrname, int type,
+                                  const void *bytes, int len)
+{
+    if (X509at_add1_attr_by_txt(&si->unsignedAttrs, attrname,
+                                type, bytes, len))
+        return 1;
+    return 0;
+}
+
+void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
+                                    int lastpos, int type)
+{
+    return X509at_get0_data_by_OBJ(si->unsignedAttrs, oid, lastpos, type);
+}
+
+/* Specific attribute cases */
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_cd.c b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_cd.c
new file mode 100644
index 000000000..f05e30841
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_cd.c
@@ -0,0 +1,82 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include <openssl/bio.h>
+#include <openssl/comp.h>
+#include "cms_lcl.h"
+
+#ifdef ZLIB
+
+/* CMS CompressedData Utilities */
+
+CMS_ContentInfo *cms_CompressedData_create(int comp_nid)
+{
+    CMS_ContentInfo *cms;
+    CMS_CompressedData *cd;
+    /*
+     * Will need something cleverer if there is ever more than one
+     * compression algorithm or parameters have some meaning...
+     */
+    if (comp_nid != NID_zlib_compression) {
+        CMSerr(CMS_F_CMS_COMPRESSEDDATA_CREATE,
+               CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
+        return NULL;
+    }
+    cms = CMS_ContentInfo_new();
+    if (cms == NULL)
+        return NULL;
+
+    cd = M_ASN1_new_of(CMS_CompressedData);
+
+    if (cd == NULL)
+        goto err;
+
+    cms->contentType = OBJ_nid2obj(NID_id_smime_ct_compressedData);
+    cms->d.compressedData = cd;
+
+    cd->version = 0;
+
+    X509_ALGOR_set0(cd->compressionAlgorithm,
+                    OBJ_nid2obj(NID_zlib_compression), V_ASN1_UNDEF, NULL);
+
+    cd->encapContentInfo->eContentType = OBJ_nid2obj(NID_pkcs7_data);
+
+    return cms;
+
+ err:
+    CMS_ContentInfo_free(cms);
+    return NULL;
+}
+
+BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms)
+{
+    CMS_CompressedData *cd;
+    const ASN1_OBJECT *compoid;
+    if (OBJ_obj2nid(cms->contentType) != NID_id_smime_ct_compressedData) {
+        CMSerr(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO,
+               CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA);
+        return NULL;
+    }
+    cd = cms->d.compressedData;
+    X509_ALGOR_get0(&compoid, NULL, NULL, cd->compressionAlgorithm);
+    if (OBJ_obj2nid(compoid) != NID_zlib_compression) {
+        CMSerr(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO,
+               CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
+        return NULL;
+    }
+    return BIO_new(BIO_f_zlib());
+}
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_dd.c b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_dd.c
new file mode 100644
index 000000000..5da6802fc
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_dd.c
@@ -0,0 +1,99 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include "cms_lcl.h"
+
+/* CMS DigestedData Utilities */
+
+CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md)
+{
+    CMS_ContentInfo *cms;
+    CMS_DigestedData *dd;
+    cms = CMS_ContentInfo_new();
+    if (cms == NULL)
+        return NULL;
+
+    dd = M_ASN1_new_of(CMS_DigestedData);
+
+    if (dd == NULL)
+        goto err;
+
+    cms->contentType = OBJ_nid2obj(NID_pkcs7_digest);
+    cms->d.digestedData = dd;
+
+    dd->version = 0;
+    dd->encapContentInfo->eContentType = OBJ_nid2obj(NID_pkcs7_data);
+
+    X509_ALGOR_set_md(dd->digestAlgorithm, md);
+
+    return cms;
+
+ err:
+    CMS_ContentInfo_free(cms);
+    return NULL;
+}
+
+BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms)
+{
+    CMS_DigestedData *dd;
+    dd = cms->d.digestedData;
+    return cms_DigestAlgorithm_init_bio(dd->digestAlgorithm);
+}
+
+int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify)
+{
+    EVP_MD_CTX *mctx = EVP_MD_CTX_new();
+    unsigned char md[EVP_MAX_MD_SIZE];
+    unsigned int mdlen;
+    int r = 0;
+    CMS_DigestedData *dd;
+
+    if (mctx == NULL) {
+        CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    dd = cms->d.digestedData;
+
+    if (!cms_DigestAlgorithm_find_ctx(mctx, chain, dd->digestAlgorithm))
+        goto err;
+
+    if (EVP_DigestFinal_ex(mctx, md, &mdlen) <= 0)
+        goto err;
+
+    if (verify) {
+        if (mdlen != (unsigned int)dd->digest->length) {
+            CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL,
+                   CMS_R_MESSAGEDIGEST_WRONG_LENGTH);
+            goto err;
+        }
+
+        if (memcmp(md, dd->digest->data, mdlen))
+            CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL,
+                   CMS_R_VERIFICATION_FAILURE);
+        else
+            r = 1;
+    } else {
+        if (!ASN1_STRING_set(dd->digest, md, mdlen))
+            goto err;
+        r = 1;
+    }
+
+ err:
+    EVP_MD_CTX_free(mctx);
+
+    return r;
+
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_enc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_enc.c
new file mode 100644
index 000000000..a1719830e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_enc.c
@@ -0,0 +1,213 @@
+/*
+ * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include <openssl/rand.h>
+#include "cms_lcl.h"
+
+/* CMS EncryptedData Utilities */
+
+/* Return BIO based on EncryptedContentInfo and key */
+
+BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
+{
+    BIO *b;
+    EVP_CIPHER_CTX *ctx;
+    const EVP_CIPHER *ciph;
+    X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
+    unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL;
+    unsigned char *tkey = NULL;
+    size_t tkeylen = 0;
+
+    int ok = 0;
+
+    int enc, keep_key = 0;
+
+    enc = ec->cipher ? 1 : 0;
+
+    b = BIO_new(BIO_f_cipher());
+    if (b == NULL) {
+        CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    BIO_get_cipher_ctx(b, &ctx);
+
+    if (enc) {
+        ciph = ec->cipher;
+        /*
+         * If not keeping key set cipher to NULL so subsequent calls decrypt.
+         */
+        if (ec->key)
+            ec->cipher = NULL;
+    } else {
+        ciph = EVP_get_cipherbyobj(calg->algorithm);
+
+        if (!ciph) {
+            CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, CMS_R_UNKNOWN_CIPHER);
+            goto err;
+        }
+    }
+
+    if (EVP_CipherInit_ex(ctx, ciph, NULL, NULL, NULL, enc) <= 0) {
+        CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+               CMS_R_CIPHER_INITIALISATION_ERROR);
+        goto err;
+    }
+
+    if (enc) {
+        int ivlen;
+        calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx));
+        /* Generate a random IV if we need one */
+        ivlen = EVP_CIPHER_CTX_iv_length(ctx);
+        if (ivlen > 0) {
+            if (RAND_bytes(iv, ivlen) <= 0)
+                goto err;
+            piv = iv;
+        }
+    } else if (EVP_CIPHER_asn1_to_param(ctx, calg->parameter) <= 0) {
+        CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+               CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
+        goto err;
+    }
+    tkeylen = EVP_CIPHER_CTX_key_length(ctx);
+    /* Generate random session key */
+    if (!enc || !ec->key) {
+        tkey = OPENSSL_malloc(tkeylen);
+        if (tkey == NULL) {
+            CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (EVP_CIPHER_CTX_rand_key(ctx, tkey) <= 0)
+            goto err;
+    }
+
+    if (!ec->key) {
+        ec->key = tkey;
+        ec->keylen = tkeylen;
+        tkey = NULL;
+        if (enc)
+            keep_key = 1;
+        else
+            ERR_clear_error();
+
+    }
+
+    if (ec->keylen != tkeylen) {
+        /* If necessary set key length */
+        if (EVP_CIPHER_CTX_set_key_length(ctx, ec->keylen) <= 0) {
+            /*
+             * Only reveal failure if debugging so we don't leak information
+             * which may be useful in MMA.
+             */
+            if (enc || ec->debug) {
+                CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+                       CMS_R_INVALID_KEY_LENGTH);
+                goto err;
+            } else {
+                /* Use random key */
+                OPENSSL_clear_free(ec->key, ec->keylen);
+                ec->key = tkey;
+                ec->keylen = tkeylen;
+                tkey = NULL;
+                ERR_clear_error();
+            }
+        }
+    }
+
+    if (EVP_CipherInit_ex(ctx, NULL, NULL, ec->key, piv, enc) <= 0) {
+        CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+               CMS_R_CIPHER_INITIALISATION_ERROR);
+        goto err;
+    }
+    if (enc) {
+        calg->parameter = ASN1_TYPE_new();
+        if (calg->parameter == NULL) {
+            CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (EVP_CIPHER_param_to_asn1(ctx, calg->parameter) <= 0) {
+            CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+                   CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
+            goto err;
+        }
+        /* If parameter type not set omit parameter */
+        if (calg->parameter->type == V_ASN1_UNDEF) {
+            ASN1_TYPE_free(calg->parameter);
+            calg->parameter = NULL;
+        }
+    }
+    ok = 1;
+
+ err:
+    if (!keep_key || !ok) {
+        OPENSSL_clear_free(ec->key, ec->keylen);
+        ec->key = NULL;
+    }
+    OPENSSL_clear_free(tkey, tkeylen);
+    if (ok)
+        return b;
+    BIO_free(b);
+    return NULL;
+}
+
+int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec,
+                              const EVP_CIPHER *cipher,
+                              const unsigned char *key, size_t keylen)
+{
+    ec->cipher = cipher;
+    if (key) {
+        if ((ec->key = OPENSSL_malloc(keylen)) == NULL) {
+            CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        memcpy(ec->key, key, keylen);
+    }
+    ec->keylen = keylen;
+    if (cipher)
+        ec->contentType = OBJ_nid2obj(NID_pkcs7_data);
+    return 1;
+}
+
+int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
+                               const unsigned char *key, size_t keylen)
+{
+    CMS_EncryptedContentInfo *ec;
+    if (!key || !keylen) {
+        CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, CMS_R_NO_KEY);
+        return 0;
+    }
+    if (ciph) {
+        cms->d.encryptedData = M_ASN1_new_of(CMS_EncryptedData);
+        if (!cms->d.encryptedData) {
+            CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        cms->contentType = OBJ_nid2obj(NID_pkcs7_encrypted);
+        cms->d.encryptedData->version = 0;
+    } else if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_encrypted) {
+        CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, CMS_R_NOT_ENCRYPTED_DATA);
+        return 0;
+    }
+    ec = cms->d.encryptedData->encryptedContentInfo;
+    return cms_EncryptedContent_init(ec, ciph, key, keylen);
+}
+
+BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms)
+{
+    CMS_EncryptedData *enc = cms->d.encryptedData;
+    if (enc->encryptedContentInfo->cipher && enc->unprotectedAttrs)
+        enc->version = 2;
+    return cms_EncryptedContent_init_bio(enc->encryptedContentInfo);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_env.c b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_env.c
new file mode 100644
index 000000000..bb95af75e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_env.c
@@ -0,0 +1,903 @@
+/*
+ * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include <openssl/aes.h>
+#include "cms_lcl.h"
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
+
+/* CMS EnvelopedData Utilities */
+
+CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms)
+{
+    if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped) {
+        CMSerr(CMS_F_CMS_GET0_ENVELOPED,
+               CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA);
+        return NULL;
+    }
+    return cms->d.envelopedData;
+}
+
+static CMS_EnvelopedData *cms_enveloped_data_init(CMS_ContentInfo *cms)
+{
+    if (cms->d.other == NULL) {
+        cms->d.envelopedData = M_ASN1_new_of(CMS_EnvelopedData);
+        if (!cms->d.envelopedData) {
+            CMSerr(CMS_F_CMS_ENVELOPED_DATA_INIT, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+        cms->d.envelopedData->version = 0;
+        cms->d.envelopedData->encryptedContentInfo->contentType =
+            OBJ_nid2obj(NID_pkcs7_data);
+        ASN1_OBJECT_free(cms->contentType);
+        cms->contentType = OBJ_nid2obj(NID_pkcs7_enveloped);
+        return cms->d.envelopedData;
+    }
+    return cms_get0_enveloped(cms);
+}
+
+int cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd)
+{
+    EVP_PKEY *pkey;
+    int i;
+    if (ri->type == CMS_RECIPINFO_TRANS)
+        pkey = ri->d.ktri->pkey;
+    else if (ri->type == CMS_RECIPINFO_AGREE) {
+        EVP_PKEY_CTX *pctx = ri->d.kari->pctx;
+        if (!pctx)
+            return 0;
+        pkey = EVP_PKEY_CTX_get0_pkey(pctx);
+        if (!pkey)
+            return 0;
+    } else
+        return 0;
+    if (!pkey->ameth || !pkey->ameth->pkey_ctrl)
+        return 1;
+    i = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_CMS_ENVELOPE, cmd, ri);
+    if (i == -2) {
+        CMSerr(CMS_F_CMS_ENV_ASN1_CTRL,
+               CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+        return 0;
+    }
+    if (i <= 0) {
+        CMSerr(CMS_F_CMS_ENV_ASN1_CTRL, CMS_R_CTRL_FAILURE);
+        return 0;
+    }
+    return 1;
+}
+
+STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms)
+{
+    CMS_EnvelopedData *env;
+    env = cms_get0_enveloped(cms);
+    if (!env)
+        return NULL;
+    return env->recipientInfos;
+}
+
+int CMS_RecipientInfo_type(CMS_RecipientInfo *ri)
+{
+    return ri->type;
+}
+
+EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri)
+{
+    if (ri->type == CMS_RECIPINFO_TRANS)
+        return ri->d.ktri->pctx;
+    else if (ri->type == CMS_RECIPINFO_AGREE)
+        return ri->d.kari->pctx;
+    return NULL;
+}
+
+CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher)
+{
+    CMS_ContentInfo *cms;
+    CMS_EnvelopedData *env;
+    cms = CMS_ContentInfo_new();
+    if (cms == NULL)
+        goto merr;
+    env = cms_enveloped_data_init(cms);
+    if (env == NULL)
+        goto merr;
+    if (!cms_EncryptedContent_init(env->encryptedContentInfo,
+                                   cipher, NULL, 0))
+        goto merr;
+    return cms;
+ merr:
+    CMS_ContentInfo_free(cms);
+    CMSerr(CMS_F_CMS_ENVELOPEDDATA_CREATE, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+/* Key Transport Recipient Info (KTRI) routines */
+
+/* Initialise a ktri based on passed certificate and key */
+
+static int cms_RecipientInfo_ktri_init(CMS_RecipientInfo *ri, X509 *recip,
+                                       EVP_PKEY *pk, unsigned int flags)
+{
+    CMS_KeyTransRecipientInfo *ktri;
+    int idtype;
+
+    ri->d.ktri = M_ASN1_new_of(CMS_KeyTransRecipientInfo);
+    if (!ri->d.ktri)
+        return 0;
+    ri->type = CMS_RECIPINFO_TRANS;
+
+    ktri = ri->d.ktri;
+
+    if (flags & CMS_USE_KEYID) {
+        ktri->version = 2;
+        idtype = CMS_RECIPINFO_KEYIDENTIFIER;
+    } else {
+        ktri->version = 0;
+        idtype = CMS_RECIPINFO_ISSUER_SERIAL;
+    }
+
+    /*
+     * Not a typo: RecipientIdentifier and SignerIdentifier are the same
+     * structure.
+     */
+
+    if (!cms_set1_SignerIdentifier(ktri->rid, recip, idtype))
+        return 0;
+
+    X509_up_ref(recip);
+    EVP_PKEY_up_ref(pk);
+
+    ktri->pkey = pk;
+    ktri->recip = recip;
+
+    if (flags & CMS_KEY_PARAM) {
+        ktri->pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL);
+        if (ktri->pctx == NULL)
+            return 0;
+        if (EVP_PKEY_encrypt_init(ktri->pctx) <= 0)
+            return 0;
+    } else if (!cms_env_asn1_ctrl(ri, 0))
+        return 0;
+    return 1;
+}
+
+/*
+ * Add a recipient certificate using appropriate type of RecipientInfo
+ */
+
+CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
+                                           X509 *recip, unsigned int flags)
+{
+    CMS_RecipientInfo *ri = NULL;
+    CMS_EnvelopedData *env;
+    EVP_PKEY *pk = NULL;
+    env = cms_get0_enveloped(cms);
+    if (!env)
+        goto err;
+
+    /* Initialize recipient info */
+    ri = M_ASN1_new_of(CMS_RecipientInfo);
+    if (!ri)
+        goto merr;
+
+    pk = X509_get0_pubkey(recip);
+    if (!pk) {
+        CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, CMS_R_ERROR_GETTING_PUBLIC_KEY);
+        goto err;
+    }
+
+    switch (cms_pkey_get_ri_type(pk)) {
+
+    case CMS_RECIPINFO_TRANS:
+        if (!cms_RecipientInfo_ktri_init(ri, recip, pk, flags))
+            goto err;
+        break;
+
+    case CMS_RECIPINFO_AGREE:
+        if (!cms_RecipientInfo_kari_init(ri, recip, pk, flags))
+            goto err;
+        break;
+
+    default:
+        CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
+               CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+        goto err;
+
+    }
+
+    if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
+        goto merr;
+
+    return ri;
+
+ merr:
+    CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, ERR_R_MALLOC_FAILURE);
+ err:
+    M_ASN1_free_of(ri, CMS_RecipientInfo);
+    return NULL;
+
+}
+
+int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
+                                     EVP_PKEY **pk, X509 **recip,
+                                     X509_ALGOR **palg)
+{
+    CMS_KeyTransRecipientInfo *ktri;
+    if (ri->type != CMS_RECIPINFO_TRANS) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS,
+               CMS_R_NOT_KEY_TRANSPORT);
+        return 0;
+    }
+
+    ktri = ri->d.ktri;
+
+    if (pk)
+        *pk = ktri->pkey;
+    if (recip)
+        *recip = ktri->recip;
+    if (palg)
+        *palg = ktri->keyEncryptionAlgorithm;
+    return 1;
+}
+
+int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
+                                          ASN1_OCTET_STRING **keyid,
+                                          X509_NAME **issuer,
+                                          ASN1_INTEGER **sno)
+{
+    CMS_KeyTransRecipientInfo *ktri;
+    if (ri->type != CMS_RECIPINFO_TRANS) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID,
+               CMS_R_NOT_KEY_TRANSPORT);
+        return 0;
+    }
+    ktri = ri->d.ktri;
+
+    return cms_SignerIdentifier_get0_signer_id(ktri->rid, keyid, issuer, sno);
+}
+
+int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert)
+{
+    if (ri->type != CMS_RECIPINFO_TRANS) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP,
+               CMS_R_NOT_KEY_TRANSPORT);
+        return -2;
+    }
+    return cms_SignerIdentifier_cert_cmp(ri->d.ktri->rid, cert);
+}
+
+int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey)
+{
+    if (ri->type != CMS_RECIPINFO_TRANS) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY, CMS_R_NOT_KEY_TRANSPORT);
+        return 0;
+    }
+    EVP_PKEY_free(ri->d.ktri->pkey);
+    ri->d.ktri->pkey = pkey;
+    return 1;
+}
+
+/* Encrypt content key in key transport recipient info */
+
+static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
+                                          CMS_RecipientInfo *ri)
+{
+    CMS_KeyTransRecipientInfo *ktri;
+    CMS_EncryptedContentInfo *ec;
+    EVP_PKEY_CTX *pctx;
+    unsigned char *ek = NULL;
+    size_t eklen;
+
+    int ret = 0;
+
+    if (ri->type != CMS_RECIPINFO_TRANS) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, CMS_R_NOT_KEY_TRANSPORT);
+        return 0;
+    }
+    ktri = ri->d.ktri;
+    ec = cms->d.envelopedData->encryptedContentInfo;
+
+    pctx = ktri->pctx;
+
+    if (pctx) {
+        if (!cms_env_asn1_ctrl(ri, 0))
+            goto err;
+    } else {
+        pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL);
+        if (pctx == NULL)
+            return 0;
+
+        if (EVP_PKEY_encrypt_init(pctx) <= 0)
+            goto err;
+    }
+
+    if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT,
+                          EVP_PKEY_CTRL_CMS_ENCRYPT, 0, ri) <= 0) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, CMS_R_CTRL_ERROR);
+        goto err;
+    }
+
+    if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0)
+        goto err;
+
+    ek = OPENSSL_malloc(eklen);
+
+    if (ek == NULL) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (EVP_PKEY_encrypt(pctx, ek, &eklen, ec->key, ec->keylen) <= 0)
+        goto err;
+
+    ASN1_STRING_set0(ktri->encryptedKey, ek, eklen);
+    ek = NULL;
+
+    ret = 1;
+
+ err:
+    EVP_PKEY_CTX_free(pctx);
+    ktri->pctx = NULL;
+    OPENSSL_free(ek);
+    return ret;
+
+}
+
+/* Decrypt content key from KTRI */
+
+static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
+                                          CMS_RecipientInfo *ri)
+{
+    CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
+    EVP_PKEY *pkey = ktri->pkey;
+    unsigned char *ek = NULL;
+    size_t eklen;
+    int ret = 0;
+    CMS_EncryptedContentInfo *ec;
+    ec = cms->d.envelopedData->encryptedContentInfo;
+
+    if (ktri->pkey == NULL) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_NO_PRIVATE_KEY);
+        return 0;
+    }
+
+    ktri->pctx = EVP_PKEY_CTX_new(pkey, NULL);
+    if (ktri->pctx == NULL)
+        return 0;
+
+    if (EVP_PKEY_decrypt_init(ktri->pctx) <= 0)
+        goto err;
+
+    if (!cms_env_asn1_ctrl(ri, 1))
+        goto err;
+
+    if (EVP_PKEY_CTX_ctrl(ktri->pctx, -1, EVP_PKEY_OP_DECRYPT,
+                          EVP_PKEY_CTRL_CMS_DECRYPT, 0, ri) <= 0) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CTRL_ERROR);
+        goto err;
+    }
+
+    if (EVP_PKEY_decrypt(ktri->pctx, NULL, &eklen,
+                         ktri->encryptedKey->data,
+                         ktri->encryptedKey->length) <= 0)
+        goto err;
+
+    ek = OPENSSL_malloc(eklen);
+
+    if (ek == NULL) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (EVP_PKEY_decrypt(ktri->pctx, ek, &eklen,
+                         ktri->encryptedKey->data,
+                         ktri->encryptedKey->length) <= 0) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CMS_LIB);
+        goto err;
+    }
+
+    ret = 1;
+
+    OPENSSL_clear_free(ec->key, ec->keylen);
+    ec->key = ek;
+    ec->keylen = eklen;
+
+ err:
+    EVP_PKEY_CTX_free(ktri->pctx);
+    ktri->pctx = NULL;
+    if (!ret)
+        OPENSSL_free(ek);
+
+    return ret;
+}
+
+/* Key Encrypted Key (KEK) RecipientInfo routines */
+
+int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
+                                   const unsigned char *id, size_t idlen)
+{
+    ASN1_OCTET_STRING tmp_os;
+    CMS_KEKRecipientInfo *kekri;
+    if (ri->type != CMS_RECIPINFO_KEK) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP, CMS_R_NOT_KEK);
+        return -2;
+    }
+    kekri = ri->d.kekri;
+    tmp_os.type = V_ASN1_OCTET_STRING;
+    tmp_os.flags = 0;
+    tmp_os.data = (unsigned char *)id;
+    tmp_os.length = (int)idlen;
+    return ASN1_OCTET_STRING_cmp(&tmp_os, kekri->kekid->keyIdentifier);
+}
+
+/* For now hard code AES key wrap info */
+
+static size_t aes_wrap_keylen(int nid)
+{
+    switch (nid) {
+    case NID_id_aes128_wrap:
+        return 16;
+
+    case NID_id_aes192_wrap:
+        return 24;
+
+    case NID_id_aes256_wrap:
+        return 32;
+
+    default:
+        return 0;
+    }
+}
+
+CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
+                                          unsigned char *key, size_t keylen,
+                                          unsigned char *id, size_t idlen,
+                                          ASN1_GENERALIZEDTIME *date,
+                                          ASN1_OBJECT *otherTypeId,
+                                          ASN1_TYPE *otherType)
+{
+    CMS_RecipientInfo *ri = NULL;
+    CMS_EnvelopedData *env;
+    CMS_KEKRecipientInfo *kekri;
+    env = cms_get0_enveloped(cms);
+    if (!env)
+        goto err;
+
+    if (nid == NID_undef) {
+        switch (keylen) {
+        case 16:
+            nid = NID_id_aes128_wrap;
+            break;
+
+        case 24:
+            nid = NID_id_aes192_wrap;
+            break;
+
+        case 32:
+            nid = NID_id_aes256_wrap;
+            break;
+
+        default:
+            CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, CMS_R_INVALID_KEY_LENGTH);
+            goto err;
+        }
+
+    } else {
+
+        size_t exp_keylen = aes_wrap_keylen(nid);
+
+        if (!exp_keylen) {
+            CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY,
+                   CMS_R_UNSUPPORTED_KEK_ALGORITHM);
+            goto err;
+        }
+
+        if (keylen != exp_keylen) {
+            CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, CMS_R_INVALID_KEY_LENGTH);
+            goto err;
+        }
+
+    }
+
+    /* Initialize recipient info */
+    ri = M_ASN1_new_of(CMS_RecipientInfo);
+    if (!ri)
+        goto merr;
+
+    ri->d.kekri = M_ASN1_new_of(CMS_KEKRecipientInfo);
+    if (!ri->d.kekri)
+        goto merr;
+    ri->type = CMS_RECIPINFO_KEK;
+
+    kekri = ri->d.kekri;
+
+    if (otherTypeId) {
+        kekri->kekid->other = M_ASN1_new_of(CMS_OtherKeyAttribute);
+        if (kekri->kekid->other == NULL)
+            goto merr;
+    }
+
+    if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
+        goto merr;
+
+    /* After this point no calls can fail */
+
+    kekri->version = 4;
+
+    kekri->key = key;
+    kekri->keylen = keylen;
+
+    ASN1_STRING_set0(kekri->kekid->keyIdentifier, id, idlen);
+
+    kekri->kekid->date = date;
+
+    if (kekri->kekid->other) {
+        kekri->kekid->other->keyAttrId = otherTypeId;
+        kekri->kekid->other->keyAttr = otherType;
+    }
+
+    X509_ALGOR_set0(kekri->keyEncryptionAlgorithm,
+                    OBJ_nid2obj(nid), V_ASN1_UNDEF, NULL);
+
+    return ri;
+
+ merr:
+    CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, ERR_R_MALLOC_FAILURE);
+ err:
+    M_ASN1_free_of(ri, CMS_RecipientInfo);
+    return NULL;
+
+}
+
+int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
+                                    X509_ALGOR **palg,
+                                    ASN1_OCTET_STRING **pid,
+                                    ASN1_GENERALIZEDTIME **pdate,
+                                    ASN1_OBJECT **potherid,
+                                    ASN1_TYPE **pothertype)
+{
+    CMS_KEKIdentifier *rkid;
+    if (ri->type != CMS_RECIPINFO_KEK) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID, CMS_R_NOT_KEK);
+        return 0;
+    }
+    rkid = ri->d.kekri->kekid;
+    if (palg)
+        *palg = ri->d.kekri->keyEncryptionAlgorithm;
+    if (pid)
+        *pid = rkid->keyIdentifier;
+    if (pdate)
+        *pdate = rkid->date;
+    if (potherid) {
+        if (rkid->other)
+            *potherid = rkid->other->keyAttrId;
+        else
+            *potherid = NULL;
+    }
+    if (pothertype) {
+        if (rkid->other)
+            *pothertype = rkid->other->keyAttr;
+        else
+            *pothertype = NULL;
+    }
+    return 1;
+}
+
+int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri,
+                               unsigned char *key, size_t keylen)
+{
+    CMS_KEKRecipientInfo *kekri;
+    if (ri->type != CMS_RECIPINFO_KEK) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_KEY, CMS_R_NOT_KEK);
+        return 0;
+    }
+
+    kekri = ri->d.kekri;
+    kekri->key = key;
+    kekri->keylen = keylen;
+    return 1;
+}
+
+/* Encrypt content key in KEK recipient info */
+
+static int cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms,
+                                           CMS_RecipientInfo *ri)
+{
+    CMS_EncryptedContentInfo *ec;
+    CMS_KEKRecipientInfo *kekri;
+    AES_KEY actx;
+    unsigned char *wkey = NULL;
+    int wkeylen;
+    int r = 0;
+
+    ec = cms->d.envelopedData->encryptedContentInfo;
+
+    kekri = ri->d.kekri;
+
+    if (!kekri->key) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_NO_KEY);
+        return 0;
+    }
+
+    if (AES_set_encrypt_key(kekri->key, kekri->keylen << 3, &actx)) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT,
+               CMS_R_ERROR_SETTING_KEY);
+        goto err;
+    }
+
+    wkey = OPENSSL_malloc(ec->keylen + 8);
+
+    if (wkey == NULL) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    wkeylen = AES_wrap_key(&actx, NULL, wkey, ec->key, ec->keylen);
+
+    if (wkeylen <= 0) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_WRAP_ERROR);
+        goto err;
+    }
+
+    ASN1_STRING_set0(kekri->encryptedKey, wkey, wkeylen);
+
+    r = 1;
+
+ err:
+
+    if (!r)
+        OPENSSL_free(wkey);
+    OPENSSL_cleanse(&actx, sizeof(actx));
+
+    return r;
+
+}
+
+/* Decrypt content key in KEK recipient info */
+
+static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms,
+                                           CMS_RecipientInfo *ri)
+{
+    CMS_EncryptedContentInfo *ec;
+    CMS_KEKRecipientInfo *kekri;
+    AES_KEY actx;
+    unsigned char *ukey = NULL;
+    int ukeylen;
+    int r = 0, wrap_nid;
+
+    ec = cms->d.envelopedData->encryptedContentInfo;
+
+    kekri = ri->d.kekri;
+
+    if (!kekri->key) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, CMS_R_NO_KEY);
+        return 0;
+    }
+
+    wrap_nid = OBJ_obj2nid(kekri->keyEncryptionAlgorithm->algorithm);
+    if (aes_wrap_keylen(wrap_nid) != kekri->keylen) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
+               CMS_R_INVALID_KEY_LENGTH);
+        return 0;
+    }
+
+    /* If encrypted key length is invalid don't bother */
+
+    if (kekri->encryptedKey->length < 16) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
+               CMS_R_INVALID_ENCRYPTED_KEY_LENGTH);
+        goto err;
+    }
+
+    if (AES_set_decrypt_key(kekri->key, kekri->keylen << 3, &actx)) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
+               CMS_R_ERROR_SETTING_KEY);
+        goto err;
+    }
+
+    ukey = OPENSSL_malloc(kekri->encryptedKey->length - 8);
+
+    if (ukey == NULL) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    ukeylen = AES_unwrap_key(&actx, NULL, ukey,
+                             kekri->encryptedKey->data,
+                             kekri->encryptedKey->length);
+
+    if (ukeylen <= 0) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, CMS_R_UNWRAP_ERROR);
+        goto err;
+    }
+
+    ec->key = ukey;
+    ec->keylen = ukeylen;
+
+    r = 1;
+
+ err:
+
+    if (!r)
+        OPENSSL_free(ukey);
+    OPENSSL_cleanse(&actx, sizeof(actx));
+
+    return r;
+
+}
+
+int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
+{
+    switch (ri->type) {
+    case CMS_RECIPINFO_TRANS:
+        return cms_RecipientInfo_ktri_decrypt(cms, ri);
+
+    case CMS_RECIPINFO_KEK:
+        return cms_RecipientInfo_kekri_decrypt(cms, ri);
+
+    case CMS_RECIPINFO_PASS:
+        return cms_RecipientInfo_pwri_crypt(cms, ri, 0);
+
+    default:
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_DECRYPT,
+               CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE);
+        return 0;
+    }
+}
+
+int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
+{
+    switch (ri->type) {
+    case CMS_RECIPINFO_TRANS:
+        return cms_RecipientInfo_ktri_encrypt(cms, ri);
+
+    case CMS_RECIPINFO_AGREE:
+        return cms_RecipientInfo_kari_encrypt(cms, ri);
+
+    case CMS_RECIPINFO_KEK:
+        return cms_RecipientInfo_kekri_encrypt(cms, ri);
+
+    case CMS_RECIPINFO_PASS:
+        return cms_RecipientInfo_pwri_crypt(cms, ri, 1);
+
+    default:
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_ENCRYPT,
+               CMS_R_UNSUPPORTED_RECIPIENT_TYPE);
+        return 0;
+    }
+}
+
+/* Check structures and fixup version numbers (if necessary) */
+
+static void cms_env_set_originfo_version(CMS_EnvelopedData *env)
+{
+    CMS_OriginatorInfo *org = env->originatorInfo;
+    int i;
+    if (org == NULL)
+        return;
+    for (i = 0; i < sk_CMS_CertificateChoices_num(org->certificates); i++) {
+        CMS_CertificateChoices *cch;
+        cch = sk_CMS_CertificateChoices_value(org->certificates, i);
+        if (cch->type == CMS_CERTCHOICE_OTHER) {
+            env->version = 4;
+            return;
+        } else if (cch->type == CMS_CERTCHOICE_V2ACERT) {
+            if (env->version < 3)
+                env->version = 3;
+        }
+    }
+
+    for (i = 0; i < sk_CMS_RevocationInfoChoice_num(org->crls); i++) {
+        CMS_RevocationInfoChoice *rch;
+        rch = sk_CMS_RevocationInfoChoice_value(org->crls, i);
+        if (rch->type == CMS_REVCHOICE_OTHER) {
+            env->version = 4;
+            return;
+        }
+    }
+}
+
+static void cms_env_set_version(CMS_EnvelopedData *env)
+{
+    int i;
+    CMS_RecipientInfo *ri;
+
+    /*
+     * Can't set version higher than 4 so if 4 or more already nothing to do.
+     */
+    if (env->version >= 4)
+        return;
+
+    cms_env_set_originfo_version(env);
+
+    if (env->version >= 3)
+        return;
+
+    for (i = 0; i < sk_CMS_RecipientInfo_num(env->recipientInfos); i++) {
+        ri = sk_CMS_RecipientInfo_value(env->recipientInfos, i);
+        if (ri->type == CMS_RECIPINFO_PASS || ri->type == CMS_RECIPINFO_OTHER) {
+            env->version = 3;
+            return;
+        } else if (ri->type != CMS_RECIPINFO_TRANS
+                   || ri->d.ktri->version != 0) {
+            env->version = 2;
+        }
+    }
+    if (env->originatorInfo || env->unprotectedAttrs)
+        env->version = 2;
+    if (env->version == 2)
+        return;
+    env->version = 0;
+}
+
+BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms)
+{
+    CMS_EncryptedContentInfo *ec;
+    STACK_OF(CMS_RecipientInfo) *rinfos;
+    CMS_RecipientInfo *ri;
+    int i, ok = 0;
+    BIO *ret;
+
+    /* Get BIO first to set up key */
+
+    ec = cms->d.envelopedData->encryptedContentInfo;
+    ret = cms_EncryptedContent_init_bio(ec);
+
+    /* If error or no cipher end of processing */
+
+    if (!ret || !ec->cipher)
+        return ret;
+
+    /* Now encrypt content key according to each RecipientInfo type */
+
+    rinfos = cms->d.envelopedData->recipientInfos;
+
+    for (i = 0; i < sk_CMS_RecipientInfo_num(rinfos); i++) {
+        ri = sk_CMS_RecipientInfo_value(rinfos, i);
+        if (CMS_RecipientInfo_encrypt(cms, ri) <= 0) {
+            CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO,
+                   CMS_R_ERROR_SETTING_RECIPIENTINFO);
+            goto err;
+        }
+    }
+    cms_env_set_version(cms->d.envelopedData);
+
+    ok = 1;
+
+ err:
+    ec->cipher = NULL;
+    OPENSSL_clear_free(ec->key, ec->keylen);
+    ec->key = NULL;
+    ec->keylen = 0;
+    if (ok)
+        return ret;
+    BIO_free(ret);
+    return NULL;
+
+}
+
+/*
+ * Get RecipientInfo type (if any) supported by a key (public or private). To
+ * retain compatibility with previous behaviour if the ctrl value isn't
+ * supported we assume key transport.
+ */
+int cms_pkey_get_ri_type(EVP_PKEY *pk)
+{
+    if (pk->ameth && pk->ameth->pkey_ctrl) {
+        int i, r;
+        i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_RI_TYPE, 0, &r);
+        if (i > 0)
+            return r;
+    }
+    return CMS_RECIPINFO_TRANS;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_err.c b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_err.c
new file mode 100644
index 000000000..4432b471e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_err.c
@@ -0,0 +1,294 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/cmserr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA CMS_str_functs[] = {
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CHECK_CONTENT, 0), "check_content"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD0_CERT, 0), "CMS_add0_cert"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD0_RECIPIENT_KEY, 0),
+     "CMS_add0_recipient_key"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, 0),
+     "CMS_add0_recipient_password"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD1_RECEIPTREQUEST, 0),
+     "CMS_add1_ReceiptRequest"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD1_RECIPIENT_CERT, 0),
+     "CMS_add1_recipient_cert"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD1_SIGNER, 0), "CMS_add1_signer"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD1_SIGNINGTIME, 0),
+     "cms_add1_signingTime"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_COMPRESS, 0), "CMS_compress"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_COMPRESSEDDATA_CREATE, 0),
+     "cms_CompressedData_create"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_COMPRESSEDDATA_INIT_BIO, 0),
+     "cms_CompressedData_init_bio"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_COPY_CONTENT, 0), "cms_copy_content"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_COPY_MESSAGEDIGEST, 0),
+     "cms_copy_messageDigest"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DATA, 0), "CMS_data"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DATAFINAL, 0), "CMS_dataFinal"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DATAINIT, 0), "CMS_dataInit"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DECRYPT, 0), "CMS_decrypt"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DECRYPT_SET1_KEY, 0),
+     "CMS_decrypt_set1_key"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DECRYPT_SET1_PASSWORD, 0),
+     "CMS_decrypt_set1_password"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DECRYPT_SET1_PKEY, 0),
+     "CMS_decrypt_set1_pkey"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DIGESTALGORITHM_FIND_CTX, 0),
+     "cms_DigestAlgorithm_find_ctx"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DIGESTALGORITHM_INIT_BIO, 0),
+     "cms_DigestAlgorithm_init_bio"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DIGESTEDDATA_DO_FINAL, 0),
+     "cms_DigestedData_do_final"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DIGEST_VERIFY, 0), "CMS_digest_verify"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCODE_RECEIPT, 0), "cms_encode_Receipt"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCRYPT, 0), "CMS_encrypt"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCRYPTEDCONTENT_INIT, 0),
+     "cms_EncryptedContent_init"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, 0),
+     "cms_EncryptedContent_init_bio"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCRYPTEDDATA_DECRYPT, 0),
+     "CMS_EncryptedData_decrypt"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT, 0),
+     "CMS_EncryptedData_encrypt"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, 0),
+     "CMS_EncryptedData_set1_key"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENVELOPEDDATA_CREATE, 0),
+     "CMS_EnvelopedData_create"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENVELOPEDDATA_INIT_BIO, 0),
+     "cms_EnvelopedData_init_bio"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENVELOPED_DATA_INIT, 0),
+     "cms_enveloped_data_init"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENV_ASN1_CTRL, 0), "cms_env_asn1_ctrl"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_FINAL, 0), "CMS_final"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_GET0_CERTIFICATE_CHOICES, 0),
+     "cms_get0_certificate_choices"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_GET0_CONTENT, 0), "CMS_get0_content"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_GET0_ECONTENT_TYPE, 0),
+     "cms_get0_econtent_type"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_GET0_ENVELOPED, 0), "cms_get0_enveloped"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_GET0_REVOCATION_CHOICES, 0),
+     "cms_get0_revocation_choices"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_GET0_SIGNED, 0), "cms_get0_signed"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_MSGSIGDIGEST_ADD1, 0),
+     "cms_msgSigDigest_add1"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECEIPTREQUEST_CREATE0, 0),
+     "CMS_ReceiptRequest_create0"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECEIPT_VERIFY, 0), "cms_Receipt_verify"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_DECRYPT, 0),
+     "CMS_RecipientInfo_decrypt"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_ENCRYPT, 0),
+     "CMS_RecipientInfo_encrypt"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT, 0),
+     "cms_RecipientInfo_kari_encrypt"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG, 0),
+     "CMS_RecipientInfo_kari_get0_alg"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID, 0),
+     "CMS_RecipientInfo_kari_get0_orig_id"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS, 0),
+     "CMS_RecipientInfo_kari_get0_reks"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP, 0),
+     "CMS_RecipientInfo_kari_orig_id_cmp"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, 0),
+     "cms_RecipientInfo_kekri_decrypt"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, 0),
+     "cms_RecipientInfo_kekri_encrypt"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID, 0),
+     "CMS_RecipientInfo_kekri_get0_id"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP, 0),
+     "CMS_RecipientInfo_kekri_id_cmp"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP, 0),
+     "CMS_RecipientInfo_ktri_cert_cmp"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, 0),
+     "cms_RecipientInfo_ktri_decrypt"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, 0),
+     "cms_RecipientInfo_ktri_encrypt"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS, 0),
+     "CMS_RecipientInfo_ktri_get0_algs"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID, 0),
+     "CMS_RecipientInfo_ktri_get0_signer_id"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, 0),
+     "cms_RecipientInfo_pwri_crypt"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_SET0_KEY, 0),
+     "CMS_RecipientInfo_set0_key"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD, 0),
+     "CMS_RecipientInfo_set0_password"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_SET0_PKEY, 0),
+     "CMS_RecipientInfo_set0_pkey"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SD_ASN1_CTRL, 0), "cms_sd_asn1_ctrl"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SET1_IAS, 0), "cms_set1_ias"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SET1_KEYID, 0), "cms_set1_keyid"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SET1_SIGNERIDENTIFIER, 0),
+     "cms_set1_SignerIdentifier"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SET_DETACHED, 0), "CMS_set_detached"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGN, 0), "CMS_sign"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGNED_DATA_INIT, 0),
+     "cms_signed_data_init"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, 0),
+     "cms_SignerInfo_content_sign"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGNERINFO_SIGN, 0),
+     "CMS_SignerInfo_sign"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGNERINFO_VERIFY, 0),
+     "CMS_SignerInfo_verify"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGNERINFO_VERIFY_CERT, 0),
+     "cms_signerinfo_verify_cert"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, 0),
+     "CMS_SignerInfo_verify_content"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGN_RECEIPT, 0), "CMS_sign_receipt"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_STREAM, 0), "CMS_stream"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_UNCOMPRESS, 0), "CMS_uncompress"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_VERIFY, 0), "CMS_verify"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_KEK_UNWRAP_KEY, 0), "kek_unwrap_key"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA CMS_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ADD_SIGNER_ERROR), "add signer error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CERTIFICATE_ALREADY_PRESENT),
+    "certificate already present"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CERTIFICATE_HAS_NO_KEYID),
+    "certificate has no keyid"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CERTIFICATE_VERIFY_ERROR),
+    "certificate verify error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CIPHER_INITIALISATION_ERROR),
+    "cipher initialisation error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR),
+    "cipher parameter initialisation error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CMS_DATAFINAL_ERROR),
+    "cms datafinal error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CMS_LIB), "cms lib"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENTIDENTIFIER_MISMATCH),
+    "contentidentifier mismatch"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_NOT_FOUND), "content not found"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_TYPE_MISMATCH),
+    "content type mismatch"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA),
+    "content type not compressed data"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA),
+    "content type not enveloped data"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA),
+    "content type not signed data"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_VERIFY_ERROR),
+    "content verify error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CTRL_ERROR), "ctrl error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CTRL_FAILURE), "ctrl failure"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_DECRYPT_ERROR), "decrypt error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_GETTING_PUBLIC_KEY),
+    "error getting public key"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE),
+    "error reading messagedigest attribute"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_SETTING_KEY), "error setting key"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_SETTING_RECIPIENTINFO),
+    "error setting recipientinfo"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_ENCRYPTED_KEY_LENGTH),
+    "invalid encrypted key length"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER),
+    "invalid key encryption parameter"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_KEY_LENGTH), "invalid key length"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MD_BIO_INIT_ERROR), "md bio init error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH),
+    "messagedigest attribute wrong length"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MESSAGEDIGEST_WRONG_LENGTH),
+    "messagedigest wrong length"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MSGSIGDIGEST_ERROR), "msgsigdigest error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE),
+    "msgsigdigest verification failure"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MSGSIGDIGEST_WRONG_LENGTH),
+    "msgsigdigest wrong length"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NEED_ONE_SIGNER), "need one signer"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_A_SIGNED_RECEIPT),
+    "not a signed receipt"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_ENCRYPTED_DATA), "not encrypted data"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_KEK), "not kek"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_KEY_AGREEMENT), "not key agreement"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_KEY_TRANSPORT), "not key transport"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_PWRI), "not pwri"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),
+    "not supported for this key type"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_CIPHER), "no cipher"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_CONTENT), "no content"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_CONTENT_TYPE), "no content type"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_DEFAULT_DIGEST), "no default digest"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_DIGEST_SET), "no digest set"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_KEY), "no key"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_KEY_OR_CERT), "no key or cert"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_MATCHING_DIGEST), "no matching digest"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_MATCHING_RECIPIENT),
+    "no matching recipient"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_MATCHING_SIGNATURE),
+    "no matching signature"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_MSGSIGDIGEST), "no msgsigdigest"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_PASSWORD), "no password"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_PRIVATE_KEY), "no private key"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_PUBLIC_KEY), "no public key"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_RECEIPT_REQUEST), "no receipt request"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_SIGNERS), "no signers"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),
+    "private key does not match certificate"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_RECEIPT_DECODE_ERROR),
+    "receipt decode error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_RECIPIENT_ERROR), "recipient error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_SIGNER_CERTIFICATE_NOT_FOUND),
+    "signer certificate not found"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_SIGNFINAL_ERROR), "signfinal error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_SMIME_TEXT_ERROR), "smime text error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_STORE_INIT_ERROR), "store init error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_COMPRESSED_DATA),
+    "type not compressed data"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_DATA), "type not data"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_DIGESTED_DATA),
+    "type not digested data"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_ENCRYPTED_DATA),
+    "type not encrypted data"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_ENVELOPED_DATA),
+    "type not enveloped data"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNABLE_TO_FINALIZE_CONTEXT),
+    "unable to finalize context"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNKNOWN_CIPHER), "unknown cipher"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNKNOWN_DIGEST_ALGORITHM),
+    "unknown digest algorithm"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNKNOWN_ID), "unknown id"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM),
+    "unsupported compression algorithm"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_CONTENT_TYPE),
+    "unsupported content type"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_KEK_ALGORITHM),
+    "unsupported kek algorithm"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM),
+    "unsupported key encryption algorithm"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE),
+    "unsupported recipientinfo type"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_RECIPIENT_TYPE),
+    "unsupported recipient type"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_TYPE), "unsupported type"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNWRAP_ERROR), "unwrap error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNWRAP_FAILURE), "unwrap failure"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_VERIFICATION_FAILURE),
+    "verification failure"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_WRAP_ERROR), "wrap error"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_CMS_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(CMS_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(CMS_str_functs);
+        ERR_load_strings_const(CMS_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_ess.c b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_ess.c
new file mode 100644
index 000000000..4780231c2
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_ess.c
@@ -0,0 +1,337 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/rand.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include "cms_lcl.h"
+
+IMPLEMENT_ASN1_FUNCTIONS(CMS_ReceiptRequest)
+
+/* ESS services: for now just Signed Receipt related */
+
+int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr)
+{
+    ASN1_STRING *str;
+    CMS_ReceiptRequest *rr = NULL;
+    if (prr)
+        *prr = NULL;
+    str = CMS_signed_get0_data_by_OBJ(si,
+                                      OBJ_nid2obj
+                                      (NID_id_smime_aa_receiptRequest), -3,
+                                      V_ASN1_SEQUENCE);
+    if (!str)
+        return 0;
+
+    rr = ASN1_item_unpack(str, ASN1_ITEM_rptr(CMS_ReceiptRequest));
+    if (!rr)
+        return -1;
+    if (prr)
+        *prr = rr;
+    else
+        CMS_ReceiptRequest_free(rr);
+    return 1;
+}
+
+CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
+                                               int allorfirst,
+                                               STACK_OF(GENERAL_NAMES)
+                                               *receiptList, STACK_OF(GENERAL_NAMES)
+                                               *receiptsTo)
+{
+    CMS_ReceiptRequest *rr = NULL;
+
+    rr = CMS_ReceiptRequest_new();
+    if (rr == NULL)
+        goto merr;
+    if (id)
+        ASN1_STRING_set0(rr->signedContentIdentifier, id, idlen);
+    else {
+        if (!ASN1_STRING_set(rr->signedContentIdentifier, NULL, 32))
+            goto merr;
+        if (RAND_bytes(rr->signedContentIdentifier->data, 32) <= 0)
+            goto err;
+    }
+
+    sk_GENERAL_NAMES_pop_free(rr->receiptsTo, GENERAL_NAMES_free);
+    rr->receiptsTo = receiptsTo;
+
+    if (receiptList) {
+        rr->receiptsFrom->type = 1;
+        rr->receiptsFrom->d.receiptList = receiptList;
+    } else {
+        rr->receiptsFrom->type = 0;
+        rr->receiptsFrom->d.allOrFirstTier = allorfirst;
+    }
+
+    return rr;
+
+ merr:
+    CMSerr(CMS_F_CMS_RECEIPTREQUEST_CREATE0, ERR_R_MALLOC_FAILURE);
+
+ err:
+    CMS_ReceiptRequest_free(rr);
+    return NULL;
+
+}
+
+int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr)
+{
+    unsigned char *rrder = NULL;
+    int rrderlen, r = 0;
+
+    rrderlen = i2d_CMS_ReceiptRequest(rr, &rrder);
+    if (rrderlen < 0)
+        goto merr;
+
+    if (!CMS_signed_add1_attr_by_NID(si, NID_id_smime_aa_receiptRequest,
+                                     V_ASN1_SEQUENCE, rrder, rrderlen))
+        goto merr;
+
+    r = 1;
+
+ merr:
+    if (!r)
+        CMSerr(CMS_F_CMS_ADD1_RECEIPTREQUEST, ERR_R_MALLOC_FAILURE);
+
+    OPENSSL_free(rrder);
+
+    return r;
+
+}
+
+void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
+                                    ASN1_STRING **pcid,
+                                    int *pallorfirst,
+                                    STACK_OF(GENERAL_NAMES) **plist,
+                                    STACK_OF(GENERAL_NAMES) **prto)
+{
+    if (pcid)
+        *pcid = rr->signedContentIdentifier;
+    if (rr->receiptsFrom->type == 0) {
+        if (pallorfirst)
+            *pallorfirst = (int)rr->receiptsFrom->d.allOrFirstTier;
+        if (plist)
+            *plist = NULL;
+    } else {
+        if (pallorfirst)
+            *pallorfirst = -1;
+        if (plist)
+            *plist = rr->receiptsFrom->d.receiptList;
+    }
+    if (prto)
+        *prto = rr->receiptsTo;
+}
+
+/* Digest a SignerInfo structure for msgSigDigest attribute processing */
+
+static int cms_msgSigDigest(CMS_SignerInfo *si,
+                            unsigned char *dig, unsigned int *diglen)
+{
+    const EVP_MD *md;
+    md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
+    if (md == NULL)
+        return 0;
+    if (!ASN1_item_digest(ASN1_ITEM_rptr(CMS_Attributes_Verify), md,
+                          si->signedAttrs, dig, diglen))
+        return 0;
+    return 1;
+}
+
+/* Add a msgSigDigest attribute to a SignerInfo */
+
+int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src)
+{
+    unsigned char dig[EVP_MAX_MD_SIZE];
+    unsigned int diglen;
+    if (!cms_msgSigDigest(src, dig, &diglen)) {
+        CMSerr(CMS_F_CMS_MSGSIGDIGEST_ADD1, CMS_R_MSGSIGDIGEST_ERROR);
+        return 0;
+    }
+    if (!CMS_signed_add1_attr_by_NID(dest, NID_id_smime_aa_msgSigDigest,
+                                     V_ASN1_OCTET_STRING, dig, diglen)) {
+        CMSerr(CMS_F_CMS_MSGSIGDIGEST_ADD1, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    return 1;
+}
+
+/* Verify signed receipt after it has already passed normal CMS verify */
+
+int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms)
+{
+    int r = 0, i;
+    CMS_ReceiptRequest *rr = NULL;
+    CMS_Receipt *rct = NULL;
+    STACK_OF(CMS_SignerInfo) *sis, *osis;
+    CMS_SignerInfo *si, *osi = NULL;
+    ASN1_OCTET_STRING *msig, **pcont;
+    ASN1_OBJECT *octype;
+    unsigned char dig[EVP_MAX_MD_SIZE];
+    unsigned int diglen;
+
+    /* Get SignerInfos, also checks SignedData content type */
+    osis = CMS_get0_SignerInfos(req_cms);
+    sis = CMS_get0_SignerInfos(cms);
+    if (!osis || !sis)
+        goto err;
+
+    if (sk_CMS_SignerInfo_num(sis) != 1) {
+        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NEED_ONE_SIGNER);
+        goto err;
+    }
+
+    /* Check receipt content type */
+    if (OBJ_obj2nid(CMS_get0_eContentType(cms)) != NID_id_smime_ct_receipt) {
+        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NOT_A_SIGNED_RECEIPT);
+        goto err;
+    }
+
+    /* Extract and decode receipt content */
+    pcont = CMS_get0_content(cms);
+    if (!pcont || !*pcont) {
+        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_CONTENT);
+        goto err;
+    }
+
+    rct = ASN1_item_unpack(*pcont, ASN1_ITEM_rptr(CMS_Receipt));
+
+    if (!rct) {
+        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_RECEIPT_DECODE_ERROR);
+        goto err;
+    }
+
+    /* Locate original request */
+
+    for (i = 0; i < sk_CMS_SignerInfo_num(osis); i++) {
+        osi = sk_CMS_SignerInfo_value(osis, i);
+        if (!ASN1_STRING_cmp(osi->signature, rct->originatorSignatureValue))
+            break;
+    }
+
+    if (i == sk_CMS_SignerInfo_num(osis)) {
+        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_MATCHING_SIGNATURE);
+        goto err;
+    }
+
+    si = sk_CMS_SignerInfo_value(sis, 0);
+
+    /* Get msgSigDigest value and compare */
+
+    msig = CMS_signed_get0_data_by_OBJ(si,
+                                       OBJ_nid2obj
+                                       (NID_id_smime_aa_msgSigDigest), -3,
+                                       V_ASN1_OCTET_STRING);
+
+    if (!msig) {
+        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_MSGSIGDIGEST);
+        goto err;
+    }
+
+    if (!cms_msgSigDigest(osi, dig, &diglen)) {
+        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_MSGSIGDIGEST_ERROR);
+        goto err;
+    }
+
+    if (diglen != (unsigned int)msig->length) {
+        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_MSGSIGDIGEST_WRONG_LENGTH);
+        goto err;
+    }
+
+    if (memcmp(dig, msig->data, diglen)) {
+        CMSerr(CMS_F_CMS_RECEIPT_VERIFY,
+               CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE);
+        goto err;
+    }
+
+    /* Compare content types */
+
+    octype = CMS_signed_get0_data_by_OBJ(osi,
+                                         OBJ_nid2obj(NID_pkcs9_contentType),
+                                         -3, V_ASN1_OBJECT);
+    if (!octype) {
+        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_CONTENT_TYPE);
+        goto err;
+    }
+
+    /* Compare details in receipt request */
+
+    if (OBJ_cmp(octype, rct->contentType)) {
+        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_CONTENT_TYPE_MISMATCH);
+        goto err;
+    }
+
+    /* Get original receipt request details */
+
+    if (CMS_get1_ReceiptRequest(osi, &rr) <= 0) {
+        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_RECEIPT_REQUEST);
+        goto err;
+    }
+
+    if (ASN1_STRING_cmp(rr->signedContentIdentifier,
+                        rct->signedContentIdentifier)) {
+        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_CONTENTIDENTIFIER_MISMATCH);
+        goto err;
+    }
+
+    r = 1;
+
+ err:
+    CMS_ReceiptRequest_free(rr);
+    M_ASN1_free_of(rct, CMS_Receipt);
+    return r;
+
+}
+
+/*
+ * Encode a Receipt into an OCTET STRING read for including into content of a
+ * SignedData ContentInfo.
+ */
+
+ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si)
+{
+    CMS_Receipt rct;
+    CMS_ReceiptRequest *rr = NULL;
+    ASN1_OBJECT *ctype;
+    ASN1_OCTET_STRING *os = NULL;
+
+    /* Get original receipt request */
+
+    /* Get original receipt request details */
+
+    if (CMS_get1_ReceiptRequest(si, &rr) <= 0) {
+        CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_RECEIPT_REQUEST);
+        goto err;
+    }
+
+    /* Get original content type */
+
+    ctype = CMS_signed_get0_data_by_OBJ(si,
+                                        OBJ_nid2obj(NID_pkcs9_contentType),
+                                        -3, V_ASN1_OBJECT);
+    if (!ctype) {
+        CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_CONTENT_TYPE);
+        goto err;
+    }
+
+    rct.version = 1;
+    rct.contentType = ctype;
+    rct.signedContentIdentifier = rr->signedContentIdentifier;
+    rct.originatorSignatureValue = si->signature;
+
+    os = ASN1_item_pack(&rct, ASN1_ITEM_rptr(CMS_Receipt), NULL);
+
+ err:
+    CMS_ReceiptRequest_free(rr);
+    return os;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_io.c b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_io.c
new file mode 100644
index 000000000..d18f980a9
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_io.c
@@ -0,0 +1,88 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/cms.h>
+#include "cms_lcl.h"
+
+int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms)
+{
+    ASN1_OCTET_STRING **pos;
+    pos = CMS_get0_content(cms);
+    if (pos == NULL)
+        return 0;
+    if (*pos == NULL)
+        *pos = ASN1_OCTET_STRING_new();
+    if (*pos != NULL) {
+        (*pos)->flags |= ASN1_STRING_FLAG_NDEF;
+        (*pos)->flags &= ~ASN1_STRING_FLAG_CONT;
+        *boundary = &(*pos)->data;
+        return 1;
+    }
+    CMSerr(CMS_F_CMS_STREAM, ERR_R_MALLOC_FAILURE);
+    return 0;
+}
+
+CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms)
+{
+    return ASN1_item_d2i_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms);
+}
+
+int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms)
+{
+    return ASN1_item_i2d_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms);
+}
+
+IMPLEMENT_PEM_rw_const(CMS, CMS_ContentInfo, PEM_STRING_CMS, CMS_ContentInfo)
+
+BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms)
+{
+    return BIO_new_NDEF(out, (ASN1_VALUE *)cms,
+                        ASN1_ITEM_rptr(CMS_ContentInfo));
+}
+
+/* CMS wrappers round generalised stream and MIME routines */
+
+int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags)
+{
+    return i2d_ASN1_bio_stream(out, (ASN1_VALUE *)cms, in, flags,
+                               ASN1_ITEM_rptr(CMS_ContentInfo));
+}
+
+int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in,
+                             int flags)
+{
+    return PEM_write_bio_ASN1_stream(out, (ASN1_VALUE *)cms, in, flags,
+                                     "CMS", ASN1_ITEM_rptr(CMS_ContentInfo));
+}
+
+int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags)
+{
+    STACK_OF(X509_ALGOR) *mdalgs;
+    int ctype_nid = OBJ_obj2nid(cms->contentType);
+    int econt_nid = OBJ_obj2nid(CMS_get0_eContentType(cms));
+    if (ctype_nid == NID_pkcs7_signed)
+        mdalgs = cms->d.signedData->digestAlgorithms;
+    else
+        mdalgs = NULL;
+
+    return SMIME_write_ASN1(bio, (ASN1_VALUE *)cms, data, flags,
+                            ctype_nid, econt_nid, mdalgs,
+                            ASN1_ITEM_rptr(CMS_ContentInfo));
+}
+
+CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont)
+{
+    return (CMS_ContentInfo *)SMIME_read_ASN1(bio, bcont,
+                                              ASN1_ITEM_rptr
+                                              (CMS_ContentInfo));
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_kari.c b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_kari.c
new file mode 100644
index 000000000..5e83814d0
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_kari.c
@@ -0,0 +1,414 @@
+/*
+ * Copyright 2013-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include <openssl/aes.h>
+#include "cms_lcl.h"
+#include "internal/asn1_int.h"
+
+/* Key Agreement Recipient Info (KARI) routines */
+
+int CMS_RecipientInfo_kari_get0_alg(CMS_RecipientInfo *ri,
+                                    X509_ALGOR **palg,
+                                    ASN1_OCTET_STRING **pukm)
+{
+    if (ri->type != CMS_RECIPINFO_AGREE) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG,
+               CMS_R_NOT_KEY_AGREEMENT);
+        return 0;
+    }
+    if (palg)
+        *palg = ri->d.kari->keyEncryptionAlgorithm;
+    if (pukm)
+        *pukm = ri->d.kari->ukm;
+    return 1;
+}
+
+/* Retrieve recipient encrypted keys from a kari */
+
+STACK_OF(CMS_RecipientEncryptedKey)
+*CMS_RecipientInfo_kari_get0_reks(CMS_RecipientInfo *ri)
+{
+    if (ri->type != CMS_RECIPINFO_AGREE) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS,
+               CMS_R_NOT_KEY_AGREEMENT);
+        return NULL;
+    }
+    return ri->d.kari->recipientEncryptedKeys;
+}
+
+int CMS_RecipientInfo_kari_get0_orig_id(CMS_RecipientInfo *ri,
+                                        X509_ALGOR **pubalg,
+                                        ASN1_BIT_STRING **pubkey,
+                                        ASN1_OCTET_STRING **keyid,
+                                        X509_NAME **issuer,
+                                        ASN1_INTEGER **sno)
+{
+    CMS_OriginatorIdentifierOrKey *oik;
+    if (ri->type != CMS_RECIPINFO_AGREE) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID,
+               CMS_R_NOT_KEY_AGREEMENT);
+        return 0;
+    }
+    oik = ri->d.kari->originator;
+    if (issuer)
+        *issuer = NULL;
+    if (sno)
+        *sno = NULL;
+    if (keyid)
+        *keyid = NULL;
+    if (pubalg)
+        *pubalg = NULL;
+    if (pubkey)
+        *pubkey = NULL;
+    if (oik->type == CMS_OIK_ISSUER_SERIAL) {
+        if (issuer)
+            *issuer = oik->d.issuerAndSerialNumber->issuer;
+        if (sno)
+            *sno = oik->d.issuerAndSerialNumber->serialNumber;
+    } else if (oik->type == CMS_OIK_KEYIDENTIFIER) {
+        if (keyid)
+            *keyid = oik->d.subjectKeyIdentifier;
+    } else if (oik->type == CMS_OIK_PUBKEY) {
+        if (pubalg)
+            *pubalg = oik->d.originatorKey->algorithm;
+        if (pubkey)
+            *pubkey = oik->d.originatorKey->publicKey;
+    } else
+        return 0;
+    return 1;
+}
+
+int CMS_RecipientInfo_kari_orig_id_cmp(CMS_RecipientInfo *ri, X509 *cert)
+{
+    CMS_OriginatorIdentifierOrKey *oik;
+    if (ri->type != CMS_RECIPINFO_AGREE) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP,
+               CMS_R_NOT_KEY_AGREEMENT);
+        return -2;
+    }
+    oik = ri->d.kari->originator;
+    if (oik->type == CMS_OIK_ISSUER_SERIAL)
+        return cms_ias_cert_cmp(oik->d.issuerAndSerialNumber, cert);
+    else if (oik->type == CMS_OIK_KEYIDENTIFIER)
+        return cms_keyid_cert_cmp(oik->d.subjectKeyIdentifier, cert);
+    return -1;
+}
+
+int CMS_RecipientEncryptedKey_get0_id(CMS_RecipientEncryptedKey *rek,
+                                      ASN1_OCTET_STRING **keyid,
+                                      ASN1_GENERALIZEDTIME **tm,
+                                      CMS_OtherKeyAttribute **other,
+                                      X509_NAME **issuer, ASN1_INTEGER **sno)
+{
+    CMS_KeyAgreeRecipientIdentifier *rid = rek->rid;
+    if (rid->type == CMS_REK_ISSUER_SERIAL) {
+        if (issuer)
+            *issuer = rid->d.issuerAndSerialNumber->issuer;
+        if (sno)
+            *sno = rid->d.issuerAndSerialNumber->serialNumber;
+        if (keyid)
+            *keyid = NULL;
+        if (tm)
+            *tm = NULL;
+        if (other)
+            *other = NULL;
+    } else if (rid->type == CMS_REK_KEYIDENTIFIER) {
+        if (keyid)
+            *keyid = rid->d.rKeyId->subjectKeyIdentifier;
+        if (tm)
+            *tm = rid->d.rKeyId->date;
+        if (other)
+            *other = rid->d.rKeyId->other;
+        if (issuer)
+            *issuer = NULL;
+        if (sno)
+            *sno = NULL;
+    } else
+        return 0;
+    return 1;
+}
+
+int CMS_RecipientEncryptedKey_cert_cmp(CMS_RecipientEncryptedKey *rek,
+                                       X509 *cert)
+{
+    CMS_KeyAgreeRecipientIdentifier *rid = rek->rid;
+    if (rid->type == CMS_REK_ISSUER_SERIAL)
+        return cms_ias_cert_cmp(rid->d.issuerAndSerialNumber, cert);
+    else if (rid->type == CMS_REK_KEYIDENTIFIER)
+        return cms_keyid_cert_cmp(rid->d.rKeyId->subjectKeyIdentifier, cert);
+    else
+        return -1;
+}
+
+int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk)
+{
+    EVP_PKEY_CTX *pctx;
+    CMS_KeyAgreeRecipientInfo *kari = ri->d.kari;
+
+    EVP_PKEY_CTX_free(kari->pctx);
+    kari->pctx = NULL;
+    if (!pk)
+        return 1;
+    pctx = EVP_PKEY_CTX_new(pk, NULL);
+    if (!pctx || !EVP_PKEY_derive_init(pctx))
+        goto err;
+    kari->pctx = pctx;
+    return 1;
+ err:
+    EVP_PKEY_CTX_free(pctx);
+    return 0;
+}
+
+EVP_CIPHER_CTX *CMS_RecipientInfo_kari_get0_ctx(CMS_RecipientInfo *ri)
+{
+    if (ri->type == CMS_RECIPINFO_AGREE)
+        return ri->d.kari->ctx;
+    return NULL;
+}
+
+/*
+ * Derive KEK and decrypt/encrypt with it to produce either the original CEK
+ * or the encrypted CEK.
+ */
+
+static int cms_kek_cipher(unsigned char **pout, size_t *poutlen,
+                          const unsigned char *in, size_t inlen,
+                          CMS_KeyAgreeRecipientInfo *kari, int enc)
+{
+    /* Key encryption key */
+    unsigned char kek[EVP_MAX_KEY_LENGTH];
+    size_t keklen;
+    int rv = 0;
+    unsigned char *out = NULL;
+    int outlen;
+    keklen = EVP_CIPHER_CTX_key_length(kari->ctx);
+    if (keklen > EVP_MAX_KEY_LENGTH)
+        return 0;
+    /* Derive KEK */
+    if (EVP_PKEY_derive(kari->pctx, kek, &keklen) <= 0)
+        goto err;
+    /* Set KEK in context */
+    if (!EVP_CipherInit_ex(kari->ctx, NULL, NULL, kek, NULL, enc))
+        goto err;
+    /* obtain output length of ciphered key */
+    if (!EVP_CipherUpdate(kari->ctx, NULL, &outlen, in, inlen))
+        goto err;
+    out = OPENSSL_malloc(outlen);
+    if (out == NULL)
+        goto err;
+    if (!EVP_CipherUpdate(kari->ctx, out, &outlen, in, inlen))
+        goto err;
+    *pout = out;
+    *poutlen = (size_t)outlen;
+    rv = 1;
+
+ err:
+    OPENSSL_cleanse(kek, keklen);
+    if (!rv)
+        OPENSSL_free(out);
+    EVP_CIPHER_CTX_reset(kari->ctx);
+    /* FIXME: WHY IS kari->pctx freed here?  /RL */
+    EVP_PKEY_CTX_free(kari->pctx);
+    kari->pctx = NULL;
+    return rv;
+}
+
+int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms,
+                                   CMS_RecipientInfo *ri,
+                                   CMS_RecipientEncryptedKey *rek)
+{
+    int rv = 0;
+    unsigned char *enckey = NULL, *cek = NULL;
+    size_t enckeylen;
+    size_t ceklen;
+    CMS_EncryptedContentInfo *ec;
+    enckeylen = rek->encryptedKey->length;
+    enckey = rek->encryptedKey->data;
+    /* Setup all parameters to derive KEK */
+    if (!cms_env_asn1_ctrl(ri, 1))
+        goto err;
+    /* Attempt to decrypt CEK */
+    if (!cms_kek_cipher(&cek, &ceklen, enckey, enckeylen, ri->d.kari, 0))
+        goto err;
+    ec = cms->d.envelopedData->encryptedContentInfo;
+    OPENSSL_clear_free(ec->key, ec->keylen);
+    ec->key = cek;
+    ec->keylen = ceklen;
+    cek = NULL;
+    rv = 1;
+ err:
+    OPENSSL_free(cek);
+    return rv;
+}
+
+/* Create ephemeral key and initialise context based on it */
+static int cms_kari_create_ephemeral_key(CMS_KeyAgreeRecipientInfo *kari,
+                                         EVP_PKEY *pk)
+{
+    EVP_PKEY_CTX *pctx = NULL;
+    EVP_PKEY *ekey = NULL;
+    int rv = 0;
+    pctx = EVP_PKEY_CTX_new(pk, NULL);
+    if (!pctx)
+        goto err;
+    if (EVP_PKEY_keygen_init(pctx) <= 0)
+        goto err;
+    if (EVP_PKEY_keygen(pctx, &ekey) <= 0)
+        goto err;
+    EVP_PKEY_CTX_free(pctx);
+    pctx = EVP_PKEY_CTX_new(ekey, NULL);
+    if (!pctx)
+        goto err;
+    if (EVP_PKEY_derive_init(pctx) <= 0)
+        goto err;
+    kari->pctx = pctx;
+    rv = 1;
+ err:
+    if (!rv)
+        EVP_PKEY_CTX_free(pctx);
+    EVP_PKEY_free(ekey);
+    return rv;
+}
+
+/* Initialise a kari based on passed certificate and key */
+
+int cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip,
+                                EVP_PKEY *pk, unsigned int flags)
+{
+    CMS_KeyAgreeRecipientInfo *kari;
+    CMS_RecipientEncryptedKey *rek = NULL;
+
+    ri->d.kari = M_ASN1_new_of(CMS_KeyAgreeRecipientInfo);
+    if (!ri->d.kari)
+        return 0;
+    ri->type = CMS_RECIPINFO_AGREE;
+
+    kari = ri->d.kari;
+    kari->version = 3;
+
+    rek = M_ASN1_new_of(CMS_RecipientEncryptedKey);
+    if (rek == NULL)
+        return 0;
+
+    if (!sk_CMS_RecipientEncryptedKey_push(kari->recipientEncryptedKeys, rek)) {
+        M_ASN1_free_of(rek, CMS_RecipientEncryptedKey);
+        return 0;
+    }
+
+    if (flags & CMS_USE_KEYID) {
+        rek->rid->type = CMS_REK_KEYIDENTIFIER;
+        rek->rid->d.rKeyId = M_ASN1_new_of(CMS_RecipientKeyIdentifier);
+        if (rek->rid->d.rKeyId == NULL)
+            return 0;
+        if (!cms_set1_keyid(&rek->rid->d.rKeyId->subjectKeyIdentifier, recip))
+            return 0;
+    } else {
+        rek->rid->type = CMS_REK_ISSUER_SERIAL;
+        if (!cms_set1_ias(&rek->rid->d.issuerAndSerialNumber, recip))
+            return 0;
+    }
+
+    /* Create ephemeral key */
+    if (!cms_kari_create_ephemeral_key(kari, pk))
+        return 0;
+
+    EVP_PKEY_up_ref(pk);
+    rek->pkey = pk;
+    return 1;
+}
+
+static int cms_wrap_init(CMS_KeyAgreeRecipientInfo *kari,
+                         const EVP_CIPHER *cipher)
+{
+    EVP_CIPHER_CTX *ctx = kari->ctx;
+    const EVP_CIPHER *kekcipher;
+    int keylen = EVP_CIPHER_key_length(cipher);
+    /* If a suitable wrap algorithm is already set nothing to do */
+    kekcipher = EVP_CIPHER_CTX_cipher(ctx);
+
+    if (kekcipher) {
+        if (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_WRAP_MODE)
+            return 0;
+        return 1;
+    }
+    /*
+     * Pick a cipher based on content encryption cipher. If it is DES3 use
+     * DES3 wrap otherwise use AES wrap similar to key size.
+     */
+#ifndef OPENSSL_NO_DES
+    if (EVP_CIPHER_type(cipher) == NID_des_ede3_cbc)
+        kekcipher = EVP_des_ede3_wrap();
+    else
+#endif
+    if (keylen <= 16)
+        kekcipher = EVP_aes_128_wrap();
+    else if (keylen <= 24)
+        kekcipher = EVP_aes_192_wrap();
+    else
+        kekcipher = EVP_aes_256_wrap();
+    return EVP_EncryptInit_ex(ctx, kekcipher, NULL, NULL, NULL);
+}
+
+/* Encrypt content key in key agreement recipient info */
+
+int cms_RecipientInfo_kari_encrypt(CMS_ContentInfo *cms,
+                                   CMS_RecipientInfo *ri)
+{
+    CMS_KeyAgreeRecipientInfo *kari;
+    CMS_EncryptedContentInfo *ec;
+    CMS_RecipientEncryptedKey *rek;
+    STACK_OF(CMS_RecipientEncryptedKey) *reks;
+    int i;
+
+    if (ri->type != CMS_RECIPINFO_AGREE) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT, CMS_R_NOT_KEY_AGREEMENT);
+        return 0;
+    }
+    kari = ri->d.kari;
+    reks = kari->recipientEncryptedKeys;
+    ec = cms->d.envelopedData->encryptedContentInfo;
+    /* Initialise wrap algorithm parameters */
+    if (!cms_wrap_init(kari, ec->cipher))
+        return 0;
+    /*
+     * If no originator key set up initialise for ephemeral key the public key
+     * ASN1 structure will set the actual public key value.
+     */
+    if (kari->originator->type == -1) {
+        CMS_OriginatorIdentifierOrKey *oik = kari->originator;
+        oik->type = CMS_OIK_PUBKEY;
+        oik->d.originatorKey = M_ASN1_new_of(CMS_OriginatorPublicKey);
+        if (!oik->d.originatorKey)
+            return 0;
+    }
+    /* Initialise KDF algorithm */
+    if (!cms_env_asn1_ctrl(ri, 0))
+        return 0;
+    /* For each rek, derive KEK, encrypt CEK */
+    for (i = 0; i < sk_CMS_RecipientEncryptedKey_num(reks); i++) {
+        unsigned char *enckey;
+        size_t enckeylen;
+        rek = sk_CMS_RecipientEncryptedKey_value(reks, i);
+        if (EVP_PKEY_derive_set_peer(kari->pctx, rek->pkey) <= 0)
+            return 0;
+        if (!cms_kek_cipher(&enckey, &enckeylen, ec->key, ec->keylen,
+                            kari, 1))
+            return 0;
+        ASN1_STRING_set0(rek->encryptedKey, enckey, enckeylen);
+    }
+
+    return 1;
+
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_lcl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_lcl.h
new file mode 100644
index 000000000..916fcbfbe
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_lcl.h
@@ -0,0 +1,437 @@
+/*
+ * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CMS_LCL_H
+# define HEADER_CMS_LCL_H
+
+# include <openssl/x509.h>
+
+/*
+ * Cryptographic message syntax (CMS) structures: taken from RFC3852
+ */
+
+/* Forward references */
+
+typedef struct CMS_IssuerAndSerialNumber_st CMS_IssuerAndSerialNumber;
+typedef struct CMS_EncapsulatedContentInfo_st CMS_EncapsulatedContentInfo;
+typedef struct CMS_SignerIdentifier_st CMS_SignerIdentifier;
+typedef struct CMS_SignedData_st CMS_SignedData;
+typedef struct CMS_OtherRevocationInfoFormat_st CMS_OtherRevocationInfoFormat;
+typedef struct CMS_OriginatorInfo_st CMS_OriginatorInfo;
+typedef struct CMS_EncryptedContentInfo_st CMS_EncryptedContentInfo;
+typedef struct CMS_EnvelopedData_st CMS_EnvelopedData;
+typedef struct CMS_DigestedData_st CMS_DigestedData;
+typedef struct CMS_EncryptedData_st CMS_EncryptedData;
+typedef struct CMS_AuthenticatedData_st CMS_AuthenticatedData;
+typedef struct CMS_CompressedData_st CMS_CompressedData;
+typedef struct CMS_OtherCertificateFormat_st CMS_OtherCertificateFormat;
+typedef struct CMS_KeyTransRecipientInfo_st CMS_KeyTransRecipientInfo;
+typedef struct CMS_OriginatorPublicKey_st CMS_OriginatorPublicKey;
+typedef struct CMS_OriginatorIdentifierOrKey_st CMS_OriginatorIdentifierOrKey;
+typedef struct CMS_KeyAgreeRecipientInfo_st CMS_KeyAgreeRecipientInfo;
+typedef struct CMS_RecipientKeyIdentifier_st CMS_RecipientKeyIdentifier;
+typedef struct CMS_KeyAgreeRecipientIdentifier_st
+    CMS_KeyAgreeRecipientIdentifier;
+typedef struct CMS_KEKIdentifier_st CMS_KEKIdentifier;
+typedef struct CMS_KEKRecipientInfo_st CMS_KEKRecipientInfo;
+typedef struct CMS_PasswordRecipientInfo_st CMS_PasswordRecipientInfo;
+typedef struct CMS_OtherRecipientInfo_st CMS_OtherRecipientInfo;
+typedef struct CMS_ReceiptsFrom_st CMS_ReceiptsFrom;
+
+struct CMS_ContentInfo_st {
+    ASN1_OBJECT *contentType;
+    union {
+        ASN1_OCTET_STRING *data;
+        CMS_SignedData *signedData;
+        CMS_EnvelopedData *envelopedData;
+        CMS_DigestedData *digestedData;
+        CMS_EncryptedData *encryptedData;
+        CMS_AuthenticatedData *authenticatedData;
+        CMS_CompressedData *compressedData;
+        ASN1_TYPE *other;
+        /* Other types ... */
+        void *otherData;
+    } d;
+};
+
+DEFINE_STACK_OF(CMS_CertificateChoices)
+
+struct CMS_SignedData_st {
+    int32_t version;
+    STACK_OF(X509_ALGOR) *digestAlgorithms;
+    CMS_EncapsulatedContentInfo *encapContentInfo;
+    STACK_OF(CMS_CertificateChoices) *certificates;
+    STACK_OF(CMS_RevocationInfoChoice) *crls;
+    STACK_OF(CMS_SignerInfo) *signerInfos;
+};
+
+struct CMS_EncapsulatedContentInfo_st {
+    ASN1_OBJECT *eContentType;
+    ASN1_OCTET_STRING *eContent;
+    /* Set to 1 if incomplete structure only part set up */
+    int partial;
+};
+
+struct CMS_SignerInfo_st {
+    int32_t version;
+    CMS_SignerIdentifier *sid;
+    X509_ALGOR *digestAlgorithm;
+    STACK_OF(X509_ATTRIBUTE) *signedAttrs;
+    X509_ALGOR *signatureAlgorithm;
+    ASN1_OCTET_STRING *signature;
+    STACK_OF(X509_ATTRIBUTE) *unsignedAttrs;
+    /* Signing certificate and key */
+    X509 *signer;
+    EVP_PKEY *pkey;
+    /* Digest and public key context for alternative parameters */
+    EVP_MD_CTX *mctx;
+    EVP_PKEY_CTX *pctx;
+};
+
+struct CMS_SignerIdentifier_st {
+    int type;
+    union {
+        CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
+        ASN1_OCTET_STRING *subjectKeyIdentifier;
+    } d;
+};
+
+struct CMS_EnvelopedData_st {
+    int32_t version;
+    CMS_OriginatorInfo *originatorInfo;
+    STACK_OF(CMS_RecipientInfo) *recipientInfos;
+    CMS_EncryptedContentInfo *encryptedContentInfo;
+    STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs;
+};
+
+struct CMS_OriginatorInfo_st {
+    STACK_OF(CMS_CertificateChoices) *certificates;
+    STACK_OF(CMS_RevocationInfoChoice) *crls;
+};
+
+struct CMS_EncryptedContentInfo_st {
+    ASN1_OBJECT *contentType;
+    X509_ALGOR *contentEncryptionAlgorithm;
+    ASN1_OCTET_STRING *encryptedContent;
+    /* Content encryption algorithm and key */
+    const EVP_CIPHER *cipher;
+    unsigned char *key;
+    size_t keylen;
+    /* Set to 1 if we are debugging decrypt and don't fake keys for MMA */
+    int debug;
+};
+
+struct CMS_RecipientInfo_st {
+    int type;
+    union {
+        CMS_KeyTransRecipientInfo *ktri;
+        CMS_KeyAgreeRecipientInfo *kari;
+        CMS_KEKRecipientInfo *kekri;
+        CMS_PasswordRecipientInfo *pwri;
+        CMS_OtherRecipientInfo *ori;
+    } d;
+};
+
+typedef CMS_SignerIdentifier CMS_RecipientIdentifier;
+
+struct CMS_KeyTransRecipientInfo_st {
+    int32_t version;
+    CMS_RecipientIdentifier *rid;
+    X509_ALGOR *keyEncryptionAlgorithm;
+    ASN1_OCTET_STRING *encryptedKey;
+    /* Recipient Key and cert */
+    X509 *recip;
+    EVP_PKEY *pkey;
+    /* Public key context for this operation */
+    EVP_PKEY_CTX *pctx;
+};
+
+struct CMS_KeyAgreeRecipientInfo_st {
+    int32_t version;
+    CMS_OriginatorIdentifierOrKey *originator;
+    ASN1_OCTET_STRING *ukm;
+    X509_ALGOR *keyEncryptionAlgorithm;
+    STACK_OF(CMS_RecipientEncryptedKey) *recipientEncryptedKeys;
+    /* Public key context associated with current operation */
+    EVP_PKEY_CTX *pctx;
+    /* Cipher context for CEK wrapping */
+    EVP_CIPHER_CTX *ctx;
+};
+
+struct CMS_OriginatorIdentifierOrKey_st {
+    int type;
+    union {
+        CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
+        ASN1_OCTET_STRING *subjectKeyIdentifier;
+        CMS_OriginatorPublicKey *originatorKey;
+    } d;
+};
+
+struct CMS_OriginatorPublicKey_st {
+    X509_ALGOR *algorithm;
+    ASN1_BIT_STRING *publicKey;
+};
+
+struct CMS_RecipientEncryptedKey_st {
+    CMS_KeyAgreeRecipientIdentifier *rid;
+    ASN1_OCTET_STRING *encryptedKey;
+    /* Public key associated with this recipient */
+    EVP_PKEY *pkey;
+};
+
+struct CMS_KeyAgreeRecipientIdentifier_st {
+    int type;
+    union {
+        CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
+        CMS_RecipientKeyIdentifier *rKeyId;
+    } d;
+};
+
+struct CMS_RecipientKeyIdentifier_st {
+    ASN1_OCTET_STRING *subjectKeyIdentifier;
+    ASN1_GENERALIZEDTIME *date;
+    CMS_OtherKeyAttribute *other;
+};
+
+struct CMS_KEKRecipientInfo_st {
+    int32_t version;
+    CMS_KEKIdentifier *kekid;
+    X509_ALGOR *keyEncryptionAlgorithm;
+    ASN1_OCTET_STRING *encryptedKey;
+    /* Extra info: symmetric key to use */
+    unsigned char *key;
+    size_t keylen;
+};
+
+struct CMS_KEKIdentifier_st {
+    ASN1_OCTET_STRING *keyIdentifier;
+    ASN1_GENERALIZEDTIME *date;
+    CMS_OtherKeyAttribute *other;
+};
+
+struct CMS_PasswordRecipientInfo_st {
+    int32_t version;
+    X509_ALGOR *keyDerivationAlgorithm;
+    X509_ALGOR *keyEncryptionAlgorithm;
+    ASN1_OCTET_STRING *encryptedKey;
+    /* Extra info: password to use */
+    unsigned char *pass;
+    size_t passlen;
+};
+
+struct CMS_OtherRecipientInfo_st {
+    ASN1_OBJECT *oriType;
+    ASN1_TYPE *oriValue;
+};
+
+struct CMS_DigestedData_st {
+    int32_t version;
+    X509_ALGOR *digestAlgorithm;
+    CMS_EncapsulatedContentInfo *encapContentInfo;
+    ASN1_OCTET_STRING *digest;
+};
+
+struct CMS_EncryptedData_st {
+    int32_t version;
+    CMS_EncryptedContentInfo *encryptedContentInfo;
+    STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs;
+};
+
+struct CMS_AuthenticatedData_st {
+    int32_t version;
+    CMS_OriginatorInfo *originatorInfo;
+    STACK_OF(CMS_RecipientInfo) *recipientInfos;
+    X509_ALGOR *macAlgorithm;
+    X509_ALGOR *digestAlgorithm;
+    CMS_EncapsulatedContentInfo *encapContentInfo;
+    STACK_OF(X509_ATTRIBUTE) *authAttrs;
+    ASN1_OCTET_STRING *mac;
+    STACK_OF(X509_ATTRIBUTE) *unauthAttrs;
+};
+
+struct CMS_CompressedData_st {
+    int32_t version;
+    X509_ALGOR *compressionAlgorithm;
+    STACK_OF(CMS_RecipientInfo) *recipientInfos;
+    CMS_EncapsulatedContentInfo *encapContentInfo;
+};
+
+struct CMS_RevocationInfoChoice_st {
+    int type;
+    union {
+        X509_CRL *crl;
+        CMS_OtherRevocationInfoFormat *other;
+    } d;
+};
+
+# define CMS_REVCHOICE_CRL               0
+# define CMS_REVCHOICE_OTHER             1
+
+struct CMS_OtherRevocationInfoFormat_st {
+    ASN1_OBJECT *otherRevInfoFormat;
+    ASN1_TYPE *otherRevInfo;
+};
+
+struct CMS_CertificateChoices {
+    int type;
+    union {
+        X509 *certificate;
+        ASN1_STRING *extendedCertificate; /* Obsolete */
+        ASN1_STRING *v1AttrCert; /* Left encoded for now */
+        ASN1_STRING *v2AttrCert; /* Left encoded for now */
+        CMS_OtherCertificateFormat *other;
+    } d;
+};
+
+# define CMS_CERTCHOICE_CERT             0
+# define CMS_CERTCHOICE_EXCERT           1
+# define CMS_CERTCHOICE_V1ACERT          2
+# define CMS_CERTCHOICE_V2ACERT          3
+# define CMS_CERTCHOICE_OTHER            4
+
+struct CMS_OtherCertificateFormat_st {
+    ASN1_OBJECT *otherCertFormat;
+    ASN1_TYPE *otherCert;
+};
+
+/*
+ * This is also defined in pkcs7.h but we duplicate it to allow the CMS code
+ * to be independent of PKCS#7
+ */
+
+struct CMS_IssuerAndSerialNumber_st {
+    X509_NAME *issuer;
+    ASN1_INTEGER *serialNumber;
+};
+
+struct CMS_OtherKeyAttribute_st {
+    ASN1_OBJECT *keyAttrId;
+    ASN1_TYPE *keyAttr;
+};
+
+/* ESS structures */
+
+# ifdef HEADER_X509V3_H
+
+struct CMS_ReceiptRequest_st {
+    ASN1_OCTET_STRING *signedContentIdentifier;
+    CMS_ReceiptsFrom *receiptsFrom;
+    STACK_OF(GENERAL_NAMES) *receiptsTo;
+};
+
+struct CMS_ReceiptsFrom_st {
+    int type;
+    union {
+        int32_t allOrFirstTier;
+        STACK_OF(GENERAL_NAMES) *receiptList;
+    } d;
+};
+# endif
+
+struct CMS_Receipt_st {
+    int32_t version;
+    ASN1_OBJECT *contentType;
+    ASN1_OCTET_STRING *signedContentIdentifier;
+    ASN1_OCTET_STRING *originatorSignatureValue;
+};
+
+DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
+DECLARE_ASN1_ITEM(CMS_SignerInfo)
+DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber)
+DECLARE_ASN1_ITEM(CMS_Attributes_Sign)
+DECLARE_ASN1_ITEM(CMS_Attributes_Verify)
+DECLARE_ASN1_ITEM(CMS_RecipientInfo)
+DECLARE_ASN1_ITEM(CMS_PasswordRecipientInfo)
+DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerAndSerialNumber)
+
+# define CMS_SIGNERINFO_ISSUER_SERIAL    0
+# define CMS_SIGNERINFO_KEYIDENTIFIER    1
+
+# define CMS_RECIPINFO_ISSUER_SERIAL     0
+# define CMS_RECIPINFO_KEYIDENTIFIER     1
+
+# define CMS_REK_ISSUER_SERIAL           0
+# define CMS_REK_KEYIDENTIFIER           1
+
+# define CMS_OIK_ISSUER_SERIAL           0
+# define CMS_OIK_KEYIDENTIFIER           1
+# define CMS_OIK_PUBKEY                  2
+
+BIO *cms_content_bio(CMS_ContentInfo *cms);
+
+CMS_ContentInfo *cms_Data_create(void);
+
+CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md);
+BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms);
+int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify);
+
+BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms);
+int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain);
+int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert,
+                              int type);
+int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid,
+                                        ASN1_OCTET_STRING **keyid,
+                                        X509_NAME **issuer,
+                                        ASN1_INTEGER **sno);
+int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert);
+
+CMS_ContentInfo *cms_CompressedData_create(int comp_nid);
+BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms);
+
+BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm);
+int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
+                                 X509_ALGOR *mdalg);
+
+int cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert);
+int cms_keyid_cert_cmp(ASN1_OCTET_STRING *keyid, X509 *cert);
+int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert);
+int cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert);
+
+BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec);
+BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms);
+int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec,
+                              const EVP_CIPHER *cipher,
+                              const unsigned char *key, size_t keylen);
+
+int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms);
+int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src);
+ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si);
+
+BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms);
+CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms);
+int cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd);
+int cms_pkey_get_ri_type(EVP_PKEY *pk);
+/* KARI routines */
+int cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip,
+                                EVP_PKEY *pk, unsigned int flags);
+int cms_RecipientInfo_kari_encrypt(CMS_ContentInfo *cms,
+                                   CMS_RecipientInfo *ri);
+
+/* PWRI routines */
+int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
+                                 int en_de);
+
+DECLARE_ASN1_ITEM(CMS_CertificateChoices)
+DECLARE_ASN1_ITEM(CMS_DigestedData)
+DECLARE_ASN1_ITEM(CMS_EncryptedData)
+DECLARE_ASN1_ITEM(CMS_EnvelopedData)
+DECLARE_ASN1_ITEM(CMS_KEKRecipientInfo)
+DECLARE_ASN1_ITEM(CMS_KeyAgreeRecipientInfo)
+DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo)
+DECLARE_ASN1_ITEM(CMS_OriginatorPublicKey)
+DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute)
+DECLARE_ASN1_ITEM(CMS_Receipt)
+DECLARE_ASN1_ITEM(CMS_ReceiptRequest)
+DECLARE_ASN1_ITEM(CMS_RecipientEncryptedKey)
+DECLARE_ASN1_ITEM(CMS_RecipientKeyIdentifier)
+DECLARE_ASN1_ITEM(CMS_RevocationInfoChoice)
+DECLARE_ASN1_ITEM(CMS_SignedData)
+DECLARE_ASN1_ITEM(CMS_CompressedData)
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_lib.c
new file mode 100644
index 000000000..c2cac2601
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_lib.c
@@ -0,0 +1,587 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/bio.h>
+#include <openssl/asn1.h>
+#include <openssl/cms.h>
+#include "cms_lcl.h"
+
+IMPLEMENT_ASN1_FUNCTIONS(CMS_ContentInfo)
+IMPLEMENT_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
+
+const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms)
+{
+    return cms->contentType;
+}
+
+CMS_ContentInfo *cms_Data_create(void)
+{
+    CMS_ContentInfo *cms;
+    cms = CMS_ContentInfo_new();
+    if (cms != NULL) {
+        cms->contentType = OBJ_nid2obj(NID_pkcs7_data);
+        /* Never detached */
+        CMS_set_detached(cms, 0);
+    }
+    return cms;
+}
+
+BIO *cms_content_bio(CMS_ContentInfo *cms)
+{
+    ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
+    if (!pos)
+        return NULL;
+    /* If content detached data goes nowhere: create NULL BIO */
+    if (!*pos)
+        return BIO_new(BIO_s_null());
+    /*
+     * If content not detached and created return memory BIO
+     */
+    if (!*pos || ((*pos)->flags == ASN1_STRING_FLAG_CONT))
+        return BIO_new(BIO_s_mem());
+    /* Else content was read in: return read only BIO for it */
+    return BIO_new_mem_buf((*pos)->data, (*pos)->length);
+}
+
+BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont)
+{
+    BIO *cmsbio, *cont;
+    if (icont)
+        cont = icont;
+    else
+        cont = cms_content_bio(cms);
+    if (!cont) {
+        CMSerr(CMS_F_CMS_DATAINIT, CMS_R_NO_CONTENT);
+        return NULL;
+    }
+    switch (OBJ_obj2nid(cms->contentType)) {
+
+    case NID_pkcs7_data:
+        return cont;
+
+    case NID_pkcs7_signed:
+        cmsbio = cms_SignedData_init_bio(cms);
+        break;
+
+    case NID_pkcs7_digest:
+        cmsbio = cms_DigestedData_init_bio(cms);
+        break;
+#ifdef ZLIB
+    case NID_id_smime_ct_compressedData:
+        cmsbio = cms_CompressedData_init_bio(cms);
+        break;
+#endif
+
+    case NID_pkcs7_encrypted:
+        cmsbio = cms_EncryptedData_init_bio(cms);
+        break;
+
+    case NID_pkcs7_enveloped:
+        cmsbio = cms_EnvelopedData_init_bio(cms);
+        break;
+
+    default:
+        CMSerr(CMS_F_CMS_DATAINIT, CMS_R_UNSUPPORTED_TYPE);
+        return NULL;
+    }
+
+    if (cmsbio)
+        return BIO_push(cmsbio, cont);
+
+    if (!icont)
+        BIO_free(cont);
+    return NULL;
+
+}
+
+int CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio)
+{
+    ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
+    if (!pos)
+        return 0;
+    /* If embedded content find memory BIO and set content */
+    if (*pos && ((*pos)->flags & ASN1_STRING_FLAG_CONT)) {
+        BIO *mbio;
+        unsigned char *cont;
+        long contlen;
+        mbio = BIO_find_type(cmsbio, BIO_TYPE_MEM);
+        if (!mbio) {
+            CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_CONTENT_NOT_FOUND);
+            return 0;
+        }
+        contlen = BIO_get_mem_data(mbio, &cont);
+        /* Set bio as read only so its content can't be clobbered */
+        BIO_set_flags(mbio, BIO_FLAGS_MEM_RDONLY);
+        BIO_set_mem_eof_return(mbio, 0);
+        ASN1_STRING_set0(*pos, cont, contlen);
+        (*pos)->flags &= ~ASN1_STRING_FLAG_CONT;
+    }
+
+    switch (OBJ_obj2nid(cms->contentType)) {
+
+    case NID_pkcs7_data:
+    case NID_pkcs7_enveloped:
+    case NID_pkcs7_encrypted:
+    case NID_id_smime_ct_compressedData:
+        /* Nothing to do */
+        return 1;
+
+    case NID_pkcs7_signed:
+        return cms_SignedData_final(cms, cmsbio);
+
+    case NID_pkcs7_digest:
+        return cms_DigestedData_do_final(cms, cmsbio, 0);
+
+    default:
+        CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_UNSUPPORTED_TYPE);
+        return 0;
+    }
+}
+
+/*
+ * Return an OCTET STRING pointer to content. This allows it to be accessed
+ * or set later.
+ */
+
+ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms)
+{
+    switch (OBJ_obj2nid(cms->contentType)) {
+
+    case NID_pkcs7_data:
+        return &cms->d.data;
+
+    case NID_pkcs7_signed:
+        return &cms->d.signedData->encapContentInfo->eContent;
+
+    case NID_pkcs7_enveloped:
+        return &cms->d.envelopedData->encryptedContentInfo->encryptedContent;
+
+    case NID_pkcs7_digest:
+        return &cms->d.digestedData->encapContentInfo->eContent;
+
+    case NID_pkcs7_encrypted:
+        return &cms->d.encryptedData->encryptedContentInfo->encryptedContent;
+
+    case NID_id_smime_ct_authData:
+        return &cms->d.authenticatedData->encapContentInfo->eContent;
+
+    case NID_id_smime_ct_compressedData:
+        return &cms->d.compressedData->encapContentInfo->eContent;
+
+    default:
+        if (cms->d.other->type == V_ASN1_OCTET_STRING)
+            return &cms->d.other->value.octet_string;
+        CMSerr(CMS_F_CMS_GET0_CONTENT, CMS_R_UNSUPPORTED_CONTENT_TYPE);
+        return NULL;
+
+    }
+}
+
+/*
+ * Return an ASN1_OBJECT pointer to content type. This allows it to be
+ * accessed or set later.
+ */
+
+static ASN1_OBJECT **cms_get0_econtent_type(CMS_ContentInfo *cms)
+{
+    switch (OBJ_obj2nid(cms->contentType)) {
+
+    case NID_pkcs7_signed:
+        return &cms->d.signedData->encapContentInfo->eContentType;
+
+    case NID_pkcs7_enveloped:
+        return &cms->d.envelopedData->encryptedContentInfo->contentType;
+
+    case NID_pkcs7_digest:
+        return &cms->d.digestedData->encapContentInfo->eContentType;
+
+    case NID_pkcs7_encrypted:
+        return &cms->d.encryptedData->encryptedContentInfo->contentType;
+
+    case NID_id_smime_ct_authData:
+        return &cms->d.authenticatedData->encapContentInfo->eContentType;
+
+    case NID_id_smime_ct_compressedData:
+        return &cms->d.compressedData->encapContentInfo->eContentType;
+
+    default:
+        CMSerr(CMS_F_CMS_GET0_ECONTENT_TYPE, CMS_R_UNSUPPORTED_CONTENT_TYPE);
+        return NULL;
+
+    }
+}
+
+const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms)
+{
+    ASN1_OBJECT **petype;
+    petype = cms_get0_econtent_type(cms);
+    if (petype)
+        return *petype;
+    return NULL;
+}
+
+int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid)
+{
+    ASN1_OBJECT **petype, *etype;
+    petype = cms_get0_econtent_type(cms);
+    if (!petype)
+        return 0;
+    if (!oid)
+        return 1;
+    etype = OBJ_dup(oid);
+    if (!etype)
+        return 0;
+    ASN1_OBJECT_free(*petype);
+    *petype = etype;
+    return 1;
+}
+
+int CMS_is_detached(CMS_ContentInfo *cms)
+{
+    ASN1_OCTET_STRING **pos;
+    pos = CMS_get0_content(cms);
+    if (!pos)
+        return -1;
+    if (*pos)
+        return 0;
+    return 1;
+}
+
+int CMS_set_detached(CMS_ContentInfo *cms, int detached)
+{
+    ASN1_OCTET_STRING **pos;
+    pos = CMS_get0_content(cms);
+    if (!pos)
+        return 0;
+    if (detached) {
+        ASN1_OCTET_STRING_free(*pos);
+        *pos = NULL;
+        return 1;
+    }
+    if (*pos == NULL)
+        *pos = ASN1_OCTET_STRING_new();
+    if (*pos != NULL) {
+        /*
+         * NB: special flag to show content is created and not read in.
+         */
+        (*pos)->flags |= ASN1_STRING_FLAG_CONT;
+        return 1;
+    }
+    CMSerr(CMS_F_CMS_SET_DETACHED, ERR_R_MALLOC_FAILURE);
+    return 0;
+}
+
+/* Create a digest BIO from an X509_ALGOR structure */
+
+BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm)
+{
+    BIO *mdbio = NULL;
+    const ASN1_OBJECT *digestoid;
+    const EVP_MD *digest;
+    X509_ALGOR_get0(&digestoid, NULL, NULL, digestAlgorithm);
+    digest = EVP_get_digestbyobj(digestoid);
+    if (!digest) {
+        CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO,
+               CMS_R_UNKNOWN_DIGEST_ALGORITHM);
+        goto err;
+    }
+    mdbio = BIO_new(BIO_f_md());
+    if (mdbio == NULL || !BIO_set_md(mdbio, digest)) {
+        CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO, CMS_R_MD_BIO_INIT_ERROR);
+        goto err;
+    }
+    return mdbio;
+ err:
+    BIO_free(mdbio);
+    return NULL;
+}
+
+/* Locate a message digest content from a BIO chain based on SignerInfo */
+
+int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
+                                 X509_ALGOR *mdalg)
+{
+    int nid;
+    const ASN1_OBJECT *mdoid;
+    X509_ALGOR_get0(&mdoid, NULL, NULL, mdalg);
+    nid = OBJ_obj2nid(mdoid);
+    /* Look for digest type to match signature */
+    for (;;) {
+        EVP_MD_CTX *mtmp;
+        chain = BIO_find_type(chain, BIO_TYPE_MD);
+        if (chain == NULL) {
+            CMSerr(CMS_F_CMS_DIGESTALGORITHM_FIND_CTX,
+                   CMS_R_NO_MATCHING_DIGEST);
+            return 0;
+        }
+        BIO_get_md_ctx(chain, &mtmp);
+        if (EVP_MD_CTX_type(mtmp) == nid
+            /*
+             * Workaround for broken implementations that use signature
+             * algorithm OID instead of digest.
+             */
+            || EVP_MD_pkey_type(EVP_MD_CTX_md(mtmp)) == nid)
+            return EVP_MD_CTX_copy_ex(mctx, mtmp);
+        chain = BIO_next(chain);
+    }
+}
+
+static STACK_OF(CMS_CertificateChoices)
+**cms_get0_certificate_choices(CMS_ContentInfo *cms)
+{
+    switch (OBJ_obj2nid(cms->contentType)) {
+
+    case NID_pkcs7_signed:
+        return &cms->d.signedData->certificates;
+
+    case NID_pkcs7_enveloped:
+        if (cms->d.envelopedData->originatorInfo == NULL)
+            return NULL;
+        return &cms->d.envelopedData->originatorInfo->certificates;
+
+    default:
+        CMSerr(CMS_F_CMS_GET0_CERTIFICATE_CHOICES,
+               CMS_R_UNSUPPORTED_CONTENT_TYPE);
+        return NULL;
+
+    }
+}
+
+CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms)
+{
+    STACK_OF(CMS_CertificateChoices) **pcerts;
+    CMS_CertificateChoices *cch;
+    pcerts = cms_get0_certificate_choices(cms);
+    if (!pcerts)
+        return NULL;
+    if (!*pcerts)
+        *pcerts = sk_CMS_CertificateChoices_new_null();
+    if (!*pcerts)
+        return NULL;
+    cch = M_ASN1_new_of(CMS_CertificateChoices);
+    if (!cch)
+        return NULL;
+    if (!sk_CMS_CertificateChoices_push(*pcerts, cch)) {
+        M_ASN1_free_of(cch, CMS_CertificateChoices);
+        return NULL;
+    }
+    return cch;
+}
+
+int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert)
+{
+    CMS_CertificateChoices *cch;
+    STACK_OF(CMS_CertificateChoices) **pcerts;
+    int i;
+    pcerts = cms_get0_certificate_choices(cms);
+    if (!pcerts)
+        return 0;
+    for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) {
+        cch = sk_CMS_CertificateChoices_value(*pcerts, i);
+        if (cch->type == CMS_CERTCHOICE_CERT) {
+            if (!X509_cmp(cch->d.certificate, cert)) {
+                CMSerr(CMS_F_CMS_ADD0_CERT,
+                       CMS_R_CERTIFICATE_ALREADY_PRESENT);
+                return 0;
+            }
+        }
+    }
+    cch = CMS_add0_CertificateChoices(cms);
+    if (!cch)
+        return 0;
+    cch->type = CMS_CERTCHOICE_CERT;
+    cch->d.certificate = cert;
+    return 1;
+}
+
+int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert)
+{
+    int r;
+    r = CMS_add0_cert(cms, cert);
+    if (r > 0)
+        X509_up_ref(cert);
+    return r;
+}
+
+static STACK_OF(CMS_RevocationInfoChoice)
+**cms_get0_revocation_choices(CMS_ContentInfo *cms)
+{
+    switch (OBJ_obj2nid(cms->contentType)) {
+
+    case NID_pkcs7_signed:
+        return &cms->d.signedData->crls;
+
+    case NID_pkcs7_enveloped:
+        if (cms->d.envelopedData->originatorInfo == NULL)
+            return NULL;
+        return &cms->d.envelopedData->originatorInfo->crls;
+
+    default:
+        CMSerr(CMS_F_CMS_GET0_REVOCATION_CHOICES,
+               CMS_R_UNSUPPORTED_CONTENT_TYPE);
+        return NULL;
+
+    }
+}
+
+CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms)
+{
+    STACK_OF(CMS_RevocationInfoChoice) **pcrls;
+    CMS_RevocationInfoChoice *rch;
+    pcrls = cms_get0_revocation_choices(cms);
+    if (!pcrls)
+        return NULL;
+    if (!*pcrls)
+        *pcrls = sk_CMS_RevocationInfoChoice_new_null();
+    if (!*pcrls)
+        return NULL;
+    rch = M_ASN1_new_of(CMS_RevocationInfoChoice);
+    if (!rch)
+        return NULL;
+    if (!sk_CMS_RevocationInfoChoice_push(*pcrls, rch)) {
+        M_ASN1_free_of(rch, CMS_RevocationInfoChoice);
+        return NULL;
+    }
+    return rch;
+}
+
+int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl)
+{
+    CMS_RevocationInfoChoice *rch;
+    rch = CMS_add0_RevocationInfoChoice(cms);
+    if (!rch)
+        return 0;
+    rch->type = CMS_REVCHOICE_CRL;
+    rch->d.crl = crl;
+    return 1;
+}
+
+int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl)
+{
+    int r;
+    r = CMS_add0_crl(cms, crl);
+    if (r > 0)
+        X509_CRL_up_ref(crl);
+    return r;
+}
+
+STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms)
+{
+    STACK_OF(X509) *certs = NULL;
+    CMS_CertificateChoices *cch;
+    STACK_OF(CMS_CertificateChoices) **pcerts;
+    int i;
+    pcerts = cms_get0_certificate_choices(cms);
+    if (!pcerts)
+        return NULL;
+    for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) {
+        cch = sk_CMS_CertificateChoices_value(*pcerts, i);
+        if (cch->type == 0) {
+            if (!certs) {
+                certs = sk_X509_new_null();
+                if (!certs)
+                    return NULL;
+            }
+            if (!sk_X509_push(certs, cch->d.certificate)) {
+                sk_X509_pop_free(certs, X509_free);
+                return NULL;
+            }
+            X509_up_ref(cch->d.certificate);
+        }
+    }
+    return certs;
+
+}
+
+STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms)
+{
+    STACK_OF(X509_CRL) *crls = NULL;
+    STACK_OF(CMS_RevocationInfoChoice) **pcrls;
+    CMS_RevocationInfoChoice *rch;
+    int i;
+    pcrls = cms_get0_revocation_choices(cms);
+    if (!pcrls)
+        return NULL;
+    for (i = 0; i < sk_CMS_RevocationInfoChoice_num(*pcrls); i++) {
+        rch = sk_CMS_RevocationInfoChoice_value(*pcrls, i);
+        if (rch->type == 0) {
+            if (!crls) {
+                crls = sk_X509_CRL_new_null();
+                if (!crls)
+                    return NULL;
+            }
+            if (!sk_X509_CRL_push(crls, rch->d.crl)) {
+                sk_X509_CRL_pop_free(crls, X509_CRL_free);
+                return NULL;
+            }
+            X509_CRL_up_ref(rch->d.crl);
+        }
+    }
+    return crls;
+}
+
+int cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert)
+{
+    int ret;
+    ret = X509_NAME_cmp(ias->issuer, X509_get_issuer_name(cert));
+    if (ret)
+        return ret;
+    return ASN1_INTEGER_cmp(ias->serialNumber, X509_get_serialNumber(cert));
+}
+
+int cms_keyid_cert_cmp(ASN1_OCTET_STRING *keyid, X509 *cert)
+{
+    const ASN1_OCTET_STRING *cert_keyid = X509_get0_subject_key_id(cert);
+
+    if (cert_keyid == NULL)
+        return -1;
+    return ASN1_OCTET_STRING_cmp(keyid, cert_keyid);
+}
+
+int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert)
+{
+    CMS_IssuerAndSerialNumber *ias;
+    ias = M_ASN1_new_of(CMS_IssuerAndSerialNumber);
+    if (!ias)
+        goto err;
+    if (!X509_NAME_set(&ias->issuer, X509_get_issuer_name(cert)))
+        goto err;
+    if (!ASN1_STRING_copy(ias->serialNumber, X509_get_serialNumber(cert)))
+        goto err;
+    M_ASN1_free_of(*pias, CMS_IssuerAndSerialNumber);
+    *pias = ias;
+    return 1;
+ err:
+    M_ASN1_free_of(ias, CMS_IssuerAndSerialNumber);
+    CMSerr(CMS_F_CMS_SET1_IAS, ERR_R_MALLOC_FAILURE);
+    return 0;
+}
+
+int cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert)
+{
+    ASN1_OCTET_STRING *keyid = NULL;
+    const ASN1_OCTET_STRING *cert_keyid;
+    cert_keyid = X509_get0_subject_key_id(cert);
+    if (cert_keyid == NULL) {
+        CMSerr(CMS_F_CMS_SET1_KEYID, CMS_R_CERTIFICATE_HAS_NO_KEYID);
+        return 0;
+    }
+    keyid = ASN1_STRING_dup(cert_keyid);
+    if (!keyid) {
+        CMSerr(CMS_F_CMS_SET1_KEYID, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ASN1_OCTET_STRING_free(*pkeyid);
+    *pkeyid = keyid;
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_pwri.c b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_pwri.c
new file mode 100644
index 000000000..26e3bdcf9
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_pwri.c
@@ -0,0 +1,394 @@
+/*
+ * Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include <openssl/rand.h>
+#include <openssl/aes.h>
+#include "cms_lcl.h"
+#include "internal/asn1_int.h"
+
+int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri,
+                                    unsigned char *pass, ossl_ssize_t passlen)
+{
+    CMS_PasswordRecipientInfo *pwri;
+    if (ri->type != CMS_RECIPINFO_PASS) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD, CMS_R_NOT_PWRI);
+        return 0;
+    }
+
+    pwri = ri->d.pwri;
+    pwri->pass = pass;
+    if (pass && passlen < 0)
+        passlen = strlen((char *)pass);
+    pwri->passlen = passlen;
+    return 1;
+}
+
+CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
+                                               int iter, int wrap_nid,
+                                               int pbe_nid,
+                                               unsigned char *pass,
+                                               ossl_ssize_t passlen,
+                                               const EVP_CIPHER *kekciph)
+{
+    CMS_RecipientInfo *ri = NULL;
+    CMS_EnvelopedData *env;
+    CMS_PasswordRecipientInfo *pwri;
+    EVP_CIPHER_CTX *ctx = NULL;
+    X509_ALGOR *encalg = NULL;
+    unsigned char iv[EVP_MAX_IV_LENGTH];
+    int ivlen;
+
+    env = cms_get0_enveloped(cms);
+    if (!env)
+        return NULL;
+
+    if (wrap_nid <= 0)
+        wrap_nid = NID_id_alg_PWRI_KEK;
+
+    if (pbe_nid <= 0)
+        pbe_nid = NID_id_pbkdf2;
+
+    /* Get from enveloped data */
+    if (kekciph == NULL)
+        kekciph = env->encryptedContentInfo->cipher;
+
+    if (kekciph == NULL) {
+        CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, CMS_R_NO_CIPHER);
+        return NULL;
+    }
+    if (wrap_nid != NID_id_alg_PWRI_KEK) {
+        CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD,
+               CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM);
+        return NULL;
+    }
+
+    /* Setup algorithm identifier for cipher */
+    encalg = X509_ALGOR_new();
+    if (encalg == NULL) {
+        goto merr;
+    }
+    ctx = EVP_CIPHER_CTX_new();
+
+    if (EVP_EncryptInit_ex(ctx, kekciph, NULL, NULL, NULL) <= 0) {
+        CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_EVP_LIB);
+        goto err;
+    }
+
+    ivlen = EVP_CIPHER_CTX_iv_length(ctx);
+
+    if (ivlen > 0) {
+        if (RAND_bytes(iv, ivlen) <= 0)
+            goto err;
+        if (EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv) <= 0) {
+            CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_EVP_LIB);
+            goto err;
+        }
+        encalg->parameter = ASN1_TYPE_new();
+        if (!encalg->parameter) {
+            CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (EVP_CIPHER_param_to_asn1(ctx, encalg->parameter) <= 0) {
+            CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD,
+                   CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
+            goto err;
+        }
+    }
+
+    encalg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx));
+
+    EVP_CIPHER_CTX_free(ctx);
+    ctx = NULL;
+
+    /* Initialize recipient info */
+    ri = M_ASN1_new_of(CMS_RecipientInfo);
+    if (ri == NULL)
+        goto merr;
+
+    ri->d.pwri = M_ASN1_new_of(CMS_PasswordRecipientInfo);
+    if (ri->d.pwri == NULL)
+        goto merr;
+    ri->type = CMS_RECIPINFO_PASS;
+
+    pwri = ri->d.pwri;
+    /* Since this is overwritten, free up empty structure already there */
+    X509_ALGOR_free(pwri->keyEncryptionAlgorithm);
+    pwri->keyEncryptionAlgorithm = X509_ALGOR_new();
+    if (pwri->keyEncryptionAlgorithm == NULL)
+        goto merr;
+    pwri->keyEncryptionAlgorithm->algorithm = OBJ_nid2obj(wrap_nid);
+    pwri->keyEncryptionAlgorithm->parameter = ASN1_TYPE_new();
+    if (pwri->keyEncryptionAlgorithm->parameter == NULL)
+        goto merr;
+
+    if (!ASN1_item_pack(encalg, ASN1_ITEM_rptr(X509_ALGOR),
+                        &pwri->keyEncryptionAlgorithm->parameter->
+                        value.sequence))
+         goto merr;
+    pwri->keyEncryptionAlgorithm->parameter->type = V_ASN1_SEQUENCE;
+
+    X509_ALGOR_free(encalg);
+    encalg = NULL;
+
+    /* Setup PBE algorithm */
+
+    pwri->keyDerivationAlgorithm = PKCS5_pbkdf2_set(iter, NULL, 0, -1, -1);
+
+    if (!pwri->keyDerivationAlgorithm)
+        goto err;
+
+    CMS_RecipientInfo_set0_password(ri, pass, passlen);
+    pwri->version = 0;
+
+    if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
+        goto merr;
+
+    return ri;
+
+ merr:
+    CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_MALLOC_FAILURE);
+ err:
+    EVP_CIPHER_CTX_free(ctx);
+    if (ri)
+        M_ASN1_free_of(ri, CMS_RecipientInfo);
+    X509_ALGOR_free(encalg);
+    return NULL;
+
+}
+
+/*
+ * This is an implementation of the key wrapping mechanism in RFC3211, at
+ * some point this should go into EVP.
+ */
+
+static int kek_unwrap_key(unsigned char *out, size_t *outlen,
+                          const unsigned char *in, size_t inlen,
+                          EVP_CIPHER_CTX *ctx)
+{
+    size_t blocklen = EVP_CIPHER_CTX_block_size(ctx);
+    unsigned char *tmp;
+    int outl, rv = 0;
+    if (inlen < 2 * blocklen) {
+        /* too small */
+        return 0;
+    }
+    if (inlen % blocklen) {
+        /* Invalid size */
+        return 0;
+    }
+    if ((tmp = OPENSSL_malloc(inlen)) == NULL) {
+        CMSerr(CMS_F_KEK_UNWRAP_KEY, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    /* setup IV by decrypting last two blocks */
+    if (!EVP_DecryptUpdate(ctx, tmp + inlen - 2 * blocklen, &outl,
+                           in + inlen - 2 * blocklen, blocklen * 2)
+        /*
+         * Do a decrypt of last decrypted block to set IV to correct value
+         * output it to start of buffer so we don't corrupt decrypted block
+         * this works because buffer is at least two block lengths long.
+         */
+        || !EVP_DecryptUpdate(ctx, tmp, &outl,
+                              tmp + inlen - blocklen, blocklen)
+        /* Can now decrypt first n - 1 blocks */
+        || !EVP_DecryptUpdate(ctx, tmp, &outl, in, inlen - blocklen)
+
+        /* Reset IV to original value */
+        || !EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, NULL)
+        /* Decrypt again */
+        || !EVP_DecryptUpdate(ctx, tmp, &outl, tmp, inlen))
+        goto err;
+    /* Check check bytes */
+    if (((tmp[1] ^ tmp[4]) & (tmp[2] ^ tmp[5]) & (tmp[3] ^ tmp[6])) != 0xff) {
+        /* Check byte failure */
+        goto err;
+    }
+    if (inlen < (size_t)(tmp[0] - 4)) {
+        /* Invalid length value */
+        goto err;
+    }
+    *outlen = (size_t)tmp[0];
+    memcpy(out, tmp + 4, *outlen);
+    rv = 1;
+ err:
+    OPENSSL_clear_free(tmp, inlen);
+    return rv;
+
+}
+
+static int kek_wrap_key(unsigned char *out, size_t *outlen,
+                        const unsigned char *in, size_t inlen,
+                        EVP_CIPHER_CTX *ctx)
+{
+    size_t blocklen = EVP_CIPHER_CTX_block_size(ctx);
+    size_t olen;
+    int dummy;
+    /*
+     * First decide length of output buffer: need header and round up to
+     * multiple of block length.
+     */
+    olen = (inlen + 4 + blocklen - 1) / blocklen;
+    olen *= blocklen;
+    if (olen < 2 * blocklen) {
+        /* Key too small */
+        return 0;
+    }
+    if (inlen > 0xFF) {
+        /* Key too large */
+        return 0;
+    }
+    if (out) {
+        /* Set header */
+        out[0] = (unsigned char)inlen;
+        out[1] = in[0] ^ 0xFF;
+        out[2] = in[1] ^ 0xFF;
+        out[3] = in[2] ^ 0xFF;
+        memcpy(out + 4, in, inlen);
+        /* Add random padding to end */
+        if (olen > inlen + 4
+            && RAND_bytes(out + 4 + inlen, olen - 4 - inlen) <= 0)
+            return 0;
+        /* Encrypt twice */
+        if (!EVP_EncryptUpdate(ctx, out, &dummy, out, olen)
+            || !EVP_EncryptUpdate(ctx, out, &dummy, out, olen))
+            return 0;
+    }
+
+    *outlen = olen;
+
+    return 1;
+}
+
+/* Encrypt/Decrypt content key in PWRI recipient info */
+
+int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
+                                 int en_de)
+{
+    CMS_EncryptedContentInfo *ec;
+    CMS_PasswordRecipientInfo *pwri;
+    int r = 0;
+    X509_ALGOR *algtmp, *kekalg = NULL;
+    EVP_CIPHER_CTX *kekctx = NULL;
+    const EVP_CIPHER *kekcipher;
+    unsigned char *key = NULL;
+    size_t keylen;
+
+    ec = cms->d.envelopedData->encryptedContentInfo;
+
+    pwri = ri->d.pwri;
+
+    if (!pwri->pass) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_NO_PASSWORD);
+        return 0;
+    }
+    algtmp = pwri->keyEncryptionAlgorithm;
+
+    if (!algtmp || OBJ_obj2nid(algtmp->algorithm) != NID_id_alg_PWRI_KEK) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
+               CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM);
+        return 0;
+    }
+
+    kekalg = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(X509_ALGOR),
+                                       algtmp->parameter);
+
+    if (kekalg == NULL) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
+               CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER);
+        return 0;
+    }
+
+    kekcipher = EVP_get_cipherbyobj(kekalg->algorithm);
+
+    if (!kekcipher) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_UNKNOWN_CIPHER);
+        return 0;
+    }
+
+    kekctx = EVP_CIPHER_CTX_new();
+    if (kekctx == NULL) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    /* Fixup cipher based on AlgorithmIdentifier to set IV etc */
+    if (!EVP_CipherInit_ex(kekctx, kekcipher, NULL, NULL, NULL, en_de))
+        goto err;
+    EVP_CIPHER_CTX_set_padding(kekctx, 0);
+    if (EVP_CIPHER_asn1_to_param(kekctx, kekalg->parameter) <= 0) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
+               CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
+        goto err;
+    }
+
+    algtmp = pwri->keyDerivationAlgorithm;
+
+    /* Finish password based key derivation to setup key in "ctx" */
+
+    if (EVP_PBE_CipherInit(algtmp->algorithm,
+                           (char *)pwri->pass, pwri->passlen,
+                           algtmp->parameter, kekctx, en_de) < 0) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_EVP_LIB);
+        goto err;
+    }
+
+    /* Finally wrap/unwrap the key */
+
+    if (en_de) {
+
+        if (!kek_wrap_key(NULL, &keylen, ec->key, ec->keylen, kekctx))
+            goto err;
+
+        key = OPENSSL_malloc(keylen);
+
+        if (key == NULL)
+            goto err;
+
+        if (!kek_wrap_key(key, &keylen, ec->key, ec->keylen, kekctx))
+            goto err;
+        pwri->encryptedKey->data = key;
+        pwri->encryptedKey->length = keylen;
+    } else {
+        key = OPENSSL_malloc(pwri->encryptedKey->length);
+
+        if (key == NULL) {
+            CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (!kek_unwrap_key(key, &keylen,
+                            pwri->encryptedKey->data,
+                            pwri->encryptedKey->length, kekctx)) {
+            CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_UNWRAP_FAILURE);
+            goto err;
+        }
+
+        OPENSSL_clear_free(ec->key, ec->keylen);
+        ec->key = key;
+        ec->keylen = keylen;
+
+    }
+
+    r = 1;
+
+ err:
+
+    EVP_CIPHER_CTX_free(kekctx);
+
+    if (!r)
+        OPENSSL_free(key);
+    X509_ALGOR_free(kekalg);
+
+    return r;
+
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_sd.c b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_sd.c
new file mode 100644
index 000000000..ff2d540b6
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_sd.c
@@ -0,0 +1,926 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include "cms_lcl.h"
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
+
+/* CMS SignedData Utilities */
+
+static CMS_SignedData *cms_get0_signed(CMS_ContentInfo *cms)
+{
+    if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_signed) {
+        CMSerr(CMS_F_CMS_GET0_SIGNED, CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA);
+        return NULL;
+    }
+    return cms->d.signedData;
+}
+
+static CMS_SignedData *cms_signed_data_init(CMS_ContentInfo *cms)
+{
+    if (cms->d.other == NULL) {
+        cms->d.signedData = M_ASN1_new_of(CMS_SignedData);
+        if (!cms->d.signedData) {
+            CMSerr(CMS_F_CMS_SIGNED_DATA_INIT, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+        cms->d.signedData->version = 1;
+        cms->d.signedData->encapContentInfo->eContentType =
+            OBJ_nid2obj(NID_pkcs7_data);
+        cms->d.signedData->encapContentInfo->partial = 1;
+        ASN1_OBJECT_free(cms->contentType);
+        cms->contentType = OBJ_nid2obj(NID_pkcs7_signed);
+        return cms->d.signedData;
+    }
+    return cms_get0_signed(cms);
+}
+
+/* Just initialise SignedData e.g. for certs only structure */
+
+int CMS_SignedData_init(CMS_ContentInfo *cms)
+{
+    if (cms_signed_data_init(cms))
+        return 1;
+    else
+        return 0;
+}
+
+/* Check structures and fixup version numbers (if necessary) */
+
+static void cms_sd_set_version(CMS_SignedData *sd)
+{
+    int i;
+    CMS_CertificateChoices *cch;
+    CMS_RevocationInfoChoice *rch;
+    CMS_SignerInfo *si;
+
+    for (i = 0; i < sk_CMS_CertificateChoices_num(sd->certificates); i++) {
+        cch = sk_CMS_CertificateChoices_value(sd->certificates, i);
+        if (cch->type == CMS_CERTCHOICE_OTHER) {
+            if (sd->version < 5)
+                sd->version = 5;
+        } else if (cch->type == CMS_CERTCHOICE_V2ACERT) {
+            if (sd->version < 4)
+                sd->version = 4;
+        } else if (cch->type == CMS_CERTCHOICE_V1ACERT) {
+            if (sd->version < 3)
+                sd->version = 3;
+        }
+    }
+
+    for (i = 0; i < sk_CMS_RevocationInfoChoice_num(sd->crls); i++) {
+        rch = sk_CMS_RevocationInfoChoice_value(sd->crls, i);
+        if (rch->type == CMS_REVCHOICE_OTHER) {
+            if (sd->version < 5)
+                sd->version = 5;
+        }
+    }
+
+    if ((OBJ_obj2nid(sd->encapContentInfo->eContentType) != NID_pkcs7_data)
+        && (sd->version < 3))
+        sd->version = 3;
+
+    for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++) {
+        si = sk_CMS_SignerInfo_value(sd->signerInfos, i);
+        if (si->sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) {
+            if (si->version < 3)
+                si->version = 3;
+            if (sd->version < 3)
+                sd->version = 3;
+        } else if (si->version < 1)
+            si->version = 1;
+    }
+
+    if (sd->version < 1)
+        sd->version = 1;
+
+}
+
+/* Copy an existing messageDigest value */
+
+static int cms_copy_messageDigest(CMS_ContentInfo *cms, CMS_SignerInfo *si)
+{
+    STACK_OF(CMS_SignerInfo) *sinfos;
+    CMS_SignerInfo *sitmp;
+    int i;
+    sinfos = CMS_get0_SignerInfos(cms);
+    for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
+        ASN1_OCTET_STRING *messageDigest;
+        sitmp = sk_CMS_SignerInfo_value(sinfos, i);
+        if (sitmp == si)
+            continue;
+        if (CMS_signed_get_attr_count(sitmp) < 0)
+            continue;
+        if (OBJ_cmp(si->digestAlgorithm->algorithm,
+                    sitmp->digestAlgorithm->algorithm))
+            continue;
+        messageDigest = CMS_signed_get0_data_by_OBJ(sitmp,
+                                                    OBJ_nid2obj
+                                                    (NID_pkcs9_messageDigest),
+                                                    -3, V_ASN1_OCTET_STRING);
+        if (!messageDigest) {
+            CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST,
+                   CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE);
+            return 0;
+        }
+
+        if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest,
+                                        V_ASN1_OCTET_STRING,
+                                        messageDigest, -1))
+            return 1;
+        else
+            return 0;
+    }
+    CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST, CMS_R_NO_MATCHING_DIGEST);
+    return 0;
+}
+
+int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type)
+{
+    switch (type) {
+    case CMS_SIGNERINFO_ISSUER_SERIAL:
+        if (!cms_set1_ias(&sid->d.issuerAndSerialNumber, cert))
+            return 0;
+        break;
+
+    case CMS_SIGNERINFO_KEYIDENTIFIER:
+        if (!cms_set1_keyid(&sid->d.subjectKeyIdentifier, cert))
+            return 0;
+        break;
+
+    default:
+        CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, CMS_R_UNKNOWN_ID);
+        return 0;
+    }
+
+    sid->type = type;
+
+    return 1;
+}
+
+int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid,
+                                        ASN1_OCTET_STRING **keyid,
+                                        X509_NAME **issuer,
+                                        ASN1_INTEGER **sno)
+{
+    if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL) {
+        if (issuer)
+            *issuer = sid->d.issuerAndSerialNumber->issuer;
+        if (sno)
+            *sno = sid->d.issuerAndSerialNumber->serialNumber;
+    } else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) {
+        if (keyid)
+            *keyid = sid->d.subjectKeyIdentifier;
+    } else
+        return 0;
+    return 1;
+}
+
+int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert)
+{
+    if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL)
+        return cms_ias_cert_cmp(sid->d.issuerAndSerialNumber, cert);
+    else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER)
+        return cms_keyid_cert_cmp(sid->d.subjectKeyIdentifier, cert);
+    else
+        return -1;
+}
+
+static int cms_sd_asn1_ctrl(CMS_SignerInfo *si, int cmd)
+{
+    EVP_PKEY *pkey = si->pkey;
+    int i;
+    if (!pkey->ameth || !pkey->ameth->pkey_ctrl)
+        return 1;
+    i = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_CMS_SIGN, cmd, si);
+    if (i == -2) {
+        CMSerr(CMS_F_CMS_SD_ASN1_CTRL, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+        return 0;
+    }
+    if (i <= 0) {
+        CMSerr(CMS_F_CMS_SD_ASN1_CTRL, CMS_R_CTRL_FAILURE);
+        return 0;
+    }
+    return 1;
+}
+
+CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
+                                X509 *signer, EVP_PKEY *pk, const EVP_MD *md,
+                                unsigned int flags)
+{
+    CMS_SignedData *sd;
+    CMS_SignerInfo *si = NULL;
+    X509_ALGOR *alg;
+    int i, type;
+    if (!X509_check_private_key(signer, pk)) {
+        CMSerr(CMS_F_CMS_ADD1_SIGNER,
+               CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+        return NULL;
+    }
+    sd = cms_signed_data_init(cms);
+    if (!sd)
+        goto err;
+    si = M_ASN1_new_of(CMS_SignerInfo);
+    if (!si)
+        goto merr;
+    /* Call for side-effect of computing hash and caching extensions */
+    X509_check_purpose(signer, -1, -1);
+
+    X509_up_ref(signer);
+    EVP_PKEY_up_ref(pk);
+
+    si->pkey = pk;
+    si->signer = signer;
+    si->mctx = EVP_MD_CTX_new();
+    si->pctx = NULL;
+
+    if (si->mctx == NULL) {
+        CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (flags & CMS_USE_KEYID) {
+        si->version = 3;
+        if (sd->version < 3)
+            sd->version = 3;
+        type = CMS_SIGNERINFO_KEYIDENTIFIER;
+    } else {
+        type = CMS_SIGNERINFO_ISSUER_SERIAL;
+        si->version = 1;
+    }
+
+    if (!cms_set1_SignerIdentifier(si->sid, signer, type))
+        goto err;
+
+    if (md == NULL) {
+        int def_nid;
+        if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0)
+            goto err;
+        md = EVP_get_digestbynid(def_nid);
+        if (md == NULL) {
+            CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DEFAULT_DIGEST);
+            goto err;
+        }
+    }
+
+    if (!md) {
+        CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DIGEST_SET);
+        goto err;
+    }
+
+    X509_ALGOR_set_md(si->digestAlgorithm, md);
+
+    /* See if digest is present in digestAlgorithms */
+    for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) {
+        const ASN1_OBJECT *aoid;
+        alg = sk_X509_ALGOR_value(sd->digestAlgorithms, i);
+        X509_ALGOR_get0(&aoid, NULL, NULL, alg);
+        if (OBJ_obj2nid(aoid) == EVP_MD_type(md))
+            break;
+    }
+
+    if (i == sk_X509_ALGOR_num(sd->digestAlgorithms)) {
+        alg = X509_ALGOR_new();
+        if (alg == NULL)
+            goto merr;
+        X509_ALGOR_set_md(alg, md);
+        if (!sk_X509_ALGOR_push(sd->digestAlgorithms, alg)) {
+            X509_ALGOR_free(alg);
+            goto merr;
+        }
+    }
+
+    if (!(flags & CMS_KEY_PARAM) && !cms_sd_asn1_ctrl(si, 0))
+        goto err;
+    if (!(flags & CMS_NOATTR)) {
+        /*
+         * Initialize signed attributes structure so other attributes
+         * such as signing time etc are added later even if we add none here.
+         */
+        if (!si->signedAttrs) {
+            si->signedAttrs = sk_X509_ATTRIBUTE_new_null();
+            if (!si->signedAttrs)
+                goto merr;
+        }
+
+        if (!(flags & CMS_NOSMIMECAP)) {
+            STACK_OF(X509_ALGOR) *smcap = NULL;
+            i = CMS_add_standard_smimecap(&smcap);
+            if (i)
+                i = CMS_add_smimecap(si, smcap);
+            sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
+            if (!i)
+                goto merr;
+        }
+        if (flags & CMS_REUSE_DIGEST) {
+            if (!cms_copy_messageDigest(cms, si))
+                goto err;
+            if (!(flags & (CMS_PARTIAL | CMS_KEY_PARAM)) &&
+                !CMS_SignerInfo_sign(si))
+                goto err;
+        }
+    }
+
+    if (!(flags & CMS_NOCERTS)) {
+        /* NB ignore -1 return for duplicate cert */
+        if (!CMS_add1_cert(cms, signer))
+            goto merr;
+    }
+
+    if (flags & CMS_KEY_PARAM) {
+        if (flags & CMS_NOATTR) {
+            si->pctx = EVP_PKEY_CTX_new(si->pkey, NULL);
+            if (si->pctx == NULL)
+                goto err;
+            if (EVP_PKEY_sign_init(si->pctx) <= 0)
+                goto err;
+            if (EVP_PKEY_CTX_set_signature_md(si->pctx, md) <= 0)
+                goto err;
+        } else if (EVP_DigestSignInit(si->mctx, &si->pctx, md, NULL, pk) <=
+                   0)
+            goto err;
+    }
+
+    if (!sd->signerInfos)
+        sd->signerInfos = sk_CMS_SignerInfo_new_null();
+    if (!sd->signerInfos || !sk_CMS_SignerInfo_push(sd->signerInfos, si))
+        goto merr;
+
+    return si;
+
+ merr:
+    CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE);
+ err:
+    M_ASN1_free_of(si, CMS_SignerInfo);
+    return NULL;
+
+}
+
+static int cms_add1_signingTime(CMS_SignerInfo *si, ASN1_TIME *t)
+{
+    ASN1_TIME *tt;
+    int r = 0;
+    if (t)
+        tt = t;
+    else
+        tt = X509_gmtime_adj(NULL, 0);
+
+    if (!tt)
+        goto merr;
+
+    if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_signingTime,
+                                    tt->type, tt, -1) <= 0)
+        goto merr;
+
+    r = 1;
+
+ merr:
+
+    if (!t)
+        ASN1_TIME_free(tt);
+
+    if (!r)
+        CMSerr(CMS_F_CMS_ADD1_SIGNINGTIME, ERR_R_MALLOC_FAILURE);
+
+    return r;
+
+}
+
+EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si)
+{
+    return si->pctx;
+}
+
+EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si)
+{
+    return si->mctx;
+}
+
+STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms)
+{
+    CMS_SignedData *sd;
+    sd = cms_get0_signed(cms);
+    if (!sd)
+        return NULL;
+    return sd->signerInfos;
+}
+
+STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms)
+{
+    STACK_OF(X509) *signers = NULL;
+    STACK_OF(CMS_SignerInfo) *sinfos;
+    CMS_SignerInfo *si;
+    int i;
+    sinfos = CMS_get0_SignerInfos(cms);
+    for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
+        si = sk_CMS_SignerInfo_value(sinfos, i);
+        if (si->signer) {
+            if (!signers) {
+                signers = sk_X509_new_null();
+                if (!signers)
+                    return NULL;
+            }
+            if (!sk_X509_push(signers, si->signer)) {
+                sk_X509_free(signers);
+                return NULL;
+            }
+        }
+    }
+    return signers;
+}
+
+void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer)
+{
+    if (signer) {
+        X509_up_ref(signer);
+        EVP_PKEY_free(si->pkey);
+        si->pkey = X509_get_pubkey(signer);
+    }
+    X509_free(si->signer);
+    si->signer = signer;
+}
+
+int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si,
+                                  ASN1_OCTET_STRING **keyid,
+                                  X509_NAME **issuer, ASN1_INTEGER **sno)
+{
+    return cms_SignerIdentifier_get0_signer_id(si->sid, keyid, issuer, sno);
+}
+
+int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert)
+{
+    return cms_SignerIdentifier_cert_cmp(si->sid, cert);
+}
+
+int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *scerts,
+                           unsigned int flags)
+{
+    CMS_SignedData *sd;
+    CMS_SignerInfo *si;
+    CMS_CertificateChoices *cch;
+    STACK_OF(CMS_CertificateChoices) *certs;
+    X509 *x;
+    int i, j;
+    int ret = 0;
+    sd = cms_get0_signed(cms);
+    if (!sd)
+        return -1;
+    certs = sd->certificates;
+    for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++) {
+        si = sk_CMS_SignerInfo_value(sd->signerInfos, i);
+        if (si->signer)
+            continue;
+
+        for (j = 0; j < sk_X509_num(scerts); j++) {
+            x = sk_X509_value(scerts, j);
+            if (CMS_SignerInfo_cert_cmp(si, x) == 0) {
+                CMS_SignerInfo_set1_signer_cert(si, x);
+                ret++;
+                break;
+            }
+        }
+
+        if (si->signer || (flags & CMS_NOINTERN))
+            continue;
+
+        for (j = 0; j < sk_CMS_CertificateChoices_num(certs); j++) {
+            cch = sk_CMS_CertificateChoices_value(certs, j);
+            if (cch->type != 0)
+                continue;
+            x = cch->d.certificate;
+            if (CMS_SignerInfo_cert_cmp(si, x) == 0) {
+                CMS_SignerInfo_set1_signer_cert(si, x);
+                ret++;
+                break;
+            }
+        }
+    }
+    return ret;
+}
+
+void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk,
+                              X509 **signer, X509_ALGOR **pdig,
+                              X509_ALGOR **psig)
+{
+    if (pk)
+        *pk = si->pkey;
+    if (signer)
+        *signer = si->signer;
+    if (pdig)
+        *pdig = si->digestAlgorithm;
+    if (psig)
+        *psig = si->signatureAlgorithm;
+}
+
+ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si)
+{
+    return si->signature;
+}
+
+static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
+                                       CMS_SignerInfo *si, BIO *chain)
+{
+    EVP_MD_CTX *mctx = EVP_MD_CTX_new();
+    int r = 0;
+    EVP_PKEY_CTX *pctx = NULL;
+
+    if (mctx == NULL) {
+        CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    if (!si->pkey) {
+        CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_NO_PRIVATE_KEY);
+        goto err;
+    }
+
+    if (!cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm))
+        goto err;
+    /* Set SignerInfo algorithm details if we used custom parameter */
+    if (si->pctx && !cms_sd_asn1_ctrl(si, 0))
+        goto err;
+
+    /*
+     * If any signed attributes calculate and add messageDigest attribute
+     */
+
+    if (CMS_signed_get_attr_count(si) >= 0) {
+        ASN1_OBJECT *ctype =
+            cms->d.signedData->encapContentInfo->eContentType;
+        unsigned char md[EVP_MAX_MD_SIZE];
+        unsigned int mdlen;
+        if (!EVP_DigestFinal_ex(mctx, md, &mdlen))
+            goto err;
+        if (!CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest,
+                                         V_ASN1_OCTET_STRING, md, mdlen))
+            goto err;
+        /* Copy content type across */
+        if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_contentType,
+                                        V_ASN1_OBJECT, ctype, -1) <= 0)
+            goto err;
+        if (!CMS_SignerInfo_sign(si))
+            goto err;
+    } else if (si->pctx) {
+        unsigned char *sig;
+        size_t siglen;
+        unsigned char md[EVP_MAX_MD_SIZE];
+        unsigned int mdlen;
+        pctx = si->pctx;
+        if (!EVP_DigestFinal_ex(mctx, md, &mdlen))
+            goto err;
+        siglen = EVP_PKEY_size(si->pkey);
+        sig = OPENSSL_malloc(siglen);
+        if (sig == NULL) {
+            CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (EVP_PKEY_sign(pctx, sig, &siglen, md, mdlen) <= 0) {
+            OPENSSL_free(sig);
+            goto err;
+        }
+        ASN1_STRING_set0(si->signature, sig, siglen);
+    } else {
+        unsigned char *sig;
+        unsigned int siglen;
+        sig = OPENSSL_malloc(EVP_PKEY_size(si->pkey));
+        if (sig == NULL) {
+            CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (!EVP_SignFinal(mctx, sig, &siglen, si->pkey)) {
+            CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_SIGNFINAL_ERROR);
+            OPENSSL_free(sig);
+            goto err;
+        }
+        ASN1_STRING_set0(si->signature, sig, siglen);
+    }
+
+    r = 1;
+
+ err:
+    EVP_MD_CTX_free(mctx);
+    EVP_PKEY_CTX_free(pctx);
+    return r;
+
+}
+
+int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain)
+{
+    STACK_OF(CMS_SignerInfo) *sinfos;
+    CMS_SignerInfo *si;
+    int i;
+    sinfos = CMS_get0_SignerInfos(cms);
+    for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
+        si = sk_CMS_SignerInfo_value(sinfos, i);
+        if (!cms_SignerInfo_content_sign(cms, si, chain))
+            return 0;
+    }
+    cms->d.signedData->encapContentInfo->partial = 0;
+    return 1;
+}
+
+int CMS_SignerInfo_sign(CMS_SignerInfo *si)
+{
+    EVP_MD_CTX *mctx = si->mctx;
+    EVP_PKEY_CTX *pctx = NULL;
+    unsigned char *abuf = NULL;
+    int alen;
+    size_t siglen;
+    const EVP_MD *md = NULL;
+
+    md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
+    if (md == NULL)
+        return 0;
+
+    if (CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1) < 0) {
+        if (!cms_add1_signingTime(si, NULL))
+            goto err;
+    }
+
+    if (si->pctx)
+        pctx = si->pctx;
+    else {
+        EVP_MD_CTX_reset(mctx);
+        if (EVP_DigestSignInit(mctx, &pctx, md, NULL, si->pkey) <= 0)
+            goto err;
+        si->pctx = pctx;
+    }
+
+    if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
+                          EVP_PKEY_CTRL_CMS_SIGN, 0, si) <= 0) {
+        CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR);
+        goto err;
+    }
+
+    alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf,
+                         ASN1_ITEM_rptr(CMS_Attributes_Sign));
+    if (!abuf)
+        goto err;
+    if (EVP_DigestSignUpdate(mctx, abuf, alen) <= 0)
+        goto err;
+    if (EVP_DigestSignFinal(mctx, NULL, &siglen) <= 0)
+        goto err;
+    OPENSSL_free(abuf);
+    abuf = OPENSSL_malloc(siglen);
+    if (abuf == NULL)
+        goto err;
+    if (EVP_DigestSignFinal(mctx, abuf, &siglen) <= 0)
+        goto err;
+
+    if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
+                          EVP_PKEY_CTRL_CMS_SIGN, 1, si) <= 0) {
+        CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR);
+        goto err;
+    }
+
+    EVP_MD_CTX_reset(mctx);
+
+    ASN1_STRING_set0(si->signature, abuf, siglen);
+
+    return 1;
+
+ err:
+    OPENSSL_free(abuf);
+    EVP_MD_CTX_reset(mctx);
+    return 0;
+
+}
+
+int CMS_SignerInfo_verify(CMS_SignerInfo *si)
+{
+    EVP_MD_CTX *mctx = NULL;
+    unsigned char *abuf = NULL;
+    int alen, r = -1;
+    const EVP_MD *md = NULL;
+
+    if (!si->pkey) {
+        CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_NO_PUBLIC_KEY);
+        return -1;
+    }
+
+    md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
+    if (md == NULL)
+        return -1;
+    if (si->mctx == NULL && (si->mctx = EVP_MD_CTX_new()) == NULL) {
+        CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+    mctx = si->mctx;
+    if (EVP_DigestVerifyInit(mctx, &si->pctx, md, NULL, si->pkey) <= 0)
+        goto err;
+
+    if (!cms_sd_asn1_ctrl(si, 1))
+        goto err;
+
+    alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf,
+                         ASN1_ITEM_rptr(CMS_Attributes_Verify));
+    if (!abuf)
+        goto err;
+    r = EVP_DigestVerifyUpdate(mctx, abuf, alen);
+    OPENSSL_free(abuf);
+    if (r <= 0) {
+        r = -1;
+        goto err;
+    }
+    r = EVP_DigestVerifyFinal(mctx,
+                              si->signature->data, si->signature->length);
+    if (r <= 0)
+        CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE);
+ err:
+    EVP_MD_CTX_reset(mctx);
+    return r;
+}
+
+/* Create a chain of digest BIOs from a CMS ContentInfo */
+
+BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms)
+{
+    int i;
+    CMS_SignedData *sd;
+    BIO *chain = NULL;
+    sd = cms_get0_signed(cms);
+    if (!sd)
+        return NULL;
+    if (cms->d.signedData->encapContentInfo->partial)
+        cms_sd_set_version(sd);
+    for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) {
+        X509_ALGOR *digestAlgorithm;
+        BIO *mdbio;
+        digestAlgorithm = sk_X509_ALGOR_value(sd->digestAlgorithms, i);
+        mdbio = cms_DigestAlgorithm_init_bio(digestAlgorithm);
+        if (!mdbio)
+            goto err;
+        if (chain)
+            BIO_push(chain, mdbio);
+        else
+            chain = mdbio;
+    }
+    return chain;
+ err:
+    BIO_free_all(chain);
+    return NULL;
+}
+
+int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
+{
+    ASN1_OCTET_STRING *os = NULL;
+    EVP_MD_CTX *mctx = EVP_MD_CTX_new();
+    EVP_PKEY_CTX *pkctx = NULL;
+    int r = -1;
+    unsigned char mval[EVP_MAX_MD_SIZE];
+    unsigned int mlen;
+
+    if (mctx == NULL) {
+        CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    /* If we have any signed attributes look for messageDigest value */
+    if (CMS_signed_get_attr_count(si) >= 0) {
+        os = CMS_signed_get0_data_by_OBJ(si,
+                                         OBJ_nid2obj(NID_pkcs9_messageDigest),
+                                         -3, V_ASN1_OCTET_STRING);
+        if (!os) {
+            CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
+                   CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE);
+            goto err;
+        }
+    }
+
+    if (!cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm))
+        goto err;
+
+    if (EVP_DigestFinal_ex(mctx, mval, &mlen) <= 0) {
+        CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
+               CMS_R_UNABLE_TO_FINALIZE_CONTEXT);
+        goto err;
+    }
+
+    /* If messageDigest found compare it */
+
+    if (os) {
+        if (mlen != (unsigned int)os->length) {
+            CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
+                   CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH);
+            goto err;
+        }
+
+        if (memcmp(mval, os->data, mlen)) {
+            CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
+                   CMS_R_VERIFICATION_FAILURE);
+            r = 0;
+        } else
+            r = 1;
+    } else {
+        const EVP_MD *md = EVP_MD_CTX_md(mctx);
+        pkctx = EVP_PKEY_CTX_new(si->pkey, NULL);
+        if (pkctx == NULL)
+            goto err;
+        if (EVP_PKEY_verify_init(pkctx) <= 0)
+            goto err;
+        if (EVP_PKEY_CTX_set_signature_md(pkctx, md) <= 0)
+            goto err;
+        si->pctx = pkctx;
+        if (!cms_sd_asn1_ctrl(si, 1))
+            goto err;
+        r = EVP_PKEY_verify(pkctx, si->signature->data,
+                            si->signature->length, mval, mlen);
+        if (r <= 0) {
+            CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
+                   CMS_R_VERIFICATION_FAILURE);
+            r = 0;
+        }
+    }
+
+ err:
+    EVP_PKEY_CTX_free(pkctx);
+    EVP_MD_CTX_free(mctx);
+    return r;
+
+}
+
+int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs)
+{
+    unsigned char *smder = NULL;
+    int smderlen, r;
+    smderlen = i2d_X509_ALGORS(algs, &smder);
+    if (smderlen <= 0)
+        return 0;
+    r = CMS_signed_add1_attr_by_NID(si, NID_SMIMECapabilities,
+                                    V_ASN1_SEQUENCE, smder, smderlen);
+    OPENSSL_free(smder);
+    return r;
+}
+
+int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
+                            int algnid, int keysize)
+{
+    X509_ALGOR *alg;
+    ASN1_INTEGER *key = NULL;
+    if (keysize > 0) {
+        key = ASN1_INTEGER_new();
+        if (key == NULL || !ASN1_INTEGER_set(key, keysize))
+            return 0;
+    }
+    alg = X509_ALGOR_new();
+    if (alg == NULL) {
+        ASN1_INTEGER_free(key);
+        return 0;
+    }
+
+    X509_ALGOR_set0(alg, OBJ_nid2obj(algnid),
+                    key ? V_ASN1_INTEGER : V_ASN1_UNDEF, key);
+    if (*algs == NULL)
+        *algs = sk_X509_ALGOR_new_null();
+    if (*algs == NULL || !sk_X509_ALGOR_push(*algs, alg)) {
+        X509_ALGOR_free(alg);
+        return 0;
+    }
+    return 1;
+}
+
+/* Check to see if a cipher exists and if so add S/MIME capabilities */
+
+static int cms_add_cipher_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
+{
+    if (EVP_get_cipherbynid(nid))
+        return CMS_add_simple_smimecap(sk, nid, arg);
+    return 1;
+}
+
+static int cms_add_digest_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
+{
+    if (EVP_get_digestbynid(nid))
+        return CMS_add_simple_smimecap(sk, nid, arg);
+    return 1;
+}
+
+int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap)
+{
+    if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1)
+        || !cms_add_digest_smcap(smcap, NID_id_GostR3411_2012_256, -1)
+        || !cms_add_digest_smcap(smcap, NID_id_GostR3411_2012_512, -1)
+        || !cms_add_digest_smcap(smcap, NID_id_GostR3411_94, -1)
+        || !cms_add_cipher_smcap(smcap, NID_id_Gost28147_89, -1)
+        || !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1)
+        || !cms_add_cipher_smcap(smcap, NID_aes_128_cbc, -1)
+        || !cms_add_cipher_smcap(smcap, NID_des_ede3_cbc, -1)
+        || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 128)
+        || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 64)
+        || !cms_add_cipher_smcap(smcap, NID_des_cbc, -1)
+        || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 40))
+        return 0;
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_smime.c b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_smime.c
new file mode 100644
index 000000000..5dcf803f4
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_smime.c
@@ -0,0 +1,843 @@
+/*
+ * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include "cms_lcl.h"
+#include "internal/asn1_int.h"
+
+static BIO *cms_get_text_bio(BIO *out, unsigned int flags)
+{
+    BIO *rbio;
+    if (out == NULL)
+        rbio = BIO_new(BIO_s_null());
+    else if (flags & CMS_TEXT) {
+        rbio = BIO_new(BIO_s_mem());
+        BIO_set_mem_eof_return(rbio, 0);
+    } else
+        rbio = out;
+    return rbio;
+}
+
+static int cms_copy_content(BIO *out, BIO *in, unsigned int flags)
+{
+    unsigned char buf[4096];
+    int r = 0, i;
+    BIO *tmpout;
+
+    tmpout = cms_get_text_bio(out, flags);
+
+    if (tmpout == NULL) {
+        CMSerr(CMS_F_CMS_COPY_CONTENT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* Read all content through chain to process digest, decrypt etc */
+    for (;;) {
+        i = BIO_read(in, buf, sizeof(buf));
+        if (i <= 0) {
+            if (BIO_method_type(in) == BIO_TYPE_CIPHER) {
+                if (!BIO_get_cipher_status(in))
+                    goto err;
+            }
+            if (i < 0)
+                goto err;
+            break;
+        }
+
+        if (tmpout && (BIO_write(tmpout, buf, i) != i))
+            goto err;
+    }
+
+    if (flags & CMS_TEXT) {
+        if (!SMIME_text(tmpout, out)) {
+            CMSerr(CMS_F_CMS_COPY_CONTENT, CMS_R_SMIME_TEXT_ERROR);
+            goto err;
+        }
+    }
+
+    r = 1;
+
+ err:
+    if (tmpout != out)
+        BIO_free(tmpout);
+    return r;
+
+}
+
+static int check_content(CMS_ContentInfo *cms)
+{
+    ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
+    if (!pos || !*pos) {
+        CMSerr(CMS_F_CHECK_CONTENT, CMS_R_NO_CONTENT);
+        return 0;
+    }
+    return 1;
+}
+
+static void do_free_upto(BIO *f, BIO *upto)
+{
+    if (upto) {
+        BIO *tbio;
+        do {
+            tbio = BIO_pop(f);
+            BIO_free(f);
+            f = tbio;
+        }
+        while (f && f != upto);
+    } else
+        BIO_free_all(f);
+}
+
+int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags)
+{
+    BIO *cont;
+    int r;
+    if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_data) {
+        CMSerr(CMS_F_CMS_DATA, CMS_R_TYPE_NOT_DATA);
+        return 0;
+    }
+    cont = CMS_dataInit(cms, NULL);
+    if (!cont)
+        return 0;
+    r = cms_copy_content(out, cont, flags);
+    BIO_free_all(cont);
+    return r;
+}
+
+CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags)
+{
+    CMS_ContentInfo *cms;
+    cms = cms_Data_create();
+    if (!cms)
+        return NULL;
+
+    if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags))
+        return cms;
+
+    CMS_ContentInfo_free(cms);
+
+    return NULL;
+}
+
+int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
+                      unsigned int flags)
+{
+    BIO *cont;
+    int r;
+    if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_digest) {
+        CMSerr(CMS_F_CMS_DIGEST_VERIFY, CMS_R_TYPE_NOT_DIGESTED_DATA);
+        return 0;
+    }
+
+    if (!dcont && !check_content(cms))
+        return 0;
+
+    cont = CMS_dataInit(cms, dcont);
+    if (!cont)
+        return 0;
+    r = cms_copy_content(out, cont, flags);
+    if (r)
+        r = cms_DigestedData_do_final(cms, cont, 1);
+    do_free_upto(cont, dcont);
+    return r;
+}
+
+CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
+                                   unsigned int flags)
+{
+    CMS_ContentInfo *cms;
+    if (!md)
+        md = EVP_sha1();
+    cms = cms_DigestedData_create(md);
+    if (!cms)
+        return NULL;
+
+    if (!(flags & CMS_DETACHED))
+        CMS_set_detached(cms, 0);
+
+    if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags))
+        return cms;
+
+    CMS_ContentInfo_free(cms);
+    return NULL;
+}
+
+int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
+                              const unsigned char *key, size_t keylen,
+                              BIO *dcont, BIO *out, unsigned int flags)
+{
+    BIO *cont;
+    int r;
+    if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_encrypted) {
+        CMSerr(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT,
+               CMS_R_TYPE_NOT_ENCRYPTED_DATA);
+        return 0;
+    }
+
+    if (!dcont && !check_content(cms))
+        return 0;
+
+    if (CMS_EncryptedData_set1_key(cms, NULL, key, keylen) <= 0)
+        return 0;
+    cont = CMS_dataInit(cms, dcont);
+    if (!cont)
+        return 0;
+    r = cms_copy_content(out, cont, flags);
+    do_free_upto(cont, dcont);
+    return r;
+}
+
+CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
+                                           const unsigned char *key,
+                                           size_t keylen, unsigned int flags)
+{
+    CMS_ContentInfo *cms;
+    if (!cipher) {
+        CMSerr(CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT, CMS_R_NO_CIPHER);
+        return NULL;
+    }
+    cms = CMS_ContentInfo_new();
+    if (cms == NULL)
+        return NULL;
+    if (!CMS_EncryptedData_set1_key(cms, cipher, key, keylen))
+        return NULL;
+
+    if (!(flags & CMS_DETACHED))
+        CMS_set_detached(cms, 0);
+
+    if ((flags & (CMS_STREAM | CMS_PARTIAL))
+        || CMS_final(cms, in, NULL, flags))
+        return cms;
+
+    CMS_ContentInfo_free(cms);
+    return NULL;
+}
+
+static int cms_signerinfo_verify_cert(CMS_SignerInfo *si,
+                                      X509_STORE *store,
+                                      STACK_OF(X509) *certs,
+                                      STACK_OF(X509_CRL) *crls)
+{
+    X509_STORE_CTX *ctx = X509_STORE_CTX_new();
+    X509 *signer;
+    int i, j, r = 0;
+
+    if (ctx == NULL) {
+        CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL);
+    if (!X509_STORE_CTX_init(ctx, store, signer, certs)) {
+        CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT, CMS_R_STORE_INIT_ERROR);
+        goto err;
+    }
+    X509_STORE_CTX_set_default(ctx, "smime_sign");
+    if (crls)
+        X509_STORE_CTX_set0_crls(ctx, crls);
+
+    i = X509_verify_cert(ctx);
+    if (i <= 0) {
+        j = X509_STORE_CTX_get_error(ctx);
+        CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT,
+               CMS_R_CERTIFICATE_VERIFY_ERROR);
+        ERR_add_error_data(2, "Verify error:",
+                           X509_verify_cert_error_string(j));
+        goto err;
+    }
+    r = 1;
+ err:
+    X509_STORE_CTX_free(ctx);
+    return r;
+
+}
+
+int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
+               X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags)
+{
+    CMS_SignerInfo *si;
+    STACK_OF(CMS_SignerInfo) *sinfos;
+    STACK_OF(X509) *cms_certs = NULL;
+    STACK_OF(X509_CRL) *crls = NULL;
+    X509 *signer;
+    int i, scount = 0, ret = 0;
+    BIO *cmsbio = NULL, *tmpin = NULL, *tmpout = NULL;
+
+    if (!dcont && !check_content(cms))
+        return 0;
+    if (dcont && !(flags & CMS_BINARY)) {
+        const ASN1_OBJECT *coid = CMS_get0_eContentType(cms);
+        if (OBJ_obj2nid(coid) == NID_id_ct_asciiTextWithCRLF)
+            flags |= CMS_ASCIICRLF;
+    }
+
+    /* Attempt to find all signer certificates */
+
+    sinfos = CMS_get0_SignerInfos(cms);
+
+    if (sk_CMS_SignerInfo_num(sinfos) <= 0) {
+        CMSerr(CMS_F_CMS_VERIFY, CMS_R_NO_SIGNERS);
+        goto err;
+    }
+
+    for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
+        si = sk_CMS_SignerInfo_value(sinfos, i);
+        CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL);
+        if (signer)
+            scount++;
+    }
+
+    if (scount != sk_CMS_SignerInfo_num(sinfos))
+        scount += CMS_set1_signers_certs(cms, certs, flags);
+
+    if (scount != sk_CMS_SignerInfo_num(sinfos)) {
+        CMSerr(CMS_F_CMS_VERIFY, CMS_R_SIGNER_CERTIFICATE_NOT_FOUND);
+        goto err;
+    }
+
+    /* Attempt to verify all signers certs */
+
+    if (!(flags & CMS_NO_SIGNER_CERT_VERIFY)) {
+        cms_certs = CMS_get1_certs(cms);
+        if (!(flags & CMS_NOCRL))
+            crls = CMS_get1_crls(cms);
+        for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
+            si = sk_CMS_SignerInfo_value(sinfos, i);
+            if (!cms_signerinfo_verify_cert(si, store, cms_certs, crls))
+                goto err;
+        }
+    }
+
+    /* Attempt to verify all SignerInfo signed attribute signatures */
+
+    if (!(flags & CMS_NO_ATTR_VERIFY)) {
+        for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
+            si = sk_CMS_SignerInfo_value(sinfos, i);
+            if (CMS_signed_get_attr_count(si) < 0)
+                continue;
+            if (CMS_SignerInfo_verify(si) <= 0)
+                goto err;
+        }
+    }
+
+    /*
+     * Performance optimization: if the content is a memory BIO then store
+     * its contents in a temporary read only memory BIO. This avoids
+     * potentially large numbers of slow copies of data which will occur when
+     * reading from a read write memory BIO when signatures are calculated.
+     */
+
+    if (dcont && (BIO_method_type(dcont) == BIO_TYPE_MEM)) {
+        char *ptr;
+        long len;
+        len = BIO_get_mem_data(dcont, &ptr);
+        tmpin = BIO_new_mem_buf(ptr, len);
+        if (tmpin == NULL) {
+            CMSerr(CMS_F_CMS_VERIFY, ERR_R_MALLOC_FAILURE);
+            goto err2;
+        }
+    } else
+        tmpin = dcont;
+    /*
+     * If not binary mode and detached generate digests by *writing* through
+     * the BIO. That makes it possible to canonicalise the input.
+     */
+    if (!(flags & SMIME_BINARY) && dcont) {
+        /*
+         * Create output BIO so we can either handle text or to ensure
+         * included content doesn't override detached content.
+         */
+        tmpout = cms_get_text_bio(out, flags);
+        if (!tmpout) {
+            CMSerr(CMS_F_CMS_VERIFY, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        cmsbio = CMS_dataInit(cms, tmpout);
+        if (!cmsbio)
+            goto err;
+        /*
+         * Don't use SMIME_TEXT for verify: it adds headers and we want to
+         * remove them.
+         */
+        SMIME_crlf_copy(dcont, cmsbio, flags & ~SMIME_TEXT);
+
+        if (flags & CMS_TEXT) {
+            if (!SMIME_text(tmpout, out)) {
+                CMSerr(CMS_F_CMS_VERIFY, CMS_R_SMIME_TEXT_ERROR);
+                goto err;
+            }
+        }
+    } else {
+        cmsbio = CMS_dataInit(cms, tmpin);
+        if (!cmsbio)
+            goto err;
+
+        if (!cms_copy_content(out, cmsbio, flags))
+            goto err;
+
+    }
+    if (!(flags & CMS_NO_CONTENT_VERIFY)) {
+        for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
+            si = sk_CMS_SignerInfo_value(sinfos, i);
+            if (CMS_SignerInfo_verify_content(si, cmsbio) <= 0) {
+                CMSerr(CMS_F_CMS_VERIFY, CMS_R_CONTENT_VERIFY_ERROR);
+                goto err;
+            }
+        }
+    }
+
+    ret = 1;
+
+ err:
+    if (!(flags & SMIME_BINARY) && dcont) {
+        do_free_upto(cmsbio, tmpout);
+        if (tmpin != dcont)
+            BIO_free(tmpin);
+    } else {
+        if (dcont && (tmpin == dcont))
+            do_free_upto(cmsbio, dcont);
+        else
+            BIO_free_all(cmsbio);
+    }
+
+    if (out != tmpout)
+        BIO_free_all(tmpout);
+
+ err2:
+    sk_X509_pop_free(cms_certs, X509_free);
+    sk_X509_CRL_pop_free(crls, X509_CRL_free);
+
+    return ret;
+}
+
+int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
+                       STACK_OF(X509) *certs,
+                       X509_STORE *store, unsigned int flags)
+{
+    int r;
+    flags &= ~(CMS_DETACHED | CMS_TEXT);
+    r = CMS_verify(rcms, certs, store, NULL, NULL, flags);
+    if (r <= 0)
+        return r;
+    return cms_Receipt_verify(rcms, ocms);
+}
+
+CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
+                          STACK_OF(X509) *certs, BIO *data,
+                          unsigned int flags)
+{
+    CMS_ContentInfo *cms;
+    int i;
+
+    cms = CMS_ContentInfo_new();
+    if (cms == NULL || !CMS_SignedData_init(cms))
+        goto merr;
+    if (flags & CMS_ASCIICRLF
+        && !CMS_set1_eContentType(cms,
+                                  OBJ_nid2obj(NID_id_ct_asciiTextWithCRLF)))
+        goto err;
+
+    if (pkey && !CMS_add1_signer(cms, signcert, pkey, NULL, flags)) {
+        CMSerr(CMS_F_CMS_SIGN, CMS_R_ADD_SIGNER_ERROR);
+        goto err;
+    }
+
+    for (i = 0; i < sk_X509_num(certs); i++) {
+        X509 *x = sk_X509_value(certs, i);
+        if (!CMS_add1_cert(cms, x))
+            goto merr;
+    }
+
+    if (!(flags & CMS_DETACHED))
+        CMS_set_detached(cms, 0);
+
+    if ((flags & (CMS_STREAM | CMS_PARTIAL))
+        || CMS_final(cms, data, NULL, flags))
+        return cms;
+    else
+        goto err;
+
+ merr:
+    CMSerr(CMS_F_CMS_SIGN, ERR_R_MALLOC_FAILURE);
+
+ err:
+    CMS_ContentInfo_free(cms);
+    return NULL;
+}
+
+CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
+                                  X509 *signcert, EVP_PKEY *pkey,
+                                  STACK_OF(X509) *certs, unsigned int flags)
+{
+    CMS_SignerInfo *rct_si;
+    CMS_ContentInfo *cms = NULL;
+    ASN1_OCTET_STRING **pos, *os;
+    BIO *rct_cont = NULL;
+    int r = 0;
+
+    flags &= ~(CMS_STREAM | CMS_TEXT);
+    /* Not really detached but avoids content being allocated */
+    flags |= CMS_PARTIAL | CMS_BINARY | CMS_DETACHED;
+    if (!pkey || !signcert) {
+        CMSerr(CMS_F_CMS_SIGN_RECEIPT, CMS_R_NO_KEY_OR_CERT);
+        return NULL;
+    }
+
+    /* Initialize signed data */
+
+    cms = CMS_sign(NULL, NULL, certs, NULL, flags);
+    if (!cms)
+        goto err;
+
+    /* Set inner content type to signed receipt */
+    if (!CMS_set1_eContentType(cms, OBJ_nid2obj(NID_id_smime_ct_receipt)))
+        goto err;
+
+    rct_si = CMS_add1_signer(cms, signcert, pkey, NULL, flags);
+    if (!rct_si) {
+        CMSerr(CMS_F_CMS_SIGN_RECEIPT, CMS_R_ADD_SIGNER_ERROR);
+        goto err;
+    }
+
+    os = cms_encode_Receipt(si);
+
+    if (!os)
+        goto err;
+
+    /* Set content to digest */
+    rct_cont = BIO_new_mem_buf(os->data, os->length);
+    if (!rct_cont)
+        goto err;
+
+    /* Add msgSigDigest attribute */
+
+    if (!cms_msgSigDigest_add1(rct_si, si))
+        goto err;
+
+    /* Finalize structure */
+    if (!CMS_final(cms, rct_cont, NULL, flags))
+        goto err;
+
+    /* Set embedded content */
+    pos = CMS_get0_content(cms);
+    *pos = os;
+
+    r = 1;
+
+ err:
+    BIO_free(rct_cont);
+    if (r)
+        return cms;
+    CMS_ContentInfo_free(cms);
+    return NULL;
+
+}
+
+CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *data,
+                             const EVP_CIPHER *cipher, unsigned int flags)
+{
+    CMS_ContentInfo *cms;
+    int i;
+    X509 *recip;
+    cms = CMS_EnvelopedData_create(cipher);
+    if (!cms)
+        goto merr;
+    for (i = 0; i < sk_X509_num(certs); i++) {
+        recip = sk_X509_value(certs, i);
+        if (!CMS_add1_recipient_cert(cms, recip, flags)) {
+            CMSerr(CMS_F_CMS_ENCRYPT, CMS_R_RECIPIENT_ERROR);
+            goto err;
+        }
+    }
+
+    if (!(flags & CMS_DETACHED))
+        CMS_set_detached(cms, 0);
+
+    if ((flags & (CMS_STREAM | CMS_PARTIAL))
+        || CMS_final(cms, data, NULL, flags))
+        return cms;
+    else
+        goto err;
+
+ merr:
+    CMSerr(CMS_F_CMS_ENCRYPT, ERR_R_MALLOC_FAILURE);
+ err:
+    CMS_ContentInfo_free(cms);
+    return NULL;
+}
+
+static int cms_kari_set1_pkey(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
+                              EVP_PKEY *pk, X509 *cert)
+{
+    int i;
+    STACK_OF(CMS_RecipientEncryptedKey) *reks;
+    CMS_RecipientEncryptedKey *rek;
+    reks = CMS_RecipientInfo_kari_get0_reks(ri);
+    for (i = 0; i < sk_CMS_RecipientEncryptedKey_num(reks); i++) {
+        int rv;
+        rek = sk_CMS_RecipientEncryptedKey_value(reks, i);
+        if (cert != NULL && CMS_RecipientEncryptedKey_cert_cmp(rek, cert))
+            continue;
+        CMS_RecipientInfo_kari_set0_pkey(ri, pk);
+        rv = CMS_RecipientInfo_kari_decrypt(cms, ri, rek);
+        CMS_RecipientInfo_kari_set0_pkey(ri, NULL);
+        if (rv > 0)
+            return 1;
+        return cert == NULL ? 0 : -1;
+    }
+    return 0;
+}
+
+int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
+{
+    STACK_OF(CMS_RecipientInfo) *ris;
+    CMS_RecipientInfo *ri;
+    int i, r, ri_type;
+    int debug = 0, match_ri = 0;
+    ris = CMS_get0_RecipientInfos(cms);
+    if (ris)
+        debug = cms->d.envelopedData->encryptedContentInfo->debug;
+    ri_type = cms_pkey_get_ri_type(pk);
+    if (ri_type == CMS_RECIPINFO_NONE) {
+        CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY,
+               CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+        return 0;
+    }
+
+    for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) {
+        ri = sk_CMS_RecipientInfo_value(ris, i);
+        if (CMS_RecipientInfo_type(ri) != ri_type)
+            continue;
+        match_ri = 1;
+        if (ri_type == CMS_RECIPINFO_AGREE) {
+            r = cms_kari_set1_pkey(cms, ri, pk, cert);
+            if (r > 0)
+                return 1;
+            if (r < 0)
+                return 0;
+        }
+        /*
+         * If we have a cert try matching RecipientInfo otherwise try them
+         * all.
+         */
+        else if (!cert || !CMS_RecipientInfo_ktri_cert_cmp(ri, cert)) {
+            EVP_PKEY_up_ref(pk);
+            CMS_RecipientInfo_set0_pkey(ri, pk);
+            r = CMS_RecipientInfo_decrypt(cms, ri);
+            CMS_RecipientInfo_set0_pkey(ri, NULL);
+            if (cert) {
+                /*
+                 * If not debugging clear any error and return success to
+                 * avoid leaking of information useful to MMA
+                 */
+                if (!debug) {
+                    ERR_clear_error();
+                    return 1;
+                }
+                if (r > 0)
+                    return 1;
+                CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, CMS_R_DECRYPT_ERROR);
+                return 0;
+            }
+            /*
+             * If no cert and not debugging don't leave loop after first
+             * successful decrypt. Always attempt to decrypt all recipients
+             * to avoid leaking timing of a successful decrypt.
+             */
+            else if (r > 0 && debug)
+                return 1;
+        }
+    }
+    /* If no cert, key transport and not debugging always return success */
+    if (cert == NULL && ri_type == CMS_RECIPINFO_TRANS && match_ri && !debug) {
+        ERR_clear_error();
+        return 1;
+    }
+
+    CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, CMS_R_NO_MATCHING_RECIPIENT);
+    return 0;
+
+}
+
+int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
+                         unsigned char *key, size_t keylen,
+                         const unsigned char *id, size_t idlen)
+{
+    STACK_OF(CMS_RecipientInfo) *ris;
+    CMS_RecipientInfo *ri;
+    int i, r;
+    ris = CMS_get0_RecipientInfos(cms);
+    for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) {
+        ri = sk_CMS_RecipientInfo_value(ris, i);
+        if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_KEK)
+            continue;
+
+        /*
+         * If we have an id try matching RecipientInfo otherwise try them
+         * all.
+         */
+        if (!id || (CMS_RecipientInfo_kekri_id_cmp(ri, id, idlen) == 0)) {
+            CMS_RecipientInfo_set0_key(ri, key, keylen);
+            r = CMS_RecipientInfo_decrypt(cms, ri);
+            CMS_RecipientInfo_set0_key(ri, NULL, 0);
+            if (r > 0)
+                return 1;
+            if (id) {
+                CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY, CMS_R_DECRYPT_ERROR);
+                return 0;
+            }
+            ERR_clear_error();
+        }
+    }
+
+    CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY, CMS_R_NO_MATCHING_RECIPIENT);
+    return 0;
+
+}
+
+int CMS_decrypt_set1_password(CMS_ContentInfo *cms,
+                              unsigned char *pass, ossl_ssize_t passlen)
+{
+    STACK_OF(CMS_RecipientInfo) *ris;
+    CMS_RecipientInfo *ri;
+    int i, r;
+    ris = CMS_get0_RecipientInfos(cms);
+    for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) {
+        ri = sk_CMS_RecipientInfo_value(ris, i);
+        if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_PASS)
+            continue;
+        CMS_RecipientInfo_set0_password(ri, pass, passlen);
+        r = CMS_RecipientInfo_decrypt(cms, ri);
+        CMS_RecipientInfo_set0_password(ri, NULL, 0);
+        if (r > 0)
+            return 1;
+    }
+
+    CMSerr(CMS_F_CMS_DECRYPT_SET1_PASSWORD, CMS_R_NO_MATCHING_RECIPIENT);
+    return 0;
+
+}
+
+int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert,
+                BIO *dcont, BIO *out, unsigned int flags)
+{
+    int r;
+    BIO *cont;
+    if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_enveloped) {
+        CMSerr(CMS_F_CMS_DECRYPT, CMS_R_TYPE_NOT_ENVELOPED_DATA);
+        return 0;
+    }
+    if (!dcont && !check_content(cms))
+        return 0;
+    if (flags & CMS_DEBUG_DECRYPT)
+        cms->d.envelopedData->encryptedContentInfo->debug = 1;
+    else
+        cms->d.envelopedData->encryptedContentInfo->debug = 0;
+    if (!pk && !cert && !dcont && !out)
+        return 1;
+    if (pk && !CMS_decrypt_set1_pkey(cms, pk, cert))
+        return 0;
+    cont = CMS_dataInit(cms, dcont);
+    if (!cont)
+        return 0;
+    r = cms_copy_content(out, cont, flags);
+    do_free_upto(cont, dcont);
+    return r;
+}
+
+int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags)
+{
+    BIO *cmsbio;
+    int ret = 0;
+
+    if ((cmsbio = CMS_dataInit(cms, dcont)) == NULL) {
+        CMSerr(CMS_F_CMS_FINAL, CMS_R_CMS_LIB);
+        return 0;
+    }
+
+    SMIME_crlf_copy(data, cmsbio, flags);
+
+    (void)BIO_flush(cmsbio);
+
+    if (!CMS_dataFinal(cms, cmsbio)) {
+        CMSerr(CMS_F_CMS_FINAL, CMS_R_CMS_DATAFINAL_ERROR);
+        goto err;
+    }
+
+    ret = 1;
+
+ err:
+    do_free_upto(cmsbio, dcont);
+
+    return ret;
+
+}
+
+#ifdef ZLIB
+
+int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
+                   unsigned int flags)
+{
+    BIO *cont;
+    int r;
+    if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_id_smime_ct_compressedData) {
+        CMSerr(CMS_F_CMS_UNCOMPRESS, CMS_R_TYPE_NOT_COMPRESSED_DATA);
+        return 0;
+    }
+
+    if (!dcont && !check_content(cms))
+        return 0;
+
+    cont = CMS_dataInit(cms, dcont);
+    if (!cont)
+        return 0;
+    r = cms_copy_content(out, cont, flags);
+    do_free_upto(cont, dcont);
+    return r;
+}
+
+CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags)
+{
+    CMS_ContentInfo *cms;
+    if (comp_nid <= 0)
+        comp_nid = NID_zlib_compression;
+    cms = cms_CompressedData_create(comp_nid);
+    if (!cms)
+        return NULL;
+
+    if (!(flags & CMS_DETACHED))
+        CMS_set_detached(cms, 0);
+
+    if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags))
+        return cms;
+
+    CMS_ContentInfo_free(cms);
+    return NULL;
+}
+
+#else
+
+int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
+                   unsigned int flags)
+{
+    CMSerr(CMS_F_CMS_UNCOMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
+    return 0;
+}
+
+CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags)
+{
+    CMSerr(CMS_F_CMS_COMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
+    return NULL;
+}
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/comp/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/comp/build.info
new file mode 100644
index 000000000..65df46a17
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/comp/build.info
@@ -0,0 +1,4 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]= \
+        comp_lib.c comp_err.c \
+        c_zlib.c
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/comp/c_zlib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/comp/c_zlib.c
new file mode 100644
index 000000000..d688deee5
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/comp/c_zlib.c
@@ -0,0 +1,618 @@
+/*
+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/objects.h>
+#include "internal/comp.h"
+#include <openssl/err.h>
+#include "internal/cryptlib_int.h"
+#include "internal/bio.h"
+#include "comp_lcl.h"
+
+COMP_METHOD *COMP_zlib(void);
+
+static COMP_METHOD zlib_method_nozlib = {
+    NID_undef,
+    "(undef)",
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+};
+
+#ifndef ZLIB
+# undef ZLIB_SHARED
+#else
+
+# include <zlib.h>
+
+static int zlib_stateful_init(COMP_CTX *ctx);
+static void zlib_stateful_finish(COMP_CTX *ctx);
+static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out,
+                                        unsigned int olen, unsigned char *in,
+                                        unsigned int ilen);
+static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out,
+                                      unsigned int olen, unsigned char *in,
+                                      unsigned int ilen);
+
+/* memory allocations functions for zlib initialisation */
+static void *zlib_zalloc(void *opaque, unsigned int no, unsigned int size)
+{
+    void *p;
+
+    p = OPENSSL_zalloc(no * size);
+    return p;
+}
+
+static void zlib_zfree(void *opaque, void *address)
+{
+    OPENSSL_free(address);
+}
+
+
+static COMP_METHOD zlib_stateful_method = {
+    NID_zlib_compression,
+    LN_zlib_compression,
+    zlib_stateful_init,
+    zlib_stateful_finish,
+    zlib_stateful_compress_block,
+    zlib_stateful_expand_block
+};
+
+/*
+ * When OpenSSL is built on Windows, we do not want to require that
+ * the ZLIB.DLL be available in order for the OpenSSL DLLs to
+ * work.  Therefore, all ZLIB routines are loaded at run time
+ * and we do not link to a .LIB file when ZLIB_SHARED is set.
+ */
+# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
+#  include <windows.h>
+# endif                         /* !(OPENSSL_SYS_WINDOWS ||
+                                 * OPENSSL_SYS_WIN32) */
+
+# ifdef ZLIB_SHARED
+#  include "internal/dso.h"
+
+/* Function pointers */
+typedef int (*compress_ft) (Bytef *dest, uLongf * destLen,
+                            const Bytef *source, uLong sourceLen);
+typedef int (*inflateEnd_ft) (z_streamp strm);
+typedef int (*inflate_ft) (z_streamp strm, int flush);
+typedef int (*inflateInit__ft) (z_streamp strm,
+                                const char *version, int stream_size);
+typedef int (*deflateEnd_ft) (z_streamp strm);
+typedef int (*deflate_ft) (z_streamp strm, int flush);
+typedef int (*deflateInit__ft) (z_streamp strm, int level,
+                                const char *version, int stream_size);
+typedef const char *(*zError__ft) (int err);
+static compress_ft p_compress = NULL;
+static inflateEnd_ft p_inflateEnd = NULL;
+static inflate_ft p_inflate = NULL;
+static inflateInit__ft p_inflateInit_ = NULL;
+static deflateEnd_ft p_deflateEnd = NULL;
+static deflate_ft p_deflate = NULL;
+static deflateInit__ft p_deflateInit_ = NULL;
+static zError__ft p_zError = NULL;
+
+static int zlib_loaded = 0;     /* only attempt to init func pts once */
+static DSO *zlib_dso = NULL;
+
+#  define compress                p_compress
+#  define inflateEnd              p_inflateEnd
+#  define inflate                 p_inflate
+#  define inflateInit_            p_inflateInit_
+#  define deflateEnd              p_deflateEnd
+#  define deflate                 p_deflate
+#  define deflateInit_            p_deflateInit_
+#  define zError                  p_zError
+# endif                         /* ZLIB_SHARED */
+
+struct zlib_state {
+    z_stream istream;
+    z_stream ostream;
+};
+
+static int zlib_stateful_init(COMP_CTX *ctx)
+{
+    int err;
+    struct zlib_state *state = OPENSSL_zalloc(sizeof(*state));
+
+    if (state == NULL)
+        goto err;
+
+    state->istream.zalloc = zlib_zalloc;
+    state->istream.zfree = zlib_zfree;
+    state->istream.opaque = Z_NULL;
+    state->istream.next_in = Z_NULL;
+    state->istream.next_out = Z_NULL;
+    err = inflateInit_(&state->istream, ZLIB_VERSION, sizeof(z_stream));
+    if (err != Z_OK)
+        goto err;
+
+    state->ostream.zalloc = zlib_zalloc;
+    state->ostream.zfree = zlib_zfree;
+    state->ostream.opaque = Z_NULL;
+    state->ostream.next_in = Z_NULL;
+    state->ostream.next_out = Z_NULL;
+    err = deflateInit_(&state->ostream, Z_DEFAULT_COMPRESSION,
+                       ZLIB_VERSION, sizeof(z_stream));
+    if (err != Z_OK)
+        goto err;
+
+    ctx->data = state;
+    return 1;
+ err:
+    OPENSSL_free(state);
+    return 0;
+}
+
+static void zlib_stateful_finish(COMP_CTX *ctx)
+{
+    struct zlib_state *state = ctx->data;
+    inflateEnd(&state->istream);
+    deflateEnd(&state->ostream);
+    OPENSSL_free(state);
+}
+
+static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out,
+                                        unsigned int olen, unsigned char *in,
+                                        unsigned int ilen)
+{
+    int err = Z_OK;
+    struct zlib_state *state = ctx->data;
+
+    if (state == NULL)
+        return -1;
+
+    state->ostream.next_in = in;
+    state->ostream.avail_in = ilen;
+    state->ostream.next_out = out;
+    state->ostream.avail_out = olen;
+    if (ilen > 0)
+        err = deflate(&state->ostream, Z_SYNC_FLUSH);
+    if (err != Z_OK)
+        return -1;
+    return olen - state->ostream.avail_out;
+}
+
+static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out,
+                                      unsigned int olen, unsigned char *in,
+                                      unsigned int ilen)
+{
+    int err = Z_OK;
+    struct zlib_state *state = ctx->data;
+
+    if (state == NULL)
+        return 0;
+
+    state->istream.next_in = in;
+    state->istream.avail_in = ilen;
+    state->istream.next_out = out;
+    state->istream.avail_out = olen;
+    if (ilen > 0)
+        err = inflate(&state->istream, Z_SYNC_FLUSH);
+    if (err != Z_OK)
+        return -1;
+    return olen - state->istream.avail_out;
+}
+
+#endif
+
+COMP_METHOD *COMP_zlib(void)
+{
+    COMP_METHOD *meth = &zlib_method_nozlib;
+
+#ifdef ZLIB_SHARED
+    /* LIBZ may be externally defined, and we should respect that value */
+# ifndef LIBZ
+#  if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
+#   define LIBZ "ZLIB1"
+#  elif defined(OPENSSL_SYS_VMS)
+#   define LIBZ "LIBZ"
+#  else
+#   define LIBZ "z"
+#  endif
+# endif
+
+    if (!zlib_loaded) {
+        zlib_dso = DSO_load(NULL, LIBZ, NULL, 0);
+        if (zlib_dso != NULL) {
+            p_compress = (compress_ft) DSO_bind_func(zlib_dso, "compress");
+            p_inflateEnd
+                = (inflateEnd_ft) DSO_bind_func(zlib_dso, "inflateEnd");
+            p_inflate = (inflate_ft) DSO_bind_func(zlib_dso, "inflate");
+            p_inflateInit_
+                = (inflateInit__ft) DSO_bind_func(zlib_dso, "inflateInit_");
+            p_deflateEnd
+                = (deflateEnd_ft) DSO_bind_func(zlib_dso, "deflateEnd");
+            p_deflate = (deflate_ft) DSO_bind_func(zlib_dso, "deflate");
+            p_deflateInit_
+                = (deflateInit__ft) DSO_bind_func(zlib_dso, "deflateInit_");
+            p_zError = (zError__ft) DSO_bind_func(zlib_dso, "zError");
+
+            if (p_compress && p_inflateEnd && p_inflate
+                && p_inflateInit_ && p_deflateEnd
+                && p_deflate && p_deflateInit_ && p_zError)
+                zlib_loaded++;
+
+            if (!OPENSSL_init_crypto(OPENSSL_INIT_ZLIB, NULL)) {
+                comp_zlib_cleanup_int();
+                return meth;
+            }
+            if (zlib_loaded)
+                meth = &zlib_stateful_method;
+        }
+    }
+#endif
+#if defined(ZLIB)
+    meth = &zlib_stateful_method;
+#endif
+
+    return meth;
+}
+
+void comp_zlib_cleanup_int(void)
+{
+#ifdef ZLIB_SHARED
+    DSO_free(zlib_dso);
+    zlib_dso = NULL;
+#endif
+}
+
+#ifdef ZLIB
+
+/* Zlib based compression/decompression filter BIO */
+
+typedef struct {
+    unsigned char *ibuf;        /* Input buffer */
+    int ibufsize;               /* Buffer size */
+    z_stream zin;               /* Input decompress context */
+    unsigned char *obuf;        /* Output buffer */
+    int obufsize;               /* Output buffer size */
+    unsigned char *optr;        /* Position in output buffer */
+    int ocount;                 /* Amount of data in output buffer */
+    int odone;                  /* deflate EOF */
+    int comp_level;             /* Compression level to use */
+    z_stream zout;              /* Output compression context */
+} BIO_ZLIB_CTX;
+
+# define ZLIB_DEFAULT_BUFSIZE 1024
+
+static int bio_zlib_new(BIO *bi);
+static int bio_zlib_free(BIO *bi);
+static int bio_zlib_read(BIO *b, char *out, int outl);
+static int bio_zlib_write(BIO *b, const char *in, int inl);
+static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr);
+static long bio_zlib_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp);
+
+static const BIO_METHOD bio_meth_zlib = {
+    BIO_TYPE_COMP,
+    "zlib",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
+    bio_zlib_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
+    bio_zlib_read,
+    NULL,                      /* bio_zlib_puts, */
+    NULL,                      /* bio_zlib_gets, */
+    bio_zlib_ctrl,
+    bio_zlib_new,
+    bio_zlib_free,
+    bio_zlib_callback_ctrl
+};
+
+const BIO_METHOD *BIO_f_zlib(void)
+{
+    return &bio_meth_zlib;
+}
+
+static int bio_zlib_new(BIO *bi)
+{
+    BIO_ZLIB_CTX *ctx;
+# ifdef ZLIB_SHARED
+    (void)COMP_zlib();
+    if (!zlib_loaded) {
+        COMPerr(COMP_F_BIO_ZLIB_NEW, COMP_R_ZLIB_NOT_SUPPORTED);
+        return 0;
+    }
+# endif
+    ctx = OPENSSL_zalloc(sizeof(*ctx));
+    if (ctx == NULL) {
+        COMPerr(COMP_F_BIO_ZLIB_NEW, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ctx->ibufsize = ZLIB_DEFAULT_BUFSIZE;
+    ctx->obufsize = ZLIB_DEFAULT_BUFSIZE;
+    ctx->zin.zalloc = Z_NULL;
+    ctx->zin.zfree = Z_NULL;
+    ctx->zout.zalloc = Z_NULL;
+    ctx->zout.zfree = Z_NULL;
+    ctx->comp_level = Z_DEFAULT_COMPRESSION;
+    BIO_set_init(bi, 1);
+    BIO_set_data(bi, ctx);
+
+    return 1;
+}
+
+static int bio_zlib_free(BIO *bi)
+{
+    BIO_ZLIB_CTX *ctx;
+    if (!bi)
+        return 0;
+    ctx = BIO_get_data(bi);
+    if (ctx->ibuf) {
+        /* Destroy decompress context */
+        inflateEnd(&ctx->zin);
+        OPENSSL_free(ctx->ibuf);
+    }
+    if (ctx->obuf) {
+        /* Destroy compress context */
+        deflateEnd(&ctx->zout);
+        OPENSSL_free(ctx->obuf);
+    }
+    OPENSSL_free(ctx);
+    BIO_set_data(bi, NULL);
+    BIO_set_init(bi, 0);
+
+    return 1;
+}
+
+static int bio_zlib_read(BIO *b, char *out, int outl)
+{
+    BIO_ZLIB_CTX *ctx;
+    int ret;
+    z_stream *zin;
+    BIO *next = BIO_next(b);
+
+    if (!out || !outl)
+        return 0;
+    ctx = BIO_get_data(b);
+    zin = &ctx->zin;
+    BIO_clear_retry_flags(b);
+    if (!ctx->ibuf) {
+        ctx->ibuf = OPENSSL_malloc(ctx->ibufsize);
+        if (ctx->ibuf == NULL) {
+            COMPerr(COMP_F_BIO_ZLIB_READ, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        inflateInit(zin);
+        zin->next_in = ctx->ibuf;
+        zin->avail_in = 0;
+    }
+
+    /* Copy output data directly to supplied buffer */
+    zin->next_out = (unsigned char *)out;
+    zin->avail_out = (unsigned int)outl;
+    for (;;) {
+        /* Decompress while data available */
+        while (zin->avail_in) {
+            ret = inflate(zin, 0);
+            if ((ret != Z_OK) && (ret != Z_STREAM_END)) {
+                COMPerr(COMP_F_BIO_ZLIB_READ, COMP_R_ZLIB_INFLATE_ERROR);
+                ERR_add_error_data(2, "zlib error:", zError(ret));
+                return 0;
+            }
+            /* If EOF or we've read everything then return */
+            if ((ret == Z_STREAM_END) || !zin->avail_out)
+                return outl - zin->avail_out;
+        }
+
+        /*
+         * No data in input buffer try to read some in, if an error then
+         * return the total data read.
+         */
+        ret = BIO_read(next, ctx->ibuf, ctx->ibufsize);
+        if (ret <= 0) {
+            /* Total data read */
+            int tot = outl - zin->avail_out;
+            BIO_copy_next_retry(b);
+            if (ret < 0)
+                return (tot > 0) ? tot : ret;
+            return tot;
+        }
+        zin->avail_in = ret;
+        zin->next_in = ctx->ibuf;
+    }
+}
+
+static int bio_zlib_write(BIO *b, const char *in, int inl)
+{
+    BIO_ZLIB_CTX *ctx;
+    int ret;
+    z_stream *zout;
+    BIO *next = BIO_next(b);
+
+    if (!in || !inl)
+        return 0;
+    ctx = BIO_get_data(b);
+    if (ctx->odone)
+        return 0;
+    zout = &ctx->zout;
+    BIO_clear_retry_flags(b);
+    if (!ctx->obuf) {
+        ctx->obuf = OPENSSL_malloc(ctx->obufsize);
+        /* Need error here */
+        if (ctx->obuf == NULL) {
+            COMPerr(COMP_F_BIO_ZLIB_WRITE, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        ctx->optr = ctx->obuf;
+        ctx->ocount = 0;
+        deflateInit(zout, ctx->comp_level);
+        zout->next_out = ctx->obuf;
+        zout->avail_out = ctx->obufsize;
+    }
+    /* Obtain input data directly from supplied buffer */
+    zout->next_in = (void *)in;
+    zout->avail_in = inl;
+    for (;;) {
+        /* If data in output buffer write it first */
+        while (ctx->ocount) {
+            ret = BIO_write(next, ctx->optr, ctx->ocount);
+            if (ret <= 0) {
+                /* Total data written */
+                int tot = inl - zout->avail_in;
+                BIO_copy_next_retry(b);
+                if (ret < 0)
+                    return (tot > 0) ? tot : ret;
+                return tot;
+            }
+            ctx->optr += ret;
+            ctx->ocount -= ret;
+        }
+
+        /* Have we consumed all supplied data? */
+        if (!zout->avail_in)
+            return inl;
+
+        /* Compress some more */
+
+        /* Reset buffer */
+        ctx->optr = ctx->obuf;
+        zout->next_out = ctx->obuf;
+        zout->avail_out = ctx->obufsize;
+        /* Compress some more */
+        ret = deflate(zout, 0);
+        if (ret != Z_OK) {
+            COMPerr(COMP_F_BIO_ZLIB_WRITE, COMP_R_ZLIB_DEFLATE_ERROR);
+            ERR_add_error_data(2, "zlib error:", zError(ret));
+            return 0;
+        }
+        ctx->ocount = ctx->obufsize - zout->avail_out;
+    }
+}
+
+static int bio_zlib_flush(BIO *b)
+{
+    BIO_ZLIB_CTX *ctx;
+    int ret;
+    z_stream *zout;
+    BIO *next = BIO_next(b);
+
+    ctx = BIO_get_data(b);
+    /* If no data written or already flush show success */
+    if (!ctx->obuf || (ctx->odone && !ctx->ocount))
+        return 1;
+    zout = &ctx->zout;
+    BIO_clear_retry_flags(b);
+    /* No more input data */
+    zout->next_in = NULL;
+    zout->avail_in = 0;
+    for (;;) {
+        /* If data in output buffer write it first */
+        while (ctx->ocount) {
+            ret = BIO_write(next, ctx->optr, ctx->ocount);
+            if (ret <= 0) {
+                BIO_copy_next_retry(b);
+                return ret;
+            }
+            ctx->optr += ret;
+            ctx->ocount -= ret;
+        }
+        if (ctx->odone)
+            return 1;
+
+        /* Compress some more */
+
+        /* Reset buffer */
+        ctx->optr = ctx->obuf;
+        zout->next_out = ctx->obuf;
+        zout->avail_out = ctx->obufsize;
+        /* Compress some more */
+        ret = deflate(zout, Z_FINISH);
+        if (ret == Z_STREAM_END)
+            ctx->odone = 1;
+        else if (ret != Z_OK) {
+            COMPerr(COMP_F_BIO_ZLIB_FLUSH, COMP_R_ZLIB_DEFLATE_ERROR);
+            ERR_add_error_data(2, "zlib error:", zError(ret));
+            return 0;
+        }
+        ctx->ocount = ctx->obufsize - zout->avail_out;
+    }
+}
+
+static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    BIO_ZLIB_CTX *ctx;
+    int ret, *ip;
+    int ibs, obs;
+    BIO *next = BIO_next(b);
+
+    if (next == NULL)
+        return 0;
+    ctx = BIO_get_data(b);
+    switch (cmd) {
+
+    case BIO_CTRL_RESET:
+        ctx->ocount = 0;
+        ctx->odone = 0;
+        ret = 1;
+        break;
+
+    case BIO_CTRL_FLUSH:
+        ret = bio_zlib_flush(b);
+        if (ret > 0)
+            ret = BIO_flush(next);
+        break;
+
+    case BIO_C_SET_BUFF_SIZE:
+        ibs = -1;
+        obs = -1;
+        if (ptr != NULL) {
+            ip = ptr;
+            if (*ip == 0)
+                ibs = (int)num;
+            else
+                obs = (int)num;
+        } else {
+            ibs = (int)num;
+            obs = ibs;
+        }
+
+        if (ibs != -1) {
+            OPENSSL_free(ctx->ibuf);
+            ctx->ibuf = NULL;
+            ctx->ibufsize = ibs;
+        }
+
+        if (obs != -1) {
+            OPENSSL_free(ctx->obuf);
+            ctx->obuf = NULL;
+            ctx->obufsize = obs;
+        }
+        ret = 1;
+        break;
+
+    case BIO_C_DO_STATE_MACHINE:
+        BIO_clear_retry_flags(b);
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        BIO_copy_next_retry(b);
+        break;
+
+    default:
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+
+    }
+
+    return ret;
+}
+
+static long bio_zlib_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
+{
+    BIO *next = BIO_next(b);
+    if (next == NULL)
+        return 0;
+    return BIO_callback_ctrl(next, cmd, fp);
+}
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/comp/comp_err.c b/trunk/3rdparty/openssl-1.1-fit/crypto/comp/comp_err.c
new file mode 100644
index 000000000..2dca315cf
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/comp/comp_err.c
@@ -0,0 +1,46 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/comperr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA COMP_str_functs[] = {
+    {ERR_PACK(ERR_LIB_COMP, COMP_F_BIO_ZLIB_FLUSH, 0), "bio_zlib_flush"},
+    {ERR_PACK(ERR_LIB_COMP, COMP_F_BIO_ZLIB_NEW, 0), "bio_zlib_new"},
+    {ERR_PACK(ERR_LIB_COMP, COMP_F_BIO_ZLIB_READ, 0), "bio_zlib_read"},
+    {ERR_PACK(ERR_LIB_COMP, COMP_F_BIO_ZLIB_WRITE, 0), "bio_zlib_write"},
+    {ERR_PACK(ERR_LIB_COMP, COMP_F_COMP_CTX_NEW, 0), "COMP_CTX_new"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA COMP_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_COMP, 0, COMP_R_ZLIB_DEFLATE_ERROR),
+    "zlib deflate error"},
+    {ERR_PACK(ERR_LIB_COMP, 0, COMP_R_ZLIB_INFLATE_ERROR),
+    "zlib inflate error"},
+    {ERR_PACK(ERR_LIB_COMP, 0, COMP_R_ZLIB_NOT_SUPPORTED),
+    "zlib not supported"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_COMP_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(COMP_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(COMP_str_functs);
+        ERR_load_strings_const(COMP_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/comp/comp_lcl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/comp/comp_lcl.h
new file mode 100644
index 000000000..aa45fca23
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/comp/comp_lcl.h
@@ -0,0 +1,30 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+struct comp_method_st {
+    int type;                   /* NID for compression library */
+    const char *name;           /* A text string to identify the library */
+    int (*init) (COMP_CTX *ctx);
+    void (*finish) (COMP_CTX *ctx);
+    int (*compress) (COMP_CTX *ctx,
+                     unsigned char *out, unsigned int olen,
+                     unsigned char *in, unsigned int ilen);
+    int (*expand) (COMP_CTX *ctx,
+                   unsigned char *out, unsigned int olen,
+                   unsigned char *in, unsigned int ilen);
+};
+
+struct comp_ctx_st {
+    struct comp_method_st *meth;
+    unsigned long compress_in;
+    unsigned long compress_out;
+    unsigned long expand_in;
+    unsigned long expand_out;
+    void* data;
+};
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/comp/comp_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/comp/comp_lib.c
new file mode 100644
index 000000000..6ae211449
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/comp/comp_lib.c
@@ -0,0 +1,93 @@
+/*
+ * Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/objects.h>
+#include <openssl/comp.h>
+#include <openssl/err.h>
+#include "comp_lcl.h"
+
+COMP_CTX *COMP_CTX_new(COMP_METHOD *meth)
+{
+    COMP_CTX *ret;
+
+    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) {
+        COMPerr(COMP_F_COMP_CTX_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    ret->meth = meth;
+    if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
+        OPENSSL_free(ret);
+        ret = NULL;
+    }
+    return ret;
+}
+
+const COMP_METHOD *COMP_CTX_get_method(const COMP_CTX *ctx)
+{
+    return ctx->meth;
+}
+
+int COMP_get_type(const COMP_METHOD *meth)
+{
+    return meth->type;
+}
+
+const char *COMP_get_name(const COMP_METHOD *meth)
+{
+    return meth->name;
+}
+
+void COMP_CTX_free(COMP_CTX *ctx)
+{
+    if (ctx == NULL)
+        return;
+    if (ctx->meth->finish != NULL)
+        ctx->meth->finish(ctx);
+
+    OPENSSL_free(ctx);
+}
+
+int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen,
+                        unsigned char *in, int ilen)
+{
+    int ret;
+    if (ctx->meth->compress == NULL) {
+        return -1;
+    }
+    ret = ctx->meth->compress(ctx, out, olen, in, ilen);
+    if (ret > 0) {
+        ctx->compress_in += ilen;
+        ctx->compress_out += ret;
+    }
+    return ret;
+}
+
+int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
+                      unsigned char *in, int ilen)
+{
+    int ret;
+
+    if (ctx->meth->expand == NULL) {
+        return -1;
+    }
+    ret = ctx->meth->expand(ctx, out, olen, in, ilen);
+    if (ret > 0) {
+        ctx->expand_in += ilen;
+        ctx->expand_out += ret;
+    }
+    return ret;
+}
+
+int COMP_CTX_get_type(const COMP_CTX* comp)
+{
+    return comp->meth ? comp->meth->type : NID_undef;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/conf/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/conf/build.info
new file mode 100644
index 000000000..ff367994e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/conf/build.info
@@ -0,0 +1,4 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]= \
+        conf_err.c conf_lib.c conf_api.c conf_def.c conf_mod.c \
+        conf_mall.c conf_sap.c conf_ssl.c
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_api.c b/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_api.c
new file mode 100644
index 000000000..5e57d749c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_api.c
@@ -0,0 +1,218 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Part of the code in here was originally in conf.c, which is now removed */
+
+#include "e_os.h"
+#include "internal/cryptlib.h"
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/conf.h>
+#include <openssl/conf_api.h>
+
+static void value_free_hash(const CONF_VALUE *a, LHASH_OF(CONF_VALUE) *conf);
+static void value_free_stack_doall(CONF_VALUE *a);
+
+/* Up until OpenSSL 0.9.5a, this was get_section */
+CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section)
+{
+    CONF_VALUE *v, vv;
+
+    if ((conf == NULL) || (section == NULL))
+        return NULL;
+    vv.name = NULL;
+    vv.section = (char *)section;
+    v = lh_CONF_VALUE_retrieve(conf->data, &vv);
+    return v;
+}
+
+/* Up until OpenSSL 0.9.5a, this was CONF_get_section */
+STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf,
+                                               const char *section)
+{
+    CONF_VALUE *v;
+
+    v = _CONF_get_section(conf, section);
+    if (v != NULL)
+        return ((STACK_OF(CONF_VALUE) *)v->value);
+    else
+        return NULL;
+}
+
+int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value)
+{
+    CONF_VALUE *v = NULL;
+    STACK_OF(CONF_VALUE) *ts;
+
+    ts = (STACK_OF(CONF_VALUE) *)section->value;
+
+    value->section = section->section;
+    if (!sk_CONF_VALUE_push(ts, value)) {
+        return 0;
+    }
+
+    v = lh_CONF_VALUE_insert(conf->data, value);
+    if (v != NULL) {
+        (void)sk_CONF_VALUE_delete_ptr(ts, v);
+        OPENSSL_free(v->name);
+        OPENSSL_free(v->value);
+        OPENSSL_free(v);
+    }
+    return 1;
+}
+
+char *_CONF_get_string(const CONF *conf, const char *section,
+                       const char *name)
+{
+    CONF_VALUE *v, vv;
+    char *p;
+
+    if (name == NULL)
+        return NULL;
+    if (conf != NULL) {
+        if (section != NULL) {
+            vv.name = (char *)name;
+            vv.section = (char *)section;
+            v = lh_CONF_VALUE_retrieve(conf->data, &vv);
+            if (v != NULL)
+                return v->value;
+            if (strcmp(section, "ENV") == 0) {
+                p = ossl_safe_getenv(name);
+                if (p != NULL)
+                    return p;
+            }
+        }
+        vv.section = "default";
+        vv.name = (char *)name;
+        v = lh_CONF_VALUE_retrieve(conf->data, &vv);
+        if (v != NULL)
+            return v->value;
+        else
+            return NULL;
+    } else
+        return ossl_safe_getenv(name);
+}
+
+static unsigned long conf_value_hash(const CONF_VALUE *v)
+{
+    return (OPENSSL_LH_strhash(v->section) << 2) ^ OPENSSL_LH_strhash(v->name);
+}
+
+static int conf_value_cmp(const CONF_VALUE *a, const CONF_VALUE *b)
+{
+    int i;
+
+    if (a->section != b->section) {
+        i = strcmp(a->section, b->section);
+        if (i)
+            return i;
+    }
+
+    if ((a->name != NULL) && (b->name != NULL)) {
+        i = strcmp(a->name, b->name);
+        return i;
+    } else if (a->name == b->name)
+        return 0;
+    else
+        return ((a->name == NULL) ? -1 : 1);
+}
+
+int _CONF_new_data(CONF *conf)
+{
+    if (conf == NULL) {
+        return 0;
+    }
+    if (conf->data == NULL) {
+        conf->data = lh_CONF_VALUE_new(conf_value_hash, conf_value_cmp);
+        if (conf->data == NULL)
+            return 0;
+    }
+    return 1;
+}
+
+typedef LHASH_OF(CONF_VALUE) LH_CONF_VALUE;
+
+IMPLEMENT_LHASH_DOALL_ARG_CONST(CONF_VALUE, LH_CONF_VALUE);
+
+void _CONF_free_data(CONF *conf)
+{
+    if (conf == NULL || conf->data == NULL)
+        return;
+
+    /* evil thing to make sure the 'OPENSSL_free()' works as expected */
+    lh_CONF_VALUE_set_down_load(conf->data, 0);
+    lh_CONF_VALUE_doall_LH_CONF_VALUE(conf->data, value_free_hash, conf->data);
+
+    /*
+     * We now have only 'section' entries in the hash table. Due to problems
+     * with
+     */
+
+    lh_CONF_VALUE_doall(conf->data, value_free_stack_doall);
+    lh_CONF_VALUE_free(conf->data);
+}
+
+static void value_free_hash(const CONF_VALUE *a, LHASH_OF(CONF_VALUE) *conf)
+{
+    if (a->name != NULL)
+        (void)lh_CONF_VALUE_delete(conf, a);
+}
+
+static void value_free_stack_doall(CONF_VALUE *a)
+{
+    CONF_VALUE *vv;
+    STACK_OF(CONF_VALUE) *sk;
+    int i;
+
+    if (a->name != NULL)
+        return;
+
+    sk = (STACK_OF(CONF_VALUE) *)a->value;
+    for (i = sk_CONF_VALUE_num(sk) - 1; i >= 0; i--) {
+        vv = sk_CONF_VALUE_value(sk, i);
+        OPENSSL_free(vv->value);
+        OPENSSL_free(vv->name);
+        OPENSSL_free(vv);
+    }
+    sk_CONF_VALUE_free(sk);
+    OPENSSL_free(a->section);
+    OPENSSL_free(a);
+}
+
+/* Up until OpenSSL 0.9.5a, this was new_section */
+CONF_VALUE *_CONF_new_section(CONF *conf, const char *section)
+{
+    STACK_OF(CONF_VALUE) *sk = NULL;
+    int i;
+    CONF_VALUE *v = NULL, *vv;
+
+    if ((sk = sk_CONF_VALUE_new_null()) == NULL)
+        goto err;
+    if ((v = OPENSSL_malloc(sizeof(*v))) == NULL)
+        goto err;
+    i = strlen(section) + 1;
+    if ((v->section = OPENSSL_malloc(i)) == NULL)
+        goto err;
+
+    memcpy(v->section, section, i);
+    v->name = NULL;
+    v->value = (char *)sk;
+
+    vv = lh_CONF_VALUE_insert(conf->data, v);
+    if (vv != NULL || lh_CONF_VALUE_error(conf->data) > 0)
+        goto err;
+    return v;
+
+ err:
+    sk_CONF_VALUE_free(sk);
+    if (v != NULL)
+        OPENSSL_free(v->section);
+    OPENSSL_free(v);
+    return NULL;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_def.c b/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_def.c
new file mode 100644
index 000000000..8e3f42a0c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_def.c
@@ -0,0 +1,878 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Part of the code in here was originally in conf.c, which is now removed */
+
+#include <stdio.h>
+#include <string.h>
+#include "internal/cryptlib.h"
+#include "internal/o_dir.h"
+#include <openssl/lhash.h>
+#include <openssl/conf.h>
+#include <openssl/conf_api.h>
+#include "conf_def.h"
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+#ifndef OPENSSL_NO_POSIX_IO
+# include <sys/stat.h>
+# ifdef _WIN32
+#  define stat    _stat
+#  define strcasecmp _stricmp
+# endif
+#endif
+
+#ifndef S_ISDIR
+# define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
+#endif
+
+/*
+ * The maximum length we can grow a value to after variable expansion. 64k
+ * should be more than enough for all reasonable uses.
+ */
+#define MAX_CONF_VALUE_LENGTH       65536
+
+static int is_keytype(const CONF *conf, char c, unsigned short type);
+static char *eat_ws(CONF *conf, char *p);
+static void trim_ws(CONF *conf, char *start);
+static char *eat_alpha_numeric(CONF *conf, char *p);
+static void clear_comments(CONF *conf, char *p);
+static int str_copy(CONF *conf, char *section, char **to, char *from);
+static char *scan_quote(CONF *conf, char *p);
+static char *scan_dquote(CONF *conf, char *p);
+#define scan_esc(conf,p)        (((IS_EOF((conf),(p)[1]))?((p)+1):((p)+2)))
+#ifndef OPENSSL_NO_POSIX_IO
+static BIO *process_include(char *include, OPENSSL_DIR_CTX **dirctx,
+                            char **dirpath);
+static BIO *get_next_file(const char *path, OPENSSL_DIR_CTX **dirctx);
+#endif
+
+static CONF *def_create(CONF_METHOD *meth);
+static int def_init_default(CONF *conf);
+static int def_init_WIN32(CONF *conf);
+static int def_destroy(CONF *conf);
+static int def_destroy_data(CONF *conf);
+static int def_load(CONF *conf, const char *name, long *eline);
+static int def_load_bio(CONF *conf, BIO *bp, long *eline);
+static int def_dump(const CONF *conf, BIO *bp);
+static int def_is_number(const CONF *conf, char c);
+static int def_to_int(const CONF *conf, char c);
+
+static CONF_METHOD default_method = {
+    "OpenSSL default",
+    def_create,
+    def_init_default,
+    def_destroy,
+    def_destroy_data,
+    def_load_bio,
+    def_dump,
+    def_is_number,
+    def_to_int,
+    def_load
+};
+
+static CONF_METHOD WIN32_method = {
+    "WIN32",
+    def_create,
+    def_init_WIN32,
+    def_destroy,
+    def_destroy_data,
+    def_load_bio,
+    def_dump,
+    def_is_number,
+    def_to_int,
+    def_load
+};
+
+CONF_METHOD *NCONF_default(void)
+{
+    return &default_method;
+}
+
+CONF_METHOD *NCONF_WIN32(void)
+{
+    return &WIN32_method;
+}
+
+static CONF *def_create(CONF_METHOD *meth)
+{
+    CONF *ret;
+
+    ret = OPENSSL_malloc(sizeof(*ret));
+    if (ret != NULL)
+        if (meth->init(ret) == 0) {
+            OPENSSL_free(ret);
+            ret = NULL;
+        }
+    return ret;
+}
+
+static int def_init_default(CONF *conf)
+{
+    if (conf == NULL)
+        return 0;
+
+    conf->meth = &default_method;
+    conf->meth_data = (void *)CONF_type_default;
+    conf->data = NULL;
+
+    return 1;
+}
+
+static int def_init_WIN32(CONF *conf)
+{
+    if (conf == NULL)
+        return 0;
+
+    conf->meth = &WIN32_method;
+    conf->meth_data = (void *)CONF_type_win32;
+    conf->data = NULL;
+
+    return 1;
+}
+
+static int def_destroy(CONF *conf)
+{
+    if (def_destroy_data(conf)) {
+        OPENSSL_free(conf);
+        return 1;
+    }
+    return 0;
+}
+
+static int def_destroy_data(CONF *conf)
+{
+    if (conf == NULL)
+        return 0;
+    _CONF_free_data(conf);
+    return 1;
+}
+
+static int def_load(CONF *conf, const char *name, long *line)
+{
+    int ret;
+    BIO *in = NULL;
+
+#ifdef OPENSSL_SYS_VMS
+    in = BIO_new_file(name, "r");
+#else
+    in = BIO_new_file(name, "rb");
+#endif
+    if (in == NULL) {
+        if (ERR_GET_REASON(ERR_peek_last_error()) == BIO_R_NO_SUCH_FILE)
+            CONFerr(CONF_F_DEF_LOAD, CONF_R_NO_SUCH_FILE);
+        else
+            CONFerr(CONF_F_DEF_LOAD, ERR_R_SYS_LIB);
+        return 0;
+    }
+
+    ret = def_load_bio(conf, in, line);
+    BIO_free(in);
+
+    return ret;
+}
+
+static int def_load_bio(CONF *conf, BIO *in, long *line)
+{
+/* The macro BUFSIZE conflicts with a system macro in VxWorks */
+#define CONFBUFSIZE     512
+    int bufnum = 0, i, ii;
+    BUF_MEM *buff = NULL;
+    char *s, *p, *end;
+    int again;
+    long eline = 0;
+    char btmp[DECIMAL_SIZE(eline) + 1];
+    CONF_VALUE *v = NULL, *tv;
+    CONF_VALUE *sv = NULL;
+    char *section = NULL, *buf;
+    char *start, *psection, *pname;
+    void *h = (void *)(conf->data);
+    STACK_OF(BIO) *biosk = NULL;
+#ifndef OPENSSL_NO_POSIX_IO
+    char *dirpath = NULL;
+    OPENSSL_DIR_CTX *dirctx = NULL;
+#endif
+
+    if ((buff = BUF_MEM_new()) == NULL) {
+        CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_BUF_LIB);
+        goto err;
+    }
+
+    section = OPENSSL_strdup("default");
+    if (section == NULL) {
+        CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (_CONF_new_data(conf) == 0) {
+        CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    sv = _CONF_new_section(conf, section);
+    if (sv == NULL) {
+        CONFerr(CONF_F_DEF_LOAD_BIO, CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
+        goto err;
+    }
+
+    bufnum = 0;
+    again = 0;
+    for (;;) {
+        if (!BUF_MEM_grow(buff, bufnum + CONFBUFSIZE)) {
+            CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_BUF_LIB);
+            goto err;
+        }
+        p = &(buff->data[bufnum]);
+        *p = '\0';
+ read_retry:
+        BIO_gets(in, p, CONFBUFSIZE - 1);
+        p[CONFBUFSIZE - 1] = '\0';
+        ii = i = strlen(p);
+        if (i == 0 && !again) {
+            /* the currently processed BIO is at EOF */
+            BIO *parent;
+
+#ifndef OPENSSL_NO_POSIX_IO
+            /* continue processing with the next file from directory */
+            if (dirctx != NULL) {
+                BIO *next;
+
+                if ((next = get_next_file(dirpath, &dirctx)) != NULL) {
+                    BIO_vfree(in);
+                    in = next;
+                    goto read_retry;
+                } else {
+                    OPENSSL_free(dirpath);
+                    dirpath = NULL;
+                }
+            }
+#endif
+            /* no more files in directory, continue with processing parent */
+            if ((parent = sk_BIO_pop(biosk)) == NULL) {
+                /* everything processed get out of the loop */
+                break;
+            } else {
+                BIO_vfree(in);
+                in = parent;
+                goto read_retry;
+            }
+        }
+        again = 0;
+        while (i > 0) {
+            if ((p[i - 1] != '\r') && (p[i - 1] != '\n'))
+                break;
+            else
+                i--;
+        }
+        /*
+         * we removed some trailing stuff so there is a new line on the end.
+         */
+        if (ii && i == ii)
+            again = 1;          /* long line */
+        else {
+            p[i] = '\0';
+            eline++;            /* another input line */
+        }
+
+        /* we now have a line with trailing \r\n removed */
+
+        /* i is the number of bytes */
+        bufnum += i;
+
+        v = NULL;
+        /* check for line continuation */
+        if (bufnum >= 1) {
+            /*
+             * If we have bytes and the last char '\\' and second last char
+             * is not '\\'
+             */
+            p = &(buff->data[bufnum - 1]);
+            if (IS_ESC(conf, p[0]) && ((bufnum <= 1) || !IS_ESC(conf, p[-1]))) {
+                bufnum--;
+                again = 1;
+            }
+        }
+        if (again)
+            continue;
+        bufnum = 0;
+        buf = buff->data;
+
+        clear_comments(conf, buf);
+        s = eat_ws(conf, buf);
+        if (IS_EOF(conf, *s))
+            continue;           /* blank line */
+        if (*s == '[') {
+            char *ss;
+
+            s++;
+            start = eat_ws(conf, s);
+            ss = start;
+ again:
+            end = eat_alpha_numeric(conf, ss);
+            p = eat_ws(conf, end);
+            if (*p != ']') {
+                if (*p != '\0' && ss != p) {
+                    ss = p;
+                    goto again;
+                }
+                CONFerr(CONF_F_DEF_LOAD_BIO,
+                        CONF_R_MISSING_CLOSE_SQUARE_BRACKET);
+                goto err;
+            }
+            *end = '\0';
+            if (!str_copy(conf, NULL, &section, start))
+                goto err;
+            if ((sv = _CONF_get_section(conf, section)) == NULL)
+                sv = _CONF_new_section(conf, section);
+            if (sv == NULL) {
+                CONFerr(CONF_F_DEF_LOAD_BIO,
+                        CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
+                goto err;
+            }
+            continue;
+        } else {
+            pname = s;
+            end = eat_alpha_numeric(conf, s);
+            if ((end[0] == ':') && (end[1] == ':')) {
+                *end = '\0';
+                end += 2;
+                psection = pname;
+                pname = end;
+                end = eat_alpha_numeric(conf, end);
+            } else {
+                psection = section;
+            }
+            p = eat_ws(conf, end);
+            if (strncmp(pname, ".include", 8) == 0
+                && (p != pname + 8 || *p == '=')) {
+                char *include = NULL;
+                BIO *next;
+
+                if (*p == '=') {
+                    p++;
+                    p = eat_ws(conf, p);
+                }
+                trim_ws(conf, p);
+                if (!str_copy(conf, psection, &include, p))
+                    goto err;
+                /* get the BIO of the included file */
+#ifndef OPENSSL_NO_POSIX_IO
+                next = process_include(include, &dirctx, &dirpath);
+                if (include != dirpath) {
+                    /* dirpath will contain include in case of a directory */
+                    OPENSSL_free(include);
+                }
+#else
+                next = BIO_new_file(include, "r");
+                OPENSSL_free(include);
+#endif
+                if (next != NULL) {
+                    /* push the currently processing BIO onto stack */
+                    if (biosk == NULL) {
+                        if ((biosk = sk_BIO_new_null()) == NULL) {
+                            CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
+                            goto err;
+                        }
+                    }
+                    if (!sk_BIO_push(biosk, in)) {
+                        CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
+                        goto err;
+                    }
+                    /* continue with reading from the included BIO */
+                    in = next;
+                }
+                continue;
+            } else if (*p != '=') {
+                CONFerr(CONF_F_DEF_LOAD_BIO, CONF_R_MISSING_EQUAL_SIGN);
+                goto err;
+            }
+            *end = '\0';
+            p++;
+            start = eat_ws(conf, p);
+            trim_ws(conf, start);
+
+            if ((v = OPENSSL_malloc(sizeof(*v))) == NULL) {
+                CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            v->name = OPENSSL_strdup(pname);
+            v->value = NULL;
+            if (v->name == NULL) {
+                CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            if (!str_copy(conf, psection, &(v->value), start))
+                goto err;
+
+            if (strcmp(psection, section) != 0) {
+                if ((tv = _CONF_get_section(conf, psection))
+                    == NULL)
+                    tv = _CONF_new_section(conf, psection);
+                if (tv == NULL) {
+                    CONFerr(CONF_F_DEF_LOAD_BIO,
+                            CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
+                    goto err;
+                }
+            } else
+                tv = sv;
+            if (_CONF_add_string(conf, tv, v) == 0) {
+                CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            v = NULL;
+        }
+    }
+    BUF_MEM_free(buff);
+    OPENSSL_free(section);
+    /*
+     * No need to pop, since we only get here if the stack is empty.
+     * If this causes a BIO leak, THE ISSUE IS SOMEWHERE ELSE!
+     */
+    sk_BIO_free(biosk);
+    return 1;
+ err:
+    BUF_MEM_free(buff);
+    OPENSSL_free(section);
+    /*
+     * Since |in| is the first element of the stack and should NOT be freed
+     * here, we cannot use sk_BIO_pop_free().  Instead, we pop and free one
+     * BIO at a time, making sure that the last one popped isn't.
+     */
+    while (sk_BIO_num(biosk) > 0) {
+        BIO *popped = sk_BIO_pop(biosk);
+        BIO_vfree(in);
+        in = popped;
+    }
+    sk_BIO_free(biosk);
+#ifndef OPENSSL_NO_POSIX_IO
+    OPENSSL_free(dirpath);
+    if (dirctx != NULL)
+        OPENSSL_DIR_end(&dirctx);
+#endif
+    if (line != NULL)
+        *line = eline;
+    BIO_snprintf(btmp, sizeof(btmp), "%ld", eline);
+    ERR_add_error_data(2, "line ", btmp);
+    if (h != conf->data) {
+        CONF_free(conf->data);
+        conf->data = NULL;
+    }
+    if (v != NULL) {
+        OPENSSL_free(v->name);
+        OPENSSL_free(v->value);
+        OPENSSL_free(v);
+    }
+    return 0;
+}
+
+static void clear_comments(CONF *conf, char *p)
+{
+    for (;;) {
+        if (IS_FCOMMENT(conf, *p)) {
+            *p = '\0';
+            return;
+        }
+        if (!IS_WS(conf, *p)) {
+            break;
+        }
+        p++;
+    }
+
+    for (;;) {
+        if (IS_COMMENT(conf, *p)) {
+            *p = '\0';
+            return;
+        }
+        if (IS_DQUOTE(conf, *p)) {
+            p = scan_dquote(conf, p);
+            continue;
+        }
+        if (IS_QUOTE(conf, *p)) {
+            p = scan_quote(conf, p);
+            continue;
+        }
+        if (IS_ESC(conf, *p)) {
+            p = scan_esc(conf, p);
+            continue;
+        }
+        if (IS_EOF(conf, *p))
+            return;
+        else
+            p++;
+    }
+}
+
+static int str_copy(CONF *conf, char *section, char **pto, char *from)
+{
+    int q, r, rr = 0, to = 0, len = 0;
+    char *s, *e, *rp, *p, *rrp, *np, *cp, v;
+    BUF_MEM *buf;
+
+    if ((buf = BUF_MEM_new()) == NULL)
+        return 0;
+
+    len = strlen(from) + 1;
+    if (!BUF_MEM_grow(buf, len))
+        goto err;
+
+    for (;;) {
+        if (IS_QUOTE(conf, *from)) {
+            q = *from;
+            from++;
+            while (!IS_EOF(conf, *from) && (*from != q)) {
+                if (IS_ESC(conf, *from)) {
+                    from++;
+                    if (IS_EOF(conf, *from))
+                        break;
+                }
+                buf->data[to++] = *(from++);
+            }
+            if (*from == q)
+                from++;
+        } else if (IS_DQUOTE(conf, *from)) {
+            q = *from;
+            from++;
+            while (!IS_EOF(conf, *from)) {
+                if (*from == q) {
+                    if (*(from + 1) == q) {
+                        from++;
+                    } else {
+                        break;
+                    }
+                }
+                buf->data[to++] = *(from++);
+            }
+            if (*from == q)
+                from++;
+        } else if (IS_ESC(conf, *from)) {
+            from++;
+            v = *(from++);
+            if (IS_EOF(conf, v))
+                break;
+            else if (v == 'r')
+                v = '\r';
+            else if (v == 'n')
+                v = '\n';
+            else if (v == 'b')
+                v = '\b';
+            else if (v == 't')
+                v = '\t';
+            buf->data[to++] = v;
+        } else if (IS_EOF(conf, *from))
+            break;
+        else if (*from == '$') {
+            size_t newsize;
+
+            /* try to expand it */
+            rrp = NULL;
+            s = &(from[1]);
+            if (*s == '{')
+                q = '}';
+            else if (*s == '(')
+                q = ')';
+            else
+                q = 0;
+
+            if (q)
+                s++;
+            cp = section;
+            e = np = s;
+            while (IS_ALNUM(conf, *e))
+                e++;
+            if ((e[0] == ':') && (e[1] == ':')) {
+                cp = np;
+                rrp = e;
+                rr = *e;
+                *rrp = '\0';
+                e += 2;
+                np = e;
+                while (IS_ALNUM(conf, *e))
+                    e++;
+            }
+            r = *e;
+            *e = '\0';
+            rp = e;
+            if (q) {
+                if (r != q) {
+                    CONFerr(CONF_F_STR_COPY, CONF_R_NO_CLOSE_BRACE);
+                    goto err;
+                }
+                e++;
+            }
+            /*-
+             * So at this point we have
+             * np which is the start of the name string which is
+             *   '\0' terminated.
+             * cp which is the start of the section string which is
+             *   '\0' terminated.
+             * e is the 'next point after'.
+             * r and rr are the chars replaced by the '\0'
+             * rp and rrp is where 'r' and 'rr' came from.
+             */
+            p = _CONF_get_string(conf, cp, np);
+            if (rrp != NULL)
+                *rrp = rr;
+            *rp = r;
+            if (p == NULL) {
+                CONFerr(CONF_F_STR_COPY, CONF_R_VARIABLE_HAS_NO_VALUE);
+                goto err;
+            }
+            newsize = strlen(p) + buf->length - (e - from);
+            if (newsize > MAX_CONF_VALUE_LENGTH) {
+                CONFerr(CONF_F_STR_COPY, CONF_R_VARIABLE_EXPANSION_TOO_LONG);
+                goto err;
+            }
+            if (!BUF_MEM_grow_clean(buf, newsize)) {
+                CONFerr(CONF_F_STR_COPY, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            while (*p)
+                buf->data[to++] = *(p++);
+
+            /*
+             * Since we change the pointer 'from', we also have to change the
+             * perceived length of the string it points at.  /RL
+             */
+            len -= e - from;
+            from = e;
+
+            /*
+             * In case there were no braces or parenthesis around the
+             * variable reference, we have to put back the character that was
+             * replaced with a '\0'.  /RL
+             */
+            *rp = r;
+        } else
+            buf->data[to++] = *(from++);
+    }
+    buf->data[to] = '\0';
+    OPENSSL_free(*pto);
+    *pto = buf->data;
+    OPENSSL_free(buf);
+    return 1;
+ err:
+    BUF_MEM_free(buf);
+    return 0;
+}
+
+#ifndef OPENSSL_NO_POSIX_IO
+/*
+ * Check whether included path is a directory.
+ * Returns next BIO to process and in case of a directory
+ * also an opened directory context and the include path.
+ */
+static BIO *process_include(char *include, OPENSSL_DIR_CTX **dirctx,
+                            char **dirpath)
+{
+    struct stat st = { 0 };
+    BIO *next;
+
+    if (stat(include, &st) < 0) {
+        SYSerr(SYS_F_STAT, errno);
+        ERR_add_error_data(1, include);
+        /* missing include file is not fatal error */
+        return NULL;
+    }
+
+    if (S_ISDIR(st.st_mode)) {
+        if (*dirctx != NULL) {
+            CONFerr(CONF_F_PROCESS_INCLUDE,
+                    CONF_R_RECURSIVE_DIRECTORY_INCLUDE);
+            ERR_add_error_data(1, include);
+            return NULL;
+        }
+        /* a directory, load its contents */
+        if ((next = get_next_file(include, dirctx)) != NULL)
+            *dirpath = include;
+        return next;
+    }
+
+    next = BIO_new_file(include, "r");
+    return next;
+}
+
+/*
+ * Get next file from the directory path.
+ * Returns BIO of the next file to read and updates dirctx.
+ */
+static BIO *get_next_file(const char *path, OPENSSL_DIR_CTX **dirctx)
+{
+    const char *filename;
+
+    while ((filename = OPENSSL_DIR_read(dirctx, path)) != NULL) {
+        size_t namelen;
+
+        namelen = strlen(filename);
+
+
+        if ((namelen > 5 && strcasecmp(filename + namelen - 5, ".conf") == 0)
+            || (namelen > 4 && strcasecmp(filename + namelen - 4, ".cnf") == 0)) {
+            size_t newlen;
+            char *newpath;
+            BIO *bio;
+
+            newlen = strlen(path) + namelen + 2;
+            newpath = OPENSSL_zalloc(newlen);
+            if (newpath == NULL) {
+                CONFerr(CONF_F_GET_NEXT_FILE, ERR_R_MALLOC_FAILURE);
+                break;
+            }
+#ifdef OPENSSL_SYS_VMS
+            /*
+             * If the given path isn't clear VMS syntax,
+             * we treat it as on Unix.
+             */
+            {
+                size_t pathlen = strlen(path);
+
+                if (path[pathlen - 1] == ']' || path[pathlen - 1] == '>'
+                    || path[pathlen - 1] == ':') {
+                    /* Clear VMS directory syntax, just copy as is */
+                    OPENSSL_strlcpy(newpath, path, newlen);
+                }
+            }
+#endif
+            if (newpath[0] == '\0') {
+                OPENSSL_strlcpy(newpath, path, newlen);
+                OPENSSL_strlcat(newpath, "/", newlen);
+            }
+            OPENSSL_strlcat(newpath, filename, newlen);
+
+            bio = BIO_new_file(newpath, "r");
+            OPENSSL_free(newpath);
+            /* Errors when opening files are non-fatal. */
+            if (bio != NULL)
+                return bio;
+        }
+    }
+    OPENSSL_DIR_end(dirctx);
+    *dirctx = NULL;
+    return NULL;
+}
+#endif
+
+static int is_keytype(const CONF *conf, char c, unsigned short type)
+{
+    const unsigned short * keytypes = (const unsigned short *) conf->meth_data;
+    unsigned char key = (unsigned char)c;
+
+#ifdef CHARSET_EBCDIC
+# if CHAR_BIT > 8
+    if (key > 255) {
+        /* key is out of range for os_toascii table */
+        return 0;
+    }
+# endif
+    /* convert key from ebcdic to ascii */
+    key = os_toascii[key];
+#endif
+
+    if (key > 127) {
+        /* key is not a seven bit ascii character */
+        return 0;
+    }
+
+    return (keytypes[key] & type) ? 1 : 0;
+}
+
+static char *eat_ws(CONF *conf, char *p)
+{
+    while (IS_WS(conf, *p) && (!IS_EOF(conf, *p)))
+        p++;
+    return p;
+}
+
+static void trim_ws(CONF *conf, char *start)
+{
+    char *p = start;
+
+    while (!IS_EOF(conf, *p))
+        p++;
+    p--;
+    while ((p >= start) && IS_WS(conf, *p))
+        p--;
+    p++;
+    *p = '\0';
+}
+
+static char *eat_alpha_numeric(CONF *conf, char *p)
+{
+    for (;;) {
+        if (IS_ESC(conf, *p)) {
+            p = scan_esc(conf, p);
+            continue;
+        }
+        if (!IS_ALNUM_PUNCT(conf, *p))
+            return p;
+        p++;
+    }
+}
+
+static char *scan_quote(CONF *conf, char *p)
+{
+    int q = *p;
+
+    p++;
+    while (!(IS_EOF(conf, *p)) && (*p != q)) {
+        if (IS_ESC(conf, *p)) {
+            p++;
+            if (IS_EOF(conf, *p))
+                return p;
+        }
+        p++;
+    }
+    if (*p == q)
+        p++;
+    return p;
+}
+
+static char *scan_dquote(CONF *conf, char *p)
+{
+    int q = *p;
+
+    p++;
+    while (!(IS_EOF(conf, *p))) {
+        if (*p == q) {
+            if (*(p + 1) == q) {
+                p++;
+            } else {
+                break;
+            }
+        }
+        p++;
+    }
+    if (*p == q)
+        p++;
+    return p;
+}
+
+static void dump_value_doall_arg(const CONF_VALUE *a, BIO *out)
+{
+    if (a->name)
+        BIO_printf(out, "[%s] %s=%s\n", a->section, a->name, a->value);
+    else
+        BIO_printf(out, "[[%s]]\n", a->section);
+}
+
+IMPLEMENT_LHASH_DOALL_ARG_CONST(CONF_VALUE, BIO);
+
+static int def_dump(const CONF *conf, BIO *out)
+{
+    lh_CONF_VALUE_doall_BIO(conf->data, dump_value_doall_arg, out);
+    return 1;
+}
+
+static int def_is_number(const CONF *conf, char c)
+{
+    return IS_NUMBER(conf, c);
+}
+
+static int def_to_int(const CONF *conf, char c)
+{
+    return c - '0';
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_def.h b/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_def.h
new file mode 100644
index 000000000..2016d31b8
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_def.h
@@ -0,0 +1,76 @@
+/*
+ * WARNING: do not edit!
+ * Generated by crypto/conf/keysets.pl
+ *
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#define CONF_NUMBER       1
+#define CONF_UPPER        2
+#define CONF_LOWER        4
+#define CONF_UNDER        256
+#define CONF_PUNCT        512
+#define CONF_WS           16
+#define CONF_ESC          32
+#define CONF_QUOTE        64
+#define CONF_DQUOTE       1024
+#define CONF_COMMENT      128
+#define CONF_FCOMMENT     2048
+#define CONF_EOF          8
+#define CONF_ALPHA        (CONF_UPPER|CONF_LOWER)
+#define CONF_ALNUM        (CONF_ALPHA|CONF_NUMBER|CONF_UNDER)
+#define CONF_ALNUM_PUNCT  (CONF_ALPHA|CONF_NUMBER|CONF_UNDER|CONF_PUNCT)
+
+
+#define IS_COMMENT(conf,c)     is_keytype(conf, c, CONF_COMMENT)
+#define IS_FCOMMENT(conf,c)    is_keytype(conf, c, CONF_FCOMMENT)
+#define IS_EOF(conf,c)         is_keytype(conf, c, CONF_EOF)
+#define IS_ESC(conf,c)         is_keytype(conf, c, CONF_ESC)
+#define IS_NUMBER(conf,c)      is_keytype(conf, c, CONF_NUMBER)
+#define IS_WS(conf,c)          is_keytype(conf, c, CONF_WS)
+#define IS_ALNUM(conf,c)       is_keytype(conf, c, CONF_ALNUM)
+#define IS_ALNUM_PUNCT(conf,c) is_keytype(conf, c, CONF_ALNUM_PUNCT)
+#define IS_QUOTE(conf,c)       is_keytype(conf, c, CONF_QUOTE)
+#define IS_DQUOTE(conf,c)      is_keytype(conf, c, CONF_DQUOTE)
+
+static const unsigned short CONF_type_default[128] = {
+    0x0008, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
+    0x0000, 0x0010, 0x0010, 0x0000, 0x0000, 0x0010, 0x0000, 0x0000,
+    0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
+    0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
+    0x0010, 0x0200, 0x0040, 0x0080, 0x0000, 0x0200, 0x0200, 0x0040,
+    0x0000, 0x0000, 0x0200, 0x0200, 0x0200, 0x0200, 0x0200, 0x0200,
+    0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001,
+    0x0001, 0x0001, 0x0000, 0x0200, 0x0000, 0x0000, 0x0000, 0x0200,
+    0x0200, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002,
+    0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002,
+    0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002,
+    0x0002, 0x0002, 0x0002, 0x0000, 0x0020, 0x0000, 0x0200, 0x0100,
+    0x0040, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004,
+    0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004,
+    0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004,
+    0x0004, 0x0004, 0x0004, 0x0000, 0x0200, 0x0000, 0x0200, 0x0000,
+};
+
+static const unsigned short CONF_type_win32[128] = {
+    0x0008, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
+    0x0000, 0x0010, 0x0010, 0x0000, 0x0000, 0x0010, 0x0000, 0x0000,
+    0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
+    0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
+    0x0010, 0x0200, 0x0400, 0x0000, 0x0000, 0x0200, 0x0200, 0x0000,
+    0x0000, 0x0000, 0x0200, 0x0200, 0x0200, 0x0200, 0x0200, 0x0200,
+    0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001,
+    0x0001, 0x0001, 0x0000, 0x0A00, 0x0000, 0x0000, 0x0000, 0x0200,
+    0x0200, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002,
+    0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002,
+    0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002,
+    0x0002, 0x0002, 0x0002, 0x0000, 0x0000, 0x0000, 0x0200, 0x0100,
+    0x0000, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004,
+    0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004,
+    0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004,
+    0x0004, 0x0004, 0x0004, 0x0000, 0x0200, 0x0000, 0x0200, 0x0000,
+};
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_err.c b/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_err.c
new file mode 100644
index 000000000..f7613584e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_err.c
@@ -0,0 +1,95 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/conferr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA CONF_str_functs[] = {
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_CONF_DUMP_FP, 0), "CONF_dump_fp"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_CONF_LOAD, 0), "CONF_load"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_CONF_LOAD_FP, 0), "CONF_load_fp"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_CONF_PARSE_LIST, 0), "CONF_parse_list"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_DEF_LOAD, 0), "def_load"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_DEF_LOAD_BIO, 0), "def_load_bio"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_GET_NEXT_FILE, 0), "get_next_file"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_MODULE_ADD, 0), "module_add"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_MODULE_INIT, 0), "module_init"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_MODULE_LOAD_DSO, 0), "module_load_dso"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_MODULE_RUN, 0), "module_run"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_DUMP_BIO, 0), "NCONF_dump_bio"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_DUMP_FP, 0), "NCONF_dump_fp"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_GET_NUMBER_E, 0),
+     "NCONF_get_number_e"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_GET_SECTION, 0), "NCONF_get_section"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_GET_STRING, 0), "NCONF_get_string"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_LOAD, 0), "NCONF_load"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_LOAD_BIO, 0), "NCONF_load_bio"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_LOAD_FP, 0), "NCONF_load_fp"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_NEW, 0), "NCONF_new"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_PROCESS_INCLUDE, 0), "process_include"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_SSL_MODULE_INIT, 0), "ssl_module_init"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_STR_COPY, 0), "str_copy"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA CONF_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_ERROR_LOADING_DSO), "error loading dso"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_LIST_CANNOT_BE_NULL),
+    "list cannot be null"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_MISSING_CLOSE_SQUARE_BRACKET),
+    "missing close square bracket"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_MISSING_EQUAL_SIGN),
+    "missing equal sign"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_MISSING_INIT_FUNCTION),
+    "missing init function"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_MODULE_INITIALIZATION_ERROR),
+    "module initialization error"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NO_CLOSE_BRACE), "no close brace"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NO_CONF), "no conf"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE),
+    "no conf or environment variable"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NO_SECTION), "no section"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NO_SUCH_FILE), "no such file"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NO_VALUE), "no value"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NUMBER_TOO_LARGE), "number too large"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_RECURSIVE_DIRECTORY_INCLUDE),
+    "recursive directory include"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_SSL_COMMAND_SECTION_EMPTY),
+    "ssl command section empty"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_SSL_COMMAND_SECTION_NOT_FOUND),
+    "ssl command section not found"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_SSL_SECTION_EMPTY), "ssl section empty"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_SSL_SECTION_NOT_FOUND),
+    "ssl section not found"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_UNABLE_TO_CREATE_NEW_SECTION),
+    "unable to create new section"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_UNKNOWN_MODULE_NAME),
+    "unknown module name"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_VARIABLE_EXPANSION_TOO_LONG),
+    "variable expansion too long"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_VARIABLE_HAS_NO_VALUE),
+    "variable has no value"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_CONF_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(CONF_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(CONF_str_functs);
+        ERR_load_strings_const(CONF_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_lcl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_lcl.h
new file mode 100644
index 000000000..6e1f7fe00
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_lcl.h
@@ -0,0 +1,11 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+void conf_add_ssl_module(void);
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_lib.c
new file mode 100644
index 000000000..2d40ac97e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_lib.c
@@ -0,0 +1,414 @@
+/*
+ * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include <stdio.h>
+#include <string.h>
+#include "internal/conf.h"
+#include "internal/ctype.h"
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/conf.h>
+#include <openssl/conf_api.h>
+#include <openssl/lhash.h>
+
+static CONF_METHOD *default_CONF_method = NULL;
+
+/* Init a 'CONF' structure from an old LHASH */
+
+void CONF_set_nconf(CONF *conf, LHASH_OF(CONF_VALUE) *hash)
+{
+    if (default_CONF_method == NULL)
+        default_CONF_method = NCONF_default();
+
+    default_CONF_method->init(conf);
+    conf->data = hash;
+}
+
+/*
+ * The following section contains the "CONF classic" functions, rewritten in
+ * terms of the new CONF interface.
+ */
+
+int CONF_set_default_method(CONF_METHOD *meth)
+{
+    default_CONF_method = meth;
+    return 1;
+}
+
+LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file,
+                                long *eline)
+{
+    LHASH_OF(CONF_VALUE) *ltmp;
+    BIO *in = NULL;
+
+#ifdef OPENSSL_SYS_VMS
+    in = BIO_new_file(file, "r");
+#else
+    in = BIO_new_file(file, "rb");
+#endif
+    if (in == NULL) {
+        CONFerr(CONF_F_CONF_LOAD, ERR_R_SYS_LIB);
+        return NULL;
+    }
+
+    ltmp = CONF_load_bio(conf, in, eline);
+    BIO_free(in);
+
+    return ltmp;
+}
+
+#ifndef OPENSSL_NO_STDIO
+LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp,
+                                   long *eline)
+{
+    BIO *btmp;
+    LHASH_OF(CONF_VALUE) *ltmp;
+    if ((btmp = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) {
+        CONFerr(CONF_F_CONF_LOAD_FP, ERR_R_BUF_LIB);
+        return NULL;
+    }
+    ltmp = CONF_load_bio(conf, btmp, eline);
+    BIO_free(btmp);
+    return ltmp;
+}
+#endif
+
+LHASH_OF(CONF_VALUE) *CONF_load_bio(LHASH_OF(CONF_VALUE) *conf, BIO *bp,
+                                    long *eline)
+{
+    CONF ctmp;
+    int ret;
+
+    CONF_set_nconf(&ctmp, conf);
+
+    ret = NCONF_load_bio(&ctmp, bp, eline);
+    if (ret)
+        return ctmp.data;
+    return NULL;
+}
+
+STACK_OF(CONF_VALUE) *CONF_get_section(LHASH_OF(CONF_VALUE) *conf,
+                                       const char *section)
+{
+    if (conf == NULL) {
+        return NULL;
+    } else {
+        CONF ctmp;
+        CONF_set_nconf(&ctmp, conf);
+        return NCONF_get_section(&ctmp, section);
+    }
+}
+
+char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf, const char *group,
+                      const char *name)
+{
+    if (conf == NULL) {
+        return NCONF_get_string(NULL, group, name);
+    } else {
+        CONF ctmp;
+        CONF_set_nconf(&ctmp, conf);
+        return NCONF_get_string(&ctmp, group, name);
+    }
+}
+
+long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group,
+                     const char *name)
+{
+    int status;
+    long result = 0;
+
+    ERR_set_mark();
+    if (conf == NULL) {
+        status = NCONF_get_number_e(NULL, group, name, &result);
+    } else {
+        CONF ctmp;
+        CONF_set_nconf(&ctmp, conf);
+        status = NCONF_get_number_e(&ctmp, group, name, &result);
+    }
+    ERR_pop_to_mark();
+    return status == 0 ? 0L : result;
+}
+
+void CONF_free(LHASH_OF(CONF_VALUE) *conf)
+{
+    CONF ctmp;
+    CONF_set_nconf(&ctmp, conf);
+    NCONF_free_data(&ctmp);
+}
+
+#ifndef OPENSSL_NO_STDIO
+int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out)
+{
+    BIO *btmp;
+    int ret;
+
+    if ((btmp = BIO_new_fp(out, BIO_NOCLOSE)) == NULL) {
+        CONFerr(CONF_F_CONF_DUMP_FP, ERR_R_BUF_LIB);
+        return 0;
+    }
+    ret = CONF_dump_bio(conf, btmp);
+    BIO_free(btmp);
+    return ret;
+}
+#endif
+
+int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out)
+{
+    CONF ctmp;
+    CONF_set_nconf(&ctmp, conf);
+    return NCONF_dump_bio(&ctmp, out);
+}
+
+/*
+ * The following section contains the "New CONF" functions.  They are
+ * completely centralised around a new CONF structure that may contain
+ * basically anything, but at least a method pointer and a table of data.
+ * These functions are also written in terms of the bridge functions used by
+ * the "CONF classic" functions, for consistency.
+ */
+
+CONF *NCONF_new(CONF_METHOD *meth)
+{
+    CONF *ret;
+
+    if (meth == NULL)
+        meth = NCONF_default();
+
+    ret = meth->create(meth);
+    if (ret == NULL) {
+        CONFerr(CONF_F_NCONF_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    return ret;
+}
+
+void NCONF_free(CONF *conf)
+{
+    if (conf == NULL)
+        return;
+    conf->meth->destroy(conf);
+}
+
+void NCONF_free_data(CONF *conf)
+{
+    if (conf == NULL)
+        return;
+    conf->meth->destroy_data(conf);
+}
+
+int NCONF_load(CONF *conf, const char *file, long *eline)
+{
+    if (conf == NULL) {
+        CONFerr(CONF_F_NCONF_LOAD, CONF_R_NO_CONF);
+        return 0;
+    }
+
+    return conf->meth->load(conf, file, eline);
+}
+
+#ifndef OPENSSL_NO_STDIO
+int NCONF_load_fp(CONF *conf, FILE *fp, long *eline)
+{
+    BIO *btmp;
+    int ret;
+    if ((btmp = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) {
+        CONFerr(CONF_F_NCONF_LOAD_FP, ERR_R_BUF_LIB);
+        return 0;
+    }
+    ret = NCONF_load_bio(conf, btmp, eline);
+    BIO_free(btmp);
+    return ret;
+}
+#endif
+
+int NCONF_load_bio(CONF *conf, BIO *bp, long *eline)
+{
+    if (conf == NULL) {
+        CONFerr(CONF_F_NCONF_LOAD_BIO, CONF_R_NO_CONF);
+        return 0;
+    }
+
+    return conf->meth->load_bio(conf, bp, eline);
+}
+
+STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf, const char *section)
+{
+    if (conf == NULL) {
+        CONFerr(CONF_F_NCONF_GET_SECTION, CONF_R_NO_CONF);
+        return NULL;
+    }
+
+    if (section == NULL) {
+        CONFerr(CONF_F_NCONF_GET_SECTION, CONF_R_NO_SECTION);
+        return NULL;
+    }
+
+    return _CONF_get_section_values(conf, section);
+}
+
+char *NCONF_get_string(const CONF *conf, const char *group, const char *name)
+{
+    char *s = _CONF_get_string(conf, group, name);
+
+    /*
+     * Since we may get a value from an environment variable even if conf is
+     * NULL, let's check the value first
+     */
+    if (s)
+        return s;
+
+    if (conf == NULL) {
+        CONFerr(CONF_F_NCONF_GET_STRING,
+                CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE);
+        return NULL;
+    }
+    CONFerr(CONF_F_NCONF_GET_STRING, CONF_R_NO_VALUE);
+    ERR_add_error_data(4, "group=", group, " name=", name);
+    return NULL;
+}
+
+static int default_is_number(const CONF *conf, char c)
+{
+    return ossl_isdigit(c);
+}
+
+static int default_to_int(const CONF *conf, char c)
+{
+    return (int)(c - '0');
+}
+
+int NCONF_get_number_e(const CONF *conf, const char *group, const char *name,
+                       long *result)
+{
+    char *str;
+    long res;
+    int (*is_number)(const CONF *, char) = &default_is_number;
+    int (*to_int)(const CONF *, char) = &default_to_int;
+
+    if (result == NULL) {
+        CONFerr(CONF_F_NCONF_GET_NUMBER_E, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
+    str = NCONF_get_string(conf, group, name);
+
+    if (str == NULL)
+        return 0;
+
+    if (conf != NULL) {
+        if (conf->meth->is_number != NULL)
+            is_number = conf->meth->is_number;
+        if (conf->meth->to_int != NULL)
+            to_int = conf->meth->to_int;
+    }
+    for (res = 0; is_number(conf, *str); str++) {
+        const int d = to_int(conf, *str);
+
+        if (res > (LONG_MAX - d) / 10L) {
+            CONFerr(CONF_F_NCONF_GET_NUMBER_E, CONF_R_NUMBER_TOO_LARGE);
+            return 0;
+        }
+        res = res * 10 + d;
+    }
+
+    *result = res;
+    return 1;
+}
+
+#ifndef OPENSSL_NO_STDIO
+int NCONF_dump_fp(const CONF *conf, FILE *out)
+{
+    BIO *btmp;
+    int ret;
+    if ((btmp = BIO_new_fp(out, BIO_NOCLOSE)) == NULL) {
+        CONFerr(CONF_F_NCONF_DUMP_FP, ERR_R_BUF_LIB);
+        return 0;
+    }
+    ret = NCONF_dump_bio(conf, btmp);
+    BIO_free(btmp);
+    return ret;
+}
+#endif
+
+int NCONF_dump_bio(const CONF *conf, BIO *out)
+{
+    if (conf == NULL) {
+        CONFerr(CONF_F_NCONF_DUMP_BIO, CONF_R_NO_CONF);
+        return 0;
+    }
+
+    return conf->meth->dump(conf, out);
+}
+
+/*
+ * These routines call the C malloc/free, to avoid intermixing with
+ * OpenSSL function pointers before the library is initialized.
+ */
+OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void)
+{
+    OPENSSL_INIT_SETTINGS *ret = malloc(sizeof(*ret));
+
+    if (ret != NULL)
+        memset(ret, 0, sizeof(*ret));
+    ret->flags = DEFAULT_CONF_MFLAGS;
+
+    return ret;
+}
+
+
+#ifndef OPENSSL_NO_STDIO
+int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *settings,
+                                     const char *filename)
+{
+    char *newfilename = NULL;
+
+    if (filename != NULL) {
+        newfilename = strdup(filename);
+        if (newfilename == NULL)
+            return 0;
+    }
+
+    free(settings->filename);
+    settings->filename = newfilename;
+
+    return 1;
+}
+
+void OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *settings,
+                                        unsigned long flags)
+{
+    settings->flags = flags;
+}
+
+int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *settings,
+                                    const char *appname)
+{
+    char *newappname = NULL;
+
+    if (appname != NULL) {
+        newappname = strdup(appname);
+        if (newappname == NULL)
+            return 0;
+    }
+
+    free(settings->appname);
+    settings->appname = newappname;
+
+    return 1;
+}
+#endif
+
+void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *settings)
+{
+    free(settings->filename);
+    free(settings->appname);
+    free(settings);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_mall.c b/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_mall.c
new file mode 100644
index 000000000..7e86948e8
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_mall.c
@@ -0,0 +1,31 @@
+/*
+ * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/engine.h>
+#include "conf_lcl.h"
+
+/* Load all OpenSSL builtin modules */
+
+void OPENSSL_load_builtin_modules(void)
+{
+    /* Add builtin modules here */
+    ASN1_add_oid_module();
+    ASN1_add_stable_module();
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_add_conf_module();
+#endif
+    EVP_add_alg_module();
+    conf_add_ssl_module();
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_mod.c b/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_mod.c
new file mode 100644
index 000000000..e703d97f5
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_mod.c
@@ -0,0 +1,551 @@
+/*
+ * Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <stdio.h>
+#include <ctype.h>
+#include <openssl/crypto.h>
+#include "internal/conf.h"
+#include "internal/dso.h"
+#include <openssl/x509.h>
+
+#define DSO_mod_init_name "OPENSSL_init"
+#define DSO_mod_finish_name "OPENSSL_finish"
+
+/*
+ * This structure contains a data about supported modules. entries in this
+ * table correspond to either dynamic or static modules.
+ */
+
+struct conf_module_st {
+    /* DSO of this module or NULL if static */
+    DSO *dso;
+    /* Name of the module */
+    char *name;
+    /* Init function */
+    conf_init_func *init;
+    /* Finish function */
+    conf_finish_func *finish;
+    /* Number of successfully initialized modules */
+    int links;
+    void *usr_data;
+};
+
+/*
+ * This structure contains information about modules that have been
+ * successfully initialized. There may be more than one entry for a given
+ * module.
+ */
+
+struct conf_imodule_st {
+    CONF_MODULE *pmod;
+    char *name;
+    char *value;
+    unsigned long flags;
+    void *usr_data;
+};
+
+static STACK_OF(CONF_MODULE) *supported_modules = NULL;
+static STACK_OF(CONF_IMODULE) *initialized_modules = NULL;
+
+static void module_free(CONF_MODULE *md);
+static void module_finish(CONF_IMODULE *imod);
+static int module_run(const CONF *cnf, const char *name, const char *value,
+                      unsigned long flags);
+static CONF_MODULE *module_add(DSO *dso, const char *name,
+                               conf_init_func *ifunc,
+                               conf_finish_func *ffunc);
+static CONF_MODULE *module_find(const char *name);
+static int module_init(CONF_MODULE *pmod, const char *name, const char *value,
+                       const CONF *cnf);
+static CONF_MODULE *module_load_dso(const CONF *cnf, const char *name,
+                                    const char *value);
+
+/* Main function: load modules from a CONF structure */
+
+int CONF_modules_load(const CONF *cnf, const char *appname,
+                      unsigned long flags)
+{
+    STACK_OF(CONF_VALUE) *values;
+    CONF_VALUE *vl;
+    char *vsection = NULL;
+
+    int ret, i;
+
+    if (!cnf)
+        return 1;
+
+    if (appname)
+        vsection = NCONF_get_string(cnf, NULL, appname);
+
+    if (!appname || (!vsection && (flags & CONF_MFLAGS_DEFAULT_SECTION)))
+        vsection = NCONF_get_string(cnf, NULL, "openssl_conf");
+
+    if (!vsection) {
+        ERR_clear_error();
+        return 1;
+    }
+
+    values = NCONF_get_section(cnf, vsection);
+
+    if (!values)
+        return 0;
+
+    for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
+        vl = sk_CONF_VALUE_value(values, i);
+        ret = module_run(cnf, vl->name, vl->value, flags);
+        if (ret <= 0)
+            if (!(flags & CONF_MFLAGS_IGNORE_ERRORS))
+                return ret;
+    }
+
+    return 1;
+
+}
+
+int CONF_modules_load_file(const char *filename, const char *appname,
+                           unsigned long flags)
+{
+    char *file = NULL;
+    CONF *conf = NULL;
+    int ret = 0;
+    conf = NCONF_new(NULL);
+    if (conf == NULL)
+        goto err;
+
+    if (filename == NULL) {
+        file = CONF_get1_default_config_file();
+        if (!file)
+            goto err;
+    } else
+        file = (char *)filename;
+
+    if (NCONF_load(conf, file, NULL) <= 0) {
+        if ((flags & CONF_MFLAGS_IGNORE_MISSING_FILE) &&
+            (ERR_GET_REASON(ERR_peek_last_error()) == CONF_R_NO_SUCH_FILE)) {
+            ERR_clear_error();
+            ret = 1;
+        }
+        goto err;
+    }
+
+    ret = CONF_modules_load(conf, appname, flags);
+
+ err:
+    if (filename == NULL)
+        OPENSSL_free(file);
+    NCONF_free(conf);
+
+    if (flags & CONF_MFLAGS_IGNORE_RETURN_CODES)
+        return 1;
+
+    return ret;
+}
+
+static int module_run(const CONF *cnf, const char *name, const char *value,
+                      unsigned long flags)
+{
+    CONF_MODULE *md;
+    int ret;
+
+    md = module_find(name);
+
+    /* Module not found: try to load DSO */
+    if (!md && !(flags & CONF_MFLAGS_NO_DSO))
+        md = module_load_dso(cnf, name, value);
+
+    if (!md) {
+        if (!(flags & CONF_MFLAGS_SILENT)) {
+            CONFerr(CONF_F_MODULE_RUN, CONF_R_UNKNOWN_MODULE_NAME);
+            ERR_add_error_data(2, "module=", name);
+        }
+        return -1;
+    }
+
+    ret = module_init(md, name, value, cnf);
+
+    if (ret <= 0) {
+        if (!(flags & CONF_MFLAGS_SILENT)) {
+            char rcode[DECIMAL_SIZE(ret) + 1];
+
+            CONFerr(CONF_F_MODULE_RUN, CONF_R_MODULE_INITIALIZATION_ERROR);
+            BIO_snprintf(rcode, sizeof(rcode), "%-8d", ret);
+            ERR_add_error_data(6, "module=", name, ", value=", value,
+                               ", retcode=", rcode);
+        }
+    }
+
+    return ret;
+}
+
+/* Load a module from a DSO */
+static CONF_MODULE *module_load_dso(const CONF *cnf,
+                                    const char *name, const char *value)
+{
+    DSO *dso = NULL;
+    conf_init_func *ifunc;
+    conf_finish_func *ffunc;
+    const char *path = NULL;
+    int errcode = 0;
+    CONF_MODULE *md;
+    /* Look for alternative path in module section */
+    path = NCONF_get_string(cnf, value, "path");
+    if (!path) {
+        ERR_clear_error();
+        path = name;
+    }
+    dso = DSO_load(NULL, path, NULL, 0);
+    if (!dso) {
+        errcode = CONF_R_ERROR_LOADING_DSO;
+        goto err;
+    }
+    ifunc = (conf_init_func *)DSO_bind_func(dso, DSO_mod_init_name);
+    if (!ifunc) {
+        errcode = CONF_R_MISSING_INIT_FUNCTION;
+        goto err;
+    }
+    ffunc = (conf_finish_func *)DSO_bind_func(dso, DSO_mod_finish_name);
+    /* All OK, add module */
+    md = module_add(dso, name, ifunc, ffunc);
+
+    if (!md)
+        goto err;
+
+    return md;
+
+ err:
+    DSO_free(dso);
+    CONFerr(CONF_F_MODULE_LOAD_DSO, errcode);
+    ERR_add_error_data(4, "module=", name, ", path=", path);
+    return NULL;
+}
+
+/* add module to list */
+static CONF_MODULE *module_add(DSO *dso, const char *name,
+                               conf_init_func *ifunc, conf_finish_func *ffunc)
+{
+    CONF_MODULE *tmod = NULL;
+    if (supported_modules == NULL)
+        supported_modules = sk_CONF_MODULE_new_null();
+    if (supported_modules == NULL)
+        return NULL;
+    if ((tmod = OPENSSL_zalloc(sizeof(*tmod))) == NULL) {
+        CONFerr(CONF_F_MODULE_ADD, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    tmod->dso = dso;
+    tmod->name = OPENSSL_strdup(name);
+    tmod->init = ifunc;
+    tmod->finish = ffunc;
+    if (tmod->name == NULL) {
+        OPENSSL_free(tmod);
+        return NULL;
+    }
+
+    if (!sk_CONF_MODULE_push(supported_modules, tmod)) {
+        OPENSSL_free(tmod->name);
+        OPENSSL_free(tmod);
+        return NULL;
+    }
+
+    return tmod;
+}
+
+/*
+ * Find a module from the list. We allow module names of the form
+ * modname.XXXX to just search for modname to allow the same module to be
+ * initialized more than once.
+ */
+
+static CONF_MODULE *module_find(const char *name)
+{
+    CONF_MODULE *tmod;
+    int i, nchar;
+    char *p;
+    p = strrchr(name, '.');
+
+    if (p)
+        nchar = p - name;
+    else
+        nchar = strlen(name);
+
+    for (i = 0; i < sk_CONF_MODULE_num(supported_modules); i++) {
+        tmod = sk_CONF_MODULE_value(supported_modules, i);
+        if (strncmp(tmod->name, name, nchar) == 0)
+            return tmod;
+    }
+
+    return NULL;
+
+}
+
+/* initialize a module */
+static int module_init(CONF_MODULE *pmod, const char *name, const char *value,
+                       const CONF *cnf)
+{
+    int ret = 1;
+    int init_called = 0;
+    CONF_IMODULE *imod = NULL;
+
+    /* Otherwise add initialized module to list */
+    imod = OPENSSL_malloc(sizeof(*imod));
+    if (imod == NULL)
+        goto err;
+
+    imod->pmod = pmod;
+    imod->name = OPENSSL_strdup(name);
+    imod->value = OPENSSL_strdup(value);
+    imod->usr_data = NULL;
+
+    if (!imod->name || !imod->value)
+        goto memerr;
+
+    /* Try to initialize module */
+    if (pmod->init) {
+        ret = pmod->init(imod, cnf);
+        init_called = 1;
+        /* Error occurred, exit */
+        if (ret <= 0)
+            goto err;
+    }
+
+    if (initialized_modules == NULL) {
+        initialized_modules = sk_CONF_IMODULE_new_null();
+        if (!initialized_modules) {
+            CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+
+    if (!sk_CONF_IMODULE_push(initialized_modules, imod)) {
+        CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    pmod->links++;
+
+    return ret;
+
+ err:
+
+    /* We've started the module so we'd better finish it */
+    if (pmod->finish && init_called)
+        pmod->finish(imod);
+
+ memerr:
+    if (imod) {
+        OPENSSL_free(imod->name);
+        OPENSSL_free(imod->value);
+        OPENSSL_free(imod);
+    }
+
+    return -1;
+
+}
+
+/*
+ * Unload any dynamic modules that have a link count of zero: i.e. have no
+ * active initialized modules. If 'all' is set then all modules are unloaded
+ * including static ones.
+ */
+
+void CONF_modules_unload(int all)
+{
+    int i;
+    CONF_MODULE *md;
+    CONF_modules_finish();
+    /* unload modules in reverse order */
+    for (i = sk_CONF_MODULE_num(supported_modules) - 1; i >= 0; i--) {
+        md = sk_CONF_MODULE_value(supported_modules, i);
+        /* If static or in use and 'all' not set ignore it */
+        if (((md->links > 0) || !md->dso) && !all)
+            continue;
+        /* Since we're working in reverse this is OK */
+        (void)sk_CONF_MODULE_delete(supported_modules, i);
+        module_free(md);
+    }
+    if (sk_CONF_MODULE_num(supported_modules) == 0) {
+        sk_CONF_MODULE_free(supported_modules);
+        supported_modules = NULL;
+    }
+}
+
+/* unload a single module */
+static void module_free(CONF_MODULE *md)
+{
+    DSO_free(md->dso);
+    OPENSSL_free(md->name);
+    OPENSSL_free(md);
+}
+
+/* finish and free up all modules instances */
+
+void CONF_modules_finish(void)
+{
+    CONF_IMODULE *imod;
+    while (sk_CONF_IMODULE_num(initialized_modules) > 0) {
+        imod = sk_CONF_IMODULE_pop(initialized_modules);
+        module_finish(imod);
+    }
+    sk_CONF_IMODULE_free(initialized_modules);
+    initialized_modules = NULL;
+}
+
+/* finish a module instance */
+
+static void module_finish(CONF_IMODULE *imod)
+{
+    if (!imod)
+        return;
+    if (imod->pmod->finish)
+        imod->pmod->finish(imod);
+    imod->pmod->links--;
+    OPENSSL_free(imod->name);
+    OPENSSL_free(imod->value);
+    OPENSSL_free(imod);
+}
+
+/* Add a static module to OpenSSL */
+
+int CONF_module_add(const char *name, conf_init_func *ifunc,
+                    conf_finish_func *ffunc)
+{
+    if (module_add(NULL, name, ifunc, ffunc))
+        return 1;
+    else
+        return 0;
+}
+
+void conf_modules_free_int(void)
+{
+    CONF_modules_finish();
+    CONF_modules_unload(1);
+}
+
+/* Utility functions */
+
+const char *CONF_imodule_get_name(const CONF_IMODULE *md)
+{
+    return md->name;
+}
+
+const char *CONF_imodule_get_value(const CONF_IMODULE *md)
+{
+    return md->value;
+}
+
+void *CONF_imodule_get_usr_data(const CONF_IMODULE *md)
+{
+    return md->usr_data;
+}
+
+void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data)
+{
+    md->usr_data = usr_data;
+}
+
+CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md)
+{
+    return md->pmod;
+}
+
+unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md)
+{
+    return md->flags;
+}
+
+void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags)
+{
+    md->flags = flags;
+}
+
+void *CONF_module_get_usr_data(CONF_MODULE *pmod)
+{
+    return pmod->usr_data;
+}
+
+void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data)
+{
+    pmod->usr_data = usr_data;
+}
+
+/* Return default config file name */
+
+char *CONF_get1_default_config_file(void)
+{
+    char *file, *sep = "";
+    int len;
+
+    if ((file = ossl_safe_getenv("OPENSSL_CONF")) != NULL)
+        return OPENSSL_strdup(file);
+
+    len = strlen(X509_get_default_cert_area());
+#ifndef OPENSSL_SYS_VMS
+    len++;
+    sep = "/";
+#endif
+    len += strlen(OPENSSL_CONF);
+
+    file = OPENSSL_malloc(len + 1);
+
+    if (file == NULL)
+        return NULL;
+    BIO_snprintf(file, len + 1, "%s%s%s", X509_get_default_cert_area(),
+                 sep, OPENSSL_CONF);
+
+    return file;
+}
+
+/*
+ * This function takes a list separated by 'sep' and calls the callback
+ * function giving the start and length of each member optionally stripping
+ * leading and trailing whitespace. This can be used to parse comma separated
+ * lists for example.
+ */
+
+int CONF_parse_list(const char *list_, int sep, int nospc,
+                    int (*list_cb) (const char *elem, int len, void *usr),
+                    void *arg)
+{
+    int ret;
+    const char *lstart, *tmpend, *p;
+
+    if (list_ == NULL) {
+        CONFerr(CONF_F_CONF_PARSE_LIST, CONF_R_LIST_CANNOT_BE_NULL);
+        return 0;
+    }
+
+    lstart = list_;
+    for (;;) {
+        if (nospc) {
+            while (*lstart && isspace((unsigned char)*lstart))
+                lstart++;
+        }
+        p = strchr(lstart, sep);
+        if (p == lstart || !*lstart)
+            ret = list_cb(NULL, 0, arg);
+        else {
+            if (p)
+                tmpend = p - 1;
+            else
+                tmpend = lstart + strlen(lstart) - 1;
+            if (nospc) {
+                while (isspace((unsigned char)*tmpend))
+                    tmpend--;
+            }
+            ret = list_cb(lstart, tmpend - lstart + 1, arg);
+        }
+        if (ret <= 0)
+            return ret;
+        if (p == NULL)
+            return 1;
+        lstart = p + 1;
+    }
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_sap.c b/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_sap.c
new file mode 100644
index 000000000..2ce42f0c6
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_sap.c
@@ -0,0 +1,77 @@
+/*
+ * Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "internal/cryptlib.h"
+#include "internal/conf.h"
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/engine.h>
+
+#ifdef _WIN32
+# define strdup _strdup
+#endif
+
+/*
+ * This is the automatic configuration loader: it is called automatically by
+ * OpenSSL when any of a number of standard initialisation functions are
+ * called, unless this is overridden by calling OPENSSL_no_config()
+ */
+
+static int openssl_configured = 0;
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+void OPENSSL_config(const char *appname)
+{
+    OPENSSL_INIT_SETTINGS settings;
+
+    memset(&settings, 0, sizeof(settings));
+    if (appname != NULL)
+        settings.appname = strdup(appname);
+    OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, &settings);
+}
+#endif
+
+int openssl_config_int(const OPENSSL_INIT_SETTINGS *settings)
+{
+    int ret;
+    const char *filename;
+    const char *appname;
+    unsigned long flags;
+
+    if (openssl_configured)
+        return 1;
+
+    filename = settings ? settings->filename : NULL;
+    appname = settings ? settings->appname : NULL;
+    flags = settings ? settings->flags : DEFAULT_CONF_MFLAGS;
+
+#ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: openssl_config_int(%s, %s, %lu)\n",
+            filename, appname, flags);
+#endif
+
+    OPENSSL_load_builtin_modules();
+#ifndef OPENSSL_NO_ENGINE
+    /* Need to load ENGINEs */
+    ENGINE_load_builtin_engines();
+#endif
+    ERR_clear_error();
+#ifndef OPENSSL_SYS_UEFI
+    ret = CONF_modules_load_file(filename, appname, flags);
+#endif
+    openssl_configured = 1;
+    return ret;
+}
+
+void openssl_no_config_int(void)
+{
+    openssl_configured = 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_ssl.c b/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_ssl.c
new file mode 100644
index 000000000..387f2cf46
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_ssl.c
@@ -0,0 +1,181 @@
+/*
+ * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/conf.h>
+#include <openssl/err.h>
+#include "internal/sslconf.h"
+#include "conf_lcl.h"
+
+/*
+ * SSL library configuration module placeholder. We load it here but defer
+ * all decisions about its contents to libssl.
+ */
+
+struct ssl_conf_name_st {
+    /* Name of this set of commands */
+    char *name;
+    /* List of commands */
+    SSL_CONF_CMD *cmds;
+    /* Number of commands */
+    size_t cmd_count;
+};
+
+struct ssl_conf_cmd_st {
+    /* Command */
+    char *cmd;
+    /* Argument */
+    char *arg;
+};
+
+static struct ssl_conf_name_st *ssl_names;
+static size_t ssl_names_count;
+
+static void ssl_module_free(CONF_IMODULE *md)
+{
+    size_t i, j;
+    if (ssl_names == NULL)
+        return;
+    for (i = 0; i < ssl_names_count; i++) {
+        struct ssl_conf_name_st *tname = ssl_names + i;
+
+        OPENSSL_free(tname->name);
+        for (j = 0; j < tname->cmd_count; j++) {
+            OPENSSL_free(tname->cmds[j].cmd);
+            OPENSSL_free(tname->cmds[j].arg);
+        }
+        OPENSSL_free(tname->cmds);
+    }
+    OPENSSL_free(ssl_names);
+    ssl_names = NULL;
+    ssl_names_count = 0;
+}
+
+static int ssl_module_init(CONF_IMODULE *md, const CONF *cnf)
+{
+    size_t i, j, cnt;
+    int rv = 0;
+    const char *ssl_conf_section;
+    STACK_OF(CONF_VALUE) *cmd_lists;
+
+    ssl_conf_section = CONF_imodule_get_value(md);
+    cmd_lists = NCONF_get_section(cnf, ssl_conf_section);
+    if (sk_CONF_VALUE_num(cmd_lists) <= 0) {
+        if (cmd_lists == NULL)
+            CONFerr(CONF_F_SSL_MODULE_INIT, CONF_R_SSL_SECTION_NOT_FOUND);
+        else
+            CONFerr(CONF_F_SSL_MODULE_INIT, CONF_R_SSL_SECTION_EMPTY);
+        ERR_add_error_data(2, "section=", ssl_conf_section);
+        goto err;
+    }
+    cnt = sk_CONF_VALUE_num(cmd_lists);
+    ssl_module_free(md);
+    ssl_names = OPENSSL_zalloc(sizeof(*ssl_names) * cnt);
+    if (ssl_names == NULL)
+        goto err;
+    ssl_names_count = cnt;
+    for (i = 0; i < ssl_names_count; i++) {
+        struct ssl_conf_name_st *ssl_name = ssl_names + i;
+        CONF_VALUE *sect = sk_CONF_VALUE_value(cmd_lists, (int)i);
+        STACK_OF(CONF_VALUE) *cmds = NCONF_get_section(cnf, sect->value);
+
+        if (sk_CONF_VALUE_num(cmds) <= 0) {
+            if (cmds == NULL)
+                CONFerr(CONF_F_SSL_MODULE_INIT,
+                        CONF_R_SSL_COMMAND_SECTION_NOT_FOUND);
+            else
+                CONFerr(CONF_F_SSL_MODULE_INIT,
+                        CONF_R_SSL_COMMAND_SECTION_EMPTY);
+            ERR_add_error_data(4, "name=", sect->name, ", value=", sect->value);
+            goto err;
+        }
+        ssl_name->name = OPENSSL_strdup(sect->name);
+        if (ssl_name->name == NULL)
+            goto err;
+        cnt = sk_CONF_VALUE_num(cmds);
+        ssl_name->cmds = OPENSSL_zalloc(cnt * sizeof(struct ssl_conf_cmd_st));
+        if (ssl_name->cmds == NULL)
+            goto err;
+        ssl_name->cmd_count = cnt;
+        for (j = 0; j < cnt; j++) {
+            const char *name;
+            CONF_VALUE *cmd_conf = sk_CONF_VALUE_value(cmds, (int)j);
+            struct ssl_conf_cmd_st *cmd = ssl_name->cmds + j;
+
+            /* Skip any initial dot in name */
+            name = strchr(cmd_conf->name, '.');
+            if (name != NULL)
+                name++;
+            else
+                name = cmd_conf->name;
+            cmd->cmd = OPENSSL_strdup(name);
+            cmd->arg = OPENSSL_strdup(cmd_conf->value);
+            if (cmd->cmd == NULL || cmd->arg == NULL)
+                goto err;
+        }
+
+    }
+    rv = 1;
+ err:
+    if (rv == 0)
+        ssl_module_free(md);
+    return rv;
+}
+
+/*
+ * Returns the set of commands with index |idx| previously searched for via
+ * conf_ssl_name_find. Also stores the name of the set of commands in |*name|
+ * and the number of commands in the set in |*cnt|.
+ */
+const SSL_CONF_CMD *conf_ssl_get(size_t idx, const char **name, size_t *cnt)
+{
+    *name = ssl_names[idx].name;
+    *cnt = ssl_names[idx].cmd_count;
+    return ssl_names[idx].cmds;
+}
+
+/*
+ * Search for the named set of commands given in |name|. On success return the
+ * index for the command set in |*idx|.
+ * Returns 1 on success or 0 on failure.
+ */
+int conf_ssl_name_find(const char *name, size_t *idx)
+{
+    size_t i;
+    const struct ssl_conf_name_st *nm;
+
+    if (name == NULL)
+        return 0;
+    for (i = 0, nm = ssl_names; i < ssl_names_count; i++, nm++) {
+        if (strcmp(nm->name, name) == 0) {
+            *idx = i;
+            return 1;
+        }
+    }
+    return 0;
+}
+
+/*
+ * Given a command set |cmd|, return details on the command at index |idx| which
+ * must be less than the number of commands in the set (as returned by
+ * conf_ssl_get). The name of the command will be returned in |*cmdstr| and the
+ * argument is returned in |*arg|.
+ */
+void conf_ssl_get_cmd(const SSL_CONF_CMD *cmd, size_t idx, char **cmdstr,
+                      char **arg)
+{
+    *cmdstr = cmd[idx].cmd;
+    *arg = cmd[idx].arg;
+}
+
+void conf_add_ssl_module(void)
+{
+    CONF_module_add("ssl_conf", ssl_module_init, ssl_module_free);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/conf/keysets.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/conf/keysets.pl
new file mode 100644
index 000000000..27a7214cc
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/conf/keysets.pl
@@ -0,0 +1,116 @@
+#! /usr/bin/env perl
+# Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+use warnings;
+
+my $NUMBER      = 0x0001;
+my $UPPER       = 0x0002;
+my $LOWER       = 0x0004;
+my $UNDER       = 0x0100;
+my $PUNCTUATION = 0x0200;
+my $WS          = 0x0010;
+my $ESC         = 0x0020;
+my $QUOTE       = 0x0040;
+my $DQUOTE      = 0x0400;
+my $COMMENT     = 0x0080;
+my $FCOMMENT    = 0x0800;
+my $EOF         = 0x0008;
+my @V_def;
+my @V_w32;
+
+my $v;
+my $c;
+foreach (0 .. 127) {
+    $c = sprintf("%c", $_);
+    $v = 0;
+    $v |= $NUMBER      if $c =~ /[0-9]/;
+    $v |= $UPPER       if $c =~ /[A-Z]/;
+    $v |= $LOWER       if $c =~ /[a-z]/;
+    $v |= $UNDER       if $c =~ /_/;
+    $v |= $PUNCTUATION if $c =~ /[!\.%&\*\+,\/;\?\@\^\~\|-]/;
+    $v |= $WS          if $c =~ /[ \t\r\n]/;
+    $v |= $ESC         if $c =~ /\\/;
+    $v |= $QUOTE       if $c =~ /['`"]/;         # for emacs: "`'
+    $v |= $COMMENT     if $c =~ /\#/;
+    $v |= $EOF         if $c =~ /\0/;
+    push(@V_def, $v);
+
+    $v = 0;
+    $v |= $NUMBER      if $c =~ /[0-9]/;
+    $v |= $UPPER       if $c =~ /[A-Z]/;
+    $v |= $LOWER       if $c =~ /[a-z]/;
+    $v |= $UNDER       if $c =~ /_/;
+    $v |= $PUNCTUATION if $c =~ /[!\.%&\*\+,\/;\?\@\^\~\|-]/;
+    $v |= $WS          if $c =~ /[ \t\r\n]/;
+    $v |= $DQUOTE      if $c =~ /["]/;           # for emacs: "
+    $v |= $FCOMMENT    if $c =~ /;/;
+    $v |= $EOF         if $c =~ /\0/;
+    push(@V_w32, $v);
+}
+
+# Output year depends on the year of the script.
+my $YEAR = [localtime([stat($0)]->[9])]->[5] + 1900;
+
+print <<"EOF";
+/*
+ * WARNING: do not edit!
+ * Generated by crypto/conf/keysets.pl
+ *
+ * Copyright 1995-$YEAR The OpenSSL Project Authors. All Rights Reserved.
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#define CONF_NUMBER       $NUMBER
+#define CONF_UPPER        $UPPER
+#define CONF_LOWER        $LOWER
+#define CONF_UNDER        $UNDER
+#define CONF_PUNCT        $PUNCTUATION
+#define CONF_WS           $WS
+#define CONF_ESC          $ESC
+#define CONF_QUOTE        $QUOTE
+#define CONF_DQUOTE       $DQUOTE
+#define CONF_COMMENT      $COMMENT
+#define CONF_FCOMMENT     $FCOMMENT
+#define CONF_EOF          $EOF
+#define CONF_ALPHA        (CONF_UPPER|CONF_LOWER)
+#define CONF_ALNUM        (CONF_ALPHA|CONF_NUMBER|CONF_UNDER)
+#define CONF_ALNUM_PUNCT  (CONF_ALPHA|CONF_NUMBER|CONF_UNDER|CONF_PUNCT)
+
+
+#define IS_COMMENT(conf,c)     is_keytype(conf, c, CONF_COMMENT)
+#define IS_FCOMMENT(conf,c)    is_keytype(conf, c, CONF_FCOMMENT)
+#define IS_EOF(conf,c)         is_keytype(conf, c, CONF_EOF)
+#define IS_ESC(conf,c)         is_keytype(conf, c, CONF_ESC)
+#define IS_NUMBER(conf,c)      is_keytype(conf, c, CONF_NUMBER)
+#define IS_WS(conf,c)          is_keytype(conf, c, CONF_WS)
+#define IS_ALNUM(conf,c)       is_keytype(conf, c, CONF_ALNUM)
+#define IS_ALNUM_PUNCT(conf,c) is_keytype(conf, c, CONF_ALNUM_PUNCT)
+#define IS_QUOTE(conf,c)       is_keytype(conf, c, CONF_QUOTE)
+#define IS_DQUOTE(conf,c)      is_keytype(conf, c, CONF_DQUOTE)
+
+EOF
+
+my $i;
+
+print "static const unsigned short CONF_type_default[128] = {";
+for ($i = 0; $i < 128; $i++) {
+    print "\n   " if ($i % 8) == 0;
+    printf " 0x%04X,", $V_def[$i];
+}
+print "\n};\n\n";
+
+print "static const unsigned short CONF_type_win32[128] = {";
+for ($i = 0; $i < 128; $i++) {
+    print "\n   " if ($i % 8) == 0;
+    printf " 0x%04X,", $V_w32[$i];
+}
+print "\n};\n";
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cpt_err.c b/trunk/3rdparty/openssl-1.1-fit/crypto/cpt_err.c
new file mode 100644
index 000000000..4147b1cb9
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cpt_err.c
@@ -0,0 +1,77 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/cryptoerr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA CRYPTO_str_functs[] = {
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CMAC_CTX_NEW, 0), "CMAC_CTX_new"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_DUP_EX_DATA, 0),
+     "CRYPTO_dup_ex_data"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_FREE_EX_DATA, 0),
+     "CRYPTO_free_ex_data"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX, 0),
+     "CRYPTO_get_ex_new_index"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_MEMDUP, 0), "CRYPTO_memdup"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_NEW_EX_DATA, 0),
+     "CRYPTO_new_ex_data"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_OCB128_COPY_CTX, 0),
+     "CRYPTO_ocb128_copy_ctx"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_OCB128_INIT, 0),
+     "CRYPTO_ocb128_init"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_SET_EX_DATA, 0),
+     "CRYPTO_set_ex_data"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_FIPS_MODE_SET, 0), "FIPS_mode_set"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_GET_AND_LOCK, 0), "get_and_lock"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_ATEXIT, 0), "OPENSSL_atexit"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_BUF2HEXSTR, 0),
+     "OPENSSL_buf2hexstr"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_FOPEN, 0), "openssl_fopen"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_HEXSTR2BUF, 0),
+     "OPENSSL_hexstr2buf"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_INIT_CRYPTO, 0),
+     "OPENSSL_init_crypto"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_LH_NEW, 0), "OPENSSL_LH_new"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_SK_DEEP_COPY, 0),
+     "OPENSSL_sk_deep_copy"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_SK_DUP, 0), "OPENSSL_sk_dup"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_PKEY_HMAC_INIT, 0), "pkey_hmac_init"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_PKEY_POLY1305_INIT, 0),
+     "pkey_poly1305_init"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_PKEY_SIPHASH_INIT, 0),
+     "pkey_siphash_init"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_SK_RESERVE, 0), "sk_reserve"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA CRYPTO_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_FIPS_MODE_NOT_SUPPORTED),
+    "fips mode not supported"},
+    {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_ILLEGAL_HEX_DIGIT),
+    "illegal hex digit"},
+    {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_ODD_NUMBER_OF_DIGITS),
+    "odd number of digits"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_CRYPTO_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(CRYPTO_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(CRYPTO_str_functs);
+        ERR_load_strings_const(CRYPTO_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cryptlib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/cryptlib.c
new file mode 100644
index 000000000..7b761a3ad
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cryptlib.c
@@ -0,0 +1,473 @@
+/*
+ * Copyright 1998-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include "internal/cryptlib_int.h"
+#include <openssl/safestack.h>
+
+#if     defined(__i386)   || defined(__i386__)   || defined(_M_IX86) || \
+        defined(__x86_64) || defined(__x86_64__) || \
+        defined(_M_AMD64) || defined(_M_X64)
+
+extern unsigned int OPENSSL_ia32cap_P[4];
+
+# if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY)
+
+/*
+ * Purpose of these minimalistic and character-type-agnostic subroutines
+ * is to break dependency on MSVCRT (on Windows) and locale. This makes
+ * OPENSSL_cpuid_setup safe to use as "constructor". "Character-type-
+ * agnostic" means that they work with either wide or 8-bit characters,
+ * exploiting the fact that first 127 characters can be simply casted
+ * between the sets, while the rest would be simply rejected by ossl_is*
+ * subroutines.
+ */
+#  ifdef _WIN32
+typedef WCHAR variant_char;
+
+static variant_char *ossl_getenv(const char *name)
+{
+    /*
+     * Since we pull only one environment variable, it's simpler to
+     * to just ignore |name| and use equivalent wide-char L-literal.
+     * As well as to ignore excessively long values...
+     */
+    static WCHAR value[48];
+    DWORD len = GetEnvironmentVariableW(L"OPENSSL_ia32cap", value, 48);
+
+    return (len > 0 && len < 48) ? value : NULL;
+}
+#  else
+typedef char variant_char;
+#   define ossl_getenv getenv
+#  endif
+
+#  include "internal/ctype.h"
+
+static int todigit(variant_char c)
+{
+    if (ossl_isdigit(c))
+        return c - '0';
+    else if (ossl_isxdigit(c))
+        return ossl_tolower(c) - 'a' + 10;
+
+    /* return largest base value to make caller terminate the loop */
+    return 16;
+}
+
+static uint64_t ossl_strtouint64(const variant_char *str)
+{
+    uint64_t ret = 0;
+    unsigned int digit, base = 10;
+
+    if (*str == '0') {
+        base = 8, str++;
+        if (ossl_tolower(*str) == 'x')
+            base = 16, str++;
+    }
+
+    while((digit = todigit(*str++)) < base)
+        ret = ret * base + digit;
+
+    return ret;
+}
+
+static variant_char *ossl_strchr(const variant_char *str, char srch)
+{   variant_char c;
+
+    while((c = *str)) {
+        if (c == srch)
+	    return (variant_char *)str;
+        str++;
+    }
+
+    return NULL;
+}
+
+#  define OPENSSL_CPUID_SETUP
+typedef uint64_t IA32CAP;
+
+void OPENSSL_cpuid_setup(void)
+{
+    static int trigger = 0;
+    IA32CAP OPENSSL_ia32_cpuid(unsigned int *);
+    IA32CAP vec;
+    const variant_char *env;
+
+    if (trigger)
+        return;
+
+    trigger = 1;
+    if ((env = ossl_getenv("OPENSSL_ia32cap")) != NULL) {
+        int off = (env[0] == '~') ? 1 : 0;
+
+        vec = ossl_strtouint64(env + off);
+
+        if (off) {
+            IA32CAP mask = vec;
+            vec = OPENSSL_ia32_cpuid(OPENSSL_ia32cap_P) & ~mask;
+            if (mask & (1<<24)) {
+                /*
+                 * User disables FXSR bit, mask even other capabilities
+                 * that operate exclusively on XMM, so we don't have to
+                 * double-check all the time. We mask PCLMULQDQ, AMD XOP,
+                 * AES-NI and AVX. Formally speaking we don't have to
+                 * do it in x86_64 case, but we can safely assume that
+                 * x86_64 users won't actually flip this flag.
+                 */
+                vec &= ~((IA32CAP)(1<<1|1<<11|1<<25|1<<28) << 32);
+            }
+        } else if (env[0] == ':') {
+            vec = OPENSSL_ia32_cpuid(OPENSSL_ia32cap_P);
+        }
+
+        if ((env = ossl_strchr(env, ':')) != NULL) {
+            IA32CAP vecx;
+
+            env++;
+            off = (env[0] == '~') ? 1 : 0;
+            vecx = ossl_strtouint64(env + off);
+            if (off) {
+                OPENSSL_ia32cap_P[2] &= ~(unsigned int)vecx;
+                OPENSSL_ia32cap_P[3] &= ~(unsigned int)(vecx >> 32);
+            } else {
+                OPENSSL_ia32cap_P[2] = (unsigned int)vecx;
+                OPENSSL_ia32cap_P[3] = (unsigned int)(vecx >> 32);
+            }
+        } else {
+            OPENSSL_ia32cap_P[2] = 0;
+            OPENSSL_ia32cap_P[3] = 0;
+        }
+    } else {
+        vec = OPENSSL_ia32_cpuid(OPENSSL_ia32cap_P);
+    }
+
+    /*
+     * |(1<<10) sets a reserved bit to signal that variable
+     * was initialized already... This is to avoid interference
+     * with cpuid snippets in ELF .init segment.
+     */
+    OPENSSL_ia32cap_P[0] = (unsigned int)vec | (1 << 10);
+    OPENSSL_ia32cap_P[1] = (unsigned int)(vec >> 32);
+}
+# else
+unsigned int OPENSSL_ia32cap_P[4];
+# endif
+#endif
+#if !defined(OPENSSL_CPUID_SETUP) && !defined(OPENSSL_CPUID_OBJ)
+void OPENSSL_cpuid_setup(void)
+{
+}
+#endif
+
+#if defined(_WIN32)
+# include <tchar.h>
+# include <signal.h>
+# ifdef __WATCOMC__
+#  if defined(_UNICODE) || defined(__UNICODE__)
+#   define _vsntprintf _vsnwprintf
+#  else
+#   define _vsntprintf _vsnprintf
+#  endif
+# endif
+# ifdef _MSC_VER
+#  define alloca _alloca
+# endif
+
+# if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
+#  ifdef OPENSSL_SYS_WIN_CORE
+
+int OPENSSL_isservice(void)
+{
+    /* OneCore API cannot interact with GUI */
+    return 1;
+}
+#  else
+int OPENSSL_isservice(void)
+{
+    HWINSTA h;
+    DWORD len;
+    WCHAR *name;
+    static union {
+        void *p;
+        FARPROC f;
+    } _OPENSSL_isservice = {
+        NULL
+    };
+
+    if (_OPENSSL_isservice.p == NULL) {
+        HANDLE mod = GetModuleHandle(NULL);
+        FARPROC f = NULL;
+
+        if (mod != NULL)
+            f = GetProcAddress(mod, "_OPENSSL_isservice");
+        if (f == NULL)
+            _OPENSSL_isservice.p = (void *)-1;
+        else
+            _OPENSSL_isservice.f = f;
+    }
+
+    if (_OPENSSL_isservice.p != (void *)-1)
+        return (*_OPENSSL_isservice.f) ();
+
+    h = GetProcessWindowStation();
+    if (h == NULL)
+        return -1;
+
+    if (GetUserObjectInformationW(h, UOI_NAME, NULL, 0, &len) ||
+        GetLastError() != ERROR_INSUFFICIENT_BUFFER)
+        return -1;
+
+    if (len > 512)
+        return -1;              /* paranoia */
+    len++, len &= ~1;           /* paranoia */
+    name = (WCHAR *)alloca(len + sizeof(WCHAR));
+    if (!GetUserObjectInformationW(h, UOI_NAME, name, len, &len))
+        return -1;
+
+    len++, len &= ~1;           /* paranoia */
+    name[len / sizeof(WCHAR)] = L'\0'; /* paranoia */
+#   if 1
+    /*
+     * This doesn't cover "interactive" services [working with real
+     * WinSta0's] nor programs started non-interactively by Task Scheduler
+     * [those are working with SAWinSta].
+     */
+    if (wcsstr(name, L"Service-0x"))
+        return 1;
+#   else
+    /* This covers all non-interactive programs such as services. */
+    if (!wcsstr(name, L"WinSta0"))
+        return 1;
+#   endif
+    else
+        return 0;
+}
+#  endif
+# else
+int OPENSSL_isservice(void)
+{
+    return 0;
+}
+# endif
+
+void OPENSSL_showfatal(const char *fmta, ...)
+{
+    va_list ap;
+    TCHAR buf[256];
+    const TCHAR *fmt;
+    /*
+     * First check if it's a console application, in which case the
+     * error message would be printed to standard error.
+     * Windows CE does not have a concept of a console application,
+     * so we need to guard the check.
+     */
+# ifdef STD_ERROR_HANDLE
+    HANDLE h;
+
+    if ((h = GetStdHandle(STD_ERROR_HANDLE)) != NULL &&
+        GetFileType(h) != FILE_TYPE_UNKNOWN) {
+        /* must be console application */
+        int len;
+        DWORD out;
+
+        va_start(ap, fmta);
+        len = _vsnprintf((char *)buf, sizeof(buf), fmta, ap);
+        WriteFile(h, buf, len < 0 ? sizeof(buf) : (DWORD) len, &out, NULL);
+        va_end(ap);
+        return;
+    }
+# endif
+
+    if (sizeof(TCHAR) == sizeof(char))
+        fmt = (const TCHAR *)fmta;
+    else
+        do {
+            int keepgoing;
+            size_t len_0 = strlen(fmta) + 1, i;
+            WCHAR *fmtw;
+
+            fmtw = (WCHAR *)alloca(len_0 * sizeof(WCHAR));
+            if (fmtw == NULL) {
+                fmt = (const TCHAR *)L"no stack?";
+                break;
+            }
+            if (!MultiByteToWideChar(CP_ACP, 0, fmta, len_0, fmtw, len_0))
+                for (i = 0; i < len_0; i++)
+                    fmtw[i] = (WCHAR)fmta[i];
+            for (i = 0; i < len_0; i++) {
+                if (fmtw[i] == L'%')
+                    do {
+                        keepgoing = 0;
+                        switch (fmtw[i + 1]) {
+                        case L'0':
+                        case L'1':
+                        case L'2':
+                        case L'3':
+                        case L'4':
+                        case L'5':
+                        case L'6':
+                        case L'7':
+                        case L'8':
+                        case L'9':
+                        case L'.':
+                        case L'*':
+                        case L'-':
+                            i++;
+                            keepgoing = 1;
+                            break;
+                        case L's':
+                            fmtw[i + 1] = L'S';
+                            break;
+                        case L'S':
+                            fmtw[i + 1] = L's';
+                            break;
+                        case L'c':
+                            fmtw[i + 1] = L'C';
+                            break;
+                        case L'C':
+                            fmtw[i + 1] = L'c';
+                            break;
+                        }
+                    } while (keepgoing);
+            }
+            fmt = (const TCHAR *)fmtw;
+        } while (0);
+
+    va_start(ap, fmta);
+    _vsntprintf(buf, OSSL_NELEM(buf) - 1, fmt, ap);
+    buf[OSSL_NELEM(buf) - 1] = _T('\0');
+    va_end(ap);
+
+# if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
+#  ifdef OPENSSL_SYS_WIN_CORE
+    /* ONECORE is always NONGUI and NT >= 0x0601 */
+
+    /*
+    * TODO: (For non GUI and no std error cases)
+    * Add event logging feature here.
+    */
+
+#   if !defined(NDEBUG)
+        /*
+        * We are in a situation where we tried to report a critical
+        * error and this failed for some reason. As a last resort,
+        * in debug builds, send output to the debugger or any other
+        * tool like DebugView which can monitor the output.
+        */
+        OutputDebugString(buf);
+#   endif
+#  else
+    /* this -------------v--- guards NT-specific calls */
+    if (check_winnt() && OPENSSL_isservice() > 0) {
+        HANDLE hEventLog = RegisterEventSource(NULL, _T("OpenSSL"));
+
+        if (hEventLog != NULL) {
+            const TCHAR *pmsg = buf;
+
+            if (!ReportEvent(hEventLog, EVENTLOG_ERROR_TYPE, 0, 0, NULL,
+                             1, 0, &pmsg, NULL)) {
+#   if !defined(NDEBUG)
+                /*
+                 * We are in a situation where we tried to report a critical
+                 * error and this failed for some reason. As a last resort,
+                 * in debug builds, send output to the debugger or any other
+                 * tool like DebugView which can monitor the output.
+                 */
+                OutputDebugString(pmsg);
+#   endif
+            }
+
+            (void)DeregisterEventSource(hEventLog);
+        }
+    } else {
+        MessageBox(NULL, buf, _T("OpenSSL: FATAL"), MB_OK | MB_ICONERROR);
+    }
+#  endif
+# else
+    MessageBox(NULL, buf, _T("OpenSSL: FATAL"), MB_OK | MB_ICONERROR);
+# endif
+}
+#else
+void OPENSSL_showfatal(const char *fmta, ...)
+{
+#ifndef OPENSSL_NO_STDIO
+    va_list ap;
+
+    va_start(ap, fmta);
+    vfprintf(stderr, fmta, ap);
+    va_end(ap);
+#endif
+}
+
+int OPENSSL_isservice(void)
+{
+    return 0;
+}
+#endif
+
+void OPENSSL_die(const char *message, const char *file, int line)
+{
+    OPENSSL_showfatal("%s:%d: OpenSSL internal error: %s\n",
+                      file, line, message);
+#if !defined(_WIN32)
+    abort();
+#else
+    /*
+     * Win32 abort() customarily shows a dialog, but we just did that...
+     */
+# if !defined(_WIN32_WCE)
+    raise(SIGABRT);
+# endif
+    _exit(3);
+#endif
+}
+
+#if !defined(OPENSSL_CPUID_OBJ)
+/*
+ * The volatile is used to to ensure that the compiler generates code that reads
+ * all values from the array and doesn't try to optimize this away. The standard
+ * doesn't actually require this behavior if the original data pointed to is
+ * not volatile, but compilers do this in practice anyway.
+ *
+ * There are also assembler versions of this function.
+ */
+# undef CRYPTO_memcmp
+int CRYPTO_memcmp(const void * in_a, const void * in_b, size_t len)
+{
+    size_t i;
+    const volatile unsigned char *a = in_a;
+    const volatile unsigned char *b = in_b;
+    unsigned char x = 0;
+
+    for (i = 0; i < len; i++)
+        x |= a[i] ^ b[i];
+
+    return x;
+}
+
+/*
+ * For systems that don't provide an instruction counter register or equivalent.
+ */
+uint32_t OPENSSL_rdtsc(void)
+{
+    return 0;
+}
+
+size_t OPENSSL_instrument_bus(unsigned int *out, size_t cnt)
+{
+    return 0;
+}
+
+size_t OPENSSL_instrument_bus2(unsigned int *out, size_t cnt, size_t max)
+{
+    return 0;
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ct/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/ct/build.info
new file mode 100644
index 000000000..3ca0e3160
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ct/build.info
@@ -0,0 +1,3 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]= ct_b64.c ct_err.c ct_log.c ct_oct.c ct_policy.c \
+                         ct_prn.c ct_sct.c ct_sct_ctx.c ct_vfy.c ct_x509v3.c
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_b64.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_b64.c
new file mode 100644
index 000000000..109ffcdcf
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_b64.c
@@ -0,0 +1,168 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <limits.h>
+#include <string.h>
+
+#include <openssl/ct.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+
+#include "ct_locl.h"
+
+/*
+ * Decodes the base64 string |in| into |out|.
+ * A new string will be malloc'd and assigned to |out|. This will be owned by
+ * the caller. Do not provide a pre-allocated string in |out|.
+ */
+static int ct_base64_decode(const char *in, unsigned char **out)
+{
+    size_t inlen = strlen(in);
+    int outlen, i;
+    unsigned char *outbuf = NULL;
+
+    if (inlen == 0) {
+        *out = NULL;
+        return 0;
+    }
+
+    outlen = (inlen / 4) * 3;
+    outbuf = OPENSSL_malloc(outlen);
+    if (outbuf == NULL) {
+        CTerr(CT_F_CT_BASE64_DECODE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    outlen = EVP_DecodeBlock(outbuf, (unsigned char *)in, inlen);
+    if (outlen < 0) {
+        CTerr(CT_F_CT_BASE64_DECODE, CT_R_BASE64_DECODE_ERROR);
+        goto err;
+    }
+
+    /* Subtract padding bytes from |outlen|.  Any more than 2 is malformed. */
+    i = 0;
+    while (in[--inlen] == '=') {
+        --outlen;
+        if (++i > 2)
+            goto err;
+    }
+
+    *out = outbuf;
+    return outlen;
+err:
+    OPENSSL_free(outbuf);
+    return -1;
+}
+
+SCT *SCT_new_from_base64(unsigned char version, const char *logid_base64,
+                         ct_log_entry_type_t entry_type, uint64_t timestamp,
+                         const char *extensions_base64,
+                         const char *signature_base64)
+{
+    SCT *sct = SCT_new();
+    unsigned char *dec = NULL;
+    const unsigned char* p = NULL;
+    int declen;
+
+    if (sct == NULL) {
+        CTerr(CT_F_SCT_NEW_FROM_BASE64, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    /*
+     * RFC6962 section 4.1 says we "MUST NOT expect this to be 0", but we
+     * can only construct SCT versions that have been defined.
+     */
+    if (!SCT_set_version(sct, version)) {
+        CTerr(CT_F_SCT_NEW_FROM_BASE64, CT_R_SCT_UNSUPPORTED_VERSION);
+        goto err;
+    }
+
+    declen = ct_base64_decode(logid_base64, &dec);
+    if (declen < 0) {
+        CTerr(CT_F_SCT_NEW_FROM_BASE64, X509_R_BASE64_DECODE_ERROR);
+        goto err;
+    }
+    if (!SCT_set0_log_id(sct, dec, declen))
+        goto err;
+    dec = NULL;
+
+    declen = ct_base64_decode(extensions_base64, &dec);
+    if (declen < 0) {
+        CTerr(CT_F_SCT_NEW_FROM_BASE64, X509_R_BASE64_DECODE_ERROR);
+        goto err;
+    }
+    SCT_set0_extensions(sct, dec, declen);
+    dec = NULL;
+
+    declen = ct_base64_decode(signature_base64, &dec);
+    if (declen < 0) {
+        CTerr(CT_F_SCT_NEW_FROM_BASE64, X509_R_BASE64_DECODE_ERROR);
+        goto err;
+    }
+
+    p = dec;
+    if (o2i_SCT_signature(sct, &p, declen) <= 0)
+        goto err;
+    OPENSSL_free(dec);
+    dec = NULL;
+
+    SCT_set_timestamp(sct, timestamp);
+
+    if (!SCT_set_log_entry_type(sct, entry_type))
+        goto err;
+
+    return sct;
+
+ err:
+    OPENSSL_free(dec);
+    SCT_free(sct);
+    return NULL;
+}
+
+/*
+ * Allocate, build and returns a new |ct_log| from input |pkey_base64|
+ * It returns 1 on success,
+ * 0 on decoding failure, or invalid parameter if any
+ * -1 on internal (malloc) failure
+ */
+int CTLOG_new_from_base64(CTLOG **ct_log, const char *pkey_base64, const char *name)
+{
+    unsigned char *pkey_der = NULL;
+    int pkey_der_len;
+    const unsigned char *p;
+    EVP_PKEY *pkey = NULL;
+
+    if (ct_log == NULL) {
+        CTerr(CT_F_CTLOG_NEW_FROM_BASE64, ERR_R_PASSED_INVALID_ARGUMENT);
+        return 0;
+    }
+
+    pkey_der_len = ct_base64_decode(pkey_base64, &pkey_der);
+    if (pkey_der_len < 0) {
+        CTerr(CT_F_CTLOG_NEW_FROM_BASE64, CT_R_LOG_CONF_INVALID_KEY);
+        return 0;
+    }
+
+    p = pkey_der;
+    pkey = d2i_PUBKEY(NULL, &p, pkey_der_len);
+    OPENSSL_free(pkey_der);
+    if (pkey == NULL) {
+        CTerr(CT_F_CTLOG_NEW_FROM_BASE64, CT_R_LOG_CONF_INVALID_KEY);
+        return 0;
+    }
+
+    *ct_log = CTLOG_new(pkey, name);
+    if (*ct_log == NULL) {
+        EVP_PKEY_free(pkey);
+        return 0;
+    }
+
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_err.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_err.c
new file mode 100644
index 000000000..c0c62fee6
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_err.c
@@ -0,0 +1,96 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/cterr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA CT_str_functs[] = {
+    {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_NEW, 0), "CTLOG_new"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_NEW_FROM_BASE64, 0),
+     "CTLOG_new_from_base64"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_NEW_FROM_CONF, 0), "ctlog_new_from_conf"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_STORE_LOAD_CTX_NEW, 0),
+     "ctlog_store_load_ctx_new"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_STORE_LOAD_FILE, 0),
+     "CTLOG_STORE_load_file"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_STORE_LOAD_LOG, 0),
+     "ctlog_store_load_log"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_STORE_NEW, 0), "CTLOG_STORE_new"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_CT_BASE64_DECODE, 0), "ct_base64_decode"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_CT_POLICY_EVAL_CTX_NEW, 0),
+     "CT_POLICY_EVAL_CTX_new"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_CT_V1_LOG_ID_FROM_PKEY, 0),
+     "ct_v1_log_id_from_pkey"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_I2O_SCT, 0), "i2o_SCT"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_I2O_SCT_LIST, 0), "i2o_SCT_LIST"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_I2O_SCT_SIGNATURE, 0), "i2o_SCT_signature"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_O2I_SCT, 0), "o2i_SCT"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_O2I_SCT_LIST, 0), "o2i_SCT_LIST"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_O2I_SCT_SIGNATURE, 0), "o2i_SCT_signature"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_SCT_CTX_NEW, 0), "SCT_CTX_new"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_SCT_CTX_VERIFY, 0), "SCT_CTX_verify"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_SCT_NEW, 0), "SCT_new"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_SCT_NEW_FROM_BASE64, 0), "SCT_new_from_base64"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET0_LOG_ID, 0), "SCT_set0_log_id"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET1_EXTENSIONS, 0), "SCT_set1_extensions"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET1_LOG_ID, 0), "SCT_set1_log_id"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET1_SIGNATURE, 0), "SCT_set1_signature"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET_LOG_ENTRY_TYPE, 0),
+     "SCT_set_log_entry_type"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET_SIGNATURE_NID, 0),
+     "SCT_set_signature_nid"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET_VERSION, 0), "SCT_set_version"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA CT_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_BASE64_DECODE_ERROR), "base64 decode error"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_INVALID_LOG_ID_LENGTH),
+    "invalid log id length"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_INVALID), "log conf invalid"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_INVALID_KEY),
+    "log conf invalid key"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_MISSING_DESCRIPTION),
+    "log conf missing description"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_MISSING_KEY),
+    "log conf missing key"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_KEY_INVALID), "log key invalid"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_FUTURE_TIMESTAMP),
+    "sct future timestamp"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_INVALID), "sct invalid"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_INVALID_SIGNATURE),
+    "sct invalid signature"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_LIST_INVALID), "sct list invalid"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_LOG_ID_MISMATCH), "sct log id mismatch"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_NOT_SET), "sct not set"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_UNSUPPORTED_VERSION),
+    "sct unsupported version"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_UNRECOGNIZED_SIGNATURE_NID),
+    "unrecognized signature nid"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_UNSUPPORTED_ENTRY_TYPE),
+    "unsupported entry type"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_UNSUPPORTED_VERSION), "unsupported version"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_CT_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(CT_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(CT_str_functs);
+        ERR_load_strings_const(CT_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_locl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_locl.h
new file mode 100644
index 000000000..9f983c91b
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_locl.h
@@ -0,0 +1,216 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stddef.h>
+#include <openssl/ct.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/safestack.h>
+
+/*
+ * From RFC6962: opaque SerializedSCT<1..2^16-1>; struct { SerializedSCT
+ * sct_list <1..2^16-1>; } SignedCertificateTimestampList;
+ */
+# define MAX_SCT_SIZE            65535
+# define MAX_SCT_LIST_SIZE       MAX_SCT_SIZE
+
+/*
+ * Macros to read and write integers in network-byte order.
+ */
+
+#define n2s(c,s)        ((s=(((unsigned int)((c)[0]))<< 8)| \
+                            (((unsigned int)((c)[1]))    )),c+=2)
+
+#define s2n(s,c)        ((c[0]=(unsigned char)(((s)>> 8)&0xff), \
+                          c[1]=(unsigned char)(((s)    )&0xff)),c+=2)
+
+#define l2n3(l,c)       ((c[0]=(unsigned char)(((l)>>16)&0xff), \
+                          c[1]=(unsigned char)(((l)>> 8)&0xff), \
+                          c[2]=(unsigned char)(((l)    )&0xff)),c+=3)
+
+#define n2l8(c,l)       (l =((uint64_t)(*((c)++)))<<56, \
+                         l|=((uint64_t)(*((c)++)))<<48, \
+                         l|=((uint64_t)(*((c)++)))<<40, \
+                         l|=((uint64_t)(*((c)++)))<<32, \
+                         l|=((uint64_t)(*((c)++)))<<24, \
+                         l|=((uint64_t)(*((c)++)))<<16, \
+                         l|=((uint64_t)(*((c)++)))<< 8, \
+                         l|=((uint64_t)(*((c)++))))
+
+#define l2n8(l,c)       (*((c)++)=(unsigned char)(((l)>>56)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>48)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>40)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>32)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>24)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+                         *((c)++)=(unsigned char)(((l)    )&0xff))
+
+/* Signed Certificate Timestamp */
+struct sct_st {
+    sct_version_t version;
+    /* If version is not SCT_VERSION_V1, this contains the encoded SCT */
+    unsigned char *sct;
+    size_t sct_len;
+    /* If version is SCT_VERSION_V1, fields below contain components of the SCT */
+    unsigned char *log_id;
+    size_t log_id_len;
+    /*
+    * Note, we cannot distinguish between an unset timestamp, and one
+    * that is set to 0.  However since CT didn't exist in 1970, no real
+    * SCT should ever be set as such.
+    */
+    uint64_t timestamp;
+    unsigned char *ext;
+    size_t ext_len;
+    unsigned char hash_alg;
+    unsigned char sig_alg;
+    unsigned char *sig;
+    size_t sig_len;
+    /* Log entry type */
+    ct_log_entry_type_t entry_type;
+    /* Where this SCT was found, e.g. certificate, OCSP response, etc. */
+    sct_source_t source;
+    /* The result of the last attempt to validate this SCT. */
+    sct_validation_status_t validation_status;
+};
+
+/* Miscellaneous data that is useful when verifying an SCT  */
+struct sct_ctx_st {
+    /* Public key */
+    EVP_PKEY *pkey;
+    /* Hash of public key */
+    unsigned char *pkeyhash;
+    size_t pkeyhashlen;
+    /* For pre-certificate: issuer public key hash */
+    unsigned char *ihash;
+    size_t ihashlen;
+    /* certificate encoding */
+    unsigned char *certder;
+    size_t certderlen;
+    /* pre-certificate encoding */
+    unsigned char *preder;
+    size_t prederlen;
+    /* milliseconds since epoch (to check that the SCT isn't from the future) */
+    uint64_t epoch_time_in_ms;
+};
+
+/* Context when evaluating whether a Certificate Transparency policy is met */
+struct ct_policy_eval_ctx_st {
+    X509 *cert;
+    X509 *issuer;
+    CTLOG_STORE *log_store;
+    /* milliseconds since epoch (to check that SCTs aren't from the future) */
+    uint64_t epoch_time_in_ms;
+};
+
+/*
+ * Creates a new context for verifying an SCT.
+ */
+SCT_CTX *SCT_CTX_new(void);
+/*
+ * Deletes an SCT verification context.
+ */
+void SCT_CTX_free(SCT_CTX *sctx);
+
+/*
+ * Sets the certificate that the SCT was created for.
+ * If *cert does not have a poison extension, presigner must be NULL.
+ * If *cert does not have a poison extension, it may have a single SCT
+ * (NID_ct_precert_scts) extension.
+ * If either *cert or *presigner have an AKID (NID_authority_key_identifier)
+ * extension, both must have one.
+ * Returns 1 on success, 0 on failure.
+ */
+__owur int SCT_CTX_set1_cert(SCT_CTX *sctx, X509 *cert, X509 *presigner);
+
+/*
+ * Sets the issuer of the certificate that the SCT was created for.
+ * This is just a convenience method to save extracting the public key and
+ * calling SCT_CTX_set1_issuer_pubkey().
+ * Issuer must not be NULL.
+ * Returns 1 on success, 0 on failure.
+ */
+__owur int SCT_CTX_set1_issuer(SCT_CTX *sctx, const X509 *issuer);
+
+/*
+ * Sets the public key of the issuer of the certificate that the SCT was created
+ * for.
+ * The public key must not be NULL.
+ * Returns 1 on success, 0 on failure.
+ */
+__owur int SCT_CTX_set1_issuer_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey);
+
+/*
+ * Sets the public key of the CT log that the SCT is from.
+ * Returns 1 on success, 0 on failure.
+ */
+__owur int SCT_CTX_set1_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey);
+
+/*
+ * Sets the time to evaluate the SCT against, in milliseconds since the Unix
+ * epoch. If the SCT's timestamp is after this time, it will be interpreted as
+ * having been issued in the future. RFC6962 states that "TLS clients MUST
+ * reject SCTs whose timestamp is in the future", so an SCT will not validate
+ * in this case.
+ */
+void SCT_CTX_set_time(SCT_CTX *sctx, uint64_t time_in_ms);
+
+/*
+ * Verifies an SCT with the given context.
+ * Returns 1 if the SCT verifies successfully; any other value indicates
+ * failure. See EVP_DigestVerifyFinal() for the meaning of those values.
+ */
+__owur int SCT_CTX_verify(const SCT_CTX *sctx, const SCT *sct);
+
+/*
+ * Does this SCT have the minimum fields populated to be usable?
+ * Returns 1 if so, 0 otherwise.
+ */
+__owur int SCT_is_complete(const SCT *sct);
+
+/*
+ * Does this SCT have the signature-related fields populated?
+ * Returns 1 if so, 0 otherwise.
+ * This checks that the signature and hash algorithms are set to supported
+ * values and that the signature field is set.
+ */
+__owur int SCT_signature_is_complete(const SCT *sct);
+
+/*
+ * TODO(RJPercival): Create an SCT_signature struct and make i2o_SCT_signature
+ * and o2i_SCT_signature conform to the i2d/d2i conventions.
+ */
+
+/*
+* Serialize (to TLS format) an |sct| signature and write it to |out|.
+* If |out| is null, no signature will be output but the length will be returned.
+* If |out| points to a null pointer, a string will be allocated to hold the
+* TLS-format signature. It is the responsibility of the caller to free it.
+* If |out| points to an allocated string, the signature will be written to it.
+* The length of the signature in TLS format will be returned.
+*/
+__owur int i2o_SCT_signature(const SCT *sct, unsigned char **out);
+
+/*
+* Parses an SCT signature in TLS format and populates the |sct| with it.
+* |in| should be a pointer to a string containing the TLS-format signature.
+* |in| will be advanced to the end of the signature if parsing succeeds.
+* |len| should be the length of the signature in |in|.
+* Returns the number of bytes parsed, or a negative integer if an error occurs.
+* If an error occurs, the SCT's signature NID may be updated whilst the
+* signature field itself remains unset.
+*/
+__owur int o2i_SCT_signature(SCT *sct, const unsigned char **in, size_t len);
+
+/*
+ * Handlers for Certificate Transparency X509v3/OCSP extensions
+ */
+extern const X509V3_EXT_METHOD v3_ct_scts[3];
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_log.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_log.c
new file mode 100644
index 000000000..c1bca3e14
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_log.c
@@ -0,0 +1,306 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/conf.h>
+#include <openssl/ct.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/safestack.h>
+
+#include "internal/cryptlib.h"
+
+/*
+ * Information about a CT log server.
+ */
+struct ctlog_st {
+    char *name;
+    uint8_t log_id[CT_V1_HASHLEN];
+    EVP_PKEY *public_key;
+};
+
+/*
+ * A store for multiple CTLOG instances.
+ * It takes ownership of any CTLOG instances added to it.
+ */
+struct ctlog_store_st {
+    STACK_OF(CTLOG) *logs;
+};
+
+/* The context when loading a CT log list from a CONF file. */
+typedef struct ctlog_store_load_ctx_st {
+    CTLOG_STORE *log_store;
+    CONF *conf;
+    size_t invalid_log_entries;
+} CTLOG_STORE_LOAD_CTX;
+
+/*
+ * Creates an empty context for loading a CT log store.
+ * It should be populated before use.
+ */
+static CTLOG_STORE_LOAD_CTX *ctlog_store_load_ctx_new(void);
+
+/*
+ * Deletes a CT log store load context.
+ * Does not delete any of the fields.
+ */
+static void ctlog_store_load_ctx_free(CTLOG_STORE_LOAD_CTX* ctx);
+
+static CTLOG_STORE_LOAD_CTX *ctlog_store_load_ctx_new(void)
+{
+    CTLOG_STORE_LOAD_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
+
+    if (ctx == NULL)
+        CTerr(CT_F_CTLOG_STORE_LOAD_CTX_NEW, ERR_R_MALLOC_FAILURE);
+
+    return ctx;
+}
+
+static void ctlog_store_load_ctx_free(CTLOG_STORE_LOAD_CTX* ctx)
+{
+    OPENSSL_free(ctx);
+}
+
+/* Converts a log's public key into a SHA256 log ID */
+static int ct_v1_log_id_from_pkey(EVP_PKEY *pkey,
+                                  unsigned char log_id[CT_V1_HASHLEN])
+{
+    int ret = 0;
+    unsigned char *pkey_der = NULL;
+    int pkey_der_len = i2d_PUBKEY(pkey, &pkey_der);
+
+    if (pkey_der_len <= 0) {
+        CTerr(CT_F_CT_V1_LOG_ID_FROM_PKEY, CT_R_LOG_KEY_INVALID);
+        goto err;
+    }
+
+    SHA256(pkey_der, pkey_der_len, log_id);
+    ret = 1;
+err:
+    OPENSSL_free(pkey_der);
+    return ret;
+}
+
+CTLOG_STORE *CTLOG_STORE_new(void)
+{
+    CTLOG_STORE *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        CTerr(CT_F_CTLOG_STORE_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ret->logs = sk_CTLOG_new_null();
+    if (ret->logs == NULL)
+        goto err;
+
+    return ret;
+err:
+    OPENSSL_free(ret);
+    return NULL;
+}
+
+void CTLOG_STORE_free(CTLOG_STORE *store)
+{
+    if (store != NULL) {
+        sk_CTLOG_pop_free(store->logs, CTLOG_free);
+        OPENSSL_free(store);
+    }
+}
+
+static int ctlog_new_from_conf(CTLOG **ct_log, const CONF *conf, const char *section)
+{
+    const char *description = NCONF_get_string(conf, section, "description");
+    char *pkey_base64;
+
+    if (description == NULL) {
+        CTerr(CT_F_CTLOG_NEW_FROM_CONF, CT_R_LOG_CONF_MISSING_DESCRIPTION);
+        return 0;
+    }
+
+    pkey_base64 = NCONF_get_string(conf, section, "key");
+    if (pkey_base64 == NULL) {
+        CTerr(CT_F_CTLOG_NEW_FROM_CONF, CT_R_LOG_CONF_MISSING_KEY);
+        return 0;
+    }
+
+    return CTLOG_new_from_base64(ct_log, pkey_base64, description);
+}
+
+int CTLOG_STORE_load_default_file(CTLOG_STORE *store)
+{
+    const char *fpath = ossl_safe_getenv(CTLOG_FILE_EVP);
+
+    if (fpath == NULL)
+      fpath = CTLOG_FILE;
+
+    return CTLOG_STORE_load_file(store, fpath);
+}
+
+/*
+ * Called by CONF_parse_list, which stops if this returns <= 0,
+ * Otherwise, one bad log entry would stop loading of any of
+ * the following log entries.
+ * It may stop parsing and returns -1 on any internal (malloc) error.
+ */
+static int ctlog_store_load_log(const char *log_name, int log_name_len,
+                                void *arg)
+{
+    CTLOG_STORE_LOAD_CTX *load_ctx = arg;
+    CTLOG *ct_log = NULL;
+    /* log_name may not be null-terminated, so fix that before using it */
+    char *tmp;
+    int ret = 0;
+
+    /* log_name will be NULL for empty list entries */
+    if (log_name == NULL)
+        return 1;
+
+    tmp = OPENSSL_strndup(log_name, log_name_len);
+    if (tmp == NULL)
+        goto mem_err;
+
+    ret = ctlog_new_from_conf(&ct_log, load_ctx->conf, tmp);
+    OPENSSL_free(tmp);
+
+    if (ret < 0) {
+        /* Propagate any internal error */
+        return ret;
+    }
+    if (ret == 0) {
+        /* If we can't load this log, record that fact and skip it */
+        ++load_ctx->invalid_log_entries;
+        return 1;
+    }
+
+    if (!sk_CTLOG_push(load_ctx->log_store->logs, ct_log)) {
+        goto mem_err;
+    }
+    return 1;
+
+mem_err:
+    CTLOG_free(ct_log);
+    CTerr(CT_F_CTLOG_STORE_LOAD_LOG, ERR_R_MALLOC_FAILURE);
+    return -1;
+}
+
+int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file)
+{
+    int ret = 0;
+    char *enabled_logs;
+    CTLOG_STORE_LOAD_CTX* load_ctx = ctlog_store_load_ctx_new();
+
+    if (load_ctx == NULL)
+        return 0;
+    load_ctx->log_store = store;
+    load_ctx->conf = NCONF_new(NULL);
+    if (load_ctx->conf == NULL)
+        goto end;
+
+    if (NCONF_load(load_ctx->conf, file, NULL) <= 0) {
+        CTerr(CT_F_CTLOG_STORE_LOAD_FILE, CT_R_LOG_CONF_INVALID);
+        goto end;
+    }
+
+    enabled_logs = NCONF_get_string(load_ctx->conf, NULL, "enabled_logs");
+    if (enabled_logs == NULL) {
+        CTerr(CT_F_CTLOG_STORE_LOAD_FILE, CT_R_LOG_CONF_INVALID);
+        goto end;
+    }
+
+    if (!CONF_parse_list(enabled_logs, ',', 1, ctlog_store_load_log, load_ctx) ||
+        load_ctx->invalid_log_entries > 0) {
+        CTerr(CT_F_CTLOG_STORE_LOAD_FILE, CT_R_LOG_CONF_INVALID);
+        goto end;
+    }
+
+    ret = 1;
+end:
+    NCONF_free(load_ctx->conf);
+    ctlog_store_load_ctx_free(load_ctx);
+    return ret;
+}
+
+/*
+ * Initialize a new CTLOG object.
+ * Takes ownership of the public key.
+ * Copies the name.
+ */
+CTLOG *CTLOG_new(EVP_PKEY *public_key, const char *name)
+{
+    CTLOG *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        CTerr(CT_F_CTLOG_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ret->name = OPENSSL_strdup(name);
+    if (ret->name == NULL) {
+        CTerr(CT_F_CTLOG_NEW, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (ct_v1_log_id_from_pkey(public_key, ret->log_id) != 1)
+        goto err;
+
+    ret->public_key = public_key;
+    return ret;
+err:
+    CTLOG_free(ret);
+    return NULL;
+}
+
+/* Frees CT log and associated structures */
+void CTLOG_free(CTLOG *log)
+{
+    if (log != NULL) {
+        OPENSSL_free(log->name);
+        EVP_PKEY_free(log->public_key);
+        OPENSSL_free(log);
+    }
+}
+
+const char *CTLOG_get0_name(const CTLOG *log)
+{
+    return log->name;
+}
+
+void CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id,
+                       size_t *log_id_len)
+{
+    *log_id = log->log_id;
+    *log_id_len = CT_V1_HASHLEN;
+}
+
+EVP_PKEY *CTLOG_get0_public_key(const CTLOG *log)
+{
+    return log->public_key;
+}
+
+/*
+ * Given a log ID, finds the matching log.
+ * Returns NULL if no match found.
+ */
+const CTLOG *CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store,
+                                        const uint8_t *log_id,
+                                        size_t log_id_len)
+{
+    int i;
+
+    for (i = 0; i < sk_CTLOG_num(store->logs); ++i) {
+        const CTLOG *log = sk_CTLOG_value(store->logs, i);
+        if (memcmp(log->log_id, log_id, log_id_len) == 0)
+            return log;
+    }
+
+    return NULL;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_oct.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_oct.c
new file mode 100644
index 000000000..0dd691c0f
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_oct.c
@@ -0,0 +1,407 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifdef OPENSSL_NO_CT
+# error "CT is disabled"
+#endif
+
+#include <limits.h>
+#include <string.h>
+
+#include <openssl/asn1.h>
+#include <openssl/buffer.h>
+#include <openssl/ct.h>
+#include <openssl/err.h>
+
+#include "ct_locl.h"
+
+int o2i_SCT_signature(SCT *sct, const unsigned char **in, size_t len)
+{
+    size_t siglen;
+    size_t len_remaining = len;
+    const unsigned char *p;
+
+    if (sct->version != SCT_VERSION_V1) {
+        CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_UNSUPPORTED_VERSION);
+        return -1;
+    }
+    /*
+     * digitally-signed struct header: (1 byte) Hash algorithm (1 byte)
+     * Signature algorithm (2 bytes + ?) Signature
+     *
+     * This explicitly rejects empty signatures: they're invalid for
+     * all supported algorithms.
+     */
+    if (len <= 4) {
+        CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE);
+        return -1;
+    }
+
+    p = *in;
+    /* Get hash and signature algorithm */
+    sct->hash_alg = *p++;
+    sct->sig_alg = *p++;
+    if (SCT_get_signature_nid(sct) == NID_undef) {
+        CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE);
+        return -1;
+    }
+    /* Retrieve signature and check it is consistent with the buffer length */
+    n2s(p, siglen);
+    len_remaining -= (p - *in);
+    if (siglen > len_remaining) {
+        CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE);
+        return -1;
+    }
+
+    if (SCT_set1_signature(sct, p, siglen) != 1)
+        return -1;
+    len_remaining -= siglen;
+    *in = p + siglen;
+
+    return len - len_remaining;
+}
+
+SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len)
+{
+    SCT *sct = NULL;
+    const unsigned char *p;
+
+    if (len == 0 || len > MAX_SCT_SIZE) {
+        CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);
+        goto err;
+    }
+
+    if ((sct = SCT_new()) == NULL)
+        goto err;
+
+    p = *in;
+
+    sct->version = *p;
+    if (sct->version == SCT_VERSION_V1) {
+        int sig_len;
+        size_t len2;
+        /*-
+         * Fixed-length header:
+         *   struct {
+         *     Version sct_version;     (1 byte)
+         *     log_id id;               (32 bytes)
+         *     uint64 timestamp;        (8 bytes)
+         *     CtExtensions extensions; (2 bytes + ?)
+         *   }
+         */
+        if (len < 43) {
+            CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);
+            goto err;
+        }
+        len -= 43;
+        p++;
+        sct->log_id = BUF_memdup(p, CT_V1_HASHLEN);
+        if (sct->log_id == NULL)
+            goto err;
+        sct->log_id_len = CT_V1_HASHLEN;
+        p += CT_V1_HASHLEN;
+
+        n2l8(p, sct->timestamp);
+
+        n2s(p, len2);
+        if (len < len2) {
+            CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);
+            goto err;
+        }
+        if (len2 > 0) {
+            sct->ext = BUF_memdup(p, len2);
+            if (sct->ext == NULL)
+                goto err;
+        }
+        sct->ext_len = len2;
+        p += len2;
+        len -= len2;
+
+        sig_len = o2i_SCT_signature(sct, &p, len);
+        if (sig_len <= 0) {
+            CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);
+            goto err;
+        }
+        len -= sig_len;
+        *in = p + len;
+    } else {
+        /* If not V1 just cache encoding */
+        sct->sct = BUF_memdup(p, len);
+        if (sct->sct == NULL)
+            goto err;
+        sct->sct_len = len;
+        *in = p + len;
+    }
+
+    if (psct != NULL) {
+        SCT_free(*psct);
+        *psct = sct;
+    }
+
+    return sct;
+err:
+    SCT_free(sct);
+    return NULL;
+}
+
+int i2o_SCT_signature(const SCT *sct, unsigned char **out)
+{
+    size_t len;
+    unsigned char *p = NULL, *pstart = NULL;
+
+    if (!SCT_signature_is_complete(sct)) {
+        CTerr(CT_F_I2O_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE);
+        goto err;
+    }
+
+    if (sct->version != SCT_VERSION_V1) {
+        CTerr(CT_F_I2O_SCT_SIGNATURE, CT_R_UNSUPPORTED_VERSION);
+        goto err;
+    }
+
+    /*
+    * (1 byte) Hash algorithm
+    * (1 byte) Signature algorithm
+    * (2 bytes + ?) Signature
+    */
+    len = 4 + sct->sig_len;
+
+    if (out != NULL) {
+        if (*out != NULL) {
+            p = *out;
+            *out += len;
+        } else {
+            pstart = p = OPENSSL_malloc(len);
+            if (p == NULL) {
+                CTerr(CT_F_I2O_SCT_SIGNATURE, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            *out = p;
+        }
+
+        *p++ = sct->hash_alg;
+        *p++ = sct->sig_alg;
+        s2n(sct->sig_len, p);
+        memcpy(p, sct->sig, sct->sig_len);
+    }
+
+    return len;
+err:
+    OPENSSL_free(pstart);
+    return -1;
+}
+
+int i2o_SCT(const SCT *sct, unsigned char **out)
+{
+    size_t len;
+    unsigned char *p = NULL, *pstart = NULL;
+
+    if (!SCT_is_complete(sct)) {
+        CTerr(CT_F_I2O_SCT, CT_R_SCT_NOT_SET);
+        goto err;
+    }
+    /*
+     * Fixed-length header: struct { (1 byte) Version sct_version; (32 bytes)
+     * log_id id; (8 bytes) uint64 timestamp; (2 bytes + ?) CtExtensions
+     * extensions; (1 byte) Hash algorithm (1 byte) Signature algorithm (2
+     * bytes + ?) Signature
+     */
+    if (sct->version == SCT_VERSION_V1)
+        len = 43 + sct->ext_len + 4 + sct->sig_len;
+    else
+        len = sct->sct_len;
+
+    if (out == NULL)
+        return len;
+
+    if (*out != NULL) {
+        p = *out;
+        *out += len;
+    } else {
+        pstart = p = OPENSSL_malloc(len);
+        if (p == NULL) {
+            CTerr(CT_F_I2O_SCT, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        *out = p;
+    }
+
+    if (sct->version == SCT_VERSION_V1) {
+        *p++ = sct->version;
+        memcpy(p, sct->log_id, CT_V1_HASHLEN);
+        p += CT_V1_HASHLEN;
+        l2n8(sct->timestamp, p);
+        s2n(sct->ext_len, p);
+        if (sct->ext_len > 0) {
+            memcpy(p, sct->ext, sct->ext_len);
+            p += sct->ext_len;
+        }
+        if (i2o_SCT_signature(sct, &p) <= 0)
+            goto err;
+    } else {
+        memcpy(p, sct->sct, len);
+    }
+
+    return len;
+err:
+    OPENSSL_free(pstart);
+    return -1;
+}
+
+STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp,
+                            size_t len)
+{
+    STACK_OF(SCT) *sk = NULL;
+    size_t list_len, sct_len;
+
+    if (len < 2 || len > MAX_SCT_LIST_SIZE) {
+        CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID);
+        return NULL;
+    }
+
+    n2s(*pp, list_len);
+    if (list_len != len - 2) {
+        CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID);
+        return NULL;
+    }
+
+    if (a == NULL || *a == NULL) {
+        sk = sk_SCT_new_null();
+        if (sk == NULL)
+            return NULL;
+    } else {
+        SCT *sct;
+
+        /* Use the given stack, but empty it first. */
+        sk = *a;
+        while ((sct = sk_SCT_pop(sk)) != NULL)
+            SCT_free(sct);
+    }
+
+    while (list_len > 0) {
+        SCT *sct;
+
+        if (list_len < 2) {
+            CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID);
+            goto err;
+        }
+        n2s(*pp, sct_len);
+        list_len -= 2;
+
+        if (sct_len == 0 || sct_len > list_len) {
+            CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID);
+            goto err;
+        }
+        list_len -= sct_len;
+
+        if ((sct = o2i_SCT(NULL, pp, sct_len)) == NULL)
+            goto err;
+        if (!sk_SCT_push(sk, sct)) {
+            SCT_free(sct);
+            goto err;
+        }
+    }
+
+    if (a != NULL && *a == NULL)
+        *a = sk;
+    return sk;
+
+ err:
+    if (a == NULL || *a == NULL)
+        SCT_LIST_free(sk);
+    return NULL;
+}
+
+int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp)
+{
+    int len, sct_len, i, is_pp_new = 0;
+    size_t len2;
+    unsigned char *p = NULL, *p2;
+
+    if (pp != NULL) {
+        if (*pp == NULL) {
+            if ((len = i2o_SCT_LIST(a, NULL)) == -1) {
+                CTerr(CT_F_I2O_SCT_LIST, CT_R_SCT_LIST_INVALID);
+                return -1;
+            }
+            if ((*pp = OPENSSL_malloc(len)) == NULL) {
+                CTerr(CT_F_I2O_SCT_LIST, ERR_R_MALLOC_FAILURE);
+                return -1;
+            }
+            is_pp_new = 1;
+        }
+        p = *pp + 2;
+    }
+
+    len2 = 2;
+    for (i = 0; i < sk_SCT_num(a); i++) {
+        if (pp != NULL) {
+            p2 = p;
+            p += 2;
+            if ((sct_len = i2o_SCT(sk_SCT_value(a, i), &p)) == -1)
+                goto err;
+            s2n(sct_len, p2);
+        } else {
+          if ((sct_len = i2o_SCT(sk_SCT_value(a, i), NULL)) == -1)
+              goto err;
+        }
+        len2 += 2 + sct_len;
+    }
+
+    if (len2 > MAX_SCT_LIST_SIZE)
+        goto err;
+
+    if (pp != NULL) {
+        p = *pp;
+        s2n(len2 - 2, p);
+        if (!is_pp_new)
+            *pp += len2;
+    }
+    return len2;
+
+ err:
+    if (is_pp_new) {
+        OPENSSL_free(*pp);
+        *pp = NULL;
+    }
+    return -1;
+}
+
+STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp,
+                            long len)
+{
+    ASN1_OCTET_STRING *oct = NULL;
+    STACK_OF(SCT) *sk = NULL;
+    const unsigned char *p;
+
+    p = *pp;
+    if (d2i_ASN1_OCTET_STRING(&oct, &p, len) == NULL)
+        return NULL;
+
+    p = oct->data;
+    if ((sk = o2i_SCT_LIST(a, &p, oct->length)) != NULL)
+        *pp += len;
+
+    ASN1_OCTET_STRING_free(oct);
+    return sk;
+}
+
+int i2d_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **out)
+{
+    ASN1_OCTET_STRING oct;
+    int len;
+
+    oct.data = NULL;
+    if ((oct.length = i2o_SCT_LIST(a, &oct.data)) == -1)
+        return -1;
+
+    len = i2d_ASN1_OCTET_STRING(&oct, out);
+    OPENSSL_free(oct.data);
+    return len;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_policy.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_policy.c
new file mode 100644
index 000000000..0d7b34638
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_policy.c
@@ -0,0 +1,98 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifdef OPENSSL_NO_CT
+# error "CT is disabled"
+#endif
+
+#include <openssl/ct.h>
+#include <openssl/err.h>
+#include <time.h>
+
+#include "ct_locl.h"
+
+/*
+ * Number of seconds in the future that an SCT timestamp can be, by default,
+ * without being considered invalid. This is added to time() when setting a
+ * default value for CT_POLICY_EVAL_CTX.epoch_time_in_ms.
+ * It can be overridden by calling CT_POLICY_EVAL_CTX_set_time().
+ */
+static const time_t SCT_CLOCK_DRIFT_TOLERANCE = 300;
+
+CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void)
+{
+    CT_POLICY_EVAL_CTX *ctx = OPENSSL_zalloc(sizeof(CT_POLICY_EVAL_CTX));
+
+    if (ctx == NULL) {
+        CTerr(CT_F_CT_POLICY_EVAL_CTX_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    /* time(NULL) shouldn't ever fail, so don't bother checking for -1. */
+    ctx->epoch_time_in_ms = (uint64_t)(time(NULL) + SCT_CLOCK_DRIFT_TOLERANCE) *
+            1000;
+
+    return ctx;
+}
+
+void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx)
+{
+    if (ctx == NULL)
+        return;
+    X509_free(ctx->cert);
+    X509_free(ctx->issuer);
+    OPENSSL_free(ctx);
+}
+
+int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert)
+{
+    if (!X509_up_ref(cert))
+        return 0;
+    ctx->cert = cert;
+    return 1;
+}
+
+int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer)
+{
+    if (!X509_up_ref(issuer))
+        return 0;
+    ctx->issuer = issuer;
+    return 1;
+}
+
+void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx,
+                                               CTLOG_STORE *log_store)
+{
+    ctx->log_store = log_store;
+}
+
+void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms)
+{
+    ctx->epoch_time_in_ms = time_in_ms;
+}
+
+X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx)
+{
+    return ctx->cert;
+}
+
+X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx)
+{
+    return ctx->issuer;
+}
+
+const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx)
+{
+    return ctx->log_store;
+}
+
+uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx)
+{
+    return ctx->epoch_time_in_ms;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_prn.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_prn.c
new file mode 100644
index 000000000..376e04523
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_prn.c
@@ -0,0 +1,127 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifdef OPENSSL_NO_CT
+# error "CT is disabled"
+#endif
+
+#include <openssl/asn1.h>
+#include <openssl/bio.h>
+
+#include "ct_locl.h"
+
+static void SCT_signature_algorithms_print(const SCT *sct, BIO *out)
+{
+    int nid = SCT_get_signature_nid(sct);
+
+    if (nid == NID_undef)
+        BIO_printf(out, "%02X%02X", sct->hash_alg, sct->sig_alg);
+    else
+        BIO_printf(out, "%s", OBJ_nid2ln(nid));
+}
+
+static void timestamp_print(uint64_t timestamp, BIO *out)
+{
+    ASN1_GENERALIZEDTIME *gen = ASN1_GENERALIZEDTIME_new();
+    char genstr[20];
+
+    if (gen == NULL)
+        return;
+    ASN1_GENERALIZEDTIME_adj(gen, (time_t)0,
+                             (int)(timestamp / 86400000),
+                             (timestamp % 86400000) / 1000);
+    /*
+     * Note GeneralizedTime from ASN1_GENERALIZETIME_adj is always 15
+     * characters long with a final Z. Update it with fractional seconds.
+     */
+    BIO_snprintf(genstr, sizeof(genstr), "%.14s.%03dZ",
+                 ASN1_STRING_get0_data(gen), (unsigned int)(timestamp % 1000));
+    if (ASN1_GENERALIZEDTIME_set_string(gen, genstr))
+        ASN1_GENERALIZEDTIME_print(out, gen);
+    ASN1_GENERALIZEDTIME_free(gen);
+}
+
+const char *SCT_validation_status_string(const SCT *sct)
+{
+
+    switch (SCT_get_validation_status(sct)) {
+    case SCT_VALIDATION_STATUS_NOT_SET:
+        return "not set";
+    case SCT_VALIDATION_STATUS_UNKNOWN_VERSION:
+        return "unknown version";
+    case SCT_VALIDATION_STATUS_UNKNOWN_LOG:
+        return "unknown log";
+    case SCT_VALIDATION_STATUS_UNVERIFIED:
+        return "unverified";
+    case SCT_VALIDATION_STATUS_INVALID:
+        return "invalid";
+    case SCT_VALIDATION_STATUS_VALID:
+        return "valid";
+    }
+    return "unknown status";
+}
+
+void SCT_print(const SCT *sct, BIO *out, int indent,
+               const CTLOG_STORE *log_store)
+{
+    const CTLOG *log = NULL;
+
+    if (log_store != NULL) {
+        log = CTLOG_STORE_get0_log_by_id(log_store, sct->log_id,
+                                         sct->log_id_len);
+    }
+
+    BIO_printf(out, "%*sSigned Certificate Timestamp:", indent, "");
+    BIO_printf(out, "\n%*sVersion   : ", indent + 4, "");
+
+    if (sct->version != SCT_VERSION_V1) {
+        BIO_printf(out, "unknown\n%*s", indent + 16, "");
+        BIO_hex_string(out, indent + 16, 16, sct->sct, sct->sct_len);
+        return;
+    }
+
+    BIO_printf(out, "v1 (0x0)");
+
+    if (log != NULL) {
+        BIO_printf(out, "\n%*sLog       : %s", indent + 4, "",
+                   CTLOG_get0_name(log));
+    }
+
+    BIO_printf(out, "\n%*sLog ID    : ", indent + 4, "");
+    BIO_hex_string(out, indent + 16, 16, sct->log_id, sct->log_id_len);
+
+    BIO_printf(out, "\n%*sTimestamp : ", indent + 4, "");
+    timestamp_print(sct->timestamp, out);
+
+    BIO_printf(out, "\n%*sExtensions: ", indent + 4, "");
+    if (sct->ext_len == 0)
+        BIO_printf(out, "none");
+    else
+        BIO_hex_string(out, indent + 16, 16, sct->ext, sct->ext_len);
+
+    BIO_printf(out, "\n%*sSignature : ", indent + 4, "");
+    SCT_signature_algorithms_print(sct, out);
+    BIO_printf(out, "\n%*s            ", indent + 4, "");
+    BIO_hex_string(out, indent + 16, 16, sct->sig, sct->sig_len);
+}
+
+void SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent,
+                    const char *separator, const CTLOG_STORE *log_store)
+{
+    int sct_count = sk_SCT_num(sct_list);
+    int i;
+
+    for (i = 0; i < sct_count; ++i) {
+        SCT *sct = sk_SCT_value(sct_list, i);
+
+        SCT_print(sct, out, indent, log_store);
+        if (i < sk_SCT_num(sct_list) - 1)
+            BIO_printf(out, "%s", separator);
+    }
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_sct.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_sct.c
new file mode 100644
index 000000000..1dc16857b
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_sct.c
@@ -0,0 +1,396 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifdef OPENSSL_NO_CT
+# error "CT disabled"
+#endif
+
+#include <openssl/ct.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/tls1.h>
+#include <openssl/x509.h>
+
+#include "ct_locl.h"
+
+SCT *SCT_new(void)
+{
+    SCT *sct = OPENSSL_zalloc(sizeof(*sct));
+
+    if (sct == NULL) {
+        CTerr(CT_F_SCT_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    sct->entry_type = CT_LOG_ENTRY_TYPE_NOT_SET;
+    sct->version = SCT_VERSION_NOT_SET;
+    return sct;
+}
+
+void SCT_free(SCT *sct)
+{
+    if (sct == NULL)
+        return;
+
+    OPENSSL_free(sct->log_id);
+    OPENSSL_free(sct->ext);
+    OPENSSL_free(sct->sig);
+    OPENSSL_free(sct->sct);
+    OPENSSL_free(sct);
+}
+
+void SCT_LIST_free(STACK_OF(SCT) *a)
+{
+    sk_SCT_pop_free(a, SCT_free);
+}
+
+int SCT_set_version(SCT *sct, sct_version_t version)
+{
+    if (version != SCT_VERSION_V1) {
+        CTerr(CT_F_SCT_SET_VERSION, CT_R_UNSUPPORTED_VERSION);
+        return 0;
+    }
+    sct->version = version;
+    sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
+    return 1;
+}
+
+int SCT_set_log_entry_type(SCT *sct, ct_log_entry_type_t entry_type)
+{
+    sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
+
+    switch (entry_type) {
+    case CT_LOG_ENTRY_TYPE_X509:
+    case CT_LOG_ENTRY_TYPE_PRECERT:
+        sct->entry_type = entry_type;
+        return 1;
+    case CT_LOG_ENTRY_TYPE_NOT_SET:
+        break;
+    }
+    CTerr(CT_F_SCT_SET_LOG_ENTRY_TYPE, CT_R_UNSUPPORTED_ENTRY_TYPE);
+    return 0;
+}
+
+int SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len)
+{
+    if (sct->version == SCT_VERSION_V1 && log_id_len != CT_V1_HASHLEN) {
+        CTerr(CT_F_SCT_SET0_LOG_ID, CT_R_INVALID_LOG_ID_LENGTH);
+        return 0;
+    }
+
+    OPENSSL_free(sct->log_id);
+    sct->log_id = log_id;
+    sct->log_id_len = log_id_len;
+    sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
+    return 1;
+}
+
+int SCT_set1_log_id(SCT *sct, const unsigned char *log_id, size_t log_id_len)
+{
+    if (sct->version == SCT_VERSION_V1 && log_id_len != CT_V1_HASHLEN) {
+        CTerr(CT_F_SCT_SET1_LOG_ID, CT_R_INVALID_LOG_ID_LENGTH);
+        return 0;
+    }
+
+    OPENSSL_free(sct->log_id);
+    sct->log_id = NULL;
+    sct->log_id_len = 0;
+    sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
+
+    if (log_id != NULL && log_id_len > 0) {
+        sct->log_id = OPENSSL_memdup(log_id, log_id_len);
+        if (sct->log_id == NULL) {
+            CTerr(CT_F_SCT_SET1_LOG_ID, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        sct->log_id_len = log_id_len;
+    }
+    return 1;
+}
+
+
+void SCT_set_timestamp(SCT *sct, uint64_t timestamp)
+{
+    sct->timestamp = timestamp;
+    sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
+}
+
+int SCT_set_signature_nid(SCT *sct, int nid)
+{
+    switch (nid) {
+    case NID_sha256WithRSAEncryption:
+        sct->hash_alg = TLSEXT_hash_sha256;
+        sct->sig_alg = TLSEXT_signature_rsa;
+        sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
+        return 1;
+    case NID_ecdsa_with_SHA256:
+        sct->hash_alg = TLSEXT_hash_sha256;
+        sct->sig_alg = TLSEXT_signature_ecdsa;
+        sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
+        return 1;
+    default:
+        CTerr(CT_F_SCT_SET_SIGNATURE_NID, CT_R_UNRECOGNIZED_SIGNATURE_NID);
+        return 0;
+    }
+}
+
+void SCT_set0_extensions(SCT *sct, unsigned char *ext, size_t ext_len)
+{
+    OPENSSL_free(sct->ext);
+    sct->ext = ext;
+    sct->ext_len = ext_len;
+    sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
+}
+
+int SCT_set1_extensions(SCT *sct, const unsigned char *ext, size_t ext_len)
+{
+    OPENSSL_free(sct->ext);
+    sct->ext = NULL;
+    sct->ext_len = 0;
+    sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
+
+    if (ext != NULL && ext_len > 0) {
+        sct->ext = OPENSSL_memdup(ext, ext_len);
+        if (sct->ext == NULL) {
+            CTerr(CT_F_SCT_SET1_EXTENSIONS, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        sct->ext_len = ext_len;
+    }
+    return 1;
+}
+
+void SCT_set0_signature(SCT *sct, unsigned char *sig, size_t sig_len)
+{
+    OPENSSL_free(sct->sig);
+    sct->sig = sig;
+    sct->sig_len = sig_len;
+    sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
+}
+
+int SCT_set1_signature(SCT *sct, const unsigned char *sig, size_t sig_len)
+{
+    OPENSSL_free(sct->sig);
+    sct->sig = NULL;
+    sct->sig_len = 0;
+    sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
+
+    if (sig != NULL && sig_len > 0) {
+        sct->sig = OPENSSL_memdup(sig, sig_len);
+        if (sct->sig == NULL) {
+            CTerr(CT_F_SCT_SET1_SIGNATURE, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        sct->sig_len = sig_len;
+    }
+    return 1;
+}
+
+sct_version_t SCT_get_version(const SCT *sct)
+{
+    return sct->version;
+}
+
+ct_log_entry_type_t SCT_get_log_entry_type(const SCT *sct)
+{
+    return sct->entry_type;
+}
+
+size_t SCT_get0_log_id(const SCT *sct, unsigned char **log_id)
+{
+    *log_id = sct->log_id;
+    return sct->log_id_len;
+}
+
+uint64_t SCT_get_timestamp(const SCT *sct)
+{
+    return sct->timestamp;
+}
+
+int SCT_get_signature_nid(const SCT *sct)
+{
+    if (sct->version == SCT_VERSION_V1) {
+        if (sct->hash_alg == TLSEXT_hash_sha256) {
+            switch (sct->sig_alg) {
+            case TLSEXT_signature_ecdsa:
+                return NID_ecdsa_with_SHA256;
+            case TLSEXT_signature_rsa:
+                return NID_sha256WithRSAEncryption;
+            default:
+                return NID_undef;
+            }
+        }
+    }
+    return NID_undef;
+}
+
+size_t SCT_get0_extensions(const SCT *sct, unsigned char **ext)
+{
+    *ext = sct->ext;
+    return sct->ext_len;
+}
+
+size_t SCT_get0_signature(const SCT *sct, unsigned char **sig)
+{
+    *sig = sct->sig;
+    return sct->sig_len;
+}
+
+int SCT_is_complete(const SCT *sct)
+{
+    switch (sct->version) {
+    case SCT_VERSION_NOT_SET:
+        return 0;
+    case SCT_VERSION_V1:
+        return sct->log_id != NULL && SCT_signature_is_complete(sct);
+    default:
+        return sct->sct != NULL; /* Just need cached encoding */
+    }
+}
+
+int SCT_signature_is_complete(const SCT *sct)
+{
+    return SCT_get_signature_nid(sct) != NID_undef &&
+        sct->sig != NULL && sct->sig_len > 0;
+}
+
+sct_source_t SCT_get_source(const SCT *sct)
+{
+    return sct->source;
+}
+
+int SCT_set_source(SCT *sct, sct_source_t source)
+{
+    sct->source = source;
+    sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
+    switch (source) {
+    case SCT_SOURCE_TLS_EXTENSION:
+    case SCT_SOURCE_OCSP_STAPLED_RESPONSE:
+        return SCT_set_log_entry_type(sct, CT_LOG_ENTRY_TYPE_X509);
+    case SCT_SOURCE_X509V3_EXTENSION:
+        return SCT_set_log_entry_type(sct, CT_LOG_ENTRY_TYPE_PRECERT);
+    case SCT_SOURCE_UNKNOWN:
+        break;
+    }
+    /* if we aren't sure, leave the log entry type alone */
+    return 1;
+}
+
+sct_validation_status_t SCT_get_validation_status(const SCT *sct)
+{
+    return sct->validation_status;
+}
+
+int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx)
+{
+    int is_sct_valid = -1;
+    SCT_CTX *sctx = NULL;
+    X509_PUBKEY *pub = NULL, *log_pkey = NULL;
+    const CTLOG *log;
+
+    /*
+     * With an unrecognized SCT version we don't know what such an SCT means,
+     * let alone validate one.  So we return validation failure (0).
+     */
+    if (sct->version != SCT_VERSION_V1) {
+        sct->validation_status = SCT_VALIDATION_STATUS_UNKNOWN_VERSION;
+        return 0;
+    }
+
+    log = CTLOG_STORE_get0_log_by_id(ctx->log_store,
+                                     sct->log_id, sct->log_id_len);
+
+    /* Similarly, an SCT from an unknown log also cannot be validated. */
+    if (log == NULL) {
+        sct->validation_status = SCT_VALIDATION_STATUS_UNKNOWN_LOG;
+        return 0;
+    }
+
+    sctx = SCT_CTX_new();
+    if (sctx == NULL)
+        goto err;
+
+    if (X509_PUBKEY_set(&log_pkey, CTLOG_get0_public_key(log)) != 1)
+        goto err;
+    if (SCT_CTX_set1_pubkey(sctx, log_pkey) != 1)
+        goto err;
+
+    if (SCT_get_log_entry_type(sct) == CT_LOG_ENTRY_TYPE_PRECERT) {
+        EVP_PKEY *issuer_pkey;
+
+        if (ctx->issuer == NULL) {
+            sct->validation_status = SCT_VALIDATION_STATUS_UNVERIFIED;
+            goto end;
+        }
+
+        issuer_pkey = X509_get0_pubkey(ctx->issuer);
+
+        if (X509_PUBKEY_set(&pub, issuer_pkey) != 1)
+            goto err;
+        if (SCT_CTX_set1_issuer_pubkey(sctx, pub) != 1)
+            goto err;
+    }
+
+    SCT_CTX_set_time(sctx, ctx->epoch_time_in_ms);
+
+    /*
+     * XXX: Potential for optimization.  This repeats some idempotent heavy
+     * lifting on the certificate for each candidate SCT, and appears to not
+     * use any information in the SCT itself, only the certificate is
+     * processed.  So it may make more sense to to do this just once, perhaps
+     * associated with the shared (by all SCTs) policy eval ctx.
+     *
+     * XXX: Failure here is global (SCT independent) and represents either an
+     * issue with the certificate (e.g. duplicate extensions) or an out of
+     * memory condition.  When the certificate is incompatible with CT, we just
+     * mark the SCTs invalid, rather than report a failure to determine the
+     * validation status.  That way, callbacks that want to do "soft" SCT
+     * processing will not abort handshakes with false positive internal
+     * errors.  Since the function does not distinguish between certificate
+     * issues (peer's fault) and internal problems (out fault) the safe thing
+     * to do is to report a validation failure and let the callback or
+     * application decide what to do.
+     */
+    if (SCT_CTX_set1_cert(sctx, ctx->cert, NULL) != 1)
+        sct->validation_status = SCT_VALIDATION_STATUS_UNVERIFIED;
+    else
+        sct->validation_status = SCT_CTX_verify(sctx, sct) == 1 ?
+            SCT_VALIDATION_STATUS_VALID : SCT_VALIDATION_STATUS_INVALID;
+
+end:
+    is_sct_valid = sct->validation_status == SCT_VALIDATION_STATUS_VALID;
+err:
+    X509_PUBKEY_free(pub);
+    X509_PUBKEY_free(log_pkey);
+    SCT_CTX_free(sctx);
+
+    return is_sct_valid;
+}
+
+int SCT_LIST_validate(const STACK_OF(SCT) *scts, CT_POLICY_EVAL_CTX *ctx)
+{
+    int are_scts_valid = 1;
+    int sct_count = scts != NULL ? sk_SCT_num(scts) : 0;
+    int i;
+
+    for (i = 0; i < sct_count; ++i) {
+        int is_sct_valid = -1;
+        SCT *sct = sk_SCT_value(scts, i);
+
+        if (sct == NULL)
+            continue;
+
+        is_sct_valid = SCT_validate(sct, ctx);
+        if (is_sct_valid < 0)
+            return is_sct_valid;
+        are_scts_valid &= is_sct_valid;
+    }
+
+    return are_scts_valid;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_sct_ctx.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_sct_ctx.c
new file mode 100644
index 000000000..75a5027df
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_sct_ctx.c
@@ -0,0 +1,263 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifdef OPENSSL_NO_CT
+# error "CT is disabled"
+#endif
+
+#include <stddef.h>
+#include <string.h>
+
+#include <openssl/err.h>
+#include <openssl/obj_mac.h>
+#include <openssl/x509.h>
+
+#include "ct_locl.h"
+
+SCT_CTX *SCT_CTX_new(void)
+{
+    SCT_CTX *sctx = OPENSSL_zalloc(sizeof(*sctx));
+
+    if (sctx == NULL)
+        CTerr(CT_F_SCT_CTX_NEW, ERR_R_MALLOC_FAILURE);
+
+    return sctx;
+}
+
+void SCT_CTX_free(SCT_CTX *sctx)
+{
+    if (sctx == NULL)
+        return;
+    EVP_PKEY_free(sctx->pkey);
+    OPENSSL_free(sctx->pkeyhash);
+    OPENSSL_free(sctx->ihash);
+    OPENSSL_free(sctx->certder);
+    OPENSSL_free(sctx->preder);
+    OPENSSL_free(sctx);
+}
+
+/*
+ * Finds the index of the first extension with the given NID in cert.
+ * If there is more than one extension with that NID, *is_duplicated is set to
+ * 1, otherwise 0 (unless it is NULL).
+ */
+static int ct_x509_get_ext(X509 *cert, int nid, int *is_duplicated)
+{
+    int ret = X509_get_ext_by_NID(cert, nid, -1);
+
+    if (is_duplicated != NULL)
+        *is_duplicated = ret >= 0 && X509_get_ext_by_NID(cert, nid, ret) >= 0;
+
+    return ret;
+}
+
+/*
+ * Modifies a certificate by deleting extensions and copying the issuer and
+ * AKID from the presigner certificate, if necessary.
+ * Returns 1 on success, 0 otherwise.
+ */
+__owur static int ct_x509_cert_fixup(X509 *cert, X509 *presigner)
+{
+    int preidx, certidx;
+    int pre_akid_ext_is_dup, cert_akid_ext_is_dup;
+
+    if (presigner == NULL)
+        return 1;
+
+    preidx = ct_x509_get_ext(presigner, NID_authority_key_identifier,
+                             &pre_akid_ext_is_dup);
+    certidx = ct_x509_get_ext(cert, NID_authority_key_identifier,
+                              &cert_akid_ext_is_dup);
+
+    /* An error occurred whilst searching for the extension */
+    if (preidx < -1 || certidx < -1)
+        return 0;
+    /* Invalid certificate if they contain duplicate extensions */
+    if (pre_akid_ext_is_dup || cert_akid_ext_is_dup)
+        return 0;
+    /* AKID must be present in both certificate or absent in both */
+    if (preidx >= 0 && certidx == -1)
+        return 0;
+    if (preidx == -1 && certidx >= 0)
+        return 0;
+    /* Copy issuer name */
+    if (!X509_set_issuer_name(cert, X509_get_issuer_name(presigner)))
+        return 0;
+    if (preidx != -1) {
+        /* Retrieve and copy AKID encoding */
+        X509_EXTENSION *preext = X509_get_ext(presigner, preidx);
+        X509_EXTENSION *certext = X509_get_ext(cert, certidx);
+        ASN1_OCTET_STRING *preextdata;
+
+        /* Should never happen */
+        if (preext == NULL || certext == NULL)
+            return 0;
+        preextdata = X509_EXTENSION_get_data(preext);
+        if (preextdata == NULL ||
+            !X509_EXTENSION_set_data(certext, preextdata))
+            return 0;
+    }
+    return 1;
+}
+
+int SCT_CTX_set1_cert(SCT_CTX *sctx, X509 *cert, X509 *presigner)
+{
+    unsigned char *certder = NULL, *preder = NULL;
+    X509 *pretmp = NULL;
+    int certderlen = 0, prederlen = 0;
+    int idx = -1;
+    int poison_ext_is_dup, sct_ext_is_dup;
+    int poison_idx = ct_x509_get_ext(cert, NID_ct_precert_poison, &poison_ext_is_dup);
+
+    /* Duplicate poison extensions are present - error */
+    if (poison_ext_is_dup)
+        goto err;
+
+    /* If *cert doesn't have a poison extension, it isn't a precert */
+    if (poison_idx == -1) {
+        /* cert isn't a precert, so we shouldn't have a presigner */
+        if (presigner != NULL)
+            goto err;
+
+        certderlen = i2d_X509(cert, &certder);
+        if (certderlen < 0)
+            goto err;
+    }
+
+    /* See if cert has a precert SCTs extension */
+    idx = ct_x509_get_ext(cert, NID_ct_precert_scts, &sct_ext_is_dup);
+    /* Duplicate SCT extensions are present - error */
+    if (sct_ext_is_dup)
+        goto err;
+
+    if (idx >= 0 && poison_idx >= 0) {
+        /*
+         * cert can't both contain SCTs (i.e. have an SCT extension) and be a
+         * precert (i.e. have a poison extension).
+         */
+        goto err;
+    }
+
+    if (idx == -1) {
+        idx = poison_idx;
+    }
+
+    /*
+     * If either a poison or SCT extension is present, remove it before encoding
+     * cert. This, along with ct_x509_cert_fixup(), gets a TBSCertificate (see
+     * RFC5280) from cert, which is what the CT log signed when it produced the
+     * SCT.
+     */
+    if (idx >= 0) {
+        X509_EXTENSION *ext;
+
+        /* Take a copy of certificate so we don't modify passed version */
+        pretmp = X509_dup(cert);
+        if (pretmp == NULL)
+            goto err;
+
+        ext = X509_delete_ext(pretmp, idx);
+        X509_EXTENSION_free(ext);
+
+        if (!ct_x509_cert_fixup(pretmp, presigner))
+            goto err;
+
+        prederlen = i2d_re_X509_tbs(pretmp, &preder);
+        if (prederlen <= 0)
+            goto err;
+    }
+
+    X509_free(pretmp);
+
+    OPENSSL_free(sctx->certder);
+    sctx->certder = certder;
+    sctx->certderlen = certderlen;
+
+    OPENSSL_free(sctx->preder);
+    sctx->preder = preder;
+    sctx->prederlen = prederlen;
+
+    return 1;
+err:
+    OPENSSL_free(certder);
+    OPENSSL_free(preder);
+    X509_free(pretmp);
+    return 0;
+}
+
+__owur static int ct_public_key_hash(X509_PUBKEY *pkey, unsigned char **hash,
+                                     size_t *hash_len)
+{
+    int ret = 0;
+    unsigned char *md = NULL, *der = NULL;
+    int der_len;
+    unsigned int md_len;
+
+    /* Reuse buffer if possible */
+    if (*hash != NULL && *hash_len >= SHA256_DIGEST_LENGTH) {
+        md = *hash;
+    } else {
+        md = OPENSSL_malloc(SHA256_DIGEST_LENGTH);
+        if (md == NULL)
+            goto err;
+    }
+
+    /* Calculate key hash */
+    der_len = i2d_X509_PUBKEY(pkey, &der);
+    if (der_len <= 0)
+        goto err;
+
+    if (!EVP_Digest(der, der_len, md, &md_len, EVP_sha256(), NULL))
+        goto err;
+
+    if (md != *hash) {
+        OPENSSL_free(*hash);
+        *hash = md;
+        *hash_len = SHA256_DIGEST_LENGTH;
+    }
+
+    md = NULL;
+    ret = 1;
+ err:
+    OPENSSL_free(md);
+    OPENSSL_free(der);
+    return ret;
+}
+
+int SCT_CTX_set1_issuer(SCT_CTX *sctx, const X509 *issuer)
+{
+    return SCT_CTX_set1_issuer_pubkey(sctx, X509_get_X509_PUBKEY(issuer));
+}
+
+int SCT_CTX_set1_issuer_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey)
+{
+    return ct_public_key_hash(pubkey, &sctx->ihash, &sctx->ihashlen);
+}
+
+int SCT_CTX_set1_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey)
+{
+    EVP_PKEY *pkey = X509_PUBKEY_get(pubkey);
+
+    if (pkey == NULL)
+        return 0;
+
+    if (!ct_public_key_hash(pubkey, &sctx->pkeyhash, &sctx->pkeyhashlen)) {
+        EVP_PKEY_free(pkey);
+        return 0;
+    }
+
+    EVP_PKEY_free(sctx->pkey);
+    sctx->pkey = pkey;
+    return 1;
+}
+
+void SCT_CTX_set_time(SCT_CTX *sctx, uint64_t time_in_ms)
+{
+    sctx->epoch_time_in_ms = time_in_ms;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_vfy.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_vfy.c
new file mode 100644
index 000000000..cabcf5782
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_vfy.c
@@ -0,0 +1,140 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+
+#include <openssl/ct.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+
+#include "ct_locl.h"
+
+typedef enum sct_signature_type_t {
+    SIGNATURE_TYPE_NOT_SET = -1,
+    SIGNATURE_TYPE_CERT_TIMESTAMP,
+    SIGNATURE_TYPE_TREE_HASH
+} SCT_SIGNATURE_TYPE;
+
+/*
+ * Update encoding for SCT signature verification/generation to supplied
+ * EVP_MD_CTX.
+ */
+static int sct_ctx_update(EVP_MD_CTX *ctx, const SCT_CTX *sctx, const SCT *sct)
+{
+    unsigned char tmpbuf[12];
+    unsigned char *p, *der;
+    size_t derlen;
+    /*+
+     * digitally-signed struct {
+     *   (1 byte) Version sct_version;
+     *   (1 byte) SignatureType signature_type = certificate_timestamp;
+     *   (8 bytes) uint64 timestamp;
+     *   (2 bytes) LogEntryType entry_type;
+     *   (? bytes) select(entry_type) {
+     *     case x509_entry: ASN.1Cert;
+     *     case precert_entry: PreCert;
+     *   } signed_entry;
+     *   (2 bytes + sct->ext_len) CtExtensions extensions;
+     * }
+     */
+    if (sct->entry_type == CT_LOG_ENTRY_TYPE_NOT_SET)
+        return 0;
+    if (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT && sctx->ihash == NULL)
+        return 0;
+
+    p = tmpbuf;
+    *p++ = sct->version;
+    *p++ = SIGNATURE_TYPE_CERT_TIMESTAMP;
+    l2n8(sct->timestamp, p);
+    s2n(sct->entry_type, p);
+
+    if (!EVP_DigestUpdate(ctx, tmpbuf, p - tmpbuf))
+        return 0;
+
+    if (sct->entry_type == CT_LOG_ENTRY_TYPE_X509) {
+        der = sctx->certder;
+        derlen = sctx->certderlen;
+    } else {
+        if (!EVP_DigestUpdate(ctx, sctx->ihash, sctx->ihashlen))
+            return 0;
+        der = sctx->preder;
+        derlen = sctx->prederlen;
+    }
+
+    /* If no encoding available, fatal error */
+    if (der == NULL)
+        return 0;
+
+    /* Include length first */
+    p = tmpbuf;
+    l2n3(derlen, p);
+
+    if (!EVP_DigestUpdate(ctx, tmpbuf, 3))
+        return 0;
+    if (!EVP_DigestUpdate(ctx, der, derlen))
+        return 0;
+
+    /* Add any extensions */
+    p = tmpbuf;
+    s2n(sct->ext_len, p);
+    if (!EVP_DigestUpdate(ctx, tmpbuf, 2))
+        return 0;
+
+    if (sct->ext_len && !EVP_DigestUpdate(ctx, sct->ext, sct->ext_len))
+        return 0;
+
+    return 1;
+}
+
+int SCT_CTX_verify(const SCT_CTX *sctx, const SCT *sct)
+{
+    EVP_MD_CTX *ctx = NULL;
+    int ret = 0;
+
+    if (!SCT_is_complete(sct) || sctx->pkey == NULL ||
+        sct->entry_type == CT_LOG_ENTRY_TYPE_NOT_SET ||
+        (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT && sctx->ihash == NULL)) {
+        CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_NOT_SET);
+        return 0;
+    }
+    if (sct->version != SCT_VERSION_V1) {
+        CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_UNSUPPORTED_VERSION);
+        return 0;
+    }
+    if (sct->log_id_len != sctx->pkeyhashlen ||
+        memcmp(sct->log_id, sctx->pkeyhash, sctx->pkeyhashlen) != 0) {
+        CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_LOG_ID_MISMATCH);
+        return 0;
+    }
+    if (sct->timestamp > sctx->epoch_time_in_ms) {
+        CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_FUTURE_TIMESTAMP);
+        return 0;
+    }
+
+    ctx = EVP_MD_CTX_new();
+    if (ctx == NULL)
+        goto end;
+
+    if (!EVP_DigestVerifyInit(ctx, NULL, EVP_sha256(), NULL, sctx->pkey))
+        goto end;
+
+    if (!sct_ctx_update(ctx, sctx, sct))
+        goto end;
+
+    /* Verify signature */
+    ret = EVP_DigestVerifyFinal(ctx, sct->sig, sct->sig_len);
+    /* If ret < 0 some other error: fall through without setting error */
+    if (ret == 0)
+        CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_INVALID_SIGNATURE);
+
+end:
+    EVP_MD_CTX_free(ctx);
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_x509v3.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_x509v3.c
new file mode 100644
index 000000000..ec186d1f5
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_x509v3.c
@@ -0,0 +1,104 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifdef OPENSSL_NO_CT
+# error "CT is disabled"
+#endif
+
+#include "ct_locl.h"
+
+static char *i2s_poison(const X509V3_EXT_METHOD *method, void *val)
+{
+    return OPENSSL_strdup("NULL");
+}
+
+static void *s2i_poison(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str)
+{
+   return ASN1_NULL_new();
+}
+
+static int i2r_SCT_LIST(X509V3_EXT_METHOD *method, STACK_OF(SCT) *sct_list,
+                 BIO *out, int indent)
+{
+    SCT_LIST_print(sct_list, out, indent, "\n", NULL);
+    return 1;
+}
+
+static int set_sct_list_source(STACK_OF(SCT) *s, sct_source_t source)
+{
+    if (s != NULL) {
+        int i;
+
+        for (i = 0; i < sk_SCT_num(s); i++) {
+            int res = SCT_set_source(sk_SCT_value(s, i), source);
+
+            if (res != 1) {
+                return 0;
+            }
+        }
+    }
+    return 1;
+}
+
+static STACK_OF(SCT) *x509_ext_d2i_SCT_LIST(STACK_OF(SCT) **a,
+                                            const unsigned char **pp,
+                                            long len)
+{
+     STACK_OF(SCT) *s = d2i_SCT_LIST(a, pp, len);
+
+     if (set_sct_list_source(s, SCT_SOURCE_X509V3_EXTENSION) != 1) {
+         SCT_LIST_free(s);
+         *a = NULL;
+         return NULL;
+     }
+     return s;
+}
+
+static STACK_OF(SCT) *ocsp_ext_d2i_SCT_LIST(STACK_OF(SCT) **a,
+                                            const unsigned char **pp,
+                                            long len)
+{
+    STACK_OF(SCT) *s = d2i_SCT_LIST(a, pp, len);
+
+    if (set_sct_list_source(s, SCT_SOURCE_OCSP_STAPLED_RESPONSE) != 1) {
+        SCT_LIST_free(s);
+        *a = NULL;
+        return NULL;
+    }
+    return s;
+}
+
+/* Handlers for X509v3/OCSP Certificate Transparency extensions */
+const X509V3_EXT_METHOD v3_ct_scts[3] = {
+    /* X509v3 extension in certificates that contains SCTs */
+    { NID_ct_precert_scts, 0, NULL,
+    NULL, (X509V3_EXT_FREE)SCT_LIST_free,
+    (X509V3_EXT_D2I)x509_ext_d2i_SCT_LIST, (X509V3_EXT_I2D)i2d_SCT_LIST,
+    NULL, NULL,
+    NULL, NULL,
+    (X509V3_EXT_I2R)i2r_SCT_LIST, NULL,
+    NULL },
+
+    /* X509v3 extension to mark a certificate as a pre-certificate */
+    { NID_ct_precert_poison, 0, ASN1_ITEM_ref(ASN1_NULL),
+    NULL, NULL, NULL, NULL,
+    i2s_poison, s2i_poison,
+    NULL, NULL,
+    NULL, NULL,
+    NULL },
+
+    /* OCSP extension that contains SCTs */
+    { NID_ct_cert_scts, 0, NULL,
+    0, (X509V3_EXT_FREE)SCT_LIST_free,
+    (X509V3_EXT_D2I)ocsp_ext_d2i_SCT_LIST, (X509V3_EXT_I2D)i2d_SCT_LIST,
+    NULL, NULL,
+    NULL, NULL,
+    (X509V3_EXT_I2R)i2r_SCT_LIST, NULL,
+    NULL },
+};
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ctype.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ctype.c
new file mode 100644
index 000000000..813be25a0
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ctype.c
@@ -0,0 +1,274 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include <stdio.h>
+#include "internal/ctype.h"
+#include "openssl/ebcdic.h"
+
+/*
+ * Define the character classes for each character in the seven bit ASCII
+ * character set.  This is independent of the host's character set, characters
+ * are converted to ASCII before being used as an index in to this table.
+ * Characters outside of the seven bit ASCII range are detected before indexing.
+ */
+static const unsigned short ctype_char_map[128] = {
+   /* 00 nul */ CTYPE_MASK_cntrl,
+   /* 01 soh */ CTYPE_MASK_cntrl,
+   /* 02 stx */ CTYPE_MASK_cntrl,
+   /* 03 etx */ CTYPE_MASK_cntrl,
+   /* 04 eot */ CTYPE_MASK_cntrl,
+   /* 05 enq */ CTYPE_MASK_cntrl,
+   /* 06 ack */ CTYPE_MASK_cntrl,
+   /* 07 \a  */ CTYPE_MASK_cntrl,
+   /* 08 \b  */ CTYPE_MASK_cntrl,
+   /* 09 \t  */ CTYPE_MASK_blank | CTYPE_MASK_cntrl | CTYPE_MASK_space,
+   /* 0A \n  */ CTYPE_MASK_cntrl | CTYPE_MASK_space,
+   /* 0B \v  */ CTYPE_MASK_cntrl | CTYPE_MASK_space,
+   /* 0C \f  */ CTYPE_MASK_cntrl | CTYPE_MASK_space,
+   /* 0D \r  */ CTYPE_MASK_cntrl | CTYPE_MASK_space,
+   /* 0E so  */ CTYPE_MASK_cntrl,
+   /* 0F si  */ CTYPE_MASK_cntrl,
+   /* 10 dle */ CTYPE_MASK_cntrl,
+   /* 11 dc1 */ CTYPE_MASK_cntrl,
+   /* 12 dc2 */ CTYPE_MASK_cntrl,
+   /* 13 dc3 */ CTYPE_MASK_cntrl,
+   /* 14 dc4 */ CTYPE_MASK_cntrl,
+   /* 15 nak */ CTYPE_MASK_cntrl,
+   /* 16 syn */ CTYPE_MASK_cntrl,
+   /* 17 etb */ CTYPE_MASK_cntrl,
+   /* 18 can */ CTYPE_MASK_cntrl,
+   /* 19 em  */ CTYPE_MASK_cntrl,
+   /* 1A sub */ CTYPE_MASK_cntrl,
+   /* 1B esc */ CTYPE_MASK_cntrl,
+   /* 1C fs  */ CTYPE_MASK_cntrl,
+   /* 1D gs  */ CTYPE_MASK_cntrl,
+   /* 1E rs  */ CTYPE_MASK_cntrl,
+   /* 1F us  */ CTYPE_MASK_cntrl,
+   /* 20     */ CTYPE_MASK_blank | CTYPE_MASK_print | CTYPE_MASK_space
+                | CTYPE_MASK_asn1print,
+   /* 21  !  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 22  "  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 23  #  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 24  $  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 25  %  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 26  &  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 27  '  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+                | CTYPE_MASK_asn1print,
+   /* 28  (  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+                | CTYPE_MASK_asn1print,
+   /* 29  )  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+                | CTYPE_MASK_asn1print,
+   /* 2A  *  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 2B  +  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 2C  ,  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+                | CTYPE_MASK_asn1print,
+   /* 2D  -  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+                | CTYPE_MASK_asn1print,
+   /* 2E  .  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+                | CTYPE_MASK_asn1print,
+   /* 2F  /  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 30  0  */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 31  1  */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 32  2  */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 33  3  */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 34  4  */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 35  5  */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 36  6  */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 37  7  */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 38  8  */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 39  9  */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 3A  :  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+                | CTYPE_MASK_asn1print,
+   /* 3B  ;  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 3C  <  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 3D  =  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 3E  >  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 3F  ?  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+                | CTYPE_MASK_asn1print,
+   /* 40  @  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 41  A  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 42  B  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 43  C  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 44  D  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 45  E  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 46  F  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 47  G  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 48  H  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 49  I  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 4A  J  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 4B  K  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 4C  L  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 4D  M  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 4E  N  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 4F  O  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 50  P  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 51  Q  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 52  R  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 53  S  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 54  T  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 55  U  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 56  V  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 57  W  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 58  X  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 59  Y  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 5A  Z  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 5B  [  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 5C  \  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 5D  ]  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 5E  ^  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 5F  _  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 60  `  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 61  a  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 62  b  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 63  c  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 64  d  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 65  e  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 66  f  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 67  g  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 68  h  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 69  i  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 6A  j  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 6B  k  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 6C  l  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 6D  m  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 6E  n  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 6F  o  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 70  p  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 71  q  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 72  r  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 73  s  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 74  t  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 75  u  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 76  v  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 77  w  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 78  x  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 79  y  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 7A  z  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 7B  {  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 7C  |  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 7D  }  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 7E  ~  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 7F del */ CTYPE_MASK_cntrl
+};
+
+#ifdef CHARSET_EBCDIC
+int ossl_toascii(int c)
+{
+    if (c < -128 || c > 256 || c == EOF)
+        return c;
+    /*
+     * Adjust negatively signed characters.
+     * This is not required for ASCII because any character that sign extends
+     * is not seven bit and all of the checks are on the seven bit characters.
+     * I.e. any check must fail on sign extension.
+     */
+    if (c < 0)
+        c += 256;
+    return os_toascii[c];
+}
+
+int ossl_fromascii(int c)
+{
+    if (c < -128 || c > 256 || c == EOF)
+        return c;
+    if (c < 0)
+        c += 256;
+    return os_toebcdic[c];
+}
+#endif
+
+int ossl_ctype_check(int c, unsigned int mask)
+{
+    const int max = sizeof(ctype_char_map) / sizeof(*ctype_char_map);
+    const int a = ossl_toascii(c);
+
+    return a >= 0 && a < max && (ctype_char_map[a] & mask) != 0;
+}
+
+#if defined(CHARSET_EBCDIC) && !defined(CHARSET_EBCDIC_TEST)
+static const int case_change = 0x40;
+#else
+static const int case_change = 0x20;
+#endif
+
+int ossl_tolower(int c)
+{
+    return ossl_isupper(c) ? c ^ case_change : c;
+}
+
+int ossl_toupper(int c)
+{
+    return ossl_islower(c) ? c ^ case_change : c;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cversion.c b/trunk/3rdparty/openssl-1.1-fit/crypto/cversion.c
new file mode 100644
index 000000000..534e7eba5
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cversion.c
@@ -0,0 +1,44 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+
+#include "buildinf.h"
+
+unsigned long OpenSSL_version_num(void)
+{
+    return OPENSSL_VERSION_NUMBER;
+}
+
+const char *OpenSSL_version(int t)
+{
+    switch (t) {
+    case OPENSSL_VERSION:
+        return OPENSSL_VERSION_TEXT;
+    case OPENSSL_BUILT_ON:
+        return DATE;
+    case OPENSSL_CFLAGS:
+        return compiler_flags;
+    case OPENSSL_PLATFORM:
+        return PLATFORM;
+    case OPENSSL_DIR:
+#ifdef OPENSSLDIR
+        return "OPENSSLDIR: \"" OPENSSLDIR "\"";
+#else
+        return "OPENSSLDIR: N/A";
+#endif
+    case OPENSSL_ENGINES_DIR:
+#ifdef ENGINESDIR
+        return "ENGINESDIR: \"" ENGINESDIR "\"";
+#else
+        return "ENGINESDIR: N/A";
+#endif
+    }
+    return "not available";
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/des/asm/crypt586.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/des/asm/crypt586.pl
new file mode 100644
index 000000000..a02d18063
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/des/asm/crypt586.pl
@@ -0,0 +1,217 @@
+#! /usr/bin/env perl
+# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# The inner loop instruction sequence and the IP/FP modifications are from
+# Svend Olaf Mikkelsen
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+
+$output=pop;
+open STDOUT,">$output";
+
+&asm_init($ARGV[0]);
+
+$L="edi";
+$R="esi";
+
+&external_label("DES_SPtrans");
+&fcrypt_body("fcrypt_body");
+&asm_finish();
+
+close STDOUT;
+
+sub fcrypt_body
+	{
+	local($name,$do_ip)=@_;
+
+	&function_begin($name);
+
+	&comment("");
+	&comment("Load the 2 words");
+	$trans="ebp";
+
+	&xor(	$L,	$L);
+	&xor(	$R,	$R);
+
+	# PIC-ification:-)
+	&picmeup("edx","DES_SPtrans");
+	#if ($cpp)	{ &picmeup("edx","DES_SPtrans");   }
+	#else		{ &lea("edx",&DWP("DES_SPtrans")); }
+	&push("edx");	# becomes &swtmp(1)
+	#
+	&mov($trans,&wparam(1)); # reloaded with DES_SPtrans in D_ENCRYPT
+
+	&push(&DWC(25)); # add a variable
+
+	&set_label("start");
+	for ($i=0; $i<16; $i+=2)
+		{
+		&comment("");
+		&comment("Round $i");
+		&D_ENCRYPT($i,$L,$R,$i*2,$trans,"eax","ebx","ecx","edx");
+
+		&comment("");
+		&comment("Round ".sprintf("%d",$i+1));
+		&D_ENCRYPT($i+1,$R,$L,($i+1)*2,$trans,"eax","ebx","ecx","edx");
+		}
+	 &mov("ebx",	&swtmp(0));
+	&mov("eax",	$L);
+	 &dec("ebx");
+	&mov($L,	$R);
+	 &mov($R,	"eax");
+	&mov(&swtmp(0),	"ebx");
+	 &jnz(&label("start"));
+
+	&comment("");
+	&comment("FP");
+	&mov("edx",&wparam(0));
+
+	&FP_new($R,$L,"eax",3);
+	&mov(&DWP(0,"edx","",0),"eax");
+	&mov(&DWP(4,"edx","",0),$L);
+
+	&add("esp",8);	# remove variables
+
+	&function_end($name);
+	}
+
+sub D_ENCRYPT
+	{
+	local($r,$L,$R,$S,$trans,$u,$tmp1,$tmp2,$t)=@_;
+
+	&mov(	$u,		&wparam(2));			# 2
+	&mov(	$t,		$R);
+	&shr(	$t,		16);				# 1
+	&mov(	$tmp2,		&wparam(3));			# 2
+	&xor(	$t,		$R);				# 1
+
+	&and(	$u,		$t);				# 2
+	&and(	$t,		$tmp2);				# 2
+
+	&mov(	$tmp1,		$u);
+	&shl(	$tmp1,		16); 				# 1
+	&mov(	$tmp2,		$t);
+	&shl(	$tmp2,		16); 				# 1
+	&xor(	$u,		$tmp1);				# 2
+	&xor(	$t,		$tmp2);				# 2
+	&mov(	$tmp1,		&DWP(&n2a($S*4),$trans,"",0));	# 2
+	&xor(	$u,		$tmp1);
+	&mov(	$tmp2,		&DWP(&n2a(($S+1)*4),$trans,"",0));	# 2
+	&xor(	$u,		$R);
+	&xor(	$t,		$R);
+	&xor(	$t,		$tmp2);
+
+	&and(	$u,		"0xfcfcfcfc"	);		# 2
+	&xor(	$tmp1,		$tmp1);				# 1
+	&and(	$t,		"0xcfcfcfcf"	);		# 2
+	&xor(	$tmp2,		$tmp2);
+	&movb(	&LB($tmp1),	&LB($u)	);
+	&movb(	&LB($tmp2),	&HB($u)	);
+	&rotr(	$t,		4		);
+	&mov(	$trans,		&swtmp(1));
+	&xor(	$L,		&DWP("     ",$trans,$tmp1,0));
+	&movb(	&LB($tmp1),	&LB($t)	);
+	&xor(	$L,		&DWP("0x200",$trans,$tmp2,0));
+	&movb(	&LB($tmp2),	&HB($t)	);
+	&shr(	$u,		16);
+	&xor(	$L,		&DWP("0x100",$trans,$tmp1,0));
+	&movb(	&LB($tmp1),	&HB($u)	);
+	&shr(	$t,		16);
+	&xor(	$L,		&DWP("0x300",$trans,$tmp2,0));
+	&movb(	&LB($tmp2),	&HB($t)	);
+	&and(	$u,		"0xff"	);
+	&and(	$t,		"0xff"	);
+	&mov(	$tmp1,		&DWP("0x600",$trans,$tmp1,0));
+	&xor(	$L,		$tmp1);
+	&mov(	$tmp1,		&DWP("0x700",$trans,$tmp2,0));
+	&xor(	$L,		$tmp1);
+	&mov(	$tmp1,		&DWP("0x400",$trans,$u,0));
+	&xor(	$L,		$tmp1);
+	&mov(	$tmp1,		&DWP("0x500",$trans,$t,0));
+	&xor(	$L,		$tmp1);
+	&mov(	$trans,		&wparam(1));
+	}
+
+sub n2a
+	{
+	sprintf("%d",$_[0]);
+	}
+
+# now has a side affect of rotating $a by $shift
+sub R_PERM_OP
+	{
+	local($a,$b,$tt,$shift,$mask,$last)=@_;
+
+	&rotl(	$a,		$shift		) if ($shift != 0);
+	&mov(	$tt,		$a		);
+	&xor(	$a,		$b		);
+	&and(	$a,		$mask		);
+	if ($notlast eq $b)
+		{
+		&xor(	$b,		$a		);
+		&xor(	$tt,		$a		);
+		}
+	else
+		{
+		&xor(	$tt,		$a		);
+		&xor(	$b,		$a		);
+		}
+	&comment("");
+	}
+
+sub IP_new
+	{
+	local($l,$r,$tt,$lr)=@_;
+
+	&R_PERM_OP($l,$r,$tt, 4,"0xf0f0f0f0",$l);
+	&R_PERM_OP($r,$tt,$l,20,"0xfff0000f",$l);
+	&R_PERM_OP($l,$tt,$r,14,"0x33333333",$r);
+	&R_PERM_OP($tt,$r,$l,22,"0x03fc03fc",$r);
+	&R_PERM_OP($l,$r,$tt, 9,"0xaaaaaaaa",$r);
+
+	if ($lr != 3)
+		{
+		if (($lr-3) < 0)
+			{ &rotr($tt,	3-$lr); }
+		else	{ &rotl($tt,	$lr-3); }
+		}
+	if ($lr != 2)
+		{
+		if (($lr-2) < 0)
+			{ &rotr($r,	2-$lr); }
+		else	{ &rotl($r,	$lr-2); }
+		}
+	}
+
+sub FP_new
+	{
+	local($l,$r,$tt,$lr)=@_;
+
+	if ($lr != 2)
+		{
+		if (($lr-2) < 0)
+			{ &rotl($r,	2-$lr); }
+		else	{ &rotr($r,	$lr-2); }
+		}
+	if ($lr != 3)
+		{
+		if (($lr-3) < 0)
+			{ &rotl($l,	3-$lr); }
+		else	{ &rotr($l,	$lr-3); }
+		}
+
+	&R_PERM_OP($l,$r,$tt, 0,"0xaaaaaaaa",$r);
+	&R_PERM_OP($tt,$r,$l,23,"0x03fc03fc",$r);
+	&R_PERM_OP($l,$r,$tt,10,"0x33333333",$l);
+	&R_PERM_OP($r,$tt,$l,18,"0xfff0000f",$l);
+	&R_PERM_OP($l,$tt,$r,12,"0xf0f0f0f0",$r);
+	&rotr($tt	, 4);
+	}
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/des/asm/des-586.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/des/asm/des-586.pl
new file mode 100644
index 000000000..2bcc54ef2
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/des/asm/des-586.pl
@@ -0,0 +1,465 @@
+#! /usr/bin/env perl
+# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# The inner loop instruction sequence and the IP/FP modifications are from
+# Svend Olaf Mikkelsen.
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+require "cbc.pl";
+require "desboth.pl";
+
+# base code is in Microsoft
+# op dest, source
+# format.
+#
+
+$output=pop;
+open STDOUT,">$output";
+
+&asm_init($ARGV[0]);
+
+$L="edi";
+$R="esi";
+$trans="ebp";
+$small_footprint=1 if (grep(/\-DOPENSSL_SMALL_FOOTPRINT/,@ARGV));
+# one can discuss setting this variable to 1 unconditionally, as
+# the folded loop is only 3% slower than unrolled, but >7 times smaller
+
+&public_label("DES_SPtrans");
+&static_label("des_sptrans");
+
+&DES_encrypt_internal();
+&DES_decrypt_internal();
+&DES_encrypt("DES_encrypt1",1);
+&DES_encrypt("DES_encrypt2",0);
+&DES_encrypt3("DES_encrypt3",1);
+&DES_encrypt3("DES_decrypt3",0);
+&cbc("DES_ncbc_encrypt","DES_encrypt1","DES_encrypt1",0,4,5,3,5,-1);
+&cbc("DES_ede3_cbc_encrypt","DES_encrypt3","DES_decrypt3",0,6,7,3,4,5);
+&DES_SPtrans();
+
+&asm_finish();
+
+close STDOUT;
+
+sub DES_encrypt_internal()
+	{
+	&function_begin_B("_x86_DES_encrypt");
+
+	if ($small_footprint)
+	    {
+	    &lea("edx",&DWP(128,"ecx"));
+	    &push("edx");
+	    &push("ecx");
+	    &set_label("eloop");
+		&D_ENCRYPT(0,$L,$R,0,$trans,"eax","ebx","ecx","edx",&swtmp(0));
+		&comment("");
+		&D_ENCRYPT(1,$R,$L,2,$trans,"eax","ebx","ecx","edx",&swtmp(0));
+		&comment("");
+		&add("ecx",16);
+		&cmp("ecx",&swtmp(1));
+		&mov(&swtmp(0),"ecx");
+		&jb(&label("eloop"));
+	    &add("esp",8);
+	    }
+	else
+	    {
+	    &push("ecx");
+	    for ($i=0; $i<16; $i+=2)
+		{
+		&comment("Round $i");
+		&D_ENCRYPT($i,$L,$R,$i*2,$trans,"eax","ebx","ecx","edx",&swtmp(0));
+		&comment("Round ".sprintf("%d",$i+1));
+		&D_ENCRYPT($i+1,$R,$L,($i+1)*2,$trans,"eax","ebx","ecx","edx",&swtmp(0));
+		}
+	    &add("esp",4);
+	}
+	&ret();
+
+	&function_end_B("_x86_DES_encrypt");
+	}
+
+sub DES_decrypt_internal()
+	{
+	&function_begin_B("_x86_DES_decrypt");
+
+	if ($small_footprint)
+	    {
+	    &push("ecx");
+	    &lea("ecx",&DWP(128,"ecx"));
+	    &push("ecx");
+	    &set_label("dloop");
+		&D_ENCRYPT(0,$L,$R,-2,$trans,"eax","ebx","ecx","edx",&swtmp(0));
+		&comment("");
+		&D_ENCRYPT(1,$R,$L,-4,$trans,"eax","ebx","ecx","edx",&swtmp(0));
+		&comment("");
+		&sub("ecx",16);
+		&cmp("ecx",&swtmp(1));
+		&mov(&swtmp(0),"ecx");
+		&ja(&label("dloop"));
+	    &add("esp",8);
+	    }
+	else
+	    {
+	    &push("ecx");
+	    for ($i=15; $i>0; $i-=2)
+		{
+		&comment("Round $i");
+		&D_ENCRYPT(15-$i,$L,$R,$i*2,$trans,"eax","ebx","ecx","edx",&swtmp(0));
+		&comment("Round ".sprintf("%d",$i-1));
+		&D_ENCRYPT(15-$i+1,$R,$L,($i-1)*2,$trans,"eax","ebx","ecx","edx",&swtmp(0));
+		}
+	    &add("esp",4);
+	    }
+	&ret();
+
+	&function_end_B("_x86_DES_decrypt");
+	}
+
+sub DES_encrypt
+	{
+	local($name,$do_ip)=@_;
+
+	&function_begin_B($name);
+
+	&push("esi");
+	&push("edi");
+
+	&comment("");
+	&comment("Load the 2 words");
+
+	if ($do_ip)
+		{
+		&mov($R,&wparam(0));
+		 &xor(	"ecx",		"ecx"		);
+
+		&push("ebx");
+		&push("ebp");
+
+		&mov("eax",&DWP(0,$R,"",0));
+		 &mov("ebx",&wparam(2));	# get encrypt flag
+		&mov($L,&DWP(4,$R,"",0));
+		&comment("");
+		&comment("IP");
+		&IP_new("eax",$L,$R,3);
+		}
+	else
+		{
+		&mov("eax",&wparam(0));
+		 &xor(	"ecx",		"ecx"		);
+
+		&push("ebx");
+		&push("ebp");
+
+		&mov($R,&DWP(0,"eax","",0));
+		 &mov("ebx",&wparam(2));	# get encrypt flag
+		&rotl($R,3);
+		&mov($L,&DWP(4,"eax","",0));
+		&rotl($L,3);
+		}
+
+	# PIC-ification:-)
+	&call	(&label("pic_point"));
+	&set_label("pic_point");
+	&blindpop($trans);
+	&lea	($trans,&DWP(&label("des_sptrans")."-".&label("pic_point"),$trans));
+
+	&mov(	"ecx",	&wparam(1)	);
+
+	&cmp("ebx","0");
+	&je(&label("decrypt"));
+	&call("_x86_DES_encrypt");
+	&jmp(&label("done"));
+	&set_label("decrypt");
+	&call("_x86_DES_decrypt");
+	&set_label("done");
+
+	if ($do_ip)
+		{
+		&comment("");
+		&comment("FP");
+		&mov("edx",&wparam(0));
+		&FP_new($L,$R,"eax",3);
+
+		&mov(&DWP(0,"edx","",0),"eax");
+		&mov(&DWP(4,"edx","",0),$R);
+		}
+	else
+		{
+		&comment("");
+		&comment("Fixup");
+		&rotr($L,3);		# r
+		 &mov("eax",&wparam(0));
+		&rotr($R,3);		# l
+		 &mov(&DWP(0,"eax","",0),$L);
+		 &mov(&DWP(4,"eax","",0),$R);
+		}
+
+	&pop("ebp");
+	&pop("ebx");
+	&pop("edi");
+	&pop("esi");
+	&ret();
+
+	&function_end_B($name);
+	}
+
+sub D_ENCRYPT
+	{
+	local($r,$L,$R,$S,$trans,$u,$tmp1,$tmp2,$t,$wp1)=@_;
+
+	 &mov(	$u,		&DWP(&n2a($S*4),$tmp2,"",0));
+	&xor(	$tmp1,		$tmp1);
+	 &mov(	$t,		&DWP(&n2a(($S+1)*4),$tmp2,"",0));
+	&xor(	$u,		$R);
+	&xor(	$tmp2,		$tmp2);
+	 &xor(	$t,		$R);
+	&and(	$u,		"0xfcfcfcfc"	);
+	 &and(	$t,		"0xcfcfcfcf"	);
+	&movb(	&LB($tmp1),	&LB($u)	);
+	 &movb(	&LB($tmp2),	&HB($u)	);
+	&rotr(	$t,		4		);
+	&xor(	$L,		&DWP("     ",$trans,$tmp1,0));
+	 &movb(	&LB($tmp1),	&LB($t)	);
+	 &xor(	$L,		&DWP("0x200",$trans,$tmp2,0));
+	 &movb(	&LB($tmp2),	&HB($t)	);
+	&shr(	$u,		16);
+	 &xor(	$L,		&DWP("0x100",$trans,$tmp1,0));
+	 &movb(	&LB($tmp1),	&HB($u)	);
+	&shr(	$t,		16);
+	 &xor(	$L,		&DWP("0x300",$trans,$tmp2,0));
+	&movb(	&LB($tmp2),	&HB($t)	);
+	 &and(	$u,		"0xff"	);
+	&and(	$t,		"0xff"	);
+	 &xor(	$L,		&DWP("0x600",$trans,$tmp1,0));
+	 &xor(	$L,		&DWP("0x700",$trans,$tmp2,0));
+	&mov(	$tmp2,		$wp1	);
+	 &xor(	$L,		&DWP("0x400",$trans,$u,0));
+	 &xor(	$L,		&DWP("0x500",$trans,$t,0));
+	}
+
+sub n2a
+	{
+	sprintf("%d",$_[0]);
+	}
+
+# now has a side affect of rotating $a by $shift
+sub R_PERM_OP
+	{
+	local($a,$b,$tt,$shift,$mask,$last)=@_;
+
+	&rotl(	$a,		$shift		) if ($shift != 0);
+	&mov(	$tt,		$a		);
+	&xor(	$a,		$b		);
+	&and(	$a,		$mask		);
+	# This can never succeed, and besides it is difficult to see what the
+	# idea was - Ben 13 Feb 99
+	if (!$last eq $b)
+		{
+		&xor(	$b,		$a		);
+		&xor(	$tt,		$a		);
+		}
+	else
+		{
+		&xor(	$tt,		$a		);
+		&xor(	$b,		$a		);
+		}
+	&comment("");
+	}
+
+sub IP_new
+	{
+	local($l,$r,$tt,$lr)=@_;
+
+	&R_PERM_OP($l,$r,$tt, 4,"0xf0f0f0f0",$l);
+	&R_PERM_OP($r,$tt,$l,20,"0xfff0000f",$l);
+	&R_PERM_OP($l,$tt,$r,14,"0x33333333",$r);
+	&R_PERM_OP($tt,$r,$l,22,"0x03fc03fc",$r);
+	&R_PERM_OP($l,$r,$tt, 9,"0xaaaaaaaa",$r);
+
+	if ($lr != 3)
+		{
+		if (($lr-3) < 0)
+			{ &rotr($tt,	3-$lr); }
+		else	{ &rotl($tt,	$lr-3); }
+		}
+	if ($lr != 2)
+		{
+		if (($lr-2) < 0)
+			{ &rotr($r,	2-$lr); }
+		else	{ &rotl($r,	$lr-2); }
+		}
+	}
+
+sub FP_new
+	{
+	local($l,$r,$tt,$lr)=@_;
+
+	if ($lr != 2)
+		{
+		if (($lr-2) < 0)
+			{ &rotl($r,	2-$lr); }
+		else	{ &rotr($r,	$lr-2); }
+		}
+	if ($lr != 3)
+		{
+		if (($lr-3) < 0)
+			{ &rotl($l,	3-$lr); }
+		else	{ &rotr($l,	$lr-3); }
+		}
+
+	&R_PERM_OP($l,$r,$tt, 0,"0xaaaaaaaa",$r);
+	&R_PERM_OP($tt,$r,$l,23,"0x03fc03fc",$r);
+	&R_PERM_OP($l,$r,$tt,10,"0x33333333",$l);
+	&R_PERM_OP($r,$tt,$l,18,"0xfff0000f",$l);
+	&R_PERM_OP($l,$tt,$r,12,"0xf0f0f0f0",$r);
+	&rotr($tt	, 4);
+	}
+
+sub DES_SPtrans
+	{
+	&set_label("DES_SPtrans",64);
+	&set_label("des_sptrans");
+	&data_word(0x02080800, 0x00080000, 0x02000002, 0x02080802);
+	&data_word(0x02000000, 0x00080802, 0x00080002, 0x02000002);
+	&data_word(0x00080802, 0x02080800, 0x02080000, 0x00000802);
+	&data_word(0x02000802, 0x02000000, 0x00000000, 0x00080002);
+	&data_word(0x00080000, 0x00000002, 0x02000800, 0x00080800);
+	&data_word(0x02080802, 0x02080000, 0x00000802, 0x02000800);
+	&data_word(0x00000002, 0x00000800, 0x00080800, 0x02080002);
+	&data_word(0x00000800, 0x02000802, 0x02080002, 0x00000000);
+	&data_word(0x00000000, 0x02080802, 0x02000800, 0x00080002);
+	&data_word(0x02080800, 0x00080000, 0x00000802, 0x02000800);
+	&data_word(0x02080002, 0x00000800, 0x00080800, 0x02000002);
+	&data_word(0x00080802, 0x00000002, 0x02000002, 0x02080000);
+	&data_word(0x02080802, 0x00080800, 0x02080000, 0x02000802);
+	&data_word(0x02000000, 0x00000802, 0x00080002, 0x00000000);
+	&data_word(0x00080000, 0x02000000, 0x02000802, 0x02080800);
+	&data_word(0x00000002, 0x02080002, 0x00000800, 0x00080802);
+	# nibble 1
+	&data_word(0x40108010, 0x00000000, 0x00108000, 0x40100000);
+	&data_word(0x40000010, 0x00008010, 0x40008000, 0x00108000);
+	&data_word(0x00008000, 0x40100010, 0x00000010, 0x40008000);
+	&data_word(0x00100010, 0x40108000, 0x40100000, 0x00000010);
+	&data_word(0x00100000, 0x40008010, 0x40100010, 0x00008000);
+	&data_word(0x00108010, 0x40000000, 0x00000000, 0x00100010);
+	&data_word(0x40008010, 0x00108010, 0x40108000, 0x40000010);
+	&data_word(0x40000000, 0x00100000, 0x00008010, 0x40108010);
+	&data_word(0x00100010, 0x40108000, 0x40008000, 0x00108010);
+	&data_word(0x40108010, 0x00100010, 0x40000010, 0x00000000);
+	&data_word(0x40000000, 0x00008010, 0x00100000, 0x40100010);
+	&data_word(0x00008000, 0x40000000, 0x00108010, 0x40008010);
+	&data_word(0x40108000, 0x00008000, 0x00000000, 0x40000010);
+	&data_word(0x00000010, 0x40108010, 0x00108000, 0x40100000);
+	&data_word(0x40100010, 0x00100000, 0x00008010, 0x40008000);
+	&data_word(0x40008010, 0x00000010, 0x40100000, 0x00108000);
+	# nibble 2
+	&data_word(0x04000001, 0x04040100, 0x00000100, 0x04000101);
+	&data_word(0x00040001, 0x04000000, 0x04000101, 0x00040100);
+	&data_word(0x04000100, 0x00040000, 0x04040000, 0x00000001);
+	&data_word(0x04040101, 0x00000101, 0x00000001, 0x04040001);
+	&data_word(0x00000000, 0x00040001, 0x04040100, 0x00000100);
+	&data_word(0x00000101, 0x04040101, 0x00040000, 0x04000001);
+	&data_word(0x04040001, 0x04000100, 0x00040101, 0x04040000);
+	&data_word(0x00040100, 0x00000000, 0x04000000, 0x00040101);
+	&data_word(0x04040100, 0x00000100, 0x00000001, 0x00040000);
+	&data_word(0x00000101, 0x00040001, 0x04040000, 0x04000101);
+	&data_word(0x00000000, 0x04040100, 0x00040100, 0x04040001);
+	&data_word(0x00040001, 0x04000000, 0x04040101, 0x00000001);
+	&data_word(0x00040101, 0x04000001, 0x04000000, 0x04040101);
+	&data_word(0x00040000, 0x04000100, 0x04000101, 0x00040100);
+	&data_word(0x04000100, 0x00000000, 0x04040001, 0x00000101);
+	&data_word(0x04000001, 0x00040101, 0x00000100, 0x04040000);
+	# nibble 3
+	&data_word(0x00401008, 0x10001000, 0x00000008, 0x10401008);
+	&data_word(0x00000000, 0x10400000, 0x10001008, 0x00400008);
+	&data_word(0x10401000, 0x10000008, 0x10000000, 0x00001008);
+	&data_word(0x10000008, 0x00401008, 0x00400000, 0x10000000);
+	&data_word(0x10400008, 0x00401000, 0x00001000, 0x00000008);
+	&data_word(0x00401000, 0x10001008, 0x10400000, 0x00001000);
+	&data_word(0x00001008, 0x00000000, 0x00400008, 0x10401000);
+	&data_word(0x10001000, 0x10400008, 0x10401008, 0x00400000);
+	&data_word(0x10400008, 0x00001008, 0x00400000, 0x10000008);
+	&data_word(0x00401000, 0x10001000, 0x00000008, 0x10400000);
+	&data_word(0x10001008, 0x00000000, 0x00001000, 0x00400008);
+	&data_word(0x00000000, 0x10400008, 0x10401000, 0x00001000);
+	&data_word(0x10000000, 0x10401008, 0x00401008, 0x00400000);
+	&data_word(0x10401008, 0x00000008, 0x10001000, 0x00401008);
+	&data_word(0x00400008, 0x00401000, 0x10400000, 0x10001008);
+	&data_word(0x00001008, 0x10000000, 0x10000008, 0x10401000);
+	# nibble 4
+	&data_word(0x08000000, 0x00010000, 0x00000400, 0x08010420);
+	&data_word(0x08010020, 0x08000400, 0x00010420, 0x08010000);
+	&data_word(0x00010000, 0x00000020, 0x08000020, 0x00010400);
+	&data_word(0x08000420, 0x08010020, 0x08010400, 0x00000000);
+	&data_word(0x00010400, 0x08000000, 0x00010020, 0x00000420);
+	&data_word(0x08000400, 0x00010420, 0x00000000, 0x08000020);
+	&data_word(0x00000020, 0x08000420, 0x08010420, 0x00010020);
+	&data_word(0x08010000, 0x00000400, 0x00000420, 0x08010400);
+	&data_word(0x08010400, 0x08000420, 0x00010020, 0x08010000);
+	&data_word(0x00010000, 0x00000020, 0x08000020, 0x08000400);
+	&data_word(0x08000000, 0x00010400, 0x08010420, 0x00000000);
+	&data_word(0x00010420, 0x08000000, 0x00000400, 0x00010020);
+	&data_word(0x08000420, 0x00000400, 0x00000000, 0x08010420);
+	&data_word(0x08010020, 0x08010400, 0x00000420, 0x00010000);
+	&data_word(0x00010400, 0x08010020, 0x08000400, 0x00000420);
+	&data_word(0x00000020, 0x00010420, 0x08010000, 0x08000020);
+	# nibble 5
+	&data_word(0x80000040, 0x00200040, 0x00000000, 0x80202000);
+	&data_word(0x00200040, 0x00002000, 0x80002040, 0x00200000);
+	&data_word(0x00002040, 0x80202040, 0x00202000, 0x80000000);
+	&data_word(0x80002000, 0x80000040, 0x80200000, 0x00202040);
+	&data_word(0x00200000, 0x80002040, 0x80200040, 0x00000000);
+	&data_word(0x00002000, 0x00000040, 0x80202000, 0x80200040);
+	&data_word(0x80202040, 0x80200000, 0x80000000, 0x00002040);
+	&data_word(0x00000040, 0x00202000, 0x00202040, 0x80002000);
+	&data_word(0x00002040, 0x80000000, 0x80002000, 0x00202040);
+	&data_word(0x80202000, 0x00200040, 0x00000000, 0x80002000);
+	&data_word(0x80000000, 0x00002000, 0x80200040, 0x00200000);
+	&data_word(0x00200040, 0x80202040, 0x00202000, 0x00000040);
+	&data_word(0x80202040, 0x00202000, 0x00200000, 0x80002040);
+	&data_word(0x80000040, 0x80200000, 0x00202040, 0x00000000);
+	&data_word(0x00002000, 0x80000040, 0x80002040, 0x80202000);
+	&data_word(0x80200000, 0x00002040, 0x00000040, 0x80200040);
+	# nibble 6
+	&data_word(0x00004000, 0x00000200, 0x01000200, 0x01000004);
+	&data_word(0x01004204, 0x00004004, 0x00004200, 0x00000000);
+	&data_word(0x01000000, 0x01000204, 0x00000204, 0x01004000);
+	&data_word(0x00000004, 0x01004200, 0x01004000, 0x00000204);
+	&data_word(0x01000204, 0x00004000, 0x00004004, 0x01004204);
+	&data_word(0x00000000, 0x01000200, 0x01000004, 0x00004200);
+	&data_word(0x01004004, 0x00004204, 0x01004200, 0x00000004);
+	&data_word(0x00004204, 0x01004004, 0x00000200, 0x01000000);
+	&data_word(0x00004204, 0x01004000, 0x01004004, 0x00000204);
+	&data_word(0x00004000, 0x00000200, 0x01000000, 0x01004004);
+	&data_word(0x01000204, 0x00004204, 0x00004200, 0x00000000);
+	&data_word(0x00000200, 0x01000004, 0x00000004, 0x01000200);
+	&data_word(0x00000000, 0x01000204, 0x01000200, 0x00004200);
+	&data_word(0x00000204, 0x00004000, 0x01004204, 0x01000000);
+	&data_word(0x01004200, 0x00000004, 0x00004004, 0x01004204);
+	&data_word(0x01000004, 0x01004200, 0x01004000, 0x00004004);
+	# nibble 7
+	&data_word(0x20800080, 0x20820000, 0x00020080, 0x00000000);
+	&data_word(0x20020000, 0x00800080, 0x20800000, 0x20820080);
+	&data_word(0x00000080, 0x20000000, 0x00820000, 0x00020080);
+	&data_word(0x00820080, 0x20020080, 0x20000080, 0x20800000);
+	&data_word(0x00020000, 0x00820080, 0x00800080, 0x20020000);
+	&data_word(0x20820080, 0x20000080, 0x00000000, 0x00820000);
+	&data_word(0x20000000, 0x00800000, 0x20020080, 0x20800080);
+	&data_word(0x00800000, 0x00020000, 0x20820000, 0x00000080);
+	&data_word(0x00800000, 0x00020000, 0x20000080, 0x20820080);
+	&data_word(0x00020080, 0x20000000, 0x00000000, 0x00820000);
+	&data_word(0x20800080, 0x20020080, 0x20020000, 0x00800080);
+	&data_word(0x20820000, 0x00000080, 0x00800080, 0x20020000);
+	&data_word(0x20820080, 0x00800000, 0x20800000, 0x20000080);
+	&data_word(0x00820000, 0x00020080, 0x20020080, 0x20800000);
+	&data_word(0x00000080, 0x20820000, 0x00820080, 0x00000000);
+	&data_word(0x20000000, 0x20800080, 0x00020000, 0x00820080);
+	}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/des/asm/des_enc.m4 b/trunk/3rdparty/openssl-1.1-fit/crypto/des/asm/des_enc.m4
new file mode 100644
index 000000000..4ada97b17
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/des/asm/des_enc.m4
@@ -0,0 +1,1968 @@
+! Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
+!
+! Licensed under the OpenSSL license (the "License").  You may not use
+! this file except in compliance with the License.  You can obtain a copy
+! in the file LICENSE in the source distribution or at
+! https://www.openssl.org/source/license.html
+!
+!  To expand the m4 macros: m4 -B 8192 des_enc.m4 > des_enc.S
+!
+!  Global registers 1 to 5 are used. This is the same as done by the
+!  cc compiler. The UltraSPARC load/store little endian feature is used.
+!
+!  Instruction grouping often refers to one CPU cycle.
+!
+!  Assemble through gcc: gcc -c -mcpu=ultrasparc -o des_enc.o des_enc.S
+!
+!  Assemble through cc:  cc -c -xarch=v8plusa -o des_enc.o des_enc.S
+!
+!  Performance improvement according to './apps/openssl speed des'
+!
+!	32-bit build:
+!		23%  faster than cc-5.2 -xarch=v8plus -xO5
+!		115% faster than gcc-3.2.1 -m32 -mcpu=ultrasparc -O5
+!	64-bit build:
+!		50%  faster than cc-5.2 -xarch=v9 -xO5
+!		100% faster than gcc-3.2.1 -m64 -mcpu=ultrasparc -O5
+!
+
+.ident "des_enc.m4 2.1"
+.file  "des_enc-sparc.S"
+
+#include <openssl/opensslconf.h>
+
+#if defined(__SUNPRO_C) && defined(__sparcv9)
+# define ABI64  /* They've said -xarch=v9 at command line */
+#elif defined(__GNUC__) && defined(__arch64__)
+# define ABI64  /* They've said -m64 at command line */
+#endif
+
+#ifdef ABI64
+  .register	%g2,#scratch
+  .register	%g3,#scratch
+# define	FRAME	-192
+# define	BIAS	2047
+# define	LDPTR	ldx
+# define	STPTR	stx
+# define	ARG0	128
+# define	ARGSZ	8
+#else
+# define	FRAME	-96
+# define	BIAS	0
+# define	LDPTR	ld
+# define	STPTR	st
+# define	ARG0	68
+# define	ARGSZ	4
+#endif
+
+#define LOOPS 7
+
+#define global0 %g0
+#define global1 %g1
+#define global2 %g2
+#define global3 %g3
+#define global4 %g4
+#define global5 %g5
+
+#define local0 %l0
+#define local1 %l1
+#define local2 %l2
+#define local3 %l3
+#define local4 %l4
+#define local5 %l5
+#define local7 %l6
+#define local6 %l7
+
+#define in0 %i0
+#define in1 %i1
+#define in2 %i2
+#define in3 %i3
+#define in4 %i4
+#define in5 %i5
+#define in6 %i6
+#define in7 %i7
+
+#define out0 %o0
+#define out1 %o1
+#define out2 %o2
+#define out3 %o3
+#define out4 %o4
+#define out5 %o5
+#define out6 %o6
+#define out7 %o7
+
+#define stub stb
+
+changequote({,})
+
+
+! Macro definitions:
+
+
+! {ip_macro}
+!
+! The logic used in initial and final permutations is the same as in
+! the C code. The permutations are done with a clever shift, xor, and
+! technique.
+!
+! The macro also loads address sbox 1 to 5 to global 1 to 5, address
+! sbox 6 to local6, and addres sbox 8 to out3.
+!
+! Rotates the halfs 3 left to bring the sbox bits in convenient positions.
+!
+! Loads key first round from address in parameter 5 to out0, out1.
+!
+! After the original LibDES initial permutation, the resulting left
+! is in the variable initially used for right and vice versa. The macro
+! implements the possibility to keep the halfs in the original registers.
+!
+! parameter 1  left
+! parameter 2  right
+! parameter 3  result left (modify in first round)
+! parameter 4  result right (use in first round)
+! parameter 5  key address
+! parameter 6  1/2 for include encryption/decryption
+! parameter 7  1 for move in1 to in3
+! parameter 8  1 for move in3 to in4, 2 for move in4 to in3
+! parameter 9  1 for load ks3 and ks2 to in4 and in3
+
+define(ip_macro, {
+
+! {ip_macro}
+! $1 $2 $4 $3 $5 $6 $7 $8 $9
+
+	ld	[out2+256], local1
+	srl	$2, 4, local4
+
+	xor	local4, $1, local4
+	ifelse($7,1,{mov in1, in3},{nop})
+
+	ld	[out2+260], local2
+	and	local4, local1, local4
+	ifelse($8,1,{mov in3, in4},{})
+	ifelse($8,2,{mov in4, in3},{})
+
+	ld	[out2+280], out4          ! loop counter
+	sll	local4, 4, local1
+	xor	$1, local4, $1
+
+	ld	[out2+264], local3
+	srl	$1, 16, local4
+	xor	$2, local1, $2
+
+	ifelse($9,1,{LDPTR	KS3, in4},{})
+	xor	local4, $2, local4
+	nop	!sethi	%hi(DES_SPtrans), global1 ! sbox addr
+
+	ifelse($9,1,{LDPTR	KS2, in3},{})
+	and	local4, local2, local4
+	nop	!or	global1, %lo(DES_SPtrans), global1   ! sbox addr
+
+	sll	local4, 16, local1
+	xor	$2, local4, $2
+
+	srl	$2, 2, local4
+	xor	$1, local1, $1
+
+	sethi	%hi(16711680), local5
+	xor	local4, $1, local4
+
+	and	local4, local3, local4
+	or	local5, 255, local5
+
+	sll	local4, 2, local2
+	xor	$1, local4, $1
+
+	srl	$1, 8, local4
+	xor	$2, local2, $2
+
+	xor	local4, $2, local4
+	add	global1, 768, global4
+
+	and	local4, local5, local4
+	add	global1, 1024, global5
+
+	ld	[out2+272], local7
+	sll	local4, 8, local1
+	xor	$2, local4, $2
+
+	srl	$2, 1, local4
+	xor	$1, local1, $1
+
+	ld	[$5], out0                ! key 7531
+	xor	local4, $1, local4
+	add	global1, 256, global2
+
+	ld	[$5+4], out1              ! key 8642
+	and	local4, local7, local4
+	add	global1, 512, global3
+
+	sll	local4, 1, local1
+	xor	$1, local4, $1
+
+	sll	$1, 3, local3
+	xor	$2, local1, $2
+
+	sll	$2, 3, local2
+	add	global1, 1280, local6     ! address sbox 8
+
+	srl	$1, 29, local4
+	add	global1, 1792, out3       ! address sbox 8
+
+	srl	$2, 29, local1
+	or	local4, local3, $4
+
+	or	local2, local1, $3
+
+	ifelse($6, 1, {
+
+		ld	[out2+284], local5     ! 0x0000FC00 used in the rounds
+		or	local2, local1, $3
+		xor	$4, out0, local1
+
+		call .des_enc.1
+		and	local1, 252, local1
+
+	},{})
+
+	ifelse($6, 2, {
+
+		ld	[out2+284], local5     ! 0x0000FC00 used in the rounds
+		or	local2, local1, $3
+		xor	$4, out0, local1
+
+		call .des_dec.1
+		and	local1, 252, local1
+
+	},{})
+})
+
+
+! {rounds_macro}
+!
+! The logic used in the DES rounds is the same as in the C code,
+! except that calculations for sbox 1 and sbox 5 begin before
+! the previous round is finished.
+!
+! In each round one half (work) is modified based on key and the
+! other half (use).
+!
+! In this version we do two rounds in a loop repeated 7 times
+! and two rounds separately.
+!
+! One half has the bits for the sboxes in the following positions:
+!
+!	777777xx555555xx333333xx111111xx
+!
+!	88xx666666xx444444xx222222xx8888
+!
+! The bits for each sbox are xor-ed with the key bits for that box.
+! The above xx bits are cleared, and the result used for lookup in
+! the sbox table. Each sbox entry contains the 4 output bits permuted
+! into 32 bits according to the P permutation.
+!
+! In the description of DES, left and right are switched after
+! each round, except after last round. In this code the original
+! left and right are kept in the same register in all rounds, meaning
+! that after the 16 rounds the result for right is in the register
+! originally used for left.
+!
+! parameter 1  first work (left in first round)
+! parameter 2  first use (right in first round)
+! parameter 3  enc/dec  1/-1
+! parameter 4  loop label
+! parameter 5  key address register
+! parameter 6  optional address for key next encryption/decryption
+! parameter 7  not empty for include retl
+!
+! also compares in2 to 8
+
+define(rounds_macro, {
+
+! {rounds_macro}
+! $1 $2 $3 $4 $5 $6 $7 $8 $9
+
+	xor	$2, out0, local1
+
+	ld	[out2+284], local5        ! 0x0000FC00
+	ba	$4
+	and	local1, 252, local1
+
+	.align 32
+
+$4:
+	! local6 is address sbox 6
+	! out3   is address sbox 8
+	! out4   is loop counter
+
+	ld	[global1+local1], local1
+	xor	$2, out1, out1            ! 8642
+	xor	$2, out0, out0            ! 7531
+	! fmovs	%f0, %f0                  ! fxor used for alignment
+
+	srl	out1, 4, local0           ! rotate 4 right
+	and	out0, local5, local3      ! 3
+	! fmovs	%f0, %f0
+
+	ld	[$5+$3*8], local7         ! key 7531 next round
+	srl	local3, 8, local3         ! 3
+	and	local0, 252, local2       ! 2
+	! fmovs	%f0, %f0
+
+	ld	[global3+local3],local3   ! 3
+	sll	out1, 28, out1            ! rotate
+	xor	$1, local1, $1            ! 1 finished, local1 now sbox 7
+
+	ld	[global2+local2], local2  ! 2
+	srl	out0, 24, local1          ! 7
+	or	out1, local0, out1        ! rotate
+
+	ldub	[out2+local1], local1     ! 7 (and 0xFC)
+	srl	out1, 24, local0          ! 8
+	and	out1, local5, local4      ! 4
+
+	ldub	[out2+local0], local0     ! 8 (and 0xFC)
+	srl	local4, 8, local4         ! 4
+	xor	$1, local2, $1            ! 2 finished local2 now sbox 6
+
+	ld	[global4+local4],local4   ! 4
+	srl	out1, 16, local2          ! 6
+	xor	$1, local3, $1            ! 3 finished local3 now sbox 5
+
+	ld	[out3+local0],local0      ! 8
+	and	local2, 252, local2       ! 6
+	add	global1, 1536, local5     ! address sbox 7
+
+	ld	[local6+local2], local2   ! 6
+	srl	out0, 16, local3          ! 5
+	xor	$1, local4, $1            ! 4 finished
+
+	ld	[local5+local1],local1    ! 7
+	and	local3, 252, local3       ! 5
+	xor	$1, local0, $1            ! 8 finished
+
+	ld	[global5+local3],local3   ! 5
+	xor	$1, local2, $1            ! 6 finished
+	subcc	out4, 1, out4
+
+	ld	[$5+$3*8+4], out0         ! key 8642 next round
+	xor	$1, local7, local2        ! sbox 5 next round
+	xor	$1, local1, $1            ! 7 finished
+
+	srl	local2, 16, local2        ! sbox 5 next round
+	xor	$1, local3, $1            ! 5 finished
+
+	ld	[$5+$3*16+4], out1        ! key 8642 next round again
+	and	local2, 252, local2       ! sbox5 next round
+! next round
+	xor	$1, local7, local7        ! 7531
+
+	ld	[global5+local2], local2  ! 5
+	srl	local7, 24, local3        ! 7
+	xor	$1, out0, out0            ! 8642
+
+	ldub	[out2+local3], local3     ! 7 (and 0xFC)
+	srl	out0, 4, local0           ! rotate 4 right
+	and	local7, 252, local1       ! 1
+
+	sll	out0, 28, out0            ! rotate
+	xor	$2, local2, $2            ! 5 finished local2 used
+
+	srl	local0, 8, local4         ! 4
+	and	local0, 252, local2       ! 2
+	ld	[local5+local3], local3   ! 7
+
+	srl	local0, 16, local5        ! 6
+	or	out0, local0, out0        ! rotate
+	ld	[global2+local2], local2  ! 2
+
+	srl	out0, 24, local0
+	ld	[$5+$3*16], out0          ! key 7531 next round
+	and	local4, 252, local4	  ! 4
+
+	and	local5, 252, local5       ! 6
+	ld	[global4+local4], local4  ! 4
+	xor	$2, local3, $2            ! 7 finished local3 used
+
+	and	local0, 252, local0       ! 8
+	ld	[local6+local5], local5   ! 6
+	xor	$2, local2, $2            ! 2 finished local2 now sbox 3
+
+	srl	local7, 8, local2         ! 3 start
+	ld	[out3+local0], local0     ! 8
+	xor	$2, local4, $2            ! 4 finished
+
+	and	local2, 252, local2       ! 3
+	ld	[global1+local1], local1  ! 1
+	xor	$2, local5, $2            ! 6 finished local5 used
+
+	ld	[global3+local2], local2  ! 3
+	xor	$2, local0, $2            ! 8 finished
+	add	$5, $3*16, $5             ! enc add 8, dec add -8 to key pointer
+
+	ld	[out2+284], local5        ! 0x0000FC00
+	xor	$2, out0, local4          ! sbox 1 next round
+	xor	$2, local1, $2            ! 1 finished
+
+	xor	$2, local2, $2            ! 3 finished
+	bne	$4
+	and	local4, 252, local1       ! sbox 1 next round
+
+! two rounds more:
+
+	ld	[global1+local1], local1
+	xor	$2, out1, out1
+	xor	$2, out0, out0
+
+	srl	out1, 4, local0           ! rotate
+	and	out0, local5, local3
+
+	ld	[$5+$3*8], local7         ! key 7531
+	srl	local3, 8, local3
+	and	local0, 252, local2
+
+	ld	[global3+local3],local3
+	sll	out1, 28, out1            ! rotate
+	xor	$1, local1, $1            ! 1 finished, local1 now sbox 7
+
+	ld	[global2+local2], local2
+	srl	out0, 24, local1
+	or	out1, local0, out1        ! rotate
+
+	ldub	[out2+local1], local1
+	srl	out1, 24, local0
+	and	out1, local5, local4
+
+	ldub	[out2+local0], local0
+	srl	local4, 8, local4
+	xor	$1, local2, $1            ! 2 finished local2 now sbox 6
+
+	ld	[global4+local4],local4
+	srl	out1, 16, local2
+	xor	$1, local3, $1            ! 3 finished local3 now sbox 5
+
+	ld	[out3+local0],local0
+	and	local2, 252, local2
+	add	global1, 1536, local5     ! address sbox 7
+
+	ld	[local6+local2], local2
+	srl	out0, 16, local3
+	xor	$1, local4, $1            ! 4 finished
+
+	ld	[local5+local1],local1
+	and	local3, 252, local3
+	xor	$1, local0, $1
+
+	ld	[global5+local3],local3
+	xor	$1, local2, $1            ! 6 finished
+	cmp	in2, 8
+
+	ifelse($6,{}, {}, {ld	[out2+280], out4})  ! loop counter
+	xor	$1, local7, local2        ! sbox 5 next round
+	xor	$1, local1, $1            ! 7 finished
+
+	ld	[$5+$3*8+4], out0
+	srl	local2, 16, local2        ! sbox 5 next round
+	xor	$1, local3, $1            ! 5 finished
+
+	and	local2, 252, local2
+! next round (two rounds more)
+	xor	$1, local7, local7        ! 7531
+
+	ld	[global5+local2], local2
+	srl	local7, 24, local3
+	xor	$1, out0, out0            ! 8642
+
+	ldub	[out2+local3], local3
+	srl	out0, 4, local0           ! rotate
+	and	local7, 252, local1
+
+	sll	out0, 28, out0            ! rotate
+	xor	$2, local2, $2            ! 5 finished local2 used
+
+	srl	local0, 8, local4
+	and	local0, 252, local2
+	ld	[local5+local3], local3
+
+	srl	local0, 16, local5
+	or	out0, local0, out0        ! rotate
+	ld	[global2+local2], local2
+
+	srl	out0, 24, local0
+	ifelse($6,{}, {}, {ld	[$6], out0})   ! key next encryption/decryption
+	and	local4, 252, local4
+
+	and	local5, 252, local5
+	ld	[global4+local4], local4
+	xor	$2, local3, $2            ! 7 finished local3 used
+
+	and	local0, 252, local0
+	ld	[local6+local5], local5
+	xor	$2, local2, $2            ! 2 finished local2 now sbox 3
+
+	srl	local7, 8, local2         ! 3 start
+	ld	[out3+local0], local0
+	xor	$2, local4, $2
+
+	and	local2, 252, local2
+	ld	[global1+local1], local1
+	xor	$2, local5, $2            ! 6 finished local5 used
+
+	ld	[global3+local2], local2
+	srl	$1, 3, local3
+	xor	$2, local0, $2
+
+	ifelse($6,{}, {}, {ld	[$6+4], out1}) ! key next encryption/decryption
+	sll	$1, 29, local4
+	xor	$2, local1, $2
+
+	ifelse($7,{}, {}, {retl})
+	xor	$2, local2, $2
+})
+
+
+! {fp_macro}
+!
+!  parameter 1   right (original left)
+!  parameter 2   left (original right)
+!  parameter 3   1 for optional store to [in0]
+!  parameter 4   1 for load input/output address to local5/7
+!
+!  The final permutation logic switches the halves, meaning that
+!  left and right ends up the registers originally used.
+
+define(fp_macro, {
+
+! {fp_macro}
+! $1 $2 $3 $4 $5 $6 $7 $8 $9
+
+	! initially undo the rotate 3 left done after initial permutation
+	! original left is received shifted 3 right and 29 left in local3/4
+
+	sll	$2, 29, local1
+	or	local3, local4, $1
+
+	srl	$2, 3, $2
+	sethi	%hi(0x55555555), local2
+
+	or	$2, local1, $2
+	or	local2, %lo(0x55555555), local2
+
+	srl	$2, 1, local3
+	sethi	%hi(0x00ff00ff), local1
+	xor	local3, $1, local3
+	or	local1, %lo(0x00ff00ff), local1
+	and	local3, local2, local3
+	sethi	%hi(0x33333333), local4
+	sll	local3, 1, local2
+
+	xor	$1, local3, $1
+
+	srl	$1, 8, local3
+	xor	$2, local2, $2
+	xor	local3, $2, local3
+	or	local4, %lo(0x33333333), local4
+	and	local3, local1, local3
+	sethi	%hi(0x0000ffff), local1
+	sll	local3, 8, local2
+
+	xor	$2, local3, $2
+
+	srl	$2, 2, local3
+	xor	$1, local2, $1
+	xor	local3, $1, local3
+	or	local1, %lo(0x0000ffff), local1
+	and	local3, local4, local3
+	sethi	%hi(0x0f0f0f0f), local4
+	sll	local3, 2, local2
+
+	ifelse($4,1, {LDPTR INPUT, local5})
+	xor	$1, local3, $1
+
+	ifelse($4,1, {LDPTR OUTPUT, local7})
+	srl	$1, 16, local3
+	xor	$2, local2, $2
+	xor	local3, $2, local3
+	or	local4, %lo(0x0f0f0f0f), local4
+	and	local3, local1, local3
+	sll	local3, 16, local2
+
+	xor	$2, local3, local1
+
+	srl	local1, 4, local3
+	xor	$1, local2, $1
+	xor	local3, $1, local3
+	and	local3, local4, local3
+	sll	local3, 4, local2
+
+	xor	$1, local3, $1
+
+	! optional store:
+
+	ifelse($3,1, {st $1, [in0]})
+
+	xor	local1, local2, $2
+
+	ifelse($3,1, {st $2, [in0+4]})
+
+})
+
+
+! {fp_ip_macro}
+!
+! Does initial permutation for next block mixed with
+! final permutation for current block.
+!
+! parameter 1   original left
+! parameter 2   original right
+! parameter 3   left ip
+! parameter 4   right ip
+! parameter 5   1: load ks1/ks2 to in3/in4, add 120 to in4
+!                2: mov in4 to in3
+!
+! also adds -8 to length in2 and loads loop counter to out4
+
+define(fp_ip_macro, {
+
+! {fp_ip_macro}
+! $1 $2 $3 $4 $5 $6 $7 $8 $9
+
+	define({temp1},{out4})
+	define({temp2},{local3})
+
+	define({ip1},{local1})
+	define({ip2},{local2})
+	define({ip4},{local4})
+	define({ip5},{local5})
+
+	! $1 in local3, local4
+
+	ld	[out2+256], ip1
+	sll	out5, 29, temp1
+	or	local3, local4, $1
+
+	srl	out5, 3, $2
+	ifelse($5,2,{mov in4, in3})
+
+	ld	[out2+272], ip5
+	srl	$4, 4, local0
+	or	$2, temp1, $2
+
+	srl	$2, 1, temp1
+	xor	temp1, $1, temp1
+
+	and	temp1, ip5, temp1
+	xor	local0, $3, local0
+
+	sll	temp1, 1, temp2
+	xor	$1, temp1, $1
+
+	and	local0, ip1, local0
+	add	in2, -8, in2
+
+	sll	local0, 4, local7
+	xor	$3, local0, $3
+
+	ld	[out2+268], ip4
+	srl	$1, 8, temp1
+	xor	$2, temp2, $2
+	ld	[out2+260], ip2
+	srl	$3, 16, local0
+	xor	$4, local7, $4
+	xor	temp1, $2, temp1
+	xor	local0, $4, local0
+	and	temp1, ip4, temp1
+	and	local0, ip2, local0
+	sll	temp1, 8, temp2
+	xor	$2, temp1, $2
+	sll	local0, 16, local7
+	xor	$4, local0, $4
+
+	srl	$2, 2, temp1
+	xor	$1, temp2, $1
+
+	ld	[out2+264], temp2         ! ip3
+	srl	$4, 2, local0
+	xor	$3, local7, $3
+	xor	temp1, $1, temp1
+	xor	local0, $3, local0
+	and	temp1, temp2, temp1
+	and	local0, temp2, local0
+	sll	temp1, 2, temp2
+	xor	$1, temp1, $1
+	sll	local0, 2, local7
+	xor	$3, local0, $3
+
+	srl	$1, 16, temp1
+	xor	$2, temp2, $2
+	srl	$3, 8, local0
+	xor	$4, local7, $4
+	xor	temp1, $2, temp1
+	xor	local0, $4, local0
+	and	temp1, ip2, temp1
+	and	local0, ip4, local0
+	sll	temp1, 16, temp2
+	xor	$2, temp1, local4
+	sll	local0, 8, local7
+	xor	$4, local0, $4
+
+	srl	$4, 1, local0
+	xor	$3, local7, $3
+
+	srl	local4, 4, temp1
+	xor	local0, $3, local0
+
+	xor	$1, temp2, $1
+	and	local0, ip5, local0
+
+	sll	local0, 1, local7
+	xor	temp1, $1, temp1
+
+	xor	$3, local0, $3
+	xor	$4, local7, $4
+
+	sll	$3, 3, local5
+	and	temp1, ip1, temp1
+
+	sll	temp1, 4, temp2
+	xor	$1, temp1, $1
+
+	ifelse($5,1,{LDPTR	KS2, in4})
+	sll	$4, 3, local2
+	xor	local4, temp2, $2
+
+	! reload since used as temporary:
+
+	ld	[out2+280], out4          ! loop counter
+
+	srl	$3, 29, local0
+	ifelse($5,1,{add in4, 120, in4})
+
+	ifelse($5,1,{LDPTR	KS1, in3})
+	srl	$4, 29, local7
+
+	or	local0, local5, $4
+	or	local2, local7, $3
+
+})
+
+
+
+! {load_little_endian}
+!
+! parameter 1  address
+! parameter 2  destination left
+! parameter 3  destination right
+! parameter 4  temporary
+! parameter 5  label
+
+define(load_little_endian, {
+
+! {load_little_endian}
+! $1 $2 $3 $4 $5 $6 $7 $8 $9
+
+	! first in memory to rightmost in register
+
+$5:
+	ldub	[$1+3], $2
+
+	ldub	[$1+2], $4
+	sll	$2, 8, $2
+	or	$2, $4, $2
+
+	ldub	[$1+1], $4
+	sll	$2, 8, $2
+	or	$2, $4, $2
+
+	ldub	[$1+0], $4
+	sll	$2, 8, $2
+	or	$2, $4, $2
+
+
+	ldub	[$1+3+4], $3
+
+	ldub	[$1+2+4], $4
+	sll	$3, 8, $3
+	or	$3, $4, $3
+
+	ldub	[$1+1+4], $4
+	sll	$3, 8, $3
+	or	$3, $4, $3
+
+	ldub	[$1+0+4], $4
+	sll	$3, 8, $3
+	or	$3, $4, $3
+$5a:
+
+})
+
+
+! {load_little_endian_inc}
+!
+! parameter 1  address
+! parameter 2  destination left
+! parameter 3  destination right
+! parameter 4  temporary
+! parameter 4  label
+!
+! adds 8 to address
+
+define(load_little_endian_inc, {
+
+! {load_little_endian_inc}
+! $1 $2 $3 $4 $5 $6 $7 $8 $9
+
+	! first in memory to rightmost in register
+
+$5:
+	ldub	[$1+3], $2
+
+	ldub	[$1+2], $4
+	sll	$2, 8, $2
+	or	$2, $4, $2
+
+	ldub	[$1+1], $4
+	sll	$2, 8, $2
+	or	$2, $4, $2
+
+	ldub	[$1+0], $4
+	sll	$2, 8, $2
+	or	$2, $4, $2
+
+	ldub	[$1+3+4], $3
+	add	$1, 8, $1
+
+	ldub	[$1+2+4-8], $4
+	sll	$3, 8, $3
+	or	$3, $4, $3
+
+	ldub	[$1+1+4-8], $4
+	sll	$3, 8, $3
+	or	$3, $4, $3
+
+	ldub	[$1+0+4-8], $4
+	sll	$3, 8, $3
+	or	$3, $4, $3
+$5a:
+
+})
+
+
+! {load_n_bytes}
+!
+! Loads 1 to 7 bytes little endian
+! Remaining bytes are zeroed.
+!
+! parameter 1  address
+! parameter 2  length
+! parameter 3  destination register left
+! parameter 4  destination register right
+! parameter 5  temp
+! parameter 6  temp2
+! parameter 7  label
+! parameter 8  return label
+
+define(load_n_bytes, {
+
+! {load_n_bytes}
+! $1 $2 $5 $6 $7 $8 $7 $8 $9
+
+$7.0:	call	.+8
+	sll	$2, 2, $6
+
+	add	%o7,$7.jmp.table-$7.0,$5
+
+	add	$5, $6, $5
+	mov	0, $4
+
+	ld	[$5], $5
+
+	jmp	%o7+$5
+	mov	0, $3
+
+$7.7:
+	ldub	[$1+6], $5
+	sll	$5, 16, $5
+	or	$3, $5, $3
+$7.6:
+	ldub	[$1+5], $5
+	sll	$5, 8, $5
+	or	$3, $5, $3
+$7.5:
+	ldub	[$1+4], $5
+	or	$3, $5, $3
+$7.4:
+	ldub	[$1+3], $5
+	sll	$5, 24, $5
+	or	$4, $5, $4
+$7.3:
+	ldub	[$1+2], $5
+	sll	$5, 16, $5
+	or	$4, $5, $4
+$7.2:
+	ldub	[$1+1], $5
+	sll	$5, 8, $5
+	or	$4, $5, $4
+$7.1:
+	ldub	[$1+0], $5
+	ba	$8
+	or	$4, $5, $4
+
+	.align 4
+
+$7.jmp.table:
+	.word	0
+	.word	$7.1-$7.0
+	.word	$7.2-$7.0
+	.word	$7.3-$7.0
+	.word	$7.4-$7.0
+	.word	$7.5-$7.0
+	.word	$7.6-$7.0
+	.word	$7.7-$7.0
+})
+
+
+! {store_little_endian}
+!
+! parameter 1  address
+! parameter 2  source left
+! parameter 3  source right
+! parameter 4  temporary
+
+define(store_little_endian, {
+
+! {store_little_endian}
+! $1 $2 $3 $4 $5 $6 $7 $8 $9
+
+	! rightmost in register to first in memory
+
+$5:
+	and	$2, 255, $4
+	stub	$4, [$1+0]
+
+	srl	$2, 8, $4
+	and	$4, 255, $4
+	stub	$4, [$1+1]
+
+	srl	$2, 16, $4
+	and	$4, 255, $4
+	stub	$4, [$1+2]
+
+	srl	$2, 24, $4
+	stub	$4, [$1+3]
+
+
+	and	$3, 255, $4
+	stub	$4, [$1+0+4]
+
+	srl	$3, 8, $4
+	and	$4, 255, $4
+	stub	$4, [$1+1+4]
+
+	srl	$3, 16, $4
+	and	$4, 255, $4
+	stub	$4, [$1+2+4]
+
+	srl	$3, 24, $4
+	stub	$4, [$1+3+4]
+
+$5a:
+
+})
+
+
+! {store_n_bytes}
+!
+! Stores 1 to 7 bytes little endian
+!
+! parameter 1  address
+! parameter 2  length
+! parameter 3  source register left
+! parameter 4  source register right
+! parameter 5  temp
+! parameter 6  temp2
+! parameter 7  label
+! parameter 8  return label
+
+define(store_n_bytes, {
+
+! {store_n_bytes}
+! $1 $2 $5 $6 $7 $8 $7 $8 $9
+
+$7.0:	call	.+8
+	sll	$2, 2, $6
+
+	add	%o7,$7.jmp.table-$7.0,$5
+
+	add	$5, $6, $5
+
+	ld	[$5], $5
+
+	jmp	%o7+$5
+	nop
+
+$7.7:
+	srl	$3, 16, $5
+	and	$5, 0xff, $5
+	stub	$5, [$1+6]
+$7.6:
+	srl	$3, 8, $5
+	and	$5, 0xff, $5
+	stub	$5, [$1+5]
+$7.5:
+	and	$3, 0xff, $5
+	stub	$5, [$1+4]
+$7.4:
+	srl	$4, 24, $5
+	stub	$5, [$1+3]
+$7.3:
+	srl	$4, 16, $5
+	and	$5, 0xff, $5
+	stub	$5, [$1+2]
+$7.2:
+	srl	$4, 8, $5
+	and	$5, 0xff, $5
+	stub	$5, [$1+1]
+$7.1:
+	and	$4, 0xff, $5
+
+
+	ba	$8
+	stub	$5, [$1]
+
+	.align 4
+
+$7.jmp.table:
+
+	.word	0
+	.word	$7.1-$7.0
+	.word	$7.2-$7.0
+	.word	$7.3-$7.0
+	.word	$7.4-$7.0
+	.word	$7.5-$7.0
+	.word	$7.6-$7.0
+	.word	$7.7-$7.0
+})
+
+
+define(testvalue,{1})
+
+define(register_init, {
+
+! For test purposes:
+
+	sethi	%hi(testvalue), local0
+	or	local0, %lo(testvalue), local0
+
+	ifelse($1,{},{}, {mov	local0, $1})
+	ifelse($2,{},{}, {mov	local0, $2})
+	ifelse($3,{},{}, {mov	local0, $3})
+	ifelse($4,{},{}, {mov	local0, $4})
+	ifelse($5,{},{}, {mov	local0, $5})
+	ifelse($6,{},{}, {mov	local0, $6})
+	ifelse($7,{},{}, {mov	local0, $7})
+	ifelse($8,{},{}, {mov	local0, $8})
+
+	mov	local0, local1
+	mov	local0, local2
+	mov	local0, local3
+	mov	local0, local4
+	mov	local0, local5
+	mov	local0, local7
+	mov	local0, local6
+	mov	local0, out0
+	mov	local0, out1
+	mov	local0, out2
+	mov	local0, out3
+	mov	local0, out4
+	mov	local0, out5
+	mov	local0, global1
+	mov	local0, global2
+	mov	local0, global3
+	mov	local0, global4
+	mov	local0, global5
+
+})
+
+.section	".text"
+
+	.align 32
+
+.des_enc:
+
+	! key address in3
+	! loads key next encryption/decryption first round from [in4]
+
+	rounds_macro(in5, out5, 1, .des_enc.1, in3, in4, retl)
+
+
+	.align 32
+
+.des_dec:
+
+	! implemented with out5 as first parameter to avoid
+	! register exchange in ede modes
+
+	! key address in4
+	! loads key next encryption/decryption first round from [in3]
+
+	rounds_macro(out5, in5, -1, .des_dec.1, in4, in3, retl)
+
+
+
+! void DES_encrypt1(data, ks, enc)
+! *******************************
+
+	.align 32
+	.global DES_encrypt1
+	.type	 DES_encrypt1,#function
+
+DES_encrypt1:
+
+	save	%sp, FRAME, %sp
+
+	sethi	%hi(.PIC.DES_SPtrans-1f),global1
+	or	global1,%lo(.PIC.DES_SPtrans-1f),global1
+1:	call	.+8
+	add	%o7,global1,global1
+	sub	global1,.PIC.DES_SPtrans-.des_and,out2
+
+	ld	[in0], in5                ! left
+	cmp	in2, 0                    ! enc
+
+	be	.encrypt.dec
+	ld	[in0+4], out5             ! right
+
+	! parameter 6  1/2 for include encryption/decryption
+	! parameter 7  1 for move in1 to in3
+	! parameter 8  1 for move in3 to in4, 2 for move in4 to in3
+
+	ip_macro(in5, out5, in5, out5, in3, 0, 1, 1)
+
+	rounds_macro(in5, out5, 1, .des_encrypt1.1, in3, in4) ! in4 not used
+
+	fp_macro(in5, out5, 1)            ! 1 for store to [in0]
+
+	ret
+	restore
+
+.encrypt.dec:
+
+	add	in1, 120, in3             ! use last subkey for first round
+
+	! parameter 6  1/2 for include encryption/decryption
+	! parameter 7  1 for move in1 to in3
+	! parameter 8  1 for move in3 to in4, 2 for move in4 to in3
+
+	ip_macro(in5, out5, out5, in5, in4, 2, 0, 1) ! include dec,  ks in4
+
+	fp_macro(out5, in5, 1)            ! 1 for store to [in0]
+
+	ret
+	restore
+
+.DES_encrypt1.end:
+	.size	 DES_encrypt1,.DES_encrypt1.end-DES_encrypt1
+
+
+! void DES_encrypt2(data, ks, enc)
+!*********************************
+
+	! encrypts/decrypts without initial/final permutation
+
+	.align 32
+	.global DES_encrypt2
+	.type	 DES_encrypt2,#function
+
+DES_encrypt2:
+
+	save	%sp, FRAME, %sp
+
+	sethi	%hi(.PIC.DES_SPtrans-1f),global1
+	or	global1,%lo(.PIC.DES_SPtrans-1f),global1
+1:	call	.+8
+	add	%o7,global1,global1
+	sub	global1,.PIC.DES_SPtrans-.des_and,out2
+
+	! Set sbox address 1 to 6 and rotate halfs 3 left
+	! Errors caught by destest? Yes. Still? *NO*
+
+	!sethi	%hi(DES_SPtrans), global1 ! address sbox 1
+
+	!or	global1, %lo(DES_SPtrans), global1  ! sbox 1
+
+	add	global1, 256, global2     ! sbox 2
+	add	global1, 512, global3     ! sbox 3
+
+	ld	[in0], out5               ! right
+	add	global1, 768, global4     ! sbox 4
+	add	global1, 1024, global5    ! sbox 5
+
+	ld	[in0+4], in5              ! left
+	add	global1, 1280, local6     ! sbox 6
+	add	global1, 1792, out3       ! sbox 8
+
+	! rotate
+
+	sll	in5, 3, local5
+	mov	in1, in3                  ! key address to in3
+
+	sll	out5, 3, local7
+	srl	in5, 29, in5
+
+	srl	out5, 29, out5
+	add	in5, local5, in5
+
+	add	out5, local7, out5
+	cmp	in2, 0
+
+	! we use our own stackframe
+
+	be	.encrypt2.dec
+	STPTR	in0, [%sp+BIAS+ARG0+0*ARGSZ]
+
+	ld	[in3], out0               ! key 7531 first round
+	mov	LOOPS, out4               ! loop counter
+
+	ld	[in3+4], out1             ! key 8642 first round
+	sethi	%hi(0x0000FC00), local5
+
+	call .des_enc
+	mov	in3, in4
+
+	! rotate
+	sll	in5, 29, in0
+	srl	in5, 3, in5
+	sll	out5, 29, in1
+	add	in5, in0, in5
+	srl	out5, 3, out5
+	LDPTR	[%sp+BIAS+ARG0+0*ARGSZ], in0
+	add	out5, in1, out5
+	st	in5, [in0]
+	st	out5, [in0+4]
+
+	ret
+	restore
+
+
+.encrypt2.dec:
+
+	add in3, 120, in4
+
+	ld	[in4], out0               ! key 7531 first round
+	mov	LOOPS, out4               ! loop counter
+
+	ld	[in4+4], out1             ! key 8642 first round
+	sethi	%hi(0x0000FC00), local5
+
+	mov	in5, local1               ! left expected in out5
+	mov	out5, in5
+
+	call .des_dec
+	mov	local1, out5
+
+.encrypt2.finish:
+
+	! rotate
+	sll	in5, 29, in0
+	srl	in5, 3, in5
+	sll	out5, 29, in1
+	add	in5, in0, in5
+	srl	out5, 3, out5
+	LDPTR	[%sp+BIAS+ARG0+0*ARGSZ], in0
+	add	out5, in1, out5
+	st	out5, [in0]
+	st	in5, [in0+4]
+
+	ret
+	restore
+
+.DES_encrypt2.end:
+	.size	 DES_encrypt2, .DES_encrypt2.end-DES_encrypt2
+
+
+! void DES_encrypt3(data, ks1, ks2, ks3)
+! **************************************
+
+	.align 32
+	.global DES_encrypt3
+	.type	 DES_encrypt3,#function
+
+DES_encrypt3:
+
+	save	%sp, FRAME, %sp
+	
+	sethi	%hi(.PIC.DES_SPtrans-1f),global1
+	or	global1,%lo(.PIC.DES_SPtrans-1f),global1
+1:	call	.+8
+	add	%o7,global1,global1
+	sub	global1,.PIC.DES_SPtrans-.des_and,out2
+
+	ld	[in0], in5                ! left
+	add	in2, 120, in4             ! ks2
+
+	ld	[in0+4], out5             ! right
+	mov	in3, in2                  ! save ks3
+
+	! parameter 6  1/2 for include encryption/decryption
+	! parameter 7  1 for mov in1 to in3
+	! parameter 8  1 for mov in3 to in4
+	! parameter 9  1 for load ks3 and ks2 to in4 and in3
+
+	ip_macro(in5, out5, in5, out5, in3, 1, 1, 0, 0)
+
+	call	.des_dec
+	mov	in2, in3                  ! preload ks3
+
+	call	.des_enc
+	nop
+
+	fp_macro(in5, out5, 1)
+
+	ret
+	restore
+
+.DES_encrypt3.end:
+	.size	 DES_encrypt3,.DES_encrypt3.end-DES_encrypt3
+
+
+! void DES_decrypt3(data, ks1, ks2, ks3)
+! **************************************
+
+	.align 32
+	.global DES_decrypt3
+	.type	 DES_decrypt3,#function
+
+DES_decrypt3:
+
+	save	%sp, FRAME, %sp
+	
+	sethi	%hi(.PIC.DES_SPtrans-1f),global1
+	or	global1,%lo(.PIC.DES_SPtrans-1f),global1
+1:	call	.+8
+	add	%o7,global1,global1
+	sub	global1,.PIC.DES_SPtrans-.des_and,out2
+
+	ld	[in0], in5                ! left
+	add	in3, 120, in4             ! ks3
+
+	ld	[in0+4], out5             ! right
+	mov	in2, in3                  ! ks2
+
+	! parameter 6  1/2 for include encryption/decryption
+	! parameter 7  1 for mov in1 to in3
+	! parameter 8  1 for mov in3 to in4
+	! parameter 9  1 for load ks3 and ks2 to in4 and in3
+
+	ip_macro(in5, out5, out5, in5, in4, 2, 0, 0, 0)
+
+	call	.des_enc
+	add	in1, 120, in4             ! preload ks1
+
+	call	.des_dec
+	nop
+
+	fp_macro(out5, in5, 1)
+
+	ret
+	restore
+
+.DES_decrypt3.end:
+	.size	 DES_decrypt3,.DES_decrypt3.end-DES_decrypt3
+
+! void DES_ncbc_encrypt(input, output, length, schedule, ivec, enc)
+! *****************************************************************
+
+
+	.align 32
+	.global DES_ncbc_encrypt
+	.type	 DES_ncbc_encrypt,#function
+
+DES_ncbc_encrypt:
+
+	save	%sp, FRAME, %sp
+	
+	define({INPUT},  { [%sp+BIAS+ARG0+0*ARGSZ] })
+	define({OUTPUT}, { [%sp+BIAS+ARG0+1*ARGSZ] })
+	define({IVEC},   { [%sp+BIAS+ARG0+4*ARGSZ] })
+
+	sethi	%hi(.PIC.DES_SPtrans-1f),global1
+	or	global1,%lo(.PIC.DES_SPtrans-1f),global1
+1:	call	.+8
+	add	%o7,global1,global1
+	sub	global1,.PIC.DES_SPtrans-.des_and,out2
+
+	cmp	in5, 0                    ! enc
+
+	be	.ncbc.dec
+	STPTR	in4, IVEC
+
+	! addr  left  right  temp  label
+	load_little_endian(in4, in5, out5, local3, .LLE1)  ! iv
+
+	addcc	in2, -8, in2              ! bytes missing when first block done
+
+	bl	.ncbc.enc.seven.or.less
+	mov	in3, in4                  ! schedule
+
+.ncbc.enc.next.block:
+
+	load_little_endian(in0, out4, global4, local3, .LLE2)  ! block
+
+.ncbc.enc.next.block_1:
+
+	xor	in5, out4, in5            ! iv xor
+	xor	out5, global4, out5       ! iv xor
+
+	! parameter 8  1 for move in3 to in4, 2 for move in4 to in3
+	ip_macro(in5, out5, in5, out5, in3, 0, 0, 2)
+
+.ncbc.enc.next.block_2:
+
+!//	call .des_enc                     ! compares in2 to 8
+!	rounds inlined for alignment purposes
+
+	add	global1, 768, global4     ! address sbox 4 since register used below
+
+	rounds_macro(in5, out5, 1, .ncbc.enc.1, in3, in4) ! include encryption  ks in3
+
+	bl	.ncbc.enc.next.block_fp
+	add	in0, 8, in0               ! input address
+
+	! If 8 or more bytes are to be encrypted after this block,
+	! we combine final permutation for this block with initial
+	! permutation for next block. Load next block:
+
+	load_little_endian(in0, global3, global4, local5, .LLE12)
+
+	!  parameter 1   original left
+	!  parameter 2   original right
+	!  parameter 3   left ip
+	!  parameter 4   right ip
+	!  parameter 5   1: load ks1/ks2 to in3/in4, add 120 to in4
+	!                2: mov in4 to in3
+	!
+	! also adds -8 to length in2 and loads loop counter to out4
+
+	fp_ip_macro(out0, out1, global3, global4, 2)
+
+	store_little_endian(in1, out0, out1, local3, .SLE10)  ! block
+
+	ld	[in3], out0               ! key 7531 first round next block
+	mov 	in5, local1
+	xor	global3, out5, in5        ! iv xor next block
+
+	ld	[in3+4], out1             ! key 8642
+	add	global1, 512, global3     ! address sbox 3 since register used
+	xor	global4, local1, out5     ! iv xor next block
+
+	ba	.ncbc.enc.next.block_2
+	add	in1, 8, in1               ! output address
+
+.ncbc.enc.next.block_fp:
+
+	fp_macro(in5, out5)
+
+	store_little_endian(in1, in5, out5, local3, .SLE1)  ! block
+
+	addcc   in2, -8, in2              ! bytes missing when next block done
+
+	bpos	.ncbc.enc.next.block
+	add	in1, 8, in1
+
+.ncbc.enc.seven.or.less:
+
+	cmp	in2, -8
+
+	ble	.ncbc.enc.finish
+	nop
+
+	add	in2, 8, local1            ! bytes to load
+
+	! addr, length, dest left, dest right, temp, temp2, label, ret label
+	load_n_bytes(in0, local1, global4, out4, local2, local3, .LNB1, .ncbc.enc.next.block_1)
+
+	! Loads 1 to 7 bytes little endian to global4, out4
+
+
+.ncbc.enc.finish:
+
+	LDPTR	IVEC, local4
+	store_little_endian(local4, in5, out5, local5, .SLE2)  ! ivec
+
+	ret
+	restore
+
+
+.ncbc.dec:
+
+	STPTR	in0, INPUT
+	cmp	in2, 0                    ! length
+	add	in3, 120, in3
+
+	LDPTR	IVEC, local7              ! ivec
+	ble	.ncbc.dec.finish
+	mov	in3, in4                  ! schedule
+
+	STPTR	in1, OUTPUT
+	mov	in0, local5               ! input
+
+	load_little_endian(local7, in0, in1, local3, .LLE3)   ! ivec
+
+.ncbc.dec.next.block:
+
+	load_little_endian(local5, in5, out5, local3, .LLE4)  ! block
+
+	! parameter 6  1/2 for include encryption/decryption
+	! parameter 7  1 for mov in1 to in3
+	! parameter 8  1 for mov in3 to in4
+
+	ip_macro(in5, out5, out5, in5, in4, 2, 0, 1) ! include decryption  ks in4
+
+	fp_macro(out5, in5, 0, 1) ! 1 for input and output address to local5/7
+
+	! in2 is bytes left to be stored
+	! in2 is compared to 8 in the rounds
+
+	xor	out5, in0, out4           ! iv xor
+	bl	.ncbc.dec.seven.or.less
+	xor	in5, in1, global4         ! iv xor
+
+	! Load ivec next block now, since input and output address might be the same.
+
+	load_little_endian_inc(local5, in0, in1, local3, .LLE5)  ! iv
+
+	store_little_endian(local7, out4, global4, local3, .SLE3)
+
+	STPTR	local5, INPUT
+	add	local7, 8, local7
+	addcc   in2, -8, in2
+
+	bg	.ncbc.dec.next.block
+	STPTR	local7, OUTPUT
+
+
+.ncbc.dec.store.iv:
+
+	LDPTR	IVEC, local4              ! ivec
+	store_little_endian(local4, in0, in1, local5, .SLE4)
+
+.ncbc.dec.finish:
+
+	ret
+	restore
+
+.ncbc.dec.seven.or.less:
+
+	load_little_endian_inc(local5, in0, in1, local3, .LLE13)     ! ivec
+
+	store_n_bytes(local7, in2, global4, out4, local3, local4, .SNB1, .ncbc.dec.store.iv)
+
+
+.DES_ncbc_encrypt.end:
+	.size	 DES_ncbc_encrypt, .DES_ncbc_encrypt.end-DES_ncbc_encrypt
+
+
+! void DES_ede3_cbc_encrypt(input, output, length, ks1, ks2, ks3, ivec, enc)
+! **************************************************************************
+
+
+	.align 32
+	.global DES_ede3_cbc_encrypt
+	.type	 DES_ede3_cbc_encrypt,#function
+
+DES_ede3_cbc_encrypt:
+
+	save	%sp, FRAME, %sp
+
+	define({KS1}, { [%sp+BIAS+ARG0+3*ARGSZ] })
+	define({KS2}, { [%sp+BIAS+ARG0+4*ARGSZ] })
+	define({KS3}, { [%sp+BIAS+ARG0+5*ARGSZ] })
+
+	sethi	%hi(.PIC.DES_SPtrans-1f),global1
+	or	global1,%lo(.PIC.DES_SPtrans-1f),global1
+1:	call	.+8
+	add	%o7,global1,global1
+	sub	global1,.PIC.DES_SPtrans-.des_and,out2
+
+	LDPTR	[%fp+BIAS+ARG0+7*ARGSZ], local3          ! enc
+	LDPTR	[%fp+BIAS+ARG0+6*ARGSZ], local4          ! ivec
+	cmp	local3, 0                 ! enc
+
+	be	.ede3.dec
+	STPTR	in4, KS2
+
+	STPTR	in5, KS3
+
+	load_little_endian(local4, in5, out5, local3, .LLE6)  ! ivec
+
+	addcc	in2, -8, in2              ! bytes missing after next block
+
+	bl	.ede3.enc.seven.or.less
+	STPTR	in3, KS1
+
+.ede3.enc.next.block:
+
+	load_little_endian(in0, out4, global4, local3, .LLE7)
+
+.ede3.enc.next.block_1:
+
+	LDPTR	KS2, in4
+	xor	in5, out4, in5            ! iv xor
+	xor	out5, global4, out5       ! iv xor
+
+	LDPTR	KS1, in3
+	add	in4, 120, in4             ! for decryption we use last subkey first
+	nop
+
+	ip_macro(in5, out5, in5, out5, in3)
+
+.ede3.enc.next.block_2:
+
+	call .des_enc                     ! ks1 in3
+	nop
+
+	call .des_dec                     ! ks2 in4
+	LDPTR	KS3, in3
+
+	call .des_enc                     ! ks3 in3  compares in2 to 8
+	nop
+
+	bl	.ede3.enc.next.block_fp
+	add	in0, 8, in0
+
+	! If 8 or more bytes are to be encrypted after this block,
+	! we combine final permutation for this block with initial
+	! permutation for next block. Load next block:
+
+	load_little_endian(in0, global3, global4, local5, .LLE11)
+
+	!  parameter 1   original left
+	!  parameter 2   original right
+	!  parameter 3   left ip
+	!  parameter 4   right ip
+	!  parameter 5   1: load ks1/ks2 to in3/in4, add 120 to in4
+	!                2: mov in4 to in3
+	!
+	! also adds -8 to length in2 and loads loop counter to out4
+
+	fp_ip_macro(out0, out1, global3, global4, 1)
+
+	store_little_endian(in1, out0, out1, local3, .SLE9)  ! block
+
+	mov 	in5, local1
+	xor	global3, out5, in5        ! iv xor next block
+
+	ld	[in3], out0               ! key 7531
+	add	global1, 512, global3     ! address sbox 3
+	xor	global4, local1, out5     ! iv xor next block
+
+	ld	[in3+4], out1             ! key 8642
+	add	global1, 768, global4     ! address sbox 4
+	ba	.ede3.enc.next.block_2
+	add	in1, 8, in1
+
+.ede3.enc.next.block_fp:
+
+	fp_macro(in5, out5)
+
+	store_little_endian(in1, in5, out5, local3, .SLE5)  ! block
+
+	addcc   in2, -8, in2              ! bytes missing when next block done
+
+	bpos	.ede3.enc.next.block
+	add	in1, 8, in1
+
+.ede3.enc.seven.or.less:
+
+	cmp	in2, -8
+
+	ble	.ede3.enc.finish
+	nop
+
+	add	in2, 8, local1            ! bytes to load
+
+	! addr, length, dest left, dest right, temp, temp2, label, ret label
+	load_n_bytes(in0, local1, global4, out4, local2, local3, .LNB2, .ede3.enc.next.block_1)
+
+.ede3.enc.finish:
+
+	LDPTR	[%fp+BIAS+ARG0+6*ARGSZ], local4          ! ivec
+	store_little_endian(local4, in5, out5, local5, .SLE6)  ! ivec
+
+	ret
+	restore
+
+.ede3.dec:
+
+	STPTR	in0, INPUT
+	add	in5, 120, in5
+
+	STPTR	in1, OUTPUT
+	mov	in0, local5
+	add	in3, 120, in3
+
+	STPTR	in3, KS1
+	cmp	in2, 0
+
+	ble	.ede3.dec.finish
+	STPTR	in5, KS3
+
+	LDPTR	[%fp+BIAS+ARG0+6*ARGSZ], local7          ! iv
+	load_little_endian(local7, in0, in1, local3, .LLE8)
+
+.ede3.dec.next.block:
+
+	load_little_endian(local5, in5, out5, local3, .LLE9)
+
+	! parameter 6  1/2 for include encryption/decryption
+	! parameter 7  1 for mov in1 to in3
+	! parameter 8  1 for mov in3 to in4
+	! parameter 9  1 for load ks3 and ks2 to in4 and in3
+
+	ip_macro(in5, out5, out5, in5, in4, 2, 0, 0, 1) ! inc .des_dec ks3 in4
+
+	call .des_enc                     ! ks2 in3
+	LDPTR	KS1, in4
+
+	call .des_dec                     ! ks1 in4
+	nop
+
+	fp_macro(out5, in5, 0, 1)   ! 1 for input and output address local5/7
+
+	! in2 is bytes left to be stored
+	! in2 is compared to 8 in the rounds
+
+	xor	out5, in0, out4
+	bl	.ede3.dec.seven.or.less
+	xor	in5, in1, global4
+
+	load_little_endian_inc(local5, in0, in1, local3, .LLE10)   ! iv next block
+
+	store_little_endian(local7, out4, global4, local3, .SLE7)  ! block
+
+	STPTR	local5, INPUT
+	addcc   in2, -8, in2
+	add	local7, 8, local7
+
+	bg	.ede3.dec.next.block
+	STPTR	local7, OUTPUT
+
+.ede3.dec.store.iv:
+
+	LDPTR	[%fp+BIAS+ARG0+6*ARGSZ], local4          ! ivec
+	store_little_endian(local4, in0, in1, local5, .SLE8)  ! ivec
+
+.ede3.dec.finish:
+
+	ret
+	restore
+
+.ede3.dec.seven.or.less:
+
+	load_little_endian_inc(local5, in0, in1, local3, .LLE14)     ! iv
+
+	store_n_bytes(local7, in2, global4, out4, local3, local4, .SNB2, .ede3.dec.store.iv)
+
+
+.DES_ede3_cbc_encrypt.end:
+	.size	 DES_ede3_cbc_encrypt,.DES_ede3_cbc_encrypt.end-DES_ede3_cbc_encrypt
+
+	.align	256
+	.type	 .des_and,#object
+	.size	 .des_and,284
+
+.des_and:
+
+! This table is used for AND 0xFC when it is known that register
+! bits 8-31 are zero. Makes it possible to do three arithmetic
+! operations in one cycle.
+
+	.byte  0, 0, 0, 0, 4, 4, 4, 4
+	.byte  8, 8, 8, 8, 12, 12, 12, 12
+	.byte  16, 16, 16, 16, 20, 20, 20, 20
+	.byte  24, 24, 24, 24, 28, 28, 28, 28
+	.byte  32, 32, 32, 32, 36, 36, 36, 36
+	.byte  40, 40, 40, 40, 44, 44, 44, 44
+	.byte  48, 48, 48, 48, 52, 52, 52, 52
+	.byte  56, 56, 56, 56, 60, 60, 60, 60
+	.byte  64, 64, 64, 64, 68, 68, 68, 68
+	.byte  72, 72, 72, 72, 76, 76, 76, 76
+	.byte  80, 80, 80, 80, 84, 84, 84, 84
+	.byte  88, 88, 88, 88, 92, 92, 92, 92
+	.byte  96, 96, 96, 96, 100, 100, 100, 100
+	.byte  104, 104, 104, 104, 108, 108, 108, 108
+	.byte  112, 112, 112, 112, 116, 116, 116, 116
+	.byte  120, 120, 120, 120, 124, 124, 124, 124
+	.byte  128, 128, 128, 128, 132, 132, 132, 132
+	.byte  136, 136, 136, 136, 140, 140, 140, 140
+	.byte  144, 144, 144, 144, 148, 148, 148, 148
+	.byte  152, 152, 152, 152, 156, 156, 156, 156
+	.byte  160, 160, 160, 160, 164, 164, 164, 164
+	.byte  168, 168, 168, 168, 172, 172, 172, 172
+	.byte  176, 176, 176, 176, 180, 180, 180, 180
+	.byte  184, 184, 184, 184, 188, 188, 188, 188
+	.byte  192, 192, 192, 192, 196, 196, 196, 196
+	.byte  200, 200, 200, 200, 204, 204, 204, 204
+	.byte  208, 208, 208, 208, 212, 212, 212, 212
+	.byte  216, 216, 216, 216, 220, 220, 220, 220
+	.byte  224, 224, 224, 224, 228, 228, 228, 228
+	.byte  232, 232, 232, 232, 236, 236, 236, 236
+	.byte  240, 240, 240, 240, 244, 244, 244, 244
+	.byte  248, 248, 248, 248, 252, 252, 252, 252
+
+	! 5 numbers for initial/final permutation
+
+	.word   0x0f0f0f0f                ! offset 256
+	.word	0x0000ffff                ! 260
+	.word	0x33333333                ! 264
+	.word	0x00ff00ff                ! 268
+	.word	0x55555555                ! 272
+
+	.word	0                         ! 276
+	.word	LOOPS                     ! 280
+	.word	0x0000FC00                ! 284
+
+	.global	DES_SPtrans
+	.type	DES_SPtrans,#object
+	.size	DES_SPtrans,2048
+.align	64
+DES_SPtrans:
+.PIC.DES_SPtrans:
+	! nibble 0
+	.word	0x02080800, 0x00080000, 0x02000002, 0x02080802
+	.word	0x02000000, 0x00080802, 0x00080002, 0x02000002
+	.word	0x00080802, 0x02080800, 0x02080000, 0x00000802
+	.word	0x02000802, 0x02000000, 0x00000000, 0x00080002
+	.word	0x00080000, 0x00000002, 0x02000800, 0x00080800
+	.word	0x02080802, 0x02080000, 0x00000802, 0x02000800
+	.word	0x00000002, 0x00000800, 0x00080800, 0x02080002
+	.word	0x00000800, 0x02000802, 0x02080002, 0x00000000
+	.word	0x00000000, 0x02080802, 0x02000800, 0x00080002
+	.word	0x02080800, 0x00080000, 0x00000802, 0x02000800
+	.word	0x02080002, 0x00000800, 0x00080800, 0x02000002
+	.word	0x00080802, 0x00000002, 0x02000002, 0x02080000
+	.word	0x02080802, 0x00080800, 0x02080000, 0x02000802
+	.word	0x02000000, 0x00000802, 0x00080002, 0x00000000
+	.word	0x00080000, 0x02000000, 0x02000802, 0x02080800
+	.word	0x00000002, 0x02080002, 0x00000800, 0x00080802
+	! nibble 1
+	.word	0x40108010, 0x00000000, 0x00108000, 0x40100000
+	.word	0x40000010, 0x00008010, 0x40008000, 0x00108000
+	.word	0x00008000, 0x40100010, 0x00000010, 0x40008000
+	.word	0x00100010, 0x40108000, 0x40100000, 0x00000010
+	.word	0x00100000, 0x40008010, 0x40100010, 0x00008000
+	.word	0x00108010, 0x40000000, 0x00000000, 0x00100010
+	.word	0x40008010, 0x00108010, 0x40108000, 0x40000010
+	.word	0x40000000, 0x00100000, 0x00008010, 0x40108010
+	.word	0x00100010, 0x40108000, 0x40008000, 0x00108010
+	.word	0x40108010, 0x00100010, 0x40000010, 0x00000000
+	.word	0x40000000, 0x00008010, 0x00100000, 0x40100010
+	.word	0x00008000, 0x40000000, 0x00108010, 0x40008010
+	.word	0x40108000, 0x00008000, 0x00000000, 0x40000010
+	.word	0x00000010, 0x40108010, 0x00108000, 0x40100000
+	.word	0x40100010, 0x00100000, 0x00008010, 0x40008000
+	.word	0x40008010, 0x00000010, 0x40100000, 0x00108000
+	! nibble 2
+	.word	0x04000001, 0x04040100, 0x00000100, 0x04000101
+	.word	0x00040001, 0x04000000, 0x04000101, 0x00040100
+	.word	0x04000100, 0x00040000, 0x04040000, 0x00000001
+	.word	0x04040101, 0x00000101, 0x00000001, 0x04040001
+	.word	0x00000000, 0x00040001, 0x04040100, 0x00000100
+	.word	0x00000101, 0x04040101, 0x00040000, 0x04000001
+	.word	0x04040001, 0x04000100, 0x00040101, 0x04040000
+	.word	0x00040100, 0x00000000, 0x04000000, 0x00040101
+	.word	0x04040100, 0x00000100, 0x00000001, 0x00040000
+	.word	0x00000101, 0x00040001, 0x04040000, 0x04000101
+	.word	0x00000000, 0x04040100, 0x00040100, 0x04040001
+	.word	0x00040001, 0x04000000, 0x04040101, 0x00000001
+	.word	0x00040101, 0x04000001, 0x04000000, 0x04040101
+	.word	0x00040000, 0x04000100, 0x04000101, 0x00040100
+	.word	0x04000100, 0x00000000, 0x04040001, 0x00000101
+	.word	0x04000001, 0x00040101, 0x00000100, 0x04040000
+	! nibble 3
+	.word	0x00401008, 0x10001000, 0x00000008, 0x10401008
+	.word	0x00000000, 0x10400000, 0x10001008, 0x00400008
+	.word	0x10401000, 0x10000008, 0x10000000, 0x00001008
+	.word	0x10000008, 0x00401008, 0x00400000, 0x10000000
+	.word	0x10400008, 0x00401000, 0x00001000, 0x00000008
+	.word	0x00401000, 0x10001008, 0x10400000, 0x00001000
+	.word	0x00001008, 0x00000000, 0x00400008, 0x10401000
+	.word	0x10001000, 0x10400008, 0x10401008, 0x00400000
+	.word	0x10400008, 0x00001008, 0x00400000, 0x10000008
+	.word	0x00401000, 0x10001000, 0x00000008, 0x10400000
+	.word	0x10001008, 0x00000000, 0x00001000, 0x00400008
+	.word	0x00000000, 0x10400008, 0x10401000, 0x00001000
+	.word	0x10000000, 0x10401008, 0x00401008, 0x00400000
+	.word	0x10401008, 0x00000008, 0x10001000, 0x00401008
+	.word	0x00400008, 0x00401000, 0x10400000, 0x10001008
+	.word	0x00001008, 0x10000000, 0x10000008, 0x10401000
+	! nibble 4
+	.word	0x08000000, 0x00010000, 0x00000400, 0x08010420
+	.word	0x08010020, 0x08000400, 0x00010420, 0x08010000
+	.word	0x00010000, 0x00000020, 0x08000020, 0x00010400
+	.word	0x08000420, 0x08010020, 0x08010400, 0x00000000
+	.word	0x00010400, 0x08000000, 0x00010020, 0x00000420
+	.word	0x08000400, 0x00010420, 0x00000000, 0x08000020
+	.word	0x00000020, 0x08000420, 0x08010420, 0x00010020
+	.word	0x08010000, 0x00000400, 0x00000420, 0x08010400
+	.word	0x08010400, 0x08000420, 0x00010020, 0x08010000
+	.word	0x00010000, 0x00000020, 0x08000020, 0x08000400
+	.word	0x08000000, 0x00010400, 0x08010420, 0x00000000
+	.word	0x00010420, 0x08000000, 0x00000400, 0x00010020
+	.word	0x08000420, 0x00000400, 0x00000000, 0x08010420
+	.word	0x08010020, 0x08010400, 0x00000420, 0x00010000
+	.word	0x00010400, 0x08010020, 0x08000400, 0x00000420
+	.word	0x00000020, 0x00010420, 0x08010000, 0x08000020
+	! nibble 5
+	.word	0x80000040, 0x00200040, 0x00000000, 0x80202000
+	.word	0x00200040, 0x00002000, 0x80002040, 0x00200000
+	.word	0x00002040, 0x80202040, 0x00202000, 0x80000000
+	.word	0x80002000, 0x80000040, 0x80200000, 0x00202040
+	.word	0x00200000, 0x80002040, 0x80200040, 0x00000000
+	.word	0x00002000, 0x00000040, 0x80202000, 0x80200040
+	.word	0x80202040, 0x80200000, 0x80000000, 0x00002040
+	.word	0x00000040, 0x00202000, 0x00202040, 0x80002000
+	.word	0x00002040, 0x80000000, 0x80002000, 0x00202040
+	.word	0x80202000, 0x00200040, 0x00000000, 0x80002000
+	.word	0x80000000, 0x00002000, 0x80200040, 0x00200000
+	.word	0x00200040, 0x80202040, 0x00202000, 0x00000040
+	.word	0x80202040, 0x00202000, 0x00200000, 0x80002040
+	.word	0x80000040, 0x80200000, 0x00202040, 0x00000000
+	.word	0x00002000, 0x80000040, 0x80002040, 0x80202000
+	.word	0x80200000, 0x00002040, 0x00000040, 0x80200040
+	! nibble 6
+	.word	0x00004000, 0x00000200, 0x01000200, 0x01000004
+	.word	0x01004204, 0x00004004, 0x00004200, 0x00000000
+	.word	0x01000000, 0x01000204, 0x00000204, 0x01004000
+	.word	0x00000004, 0x01004200, 0x01004000, 0x00000204
+	.word	0x01000204, 0x00004000, 0x00004004, 0x01004204
+	.word	0x00000000, 0x01000200, 0x01000004, 0x00004200
+	.word	0x01004004, 0x00004204, 0x01004200, 0x00000004
+	.word	0x00004204, 0x01004004, 0x00000200, 0x01000000
+	.word	0x00004204, 0x01004000, 0x01004004, 0x00000204
+	.word	0x00004000, 0x00000200, 0x01000000, 0x01004004
+	.word	0x01000204, 0x00004204, 0x00004200, 0x00000000
+	.word	0x00000200, 0x01000004, 0x00000004, 0x01000200
+	.word	0x00000000, 0x01000204, 0x01000200, 0x00004200
+	.word	0x00000204, 0x00004000, 0x01004204, 0x01000000
+	.word	0x01004200, 0x00000004, 0x00004004, 0x01004204
+	.word	0x01000004, 0x01004200, 0x01004000, 0x00004004
+	! nibble 7
+	.word	0x20800080, 0x20820000, 0x00020080, 0x00000000
+	.word	0x20020000, 0x00800080, 0x20800000, 0x20820080
+	.word	0x00000080, 0x20000000, 0x00820000, 0x00020080
+	.word	0x00820080, 0x20020080, 0x20000080, 0x20800000
+	.word	0x00020000, 0x00820080, 0x00800080, 0x20020000
+	.word	0x20820080, 0x20000080, 0x00000000, 0x00820000
+	.word	0x20000000, 0x00800000, 0x20020080, 0x20800080
+	.word	0x00800000, 0x00020000, 0x20820000, 0x00000080
+	.word	0x00800000, 0x00020000, 0x20000080, 0x20820080
+	.word	0x00020080, 0x20000000, 0x00000000, 0x00820000
+	.word	0x20800080, 0x20020080, 0x20020000, 0x00800080
+	.word	0x20820000, 0x00000080, 0x00800080, 0x20020000
+	.word	0x20820080, 0x00800000, 0x20800000, 0x20000080
+	.word	0x00820000, 0x00020080, 0x20020080, 0x20800000
+	.word	0x00000080, 0x20820000, 0x00820080, 0x00000000
+	.word	0x20000000, 0x20800080, 0x00020000, 0x00820080
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/des/asm/desboth.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/des/asm/desboth.pl
new file mode 100644
index 000000000..ef7054e27
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/des/asm/desboth.pl
@@ -0,0 +1,86 @@
+#! /usr/bin/env perl
+# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+$L="edi";
+$R="esi";
+
+sub DES_encrypt3
+	{
+	local($name,$enc)=@_;
+
+	&function_begin_B($name,"");
+	&push("ebx");
+	&mov("ebx",&wparam(0));
+
+	&push("ebp");
+	&push("esi");
+
+	&push("edi");
+
+	&comment("");
+	&comment("Load the data words");
+	&mov($L,&DWP(0,"ebx","",0));
+	&mov($R,&DWP(4,"ebx","",0));
+	&stack_push(3);
+
+	&comment("");
+	&comment("IP");
+	&IP_new($L,$R,"edx",0);
+
+	# put them back
+
+	if ($enc)
+		{
+		&mov(&DWP(4,"ebx","",0),$R);
+		 &mov("eax",&wparam(1));
+		&mov(&DWP(0,"ebx","",0),"edx");
+		 &mov("edi",&wparam(2));
+		 &mov("esi",&wparam(3));
+		}
+	else
+		{
+		&mov(&DWP(4,"ebx","",0),$R);
+		 &mov("esi",&wparam(1));
+		&mov(&DWP(0,"ebx","",0),"edx");
+		 &mov("edi",&wparam(2));
+		 &mov("eax",&wparam(3));
+		}
+	&mov(&swtmp(2),	(DWC(($enc)?"1":"0")));
+	&mov(&swtmp(1),	"eax");
+	&mov(&swtmp(0),	"ebx");
+	&call("DES_encrypt2");
+	&mov(&swtmp(2),	(DWC(($enc)?"0":"1")));
+	&mov(&swtmp(1),	"edi");
+	&mov(&swtmp(0),	"ebx");
+	&call("DES_encrypt2");
+	&mov(&swtmp(2),	(DWC(($enc)?"1":"0")));
+	&mov(&swtmp(1),	"esi");
+	&mov(&swtmp(0),	"ebx");
+	&call("DES_encrypt2");
+
+	&stack_pop(3);
+	&mov($L,&DWP(0,"ebx","",0));
+	&mov($R,&DWP(4,"ebx","",0));
+
+	&comment("");
+	&comment("FP");
+	&FP_new($L,$R,"eax",0);
+
+	&mov(&DWP(0,"ebx","",0),"eax");
+	&mov(&DWP(4,"ebx","",0),$R);
+
+	&pop("edi");
+	&pop("esi");
+	&pop("ebp");
+	&pop("ebx");
+	&ret();
+	&function_end_B($name);
+	}
+
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/des/asm/dest4-sparcv9.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/des/asm/dest4-sparcv9.pl
new file mode 100644
index 000000000..fe1fdc702
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/des/asm/dest4-sparcv9.pl
@@ -0,0 +1,627 @@
+#! /usr/bin/env perl
+# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by David S. Miller and Andy Polyakov.
+# The module is licensed under 2-clause BSD
+# license. March 2013. All rights reserved.
+# ====================================================================
+
+######################################################################
+# DES for SPARC T4.
+#
+# As with other hardware-assisted ciphers CBC encrypt results [for
+# aligned data] are virtually identical to critical path lengths:
+#
+#		DES		Triple-DES
+# CBC encrypt	4.14/4.15(*)	11.7/11.7
+# CBC decrypt	1.77/4.11(**)	6.42/7.47
+#
+#			 (*)	numbers after slash are for
+#				misaligned data;
+#			 (**)	this is result for largest
+#				block size, unlike all other
+#				cases smaller blocks results
+#				are better[?];
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "sparcv9_modes.pl";
+
+$output=pop;
+open STDOUT,">$output";
+
+$code.=<<___;
+#include "sparc_arch.h"
+
+#ifdef	__arch64__
+.register       %g2,#scratch
+.register       %g3,#scratch
+#endif
+
+.text
+___
+
+{ my ($inp,$out)=("%o0","%o1");
+
+$code.=<<___;
+.align	32
+.globl	des_t4_key_expand
+.type	des_t4_key_expand,#function
+des_t4_key_expand:
+	andcc		$inp, 0x7, %g0
+	alignaddr	$inp, %g0, $inp
+	bz,pt		%icc, 1f
+	ldd		[$inp + 0x00], %f0
+	ldd		[$inp + 0x08], %f2
+	faligndata	%f0, %f2, %f0
+1:	des_kexpand	%f0, 0, %f0
+	des_kexpand	%f0, 1, %f2
+	std		%f0, [$out + 0x00]
+	des_kexpand	%f2, 3, %f6
+	std		%f2, [$out + 0x08]
+	des_kexpand	%f2, 2, %f4
+	des_kexpand	%f6, 3, %f10
+	std		%f6, [$out + 0x18]
+	des_kexpand	%f6, 2, %f8
+	std		%f4, [$out + 0x10]
+	des_kexpand	%f10, 3, %f14
+	std		%f10, [$out + 0x28]
+	des_kexpand	%f10, 2, %f12
+	std		%f8, [$out + 0x20]
+	des_kexpand	%f14, 1, %f16
+	std		%f14, [$out + 0x38]
+	des_kexpand	%f16, 3, %f20
+	std		%f12, [$out + 0x30]
+	des_kexpand	%f16, 2, %f18
+	std		%f16, [$out + 0x40]
+	des_kexpand	%f20, 3, %f24
+	std		%f20, [$out + 0x50]
+	des_kexpand	%f20, 2, %f22
+	std		%f18, [$out + 0x48]
+	des_kexpand	%f24, 3, %f28
+	std		%f24, [$out + 0x60]
+	des_kexpand	%f24, 2, %f26
+	std		%f22, [$out + 0x58]
+	des_kexpand	%f28, 1, %f30
+	std		%f28, [$out + 0x70]
+	std		%f26, [$out + 0x68]
+	retl
+	std		%f30, [$out + 0x78]
+.size	des_t4_key_expand,.-des_t4_key_expand
+___
+}
+{ my ($inp,$out,$len,$key,$ivec) = map("%o$_",(0..4));
+  my ($ileft,$iright,$omask) = map("%g$_",(1..3));
+
+$code.=<<___;
+.globl	des_t4_cbc_encrypt
+.align	32
+des_t4_cbc_encrypt:
+	cmp		$len, 0
+	be,pn		$::size_t_cc, .Lcbc_abort
+	srln		$len, 0, $len		! needed on v8+, "nop" on v9
+	ld		[$ivec + 0], %f0	! load ivec
+	ld		[$ivec + 4], %f1
+
+	and		$inp, 7, $ileft
+	andn		$inp, 7, $inp
+	sll		$ileft, 3, $ileft
+	mov		0xff, $omask
+	prefetch	[$inp], 20
+	prefetch	[$inp + 63], 20
+	sub		%g0, $ileft, $iright
+	and		$out, 7, %g4
+	alignaddrl	$out, %g0, $out
+	srl		$omask, %g4, $omask
+	srlx		$len, 3, $len
+	movrz		%g4, 0, $omask
+	prefetch	[$out], 22
+
+	ldd		[$key + 0x00], %f4	! load key schedule
+	ldd		[$key + 0x08], %f6
+	ldd		[$key + 0x10], %f8
+	ldd		[$key + 0x18], %f10
+	ldd		[$key + 0x20], %f12
+	ldd		[$key + 0x28], %f14
+	ldd		[$key + 0x30], %f16
+	ldd		[$key + 0x38], %f18
+	ldd		[$key + 0x40], %f20
+	ldd		[$key + 0x48], %f22
+	ldd		[$key + 0x50], %f24
+	ldd		[$key + 0x58], %f26
+	ldd		[$key + 0x60], %f28
+	ldd		[$key + 0x68], %f30
+	ldd		[$key + 0x70], %f32
+	ldd		[$key + 0x78], %f34
+
+.Ldes_cbc_enc_loop:
+	ldx		[$inp + 0], %g4
+	brz,pt		$ileft, 4f
+	nop
+
+	ldx		[$inp + 8], %g5
+	sllx		%g4, $ileft, %g4
+	srlx		%g5, $iright, %g5
+	or		%g5, %g4, %g4
+4:
+	movxtod		%g4, %f2
+	prefetch	[$inp + 8+63], 20
+	add		$inp, 8, $inp
+	fxor		%f2, %f0, %f0		! ^= ivec
+	prefetch	[$out + 63], 22
+
+	des_ip		%f0, %f0
+	des_round	%f4, %f6, %f0, %f0
+	des_round	%f8, %f10, %f0, %f0
+	des_round	%f12, %f14, %f0, %f0
+	des_round	%f16, %f18, %f0, %f0
+	des_round	%f20, %f22, %f0, %f0
+	des_round	%f24, %f26, %f0, %f0
+	des_round	%f28, %f30, %f0, %f0
+	des_round	%f32, %f34, %f0, %f0
+	des_iip		%f0, %f0
+
+	brnz,pn		$omask, 2f
+	sub		$len, 1, $len
+
+	std		%f0, [$out + 0]
+	brnz,pt		$len, .Ldes_cbc_enc_loop
+	add		$out, 8, $out
+
+	st		%f0, [$ivec + 0]	! write out ivec
+	retl
+	st		%f1, [$ivec + 4]
+.Lcbc_abort:
+	retl
+	nop
+
+.align	16
+2:	ldxa		[$inp]0x82, %g4		! avoid read-after-write hazard
+						! and ~4x deterioration
+						! in inp==out case
+	faligndata	%f0, %f0, %f2		! handle unaligned output
+
+	stda		%f2, [$out + $omask]0xc0	! partial store
+	add		$out, 8, $out
+	orn		%g0, $omask, $omask
+	stda		%f2, [$out + $omask]0xc0	! partial store
+
+	brnz,pt		$len, .Ldes_cbc_enc_loop+4
+	orn		%g0, $omask, $omask
+
+	st		%f0, [$ivec + 0]	! write out ivec
+	retl
+	st		%f1, [$ivec + 4]
+.type	des_t4_cbc_encrypt,#function
+.size	des_t4_cbc_encrypt,.-des_t4_cbc_encrypt
+
+.globl	des_t4_cbc_decrypt
+.align	32
+des_t4_cbc_decrypt:
+	cmp		$len, 0
+	be,pn		$::size_t_cc, .Lcbc_abort
+	srln		$len, 0, $len		! needed on v8+, "nop" on v9
+	ld		[$ivec + 0], %f2	! load ivec
+	ld		[$ivec + 4], %f3
+
+	and		$inp, 7, $ileft
+	andn		$inp, 7, $inp
+	sll		$ileft, 3, $ileft
+	mov		0xff, $omask
+	prefetch	[$inp], 20
+	prefetch	[$inp + 63], 20
+	sub		%g0, $ileft, $iright
+	and		$out, 7, %g4
+	alignaddrl	$out, %g0, $out
+	srl		$omask, %g4, $omask
+	srlx		$len, 3, $len
+	movrz		%g4, 0, $omask
+	prefetch	[$out], 22
+
+	ldd		[$key + 0x78], %f4	! load key schedule
+	ldd		[$key + 0x70], %f6
+	ldd		[$key + 0x68], %f8
+	ldd		[$key + 0x60], %f10
+	ldd		[$key + 0x58], %f12
+	ldd		[$key + 0x50], %f14
+	ldd		[$key + 0x48], %f16
+	ldd		[$key + 0x40], %f18
+	ldd		[$key + 0x38], %f20
+	ldd		[$key + 0x30], %f22
+	ldd		[$key + 0x28], %f24
+	ldd		[$key + 0x20], %f26
+	ldd		[$key + 0x18], %f28
+	ldd		[$key + 0x10], %f30
+	ldd		[$key + 0x08], %f32
+	ldd		[$key + 0x00], %f34
+
+.Ldes_cbc_dec_loop:
+	ldx		[$inp + 0], %g4
+	brz,pt		$ileft, 4f
+	nop
+
+	ldx		[$inp + 8], %g5
+	sllx		%g4, $ileft, %g4
+	srlx		%g5, $iright, %g5
+	or		%g5, %g4, %g4
+4:
+	movxtod		%g4, %f0
+	prefetch	[$inp + 8+63], 20
+	add		$inp, 8, $inp
+	prefetch	[$out + 63], 22
+
+	des_ip		%f0, %f0
+	des_round	%f4, %f6, %f0, %f0
+	des_round	%f8, %f10, %f0, %f0
+	des_round	%f12, %f14, %f0, %f0
+	des_round	%f16, %f18, %f0, %f0
+	des_round	%f20, %f22, %f0, %f0
+	des_round	%f24, %f26, %f0, %f0
+	des_round	%f28, %f30, %f0, %f0
+	des_round	%f32, %f34, %f0, %f0
+	des_iip		%f0, %f0
+
+	fxor		%f2, %f0, %f0		! ^= ivec
+	movxtod		%g4, %f2
+
+	brnz,pn		$omask, 2f
+	sub		$len, 1, $len
+
+	std		%f0, [$out + 0]
+	brnz,pt		$len, .Ldes_cbc_dec_loop
+	add		$out, 8, $out
+
+	st		%f2, [$ivec + 0]	! write out ivec
+	retl
+	st		%f3, [$ivec + 4]
+
+.align	16
+2:	ldxa		[$inp]0x82, %g4		! avoid read-after-write hazard
+						! and ~4x deterioration
+						! in inp==out case
+	faligndata	%f0, %f0, %f0		! handle unaligned output
+
+	stda		%f0, [$out + $omask]0xc0	! partial store
+	add		$out, 8, $out
+	orn		%g0, $omask, $omask
+	stda		%f0, [$out + $omask]0xc0	! partial store
+
+	brnz,pt		$len, .Ldes_cbc_dec_loop+4
+	orn		%g0, $omask, $omask
+
+	st		%f2, [$ivec + 0]	! write out ivec
+	retl
+	st		%f3, [$ivec + 4]
+.type	des_t4_cbc_decrypt,#function
+.size	des_t4_cbc_decrypt,.-des_t4_cbc_decrypt
+___
+
+# One might wonder why does one have back-to-back des_iip/des_ip
+# pairs between EDE passes. Indeed, aren't they inverse of each other?
+# They almost are. Outcome of the pair is 32-bit words being swapped
+# in target register. Consider pair of des_iip/des_ip as a way to
+# perform the due swap, it's actually fastest way in this case.
+
+$code.=<<___;
+.globl	des_t4_ede3_cbc_encrypt
+.align	32
+des_t4_ede3_cbc_encrypt:
+	cmp		$len, 0
+	be,pn		$::size_t_cc, .Lcbc_abort
+	srln		$len, 0, $len		! needed on v8+, "nop" on v9
+	ld		[$ivec + 0], %f0	! load ivec
+	ld		[$ivec + 4], %f1
+
+	and		$inp, 7, $ileft
+	andn		$inp, 7, $inp
+	sll		$ileft, 3, $ileft
+	mov		0xff, $omask
+	prefetch	[$inp], 20
+	prefetch	[$inp + 63], 20
+	sub		%g0, $ileft, $iright
+	and		$out, 7, %g4
+	alignaddrl	$out, %g0, $out
+	srl		$omask, %g4, $omask
+	srlx		$len, 3, $len
+	movrz		%g4, 0, $omask
+	prefetch	[$out], 22
+
+	ldd		[$key + 0x00], %f4	! load key schedule
+	ldd		[$key + 0x08], %f6
+	ldd		[$key + 0x10], %f8
+	ldd		[$key + 0x18], %f10
+	ldd		[$key + 0x20], %f12
+	ldd		[$key + 0x28], %f14
+	ldd		[$key + 0x30], %f16
+	ldd		[$key + 0x38], %f18
+	ldd		[$key + 0x40], %f20
+	ldd		[$key + 0x48], %f22
+	ldd		[$key + 0x50], %f24
+	ldd		[$key + 0x58], %f26
+	ldd		[$key + 0x60], %f28
+	ldd		[$key + 0x68], %f30
+	ldd		[$key + 0x70], %f32
+	ldd		[$key + 0x78], %f34
+
+.Ldes_ede3_cbc_enc_loop:
+	ldx		[$inp + 0], %g4
+	brz,pt		$ileft, 4f
+	nop
+
+	ldx		[$inp + 8], %g5
+	sllx		%g4, $ileft, %g4
+	srlx		%g5, $iright, %g5
+	or		%g5, %g4, %g4
+4:
+	movxtod		%g4, %f2
+	prefetch	[$inp + 8+63], 20
+	add		$inp, 8, $inp
+	fxor		%f2, %f0, %f0		! ^= ivec
+	prefetch	[$out + 63], 22
+
+	des_ip		%f0, %f0
+	des_round	%f4, %f6, %f0, %f0
+	des_round	%f8, %f10, %f0, %f0
+	des_round	%f12, %f14, %f0, %f0
+	des_round	%f16, %f18, %f0, %f0
+	ldd		[$key + 0x100-0x08], %f36
+	ldd		[$key + 0x100-0x10], %f38
+	des_round	%f20, %f22, %f0, %f0
+	ldd		[$key + 0x100-0x18], %f40
+	ldd		[$key + 0x100-0x20], %f42
+	des_round	%f24, %f26, %f0, %f0
+	ldd		[$key + 0x100-0x28], %f44
+	ldd		[$key + 0x100-0x30], %f46
+	des_round	%f28, %f30, %f0, %f0
+	ldd		[$key + 0x100-0x38], %f48
+	ldd		[$key + 0x100-0x40], %f50
+	des_round	%f32, %f34, %f0, %f0
+	ldd		[$key + 0x100-0x48], %f52
+	ldd		[$key + 0x100-0x50], %f54
+	des_iip		%f0, %f0
+
+	ldd		[$key + 0x100-0x58], %f56
+	ldd		[$key + 0x100-0x60], %f58
+	des_ip		%f0, %f0
+	ldd		[$key + 0x100-0x68], %f60
+	ldd		[$key + 0x100-0x70], %f62
+	des_round	%f36, %f38, %f0, %f0
+	ldd		[$key + 0x100-0x78], %f36
+	ldd		[$key + 0x100-0x80], %f38
+	des_round	%f40, %f42, %f0, %f0
+	des_round	%f44, %f46, %f0, %f0
+	des_round	%f48, %f50, %f0, %f0
+	ldd		[$key + 0x100+0x00], %f40
+	ldd		[$key + 0x100+0x08], %f42
+	des_round	%f52, %f54, %f0, %f0
+	ldd		[$key + 0x100+0x10], %f44
+	ldd		[$key + 0x100+0x18], %f46
+	des_round	%f56, %f58, %f0, %f0
+	ldd		[$key + 0x100+0x20], %f48
+	ldd		[$key + 0x100+0x28], %f50
+	des_round	%f60, %f62, %f0, %f0
+	ldd		[$key + 0x100+0x30], %f52
+	ldd		[$key + 0x100+0x38], %f54
+	des_round	%f36, %f38, %f0, %f0
+	ldd		[$key + 0x100+0x40], %f56
+	ldd		[$key + 0x100+0x48], %f58
+	des_iip		%f0, %f0
+
+	ldd		[$key + 0x100+0x50], %f60
+	ldd		[$key + 0x100+0x58], %f62
+	des_ip		%f0, %f0
+	ldd		[$key + 0x100+0x60], %f36
+	ldd		[$key + 0x100+0x68], %f38
+	des_round	%f40, %f42, %f0, %f0
+	ldd		[$key + 0x100+0x70], %f40
+	ldd		[$key + 0x100+0x78], %f42
+	des_round	%f44, %f46, %f0, %f0
+	des_round	%f48, %f50, %f0, %f0
+	des_round	%f52, %f54, %f0, %f0
+	des_round	%f56, %f58, %f0, %f0
+	des_round	%f60, %f62, %f0, %f0
+	des_round	%f36, %f38, %f0, %f0
+	des_round	%f40, %f42, %f0, %f0
+	des_iip		%f0, %f0
+
+	brnz,pn		$omask, 2f
+	sub		$len, 1, $len
+
+	std		%f0, [$out + 0]
+	brnz,pt		$len, .Ldes_ede3_cbc_enc_loop
+	add		$out, 8, $out
+
+	st		%f0, [$ivec + 0]	! write out ivec
+	retl
+	st		%f1, [$ivec + 4]
+
+.align	16
+2:	ldxa		[$inp]0x82, %g4		! avoid read-after-write hazard
+						! and ~2x deterioration
+						! in inp==out case
+	faligndata	%f0, %f0, %f2		! handle unaligned output
+
+	stda		%f2, [$out + $omask]0xc0	! partial store
+	add		$out, 8, $out
+	orn		%g0, $omask, $omask
+	stda		%f2, [$out + $omask]0xc0	! partial store
+
+	brnz,pt		$len, .Ldes_ede3_cbc_enc_loop+4
+	orn		%g0, $omask, $omask
+
+	st		%f0, [$ivec + 0]	! write out ivec
+	retl
+	st		%f1, [$ivec + 4]
+.type	des_t4_ede3_cbc_encrypt,#function
+.size	des_t4_ede3_cbc_encrypt,.-des_t4_ede3_cbc_encrypt
+
+.globl	des_t4_ede3_cbc_decrypt
+.align	32
+des_t4_ede3_cbc_decrypt:
+	cmp		$len, 0
+	be,pn		$::size_t_cc, .Lcbc_abort
+	srln		$len, 0, $len		! needed on v8+, "nop" on v9
+	ld		[$ivec + 0], %f2	! load ivec
+	ld		[$ivec + 4], %f3
+
+	and		$inp, 7, $ileft
+	andn		$inp, 7, $inp
+	sll		$ileft, 3, $ileft
+	mov		0xff, $omask
+	prefetch	[$inp], 20
+	prefetch	[$inp + 63], 20
+	sub		%g0, $ileft, $iright
+	and		$out, 7, %g4
+	alignaddrl	$out, %g0, $out
+	srl		$omask, %g4, $omask
+	srlx		$len, 3, $len
+	movrz		%g4, 0, $omask
+	prefetch	[$out], 22
+
+	ldd		[$key + 0x100+0x78], %f4	! load key schedule
+	ldd		[$key + 0x100+0x70], %f6
+	ldd		[$key + 0x100+0x68], %f8
+	ldd		[$key + 0x100+0x60], %f10
+	ldd		[$key + 0x100+0x58], %f12
+	ldd		[$key + 0x100+0x50], %f14
+	ldd		[$key + 0x100+0x48], %f16
+	ldd		[$key + 0x100+0x40], %f18
+	ldd		[$key + 0x100+0x38], %f20
+	ldd		[$key + 0x100+0x30], %f22
+	ldd		[$key + 0x100+0x28], %f24
+	ldd		[$key + 0x100+0x20], %f26
+	ldd		[$key + 0x100+0x18], %f28
+	ldd		[$key + 0x100+0x10], %f30
+	ldd		[$key + 0x100+0x08], %f32
+	ldd		[$key + 0x100+0x00], %f34
+
+.Ldes_ede3_cbc_dec_loop:
+	ldx		[$inp + 0], %g4
+	brz,pt		$ileft, 4f
+	nop
+
+	ldx		[$inp + 8], %g5
+	sllx		%g4, $ileft, %g4
+	srlx		%g5, $iright, %g5
+	or		%g5, %g4, %g4
+4:
+	movxtod		%g4, %f0
+	prefetch	[$inp + 8+63], 20
+	add		$inp, 8, $inp
+	prefetch	[$out + 63], 22
+
+	des_ip		%f0, %f0
+	des_round	%f4, %f6, %f0, %f0
+	des_round	%f8, %f10, %f0, %f0
+	des_round	%f12, %f14, %f0, %f0
+	des_round	%f16, %f18, %f0, %f0
+	ldd		[$key + 0x80+0x00], %f36
+	ldd		[$key + 0x80+0x08], %f38
+	des_round	%f20, %f22, %f0, %f0
+	ldd		[$key + 0x80+0x10], %f40
+	ldd		[$key + 0x80+0x18], %f42
+	des_round	%f24, %f26, %f0, %f0
+	ldd		[$key + 0x80+0x20], %f44
+	ldd		[$key + 0x80+0x28], %f46
+	des_round	%f28, %f30, %f0, %f0
+	ldd		[$key + 0x80+0x30], %f48
+	ldd		[$key + 0x80+0x38], %f50
+	des_round	%f32, %f34, %f0, %f0
+	ldd		[$key + 0x80+0x40], %f52
+	ldd		[$key + 0x80+0x48], %f54
+	des_iip		%f0, %f0
+
+	ldd		[$key + 0x80+0x50], %f56
+	ldd		[$key + 0x80+0x58], %f58
+	des_ip		%f0, %f0
+	ldd		[$key + 0x80+0x60], %f60
+	ldd		[$key + 0x80+0x68], %f62
+	des_round	%f36, %f38, %f0, %f0
+	ldd		[$key + 0x80+0x70], %f36
+	ldd		[$key + 0x80+0x78], %f38
+	des_round	%f40, %f42, %f0, %f0
+	des_round	%f44, %f46, %f0, %f0
+	des_round	%f48, %f50, %f0, %f0
+	ldd		[$key + 0x80-0x08], %f40
+	ldd		[$key + 0x80-0x10], %f42
+	des_round	%f52, %f54, %f0, %f0
+	ldd		[$key + 0x80-0x18], %f44
+	ldd		[$key + 0x80-0x20], %f46
+	des_round	%f56, %f58, %f0, %f0
+	ldd		[$key + 0x80-0x28], %f48
+	ldd		[$key + 0x80-0x30], %f50
+	des_round	%f60, %f62, %f0, %f0
+	ldd		[$key + 0x80-0x38], %f52
+	ldd		[$key + 0x80-0x40], %f54
+	des_round	%f36, %f38, %f0, %f0
+	ldd		[$key + 0x80-0x48], %f56
+	ldd		[$key + 0x80-0x50], %f58
+	des_iip		%f0, %f0
+
+	ldd		[$key + 0x80-0x58], %f60
+	ldd		[$key + 0x80-0x60], %f62
+	des_ip		%f0, %f0
+	ldd		[$key + 0x80-0x68], %f36
+	ldd		[$key + 0x80-0x70], %f38
+	des_round	%f40, %f42, %f0, %f0
+	ldd		[$key + 0x80-0x78], %f40
+	ldd		[$key + 0x80-0x80], %f42
+	des_round	%f44, %f46, %f0, %f0
+	des_round	%f48, %f50, %f0, %f0
+	des_round	%f52, %f54, %f0, %f0
+	des_round	%f56, %f58, %f0, %f0
+	des_round	%f60, %f62, %f0, %f0
+	des_round	%f36, %f38, %f0, %f0
+	des_round	%f40, %f42, %f0, %f0
+	des_iip		%f0, %f0
+
+	fxor		%f2, %f0, %f0		! ^= ivec
+	movxtod		%g4, %f2
+
+	brnz,pn		$omask, 2f
+	sub		$len, 1, $len
+
+	std		%f0, [$out + 0]
+	brnz,pt		$len, .Ldes_ede3_cbc_dec_loop
+	add		$out, 8, $out
+
+	st		%f2, [$ivec + 0]	! write out ivec
+	retl
+	st		%f3, [$ivec + 4]
+
+.align	16
+2:	ldxa		[$inp]0x82, %g4		! avoid read-after-write hazard
+						! and ~3x deterioration
+						! in inp==out case
+	faligndata	%f0, %f0, %f0		! handle unaligned output
+
+	stda		%f0, [$out + $omask]0xc0	! partial store
+	add		$out, 8, $out
+	orn		%g0, $omask, $omask
+	stda		%f0, [$out + $omask]0xc0	! partial store
+
+	brnz,pt		$len, .Ldes_ede3_cbc_dec_loop+4
+	orn		%g0, $omask, $omask
+
+	st		%f2, [$ivec + 0]	! write out ivec
+	retl
+	st		%f3, [$ivec + 4]
+.type	des_t4_ede3_cbc_decrypt,#function
+.size	des_t4_ede3_cbc_decrypt,.-des_t4_ede3_cbc_decrypt
+___
+}
+$code.=<<___;
+.asciz  "DES for SPARC T4, David S. Miller, Andy Polyakov"
+.align  4
+___
+
+&emit_assembler();
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/des/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/des/build.info
new file mode 100644
index 000000000..05cb154cd
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/des/build.info
@@ -0,0 +1,19 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        set_key.c  ecb_enc.c  cbc_enc.c \
+        ecb3_enc.c cfb64enc.c cfb64ede.c cfb_enc.c \
+        ofb64ede.c ofb64enc.c ofb_enc.c \
+        str2key.c  pcbc_enc.c qud_cksm.c rand_key.c \
+        {- $target{des_asm_src} -} \
+        fcrypt.c xcbc_enc.c cbc_cksm.c
+
+GENERATE[des_enc-sparc.S]=asm/des_enc.m4
+GENERATE[dest4-sparcv9.S]=asm/dest4-sparcv9.pl $(PERLASM_SCHEME)
+INCLUDE[dest4-sparcv9.o]=..
+
+GENERATE[des-586.s]=asm/des-586.pl \
+        $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS)
+DEPEND[des-586.s]=../perlasm/x86asm.pl ../perlasm/cbc.pl
+GENERATE[crypt586.s]=asm/crypt586.pl \
+        $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS)
+DEPEND[crypt586.s]=../perlasm/x86asm.pl ../perlasm/cbc.pl
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/des/cbc_cksm.c b/trunk/3rdparty/openssl-1.1-fit/crypto/des/cbc_cksm.c
new file mode 100644
index 000000000..5a1f72f82
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/des/cbc_cksm.c
@@ -0,0 +1,53 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "des_locl.h"
+
+DES_LONG DES_cbc_cksum(const unsigned char *in, DES_cblock *output,
+                       long length, DES_key_schedule *schedule,
+                       const_DES_cblock *ivec)
+{
+    register DES_LONG tout0, tout1, tin0, tin1;
+    register long l = length;
+    DES_LONG tin[2];
+    unsigned char *out = &(*output)[0];
+    const unsigned char *iv = &(*ivec)[0];
+
+    c2l(iv, tout0);
+    c2l(iv, tout1);
+    for (; l > 0; l -= 8) {
+        if (l >= 8) {
+            c2l(in, tin0);
+            c2l(in, tin1);
+        } else
+            c2ln(in, tin0, tin1, l);
+
+        tin0 ^= tout0;
+        tin[0] = tin0;
+        tin1 ^= tout1;
+        tin[1] = tin1;
+        DES_encrypt1((DES_LONG *)tin, schedule, DES_ENCRYPT);
+        tout0 = tin[0];
+        tout1 = tin[1];
+    }
+    if (out != NULL) {
+        l2c(tout0, out);
+        l2c(tout1, out);
+    }
+    tout0 = tin0 = tin1 = tin[0] = tin[1] = 0;
+    /*
+     * Transform the data in tout1 so that it will match the return value
+     * that the MIT Kerberos mit_des_cbc_cksum API returns.
+     */
+    tout1 = ((tout1 >> 24L) & 0x000000FF)
+        | ((tout1 >> 8L) & 0x0000FF00)
+        | ((tout1 << 8L) & 0x00FF0000)
+        | ((tout1 << 24L) & 0xFF000000);
+    return tout1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/des/cbc_enc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/des/cbc_enc.c
new file mode 100644
index 000000000..92e773f81
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/des/cbc_enc.c
@@ -0,0 +1,12 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#define CBC_ENC_C__DONT_UPDATE_IV
+
+#include "ncbc_enc.c"           /* des_cbc_encrypt */
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/des/cfb64ede.c b/trunk/3rdparty/openssl-1.1-fit/crypto/des/cfb64ede.c
new file mode 100644
index 000000000..21943f614
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/des/cfb64ede.c
@@ -0,0 +1,189 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "des_locl.h"
+
+/*
+ * The input and output encrypted as though 64bit cfb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+
+void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                            long length, DES_key_schedule *ks1,
+                            DES_key_schedule *ks2, DES_key_schedule *ks3,
+                            DES_cblock *ivec, int *num, int enc)
+{
+    register DES_LONG v0, v1;
+    register long l = length;
+    register int n = *num;
+    DES_LONG ti[2];
+    unsigned char *iv, c, cc;
+
+    iv = &(*ivec)[0];
+    if (enc) {
+        while (l--) {
+            if (n == 0) {
+                c2l(iv, v0);
+                c2l(iv, v1);
+
+                ti[0] = v0;
+                ti[1] = v1;
+                DES_encrypt3(ti, ks1, ks2, ks3);
+                v0 = ti[0];
+                v1 = ti[1];
+
+                iv = &(*ivec)[0];
+                l2c(v0, iv);
+                l2c(v1, iv);
+                iv = &(*ivec)[0];
+            }
+            c = *(in++) ^ iv[n];
+            *(out++) = c;
+            iv[n] = c;
+            n = (n + 1) & 0x07;
+        }
+    } else {
+        while (l--) {
+            if (n == 0) {
+                c2l(iv, v0);
+                c2l(iv, v1);
+
+                ti[0] = v0;
+                ti[1] = v1;
+                DES_encrypt3(ti, ks1, ks2, ks3);
+                v0 = ti[0];
+                v1 = ti[1];
+
+                iv = &(*ivec)[0];
+                l2c(v0, iv);
+                l2c(v1, iv);
+                iv = &(*ivec)[0];
+            }
+            cc = *(in++);
+            c = iv[n];
+            iv[n] = cc;
+            *(out++) = c ^ cc;
+            n = (n + 1) & 0x07;
+        }
+    }
+    v0 = v1 = ti[0] = ti[1] = c = cc = 0;
+    *num = n;
+}
+
+/*
+ * This is compatible with the single key CFB-r for DES, even thought that's
+ * not what EVP needs.
+ */
+
+void DES_ede3_cfb_encrypt(const unsigned char *in, unsigned char *out,
+                          int numbits, long length, DES_key_schedule *ks1,
+                          DES_key_schedule *ks2, DES_key_schedule *ks3,
+                          DES_cblock *ivec, int enc)
+{
+    register DES_LONG d0, d1, v0, v1;
+    register unsigned long l = length, n = ((unsigned int)numbits + 7) / 8;
+    register int num = numbits, i;
+    DES_LONG ti[2];
+    unsigned char *iv;
+    unsigned char ovec[16];
+
+    if (num > 64)
+        return;
+    iv = &(*ivec)[0];
+    c2l(iv, v0);
+    c2l(iv, v1);
+    if (enc) {
+        while (l >= n) {
+            l -= n;
+            ti[0] = v0;
+            ti[1] = v1;
+            DES_encrypt3(ti, ks1, ks2, ks3);
+            c2ln(in, d0, d1, n);
+            in += n;
+            d0 ^= ti[0];
+            d1 ^= ti[1];
+            l2cn(d0, d1, out, n);
+            out += n;
+            /*
+             * 30-08-94 - eay - changed because l>>32 and l<<32 are bad under
+             * gcc :-(
+             */
+            if (num == 32) {
+                v0 = v1;
+                v1 = d0;
+            } else if (num == 64) {
+                v0 = d0;
+                v1 = d1;
+            } else {
+                iv = &ovec[0];
+                l2c(v0, iv);
+                l2c(v1, iv);
+                l2c(d0, iv);
+                l2c(d1, iv);
+                /* shift ovec left most of the bits... */
+                memmove(ovec, ovec + num / 8, 8 + (num % 8 ? 1 : 0));
+                /* now the remaining bits */
+                if (num % 8 != 0)
+                    for (i = 0; i < 8; ++i) {
+                        ovec[i] <<= num % 8;
+                        ovec[i] |= ovec[i + 1] >> (8 - num % 8);
+                    }
+                iv = &ovec[0];
+                c2l(iv, v0);
+                c2l(iv, v1);
+            }
+        }
+    } else {
+        while (l >= n) {
+            l -= n;
+            ti[0] = v0;
+            ti[1] = v1;
+            DES_encrypt3(ti, ks1, ks2, ks3);
+            c2ln(in, d0, d1, n);
+            in += n;
+            /*
+             * 30-08-94 - eay - changed because l>>32 and l<<32 are bad under
+             * gcc :-(
+             */
+            if (num == 32) {
+                v0 = v1;
+                v1 = d0;
+            } else if (num == 64) {
+                v0 = d0;
+                v1 = d1;
+            } else {
+                iv = &ovec[0];
+                l2c(v0, iv);
+                l2c(v1, iv);
+                l2c(d0, iv);
+                l2c(d1, iv);
+                /* shift ovec left most of the bits... */
+                memmove(ovec, ovec + num / 8, 8 + (num % 8 ? 1 : 0));
+                /* now the remaining bits */
+                if (num % 8 != 0)
+                    for (i = 0; i < 8; ++i) {
+                        ovec[i] <<= num % 8;
+                        ovec[i] |= ovec[i + 1] >> (8 - num % 8);
+                    }
+                iv = &ovec[0];
+                c2l(iv, v0);
+                c2l(iv, v1);
+            }
+            d0 ^= ti[0];
+            d1 ^= ti[1];
+            l2cn(d0, d1, out, n);
+            out += n;
+        }
+    }
+    iv = &(*ivec)[0];
+    l2c(v0, iv);
+    l2c(v1, iv);
+    v0 = v1 = d0 = d1 = ti[0] = ti[1] = 0;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/des/cfb64enc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/des/cfb64enc.c
new file mode 100644
index 000000000..96de51b05
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/des/cfb64enc.c
@@ -0,0 +1,73 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "des_locl.h"
+
+/*
+ * The input and output encrypted as though 64bit cfb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+
+void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                       long length, DES_key_schedule *schedule,
+                       DES_cblock *ivec, int *num, int enc)
+{
+    register DES_LONG v0, v1;
+    register long l = length;
+    register int n = *num;
+    DES_LONG ti[2];
+    unsigned char *iv, c, cc;
+
+    iv = &(*ivec)[0];
+    if (enc) {
+        while (l--) {
+            if (n == 0) {
+                c2l(iv, v0);
+                ti[0] = v0;
+                c2l(iv, v1);
+                ti[1] = v1;
+                DES_encrypt1(ti, schedule, DES_ENCRYPT);
+                iv = &(*ivec)[0];
+                v0 = ti[0];
+                l2c(v0, iv);
+                v0 = ti[1];
+                l2c(v0, iv);
+                iv = &(*ivec)[0];
+            }
+            c = *(in++) ^ iv[n];
+            *(out++) = c;
+            iv[n] = c;
+            n = (n + 1) & 0x07;
+        }
+    } else {
+        while (l--) {
+            if (n == 0) {
+                c2l(iv, v0);
+                ti[0] = v0;
+                c2l(iv, v1);
+                ti[1] = v1;
+                DES_encrypt1(ti, schedule, DES_ENCRYPT);
+                iv = &(*ivec)[0];
+                v0 = ti[0];
+                l2c(v0, iv);
+                v0 = ti[1];
+                l2c(v0, iv);
+                iv = &(*ivec)[0];
+            }
+            cc = *(in++);
+            c = iv[n];
+            iv[n] = cc;
+            *(out++) = c ^ cc;
+            n = (n + 1) & 0x07;
+        }
+    }
+    v0 = v1 = ti[0] = ti[1] = c = cc = 0;
+    *num = n;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/des/cfb_enc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/des/cfb_enc.c
new file mode 100644
index 000000000..544392e40
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/des/cfb_enc.c
@@ -0,0 +1,150 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include "des_locl.h"
+#include <assert.h>
+
+/*
+ * The input and output are loaded in multiples of 8 bits. What this means is
+ * that if you hame numbits=12 and length=2 the first 12 bits will be
+ * retrieved from the first byte and half the second.  The second 12 bits
+ * will come from the 3rd and half the 4th byte.
+ */
+/*
+ * Until Aug 1 2003 this function did not correctly implement CFB-r, so it
+ * will not be compatible with any encryption prior to that date. Ben.
+ */
+void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
+                     long length, DES_key_schedule *schedule,
+                     DES_cblock *ivec, int enc)
+{
+    register DES_LONG d0, d1, v0, v1;
+    register unsigned long l = length;
+    register int num = numbits / 8, n = (numbits + 7) / 8, i, rem =
+        numbits % 8;
+    DES_LONG ti[2];
+    unsigned char *iv;
+#ifndef L_ENDIAN
+    unsigned char ovec[16];
+#else
+    unsigned int sh[4];
+    unsigned char *ovec = (unsigned char *)sh;
+
+    /* I kind of count that compiler optimizes away this assertion, */
+    assert(sizeof(sh[0]) == 4); /* as this holds true for all, */
+    /* but 16-bit platforms...      */
+
+#endif
+
+    if (numbits <= 0 || numbits > 64)
+        return;
+    iv = &(*ivec)[0];
+    c2l(iv, v0);
+    c2l(iv, v1);
+    if (enc) {
+        while (l >= (unsigned long)n) {
+            l -= n;
+            ti[0] = v0;
+            ti[1] = v1;
+            DES_encrypt1((DES_LONG *)ti, schedule, DES_ENCRYPT);
+            c2ln(in, d0, d1, n);
+            in += n;
+            d0 ^= ti[0];
+            d1 ^= ti[1];
+            l2cn(d0, d1, out, n);
+            out += n;
+            /*
+             * 30-08-94 - eay - changed because l>>32 and l<<32 are bad under
+             * gcc :-(
+             */
+            if (numbits == 32) {
+                v0 = v1;
+                v1 = d0;
+            } else if (numbits == 64) {
+                v0 = d0;
+                v1 = d1;
+            } else {
+#ifndef L_ENDIAN
+                iv = &ovec[0];
+                l2c(v0, iv);
+                l2c(v1, iv);
+                l2c(d0, iv);
+                l2c(d1, iv);
+#else
+                sh[0] = v0, sh[1] = v1, sh[2] = d0, sh[3] = d1;
+#endif
+                if (rem == 0)
+                    memmove(ovec, ovec + num, 8);
+                else
+                    for (i = 0; i < 8; ++i)
+                        ovec[i] = ovec[i + num] << rem |
+                            ovec[i + num + 1] >> (8 - rem);
+#ifdef L_ENDIAN
+                v0 = sh[0], v1 = sh[1];
+#else
+                iv = &ovec[0];
+                c2l(iv, v0);
+                c2l(iv, v1);
+#endif
+            }
+        }
+    } else {
+        while (l >= (unsigned long)n) {
+            l -= n;
+            ti[0] = v0;
+            ti[1] = v1;
+            DES_encrypt1((DES_LONG *)ti, schedule, DES_ENCRYPT);
+            c2ln(in, d0, d1, n);
+            in += n;
+            /*
+             * 30-08-94 - eay - changed because l>>32 and l<<32 are bad under
+             * gcc :-(
+             */
+            if (numbits == 32) {
+                v0 = v1;
+                v1 = d0;
+            } else if (numbits == 64) {
+                v0 = d0;
+                v1 = d1;
+            } else {
+#ifndef L_ENDIAN
+                iv = &ovec[0];
+                l2c(v0, iv);
+                l2c(v1, iv);
+                l2c(d0, iv);
+                l2c(d1, iv);
+#else
+                sh[0] = v0, sh[1] = v1, sh[2] = d0, sh[3] = d1;
+#endif
+                if (rem == 0)
+                    memmove(ovec, ovec + num, 8);
+                else
+                    for (i = 0; i < 8; ++i)
+                        ovec[i] = ovec[i + num] << rem |
+                            ovec[i + num + 1] >> (8 - rem);
+#ifdef L_ENDIAN
+                v0 = sh[0], v1 = sh[1];
+#else
+                iv = &ovec[0];
+                c2l(iv, v0);
+                c2l(iv, v1);
+#endif
+            }
+            d0 ^= ti[0];
+            d1 ^= ti[1];
+            l2cn(d0, d1, out, n);
+            out += n;
+        }
+    }
+    iv = &(*ivec)[0];
+    l2c(v0, iv);
+    l2c(v1, iv);
+    v0 = v1 = d0 = d1 = ti[0] = ti[1] = 0;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/des/des_enc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/des/des_enc.c
new file mode 100644
index 000000000..ed134ace8
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/des/des_enc.c
@@ -0,0 +1,299 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include "des_locl.h"
+#include "spr.h"
+
+void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc)
+{
+    register DES_LONG l, r, t, u;
+    register DES_LONG *s;
+
+    r = data[0];
+    l = data[1];
+
+    IP(r, l);
+    /*
+     * Things have been modified so that the initial rotate is done outside
+     * the loop.  This required the DES_SPtrans values in sp.h to be rotated
+     * 1 bit to the right. One perl script later and things have a 5% speed
+     * up on a sparc2. Thanks to Richard Outerbridge for pointing this out.
+     */
+    /* clear the top bits on machines with 8byte longs */
+    /* shift left by 2 */
+    r = ROTATE(r, 29) & 0xffffffffL;
+    l = ROTATE(l, 29) & 0xffffffffL;
+
+    s = ks->ks->deslong;
+    /*
+     * I don't know if it is worth the effort of loop unrolling the inner
+     * loop
+     */
+    if (enc) {
+        D_ENCRYPT(l, r, 0);     /* 1 */
+        D_ENCRYPT(r, l, 2);     /* 2 */
+        D_ENCRYPT(l, r, 4);     /* 3 */
+        D_ENCRYPT(r, l, 6);     /* 4 */
+        D_ENCRYPT(l, r, 8);     /* 5 */
+        D_ENCRYPT(r, l, 10);    /* 6 */
+        D_ENCRYPT(l, r, 12);    /* 7 */
+        D_ENCRYPT(r, l, 14);    /* 8 */
+        D_ENCRYPT(l, r, 16);    /* 9 */
+        D_ENCRYPT(r, l, 18);    /* 10 */
+        D_ENCRYPT(l, r, 20);    /* 11 */
+        D_ENCRYPT(r, l, 22);    /* 12 */
+        D_ENCRYPT(l, r, 24);    /* 13 */
+        D_ENCRYPT(r, l, 26);    /* 14 */
+        D_ENCRYPT(l, r, 28);    /* 15 */
+        D_ENCRYPT(r, l, 30);    /* 16 */
+    } else {
+        D_ENCRYPT(l, r, 30);    /* 16 */
+        D_ENCRYPT(r, l, 28);    /* 15 */
+        D_ENCRYPT(l, r, 26);    /* 14 */
+        D_ENCRYPT(r, l, 24);    /* 13 */
+        D_ENCRYPT(l, r, 22);    /* 12 */
+        D_ENCRYPT(r, l, 20);    /* 11 */
+        D_ENCRYPT(l, r, 18);    /* 10 */
+        D_ENCRYPT(r, l, 16);    /* 9 */
+        D_ENCRYPT(l, r, 14);    /* 8 */
+        D_ENCRYPT(r, l, 12);    /* 7 */
+        D_ENCRYPT(l, r, 10);    /* 6 */
+        D_ENCRYPT(r, l, 8);     /* 5 */
+        D_ENCRYPT(l, r, 6);     /* 4 */
+        D_ENCRYPT(r, l, 4);     /* 3 */
+        D_ENCRYPT(l, r, 2);     /* 2 */
+        D_ENCRYPT(r, l, 0);     /* 1 */
+    }
+
+    /* rotate and clear the top bits on machines with 8byte longs */
+    l = ROTATE(l, 3) & 0xffffffffL;
+    r = ROTATE(r, 3) & 0xffffffffL;
+
+    FP(r, l);
+    data[0] = l;
+    data[1] = r;
+    l = r = t = u = 0;
+}
+
+void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc)
+{
+    register DES_LONG l, r, t, u;
+    register DES_LONG *s;
+
+    r = data[0];
+    l = data[1];
+
+    /*
+     * Things have been modified so that the initial rotate is done outside
+     * the loop.  This required the DES_SPtrans values in sp.h to be rotated
+     * 1 bit to the right. One perl script later and things have a 5% speed
+     * up on a sparc2. Thanks to Richard Outerbridge for pointing this out.
+     */
+    /* clear the top bits on machines with 8byte longs */
+    r = ROTATE(r, 29) & 0xffffffffL;
+    l = ROTATE(l, 29) & 0xffffffffL;
+
+    s = ks->ks->deslong;
+    /*
+     * I don't know if it is worth the effort of loop unrolling the inner
+     * loop
+     */
+    if (enc) {
+        D_ENCRYPT(l, r, 0);     /* 1 */
+        D_ENCRYPT(r, l, 2);     /* 2 */
+        D_ENCRYPT(l, r, 4);     /* 3 */
+        D_ENCRYPT(r, l, 6);     /* 4 */
+        D_ENCRYPT(l, r, 8);     /* 5 */
+        D_ENCRYPT(r, l, 10);    /* 6 */
+        D_ENCRYPT(l, r, 12);    /* 7 */
+        D_ENCRYPT(r, l, 14);    /* 8 */
+        D_ENCRYPT(l, r, 16);    /* 9 */
+        D_ENCRYPT(r, l, 18);    /* 10 */
+        D_ENCRYPT(l, r, 20);    /* 11 */
+        D_ENCRYPT(r, l, 22);    /* 12 */
+        D_ENCRYPT(l, r, 24);    /* 13 */
+        D_ENCRYPT(r, l, 26);    /* 14 */
+        D_ENCRYPT(l, r, 28);    /* 15 */
+        D_ENCRYPT(r, l, 30);    /* 16 */
+    } else {
+        D_ENCRYPT(l, r, 30);    /* 16 */
+        D_ENCRYPT(r, l, 28);    /* 15 */
+        D_ENCRYPT(l, r, 26);    /* 14 */
+        D_ENCRYPT(r, l, 24);    /* 13 */
+        D_ENCRYPT(l, r, 22);    /* 12 */
+        D_ENCRYPT(r, l, 20);    /* 11 */
+        D_ENCRYPT(l, r, 18);    /* 10 */
+        D_ENCRYPT(r, l, 16);    /* 9 */
+        D_ENCRYPT(l, r, 14);    /* 8 */
+        D_ENCRYPT(r, l, 12);    /* 7 */
+        D_ENCRYPT(l, r, 10);    /* 6 */
+        D_ENCRYPT(r, l, 8);     /* 5 */
+        D_ENCRYPT(l, r, 6);     /* 4 */
+        D_ENCRYPT(r, l, 4);     /* 3 */
+        D_ENCRYPT(l, r, 2);     /* 2 */
+        D_ENCRYPT(r, l, 0);     /* 1 */
+    }
+    /* rotate and clear the top bits on machines with 8byte longs */
+    data[0] = ROTATE(l, 3) & 0xffffffffL;
+    data[1] = ROTATE(r, 3) & 0xffffffffL;
+    l = r = t = u = 0;
+}
+
+void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1,
+                  DES_key_schedule *ks2, DES_key_schedule *ks3)
+{
+    register DES_LONG l, r;
+
+    l = data[0];
+    r = data[1];
+    IP(l, r);
+    data[0] = l;
+    data[1] = r;
+    DES_encrypt2((DES_LONG *)data, ks1, DES_ENCRYPT);
+    DES_encrypt2((DES_LONG *)data, ks2, DES_DECRYPT);
+    DES_encrypt2((DES_LONG *)data, ks3, DES_ENCRYPT);
+    l = data[0];
+    r = data[1];
+    FP(r, l);
+    data[0] = l;
+    data[1] = r;
+}
+
+void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1,
+                  DES_key_schedule *ks2, DES_key_schedule *ks3)
+{
+    register DES_LONG l, r;
+
+    l = data[0];
+    r = data[1];
+    IP(l, r);
+    data[0] = l;
+    data[1] = r;
+    DES_encrypt2((DES_LONG *)data, ks3, DES_DECRYPT);
+    DES_encrypt2((DES_LONG *)data, ks2, DES_ENCRYPT);
+    DES_encrypt2((DES_LONG *)data, ks1, DES_DECRYPT);
+    l = data[0];
+    r = data[1];
+    FP(r, l);
+    data[0] = l;
+    data[1] = r;
+}
+
+#ifndef DES_DEFAULT_OPTIONS
+
+# undef CBC_ENC_C__DONT_UPDATE_IV
+# include "ncbc_enc.c"          /* DES_ncbc_encrypt */
+
+void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output,
+                          long length, DES_key_schedule *ks1,
+                          DES_key_schedule *ks2, DES_key_schedule *ks3,
+                          DES_cblock *ivec, int enc)
+{
+    register DES_LONG tin0, tin1;
+    register DES_LONG tout0, tout1, xor0, xor1;
+    register const unsigned char *in;
+    unsigned char *out;
+    register long l = length;
+    DES_LONG tin[2];
+    unsigned char *iv;
+
+    in = input;
+    out = output;
+    iv = &(*ivec)[0];
+
+    if (enc) {
+        c2l(iv, tout0);
+        c2l(iv, tout1);
+        for (l -= 8; l >= 0; l -= 8) {
+            c2l(in, tin0);
+            c2l(in, tin1);
+            tin0 ^= tout0;
+            tin1 ^= tout1;
+
+            tin[0] = tin0;
+            tin[1] = tin1;
+            DES_encrypt3((DES_LONG *)tin, ks1, ks2, ks3);
+            tout0 = tin[0];
+            tout1 = tin[1];
+
+            l2c(tout0, out);
+            l2c(tout1, out);
+        }
+        if (l != -8) {
+            c2ln(in, tin0, tin1, l + 8);
+            tin0 ^= tout0;
+            tin1 ^= tout1;
+
+            tin[0] = tin0;
+            tin[1] = tin1;
+            DES_encrypt3((DES_LONG *)tin, ks1, ks2, ks3);
+            tout0 = tin[0];
+            tout1 = tin[1];
+
+            l2c(tout0, out);
+            l2c(tout1, out);
+        }
+        iv = &(*ivec)[0];
+        l2c(tout0, iv);
+        l2c(tout1, iv);
+    } else {
+        register DES_LONG t0, t1;
+
+        c2l(iv, xor0);
+        c2l(iv, xor1);
+        for (l -= 8; l >= 0; l -= 8) {
+            c2l(in, tin0);
+            c2l(in, tin1);
+
+            t0 = tin0;
+            t1 = tin1;
+
+            tin[0] = tin0;
+            tin[1] = tin1;
+            DES_decrypt3((DES_LONG *)tin, ks1, ks2, ks3);
+            tout0 = tin[0];
+            tout1 = tin[1];
+
+            tout0 ^= xor0;
+            tout1 ^= xor1;
+            l2c(tout0, out);
+            l2c(tout1, out);
+            xor0 = t0;
+            xor1 = t1;
+        }
+        if (l != -8) {
+            c2l(in, tin0);
+            c2l(in, tin1);
+
+            t0 = tin0;
+            t1 = tin1;
+
+            tin[0] = tin0;
+            tin[1] = tin1;
+            DES_decrypt3((DES_LONG *)tin, ks1, ks2, ks3);
+            tout0 = tin[0];
+            tout1 = tin[1];
+
+            tout0 ^= xor0;
+            tout1 ^= xor1;
+            l2cn(tout0, tout1, out, l + 8);
+            xor0 = t0;
+            xor1 = t1;
+        }
+
+        iv = &(*ivec)[0];
+        l2c(xor0, iv);
+        l2c(xor1, iv);
+    }
+    tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
+    tin[0] = tin[1] = 0;
+}
+
+#endif                          /* DES_DEFAULT_OPTIONS */
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/des/des_locl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/des/des_locl.h
new file mode 100644
index 000000000..f401e6f3e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/des/des_locl.h
@@ -0,0 +1,226 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_DES_LOCL_H
+# define HEADER_DES_LOCL_H
+
+# include <openssl/e_os2.h>
+
+# include <stdio.h>
+# include <stdlib.h>
+# include <string.h>
+
+# include <openssl/des.h>
+
+# ifdef OPENSSL_BUILD_SHLIBCRYPTO
+#  undef OPENSSL_EXTERN
+#  define OPENSSL_EXTERN OPENSSL_EXPORT
+# endif
+
+# define ITERATIONS 16
+# define HALF_ITERATIONS 8
+
+# define c2l(c,l)        (l =((DES_LONG)(*((c)++)))    , \
+                         l|=((DES_LONG)(*((c)++)))<< 8L, \
+                         l|=((DES_LONG)(*((c)++)))<<16L, \
+                         l|=((DES_LONG)(*((c)++)))<<24L)
+
+/* NOTE - c is not incremented as per c2l */
+# define c2ln(c,l1,l2,n) { \
+                        c+=n; \
+                        l1=l2=0; \
+                        switch (n) { \
+                        case 8: l2 =((DES_LONG)(*(--(c))))<<24L; \
+                        /* fall thru */                          \
+                        case 7: l2|=((DES_LONG)(*(--(c))))<<16L; \
+                        /* fall thru */                          \
+                        case 6: l2|=((DES_LONG)(*(--(c))))<< 8L; \
+                        /* fall thru */                          \
+                        case 5: l2|=((DES_LONG)(*(--(c))));      \
+                        /* fall thru */                          \
+                        case 4: l1 =((DES_LONG)(*(--(c))))<<24L; \
+                        /* fall thru */                          \
+                        case 3: l1|=((DES_LONG)(*(--(c))))<<16L; \
+                        /* fall thru */                          \
+                        case 2: l1|=((DES_LONG)(*(--(c))))<< 8L; \
+                        /* fall thru */                          \
+                        case 1: l1|=((DES_LONG)(*(--(c))));      \
+                                } \
+                        }
+
+# define l2c(l,c)        (*((c)++)=(unsigned char)(((l)     )&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>24L)&0xff))
+
+/*
+ * replacements for htonl and ntohl since I have no idea what to do when
+ * faced with machines with 8 byte longs.
+ */
+
+# define n2l(c,l)        (l =((DES_LONG)(*((c)++)))<<24L, \
+                         l|=((DES_LONG)(*((c)++)))<<16L, \
+                         l|=((DES_LONG)(*((c)++)))<< 8L, \
+                         l|=((DES_LONG)(*((c)++))))
+
+# define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)     )&0xff))
+
+/* NOTE - c is not incremented as per l2c */
+# define l2cn(l1,l2,c,n) { \
+                        c+=n; \
+                        switch (n) { \
+                        case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
+                        /* fall thru */                                     \
+                        case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
+                        /* fall thru */                                     \
+                        case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
+                        /* fall thru */                                     \
+                        case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \
+                        /* fall thru */                                     \
+                        case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
+                        /* fall thru */                                     \
+                        case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
+                        /* fall thru */                                     \
+                        case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
+                        /* fall thru */                                     \
+                        case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \
+                                } \
+                        }
+
+# if defined(_MSC_VER)
+#  define ROTATE(a,n)     (_lrotr(a,n))
+# elif defined(__ICC)
+#  define ROTATE(a,n)     (_rotr(a,n))
+# elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC)
+#  if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
+#   define ROTATE(a,n)   ({ register unsigned int ret;   \
+                                asm ("rorl %1,%0"       \
+                                        : "=r"(ret)     \
+                                        : "I"(n),"0"(a) \
+                                        : "cc");        \
+                           ret;                         \
+                        })
+#  endif
+# endif
+# ifndef ROTATE
+#  define ROTATE(a,n)     (((a)>>(n))+((a)<<(32-(n))))
+# endif
+
+/*
+ * Don't worry about the LOAD_DATA() stuff, that is used by fcrypt() to add
+ * it's little bit to the front
+ */
+
+# ifdef DES_FCRYPT
+
+#  define LOAD_DATA_tmp(R,S,u,t,E0,E1) \
+        { DES_LONG tmp; LOAD_DATA(R,S,u,t,E0,E1,tmp); }
+
+#  define LOAD_DATA(R,S,u,t,E0,E1,tmp) \
+        t=R^(R>>16L); \
+        u=t&E0; t&=E1; \
+        tmp=(u<<16); u^=R^s[S  ]; u^=tmp; \
+        tmp=(t<<16); t^=R^s[S+1]; t^=tmp
+# else
+#  define LOAD_DATA_tmp(a,b,c,d,e,f) LOAD_DATA(a,b,c,d,e,f,g)
+#  define LOAD_DATA(R,S,u,t,E0,E1,tmp) \
+        u=R^s[S  ]; \
+        t=R^s[S+1]
+# endif
+
+/*
+ * It recently occurred to me that 0^0^0^0^0^0^0 == 0, so there is no reason
+ * to not xor all the sub items together.  This potentially saves a register
+ * since things can be xored directly into L
+ */
+
+# define D_ENCRYPT(LL,R,S) { \
+        LOAD_DATA_tmp(R,S,u,t,E0,E1); \
+        t=ROTATE(t,4); \
+        LL^= \
+            DES_SPtrans[0][(u>> 2L)&0x3f]^ \
+            DES_SPtrans[2][(u>>10L)&0x3f]^ \
+            DES_SPtrans[4][(u>>18L)&0x3f]^ \
+            DES_SPtrans[6][(u>>26L)&0x3f]^ \
+            DES_SPtrans[1][(t>> 2L)&0x3f]^ \
+            DES_SPtrans[3][(t>>10L)&0x3f]^ \
+            DES_SPtrans[5][(t>>18L)&0x3f]^ \
+            DES_SPtrans[7][(t>>26L)&0x3f]; }
+
+        /*-
+         * IP and FP
+         * The problem is more of a geometric problem that random bit fiddling.
+         0  1  2  3  4  5  6  7      62 54 46 38 30 22 14  6
+         8  9 10 11 12 13 14 15      60 52 44 36 28 20 12  4
+        16 17 18 19 20 21 22 23      58 50 42 34 26 18 10  2
+        24 25 26 27 28 29 30 31  to  56 48 40 32 24 16  8  0
+
+        32 33 34 35 36 37 38 39      63 55 47 39 31 23 15  7
+        40 41 42 43 44 45 46 47      61 53 45 37 29 21 13  5
+        48 49 50 51 52 53 54 55      59 51 43 35 27 19 11  3
+        56 57 58 59 60 61 62 63      57 49 41 33 25 17  9  1
+
+        The output has been subject to swaps of the form
+        0 1 -> 3 1 but the odd and even bits have been put into
+        2 3    2 0
+        different words.  The main trick is to remember that
+        t=((l>>size)^r)&(mask);
+        r^=t;
+        l^=(t<<size);
+        can be used to swap and move bits between words.
+
+        So l =  0  1  2  3  r = 16 17 18 19
+                4  5  6  7      20 21 22 23
+                8  9 10 11      24 25 26 27
+               12 13 14 15      28 29 30 31
+        becomes (for size == 2 and mask == 0x3333)
+           t =   2^16  3^17 -- --   l =  0  1 16 17  r =  2  3 18 19
+                 6^20  7^21 -- --        4  5 20 21       6  7 22 23
+                10^24 11^25 -- --        8  9 24 25      10 11 24 25
+                14^28 15^29 -- --       12 13 28 29      14 15 28 29
+
+        Thanks for hints from Richard Outerbridge - he told me IP&FP
+        could be done in 15 xor, 10 shifts and 5 ands.
+        When I finally started to think of the problem in 2D
+        I first got ~42 operations without xors.  When I remembered
+        how to use xors :-) I got it to its final state.
+        */
+# define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
+        (b)^=(t),\
+        (a)^=((t)<<(n)))
+
+# define IP(l,r) \
+        { \
+        register DES_LONG tt; \
+        PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \
+        PERM_OP(l,r,tt,16,0x0000ffffL); \
+        PERM_OP(r,l,tt, 2,0x33333333L); \
+        PERM_OP(l,r,tt, 8,0x00ff00ffL); \
+        PERM_OP(r,l,tt, 1,0x55555555L); \
+        }
+
+# define FP(l,r) \
+        { \
+        register DES_LONG tt; \
+        PERM_OP(l,r,tt, 1,0x55555555L); \
+        PERM_OP(r,l,tt, 8,0x00ff00ffL); \
+        PERM_OP(l,r,tt, 2,0x33333333L); \
+        PERM_OP(r,l,tt,16,0x0000ffffL); \
+        PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \
+        }
+
+extern const DES_LONG DES_SPtrans[8][64];
+
+void fcrypt_body(DES_LONG *out, DES_key_schedule *ks,
+                 DES_LONG Eswap0, DES_LONG Eswap1);
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/des/ecb3_enc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/des/ecb3_enc.c
new file mode 100644
index 000000000..6ac89d4e7
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/des/ecb3_enc.c
@@ -0,0 +1,33 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "des_locl.h"
+
+void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,
+                      DES_key_schedule *ks1, DES_key_schedule *ks2,
+                      DES_key_schedule *ks3, int enc)
+{
+    register DES_LONG l0, l1;
+    DES_LONG ll[2];
+    const unsigned char *in = &(*input)[0];
+    unsigned char *out = &(*output)[0];
+
+    c2l(in, l0);
+    c2l(in, l1);
+    ll[0] = l0;
+    ll[1] = l1;
+    if (enc)
+        DES_encrypt3(ll, ks1, ks2, ks3);
+    else
+        DES_decrypt3(ll, ks1, ks2, ks3);
+    l0 = ll[0];
+    l1 = ll[1];
+    l2c(l0, out);
+    l2c(l1, out);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/des/ecb_enc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/des/ecb_enc.c
new file mode 100644
index 000000000..5ed079d15
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/des/ecb_enc.c
@@ -0,0 +1,48 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "des_locl.h"
+#include <openssl/opensslv.h>
+#include <openssl/bio.h>
+
+
+const char *DES_options(void)
+{
+    static int init = 1;
+    static char buf[12];
+
+    if (init) {
+        if (sizeof(DES_LONG) != sizeof(long))
+            OPENSSL_strlcpy(buf, "des(int)", sizeof(buf));
+        else
+            OPENSSL_strlcpy(buf, "des(long)", sizeof(buf));
+        init = 0;
+    }
+    return buf;
+}
+
+void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output,
+                     DES_key_schedule *ks, int enc)
+{
+    register DES_LONG l;
+    DES_LONG ll[2];
+    const unsigned char *in = &(*input)[0];
+    unsigned char *out = &(*output)[0];
+
+    c2l(in, l);
+    ll[0] = l;
+    c2l(in, l);
+    ll[1] = l;
+    DES_encrypt1(ll, ks, enc);
+    l = ll[0];
+    l2c(l, out);
+    l = ll[1];
+    l2c(l, out);
+    l = ll[0] = ll[1] = 0;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/des/fcrypt.c b/trunk/3rdparty/openssl-1.1-fit/crypto/des/fcrypt.c
new file mode 100644
index 000000000..aaee4bf23
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/des/fcrypt.c
@@ -0,0 +1,149 @@
+/*
+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* NOCW */
+#include <stdio.h>
+#ifdef _OSD_POSIX
+# ifndef CHARSET_EBCDIC
+#  define CHARSET_EBCDIC 1
+# endif
+#endif
+#ifdef CHARSET_EBCDIC
+# include <openssl/ebcdic.h>
+#endif
+
+#include <openssl/crypto.h>
+#include "des_locl.h"
+
+/*
+ * Added more values to handle illegal salt values the way normal crypt()
+ * implementations do.
+ */
+static unsigned const char con_salt[128] = {
+    0xD2, 0xD3, 0xD4, 0xD5, 0xD6, 0xD7, 0xD8, 0xD9,
+    0xDA, 0xDB, 0xDC, 0xDD, 0xDE, 0xDF, 0xE0, 0xE1,
+    0xE2, 0xE3, 0xE4, 0xE5, 0xE6, 0xE7, 0xE8, 0xE9,
+    0xEA, 0xEB, 0xEC, 0xED, 0xEE, 0xEF, 0xF0, 0xF1,
+    0xF2, 0xF3, 0xF4, 0xF5, 0xF6, 0xF7, 0xF8, 0xF9,
+    0xFA, 0xFB, 0xFC, 0xFD, 0xFE, 0xFF, 0x00, 0x01,
+    0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+    0x0A, 0x0B, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A,
+    0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12,
+    0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A,
+    0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22,
+    0x23, 0x24, 0x25, 0x20, 0x21, 0x22, 0x23, 0x24,
+    0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C,
+    0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34,
+    0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C,
+    0x3D, 0x3E, 0x3F, 0x40, 0x41, 0x42, 0x43, 0x44,
+};
+
+static unsigned const char cov_2char[64] = {
+    0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35,
+    0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44,
+    0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C,
+    0x4D, 0x4E, 0x4F, 0x50, 0x51, 0x52, 0x53, 0x54,
+    0x55, 0x56, 0x57, 0x58, 0x59, 0x5A, 0x61, 0x62,
+    0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6A,
+    0x6B, 0x6C, 0x6D, 0x6E, 0x6F, 0x70, 0x71, 0x72,
+    0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7A
+};
+
+char *DES_crypt(const char *buf, const char *salt)
+{
+    static char buff[14];
+
+#ifndef CHARSET_EBCDIC
+    return DES_fcrypt(buf, salt, buff);
+#else
+    char e_salt[2 + 1];
+    char e_buf[32 + 1];         /* replace 32 by 8 ? */
+    char *ret;
+
+    if (salt[0] == '\0' || salt[1] == '\0')
+        return NULL;
+
+    /* Copy salt, convert to ASCII. */
+    e_salt[0] = salt[0];
+    e_salt[1] = salt[1];
+    e_salt[2] = '\0';
+    ebcdic2ascii(e_salt, e_salt, sizeof(e_salt));
+
+    /* Convert password to ASCII. */
+    OPENSSL_strlcpy(e_buf, buf, sizeof(e_buf));
+    ebcdic2ascii(e_buf, e_buf, sizeof(e_buf));
+
+    /* Encrypt it (from/to ASCII); if it worked, convert back. */
+    ret = DES_fcrypt(e_buf, e_salt, buff);
+    if (ret != NULL)
+        ascii2ebcdic(ret, ret, strlen(ret));
+
+    return ret;
+#endif
+}
+
+char *DES_fcrypt(const char *buf, const char *salt, char *ret)
+{
+    unsigned int i, j, x, y;
+    DES_LONG Eswap0, Eswap1;
+    DES_LONG out[2], ll;
+    DES_cblock key;
+    DES_key_schedule ks;
+    unsigned char bb[9];
+    unsigned char *b = bb;
+    unsigned char c, u;
+
+    x = ret[0] = salt[0];
+    if (x == 0 || x >= sizeof(con_salt))
+        return NULL;
+    Eswap0 = con_salt[x] << 2;
+    x = ret[1] = salt[1];
+    if (x == 0 || x >= sizeof(con_salt))
+        return NULL;
+    Eswap1 = con_salt[x] << 6;
+
+    /*
+     * EAY r=strlen(buf); r=(r+7)/8;
+     */
+    for (i = 0; i < 8; i++) {
+        c = *(buf++);
+        if (!c)
+            break;
+        key[i] = (c << 1);
+    }
+    for (; i < 8; i++)
+        key[i] = 0;
+
+    DES_set_key_unchecked(&key, &ks);
+    fcrypt_body(&(out[0]), &ks, Eswap0, Eswap1);
+
+    ll = out[0];
+    l2c(ll, b);
+    ll = out[1];
+    l2c(ll, b);
+    y = 0;
+    u = 0x80;
+    bb[8] = 0;
+    for (i = 2; i < 13; i++) {
+        c = 0;
+        for (j = 0; j < 6; j++) {
+            c <<= 1;
+            if (bb[y] & u)
+                c |= 1;
+            u >>= 1;
+            if (!u) {
+                y++;
+                u = 0x80;
+            }
+        }
+        ret[i] = cov_2char[c];
+    }
+    ret[13] = '\0';
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/des/fcrypt_b.c b/trunk/3rdparty/openssl-1.1-fit/crypto/des/fcrypt_b.c
new file mode 100644
index 000000000..fe2369a93
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/des/fcrypt_b.c
@@ -0,0 +1,72 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+
+#define DES_FCRYPT
+#include "des_locl.h"
+#undef DES_FCRYPT
+
+#undef PERM_OP
+#define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
+        (b)^=(t),\
+        (a)^=((t)<<(n)))
+
+#undef HPERM_OP
+#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\
+        (a)=(a)^(t)^(t>>(16-(n))))\
+
+void fcrypt_body(DES_LONG *out, DES_key_schedule *ks, DES_LONG Eswap0,
+                 DES_LONG Eswap1)
+{
+    register DES_LONG l, r, t, u;
+    register DES_LONG *s;
+    register int j;
+    register DES_LONG E0, E1;
+
+    l = 0;
+    r = 0;
+
+    s = (DES_LONG *)ks;
+    E0 = Eswap0;
+    E1 = Eswap1;
+
+    for (j = 0; j < 25; j++) {
+        D_ENCRYPT(l, r, 0);     /* 1 */
+        D_ENCRYPT(r, l, 2);     /* 2 */
+        D_ENCRYPT(l, r, 4);     /* 3 */
+        D_ENCRYPT(r, l, 6);     /* 4 */
+        D_ENCRYPT(l, r, 8);     /* 5 */
+        D_ENCRYPT(r, l, 10);    /* 6 */
+        D_ENCRYPT(l, r, 12);    /* 7 */
+        D_ENCRYPT(r, l, 14);    /* 8 */
+        D_ENCRYPT(l, r, 16);    /* 9 */
+        D_ENCRYPT(r, l, 18);    /* 10 */
+        D_ENCRYPT(l, r, 20);    /* 11 */
+        D_ENCRYPT(r, l, 22);    /* 12 */
+        D_ENCRYPT(l, r, 24);    /* 13 */
+        D_ENCRYPT(r, l, 26);    /* 14 */
+        D_ENCRYPT(l, r, 28);    /* 15 */
+        D_ENCRYPT(r, l, 30);    /* 16 */
+        t = l;
+        l = r;
+        r = t;
+    }
+    l = ROTATE(l, 3) & 0xffffffffL;
+    r = ROTATE(r, 3) & 0xffffffffL;
+
+    PERM_OP(l, r, t,  1, 0x55555555L);
+    PERM_OP(r, l, t,  8, 0x00ff00ffL);
+    PERM_OP(l, r, t,  2, 0x33333333L);
+    PERM_OP(r, l, t, 16, 0x0000ffffL);
+    PERM_OP(l, r, t,  4, 0x0f0f0f0fL);
+
+    out[0] = r;
+    out[1] = l;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/des/ncbc_enc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/des/ncbc_enc.c
new file mode 100644
index 000000000..244f15ca2
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/des/ncbc_enc.c
@@ -0,0 +1,106 @@
+/*
+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*-
+ * #included by:
+ *    cbc_enc.c  (DES_cbc_encrypt)
+ *    des_enc.c  (DES_ncbc_encrypt)
+ */
+
+#include "des_locl.h"
+
+#ifdef CBC_ENC_C__DONT_UPDATE_IV
+void DES_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+                     DES_key_schedule *_schedule, DES_cblock *ivec, int enc)
+#else
+void DES_ncbc_encrypt(const unsigned char *in, unsigned char *out,
+                      long length, DES_key_schedule *_schedule,
+                      DES_cblock *ivec, int enc)
+#endif
+{
+    register DES_LONG tin0, tin1;
+    register DES_LONG tout0, tout1, xor0, xor1;
+    register long l = length;
+    DES_LONG tin[2];
+    unsigned char *iv;
+
+    iv = &(*ivec)[0];
+
+    if (enc) {
+        c2l(iv, tout0);
+        c2l(iv, tout1);
+        for (l -= 8; l >= 0; l -= 8) {
+            c2l(in, tin0);
+            c2l(in, tin1);
+            tin0 ^= tout0;
+            tin[0] = tin0;
+            tin1 ^= tout1;
+            tin[1] = tin1;
+            DES_encrypt1((DES_LONG *)tin, _schedule, DES_ENCRYPT);
+            tout0 = tin[0];
+            l2c(tout0, out);
+            tout1 = tin[1];
+            l2c(tout1, out);
+        }
+        if (l != -8) {
+            c2ln(in, tin0, tin1, l + 8);
+            tin0 ^= tout0;
+            tin[0] = tin0;
+            tin1 ^= tout1;
+            tin[1] = tin1;
+            DES_encrypt1((DES_LONG *)tin, _schedule, DES_ENCRYPT);
+            tout0 = tin[0];
+            l2c(tout0, out);
+            tout1 = tin[1];
+            l2c(tout1, out);
+        }
+#ifndef CBC_ENC_C__DONT_UPDATE_IV
+        iv = &(*ivec)[0];
+        l2c(tout0, iv);
+        l2c(tout1, iv);
+#endif
+    } else {
+        c2l(iv, xor0);
+        c2l(iv, xor1);
+        for (l -= 8; l >= 0; l -= 8) {
+            c2l(in, tin0);
+            tin[0] = tin0;
+            c2l(in, tin1);
+            tin[1] = tin1;
+            DES_encrypt1((DES_LONG *)tin, _schedule, DES_DECRYPT);
+            tout0 = tin[0] ^ xor0;
+            tout1 = tin[1] ^ xor1;
+            l2c(tout0, out);
+            l2c(tout1, out);
+            xor0 = tin0;
+            xor1 = tin1;
+        }
+        if (l != -8) {
+            c2l(in, tin0);
+            tin[0] = tin0;
+            c2l(in, tin1);
+            tin[1] = tin1;
+            DES_encrypt1((DES_LONG *)tin, _schedule, DES_DECRYPT);
+            tout0 = tin[0] ^ xor0;
+            tout1 = tin[1] ^ xor1;
+            l2cn(tout0, tout1, out, l + 8);
+#ifndef CBC_ENC_C__DONT_UPDATE_IV
+            xor0 = tin0;
+            xor1 = tin1;
+#endif
+        }
+#ifndef CBC_ENC_C__DONT_UPDATE_IV
+        iv = &(*ivec)[0];
+        l2c(xor0, iv);
+        l2c(xor1, iv);
+#endif
+    }
+    tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
+    tin[0] = tin[1] = 0;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/des/ofb64ede.c b/trunk/3rdparty/openssl-1.1-fit/crypto/des/ofb64ede.c
new file mode 100644
index 000000000..a551a07e0
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/des/ofb64ede.c
@@ -0,0 +1,62 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "des_locl.h"
+
+/*
+ * The input and output encrypted as though 64bit ofb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+void DES_ede3_ofb64_encrypt(register const unsigned char *in,
+                            register unsigned char *out, long length,
+                            DES_key_schedule *k1, DES_key_schedule *k2,
+                            DES_key_schedule *k3, DES_cblock *ivec, int *num)
+{
+    register DES_LONG v0, v1;
+    register int n = *num;
+    register long l = length;
+    DES_cblock d;
+    register char *dp;
+    DES_LONG ti[2];
+    unsigned char *iv;
+    int save = 0;
+
+    iv = &(*ivec)[0];
+    c2l(iv, v0);
+    c2l(iv, v1);
+    ti[0] = v0;
+    ti[1] = v1;
+    dp = (char *)d;
+    l2c(v0, dp);
+    l2c(v1, dp);
+    while (l--) {
+        if (n == 0) {
+            /* ti[0]=v0; */
+            /* ti[1]=v1; */
+            DES_encrypt3(ti, k1, k2, k3);
+            v0 = ti[0];
+            v1 = ti[1];
+
+            dp = (char *)d;
+            l2c(v0, dp);
+            l2c(v1, dp);
+            save++;
+        }
+        *(out++) = *(in++) ^ d[n];
+        n = (n + 1) & 0x07;
+    }
+    if (save) {
+        iv = &(*ivec)[0];
+        l2c(v0, iv);
+        l2c(v1, iv);
+    }
+    v0 = v1 = ti[0] = ti[1] = 0;
+    *num = n;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/des/ofb64enc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/des/ofb64enc.c
new file mode 100644
index 000000000..30976c871
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/des/ofb64enc.c
@@ -0,0 +1,60 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "des_locl.h"
+
+/*
+ * The input and output encrypted as though 64bit ofb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+void DES_ofb64_encrypt(register const unsigned char *in,
+                       register unsigned char *out, long length,
+                       DES_key_schedule *schedule, DES_cblock *ivec, int *num)
+{
+    register DES_LONG v0, v1, t;
+    register int n = *num;
+    register long l = length;
+    DES_cblock d;
+    register unsigned char *dp;
+    DES_LONG ti[2];
+    unsigned char *iv;
+    int save = 0;
+
+    iv = &(*ivec)[0];
+    c2l(iv, v0);
+    c2l(iv, v1);
+    ti[0] = v0;
+    ti[1] = v1;
+    dp = d;
+    l2c(v0, dp);
+    l2c(v1, dp);
+    while (l--) {
+        if (n == 0) {
+            DES_encrypt1(ti, schedule, DES_ENCRYPT);
+            dp = d;
+            t = ti[0];
+            l2c(t, dp);
+            t = ti[1];
+            l2c(t, dp);
+            save++;
+        }
+        *(out++) = *(in++) ^ d[n];
+        n = (n + 1) & 0x07;
+    }
+    if (save) {
+        v0 = ti[0];
+        v1 = ti[1];
+        iv = &(*ivec)[0];
+        l2c(v0, iv);
+        l2c(v1, iv);
+    }
+    t = v0 = v1 = ti[0] = ti[1] = 0;
+    *num = n;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/des/ofb_enc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/des/ofb_enc.c
new file mode 100644
index 000000000..65a9b8604
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/des/ofb_enc.c
@@ -0,0 +1,82 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "des_locl.h"
+
+/*
+ * The input and output are loaded in multiples of 8 bits. What this means is
+ * that if you have numbits=12 and length=2 the first 12 bits will be
+ * retrieved from the first byte and half the second.  The second 12 bits
+ * will come from the 3rd and half the 4th byte.
+ */
+void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
+                     long length, DES_key_schedule *schedule,
+                     DES_cblock *ivec)
+{
+    register DES_LONG d0, d1, vv0, vv1, v0, v1, n = (numbits + 7) / 8;
+    register DES_LONG mask0, mask1;
+    register long l = length;
+    register int num = numbits;
+    DES_LONG ti[2];
+    unsigned char *iv;
+
+    if (num > 64)
+        return;
+    if (num > 32) {
+        mask0 = 0xffffffffL;
+        if (num >= 64)
+            mask1 = mask0;
+        else
+            mask1 = (1L << (num - 32)) - 1;
+    } else {
+        if (num == 32)
+            mask0 = 0xffffffffL;
+        else
+            mask0 = (1L << num) - 1;
+        mask1 = 0x00000000L;
+    }
+
+    iv = &(*ivec)[0];
+    c2l(iv, v0);
+    c2l(iv, v1);
+    ti[0] = v0;
+    ti[1] = v1;
+    while (l-- > 0) {
+        ti[0] = v0;
+        ti[1] = v1;
+        DES_encrypt1((DES_LONG *)ti, schedule, DES_ENCRYPT);
+        vv0 = ti[0];
+        vv1 = ti[1];
+        c2ln(in, d0, d1, n);
+        in += n;
+        d0 = (d0 ^ vv0) & mask0;
+        d1 = (d1 ^ vv1) & mask1;
+        l2cn(d0, d1, out, n);
+        out += n;
+
+        if (num == 32) {
+            v0 = v1;
+            v1 = vv0;
+        } else if (num == 64) {
+            v0 = vv0;
+            v1 = vv1;
+        } else if (num > 32) {  /* && num != 64 */
+            v0 = ((v1 >> (num - 32)) | (vv0 << (64 - num))) & 0xffffffffL;
+            v1 = ((vv0 >> (num - 32)) | (vv1 << (64 - num))) & 0xffffffffL;
+        } else {                /* num < 32 */
+
+            v0 = ((v0 >> num) | (v1 << (32 - num))) & 0xffffffffL;
+            v1 = ((v1 >> num) | (vv0 << (32 - num))) & 0xffffffffL;
+        }
+    }
+    iv = &(*ivec)[0];
+    l2c(v0, iv);
+    l2c(v1, iv);
+    v0 = v1 = d0 = d1 = ti[0] = ti[1] = vv0 = vv1 = 0;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/des/pcbc_enc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/des/pcbc_enc.c
new file mode 100644
index 000000000..0fa058f03
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/des/pcbc_enc.c
@@ -0,0 +1,66 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "des_locl.h"
+
+void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output,
+                      long length, DES_key_schedule *schedule,
+                      DES_cblock *ivec, int enc)
+{
+    register DES_LONG sin0, sin1, xor0, xor1, tout0, tout1;
+    DES_LONG tin[2];
+    const unsigned char *in;
+    unsigned char *out, *iv;
+
+    in = input;
+    out = output;
+    iv = &(*ivec)[0];
+
+    if (enc) {
+        c2l(iv, xor0);
+        c2l(iv, xor1);
+        for (; length > 0; length -= 8) {
+            if (length >= 8) {
+                c2l(in, sin0);
+                c2l(in, sin1);
+            } else
+                c2ln(in, sin0, sin1, length);
+            tin[0] = sin0 ^ xor0;
+            tin[1] = sin1 ^ xor1;
+            DES_encrypt1((DES_LONG *)tin, schedule, DES_ENCRYPT);
+            tout0 = tin[0];
+            tout1 = tin[1];
+            xor0 = sin0 ^ tout0;
+            xor1 = sin1 ^ tout1;
+            l2c(tout0, out);
+            l2c(tout1, out);
+        }
+    } else {
+        c2l(iv, xor0);
+        c2l(iv, xor1);
+        for (; length > 0; length -= 8) {
+            c2l(in, sin0);
+            c2l(in, sin1);
+            tin[0] = sin0;
+            tin[1] = sin1;
+            DES_encrypt1((DES_LONG *)tin, schedule, DES_DECRYPT);
+            tout0 = tin[0] ^ xor0;
+            tout1 = tin[1] ^ xor1;
+            if (length >= 8) {
+                l2c(tout0, out);
+                l2c(tout1, out);
+            } else
+                l2cn(tout0, tout1, out, length);
+            xor0 = tout0 ^ sin0;
+            xor1 = tout1 ^ sin1;
+        }
+    }
+    tin[0] = tin[1] = 0;
+    sin0 = sin1 = xor0 = xor1 = tout0 = tout1 = 0;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/des/qud_cksm.c b/trunk/3rdparty/openssl-1.1-fit/crypto/des/qud_cksm.c
new file mode 100644
index 000000000..81e6be822
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/des/qud_cksm.c
@@ -0,0 +1,76 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * From "Message Authentication" R.R. Jueneman, S.M. Matyas, C.H. Meyer IEEE
+ * Communications Magazine Sept 1985 Vol. 23 No. 9 p 29-40 This module in
+ * only based on the code in this paper and is almost definitely not the same
+ * as the MIT implementation.
+ */
+#include "des_locl.h"
+
+#define Q_B0(a) (((DES_LONG)(a)))
+#define Q_B1(a) (((DES_LONG)(a))<<8)
+#define Q_B2(a) (((DES_LONG)(a))<<16)
+#define Q_B3(a) (((DES_LONG)(a))<<24)
+
+/* used to scramble things a bit */
+/* Got the value MIT uses via brute force :-) 2/10/90 eay */
+#define NOISE   ((DES_LONG)83653421L)
+
+DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[],
+                        long length, int out_count, DES_cblock *seed)
+{
+    DES_LONG z0, z1, t0, t1;
+    int i;
+    long l;
+    const unsigned char *cp;
+    DES_LONG *lp;
+
+    if (out_count < 1)
+        out_count = 1;
+    lp = (DES_LONG *)&(output[0])[0];
+
+    z0 = Q_B0((*seed)[0]) | Q_B1((*seed)[1]) | Q_B2((*seed)[2]) |
+        Q_B3((*seed)[3]);
+    z1 = Q_B0((*seed)[4]) | Q_B1((*seed)[5]) | Q_B2((*seed)[6]) |
+        Q_B3((*seed)[7]);
+
+    for (i = 0; ((i < 4) && (i < out_count)); i++) {
+        cp = input;
+        l = length;
+        while (l > 0) {
+            if (l > 1) {
+                t0 = (DES_LONG)(*(cp++));
+                t0 |= (DES_LONG)Q_B1(*(cp++));
+                l--;
+            } else
+                t0 = (DES_LONG)(*(cp++));
+            l--;
+            /* add */
+            t0 += z0;
+            t0 &= 0xffffffffL;
+            t1 = z1;
+            /* square, well sort of square */
+            z0 = ((((t0 * t0) & 0xffffffffL) + ((t1 * t1) & 0xffffffffL))
+                  & 0xffffffffL) % 0x7fffffffL;
+            z1 = ((t0 * ((t1 + NOISE) & 0xffffffffL)) & 0xffffffffL) %
+                0x7fffffffL;
+        }
+        if (lp != NULL) {
+            /*
+             * The MIT library assumes that the checksum is composed of
+             * 2*out_count 32 bit ints
+             */
+            *lp++ = z0;
+            *lp++ = z1;
+        }
+    }
+    return z0;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/des/rand_key.c b/trunk/3rdparty/openssl-1.1-fit/crypto/des/rand_key.c
new file mode 100644
index 000000000..fe8aefec3
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/des/rand_key.c
@@ -0,0 +1,21 @@
+/*
+ * Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/des.h>
+#include <openssl/rand.h>
+
+int DES_random_key(DES_cblock *ret)
+{
+    do {
+        if (RAND_priv_bytes((unsigned char *)ret, sizeof(DES_cblock)) != 1)
+            return 0;
+    } while (DES_is_weak_key(ret));
+    DES_set_odd_parity(ret);
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/des/set_key.c b/trunk/3rdparty/openssl-1.1-fit/crypto/des/set_key.c
new file mode 100644
index 000000000..adbad7236
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/des/set_key.c
@@ -0,0 +1,372 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*-
+ * set_key.c v 1.4 eay 24/9/91
+ * 1.4 Speed up by 400% :-)
+ * 1.3 added register declarations.
+ * 1.2 unrolled make_key_sched a bit more
+ * 1.1 added norm_expand_bits
+ * 1.0 First working version
+ */
+#include <openssl/crypto.h>
+#include "des_locl.h"
+
+/* defaults to false */
+OPENSSL_IMPLEMENT_GLOBAL(int, DES_check_key, 0)
+
+static const unsigned char odd_parity[256] = {
+    1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14,
+    16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31,
+    32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47,
+    49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62,
+    64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79,
+    81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94,
+    97, 97, 98, 98, 100, 100, 103, 103, 104, 104, 107, 107, 109, 109, 110,
+    110,
+    112, 112, 115, 115, 117, 117, 118, 118, 121, 121, 122, 122, 124, 124, 127,
+    127,
+    128, 128, 131, 131, 133, 133, 134, 134, 137, 137, 138, 138, 140, 140, 143,
+    143,
+    145, 145, 146, 146, 148, 148, 151, 151, 152, 152, 155, 155, 157, 157, 158,
+    158,
+    161, 161, 162, 162, 164, 164, 167, 167, 168, 168, 171, 171, 173, 173, 174,
+    174,
+    176, 176, 179, 179, 181, 181, 182, 182, 185, 185, 186, 186, 188, 188, 191,
+    191,
+    193, 193, 194, 194, 196, 196, 199, 199, 200, 200, 203, 203, 205, 205, 206,
+    206,
+    208, 208, 211, 211, 213, 213, 214, 214, 217, 217, 218, 218, 220, 220, 223,
+    223,
+    224, 224, 227, 227, 229, 229, 230, 230, 233, 233, 234, 234, 236, 236, 239,
+    239,
+    241, 241, 242, 242, 244, 244, 247, 247, 248, 248, 251, 251, 253, 253, 254,
+    254
+};
+
+void DES_set_odd_parity(DES_cblock *key)
+{
+    unsigned int i;
+
+    for (i = 0; i < DES_KEY_SZ; i++)
+        (*key)[i] = odd_parity[(*key)[i]];
+}
+
+int DES_check_key_parity(const_DES_cblock *key)
+{
+    unsigned int i;
+
+    for (i = 0; i < DES_KEY_SZ; i++) {
+        if ((*key)[i] != odd_parity[(*key)[i]])
+            return 0;
+    }
+    return 1;
+}
+
+/*-
+ * Weak and semi weak keys as taken from
+ * %A D.W. Davies
+ * %A W.L. Price
+ * %T Security for Computer Networks
+ * %I John Wiley & Sons
+ * %D 1984
+ */
+#define NUM_WEAK_KEY    16
+static const DES_cblock weak_keys[NUM_WEAK_KEY] = {
+    /* weak keys */
+    {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01},
+    {0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE},
+    {0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E},
+    {0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1},
+    /* semi-weak keys */
+    {0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE},
+    {0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01},
+    {0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1},
+    {0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E},
+    {0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1},
+    {0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01},
+    {0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE},
+    {0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E},
+    {0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E},
+    {0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01},
+    {0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE},
+    {0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1}
+};
+
+int DES_is_weak_key(const_DES_cblock *key)
+{
+    int i;
+
+    for (i = 0; i < NUM_WEAK_KEY; i++)
+        if (memcmp(weak_keys[i], key, sizeof(DES_cblock)) == 0)
+            return 1;
+    return 0;
+}
+
+/*-
+ * NOW DEFINED IN des_local.h
+ * See ecb_encrypt.c for a pseudo description of these macros.
+ * #define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
+ *      (b)^=(t),\
+ *      (a)=((a)^((t)<<(n))))
+ */
+
+#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\
+        (a)=(a)^(t)^(t>>(16-(n))))
+
+static const DES_LONG des_skb[8][64] = {
+    {
+     /* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
+     0x00000000L, 0x00000010L, 0x20000000L, 0x20000010L,
+     0x00010000L, 0x00010010L, 0x20010000L, 0x20010010L,
+     0x00000800L, 0x00000810L, 0x20000800L, 0x20000810L,
+     0x00010800L, 0x00010810L, 0x20010800L, 0x20010810L,
+     0x00000020L, 0x00000030L, 0x20000020L, 0x20000030L,
+     0x00010020L, 0x00010030L, 0x20010020L, 0x20010030L,
+     0x00000820L, 0x00000830L, 0x20000820L, 0x20000830L,
+     0x00010820L, 0x00010830L, 0x20010820L, 0x20010830L,
+     0x00080000L, 0x00080010L, 0x20080000L, 0x20080010L,
+     0x00090000L, 0x00090010L, 0x20090000L, 0x20090010L,
+     0x00080800L, 0x00080810L, 0x20080800L, 0x20080810L,
+     0x00090800L, 0x00090810L, 0x20090800L, 0x20090810L,
+     0x00080020L, 0x00080030L, 0x20080020L, 0x20080030L,
+     0x00090020L, 0x00090030L, 0x20090020L, 0x20090030L,
+     0x00080820L, 0x00080830L, 0x20080820L, 0x20080830L,
+     0x00090820L, 0x00090830L, 0x20090820L, 0x20090830L,
+     },
+    {
+     /* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */
+     0x00000000L, 0x02000000L, 0x00002000L, 0x02002000L,
+     0x00200000L, 0x02200000L, 0x00202000L, 0x02202000L,
+     0x00000004L, 0x02000004L, 0x00002004L, 0x02002004L,
+     0x00200004L, 0x02200004L, 0x00202004L, 0x02202004L,
+     0x00000400L, 0x02000400L, 0x00002400L, 0x02002400L,
+     0x00200400L, 0x02200400L, 0x00202400L, 0x02202400L,
+     0x00000404L, 0x02000404L, 0x00002404L, 0x02002404L,
+     0x00200404L, 0x02200404L, 0x00202404L, 0x02202404L,
+     0x10000000L, 0x12000000L, 0x10002000L, 0x12002000L,
+     0x10200000L, 0x12200000L, 0x10202000L, 0x12202000L,
+     0x10000004L, 0x12000004L, 0x10002004L, 0x12002004L,
+     0x10200004L, 0x12200004L, 0x10202004L, 0x12202004L,
+     0x10000400L, 0x12000400L, 0x10002400L, 0x12002400L,
+     0x10200400L, 0x12200400L, 0x10202400L, 0x12202400L,
+     0x10000404L, 0x12000404L, 0x10002404L, 0x12002404L,
+     0x10200404L, 0x12200404L, 0x10202404L, 0x12202404L,
+     },
+    {
+     /* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */
+     0x00000000L, 0x00000001L, 0x00040000L, 0x00040001L,
+     0x01000000L, 0x01000001L, 0x01040000L, 0x01040001L,
+     0x00000002L, 0x00000003L, 0x00040002L, 0x00040003L,
+     0x01000002L, 0x01000003L, 0x01040002L, 0x01040003L,
+     0x00000200L, 0x00000201L, 0x00040200L, 0x00040201L,
+     0x01000200L, 0x01000201L, 0x01040200L, 0x01040201L,
+     0x00000202L, 0x00000203L, 0x00040202L, 0x00040203L,
+     0x01000202L, 0x01000203L, 0x01040202L, 0x01040203L,
+     0x08000000L, 0x08000001L, 0x08040000L, 0x08040001L,
+     0x09000000L, 0x09000001L, 0x09040000L, 0x09040001L,
+     0x08000002L, 0x08000003L, 0x08040002L, 0x08040003L,
+     0x09000002L, 0x09000003L, 0x09040002L, 0x09040003L,
+     0x08000200L, 0x08000201L, 0x08040200L, 0x08040201L,
+     0x09000200L, 0x09000201L, 0x09040200L, 0x09040201L,
+     0x08000202L, 0x08000203L, 0x08040202L, 0x08040203L,
+     0x09000202L, 0x09000203L, 0x09040202L, 0x09040203L,
+     },
+    {
+     /* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */
+     0x00000000L, 0x00100000L, 0x00000100L, 0x00100100L,
+     0x00000008L, 0x00100008L, 0x00000108L, 0x00100108L,
+     0x00001000L, 0x00101000L, 0x00001100L, 0x00101100L,
+     0x00001008L, 0x00101008L, 0x00001108L, 0x00101108L,
+     0x04000000L, 0x04100000L, 0x04000100L, 0x04100100L,
+     0x04000008L, 0x04100008L, 0x04000108L, 0x04100108L,
+     0x04001000L, 0x04101000L, 0x04001100L, 0x04101100L,
+     0x04001008L, 0x04101008L, 0x04001108L, 0x04101108L,
+     0x00020000L, 0x00120000L, 0x00020100L, 0x00120100L,
+     0x00020008L, 0x00120008L, 0x00020108L, 0x00120108L,
+     0x00021000L, 0x00121000L, 0x00021100L, 0x00121100L,
+     0x00021008L, 0x00121008L, 0x00021108L, 0x00121108L,
+     0x04020000L, 0x04120000L, 0x04020100L, 0x04120100L,
+     0x04020008L, 0x04120008L, 0x04020108L, 0x04120108L,
+     0x04021000L, 0x04121000L, 0x04021100L, 0x04121100L,
+     0x04021008L, 0x04121008L, 0x04021108L, 0x04121108L,
+     },
+    {
+     /* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
+     0x00000000L, 0x10000000L, 0x00010000L, 0x10010000L,
+     0x00000004L, 0x10000004L, 0x00010004L, 0x10010004L,
+     0x20000000L, 0x30000000L, 0x20010000L, 0x30010000L,
+     0x20000004L, 0x30000004L, 0x20010004L, 0x30010004L,
+     0x00100000L, 0x10100000L, 0x00110000L, 0x10110000L,
+     0x00100004L, 0x10100004L, 0x00110004L, 0x10110004L,
+     0x20100000L, 0x30100000L, 0x20110000L, 0x30110000L,
+     0x20100004L, 0x30100004L, 0x20110004L, 0x30110004L,
+     0x00001000L, 0x10001000L, 0x00011000L, 0x10011000L,
+     0x00001004L, 0x10001004L, 0x00011004L, 0x10011004L,
+     0x20001000L, 0x30001000L, 0x20011000L, 0x30011000L,
+     0x20001004L, 0x30001004L, 0x20011004L, 0x30011004L,
+     0x00101000L, 0x10101000L, 0x00111000L, 0x10111000L,
+     0x00101004L, 0x10101004L, 0x00111004L, 0x10111004L,
+     0x20101000L, 0x30101000L, 0x20111000L, 0x30111000L,
+     0x20101004L, 0x30101004L, 0x20111004L, 0x30111004L,
+     },
+    {
+     /* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */
+     0x00000000L, 0x08000000L, 0x00000008L, 0x08000008L,
+     0x00000400L, 0x08000400L, 0x00000408L, 0x08000408L,
+     0x00020000L, 0x08020000L, 0x00020008L, 0x08020008L,
+     0x00020400L, 0x08020400L, 0x00020408L, 0x08020408L,
+     0x00000001L, 0x08000001L, 0x00000009L, 0x08000009L,
+     0x00000401L, 0x08000401L, 0x00000409L, 0x08000409L,
+     0x00020001L, 0x08020001L, 0x00020009L, 0x08020009L,
+     0x00020401L, 0x08020401L, 0x00020409L, 0x08020409L,
+     0x02000000L, 0x0A000000L, 0x02000008L, 0x0A000008L,
+     0x02000400L, 0x0A000400L, 0x02000408L, 0x0A000408L,
+     0x02020000L, 0x0A020000L, 0x02020008L, 0x0A020008L,
+     0x02020400L, 0x0A020400L, 0x02020408L, 0x0A020408L,
+     0x02000001L, 0x0A000001L, 0x02000009L, 0x0A000009L,
+     0x02000401L, 0x0A000401L, 0x02000409L, 0x0A000409L,
+     0x02020001L, 0x0A020001L, 0x02020009L, 0x0A020009L,
+     0x02020401L, 0x0A020401L, 0x02020409L, 0x0A020409L,
+     },
+    {
+     /* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */
+     0x00000000L, 0x00000100L, 0x00080000L, 0x00080100L,
+     0x01000000L, 0x01000100L, 0x01080000L, 0x01080100L,
+     0x00000010L, 0x00000110L, 0x00080010L, 0x00080110L,
+     0x01000010L, 0x01000110L, 0x01080010L, 0x01080110L,
+     0x00200000L, 0x00200100L, 0x00280000L, 0x00280100L,
+     0x01200000L, 0x01200100L, 0x01280000L, 0x01280100L,
+     0x00200010L, 0x00200110L, 0x00280010L, 0x00280110L,
+     0x01200010L, 0x01200110L, 0x01280010L, 0x01280110L,
+     0x00000200L, 0x00000300L, 0x00080200L, 0x00080300L,
+     0x01000200L, 0x01000300L, 0x01080200L, 0x01080300L,
+     0x00000210L, 0x00000310L, 0x00080210L, 0x00080310L,
+     0x01000210L, 0x01000310L, 0x01080210L, 0x01080310L,
+     0x00200200L, 0x00200300L, 0x00280200L, 0x00280300L,
+     0x01200200L, 0x01200300L, 0x01280200L, 0x01280300L,
+     0x00200210L, 0x00200310L, 0x00280210L, 0x00280310L,
+     0x01200210L, 0x01200310L, 0x01280210L, 0x01280310L,
+     },
+    {
+     /* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */
+     0x00000000L, 0x04000000L, 0x00040000L, 0x04040000L,
+     0x00000002L, 0x04000002L, 0x00040002L, 0x04040002L,
+     0x00002000L, 0x04002000L, 0x00042000L, 0x04042000L,
+     0x00002002L, 0x04002002L, 0x00042002L, 0x04042002L,
+     0x00000020L, 0x04000020L, 0x00040020L, 0x04040020L,
+     0x00000022L, 0x04000022L, 0x00040022L, 0x04040022L,
+     0x00002020L, 0x04002020L, 0x00042020L, 0x04042020L,
+     0x00002022L, 0x04002022L, 0x00042022L, 0x04042022L,
+     0x00000800L, 0x04000800L, 0x00040800L, 0x04040800L,
+     0x00000802L, 0x04000802L, 0x00040802L, 0x04040802L,
+     0x00002800L, 0x04002800L, 0x00042800L, 0x04042800L,
+     0x00002802L, 0x04002802L, 0x00042802L, 0x04042802L,
+     0x00000820L, 0x04000820L, 0x00040820L, 0x04040820L,
+     0x00000822L, 0x04000822L, 0x00040822L, 0x04040822L,
+     0x00002820L, 0x04002820L, 0x00042820L, 0x04042820L,
+     0x00002822L, 0x04002822L, 0x00042822L, 0x04042822L,
+     }
+};
+
+int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule)
+{
+    if (DES_check_key) {
+        return DES_set_key_checked(key, schedule);
+    } else {
+        DES_set_key_unchecked(key, schedule);
+        return 0;
+    }
+}
+
+/*-
+ * return 0 if key parity is odd (correct),
+ * return -1 if key parity error,
+ * return -2 if illegal weak key.
+ */
+int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule)
+{
+    if (!DES_check_key_parity(key))
+        return -1;
+    if (DES_is_weak_key(key))
+        return -2;
+    DES_set_key_unchecked(key, schedule);
+    return 0;
+}
+
+void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
+{
+    static const int shifts2[16] =
+        { 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0 };
+    register DES_LONG c, d, t, s, t2;
+    register const unsigned char *in;
+    register DES_LONG *k;
+    register int i;
+
+#ifdef OPENBSD_DEV_CRYPTO
+    memcpy(schedule->key, key, sizeof(schedule->key));
+    schedule->session = NULL;
+#endif
+    k = &schedule->ks->deslong[0];
+    in = &(*key)[0];
+
+    c2l(in, c);
+    c2l(in, d);
+
+    /*
+     * do PC1 in 47 simple operations. Thanks to John Fletcher
+     * for the inspiration.
+     */
+    PERM_OP(d, c, t, 4, 0x0f0f0f0fL);
+    HPERM_OP(c, t, -2, 0xcccc0000L);
+    HPERM_OP(d, t, -2, 0xcccc0000L);
+    PERM_OP(d, c, t, 1, 0x55555555L);
+    PERM_OP(c, d, t, 8, 0x00ff00ffL);
+    PERM_OP(d, c, t, 1, 0x55555555L);
+    d = (((d & 0x000000ffL) << 16L) | (d & 0x0000ff00L) |
+         ((d & 0x00ff0000L) >> 16L) | ((c & 0xf0000000L) >> 4L));
+    c &= 0x0fffffffL;
+
+    for (i = 0; i < ITERATIONS; i++) {
+        if (shifts2[i]) {
+            c = ((c >> 2L) | (c << 26L));
+            d = ((d >> 2L) | (d << 26L));
+        } else {
+            c = ((c >> 1L) | (c << 27L));
+            d = ((d >> 1L) | (d << 27L));
+        }
+        c &= 0x0fffffffL;
+        d &= 0x0fffffffL;
+        /*
+         * could be a few less shifts but I am to lazy at this point in time
+         * to investigate
+         */
+        s = des_skb[0][(c) & 0x3f] |
+            des_skb[1][((c >> 6L) & 0x03) | ((c >> 7L) & 0x3c)] |
+            des_skb[2][((c >> 13L) & 0x0f) | ((c >> 14L) & 0x30)] |
+            des_skb[3][((c >> 20L) & 0x01) | ((c >> 21L) & 0x06) |
+                       ((c >> 22L) & 0x38)];
+        t = des_skb[4][(d) & 0x3f] |
+            des_skb[5][((d >> 7L) & 0x03) | ((d >> 8L) & 0x3c)] |
+            des_skb[6][(d >> 15L) & 0x3f] |
+            des_skb[7][((d >> 21L) & 0x0f) | ((d >> 22L) & 0x30)];
+
+        /* table contained 0213 4657 */
+        t2 = ((t << 16L) | (s & 0x0000ffffL)) & 0xffffffffL;
+        *(k++) = ROTATE(t2, 30) & 0xffffffffL;
+
+        t2 = ((s >> 16L) | (t & 0xffff0000L));
+        *(k++) = ROTATE(t2, 26) & 0xffffffffL;
+    }
+}
+
+int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule)
+{
+    return DES_set_key(key, schedule);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/des/spr.h b/trunk/3rdparty/openssl-1.1-fit/crypto/des/spr.h
new file mode 100644
index 000000000..2404e092d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/des/spr.h
@@ -0,0 +1,163 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+const DES_LONG DES_SPtrans[8][64] = {
+    {
+        /* nibble 0 */
+        0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L,
+        0x02000000L, 0x00080802L, 0x00080002L, 0x02000002L,
+        0x00080802L, 0x02080800L, 0x02080000L, 0x00000802L,
+        0x02000802L, 0x02000000L, 0x00000000L, 0x00080002L,
+        0x00080000L, 0x00000002L, 0x02000800L, 0x00080800L,
+        0x02080802L, 0x02080000L, 0x00000802L, 0x02000800L,
+        0x00000002L, 0x00000800L, 0x00080800L, 0x02080002L,
+        0x00000800L, 0x02000802L, 0x02080002L, 0x00000000L,
+        0x00000000L, 0x02080802L, 0x02000800L, 0x00080002L,
+        0x02080800L, 0x00080000L, 0x00000802L, 0x02000800L,
+        0x02080002L, 0x00000800L, 0x00080800L, 0x02000002L,
+        0x00080802L, 0x00000002L, 0x02000002L, 0x02080000L,
+        0x02080802L, 0x00080800L, 0x02080000L, 0x02000802L,
+        0x02000000L, 0x00000802L, 0x00080002L, 0x00000000L,
+        0x00080000L, 0x02000000L, 0x02000802L, 0x02080800L,
+        0x00000002L, 0x02080002L, 0x00000800L, 0x00080802L,
+    },
+    {
+        /* nibble 1 */
+        0x40108010L, 0x00000000L, 0x00108000L, 0x40100000L,
+        0x40000010L, 0x00008010L, 0x40008000L, 0x00108000L,
+        0x00008000L, 0x40100010L, 0x00000010L, 0x40008000L,
+        0x00100010L, 0x40108000L, 0x40100000L, 0x00000010L,
+        0x00100000L, 0x40008010L, 0x40100010L, 0x00008000L,
+        0x00108010L, 0x40000000L, 0x00000000L, 0x00100010L,
+        0x40008010L, 0x00108010L, 0x40108000L, 0x40000010L,
+        0x40000000L, 0x00100000L, 0x00008010L, 0x40108010L,
+        0x00100010L, 0x40108000L, 0x40008000L, 0x00108010L,
+        0x40108010L, 0x00100010L, 0x40000010L, 0x00000000L,
+        0x40000000L, 0x00008010L, 0x00100000L, 0x40100010L,
+        0x00008000L, 0x40000000L, 0x00108010L, 0x40008010L,
+        0x40108000L, 0x00008000L, 0x00000000L, 0x40000010L,
+        0x00000010L, 0x40108010L, 0x00108000L, 0x40100000L,
+        0x40100010L, 0x00100000L, 0x00008010L, 0x40008000L,
+        0x40008010L, 0x00000010L, 0x40100000L, 0x00108000L,
+    },
+    {
+        /* nibble 2 */
+        0x04000001L, 0x04040100L, 0x00000100L, 0x04000101L,
+        0x00040001L, 0x04000000L, 0x04000101L, 0x00040100L,
+        0x04000100L, 0x00040000L, 0x04040000L, 0x00000001L,
+        0x04040101L, 0x00000101L, 0x00000001L, 0x04040001L,
+        0x00000000L, 0x00040001L, 0x04040100L, 0x00000100L,
+        0x00000101L, 0x04040101L, 0x00040000L, 0x04000001L,
+        0x04040001L, 0x04000100L, 0x00040101L, 0x04040000L,
+        0x00040100L, 0x00000000L, 0x04000000L, 0x00040101L,
+        0x04040100L, 0x00000100L, 0x00000001L, 0x00040000L,
+        0x00000101L, 0x00040001L, 0x04040000L, 0x04000101L,
+        0x00000000L, 0x04040100L, 0x00040100L, 0x04040001L,
+        0x00040001L, 0x04000000L, 0x04040101L, 0x00000001L,
+        0x00040101L, 0x04000001L, 0x04000000L, 0x04040101L,
+        0x00040000L, 0x04000100L, 0x04000101L, 0x00040100L,
+        0x04000100L, 0x00000000L, 0x04040001L, 0x00000101L,
+        0x04000001L, 0x00040101L, 0x00000100L, 0x04040000L,
+    },
+    {
+        /* nibble 3 */
+        0x00401008L, 0x10001000L, 0x00000008L, 0x10401008L,
+        0x00000000L, 0x10400000L, 0x10001008L, 0x00400008L,
+        0x10401000L, 0x10000008L, 0x10000000L, 0x00001008L,
+        0x10000008L, 0x00401008L, 0x00400000L, 0x10000000L,
+        0x10400008L, 0x00401000L, 0x00001000L, 0x00000008L,
+        0x00401000L, 0x10001008L, 0x10400000L, 0x00001000L,
+        0x00001008L, 0x00000000L, 0x00400008L, 0x10401000L,
+        0x10001000L, 0x10400008L, 0x10401008L, 0x00400000L,
+        0x10400008L, 0x00001008L, 0x00400000L, 0x10000008L,
+        0x00401000L, 0x10001000L, 0x00000008L, 0x10400000L,
+        0x10001008L, 0x00000000L, 0x00001000L, 0x00400008L,
+        0x00000000L, 0x10400008L, 0x10401000L, 0x00001000L,
+        0x10000000L, 0x10401008L, 0x00401008L, 0x00400000L,
+        0x10401008L, 0x00000008L, 0x10001000L, 0x00401008L,
+        0x00400008L, 0x00401000L, 0x10400000L, 0x10001008L,
+        0x00001008L, 0x10000000L, 0x10000008L, 0x10401000L,
+    },
+    {
+        /* nibble 4 */
+        0x08000000L, 0x00010000L, 0x00000400L, 0x08010420L,
+        0x08010020L, 0x08000400L, 0x00010420L, 0x08010000L,
+        0x00010000L, 0x00000020L, 0x08000020L, 0x00010400L,
+        0x08000420L, 0x08010020L, 0x08010400L, 0x00000000L,
+        0x00010400L, 0x08000000L, 0x00010020L, 0x00000420L,
+        0x08000400L, 0x00010420L, 0x00000000L, 0x08000020L,
+        0x00000020L, 0x08000420L, 0x08010420L, 0x00010020L,
+        0x08010000L, 0x00000400L, 0x00000420L, 0x08010400L,
+        0x08010400L, 0x08000420L, 0x00010020L, 0x08010000L,
+        0x00010000L, 0x00000020L, 0x08000020L, 0x08000400L,
+        0x08000000L, 0x00010400L, 0x08010420L, 0x00000000L,
+        0x00010420L, 0x08000000L, 0x00000400L, 0x00010020L,
+        0x08000420L, 0x00000400L, 0x00000000L, 0x08010420L,
+        0x08010020L, 0x08010400L, 0x00000420L, 0x00010000L,
+        0x00010400L, 0x08010020L, 0x08000400L, 0x00000420L,
+        0x00000020L, 0x00010420L, 0x08010000L, 0x08000020L,
+    },
+    {
+        /* nibble 5 */
+        0x80000040L, 0x00200040L, 0x00000000L, 0x80202000L,
+        0x00200040L, 0x00002000L, 0x80002040L, 0x00200000L,
+        0x00002040L, 0x80202040L, 0x00202000L, 0x80000000L,
+        0x80002000L, 0x80000040L, 0x80200000L, 0x00202040L,
+        0x00200000L, 0x80002040L, 0x80200040L, 0x00000000L,
+        0x00002000L, 0x00000040L, 0x80202000L, 0x80200040L,
+        0x80202040L, 0x80200000L, 0x80000000L, 0x00002040L,
+        0x00000040L, 0x00202000L, 0x00202040L, 0x80002000L,
+        0x00002040L, 0x80000000L, 0x80002000L, 0x00202040L,
+        0x80202000L, 0x00200040L, 0x00000000L, 0x80002000L,
+        0x80000000L, 0x00002000L, 0x80200040L, 0x00200000L,
+        0x00200040L, 0x80202040L, 0x00202000L, 0x00000040L,
+        0x80202040L, 0x00202000L, 0x00200000L, 0x80002040L,
+        0x80000040L, 0x80200000L, 0x00202040L, 0x00000000L,
+        0x00002000L, 0x80000040L, 0x80002040L, 0x80202000L,
+        0x80200000L, 0x00002040L, 0x00000040L, 0x80200040L,
+    },
+    {
+        /* nibble 6 */
+        0x00004000L, 0x00000200L, 0x01000200L, 0x01000004L,
+        0x01004204L, 0x00004004L, 0x00004200L, 0x00000000L,
+        0x01000000L, 0x01000204L, 0x00000204L, 0x01004000L,
+        0x00000004L, 0x01004200L, 0x01004000L, 0x00000204L,
+        0x01000204L, 0x00004000L, 0x00004004L, 0x01004204L,
+        0x00000000L, 0x01000200L, 0x01000004L, 0x00004200L,
+        0x01004004L, 0x00004204L, 0x01004200L, 0x00000004L,
+        0x00004204L, 0x01004004L, 0x00000200L, 0x01000000L,
+        0x00004204L, 0x01004000L, 0x01004004L, 0x00000204L,
+        0x00004000L, 0x00000200L, 0x01000000L, 0x01004004L,
+        0x01000204L, 0x00004204L, 0x00004200L, 0x00000000L,
+        0x00000200L, 0x01000004L, 0x00000004L, 0x01000200L,
+        0x00000000L, 0x01000204L, 0x01000200L, 0x00004200L,
+        0x00000204L, 0x00004000L, 0x01004204L, 0x01000000L,
+        0x01004200L, 0x00000004L, 0x00004004L, 0x01004204L,
+        0x01000004L, 0x01004200L, 0x01004000L, 0x00004004L,
+    },
+    {
+        /* nibble 7 */
+        0x20800080L, 0x20820000L, 0x00020080L, 0x00000000L,
+        0x20020000L, 0x00800080L, 0x20800000L, 0x20820080L,
+        0x00000080L, 0x20000000L, 0x00820000L, 0x00020080L,
+        0x00820080L, 0x20020080L, 0x20000080L, 0x20800000L,
+        0x00020000L, 0x00820080L, 0x00800080L, 0x20020000L,
+        0x20820080L, 0x20000080L, 0x00000000L, 0x00820000L,
+        0x20000000L, 0x00800000L, 0x20020080L, 0x20800080L,
+        0x00800000L, 0x00020000L, 0x20820000L, 0x00000080L,
+        0x00800000L, 0x00020000L, 0x20000080L, 0x20820080L,
+        0x00020080L, 0x20000000L, 0x00000000L, 0x00820000L,
+        0x20800080L, 0x20020080L, 0x20020000L, 0x00800080L,
+        0x20820000L, 0x00000080L, 0x00800080L, 0x20020000L,
+        0x20820080L, 0x00800000L, 0x20800000L, 0x20000080L,
+        0x00820000L, 0x00020080L, 0x20020080L, 0x20800000L,
+        0x00000080L, 0x20820000L, 0x00820080L, 0x00000000L,
+        0x20000000L, 0x20800080L, 0x00020000L, 0x00820080L,
+    }
+};
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/des/str2key.c b/trunk/3rdparty/openssl-1.1-fit/crypto/des/str2key.c
new file mode 100644
index 000000000..e18d72652
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/des/str2key.c
@@ -0,0 +1,77 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include "des_locl.h"
+
+void DES_string_to_key(const char *str, DES_cblock *key)
+{
+    DES_key_schedule ks;
+    int i, length;
+
+    memset(key, 0, 8);
+    length = strlen(str);
+    for (i = 0; i < length; i++) {
+        register unsigned char j = str[i];
+
+        if ((i % 16) < 8)
+            (*key)[i % 8] ^= (j << 1);
+        else {
+            /* Reverse the bit order 05/05/92 eay */
+            j = ((j << 4) & 0xf0) | ((j >> 4) & 0x0f);
+            j = ((j << 2) & 0xcc) | ((j >> 2) & 0x33);
+            j = ((j << 1) & 0xaa) | ((j >> 1) & 0x55);
+            (*key)[7 - (i % 8)] ^= j;
+        }
+    }
+    DES_set_odd_parity(key);
+    DES_set_key_unchecked(key, &ks);
+    DES_cbc_cksum((const unsigned char *)str, key, length, &ks, key);
+    OPENSSL_cleanse(&ks, sizeof(ks));
+    DES_set_odd_parity(key);
+}
+
+void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2)
+{
+    DES_key_schedule ks;
+    int i, length;
+
+    memset(key1, 0, 8);
+    memset(key2, 0, 8);
+    length = strlen(str);
+    for (i = 0; i < length; i++) {
+        register unsigned char j = str[i];
+
+        if ((i % 32) < 16) {
+            if ((i % 16) < 8)
+                (*key1)[i % 8] ^= (j << 1);
+            else
+                (*key2)[i % 8] ^= (j << 1);
+        } else {
+            j = ((j << 4) & 0xf0) | ((j >> 4) & 0x0f);
+            j = ((j << 2) & 0xcc) | ((j >> 2) & 0x33);
+            j = ((j << 1) & 0xaa) | ((j >> 1) & 0x55);
+            if ((i % 16) < 8)
+                (*key1)[7 - (i % 8)] ^= j;
+            else
+                (*key2)[7 - (i % 8)] ^= j;
+        }
+    }
+    if (length <= 8)
+        memcpy(key2, key1, 8);
+    DES_set_odd_parity(key1);
+    DES_set_odd_parity(key2);
+    DES_set_key_unchecked(key1, &ks);
+    DES_cbc_cksum((const unsigned char *)str, key1, length, &ks, key1);
+    DES_set_key_unchecked(key2, &ks);
+    DES_cbc_cksum((const unsigned char *)str, key2, length, &ks, key2);
+    OPENSSL_cleanse(&ks, sizeof(ks));
+    DES_set_odd_parity(key1);
+    DES_set_odd_parity(key2);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/des/xcbc_enc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/des/xcbc_enc.c
new file mode 100644
index 000000000..c4e455d9b
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/des/xcbc_enc.c
@@ -0,0 +1,103 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "des_locl.h"
+
+/* RSA's DESX */
+
+void DES_xcbc_encrypt(const unsigned char *in, unsigned char *out,
+                      long length, DES_key_schedule *schedule,
+                      DES_cblock *ivec, const_DES_cblock *inw,
+                      const_DES_cblock *outw, int enc)
+{
+    register DES_LONG tin0, tin1;
+    register DES_LONG tout0, tout1, xor0, xor1;
+    register DES_LONG inW0, inW1, outW0, outW1;
+    register const unsigned char *in2;
+    register long l = length;
+    DES_LONG tin[2];
+    unsigned char *iv;
+
+    in2 = &(*inw)[0];
+    c2l(in2, inW0);
+    c2l(in2, inW1);
+    in2 = &(*outw)[0];
+    c2l(in2, outW0);
+    c2l(in2, outW1);
+
+    iv = &(*ivec)[0];
+
+    if (enc) {
+        c2l(iv, tout0);
+        c2l(iv, tout1);
+        for (l -= 8; l >= 0; l -= 8) {
+            c2l(in, tin0);
+            c2l(in, tin1);
+            tin0 ^= tout0 ^ inW0;
+            tin[0] = tin0;
+            tin1 ^= tout1 ^ inW1;
+            tin[1] = tin1;
+            DES_encrypt1(tin, schedule, DES_ENCRYPT);
+            tout0 = tin[0] ^ outW0;
+            l2c(tout0, out);
+            tout1 = tin[1] ^ outW1;
+            l2c(tout1, out);
+        }
+        if (l != -8) {
+            c2ln(in, tin0, tin1, l + 8);
+            tin0 ^= tout0 ^ inW0;
+            tin[0] = tin0;
+            tin1 ^= tout1 ^ inW1;
+            tin[1] = tin1;
+            DES_encrypt1(tin, schedule, DES_ENCRYPT);
+            tout0 = tin[0] ^ outW0;
+            l2c(tout0, out);
+            tout1 = tin[1] ^ outW1;
+            l2c(tout1, out);
+        }
+        iv = &(*ivec)[0];
+        l2c(tout0, iv);
+        l2c(tout1, iv);
+    } else {
+        c2l(iv, xor0);
+        c2l(iv, xor1);
+        for (l -= 8; l > 0; l -= 8) {
+            c2l(in, tin0);
+            tin[0] = tin0 ^ outW0;
+            c2l(in, tin1);
+            tin[1] = tin1 ^ outW1;
+            DES_encrypt1(tin, schedule, DES_DECRYPT);
+            tout0 = tin[0] ^ xor0 ^ inW0;
+            tout1 = tin[1] ^ xor1 ^ inW1;
+            l2c(tout0, out);
+            l2c(tout1, out);
+            xor0 = tin0;
+            xor1 = tin1;
+        }
+        if (l != -8) {
+            c2l(in, tin0);
+            tin[0] = tin0 ^ outW0;
+            c2l(in, tin1);
+            tin[1] = tin1 ^ outW1;
+            DES_encrypt1(tin, schedule, DES_DECRYPT);
+            tout0 = tin[0] ^ xor0 ^ inW0;
+            tout1 = tin[1] ^ xor1 ^ inW1;
+            l2cn(tout0, tout1, out, l + 8);
+            xor0 = tin0;
+            xor1 = tin1;
+        }
+
+        iv = &(*ivec)[0];
+        l2c(xor0, iv);
+        l2c(xor1, iv);
+    }
+    tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
+    inW0 = inW1 = outW0 = outW1 = 0;
+    tin[0] = tin[1] = 0;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dh/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/build.info
new file mode 100644
index 000000000..b19ff6dba
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/build.info
@@ -0,0 +1,5 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        dh_asn1.c dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c dh_depr.c \
+        dh_ameth.c dh_pmeth.c dh_prn.c dh_rfc5114.c dh_kdf.c dh_meth.c \
+        dh_rfc7919.c
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh1024.pem b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh1024.pem
new file mode 100644
index 000000000..81d43f6a3
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh1024.pem
@@ -0,0 +1,5 @@
+-----BEGIN DH PARAMETERS-----
+MIGHAoGBAJf2QmHKtQXdKCjhPx1ottPb0PMTBH9A6FbaWMsTuKG/K3g6TG1Z1fkq
+/Gz/PWk/eLI9TzFgqVAuPvr3q14a1aZeVUMTgo2oO5/y2UHe6VaJ+trqCTat3xlx
+/mNbIK9HA2RgPC3gWfVLZQrY+gz3ASHHR5nXWHEyvpuZm7m3h+irAgEC
+-----END DH PARAMETERS-----
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh192.pem b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh192.pem
new file mode 100644
index 000000000..521c07271
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh192.pem
@@ -0,0 +1,3 @@
+-----BEGIN DH PARAMETERS-----
+MB4CGQDUoLoCULb9LsYm5+/WN992xxbiLQlEuIsCAQM=
+-----END DH PARAMETERS-----
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh2048.pem b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh2048.pem
new file mode 100644
index 000000000..295460f50
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh2048.pem
@@ -0,0 +1,16 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEA7ZKJNYJFVcs7+6J2WmkEYb8h86tT0s0h2v94GRFS8Q7B4lW9aG9o
+AFO5Imov5Jo0H2XMWTKKvbHbSe3fpxJmw/0hBHAY8H/W91hRGXKCeyKpNBgdL8sh
+z22SrkO2qCnHJ6PLAMXy5fsKpFmFor2tRfCzrfnggTXu2YOzzK7q62bmqVdmufEo
+pT8igNcLpvZxk5uBDvhakObMym9mX3rAEBoe8PwttggMYiiw7NuJKO4MqD1llGkW
+aVM8U2ATsCun1IKHrRxynkE1/MJ86VHeYYX8GZt2YA8z+GuzylIOKcMH6JAWzMwA
+Gbatw6QwizOhr9iMjZ0B26TE3X8LvW84wwIBAg==
+-----END DH PARAMETERS-----
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEArtA3w73zP6Lu3EOQtwogiXt3AXXpuS6yD4BhzNS1pZFyPHk0/an5
+8ydEkPhQZHKDW+BZJxxPLANaTudWo2YT8TgtvUdN6KSgMiEi6McwqDw+SADuvW+F
+SKUYFxG6VFIxyEP6xBdf+vhJxEDbRG2EYsHDRRtJ76gp9cSKTHusf2R+4AAVGqnt
+gRAbNqtcOar/7FSj+Pl8G3v0Bty0LcCSpbqgYlnv6z+rErQmmC6PPvSz97TDMCok
+yKpCE9hFA1zkqK3TH4FmFvGeIaXJUIBZf4mArWuBTjWFW3nmhESRUn1VK3K3x42N
+a5k6c2+EhrMFiLjxuH6JZoqL0/E93FF9SwIBAg==
+-----END DH PARAMETERS-----
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh4096.pem b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh4096.pem
new file mode 100644
index 000000000..390943a21
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh4096.pem
@@ -0,0 +1,14 @@
+-----BEGIN DH PARAMETERS-----
+MIICCAKCAgEA/urRnb6vkPYc/KEGXWnbCIOaKitq7ySIq9dTH7s+Ri59zs77zty7
+vfVlSe6VFTBWgYjD2XKUFmtqq6CqXMhVX5ElUDoYDpAyTH85xqNFLzFC7nKrff/H
+TFKNttp22cZE9V0IPpzedPfnQkE7aUdmF9JnDyv21Z/818O93u1B4r0szdnmEvEF
+bKuIxEHX+bp0ZR7RqE1AeifXGJX3d6tsd2PMAObxwwsv55RGkn50vHO4QxtTARr1
+rRUV5j3B3oPMgC7Offxx+98Xn45B1/G0Prp11anDsR1PGwtaCYipqsvMwQUSJtyE
+EOQWk+yFkeMe4vWv367eEi0Sd/wnC+TSXBE3pYvpYerJ8n1MceI5GQTdarJ77OW9
+bGTHmxRsLSCM1jpLdPja5jjb4siAa6EHc4qN9c/iFKS3PQPJEnX7pXKBRs5f7AF3
+W3RIGt+G9IVNZfXaS7Z/iCpgzgvKCs0VeqN38QsJGtC1aIkwOeyjPNy2G6jJ4yqH
+ovXYt/0mc00vCWeSNS1wren0pR2EiLxX0ypjjgsU1mk/Z3b/+zVf7fZSIB+nDLjb
+NPtUlJCVGnAeBK1J1nG3TQicqowOXoM6ISkdaXj5GPJdXHab2+S7cqhKGv5qC7rR
+jT6sx7RUr0CNTxzLI7muV2/a4tGmj0PSdXQdsZ7tw7gbXlaWT1+MM2MCAQI=
+-----END DH PARAMETERS-----
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh512.pem b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh512.pem
new file mode 100644
index 000000000..0a4d863eb
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh512.pem
@@ -0,0 +1,4 @@
+-----BEGIN DH PARAMETERS-----
+MEYCQQDaWDwW2YUiidDkr3VvTMqS3UvlM7gE+w/tlO+cikQD7VdGUNNpmdsp13Yn
+a6LT1BLiGPTdHghM9tgAPnxHdOgzAgEC
+-----END DH PARAMETERS-----
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_ameth.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_ameth.c
new file mode 100644
index 000000000..05a1d4227
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_ameth.c
@@ -0,0 +1,907 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include "dh_locl.h"
+#include <openssl/bn.h>
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
+#include <openssl/cms.h>
+
+/*
+ * i2d/d2i like DH parameter functions which use the appropriate routine for
+ * PKCS#3 DH or X9.42 DH.
+ */
+
+static DH *d2i_dhp(const EVP_PKEY *pkey, const unsigned char **pp,
+                   long length)
+{
+    if (pkey->ameth == &dhx_asn1_meth)
+        return d2i_DHxparams(NULL, pp, length);
+    return d2i_DHparams(NULL, pp, length);
+}
+
+static int i2d_dhp(const EVP_PKEY *pkey, const DH *a, unsigned char **pp)
+{
+    if (pkey->ameth == &dhx_asn1_meth)
+        return i2d_DHxparams(a, pp);
+    return i2d_DHparams(a, pp);
+}
+
+static void int_dh_free(EVP_PKEY *pkey)
+{
+    DH_free(pkey->pkey.dh);
+}
+
+static int dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
+{
+    const unsigned char *p, *pm;
+    int pklen, pmlen;
+    int ptype;
+    const void *pval;
+    const ASN1_STRING *pstr;
+    X509_ALGOR *palg;
+    ASN1_INTEGER *public_key = NULL;
+
+    DH *dh = NULL;
+
+    if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
+        return 0;
+    X509_ALGOR_get0(NULL, &ptype, &pval, palg);
+
+    if (ptype != V_ASN1_SEQUENCE) {
+        DHerr(DH_F_DH_PUB_DECODE, DH_R_PARAMETER_ENCODING_ERROR);
+        goto err;
+    }
+
+    pstr = pval;
+    pm = pstr->data;
+    pmlen = pstr->length;
+
+    if ((dh = d2i_dhp(pkey, &pm, pmlen)) == NULL) {
+        DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR);
+        goto err;
+    }
+
+    if ((public_key = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL) {
+        DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR);
+        goto err;
+    }
+
+    /* We have parameters now set public key */
+    if ((dh->pub_key = ASN1_INTEGER_to_BN(public_key, NULL)) == NULL) {
+        DHerr(DH_F_DH_PUB_DECODE, DH_R_BN_DECODE_ERROR);
+        goto err;
+    }
+
+    ASN1_INTEGER_free(public_key);
+    EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh);
+    return 1;
+
+ err:
+    ASN1_INTEGER_free(public_key);
+    DH_free(dh);
+    return 0;
+
+}
+
+static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
+{
+    DH *dh;
+    int ptype;
+    unsigned char *penc = NULL;
+    int penclen;
+    ASN1_STRING *str;
+    ASN1_INTEGER *pub_key = NULL;
+
+    dh = pkey->pkey.dh;
+
+    str = ASN1_STRING_new();
+    if (str == NULL) {
+        DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    str->length = i2d_dhp(pkey, dh, &str->data);
+    if (str->length <= 0) {
+        DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    ptype = V_ASN1_SEQUENCE;
+
+    pub_key = BN_to_ASN1_INTEGER(dh->pub_key, NULL);
+    if (!pub_key)
+        goto err;
+
+    penclen = i2d_ASN1_INTEGER(pub_key, &penc);
+
+    ASN1_INTEGER_free(pub_key);
+
+    if (penclen <= 0) {
+        DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(pkey->ameth->pkey_id),
+                               ptype, str, penc, penclen))
+        return 1;
+
+ err:
+    OPENSSL_free(penc);
+    ASN1_STRING_free(str);
+
+    return 0;
+}
+
+/*
+ * PKCS#8 DH is defined in PKCS#11 of all places. It is similar to DH in that
+ * the AlgorithmIdentifier contains the parameters, the private key is
+ * explicitly included and the pubkey must be recalculated.
+ */
+
+static int dh_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
+{
+    const unsigned char *p, *pm;
+    int pklen, pmlen;
+    int ptype;
+    const void *pval;
+    const ASN1_STRING *pstr;
+    const X509_ALGOR *palg;
+    ASN1_INTEGER *privkey = NULL;
+
+    DH *dh = NULL;
+
+    if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
+        return 0;
+
+    X509_ALGOR_get0(NULL, &ptype, &pval, palg);
+
+    if (ptype != V_ASN1_SEQUENCE)
+        goto decerr;
+    if ((privkey = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL)
+        goto decerr;
+
+    pstr = pval;
+    pm = pstr->data;
+    pmlen = pstr->length;
+    if ((dh = d2i_dhp(pkey, &pm, pmlen)) == NULL)
+        goto decerr;
+
+    /* We have parameters now set private key */
+    if ((dh->priv_key = BN_secure_new()) == NULL
+        || !ASN1_INTEGER_to_BN(privkey, dh->priv_key)) {
+        DHerr(DH_F_DH_PRIV_DECODE, DH_R_BN_ERROR);
+        goto dherr;
+    }
+    /* Calculate public key */
+    if (!DH_generate_key(dh))
+        goto dherr;
+
+    EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh);
+
+    ASN1_STRING_clear_free(privkey);
+
+    return 1;
+
+ decerr:
+    DHerr(DH_F_DH_PRIV_DECODE, EVP_R_DECODE_ERROR);
+ dherr:
+    DH_free(dh);
+    ASN1_STRING_clear_free(privkey);
+    return 0;
+}
+
+static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
+{
+    ASN1_STRING *params = NULL;
+    ASN1_INTEGER *prkey = NULL;
+    unsigned char *dp = NULL;
+    int dplen;
+
+    params = ASN1_STRING_new();
+
+    if (params == NULL) {
+        DHerr(DH_F_DH_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    params->length = i2d_dhp(pkey, pkey->pkey.dh, &params->data);
+    if (params->length <= 0) {
+        DHerr(DH_F_DH_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    params->type = V_ASN1_SEQUENCE;
+
+    /* Get private key into integer */
+    prkey = BN_to_ASN1_INTEGER(pkey->pkey.dh->priv_key, NULL);
+
+    if (!prkey) {
+        DHerr(DH_F_DH_PRIV_ENCODE, DH_R_BN_ERROR);
+        goto err;
+    }
+
+    dplen = i2d_ASN1_INTEGER(prkey, &dp);
+
+    ASN1_STRING_clear_free(prkey);
+    prkey = NULL;
+
+    if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(pkey->ameth->pkey_id), 0,
+                         V_ASN1_SEQUENCE, params, dp, dplen))
+        goto err;
+
+    return 1;
+
+ err:
+    OPENSSL_free(dp);
+    ASN1_STRING_free(params);
+    ASN1_STRING_clear_free(prkey);
+    return 0;
+}
+
+static int dh_param_decode(EVP_PKEY *pkey,
+                           const unsigned char **pder, int derlen)
+{
+    DH *dh;
+
+    if ((dh = d2i_dhp(pkey, pder, derlen)) == NULL) {
+        DHerr(DH_F_DH_PARAM_DECODE, ERR_R_DH_LIB);
+        return 0;
+    }
+    EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh);
+    return 1;
+}
+
+static int dh_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
+{
+    return i2d_dhp(pkey, pkey->pkey.dh, pder);
+}
+
+static int do_dh_print(BIO *bp, const DH *x, int indent, int ptype)
+{
+    int reason = ERR_R_BUF_LIB;
+    const char *ktype = NULL;
+    BIGNUM *priv_key, *pub_key;
+
+    if (ptype == 2)
+        priv_key = x->priv_key;
+    else
+        priv_key = NULL;
+
+    if (ptype > 0)
+        pub_key = x->pub_key;
+    else
+        pub_key = NULL;
+
+    if (x->p == NULL || (ptype == 2 && priv_key == NULL)
+            || (ptype > 0 && pub_key == NULL)) {
+        reason = ERR_R_PASSED_NULL_PARAMETER;
+        goto err;
+    }
+
+    if (ptype == 2)
+        ktype = "DH Private-Key";
+    else if (ptype == 1)
+        ktype = "DH Public-Key";
+    else
+        ktype = "DH Parameters";
+
+    BIO_indent(bp, indent, 128);
+    if (BIO_printf(bp, "%s: (%d bit)\n", ktype, BN_num_bits(x->p)) <= 0)
+        goto err;
+    indent += 4;
+
+    if (!ASN1_bn_print(bp, "private-key:", priv_key, NULL, indent))
+        goto err;
+    if (!ASN1_bn_print(bp, "public-key:", pub_key, NULL, indent))
+        goto err;
+
+    if (!ASN1_bn_print(bp, "prime:", x->p, NULL, indent))
+        goto err;
+    if (!ASN1_bn_print(bp, "generator:", x->g, NULL, indent))
+        goto err;
+    if (x->q && !ASN1_bn_print(bp, "subgroup order:", x->q, NULL, indent))
+        goto err;
+    if (x->j && !ASN1_bn_print(bp, "subgroup factor:", x->j, NULL, indent))
+        goto err;
+    if (x->seed) {
+        int i;
+        BIO_indent(bp, indent, 128);
+        BIO_puts(bp, "seed:");
+        for (i = 0; i < x->seedlen; i++) {
+            if ((i % 15) == 0) {
+                if (BIO_puts(bp, "\n") <= 0
+                    || !BIO_indent(bp, indent + 4, 128))
+                    goto err;
+            }
+            if (BIO_printf(bp, "%02x%s", x->seed[i],
+                           ((i + 1) == x->seedlen) ? "" : ":") <= 0)
+                goto err;
+        }
+        if (BIO_write(bp, "\n", 1) <= 0)
+            return 0;
+    }
+    if (x->counter && !ASN1_bn_print(bp, "counter:", x->counter, NULL, indent))
+        goto err;
+    if (x->length != 0) {
+        BIO_indent(bp, indent, 128);
+        if (BIO_printf(bp, "recommended-private-length: %d bits\n",
+                       (int)x->length) <= 0)
+            goto err;
+    }
+
+    return 1;
+
+ err:
+    DHerr(DH_F_DO_DH_PRINT, reason);
+    return 0;
+}
+
+static int int_dh_size(const EVP_PKEY *pkey)
+{
+    return DH_size(pkey->pkey.dh);
+}
+
+static int dh_bits(const EVP_PKEY *pkey)
+{
+    return BN_num_bits(pkey->pkey.dh->p);
+}
+
+static int dh_security_bits(const EVP_PKEY *pkey)
+{
+    return DH_security_bits(pkey->pkey.dh);
+}
+
+static int dh_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+    if (BN_cmp(a->pkey.dh->p, b->pkey.dh->p) ||
+        BN_cmp(a->pkey.dh->g, b->pkey.dh->g))
+        return 0;
+    else if (a->ameth == &dhx_asn1_meth) {
+        if (BN_cmp(a->pkey.dh->q, b->pkey.dh->q))
+            return 0;
+    }
+    return 1;
+}
+
+static int int_dh_bn_cpy(BIGNUM **dst, const BIGNUM *src)
+{
+    BIGNUM *a;
+
+    /*
+     * If source is read only just copy the pointer, so
+     * we don't have to reallocate it.
+     */
+    if (src == NULL)
+        a = NULL;
+    else if (BN_get_flags(src, BN_FLG_STATIC_DATA)
+                && !BN_get_flags(src, BN_FLG_MALLOCED))
+        a = (BIGNUM *)src;
+    else if ((a = BN_dup(src)) == NULL)
+        return 0;
+    BN_clear_free(*dst);
+    *dst = a;
+    return 1;
+}
+
+static int int_dh_param_copy(DH *to, const DH *from, int is_x942)
+{
+    if (is_x942 == -1)
+        is_x942 = ! !from->q;
+    if (!int_dh_bn_cpy(&to->p, from->p))
+        return 0;
+    if (!int_dh_bn_cpy(&to->g, from->g))
+        return 0;
+    if (is_x942) {
+        if (!int_dh_bn_cpy(&to->q, from->q))
+            return 0;
+        if (!int_dh_bn_cpy(&to->j, from->j))
+            return 0;
+        OPENSSL_free(to->seed);
+        to->seed = NULL;
+        to->seedlen = 0;
+        if (from->seed) {
+            to->seed = OPENSSL_memdup(from->seed, from->seedlen);
+            if (!to->seed)
+                return 0;
+            to->seedlen = from->seedlen;
+        }
+    } else
+        to->length = from->length;
+    return 1;
+}
+
+DH *DHparams_dup(DH *dh)
+{
+    DH *ret;
+    ret = DH_new();
+    if (ret == NULL)
+        return NULL;
+    if (!int_dh_param_copy(ret, dh, -1)) {
+        DH_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
+{
+    if (to->pkey.dh == NULL) {
+        to->pkey.dh = DH_new();
+        if (to->pkey.dh == NULL)
+            return 0;
+    }
+    return int_dh_param_copy(to->pkey.dh, from->pkey.dh,
+                             from->ameth == &dhx_asn1_meth);
+}
+
+static int dh_missing_parameters(const EVP_PKEY *a)
+{
+    if (a->pkey.dh == NULL || a->pkey.dh->p == NULL || a->pkey.dh->g == NULL)
+        return 1;
+    return 0;
+}
+
+static int dh_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+    if (dh_cmp_parameters(a, b) == 0)
+        return 0;
+    if (BN_cmp(b->pkey.dh->pub_key, a->pkey.dh->pub_key) != 0)
+        return 0;
+    else
+        return 1;
+}
+
+static int dh_param_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                          ASN1_PCTX *ctx)
+{
+    return do_dh_print(bp, pkey->pkey.dh, indent, 0);
+}
+
+static int dh_public_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                           ASN1_PCTX *ctx)
+{
+    return do_dh_print(bp, pkey->pkey.dh, indent, 1);
+}
+
+static int dh_private_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                            ASN1_PCTX *ctx)
+{
+    return do_dh_print(bp, pkey->pkey.dh, indent, 2);
+}
+
+int DHparams_print(BIO *bp, const DH *x)
+{
+    return do_dh_print(bp, x, 4, 0);
+}
+
+#ifndef OPENSSL_NO_CMS
+static int dh_cms_decrypt(CMS_RecipientInfo *ri);
+static int dh_cms_encrypt(CMS_RecipientInfo *ri);
+#endif
+
+static int dh_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+{
+    switch (op) {
+#ifndef OPENSSL_NO_CMS
+
+    case ASN1_PKEY_CTRL_CMS_ENVELOPE:
+        if (arg1 == 1)
+            return dh_cms_decrypt(arg2);
+        else if (arg1 == 0)
+            return dh_cms_encrypt(arg2);
+        return -2;
+
+    case ASN1_PKEY_CTRL_CMS_RI_TYPE:
+        *(int *)arg2 = CMS_RECIPINFO_AGREE;
+        return 1;
+#endif
+    default:
+        return -2;
+    }
+
+}
+
+static int dh_pkey_public_check(const EVP_PKEY *pkey)
+{
+    DH *dh = pkey->pkey.dh;
+
+    if (dh->pub_key == NULL) {
+        DHerr(DH_F_DH_PKEY_PUBLIC_CHECK, DH_R_MISSING_PUBKEY);
+        return 0;
+    }
+
+    return DH_check_pub_key_ex(dh, dh->pub_key);
+}
+
+static int dh_pkey_param_check(const EVP_PKEY *pkey)
+{
+    DH *dh = pkey->pkey.dh;
+
+    return DH_check_ex(dh);
+}
+
+const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {
+    EVP_PKEY_DH,
+    EVP_PKEY_DH,
+    0,
+
+    "DH",
+    "OpenSSL PKCS#3 DH method",
+
+    dh_pub_decode,
+    dh_pub_encode,
+    dh_pub_cmp,
+    dh_public_print,
+
+    dh_priv_decode,
+    dh_priv_encode,
+    dh_private_print,
+
+    int_dh_size,
+    dh_bits,
+    dh_security_bits,
+
+    dh_param_decode,
+    dh_param_encode,
+    dh_missing_parameters,
+    dh_copy_parameters,
+    dh_cmp_parameters,
+    dh_param_print,
+    0,
+
+    int_dh_free,
+    0,
+
+    0, 0, 0, 0, 0,
+
+    0,
+    dh_pkey_public_check,
+    dh_pkey_param_check
+};
+
+const EVP_PKEY_ASN1_METHOD dhx_asn1_meth = {
+    EVP_PKEY_DHX,
+    EVP_PKEY_DHX,
+    0,
+
+    "X9.42 DH",
+    "OpenSSL X9.42 DH method",
+
+    dh_pub_decode,
+    dh_pub_encode,
+    dh_pub_cmp,
+    dh_public_print,
+
+    dh_priv_decode,
+    dh_priv_encode,
+    dh_private_print,
+
+    int_dh_size,
+    dh_bits,
+    dh_security_bits,
+
+    dh_param_decode,
+    dh_param_encode,
+    dh_missing_parameters,
+    dh_copy_parameters,
+    dh_cmp_parameters,
+    dh_param_print,
+    0,
+
+    int_dh_free,
+    dh_pkey_ctrl,
+
+    0, 0, 0, 0, 0,
+
+    0,
+    dh_pkey_public_check,
+    dh_pkey_param_check
+};
+
+#ifndef OPENSSL_NO_CMS
+
+static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx,
+                              X509_ALGOR *alg, ASN1_BIT_STRING *pubkey)
+{
+    const ASN1_OBJECT *aoid;
+    int atype;
+    const void *aval;
+    ASN1_INTEGER *public_key = NULL;
+    int rv = 0;
+    EVP_PKEY *pkpeer = NULL, *pk = NULL;
+    DH *dhpeer = NULL;
+    const unsigned char *p;
+    int plen;
+
+    X509_ALGOR_get0(&aoid, &atype, &aval, alg);
+    if (OBJ_obj2nid(aoid) != NID_dhpublicnumber)
+        goto err;
+    /* Only absent parameters allowed in RFC XXXX */
+    if (atype != V_ASN1_UNDEF && atype == V_ASN1_NULL)
+        goto err;
+
+    pk = EVP_PKEY_CTX_get0_pkey(pctx);
+    if (!pk)
+        goto err;
+    if (pk->type != EVP_PKEY_DHX)
+        goto err;
+    /* Get parameters from parent key */
+    dhpeer = DHparams_dup(pk->pkey.dh);
+    /* We have parameters now set public key */
+    plen = ASN1_STRING_length(pubkey);
+    p = ASN1_STRING_get0_data(pubkey);
+    if (!p || !plen)
+        goto err;
+
+    if ((public_key = d2i_ASN1_INTEGER(NULL, &p, plen)) == NULL) {
+        DHerr(DH_F_DH_CMS_SET_PEERKEY, DH_R_DECODE_ERROR);
+        goto err;
+    }
+
+    /* We have parameters now set public key */
+    if ((dhpeer->pub_key = ASN1_INTEGER_to_BN(public_key, NULL)) == NULL) {
+        DHerr(DH_F_DH_CMS_SET_PEERKEY, DH_R_BN_DECODE_ERROR);
+        goto err;
+    }
+
+    pkpeer = EVP_PKEY_new();
+    if (pkpeer == NULL)
+        goto err;
+    EVP_PKEY_assign(pkpeer, pk->ameth->pkey_id, dhpeer);
+    dhpeer = NULL;
+    if (EVP_PKEY_derive_set_peer(pctx, pkpeer) > 0)
+        rv = 1;
+ err:
+    ASN1_INTEGER_free(public_key);
+    EVP_PKEY_free(pkpeer);
+    DH_free(dhpeer);
+    return rv;
+}
+
+static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
+{
+    int rv = 0;
+
+    X509_ALGOR *alg, *kekalg = NULL;
+    ASN1_OCTET_STRING *ukm;
+    const unsigned char *p;
+    unsigned char *dukm = NULL;
+    size_t dukmlen = 0;
+    int keylen, plen;
+    const EVP_CIPHER *kekcipher;
+    EVP_CIPHER_CTX *kekctx;
+
+    if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm))
+        goto err;
+
+    /*
+     * For DH we only have one OID permissible. If ever any more get defined
+     * we will need something cleverer.
+     */
+    if (OBJ_obj2nid(alg->algorithm) != NID_id_smime_alg_ESDH) {
+        DHerr(DH_F_DH_CMS_SET_SHARED_INFO, DH_R_KDF_PARAMETER_ERROR);
+        goto err;
+    }
+
+    if (EVP_PKEY_CTX_set_dh_kdf_type(pctx, EVP_PKEY_DH_KDF_X9_42) <= 0)
+        goto err;
+
+    if (EVP_PKEY_CTX_set_dh_kdf_md(pctx, EVP_sha1()) <= 0)
+        goto err;
+
+    if (alg->parameter->type != V_ASN1_SEQUENCE)
+        goto err;
+
+    p = alg->parameter->value.sequence->data;
+    plen = alg->parameter->value.sequence->length;
+    kekalg = d2i_X509_ALGOR(NULL, &p, plen);
+    if (!kekalg)
+        goto err;
+    kekctx = CMS_RecipientInfo_kari_get0_ctx(ri);
+    if (!kekctx)
+        goto err;
+    kekcipher = EVP_get_cipherbyobj(kekalg->algorithm);
+    if (!kekcipher || EVP_CIPHER_mode(kekcipher) != EVP_CIPH_WRAP_MODE)
+        goto err;
+    if (!EVP_EncryptInit_ex(kekctx, kekcipher, NULL, NULL, NULL))
+        goto err;
+    if (EVP_CIPHER_asn1_to_param(kekctx, kekalg->parameter) <= 0)
+        goto err;
+
+    keylen = EVP_CIPHER_CTX_key_length(kekctx);
+    if (EVP_PKEY_CTX_set_dh_kdf_outlen(pctx, keylen) <= 0)
+        goto err;
+    /* Use OBJ_nid2obj to ensure we use built in OID that isn't freed */
+    if (EVP_PKEY_CTX_set0_dh_kdf_oid(pctx,
+                                     OBJ_nid2obj(EVP_CIPHER_type(kekcipher)))
+        <= 0)
+        goto err;
+
+    if (ukm) {
+        dukmlen = ASN1_STRING_length(ukm);
+        dukm = OPENSSL_memdup(ASN1_STRING_get0_data(ukm), dukmlen);
+        if (!dukm)
+            goto err;
+    }
+
+    if (EVP_PKEY_CTX_set0_dh_kdf_ukm(pctx, dukm, dukmlen) <= 0)
+        goto err;
+    dukm = NULL;
+
+    rv = 1;
+ err:
+    X509_ALGOR_free(kekalg);
+    OPENSSL_free(dukm);
+    return rv;
+}
+
+static int dh_cms_decrypt(CMS_RecipientInfo *ri)
+{
+    EVP_PKEY_CTX *pctx;
+    pctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
+    if (!pctx)
+        return 0;
+    /* See if we need to set peer key */
+    if (!EVP_PKEY_CTX_get0_peerkey(pctx)) {
+        X509_ALGOR *alg;
+        ASN1_BIT_STRING *pubkey;
+        if (!CMS_RecipientInfo_kari_get0_orig_id(ri, &alg, &pubkey,
+                                                 NULL, NULL, NULL))
+            return 0;
+        if (!alg || !pubkey)
+            return 0;
+        if (!dh_cms_set_peerkey(pctx, alg, pubkey)) {
+            DHerr(DH_F_DH_CMS_DECRYPT, DH_R_PEER_KEY_ERROR);
+            return 0;
+        }
+    }
+    /* Set DH derivation parameters and initialise unwrap context */
+    if (!dh_cms_set_shared_info(pctx, ri)) {
+        DHerr(DH_F_DH_CMS_DECRYPT, DH_R_SHARED_INFO_ERROR);
+        return 0;
+    }
+    return 1;
+}
+
+static int dh_cms_encrypt(CMS_RecipientInfo *ri)
+{
+    EVP_PKEY_CTX *pctx;
+    EVP_PKEY *pkey;
+    EVP_CIPHER_CTX *ctx;
+    int keylen;
+    X509_ALGOR *talg, *wrap_alg = NULL;
+    const ASN1_OBJECT *aoid;
+    ASN1_BIT_STRING *pubkey;
+    ASN1_STRING *wrap_str;
+    ASN1_OCTET_STRING *ukm;
+    unsigned char *penc = NULL, *dukm = NULL;
+    int penclen;
+    size_t dukmlen = 0;
+    int rv = 0;
+    int kdf_type, wrap_nid;
+    const EVP_MD *kdf_md;
+    pctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
+    if (!pctx)
+        return 0;
+    /* Get ephemeral key */
+    pkey = EVP_PKEY_CTX_get0_pkey(pctx);
+    if (!CMS_RecipientInfo_kari_get0_orig_id(ri, &talg, &pubkey,
+                                             NULL, NULL, NULL))
+        goto err;
+    X509_ALGOR_get0(&aoid, NULL, NULL, talg);
+    /* Is everything uninitialised? */
+    if (aoid == OBJ_nid2obj(NID_undef)) {
+        ASN1_INTEGER *pubk = BN_to_ASN1_INTEGER(pkey->pkey.dh->pub_key, NULL);
+        if (!pubk)
+            goto err;
+        /* Set the key */
+
+        penclen = i2d_ASN1_INTEGER(pubk, &penc);
+        ASN1_INTEGER_free(pubk);
+        if (penclen <= 0)
+            goto err;
+        ASN1_STRING_set0(pubkey, penc, penclen);
+        pubkey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
+        pubkey->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+
+        penc = NULL;
+        X509_ALGOR_set0(talg, OBJ_nid2obj(NID_dhpublicnumber),
+                        V_ASN1_UNDEF, NULL);
+    }
+
+    /* See if custom parameters set */
+    kdf_type = EVP_PKEY_CTX_get_dh_kdf_type(pctx);
+    if (kdf_type <= 0)
+        goto err;
+    if (!EVP_PKEY_CTX_get_dh_kdf_md(pctx, &kdf_md))
+        goto err;
+
+    if (kdf_type == EVP_PKEY_DH_KDF_NONE) {
+        kdf_type = EVP_PKEY_DH_KDF_X9_42;
+        if (EVP_PKEY_CTX_set_dh_kdf_type(pctx, kdf_type) <= 0)
+            goto err;
+    } else if (kdf_type != EVP_PKEY_DH_KDF_X9_42)
+        /* Unknown KDF */
+        goto err;
+    if (kdf_md == NULL) {
+        /* Only SHA1 supported */
+        kdf_md = EVP_sha1();
+        if (EVP_PKEY_CTX_set_dh_kdf_md(pctx, kdf_md) <= 0)
+            goto err;
+    } else if (EVP_MD_type(kdf_md) != NID_sha1)
+        /* Unsupported digest */
+        goto err;
+
+    if (!CMS_RecipientInfo_kari_get0_alg(ri, &talg, &ukm))
+        goto err;
+
+    /* Get wrap NID */
+    ctx = CMS_RecipientInfo_kari_get0_ctx(ri);
+    wrap_nid = EVP_CIPHER_CTX_type(ctx);
+    if (EVP_PKEY_CTX_set0_dh_kdf_oid(pctx, OBJ_nid2obj(wrap_nid)) <= 0)
+        goto err;
+    keylen = EVP_CIPHER_CTX_key_length(ctx);
+
+    /* Package wrap algorithm in an AlgorithmIdentifier */
+
+    wrap_alg = X509_ALGOR_new();
+    if (wrap_alg == NULL)
+        goto err;
+    wrap_alg->algorithm = OBJ_nid2obj(wrap_nid);
+    wrap_alg->parameter = ASN1_TYPE_new();
+    if (wrap_alg->parameter == NULL)
+        goto err;
+    if (EVP_CIPHER_param_to_asn1(ctx, wrap_alg->parameter) <= 0)
+        goto err;
+    if (ASN1_TYPE_get(wrap_alg->parameter) == NID_undef) {
+        ASN1_TYPE_free(wrap_alg->parameter);
+        wrap_alg->parameter = NULL;
+    }
+
+    if (EVP_PKEY_CTX_set_dh_kdf_outlen(pctx, keylen) <= 0)
+        goto err;
+
+    if (ukm) {
+        dukmlen = ASN1_STRING_length(ukm);
+        dukm = OPENSSL_memdup(ASN1_STRING_get0_data(ukm), dukmlen);
+        if (!dukm)
+            goto err;
+    }
+
+    if (EVP_PKEY_CTX_set0_dh_kdf_ukm(pctx, dukm, dukmlen) <= 0)
+        goto err;
+    dukm = NULL;
+
+    /*
+     * Now need to wrap encoding of wrap AlgorithmIdentifier into parameter
+     * of another AlgorithmIdentifier.
+     */
+    penc = NULL;
+    penclen = i2d_X509_ALGOR(wrap_alg, &penc);
+    if (!penc || !penclen)
+        goto err;
+    wrap_str = ASN1_STRING_new();
+    if (wrap_str == NULL)
+        goto err;
+    ASN1_STRING_set0(wrap_str, penc, penclen);
+    penc = NULL;
+    X509_ALGOR_set0(talg, OBJ_nid2obj(NID_id_smime_alg_ESDH),
+                    V_ASN1_SEQUENCE, wrap_str);
+
+    rv = 1;
+
+ err:
+    OPENSSL_free(penc);
+    X509_ALGOR_free(wrap_alg);
+    return rv;
+}
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_asn1.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_asn1.c
new file mode 100644
index 000000000..1a40633b4
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_asn1.c
@@ -0,0 +1,138 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include "dh_locl.h"
+#include <openssl/objects.h>
+#include <openssl/asn1t.h>
+
+/* Override the default free and new methods */
+static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                 void *exarg)
+{
+    if (operation == ASN1_OP_NEW_PRE) {
+        *pval = (ASN1_VALUE *)DH_new();
+        if (*pval != NULL)
+            return 2;
+        return 0;
+    } else if (operation == ASN1_OP_FREE_PRE) {
+        DH_free((DH *)*pval);
+        *pval = NULL;
+        return 2;
+    }
+    return 1;
+}
+
+ASN1_SEQUENCE_cb(DHparams, dh_cb) = {
+        ASN1_SIMPLE(DH, p, BIGNUM),
+        ASN1_SIMPLE(DH, g, BIGNUM),
+        ASN1_OPT_EMBED(DH, length, ZINT32),
+} ASN1_SEQUENCE_END_cb(DH, DHparams)
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DH, DHparams, DHparams)
+
+/*
+ * Internal only structures for handling X9.42 DH: this gets translated to or
+ * from a DH structure straight away.
+ */
+
+typedef struct {
+    ASN1_BIT_STRING *seed;
+    BIGNUM *counter;
+} int_dhvparams;
+
+typedef struct {
+    BIGNUM *p;
+    BIGNUM *q;
+    BIGNUM *g;
+    BIGNUM *j;
+    int_dhvparams *vparams;
+} int_dhx942_dh;
+
+ASN1_SEQUENCE(DHvparams) = {
+        ASN1_SIMPLE(int_dhvparams, seed, ASN1_BIT_STRING),
+        ASN1_SIMPLE(int_dhvparams, counter, BIGNUM)
+} static_ASN1_SEQUENCE_END_name(int_dhvparams, DHvparams)
+
+ASN1_SEQUENCE(DHxparams) = {
+        ASN1_SIMPLE(int_dhx942_dh, p, BIGNUM),
+        ASN1_SIMPLE(int_dhx942_dh, g, BIGNUM),
+        ASN1_SIMPLE(int_dhx942_dh, q, BIGNUM),
+        ASN1_OPT(int_dhx942_dh, j, BIGNUM),
+        ASN1_OPT(int_dhx942_dh, vparams, DHvparams),
+} static_ASN1_SEQUENCE_END_name(int_dhx942_dh, DHxparams)
+
+int_dhx942_dh *d2i_int_dhx(int_dhx942_dh **a,
+                           const unsigned char **pp, long length);
+int i2d_int_dhx(const int_dhx942_dh *a, unsigned char **pp);
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(int_dhx942_dh, DHxparams, int_dhx)
+
+/* Application public function: read in X9.42 DH parameters into DH structure */
+
+DH *d2i_DHxparams(DH **a, const unsigned char **pp, long length)
+{
+    int_dhx942_dh *dhx = NULL;
+    DH *dh = NULL;
+    dh = DH_new();
+    if (dh == NULL)
+        return NULL;
+    dhx = d2i_int_dhx(NULL, pp, length);
+    if (dhx == NULL) {
+        DH_free(dh);
+        return NULL;
+    }
+
+    if (a) {
+        DH_free(*a);
+        *a = dh;
+    }
+
+    dh->p = dhx->p;
+    dh->q = dhx->q;
+    dh->g = dhx->g;
+    dh->j = dhx->j;
+
+    if (dhx->vparams) {
+        dh->seed = dhx->vparams->seed->data;
+        dh->seedlen = dhx->vparams->seed->length;
+        dh->counter = dhx->vparams->counter;
+        dhx->vparams->seed->data = NULL;
+        ASN1_BIT_STRING_free(dhx->vparams->seed);
+        OPENSSL_free(dhx->vparams);
+        dhx->vparams = NULL;
+    }
+
+    OPENSSL_free(dhx);
+    return dh;
+}
+
+int i2d_DHxparams(const DH *dh, unsigned char **pp)
+{
+    int_dhx942_dh dhx;
+    int_dhvparams dhv;
+    ASN1_BIT_STRING bs;
+    dhx.p = dh->p;
+    dhx.g = dh->g;
+    dhx.q = dh->q;
+    dhx.j = dh->j;
+    if (dh->counter && dh->seed && dh->seedlen > 0) {
+        bs.flags = ASN1_STRING_FLAG_BITS_LEFT;
+        bs.data = dh->seed;
+        bs.length = dh->seedlen;
+        dhv.seed = &bs;
+        dhv.counter = dh->counter;
+        dhx.vparams = &dhv;
+    } else
+        dhx.vparams = NULL;
+
+    return i2d_int_dhx(&dhx, pp);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_check.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_check.c
new file mode 100644
index 000000000..fc4557710
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_check.c
@@ -0,0 +1,233 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include "dh_locl.h"
+
+/*-
+ * Check that p and g are suitable enough
+ *
+ * p is odd
+ * 1 < g < p - 1
+ */
+int DH_check_params_ex(const DH *dh)
+{
+    int errflags = 0;
+
+    (void)DH_check_params(dh, &errflags);
+
+    if ((errflags & DH_CHECK_P_NOT_PRIME) != 0)
+        DHerr(DH_F_DH_CHECK_PARAMS_EX, DH_R_CHECK_P_NOT_PRIME);
+    if ((errflags & DH_NOT_SUITABLE_GENERATOR) != 0)
+        DHerr(DH_F_DH_CHECK_PARAMS_EX, DH_R_NOT_SUITABLE_GENERATOR);
+
+    return errflags == 0;
+}
+
+int DH_check_params(const DH *dh, int *ret)
+{
+    int ok = 0;
+    BIGNUM *tmp = NULL;
+    BN_CTX *ctx = NULL;
+
+    *ret = 0;
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+    tmp = BN_CTX_get(ctx);
+    if (tmp == NULL)
+        goto err;
+
+    if (!BN_is_odd(dh->p))
+        *ret |= DH_CHECK_P_NOT_PRIME;
+    if (BN_is_negative(dh->g) || BN_is_zero(dh->g) || BN_is_one(dh->g))
+        *ret |= DH_NOT_SUITABLE_GENERATOR;
+    if (BN_copy(tmp, dh->p) == NULL || !BN_sub_word(tmp, 1))
+        goto err;
+    if (BN_cmp(dh->g, tmp) >= 0)
+        *ret |= DH_NOT_SUITABLE_GENERATOR;
+
+    ok = 1;
+ err:
+    if (ctx != NULL) {
+        BN_CTX_end(ctx);
+        BN_CTX_free(ctx);
+    }
+    return ok;
+}
+
+/*-
+ * Check that p is a safe prime and
+ * if g is 2, 3 or 5, check that it is a suitable generator
+ * where
+ * for 2, p mod 24 == 11
+ * for 3, p mod 12 == 5
+ * for 5, p mod 10 == 3 or 7
+ * should hold.
+ */
+int DH_check_ex(const DH *dh)
+{
+    int errflags = 0;
+
+    (void)DH_check(dh, &errflags);
+
+    if ((errflags & DH_NOT_SUITABLE_GENERATOR) != 0)
+        DHerr(DH_F_DH_CHECK_EX, DH_R_NOT_SUITABLE_GENERATOR);
+    if ((errflags & DH_CHECK_Q_NOT_PRIME) != 0)
+        DHerr(DH_F_DH_CHECK_EX, DH_R_CHECK_Q_NOT_PRIME);
+    if ((errflags & DH_CHECK_INVALID_Q_VALUE) != 0)
+        DHerr(DH_F_DH_CHECK_EX, DH_R_CHECK_INVALID_Q_VALUE);
+    if ((errflags & DH_CHECK_INVALID_J_VALUE) != 0)
+        DHerr(DH_F_DH_CHECK_EX, DH_R_CHECK_INVALID_J_VALUE);
+    if ((errflags & DH_UNABLE_TO_CHECK_GENERATOR) != 0)
+        DHerr(DH_F_DH_CHECK_EX, DH_R_UNABLE_TO_CHECK_GENERATOR);
+    if ((errflags & DH_CHECK_P_NOT_PRIME) != 0)
+        DHerr(DH_F_DH_CHECK_EX, DH_R_CHECK_P_NOT_PRIME);
+    if ((errflags & DH_CHECK_P_NOT_SAFE_PRIME) != 0)
+        DHerr(DH_F_DH_CHECK_EX, DH_R_CHECK_P_NOT_SAFE_PRIME);
+
+    return errflags == 0;
+}
+
+int DH_check(const DH *dh, int *ret)
+{
+    int ok = 0, r;
+    BN_CTX *ctx = NULL;
+    BN_ULONG l;
+    BIGNUM *t1 = NULL, *t2 = NULL;
+
+    *ret = 0;
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+    t1 = BN_CTX_get(ctx);
+    t2 = BN_CTX_get(ctx);
+    if (t2 == NULL)
+        goto err;
+
+    if (dh->q) {
+        if (BN_cmp(dh->g, BN_value_one()) <= 0)
+            *ret |= DH_NOT_SUITABLE_GENERATOR;
+        else if (BN_cmp(dh->g, dh->p) >= 0)
+            *ret |= DH_NOT_SUITABLE_GENERATOR;
+        else {
+            /* Check g^q == 1 mod p */
+            if (!BN_mod_exp(t1, dh->g, dh->q, dh->p, ctx))
+                goto err;
+            if (!BN_is_one(t1))
+                *ret |= DH_NOT_SUITABLE_GENERATOR;
+        }
+        r = BN_is_prime_ex(dh->q, BN_prime_checks, ctx, NULL);
+        if (r < 0)
+            goto err;
+        if (!r)
+            *ret |= DH_CHECK_Q_NOT_PRIME;
+        /* Check p == 1 mod q  i.e. q divides p - 1 */
+        if (!BN_div(t1, t2, dh->p, dh->q, ctx))
+            goto err;
+        if (!BN_is_one(t2))
+            *ret |= DH_CHECK_INVALID_Q_VALUE;
+        if (dh->j && BN_cmp(dh->j, t1))
+            *ret |= DH_CHECK_INVALID_J_VALUE;
+
+    } else if (BN_is_word(dh->g, DH_GENERATOR_2)) {
+        l = BN_mod_word(dh->p, 24);
+        if (l == (BN_ULONG)-1)
+            goto err;
+        if (l != 11)
+            *ret |= DH_NOT_SUITABLE_GENERATOR;
+    } else if (BN_is_word(dh->g, DH_GENERATOR_5)) {
+        l = BN_mod_word(dh->p, 10);
+        if (l == (BN_ULONG)-1)
+            goto err;
+        if ((l != 3) && (l != 7))
+            *ret |= DH_NOT_SUITABLE_GENERATOR;
+    } else
+        *ret |= DH_UNABLE_TO_CHECK_GENERATOR;
+
+    r = BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL);
+    if (r < 0)
+        goto err;
+    if (!r)
+        *ret |= DH_CHECK_P_NOT_PRIME;
+    else if (!dh->q) {
+        if (!BN_rshift1(t1, dh->p))
+            goto err;
+        r = BN_is_prime_ex(t1, BN_prime_checks, ctx, NULL);
+        if (r < 0)
+            goto err;
+        if (!r)
+            *ret |= DH_CHECK_P_NOT_SAFE_PRIME;
+    }
+    ok = 1;
+ err:
+    if (ctx != NULL) {
+        BN_CTX_end(ctx);
+        BN_CTX_free(ctx);
+    }
+    return ok;
+}
+
+int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key)
+{
+    int errflags = 0;
+
+    (void)DH_check(dh, &errflags);
+
+    if ((errflags & DH_CHECK_PUBKEY_TOO_SMALL) != 0)
+        DHerr(DH_F_DH_CHECK_PUB_KEY_EX, DH_R_CHECK_PUBKEY_TOO_SMALL);
+    if ((errflags & DH_CHECK_PUBKEY_TOO_LARGE) != 0)
+        DHerr(DH_F_DH_CHECK_PUB_KEY_EX, DH_R_CHECK_PUBKEY_TOO_LARGE);
+    if ((errflags & DH_CHECK_PUBKEY_INVALID) != 0)
+        DHerr(DH_F_DH_CHECK_PUB_KEY_EX, DH_R_CHECK_PUBKEY_INVALID);
+
+    return errflags == 0;
+}
+
+int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
+{
+    int ok = 0;
+    BIGNUM *tmp = NULL;
+    BN_CTX *ctx = NULL;
+
+    *ret = 0;
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+    tmp = BN_CTX_get(ctx);
+    if (tmp == NULL || !BN_set_word(tmp, 1))
+        goto err;
+    if (BN_cmp(pub_key, tmp) <= 0)
+        *ret |= DH_CHECK_PUBKEY_TOO_SMALL;
+    if (BN_copy(tmp, dh->p) == NULL || !BN_sub_word(tmp, 1))
+        goto err;
+    if (BN_cmp(pub_key, tmp) >= 0)
+        *ret |= DH_CHECK_PUBKEY_TOO_LARGE;
+
+    if (dh->q != NULL) {
+        /* Check pub_key^q == 1 mod p */
+        if (!BN_mod_exp(tmp, pub_key, dh->q, dh->p, ctx))
+            goto err;
+        if (!BN_is_one(tmp))
+            *ret |= DH_CHECK_PUBKEY_INVALID;
+    }
+
+    ok = 1;
+ err:
+    if (ctx != NULL) {
+        BN_CTX_end(ctx);
+        BN_CTX_free(ctx);
+    }
+    return ok;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_depr.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_depr.c
new file mode 100644
index 000000000..f8ed1b746
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_depr.c
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* This file contains deprecated functions as wrappers to the new ones */
+
+#include <openssl/opensslconf.h>
+#if OPENSSL_API_COMPAT >= 0x00908000L
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <stdio.h>
+# include "internal/cryptlib.h"
+# include <openssl/bn.h>
+# include <openssl/dh.h>
+
+DH *DH_generate_parameters(int prime_len, int generator,
+                           void (*callback) (int, int, void *), void *cb_arg)
+{
+    BN_GENCB *cb;
+    DH *ret = NULL;
+
+    if ((ret = DH_new()) == NULL)
+        return NULL;
+    cb = BN_GENCB_new();
+    if (cb == NULL) {
+        DH_free(ret);
+        return NULL;
+    }
+
+    BN_GENCB_set_old(cb, callback, cb_arg);
+
+    if (DH_generate_parameters_ex(ret, prime_len, generator, cb)) {
+        BN_GENCB_free(cb);
+        return ret;
+    }
+    BN_GENCB_free(cb);
+    DH_free(ret);
+    return NULL;
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_err.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_err.c
new file mode 100644
index 000000000..7285587b4
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_err.c
@@ -0,0 +1,101 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/dherr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA DH_str_functs[] = {
+    {ERR_PACK(ERR_LIB_DH, DH_F_COMPUTE_KEY, 0), "compute_key"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DHPARAMS_PRINT_FP, 0), "DHparams_print_fp"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_BUILTIN_GENPARAMS, 0),
+     "dh_builtin_genparams"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_EX, 0), "DH_check_ex"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PARAMS_EX, 0), "DH_check_params_ex"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PUB_KEY_EX, 0), "DH_check_pub_key_ex"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_DECRYPT, 0), "dh_cms_decrypt"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_SET_PEERKEY, 0), "dh_cms_set_peerkey"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_SET_SHARED_INFO, 0),
+     "dh_cms_set_shared_info"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_METH_DUP, 0), "DH_meth_dup"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_METH_NEW, 0), "DH_meth_new"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_METH_SET1_NAME, 0), "DH_meth_set1_name"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_NEW_BY_NID, 0), "DH_new_by_nid"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_NEW_METHOD, 0), "DH_new_method"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_PARAM_DECODE, 0), "dh_param_decode"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_PKEY_PUBLIC_CHECK, 0),
+     "dh_pkey_public_check"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_PRIV_DECODE, 0), "dh_priv_decode"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_PRIV_ENCODE, 0), "dh_priv_encode"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_PUB_DECODE, 0), "dh_pub_decode"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_PUB_ENCODE, 0), "dh_pub_encode"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DO_DH_PRINT, 0), "do_dh_print"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_GENERATE_KEY, 0), "generate_key"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_PKEY_DH_CTRL_STR, 0), "pkey_dh_ctrl_str"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_PKEY_DH_DERIVE, 0), "pkey_dh_derive"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_PKEY_DH_INIT, 0), "pkey_dh_init"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_PKEY_DH_KEYGEN, 0), "pkey_dh_keygen"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA DH_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_BAD_GENERATOR), "bad generator"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_BN_DECODE_ERROR), "bn decode error"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_BN_ERROR), "bn error"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_INVALID_J_VALUE),
+    "check invalid j value"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_INVALID_Q_VALUE),
+    "check invalid q value"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_PUBKEY_INVALID),
+    "check pubkey invalid"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_PUBKEY_TOO_LARGE),
+    "check pubkey too large"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_PUBKEY_TOO_SMALL),
+    "check pubkey too small"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_P_NOT_PRIME), "check p not prime"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_P_NOT_SAFE_PRIME),
+    "check p not safe prime"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_Q_NOT_PRIME), "check q not prime"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_DECODE_ERROR), "decode error"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_INVALID_PARAMETER_NAME),
+    "invalid parameter name"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_INVALID_PARAMETER_NID),
+    "invalid parameter nid"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_INVALID_PUBKEY), "invalid public key"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_KDF_PARAMETER_ERROR), "kdf parameter error"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_KEYS_NOT_SET), "keys not set"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_MISSING_PUBKEY), "missing pubkey"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_MODULUS_TOO_LARGE), "modulus too large"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_NOT_SUITABLE_GENERATOR),
+    "not suitable generator"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_NO_PARAMETERS_SET), "no parameters set"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_NO_PRIVATE_VALUE), "no private value"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_PARAMETER_ENCODING_ERROR),
+    "parameter encoding error"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_PEER_KEY_ERROR), "peer key error"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_SHARED_INFO_ERROR), "shared info error"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_UNABLE_TO_CHECK_GENERATOR),
+    "unable to check generator"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_DH_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(DH_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(DH_str_functs);
+        ERR_load_strings_const(DH_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_gen.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_gen.c
new file mode 100644
index 000000000..59137e0f0
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_gen.c
@@ -0,0 +1,130 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * NB: These functions have been upgraded - the previous prototypes are in
+ * dh_depr.c as wrappers to these ones.  - Geoff
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include "dh_locl.h"
+
+static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
+                                BN_GENCB *cb);
+
+int DH_generate_parameters_ex(DH *ret, int prime_len, int generator,
+                              BN_GENCB *cb)
+{
+    if (ret->meth->generate_params)
+        return ret->meth->generate_params(ret, prime_len, generator, cb);
+    return dh_builtin_genparams(ret, prime_len, generator, cb);
+}
+
+/*-
+ * We generate DH parameters as follows
+ * find a prime q which is prime_len/2 bits long.
+ * p=(2*q)+1 or (p-1)/2 = q
+ * For this case, g is a generator if
+ * g^((p-1)/q) mod p != 1 for values of q which are the factors of p-1.
+ * Since the factors of p-1 are q and 2, we just need to check
+ * g^2 mod p != 1 and g^q mod p != 1.
+ *
+ * Having said all that,
+ * there is another special case method for the generators 2, 3 and 5.
+ * for 2, p mod 24 == 11
+ * for 3, p mod 12 == 5  <<<<< does not work for safe primes.
+ * for 5, p mod 10 == 3 or 7
+ *
+ * Thanks to Phil Karn for the pointers about the
+ * special generators and for answering some of my questions.
+ *
+ * I've implemented the second simple method :-).
+ * Since DH should be using a safe prime (both p and q are prime),
+ * this generator function can take a very very long time to run.
+ */
+/*
+ * Actually there is no reason to insist that 'generator' be a generator.
+ * It's just as OK (and in some sense better) to use a generator of the
+ * order-q subgroup.
+ */
+static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
+                                BN_GENCB *cb)
+{
+    BIGNUM *t1, *t2;
+    int g, ok = -1;
+    BN_CTX *ctx = NULL;
+
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+    t1 = BN_CTX_get(ctx);
+    t2 = BN_CTX_get(ctx);
+    if (t2 == NULL)
+        goto err;
+
+    /* Make sure 'ret' has the necessary elements */
+    if (!ret->p && ((ret->p = BN_new()) == NULL))
+        goto err;
+    if (!ret->g && ((ret->g = BN_new()) == NULL))
+        goto err;
+
+    if (generator <= 1) {
+        DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_BAD_GENERATOR);
+        goto err;
+    }
+    if (generator == DH_GENERATOR_2) {
+        if (!BN_set_word(t1, 24))
+            goto err;
+        if (!BN_set_word(t2, 11))
+            goto err;
+        g = 2;
+    } else if (generator == DH_GENERATOR_5) {
+        if (!BN_set_word(t1, 10))
+            goto err;
+        if (!BN_set_word(t2, 3))
+            goto err;
+        /*
+         * BN_set_word(t3,7); just have to miss out on these ones :-(
+         */
+        g = 5;
+    } else {
+        /*
+         * in the general case, don't worry if 'generator' is a generator or
+         * not: since we are using safe primes, it will generate either an
+         * order-q or an order-2q group, which both is OK
+         */
+        if (!BN_set_word(t1, 2))
+            goto err;
+        if (!BN_set_word(t2, 1))
+            goto err;
+        g = generator;
+    }
+
+    if (!BN_generate_prime_ex(ret->p, prime_len, 1, t1, t2, cb))
+        goto err;
+    if (!BN_GENCB_call(cb, 3, 0))
+        goto err;
+    if (!BN_set_word(ret->g, g))
+        goto err;
+    ok = 1;
+ err:
+    if (ok == -1) {
+        DHerr(DH_F_DH_BUILTIN_GENPARAMS, ERR_R_BN_LIB);
+        ok = 0;
+    }
+
+    if (ctx != NULL) {
+        BN_CTX_end(ctx);
+        BN_CTX_free(ctx);
+    }
+    return ok;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_kdf.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_kdf.c
new file mode 100644
index 000000000..e17122bc8
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_kdf.c
@@ -0,0 +1,150 @@
+/*
+ * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+
+#ifndef OPENSSL_NO_CMS
+#include <string.h>
+#include <openssl/dh.h>
+#include <openssl/evp.h>
+#include <openssl/asn1.h>
+#include <openssl/cms.h>
+
+
+/* Key derivation from X9.42/RFC2631 */
+/* Uses CMS functions, hence the #ifdef wrapper. */
+
+#define DH_KDF_MAX      (1L << 30)
+
+/* Skip past an ASN1 structure: for OBJECT skip content octets too */
+
+static int skip_asn1(unsigned char **pp, long *plen, int exptag)
+{
+    const unsigned char *q = *pp;
+    int i, tag, xclass;
+    long tmplen;
+    i = ASN1_get_object(&q, &tmplen, &tag, &xclass, *plen);
+    if (i & 0x80)
+        return 0;
+    if (tag != exptag || xclass != V_ASN1_UNIVERSAL)
+        return 0;
+    if (tag == V_ASN1_OBJECT)
+        q += tmplen;
+    *plen -= q - *pp;
+    *pp = (unsigned char *)q;
+    return 1;
+}
+
+/*
+ * Encode the DH shared info structure, return an offset to the counter value
+ * so we can update the structure without reencoding it.
+ */
+
+static int dh_sharedinfo_encode(unsigned char **pder, unsigned char **pctr,
+                                ASN1_OBJECT *key_oid, size_t outlen,
+                                const unsigned char *ukm, size_t ukmlen)
+{
+    unsigned char *p;
+    int derlen;
+    long tlen;
+    /* "magic" value to check offset is sane */
+    static unsigned char ctr[4] = { 0xF3, 0x17, 0x22, 0x53 };
+    X509_ALGOR atmp;
+    ASN1_OCTET_STRING ctr_oct, ukm_oct, *pukm_oct;
+    ASN1_TYPE ctr_atype;
+    if (ukmlen > DH_KDF_MAX || outlen > DH_KDF_MAX)
+        return 0;
+    ctr_oct.data = ctr;
+    ctr_oct.length = 4;
+    ctr_oct.flags = 0;
+    ctr_oct.type = V_ASN1_OCTET_STRING;
+    ctr_atype.type = V_ASN1_OCTET_STRING;
+    ctr_atype.value.octet_string = &ctr_oct;
+    atmp.algorithm = key_oid;
+    atmp.parameter = &ctr_atype;
+    if (ukm) {
+        ukm_oct.type = V_ASN1_OCTET_STRING;
+        ukm_oct.flags = 0;
+        ukm_oct.data = (unsigned char *)ukm;
+        ukm_oct.length = ukmlen;
+        pukm_oct = &ukm_oct;
+    } else
+        pukm_oct = NULL;
+    derlen = CMS_SharedInfo_encode(pder, &atmp, pukm_oct, outlen);
+    if (derlen <= 0)
+        return 0;
+    p = *pder;
+    tlen = derlen;
+    if (!skip_asn1(&p, &tlen, V_ASN1_SEQUENCE))
+        return 0;
+    if (!skip_asn1(&p, &tlen, V_ASN1_SEQUENCE))
+        return 0;
+    if (!skip_asn1(&p, &tlen, V_ASN1_OBJECT))
+        return 0;
+    if (!skip_asn1(&p, &tlen, V_ASN1_OCTET_STRING))
+        return 0;
+    if (CRYPTO_memcmp(p, ctr, 4))
+        return 0;
+    *pctr = p;
+    return derlen;
+}
+
+int DH_KDF_X9_42(unsigned char *out, size_t outlen,
+                 const unsigned char *Z, size_t Zlen,
+                 ASN1_OBJECT *key_oid,
+                 const unsigned char *ukm, size_t ukmlen, const EVP_MD *md)
+{
+    EVP_MD_CTX *mctx = NULL;
+    int rv = 0;
+    unsigned int i;
+    size_t mdlen;
+    unsigned char *der = NULL, *ctr;
+    int derlen;
+    if (Zlen > DH_KDF_MAX)
+        return 0;
+    mctx = EVP_MD_CTX_new();
+    if (mctx == NULL)
+        return 0;
+    mdlen = EVP_MD_size(md);
+    derlen = dh_sharedinfo_encode(&der, &ctr, key_oid, outlen, ukm, ukmlen);
+    if (derlen == 0)
+        goto err;
+    for (i = 1;; i++) {
+        unsigned char mtmp[EVP_MAX_MD_SIZE];
+        if (!EVP_DigestInit_ex(mctx, md, NULL)
+            || !EVP_DigestUpdate(mctx, Z, Zlen))
+            goto err;
+        ctr[3] = i & 0xFF;
+        ctr[2] = (i >> 8) & 0xFF;
+        ctr[1] = (i >> 16) & 0xFF;
+        ctr[0] = (i >> 24) & 0xFF;
+        if (!EVP_DigestUpdate(mctx, der, derlen))
+            goto err;
+        if (outlen >= mdlen) {
+            if (!EVP_DigestFinal(mctx, out, NULL))
+                goto err;
+            outlen -= mdlen;
+            if (outlen == 0)
+                break;
+            out += mdlen;
+        } else {
+            if (!EVP_DigestFinal(mctx, mtmp, NULL))
+                goto err;
+            memcpy(out, mtmp, outlen);
+            OPENSSL_cleanse(mtmp, mdlen);
+            break;
+        }
+    }
+    rv = 1;
+ err:
+    OPENSSL_free(der);
+    EVP_MD_CTX_free(mctx);
+    return rv;
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_key.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_key.c
new file mode 100644
index 000000000..4f85be7e4
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_key.c
@@ -0,0 +1,232 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "dh_locl.h"
+#include "internal/bn_int.h"
+
+static int generate_key(DH *dh);
+static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
+static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
+                         const BIGNUM *a, const BIGNUM *p,
+                         const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+static int dh_init(DH *dh);
+static int dh_finish(DH *dh);
+
+int DH_generate_key(DH *dh)
+{
+    return dh->meth->generate_key(dh);
+}
+
+int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+{
+    return dh->meth->compute_key(key, pub_key, dh);
+}
+
+int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+{
+    int rv, pad;
+    rv = dh->meth->compute_key(key, pub_key, dh);
+    if (rv <= 0)
+        return rv;
+    pad = BN_num_bytes(dh->p) - rv;
+    if (pad > 0) {
+        memmove(key + pad, key, rv);
+        memset(key, 0, pad);
+    }
+    return rv + pad;
+}
+
+static DH_METHOD dh_ossl = {
+    "OpenSSL DH Method",
+    generate_key,
+    compute_key,
+    dh_bn_mod_exp,
+    dh_init,
+    dh_finish,
+    DH_FLAG_FIPS_METHOD,
+    NULL,
+    NULL
+};
+
+static const DH_METHOD *default_DH_method = &dh_ossl;
+
+const DH_METHOD *DH_OpenSSL(void)
+{
+    return &dh_ossl;
+}
+
+void DH_set_default_method(const DH_METHOD *meth)
+{
+    default_DH_method = meth;
+}
+
+const DH_METHOD *DH_get_default_method(void)
+{
+    return default_DH_method;
+}
+
+static int generate_key(DH *dh)
+{
+    int ok = 0;
+    int generate_new_key = 0;
+    unsigned l;
+    BN_CTX *ctx = NULL;
+    BN_MONT_CTX *mont = NULL;
+    BIGNUM *pub_key = NULL, *priv_key = NULL;
+
+    if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
+        DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE);
+        return 0;
+    }
+
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        goto err;
+
+    if (dh->priv_key == NULL) {
+        priv_key = BN_secure_new();
+        if (priv_key == NULL)
+            goto err;
+        generate_new_key = 1;
+    } else
+        priv_key = dh->priv_key;
+
+    if (dh->pub_key == NULL) {
+        pub_key = BN_new();
+        if (pub_key == NULL)
+            goto err;
+    } else
+        pub_key = dh->pub_key;
+
+    if (dh->flags & DH_FLAG_CACHE_MONT_P) {
+        mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
+                                      dh->lock, dh->p, ctx);
+        if (!mont)
+            goto err;
+    }
+
+    if (generate_new_key) {
+        if (dh->q) {
+            do {
+                if (!BN_priv_rand_range(priv_key, dh->q))
+                    goto err;
+            }
+            while (BN_is_zero(priv_key) || BN_is_one(priv_key));
+        } else {
+            /* secret exponent length */
+            l = dh->length ? dh->length : BN_num_bits(dh->p) - 1;
+            if (!BN_priv_rand(priv_key, l, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY))
+                goto err;
+        }
+    }
+
+    {
+        BIGNUM *prk = BN_new();
+
+        if (prk == NULL)
+            goto err;
+        BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
+
+        if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont)) {
+            BN_free(prk);
+            goto err;
+        }
+        /* We MUST free prk before any further use of priv_key */
+        BN_free(prk);
+    }
+
+    dh->pub_key = pub_key;
+    dh->priv_key = priv_key;
+    ok = 1;
+ err:
+    if (ok != 1)
+        DHerr(DH_F_GENERATE_KEY, ERR_R_BN_LIB);
+
+    if (pub_key != dh->pub_key)
+        BN_free(pub_key);
+    if (priv_key != dh->priv_key)
+        BN_free(priv_key);
+    BN_CTX_free(ctx);
+    return ok;
+}
+
+static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+{
+    BN_CTX *ctx = NULL;
+    BN_MONT_CTX *mont = NULL;
+    BIGNUM *tmp;
+    int ret = -1;
+    int check_result;
+
+    if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
+        DHerr(DH_F_COMPUTE_KEY, DH_R_MODULUS_TOO_LARGE);
+        goto err;
+    }
+
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+    tmp = BN_CTX_get(ctx);
+    if (tmp == NULL)
+        goto err;
+
+    if (dh->priv_key == NULL) {
+        DHerr(DH_F_COMPUTE_KEY, DH_R_NO_PRIVATE_VALUE);
+        goto err;
+    }
+
+    if (dh->flags & DH_FLAG_CACHE_MONT_P) {
+        mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
+                                      dh->lock, dh->p, ctx);
+        BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME);
+        if (!mont)
+            goto err;
+    }
+
+    if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result) {
+        DHerr(DH_F_COMPUTE_KEY, DH_R_INVALID_PUBKEY);
+        goto err;
+    }
+
+    if (!dh->
+        meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key, dh->p, ctx, mont)) {
+        DHerr(DH_F_COMPUTE_KEY, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    ret = BN_bn2bin(tmp, key);
+ err:
+    if (ctx != NULL) {
+        BN_CTX_end(ctx);
+        BN_CTX_free(ctx);
+    }
+    return ret;
+}
+
+static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
+                         const BIGNUM *a, const BIGNUM *p,
+                         const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+{
+    return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
+}
+
+static int dh_init(DH *dh)
+{
+    dh->flags |= DH_FLAG_CACHE_MONT_P;
+    return 1;
+}
+
+static int dh_finish(DH *dh)
+{
+    BN_MONT_CTX_free(dh->method_mont_p);
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_lib.c
new file mode 100644
index 000000000..962f864de
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_lib.c
@@ -0,0 +1,291 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "internal/refcount.h"
+#include <openssl/bn.h>
+#include "dh_locl.h"
+#include <openssl/engine.h>
+
+int DH_set_method(DH *dh, const DH_METHOD *meth)
+{
+    /*
+     * NB: The caller is specifically setting a method, so it's not up to us
+     * to deal with which ENGINE it comes from.
+     */
+    const DH_METHOD *mtmp;
+    mtmp = dh->meth;
+    if (mtmp->finish)
+        mtmp->finish(dh);
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_finish(dh->engine);
+    dh->engine = NULL;
+#endif
+    dh->meth = meth;
+    if (meth->init)
+        meth->init(dh);
+    return 1;
+}
+
+DH *DH_new(void)
+{
+    return DH_new_method(NULL);
+}
+
+DH *DH_new_method(ENGINE *engine)
+{
+    DH *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        DHerr(DH_F_DH_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ret->references = 1;
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        DHerr(DH_F_DH_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+
+    ret->meth = DH_get_default_method();
+#ifndef OPENSSL_NO_ENGINE
+    ret->flags = ret->meth->flags;  /* early default init */
+    if (engine) {
+        if (!ENGINE_init(engine)) {
+            DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB);
+            goto err;
+        }
+        ret->engine = engine;
+    } else
+        ret->engine = ENGINE_get_default_DH();
+    if (ret->engine) {
+        ret->meth = ENGINE_get_DH(ret->engine);
+        if (ret->meth == NULL) {
+            DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB);
+            goto err;
+        }
+    }
+#endif
+
+    ret->flags = ret->meth->flags;
+
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data))
+        goto err;
+
+    if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
+        DHerr(DH_F_DH_NEW_METHOD, ERR_R_INIT_FAIL);
+        goto err;
+    }
+
+    return ret;
+
+ err:
+    DH_free(ret);
+    return NULL;
+}
+
+void DH_free(DH *r)
+{
+    int i;
+
+    if (r == NULL)
+        return;
+
+    CRYPTO_DOWN_REF(&r->references, &i, r->lock);
+    REF_PRINT_COUNT("DH", r);
+    if (i > 0)
+        return;
+    REF_ASSERT_ISNT(i < 0);
+
+    if (r->meth != NULL && r->meth->finish != NULL)
+        r->meth->finish(r);
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_finish(r->engine);
+#endif
+
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data);
+
+    CRYPTO_THREAD_lock_free(r->lock);
+
+    BN_clear_free(r->p);
+    BN_clear_free(r->g);
+    BN_clear_free(r->q);
+    BN_clear_free(r->j);
+    OPENSSL_free(r->seed);
+    BN_clear_free(r->counter);
+    BN_clear_free(r->pub_key);
+    BN_clear_free(r->priv_key);
+    OPENSSL_free(r);
+}
+
+int DH_up_ref(DH *r)
+{
+    int i;
+
+    if (CRYPTO_UP_REF(&r->references, &i, r->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("DH", r);
+    REF_ASSERT_ISNT(i < 2);
+    return ((i > 1) ? 1 : 0);
+}
+
+int DH_set_ex_data(DH *d, int idx, void *arg)
+{
+    return CRYPTO_set_ex_data(&d->ex_data, idx, arg);
+}
+
+void *DH_get_ex_data(DH *d, int idx)
+{
+    return CRYPTO_get_ex_data(&d->ex_data, idx);
+}
+
+int DH_bits(const DH *dh)
+{
+    return BN_num_bits(dh->p);
+}
+
+int DH_size(const DH *dh)
+{
+    return BN_num_bytes(dh->p);
+}
+
+int DH_security_bits(const DH *dh)
+{
+    int N;
+    if (dh->q)
+        N = BN_num_bits(dh->q);
+    else if (dh->length)
+        N = dh->length;
+    else
+        N = -1;
+    return BN_security_bits(BN_num_bits(dh->p), N);
+}
+
+
+void DH_get0_pqg(const DH *dh,
+                 const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
+{
+    if (p != NULL)
+        *p = dh->p;
+    if (q != NULL)
+        *q = dh->q;
+    if (g != NULL)
+        *g = dh->g;
+}
+
+int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
+{
+    /* If the fields p and g in d are NULL, the corresponding input
+     * parameters MUST be non-NULL.  q may remain NULL.
+     */
+    if ((dh->p == NULL && p == NULL)
+        || (dh->g == NULL && g == NULL))
+        return 0;
+
+    if (p != NULL) {
+        BN_free(dh->p);
+        dh->p = p;
+    }
+    if (q != NULL) {
+        BN_free(dh->q);
+        dh->q = q;
+    }
+    if (g != NULL) {
+        BN_free(dh->g);
+        dh->g = g;
+    }
+
+    if (q != NULL) {
+        dh->length = BN_num_bits(q);
+    }
+
+    return 1;
+}
+
+long DH_get_length(const DH *dh)
+{
+    return dh->length;
+}
+
+int DH_set_length(DH *dh, long length)
+{
+    dh->length = length;
+    return 1;
+}
+
+void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
+{
+    if (pub_key != NULL)
+        *pub_key = dh->pub_key;
+    if (priv_key != NULL)
+        *priv_key = dh->priv_key;
+}
+
+int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
+{
+    if (pub_key != NULL) {
+        BN_free(dh->pub_key);
+        dh->pub_key = pub_key;
+    }
+    if (priv_key != NULL) {
+        BN_free(dh->priv_key);
+        dh->priv_key = priv_key;
+    }
+
+    return 1;
+}
+
+const BIGNUM *DH_get0_p(const DH *dh)
+{
+    return dh->p;
+}
+
+const BIGNUM *DH_get0_q(const DH *dh)
+{
+    return dh->q;
+}
+
+const BIGNUM *DH_get0_g(const DH *dh)
+{
+    return dh->g;
+}
+
+const BIGNUM *DH_get0_priv_key(const DH *dh)
+{
+    return dh->priv_key;
+}
+
+const BIGNUM *DH_get0_pub_key(const DH *dh)
+{
+    return dh->pub_key;
+}
+
+void DH_clear_flags(DH *dh, int flags)
+{
+    dh->flags &= ~flags;
+}
+
+int DH_test_flags(const DH *dh, int flags)
+{
+    return dh->flags & flags;
+}
+
+void DH_set_flags(DH *dh, int flags)
+{
+    dh->flags |= flags;
+}
+
+ENGINE *DH_get0_engine(DH *dh)
+{
+    return dh->engine;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_locl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_locl.h
new file mode 100644
index 000000000..0a8391a6c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_locl.h
@@ -0,0 +1,57 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/dh.h>
+#include "internal/refcount.h"
+
+struct dh_st {
+    /*
+     * This first argument is used to pick up errors when a DH is passed
+     * instead of a EVP_PKEY
+     */
+    int pad;
+    int version;
+    BIGNUM *p;
+    BIGNUM *g;
+    int32_t length;             /* optional */
+    BIGNUM *pub_key;            /* g^x % p */
+    BIGNUM *priv_key;           /* x */
+    int flags;
+    BN_MONT_CTX *method_mont_p;
+    /* Place holders if we want to do X9.42 DH */
+    BIGNUM *q;
+    BIGNUM *j;
+    unsigned char *seed;
+    int seedlen;
+    BIGNUM *counter;
+    CRYPTO_REF_COUNT references;
+    CRYPTO_EX_DATA ex_data;
+    const DH_METHOD *meth;
+    ENGINE *engine;
+    CRYPTO_RWLOCK *lock;
+};
+
+struct dh_method {
+    char *name;
+    /* Methods here */
+    int (*generate_key) (DH *dh);
+    int (*compute_key) (unsigned char *key, const BIGNUM *pub_key, DH *dh);
+
+    /* Can be null */
+    int (*bn_mod_exp) (const DH *dh, BIGNUM *r, const BIGNUM *a,
+                       const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+                       BN_MONT_CTX *m_ctx);
+    int (*init) (DH *dh);
+    int (*finish) (DH *dh);
+    int flags;
+    char *app_data;
+    /* If this is non-NULL, it will be used to generate parameters */
+    int (*generate_params) (DH *dh, int prime_len, int generator,
+                            BN_GENCB *cb);
+};
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_meth.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_meth.c
new file mode 100644
index 000000000..59c4d7e96
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_meth.c
@@ -0,0 +1,173 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "dh_locl.h"
+#include <string.h>
+#include <openssl/err.h>
+
+DH_METHOD *DH_meth_new(const char *name, int flags)
+{
+    DH_METHOD *dhm = OPENSSL_zalloc(sizeof(*dhm));
+
+    if (dhm != NULL) {
+        dhm->flags = flags;
+
+        dhm->name = OPENSSL_strdup(name);
+        if (dhm->name != NULL)
+            return dhm;
+
+        OPENSSL_free(dhm);
+    }
+
+    DHerr(DH_F_DH_METH_NEW, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+void DH_meth_free(DH_METHOD *dhm)
+{
+    if (dhm != NULL) {
+        OPENSSL_free(dhm->name);
+        OPENSSL_free(dhm);
+    }
+}
+
+DH_METHOD *DH_meth_dup(const DH_METHOD *dhm)
+{
+    DH_METHOD *ret = OPENSSL_malloc(sizeof(*ret));
+
+    if (ret != NULL) {
+        memcpy(ret, dhm, sizeof(*dhm));
+
+        ret->name = OPENSSL_strdup(dhm->name);
+        if (ret->name != NULL)
+            return ret;
+
+        OPENSSL_free(ret);
+    }
+
+    DHerr(DH_F_DH_METH_DUP, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+const char *DH_meth_get0_name(const DH_METHOD *dhm)
+{
+    return dhm->name;
+}
+
+int DH_meth_set1_name(DH_METHOD *dhm, const char *name)
+{
+    char *tmpname = OPENSSL_strdup(name);
+
+    if (tmpname == NULL) {
+        DHerr(DH_F_DH_METH_SET1_NAME, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    OPENSSL_free(dhm->name);
+    dhm->name = tmpname;
+
+    return 1;
+}
+
+int DH_meth_get_flags(const DH_METHOD *dhm)
+{
+    return dhm->flags;
+}
+
+int DH_meth_set_flags(DH_METHOD *dhm, int flags)
+{
+    dhm->flags = flags;
+    return 1;
+}
+
+void *DH_meth_get0_app_data(const DH_METHOD *dhm)
+{
+    return dhm->app_data;
+}
+
+int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data)
+{
+    dhm->app_data = app_data;
+    return 1;
+}
+
+int (*DH_meth_get_generate_key(const DH_METHOD *dhm)) (DH *)
+{
+    return dhm->generate_key;
+}
+
+int DH_meth_set_generate_key(DH_METHOD *dhm, int (*generate_key) (DH *))
+{
+    dhm->generate_key = generate_key;
+    return 1;
+}
+
+int (*DH_meth_get_compute_key(const DH_METHOD *dhm))
+        (unsigned char *key, const BIGNUM *pub_key, DH *dh)
+{
+    return dhm->compute_key;
+}
+
+int DH_meth_set_compute_key(DH_METHOD *dhm,
+        int (*compute_key) (unsigned char *key, const BIGNUM *pub_key, DH *dh))
+{
+    dhm->compute_key = compute_key;
+    return 1;
+}
+
+
+int (*DH_meth_get_bn_mod_exp(const DH_METHOD *dhm))
+    (const DH *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *,
+     BN_CTX *, BN_MONT_CTX *)
+{
+    return dhm->bn_mod_exp;
+}
+
+int DH_meth_set_bn_mod_exp(DH_METHOD *dhm,
+    int (*bn_mod_exp) (const DH *, BIGNUM *, const BIGNUM *, const BIGNUM *,
+                       const BIGNUM *, BN_CTX *, BN_MONT_CTX *))
+{
+    dhm->bn_mod_exp = bn_mod_exp;
+    return 1;
+}
+
+int (*DH_meth_get_init(const DH_METHOD *dhm))(DH *)
+{
+    return dhm->init;
+}
+
+int DH_meth_set_init(DH_METHOD *dhm, int (*init)(DH *))
+{
+    dhm->init = init;
+    return 1;
+}
+
+int (*DH_meth_get_finish(const DH_METHOD *dhm)) (DH *)
+{
+    return dhm->finish;
+}
+
+int DH_meth_set_finish(DH_METHOD *dhm, int (*finish) (DH *))
+{
+    dhm->finish = finish;
+    return 1;
+}
+
+int (*DH_meth_get_generate_params(const DH_METHOD *dhm))
+        (DH *, int, int, BN_GENCB *)
+{
+    return dhm->generate_params;
+}
+
+int DH_meth_set_generate_params(DH_METHOD *dhm,
+        int (*generate_params) (DH *, int, int, BN_GENCB *))
+{
+    dhm->generate_params = generate_params;
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_pmeth.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_pmeth.c
new file mode 100644
index 000000000..cce2d9e26
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_pmeth.c
@@ -0,0 +1,547 @@
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/evp.h>
+#include "dh_locl.h"
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/objects.h>
+#include "internal/evp_int.h"
+
+/* DH pkey context structure */
+
+typedef struct {
+    /* Parameter gen parameters */
+    int prime_len;
+    int generator;
+    int use_dsa;
+    int subprime_len;
+    int pad;
+    /* message digest used for parameter generation */
+    const EVP_MD *md;
+    int rfc5114_param;
+    int param_nid;
+    /* Keygen callback info */
+    int gentmp[2];
+    /* KDF (if any) to use for DH */
+    char kdf_type;
+    /* OID to use for KDF */
+    ASN1_OBJECT *kdf_oid;
+    /* Message digest to use for key derivation */
+    const EVP_MD *kdf_md;
+    /* User key material */
+    unsigned char *kdf_ukm;
+    size_t kdf_ukmlen;
+    /* KDF output length */
+    size_t kdf_outlen;
+} DH_PKEY_CTX;
+
+static int pkey_dh_init(EVP_PKEY_CTX *ctx)
+{
+    DH_PKEY_CTX *dctx;
+
+    if ((dctx = OPENSSL_zalloc(sizeof(*dctx))) == NULL) {
+        DHerr(DH_F_PKEY_DH_INIT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    dctx->prime_len = 1024;
+    dctx->subprime_len = -1;
+    dctx->generator = 2;
+    dctx->kdf_type = EVP_PKEY_DH_KDF_NONE;
+
+    ctx->data = dctx;
+    ctx->keygen_info = dctx->gentmp;
+    ctx->keygen_info_count = 2;
+
+    return 1;
+}
+
+static void pkey_dh_cleanup(EVP_PKEY_CTX *ctx)
+{
+    DH_PKEY_CTX *dctx = ctx->data;
+    if (dctx != NULL) {
+        OPENSSL_free(dctx->kdf_ukm);
+        ASN1_OBJECT_free(dctx->kdf_oid);
+        OPENSSL_free(dctx);
+    }
+}
+
+
+static int pkey_dh_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
+{
+    DH_PKEY_CTX *dctx, *sctx;
+    if (!pkey_dh_init(dst))
+        return 0;
+    sctx = src->data;
+    dctx = dst->data;
+    dctx->prime_len = sctx->prime_len;
+    dctx->subprime_len = sctx->subprime_len;
+    dctx->generator = sctx->generator;
+    dctx->use_dsa = sctx->use_dsa;
+    dctx->pad = sctx->pad;
+    dctx->md = sctx->md;
+    dctx->rfc5114_param = sctx->rfc5114_param;
+    dctx->param_nid = sctx->param_nid;
+
+    dctx->kdf_type = sctx->kdf_type;
+    dctx->kdf_oid = OBJ_dup(sctx->kdf_oid);
+    if (dctx->kdf_oid == NULL)
+        return 0;
+    dctx->kdf_md = sctx->kdf_md;
+    if (sctx->kdf_ukm != NULL) {
+        dctx->kdf_ukm = OPENSSL_memdup(sctx->kdf_ukm, sctx->kdf_ukmlen);
+        if (dctx->kdf_ukm == NULL)
+          return 0;
+        dctx->kdf_ukmlen = sctx->kdf_ukmlen;
+    }
+    dctx->kdf_outlen = sctx->kdf_outlen;
+    return 1;
+}
+
+static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    DH_PKEY_CTX *dctx = ctx->data;
+    switch (type) {
+    case EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN:
+        if (p1 < 256)
+            return -2;
+        dctx->prime_len = p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN:
+        if (dctx->use_dsa == 0)
+            return -2;
+        dctx->subprime_len = p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_DH_PAD:
+        dctx->pad = p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR:
+        if (dctx->use_dsa)
+            return -2;
+        dctx->generator = p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_DH_PARAMGEN_TYPE:
+#ifdef OPENSSL_NO_DSA
+        if (p1 != 0)
+            return -2;
+#else
+        if (p1 < 0 || p1 > 2)
+            return -2;
+#endif
+        dctx->use_dsa = p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_DH_RFC5114:
+        if (p1 < 1 || p1 > 3 || dctx->param_nid != NID_undef)
+            return -2;
+        dctx->rfc5114_param = p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_DH_NID:
+        if (p1 <= 0 || dctx->rfc5114_param != 0)
+            return -2;
+        dctx->param_nid = p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_PEER_KEY:
+        /* Default behaviour is OK */
+        return 1;
+
+    case EVP_PKEY_CTRL_DH_KDF_TYPE:
+        if (p1 == -2)
+            return dctx->kdf_type;
+#ifdef OPENSSL_NO_CMS
+        if (p1 != EVP_PKEY_DH_KDF_NONE)
+#else
+        if (p1 != EVP_PKEY_DH_KDF_NONE && p1 != EVP_PKEY_DH_KDF_X9_42)
+#endif
+            return -2;
+        dctx->kdf_type = p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_DH_KDF_MD:
+        dctx->kdf_md = p2;
+        return 1;
+
+    case EVP_PKEY_CTRL_GET_DH_KDF_MD:
+        *(const EVP_MD **)p2 = dctx->kdf_md;
+        return 1;
+
+    case EVP_PKEY_CTRL_DH_KDF_OUTLEN:
+        if (p1 <= 0)
+            return -2;
+        dctx->kdf_outlen = (size_t)p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN:
+        *(int *)p2 = dctx->kdf_outlen;
+        return 1;
+
+    case EVP_PKEY_CTRL_DH_KDF_UKM:
+        OPENSSL_free(dctx->kdf_ukm);
+        dctx->kdf_ukm = p2;
+        if (p2)
+            dctx->kdf_ukmlen = p1;
+        else
+            dctx->kdf_ukmlen = 0;
+        return 1;
+
+    case EVP_PKEY_CTRL_GET_DH_KDF_UKM:
+        *(unsigned char **)p2 = dctx->kdf_ukm;
+        return dctx->kdf_ukmlen;
+
+    case EVP_PKEY_CTRL_DH_KDF_OID:
+        ASN1_OBJECT_free(dctx->kdf_oid);
+        dctx->kdf_oid = p2;
+        return 1;
+
+    case EVP_PKEY_CTRL_GET_DH_KDF_OID:
+        *(ASN1_OBJECT **)p2 = dctx->kdf_oid;
+        return 1;
+
+    default:
+        return -2;
+
+    }
+}
+
+static int pkey_dh_ctrl_str(EVP_PKEY_CTX *ctx,
+                            const char *type, const char *value)
+{
+    if (strcmp(type, "dh_paramgen_prime_len") == 0) {
+        int len;
+        len = atoi(value);
+        return EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len);
+    }
+    if (strcmp(type, "dh_rfc5114") == 0) {
+        DH_PKEY_CTX *dctx = ctx->data;
+        int len;
+        len = atoi(value);
+        if (len < 0 || len > 3)
+            return -2;
+        dctx->rfc5114_param = len;
+        return 1;
+    }
+    if (strcmp(type, "dh_param") == 0) {
+        DH_PKEY_CTX *dctx = ctx->data;
+        int nid = OBJ_sn2nid(value);
+
+        if (nid == NID_undef) {
+            DHerr(DH_F_PKEY_DH_CTRL_STR, DH_R_INVALID_PARAMETER_NAME);
+            return -2;
+        }
+        dctx->param_nid = nid;
+        return 1;
+    }
+    if (strcmp(type, "dh_paramgen_generator") == 0) {
+        int len;
+        len = atoi(value);
+        return EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, len);
+    }
+    if (strcmp(type, "dh_paramgen_subprime_len") == 0) {
+        int len;
+        len = atoi(value);
+        return EVP_PKEY_CTX_set_dh_paramgen_subprime_len(ctx, len);
+    }
+    if (strcmp(type, "dh_paramgen_type") == 0) {
+        int typ;
+        typ = atoi(value);
+        return EVP_PKEY_CTX_set_dh_paramgen_type(ctx, typ);
+    }
+    if (strcmp(type, "dh_pad") == 0) {
+        int pad;
+        pad = atoi(value);
+        return EVP_PKEY_CTX_set_dh_pad(ctx, pad);
+    }
+    return -2;
+}
+
+#ifndef OPENSSL_NO_DSA
+
+extern int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
+                                const EVP_MD *evpmd,
+                                const unsigned char *seed_in, size_t seed_len,
+                                unsigned char *seed_out, int *counter_ret,
+                                unsigned long *h_ret, BN_GENCB *cb);
+
+extern int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
+                                 const EVP_MD *evpmd,
+                                 const unsigned char *seed_in,
+                                 size_t seed_len, int idx,
+                                 unsigned char *seed_out, int *counter_ret,
+                                 unsigned long *h_ret, BN_GENCB *cb);
+
+static DSA *dsa_dh_generate(DH_PKEY_CTX *dctx, BN_GENCB *pcb)
+{
+    DSA *ret;
+    int rv = 0;
+    int prime_len = dctx->prime_len;
+    int subprime_len = dctx->subprime_len;
+    const EVP_MD *md = dctx->md;
+    if (dctx->use_dsa > 2)
+        return NULL;
+    ret = DSA_new();
+    if (ret == NULL)
+        return NULL;
+    if (subprime_len == -1) {
+        if (prime_len >= 2048)
+            subprime_len = 256;
+        else
+            subprime_len = 160;
+    }
+    if (md == NULL) {
+        if (prime_len >= 2048)
+            md = EVP_sha256();
+        else
+            md = EVP_sha1();
+    }
+    if (dctx->use_dsa == 1)
+        rv = dsa_builtin_paramgen(ret, prime_len, subprime_len, md,
+                                  NULL, 0, NULL, NULL, NULL, pcb);
+    else if (dctx->use_dsa == 2)
+        rv = dsa_builtin_paramgen2(ret, prime_len, subprime_len, md,
+                                   NULL, 0, -1, NULL, NULL, NULL, pcb);
+    if (rv <= 0) {
+        DSA_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+#endif
+
+static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+    DH *dh = NULL;
+    DH_PKEY_CTX *dctx = ctx->data;
+    BN_GENCB *pcb;
+    int ret;
+    if (dctx->rfc5114_param) {
+        switch (dctx->rfc5114_param) {
+        case 1:
+            dh = DH_get_1024_160();
+            break;
+
+        case 2:
+            dh = DH_get_2048_224();
+            break;
+
+        case 3:
+            dh = DH_get_2048_256();
+            break;
+
+        default:
+            return -2;
+        }
+        EVP_PKEY_assign(pkey, EVP_PKEY_DHX, dh);
+        return 1;
+    }
+
+    if (dctx->param_nid != 0) {
+        if ((dh = DH_new_by_nid(dctx->param_nid)) == NULL)
+            return 0;
+        EVP_PKEY_assign(pkey, EVP_PKEY_DH, dh);
+        return 1;
+    }
+
+    if (ctx->pkey_gencb) {
+        pcb = BN_GENCB_new();
+        if (pcb == NULL)
+            return 0;
+        evp_pkey_set_cb_translate(pcb, ctx);
+    } else
+        pcb = NULL;
+#ifndef OPENSSL_NO_DSA
+    if (dctx->use_dsa) {
+        DSA *dsa_dh;
+        dsa_dh = dsa_dh_generate(dctx, pcb);
+        BN_GENCB_free(pcb);
+        if (dsa_dh == NULL)
+            return 0;
+        dh = DSA_dup_DH(dsa_dh);
+        DSA_free(dsa_dh);
+        if (!dh)
+            return 0;
+        EVP_PKEY_assign(pkey, EVP_PKEY_DHX, dh);
+        return 1;
+    }
+#endif
+    dh = DH_new();
+    if (dh == NULL) {
+        BN_GENCB_free(pcb);
+        return 0;
+    }
+    ret = DH_generate_parameters_ex(dh,
+                                    dctx->prime_len, dctx->generator, pcb);
+    BN_GENCB_free(pcb);
+    if (ret)
+        EVP_PKEY_assign_DH(pkey, dh);
+    else
+        DH_free(dh);
+    return ret;
+}
+
+static int pkey_dh_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+    DH_PKEY_CTX *dctx = ctx->data;
+    DH *dh = NULL;
+
+    if (ctx->pkey == NULL && dctx->param_nid == 0) {
+        DHerr(DH_F_PKEY_DH_KEYGEN, DH_R_NO_PARAMETERS_SET);
+        return 0;
+    }
+    if (dctx->param_nid != 0)
+        dh = DH_new_by_nid(dctx->param_nid);
+    else
+        dh = DH_new();
+    if (dh == NULL)
+        return 0;
+    EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, dh);
+    /* Note: if error return, pkey is freed by parent routine */
+    if (ctx->pkey != NULL && !EVP_PKEY_copy_parameters(pkey, ctx->pkey))
+        return 0;
+    return DH_generate_key(pkey->pkey.dh);
+}
+
+static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
+                          size_t *keylen)
+{
+    int ret;
+    DH *dh;
+    DH_PKEY_CTX *dctx = ctx->data;
+    BIGNUM *dhpub;
+    if (!ctx->pkey || !ctx->peerkey) {
+        DHerr(DH_F_PKEY_DH_DERIVE, DH_R_KEYS_NOT_SET);
+        return 0;
+    }
+    dh = ctx->pkey->pkey.dh;
+    dhpub = ctx->peerkey->pkey.dh->pub_key;
+    if (dctx->kdf_type == EVP_PKEY_DH_KDF_NONE) {
+        if (key == NULL) {
+            *keylen = DH_size(dh);
+            return 1;
+        }
+        if (dctx->pad)
+            ret = DH_compute_key_padded(key, dhpub, dh);
+        else
+            ret = DH_compute_key(key, dhpub, dh);
+        if (ret < 0)
+            return ret;
+        *keylen = ret;
+        return 1;
+    }
+#ifndef OPENSSL_NO_CMS
+    else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {
+
+        unsigned char *Z = NULL;
+        size_t Zlen = 0;
+        if (!dctx->kdf_outlen || !dctx->kdf_oid)
+            return 0;
+        if (key == NULL) {
+            *keylen = dctx->kdf_outlen;
+            return 1;
+        }
+        if (*keylen != dctx->kdf_outlen)
+            return 0;
+        ret = 0;
+        Zlen = DH_size(dh);
+        Z = OPENSSL_malloc(Zlen);
+        if (Z == NULL) {
+            goto err;
+        }
+        if (DH_compute_key_padded(Z, dhpub, dh) <= 0)
+            goto err;
+        if (!DH_KDF_X9_42(key, *keylen, Z, Zlen, dctx->kdf_oid,
+                          dctx->kdf_ukm, dctx->kdf_ukmlen, dctx->kdf_md))
+            goto err;
+        *keylen = dctx->kdf_outlen;
+        ret = 1;
+ err:
+        OPENSSL_clear_free(Z, Zlen);
+        return ret;
+    }
+#endif
+    return 0;
+}
+
+const EVP_PKEY_METHOD dh_pkey_meth = {
+    EVP_PKEY_DH,
+    0,
+    pkey_dh_init,
+    pkey_dh_copy,
+    pkey_dh_cleanup,
+
+    0,
+    pkey_dh_paramgen,
+
+    0,
+    pkey_dh_keygen,
+
+    0,
+    0,
+
+    0,
+    0,
+
+    0, 0,
+
+    0, 0, 0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    0,
+    pkey_dh_derive,
+
+    pkey_dh_ctrl,
+    pkey_dh_ctrl_str
+};
+
+const EVP_PKEY_METHOD dhx_pkey_meth = {
+    EVP_PKEY_DHX,
+    0,
+    pkey_dh_init,
+    pkey_dh_copy,
+    pkey_dh_cleanup,
+
+    0,
+    pkey_dh_paramgen,
+
+    0,
+    pkey_dh_keygen,
+
+    0,
+    0,
+
+    0,
+    0,
+
+    0, 0,
+
+    0, 0, 0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    0,
+    pkey_dh_derive,
+
+    pkey_dh_ctrl,
+    pkey_dh_ctrl_str
+};
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_prn.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_prn.c
new file mode 100644
index 000000000..aab1733db
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_prn.c
@@ -0,0 +1,30 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/dh.h>
+
+#ifndef OPENSSL_NO_STDIO
+int DHparams_print_fp(FILE *fp, const DH *x)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        DHerr(DH_F_DHPARAMS_PRINT_FP, ERR_R_BUF_LIB);
+        return 0;
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = DHparams_print(b, x);
+    BIO_free(b);
+    return ret;
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_rfc5114.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_rfc5114.c
new file mode 100644
index 000000000..c4a219590
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_rfc5114.c
@@ -0,0 +1,41 @@
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "dh_locl.h"
+#include <openssl/bn.h>
+#include "internal/bn_dh.h"
+
+/*
+ * Macro to make a DH structure from BIGNUM data. NB: although just copying
+ * the BIGNUM static pointers would be more efficient, we can't do that
+ * because they get wiped using BN_clear_free() when DH_free() is called.
+ */
+
+#define make_dh(x) \
+DH *DH_get_##x(void) \
+{ \
+    DH *dh = DH_new(); \
+\
+    if (dh == NULL) \
+        return NULL; \
+    dh->p = BN_dup(&_bignum_dh##x##_p); \
+    dh->g = BN_dup(&_bignum_dh##x##_g); \
+    dh->q = BN_dup(&_bignum_dh##x##_q); \
+    if (dh->p == NULL || dh->q == NULL || dh->g == NULL) {\
+        DH_free(dh); \
+        return NULL; \
+    } \
+    return dh; \
+}
+
+make_dh(1024_160)
+make_dh(2048_224)
+make_dh(2048_256)
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_rfc7919.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_rfc7919.c
new file mode 100644
index 000000000..a54b468e5
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_rfc7919.c
@@ -0,0 +1,74 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "dh_locl.h"
+#include <openssl/bn.h>
+#include <openssl/objects.h>
+#include "internal/bn_dh.h"
+
+static DH *dh_param_init(const BIGNUM *p, int32_t nbits)
+{
+    DH *dh = DH_new();
+    if (dh == NULL)
+        return NULL;
+    dh->p = (BIGNUM *)p;
+    dh->g = (BIGNUM *)&_bignum_const_2;
+    dh->length = nbits;
+    return dh;
+}
+
+DH *DH_new_by_nid(int nid)
+{
+    switch (nid) {
+    case NID_ffdhe2048:
+        return dh_param_init(&_bignum_ffdhe2048_p, 225);
+    case NID_ffdhe3072:
+        return dh_param_init(&_bignum_ffdhe3072_p, 275);
+    case NID_ffdhe4096:
+        return dh_param_init(&_bignum_ffdhe4096_p, 325);
+    case NID_ffdhe6144:
+        return dh_param_init(&_bignum_ffdhe6144_p, 375);
+    case NID_ffdhe8192:
+        return dh_param_init(&_bignum_ffdhe8192_p, 400);
+    default:
+        DHerr(DH_F_DH_NEW_BY_NID, DH_R_INVALID_PARAMETER_NID);
+        return NULL;
+    }
+}
+
+int DH_get_nid(const DH *dh)
+{
+    int nid;
+
+    if (BN_get_word(dh->g) != 2)
+        return NID_undef;
+    if (!BN_cmp(dh->p, &_bignum_ffdhe2048_p))
+        nid = NID_ffdhe2048;
+    else if (!BN_cmp(dh->p, &_bignum_ffdhe3072_p))
+        nid = NID_ffdhe3072;
+    else if (!BN_cmp(dh->p, &_bignum_ffdhe4096_p))
+        nid = NID_ffdhe4096;
+    else if (!BN_cmp(dh->p, &_bignum_ffdhe6144_p))
+        nid = NID_ffdhe6144;
+    else if (!BN_cmp(dh->p, &_bignum_ffdhe8192_p))
+        nid = NID_ffdhe8192;
+    else
+        return NID_undef;
+    if (dh->q != NULL) {
+        BIGNUM *q = BN_dup(dh->p);
+
+        /* Check q = p * 2 + 1 we already know q is odd, so just shift right */
+        if (q == NULL || !BN_rshift1(q, q) || !BN_cmp(dh->q, q))
+            nid = NID_undef;
+        BN_free(q);
+    }
+    return nid;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dllmain.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dllmain.c
new file mode 100644
index 000000000..0838c55e4
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dllmain.c
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include "internal/cryptlib_int.h"
+
+#if defined(_WIN32) || defined(__CYGWIN__)
+# ifdef __CYGWIN__
+/* pick DLL_[PROCESS|THREAD]_[ATTACH|DETACH] definitions */
+#  include <windows.h>
+/*
+ * this has side-effect of _WIN32 getting defined, which otherwise is
+ * mutually exclusive with __CYGWIN__...
+ */
+# endif
+
+/*
+ * All we really need to do is remove the 'error' state when a thread
+ * detaches
+ */
+
+BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved);
+BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
+{
+    switch (fdwReason) {
+    case DLL_PROCESS_ATTACH:
+        OPENSSL_cpuid_setup();
+        break;
+    case DLL_THREAD_ATTACH:
+        break;
+    case DLL_THREAD_DETACH:
+        OPENSSL_thread_stop();
+        break;
+    case DLL_PROCESS_DETACH:
+        break;
+    }
+    return TRUE;
+}
+#endif
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/build.info
new file mode 100644
index 000000000..2e759853a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/build.info
@@ -0,0 +1,5 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c \
+        dsa_err.c dsa_ossl.c dsa_depr.c dsa_ameth.c dsa_pmeth.c dsa_prn.c \
+        dsa_meth.c
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_ameth.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_ameth.c
new file mode 100644
index 000000000..9c5b8aa02
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_ameth.c
@@ -0,0 +1,572 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include "dsa_locl.h"
+#include <openssl/bn.h>
+#include <openssl/cms.h>
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
+
+static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
+{
+    const unsigned char *p, *pm;
+    int pklen, pmlen;
+    int ptype;
+    const void *pval;
+    const ASN1_STRING *pstr;
+    X509_ALGOR *palg;
+    ASN1_INTEGER *public_key = NULL;
+
+    DSA *dsa = NULL;
+
+    if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
+        return 0;
+    X509_ALGOR_get0(NULL, &ptype, &pval, palg);
+
+    if (ptype == V_ASN1_SEQUENCE) {
+        pstr = pval;
+        pm = pstr->data;
+        pmlen = pstr->length;
+
+        if ((dsa = d2i_DSAparams(NULL, &pm, pmlen)) == NULL) {
+            DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR);
+            goto err;
+        }
+
+    } else if ((ptype == V_ASN1_NULL) || (ptype == V_ASN1_UNDEF)) {
+        if ((dsa = DSA_new()) == NULL) {
+            DSAerr(DSA_F_DSA_PUB_DECODE, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    } else {
+        DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_PARAMETER_ENCODING_ERROR);
+        goto err;
+    }
+
+    if ((public_key = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL) {
+        DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR);
+        goto err;
+    }
+
+    if ((dsa->pub_key = ASN1_INTEGER_to_BN(public_key, NULL)) == NULL) {
+        DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_BN_DECODE_ERROR);
+        goto err;
+    }
+
+    ASN1_INTEGER_free(public_key);
+    EVP_PKEY_assign_DSA(pkey, dsa);
+    return 1;
+
+ err:
+    ASN1_INTEGER_free(public_key);
+    DSA_free(dsa);
+    return 0;
+
+}
+
+static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
+{
+    DSA *dsa;
+    int ptype;
+    unsigned char *penc = NULL;
+    int penclen;
+    ASN1_STRING *str = NULL;
+    ASN1_INTEGER *pubint = NULL;
+    ASN1_OBJECT *aobj;
+
+    dsa = pkey->pkey.dsa;
+    if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) {
+        str = ASN1_STRING_new();
+        if (str == NULL) {
+            DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        str->length = i2d_DSAparams(dsa, &str->data);
+        if (str->length <= 0) {
+            DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        ptype = V_ASN1_SEQUENCE;
+    } else
+        ptype = V_ASN1_UNDEF;
+
+    pubint = BN_to_ASN1_INTEGER(dsa->pub_key, NULL);
+
+    if (pubint == NULL) {
+        DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    penclen = i2d_ASN1_INTEGER(pubint, &penc);
+    ASN1_INTEGER_free(pubint);
+
+    if (penclen <= 0) {
+        DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    aobj = OBJ_nid2obj(EVP_PKEY_DSA);
+    if (aobj == NULL)
+        goto err;
+
+    if (X509_PUBKEY_set0_param(pk, aobj, ptype, str, penc, penclen))
+        return 1;
+
+ err:
+    OPENSSL_free(penc);
+    ASN1_STRING_free(str);
+
+    return 0;
+}
+
+/*
+ * In PKCS#8 DSA: you just get a private key integer and parameters in the
+ * AlgorithmIdentifier the pubkey must be recalculated.
+ */
+
+static int dsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
+{
+    const unsigned char *p, *pm;
+    int pklen, pmlen;
+    int ptype;
+    const void *pval;
+    const ASN1_STRING *pstr;
+    const X509_ALGOR *palg;
+    ASN1_INTEGER *privkey = NULL;
+    BN_CTX *ctx = NULL;
+
+    DSA *dsa = NULL;
+
+    int ret = 0;
+
+    if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
+        return 0;
+    X509_ALGOR_get0(NULL, &ptype, &pval, palg);
+
+    if ((privkey = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL)
+        goto decerr;
+    if (privkey->type == V_ASN1_NEG_INTEGER || ptype != V_ASN1_SEQUENCE)
+        goto decerr;
+
+    pstr = pval;
+    pm = pstr->data;
+    pmlen = pstr->length;
+    if ((dsa = d2i_DSAparams(NULL, &pm, pmlen)) == NULL)
+        goto decerr;
+    /* We have parameters now set private key */
+    if ((dsa->priv_key = BN_secure_new()) == NULL
+        || !ASN1_INTEGER_to_BN(privkey, dsa->priv_key)) {
+        DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_BN_ERROR);
+        goto dsaerr;
+    }
+    /* Calculate public key */
+    if ((dsa->pub_key = BN_new()) == NULL) {
+        DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE);
+        goto dsaerr;
+    }
+    if ((ctx = BN_CTX_new()) == NULL) {
+        DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE);
+        goto dsaerr;
+    }
+
+    BN_set_flags(dsa->priv_key, BN_FLG_CONSTTIME);
+    if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) {
+        DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_BN_ERROR);
+        goto dsaerr;
+    }
+
+    EVP_PKEY_assign_DSA(pkey, dsa);
+
+    ret = 1;
+    goto done;
+
+ decerr:
+    DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_DECODE_ERROR);
+ dsaerr:
+    DSA_free(dsa);
+ done:
+    BN_CTX_free(ctx);
+    ASN1_STRING_clear_free(privkey);
+    return ret;
+}
+
+static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
+{
+    ASN1_STRING *params = NULL;
+    ASN1_INTEGER *prkey = NULL;
+    unsigned char *dp = NULL;
+    int dplen;
+
+    if (!pkey->pkey.dsa || !pkey->pkey.dsa->priv_key) {
+        DSAerr(DSA_F_DSA_PRIV_ENCODE, DSA_R_MISSING_PARAMETERS);
+        goto err;
+    }
+
+    params = ASN1_STRING_new();
+
+    if (params == NULL) {
+        DSAerr(DSA_F_DSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    params->length = i2d_DSAparams(pkey->pkey.dsa, &params->data);
+    if (params->length <= 0) {
+        DSAerr(DSA_F_DSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    params->type = V_ASN1_SEQUENCE;
+
+    /* Get private key into integer */
+    prkey = BN_to_ASN1_INTEGER(pkey->pkey.dsa->priv_key, NULL);
+
+    if (!prkey) {
+        DSAerr(DSA_F_DSA_PRIV_ENCODE, DSA_R_BN_ERROR);
+        goto err;
+    }
+
+    dplen = i2d_ASN1_INTEGER(prkey, &dp);
+
+    ASN1_STRING_clear_free(prkey);
+    prkey = NULL;
+
+    if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0,
+                         V_ASN1_SEQUENCE, params, dp, dplen))
+        goto err;
+
+    return 1;
+
+ err:
+    OPENSSL_free(dp);
+    ASN1_STRING_free(params);
+    ASN1_STRING_clear_free(prkey);
+    return 0;
+}
+
+static int int_dsa_size(const EVP_PKEY *pkey)
+{
+    return DSA_size(pkey->pkey.dsa);
+}
+
+static int dsa_bits(const EVP_PKEY *pkey)
+{
+    return DSA_bits(pkey->pkey.dsa);
+}
+
+static int dsa_security_bits(const EVP_PKEY *pkey)
+{
+    return DSA_security_bits(pkey->pkey.dsa);
+}
+
+static int dsa_missing_parameters(const EVP_PKEY *pkey)
+{
+    DSA *dsa;
+    dsa = pkey->pkey.dsa;
+    if (dsa == NULL || dsa->p == NULL || dsa->q == NULL || dsa->g == NULL)
+        return 1;
+    return 0;
+}
+
+static int dsa_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
+{
+    BIGNUM *a;
+
+    if (to->pkey.dsa == NULL) {
+        to->pkey.dsa = DSA_new();
+        if (to->pkey.dsa == NULL)
+            return 0;
+    }
+
+    if ((a = BN_dup(from->pkey.dsa->p)) == NULL)
+        return 0;
+    BN_free(to->pkey.dsa->p);
+    to->pkey.dsa->p = a;
+
+    if ((a = BN_dup(from->pkey.dsa->q)) == NULL)
+        return 0;
+    BN_free(to->pkey.dsa->q);
+    to->pkey.dsa->q = a;
+
+    if ((a = BN_dup(from->pkey.dsa->g)) == NULL)
+        return 0;
+    BN_free(to->pkey.dsa->g);
+    to->pkey.dsa->g = a;
+    return 1;
+}
+
+static int dsa_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+    if (BN_cmp(a->pkey.dsa->p, b->pkey.dsa->p) ||
+        BN_cmp(a->pkey.dsa->q, b->pkey.dsa->q) ||
+        BN_cmp(a->pkey.dsa->g, b->pkey.dsa->g))
+        return 0;
+    else
+        return 1;
+}
+
+static int dsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+    if (BN_cmp(b->pkey.dsa->pub_key, a->pkey.dsa->pub_key) != 0)
+        return 0;
+    else
+        return 1;
+}
+
+static void int_dsa_free(EVP_PKEY *pkey)
+{
+    DSA_free(pkey->pkey.dsa);
+}
+
+static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype)
+{
+    int ret = 0;
+    const char *ktype = NULL;
+    const BIGNUM *priv_key, *pub_key;
+
+    if (ptype == 2)
+        priv_key = x->priv_key;
+    else
+        priv_key = NULL;
+
+    if (ptype > 0)
+        pub_key = x->pub_key;
+    else
+        pub_key = NULL;
+
+    if (ptype == 2)
+        ktype = "Private-Key";
+    else if (ptype == 1)
+        ktype = "Public-Key";
+    else
+        ktype = "DSA-Parameters";
+
+    if (priv_key) {
+        if (!BIO_indent(bp, off, 128))
+            goto err;
+        if (BIO_printf(bp, "%s: (%d bit)\n", ktype, BN_num_bits(x->p))
+            <= 0)
+            goto err;
+    }
+
+    if (!ASN1_bn_print(bp, "priv:", priv_key, NULL, off))
+        goto err;
+    if (!ASN1_bn_print(bp, "pub: ", pub_key, NULL, off))
+        goto err;
+    if (!ASN1_bn_print(bp, "P:   ", x->p, NULL, off))
+        goto err;
+    if (!ASN1_bn_print(bp, "Q:   ", x->q, NULL, off))
+        goto err;
+    if (!ASN1_bn_print(bp, "G:   ", x->g, NULL, off))
+        goto err;
+    ret = 1;
+ err:
+    return ret;
+}
+
+static int dsa_param_decode(EVP_PKEY *pkey,
+                            const unsigned char **pder, int derlen)
+{
+    DSA *dsa;
+
+    if ((dsa = d2i_DSAparams(NULL, pder, derlen)) == NULL) {
+        DSAerr(DSA_F_DSA_PARAM_DECODE, ERR_R_DSA_LIB);
+        return 0;
+    }
+    EVP_PKEY_assign_DSA(pkey, dsa);
+    return 1;
+}
+
+static int dsa_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
+{
+    return i2d_DSAparams(pkey->pkey.dsa, pder);
+}
+
+static int dsa_param_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                           ASN1_PCTX *ctx)
+{
+    return do_dsa_print(bp, pkey->pkey.dsa, indent, 0);
+}
+
+static int dsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                         ASN1_PCTX *ctx)
+{
+    return do_dsa_print(bp, pkey->pkey.dsa, indent, 1);
+}
+
+static int dsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                          ASN1_PCTX *ctx)
+{
+    return do_dsa_print(bp, pkey->pkey.dsa, indent, 2);
+}
+
+static int old_dsa_priv_decode(EVP_PKEY *pkey,
+                               const unsigned char **pder, int derlen)
+{
+    DSA *dsa;
+
+    if ((dsa = d2i_DSAPrivateKey(NULL, pder, derlen)) == NULL) {
+        DSAerr(DSA_F_OLD_DSA_PRIV_DECODE, ERR_R_DSA_LIB);
+        return 0;
+    }
+    EVP_PKEY_assign_DSA(pkey, dsa);
+    return 1;
+}
+
+static int old_dsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder)
+{
+    return i2d_DSAPrivateKey(pkey->pkey.dsa, pder);
+}
+
+static int dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,
+                         const ASN1_STRING *sig, int indent, ASN1_PCTX *pctx)
+{
+    DSA_SIG *dsa_sig;
+    const unsigned char *p;
+
+    if (!sig) {
+        if (BIO_puts(bp, "\n") <= 0)
+            return 0;
+        else
+            return 1;
+    }
+    p = sig->data;
+    dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length);
+    if (dsa_sig) {
+        int rv = 0;
+        const BIGNUM *r, *s;
+
+        DSA_SIG_get0(dsa_sig, &r, &s);
+
+        if (BIO_write(bp, "\n", 1) != 1)
+            goto err;
+
+        if (!ASN1_bn_print(bp, "r:   ", r, NULL, indent))
+            goto err;
+        if (!ASN1_bn_print(bp, "s:   ", s, NULL, indent))
+            goto err;
+        rv = 1;
+ err:
+        DSA_SIG_free(dsa_sig);
+        return rv;
+    }
+    return X509_signature_dump(bp, sig, indent);
+}
+
+static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+{
+    switch (op) {
+    case ASN1_PKEY_CTRL_PKCS7_SIGN:
+        if (arg1 == 0) {
+            int snid, hnid;
+            X509_ALGOR *alg1, *alg2;
+            PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2);
+            if (alg1 == NULL || alg1->algorithm == NULL)
+                return -1;
+            hnid = OBJ_obj2nid(alg1->algorithm);
+            if (hnid == NID_undef)
+                return -1;
+            if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
+                return -1;
+            X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
+        }
+        return 1;
+#ifndef OPENSSL_NO_CMS
+    case ASN1_PKEY_CTRL_CMS_SIGN:
+        if (arg1 == 0) {
+            int snid, hnid;
+            X509_ALGOR *alg1, *alg2;
+            CMS_SignerInfo_get0_algs(arg2, NULL, NULL, &alg1, &alg2);
+            if (alg1 == NULL || alg1->algorithm == NULL)
+                return -1;
+            hnid = OBJ_obj2nid(alg1->algorithm);
+            if (hnid == NID_undef)
+                return -1;
+            if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
+                return -1;
+            X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
+        }
+        return 1;
+
+    case ASN1_PKEY_CTRL_CMS_RI_TYPE:
+        *(int *)arg2 = CMS_RECIPINFO_NONE;
+        return 1;
+#endif
+
+    case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
+        *(int *)arg2 = NID_sha256;
+        return 2;
+
+    default:
+        return -2;
+
+    }
+
+}
+
+/* NB these are sorted in pkey_id order, lowest first */
+
+const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[5] = {
+
+    {
+     EVP_PKEY_DSA2,
+     EVP_PKEY_DSA,
+     ASN1_PKEY_ALIAS},
+
+    {
+     EVP_PKEY_DSA1,
+     EVP_PKEY_DSA,
+     ASN1_PKEY_ALIAS},
+
+    {
+     EVP_PKEY_DSA4,
+     EVP_PKEY_DSA,
+     ASN1_PKEY_ALIAS},
+
+    {
+     EVP_PKEY_DSA3,
+     EVP_PKEY_DSA,
+     ASN1_PKEY_ALIAS},
+
+    {
+     EVP_PKEY_DSA,
+     EVP_PKEY_DSA,
+     0,
+
+     "DSA",
+     "OpenSSL DSA method",
+
+     dsa_pub_decode,
+     dsa_pub_encode,
+     dsa_pub_cmp,
+     dsa_pub_print,
+
+     dsa_priv_decode,
+     dsa_priv_encode,
+     dsa_priv_print,
+
+     int_dsa_size,
+     dsa_bits,
+     dsa_security_bits,
+
+     dsa_param_decode,
+     dsa_param_encode,
+     dsa_missing_parameters,
+     dsa_copy_parameters,
+     dsa_cmp_parameters,
+     dsa_param_print,
+     dsa_sig_print,
+
+     int_dsa_free,
+     dsa_pkey_ctrl,
+     old_dsa_priv_decode,
+     old_dsa_priv_encode}
+};
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_asn1.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_asn1.c
new file mode 100644
index 000000000..6499e87ef
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_asn1.c
@@ -0,0 +1,155 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "dsa_locl.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/rand.h>
+
+ASN1_SEQUENCE(DSA_SIG) = {
+        ASN1_SIMPLE(DSA_SIG, r, CBIGNUM),
+        ASN1_SIMPLE(DSA_SIG, s, CBIGNUM)
+} static_ASN1_SEQUENCE_END(DSA_SIG)
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA_SIG, DSA_SIG, DSA_SIG)
+
+DSA_SIG *DSA_SIG_new(void)
+{
+    DSA_SIG *sig = OPENSSL_zalloc(sizeof(*sig));
+    if (sig == NULL)
+        DSAerr(DSA_F_DSA_SIG_NEW, ERR_R_MALLOC_FAILURE);
+    return sig;
+}
+
+void DSA_SIG_free(DSA_SIG *sig)
+{
+    if (sig == NULL)
+        return;
+    BN_clear_free(sig->r);
+    BN_clear_free(sig->s);
+    OPENSSL_free(sig);
+}
+
+void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
+{
+    if (pr != NULL)
+        *pr = sig->r;
+    if (ps != NULL)
+        *ps = sig->s;
+}
+
+int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s)
+{
+    if (r == NULL || s == NULL)
+        return 0;
+    BN_clear_free(sig->r);
+    BN_clear_free(sig->s);
+    sig->r = r;
+    sig->s = s;
+    return 1;
+}
+
+/* Override the default free and new methods */
+static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                  void *exarg)
+{
+    if (operation == ASN1_OP_NEW_PRE) {
+        *pval = (ASN1_VALUE *)DSA_new();
+        if (*pval != NULL)
+            return 2;
+        return 0;
+    } else if (operation == ASN1_OP_FREE_PRE) {
+        DSA_free((DSA *)*pval);
+        *pval = NULL;
+        return 2;
+    }
+    return 1;
+}
+
+ASN1_SEQUENCE_cb(DSAPrivateKey, dsa_cb) = {
+        ASN1_EMBED(DSA, version, INT32),
+        ASN1_SIMPLE(DSA, p, BIGNUM),
+        ASN1_SIMPLE(DSA, q, BIGNUM),
+        ASN1_SIMPLE(DSA, g, BIGNUM),
+        ASN1_SIMPLE(DSA, pub_key, BIGNUM),
+        ASN1_SIMPLE(DSA, priv_key, CBIGNUM)
+} static_ASN1_SEQUENCE_END_cb(DSA, DSAPrivateKey)
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPrivateKey, DSAPrivateKey)
+
+ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = {
+        ASN1_SIMPLE(DSA, p, BIGNUM),
+        ASN1_SIMPLE(DSA, q, BIGNUM),
+        ASN1_SIMPLE(DSA, g, BIGNUM),
+} static_ASN1_SEQUENCE_END_cb(DSA, DSAparams)
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAparams, DSAparams)
+
+ASN1_SEQUENCE_cb(DSAPublicKey, dsa_cb) = {
+        ASN1_SIMPLE(DSA, pub_key, BIGNUM),
+        ASN1_SIMPLE(DSA, p, BIGNUM),
+        ASN1_SIMPLE(DSA, q, BIGNUM),
+        ASN1_SIMPLE(DSA, g, BIGNUM)
+} static_ASN1_SEQUENCE_END_cb(DSA, DSAPublicKey)
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey)
+
+DSA *DSAparams_dup(DSA *dsa)
+{
+    return ASN1_item_dup(ASN1_ITEM_rptr(DSAparams), dsa);
+}
+
+int DSA_sign(int type, const unsigned char *dgst, int dlen,
+             unsigned char *sig, unsigned int *siglen, DSA *dsa)
+{
+    DSA_SIG *s;
+
+    s = DSA_do_sign(dgst, dlen, dsa);
+    if (s == NULL) {
+        *siglen = 0;
+        return 0;
+    }
+    *siglen = i2d_DSA_SIG(s, &sig);
+    DSA_SIG_free(s);
+    return 1;
+}
+
+/* data has already been hashed (probably with SHA or SHA-1). */
+/*-
+ * returns
+ *      1: correct signature
+ *      0: incorrect signature
+ *     -1: error
+ */
+int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
+               const unsigned char *sigbuf, int siglen, DSA *dsa)
+{
+    DSA_SIG *s;
+    const unsigned char *p = sigbuf;
+    unsigned char *der = NULL;
+    int derlen = -1;
+    int ret = -1;
+
+    s = DSA_SIG_new();
+    if (s == NULL)
+        return ret;
+    if (d2i_DSA_SIG(&s, &p, siglen) == NULL)
+        goto err;
+    /* Ensure signature uses DER and doesn't have trailing garbage */
+    derlen = i2d_DSA_SIG(s, &der);
+    if (derlen != siglen || memcmp(sigbuf, der, derlen))
+        goto err;
+    ret = DSA_do_verify(dgst, dgst_len, s, dsa);
+ err:
+    OPENSSL_clear_free(der, derlen);
+    DSA_SIG_free(s);
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_depr.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_depr.c
new file mode 100644
index 000000000..f51aea749
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_depr.c
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This file contains deprecated function(s) that are now wrappers to the new
+ * version(s).
+ */
+
+/*
+ * Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
+ * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in FIPS PUB
+ * 180-1)
+ */
+#define xxxHASH    EVP_sha1()
+
+#include <openssl/opensslconf.h>
+#if OPENSSL_API_COMPAT >= 0x00908000L
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <stdio.h>
+# include <time.h>
+# include "internal/cryptlib.h"
+# include <openssl/evp.h>
+# include <openssl/bn.h>
+# include <openssl/dsa.h>
+# include <openssl/sha.h>
+
+DSA *DSA_generate_parameters(int bits,
+                             unsigned char *seed_in, int seed_len,
+                             int *counter_ret, unsigned long *h_ret,
+                             void (*callback) (int, int, void *),
+                             void *cb_arg)
+{
+    BN_GENCB *cb;
+    DSA *ret;
+
+    if ((ret = DSA_new()) == NULL)
+        return NULL;
+    cb = BN_GENCB_new();
+    if (cb == NULL)
+        goto err;
+
+    BN_GENCB_set_old(cb, callback, cb_arg);
+
+    if (DSA_generate_parameters_ex(ret, bits, seed_in, seed_len,
+                                   counter_ret, h_ret, cb)) {
+        BN_GENCB_free(cb);
+        return ret;
+    }
+    BN_GENCB_free(cb);
+err:
+    DSA_free(ret);
+    return NULL;
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_err.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_err.c
new file mode 100644
index 000000000..8f97f6f3f
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_err.c
@@ -0,0 +1,76 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/dsaerr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA DSA_str_functs[] = {
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSAPARAMS_PRINT, 0), "DSAparams_print"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSAPARAMS_PRINT_FP, 0), "DSAparams_print_fp"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_BUILTIN_PARAMGEN, 0),
+     "dsa_builtin_paramgen"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_BUILTIN_PARAMGEN2, 0),
+     "dsa_builtin_paramgen2"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_DO_SIGN, 0), "DSA_do_sign"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_DO_VERIFY, 0), "DSA_do_verify"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_DUP, 0), "DSA_meth_dup"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_NEW, 0), "DSA_meth_new"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_SET1_NAME, 0), "DSA_meth_set1_name"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_NEW_METHOD, 0), "DSA_new_method"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_PARAM_DECODE, 0), "dsa_param_decode"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_PRINT_FP, 0), "DSA_print_fp"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_PRIV_DECODE, 0), "dsa_priv_decode"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_PRIV_ENCODE, 0), "dsa_priv_encode"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_PUB_DECODE, 0), "dsa_pub_decode"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_PUB_ENCODE, 0), "dsa_pub_encode"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_SIGN, 0), "DSA_sign"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_SIGN_SETUP, 0), "DSA_sign_setup"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_SIG_NEW, 0), "DSA_SIG_new"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_OLD_DSA_PRIV_DECODE, 0),
+     "old_dsa_priv_decode"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_PKEY_DSA_CTRL, 0), "pkey_dsa_ctrl"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_PKEY_DSA_CTRL_STR, 0), "pkey_dsa_ctrl_str"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_PKEY_DSA_KEYGEN, 0), "pkey_dsa_keygen"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA DSA_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BAD_Q_VALUE), "bad q value"},
+    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BN_DECODE_ERROR), "bn decode error"},
+    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BN_ERROR), "bn error"},
+    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_DECODE_ERROR), "decode error"},
+    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_INVALID_DIGEST_TYPE),
+    "invalid digest type"},
+    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_INVALID_PARAMETERS), "invalid parameters"},
+    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MISSING_PARAMETERS), "missing parameters"},
+    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MODULUS_TOO_LARGE), "modulus too large"},
+    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_NO_PARAMETERS_SET), "no parameters set"},
+    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_PARAMETER_ENCODING_ERROR),
+    "parameter encoding error"},
+    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_Q_NOT_PRIME), "q not prime"},
+    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_SEED_LEN_SMALL),
+    "seed_len is less than the length of q"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_DSA_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(DSA_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(DSA_str_functs);
+        ERR_load_strings_const(DSA_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_gen.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_gen.c
new file mode 100644
index 000000000..383d853b6
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_gen.c
@@ -0,0 +1,616 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
+ * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in FIPS PUB
+ * 180-1)
+ */
+#define xxxHASH    EVP_sha1()
+
+#include <openssl/opensslconf.h>
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+#include <openssl/sha.h>
+#include "dsa_locl.h"
+
+int DSA_generate_parameters_ex(DSA *ret, int bits,
+                               const unsigned char *seed_in, int seed_len,
+                               int *counter_ret, unsigned long *h_ret,
+                               BN_GENCB *cb)
+{
+    if (ret->meth->dsa_paramgen)
+        return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
+                                       counter_ret, h_ret, cb);
+    else {
+        const EVP_MD *evpmd = bits >= 2048 ? EVP_sha256() : EVP_sha1();
+        size_t qbits = EVP_MD_size(evpmd) * 8;
+
+        return dsa_builtin_paramgen(ret, bits, qbits, evpmd,
+                                    seed_in, seed_len, NULL, counter_ret,
+                                    h_ret, cb);
+    }
+}
+
+int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
+                         const EVP_MD *evpmd, const unsigned char *seed_in,
+                         size_t seed_len, unsigned char *seed_out,
+                         int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
+{
+    int ok = 0;
+    unsigned char seed[SHA256_DIGEST_LENGTH];
+    unsigned char md[SHA256_DIGEST_LENGTH];
+    unsigned char buf[SHA256_DIGEST_LENGTH], buf2[SHA256_DIGEST_LENGTH];
+    BIGNUM *r0, *W, *X, *c, *test;
+    BIGNUM *g = NULL, *q = NULL, *p = NULL;
+    BN_MONT_CTX *mont = NULL;
+    int i, k, n = 0, m = 0, qsize = qbits >> 3;
+    int counter = 0;
+    int r = 0;
+    BN_CTX *ctx = NULL;
+    unsigned int h = 2;
+
+    if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH &&
+        qsize != SHA256_DIGEST_LENGTH)
+        /* invalid q size */
+        return 0;
+
+    if (evpmd == NULL) {
+        if (qsize == SHA_DIGEST_LENGTH)
+            evpmd = EVP_sha1();
+        else if (qsize == SHA224_DIGEST_LENGTH)
+            evpmd = EVP_sha224();
+        else
+            evpmd = EVP_sha256();
+    } else {
+        qsize = EVP_MD_size(evpmd);
+    }
+
+    if (bits < 512)
+        bits = 512;
+
+    bits = (bits + 63) / 64 * 64;
+
+    if (seed_in != NULL) {
+        if (seed_len < (size_t)qsize) {
+            DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN, DSA_R_SEED_LEN_SMALL);
+            return 0;
+        }
+        if (seed_len > (size_t)qsize) {
+            /* Only consume as much seed as is expected. */
+            seed_len = qsize;
+        }
+        memcpy(seed, seed_in, seed_len);
+    }
+
+    if ((mont = BN_MONT_CTX_new()) == NULL)
+        goto err;
+
+    if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+
+    BN_CTX_start(ctx);
+
+    r0 = BN_CTX_get(ctx);
+    g = BN_CTX_get(ctx);
+    W = BN_CTX_get(ctx);
+    q = BN_CTX_get(ctx);
+    X = BN_CTX_get(ctx);
+    c = BN_CTX_get(ctx);
+    p = BN_CTX_get(ctx);
+    test = BN_CTX_get(ctx);
+
+    if (test == NULL)
+        goto err;
+
+    if (!BN_lshift(test, BN_value_one(), bits - 1))
+        goto err;
+
+    for (;;) {
+        for (;;) {              /* find q */
+            int use_random_seed = (seed_in == NULL);
+
+            /* step 1 */
+            if (!BN_GENCB_call(cb, 0, m++))
+                goto err;
+
+            if (use_random_seed) {
+                if (RAND_bytes(seed, qsize) <= 0)
+                    goto err;
+            } else {
+                /* If we come back through, use random seed next time. */
+                seed_in = NULL;
+            }
+            memcpy(buf, seed, qsize);
+            memcpy(buf2, seed, qsize);
+            /* precompute "SEED + 1" for step 7: */
+            for (i = qsize - 1; i >= 0; i--) {
+                buf[i]++;
+                if (buf[i] != 0)
+                    break;
+            }
+
+            /* step 2 */
+            if (!EVP_Digest(seed, qsize, md, NULL, evpmd, NULL))
+                goto err;
+            if (!EVP_Digest(buf, qsize, buf2, NULL, evpmd, NULL))
+                goto err;
+            for (i = 0; i < qsize; i++)
+                md[i] ^= buf2[i];
+
+            /* step 3 */
+            md[0] |= 0x80;
+            md[qsize - 1] |= 0x01;
+            if (!BN_bin2bn(md, qsize, q))
+                goto err;
+
+            /* step 4 */
+            r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,
+                                        use_random_seed, cb);
+            if (r > 0)
+                break;
+            if (r != 0)
+                goto err;
+
+            /* do a callback call */
+            /* step 5 */
+        }
+
+        if (!BN_GENCB_call(cb, 2, 0))
+            goto err;
+        if (!BN_GENCB_call(cb, 3, 0))
+            goto err;
+
+        /* step 6 */
+        counter = 0;
+        /* "offset = 2" */
+
+        n = (bits - 1) / 160;
+
+        for (;;) {
+            if ((counter != 0) && !BN_GENCB_call(cb, 0, counter))
+                goto err;
+
+            /* step 7 */
+            BN_zero(W);
+            /* now 'buf' contains "SEED + offset - 1" */
+            for (k = 0; k <= n; k++) {
+                /*
+                 * obtain "SEED + offset + k" by incrementing:
+                 */
+                for (i = qsize - 1; i >= 0; i--) {
+                    buf[i]++;
+                    if (buf[i] != 0)
+                        break;
+                }
+
+                if (!EVP_Digest(buf, qsize, md, NULL, evpmd, NULL))
+                    goto err;
+
+                /* step 8 */
+                if (!BN_bin2bn(md, qsize, r0))
+                    goto err;
+                if (!BN_lshift(r0, r0, (qsize << 3) * k))
+                    goto err;
+                if (!BN_add(W, W, r0))
+                    goto err;
+            }
+
+            /* more of step 8 */
+            if (!BN_mask_bits(W, bits - 1))
+                goto err;
+            if (!BN_copy(X, W))
+                goto err;
+            if (!BN_add(X, X, test))
+                goto err;
+
+            /* step 9 */
+            if (!BN_lshift1(r0, q))
+                goto err;
+            if (!BN_mod(c, X, r0, ctx))
+                goto err;
+            if (!BN_sub(r0, c, BN_value_one()))
+                goto err;
+            if (!BN_sub(p, X, r0))
+                goto err;
+
+            /* step 10 */
+            if (BN_cmp(p, test) >= 0) {
+                /* step 11 */
+                r = BN_is_prime_fasttest_ex(p, DSS_prime_checks, ctx, 1, cb);
+                if (r > 0)
+                    goto end;   /* found it */
+                if (r != 0)
+                    goto err;
+            }
+
+            /* step 13 */
+            counter++;
+            /* "offset = offset + n + 1" */
+
+            /* step 14 */
+            if (counter >= 4096)
+                break;
+        }
+    }
+ end:
+    if (!BN_GENCB_call(cb, 2, 1))
+        goto err;
+
+    /* We now need to generate g */
+    /* Set r0=(p-1)/q */
+    if (!BN_sub(test, p, BN_value_one()))
+        goto err;
+    if (!BN_div(r0, NULL, test, q, ctx))
+        goto err;
+
+    if (!BN_set_word(test, h))
+        goto err;
+    if (!BN_MONT_CTX_set(mont, p, ctx))
+        goto err;
+
+    for (;;) {
+        /* g=test^r0%p */
+        if (!BN_mod_exp_mont(g, test, r0, p, ctx, mont))
+            goto err;
+        if (!BN_is_one(g))
+            break;
+        if (!BN_add(test, test, BN_value_one()))
+            goto err;
+        h++;
+    }
+
+    if (!BN_GENCB_call(cb, 3, 1))
+        goto err;
+
+    ok = 1;
+ err:
+    if (ok) {
+        BN_free(ret->p);
+        BN_free(ret->q);
+        BN_free(ret->g);
+        ret->p = BN_dup(p);
+        ret->q = BN_dup(q);
+        ret->g = BN_dup(g);
+        if (ret->p == NULL || ret->q == NULL || ret->g == NULL) {
+            ok = 0;
+            goto err;
+        }
+        if (counter_ret != NULL)
+            *counter_ret = counter;
+        if (h_ret != NULL)
+            *h_ret = h;
+        if (seed_out)
+            memcpy(seed_out, seed, qsize);
+    }
+    if (ctx)
+        BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    BN_MONT_CTX_free(mont);
+    return ok;
+}
+
+/*
+ * This is a parameter generation algorithm for the DSA2 algorithm as
+ * described in FIPS 186-3.
+ */
+
+int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
+                          const EVP_MD *evpmd, const unsigned char *seed_in,
+                          size_t seed_len, int idx, unsigned char *seed_out,
+                          int *counter_ret, unsigned long *h_ret,
+                          BN_GENCB *cb)
+{
+    int ok = -1;
+    unsigned char *seed = NULL, *seed_tmp = NULL;
+    unsigned char md[EVP_MAX_MD_SIZE];
+    int mdsize;
+    BIGNUM *r0, *W, *X, *c, *test;
+    BIGNUM *g = NULL, *q = NULL, *p = NULL;
+    BN_MONT_CTX *mont = NULL;
+    int i, k, n = 0, m = 0, qsize = N >> 3;
+    int counter = 0;
+    int r = 0;
+    BN_CTX *ctx = NULL;
+    EVP_MD_CTX *mctx = EVP_MD_CTX_new();
+    unsigned int h = 2;
+
+    if (mctx == NULL)
+        goto err;
+
+    /* make sure L > N, otherwise we'll get trapped in an infinite loop */
+    if (L <= N) {
+        DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_INVALID_PARAMETERS);
+        goto err;
+    }
+
+    if (evpmd == NULL) {
+        if (N == 160)
+            evpmd = EVP_sha1();
+        else if (N == 224)
+            evpmd = EVP_sha224();
+        else
+            evpmd = EVP_sha256();
+    }
+
+    mdsize = EVP_MD_size(evpmd);
+    /* If unverifiable g generation only don't need seed */
+    if (!ret->p || !ret->q || idx >= 0) {
+        if (seed_len == 0)
+            seed_len = mdsize;
+
+        seed = OPENSSL_malloc(seed_len);
+
+        if (seed_out)
+            seed_tmp = seed_out;
+        else
+            seed_tmp = OPENSSL_malloc(seed_len);
+
+        if (seed == NULL || seed_tmp == NULL)
+            goto err;
+
+        if (seed_in)
+            memcpy(seed, seed_in, seed_len);
+
+    }
+
+    if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+
+    if ((mont = BN_MONT_CTX_new()) == NULL)
+        goto err;
+
+    BN_CTX_start(ctx);
+    r0 = BN_CTX_get(ctx);
+    g = BN_CTX_get(ctx);
+    W = BN_CTX_get(ctx);
+    X = BN_CTX_get(ctx);
+    c = BN_CTX_get(ctx);
+    test = BN_CTX_get(ctx);
+    if (test == NULL)
+        goto err;
+
+    /* if p, q already supplied generate g only */
+    if (ret->p && ret->q) {
+        p = ret->p;
+        q = ret->q;
+        if (idx >= 0)
+            memcpy(seed_tmp, seed, seed_len);
+        goto g_only;
+    } else {
+        p = BN_CTX_get(ctx);
+        q = BN_CTX_get(ctx);
+        if (q == NULL)
+            goto err;
+    }
+
+    if (!BN_lshift(test, BN_value_one(), L - 1))
+        goto err;
+    for (;;) {
+        for (;;) {              /* find q */
+            unsigned char *pmd;
+            /* step 1 */
+            if (!BN_GENCB_call(cb, 0, m++))
+                goto err;
+
+            if (!seed_in) {
+                if (RAND_bytes(seed, seed_len) <= 0)
+                    goto err;
+            }
+            /* step 2 */
+            if (!EVP_Digest(seed, seed_len, md, NULL, evpmd, NULL))
+                goto err;
+            /* Take least significant bits of md */
+            if (mdsize > qsize)
+                pmd = md + mdsize - qsize;
+            else
+                pmd = md;
+
+            if (mdsize < qsize)
+                memset(md + mdsize, 0, qsize - mdsize);
+
+            /* step 3 */
+            pmd[0] |= 0x80;
+            pmd[qsize - 1] |= 0x01;
+            if (!BN_bin2bn(pmd, qsize, q))
+                goto err;
+
+            /* step 4 */
+            r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,
+                                        seed_in ? 1 : 0, cb);
+            if (r > 0)
+                break;
+            if (r != 0)
+                goto err;
+            /* Provided seed didn't produce a prime: error */
+            if (seed_in) {
+                ok = 0;
+                DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_Q_NOT_PRIME);
+                goto err;
+            }
+
+            /* do a callback call */
+            /* step 5 */
+        }
+        /* Copy seed to seed_out before we mess with it */
+        if (seed_out)
+            memcpy(seed_out, seed, seed_len);
+
+        if (!BN_GENCB_call(cb, 2, 0))
+            goto err;
+        if (!BN_GENCB_call(cb, 3, 0))
+            goto err;
+
+        /* step 6 */
+        counter = 0;
+        /* "offset = 1" */
+
+        n = (L - 1) / (mdsize << 3);
+
+        for (;;) {
+            if ((counter != 0) && !BN_GENCB_call(cb, 0, counter))
+                goto err;
+
+            /* step 7 */
+            BN_zero(W);
+            /* now 'buf' contains "SEED + offset - 1" */
+            for (k = 0; k <= n; k++) {
+                /*
+                 * obtain "SEED + offset + k" by incrementing:
+                 */
+                for (i = seed_len - 1; i >= 0; i--) {
+                    seed[i]++;
+                    if (seed[i] != 0)
+                        break;
+                }
+
+                if (!EVP_Digest(seed, seed_len, md, NULL, evpmd, NULL))
+                    goto err;
+
+                /* step 8 */
+                if (!BN_bin2bn(md, mdsize, r0))
+                    goto err;
+                if (!BN_lshift(r0, r0, (mdsize << 3) * k))
+                    goto err;
+                if (!BN_add(W, W, r0))
+                    goto err;
+            }
+
+            /* more of step 8 */
+            if (!BN_mask_bits(W, L - 1))
+                goto err;
+            if (!BN_copy(X, W))
+                goto err;
+            if (!BN_add(X, X, test))
+                goto err;
+
+            /* step 9 */
+            if (!BN_lshift1(r0, q))
+                goto err;
+            if (!BN_mod(c, X, r0, ctx))
+                goto err;
+            if (!BN_sub(r0, c, BN_value_one()))
+                goto err;
+            if (!BN_sub(p, X, r0))
+                goto err;
+
+            /* step 10 */
+            if (BN_cmp(p, test) >= 0) {
+                /* step 11 */
+                r = BN_is_prime_fasttest_ex(p, DSS_prime_checks, ctx, 1, cb);
+                if (r > 0)
+                    goto end;   /* found it */
+                if (r != 0)
+                    goto err;
+            }
+
+            /* step 13 */
+            counter++;
+            /* "offset = offset + n + 1" */
+
+            /* step 14 */
+            if (counter >= (int)(4 * L))
+                break;
+        }
+        if (seed_in) {
+            ok = 0;
+            DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_INVALID_PARAMETERS);
+            goto err;
+        }
+    }
+ end:
+    if (!BN_GENCB_call(cb, 2, 1))
+        goto err;
+
+ g_only:
+
+    /* We now need to generate g */
+    /* Set r0=(p-1)/q */
+    if (!BN_sub(test, p, BN_value_one()))
+        goto err;
+    if (!BN_div(r0, NULL, test, q, ctx))
+        goto err;
+
+    if (idx < 0) {
+        if (!BN_set_word(test, h))
+            goto err;
+    } else
+        h = 1;
+    if (!BN_MONT_CTX_set(mont, p, ctx))
+        goto err;
+
+    for (;;) {
+        static const unsigned char ggen[4] = { 0x67, 0x67, 0x65, 0x6e };
+        if (idx >= 0) {
+            md[0] = idx & 0xff;
+            md[1] = (h >> 8) & 0xff;
+            md[2] = h & 0xff;
+            if (!EVP_DigestInit_ex(mctx, evpmd, NULL))
+                goto err;
+            if (!EVP_DigestUpdate(mctx, seed_tmp, seed_len))
+                goto err;
+            if (!EVP_DigestUpdate(mctx, ggen, sizeof(ggen)))
+                goto err;
+            if (!EVP_DigestUpdate(mctx, md, 3))
+                goto err;
+            if (!EVP_DigestFinal_ex(mctx, md, NULL))
+                goto err;
+            if (!BN_bin2bn(md, mdsize, test))
+                goto err;
+        }
+        /* g=test^r0%p */
+        if (!BN_mod_exp_mont(g, test, r0, p, ctx, mont))
+            goto err;
+        if (!BN_is_one(g))
+            break;
+        if (idx < 0 && !BN_add(test, test, BN_value_one()))
+            goto err;
+        h++;
+        if (idx >= 0 && h > 0xffff)
+            goto err;
+    }
+
+    if (!BN_GENCB_call(cb, 3, 1))
+        goto err;
+
+    ok = 1;
+ err:
+    if (ok == 1) {
+        if (p != ret->p) {
+            BN_free(ret->p);
+            ret->p = BN_dup(p);
+        }
+        if (q != ret->q) {
+            BN_free(ret->q);
+            ret->q = BN_dup(q);
+        }
+        BN_free(ret->g);
+        ret->g = BN_dup(g);
+        if (ret->p == NULL || ret->q == NULL || ret->g == NULL) {
+            ok = -1;
+            goto err;
+        }
+        if (counter_ret != NULL)
+            *counter_ret = counter;
+        if (h_ret != NULL)
+            *h_ret = h;
+    }
+    OPENSSL_free(seed);
+    if (seed_out != seed_tmp)
+        OPENSSL_free(seed_tmp);
+    if (ctx)
+        BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    BN_MONT_CTX_free(mont);
+    EVP_MD_CTX_free(mctx);
+    return ok;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_key.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_key.c
new file mode 100644
index 000000000..a48af5849
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_key.c
@@ -0,0 +1,77 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include "dsa_locl.h"
+
+static int dsa_builtin_keygen(DSA *dsa);
+
+int DSA_generate_key(DSA *dsa)
+{
+    if (dsa->meth->dsa_keygen)
+        return dsa->meth->dsa_keygen(dsa);
+    return dsa_builtin_keygen(dsa);
+}
+
+static int dsa_builtin_keygen(DSA *dsa)
+{
+    int ok = 0;
+    BN_CTX *ctx = NULL;
+    BIGNUM *pub_key = NULL, *priv_key = NULL;
+
+    if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+
+    if (dsa->priv_key == NULL) {
+        if ((priv_key = BN_secure_new()) == NULL)
+            goto err;
+    } else
+        priv_key = dsa->priv_key;
+
+    do
+        if (!BN_priv_rand_range(priv_key, dsa->q))
+            goto err;
+    while (BN_is_zero(priv_key)) ;
+
+    if (dsa->pub_key == NULL) {
+        if ((pub_key = BN_new()) == NULL)
+            goto err;
+    } else
+        pub_key = dsa->pub_key;
+
+    {
+        BIGNUM *prk = BN_new();
+
+        if (prk == NULL)
+            goto err;
+        BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
+
+        if (!BN_mod_exp(pub_key, dsa->g, prk, dsa->p, ctx)) {
+            BN_free(prk);
+            goto err;
+        }
+        /* We MUST free prk before any further use of priv_key */
+        BN_free(prk);
+    }
+
+    dsa->priv_key = priv_key;
+    dsa->pub_key = pub_key;
+    ok = 1;
+
+ err:
+    if (pub_key != dsa->pub_key)
+        BN_free(pub_key);
+    if (priv_key != dsa->priv_key)
+        BN_free(priv_key);
+    BN_CTX_free(ctx);
+    return ok;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_lib.c
new file mode 100644
index 000000000..1048601be
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_lib.c
@@ -0,0 +1,358 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "internal/refcount.h"
+#include <openssl/bn.h>
+#include "dsa_locl.h"
+#include <openssl/asn1.h>
+#include <openssl/engine.h>
+#include <openssl/dh.h>
+
+DSA *DSA_new(void)
+{
+    return DSA_new_method(NULL);
+}
+
+int DSA_set_method(DSA *dsa, const DSA_METHOD *meth)
+{
+    /*
+     * NB: The caller is specifically setting a method, so it's not up to us
+     * to deal with which ENGINE it comes from.
+     */
+    const DSA_METHOD *mtmp;
+    mtmp = dsa->meth;
+    if (mtmp->finish)
+        mtmp->finish(dsa);
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_finish(dsa->engine);
+    dsa->engine = NULL;
+#endif
+    dsa->meth = meth;
+    if (meth->init)
+        meth->init(dsa);
+    return 1;
+}
+
+const DSA_METHOD *DSA_get_method(DSA *d)
+{
+    return d->meth;
+}
+
+DSA *DSA_new_method(ENGINE *engine)
+{
+    DSA *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ret->references = 1;
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+
+    ret->meth = DSA_get_default_method();
+#ifndef OPENSSL_NO_ENGINE
+    ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW; /* early default init */
+    if (engine) {
+        if (!ENGINE_init(engine)) {
+            DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB);
+            goto err;
+        }
+        ret->engine = engine;
+    } else
+        ret->engine = ENGINE_get_default_DSA();
+    if (ret->engine) {
+        ret->meth = ENGINE_get_DSA(ret->engine);
+        if (ret->meth == NULL) {
+            DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB);
+            goto err;
+        }
+    }
+#endif
+
+    ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW;
+
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data))
+        goto err;
+
+    if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
+        DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_INIT_FAIL);
+        goto err;
+    }
+
+    return ret;
+
+ err:
+    DSA_free(ret);
+    return NULL;
+}
+
+void DSA_free(DSA *r)
+{
+    int i;
+
+    if (r == NULL)
+        return;
+
+    CRYPTO_DOWN_REF(&r->references, &i, r->lock);
+    REF_PRINT_COUNT("DSA", r);
+    if (i > 0)
+        return;
+    REF_ASSERT_ISNT(i < 0);
+
+    if (r->meth != NULL && r->meth->finish != NULL)
+        r->meth->finish(r);
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_finish(r->engine);
+#endif
+
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data);
+
+    CRYPTO_THREAD_lock_free(r->lock);
+
+    BN_clear_free(r->p);
+    BN_clear_free(r->q);
+    BN_clear_free(r->g);
+    BN_clear_free(r->pub_key);
+    BN_clear_free(r->priv_key);
+    OPENSSL_free(r);
+}
+
+int DSA_up_ref(DSA *r)
+{
+    int i;
+
+    if (CRYPTO_UP_REF(&r->references, &i, r->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("DSA", r);
+    REF_ASSERT_ISNT(i < 2);
+    return ((i > 1) ? 1 : 0);
+}
+
+int DSA_size(const DSA *r)
+{
+    int ret, i;
+    ASN1_INTEGER bs;
+    unsigned char buf[4];       /* 4 bytes looks really small. However,
+                                 * i2d_ASN1_INTEGER() will not look beyond
+                                 * the first byte, as long as the second
+                                 * parameter is NULL. */
+
+    i = BN_num_bits(r->q);
+    bs.length = (i + 7) / 8;
+    bs.data = buf;
+    bs.type = V_ASN1_INTEGER;
+    /* If the top bit is set the asn1 encoding is 1 larger. */
+    buf[0] = 0xff;
+
+    i = i2d_ASN1_INTEGER(&bs, NULL);
+    i += i;                     /* r and s */
+    ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE);
+    return ret;
+}
+
+int DSA_set_ex_data(DSA *d, int idx, void *arg)
+{
+    return CRYPTO_set_ex_data(&d->ex_data, idx, arg);
+}
+
+void *DSA_get_ex_data(DSA *d, int idx)
+{
+    return CRYPTO_get_ex_data(&d->ex_data, idx);
+}
+
+int DSA_security_bits(const DSA *d)
+{
+    if (d->p && d->q)
+        return BN_security_bits(BN_num_bits(d->p), BN_num_bits(d->q));
+    return -1;
+}
+
+#ifndef OPENSSL_NO_DH
+DH *DSA_dup_DH(const DSA *r)
+{
+    /*
+     * DSA has p, q, g, optional pub_key, optional priv_key. DH has p,
+     * optional length, g, optional pub_key, optional priv_key, optional q.
+     */
+
+    DH *ret = NULL;
+    BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub_key = NULL, *priv_key = NULL;
+
+    if (r == NULL)
+        goto err;
+    ret = DH_new();
+    if (ret == NULL)
+        goto err;
+    if (r->p != NULL || r->g != NULL || r->q != NULL) {
+        if (r->p == NULL || r->g == NULL || r->q == NULL) {
+            /* Shouldn't happen */
+            goto err;
+        }
+        p = BN_dup(r->p);
+        g = BN_dup(r->g);
+        q = BN_dup(r->q);
+        if (p == NULL || g == NULL || q == NULL || !DH_set0_pqg(ret, p, q, g))
+            goto err;
+        p = g = q = NULL;
+    }
+
+    if (r->pub_key != NULL) {
+        pub_key = BN_dup(r->pub_key);
+        if (pub_key == NULL)
+            goto err;
+        if (r->priv_key != NULL) {
+            priv_key = BN_dup(r->priv_key);
+            if (priv_key == NULL)
+                goto err;
+        }
+        if (!DH_set0_key(ret, pub_key, priv_key))
+            goto err;
+    } else if (r->priv_key != NULL) {
+        /* Shouldn't happen */
+        goto err;
+    }
+
+    return ret;
+
+ err:
+    BN_free(p);
+    BN_free(g);
+    BN_free(q);
+    BN_free(pub_key);
+    BN_free(priv_key);
+    DH_free(ret);
+    return NULL;
+}
+#endif
+
+void DSA_get0_pqg(const DSA *d,
+                  const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
+{
+    if (p != NULL)
+        *p = d->p;
+    if (q != NULL)
+        *q = d->q;
+    if (g != NULL)
+        *g = d->g;
+}
+
+int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g)
+{
+    /* If the fields p, q and g in d are NULL, the corresponding input
+     * parameters MUST be non-NULL.
+     */
+    if ((d->p == NULL && p == NULL)
+        || (d->q == NULL && q == NULL)
+        || (d->g == NULL && g == NULL))
+        return 0;
+
+    if (p != NULL) {
+        BN_free(d->p);
+        d->p = p;
+    }
+    if (q != NULL) {
+        BN_free(d->q);
+        d->q = q;
+    }
+    if (g != NULL) {
+        BN_free(d->g);
+        d->g = g;
+    }
+
+    return 1;
+}
+
+void DSA_get0_key(const DSA *d,
+                  const BIGNUM **pub_key, const BIGNUM **priv_key)
+{
+    if (pub_key != NULL)
+        *pub_key = d->pub_key;
+    if (priv_key != NULL)
+        *priv_key = d->priv_key;
+}
+
+int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key)
+{
+    /* If the field pub_key in d is NULL, the corresponding input
+     * parameters MUST be non-NULL.  The priv_key field may
+     * be left NULL.
+     */
+    if (d->pub_key == NULL && pub_key == NULL)
+        return 0;
+
+    if (pub_key != NULL) {
+        BN_free(d->pub_key);
+        d->pub_key = pub_key;
+    }
+    if (priv_key != NULL) {
+        BN_free(d->priv_key);
+        d->priv_key = priv_key;
+    }
+
+    return 1;
+}
+
+const BIGNUM *DSA_get0_p(const DSA *d)
+{
+    return d->p;
+}
+
+const BIGNUM *DSA_get0_q(const DSA *d)
+{
+    return d->q;
+}
+
+const BIGNUM *DSA_get0_g(const DSA *d)
+{
+    return d->g;
+}
+
+const BIGNUM *DSA_get0_pub_key(const DSA *d)
+{
+    return d->pub_key;
+}
+
+const BIGNUM *DSA_get0_priv_key(const DSA *d)
+{
+    return d->priv_key;
+}
+
+void DSA_clear_flags(DSA *d, int flags)
+{
+    d->flags &= ~flags;
+}
+
+int DSA_test_flags(const DSA *d, int flags)
+{
+    return d->flags & flags;
+}
+
+void DSA_set_flags(DSA *d, int flags)
+{
+    d->flags |= flags;
+}
+
+ENGINE *DSA_get0_engine(DSA *d)
+{
+    return d->engine;
+}
+
+int DSA_bits(const DSA *dsa)
+{
+    return BN_num_bits(dsa->p);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_locl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_locl.h
new file mode 100644
index 000000000..a81a4b497
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_locl.h
@@ -0,0 +1,77 @@
+/*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/dsa.h>
+#include "internal/refcount.h"
+
+struct dsa_st {
+    /*
+     * This first variable is used to pick up errors where a DSA is passed
+     * instead of of a EVP_PKEY
+     */
+    int pad;
+    int32_t version;
+    BIGNUM *p;
+    BIGNUM *q;                  /* == 20 */
+    BIGNUM *g;
+    BIGNUM *pub_key;            /* y public key */
+    BIGNUM *priv_key;           /* x private key */
+    int flags;
+    /* Normally used to cache montgomery values */
+    BN_MONT_CTX *method_mont_p;
+    CRYPTO_REF_COUNT references;
+    CRYPTO_EX_DATA ex_data;
+    const DSA_METHOD *meth;
+    /* functional reference if 'meth' is ENGINE-provided */
+    ENGINE *engine;
+    CRYPTO_RWLOCK *lock;
+};
+
+struct DSA_SIG_st {
+    BIGNUM *r;
+    BIGNUM *s;
+};
+
+struct dsa_method {
+    char *name;
+    DSA_SIG *(*dsa_do_sign) (const unsigned char *dgst, int dlen, DSA *dsa);
+    int (*dsa_sign_setup) (DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
+                           BIGNUM **rp);
+    int (*dsa_do_verify) (const unsigned char *dgst, int dgst_len,
+                          DSA_SIG *sig, DSA *dsa);
+    int (*dsa_mod_exp) (DSA *dsa, BIGNUM *rr, const BIGNUM *a1,
+                        const BIGNUM *p1, const BIGNUM *a2, const BIGNUM *p2,
+                        const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont);
+    /* Can be null */
+    int (*bn_mod_exp) (DSA *dsa, BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                       const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+    int (*init) (DSA *dsa);
+    int (*finish) (DSA *dsa);
+    int flags;
+    void *app_data;
+    /* If this is non-NULL, it is used to generate DSA parameters */
+    int (*dsa_paramgen) (DSA *dsa, int bits,
+                         const unsigned char *seed, int seed_len,
+                         int *counter_ret, unsigned long *h_ret,
+                         BN_GENCB *cb);
+    /* If this is non-NULL, it is used to generate DSA keys */
+    int (*dsa_keygen) (DSA *dsa);
+};
+
+int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
+                         const EVP_MD *evpmd, const unsigned char *seed_in,
+                         size_t seed_len, unsigned char *seed_out,
+                         int *counter_ret, unsigned long *h_ret,
+                         BN_GENCB *cb);
+
+int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
+                          const EVP_MD *evpmd, const unsigned char *seed_in,
+                          size_t seed_len, int idx, unsigned char *seed_out,
+                          int *counter_ret, unsigned long *h_ret,
+                          BN_GENCB *cb);
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_meth.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_meth.c
new file mode 100644
index 000000000..ff4fae44a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_meth.c
@@ -0,0 +1,224 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+#include "dsa_locl.h"
+#include <string.h>
+#include <openssl/err.h>
+
+DSA_METHOD *DSA_meth_new(const char *name, int flags)
+{
+    DSA_METHOD *dsam = OPENSSL_zalloc(sizeof(*dsam));
+
+    if (dsam != NULL) {
+        dsam->flags = flags;
+
+        dsam->name = OPENSSL_strdup(name);
+        if (dsam->name != NULL)
+            return dsam;
+
+        OPENSSL_free(dsam);
+    }
+
+    DSAerr(DSA_F_DSA_METH_NEW, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+void DSA_meth_free(DSA_METHOD *dsam)
+{
+    if (dsam != NULL) {
+        OPENSSL_free(dsam->name);
+        OPENSSL_free(dsam);
+    }
+}
+
+DSA_METHOD *DSA_meth_dup(const DSA_METHOD *dsam)
+{
+    DSA_METHOD *ret = OPENSSL_malloc(sizeof(*ret));
+
+    if (ret != NULL) {
+        memcpy(ret, dsam, sizeof(*dsam));
+
+        ret->name = OPENSSL_strdup(dsam->name);
+        if (ret->name != NULL)
+            return ret;
+
+        OPENSSL_free(ret);
+    }
+
+    DSAerr(DSA_F_DSA_METH_DUP, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+const char *DSA_meth_get0_name(const DSA_METHOD *dsam)
+{
+    return dsam->name;
+}
+
+int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name)
+{
+    char *tmpname = OPENSSL_strdup(name);
+
+    if (tmpname == NULL) {
+        DSAerr(DSA_F_DSA_METH_SET1_NAME, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    OPENSSL_free(dsam->name);
+    dsam->name = tmpname;
+
+    return 1;
+}
+
+int DSA_meth_get_flags(const DSA_METHOD *dsam)
+{
+    return dsam->flags;
+}
+
+int DSA_meth_set_flags(DSA_METHOD *dsam, int flags)
+{
+    dsam->flags = flags;
+    return 1;
+}
+
+void *DSA_meth_get0_app_data(const DSA_METHOD *dsam)
+{
+    return dsam->app_data;
+}
+
+int DSA_meth_set0_app_data(DSA_METHOD *dsam, void *app_data)
+{
+    dsam->app_data = app_data;
+    return 1;
+}
+
+DSA_SIG *(*DSA_meth_get_sign(const DSA_METHOD *dsam))
+        (const unsigned char *, int, DSA *)
+{
+    return dsam->dsa_do_sign;
+}
+
+int DSA_meth_set_sign(DSA_METHOD *dsam,
+                       DSA_SIG *(*sign) (const unsigned char *, int, DSA *))
+{
+    dsam->dsa_do_sign = sign;
+    return 1;
+}
+
+int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam))
+        (DSA *, BN_CTX *, BIGNUM **, BIGNUM **)
+{
+    return dsam->dsa_sign_setup;
+}
+
+int DSA_meth_set_sign_setup(DSA_METHOD *dsam,
+        int (*sign_setup) (DSA *, BN_CTX *, BIGNUM **, BIGNUM **))
+{
+    dsam->dsa_sign_setup = sign_setup;
+    return 1;
+}
+
+int (*DSA_meth_get_verify(const DSA_METHOD *dsam))
+        (const unsigned char *, int, DSA_SIG *, DSA *)
+{
+    return dsam->dsa_do_verify;
+}
+
+int DSA_meth_set_verify(DSA_METHOD *dsam,
+    int (*verify) (const unsigned char *, int, DSA_SIG *, DSA *))
+{
+    dsam->dsa_do_verify = verify;
+    return 1;
+}
+
+int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam))
+        (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *,
+         const BIGNUM *, const BIGNUM *, BN_CTX *, BN_MONT_CTX *)
+{
+    return dsam->dsa_mod_exp;
+}
+
+int DSA_meth_set_mod_exp(DSA_METHOD *dsam,
+    int (*mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *,
+                    const BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *,
+                    BN_MONT_CTX *))
+{
+    dsam->dsa_mod_exp = mod_exp;
+    return 1;
+}
+
+int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam))
+    (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *,
+     BN_MONT_CTX *)
+{
+    return dsam->bn_mod_exp;
+}
+
+int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam,
+    int (*bn_mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *,
+                       const BIGNUM *, BN_CTX *, BN_MONT_CTX *))
+{
+    dsam->bn_mod_exp = bn_mod_exp;
+    return 1;
+}
+
+int (*DSA_meth_get_init(const DSA_METHOD *dsam))(DSA *)
+{
+    return dsam->init;
+}
+
+int DSA_meth_set_init(DSA_METHOD *dsam, int (*init)(DSA *))
+{
+    dsam->init = init;
+    return 1;
+}
+
+int (*DSA_meth_get_finish(const DSA_METHOD *dsam)) (DSA *)
+{
+    return dsam->finish;
+}
+
+int DSA_meth_set_finish(DSA_METHOD *dsam, int (*finish) (DSA *))
+{
+    dsam->finish = finish;
+    return 1;
+}
+
+int (*DSA_meth_get_paramgen(const DSA_METHOD *dsam))
+        (DSA *, int, const unsigned char *, int, int *, unsigned long *,
+         BN_GENCB *)
+{
+    return dsam->dsa_paramgen;
+}
+
+int DSA_meth_set_paramgen(DSA_METHOD *dsam,
+        int (*paramgen) (DSA *, int, const unsigned char *, int, int *,
+                         unsigned long *, BN_GENCB *))
+{
+    dsam->dsa_paramgen = paramgen;
+    return 1;
+}
+
+int (*DSA_meth_get_keygen(const DSA_METHOD *dsam)) (DSA *)
+{
+    return dsam->dsa_keygen;
+}
+
+int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen) (DSA *))
+{
+    dsam->dsa_keygen = keygen;
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_ossl.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_ossl.c
new file mode 100644
index 000000000..7a0b0874c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_ossl.c
@@ -0,0 +1,428 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "internal/bn_int.h"
+#include <openssl/bn.h>
+#include <openssl/sha.h>
+#include "dsa_locl.h"
+#include <openssl/asn1.h>
+
+static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+static int dsa_sign_setup_no_digest(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
+                                    BIGNUM **rp);
+static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
+                          BIGNUM **rp, const unsigned char *dgst, int dlen);
+static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
+                         DSA_SIG *sig, DSA *dsa);
+static int dsa_init(DSA *dsa);
+static int dsa_finish(DSA *dsa);
+static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q,
+                                      BN_CTX *ctx);
+
+static DSA_METHOD openssl_dsa_meth = {
+    "OpenSSL DSA method",
+    dsa_do_sign,
+    dsa_sign_setup_no_digest,
+    dsa_do_verify,
+    NULL,                       /* dsa_mod_exp, */
+    NULL,                       /* dsa_bn_mod_exp, */
+    dsa_init,
+    dsa_finish,
+    DSA_FLAG_FIPS_METHOD,
+    NULL,
+    NULL,
+    NULL
+};
+
+static const DSA_METHOD *default_DSA_method = &openssl_dsa_meth;
+
+void DSA_set_default_method(const DSA_METHOD *meth)
+{
+    default_DSA_method = meth;
+}
+
+const DSA_METHOD *DSA_get_default_method(void)
+{
+    return default_DSA_method;
+}
+
+const DSA_METHOD *DSA_OpenSSL(void)
+{
+    return &openssl_dsa_meth;
+}
+
+static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+{
+    BIGNUM *kinv = NULL;
+    BIGNUM *m, *blind, *blindm, *tmp;
+    BN_CTX *ctx = NULL;
+    int reason = ERR_R_BN_LIB;
+    DSA_SIG *ret = NULL;
+    int rv = 0;
+
+    if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL) {
+        reason = DSA_R_MISSING_PARAMETERS;
+        goto err;
+    }
+
+    ret = DSA_SIG_new();
+    if (ret == NULL)
+        goto err;
+    ret->r = BN_new();
+    ret->s = BN_new();
+    if (ret->r == NULL || ret->s == NULL)
+        goto err;
+
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        goto err;
+    m = BN_CTX_get(ctx);
+    blind = BN_CTX_get(ctx);
+    blindm = BN_CTX_get(ctx);
+    tmp = BN_CTX_get(ctx);
+    if (tmp == NULL)
+        goto err;
+
+ redo:
+    if (!dsa_sign_setup(dsa, ctx, &kinv, &ret->r, dgst, dlen))
+        goto err;
+
+    if (dlen > BN_num_bytes(dsa->q))
+        /*
+         * if the digest length is greater than the size of q use the
+         * BN_num_bits(dsa->q) leftmost bits of the digest, see fips 186-3,
+         * 4.2
+         */
+        dlen = BN_num_bytes(dsa->q);
+    if (BN_bin2bn(dgst, dlen, m) == NULL)
+        goto err;
+
+    /*
+     * The normal signature calculation is:
+     *
+     *   s := k^-1 * (m + r * priv_key) mod q
+     *
+     * We will blind this to protect against side channel attacks
+     *
+     *   s := blind^-1 * k^-1 * (blind * m + blind * r * priv_key) mod q
+     */
+
+    /* Generate a blinding value */
+    do {
+        if (!BN_priv_rand(blind, BN_num_bits(dsa->q) - 1,
+                          BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY))
+            goto err;
+    } while (BN_is_zero(blind));
+    BN_set_flags(blind, BN_FLG_CONSTTIME);
+    BN_set_flags(blindm, BN_FLG_CONSTTIME);
+    BN_set_flags(tmp, BN_FLG_CONSTTIME);
+
+    /* tmp := blind * priv_key * r mod q */
+    if (!BN_mod_mul(tmp, blind, dsa->priv_key, dsa->q, ctx))
+        goto err;
+    if (!BN_mod_mul(tmp, tmp, ret->r, dsa->q, ctx))
+        goto err;
+
+    /* blindm := blind * m mod q */
+    if (!BN_mod_mul(blindm, blind, m, dsa->q, ctx))
+        goto err;
+
+    /* s : = (blind * priv_key * r) + (blind * m) mod q */
+    if (!BN_mod_add_quick(ret->s, tmp, blindm, dsa->q))
+        goto err;
+
+    /* s := s * k^-1 mod q */
+    if (!BN_mod_mul(ret->s, ret->s, kinv, dsa->q, ctx))
+        goto err;
+
+    /* s:= s * blind^-1 mod q */
+    if (BN_mod_inverse(blind, blind, dsa->q, ctx) == NULL)
+        goto err;
+    if (!BN_mod_mul(ret->s, ret->s, blind, dsa->q, ctx))
+        goto err;
+
+    /*
+     * Redo if r or s is zero as required by FIPS 186-3: this is very
+     * unlikely.
+     */
+    if (BN_is_zero(ret->r) || BN_is_zero(ret->s))
+        goto redo;
+
+    rv = 1;
+
+ err:
+    if (rv == 0) {
+        DSAerr(DSA_F_DSA_DO_SIGN, reason);
+        DSA_SIG_free(ret);
+        ret = NULL;
+    }
+    BN_CTX_free(ctx);
+    BN_clear_free(kinv);
+    return ret;
+}
+
+static int dsa_sign_setup_no_digest(DSA *dsa, BN_CTX *ctx_in,
+                                    BIGNUM **kinvp, BIGNUM **rp)
+{
+    return dsa_sign_setup(dsa, ctx_in, kinvp, rp, NULL, 0);
+}
+
+static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
+                          BIGNUM **kinvp, BIGNUM **rp,
+                          const unsigned char *dgst, int dlen)
+{
+    BN_CTX *ctx = NULL;
+    BIGNUM *k, *kinv = NULL, *r = *rp;
+    BIGNUM *l;
+    int ret = 0;
+    int q_bits, q_words;
+
+    if (!dsa->p || !dsa->q || !dsa->g) {
+        DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MISSING_PARAMETERS);
+        return 0;
+    }
+
+    k = BN_new();
+    l = BN_new();
+    if (k == NULL || l == NULL)
+        goto err;
+
+    if (ctx_in == NULL) {
+        if ((ctx = BN_CTX_new()) == NULL)
+            goto err;
+    } else
+        ctx = ctx_in;
+
+    /* Preallocate space */
+    q_bits = BN_num_bits(dsa->q);
+    q_words = bn_get_top(dsa->q);
+    if (!bn_wexpand(k, q_words + 2)
+        || !bn_wexpand(l, q_words + 2))
+        goto err;
+
+    /* Get random k */
+    do {
+        if (dgst != NULL) {
+            /*
+             * We calculate k from SHA512(private_key + H(message) + random).
+             * This protects the private key from a weak PRNG.
+             */
+            if (!BN_generate_dsa_nonce(k, dsa->q, dsa->priv_key, dgst,
+                                       dlen, ctx))
+                goto err;
+        } else if (!BN_priv_rand_range(k, dsa->q))
+            goto err;
+    } while (BN_is_zero(k));
+
+    BN_set_flags(k, BN_FLG_CONSTTIME);
+    BN_set_flags(l, BN_FLG_CONSTTIME);
+
+    if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
+        if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
+                                    dsa->lock, dsa->p, ctx))
+            goto err;
+    }
+
+    /* Compute r = (g^k mod p) mod q */
+
+    /*
+     * We do not want timing information to leak the length of k, so we
+     * compute G^k using an equivalent scalar of fixed bit-length.
+     *
+     * We unconditionally perform both of these additions to prevent a
+     * small timing information leakage.  We then choose the sum that is
+     * one bit longer than the modulus.
+     *
+     * There are some concerns about the efficacy of doing this.  More
+     * specificly refer to the discussion starting with:
+     *     https://github.com/openssl/openssl/pull/7486#discussion_r228323705
+     * The fix is to rework BN so these gymnastics aren't required.
+     */
+    if (!BN_add(l, k, dsa->q)
+        || !BN_add(k, l, dsa->q))
+        goto err;
+
+    BN_consttime_swap(BN_is_bit_set(l, q_bits), k, l, q_words + 2);
+
+    if ((dsa)->meth->bn_mod_exp != NULL) {
+            if (!dsa->meth->bn_mod_exp(dsa, r, dsa->g, k, dsa->p, ctx,
+                                       dsa->method_mont_p))
+                goto err;
+    } else {
+            if (!BN_mod_exp_mont(r, dsa->g, k, dsa->p, ctx, dsa->method_mont_p))
+                goto err;
+    }
+
+    if (!BN_mod(r, r, dsa->q, ctx))
+        goto err;
+
+    /* Compute part of 's = inv(k) (m + xr) mod q' */
+    if ((kinv = dsa_mod_inverse_fermat(k, dsa->q, ctx)) == NULL)
+        goto err;
+
+    BN_clear_free(*kinvp);
+    *kinvp = kinv;
+    kinv = NULL;
+    ret = 1;
+ err:
+    if (!ret)
+        DSAerr(DSA_F_DSA_SIGN_SETUP, ERR_R_BN_LIB);
+    if (ctx != ctx_in)
+        BN_CTX_free(ctx);
+    BN_clear_free(k);
+    BN_clear_free(l);
+    return ret;
+}
+
+static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
+                         DSA_SIG *sig, DSA *dsa)
+{
+    BN_CTX *ctx;
+    BIGNUM *u1, *u2, *t1;
+    BN_MONT_CTX *mont = NULL;
+    const BIGNUM *r, *s;
+    int ret = -1, i;
+    if (!dsa->p || !dsa->q || !dsa->g) {
+        DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MISSING_PARAMETERS);
+        return -1;
+    }
+
+    i = BN_num_bits(dsa->q);
+    /* fips 186-3 allows only different sizes for q */
+    if (i != 160 && i != 224 && i != 256) {
+        DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_BAD_Q_VALUE);
+        return -1;
+    }
+
+    if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) {
+        DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MODULUS_TOO_LARGE);
+        return -1;
+    }
+    u1 = BN_new();
+    u2 = BN_new();
+    t1 = BN_new();
+    ctx = BN_CTX_new();
+    if (u1 == NULL || u2 == NULL || t1 == NULL || ctx == NULL)
+        goto err;
+
+    DSA_SIG_get0(sig, &r, &s);
+
+    if (BN_is_zero(r) || BN_is_negative(r) ||
+        BN_ucmp(r, dsa->q) >= 0) {
+        ret = 0;
+        goto err;
+    }
+    if (BN_is_zero(s) || BN_is_negative(s) ||
+        BN_ucmp(s, dsa->q) >= 0) {
+        ret = 0;
+        goto err;
+    }
+
+    /*
+     * Calculate W = inv(S) mod Q save W in u2
+     */
+    if ((BN_mod_inverse(u2, s, dsa->q, ctx)) == NULL)
+        goto err;
+
+    /* save M in u1 */
+    if (dgst_len > (i >> 3))
+        /*
+         * if the digest length is greater than the size of q use the
+         * BN_num_bits(dsa->q) leftmost bits of the digest, see fips 186-3,
+         * 4.2
+         */
+        dgst_len = (i >> 3);
+    if (BN_bin2bn(dgst, dgst_len, u1) == NULL)
+        goto err;
+
+    /* u1 = M * w mod q */
+    if (!BN_mod_mul(u1, u1, u2, dsa->q, ctx))
+        goto err;
+
+    /* u2 = r * w mod q */
+    if (!BN_mod_mul(u2, r, u2, dsa->q, ctx))
+        goto err;
+
+    if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
+        mont = BN_MONT_CTX_set_locked(&dsa->method_mont_p,
+                                      dsa->lock, dsa->p, ctx);
+        if (!mont)
+            goto err;
+    }
+
+    if (dsa->meth->dsa_mod_exp != NULL) {
+        if (!dsa->meth->dsa_mod_exp(dsa, t1, dsa->g, u1, dsa->pub_key, u2,
+                                    dsa->p, ctx, mont))
+            goto err;
+    } else {
+        if (!BN_mod_exp2_mont(t1, dsa->g, u1, dsa->pub_key, u2, dsa->p, ctx,
+                              mont))
+            goto err;
+    }
+
+    /* let u1 = u1 mod q */
+    if (!BN_mod(u1, t1, dsa->q, ctx))
+        goto err;
+
+    /*
+     * V is now in u1.  If the signature is correct, it will be equal to R.
+     */
+    ret = (BN_ucmp(u1, r) == 0);
+
+ err:
+    if (ret < 0)
+        DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_BN_LIB);
+    BN_CTX_free(ctx);
+    BN_free(u1);
+    BN_free(u2);
+    BN_free(t1);
+    return ret;
+}
+
+static int dsa_init(DSA *dsa)
+{
+    dsa->flags |= DSA_FLAG_CACHE_MONT_P;
+    return 1;
+}
+
+static int dsa_finish(DSA *dsa)
+{
+    BN_MONT_CTX_free(dsa->method_mont_p);
+    return 1;
+}
+
+/*
+ * Compute the inverse of k modulo q.
+ * Since q is prime, Fermat's Little Theorem applies, which reduces this to
+ * mod-exp operation.  Both the exponent and modulus are public information
+ * so a mod-exp that doesn't leak the base is sufficient.  A newly allocated
+ * BIGNUM is returned which the caller must free.
+ */
+static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q,
+                                      BN_CTX *ctx)
+{
+    BIGNUM *res = NULL;
+    BIGNUM *r, *e;
+
+    if ((r = BN_new()) == NULL)
+        return NULL;
+
+    BN_CTX_start(ctx);
+    if ((e = BN_CTX_get(ctx)) != NULL
+            && BN_set_word(r, 2)
+            && BN_sub(e, q, r)
+            && BN_mod_exp_mont(r, k, e, q, ctx, NULL))
+        res = r;
+    else
+        BN_free(r);
+    BN_CTX_end(ctx);
+    return res;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_pmeth.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_pmeth.c
new file mode 100644
index 000000000..b4ee5a757
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_pmeth.c
@@ -0,0 +1,273 @@
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include "internal/evp_int.h"
+#include "dsa_locl.h"
+
+/* DSA pkey context structure */
+
+typedef struct {
+    /* Parameter gen parameters */
+    int nbits;                  /* size of p in bits (default: 1024) */
+    int qbits;                  /* size of q in bits (default: 160) */
+    const EVP_MD *pmd;          /* MD for parameter generation */
+    /* Keygen callback info */
+    int gentmp[2];
+    /* message digest */
+    const EVP_MD *md;           /* MD for the signature */
+} DSA_PKEY_CTX;
+
+static int pkey_dsa_init(EVP_PKEY_CTX *ctx)
+{
+    DSA_PKEY_CTX *dctx = OPENSSL_malloc(sizeof(*dctx));
+
+    if (dctx == NULL)
+        return 0;
+    dctx->nbits = 1024;
+    dctx->qbits = 160;
+    dctx->pmd = NULL;
+    dctx->md = NULL;
+
+    ctx->data = dctx;
+    ctx->keygen_info = dctx->gentmp;
+    ctx->keygen_info_count = 2;
+
+    return 1;
+}
+
+static int pkey_dsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
+{
+    DSA_PKEY_CTX *dctx, *sctx;
+
+    if (!pkey_dsa_init(dst))
+        return 0;
+    sctx = src->data;
+    dctx = dst->data;
+    dctx->nbits = sctx->nbits;
+    dctx->qbits = sctx->qbits;
+    dctx->pmd = sctx->pmd;
+    dctx->md = sctx->md;
+    return 1;
+}
+
+static void pkey_dsa_cleanup(EVP_PKEY_CTX *ctx)
+{
+    DSA_PKEY_CTX *dctx = ctx->data;
+    OPENSSL_free(dctx);
+}
+
+static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
+                         size_t *siglen, const unsigned char *tbs,
+                         size_t tbslen)
+{
+    int ret;
+    unsigned int sltmp;
+    DSA_PKEY_CTX *dctx = ctx->data;
+    DSA *dsa = ctx->pkey->pkey.dsa;
+
+    if (dctx->md != NULL && tbslen != (size_t)EVP_MD_size(dctx->md))
+        return 0;
+
+    ret = DSA_sign(0, tbs, tbslen, sig, &sltmp, dsa);
+
+    if (ret <= 0)
+        return ret;
+    *siglen = sltmp;
+    return 1;
+}
+
+static int pkey_dsa_verify(EVP_PKEY_CTX *ctx,
+                           const unsigned char *sig, size_t siglen,
+                           const unsigned char *tbs, size_t tbslen)
+{
+    int ret;
+    DSA_PKEY_CTX *dctx = ctx->data;
+    DSA *dsa = ctx->pkey->pkey.dsa;
+
+    if (dctx->md != NULL && tbslen != (size_t)EVP_MD_size(dctx->md))
+        return 0;
+
+    ret = DSA_verify(0, tbs, tbslen, sig, siglen, dsa);
+
+    return ret;
+}
+
+static int pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    DSA_PKEY_CTX *dctx = ctx->data;
+
+    switch (type) {
+    case EVP_PKEY_CTRL_DSA_PARAMGEN_BITS:
+        if (p1 < 256)
+            return -2;
+        dctx->nbits = p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS:
+        if (p1 != 160 && p1 != 224 && p1 && p1 != 256)
+            return -2;
+        dctx->qbits = p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_DSA_PARAMGEN_MD:
+        if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 &&
+            EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
+            EVP_MD_type((const EVP_MD *)p2) != NID_sha256) {
+            DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE);
+            return 0;
+        }
+        dctx->pmd = p2;
+        return 1;
+
+    case EVP_PKEY_CTRL_MD:
+        if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 &&
+            EVP_MD_type((const EVP_MD *)p2) != NID_dsa &&
+            EVP_MD_type((const EVP_MD *)p2) != NID_dsaWithSHA &&
+            EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
+            EVP_MD_type((const EVP_MD *)p2) != NID_sha256 &&
+            EVP_MD_type((const EVP_MD *)p2) != NID_sha384 &&
+            EVP_MD_type((const EVP_MD *)p2) != NID_sha512) {
+            DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE);
+            return 0;
+        }
+        dctx->md = p2;
+        return 1;
+
+    case EVP_PKEY_CTRL_GET_MD:
+        *(const EVP_MD **)p2 = dctx->md;
+        return 1;
+
+    case EVP_PKEY_CTRL_DIGESTINIT:
+    case EVP_PKEY_CTRL_PKCS7_SIGN:
+    case EVP_PKEY_CTRL_CMS_SIGN:
+        return 1;
+
+    case EVP_PKEY_CTRL_PEER_KEY:
+        DSAerr(DSA_F_PKEY_DSA_CTRL,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    default:
+        return -2;
+
+    }
+}
+
+static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx,
+                             const char *type, const char *value)
+{
+    if (strcmp(type, "dsa_paramgen_bits") == 0) {
+        int nbits;
+        nbits = atoi(value);
+        return EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits);
+    }
+    if (strcmp(type, "dsa_paramgen_q_bits") == 0) {
+        int qbits = atoi(value);
+        return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN,
+                                 EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits,
+                                 NULL);
+    }
+    if (strcmp(type, "dsa_paramgen_md") == 0) {
+        const EVP_MD *md = EVP_get_digestbyname(value);
+
+        if (md == NULL) {
+            DSAerr(DSA_F_PKEY_DSA_CTRL_STR, DSA_R_INVALID_DIGEST_TYPE);
+            return 0;
+        }
+        return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN,
+                                 EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0,
+                                 (void *)md);
+    }
+    return -2;
+}
+
+static int pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+    DSA *dsa = NULL;
+    DSA_PKEY_CTX *dctx = ctx->data;
+    BN_GENCB *pcb;
+    int ret;
+
+    if (ctx->pkey_gencb) {
+        pcb = BN_GENCB_new();
+        if (pcb == NULL)
+            return 0;
+        evp_pkey_set_cb_translate(pcb, ctx);
+    } else
+        pcb = NULL;
+    dsa = DSA_new();
+    if (dsa == NULL) {
+        BN_GENCB_free(pcb);
+        return 0;
+    }
+    ret = dsa_builtin_paramgen(dsa, dctx->nbits, dctx->qbits, dctx->pmd,
+                               NULL, 0, NULL, NULL, NULL, pcb);
+    BN_GENCB_free(pcb);
+    if (ret)
+        EVP_PKEY_assign_DSA(pkey, dsa);
+    else
+        DSA_free(dsa);
+    return ret;
+}
+
+static int pkey_dsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+    DSA *dsa = NULL;
+
+    if (ctx->pkey == NULL) {
+        DSAerr(DSA_F_PKEY_DSA_KEYGEN, DSA_R_NO_PARAMETERS_SET);
+        return 0;
+    }
+    dsa = DSA_new();
+    if (dsa == NULL)
+        return 0;
+    EVP_PKEY_assign_DSA(pkey, dsa);
+    /* Note: if error return, pkey is freed by parent routine */
+    if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))
+        return 0;
+    return DSA_generate_key(pkey->pkey.dsa);
+}
+
+const EVP_PKEY_METHOD dsa_pkey_meth = {
+    EVP_PKEY_DSA,
+    EVP_PKEY_FLAG_AUTOARGLEN,
+    pkey_dsa_init,
+    pkey_dsa_copy,
+    pkey_dsa_cleanup,
+
+    0,
+    pkey_dsa_paramgen,
+
+    0,
+    pkey_dsa_keygen,
+
+    0,
+    pkey_dsa_sign,
+
+    0,
+    pkey_dsa_verify,
+
+    0, 0,
+
+    0, 0, 0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    pkey_dsa_ctrl,
+    pkey_dsa_ctrl_str
+};
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_prn.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_prn.c
new file mode 100644
index 000000000..a4a1fd565
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_prn.c
@@ -0,0 +1,69 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/dsa.h>
+
+#ifndef OPENSSL_NO_STDIO
+int DSA_print_fp(FILE *fp, const DSA *x, int off)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        DSAerr(DSA_F_DSA_PRINT_FP, ERR_R_BUF_LIB);
+        return 0;
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = DSA_print(b, x, off);
+    BIO_free(b);
+    return ret;
+}
+
+int DSAparams_print_fp(FILE *fp, const DSA *x)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        DSAerr(DSA_F_DSAPARAMS_PRINT_FP, ERR_R_BUF_LIB);
+        return 0;
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = DSAparams_print(b, x);
+    BIO_free(b);
+    return ret;
+}
+#endif
+
+int DSA_print(BIO *bp, const DSA *x, int off)
+{
+    EVP_PKEY *pk;
+    int ret;
+    pk = EVP_PKEY_new();
+    if (pk == NULL || !EVP_PKEY_set1_DSA(pk, (DSA *)x))
+        return 0;
+    ret = EVP_PKEY_print_private(bp, pk, off, NULL);
+    EVP_PKEY_free(pk);
+    return ret;
+}
+
+int DSAparams_print(BIO *bp, const DSA *x)
+{
+    EVP_PKEY *pk;
+    int ret;
+    pk = EVP_PKEY_new();
+    if (pk == NULL || !EVP_PKEY_set1_DSA(pk, (DSA *)x))
+        return 0;
+    ret = EVP_PKEY_print_params(bp, pk, 4, NULL);
+    EVP_PKEY_free(pk);
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_sign.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_sign.c
new file mode 100644
index 000000000..e9466b29f
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_sign.c
@@ -0,0 +1,24 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include "dsa_locl.h"
+#include <openssl/bn.h>
+
+DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+{
+    return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
+}
+
+#if OPENSSL_API_COMPAT < 0x10200000L
+int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
+{
+    return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_vrf.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_vrf.c
new file mode 100644
index 000000000..21f98cd94
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_vrf.c
@@ -0,0 +1,17 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include "dsa_locl.h"
+
+int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
+                  DSA *dsa)
+{
+    return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dso/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/dso/build.info
new file mode 100644
index 000000000..82b592d9a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dso/build.info
@@ -0,0 +1,4 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        dso_dl.c dso_dlfcn.c dso_err.c dso_lib.c \
+        dso_openssl.c dso_win32.c dso_vms.c
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_dl.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_dl.c
new file mode 100644
index 000000000..290d73cf3
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_dl.c
@@ -0,0 +1,279 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "dso_locl.h"
+
+#ifdef DSO_DL
+
+# include <dl.h>
+
+/* Part of the hack in "dl_load" ... */
+# define DSO_MAX_TRANSLATED_SIZE 256
+
+static int dl_load(DSO *dso);
+static int dl_unload(DSO *dso);
+static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname);
+static char *dl_name_converter(DSO *dso, const char *filename);
+static char *dl_merger(DSO *dso, const char *filespec1,
+                       const char *filespec2);
+static int dl_pathbyaddr(void *addr, char *path, int sz);
+static void *dl_globallookup(const char *name);
+
+static DSO_METHOD dso_meth_dl = {
+    "OpenSSL 'dl' shared library method",
+    dl_load,
+    dl_unload,
+    dl_bind_func,
+    NULL,                       /* ctrl */
+    dl_name_converter,
+    dl_merger,
+    NULL,                       /* init */
+    NULL,                       /* finish */
+    dl_pathbyaddr,
+    dl_globallookup
+};
+
+DSO_METHOD *DSO_METHOD_openssl(void)
+{
+    return &dso_meth_dl;
+}
+
+/*
+ * For this DSO_METHOD, our meth_data STACK will contain; (i) the handle
+ * (shl_t) returned from shl_load(). NB: I checked on HPUX11 and shl_t is
+ * itself a pointer type so the cast is safe.
+ */
+
+static int dl_load(DSO *dso)
+{
+    shl_t ptr = NULL;
+    /*
+     * We don't do any fancy retries or anything, just take the method's (or
+     * DSO's if it has the callback set) best translation of the
+     * platform-independent filename and try once with that.
+     */
+    char *filename = DSO_convert_filename(dso, NULL);
+
+    if (filename == NULL) {
+        DSOerr(DSO_F_DL_LOAD, DSO_R_NO_FILENAME);
+        goto err;
+    }
+    ptr = shl_load(filename, BIND_IMMEDIATE |
+                   (dso->flags & DSO_FLAG_NO_NAME_TRANSLATION ? 0 :
+                    DYNAMIC_PATH), 0L);
+    if (ptr == NULL) {
+        char errbuf[160];
+        DSOerr(DSO_F_DL_LOAD, DSO_R_LOAD_FAILED);
+        if (openssl_strerror_r(errno, errbuf, sizeof(errbuf)))
+            ERR_add_error_data(4, "filename(", filename, "): ", errbuf);
+        goto err;
+    }
+    if (!sk_push(dso->meth_data, (char *)ptr)) {
+        DSOerr(DSO_F_DL_LOAD, DSO_R_STACK_ERROR);
+        goto err;
+    }
+    /*
+     * Success, stick the converted filename we've loaded under into the DSO
+     * (it also serves as the indicator that we are currently loaded).
+     */
+    dso->loaded_filename = filename;
+    return 1;
+ err:
+    /* Cleanup! */
+    OPENSSL_free(filename);
+    if (ptr != NULL)
+        shl_unload(ptr);
+    return 0;
+}
+
+static int dl_unload(DSO *dso)
+{
+    shl_t ptr;
+    if (dso == NULL) {
+        DSOerr(DSO_F_DL_UNLOAD, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if (sk_num(dso->meth_data) < 1)
+        return 1;
+    /* Is this statement legal? */
+    ptr = (shl_t) sk_pop(dso->meth_data);
+    if (ptr == NULL) {
+        DSOerr(DSO_F_DL_UNLOAD, DSO_R_NULL_HANDLE);
+        /*
+         * Should push the value back onto the stack in case of a retry.
+         */
+        sk_push(dso->meth_data, (char *)ptr);
+        return 0;
+    }
+    shl_unload(ptr);
+    return 1;
+}
+
+static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname)
+{
+    shl_t ptr;
+    void *sym;
+
+    if ((dso == NULL) || (symname == NULL)) {
+        DSOerr(DSO_F_DL_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+    if (sk_num(dso->meth_data) < 1) {
+        DSOerr(DSO_F_DL_BIND_FUNC, DSO_R_STACK_ERROR);
+        return NULL;
+    }
+    ptr = (shl_t) sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
+    if (ptr == NULL) {
+        DSOerr(DSO_F_DL_BIND_FUNC, DSO_R_NULL_HANDLE);
+        return NULL;
+    }
+    if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0) {
+        char errbuf[160];
+        DSOerr(DSO_F_DL_BIND_FUNC, DSO_R_SYM_FAILURE);
+        if (openssl_strerror_r(errno, errbuf, sizeof(errbuf)))
+            ERR_add_error_data(4, "symname(", symname, "): ", errbuf);
+        return NULL;
+    }
+    return (DSO_FUNC_TYPE)sym;
+}
+
+static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2)
+{
+    char *merged;
+
+    if (!filespec1 && !filespec2) {
+        DSOerr(DSO_F_DL_MERGER, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+    /*
+     * If the first file specification is a rooted path, it rules. same goes
+     * if the second file specification is missing.
+     */
+    if (!filespec2 || filespec1[0] == '/') {
+        merged = OPENSSL_strdup(filespec1);
+        if (merged == NULL) {
+            DSOerr(DSO_F_DL_MERGER, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+    }
+    /*
+     * If the first file specification is missing, the second one rules.
+     */
+    else if (!filespec1) {
+        merged = OPENSSL_strdup(filespec2);
+        if (merged == NULL) {
+            DSOerr(DSO_F_DL_MERGER, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+    } else
+        /*
+         * This part isn't as trivial as it looks.  It assumes that the
+         * second file specification really is a directory, and makes no
+         * checks whatsoever.  Therefore, the result becomes the
+         * concatenation of filespec2 followed by a slash followed by
+         * filespec1.
+         */
+    {
+        int spec2len, len;
+
+        spec2len = (filespec2 ? strlen(filespec2) : 0);
+        len = spec2len + (filespec1 ? strlen(filespec1) : 0);
+
+        if (spec2len && filespec2[spec2len - 1] == '/') {
+            spec2len--;
+            len--;
+        }
+        merged = OPENSSL_malloc(len + 2);
+        if (merged == NULL) {
+            DSOerr(DSO_F_DL_MERGER, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+        strcpy(merged, filespec2);
+        merged[spec2len] = '/';
+        strcpy(&merged[spec2len + 1], filespec1);
+    }
+    return merged;
+}
+
+/*
+ * This function is identical to the one in dso_dlfcn.c, but as it is highly
+ * unlikely that both the "dl" *and* "dlfcn" variants are being compiled at
+ * the same time, there's no great duplicating the code. Figuring out an
+ * elegant way to share one copy of the code would be more difficult and
+ * would not leave the implementations independent.
+ */
+static char *dl_name_converter(DSO *dso, const char *filename)
+{
+    char *translated;
+    int len, rsize, transform;
+
+    len = strlen(filename);
+    rsize = len + 1;
+    transform = (strstr(filename, "/") == NULL);
+    {
+        /* We will convert this to "%s.s?" or "lib%s.s?" */
+        rsize += strlen(DSO_EXTENSION); /* The length of ".s?" */
+        if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
+            rsize += 3;         /* The length of "lib" */
+    }
+    translated = OPENSSL_malloc(rsize);
+    if (translated == NULL) {
+        DSOerr(DSO_F_DL_NAME_CONVERTER, DSO_R_NAME_TRANSLATION_FAILED);
+        return NULL;
+    }
+    if (transform) {
+        if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
+            sprintf(translated, "lib%s%s", filename, DSO_EXTENSION);
+        else
+            sprintf(translated, "%s%s", filename, DSO_EXTENSION);
+    } else
+        sprintf(translated, "%s", filename);
+    return translated;
+}
+
+static int dl_pathbyaddr(void *addr, char *path, int sz)
+{
+    struct shl_descriptor inf;
+    int i, len;
+
+    if (addr == NULL) {
+        union {
+            int (*f) (void *, char *, int);
+            void *p;
+        } t = {
+            dl_pathbyaddr
+        };
+        addr = t.p;
+    }
+
+    for (i = -1; shl_get_r(i, &inf) == 0; i++) {
+        if (((size_t)addr >= inf.tstart && (size_t)addr < inf.tend) ||
+            ((size_t)addr >= inf.dstart && (size_t)addr < inf.dend)) {
+            len = (int)strlen(inf.filename);
+            if (sz <= 0)
+                return len + 1;
+            if (len >= sz)
+                len = sz - 1;
+            memcpy(path, inf.filename, len);
+            path[len++] = 0;
+            return len;
+        }
+    }
+
+    return -1;
+}
+
+static void *dl_globallookup(const char *name)
+{
+    void *ret;
+    shl_t h = NULL;
+
+    return shl_findsym(&h, name, TYPE_UNDEFINED, &ret) ? NULL : ret;
+}
+#endif                          /* DSO_DL */
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_dlfcn.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_dlfcn.c
new file mode 100644
index 000000000..4240f5f5e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_dlfcn.c
@@ -0,0 +1,457 @@
+/*
+ * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * We need to do this early, because stdio.h includes the header files that
+ * handle _GNU_SOURCE and other similar macros.  Defining it later is simply
+ * too late, because those headers are protected from re- inclusion.
+ */
+#ifndef _GNU_SOURCE
+# define _GNU_SOURCE            /* make sure dladdr is declared */
+#endif
+
+#include "dso_locl.h"
+#include "e_os.h"
+
+#ifdef DSO_DLFCN
+
+# ifdef HAVE_DLFCN_H
+#  ifdef __osf__
+#   define __EXTENSIONS__
+#  endif
+#  include <dlfcn.h>
+#  define HAVE_DLINFO 1
+#  if defined(__CYGWIN__) || \
+     defined(__SCO_VERSION__) || defined(_SCO_ELF) || \
+     (defined(__osf__) && !defined(RTLD_NEXT))     || \
+     (defined(__OpenBSD__) && !defined(RTLD_SELF)) || \
+        defined(__ANDROID__)
+#   undef HAVE_DLINFO
+#  endif
+# endif
+
+/* Part of the hack in "dlfcn_load" ... */
+# define DSO_MAX_TRANSLATED_SIZE 256
+
+static int dlfcn_load(DSO *dso);
+static int dlfcn_unload(DSO *dso);
+static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname);
+static char *dlfcn_name_converter(DSO *dso, const char *filename);
+static char *dlfcn_merger(DSO *dso, const char *filespec1,
+                          const char *filespec2);
+static int dlfcn_pathbyaddr(void *addr, char *path, int sz);
+static void *dlfcn_globallookup(const char *name);
+
+static DSO_METHOD dso_meth_dlfcn = {
+    "OpenSSL 'dlfcn' shared library method",
+    dlfcn_load,
+    dlfcn_unload,
+    dlfcn_bind_func,
+    NULL,                       /* ctrl */
+    dlfcn_name_converter,
+    dlfcn_merger,
+    NULL,                       /* init */
+    NULL,                       /* finish */
+    dlfcn_pathbyaddr,
+    dlfcn_globallookup
+};
+
+DSO_METHOD *DSO_METHOD_openssl(void)
+{
+    return &dso_meth_dlfcn;
+}
+
+/*
+ * Prior to using the dlopen() function, we should decide on the flag we
+ * send. There's a few different ways of doing this and it's a messy
+ * venn-diagram to match up which platforms support what. So as we don't have
+ * autoconf yet, I'm implementing a hack that could be hacked further
+ * relatively easily to deal with cases as we find them. Initially this is to
+ * cope with OpenBSD.
+ */
+# if defined(__OpenBSD__) || defined(__NetBSD__)
+#  ifdef DL_LAZY
+#   define DLOPEN_FLAG DL_LAZY
+#  else
+#   ifdef RTLD_NOW
+#    define DLOPEN_FLAG RTLD_NOW
+#   else
+#    define DLOPEN_FLAG 0
+#   endif
+#  endif
+# else
+#  define DLOPEN_FLAG RTLD_NOW  /* Hope this works everywhere else */
+# endif
+
+/*
+ * For this DSO_METHOD, our meth_data STACK will contain; (i) the handle
+ * (void*) returned from dlopen().
+ */
+
+static int dlfcn_load(DSO *dso)
+{
+    void *ptr = NULL;
+    /* See applicable comments in dso_dl.c */
+    char *filename = DSO_convert_filename(dso, NULL);
+    int flags = DLOPEN_FLAG;
+    int saveerrno = get_last_sys_error();
+
+    if (filename == NULL) {
+        DSOerr(DSO_F_DLFCN_LOAD, DSO_R_NO_FILENAME);
+        goto err;
+    }
+# ifdef RTLD_GLOBAL
+    if (dso->flags & DSO_FLAG_GLOBAL_SYMBOLS)
+        flags |= RTLD_GLOBAL;
+# endif
+# ifdef _AIX
+    if (filename[strlen(filename) - 1] == ')')
+        flags |= RTLD_MEMBER;
+# endif
+    ptr = dlopen(filename, flags);
+    if (ptr == NULL) {
+        DSOerr(DSO_F_DLFCN_LOAD, DSO_R_LOAD_FAILED);
+        ERR_add_error_data(4, "filename(", filename, "): ", dlerror());
+        goto err;
+    }
+    /*
+     * Some dlopen() implementations (e.g. solaris) do no preserve errno, even
+     * on a successful call.
+     */
+    set_sys_error(saveerrno);
+    if (!sk_void_push(dso->meth_data, (char *)ptr)) {
+        DSOerr(DSO_F_DLFCN_LOAD, DSO_R_STACK_ERROR);
+        goto err;
+    }
+    /* Success */
+    dso->loaded_filename = filename;
+    return 1;
+ err:
+    /* Cleanup! */
+    OPENSSL_free(filename);
+    if (ptr != NULL)
+        dlclose(ptr);
+    return 0;
+}
+
+static int dlfcn_unload(DSO *dso)
+{
+    void *ptr;
+    if (dso == NULL) {
+        DSOerr(DSO_F_DLFCN_UNLOAD, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if (sk_void_num(dso->meth_data) < 1)
+        return 1;
+    ptr = sk_void_pop(dso->meth_data);
+    if (ptr == NULL) {
+        DSOerr(DSO_F_DLFCN_UNLOAD, DSO_R_NULL_HANDLE);
+        /*
+         * Should push the value back onto the stack in case of a retry.
+         */
+        sk_void_push(dso->meth_data, ptr);
+        return 0;
+    }
+    /* For now I'm not aware of any errors associated with dlclose() */
+    dlclose(ptr);
+    return 1;
+}
+
+static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname)
+{
+    void *ptr;
+    union {
+        DSO_FUNC_TYPE sym;
+        void *dlret;
+    } u;
+
+    if ((dso == NULL) || (symname == NULL)) {
+        DSOerr(DSO_F_DLFCN_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+    if (sk_void_num(dso->meth_data) < 1) {
+        DSOerr(DSO_F_DLFCN_BIND_FUNC, DSO_R_STACK_ERROR);
+        return NULL;
+    }
+    ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1);
+    if (ptr == NULL) {
+        DSOerr(DSO_F_DLFCN_BIND_FUNC, DSO_R_NULL_HANDLE);
+        return NULL;
+    }
+    u.dlret = dlsym(ptr, symname);
+    if (u.dlret == NULL) {
+        DSOerr(DSO_F_DLFCN_BIND_FUNC, DSO_R_SYM_FAILURE);
+        ERR_add_error_data(4, "symname(", symname, "): ", dlerror());
+        return NULL;
+    }
+    return u.sym;
+}
+
+static char *dlfcn_merger(DSO *dso, const char *filespec1,
+                          const char *filespec2)
+{
+    char *merged;
+
+    if (!filespec1 && !filespec2) {
+        DSOerr(DSO_F_DLFCN_MERGER, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+    /*
+     * If the first file specification is a rooted path, it rules. same goes
+     * if the second file specification is missing.
+     */
+    if (!filespec2 || (filespec1 != NULL && filespec1[0] == '/')) {
+        merged = OPENSSL_strdup(filespec1);
+        if (merged == NULL) {
+            DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+    }
+    /*
+     * If the first file specification is missing, the second one rules.
+     */
+    else if (!filespec1) {
+        merged = OPENSSL_strdup(filespec2);
+        if (merged == NULL) {
+            DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+    } else {
+        /*
+         * This part isn't as trivial as it looks.  It assumes that the
+         * second file specification really is a directory, and makes no
+         * checks whatsoever.  Therefore, the result becomes the
+         * concatenation of filespec2 followed by a slash followed by
+         * filespec1.
+         */
+        int spec2len, len;
+
+        spec2len = strlen(filespec2);
+        len = spec2len + strlen(filespec1);
+
+        if (spec2len && filespec2[spec2len - 1] == '/') {
+            spec2len--;
+            len--;
+        }
+        merged = OPENSSL_malloc(len + 2);
+        if (merged == NULL) {
+            DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+        strcpy(merged, filespec2);
+        merged[spec2len] = '/';
+        strcpy(&merged[spec2len + 1], filespec1);
+    }
+    return merged;
+}
+
+static char *dlfcn_name_converter(DSO *dso, const char *filename)
+{
+    char *translated;
+    int len, rsize, transform;
+
+    len = strlen(filename);
+    rsize = len + 1;
+    transform = (strstr(filename, "/") == NULL);
+    if (transform) {
+        /* We will convert this to "%s.so" or "lib%s.so" etc */
+        rsize += strlen(DSO_EXTENSION);    /* The length of ".so" */
+        if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
+            rsize += 3;         /* The length of "lib" */
+    }
+    translated = OPENSSL_malloc(rsize);
+    if (translated == NULL) {
+        DSOerr(DSO_F_DLFCN_NAME_CONVERTER, DSO_R_NAME_TRANSLATION_FAILED);
+        return NULL;
+    }
+    if (transform) {
+        if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
+            sprintf(translated, "lib%s" DSO_EXTENSION, filename);
+        else
+            sprintf(translated, "%s" DSO_EXTENSION, filename);
+    } else
+        sprintf(translated, "%s", filename);
+    return translated;
+}
+
+# ifdef __sgi
+/*-
+This is a quote from IRIX manual for dladdr(3c):
+
+     <dlfcn.h> does not contain a prototype for dladdr or definition of
+     Dl_info.  The #include <dlfcn.h>  in the SYNOPSIS line is traditional,
+     but contains no dladdr prototype and no IRIX library contains an
+     implementation.  Write your own declaration based on the code below.
+
+     The following code is dependent on internal interfaces that are not
+     part of the IRIX compatibility guarantee; however, there is no future
+     intention to change this interface, so on a practical level, the code
+     below is safe to use on IRIX.
+*/
+#  include <rld_interface.h>
+#  ifndef _RLD_INTERFACE_DLFCN_H_DLADDR
+#   define _RLD_INTERFACE_DLFCN_H_DLADDR
+typedef struct Dl_info {
+    const char *dli_fname;
+    void *dli_fbase;
+    const char *dli_sname;
+    void *dli_saddr;
+    int dli_version;
+    int dli_reserved1;
+    long dli_reserved[4];
+} Dl_info;
+#  else
+typedef struct Dl_info Dl_info;
+#  endif
+#  define _RLD_DLADDR             14
+
+static int dladdr(void *address, Dl_info *dl)
+{
+    void *v;
+    v = _rld_new_interface(_RLD_DLADDR, address, dl);
+    return (int)v;
+}
+# endif                         /* __sgi */
+
+# ifdef _AIX
+/*-
+ * See IBM's AIX Version 7.2, Technical Reference:
+ *  Base Operating System and Extensions, Volume 1 and 2
+ *  https://www.ibm.com/support/knowledgecenter/ssw_aix_72/com.ibm.aix.base/technicalreferences.htm
+ */
+#  include <sys/ldr.h>
+#  include <errno.h>
+/* ~ 64 * (sizeof(struct ld_info) + _XOPEN_PATH_MAX + _XOPEN_NAME_MAX) */
+#  define DLFCN_LDINFO_SIZE 86976
+typedef struct Dl_info {
+    const char *dli_fname;
+} Dl_info;
+/*
+ * This dladdr()-implementation will also find the ptrgl (Pointer Glue) virtual
+ * address of a function, which is just located in the DATA segment instead of
+ * the TEXT segment.
+ */
+static int dladdr(void *ptr, Dl_info *dl)
+{
+    uintptr_t addr = (uintptr_t)ptr;
+    unsigned int found = 0;
+    struct ld_info *ldinfos, *next_ldi, *this_ldi;
+
+    if ((ldinfos = OPENSSL_malloc(DLFCN_LDINFO_SIZE)) == NULL) {
+        errno = ENOMEM;
+        dl->dli_fname = NULL;
+        return 0;
+    }
+
+    if ((loadquery(L_GETINFO, (void *)ldinfos, DLFCN_LDINFO_SIZE)) < 0) {
+        /*-
+         * Error handling is done through errno and dlerror() reading errno:
+         *  ENOMEM (ldinfos buffer is too small),
+         *  EINVAL (invalid flags),
+         *  EFAULT (invalid ldinfos ptr)
+         */
+        OPENSSL_free((void *)ldinfos);
+        dl->dli_fname = NULL;
+        return 0;
+    }
+    next_ldi = ldinfos;
+
+    do {
+        this_ldi = next_ldi;
+        if (((addr >= (uintptr_t)this_ldi->ldinfo_textorg)
+             && (addr < ((uintptr_t)this_ldi->ldinfo_textorg +
+                         this_ldi->ldinfo_textsize)))
+            || ((addr >= (uintptr_t)this_ldi->ldinfo_dataorg)
+                && (addr < ((uintptr_t)this_ldi->ldinfo_dataorg +
+                            this_ldi->ldinfo_datasize)))) {
+            char *buffer, *member;
+            size_t buffer_sz, member_len;
+
+            buffer_sz = strlen(this_ldi->ldinfo_filename) + 1;
+            member = this_ldi->ldinfo_filename + buffer_sz;
+            if ((member_len = strlen(member)) > 0)
+                buffer_sz += 1 + member_len + 1;
+            found = 1;
+            if ((buffer = OPENSSL_malloc(buffer_sz)) != NULL) {
+                OPENSSL_strlcpy(buffer, this_ldi->ldinfo_filename, buffer_sz);
+                if (member_len > 0) {
+                    /*
+                     * Need to respect a possible member name and not just
+                     * returning the path name in this case. See docs:
+                     * sys/ldr.h, loadquery() and dlopen()/RTLD_MEMBER.
+                     */
+                    OPENSSL_strlcat(buffer, "(", buffer_sz);
+                    OPENSSL_strlcat(buffer, member, buffer_sz);
+                    OPENSSL_strlcat(buffer, ")", buffer_sz);
+                }
+                dl->dli_fname = buffer;
+            } else {
+                errno = ENOMEM;
+            }
+        } else {
+            next_ldi = (struct ld_info *)((uintptr_t)this_ldi +
+                                          this_ldi->ldinfo_next);
+        }
+    } while (this_ldi->ldinfo_next && !found);
+    OPENSSL_free((void *)ldinfos);
+    return (found && dl->dli_fname != NULL);
+}
+# endif                         /* _AIX */
+
+static int dlfcn_pathbyaddr(void *addr, char *path, int sz)
+{
+# ifdef HAVE_DLINFO
+    Dl_info dli;
+    int len;
+
+    if (addr == NULL) {
+        union {
+            int (*f) (void *, char *, int);
+            void *p;
+        } t = {
+            dlfcn_pathbyaddr
+        };
+        addr = t.p;
+    }
+
+    if (dladdr(addr, &dli)) {
+        len = (int)strlen(dli.dli_fname);
+        if (sz <= 0) {
+#  ifdef _AIX
+            OPENSSL_free((void *)dli.dli_fname);
+#  endif
+            return len + 1;
+        }
+        if (len >= sz)
+            len = sz - 1;
+        memcpy(path, dli.dli_fname, len);
+        path[len++] = 0;
+#  ifdef _AIX
+        OPENSSL_free((void *)dli.dli_fname);
+#  endif
+        return len;
+    }
+
+    ERR_add_error_data(2, "dlfcn_pathbyaddr(): ", dlerror());
+# endif
+    return -1;
+}
+
+static void *dlfcn_globallookup(const char *name)
+{
+    void *ret = NULL, *handle = dlopen(NULL, RTLD_LAZY);
+
+    if (handle) {
+        ret = dlsym(handle, name);
+        dlclose(handle);
+    }
+
+    return ret;
+}
+#endif                          /* DSO_DLFCN */
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_err.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_err.c
new file mode 100644
index 000000000..613072a8d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_err.c
@@ -0,0 +1,100 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include "internal/dsoerr.h"
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA DSO_str_functs[] = {
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DLFCN_BIND_FUNC, 0), "dlfcn_bind_func"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DLFCN_LOAD, 0), "dlfcn_load"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DLFCN_MERGER, 0), "dlfcn_merger"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DLFCN_NAME_CONVERTER, 0),
+     "dlfcn_name_converter"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DLFCN_UNLOAD, 0), "dlfcn_unload"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DL_BIND_FUNC, 0), "dl_bind_func"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DL_LOAD, 0), "dl_load"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DL_MERGER, 0), "dl_merger"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DL_NAME_CONVERTER, 0), "dl_name_converter"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DL_UNLOAD, 0), "dl_unload"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_BIND_FUNC, 0), "DSO_bind_func"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_CONVERT_FILENAME, 0),
+     "DSO_convert_filename"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_CTRL, 0), "DSO_ctrl"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_FREE, 0), "DSO_free"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_GET_FILENAME, 0), "DSO_get_filename"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_GLOBAL_LOOKUP, 0), "DSO_global_lookup"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_LOAD, 0), "DSO_load"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_MERGE, 0), "DSO_merge"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_NEW_METHOD, 0), "DSO_new_method"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_PATHBYADDR, 0), "DSO_pathbyaddr"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_SET_FILENAME, 0), "DSO_set_filename"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_UP_REF, 0), "DSO_up_ref"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_VMS_BIND_SYM, 0), "vms_bind_sym"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_VMS_LOAD, 0), "vms_load"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_VMS_MERGER, 0), "vms_merger"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_VMS_UNLOAD, 0), "vms_unload"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_WIN32_BIND_FUNC, 0), "win32_bind_func"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_WIN32_GLOBALLOOKUP, 0), "win32_globallookup"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_WIN32_JOINER, 0), "win32_joiner"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_WIN32_LOAD, 0), "win32_load"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_WIN32_MERGER, 0), "win32_merger"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_WIN32_NAME_CONVERTER, 0),
+     "win32_name_converter"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_WIN32_PATHBYADDR, 0), ""},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_WIN32_SPLITTER, 0), "win32_splitter"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_WIN32_UNLOAD, 0), "win32_unload"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA DSO_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_CTRL_FAILED), "control command failed"},
+    {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_DSO_ALREADY_LOADED), "dso already loaded"},
+    {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_EMPTY_FILE_STRUCTURE),
+    "empty file structure"},
+    {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_FAILURE), "failure"},
+    {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_FILENAME_TOO_BIG), "filename too big"},
+    {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_FINISH_FAILED),
+    "cleanup method function failed"},
+    {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_INCORRECT_FILE_SYNTAX),
+    "incorrect file syntax"},
+    {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_LOAD_FAILED),
+    "could not load the shared library"},
+    {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_NAME_TRANSLATION_FAILED),
+    "name translation failed"},
+    {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_NO_FILENAME), "no filename"},
+    {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_NULL_HANDLE),
+    "a null shared library handle was used"},
+    {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_SET_FILENAME_FAILED),
+    "set filename failed"},
+    {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_STACK_ERROR),
+    "the meth_data stack is corrupt"},
+    {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_SYM_FAILURE),
+    "could not bind to the requested symbol name"},
+    {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_UNLOAD_FAILED),
+    "could not unload the shared library"},
+    {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_UNSUPPORTED),
+    "functionality not supported"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_DSO_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(DSO_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(DSO_str_functs);
+        ERR_load_strings_const(DSO_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_lib.c
new file mode 100644
index 000000000..2e75021d3
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_lib.c
@@ -0,0 +1,350 @@
+/*
+ * Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "dso_locl.h"
+#include "internal/refcount.h"
+
+static DSO_METHOD *default_DSO_meth = NULL;
+
+static DSO *DSO_new_method(DSO_METHOD *meth)
+{
+    DSO *ret;
+
+    if (default_DSO_meth == NULL) {
+        /*
+         * We default to DSO_METH_openssl() which in turn defaults to
+         * stealing the "best available" method. Will fallback to
+         * DSO_METH_null() in the worst case.
+         */
+        default_DSO_meth = DSO_METHOD_openssl();
+    }
+    ret = OPENSSL_zalloc(sizeof(*ret));
+    if (ret == NULL) {
+        DSOerr(DSO_F_DSO_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    ret->meth_data = sk_void_new_null();
+    if (ret->meth_data == NULL) {
+        /* sk_new doesn't generate any errors so we do */
+        DSOerr(DSO_F_DSO_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+    ret->meth = default_DSO_meth;
+    ret->references = 1;
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        DSOerr(DSO_F_DSO_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        sk_void_free(ret->meth_data);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+
+    if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
+        DSO_free(ret);
+        ret = NULL;
+    }
+
+    return ret;
+}
+
+DSO *DSO_new(void)
+{
+    return DSO_new_method(NULL);
+}
+
+int DSO_free(DSO *dso)
+{
+    int i;
+
+    if (dso == NULL)
+        return 1;
+
+    if (CRYPTO_DOWN_REF(&dso->references, &i, dso->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("DSO", dso);
+    if (i > 0)
+        return 1;
+    REF_ASSERT_ISNT(i < 0);
+
+    if ((dso->flags & DSO_FLAG_NO_UNLOAD_ON_FREE) == 0) {
+        if ((dso->meth->dso_unload != NULL) && !dso->meth->dso_unload(dso)) {
+            DSOerr(DSO_F_DSO_FREE, DSO_R_UNLOAD_FAILED);
+            return 0;
+        }
+    }
+
+    if ((dso->meth->finish != NULL) && !dso->meth->finish(dso)) {
+        DSOerr(DSO_F_DSO_FREE, DSO_R_FINISH_FAILED);
+        return 0;
+    }
+
+    sk_void_free(dso->meth_data);
+    OPENSSL_free(dso->filename);
+    OPENSSL_free(dso->loaded_filename);
+    CRYPTO_THREAD_lock_free(dso->lock);
+    OPENSSL_free(dso);
+    return 1;
+}
+
+int DSO_flags(DSO *dso)
+{
+    return ((dso == NULL) ? 0 : dso->flags);
+}
+
+int DSO_up_ref(DSO *dso)
+{
+    int i;
+
+    if (dso == NULL) {
+        DSOerr(DSO_F_DSO_UP_REF, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
+    if (CRYPTO_UP_REF(&dso->references, &i, dso->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("DSO", r);
+    REF_ASSERT_ISNT(i < 2);
+    return ((i > 1) ? 1 : 0);
+}
+
+DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags)
+{
+    DSO *ret;
+    int allocated = 0;
+
+    if (dso == NULL) {
+        ret = DSO_new_method(meth);
+        if (ret == NULL) {
+            DSOerr(DSO_F_DSO_LOAD, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        allocated = 1;
+        /* Pass the provided flags to the new DSO object */
+        if (DSO_ctrl(ret, DSO_CTRL_SET_FLAGS, flags, NULL) < 0) {
+            DSOerr(DSO_F_DSO_LOAD, DSO_R_CTRL_FAILED);
+            goto err;
+        }
+    } else
+        ret = dso;
+    /* Don't load if we're currently already loaded */
+    if (ret->filename != NULL) {
+        DSOerr(DSO_F_DSO_LOAD, DSO_R_DSO_ALREADY_LOADED);
+        goto err;
+    }
+    /*
+     * filename can only be NULL if we were passed a dso that already has one
+     * set.
+     */
+    if (filename != NULL)
+        if (!DSO_set_filename(ret, filename)) {
+            DSOerr(DSO_F_DSO_LOAD, DSO_R_SET_FILENAME_FAILED);
+            goto err;
+        }
+    filename = ret->filename;
+    if (filename == NULL) {
+        DSOerr(DSO_F_DSO_LOAD, DSO_R_NO_FILENAME);
+        goto err;
+    }
+    if (ret->meth->dso_load == NULL) {
+        DSOerr(DSO_F_DSO_LOAD, DSO_R_UNSUPPORTED);
+        goto err;
+    }
+    if (!ret->meth->dso_load(ret)) {
+        DSOerr(DSO_F_DSO_LOAD, DSO_R_LOAD_FAILED);
+        goto err;
+    }
+    /* Load succeeded */
+    return ret;
+ err:
+    if (allocated)
+        DSO_free(ret);
+    return NULL;
+}
+
+DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname)
+{
+    DSO_FUNC_TYPE ret = NULL;
+
+    if ((dso == NULL) || (symname == NULL)) {
+        DSOerr(DSO_F_DSO_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+    if (dso->meth->dso_bind_func == NULL) {
+        DSOerr(DSO_F_DSO_BIND_FUNC, DSO_R_UNSUPPORTED);
+        return NULL;
+    }
+    if ((ret = dso->meth->dso_bind_func(dso, symname)) == NULL) {
+        DSOerr(DSO_F_DSO_BIND_FUNC, DSO_R_SYM_FAILURE);
+        return NULL;
+    }
+    /* Success */
+    return ret;
+}
+
+/*
+ * I don't really like these *_ctrl functions very much to be perfectly
+ * honest. For one thing, I think I have to return a negative value for any
+ * error because possible DSO_ctrl() commands may return values such as
+ * "size"s that can legitimately be zero (making the standard
+ * "if (DSO_cmd(...))" form that works almost everywhere else fail at odd
+ * times. I'd prefer "output" values to be passed by reference and the return
+ * value as success/failure like usual ... but we conform when we must... :-)
+ */
+long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg)
+{
+    if (dso == NULL) {
+        DSOerr(DSO_F_DSO_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+        return -1;
+    }
+    /*
+     * We should intercept certain generic commands and only pass control to
+     * the method-specific ctrl() function if it's something we don't handle.
+     */
+    switch (cmd) {
+    case DSO_CTRL_GET_FLAGS:
+        return dso->flags;
+    case DSO_CTRL_SET_FLAGS:
+        dso->flags = (int)larg;
+        return 0;
+    case DSO_CTRL_OR_FLAGS:
+        dso->flags |= (int)larg;
+        return 0;
+    default:
+        break;
+    }
+    if ((dso->meth == NULL) || (dso->meth->dso_ctrl == NULL)) {
+        DSOerr(DSO_F_DSO_CTRL, DSO_R_UNSUPPORTED);
+        return -1;
+    }
+    return dso->meth->dso_ctrl(dso, cmd, larg, parg);
+}
+
+const char *DSO_get_filename(DSO *dso)
+{
+    if (dso == NULL) {
+        DSOerr(DSO_F_DSO_GET_FILENAME, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+    return dso->filename;
+}
+
+int DSO_set_filename(DSO *dso, const char *filename)
+{
+    char *copied;
+
+    if ((dso == NULL) || (filename == NULL)) {
+        DSOerr(DSO_F_DSO_SET_FILENAME, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if (dso->loaded_filename) {
+        DSOerr(DSO_F_DSO_SET_FILENAME, DSO_R_DSO_ALREADY_LOADED);
+        return 0;
+    }
+    /* We'll duplicate filename */
+    copied = OPENSSL_strdup(filename);
+    if (copied == NULL) {
+        DSOerr(DSO_F_DSO_SET_FILENAME, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    OPENSSL_free(dso->filename);
+    dso->filename = copied;
+    return 1;
+}
+
+char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2)
+{
+    char *result = NULL;
+
+    if (dso == NULL || filespec1 == NULL) {
+        DSOerr(DSO_F_DSO_MERGE, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+    if ((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) {
+        if (dso->merger != NULL)
+            result = dso->merger(dso, filespec1, filespec2);
+        else if (dso->meth->dso_merger != NULL)
+            result = dso->meth->dso_merger(dso, filespec1, filespec2);
+    }
+    return result;
+}
+
+char *DSO_convert_filename(DSO *dso, const char *filename)
+{
+    char *result = NULL;
+
+    if (dso == NULL) {
+        DSOerr(DSO_F_DSO_CONVERT_FILENAME, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+    if (filename == NULL)
+        filename = dso->filename;
+    if (filename == NULL) {
+        DSOerr(DSO_F_DSO_CONVERT_FILENAME, DSO_R_NO_FILENAME);
+        return NULL;
+    }
+    if ((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) {
+        if (dso->name_converter != NULL)
+            result = dso->name_converter(dso, filename);
+        else if (dso->meth->dso_name_converter != NULL)
+            result = dso->meth->dso_name_converter(dso, filename);
+    }
+    if (result == NULL) {
+        result = OPENSSL_strdup(filename);
+        if (result == NULL) {
+            DSOerr(DSO_F_DSO_CONVERT_FILENAME, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+    }
+    return result;
+}
+
+int DSO_pathbyaddr(void *addr, char *path, int sz)
+{
+    DSO_METHOD *meth = default_DSO_meth;
+    if (meth == NULL)
+        meth = DSO_METHOD_openssl();
+    if (meth->pathbyaddr == NULL) {
+        DSOerr(DSO_F_DSO_PATHBYADDR, DSO_R_UNSUPPORTED);
+        return -1;
+    }
+    return (*meth->pathbyaddr) (addr, path, sz);
+}
+
+DSO *DSO_dsobyaddr(void *addr, int flags)
+{
+    DSO *ret = NULL;
+    char *filename = NULL;
+    int len = DSO_pathbyaddr(addr, NULL, 0);
+
+    if (len < 0)
+        return NULL;
+
+    filename = OPENSSL_malloc(len);
+    if (filename != NULL
+            && DSO_pathbyaddr(addr, filename, len) == len)
+        ret = DSO_load(NULL, filename, NULL, flags);
+
+    OPENSSL_free(filename);
+    return ret;
+}
+
+void *DSO_global_lookup(const char *name)
+{
+    DSO_METHOD *meth = default_DSO_meth;
+    if (meth == NULL)
+        meth = DSO_METHOD_openssl();
+    if (meth->globallookup == NULL) {
+        DSOerr(DSO_F_DSO_GLOBAL_LOOKUP, DSO_R_UNSUPPORTED);
+        return NULL;
+    }
+    return (*meth->globallookup) (name);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_locl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_locl.h
new file mode 100644
index 000000000..14a0ccb7c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_locl.h
@@ -0,0 +1,107 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "internal/dso.h"
+#include "internal/dso_conf.h"
+#include "internal/refcount.h"
+
+/**********************************************************************/
+/* The low-level handle type used to refer to a loaded shared library */
+
+struct dso_st {
+    DSO_METHOD *meth;
+    /*
+     * Standard dlopen uses a (void *). Win32 uses a HANDLE. VMS doesn't use
+     * anything but will need to cache the filename for use in the dso_bind
+     * handler. All in all, let each method control its own destiny.
+     * "Handles" and such go in a STACK.
+     */
+    STACK_OF(void) *meth_data;
+    CRYPTO_REF_COUNT references;
+    int flags;
+    /*
+     * For use by applications etc ... use this for your bits'n'pieces, don't
+     * touch meth_data!
+     */
+    CRYPTO_EX_DATA ex_data;
+    /*
+     * If this callback function pointer is set to non-NULL, then it will be
+     * used in DSO_load() in place of meth->dso_name_converter. NB: This
+     * should normally set using DSO_set_name_converter().
+     */
+    DSO_NAME_CONVERTER_FUNC name_converter;
+    /*
+     * If this callback function pointer is set to non-NULL, then it will be
+     * used in DSO_load() in place of meth->dso_merger. NB: This should
+     * normally set using DSO_set_merger().
+     */
+    DSO_MERGER_FUNC merger;
+    /*
+     * This is populated with (a copy of) the platform-independent filename
+     * used for this DSO.
+     */
+    char *filename;
+    /*
+     * This is populated with (a copy of) the translated filename by which
+     * the DSO was actually loaded. It is NULL iff the DSO is not currently
+     * loaded. NB: This is here because the filename translation process may
+     * involve a callback being invoked more than once not only to convert to
+     * a platform-specific form, but also to try different filenames in the
+     * process of trying to perform a load. As such, this variable can be
+     * used to indicate (a) whether this DSO structure corresponds to a
+     * loaded library or not, and (b) the filename with which it was actually
+     * loaded.
+     */
+    char *loaded_filename;
+    CRYPTO_RWLOCK *lock;
+};
+
+struct dso_meth_st {
+    const char *name;
+    /*
+     * Loads a shared library, NB: new DSO_METHODs must ensure that a
+     * successful load populates the loaded_filename field, and likewise a
+     * successful unload OPENSSL_frees and NULLs it out.
+     */
+    int (*dso_load) (DSO *dso);
+    /* Unloads a shared library */
+    int (*dso_unload) (DSO *dso);
+    /*
+     * Binds a function - assumes a return type of DSO_FUNC_TYPE. This should
+     * be cast to the real function prototype by the caller. Platforms that
+     * don't have compatible representations for different prototypes (this
+     * is possible within ANSI C) are highly unlikely to have shared
+     * libraries at all, let alone a DSO_METHOD implemented for them.
+     */
+    DSO_FUNC_TYPE (*dso_bind_func) (DSO *dso, const char *symname);
+    /*
+     * The generic (yuck) "ctrl()" function. NB: Negative return values
+     * (rather than zero) indicate errors.
+     */
+    long (*dso_ctrl) (DSO *dso, int cmd, long larg, void *parg);
+    /*
+     * The default DSO_METHOD-specific function for converting filenames to a
+     * canonical native form.
+     */
+    DSO_NAME_CONVERTER_FUNC dso_name_converter;
+    /*
+     * The default DSO_METHOD-specific function for converting filenames to a
+     * canonical native form.
+     */
+    DSO_MERGER_FUNC dso_merger;
+    /* [De]Initialisation handlers. */
+    int (*init) (DSO *dso);
+    int (*finish) (DSO *dso);
+    /* Return pathname of the module containing location */
+    int (*pathbyaddr) (void *addr, char *path, int sz);
+    /* Perform global symbol lookup, i.e. among *all* modules */
+    void *(*globallookup) (const char *symname);
+};
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_openssl.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_openssl.c
new file mode 100644
index 000000000..6626331e9
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_openssl.c
@@ -0,0 +1,22 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "dso_locl.h"
+
+#if !defined(DSO_VMS) && !defined(DSO_DLCFN) && !defined(DSO_DL) && !defined(DSO_WIN32) && !defined(DSO_DLFCN)
+
+static DSO_METHOD dso_meth_null = {
+    "NULL shared library method"
+};
+
+DSO_METHOD *DSO_METHOD_openssl(void)
+{
+    return &dso_meth_null;
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_vms.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_vms.c
new file mode 100644
index 000000000..178e72579
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_vms.c
@@ -0,0 +1,466 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "dso_locl.h"
+
+#ifdef OPENSSL_SYS_VMS
+
+# pragma message disable DOLLARID
+# include <errno.h>
+# include <rms.h>
+# include <lib$routines.h>
+# include <libfisdef.h>
+# include <stsdef.h>
+# include <descrip.h>
+# include <starlet.h>
+# include "../vms_rms.h"
+
+/* Some compiler options may mask the declaration of "_malloc32". */
+# if __INITIAL_POINTER_SIZE && defined _ANSI_C_SOURCE
+#  if __INITIAL_POINTER_SIZE == 64
+#   pragma pointer_size save
+#   pragma pointer_size 32
+void *_malloc32(__size_t);
+#   pragma pointer_size restore
+#  endif                        /* __INITIAL_POINTER_SIZE == 64 */
+# endif                         /* __INITIAL_POINTER_SIZE && defined
+                                 * _ANSI_C_SOURCE */
+
+# pragma message disable DOLLARID
+
+static int vms_load(DSO *dso);
+static int vms_unload(DSO *dso);
+static DSO_FUNC_TYPE vms_bind_func(DSO *dso, const char *symname);
+static char *vms_name_converter(DSO *dso, const char *filename);
+static char *vms_merger(DSO *dso, const char *filespec1,
+                        const char *filespec2);
+
+static DSO_METHOD dso_meth_vms = {
+    "OpenSSL 'VMS' shared library method",
+    vms_load,
+    NULL,                       /* unload */
+    vms_bind_func,
+    NULL,                       /* ctrl */
+    vms_name_converter,
+    vms_merger,
+    NULL,                       /* init */
+    NULL,                       /* finish */
+    NULL,                       /* pathbyaddr */
+    NULL                        /* globallookup */
+};
+
+/*
+ * On VMS, the only "handle" is the file name.  LIB$FIND_IMAGE_SYMBOL depends
+ * on the reference to the file name being the same for all calls regarding
+ * one shared image, so we'll just store it in an instance of the following
+ * structure and put a pointer to that instance in the meth_data stack.
+ */
+typedef struct dso_internal_st {
+    /*
+     * This should contain the name only, no directory, no extension, nothing
+     * but a name.
+     */
+    struct dsc$descriptor_s filename_dsc;
+    char filename[NAMX_MAXRSS + 1];
+    /*
+     * This contains whatever is not in filename, if needed. Normally not
+     * defined.
+     */
+    struct dsc$descriptor_s imagename_dsc;
+    char imagename[NAMX_MAXRSS + 1];
+} DSO_VMS_INTERNAL;
+
+DSO_METHOD *DSO_METHOD_openssl(void)
+{
+    return &dso_meth_vms;
+}
+
+static int vms_load(DSO *dso)
+{
+    void *ptr = NULL;
+    /* See applicable comments in dso_dl.c */
+    char *filename = DSO_convert_filename(dso, NULL);
+
+/* Ensure 32-bit pointer for "p", and appropriate malloc() function. */
+# if __INITIAL_POINTER_SIZE == 64
+#  define DSO_MALLOC _malloc32
+#  pragma pointer_size save
+#  pragma pointer_size 32
+# else                          /* __INITIAL_POINTER_SIZE == 64 */
+#  define DSO_MALLOC OPENSSL_malloc
+# endif                         /* __INITIAL_POINTER_SIZE == 64 [else] */
+
+    DSO_VMS_INTERNAL *p = NULL;
+
+# if __INITIAL_POINTER_SIZE == 64
+#  pragma pointer_size restore
+# endif                         /* __INITIAL_POINTER_SIZE == 64 */
+
+    const char *sp1, *sp2;      /* Search result */
+    const char *ext = NULL;     /* possible extension to add */
+
+    if (filename == NULL) {
+        DSOerr(DSO_F_VMS_LOAD, DSO_R_NO_FILENAME);
+        goto err;
+    }
+
+    /*-
+     * A file specification may look like this:
+     *
+     *      node::dev:[dir-spec]name.type;ver
+     *
+     * or (for compatibility with TOPS-20):
+     *
+     *      node::dev:<dir-spec>name.type;ver
+     *
+     * and the dir-spec uses '.' as separator.  Also, a dir-spec
+     * may consist of several parts, with mixed use of [] and <>:
+     *
+     *      [dir1.]<dir2>
+     *
+     * We need to split the file specification into the name and
+     * the rest (both before and after the name itself).
+     */
+    /*
+     * Start with trying to find the end of a dir-spec, and save the position
+     * of the byte after in sp1
+     */
+    sp1 = strrchr(filename, ']');
+    sp2 = strrchr(filename, '>');
+    if (sp1 == NULL)
+        sp1 = sp2;
+    if (sp2 != NULL && sp2 > sp1)
+        sp1 = sp2;
+    if (sp1 == NULL)
+        sp1 = strrchr(filename, ':');
+    if (sp1 == NULL)
+        sp1 = filename;
+    else
+        sp1++;                  /* The byte after the found character */
+    /* Now, let's see if there's a type, and save the position in sp2 */
+    sp2 = strchr(sp1, '.');
+    /*
+     * If there is a period and the next character is a semi-colon,
+     * we need to add an extension
+     */
+    if (sp2 != NULL && sp2[1] == ';')
+        ext = ".EXE";
+    /*
+     * If we found it, that's where we'll cut.  Otherwise, look for a version
+     * number and save the position in sp2
+     */
+    if (sp2 == NULL) {
+        sp2 = strchr(sp1, ';');
+        ext = ".EXE";
+    }
+    /*
+     * If there was still nothing to find, set sp2 to point at the end of the
+     * string
+     */
+    if (sp2 == NULL)
+        sp2 = sp1 + strlen(sp1);
+
+    /* Check that we won't get buffer overflows */
+    if (sp2 - sp1 > FILENAME_MAX
+        || (sp1 - filename) + strlen(sp2) > FILENAME_MAX) {
+        DSOerr(DSO_F_VMS_LOAD, DSO_R_FILENAME_TOO_BIG);
+        goto err;
+    }
+
+    p = DSO_MALLOC(sizeof(*p));
+    if (p == NULL) {
+        DSOerr(DSO_F_VMS_LOAD, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    strncpy(p->filename, sp1, sp2 - sp1);
+    p->filename[sp2 - sp1] = '\0';
+
+    strncpy(p->imagename, filename, sp1 - filename);
+    p->imagename[sp1 - filename] = '\0';
+    if (ext) {
+        strcat(p->imagename, ext);
+        if (*sp2 == '.')
+            sp2++;
+    }
+    strcat(p->imagename, sp2);
+
+    p->filename_dsc.dsc$w_length = strlen(p->filename);
+    p->filename_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+    p->filename_dsc.dsc$b_class = DSC$K_CLASS_S;
+    p->filename_dsc.dsc$a_pointer = p->filename;
+    p->imagename_dsc.dsc$w_length = strlen(p->imagename);
+    p->imagename_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+    p->imagename_dsc.dsc$b_class = DSC$K_CLASS_S;
+    p->imagename_dsc.dsc$a_pointer = p->imagename;
+
+    if (!sk_void_push(dso->meth_data, (char *)p)) {
+        DSOerr(DSO_F_VMS_LOAD, DSO_R_STACK_ERROR);
+        goto err;
+    }
+
+    /* Success (for now, we lie.  We actually do not know...) */
+    dso->loaded_filename = filename;
+    return 1;
+ err:
+    /* Cleanup! */
+    OPENSSL_free(p);
+    OPENSSL_free(filename);
+    return 0;
+}
+
+/*
+ * Note that this doesn't actually unload the shared image, as there is no
+ * such thing in VMS.  Next time it get loaded again, a new copy will
+ * actually be loaded.
+ */
+static int vms_unload(DSO *dso)
+{
+    DSO_VMS_INTERNAL *p;
+    if (dso == NULL) {
+        DSOerr(DSO_F_VMS_UNLOAD, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if (sk_void_num(dso->meth_data) < 1)
+        return 1;
+    p = (DSO_VMS_INTERNAL *)sk_void_pop(dso->meth_data);
+    if (p == NULL) {
+        DSOerr(DSO_F_VMS_UNLOAD, DSO_R_NULL_HANDLE);
+        return 0;
+    }
+    /* Cleanup */
+    OPENSSL_free(p);
+    return 1;
+}
+
+/*
+ * We must do this in a separate function because of the way the exception
+ * handler works (it makes this function return
+ */
+static int do_find_symbol(DSO_VMS_INTERNAL *ptr,
+                          struct dsc$descriptor_s *symname_dsc, void **sym,
+                          unsigned long flags)
+{
+    /*
+     * Make sure that signals are caught and returned instead of aborting the
+     * program.  The exception handler gets unestablished automatically on
+     * return from this function.
+     */
+    lib$establish(lib$sig_to_ret);
+
+    if (ptr->imagename_dsc.dsc$w_length)
+        return lib$find_image_symbol(&ptr->filename_dsc,
+                                     symname_dsc, sym,
+                                     &ptr->imagename_dsc, flags);
+    else
+        return lib$find_image_symbol(&ptr->filename_dsc,
+                                     symname_dsc, sym, 0, flags);
+}
+
+# ifndef LIB$M_FIS_MIXEDCASE
+#  define LIB$M_FIS_MIXEDCASE (1 << 4);
+# endif
+void vms_bind_sym(DSO *dso, const char *symname, void **sym)
+{
+    DSO_VMS_INTERNAL *ptr;
+    int status = 0;
+    struct dsc$descriptor_s symname_dsc;
+
+/* Arrange 32-bit pointer to (copied) string storage, if needed. */
+# if __INITIAL_POINTER_SIZE == 64
+#  define SYMNAME symname_32p
+#  pragma pointer_size save
+#  pragma pointer_size 32
+    char *symname_32p;
+#  pragma pointer_size restore
+    char symname_32[NAMX_MAXRSS + 1];
+# else                          /* __INITIAL_POINTER_SIZE == 64 */
+#  define SYMNAME ((char *) symname)
+# endif                         /* __INITIAL_POINTER_SIZE == 64 [else] */
+
+    *sym = NULL;
+
+    if ((dso == NULL) || (symname == NULL)) {
+        DSOerr(DSO_F_VMS_BIND_SYM, ERR_R_PASSED_NULL_PARAMETER);
+        return;
+    }
+# if __INITIAL_POINTER_SIZE == 64
+    /* Copy the symbol name to storage with a 32-bit pointer. */
+    symname_32p = symname_32;
+    strcpy(symname_32p, symname);
+# endif                         /* __INITIAL_POINTER_SIZE == 64 [else] */
+
+    symname_dsc.dsc$w_length = strlen(SYMNAME);
+    symname_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+    symname_dsc.dsc$b_class = DSC$K_CLASS_S;
+    symname_dsc.dsc$a_pointer = SYMNAME;
+
+    if (sk_void_num(dso->meth_data) < 1) {
+        DSOerr(DSO_F_VMS_BIND_SYM, DSO_R_STACK_ERROR);
+        return;
+    }
+    ptr = (DSO_VMS_INTERNAL *)sk_void_value(dso->meth_data,
+                                            sk_void_num(dso->meth_data) - 1);
+    if (ptr == NULL) {
+        DSOerr(DSO_F_VMS_BIND_SYM, DSO_R_NULL_HANDLE);
+        return;
+    }
+
+    status = do_find_symbol(ptr, &symname_dsc, sym, LIB$M_FIS_MIXEDCASE);
+
+    if (!$VMS_STATUS_SUCCESS(status))
+        status = do_find_symbol(ptr, &symname_dsc, sym, 0);
+
+    if (!$VMS_STATUS_SUCCESS(status)) {
+        unsigned short length;
+        char errstring[257];
+        struct dsc$descriptor_s errstring_dsc;
+
+        errstring_dsc.dsc$w_length = sizeof(errstring);
+        errstring_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+        errstring_dsc.dsc$b_class = DSC$K_CLASS_S;
+        errstring_dsc.dsc$a_pointer = errstring;
+
+        *sym = NULL;
+
+        status = sys$getmsg(status, &length, &errstring_dsc, 1, 0);
+
+        if (!$VMS_STATUS_SUCCESS(status))
+            lib$signal(status); /* This is really bad.  Abort! */
+        else {
+            errstring[length] = '\0';
+
+            DSOerr(DSO_F_VMS_BIND_SYM, DSO_R_SYM_FAILURE);
+            if (ptr->imagename_dsc.dsc$w_length)
+                ERR_add_error_data(9,
+                                   "Symbol ", symname,
+                                   " in ", ptr->filename,
+                                   " (", ptr->imagename, ")",
+                                   ": ", errstring);
+            else
+                ERR_add_error_data(6,
+                                   "Symbol ", symname,
+                                   " in ", ptr->filename, ": ", errstring);
+        }
+        return;
+    }
+    return;
+}
+
+static DSO_FUNC_TYPE vms_bind_func(DSO *dso, const char *symname)
+{
+    DSO_FUNC_TYPE sym = 0;
+    vms_bind_sym(dso, symname, (void **)&sym);
+    return sym;
+}
+
+static char *vms_merger(DSO *dso, const char *filespec1,
+                        const char *filespec2)
+{
+    int status;
+    int filespec1len, filespec2len;
+    struct FAB fab;
+    struct NAMX_STRUCT nam;
+    char esa[NAMX_MAXRSS + 1];
+    char *merged;
+
+/* Arrange 32-bit pointer to (copied) string storage, if needed. */
+# if __INITIAL_POINTER_SIZE == 64
+#  define FILESPEC1 filespec1_32p;
+#  define FILESPEC2 filespec2_32p;
+#  pragma pointer_size save
+#  pragma pointer_size 32
+    char *filespec1_32p;
+    char *filespec2_32p;
+#  pragma pointer_size restore
+    char filespec1_32[NAMX_MAXRSS + 1];
+    char filespec2_32[NAMX_MAXRSS + 1];
+# else                          /* __INITIAL_POINTER_SIZE == 64 */
+#  define FILESPEC1 ((char *) filespec1)
+#  define FILESPEC2 ((char *) filespec2)
+# endif                         /* __INITIAL_POINTER_SIZE == 64 [else] */
+
+    if (!filespec1)
+        filespec1 = "";
+    if (!filespec2)
+        filespec2 = "";
+    filespec1len = strlen(filespec1);
+    filespec2len = strlen(filespec2);
+
+# if __INITIAL_POINTER_SIZE == 64
+    /* Copy the file names to storage with a 32-bit pointer. */
+    filespec1_32p = filespec1_32;
+    filespec2_32p = filespec2_32;
+    strcpy(filespec1_32p, filespec1);
+    strcpy(filespec2_32p, filespec2);
+# endif                         /* __INITIAL_POINTER_SIZE == 64 [else] */
+
+    fab = cc$rms_fab;
+    nam = CC_RMS_NAMX;
+
+    FAB_OR_NAML(fab, nam).FAB_OR_NAML_FNA = FILESPEC1;
+    FAB_OR_NAML(fab, nam).FAB_OR_NAML_FNS = filespec1len;
+    FAB_OR_NAML(fab, nam).FAB_OR_NAML_DNA = FILESPEC2;
+    FAB_OR_NAML(fab, nam).FAB_OR_NAML_DNS = filespec2len;
+    NAMX_DNA_FNA_SET(fab)
+
+        nam.NAMX_ESA = esa;
+    nam.NAMX_ESS = NAMX_MAXRSS;
+    nam.NAMX_NOP = NAM$M_SYNCHK | NAM$M_PWD;
+    SET_NAMX_NO_SHORT_UPCASE(nam);
+
+    fab.FAB_NAMX = &nam;
+
+    status = sys$parse(&fab, 0, 0);
+
+    if (!$VMS_STATUS_SUCCESS(status)) {
+        unsigned short length;
+        char errstring[257];
+        struct dsc$descriptor_s errstring_dsc;
+
+        errstring_dsc.dsc$w_length = sizeof(errstring);
+        errstring_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+        errstring_dsc.dsc$b_class = DSC$K_CLASS_S;
+        errstring_dsc.dsc$a_pointer = errstring;
+
+        status = sys$getmsg(status, &length, &errstring_dsc, 1, 0);
+
+        if (!$VMS_STATUS_SUCCESS(status))
+            lib$signal(status); /* This is really bad.  Abort! */
+        else {
+            errstring[length] = '\0';
+
+            DSOerr(DSO_F_VMS_MERGER, DSO_R_FAILURE);
+            ERR_add_error_data(7,
+                               "filespec \"", filespec1, "\", ",
+                               "defaults \"", filespec2, "\": ", errstring);
+        }
+        return NULL;
+    }
+
+    merged = OPENSSL_malloc(nam.NAMX_ESL + 1);
+    if (merged == NULL)
+        goto malloc_err;
+    strncpy(merged, nam.NAMX_ESA, nam.NAMX_ESL);
+    merged[nam.NAMX_ESL] = '\0';
+    return merged;
+ malloc_err:
+    DSOerr(DSO_F_VMS_MERGER, ERR_R_MALLOC_FAILURE);
+}
+
+static char *vms_name_converter(DSO *dso, const char *filename)
+{
+    int len = strlen(filename);
+    char *not_translated = OPENSSL_malloc(len + 1);
+    if (not_translated != NULL)
+        strcpy(not_translated, filename);
+    return not_translated;
+}
+
+#endif                          /* OPENSSL_SYS_VMS */
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_win32.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_win32.c
new file mode 100644
index 000000000..0bbf5b518
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_win32.c
@@ -0,0 +1,566 @@
+/*
+ * Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include "dso_locl.h"
+
+#if defined(DSO_WIN32)
+
+# ifdef _WIN32_WCE
+#  if _WIN32_WCE < 300
+static FARPROC GetProcAddressA(HMODULE hModule, LPCSTR lpProcName)
+{
+    WCHAR lpProcNameW[64];
+    int i;
+
+    for (i = 0; lpProcName[i] && i < 64; i++)
+        lpProcNameW[i] = (WCHAR)lpProcName[i];
+    if (i == 64)
+        return NULL;
+    lpProcNameW[i] = 0;
+
+    return GetProcAddressW(hModule, lpProcNameW);
+}
+#  endif
+#  undef GetProcAddress
+#  define GetProcAddress GetProcAddressA
+
+static HINSTANCE LoadLibraryA(LPCSTR lpLibFileName)
+{
+    WCHAR *fnamw;
+    size_t len_0 = strlen(lpLibFileName) + 1, i;
+
+#  ifdef _MSC_VER
+    fnamw = (WCHAR *)_alloca(len_0 * sizeof(WCHAR));
+#  else
+    fnamw = (WCHAR *)alloca(len_0 * sizeof(WCHAR));
+#  endif
+    if (fnamw == NULL) {
+        SetLastError(ERROR_NOT_ENOUGH_MEMORY);
+        return NULL;
+    }
+#  if defined(_WIN32_WCE) && _WIN32_WCE>=101
+    if (!MultiByteToWideChar(CP_ACP, 0, lpLibFileName, len_0, fnamw, len_0))
+#  endif
+        for (i = 0; i < len_0; i++)
+            fnamw[i] = (WCHAR)lpLibFileName[i];
+
+    return LoadLibraryW(fnamw);
+}
+# endif
+
+/* Part of the hack in "win32_load" ... */
+# define DSO_MAX_TRANSLATED_SIZE 256
+
+static int win32_load(DSO *dso);
+static int win32_unload(DSO *dso);
+static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname);
+static char *win32_name_converter(DSO *dso, const char *filename);
+static char *win32_merger(DSO *dso, const char *filespec1,
+                          const char *filespec2);
+static void *win32_globallookup(const char *name);
+
+static const char *openssl_strnchr(const char *string, int c, size_t len);
+
+static DSO_METHOD dso_meth_win32 = {
+    "OpenSSL 'win32' shared library method",
+    win32_load,
+    win32_unload,
+    win32_bind_func,
+    NULL,                       /* ctrl */
+    win32_name_converter,
+    win32_merger,
+    NULL,                       /* init */
+    NULL,                       /* finish */
+    NULL,                       /* pathbyaddr */
+    win32_globallookup
+};
+
+DSO_METHOD *DSO_METHOD_openssl(void)
+{
+    return &dso_meth_win32;
+}
+
+/*
+ * For this DSO_METHOD, our meth_data STACK will contain; (i) a pointer to
+ * the handle (HINSTANCE) returned from LoadLibrary(), and copied.
+ */
+
+static int win32_load(DSO *dso)
+{
+    HINSTANCE h = NULL, *p = NULL;
+    /* See applicable comments from dso_dl.c */
+    char *filename = DSO_convert_filename(dso, NULL);
+
+    if (filename == NULL) {
+        DSOerr(DSO_F_WIN32_LOAD, DSO_R_NO_FILENAME);
+        goto err;
+    }
+    h = LoadLibraryA(filename);
+    if (h == NULL) {
+        DSOerr(DSO_F_WIN32_LOAD, DSO_R_LOAD_FAILED);
+        ERR_add_error_data(3, "filename(", filename, ")");
+        goto err;
+    }
+    p = OPENSSL_malloc(sizeof(*p));
+    if (p == NULL) {
+        DSOerr(DSO_F_WIN32_LOAD, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    *p = h;
+    if (!sk_void_push(dso->meth_data, p)) {
+        DSOerr(DSO_F_WIN32_LOAD, DSO_R_STACK_ERROR);
+        goto err;
+    }
+    /* Success */
+    dso->loaded_filename = filename;
+    return 1;
+ err:
+    /* Cleanup ! */
+    OPENSSL_free(filename);
+    OPENSSL_free(p);
+    if (h != NULL)
+        FreeLibrary(h);
+    return 0;
+}
+
+static int win32_unload(DSO *dso)
+{
+    HINSTANCE *p;
+    if (dso == NULL) {
+        DSOerr(DSO_F_WIN32_UNLOAD, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if (sk_void_num(dso->meth_data) < 1)
+        return 1;
+    p = sk_void_pop(dso->meth_data);
+    if (p == NULL) {
+        DSOerr(DSO_F_WIN32_UNLOAD, DSO_R_NULL_HANDLE);
+        return 0;
+    }
+    if (!FreeLibrary(*p)) {
+        DSOerr(DSO_F_WIN32_UNLOAD, DSO_R_UNLOAD_FAILED);
+        /*
+         * We should push the value back onto the stack in case of a retry.
+         */
+        sk_void_push(dso->meth_data, p);
+        return 0;
+    }
+    /* Cleanup */
+    OPENSSL_free(p);
+    return 1;
+}
+
+static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname)
+{
+    HINSTANCE *ptr;
+    union {
+        void *p;
+        FARPROC f;
+    } sym;
+
+    if ((dso == NULL) || (symname == NULL)) {
+        DSOerr(DSO_F_WIN32_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+    if (sk_void_num(dso->meth_data) < 1) {
+        DSOerr(DSO_F_WIN32_BIND_FUNC, DSO_R_STACK_ERROR);
+        return NULL;
+    }
+    ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1);
+    if (ptr == NULL) {
+        DSOerr(DSO_F_WIN32_BIND_FUNC, DSO_R_NULL_HANDLE);
+        return NULL;
+    }
+    sym.f = GetProcAddress(*ptr, symname);
+    if (sym.p == NULL) {
+        DSOerr(DSO_F_WIN32_BIND_FUNC, DSO_R_SYM_FAILURE);
+        ERR_add_error_data(3, "symname(", symname, ")");
+        return NULL;
+    }
+    return (DSO_FUNC_TYPE)sym.f;
+}
+
+struct file_st {
+    const char *node;
+    int nodelen;
+    const char *device;
+    int devicelen;
+    const char *predir;
+    int predirlen;
+    const char *dir;
+    int dirlen;
+    const char *file;
+    int filelen;
+};
+
+static struct file_st *win32_splitter(DSO *dso, const char *filename,
+                                      int assume_last_is_dir)
+{
+    struct file_st *result = NULL;
+    enum { IN_NODE, IN_DEVICE, IN_FILE } position;
+    const char *start = filename;
+    char last;
+
+    if (!filename) {
+        DSOerr(DSO_F_WIN32_SPLITTER, DSO_R_NO_FILENAME);
+        return NULL;
+    }
+
+    result = OPENSSL_zalloc(sizeof(*result));
+    if (result == NULL) {
+        DSOerr(DSO_F_WIN32_SPLITTER, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    position = IN_DEVICE;
+
+    if ((filename[0] == '\\' && filename[1] == '\\')
+        || (filename[0] == '/' && filename[1] == '/')) {
+        position = IN_NODE;
+        filename += 2;
+        start = filename;
+        result->node = start;
+    }
+
+    do {
+        last = filename[0];
+        switch (last) {
+        case ':':
+            if (position != IN_DEVICE) {
+                DSOerr(DSO_F_WIN32_SPLITTER, DSO_R_INCORRECT_FILE_SYNTAX);
+                OPENSSL_free(result);
+                return NULL;
+            }
+            result->device = start;
+            result->devicelen = (int)(filename - start);
+            position = IN_FILE;
+            start = ++filename;
+            result->dir = start;
+            break;
+        case '\\':
+        case '/':
+            if (position == IN_NODE) {
+                result->nodelen = (int)(filename - start);
+                position = IN_FILE;
+                start = ++filename;
+                result->dir = start;
+            } else if (position == IN_DEVICE) {
+                position = IN_FILE;
+                filename++;
+                result->dir = start;
+                result->dirlen = (int)(filename - start);
+                start = filename;
+            } else {
+                filename++;
+                result->dirlen += (int)(filename - start);
+                start = filename;
+            }
+            break;
+        case '\0':
+            if (position == IN_NODE) {
+                result->nodelen = (int)(filename - start);
+            } else {
+                if (filename - start > 0) {
+                    if (assume_last_is_dir) {
+                        if (position == IN_DEVICE) {
+                            result->dir = start;
+                            result->dirlen = 0;
+                        }
+                        result->dirlen += (int)(filename - start);
+                    } else {
+                        result->file = start;
+                        result->filelen = (int)(filename - start);
+                    }
+                }
+            }
+            break;
+        default:
+            filename++;
+            break;
+        }
+    }
+    while (last);
+
+    if (!result->nodelen)
+        result->node = NULL;
+    if (!result->devicelen)
+        result->device = NULL;
+    if (!result->dirlen)
+        result->dir = NULL;
+    if (!result->filelen)
+        result->file = NULL;
+
+    return result;
+}
+
+static char *win32_joiner(DSO *dso, const struct file_st *file_split)
+{
+    int len = 0, offset = 0;
+    char *result = NULL;
+    const char *start;
+
+    if (!file_split) {
+        DSOerr(DSO_F_WIN32_JOINER, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+    if (file_split->node) {
+        len += 2 + file_split->nodelen; /* 2 for starting \\ */
+        if (file_split->predir || file_split->dir || file_split->file)
+            len++;              /* 1 for ending \ */
+    } else if (file_split->device) {
+        len += file_split->devicelen + 1; /* 1 for ending : */
+    }
+    len += file_split->predirlen;
+    if (file_split->predir && (file_split->dir || file_split->file)) {
+        len++;                  /* 1 for ending \ */
+    }
+    len += file_split->dirlen;
+    if (file_split->dir && file_split->file) {
+        len++;                  /* 1 for ending \ */
+    }
+    len += file_split->filelen;
+
+    if (!len) {
+        DSOerr(DSO_F_WIN32_JOINER, DSO_R_EMPTY_FILE_STRUCTURE);
+        return NULL;
+    }
+
+    result = OPENSSL_malloc(len + 1);
+    if (result == NULL) {
+        DSOerr(DSO_F_WIN32_JOINER, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if (file_split->node) {
+        strcpy(&result[offset], "\\\\");
+        offset += 2;
+        strncpy(&result[offset], file_split->node, file_split->nodelen);
+        offset += file_split->nodelen;
+        if (file_split->predir || file_split->dir || file_split->file) {
+            result[offset] = '\\';
+            offset++;
+        }
+    } else if (file_split->device) {
+        strncpy(&result[offset], file_split->device, file_split->devicelen);
+        offset += file_split->devicelen;
+        result[offset] = ':';
+        offset++;
+    }
+    start = file_split->predir;
+    while (file_split->predirlen > (start - file_split->predir)) {
+        const char *end = openssl_strnchr(start, '/',
+                                          file_split->predirlen - (start -
+                                                                   file_split->predir));
+        if (!end)
+            end = start
+                + file_split->predirlen - (start - file_split->predir);
+        strncpy(&result[offset], start, end - start);
+        offset += (int)(end - start);
+        result[offset] = '\\';
+        offset++;
+        start = end + 1;
+    }
+    start = file_split->dir;
+    while (file_split->dirlen > (start - file_split->dir)) {
+        const char *end = openssl_strnchr(start, '/',
+                                          file_split->dirlen - (start -
+                                                                file_split->dir));
+        if (!end)
+            end = start + file_split->dirlen - (start - file_split->dir);
+        strncpy(&result[offset], start, end - start);
+        offset += (int)(end - start);
+        result[offset] = '\\';
+        offset++;
+        start = end + 1;
+    }
+    strncpy(&result[offset], file_split->file, file_split->filelen);
+    offset += file_split->filelen;
+    result[offset] = '\0';
+    return result;
+}
+
+static char *win32_merger(DSO *dso, const char *filespec1,
+                          const char *filespec2)
+{
+    char *merged = NULL;
+    struct file_st *filespec1_split = NULL;
+    struct file_st *filespec2_split = NULL;
+
+    if (!filespec1 && !filespec2) {
+        DSOerr(DSO_F_WIN32_MERGER, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+    if (!filespec2) {
+        merged = OPENSSL_strdup(filespec1);
+        if (merged == NULL) {
+            DSOerr(DSO_F_WIN32_MERGER, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+    } else if (!filespec1) {
+        merged = OPENSSL_strdup(filespec2);
+        if (merged == NULL) {
+            DSOerr(DSO_F_WIN32_MERGER, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+    } else {
+        filespec1_split = win32_splitter(dso, filespec1, 0);
+        if (!filespec1_split) {
+            DSOerr(DSO_F_WIN32_MERGER, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+        filespec2_split = win32_splitter(dso, filespec2, 1);
+        if (!filespec2_split) {
+            DSOerr(DSO_F_WIN32_MERGER, ERR_R_MALLOC_FAILURE);
+            OPENSSL_free(filespec1_split);
+            return NULL;
+        }
+
+        /* Fill in into filespec1_split */
+        if (!filespec1_split->node && !filespec1_split->device) {
+            filespec1_split->node = filespec2_split->node;
+            filespec1_split->nodelen = filespec2_split->nodelen;
+            filespec1_split->device = filespec2_split->device;
+            filespec1_split->devicelen = filespec2_split->devicelen;
+        }
+        if (!filespec1_split->dir) {
+            filespec1_split->dir = filespec2_split->dir;
+            filespec1_split->dirlen = filespec2_split->dirlen;
+        } else if (filespec1_split->dir[0] != '\\'
+                   && filespec1_split->dir[0] != '/') {
+            filespec1_split->predir = filespec2_split->dir;
+            filespec1_split->predirlen = filespec2_split->dirlen;
+        }
+        if (!filespec1_split->file) {
+            filespec1_split->file = filespec2_split->file;
+            filespec1_split->filelen = filespec2_split->filelen;
+        }
+
+        merged = win32_joiner(dso, filespec1_split);
+    }
+    OPENSSL_free(filespec1_split);
+    OPENSSL_free(filespec2_split);
+    return merged;
+}
+
+static char *win32_name_converter(DSO *dso, const char *filename)
+{
+    char *translated;
+    int len, transform;
+
+    len = strlen(filename);
+    transform = ((strstr(filename, "/") == NULL) &&
+                 (strstr(filename, "\\") == NULL) &&
+                 (strstr(filename, ":") == NULL));
+    if (transform)
+        /* We will convert this to "%s.dll" */
+        translated = OPENSSL_malloc(len + 5);
+    else
+        /* We will simply duplicate filename */
+        translated = OPENSSL_malloc(len + 1);
+    if (translated == NULL) {
+        DSOerr(DSO_F_WIN32_NAME_CONVERTER, DSO_R_NAME_TRANSLATION_FAILED);
+        return NULL;
+    }
+    if (transform)
+        sprintf(translated, "%s.dll", filename);
+    else
+        sprintf(translated, "%s", filename);
+    return translated;
+}
+
+static const char *openssl_strnchr(const char *string, int c, size_t len)
+{
+    size_t i;
+    const char *p;
+    for (i = 0, p = string; i < len && *p; i++, p++) {
+        if (*p == c)
+            return p;
+    }
+    return NULL;
+}
+
+# include <tlhelp32.h>
+# ifdef _WIN32_WCE
+#  define DLLNAME "TOOLHELP.DLL"
+# else
+#  ifdef MODULEENTRY32
+#   undef MODULEENTRY32         /* unmask the ASCII version! */
+#  endif
+#  define DLLNAME "KERNEL32.DLL"
+# endif
+
+typedef HANDLE(WINAPI *CREATETOOLHELP32SNAPSHOT) (DWORD, DWORD);
+typedef BOOL(WINAPI *CLOSETOOLHELP32SNAPSHOT) (HANDLE);
+typedef BOOL(WINAPI *MODULE32) (HANDLE, MODULEENTRY32 *);
+
+static void *win32_globallookup(const char *name)
+{
+    HMODULE dll;
+    HANDLE hModuleSnap = INVALID_HANDLE_VALUE;
+    MODULEENTRY32 me32;
+    CREATETOOLHELP32SNAPSHOT create_snap;
+    CLOSETOOLHELP32SNAPSHOT close_snap;
+    MODULE32 module_first, module_next;
+    union {
+        void *p;
+        FARPROC f;
+    } ret = { NULL };
+
+    dll = LoadLibrary(TEXT(DLLNAME));
+    if (dll == NULL) {
+        DSOerr(DSO_F_WIN32_GLOBALLOOKUP, DSO_R_UNSUPPORTED);
+        return NULL;
+    }
+
+    create_snap = (CREATETOOLHELP32SNAPSHOT)
+        GetProcAddress(dll, "CreateToolhelp32Snapshot");
+    if (create_snap == NULL) {
+        FreeLibrary(dll);
+        DSOerr(DSO_F_WIN32_GLOBALLOOKUP, DSO_R_UNSUPPORTED);
+        return NULL;
+    }
+    /* We take the rest for granted... */
+# ifdef _WIN32_WCE
+    close_snap = (CLOSETOOLHELP32SNAPSHOT)
+        GetProcAddress(dll, "CloseToolhelp32Snapshot");
+# else
+    close_snap = (CLOSETOOLHELP32SNAPSHOT) CloseHandle;
+# endif
+    module_first = (MODULE32) GetProcAddress(dll, "Module32First");
+    module_next = (MODULE32) GetProcAddress(dll, "Module32Next");
+
+    hModuleSnap = (*create_snap) (TH32CS_SNAPMODULE, 0);
+    if (hModuleSnap == INVALID_HANDLE_VALUE) {
+        FreeLibrary(dll);
+        DSOerr(DSO_F_WIN32_GLOBALLOOKUP, DSO_R_UNSUPPORTED);
+        return NULL;
+    }
+
+    me32.dwSize = sizeof(me32);
+
+    if (!(*module_first) (hModuleSnap, &me32)) {
+        (*close_snap) (hModuleSnap);
+        FreeLibrary(dll);
+        return NULL;
+    }
+
+    do {
+        if ((ret.f = GetProcAddress(me32.hModule, name))) {
+            (*close_snap) (hModuleSnap);
+            FreeLibrary(dll);
+            return ret.p;
+        }
+    } while ((*module_next) (hModuleSnap, &me32));
+
+    (*close_snap) (hModuleSnap);
+    FreeLibrary(dll);
+    return NULL;
+}
+#endif                          /* DSO_WIN32 */
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ebcdic.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ebcdic.c
new file mode 100644
index 000000000..2a8ca6101
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ebcdic.c
@@ -0,0 +1,361 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+# include <openssl/e_os2.h>
+#ifndef CHARSET_EBCDIC
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <openssl/ebcdic.h>
+
+# ifdef CHARSET_EBCDIC_TEST
+/*
+ * Here we're looking to test the EBCDIC code on an ASCII system so we don't do
+ * any translation in these tables at all.
+ */
+
+/* The ebcdic-to-ascii table: */
+const unsigned char os_toascii[256] = {
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+    0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+    0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+    0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+    0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+    0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+    0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+    0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+    0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
+    0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+    0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
+    0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
+    0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+    0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
+    0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
+    0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
+    0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
+    0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
+    0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
+    0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
+    0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
+    0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
+    0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
+    0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
+    0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
+    0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
+    0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
+    0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
+    0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
+    0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+    0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
+};
+
+/* The ascii-to-ebcdic table: */
+const unsigned char os_toebcdic[256] = {
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+    0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+    0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+    0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+    0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+    0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+    0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+    0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+    0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
+    0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+    0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
+    0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
+    0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+    0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
+    0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
+    0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
+    0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
+    0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
+    0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
+    0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
+    0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
+    0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
+    0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
+    0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
+    0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
+    0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
+    0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
+    0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
+    0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
+    0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+    0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
+};
+
+# elif defined(_OSD_POSIX)
+/*
+ * "BS2000 OSD" is a POSIX subsystem on a main frame. It is made by Siemens
+ * AG, Germany, for their BS2000 mainframe machines. Within the POSIX
+ * subsystem, the same character set was chosen as in "native BS2000", namely
+ * EBCDIC. (EDF04)
+ *
+ * The name "ASCII" in these routines is misleading: actually, conversion is
+ * not between EBCDIC and ASCII, but EBCDIC(EDF04) and ISO-8859.1; that means
+ * that (western european) national characters are preserved.
+ *
+ * This table is identical to the one used by rsh/rcp/ftp and other POSIX
+ * tools.
+ */
+
+/* Here's the bijective ebcdic-to-ascii table: */
+const unsigned char os_toascii[256] = {
+    /*
+     * 00
+     */ 0x00, 0x01, 0x02, 0x03, 0x85, 0x09, 0x86, 0x7f,
+    0x87, 0x8d, 0x8e, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* ................ */
+    /*
+     * 10
+     */ 0x10, 0x11, 0x12, 0x13, 0x8f, 0x0a, 0x08, 0x97,
+    0x18, 0x19, 0x9c, 0x9d, 0x1c, 0x1d, 0x1e, 0x1f, /* ................ */
+    /*
+     * 20
+     */ 0x80, 0x81, 0x82, 0x83, 0x84, 0x92, 0x17, 0x1b,
+    0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x05, 0x06, 0x07, /* ................ */
+    /*
+     * 30
+     */ 0x90, 0x91, 0x16, 0x93, 0x94, 0x95, 0x96, 0x04,
+    0x98, 0x99, 0x9a, 0x9b, 0x14, 0x15, 0x9e, 0x1a, /* ................ */
+    /*
+     * 40
+     */ 0x20, 0xa0, 0xe2, 0xe4, 0xe0, 0xe1, 0xe3, 0xe5,
+    0xe7, 0xf1, 0x60, 0x2e, 0x3c, 0x28, 0x2b, 0x7c, /* .........`.<(+| */
+    /*
+     * 50
+     */ 0x26, 0xe9, 0xea, 0xeb, 0xe8, 0xed, 0xee, 0xef,
+    0xec, 0xdf, 0x21, 0x24, 0x2a, 0x29, 0x3b, 0x9f, /* &.........!$*);. */
+    /*
+     * 60
+     */ 0x2d, 0x2f, 0xc2, 0xc4, 0xc0, 0xc1, 0xc3, 0xc5,
+    0xc7, 0xd1, 0x5e, 0x2c, 0x25, 0x5f, 0x3e, 0x3f,    /*-/........^,%_>?*/
+    /*
+     * 70
+     */ 0xf8, 0xc9, 0xca, 0xcb, 0xc8, 0xcd, 0xce, 0xcf,
+    0xcc, 0xa8, 0x3a, 0x23, 0x40, 0x27, 0x3d, 0x22, /* ..........:#@'=" */
+    /*
+     * 80
+     */ 0xd8, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
+    0x68, 0x69, 0xab, 0xbb, 0xf0, 0xfd, 0xfe, 0xb1, /* .abcdefghi...... */
+    /*
+     * 90
+     */ 0xb0, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70,
+    0x71, 0x72, 0xaa, 0xba, 0xe6, 0xb8, 0xc6, 0xa4, /* .jklmnopqr...... */
+    /*
+     * a0
+     */ 0xb5, 0xaf, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78,
+    0x79, 0x7a, 0xa1, 0xbf, 0xd0, 0xdd, 0xde, 0xae, /* ..stuvwxyz...... */
+    /*
+     * b0
+     */ 0xa2, 0xa3, 0xa5, 0xb7, 0xa9, 0xa7, 0xb6, 0xbc,
+    0xbd, 0xbe, 0xac, 0x5b, 0x5c, 0x5d, 0xb4, 0xd7, /* ...........[\].. */
+    /*
+     * c0
+     */ 0xf9, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+    0x48, 0x49, 0xad, 0xf4, 0xf6, 0xf2, 0xf3, 0xf5, /* .ABCDEFGHI...... */
+    /*
+     * d0
+     */ 0xa6, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50,
+    0x51, 0x52, 0xb9, 0xfb, 0xfc, 0xdb, 0xfa, 0xff, /* .JKLMNOPQR...... */
+    /*
+     * e0
+     */ 0xd9, 0xf7, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58,
+    0x59, 0x5a, 0xb2, 0xd4, 0xd6, 0xd2, 0xd3, 0xd5, /* ..STUVWXYZ...... */
+    /*
+     * f0
+     */ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+    0x38, 0x39, 0xb3, 0x7b, 0xdc, 0x7d, 0xda, 0x7e /* 0123456789.{.}.~ */
+};
+
+/* The ascii-to-ebcdic table: */
+const unsigned char os_toebcdic[256] = {
+    /*
+     * 00
+     */ 0x00, 0x01, 0x02, 0x03, 0x37, 0x2d, 0x2e, 0x2f,
+    0x16, 0x05, 0x15, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* ................ */
+    /*
+     * 10
+     */ 0x10, 0x11, 0x12, 0x13, 0x3c, 0x3d, 0x32, 0x26,
+    0x18, 0x19, 0x3f, 0x27, 0x1c, 0x1d, 0x1e, 0x1f, /* ................ */
+    /*
+     * 20
+     */ 0x40, 0x5a, 0x7f, 0x7b, 0x5b, 0x6c, 0x50, 0x7d,
+    0x4d, 0x5d, 0x5c, 0x4e, 0x6b, 0x60, 0x4b, 0x61, /* !"#$%&'()*+,-./ */
+    /*
+     * 30
+     */ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+    0xf8, 0xf9, 0x7a, 0x5e, 0x4c, 0x7e, 0x6e, 0x6f, /* 0123456789:;<=>? */
+    /*
+     * 40
+     */ 0x7c, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
+    0xc8, 0xc9, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, /* @ABCDEFGHIJKLMNO */
+    /*
+     * 50
+     */ 0xd7, 0xd8, 0xd9, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6,
+    0xe7, 0xe8, 0xe9, 0xbb, 0xbc, 0xbd, 0x6a, 0x6d, /* PQRSTUVWXYZ[\]^_ */
+    /*
+     * 60
+     */ 0x4a, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
+    0x88, 0x89, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, /* `abcdefghijklmno */
+    /*
+     * 70
+     */ 0x97, 0x98, 0x99, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6,
+    0xa7, 0xa8, 0xa9, 0xfb, 0x4f, 0xfd, 0xff, 0x07, /* pqrstuvwxyz{|}~. */
+    /*
+     * 80
+     */ 0x20, 0x21, 0x22, 0x23, 0x24, 0x04, 0x06, 0x08,
+    0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x09, 0x0a, 0x14, /* ................ */
+    /*
+     * 90
+     */ 0x30, 0x31, 0x25, 0x33, 0x34, 0x35, 0x36, 0x17,
+    0x38, 0x39, 0x3a, 0x3b, 0x1a, 0x1b, 0x3e, 0x5f, /* ................ */
+    /*
+     * a0
+     */ 0x41, 0xaa, 0xb0, 0xb1, 0x9f, 0xb2, 0xd0, 0xb5,
+    0x79, 0xb4, 0x9a, 0x8a, 0xba, 0xca, 0xaf, 0xa1, /* ................ */
+    /*
+     * b0
+     */ 0x90, 0x8f, 0xea, 0xfa, 0xbe, 0xa0, 0xb6, 0xb3,
+    0x9d, 0xda, 0x9b, 0x8b, 0xb7, 0xb8, 0xb9, 0xab, /* ................ */
+    /*
+     * c0
+     */ 0x64, 0x65, 0x62, 0x66, 0x63, 0x67, 0x9e, 0x68,
+    0x74, 0x71, 0x72, 0x73, 0x78, 0x75, 0x76, 0x77, /* ................ */
+    /*
+     * d0
+     */ 0xac, 0x69, 0xed, 0xee, 0xeb, 0xef, 0xec, 0xbf,
+    0x80, 0xe0, 0xfe, 0xdd, 0xfc, 0xad, 0xae, 0x59, /* ................ */
+    /*
+     * e0
+     */ 0x44, 0x45, 0x42, 0x46, 0x43, 0x47, 0x9c, 0x48,
+    0x54, 0x51, 0x52, 0x53, 0x58, 0x55, 0x56, 0x57, /* ................ */
+    /*
+     * f0
+     */ 0x8c, 0x49, 0xcd, 0xce, 0xcb, 0xcf, 0xcc, 0xe1,
+    0x70, 0xc0, 0xde, 0xdb, 0xdc, 0x8d, 0x8e, 0xdf /* ................ */
+};
+
+# else /*_OSD_POSIX*/
+
+/*
+ * This code does basic character mapping for IBM's TPF and OS/390 operating
+ * systems. It is a modified version of the BS2000 table.
+ *
+ * Bijective EBCDIC (character set IBM-1047) to US-ASCII table: This table is
+ * bijective - there are no ambiguous or duplicate characters.
+ */
+const unsigned char os_toascii[256] = {
+    0x00, 0x01, 0x02, 0x03, 0x85, 0x09, 0x86, 0x7f, /* 00-0f: */
+    0x87, 0x8d, 0x8e, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* ................ */
+    0x10, 0x11, 0x12, 0x13, 0x8f, 0x0a, 0x08, 0x97, /* 10-1f: */
+    0x18, 0x19, 0x9c, 0x9d, 0x1c, 0x1d, 0x1e, 0x1f, /* ................ */
+    0x80, 0x81, 0x82, 0x83, 0x84, 0x92, 0x17, 0x1b, /* 20-2f: */
+    0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x05, 0x06, 0x07, /* ................ */
+    0x90, 0x91, 0x16, 0x93, 0x94, 0x95, 0x96, 0x04, /* 30-3f: */
+    0x98, 0x99, 0x9a, 0x9b, 0x14, 0x15, 0x9e, 0x1a, /* ................ */
+    0x20, 0xa0, 0xe2, 0xe4, 0xe0, 0xe1, 0xe3, 0xe5, /* 40-4f: */
+    0xe7, 0xf1, 0xa2, 0x2e, 0x3c, 0x28, 0x2b, 0x7c, /* ...........<(+| */
+    0x26, 0xe9, 0xea, 0xeb, 0xe8, 0xed, 0xee, 0xef, /* 50-5f: */
+    0xec, 0xdf, 0x21, 0x24, 0x2a, 0x29, 0x3b, 0x5e, /* &.........!$*);^ */
+    0x2d, 0x2f, 0xc2, 0xc4, 0xc0, 0xc1, 0xc3, 0xc5, /* 60-6f: */
+    0xc7, 0xd1, 0xa6, 0x2c, 0x25, 0x5f, 0x3e, 0x3f, /* -/.........,%_>? */
+    0xf8, 0xc9, 0xca, 0xcb, 0xc8, 0xcd, 0xce, 0xcf, /* 70-7f: */
+    0xcc, 0x60, 0x3a, 0x23, 0x40, 0x27, 0x3d, 0x22, /* .........`:#@'=" */
+    0xd8, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, /* 80-8f: */
+    0x68, 0x69, 0xab, 0xbb, 0xf0, 0xfd, 0xfe, 0xb1, /* .abcdefghi...... */
+    0xb0, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, /* 90-9f: */
+    0x71, 0x72, 0xaa, 0xba, 0xe6, 0xb8, 0xc6, 0xa4, /* .jklmnopqr...... */
+    0xb5, 0x7e, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, /* a0-af: */
+    0x79, 0x7a, 0xa1, 0xbf, 0xd0, 0x5b, 0xde, 0xae, /* .~stuvwxyz...[.. */
+    0xac, 0xa3, 0xa5, 0xb7, 0xa9, 0xa7, 0xb6, 0xbc, /* b0-bf: */
+    0xbd, 0xbe, 0xdd, 0xa8, 0xaf, 0x5d, 0xb4, 0xd7, /* .............].. */
+    0x7b, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, /* c0-cf: */
+    0x48, 0x49, 0xad, 0xf4, 0xf6, 0xf2, 0xf3, 0xf5, /* {ABCDEFGHI...... */
+    0x7d, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, /* d0-df: */
+    0x51, 0x52, 0xb9, 0xfb, 0xfc, 0xf9, 0xfa, 0xff, /* }JKLMNOPQR...... */
+    0x5c, 0xf7, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, /* e0-ef: */
+    0x59, 0x5a, 0xb2, 0xd4, 0xd6, 0xd2, 0xd3, 0xd5, /* \.STUVWXYZ...... */
+    0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* f0-ff: */
+    0x38, 0x39, 0xb3, 0xdb, 0xdc, 0xd9, 0xda, 0x9f /* 0123456789...... */
+};
+
+/*
+ * The US-ASCII to EBCDIC (character set IBM-1047) table: This table is
+ * bijective (no ambiguous or duplicate characters)
+ */
+const unsigned char os_toebcdic[256] = {
+    0x00, 0x01, 0x02, 0x03, 0x37, 0x2d, 0x2e, 0x2f, /* 00-0f: */
+    0x16, 0x05, 0x15, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* ................ */
+    0x10, 0x11, 0x12, 0x13, 0x3c, 0x3d, 0x32, 0x26, /* 10-1f: */
+    0x18, 0x19, 0x3f, 0x27, 0x1c, 0x1d, 0x1e, 0x1f, /* ................ */
+    0x40, 0x5a, 0x7f, 0x7b, 0x5b, 0x6c, 0x50, 0x7d, /* 20-2f: */
+    0x4d, 0x5d, 0x5c, 0x4e, 0x6b, 0x60, 0x4b, 0x61, /* !"#$%&'()*+,-./ */
+    0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, /* 30-3f: */
+    0xf8, 0xf9, 0x7a, 0x5e, 0x4c, 0x7e, 0x6e, 0x6f, /* 0123456789:;<=>? */
+    0x7c, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, /* 40-4f: */
+    0xc8, 0xc9, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, /* @ABCDEFGHIJKLMNO */
+    0xd7, 0xd8, 0xd9, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, /* 50-5f: */
+    0xe7, 0xe8, 0xe9, 0xad, 0xe0, 0xbd, 0x5f, 0x6d, /* PQRSTUVWXYZ[\]^_ */
+    0x79, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, /* 60-6f: */
+    0x88, 0x89, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, /* `abcdefghijklmno */
+    0x97, 0x98, 0x99, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, /* 70-7f: */
+    0xa7, 0xa8, 0xa9, 0xc0, 0x4f, 0xd0, 0xa1, 0x07, /* pqrstuvwxyz{|}~. */
+    0x20, 0x21, 0x22, 0x23, 0x24, 0x04, 0x06, 0x08, /* 80-8f: */
+    0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x09, 0x0a, 0x14, /* ................ */
+    0x30, 0x31, 0x25, 0x33, 0x34, 0x35, 0x36, 0x17, /* 90-9f: */
+    0x38, 0x39, 0x3a, 0x3b, 0x1a, 0x1b, 0x3e, 0xff, /* ................ */
+    0x41, 0xaa, 0x4a, 0xb1, 0x9f, 0xb2, 0x6a, 0xb5, /* a0-af: */
+    0xbb, 0xb4, 0x9a, 0x8a, 0xb0, 0xca, 0xaf, 0xbc, /* ................ */
+    0x90, 0x8f, 0xea, 0xfa, 0xbe, 0xa0, 0xb6, 0xb3, /* b0-bf: */
+    0x9d, 0xda, 0x9b, 0x8b, 0xb7, 0xb8, 0xb9, 0xab, /* ................ */
+    0x64, 0x65, 0x62, 0x66, 0x63, 0x67, 0x9e, 0x68, /* c0-cf: */
+    0x74, 0x71, 0x72, 0x73, 0x78, 0x75, 0x76, 0x77, /* ................ */
+    0xac, 0x69, 0xed, 0xee, 0xeb, 0xef, 0xec, 0xbf, /* d0-df: */
+    0x80, 0xfd, 0xfe, 0xfb, 0xfc, 0xba, 0xae, 0x59, /* ................ */
+    0x44, 0x45, 0x42, 0x46, 0x43, 0x47, 0x9c, 0x48, /* e0-ef: */
+    0x54, 0x51, 0x52, 0x53, 0x58, 0x55, 0x56, 0x57, /* ................ */
+    0x8c, 0x49, 0xcd, 0xce, 0xcb, 0xcf, 0xcc, 0xe1, /* f0-ff: */
+    0x70, 0xdd, 0xde, 0xdb, 0xdc, 0x8d, 0x8e, 0xdf /* ................ */
+};
+# endif/*_OSD_POSIX*/
+
+/*
+ * Translate a memory block from EBCDIC (host charset) to ASCII (net charset)
+ * dest and srce may be identical, or separate memory blocks, but should not
+ * overlap. These functions intentionally have an interface compatible to
+ * memcpy(3).
+ */
+
+void *ebcdic2ascii(void *dest, const void *srce, size_t count)
+{
+    unsigned char *udest = dest;
+    const unsigned char *usrce = srce;
+
+    while (count-- != 0) {
+        *udest++ = os_toascii[*usrce++];
+    }
+
+    return dest;
+}
+
+void *ascii2ebcdic(void *dest, const void *srce, size_t count)
+{
+    unsigned char *udest = dest;
+    const unsigned char *usrce = srce;
+
+    while (count-- != 0) {
+        *udest++ = os_toebcdic[*usrce++];
+    }
+
+    return dest;
+}
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/ecp_nistz256-armv4.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/ecp_nistz256-armv4.pl
new file mode 100755
index 000000000..83abbdd89
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/ecp_nistz256-armv4.pl
@@ -0,0 +1,1865 @@
+#! /usr/bin/env perl
+# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# ECP_NISTZ256 module for ARMv4.
+#
+# October 2014.
+#
+# Original ECP_NISTZ256 submission targeting x86_64 is detailed in
+# http://eprint.iacr.org/2013/816. In the process of adaptation
+# original .c module was made 32-bit savvy in order to make this
+# implementation possible.
+#
+#			with/without -DECP_NISTZ256_ASM
+# Cortex-A8		+53-170%
+# Cortex-A9		+76-205%
+# Cortex-A15		+100-316%
+# Snapdragon S4		+66-187%
+#
+# Ranges denote minimum and maximum improvement coefficients depending
+# on benchmark. Lower coefficients are for ECDSA sign, server-side
+# operation. Keep in mind that +200% means 3x improvement.
+
+$flavour = shift;
+if ($flavour=~/\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; }
+else { while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} }
+
+if ($flavour && $flavour ne "void") {
+    $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+    ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
+    ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
+    die "can't locate arm-xlate.pl";
+
+    open STDOUT,"| \"$^X\" $xlate $flavour $output";
+} else {
+    open STDOUT,">$output";
+}
+
+$code.=<<___;
+#include "arm_arch.h"
+
+.text
+#if defined(__thumb2__)
+.syntax	unified
+.thumb
+#else
+.code	32
+#endif
+___
+########################################################################
+# Convert ecp_nistz256_table.c to layout expected by ecp_nistz_gather_w7
+#
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+open TABLE,"<ecp_nistz256_table.c"		or
+open TABLE,"<${dir}../ecp_nistz256_table.c"	or
+die "failed to open ecp_nistz256_table.c:",$!;
+
+use integer;
+
+foreach(<TABLE>) {
+	s/TOBN\(\s*(0x[0-9a-f]+),\s*(0x[0-9a-f]+)\s*\)/push @arr,hex($2),hex($1)/geo;
+}
+close TABLE;
+
+# See ecp_nistz256_table.c for explanation for why it's 64*16*37.
+# 64*16*37-1 is because $#arr returns last valid index or @arr, not
+# amount of elements.
+die "insane number of elements" if ($#arr != 64*16*37-1);
+
+$code.=<<___;
+.globl	ecp_nistz256_precomputed
+.type	ecp_nistz256_precomputed,%object
+.align	12
+ecp_nistz256_precomputed:
+___
+########################################################################
+# this conversion smashes P256_POINT_AFFINE by individual bytes with
+# 64 byte interval, similar to
+#	1111222233334444
+#	1234123412341234
+for(1..37) {
+	@tbl = splice(@arr,0,64*16);
+	for($i=0;$i<64;$i++) {
+		undef @line;
+		for($j=0;$j<64;$j++) {
+			push @line,(@tbl[$j*16+$i/4]>>(($i%4)*8))&0xff;
+		}
+		$code.=".byte\t";
+		$code.=join(',',map { sprintf "0x%02x",$_} @line);
+		$code.="\n";
+	}
+}
+$code.=<<___;
+.size	ecp_nistz256_precomputed,.-ecp_nistz256_precomputed
+.align	5
+.LRR:	@ 2^512 mod P precomputed for NIST P256 polynomial
+.long	0x00000003, 0x00000000, 0xffffffff, 0xfffffffb
+.long	0xfffffffe, 0xffffffff, 0xfffffffd, 0x00000004
+.Lone:
+.long	1,0,0,0,0,0,0,0
+.asciz	"ECP_NISTZ256 for ARMv4, CRYPTOGAMS by <appro\@openssl.org>"
+.align	6
+___
+
+########################################################################
+# common register layout, note that $t2 is link register, so that if
+# internal subroutine uses $t2, then it has to offload lr...
+
+($r_ptr,$a_ptr,$b_ptr,$ff,$a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7,$t1,$t2)=
+		map("r$_",(0..12,14));
+($t0,$t3)=($ff,$a_ptr);
+
+$code.=<<___;
+@ void	ecp_nistz256_to_mont(BN_ULONG r0[8],const BN_ULONG r1[8]);
+.globl	ecp_nistz256_to_mont
+.type	ecp_nistz256_to_mont,%function
+ecp_nistz256_to_mont:
+	adr	$b_ptr,.LRR
+	b	.Lecp_nistz256_mul_mont
+.size	ecp_nistz256_to_mont,.-ecp_nistz256_to_mont
+
+@ void	ecp_nistz256_from_mont(BN_ULONG r0[8],const BN_ULONG r1[8]);
+.globl	ecp_nistz256_from_mont
+.type	ecp_nistz256_from_mont,%function
+ecp_nistz256_from_mont:
+	adr	$b_ptr,.Lone
+	b	.Lecp_nistz256_mul_mont
+.size	ecp_nistz256_from_mont,.-ecp_nistz256_from_mont
+
+@ void	ecp_nistz256_mul_by_2(BN_ULONG r0[8],const BN_ULONG r1[8]);
+.globl	ecp_nistz256_mul_by_2
+.type	ecp_nistz256_mul_by_2,%function
+.align	4
+ecp_nistz256_mul_by_2:
+	stmdb	sp!,{r4-r12,lr}
+	bl	__ecp_nistz256_mul_by_2
+#if __ARM_ARCH__>=5 || !defined(__thumb__)
+	ldmia	sp!,{r4-r12,pc}
+#else
+	ldmia	sp!,{r4-r12,lr}
+	bx	lr			@ interoperable with Thumb ISA:-)
+#endif
+.size	ecp_nistz256_mul_by_2,.-ecp_nistz256_mul_by_2
+
+.type	__ecp_nistz256_mul_by_2,%function
+.align	4
+__ecp_nistz256_mul_by_2:
+	ldr	$a0,[$a_ptr,#0]
+	ldr	$a1,[$a_ptr,#4]
+	ldr	$a2,[$a_ptr,#8]
+	adds	$a0,$a0,$a0		@ a[0:7]+=a[0:7], i.e. add with itself
+	ldr	$a3,[$a_ptr,#12]
+	adcs	$a1,$a1,$a1
+	ldr	$a4,[$a_ptr,#16]
+	adcs	$a2,$a2,$a2
+	ldr	$a5,[$a_ptr,#20]
+	adcs	$a3,$a3,$a3
+	ldr	$a6,[$a_ptr,#24]
+	adcs	$a4,$a4,$a4
+	ldr	$a7,[$a_ptr,#28]
+	adcs	$a5,$a5,$a5
+	adcs	$a6,$a6,$a6
+	mov	$ff,#0
+	adcs	$a7,$a7,$a7
+	adc	$ff,$ff,#0
+
+	b	.Lreduce_by_sub
+.size	__ecp_nistz256_mul_by_2,.-__ecp_nistz256_mul_by_2
+
+@ void	ecp_nistz256_add(BN_ULONG r0[8],const BN_ULONG r1[8],
+@					const BN_ULONG r2[8]);
+.globl	ecp_nistz256_add
+.type	ecp_nistz256_add,%function
+.align	4
+ecp_nistz256_add:
+	stmdb	sp!,{r4-r12,lr}
+	bl	__ecp_nistz256_add
+#if __ARM_ARCH__>=5 || !defined(__thumb__)
+	ldmia	sp!,{r4-r12,pc}
+#else
+	ldmia	sp!,{r4-r12,lr}
+	bx	lr			@ interoperable with Thumb ISA:-)
+#endif
+.size	ecp_nistz256_add,.-ecp_nistz256_add
+
+.type	__ecp_nistz256_add,%function
+.align	4
+__ecp_nistz256_add:
+	str	lr,[sp,#-4]!		@ push lr
+
+	ldr	$a0,[$a_ptr,#0]
+	ldr	$a1,[$a_ptr,#4]
+	ldr	$a2,[$a_ptr,#8]
+	ldr	$a3,[$a_ptr,#12]
+	ldr	$a4,[$a_ptr,#16]
+	 ldr	$t0,[$b_ptr,#0]
+	ldr	$a5,[$a_ptr,#20]
+	 ldr	$t1,[$b_ptr,#4]
+	ldr	$a6,[$a_ptr,#24]
+	 ldr	$t2,[$b_ptr,#8]
+	ldr	$a7,[$a_ptr,#28]
+	 ldr	$t3,[$b_ptr,#12]
+	adds	$a0,$a0,$t0
+	 ldr	$t0,[$b_ptr,#16]
+	adcs	$a1,$a1,$t1
+	 ldr	$t1,[$b_ptr,#20]
+	adcs	$a2,$a2,$t2
+	 ldr	$t2,[$b_ptr,#24]
+	adcs	$a3,$a3,$t3
+	 ldr	$t3,[$b_ptr,#28]
+	adcs	$a4,$a4,$t0
+	adcs	$a5,$a5,$t1
+	adcs	$a6,$a6,$t2
+	mov	$ff,#0
+	adcs	$a7,$a7,$t3
+	adc	$ff,$ff,#0
+	ldr	lr,[sp],#4		@ pop lr
+
+.Lreduce_by_sub:
+
+	@ if a+b >= modulus, subtract modulus.
+	@
+	@ But since comparison implies subtraction, we subtract
+	@ modulus and then add it back if subtraction borrowed.
+
+	subs	$a0,$a0,#-1
+	sbcs	$a1,$a1,#-1
+	sbcs	$a2,$a2,#-1
+	sbcs	$a3,$a3,#0
+	sbcs	$a4,$a4,#0
+	sbcs	$a5,$a5,#0
+	sbcs	$a6,$a6,#1
+	sbcs	$a7,$a7,#-1
+	sbc	$ff,$ff,#0
+
+	@ Note that because mod has special form, i.e. consists of
+	@ 0xffffffff, 1 and 0s, we can conditionally synthesize it by
+	@ using value of borrow as a whole or extracting single bit.
+	@ Follow $ff register...
+
+	adds	$a0,$a0,$ff		@ add synthesized modulus
+	adcs	$a1,$a1,$ff
+	str	$a0,[$r_ptr,#0]
+	adcs	$a2,$a2,$ff
+	str	$a1,[$r_ptr,#4]
+	adcs	$a3,$a3,#0
+	str	$a2,[$r_ptr,#8]
+	adcs	$a4,$a4,#0
+	str	$a3,[$r_ptr,#12]
+	adcs	$a5,$a5,#0
+	str	$a4,[$r_ptr,#16]
+	adcs	$a6,$a6,$ff,lsr#31
+	str	$a5,[$r_ptr,#20]
+	adcs	$a7,$a7,$ff
+	str	$a6,[$r_ptr,#24]
+	str	$a7,[$r_ptr,#28]
+
+	mov	pc,lr
+.size	__ecp_nistz256_add,.-__ecp_nistz256_add
+
+@ void	ecp_nistz256_mul_by_3(BN_ULONG r0[8],const BN_ULONG r1[8]);
+.globl	ecp_nistz256_mul_by_3
+.type	ecp_nistz256_mul_by_3,%function
+.align	4
+ecp_nistz256_mul_by_3:
+	stmdb	sp!,{r4-r12,lr}
+	bl	__ecp_nistz256_mul_by_3
+#if __ARM_ARCH__>=5 || !defined(__thumb__)
+	ldmia	sp!,{r4-r12,pc}
+#else
+	ldmia	sp!,{r4-r12,lr}
+	bx	lr			@ interoperable with Thumb ISA:-)
+#endif
+.size	ecp_nistz256_mul_by_3,.-ecp_nistz256_mul_by_3
+
+.type	__ecp_nistz256_mul_by_3,%function
+.align	4
+__ecp_nistz256_mul_by_3:
+	str	lr,[sp,#-4]!		@ push lr
+
+	@ As multiplication by 3 is performed as 2*n+n, below are inline
+	@ copies of __ecp_nistz256_mul_by_2 and __ecp_nistz256_add, see
+	@ corresponding subroutines for details.
+
+	ldr	$a0,[$a_ptr,#0]
+	ldr	$a1,[$a_ptr,#4]
+	ldr	$a2,[$a_ptr,#8]
+	adds	$a0,$a0,$a0		@ a[0:7]+=a[0:7]
+	ldr	$a3,[$a_ptr,#12]
+	adcs	$a1,$a1,$a1
+	ldr	$a4,[$a_ptr,#16]
+	adcs	$a2,$a2,$a2
+	ldr	$a5,[$a_ptr,#20]
+	adcs	$a3,$a3,$a3
+	ldr	$a6,[$a_ptr,#24]
+	adcs	$a4,$a4,$a4
+	ldr	$a7,[$a_ptr,#28]
+	adcs	$a5,$a5,$a5
+	adcs	$a6,$a6,$a6
+	mov	$ff,#0
+	adcs	$a7,$a7,$a7
+	adc	$ff,$ff,#0
+
+	subs	$a0,$a0,#-1		@ .Lreduce_by_sub but without stores
+	sbcs	$a1,$a1,#-1
+	sbcs	$a2,$a2,#-1
+	sbcs	$a3,$a3,#0
+	sbcs	$a4,$a4,#0
+	sbcs	$a5,$a5,#0
+	sbcs	$a6,$a6,#1
+	sbcs	$a7,$a7,#-1
+	sbc	$ff,$ff,#0
+
+	adds	$a0,$a0,$ff		@ add synthesized modulus
+	adcs	$a1,$a1,$ff
+	adcs	$a2,$a2,$ff
+	adcs	$a3,$a3,#0
+	adcs	$a4,$a4,#0
+	 ldr	$b_ptr,[$a_ptr,#0]
+	adcs	$a5,$a5,#0
+	 ldr	$t1,[$a_ptr,#4]
+	adcs	$a6,$a6,$ff,lsr#31
+	 ldr	$t2,[$a_ptr,#8]
+	adc	$a7,$a7,$ff
+
+	ldr	$t0,[$a_ptr,#12]
+	adds	$a0,$a0,$b_ptr		@ 2*a[0:7]+=a[0:7]
+	ldr	$b_ptr,[$a_ptr,#16]
+	adcs	$a1,$a1,$t1
+	ldr	$t1,[$a_ptr,#20]
+	adcs	$a2,$a2,$t2
+	ldr	$t2,[$a_ptr,#24]
+	adcs	$a3,$a3,$t0
+	ldr	$t3,[$a_ptr,#28]
+	adcs	$a4,$a4,$b_ptr
+	adcs	$a5,$a5,$t1
+	adcs	$a6,$a6,$t2
+	mov	$ff,#0
+	adcs	$a7,$a7,$t3
+	adc	$ff,$ff,#0
+	ldr	lr,[sp],#4		@ pop lr
+
+	b	.Lreduce_by_sub
+.size	ecp_nistz256_mul_by_3,.-ecp_nistz256_mul_by_3
+
+@ void	ecp_nistz256_div_by_2(BN_ULONG r0[8],const BN_ULONG r1[8]);
+.globl	ecp_nistz256_div_by_2
+.type	ecp_nistz256_div_by_2,%function
+.align	4
+ecp_nistz256_div_by_2:
+	stmdb	sp!,{r4-r12,lr}
+	bl	__ecp_nistz256_div_by_2
+#if __ARM_ARCH__>=5 || !defined(__thumb__)
+	ldmia	sp!,{r4-r12,pc}
+#else
+	ldmia	sp!,{r4-r12,lr}
+	bx	lr			@ interoperable with Thumb ISA:-)
+#endif
+.size	ecp_nistz256_div_by_2,.-ecp_nistz256_div_by_2
+
+.type	__ecp_nistz256_div_by_2,%function
+.align	4
+__ecp_nistz256_div_by_2:
+	@ ret = (a is odd ? a+mod : a) >> 1
+
+	ldr	$a0,[$a_ptr,#0]
+	ldr	$a1,[$a_ptr,#4]
+	ldr	$a2,[$a_ptr,#8]
+	mov	$ff,$a0,lsl#31		@ place least significant bit to most
+					@ significant position, now arithmetic
+					@ right shift by 31 will produce -1 or
+					@ 0, while logical right shift 1 or 0,
+					@ this is how modulus is conditionally
+					@ synthesized in this case...
+	ldr	$a3,[$a_ptr,#12]
+	adds	$a0,$a0,$ff,asr#31
+	ldr	$a4,[$a_ptr,#16]
+	adcs	$a1,$a1,$ff,asr#31
+	ldr	$a5,[$a_ptr,#20]
+	adcs	$a2,$a2,$ff,asr#31
+	ldr	$a6,[$a_ptr,#24]
+	adcs	$a3,$a3,#0
+	ldr	$a7,[$a_ptr,#28]
+	adcs	$a4,$a4,#0
+	 mov	$a0,$a0,lsr#1		@ a[0:7]>>=1, we can start early
+					@ because it doesn't affect flags
+	adcs	$a5,$a5,#0
+	 orr	$a0,$a0,$a1,lsl#31
+	adcs	$a6,$a6,$ff,lsr#31
+	mov	$b_ptr,#0
+	adcs	$a7,$a7,$ff,asr#31
+	 mov	$a1,$a1,lsr#1
+	adc	$b_ptr,$b_ptr,#0	@ top-most carry bit from addition
+
+	orr	$a1,$a1,$a2,lsl#31
+	mov	$a2,$a2,lsr#1
+	str	$a0,[$r_ptr,#0]
+	orr	$a2,$a2,$a3,lsl#31
+	mov	$a3,$a3,lsr#1
+	str	$a1,[$r_ptr,#4]
+	orr	$a3,$a3,$a4,lsl#31
+	mov	$a4,$a4,lsr#1
+	str	$a2,[$r_ptr,#8]
+	orr	$a4,$a4,$a5,lsl#31
+	mov	$a5,$a5,lsr#1
+	str	$a3,[$r_ptr,#12]
+	orr	$a5,$a5,$a6,lsl#31
+	mov	$a6,$a6,lsr#1
+	str	$a4,[$r_ptr,#16]
+	orr	$a6,$a6,$a7,lsl#31
+	mov	$a7,$a7,lsr#1
+	str	$a5,[$r_ptr,#20]
+	orr	$a7,$a7,$b_ptr,lsl#31	@ don't forget the top-most carry bit
+	str	$a6,[$r_ptr,#24]
+	str	$a7,[$r_ptr,#28]
+
+	mov	pc,lr
+.size	__ecp_nistz256_div_by_2,.-__ecp_nistz256_div_by_2
+
+@ void	ecp_nistz256_sub(BN_ULONG r0[8],const BN_ULONG r1[8],
+@				        const BN_ULONG r2[8]);
+.globl	ecp_nistz256_sub
+.type	ecp_nistz256_sub,%function
+.align	4
+ecp_nistz256_sub:
+	stmdb	sp!,{r4-r12,lr}
+	bl	__ecp_nistz256_sub
+#if __ARM_ARCH__>=5 || !defined(__thumb__)
+	ldmia	sp!,{r4-r12,pc}
+#else
+	ldmia	sp!,{r4-r12,lr}
+	bx	lr			@ interoperable with Thumb ISA:-)
+#endif
+.size	ecp_nistz256_sub,.-ecp_nistz256_sub
+
+.type	__ecp_nistz256_sub,%function
+.align	4
+__ecp_nistz256_sub:
+	str	lr,[sp,#-4]!		@ push lr
+
+	ldr	$a0,[$a_ptr,#0]
+	ldr	$a1,[$a_ptr,#4]
+	ldr	$a2,[$a_ptr,#8]
+	ldr	$a3,[$a_ptr,#12]
+	ldr	$a4,[$a_ptr,#16]
+	 ldr	$t0,[$b_ptr,#0]
+	ldr	$a5,[$a_ptr,#20]
+	 ldr	$t1,[$b_ptr,#4]
+	ldr	$a6,[$a_ptr,#24]
+	 ldr	$t2,[$b_ptr,#8]
+	ldr	$a7,[$a_ptr,#28]
+	 ldr	$t3,[$b_ptr,#12]
+	subs	$a0,$a0,$t0
+	 ldr	$t0,[$b_ptr,#16]
+	sbcs	$a1,$a1,$t1
+	 ldr	$t1,[$b_ptr,#20]
+	sbcs	$a2,$a2,$t2
+	 ldr	$t2,[$b_ptr,#24]
+	sbcs	$a3,$a3,$t3
+	 ldr	$t3,[$b_ptr,#28]
+	sbcs	$a4,$a4,$t0
+	sbcs	$a5,$a5,$t1
+	sbcs	$a6,$a6,$t2
+	sbcs	$a7,$a7,$t3
+	sbc	$ff,$ff,$ff		@ broadcast borrow bit
+	ldr	lr,[sp],#4		@ pop lr
+
+.Lreduce_by_add:
+
+	@ if a-b borrows, add modulus.
+	@
+	@ Note that because mod has special form, i.e. consists of
+	@ 0xffffffff, 1 and 0s, we can conditionally synthesize it by
+	@ broadcasting borrow bit to a register, $ff, and using it as
+	@ a whole or extracting single bit.
+
+	adds	$a0,$a0,$ff		@ add synthesized modulus
+	adcs	$a1,$a1,$ff
+	str	$a0,[$r_ptr,#0]
+	adcs	$a2,$a2,$ff
+	str	$a1,[$r_ptr,#4]
+	adcs	$a3,$a3,#0
+	str	$a2,[$r_ptr,#8]
+	adcs	$a4,$a4,#0
+	str	$a3,[$r_ptr,#12]
+	adcs	$a5,$a5,#0
+	str	$a4,[$r_ptr,#16]
+	adcs	$a6,$a6,$ff,lsr#31
+	str	$a5,[$r_ptr,#20]
+	adcs	$a7,$a7,$ff
+	str	$a6,[$r_ptr,#24]
+	str	$a7,[$r_ptr,#28]
+
+	mov	pc,lr
+.size	__ecp_nistz256_sub,.-__ecp_nistz256_sub
+
+@ void	ecp_nistz256_neg(BN_ULONG r0[8],const BN_ULONG r1[8]);
+.globl	ecp_nistz256_neg
+.type	ecp_nistz256_neg,%function
+.align	4
+ecp_nistz256_neg:
+	stmdb	sp!,{r4-r12,lr}
+	bl	__ecp_nistz256_neg
+#if __ARM_ARCH__>=5 || !defined(__thumb__)
+	ldmia	sp!,{r4-r12,pc}
+#else
+	ldmia	sp!,{r4-r12,lr}
+	bx	lr			@ interoperable with Thumb ISA:-)
+#endif
+.size	ecp_nistz256_neg,.-ecp_nistz256_neg
+
+.type	__ecp_nistz256_neg,%function
+.align	4
+__ecp_nistz256_neg:
+	ldr	$a0,[$a_ptr,#0]
+	eor	$ff,$ff,$ff
+	ldr	$a1,[$a_ptr,#4]
+	ldr	$a2,[$a_ptr,#8]
+	subs	$a0,$ff,$a0
+	ldr	$a3,[$a_ptr,#12]
+	sbcs	$a1,$ff,$a1
+	ldr	$a4,[$a_ptr,#16]
+	sbcs	$a2,$ff,$a2
+	ldr	$a5,[$a_ptr,#20]
+	sbcs	$a3,$ff,$a3
+	ldr	$a6,[$a_ptr,#24]
+	sbcs	$a4,$ff,$a4
+	ldr	$a7,[$a_ptr,#28]
+	sbcs	$a5,$ff,$a5
+	sbcs	$a6,$ff,$a6
+	sbcs	$a7,$ff,$a7
+	sbc	$ff,$ff,$ff
+
+	b	.Lreduce_by_add
+.size	__ecp_nistz256_neg,.-__ecp_nistz256_neg
+___
+{
+my @acc=map("r$_",(3..11));
+my ($t0,$t1,$bj,$t2,$t3)=map("r$_",(0,1,2,12,14));
+
+$code.=<<___;
+@ void	ecp_nistz256_sqr_mont(BN_ULONG r0[8],const BN_ULONG r1[8]);
+.globl	ecp_nistz256_sqr_mont
+.type	ecp_nistz256_sqr_mont,%function
+.align	4
+ecp_nistz256_sqr_mont:
+	mov	$b_ptr,$a_ptr
+	b	.Lecp_nistz256_mul_mont
+.size	ecp_nistz256_sqr_mont,.-ecp_nistz256_sqr_mont
+
+@ void	ecp_nistz256_mul_mont(BN_ULONG r0[8],const BN_ULONG r1[8],
+@					     const BN_ULONG r2[8]);
+.globl	ecp_nistz256_mul_mont
+.type	ecp_nistz256_mul_mont,%function
+.align	4
+ecp_nistz256_mul_mont:
+.Lecp_nistz256_mul_mont:
+	stmdb	sp!,{r4-r12,lr}
+	bl	__ecp_nistz256_mul_mont
+#if __ARM_ARCH__>=5 || !defined(__thumb__)
+	ldmia	sp!,{r4-r12,pc}
+#else
+	ldmia	sp!,{r4-r12,lr}
+	bx	lr			@ interoperable with Thumb ISA:-)
+#endif
+.size	ecp_nistz256_mul_mont,.-ecp_nistz256_mul_mont
+
+.type	__ecp_nistz256_mul_mont,%function
+.align	4
+__ecp_nistz256_mul_mont:
+	stmdb	sp!,{r0-r2,lr}			@ make a copy of arguments too
+
+	ldr	$bj,[$b_ptr,#0]			@ b[0]
+	ldmia	$a_ptr,{@acc[1]-@acc[8]}
+
+	umull	@acc[0],$t3,@acc[1],$bj		@ r[0]=a[0]*b[0]
+	stmdb	sp!,{$acc[1]-@acc[8]}		@ copy a[0-7] to stack, so
+						@ that it can be addressed
+						@ without spending register
+						@ on address
+	umull	@acc[1],$t0,@acc[2],$bj		@ r[1]=a[1]*b[0]
+	umull	@acc[2],$t1,@acc[3],$bj
+	adds	@acc[1],@acc[1],$t3		@ accumulate high part of mult
+	umull	@acc[3],$t2,@acc[4],$bj
+	adcs	@acc[2],@acc[2],$t0
+	umull	@acc[4],$t3,@acc[5],$bj
+	adcs	@acc[3],@acc[3],$t1
+	umull	@acc[5],$t0,@acc[6],$bj
+	adcs	@acc[4],@acc[4],$t2
+	umull	@acc[6],$t1,@acc[7],$bj
+	adcs	@acc[5],@acc[5],$t3
+	umull	@acc[7],$t2,@acc[8],$bj
+	adcs	@acc[6],@acc[6],$t0
+	adcs	@acc[7],@acc[7],$t1
+	eor	$t3,$t3,$t3			@ first overflow bit is zero
+	adc	@acc[8],$t2,#0
+___
+for(my $i=1;$i<8;$i++) {
+my $t4=@acc[0];
+
+	# Reduction iteration is normally performed by accumulating
+	# result of multiplication of modulus by "magic" digit [and
+	# omitting least significant word, which is guaranteed to
+	# be 0], but thanks to special form of modulus and "magic"
+	# digit being equal to least significant word, it can be
+	# performed with additions and subtractions alone. Indeed:
+	#
+	#        ffff.0001.0000.0000.0000.ffff.ffff.ffff
+	# *                                         abcd
+	# + xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.abcd
+	#
+	# Now observing that ff..ff*x = (2^n-1)*x = 2^n*x-x, we
+	# rewrite above as:
+	#
+	#   xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.abcd
+	# + abcd.0000.abcd.0000.0000.abcd.0000.0000.0000
+	# -      abcd.0000.0000.0000.0000.0000.0000.abcd
+	#
+	# or marking redundant operations:
+	#
+	#   xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.----
+	# + abcd.0000.abcd.0000.0000.abcd.----.----.----
+	# -      abcd.----.----.----.----.----.----.----
+
+$code.=<<___;
+	@ multiplication-less reduction $i
+	adds	@acc[3],@acc[3],@acc[0]		@ r[3]+=r[0]
+	 ldr	$bj,[sp,#40]			@ restore b_ptr
+	adcs	@acc[4],@acc[4],#0		@ r[4]+=0
+	adcs	@acc[5],@acc[5],#0		@ r[5]+=0
+	adcs	@acc[6],@acc[6],@acc[0]		@ r[6]+=r[0]
+	 ldr	$t1,[sp,#0]			@ load a[0]
+	adcs	@acc[7],@acc[7],#0		@ r[7]+=0
+	 ldr	$bj,[$bj,#4*$i]			@ load b[i]
+	adcs	@acc[8],@acc[8],@acc[0]		@ r[8]+=r[0]
+	 eor	$t0,$t0,$t0
+	adc	$t3,$t3,#0			@ overflow bit
+	subs	@acc[7],@acc[7],@acc[0]		@ r[7]-=r[0]
+	 ldr	$t2,[sp,#4]			@ a[1]
+	sbcs	@acc[8],@acc[8],#0		@ r[8]-=0
+	 umlal	@acc[1],$t0,$t1,$bj		@ "r[0]"+=a[0]*b[i]
+	 eor	$t1,$t1,$t1
+	sbc	@acc[0],$t3,#0			@ overflow bit, keep in mind
+						@ that netto result is
+						@ addition of a value which
+						@ makes underflow impossible
+
+	ldr	$t3,[sp,#8]			@ a[2]
+	umlal	@acc[2],$t1,$t2,$bj		@ "r[1]"+=a[1]*b[i]
+	 str	@acc[0],[sp,#36]		@ temporarily offload overflow
+	eor	$t2,$t2,$t2
+	ldr	$t4,[sp,#12]			@ a[3], $t4 is alias @acc[0]
+	umlal	@acc[3],$t2,$t3,$bj		@ "r[2]"+=a[2]*b[i]
+	eor	$t3,$t3,$t3
+	adds	@acc[2],@acc[2],$t0		@ accumulate high part of mult
+	ldr	$t0,[sp,#16]			@ a[4]
+	umlal	@acc[4],$t3,$t4,$bj		@ "r[3]"+=a[3]*b[i]
+	eor	$t4,$t4,$t4
+	adcs	@acc[3],@acc[3],$t1
+	ldr	$t1,[sp,#20]			@ a[5]
+	umlal	@acc[5],$t4,$t0,$bj		@ "r[4]"+=a[4]*b[i]
+	eor	$t0,$t0,$t0
+	adcs	@acc[4],@acc[4],$t2
+	ldr	$t2,[sp,#24]			@ a[6]
+	umlal	@acc[6],$t0,$t1,$bj		@ "r[5]"+=a[5]*b[i]
+	eor	$t1,$t1,$t1
+	adcs	@acc[5],@acc[5],$t3
+	ldr	$t3,[sp,#28]			@ a[7]
+	umlal	@acc[7],$t1,$t2,$bj		@ "r[6]"+=a[6]*b[i]
+	eor	$t2,$t2,$t2
+	adcs	@acc[6],@acc[6],$t4
+	 ldr	@acc[0],[sp,#36]		@ restore overflow bit
+	umlal	@acc[8],$t2,$t3,$bj		@ "r[7]"+=a[7]*b[i]
+	eor	$t3,$t3,$t3
+	adcs	@acc[7],@acc[7],$t0
+	adcs	@acc[8],@acc[8],$t1
+	adcs	@acc[0],$acc[0],$t2
+	adc	$t3,$t3,#0			@ new overflow bit
+___
+	push(@acc,shift(@acc));			# rotate registers, so that
+						# "r[i]" becomes r[i]
+}
+$code.=<<___;
+	@ last multiplication-less reduction
+	adds	@acc[3],@acc[3],@acc[0]
+	ldr	$r_ptr,[sp,#32]			@ restore r_ptr
+	adcs	@acc[4],@acc[4],#0
+	adcs	@acc[5],@acc[5],#0
+	adcs	@acc[6],@acc[6],@acc[0]
+	adcs	@acc[7],@acc[7],#0
+	adcs	@acc[8],@acc[8],@acc[0]
+	adc	$t3,$t3,#0
+	subs	@acc[7],@acc[7],@acc[0]
+	sbcs	@acc[8],@acc[8],#0
+	sbc	@acc[0],$t3,#0			@ overflow bit
+
+	@ Final step is "if result > mod, subtract mod", but we do it
+	@ "other way around", namely subtract modulus from result
+	@ and if it borrowed, add modulus back.
+
+	adds	@acc[1],@acc[1],#1		@ subs	@acc[1],@acc[1],#-1
+	adcs	@acc[2],@acc[2],#0		@ sbcs	@acc[2],@acc[2],#-1
+	adcs	@acc[3],@acc[3],#0		@ sbcs	@acc[3],@acc[3],#-1
+	sbcs	@acc[4],@acc[4],#0
+	sbcs	@acc[5],@acc[5],#0
+	sbcs	@acc[6],@acc[6],#0
+	sbcs	@acc[7],@acc[7],#1
+	adcs	@acc[8],@acc[8],#0		@ sbcs	@acc[8],@acc[8],#-1
+	ldr	lr,[sp,#44]			@ restore lr
+	sbc	@acc[0],@acc[0],#0		@ broadcast borrow bit
+	add	sp,sp,#48
+
+	@ Note that because mod has special form, i.e. consists of
+	@ 0xffffffff, 1 and 0s, we can conditionally synthesize it by
+	@ broadcasting borrow bit to a register, @acc[0], and using it as
+	@ a whole or extracting single bit.
+
+	adds	@acc[1],@acc[1],@acc[0]		@ add modulus or zero
+	adcs	@acc[2],@acc[2],@acc[0]
+	str	@acc[1],[$r_ptr,#0]
+	adcs	@acc[3],@acc[3],@acc[0]
+	str	@acc[2],[$r_ptr,#4]
+	adcs	@acc[4],@acc[4],#0
+	str	@acc[3],[$r_ptr,#8]
+	adcs	@acc[5],@acc[5],#0
+	str	@acc[4],[$r_ptr,#12]
+	adcs	@acc[6],@acc[6],#0
+	str	@acc[5],[$r_ptr,#16]
+	adcs	@acc[7],@acc[7],@acc[0],lsr#31
+	str	@acc[6],[$r_ptr,#20]
+	adc	@acc[8],@acc[8],@acc[0]
+	str	@acc[7],[$r_ptr,#24]
+	str	@acc[8],[$r_ptr,#28]
+
+	mov	pc,lr
+.size	__ecp_nistz256_mul_mont,.-__ecp_nistz256_mul_mont
+___
+}
+
+{
+my ($out,$inp,$index,$mask)=map("r$_",(0..3));
+$code.=<<___;
+@ void	ecp_nistz256_scatter_w5(void *r0,const P256_POINT *r1,
+@					 int r2);
+.globl	ecp_nistz256_scatter_w5
+.type	ecp_nistz256_scatter_w5,%function
+.align	5
+ecp_nistz256_scatter_w5:
+	stmdb	sp!,{r4-r11}
+
+	add	$out,$out,$index,lsl#2
+
+	ldmia	$inp!,{r4-r11}		@ X
+	str	r4,[$out,#64*0-4]
+	str	r5,[$out,#64*1-4]
+	str	r6,[$out,#64*2-4]
+	str	r7,[$out,#64*3-4]
+	str	r8,[$out,#64*4-4]
+	str	r9,[$out,#64*5-4]
+	str	r10,[$out,#64*6-4]
+	str	r11,[$out,#64*7-4]
+	add	$out,$out,#64*8
+
+	ldmia	$inp!,{r4-r11}		@ Y
+	str	r4,[$out,#64*0-4]
+	str	r5,[$out,#64*1-4]
+	str	r6,[$out,#64*2-4]
+	str	r7,[$out,#64*3-4]
+	str	r8,[$out,#64*4-4]
+	str	r9,[$out,#64*5-4]
+	str	r10,[$out,#64*6-4]
+	str	r11,[$out,#64*7-4]
+	add	$out,$out,#64*8
+
+	ldmia	$inp,{r4-r11}		@ Z
+	str	r4,[$out,#64*0-4]
+	str	r5,[$out,#64*1-4]
+	str	r6,[$out,#64*2-4]
+	str	r7,[$out,#64*3-4]
+	str	r8,[$out,#64*4-4]
+	str	r9,[$out,#64*5-4]
+	str	r10,[$out,#64*6-4]
+	str	r11,[$out,#64*7-4]
+
+	ldmia	sp!,{r4-r11}
+#if __ARM_ARCH__>=5 || defined(__thumb__)
+	bx	lr
+#else
+	mov	pc,lr
+#endif
+.size	ecp_nistz256_scatter_w5,.-ecp_nistz256_scatter_w5
+
+@ void	ecp_nistz256_gather_w5(P256_POINT *r0,const void *r1,
+@					      int r2);
+.globl	ecp_nistz256_gather_w5
+.type	ecp_nistz256_gather_w5,%function
+.align	5
+ecp_nistz256_gather_w5:
+	stmdb	sp!,{r4-r11}
+
+	cmp	$index,#0
+	mov	$mask,#0
+#ifdef	__thumb2__
+	itt	ne
+#endif
+	subne	$index,$index,#1
+	movne	$mask,#-1
+	add	$inp,$inp,$index,lsl#2
+
+	ldr	r4,[$inp,#64*0]
+	ldr	r5,[$inp,#64*1]
+	ldr	r6,[$inp,#64*2]
+	and	r4,r4,$mask
+	ldr	r7,[$inp,#64*3]
+	and	r5,r5,$mask
+	ldr	r8,[$inp,#64*4]
+	and	r6,r6,$mask
+	ldr	r9,[$inp,#64*5]
+	and	r7,r7,$mask
+	ldr	r10,[$inp,#64*6]
+	and	r8,r8,$mask
+	ldr	r11,[$inp,#64*7]
+	add	$inp,$inp,#64*8
+	and	r9,r9,$mask
+	and	r10,r10,$mask
+	and	r11,r11,$mask
+	stmia	$out!,{r4-r11}	@ X
+
+	ldr	r4,[$inp,#64*0]
+	ldr	r5,[$inp,#64*1]
+	ldr	r6,[$inp,#64*2]
+	and	r4,r4,$mask
+	ldr	r7,[$inp,#64*3]
+	and	r5,r5,$mask
+	ldr	r8,[$inp,#64*4]
+	and	r6,r6,$mask
+	ldr	r9,[$inp,#64*5]
+	and	r7,r7,$mask
+	ldr	r10,[$inp,#64*6]
+	and	r8,r8,$mask
+	ldr	r11,[$inp,#64*7]
+	add	$inp,$inp,#64*8
+	and	r9,r9,$mask
+	and	r10,r10,$mask
+	and	r11,r11,$mask
+	stmia	$out!,{r4-r11}	@ Y
+
+	ldr	r4,[$inp,#64*0]
+	ldr	r5,[$inp,#64*1]
+	ldr	r6,[$inp,#64*2]
+	and	r4,r4,$mask
+	ldr	r7,[$inp,#64*3]
+	and	r5,r5,$mask
+	ldr	r8,[$inp,#64*4]
+	and	r6,r6,$mask
+	ldr	r9,[$inp,#64*5]
+	and	r7,r7,$mask
+	ldr	r10,[$inp,#64*6]
+	and	r8,r8,$mask
+	ldr	r11,[$inp,#64*7]
+	and	r9,r9,$mask
+	and	r10,r10,$mask
+	and	r11,r11,$mask
+	stmia	$out,{r4-r11}		@ Z
+
+	ldmia	sp!,{r4-r11}
+#if __ARM_ARCH__>=5 || defined(__thumb__)
+	bx	lr
+#else
+	mov	pc,lr
+#endif
+.size	ecp_nistz256_gather_w5,.-ecp_nistz256_gather_w5
+
+@ void	ecp_nistz256_scatter_w7(void *r0,const P256_POINT_AFFINE *r1,
+@					 int r2);
+.globl	ecp_nistz256_scatter_w7
+.type	ecp_nistz256_scatter_w7,%function
+.align	5
+ecp_nistz256_scatter_w7:
+	add	$out,$out,$index
+	mov	$index,#64/4
+.Loop_scatter_w7:
+	ldr	$mask,[$inp],#4
+	subs	$index,$index,#1
+	strb	$mask,[$out,#64*0]
+	mov	$mask,$mask,lsr#8
+	strb	$mask,[$out,#64*1]
+	mov	$mask,$mask,lsr#8
+	strb	$mask,[$out,#64*2]
+	mov	$mask,$mask,lsr#8
+	strb	$mask,[$out,#64*3]
+	add	$out,$out,#64*4
+	bne	.Loop_scatter_w7
+
+#if __ARM_ARCH__>=5 || defined(__thumb__)
+	bx	lr
+#else
+	mov	pc,lr
+#endif
+.size	ecp_nistz256_scatter_w7,.-ecp_nistz256_scatter_w7
+
+@ void	ecp_nistz256_gather_w7(P256_POINT_AFFINE *r0,const void *r1,
+@						     int r2);
+.globl	ecp_nistz256_gather_w7
+.type	ecp_nistz256_gather_w7,%function
+.align	5
+ecp_nistz256_gather_w7:
+	stmdb	sp!,{r4-r7}
+
+	cmp	$index,#0
+	mov	$mask,#0
+#ifdef	__thumb2__
+	itt	ne
+#endif
+	subne	$index,$index,#1
+	movne	$mask,#-1
+	add	$inp,$inp,$index
+	mov	$index,#64/4
+	nop
+.Loop_gather_w7:
+	ldrb	r4,[$inp,#64*0]
+	subs	$index,$index,#1
+	ldrb	r5,[$inp,#64*1]
+	ldrb	r6,[$inp,#64*2]
+	ldrb	r7,[$inp,#64*3]
+	add	$inp,$inp,#64*4
+	orr	r4,r4,r5,lsl#8
+	orr	r4,r4,r6,lsl#16
+	orr	r4,r4,r7,lsl#24
+	and	r4,r4,$mask
+	str	r4,[$out],#4
+	bne	.Loop_gather_w7
+
+	ldmia	sp!,{r4-r7}
+#if __ARM_ARCH__>=5 || defined(__thumb__)
+	bx	lr
+#else
+	mov	pc,lr
+#endif
+.size	ecp_nistz256_gather_w7,.-ecp_nistz256_gather_w7
+___
+}
+if (0) {
+# In comparison to integer-only equivalent of below subroutine:
+#
+# Cortex-A8	+10%
+# Cortex-A9	-10%
+# Snapdragon S4	+5%
+#
+# As not all time is spent in multiplication, overall impact is deemed
+# too low to care about.
+
+my ($A0,$A1,$A2,$A3,$Bi,$zero,$temp)=map("d$_",(0..7));
+my $mask="q4";
+my $mult="q5";
+my @AxB=map("q$_",(8..15));
+
+my ($rptr,$aptr,$bptr,$toutptr)=map("r$_",(0..3));
+
+$code.=<<___;
+#if __ARM_ARCH__>=7
+.fpu	neon
+
+.globl	ecp_nistz256_mul_mont_neon
+.type	ecp_nistz256_mul_mont_neon,%function
+.align	5
+ecp_nistz256_mul_mont_neon:
+	mov	ip,sp
+	stmdb	sp!,{r4-r9}
+	vstmdb	sp!,{q4-q5}		@ ABI specification says so
+
+	sub		$toutptr,sp,#40
+	vld1.32		{${Bi}[0]},[$bptr,:32]!
+	veor		$zero,$zero,$zero
+	vld1.32		{$A0-$A3}, [$aptr]		@ can't specify :32 :-(
+	vzip.16		$Bi,$zero
+	mov		sp,$toutptr			@ alloca
+	vmov.i64	$mask,#0xffff
+
+	vmull.u32	@AxB[0],$Bi,${A0}[0]
+	vmull.u32	@AxB[1],$Bi,${A0}[1]
+	vmull.u32	@AxB[2],$Bi,${A1}[0]
+	vmull.u32	@AxB[3],$Bi,${A1}[1]
+	 vshr.u64	$temp,@AxB[0]#lo,#16
+	vmull.u32	@AxB[4],$Bi,${A2}[0]
+	 vadd.u64	@AxB[0]#hi,@AxB[0]#hi,$temp
+	vmull.u32	@AxB[5],$Bi,${A2}[1]
+	 vshr.u64	$temp,@AxB[0]#hi,#16		@ upper 32 bits of a[0]*b[0]
+	vmull.u32	@AxB[6],$Bi,${A3}[0]
+	 vand.u64	@AxB[0],@AxB[0],$mask		@ lower 32 bits of a[0]*b[0]
+	vmull.u32	@AxB[7],$Bi,${A3}[1]
+___
+for($i=1;$i<8;$i++) {
+$code.=<<___;
+	 vld1.32	{${Bi}[0]},[$bptr,:32]!
+	 veor		$zero,$zero,$zero
+	vadd.u64	@AxB[1]#lo,@AxB[1]#lo,$temp	@ reduction
+	vshl.u64	$mult,@AxB[0],#32
+	vadd.u64	@AxB[3],@AxB[3],@AxB[0]
+	vsub.u64	$mult,$mult,@AxB[0]
+	 vzip.16	$Bi,$zero
+	vadd.u64	@AxB[6],@AxB[6],@AxB[0]
+	vadd.u64	@AxB[7],@AxB[7],$mult
+___
+	push(@AxB,shift(@AxB));
+$code.=<<___;
+	vmlal.u32	@AxB[0],$Bi,${A0}[0]
+	vmlal.u32	@AxB[1],$Bi,${A0}[1]
+	vmlal.u32	@AxB[2],$Bi,${A1}[0]
+	vmlal.u32	@AxB[3],$Bi,${A1}[1]
+	 vshr.u64	$temp,@AxB[0]#lo,#16
+	vmlal.u32	@AxB[4],$Bi,${A2}[0]
+	 vadd.u64	@AxB[0]#hi,@AxB[0]#hi,$temp
+	vmlal.u32	@AxB[5],$Bi,${A2}[1]
+	 vshr.u64	$temp,@AxB[0]#hi,#16		@ upper 33 bits of a[0]*b[i]+t[0]
+	vmlal.u32	@AxB[6],$Bi,${A3}[0]
+	 vand.u64	@AxB[0],@AxB[0],$mask		@ lower 32 bits of a[0]*b[0]
+	vmull.u32	@AxB[7],$Bi,${A3}[1]
+___
+}
+$code.=<<___;
+	vadd.u64	@AxB[1]#lo,@AxB[1]#lo,$temp	@ last reduction
+	vshl.u64	$mult,@AxB[0],#32
+	vadd.u64	@AxB[3],@AxB[3],@AxB[0]
+	vsub.u64	$mult,$mult,@AxB[0]
+	vadd.u64	@AxB[6],@AxB[6],@AxB[0]
+	vadd.u64	@AxB[7],@AxB[7],$mult
+
+	vshr.u64	$temp,@AxB[1]#lo,#16		@ convert
+	vadd.u64	@AxB[1]#hi,@AxB[1]#hi,$temp
+	vshr.u64	$temp,@AxB[1]#hi,#16
+	vzip.16		@AxB[1]#lo,@AxB[1]#hi
+___
+foreach (2..7) {
+$code.=<<___;
+	vadd.u64	@AxB[$_]#lo,@AxB[$_]#lo,$temp
+	vst1.32		{@AxB[$_-1]#lo[0]},[$toutptr,:32]!
+	vshr.u64	$temp,@AxB[$_]#lo,#16
+	vadd.u64	@AxB[$_]#hi,@AxB[$_]#hi,$temp
+	vshr.u64	$temp,@AxB[$_]#hi,#16
+	vzip.16		@AxB[$_]#lo,@AxB[$_]#hi
+___
+}
+$code.=<<___;
+	vst1.32		{@AxB[7]#lo[0]},[$toutptr,:32]!
+	vst1.32		{$temp},[$toutptr]		@ upper 33 bits
+
+	ldr	r1,[sp,#0]
+	ldr	r2,[sp,#4]
+	ldr	r3,[sp,#8]
+	subs	r1,r1,#-1
+	ldr	r4,[sp,#12]
+	sbcs	r2,r2,#-1
+	ldr	r5,[sp,#16]
+	sbcs	r3,r3,#-1
+	ldr	r6,[sp,#20]
+	sbcs	r4,r4,#0
+	ldr	r7,[sp,#24]
+	sbcs	r5,r5,#0
+	ldr	r8,[sp,#28]
+	sbcs	r6,r6,#0
+	ldr	r9,[sp,#32]				@ top-most bit
+	sbcs	r7,r7,#1
+	sub	sp,ip,#40+16
+	sbcs	r8,r8,#-1
+	sbc	r9,r9,#0
+        vldmia  sp!,{q4-q5}
+
+	adds	r1,r1,r9
+	adcs	r2,r2,r9
+	str	r1,[$rptr,#0]
+	adcs	r3,r3,r9
+	str	r2,[$rptr,#4]
+	adcs	r4,r4,#0
+	str	r3,[$rptr,#8]
+	adcs	r5,r5,#0
+	str	r4,[$rptr,#12]
+	adcs	r6,r6,#0
+	str	r5,[$rptr,#16]
+	adcs	r7,r7,r9,lsr#31
+	str	r6,[$rptr,#20]
+	adcs	r8,r8,r9
+	str	r7,[$rptr,#24]
+	str	r8,[$rptr,#28]
+
+        ldmia   sp!,{r4-r9}
+	bx	lr
+.size	ecp_nistz256_mul_mont_neon,.-ecp_nistz256_mul_mont_neon
+#endif
+___
+}
+
+{{{
+########################################################################
+# Below $aN assignment matches order in which 256-bit result appears in
+# register bank at return from __ecp_nistz256_mul_mont, so that we can
+# skip over reloading it from memory. This means that below functions
+# use custom calling sequence accepting 256-bit input in registers,
+# output pointer in r0, $r_ptr, and optional pointer in r2, $b_ptr.
+#
+# See their "normal" counterparts for insights on calculations.
+
+my ($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7,
+    $t0,$t1,$t2,$t3)=map("r$_",(11,3..10,12,14,1));
+my $ff=$b_ptr;
+
+$code.=<<___;
+.type	__ecp_nistz256_sub_from,%function
+.align	5
+__ecp_nistz256_sub_from:
+	str	lr,[sp,#-4]!		@ push lr
+
+	 ldr	$t0,[$b_ptr,#0]
+	 ldr	$t1,[$b_ptr,#4]
+	 ldr	$t2,[$b_ptr,#8]
+	 ldr	$t3,[$b_ptr,#12]
+	subs	$a0,$a0,$t0
+	 ldr	$t0,[$b_ptr,#16]
+	sbcs	$a1,$a1,$t1
+	 ldr	$t1,[$b_ptr,#20]
+	sbcs	$a2,$a2,$t2
+	 ldr	$t2,[$b_ptr,#24]
+	sbcs	$a3,$a3,$t3
+	 ldr	$t3,[$b_ptr,#28]
+	sbcs	$a4,$a4,$t0
+	sbcs	$a5,$a5,$t1
+	sbcs	$a6,$a6,$t2
+	sbcs	$a7,$a7,$t3
+	sbc	$ff,$ff,$ff		@ broadcast borrow bit
+	ldr	lr,[sp],#4		@ pop lr
+
+	adds	$a0,$a0,$ff		@ add synthesized modulus
+	adcs	$a1,$a1,$ff
+	str	$a0,[$r_ptr,#0]
+	adcs	$a2,$a2,$ff
+	str	$a1,[$r_ptr,#4]
+	adcs	$a3,$a3,#0
+	str	$a2,[$r_ptr,#8]
+	adcs	$a4,$a4,#0
+	str	$a3,[$r_ptr,#12]
+	adcs	$a5,$a5,#0
+	str	$a4,[$r_ptr,#16]
+	adcs	$a6,$a6,$ff,lsr#31
+	str	$a5,[$r_ptr,#20]
+	adcs	$a7,$a7,$ff
+	str	$a6,[$r_ptr,#24]
+	str	$a7,[$r_ptr,#28]
+
+	mov	pc,lr
+.size	__ecp_nistz256_sub_from,.-__ecp_nistz256_sub_from
+
+.type	__ecp_nistz256_sub_morf,%function
+.align	5
+__ecp_nistz256_sub_morf:
+	str	lr,[sp,#-4]!		@ push lr
+
+	 ldr	$t0,[$b_ptr,#0]
+	 ldr	$t1,[$b_ptr,#4]
+	 ldr	$t2,[$b_ptr,#8]
+	 ldr	$t3,[$b_ptr,#12]
+	subs	$a0,$t0,$a0
+	 ldr	$t0,[$b_ptr,#16]
+	sbcs	$a1,$t1,$a1
+	 ldr	$t1,[$b_ptr,#20]
+	sbcs	$a2,$t2,$a2
+	 ldr	$t2,[$b_ptr,#24]
+	sbcs	$a3,$t3,$a3
+	 ldr	$t3,[$b_ptr,#28]
+	sbcs	$a4,$t0,$a4
+	sbcs	$a5,$t1,$a5
+	sbcs	$a6,$t2,$a6
+	sbcs	$a7,$t3,$a7
+	sbc	$ff,$ff,$ff		@ broadcast borrow bit
+	ldr	lr,[sp],#4		@ pop lr
+
+	adds	$a0,$a0,$ff		@ add synthesized modulus
+	adcs	$a1,$a1,$ff
+	str	$a0,[$r_ptr,#0]
+	adcs	$a2,$a2,$ff
+	str	$a1,[$r_ptr,#4]
+	adcs	$a3,$a3,#0
+	str	$a2,[$r_ptr,#8]
+	adcs	$a4,$a4,#0
+	str	$a3,[$r_ptr,#12]
+	adcs	$a5,$a5,#0
+	str	$a4,[$r_ptr,#16]
+	adcs	$a6,$a6,$ff,lsr#31
+	str	$a5,[$r_ptr,#20]
+	adcs	$a7,$a7,$ff
+	str	$a6,[$r_ptr,#24]
+	str	$a7,[$r_ptr,#28]
+
+	mov	pc,lr
+.size	__ecp_nistz256_sub_morf,.-__ecp_nistz256_sub_morf
+
+.type	__ecp_nistz256_add_self,%function
+.align	4
+__ecp_nistz256_add_self:
+	adds	$a0,$a0,$a0		@ a[0:7]+=a[0:7]
+	adcs	$a1,$a1,$a1
+	adcs	$a2,$a2,$a2
+	adcs	$a3,$a3,$a3
+	adcs	$a4,$a4,$a4
+	adcs	$a5,$a5,$a5
+	adcs	$a6,$a6,$a6
+	mov	$ff,#0
+	adcs	$a7,$a7,$a7
+	adc	$ff,$ff,#0
+
+	@ if a+b >= modulus, subtract modulus.
+	@
+	@ But since comparison implies subtraction, we subtract
+	@ modulus and then add it back if subtraction borrowed.
+
+	subs	$a0,$a0,#-1
+	sbcs	$a1,$a1,#-1
+	sbcs	$a2,$a2,#-1
+	sbcs	$a3,$a3,#0
+	sbcs	$a4,$a4,#0
+	sbcs	$a5,$a5,#0
+	sbcs	$a6,$a6,#1
+	sbcs	$a7,$a7,#-1
+	sbc	$ff,$ff,#0
+
+	@ Note that because mod has special form, i.e. consists of
+	@ 0xffffffff, 1 and 0s, we can conditionally synthesize it by
+	@ using value of borrow as a whole or extracting single bit.
+	@ Follow $ff register...
+
+	adds	$a0,$a0,$ff		@ add synthesized modulus
+	adcs	$a1,$a1,$ff
+	str	$a0,[$r_ptr,#0]
+	adcs	$a2,$a2,$ff
+	str	$a1,[$r_ptr,#4]
+	adcs	$a3,$a3,#0
+	str	$a2,[$r_ptr,#8]
+	adcs	$a4,$a4,#0
+	str	$a3,[$r_ptr,#12]
+	adcs	$a5,$a5,#0
+	str	$a4,[$r_ptr,#16]
+	adcs	$a6,$a6,$ff,lsr#31
+	str	$a5,[$r_ptr,#20]
+	adcs	$a7,$a7,$ff
+	str	$a6,[$r_ptr,#24]
+	str	$a7,[$r_ptr,#28]
+
+	mov	pc,lr
+.size	__ecp_nistz256_add_self,.-__ecp_nistz256_add_self
+
+___
+
+########################################################################
+# following subroutines are "literal" implementation of those found in
+# ecp_nistz256.c
+#
+########################################################################
+# void ecp_nistz256_point_double(P256_POINT *out,const P256_POINT *inp);
+#
+{
+my ($S,$M,$Zsqr,$in_x,$tmp0)=map(32*$_,(0..4));
+# above map() describes stack layout with 5 temporary
+# 256-bit vectors on top. Then note that we push
+# starting from r0, which means that we have copy of
+# input arguments just below these temporary vectors.
+
+$code.=<<___;
+.globl	ecp_nistz256_point_double
+.type	ecp_nistz256_point_double,%function
+.align	5
+ecp_nistz256_point_double:
+	stmdb	sp!,{r0-r12,lr}		@ push from r0, unusual, but intentional
+	sub	sp,sp,#32*5
+
+.Lpoint_double_shortcut:
+	add	r3,sp,#$in_x
+	ldmia	$a_ptr!,{r4-r11}	@ copy in_x
+	stmia	r3,{r4-r11}
+
+	add	$r_ptr,sp,#$S
+	bl	__ecp_nistz256_mul_by_2	@ p256_mul_by_2(S, in_y);
+
+	add	$b_ptr,$a_ptr,#32
+	add	$a_ptr,$a_ptr,#32
+	add	$r_ptr,sp,#$Zsqr
+	bl	__ecp_nistz256_mul_mont	@ p256_sqr_mont(Zsqr, in_z);
+
+	add	$a_ptr,sp,#$S
+	add	$b_ptr,sp,#$S
+	add	$r_ptr,sp,#$S
+	bl	__ecp_nistz256_mul_mont	@ p256_sqr_mont(S, S);
+
+	ldr	$b_ptr,[sp,#32*5+4]
+	add	$a_ptr,$b_ptr,#32
+	add	$b_ptr,$b_ptr,#64
+	add	$r_ptr,sp,#$tmp0
+	bl	__ecp_nistz256_mul_mont	@ p256_mul_mont(tmp0, in_z, in_y);
+
+	ldr	$r_ptr,[sp,#32*5]
+	add	$r_ptr,$r_ptr,#64
+	bl	__ecp_nistz256_add_self	@ p256_mul_by_2(res_z, tmp0);
+
+	add	$a_ptr,sp,#$in_x
+	add	$b_ptr,sp,#$Zsqr
+	add	$r_ptr,sp,#$M
+	bl	__ecp_nistz256_add	@ p256_add(M, in_x, Zsqr);
+
+	add	$a_ptr,sp,#$in_x
+	add	$b_ptr,sp,#$Zsqr
+	add	$r_ptr,sp,#$Zsqr
+	bl	__ecp_nistz256_sub	@ p256_sub(Zsqr, in_x, Zsqr);
+
+	add	$a_ptr,sp,#$S
+	add	$b_ptr,sp,#$S
+	add	$r_ptr,sp,#$tmp0
+	bl	__ecp_nistz256_mul_mont	@ p256_sqr_mont(tmp0, S);
+
+	add	$a_ptr,sp,#$Zsqr
+	add	$b_ptr,sp,#$M
+	add	$r_ptr,sp,#$M
+	bl	__ecp_nistz256_mul_mont	@ p256_mul_mont(M, M, Zsqr);
+
+	ldr	$r_ptr,[sp,#32*5]
+	add	$a_ptr,sp,#$tmp0
+	add	$r_ptr,$r_ptr,#32
+	bl	__ecp_nistz256_div_by_2	@ p256_div_by_2(res_y, tmp0);
+
+	add	$a_ptr,sp,#$M
+	add	$r_ptr,sp,#$M
+	bl	__ecp_nistz256_mul_by_3	@ p256_mul_by_3(M, M);
+
+	add	$a_ptr,sp,#$in_x
+	add	$b_ptr,sp,#$S
+	add	$r_ptr,sp,#$S
+	bl	__ecp_nistz256_mul_mont	@ p256_mul_mont(S, S, in_x);
+
+	add	$r_ptr,sp,#$tmp0
+	bl	__ecp_nistz256_add_self	@ p256_mul_by_2(tmp0, S);
+
+	ldr	$r_ptr,[sp,#32*5]
+	add	$a_ptr,sp,#$M
+	add	$b_ptr,sp,#$M
+	bl	__ecp_nistz256_mul_mont	@ p256_sqr_mont(res_x, M);
+
+	add	$b_ptr,sp,#$tmp0
+	bl	__ecp_nistz256_sub_from	@ p256_sub(res_x, res_x, tmp0);
+
+	add	$b_ptr,sp,#$S
+	add	$r_ptr,sp,#$S
+	bl	__ecp_nistz256_sub_morf	@ p256_sub(S, S, res_x);
+
+	add	$a_ptr,sp,#$M
+	add	$b_ptr,sp,#$S
+	bl	__ecp_nistz256_mul_mont	@ p256_mul_mont(S, S, M);
+
+	ldr	$r_ptr,[sp,#32*5]
+	add	$b_ptr,$r_ptr,#32
+	add	$r_ptr,$r_ptr,#32
+	bl	__ecp_nistz256_sub_from	@ p256_sub(res_y, S, res_y);
+
+	add	sp,sp,#32*5+16		@ +16 means "skip even over saved r0-r3"
+#if __ARM_ARCH__>=5 || !defined(__thumb__)
+	ldmia	sp!,{r4-r12,pc}
+#else
+	ldmia	sp!,{r4-r12,lr}
+	bx	lr			@ interoperable with Thumb ISA:-)
+#endif
+.size	ecp_nistz256_point_double,.-ecp_nistz256_point_double
+___
+}
+
+########################################################################
+# void ecp_nistz256_point_add(P256_POINT *out,const P256_POINT *in1,
+#			      const P256_POINT *in2);
+{
+my ($res_x,$res_y,$res_z,
+    $in1_x,$in1_y,$in1_z,
+    $in2_x,$in2_y,$in2_z,
+    $H,$Hsqr,$R,$Rsqr,$Hcub,
+    $U1,$U2,$S1,$S2)=map(32*$_,(0..17));
+my ($Z1sqr, $Z2sqr) = ($Hsqr, $Rsqr);
+# above map() describes stack layout with 18 temporary
+# 256-bit vectors on top. Then note that we push
+# starting from r0, which means that we have copy of
+# input arguments just below these temporary vectors.
+# We use three of them for !in1infty, !in2intfy and
+# result of check for zero.
+
+$code.=<<___;
+.globl	ecp_nistz256_point_add
+.type	ecp_nistz256_point_add,%function
+.align	5
+ecp_nistz256_point_add:
+	stmdb	sp!,{r0-r12,lr}		@ push from r0, unusual, but intentional
+	sub	sp,sp,#32*18+16
+
+	ldmia	$b_ptr!,{r4-r11}	@ copy in2_x
+	add	r3,sp,#$in2_x
+	stmia	r3!,{r4-r11}
+	ldmia	$b_ptr!,{r4-r11}	@ copy in2_y
+	stmia	r3!,{r4-r11}
+	ldmia	$b_ptr,{r4-r11}		@ copy in2_z
+	orr	r12,r4,r5
+	orr	r12,r12,r6
+	orr	r12,r12,r7
+	orr	r12,r12,r8
+	orr	r12,r12,r9
+	orr	r12,r12,r10
+	orr	r12,r12,r11
+	cmp	r12,#0
+#ifdef	__thumb2__
+	it	ne
+#endif
+	movne	r12,#-1
+	stmia	r3,{r4-r11}
+	str	r12,[sp,#32*18+8]	@ !in2infty
+
+	ldmia	$a_ptr!,{r4-r11}	@ copy in1_x
+	add	r3,sp,#$in1_x
+	stmia	r3!,{r4-r11}
+	ldmia	$a_ptr!,{r4-r11}	@ copy in1_y
+	stmia	r3!,{r4-r11}
+	ldmia	$a_ptr,{r4-r11}		@ copy in1_z
+	orr	r12,r4,r5
+	orr	r12,r12,r6
+	orr	r12,r12,r7
+	orr	r12,r12,r8
+	orr	r12,r12,r9
+	orr	r12,r12,r10
+	orr	r12,r12,r11
+	cmp	r12,#0
+#ifdef	__thumb2__
+	it	ne
+#endif
+	movne	r12,#-1
+	stmia	r3,{r4-r11}
+	str	r12,[sp,#32*18+4]	@ !in1infty
+
+	add	$a_ptr,sp,#$in2_z
+	add	$b_ptr,sp,#$in2_z
+	add	$r_ptr,sp,#$Z2sqr
+	bl	__ecp_nistz256_mul_mont	@ p256_sqr_mont(Z2sqr, in2_z);
+
+	add	$a_ptr,sp,#$in1_z
+	add	$b_ptr,sp,#$in1_z
+	add	$r_ptr,sp,#$Z1sqr
+	bl	__ecp_nistz256_mul_mont	@ p256_sqr_mont(Z1sqr, in1_z);
+
+	add	$a_ptr,sp,#$in2_z
+	add	$b_ptr,sp,#$Z2sqr
+	add	$r_ptr,sp,#$S1
+	bl	__ecp_nistz256_mul_mont	@ p256_mul_mont(S1, Z2sqr, in2_z);
+
+	add	$a_ptr,sp,#$in1_z
+	add	$b_ptr,sp,#$Z1sqr
+	add	$r_ptr,sp,#$S2
+	bl	__ecp_nistz256_mul_mont	@ p256_mul_mont(S2, Z1sqr, in1_z);
+
+	add	$a_ptr,sp,#$in1_y
+	add	$b_ptr,sp,#$S1
+	add	$r_ptr,sp,#$S1
+	bl	__ecp_nistz256_mul_mont	@ p256_mul_mont(S1, S1, in1_y);
+
+	add	$a_ptr,sp,#$in2_y
+	add	$b_ptr,sp,#$S2
+	add	$r_ptr,sp,#$S2
+	bl	__ecp_nistz256_mul_mont	@ p256_mul_mont(S2, S2, in2_y);
+
+	add	$b_ptr,sp,#$S1
+	add	$r_ptr,sp,#$R
+	bl	__ecp_nistz256_sub_from	@ p256_sub(R, S2, S1);
+
+	orr	$a0,$a0,$a1		@ see if result is zero
+	orr	$a2,$a2,$a3
+	orr	$a4,$a4,$a5
+	orr	$a0,$a0,$a2
+	orr	$a4,$a4,$a6
+	orr	$a0,$a0,$a7
+	 add	$a_ptr,sp,#$in1_x
+	orr	$a0,$a0,$a4
+	 add	$b_ptr,sp,#$Z2sqr
+	str	$a0,[sp,#32*18+12]
+
+	add	$r_ptr,sp,#$U1
+	bl	__ecp_nistz256_mul_mont	@ p256_mul_mont(U1, in1_x, Z2sqr);
+
+	add	$a_ptr,sp,#$in2_x
+	add	$b_ptr,sp,#$Z1sqr
+	add	$r_ptr,sp,#$U2
+	bl	__ecp_nistz256_mul_mont	@ p256_mul_mont(U2, in2_x, Z1sqr);
+
+	add	$b_ptr,sp,#$U1
+	add	$r_ptr,sp,#$H
+	bl	__ecp_nistz256_sub_from	@ p256_sub(H, U2, U1);
+
+	orr	$a0,$a0,$a1		@ see if result is zero
+	orr	$a2,$a2,$a3
+	orr	$a4,$a4,$a5
+	orr	$a0,$a0,$a2
+	orr	$a4,$a4,$a6
+	orr	$a0,$a0,$a7
+	orrs	$a0,$a0,$a4
+
+	bne	.Ladd_proceed		@ is_equal(U1,U2)?
+
+	ldr	$t0,[sp,#32*18+4]
+	ldr	$t1,[sp,#32*18+8]
+	ldr	$t2,[sp,#32*18+12]
+	tst	$t0,$t1
+	beq	.Ladd_proceed		@ (in1infty || in2infty)?
+	tst	$t2,$t2
+	beq	.Ladd_double		@ is_equal(S1,S2)?
+
+	ldr	$r_ptr,[sp,#32*18+16]
+	eor	r4,r4,r4
+	eor	r5,r5,r5
+	eor	r6,r6,r6
+	eor	r7,r7,r7
+	eor	r8,r8,r8
+	eor	r9,r9,r9
+	eor	r10,r10,r10
+	eor	r11,r11,r11
+	stmia	$r_ptr!,{r4-r11}
+	stmia	$r_ptr!,{r4-r11}
+	stmia	$r_ptr!,{r4-r11}
+	b	.Ladd_done
+
+.align	4
+.Ladd_double:
+	ldr	$a_ptr,[sp,#32*18+20]
+	add	sp,sp,#32*(18-5)+16	@ difference in frame sizes
+	b	.Lpoint_double_shortcut
+
+.align	4
+.Ladd_proceed:
+	add	$a_ptr,sp,#$R
+	add	$b_ptr,sp,#$R
+	add	$r_ptr,sp,#$Rsqr
+	bl	__ecp_nistz256_mul_mont	@ p256_sqr_mont(Rsqr, R);
+
+	add	$a_ptr,sp,#$H
+	add	$b_ptr,sp,#$in1_z
+	add	$r_ptr,sp,#$res_z
+	bl	__ecp_nistz256_mul_mont	@ p256_mul_mont(res_z, H, in1_z);
+
+	add	$a_ptr,sp,#$H
+	add	$b_ptr,sp,#$H
+	add	$r_ptr,sp,#$Hsqr
+	bl	__ecp_nistz256_mul_mont	@ p256_sqr_mont(Hsqr, H);
+
+	add	$a_ptr,sp,#$in2_z
+	add	$b_ptr,sp,#$res_z
+	add	$r_ptr,sp,#$res_z
+	bl	__ecp_nistz256_mul_mont	@ p256_mul_mont(res_z, res_z, in2_z);
+
+	add	$a_ptr,sp,#$H
+	add	$b_ptr,sp,#$Hsqr
+	add	$r_ptr,sp,#$Hcub
+	bl	__ecp_nistz256_mul_mont	@ p256_mul_mont(Hcub, Hsqr, H);
+
+	add	$a_ptr,sp,#$Hsqr
+	add	$b_ptr,sp,#$U1
+	add	$r_ptr,sp,#$U2
+	bl	__ecp_nistz256_mul_mont	@ p256_mul_mont(U2, U1, Hsqr);
+
+	add	$r_ptr,sp,#$Hsqr
+	bl	__ecp_nistz256_add_self	@ p256_mul_by_2(Hsqr, U2);
+
+	add	$b_ptr,sp,#$Rsqr
+	add	$r_ptr,sp,#$res_x
+	bl	__ecp_nistz256_sub_morf	@ p256_sub(res_x, Rsqr, Hsqr);
+
+	add	$b_ptr,sp,#$Hcub
+	bl	__ecp_nistz256_sub_from	@  p256_sub(res_x, res_x, Hcub);
+
+	add	$b_ptr,sp,#$U2
+	add	$r_ptr,sp,#$res_y
+	bl	__ecp_nistz256_sub_morf	@ p256_sub(res_y, U2, res_x);
+
+	add	$a_ptr,sp,#$Hcub
+	add	$b_ptr,sp,#$S1
+	add	$r_ptr,sp,#$S2
+	bl	__ecp_nistz256_mul_mont	@ p256_mul_mont(S2, S1, Hcub);
+
+	add	$a_ptr,sp,#$R
+	add	$b_ptr,sp,#$res_y
+	add	$r_ptr,sp,#$res_y
+	bl	__ecp_nistz256_mul_mont	@ p256_mul_mont(res_y, res_y, R);
+
+	add	$b_ptr,sp,#$S2
+	bl	__ecp_nistz256_sub_from	@ p256_sub(res_y, res_y, S2);
+
+	ldr	r11,[sp,#32*18+4]	@ !in1intfy
+	ldr	r12,[sp,#32*18+8]	@ !in2intfy
+	add	r1,sp,#$res_x
+	add	r2,sp,#$in2_x
+	and	r10,r11,r12
+	mvn	r11,r11
+	add	r3,sp,#$in1_x
+	and	r11,r11,r12
+	mvn	r12,r12
+	ldr	$r_ptr,[sp,#32*18+16]
+___
+for($i=0;$i<96;$i+=8) {			# conditional moves
+$code.=<<___;
+	ldmia	r1!,{r4-r5}		@ res_x
+	ldmia	r2!,{r6-r7}		@ in2_x
+	ldmia	r3!,{r8-r9}		@ in1_x
+	and	r4,r4,r10
+	and	r5,r5,r10
+	and	r6,r6,r11
+	and	r7,r7,r11
+	and	r8,r8,r12
+	and	r9,r9,r12
+	orr	r4,r4,r6
+	orr	r5,r5,r7
+	orr	r4,r4,r8
+	orr	r5,r5,r9
+	stmia	$r_ptr!,{r4-r5}
+___
+}
+$code.=<<___;
+.Ladd_done:
+	add	sp,sp,#32*18+16+16	@ +16 means "skip even over saved r0-r3"
+#if __ARM_ARCH__>=5 || !defined(__thumb__)
+	ldmia	sp!,{r4-r12,pc}
+#else
+	ldmia	sp!,{r4-r12,lr}
+	bx	lr			@ interoperable with Thumb ISA:-)
+#endif
+.size	ecp_nistz256_point_add,.-ecp_nistz256_point_add
+___
+}
+
+########################################################################
+# void ecp_nistz256_point_add_affine(P256_POINT *out,const P256_POINT *in1,
+#				     const P256_POINT_AFFINE *in2);
+{
+my ($res_x,$res_y,$res_z,
+    $in1_x,$in1_y,$in1_z,
+    $in2_x,$in2_y,
+    $U2,$S2,$H,$R,$Hsqr,$Hcub,$Rsqr)=map(32*$_,(0..14));
+my $Z1sqr = $S2;
+# above map() describes stack layout with 18 temporary
+# 256-bit vectors on top. Then note that we push
+# starting from r0, which means that we have copy of
+# input arguments just below these temporary vectors.
+# We use two of them for !in1infty, !in2intfy.
+
+my @ONE_mont=(1,0,0,-1,-1,-1,-2,0);
+
+$code.=<<___;
+.globl	ecp_nistz256_point_add_affine
+.type	ecp_nistz256_point_add_affine,%function
+.align	5
+ecp_nistz256_point_add_affine:
+	stmdb	sp!,{r0-r12,lr}		@ push from r0, unusual, but intentional
+	sub	sp,sp,#32*15
+
+	ldmia	$a_ptr!,{r4-r11}	@ copy in1_x
+	add	r3,sp,#$in1_x
+	stmia	r3!,{r4-r11}
+	ldmia	$a_ptr!,{r4-r11}	@ copy in1_y
+	stmia	r3!,{r4-r11}
+	ldmia	$a_ptr,{r4-r11}		@ copy in1_z
+	orr	r12,r4,r5
+	orr	r12,r12,r6
+	orr	r12,r12,r7
+	orr	r12,r12,r8
+	orr	r12,r12,r9
+	orr	r12,r12,r10
+	orr	r12,r12,r11
+	cmp	r12,#0
+#ifdef	__thumb2__
+	it	ne
+#endif
+	movne	r12,#-1
+	stmia	r3,{r4-r11}
+	str	r12,[sp,#32*15+4]	@ !in1infty
+
+	ldmia	$b_ptr!,{r4-r11}	@ copy in2_x
+	add	r3,sp,#$in2_x
+	orr	r12,r4,r5
+	orr	r12,r12,r6
+	orr	r12,r12,r7
+	orr	r12,r12,r8
+	orr	r12,r12,r9
+	orr	r12,r12,r10
+	orr	r12,r12,r11
+	stmia	r3!,{r4-r11}
+	ldmia	$b_ptr!,{r4-r11}	@ copy in2_y
+	orr	r12,r12,r4
+	orr	r12,r12,r5
+	orr	r12,r12,r6
+	orr	r12,r12,r7
+	orr	r12,r12,r8
+	orr	r12,r12,r9
+	orr	r12,r12,r10
+	orr	r12,r12,r11
+	stmia	r3!,{r4-r11}
+	cmp	r12,#0
+#ifdef	__thumb2__
+	it	ne
+#endif
+	movne	r12,#-1
+	str	r12,[sp,#32*15+8]	@ !in2infty
+
+	add	$a_ptr,sp,#$in1_z
+	add	$b_ptr,sp,#$in1_z
+	add	$r_ptr,sp,#$Z1sqr
+	bl	__ecp_nistz256_mul_mont	@ p256_sqr_mont(Z1sqr, in1_z);
+
+	add	$a_ptr,sp,#$Z1sqr
+	add	$b_ptr,sp,#$in2_x
+	add	$r_ptr,sp,#$U2
+	bl	__ecp_nistz256_mul_mont	@ p256_mul_mont(U2, Z1sqr, in2_x);
+
+	add	$b_ptr,sp,#$in1_x
+	add	$r_ptr,sp,#$H
+	bl	__ecp_nistz256_sub_from	@ p256_sub(H, U2, in1_x);
+
+	add	$a_ptr,sp,#$Z1sqr
+	add	$b_ptr,sp,#$in1_z
+	add	$r_ptr,sp,#$S2
+	bl	__ecp_nistz256_mul_mont	@ p256_mul_mont(S2, Z1sqr, in1_z);
+
+	add	$a_ptr,sp,#$H
+	add	$b_ptr,sp,#$in1_z
+	add	$r_ptr,sp,#$res_z
+	bl	__ecp_nistz256_mul_mont	@ p256_mul_mont(res_z, H, in1_z);
+
+	add	$a_ptr,sp,#$in2_y
+	add	$b_ptr,sp,#$S2
+	add	$r_ptr,sp,#$S2
+	bl	__ecp_nistz256_mul_mont	@ p256_mul_mont(S2, S2, in2_y);
+
+	add	$b_ptr,sp,#$in1_y
+	add	$r_ptr,sp,#$R
+	bl	__ecp_nistz256_sub_from	@ p256_sub(R, S2, in1_y);
+
+	add	$a_ptr,sp,#$H
+	add	$b_ptr,sp,#$H
+	add	$r_ptr,sp,#$Hsqr
+	bl	__ecp_nistz256_mul_mont	@ p256_sqr_mont(Hsqr, H);
+
+	add	$a_ptr,sp,#$R
+	add	$b_ptr,sp,#$R
+	add	$r_ptr,sp,#$Rsqr
+	bl	__ecp_nistz256_mul_mont	@ p256_sqr_mont(Rsqr, R);
+
+	add	$a_ptr,sp,#$H
+	add	$b_ptr,sp,#$Hsqr
+	add	$r_ptr,sp,#$Hcub
+	bl	__ecp_nistz256_mul_mont	@ p256_mul_mont(Hcub, Hsqr, H);
+
+	add	$a_ptr,sp,#$Hsqr
+	add	$b_ptr,sp,#$in1_x
+	add	$r_ptr,sp,#$U2
+	bl	__ecp_nistz256_mul_mont	@ p256_mul_mont(U2, in1_x, Hsqr);
+
+	add	$r_ptr,sp,#$Hsqr
+	bl	__ecp_nistz256_add_self	@ p256_mul_by_2(Hsqr, U2);
+
+	add	$b_ptr,sp,#$Rsqr
+	add	$r_ptr,sp,#$res_x
+	bl	__ecp_nistz256_sub_morf	@ p256_sub(res_x, Rsqr, Hsqr);
+
+	add	$b_ptr,sp,#$Hcub
+	bl	__ecp_nistz256_sub_from	@  p256_sub(res_x, res_x, Hcub);
+
+	add	$b_ptr,sp,#$U2
+	add	$r_ptr,sp,#$res_y
+	bl	__ecp_nistz256_sub_morf	@ p256_sub(res_y, U2, res_x);
+
+	add	$a_ptr,sp,#$Hcub
+	add	$b_ptr,sp,#$in1_y
+	add	$r_ptr,sp,#$S2
+	bl	__ecp_nistz256_mul_mont	@ p256_mul_mont(S2, in1_y, Hcub);
+
+	add	$a_ptr,sp,#$R
+	add	$b_ptr,sp,#$res_y
+	add	$r_ptr,sp,#$res_y
+	bl	__ecp_nistz256_mul_mont	@ p256_mul_mont(res_y, res_y, R);
+
+	add	$b_ptr,sp,#$S2
+	bl	__ecp_nistz256_sub_from	@ p256_sub(res_y, res_y, S2);
+
+	ldr	r11,[sp,#32*15+4]	@ !in1intfy
+	ldr	r12,[sp,#32*15+8]	@ !in2intfy
+	add	r1,sp,#$res_x
+	add	r2,sp,#$in2_x
+	and	r10,r11,r12
+	mvn	r11,r11
+	add	r3,sp,#$in1_x
+	and	r11,r11,r12
+	mvn	r12,r12
+	ldr	$r_ptr,[sp,#32*15]
+___
+for($i=0;$i<64;$i+=8) {			# conditional moves
+$code.=<<___;
+	ldmia	r1!,{r4-r5}		@ res_x
+	ldmia	r2!,{r6-r7}		@ in2_x
+	ldmia	r3!,{r8-r9}		@ in1_x
+	and	r4,r4,r10
+	and	r5,r5,r10
+	and	r6,r6,r11
+	and	r7,r7,r11
+	and	r8,r8,r12
+	and	r9,r9,r12
+	orr	r4,r4,r6
+	orr	r5,r5,r7
+	orr	r4,r4,r8
+	orr	r5,r5,r9
+	stmia	$r_ptr!,{r4-r5}
+___
+}
+for(;$i<96;$i+=8) {
+my $j=($i-64)/4;
+$code.=<<___;
+	ldmia	r1!,{r4-r5}		@ res_z
+	ldmia	r3!,{r8-r9}		@ in1_z
+	and	r4,r4,r10
+	and	r5,r5,r10
+	and	r6,r11,#@ONE_mont[$j]
+	and	r7,r11,#@ONE_mont[$j+1]
+	and	r8,r8,r12
+	and	r9,r9,r12
+	orr	r4,r4,r6
+	orr	r5,r5,r7
+	orr	r4,r4,r8
+	orr	r5,r5,r9
+	stmia	$r_ptr!,{r4-r5}
+___
+}
+$code.=<<___;
+	add	sp,sp,#32*15+16		@ +16 means "skip even over saved r0-r3"
+#if __ARM_ARCH__>=5 || !defined(__thumb__)
+	ldmia	sp!,{r4-r12,pc}
+#else
+	ldmia	sp!,{r4-r12,lr}
+	bx	lr			@ interoperable with Thumb ISA:-)
+#endif
+.size	ecp_nistz256_point_add_affine,.-ecp_nistz256_point_add_affine
+___
+}					}}}
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/geo;
+
+	s/\bq([0-9]+)#(lo|hi)/sprintf "d%d",2*$1+($2 eq "hi")/geo;
+
+	print $_,"\n";
+}
+close STDOUT;	# enforce flush
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/ecp_nistz256-armv8.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/ecp_nistz256-armv8.pl
new file mode 100644
index 000000000..887ddfb1e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/ecp_nistz256-armv8.pl
@@ -0,0 +1,1883 @@
+#! /usr/bin/env perl
+# Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# ECP_NISTZ256 module for ARMv8.
+#
+# February 2015.
+#
+# Original ECP_NISTZ256 submission targeting x86_64 is detailed in
+# http://eprint.iacr.org/2013/816.
+#
+#			with/without -DECP_NISTZ256_ASM
+# Apple A7		+190-360%
+# Cortex-A53		+190-400%
+# Cortex-A57		+190-350%
+# Denver		+230-400%
+#
+# Ranges denote minimum and maximum improvement coefficients depending
+# on benchmark. Lower coefficients are for ECDSA sign, server-side
+# operation. Keep in mind that +400% means 5x improvement.
+
+$flavour = shift;
+while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
+die "can't locate arm-xlate.pl";
+
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
+
+{
+my ($rp,$ap,$bp,$bi,$a0,$a1,$a2,$a3,$t0,$t1,$t2,$t3,$poly1,$poly3,
+    $acc0,$acc1,$acc2,$acc3,$acc4,$acc5) =
+    map("x$_",(0..17,19,20));
+
+my ($acc6,$acc7)=($ap,$bp);	# used in __ecp_nistz256_sqr_mont
+
+$code.=<<___;
+#include "arm_arch.h"
+
+.text
+___
+########################################################################
+# Convert ecp_nistz256_table.c to layout expected by ecp_nistz_gather_w7
+#
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+open TABLE,"<ecp_nistz256_table.c"		or
+open TABLE,"<${dir}../ecp_nistz256_table.c"	or
+die "failed to open ecp_nistz256_table.c:",$!;
+
+use integer;
+
+foreach(<TABLE>) {
+	s/TOBN\(\s*(0x[0-9a-f]+),\s*(0x[0-9a-f]+)\s*\)/push @arr,hex($2),hex($1)/geo;
+}
+close TABLE;
+
+# See ecp_nistz256_table.c for explanation for why it's 64*16*37.
+# 64*16*37-1 is because $#arr returns last valid index or @arr, not
+# amount of elements.
+die "insane number of elements" if ($#arr != 64*16*37-1);
+
+$code.=<<___;
+.globl	ecp_nistz256_precomputed
+.type	ecp_nistz256_precomputed,%object
+.align	12
+ecp_nistz256_precomputed:
+___
+########################################################################
+# this conversion smashes P256_POINT_AFFINE by individual bytes with
+# 64 byte interval, similar to
+#	1111222233334444
+#	1234123412341234
+for(1..37) {
+	@tbl = splice(@arr,0,64*16);
+	for($i=0;$i<64;$i++) {
+		undef @line;
+		for($j=0;$j<64;$j++) {
+			push @line,(@tbl[$j*16+$i/4]>>(($i%4)*8))&0xff;
+		}
+		$code.=".byte\t";
+		$code.=join(',',map { sprintf "0x%02x",$_} @line);
+		$code.="\n";
+	}
+}
+$code.=<<___;
+.size	ecp_nistz256_precomputed,.-ecp_nistz256_precomputed
+.align	5
+.Lpoly:
+.quad	0xffffffffffffffff,0x00000000ffffffff,0x0000000000000000,0xffffffff00000001
+.LRR:	// 2^512 mod P precomputed for NIST P256 polynomial
+.quad	0x0000000000000003,0xfffffffbffffffff,0xfffffffffffffffe,0x00000004fffffffd
+.Lone_mont:
+.quad	0x0000000000000001,0xffffffff00000000,0xffffffffffffffff,0x00000000fffffffe
+.Lone:
+.quad	1,0,0,0
+.Lord:
+.quad	0xf3b9cac2fc632551,0xbce6faada7179e84,0xffffffffffffffff,0xffffffff00000000
+.LordK:
+.quad	0xccd1c8aaee00bc4f
+.asciz	"ECP_NISTZ256 for ARMv8, CRYPTOGAMS by <appro\@openssl.org>"
+
+// void	ecp_nistz256_to_mont(BN_ULONG x0[4],const BN_ULONG x1[4]);
+.globl	ecp_nistz256_to_mont
+.type	ecp_nistz256_to_mont,%function
+.align	6
+ecp_nistz256_to_mont:
+	.inst	0xd503233f		// paciasp
+	stp	x29,x30,[sp,#-32]!
+	add	x29,sp,#0
+	stp	x19,x20,[sp,#16]
+
+	ldr	$bi,.LRR		// bp[0]
+	ldp	$a0,$a1,[$ap]
+	ldp	$a2,$a3,[$ap,#16]
+	ldr	$poly1,.Lpoly+8
+	ldr	$poly3,.Lpoly+24
+	adr	$bp,.LRR		// &bp[0]
+
+	bl	__ecp_nistz256_mul_mont
+
+	ldp	x19,x20,[sp,#16]
+	ldp	x29,x30,[sp],#32
+	.inst	0xd50323bf		// autiasp
+	ret
+.size	ecp_nistz256_to_mont,.-ecp_nistz256_to_mont
+
+// void	ecp_nistz256_from_mont(BN_ULONG x0[4],const BN_ULONG x1[4]);
+.globl	ecp_nistz256_from_mont
+.type	ecp_nistz256_from_mont,%function
+.align	4
+ecp_nistz256_from_mont:
+	.inst	0xd503233f		// paciasp
+	stp	x29,x30,[sp,#-32]!
+	add	x29,sp,#0
+	stp	x19,x20,[sp,#16]
+
+	mov	$bi,#1			// bp[0]
+	ldp	$a0,$a1,[$ap]
+	ldp	$a2,$a3,[$ap,#16]
+	ldr	$poly1,.Lpoly+8
+	ldr	$poly3,.Lpoly+24
+	adr	$bp,.Lone		// &bp[0]
+
+	bl	__ecp_nistz256_mul_mont
+
+	ldp	x19,x20,[sp,#16]
+	ldp	x29,x30,[sp],#32
+	.inst	0xd50323bf		// autiasp
+	ret
+.size	ecp_nistz256_from_mont,.-ecp_nistz256_from_mont
+
+// void	ecp_nistz256_mul_mont(BN_ULONG x0[4],const BN_ULONG x1[4],
+//					     const BN_ULONG x2[4]);
+.globl	ecp_nistz256_mul_mont
+.type	ecp_nistz256_mul_mont,%function
+.align	4
+ecp_nistz256_mul_mont:
+	.inst	0xd503233f		// paciasp
+	stp	x29,x30,[sp,#-32]!
+	add	x29,sp,#0
+	stp	x19,x20,[sp,#16]
+
+	ldr	$bi,[$bp]		// bp[0]
+	ldp	$a0,$a1,[$ap]
+	ldp	$a2,$a3,[$ap,#16]
+	ldr	$poly1,.Lpoly+8
+	ldr	$poly3,.Lpoly+24
+
+	bl	__ecp_nistz256_mul_mont
+
+	ldp	x19,x20,[sp,#16]
+	ldp	x29,x30,[sp],#32
+	.inst	0xd50323bf		// autiasp
+	ret
+.size	ecp_nistz256_mul_mont,.-ecp_nistz256_mul_mont
+
+// void	ecp_nistz256_sqr_mont(BN_ULONG x0[4],const BN_ULONG x1[4]);
+.globl	ecp_nistz256_sqr_mont
+.type	ecp_nistz256_sqr_mont,%function
+.align	4
+ecp_nistz256_sqr_mont:
+	.inst	0xd503233f		// paciasp
+	stp	x29,x30,[sp,#-32]!
+	add	x29,sp,#0
+	stp	x19,x20,[sp,#16]
+
+	ldp	$a0,$a1,[$ap]
+	ldp	$a2,$a3,[$ap,#16]
+	ldr	$poly1,.Lpoly+8
+	ldr	$poly3,.Lpoly+24
+
+	bl	__ecp_nistz256_sqr_mont
+
+	ldp	x19,x20,[sp,#16]
+	ldp	x29,x30,[sp],#32
+	.inst	0xd50323bf		// autiasp
+	ret
+.size	ecp_nistz256_sqr_mont,.-ecp_nistz256_sqr_mont
+
+// void	ecp_nistz256_add(BN_ULONG x0[4],const BN_ULONG x1[4],
+//					const BN_ULONG x2[4]);
+.globl	ecp_nistz256_add
+.type	ecp_nistz256_add,%function
+.align	4
+ecp_nistz256_add:
+	.inst	0xd503233f		// paciasp
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+
+	ldp	$acc0,$acc1,[$ap]
+	ldp	$t0,$t1,[$bp]
+	ldp	$acc2,$acc3,[$ap,#16]
+	ldp	$t2,$t3,[$bp,#16]
+	ldr	$poly1,.Lpoly+8
+	ldr	$poly3,.Lpoly+24
+
+	bl	__ecp_nistz256_add
+
+	ldp	x29,x30,[sp],#16
+	.inst	0xd50323bf		// autiasp
+	ret
+.size	ecp_nistz256_add,.-ecp_nistz256_add
+
+// void	ecp_nistz256_div_by_2(BN_ULONG x0[4],const BN_ULONG x1[4]);
+.globl	ecp_nistz256_div_by_2
+.type	ecp_nistz256_div_by_2,%function
+.align	4
+ecp_nistz256_div_by_2:
+	.inst	0xd503233f		// paciasp
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+
+	ldp	$acc0,$acc1,[$ap]
+	ldp	$acc2,$acc3,[$ap,#16]
+	ldr	$poly1,.Lpoly+8
+	ldr	$poly3,.Lpoly+24
+
+	bl	__ecp_nistz256_div_by_2
+
+	ldp	x29,x30,[sp],#16
+	.inst	0xd50323bf		//  autiasp
+	ret
+.size	ecp_nistz256_div_by_2,.-ecp_nistz256_div_by_2
+
+// void	ecp_nistz256_mul_by_2(BN_ULONG x0[4],const BN_ULONG x1[4]);
+.globl	ecp_nistz256_mul_by_2
+.type	ecp_nistz256_mul_by_2,%function
+.align	4
+ecp_nistz256_mul_by_2:
+	.inst	0xd503233f		// paciasp
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+
+	ldp	$acc0,$acc1,[$ap]
+	ldp	$acc2,$acc3,[$ap,#16]
+	ldr	$poly1,.Lpoly+8
+	ldr	$poly3,.Lpoly+24
+	mov	$t0,$acc0
+	mov	$t1,$acc1
+	mov	$t2,$acc2
+	mov	$t3,$acc3
+
+	bl	__ecp_nistz256_add	// ret = a+a	// 2*a
+
+	ldp	x29,x30,[sp],#16
+	.inst	0xd50323bf		// autiasp
+	ret
+.size	ecp_nistz256_mul_by_2,.-ecp_nistz256_mul_by_2
+
+// void	ecp_nistz256_mul_by_3(BN_ULONG x0[4],const BN_ULONG x1[4]);
+.globl	ecp_nistz256_mul_by_3
+.type	ecp_nistz256_mul_by_3,%function
+.align	4
+ecp_nistz256_mul_by_3:
+	.inst	0xd503233f		// paciasp
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+
+	ldp	$acc0,$acc1,[$ap]
+	ldp	$acc2,$acc3,[$ap,#16]
+	ldr	$poly1,.Lpoly+8
+	ldr	$poly3,.Lpoly+24
+	mov	$t0,$acc0
+	mov	$t1,$acc1
+	mov	$t2,$acc2
+	mov	$t3,$acc3
+	mov	$a0,$acc0
+	mov	$a1,$acc1
+	mov	$a2,$acc2
+	mov	$a3,$acc3
+
+	bl	__ecp_nistz256_add	// ret = a+a	// 2*a
+
+	mov	$t0,$a0
+	mov	$t1,$a1
+	mov	$t2,$a2
+	mov	$t3,$a3
+
+	bl	__ecp_nistz256_add	// ret += a	// 2*a+a=3*a
+
+	ldp	x29,x30,[sp],#16
+	.inst	0xd50323bf		// autiasp
+	ret
+.size	ecp_nistz256_mul_by_3,.-ecp_nistz256_mul_by_3
+
+// void	ecp_nistz256_sub(BN_ULONG x0[4],const BN_ULONG x1[4],
+//				        const BN_ULONG x2[4]);
+.globl	ecp_nistz256_sub
+.type	ecp_nistz256_sub,%function
+.align	4
+ecp_nistz256_sub:
+	.inst	0xd503233f		// paciasp
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+
+	ldp	$acc0,$acc1,[$ap]
+	ldp	$acc2,$acc3,[$ap,#16]
+	ldr	$poly1,.Lpoly+8
+	ldr	$poly3,.Lpoly+24
+
+	bl	__ecp_nistz256_sub_from
+
+	ldp	x29,x30,[sp],#16
+	.inst	0xd50323bf		// autiasp
+	ret
+.size	ecp_nistz256_sub,.-ecp_nistz256_sub
+
+// void	ecp_nistz256_neg(BN_ULONG x0[4],const BN_ULONG x1[4]);
+.globl	ecp_nistz256_neg
+.type	ecp_nistz256_neg,%function
+.align	4
+ecp_nistz256_neg:
+	.inst	0xd503233f		// paciasp
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+
+	mov	$bp,$ap
+	mov	$acc0,xzr		// a = 0
+	mov	$acc1,xzr
+	mov	$acc2,xzr
+	mov	$acc3,xzr
+	ldr	$poly1,.Lpoly+8
+	ldr	$poly3,.Lpoly+24
+
+	bl	__ecp_nistz256_sub_from
+
+	ldp	x29,x30,[sp],#16
+	.inst	0xd50323bf		// autiasp
+	ret
+.size	ecp_nistz256_neg,.-ecp_nistz256_neg
+
+// note that __ecp_nistz256_mul_mont expects a[0-3] input pre-loaded
+// to $a0-$a3 and b[0] - to $bi
+.type	__ecp_nistz256_mul_mont,%function
+.align	4
+__ecp_nistz256_mul_mont:
+	mul	$acc0,$a0,$bi		// a[0]*b[0]
+	umulh	$t0,$a0,$bi
+
+	mul	$acc1,$a1,$bi		// a[1]*b[0]
+	umulh	$t1,$a1,$bi
+
+	mul	$acc2,$a2,$bi		// a[2]*b[0]
+	umulh	$t2,$a2,$bi
+
+	mul	$acc3,$a3,$bi		// a[3]*b[0]
+	umulh	$t3,$a3,$bi
+	ldr	$bi,[$bp,#8]		// b[1]
+
+	adds	$acc1,$acc1,$t0		// accumulate high parts of multiplication
+	 lsl	$t0,$acc0,#32
+	adcs	$acc2,$acc2,$t1
+	 lsr	$t1,$acc0,#32
+	adcs	$acc3,$acc3,$t2
+	adc	$acc4,xzr,$t3
+	mov	$acc5,xzr
+___
+for($i=1;$i<4;$i++) {
+        # Reduction iteration is normally performed by accumulating
+        # result of multiplication of modulus by "magic" digit [and
+        # omitting least significant word, which is guaranteed to
+        # be 0], but thanks to special form of modulus and "magic"
+        # digit being equal to least significant word, it can be
+        # performed with additions and subtractions alone. Indeed:
+        #
+        #            ffff0001.00000000.0000ffff.ffffffff
+        # *                                     abcdefgh
+        # + xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.abcdefgh
+        #
+        # Now observing that ff..ff*x = (2^n-1)*x = 2^n*x-x, we
+        # rewrite above as:
+        #
+        #   xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.abcdefgh
+        # + abcdefgh.abcdefgh.0000abcd.efgh0000.00000000
+        # - 0000abcd.efgh0000.00000000.00000000.abcdefgh
+        #
+        # or marking redundant operations:
+        #
+        #   xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.--------
+        # + abcdefgh.abcdefgh.0000abcd.efgh0000.--------
+        # - 0000abcd.efgh0000.--------.--------.--------
+
+$code.=<<___;
+	subs	$t2,$acc0,$t0		// "*0xffff0001"
+	sbc	$t3,$acc0,$t1
+	adds	$acc0,$acc1,$t0		// +=acc[0]<<96 and omit acc[0]
+	 mul	$t0,$a0,$bi		// lo(a[0]*b[i])
+	adcs	$acc1,$acc2,$t1
+	 mul	$t1,$a1,$bi		// lo(a[1]*b[i])
+	adcs	$acc2,$acc3,$t2		// +=acc[0]*0xffff0001
+	 mul	$t2,$a2,$bi		// lo(a[2]*b[i])
+	adcs	$acc3,$acc4,$t3
+	 mul	$t3,$a3,$bi		// lo(a[3]*b[i])
+	adc	$acc4,$acc5,xzr
+
+	adds	$acc0,$acc0,$t0		// accumulate low parts of multiplication
+	 umulh	$t0,$a0,$bi		// hi(a[0]*b[i])
+	adcs	$acc1,$acc1,$t1
+	 umulh	$t1,$a1,$bi		// hi(a[1]*b[i])
+	adcs	$acc2,$acc2,$t2
+	 umulh	$t2,$a2,$bi		// hi(a[2]*b[i])
+	adcs	$acc3,$acc3,$t3
+	 umulh	$t3,$a3,$bi		// hi(a[3]*b[i])
+	adc	$acc4,$acc4,xzr
+___
+$code.=<<___	if ($i<3);
+	ldr	$bi,[$bp,#8*($i+1)]	// b[$i+1]
+___
+$code.=<<___;
+	adds	$acc1,$acc1,$t0		// accumulate high parts of multiplication
+	 lsl	$t0,$acc0,#32
+	adcs	$acc2,$acc2,$t1
+	 lsr	$t1,$acc0,#32
+	adcs	$acc3,$acc3,$t2
+	adcs	$acc4,$acc4,$t3
+	adc	$acc5,xzr,xzr
+___
+}
+$code.=<<___;
+	// last reduction
+	subs	$t2,$acc0,$t0		// "*0xffff0001"
+	sbc	$t3,$acc0,$t1
+	adds	$acc0,$acc1,$t0		// +=acc[0]<<96 and omit acc[0]
+	adcs	$acc1,$acc2,$t1
+	adcs	$acc2,$acc3,$t2		// +=acc[0]*0xffff0001
+	adcs	$acc3,$acc4,$t3
+	adc	$acc4,$acc5,xzr
+
+	adds	$t0,$acc0,#1		// subs	$t0,$acc0,#-1 // tmp = ret-modulus
+	sbcs	$t1,$acc1,$poly1
+	sbcs	$t2,$acc2,xzr
+	sbcs	$t3,$acc3,$poly3
+	sbcs	xzr,$acc4,xzr		// did it borrow?
+
+	csel	$acc0,$acc0,$t0,lo	// ret = borrow ? ret : ret-modulus
+	csel	$acc1,$acc1,$t1,lo
+	csel	$acc2,$acc2,$t2,lo
+	stp	$acc0,$acc1,[$rp]
+	csel	$acc3,$acc3,$t3,lo
+	stp	$acc2,$acc3,[$rp,#16]
+
+	ret
+.size	__ecp_nistz256_mul_mont,.-__ecp_nistz256_mul_mont
+
+// note that __ecp_nistz256_sqr_mont expects a[0-3] input pre-loaded
+// to $a0-$a3
+.type	__ecp_nistz256_sqr_mont,%function
+.align	4
+__ecp_nistz256_sqr_mont:
+	//  |  |  |  |  |  |a1*a0|  |
+	//  |  |  |  |  |a2*a0|  |  |
+	//  |  |a3*a2|a3*a0|  |  |  |
+	//  |  |  |  |a2*a1|  |  |  |
+	//  |  |  |a3*a1|  |  |  |  |
+	// *|  |  |  |  |  |  |  | 2|
+	// +|a3*a3|a2*a2|a1*a1|a0*a0|
+	//  |--+--+--+--+--+--+--+--|
+	//  |A7|A6|A5|A4|A3|A2|A1|A0|, where Ax is $accx, i.e. follow $accx
+	//
+	//  "can't overflow" below mark carrying into high part of
+	//  multiplication result, which can't overflow, because it
+	//  can never be all ones.
+
+	mul	$acc1,$a1,$a0		// a[1]*a[0]
+	umulh	$t1,$a1,$a0
+	mul	$acc2,$a2,$a0		// a[2]*a[0]
+	umulh	$t2,$a2,$a0
+	mul	$acc3,$a3,$a0		// a[3]*a[0]
+	umulh	$acc4,$a3,$a0
+
+	adds	$acc2,$acc2,$t1		// accumulate high parts of multiplication
+	 mul	$t0,$a2,$a1		// a[2]*a[1]
+	 umulh	$t1,$a2,$a1
+	adcs	$acc3,$acc3,$t2
+	 mul	$t2,$a3,$a1		// a[3]*a[1]
+	 umulh	$t3,$a3,$a1
+	adc	$acc4,$acc4,xzr		// can't overflow
+
+	mul	$acc5,$a3,$a2		// a[3]*a[2]
+	umulh	$acc6,$a3,$a2
+
+	adds	$t1,$t1,$t2		// accumulate high parts of multiplication
+	 mul	$acc0,$a0,$a0		// a[0]*a[0]
+	adc	$t2,$t3,xzr		// can't overflow
+
+	adds	$acc3,$acc3,$t0		// accumulate low parts of multiplication
+	 umulh	$a0,$a0,$a0
+	adcs	$acc4,$acc4,$t1
+	 mul	$t1,$a1,$a1		// a[1]*a[1]
+	adcs	$acc5,$acc5,$t2
+	 umulh	$a1,$a1,$a1
+	adc	$acc6,$acc6,xzr		// can't overflow
+
+	adds	$acc1,$acc1,$acc1	// acc[1-6]*=2
+	 mul	$t2,$a2,$a2		// a[2]*a[2]
+	adcs	$acc2,$acc2,$acc2
+	 umulh	$a2,$a2,$a2
+	adcs	$acc3,$acc3,$acc3
+	 mul	$t3,$a3,$a3		// a[3]*a[3]
+	adcs	$acc4,$acc4,$acc4
+	 umulh	$a3,$a3,$a3
+	adcs	$acc5,$acc5,$acc5
+	adcs	$acc6,$acc6,$acc6
+	adc	$acc7,xzr,xzr
+
+	adds	$acc1,$acc1,$a0		// +a[i]*a[i]
+	adcs	$acc2,$acc2,$t1
+	adcs	$acc3,$acc3,$a1
+	adcs	$acc4,$acc4,$t2
+	adcs	$acc5,$acc5,$a2
+	 lsl	$t0,$acc0,#32
+	adcs	$acc6,$acc6,$t3
+	 lsr	$t1,$acc0,#32
+	adc	$acc7,$acc7,$a3
+___
+for($i=0;$i<3;$i++) {			# reductions, see commentary in
+					# multiplication for details
+$code.=<<___;
+	subs	$t2,$acc0,$t0		// "*0xffff0001"
+	sbc	$t3,$acc0,$t1
+	adds	$acc0,$acc1,$t0		// +=acc[0]<<96 and omit acc[0]
+	adcs	$acc1,$acc2,$t1
+	 lsl	$t0,$acc0,#32
+	adcs	$acc2,$acc3,$t2		// +=acc[0]*0xffff0001
+	 lsr	$t1,$acc0,#32
+	adc	$acc3,$t3,xzr		// can't overflow
+___
+}
+$code.=<<___;
+	subs	$t2,$acc0,$t0		// "*0xffff0001"
+	sbc	$t3,$acc0,$t1
+	adds	$acc0,$acc1,$t0		// +=acc[0]<<96 and omit acc[0]
+	adcs	$acc1,$acc2,$t1
+	adcs	$acc2,$acc3,$t2		// +=acc[0]*0xffff0001
+	adc	$acc3,$t3,xzr		// can't overflow
+
+	adds	$acc0,$acc0,$acc4	// accumulate upper half
+	adcs	$acc1,$acc1,$acc5
+	adcs	$acc2,$acc2,$acc6
+	adcs	$acc3,$acc3,$acc7
+	adc	$acc4,xzr,xzr
+
+	adds	$t0,$acc0,#1		// subs	$t0,$acc0,#-1 // tmp = ret-modulus
+	sbcs	$t1,$acc1,$poly1
+	sbcs	$t2,$acc2,xzr
+	sbcs	$t3,$acc3,$poly3
+	sbcs	xzr,$acc4,xzr		// did it borrow?
+
+	csel	$acc0,$acc0,$t0,lo	// ret = borrow ? ret : ret-modulus
+	csel	$acc1,$acc1,$t1,lo
+	csel	$acc2,$acc2,$t2,lo
+	stp	$acc0,$acc1,[$rp]
+	csel	$acc3,$acc3,$t3,lo
+	stp	$acc2,$acc3,[$rp,#16]
+
+	ret
+.size	__ecp_nistz256_sqr_mont,.-__ecp_nistz256_sqr_mont
+
+// Note that __ecp_nistz256_add expects both input vectors pre-loaded to
+// $a0-$a3 and $t0-$t3. This is done because it's used in multiple
+// contexts, e.g. in multiplication by 2 and 3...
+.type	__ecp_nistz256_add,%function
+.align	4
+__ecp_nistz256_add:
+	adds	$acc0,$acc0,$t0		// ret = a+b
+	adcs	$acc1,$acc1,$t1
+	adcs	$acc2,$acc2,$t2
+	adcs	$acc3,$acc3,$t3
+	adc	$ap,xzr,xzr		// zap $ap
+
+	adds	$t0,$acc0,#1		// subs	$t0,$a0,#-1 // tmp = ret-modulus
+	sbcs	$t1,$acc1,$poly1
+	sbcs	$t2,$acc2,xzr
+	sbcs	$t3,$acc3,$poly3
+	sbcs	xzr,$ap,xzr		// did subtraction borrow?
+
+	csel	$acc0,$acc0,$t0,lo	// ret = borrow ? ret : ret-modulus
+	csel	$acc1,$acc1,$t1,lo
+	csel	$acc2,$acc2,$t2,lo
+	stp	$acc0,$acc1,[$rp]
+	csel	$acc3,$acc3,$t3,lo
+	stp	$acc2,$acc3,[$rp,#16]
+
+	ret
+.size	__ecp_nistz256_add,.-__ecp_nistz256_add
+
+.type	__ecp_nistz256_sub_from,%function
+.align	4
+__ecp_nistz256_sub_from:
+	ldp	$t0,$t1,[$bp]
+	ldp	$t2,$t3,[$bp,#16]
+	subs	$acc0,$acc0,$t0		// ret = a-b
+	sbcs	$acc1,$acc1,$t1
+	sbcs	$acc2,$acc2,$t2
+	sbcs	$acc3,$acc3,$t3
+	sbc	$ap,xzr,xzr		// zap $ap
+
+	subs	$t0,$acc0,#1		// adds	$t0,$a0,#-1 // tmp = ret+modulus
+	adcs	$t1,$acc1,$poly1
+	adcs	$t2,$acc2,xzr
+	adc	$t3,$acc3,$poly3
+	cmp	$ap,xzr			// did subtraction borrow?
+
+	csel	$acc0,$acc0,$t0,eq	// ret = borrow ? ret+modulus : ret
+	csel	$acc1,$acc1,$t1,eq
+	csel	$acc2,$acc2,$t2,eq
+	stp	$acc0,$acc1,[$rp]
+	csel	$acc3,$acc3,$t3,eq
+	stp	$acc2,$acc3,[$rp,#16]
+
+	ret
+.size	__ecp_nistz256_sub_from,.-__ecp_nistz256_sub_from
+
+.type	__ecp_nistz256_sub_morf,%function
+.align	4
+__ecp_nistz256_sub_morf:
+	ldp	$t0,$t1,[$bp]
+	ldp	$t2,$t3,[$bp,#16]
+	subs	$acc0,$t0,$acc0		// ret = b-a
+	sbcs	$acc1,$t1,$acc1
+	sbcs	$acc2,$t2,$acc2
+	sbcs	$acc3,$t3,$acc3
+	sbc	$ap,xzr,xzr		// zap $ap
+
+	subs	$t0,$acc0,#1		// adds	$t0,$a0,#-1 // tmp = ret+modulus
+	adcs	$t1,$acc1,$poly1
+	adcs	$t2,$acc2,xzr
+	adc	$t3,$acc3,$poly3
+	cmp	$ap,xzr			// did subtraction borrow?
+
+	csel	$acc0,$acc0,$t0,eq	// ret = borrow ? ret+modulus : ret
+	csel	$acc1,$acc1,$t1,eq
+	csel	$acc2,$acc2,$t2,eq
+	stp	$acc0,$acc1,[$rp]
+	csel	$acc3,$acc3,$t3,eq
+	stp	$acc2,$acc3,[$rp,#16]
+
+	ret
+.size	__ecp_nistz256_sub_morf,.-__ecp_nistz256_sub_morf
+
+.type	__ecp_nistz256_div_by_2,%function
+.align	4
+__ecp_nistz256_div_by_2:
+	subs	$t0,$acc0,#1		// adds	$t0,$a0,#-1 // tmp = a+modulus
+	adcs	$t1,$acc1,$poly1
+	adcs	$t2,$acc2,xzr
+	adcs	$t3,$acc3,$poly3
+	adc	$ap,xzr,xzr		// zap $ap
+	tst	$acc0,#1		// is a even?
+
+	csel	$acc0,$acc0,$t0,eq	// ret = even ? a : a+modulus
+	csel	$acc1,$acc1,$t1,eq
+	csel	$acc2,$acc2,$t2,eq
+	csel	$acc3,$acc3,$t3,eq
+	csel	$ap,xzr,$ap,eq
+
+	lsr	$acc0,$acc0,#1		// ret >>= 1
+	orr	$acc0,$acc0,$acc1,lsl#63
+	lsr	$acc1,$acc1,#1
+	orr	$acc1,$acc1,$acc2,lsl#63
+	lsr	$acc2,$acc2,#1
+	orr	$acc2,$acc2,$acc3,lsl#63
+	lsr	$acc3,$acc3,#1
+	stp	$acc0,$acc1,[$rp]
+	orr	$acc3,$acc3,$ap,lsl#63
+	stp	$acc2,$acc3,[$rp,#16]
+
+	ret
+.size	__ecp_nistz256_div_by_2,.-__ecp_nistz256_div_by_2
+___
+########################################################################
+# following subroutines are "literal" implementation of those found in
+# ecp_nistz256.c
+#
+########################################################################
+# void ecp_nistz256_point_double(P256_POINT *out,const P256_POINT *inp);
+#
+{
+my ($S,$M,$Zsqr,$tmp0)=map(32*$_,(0..3));
+# above map() describes stack layout with 4 temporary
+# 256-bit vectors on top.
+my ($rp_real,$ap_real) = map("x$_",(21,22));
+
+$code.=<<___;
+.globl	ecp_nistz256_point_double
+.type	ecp_nistz256_point_double,%function
+.align	5
+ecp_nistz256_point_double:
+	.inst	0xd503233f		// paciasp
+	stp	x29,x30,[sp,#-80]!
+	add	x29,sp,#0
+	stp	x19,x20,[sp,#16]
+	stp	x21,x22,[sp,#32]
+	sub	sp,sp,#32*4
+
+.Ldouble_shortcut:
+	ldp	$acc0,$acc1,[$ap,#32]
+	 mov	$rp_real,$rp
+	ldp	$acc2,$acc3,[$ap,#48]
+	 mov	$ap_real,$ap
+	 ldr	$poly1,.Lpoly+8
+	mov	$t0,$acc0
+	 ldr	$poly3,.Lpoly+24
+	mov	$t1,$acc1
+	 ldp	$a0,$a1,[$ap_real,#64]	// forward load for p256_sqr_mont
+	mov	$t2,$acc2
+	mov	$t3,$acc3
+	 ldp	$a2,$a3,[$ap_real,#64+16]
+	add	$rp,sp,#$S
+	bl	__ecp_nistz256_add	// p256_mul_by_2(S, in_y);
+
+	add	$rp,sp,#$Zsqr
+	bl	__ecp_nistz256_sqr_mont	// p256_sqr_mont(Zsqr, in_z);
+
+	ldp	$t0,$t1,[$ap_real]
+	ldp	$t2,$t3,[$ap_real,#16]
+	mov	$a0,$acc0		// put Zsqr aside for p256_sub
+	mov	$a1,$acc1
+	mov	$a2,$acc2
+	mov	$a3,$acc3
+	add	$rp,sp,#$M
+	bl	__ecp_nistz256_add	// p256_add(M, Zsqr, in_x);
+
+	add	$bp,$ap_real,#0
+	mov	$acc0,$a0		// restore Zsqr
+	mov	$acc1,$a1
+	 ldp	$a0,$a1,[sp,#$S]	// forward load for p256_sqr_mont
+	mov	$acc2,$a2
+	mov	$acc3,$a3
+	 ldp	$a2,$a3,[sp,#$S+16]
+	add	$rp,sp,#$Zsqr
+	bl	__ecp_nistz256_sub_morf	// p256_sub(Zsqr, in_x, Zsqr);
+
+	add	$rp,sp,#$S
+	bl	__ecp_nistz256_sqr_mont	// p256_sqr_mont(S, S);
+
+	ldr	$bi,[$ap_real,#32]
+	ldp	$a0,$a1,[$ap_real,#64]
+	ldp	$a2,$a3,[$ap_real,#64+16]
+	add	$bp,$ap_real,#32
+	add	$rp,sp,#$tmp0
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(tmp0, in_z, in_y);
+
+	mov	$t0,$acc0
+	mov	$t1,$acc1
+	 ldp	$a0,$a1,[sp,#$S]	// forward load for p256_sqr_mont
+	mov	$t2,$acc2
+	mov	$t3,$acc3
+	 ldp	$a2,$a3,[sp,#$S+16]
+	add	$rp,$rp_real,#64
+	bl	__ecp_nistz256_add	// p256_mul_by_2(res_z, tmp0);
+
+	add	$rp,sp,#$tmp0
+	bl	__ecp_nistz256_sqr_mont	// p256_sqr_mont(tmp0, S);
+
+	 ldr	$bi,[sp,#$Zsqr]		// forward load for p256_mul_mont
+	 ldp	$a0,$a1,[sp,#$M]
+	 ldp	$a2,$a3,[sp,#$M+16]
+	add	$rp,$rp_real,#32
+	bl	__ecp_nistz256_div_by_2	// p256_div_by_2(res_y, tmp0);
+
+	add	$bp,sp,#$Zsqr
+	add	$rp,sp,#$M
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(M, M, Zsqr);
+
+	mov	$t0,$acc0		// duplicate M
+	mov	$t1,$acc1
+	mov	$t2,$acc2
+	mov	$t3,$acc3
+	mov	$a0,$acc0		// put M aside
+	mov	$a1,$acc1
+	mov	$a2,$acc2
+	mov	$a3,$acc3
+	add	$rp,sp,#$M
+	bl	__ecp_nistz256_add
+	mov	$t0,$a0			// restore M
+	mov	$t1,$a1
+	 ldr	$bi,[$ap_real]		// forward load for p256_mul_mont
+	mov	$t2,$a2
+	 ldp	$a0,$a1,[sp,#$S]
+	mov	$t3,$a3
+	 ldp	$a2,$a3,[sp,#$S+16]
+	bl	__ecp_nistz256_add	// p256_mul_by_3(M, M);
+
+	add	$bp,$ap_real,#0
+	add	$rp,sp,#$S
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(S, S, in_x);
+
+	mov	$t0,$acc0
+	mov	$t1,$acc1
+	 ldp	$a0,$a1,[sp,#$M]	// forward load for p256_sqr_mont
+	mov	$t2,$acc2
+	mov	$t3,$acc3
+	 ldp	$a2,$a3,[sp,#$M+16]
+	add	$rp,sp,#$tmp0
+	bl	__ecp_nistz256_add	// p256_mul_by_2(tmp0, S);
+
+	add	$rp,$rp_real,#0
+	bl	__ecp_nistz256_sqr_mont	// p256_sqr_mont(res_x, M);
+
+	add	$bp,sp,#$tmp0
+	bl	__ecp_nistz256_sub_from	// p256_sub(res_x, res_x, tmp0);
+
+	add	$bp,sp,#$S
+	add	$rp,sp,#$S
+	bl	__ecp_nistz256_sub_morf	// p256_sub(S, S, res_x);
+
+	ldr	$bi,[sp,#$M]
+	mov	$a0,$acc0		// copy S
+	mov	$a1,$acc1
+	mov	$a2,$acc2
+	mov	$a3,$acc3
+	add	$bp,sp,#$M
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(S, S, M);
+
+	add	$bp,$rp_real,#32
+	add	$rp,$rp_real,#32
+	bl	__ecp_nistz256_sub_from	// p256_sub(res_y, S, res_y);
+
+	add	sp,x29,#0		// destroy frame
+	ldp	x19,x20,[x29,#16]
+	ldp	x21,x22,[x29,#32]
+	ldp	x29,x30,[sp],#80
+	.inst	0xd50323bf		// autiasp
+	ret
+.size	ecp_nistz256_point_double,.-ecp_nistz256_point_double
+___
+}
+
+########################################################################
+# void ecp_nistz256_point_add(P256_POINT *out,const P256_POINT *in1,
+#			      const P256_POINT *in2);
+{
+my ($res_x,$res_y,$res_z,
+    $H,$Hsqr,$R,$Rsqr,$Hcub,
+    $U1,$U2,$S1,$S2)=map(32*$_,(0..11));
+my ($Z1sqr, $Z2sqr) = ($Hsqr, $Rsqr);
+# above map() describes stack layout with 12 temporary
+# 256-bit vectors on top.
+my ($rp_real,$ap_real,$bp_real,$in1infty,$in2infty,$temp)=map("x$_",(21..26));
+
+$code.=<<___;
+.globl	ecp_nistz256_point_add
+.type	ecp_nistz256_point_add,%function
+.align	5
+ecp_nistz256_point_add:
+	.inst	0xd503233f		// paciasp
+	stp	x29,x30,[sp,#-80]!
+	add	x29,sp,#0
+	stp	x19,x20,[sp,#16]
+	stp	x21,x22,[sp,#32]
+	stp	x23,x24,[sp,#48]
+	stp	x25,x26,[sp,#64]
+	sub	sp,sp,#32*12
+
+	ldp	$a0,$a1,[$bp,#64]	// in2_z
+	ldp	$a2,$a3,[$bp,#64+16]
+	 mov	$rp_real,$rp
+	 mov	$ap_real,$ap
+	 mov	$bp_real,$bp
+	 ldr	$poly1,.Lpoly+8
+	 ldr	$poly3,.Lpoly+24
+	orr	$t0,$a0,$a1
+	orr	$t2,$a2,$a3
+	orr	$in2infty,$t0,$t2
+	cmp	$in2infty,#0
+	csetm	$in2infty,ne		// !in2infty
+	add	$rp,sp,#$Z2sqr
+	bl	__ecp_nistz256_sqr_mont	// p256_sqr_mont(Z2sqr, in2_z);
+
+	ldp	$a0,$a1,[$ap_real,#64]	// in1_z
+	ldp	$a2,$a3,[$ap_real,#64+16]
+	orr	$t0,$a0,$a1
+	orr	$t2,$a2,$a3
+	orr	$in1infty,$t0,$t2
+	cmp	$in1infty,#0
+	csetm	$in1infty,ne		// !in1infty
+	add	$rp,sp,#$Z1sqr
+	bl	__ecp_nistz256_sqr_mont	// p256_sqr_mont(Z1sqr, in1_z);
+
+	ldr	$bi,[$bp_real,#64]
+	ldp	$a0,$a1,[sp,#$Z2sqr]
+	ldp	$a2,$a3,[sp,#$Z2sqr+16]
+	add	$bp,$bp_real,#64
+	add	$rp,sp,#$S1
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(S1, Z2sqr, in2_z);
+
+	ldr	$bi,[$ap_real,#64]
+	ldp	$a0,$a1,[sp,#$Z1sqr]
+	ldp	$a2,$a3,[sp,#$Z1sqr+16]
+	add	$bp,$ap_real,#64
+	add	$rp,sp,#$S2
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(S2, Z1sqr, in1_z);
+
+	ldr	$bi,[$ap_real,#32]
+	ldp	$a0,$a1,[sp,#$S1]
+	ldp	$a2,$a3,[sp,#$S1+16]
+	add	$bp,$ap_real,#32
+	add	$rp,sp,#$S1
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(S1, S1, in1_y);
+
+	ldr	$bi,[$bp_real,#32]
+	ldp	$a0,$a1,[sp,#$S2]
+	ldp	$a2,$a3,[sp,#$S2+16]
+	add	$bp,$bp_real,#32
+	add	$rp,sp,#$S2
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(S2, S2, in2_y);
+
+	add	$bp,sp,#$S1
+	 ldr	$bi,[sp,#$Z2sqr]	// forward load for p256_mul_mont
+	 ldp	$a0,$a1,[$ap_real]
+	 ldp	$a2,$a3,[$ap_real,#16]
+	add	$rp,sp,#$R
+	bl	__ecp_nistz256_sub_from	// p256_sub(R, S2, S1);
+
+	orr	$acc0,$acc0,$acc1	// see if result is zero
+	orr	$acc2,$acc2,$acc3
+	orr	$temp,$acc0,$acc2
+
+	add	$bp,sp,#$Z2sqr
+	add	$rp,sp,#$U1
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(U1, in1_x, Z2sqr);
+
+	ldr	$bi,[sp,#$Z1sqr]
+	ldp	$a0,$a1,[$bp_real]
+	ldp	$a2,$a3,[$bp_real,#16]
+	add	$bp,sp,#$Z1sqr
+	add	$rp,sp,#$U2
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(U2, in2_x, Z1sqr);
+
+	add	$bp,sp,#$U1
+	 ldp	$a0,$a1,[sp,#$R]	// forward load for p256_sqr_mont
+	 ldp	$a2,$a3,[sp,#$R+16]
+	add	$rp,sp,#$H
+	bl	__ecp_nistz256_sub_from	// p256_sub(H, U2, U1);
+
+	orr	$acc0,$acc0,$acc1	// see if result is zero
+	orr	$acc2,$acc2,$acc3
+	orr	$acc0,$acc0,$acc2
+	tst	$acc0,$acc0
+	b.ne	.Ladd_proceed		// is_equal(U1,U2)?
+
+	tst	$in1infty,$in2infty
+	b.eq	.Ladd_proceed		// (in1infty || in2infty)?
+
+	tst	$temp,$temp
+	b.eq	.Ladd_double		// is_equal(S1,S2)?
+
+	eor	$a0,$a0,$a0
+	eor	$a1,$a1,$a1
+	stp	$a0,$a1,[$rp_real]
+	stp	$a0,$a1,[$rp_real,#16]
+	stp	$a0,$a1,[$rp_real,#32]
+	stp	$a0,$a1,[$rp_real,#48]
+	stp	$a0,$a1,[$rp_real,#64]
+	stp	$a0,$a1,[$rp_real,#80]
+	b	.Ladd_done
+
+.align	4
+.Ladd_double:
+	mov	$ap,$ap_real
+	mov	$rp,$rp_real
+	ldp	x23,x24,[x29,#48]
+	ldp	x25,x26,[x29,#64]
+	add	sp,sp,#32*(12-4)	// difference in stack frames
+	b	.Ldouble_shortcut
+
+.align	4
+.Ladd_proceed:
+	add	$rp,sp,#$Rsqr
+	bl	__ecp_nistz256_sqr_mont	// p256_sqr_mont(Rsqr, R);
+
+	ldr	$bi,[$ap_real,#64]
+	ldp	$a0,$a1,[sp,#$H]
+	ldp	$a2,$a3,[sp,#$H+16]
+	add	$bp,$ap_real,#64
+	add	$rp,sp,#$res_z
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(res_z, H, in1_z);
+
+	ldp	$a0,$a1,[sp,#$H]
+	ldp	$a2,$a3,[sp,#$H+16]
+	add	$rp,sp,#$Hsqr
+	bl	__ecp_nistz256_sqr_mont	// p256_sqr_mont(Hsqr, H);
+
+	ldr	$bi,[$bp_real,#64]
+	ldp	$a0,$a1,[sp,#$res_z]
+	ldp	$a2,$a3,[sp,#$res_z+16]
+	add	$bp,$bp_real,#64
+	add	$rp,sp,#$res_z
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(res_z, res_z, in2_z);
+
+	ldr	$bi,[sp,#$H]
+	ldp	$a0,$a1,[sp,#$Hsqr]
+	ldp	$a2,$a3,[sp,#$Hsqr+16]
+	add	$bp,sp,#$H
+	add	$rp,sp,#$Hcub
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(Hcub, Hsqr, H);
+
+	ldr	$bi,[sp,#$Hsqr]
+	ldp	$a0,$a1,[sp,#$U1]
+	ldp	$a2,$a3,[sp,#$U1+16]
+	add	$bp,sp,#$Hsqr
+	add	$rp,sp,#$U2
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(U2, U1, Hsqr);
+
+	mov	$t0,$acc0
+	mov	$t1,$acc1
+	mov	$t2,$acc2
+	mov	$t3,$acc3
+	add	$rp,sp,#$Hsqr
+	bl	__ecp_nistz256_add	// p256_mul_by_2(Hsqr, U2);
+
+	add	$bp,sp,#$Rsqr
+	add	$rp,sp,#$res_x
+	bl	__ecp_nistz256_sub_morf	// p256_sub(res_x, Rsqr, Hsqr);
+
+	add	$bp,sp,#$Hcub
+	bl	__ecp_nistz256_sub_from	//  p256_sub(res_x, res_x, Hcub);
+
+	add	$bp,sp,#$U2
+	 ldr	$bi,[sp,#$Hcub]		// forward load for p256_mul_mont
+	 ldp	$a0,$a1,[sp,#$S1]
+	 ldp	$a2,$a3,[sp,#$S1+16]
+	add	$rp,sp,#$res_y
+	bl	__ecp_nistz256_sub_morf	// p256_sub(res_y, U2, res_x);
+
+	add	$bp,sp,#$Hcub
+	add	$rp,sp,#$S2
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(S2, S1, Hcub);
+
+	ldr	$bi,[sp,#$R]
+	ldp	$a0,$a1,[sp,#$res_y]
+	ldp	$a2,$a3,[sp,#$res_y+16]
+	add	$bp,sp,#$R
+	add	$rp,sp,#$res_y
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(res_y, res_y, R);
+
+	add	$bp,sp,#$S2
+	bl	__ecp_nistz256_sub_from	// p256_sub(res_y, res_y, S2);
+
+	ldp	$a0,$a1,[sp,#$res_x]		// res
+	ldp	$a2,$a3,[sp,#$res_x+16]
+	ldp	$t0,$t1,[$bp_real]		// in2
+	ldp	$t2,$t3,[$bp_real,#16]
+___
+for($i=0;$i<64;$i+=32) {		# conditional moves
+$code.=<<___;
+	ldp	$acc0,$acc1,[$ap_real,#$i]	// in1
+	cmp	$in1infty,#0			// !$in1intfy, remember?
+	ldp	$acc2,$acc3,[$ap_real,#$i+16]
+	csel	$t0,$a0,$t0,ne
+	csel	$t1,$a1,$t1,ne
+	ldp	$a0,$a1,[sp,#$res_x+$i+32]	// res
+	csel	$t2,$a2,$t2,ne
+	csel	$t3,$a3,$t3,ne
+	cmp	$in2infty,#0			// !$in2intfy, remember?
+	ldp	$a2,$a3,[sp,#$res_x+$i+48]
+	csel	$acc0,$t0,$acc0,ne
+	csel	$acc1,$t1,$acc1,ne
+	ldp	$t0,$t1,[$bp_real,#$i+32]	// in2
+	csel	$acc2,$t2,$acc2,ne
+	csel	$acc3,$t3,$acc3,ne
+	ldp	$t2,$t3,[$bp_real,#$i+48]
+	stp	$acc0,$acc1,[$rp_real,#$i]
+	stp	$acc2,$acc3,[$rp_real,#$i+16]
+___
+}
+$code.=<<___;
+	ldp	$acc0,$acc1,[$ap_real,#$i]	// in1
+	cmp	$in1infty,#0			// !$in1intfy, remember?
+	ldp	$acc2,$acc3,[$ap_real,#$i+16]
+	csel	$t0,$a0,$t0,ne
+	csel	$t1,$a1,$t1,ne
+	csel	$t2,$a2,$t2,ne
+	csel	$t3,$a3,$t3,ne
+	cmp	$in2infty,#0			// !$in2intfy, remember?
+	csel	$acc0,$t0,$acc0,ne
+	csel	$acc1,$t1,$acc1,ne
+	csel	$acc2,$t2,$acc2,ne
+	csel	$acc3,$t3,$acc3,ne
+	stp	$acc0,$acc1,[$rp_real,#$i]
+	stp	$acc2,$acc3,[$rp_real,#$i+16]
+
+.Ladd_done:
+	add	sp,x29,#0		// destroy frame
+	ldp	x19,x20,[x29,#16]
+	ldp	x21,x22,[x29,#32]
+	ldp	x23,x24,[x29,#48]
+	ldp	x25,x26,[x29,#64]
+	ldp	x29,x30,[sp],#80
+	.inst	0xd50323bf		// autiasp
+	ret
+.size	ecp_nistz256_point_add,.-ecp_nistz256_point_add
+___
+}
+
+########################################################################
+# void ecp_nistz256_point_add_affine(P256_POINT *out,const P256_POINT *in1,
+#				     const P256_POINT_AFFINE *in2);
+{
+my ($res_x,$res_y,$res_z,
+    $U2,$S2,$H,$R,$Hsqr,$Hcub,$Rsqr)=map(32*$_,(0..9));
+my $Z1sqr = $S2;
+# above map() describes stack layout with 10 temporary
+# 256-bit vectors on top.
+my ($rp_real,$ap_real,$bp_real,$in1infty,$in2infty,$temp)=map("x$_",(21..26));
+
+$code.=<<___;
+.globl	ecp_nistz256_point_add_affine
+.type	ecp_nistz256_point_add_affine,%function
+.align	5
+ecp_nistz256_point_add_affine:
+	.inst	0xd503233f		// paciasp
+	stp	x29,x30,[sp,#-80]!
+	add	x29,sp,#0
+	stp	x19,x20,[sp,#16]
+	stp	x21,x22,[sp,#32]
+	stp	x23,x24,[sp,#48]
+	stp	x25,x26,[sp,#64]
+	sub	sp,sp,#32*10
+
+	mov	$rp_real,$rp
+	mov	$ap_real,$ap
+	mov	$bp_real,$bp
+	ldr	$poly1,.Lpoly+8
+	ldr	$poly3,.Lpoly+24
+
+	ldp	$a0,$a1,[$ap,#64]	// in1_z
+	ldp	$a2,$a3,[$ap,#64+16]
+	orr	$t0,$a0,$a1
+	orr	$t2,$a2,$a3
+	orr	$in1infty,$t0,$t2
+	cmp	$in1infty,#0
+	csetm	$in1infty,ne		// !in1infty
+
+	ldp	$acc0,$acc1,[$bp]	// in2_x
+	ldp	$acc2,$acc3,[$bp,#16]
+	ldp	$t0,$t1,[$bp,#32]	// in2_y
+	ldp	$t2,$t3,[$bp,#48]
+	orr	$acc0,$acc0,$acc1
+	orr	$acc2,$acc2,$acc3
+	orr	$t0,$t0,$t1
+	orr	$t2,$t2,$t3
+	orr	$acc0,$acc0,$acc2
+	orr	$t0,$t0,$t2
+	orr	$in2infty,$acc0,$t0
+	cmp	$in2infty,#0
+	csetm	$in2infty,ne		// !in2infty
+
+	add	$rp,sp,#$Z1sqr
+	bl	__ecp_nistz256_sqr_mont	// p256_sqr_mont(Z1sqr, in1_z);
+
+	mov	$a0,$acc0
+	mov	$a1,$acc1
+	mov	$a2,$acc2
+	mov	$a3,$acc3
+	ldr	$bi,[$bp_real]
+	add	$bp,$bp_real,#0
+	add	$rp,sp,#$U2
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(U2, Z1sqr, in2_x);
+
+	add	$bp,$ap_real,#0
+	 ldr	$bi,[$ap_real,#64]	// forward load for p256_mul_mont
+	 ldp	$a0,$a1,[sp,#$Z1sqr]
+	 ldp	$a2,$a3,[sp,#$Z1sqr+16]
+	add	$rp,sp,#$H
+	bl	__ecp_nistz256_sub_from	// p256_sub(H, U2, in1_x);
+
+	add	$bp,$ap_real,#64
+	add	$rp,sp,#$S2
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(S2, Z1sqr, in1_z);
+
+	ldr	$bi,[$ap_real,#64]
+	ldp	$a0,$a1,[sp,#$H]
+	ldp	$a2,$a3,[sp,#$H+16]
+	add	$bp,$ap_real,#64
+	add	$rp,sp,#$res_z
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(res_z, H, in1_z);
+
+	ldr	$bi,[$bp_real,#32]
+	ldp	$a0,$a1,[sp,#$S2]
+	ldp	$a2,$a3,[sp,#$S2+16]
+	add	$bp,$bp_real,#32
+	add	$rp,sp,#$S2
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(S2, S2, in2_y);
+
+	add	$bp,$ap_real,#32
+	 ldp	$a0,$a1,[sp,#$H]	// forward load for p256_sqr_mont
+	 ldp	$a2,$a3,[sp,#$H+16]
+	add	$rp,sp,#$R
+	bl	__ecp_nistz256_sub_from	// p256_sub(R, S2, in1_y);
+
+	add	$rp,sp,#$Hsqr
+	bl	__ecp_nistz256_sqr_mont	// p256_sqr_mont(Hsqr, H);
+
+	ldp	$a0,$a1,[sp,#$R]
+	ldp	$a2,$a3,[sp,#$R+16]
+	add	$rp,sp,#$Rsqr
+	bl	__ecp_nistz256_sqr_mont	// p256_sqr_mont(Rsqr, R);
+
+	ldr	$bi,[sp,#$H]
+	ldp	$a0,$a1,[sp,#$Hsqr]
+	ldp	$a2,$a3,[sp,#$Hsqr+16]
+	add	$bp,sp,#$H
+	add	$rp,sp,#$Hcub
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(Hcub, Hsqr, H);
+
+	ldr	$bi,[$ap_real]
+	ldp	$a0,$a1,[sp,#$Hsqr]
+	ldp	$a2,$a3,[sp,#$Hsqr+16]
+	add	$bp,$ap_real,#0
+	add	$rp,sp,#$U2
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(U2, in1_x, Hsqr);
+
+	mov	$t0,$acc0
+	mov	$t1,$acc1
+	mov	$t2,$acc2
+	mov	$t3,$acc3
+	add	$rp,sp,#$Hsqr
+	bl	__ecp_nistz256_add	// p256_mul_by_2(Hsqr, U2);
+
+	add	$bp,sp,#$Rsqr
+	add	$rp,sp,#$res_x
+	bl	__ecp_nistz256_sub_morf	// p256_sub(res_x, Rsqr, Hsqr);
+
+	add	$bp,sp,#$Hcub
+	bl	__ecp_nistz256_sub_from	//  p256_sub(res_x, res_x, Hcub);
+
+	add	$bp,sp,#$U2
+	 ldr	$bi,[$ap_real,#32]	// forward load for p256_mul_mont
+	 ldp	$a0,$a1,[sp,#$Hcub]
+	 ldp	$a2,$a3,[sp,#$Hcub+16]
+	add	$rp,sp,#$res_y
+	bl	__ecp_nistz256_sub_morf	// p256_sub(res_y, U2, res_x);
+
+	add	$bp,$ap_real,#32
+	add	$rp,sp,#$S2
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(S2, in1_y, Hcub);
+
+	ldr	$bi,[sp,#$R]
+	ldp	$a0,$a1,[sp,#$res_y]
+	ldp	$a2,$a3,[sp,#$res_y+16]
+	add	$bp,sp,#$R
+	add	$rp,sp,#$res_y
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(res_y, res_y, R);
+
+	add	$bp,sp,#$S2
+	bl	__ecp_nistz256_sub_from	// p256_sub(res_y, res_y, S2);
+
+	ldp	$a0,$a1,[sp,#$res_x]		// res
+	ldp	$a2,$a3,[sp,#$res_x+16]
+	ldp	$t0,$t1,[$bp_real]		// in2
+	ldp	$t2,$t3,[$bp_real,#16]
+___
+for($i=0;$i<64;$i+=32) {		# conditional moves
+$code.=<<___;
+	ldp	$acc0,$acc1,[$ap_real,#$i]	// in1
+	cmp	$in1infty,#0			// !$in1intfy, remember?
+	ldp	$acc2,$acc3,[$ap_real,#$i+16]
+	csel	$t0,$a0,$t0,ne
+	csel	$t1,$a1,$t1,ne
+	ldp	$a0,$a1,[sp,#$res_x+$i+32]	// res
+	csel	$t2,$a2,$t2,ne
+	csel	$t3,$a3,$t3,ne
+	cmp	$in2infty,#0			// !$in2intfy, remember?
+	ldp	$a2,$a3,[sp,#$res_x+$i+48]
+	csel	$acc0,$t0,$acc0,ne
+	csel	$acc1,$t1,$acc1,ne
+	ldp	$t0,$t1,[$bp_real,#$i+32]	// in2
+	csel	$acc2,$t2,$acc2,ne
+	csel	$acc3,$t3,$acc3,ne
+	ldp	$t2,$t3,[$bp_real,#$i+48]
+	stp	$acc0,$acc1,[$rp_real,#$i]
+	stp	$acc2,$acc3,[$rp_real,#$i+16]
+___
+$code.=<<___	if ($i == 0);
+	adr	$bp_real,.Lone_mont-64
+___
+}
+$code.=<<___;
+	ldp	$acc0,$acc1,[$ap_real,#$i]	// in1
+	cmp	$in1infty,#0			// !$in1intfy, remember?
+	ldp	$acc2,$acc3,[$ap_real,#$i+16]
+	csel	$t0,$a0,$t0,ne
+	csel	$t1,$a1,$t1,ne
+	csel	$t2,$a2,$t2,ne
+	csel	$t3,$a3,$t3,ne
+	cmp	$in2infty,#0			// !$in2intfy, remember?
+	csel	$acc0,$t0,$acc0,ne
+	csel	$acc1,$t1,$acc1,ne
+	csel	$acc2,$t2,$acc2,ne
+	csel	$acc3,$t3,$acc3,ne
+	stp	$acc0,$acc1,[$rp_real,#$i]
+	stp	$acc2,$acc3,[$rp_real,#$i+16]
+
+	add	sp,x29,#0		// destroy frame
+	ldp	x19,x20,[x29,#16]
+	ldp	x21,x22,[x29,#32]
+	ldp	x23,x24,[x29,#48]
+	ldp	x25,x26,[x29,#64]
+	ldp	x29,x30,[sp],#80
+	.inst	0xd50323bf		// autiasp
+	ret
+.size	ecp_nistz256_point_add_affine,.-ecp_nistz256_point_add_affine
+___
+}
+if (1) {
+my ($ord0,$ord1) = ($poly1,$poly3);
+my ($ord2,$ord3,$ordk,$t4) = map("x$_",(21..24));
+my $acc7 = $bi;
+
+$code.=<<___;
+////////////////////////////////////////////////////////////////////////
+// void ecp_nistz256_ord_mul_mont(uint64_t res[4], uint64_t a[4],
+//                                uint64_t b[4]);
+.globl	ecp_nistz256_ord_mul_mont
+.type	ecp_nistz256_ord_mul_mont,%function
+.align	4
+ecp_nistz256_ord_mul_mont:
+	stp	x29,x30,[sp,#-64]!
+	add	x29,sp,#0
+	stp	x19,x20,[sp,#16]
+	stp	x21,x22,[sp,#32]
+	stp	x23,x24,[sp,#48]
+
+	adr	$ordk,.Lord
+	ldr	$bi,[$bp]		// bp[0]
+	ldp	$a0,$a1,[$ap]
+	ldp	$a2,$a3,[$ap,#16]
+
+	ldp	$ord0,$ord1,[$ordk,#0]
+	ldp	$ord2,$ord3,[$ordk,#16]
+	ldr	$ordk,[$ordk,#32]
+
+	mul	$acc0,$a0,$bi		// a[0]*b[0]
+	umulh	$t0,$a0,$bi
+
+	mul	$acc1,$a1,$bi		// a[1]*b[0]
+	umulh	$t1,$a1,$bi
+
+	mul	$acc2,$a2,$bi		// a[2]*b[0]
+	umulh	$t2,$a2,$bi
+
+	mul	$acc3,$a3,$bi		// a[3]*b[0]
+	umulh	$acc4,$a3,$bi
+
+	mul	$t4,$acc0,$ordk
+
+	adds	$acc1,$acc1,$t0		// accumulate high parts of multiplication
+	adcs	$acc2,$acc2,$t1
+	adcs	$acc3,$acc3,$t2
+	adc	$acc4,$acc4,xzr
+	mov	$acc5,xzr
+___
+for ($i=1;$i<4;$i++) {
+	################################################################
+	#            ffff0000.ffffffff.yyyyyyyy.zzzzzzzz
+	# *                                     abcdefgh
+	# + xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx
+	#
+	# Now observing that ff..ff*x = (2^n-1)*x = 2^n*x-x, we
+	# rewrite above as:
+	#
+	#   xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx
+	# - 0000abcd.efgh0000.abcdefgh.00000000.00000000
+	# + abcdefgh.abcdefgh.yzayzbyz.cyzdyzey.zfyzgyzh
+$code.=<<___;
+	ldr	$bi,[$bp,#8*$i]		// b[i]
+
+	lsl	$t0,$t4,#32
+	subs	$acc2,$acc2,$t4
+	lsr	$t1,$t4,#32
+	sbcs	$acc3,$acc3,$t0
+	sbcs	$acc4,$acc4,$t1
+	sbc	$acc5,$acc5,xzr
+
+	subs	xzr,$acc0,#1
+	umulh	$t1,$ord0,$t4
+	mul	$t2,$ord1,$t4
+	umulh	$t3,$ord1,$t4
+
+	adcs	$t2,$t2,$t1
+	 mul	$t0,$a0,$bi
+	adc	$t3,$t3,xzr
+	 mul	$t1,$a1,$bi
+
+	adds	$acc0,$acc1,$t2
+	 mul	$t2,$a2,$bi
+	adcs	$acc1,$acc2,$t3
+	 mul	$t3,$a3,$bi
+	adcs	$acc2,$acc3,$t4
+	adcs	$acc3,$acc4,$t4
+	adc	$acc4,$acc5,xzr
+
+	adds	$acc0,$acc0,$t0		// accumulate low parts
+	umulh	$t0,$a0,$bi
+	adcs	$acc1,$acc1,$t1
+	umulh	$t1,$a1,$bi
+	adcs	$acc2,$acc2,$t2
+	umulh	$t2,$a2,$bi
+	adcs	$acc3,$acc3,$t3
+	umulh	$t3,$a3,$bi
+	adc	$acc4,$acc4,xzr
+	mul	$t4,$acc0,$ordk
+	adds	$acc1,$acc1,$t0		// accumulate high parts
+	adcs	$acc2,$acc2,$t1
+	adcs	$acc3,$acc3,$t2
+	adcs	$acc4,$acc4,$t3
+	adc	$acc5,xzr,xzr
+___
+}
+$code.=<<___;
+	lsl	$t0,$t4,#32		// last reduction
+	subs	$acc2,$acc2,$t4
+	lsr	$t1,$t4,#32
+	sbcs	$acc3,$acc3,$t0
+	sbcs	$acc4,$acc4,$t1
+	sbc	$acc5,$acc5,xzr
+
+	subs	xzr,$acc0,#1
+	umulh	$t1,$ord0,$t4
+	mul	$t2,$ord1,$t4
+	umulh	$t3,$ord1,$t4
+
+	adcs	$t2,$t2,$t1
+	adc	$t3,$t3,xzr
+
+	adds	$acc0,$acc1,$t2
+	adcs	$acc1,$acc2,$t3
+	adcs	$acc2,$acc3,$t4
+	adcs	$acc3,$acc4,$t4
+	adc	$acc4,$acc5,xzr
+
+	subs	$t0,$acc0,$ord0		// ret -= modulus
+	sbcs	$t1,$acc1,$ord1
+	sbcs	$t2,$acc2,$ord2
+	sbcs	$t3,$acc3,$ord3
+	sbcs	xzr,$acc4,xzr
+
+	csel	$acc0,$acc0,$t0,lo	// ret = borrow ? ret : ret-modulus
+	csel	$acc1,$acc1,$t1,lo
+	csel	$acc2,$acc2,$t2,lo
+	stp	$acc0,$acc1,[$rp]
+	csel	$acc3,$acc3,$t3,lo
+	stp	$acc2,$acc3,[$rp,#16]
+
+	ldp	x19,x20,[sp,#16]
+	ldp	x21,x22,[sp,#32]
+	ldp	x23,x24,[sp,#48]
+	ldr	x29,[sp],#64
+	ret
+.size	ecp_nistz256_ord_mul_mont,.-ecp_nistz256_ord_mul_mont
+
+////////////////////////////////////////////////////////////////////////
+// void ecp_nistz256_ord_sqr_mont(uint64_t res[4], uint64_t a[4],
+//                                int rep);
+.globl	ecp_nistz256_ord_sqr_mont
+.type	ecp_nistz256_ord_sqr_mont,%function
+.align	4
+ecp_nistz256_ord_sqr_mont:
+	stp	x29,x30,[sp,#-64]!
+	add	x29,sp,#0
+	stp	x19,x20,[sp,#16]
+	stp	x21,x22,[sp,#32]
+	stp	x23,x24,[sp,#48]
+
+	adr	$ordk,.Lord
+	ldp	$a0,$a1,[$ap]
+	ldp	$a2,$a3,[$ap,#16]
+
+	ldp	$ord0,$ord1,[$ordk,#0]
+	ldp	$ord2,$ord3,[$ordk,#16]
+	ldr	$ordk,[$ordk,#32]
+	b	.Loop_ord_sqr
+
+.align	4
+.Loop_ord_sqr:
+	sub	$bp,$bp,#1
+	////////////////////////////////////////////////////////////////
+	//  |  |  |  |  |  |a1*a0|  |
+	//  |  |  |  |  |a2*a0|  |  |
+	//  |  |a3*a2|a3*a0|  |  |  |
+	//  |  |  |  |a2*a1|  |  |  |
+	//  |  |  |a3*a1|  |  |  |  |
+	// *|  |  |  |  |  |  |  | 2|
+	// +|a3*a3|a2*a2|a1*a1|a0*a0|
+	//  |--+--+--+--+--+--+--+--|
+	//  |A7|A6|A5|A4|A3|A2|A1|A0|, where Ax is $accx, i.e. follow $accx
+	//
+	//  "can't overflow" below mark carrying into high part of
+	//  multiplication result, which can't overflow, because it
+	//  can never be all ones.
+
+	mul	$acc1,$a1,$a0		// a[1]*a[0]
+	umulh	$t1,$a1,$a0
+	mul	$acc2,$a2,$a0		// a[2]*a[0]
+	umulh	$t2,$a2,$a0
+	mul	$acc3,$a3,$a0		// a[3]*a[0]
+	umulh	$acc4,$a3,$a0
+
+	adds	$acc2,$acc2,$t1		// accumulate high parts of multiplication
+	 mul	$t0,$a2,$a1		// a[2]*a[1]
+	 umulh	$t1,$a2,$a1
+	adcs	$acc3,$acc3,$t2
+	 mul	$t2,$a3,$a1		// a[3]*a[1]
+	 umulh	$t3,$a3,$a1
+	adc	$acc4,$acc4,xzr		// can't overflow
+
+	mul	$acc5,$a3,$a2		// a[3]*a[2]
+	umulh	$acc6,$a3,$a2
+
+	adds	$t1,$t1,$t2		// accumulate high parts of multiplication
+	 mul	$acc0,$a0,$a0		// a[0]*a[0]
+	adc	$t2,$t3,xzr		// can't overflow
+
+	adds	$acc3,$acc3,$t0		// accumulate low parts of multiplication
+	 umulh	$a0,$a0,$a0
+	adcs	$acc4,$acc4,$t1
+	 mul	$t1,$a1,$a1		// a[1]*a[1]
+	adcs	$acc5,$acc5,$t2
+	 umulh	$a1,$a1,$a1
+	adc	$acc6,$acc6,xzr		// can't overflow
+
+	adds	$acc1,$acc1,$acc1	// acc[1-6]*=2
+	 mul	$t2,$a2,$a2		// a[2]*a[2]
+	adcs	$acc2,$acc2,$acc2
+	 umulh	$a2,$a2,$a2
+	adcs	$acc3,$acc3,$acc3
+	 mul	$t3,$a3,$a3		// a[3]*a[3]
+	adcs	$acc4,$acc4,$acc4
+	 umulh	$a3,$a3,$a3
+	adcs	$acc5,$acc5,$acc5
+	adcs	$acc6,$acc6,$acc6
+	adc	$acc7,xzr,xzr
+
+	adds	$acc1,$acc1,$a0		// +a[i]*a[i]
+	 mul	$t4,$acc0,$ordk
+	adcs	$acc2,$acc2,$t1
+	adcs	$acc3,$acc3,$a1
+	adcs	$acc4,$acc4,$t2
+	adcs	$acc5,$acc5,$a2
+	adcs	$acc6,$acc6,$t3
+	adc	$acc7,$acc7,$a3
+___
+for($i=0; $i<4; $i++) {			# reductions
+$code.=<<___;
+	subs	xzr,$acc0,#1
+	umulh	$t1,$ord0,$t4
+	mul	$t2,$ord1,$t4
+	umulh	$t3,$ord1,$t4
+
+	adcs	$t2,$t2,$t1
+	adc	$t3,$t3,xzr
+
+	adds	$acc0,$acc1,$t2
+	adcs	$acc1,$acc2,$t3
+	adcs	$acc2,$acc3,$t4
+	adc	$acc3,xzr,$t4		// can't overflow
+___
+$code.=<<___	if ($i<3);
+	mul	$t3,$acc0,$ordk
+___
+$code.=<<___;
+	lsl	$t0,$t4,#32
+	subs	$acc1,$acc1,$t4
+	lsr	$t1,$t4,#32
+	sbcs	$acc2,$acc2,$t0
+	sbc	$acc3,$acc3,$t1		// can't borrow
+___
+	($t3,$t4) = ($t4,$t3);
+}
+$code.=<<___;
+	adds	$acc0,$acc0,$acc4	// accumulate upper half
+	adcs	$acc1,$acc1,$acc5
+	adcs	$acc2,$acc2,$acc6
+	adcs	$acc3,$acc3,$acc7
+	adc	$acc4,xzr,xzr
+
+	subs	$t0,$acc0,$ord0		// ret -= modulus
+	sbcs	$t1,$acc1,$ord1
+	sbcs	$t2,$acc2,$ord2
+	sbcs	$t3,$acc3,$ord3
+	sbcs	xzr,$acc4,xzr
+
+	csel	$a0,$acc0,$t0,lo	// ret = borrow ? ret : ret-modulus
+	csel	$a1,$acc1,$t1,lo
+	csel	$a2,$acc2,$t2,lo
+	csel	$a3,$acc3,$t3,lo
+
+	cbnz	$bp,.Loop_ord_sqr
+
+	stp	$a0,$a1,[$rp]
+	stp	$a2,$a3,[$rp,#16]
+
+	ldp	x19,x20,[sp,#16]
+	ldp	x21,x22,[sp,#32]
+	ldp	x23,x24,[sp,#48]
+	ldr	x29,[sp],#64
+	ret
+.size	ecp_nistz256_ord_sqr_mont,.-ecp_nistz256_ord_sqr_mont
+___
+}	}
+
+########################################################################
+# scatter-gather subroutines
+{
+my ($out,$inp,$index,$mask)=map("x$_",(0..3));
+$code.=<<___;
+// void	ecp_nistz256_scatter_w5(void *x0,const P256_POINT *x1,
+//					 int x2);
+.globl	ecp_nistz256_scatter_w5
+.type	ecp_nistz256_scatter_w5,%function
+.align	4
+ecp_nistz256_scatter_w5:
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+
+	add	$out,$out,$index,lsl#2
+
+	ldp	x4,x5,[$inp]		// X
+	ldp	x6,x7,[$inp,#16]
+	str	w4,[$out,#64*0-4]
+	lsr	x4,x4,#32
+	str	w5,[$out,#64*1-4]
+	lsr	x5,x5,#32
+	str	w6,[$out,#64*2-4]
+	lsr	x6,x6,#32
+	str	w7,[$out,#64*3-4]
+	lsr	x7,x7,#32
+	str	w4,[$out,#64*4-4]
+	str	w5,[$out,#64*5-4]
+	str	w6,[$out,#64*6-4]
+	str	w7,[$out,#64*7-4]
+	add	$out,$out,#64*8
+
+	ldp	x4,x5,[$inp,#32]	// Y
+	ldp	x6,x7,[$inp,#48]
+	str	w4,[$out,#64*0-4]
+	lsr	x4,x4,#32
+	str	w5,[$out,#64*1-4]
+	lsr	x5,x5,#32
+	str	w6,[$out,#64*2-4]
+	lsr	x6,x6,#32
+	str	w7,[$out,#64*3-4]
+	lsr	x7,x7,#32
+	str	w4,[$out,#64*4-4]
+	str	w5,[$out,#64*5-4]
+	str	w6,[$out,#64*6-4]
+	str	w7,[$out,#64*7-4]
+	add	$out,$out,#64*8
+
+	ldp	x4,x5,[$inp,#64]	// Z
+	ldp	x6,x7,[$inp,#80]
+	str	w4,[$out,#64*0-4]
+	lsr	x4,x4,#32
+	str	w5,[$out,#64*1-4]
+	lsr	x5,x5,#32
+	str	w6,[$out,#64*2-4]
+	lsr	x6,x6,#32
+	str	w7,[$out,#64*3-4]
+	lsr	x7,x7,#32
+	str	w4,[$out,#64*4-4]
+	str	w5,[$out,#64*5-4]
+	str	w6,[$out,#64*6-4]
+	str	w7,[$out,#64*7-4]
+
+	ldr	x29,[sp],#16
+	ret
+.size	ecp_nistz256_scatter_w5,.-ecp_nistz256_scatter_w5
+
+// void	ecp_nistz256_gather_w5(P256_POINT *x0,const void *x1,
+//					      int x2);
+.globl	ecp_nistz256_gather_w5
+.type	ecp_nistz256_gather_w5,%function
+.align	4
+ecp_nistz256_gather_w5:
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+
+	cmp	$index,xzr
+	csetm	x3,ne
+	add	$index,$index,x3
+	add	$inp,$inp,$index,lsl#2
+
+	ldr	w4,[$inp,#64*0]
+	ldr	w5,[$inp,#64*1]
+	ldr	w6,[$inp,#64*2]
+	ldr	w7,[$inp,#64*3]
+	ldr	w8,[$inp,#64*4]
+	ldr	w9,[$inp,#64*5]
+	ldr	w10,[$inp,#64*6]
+	ldr	w11,[$inp,#64*7]
+	add	$inp,$inp,#64*8
+	orr	x4,x4,x8,lsl#32
+	orr	x5,x5,x9,lsl#32
+	orr	x6,x6,x10,lsl#32
+	orr	x7,x7,x11,lsl#32
+	csel	x4,x4,xzr,ne
+	csel	x5,x5,xzr,ne
+	csel	x6,x6,xzr,ne
+	csel	x7,x7,xzr,ne
+	stp	x4,x5,[$out]		// X
+	stp	x6,x7,[$out,#16]
+
+	ldr	w4,[$inp,#64*0]
+	ldr	w5,[$inp,#64*1]
+	ldr	w6,[$inp,#64*2]
+	ldr	w7,[$inp,#64*3]
+	ldr	w8,[$inp,#64*4]
+	ldr	w9,[$inp,#64*5]
+	ldr	w10,[$inp,#64*6]
+	ldr	w11,[$inp,#64*7]
+	add	$inp,$inp,#64*8
+	orr	x4,x4,x8,lsl#32
+	orr	x5,x5,x9,lsl#32
+	orr	x6,x6,x10,lsl#32
+	orr	x7,x7,x11,lsl#32
+	csel	x4,x4,xzr,ne
+	csel	x5,x5,xzr,ne
+	csel	x6,x6,xzr,ne
+	csel	x7,x7,xzr,ne
+	stp	x4,x5,[$out,#32]	// Y
+	stp	x6,x7,[$out,#48]
+
+	ldr	w4,[$inp,#64*0]
+	ldr	w5,[$inp,#64*1]
+	ldr	w6,[$inp,#64*2]
+	ldr	w7,[$inp,#64*3]
+	ldr	w8,[$inp,#64*4]
+	ldr	w9,[$inp,#64*5]
+	ldr	w10,[$inp,#64*6]
+	ldr	w11,[$inp,#64*7]
+	orr	x4,x4,x8,lsl#32
+	orr	x5,x5,x9,lsl#32
+	orr	x6,x6,x10,lsl#32
+	orr	x7,x7,x11,lsl#32
+	csel	x4,x4,xzr,ne
+	csel	x5,x5,xzr,ne
+	csel	x6,x6,xzr,ne
+	csel	x7,x7,xzr,ne
+	stp	x4,x5,[$out,#64]	// Z
+	stp	x6,x7,[$out,#80]
+
+	ldr	x29,[sp],#16
+	ret
+.size	ecp_nistz256_gather_w5,.-ecp_nistz256_gather_w5
+
+// void	ecp_nistz256_scatter_w7(void *x0,const P256_POINT_AFFINE *x1,
+//					 int x2);
+.globl	ecp_nistz256_scatter_w7
+.type	ecp_nistz256_scatter_w7,%function
+.align	4
+ecp_nistz256_scatter_w7:
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+
+	add	$out,$out,$index
+	mov	$index,#64/8
+.Loop_scatter_w7:
+	ldr	x3,[$inp],#8
+	subs	$index,$index,#1
+	prfm	pstl1strm,[$out,#4096+64*0]
+	prfm	pstl1strm,[$out,#4096+64*1]
+	prfm	pstl1strm,[$out,#4096+64*2]
+	prfm	pstl1strm,[$out,#4096+64*3]
+	prfm	pstl1strm,[$out,#4096+64*4]
+	prfm	pstl1strm,[$out,#4096+64*5]
+	prfm	pstl1strm,[$out,#4096+64*6]
+	prfm	pstl1strm,[$out,#4096+64*7]
+	strb	w3,[$out,#64*0]
+	lsr	x3,x3,#8
+	strb	w3,[$out,#64*1]
+	lsr	x3,x3,#8
+	strb	w3,[$out,#64*2]
+	lsr	x3,x3,#8
+	strb	w3,[$out,#64*3]
+	lsr	x3,x3,#8
+	strb	w3,[$out,#64*4]
+	lsr	x3,x3,#8
+	strb	w3,[$out,#64*5]
+	lsr	x3,x3,#8
+	strb	w3,[$out,#64*6]
+	lsr	x3,x3,#8
+	strb	w3,[$out,#64*7]
+	add	$out,$out,#64*8
+	b.ne	.Loop_scatter_w7
+
+	ldr	x29,[sp],#16
+	ret
+.size	ecp_nistz256_scatter_w7,.-ecp_nistz256_scatter_w7
+
+// void	ecp_nistz256_gather_w7(P256_POINT_AFFINE *x0,const void *x1,
+//						     int x2);
+.globl	ecp_nistz256_gather_w7
+.type	ecp_nistz256_gather_w7,%function
+.align	4
+ecp_nistz256_gather_w7:
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+
+	cmp	$index,xzr
+	csetm	x3,ne
+	add	$index,$index,x3
+	add	$inp,$inp,$index
+	mov	$index,#64/8
+	nop
+.Loop_gather_w7:
+	ldrb	w4,[$inp,#64*0]
+	prfm	pldl1strm,[$inp,#4096+64*0]
+	subs	$index,$index,#1
+	ldrb	w5,[$inp,#64*1]
+	prfm	pldl1strm,[$inp,#4096+64*1]
+	ldrb	w6,[$inp,#64*2]
+	prfm	pldl1strm,[$inp,#4096+64*2]
+	ldrb	w7,[$inp,#64*3]
+	prfm	pldl1strm,[$inp,#4096+64*3]
+	ldrb	w8,[$inp,#64*4]
+	prfm	pldl1strm,[$inp,#4096+64*4]
+	ldrb	w9,[$inp,#64*5]
+	prfm	pldl1strm,[$inp,#4096+64*5]
+	ldrb	w10,[$inp,#64*6]
+	prfm	pldl1strm,[$inp,#4096+64*6]
+	ldrb	w11,[$inp,#64*7]
+	prfm	pldl1strm,[$inp,#4096+64*7]
+	add	$inp,$inp,#64*8
+	orr	x4,x4,x5,lsl#8
+	orr	x6,x6,x7,lsl#8
+	orr	x8,x8,x9,lsl#8
+	orr	x4,x4,x6,lsl#16
+	orr	x10,x10,x11,lsl#8
+	orr	x4,x4,x8,lsl#32
+	orr	x4,x4,x10,lsl#48
+	and	x4,x4,x3
+	str	x4,[$out],#8
+	b.ne	.Loop_gather_w7
+
+	ldr	x29,[sp],#16
+	ret
+.size	ecp_nistz256_gather_w7,.-ecp_nistz256_gather_w7
+___
+}
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/ge;
+
+	print $_,"\n";
+}
+close STDOUT;	# enforce flush
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/ecp_nistz256-avx2.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/ecp_nistz256-avx2.pl
new file mode 100755
index 000000000..794e56a08
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/ecp_nistz256-avx2.pl
@@ -0,0 +1,2080 @@
+#! /usr/bin/env perl
+# Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright (c) 2014, Intel Corporation. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+#
+# Originally written by Shay Gueron (1, 2), and Vlad Krasnov (1)
+# (1) Intel Corporation, Israel Development Center, Haifa, Israel
+# (2) University of Haifa, Israel
+#
+# Reference:
+# S.Gueron and V.Krasnov, "Fast Prime Field Elliptic Curve Cryptography with
+#                          256 Bit Primes"
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
+
+if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+		=~ /GNU assembler version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.19) + ($1>=2.22);
+	$addx = ($1>=2.23);
+}
+
+if (!$addx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
+	    `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.09) + ($1>=2.10);
+	$addx = ($1>=2.10);
+}
+
+if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
+	    `ml64 2>&1` =~ /Version ([0-9]+)\./) {
+	$avx = ($1>=10) + ($1>=11);
+	$addx = ($1>=12);
+}
+
+if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9])\.([0-9]+)/) {
+	my $ver = $2 + $3/100.0;	# 3.1->3.01, 3.10->3.10
+	$avx = ($ver>=3.0) + ($ver>=3.01);
+	$addx = ($ver>=3.03);
+}
+
+if ($avx>=2) {{
+$digit_size = "\$29";
+$n_digits = "\$9";
+
+$code.=<<___;
+.text
+
+.align 64
+.LAVX2_AND_MASK:
+.LAVX2_POLY:
+.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff
+.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff
+.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff
+.quad 0x000001ff, 0x000001ff, 0x000001ff, 0x000001ff
+.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000
+.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000
+.quad 0x00040000, 0x00040000, 0x00040000, 0x00040000
+.quad 0x1fe00000, 0x1fe00000, 0x1fe00000, 0x1fe00000
+.quad 0x00ffffff, 0x00ffffff, 0x00ffffff, 0x00ffffff
+
+.LAVX2_POLY_x2:
+.quad 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC
+.quad 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC
+.quad 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC
+.quad 0x400007FC, 0x400007FC, 0x400007FC, 0x400007FC
+.quad 0x3FFFFFFE, 0x3FFFFFFE, 0x3FFFFFFE, 0x3FFFFFFE
+.quad 0x3FFFFFFE, 0x3FFFFFFE, 0x3FFFFFFE, 0x3FFFFFFE
+.quad 0x400FFFFE, 0x400FFFFE, 0x400FFFFE, 0x400FFFFE
+.quad 0x7F7FFFFE, 0x7F7FFFFE, 0x7F7FFFFE, 0x7F7FFFFE
+.quad 0x03FFFFFC, 0x03FFFFFC, 0x03FFFFFC, 0x03FFFFFC
+
+.LAVX2_POLY_x8:
+.quad 0xFFFFFFF8, 0xFFFFFFF8, 0xFFFFFFF8, 0xFFFFFFF8
+.quad 0xFFFFFFF8, 0xFFFFFFF8, 0xFFFFFFF8, 0xFFFFFFF8
+.quad 0xFFFFFFF8, 0xFFFFFFF8, 0xFFFFFFF8, 0xFFFFFFF8
+.quad 0x80000FF8, 0x80000FF8, 0x80000FF8, 0x80000FF8
+.quad 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC
+.quad 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC
+.quad 0x801FFFFC, 0x801FFFFC, 0x801FFFFC, 0x801FFFFC
+.quad 0xFEFFFFFC, 0xFEFFFFFC, 0xFEFFFFFC, 0xFEFFFFFC
+.quad 0x07FFFFF8, 0x07FFFFF8, 0x07FFFFF8, 0x07FFFFF8
+
+.LONE:
+.quad 0x00000020, 0x00000020, 0x00000020, 0x00000020
+.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000
+.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000
+.quad 0x1fffc000, 0x1fffc000, 0x1fffc000, 0x1fffc000
+.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff
+.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff
+.quad 0x1f7fffff, 0x1f7fffff, 0x1f7fffff, 0x1f7fffff
+.quad 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff
+.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000
+
+# RR = 2^266 mod p in AVX2 format, to transform from the native OpenSSL
+# Montgomery form (*2^256) to our format (*2^261)
+
+.LTO_MONT_AVX2:
+.quad 0x00000400, 0x00000400, 0x00000400, 0x00000400
+.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000
+.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000
+.quad 0x1ff80000, 0x1ff80000, 0x1ff80000, 0x1ff80000
+.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff
+.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff
+.quad 0x0fffffff, 0x0fffffff, 0x0fffffff, 0x0fffffff
+.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff
+.quad 0x00000003, 0x00000003, 0x00000003, 0x00000003
+
+.LFROM_MONT_AVX2:
+.quad 0x00000001, 0x00000001, 0x00000001, 0x00000001
+.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000
+.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000
+.quad 0x1ffffe00, 0x1ffffe00, 0x1ffffe00, 0x1ffffe00
+.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff
+.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff
+.quad 0x1ffbffff, 0x1ffbffff, 0x1ffbffff, 0x1ffbffff
+.quad 0x001fffff, 0x001fffff, 0x001fffff, 0x001fffff
+.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000
+
+.LIntOne:
+.long 1,1,1,1,1,1,1,1
+___
+
+{
+# This function receives a pointer to an array of four affine points
+# (X, Y, <1>) and rearranges the data for AVX2 execution, while
+# converting it to 2^29 radix redundant form
+
+my ($X0,$X1,$X2,$X3, $Y0,$Y1,$Y2,$Y3,
+    $T0,$T1,$T2,$T3, $T4,$T5,$T6,$T7)=map("%ymm$_",(0..15));
+
+$code.=<<___;
+.globl	ecp_nistz256_avx2_transpose_convert
+.type	ecp_nistz256_avx2_transpose_convert,\@function,2
+.align 64
+ecp_nistz256_avx2_transpose_convert:
+	vzeroupper
+___
+$code.=<<___	if ($win64);
+	lea	-8-16*10(%rsp), %rsp
+	vmovaps	%xmm6, -8-16*10(%rax)
+	vmovaps	%xmm7, -8-16*9(%rax)
+	vmovaps	%xmm8, -8-16*8(%rax)
+	vmovaps	%xmm9, -8-16*7(%rax)
+	vmovaps	%xmm10, -8-16*6(%rax)
+	vmovaps	%xmm11, -8-16*5(%rax)
+	vmovaps	%xmm12, -8-16*4(%rax)
+	vmovaps	%xmm13, -8-16*3(%rax)
+	vmovaps	%xmm14, -8-16*2(%rax)
+	vmovaps	%xmm15, -8-16*1(%rax)
+___
+$code.=<<___;
+	# Load the data
+	vmovdqa		32*0(%rsi), $X0
+	lea		112(%rsi), %rax		# size optimization
+	vmovdqa		32*1(%rsi), $Y0
+	lea		.LAVX2_AND_MASK(%rip), %rdx
+	vmovdqa		32*2(%rsi), $X1
+	vmovdqa		32*3(%rsi), $Y1
+	vmovdqa		32*4-112(%rax), $X2
+	vmovdqa		32*5-112(%rax), $Y2
+	vmovdqa		32*6-112(%rax), $X3
+	vmovdqa		32*7-112(%rax), $Y3
+
+	# Transpose X and Y independently
+	vpunpcklqdq	$X1, $X0, $T0		# T0 = [B2 A2 B0 A0]
+	vpunpcklqdq	$X3, $X2, $T1		# T1 = [D2 C2 D0 C0]
+	vpunpckhqdq	$X1, $X0, $T2		# T2 = [B3 A3 B1 A1]
+	vpunpckhqdq	$X3, $X2, $T3		# T3 = [D3 C3 D1 C1]
+
+	vpunpcklqdq	$Y1, $Y0, $T4
+	vpunpcklqdq	$Y3, $Y2, $T5
+	vpunpckhqdq	$Y1, $Y0, $T6
+	vpunpckhqdq	$Y3, $Y2, $T7
+
+	vperm2i128	\$0x20, $T1, $T0, $X0	# X0 = [D0 C0 B0 A0]
+	vperm2i128	\$0x20, $T3, $T2, $X1	# X1 = [D1 C1 B1 A1]
+	vperm2i128	\$0x31, $T1, $T0, $X2	# X2 = [D2 C2 B2 A2]
+	vperm2i128	\$0x31, $T3, $T2, $X3	# X3 = [D3 C3 B3 A3]
+
+	vperm2i128	\$0x20, $T5, $T4, $Y0
+	vperm2i128	\$0x20, $T7, $T6, $Y1
+	vperm2i128	\$0x31, $T5, $T4, $Y2
+	vperm2i128	\$0x31, $T7, $T6, $Y3
+	vmovdqa		(%rdx), $T7
+
+	vpand		(%rdx), $X0, $T0	# out[0] = in[0] & mask;
+	vpsrlq		\$29, $X0, $X0
+	vpand		$T7, $X0, $T1		# out[1] = (in[0] >> shift) & mask;
+	vpsrlq		\$29, $X0, $X0
+	vpsllq		\$6, $X1, $T2
+	vpxor		$X0, $T2, $T2
+	vpand		$T7, $T2, $T2		# out[2] = ((in[0] >> (shift*2)) ^ (in[1] << (64-shift*2))) & mask;
+	vpsrlq		\$23, $X1, $X1
+	vpand		$T7, $X1, $T3		# out[3] = (in[1] >> ((shift*3)%64)) & mask;
+	vpsrlq		\$29, $X1, $X1
+	vpsllq		\$12, $X2, $T4
+	vpxor		$X1, $T4, $T4
+	vpand		$T7, $T4, $T4		# out[4] = ((in[1] >> ((shift*4)%64)) ^ (in[2] << (64*2-shift*4))) & mask;
+	vpsrlq		\$17, $X2, $X2
+	vpand		$T7, $X2, $T5		# out[5] = (in[2] >> ((shift*5)%64)) & mask;
+	vpsrlq		\$29, $X2, $X2
+	vpsllq		\$18, $X3, $T6
+	vpxor		$X2, $T6, $T6
+	vpand		$T7, $T6, $T6		# out[6] = ((in[2] >> ((shift*6)%64)) ^ (in[3] << (64*3-shift*6))) & mask;
+	vpsrlq		\$11, $X3, $X3
+	 vmovdqa	$T0, 32*0(%rdi)
+	 lea		112(%rdi), %rax		# size optimization
+	vpand		$T7, $X3, $T0		# out[7] = (in[3] >> ((shift*7)%64)) & mask;
+	vpsrlq		\$29, $X3, $X3		# out[8] = (in[3] >> ((shift*8)%64)) & mask;
+
+	vmovdqa		$T1, 32*1(%rdi)
+	vmovdqa		$T2, 32*2(%rdi)
+	vmovdqa		$T3, 32*3(%rdi)
+	vmovdqa		$T4, 32*4-112(%rax)
+	vmovdqa		$T5, 32*5-112(%rax)
+	vmovdqa		$T6, 32*6-112(%rax)
+	vmovdqa		$T0, 32*7-112(%rax)
+	vmovdqa		$X3, 32*8-112(%rax)
+	lea		448(%rdi), %rax		# size optimization
+
+	vpand		$T7, $Y0, $T0		# out[0] = in[0] & mask;
+	vpsrlq		\$29, $Y0, $Y0
+	vpand		$T7, $Y0, $T1		# out[1] = (in[0] >> shift) & mask;
+	vpsrlq		\$29, $Y0, $Y0
+	vpsllq		\$6, $Y1, $T2
+	vpxor		$Y0, $T2, $T2
+	vpand		$T7, $T2, $T2		# out[2] = ((in[0] >> (shift*2)) ^ (in[1] << (64-shift*2))) & mask;
+	vpsrlq		\$23, $Y1, $Y1
+	vpand		$T7, $Y1, $T3		# out[3] = (in[1] >> ((shift*3)%64)) & mask;
+	vpsrlq		\$29, $Y1, $Y1
+	vpsllq		\$12, $Y2, $T4
+	vpxor		$Y1, $T4, $T4
+	vpand		$T7, $T4, $T4		# out[4] = ((in[1] >> ((shift*4)%64)) ^ (in[2] << (64*2-shift*4))) & mask;
+	vpsrlq		\$17, $Y2, $Y2
+	vpand		$T7, $Y2, $T5		# out[5] = (in[2] >> ((shift*5)%64)) & mask;
+	vpsrlq		\$29, $Y2, $Y2
+	vpsllq		\$18, $Y3, $T6
+	vpxor		$Y2, $T6, $T6
+	vpand		$T7, $T6, $T6		# out[6] = ((in[2] >> ((shift*6)%64)) ^ (in[3] << (64*3-shift*6))) & mask;
+	vpsrlq		\$11, $Y3, $Y3
+	 vmovdqa	$T0, 32*9-448(%rax)
+	vpand		$T7, $Y3, $T0		# out[7] = (in[3] >> ((shift*7)%64)) & mask;
+	vpsrlq		\$29, $Y3, $Y3		# out[8] = (in[3] >> ((shift*8)%64)) & mask;
+
+	vmovdqa		$T1, 32*10-448(%rax)
+	vmovdqa		$T2, 32*11-448(%rax)
+	vmovdqa		$T3, 32*12-448(%rax)
+	vmovdqa		$T4, 32*13-448(%rax)
+	vmovdqa		$T5, 32*14-448(%rax)
+	vmovdqa		$T6, 32*15-448(%rax)
+	vmovdqa		$T0, 32*16-448(%rax)
+	vmovdqa		$Y3, 32*17-448(%rax)
+
+	vzeroupper
+___
+$code.=<<___	if ($win64);
+	movaps	16*0(%rsp), %xmm6
+	movaps	16*1(%rsp), %xmm7
+	movaps	16*2(%rsp), %xmm8
+	movaps	16*3(%rsp), %xmm9
+	movaps	16*4(%rsp), %xmm10
+	movaps	16*5(%rsp), %xmm11
+	movaps	16*6(%rsp), %xmm12
+	movaps	16*7(%rsp), %xmm13
+	movaps	16*8(%rsp), %xmm14
+	movaps	16*9(%rsp), %xmm15
+	lea	8+16*10(%rsp), %rsp
+___
+$code.=<<___;
+	ret
+.size	ecp_nistz256_avx2_transpose_convert,.-ecp_nistz256_avx2_transpose_convert
+___
+}
+{
+################################################################################
+# This function receives a pointer to an array of four AVX2 formatted points
+# (X, Y, Z) convert the data to normal representation, and rearranges the data
+
+my ($D0,$D1,$D2,$D3, $D4,$D5,$D6,$D7, $D8)=map("%ymm$_",(0..8));
+my ($T0,$T1,$T2,$T3, $T4,$T5,$T6)=map("%ymm$_",(9..15));
+
+$code.=<<___;
+
+.globl	ecp_nistz256_avx2_convert_transpose_back
+.type	ecp_nistz256_avx2_convert_transpose_back,\@function,2
+.align	32
+ecp_nistz256_avx2_convert_transpose_back:
+	vzeroupper
+___
+$code.=<<___	if ($win64);
+	lea	-8-16*10(%rsp), %rsp
+	vmovaps	%xmm6, -8-16*10(%rax)
+	vmovaps	%xmm7, -8-16*9(%rax)
+	vmovaps	%xmm8, -8-16*8(%rax)
+	vmovaps	%xmm9, -8-16*7(%rax)
+	vmovaps	%xmm10, -8-16*6(%rax)
+	vmovaps	%xmm11, -8-16*5(%rax)
+	vmovaps	%xmm12, -8-16*4(%rax)
+	vmovaps	%xmm13, -8-16*3(%rax)
+	vmovaps	%xmm14, -8-16*2(%rax)
+	vmovaps	%xmm15, -8-16*1(%rax)
+___
+$code.=<<___;
+	mov	\$3, %ecx
+
+.Lconv_loop:
+	vmovdqa		32*0(%rsi), $D0
+	lea		160(%rsi), %rax		# size optimization
+	vmovdqa		32*1(%rsi), $D1
+	vmovdqa		32*2(%rsi), $D2
+	vmovdqa		32*3(%rsi), $D3
+	vmovdqa		32*4-160(%rax), $D4
+	vmovdqa		32*5-160(%rax), $D5
+	vmovdqa		32*6-160(%rax), $D6
+	vmovdqa		32*7-160(%rax), $D7
+	vmovdqa		32*8-160(%rax), $D8
+
+	vpsllq		\$29, $D1, $D1
+	vpsllq		\$58, $D2, $T0
+	vpaddq		$D1, $D0, $D0
+	vpaddq		$T0, $D0, $D0		# out[0] = (in[0]) ^ (in[1] << shift*1) ^ (in[2] << shift*2);
+
+	vpsrlq		\$6, $D2, $D2
+	vpsllq		\$23, $D3, $D3
+	vpsllq		\$52, $D4, $T1
+	vpaddq		$D2, $D3, $D3
+	vpaddq		$D3, $T1, $D1		# out[1] = (in[2] >> (64*1-shift*2)) ^ (in[3] << shift*3%64) ^ (in[4] << shift*4%64);
+
+	vpsrlq		\$12, $D4, $D4
+	vpsllq		\$17, $D5, $D5
+	vpsllq		\$46, $D6, $T2
+	vpaddq		$D4, $D5, $D5
+	vpaddq		$D5, $T2, $D2		# out[2] = (in[4] >> (64*2-shift*4)) ^ (in[5] << shift*5%64) ^ (in[6] << shift*6%64);
+
+	vpsrlq		\$18, $D6, $D6
+	vpsllq		\$11, $D7, $D7
+	vpsllq		\$40, $D8, $T3
+	vpaddq		$D6, $D7, $D7
+	vpaddq		$D7, $T3, $D3		# out[3] = (in[6] >> (64*3-shift*6)) ^ (in[7] << shift*7%64) ^ (in[8] << shift*8%64);
+
+	vpunpcklqdq	$D1, $D0, $T0		# T0 = [B2 A2 B0 A0]
+	vpunpcklqdq	$D3, $D2, $T1		# T1 = [D2 C2 D0 C0]
+	vpunpckhqdq	$D1, $D0, $T2		# T2 = [B3 A3 B1 A1]
+	vpunpckhqdq	$D3, $D2, $T3		# T3 = [D3 C3 D1 C1]
+
+	vperm2i128	\$0x20, $T1, $T0, $D0	# X0 = [D0 C0 B0 A0]
+	vperm2i128	\$0x20, $T3, $T2, $D1	# X1 = [D1 C1 B1 A1]
+	vperm2i128	\$0x31, $T1, $T0, $D2	# X2 = [D2 C2 B2 A2]
+	vperm2i128	\$0x31, $T3, $T2, $D3	# X3 = [D3 C3 B3 A3]
+
+	vmovdqa		$D0, 32*0(%rdi)
+	vmovdqa		$D1, 32*3(%rdi)
+	vmovdqa		$D2, 32*6(%rdi)
+	vmovdqa		$D3, 32*9(%rdi)
+
+	lea		32*9(%rsi), %rsi
+	lea		32*1(%rdi), %rdi
+
+	dec	%ecx
+	jnz	.Lconv_loop
+
+	vzeroupper
+___
+$code.=<<___	if ($win64);
+	movaps	16*0(%rsp), %xmm6
+	movaps	16*1(%rsp), %xmm7
+	movaps	16*2(%rsp), %xmm8
+	movaps	16*3(%rsp), %xmm9
+	movaps	16*4(%rsp), %xmm10
+	movaps	16*5(%rsp), %xmm11
+	movaps	16*6(%rsp), %xmm12
+	movaps	16*7(%rsp), %xmm13
+	movaps	16*8(%rsp), %xmm14
+	movaps	16*9(%rsp), %xmm15
+	lea	8+16*10(%rsp), %rsp
+___
+$code.=<<___;
+	ret
+.size	ecp_nistz256_avx2_convert_transpose_back,.-ecp_nistz256_avx2_convert_transpose_back
+___
+}
+{
+my ($r_ptr,$a_ptr,$b_ptr,$itr)=("%rdi","%rsi","%rdx","%ecx");
+my ($ACC0,$ACC1,$ACC2,$ACC3,$ACC4,$ACC5,$ACC6,$ACC7,$ACC8)=map("%ymm$_",(0..8));
+my ($B,$Y,$T0,$AND_MASK,$OVERFLOW)=map("%ymm$_",(9..13));
+
+sub NORMALIZE {
+my $ret=<<___;
+	vpsrlq		$digit_size, $ACC0, $T0
+	vpand		$AND_MASK, $ACC0, $ACC0
+	vpaddq		$T0, $ACC1, $ACC1
+
+	vpsrlq		$digit_size, $ACC1, $T0
+	vpand		$AND_MASK, $ACC1, $ACC1
+	vpaddq		$T0, $ACC2, $ACC2
+
+	vpsrlq		$digit_size, $ACC2, $T0
+	vpand		$AND_MASK, $ACC2, $ACC2
+	vpaddq		$T0, $ACC3, $ACC3
+
+	vpsrlq		$digit_size, $ACC3, $T0
+	vpand		$AND_MASK, $ACC3, $ACC3
+	vpaddq		$T0, $ACC4, $ACC4
+
+	vpsrlq		$digit_size, $ACC4, $T0
+	vpand		$AND_MASK, $ACC4, $ACC4
+	vpaddq		$T0, $ACC5, $ACC5
+
+	vpsrlq		$digit_size, $ACC5, $T0
+	vpand		$AND_MASK, $ACC5, $ACC5
+	vpaddq		$T0, $ACC6, $ACC6
+
+	vpsrlq		$digit_size, $ACC6, $T0
+	vpand		$AND_MASK, $ACC6, $ACC6
+	vpaddq		$T0, $ACC7, $ACC7
+
+	vpsrlq		$digit_size, $ACC7, $T0
+	vpand		$AND_MASK, $ACC7, $ACC7
+	vpaddq		$T0, $ACC8, $ACC8
+	#vpand		$AND_MASK, $ACC8, $ACC8
+___
+    $ret;
+}
+
+sub STORE {
+my $ret=<<___;
+	vmovdqa		$ACC0, 32*0(%rdi)
+	lea		160(%rdi), %rax		# size optimization
+	vmovdqa		$ACC1, 32*1(%rdi)
+	vmovdqa		$ACC2, 32*2(%rdi)
+	vmovdqa		$ACC3, 32*3(%rdi)
+	vmovdqa		$ACC4, 32*4-160(%rax)
+	vmovdqa		$ACC5, 32*5-160(%rax)
+	vmovdqa		$ACC6, 32*6-160(%rax)
+	vmovdqa		$ACC7, 32*7-160(%rax)
+	vmovdqa		$ACC8, 32*8-160(%rax)
+___
+    $ret;
+}
+
+$code.=<<___;
+.type	avx2_normalize,\@abi-omnipotent
+.align	32
+avx2_normalize:
+	vpsrlq		$digit_size, $ACC0, $T0
+	vpand		$AND_MASK, $ACC0, $ACC0
+	vpaddq		$T0, $ACC1, $ACC1
+
+	vpsrlq		$digit_size, $ACC1, $T0
+	vpand		$AND_MASK, $ACC1, $ACC1
+	vpaddq		$T0, $ACC2, $ACC2
+
+	vpsrlq		$digit_size, $ACC2, $T0
+	vpand		$AND_MASK, $ACC2, $ACC2
+	vpaddq		$T0, $ACC3, $ACC3
+
+	vpsrlq		$digit_size, $ACC3, $T0
+	vpand		$AND_MASK, $ACC3, $ACC3
+	vpaddq		$T0, $ACC4, $ACC4
+
+	vpsrlq		$digit_size, $ACC4, $T0
+	vpand		$AND_MASK, $ACC4, $ACC4
+	vpaddq		$T0, $ACC5, $ACC5
+
+	vpsrlq		$digit_size, $ACC5, $T0
+	vpand		$AND_MASK, $ACC5, $ACC5
+	vpaddq		$T0, $ACC6, $ACC6
+
+	vpsrlq		$digit_size, $ACC6, $T0
+	vpand		$AND_MASK, $ACC6, $ACC6
+	vpaddq		$T0, $ACC7, $ACC7
+
+	vpsrlq		$digit_size, $ACC7, $T0
+	vpand		$AND_MASK, $ACC7, $ACC7
+	vpaddq		$T0, $ACC8, $ACC8
+	#vpand		$AND_MASK, $ACC8, $ACC8
+
+	ret
+.size	avx2_normalize,.-avx2_normalize
+
+.type	avx2_normalize_n_store,\@abi-omnipotent
+.align	32
+avx2_normalize_n_store:
+	vpsrlq		$digit_size, $ACC0, $T0
+	vpand		$AND_MASK, $ACC0, $ACC0
+	vpaddq		$T0, $ACC1, $ACC1
+
+	vpsrlq		$digit_size, $ACC1, $T0
+	vpand		$AND_MASK, $ACC1, $ACC1
+	 vmovdqa	$ACC0, 32*0(%rdi)
+	 lea		160(%rdi), %rax		# size optimization
+	vpaddq		$T0, $ACC2, $ACC2
+
+	vpsrlq		$digit_size, $ACC2, $T0
+	vpand		$AND_MASK, $ACC2, $ACC2
+	 vmovdqa	$ACC1, 32*1(%rdi)
+	vpaddq		$T0, $ACC3, $ACC3
+
+	vpsrlq		$digit_size, $ACC3, $T0
+	vpand		$AND_MASK, $ACC3, $ACC3
+	 vmovdqa	$ACC2, 32*2(%rdi)
+	vpaddq		$T0, $ACC4, $ACC4
+
+	vpsrlq		$digit_size, $ACC4, $T0
+	vpand		$AND_MASK, $ACC4, $ACC4
+	 vmovdqa	$ACC3, 32*3(%rdi)
+	vpaddq		$T0, $ACC5, $ACC5
+
+	vpsrlq		$digit_size, $ACC5, $T0
+	vpand		$AND_MASK, $ACC5, $ACC5
+	 vmovdqa	$ACC4, 32*4-160(%rax)
+	vpaddq		$T0, $ACC6, $ACC6
+
+	vpsrlq		$digit_size, $ACC6, $T0
+	vpand		$AND_MASK, $ACC6, $ACC6
+	 vmovdqa	$ACC5, 32*5-160(%rax)
+	vpaddq		$T0, $ACC7, $ACC7
+
+	vpsrlq		$digit_size, $ACC7, $T0
+	vpand		$AND_MASK, $ACC7, $ACC7
+	 vmovdqa	$ACC6, 32*6-160(%rax)
+	vpaddq		$T0, $ACC8, $ACC8
+	#vpand		$AND_MASK, $ACC8, $ACC8
+	 vmovdqa	$ACC7, 32*7-160(%rax)
+	 vmovdqa	$ACC8, 32*8-160(%rax)
+
+	ret
+.size	avx2_normalize_n_store,.-avx2_normalize_n_store
+
+################################################################################
+# void avx2_mul_x4(void* RESULTx4, void *Ax4, void *Bx4);
+.type	avx2_mul_x4,\@abi-omnipotent
+.align	32
+avx2_mul_x4:
+	lea	.LAVX2_POLY(%rip), %rax
+
+	vpxor	$ACC0, $ACC0, $ACC0
+	vpxor	$ACC1, $ACC1, $ACC1
+	vpxor	$ACC2, $ACC2, $ACC2
+	vpxor	$ACC3, $ACC3, $ACC3
+	vpxor	$ACC4, $ACC4, $ACC4
+	vpxor	$ACC5, $ACC5, $ACC5
+	vpxor	$ACC6, $ACC6, $ACC6
+	vpxor	$ACC7, $ACC7, $ACC7
+
+	vmovdqa	32*7(%rax), %ymm14
+	vmovdqa	32*8(%rax), %ymm15
+
+	mov	$n_digits, $itr
+	lea	-512($a_ptr), $a_ptr	# strategic bias to control u-op density
+	jmp	.Lavx2_mul_x4_loop
+
+.align	32
+.Lavx2_mul_x4_loop:
+	vmovdqa		32*0($b_ptr), $B
+	lea		32*1($b_ptr), $b_ptr
+
+	vpmuludq	32*0+512($a_ptr), $B, $T0
+	vpmuludq	32*1+512($a_ptr), $B, $OVERFLOW	# borrow $OVERFLOW
+	vpaddq		$T0, $ACC0, $ACC0
+	vpmuludq	32*2+512($a_ptr), $B, $T0
+	vpaddq		$OVERFLOW, $ACC1, $ACC1
+	 vpand		$AND_MASK, $ACC0, $Y
+	vpmuludq	32*3+512($a_ptr), $B, $OVERFLOW
+	vpaddq		$T0, $ACC2, $ACC2
+	vpmuludq	32*4+512($a_ptr), $B, $T0
+	vpaddq		$OVERFLOW, $ACC3, $ACC3
+	vpmuludq	32*5+512($a_ptr), $B, $OVERFLOW
+	vpaddq		$T0, $ACC4, $ACC4
+	vpmuludq	32*6+512($a_ptr), $B, $T0
+	vpaddq		$OVERFLOW, $ACC5, $ACC5
+	vpmuludq	32*7+512($a_ptr), $B, $OVERFLOW
+	vpaddq		$T0, $ACC6, $ACC6
+
+	# Skip some multiplications, optimizing for the constant poly
+	vpmuludq	$AND_MASK, $Y, $T0
+	 vpaddq		$OVERFLOW, $ACC7, $ACC7
+	 vpmuludq	32*8+512($a_ptr), $B, $ACC8
+	vpaddq		$T0, $ACC0, $OVERFLOW
+	vpaddq		$T0, $ACC1, $ACC0
+	vpsrlq		$digit_size, $OVERFLOW, $OVERFLOW
+	vpaddq		$T0, $ACC2, $ACC1
+	vpmuludq	32*3(%rax), $Y, $T0
+	vpaddq		$OVERFLOW, $ACC0, $ACC0
+	vpaddq		$T0, $ACC3, $ACC2
+	.byte		0x67
+	vmovdqa		$ACC4, $ACC3
+	vpsllq		\$18, $Y, $OVERFLOW
+	.byte		0x67
+	vmovdqa		$ACC5, $ACC4
+	vpmuludq	%ymm14, $Y, $T0
+	vpaddq		$OVERFLOW, $ACC6, $ACC5
+	vpmuludq	%ymm15, $Y, $OVERFLOW
+	vpaddq		$T0, $ACC7, $ACC6
+	vpaddq		$OVERFLOW, $ACC8, $ACC7
+
+	dec	$itr
+	jnz	.Lavx2_mul_x4_loop
+
+	vpxor	$ACC8, $ACC8, $ACC8
+
+	ret
+.size	avx2_mul_x4,.-avx2_mul_x4
+
+# Function optimized for the constant 1
+################################################################################
+# void avx2_mul_by1_x4(void* RESULTx4, void *Ax4);
+.type	avx2_mul_by1_x4,\@abi-omnipotent
+.align	32
+avx2_mul_by1_x4:
+	lea	.LAVX2_POLY(%rip), %rax
+
+	vpxor	$ACC0, $ACC0, $ACC0
+	vpxor	$ACC1, $ACC1, $ACC1
+	vpxor	$ACC2, $ACC2, $ACC2
+	vpxor	$ACC3, $ACC3, $ACC3
+	vpxor	$ACC4, $ACC4, $ACC4
+	vpxor	$ACC5, $ACC5, $ACC5
+	vpxor	$ACC6, $ACC6, $ACC6
+	vpxor	$ACC7, $ACC7, $ACC7
+	vpxor	$ACC8, $ACC8, $ACC8
+
+	vmovdqa	32*3+.LONE(%rip), %ymm14
+	vmovdqa	32*7+.LONE(%rip), %ymm15
+
+	mov	$n_digits, $itr
+	jmp	.Lavx2_mul_by1_x4_loop
+
+.align	32
+.Lavx2_mul_by1_x4_loop:
+	vmovdqa		32*0($a_ptr), $B
+	.byte		0x48,0x8d,0xb6,0x20,0,0,0	# lea	32*1($a_ptr), $a_ptr
+
+	vpsllq		\$5, $B, $OVERFLOW
+	vpmuludq	%ymm14, $B, $T0
+	vpaddq		$OVERFLOW, $ACC0, $ACC0
+	vpaddq		$T0, $ACC3, $ACC3
+	.byte		0x67
+	vpmuludq	$AND_MASK, $B, $T0
+	vpand		$AND_MASK, $ACC0, $Y
+	vpaddq		$T0, $ACC4, $ACC4
+	vpaddq		$T0, $ACC5, $ACC5
+	vpaddq		$T0, $ACC6, $ACC6
+	vpsllq		\$23, $B, $T0
+
+	.byte		0x67,0x67
+	vpmuludq	%ymm15, $B, $OVERFLOW
+	vpsubq		$T0, $ACC6, $ACC6
+
+	vpmuludq	$AND_MASK, $Y, $T0
+	vpaddq		$OVERFLOW, $ACC7, $ACC7
+	vpaddq		$T0, $ACC0, $OVERFLOW
+	vpaddq		$T0, $ACC1, $ACC0
+	.byte		0x67,0x67
+	vpsrlq		$digit_size, $OVERFLOW, $OVERFLOW
+	vpaddq		$T0, $ACC2, $ACC1
+	vpmuludq	32*3(%rax), $Y, $T0
+	vpaddq		$OVERFLOW, $ACC0, $ACC0
+	vpaddq		$T0, $ACC3, $ACC2
+	vmovdqa		$ACC4, $ACC3
+	vpsllq		\$18, $Y, $OVERFLOW
+	vmovdqa		$ACC5, $ACC4
+	vpmuludq	32*7(%rax), $Y, $T0
+	vpaddq		$OVERFLOW, $ACC6, $ACC5
+	vpaddq		$T0, $ACC7, $ACC6
+	vpmuludq	32*8(%rax), $Y, $ACC7
+
+	dec	$itr
+	jnz	.Lavx2_mul_by1_x4_loop
+
+	ret
+.size	avx2_mul_by1_x4,.-avx2_mul_by1_x4
+
+################################################################################
+# void avx2_sqr_x4(void* RESULTx4, void *Ax4, void *Bx4);
+.type	avx2_sqr_x4,\@abi-omnipotent
+.align	32
+avx2_sqr_x4:
+	lea		.LAVX2_POLY(%rip), %rax
+
+	vmovdqa		32*7(%rax), %ymm14
+	vmovdqa		32*8(%rax), %ymm15
+
+	vmovdqa		32*0($a_ptr), $B
+	vmovdqa		32*1($a_ptr), $ACC1
+	vmovdqa		32*2($a_ptr), $ACC2
+	vmovdqa		32*3($a_ptr), $ACC3
+	vmovdqa		32*4($a_ptr), $ACC4
+	vmovdqa		32*5($a_ptr), $ACC5
+	vmovdqa		32*6($a_ptr), $ACC6
+	vmovdqa		32*7($a_ptr), $ACC7
+	vpaddq		$ACC1, $ACC1, $ACC1	# 2*$ACC0..7
+	vmovdqa		32*8($a_ptr), $ACC8
+	vpaddq		$ACC2, $ACC2, $ACC2
+	vmovdqa		$ACC1, 32*0(%rcx)
+	vpaddq		$ACC3, $ACC3, $ACC3
+	vmovdqa		$ACC2, 32*1(%rcx)
+	vpaddq		$ACC4, $ACC4, $ACC4
+	vmovdqa		$ACC3, 32*2(%rcx)
+	vpaddq		$ACC5, $ACC5, $ACC5
+	vmovdqa		$ACC4, 32*3(%rcx)
+	vpaddq		$ACC6, $ACC6, $ACC6
+	vmovdqa		$ACC5, 32*4(%rcx)
+	vpaddq		$ACC7, $ACC7, $ACC7
+	vmovdqa		$ACC6, 32*5(%rcx)
+	vpaddq		$ACC8, $ACC8, $ACC8
+	vmovdqa		$ACC7, 32*6(%rcx)
+	vmovdqa		$ACC8, 32*7(%rcx)
+
+	#itr		1
+	vpmuludq	$B, $B, $ACC0
+	vpmuludq	$B, $ACC1, $ACC1
+	 vpand		$AND_MASK, $ACC0, $Y
+	vpmuludq	$B, $ACC2, $ACC2
+	vpmuludq	$B, $ACC3, $ACC3
+	vpmuludq	$B, $ACC4, $ACC4
+	vpmuludq	$B, $ACC5, $ACC5
+	vpmuludq	$B, $ACC6, $ACC6
+	 vpmuludq	$AND_MASK, $Y, $T0
+	vpmuludq	$B, $ACC7, $ACC7
+	vpmuludq	$B, $ACC8, $ACC8
+	 vmovdqa	32*1($a_ptr), $B
+
+	vpaddq		$T0, $ACC0, $OVERFLOW
+	vpaddq		$T0, $ACC1, $ACC0
+	vpsrlq		$digit_size, $OVERFLOW, $OVERFLOW
+	vpaddq		$T0, $ACC2, $ACC1
+	vpmuludq	32*3(%rax), $Y, $T0
+	vpaddq		$OVERFLOW, $ACC0, $ACC0
+	vpaddq		$T0, $ACC3, $ACC2
+	vmovdqa		$ACC4, $ACC3
+	vpsllq		\$18, $Y, $T0
+	vmovdqa		$ACC5, $ACC4
+	vpmuludq	%ymm14, $Y, $OVERFLOW
+	vpaddq		$T0, $ACC6, $ACC5
+	vpmuludq	%ymm15, $Y, $T0
+	vpaddq		$OVERFLOW, $ACC7, $ACC6
+	vpaddq		$T0, $ACC8, $ACC7
+
+	#itr		2
+	vpmuludq	$B, $B, $OVERFLOW
+	 vpand		$AND_MASK, $ACC0, $Y
+	vpmuludq	32*1(%rcx), $B, $T0
+	vpaddq		$OVERFLOW, $ACC1, $ACC1
+	vpmuludq	32*2(%rcx), $B, $OVERFLOW
+	vpaddq		$T0, $ACC2, $ACC2
+	vpmuludq	32*3(%rcx), $B, $T0
+	vpaddq		$OVERFLOW, $ACC3, $ACC3
+	vpmuludq	32*4(%rcx), $B, $OVERFLOW
+	vpaddq		$T0, $ACC4, $ACC4
+	vpmuludq	32*5(%rcx), $B, $T0
+	vpaddq		$OVERFLOW, $ACC5, $ACC5
+	vpmuludq	32*6(%rcx), $B, $OVERFLOW
+	vpaddq		$T0, $ACC6, $ACC6
+
+	vpmuludq	$AND_MASK, $Y, $T0
+	 vpaddq		$OVERFLOW, $ACC7, $ACC7
+	 vpmuludq	32*7(%rcx), $B, $ACC8
+	 vmovdqa	32*2($a_ptr), $B
+	vpaddq		$T0, $ACC0, $OVERFLOW
+	vpaddq		$T0, $ACC1, $ACC0
+	vpsrlq		$digit_size, $OVERFLOW, $OVERFLOW
+	vpaddq		$T0, $ACC2, $ACC1
+	vpmuludq	32*3(%rax), $Y, $T0
+	vpaddq		$OVERFLOW, $ACC0, $ACC0
+	vpaddq		$T0, $ACC3, $ACC2
+	vmovdqa		$ACC4, $ACC3
+	vpsllq		\$18, $Y, $T0
+	vmovdqa		$ACC5, $ACC4
+	vpmuludq	%ymm14, $Y, $OVERFLOW
+	vpaddq		$T0, $ACC6, $ACC5
+	vpmuludq	%ymm15, $Y, $T0
+	vpaddq		$OVERFLOW, $ACC7, $ACC6
+	vpaddq		$T0, $ACC8, $ACC7
+
+	#itr		3
+	vpmuludq	$B, $B, $T0
+	 vpand		$AND_MASK, $ACC0, $Y
+	vpmuludq	32*2(%rcx), $B, $OVERFLOW
+	vpaddq		$T0, $ACC2, $ACC2
+	vpmuludq	32*3(%rcx), $B, $T0
+	vpaddq		$OVERFLOW, $ACC3, $ACC3
+	vpmuludq	32*4(%rcx), $B, $OVERFLOW
+	vpaddq		$T0, $ACC4, $ACC4
+	vpmuludq	32*5(%rcx), $B, $T0
+	vpaddq		$OVERFLOW, $ACC5, $ACC5
+	vpmuludq	32*6(%rcx), $B, $OVERFLOW
+	vpaddq		$T0, $ACC6, $ACC6
+
+	vpmuludq	$AND_MASK, $Y, $T0
+	 vpaddq		$OVERFLOW, $ACC7, $ACC7
+	 vpmuludq	32*7(%rcx), $B, $ACC8
+	 vmovdqa	32*3($a_ptr), $B
+	vpaddq		$T0, $ACC0, $OVERFLOW
+	vpaddq		$T0, $ACC1, $ACC0
+	vpsrlq		$digit_size, $OVERFLOW, $OVERFLOW
+	vpaddq		$T0, $ACC2, $ACC1
+	vpmuludq	32*3(%rax), $Y, $T0
+	vpaddq		$OVERFLOW, $ACC0, $ACC0
+	vpaddq		$T0, $ACC3, $ACC2
+	vmovdqa		$ACC4, $ACC3
+	vpsllq		\$18, $Y, $T0
+	vmovdqa		$ACC5, $ACC4
+	vpmuludq	%ymm14, $Y, $OVERFLOW
+	vpaddq		$T0, $ACC6, $ACC5
+	vpmuludq	%ymm15, $Y, $T0
+	 vpand		$AND_MASK, $ACC0, $Y
+	vpaddq		$OVERFLOW, $ACC7, $ACC6
+	vpaddq		$T0, $ACC8, $ACC7
+
+	#itr		4
+	vpmuludq	$B, $B, $OVERFLOW
+	vpmuludq	32*3(%rcx), $B, $T0
+	vpaddq		$OVERFLOW, $ACC3, $ACC3
+	vpmuludq	32*4(%rcx), $B, $OVERFLOW
+	vpaddq		$T0, $ACC4, $ACC4
+	vpmuludq	32*5(%rcx), $B, $T0
+	vpaddq		$OVERFLOW, $ACC5, $ACC5
+	vpmuludq	32*6(%rcx), $B, $OVERFLOW
+	vpaddq		$T0, $ACC6, $ACC6
+
+	vpmuludq	$AND_MASK, $Y, $T0
+	 vpaddq		$OVERFLOW, $ACC7, $ACC7
+	 vpmuludq	32*7(%rcx), $B, $ACC8
+	 vmovdqa	32*4($a_ptr), $B
+	vpaddq		$T0, $ACC0, $OVERFLOW
+	vpaddq		$T0, $ACC1, $ACC0
+	vpsrlq		$digit_size, $OVERFLOW, $OVERFLOW
+	vpaddq		$T0, $ACC2, $ACC1
+	vpmuludq	32*3(%rax), $Y, $T0
+	vpaddq		$OVERFLOW, $ACC0, $ACC0
+	vpaddq		$T0, $ACC3, $ACC2
+	vmovdqa		$ACC4, $ACC3
+	vpsllq		\$18, $Y, $T0
+	vmovdqa		$ACC5, $ACC4
+	vpmuludq	%ymm14, $Y, $OVERFLOW
+	vpaddq		$T0, $ACC6, $ACC5
+	vpmuludq	%ymm15, $Y, $T0
+	 vpand		$AND_MASK, $ACC0, $Y
+	vpaddq		$OVERFLOW, $ACC7, $ACC6
+	vpaddq		$T0, $ACC8, $ACC7
+
+	#itr		5
+	vpmuludq	$B, $B, $T0
+	vpmuludq	32*4(%rcx), $B, $OVERFLOW
+	vpaddq		$T0, $ACC4, $ACC4
+	vpmuludq	32*5(%rcx), $B, $T0
+	vpaddq		$OVERFLOW, $ACC5, $ACC5
+	vpmuludq	32*6(%rcx), $B, $OVERFLOW
+	vpaddq		$T0, $ACC6, $ACC6
+
+	vpmuludq	$AND_MASK, $Y, $T0
+	 vpaddq		$OVERFLOW, $ACC7, $ACC7
+	 vpmuludq	32*7(%rcx), $B, $ACC8
+	 vmovdqa	32*5($a_ptr), $B
+	vpaddq		$T0, $ACC0, $OVERFLOW
+	vpsrlq		$digit_size, $OVERFLOW, $OVERFLOW
+	vpaddq		$T0, $ACC1, $ACC0
+	vpaddq		$T0, $ACC2, $ACC1
+	vpmuludq	32*3+.LAVX2_POLY(%rip), $Y, $T0
+	vpaddq		$OVERFLOW, $ACC0, $ACC0
+	vpaddq		$T0, $ACC3, $ACC2
+	vmovdqa		$ACC4, $ACC3
+	vpsllq		\$18, $Y, $T0
+	vmovdqa		$ACC5, $ACC4
+	vpmuludq	%ymm14, $Y, $OVERFLOW
+	vpaddq		$T0, $ACC6, $ACC5
+	vpmuludq	%ymm15, $Y, $T0
+	 vpand		$AND_MASK, $ACC0, $Y
+	vpaddq		$OVERFLOW, $ACC7, $ACC6
+	vpaddq		$T0, $ACC8, $ACC7
+
+	#itr		6
+	vpmuludq	$B, $B, $OVERFLOW
+	vpmuludq	32*5(%rcx), $B, $T0
+	vpaddq		$OVERFLOW, $ACC5, $ACC5
+	vpmuludq	32*6(%rcx), $B, $OVERFLOW
+	vpaddq		$T0, $ACC6, $ACC6
+
+	vpmuludq	$AND_MASK, $Y, $T0
+	 vpaddq		$OVERFLOW, $ACC7, $ACC7
+	 vpmuludq	32*7(%rcx), $B, $ACC8
+	 vmovdqa	32*6($a_ptr), $B
+	vpaddq		$T0, $ACC0, $OVERFLOW
+	vpaddq		$T0, $ACC1, $ACC0
+	vpsrlq		$digit_size, $OVERFLOW, $OVERFLOW
+	vpaddq		$T0, $ACC2, $ACC1
+	vpmuludq	32*3(%rax), $Y, $T0
+	vpaddq		$OVERFLOW, $ACC0, $ACC0
+	vpaddq		$T0, $ACC3, $ACC2
+	vmovdqa		$ACC4, $ACC3
+	vpsllq		\$18, $Y, $T0
+	vmovdqa		$ACC5, $ACC4
+	vpmuludq	%ymm14, $Y, $OVERFLOW
+	vpaddq		$T0, $ACC6, $ACC5
+	vpmuludq	%ymm15, $Y, $T0
+	 vpand		$AND_MASK, $ACC0, $Y
+	vpaddq		$OVERFLOW, $ACC7, $ACC6
+	vpaddq		$T0, $ACC8, $ACC7
+
+	#itr		7
+	vpmuludq	$B, $B, $T0
+	vpmuludq	32*6(%rcx), $B, $OVERFLOW
+	vpaddq		$T0, $ACC6, $ACC6
+
+	vpmuludq	$AND_MASK, $Y, $T0
+	 vpaddq		$OVERFLOW, $ACC7, $ACC7
+	 vpmuludq	32*7(%rcx), $B, $ACC8
+	 vmovdqa	32*7($a_ptr), $B
+	vpaddq		$T0, $ACC0, $OVERFLOW
+	vpsrlq		$digit_size, $OVERFLOW, $OVERFLOW
+	vpaddq		$T0, $ACC1, $ACC0
+	vpaddq		$T0, $ACC2, $ACC1
+	vpmuludq	32*3(%rax), $Y, $T0
+	vpaddq		$OVERFLOW, $ACC0, $ACC0
+	vpaddq		$T0, $ACC3, $ACC2
+	vmovdqa		$ACC4, $ACC3
+	vpsllq		\$18, $Y, $T0
+	vmovdqa		$ACC5, $ACC4
+	vpmuludq	%ymm14, $Y, $OVERFLOW
+	vpaddq		$T0, $ACC6, $ACC5
+	vpmuludq	%ymm15, $Y, $T0
+	 vpand		$AND_MASK, $ACC0, $Y
+	vpaddq		$OVERFLOW, $ACC7, $ACC6
+	vpaddq		$T0, $ACC8, $ACC7
+
+	#itr		8
+	vpmuludq	$B, $B, $OVERFLOW
+
+	vpmuludq	$AND_MASK, $Y, $T0
+	 vpaddq		$OVERFLOW, $ACC7, $ACC7
+	 vpmuludq	32*7(%rcx), $B, $ACC8
+	 vmovdqa	32*8($a_ptr), $B
+	vpaddq		$T0, $ACC0, $OVERFLOW
+	vpsrlq		$digit_size, $OVERFLOW, $OVERFLOW
+	vpaddq		$T0, $ACC1, $ACC0
+	vpaddq		$T0, $ACC2, $ACC1
+	vpmuludq	32*3(%rax), $Y, $T0
+	vpaddq		$OVERFLOW, $ACC0, $ACC0
+	vpaddq		$T0, $ACC3, $ACC2
+	vmovdqa		$ACC4, $ACC3
+	vpsllq		\$18, $Y, $T0
+	vmovdqa		$ACC5, $ACC4
+	vpmuludq	%ymm14, $Y, $OVERFLOW
+	vpaddq		$T0, $ACC6, $ACC5
+	vpmuludq	%ymm15, $Y, $T0
+	 vpand		$AND_MASK, $ACC0, $Y
+	vpaddq		$OVERFLOW, $ACC7, $ACC6
+	vpaddq		$T0, $ACC8, $ACC7
+
+	#itr		9
+	vpmuludq	$B, $B, $ACC8
+
+	vpmuludq	$AND_MASK, $Y, $T0
+	vpaddq		$T0, $ACC0, $OVERFLOW
+	vpsrlq		$digit_size, $OVERFLOW, $OVERFLOW
+	vpaddq		$T0, $ACC1, $ACC0
+	vpaddq		$T0, $ACC2, $ACC1
+	vpmuludq	32*3(%rax), $Y, $T0
+	vpaddq		$OVERFLOW, $ACC0, $ACC0
+	vpaddq		$T0, $ACC3, $ACC2
+	vmovdqa		$ACC4, $ACC3
+	vpsllq		\$18, $Y, $T0
+	vmovdqa		$ACC5, $ACC4
+	vpmuludq	%ymm14, $Y, $OVERFLOW
+	vpaddq		$T0, $ACC6, $ACC5
+	vpmuludq	%ymm15, $Y, $T0
+	vpaddq		$OVERFLOW, $ACC7, $ACC6
+	vpaddq		$T0, $ACC8, $ACC7
+
+	vpxor		$ACC8, $ACC8, $ACC8
+
+	ret
+.size	avx2_sqr_x4,.-avx2_sqr_x4
+
+################################################################################
+# void avx2_sub_x4(void* RESULTx4, void *Ax4, void *Bx4);
+.type	avx2_sub_x4,\@abi-omnipotent
+.align	32
+avx2_sub_x4:
+	vmovdqa	32*0($a_ptr), $ACC0
+	lea	160($a_ptr), $a_ptr
+	lea	.LAVX2_POLY_x8+128(%rip), %rax
+	lea	128($b_ptr), $b_ptr
+	vmovdqa	32*1-160($a_ptr), $ACC1
+	vmovdqa	32*2-160($a_ptr), $ACC2
+	vmovdqa	32*3-160($a_ptr), $ACC3
+	vmovdqa	32*4-160($a_ptr), $ACC4
+	vmovdqa	32*5-160($a_ptr), $ACC5
+	vmovdqa	32*6-160($a_ptr), $ACC6
+	vmovdqa	32*7-160($a_ptr), $ACC7
+	vmovdqa	32*8-160($a_ptr), $ACC8
+
+	vpaddq	32*0-128(%rax), $ACC0, $ACC0
+	vpaddq	32*1-128(%rax), $ACC1, $ACC1
+	vpaddq	32*2-128(%rax), $ACC2, $ACC2
+	vpaddq	32*3-128(%rax), $ACC3, $ACC3
+	vpaddq	32*4-128(%rax), $ACC4, $ACC4
+	vpaddq	32*5-128(%rax), $ACC5, $ACC5
+	vpaddq	32*6-128(%rax), $ACC6, $ACC6
+	vpaddq	32*7-128(%rax), $ACC7, $ACC7
+	vpaddq	32*8-128(%rax), $ACC8, $ACC8
+
+	vpsubq	32*0-128($b_ptr), $ACC0, $ACC0
+	vpsubq	32*1-128($b_ptr), $ACC1, $ACC1
+	vpsubq	32*2-128($b_ptr), $ACC2, $ACC2
+	vpsubq	32*3-128($b_ptr), $ACC3, $ACC3
+	vpsubq	32*4-128($b_ptr), $ACC4, $ACC4
+	vpsubq	32*5-128($b_ptr), $ACC5, $ACC5
+	vpsubq	32*6-128($b_ptr), $ACC6, $ACC6
+	vpsubq	32*7-128($b_ptr), $ACC7, $ACC7
+	vpsubq	32*8-128($b_ptr), $ACC8, $ACC8
+
+	ret
+.size	avx2_sub_x4,.-avx2_sub_x4
+
+.type	avx2_select_n_store,\@abi-omnipotent
+.align	32
+avx2_select_n_store:
+	vmovdqa	`8+32*9*8`(%rsp), $Y
+	vpor	`8+32*9*8+32`(%rsp), $Y, $Y
+
+	vpandn	$ACC0, $Y, $ACC0
+	vpandn	$ACC1, $Y, $ACC1
+	vpandn	$ACC2, $Y, $ACC2
+	vpandn	$ACC3, $Y, $ACC3
+	vpandn	$ACC4, $Y, $ACC4
+	vpandn	$ACC5, $Y, $ACC5
+	vpandn	$ACC6, $Y, $ACC6
+	vmovdqa	`8+32*9*8+32`(%rsp), $B
+	vpandn	$ACC7, $Y, $ACC7
+	vpandn	`8+32*9*8`(%rsp), $B, $B
+	vpandn	$ACC8, $Y, $ACC8
+
+	vpand	32*0(%rsi), $B, $T0
+	lea	160(%rsi), %rax
+	vpand	32*1(%rsi), $B, $Y
+	vpxor	$T0, $ACC0, $ACC0
+	vpand	32*2(%rsi), $B, $T0
+	vpxor	$Y, $ACC1, $ACC1
+	vpand	32*3(%rsi), $B, $Y
+	vpxor	$T0, $ACC2, $ACC2
+	vpand	32*4-160(%rax), $B, $T0
+	vpxor	$Y, $ACC3, $ACC3
+	vpand	32*5-160(%rax), $B, $Y
+	vpxor	$T0, $ACC4, $ACC4
+	vpand	32*6-160(%rax), $B, $T0
+	vpxor	$Y, $ACC5, $ACC5
+	vpand	32*7-160(%rax), $B, $Y
+	vpxor	$T0, $ACC6, $ACC6
+	vpand	32*8-160(%rax), $B, $T0
+	vmovdqa	`8+32*9*8+32`(%rsp), $B
+	vpxor	$Y, $ACC7, $ACC7
+
+	vpand	32*0(%rdx), $B, $Y
+	lea	160(%rdx), %rax
+	vpxor	$T0, $ACC8, $ACC8
+	vpand	32*1(%rdx), $B, $T0
+	vpxor	$Y, $ACC0, $ACC0
+	vpand	32*2(%rdx), $B, $Y
+	vpxor	$T0, $ACC1, $ACC1
+	vpand	32*3(%rdx), $B, $T0
+	vpxor	$Y, $ACC2, $ACC2
+	vpand	32*4-160(%rax), $B, $Y
+	vpxor	$T0, $ACC3, $ACC3
+	vpand	32*5-160(%rax), $B, $T0
+	vpxor	$Y, $ACC4, $ACC4
+	vpand	32*6-160(%rax), $B, $Y
+	vpxor	$T0, $ACC5, $ACC5
+	vpand	32*7-160(%rax), $B, $T0
+	vpxor	$Y, $ACC6, $ACC6
+	vpand	32*8-160(%rax), $B, $Y
+	vpxor	$T0, $ACC7, $ACC7
+	vpxor	$Y, $ACC8, $ACC8
+	`&STORE`
+
+	ret
+.size	avx2_select_n_store,.-avx2_select_n_store
+___
+$code.=<<___	if (0);				# inlined
+################################################################################
+# void avx2_mul_by2_x4(void* RESULTx4, void *Ax4);
+.type	avx2_mul_by2_x4,\@abi-omnipotent
+.align	32
+avx2_mul_by2_x4:
+	vmovdqa	32*0($a_ptr), $ACC0
+	lea	160($a_ptr), %rax
+	vmovdqa	32*1($a_ptr), $ACC1
+	vmovdqa	32*2($a_ptr), $ACC2
+	vmovdqa	32*3($a_ptr), $ACC3
+	vmovdqa	32*4-160(%rax), $ACC4
+	vmovdqa	32*5-160(%rax), $ACC5
+	vmovdqa	32*6-160(%rax), $ACC6
+	vmovdqa	32*7-160(%rax), $ACC7
+	vmovdqa	32*8-160(%rax), $ACC8
+
+	vpaddq	$ACC0, $ACC0, $ACC0
+	vpaddq	$ACC1, $ACC1, $ACC1
+	vpaddq	$ACC2, $ACC2, $ACC2
+	vpaddq	$ACC3, $ACC3, $ACC3
+	vpaddq	$ACC4, $ACC4, $ACC4
+	vpaddq	$ACC5, $ACC5, $ACC5
+	vpaddq	$ACC6, $ACC6, $ACC6
+	vpaddq	$ACC7, $ACC7, $ACC7
+	vpaddq	$ACC8, $ACC8, $ACC8
+
+	ret
+.size	avx2_mul_by2_x4,.-avx2_mul_by2_x4
+___
+my ($r_ptr_in,$a_ptr_in,$b_ptr_in)=("%rdi","%rsi","%rdx");
+my ($r_ptr,$a_ptr,$b_ptr)=("%r8","%r9","%r10");
+
+$code.=<<___;
+################################################################################
+# void ecp_nistz256_avx2_point_add_affine_x4(void* RESULTx4, void *Ax4, void *Bx4);
+.globl	ecp_nistz256_avx2_point_add_affine_x4
+.type	ecp_nistz256_avx2_point_add_affine_x4,\@function,3
+.align	32
+ecp_nistz256_avx2_point_add_affine_x4:
+	mov	%rsp, %rax
+	push    %rbp
+	vzeroupper
+___
+$code.=<<___	if ($win64);
+	lea	-16*10(%rsp), %rsp
+	vmovaps	%xmm6, -8-16*10(%rax)
+	vmovaps	%xmm7, -8-16*9(%rax)
+	vmovaps	%xmm8, -8-16*8(%rax)
+	vmovaps	%xmm9, -8-16*7(%rax)
+	vmovaps	%xmm10, -8-16*6(%rax)
+	vmovaps	%xmm11, -8-16*5(%rax)
+	vmovaps	%xmm12, -8-16*4(%rax)
+	vmovaps	%xmm13, -8-16*3(%rax)
+	vmovaps	%xmm14, -8-16*2(%rax)
+	vmovaps	%xmm15, -8-16*1(%rax)
+___
+$code.=<<___;
+	lea	-8(%rax), %rbp
+
+# Result + 32*0 = Result.X
+# Result + 32*9 = Result.Y
+# Result + 32*18 = Result.Z
+
+# A + 32*0 = A.X
+# A + 32*9 = A.Y
+# A + 32*18 = A.Z
+
+# B + 32*0 = B.X
+# B + 32*9 = B.Y
+
+	sub	\$`32*9*8+32*2+32*8`, %rsp
+	and	\$-64, %rsp
+
+	mov	$r_ptr_in, $r_ptr
+	mov	$a_ptr_in, $a_ptr
+	mov	$b_ptr_in, $b_ptr
+
+	vmovdqa	32*0($a_ptr_in), %ymm0
+	vmovdqa	.LAVX2_AND_MASK(%rip), $AND_MASK
+	vpxor	%ymm1, %ymm1, %ymm1
+	lea	256($a_ptr_in), %rax		# size optimization
+	vpor	32*1($a_ptr_in), %ymm0, %ymm0
+	vpor	32*2($a_ptr_in), %ymm0, %ymm0
+	vpor	32*3($a_ptr_in), %ymm0, %ymm0
+	vpor	32*4-256(%rax), %ymm0, %ymm0
+	lea	256(%rax), %rcx			# size optimization
+	vpor	32*5-256(%rax), %ymm0, %ymm0
+	vpor	32*6-256(%rax), %ymm0, %ymm0
+	vpor	32*7-256(%rax), %ymm0, %ymm0
+	vpor	32*8-256(%rax), %ymm0, %ymm0
+	vpor	32*9-256(%rax), %ymm0, %ymm0
+	vpor	32*10-256(%rax), %ymm0, %ymm0
+	vpor	32*11-256(%rax), %ymm0, %ymm0
+	vpor	32*12-512(%rcx), %ymm0, %ymm0
+	vpor	32*13-512(%rcx), %ymm0, %ymm0
+	vpor	32*14-512(%rcx), %ymm0, %ymm0
+	vpor	32*15-512(%rcx), %ymm0, %ymm0
+	vpor	32*16-512(%rcx), %ymm0, %ymm0
+	vpor	32*17-512(%rcx), %ymm0, %ymm0
+	vpcmpeqq %ymm1, %ymm0, %ymm0
+	vmovdqa	%ymm0, `32*9*8`(%rsp)
+
+	vpxor	%ymm1, %ymm1, %ymm1
+	vmovdqa	32*0($b_ptr), %ymm0
+	lea	256($b_ptr), %rax		# size optimization
+	vpor	32*1($b_ptr), %ymm0, %ymm0
+	vpor	32*2($b_ptr), %ymm0, %ymm0
+	vpor	32*3($b_ptr), %ymm0, %ymm0
+	vpor	32*4-256(%rax), %ymm0, %ymm0
+	lea	256(%rax), %rcx			# size optimization
+	vpor	32*5-256(%rax), %ymm0, %ymm0
+	vpor	32*6-256(%rax), %ymm0, %ymm0
+	vpor	32*7-256(%rax), %ymm0, %ymm0
+	vpor	32*8-256(%rax), %ymm0, %ymm0
+	vpor	32*9-256(%rax), %ymm0, %ymm0
+	vpor	32*10-256(%rax), %ymm0, %ymm0
+	vpor	32*11-256(%rax), %ymm0, %ymm0
+	vpor	32*12-512(%rcx), %ymm0, %ymm0
+	vpor	32*13-512(%rcx), %ymm0, %ymm0
+	vpor	32*14-512(%rcx), %ymm0, %ymm0
+	vpor	32*15-512(%rcx), %ymm0, %ymm0
+	vpor	32*16-512(%rcx), %ymm0, %ymm0
+	vpor	32*17-512(%rcx), %ymm0, %ymm0
+	vpcmpeqq %ymm1, %ymm0, %ymm0
+	vmovdqa	%ymm0, `32*9*8+32`(%rsp)
+
+	#	Z1^2 = Z1*Z1
+	lea	`32*9*2`($a_ptr), %rsi
+	lea	`32*9*2`(%rsp), %rdi
+	lea	`32*9*8+32*2`(%rsp), %rcx	# temporary vector
+	call	avx2_sqr_x4
+	call	avx2_normalize_n_store
+
+	#	U2 = X2*Z1^2
+	lea	`32*9*0`($b_ptr), %rsi
+	lea	`32*9*2`(%rsp), %rdx
+	lea	`32*9*0`(%rsp), %rdi
+	call	avx2_mul_x4
+	#call	avx2_normalize
+	`&STORE`
+
+	#	S2 = Z1*Z1^2 = Z1^3
+	lea	`32*9*2`($a_ptr), %rsi
+	lea	`32*9*2`(%rsp), %rdx
+	lea	`32*9*1`(%rsp), %rdi
+	call	avx2_mul_x4
+	call	avx2_normalize_n_store
+
+	#	S2 = S2*Y2 = Y2*Z1^3
+	lea	`32*9*1`($b_ptr), %rsi
+	lea	`32*9*1`(%rsp), %rdx
+	lea	`32*9*1`(%rsp), %rdi
+	call	avx2_mul_x4
+	call	avx2_normalize_n_store
+
+	#	H = U2 - U1 = U2 - X1
+	lea	`32*9*0`(%rsp), %rsi
+	lea	`32*9*0`($a_ptr), %rdx
+	lea	`32*9*3`(%rsp), %rdi
+	call	avx2_sub_x4
+	call	avx2_normalize_n_store
+
+	#	R = S2 - S1 = S2 - Y1
+	lea	`32*9*1`(%rsp), %rsi
+	lea	`32*9*1`($a_ptr), %rdx
+	lea	`32*9*4`(%rsp), %rdi
+	call	avx2_sub_x4
+	call	avx2_normalize_n_store
+
+	#	Z3 = H*Z1*Z2
+	lea	`32*9*3`(%rsp), %rsi
+	lea	`32*9*2`($a_ptr), %rdx
+	lea	`32*9*2`($r_ptr), %rdi
+	call	avx2_mul_x4
+	call	avx2_normalize
+
+	lea	.LONE(%rip), %rsi
+	lea	`32*9*2`($a_ptr), %rdx
+	call	avx2_select_n_store
+
+	#	R^2 = R^2
+	lea	`32*9*4`(%rsp), %rsi
+	lea	`32*9*6`(%rsp), %rdi
+	lea	`32*9*8+32*2`(%rsp), %rcx	# temporary vector
+	call	avx2_sqr_x4
+	call	avx2_normalize_n_store
+
+	#	H^2 = H^2
+	lea	`32*9*3`(%rsp), %rsi
+	lea	`32*9*5`(%rsp), %rdi
+	call	avx2_sqr_x4
+	call	avx2_normalize_n_store
+
+	#	H^3 = H^2*H
+	lea	`32*9*3`(%rsp), %rsi
+	lea	`32*9*5`(%rsp), %rdx
+	lea	`32*9*7`(%rsp), %rdi
+	call	avx2_mul_x4
+	call	avx2_normalize_n_store
+
+	#	U2 = U1*H^2
+	lea	`32*9*0`($a_ptr), %rsi
+	lea	`32*9*5`(%rsp), %rdx
+	lea	`32*9*0`(%rsp), %rdi
+	call	avx2_mul_x4
+	#call	avx2_normalize
+	`&STORE`
+
+	#	Hsqr = U2*2
+	#lea	32*9*0(%rsp), %rsi
+	#lea	32*9*5(%rsp), %rdi
+	#call	avx2_mul_by2_x4
+
+	vpaddq	$ACC0, $ACC0, $ACC0	# inlined avx2_mul_by2_x4
+	lea	`32*9*5`(%rsp), %rdi
+	vpaddq	$ACC1, $ACC1, $ACC1
+	vpaddq	$ACC2, $ACC2, $ACC2
+	vpaddq	$ACC3, $ACC3, $ACC3
+	vpaddq	$ACC4, $ACC4, $ACC4
+	vpaddq	$ACC5, $ACC5, $ACC5
+	vpaddq	$ACC6, $ACC6, $ACC6
+	vpaddq	$ACC7, $ACC7, $ACC7
+	vpaddq	$ACC8, $ACC8, $ACC8
+	call	avx2_normalize_n_store
+
+	#	X3 = R^2 - H^3
+	#lea	32*9*6(%rsp), %rsi
+	#lea	32*9*7(%rsp), %rdx
+	#lea	32*9*5(%rsp), %rcx
+	#lea	32*9*0($r_ptr), %rdi
+	#call	avx2_sub_x4
+	#NORMALIZE
+	#STORE
+
+	#	X3 = X3 - U2*2
+	#lea	32*9*0($r_ptr), %rsi
+	#lea	32*9*0($r_ptr), %rdi
+	#call	avx2_sub_x4
+	#NORMALIZE
+	#STORE
+
+	lea	`32*9*6+128`(%rsp), %rsi
+	lea	.LAVX2_POLY_x2+128(%rip), %rax
+	lea	`32*9*7+128`(%rsp), %rdx
+	lea	`32*9*5+128`(%rsp), %rcx
+	lea	`32*9*0`($r_ptr), %rdi
+
+	vmovdqa	32*0-128(%rsi), $ACC0
+	vmovdqa	32*1-128(%rsi), $ACC1
+	vmovdqa	32*2-128(%rsi), $ACC2
+	vmovdqa	32*3-128(%rsi), $ACC3
+	vmovdqa	32*4-128(%rsi), $ACC4
+	vmovdqa	32*5-128(%rsi), $ACC5
+	vmovdqa	32*6-128(%rsi), $ACC6
+	vmovdqa	32*7-128(%rsi), $ACC7
+	vmovdqa	32*8-128(%rsi), $ACC8
+
+	vpaddq	32*0-128(%rax), $ACC0, $ACC0
+	vpaddq	32*1-128(%rax), $ACC1, $ACC1
+	vpaddq	32*2-128(%rax), $ACC2, $ACC2
+	vpaddq	32*3-128(%rax), $ACC3, $ACC3
+	vpaddq	32*4-128(%rax), $ACC4, $ACC4
+	vpaddq	32*5-128(%rax), $ACC5, $ACC5
+	vpaddq	32*6-128(%rax), $ACC6, $ACC6
+	vpaddq	32*7-128(%rax), $ACC7, $ACC7
+	vpaddq	32*8-128(%rax), $ACC8, $ACC8
+
+	vpsubq	32*0-128(%rdx), $ACC0, $ACC0
+	vpsubq	32*1-128(%rdx), $ACC1, $ACC1
+	vpsubq	32*2-128(%rdx), $ACC2, $ACC2
+	vpsubq	32*3-128(%rdx), $ACC3, $ACC3
+	vpsubq	32*4-128(%rdx), $ACC4, $ACC4
+	vpsubq	32*5-128(%rdx), $ACC5, $ACC5
+	vpsubq	32*6-128(%rdx), $ACC6, $ACC6
+	vpsubq	32*7-128(%rdx), $ACC7, $ACC7
+	vpsubq	32*8-128(%rdx), $ACC8, $ACC8
+
+	vpsubq	32*0-128(%rcx), $ACC0, $ACC0
+	vpsubq	32*1-128(%rcx), $ACC1, $ACC1
+	vpsubq	32*2-128(%rcx), $ACC2, $ACC2
+	vpsubq	32*3-128(%rcx), $ACC3, $ACC3
+	vpsubq	32*4-128(%rcx), $ACC4, $ACC4
+	vpsubq	32*5-128(%rcx), $ACC5, $ACC5
+	vpsubq	32*6-128(%rcx), $ACC6, $ACC6
+	vpsubq	32*7-128(%rcx), $ACC7, $ACC7
+	vpsubq	32*8-128(%rcx), $ACC8, $ACC8
+	call	avx2_normalize
+
+	lea	32*0($b_ptr), %rsi
+	lea	32*0($a_ptr), %rdx
+	call	avx2_select_n_store
+
+	#	H = U2 - X3
+	lea	`32*9*0`(%rsp), %rsi
+	lea	`32*9*0`($r_ptr), %rdx
+	lea	`32*9*3`(%rsp), %rdi
+	call	avx2_sub_x4
+	call	avx2_normalize_n_store
+
+	#
+	lea	`32*9*3`(%rsp), %rsi
+	lea	`32*9*4`(%rsp), %rdx
+	lea	`32*9*3`(%rsp), %rdi
+	call	avx2_mul_x4
+	call	avx2_normalize_n_store
+
+	#
+	lea	`32*9*7`(%rsp), %rsi
+	lea	`32*9*1`($a_ptr), %rdx
+	lea	`32*9*1`(%rsp), %rdi
+	call	avx2_mul_x4
+	call	avx2_normalize_n_store
+
+	#
+	lea	`32*9*3`(%rsp), %rsi
+	lea	`32*9*1`(%rsp), %rdx
+	lea	`32*9*1`($r_ptr), %rdi
+	call	avx2_sub_x4
+	call	avx2_normalize
+
+	lea	32*9($b_ptr), %rsi
+	lea	32*9($a_ptr), %rdx
+	call	avx2_select_n_store
+
+	#lea	32*9*0($r_ptr), %rsi
+	#lea	32*9*0($r_ptr), %rdi
+	#call	avx2_mul_by1_x4
+	#NORMALIZE
+	#STORE
+
+	lea	`32*9*1`($r_ptr), %rsi
+	lea	`32*9*1`($r_ptr), %rdi
+	call	avx2_mul_by1_x4
+	call	avx2_normalize_n_store
+
+	vzeroupper
+___
+$code.=<<___	if ($win64);
+	movaps	%xmm6, -16*10(%rbp)
+	movaps	%xmm7, -16*9(%rbp)
+	movaps	%xmm8, -16*8(%rbp)
+	movaps	%xmm9, -16*7(%rbp)
+	movaps	%xmm10, -16*6(%rbp)
+	movaps	%xmm11, -16*5(%rbp)
+	movaps	%xmm12, -16*4(%rbp)
+	movaps	%xmm13, -16*3(%rbp)
+	movaps	%xmm14, -16*2(%rbp)
+	movaps	%xmm15, -16*1(%rbp)
+___
+$code.=<<___;
+	mov	%rbp, %rsp
+	pop	%rbp
+	ret
+.size	ecp_nistz256_avx2_point_add_affine_x4,.-ecp_nistz256_avx2_point_add_affine_x4
+
+################################################################################
+# void ecp_nistz256_avx2_point_add_affines_x4(void* RESULTx4, void *Ax4, void *Bx4);
+.globl	ecp_nistz256_avx2_point_add_affines_x4
+.type	ecp_nistz256_avx2_point_add_affines_x4,\@function,3
+.align	32
+ecp_nistz256_avx2_point_add_affines_x4:
+	mov	%rsp, %rax
+	push    %rbp
+	vzeroupper
+___
+$code.=<<___	if ($win64);
+	lea	-16*10(%rsp), %rsp
+	vmovaps	%xmm6, -8-16*10(%rax)
+	vmovaps	%xmm7, -8-16*9(%rax)
+	vmovaps	%xmm8, -8-16*8(%rax)
+	vmovaps	%xmm9, -8-16*7(%rax)
+	vmovaps	%xmm10, -8-16*6(%rax)
+	vmovaps	%xmm11, -8-16*5(%rax)
+	vmovaps	%xmm12, -8-16*4(%rax)
+	vmovaps	%xmm13, -8-16*3(%rax)
+	vmovaps	%xmm14, -8-16*2(%rax)
+	vmovaps	%xmm15, -8-16*1(%rax)
+___
+$code.=<<___;
+	lea	-8(%rax), %rbp
+
+# Result + 32*0 = Result.X
+# Result + 32*9 = Result.Y
+# Result + 32*18 = Result.Z
+
+# A + 32*0 = A.X
+# A + 32*9 = A.Y
+
+# B + 32*0 = B.X
+# B + 32*9 = B.Y
+
+	sub	\$`32*9*8+32*2+32*8`, %rsp
+	and	\$-64, %rsp
+
+	mov	$r_ptr_in, $r_ptr
+	mov	$a_ptr_in, $a_ptr
+	mov	$b_ptr_in, $b_ptr
+
+	vmovdqa	32*0($a_ptr_in), %ymm0
+	vmovdqa	.LAVX2_AND_MASK(%rip), $AND_MASK
+	vpxor	%ymm1, %ymm1, %ymm1
+	lea	256($a_ptr_in), %rax		# size optimization
+	vpor	32*1($a_ptr_in), %ymm0, %ymm0
+	vpor	32*2($a_ptr_in), %ymm0, %ymm0
+	vpor	32*3($a_ptr_in), %ymm0, %ymm0
+	vpor	32*4-256(%rax), %ymm0, %ymm0
+	lea	256(%rax), %rcx			# size optimization
+	vpor	32*5-256(%rax), %ymm0, %ymm0
+	vpor	32*6-256(%rax), %ymm0, %ymm0
+	vpor	32*7-256(%rax), %ymm0, %ymm0
+	vpor	32*8-256(%rax), %ymm0, %ymm0
+	vpor	32*9-256(%rax), %ymm0, %ymm0
+	vpor	32*10-256(%rax), %ymm0, %ymm0
+	vpor	32*11-256(%rax), %ymm0, %ymm0
+	vpor	32*12-512(%rcx), %ymm0, %ymm0
+	vpor	32*13-512(%rcx), %ymm0, %ymm0
+	vpor	32*14-512(%rcx), %ymm0, %ymm0
+	vpor	32*15-512(%rcx), %ymm0, %ymm0
+	vpor	32*16-512(%rcx), %ymm0, %ymm0
+	vpor	32*17-512(%rcx), %ymm0, %ymm0
+	vpcmpeqq %ymm1, %ymm0, %ymm0
+	vmovdqa	%ymm0, `32*9*8`(%rsp)
+
+	vpxor	%ymm1, %ymm1, %ymm1
+	vmovdqa	32*0($b_ptr), %ymm0
+	lea	256($b_ptr), %rax		# size optimization
+	vpor	32*1($b_ptr), %ymm0, %ymm0
+	vpor	32*2($b_ptr), %ymm0, %ymm0
+	vpor	32*3($b_ptr), %ymm0, %ymm0
+	vpor	32*4-256(%rax), %ymm0, %ymm0
+	lea	256(%rax), %rcx			# size optimization
+	vpor	32*5-256(%rax), %ymm0, %ymm0
+	vpor	32*6-256(%rax), %ymm0, %ymm0
+	vpor	32*7-256(%rax), %ymm0, %ymm0
+	vpor	32*8-256(%rax), %ymm0, %ymm0
+	vpor	32*9-256(%rax), %ymm0, %ymm0
+	vpor	32*10-256(%rax), %ymm0, %ymm0
+	vpor	32*11-256(%rax), %ymm0, %ymm0
+	vpor	32*12-512(%rcx), %ymm0, %ymm0
+	vpor	32*13-512(%rcx), %ymm0, %ymm0
+	vpor	32*14-512(%rcx), %ymm0, %ymm0
+	vpor	32*15-512(%rcx), %ymm0, %ymm0
+	vpor	32*16-512(%rcx), %ymm0, %ymm0
+	vpor	32*17-512(%rcx), %ymm0, %ymm0
+	vpcmpeqq %ymm1, %ymm0, %ymm0
+	vmovdqa	%ymm0, `32*9*8+32`(%rsp)
+
+	#	H = U2 - U1 = X2 - X1
+	lea	`32*9*0`($b_ptr), %rsi
+	lea	`32*9*0`($a_ptr), %rdx
+	lea	`32*9*3`(%rsp), %rdi
+	call	avx2_sub_x4
+	call	avx2_normalize_n_store
+
+	#	R = S2 - S1 = Y2 - Y1
+	lea	`32*9*1`($b_ptr), %rsi
+	lea	`32*9*1`($a_ptr), %rdx
+	lea	`32*9*4`(%rsp), %rdi
+	call	avx2_sub_x4
+	call	avx2_normalize_n_store
+
+	#	Z3 = H*Z1*Z2 = H
+	lea	`32*9*3`(%rsp), %rsi
+	lea	`32*9*2`($r_ptr), %rdi
+	call	avx2_mul_by1_x4
+	call	avx2_normalize
+
+	vmovdqa	`32*9*8`(%rsp), $B
+	vpor	`32*9*8+32`(%rsp), $B, $B
+
+	vpandn	$ACC0, $B, $ACC0
+	lea	.LONE+128(%rip), %rax
+	vpandn	$ACC1, $B, $ACC1
+	vpandn	$ACC2, $B, $ACC2
+	vpandn	$ACC3, $B, $ACC3
+	vpandn	$ACC4, $B, $ACC4
+	vpandn	$ACC5, $B, $ACC5
+	vpandn	$ACC6, $B, $ACC6
+	vpandn	$ACC7, $B, $ACC7
+
+	vpand	32*0-128(%rax), $B, $T0
+	 vpandn	$ACC8, $B, $ACC8
+	vpand	32*1-128(%rax), $B, $Y
+	vpxor	$T0, $ACC0, $ACC0
+	vpand	32*2-128(%rax), $B, $T0
+	vpxor	$Y, $ACC1, $ACC1
+	vpand	32*3-128(%rax), $B, $Y
+	vpxor	$T0, $ACC2, $ACC2
+	vpand	32*4-128(%rax), $B, $T0
+	vpxor	$Y, $ACC3, $ACC3
+	vpand	32*5-128(%rax), $B, $Y
+	vpxor	$T0, $ACC4, $ACC4
+	vpand	32*6-128(%rax), $B, $T0
+	vpxor	$Y, $ACC5, $ACC5
+	vpand	32*7-128(%rax), $B, $Y
+	vpxor	$T0, $ACC6, $ACC6
+	vpand	32*8-128(%rax), $B, $T0
+	vpxor	$Y, $ACC7, $ACC7
+	vpxor	$T0, $ACC8, $ACC8
+	`&STORE`
+
+	#	R^2 = R^2
+	lea	`32*9*4`(%rsp), %rsi
+	lea	`32*9*6`(%rsp), %rdi
+	lea	`32*9*8+32*2`(%rsp), %rcx	# temporary vector
+	call	avx2_sqr_x4
+	call	avx2_normalize_n_store
+
+	#	H^2 = H^2
+	lea	`32*9*3`(%rsp), %rsi
+	lea	`32*9*5`(%rsp), %rdi
+	call	avx2_sqr_x4
+	call	avx2_normalize_n_store
+
+	#	H^3 = H^2*H
+	lea	`32*9*3`(%rsp), %rsi
+	lea	`32*9*5`(%rsp), %rdx
+	lea	`32*9*7`(%rsp), %rdi
+	call	avx2_mul_x4
+	call	avx2_normalize_n_store
+
+	#	U2 = U1*H^2
+	lea	`32*9*0`($a_ptr), %rsi
+	lea	`32*9*5`(%rsp), %rdx
+	lea	`32*9*0`(%rsp), %rdi
+	call	avx2_mul_x4
+	#call	avx2_normalize
+	`&STORE`
+
+	#	Hsqr = U2*2
+	#lea	32*9*0(%rsp), %rsi
+	#lea	32*9*5(%rsp), %rdi
+	#call	avx2_mul_by2_x4
+
+	vpaddq	$ACC0, $ACC0, $ACC0	# inlined avx2_mul_by2_x4
+	lea	`32*9*5`(%rsp), %rdi
+	vpaddq	$ACC1, $ACC1, $ACC1
+	vpaddq	$ACC2, $ACC2, $ACC2
+	vpaddq	$ACC3, $ACC3, $ACC3
+	vpaddq	$ACC4, $ACC4, $ACC4
+	vpaddq	$ACC5, $ACC5, $ACC5
+	vpaddq	$ACC6, $ACC6, $ACC6
+	vpaddq	$ACC7, $ACC7, $ACC7
+	vpaddq	$ACC8, $ACC8, $ACC8
+	call	avx2_normalize_n_store
+
+	#	X3 = R^2 - H^3
+	#lea	32*9*6(%rsp), %rsi
+	#lea	32*9*7(%rsp), %rdx
+	#lea	32*9*5(%rsp), %rcx
+	#lea	32*9*0($r_ptr), %rdi
+	#call	avx2_sub_x4
+	#NORMALIZE
+	#STORE
+
+	#	X3 = X3 - U2*2
+	#lea	32*9*0($r_ptr), %rsi
+	#lea	32*9*0($r_ptr), %rdi
+	#call	avx2_sub_x4
+	#NORMALIZE
+	#STORE
+
+	lea	`32*9*6+128`(%rsp), %rsi
+	lea	.LAVX2_POLY_x2+128(%rip), %rax
+	lea	`32*9*7+128`(%rsp), %rdx
+	lea	`32*9*5+128`(%rsp), %rcx
+	lea	`32*9*0`($r_ptr), %rdi
+
+	vmovdqa	32*0-128(%rsi), $ACC0
+	vmovdqa	32*1-128(%rsi), $ACC1
+	vmovdqa	32*2-128(%rsi), $ACC2
+	vmovdqa	32*3-128(%rsi), $ACC3
+	vmovdqa	32*4-128(%rsi), $ACC4
+	vmovdqa	32*5-128(%rsi), $ACC5
+	vmovdqa	32*6-128(%rsi), $ACC6
+	vmovdqa	32*7-128(%rsi), $ACC7
+	vmovdqa	32*8-128(%rsi), $ACC8
+
+	vpaddq	32*0-128(%rax), $ACC0, $ACC0
+	vpaddq	32*1-128(%rax), $ACC1, $ACC1
+	vpaddq	32*2-128(%rax), $ACC2, $ACC2
+	vpaddq	32*3-128(%rax), $ACC3, $ACC3
+	vpaddq	32*4-128(%rax), $ACC4, $ACC4
+	vpaddq	32*5-128(%rax), $ACC5, $ACC5
+	vpaddq	32*6-128(%rax), $ACC6, $ACC6
+	vpaddq	32*7-128(%rax), $ACC7, $ACC7
+	vpaddq	32*8-128(%rax), $ACC8, $ACC8
+
+	vpsubq	32*0-128(%rdx), $ACC0, $ACC0
+	vpsubq	32*1-128(%rdx), $ACC1, $ACC1
+	vpsubq	32*2-128(%rdx), $ACC2, $ACC2
+	vpsubq	32*3-128(%rdx), $ACC3, $ACC3
+	vpsubq	32*4-128(%rdx), $ACC4, $ACC4
+	vpsubq	32*5-128(%rdx), $ACC5, $ACC5
+	vpsubq	32*6-128(%rdx), $ACC6, $ACC6
+	vpsubq	32*7-128(%rdx), $ACC7, $ACC7
+	vpsubq	32*8-128(%rdx), $ACC8, $ACC8
+
+	vpsubq	32*0-128(%rcx), $ACC0, $ACC0
+	vpsubq	32*1-128(%rcx), $ACC1, $ACC1
+	vpsubq	32*2-128(%rcx), $ACC2, $ACC2
+	vpsubq	32*3-128(%rcx), $ACC3, $ACC3
+	vpsubq	32*4-128(%rcx), $ACC4, $ACC4
+	vpsubq	32*5-128(%rcx), $ACC5, $ACC5
+	vpsubq	32*6-128(%rcx), $ACC6, $ACC6
+	vpsubq	32*7-128(%rcx), $ACC7, $ACC7
+	vpsubq	32*8-128(%rcx), $ACC8, $ACC8
+	call	avx2_normalize
+
+	lea	32*0($b_ptr), %rsi
+	lea	32*0($a_ptr), %rdx
+	call	avx2_select_n_store
+
+	#	H = U2 - X3
+	lea	`32*9*0`(%rsp), %rsi
+	lea	`32*9*0`($r_ptr), %rdx
+	lea	`32*9*3`(%rsp), %rdi
+	call	avx2_sub_x4
+	call	avx2_normalize_n_store
+
+	#	H = H*R
+	lea	`32*9*3`(%rsp), %rsi
+	lea	`32*9*4`(%rsp), %rdx
+	lea	`32*9*3`(%rsp), %rdi
+	call	avx2_mul_x4
+	call	avx2_normalize_n_store
+
+	#	S2 = S1 * H^3
+	lea	`32*9*7`(%rsp), %rsi
+	lea	`32*9*1`($a_ptr), %rdx
+	lea	`32*9*1`(%rsp), %rdi
+	call	avx2_mul_x4
+	call	avx2_normalize_n_store
+
+	#
+	lea	`32*9*3`(%rsp), %rsi
+	lea	`32*9*1`(%rsp), %rdx
+	lea	`32*9*1`($r_ptr), %rdi
+	call	avx2_sub_x4
+	call	avx2_normalize
+
+	lea	32*9($b_ptr), %rsi
+	lea	32*9($a_ptr), %rdx
+	call	avx2_select_n_store
+
+	#lea	32*9*0($r_ptr), %rsi
+	#lea	32*9*0($r_ptr), %rdi
+	#call	avx2_mul_by1_x4
+	#NORMALIZE
+	#STORE
+
+	lea	`32*9*1`($r_ptr), %rsi
+	lea	`32*9*1`($r_ptr), %rdi
+	call	avx2_mul_by1_x4
+	call	avx2_normalize_n_store
+
+	vzeroupper
+___
+$code.=<<___	if ($win64);
+	movaps	%xmm6, -16*10(%rbp)
+	movaps	%xmm7, -16*9(%rbp)
+	movaps	%xmm8, -16*8(%rbp)
+	movaps	%xmm9, -16*7(%rbp)
+	movaps	%xmm10, -16*6(%rbp)
+	movaps	%xmm11, -16*5(%rbp)
+	movaps	%xmm12, -16*4(%rbp)
+	movaps	%xmm13, -16*3(%rbp)
+	movaps	%xmm14, -16*2(%rbp)
+	movaps	%xmm15, -16*1(%rbp)
+___
+$code.=<<___;
+	mov	%rbp, %rsp
+	pop	%rbp
+	ret
+.size	ecp_nistz256_avx2_point_add_affines_x4,.-ecp_nistz256_avx2_point_add_affines_x4
+
+################################################################################
+# void ecp_nistz256_avx2_to_mont(void* RESULTx4, void *Ax4);
+.globl	ecp_nistz256_avx2_to_mont
+.type	ecp_nistz256_avx2_to_mont,\@function,2
+.align	32
+ecp_nistz256_avx2_to_mont:
+	vzeroupper
+___
+$code.=<<___	if ($win64);
+	lea	-8-16*10(%rsp), %rsp
+	vmovaps	%xmm6, -8-16*10(%rax)
+	vmovaps	%xmm7, -8-16*9(%rax)
+	vmovaps	%xmm8, -8-16*8(%rax)
+	vmovaps	%xmm9, -8-16*7(%rax)
+	vmovaps	%xmm10, -8-16*6(%rax)
+	vmovaps	%xmm11, -8-16*5(%rax)
+	vmovaps	%xmm12, -8-16*4(%rax)
+	vmovaps	%xmm13, -8-16*3(%rax)
+	vmovaps	%xmm14, -8-16*2(%rax)
+	vmovaps	%xmm15, -8-16*1(%rax)
+___
+$code.=<<___;
+	vmovdqa	.LAVX2_AND_MASK(%rip), $AND_MASK
+	lea	.LTO_MONT_AVX2(%rip), %rdx
+	call	avx2_mul_x4
+	call	avx2_normalize_n_store
+
+	vzeroupper
+___
+$code.=<<___	if ($win64);
+	movaps	16*0(%rsp), %xmm6
+	movaps	16*1(%rsp), %xmm7
+	movaps	16*2(%rsp), %xmm8
+	movaps	16*3(%rsp), %xmm9
+	movaps	16*4(%rsp), %xmm10
+	movaps	16*5(%rsp), %xmm11
+	movaps	16*6(%rsp), %xmm12
+	movaps	16*7(%rsp), %xmm13
+	movaps	16*8(%rsp), %xmm14
+	movaps	16*9(%rsp), %xmm15
+	lea	8+16*10(%rsp), %rsp
+___
+$code.=<<___;
+	ret
+.size	ecp_nistz256_avx2_to_mont,.-ecp_nistz256_avx2_to_mont
+
+################################################################################
+# void ecp_nistz256_avx2_from_mont(void* RESULTx4, void *Ax4);
+.globl	ecp_nistz256_avx2_from_mont
+.type	ecp_nistz256_avx2_from_mont,\@function,2
+.align	32
+ecp_nistz256_avx2_from_mont:
+	vzeroupper
+___
+$code.=<<___	if ($win64);
+	lea	-8-16*10(%rsp), %rsp
+	vmovaps	%xmm6, -8-16*10(%rax)
+	vmovaps	%xmm7, -8-16*9(%rax)
+	vmovaps	%xmm8, -8-16*8(%rax)
+	vmovaps	%xmm9, -8-16*7(%rax)
+	vmovaps	%xmm10, -8-16*6(%rax)
+	vmovaps	%xmm11, -8-16*5(%rax)
+	vmovaps	%xmm12, -8-16*4(%rax)
+	vmovaps	%xmm13, -8-16*3(%rax)
+	vmovaps	%xmm14, -8-16*2(%rax)
+	vmovaps	%xmm15, -8-16*1(%rax)
+___
+$code.=<<___;
+	vmovdqa	.LAVX2_AND_MASK(%rip), $AND_MASK
+	lea	.LFROM_MONT_AVX2(%rip), %rdx
+	call	avx2_mul_x4
+	call	avx2_normalize_n_store
+
+	vzeroupper
+___
+$code.=<<___	if ($win64);
+	movaps	16*0(%rsp), %xmm6
+	movaps	16*1(%rsp), %xmm7
+	movaps	16*2(%rsp), %xmm8
+	movaps	16*3(%rsp), %xmm9
+	movaps	16*4(%rsp), %xmm10
+	movaps	16*5(%rsp), %xmm11
+	movaps	16*6(%rsp), %xmm12
+	movaps	16*7(%rsp), %xmm13
+	movaps	16*8(%rsp), %xmm14
+	movaps	16*9(%rsp), %xmm15
+	lea	8+16*10(%rsp), %rsp
+___
+$code.=<<___;
+	ret
+.size	ecp_nistz256_avx2_from_mont,.-ecp_nistz256_avx2_from_mont
+
+################################################################################
+# void ecp_nistz256_avx2_set1(void* RESULTx4);
+.globl	ecp_nistz256_avx2_set1
+.type	ecp_nistz256_avx2_set1,\@function,1
+.align	32
+ecp_nistz256_avx2_set1:
+	lea	.LONE+128(%rip), %rax
+	lea	128(%rdi), %rdi
+	vzeroupper
+	vmovdqa	32*0-128(%rax), %ymm0
+	vmovdqa	32*1-128(%rax), %ymm1
+	vmovdqa	32*2-128(%rax), %ymm2
+	vmovdqa	32*3-128(%rax), %ymm3
+	vmovdqa	32*4-128(%rax), %ymm4
+	vmovdqa	32*5-128(%rax), %ymm5
+	vmovdqa	%ymm0, 32*0-128(%rdi)
+	vmovdqa	32*6-128(%rax), %ymm0
+	vmovdqa	%ymm1, 32*1-128(%rdi)
+	vmovdqa	32*7-128(%rax), %ymm1
+	vmovdqa	%ymm2, 32*2-128(%rdi)
+	vmovdqa	32*8-128(%rax), %ymm2
+	vmovdqa	%ymm3, 32*3-128(%rdi)
+	vmovdqa	%ymm4, 32*4-128(%rdi)
+	vmovdqa	%ymm5, 32*5-128(%rdi)
+	vmovdqa	%ymm0, 32*6-128(%rdi)
+	vmovdqa	%ymm1, 32*7-128(%rdi)
+	vmovdqa	%ymm2, 32*8-128(%rdi)
+
+	vzeroupper
+	ret
+.size	ecp_nistz256_avx2_set1,.-ecp_nistz256_avx2_set1
+___
+}
+{
+################################################################################
+# void ecp_nistz256_avx2_multi_gather_w7(void* RESULT, void *in,
+#			    int index0, int index1, int index2, int index3);
+################################################################################
+
+my ($val,$in_t,$index0,$index1,$index2,$index3)=("%rdi","%rsi","%edx","%ecx","%r8d","%r9d");
+my ($INDEX0,$INDEX1,$INDEX2,$INDEX3)=map("%ymm$_",(0..3));
+my ($R0a,$R0b,$R1a,$R1b,$R2a,$R2b,$R3a,$R3b)=map("%ymm$_",(4..11));
+my ($M0,$T0,$T1,$TMP0)=map("%ymm$_",(12..15));
+
+$code.=<<___;
+.globl	ecp_nistz256_avx2_multi_gather_w7
+.type	ecp_nistz256_avx2_multi_gather_w7,\@function,6
+.align	32
+ecp_nistz256_avx2_multi_gather_w7:
+	vzeroupper
+___
+$code.=<<___	if ($win64);
+	lea	-8-16*10(%rsp), %rsp
+	vmovaps	%xmm6, -8-16*10(%rax)
+	vmovaps	%xmm7, -8-16*9(%rax)
+	vmovaps	%xmm8, -8-16*8(%rax)
+	vmovaps	%xmm9, -8-16*7(%rax)
+	vmovaps	%xmm10, -8-16*6(%rax)
+	vmovaps	%xmm11, -8-16*5(%rax)
+	vmovaps	%xmm12, -8-16*4(%rax)
+	vmovaps	%xmm13, -8-16*3(%rax)
+	vmovaps	%xmm14, -8-16*2(%rax)
+	vmovaps	%xmm15, -8-16*1(%rax)
+___
+$code.=<<___;
+	lea	.LIntOne(%rip), %rax
+
+	vmovd	$index0, %xmm0
+	vmovd	$index1, %xmm1
+	vmovd	$index2, %xmm2
+	vmovd	$index3, %xmm3
+
+	vpxor	$R0a, $R0a, $R0a
+	vpxor	$R0b, $R0b, $R0b
+	vpxor	$R1a, $R1a, $R1a
+	vpxor	$R1b, $R1b, $R1b
+	vpxor	$R2a, $R2a, $R2a
+	vpxor	$R2b, $R2b, $R2b
+	vpxor	$R3a, $R3a, $R3a
+	vpxor	$R3b, $R3b, $R3b
+	vmovdqa	(%rax), $M0
+
+	vpermd	$INDEX0, $R0a, $INDEX0
+	vpermd	$INDEX1, $R0a, $INDEX1
+	vpermd	$INDEX2, $R0a, $INDEX2
+	vpermd	$INDEX3, $R0a, $INDEX3
+
+	mov	\$64, %ecx
+	lea	112($val), $val		# size optimization
+	jmp	.Lmulti_select_loop_avx2
+
+# INDEX=0, corresponds to the point at infty (0,0)
+.align	32
+.Lmulti_select_loop_avx2:
+	vpcmpeqd	$INDEX0, $M0, $TMP0
+
+	vmovdqa		`32*0+32*64*2*0`($in_t), $T0
+	vmovdqa		`32*1+32*64*2*0`($in_t), $T1
+	vpand		$TMP0, $T0, $T0
+	vpand		$TMP0, $T1, $T1
+	vpxor		$T0, $R0a, $R0a
+	vpxor		$T1, $R0b, $R0b
+
+	vpcmpeqd	$INDEX1, $M0, $TMP0
+
+	vmovdqa		`32*0+32*64*2*1`($in_t), $T0
+	vmovdqa		`32*1+32*64*2*1`($in_t), $T1
+	vpand		$TMP0, $T0, $T0
+	vpand		$TMP0, $T1, $T1
+	vpxor		$T0, $R1a, $R1a
+	vpxor		$T1, $R1b, $R1b
+
+	vpcmpeqd	$INDEX2, $M0, $TMP0
+
+	vmovdqa		`32*0+32*64*2*2`($in_t), $T0
+	vmovdqa		`32*1+32*64*2*2`($in_t), $T1
+	vpand		$TMP0, $T0, $T0
+	vpand		$TMP0, $T1, $T1
+	vpxor		$T0, $R2a, $R2a
+	vpxor		$T1, $R2b, $R2b
+
+	vpcmpeqd	$INDEX3, $M0, $TMP0
+
+	vmovdqa		`32*0+32*64*2*3`($in_t), $T0
+	vmovdqa		`32*1+32*64*2*3`($in_t), $T1
+	vpand		$TMP0, $T0, $T0
+	vpand		$TMP0, $T1, $T1
+	vpxor		$T0, $R3a, $R3a
+	vpxor		$T1, $R3b, $R3b
+
+	vpaddd		(%rax), $M0, $M0	# increment
+	lea		32*2($in_t), $in_t
+
+        dec	%ecx
+	jnz	.Lmulti_select_loop_avx2
+
+	vmovdqu	$R0a, 32*0-112($val)
+	vmovdqu	$R0b, 32*1-112($val)
+	vmovdqu	$R1a, 32*2-112($val)
+	vmovdqu	$R1b, 32*3-112($val)
+	vmovdqu	$R2a, 32*4-112($val)
+	vmovdqu	$R2b, 32*5-112($val)
+	vmovdqu	$R3a, 32*6-112($val)
+	vmovdqu	$R3b, 32*7-112($val)
+
+	vzeroupper
+___
+$code.=<<___	if ($win64);
+	movaps	16*0(%rsp), %xmm6
+	movaps	16*1(%rsp), %xmm7
+	movaps	16*2(%rsp), %xmm8
+	movaps	16*3(%rsp), %xmm9
+	movaps	16*4(%rsp), %xmm10
+	movaps	16*5(%rsp), %xmm11
+	movaps	16*6(%rsp), %xmm12
+	movaps	16*7(%rsp), %xmm13
+	movaps	16*8(%rsp), %xmm14
+	movaps	16*9(%rsp), %xmm15
+	lea	8+16*10(%rsp), %rsp
+___
+$code.=<<___;
+	ret
+.size	ecp_nistz256_avx2_multi_gather_w7,.-ecp_nistz256_avx2_multi_gather_w7
+
+.extern	OPENSSL_ia32cap_P
+.globl	ecp_nistz_avx2_eligible
+.type	ecp_nistz_avx2_eligible,\@abi-omnipotent
+.align	32
+ecp_nistz_avx2_eligible:
+	mov	OPENSSL_ia32cap_P+8(%rip),%eax
+	shr	\$5,%eax
+	and	\$1,%eax
+	ret
+.size	ecp_nistz_avx2_eligible,.-ecp_nistz_avx2_eligible
+___
+}
+}} else {{	# assembler is too old
+$code.=<<___;
+.text
+
+.globl	ecp_nistz256_avx2_transpose_convert
+.globl	ecp_nistz256_avx2_convert_transpose_back
+.globl	ecp_nistz256_avx2_point_add_affine_x4
+.globl	ecp_nistz256_avx2_point_add_affines_x4
+.globl	ecp_nistz256_avx2_to_mont
+.globl	ecp_nistz256_avx2_from_mont
+.globl	ecp_nistz256_avx2_set1
+.globl	ecp_nistz256_avx2_multi_gather_w7
+.type	ecp_nistz256_avx2_multi_gather_w7,\@abi-omnipotent
+ecp_nistz256_avx2_transpose_convert:
+ecp_nistz256_avx2_convert_transpose_back:
+ecp_nistz256_avx2_point_add_affine_x4:
+ecp_nistz256_avx2_point_add_affines_x4:
+ecp_nistz256_avx2_to_mont:
+ecp_nistz256_avx2_from_mont:
+ecp_nistz256_avx2_set1:
+ecp_nistz256_avx2_multi_gather_w7:
+	.byte	0x0f,0x0b	# ud2
+	ret
+.size	ecp_nistz256_avx2_multi_gather_w7,.-ecp_nistz256_avx2_multi_gather_w7
+
+.globl	ecp_nistz_avx2_eligible
+.type	ecp_nistz_avx2_eligible,\@abi-omnipotent
+ecp_nistz_avx2_eligible:
+	xor	%eax,%eax
+	ret
+.size	ecp_nistz_avx2_eligible,.-ecp_nistz_avx2_eligible
+___
+}}
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval($1)/geo;
+
+	print $_,"\n";
+}
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/ecp_nistz256-ppc64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/ecp_nistz256-ppc64.pl
new file mode 100755
index 000000000..984c7f205
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/ecp_nistz256-ppc64.pl
@@ -0,0 +1,2382 @@
+#! /usr/bin/env perl
+# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# ECP_NISTZ256 module for PPC64.
+#
+# August 2016.
+#
+# Original ECP_NISTZ256 submission targeting x86_64 is detailed in
+# http://eprint.iacr.org/2013/816.
+#
+#			with/without -DECP_NISTZ256_ASM
+# POWER7		+260-530%
+# POWER8		+220-340%
+
+$flavour = shift;
+while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
+die "can't locate ppc-xlate.pl";
+
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
+
+my $sp="r1";
+
+{
+my ($rp,$ap,$bp,$bi,$acc0,$acc1,$acc2,$acc3,$poly1,$poly3,
+    $acc4,$acc5,$a0,$a1,$a2,$a3,$t0,$t1,$t2,$t3) =
+    map("r$_",(3..12,22..31));
+
+my ($acc6,$acc7)=($bp,$bi);	# used in __ecp_nistz256_sqr_mont
+
+$code.=<<___;
+.machine	"any"
+.text
+___
+########################################################################
+# Convert ecp_nistz256_table.c to layout expected by ecp_nistz_gather_w7
+#
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+open TABLE,"<ecp_nistz256_table.c"		or
+open TABLE,"<${dir}../ecp_nistz256_table.c"	or
+die "failed to open ecp_nistz256_table.c:",$!;
+
+use integer;
+
+foreach(<TABLE>) {
+	s/TOBN\(\s*(0x[0-9a-f]+),\s*(0x[0-9a-f]+)\s*\)/push @arr,hex($2),hex($1)/geo;
+}
+close TABLE;
+
+# See ecp_nistz256_table.c for explanation for why it's 64*16*37.
+# 64*16*37-1 is because $#arr returns last valid index or @arr, not
+# amount of elements.
+die "insane number of elements" if ($#arr != 64*16*37-1);
+
+$code.=<<___;
+.type	ecp_nistz256_precomputed,\@object
+.globl	ecp_nistz256_precomputed
+.align	12
+ecp_nistz256_precomputed:
+___
+########################################################################
+# this conversion smashes P256_POINT_AFFINE by individual bytes with
+# 64 byte interval, similar to
+#	1111222233334444
+#	1234123412341234
+for(1..37) {
+	@tbl = splice(@arr,0,64*16);
+	for($i=0;$i<64;$i++) {
+		undef @line;
+		for($j=0;$j<64;$j++) {
+			push @line,(@tbl[$j*16+$i/4]>>(($i%4)*8))&0xff;
+		}
+		$code.=".byte\t";
+		$code.=join(',',map { sprintf "0x%02x",$_} @line);
+		$code.="\n";
+	}
+}
+
+$code.=<<___;
+.size	ecp_nistz256_precomputed,.-ecp_nistz256_precomputed
+.asciz	"ECP_NISTZ256 for PPC64, CRYPTOGAMS by <appro\@openssl.org>"
+
+# void	ecp_nistz256_mul_mont(BN_ULONG x0[4],const BN_ULONG x1[4],
+#					     const BN_ULONG x2[4]);
+.globl	ecp_nistz256_mul_mont
+.align	5
+ecp_nistz256_mul_mont:
+	stdu	$sp,-128($sp)
+	mflr	r0
+	std	r22,48($sp)
+	std	r23,56($sp)
+	std	r24,64($sp)
+	std	r25,72($sp)
+	std	r26,80($sp)
+	std	r27,88($sp)
+	std	r28,96($sp)
+	std	r29,104($sp)
+	std	r30,112($sp)
+	std	r31,120($sp)
+
+	ld	$a0,0($ap)
+	ld	$bi,0($bp)
+	ld	$a1,8($ap)
+	ld	$a2,16($ap)
+	ld	$a3,24($ap)
+
+	li	$poly1,-1
+	srdi	$poly1,$poly1,32	# 0x00000000ffffffff
+	li	$poly3,1
+	orc	$poly3,$poly3,$poly1	# 0xffffffff00000001
+
+	bl	__ecp_nistz256_mul_mont
+
+	mtlr	r0
+	ld	r22,48($sp)
+	ld	r23,56($sp)
+	ld	r24,64($sp)
+	ld	r25,72($sp)
+	ld	r26,80($sp)
+	ld	r27,88($sp)
+	ld	r28,96($sp)
+	ld	r29,104($sp)
+	ld	r30,112($sp)
+	ld	r31,120($sp)
+	addi	$sp,$sp,128
+	blr
+	.long	0
+	.byte	0,12,4,0,0x80,10,3,0
+	.long	0
+.size	ecp_nistz256_mul_mont,.-ecp_nistz256_mul_mont
+
+# void	ecp_nistz256_sqr_mont(BN_ULONG x0[4],const BN_ULONG x1[4]);
+.globl	ecp_nistz256_sqr_mont
+.align	4
+ecp_nistz256_sqr_mont:
+	stdu	$sp,-128($sp)
+	mflr	r0
+	std	r22,48($sp)
+	std	r23,56($sp)
+	std	r24,64($sp)
+	std	r25,72($sp)
+	std	r26,80($sp)
+	std	r27,88($sp)
+	std	r28,96($sp)
+	std	r29,104($sp)
+	std	r30,112($sp)
+	std	r31,120($sp)
+
+	ld	$a0,0($ap)
+	ld	$a1,8($ap)
+	ld	$a2,16($ap)
+	ld	$a3,24($ap)
+
+	li	$poly1,-1
+	srdi	$poly1,$poly1,32	# 0x00000000ffffffff
+	li	$poly3,1
+	orc	$poly3,$poly3,$poly1	# 0xffffffff00000001
+
+	bl	__ecp_nistz256_sqr_mont
+
+	mtlr	r0
+	ld	r22,48($sp)
+	ld	r23,56($sp)
+	ld	r24,64($sp)
+	ld	r25,72($sp)
+	ld	r26,80($sp)
+	ld	r27,88($sp)
+	ld	r28,96($sp)
+	ld	r29,104($sp)
+	ld	r30,112($sp)
+	ld	r31,120($sp)
+	addi	$sp,$sp,128
+	blr
+	.long	0
+	.byte	0,12,4,0,0x80,10,2,0
+	.long	0
+.size	ecp_nistz256_sqr_mont,.-ecp_nistz256_sqr_mont
+
+# void	ecp_nistz256_add(BN_ULONG x0[4],const BN_ULONG x1[4],
+#					const BN_ULONG x2[4]);
+.globl	ecp_nistz256_add
+.align	4
+ecp_nistz256_add:
+	stdu	$sp,-128($sp)
+	mflr	r0
+	std	r28,96($sp)
+	std	r29,104($sp)
+	std	r30,112($sp)
+	std	r31,120($sp)
+
+	ld	$acc0,0($ap)
+	ld	$t0,  0($bp)
+	ld	$acc1,8($ap)
+	ld	$t1,  8($bp)
+	ld	$acc2,16($ap)
+	ld	$t2,  16($bp)
+	ld	$acc3,24($ap)
+	ld	$t3,  24($bp)
+
+	li	$poly1,-1
+	srdi	$poly1,$poly1,32	# 0x00000000ffffffff
+	li	$poly3,1
+	orc	$poly3,$poly3,$poly1	# 0xffffffff00000001
+
+	bl	__ecp_nistz256_add
+
+	mtlr	r0
+	ld	r28,96($sp)
+	ld	r29,104($sp)
+	ld	r30,112($sp)
+	ld	r31,120($sp)
+	addi	$sp,$sp,128
+	blr
+	.long	0
+	.byte	0,12,4,0,0x80,4,3,0
+	.long	0
+.size	ecp_nistz256_add,.-ecp_nistz256_add
+
+# void	ecp_nistz256_div_by_2(BN_ULONG x0[4],const BN_ULONG x1[4]);
+.globl	ecp_nistz256_div_by_2
+.align	4
+ecp_nistz256_div_by_2:
+	stdu	$sp,-128($sp)
+	mflr	r0
+	std	r28,96($sp)
+	std	r29,104($sp)
+	std	r30,112($sp)
+	std	r31,120($sp)
+
+	ld	$acc0,0($ap)
+	ld	$acc1,8($ap)
+	ld	$acc2,16($ap)
+	ld	$acc3,24($ap)
+
+	li	$poly1,-1
+	srdi	$poly1,$poly1,32	# 0x00000000ffffffff
+	li	$poly3,1
+	orc	$poly3,$poly3,$poly1	# 0xffffffff00000001
+
+	bl	__ecp_nistz256_div_by_2
+
+	mtlr	r0
+	ld	r28,96($sp)
+	ld	r29,104($sp)
+	ld	r30,112($sp)
+	ld	r31,120($sp)
+	addi	$sp,$sp,128
+	blr
+	.long	0
+	.byte	0,12,4,0,0x80,4,2,0
+	.long	0
+.size	ecp_nistz256_div_by_2,.-ecp_nistz256_div_by_2
+
+# void	ecp_nistz256_mul_by_2(BN_ULONG x0[4],const BN_ULONG x1[4]);
+.globl	ecp_nistz256_mul_by_2
+.align	4
+ecp_nistz256_mul_by_2:
+	stdu	$sp,-128($sp)
+	mflr	r0
+	std	r28,96($sp)
+	std	r29,104($sp)
+	std	r30,112($sp)
+	std	r31,120($sp)
+
+	ld	$acc0,0($ap)
+	ld	$acc1,8($ap)
+	ld	$acc2,16($ap)
+	ld	$acc3,24($ap)
+
+	mr	$t0,$acc0
+	mr	$t1,$acc1
+	mr	$t2,$acc2
+	mr	$t3,$acc3
+
+	li	$poly1,-1
+	srdi	$poly1,$poly1,32	# 0x00000000ffffffff
+	li	$poly3,1
+	orc	$poly3,$poly3,$poly1	# 0xffffffff00000001
+
+	bl	__ecp_nistz256_add	# ret = a+a	// 2*a
+
+	mtlr	r0
+	ld	r28,96($sp)
+	ld	r29,104($sp)
+	ld	r30,112($sp)
+	ld	r31,120($sp)
+	addi	$sp,$sp,128
+	blr
+	.long	0
+	.byte	0,12,4,0,0x80,4,3,0
+	.long	0
+.size	ecp_nistz256_mul_by_2,.-ecp_nistz256_mul_by_2
+
+# void	ecp_nistz256_mul_by_3(BN_ULONG x0[4],const BN_ULONG x1[4]);
+.globl	ecp_nistz256_mul_by_3
+.align	4
+ecp_nistz256_mul_by_3:
+	stdu	$sp,-128($sp)
+	mflr	r0
+	std	r28,96($sp)
+	std	r29,104($sp)
+	std	r30,112($sp)
+	std	r31,120($sp)
+
+	ld	$acc0,0($ap)
+	ld	$acc1,8($ap)
+	ld	$acc2,16($ap)
+	ld	$acc3,24($ap)
+
+	mr	$t0,$acc0
+	std	$acc0,64($sp)
+	mr	$t1,$acc1
+	std	$acc1,72($sp)
+	mr	$t2,$acc2
+	std	$acc2,80($sp)
+	mr	$t3,$acc3
+	std	$acc3,88($sp)
+
+	li	$poly1,-1
+	srdi	$poly1,$poly1,32	# 0x00000000ffffffff
+	li	$poly3,1
+	orc	$poly3,$poly3,$poly1	# 0xffffffff00000001
+
+	bl	__ecp_nistz256_add	# ret = a+a	// 2*a
+
+	ld	$t0,64($sp)
+	ld	$t1,72($sp)
+	ld	$t2,80($sp)
+	ld	$t3,88($sp)
+
+	bl	__ecp_nistz256_add	# ret += a	// 2*a+a=3*a
+
+	mtlr	r0
+	ld	r28,96($sp)
+	ld	r29,104($sp)
+	ld	r30,112($sp)
+	ld	r31,120($sp)
+	addi	$sp,$sp,128
+	blr
+	.long	0
+	.byte	0,12,4,0,0x80,4,2,0
+	.long	0
+.size	ecp_nistz256_mul_by_3,.-ecp_nistz256_mul_by_3
+
+# void	ecp_nistz256_sub(BN_ULONG x0[4],const BN_ULONG x1[4],
+#				        const BN_ULONG x2[4]);
+.globl	ecp_nistz256_sub
+.align	4
+ecp_nistz256_sub:
+	stdu	$sp,-128($sp)
+	mflr	r0
+	std	r28,96($sp)
+	std	r29,104($sp)
+	std	r30,112($sp)
+	std	r31,120($sp)
+
+	ld	$acc0,0($ap)
+	ld	$acc1,8($ap)
+	ld	$acc2,16($ap)
+	ld	$acc3,24($ap)
+
+	li	$poly1,-1
+	srdi	$poly1,$poly1,32	# 0x00000000ffffffff
+	li	$poly3,1
+	orc	$poly3,$poly3,$poly1	# 0xffffffff00000001
+
+	bl	__ecp_nistz256_sub_from
+
+	mtlr	r0
+	ld	r28,96($sp)
+	ld	r29,104($sp)
+	ld	r30,112($sp)
+	ld	r31,120($sp)
+	addi	$sp,$sp,128
+	blr
+	.long	0
+	.byte	0,12,4,0,0x80,4,3,0
+	.long	0
+.size	ecp_nistz256_sub,.-ecp_nistz256_sub
+
+# void	ecp_nistz256_neg(BN_ULONG x0[4],const BN_ULONG x1[4]);
+.globl	ecp_nistz256_neg
+.align	4
+ecp_nistz256_neg:
+	stdu	$sp,-128($sp)
+	mflr	r0
+	std	r28,96($sp)
+	std	r29,104($sp)
+	std	r30,112($sp)
+	std	r31,120($sp)
+
+	mr	$bp,$ap
+	li	$acc0,0
+	li	$acc1,0
+	li	$acc2,0
+	li	$acc3,0
+
+	li	$poly1,-1
+	srdi	$poly1,$poly1,32	# 0x00000000ffffffff
+	li	$poly3,1
+	orc	$poly3,$poly3,$poly1	# 0xffffffff00000001
+
+	bl	__ecp_nistz256_sub_from
+
+	mtlr	r0
+	ld	r28,96($sp)
+	ld	r29,104($sp)
+	ld	r30,112($sp)
+	ld	r31,120($sp)
+	addi	$sp,$sp,128
+	blr
+	.long	0
+	.byte	0,12,4,0,0x80,4,2,0
+	.long	0
+.size	ecp_nistz256_neg,.-ecp_nistz256_neg
+
+# note that __ecp_nistz256_mul_mont expects a[0-3] input pre-loaded
+# to $a0-$a3 and b[0] - to $bi
+.type	__ecp_nistz256_mul_mont,\@function
+.align	4
+__ecp_nistz256_mul_mont:
+	mulld	$acc0,$a0,$bi		# a[0]*b[0]
+	mulhdu	$t0,$a0,$bi
+
+	mulld	$acc1,$a1,$bi		# a[1]*b[0]
+	mulhdu	$t1,$a1,$bi
+
+	mulld	$acc2,$a2,$bi		# a[2]*b[0]
+	mulhdu	$t2,$a2,$bi
+
+	mulld	$acc3,$a3,$bi		# a[3]*b[0]
+	mulhdu	$t3,$a3,$bi
+	ld	$bi,8($bp)		# b[1]
+
+	addc	$acc1,$acc1,$t0		# accumulate high parts of multiplication
+	 sldi	$t0,$acc0,32
+	adde	$acc2,$acc2,$t1
+	 srdi	$t1,$acc0,32
+	adde	$acc3,$acc3,$t2
+	addze	$acc4,$t3
+	li	$acc5,0
+___
+for($i=1;$i<4;$i++) {
+	################################################################
+	# Reduction iteration is normally performed by accumulating
+	# result of multiplication of modulus by "magic" digit [and
+	# omitting least significant word, which is guaranteed to
+	# be 0], but thanks to special form of modulus and "magic"
+	# digit being equal to least significant word, it can be
+	# performed with additions and subtractions alone. Indeed:
+	#
+	#            ffff0001.00000000.0000ffff.ffffffff
+	# *                                     abcdefgh
+	# + xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.abcdefgh
+	#
+	# Now observing that ff..ff*x = (2^n-1)*x = 2^n*x-x, we
+	# rewrite above as:
+	#
+	#   xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.abcdefgh
+	# + abcdefgh.abcdefgh.0000abcd.efgh0000.00000000
+	# - 0000abcd.efgh0000.00000000.00000000.abcdefgh
+	#
+	# or marking redundant operations:
+	#
+	#   xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.--------
+	# + abcdefgh.abcdefgh.0000abcd.efgh0000.--------
+	# - 0000abcd.efgh0000.--------.--------.--------
+
+$code.=<<___;
+	subfc	$t2,$t0,$acc0		# "*0xffff0001"
+	subfe	$t3,$t1,$acc0
+	addc	$acc0,$acc1,$t0		# +=acc[0]<<96 and omit acc[0]
+	adde	$acc1,$acc2,$t1
+	adde	$acc2,$acc3,$t2		# +=acc[0]*0xffff0001
+	adde	$acc3,$acc4,$t3
+	addze	$acc4,$acc5
+
+	mulld	$t0,$a0,$bi		# lo(a[0]*b[i])
+	mulld	$t1,$a1,$bi		# lo(a[1]*b[i])
+	mulld	$t2,$a2,$bi		# lo(a[2]*b[i])
+	mulld	$t3,$a3,$bi		# lo(a[3]*b[i])
+	addc	$acc0,$acc0,$t0		# accumulate low parts of multiplication
+	 mulhdu	$t0,$a0,$bi		# hi(a[0]*b[i])
+	adde	$acc1,$acc1,$t1
+	 mulhdu	$t1,$a1,$bi		# hi(a[1]*b[i])
+	adde	$acc2,$acc2,$t2
+	 mulhdu	$t2,$a2,$bi		# hi(a[2]*b[i])
+	adde	$acc3,$acc3,$t3
+	 mulhdu	$t3,$a3,$bi		# hi(a[3]*b[i])
+	addze	$acc4,$acc4
+___
+$code.=<<___	if ($i<3);
+	ld	$bi,8*($i+1)($bp)	# b[$i+1]
+___
+$code.=<<___;
+	addc	$acc1,$acc1,$t0		# accumulate high parts of multiplication
+	 sldi	$t0,$acc0,32
+	adde	$acc2,$acc2,$t1
+	 srdi	$t1,$acc0,32
+	adde	$acc3,$acc3,$t2
+	adde	$acc4,$acc4,$t3
+	li	$acc5,0
+	addze	$acc5,$acc5
+___
+}
+$code.=<<___;
+	# last reduction
+	subfc	$t2,$t0,$acc0		# "*0xffff0001"
+	subfe	$t3,$t1,$acc0
+	addc	$acc0,$acc1,$t0		# +=acc[0]<<96 and omit acc[0]
+	adde	$acc1,$acc2,$t1
+	adde	$acc2,$acc3,$t2		# +=acc[0]*0xffff0001
+	adde	$acc3,$acc4,$t3
+	addze	$acc4,$acc5
+
+	li	$t2,0
+	addic	$acc0,$acc0,1		# ret -= modulus
+	subfe	$acc1,$poly1,$acc1
+	subfe	$acc2,$t2,$acc2
+	subfe	$acc3,$poly3,$acc3
+	subfe	$acc4,$t2,$acc4
+
+	addc	$acc0,$acc0,$acc4	# ret += modulus if borrow
+	and	$t1,$poly1,$acc4
+	and	$t3,$poly3,$acc4
+	adde	$acc1,$acc1,$t1
+	addze	$acc2,$acc2
+	adde	$acc3,$acc3,$t3
+
+	std	$acc0,0($rp)
+	std	$acc1,8($rp)
+	std	$acc2,16($rp)
+	std	$acc3,24($rp)
+
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,1,0
+	.long	0
+.size	__ecp_nistz256_mul_mont,.-__ecp_nistz256_mul_mont
+
+# note that __ecp_nistz256_sqr_mont expects a[0-3] input pre-loaded
+# to $a0-$a3
+.type	__ecp_nistz256_sqr_mont,\@function
+.align	4
+__ecp_nistz256_sqr_mont:
+	################################################################
+	#  |  |  |  |  |  |a1*a0|  |
+	#  |  |  |  |  |a2*a0|  |  |
+	#  |  |a3*a2|a3*a0|  |  |  |
+	#  |  |  |  |a2*a1|  |  |  |
+	#  |  |  |a3*a1|  |  |  |  |
+	# *|  |  |  |  |  |  |  | 2|
+	# +|a3*a3|a2*a2|a1*a1|a0*a0|
+	#  |--+--+--+--+--+--+--+--|
+	#  |A7|A6|A5|A4|A3|A2|A1|A0|, where Ax is $accx, i.e. follow $accx
+	#
+	#  "can't overflow" below mark carrying into high part of
+	#  multiplication result, which can't overflow, because it
+	#  can never be all ones.
+
+	mulld	$acc1,$a1,$a0		# a[1]*a[0]
+	mulhdu	$t1,$a1,$a0
+	mulld	$acc2,$a2,$a0		# a[2]*a[0]
+	mulhdu	$t2,$a2,$a0
+	mulld	$acc3,$a3,$a0		# a[3]*a[0]
+	mulhdu	$acc4,$a3,$a0
+
+	addc	$acc2,$acc2,$t1		# accumulate high parts of multiplication
+	 mulld	$t0,$a2,$a1		# a[2]*a[1]
+	 mulhdu	$t1,$a2,$a1
+	adde	$acc3,$acc3,$t2
+	 mulld	$t2,$a3,$a1		# a[3]*a[1]
+	 mulhdu	$t3,$a3,$a1
+	addze	$acc4,$acc4		# can't overflow
+
+	mulld	$acc5,$a3,$a2		# a[3]*a[2]
+	mulhdu	$acc6,$a3,$a2
+
+	addc	$t1,$t1,$t2		# accumulate high parts of multiplication
+	addze	$t2,$t3			# can't overflow
+
+	addc	$acc3,$acc3,$t0		# accumulate low parts of multiplication
+	adde	$acc4,$acc4,$t1
+	adde	$acc5,$acc5,$t2
+	addze	$acc6,$acc6		# can't overflow
+
+	addc	$acc1,$acc1,$acc1	# acc[1-6]*=2
+	adde	$acc2,$acc2,$acc2
+	adde	$acc3,$acc3,$acc3
+	adde	$acc4,$acc4,$acc4
+	adde	$acc5,$acc5,$acc5
+	adde	$acc6,$acc6,$acc6
+	li	$acc7,0
+	addze	$acc7,$acc7
+
+	mulld	$acc0,$a0,$a0		# a[0]*a[0]
+	mulhdu	$a0,$a0,$a0
+	mulld	$t1,$a1,$a1		# a[1]*a[1]
+	mulhdu	$a1,$a1,$a1
+	mulld	$t2,$a2,$a2		# a[2]*a[2]
+	mulhdu	$a2,$a2,$a2
+	mulld	$t3,$a3,$a3		# a[3]*a[3]
+	mulhdu	$a3,$a3,$a3
+	addc	$acc1,$acc1,$a0		# +a[i]*a[i]
+	 sldi	$t0,$acc0,32
+	adde	$acc2,$acc2,$t1
+	 srdi	$t1,$acc0,32
+	adde	$acc3,$acc3,$a1
+	adde	$acc4,$acc4,$t2
+	adde	$acc5,$acc5,$a2
+	adde	$acc6,$acc6,$t3
+	adde	$acc7,$acc7,$a3
+___
+for($i=0;$i<3;$i++) {			# reductions, see commentary in
+					# multiplication for details
+$code.=<<___;
+	subfc	$t2,$t0,$acc0		# "*0xffff0001"
+	subfe	$t3,$t1,$acc0
+	addc	$acc0,$acc1,$t0		# +=acc[0]<<96 and omit acc[0]
+	 sldi	$t0,$acc0,32
+	adde	$acc1,$acc2,$t1
+	 srdi	$t1,$acc0,32
+	adde	$acc2,$acc3,$t2		# +=acc[0]*0xffff0001
+	addze	$acc3,$t3		# can't overflow
+___
+}
+$code.=<<___;
+	subfc	$t2,$t0,$acc0		# "*0xffff0001"
+	subfe	$t3,$t1,$acc0
+	addc	$acc0,$acc1,$t0		# +=acc[0]<<96 and omit acc[0]
+	adde	$acc1,$acc2,$t1
+	adde	$acc2,$acc3,$t2		# +=acc[0]*0xffff0001
+	addze	$acc3,$t3		# can't overflow
+
+	addc	$acc0,$acc0,$acc4	# accumulate upper half
+	adde	$acc1,$acc1,$acc5
+	adde	$acc2,$acc2,$acc6
+	adde	$acc3,$acc3,$acc7
+	li	$t2,0
+	addze	$acc4,$t2
+
+	addic	$acc0,$acc0,1		# ret -= modulus
+	subfe	$acc1,$poly1,$acc1
+	subfe	$acc2,$t2,$acc2
+	subfe	$acc3,$poly3,$acc3
+	subfe	$acc4,$t2,$acc4
+
+	addc	$acc0,$acc0,$acc4	# ret += modulus if borrow
+	and	$t1,$poly1,$acc4
+	and	$t3,$poly3,$acc4
+	adde	$acc1,$acc1,$t1
+	addze	$acc2,$acc2
+	adde	$acc3,$acc3,$t3
+
+	std	$acc0,0($rp)
+	std	$acc1,8($rp)
+	std	$acc2,16($rp)
+	std	$acc3,24($rp)
+
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,1,0
+	.long	0
+.size	__ecp_nistz256_sqr_mont,.-__ecp_nistz256_sqr_mont
+
+# Note that __ecp_nistz256_add expects both input vectors pre-loaded to
+# $a0-$a3 and $t0-$t3. This is done because it's used in multiple
+# contexts, e.g. in multiplication by 2 and 3...
+.type	__ecp_nistz256_add,\@function
+.align	4
+__ecp_nistz256_add:
+	addc	$acc0,$acc0,$t0		# ret = a+b
+	adde	$acc1,$acc1,$t1
+	adde	$acc2,$acc2,$t2
+	li	$t2,0
+	adde	$acc3,$acc3,$t3
+	addze	$t0,$t2
+
+	# if a+b >= modulus, subtract modulus
+	#
+	# But since comparison implies subtraction, we subtract
+	# modulus and then add it back if subtraction borrowed.
+
+	subic	$acc0,$acc0,-1
+	subfe	$acc1,$poly1,$acc1
+	subfe	$acc2,$t2,$acc2
+	subfe	$acc3,$poly3,$acc3
+	subfe	$t0,$t2,$t0
+
+	addc	$acc0,$acc0,$t0
+	and	$t1,$poly1,$t0
+	and	$t3,$poly3,$t0
+	adde	$acc1,$acc1,$t1
+	addze	$acc2,$acc2
+	adde	$acc3,$acc3,$t3
+
+	std	$acc0,0($rp)
+	std	$acc1,8($rp)
+	std	$acc2,16($rp)
+	std	$acc3,24($rp)
+
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,3,0
+	.long	0
+.size	__ecp_nistz256_add,.-__ecp_nistz256_add
+
+.type	__ecp_nistz256_sub_from,\@function
+.align	4
+__ecp_nistz256_sub_from:
+	ld	$t0,0($bp)
+	ld	$t1,8($bp)
+	ld	$t2,16($bp)
+	ld	$t3,24($bp)
+	subfc	$acc0,$t0,$acc0		# ret = a-b
+	subfe	$acc1,$t1,$acc1
+	subfe	$acc2,$t2,$acc2
+	subfe	$acc3,$t3,$acc3
+	subfe	$t0,$t0,$t0		# t0 = borrow ? -1 : 0
+
+	# if a-b borrowed, add modulus
+
+	addc	$acc0,$acc0,$t0		# ret -= modulus & t0
+	and	$t1,$poly1,$t0
+	and	$t3,$poly3,$t0
+	adde	$acc1,$acc1,$t1
+	addze	$acc2,$acc2
+	adde	$acc3,$acc3,$t3
+
+	std	$acc0,0($rp)
+	std	$acc1,8($rp)
+	std	$acc2,16($rp)
+	std	$acc3,24($rp)
+
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,3,0
+	.long	0
+.size	__ecp_nistz256_sub_from,.-__ecp_nistz256_sub_from
+
+.type	__ecp_nistz256_sub_morf,\@function
+.align	4
+__ecp_nistz256_sub_morf:
+	ld	$t0,0($bp)
+	ld	$t1,8($bp)
+	ld	$t2,16($bp)
+	ld	$t3,24($bp)
+	subfc	$acc0,$acc0,$t0 	# ret = b-a
+	subfe	$acc1,$acc1,$t1
+	subfe	$acc2,$acc2,$t2
+	subfe	$acc3,$acc3,$t3
+	subfe	$t0,$t0,$t0		# t0 = borrow ? -1 : 0
+
+	# if b-a borrowed, add modulus
+
+	addc	$acc0,$acc0,$t0		# ret -= modulus & t0
+	and	$t1,$poly1,$t0
+	and	$t3,$poly3,$t0
+	adde	$acc1,$acc1,$t1
+	addze	$acc2,$acc2
+	adde	$acc3,$acc3,$t3
+
+	std	$acc0,0($rp)
+	std	$acc1,8($rp)
+	std	$acc2,16($rp)
+	std	$acc3,24($rp)
+
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,3,0
+	.long	0
+.size	__ecp_nistz256_sub_morf,.-__ecp_nistz256_sub_morf
+
+.type	__ecp_nistz256_div_by_2,\@function
+.align	4
+__ecp_nistz256_div_by_2:
+	andi.	$t0,$acc0,1
+	addic	$acc0,$acc0,-1		# a += modulus
+	 neg	$t0,$t0
+	adde	$acc1,$acc1,$poly1
+	 not	$t0,$t0
+	addze	$acc2,$acc2
+	 li	$t2,0
+	adde	$acc3,$acc3,$poly3
+	 and	$t1,$poly1,$t0
+	addze	$ap,$t2			# ap = carry
+	 and	$t3,$poly3,$t0
+
+	subfc	$acc0,$t0,$acc0		# a -= modulus if a was even
+	subfe	$acc1,$t1,$acc1
+	subfe	$acc2,$t2,$acc2
+	subfe	$acc3,$t3,$acc3
+	subfe	$ap,  $t2,$ap
+
+	srdi	$acc0,$acc0,1
+	sldi	$t0,$acc1,63
+	srdi	$acc1,$acc1,1
+	sldi	$t1,$acc2,63
+	srdi	$acc2,$acc2,1
+	sldi	$t2,$acc3,63
+	srdi	$acc3,$acc3,1
+	sldi	$t3,$ap,63
+	or	$acc0,$acc0,$t0
+	or	$acc1,$acc1,$t1
+	or	$acc2,$acc2,$t2
+	or	$acc3,$acc3,$t3
+
+	std	$acc0,0($rp)
+	std	$acc1,8($rp)
+	std	$acc2,16($rp)
+	std	$acc3,24($rp)
+
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,1,0
+	.long	0
+.size	__ecp_nistz256_div_by_2,.-__ecp_nistz256_div_by_2
+___
+########################################################################
+# following subroutines are "literal" implementation of those found in
+# ecp_nistz256.c
+#
+########################################################################
+# void ecp_nistz256_point_double(P256_POINT *out,const P256_POINT *inp);
+#
+if (1) {
+my $FRAME=64+32*4+12*8;
+my ($S,$M,$Zsqr,$tmp0)=map(64+32*$_,(0..3));
+# above map() describes stack layout with 4 temporary
+# 256-bit vectors on top.
+my ($rp_real,$ap_real) = map("r$_",(20,21));
+
+$code.=<<___;
+.globl	ecp_nistz256_point_double
+.align	5
+ecp_nistz256_point_double:
+	stdu	$sp,-$FRAME($sp)
+	mflr	r0
+	std	r20,$FRAME-8*12($sp)
+	std	r21,$FRAME-8*11($sp)
+	std	r22,$FRAME-8*10($sp)
+	std	r23,$FRAME-8*9($sp)
+	std	r24,$FRAME-8*8($sp)
+	std	r25,$FRAME-8*7($sp)
+	std	r26,$FRAME-8*6($sp)
+	std	r27,$FRAME-8*5($sp)
+	std	r28,$FRAME-8*4($sp)
+	std	r29,$FRAME-8*3($sp)
+	std	r30,$FRAME-8*2($sp)
+	std	r31,$FRAME-8*1($sp)
+
+	li	$poly1,-1
+	srdi	$poly1,$poly1,32	# 0x00000000ffffffff
+	li	$poly3,1
+	orc	$poly3,$poly3,$poly1	# 0xffffffff00000001
+.Ldouble_shortcut:
+	ld	$acc0,32($ap)
+	ld	$acc1,40($ap)
+	ld	$acc2,48($ap)
+	ld	$acc3,56($ap)
+	mr	$t0,$acc0
+	mr	$t1,$acc1
+	mr	$t2,$acc2
+	mr	$t3,$acc3
+	 ld	$a0,64($ap)		# forward load for p256_sqr_mont
+	 ld	$a1,72($ap)
+	 ld	$a2,80($ap)
+	 ld	$a3,88($ap)
+	 mr	$rp_real,$rp
+	 mr	$ap_real,$ap
+	addi	$rp,$sp,$S
+	bl	__ecp_nistz256_add	# p256_mul_by_2(S, in_y);
+
+	addi	$rp,$sp,$Zsqr
+	bl	__ecp_nistz256_sqr_mont	# p256_sqr_mont(Zsqr, in_z);
+
+	ld	$t0,0($ap_real)
+	ld	$t1,8($ap_real)
+	ld	$t2,16($ap_real)
+	ld	$t3,24($ap_real)
+	mr	$a0,$acc0		# put Zsqr aside for p256_sub
+	mr	$a1,$acc1
+	mr	$a2,$acc2
+	mr	$a3,$acc3
+	addi	$rp,$sp,$M
+	bl	__ecp_nistz256_add	# p256_add(M, Zsqr, in_x);
+
+	addi	$bp,$ap_real,0
+	mr	$acc0,$a0		# restore Zsqr
+	mr	$acc1,$a1
+	mr	$acc2,$a2
+	mr	$acc3,$a3
+	 ld	$a0,$S+0($sp)		# forward load for p256_sqr_mont
+	 ld	$a1,$S+8($sp)
+	 ld	$a2,$S+16($sp)
+	 ld	$a3,$S+24($sp)
+	addi	$rp,$sp,$Zsqr
+	bl	__ecp_nistz256_sub_morf	# p256_sub(Zsqr, in_x, Zsqr);
+
+	addi	$rp,$sp,$S
+	bl	__ecp_nistz256_sqr_mont	# p256_sqr_mont(S, S);
+
+	ld	$bi,32($ap_real)
+	ld	$a0,64($ap_real)
+	ld	$a1,72($ap_real)
+	ld	$a2,80($ap_real)
+	ld	$a3,88($ap_real)
+	addi	$bp,$ap_real,32
+	addi	$rp,$sp,$tmp0
+	bl	__ecp_nistz256_mul_mont	# p256_mul_mont(tmp0, in_z, in_y);
+
+	mr	$t0,$acc0
+	mr	$t1,$acc1
+	mr	$t2,$acc2
+	mr	$t3,$acc3
+	 ld	$a0,$S+0($sp)		# forward load for p256_sqr_mont
+	 ld	$a1,$S+8($sp)
+	 ld	$a2,$S+16($sp)
+	 ld	$a3,$S+24($sp)
+	addi	$rp,$rp_real,64
+	bl	__ecp_nistz256_add	# p256_mul_by_2(res_z, tmp0);
+
+	addi	$rp,$sp,$tmp0
+	bl	__ecp_nistz256_sqr_mont	# p256_sqr_mont(tmp0, S);
+
+	 ld	$bi,$Zsqr($sp)		# forward load for p256_mul_mont
+	 ld	$a0,$M+0($sp)
+	 ld	$a1,$M+8($sp)
+	 ld	$a2,$M+16($sp)
+	 ld	$a3,$M+24($sp)
+	addi	$rp,$rp_real,32
+	bl	__ecp_nistz256_div_by_2	# p256_div_by_2(res_y, tmp0);
+
+	addi	$bp,$sp,$Zsqr
+	addi	$rp,$sp,$M
+	bl	__ecp_nistz256_mul_mont	# p256_mul_mont(M, M, Zsqr);
+
+	mr	$t0,$acc0		# duplicate M
+	mr	$t1,$acc1
+	mr	$t2,$acc2
+	mr	$t3,$acc3
+	mr	$a0,$acc0		# put M aside
+	mr	$a1,$acc1
+	mr	$a2,$acc2
+	mr	$a3,$acc3
+	addi	$rp,$sp,$M
+	bl	__ecp_nistz256_add
+	mr	$t0,$a0			# restore M
+	mr	$t1,$a1
+	mr	$t2,$a2
+	mr	$t3,$a3
+	 ld	$bi,0($ap_real)		# forward load for p256_mul_mont
+	 ld	$a0,$S+0($sp)
+	 ld	$a1,$S+8($sp)
+	 ld	$a2,$S+16($sp)
+	 ld	$a3,$S+24($sp)
+	bl	__ecp_nistz256_add	# p256_mul_by_3(M, M);
+
+	addi	$bp,$ap_real,0
+	addi	$rp,$sp,$S
+	bl	__ecp_nistz256_mul_mont	# p256_mul_mont(S, S, in_x);
+
+	mr	$t0,$acc0
+	mr	$t1,$acc1
+	mr	$t2,$acc2
+	mr	$t3,$acc3
+	 ld	$a0,$M+0($sp)		# forward load for p256_sqr_mont
+	 ld	$a1,$M+8($sp)
+	 ld	$a2,$M+16($sp)
+	 ld	$a3,$M+24($sp)
+	addi	$rp,$sp,$tmp0
+	bl	__ecp_nistz256_add	# p256_mul_by_2(tmp0, S);
+
+	addi	$rp,$rp_real,0
+	bl	__ecp_nistz256_sqr_mont	# p256_sqr_mont(res_x, M);
+
+	addi	$bp,$sp,$tmp0
+	bl	__ecp_nistz256_sub_from	# p256_sub(res_x, res_x, tmp0);
+
+	addi	$bp,$sp,$S
+	addi	$rp,$sp,$S
+	bl	__ecp_nistz256_sub_morf	# p256_sub(S, S, res_x);
+
+	ld	$bi,$M($sp)
+	mr	$a0,$acc0		# copy S
+	mr	$a1,$acc1
+	mr	$a2,$acc2
+	mr	$a3,$acc3
+	addi	$bp,$sp,$M
+	bl	__ecp_nistz256_mul_mont	# p256_mul_mont(S, S, M);
+
+	addi	$bp,$rp_real,32
+	addi	$rp,$rp_real,32
+	bl	__ecp_nistz256_sub_from	# p256_sub(res_y, S, res_y);
+
+	mtlr	r0
+	ld	r20,$FRAME-8*12($sp)
+	ld	r21,$FRAME-8*11($sp)
+	ld	r22,$FRAME-8*10($sp)
+	ld	r23,$FRAME-8*9($sp)
+	ld	r24,$FRAME-8*8($sp)
+	ld	r25,$FRAME-8*7($sp)
+	ld	r26,$FRAME-8*6($sp)
+	ld	r27,$FRAME-8*5($sp)
+	ld	r28,$FRAME-8*4($sp)
+	ld	r29,$FRAME-8*3($sp)
+	ld	r30,$FRAME-8*2($sp)
+	ld	r31,$FRAME-8*1($sp)
+	addi	$sp,$sp,$FRAME
+	blr
+	.long	0
+	.byte	0,12,4,0,0x80,12,2,0
+	.long	0
+.size	ecp_nistz256_point_double,.-ecp_nistz256_point_double
+___
+}
+
+########################################################################
+# void ecp_nistz256_point_add(P256_POINT *out,const P256_POINT *in1,
+#			      const P256_POINT *in2);
+if (1) {
+my $FRAME = 64 + 32*12 + 16*8;
+my ($res_x,$res_y,$res_z,
+    $H,$Hsqr,$R,$Rsqr,$Hcub,
+    $U1,$U2,$S1,$S2)=map(64+32*$_,(0..11));
+my ($Z1sqr, $Z2sqr) = ($Hsqr, $Rsqr);
+# above map() describes stack layout with 12 temporary
+# 256-bit vectors on top.
+my ($rp_real,$ap_real,$bp_real,$in1infty,$in2infty,$temp)=map("r$_",(16..21));
+
+$code.=<<___;
+.globl	ecp_nistz256_point_add
+.align	5
+ecp_nistz256_point_add:
+	stdu	$sp,-$FRAME($sp)
+	mflr	r0
+	std	r16,$FRAME-8*16($sp)
+	std	r17,$FRAME-8*15($sp)
+	std	r18,$FRAME-8*14($sp)
+	std	r19,$FRAME-8*13($sp)
+	std	r20,$FRAME-8*12($sp)
+	std	r21,$FRAME-8*11($sp)
+	std	r22,$FRAME-8*10($sp)
+	std	r23,$FRAME-8*9($sp)
+	std	r24,$FRAME-8*8($sp)
+	std	r25,$FRAME-8*7($sp)
+	std	r26,$FRAME-8*6($sp)
+	std	r27,$FRAME-8*5($sp)
+	std	r28,$FRAME-8*4($sp)
+	std	r29,$FRAME-8*3($sp)
+	std	r30,$FRAME-8*2($sp)
+	std	r31,$FRAME-8*1($sp)
+
+	li	$poly1,-1
+	srdi	$poly1,$poly1,32	# 0x00000000ffffffff
+	li	$poly3,1
+	orc	$poly3,$poly3,$poly1	# 0xffffffff00000001
+
+	ld	$a0,64($bp)		# in2_z
+	ld	$a1,72($bp)
+	ld	$a2,80($bp)
+	ld	$a3,88($bp)
+	 mr	$rp_real,$rp
+	 mr	$ap_real,$ap
+	 mr	$bp_real,$bp
+	or	$t0,$a0,$a1
+	or	$t2,$a2,$a3
+	or	$in2infty,$t0,$t2
+	neg	$t0,$in2infty
+	or	$in2infty,$in2infty,$t0
+	sradi	$in2infty,$in2infty,63	# !in2infty
+	addi	$rp,$sp,$Z2sqr
+	bl	__ecp_nistz256_sqr_mont	# p256_sqr_mont(Z2sqr, in2_z);
+
+	ld	$a0,64($ap_real)	# in1_z
+	ld	$a1,72($ap_real)
+	ld	$a2,80($ap_real)
+	ld	$a3,88($ap_real)
+	or	$t0,$a0,$a1
+	or	$t2,$a2,$a3
+	or	$in1infty,$t0,$t2
+	neg	$t0,$in1infty
+	or	$in1infty,$in1infty,$t0
+	sradi	$in1infty,$in1infty,63	# !in1infty
+	addi	$rp,$sp,$Z1sqr
+	bl	__ecp_nistz256_sqr_mont	# p256_sqr_mont(Z1sqr, in1_z);
+
+	ld	$bi,64($bp_real)
+	ld	$a0,$Z2sqr+0($sp)
+	ld	$a1,$Z2sqr+8($sp)
+	ld	$a2,$Z2sqr+16($sp)
+	ld	$a3,$Z2sqr+24($sp)
+	addi	$bp,$bp_real,64
+	addi	$rp,$sp,$S1
+	bl	__ecp_nistz256_mul_mont	# p256_mul_mont(S1, Z2sqr, in2_z);
+
+	ld	$bi,64($ap_real)
+	ld	$a0,$Z1sqr+0($sp)
+	ld	$a1,$Z1sqr+8($sp)
+	ld	$a2,$Z1sqr+16($sp)
+	ld	$a3,$Z1sqr+24($sp)
+	addi	$bp,$ap_real,64
+	addi	$rp,$sp,$S2
+	bl	__ecp_nistz256_mul_mont	# p256_mul_mont(S2, Z1sqr, in1_z);
+
+	ld	$bi,32($ap_real)
+	ld	$a0,$S1+0($sp)
+	ld	$a1,$S1+8($sp)
+	ld	$a2,$S1+16($sp)
+	ld	$a3,$S1+24($sp)
+	addi	$bp,$ap_real,32
+	addi	$rp,$sp,$S1
+	bl	__ecp_nistz256_mul_mont	# p256_mul_mont(S1, S1, in1_y);
+
+	ld	$bi,32($bp_real)
+	ld	$a0,$S2+0($sp)
+	ld	$a1,$S2+8($sp)
+	ld	$a2,$S2+16($sp)
+	ld	$a3,$S2+24($sp)
+	addi	$bp,$bp_real,32
+	addi	$rp,$sp,$S2
+	bl	__ecp_nistz256_mul_mont	# p256_mul_mont(S2, S2, in2_y);
+
+	addi	$bp,$sp,$S1
+	 ld	$bi,$Z2sqr($sp)		# forward load for p256_mul_mont
+	 ld	$a0,0($ap_real)
+	 ld	$a1,8($ap_real)
+	 ld	$a2,16($ap_real)
+	 ld	$a3,24($ap_real)
+	addi	$rp,$sp,$R
+	bl	__ecp_nistz256_sub_from	# p256_sub(R, S2, S1);
+
+	or	$acc0,$acc0,$acc1	# see if result is zero
+	or	$acc2,$acc2,$acc3
+	or	$temp,$acc0,$acc2
+
+	addi	$bp,$sp,$Z2sqr
+	addi	$rp,$sp,$U1
+	bl	__ecp_nistz256_mul_mont	# p256_mul_mont(U1, in1_x, Z2sqr);
+
+	ld	$bi,$Z1sqr($sp)
+	ld	$a0,0($bp_real)
+	ld	$a1,8($bp_real)
+	ld	$a2,16($bp_real)
+	ld	$a3,24($bp_real)
+	addi	$bp,$sp,$Z1sqr
+	addi	$rp,$sp,$U2
+	bl	__ecp_nistz256_mul_mont	# p256_mul_mont(U2, in2_x, Z1sqr);
+
+	addi	$bp,$sp,$U1
+	 ld	$a0,$R+0($sp)		# forward load for p256_sqr_mont
+	 ld	$a1,$R+8($sp)
+	 ld	$a2,$R+16($sp)
+	 ld	$a3,$R+24($sp)
+	addi	$rp,$sp,$H
+	bl	__ecp_nistz256_sub_from	# p256_sub(H, U2, U1);
+
+	or	$acc0,$acc0,$acc1	# see if result is zero
+	or	$acc2,$acc2,$acc3
+	or.	$acc0,$acc0,$acc2
+	bne	.Ladd_proceed		# is_equal(U1,U2)?
+
+	and.	$t0,$in1infty,$in2infty
+	beq	.Ladd_proceed		# (in1infty || in2infty)?
+
+	cmpldi	$temp,0
+	beq	.Ladd_double		# is_equal(S1,S2)?
+
+	xor	$a0,$a0,$a0
+	std	$a0,0($rp_real)
+	std	$a0,8($rp_real)
+	std	$a0,16($rp_real)
+	std	$a0,24($rp_real)
+	std	$a0,32($rp_real)
+	std	$a0,40($rp_real)
+	std	$a0,48($rp_real)
+	std	$a0,56($rp_real)
+	std	$a0,64($rp_real)
+	std	$a0,72($rp_real)
+	std	$a0,80($rp_real)
+	std	$a0,88($rp_real)
+	b	.Ladd_done
+
+.align	4
+.Ladd_double:
+	ld	$bp,0($sp)		# back-link
+	mr	$ap,$ap_real
+	mr	$rp,$rp_real
+	ld	r16,$FRAME-8*16($sp)
+	ld	r17,$FRAME-8*15($sp)
+	ld	r18,$FRAME-8*14($sp)
+	ld	r19,$FRAME-8*13($sp)
+	stdu	$bp,$FRAME-288($sp)	# difference in stack frame sizes
+	b	.Ldouble_shortcut
+
+.align	4
+.Ladd_proceed:
+	addi	$rp,$sp,$Rsqr
+	bl	__ecp_nistz256_sqr_mont	# p256_sqr_mont(Rsqr, R);
+
+	ld	$bi,64($ap_real)
+	ld	$a0,$H+0($sp)
+	ld	$a1,$H+8($sp)
+	ld	$a2,$H+16($sp)
+	ld	$a3,$H+24($sp)
+	addi	$bp,$ap_real,64
+	addi	$rp,$sp,$res_z
+	bl	__ecp_nistz256_mul_mont	# p256_mul_mont(res_z, H, in1_z);
+
+	ld	$a0,$H+0($sp)
+	ld	$a1,$H+8($sp)
+	ld	$a2,$H+16($sp)
+	ld	$a3,$H+24($sp)
+	addi	$rp,$sp,$Hsqr
+	bl	__ecp_nistz256_sqr_mont	# p256_sqr_mont(Hsqr, H);
+
+	ld	$bi,64($bp_real)
+	ld	$a0,$res_z+0($sp)
+	ld	$a1,$res_z+8($sp)
+	ld	$a2,$res_z+16($sp)
+	ld	$a3,$res_z+24($sp)
+	addi	$bp,$bp_real,64
+	addi	$rp,$sp,$res_z
+	bl	__ecp_nistz256_mul_mont	# p256_mul_mont(res_z, res_z, in2_z);
+
+	ld	$bi,$H($sp)
+	ld	$a0,$Hsqr+0($sp)
+	ld	$a1,$Hsqr+8($sp)
+	ld	$a2,$Hsqr+16($sp)
+	ld	$a3,$Hsqr+24($sp)
+	addi	$bp,$sp,$H
+	addi	$rp,$sp,$Hcub
+	bl	__ecp_nistz256_mul_mont	# p256_mul_mont(Hcub, Hsqr, H);
+
+	ld	$bi,$Hsqr($sp)
+	ld	$a0,$U1+0($sp)
+	ld	$a1,$U1+8($sp)
+	ld	$a2,$U1+16($sp)
+	ld	$a3,$U1+24($sp)
+	addi	$bp,$sp,$Hsqr
+	addi	$rp,$sp,$U2
+	bl	__ecp_nistz256_mul_mont	# p256_mul_mont(U2, U1, Hsqr);
+
+	mr	$t0,$acc0
+	mr	$t1,$acc1
+	mr	$t2,$acc2
+	mr	$t3,$acc3
+	addi	$rp,$sp,$Hsqr
+	bl	__ecp_nistz256_add	# p256_mul_by_2(Hsqr, U2);
+
+	addi	$bp,$sp,$Rsqr
+	addi	$rp,$sp,$res_x
+	bl	__ecp_nistz256_sub_morf	# p256_sub(res_x, Rsqr, Hsqr);
+
+	addi	$bp,$sp,$Hcub
+	bl	__ecp_nistz256_sub_from	# p256_sub(res_x, res_x, Hcub);
+
+	addi	$bp,$sp,$U2
+	 ld	$bi,$Hcub($sp)		# forward load for p256_mul_mont
+	 ld	$a0,$S1+0($sp)
+	 ld	$a1,$S1+8($sp)
+	 ld	$a2,$S1+16($sp)
+	 ld	$a3,$S1+24($sp)
+	addi	$rp,$sp,$res_y
+	bl	__ecp_nistz256_sub_morf	# p256_sub(res_y, U2, res_x);
+
+	addi	$bp,$sp,$Hcub
+	addi	$rp,$sp,$S2
+	bl	__ecp_nistz256_mul_mont	# p256_mul_mont(S2, S1, Hcub);
+
+	ld	$bi,$R($sp)
+	ld	$a0,$res_y+0($sp)
+	ld	$a1,$res_y+8($sp)
+	ld	$a2,$res_y+16($sp)
+	ld	$a3,$res_y+24($sp)
+	addi	$bp,$sp,$R
+	addi	$rp,$sp,$res_y
+	bl	__ecp_nistz256_mul_mont	# p256_mul_mont(res_y, res_y, R);
+
+	addi	$bp,$sp,$S2
+	bl	__ecp_nistz256_sub_from	# p256_sub(res_y, res_y, S2);
+
+	ld	$t0,0($bp_real)		# in2
+	ld	$t1,8($bp_real)
+	ld	$t2,16($bp_real)
+	ld	$t3,24($bp_real)
+	ld	$a0,$res_x+0($sp)	# res
+	ld	$a1,$res_x+8($sp)
+	ld	$a2,$res_x+16($sp)
+	ld	$a3,$res_x+24($sp)
+___
+for($i=0;$i<64;$i+=32) {		# conditional moves
+$code.=<<___;
+	ld	$acc0,$i+0($ap_real)	# in1
+	ld	$acc1,$i+8($ap_real)
+	ld	$acc2,$i+16($ap_real)
+	ld	$acc3,$i+24($ap_real)
+	andc	$t0,$t0,$in1infty
+	andc	$t1,$t1,$in1infty
+	andc	$t2,$t2,$in1infty
+	andc	$t3,$t3,$in1infty
+	and	$a0,$a0,$in1infty
+	and	$a1,$a1,$in1infty
+	and	$a2,$a2,$in1infty
+	and	$a3,$a3,$in1infty
+	or	$t0,$t0,$a0
+	or	$t1,$t1,$a1
+	or	$t2,$t2,$a2
+	or	$t3,$t3,$a3
+	andc	$acc0,$acc0,$in2infty
+	andc	$acc1,$acc1,$in2infty
+	andc	$acc2,$acc2,$in2infty
+	andc	$acc3,$acc3,$in2infty
+	and	$t0,$t0,$in2infty
+	and	$t1,$t1,$in2infty
+	and	$t2,$t2,$in2infty
+	and	$t3,$t3,$in2infty
+	or	$acc0,$acc0,$t0
+	or	$acc1,$acc1,$t1
+	or	$acc2,$acc2,$t2
+	or	$acc3,$acc3,$t3
+
+	ld	$t0,$i+32($bp_real)	# in2
+	ld	$t1,$i+40($bp_real)
+	ld	$t2,$i+48($bp_real)
+	ld	$t3,$i+56($bp_real)
+	ld	$a0,$res_x+$i+32($sp)
+	ld	$a1,$res_x+$i+40($sp)
+	ld	$a2,$res_x+$i+48($sp)
+	ld	$a3,$res_x+$i+56($sp)
+	std	$acc0,$i+0($rp_real)
+	std	$acc1,$i+8($rp_real)
+	std	$acc2,$i+16($rp_real)
+	std	$acc3,$i+24($rp_real)
+___
+}
+$code.=<<___;
+	ld	$acc0,$i+0($ap_real)	# in1
+	ld	$acc1,$i+8($ap_real)
+	ld	$acc2,$i+16($ap_real)
+	ld	$acc3,$i+24($ap_real)
+	andc	$t0,$t0,$in1infty
+	andc	$t1,$t1,$in1infty
+	andc	$t2,$t2,$in1infty
+	andc	$t3,$t3,$in1infty
+	and	$a0,$a0,$in1infty
+	and	$a1,$a1,$in1infty
+	and	$a2,$a2,$in1infty
+	and	$a3,$a3,$in1infty
+	or	$t0,$t0,$a0
+	or	$t1,$t1,$a1
+	or	$t2,$t2,$a2
+	or	$t3,$t3,$a3
+	andc	$acc0,$acc0,$in2infty
+	andc	$acc1,$acc1,$in2infty
+	andc	$acc2,$acc2,$in2infty
+	andc	$acc3,$acc3,$in2infty
+	and	$t0,$t0,$in2infty
+	and	$t1,$t1,$in2infty
+	and	$t2,$t2,$in2infty
+	and	$t3,$t3,$in2infty
+	or	$acc0,$acc0,$t0
+	or	$acc1,$acc1,$t1
+	or	$acc2,$acc2,$t2
+	or	$acc3,$acc3,$t3
+	std	$acc0,$i+0($rp_real)
+	std	$acc1,$i+8($rp_real)
+	std	$acc2,$i+16($rp_real)
+	std	$acc3,$i+24($rp_real)
+
+.Ladd_done:
+	mtlr	r0
+	ld	r16,$FRAME-8*16($sp)
+	ld	r17,$FRAME-8*15($sp)
+	ld	r18,$FRAME-8*14($sp)
+	ld	r19,$FRAME-8*13($sp)
+	ld	r20,$FRAME-8*12($sp)
+	ld	r21,$FRAME-8*11($sp)
+	ld	r22,$FRAME-8*10($sp)
+	ld	r23,$FRAME-8*9($sp)
+	ld	r24,$FRAME-8*8($sp)
+	ld	r25,$FRAME-8*7($sp)
+	ld	r26,$FRAME-8*6($sp)
+	ld	r27,$FRAME-8*5($sp)
+	ld	r28,$FRAME-8*4($sp)
+	ld	r29,$FRAME-8*3($sp)
+	ld	r30,$FRAME-8*2($sp)
+	ld	r31,$FRAME-8*1($sp)
+	addi	$sp,$sp,$FRAME
+	blr
+	.long	0
+	.byte	0,12,4,0,0x80,16,3,0
+	.long	0
+.size	ecp_nistz256_point_add,.-ecp_nistz256_point_add
+___
+}
+
+########################################################################
+# void ecp_nistz256_point_add_affine(P256_POINT *out,const P256_POINT *in1,
+#				     const P256_POINT_AFFINE *in2);
+if (1) {
+my $FRAME = 64 + 32*10 + 16*8;
+my ($res_x,$res_y,$res_z,
+    $U2,$S2,$H,$R,$Hsqr,$Hcub,$Rsqr)=map(64+32*$_,(0..9));
+my $Z1sqr = $S2;
+# above map() describes stack layout with 10 temporary
+# 256-bit vectors on top.
+my ($rp_real,$ap_real,$bp_real,$in1infty,$in2infty,$temp)=map("r$_",(16..21));
+
+$code.=<<___;
+.globl	ecp_nistz256_point_add_affine
+.align	5
+ecp_nistz256_point_add_affine:
+	stdu	$sp,-$FRAME($sp)
+	mflr	r0
+	std	r16,$FRAME-8*16($sp)
+	std	r17,$FRAME-8*15($sp)
+	std	r18,$FRAME-8*14($sp)
+	std	r19,$FRAME-8*13($sp)
+	std	r20,$FRAME-8*12($sp)
+	std	r21,$FRAME-8*11($sp)
+	std	r22,$FRAME-8*10($sp)
+	std	r23,$FRAME-8*9($sp)
+	std	r24,$FRAME-8*8($sp)
+	std	r25,$FRAME-8*7($sp)
+	std	r26,$FRAME-8*6($sp)
+	std	r27,$FRAME-8*5($sp)
+	std	r28,$FRAME-8*4($sp)
+	std	r29,$FRAME-8*3($sp)
+	std	r30,$FRAME-8*2($sp)
+	std	r31,$FRAME-8*1($sp)
+
+	li	$poly1,-1
+	srdi	$poly1,$poly1,32	# 0x00000000ffffffff
+	li	$poly3,1
+	orc	$poly3,$poly3,$poly1	# 0xffffffff00000001
+
+	mr	$rp_real,$rp
+	mr	$ap_real,$ap
+	mr	$bp_real,$bp
+
+	ld	$a0,64($ap)		# in1_z
+	ld	$a1,72($ap)
+	ld	$a2,80($ap)
+	ld	$a3,88($ap)
+	or	$t0,$a0,$a1
+	or	$t2,$a2,$a3
+	or	$in1infty,$t0,$t2
+	neg	$t0,$in1infty
+	or	$in1infty,$in1infty,$t0
+	sradi	$in1infty,$in1infty,63	# !in1infty
+
+	ld	$acc0,0($bp)		# in2_x
+	ld	$acc1,8($bp)
+	ld	$acc2,16($bp)
+	ld	$acc3,24($bp)
+	ld	$t0,32($bp)		# in2_y
+	ld	$t1,40($bp)
+	ld	$t2,48($bp)
+	ld	$t3,56($bp)
+	or	$acc0,$acc0,$acc1
+	or	$acc2,$acc2,$acc3
+	or	$acc0,$acc0,$acc2
+	or	$t0,$t0,$t1
+	or	$t2,$t2,$t3
+	or	$t0,$t0,$t2
+	or	$in2infty,$acc0,$t0
+	neg	$t0,$in2infty
+	or	$in2infty,$in2infty,$t0
+	sradi	$in2infty,$in2infty,63	# !in2infty
+
+	addi	$rp,$sp,$Z1sqr
+	bl	__ecp_nistz256_sqr_mont	# p256_sqr_mont(Z1sqr, in1_z);
+
+	mr	$a0,$acc0
+	mr	$a1,$acc1
+	mr	$a2,$acc2
+	mr	$a3,$acc3
+	ld	$bi,0($bp_real)
+	addi	$bp,$bp_real,0
+	addi	$rp,$sp,$U2
+	bl	__ecp_nistz256_mul_mont	# p256_mul_mont(U2, Z1sqr, in2_x);
+
+	addi	$bp,$ap_real,0
+	 ld	$bi,64($ap_real)	# forward load for p256_mul_mont
+	 ld	$a0,$Z1sqr+0($sp)
+	 ld	$a1,$Z1sqr+8($sp)
+	 ld	$a2,$Z1sqr+16($sp)
+	 ld	$a3,$Z1sqr+24($sp)
+	addi	$rp,$sp,$H
+	bl	__ecp_nistz256_sub_from	# p256_sub(H, U2, in1_x);
+
+	addi	$bp,$ap_real,64
+	addi	$rp,$sp,$S2
+	bl	__ecp_nistz256_mul_mont	# p256_mul_mont(S2, Z1sqr, in1_z);
+
+	ld	$bi,64($ap_real)
+	ld	$a0,$H+0($sp)
+	ld	$a1,$H+8($sp)
+	ld	$a2,$H+16($sp)
+	ld	$a3,$H+24($sp)
+	addi	$bp,$ap_real,64
+	addi	$rp,$sp,$res_z
+	bl	__ecp_nistz256_mul_mont	# p256_mul_mont(res_z, H, in1_z);
+
+	ld	$bi,32($bp_real)
+	ld	$a0,$S2+0($sp)
+	ld	$a1,$S2+8($sp)
+	ld	$a2,$S2+16($sp)
+	ld	$a3,$S2+24($sp)
+	addi	$bp,$bp_real,32
+	addi	$rp,$sp,$S2
+	bl	__ecp_nistz256_mul_mont	# p256_mul_mont(S2, S2, in2_y);
+
+	addi	$bp,$ap_real,32
+	 ld	$a0,$H+0($sp)		# forward load for p256_sqr_mont
+	 ld	$a1,$H+8($sp)
+	 ld	$a2,$H+16($sp)
+	 ld	$a3,$H+24($sp)
+	addi	$rp,$sp,$R
+	bl	__ecp_nistz256_sub_from	# p256_sub(R, S2, in1_y);
+
+	addi	$rp,$sp,$Hsqr
+	bl	__ecp_nistz256_sqr_mont	# p256_sqr_mont(Hsqr, H);
+
+	ld	$a0,$R+0($sp)
+	ld	$a1,$R+8($sp)
+	ld	$a2,$R+16($sp)
+	ld	$a3,$R+24($sp)
+	addi	$rp,$sp,$Rsqr
+	bl	__ecp_nistz256_sqr_mont	# p256_sqr_mont(Rsqr, R);
+
+	ld	$bi,$H($sp)
+	ld	$a0,$Hsqr+0($sp)
+	ld	$a1,$Hsqr+8($sp)
+	ld	$a2,$Hsqr+16($sp)
+	ld	$a3,$Hsqr+24($sp)
+	addi	$bp,$sp,$H
+	addi	$rp,$sp,$Hcub
+	bl	__ecp_nistz256_mul_mont	# p256_mul_mont(Hcub, Hsqr, H);
+
+	ld	$bi,0($ap_real)
+	ld	$a0,$Hsqr+0($sp)
+	ld	$a1,$Hsqr+8($sp)
+	ld	$a2,$Hsqr+16($sp)
+	ld	$a3,$Hsqr+24($sp)
+	addi	$bp,$ap_real,0
+	addi	$rp,$sp,$U2
+	bl	__ecp_nistz256_mul_mont	# p256_mul_mont(U2, in1_x, Hsqr);
+
+	mr	$t0,$acc0
+	mr	$t1,$acc1
+	mr	$t2,$acc2
+	mr	$t3,$acc3
+	addi	$rp,$sp,$Hsqr
+	bl	__ecp_nistz256_add	# p256_mul_by_2(Hsqr, U2);
+
+	addi	$bp,$sp,$Rsqr
+	addi	$rp,$sp,$res_x
+	bl	__ecp_nistz256_sub_morf	# p256_sub(res_x, Rsqr, Hsqr);
+
+	addi	$bp,$sp,$Hcub
+	bl	__ecp_nistz256_sub_from	#  p256_sub(res_x, res_x, Hcub);
+
+	addi	$bp,$sp,$U2
+	 ld	$bi,32($ap_real)	# forward load for p256_mul_mont
+	 ld	$a0,$Hcub+0($sp)
+	 ld	$a1,$Hcub+8($sp)
+	 ld	$a2,$Hcub+16($sp)
+	 ld	$a3,$Hcub+24($sp)
+	addi	$rp,$sp,$res_y
+	bl	__ecp_nistz256_sub_morf	# p256_sub(res_y, U2, res_x);
+
+	addi	$bp,$ap_real,32
+	addi	$rp,$sp,$S2
+	bl	__ecp_nistz256_mul_mont	# p256_mul_mont(S2, in1_y, Hcub);
+
+	ld	$bi,$R($sp)
+	ld	$a0,$res_y+0($sp)
+	ld	$a1,$res_y+8($sp)
+	ld	$a2,$res_y+16($sp)
+	ld	$a3,$res_y+24($sp)
+	addi	$bp,$sp,$R
+	addi	$rp,$sp,$res_y
+	bl	__ecp_nistz256_mul_mont	# p256_mul_mont(res_y, res_y, R);
+
+	addi	$bp,$sp,$S2
+	bl	__ecp_nistz256_sub_from	# p256_sub(res_y, res_y, S2);
+
+	ld	$t0,0($bp_real)		# in2
+	ld	$t1,8($bp_real)
+	ld	$t2,16($bp_real)
+	ld	$t3,24($bp_real)
+	ld	$a0,$res_x+0($sp)	# res
+	ld	$a1,$res_x+8($sp)
+	ld	$a2,$res_x+16($sp)
+	ld	$a3,$res_x+24($sp)
+___
+for($i=0;$i<64;$i+=32) {		# conditional moves
+$code.=<<___;
+	ld	$acc0,$i+0($ap_real)	# in1
+	ld	$acc1,$i+8($ap_real)
+	ld	$acc2,$i+16($ap_real)
+	ld	$acc3,$i+24($ap_real)
+	andc	$t0,$t0,$in1infty
+	andc	$t1,$t1,$in1infty
+	andc	$t2,$t2,$in1infty
+	andc	$t3,$t3,$in1infty
+	and	$a0,$a0,$in1infty
+	and	$a1,$a1,$in1infty
+	and	$a2,$a2,$in1infty
+	and	$a3,$a3,$in1infty
+	or	$t0,$t0,$a0
+	or	$t1,$t1,$a1
+	or	$t2,$t2,$a2
+	or	$t3,$t3,$a3
+	andc	$acc0,$acc0,$in2infty
+	andc	$acc1,$acc1,$in2infty
+	andc	$acc2,$acc2,$in2infty
+	andc	$acc3,$acc3,$in2infty
+	and	$t0,$t0,$in2infty
+	and	$t1,$t1,$in2infty
+	and	$t2,$t2,$in2infty
+	and	$t3,$t3,$in2infty
+	or	$acc0,$acc0,$t0
+	or	$acc1,$acc1,$t1
+	or	$acc2,$acc2,$t2
+	or	$acc3,$acc3,$t3
+___
+$code.=<<___	if ($i==0);
+	ld	$t0,32($bp_real)	# in2
+	ld	$t1,40($bp_real)
+	ld	$t2,48($bp_real)
+	ld	$t3,56($bp_real)
+___
+$code.=<<___	if ($i==32);
+	li	$t0,1			# Lone_mont
+	not	$t1,$poly1
+	li	$t2,-1
+	not	$t3,$poly3
+___
+$code.=<<___;
+	ld	$a0,$res_x+$i+32($sp)
+	ld	$a1,$res_x+$i+40($sp)
+	ld	$a2,$res_x+$i+48($sp)
+	ld	$a3,$res_x+$i+56($sp)
+	std	$acc0,$i+0($rp_real)
+	std	$acc1,$i+8($rp_real)
+	std	$acc2,$i+16($rp_real)
+	std	$acc3,$i+24($rp_real)
+___
+}
+$code.=<<___;
+	ld	$acc0,$i+0($ap_real)	# in1
+	ld	$acc1,$i+8($ap_real)
+	ld	$acc2,$i+16($ap_real)
+	ld	$acc3,$i+24($ap_real)
+	andc	$t0,$t0,$in1infty
+	andc	$t1,$t1,$in1infty
+	andc	$t2,$t2,$in1infty
+	andc	$t3,$t3,$in1infty
+	and	$a0,$a0,$in1infty
+	and	$a1,$a1,$in1infty
+	and	$a2,$a2,$in1infty
+	and	$a3,$a3,$in1infty
+	or	$t0,$t0,$a0
+	or	$t1,$t1,$a1
+	or	$t2,$t2,$a2
+	or	$t3,$t3,$a3
+	andc	$acc0,$acc0,$in2infty
+	andc	$acc1,$acc1,$in2infty
+	andc	$acc2,$acc2,$in2infty
+	andc	$acc3,$acc3,$in2infty
+	and	$t0,$t0,$in2infty
+	and	$t1,$t1,$in2infty
+	and	$t2,$t2,$in2infty
+	and	$t3,$t3,$in2infty
+	or	$acc0,$acc0,$t0
+	or	$acc1,$acc1,$t1
+	or	$acc2,$acc2,$t2
+	or	$acc3,$acc3,$t3
+	std	$acc0,$i+0($rp_real)
+	std	$acc1,$i+8($rp_real)
+	std	$acc2,$i+16($rp_real)
+	std	$acc3,$i+24($rp_real)
+
+	mtlr	r0
+	ld	r16,$FRAME-8*16($sp)
+	ld	r17,$FRAME-8*15($sp)
+	ld	r18,$FRAME-8*14($sp)
+	ld	r19,$FRAME-8*13($sp)
+	ld	r20,$FRAME-8*12($sp)
+	ld	r21,$FRAME-8*11($sp)
+	ld	r22,$FRAME-8*10($sp)
+	ld	r23,$FRAME-8*9($sp)
+	ld	r24,$FRAME-8*8($sp)
+	ld	r25,$FRAME-8*7($sp)
+	ld	r26,$FRAME-8*6($sp)
+	ld	r27,$FRAME-8*5($sp)
+	ld	r28,$FRAME-8*4($sp)
+	ld	r29,$FRAME-8*3($sp)
+	ld	r30,$FRAME-8*2($sp)
+	ld	r31,$FRAME-8*1($sp)
+	addi	$sp,$sp,$FRAME
+	blr
+	.long	0
+	.byte	0,12,4,0,0x80,16,3,0
+	.long	0
+.size	ecp_nistz256_point_add_affine,.-ecp_nistz256_point_add_affine
+___
+}
+if (1) {
+my ($ordk,$ord0,$ord1,$t4) = map("r$_",(18..21));
+my ($ord2,$ord3,$zr) = ($poly1,$poly3,"r0");
+
+$code.=<<___;
+########################################################################
+# void ecp_nistz256_ord_mul_mont(uint64_t res[4], uint64_t a[4],
+#                                uint64_t b[4]);
+.globl	ecp_nistz256_ord_mul_mont
+.align	5
+ecp_nistz256_ord_mul_mont:
+	stdu	$sp,-160($sp)
+	std	r18,48($sp)
+	std	r19,56($sp)
+	std	r20,64($sp)
+	std	r21,72($sp)
+	std	r22,80($sp)
+	std	r23,88($sp)
+	std	r24,96($sp)
+	std	r25,104($sp)
+	std	r26,112($sp)
+	std	r27,120($sp)
+	std	r28,128($sp)
+	std	r29,136($sp)
+	std	r30,144($sp)
+	std	r31,152($sp)
+
+	ld	$a0,0($ap)
+	ld	$bi,0($bp)
+	ld	$a1,8($ap)
+	ld	$a2,16($ap)
+	ld	$a3,24($ap)
+
+	lis	$ordk,0xccd1
+	lis	$ord0,0xf3b9
+	lis	$ord1,0xbce6
+	ori	$ordk,$ordk,0xc8aa
+	ori	$ord0,$ord0,0xcac2
+	ori	$ord1,$ord1,0xfaad
+	sldi	$ordk,$ordk,32
+	sldi	$ord0,$ord0,32
+	sldi	$ord1,$ord1,32
+	oris	$ordk,$ordk,0xee00
+	oris	$ord0,$ord0,0xfc63
+	oris	$ord1,$ord1,0xa717
+	ori	$ordk,$ordk,0xbc4f	# 0xccd1c8aaee00bc4f
+	ori	$ord0,$ord0,0x2551	# 0xf3b9cac2fc632551
+	ori	$ord1,$ord1,0x9e84	# 0xbce6faada7179e84
+	li	$ord2,-1		# 0xffffffffffffffff
+	sldi	$ord3,$ord2,32		# 0xffffffff00000000
+	li	$zr,0
+
+	mulld	$acc0,$a0,$bi		# a[0]*b[0]
+	mulhdu	$t0,$a0,$bi
+
+	mulld	$acc1,$a1,$bi		# a[1]*b[0]
+	mulhdu	$t1,$a1,$bi
+
+	mulld	$acc2,$a2,$bi		# a[2]*b[0]
+	mulhdu	$t2,$a2,$bi
+
+	mulld	$acc3,$a3,$bi		# a[3]*b[0]
+	mulhdu	$acc4,$a3,$bi
+
+	mulld	$t4,$acc0,$ordk
+
+	addc	$acc1,$acc1,$t0		# accumulate high parts of multiplication
+	adde	$acc2,$acc2,$t1
+	adde	$acc3,$acc3,$t2
+	addze	$acc4,$acc4
+	li	$acc5,0
+___
+for ($i=1;$i<4;$i++) {
+	################################################################
+	#            ffff0000.ffffffff.yyyyyyyy.zzzzzzzz
+	# *                                     abcdefgh
+	# + xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx
+	#
+	# Now observing that ff..ff*x = (2^n-1)*x = 2^n*x-x, we
+	# rewrite above as:
+	#
+	#   xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx
+	# - 0000abcd.efgh0000.abcdefgh.00000000.00000000
+	# + abcdefgh.abcdefgh.yzayzbyz.cyzdyzey.zfyzgyzh
+$code.=<<___;
+	ld	$bi,8*$i($bp)		# b[i]
+
+	sldi	$t0,$t4,32
+	subfc	$acc2,$t4,$acc2
+	srdi	$t1,$t4,32
+	subfe	$acc3,$t0,$acc3
+	subfe	$acc4,$t1,$acc4
+	subfe	$acc5,$zr,$acc5
+
+	addic	$t0,$acc0,-1		# discarded
+	mulhdu	$t1,$ord0,$t4
+	mulld	$t2,$ord1,$t4
+	mulhdu	$t3,$ord1,$t4
+
+	adde	$t2,$t2,$t1
+	 mulld	$t0,$a0,$bi
+	addze	$t3,$t3
+	 mulld	$t1,$a1,$bi
+
+	addc	$acc0,$acc1,$t2
+	 mulld	$t2,$a2,$bi
+	adde	$acc1,$acc2,$t3
+	 mulld	$t3,$a3,$bi
+	adde	$acc2,$acc3,$t4
+	adde	$acc3,$acc4,$t4
+	addze	$acc4,$acc5
+
+	addc	$acc0,$acc0,$t0		# accumulate low parts
+	mulhdu	$t0,$a0,$bi
+	adde	$acc1,$acc1,$t1
+	mulhdu	$t1,$a1,$bi
+	adde	$acc2,$acc2,$t2
+	mulhdu	$t2,$a2,$bi
+	adde	$acc3,$acc3,$t3
+	mulhdu	$t3,$a3,$bi
+	addze	$acc4,$acc4
+	mulld	$t4,$acc0,$ordk
+	addc	$acc1,$acc1,$t0		# accumulate high parts
+	adde	$acc2,$acc2,$t1
+	adde	$acc3,$acc3,$t2
+	adde	$acc4,$acc4,$t3
+	addze	$acc5,$zr
+___
+}
+$code.=<<___;
+	sldi	$t0,$t4,32		# last reduction
+	subfc	$acc2,$t4,$acc2
+	srdi	$t1,$t4,32
+	subfe	$acc3,$t0,$acc3
+	subfe	$acc4,$t1,$acc4
+	subfe	$acc5,$zr,$acc5
+
+	addic	$t0,$acc0,-1		# discarded
+	mulhdu	$t1,$ord0,$t4
+	mulld	$t2,$ord1,$t4
+	mulhdu	$t3,$ord1,$t4
+
+	adde	$t2,$t2,$t1
+	addze	$t3,$t3
+
+	addc	$acc0,$acc1,$t2
+	adde	$acc1,$acc2,$t3
+	adde	$acc2,$acc3,$t4
+	adde	$acc3,$acc4,$t4
+	addze	$acc4,$acc5
+
+	subfc	$acc0,$ord0,$acc0	# ret -= modulus
+	subfe	$acc1,$ord1,$acc1
+	subfe	$acc2,$ord2,$acc2
+	subfe	$acc3,$ord3,$acc3
+	subfe	$acc4,$zr,$acc4
+
+	and	$t0,$ord0,$acc4
+	and	$t1,$ord1,$acc4
+	addc	$acc0,$acc0,$t0		# ret += modulus if borrow
+	and	$t3,$ord3,$acc4
+	adde	$acc1,$acc1,$t1
+	adde	$acc2,$acc2,$acc4
+	adde	$acc3,$acc3,$t3
+
+	std	$acc0,0($rp)
+	std	$acc1,8($rp)
+	std	$acc2,16($rp)
+	std	$acc3,24($rp)
+
+	ld	r18,48($sp)
+	ld	r19,56($sp)
+	ld	r20,64($sp)
+	ld	r21,72($sp)
+	ld	r22,80($sp)
+	ld	r23,88($sp)
+	ld	r24,96($sp)
+	ld	r25,104($sp)
+	ld	r26,112($sp)
+	ld	r27,120($sp)
+	ld	r28,128($sp)
+	ld	r29,136($sp)
+	ld	r30,144($sp)
+	ld	r31,152($sp)
+	addi	$sp,$sp,160
+	blr
+	.long	0
+	.byte	0,12,4,0,0x80,14,3,0
+	.long	0
+.size	ecp_nistz256_ord_mul_mont,.-ecp_nistz256_ord_mul_mont
+
+################################################################################
+# void ecp_nistz256_ord_sqr_mont(uint64_t res[4], uint64_t a[4],
+#                                int rep);
+.globl	ecp_nistz256_ord_sqr_mont
+.align	5
+ecp_nistz256_ord_sqr_mont:
+	stdu	$sp,-160($sp)
+	std	r18,48($sp)
+	std	r19,56($sp)
+	std	r20,64($sp)
+	std	r21,72($sp)
+	std	r22,80($sp)
+	std	r23,88($sp)
+	std	r24,96($sp)
+	std	r25,104($sp)
+	std	r26,112($sp)
+	std	r27,120($sp)
+	std	r28,128($sp)
+	std	r29,136($sp)
+	std	r30,144($sp)
+	std	r31,152($sp)
+
+	mtctr	$bp
+
+	ld	$a0,0($ap)
+	ld	$a1,8($ap)
+	ld	$a2,16($ap)
+	ld	$a3,24($ap)
+
+	lis	$ordk,0xccd1
+	lis	$ord0,0xf3b9
+	lis	$ord1,0xbce6
+	ori	$ordk,$ordk,0xc8aa
+	ori	$ord0,$ord0,0xcac2
+	ori	$ord1,$ord1,0xfaad
+	sldi	$ordk,$ordk,32
+	sldi	$ord0,$ord0,32
+	sldi	$ord1,$ord1,32
+	oris	$ordk,$ordk,0xee00
+	oris	$ord0,$ord0,0xfc63
+	oris	$ord1,$ord1,0xa717
+	ori	$ordk,$ordk,0xbc4f	# 0xccd1c8aaee00bc4f
+	ori	$ord0,$ord0,0x2551	# 0xf3b9cac2fc632551
+	ori	$ord1,$ord1,0x9e84	# 0xbce6faada7179e84
+	li	$ord2,-1		# 0xffffffffffffffff
+	sldi	$ord3,$ord2,32		# 0xffffffff00000000
+	li	$zr,0
+	b	.Loop_ord_sqr
+
+.align	5
+.Loop_ord_sqr:
+	################################################################
+	#  |  |  |  |  |  |a1*a0|  |
+	#  |  |  |  |  |a2*a0|  |  |
+	#  |  |a3*a2|a3*a0|  |  |  |
+	#  |  |  |  |a2*a1|  |  |  |
+	#  |  |  |a3*a1|  |  |  |  |
+	# *|  |  |  |  |  |  |  | 2|
+	# +|a3*a3|a2*a2|a1*a1|a0*a0|
+	#  |--+--+--+--+--+--+--+--|
+	#  |A7|A6|A5|A4|A3|A2|A1|A0|, where Ax is $accx, i.e. follow $accx
+	#
+	#  "can't overflow" below mark carrying into high part of
+	#  multiplication result, which can't overflow, because it
+	#  can never be all ones.
+
+	mulld	$acc1,$a1,$a0		# a[1]*a[0]
+	mulhdu	$t1,$a1,$a0
+	mulld	$acc2,$a2,$a0		# a[2]*a[0]
+	mulhdu	$t2,$a2,$a0
+	mulld	$acc3,$a3,$a0		# a[3]*a[0]
+	mulhdu	$acc4,$a3,$a0
+
+	addc	$acc2,$acc2,$t1		# accumulate high parts of multiplication
+	 mulld	$t0,$a2,$a1		# a[2]*a[1]
+	 mulhdu	$t1,$a2,$a1
+	adde	$acc3,$acc3,$t2
+	 mulld	$t2,$a3,$a1		# a[3]*a[1]
+	 mulhdu	$t3,$a3,$a1
+	addze	$acc4,$acc4		# can't overflow
+
+	mulld	$acc5,$a3,$a2		# a[3]*a[2]
+	mulhdu	$acc6,$a3,$a2
+
+	addc	$t1,$t1,$t2		# accumulate high parts of multiplication
+	 mulld	$acc0,$a0,$a0		# a[0]*a[0]
+	addze	$t2,$t3			# can't overflow
+
+	addc	$acc3,$acc3,$t0		# accumulate low parts of multiplication
+	 mulhdu	$a0,$a0,$a0
+	adde	$acc4,$acc4,$t1
+	 mulld	$t1,$a1,$a1		# a[1]*a[1]
+	adde	$acc5,$acc5,$t2
+	 mulhdu	$a1,$a1,$a1
+	addze	$acc6,$acc6		# can't overflow
+
+	addc	$acc1,$acc1,$acc1	# acc[1-6]*=2
+	 mulld	$t2,$a2,$a2		# a[2]*a[2]
+	adde	$acc2,$acc2,$acc2
+	 mulhdu	$a2,$a2,$a2
+	adde	$acc3,$acc3,$acc3
+	 mulld	$t3,$a3,$a3		# a[3]*a[3]
+	adde	$acc4,$acc4,$acc4
+	 mulhdu	$a3,$a3,$a3
+	adde	$acc5,$acc5,$acc5
+	adde	$acc6,$acc6,$acc6
+	addze	$acc7,$zr
+
+	addc	$acc1,$acc1,$a0		# +a[i]*a[i]
+	 mulld	$t4,$acc0,$ordk
+	adde	$acc2,$acc2,$t1
+	adde	$acc3,$acc3,$a1
+	adde	$acc4,$acc4,$t2
+	adde	$acc5,$acc5,$a2
+	adde	$acc6,$acc6,$t3
+	adde	$acc7,$acc7,$a3
+___
+for($i=0; $i<4; $i++) {			# reductions
+$code.=<<___;
+	addic	$t0,$acc0,-1		# discarded
+	mulhdu	$t1,$ord0,$t4
+	mulld	$t2,$ord1,$t4
+	mulhdu	$t3,$ord1,$t4
+
+	adde	$t2,$t2,$t1
+	addze	$t3,$t3
+
+	addc	$acc0,$acc1,$t2
+	adde	$acc1,$acc2,$t3
+	adde	$acc2,$acc3,$t4
+	adde	$acc3,$zr,$t4		# can't overflow
+___
+$code.=<<___	if ($i<3);
+	mulld	$t3,$acc0,$ordk
+___
+$code.=<<___;
+	sldi	$t0,$t4,32
+	subfc	$acc1,$t4,$acc1
+	srdi	$t1,$t4,32
+	subfe	$acc2,$t0,$acc2
+	subfe	$acc3,$t1,$acc3		# can't borrow
+___
+	($t3,$t4) = ($t4,$t3);
+}
+$code.=<<___;
+	addc	$acc0,$acc0,$acc4	# accumulate upper half
+	adde	$acc1,$acc1,$acc5
+	adde	$acc2,$acc2,$acc6
+	adde	$acc3,$acc3,$acc7
+	addze	$acc4,$zr
+
+	subfc	$acc0,$ord0,$acc0	# ret -= modulus
+	subfe	$acc1,$ord1,$acc1
+	subfe	$acc2,$ord2,$acc2
+	subfe	$acc3,$ord3,$acc3
+	subfe	$acc4,$zr,$acc4
+
+	and	$t0,$ord0,$acc4
+	and	$t1,$ord1,$acc4
+	addc	$a0,$acc0,$t0		# ret += modulus if borrow
+	and	$t3,$ord3,$acc4
+	adde	$a1,$acc1,$t1
+	adde	$a2,$acc2,$acc4
+	adde	$a3,$acc3,$t3
+
+	bdnz	.Loop_ord_sqr
+
+	std	$a0,0($rp)
+	std	$a1,8($rp)
+	std	$a2,16($rp)
+	std	$a3,24($rp)
+
+	ld	r18,48($sp)
+	ld	r19,56($sp)
+	ld	r20,64($sp)
+	ld	r21,72($sp)
+	ld	r22,80($sp)
+	ld	r23,88($sp)
+	ld	r24,96($sp)
+	ld	r25,104($sp)
+	ld	r26,112($sp)
+	ld	r27,120($sp)
+	ld	r28,128($sp)
+	ld	r29,136($sp)
+	ld	r30,144($sp)
+	ld	r31,152($sp)
+	addi	$sp,$sp,160
+	blr
+	.long	0
+	.byte	0,12,4,0,0x80,14,3,0
+	.long	0
+.size	ecp_nistz256_ord_sqr_mont,.-ecp_nistz256_ord_sqr_mont
+___
+}	}
+
+########################################################################
+# scatter-gather subroutines
+{
+my ($out,$inp,$index,$mask)=map("r$_",(3..7));
+$code.=<<___;
+########################################################################
+# void	ecp_nistz256_scatter_w5(void *out, const P256_POINT *inp,
+#				int index);
+.globl	ecp_nistz256_scatter_w5
+.align	4
+ecp_nistz256_scatter_w5:
+	slwi	$index,$index,2
+	add	$out,$out,$index
+
+	ld	r8, 0($inp)		# X
+	ld	r9, 8($inp)
+	ld	r10,16($inp)
+	ld	r11,24($inp)
+
+	stw	r8, 64*0-4($out)
+	srdi	r8, r8, 32
+	stw	r9, 64*1-4($out)
+	srdi	r9, r9, 32
+	stw	r10,64*2-4($out)
+	srdi	r10,r10,32
+	stw	r11,64*3-4($out)
+	srdi	r11,r11,32
+	stw	r8, 64*4-4($out)
+	stw	r9, 64*5-4($out)
+	stw	r10,64*6-4($out)
+	stw	r11,64*7-4($out)
+	addi	$out,$out,64*8
+
+	ld	r8, 32($inp)		# Y
+	ld	r9, 40($inp)
+	ld	r10,48($inp)
+	ld	r11,56($inp)
+
+	stw	r8, 64*0-4($out)
+	srdi	r8, r8, 32
+	stw	r9, 64*1-4($out)
+	srdi	r9, r9, 32
+	stw	r10,64*2-4($out)
+	srdi	r10,r10,32
+	stw	r11,64*3-4($out)
+	srdi	r11,r11,32
+	stw	r8, 64*4-4($out)
+	stw	r9, 64*5-4($out)
+	stw	r10,64*6-4($out)
+	stw	r11,64*7-4($out)
+	addi	$out,$out,64*8
+
+	ld	r8, 64($inp)		# Z
+	ld	r9, 72($inp)
+	ld	r10,80($inp)
+	ld	r11,88($inp)
+
+	stw	r8, 64*0-4($out)
+	srdi	r8, r8, 32
+	stw	r9, 64*1-4($out)
+	srdi	r9, r9, 32
+	stw	r10,64*2-4($out)
+	srdi	r10,r10,32
+	stw	r11,64*3-4($out)
+	srdi	r11,r11,32
+	stw	r8, 64*4-4($out)
+	stw	r9, 64*5-4($out)
+	stw	r10,64*6-4($out)
+	stw	r11,64*7-4($out)
+
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,3,0
+	.long	0
+.size	ecp_nistz256_scatter_w5,.-ecp_nistz256_scatter_w5
+
+########################################################################
+# void	ecp_nistz256_gather_w5(P256_POINT *out, const void *inp,
+#				int index);
+.globl	ecp_nistz256_gather_w5
+.align	4
+ecp_nistz256_gather_w5:
+	neg	r0,$index
+	sradi	r0,r0,63
+
+	add	$index,$index,r0
+	slwi	$index,$index,2
+	add	$inp,$inp,$index
+
+	lwz	r5, 64*0($inp)
+	lwz	r6, 64*1($inp)
+	lwz	r7, 64*2($inp)
+	lwz	r8, 64*3($inp)
+	lwz	r9, 64*4($inp)
+	lwz	r10,64*5($inp)
+	lwz	r11,64*6($inp)
+	lwz	r12,64*7($inp)
+	addi	$inp,$inp,64*8
+	sldi	r9, r9, 32
+	sldi	r10,r10,32
+	sldi	r11,r11,32
+	sldi	r12,r12,32
+	or	r5,r5,r9
+	or	r6,r6,r10
+	or	r7,r7,r11
+	or	r8,r8,r12
+	and	r5,r5,r0
+	and	r6,r6,r0
+	and	r7,r7,r0
+	and	r8,r8,r0
+	std	r5,0($out)		# X
+	std	r6,8($out)
+	std	r7,16($out)
+	std	r8,24($out)
+
+	lwz	r5, 64*0($inp)
+	lwz	r6, 64*1($inp)
+	lwz	r7, 64*2($inp)
+	lwz	r8, 64*3($inp)
+	lwz	r9, 64*4($inp)
+	lwz	r10,64*5($inp)
+	lwz	r11,64*6($inp)
+	lwz	r12,64*7($inp)
+	addi	$inp,$inp,64*8
+	sldi	r9, r9, 32
+	sldi	r10,r10,32
+	sldi	r11,r11,32
+	sldi	r12,r12,32
+	or	r5,r5,r9
+	or	r6,r6,r10
+	or	r7,r7,r11
+	or	r8,r8,r12
+	and	r5,r5,r0
+	and	r6,r6,r0
+	and	r7,r7,r0
+	and	r8,r8,r0
+	std	r5,32($out)		# Y
+	std	r6,40($out)
+	std	r7,48($out)
+	std	r8,56($out)
+
+	lwz	r5, 64*0($inp)
+	lwz	r6, 64*1($inp)
+	lwz	r7, 64*2($inp)
+	lwz	r8, 64*3($inp)
+	lwz	r9, 64*4($inp)
+	lwz	r10,64*5($inp)
+	lwz	r11,64*6($inp)
+	lwz	r12,64*7($inp)
+	sldi	r9, r9, 32
+	sldi	r10,r10,32
+	sldi	r11,r11,32
+	sldi	r12,r12,32
+	or	r5,r5,r9
+	or	r6,r6,r10
+	or	r7,r7,r11
+	or	r8,r8,r12
+	and	r5,r5,r0
+	and	r6,r6,r0
+	and	r7,r7,r0
+	and	r8,r8,r0
+	std	r5,64($out)		# Z
+	std	r6,72($out)
+	std	r7,80($out)
+	std	r8,88($out)
+
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,3,0
+	.long	0
+.size	ecp_nistz256_gather_w5,.-ecp_nistz256_gather_w5
+
+########################################################################
+# void	ecp_nistz256_scatter_w7(void *out, const P256_POINT_AFFINE *inp,
+#				int index);
+.globl	ecp_nistz256_scatter_w7
+.align	4
+ecp_nistz256_scatter_w7:
+	li	r0,8
+	mtctr	r0
+	add	$out,$out,$index
+	subi	$inp,$inp,8
+
+.Loop_scatter_w7:
+	ldu	r0,8($inp)
+	stb	r0,64*0($out)
+	srdi	r0,r0,8
+	stb	r0,64*1($out)
+	srdi	r0,r0,8
+	stb	r0,64*2($out)
+	srdi	r0,r0,8
+	stb	r0,64*3($out)
+	srdi	r0,r0,8
+	stb	r0,64*4($out)
+	srdi	r0,r0,8
+	stb	r0,64*5($out)
+	srdi	r0,r0,8
+	stb	r0,64*6($out)
+	srdi	r0,r0,8
+	stb	r0,64*7($out)
+	addi	$out,$out,64*8
+	bdnz	.Loop_scatter_w7
+
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,3,0
+	.long	0
+.size	ecp_nistz256_scatter_w7,.-ecp_nistz256_scatter_w7
+
+########################################################################
+# void	ecp_nistz256_gather_w7(P256_POINT_AFFINE *out, const void *inp,
+#				int index);
+.globl	ecp_nistz256_gather_w7
+.align	4
+ecp_nistz256_gather_w7:
+	li	r0,8
+	mtctr	r0
+	neg	r0,$index
+	sradi	r0,r0,63
+
+	add	$index,$index,r0
+	add	$inp,$inp,$index
+	subi	$out,$out,8
+
+.Loop_gather_w7:
+	lbz	r5, 64*0($inp)
+	lbz	r6, 64*1($inp)
+	lbz	r7, 64*2($inp)
+	lbz	r8, 64*3($inp)
+	lbz	r9, 64*4($inp)
+	lbz	r10,64*5($inp)
+	lbz	r11,64*6($inp)
+	lbz	r12,64*7($inp)
+	addi	$inp,$inp,64*8
+
+	sldi	r6, r6, 8
+	sldi	r7, r7, 16
+	sldi	r8, r8, 24
+	sldi	r9, r9, 32
+	sldi	r10,r10,40
+	sldi	r11,r11,48
+	sldi	r12,r12,56
+
+	or	r5,r5,r6
+	or	r7,r7,r8
+	or	r9,r9,r10
+	or	r11,r11,r12
+	or	r5,r5,r7
+	or	r9,r9,r11
+	or	r5,r5,r9
+	and	r5,r5,r0
+	stdu	r5,8($out)
+	bdnz	.Loop_gather_w7
+
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,3,0
+	.long	0
+.size	ecp_nistz256_gather_w7,.-ecp_nistz256_gather_w7
+___
+}
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/ge;
+
+	print $_,"\n";
+}
+close STDOUT;	# enforce flush
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/ecp_nistz256-sparcv9.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/ecp_nistz256-sparcv9.pl
new file mode 100755
index 000000000..0a4def6e2
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/ecp_nistz256-sparcv9.pl
@@ -0,0 +1,3061 @@
+#! /usr/bin/env perl
+# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# ECP_NISTZ256 module for SPARCv9.
+#
+# February 2015.
+#
+# Original ECP_NISTZ256 submission targeting x86_64 is detailed in
+# http://eprint.iacr.org/2013/816. In the process of adaptation
+# original .c module was made 32-bit savvy in order to make this
+# implementation possible.
+#
+#			with/without -DECP_NISTZ256_ASM
+# UltraSPARC III	+12-18%
+# SPARC T4		+99-550% (+66-150% on 32-bit Solaris)
+#
+# Ranges denote minimum and maximum improvement coefficients depending
+# on benchmark. Lower coefficients are for ECDSA sign, server-side
+# operation. Keep in mind that +200% means 3x improvement.
+
+$output = pop;
+open STDOUT,">$output";
+
+$code.=<<___;
+#include "sparc_arch.h"
+
+#define LOCALS	(STACK_BIAS+STACK_FRAME)
+#ifdef	__arch64__
+.register	%g2,#scratch
+.register	%g3,#scratch
+# define STACK64_FRAME	STACK_FRAME
+# define LOCALS64	LOCALS
+#else
+# define STACK64_FRAME	(2047+192)
+# define LOCALS64	STACK64_FRAME
+#endif
+
+.section	".text",#alloc,#execinstr
+___
+########################################################################
+# Convert ecp_nistz256_table.c to layout expected by ecp_nistz_gather_w7
+#
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+open TABLE,"<ecp_nistz256_table.c"		or
+open TABLE,"<${dir}../ecp_nistz256_table.c"	or
+die "failed to open ecp_nistz256_table.c:",$!;
+
+use integer;
+
+foreach(<TABLE>) {
+	s/TOBN\(\s*(0x[0-9a-f]+),\s*(0x[0-9a-f]+)\s*\)/push @arr,hex($2),hex($1)/geo;
+}
+close TABLE;
+
+# See ecp_nistz256_table.c for explanation for why it's 64*16*37.
+# 64*16*37-1 is because $#arr returns last valid index or @arr, not
+# amount of elements.
+die "insane number of elements" if ($#arr != 64*16*37-1);
+
+$code.=<<___;
+.globl	ecp_nistz256_precomputed
+.align	4096
+ecp_nistz256_precomputed:
+___
+########################################################################
+# this conversion smashes P256_POINT_AFFINE by individual bytes with
+# 64 byte interval, similar to
+#	1111222233334444
+#	1234123412341234
+for(1..37) {
+	@tbl = splice(@arr,0,64*16);
+	for($i=0;$i<64;$i++) {
+		undef @line;
+		for($j=0;$j<64;$j++) {
+			push @line,(@tbl[$j*16+$i/4]>>(($i%4)*8))&0xff;
+		}
+		$code.=".byte\t";
+		$code.=join(',',map { sprintf "0x%02x",$_} @line);
+		$code.="\n";
+	}
+}
+
+{{{
+my ($rp,$ap,$bp)=map("%i$_",(0..2));
+my @acc=map("%l$_",(0..7));
+my ($t0,$t1,$t2,$t3,$t4,$t5,$t6,$t7)=(map("%o$_",(0..5)),"%g4","%g5");
+my ($bi,$a0,$mask,$carry)=(map("%i$_",(3..5)),"%g1");
+my ($rp_real,$ap_real)=("%g2","%g3");
+
+$code.=<<___;
+.type	ecp_nistz256_precomputed,#object
+.size	ecp_nistz256_precomputed,.-ecp_nistz256_precomputed
+.align	64
+.LRR:	! 2^512 mod P precomputed for NIST P256 polynomial
+.long	0x00000003, 0x00000000, 0xffffffff, 0xfffffffb
+.long	0xfffffffe, 0xffffffff, 0xfffffffd, 0x00000004
+.Lone:
+.long	1,0,0,0,0,0,0,0
+.asciz	"ECP_NISTZ256 for SPARCv9, CRYPTOGAMS by <appro\@openssl.org>"
+
+! void	ecp_nistz256_to_mont(BN_ULONG %i0[8],const BN_ULONG %i1[8]);
+.globl	ecp_nistz256_to_mont
+.align	64
+ecp_nistz256_to_mont:
+	save	%sp,-STACK_FRAME,%sp
+	nop
+1:	call	.+8
+	add	%o7,.LRR-1b,$bp
+	call	__ecp_nistz256_mul_mont
+	nop
+	ret
+	restore
+.type	ecp_nistz256_to_mont,#function
+.size	ecp_nistz256_to_mont,.-ecp_nistz256_to_mont
+
+! void	ecp_nistz256_from_mont(BN_ULONG %i0[8],const BN_ULONG %i1[8]);
+.globl	ecp_nistz256_from_mont
+.align	32
+ecp_nistz256_from_mont:
+	save	%sp,-STACK_FRAME,%sp
+	nop
+1:	call	.+8
+	add	%o7,.Lone-1b,$bp
+	call	__ecp_nistz256_mul_mont
+	nop
+	ret
+	restore
+.type	ecp_nistz256_from_mont,#function
+.size	ecp_nistz256_from_mont,.-ecp_nistz256_from_mont
+
+! void	ecp_nistz256_mul_mont(BN_ULONG %i0[8],const BN_ULONG %i1[8],
+!					      const BN_ULONG %i2[8]);
+.globl	ecp_nistz256_mul_mont
+.align	32
+ecp_nistz256_mul_mont:
+	save	%sp,-STACK_FRAME,%sp
+	nop
+	call	__ecp_nistz256_mul_mont
+	nop
+	ret
+	restore
+.type	ecp_nistz256_mul_mont,#function
+.size	ecp_nistz256_mul_mont,.-ecp_nistz256_mul_mont
+
+! void	ecp_nistz256_sqr_mont(BN_ULONG %i0[8],const BN_ULONG %i2[8]);
+.globl	ecp_nistz256_sqr_mont
+.align	32
+ecp_nistz256_sqr_mont:
+	save	%sp,-STACK_FRAME,%sp
+	mov	$ap,$bp
+	call	__ecp_nistz256_mul_mont
+	nop
+	ret
+	restore
+.type	ecp_nistz256_sqr_mont,#function
+.size	ecp_nistz256_sqr_mont,.-ecp_nistz256_sqr_mont
+___
+
+########################################################################
+# Special thing to keep in mind is that $t0-$t7 hold 64-bit values,
+# while all others are meant to keep 32. "Meant to" means that additions
+# to @acc[0-7] do "contaminate" upper bits, but they are cleared before
+# they can affect outcome (follow 'and' with $mask). Also keep in mind
+# that addition with carry is addition with 32-bit carry, even though
+# CPU is 64-bit. [Addition with 64-bit carry was introduced in T3, see
+# below for VIS3 code paths.]
+
+$code.=<<___;
+.align	32
+__ecp_nistz256_mul_mont:
+	ld	[$bp+0],$bi		! b[0]
+	mov	-1,$mask
+	ld	[$ap+0],$a0
+	srl	$mask,0,$mask		! 0xffffffff
+	ld	[$ap+4],$t1
+	ld	[$ap+8],$t2
+	ld	[$ap+12],$t3
+	ld	[$ap+16],$t4
+	ld	[$ap+20],$t5
+	ld	[$ap+24],$t6
+	ld	[$ap+28],$t7
+	mulx	$a0,$bi,$t0		! a[0-7]*b[0], 64-bit results
+	mulx	$t1,$bi,$t1
+	mulx	$t2,$bi,$t2
+	mulx	$t3,$bi,$t3
+	mulx	$t4,$bi,$t4
+	mulx	$t5,$bi,$t5
+	mulx	$t6,$bi,$t6
+	mulx	$t7,$bi,$t7
+	srlx	$t0,32,@acc[1]		! extract high parts
+	srlx	$t1,32,@acc[2]
+	srlx	$t2,32,@acc[3]
+	srlx	$t3,32,@acc[4]
+	srlx	$t4,32,@acc[5]
+	srlx	$t5,32,@acc[6]
+	srlx	$t6,32,@acc[7]
+	srlx	$t7,32,@acc[0]		! "@acc[8]"
+	mov	0,$carry
+___
+for($i=1;$i<8;$i++) {
+$code.=<<___;
+	addcc	@acc[1],$t1,@acc[1]	! accumulate high parts
+	ld	[$bp+4*$i],$bi		! b[$i]
+	ld	[$ap+4],$t1		! re-load a[1-7]
+	addccc	@acc[2],$t2,@acc[2]
+	addccc	@acc[3],$t3,@acc[3]
+	ld	[$ap+8],$t2
+	ld	[$ap+12],$t3
+	addccc	@acc[4],$t4,@acc[4]
+	addccc	@acc[5],$t5,@acc[5]
+	ld	[$ap+16],$t4
+	ld	[$ap+20],$t5
+	addccc	@acc[6],$t6,@acc[6]
+	addccc	@acc[7],$t7,@acc[7]
+	ld	[$ap+24],$t6
+	ld	[$ap+28],$t7
+	addccc	@acc[0],$carry,@acc[0]	! "@acc[8]"
+	addc	%g0,%g0,$carry
+___
+	# Reduction iteration is normally performed by accumulating
+	# result of multiplication of modulus by "magic" digit [and
+	# omitting least significant word, which is guaranteed to
+	# be 0], but thanks to special form of modulus and "magic"
+	# digit being equal to least significant word, it can be
+	# performed with additions and subtractions alone. Indeed:
+	#
+	#        ffff.0001.0000.0000.0000.ffff.ffff.ffff
+	# *                                         abcd
+	# + xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.abcd
+	#
+	# Now observing that ff..ff*x = (2^n-1)*x = 2^n*x-x, we
+	# rewrite above as:
+	#
+	#   xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.abcd
+	# + abcd.0000.abcd.0000.0000.abcd.0000.0000.0000
+	# -      abcd.0000.0000.0000.0000.0000.0000.abcd
+	#
+	# or marking redundant operations:
+	#
+	#   xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.----
+	# + abcd.0000.abcd.0000.0000.abcd.----.----.----
+	# -      abcd.----.----.----.----.----.----.----
+
+$code.=<<___;
+	! multiplication-less reduction
+	addcc	@acc[3],$t0,@acc[3]	! r[3]+=r[0]
+	addccc	@acc[4],%g0,@acc[4]	! r[4]+=0
+	 and	@acc[1],$mask,@acc[1]
+	 and	@acc[2],$mask,@acc[2]
+	addccc	@acc[5],%g0,@acc[5]	! r[5]+=0
+	addccc	@acc[6],$t0,@acc[6]	! r[6]+=r[0]
+	 and	@acc[3],$mask,@acc[3]
+	 and	@acc[4],$mask,@acc[4]
+	addccc	@acc[7],%g0,@acc[7]	! r[7]+=0
+	addccc	@acc[0],$t0,@acc[0]	! r[8]+=r[0]	"@acc[8]"
+	 and	@acc[5],$mask,@acc[5]
+	 and	@acc[6],$mask,@acc[6]
+	addc	$carry,%g0,$carry	! top-most carry
+	subcc	@acc[7],$t0,@acc[7]	! r[7]-=r[0]
+	subccc	@acc[0],%g0,@acc[0]	! r[8]-=0	"@acc[8]"
+	subc	$carry,%g0,$carry	! top-most carry
+	 and	@acc[7],$mask,@acc[7]
+	 and	@acc[0],$mask,@acc[0]	! "@acc[8]"
+___
+	push(@acc,shift(@acc));		# rotate registers to "omit" acc[0]
+$code.=<<___;
+	mulx	$a0,$bi,$t0		! a[0-7]*b[$i], 64-bit results
+	mulx	$t1,$bi,$t1
+	mulx	$t2,$bi,$t2
+	mulx	$t3,$bi,$t3
+	mulx	$t4,$bi,$t4
+	mulx	$t5,$bi,$t5
+	mulx	$t6,$bi,$t6
+	mulx	$t7,$bi,$t7
+	add	@acc[0],$t0,$t0		! accumulate low parts, can't overflow
+	add	@acc[1],$t1,$t1
+	srlx	$t0,32,@acc[1]		! extract high parts
+	add	@acc[2],$t2,$t2
+	srlx	$t1,32,@acc[2]
+	add	@acc[3],$t3,$t3
+	srlx	$t2,32,@acc[3]
+	add	@acc[4],$t4,$t4
+	srlx	$t3,32,@acc[4]
+	add	@acc[5],$t5,$t5
+	srlx	$t4,32,@acc[5]
+	add	@acc[6],$t6,$t6
+	srlx	$t5,32,@acc[6]
+	add	@acc[7],$t7,$t7
+	srlx	$t6,32,@acc[7]
+	srlx	$t7,32,@acc[0]		! "@acc[8]"
+___
+}
+$code.=<<___;
+	addcc	@acc[1],$t1,@acc[1]	! accumulate high parts
+	addccc	@acc[2],$t2,@acc[2]
+	addccc	@acc[3],$t3,@acc[3]
+	addccc	@acc[4],$t4,@acc[4]
+	addccc	@acc[5],$t5,@acc[5]
+	addccc	@acc[6],$t6,@acc[6]
+	addccc	@acc[7],$t7,@acc[7]
+	addccc	@acc[0],$carry,@acc[0]	! "@acc[8]"
+	addc	%g0,%g0,$carry
+
+	addcc	@acc[3],$t0,@acc[3]	! multiplication-less reduction
+	addccc	@acc[4],%g0,@acc[4]
+	addccc	@acc[5],%g0,@acc[5]
+	addccc	@acc[6],$t0,@acc[6]
+	addccc	@acc[7],%g0,@acc[7]
+	addccc	@acc[0],$t0,@acc[0]	! "@acc[8]"
+	addc	$carry,%g0,$carry
+	subcc	@acc[7],$t0,@acc[7]
+	subccc	@acc[0],%g0,@acc[0]	! "@acc[8]"
+	subc	$carry,%g0,$carry	! top-most carry
+___
+	push(@acc,shift(@acc));		# rotate registers to omit acc[0]
+$code.=<<___;
+	! Final step is "if result > mod, subtract mod", but we do it
+	! "other way around", namely subtract modulus from result
+	! and if it borrowed, add modulus back.
+
+	subcc	@acc[0],-1,@acc[0]	! subtract modulus
+	subccc	@acc[1],-1,@acc[1]
+	subccc	@acc[2],-1,@acc[2]
+	subccc	@acc[3],0,@acc[3]
+	subccc	@acc[4],0,@acc[4]
+	subccc	@acc[5],0,@acc[5]
+	subccc	@acc[6],1,@acc[6]
+	subccc	@acc[7],-1,@acc[7]
+	subc	$carry,0,$carry		! broadcast borrow bit
+
+	! Note that because mod has special form, i.e. consists of
+	! 0xffffffff, 1 and 0s, we can conditionally synthesize it by
+	! using value of broadcasted borrow and the borrow bit itself.
+	! To minimize dependency chain we first broadcast and then
+	! extract the bit by negating (follow $bi).
+
+	addcc	@acc[0],$carry,@acc[0]	! add modulus or zero
+	addccc	@acc[1],$carry,@acc[1]
+	neg	$carry,$bi
+	st	@acc[0],[$rp]
+	addccc	@acc[2],$carry,@acc[2]
+	st	@acc[1],[$rp+4]
+	addccc	@acc[3],0,@acc[3]
+	st	@acc[2],[$rp+8]
+	addccc	@acc[4],0,@acc[4]
+	st	@acc[3],[$rp+12]
+	addccc	@acc[5],0,@acc[5]
+	st	@acc[4],[$rp+16]
+	addccc	@acc[6],$bi,@acc[6]
+	st	@acc[5],[$rp+20]
+	addc	@acc[7],$carry,@acc[7]
+	st	@acc[6],[$rp+24]
+	retl
+	st	@acc[7],[$rp+28]
+.type	__ecp_nistz256_mul_mont,#function
+.size	__ecp_nistz256_mul_mont,.-__ecp_nistz256_mul_mont
+
+! void	ecp_nistz256_add(BN_ULONG %i0[8],const BN_ULONG %i1[8],
+!					 const BN_ULONG %i2[8]);
+.globl	ecp_nistz256_add
+.align	32
+ecp_nistz256_add:
+	save	%sp,-STACK_FRAME,%sp
+	ld	[$ap],@acc[0]
+	ld	[$ap+4],@acc[1]
+	ld	[$ap+8],@acc[2]
+	ld	[$ap+12],@acc[3]
+	ld	[$ap+16],@acc[4]
+	ld	[$ap+20],@acc[5]
+	ld	[$ap+24],@acc[6]
+	call	__ecp_nistz256_add
+	ld	[$ap+28],@acc[7]
+	ret
+	restore
+.type	ecp_nistz256_add,#function
+.size	ecp_nistz256_add,.-ecp_nistz256_add
+
+.align	32
+__ecp_nistz256_add:
+	ld	[$bp+0],$t0		! b[0]
+	ld	[$bp+4],$t1
+	ld	[$bp+8],$t2
+	ld	[$bp+12],$t3
+	addcc	@acc[0],$t0,@acc[0]
+	ld	[$bp+16],$t4
+	ld	[$bp+20],$t5
+	addccc	@acc[1],$t1,@acc[1]
+	ld	[$bp+24],$t6
+	ld	[$bp+28],$t7
+	addccc	@acc[2],$t2,@acc[2]
+	addccc	@acc[3],$t3,@acc[3]
+	addccc	@acc[4],$t4,@acc[4]
+	addccc	@acc[5],$t5,@acc[5]
+	addccc	@acc[6],$t6,@acc[6]
+	addccc	@acc[7],$t7,@acc[7]
+	addc	%g0,%g0,$carry
+
+.Lreduce_by_sub:
+
+	! if a+b >= modulus, subtract modulus.
+	!
+	! But since comparison implies subtraction, we subtract
+	! modulus and then add it back if subtraction borrowed.
+
+	subcc	@acc[0],-1,@acc[0]
+	subccc	@acc[1],-1,@acc[1]
+	subccc	@acc[2],-1,@acc[2]
+	subccc	@acc[3], 0,@acc[3]
+	subccc	@acc[4], 0,@acc[4]
+	subccc	@acc[5], 0,@acc[5]
+	subccc	@acc[6], 1,@acc[6]
+	subccc	@acc[7],-1,@acc[7]
+	subc	$carry,0,$carry
+
+	! Note that because mod has special form, i.e. consists of
+	! 0xffffffff, 1 and 0s, we can conditionally synthesize it by
+	! using value of borrow and its negative.
+
+	addcc	@acc[0],$carry,@acc[0]	! add synthesized modulus
+	addccc	@acc[1],$carry,@acc[1]
+	neg	$carry,$bi
+	st	@acc[0],[$rp]
+	addccc	@acc[2],$carry,@acc[2]
+	st	@acc[1],[$rp+4]
+	addccc	@acc[3],0,@acc[3]
+	st	@acc[2],[$rp+8]
+	addccc	@acc[4],0,@acc[4]
+	st	@acc[3],[$rp+12]
+	addccc	@acc[5],0,@acc[5]
+	st	@acc[4],[$rp+16]
+	addccc	@acc[6],$bi,@acc[6]
+	st	@acc[5],[$rp+20]
+	addc	@acc[7],$carry,@acc[7]
+	st	@acc[6],[$rp+24]
+	retl
+	st	@acc[7],[$rp+28]
+.type	__ecp_nistz256_add,#function
+.size	__ecp_nistz256_add,.-__ecp_nistz256_add
+
+! void	ecp_nistz256_mul_by_2(BN_ULONG %i0[8],const BN_ULONG %i1[8]);
+.globl	ecp_nistz256_mul_by_2
+.align	32
+ecp_nistz256_mul_by_2:
+	save	%sp,-STACK_FRAME,%sp
+	ld	[$ap],@acc[0]
+	ld	[$ap+4],@acc[1]
+	ld	[$ap+8],@acc[2]
+	ld	[$ap+12],@acc[3]
+	ld	[$ap+16],@acc[4]
+	ld	[$ap+20],@acc[5]
+	ld	[$ap+24],@acc[6]
+	call	__ecp_nistz256_mul_by_2
+	ld	[$ap+28],@acc[7]
+	ret
+	restore
+.type	ecp_nistz256_mul_by_2,#function
+.size	ecp_nistz256_mul_by_2,.-ecp_nistz256_mul_by_2
+
+.align	32
+__ecp_nistz256_mul_by_2:
+	addcc	@acc[0],@acc[0],@acc[0]	! a+a=2*a
+	addccc	@acc[1],@acc[1],@acc[1]
+	addccc	@acc[2],@acc[2],@acc[2]
+	addccc	@acc[3],@acc[3],@acc[3]
+	addccc	@acc[4],@acc[4],@acc[4]
+	addccc	@acc[5],@acc[5],@acc[5]
+	addccc	@acc[6],@acc[6],@acc[6]
+	addccc	@acc[7],@acc[7],@acc[7]
+	b	.Lreduce_by_sub
+	addc	%g0,%g0,$carry
+.type	__ecp_nistz256_mul_by_2,#function
+.size	__ecp_nistz256_mul_by_2,.-__ecp_nistz256_mul_by_2
+
+! void	ecp_nistz256_mul_by_3(BN_ULONG %i0[8],const BN_ULONG %i1[8]);
+.globl	ecp_nistz256_mul_by_3
+.align	32
+ecp_nistz256_mul_by_3:
+	save	%sp,-STACK_FRAME,%sp
+	ld	[$ap],@acc[0]
+	ld	[$ap+4],@acc[1]
+	ld	[$ap+8],@acc[2]
+	ld	[$ap+12],@acc[3]
+	ld	[$ap+16],@acc[4]
+	ld	[$ap+20],@acc[5]
+	ld	[$ap+24],@acc[6]
+	call	__ecp_nistz256_mul_by_3
+	ld	[$ap+28],@acc[7]
+	ret
+	restore
+.type	ecp_nistz256_mul_by_3,#function
+.size	ecp_nistz256_mul_by_3,.-ecp_nistz256_mul_by_3
+
+.align	32
+__ecp_nistz256_mul_by_3:
+	addcc	@acc[0],@acc[0],$t0	! a+a=2*a
+	addccc	@acc[1],@acc[1],$t1
+	addccc	@acc[2],@acc[2],$t2
+	addccc	@acc[3],@acc[3],$t3
+	addccc	@acc[4],@acc[4],$t4
+	addccc	@acc[5],@acc[5],$t5
+	addccc	@acc[6],@acc[6],$t6
+	addccc	@acc[7],@acc[7],$t7
+	addc	%g0,%g0,$carry
+
+	subcc	$t0,-1,$t0		! .Lreduce_by_sub but without stores
+	subccc	$t1,-1,$t1
+	subccc	$t2,-1,$t2
+	subccc	$t3, 0,$t3
+	subccc	$t4, 0,$t4
+	subccc	$t5, 0,$t5
+	subccc	$t6, 1,$t6
+	subccc	$t7,-1,$t7
+	subc	$carry,0,$carry
+
+	addcc	$t0,$carry,$t0		! add synthesized modulus
+	addccc	$t1,$carry,$t1
+	neg	$carry,$bi
+	addccc	$t2,$carry,$t2
+	addccc	$t3,0,$t3
+	addccc	$t4,0,$t4
+	addccc	$t5,0,$t5
+	addccc	$t6,$bi,$t6
+	addc	$t7,$carry,$t7
+
+	addcc	$t0,@acc[0],@acc[0]	! 2*a+a=3*a
+	addccc	$t1,@acc[1],@acc[1]
+	addccc	$t2,@acc[2],@acc[2]
+	addccc	$t3,@acc[3],@acc[3]
+	addccc	$t4,@acc[4],@acc[4]
+	addccc	$t5,@acc[5],@acc[5]
+	addccc	$t6,@acc[6],@acc[6]
+	addccc	$t7,@acc[7],@acc[7]
+	b	.Lreduce_by_sub
+	addc	%g0,%g0,$carry
+.type	__ecp_nistz256_mul_by_3,#function
+.size	__ecp_nistz256_mul_by_3,.-__ecp_nistz256_mul_by_3
+
+! void	ecp_nistz256_sub(BN_ULONG %i0[8],const BN_ULONG %i1[8],
+!				         const BN_ULONG %i2[8]);
+.globl	ecp_nistz256_sub
+.align	32
+ecp_nistz256_sub:
+	save	%sp,-STACK_FRAME,%sp
+	ld	[$ap],@acc[0]
+	ld	[$ap+4],@acc[1]
+	ld	[$ap+8],@acc[2]
+	ld	[$ap+12],@acc[3]
+	ld	[$ap+16],@acc[4]
+	ld	[$ap+20],@acc[5]
+	ld	[$ap+24],@acc[6]
+	call	__ecp_nistz256_sub_from
+	ld	[$ap+28],@acc[7]
+	ret
+	restore
+.type	ecp_nistz256_sub,#function
+.size	ecp_nistz256_sub,.-ecp_nistz256_sub
+
+! void	ecp_nistz256_neg(BN_ULONG %i0[8],const BN_ULONG %i1[8]);
+.globl	ecp_nistz256_neg
+.align	32
+ecp_nistz256_neg:
+	save	%sp,-STACK_FRAME,%sp
+	mov	$ap,$bp
+	mov	0,@acc[0]
+	mov	0,@acc[1]
+	mov	0,@acc[2]
+	mov	0,@acc[3]
+	mov	0,@acc[4]
+	mov	0,@acc[5]
+	mov	0,@acc[6]
+	call	__ecp_nistz256_sub_from
+	mov	0,@acc[7]
+	ret
+	restore
+.type	ecp_nistz256_neg,#function
+.size	ecp_nistz256_neg,.-ecp_nistz256_neg
+
+.align	32
+__ecp_nistz256_sub_from:
+	ld	[$bp+0],$t0		! b[0]
+	ld	[$bp+4],$t1
+	ld	[$bp+8],$t2
+	ld	[$bp+12],$t3
+	subcc	@acc[0],$t0,@acc[0]
+	ld	[$bp+16],$t4
+	ld	[$bp+20],$t5
+	subccc	@acc[1],$t1,@acc[1]
+	subccc	@acc[2],$t2,@acc[2]
+	ld	[$bp+24],$t6
+	ld	[$bp+28],$t7
+	subccc	@acc[3],$t3,@acc[3]
+	subccc	@acc[4],$t4,@acc[4]
+	subccc	@acc[5],$t5,@acc[5]
+	subccc	@acc[6],$t6,@acc[6]
+	subccc	@acc[7],$t7,@acc[7]
+	subc	%g0,%g0,$carry		! broadcast borrow bit
+
+.Lreduce_by_add:
+
+	! if a-b borrows, add modulus.
+	!
+	! Note that because mod has special form, i.e. consists of
+	! 0xffffffff, 1 and 0s, we can conditionally synthesize it by
+	! using value of broadcasted borrow and the borrow bit itself.
+	! To minimize dependency chain we first broadcast and then
+	! extract the bit by negating (follow $bi).
+
+	addcc	@acc[0],$carry,@acc[0]	! add synthesized modulus
+	addccc	@acc[1],$carry,@acc[1]
+	neg	$carry,$bi
+	st	@acc[0],[$rp]
+	addccc	@acc[2],$carry,@acc[2]
+	st	@acc[1],[$rp+4]
+	addccc	@acc[3],0,@acc[3]
+	st	@acc[2],[$rp+8]
+	addccc	@acc[4],0,@acc[4]
+	st	@acc[3],[$rp+12]
+	addccc	@acc[5],0,@acc[5]
+	st	@acc[4],[$rp+16]
+	addccc	@acc[6],$bi,@acc[6]
+	st	@acc[5],[$rp+20]
+	addc	@acc[7],$carry,@acc[7]
+	st	@acc[6],[$rp+24]
+	retl
+	st	@acc[7],[$rp+28]
+.type	__ecp_nistz256_sub_from,#function
+.size	__ecp_nistz256_sub_from,.-__ecp_nistz256_sub_from
+
+.align	32
+__ecp_nistz256_sub_morf:
+	ld	[$bp+0],$t0		! b[0]
+	ld	[$bp+4],$t1
+	ld	[$bp+8],$t2
+	ld	[$bp+12],$t3
+	subcc	$t0,@acc[0],@acc[0]
+	ld	[$bp+16],$t4
+	ld	[$bp+20],$t5
+	subccc	$t1,@acc[1],@acc[1]
+	subccc	$t2,@acc[2],@acc[2]
+	ld	[$bp+24],$t6
+	ld	[$bp+28],$t7
+	subccc	$t3,@acc[3],@acc[3]
+	subccc	$t4,@acc[4],@acc[4]
+	subccc	$t5,@acc[5],@acc[5]
+	subccc	$t6,@acc[6],@acc[6]
+	subccc	$t7,@acc[7],@acc[7]
+	b	.Lreduce_by_add
+	subc	%g0,%g0,$carry		! broadcast borrow bit
+.type	__ecp_nistz256_sub_morf,#function
+.size	__ecp_nistz256_sub_morf,.-__ecp_nistz256_sub_morf
+
+! void	ecp_nistz256_div_by_2(BN_ULONG %i0[8],const BN_ULONG %i1[8]);
+.globl	ecp_nistz256_div_by_2
+.align	32
+ecp_nistz256_div_by_2:
+	save	%sp,-STACK_FRAME,%sp
+	ld	[$ap],@acc[0]
+	ld	[$ap+4],@acc[1]
+	ld	[$ap+8],@acc[2]
+	ld	[$ap+12],@acc[3]
+	ld	[$ap+16],@acc[4]
+	ld	[$ap+20],@acc[5]
+	ld	[$ap+24],@acc[6]
+	call	__ecp_nistz256_div_by_2
+	ld	[$ap+28],@acc[7]
+	ret
+	restore
+.type	ecp_nistz256_div_by_2,#function
+.size	ecp_nistz256_div_by_2,.-ecp_nistz256_div_by_2
+
+.align	32
+__ecp_nistz256_div_by_2:
+	! ret = (a is odd ? a+mod : a) >> 1
+
+	and	@acc[0],1,$bi
+	neg	$bi,$carry
+	addcc	@acc[0],$carry,@acc[0]
+	addccc	@acc[1],$carry,@acc[1]
+	addccc	@acc[2],$carry,@acc[2]
+	addccc	@acc[3],0,@acc[3]
+	addccc	@acc[4],0,@acc[4]
+	addccc	@acc[5],0,@acc[5]
+	addccc	@acc[6],$bi,@acc[6]
+	addccc	@acc[7],$carry,@acc[7]
+	addc	%g0,%g0,$carry
+
+	! ret >>= 1
+
+	srl	@acc[0],1,@acc[0]
+	sll	@acc[1],31,$t0
+	srl	@acc[1],1,@acc[1]
+	or	@acc[0],$t0,@acc[0]
+	sll	@acc[2],31,$t1
+	srl	@acc[2],1,@acc[2]
+	or	@acc[1],$t1,@acc[1]
+	sll	@acc[3],31,$t2
+	st	@acc[0],[$rp]
+	srl	@acc[3],1,@acc[3]
+	or	@acc[2],$t2,@acc[2]
+	sll	@acc[4],31,$t3
+	st	@acc[1],[$rp+4]
+	srl	@acc[4],1,@acc[4]
+	or	@acc[3],$t3,@acc[3]
+	sll	@acc[5],31,$t4
+	st	@acc[2],[$rp+8]
+	srl	@acc[5],1,@acc[5]
+	or	@acc[4],$t4,@acc[4]
+	sll	@acc[6],31,$t5
+	st	@acc[3],[$rp+12]
+	srl	@acc[6],1,@acc[6]
+	or	@acc[5],$t5,@acc[5]
+	sll	@acc[7],31,$t6
+	st	@acc[4],[$rp+16]
+	srl	@acc[7],1,@acc[7]
+	or	@acc[6],$t6,@acc[6]
+	sll	$carry,31,$t7
+	st	@acc[5],[$rp+20]
+	or	@acc[7],$t7,@acc[7]
+	st	@acc[6],[$rp+24]
+	retl
+	st	@acc[7],[$rp+28]
+.type	__ecp_nistz256_div_by_2,#function
+.size	__ecp_nistz256_div_by_2,.-__ecp_nistz256_div_by_2
+___
+
+########################################################################
+# following subroutines are "literal" implementation of those found in
+# ecp_nistz256.c
+#
+########################################################################
+# void ecp_nistz256_point_double(P256_POINT *out,const P256_POINT *inp);
+#
+{
+my ($S,$M,$Zsqr,$tmp0)=map(32*$_,(0..3));
+# above map() describes stack layout with 4 temporary
+# 256-bit vectors on top.
+
+$code.=<<___;
+#ifdef __PIC__
+SPARC_PIC_THUNK(%g1)
+#endif
+
+.globl	ecp_nistz256_point_double
+.align	32
+ecp_nistz256_point_double:
+	SPARC_LOAD_ADDRESS_LEAF(OPENSSL_sparcv9cap_P,%g1,%g5)
+	ld	[%g1],%g1		! OPENSSL_sparcv9cap_P[0]
+	and	%g1,(SPARCV9_VIS3|SPARCV9_64BIT_STACK),%g1
+	cmp	%g1,(SPARCV9_VIS3|SPARCV9_64BIT_STACK)
+	be	ecp_nistz256_point_double_vis3
+	nop
+
+	save	%sp,-STACK_FRAME-32*4,%sp
+
+	mov	$rp,$rp_real
+	mov	$ap,$ap_real
+
+.Lpoint_double_shortcut:
+	ld	[$ap+32],@acc[0]
+	ld	[$ap+32+4],@acc[1]
+	ld	[$ap+32+8],@acc[2]
+	ld	[$ap+32+12],@acc[3]
+	ld	[$ap+32+16],@acc[4]
+	ld	[$ap+32+20],@acc[5]
+	ld	[$ap+32+24],@acc[6]
+	ld	[$ap+32+28],@acc[7]
+	call	__ecp_nistz256_mul_by_2	! p256_mul_by_2(S, in_y);
+	add	%sp,LOCALS+$S,$rp
+
+	add	$ap_real,64,$bp
+	add	$ap_real,64,$ap
+	call	__ecp_nistz256_mul_mont	! p256_sqr_mont(Zsqr, in_z);
+	add	%sp,LOCALS+$Zsqr,$rp
+
+	add	$ap_real,0,$bp
+	call	__ecp_nistz256_add	! p256_add(M, Zsqr, in_x);
+	add	%sp,LOCALS+$M,$rp
+
+	add	%sp,LOCALS+$S,$bp
+	add	%sp,LOCALS+$S,$ap
+	call	__ecp_nistz256_mul_mont	! p256_sqr_mont(S, S);
+	add	%sp,LOCALS+$S,$rp
+
+	ld	[$ap_real],@acc[0]
+	add	%sp,LOCALS+$Zsqr,$bp
+	ld	[$ap_real+4],@acc[1]
+	ld	[$ap_real+8],@acc[2]
+	ld	[$ap_real+12],@acc[3]
+	ld	[$ap_real+16],@acc[4]
+	ld	[$ap_real+20],@acc[5]
+	ld	[$ap_real+24],@acc[6]
+	ld	[$ap_real+28],@acc[7]
+	call	__ecp_nistz256_sub_from	! p256_sub(Zsqr, in_x, Zsqr);
+	add	%sp,LOCALS+$Zsqr,$rp
+
+	add	$ap_real,32,$bp
+	add	$ap_real,64,$ap
+	call	__ecp_nistz256_mul_mont	! p256_mul_mont(tmp0, in_z, in_y);
+	add	%sp,LOCALS+$tmp0,$rp
+
+	call	__ecp_nistz256_mul_by_2	! p256_mul_by_2(res_z, tmp0);
+	add	$rp_real,64,$rp
+
+	add	%sp,LOCALS+$Zsqr,$bp
+	add	%sp,LOCALS+$M,$ap
+	call	__ecp_nistz256_mul_mont	! p256_mul_mont(M, M, Zsqr);
+	add	%sp,LOCALS+$M,$rp
+
+	call	__ecp_nistz256_mul_by_3	! p256_mul_by_3(M, M);
+	add	%sp,LOCALS+$M,$rp
+
+	add	%sp,LOCALS+$S,$bp
+	add	%sp,LOCALS+$S,$ap
+	call	__ecp_nistz256_mul_mont	! p256_sqr_mont(tmp0, S);
+	add	%sp,LOCALS+$tmp0,$rp
+
+	call	__ecp_nistz256_div_by_2	! p256_div_by_2(res_y, tmp0);
+	add	$rp_real,32,$rp
+
+	add	$ap_real,0,$bp
+	add	%sp,LOCALS+$S,$ap
+	call	__ecp_nistz256_mul_mont	! p256_mul_mont(S, S, in_x);
+	add	%sp,LOCALS+$S,$rp
+
+	call	__ecp_nistz256_mul_by_2	! p256_mul_by_2(tmp0, S);
+	add	%sp,LOCALS+$tmp0,$rp
+
+	add	%sp,LOCALS+$M,$bp
+	add	%sp,LOCALS+$M,$ap
+	call	__ecp_nistz256_mul_mont	! p256_sqr_mont(res_x, M);
+	add	$rp_real,0,$rp
+
+	add	%sp,LOCALS+$tmp0,$bp
+	call	__ecp_nistz256_sub_from	! p256_sub(res_x, res_x, tmp0);
+	add	$rp_real,0,$rp
+
+	add	%sp,LOCALS+$S,$bp
+	call	__ecp_nistz256_sub_morf	! p256_sub(S, S, res_x);
+	add	%sp,LOCALS+$S,$rp
+
+	add	%sp,LOCALS+$M,$bp
+	add	%sp,LOCALS+$S,$ap
+	call	__ecp_nistz256_mul_mont	! p256_mul_mont(S, S, M);
+	add	%sp,LOCALS+$S,$rp
+
+	add	$rp_real,32,$bp
+	call	__ecp_nistz256_sub_from	! p256_sub(res_y, S, res_y);
+	add	$rp_real,32,$rp
+
+	ret
+	restore
+.type	ecp_nistz256_point_double,#function
+.size	ecp_nistz256_point_double,.-ecp_nistz256_point_double
+___
+}
+
+########################################################################
+# void ecp_nistz256_point_add(P256_POINT *out,const P256_POINT *in1,
+#			      const P256_POINT *in2);
+{
+my ($res_x,$res_y,$res_z,
+    $H,$Hsqr,$R,$Rsqr,$Hcub,
+    $U1,$U2,$S1,$S2)=map(32*$_,(0..11));
+my ($Z1sqr, $Z2sqr) = ($Hsqr, $Rsqr);
+
+# above map() describes stack layout with 12 temporary
+# 256-bit vectors on top. Then we reserve some space for
+# !in1infty, !in2infty, result of check for zero and return pointer.
+
+my $bp_real=$rp_real;
+
+$code.=<<___;
+.globl	ecp_nistz256_point_add
+.align	32
+ecp_nistz256_point_add:
+	SPARC_LOAD_ADDRESS_LEAF(OPENSSL_sparcv9cap_P,%g1,%g5)
+	ld	[%g1],%g1		! OPENSSL_sparcv9cap_P[0]
+	and	%g1,(SPARCV9_VIS3|SPARCV9_64BIT_STACK),%g1
+	cmp	%g1,(SPARCV9_VIS3|SPARCV9_64BIT_STACK)
+	be	ecp_nistz256_point_add_vis3
+	nop
+
+	save	%sp,-STACK_FRAME-32*12-32,%sp
+
+	stx	$rp,[%fp+STACK_BIAS-8]	! off-load $rp
+	mov	$ap,$ap_real
+	mov	$bp,$bp_real
+
+	ld	[$bp+64],$t0		! in2_z
+	ld	[$bp+64+4],$t1
+	ld	[$bp+64+8],$t2
+	ld	[$bp+64+12],$t3
+	ld	[$bp+64+16],$t4
+	ld	[$bp+64+20],$t5
+	ld	[$bp+64+24],$t6
+	ld	[$bp+64+28],$t7
+	or	$t1,$t0,$t0
+	or	$t3,$t2,$t2
+	or	$t5,$t4,$t4
+	or	$t7,$t6,$t6
+	or	$t2,$t0,$t0
+	or	$t6,$t4,$t4
+	or	$t4,$t0,$t0		! !in2infty
+	movrnz	$t0,-1,$t0
+	st	$t0,[%fp+STACK_BIAS-12]
+
+	ld	[$ap+64],$t0		! in1_z
+	ld	[$ap+64+4],$t1
+	ld	[$ap+64+8],$t2
+	ld	[$ap+64+12],$t3
+	ld	[$ap+64+16],$t4
+	ld	[$ap+64+20],$t5
+	ld	[$ap+64+24],$t6
+	ld	[$ap+64+28],$t7
+	or	$t1,$t0,$t0
+	or	$t3,$t2,$t2
+	or	$t5,$t4,$t4
+	or	$t7,$t6,$t6
+	or	$t2,$t0,$t0
+	or	$t6,$t4,$t4
+	or	$t4,$t0,$t0		! !in1infty
+	movrnz	$t0,-1,$t0
+	st	$t0,[%fp+STACK_BIAS-16]
+
+	add	$bp_real,64,$bp
+	add	$bp_real,64,$ap
+	call	__ecp_nistz256_mul_mont	! p256_sqr_mont(Z2sqr, in2_z);
+	add	%sp,LOCALS+$Z2sqr,$rp
+
+	add	$ap_real,64,$bp
+	add	$ap_real,64,$ap
+	call	__ecp_nistz256_mul_mont	! p256_sqr_mont(Z1sqr, in1_z);
+	add	%sp,LOCALS+$Z1sqr,$rp
+
+	add	$bp_real,64,$bp
+	add	%sp,LOCALS+$Z2sqr,$ap
+	call	__ecp_nistz256_mul_mont	! p256_mul_mont(S1, Z2sqr, in2_z);
+	add	%sp,LOCALS+$S1,$rp
+
+	add	$ap_real,64,$bp
+	add	%sp,LOCALS+$Z1sqr,$ap
+	call	__ecp_nistz256_mul_mont	! p256_mul_mont(S2, Z1sqr, in1_z);
+	add	%sp,LOCALS+$S2,$rp
+
+	add	$ap_real,32,$bp
+	add	%sp,LOCALS+$S1,$ap
+	call	__ecp_nistz256_mul_mont	! p256_mul_mont(S1, S1, in1_y);
+	add	%sp,LOCALS+$S1,$rp
+
+	add	$bp_real,32,$bp
+	add	%sp,LOCALS+$S2,$ap
+	call	__ecp_nistz256_mul_mont	! p256_mul_mont(S2, S2, in2_y);
+	add	%sp,LOCALS+$S2,$rp
+
+	add	%sp,LOCALS+$S1,$bp
+	call	__ecp_nistz256_sub_from	! p256_sub(R, S2, S1);
+	add	%sp,LOCALS+$R,$rp
+
+	or	@acc[1],@acc[0],@acc[0]	! see if result is zero
+	or	@acc[3],@acc[2],@acc[2]
+	or	@acc[5],@acc[4],@acc[4]
+	or	@acc[7],@acc[6],@acc[6]
+	or	@acc[2],@acc[0],@acc[0]
+	or	@acc[6],@acc[4],@acc[4]
+	or	@acc[4],@acc[0],@acc[0]
+	st	@acc[0],[%fp+STACK_BIAS-20]
+
+	add	$ap_real,0,$bp
+	add	%sp,LOCALS+$Z2sqr,$ap
+	call	__ecp_nistz256_mul_mont	! p256_mul_mont(U1, in1_x, Z2sqr);
+	add	%sp,LOCALS+$U1,$rp
+
+	add	$bp_real,0,$bp
+	add	%sp,LOCALS+$Z1sqr,$ap
+	call	__ecp_nistz256_mul_mont	! p256_mul_mont(U2, in2_x, Z1sqr);
+	add	%sp,LOCALS+$U2,$rp
+
+	add	%sp,LOCALS+$U1,$bp
+	call	__ecp_nistz256_sub_from	! p256_sub(H, U2, U1);
+	add	%sp,LOCALS+$H,$rp
+
+	or	@acc[1],@acc[0],@acc[0]	! see if result is zero
+	or	@acc[3],@acc[2],@acc[2]
+	or	@acc[5],@acc[4],@acc[4]
+	or	@acc[7],@acc[6],@acc[6]
+	or	@acc[2],@acc[0],@acc[0]
+	or	@acc[6],@acc[4],@acc[4]
+	orcc	@acc[4],@acc[0],@acc[0]
+
+	bne,pt	%icc,.Ladd_proceed	! is_equal(U1,U2)?
+	nop
+
+	ld	[%fp+STACK_BIAS-12],$t0
+	ld	[%fp+STACK_BIAS-16],$t1
+	ld	[%fp+STACK_BIAS-20],$t2
+	andcc	$t0,$t1,%g0
+	be,pt	%icc,.Ladd_proceed	! (in1infty || in2infty)?
+	nop
+	andcc	$t2,$t2,%g0
+	be,pt	%icc,.Ladd_double	! is_equal(S1,S2)?
+	nop
+
+	ldx	[%fp+STACK_BIAS-8],$rp
+	st	%g0,[$rp]
+	st	%g0,[$rp+4]
+	st	%g0,[$rp+8]
+	st	%g0,[$rp+12]
+	st	%g0,[$rp+16]
+	st	%g0,[$rp+20]
+	st	%g0,[$rp+24]
+	st	%g0,[$rp+28]
+	st	%g0,[$rp+32]
+	st	%g0,[$rp+32+4]
+	st	%g0,[$rp+32+8]
+	st	%g0,[$rp+32+12]
+	st	%g0,[$rp+32+16]
+	st	%g0,[$rp+32+20]
+	st	%g0,[$rp+32+24]
+	st	%g0,[$rp+32+28]
+	st	%g0,[$rp+64]
+	st	%g0,[$rp+64+4]
+	st	%g0,[$rp+64+8]
+	st	%g0,[$rp+64+12]
+	st	%g0,[$rp+64+16]
+	st	%g0,[$rp+64+20]
+	st	%g0,[$rp+64+24]
+	st	%g0,[$rp+64+28]
+	b	.Ladd_done
+	nop
+
+.align	16
+.Ladd_double:
+	ldx	[%fp+STACK_BIAS-8],$rp_real
+	mov	$ap_real,$ap
+	b	.Lpoint_double_shortcut
+	add	%sp,32*(12-4)+32,%sp	! difference in frame sizes
+
+.align	16
+.Ladd_proceed:
+	add	%sp,LOCALS+$R,$bp
+	add	%sp,LOCALS+$R,$ap
+	call	__ecp_nistz256_mul_mont	! p256_sqr_mont(Rsqr, R);
+	add	%sp,LOCALS+$Rsqr,$rp
+
+	add	$ap_real,64,$bp
+	add	%sp,LOCALS+$H,$ap
+	call	__ecp_nistz256_mul_mont	! p256_mul_mont(res_z, H, in1_z);
+	add	%sp,LOCALS+$res_z,$rp
+
+	add	%sp,LOCALS+$H,$bp
+	add	%sp,LOCALS+$H,$ap
+	call	__ecp_nistz256_mul_mont	! p256_sqr_mont(Hsqr, H);
+	add	%sp,LOCALS+$Hsqr,$rp
+
+	add	$bp_real,64,$bp
+	add	%sp,LOCALS+$res_z,$ap
+	call	__ecp_nistz256_mul_mont	! p256_mul_mont(res_z, res_z, in2_z);
+	add	%sp,LOCALS+$res_z,$rp
+
+	add	%sp,LOCALS+$H,$bp
+	add	%sp,LOCALS+$Hsqr,$ap
+	call	__ecp_nistz256_mul_mont	! p256_mul_mont(Hcub, Hsqr, H);
+	add	%sp,LOCALS+$Hcub,$rp
+
+	add	%sp,LOCALS+$U1,$bp
+	add	%sp,LOCALS+$Hsqr,$ap
+	call	__ecp_nistz256_mul_mont	! p256_mul_mont(U2, U1, Hsqr);
+	add	%sp,LOCALS+$U2,$rp
+
+	call	__ecp_nistz256_mul_by_2	! p256_mul_by_2(Hsqr, U2);
+	add	%sp,LOCALS+$Hsqr,$rp
+
+	add	%sp,LOCALS+$Rsqr,$bp
+	call	__ecp_nistz256_sub_morf	! p256_sub(res_x, Rsqr, Hsqr);
+	add	%sp,LOCALS+$res_x,$rp
+
+	add	%sp,LOCALS+$Hcub,$bp
+	call	__ecp_nistz256_sub_from	!  p256_sub(res_x, res_x, Hcub);
+	add	%sp,LOCALS+$res_x,$rp
+
+	add	%sp,LOCALS+$U2,$bp
+	call	__ecp_nistz256_sub_morf	! p256_sub(res_y, U2, res_x);
+	add	%sp,LOCALS+$res_y,$rp
+
+	add	%sp,LOCALS+$Hcub,$bp
+	add	%sp,LOCALS+$S1,$ap
+	call	__ecp_nistz256_mul_mont	! p256_mul_mont(S2, S1, Hcub);
+	add	%sp,LOCALS+$S2,$rp
+
+	add	%sp,LOCALS+$R,$bp
+	add	%sp,LOCALS+$res_y,$ap
+	call	__ecp_nistz256_mul_mont	! p256_mul_mont(res_y, res_y, R);
+	add	%sp,LOCALS+$res_y,$rp
+
+	add	%sp,LOCALS+$S2,$bp
+	call	__ecp_nistz256_sub_from	! p256_sub(res_y, res_y, S2);
+	add	%sp,LOCALS+$res_y,$rp
+
+	ld	[%fp+STACK_BIAS-16],$t1	! !in1infty
+	ld	[%fp+STACK_BIAS-12],$t2	! !in2infty
+	ldx	[%fp+STACK_BIAS-8],$rp
+___
+for($i=0;$i<96;$i+=8) {			# conditional moves
+$code.=<<___;
+	ld	[%sp+LOCALS+$i],@acc[0]		! res
+	ld	[%sp+LOCALS+$i+4],@acc[1]
+	ld	[$bp_real+$i],@acc[2]		! in2
+	ld	[$bp_real+$i+4],@acc[3]
+	ld	[$ap_real+$i],@acc[4]		! in1
+	ld	[$ap_real+$i+4],@acc[5]
+	movrz	$t1,@acc[2],@acc[0]
+	movrz	$t1,@acc[3],@acc[1]
+	movrz	$t2,@acc[4],@acc[0]
+	movrz	$t2,@acc[5],@acc[1]
+	st	@acc[0],[$rp+$i]
+	st	@acc[1],[$rp+$i+4]
+___
+}
+$code.=<<___;
+.Ladd_done:
+	ret
+	restore
+.type	ecp_nistz256_point_add,#function
+.size	ecp_nistz256_point_add,.-ecp_nistz256_point_add
+___
+}
+
+########################################################################
+# void ecp_nistz256_point_add_affine(P256_POINT *out,const P256_POINT *in1,
+#				     const P256_POINT_AFFINE *in2);
+{
+my ($res_x,$res_y,$res_z,
+    $U2,$S2,$H,$R,$Hsqr,$Hcub,$Rsqr)=map(32*$_,(0..9));
+my $Z1sqr = $S2;
+# above map() describes stack layout with 10 temporary
+# 256-bit vectors on top. Then we reserve some space for
+# !in1infty, !in2infty, result of check for zero and return pointer.
+
+my @ONE_mont=(1,0,0,-1,-1,-1,-2,0);
+my $bp_real=$rp_real;
+
+$code.=<<___;
+.globl	ecp_nistz256_point_add_affine
+.align	32
+ecp_nistz256_point_add_affine:
+	SPARC_LOAD_ADDRESS_LEAF(OPENSSL_sparcv9cap_P,%g1,%g5)
+	ld	[%g1],%g1		! OPENSSL_sparcv9cap_P[0]
+	and	%g1,(SPARCV9_VIS3|SPARCV9_64BIT_STACK),%g1
+	cmp	%g1,(SPARCV9_VIS3|SPARCV9_64BIT_STACK)
+	be	ecp_nistz256_point_add_affine_vis3
+	nop
+
+	save	%sp,-STACK_FRAME-32*10-32,%sp
+
+	stx	$rp,[%fp+STACK_BIAS-8]	! off-load $rp
+	mov	$ap,$ap_real
+	mov	$bp,$bp_real
+
+	ld	[$ap+64],$t0		! in1_z
+	ld	[$ap+64+4],$t1
+	ld	[$ap+64+8],$t2
+	ld	[$ap+64+12],$t3
+	ld	[$ap+64+16],$t4
+	ld	[$ap+64+20],$t5
+	ld	[$ap+64+24],$t6
+	ld	[$ap+64+28],$t7
+	or	$t1,$t0,$t0
+	or	$t3,$t2,$t2
+	or	$t5,$t4,$t4
+	or	$t7,$t6,$t6
+	or	$t2,$t0,$t0
+	or	$t6,$t4,$t4
+	or	$t4,$t0,$t0		! !in1infty
+	movrnz	$t0,-1,$t0
+	st	$t0,[%fp+STACK_BIAS-16]
+
+	ld	[$bp],@acc[0]		! in2_x
+	ld	[$bp+4],@acc[1]
+	ld	[$bp+8],@acc[2]
+	ld	[$bp+12],@acc[3]
+	ld	[$bp+16],@acc[4]
+	ld	[$bp+20],@acc[5]
+	ld	[$bp+24],@acc[6]
+	ld	[$bp+28],@acc[7]
+	ld	[$bp+32],$t0		! in2_y
+	ld	[$bp+32+4],$t1
+	ld	[$bp+32+8],$t2
+	ld	[$bp+32+12],$t3
+	ld	[$bp+32+16],$t4
+	ld	[$bp+32+20],$t5
+	ld	[$bp+32+24],$t6
+	ld	[$bp+32+28],$t7
+	or	@acc[1],@acc[0],@acc[0]
+	or	@acc[3],@acc[2],@acc[2]
+	or	@acc[5],@acc[4],@acc[4]
+	or	@acc[7],@acc[6],@acc[6]
+	or	@acc[2],@acc[0],@acc[0]
+	or	@acc[6],@acc[4],@acc[4]
+	or	@acc[4],@acc[0],@acc[0]
+	or	$t1,$t0,$t0
+	or	$t3,$t2,$t2
+	or	$t5,$t4,$t4
+	or	$t7,$t6,$t6
+	or	$t2,$t0,$t0
+	or	$t6,$t4,$t4
+	or	$t4,$t0,$t0
+	or	@acc[0],$t0,$t0		! !in2infty
+	movrnz	$t0,-1,$t0
+	st	$t0,[%fp+STACK_BIAS-12]
+
+	add	$ap_real,64,$bp
+	add	$ap_real,64,$ap
+	call	__ecp_nistz256_mul_mont	! p256_sqr_mont(Z1sqr, in1_z);
+	add	%sp,LOCALS+$Z1sqr,$rp
+
+	add	$bp_real,0,$bp
+	add	%sp,LOCALS+$Z1sqr,$ap
+	call	__ecp_nistz256_mul_mont	! p256_mul_mont(U2, Z1sqr, in2_x);
+	add	%sp,LOCALS+$U2,$rp
+
+	add	$ap_real,0,$bp
+	call	__ecp_nistz256_sub_from	! p256_sub(H, U2, in1_x);
+	add	%sp,LOCALS+$H,$rp
+
+	add	$ap_real,64,$bp
+	add	%sp,LOCALS+$Z1sqr,$ap
+	call	__ecp_nistz256_mul_mont	! p256_mul_mont(S2, Z1sqr, in1_z);
+	add	%sp,LOCALS+$S2,$rp
+
+	add	$ap_real,64,$bp
+	add	%sp,LOCALS+$H,$ap
+	call	__ecp_nistz256_mul_mont	! p256_mul_mont(res_z, H, in1_z);
+	add	%sp,LOCALS+$res_z,$rp
+
+	add	$bp_real,32,$bp
+	add	%sp,LOCALS+$S2,$ap
+	call	__ecp_nistz256_mul_mont	! p256_mul_mont(S2, S2, in2_y);
+	add	%sp,LOCALS+$S2,$rp
+
+	add	$ap_real,32,$bp
+	call	__ecp_nistz256_sub_from	! p256_sub(R, S2, in1_y);
+	add	%sp,LOCALS+$R,$rp
+
+	add	%sp,LOCALS+$H,$bp
+	add	%sp,LOCALS+$H,$ap
+	call	__ecp_nistz256_mul_mont	! p256_sqr_mont(Hsqr, H);
+	add	%sp,LOCALS+$Hsqr,$rp
+
+	add	%sp,LOCALS+$R,$bp
+	add	%sp,LOCALS+$R,$ap
+	call	__ecp_nistz256_mul_mont	! p256_sqr_mont(Rsqr, R);
+	add	%sp,LOCALS+$Rsqr,$rp
+
+	add	%sp,LOCALS+$H,$bp
+	add	%sp,LOCALS+$Hsqr,$ap
+	call	__ecp_nistz256_mul_mont	! p256_mul_mont(Hcub, Hsqr, H);
+	add	%sp,LOCALS+$Hcub,$rp
+
+	add	$ap_real,0,$bp
+	add	%sp,LOCALS+$Hsqr,$ap
+	call	__ecp_nistz256_mul_mont	! p256_mul_mont(U2, in1_x, Hsqr);
+	add	%sp,LOCALS+$U2,$rp
+
+	call	__ecp_nistz256_mul_by_2	! p256_mul_by_2(Hsqr, U2);
+	add	%sp,LOCALS+$Hsqr,$rp
+
+	add	%sp,LOCALS+$Rsqr,$bp
+	call	__ecp_nistz256_sub_morf	! p256_sub(res_x, Rsqr, Hsqr);
+	add	%sp,LOCALS+$res_x,$rp
+
+	add	%sp,LOCALS+$Hcub,$bp
+	call	__ecp_nistz256_sub_from	!  p256_sub(res_x, res_x, Hcub);
+	add	%sp,LOCALS+$res_x,$rp
+
+	add	%sp,LOCALS+$U2,$bp
+	call	__ecp_nistz256_sub_morf	! p256_sub(res_y, U2, res_x);
+	add	%sp,LOCALS+$res_y,$rp
+
+	add	$ap_real,32,$bp
+	add	%sp,LOCALS+$Hcub,$ap
+	call	__ecp_nistz256_mul_mont	! p256_mul_mont(S2, in1_y, Hcub);
+	add	%sp,LOCALS+$S2,$rp
+
+	add	%sp,LOCALS+$R,$bp
+	add	%sp,LOCALS+$res_y,$ap
+	call	__ecp_nistz256_mul_mont	! p256_mul_mont(res_y, res_y, R);
+	add	%sp,LOCALS+$res_y,$rp
+
+	add	%sp,LOCALS+$S2,$bp
+	call	__ecp_nistz256_sub_from	! p256_sub(res_y, res_y, S2);
+	add	%sp,LOCALS+$res_y,$rp
+
+	ld	[%fp+STACK_BIAS-16],$t1	! !in1infty
+	ld	[%fp+STACK_BIAS-12],$t2	! !in2infty
+	ldx	[%fp+STACK_BIAS-8],$rp
+___
+for($i=0;$i<64;$i+=8) {			# conditional moves
+$code.=<<___;
+	ld	[%sp+LOCALS+$i],@acc[0]		! res
+	ld	[%sp+LOCALS+$i+4],@acc[1]
+	ld	[$bp_real+$i],@acc[2]		! in2
+	ld	[$bp_real+$i+4],@acc[3]
+	ld	[$ap_real+$i],@acc[4]		! in1
+	ld	[$ap_real+$i+4],@acc[5]
+	movrz	$t1,@acc[2],@acc[0]
+	movrz	$t1,@acc[3],@acc[1]
+	movrz	$t2,@acc[4],@acc[0]
+	movrz	$t2,@acc[5],@acc[1]
+	st	@acc[0],[$rp+$i]
+	st	@acc[1],[$rp+$i+4]
+___
+}
+for(;$i<96;$i+=8) {
+my $j=($i-64)/4;
+$code.=<<___;
+	ld	[%sp+LOCALS+$i],@acc[0]		! res
+	ld	[%sp+LOCALS+$i+4],@acc[1]
+	ld	[$ap_real+$i],@acc[4]		! in1
+	ld	[$ap_real+$i+4],@acc[5]
+	movrz	$t1,@ONE_mont[$j],@acc[0]
+	movrz	$t1,@ONE_mont[$j+1],@acc[1]
+	movrz	$t2,@acc[4],@acc[0]
+	movrz	$t2,@acc[5],@acc[1]
+	st	@acc[0],[$rp+$i]
+	st	@acc[1],[$rp+$i+4]
+___
+}
+$code.=<<___;
+	ret
+	restore
+.type	ecp_nistz256_point_add_affine,#function
+.size	ecp_nistz256_point_add_affine,.-ecp_nistz256_point_add_affine
+___
+}								}}}
+{{{
+my ($out,$inp,$index)=map("%i$_",(0..2));
+my $mask="%o0";
+
+$code.=<<___;
+! void	ecp_nistz256_scatter_w5(void *%i0,const P256_POINT *%i1,
+!					  int %i2);
+.globl	ecp_nistz256_scatter_w5
+.align	32
+ecp_nistz256_scatter_w5:
+	save	%sp,-STACK_FRAME,%sp
+
+	sll	$index,2,$index
+	add	$out,$index,$out
+
+	ld	[$inp],%l0		! X
+	ld	[$inp+4],%l1
+	ld	[$inp+8],%l2
+	ld	[$inp+12],%l3
+	ld	[$inp+16],%l4
+	ld	[$inp+20],%l5
+	ld	[$inp+24],%l6
+	ld	[$inp+28],%l7
+	add	$inp,32,$inp
+	st	%l0,[$out+64*0-4]
+	st	%l1,[$out+64*1-4]
+	st	%l2,[$out+64*2-4]
+	st	%l3,[$out+64*3-4]
+	st	%l4,[$out+64*4-4]
+	st	%l5,[$out+64*5-4]
+	st	%l6,[$out+64*6-4]
+	st	%l7,[$out+64*7-4]
+	add	$out,64*8,$out
+
+	ld	[$inp],%l0		! Y
+	ld	[$inp+4],%l1
+	ld	[$inp+8],%l2
+	ld	[$inp+12],%l3
+	ld	[$inp+16],%l4
+	ld	[$inp+20],%l5
+	ld	[$inp+24],%l6
+	ld	[$inp+28],%l7
+	add	$inp,32,$inp
+	st	%l0,[$out+64*0-4]
+	st	%l1,[$out+64*1-4]
+	st	%l2,[$out+64*2-4]
+	st	%l3,[$out+64*3-4]
+	st	%l4,[$out+64*4-4]
+	st	%l5,[$out+64*5-4]
+	st	%l6,[$out+64*6-4]
+	st	%l7,[$out+64*7-4]
+	add	$out,64*8,$out
+
+	ld	[$inp],%l0		! Z
+	ld	[$inp+4],%l1
+	ld	[$inp+8],%l2
+	ld	[$inp+12],%l3
+	ld	[$inp+16],%l4
+	ld	[$inp+20],%l5
+	ld	[$inp+24],%l6
+	ld	[$inp+28],%l7
+	st	%l0,[$out+64*0-4]
+	st	%l1,[$out+64*1-4]
+	st	%l2,[$out+64*2-4]
+	st	%l3,[$out+64*3-4]
+	st	%l4,[$out+64*4-4]
+	st	%l5,[$out+64*5-4]
+	st	%l6,[$out+64*6-4]
+	st	%l7,[$out+64*7-4]
+
+	ret
+	restore
+.type	ecp_nistz256_scatter_w5,#function
+.size	ecp_nistz256_scatter_w5,.-ecp_nistz256_scatter_w5
+
+! void	ecp_nistz256_gather_w5(P256_POINT *%i0,const void *%i1,
+!					       int %i2);
+.globl	ecp_nistz256_gather_w5
+.align	32
+ecp_nistz256_gather_w5:
+	save	%sp,-STACK_FRAME,%sp
+
+	neg	$index,$mask
+	srax	$mask,63,$mask
+
+	add	$index,$mask,$index
+	sll	$index,2,$index
+	add	$inp,$index,$inp
+
+	ld	[$inp+64*0],%l0
+	ld	[$inp+64*1],%l1
+	ld	[$inp+64*2],%l2
+	ld	[$inp+64*3],%l3
+	ld	[$inp+64*4],%l4
+	ld	[$inp+64*5],%l5
+	ld	[$inp+64*6],%l6
+	ld	[$inp+64*7],%l7
+	add	$inp,64*8,$inp
+	and	%l0,$mask,%l0
+	and	%l1,$mask,%l1
+	st	%l0,[$out]		! X
+	and	%l2,$mask,%l2
+	st	%l1,[$out+4]
+	and	%l3,$mask,%l3
+	st	%l2,[$out+8]
+	and	%l4,$mask,%l4
+	st	%l3,[$out+12]
+	and	%l5,$mask,%l5
+	st	%l4,[$out+16]
+	and	%l6,$mask,%l6
+	st	%l5,[$out+20]
+	and	%l7,$mask,%l7
+	st	%l6,[$out+24]
+	st	%l7,[$out+28]
+	add	$out,32,$out
+
+	ld	[$inp+64*0],%l0
+	ld	[$inp+64*1],%l1
+	ld	[$inp+64*2],%l2
+	ld	[$inp+64*3],%l3
+	ld	[$inp+64*4],%l4
+	ld	[$inp+64*5],%l5
+	ld	[$inp+64*6],%l6
+	ld	[$inp+64*7],%l7
+	add	$inp,64*8,$inp
+	and	%l0,$mask,%l0
+	and	%l1,$mask,%l1
+	st	%l0,[$out]		! Y
+	and	%l2,$mask,%l2
+	st	%l1,[$out+4]
+	and	%l3,$mask,%l3
+	st	%l2,[$out+8]
+	and	%l4,$mask,%l4
+	st	%l3,[$out+12]
+	and	%l5,$mask,%l5
+	st	%l4,[$out+16]
+	and	%l6,$mask,%l6
+	st	%l5,[$out+20]
+	and	%l7,$mask,%l7
+	st	%l6,[$out+24]
+	st	%l7,[$out+28]
+	add	$out,32,$out
+
+	ld	[$inp+64*0],%l0
+	ld	[$inp+64*1],%l1
+	ld	[$inp+64*2],%l2
+	ld	[$inp+64*3],%l3
+	ld	[$inp+64*4],%l4
+	ld	[$inp+64*5],%l5
+	ld	[$inp+64*6],%l6
+	ld	[$inp+64*7],%l7
+	and	%l0,$mask,%l0
+	and	%l1,$mask,%l1
+	st	%l0,[$out]		! Z
+	and	%l2,$mask,%l2
+	st	%l1,[$out+4]
+	and	%l3,$mask,%l3
+	st	%l2,[$out+8]
+	and	%l4,$mask,%l4
+	st	%l3,[$out+12]
+	and	%l5,$mask,%l5
+	st	%l4,[$out+16]
+	and	%l6,$mask,%l6
+	st	%l5,[$out+20]
+	and	%l7,$mask,%l7
+	st	%l6,[$out+24]
+	st	%l7,[$out+28]
+
+	ret
+	restore
+.type	ecp_nistz256_gather_w5,#function
+.size	ecp_nistz256_gather_w5,.-ecp_nistz256_gather_w5
+
+! void	ecp_nistz256_scatter_w7(void *%i0,const P256_POINT_AFFINE *%i1,
+!					  int %i2);
+.globl	ecp_nistz256_scatter_w7
+.align	32
+ecp_nistz256_scatter_w7:
+	save	%sp,-STACK_FRAME,%sp
+	nop
+	add	$out,$index,$out
+	mov	64/4,$index
+.Loop_scatter_w7:
+	ld	[$inp],%l0
+	add	$inp,4,$inp
+	subcc	$index,1,$index
+	stb	%l0,[$out+64*0]
+	srl	%l0,8,%l1
+	stb	%l1,[$out+64*1]
+	srl	%l0,16,%l2
+	stb	%l2,[$out+64*2]
+	srl	%l0,24,%l3
+	stb	%l3,[$out+64*3]
+	bne	.Loop_scatter_w7
+	add	$out,64*4,$out
+
+	ret
+	restore
+.type	ecp_nistz256_scatter_w7,#function
+.size	ecp_nistz256_scatter_w7,.-ecp_nistz256_scatter_w7
+
+! void	ecp_nistz256_gather_w7(P256_POINT_AFFINE *%i0,const void *%i1,
+!						      int %i2);
+.globl	ecp_nistz256_gather_w7
+.align	32
+ecp_nistz256_gather_w7:
+	save	%sp,-STACK_FRAME,%sp
+
+	neg	$index,$mask
+	srax	$mask,63,$mask
+
+	add	$index,$mask,$index
+	add	$inp,$index,$inp
+	mov	64/4,$index
+
+.Loop_gather_w7:
+	ldub	[$inp+64*0],%l0
+	prefetch [$inp+3840+64*0],1
+	subcc	$index,1,$index
+	ldub	[$inp+64*1],%l1
+	prefetch [$inp+3840+64*1],1
+	ldub	[$inp+64*2],%l2
+	prefetch [$inp+3840+64*2],1
+	ldub	[$inp+64*3],%l3
+	prefetch [$inp+3840+64*3],1
+	add	$inp,64*4,$inp
+	sll	%l1,8,%l1
+	sll	%l2,16,%l2
+	or	%l0,%l1,%l0
+	sll	%l3,24,%l3
+	or	%l0,%l2,%l0
+	or	%l0,%l3,%l0
+	and	%l0,$mask,%l0
+	st	%l0,[$out]
+	bne	.Loop_gather_w7
+	add	$out,4,$out
+
+	ret
+	restore
+.type	ecp_nistz256_gather_w7,#function
+.size	ecp_nistz256_gather_w7,.-ecp_nistz256_gather_w7
+___
+}}}
+{{{
+########################################################################
+# Following subroutines are VIS3 counterparts of those above that
+# implement ones found in ecp_nistz256.c. Key difference is that they
+# use 128-bit multiplication and addition with 64-bit carry, and in order
+# to do that they perform conversion from uin32_t[8] to uint64_t[4] upon
+# entry and vice versa on return.
+#
+my ($rp,$ap,$bp)=map("%i$_",(0..2));
+my ($t0,$t1,$t2,$t3,$a0,$a1,$a2,$a3)=map("%l$_",(0..7));
+my ($acc0,$acc1,$acc2,$acc3,$acc4,$acc5)=map("%o$_",(0..5));
+my ($bi,$poly1,$poly3,$minus1)=(map("%i$_",(3..5)),"%g1");
+my ($rp_real,$ap_real)=("%g2","%g3");
+my ($acc6,$acc7)=($bp,$bi);	# used in squaring
+
+$code.=<<___;
+.align	32
+__ecp_nistz256_mul_by_2_vis3:
+	addcc	$acc0,$acc0,$acc0
+	addxccc	$acc1,$acc1,$acc1
+	addxccc	$acc2,$acc2,$acc2
+	addxccc	$acc3,$acc3,$acc3
+	b	.Lreduce_by_sub_vis3
+	addxc	%g0,%g0,$acc4		! did it carry?
+.type	__ecp_nistz256_mul_by_2_vis3,#function
+.size	__ecp_nistz256_mul_by_2_vis3,.-__ecp_nistz256_mul_by_2_vis3
+
+.align	32
+__ecp_nistz256_add_vis3:
+	ldx	[$bp+0],$t0
+	ldx	[$bp+8],$t1
+	ldx	[$bp+16],$t2
+	ldx	[$bp+24],$t3
+
+__ecp_nistz256_add_noload_vis3:
+
+	addcc	$t0,$acc0,$acc0
+	addxccc	$t1,$acc1,$acc1
+	addxccc	$t2,$acc2,$acc2
+	addxccc	$t3,$acc3,$acc3
+	addxc	%g0,%g0,$acc4		! did it carry?
+
+.Lreduce_by_sub_vis3:
+
+	addcc	$acc0,1,$t0		! add -modulus, i.e. subtract
+	addxccc	$acc1,$poly1,$t1
+	addxccc	$acc2,$minus1,$t2
+	addxccc	$acc3,$poly3,$t3
+	addxc	$acc4,$minus1,$acc4
+
+	movrz	$acc4,$t0,$acc0		! ret = borrow ? ret : ret-modulus
+	movrz	$acc4,$t1,$acc1
+	stx	$acc0,[$rp]
+	movrz	$acc4,$t2,$acc2
+	stx	$acc1,[$rp+8]
+	movrz	$acc4,$t3,$acc3
+	stx	$acc2,[$rp+16]
+	retl
+	stx	$acc3,[$rp+24]
+.type	__ecp_nistz256_add_vis3,#function
+.size	__ecp_nistz256_add_vis3,.-__ecp_nistz256_add_vis3
+
+! Trouble with subtraction is that there is no subtraction with 64-bit
+! borrow, only with 32-bit one. For this reason we "decompose" 64-bit
+! $acc0-$acc3 to 32-bit values and pick b[4] in 32-bit pieces. But
+! recall that SPARC is big-endian, which is why you'll observe that
+! b[4] is accessed as 4-0-12-8-20-16-28-24. And prior reduction we
+! "collect" result back to 64-bit $acc0-$acc3.
+.align	32
+__ecp_nistz256_sub_from_vis3:
+	ld	[$bp+4],$t0
+	ld	[$bp+0],$t1
+	ld	[$bp+12],$t2
+	ld	[$bp+8],$t3
+
+	srlx	$acc0,32,$acc4
+	not	$poly1,$poly1
+	srlx	$acc1,32,$acc5
+	subcc	$acc0,$t0,$acc0
+	ld	[$bp+20],$t0
+	subccc	$acc4,$t1,$acc4
+	ld	[$bp+16],$t1
+	subccc	$acc1,$t2,$acc1
+	ld	[$bp+28],$t2
+	and	$acc0,$poly1,$acc0
+	subccc	$acc5,$t3,$acc5
+	ld	[$bp+24],$t3
+	sllx	$acc4,32,$acc4
+	and	$acc1,$poly1,$acc1
+	sllx	$acc5,32,$acc5
+	or	$acc0,$acc4,$acc0
+	srlx	$acc2,32,$acc4
+	or	$acc1,$acc5,$acc1
+	srlx	$acc3,32,$acc5
+	subccc	$acc2,$t0,$acc2
+	subccc	$acc4,$t1,$acc4
+	subccc	$acc3,$t2,$acc3
+	and	$acc2,$poly1,$acc2
+	subccc	$acc5,$t3,$acc5
+	sllx	$acc4,32,$acc4
+	and	$acc3,$poly1,$acc3
+	sllx	$acc5,32,$acc5
+	or	$acc2,$acc4,$acc2
+	subc	%g0,%g0,$acc4		! did it borrow?
+	b	.Lreduce_by_add_vis3
+	or	$acc3,$acc5,$acc3
+.type	__ecp_nistz256_sub_from_vis3,#function
+.size	__ecp_nistz256_sub_from_vis3,.-__ecp_nistz256_sub_from_vis3
+
+.align	32
+__ecp_nistz256_sub_morf_vis3:
+	ld	[$bp+4],$t0
+	ld	[$bp+0],$t1
+	ld	[$bp+12],$t2
+	ld	[$bp+8],$t3
+
+	srlx	$acc0,32,$acc4
+	not	$poly1,$poly1
+	srlx	$acc1,32,$acc5
+	subcc	$t0,$acc0,$acc0
+	ld	[$bp+20],$t0
+	subccc	$t1,$acc4,$acc4
+	ld	[$bp+16],$t1
+	subccc	$t2,$acc1,$acc1
+	ld	[$bp+28],$t2
+	and	$acc0,$poly1,$acc0
+	subccc	$t3,$acc5,$acc5
+	ld	[$bp+24],$t3
+	sllx	$acc4,32,$acc4
+	and	$acc1,$poly1,$acc1
+	sllx	$acc5,32,$acc5
+	or	$acc0,$acc4,$acc0
+	srlx	$acc2,32,$acc4
+	or	$acc1,$acc5,$acc1
+	srlx	$acc3,32,$acc5
+	subccc	$t0,$acc2,$acc2
+	subccc	$t1,$acc4,$acc4
+	subccc	$t2,$acc3,$acc3
+	and	$acc2,$poly1,$acc2
+	subccc	$t3,$acc5,$acc5
+	sllx	$acc4,32,$acc4
+	and	$acc3,$poly1,$acc3
+	sllx	$acc5,32,$acc5
+	or	$acc2,$acc4,$acc2
+	subc	%g0,%g0,$acc4		! did it borrow?
+	or	$acc3,$acc5,$acc3
+
+.Lreduce_by_add_vis3:
+
+	addcc	$acc0,-1,$t0		! add modulus
+	not	$poly3,$t3
+	addxccc	$acc1,$poly1,$t1
+	not	$poly1,$poly1		! restore $poly1
+	addxccc	$acc2,%g0,$t2
+	addxc	$acc3,$t3,$t3
+
+	movrnz	$acc4,$t0,$acc0		! if a-b borrowed, ret = ret+mod
+	movrnz	$acc4,$t1,$acc1
+	stx	$acc0,[$rp]
+	movrnz	$acc4,$t2,$acc2
+	stx	$acc1,[$rp+8]
+	movrnz	$acc4,$t3,$acc3
+	stx	$acc2,[$rp+16]
+	retl
+	stx	$acc3,[$rp+24]
+.type	__ecp_nistz256_sub_morf_vis3,#function
+.size	__ecp_nistz256_sub_morf_vis3,.-__ecp_nistz256_sub_morf_vis3
+
+.align	32
+__ecp_nistz256_div_by_2_vis3:
+	! ret = (a is odd ? a+mod : a) >> 1
+
+	not	$poly1,$t1
+	not	$poly3,$t3
+	and	$acc0,1,$acc5
+	addcc	$acc0,-1,$t0		! add modulus
+	addxccc	$acc1,$t1,$t1
+	addxccc	$acc2,%g0,$t2
+	addxccc	$acc3,$t3,$t3
+	addxc	%g0,%g0,$acc4		! carry bit
+
+	movrnz	$acc5,$t0,$acc0
+	movrnz	$acc5,$t1,$acc1
+	movrnz	$acc5,$t2,$acc2
+	movrnz	$acc5,$t3,$acc3
+	movrz	$acc5,%g0,$acc4
+
+	! ret >>= 1
+
+	srlx	$acc0,1,$acc0
+	sllx	$acc1,63,$t0
+	srlx	$acc1,1,$acc1
+	or	$acc0,$t0,$acc0
+	sllx	$acc2,63,$t1
+	srlx	$acc2,1,$acc2
+	or	$acc1,$t1,$acc1
+	sllx	$acc3,63,$t2
+	stx	$acc0,[$rp]
+	srlx	$acc3,1,$acc3
+	or	$acc2,$t2,$acc2
+	sllx	$acc4,63,$t3		! don't forget carry bit
+	stx	$acc1,[$rp+8]
+	or	$acc3,$t3,$acc3
+	stx	$acc2,[$rp+16]
+	retl
+	stx	$acc3,[$rp+24]
+.type	__ecp_nistz256_div_by_2_vis3,#function
+.size	__ecp_nistz256_div_by_2_vis3,.-__ecp_nistz256_div_by_2_vis3
+
+! compared to __ecp_nistz256_mul_mont it's almost 4x smaller and
+! 4x faster [on T4]...
+.align	32
+__ecp_nistz256_mul_mont_vis3:
+	mulx	$a0,$bi,$acc0
+	not	$poly3,$poly3		! 0xFFFFFFFF00000001
+	umulxhi	$a0,$bi,$t0
+	mulx	$a1,$bi,$acc1
+	umulxhi	$a1,$bi,$t1
+	mulx	$a2,$bi,$acc2
+	umulxhi	$a2,$bi,$t2
+	mulx	$a3,$bi,$acc3
+	umulxhi	$a3,$bi,$t3
+	ldx	[$bp+8],$bi		! b[1]
+
+	addcc	$acc1,$t0,$acc1		! accumulate high parts of multiplication
+	 sllx	$acc0,32,$t0
+	addxccc	$acc2,$t1,$acc2
+	 srlx	$acc0,32,$t1
+	addxccc	$acc3,$t2,$acc3
+	addxc	%g0,$t3,$acc4
+	mov	0,$acc5
+___
+for($i=1;$i<4;$i++) {
+	# Reduction iteration is normally performed by accumulating
+	# result of multiplication of modulus by "magic" digit [and
+	# omitting least significant word, which is guaranteed to
+	# be 0], but thanks to special form of modulus and "magic"
+	# digit being equal to least significant word, it can be
+	# performed with additions and subtractions alone. Indeed:
+	#
+	#            ffff0001.00000000.0000ffff.ffffffff
+	# *                                     abcdefgh
+	# + xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.abcdefgh
+	#
+	# Now observing that ff..ff*x = (2^n-1)*x = 2^n*x-x, we
+	# rewrite above as:
+	#
+	#   xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.abcdefgh
+	# + abcdefgh.abcdefgh.0000abcd.efgh0000.00000000
+	# - 0000abcd.efgh0000.00000000.00000000.abcdefgh
+	#
+	# or marking redundant operations:
+	#
+	#   xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.--------
+	# + abcdefgh.abcdefgh.0000abcd.efgh0000.--------
+	# - 0000abcd.efgh0000.--------.--------.--------
+	#   ^^^^^^^^ but this word is calculated with umulxhi, because
+	#            there is no subtract with 64-bit borrow:-(
+
+$code.=<<___;
+	sub	$acc0,$t0,$t2		! acc0*0xFFFFFFFF00000001, low part
+	umulxhi	$acc0,$poly3,$t3	! acc0*0xFFFFFFFF00000001, high part
+	addcc	$acc1,$t0,$acc0		! +=acc[0]<<96 and omit acc[0]
+	mulx	$a0,$bi,$t0
+	addxccc	$acc2,$t1,$acc1
+	mulx	$a1,$bi,$t1
+	addxccc	$acc3,$t2,$acc2		! +=acc[0]*0xFFFFFFFF00000001
+	mulx	$a2,$bi,$t2
+	addxccc	$acc4,$t3,$acc3
+	mulx	$a3,$bi,$t3
+	addxc	$acc5,%g0,$acc4
+
+	addcc	$acc0,$t0,$acc0		! accumulate low parts of multiplication
+	umulxhi	$a0,$bi,$t0
+	addxccc	$acc1,$t1,$acc1
+	umulxhi	$a1,$bi,$t1
+	addxccc	$acc2,$t2,$acc2
+	umulxhi	$a2,$bi,$t2
+	addxccc	$acc3,$t3,$acc3
+	umulxhi	$a3,$bi,$t3
+	addxc	$acc4,%g0,$acc4
+___
+$code.=<<___	if ($i<3);
+	ldx	[$bp+8*($i+1)],$bi	! bp[$i+1]
+___
+$code.=<<___;
+	addcc	$acc1,$t0,$acc1		! accumulate high parts of multiplication
+	 sllx	$acc0,32,$t0
+	addxccc	$acc2,$t1,$acc2
+	 srlx	$acc0,32,$t1
+	addxccc	$acc3,$t2,$acc3
+	addxccc	$acc4,$t3,$acc4
+	addxc	%g0,%g0,$acc5
+___
+}
+$code.=<<___;
+	sub	$acc0,$t0,$t2		! acc0*0xFFFFFFFF00000001, low part
+	umulxhi	$acc0,$poly3,$t3	! acc0*0xFFFFFFFF00000001, high part
+	addcc	$acc1,$t0,$acc0		! +=acc[0]<<96 and omit acc[0]
+	addxccc	$acc2,$t1,$acc1
+	addxccc	$acc3,$t2,$acc2		! +=acc[0]*0xFFFFFFFF00000001
+	addxccc	$acc4,$t3,$acc3
+	b	.Lmul_final_vis3	! see below
+	addxc	$acc5,%g0,$acc4
+.type	__ecp_nistz256_mul_mont_vis3,#function
+.size	__ecp_nistz256_mul_mont_vis3,.-__ecp_nistz256_mul_mont_vis3
+
+! compared to above __ecp_nistz256_mul_mont_vis3 it's 21% less
+! instructions, but only 14% faster [on T4]...
+.align	32
+__ecp_nistz256_sqr_mont_vis3:
+	!  |  |  |  |  |  |a1*a0|  |
+	!  |  |  |  |  |a2*a0|  |  |
+	!  |  |a3*a2|a3*a0|  |  |  |
+	!  |  |  |  |a2*a1|  |  |  |
+	!  |  |  |a3*a1|  |  |  |  |
+	! *|  |  |  |  |  |  |  | 2|
+	! +|a3*a3|a2*a2|a1*a1|a0*a0|
+	!  |--+--+--+--+--+--+--+--|
+	!  |A7|A6|A5|A4|A3|A2|A1|A0|, where Ax is $accx, i.e. follow $accx
+	!
+	!  "can't overflow" below mark carrying into high part of
+	!  multiplication result, which can't overflow, because it
+	!  can never be all ones.
+
+	mulx	$a1,$a0,$acc1		! a[1]*a[0]
+	umulxhi	$a1,$a0,$t1
+	mulx	$a2,$a0,$acc2		! a[2]*a[0]
+	umulxhi	$a2,$a0,$t2
+	mulx	$a3,$a0,$acc3		! a[3]*a[0]
+	umulxhi	$a3,$a0,$acc4
+
+	addcc	$acc2,$t1,$acc2		! accumulate high parts of multiplication
+	mulx	$a2,$a1,$t0		! a[2]*a[1]
+	umulxhi	$a2,$a1,$t1
+	addxccc	$acc3,$t2,$acc3
+	mulx	$a3,$a1,$t2		! a[3]*a[1]
+	umulxhi	$a3,$a1,$t3
+	addxc	$acc4,%g0,$acc4		! can't overflow
+
+	mulx	$a3,$a2,$acc5		! a[3]*a[2]
+	not	$poly3,$poly3		! 0xFFFFFFFF00000001
+	umulxhi	$a3,$a2,$acc6
+
+	addcc	$t2,$t1,$t1		! accumulate high parts of multiplication
+	mulx	$a0,$a0,$acc0		! a[0]*a[0]
+	addxc	$t3,%g0,$t2		! can't overflow
+
+	addcc	$acc3,$t0,$acc3		! accumulate low parts of multiplication
+	umulxhi	$a0,$a0,$a0
+	addxccc	$acc4,$t1,$acc4
+	mulx	$a1,$a1,$t1		! a[1]*a[1]
+	addxccc	$acc5,$t2,$acc5
+	umulxhi	$a1,$a1,$a1
+	addxc	$acc6,%g0,$acc6		! can't overflow
+
+	addcc	$acc1,$acc1,$acc1	! acc[1-6]*=2
+	mulx	$a2,$a2,$t2		! a[2]*a[2]
+	addxccc	$acc2,$acc2,$acc2
+	umulxhi	$a2,$a2,$a2
+	addxccc	$acc3,$acc3,$acc3
+	mulx	$a3,$a3,$t3		! a[3]*a[3]
+	addxccc	$acc4,$acc4,$acc4
+	umulxhi	$a3,$a3,$a3
+	addxccc	$acc5,$acc5,$acc5
+	addxccc	$acc6,$acc6,$acc6
+	addxc	%g0,%g0,$acc7
+
+	addcc	$acc1,$a0,$acc1		! +a[i]*a[i]
+	addxccc	$acc2,$t1,$acc2
+	addxccc	$acc3,$a1,$acc3
+	addxccc	$acc4,$t2,$acc4
+	 sllx	$acc0,32,$t0
+	addxccc	$acc5,$a2,$acc5
+	 srlx	$acc0,32,$t1
+	addxccc	$acc6,$t3,$acc6
+	 sub	$acc0,$t0,$t2		! acc0*0xFFFFFFFF00000001, low part
+	addxc	$acc7,$a3,$acc7
+___
+for($i=0;$i<3;$i++) {			# reductions, see commentary
+					# in multiplication for details
+$code.=<<___;
+	umulxhi	$acc0,$poly3,$t3	! acc0*0xFFFFFFFF00000001, high part
+	addcc	$acc1,$t0,$acc0		! +=acc[0]<<96 and omit acc[0]
+	 sllx	$acc0,32,$t0
+	addxccc	$acc2,$t1,$acc1
+	 srlx	$acc0,32,$t1
+	addxccc	$acc3,$t2,$acc2		! +=acc[0]*0xFFFFFFFF00000001
+	 sub	$acc0,$t0,$t2		! acc0*0xFFFFFFFF00000001, low part
+	addxc	%g0,$t3,$acc3		! can't overflow
+___
+}
+$code.=<<___;
+	umulxhi	$acc0,$poly3,$t3	! acc0*0xFFFFFFFF00000001, high part
+	addcc	$acc1,$t0,$acc0		! +=acc[0]<<96 and omit acc[0]
+	addxccc	$acc2,$t1,$acc1
+	addxccc	$acc3,$t2,$acc2		! +=acc[0]*0xFFFFFFFF00000001
+	addxc	%g0,$t3,$acc3		! can't overflow
+
+	addcc	$acc0,$acc4,$acc0	! accumulate upper half
+	addxccc	$acc1,$acc5,$acc1
+	addxccc	$acc2,$acc6,$acc2
+	addxccc	$acc3,$acc7,$acc3
+	addxc	%g0,%g0,$acc4
+
+.Lmul_final_vis3:
+
+	! Final step is "if result > mod, subtract mod", but as comparison
+	! means subtraction, we do the subtraction and then copy outcome
+	! if it didn't borrow. But note that as we [have to] replace
+	! subtraction with addition with negative, carry/borrow logic is
+	! inverse.
+
+	addcc	$acc0,1,$t0		! add -modulus, i.e. subtract
+	not	$poly3,$poly3		! restore 0x00000000FFFFFFFE
+	addxccc	$acc1,$poly1,$t1
+	addxccc	$acc2,$minus1,$t2
+	addxccc	$acc3,$poly3,$t3
+	addxccc	$acc4,$minus1,%g0	! did it carry?
+
+	movcs	%xcc,$t0,$acc0
+	movcs	%xcc,$t1,$acc1
+	stx	$acc0,[$rp]
+	movcs	%xcc,$t2,$acc2
+	stx	$acc1,[$rp+8]
+	movcs	%xcc,$t3,$acc3
+	stx	$acc2,[$rp+16]
+	retl
+	stx	$acc3,[$rp+24]
+.type	__ecp_nistz256_sqr_mont_vis3,#function
+.size	__ecp_nistz256_sqr_mont_vis3,.-__ecp_nistz256_sqr_mont_vis3
+___
+
+########################################################################
+# void ecp_nistz256_point_double(P256_POINT *out,const P256_POINT *inp);
+#
+{
+my ($res_x,$res_y,$res_z,
+    $in_x,$in_y,$in_z,
+    $S,$M,$Zsqr,$tmp0)=map(32*$_,(0..9));
+# above map() describes stack layout with 10 temporary
+# 256-bit vectors on top.
+
+$code.=<<___;
+.align	32
+ecp_nistz256_point_double_vis3:
+	save	%sp,-STACK64_FRAME-32*10,%sp
+
+	mov	$rp,$rp_real
+.Ldouble_shortcut_vis3:
+	mov	-1,$minus1
+	mov	-2,$poly3
+	sllx	$minus1,32,$poly1		! 0xFFFFFFFF00000000
+	srl	$poly3,0,$poly3			! 0x00000000FFFFFFFE
+
+	! convert input to uint64_t[4]
+	ld	[$ap],$a0			! in_x
+	ld	[$ap+4],$t0
+	ld	[$ap+8],$a1
+	ld	[$ap+12],$t1
+	ld	[$ap+16],$a2
+	ld	[$ap+20],$t2
+	ld	[$ap+24],$a3
+	ld	[$ap+28],$t3
+	sllx	$t0,32,$t0
+	sllx	$t1,32,$t1
+	ld	[$ap+32],$acc0			! in_y
+	or	$a0,$t0,$a0
+	ld	[$ap+32+4],$t0
+	sllx	$t2,32,$t2
+	ld	[$ap+32+8],$acc1
+	or	$a1,$t1,$a1
+	ld	[$ap+32+12],$t1
+	sllx	$t3,32,$t3
+	ld	[$ap+32+16],$acc2
+	or	$a2,$t2,$a2
+	ld	[$ap+32+20],$t2
+	or	$a3,$t3,$a3
+	ld	[$ap+32+24],$acc3
+	sllx	$t0,32,$t0
+	ld	[$ap+32+28],$t3
+	sllx	$t1,32,$t1
+	stx	$a0,[%sp+LOCALS64+$in_x]
+	sllx	$t2,32,$t2
+	stx	$a1,[%sp+LOCALS64+$in_x+8]
+	sllx	$t3,32,$t3
+	stx	$a2,[%sp+LOCALS64+$in_x+16]
+	or	$acc0,$t0,$acc0
+	stx	$a3,[%sp+LOCALS64+$in_x+24]
+	or	$acc1,$t1,$acc1
+	stx	$acc0,[%sp+LOCALS64+$in_y]
+	or	$acc2,$t2,$acc2
+	stx	$acc1,[%sp+LOCALS64+$in_y+8]
+	or	$acc3,$t3,$acc3
+	stx	$acc2,[%sp+LOCALS64+$in_y+16]
+	stx	$acc3,[%sp+LOCALS64+$in_y+24]
+
+	ld	[$ap+64],$a0			! in_z
+	ld	[$ap+64+4],$t0
+	ld	[$ap+64+8],$a1
+	ld	[$ap+64+12],$t1
+	ld	[$ap+64+16],$a2
+	ld	[$ap+64+20],$t2
+	ld	[$ap+64+24],$a3
+	ld	[$ap+64+28],$t3
+	sllx	$t0,32,$t0
+	sllx	$t1,32,$t1
+	or	$a0,$t0,$a0
+	sllx	$t2,32,$t2
+	or	$a1,$t1,$a1
+	sllx	$t3,32,$t3
+	or	$a2,$t2,$a2
+	or	$a3,$t3,$a3
+	sllx	$t0,32,$t0
+	sllx	$t1,32,$t1
+	stx	$a0,[%sp+LOCALS64+$in_z]
+	sllx	$t2,32,$t2
+	stx	$a1,[%sp+LOCALS64+$in_z+8]
+	sllx	$t3,32,$t3
+	stx	$a2,[%sp+LOCALS64+$in_z+16]
+	stx	$a3,[%sp+LOCALS64+$in_z+24]
+
+	! in_y is still in $acc0-$acc3
+	call	__ecp_nistz256_mul_by_2_vis3	! p256_mul_by_2(S, in_y);
+	add	%sp,LOCALS64+$S,$rp
+
+	! in_z is still in $a0-$a3
+	call	__ecp_nistz256_sqr_mont_vis3	! p256_sqr_mont(Zsqr, in_z);
+	add	%sp,LOCALS64+$Zsqr,$rp
+
+	mov	$acc0,$a0			! put Zsqr aside
+	mov	$acc1,$a1
+	mov	$acc2,$a2
+	mov	$acc3,$a3
+
+	add	%sp,LOCALS64+$in_x,$bp
+	call	__ecp_nistz256_add_vis3		! p256_add(M, Zsqr, in_x);
+	add	%sp,LOCALS64+$M,$rp
+
+	mov	$a0,$acc0			! restore Zsqr
+	ldx	[%sp+LOCALS64+$S],$a0		! forward load
+	mov	$a1,$acc1
+	ldx	[%sp+LOCALS64+$S+8],$a1
+	mov	$a2,$acc2
+	ldx	[%sp+LOCALS64+$S+16],$a2
+	mov	$a3,$acc3
+	ldx	[%sp+LOCALS64+$S+24],$a3
+
+	add	%sp,LOCALS64+$in_x,$bp
+	call	__ecp_nistz256_sub_morf_vis3	! p256_sub(Zsqr, in_x, Zsqr);
+	add	%sp,LOCALS64+$Zsqr,$rp
+
+	call	__ecp_nistz256_sqr_mont_vis3	! p256_sqr_mont(S, S);
+	add	%sp,LOCALS64+$S,$rp
+
+	ldx	[%sp+LOCALS64+$in_z],$bi
+	ldx	[%sp+LOCALS64+$in_y],$a0
+	ldx	[%sp+LOCALS64+$in_y+8],$a1
+	ldx	[%sp+LOCALS64+$in_y+16],$a2
+	ldx	[%sp+LOCALS64+$in_y+24],$a3
+	add	%sp,LOCALS64+$in_z,$bp
+	call	__ecp_nistz256_mul_mont_vis3	! p256_mul_mont(tmp0, in_z, in_y);
+	add	%sp,LOCALS64+$tmp0,$rp
+
+	ldx	[%sp+LOCALS64+$M],$bi		! forward load
+	ldx	[%sp+LOCALS64+$Zsqr],$a0
+	ldx	[%sp+LOCALS64+$Zsqr+8],$a1
+	ldx	[%sp+LOCALS64+$Zsqr+16],$a2
+	ldx	[%sp+LOCALS64+$Zsqr+24],$a3
+
+	call	__ecp_nistz256_mul_by_2_vis3	! p256_mul_by_2(res_z, tmp0);
+	add	%sp,LOCALS64+$res_z,$rp
+
+	add	%sp,LOCALS64+$M,$bp
+	call	__ecp_nistz256_mul_mont_vis3	! p256_mul_mont(M, M, Zsqr);
+	add	%sp,LOCALS64+$M,$rp
+
+	mov	$acc0,$a0			! put aside M
+	mov	$acc1,$a1
+	mov	$acc2,$a2
+	mov	$acc3,$a3
+	call	__ecp_nistz256_mul_by_2_vis3
+	add	%sp,LOCALS64+$M,$rp
+	mov	$a0,$t0				! copy M
+	ldx	[%sp+LOCALS64+$S],$a0		! forward load
+	mov	$a1,$t1
+	ldx	[%sp+LOCALS64+$S+8],$a1
+	mov	$a2,$t2
+	ldx	[%sp+LOCALS64+$S+16],$a2
+	mov	$a3,$t3
+	ldx	[%sp+LOCALS64+$S+24],$a3
+	call	__ecp_nistz256_add_noload_vis3	! p256_mul_by_3(M, M);
+	add	%sp,LOCALS64+$M,$rp
+
+	call	__ecp_nistz256_sqr_mont_vis3	! p256_sqr_mont(tmp0, S);
+	add	%sp,LOCALS64+$tmp0,$rp
+
+	ldx	[%sp+LOCALS64+$S],$bi		! forward load
+	ldx	[%sp+LOCALS64+$in_x],$a0
+	ldx	[%sp+LOCALS64+$in_x+8],$a1
+	ldx	[%sp+LOCALS64+$in_x+16],$a2
+	ldx	[%sp+LOCALS64+$in_x+24],$a3
+
+	call	__ecp_nistz256_div_by_2_vis3	! p256_div_by_2(res_y, tmp0);
+	add	%sp,LOCALS64+$res_y,$rp
+
+	add	%sp,LOCALS64+$S,$bp
+	call	__ecp_nistz256_mul_mont_vis3	! p256_mul_mont(S, S, in_x);
+	add	%sp,LOCALS64+$S,$rp
+
+	ldx	[%sp+LOCALS64+$M],$a0		! forward load
+	ldx	[%sp+LOCALS64+$M+8],$a1
+	ldx	[%sp+LOCALS64+$M+16],$a2
+	ldx	[%sp+LOCALS64+$M+24],$a3
+
+	call	__ecp_nistz256_mul_by_2_vis3	! p256_mul_by_2(tmp0, S);
+	add	%sp,LOCALS64+$tmp0,$rp
+
+	call	__ecp_nistz256_sqr_mont_vis3	! p256_sqr_mont(res_x, M);
+	add	%sp,LOCALS64+$res_x,$rp
+
+	add	%sp,LOCALS64+$tmp0,$bp
+	call	__ecp_nistz256_sub_from_vis3	! p256_sub(res_x, res_x, tmp0);
+	add	%sp,LOCALS64+$res_x,$rp
+
+	ldx	[%sp+LOCALS64+$M],$a0		! forward load
+	ldx	[%sp+LOCALS64+$M+8],$a1
+	ldx	[%sp+LOCALS64+$M+16],$a2
+	ldx	[%sp+LOCALS64+$M+24],$a3
+
+	add	%sp,LOCALS64+$S,$bp
+	call	__ecp_nistz256_sub_morf_vis3	! p256_sub(S, S, res_x);
+	add	%sp,LOCALS64+$S,$rp
+
+	mov	$acc0,$bi
+	call	__ecp_nistz256_mul_mont_vis3	! p256_mul_mont(S, S, M);
+	add	%sp,LOCALS64+$S,$rp
+
+	ldx	[%sp+LOCALS64+$res_x],$a0	! forward load
+	ldx	[%sp+LOCALS64+$res_x+8],$a1
+	ldx	[%sp+LOCALS64+$res_x+16],$a2
+	ldx	[%sp+LOCALS64+$res_x+24],$a3
+
+	add	%sp,LOCALS64+$res_y,$bp
+	call	__ecp_nistz256_sub_from_vis3	! p256_sub(res_y, S, res_y);
+	add	%sp,LOCALS64+$res_y,$bp
+
+	! convert output to uint_32[8]
+	srlx	$a0,32,$t0
+	srlx	$a1,32,$t1
+	st	$a0,[$rp_real]			! res_x
+	srlx	$a2,32,$t2
+	st	$t0,[$rp_real+4]
+	srlx	$a3,32,$t3
+	st	$a1,[$rp_real+8]
+	st	$t1,[$rp_real+12]
+	st	$a2,[$rp_real+16]
+	st	$t2,[$rp_real+20]
+	st	$a3,[$rp_real+24]
+	st	$t3,[$rp_real+28]
+
+	ldx	[%sp+LOCALS64+$res_z],$a0	! forward load
+	srlx	$acc0,32,$t0
+	ldx	[%sp+LOCALS64+$res_z+8],$a1
+	srlx	$acc1,32,$t1
+	ldx	[%sp+LOCALS64+$res_z+16],$a2
+	srlx	$acc2,32,$t2
+	ldx	[%sp+LOCALS64+$res_z+24],$a3
+	srlx	$acc3,32,$t3
+	st	$acc0,[$rp_real+32]		! res_y
+	st	$t0,  [$rp_real+32+4]
+	st	$acc1,[$rp_real+32+8]
+	st	$t1,  [$rp_real+32+12]
+	st	$acc2,[$rp_real+32+16]
+	st	$t2,  [$rp_real+32+20]
+	st	$acc3,[$rp_real+32+24]
+	st	$t3,  [$rp_real+32+28]
+
+	srlx	$a0,32,$t0
+	srlx	$a1,32,$t1
+	st	$a0,[$rp_real+64]		! res_z
+	srlx	$a2,32,$t2
+	st	$t0,[$rp_real+64+4]
+	srlx	$a3,32,$t3
+	st	$a1,[$rp_real+64+8]
+	st	$t1,[$rp_real+64+12]
+	st	$a2,[$rp_real+64+16]
+	st	$t2,[$rp_real+64+20]
+	st	$a3,[$rp_real+64+24]
+	st	$t3,[$rp_real+64+28]
+
+	ret
+	restore
+.type	ecp_nistz256_point_double_vis3,#function
+.size	ecp_nistz256_point_double_vis3,.-ecp_nistz256_point_double_vis3
+___
+}
+########################################################################
+# void ecp_nistz256_point_add(P256_POINT *out,const P256_POINT *in1,
+#			      const P256_POINT *in2);
+{
+my ($res_x,$res_y,$res_z,
+    $in1_x,$in1_y,$in1_z,
+    $in2_x,$in2_y,$in2_z,
+    $H,$Hsqr,$R,$Rsqr,$Hcub,
+    $U1,$U2,$S1,$S2)=map(32*$_,(0..17));
+my ($Z1sqr, $Z2sqr) = ($Hsqr, $Rsqr);
+
+# above map() describes stack layout with 18 temporary
+# 256-bit vectors on top. Then we reserve some space for
+# !in1infty, !in2infty and result of check for zero.
+
+$code.=<<___;
+.globl	ecp_nistz256_point_add_vis3
+.align	32
+ecp_nistz256_point_add_vis3:
+	save	%sp,-STACK64_FRAME-32*18-32,%sp
+
+	mov	$rp,$rp_real
+	mov	-1,$minus1
+	mov	-2,$poly3
+	sllx	$minus1,32,$poly1		! 0xFFFFFFFF00000000
+	srl	$poly3,0,$poly3			! 0x00000000FFFFFFFE
+
+	! convert input to uint64_t[4]
+	ld	[$bp],$a0			! in2_x
+	ld	[$bp+4],$t0
+	ld	[$bp+8],$a1
+	ld	[$bp+12],$t1
+	ld	[$bp+16],$a2
+	ld	[$bp+20],$t2
+	ld	[$bp+24],$a3
+	ld	[$bp+28],$t3
+	sllx	$t0,32,$t0
+	sllx	$t1,32,$t1
+	ld	[$bp+32],$acc0			! in2_y
+	or	$a0,$t0,$a0
+	ld	[$bp+32+4],$t0
+	sllx	$t2,32,$t2
+	ld	[$bp+32+8],$acc1
+	or	$a1,$t1,$a1
+	ld	[$bp+32+12],$t1
+	sllx	$t3,32,$t3
+	ld	[$bp+32+16],$acc2
+	or	$a2,$t2,$a2
+	ld	[$bp+32+20],$t2
+	or	$a3,$t3,$a3
+	ld	[$bp+32+24],$acc3
+	sllx	$t0,32,$t0
+	ld	[$bp+32+28],$t3
+	sllx	$t1,32,$t1
+	stx	$a0,[%sp+LOCALS64+$in2_x]
+	sllx	$t2,32,$t2
+	stx	$a1,[%sp+LOCALS64+$in2_x+8]
+	sllx	$t3,32,$t3
+	stx	$a2,[%sp+LOCALS64+$in2_x+16]
+	or	$acc0,$t0,$acc0
+	stx	$a3,[%sp+LOCALS64+$in2_x+24]
+	or	$acc1,$t1,$acc1
+	stx	$acc0,[%sp+LOCALS64+$in2_y]
+	or	$acc2,$t2,$acc2
+	stx	$acc1,[%sp+LOCALS64+$in2_y+8]
+	or	$acc3,$t3,$acc3
+	stx	$acc2,[%sp+LOCALS64+$in2_y+16]
+	stx	$acc3,[%sp+LOCALS64+$in2_y+24]
+
+	ld	[$bp+64],$acc0			! in2_z
+	ld	[$bp+64+4],$t0
+	ld	[$bp+64+8],$acc1
+	ld	[$bp+64+12],$t1
+	ld	[$bp+64+16],$acc2
+	ld	[$bp+64+20],$t2
+	ld	[$bp+64+24],$acc3
+	ld	[$bp+64+28],$t3
+	sllx	$t0,32,$t0
+	sllx	$t1,32,$t1
+	ld	[$ap],$a0			! in1_x
+	or	$acc0,$t0,$acc0
+	ld	[$ap+4],$t0
+	sllx	$t2,32,$t2
+	ld	[$ap+8],$a1
+	or	$acc1,$t1,$acc1
+	ld	[$ap+12],$t1
+	sllx	$t3,32,$t3
+	ld	[$ap+16],$a2
+	or	$acc2,$t2,$acc2
+	ld	[$ap+20],$t2
+	or	$acc3,$t3,$acc3
+	ld	[$ap+24],$a3
+	sllx	$t0,32,$t0
+	ld	[$ap+28],$t3
+	sllx	$t1,32,$t1
+	stx	$acc0,[%sp+LOCALS64+$in2_z]
+	sllx	$t2,32,$t2
+	stx	$acc1,[%sp+LOCALS64+$in2_z+8]
+	sllx	$t3,32,$t3
+	stx	$acc2,[%sp+LOCALS64+$in2_z+16]
+	stx	$acc3,[%sp+LOCALS64+$in2_z+24]
+
+	or	$acc1,$acc0,$acc0
+	or	$acc3,$acc2,$acc2
+	or	$acc2,$acc0,$acc0
+	movrnz	$acc0,-1,$acc0			! !in2infty
+	stx	$acc0,[%fp+STACK_BIAS-8]
+
+	or	$a0,$t0,$a0
+	ld	[$ap+32],$acc0			! in1_y
+	or	$a1,$t1,$a1
+	ld	[$ap+32+4],$t0
+	or	$a2,$t2,$a2
+	ld	[$ap+32+8],$acc1
+	or	$a3,$t3,$a3
+	ld	[$ap+32+12],$t1
+	ld	[$ap+32+16],$acc2
+	ld	[$ap+32+20],$t2
+	ld	[$ap+32+24],$acc3
+	sllx	$t0,32,$t0
+	ld	[$ap+32+28],$t3
+	sllx	$t1,32,$t1
+	stx	$a0,[%sp+LOCALS64+$in1_x]
+	sllx	$t2,32,$t2
+	stx	$a1,[%sp+LOCALS64+$in1_x+8]
+	sllx	$t3,32,$t3
+	stx	$a2,[%sp+LOCALS64+$in1_x+16]
+	or	$acc0,$t0,$acc0
+	stx	$a3,[%sp+LOCALS64+$in1_x+24]
+	or	$acc1,$t1,$acc1
+	stx	$acc0,[%sp+LOCALS64+$in1_y]
+	or	$acc2,$t2,$acc2
+	stx	$acc1,[%sp+LOCALS64+$in1_y+8]
+	or	$acc3,$t3,$acc3
+	stx	$acc2,[%sp+LOCALS64+$in1_y+16]
+	stx	$acc3,[%sp+LOCALS64+$in1_y+24]
+
+	ldx	[%sp+LOCALS64+$in2_z],$a0	! forward load
+	ldx	[%sp+LOCALS64+$in2_z+8],$a1
+	ldx	[%sp+LOCALS64+$in2_z+16],$a2
+	ldx	[%sp+LOCALS64+$in2_z+24],$a3
+
+	ld	[$ap+64],$acc0			! in1_z
+	ld	[$ap+64+4],$t0
+	ld	[$ap+64+8],$acc1
+	ld	[$ap+64+12],$t1
+	ld	[$ap+64+16],$acc2
+	ld	[$ap+64+20],$t2
+	ld	[$ap+64+24],$acc3
+	ld	[$ap+64+28],$t3
+	sllx	$t0,32,$t0
+	sllx	$t1,32,$t1
+	or	$acc0,$t0,$acc0
+	sllx	$t2,32,$t2
+	or	$acc1,$t1,$acc1
+	sllx	$t3,32,$t3
+	stx	$acc0,[%sp+LOCALS64+$in1_z]
+	or	$acc2,$t2,$acc2
+	stx	$acc1,[%sp+LOCALS64+$in1_z+8]
+	or	$acc3,$t3,$acc3
+	stx	$acc2,[%sp+LOCALS64+$in1_z+16]
+	stx	$acc3,[%sp+LOCALS64+$in1_z+24]
+
+	or	$acc1,$acc0,$acc0
+	or	$acc3,$acc2,$acc2
+	or	$acc2,$acc0,$acc0
+	movrnz	$acc0,-1,$acc0			! !in1infty
+	stx	$acc0,[%fp+STACK_BIAS-16]
+
+	call	__ecp_nistz256_sqr_mont_vis3	! p256_sqr_mont(Z2sqr, in2_z);
+	add	%sp,LOCALS64+$Z2sqr,$rp
+
+	ldx	[%sp+LOCALS64+$in1_z],$a0
+	ldx	[%sp+LOCALS64+$in1_z+8],$a1
+	ldx	[%sp+LOCALS64+$in1_z+16],$a2
+	ldx	[%sp+LOCALS64+$in1_z+24],$a3
+	call	__ecp_nistz256_sqr_mont_vis3	! p256_sqr_mont(Z1sqr, in1_z);
+	add	%sp,LOCALS64+$Z1sqr,$rp
+
+	ldx	[%sp+LOCALS64+$Z2sqr],$bi
+	ldx	[%sp+LOCALS64+$in2_z],$a0
+	ldx	[%sp+LOCALS64+$in2_z+8],$a1
+	ldx	[%sp+LOCALS64+$in2_z+16],$a2
+	ldx	[%sp+LOCALS64+$in2_z+24],$a3
+	add	%sp,LOCALS64+$Z2sqr,$bp
+	call	__ecp_nistz256_mul_mont_vis3	! p256_mul_mont(S1, Z2sqr, in2_z);
+	add	%sp,LOCALS64+$S1,$rp
+
+	ldx	[%sp+LOCALS64+$Z1sqr],$bi
+	ldx	[%sp+LOCALS64+$in1_z],$a0
+	ldx	[%sp+LOCALS64+$in1_z+8],$a1
+	ldx	[%sp+LOCALS64+$in1_z+16],$a2
+	ldx	[%sp+LOCALS64+$in1_z+24],$a3
+	add	%sp,LOCALS64+$Z1sqr,$bp
+	call	__ecp_nistz256_mul_mont_vis3	! p256_mul_mont(S2, Z1sqr, in1_z);
+	add	%sp,LOCALS64+$S2,$rp
+
+	ldx	[%sp+LOCALS64+$S1],$bi
+	ldx	[%sp+LOCALS64+$in1_y],$a0
+	ldx	[%sp+LOCALS64+$in1_y+8],$a1
+	ldx	[%sp+LOCALS64+$in1_y+16],$a2
+	ldx	[%sp+LOCALS64+$in1_y+24],$a3
+	add	%sp,LOCALS64+$S1,$bp
+	call	__ecp_nistz256_mul_mont_vis3	! p256_mul_mont(S1, S1, in1_y);
+	add	%sp,LOCALS64+$S1,$rp
+
+	ldx	[%sp+LOCALS64+$S2],$bi
+	ldx	[%sp+LOCALS64+$in2_y],$a0
+	ldx	[%sp+LOCALS64+$in2_y+8],$a1
+	ldx	[%sp+LOCALS64+$in2_y+16],$a2
+	ldx	[%sp+LOCALS64+$in2_y+24],$a3
+	add	%sp,LOCALS64+$S2,$bp
+	call	__ecp_nistz256_mul_mont_vis3	! p256_mul_mont(S2, S2, in2_y);
+	add	%sp,LOCALS64+$S2,$rp
+
+	ldx	[%sp+LOCALS64+$Z2sqr],$bi	! forward load
+	ldx	[%sp+LOCALS64+$in1_x],$a0
+	ldx	[%sp+LOCALS64+$in1_x+8],$a1
+	ldx	[%sp+LOCALS64+$in1_x+16],$a2
+	ldx	[%sp+LOCALS64+$in1_x+24],$a3
+
+	add	%sp,LOCALS64+$S1,$bp
+	call	__ecp_nistz256_sub_from_vis3	! p256_sub(R, S2, S1);
+	add	%sp,LOCALS64+$R,$rp
+
+	or	$acc1,$acc0,$acc0		! see if result is zero
+	or	$acc3,$acc2,$acc2
+	or	$acc2,$acc0,$acc0
+	stx	$acc0,[%fp+STACK_BIAS-24]
+
+	add	%sp,LOCALS64+$Z2sqr,$bp
+	call	__ecp_nistz256_mul_mont_vis3	! p256_mul_mont(U1, in1_x, Z2sqr);
+	add	%sp,LOCALS64+$U1,$rp
+
+	ldx	[%sp+LOCALS64+$Z1sqr],$bi
+	ldx	[%sp+LOCALS64+$in2_x],$a0
+	ldx	[%sp+LOCALS64+$in2_x+8],$a1
+	ldx	[%sp+LOCALS64+$in2_x+16],$a2
+	ldx	[%sp+LOCALS64+$in2_x+24],$a3
+	add	%sp,LOCALS64+$Z1sqr,$bp
+	call	__ecp_nistz256_mul_mont_vis3	! p256_mul_mont(U2, in2_x, Z1sqr);
+	add	%sp,LOCALS64+$U2,$rp
+
+	ldx	[%sp+LOCALS64+$R],$a0		! forward load
+	ldx	[%sp+LOCALS64+$R+8],$a1
+	ldx	[%sp+LOCALS64+$R+16],$a2
+	ldx	[%sp+LOCALS64+$R+24],$a3
+
+	add	%sp,LOCALS64+$U1,$bp
+	call	__ecp_nistz256_sub_from_vis3	! p256_sub(H, U2, U1);
+	add	%sp,LOCALS64+$H,$rp
+
+	or	$acc1,$acc0,$acc0		! see if result is zero
+	or	$acc3,$acc2,$acc2
+	orcc	$acc2,$acc0,$acc0
+
+	bne,pt	%xcc,.Ladd_proceed_vis3		! is_equal(U1,U2)?
+	nop
+
+	ldx	[%fp+STACK_BIAS-8],$t0
+	ldx	[%fp+STACK_BIAS-16],$t1
+	ldx	[%fp+STACK_BIAS-24],$t2
+	andcc	$t0,$t1,%g0
+	be,pt	%xcc,.Ladd_proceed_vis3		! (in1infty || in2infty)?
+	nop
+	andcc	$t2,$t2,%g0
+	be,a,pt	%xcc,.Ldouble_shortcut_vis3	! is_equal(S1,S2)?
+	add	%sp,32*(12-10)+32,%sp		! difference in frame sizes
+
+	st	%g0,[$rp_real]
+	st	%g0,[$rp_real+4]
+	st	%g0,[$rp_real+8]
+	st	%g0,[$rp_real+12]
+	st	%g0,[$rp_real+16]
+	st	%g0,[$rp_real+20]
+	st	%g0,[$rp_real+24]
+	st	%g0,[$rp_real+28]
+	st	%g0,[$rp_real+32]
+	st	%g0,[$rp_real+32+4]
+	st	%g0,[$rp_real+32+8]
+	st	%g0,[$rp_real+32+12]
+	st	%g0,[$rp_real+32+16]
+	st	%g0,[$rp_real+32+20]
+	st	%g0,[$rp_real+32+24]
+	st	%g0,[$rp_real+32+28]
+	st	%g0,[$rp_real+64]
+	st	%g0,[$rp_real+64+4]
+	st	%g0,[$rp_real+64+8]
+	st	%g0,[$rp_real+64+12]
+	st	%g0,[$rp_real+64+16]
+	st	%g0,[$rp_real+64+20]
+	st	%g0,[$rp_real+64+24]
+	st	%g0,[$rp_real+64+28]
+	b	.Ladd_done_vis3
+	nop
+
+.align	16
+.Ladd_proceed_vis3:
+	call	__ecp_nistz256_sqr_mont_vis3	! p256_sqr_mont(Rsqr, R);
+	add	%sp,LOCALS64+$Rsqr,$rp
+
+	ldx	[%sp+LOCALS64+$H],$bi
+	ldx	[%sp+LOCALS64+$in1_z],$a0
+	ldx	[%sp+LOCALS64+$in1_z+8],$a1
+	ldx	[%sp+LOCALS64+$in1_z+16],$a2
+	ldx	[%sp+LOCALS64+$in1_z+24],$a3
+	add	%sp,LOCALS64+$H,$bp
+	call	__ecp_nistz256_mul_mont_vis3	! p256_mul_mont(res_z, H, in1_z);
+	add	%sp,LOCALS64+$res_z,$rp
+
+	ldx	[%sp+LOCALS64+$H],$a0
+	ldx	[%sp+LOCALS64+$H+8],$a1
+	ldx	[%sp+LOCALS64+$H+16],$a2
+	ldx	[%sp+LOCALS64+$H+24],$a3
+	call	__ecp_nistz256_sqr_mont_vis3	! p256_sqr_mont(Hsqr, H);
+	add	%sp,LOCALS64+$Hsqr,$rp
+
+	ldx	[%sp+LOCALS64+$res_z],$bi
+	ldx	[%sp+LOCALS64+$in2_z],$a0
+	ldx	[%sp+LOCALS64+$in2_z+8],$a1
+	ldx	[%sp+LOCALS64+$in2_z+16],$a2
+	ldx	[%sp+LOCALS64+$in2_z+24],$a3
+	add	%sp,LOCALS64+$res_z,$bp
+	call	__ecp_nistz256_mul_mont_vis3	! p256_mul_mont(res_z, res_z, in2_z);
+	add	%sp,LOCALS64+$res_z,$rp
+
+	ldx	[%sp+LOCALS64+$H],$bi
+	ldx	[%sp+LOCALS64+$Hsqr],$a0
+	ldx	[%sp+LOCALS64+$Hsqr+8],$a1
+	ldx	[%sp+LOCALS64+$Hsqr+16],$a2
+	ldx	[%sp+LOCALS64+$Hsqr+24],$a3
+	add	%sp,LOCALS64+$H,$bp
+	call	__ecp_nistz256_mul_mont_vis3	! p256_mul_mont(Hcub, Hsqr, H);
+	add	%sp,LOCALS64+$Hcub,$rp
+
+	ldx	[%sp+LOCALS64+$U1],$bi
+	ldx	[%sp+LOCALS64+$Hsqr],$a0
+	ldx	[%sp+LOCALS64+$Hsqr+8],$a1
+	ldx	[%sp+LOCALS64+$Hsqr+16],$a2
+	ldx	[%sp+LOCALS64+$Hsqr+24],$a3
+	add	%sp,LOCALS64+$U1,$bp
+	call	__ecp_nistz256_mul_mont_vis3	! p256_mul_mont(U2, U1, Hsqr);
+	add	%sp,LOCALS64+$U2,$rp
+
+	call	__ecp_nistz256_mul_by_2_vis3	! p256_mul_by_2(Hsqr, U2);
+	add	%sp,LOCALS64+$Hsqr,$rp
+
+	add	%sp,LOCALS64+$Rsqr,$bp
+	call	__ecp_nistz256_sub_morf_vis3	! p256_sub(res_x, Rsqr, Hsqr);
+	add	%sp,LOCALS64+$res_x,$rp
+
+	add	%sp,LOCALS64+$Hcub,$bp
+	call	__ecp_nistz256_sub_from_vis3	!  p256_sub(res_x, res_x, Hcub);
+	add	%sp,LOCALS64+$res_x,$rp
+
+	ldx	[%sp+LOCALS64+$S1],$bi		! forward load
+	ldx	[%sp+LOCALS64+$Hcub],$a0
+	ldx	[%sp+LOCALS64+$Hcub+8],$a1
+	ldx	[%sp+LOCALS64+$Hcub+16],$a2
+	ldx	[%sp+LOCALS64+$Hcub+24],$a3
+
+	add	%sp,LOCALS64+$U2,$bp
+	call	__ecp_nistz256_sub_morf_vis3	! p256_sub(res_y, U2, res_x);
+	add	%sp,LOCALS64+$res_y,$rp
+
+	add	%sp,LOCALS64+$S1,$bp
+	call	__ecp_nistz256_mul_mont_vis3	! p256_mul_mont(S2, S1, Hcub);
+	add	%sp,LOCALS64+$S2,$rp
+
+	ldx	[%sp+LOCALS64+$R],$bi
+	ldx	[%sp+LOCALS64+$res_y],$a0
+	ldx	[%sp+LOCALS64+$res_y+8],$a1
+	ldx	[%sp+LOCALS64+$res_y+16],$a2
+	ldx	[%sp+LOCALS64+$res_y+24],$a3
+	add	%sp,LOCALS64+$R,$bp
+	call	__ecp_nistz256_mul_mont_vis3	! p256_mul_mont(res_y, res_y, R);
+	add	%sp,LOCALS64+$res_y,$rp
+
+	add	%sp,LOCALS64+$S2,$bp
+	call	__ecp_nistz256_sub_from_vis3	! p256_sub(res_y, res_y, S2);
+	add	%sp,LOCALS64+$res_y,$rp
+
+	ldx	[%fp+STACK_BIAS-16],$t1		! !in1infty
+	ldx	[%fp+STACK_BIAS-8],$t2		! !in2infty
+___
+for($i=0;$i<96;$i+=16) {			# conditional moves
+$code.=<<___;
+	ldx	[%sp+LOCALS64+$res_x+$i],$acc0	! res
+	ldx	[%sp+LOCALS64+$res_x+$i+8],$acc1
+	ldx	[%sp+LOCALS64+$in2_x+$i],$acc2	! in2
+	ldx	[%sp+LOCALS64+$in2_x+$i+8],$acc3
+	ldx	[%sp+LOCALS64+$in1_x+$i],$acc4	! in1
+	ldx	[%sp+LOCALS64+$in1_x+$i+8],$acc5
+	movrz	$t1,$acc2,$acc0
+	movrz	$t1,$acc3,$acc1
+	movrz	$t2,$acc4,$acc0
+	movrz	$t2,$acc5,$acc1
+	srlx	$acc0,32,$acc2
+	srlx	$acc1,32,$acc3
+	st	$acc0,[$rp_real+$i]
+	st	$acc2,[$rp_real+$i+4]
+	st	$acc1,[$rp_real+$i+8]
+	st	$acc3,[$rp_real+$i+12]
+___
+}
+$code.=<<___;
+.Ladd_done_vis3:
+	ret
+	restore
+.type	ecp_nistz256_point_add_vis3,#function
+.size	ecp_nistz256_point_add_vis3,.-ecp_nistz256_point_add_vis3
+___
+}
+########################################################################
+# void ecp_nistz256_point_add_affine(P256_POINT *out,const P256_POINT *in1,
+#				     const P256_POINT_AFFINE *in2);
+{
+my ($res_x,$res_y,$res_z,
+    $in1_x,$in1_y,$in1_z,
+    $in2_x,$in2_y,
+    $U2,$S2,$H,$R,$Hsqr,$Hcub,$Rsqr)=map(32*$_,(0..14));
+my $Z1sqr = $S2;
+# above map() describes stack layout with 15 temporary
+# 256-bit vectors on top. Then we reserve some space for
+# !in1infty and !in2infty.
+
+$code.=<<___;
+.align	32
+ecp_nistz256_point_add_affine_vis3:
+	save	%sp,-STACK64_FRAME-32*15-32,%sp
+
+	mov	$rp,$rp_real
+	mov	-1,$minus1
+	mov	-2,$poly3
+	sllx	$minus1,32,$poly1		! 0xFFFFFFFF00000000
+	srl	$poly3,0,$poly3			! 0x00000000FFFFFFFE
+
+	! convert input to uint64_t[4]
+	ld	[$bp],$a0			! in2_x
+	ld	[$bp+4],$t0
+	ld	[$bp+8],$a1
+	ld	[$bp+12],$t1
+	ld	[$bp+16],$a2
+	ld	[$bp+20],$t2
+	ld	[$bp+24],$a3
+	ld	[$bp+28],$t3
+	sllx	$t0,32,$t0
+	sllx	$t1,32,$t1
+	ld	[$bp+32],$acc0			! in2_y
+	or	$a0,$t0,$a0
+	ld	[$bp+32+4],$t0
+	sllx	$t2,32,$t2
+	ld	[$bp+32+8],$acc1
+	or	$a1,$t1,$a1
+	ld	[$bp+32+12],$t1
+	sllx	$t3,32,$t3
+	ld	[$bp+32+16],$acc2
+	or	$a2,$t2,$a2
+	ld	[$bp+32+20],$t2
+	or	$a3,$t3,$a3
+	ld	[$bp+32+24],$acc3
+	sllx	$t0,32,$t0
+	ld	[$bp+32+28],$t3
+	sllx	$t1,32,$t1
+	stx	$a0,[%sp+LOCALS64+$in2_x]
+	sllx	$t2,32,$t2
+	stx	$a1,[%sp+LOCALS64+$in2_x+8]
+	sllx	$t3,32,$t3
+	stx	$a2,[%sp+LOCALS64+$in2_x+16]
+	or	$acc0,$t0,$acc0
+	stx	$a3,[%sp+LOCALS64+$in2_x+24]
+	or	$acc1,$t1,$acc1
+	stx	$acc0,[%sp+LOCALS64+$in2_y]
+	or	$acc2,$t2,$acc2
+	stx	$acc1,[%sp+LOCALS64+$in2_y+8]
+	or	$acc3,$t3,$acc3
+	stx	$acc2,[%sp+LOCALS64+$in2_y+16]
+	stx	$acc3,[%sp+LOCALS64+$in2_y+24]
+
+	or	$a1,$a0,$a0
+	or	$a3,$a2,$a2
+	or	$acc1,$acc0,$acc0
+	or	$acc3,$acc2,$acc2
+	or	$a2,$a0,$a0
+	or	$acc2,$acc0,$acc0
+	or	$acc0,$a0,$a0
+	movrnz	$a0,-1,$a0			! !in2infty
+	stx	$a0,[%fp+STACK_BIAS-8]
+
+	ld	[$ap],$a0			! in1_x
+	ld	[$ap+4],$t0
+	ld	[$ap+8],$a1
+	ld	[$ap+12],$t1
+	ld	[$ap+16],$a2
+	ld	[$ap+20],$t2
+	ld	[$ap+24],$a3
+	ld	[$ap+28],$t3
+	sllx	$t0,32,$t0
+	sllx	$t1,32,$t1
+	ld	[$ap+32],$acc0			! in1_y
+	or	$a0,$t0,$a0
+	ld	[$ap+32+4],$t0
+	sllx	$t2,32,$t2
+	ld	[$ap+32+8],$acc1
+	or	$a1,$t1,$a1
+	ld	[$ap+32+12],$t1
+	sllx	$t3,32,$t3
+	ld	[$ap+32+16],$acc2
+	or	$a2,$t2,$a2
+	ld	[$ap+32+20],$t2
+	or	$a3,$t3,$a3
+	ld	[$ap+32+24],$acc3
+	sllx	$t0,32,$t0
+	ld	[$ap+32+28],$t3
+	sllx	$t1,32,$t1
+	stx	$a0,[%sp+LOCALS64+$in1_x]
+	sllx	$t2,32,$t2
+	stx	$a1,[%sp+LOCALS64+$in1_x+8]
+	sllx	$t3,32,$t3
+	stx	$a2,[%sp+LOCALS64+$in1_x+16]
+	or	$acc0,$t0,$acc0
+	stx	$a3,[%sp+LOCALS64+$in1_x+24]
+	or	$acc1,$t1,$acc1
+	stx	$acc0,[%sp+LOCALS64+$in1_y]
+	or	$acc2,$t2,$acc2
+	stx	$acc1,[%sp+LOCALS64+$in1_y+8]
+	or	$acc3,$t3,$acc3
+	stx	$acc2,[%sp+LOCALS64+$in1_y+16]
+	stx	$acc3,[%sp+LOCALS64+$in1_y+24]
+
+	ld	[$ap+64],$a0			! in1_z
+	ld	[$ap+64+4],$t0
+	ld	[$ap+64+8],$a1
+	ld	[$ap+64+12],$t1
+	ld	[$ap+64+16],$a2
+	ld	[$ap+64+20],$t2
+	ld	[$ap+64+24],$a3
+	ld	[$ap+64+28],$t3
+	sllx	$t0,32,$t0
+	sllx	$t1,32,$t1
+	or	$a0,$t0,$a0
+	sllx	$t2,32,$t2
+	or	$a1,$t1,$a1
+	sllx	$t3,32,$t3
+	stx	$a0,[%sp+LOCALS64+$in1_z]
+	or	$a2,$t2,$a2
+	stx	$a1,[%sp+LOCALS64+$in1_z+8]
+	or	$a3,$t3,$a3
+	stx	$a2,[%sp+LOCALS64+$in1_z+16]
+	stx	$a3,[%sp+LOCALS64+$in1_z+24]
+
+	or	$a1,$a0,$t0
+	or	$a3,$a2,$t2
+	or	$t2,$t0,$t0
+	movrnz	$t0,-1,$t0			! !in1infty
+	stx	$t0,[%fp+STACK_BIAS-16]
+
+	call	__ecp_nistz256_sqr_mont_vis3	! p256_sqr_mont(Z1sqr, in1_z);
+	add	%sp,LOCALS64+$Z1sqr,$rp
+
+	ldx	[%sp+LOCALS64+$in2_x],$bi
+	mov	$acc0,$a0
+	mov	$acc1,$a1
+	mov	$acc2,$a2
+	mov	$acc3,$a3
+	add	%sp,LOCALS64+$in2_x,$bp
+	call	__ecp_nistz256_mul_mont_vis3	! p256_mul_mont(U2, Z1sqr, in2_x);
+	add	%sp,LOCALS64+$U2,$rp
+
+	ldx	[%sp+LOCALS64+$Z1sqr],$bi	! forward load
+	ldx	[%sp+LOCALS64+$in1_z],$a0
+	ldx	[%sp+LOCALS64+$in1_z+8],$a1
+	ldx	[%sp+LOCALS64+$in1_z+16],$a2
+	ldx	[%sp+LOCALS64+$in1_z+24],$a3
+
+	add	%sp,LOCALS64+$in1_x,$bp
+	call	__ecp_nistz256_sub_from_vis3	! p256_sub(H, U2, in1_x);
+	add	%sp,LOCALS64+$H,$rp
+
+	add	%sp,LOCALS64+$Z1sqr,$bp
+	call	__ecp_nistz256_mul_mont_vis3	! p256_mul_mont(S2, Z1sqr, in1_z);
+	add	%sp,LOCALS64+$S2,$rp
+
+	ldx	[%sp+LOCALS64+$H],$bi
+	ldx	[%sp+LOCALS64+$in1_z],$a0
+	ldx	[%sp+LOCALS64+$in1_z+8],$a1
+	ldx	[%sp+LOCALS64+$in1_z+16],$a2
+	ldx	[%sp+LOCALS64+$in1_z+24],$a3
+	add	%sp,LOCALS64+$H,$bp
+	call	__ecp_nistz256_mul_mont_vis3	! p256_mul_mont(res_z, H, in1_z);
+	add	%sp,LOCALS64+$res_z,$rp
+
+	ldx	[%sp+LOCALS64+$S2],$bi
+	ldx	[%sp+LOCALS64+$in2_y],$a0
+	ldx	[%sp+LOCALS64+$in2_y+8],$a1
+	ldx	[%sp+LOCALS64+$in2_y+16],$a2
+	ldx	[%sp+LOCALS64+$in2_y+24],$a3
+	add	%sp,LOCALS64+$S2,$bp
+	call	__ecp_nistz256_mul_mont_vis3	! p256_mul_mont(S2, S2, in2_y);
+	add	%sp,LOCALS64+$S2,$rp
+
+	ldx	[%sp+LOCALS64+$H],$a0		! forward load
+	ldx	[%sp+LOCALS64+$H+8],$a1
+	ldx	[%sp+LOCALS64+$H+16],$a2
+	ldx	[%sp+LOCALS64+$H+24],$a3
+
+	add	%sp,LOCALS64+$in1_y,$bp
+	call	__ecp_nistz256_sub_from_vis3	! p256_sub(R, S2, in1_y);
+	add	%sp,LOCALS64+$R,$rp
+
+	call	__ecp_nistz256_sqr_mont_vis3	! p256_sqr_mont(Hsqr, H);
+	add	%sp,LOCALS64+$Hsqr,$rp
+
+	ldx	[%sp+LOCALS64+$R],$a0
+	ldx	[%sp+LOCALS64+$R+8],$a1
+	ldx	[%sp+LOCALS64+$R+16],$a2
+	ldx	[%sp+LOCALS64+$R+24],$a3
+	call	__ecp_nistz256_sqr_mont_vis3	! p256_sqr_mont(Rsqr, R);
+	add	%sp,LOCALS64+$Rsqr,$rp
+
+	ldx	[%sp+LOCALS64+$H],$bi
+	ldx	[%sp+LOCALS64+$Hsqr],$a0
+	ldx	[%sp+LOCALS64+$Hsqr+8],$a1
+	ldx	[%sp+LOCALS64+$Hsqr+16],$a2
+	ldx	[%sp+LOCALS64+$Hsqr+24],$a3
+	add	%sp,LOCALS64+$H,$bp
+	call	__ecp_nistz256_mul_mont_vis3	! p256_mul_mont(Hcub, Hsqr, H);
+	add	%sp,LOCALS64+$Hcub,$rp
+
+	ldx	[%sp+LOCALS64+$Hsqr],$bi
+	ldx	[%sp+LOCALS64+$in1_x],$a0
+	ldx	[%sp+LOCALS64+$in1_x+8],$a1
+	ldx	[%sp+LOCALS64+$in1_x+16],$a2
+	ldx	[%sp+LOCALS64+$in1_x+24],$a3
+	add	%sp,LOCALS64+$Hsqr,$bp
+	call	__ecp_nistz256_mul_mont_vis3	! p256_mul_mont(U2, in1_x, Hsqr);
+	add	%sp,LOCALS64+$U2,$rp
+
+	call	__ecp_nistz256_mul_by_2_vis3	! p256_mul_by_2(Hsqr, U2);
+	add	%sp,LOCALS64+$Hsqr,$rp
+
+	add	%sp,LOCALS64+$Rsqr,$bp
+	call	__ecp_nistz256_sub_morf_vis3	! p256_sub(res_x, Rsqr, Hsqr);
+	add	%sp,LOCALS64+$res_x,$rp
+
+	add	%sp,LOCALS64+$Hcub,$bp
+	call	__ecp_nistz256_sub_from_vis3	!  p256_sub(res_x, res_x, Hcub);
+	add	%sp,LOCALS64+$res_x,$rp
+
+	ldx	[%sp+LOCALS64+$Hcub],$bi	! forward load
+	ldx	[%sp+LOCALS64+$in1_y],$a0
+	ldx	[%sp+LOCALS64+$in1_y+8],$a1
+	ldx	[%sp+LOCALS64+$in1_y+16],$a2
+	ldx	[%sp+LOCALS64+$in1_y+24],$a3
+
+	add	%sp,LOCALS64+$U2,$bp
+	call	__ecp_nistz256_sub_morf_vis3	! p256_sub(res_y, U2, res_x);
+	add	%sp,LOCALS64+$res_y,$rp
+
+	add	%sp,LOCALS64+$Hcub,$bp
+	call	__ecp_nistz256_mul_mont_vis3	! p256_mul_mont(S2, in1_y, Hcub);
+	add	%sp,LOCALS64+$S2,$rp
+
+	ldx	[%sp+LOCALS64+$R],$bi
+	ldx	[%sp+LOCALS64+$res_y],$a0
+	ldx	[%sp+LOCALS64+$res_y+8],$a1
+	ldx	[%sp+LOCALS64+$res_y+16],$a2
+	ldx	[%sp+LOCALS64+$res_y+24],$a3
+	add	%sp,LOCALS64+$R,$bp
+	call	__ecp_nistz256_mul_mont_vis3	! p256_mul_mont(res_y, res_y, R);
+	add	%sp,LOCALS64+$res_y,$rp
+
+	add	%sp,LOCALS64+$S2,$bp
+	call	__ecp_nistz256_sub_from_vis3	! p256_sub(res_y, res_y, S2);
+	add	%sp,LOCALS64+$res_y,$rp
+
+	ldx	[%fp+STACK_BIAS-16],$t1		! !in1infty
+	ldx	[%fp+STACK_BIAS-8],$t2		! !in2infty
+1:	call	.+8
+	add	%o7,.Lone_mont_vis3-1b,$bp
+___
+for($i=0;$i<64;$i+=16) {			# conditional moves
+$code.=<<___;
+	ldx	[%sp+LOCALS64+$res_x+$i],$acc0	! res
+	ldx	[%sp+LOCALS64+$res_x+$i+8],$acc1
+	ldx	[%sp+LOCALS64+$in2_x+$i],$acc2	! in2
+	ldx	[%sp+LOCALS64+$in2_x+$i+8],$acc3
+	ldx	[%sp+LOCALS64+$in1_x+$i],$acc4	! in1
+	ldx	[%sp+LOCALS64+$in1_x+$i+8],$acc5
+	movrz	$t1,$acc2,$acc0
+	movrz	$t1,$acc3,$acc1
+	movrz	$t2,$acc4,$acc0
+	movrz	$t2,$acc5,$acc1
+	srlx	$acc0,32,$acc2
+	srlx	$acc1,32,$acc3
+	st	$acc0,[$rp_real+$i]
+	st	$acc2,[$rp_real+$i+4]
+	st	$acc1,[$rp_real+$i+8]
+	st	$acc3,[$rp_real+$i+12]
+___
+}
+for(;$i<96;$i+=16) {
+$code.=<<___;
+	ldx	[%sp+LOCALS64+$res_x+$i],$acc0	! res
+	ldx	[%sp+LOCALS64+$res_x+$i+8],$acc1
+	ldx	[$bp+$i-64],$acc2		! "in2"
+	ldx	[$bp+$i-64+8],$acc3
+	ldx	[%sp+LOCALS64+$in1_x+$i],$acc4	! in1
+	ldx	[%sp+LOCALS64+$in1_x+$i+8],$acc5
+	movrz	$t1,$acc2,$acc0
+	movrz	$t1,$acc3,$acc1
+	movrz	$t2,$acc4,$acc0
+	movrz	$t2,$acc5,$acc1
+	srlx	$acc0,32,$acc2
+	srlx	$acc1,32,$acc3
+	st	$acc0,[$rp_real+$i]
+	st	$acc2,[$rp_real+$i+4]
+	st	$acc1,[$rp_real+$i+8]
+	st	$acc3,[$rp_real+$i+12]
+___
+}
+$code.=<<___;
+	ret
+	restore
+.type	ecp_nistz256_point_add_affine_vis3,#function
+.size	ecp_nistz256_point_add_affine_vis3,.-ecp_nistz256_point_add_affine_vis3
+.align	64
+.Lone_mont_vis3:
+.long	0x00000000,0x00000001, 0xffffffff,0x00000000
+.long	0xffffffff,0xffffffff, 0x00000000,0xfffffffe
+.align	64
+___
+}								}}}
+
+# Purpose of these subroutines is to explicitly encode VIS instructions,
+# so that one can compile the module without having to specify VIS
+# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
+# Idea is to reserve for option to produce "universal" binary and let
+# programmer detect if current CPU is VIS capable at run-time.
+sub unvis3 {
+my ($mnemonic,$rs1,$rs2,$rd)=@_;
+my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24 );
+my ($ref,$opf);
+my %visopf = (	"addxc"		=> 0x011,
+		"addxccc"	=> 0x013,
+		"umulxhi"	=> 0x016	);
+
+    $ref = "$mnemonic\t$rs1,$rs2,$rd";
+
+    if ($opf=$visopf{$mnemonic}) {
+	foreach ($rs1,$rs2,$rd) {
+	    return $ref if (!/%([goli])([0-9])/);
+	    $_=$bias{$1}+$2;
+	}
+
+	return	sprintf ".word\t0x%08x !%s",
+			0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2,
+			$ref;
+    } else {
+	return $ref;
+    }
+}
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/ge;
+
+	s/\b(umulxhi|addxc[c]{0,2})\s+(%[goli][0-7]),\s*(%[goli][0-7]),\s*(%[goli][0-7])/
+		&unvis3($1,$2,$3,$4)
+	 /ge;
+
+	print $_,"\n";
+}
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/ecp_nistz256-x86.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/ecp_nistz256-x86.pl
new file mode 100755
index 000000000..0c6fc665b
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/ecp_nistz256-x86.pl
@@ -0,0 +1,1866 @@
+#! /usr/bin/env perl
+# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# ECP_NISTZ256 module for x86/SSE2.
+#
+# October 2014.
+#
+# Original ECP_NISTZ256 submission targeting x86_64 is detailed in
+# http://eprint.iacr.org/2013/816. In the process of adaptation
+# original .c module was made 32-bit savvy in order to make this
+# implementation possible.
+#
+#		with/without -DECP_NISTZ256_ASM
+# Pentium	+66-163%
+# PIII		+72-172%
+# P4		+65-132%
+# Core2		+90-215%
+# Sandy Bridge	+105-265% (contemporary i[57]-* are all close to this)
+# Atom		+65-155%
+# Opteron	+54-110%
+# Bulldozer	+99-240%
+# VIA Nano	+93-290%
+#
+# Ranges denote minimum and maximum improvement coefficients depending
+# on benchmark. Lower coefficients are for ECDSA sign, server-side
+# operation. Keep in mind that +200% means 3x improvement.
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+
+$output=pop;
+open STDOUT,">$output";
+
+&asm_init($ARGV[0],$ARGV[$#ARGV] eq "386");
+
+$sse2=0;
+for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
+
+&external_label("OPENSSL_ia32cap_P") if ($sse2);
+
+
+########################################################################
+# Convert ecp_nistz256_table.c to layout expected by ecp_nistz_gather_w7
+#
+open TABLE,"<ecp_nistz256_table.c"		or
+open TABLE,"<${dir}../ecp_nistz256_table.c"	or
+die "failed to open ecp_nistz256_table.c:",$!;
+
+use integer;
+
+foreach(<TABLE>) {
+	s/TOBN\(\s*(0x[0-9a-f]+),\s*(0x[0-9a-f]+)\s*\)/push @arr,hex($2),hex($1)/geo;
+}
+close TABLE;
+
+# See ecp_nistz256_table.c for explanation for why it's 64*16*37.
+# 64*16*37-1 is because $#arr returns last valid index or @arr, not
+# amount of elements.
+die "insane number of elements" if ($#arr != 64*16*37-1);
+
+&public_label("ecp_nistz256_precomputed");
+&align(4096);
+&set_label("ecp_nistz256_precomputed");
+
+########################################################################
+# this conversion smashes P256_POINT_AFFINE by individual bytes with
+# 64 byte interval, similar to
+#	1111222233334444
+#	1234123412341234
+for(1..37) {
+	@tbl = splice(@arr,0,64*16);
+	for($i=0;$i<64;$i++) {
+		undef @line;
+		for($j=0;$j<64;$j++) {
+			push @line,(@tbl[$j*16+$i/4]>>(($i%4)*8))&0xff;
+		}
+		&data_byte(join(',',map { sprintf "0x%02x",$_} @line));
+	}
+}
+
+########################################################################
+# Keep in mind that constants are stored least to most significant word
+&static_label("RR");
+&set_label("RR",64);
+&data_word(3,0,-1,-5,-2,-1,-3,4);	# 2^512 mod P-256
+
+&static_label("ONE_mont");
+&set_label("ONE_mont");
+&data_word(1,0,0,-1,-1,-1,-2,0);
+
+&static_label("ONE");
+&set_label("ONE");
+&data_word(1,0,0,0,0,0,0,0);
+&asciz("ECP_NISZ256 for x86/SSE2, CRYPTOGAMS by <appro\@openssl.org>");
+&align(64);
+
+########################################################################
+# void ecp_nistz256_mul_by_2(BN_ULONG edi[8],const BN_ULONG esi[8]);
+&function_begin("ecp_nistz256_mul_by_2");
+	&mov	("esi",&wparam(1));
+	&mov	("edi",&wparam(0));
+	&mov	("ebp","esi");
+########################################################################
+# common pattern for internal functions is that %edi is result pointer,
+# %esi and %ebp are input ones, %ebp being optional. %edi is preserved.
+	&call	("_ecp_nistz256_add");
+&function_end("ecp_nistz256_mul_by_2");
+
+########################################################################
+# void ecp_nistz256_mul_by_3(BN_ULONG edi[8],const BN_ULONG esi[8]);
+&function_begin("ecp_nistz256_mul_by_3");
+	&mov	("esi",&wparam(1));
+					# multiplication by 3 is performed
+					# as 2*n+n, but we can't use output
+					# to store 2*n, because if output
+					# pointer equals to input, then
+					# we'll get 2*n+2*n.
+	&stack_push(8);			# therefore we need to allocate
+					# 256-bit intermediate buffer.
+	&mov	("edi","esp");
+	&mov	("ebp","esi");
+	&call	("_ecp_nistz256_add");
+	&lea	("esi",&DWP(0,"edi"));
+	&mov	("ebp",&wparam(1));
+	&mov	("edi",&wparam(0));
+	&call	("_ecp_nistz256_add");
+	&stack_pop(8);
+&function_end("ecp_nistz256_mul_by_3");
+
+########################################################################
+# void ecp_nistz256_div_by_2(BN_ULONG edi[8],const BN_ULONG esi[8]);
+&function_begin("ecp_nistz256_div_by_2");
+	&mov	("esi",&wparam(1));
+	&mov	("edi",&wparam(0));
+	&call	("_ecp_nistz256_div_by_2");
+&function_end("ecp_nistz256_div_by_2");
+
+&function_begin_B("_ecp_nistz256_div_by_2");
+	# tmp = a is odd ? a+mod : a
+	#
+	# note that because mod has special form, i.e. consists of
+	# 0xffffffff, 1 and 0s, we can conditionally synthesize it by
+	# assigning least significant bit of input to one register,
+	# %ebp, and its negative to another, %edx.
+
+	&mov	("ebp",&DWP(0,"esi"));
+	&xor	("edx","edx");
+	&mov	("ebx",&DWP(4,"esi"));
+	&mov	("eax","ebp");
+	&and	("ebp",1);
+	&mov	("ecx",&DWP(8,"esi"));
+	&sub	("edx","ebp");
+
+	&add	("eax","edx");
+	&adc	("ebx","edx");
+	&mov	(&DWP(0,"edi"),"eax");
+	&adc	("ecx","edx");
+	&mov	(&DWP(4,"edi"),"ebx");
+	&mov	(&DWP(8,"edi"),"ecx");
+
+	&mov	("eax",&DWP(12,"esi"));
+	&mov	("ebx",&DWP(16,"esi"));
+	&adc	("eax",0);
+	&mov	("ecx",&DWP(20,"esi"));
+	&adc	("ebx",0);
+	&mov	(&DWP(12,"edi"),"eax");
+	&adc	("ecx",0);
+	&mov	(&DWP(16,"edi"),"ebx");
+	&mov	(&DWP(20,"edi"),"ecx");
+
+	&mov	("eax",&DWP(24,"esi"));
+	&mov	("ebx",&DWP(28,"esi"));
+	&adc	("eax","ebp");
+	&adc	("ebx","edx");
+	&mov	(&DWP(24,"edi"),"eax");
+	&sbb	("esi","esi");			# broadcast carry bit
+	&mov	(&DWP(28,"edi"),"ebx");
+
+	# ret = tmp >> 1
+
+	&mov	("eax",&DWP(0,"edi"));
+	&mov	("ebx",&DWP(4,"edi"));
+	&mov	("ecx",&DWP(8,"edi"));
+	&mov	("edx",&DWP(12,"edi"));
+
+	&shr	("eax",1);
+	&mov	("ebp","ebx");
+	&shl	("ebx",31);
+	&or	("eax","ebx");
+
+	&shr	("ebp",1);
+	&mov	("ebx","ecx");
+	&shl	("ecx",31);
+	&mov	(&DWP(0,"edi"),"eax");
+	&or	("ebp","ecx");
+	&mov	("eax",&DWP(16,"edi"));
+
+	&shr	("ebx",1);
+	&mov	("ecx","edx");
+	&shl	("edx",31);
+	&mov	(&DWP(4,"edi"),"ebp");
+	&or	("ebx","edx");
+	&mov	("ebp",&DWP(20,"edi"));
+
+	&shr	("ecx",1);
+	&mov	("edx","eax");
+	&shl	("eax",31);
+	&mov	(&DWP(8,"edi"),"ebx");
+	&or	("ecx","eax");
+	&mov	("ebx",&DWP(24,"edi"));
+
+	&shr	("edx",1);
+	&mov	("eax","ebp");
+	&shl	("ebp",31);
+	&mov	(&DWP(12,"edi"),"ecx");
+	&or	("edx","ebp");
+	&mov	("ecx",&DWP(28,"edi"));
+
+	&shr	("eax",1);
+	&mov	("ebp","ebx");
+	&shl	("ebx",31);
+	&mov	(&DWP(16,"edi"),"edx");
+	&or	("eax","ebx");
+
+	&shr	("ebp",1);
+	&mov	("ebx","ecx");
+	&shl	("ecx",31);
+	&mov	(&DWP(20,"edi"),"eax");
+	&or	("ebp","ecx");
+
+	&shr	("ebx",1);
+	&shl	("esi",31);
+	&mov	(&DWP(24,"edi"),"ebp");
+	&or	("ebx","esi");			# handle top-most carry bit
+	&mov	(&DWP(28,"edi"),"ebx");
+
+	&ret	();
+&function_end_B("_ecp_nistz256_div_by_2");
+
+########################################################################
+# void ecp_nistz256_add(BN_ULONG edi[8],const BN_ULONG esi[8],
+#					const BN_ULONG ebp[8]);
+&function_begin("ecp_nistz256_add");
+	&mov	("esi",&wparam(1));
+	&mov	("ebp",&wparam(2));
+	&mov	("edi",&wparam(0));
+	&call	("_ecp_nistz256_add");
+&function_end("ecp_nistz256_add");
+
+&function_begin_B("_ecp_nistz256_add");
+	&mov	("eax",&DWP(0,"esi"));
+	&mov	("ebx",&DWP(4,"esi"));
+	&mov	("ecx",&DWP(8,"esi"));
+	&add	("eax",&DWP(0,"ebp"));
+	&mov	("edx",&DWP(12,"esi"));
+	&adc	("ebx",&DWP(4,"ebp"));
+	&mov	(&DWP(0,"edi"),"eax");
+	&adc	("ecx",&DWP(8,"ebp"));
+	&mov	(&DWP(4,"edi"),"ebx");
+	&adc	("edx",&DWP(12,"ebp"));
+	&mov	(&DWP(8,"edi"),"ecx");
+	&mov	(&DWP(12,"edi"),"edx");
+
+	&mov	("eax",&DWP(16,"esi"));
+	&mov	("ebx",&DWP(20,"esi"));
+	&mov	("ecx",&DWP(24,"esi"));
+	&adc	("eax",&DWP(16,"ebp"));
+	&mov	("edx",&DWP(28,"esi"));
+	&adc	("ebx",&DWP(20,"ebp"));
+	&mov	(&DWP(16,"edi"),"eax");
+	&adc	("ecx",&DWP(24,"ebp"));
+	&mov	(&DWP(20,"edi"),"ebx");
+	&mov	("esi",0);
+	&adc	("edx",&DWP(28,"ebp"));
+	&mov	(&DWP(24,"edi"),"ecx");
+	&adc	("esi",0);
+	&mov	(&DWP(28,"edi"),"edx");
+
+	# if a+b >= modulus, subtract modulus.
+	#
+	# But since comparison implies subtraction, we subtract modulus
+	# to see if it borrows, and then subtract it for real if
+	# subtraction didn't borrow.
+
+	&mov	("eax",&DWP(0,"edi"));
+	&mov	("ebx",&DWP(4,"edi"));
+	&mov	("ecx",&DWP(8,"edi"));
+	&sub	("eax",-1);
+	&mov	("edx",&DWP(12,"edi"));
+	&sbb	("ebx",-1);
+	&mov	("eax",&DWP(16,"edi"));
+	&sbb	("ecx",-1);
+	&mov	("ebx",&DWP(20,"edi"));
+	&sbb	("edx",0);
+	&mov	("ecx",&DWP(24,"edi"));
+	&sbb	("eax",0);
+	&mov	("edx",&DWP(28,"edi"));
+	&sbb	("ebx",0);
+	&sbb	("ecx",1);
+	&sbb	("edx",-1);
+	&sbb	("esi",0);
+
+	# Note that because mod has special form, i.e. consists of
+	# 0xffffffff, 1 and 0s, we can conditionally synthesize it by
+	# by using borrow.
+
+	&not	("esi");
+	&mov	("eax",&DWP(0,"edi"));
+	&mov	("ebp","esi");
+	&mov	("ebx",&DWP(4,"edi"));
+	&shr	("ebp",31);
+	&mov	("ecx",&DWP(8,"edi"));
+	&sub	("eax","esi");
+	&mov	("edx",&DWP(12,"edi"));
+	&sbb	("ebx","esi");
+	&mov	(&DWP(0,"edi"),"eax");
+	&sbb	("ecx","esi");
+	&mov	(&DWP(4,"edi"),"ebx");
+	&sbb	("edx",0);
+	&mov	(&DWP(8,"edi"),"ecx");
+	&mov	(&DWP(12,"edi"),"edx");
+
+	&mov	("eax",&DWP(16,"edi"));
+	&mov	("ebx",&DWP(20,"edi"));
+	&mov	("ecx",&DWP(24,"edi"));
+	&sbb	("eax",0);
+	&mov	("edx",&DWP(28,"edi"));
+	&sbb	("ebx",0);
+	&mov	(&DWP(16,"edi"),"eax");
+	&sbb	("ecx","ebp");
+	&mov	(&DWP(20,"edi"),"ebx");
+	&sbb	("edx","esi");
+	&mov	(&DWP(24,"edi"),"ecx");
+	&mov	(&DWP(28,"edi"),"edx");
+
+	&ret	();
+&function_end_B("_ecp_nistz256_add");
+
+########################################################################
+# void ecp_nistz256_sub(BN_ULONG edi[8],const BN_ULONG esi[8],
+#					const BN_ULONG ebp[8]);
+&function_begin("ecp_nistz256_sub");
+	&mov	("esi",&wparam(1));
+	&mov	("ebp",&wparam(2));
+	&mov	("edi",&wparam(0));
+	&call	("_ecp_nistz256_sub");
+&function_end("ecp_nistz256_sub");
+
+&function_begin_B("_ecp_nistz256_sub");
+	&mov	("eax",&DWP(0,"esi"));
+	&mov	("ebx",&DWP(4,"esi"));
+	&mov	("ecx",&DWP(8,"esi"));
+	&sub	("eax",&DWP(0,"ebp"));
+	&mov	("edx",&DWP(12,"esi"));
+	&sbb	("ebx",&DWP(4,"ebp"));
+	&mov	(&DWP(0,"edi"),"eax");
+	&sbb	("ecx",&DWP(8,"ebp"));
+	&mov	(&DWP(4,"edi"),"ebx");
+	&sbb	("edx",&DWP(12,"ebp"));
+	&mov	(&DWP(8,"edi"),"ecx");
+	&mov	(&DWP(12,"edi"),"edx");
+
+	&mov	("eax",&DWP(16,"esi"));
+	&mov	("ebx",&DWP(20,"esi"));
+	&mov	("ecx",&DWP(24,"esi"));
+	&sbb	("eax",&DWP(16,"ebp"));
+	&mov	("edx",&DWP(28,"esi"));
+	&sbb	("ebx",&DWP(20,"ebp"));
+	&sbb	("ecx",&DWP(24,"ebp"));
+	&mov	(&DWP(16,"edi"),"eax");
+	&sbb	("edx",&DWP(28,"ebp"));
+	&mov	(&DWP(20,"edi"),"ebx");
+	&sbb	("esi","esi");			# broadcast borrow bit
+	&mov	(&DWP(24,"edi"),"ecx");
+	&mov	(&DWP(28,"edi"),"edx");
+
+	# if a-b borrows, add modulus.
+	#
+	# Note that because mod has special form, i.e. consists of
+	# 0xffffffff, 1 and 0s, we can conditionally synthesize it by
+	# assigning borrow bit to one register, %ebp, and its negative
+	# to another, %esi. But we started by calculating %esi...
+
+	&mov	("eax",&DWP(0,"edi"));
+	&mov	("ebp","esi");
+	&mov	("ebx",&DWP(4,"edi"));
+	&shr	("ebp",31);
+	&mov	("ecx",&DWP(8,"edi"));
+	&add	("eax","esi");
+	&mov	("edx",&DWP(12,"edi"));
+	&adc	("ebx","esi");
+	&mov	(&DWP(0,"edi"),"eax");
+	&adc	("ecx","esi");
+	&mov	(&DWP(4,"edi"),"ebx");
+	&adc	("edx",0);
+	&mov	(&DWP(8,"edi"),"ecx");
+	&mov	(&DWP(12,"edi"),"edx");
+
+	&mov	("eax",&DWP(16,"edi"));
+	&mov	("ebx",&DWP(20,"edi"));
+	&mov	("ecx",&DWP(24,"edi"));
+	&adc	("eax",0);
+	&mov	("edx",&DWP(28,"edi"));
+	&adc	("ebx",0);
+	&mov	(&DWP(16,"edi"),"eax");
+	&adc	("ecx","ebp");
+	&mov	(&DWP(20,"edi"),"ebx");
+	&adc	("edx","esi");
+	&mov	(&DWP(24,"edi"),"ecx");
+	&mov	(&DWP(28,"edi"),"edx");
+
+	&ret	();
+&function_end_B("_ecp_nistz256_sub");
+
+########################################################################
+# void ecp_nistz256_neg(BN_ULONG edi[8],const BN_ULONG esi[8]);
+&function_begin("ecp_nistz256_neg");
+	&mov	("ebp",&wparam(1));
+	&mov	("edi",&wparam(0));
+
+	&xor	("eax","eax");
+	&stack_push(8);
+	&mov	(&DWP(0,"esp"),"eax");
+	&mov	("esi","esp");
+	&mov	(&DWP(4,"esp"),"eax");
+	&mov	(&DWP(8,"esp"),"eax");
+	&mov	(&DWP(12,"esp"),"eax");
+	&mov	(&DWP(16,"esp"),"eax");
+	&mov	(&DWP(20,"esp"),"eax");
+	&mov	(&DWP(24,"esp"),"eax");
+	&mov	(&DWP(28,"esp"),"eax");
+
+	&call	("_ecp_nistz256_sub");
+
+	&stack_pop(8);
+&function_end("ecp_nistz256_neg");
+
+&function_begin_B("_picup_eax");
+	&mov	("eax",&DWP(0,"esp"));
+	&ret	();
+&function_end_B("_picup_eax");
+
+########################################################################
+# void ecp_nistz256_to_mont(BN_ULONG edi[8],const BN_ULONG esi[8]);
+&function_begin("ecp_nistz256_to_mont");
+	&mov	("esi",&wparam(1));
+	&call	("_picup_eax");
+    &set_label("pic");
+	&lea	("ebp",&DWP(&label("RR")."-".&label("pic"),"eax"));
+						if ($sse2) {
+	&picmeup("eax","OPENSSL_ia32cap_P","eax",&label("pic"));
+	&mov	("eax",&DWP(0,"eax"));		}
+	&mov	("edi",&wparam(0));
+	&call	("_ecp_nistz256_mul_mont");
+&function_end("ecp_nistz256_to_mont");
+
+########################################################################
+# void ecp_nistz256_from_mont(BN_ULONG edi[8],const BN_ULONG esi[8]);
+&function_begin("ecp_nistz256_from_mont");
+	&mov	("esi",&wparam(1));
+	&call	("_picup_eax");
+    &set_label("pic");
+	&lea	("ebp",&DWP(&label("ONE")."-".&label("pic"),"eax"));
+						if ($sse2) {
+	&picmeup("eax","OPENSSL_ia32cap_P","eax",&label("pic"));
+	&mov	("eax",&DWP(0,"eax"));		}
+	&mov	("edi",&wparam(0));
+	&call	("_ecp_nistz256_mul_mont");
+&function_end("ecp_nistz256_from_mont");
+
+########################################################################
+# void ecp_nistz256_mul_mont(BN_ULONG edi[8],const BN_ULONG esi[8],
+#					     const BN_ULONG ebp[8]);
+&function_begin("ecp_nistz256_mul_mont");
+	&mov	("esi",&wparam(1));
+	&mov	("ebp",&wparam(2));
+						if ($sse2) {
+	&call	("_picup_eax");
+    &set_label("pic");
+	&picmeup("eax","OPENSSL_ia32cap_P","eax",&label("pic"));
+	&mov	("eax",&DWP(0,"eax"));		}
+	&mov	("edi",&wparam(0));
+	&call	("_ecp_nistz256_mul_mont");
+&function_end("ecp_nistz256_mul_mont");
+
+########################################################################
+# void ecp_nistz256_sqr_mont(BN_ULONG edi[8],const BN_ULONG esi[8]);
+&function_begin("ecp_nistz256_sqr_mont");
+	&mov	("esi",&wparam(1));
+						if ($sse2) {
+	&call	("_picup_eax");
+    &set_label("pic");
+	&picmeup("eax","OPENSSL_ia32cap_P","eax",&label("pic"));
+	&mov	("eax",&DWP(0,"eax"));		}
+	&mov	("edi",&wparam(0));
+	&mov	("ebp","esi");
+	&call	("_ecp_nistz256_mul_mont");
+&function_end("ecp_nistz256_sqr_mont");
+
+&function_begin_B("_ecp_nistz256_mul_mont");
+						if ($sse2) {
+	&and	("eax",1<<24|1<<26);
+	&cmp	("eax",1<<24|1<<26);		# see if XMM+SSE2 is on
+	&jne	(&label("mul_mont_ialu"));
+
+	########################################
+	# SSE2 code path featuring 32x16-bit
+	# multiplications is ~2x faster than
+	# IALU counterpart (except on Atom)...
+	########################################
+	# stack layout:
+	# +------------------------------------+< %esp
+	# | 7 16-byte temporary XMM words,     |
+	# | "sliding" toward lower address     |
+	# .                                    .
+	# +------------------------------------+
+	# | unused XMM word                    |
+	# +------------------------------------+< +128,%ebx
+	# | 8 16-byte XMM words holding copies |
+	# | of a[i]<<64|a[i]                   |
+	# .                                    .
+	# .                                    .
+	# +------------------------------------+< +256
+	&mov	("edx","esp");
+	&sub	("esp",0x100);
+
+	&movd	("xmm7",&DWP(0,"ebp"));		# b[0] -> 0000.00xy
+	&lea	("ebp",&DWP(4,"ebp"));
+	&pcmpeqd("xmm6","xmm6");
+	&psrlq	("xmm6",48);			# compose 0xffff<<64|0xffff
+
+	&pshuflw("xmm7","xmm7",0b11011100);	# 0000.00xy -> 0000.0x0y
+	&and	("esp",-64);
+	&pshufd	("xmm7","xmm7",0b11011100);	# 0000.0x0y -> 000x.000y
+	&lea	("ebx",&DWP(0x80,"esp"));
+
+	&movd	("xmm0",&DWP(4*0,"esi"));	# a[0] -> 0000.00xy
+	&pshufd	("xmm0","xmm0",0b11001100);	# 0000.00xy -> 00xy.00xy
+	&movd	("xmm1",&DWP(4*1,"esi"));	# a[1] -> ...
+	&movdqa	(&QWP(0x00,"ebx"),"xmm0");	# offload converted a[0]
+	&pmuludq("xmm0","xmm7");		# a[0]*b[0]
+
+	&movd	("xmm2",&DWP(4*2,"esi"));
+	&pshufd	("xmm1","xmm1",0b11001100);
+	&movdqa	(&QWP(0x10,"ebx"),"xmm1");
+	&pmuludq("xmm1","xmm7");		# a[1]*b[0]
+
+	 &movq	("xmm4","xmm0");		# clear upper 64 bits
+	 &pslldq("xmm4",6);
+	 &paddq	("xmm4","xmm0");
+	 &movdqa("xmm5","xmm4");
+	 &psrldq("xmm4",10);			# upper 32 bits of a[0]*b[0]
+	 &pand	("xmm5","xmm6");		# lower 32 bits of a[0]*b[0]
+
+	# Upper half of a[0]*b[i] is carried into next multiplication
+	# iteration, while lower one "participates" in actual reduction.
+	# Normally latter is done by accumulating result of multiplication
+	# of modulus by "magic" digit, but thanks to special form of modulus
+	# and "magic" digit it can be performed only with additions and
+	# subtractions (see note in IALU section below). Note that we are
+	# not bothered with carry bits, they are accumulated in "flatten"
+	# phase after all multiplications and reductions.
+
+	&movd	("xmm3",&DWP(4*3,"esi"));
+	&pshufd	("xmm2","xmm2",0b11001100);
+	&movdqa	(&QWP(0x20,"ebx"),"xmm2");
+	&pmuludq("xmm2","xmm7");		# a[2]*b[0]
+	 &paddq	("xmm1","xmm4");		# a[1]*b[0]+hw(a[0]*b[0]), carry
+	&movdqa	(&QWP(0x00,"esp"),"xmm1");	# t[0]
+
+	&movd	("xmm0",&DWP(4*4,"esi"));
+	&pshufd	("xmm3","xmm3",0b11001100);
+	&movdqa	(&QWP(0x30,"ebx"),"xmm3");
+	&pmuludq("xmm3","xmm7");		# a[3]*b[0]
+	&movdqa	(&QWP(0x10,"esp"),"xmm2");
+
+	&movd	("xmm1",&DWP(4*5,"esi"));
+	&pshufd	("xmm0","xmm0",0b11001100);
+	&movdqa	(&QWP(0x40,"ebx"),"xmm0");
+	&pmuludq("xmm0","xmm7");		# a[4]*b[0]
+	 &paddq	("xmm3","xmm5");		# a[3]*b[0]+lw(a[0]*b[0]), reduction step
+	&movdqa	(&QWP(0x20,"esp"),"xmm3");
+
+	&movd	("xmm2",&DWP(4*6,"esi"));
+	&pshufd	("xmm1","xmm1",0b11001100);
+	&movdqa	(&QWP(0x50,"ebx"),"xmm1");
+	&pmuludq("xmm1","xmm7");		# a[5]*b[0]
+	&movdqa	(&QWP(0x30,"esp"),"xmm0");
+	 &pshufd("xmm4","xmm5",0b10110001);	# xmm4 = xmm5<<32, reduction step
+
+	&movd	("xmm3",&DWP(4*7,"esi"));
+	&pshufd	("xmm2","xmm2",0b11001100);
+	&movdqa	(&QWP(0x60,"ebx"),"xmm2");
+	&pmuludq("xmm2","xmm7");		# a[6]*b[0]
+	&movdqa	(&QWP(0x40,"esp"),"xmm1");
+	 &psubq	("xmm4","xmm5");		# xmm4 = xmm5*0xffffffff, reduction step
+
+	&movd	("xmm0",&DWP(0,"ebp"));		# b[1] -> 0000.00xy
+	&pshufd	("xmm3","xmm3",0b11001100);
+	&movdqa	(&QWP(0x70,"ebx"),"xmm3");
+	&pmuludq("xmm3","xmm7");		# a[7]*b[0]
+
+	&pshuflw("xmm7","xmm0",0b11011100);	# 0000.00xy -> 0000.0x0y
+	&movdqa	("xmm0",&QWP(0x00,"ebx"));	# pre-load converted a[0]
+	&pshufd	("xmm7","xmm7",0b11011100);	# 0000.0x0y -> 000x.000y
+
+	&mov	("ecx",6);
+	&lea	("ebp",&DWP(4,"ebp"));
+	&jmp	(&label("madd_sse2"));
+
+&set_label("madd_sse2",16);
+	 &paddq	("xmm2","xmm5");		# a[6]*b[i-1]+lw(a[0]*b[i-1]), reduction step [modulo-scheduled]
+	 &paddq	("xmm3","xmm4");		# a[7]*b[i-1]+lw(a[0]*b[i-1])*0xffffffff, reduction step [modulo-scheduled]
+	&movdqa	("xmm1",&QWP(0x10,"ebx"));
+	&pmuludq("xmm0","xmm7");		# a[0]*b[i]
+	 &movdqa(&QWP(0x50,"esp"),"xmm2");
+
+	&movdqa	("xmm2",&QWP(0x20,"ebx"));
+	&pmuludq("xmm1","xmm7");		# a[1]*b[i]
+	 &movdqa(&QWP(0x60,"esp"),"xmm3");
+	&paddq	("xmm0",&QWP(0x00,"esp"));
+
+	&movdqa	("xmm3",&QWP(0x30,"ebx"));
+	&pmuludq("xmm2","xmm7");		# a[2]*b[i]
+	 &movq	("xmm4","xmm0");		# clear upper 64 bits
+	 &pslldq("xmm4",6);
+	&paddq	("xmm1",&QWP(0x10,"esp"));
+	 &paddq	("xmm4","xmm0");
+	 &movdqa("xmm5","xmm4");
+	 &psrldq("xmm4",10);			# upper 33 bits of a[0]*b[i]+t[0]
+
+	&movdqa	("xmm0",&QWP(0x40,"ebx"));
+	&pmuludq("xmm3","xmm7");		# a[3]*b[i]
+	 &paddq	("xmm1","xmm4");		# a[1]*b[i]+hw(a[0]*b[i]), carry
+	&paddq	("xmm2",&QWP(0x20,"esp"));
+	&movdqa	(&QWP(0x00,"esp"),"xmm1");
+
+	&movdqa	("xmm1",&QWP(0x50,"ebx"));
+	&pmuludq("xmm0","xmm7");		# a[4]*b[i]
+	&paddq	("xmm3",&QWP(0x30,"esp"));
+	&movdqa	(&QWP(0x10,"esp"),"xmm2");
+	 &pand	("xmm5","xmm6");		# lower 32 bits of a[0]*b[i]
+
+	&movdqa	("xmm2",&QWP(0x60,"ebx"));
+	&pmuludq("xmm1","xmm7");		# a[5]*b[i]
+	 &paddq	("xmm3","xmm5");		# a[3]*b[i]+lw(a[0]*b[i]), reduction step
+	&paddq	("xmm0",&QWP(0x40,"esp"));
+	&movdqa	(&QWP(0x20,"esp"),"xmm3");
+	 &pshufd("xmm4","xmm5",0b10110001);	# xmm4 = xmm5<<32, reduction step
+
+	&movdqa	("xmm3","xmm7");
+	&pmuludq("xmm2","xmm7");		# a[6]*b[i]
+	 &movd	("xmm7",&DWP(0,"ebp"));		# b[i++] -> 0000.00xy
+	 &lea	("ebp",&DWP(4,"ebp"));
+	&paddq	("xmm1",&QWP(0x50,"esp"));
+	 &psubq	("xmm4","xmm5");		# xmm4 = xmm5*0xffffffff, reduction step
+	&movdqa	(&QWP(0x30,"esp"),"xmm0");
+	 &pshuflw("xmm7","xmm7",0b11011100);	# 0000.00xy -> 0000.0x0y
+
+	&pmuludq("xmm3",&QWP(0x70,"ebx"));	# a[7]*b[i]
+	 &pshufd("xmm7","xmm7",0b11011100);	# 0000.0x0y -> 000x.000y
+	 &movdqa("xmm0",&QWP(0x00,"ebx"));	# pre-load converted a[0]
+	&movdqa	(&QWP(0x40,"esp"),"xmm1");
+	&paddq	("xmm2",&QWP(0x60,"esp"));
+
+	&dec	("ecx");
+	&jnz	(&label("madd_sse2"));
+
+	 &paddq	("xmm2","xmm5");		# a[6]*b[6]+lw(a[0]*b[6]), reduction step [modulo-scheduled]
+	 &paddq	("xmm3","xmm4");		# a[7]*b[6]+lw(a[0]*b[6])*0xffffffff, reduction step [modulo-scheduled]
+	&movdqa	("xmm1",&QWP(0x10,"ebx"));
+	&pmuludq("xmm0","xmm7");		# a[0]*b[7]
+	 &movdqa(&QWP(0x50,"esp"),"xmm2");
+
+	&movdqa	("xmm2",&QWP(0x20,"ebx"));
+	&pmuludq("xmm1","xmm7");		# a[1]*b[7]
+	 &movdqa(&QWP(0x60,"esp"),"xmm3");
+	&paddq	("xmm0",&QWP(0x00,"esp"));
+
+	&movdqa	("xmm3",&QWP(0x30,"ebx"));
+	&pmuludq("xmm2","xmm7");		# a[2]*b[7]
+	 &movq	("xmm4","xmm0");		# clear upper 64 bits
+	 &pslldq("xmm4",6);
+	&paddq	("xmm1",&QWP(0x10,"esp"));
+	 &paddq	("xmm4","xmm0");
+	 &movdqa("xmm5","xmm4");
+	 &psrldq("xmm4",10);			# upper 33 bits of a[0]*b[i]+t[0]
+
+	&movdqa	("xmm0",&QWP(0x40,"ebx"));
+	&pmuludq("xmm3","xmm7");		# a[3]*b[7]
+	 &paddq	("xmm1","xmm4");		# a[1]*b[7]+hw(a[0]*b[7]), carry
+	&paddq	("xmm2",&QWP(0x20,"esp"));
+	&movdqa	(&QWP(0x00,"esp"),"xmm1");
+
+	&movdqa	("xmm1",&QWP(0x50,"ebx"));
+	&pmuludq("xmm0","xmm7");		# a[4]*b[7]
+	&paddq	("xmm3",&QWP(0x30,"esp"));
+	&movdqa	(&QWP(0x10,"esp"),"xmm2");
+	 &pand	("xmm5","xmm6");		# lower 32 bits of a[0]*b[i]
+
+	&movdqa	("xmm2",&QWP(0x60,"ebx"));
+	&pmuludq("xmm1","xmm7");		# a[5]*b[7]
+	 &paddq	("xmm3","xmm5");		# reduction step
+	&paddq	("xmm0",&QWP(0x40,"esp"));
+	&movdqa	(&QWP(0x20,"esp"),"xmm3");
+	 &pshufd("xmm4","xmm5",0b10110001);	# xmm4 = xmm5<<32, reduction step
+
+	&movdqa	("xmm3",&QWP(0x70,"ebx"));
+	&pmuludq("xmm2","xmm7");		# a[6]*b[7]
+	&paddq	("xmm1",&QWP(0x50,"esp"));
+	 &psubq	("xmm4","xmm5");		# xmm4 = xmm5*0xffffffff, reduction step
+	&movdqa	(&QWP(0x30,"esp"),"xmm0");
+
+	&pmuludq("xmm3","xmm7");		# a[7]*b[7]
+	&pcmpeqd("xmm7","xmm7");
+	&movdqa	("xmm0",&QWP(0x00,"esp"));
+	&pslldq	("xmm7",8);
+	&movdqa	(&QWP(0x40,"esp"),"xmm1");
+	&paddq	("xmm2",&QWP(0x60,"esp"));
+
+	 &paddq	("xmm2","xmm5");		# a[6]*b[7]+lw(a[0]*b[7]), reduction step
+	 &paddq	("xmm3","xmm4");		# a[6]*b[7]+lw(a[0]*b[7])*0xffffffff, reduction step
+	 &movdqa(&QWP(0x50,"esp"),"xmm2");
+	 &movdqa(&QWP(0x60,"esp"),"xmm3");
+
+	&movdqa	("xmm1",&QWP(0x10,"esp"));
+	&movdqa	("xmm2",&QWP(0x20,"esp"));
+	&movdqa	("xmm3",&QWP(0x30,"esp"));
+
+	&movq	("xmm4","xmm0");		# "flatten"
+	&pand	("xmm0","xmm7");
+	&xor	("ebp","ebp");
+	&pslldq	("xmm4",6);
+	 &movq	("xmm5","xmm1");
+	&paddq	("xmm0","xmm4");
+	 &pand	("xmm1","xmm7");
+	&psrldq	("xmm0",6);
+	&movd	("eax","xmm0");
+	&psrldq	("xmm0",4);
+
+	&paddq	("xmm5","xmm0");
+	&movdqa	("xmm0",&QWP(0x40,"esp"));
+	&sub	("eax",-1);			# start subtracting modulus,
+						# this is used to determine
+						# if result is larger/smaller
+						# than modulus (see below)
+	&pslldq	("xmm5",6);
+	 &movq	("xmm4","xmm2");
+	&paddq	("xmm1","xmm5");
+	 &pand	("xmm2","xmm7");
+	&psrldq	("xmm1",6);
+	&mov	(&DWP(4*0,"edi"),"eax");
+	&movd	("eax","xmm1");
+	&psrldq	("xmm1",4);
+
+	&paddq	("xmm4","xmm1");
+	&movdqa	("xmm1",&QWP(0x50,"esp"));
+	&sbb	("eax",-1);
+	&pslldq	("xmm4",6);
+	 &movq	("xmm5","xmm3");
+	&paddq	("xmm2","xmm4");
+	 &pand	("xmm3","xmm7");
+	&psrldq	("xmm2",6);
+	&mov	(&DWP(4*1,"edi"),"eax");
+	&movd	("eax","xmm2");
+	&psrldq	("xmm2",4);
+
+	&paddq	("xmm5","xmm2");
+	&movdqa	("xmm2",&QWP(0x60,"esp"));
+	&sbb	("eax",-1);
+	&pslldq	("xmm5",6);
+	 &movq	("xmm4","xmm0");
+	&paddq	("xmm3","xmm5");
+	 &pand	("xmm0","xmm7");
+	&psrldq	("xmm3",6);
+	&mov	(&DWP(4*2,"edi"),"eax");
+	&movd	("eax","xmm3");
+	&psrldq	("xmm3",4);
+
+	&paddq	("xmm4","xmm3");
+	&sbb	("eax",0);
+	&pslldq	("xmm4",6);
+	 &movq	("xmm5","xmm1");
+	&paddq	("xmm0","xmm4");
+	 &pand	("xmm1","xmm7");
+	&psrldq	("xmm0",6);
+	&mov	(&DWP(4*3,"edi"),"eax");
+	&movd	("eax","xmm0");
+	&psrldq	("xmm0",4);
+
+	&paddq	("xmm5","xmm0");
+	&sbb	("eax",0);
+	&pslldq	("xmm5",6);
+	 &movq	("xmm4","xmm2");
+	&paddq	("xmm1","xmm5");
+	 &pand	("xmm2","xmm7");
+	&psrldq	("xmm1",6);
+	&movd	("ebx","xmm1");
+	&psrldq	("xmm1",4);
+	&mov	("esp","edx");
+
+	&paddq	("xmm4","xmm1");
+	&pslldq	("xmm4",6);
+	&paddq	("xmm2","xmm4");
+	&psrldq	("xmm2",6);
+	&movd	("ecx","xmm2");
+	&psrldq	("xmm2",4);
+	&sbb	("ebx",0);
+	&movd	("edx","xmm2");
+	&pextrw	("esi","xmm2",2);		# top-most overflow bit
+	&sbb	("ecx",1);
+	&sbb	("edx",-1);
+	&sbb	("esi",0);			# borrow from subtraction
+
+	# Final step is "if result > mod, subtract mod", and at this point
+	# we have result - mod written to output buffer, as well as borrow
+	# bit from this subtraction, and if borrow bit is set, we add
+	# modulus back.
+	#
+	# Note that because mod has special form, i.e. consists of
+	# 0xffffffff, 1 and 0s, we can conditionally synthesize it by
+	# assigning borrow bit to one register, %ebp, and its negative
+	# to another, %esi. But we started by calculating %esi...
+
+	&sub	("ebp","esi");
+	&add	(&DWP(4*0,"edi"),"esi");	# add modulus or zero
+	&adc	(&DWP(4*1,"edi"),"esi");
+	&adc	(&DWP(4*2,"edi"),"esi");
+	&adc	(&DWP(4*3,"edi"),0);
+	&adc	("eax",0);
+	&adc	("ebx",0);
+	&mov	(&DWP(4*4,"edi"),"eax");
+	&adc	("ecx","ebp");
+	&mov	(&DWP(4*5,"edi"),"ebx");
+	&adc	("edx","esi");
+	&mov	(&DWP(4*6,"edi"),"ecx");
+	&mov	(&DWP(4*7,"edi"),"edx");
+
+	&ret	();
+
+&set_label("mul_mont_ialu",16);			}
+
+	########################################
+	# IALU code path suitable for all CPUs.
+	########################################
+	# stack layout:
+	# +------------------------------------+< %esp
+	# | 8 32-bit temporary words, accessed |
+	# | as circular buffer                 |
+	# .                                    .
+	# .                                    .
+	# +------------------------------------+< +32
+	# | offloaded destination pointer      |
+	# +------------------------------------+
+	# | unused                             |
+	# +------------------------------------+< +40
+	&sub	("esp",10*4);
+
+	&mov	("eax",&DWP(0*4,"esi"));		# a[0]
+	&mov	("ebx",&DWP(0*4,"ebp"));		# b[0]
+	&mov	(&DWP(8*4,"esp"),"edi");		# off-load dst ptr
+
+	&mul	("ebx");				# a[0]*b[0]
+	&mov	(&DWP(0*4,"esp"),"eax");		# t[0]
+	&mov	("eax",&DWP(1*4,"esi"));
+	&mov	("ecx","edx")
+
+	&mul	("ebx");				# a[1]*b[0]
+	&add	("ecx","eax");
+	&mov	("eax",&DWP(2*4,"esi"));
+	&adc	("edx",0);
+	&mov	(&DWP(1*4,"esp"),"ecx");		# t[1]
+	&mov	("ecx","edx");
+
+	&mul	("ebx");				# a[2]*b[0]
+	&add	("ecx","eax");
+	&mov	("eax",&DWP(3*4,"esi"));
+	&adc	("edx",0);
+	&mov	(&DWP(2*4,"esp"),"ecx");		# t[2]
+	&mov	("ecx","edx");
+
+	&mul	("ebx");				# a[3]*b[0]
+	&add	("ecx","eax");
+	&mov	("eax",&DWP(4*4,"esi"));
+	&adc	("edx",0);
+	&mov	(&DWP(3*4,"esp"),"ecx");		# t[3]
+	&mov	("ecx","edx");
+
+	&mul	("ebx");				# a[4]*b[0]
+	&add	("ecx","eax");
+	&mov	("eax",&DWP(5*4,"esi"));
+	&adc	("edx",0);
+	&mov	(&DWP(4*4,"esp"),"ecx");		# t[4]
+	&mov	("ecx","edx");
+
+	&mul	("ebx");				# a[5]*b[0]
+	&add	("ecx","eax");
+	&mov	("eax",&DWP(6*4,"esi"));
+	&adc	("edx",0);
+	&mov	(&DWP(5*4,"esp"),"ecx");		# t[5]
+	&mov	("ecx","edx");
+
+	&mul	("ebx");				# a[6]*b[0]
+	&add	("ecx","eax");
+	&mov	("eax",&DWP(7*4,"esi"));
+	&adc	("edx",0);
+	&mov	(&DWP(6*4,"esp"),"ecx");		# t[6]
+	&mov	("ecx","edx");
+
+	&xor	("edi","edi");				# initial top-most carry
+	&mul	("ebx");				# a[7]*b[0]
+	&add	("ecx","eax");				# t[7]
+	&mov	("eax",&DWP(0*4,"esp"));		# t[0]
+	&adc	("edx",0);				# t[8]
+
+for ($i=0;$i<7;$i++) {
+	my $j=$i+1;
+
+	# Reduction iteration is normally performed by accumulating
+	# result of multiplication of modulus by "magic" digit [and
+	# omitting least significant word, which is guaranteed to
+	# be 0], but thanks to special form of modulus and "magic"
+	# digit being equal to least significant word, it can be
+	# performed with additions and subtractions alone. Indeed:
+	#
+	#        ffff.0001.0000.0000.0000.ffff.ffff.ffff
+	# *                                         abcd
+	# + xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.abcd
+	#
+	# Now observing that ff..ff*x = (2^n-1)*x = 2^n*x-x, we
+	# rewrite above as:
+	#
+	#   xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.abcd
+	# + abcd.0000.abcd.0000.0000.abcd.0000.0000.0000
+	# -      abcd.0000.0000.0000.0000.0000.0000.abcd
+	#
+	# or marking redundant operations:
+	#
+	#   xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.----
+	# + abcd.0000.abcd.0000.0000.abcd.----.----.----
+	# -      abcd.----.----.----.----.----.----.----
+
+	&add	(&DWP((($i+3)%8)*4,"esp"),"eax");	# t[3]+=t[0]
+	&adc	(&DWP((($i+4)%8)*4,"esp"),0);		# t[4]+=0
+	&adc	(&DWP((($i+5)%8)*4,"esp"),0);		# t[5]+=0
+	&adc	(&DWP((($i+6)%8)*4,"esp"),"eax");	# t[6]+=t[0]
+	&adc	("ecx",0);				# t[7]+=0
+	&adc	("edx","eax");				# t[8]+=t[0]
+	&adc	("edi",0);				# top-most carry
+	 &mov	("ebx",&DWP($j*4,"ebp"));		# b[i]
+	&sub	("ecx","eax");				# t[7]-=t[0]
+	 &mov	("eax",&DWP(0*4,"esi"));		# a[0]
+	&sbb	("edx",0);				# t[8]-=0
+	&mov	(&DWP((($i+7)%8)*4,"esp"),"ecx");
+	&sbb	("edi",0);				# top-most carry,
+							# keep in mind that
+							# netto result is
+							# *addition* of value
+							# with (abcd<<32)-abcd
+							# on top, so that
+							# underflow is
+							# impossible, because
+							# (abcd<<32)-abcd
+							# doesn't underflow
+	&mov	(&DWP((($i+8)%8)*4,"esp"),"edx");
+
+	&mul	("ebx");				# a[0]*b[i]
+	&add	("eax",&DWP((($j+0)%8)*4,"esp"));
+	&adc	("edx",0);
+	&mov	(&DWP((($j+0)%8)*4,"esp"),"eax");
+	&mov	("eax",&DWP(1*4,"esi"));
+	&mov	("ecx","edx")
+
+	&mul	("ebx");				# a[1]*b[i]
+	&add	("ecx",&DWP((($j+1)%8)*4,"esp"));
+	&adc	("edx",0);
+	&add	("ecx","eax");
+	&adc	("edx",0);
+	&mov	("eax",&DWP(2*4,"esi"));
+	&mov	(&DWP((($j+1)%8)*4,"esp"),"ecx");
+	&mov	("ecx","edx");
+
+	&mul	("ebx");				# a[2]*b[i]
+	&add	("ecx",&DWP((($j+2)%8)*4,"esp"));
+	&adc	("edx",0);
+	&add	("ecx","eax");
+	&adc	("edx",0);
+	&mov	("eax",&DWP(3*4,"esi"));
+	&mov	(&DWP((($j+2)%8)*4,"esp"),"ecx");
+	&mov	("ecx","edx");
+
+	&mul	("ebx");				# a[3]*b[i]
+	&add	("ecx",&DWP((($j+3)%8)*4,"esp"));
+	&adc	("edx",0);
+	&add	("ecx","eax");
+	&adc	("edx",0);
+	&mov	("eax",&DWP(4*4,"esi"));
+	&mov	(&DWP((($j+3)%8)*4,"esp"),"ecx");
+	&mov	("ecx","edx");
+
+	&mul	("ebx");				# a[4]*b[i]
+	&add	("ecx",&DWP((($j+4)%8)*4,"esp"));
+	&adc	("edx",0);
+	&add	("ecx","eax");
+	&adc	("edx",0);
+	&mov	("eax",&DWP(5*4,"esi"));
+	&mov	(&DWP((($j+4)%8)*4,"esp"),"ecx");
+	&mov	("ecx","edx");
+
+	&mul	("ebx");				# a[5]*b[i]
+	&add	("ecx",&DWP((($j+5)%8)*4,"esp"));
+	&adc	("edx",0);
+	&add	("ecx","eax");
+	&adc	("edx",0);
+	&mov	("eax",&DWP(6*4,"esi"));
+	&mov	(&DWP((($j+5)%8)*4,"esp"),"ecx");
+	&mov	("ecx","edx");
+
+	&mul	("ebx");				# a[6]*b[i]
+	&add	("ecx",&DWP((($j+6)%8)*4,"esp"));
+	&adc	("edx",0);
+	&add	("ecx","eax");
+	&adc	("edx",0);
+	&mov	("eax",&DWP(7*4,"esi"));
+	&mov	(&DWP((($j+6)%8)*4,"esp"),"ecx");
+	&mov	("ecx","edx");
+
+	&mul	("ebx");				# a[7]*b[i]
+	&add	("ecx",&DWP((($j+7)%8)*4,"esp"));
+	&adc	("edx",0);
+	&add	("ecx","eax");				# t[7]
+	&mov	("eax",&DWP((($j+0)%8)*4,"esp"));	# t[0]
+	&adc	("edx","edi");				# t[8]
+	&mov	("edi",0);
+	&adc	("edi",0);				# top-most carry
+}
+	&mov	("ebp",&DWP(8*4,"esp"));		# restore dst ptr
+	&xor	("esi","esi");
+	my $j=$i+1;
+
+	# last multiplication-less reduction
+	&add	(&DWP((($i+3)%8)*4,"esp"),"eax");	# t[3]+=t[0]
+	&adc	(&DWP((($i+4)%8)*4,"esp"),0);		# t[4]+=0
+	&adc	(&DWP((($i+5)%8)*4,"esp"),0);		# t[5]+=0
+	&adc	(&DWP((($i+6)%8)*4,"esp"),"eax");	# t[6]+=t[0]
+	&adc	("ecx",0);				# t[7]+=0
+	&adc	("edx","eax");				# t[8]+=t[0]
+	&adc	("edi",0);				# top-most carry
+	 &mov	("ebx",&DWP((($j+1)%8)*4,"esp"));
+	&sub	("ecx","eax");				# t[7]-=t[0]
+	 &mov	("eax",&DWP((($j+0)%8)*4,"esp"));
+	&sbb	("edx",0);				# t[8]-=0
+	&mov	(&DWP((($i+7)%8)*4,"esp"),"ecx");
+	&sbb	("edi",0);				# top-most carry
+	&mov	(&DWP((($i+8)%8)*4,"esp"),"edx");
+
+	# Final step is "if result > mod, subtract mod", but we do it
+	# "other way around", namely write result - mod to output buffer
+	# and if subtraction borrowed, add modulus back.
+
+	&mov	("ecx",&DWP((($j+2)%8)*4,"esp"));
+	&sub	("eax",-1);
+	&mov	("edx",&DWP((($j+3)%8)*4,"esp"));
+	&sbb	("ebx",-1);
+	&mov	(&DWP(0*4,"ebp"),"eax");
+	&sbb	("ecx",-1);
+	&mov	(&DWP(1*4,"ebp"),"ebx");
+	&sbb	("edx",0);
+	&mov	(&DWP(2*4,"ebp"),"ecx");
+	&mov	(&DWP(3*4,"ebp"),"edx");
+
+	&mov	("eax",&DWP((($j+4)%8)*4,"esp"));
+	&mov	("ebx",&DWP((($j+5)%8)*4,"esp"));
+	&mov	("ecx",&DWP((($j+6)%8)*4,"esp"));
+	&sbb	("eax",0);
+	&mov	("edx",&DWP((($j+7)%8)*4,"esp"));
+	&sbb	("ebx",0);
+	&sbb	("ecx",1);
+	&sbb	("edx",-1);
+	&sbb	("edi",0);
+
+	# Note that because mod has special form, i.e. consists of
+	# 0xffffffff, 1 and 0s, we can conditionally synthesize it by
+	# assigning borrow bit to one register, %ebp, and its negative
+	# to another, %esi. But we started by calculating %esi...
+
+	&sub	("esi","edi");
+	&add	(&DWP(0*4,"ebp"),"edi");		# add modulus or zero
+	&adc	(&DWP(1*4,"ebp"),"edi");
+	&adc	(&DWP(2*4,"ebp"),"edi");
+	&adc	(&DWP(3*4,"ebp"),0);
+	&adc	("eax",0);
+	&adc	("ebx",0);
+	&mov	(&DWP(4*4,"ebp"),"eax");
+	&adc	("ecx","esi");
+	&mov	(&DWP(5*4,"ebp"),"ebx");
+	&adc	("edx","edi");
+	&mov	(&DWP(6*4,"ebp"),"ecx");
+	&mov	("edi","ebp");				# fulfill contract
+	&mov	(&DWP(7*4,"ebp"),"edx");
+
+	&add	("esp",10*4);
+	&ret	();
+&function_end_B("_ecp_nistz256_mul_mont");
+
+########################################################################
+# void ecp_nistz256_scatter_w5(void *edi,const P256_POINT *esi,
+#					 int ebp);
+&function_begin("ecp_nistz256_scatter_w5");
+	&mov	("edi",&wparam(0));
+	&mov	("esi",&wparam(1));
+	&mov	("ebp",&wparam(2));
+
+	&lea	("edi",&DWP(128-4,"edi","ebp",4));
+	&mov	("ebp",96/16);
+&set_label("scatter_w5_loop");
+	&mov	("eax",&DWP(0,"esi"));
+	&mov	("ebx",&DWP(4,"esi"));
+	&mov	("ecx",&DWP(8,"esi"));
+	&mov	("edx",&DWP(12,"esi"));
+	&lea	("esi",&DWP(16,"esi"));
+	&mov	(&DWP(64*0-128,"edi"),"eax");
+	&mov	(&DWP(64*1-128,"edi"),"ebx");
+	&mov	(&DWP(64*2-128,"edi"),"ecx");
+	&mov	(&DWP(64*3-128,"edi"),"edx");
+	&lea	("edi",&DWP(64*4,"edi"));
+	&dec	("ebp");
+	&jnz	(&label("scatter_w5_loop"));
+&function_end("ecp_nistz256_scatter_w5");
+
+########################################################################
+# void ecp_nistz256_gather_w5(P256_POINT *edi,const void *esi,
+#					      int ebp);
+&function_begin("ecp_nistz256_gather_w5");
+	&mov	("esi",&wparam(1));
+	&mov	("ebp",&wparam(2));
+
+	&lea	("esi",&DWP(0,"esi","ebp",4));
+	&neg	("ebp");
+	&sar	("ebp",31);
+	&mov	("edi",&wparam(0));
+	&lea	("esi",&DWP(0,"esi","ebp",4));
+
+    for($i=0;$i<24;$i+=4) {
+	&mov	("eax",&DWP(64*($i+0),"esi"));
+	&mov	("ebx",&DWP(64*($i+1),"esi"));
+	&mov	("ecx",&DWP(64*($i+2),"esi"));
+	&mov	("edx",&DWP(64*($i+3),"esi"));
+	&and	("eax","ebp");
+	&and	("ebx","ebp");
+	&and	("ecx","ebp");
+	&and	("edx","ebp");
+	&mov	(&DWP(4*($i+0),"edi"),"eax");
+	&mov	(&DWP(4*($i+1),"edi"),"ebx");
+	&mov	(&DWP(4*($i+2),"edi"),"ecx");
+	&mov	(&DWP(4*($i+3),"edi"),"edx");
+    }
+&function_end("ecp_nistz256_gather_w5");
+
+########################################################################
+# void ecp_nistz256_scatter_w7(void *edi,const P256_POINT_AFFINE *esi,
+#					 int ebp);
+&function_begin("ecp_nistz256_scatter_w7");
+	&mov	("edi",&wparam(0));
+	&mov	("esi",&wparam(1));
+	&mov	("ebp",&wparam(2));
+
+	&lea	("edi",&DWP(0,"edi","ebp"));
+	&mov	("ebp",64/4);
+&set_label("scatter_w7_loop");
+	&mov	("eax",&DWP(0,"esi"));
+	&lea	("esi",&DWP(4,"esi"));
+	&mov	(&BP(64*0,"edi"),"al");
+	&mov	(&BP(64*1,"edi"),"ah");
+	&shr	("eax",16);
+	&mov	(&BP(64*2,"edi"),"al");
+	&mov	(&BP(64*3,"edi"),"ah");
+	&lea	("edi",&DWP(64*4,"edi"));
+	&dec	("ebp");
+	&jnz	(&label("scatter_w7_loop"));
+&function_end("ecp_nistz256_scatter_w7");
+
+########################################################################
+# void ecp_nistz256_gather_w7(P256_POINT_AFFINE *edi,const void *esi,
+#						     int ebp);
+&function_begin("ecp_nistz256_gather_w7");
+	&mov	("esi",&wparam(1));
+	&mov	("ebp",&wparam(2));
+
+	&add	("esi","ebp");
+	&neg	("ebp"),
+	&sar	("ebp",31);
+	&mov	("edi",&wparam(0));
+	&lea	("esi",&DWP(0,"esi","ebp"));
+
+    for($i=0;$i<64;$i+=4) {
+	&movz	("eax",&BP(64*($i+0),"esi"));
+	&movz	("ebx",&BP(64*($i+1),"esi"));
+	&movz	("ecx",&BP(64*($i+2),"esi"));
+	&and	("eax","ebp");
+	&movz	("edx",&BP(64*($i+3),"esi"));
+	&and	("ebx","ebp");
+	&mov	(&BP($i+0,"edi"),"al");
+	&and	("ecx","ebp");
+	&mov	(&BP($i+1,"edi"),"bl");
+	&and	("edx","ebp");
+	&mov	(&BP($i+2,"edi"),"cl");
+	&mov	(&BP($i+3,"edi"),"dl");
+    }
+&function_end("ecp_nistz256_gather_w7");
+
+########################################################################
+# following subroutines are "literal" implementation of those found in
+# ecp_nistz256.c
+#
+########################################################################
+# void ecp_nistz256_point_double(P256_POINT *out,const P256_POINT *inp);
+#
+&static_label("point_double_shortcut");
+&function_begin("ecp_nistz256_point_double");
+{   my ($S,$M,$Zsqr,$in_x,$tmp0)=map(32*$_,(0..4));
+
+	&mov	("esi",&wparam(1));
+
+	# above map() describes stack layout with 5 temporary
+	# 256-bit vectors on top, then we take extra word for
+	# OPENSSL_ia32cap_P copy.
+	&stack_push(8*5+1);
+						if ($sse2) {
+	&call	("_picup_eax");
+    &set_label("pic");
+	&picmeup("edx","OPENSSL_ia32cap_P","eax",&label("pic"));
+	&mov	("ebp",&DWP(0,"edx"));		}
+
+&set_label("point_double_shortcut");
+	&mov	("eax",&DWP(0,"esi"));		# copy in_x
+	&mov	("ebx",&DWP(4,"esi"));
+	&mov	("ecx",&DWP(8,"esi"));
+	&mov	("edx",&DWP(12,"esi"));
+	&mov	(&DWP($in_x+0,"esp"),"eax");
+	&mov	(&DWP($in_x+4,"esp"),"ebx");
+	&mov	(&DWP($in_x+8,"esp"),"ecx");
+	&mov	(&DWP($in_x+12,"esp"),"edx");
+	&mov	("eax",&DWP(16,"esi"));
+	&mov	("ebx",&DWP(20,"esi"));
+	&mov	("ecx",&DWP(24,"esi"));
+	&mov	("edx",&DWP(28,"esi"));
+	&mov	(&DWP($in_x+16,"esp"),"eax");
+	&mov	(&DWP($in_x+20,"esp"),"ebx");
+	&mov	(&DWP($in_x+24,"esp"),"ecx");
+	&mov	(&DWP($in_x+28,"esp"),"edx");
+	&mov	(&DWP(32*5,"esp"),"ebp");	# OPENSSL_ia32cap_P copy
+
+	&lea	("ebp",&DWP(32,"esi"));
+	&lea	("esi",&DWP(32,"esi"));
+	&lea	("edi",&DWP($S,"esp"));
+	&call	("_ecp_nistz256_add");		# p256_mul_by_2(S, in_y);
+
+	&mov	("eax",&DWP(32*5,"esp"));	# OPENSSL_ia32cap_P copy
+	&mov	("esi",64);
+	&add	("esi",&wparam(1));
+	&lea	("edi",&DWP($Zsqr,"esp"));
+	&mov	("ebp","esi");
+	&call	("_ecp_nistz256_mul_mont");	# p256_sqr_mont(Zsqr, in_z);
+
+	&mov	("eax",&DWP(32*5,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($S,"esp"));
+	&lea	("ebp",&DWP($S,"esp"));
+	&lea	("edi",&DWP($S,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_sqr_mont(S, S);
+
+	&mov	("eax",&DWP(32*5,"esp"));	# OPENSSL_ia32cap_P copy
+	&mov	("ebp",&wparam(1));
+	&lea	("esi",&DWP(32,"ebp"));
+	&lea	("ebp",&DWP(64,"ebp"));
+	&lea	("edi",&DWP($tmp0,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_mul_mont(tmp0, in_z, in_y);
+
+	&lea	("esi",&DWP($in_x,"esp"));
+	&lea	("ebp",&DWP($Zsqr,"esp"));
+	&lea	("edi",&DWP($M,"esp"));
+	&call	("_ecp_nistz256_add");		# p256_add(M, in_x, Zsqr);
+
+	&mov	("edi",64);
+	&lea	("esi",&DWP($tmp0,"esp"));
+	&lea	("ebp",&DWP($tmp0,"esp"));
+	&add	("edi",&wparam(0));
+	&call	("_ecp_nistz256_add");		# p256_mul_by_2(res_z, tmp0);
+
+	&lea	("esi",&DWP($in_x,"esp"));
+	&lea	("ebp",&DWP($Zsqr,"esp"));
+	&lea	("edi",&DWP($Zsqr,"esp"));
+	&call	("_ecp_nistz256_sub");		# p256_sub(Zsqr, in_x, Zsqr);
+
+	&mov	("eax",&DWP(32*5,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($S,"esp"));
+	&lea	("ebp",&DWP($S,"esp"));
+	&lea	("edi",&DWP($tmp0,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_sqr_mont(tmp0, S);
+
+	&mov	("eax",&DWP(32*5,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($M,"esp"));
+	&lea	("ebp",&DWP($Zsqr,"esp"));
+	&lea	("edi",&DWP($M,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_mul_mont(M, M, Zsqr);
+
+	&mov	("edi",32);
+	&lea	("esi",&DWP($tmp0,"esp"));
+	&add	("edi",&wparam(0));
+	&call	("_ecp_nistz256_div_by_2");	# p256_div_by_2(res_y, tmp0);
+
+	&lea	("esi",&DWP($M,"esp"));
+	&lea	("ebp",&DWP($M,"esp"));
+	&lea	("edi",&DWP($tmp0,"esp"));
+	&call	("_ecp_nistz256_add");		# 1/2 p256_mul_by_3(M, M);
+
+	&mov	("eax",&DWP(32*5,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($in_x,"esp"));
+	&lea	("ebp",&DWP($S,"esp"));
+	&lea	("edi",&DWP($S,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_mul_mont(S, S, in_x);
+
+	&lea	("esi",&DWP($tmp0,"esp"));
+	&lea	("ebp",&DWP($M,"esp"));
+	&lea	("edi",&DWP($M,"esp"));
+	&call	("_ecp_nistz256_add");		# 2/2 p256_mul_by_3(M, M);
+
+	&lea	("esi",&DWP($S,"esp"));
+	&lea	("ebp",&DWP($S,"esp"));
+	&lea	("edi",&DWP($tmp0,"esp"));
+	&call	("_ecp_nistz256_add");		# p256_mul_by_2(tmp0, S);
+
+	&mov	("eax",&DWP(32*5,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($M,"esp"));
+	&lea	("ebp",&DWP($M,"esp"));
+	&mov	("edi",&wparam(0));
+	&call	("_ecp_nistz256_mul_mont");	# p256_sqr_mont(res_x, M);
+
+	&mov	("esi","edi");			# %edi is still res_x here
+	&lea	("ebp",&DWP($tmp0,"esp"));
+	&call	("_ecp_nistz256_sub");		# p256_sub(res_x, res_x, tmp0);
+
+	&lea	("esi",&DWP($S,"esp"));
+	&mov	("ebp","edi");			# %edi is still res_x
+	&lea	("edi",&DWP($S,"esp"));
+	&call	("_ecp_nistz256_sub");		# p256_sub(S, S, res_x);
+
+	&mov	("eax",&DWP(32*5,"esp"));	# OPENSSL_ia32cap_P copy
+	&mov	("esi","edi");			# %edi is still &S
+	&lea	("ebp",&DWP($M,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_mul_mont(S, S, M);
+
+	&mov	("ebp",32);
+	&lea	("esi",&DWP($S,"esp"));
+	&add	("ebp",&wparam(0));
+	&mov	("edi","ebp");
+	&call	("_ecp_nistz256_sub");		# p256_sub(res_y, S, res_y);
+
+	&stack_pop(8*5+1);
+} &function_end("ecp_nistz256_point_double");
+
+########################################################################
+# void ecp_nistz256_point_add(P256_POINT *out,const P256_POINT *in1,
+#					      const P256_POINT *in2);
+&function_begin("ecp_nistz256_point_add");
+{   my ($res_x,$res_y,$res_z,
+	$in1_x,$in1_y,$in1_z,
+	$in2_x,$in2_y,$in2_z,
+	$H,$Hsqr,$R,$Rsqr,$Hcub,
+	$U1,$U2,$S1,$S2)=map(32*$_,(0..17));
+    my ($Z1sqr, $Z2sqr) = ($Hsqr, $Rsqr);
+
+	&mov	("esi",&wparam(2));
+
+	# above map() describes stack layout with 18 temporary
+	# 256-bit vectors on top, then we take extra words for
+	# !in1infty, !in2infty, result of check for zero and
+	# OPENSSL_ia32cap_P copy. [one unused word for padding]
+	&stack_push(8*18+5);
+						if ($sse2) {
+	&call	("_picup_eax");
+    &set_label("pic");
+	&picmeup("edx","OPENSSL_ia32cap_P","eax",&label("pic"));
+	&mov	("ebp",&DWP(0,"edx"));		}
+
+	&lea	("edi",&DWP($in2_x,"esp"));
+    for($i=0;$i<96;$i+=16) {
+	&mov	("eax",&DWP($i+0,"esi"));	# copy in2
+	&mov	("ebx",&DWP($i+4,"esi"));
+	&mov	("ecx",&DWP($i+8,"esi"));
+	&mov	("edx",&DWP($i+12,"esi"));
+	&mov	(&DWP($i+0,"edi"),"eax");
+	&mov	(&DWP(32*18+12,"esp"),"ebp")	if ($i==0);
+	&mov	("ebp","eax")			if ($i==64);
+	&or	("ebp","eax")			if ($i>64);
+	&mov	(&DWP($i+4,"edi"),"ebx");
+	&or	("ebp","ebx")			if ($i>=64);
+	&mov	(&DWP($i+8,"edi"),"ecx");
+	&or	("ebp","ecx")			if ($i>=64);
+	&mov	(&DWP($i+12,"edi"),"edx");
+	&or	("ebp","edx")			if ($i>=64);
+    }
+	&xor	("eax","eax");
+	&mov	("esi",&wparam(1));
+	&sub	("eax","ebp");
+	&or	("ebp","eax");
+	&sar	("ebp",31);
+	&mov	(&DWP(32*18+4,"esp"),"ebp");	# !in2infty
+
+	&lea	("edi",&DWP($in1_x,"esp"));
+    for($i=0;$i<96;$i+=16) {
+	&mov	("eax",&DWP($i+0,"esi"));	# copy in1
+	&mov	("ebx",&DWP($i+4,"esi"));
+	&mov	("ecx",&DWP($i+8,"esi"));
+	&mov	("edx",&DWP($i+12,"esi"));
+	&mov	(&DWP($i+0,"edi"),"eax");
+	&mov	("ebp","eax")			if ($i==64);
+	&or	("ebp","eax")			if ($i>64);
+	&mov	(&DWP($i+4,"edi"),"ebx");
+	&or	("ebp","ebx")			if ($i>=64);
+	&mov	(&DWP($i+8,"edi"),"ecx");
+	&or	("ebp","ecx")			if ($i>=64);
+	&mov	(&DWP($i+12,"edi"),"edx");
+	&or	("ebp","edx")			if ($i>=64);
+    }
+	&xor	("eax","eax");
+	&sub	("eax","ebp");
+	&or	("ebp","eax");
+	&sar	("ebp",31);
+	&mov	(&DWP(32*18+0,"esp"),"ebp");	# !in1infty
+
+	&mov	("eax",&DWP(32*18+12,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($in2_z,"esp"));
+	&lea	("ebp",&DWP($in2_z,"esp"));
+	&lea	("edi",&DWP($Z2sqr,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_sqr_mont(Z2sqr, in2_z);
+
+	&mov	("eax",&DWP(32*18+12,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($in1_z,"esp"));
+	&lea	("ebp",&DWP($in1_z,"esp"));
+	&lea	("edi",&DWP($Z1sqr,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_sqr_mont(Z1sqr, in1_z);
+
+	&mov	("eax",&DWP(32*18+12,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($Z2sqr,"esp"));
+	&lea	("ebp",&DWP($in2_z,"esp"));
+	&lea	("edi",&DWP($S1,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_mul_mont(S1, Z2sqr, in2_z);
+
+	&mov	("eax",&DWP(32*18+12,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($Z1sqr,"esp"));
+	&lea	("ebp",&DWP($in1_z,"esp"));
+	&lea	("edi",&DWP($S2,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_mul_mont(S2, Z1sqr, in1_z);
+
+	&mov	("eax",&DWP(32*18+12,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($in1_y,"esp"));
+	&lea	("ebp",&DWP($S1,"esp"));
+	&lea	("edi",&DWP($S1,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_mul_mont(S1, S1, in1_y);
+
+	&mov	("eax",&DWP(32*18+12,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($in2_y,"esp"));
+	&lea	("ebp",&DWP($S2,"esp"));
+	&lea	("edi",&DWP($S2,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_mul_mont(S2, S2, in2_y);
+
+	&lea	("esi",&DWP($S2,"esp"));
+	&lea	("ebp",&DWP($S1,"esp"));
+	&lea	("edi",&DWP($R,"esp"));
+	&call	("_ecp_nistz256_sub");		# p256_sub(R, S2, S1);
+
+	&or	("ebx","eax");			# see if result is zero
+	&mov	("eax",&DWP(32*18+12,"esp"));	# OPENSSL_ia32cap_P copy
+	&or	("ebx","ecx");
+	&or	("ebx","edx");
+	&or	("ebx",&DWP(0,"edi"));
+	&or	("ebx",&DWP(4,"edi"));
+	 &lea	("esi",&DWP($in1_x,"esp"));
+	&or	("ebx",&DWP(8,"edi"));
+	 &lea	("ebp",&DWP($Z2sqr,"esp"));
+	&or	("ebx",&DWP(12,"edi"));
+	 &lea	("edi",&DWP($U1,"esp"));
+	&mov	(&DWP(32*18+8,"esp"),"ebx");
+
+	&call	("_ecp_nistz256_mul_mont");	# p256_mul_mont(U1, in1_x, Z2sqr);
+
+	&mov	("eax",&DWP(32*18+12,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($in2_x,"esp"));
+	&lea	("ebp",&DWP($Z1sqr,"esp"));
+	&lea	("edi",&DWP($U2,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_mul_mont(U2, in2_x, Z1sqr);
+
+	&lea	("esi",&DWP($U2,"esp"));
+	&lea	("ebp",&DWP($U1,"esp"));
+	&lea	("edi",&DWP($H,"esp"));
+	&call	("_ecp_nistz256_sub");		# p256_sub(H, U2, U1);
+
+	&or	("eax","ebx");			# see if result is zero
+	&or	("eax","ecx");
+	&or	("eax","edx");
+	&or	("eax",&DWP(0,"edi"));
+	&or	("eax",&DWP(4,"edi"));
+	&or	("eax",&DWP(8,"edi"));
+	&or	("eax",&DWP(12,"edi"));
+
+	&data_byte(0x3e);			# predict taken
+	&jnz	(&label("add_proceed"));	# is_equal(U1,U2)?
+
+	&mov	("eax",&DWP(32*18+0,"esp"));
+	&and	("eax",&DWP(32*18+4,"esp"));
+	&mov	("ebx",&DWP(32*18+8,"esp"));
+	&jz	(&label("add_proceed"));	# (in1infty || in2infty)?
+	&test	("ebx","ebx");
+	&jz	(&label("add_double"));		# is_equal(S1,S2)?
+
+	&mov	("edi",&wparam(0));
+	&xor	("eax","eax");
+	&mov	("ecx",96/4);
+	&data_byte(0xfc,0xf3,0xab);		# cld; stosd
+	&jmp	(&label("add_done"));
+
+&set_label("add_double",16);
+	&mov	("esi",&wparam(1));
+	&mov	("ebp",&DWP(32*18+12,"esp"));	# OPENSSL_ia32cap_P copy
+	&add	("esp",4*((8*18+5)-(8*5+1)));	# difference in frame sizes
+	&jmp	(&label("point_double_shortcut"));
+
+&set_label("add_proceed",16);
+	&mov	("eax",&DWP(32*18+12,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($R,"esp"));
+	&lea	("ebp",&DWP($R,"esp"));
+	&lea	("edi",&DWP($Rsqr,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_sqr_mont(Rsqr, R);
+
+	&mov	("eax",&DWP(32*18+12,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($H,"esp"));
+	&lea	("ebp",&DWP($in1_z,"esp"));
+	&lea	("edi",&DWP($res_z,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_mul_mont(res_z, H, in1_z);
+
+	&mov	("eax",&DWP(32*18+12,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($H,"esp"));
+	&lea	("ebp",&DWP($H,"esp"));
+	&lea	("edi",&DWP($Hsqr,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_sqr_mont(Hsqr, H);
+
+	&mov	("eax",&DWP(32*18+12,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($in2_z,"esp"));
+	&lea	("ebp",&DWP($res_z,"esp"));
+	&lea	("edi",&DWP($res_z,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_mul_mont(res_z, res_z, in2_z);
+
+	&mov	("eax",&DWP(32*18+12,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($Hsqr,"esp"));
+	&lea	("ebp",&DWP($U1,"esp"));
+	&lea	("edi",&DWP($U2,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_mul_mont(U2, U1, Hsqr);
+
+	&mov	("eax",&DWP(32*18+12,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($H,"esp"));
+	&lea	("ebp",&DWP($Hsqr,"esp"));
+	&lea	("edi",&DWP($Hcub,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_mul_mont(Hcub, Hsqr, H);
+
+	&lea	("esi",&DWP($U2,"esp"));
+	&lea	("ebp",&DWP($U2,"esp"));
+	&lea	("edi",&DWP($Hsqr,"esp"));
+	&call	("_ecp_nistz256_add");		# p256_mul_by_2(Hsqr, U2);
+
+	&lea	("esi",&DWP($Rsqr,"esp"));
+	&lea	("ebp",&DWP($Hsqr,"esp"));
+	&lea	("edi",&DWP($res_x,"esp"));
+	&call	("_ecp_nistz256_sub");		# p256_sub(res_x, Rsqr, Hsqr);
+
+	&lea	("esi",&DWP($res_x,"esp"));
+	&lea	("ebp",&DWP($Hcub,"esp"));
+	&lea	("edi",&DWP($res_x,"esp"));
+	&call	("_ecp_nistz256_sub");		# p256_sub(res_x, res_x, Hcub);
+
+	&lea	("esi",&DWP($U2,"esp"));
+	&lea	("ebp",&DWP($res_x,"esp"));
+	&lea	("edi",&DWP($res_y,"esp"));
+	&call	("_ecp_nistz256_sub");		# p256_sub(res_y, U2, res_x);
+
+	&mov	("eax",&DWP(32*18+12,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($Hcub,"esp"));
+	&lea	("ebp",&DWP($S1,"esp"));
+	&lea	("edi",&DWP($S2,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_mul_mont(S2, S1, Hcub);
+
+	&mov	("eax",&DWP(32*18+12,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($R,"esp"));
+	&lea	("ebp",&DWP($res_y,"esp"));
+	&lea	("edi",&DWP($res_y,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_mul_mont(res_y, R, res_y);
+
+	&lea	("esi",&DWP($res_y,"esp"));
+	&lea	("ebp",&DWP($S2,"esp"));
+	&lea	("edi",&DWP($res_y,"esp"));
+	&call	("_ecp_nistz256_sub");		# p256_sub(res_y, res_y, S2);
+
+	&mov	("ebp",&DWP(32*18+0,"esp"));	# !in1infty
+	&mov	("esi",&DWP(32*18+4,"esp"));	# !in2infty
+	&mov	("edi",&wparam(0));
+	&mov	("edx","ebp");
+	&not	("ebp");
+	&and	("edx","esi");
+	&and	("ebp","esi");
+	&not	("esi");
+
+	########################################
+	# conditional moves
+    for($i=64;$i<96;$i+=4) {
+	&mov	("eax","edx");
+	&and	("eax",&DWP($res_x+$i,"esp"));
+	&mov	("ebx","ebp");
+	&and	("ebx",&DWP($in2_x+$i,"esp"));
+	&mov	("ecx","esi");
+	&and	("ecx",&DWP($in1_x+$i,"esp"));
+	&or	("eax","ebx");
+	&or	("eax","ecx");
+	&mov	(&DWP($i,"edi"),"eax");
+    }
+    for($i=0;$i<64;$i+=4) {
+	&mov	("eax","edx");
+	&and	("eax",&DWP($res_x+$i,"esp"));
+	&mov	("ebx","ebp");
+	&and	("ebx",&DWP($in2_x+$i,"esp"));
+	&mov	("ecx","esi");
+	&and	("ecx",&DWP($in1_x+$i,"esp"));
+	&or	("eax","ebx");
+	&or	("eax","ecx");
+	&mov	(&DWP($i,"edi"),"eax");
+    }
+    &set_label("add_done");
+	&stack_pop(8*18+5);
+} &function_end("ecp_nistz256_point_add");
+
+########################################################################
+# void ecp_nistz256_point_add_affine(P256_POINT *out,
+#				     const P256_POINT *in1,
+#				     const P256_POINT_AFFINE *in2);
+&function_begin("ecp_nistz256_point_add_affine");
+{
+    my ($res_x,$res_y,$res_z,
+	$in1_x,$in1_y,$in1_z,
+	$in2_x,$in2_y,
+	$U2,$S2,$H,$R,$Hsqr,$Hcub,$Rsqr)=map(32*$_,(0..14));
+    my $Z1sqr = $S2;
+    my @ONE_mont=(1,0,0,-1,-1,-1,-2,0);
+
+	&mov	("esi",&wparam(1));
+
+	# above map() describes stack layout with 15 temporary
+	# 256-bit vectors on top, then we take extra words for
+	# !in1infty, !in2infty, and OPENSSL_ia32cap_P copy.
+	&stack_push(8*15+3);
+						if ($sse2) {
+	&call	("_picup_eax");
+    &set_label("pic");
+	&picmeup("edx","OPENSSL_ia32cap_P","eax",&label("pic"));
+	&mov	("ebp",&DWP(0,"edx"));		}
+
+	&lea	("edi",&DWP($in1_x,"esp"));
+    for($i=0;$i<96;$i+=16) {
+	&mov	("eax",&DWP($i+0,"esi"));	# copy in1
+	&mov	("ebx",&DWP($i+4,"esi"));
+	&mov	("ecx",&DWP($i+8,"esi"));
+	&mov	("edx",&DWP($i+12,"esi"));
+	&mov	(&DWP($i+0,"edi"),"eax");
+	&mov	(&DWP(32*15+8,"esp"),"ebp")	if ($i==0);
+	&mov	("ebp","eax")			if ($i==64);
+	&or	("ebp","eax")			if ($i>64);
+	&mov	(&DWP($i+4,"edi"),"ebx");
+	&or	("ebp","ebx")			if ($i>=64);
+	&mov	(&DWP($i+8,"edi"),"ecx");
+	&or	("ebp","ecx")			if ($i>=64);
+	&mov	(&DWP($i+12,"edi"),"edx");
+	&or	("ebp","edx")			if ($i>=64);
+    }
+	&xor	("eax","eax");
+	&mov	("esi",&wparam(2));
+	&sub	("eax","ebp");
+	&or	("ebp","eax");
+	&sar	("ebp",31);
+	&mov	(&DWP(32*15+0,"esp"),"ebp");	# !in1infty
+
+	&lea	("edi",&DWP($in2_x,"esp"));
+    for($i=0;$i<64;$i+=16) {
+	&mov	("eax",&DWP($i+0,"esi"));	# copy in2
+	&mov	("ebx",&DWP($i+4,"esi"));
+	&mov	("ecx",&DWP($i+8,"esi"));
+	&mov	("edx",&DWP($i+12,"esi"));
+	&mov	(&DWP($i+0,"edi"),"eax");
+	&mov	("ebp","eax")			if ($i==0);
+	&or	("ebp","eax")			if ($i!=0);
+	&mov	(&DWP($i+4,"edi"),"ebx");
+	&or	("ebp","ebx");
+	&mov	(&DWP($i+8,"edi"),"ecx");
+	&or	("ebp","ecx");
+	&mov	(&DWP($i+12,"edi"),"edx");
+	&or	("ebp","edx");
+    }
+	&xor	("ebx","ebx");
+	&mov	("eax",&DWP(32*15+8,"esp"));	# OPENSSL_ia32cap_P copy
+	&sub	("ebx","ebp");
+	 &lea	("esi",&DWP($in1_z,"esp"));
+	&or	("ebx","ebp");
+	 &lea	("ebp",&DWP($in1_z,"esp"));
+	&sar	("ebx",31);
+	 &lea	("edi",&DWP($Z1sqr,"esp"));
+	&mov	(&DWP(32*15+4,"esp"),"ebx");	# !in2infty
+
+	&call	("_ecp_nistz256_mul_mont");	# p256_sqr_mont(Z1sqr, in1_z);
+
+	&mov	("eax",&DWP(32*15+8,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($in2_x,"esp"));
+	&mov	("ebp","edi");			# %esi is stull &Z1sqr
+	&lea	("edi",&DWP($U2,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_mul_mont(U2, Z1sqr, in2_x);
+
+	&mov	("eax",&DWP(32*15+8,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($in1_z,"esp"));
+	&lea	("ebp",&DWP($Z1sqr,"esp"));
+	&lea	("edi",&DWP($S2,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_mul_mont(S2, Z1sqr, in1_z);
+
+	&lea	("esi",&DWP($U2,"esp"));
+	&lea	("ebp",&DWP($in1_x,"esp"));
+	&lea	("edi",&DWP($H,"esp"));
+	&call	("_ecp_nistz256_sub");		# p256_sub(H, U2, in1_x);
+
+	&mov	("eax",&DWP(32*15+8,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($in2_y,"esp"));
+	&lea	("ebp",&DWP($S2,"esp"));
+	&lea	("edi",&DWP($S2,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_mul_mont(S2, S2, in2_y);
+
+	&mov	("eax",&DWP(32*15+8,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($in1_z,"esp"));
+	&lea	("ebp",&DWP($H,"esp"));
+	&lea	("edi",&DWP($res_z,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_mul_mont(res_z, H, in1_z);
+
+	&lea	("esi",&DWP($S2,"esp"));
+	&lea	("ebp",&DWP($in1_y,"esp"));
+	&lea	("edi",&DWP($R,"esp"));
+	&call	("_ecp_nistz256_sub");		# p256_sub(R, S2, in1_y);
+
+	&mov	("eax",&DWP(32*15+8,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($H,"esp"));
+	&lea	("ebp",&DWP($H,"esp"));
+	&lea	("edi",&DWP($Hsqr,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_sqr_mont(Hsqr, H);
+
+	&mov	("eax",&DWP(32*15+8,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($R,"esp"));
+	&lea	("ebp",&DWP($R,"esp"));
+	&lea	("edi",&DWP($Rsqr,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_sqr_mont(Rsqr, R);
+
+	&mov	("eax",&DWP(32*15+8,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($in1_x,"esp"));
+	&lea	("ebp",&DWP($Hsqr,"esp"));
+	&lea	("edi",&DWP($U2,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_mul_mont(U2, in1_x, Hsqr);
+
+	&mov	("eax",&DWP(32*15+8,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($H,"esp"));
+	&lea	("ebp",&DWP($Hsqr,"esp"));
+	&lea	("edi",&DWP($Hcub,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_mul_mont(Hcub, Hsqr, H);
+
+	&lea	("esi",&DWP($U2,"esp"));
+	&lea	("ebp",&DWP($U2,"esp"));
+	&lea	("edi",&DWP($Hsqr,"esp"));
+	&call	("_ecp_nistz256_add");		# p256_mul_by_2(Hsqr, U2);
+
+	&lea	("esi",&DWP($Rsqr,"esp"));
+	&lea	("ebp",&DWP($Hsqr,"esp"));
+	&lea	("edi",&DWP($res_x,"esp"));
+	&call	("_ecp_nistz256_sub");		# p256_sub(res_x, Rsqr, Hsqr);
+
+	&lea	("esi",&DWP($res_x,"esp"));
+	&lea	("ebp",&DWP($Hcub,"esp"));
+	&lea	("edi",&DWP($res_x,"esp"));
+	&call	("_ecp_nistz256_sub");		# p256_sub(res_x, res_x, Hcub);
+
+	&lea	("esi",&DWP($U2,"esp"));
+	&lea	("ebp",&DWP($res_x,"esp"));
+	&lea	("edi",&DWP($res_y,"esp"));
+	&call	("_ecp_nistz256_sub");		# p256_sub(res_y, U2, res_x);
+
+	&mov	("eax",&DWP(32*15+8,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($Hcub,"esp"));
+	&lea	("ebp",&DWP($in1_y,"esp"));
+	&lea	("edi",&DWP($S2,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_mul_mont(S2, Hcub, in1_y);
+
+	&mov	("eax",&DWP(32*15+8,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($R,"esp"));
+	&lea	("ebp",&DWP($res_y,"esp"));
+	&lea	("edi",&DWP($res_y,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_mul_mont(res_y, res_y, R);
+
+	&lea	("esi",&DWP($res_y,"esp"));
+	&lea	("ebp",&DWP($S2,"esp"));
+	&lea	("edi",&DWP($res_y,"esp"));
+	&call	("_ecp_nistz256_sub");		# p256_sub(res_y, res_y, S2);
+
+	&mov	("ebp",&DWP(32*15+0,"esp"));	# !in1infty
+	&mov	("esi",&DWP(32*15+4,"esp"));	# !in2infty
+	&mov	("edi",&wparam(0));
+	&mov	("edx","ebp");
+	&not	("ebp");
+	&and	("edx","esi");
+	&and	("ebp","esi");
+	&not	("esi");
+
+	########################################
+	# conditional moves
+    for($i=64;$i<96;$i+=4) {
+	my $one=@ONE_mont[($i-64)/4];
+
+	&mov	("eax","edx");
+	&and	("eax",&DWP($res_x+$i,"esp"));
+	&mov	("ebx","ebp")			if ($one && $one!=-1);
+	&and	("ebx",$one)			if ($one && $one!=-1);
+	&mov	("ecx","esi");
+	&and	("ecx",&DWP($in1_x+$i,"esp"));
+	&or	("eax",$one==-1?"ebp":"ebx")	if ($one);
+	&or	("eax","ecx");
+	&mov	(&DWP($i,"edi"),"eax");
+    }
+    for($i=0;$i<64;$i+=4) {
+	&mov	("eax","edx");
+	&and	("eax",&DWP($res_x+$i,"esp"));
+	&mov	("ebx","ebp");
+	&and	("ebx",&DWP($in2_x+$i,"esp"));
+	&mov	("ecx","esi");
+	&and	("ecx",&DWP($in1_x+$i,"esp"));
+	&or	("eax","ebx");
+	&or	("eax","ecx");
+	&mov	(&DWP($i,"edi"),"eax");
+    }
+	&stack_pop(8*15+3);
+} &function_end("ecp_nistz256_point_add_affine");
+
+&asm_finish();
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/ecp_nistz256-x86_64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/ecp_nistz256-x86_64.pl
new file mode 100755
index 000000000..87149e7f6
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/ecp_nistz256-x86_64.pl
@@ -0,0 +1,4741 @@
+#! /usr/bin/env perl
+# Copyright 2014-2019 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright (c) 2014, Intel Corporation. All Rights Reserved.
+# Copyright (c) 2015 CloudFlare, Inc.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+#
+# Originally written by Shay Gueron (1, 2), and Vlad Krasnov (1, 3)
+# (1) Intel Corporation, Israel Development Center, Haifa, Israel
+# (2) University of Haifa, Israel
+# (3) CloudFlare, Inc.
+#
+# Reference:
+# S.Gueron and V.Krasnov, "Fast Prime Field Elliptic Curve Cryptography with
+#                          256 Bit Primes"
+
+# Further optimization by <appro@openssl.org>:
+#
+#		this/original	with/without -DECP_NISTZ256_ASM(*)
+# Opteron	+15-49%		+150-195%
+# Bulldozer	+18-45%		+175-240%
+# P4		+24-46%		+100-150%
+# Westmere	+18-34%		+87-160%
+# Sandy Bridge	+14-35%		+120-185%
+# Ivy Bridge	+11-35%		+125-180%
+# Haswell	+10-37%		+160-200%
+# Broadwell	+24-58%		+210-270%
+# Atom		+20-50%		+180-240%
+# VIA Nano	+50-160%	+480-480%
+#
+# (*)	"without -DECP_NISTZ256_ASM" refers to build with
+#	"enable-ec_nistp_64_gcc_128";
+#
+# Ranges denote minimum and maximum improvement coefficients depending
+# on benchmark. In "this/original" column lower coefficient is for
+# ECDSA sign, while in "with/without" - for ECDH key agreement, and
+# higher - for ECDSA sign, relatively fastest server-side operation.
+# Keep in mind that +100% means 2x improvement.
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+		=~ /GNU assembler version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.19) + ($1>=2.22);
+	$addx = ($1>=2.23);
+}
+
+if (!$addx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
+	    `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.09) + ($1>=2.10);
+	$addx = ($1>=2.10);
+}
+
+if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
+	    `ml64 2>&1` =~ /Version ([0-9]+)\./) {
+	$avx = ($1>=10) + ($1>=11);
+	$addx = ($1>=12);
+}
+
+if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) {
+	my $ver = $2 + $3/100.0;	# 3.1->3.01, 3.10->3.10
+	$avx = ($ver>=3.0) + ($ver>=3.01);
+	$addx = ($ver>=3.03);
+}
+
+$code.=<<___;
+.text
+.extern	OPENSSL_ia32cap_P
+
+# The polynomial
+.align 64
+.Lpoly:
+.quad 0xffffffffffffffff, 0x00000000ffffffff, 0x0000000000000000, 0xffffffff00000001
+
+# 2^512 mod P precomputed for NIST P256 polynomial
+.LRR:
+.quad 0x0000000000000003, 0xfffffffbffffffff, 0xfffffffffffffffe, 0x00000004fffffffd
+
+.LOne:
+.long 1,1,1,1,1,1,1,1
+.LTwo:
+.long 2,2,2,2,2,2,2,2
+.LThree:
+.long 3,3,3,3,3,3,3,3
+.LONE_mont:
+.quad 0x0000000000000001, 0xffffffff00000000, 0xffffffffffffffff, 0x00000000fffffffe
+
+# Constants for computations modulo ord(p256)
+.Lord:
+.quad 0xf3b9cac2fc632551, 0xbce6faada7179e84, 0xffffffffffffffff, 0xffffffff00000000
+.LordK:
+.quad 0xccd1c8aaee00bc4f
+___
+
+{
+################################################################################
+# void ecp_nistz256_mul_by_2(uint64_t res[4], uint64_t a[4]);
+
+my ($a0,$a1,$a2,$a3)=map("%r$_",(8..11));
+my ($t0,$t1,$t2,$t3,$t4)=("%rax","%rdx","%rcx","%r12","%r13");
+my ($r_ptr,$a_ptr,$b_ptr)=("%rdi","%rsi","%rdx");
+
+$code.=<<___;
+
+.globl	ecp_nistz256_mul_by_2
+.type	ecp_nistz256_mul_by_2,\@function,2
+.align	64
+ecp_nistz256_mul_by_2:
+.cfi_startproc
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+.Lmul_by_2_body:
+
+	mov	8*0($a_ptr), $a0
+	xor	$t4,$t4
+	mov	8*1($a_ptr), $a1
+	add	$a0, $a0		# a0:a3+a0:a3
+	mov	8*2($a_ptr), $a2
+	adc	$a1, $a1
+	mov	8*3($a_ptr), $a3
+	lea	.Lpoly(%rip), $a_ptr
+	 mov	$a0, $t0
+	adc	$a2, $a2
+	adc	$a3, $a3
+	 mov	$a1, $t1
+	adc	\$0, $t4
+
+	sub	8*0($a_ptr), $a0
+	 mov	$a2, $t2
+	sbb	8*1($a_ptr), $a1
+	sbb	8*2($a_ptr), $a2
+	 mov	$a3, $t3
+	sbb	8*3($a_ptr), $a3
+	sbb	\$0, $t4
+
+	cmovc	$t0, $a0
+	cmovc	$t1, $a1
+	mov	$a0, 8*0($r_ptr)
+	cmovc	$t2, $a2
+	mov	$a1, 8*1($r_ptr)
+	cmovc	$t3, $a3
+	mov	$a2, 8*2($r_ptr)
+	mov	$a3, 8*3($r_ptr)
+
+	mov	0(%rsp),%r13
+.cfi_restore	%r13
+	mov	8(%rsp),%r12
+.cfi_restore	%r12
+	lea	16(%rsp),%rsp
+.cfi_adjust_cfa_offset	-16
+.Lmul_by_2_epilogue:
+	ret
+.cfi_endproc
+.size	ecp_nistz256_mul_by_2,.-ecp_nistz256_mul_by_2
+
+################################################################################
+# void ecp_nistz256_div_by_2(uint64_t res[4], uint64_t a[4]);
+.globl	ecp_nistz256_div_by_2
+.type	ecp_nistz256_div_by_2,\@function,2
+.align	32
+ecp_nistz256_div_by_2:
+.cfi_startproc
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+.Ldiv_by_2_body:
+
+	mov	8*0($a_ptr), $a0
+	mov	8*1($a_ptr), $a1
+	mov	8*2($a_ptr), $a2
+	 mov	$a0, $t0
+	mov	8*3($a_ptr), $a3
+	lea	.Lpoly(%rip), $a_ptr
+
+	 mov	$a1, $t1
+	xor	$t4, $t4
+	add	8*0($a_ptr), $a0
+	 mov	$a2, $t2
+	adc	8*1($a_ptr), $a1
+	adc	8*2($a_ptr), $a2
+	 mov	$a3, $t3
+	adc	8*3($a_ptr), $a3
+	adc	\$0, $t4
+	xor	$a_ptr, $a_ptr		# borrow $a_ptr
+	test	\$1, $t0
+
+	cmovz	$t0, $a0
+	cmovz	$t1, $a1
+	cmovz	$t2, $a2
+	cmovz	$t3, $a3
+	cmovz	$a_ptr, $t4
+
+	mov	$a1, $t0		# a0:a3>>1
+	shr	\$1, $a0
+	shl	\$63, $t0
+	mov	$a2, $t1
+	shr	\$1, $a1
+	or	$t0, $a0
+	shl	\$63, $t1
+	mov	$a3, $t2
+	shr	\$1, $a2
+	or	$t1, $a1
+	shl	\$63, $t2
+	shr	\$1, $a3
+	shl	\$63, $t4
+	or	$t2, $a2
+	or	$t4, $a3
+
+	mov	$a0, 8*0($r_ptr)
+	mov	$a1, 8*1($r_ptr)
+	mov	$a2, 8*2($r_ptr)
+	mov	$a3, 8*3($r_ptr)
+
+	mov	0(%rsp),%r13
+.cfi_restore	%r13
+	mov	8(%rsp),%r12
+.cfi_restore	%r12
+	lea	16(%rsp),%rsp
+.cfi_adjust_cfa_offset	-16
+.Ldiv_by_2_epilogue:
+	ret
+.cfi_endproc
+.size	ecp_nistz256_div_by_2,.-ecp_nistz256_div_by_2
+
+################################################################################
+# void ecp_nistz256_mul_by_3(uint64_t res[4], uint64_t a[4]);
+.globl	ecp_nistz256_mul_by_3
+.type	ecp_nistz256_mul_by_3,\@function,2
+.align	32
+ecp_nistz256_mul_by_3:
+.cfi_startproc
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+.Lmul_by_3_body:
+
+	mov	8*0($a_ptr), $a0
+	xor	$t4, $t4
+	mov	8*1($a_ptr), $a1
+	add	$a0, $a0		# a0:a3+a0:a3
+	mov	8*2($a_ptr), $a2
+	adc	$a1, $a1
+	mov	8*3($a_ptr), $a3
+	 mov	$a0, $t0
+	adc	$a2, $a2
+	adc	$a3, $a3
+	 mov	$a1, $t1
+	adc	\$0, $t4
+
+	sub	\$-1, $a0
+	 mov	$a2, $t2
+	sbb	.Lpoly+8*1(%rip), $a1
+	sbb	\$0, $a2
+	 mov	$a3, $t3
+	sbb	.Lpoly+8*3(%rip), $a3
+	sbb	\$0, $t4
+
+	cmovc	$t0, $a0
+	cmovc	$t1, $a1
+	cmovc	$t2, $a2
+	cmovc	$t3, $a3
+
+	xor	$t4, $t4
+	add	8*0($a_ptr), $a0	# a0:a3+=a_ptr[0:3]
+	adc	8*1($a_ptr), $a1
+	 mov	$a0, $t0
+	adc	8*2($a_ptr), $a2
+	adc	8*3($a_ptr), $a3
+	 mov	$a1, $t1
+	adc	\$0, $t4
+
+	sub	\$-1, $a0
+	 mov	$a2, $t2
+	sbb	.Lpoly+8*1(%rip), $a1
+	sbb	\$0, $a2
+	 mov	$a3, $t3
+	sbb	.Lpoly+8*3(%rip), $a3
+	sbb	\$0, $t4
+
+	cmovc	$t0, $a0
+	cmovc	$t1, $a1
+	mov	$a0, 8*0($r_ptr)
+	cmovc	$t2, $a2
+	mov	$a1, 8*1($r_ptr)
+	cmovc	$t3, $a3
+	mov	$a2, 8*2($r_ptr)
+	mov	$a3, 8*3($r_ptr)
+
+	mov	0(%rsp),%r13
+.cfi_restore	%r13
+	mov	8(%rsp),%r12
+.cfi_restore	%r12
+	lea	16(%rsp),%rsp
+.cfi_adjust_cfa_offset	-16
+.Lmul_by_3_epilogue:
+	ret
+.cfi_endproc
+.size	ecp_nistz256_mul_by_3,.-ecp_nistz256_mul_by_3
+
+################################################################################
+# void ecp_nistz256_add(uint64_t res[4], uint64_t a[4], uint64_t b[4]);
+.globl	ecp_nistz256_add
+.type	ecp_nistz256_add,\@function,3
+.align	32
+ecp_nistz256_add:
+.cfi_startproc
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+.Ladd_body:
+
+	mov	8*0($a_ptr), $a0
+	xor	$t4, $t4
+	mov	8*1($a_ptr), $a1
+	mov	8*2($a_ptr), $a2
+	mov	8*3($a_ptr), $a3
+	lea	.Lpoly(%rip), $a_ptr
+
+	add	8*0($b_ptr), $a0
+	adc	8*1($b_ptr), $a1
+	 mov	$a0, $t0
+	adc	8*2($b_ptr), $a2
+	adc	8*3($b_ptr), $a3
+	 mov	$a1, $t1
+	adc	\$0, $t4
+
+	sub	8*0($a_ptr), $a0
+	 mov	$a2, $t2
+	sbb	8*1($a_ptr), $a1
+	sbb	8*2($a_ptr), $a2
+	 mov	$a3, $t3
+	sbb	8*3($a_ptr), $a3
+	sbb	\$0, $t4
+
+	cmovc	$t0, $a0
+	cmovc	$t1, $a1
+	mov	$a0, 8*0($r_ptr)
+	cmovc	$t2, $a2
+	mov	$a1, 8*1($r_ptr)
+	cmovc	$t3, $a3
+	mov	$a2, 8*2($r_ptr)
+	mov	$a3, 8*3($r_ptr)
+
+	mov	0(%rsp),%r13
+.cfi_restore	%r13
+	mov	8(%rsp),%r12
+.cfi_restore	%r12
+	lea	16(%rsp),%rsp
+.cfi_adjust_cfa_offset	-16
+.Ladd_epilogue:
+	ret
+.cfi_endproc
+.size	ecp_nistz256_add,.-ecp_nistz256_add
+
+################################################################################
+# void ecp_nistz256_sub(uint64_t res[4], uint64_t a[4], uint64_t b[4]);
+.globl	ecp_nistz256_sub
+.type	ecp_nistz256_sub,\@function,3
+.align	32
+ecp_nistz256_sub:
+.cfi_startproc
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+.Lsub_body:
+
+	mov	8*0($a_ptr), $a0
+	xor	$t4, $t4
+	mov	8*1($a_ptr), $a1
+	mov	8*2($a_ptr), $a2
+	mov	8*3($a_ptr), $a3
+	lea	.Lpoly(%rip), $a_ptr
+
+	sub	8*0($b_ptr), $a0
+	sbb	8*1($b_ptr), $a1
+	 mov	$a0, $t0
+	sbb	8*2($b_ptr), $a2
+	sbb	8*3($b_ptr), $a3
+	 mov	$a1, $t1
+	sbb	\$0, $t4
+
+	add	8*0($a_ptr), $a0
+	 mov	$a2, $t2
+	adc	8*1($a_ptr), $a1
+	adc	8*2($a_ptr), $a2
+	 mov	$a3, $t3
+	adc	8*3($a_ptr), $a3
+	test	$t4, $t4
+
+	cmovz	$t0, $a0
+	cmovz	$t1, $a1
+	mov	$a0, 8*0($r_ptr)
+	cmovz	$t2, $a2
+	mov	$a1, 8*1($r_ptr)
+	cmovz	$t3, $a3
+	mov	$a2, 8*2($r_ptr)
+	mov	$a3, 8*3($r_ptr)
+
+	mov	0(%rsp),%r13
+.cfi_restore	%r13
+	mov	8(%rsp),%r12
+.cfi_restore	%r12
+	lea	16(%rsp),%rsp
+.cfi_adjust_cfa_offset	-16
+.Lsub_epilogue:
+	ret
+.cfi_endproc
+.size	ecp_nistz256_sub,.-ecp_nistz256_sub
+
+################################################################################
+# void ecp_nistz256_neg(uint64_t res[4], uint64_t a[4]);
+.globl	ecp_nistz256_neg
+.type	ecp_nistz256_neg,\@function,2
+.align	32
+ecp_nistz256_neg:
+.cfi_startproc
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+.Lneg_body:
+
+	xor	$a0, $a0
+	xor	$a1, $a1
+	xor	$a2, $a2
+	xor	$a3, $a3
+	xor	$t4, $t4
+
+	sub	8*0($a_ptr), $a0
+	sbb	8*1($a_ptr), $a1
+	sbb	8*2($a_ptr), $a2
+	 mov	$a0, $t0
+	sbb	8*3($a_ptr), $a3
+	lea	.Lpoly(%rip), $a_ptr
+	 mov	$a1, $t1
+	sbb	\$0, $t4
+
+	add	8*0($a_ptr), $a0
+	 mov	$a2, $t2
+	adc	8*1($a_ptr), $a1
+	adc	8*2($a_ptr), $a2
+	 mov	$a3, $t3
+	adc	8*3($a_ptr), $a3
+	test	$t4, $t4
+
+	cmovz	$t0, $a0
+	cmovz	$t1, $a1
+	mov	$a0, 8*0($r_ptr)
+	cmovz	$t2, $a2
+	mov	$a1, 8*1($r_ptr)
+	cmovz	$t3, $a3
+	mov	$a2, 8*2($r_ptr)
+	mov	$a3, 8*3($r_ptr)
+
+	mov	0(%rsp),%r13
+.cfi_restore	%r13
+	mov	8(%rsp),%r12
+.cfi_restore	%r12
+	lea	16(%rsp),%rsp
+.cfi_adjust_cfa_offset	-16
+.Lneg_epilogue:
+	ret
+.cfi_endproc
+.size	ecp_nistz256_neg,.-ecp_nistz256_neg
+___
+}
+{
+my ($r_ptr,$a_ptr,$b_org,$b_ptr)=("%rdi","%rsi","%rdx","%rbx");
+my ($acc0,$acc1,$acc2,$acc3,$acc4,$acc5,$acc6,$acc7)=map("%r$_",(8..15));
+my ($t0,$t1,$t2,$t3,$t4)=("%rcx","%rbp","%rbx","%rdx","%rax");
+my ($poly1,$poly3)=($acc6,$acc7);
+
+$code.=<<___;
+################################################################################
+# void ecp_nistz256_ord_mul_mont(
+#   uint64_t res[4],
+#   uint64_t a[4],
+#   uint64_t b[4]);
+
+.globl	ecp_nistz256_ord_mul_mont
+.type	ecp_nistz256_ord_mul_mont,\@function,3
+.align	32
+ecp_nistz256_ord_mul_mont:
+.cfi_startproc
+___
+$code.=<<___	if ($addx);
+	mov	\$0x80100, %ecx
+	and	OPENSSL_ia32cap_P+8(%rip), %ecx
+	cmp	\$0x80100, %ecx
+	je	.Lecp_nistz256_ord_mul_montx
+___
+$code.=<<___;
+	push	%rbp
+.cfi_push	%rbp
+	push	%rbx
+.cfi_push	%rbx
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+.Lord_mul_body:
+
+	mov	8*0($b_org), %rax
+	mov	$b_org, $b_ptr
+	lea	.Lord(%rip), %r14
+	mov	.LordK(%rip), %r15
+
+	################################# * b[0]
+	mov	%rax, $t0
+	mulq	8*0($a_ptr)
+	mov	%rax, $acc0
+	mov	$t0, %rax
+	mov	%rdx, $acc1
+
+	mulq	8*1($a_ptr)
+	add	%rax, $acc1
+	mov	$t0, %rax
+	adc	\$0, %rdx
+	mov	%rdx, $acc2
+
+	mulq	8*2($a_ptr)
+	add	%rax, $acc2
+	mov	$t0, %rax
+	adc	\$0, %rdx
+
+	 mov	$acc0, $acc5
+	 imulq	%r15,$acc0
+
+	mov	%rdx, $acc3
+	mulq	8*3($a_ptr)
+	add	%rax, $acc3
+	 mov	$acc0, %rax
+	adc	\$0, %rdx
+	mov	%rdx, $acc4
+
+	################################# First reduction step
+	mulq	8*0(%r14)
+	mov	$acc0, $t1
+	add	%rax, $acc5		# guaranteed to be zero
+	mov	$acc0, %rax
+	adc	\$0, %rdx
+	mov	%rdx, $t0
+
+	sub	$acc0, $acc2
+	sbb	\$0, $acc0		# can't borrow
+
+	mulq	8*1(%r14)
+	add	$t0, $acc1
+	adc	\$0, %rdx
+	add	%rax, $acc1
+	mov	$t1, %rax
+	adc	%rdx, $acc2
+	mov	$t1, %rdx
+	adc	\$0, $acc0		# can't overflow
+
+	shl	\$32, %rax
+	shr	\$32, %rdx
+	sub	%rax, $acc3
+	 mov	8*1($b_ptr), %rax
+	sbb	%rdx, $t1		# can't borrow
+
+	add	$acc0, $acc3
+	adc	$t1, $acc4
+	adc	\$0, $acc5
+
+	################################# * b[1]
+	mov	%rax, $t0
+	mulq	8*0($a_ptr)
+	add	%rax, $acc1
+	mov	$t0, %rax
+	adc	\$0, %rdx
+	mov	%rdx, $t1
+
+	mulq	8*1($a_ptr)
+	add	$t1, $acc2
+	adc	\$0, %rdx
+	add	%rax, $acc2
+	mov	$t0, %rax
+	adc	\$0, %rdx
+	mov	%rdx, $t1
+
+	mulq	8*2($a_ptr)
+	add	$t1, $acc3
+	adc	\$0, %rdx
+	add	%rax, $acc3
+	mov	$t0, %rax
+	adc	\$0, %rdx
+
+	 mov	$acc1, $t0
+	 imulq	%r15, $acc1
+
+	mov	%rdx, $t1
+	mulq	8*3($a_ptr)
+	add	$t1, $acc4
+	adc	\$0, %rdx
+	xor	$acc0, $acc0
+	add	%rax, $acc4
+	 mov	$acc1, %rax
+	adc	%rdx, $acc5
+	adc	\$0, $acc0
+
+	################################# Second reduction step
+	mulq	8*0(%r14)
+	mov	$acc1, $t1
+	add	%rax, $t0		# guaranteed to be zero
+	mov	$acc1, %rax
+	adc	%rdx, $t0
+
+	sub	$acc1, $acc3
+	sbb	\$0, $acc1		# can't borrow
+
+	mulq	8*1(%r14)
+	add	$t0, $acc2
+	adc	\$0, %rdx
+	add	%rax, $acc2
+	mov	$t1, %rax
+	adc	%rdx, $acc3
+	mov	$t1, %rdx
+	adc	\$0, $acc1		# can't overflow
+
+	shl	\$32, %rax
+	shr	\$32, %rdx
+	sub	%rax, $acc4
+	 mov	8*2($b_ptr), %rax
+	sbb	%rdx, $t1		# can't borrow
+
+	add	$acc1, $acc4
+	adc	$t1, $acc5
+	adc	\$0, $acc0
+
+	################################## * b[2]
+	mov	%rax, $t0
+	mulq	8*0($a_ptr)
+	add	%rax, $acc2
+	mov	$t0, %rax
+	adc	\$0, %rdx
+	mov	%rdx, $t1
+
+	mulq	8*1($a_ptr)
+	add	$t1, $acc3
+	adc	\$0, %rdx
+	add	%rax, $acc3
+	mov	$t0, %rax
+	adc	\$0, %rdx
+	mov	%rdx, $t1
+
+	mulq	8*2($a_ptr)
+	add	$t1, $acc4
+	adc	\$0, %rdx
+	add	%rax, $acc4
+	mov	$t0, %rax
+	adc	\$0, %rdx
+
+	 mov	$acc2, $t0
+	 imulq	%r15, $acc2
+
+	mov	%rdx, $t1
+	mulq	8*3($a_ptr)
+	add	$t1, $acc5
+	adc	\$0, %rdx
+	xor	$acc1, $acc1
+	add	%rax, $acc5
+	 mov	$acc2, %rax
+	adc	%rdx, $acc0
+	adc	\$0, $acc1
+
+	################################# Third reduction step
+	mulq	8*0(%r14)
+	mov	$acc2, $t1
+	add	%rax, $t0		# guaranteed to be zero
+	mov	$acc2, %rax
+	adc	%rdx, $t0
+
+	sub	$acc2, $acc4
+	sbb	\$0, $acc2		# can't borrow
+
+	mulq	8*1(%r14)
+	add	$t0, $acc3
+	adc	\$0, %rdx
+	add	%rax, $acc3
+	mov	$t1, %rax
+	adc	%rdx, $acc4
+	mov	$t1, %rdx
+	adc	\$0, $acc2		# can't overflow
+
+	shl	\$32, %rax
+	shr	\$32, %rdx
+	sub	%rax, $acc5
+	 mov	8*3($b_ptr), %rax
+	sbb	%rdx, $t1		# can't borrow
+
+	add	$acc2, $acc5
+	adc	$t1, $acc0
+	adc	\$0, $acc1
+
+	################################# * b[3]
+	mov	%rax, $t0
+	mulq	8*0($a_ptr)
+	add	%rax, $acc3
+	mov	$t0, %rax
+	adc	\$0, %rdx
+	mov	%rdx, $t1
+
+	mulq	8*1($a_ptr)
+	add	$t1, $acc4
+	adc	\$0, %rdx
+	add	%rax, $acc4
+	mov	$t0, %rax
+	adc	\$0, %rdx
+	mov	%rdx, $t1
+
+	mulq	8*2($a_ptr)
+	add	$t1, $acc5
+	adc	\$0, %rdx
+	add	%rax, $acc5
+	mov	$t0, %rax
+	adc	\$0, %rdx
+
+	 mov	$acc3, $t0
+	 imulq	%r15, $acc3
+
+	mov	%rdx, $t1
+	mulq	8*3($a_ptr)
+	add	$t1, $acc0
+	adc	\$0, %rdx
+	xor	$acc2, $acc2
+	add	%rax, $acc0
+	 mov	$acc3, %rax
+	adc	%rdx, $acc1
+	adc	\$0, $acc2
+
+	################################# Last reduction step
+	mulq	8*0(%r14)
+	mov	$acc3, $t1
+	add	%rax, $t0		# guaranteed to be zero
+	mov	$acc3, %rax
+	adc	%rdx, $t0
+
+	sub	$acc3, $acc5
+	sbb	\$0, $acc3		# can't borrow
+
+	mulq	8*1(%r14)
+	add	$t0, $acc4
+	adc	\$0, %rdx
+	add	%rax, $acc4
+	mov	$t1, %rax
+	adc	%rdx, $acc5
+	mov	$t1, %rdx
+	adc	\$0, $acc3		# can't overflow
+
+	shl	\$32, %rax
+	shr	\$32, %rdx
+	sub	%rax, $acc0
+	sbb	%rdx, $t1		# can't borrow
+
+	add	$acc3, $acc0
+	adc	$t1, $acc1
+	adc	\$0, $acc2
+
+	################################# Subtract ord
+	 mov	$acc4, $a_ptr
+	sub	8*0(%r14), $acc4
+	 mov	$acc5, $acc3
+	sbb	8*1(%r14), $acc5
+	 mov	$acc0, $t0
+	sbb	8*2(%r14), $acc0
+	 mov	$acc1, $t1
+	sbb	8*3(%r14), $acc1
+	sbb	\$0, $acc2
+
+	cmovc	$a_ptr, $acc4
+	cmovc	$acc3, $acc5
+	cmovc	$t0, $acc0
+	cmovc	$t1, $acc1
+
+	mov	$acc4, 8*0($r_ptr)
+	mov	$acc5, 8*1($r_ptr)
+	mov	$acc0, 8*2($r_ptr)
+	mov	$acc1, 8*3($r_ptr)
+
+	mov	0(%rsp),%r15
+.cfi_restore	%r15
+	mov	8(%rsp),%r14
+.cfi_restore	%r14
+	mov	16(%rsp),%r13
+.cfi_restore	%r13
+	mov	24(%rsp),%r12
+.cfi_restore	%r12
+	mov	32(%rsp),%rbx
+.cfi_restore	%rbx
+	mov	40(%rsp),%rbp
+.cfi_restore	%rbp
+	lea	48(%rsp),%rsp
+.cfi_adjust_cfa_offset	-48
+.Lord_mul_epilogue:
+	ret
+.cfi_endproc
+.size	ecp_nistz256_ord_mul_mont,.-ecp_nistz256_ord_mul_mont
+
+################################################################################
+# void ecp_nistz256_ord_sqr_mont(
+#   uint64_t res[4],
+#   uint64_t a[4],
+#   int rep);
+
+.globl	ecp_nistz256_ord_sqr_mont
+.type	ecp_nistz256_ord_sqr_mont,\@function,3
+.align	32
+ecp_nistz256_ord_sqr_mont:
+.cfi_startproc
+___
+$code.=<<___	if ($addx);
+	mov	\$0x80100, %ecx
+	and	OPENSSL_ia32cap_P+8(%rip), %ecx
+	cmp	\$0x80100, %ecx
+	je	.Lecp_nistz256_ord_sqr_montx
+___
+$code.=<<___;
+	push	%rbp
+.cfi_push	%rbp
+	push	%rbx
+.cfi_push	%rbx
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+.Lord_sqr_body:
+
+	mov	8*0($a_ptr), $acc0
+	mov	8*1($a_ptr), %rax
+	mov	8*2($a_ptr), $acc6
+	mov	8*3($a_ptr), $acc7
+	lea	.Lord(%rip), $a_ptr	# pointer to modulus
+	mov	$b_org, $b_ptr
+	jmp	.Loop_ord_sqr
+
+.align	32
+.Loop_ord_sqr:
+	################################# a[1:] * a[0]
+	mov	%rax, $t1		# put aside a[1]
+	mul	$acc0			# a[1] * a[0]
+	mov	%rax, $acc1
+	movq	$t1, %xmm1		# offload a[1]
+	mov	$acc6, %rax
+	mov	%rdx, $acc2
+
+	mul	$acc0			# a[2] * a[0]
+	add	%rax, $acc2
+	mov	$acc7, %rax
+	movq	$acc6, %xmm2		# offload a[2]
+	adc	\$0, %rdx
+	mov	%rdx, $acc3
+
+	mul	$acc0			# a[3] * a[0]
+	add	%rax, $acc3
+	mov	$acc7, %rax
+	movq	$acc7, %xmm3		# offload a[3]
+	adc	\$0, %rdx
+	mov	%rdx, $acc4
+
+	################################# a[3] * a[2]
+	mul	$acc6			# a[3] * a[2]
+	mov	%rax, $acc5
+	mov	$acc6, %rax
+	mov	%rdx, $acc6
+
+	################################# a[2:] * a[1]
+	mul	$t1			# a[2] * a[1]
+	add	%rax, $acc3
+	mov	$acc7, %rax
+	adc	\$0, %rdx
+	mov	%rdx, $acc7
+
+	mul	$t1			# a[3] * a[1]
+	add	%rax, $acc4
+	adc	\$0, %rdx
+
+	add	$acc7, $acc4
+	adc	%rdx, $acc5
+	adc	\$0, $acc6		# can't overflow
+
+	################################# *2
+	xor	$acc7, $acc7
+	mov	$acc0, %rax
+	add	$acc1, $acc1
+	adc	$acc2, $acc2
+	adc	$acc3, $acc3
+	adc	$acc4, $acc4
+	adc	$acc5, $acc5
+	adc	$acc6, $acc6
+	adc	\$0, $acc7
+
+	################################# Missing products
+	mul	%rax			# a[0] * a[0]
+	mov	%rax, $acc0
+	movq	%xmm1, %rax
+	mov	%rdx, $t1
+
+	mul	%rax			# a[1] * a[1]
+	add	$t1, $acc1
+	adc	%rax, $acc2
+	movq	%xmm2, %rax
+	adc	\$0, %rdx
+	mov	%rdx, $t1
+
+	mul	%rax			# a[2] * a[2]
+	add	$t1, $acc3
+	adc	%rax, $acc4
+	movq	%xmm3, %rax
+	adc	\$0, %rdx
+	mov	%rdx, $t1
+
+	 mov	$acc0, $t0
+	 imulq	8*4($a_ptr), $acc0	# *= .LordK
+
+	mul	%rax			# a[3] * a[3]
+	add	$t1, $acc5
+	adc	%rax, $acc6
+	 mov	8*0($a_ptr), %rax	# modulus[0]
+	adc	%rdx, $acc7		# can't overflow
+
+	################################# First reduction step
+	mul	$acc0
+	mov	$acc0, $t1
+	add	%rax, $t0		# guaranteed to be zero
+	mov	8*1($a_ptr), %rax	# modulus[1]
+	adc	%rdx, $t0
+
+	sub	$acc0, $acc2
+	sbb	\$0, $t1		# can't borrow
+
+	mul	$acc0
+	add	$t0, $acc1
+	adc	\$0, %rdx
+	add	%rax, $acc1
+	mov	$acc0, %rax
+	adc	%rdx, $acc2
+	mov	$acc0, %rdx
+	adc	\$0, $t1		# can't overflow
+
+	 mov	$acc1, $t0
+	 imulq	8*4($a_ptr), $acc1	# *= .LordK
+
+	shl	\$32, %rax
+	shr	\$32, %rdx
+	sub	%rax, $acc3
+	 mov	8*0($a_ptr), %rax
+	sbb	%rdx, $acc0		# can't borrow
+
+	add	$t1, $acc3
+	adc	\$0, $acc0		# can't overflow
+
+	################################# Second reduction step
+	mul	$acc1
+	mov	$acc1, $t1
+	add	%rax, $t0		# guaranteed to be zero
+	mov	8*1($a_ptr), %rax
+	adc	%rdx, $t0
+
+	sub	$acc1, $acc3
+	sbb	\$0, $t1		# can't borrow
+
+	mul	$acc1
+	add	$t0, $acc2
+	adc	\$0, %rdx
+	add	%rax, $acc2
+	mov	$acc1, %rax
+	adc	%rdx, $acc3
+	mov	$acc1, %rdx
+	adc	\$0, $t1		# can't overflow
+
+	 mov	$acc2, $t0
+	 imulq	8*4($a_ptr), $acc2	# *= .LordK
+
+	shl	\$32, %rax
+	shr	\$32, %rdx
+	sub	%rax, $acc0
+	 mov	8*0($a_ptr), %rax
+	sbb	%rdx, $acc1		# can't borrow
+
+	add	$t1, $acc0
+	adc	\$0, $acc1		# can't overflow
+
+	################################# Third reduction step
+	mul	$acc2
+	mov	$acc2, $t1
+	add	%rax, $t0		# guaranteed to be zero
+	mov	8*1($a_ptr), %rax
+	adc	%rdx, $t0
+
+	sub	$acc2, $acc0
+	sbb	\$0, $t1		# can't borrow
+
+	mul	$acc2
+	add	$t0, $acc3
+	adc	\$0, %rdx
+	add	%rax, $acc3
+	mov	$acc2, %rax
+	adc	%rdx, $acc0
+	mov	$acc2, %rdx
+	adc	\$0, $t1		# can't overflow
+
+	 mov	$acc3, $t0
+	 imulq	8*4($a_ptr), $acc3	# *= .LordK
+
+	shl	\$32, %rax
+	shr	\$32, %rdx
+	sub	%rax, $acc1
+	 mov	8*0($a_ptr), %rax
+	sbb	%rdx, $acc2		# can't borrow
+
+	add	$t1, $acc1
+	adc	\$0, $acc2		# can't overflow
+
+	################################# Last reduction step
+	mul	$acc3
+	mov	$acc3, $t1
+	add	%rax, $t0		# guaranteed to be zero
+	mov	8*1($a_ptr), %rax
+	adc	%rdx, $t0
+
+	sub	$acc3, $acc1
+	sbb	\$0, $t1		# can't borrow
+
+	mul	$acc3
+	add	$t0, $acc0
+	adc	\$0, %rdx
+	add	%rax, $acc0
+	mov	$acc3, %rax
+	adc	%rdx, $acc1
+	mov	$acc3, %rdx
+	adc	\$0, $t1		# can't overflow
+
+	shl	\$32, %rax
+	shr	\$32, %rdx
+	sub	%rax, $acc2
+	sbb	%rdx, $acc3		# can't borrow
+
+	add	$t1, $acc2
+	adc	\$0, $acc3		# can't overflow
+
+	################################# Add bits [511:256] of the sqr result
+	xor	%rdx, %rdx
+	add	$acc4, $acc0
+	adc	$acc5, $acc1
+	 mov	$acc0, $acc4
+	adc	$acc6, $acc2
+	adc	$acc7, $acc3
+	 mov	$acc1, %rax
+	adc	\$0, %rdx
+
+	################################# Compare to modulus
+	sub	8*0($a_ptr), $acc0
+	 mov	$acc2, $acc6
+	sbb	8*1($a_ptr), $acc1
+	sbb	8*2($a_ptr), $acc2
+	 mov	$acc3, $acc7
+	sbb	8*3($a_ptr), $acc3
+	sbb	\$0, %rdx
+
+	cmovc	$acc4, $acc0
+	cmovnc	$acc1, %rax
+	cmovnc	$acc2, $acc6
+	cmovnc	$acc3, $acc7
+
+	dec	$b_ptr
+	jnz	.Loop_ord_sqr
+
+	mov	$acc0, 8*0($r_ptr)
+	mov	%rax,  8*1($r_ptr)
+	pxor	%xmm1, %xmm1
+	mov	$acc6, 8*2($r_ptr)
+	pxor	%xmm2, %xmm2
+	mov	$acc7, 8*3($r_ptr)
+	pxor	%xmm3, %xmm3
+
+	mov	0(%rsp),%r15
+.cfi_restore	%r15
+	mov	8(%rsp),%r14
+.cfi_restore	%r14
+	mov	16(%rsp),%r13
+.cfi_restore	%r13
+	mov	24(%rsp),%r12
+.cfi_restore	%r12
+	mov	32(%rsp),%rbx
+.cfi_restore	%rbx
+	mov	40(%rsp),%rbp
+.cfi_restore	%rbp
+	lea	48(%rsp),%rsp
+.cfi_adjust_cfa_offset	-48
+.Lord_sqr_epilogue:
+	ret
+.cfi_endproc
+.size	ecp_nistz256_ord_sqr_mont,.-ecp_nistz256_ord_sqr_mont
+___
+
+$code.=<<___	if ($addx);
+################################################################################
+.type	ecp_nistz256_ord_mul_montx,\@function,3
+.align	32
+ecp_nistz256_ord_mul_montx:
+.cfi_startproc
+.Lecp_nistz256_ord_mul_montx:
+	push	%rbp
+.cfi_push	%rbp
+	push	%rbx
+.cfi_push	%rbx
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+.Lord_mulx_body:
+
+	mov	$b_org, $b_ptr
+	mov	8*0($b_org), %rdx
+	mov	8*0($a_ptr), $acc1
+	mov	8*1($a_ptr), $acc2
+	mov	8*2($a_ptr), $acc3
+	mov	8*3($a_ptr), $acc4
+	lea	-128($a_ptr), $a_ptr	# control u-op density
+	lea	.Lord-128(%rip), %r14
+	mov	.LordK(%rip), %r15
+
+	################################# Multiply by b[0]
+	mulx	$acc1, $acc0, $acc1
+	mulx	$acc2, $t0, $acc2
+	mulx	$acc3, $t1, $acc3
+	add	$t0, $acc1
+	mulx	$acc4, $t0, $acc4
+	 mov	$acc0, %rdx
+	 mulx	%r15, %rdx, %rax
+	adc	$t1, $acc2
+	adc	$t0, $acc3
+	adc	\$0, $acc4
+
+	################################# reduction
+	xor	$acc5, $acc5		# $acc5=0, cf=0, of=0
+	mulx	8*0+128(%r14), $t0, $t1
+	adcx	$t0, $acc0		# guaranteed to be zero
+	adox	$t1, $acc1
+
+	mulx	8*1+128(%r14), $t0, $t1
+	adcx	$t0, $acc1
+	adox	$t1, $acc2
+
+	mulx	8*2+128(%r14), $t0, $t1
+	adcx	$t0, $acc2
+	adox	$t1, $acc3
+
+	mulx	8*3+128(%r14), $t0, $t1
+	 mov	8*1($b_ptr), %rdx
+	adcx	$t0, $acc3
+	adox	$t1, $acc4
+	adcx	$acc0, $acc4
+	adox	$acc0, $acc5
+	adc	\$0, $acc5		# cf=0, of=0
+
+	################################# Multiply by b[1]
+	mulx	8*0+128($a_ptr), $t0, $t1
+	adcx	$t0, $acc1
+	adox	$t1, $acc2
+
+	mulx	8*1+128($a_ptr), $t0, $t1
+	adcx	$t0, $acc2
+	adox	$t1, $acc3
+
+	mulx	8*2+128($a_ptr), $t0, $t1
+	adcx	$t0, $acc3
+	adox	$t1, $acc4
+
+	mulx	8*3+128($a_ptr), $t0, $t1
+	 mov	$acc1, %rdx
+	 mulx	%r15, %rdx, %rax
+	adcx	$t0, $acc4
+	adox	$t1, $acc5
+
+	adcx	$acc0, $acc5
+	adox	$acc0, $acc0
+	adc	\$0, $acc0		# cf=0, of=0
+
+	################################# reduction
+	mulx	8*0+128(%r14), $t0, $t1
+	adcx	$t0, $acc1		# guaranteed to be zero
+	adox	$t1, $acc2
+
+	mulx	8*1+128(%r14), $t0, $t1
+	adcx	$t0, $acc2
+	adox	$t1, $acc3
+
+	mulx	8*2+128(%r14), $t0, $t1
+	adcx	$t0, $acc3
+	adox	$t1, $acc4
+
+	mulx	8*3+128(%r14), $t0, $t1
+	 mov	8*2($b_ptr), %rdx
+	adcx	$t0, $acc4
+	adox	$t1, $acc5
+	adcx	$acc1, $acc5
+	adox	$acc1, $acc0
+	adc	\$0, $acc0		# cf=0, of=0
+
+	################################# Multiply by b[2]
+	mulx	8*0+128($a_ptr), $t0, $t1
+	adcx	$t0, $acc2
+	adox	$t1, $acc3
+
+	mulx	8*1+128($a_ptr), $t0, $t1
+	adcx	$t0, $acc3
+	adox	$t1, $acc4
+
+	mulx	8*2+128($a_ptr), $t0, $t1
+	adcx	$t0, $acc4
+	adox	$t1, $acc5
+
+	mulx	8*3+128($a_ptr), $t0, $t1
+	 mov	$acc2, %rdx
+	 mulx	%r15, %rdx, %rax
+	adcx	$t0, $acc5
+	adox	$t1, $acc0
+
+	adcx	$acc1, $acc0
+	adox	$acc1, $acc1
+	adc	\$0, $acc1		# cf=0, of=0
+
+	################################# reduction
+	mulx	8*0+128(%r14), $t0, $t1
+	adcx	$t0, $acc2		# guaranteed to be zero
+	adox	$t1, $acc3
+
+	mulx	8*1+128(%r14), $t0, $t1
+	adcx	$t0, $acc3
+	adox	$t1, $acc4
+
+	mulx	8*2+128(%r14), $t0, $t1
+	adcx	$t0, $acc4
+	adox	$t1, $acc5
+
+	mulx	8*3+128(%r14), $t0, $t1
+	 mov	8*3($b_ptr), %rdx
+	adcx	$t0, $acc5
+	adox	$t1, $acc0
+	adcx	$acc2, $acc0
+	adox	$acc2, $acc1
+	adc	\$0, $acc1		# cf=0, of=0
+
+	################################# Multiply by b[3]
+	mulx	8*0+128($a_ptr), $t0, $t1
+	adcx	$t0, $acc3
+	adox	$t1, $acc4
+
+	mulx	8*1+128($a_ptr), $t0, $t1
+	adcx	$t0, $acc4
+	adox	$t1, $acc5
+
+	mulx	8*2+128($a_ptr), $t0, $t1
+	adcx	$t0, $acc5
+	adox	$t1, $acc0
+
+	mulx	8*3+128($a_ptr), $t0, $t1
+	 mov	$acc3, %rdx
+	 mulx	%r15, %rdx, %rax
+	adcx	$t0, $acc0
+	adox	$t1, $acc1
+
+	adcx	$acc2, $acc1
+	adox	$acc2, $acc2
+	adc	\$0, $acc2		# cf=0, of=0
+
+	################################# reduction
+	mulx	8*0+128(%r14), $t0, $t1
+	adcx	$t0, $acc3		# guranteed to be zero
+	adox	$t1, $acc4
+
+	mulx	8*1+128(%r14), $t0, $t1
+	adcx	$t0, $acc4
+	adox	$t1, $acc5
+
+	mulx	8*2+128(%r14), $t0, $t1
+	adcx	$t0, $acc5
+	adox	$t1, $acc0
+
+	mulx	8*3+128(%r14), $t0, $t1
+	lea	128(%r14),%r14
+	 mov	$acc4, $t2
+	adcx	$t0, $acc0
+	adox	$t1, $acc1
+	 mov	$acc5, $t3
+	adcx	$acc3, $acc1
+	adox	$acc3, $acc2
+	adc	\$0, $acc2
+
+	#################################
+	# Branch-less conditional subtraction of P
+	 mov	$acc0, $t0
+	sub	8*0(%r14), $acc4
+	sbb	8*1(%r14), $acc5
+	sbb	8*2(%r14), $acc0
+	 mov	$acc1, $t1
+	sbb	8*3(%r14), $acc1
+	sbb	\$0, $acc2
+
+	cmovc	$t2, $acc4
+	cmovc	$t3, $acc5
+	cmovc	$t0, $acc0
+	cmovc	$t1, $acc1
+
+	mov	$acc4, 8*0($r_ptr)
+	mov	$acc5, 8*1($r_ptr)
+	mov	$acc0, 8*2($r_ptr)
+	mov	$acc1, 8*3($r_ptr)
+
+	mov	0(%rsp),%r15
+.cfi_restore	%r15
+	mov	8(%rsp),%r14
+.cfi_restore	%r14
+	mov	16(%rsp),%r13
+.cfi_restore	%r13
+	mov	24(%rsp),%r12
+.cfi_restore	%r12
+	mov	32(%rsp),%rbx
+.cfi_restore	%rbx
+	mov	40(%rsp),%rbp
+.cfi_restore	%rbp
+	lea	48(%rsp),%rsp
+.cfi_adjust_cfa_offset	-48
+.Lord_mulx_epilogue:
+	ret
+.cfi_endproc
+.size	ecp_nistz256_ord_mul_montx,.-ecp_nistz256_ord_mul_montx
+
+.type	ecp_nistz256_ord_sqr_montx,\@function,3
+.align	32
+ecp_nistz256_ord_sqr_montx:
+.cfi_startproc
+.Lecp_nistz256_ord_sqr_montx:
+	push	%rbp
+.cfi_push	%rbp
+	push	%rbx
+.cfi_push	%rbx
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+.Lord_sqrx_body:
+
+	mov	$b_org, $b_ptr
+	mov	8*0($a_ptr), %rdx
+	mov	8*1($a_ptr), $acc6
+	mov	8*2($a_ptr), $acc7
+	mov	8*3($a_ptr), $acc0
+	lea	.Lord(%rip), $a_ptr
+	jmp	.Loop_ord_sqrx
+
+.align	32
+.Loop_ord_sqrx:
+	mulx	$acc6, $acc1, $acc2	# a[0]*a[1]
+	mulx	$acc7, $t0, $acc3	# a[0]*a[2]
+	 mov	%rdx, %rax		# offload a[0]
+	 movq	$acc6, %xmm1		# offload a[1]
+	mulx	$acc0, $t1, $acc4	# a[0]*a[3]
+	 mov	$acc6, %rdx
+	add	$t0, $acc2
+	 movq	$acc7, %xmm2		# offload a[2]
+	adc	$t1, $acc3
+	adc	\$0, $acc4
+	xor	$acc5, $acc5		# $acc5=0,cf=0,of=0
+	#################################
+	mulx	$acc7, $t0, $t1		# a[1]*a[2]
+	adcx	$t0, $acc3
+	adox	$t1, $acc4
+
+	mulx	$acc0, $t0, $t1		# a[1]*a[3]
+	 mov	$acc7, %rdx
+	adcx	$t0, $acc4
+	adox	$t1, $acc5
+	adc	\$0, $acc5
+	#################################
+	mulx	$acc0, $t0, $acc6	# a[2]*a[3]
+	mov	%rax, %rdx
+	 movq	$acc0, %xmm3		# offload a[3]
+	xor	$acc7, $acc7		# $acc7=0,cf=0,of=0
+	 adcx	$acc1, $acc1		# acc1:6<<1
+	adox	$t0, $acc5
+	 adcx	$acc2, $acc2
+	adox	$acc7, $acc6		# of=0
+
+	################################# a[i]*a[i]
+	mulx	%rdx, $acc0, $t1
+	movq	%xmm1, %rdx
+	 adcx	$acc3, $acc3
+	adox	$t1, $acc1
+	 adcx	$acc4, $acc4
+	mulx	%rdx, $t0, $t4
+	movq	%xmm2, %rdx
+	 adcx	$acc5, $acc5
+	adox	$t0, $acc2
+	 adcx	$acc6, $acc6
+	mulx	%rdx, $t0, $t1
+	.byte	0x67
+	movq	%xmm3, %rdx
+	adox	$t4, $acc3
+	 adcx	$acc7, $acc7
+	adox	$t0, $acc4
+	adox	$t1, $acc5
+	mulx	%rdx, $t0, $t4
+	adox	$t0, $acc6
+	adox	$t4, $acc7
+
+	################################# reduction
+	mov	$acc0, %rdx
+	mulx	8*4($a_ptr), %rdx, $t0
+
+	xor	%rax, %rax		# cf=0, of=0
+	mulx	8*0($a_ptr), $t0, $t1
+	adcx	$t0, $acc0		# guaranteed to be zero
+	adox	$t1, $acc1
+	mulx	8*1($a_ptr), $t0, $t1
+	adcx	$t0, $acc1
+	adox	$t1, $acc2
+	mulx	8*2($a_ptr), $t0, $t1
+	adcx	$t0, $acc2
+	adox	$t1, $acc3
+	mulx	8*3($a_ptr), $t0, $t1
+	adcx	$t0, $acc3
+	adox	$t1, $acc0		# of=0
+	adcx	%rax, $acc0		# cf=0
+
+	#################################
+	mov	$acc1, %rdx
+	mulx	8*4($a_ptr), %rdx, $t0
+
+	mulx	8*0($a_ptr), $t0, $t1
+	adox	$t0, $acc1		# guaranteed to be zero
+	adcx	$t1, $acc2
+	mulx	8*1($a_ptr), $t0, $t1
+	adox	$t0, $acc2
+	adcx	$t1, $acc3
+	mulx	8*2($a_ptr), $t0, $t1
+	adox	$t0, $acc3
+	adcx	$t1, $acc0
+	mulx	8*3($a_ptr), $t0, $t1
+	adox	$t0, $acc0
+	adcx	$t1, $acc1		# cf=0
+	adox	%rax, $acc1		# of=0
+
+	#################################
+	mov	$acc2, %rdx
+	mulx	8*4($a_ptr), %rdx, $t0
+
+	mulx	8*0($a_ptr), $t0, $t1
+	adcx	$t0, $acc2		# guaranteed to be zero
+	adox	$t1, $acc3
+	mulx	8*1($a_ptr), $t0, $t1
+	adcx	$t0, $acc3
+	adox	$t1, $acc0
+	mulx	8*2($a_ptr), $t0, $t1
+	adcx	$t0, $acc0
+	adox	$t1, $acc1
+	mulx	8*3($a_ptr), $t0, $t1
+	adcx	$t0, $acc1
+	adox	$t1, $acc2		# of=0
+	adcx	%rax, $acc2		# cf=0
+
+	#################################
+	mov	$acc3, %rdx
+	mulx	8*4($a_ptr), %rdx, $t0
+
+	mulx	8*0($a_ptr), $t0, $t1
+	adox	$t0, $acc3		# guaranteed to be zero
+	adcx	$t1, $acc0
+	mulx	8*1($a_ptr), $t0, $t1
+	adox	$t0, $acc0
+	adcx	$t1, $acc1
+	mulx	8*2($a_ptr), $t0, $t1
+	adox	$t0, $acc1
+	adcx	$t1, $acc2
+	mulx	8*3($a_ptr), $t0, $t1
+	adox	$t0, $acc2
+	adcx	$t1, $acc3
+	adox	%rax, $acc3
+
+	################################# accumulate upper half
+	add	$acc0, $acc4		# add	$acc4, $acc0
+	adc	$acc5, $acc1
+	 mov	$acc4, %rdx
+	adc	$acc6, $acc2
+	adc	$acc7, $acc3
+	 mov	$acc1, $acc6
+	adc	\$0, %rax
+
+	################################# compare to modulus
+	sub	8*0($a_ptr), $acc4
+	 mov	$acc2, $acc7
+	sbb	8*1($a_ptr), $acc1
+	sbb	8*2($a_ptr), $acc2
+	 mov	$acc3, $acc0
+	sbb	8*3($a_ptr), $acc3
+	sbb	\$0, %rax
+
+	cmovnc	$acc4, %rdx
+	cmovnc	$acc1, $acc6
+	cmovnc	$acc2, $acc7
+	cmovnc	$acc3, $acc0
+
+	dec	$b_ptr
+	jnz	.Loop_ord_sqrx
+
+	mov	%rdx, 8*0($r_ptr)
+	mov	$acc6, 8*1($r_ptr)
+	pxor	%xmm1, %xmm1
+	mov	$acc7, 8*2($r_ptr)
+	pxor	%xmm2, %xmm2
+	mov	$acc0, 8*3($r_ptr)
+	pxor	%xmm3, %xmm3
+
+	mov	0(%rsp),%r15
+.cfi_restore	%r15
+	mov	8(%rsp),%r14
+.cfi_restore	%r14
+	mov	16(%rsp),%r13
+.cfi_restore	%r13
+	mov	24(%rsp),%r12
+.cfi_restore	%r12
+	mov	32(%rsp),%rbx
+.cfi_restore	%rbx
+	mov	40(%rsp),%rbp
+.cfi_restore	%rbp
+	lea	48(%rsp),%rsp
+.cfi_adjust_cfa_offset	-48
+.Lord_sqrx_epilogue:
+	ret
+.cfi_endproc
+.size	ecp_nistz256_ord_sqr_montx,.-ecp_nistz256_ord_sqr_montx
+___
+
+$code.=<<___;
+################################################################################
+# void ecp_nistz256_to_mont(
+#   uint64_t res[4],
+#   uint64_t in[4]);
+.globl	ecp_nistz256_to_mont
+.type	ecp_nistz256_to_mont,\@function,2
+.align	32
+ecp_nistz256_to_mont:
+___
+$code.=<<___	if ($addx);
+	mov	\$0x80100, %ecx
+	and	OPENSSL_ia32cap_P+8(%rip), %ecx
+___
+$code.=<<___;
+	lea	.LRR(%rip), $b_org
+	jmp	.Lmul_mont
+.size	ecp_nistz256_to_mont,.-ecp_nistz256_to_mont
+
+################################################################################
+# void ecp_nistz256_mul_mont(
+#   uint64_t res[4],
+#   uint64_t a[4],
+#   uint64_t b[4]);
+
+.globl	ecp_nistz256_mul_mont
+.type	ecp_nistz256_mul_mont,\@function,3
+.align	32
+ecp_nistz256_mul_mont:
+.cfi_startproc
+___
+$code.=<<___	if ($addx);
+	mov	\$0x80100, %ecx
+	and	OPENSSL_ia32cap_P+8(%rip), %ecx
+___
+$code.=<<___;
+.Lmul_mont:
+	push	%rbp
+.cfi_push	%rbp
+	push	%rbx
+.cfi_push	%rbx
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+.Lmul_body:
+___
+$code.=<<___	if ($addx);
+	cmp	\$0x80100, %ecx
+	je	.Lmul_montx
+___
+$code.=<<___;
+	mov	$b_org, $b_ptr
+	mov	8*0($b_org), %rax
+	mov	8*0($a_ptr), $acc1
+	mov	8*1($a_ptr), $acc2
+	mov	8*2($a_ptr), $acc3
+	mov	8*3($a_ptr), $acc4
+
+	call	__ecp_nistz256_mul_montq
+___
+$code.=<<___	if ($addx);
+	jmp	.Lmul_mont_done
+
+.align	32
+.Lmul_montx:
+	mov	$b_org, $b_ptr
+	mov	8*0($b_org), %rdx
+	mov	8*0($a_ptr), $acc1
+	mov	8*1($a_ptr), $acc2
+	mov	8*2($a_ptr), $acc3
+	mov	8*3($a_ptr), $acc4
+	lea	-128($a_ptr), $a_ptr	# control u-op density
+
+	call	__ecp_nistz256_mul_montx
+___
+$code.=<<___;
+.Lmul_mont_done:
+	mov	0(%rsp),%r15
+.cfi_restore	%r15
+	mov	8(%rsp),%r14
+.cfi_restore	%r14
+	mov	16(%rsp),%r13
+.cfi_restore	%r13
+	mov	24(%rsp),%r12
+.cfi_restore	%r12
+	mov	32(%rsp),%rbx
+.cfi_restore	%rbx
+	mov	40(%rsp),%rbp
+.cfi_restore	%rbp
+	lea	48(%rsp),%rsp
+.cfi_adjust_cfa_offset	-48
+.Lmul_epilogue:
+	ret
+.cfi_endproc
+.size	ecp_nistz256_mul_mont,.-ecp_nistz256_mul_mont
+
+.type	__ecp_nistz256_mul_montq,\@abi-omnipotent
+.align	32
+__ecp_nistz256_mul_montq:
+.cfi_startproc
+	########################################################################
+	# Multiply a by b[0]
+	mov	%rax, $t1
+	mulq	$acc1
+	mov	.Lpoly+8*1(%rip),$poly1
+	mov	%rax, $acc0
+	mov	$t1, %rax
+	mov	%rdx, $acc1
+
+	mulq	$acc2
+	mov	.Lpoly+8*3(%rip),$poly3
+	add	%rax, $acc1
+	mov	$t1, %rax
+	adc	\$0, %rdx
+	mov	%rdx, $acc2
+
+	mulq	$acc3
+	add	%rax, $acc2
+	mov	$t1, %rax
+	adc	\$0, %rdx
+	mov	%rdx, $acc3
+
+	mulq	$acc4
+	add	%rax, $acc3
+	 mov	$acc0, %rax
+	adc	\$0, %rdx
+	xor	$acc5, $acc5
+	mov	%rdx, $acc4
+
+	########################################################################
+	# First reduction step
+	# Basically now we want to multiply acc[0] by p256,
+	# and add the result to the acc.
+	# Due to the special form of p256 we do some optimizations
+	#
+	# acc[0] x p256[0..1] = acc[0] x 2^96 - acc[0]
+	# then we add acc[0] and get acc[0] x 2^96
+
+	mov	$acc0, $t1
+	shl	\$32, $acc0
+	mulq	$poly3
+	shr	\$32, $t1
+	add	$acc0, $acc1		# +=acc[0]<<96
+	adc	$t1, $acc2
+	adc	%rax, $acc3
+	 mov	8*1($b_ptr), %rax
+	adc	%rdx, $acc4
+	adc	\$0, $acc5
+	xor	$acc0, $acc0
+
+	########################################################################
+	# Multiply by b[1]
+	mov	%rax, $t1
+	mulq	8*0($a_ptr)
+	add	%rax, $acc1
+	mov	$t1, %rax
+	adc	\$0, %rdx
+	mov	%rdx, $t0
+
+	mulq	8*1($a_ptr)
+	add	$t0, $acc2
+	adc	\$0, %rdx
+	add	%rax, $acc2
+	mov	$t1, %rax
+	adc	\$0, %rdx
+	mov	%rdx, $t0
+
+	mulq	8*2($a_ptr)
+	add	$t0, $acc3
+	adc	\$0, %rdx
+	add	%rax, $acc3
+	mov	$t1, %rax
+	adc	\$0, %rdx
+	mov	%rdx, $t0
+
+	mulq	8*3($a_ptr)
+	add	$t0, $acc4
+	adc	\$0, %rdx
+	add	%rax, $acc4
+	 mov	$acc1, %rax
+	adc	%rdx, $acc5
+	adc	\$0, $acc0
+
+	########################################################################
+	# Second reduction step
+	mov	$acc1, $t1
+	shl	\$32, $acc1
+	mulq	$poly3
+	shr	\$32, $t1
+	add	$acc1, $acc2
+	adc	$t1, $acc3
+	adc	%rax, $acc4
+	 mov	8*2($b_ptr), %rax
+	adc	%rdx, $acc5
+	adc	\$0, $acc0
+	xor	$acc1, $acc1
+
+	########################################################################
+	# Multiply by b[2]
+	mov	%rax, $t1
+	mulq	8*0($a_ptr)
+	add	%rax, $acc2
+	mov	$t1, %rax
+	adc	\$0, %rdx
+	mov	%rdx, $t0
+
+	mulq	8*1($a_ptr)
+	add	$t0, $acc3
+	adc	\$0, %rdx
+	add	%rax, $acc3
+	mov	$t1, %rax
+	adc	\$0, %rdx
+	mov	%rdx, $t0
+
+	mulq	8*2($a_ptr)
+	add	$t0, $acc4
+	adc	\$0, %rdx
+	add	%rax, $acc4
+	mov	$t1, %rax
+	adc	\$0, %rdx
+	mov	%rdx, $t0
+
+	mulq	8*3($a_ptr)
+	add	$t0, $acc5
+	adc	\$0, %rdx
+	add	%rax, $acc5
+	 mov	$acc2, %rax
+	adc	%rdx, $acc0
+	adc	\$0, $acc1
+
+	########################################################################
+	# Third reduction step
+	mov	$acc2, $t1
+	shl	\$32, $acc2
+	mulq	$poly3
+	shr	\$32, $t1
+	add	$acc2, $acc3
+	adc	$t1, $acc4
+	adc	%rax, $acc5
+	 mov	8*3($b_ptr), %rax
+	adc	%rdx, $acc0
+	adc	\$0, $acc1
+	xor	$acc2, $acc2
+
+	########################################################################
+	# Multiply by b[3]
+	mov	%rax, $t1
+	mulq	8*0($a_ptr)
+	add	%rax, $acc3
+	mov	$t1, %rax
+	adc	\$0, %rdx
+	mov	%rdx, $t0
+
+	mulq	8*1($a_ptr)
+	add	$t0, $acc4
+	adc	\$0, %rdx
+	add	%rax, $acc4
+	mov	$t1, %rax
+	adc	\$0, %rdx
+	mov	%rdx, $t0
+
+	mulq	8*2($a_ptr)
+	add	$t0, $acc5
+	adc	\$0, %rdx
+	add	%rax, $acc5
+	mov	$t1, %rax
+	adc	\$0, %rdx
+	mov	%rdx, $t0
+
+	mulq	8*3($a_ptr)
+	add	$t0, $acc0
+	adc	\$0, %rdx
+	add	%rax, $acc0
+	 mov	$acc3, %rax
+	adc	%rdx, $acc1
+	adc	\$0, $acc2
+
+	########################################################################
+	# Final reduction step
+	mov	$acc3, $t1
+	shl	\$32, $acc3
+	mulq	$poly3
+	shr	\$32, $t1
+	add	$acc3, $acc4
+	adc	$t1, $acc5
+	 mov	$acc4, $t0
+	adc	%rax, $acc0
+	adc	%rdx, $acc1
+	 mov	$acc5, $t1
+	adc	\$0, $acc2
+
+	########################################################################
+	# Branch-less conditional subtraction of P
+	sub	\$-1, $acc4		# .Lpoly[0]
+	 mov	$acc0, $t2
+	sbb	$poly1, $acc5		# .Lpoly[1]
+	sbb	\$0, $acc0		# .Lpoly[2]
+	 mov	$acc1, $t3
+	sbb	$poly3, $acc1		# .Lpoly[3]
+	sbb	\$0, $acc2
+
+	cmovc	$t0, $acc4
+	cmovc	$t1, $acc5
+	mov	$acc4, 8*0($r_ptr)
+	cmovc	$t2, $acc0
+	mov	$acc5, 8*1($r_ptr)
+	cmovc	$t3, $acc1
+	mov	$acc0, 8*2($r_ptr)
+	mov	$acc1, 8*3($r_ptr)
+
+	ret
+.cfi_endproc
+.size	__ecp_nistz256_mul_montq,.-__ecp_nistz256_mul_montq
+
+################################################################################
+# void ecp_nistz256_sqr_mont(
+#   uint64_t res[4],
+#   uint64_t a[4]);
+
+# we optimize the square according to S.Gueron and V.Krasnov,
+# "Speeding up Big-Number Squaring"
+.globl	ecp_nistz256_sqr_mont
+.type	ecp_nistz256_sqr_mont,\@function,2
+.align	32
+ecp_nistz256_sqr_mont:
+.cfi_startproc
+___
+$code.=<<___	if ($addx);
+	mov	\$0x80100, %ecx
+	and	OPENSSL_ia32cap_P+8(%rip), %ecx
+___
+$code.=<<___;
+	push	%rbp
+.cfi_push	%rbp
+	push	%rbx
+.cfi_push	%rbx
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+.Lsqr_body:
+___
+$code.=<<___	if ($addx);
+	cmp	\$0x80100, %ecx
+	je	.Lsqr_montx
+___
+$code.=<<___;
+	mov	8*0($a_ptr), %rax
+	mov	8*1($a_ptr), $acc6
+	mov	8*2($a_ptr), $acc7
+	mov	8*3($a_ptr), $acc0
+
+	call	__ecp_nistz256_sqr_montq
+___
+$code.=<<___	if ($addx);
+	jmp	.Lsqr_mont_done
+
+.align	32
+.Lsqr_montx:
+	mov	8*0($a_ptr), %rdx
+	mov	8*1($a_ptr), $acc6
+	mov	8*2($a_ptr), $acc7
+	mov	8*3($a_ptr), $acc0
+	lea	-128($a_ptr), $a_ptr	# control u-op density
+
+	call	__ecp_nistz256_sqr_montx
+___
+$code.=<<___;
+.Lsqr_mont_done:
+	mov	0(%rsp),%r15
+.cfi_restore	%r15
+	mov	8(%rsp),%r14
+.cfi_restore	%r14
+	mov	16(%rsp),%r13
+.cfi_restore	%r13
+	mov	24(%rsp),%r12
+.cfi_restore	%r12
+	mov	32(%rsp),%rbx
+.cfi_restore	%rbx
+	mov	40(%rsp),%rbp
+.cfi_restore	%rbp
+	lea	48(%rsp),%rsp
+.cfi_adjust_cfa_offset	-48
+.Lsqr_epilogue:
+	ret
+.cfi_endproc
+.size	ecp_nistz256_sqr_mont,.-ecp_nistz256_sqr_mont
+
+.type	__ecp_nistz256_sqr_montq,\@abi-omnipotent
+.align	32
+__ecp_nistz256_sqr_montq:
+.cfi_startproc
+	mov	%rax, $acc5
+	mulq	$acc6			# a[1]*a[0]
+	mov	%rax, $acc1
+	mov	$acc7, %rax
+	mov	%rdx, $acc2
+
+	mulq	$acc5			# a[0]*a[2]
+	add	%rax, $acc2
+	mov	$acc0, %rax
+	adc	\$0, %rdx
+	mov	%rdx, $acc3
+
+	mulq	$acc5			# a[0]*a[3]
+	add	%rax, $acc3
+	 mov	$acc7, %rax
+	adc	\$0, %rdx
+	mov	%rdx, $acc4
+
+	#################################
+	mulq	$acc6			# a[1]*a[2]
+	add	%rax, $acc3
+	mov	$acc0, %rax
+	adc	\$0, %rdx
+	mov	%rdx, $t1
+
+	mulq	$acc6			# a[1]*a[3]
+	add	%rax, $acc4
+	 mov	$acc0, %rax
+	adc	\$0, %rdx
+	add	$t1, $acc4
+	mov	%rdx, $acc5
+	adc	\$0, $acc5
+
+	#################################
+	mulq	$acc7			# a[2]*a[3]
+	xor	$acc7, $acc7
+	add	%rax, $acc5
+	 mov	8*0($a_ptr), %rax
+	mov	%rdx, $acc6
+	adc	\$0, $acc6
+
+	add	$acc1, $acc1		# acc1:6<<1
+	adc	$acc2, $acc2
+	adc	$acc3, $acc3
+	adc	$acc4, $acc4
+	adc	$acc5, $acc5
+	adc	$acc6, $acc6
+	adc	\$0, $acc7
+
+	mulq	%rax
+	mov	%rax, $acc0
+	mov	8*1($a_ptr), %rax
+	mov	%rdx, $t0
+
+	mulq	%rax
+	add	$t0, $acc1
+	adc	%rax, $acc2
+	mov	8*2($a_ptr), %rax
+	adc	\$0, %rdx
+	mov	%rdx, $t0
+
+	mulq	%rax
+	add	$t0, $acc3
+	adc	%rax, $acc4
+	mov	8*3($a_ptr), %rax
+	adc	\$0, %rdx
+	mov	%rdx, $t0
+
+	mulq	%rax
+	add	$t0, $acc5
+	adc	%rax, $acc6
+	 mov	$acc0, %rax
+	adc	%rdx, $acc7
+
+	mov	.Lpoly+8*1(%rip), $a_ptr
+	mov	.Lpoly+8*3(%rip), $t1
+
+	##########################################
+	# Now the reduction
+	# First iteration
+	mov	$acc0, $t0
+	shl	\$32, $acc0
+	mulq	$t1
+	shr	\$32, $t0
+	add	$acc0, $acc1		# +=acc[0]<<96
+	adc	$t0, $acc2
+	adc	%rax, $acc3
+	 mov	$acc1, %rax
+	adc	\$0, %rdx
+
+	##########################################
+	# Second iteration
+	mov	$acc1, $t0
+	shl	\$32, $acc1
+	mov	%rdx, $acc0
+	mulq	$t1
+	shr	\$32, $t0
+	add	$acc1, $acc2
+	adc	$t0, $acc3
+	adc	%rax, $acc0
+	 mov	$acc2, %rax
+	adc	\$0, %rdx
+
+	##########################################
+	# Third iteration
+	mov	$acc2, $t0
+	shl	\$32, $acc2
+	mov	%rdx, $acc1
+	mulq	$t1
+	shr	\$32, $t0
+	add	$acc2, $acc3
+	adc	$t0, $acc0
+	adc	%rax, $acc1
+	 mov	$acc3, %rax
+	adc	\$0, %rdx
+
+	###########################################
+	# Last iteration
+	mov	$acc3, $t0
+	shl	\$32, $acc3
+	mov	%rdx, $acc2
+	mulq	$t1
+	shr	\$32, $t0
+	add	$acc3, $acc0
+	adc	$t0, $acc1
+	adc	%rax, $acc2
+	adc	\$0, %rdx
+	xor	$acc3, $acc3
+
+	############################################
+	# Add the rest of the acc
+	add	$acc0, $acc4
+	adc	$acc1, $acc5
+	 mov	$acc4, $acc0
+	adc	$acc2, $acc6
+	adc	%rdx, $acc7
+	 mov	$acc5, $acc1
+	adc	\$0, $acc3
+
+	sub	\$-1, $acc4		# .Lpoly[0]
+	 mov	$acc6, $acc2
+	sbb	$a_ptr, $acc5		# .Lpoly[1]
+	sbb	\$0, $acc6		# .Lpoly[2]
+	 mov	$acc7, $t0
+	sbb	$t1, $acc7		# .Lpoly[3]
+	sbb	\$0, $acc3
+
+	cmovc	$acc0, $acc4
+	cmovc	$acc1, $acc5
+	mov	$acc4, 8*0($r_ptr)
+	cmovc	$acc2, $acc6
+	mov	$acc5, 8*1($r_ptr)
+	cmovc	$t0, $acc7
+	mov	$acc6, 8*2($r_ptr)
+	mov	$acc7, 8*3($r_ptr)
+
+	ret
+.cfi_endproc
+.size	__ecp_nistz256_sqr_montq,.-__ecp_nistz256_sqr_montq
+___
+
+if ($addx) {
+$code.=<<___;
+.type	__ecp_nistz256_mul_montx,\@abi-omnipotent
+.align	32
+__ecp_nistz256_mul_montx:
+.cfi_startproc
+	########################################################################
+	# Multiply by b[0]
+	mulx	$acc1, $acc0, $acc1
+	mulx	$acc2, $t0, $acc2
+	mov	\$32, $poly1
+	xor	$acc5, $acc5		# cf=0
+	mulx	$acc3, $t1, $acc3
+	mov	.Lpoly+8*3(%rip), $poly3
+	adc	$t0, $acc1
+	mulx	$acc4, $t0, $acc4
+	 mov	$acc0, %rdx
+	adc	$t1, $acc2
+	 shlx	$poly1,$acc0,$t1
+	adc	$t0, $acc3
+	 shrx	$poly1,$acc0,$t0
+	adc	\$0, $acc4
+
+	########################################################################
+	# First reduction step
+	add	$t1, $acc1
+	adc	$t0, $acc2
+
+	mulx	$poly3, $t0, $t1
+	 mov	8*1($b_ptr), %rdx
+	adc	$t0, $acc3
+	adc	$t1, $acc4
+	adc	\$0, $acc5
+	xor	$acc0, $acc0		# $acc0=0,cf=0,of=0
+
+	########################################################################
+	# Multiply by b[1]
+	mulx	8*0+128($a_ptr), $t0, $t1
+	adcx	$t0, $acc1
+	adox	$t1, $acc2
+
+	mulx	8*1+128($a_ptr), $t0, $t1
+	adcx	$t0, $acc2
+	adox	$t1, $acc3
+
+	mulx	8*2+128($a_ptr), $t0, $t1
+	adcx	$t0, $acc3
+	adox	$t1, $acc4
+
+	mulx	8*3+128($a_ptr), $t0, $t1
+	 mov	$acc1, %rdx
+	adcx	$t0, $acc4
+	 shlx	$poly1, $acc1, $t0
+	adox	$t1, $acc5
+	 shrx	$poly1, $acc1, $t1
+
+	adcx	$acc0, $acc5
+	adox	$acc0, $acc0
+	adc	\$0, $acc0
+
+	########################################################################
+	# Second reduction step
+	add	$t0, $acc2
+	adc	$t1, $acc3
+
+	mulx	$poly3, $t0, $t1
+	 mov	8*2($b_ptr), %rdx
+	adc	$t0, $acc4
+	adc	$t1, $acc5
+	adc	\$0, $acc0
+	xor	$acc1 ,$acc1		# $acc1=0,cf=0,of=0
+
+	########################################################################
+	# Multiply by b[2]
+	mulx	8*0+128($a_ptr), $t0, $t1
+	adcx	$t0, $acc2
+	adox	$t1, $acc3
+
+	mulx	8*1+128($a_ptr), $t0, $t1
+	adcx	$t0, $acc3
+	adox	$t1, $acc4
+
+	mulx	8*2+128($a_ptr), $t0, $t1
+	adcx	$t0, $acc4
+	adox	$t1, $acc5
+
+	mulx	8*3+128($a_ptr), $t0, $t1
+	 mov	$acc2, %rdx
+	adcx	$t0, $acc5
+	 shlx	$poly1, $acc2, $t0
+	adox	$t1, $acc0
+	 shrx	$poly1, $acc2, $t1
+
+	adcx	$acc1, $acc0
+	adox	$acc1, $acc1
+	adc	\$0, $acc1
+
+	########################################################################
+	# Third reduction step
+	add	$t0, $acc3
+	adc	$t1, $acc4
+
+	mulx	$poly3, $t0, $t1
+	 mov	8*3($b_ptr), %rdx
+	adc	$t0, $acc5
+	adc	$t1, $acc0
+	adc	\$0, $acc1
+	xor	$acc2, $acc2		# $acc2=0,cf=0,of=0
+
+	########################################################################
+	# Multiply by b[3]
+	mulx	8*0+128($a_ptr), $t0, $t1
+	adcx	$t0, $acc3
+	adox	$t1, $acc4
+
+	mulx	8*1+128($a_ptr), $t0, $t1
+	adcx	$t0, $acc4
+	adox	$t1, $acc5
+
+	mulx	8*2+128($a_ptr), $t0, $t1
+	adcx	$t0, $acc5
+	adox	$t1, $acc0
+
+	mulx	8*3+128($a_ptr), $t0, $t1
+	 mov	$acc3, %rdx
+	adcx	$t0, $acc0
+	 shlx	$poly1, $acc3, $t0
+	adox	$t1, $acc1
+	 shrx	$poly1, $acc3, $t1
+
+	adcx	$acc2, $acc1
+	adox	$acc2, $acc2
+	adc	\$0, $acc2
+
+	########################################################################
+	# Fourth reduction step
+	add	$t0, $acc4
+	adc	$t1, $acc5
+
+	mulx	$poly3, $t0, $t1
+	 mov	$acc4, $t2
+	mov	.Lpoly+8*1(%rip), $poly1
+	adc	$t0, $acc0
+	 mov	$acc5, $t3
+	adc	$t1, $acc1
+	adc	\$0, $acc2
+
+	########################################################################
+	# Branch-less conditional subtraction of P
+	xor	%eax, %eax
+	 mov	$acc0, $t0
+	sbb	\$-1, $acc4		# .Lpoly[0]
+	sbb	$poly1, $acc5		# .Lpoly[1]
+	sbb	\$0, $acc0		# .Lpoly[2]
+	 mov	$acc1, $t1
+	sbb	$poly3, $acc1		# .Lpoly[3]
+	sbb	\$0, $acc2
+
+	cmovc	$t2, $acc4
+	cmovc	$t3, $acc5
+	mov	$acc4, 8*0($r_ptr)
+	cmovc	$t0, $acc0
+	mov	$acc5, 8*1($r_ptr)
+	cmovc	$t1, $acc1
+	mov	$acc0, 8*2($r_ptr)
+	mov	$acc1, 8*3($r_ptr)
+
+	ret
+.cfi_endproc
+.size	__ecp_nistz256_mul_montx,.-__ecp_nistz256_mul_montx
+
+.type	__ecp_nistz256_sqr_montx,\@abi-omnipotent
+.align	32
+__ecp_nistz256_sqr_montx:
+.cfi_startproc
+	mulx	$acc6, $acc1, $acc2	# a[0]*a[1]
+	mulx	$acc7, $t0, $acc3	# a[0]*a[2]
+	xor	%eax, %eax
+	adc	$t0, $acc2
+	mulx	$acc0, $t1, $acc4	# a[0]*a[3]
+	 mov	$acc6, %rdx
+	adc	$t1, $acc3
+	adc	\$0, $acc4
+	xor	$acc5, $acc5		# $acc5=0,cf=0,of=0
+
+	#################################
+	mulx	$acc7, $t0, $t1		# a[1]*a[2]
+	adcx	$t0, $acc3
+	adox	$t1, $acc4
+
+	mulx	$acc0, $t0, $t1		# a[1]*a[3]
+	 mov	$acc7, %rdx
+	adcx	$t0, $acc4
+	adox	$t1, $acc5
+	adc	\$0, $acc5
+
+	#################################
+	mulx	$acc0, $t0, $acc6	# a[2]*a[3]
+	 mov	8*0+128($a_ptr), %rdx
+	xor	$acc7, $acc7		# $acc7=0,cf=0,of=0
+	 adcx	$acc1, $acc1		# acc1:6<<1
+	adox	$t0, $acc5
+	 adcx	$acc2, $acc2
+	adox	$acc7, $acc6		# of=0
+
+	mulx	%rdx, $acc0, $t1
+	mov	8*1+128($a_ptr), %rdx
+	 adcx	$acc3, $acc3
+	adox	$t1, $acc1
+	 adcx	$acc4, $acc4
+	mulx	%rdx, $t0, $t4
+	mov	8*2+128($a_ptr), %rdx
+	 adcx	$acc5, $acc5
+	adox	$t0, $acc2
+	 adcx	$acc6, $acc6
+	.byte	0x67
+	mulx	%rdx, $t0, $t1
+	mov	8*3+128($a_ptr), %rdx
+	adox	$t4, $acc3
+	 adcx	$acc7, $acc7
+	adox	$t0, $acc4
+	 mov	\$32, $a_ptr
+	adox	$t1, $acc5
+	.byte	0x67,0x67
+	mulx	%rdx, $t0, $t4
+	 mov	.Lpoly+8*3(%rip), %rdx
+	adox	$t0, $acc6
+	 shlx	$a_ptr, $acc0, $t0
+	adox	$t4, $acc7
+	 shrx	$a_ptr, $acc0, $t4
+	mov	%rdx,$t1
+
+	# reduction step 1
+	add	$t0, $acc1
+	adc	$t4, $acc2
+
+	mulx	$acc0, $t0, $acc0
+	adc	$t0, $acc3
+	 shlx	$a_ptr, $acc1, $t0
+	adc	\$0, $acc0
+	 shrx	$a_ptr, $acc1, $t4
+
+	# reduction step 2
+	add	$t0, $acc2
+	adc	$t4, $acc3
+
+	mulx	$acc1, $t0, $acc1
+	adc	$t0, $acc0
+	 shlx	$a_ptr, $acc2, $t0
+	adc	\$0, $acc1
+	 shrx	$a_ptr, $acc2, $t4
+
+	# reduction step 3
+	add	$t0, $acc3
+	adc	$t4, $acc0
+
+	mulx	$acc2, $t0, $acc2
+	adc	$t0, $acc1
+	 shlx	$a_ptr, $acc3, $t0
+	adc	\$0, $acc2
+	 shrx	$a_ptr, $acc3, $t4
+
+	# reduction step 4
+	add	$t0, $acc0
+	adc	$t4, $acc1
+
+	mulx	$acc3, $t0, $acc3
+	adc	$t0, $acc2
+	adc	\$0, $acc3
+
+	xor	$t3, $t3
+	add	$acc0, $acc4		# accumulate upper half
+	 mov	.Lpoly+8*1(%rip), $a_ptr
+	adc	$acc1, $acc5
+	 mov	$acc4, $acc0
+	adc	$acc2, $acc6
+	adc	$acc3, $acc7
+	 mov	$acc5, $acc1
+	adc	\$0, $t3
+
+	sub	\$-1, $acc4		# .Lpoly[0]
+	 mov	$acc6, $acc2
+	sbb	$a_ptr, $acc5		# .Lpoly[1]
+	sbb	\$0, $acc6		# .Lpoly[2]
+	 mov	$acc7, $acc3
+	sbb	$t1, $acc7		# .Lpoly[3]
+	sbb	\$0, $t3
+
+	cmovc	$acc0, $acc4
+	cmovc	$acc1, $acc5
+	mov	$acc4, 8*0($r_ptr)
+	cmovc	$acc2, $acc6
+	mov	$acc5, 8*1($r_ptr)
+	cmovc	$acc3, $acc7
+	mov	$acc6, 8*2($r_ptr)
+	mov	$acc7, 8*3($r_ptr)
+
+	ret
+.cfi_endproc
+.size	__ecp_nistz256_sqr_montx,.-__ecp_nistz256_sqr_montx
+___
+}
+}
+{
+my ($r_ptr,$in_ptr)=("%rdi","%rsi");
+my ($acc0,$acc1,$acc2,$acc3)=map("%r$_",(8..11));
+my ($t0,$t1,$t2)=("%rcx","%r12","%r13");
+
+$code.=<<___;
+################################################################################
+# void ecp_nistz256_from_mont(
+#   uint64_t res[4],
+#   uint64_t in[4]);
+# This one performs Montgomery multiplication by 1, so we only need the reduction
+
+.globl	ecp_nistz256_from_mont
+.type	ecp_nistz256_from_mont,\@function,2
+.align	32
+ecp_nistz256_from_mont:
+.cfi_startproc
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+.Lfrom_body:
+
+	mov	8*0($in_ptr), %rax
+	mov	.Lpoly+8*3(%rip), $t2
+	mov	8*1($in_ptr), $acc1
+	mov	8*2($in_ptr), $acc2
+	mov	8*3($in_ptr), $acc3
+	mov	%rax, $acc0
+	mov	.Lpoly+8*1(%rip), $t1
+
+	#########################################
+	# First iteration
+	mov	%rax, $t0
+	shl	\$32, $acc0
+	mulq	$t2
+	shr	\$32, $t0
+	add	$acc0, $acc1
+	adc	$t0, $acc2
+	adc	%rax, $acc3
+	 mov	$acc1, %rax
+	adc	\$0, %rdx
+
+	#########################################
+	# Second iteration
+	mov	$acc1, $t0
+	shl	\$32, $acc1
+	mov	%rdx, $acc0
+	mulq	$t2
+	shr	\$32, $t0
+	add	$acc1, $acc2
+	adc	$t0, $acc3
+	adc	%rax, $acc0
+	 mov	$acc2, %rax
+	adc	\$0, %rdx
+
+	##########################################
+	# Third iteration
+	mov	$acc2, $t0
+	shl	\$32, $acc2
+	mov	%rdx, $acc1
+	mulq	$t2
+	shr	\$32, $t0
+	add	$acc2, $acc3
+	adc	$t0, $acc0
+	adc	%rax, $acc1
+	 mov	$acc3, %rax
+	adc	\$0, %rdx
+
+	###########################################
+	# Last iteration
+	mov	$acc3, $t0
+	shl	\$32, $acc3
+	mov	%rdx, $acc2
+	mulq	$t2
+	shr	\$32, $t0
+	add	$acc3, $acc0
+	adc	$t0, $acc1
+	 mov	$acc0, $t0
+	adc	%rax, $acc2
+	 mov	$acc1, $in_ptr
+	adc	\$0, %rdx
+
+	###########################################
+	# Branch-less conditional subtraction
+	sub	\$-1, $acc0
+	 mov	$acc2, %rax
+	sbb	$t1, $acc1
+	sbb	\$0, $acc2
+	 mov	%rdx, $acc3
+	sbb	$t2, %rdx
+	sbb	$t2, $t2
+
+	cmovnz	$t0, $acc0
+	cmovnz	$in_ptr, $acc1
+	mov	$acc0, 8*0($r_ptr)
+	cmovnz	%rax, $acc2
+	mov	$acc1, 8*1($r_ptr)
+	cmovz	%rdx, $acc3
+	mov	$acc2, 8*2($r_ptr)
+	mov	$acc3, 8*3($r_ptr)
+
+	mov	0(%rsp),%r13
+.cfi_restore	%r13
+	mov	8(%rsp),%r12
+.cfi_restore	%r12
+	lea	16(%rsp),%rsp
+.cfi_adjust_cfa_offset	-16
+.Lfrom_epilogue:
+	ret
+.cfi_endproc
+.size	ecp_nistz256_from_mont,.-ecp_nistz256_from_mont
+___
+}
+{
+my ($val,$in_t,$index)=$win64?("%rcx","%rdx","%r8d"):("%rdi","%rsi","%edx");
+my ($ONE,$INDEX,$Ra,$Rb,$Rc,$Rd,$Re,$Rf)=map("%xmm$_",(0..7));
+my ($M0,$T0a,$T0b,$T0c,$T0d,$T0e,$T0f,$TMP0)=map("%xmm$_",(8..15));
+my ($M1,$T2a,$T2b,$TMP2,$M2,$T2a,$T2b,$TMP2)=map("%xmm$_",(8..15));
+
+$code.=<<___;
+################################################################################
+# void ecp_nistz256_scatter_w5(uint64_t *val, uint64_t *in_t, int index);
+.globl	ecp_nistz256_scatter_w5
+.type	ecp_nistz256_scatter_w5,\@abi-omnipotent
+.align	32
+ecp_nistz256_scatter_w5:
+	lea	-3($index,$index,2), $index
+	movdqa	0x00($in_t), %xmm0
+	shl	\$5, $index
+	movdqa	0x10($in_t), %xmm1
+	movdqa	0x20($in_t), %xmm2
+	movdqa	0x30($in_t), %xmm3
+	movdqa	0x40($in_t), %xmm4
+	movdqa	0x50($in_t), %xmm5
+	movdqa	%xmm0, 0x00($val,$index)
+	movdqa	%xmm1, 0x10($val,$index)
+	movdqa	%xmm2, 0x20($val,$index)
+	movdqa	%xmm3, 0x30($val,$index)
+	movdqa	%xmm4, 0x40($val,$index)
+	movdqa	%xmm5, 0x50($val,$index)
+
+	ret
+.size	ecp_nistz256_scatter_w5,.-ecp_nistz256_scatter_w5
+
+################################################################################
+# void ecp_nistz256_gather_w5(uint64_t *val, uint64_t *in_t, int index);
+.globl	ecp_nistz256_gather_w5
+.type	ecp_nistz256_gather_w5,\@abi-omnipotent
+.align	32
+ecp_nistz256_gather_w5:
+.cfi_startproc
+___
+$code.=<<___	if ($avx>1);
+	mov	OPENSSL_ia32cap_P+8(%rip), %eax
+	test	\$`1<<5`, %eax
+	jnz	.Lavx2_gather_w5
+___
+$code.=<<___	if ($win64);
+	lea	-0x88(%rsp), %rax
+.LSEH_begin_ecp_nistz256_gather_w5:
+	.byte	0x48,0x8d,0x60,0xe0		#lea	-0x20(%rax), %rsp
+	.byte	0x0f,0x29,0x70,0xe0		#movaps	%xmm6, -0x20(%rax)
+	.byte	0x0f,0x29,0x78,0xf0		#movaps	%xmm7, -0x10(%rax)
+	.byte	0x44,0x0f,0x29,0x00		#movaps	%xmm8, 0(%rax)
+	.byte	0x44,0x0f,0x29,0x48,0x10	#movaps	%xmm9, 0x10(%rax)
+	.byte	0x44,0x0f,0x29,0x50,0x20	#movaps	%xmm10, 0x20(%rax)
+	.byte	0x44,0x0f,0x29,0x58,0x30	#movaps	%xmm11, 0x30(%rax)
+	.byte	0x44,0x0f,0x29,0x60,0x40	#movaps	%xmm12, 0x40(%rax)
+	.byte	0x44,0x0f,0x29,0x68,0x50	#movaps	%xmm13, 0x50(%rax)
+	.byte	0x44,0x0f,0x29,0x70,0x60	#movaps	%xmm14, 0x60(%rax)
+	.byte	0x44,0x0f,0x29,0x78,0x70	#movaps	%xmm15, 0x70(%rax)
+___
+$code.=<<___;
+	movdqa	.LOne(%rip), $ONE
+	movd	$index, $INDEX
+
+	pxor	$Ra, $Ra
+	pxor	$Rb, $Rb
+	pxor	$Rc, $Rc
+	pxor	$Rd, $Rd
+	pxor	$Re, $Re
+	pxor	$Rf, $Rf
+
+	movdqa	$ONE, $M0
+	pshufd	\$0, $INDEX, $INDEX
+
+	mov	\$16, %rax
+.Lselect_loop_sse_w5:
+
+	movdqa	$M0, $TMP0
+	paddd	$ONE, $M0
+	pcmpeqd $INDEX, $TMP0
+
+	movdqa	16*0($in_t), $T0a
+	movdqa	16*1($in_t), $T0b
+	movdqa	16*2($in_t), $T0c
+	movdqa	16*3($in_t), $T0d
+	movdqa	16*4($in_t), $T0e
+	movdqa	16*5($in_t), $T0f
+	lea 16*6($in_t), $in_t
+
+	pand	$TMP0, $T0a
+	pand	$TMP0, $T0b
+	por	$T0a, $Ra
+	pand	$TMP0, $T0c
+	por	$T0b, $Rb
+	pand	$TMP0, $T0d
+	por	$T0c, $Rc
+	pand	$TMP0, $T0e
+	por	$T0d, $Rd
+	pand	$TMP0, $T0f
+	por	$T0e, $Re
+	por	$T0f, $Rf
+
+	dec	%rax
+	jnz	.Lselect_loop_sse_w5
+
+	movdqu	$Ra, 16*0($val)
+	movdqu	$Rb, 16*1($val)
+	movdqu	$Rc, 16*2($val)
+	movdqu	$Rd, 16*3($val)
+	movdqu	$Re, 16*4($val)
+	movdqu	$Rf, 16*5($val)
+___
+$code.=<<___	if ($win64);
+	movaps	(%rsp), %xmm6
+	movaps	0x10(%rsp), %xmm7
+	movaps	0x20(%rsp), %xmm8
+	movaps	0x30(%rsp), %xmm9
+	movaps	0x40(%rsp), %xmm10
+	movaps	0x50(%rsp), %xmm11
+	movaps	0x60(%rsp), %xmm12
+	movaps	0x70(%rsp), %xmm13
+	movaps	0x80(%rsp), %xmm14
+	movaps	0x90(%rsp), %xmm15
+	lea	0xa8(%rsp), %rsp
+___
+$code.=<<___;
+	ret
+.cfi_endproc
+.LSEH_end_ecp_nistz256_gather_w5:
+.size	ecp_nistz256_gather_w5,.-ecp_nistz256_gather_w5
+
+################################################################################
+# void ecp_nistz256_scatter_w7(uint64_t *val, uint64_t *in_t, int index);
+.globl	ecp_nistz256_scatter_w7
+.type	ecp_nistz256_scatter_w7,\@abi-omnipotent
+.align	32
+ecp_nistz256_scatter_w7:
+	movdqu	0x00($in_t), %xmm0
+	shl	\$6, $index
+	movdqu	0x10($in_t), %xmm1
+	movdqu	0x20($in_t), %xmm2
+	movdqu	0x30($in_t), %xmm3
+	movdqa	%xmm0, 0x00($val,$index)
+	movdqa	%xmm1, 0x10($val,$index)
+	movdqa	%xmm2, 0x20($val,$index)
+	movdqa	%xmm3, 0x30($val,$index)
+
+	ret
+.size	ecp_nistz256_scatter_w7,.-ecp_nistz256_scatter_w7
+
+################################################################################
+# void ecp_nistz256_gather_w7(uint64_t *val, uint64_t *in_t, int index);
+.globl	ecp_nistz256_gather_w7
+.type	ecp_nistz256_gather_w7,\@abi-omnipotent
+.align	32
+ecp_nistz256_gather_w7:
+.cfi_startproc
+___
+$code.=<<___	if ($avx>1);
+	mov	OPENSSL_ia32cap_P+8(%rip), %eax
+	test	\$`1<<5`, %eax
+	jnz	.Lavx2_gather_w7
+___
+$code.=<<___	if ($win64);
+	lea	-0x88(%rsp), %rax
+.LSEH_begin_ecp_nistz256_gather_w7:
+	.byte	0x48,0x8d,0x60,0xe0		#lea	-0x20(%rax), %rsp
+	.byte	0x0f,0x29,0x70,0xe0		#movaps	%xmm6, -0x20(%rax)
+	.byte	0x0f,0x29,0x78,0xf0		#movaps	%xmm7, -0x10(%rax)
+	.byte	0x44,0x0f,0x29,0x00		#movaps	%xmm8, 0(%rax)
+	.byte	0x44,0x0f,0x29,0x48,0x10	#movaps	%xmm9, 0x10(%rax)
+	.byte	0x44,0x0f,0x29,0x50,0x20	#movaps	%xmm10, 0x20(%rax)
+	.byte	0x44,0x0f,0x29,0x58,0x30	#movaps	%xmm11, 0x30(%rax)
+	.byte	0x44,0x0f,0x29,0x60,0x40	#movaps	%xmm12, 0x40(%rax)
+	.byte	0x44,0x0f,0x29,0x68,0x50	#movaps	%xmm13, 0x50(%rax)
+	.byte	0x44,0x0f,0x29,0x70,0x60	#movaps	%xmm14, 0x60(%rax)
+	.byte	0x44,0x0f,0x29,0x78,0x70	#movaps	%xmm15, 0x70(%rax)
+___
+$code.=<<___;
+	movdqa	.LOne(%rip), $M0
+	movd	$index, $INDEX
+
+	pxor	$Ra, $Ra
+	pxor	$Rb, $Rb
+	pxor	$Rc, $Rc
+	pxor	$Rd, $Rd
+
+	movdqa	$M0, $ONE
+	pshufd	\$0, $INDEX, $INDEX
+	mov	\$64, %rax
+
+.Lselect_loop_sse_w7:
+	movdqa	$M0, $TMP0
+	paddd	$ONE, $M0
+	movdqa	16*0($in_t), $T0a
+	movdqa	16*1($in_t), $T0b
+	pcmpeqd	$INDEX, $TMP0
+	movdqa	16*2($in_t), $T0c
+	movdqa	16*3($in_t), $T0d
+	lea	16*4($in_t), $in_t
+
+	pand	$TMP0, $T0a
+	pand	$TMP0, $T0b
+	por	$T0a, $Ra
+	pand	$TMP0, $T0c
+	por	$T0b, $Rb
+	pand	$TMP0, $T0d
+	por	$T0c, $Rc
+	prefetcht0	255($in_t)
+	por	$T0d, $Rd
+
+	dec	%rax
+	jnz	.Lselect_loop_sse_w7
+
+	movdqu	$Ra, 16*0($val)
+	movdqu	$Rb, 16*1($val)
+	movdqu	$Rc, 16*2($val)
+	movdqu	$Rd, 16*3($val)
+___
+$code.=<<___	if ($win64);
+	movaps	(%rsp), %xmm6
+	movaps	0x10(%rsp), %xmm7
+	movaps	0x20(%rsp), %xmm8
+	movaps	0x30(%rsp), %xmm9
+	movaps	0x40(%rsp), %xmm10
+	movaps	0x50(%rsp), %xmm11
+	movaps	0x60(%rsp), %xmm12
+	movaps	0x70(%rsp), %xmm13
+	movaps	0x80(%rsp), %xmm14
+	movaps	0x90(%rsp), %xmm15
+	lea	0xa8(%rsp), %rsp
+___
+$code.=<<___;
+	ret
+.cfi_endproc
+.LSEH_end_ecp_nistz256_gather_w7:
+.size	ecp_nistz256_gather_w7,.-ecp_nistz256_gather_w7
+___
+}
+if ($avx>1) {
+my ($val,$in_t,$index)=$win64?("%rcx","%rdx","%r8d"):("%rdi","%rsi","%edx");
+my ($TWO,$INDEX,$Ra,$Rb,$Rc)=map("%ymm$_",(0..4));
+my ($M0,$T0a,$T0b,$T0c,$TMP0)=map("%ymm$_",(5..9));
+my ($M1,$T1a,$T1b,$T1c,$TMP1)=map("%ymm$_",(10..14));
+
+$code.=<<___;
+################################################################################
+# void ecp_nistz256_avx2_gather_w5(uint64_t *val, uint64_t *in_t, int index);
+.type	ecp_nistz256_avx2_gather_w5,\@abi-omnipotent
+.align	32
+ecp_nistz256_avx2_gather_w5:
+.cfi_startproc
+.Lavx2_gather_w5:
+	vzeroupper
+___
+$code.=<<___	if ($win64);
+	lea	-0x88(%rsp), %rax
+	mov	%rsp,%r11
+.LSEH_begin_ecp_nistz256_avx2_gather_w5:
+	.byte	0x48,0x8d,0x60,0xe0		# lea	-0x20(%rax), %rsp
+	.byte	0xc5,0xf8,0x29,0x70,0xe0	# vmovaps %xmm6, -0x20(%rax)
+	.byte	0xc5,0xf8,0x29,0x78,0xf0	# vmovaps %xmm7, -0x10(%rax)
+	.byte	0xc5,0x78,0x29,0x40,0x00	# vmovaps %xmm8, 8(%rax)
+	.byte	0xc5,0x78,0x29,0x48,0x10	# vmovaps %xmm9, 0x10(%rax)
+	.byte	0xc5,0x78,0x29,0x50,0x20	# vmovaps %xmm10, 0x20(%rax)
+	.byte	0xc5,0x78,0x29,0x58,0x30	# vmovaps %xmm11, 0x30(%rax)
+	.byte	0xc5,0x78,0x29,0x60,0x40	# vmovaps %xmm12, 0x40(%rax)
+	.byte	0xc5,0x78,0x29,0x68,0x50	# vmovaps %xmm13, 0x50(%rax)
+	.byte	0xc5,0x78,0x29,0x70,0x60	# vmovaps %xmm14, 0x60(%rax)
+	.byte	0xc5,0x78,0x29,0x78,0x70	# vmovaps %xmm15, 0x70(%rax)
+___
+$code.=<<___;
+	vmovdqa	.LTwo(%rip), $TWO
+
+	vpxor	$Ra, $Ra, $Ra
+	vpxor	$Rb, $Rb, $Rb
+	vpxor	$Rc, $Rc, $Rc
+
+	vmovdqa .LOne(%rip), $M0
+	vmovdqa .LTwo(%rip), $M1
+
+	vmovd	$index, %xmm1
+	vpermd	$INDEX, $Ra, $INDEX
+
+	mov	\$8, %rax
+.Lselect_loop_avx2_w5:
+
+	vmovdqa	32*0($in_t), $T0a
+	vmovdqa	32*1($in_t), $T0b
+	vmovdqa	32*2($in_t), $T0c
+
+	vmovdqa	32*3($in_t), $T1a
+	vmovdqa	32*4($in_t), $T1b
+	vmovdqa	32*5($in_t), $T1c
+
+	vpcmpeqd	$INDEX, $M0, $TMP0
+	vpcmpeqd	$INDEX, $M1, $TMP1
+
+	vpaddd	$TWO, $M0, $M0
+	vpaddd	$TWO, $M1, $M1
+	lea	32*6($in_t), $in_t
+
+	vpand	$TMP0, $T0a, $T0a
+	vpand	$TMP0, $T0b, $T0b
+	vpand	$TMP0, $T0c, $T0c
+	vpand	$TMP1, $T1a, $T1a
+	vpand	$TMP1, $T1b, $T1b
+	vpand	$TMP1, $T1c, $T1c
+
+	vpxor	$T0a, $Ra, $Ra
+	vpxor	$T0b, $Rb, $Rb
+	vpxor	$T0c, $Rc, $Rc
+	vpxor	$T1a, $Ra, $Ra
+	vpxor	$T1b, $Rb, $Rb
+	vpxor	$T1c, $Rc, $Rc
+
+	dec %rax
+	jnz .Lselect_loop_avx2_w5
+
+	vmovdqu $Ra, 32*0($val)
+	vmovdqu $Rb, 32*1($val)
+	vmovdqu $Rc, 32*2($val)
+	vzeroupper
+___
+$code.=<<___	if ($win64);
+	movaps	(%rsp), %xmm6
+	movaps	0x10(%rsp), %xmm7
+	movaps	0x20(%rsp), %xmm8
+	movaps	0x30(%rsp), %xmm9
+	movaps	0x40(%rsp), %xmm10
+	movaps	0x50(%rsp), %xmm11
+	movaps	0x60(%rsp), %xmm12
+	movaps	0x70(%rsp), %xmm13
+	movaps	0x80(%rsp), %xmm14
+	movaps	0x90(%rsp), %xmm15
+	lea	(%r11), %rsp
+___
+$code.=<<___;
+	ret
+.cfi_endproc
+.LSEH_end_ecp_nistz256_avx2_gather_w5:
+.size	ecp_nistz256_avx2_gather_w5,.-ecp_nistz256_avx2_gather_w5
+___
+}
+if ($avx>1) {
+my ($val,$in_t,$index)=$win64?("%rcx","%rdx","%r8d"):("%rdi","%rsi","%edx");
+my ($THREE,$INDEX,$Ra,$Rb)=map("%ymm$_",(0..3));
+my ($M0,$T0a,$T0b,$TMP0)=map("%ymm$_",(4..7));
+my ($M1,$T1a,$T1b,$TMP1)=map("%ymm$_",(8..11));
+my ($M2,$T2a,$T2b,$TMP2)=map("%ymm$_",(12..15));
+
+$code.=<<___;
+
+################################################################################
+# void ecp_nistz256_avx2_gather_w7(uint64_t *val, uint64_t *in_t, int index);
+.globl	ecp_nistz256_avx2_gather_w7
+.type	ecp_nistz256_avx2_gather_w7,\@abi-omnipotent
+.align	32
+ecp_nistz256_avx2_gather_w7:
+.cfi_startproc
+.Lavx2_gather_w7:
+	vzeroupper
+___
+$code.=<<___	if ($win64);
+	mov	%rsp,%r11
+	lea	-0x88(%rsp), %rax
+.LSEH_begin_ecp_nistz256_avx2_gather_w7:
+	.byte	0x48,0x8d,0x60,0xe0		# lea	-0x20(%rax), %rsp
+	.byte	0xc5,0xf8,0x29,0x70,0xe0	# vmovaps %xmm6, -0x20(%rax)
+	.byte	0xc5,0xf8,0x29,0x78,0xf0	# vmovaps %xmm7, -0x10(%rax)
+	.byte	0xc5,0x78,0x29,0x40,0x00	# vmovaps %xmm8, 8(%rax)
+	.byte	0xc5,0x78,0x29,0x48,0x10	# vmovaps %xmm9, 0x10(%rax)
+	.byte	0xc5,0x78,0x29,0x50,0x20	# vmovaps %xmm10, 0x20(%rax)
+	.byte	0xc5,0x78,0x29,0x58,0x30	# vmovaps %xmm11, 0x30(%rax)
+	.byte	0xc5,0x78,0x29,0x60,0x40	# vmovaps %xmm12, 0x40(%rax)
+	.byte	0xc5,0x78,0x29,0x68,0x50	# vmovaps %xmm13, 0x50(%rax)
+	.byte	0xc5,0x78,0x29,0x70,0x60	# vmovaps %xmm14, 0x60(%rax)
+	.byte	0xc5,0x78,0x29,0x78,0x70	# vmovaps %xmm15, 0x70(%rax)
+___
+$code.=<<___;
+	vmovdqa	.LThree(%rip), $THREE
+
+	vpxor	$Ra, $Ra, $Ra
+	vpxor	$Rb, $Rb, $Rb
+
+	vmovdqa .LOne(%rip), $M0
+	vmovdqa .LTwo(%rip), $M1
+	vmovdqa .LThree(%rip), $M2
+
+	vmovd	$index, %xmm1
+	vpermd	$INDEX, $Ra, $INDEX
+	# Skip index = 0, because it is implicitly the point at infinity
+
+	mov	\$21, %rax
+.Lselect_loop_avx2_w7:
+
+	vmovdqa	32*0($in_t), $T0a
+	vmovdqa	32*1($in_t), $T0b
+
+	vmovdqa	32*2($in_t), $T1a
+	vmovdqa	32*3($in_t), $T1b
+
+	vmovdqa	32*4($in_t), $T2a
+	vmovdqa	32*5($in_t), $T2b
+
+	vpcmpeqd	$INDEX, $M0, $TMP0
+	vpcmpeqd	$INDEX, $M1, $TMP1
+	vpcmpeqd	$INDEX, $M2, $TMP2
+
+	vpaddd	$THREE, $M0, $M0
+	vpaddd	$THREE, $M1, $M1
+	vpaddd	$THREE, $M2, $M2
+	lea	32*6($in_t), $in_t
+
+	vpand	$TMP0, $T0a, $T0a
+	vpand	$TMP0, $T0b, $T0b
+	vpand	$TMP1, $T1a, $T1a
+	vpand	$TMP1, $T1b, $T1b
+	vpand	$TMP2, $T2a, $T2a
+	vpand	$TMP2, $T2b, $T2b
+
+	vpxor	$T0a, $Ra, $Ra
+	vpxor	$T0b, $Rb, $Rb
+	vpxor	$T1a, $Ra, $Ra
+	vpxor	$T1b, $Rb, $Rb
+	vpxor	$T2a, $Ra, $Ra
+	vpxor	$T2b, $Rb, $Rb
+
+	dec %rax
+	jnz .Lselect_loop_avx2_w7
+
+
+	vmovdqa	32*0($in_t), $T0a
+	vmovdqa	32*1($in_t), $T0b
+
+	vpcmpeqd	$INDEX, $M0, $TMP0
+
+	vpand	$TMP0, $T0a, $T0a
+	vpand	$TMP0, $T0b, $T0b
+
+	vpxor	$T0a, $Ra, $Ra
+	vpxor	$T0b, $Rb, $Rb
+
+	vmovdqu $Ra, 32*0($val)
+	vmovdqu $Rb, 32*1($val)
+	vzeroupper
+___
+$code.=<<___	if ($win64);
+	movaps	(%rsp), %xmm6
+	movaps	0x10(%rsp), %xmm7
+	movaps	0x20(%rsp), %xmm8
+	movaps	0x30(%rsp), %xmm9
+	movaps	0x40(%rsp), %xmm10
+	movaps	0x50(%rsp), %xmm11
+	movaps	0x60(%rsp), %xmm12
+	movaps	0x70(%rsp), %xmm13
+	movaps	0x80(%rsp), %xmm14
+	movaps	0x90(%rsp), %xmm15
+	lea	(%r11), %rsp
+___
+$code.=<<___;
+	ret
+.cfi_endproc
+.LSEH_end_ecp_nistz256_avx2_gather_w7:
+.size	ecp_nistz256_avx2_gather_w7,.-ecp_nistz256_avx2_gather_w7
+___
+} else {
+$code.=<<___;
+.globl	ecp_nistz256_avx2_gather_w7
+.type	ecp_nistz256_avx2_gather_w7,\@function,3
+.align	32
+ecp_nistz256_avx2_gather_w7:
+	.byte	0x0f,0x0b	# ud2
+	ret
+.size	ecp_nistz256_avx2_gather_w7,.-ecp_nistz256_avx2_gather_w7
+___
+}
+{{{
+########################################################################
+# This block implements higher level point_double, point_add and
+# point_add_affine. The key to performance in this case is to allow
+# out-of-order execution logic to overlap computations from next step
+# with tail processing from current step. By using tailored calling
+# sequence we minimize inter-step overhead to give processor better
+# shot at overlapping operations...
+#
+# You will notice that input data is copied to stack. Trouble is that
+# there are no registers to spare for holding original pointers and
+# reloading them, pointers, would create undesired dependencies on
+# effective addresses calculation paths. In other words it's too done
+# to favour out-of-order execution logic.
+#						<appro@openssl.org>
+
+my ($r_ptr,$a_ptr,$b_org,$b_ptr)=("%rdi","%rsi","%rdx","%rbx");
+my ($acc0,$acc1,$acc2,$acc3,$acc4,$acc5,$acc6,$acc7)=map("%r$_",(8..15));
+my ($t0,$t1,$t2,$t3,$t4)=("%rax","%rbp","%rcx",$acc4,$acc4);
+my ($poly1,$poly3)=($acc6,$acc7);
+
+sub load_for_mul () {
+my ($a,$b,$src0) = @_;
+my $bias = $src0 eq "%rax" ? 0 : -128;
+
+"	mov	$b, $src0
+	lea	$b, $b_ptr
+	mov	8*0+$a, $acc1
+	mov	8*1+$a, $acc2
+	lea	$bias+$a, $a_ptr
+	mov	8*2+$a, $acc3
+	mov	8*3+$a, $acc4"
+}
+
+sub load_for_sqr () {
+my ($a,$src0) = @_;
+my $bias = $src0 eq "%rax" ? 0 : -128;
+
+"	mov	8*0+$a, $src0
+	mov	8*1+$a, $acc6
+	lea	$bias+$a, $a_ptr
+	mov	8*2+$a, $acc7
+	mov	8*3+$a, $acc0"
+}
+
+									{
+########################################################################
+# operate in 4-5-0-1 "name space" that matches multiplication output
+#
+my ($a0,$a1,$a2,$a3,$t3,$t4)=($acc4,$acc5,$acc0,$acc1,$acc2,$acc3);
+
+$code.=<<___;
+.type	__ecp_nistz256_add_toq,\@abi-omnipotent
+.align	32
+__ecp_nistz256_add_toq:
+.cfi_startproc
+	xor	$t4,$t4
+	add	8*0($b_ptr), $a0
+	adc	8*1($b_ptr), $a1
+	 mov	$a0, $t0
+	adc	8*2($b_ptr), $a2
+	adc	8*3($b_ptr), $a3
+	 mov	$a1, $t1
+	adc	\$0, $t4
+
+	sub	\$-1, $a0
+	 mov	$a2, $t2
+	sbb	$poly1, $a1
+	sbb	\$0, $a2
+	 mov	$a3, $t3
+	sbb	$poly3, $a3
+	sbb	\$0, $t4
+
+	cmovc	$t0, $a0
+	cmovc	$t1, $a1
+	mov	$a0, 8*0($r_ptr)
+	cmovc	$t2, $a2
+	mov	$a1, 8*1($r_ptr)
+	cmovc	$t3, $a3
+	mov	$a2, 8*2($r_ptr)
+	mov	$a3, 8*3($r_ptr)
+
+	ret
+.cfi_endproc
+.size	__ecp_nistz256_add_toq,.-__ecp_nistz256_add_toq
+
+.type	__ecp_nistz256_sub_fromq,\@abi-omnipotent
+.align	32
+__ecp_nistz256_sub_fromq:
+.cfi_startproc
+	sub	8*0($b_ptr), $a0
+	sbb	8*1($b_ptr), $a1
+	 mov	$a0, $t0
+	sbb	8*2($b_ptr), $a2
+	sbb	8*3($b_ptr), $a3
+	 mov	$a1, $t1
+	sbb	$t4, $t4
+
+	add	\$-1, $a0
+	 mov	$a2, $t2
+	adc	$poly1, $a1
+	adc	\$0, $a2
+	 mov	$a3, $t3
+	adc	$poly3, $a3
+	test	$t4, $t4
+
+	cmovz	$t0, $a0
+	cmovz	$t1, $a1
+	mov	$a0, 8*0($r_ptr)
+	cmovz	$t2, $a2
+	mov	$a1, 8*1($r_ptr)
+	cmovz	$t3, $a3
+	mov	$a2, 8*2($r_ptr)
+	mov	$a3, 8*3($r_ptr)
+
+	ret
+.cfi_endproc
+.size	__ecp_nistz256_sub_fromq,.-__ecp_nistz256_sub_fromq
+
+.type	__ecp_nistz256_subq,\@abi-omnipotent
+.align	32
+__ecp_nistz256_subq:
+.cfi_startproc
+	sub	$a0, $t0
+	sbb	$a1, $t1
+	 mov	$t0, $a0
+	sbb	$a2, $t2
+	sbb	$a3, $t3
+	 mov	$t1, $a1
+	sbb	$t4, $t4
+
+	add	\$-1, $t0
+	 mov	$t2, $a2
+	adc	$poly1, $t1
+	adc	\$0, $t2
+	 mov	$t3, $a3
+	adc	$poly3, $t3
+	test	$t4, $t4
+
+	cmovnz	$t0, $a0
+	cmovnz	$t1, $a1
+	cmovnz	$t2, $a2
+	cmovnz	$t3, $a3
+
+	ret
+.cfi_endproc
+.size	__ecp_nistz256_subq,.-__ecp_nistz256_subq
+
+.type	__ecp_nistz256_mul_by_2q,\@abi-omnipotent
+.align	32
+__ecp_nistz256_mul_by_2q:
+.cfi_startproc
+	xor	$t4, $t4
+	add	$a0, $a0		# a0:a3+a0:a3
+	adc	$a1, $a1
+	 mov	$a0, $t0
+	adc	$a2, $a2
+	adc	$a3, $a3
+	 mov	$a1, $t1
+	adc	\$0, $t4
+
+	sub	\$-1, $a0
+	 mov	$a2, $t2
+	sbb	$poly1, $a1
+	sbb	\$0, $a2
+	 mov	$a3, $t3
+	sbb	$poly3, $a3
+	sbb	\$0, $t4
+
+	cmovc	$t0, $a0
+	cmovc	$t1, $a1
+	mov	$a0, 8*0($r_ptr)
+	cmovc	$t2, $a2
+	mov	$a1, 8*1($r_ptr)
+	cmovc	$t3, $a3
+	mov	$a2, 8*2($r_ptr)
+	mov	$a3, 8*3($r_ptr)
+
+	ret
+.cfi_endproc
+.size	__ecp_nistz256_mul_by_2q,.-__ecp_nistz256_mul_by_2q
+___
+									}
+sub gen_double () {
+    my $x = shift;
+    my ($src0,$sfx,$bias);
+    my ($S,$M,$Zsqr,$in_x,$tmp0)=map(32*$_,(0..4));
+
+    if ($x ne "x") {
+	$src0 = "%rax";
+	$sfx  = "";
+	$bias = 0;
+
+$code.=<<___;
+.globl	ecp_nistz256_point_double
+.type	ecp_nistz256_point_double,\@function,2
+.align	32
+ecp_nistz256_point_double:
+.cfi_startproc
+___
+$code.=<<___	if ($addx);
+	mov	\$0x80100, %ecx
+	and	OPENSSL_ia32cap_P+8(%rip), %ecx
+	cmp	\$0x80100, %ecx
+	je	.Lpoint_doublex
+___
+    } else {
+	$src0 = "%rdx";
+	$sfx  = "x";
+	$bias = 128;
+
+$code.=<<___;
+.type	ecp_nistz256_point_doublex,\@function,2
+.align	32
+ecp_nistz256_point_doublex:
+.cfi_startproc
+.Lpoint_doublex:
+___
+    }
+$code.=<<___;
+	push	%rbp
+.cfi_push	%rbp
+	push	%rbx
+.cfi_push	%rbx
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+	sub	\$32*5+8, %rsp
+.cfi_adjust_cfa_offset	32*5+8
+.Lpoint_double${x}_body:
+
+.Lpoint_double_shortcut$x:
+	movdqu	0x00($a_ptr), %xmm0		# copy	*(P256_POINT *)$a_ptr.x
+	mov	$a_ptr, $b_ptr			# backup copy
+	movdqu	0x10($a_ptr), %xmm1
+	 mov	0x20+8*0($a_ptr), $acc4		# load in_y in "5-4-0-1" order
+	 mov	0x20+8*1($a_ptr), $acc5
+	 mov	0x20+8*2($a_ptr), $acc0
+	 mov	0x20+8*3($a_ptr), $acc1
+	 mov	.Lpoly+8*1(%rip), $poly1
+	 mov	.Lpoly+8*3(%rip), $poly3
+	movdqa	%xmm0, $in_x(%rsp)
+	movdqa	%xmm1, $in_x+0x10(%rsp)
+	lea	0x20($r_ptr), $acc2
+	lea	0x40($r_ptr), $acc3
+	movq	$r_ptr, %xmm0
+	movq	$acc2, %xmm1
+	movq	$acc3, %xmm2
+
+	lea	$S(%rsp), $r_ptr
+	call	__ecp_nistz256_mul_by_2$x	# p256_mul_by_2(S, in_y);
+
+	mov	0x40+8*0($a_ptr), $src0
+	mov	0x40+8*1($a_ptr), $acc6
+	mov	0x40+8*2($a_ptr), $acc7
+	mov	0x40+8*3($a_ptr), $acc0
+	lea	0x40-$bias($a_ptr), $a_ptr
+	lea	$Zsqr(%rsp), $r_ptr
+	call	__ecp_nistz256_sqr_mont$x	# p256_sqr_mont(Zsqr, in_z);
+
+	`&load_for_sqr("$S(%rsp)", "$src0")`
+	lea	$S(%rsp), $r_ptr
+	call	__ecp_nistz256_sqr_mont$x	# p256_sqr_mont(S, S);
+
+	mov	0x20($b_ptr), $src0		# $b_ptr is still valid
+	mov	0x40+8*0($b_ptr), $acc1
+	mov	0x40+8*1($b_ptr), $acc2
+	mov	0x40+8*2($b_ptr), $acc3
+	mov	0x40+8*3($b_ptr), $acc4
+	lea	0x40-$bias($b_ptr), $a_ptr
+	lea	0x20($b_ptr), $b_ptr
+	movq	%xmm2, $r_ptr
+	call	__ecp_nistz256_mul_mont$x	# p256_mul_mont(res_z, in_z, in_y);
+	call	__ecp_nistz256_mul_by_2$x	# p256_mul_by_2(res_z, res_z);
+
+	mov	$in_x+8*0(%rsp), $acc4		# "5-4-0-1" order
+	mov	$in_x+8*1(%rsp), $acc5
+	lea	$Zsqr(%rsp), $b_ptr
+	mov	$in_x+8*2(%rsp), $acc0
+	mov	$in_x+8*3(%rsp), $acc1
+	lea	$M(%rsp), $r_ptr
+	call	__ecp_nistz256_add_to$x		# p256_add(M, in_x, Zsqr);
+
+	mov	$in_x+8*0(%rsp), $acc4		# "5-4-0-1" order
+	mov	$in_x+8*1(%rsp), $acc5
+	lea	$Zsqr(%rsp), $b_ptr
+	mov	$in_x+8*2(%rsp), $acc0
+	mov	$in_x+8*3(%rsp), $acc1
+	lea	$Zsqr(%rsp), $r_ptr
+	call	__ecp_nistz256_sub_from$x	# p256_sub(Zsqr, in_x, Zsqr);
+
+	`&load_for_sqr("$S(%rsp)", "$src0")`
+	movq	%xmm1, $r_ptr
+	call	__ecp_nistz256_sqr_mont$x	# p256_sqr_mont(res_y, S);
+___
+{
+######## ecp_nistz256_div_by_2(res_y, res_y); ##########################
+# operate in 4-5-6-7 "name space" that matches squaring output
+#
+my ($poly1,$poly3)=($a_ptr,$t1);
+my ($a0,$a1,$a2,$a3,$t3,$t4,$t1)=($acc4,$acc5,$acc6,$acc7,$acc0,$acc1,$acc2);
+
+$code.=<<___;
+	xor	$t4, $t4
+	mov	$a0, $t0
+	add	\$-1, $a0
+	mov	$a1, $t1
+	adc	$poly1, $a1
+	mov	$a2, $t2
+	adc	\$0, $a2
+	mov	$a3, $t3
+	adc	$poly3, $a3
+	adc	\$0, $t4
+	xor	$a_ptr, $a_ptr		# borrow $a_ptr
+	test	\$1, $t0
+
+	cmovz	$t0, $a0
+	cmovz	$t1, $a1
+	cmovz	$t2, $a2
+	cmovz	$t3, $a3
+	cmovz	$a_ptr, $t4
+
+	mov	$a1, $t0		# a0:a3>>1
+	shr	\$1, $a0
+	shl	\$63, $t0
+	mov	$a2, $t1
+	shr	\$1, $a1
+	or	$t0, $a0
+	shl	\$63, $t1
+	mov	$a3, $t2
+	shr	\$1, $a2
+	or	$t1, $a1
+	shl	\$63, $t2
+	mov	$a0, 8*0($r_ptr)
+	shr	\$1, $a3
+	mov	$a1, 8*1($r_ptr)
+	shl	\$63, $t4
+	or	$t2, $a2
+	or	$t4, $a3
+	mov	$a2, 8*2($r_ptr)
+	mov	$a3, 8*3($r_ptr)
+___
+}
+$code.=<<___;
+	`&load_for_mul("$M(%rsp)", "$Zsqr(%rsp)", "$src0")`
+	lea	$M(%rsp), $r_ptr
+	call	__ecp_nistz256_mul_mont$x	# p256_mul_mont(M, M, Zsqr);
+
+	lea	$tmp0(%rsp), $r_ptr
+	call	__ecp_nistz256_mul_by_2$x
+
+	lea	$M(%rsp), $b_ptr
+	lea	$M(%rsp), $r_ptr
+	call	__ecp_nistz256_add_to$x		# p256_mul_by_3(M, M);
+
+	`&load_for_mul("$S(%rsp)", "$in_x(%rsp)", "$src0")`
+	lea	$S(%rsp), $r_ptr
+	call	__ecp_nistz256_mul_mont$x	# p256_mul_mont(S, S, in_x);
+
+	lea	$tmp0(%rsp), $r_ptr
+	call	__ecp_nistz256_mul_by_2$x	# p256_mul_by_2(tmp0, S);
+
+	`&load_for_sqr("$M(%rsp)", "$src0")`
+	movq	%xmm0, $r_ptr
+	call	__ecp_nistz256_sqr_mont$x	# p256_sqr_mont(res_x, M);
+
+	lea	$tmp0(%rsp), $b_ptr
+	mov	$acc6, $acc0			# harmonize sqr output and sub input
+	mov	$acc7, $acc1
+	mov	$a_ptr, $poly1
+	mov	$t1, $poly3
+	call	__ecp_nistz256_sub_from$x	# p256_sub(res_x, res_x, tmp0);
+
+	mov	$S+8*0(%rsp), $t0
+	mov	$S+8*1(%rsp), $t1
+	mov	$S+8*2(%rsp), $t2
+	mov	$S+8*3(%rsp), $acc2		# "4-5-0-1" order
+	lea	$S(%rsp), $r_ptr
+	call	__ecp_nistz256_sub$x		# p256_sub(S, S, res_x);
+
+	mov	$M(%rsp), $src0
+	lea	$M(%rsp), $b_ptr
+	mov	$acc4, $acc6			# harmonize sub output and mul input
+	xor	%ecx, %ecx
+	mov	$acc4, $S+8*0(%rsp)		# have to save:-(
+	mov	$acc5, $acc2
+	mov	$acc5, $S+8*1(%rsp)
+	cmovz	$acc0, $acc3
+	mov	$acc0, $S+8*2(%rsp)
+	lea	$S-$bias(%rsp), $a_ptr
+	cmovz	$acc1, $acc4
+	mov	$acc1, $S+8*3(%rsp)
+	mov	$acc6, $acc1
+	lea	$S(%rsp), $r_ptr
+	call	__ecp_nistz256_mul_mont$x	# p256_mul_mont(S, S, M);
+
+	movq	%xmm1, $b_ptr
+	movq	%xmm1, $r_ptr
+	call	__ecp_nistz256_sub_from$x	# p256_sub(res_y, S, res_y);
+
+	lea	32*5+56(%rsp), %rsi
+.cfi_def_cfa	%rsi,8
+	mov	-48(%rsi),%r15
+.cfi_restore	%r15
+	mov	-40(%rsi),%r14
+.cfi_restore	%r14
+	mov	-32(%rsi),%r13
+.cfi_restore	%r13
+	mov	-24(%rsi),%r12
+.cfi_restore	%r12
+	mov	-16(%rsi),%rbx
+.cfi_restore	%rbx
+	mov	-8(%rsi),%rbp
+.cfi_restore	%rbp
+	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lpoint_double${x}_epilogue:
+	ret
+.cfi_endproc
+.size	ecp_nistz256_point_double$sfx,.-ecp_nistz256_point_double$sfx
+___
+}
+&gen_double("q");
+
+sub gen_add () {
+    my $x = shift;
+    my ($src0,$sfx,$bias);
+    my ($H,$Hsqr,$R,$Rsqr,$Hcub,
+	$U1,$U2,$S1,$S2,
+	$res_x,$res_y,$res_z,
+	$in1_x,$in1_y,$in1_z,
+	$in2_x,$in2_y,$in2_z)=map(32*$_,(0..17));
+    my ($Z1sqr, $Z2sqr) = ($Hsqr, $Rsqr);
+
+    if ($x ne "x") {
+	$src0 = "%rax";
+	$sfx  = "";
+	$bias = 0;
+
+$code.=<<___;
+.globl	ecp_nistz256_point_add
+.type	ecp_nistz256_point_add,\@function,3
+.align	32
+ecp_nistz256_point_add:
+.cfi_startproc
+___
+$code.=<<___	if ($addx);
+	mov	\$0x80100, %ecx
+	and	OPENSSL_ia32cap_P+8(%rip), %ecx
+	cmp	\$0x80100, %ecx
+	je	.Lpoint_addx
+___
+    } else {
+	$src0 = "%rdx";
+	$sfx  = "x";
+	$bias = 128;
+
+$code.=<<___;
+.type	ecp_nistz256_point_addx,\@function,3
+.align	32
+ecp_nistz256_point_addx:
+.cfi_startproc
+.Lpoint_addx:
+___
+    }
+$code.=<<___;
+	push	%rbp
+.cfi_push	%rbp
+	push	%rbx
+.cfi_push	%rbx
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+	sub	\$32*18+8, %rsp
+.cfi_adjust_cfa_offset	32*18+8
+.Lpoint_add${x}_body:
+
+	movdqu	0x00($a_ptr), %xmm0		# copy	*(P256_POINT *)$a_ptr
+	movdqu	0x10($a_ptr), %xmm1
+	movdqu	0x20($a_ptr), %xmm2
+	movdqu	0x30($a_ptr), %xmm3
+	movdqu	0x40($a_ptr), %xmm4
+	movdqu	0x50($a_ptr), %xmm5
+	mov	$a_ptr, $b_ptr			# reassign
+	mov	$b_org, $a_ptr			# reassign
+	movdqa	%xmm0, $in1_x(%rsp)
+	movdqa	%xmm1, $in1_x+0x10(%rsp)
+	movdqa	%xmm2, $in1_y(%rsp)
+	movdqa	%xmm3, $in1_y+0x10(%rsp)
+	movdqa	%xmm4, $in1_z(%rsp)
+	movdqa	%xmm5, $in1_z+0x10(%rsp)
+	por	%xmm4, %xmm5
+
+	movdqu	0x00($a_ptr), %xmm0		# copy	*(P256_POINT *)$b_ptr
+	 pshufd	\$0xb1, %xmm5, %xmm3
+	movdqu	0x10($a_ptr), %xmm1
+	movdqu	0x20($a_ptr), %xmm2
+	 por	%xmm3, %xmm5
+	movdqu	0x30($a_ptr), %xmm3
+	 mov	0x40+8*0($a_ptr), $src0		# load original in2_z
+	 mov	0x40+8*1($a_ptr), $acc6
+	 mov	0x40+8*2($a_ptr), $acc7
+	 mov	0x40+8*3($a_ptr), $acc0
+	movdqa	%xmm0, $in2_x(%rsp)
+	 pshufd	\$0x1e, %xmm5, %xmm4
+	movdqa	%xmm1, $in2_x+0x10(%rsp)
+	movdqu	0x40($a_ptr),%xmm0		# in2_z again
+	movdqu	0x50($a_ptr),%xmm1
+	movdqa	%xmm2, $in2_y(%rsp)
+	movdqa	%xmm3, $in2_y+0x10(%rsp)
+	 por	%xmm4, %xmm5
+	 pxor	%xmm4, %xmm4
+	por	%xmm0, %xmm1
+	 movq	$r_ptr, %xmm0			# save $r_ptr
+
+	lea	0x40-$bias($a_ptr), $a_ptr	# $a_ptr is still valid
+	 mov	$src0, $in2_z+8*0(%rsp)		# make in2_z copy
+	 mov	$acc6, $in2_z+8*1(%rsp)
+	 mov	$acc7, $in2_z+8*2(%rsp)
+	 mov	$acc0, $in2_z+8*3(%rsp)
+	lea	$Z2sqr(%rsp), $r_ptr		# Z2^2
+	call	__ecp_nistz256_sqr_mont$x	# p256_sqr_mont(Z2sqr, in2_z);
+
+	pcmpeqd	%xmm4, %xmm5
+	pshufd	\$0xb1, %xmm1, %xmm4
+	por	%xmm1, %xmm4
+	pshufd	\$0, %xmm5, %xmm5		# in1infty
+	pshufd	\$0x1e, %xmm4, %xmm3
+	por	%xmm3, %xmm4
+	pxor	%xmm3, %xmm3
+	pcmpeqd	%xmm3, %xmm4
+	pshufd	\$0, %xmm4, %xmm4		# in2infty
+	 mov	0x40+8*0($b_ptr), $src0		# load original in1_z
+	 mov	0x40+8*1($b_ptr), $acc6
+	 mov	0x40+8*2($b_ptr), $acc7
+	 mov	0x40+8*3($b_ptr), $acc0
+	movq	$b_ptr, %xmm1
+
+	lea	0x40-$bias($b_ptr), $a_ptr
+	lea	$Z1sqr(%rsp), $r_ptr		# Z1^2
+	call	__ecp_nistz256_sqr_mont$x	# p256_sqr_mont(Z1sqr, in1_z);
+
+	`&load_for_mul("$Z2sqr(%rsp)", "$in2_z(%rsp)", "$src0")`
+	lea	$S1(%rsp), $r_ptr		# S1 = Z2^3
+	call	__ecp_nistz256_mul_mont$x	# p256_mul_mont(S1, Z2sqr, in2_z);
+
+	`&load_for_mul("$Z1sqr(%rsp)", "$in1_z(%rsp)", "$src0")`
+	lea	$S2(%rsp), $r_ptr		# S2 = Z1^3
+	call	__ecp_nistz256_mul_mont$x	# p256_mul_mont(S2, Z1sqr, in1_z);
+
+	`&load_for_mul("$S1(%rsp)", "$in1_y(%rsp)", "$src0")`
+	lea	$S1(%rsp), $r_ptr		# S1 = Y1*Z2^3
+	call	__ecp_nistz256_mul_mont$x	# p256_mul_mont(S1, S1, in1_y);
+
+	`&load_for_mul("$S2(%rsp)", "$in2_y(%rsp)", "$src0")`
+	lea	$S2(%rsp), $r_ptr		# S2 = Y2*Z1^3
+	call	__ecp_nistz256_mul_mont$x	# p256_mul_mont(S2, S2, in2_y);
+
+	lea	$S1(%rsp), $b_ptr
+	lea	$R(%rsp), $r_ptr		# R = S2 - S1
+	call	__ecp_nistz256_sub_from$x	# p256_sub(R, S2, S1);
+
+	or	$acc5, $acc4			# see if result is zero
+	movdqa	%xmm4, %xmm2
+	or	$acc0, $acc4
+	or	$acc1, $acc4
+	por	%xmm5, %xmm2			# in1infty || in2infty
+	movq	$acc4, %xmm3
+
+	`&load_for_mul("$Z2sqr(%rsp)", "$in1_x(%rsp)", "$src0")`
+	lea	$U1(%rsp), $r_ptr		# U1 = X1*Z2^2
+	call	__ecp_nistz256_mul_mont$x	# p256_mul_mont(U1, in1_x, Z2sqr);
+
+	`&load_for_mul("$Z1sqr(%rsp)", "$in2_x(%rsp)", "$src0")`
+	lea	$U2(%rsp), $r_ptr		# U2 = X2*Z1^2
+	call	__ecp_nistz256_mul_mont$x	# p256_mul_mont(U2, in2_x, Z1sqr);
+
+	lea	$U1(%rsp), $b_ptr
+	lea	$H(%rsp), $r_ptr		# H = U2 - U1
+	call	__ecp_nistz256_sub_from$x	# p256_sub(H, U2, U1);
+
+	or	$acc5, $acc4			# see if result is zero
+	or	$acc0, $acc4
+	or	$acc1, $acc4
+
+	.byte	0x3e				# predict taken
+	jnz	.Ladd_proceed$x			# is_equal(U1,U2)?
+	movq	%xmm2, $acc0
+	movq	%xmm3, $acc1
+	test	$acc0, $acc0
+	jnz	.Ladd_proceed$x			# (in1infty || in2infty)?
+	test	$acc1, $acc1
+	jz	.Ladd_double$x			# is_equal(S1,S2)?
+
+	movq	%xmm0, $r_ptr			# restore $r_ptr
+	pxor	%xmm0, %xmm0
+	movdqu	%xmm0, 0x00($r_ptr)
+	movdqu	%xmm0, 0x10($r_ptr)
+	movdqu	%xmm0, 0x20($r_ptr)
+	movdqu	%xmm0, 0x30($r_ptr)
+	movdqu	%xmm0, 0x40($r_ptr)
+	movdqu	%xmm0, 0x50($r_ptr)
+	jmp	.Ladd_done$x
+
+.align	32
+.Ladd_double$x:
+	movq	%xmm1, $a_ptr			# restore $a_ptr
+	movq	%xmm0, $r_ptr			# restore $r_ptr
+	add	\$`32*(18-5)`, %rsp		# difference in frame sizes
+.cfi_adjust_cfa_offset	`-32*(18-5)`
+	jmp	.Lpoint_double_shortcut$x
+.cfi_adjust_cfa_offset	`32*(18-5)`
+
+.align	32
+.Ladd_proceed$x:
+	`&load_for_sqr("$R(%rsp)", "$src0")`
+	lea	$Rsqr(%rsp), $r_ptr		# R^2
+	call	__ecp_nistz256_sqr_mont$x	# p256_sqr_mont(Rsqr, R);
+
+	`&load_for_mul("$H(%rsp)", "$in1_z(%rsp)", "$src0")`
+	lea	$res_z(%rsp), $r_ptr		# Z3 = H*Z1*Z2
+	call	__ecp_nistz256_mul_mont$x	# p256_mul_mont(res_z, H, in1_z);
+
+	`&load_for_sqr("$H(%rsp)", "$src0")`
+	lea	$Hsqr(%rsp), $r_ptr		# H^2
+	call	__ecp_nistz256_sqr_mont$x	# p256_sqr_mont(Hsqr, H);
+
+	`&load_for_mul("$res_z(%rsp)", "$in2_z(%rsp)", "$src0")`
+	lea	$res_z(%rsp), $r_ptr		# Z3 = H*Z1*Z2
+	call	__ecp_nistz256_mul_mont$x	# p256_mul_mont(res_z, res_z, in2_z);
+
+	`&load_for_mul("$Hsqr(%rsp)", "$H(%rsp)", "$src0")`
+	lea	$Hcub(%rsp), $r_ptr		# H^3
+	call	__ecp_nistz256_mul_mont$x	# p256_mul_mont(Hcub, Hsqr, H);
+
+	`&load_for_mul("$Hsqr(%rsp)", "$U1(%rsp)", "$src0")`
+	lea	$U2(%rsp), $r_ptr		# U1*H^2
+	call	__ecp_nistz256_mul_mont$x	# p256_mul_mont(U2, U1, Hsqr);
+___
+{
+#######################################################################
+# operate in 4-5-0-1 "name space" that matches multiplication output
+#
+my ($acc0,$acc1,$acc2,$acc3,$t3,$t4)=($acc4,$acc5,$acc0,$acc1,$acc2,$acc3);
+my ($poly1, $poly3)=($acc6,$acc7);
+
+$code.=<<___;
+	#lea	$U2(%rsp), $a_ptr
+	#lea	$Hsqr(%rsp), $r_ptr	# 2*U1*H^2
+	#call	__ecp_nistz256_mul_by_2	# ecp_nistz256_mul_by_2(Hsqr, U2);
+
+	xor	$t4, $t4
+	add	$acc0, $acc0		# a0:a3+a0:a3
+	lea	$Rsqr(%rsp), $a_ptr
+	adc	$acc1, $acc1
+	 mov	$acc0, $t0
+	adc	$acc2, $acc2
+	adc	$acc3, $acc3
+	 mov	$acc1, $t1
+	adc	\$0, $t4
+
+	sub	\$-1, $acc0
+	 mov	$acc2, $t2
+	sbb	$poly1, $acc1
+	sbb	\$0, $acc2
+	 mov	$acc3, $t3
+	sbb	$poly3, $acc3
+	sbb	\$0, $t4
+
+	cmovc	$t0, $acc0
+	mov	8*0($a_ptr), $t0
+	cmovc	$t1, $acc1
+	mov	8*1($a_ptr), $t1
+	cmovc	$t2, $acc2
+	mov	8*2($a_ptr), $t2
+	cmovc	$t3, $acc3
+	mov	8*3($a_ptr), $t3
+
+	call	__ecp_nistz256_sub$x		# p256_sub(res_x, Rsqr, Hsqr);
+
+	lea	$Hcub(%rsp), $b_ptr
+	lea	$res_x(%rsp), $r_ptr
+	call	__ecp_nistz256_sub_from$x	# p256_sub(res_x, res_x, Hcub);
+
+	mov	$U2+8*0(%rsp), $t0
+	mov	$U2+8*1(%rsp), $t1
+	mov	$U2+8*2(%rsp), $t2
+	mov	$U2+8*3(%rsp), $t3
+	lea	$res_y(%rsp), $r_ptr
+
+	call	__ecp_nistz256_sub$x		# p256_sub(res_y, U2, res_x);
+
+	mov	$acc0, 8*0($r_ptr)		# save the result, as
+	mov	$acc1, 8*1($r_ptr)		# __ecp_nistz256_sub doesn't
+	mov	$acc2, 8*2($r_ptr)
+	mov	$acc3, 8*3($r_ptr)
+___
+}
+$code.=<<___;
+	`&load_for_mul("$S1(%rsp)", "$Hcub(%rsp)", "$src0")`
+	lea	$S2(%rsp), $r_ptr
+	call	__ecp_nistz256_mul_mont$x	# p256_mul_mont(S2, S1, Hcub);
+
+	`&load_for_mul("$R(%rsp)", "$res_y(%rsp)", "$src0")`
+	lea	$res_y(%rsp), $r_ptr
+	call	__ecp_nistz256_mul_mont$x	# p256_mul_mont(res_y, R, res_y);
+
+	lea	$S2(%rsp), $b_ptr
+	lea	$res_y(%rsp), $r_ptr
+	call	__ecp_nistz256_sub_from$x	# p256_sub(res_y, res_y, S2);
+
+	movq	%xmm0, $r_ptr		# restore $r_ptr
+
+	movdqa	%xmm5, %xmm0		# copy_conditional(res_z, in2_z, in1infty);
+	movdqa	%xmm5, %xmm1
+	pandn	$res_z(%rsp), %xmm0
+	movdqa	%xmm5, %xmm2
+	pandn	$res_z+0x10(%rsp), %xmm1
+	movdqa	%xmm5, %xmm3
+	pand	$in2_z(%rsp), %xmm2
+	pand	$in2_z+0x10(%rsp), %xmm3
+	por	%xmm0, %xmm2
+	por	%xmm1, %xmm3
+
+	movdqa	%xmm4, %xmm0		# copy_conditional(res_z, in1_z, in2infty);
+	movdqa	%xmm4, %xmm1
+	pandn	%xmm2, %xmm0
+	movdqa	%xmm4, %xmm2
+	pandn	%xmm3, %xmm1
+	movdqa	%xmm4, %xmm3
+	pand	$in1_z(%rsp), %xmm2
+	pand	$in1_z+0x10(%rsp), %xmm3
+	por	%xmm0, %xmm2
+	por	%xmm1, %xmm3
+	movdqu	%xmm2, 0x40($r_ptr)
+	movdqu	%xmm3, 0x50($r_ptr)
+
+	movdqa	%xmm5, %xmm0		# copy_conditional(res_x, in2_x, in1infty);
+	movdqa	%xmm5, %xmm1
+	pandn	$res_x(%rsp), %xmm0
+	movdqa	%xmm5, %xmm2
+	pandn	$res_x+0x10(%rsp), %xmm1
+	movdqa	%xmm5, %xmm3
+	pand	$in2_x(%rsp), %xmm2
+	pand	$in2_x+0x10(%rsp), %xmm3
+	por	%xmm0, %xmm2
+	por	%xmm1, %xmm3
+
+	movdqa	%xmm4, %xmm0		# copy_conditional(res_x, in1_x, in2infty);
+	movdqa	%xmm4, %xmm1
+	pandn	%xmm2, %xmm0
+	movdqa	%xmm4, %xmm2
+	pandn	%xmm3, %xmm1
+	movdqa	%xmm4, %xmm3
+	pand	$in1_x(%rsp), %xmm2
+	pand	$in1_x+0x10(%rsp), %xmm3
+	por	%xmm0, %xmm2
+	por	%xmm1, %xmm3
+	movdqu	%xmm2, 0x00($r_ptr)
+	movdqu	%xmm3, 0x10($r_ptr)
+
+	movdqa	%xmm5, %xmm0		# copy_conditional(res_y, in2_y, in1infty);
+	movdqa	%xmm5, %xmm1
+	pandn	$res_y(%rsp), %xmm0
+	movdqa	%xmm5, %xmm2
+	pandn	$res_y+0x10(%rsp), %xmm1
+	movdqa	%xmm5, %xmm3
+	pand	$in2_y(%rsp), %xmm2
+	pand	$in2_y+0x10(%rsp), %xmm3
+	por	%xmm0, %xmm2
+	por	%xmm1, %xmm3
+
+	movdqa	%xmm4, %xmm0		# copy_conditional(res_y, in1_y, in2infty);
+	movdqa	%xmm4, %xmm1
+	pandn	%xmm2, %xmm0
+	movdqa	%xmm4, %xmm2
+	pandn	%xmm3, %xmm1
+	movdqa	%xmm4, %xmm3
+	pand	$in1_y(%rsp), %xmm2
+	pand	$in1_y+0x10(%rsp), %xmm3
+	por	%xmm0, %xmm2
+	por	%xmm1, %xmm3
+	movdqu	%xmm2, 0x20($r_ptr)
+	movdqu	%xmm3, 0x30($r_ptr)
+
+.Ladd_done$x:
+	lea	32*18+56(%rsp), %rsi
+.cfi_def_cfa	%rsi,8
+	mov	-48(%rsi),%r15
+.cfi_restore	%r15
+	mov	-40(%rsi),%r14
+.cfi_restore	%r14
+	mov	-32(%rsi),%r13
+.cfi_restore	%r13
+	mov	-24(%rsi),%r12
+.cfi_restore	%r12
+	mov	-16(%rsi),%rbx
+.cfi_restore	%rbx
+	mov	-8(%rsi),%rbp
+.cfi_restore	%rbp
+	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lpoint_add${x}_epilogue:
+	ret
+.cfi_endproc
+.size	ecp_nistz256_point_add$sfx,.-ecp_nistz256_point_add$sfx
+___
+}
+&gen_add("q");
+
+sub gen_add_affine () {
+    my $x = shift;
+    my ($src0,$sfx,$bias);
+    my ($U2,$S2,$H,$R,$Hsqr,$Hcub,$Rsqr,
+	$res_x,$res_y,$res_z,
+	$in1_x,$in1_y,$in1_z,
+	$in2_x,$in2_y)=map(32*$_,(0..14));
+    my $Z1sqr = $S2;
+
+    if ($x ne "x") {
+	$src0 = "%rax";
+	$sfx  = "";
+	$bias = 0;
+
+$code.=<<___;
+.globl	ecp_nistz256_point_add_affine
+.type	ecp_nistz256_point_add_affine,\@function,3
+.align	32
+ecp_nistz256_point_add_affine:
+.cfi_startproc
+___
+$code.=<<___	if ($addx);
+	mov	\$0x80100, %ecx
+	and	OPENSSL_ia32cap_P+8(%rip), %ecx
+	cmp	\$0x80100, %ecx
+	je	.Lpoint_add_affinex
+___
+    } else {
+	$src0 = "%rdx";
+	$sfx  = "x";
+	$bias = 128;
+
+$code.=<<___;
+.type	ecp_nistz256_point_add_affinex,\@function,3
+.align	32
+ecp_nistz256_point_add_affinex:
+.cfi_startproc
+.Lpoint_add_affinex:
+___
+    }
+$code.=<<___;
+	push	%rbp
+.cfi_push	%rbp
+	push	%rbx
+.cfi_push	%rbx
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+	sub	\$32*15+8, %rsp
+.cfi_adjust_cfa_offset	32*15+8
+.Ladd_affine${x}_body:
+
+	movdqu	0x00($a_ptr), %xmm0	# copy	*(P256_POINT *)$a_ptr
+	mov	$b_org, $b_ptr		# reassign
+	movdqu	0x10($a_ptr), %xmm1
+	movdqu	0x20($a_ptr), %xmm2
+	movdqu	0x30($a_ptr), %xmm3
+	movdqu	0x40($a_ptr), %xmm4
+	movdqu	0x50($a_ptr), %xmm5
+	 mov	0x40+8*0($a_ptr), $src0	# load original in1_z
+	 mov	0x40+8*1($a_ptr), $acc6
+	 mov	0x40+8*2($a_ptr), $acc7
+	 mov	0x40+8*3($a_ptr), $acc0
+	movdqa	%xmm0, $in1_x(%rsp)
+	movdqa	%xmm1, $in1_x+0x10(%rsp)
+	movdqa	%xmm2, $in1_y(%rsp)
+	movdqa	%xmm3, $in1_y+0x10(%rsp)
+	movdqa	%xmm4, $in1_z(%rsp)
+	movdqa	%xmm5, $in1_z+0x10(%rsp)
+	por	%xmm4, %xmm5
+
+	movdqu	0x00($b_ptr), %xmm0	# copy	*(P256_POINT_AFFINE *)$b_ptr
+	 pshufd	\$0xb1, %xmm5, %xmm3
+	movdqu	0x10($b_ptr), %xmm1
+	movdqu	0x20($b_ptr), %xmm2
+	 por	%xmm3, %xmm5
+	movdqu	0x30($b_ptr), %xmm3
+	movdqa	%xmm0, $in2_x(%rsp)
+	 pshufd	\$0x1e, %xmm5, %xmm4
+	movdqa	%xmm1, $in2_x+0x10(%rsp)
+	por	%xmm0, %xmm1
+	 movq	$r_ptr, %xmm0		# save $r_ptr
+	movdqa	%xmm2, $in2_y(%rsp)
+	movdqa	%xmm3, $in2_y+0x10(%rsp)
+	por	%xmm2, %xmm3
+	 por	%xmm4, %xmm5
+	 pxor	%xmm4, %xmm4
+	por	%xmm1, %xmm3
+
+	lea	0x40-$bias($a_ptr), $a_ptr	# $a_ptr is still valid
+	lea	$Z1sqr(%rsp), $r_ptr		# Z1^2
+	call	__ecp_nistz256_sqr_mont$x	# p256_sqr_mont(Z1sqr, in1_z);
+
+	pcmpeqd	%xmm4, %xmm5
+	pshufd	\$0xb1, %xmm3, %xmm4
+	 mov	0x00($b_ptr), $src0		# $b_ptr is still valid
+	 #lea	0x00($b_ptr), $b_ptr
+	 mov	$acc4, $acc1			# harmonize sqr output and mul input
+	por	%xmm3, %xmm4
+	pshufd	\$0, %xmm5, %xmm5		# in1infty
+	pshufd	\$0x1e, %xmm4, %xmm3
+	 mov	$acc5, $acc2
+	por	%xmm3, %xmm4
+	pxor	%xmm3, %xmm3
+	 mov	$acc6, $acc3
+	pcmpeqd	%xmm3, %xmm4
+	pshufd	\$0, %xmm4, %xmm4		# in2infty
+
+	lea	$Z1sqr-$bias(%rsp), $a_ptr
+	mov	$acc7, $acc4
+	lea	$U2(%rsp), $r_ptr		# U2 = X2*Z1^2
+	call	__ecp_nistz256_mul_mont$x	# p256_mul_mont(U2, Z1sqr, in2_x);
+
+	lea	$in1_x(%rsp), $b_ptr
+	lea	$H(%rsp), $r_ptr		# H = U2 - U1
+	call	__ecp_nistz256_sub_from$x	# p256_sub(H, U2, in1_x);
+
+	`&load_for_mul("$Z1sqr(%rsp)", "$in1_z(%rsp)", "$src0")`
+	lea	$S2(%rsp), $r_ptr		# S2 = Z1^3
+	call	__ecp_nistz256_mul_mont$x	# p256_mul_mont(S2, Z1sqr, in1_z);
+
+	`&load_for_mul("$H(%rsp)", "$in1_z(%rsp)", "$src0")`
+	lea	$res_z(%rsp), $r_ptr		# Z3 = H*Z1*Z2
+	call	__ecp_nistz256_mul_mont$x	# p256_mul_mont(res_z, H, in1_z);
+
+	`&load_for_mul("$S2(%rsp)", "$in2_y(%rsp)", "$src0")`
+	lea	$S2(%rsp), $r_ptr		# S2 = Y2*Z1^3
+	call	__ecp_nistz256_mul_mont$x	# p256_mul_mont(S2, S2, in2_y);
+
+	lea	$in1_y(%rsp), $b_ptr
+	lea	$R(%rsp), $r_ptr		# R = S2 - S1
+	call	__ecp_nistz256_sub_from$x	# p256_sub(R, S2, in1_y);
+
+	`&load_for_sqr("$H(%rsp)", "$src0")`
+	lea	$Hsqr(%rsp), $r_ptr		# H^2
+	call	__ecp_nistz256_sqr_mont$x	# p256_sqr_mont(Hsqr, H);
+
+	`&load_for_sqr("$R(%rsp)", "$src0")`
+	lea	$Rsqr(%rsp), $r_ptr		# R^2
+	call	__ecp_nistz256_sqr_mont$x	# p256_sqr_mont(Rsqr, R);
+
+	`&load_for_mul("$H(%rsp)", "$Hsqr(%rsp)", "$src0")`
+	lea	$Hcub(%rsp), $r_ptr		# H^3
+	call	__ecp_nistz256_mul_mont$x	# p256_mul_mont(Hcub, Hsqr, H);
+
+	`&load_for_mul("$Hsqr(%rsp)", "$in1_x(%rsp)", "$src0")`
+	lea	$U2(%rsp), $r_ptr		# U1*H^2
+	call	__ecp_nistz256_mul_mont$x	# p256_mul_mont(U2, in1_x, Hsqr);
+___
+{
+#######################################################################
+# operate in 4-5-0-1 "name space" that matches multiplication output
+#
+my ($acc0,$acc1,$acc2,$acc3,$t3,$t4)=($acc4,$acc5,$acc0,$acc1,$acc2,$acc3);
+my ($poly1, $poly3)=($acc6,$acc7);
+
+$code.=<<___;
+	#lea	$U2(%rsp), $a_ptr
+	#lea	$Hsqr(%rsp), $r_ptr	# 2*U1*H^2
+	#call	__ecp_nistz256_mul_by_2	# ecp_nistz256_mul_by_2(Hsqr, U2);
+
+	xor	$t4, $t4
+	add	$acc0, $acc0		# a0:a3+a0:a3
+	lea	$Rsqr(%rsp), $a_ptr
+	adc	$acc1, $acc1
+	 mov	$acc0, $t0
+	adc	$acc2, $acc2
+	adc	$acc3, $acc3
+	 mov	$acc1, $t1
+	adc	\$0, $t4
+
+	sub	\$-1, $acc0
+	 mov	$acc2, $t2
+	sbb	$poly1, $acc1
+	sbb	\$0, $acc2
+	 mov	$acc3, $t3
+	sbb	$poly3, $acc3
+	sbb	\$0, $t4
+
+	cmovc	$t0, $acc0
+	mov	8*0($a_ptr), $t0
+	cmovc	$t1, $acc1
+	mov	8*1($a_ptr), $t1
+	cmovc	$t2, $acc2
+	mov	8*2($a_ptr), $t2
+	cmovc	$t3, $acc3
+	mov	8*3($a_ptr), $t3
+
+	call	__ecp_nistz256_sub$x		# p256_sub(res_x, Rsqr, Hsqr);
+
+	lea	$Hcub(%rsp), $b_ptr
+	lea	$res_x(%rsp), $r_ptr
+	call	__ecp_nistz256_sub_from$x	# p256_sub(res_x, res_x, Hcub);
+
+	mov	$U2+8*0(%rsp), $t0
+	mov	$U2+8*1(%rsp), $t1
+	mov	$U2+8*2(%rsp), $t2
+	mov	$U2+8*3(%rsp), $t3
+	lea	$H(%rsp), $r_ptr
+
+	call	__ecp_nistz256_sub$x		# p256_sub(H, U2, res_x);
+
+	mov	$acc0, 8*0($r_ptr)		# save the result, as
+	mov	$acc1, 8*1($r_ptr)		# __ecp_nistz256_sub doesn't
+	mov	$acc2, 8*2($r_ptr)
+	mov	$acc3, 8*3($r_ptr)
+___
+}
+$code.=<<___;
+	`&load_for_mul("$Hcub(%rsp)", "$in1_y(%rsp)", "$src0")`
+	lea	$S2(%rsp), $r_ptr
+	call	__ecp_nistz256_mul_mont$x	# p256_mul_mont(S2, Hcub, in1_y);
+
+	`&load_for_mul("$H(%rsp)", "$R(%rsp)", "$src0")`
+	lea	$H(%rsp), $r_ptr
+	call	__ecp_nistz256_mul_mont$x	# p256_mul_mont(H, H, R);
+
+	lea	$S2(%rsp), $b_ptr
+	lea	$res_y(%rsp), $r_ptr
+	call	__ecp_nistz256_sub_from$x	# p256_sub(res_y, H, S2);
+
+	movq	%xmm0, $r_ptr		# restore $r_ptr
+
+	movdqa	%xmm5, %xmm0		# copy_conditional(res_z, ONE, in1infty);
+	movdqa	%xmm5, %xmm1
+	pandn	$res_z(%rsp), %xmm0
+	movdqa	%xmm5, %xmm2
+	pandn	$res_z+0x10(%rsp), %xmm1
+	movdqa	%xmm5, %xmm3
+	pand	.LONE_mont(%rip), %xmm2
+	pand	.LONE_mont+0x10(%rip), %xmm3
+	por	%xmm0, %xmm2
+	por	%xmm1, %xmm3
+
+	movdqa	%xmm4, %xmm0		# copy_conditional(res_z, in1_z, in2infty);
+	movdqa	%xmm4, %xmm1
+	pandn	%xmm2, %xmm0
+	movdqa	%xmm4, %xmm2
+	pandn	%xmm3, %xmm1
+	movdqa	%xmm4, %xmm3
+	pand	$in1_z(%rsp), %xmm2
+	pand	$in1_z+0x10(%rsp), %xmm3
+	por	%xmm0, %xmm2
+	por	%xmm1, %xmm3
+	movdqu	%xmm2, 0x40($r_ptr)
+	movdqu	%xmm3, 0x50($r_ptr)
+
+	movdqa	%xmm5, %xmm0		# copy_conditional(res_x, in2_x, in1infty);
+	movdqa	%xmm5, %xmm1
+	pandn	$res_x(%rsp), %xmm0
+	movdqa	%xmm5, %xmm2
+	pandn	$res_x+0x10(%rsp), %xmm1
+	movdqa	%xmm5, %xmm3
+	pand	$in2_x(%rsp), %xmm2
+	pand	$in2_x+0x10(%rsp), %xmm3
+	por	%xmm0, %xmm2
+	por	%xmm1, %xmm3
+
+	movdqa	%xmm4, %xmm0		# copy_conditional(res_x, in1_x, in2infty);
+	movdqa	%xmm4, %xmm1
+	pandn	%xmm2, %xmm0
+	movdqa	%xmm4, %xmm2
+	pandn	%xmm3, %xmm1
+	movdqa	%xmm4, %xmm3
+	pand	$in1_x(%rsp), %xmm2
+	pand	$in1_x+0x10(%rsp), %xmm3
+	por	%xmm0, %xmm2
+	por	%xmm1, %xmm3
+	movdqu	%xmm2, 0x00($r_ptr)
+	movdqu	%xmm3, 0x10($r_ptr)
+
+	movdqa	%xmm5, %xmm0		# copy_conditional(res_y, in2_y, in1infty);
+	movdqa	%xmm5, %xmm1
+	pandn	$res_y(%rsp), %xmm0
+	movdqa	%xmm5, %xmm2
+	pandn	$res_y+0x10(%rsp), %xmm1
+	movdqa	%xmm5, %xmm3
+	pand	$in2_y(%rsp), %xmm2
+	pand	$in2_y+0x10(%rsp), %xmm3
+	por	%xmm0, %xmm2
+	por	%xmm1, %xmm3
+
+	movdqa	%xmm4, %xmm0		# copy_conditional(res_y, in1_y, in2infty);
+	movdqa	%xmm4, %xmm1
+	pandn	%xmm2, %xmm0
+	movdqa	%xmm4, %xmm2
+	pandn	%xmm3, %xmm1
+	movdqa	%xmm4, %xmm3
+	pand	$in1_y(%rsp), %xmm2
+	pand	$in1_y+0x10(%rsp), %xmm3
+	por	%xmm0, %xmm2
+	por	%xmm1, %xmm3
+	movdqu	%xmm2, 0x20($r_ptr)
+	movdqu	%xmm3, 0x30($r_ptr)
+
+	lea	32*15+56(%rsp), %rsi
+.cfi_def_cfa	%rsi,8
+	mov	-48(%rsi),%r15
+.cfi_restore	%r15
+	mov	-40(%rsi),%r14
+.cfi_restore	%r14
+	mov	-32(%rsi),%r13
+.cfi_restore	%r13
+	mov	-24(%rsi),%r12
+.cfi_restore	%r12
+	mov	-16(%rsi),%rbx
+.cfi_restore	%rbx
+	mov	-8(%rsi),%rbp
+.cfi_restore	%rbp
+	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Ladd_affine${x}_epilogue:
+	ret
+.cfi_endproc
+.size	ecp_nistz256_point_add_affine$sfx,.-ecp_nistz256_point_add_affine$sfx
+___
+}
+&gen_add_affine("q");
+
+########################################################################
+# AD*X magic
+#
+if ($addx) {								{
+########################################################################
+# operate in 4-5-0-1 "name space" that matches multiplication output
+#
+my ($a0,$a1,$a2,$a3,$t3,$t4)=($acc4,$acc5,$acc0,$acc1,$acc2,$acc3);
+
+$code.=<<___;
+.type	__ecp_nistz256_add_tox,\@abi-omnipotent
+.align	32
+__ecp_nistz256_add_tox:
+.cfi_startproc
+	xor	$t4, $t4
+	adc	8*0($b_ptr), $a0
+	adc	8*1($b_ptr), $a1
+	 mov	$a0, $t0
+	adc	8*2($b_ptr), $a2
+	adc	8*3($b_ptr), $a3
+	 mov	$a1, $t1
+	adc	\$0, $t4
+
+	xor	$t3, $t3
+	sbb	\$-1, $a0
+	 mov	$a2, $t2
+	sbb	$poly1, $a1
+	sbb	\$0, $a2
+	 mov	$a3, $t3
+	sbb	$poly3, $a3
+	sbb	\$0, $t4
+
+	cmovc	$t0, $a0
+	cmovc	$t1, $a1
+	mov	$a0, 8*0($r_ptr)
+	cmovc	$t2, $a2
+	mov	$a1, 8*1($r_ptr)
+	cmovc	$t3, $a3
+	mov	$a2, 8*2($r_ptr)
+	mov	$a3, 8*3($r_ptr)
+
+	ret
+.cfi_endproc
+.size	__ecp_nistz256_add_tox,.-__ecp_nistz256_add_tox
+
+.type	__ecp_nistz256_sub_fromx,\@abi-omnipotent
+.align	32
+__ecp_nistz256_sub_fromx:
+.cfi_startproc
+	xor	$t4, $t4
+	sbb	8*0($b_ptr), $a0
+	sbb	8*1($b_ptr), $a1
+	 mov	$a0, $t0
+	sbb	8*2($b_ptr), $a2
+	sbb	8*3($b_ptr), $a3
+	 mov	$a1, $t1
+	sbb	\$0, $t4
+
+	xor	$t3, $t3
+	adc	\$-1, $a0
+	 mov	$a2, $t2
+	adc	$poly1, $a1
+	adc	\$0, $a2
+	 mov	$a3, $t3
+	adc	$poly3, $a3
+
+	bt	\$0, $t4
+	cmovnc	$t0, $a0
+	cmovnc	$t1, $a1
+	mov	$a0, 8*0($r_ptr)
+	cmovnc	$t2, $a2
+	mov	$a1, 8*1($r_ptr)
+	cmovnc	$t3, $a3
+	mov	$a2, 8*2($r_ptr)
+	mov	$a3, 8*3($r_ptr)
+
+	ret
+.cfi_endproc
+.size	__ecp_nistz256_sub_fromx,.-__ecp_nistz256_sub_fromx
+
+.type	__ecp_nistz256_subx,\@abi-omnipotent
+.align	32
+__ecp_nistz256_subx:
+.cfi_startproc
+	xor	$t4, $t4
+	sbb	$a0, $t0
+	sbb	$a1, $t1
+	 mov	$t0, $a0
+	sbb	$a2, $t2
+	sbb	$a3, $t3
+	 mov	$t1, $a1
+	sbb	\$0, $t4
+
+	xor	$a3 ,$a3
+	adc	\$-1, $t0
+	 mov	$t2, $a2
+	adc	$poly1, $t1
+	adc	\$0, $t2
+	 mov	$t3, $a3
+	adc	$poly3, $t3
+
+	bt	\$0, $t4
+	cmovc	$t0, $a0
+	cmovc	$t1, $a1
+	cmovc	$t2, $a2
+	cmovc	$t3, $a3
+
+	ret
+.cfi_endproc
+.size	__ecp_nistz256_subx,.-__ecp_nistz256_subx
+
+.type	__ecp_nistz256_mul_by_2x,\@abi-omnipotent
+.align	32
+__ecp_nistz256_mul_by_2x:
+.cfi_startproc
+	xor	$t4, $t4
+	adc	$a0, $a0		# a0:a3+a0:a3
+	adc	$a1, $a1
+	 mov	$a0, $t0
+	adc	$a2, $a2
+	adc	$a3, $a3
+	 mov	$a1, $t1
+	adc	\$0, $t4
+
+	xor	$t3, $t3
+	sbb	\$-1, $a0
+	 mov	$a2, $t2
+	sbb	$poly1, $a1
+	sbb	\$0, $a2
+	 mov	$a3, $t3
+	sbb	$poly3, $a3
+	sbb	\$0, $t4
+
+	cmovc	$t0, $a0
+	cmovc	$t1, $a1
+	mov	$a0, 8*0($r_ptr)
+	cmovc	$t2, $a2
+	mov	$a1, 8*1($r_ptr)
+	cmovc	$t3, $a3
+	mov	$a2, 8*2($r_ptr)
+	mov	$a3, 8*3($r_ptr)
+
+	ret
+.cfi_endproc
+.size	__ecp_nistz256_mul_by_2x,.-__ecp_nistz256_mul_by_2x
+___
+									}
+&gen_double("x");
+&gen_add("x");
+&gen_add_affine("x");
+}
+}}}
+
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern	__imp_RtlVirtualUnwind
+
+.type	short_handler,\@abi-omnipotent
+.align	16
+short_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# end of prologue label
+	cmp	%r10,%rbx		# context->Rip<end of prologue label
+	jb	.Lcommon_seh_tail
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lcommon_seh_tail
+
+	lea	16(%rax),%rax
+
+	mov	-8(%rax),%r12
+	mov	-16(%rax),%r13
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+
+	jmp	.Lcommon_seh_tail
+.size	short_handler,.-short_handler
+
+.type	full_handler,\@abi-omnipotent
+.align	16
+full_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# end of prologue label
+	cmp	%r10,%rbx		# context->Rip<end of prologue label
+	jb	.Lcommon_seh_tail
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lcommon_seh_tail
+
+	mov	8(%r11),%r10d		# HandlerData[2]
+	lea	(%rax,%r10),%rax
+
+	mov	-8(%rax),%rbp
+	mov	-16(%rax),%rbx
+	mov	-24(%rax),%r12
+	mov	-32(%rax),%r13
+	mov	-40(%rax),%r14
+	mov	-48(%rax),%r15
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+	mov	%r14,232($context)	# restore context->R14
+	mov	%r15,240($context)	# restore context->R15
+
+.Lcommon_seh_tail:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$154,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	full_handler,.-full_handler
+
+.section	.pdata
+.align	4
+	.rva	.LSEH_begin_ecp_nistz256_mul_by_2
+	.rva	.LSEH_end_ecp_nistz256_mul_by_2
+	.rva	.LSEH_info_ecp_nistz256_mul_by_2
+
+	.rva	.LSEH_begin_ecp_nistz256_div_by_2
+	.rva	.LSEH_end_ecp_nistz256_div_by_2
+	.rva	.LSEH_info_ecp_nistz256_div_by_2
+
+	.rva	.LSEH_begin_ecp_nistz256_mul_by_3
+	.rva	.LSEH_end_ecp_nistz256_mul_by_3
+	.rva	.LSEH_info_ecp_nistz256_mul_by_3
+
+	.rva	.LSEH_begin_ecp_nistz256_add
+	.rva	.LSEH_end_ecp_nistz256_add
+	.rva	.LSEH_info_ecp_nistz256_add
+
+	.rva	.LSEH_begin_ecp_nistz256_sub
+	.rva	.LSEH_end_ecp_nistz256_sub
+	.rva	.LSEH_info_ecp_nistz256_sub
+
+	.rva	.LSEH_begin_ecp_nistz256_neg
+	.rva	.LSEH_end_ecp_nistz256_neg
+	.rva	.LSEH_info_ecp_nistz256_neg
+
+	.rva	.LSEH_begin_ecp_nistz256_ord_mul_mont
+	.rva	.LSEH_end_ecp_nistz256_ord_mul_mont
+	.rva	.LSEH_info_ecp_nistz256_ord_mul_mont
+
+	.rva	.LSEH_begin_ecp_nistz256_ord_sqr_mont
+	.rva	.LSEH_end_ecp_nistz256_ord_sqr_mont
+	.rva	.LSEH_info_ecp_nistz256_ord_sqr_mont
+___
+$code.=<<___	if ($addx);
+	.rva	.LSEH_begin_ecp_nistz256_ord_mul_montx
+	.rva	.LSEH_end_ecp_nistz256_ord_mul_montx
+	.rva	.LSEH_info_ecp_nistz256_ord_mul_montx
+
+	.rva	.LSEH_begin_ecp_nistz256_ord_sqr_montx
+	.rva	.LSEH_end_ecp_nistz256_ord_sqr_montx
+	.rva	.LSEH_info_ecp_nistz256_ord_sqr_montx
+___
+$code.=<<___;
+	.rva	.LSEH_begin_ecp_nistz256_to_mont
+	.rva	.LSEH_end_ecp_nistz256_to_mont
+	.rva	.LSEH_info_ecp_nistz256_to_mont
+
+	.rva	.LSEH_begin_ecp_nistz256_mul_mont
+	.rva	.LSEH_end_ecp_nistz256_mul_mont
+	.rva	.LSEH_info_ecp_nistz256_mul_mont
+
+	.rva	.LSEH_begin_ecp_nistz256_sqr_mont
+	.rva	.LSEH_end_ecp_nistz256_sqr_mont
+	.rva	.LSEH_info_ecp_nistz256_sqr_mont
+
+	.rva	.LSEH_begin_ecp_nistz256_from_mont
+	.rva	.LSEH_end_ecp_nistz256_from_mont
+	.rva	.LSEH_info_ecp_nistz256_from_mont
+
+	.rva	.LSEH_begin_ecp_nistz256_gather_w5
+	.rva	.LSEH_end_ecp_nistz256_gather_w5
+	.rva	.LSEH_info_ecp_nistz256_gather_wX
+
+	.rva	.LSEH_begin_ecp_nistz256_gather_w7
+	.rva	.LSEH_end_ecp_nistz256_gather_w7
+	.rva	.LSEH_info_ecp_nistz256_gather_wX
+___
+$code.=<<___	if ($avx>1);
+	.rva	.LSEH_begin_ecp_nistz256_avx2_gather_w5
+	.rva	.LSEH_end_ecp_nistz256_avx2_gather_w5
+	.rva	.LSEH_info_ecp_nistz256_avx2_gather_wX
+
+	.rva	.LSEH_begin_ecp_nistz256_avx2_gather_w7
+	.rva	.LSEH_end_ecp_nistz256_avx2_gather_w7
+	.rva	.LSEH_info_ecp_nistz256_avx2_gather_wX
+___
+$code.=<<___;
+	.rva	.LSEH_begin_ecp_nistz256_point_double
+	.rva	.LSEH_end_ecp_nistz256_point_double
+	.rva	.LSEH_info_ecp_nistz256_point_double
+
+	.rva	.LSEH_begin_ecp_nistz256_point_add
+	.rva	.LSEH_end_ecp_nistz256_point_add
+	.rva	.LSEH_info_ecp_nistz256_point_add
+
+	.rva	.LSEH_begin_ecp_nistz256_point_add_affine
+	.rva	.LSEH_end_ecp_nistz256_point_add_affine
+	.rva	.LSEH_info_ecp_nistz256_point_add_affine
+___
+$code.=<<___ if ($addx);
+	.rva	.LSEH_begin_ecp_nistz256_point_doublex
+	.rva	.LSEH_end_ecp_nistz256_point_doublex
+	.rva	.LSEH_info_ecp_nistz256_point_doublex
+
+	.rva	.LSEH_begin_ecp_nistz256_point_addx
+	.rva	.LSEH_end_ecp_nistz256_point_addx
+	.rva	.LSEH_info_ecp_nistz256_point_addx
+
+	.rva	.LSEH_begin_ecp_nistz256_point_add_affinex
+	.rva	.LSEH_end_ecp_nistz256_point_add_affinex
+	.rva	.LSEH_info_ecp_nistz256_point_add_affinex
+___
+$code.=<<___;
+
+.section	.xdata
+.align	8
+.LSEH_info_ecp_nistz256_mul_by_2:
+	.byte	9,0,0,0
+	.rva	short_handler
+	.rva	.Lmul_by_2_body,.Lmul_by_2_epilogue	# HandlerData[]
+.LSEH_info_ecp_nistz256_div_by_2:
+	.byte	9,0,0,0
+	.rva	short_handler
+	.rva	.Ldiv_by_2_body,.Ldiv_by_2_epilogue	# HandlerData[]
+.LSEH_info_ecp_nistz256_mul_by_3:
+	.byte	9,0,0,0
+	.rva	short_handler
+	.rva	.Lmul_by_3_body,.Lmul_by_3_epilogue	# HandlerData[]
+.LSEH_info_ecp_nistz256_add:
+	.byte	9,0,0,0
+	.rva	short_handler
+	.rva	.Ladd_body,.Ladd_epilogue		# HandlerData[]
+.LSEH_info_ecp_nistz256_sub:
+	.byte	9,0,0,0
+	.rva	short_handler
+	.rva	.Lsub_body,.Lsub_epilogue		# HandlerData[]
+.LSEH_info_ecp_nistz256_neg:
+	.byte	9,0,0,0
+	.rva	short_handler
+	.rva	.Lneg_body,.Lneg_epilogue		# HandlerData[]
+.LSEH_info_ecp_nistz256_ord_mul_mont:
+	.byte	9,0,0,0
+	.rva	full_handler
+	.rva	.Lord_mul_body,.Lord_mul_epilogue	# HandlerData[]
+	.long	48,0
+.LSEH_info_ecp_nistz256_ord_sqr_mont:
+	.byte	9,0,0,0
+	.rva	full_handler
+	.rva	.Lord_sqr_body,.Lord_sqr_epilogue	# HandlerData[]
+	.long	48,0
+___
+$code.=<<___ if ($addx);
+.LSEH_info_ecp_nistz256_ord_mul_montx:
+	.byte	9,0,0,0
+	.rva	full_handler
+	.rva	.Lord_mulx_body,.Lord_mulx_epilogue	# HandlerData[]
+	.long	48,0
+.LSEH_info_ecp_nistz256_ord_sqr_montx:
+	.byte	9,0,0,0
+	.rva	full_handler
+	.rva	.Lord_sqrx_body,.Lord_sqrx_epilogue	# HandlerData[]
+	.long	48,0
+___
+$code.=<<___;
+.LSEH_info_ecp_nistz256_to_mont:
+	.byte	9,0,0,0
+	.rva	full_handler
+	.rva	.Lmul_body,.Lmul_epilogue		# HandlerData[]
+	.long	48,0
+.LSEH_info_ecp_nistz256_mul_mont:
+	.byte	9,0,0,0
+	.rva	full_handler
+	.rva	.Lmul_body,.Lmul_epilogue		# HandlerData[]
+	.long	48,0
+.LSEH_info_ecp_nistz256_sqr_mont:
+	.byte	9,0,0,0
+	.rva	full_handler
+	.rva	.Lsqr_body,.Lsqr_epilogue		# HandlerData[]
+	.long	48,0
+.LSEH_info_ecp_nistz256_from_mont:
+	.byte	9,0,0,0
+	.rva	short_handler
+	.rva	.Lfrom_body,.Lfrom_epilogue		# HandlerData[]
+.LSEH_info_ecp_nistz256_gather_wX:
+	.byte	0x01,0x33,0x16,0x00
+	.byte	0x33,0xf8,0x09,0x00	#movaps 0x90(rsp),xmm15
+	.byte	0x2e,0xe8,0x08,0x00	#movaps 0x80(rsp),xmm14
+	.byte	0x29,0xd8,0x07,0x00	#movaps 0x70(rsp),xmm13
+	.byte	0x24,0xc8,0x06,0x00	#movaps 0x60(rsp),xmm12
+	.byte	0x1f,0xb8,0x05,0x00	#movaps 0x50(rsp),xmm11
+	.byte	0x1a,0xa8,0x04,0x00	#movaps 0x40(rsp),xmm10
+	.byte	0x15,0x98,0x03,0x00	#movaps 0x30(rsp),xmm9
+	.byte	0x10,0x88,0x02,0x00	#movaps 0x20(rsp),xmm8
+	.byte	0x0c,0x78,0x01,0x00	#movaps 0x10(rsp),xmm7
+	.byte	0x08,0x68,0x00,0x00	#movaps 0x00(rsp),xmm6
+	.byte	0x04,0x01,0x15,0x00	#sub	rsp,0xa8
+	.align	8
+___
+$code.=<<___	if ($avx>1);
+.LSEH_info_ecp_nistz256_avx2_gather_wX:
+	.byte	0x01,0x36,0x17,0x0b
+	.byte	0x36,0xf8,0x09,0x00	# vmovaps 0x90(rsp),xmm15
+	.byte	0x31,0xe8,0x08,0x00	# vmovaps 0x80(rsp),xmm14
+	.byte	0x2c,0xd8,0x07,0x00	# vmovaps 0x70(rsp),xmm13
+	.byte	0x27,0xc8,0x06,0x00	# vmovaps 0x60(rsp),xmm12
+	.byte	0x22,0xb8,0x05,0x00	# vmovaps 0x50(rsp),xmm11
+	.byte	0x1d,0xa8,0x04,0x00	# vmovaps 0x40(rsp),xmm10
+	.byte	0x18,0x98,0x03,0x00	# vmovaps 0x30(rsp),xmm9
+	.byte	0x13,0x88,0x02,0x00	# vmovaps 0x20(rsp),xmm8
+	.byte	0x0e,0x78,0x01,0x00	# vmovaps 0x10(rsp),xmm7
+	.byte	0x09,0x68,0x00,0x00	# vmovaps 0x00(rsp),xmm6
+	.byte	0x04,0x01,0x15,0x00	# sub	  rsp,0xa8
+	.byte	0x00,0xb3,0x00,0x00	# set_frame r11
+	.align	8
+___
+$code.=<<___;
+.LSEH_info_ecp_nistz256_point_double:
+	.byte	9,0,0,0
+	.rva	full_handler
+	.rva	.Lpoint_doubleq_body,.Lpoint_doubleq_epilogue	# HandlerData[]
+	.long	32*5+56,0
+.LSEH_info_ecp_nistz256_point_add:
+	.byte	9,0,0,0
+	.rva	full_handler
+	.rva	.Lpoint_addq_body,.Lpoint_addq_epilogue		# HandlerData[]
+	.long	32*18+56,0
+.LSEH_info_ecp_nistz256_point_add_affine:
+	.byte	9,0,0,0
+	.rva	full_handler
+	.rva	.Ladd_affineq_body,.Ladd_affineq_epilogue	# HandlerData[]
+	.long	32*15+56,0
+___
+$code.=<<___ if ($addx);
+.align	8
+.LSEH_info_ecp_nistz256_point_doublex:
+	.byte	9,0,0,0
+	.rva	full_handler
+	.rva	.Lpoint_doublex_body,.Lpoint_doublex_epilogue	# HandlerData[]
+	.long	32*5+56,0
+.LSEH_info_ecp_nistz256_point_addx:
+	.byte	9,0,0,0
+	.rva	full_handler
+	.rva	.Lpoint_addx_body,.Lpoint_addx_epilogue		# HandlerData[]
+	.long	32*18+56,0
+.LSEH_info_ecp_nistz256_point_add_affinex:
+	.byte	9,0,0,0
+	.rva	full_handler
+	.rva	.Ladd_affinex_body,.Ladd_affinex_epilogue	# HandlerData[]
+	.long	32*15+56,0
+___
+}
+
+########################################################################
+# Convert ecp_nistz256_table.c to layout expected by ecp_nistz_gather_w7
+#
+open TABLE,"<ecp_nistz256_table.c"		or
+open TABLE,"<${dir}../ecp_nistz256_table.c"	or
+die "failed to open ecp_nistz256_table.c:",$!;
+
+use integer;
+
+foreach(<TABLE>) {
+	s/TOBN\(\s*(0x[0-9a-f]+),\s*(0x[0-9a-f]+)\s*\)/push @arr,hex($2),hex($1)/geo;
+}
+close TABLE;
+
+die "insane number of elements" if ($#arr != 64*16*37-1);
+
+print <<___;
+.text
+.globl	ecp_nistz256_precomputed
+.type	ecp_nistz256_precomputed,\@object
+.align	4096
+ecp_nistz256_precomputed:
+___
+while (@line=splice(@arr,0,16)) {
+	print ".long\t",join(',',map { sprintf "0x%08x",$_} @line),"\n";
+}
+print <<___;
+.size	ecp_nistz256_precomputed,.-ecp_nistz256_precomputed
+___
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/x25519-ppc64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/x25519-ppc64.pl
new file mode 100755
index 000000000..3773cb27c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/x25519-ppc64.pl
@@ -0,0 +1,824 @@
+#! /usr/bin/env perl
+# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# X25519 lower-level primitives for PPC64.
+#
+# July 2018.
+#
+# Base 2^64 is faster than base 2^51 on pre-POWER8, most notably ~15%
+# faster on PPC970/G5. POWER8 on the other hand seems to trip on own
+# shoelaces when handling longer carry chains. As base 2^51 has just
+# single-carry pairs, it's 25% faster than base 2^64. Since PPC970 is
+# pretty old, base 2^64 implementation is not engaged. Comparison to
+# compiler-generated code is complicated by the fact that not all
+# compilers support 128-bit integers. When compiler doesn't, like xlc,
+# this module delivers more than 2x improvement, and when it does,
+# from 12% to 30% improvement was measured...
+
+$flavour = shift;
+while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
+die "can't locate ppc-xlate.pl";
+
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
+
+my $sp = "r1";
+my ($rp,$ap,$bp) = map("r$_",3..5);
+
+####################################################### base 2^64
+if (0) {
+my ($bi,$a0,$a1,$a2,$a3,$t0,$t1, $t2,$t3,
+    $acc0,$acc1,$acc2,$acc3,$acc4,$acc5,$acc6,$acc7) =
+    map("r$_",(6..12,22..31));
+my $zero = "r0";
+my $FRAME = 16*8;
+
+$code.=<<___;
+.text
+
+.globl	x25519_fe64_mul
+.type	x25519_fe64_mul,\@function
+.align	5
+x25519_fe64_mul:
+	stdu	$sp,-$FRAME($sp)
+	std	r22,`$FRAME-8*10`($sp)
+	std	r23,`$FRAME-8*9`($sp)
+	std	r24,`$FRAME-8*8`($sp)
+	std	r25,`$FRAME-8*7`($sp)
+	std	r26,`$FRAME-8*6`($sp)
+	std	r27,`$FRAME-8*5`($sp)
+	std	r28,`$FRAME-8*4`($sp)
+	std	r29,`$FRAME-8*3`($sp)
+	std	r30,`$FRAME-8*2`($sp)
+	std	r31,`$FRAME-8*1`($sp)
+
+	ld	$bi,0($bp)
+	ld	$a0,0($ap)
+	xor	$zero,$zero,$zero
+	ld	$a1,8($ap)
+	ld	$a2,16($ap)
+	ld	$a3,24($ap)
+
+	mulld	$acc0,$a0,$bi		# a[0]*b[0]
+	mulhdu	$t0,$a0,$bi
+	mulld	$acc1,$a1,$bi		# a[1]*b[0]
+	mulhdu	$t1,$a1,$bi
+	mulld	$acc2,$a2,$bi		# a[2]*b[0]
+	mulhdu	$t2,$a2,$bi
+	mulld	$acc3,$a3,$bi		# a[3]*b[0]
+	mulhdu	$t3,$a3,$bi
+___
+for(my @acc=($acc0,$acc1,$acc2,$acc3,$acc4,$acc5,$acc6,$acc7),
+    my $i=1; $i<4; shift(@acc), $i++) {
+my $acc4 = $i==1? $zero : @acc[4];
+
+$code.=<<___;
+	ld	$bi,`8*$i`($bp)
+	addc	@acc[1],@acc[1],$t0	# accumulate high parts
+	mulld	$t0,$a0,$bi
+	adde	@acc[2],@acc[2],$t1
+	mulld	$t1,$a1,$bi
+	adde	@acc[3],@acc[3],$t2
+	mulld	$t2,$a2,$bi
+	adde	@acc[4],$acc4,$t3
+	mulld	$t3,$a3,$bi
+	addc	@acc[1],@acc[1],$t0	# accumulate low parts
+	mulhdu	$t0,$a0,$bi
+	adde	@acc[2],@acc[2],$t1
+	mulhdu	$t1,$a1,$bi
+	adde	@acc[3],@acc[3],$t2
+	mulhdu	$t2,$a2,$bi
+	adde	@acc[4],@acc[4],$t3
+	mulhdu	$t3,$a3,$bi
+	adde	@acc[5],$zero,$zero
+___
+}
+$code.=<<___;
+	li	$bi,38
+	addc	$acc4,$acc4,$t0
+	mulld	$t0,$acc4,$bi
+	adde	$acc5,$acc5,$t1
+	mulld	$t1,$acc5,$bi
+	adde	$acc6,$acc6,$t2
+	mulld	$t2,$acc6,$bi
+	adde	$acc7,$acc7,$t3
+	mulld	$t3,$acc7,$bi
+
+	addc	$acc0,$acc0,$t0
+	mulhdu	$t0,$acc4,$bi
+	adde	$acc1,$acc1,$t1
+	mulhdu	$t1,$acc5,$bi
+	adde	$acc2,$acc2,$t2
+	mulhdu	$t2,$acc6,$bi
+	adde	$acc3,$acc3,$t3
+	mulhdu	$t3,$acc7,$bi
+	adde	$acc4,$zero,$zero
+
+	addc	$acc1,$acc1,$t0
+	adde	$acc2,$acc2,$t1
+	adde	$acc3,$acc3,$t2
+	adde	$acc4,$acc4,$t3
+
+	mulld	$acc4,$acc4,$bi
+
+	addc	$acc0,$acc0,$acc4
+	addze	$acc1,$acc1
+	addze	$acc2,$acc2
+	addze	$acc3,$acc3
+
+	subfe	$acc4,$acc4,$acc4	# carry -> ~mask
+	std	$acc1,8($rp)
+	andc	$acc4,$bi,$acc4
+	std	$acc2,16($rp)
+	add	$acc0,$acc0,$acc4
+	std	$acc3,24($rp)
+	std	$acc0,0($rp)
+
+	ld	r22,`$FRAME-8*10`($sp)
+	ld	r23,`$FRAME-8*9`($sp)
+	ld	r24,`$FRAME-8*8`($sp)
+	ld	r25,`$FRAME-8*7`($sp)
+	ld	r26,`$FRAME-8*6`($sp)
+	ld	r27,`$FRAME-8*5`($sp)
+	ld	r28,`$FRAME-8*4`($sp)
+	ld	r29,`$FRAME-8*3`($sp)
+	ld	r30,`$FRAME-8*2`($sp)
+	ld	r31,`$FRAME-8*1`($sp)
+	addi	$sp,$sp,$FRAME
+	blr
+	.long	0
+	.byte	0,12,4,0,0x80,10,3,0
+	.long	0
+.size	x25519_fe64_mul,.-x25519_fe64_mul
+
+.globl	x25519_fe64_sqr
+.type	x25519_fe64_sqr,\@function
+.align	5
+x25519_fe64_sqr:
+	stdu	$sp,-$FRAME($sp)
+	std	r22,`$FRAME-8*10`($sp)
+	std	r23,`$FRAME-8*9`($sp)
+	std	r24,`$FRAME-8*8`($sp)
+	std	r25,`$FRAME-8*7`($sp)
+	std	r26,`$FRAME-8*6`($sp)
+	std	r27,`$FRAME-8*5`($sp)
+	std	r28,`$FRAME-8*4`($sp)
+	std	r29,`$FRAME-8*3`($sp)
+	std	r30,`$FRAME-8*2`($sp)
+	std	r31,`$FRAME-8*1`($sp)
+
+	ld	$a0,0($ap)
+	xor	$zero,$zero,$zero
+	ld	$a1,8($ap)
+	ld	$a2,16($ap)
+	ld	$a3,24($ap)
+
+	################################
+	#  |  |  |  |  |  |a1*a0|  |
+	#  |  |  |  |  |a2*a0|  |  |
+	#  |  |a3*a2|a3*a0|  |  |  |
+	#  |  |  |  |a2*a1|  |  |  |
+	#  |  |  |a3*a1|  |  |  |  |
+	# *|  |  |  |  |  |  |  | 2|
+	# +|a3*a3|a2*a2|a1*a1|a0*a0|
+	#  |--+--+--+--+--+--+--+--|
+	#  |A7|A6|A5|A4|A3|A2|A1|A0|, where Ax is $accx, i.e. follow $accx
+	#
+	#  "can't overflow" below mark carrying into high part of
+	#  multiplication result, which can't overflow, because it
+	#  can never be all ones.
+
+	mulld	$acc1,$a1,$a0		# a[1]*a[0]
+	mulhdu	$t1,$a1,$a0
+	mulld	$acc2,$a2,$a0		# a[2]*a[0]
+	mulhdu	$t2,$a2,$a0
+	mulld	$acc3,$a3,$a0		# a[3]*a[0]
+	mulhdu	$acc4,$a3,$a0
+
+	addc	$acc2,$acc2,$t1		# accumulate high parts of multiplication
+	 mulld	$t0,$a2,$a1		# a[2]*a[1]
+	 mulhdu	$t1,$a2,$a1
+	adde	$acc3,$acc3,$t2
+	 mulld	$t2,$a3,$a1		# a[3]*a[1]
+	 mulhdu	$t3,$a3,$a1
+	addze	$acc4,$acc4		# can't overflow
+
+	mulld	$acc5,$a3,$a2		# a[3]*a[2]
+	mulhdu	$acc6,$a3,$a2
+
+	addc	$t1,$t1,$t2		# accumulate high parts of multiplication
+	 mulld	$acc0,$a0,$a0		# a[0]*a[0]
+	addze	$t2,$t3			# can't overflow
+
+	addc	$acc3,$acc3,$t0		# accumulate low parts of multiplication
+	 mulhdu	$a0,$a0,$a0
+	adde	$acc4,$acc4,$t1
+	 mulld	$t1,$a1,$a1		# a[1]*a[1]
+	adde	$acc5,$acc5,$t2
+	 mulhdu	$a1,$a1,$a1
+	addze	$acc6,$acc6		# can't overflow
+
+	addc	$acc1,$acc1,$acc1	# acc[1-6]*=2
+	 mulld	$t2,$a2,$a2		# a[2]*a[2]
+	adde	$acc2,$acc2,$acc2
+	 mulhdu	$a2,$a2,$a2
+	adde	$acc3,$acc3,$acc3
+	 mulld	$t3,$a3,$a3		# a[3]*a[3]
+	adde	$acc4,$acc4,$acc4
+	 mulhdu	$a3,$a3,$a3
+	adde	$acc5,$acc5,$acc5
+	adde	$acc6,$acc6,$acc6
+	addze	$acc7,$zero
+
+	addc	$acc1,$acc1,$a0		# +a[i]*a[i]
+	 li	$bi,38
+	adde	$acc2,$acc2,$t1
+	adde	$acc3,$acc3,$a1
+	adde	$acc4,$acc4,$t2
+	adde	$acc5,$acc5,$a2
+	adde	$acc6,$acc6,$t3
+	adde	$acc7,$acc7,$a3
+
+	mulld	$t0,$acc4,$bi
+	mulld	$t1,$acc5,$bi
+	mulld	$t2,$acc6,$bi
+	mulld	$t3,$acc7,$bi
+
+	addc	$acc0,$acc0,$t0
+	mulhdu	$t0,$acc4,$bi
+	adde	$acc1,$acc1,$t1
+	mulhdu	$t1,$acc5,$bi
+	adde	$acc2,$acc2,$t2
+	mulhdu	$t2,$acc6,$bi
+	adde	$acc3,$acc3,$t3
+	mulhdu	$t3,$acc7,$bi
+	addze	$acc4,$zero
+
+	addc	$acc1,$acc1,$t0
+	adde	$acc2,$acc2,$t1
+	adde	$acc3,$acc3,$t2
+	adde	$acc4,$acc4,$t3
+
+	mulld	$acc4,$acc4,$bi
+
+	addc	$acc0,$acc0,$acc4
+	addze	$acc1,$acc1
+	addze	$acc2,$acc2
+	addze	$acc3,$acc3
+
+	subfe	$acc4,$acc4,$acc4	# carry -> ~mask
+	std	$acc1,8($rp)
+	andc	$acc4,$bi,$acc4
+	std	$acc2,16($rp)
+	add	$acc0,$acc0,$acc4
+	std	$acc3,24($rp)
+	std	$acc0,0($rp)
+
+	ld	r22,`$FRAME-8*10`($sp)
+	ld	r23,`$FRAME-8*9`($sp)
+	ld	r24,`$FRAME-8*8`($sp)
+	ld	r25,`$FRAME-8*7`($sp)
+	ld	r26,`$FRAME-8*6`($sp)
+	ld	r27,`$FRAME-8*5`($sp)
+	ld	r28,`$FRAME-8*4`($sp)
+	ld	r29,`$FRAME-8*3`($sp)
+	ld	r30,`$FRAME-8*2`($sp)
+	ld	r31,`$FRAME-8*1`($sp)
+	addi	$sp,$sp,$FRAME
+	blr
+	.long	0
+	.byte	0,12,4,0,0x80,10,2,0
+	.long	0
+.size	x25519_fe64_sqr,.-x25519_fe64_sqr
+
+.globl	x25519_fe64_mul121666
+.type	x25519_fe64_mul121666,\@function
+.align	5
+x25519_fe64_mul121666:
+	lis	$bi,`65536>>16`
+	ori	$bi,$bi,`121666-65536`
+
+	ld	$t0,0($ap)
+	ld	$t1,8($ap)
+	ld	$bp,16($ap)
+	ld	$ap,24($ap)
+
+	mulld	$a0,$t0,$bi
+	mulhdu	$t0,$t0,$bi
+	mulld	$a1,$t1,$bi
+	mulhdu	$t1,$t1,$bi
+	mulld	$a2,$bp,$bi
+	mulhdu	$bp,$bp,$bi
+	mulld	$a3,$ap,$bi
+	mulhdu	$ap,$ap,$bi
+
+	addc	$a1,$a1,$t0
+	adde	$a2,$a2,$t1
+	adde	$a3,$a3,$bp
+	addze	$ap,    $ap
+
+	mulli	$ap,$ap,38
+
+	addc	$a0,$a0,$ap
+	addze	$a1,$a1
+	addze	$a2,$a2
+	addze	$a3,$a3
+
+	subfe	$t1,$t1,$t1		# carry -> ~mask
+	std	$a1,8($rp)
+	andc	$t0,$t0,$t1
+	std	$a2,16($rp)
+	add	$a0,$a0,$t0
+	std	$a3,24($rp)
+	std	$a0,0($rp)
+
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,2,0
+	.long	0
+.size	x25519_fe64_mul121666,.-x25519_fe64_mul121666
+
+.globl	x25519_fe64_add
+.type	x25519_fe64_add,\@function
+.align	5
+x25519_fe64_add:
+	ld	$a0,0($ap)
+	ld	$t0,0($bp)
+	ld	$a1,8($ap)
+	ld	$t1,8($bp)
+	ld	$a2,16($ap)
+	ld	$bi,16($bp)
+	ld	$a3,24($ap)
+	ld	$bp,24($bp)
+
+	addc	$a0,$a0,$t0
+	adde	$a1,$a1,$t1
+	adde	$a2,$a2,$bi
+	adde	$a3,$a3,$bp
+
+	li	$t0,38
+	subfe	$t1,$t1,$t1		# carry -> ~mask
+	andc	$t1,$t0,$t1
+
+	addc	$a0,$a0,$t1
+	addze	$a1,$a1
+	addze	$a2,$a2
+	addze	$a3,$a3
+
+	subfe	$t1,$t1,$t1		# carry -> ~mask
+	std	$a1,8($rp)
+	andc	$t0,$t0,$t1
+	std	$a2,16($rp)
+	add	$a0,$a0,$t0
+	std	$a3,24($rp)
+	std	$a0,0($rp)
+
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,3,0
+	.long	0
+.size	x25519_fe64_add,.-x25519_fe64_add
+
+.globl	x25519_fe64_sub
+.type	x25519_fe64_sub,\@function
+.align	5
+x25519_fe64_sub:
+	ld	$a0,0($ap)
+	ld	$t0,0($bp)
+	ld	$a1,8($ap)
+	ld	$t1,8($bp)
+	ld	$a2,16($ap)
+	ld	$bi,16($bp)
+	ld	$a3,24($ap)
+	ld	$bp,24($bp)
+
+	subfc	$a0,$t0,$a0
+	subfe	$a1,$t1,$a1
+	subfe	$a2,$bi,$a2
+	subfe	$a3,$bp,$a3
+
+	li	$t0,38
+	subfe	$t1,$t1,$t1		# borrow -> mask
+	xor	$zero,$zero,$zero
+	and	$t1,$t0,$t1
+
+	subfc	$a0,$t1,$a0
+	subfe	$a1,$zero,$a1
+	subfe	$a2,$zero,$a2
+	subfe	$a3,$zero,$a3
+
+	subfe	$t1,$t1,$t1		# borrow -> mask
+	std	$a1,8($rp)
+	and	$t0,$t0,$t1
+	std	$a2,16($rp)
+	subf	$a0,$t0,$a0
+	std	$a3,24($rp)
+	std	$a0,0($rp)
+
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,3,0
+	.long	0
+.size	x25519_fe64_sub,.-x25519_fe64_sub
+
+.globl	x25519_fe64_tobytes
+.type	x25519_fe64_tobytes,\@function
+.align	5
+x25519_fe64_tobytes:
+	ld	$a3,24($ap)
+	ld	$a0,0($ap)
+	ld	$a1,8($ap)
+	ld	$a2,16($ap)
+
+	sradi	$t0,$a3,63		# most significant bit -> mask
+	li	$t1,19
+	and	$t0,$t0,$t1
+	sldi	$a3,$a3,1
+	add	$t0,$t0,$t1		# compare to modulus in the same go
+	srdi	$a3,$a3,1		# most signifcant bit cleared
+
+	addc	$a0,$a0,$t0
+	addze	$a1,$a1
+	addze	$a2,$a2
+	addze	$a3,$a3
+
+	xor	$zero,$zero,$zero
+	sradi	$t0,$a3,63		# most significant bit -> mask
+	sldi	$a3,$a3,1
+	andc	$t0,$t1,$t0
+	srdi	$a3,$a3,1		# most signifcant bit cleared
+
+	subi	$rp,$rp,1
+	subfc	$a0,$t0,$a0
+	subfe	$a1,$zero,$a1
+	subfe	$a2,$zero,$a2
+	subfe	$a3,$zero,$a3
+
+___
+for (my @a=($a0,$a1,$a2,$a3), my $i=0; $i<4; shift(@a), $i++) {
+$code.=<<___;
+	srdi	$t0,@a[0],8
+	stbu	@a[0],1($rp)
+	srdi	@a[0],@a[0],16
+	stbu	$t0,1($rp)
+	srdi	$t0,@a[0],8
+	stbu	@a[0],1($rp)
+	srdi	@a[0],@a[0],16
+	stbu	$t0,1($rp)
+	srdi	$t0,@a[0],8
+	stbu	@a[0],1($rp)
+	srdi	@a[0],@a[0],16
+	stbu	$t0,1($rp)
+	srdi	$t0,@a[0],8
+	stbu	@a[0],1($rp)
+	stbu	$t0,1($rp)
+___
+}
+$code.=<<___;
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,2,0
+	.long	0
+.size	x25519_fe64_tobytes,.-x25519_fe64_tobytes
+___
+}
+####################################################### base 2^51
+{
+my ($bi,$a0,$a1,$a2,$a3,$a4,$t0, $t1,
+    $h0lo,$h0hi,$h1lo,$h1hi,$h2lo,$h2hi,$h3lo,$h3hi,$h4lo,$h4hi) =
+    map("r$_",(6..12,21..31));
+my $mask = "r0";
+my $FRAME = 18*8;
+
+$code.=<<___;
+.text
+
+.globl	x25519_fe51_mul
+.type	x25519_fe51_mul,\@function
+.align	5
+x25519_fe51_mul:
+	stdu	$sp,-$FRAME($sp)
+	std	r21,`$FRAME-8*11`($sp)
+	std	r22,`$FRAME-8*10`($sp)
+	std	r23,`$FRAME-8*9`($sp)
+	std	r24,`$FRAME-8*8`($sp)
+	std	r25,`$FRAME-8*7`($sp)
+	std	r26,`$FRAME-8*6`($sp)
+	std	r27,`$FRAME-8*5`($sp)
+	std	r28,`$FRAME-8*4`($sp)
+	std	r29,`$FRAME-8*3`($sp)
+	std	r30,`$FRAME-8*2`($sp)
+	std	r31,`$FRAME-8*1`($sp)
+
+	ld	$bi,0($bp)
+	ld	$a0,0($ap)
+	ld	$a1,8($ap)
+	ld	$a2,16($ap)
+	ld	$a3,24($ap)
+	ld	$a4,32($ap)
+
+	mulld	$h0lo,$a0,$bi		# a[0]*b[0]
+	mulhdu	$h0hi,$a0,$bi
+
+	mulld	$h1lo,$a1,$bi		# a[1]*b[0]
+	mulhdu	$h1hi,$a1,$bi
+
+	 mulld	$h4lo,$a4,$bi		# a[4]*b[0]
+	 mulhdu	$h4hi,$a4,$bi
+	 ld	$ap,8($bp)
+	 mulli	$a4,$a4,19
+
+	mulld	$h2lo,$a2,$bi		# a[2]*b[0]
+	mulhdu	$h2hi,$a2,$bi
+
+	mulld	$h3lo,$a3,$bi		# a[3]*b[0]
+	mulhdu	$h3hi,$a3,$bi
+___
+for(my @a=($a0,$a1,$a2,$a3,$a4),
+    my $i=1; $i<4; $i++) {
+	($ap,$bi) = ($bi,$ap);
+$code.=<<___;
+	mulld	$t0,@a[4],$bi
+	mulhdu	$t1,@a[4],$bi
+	addc	$h0lo,$h0lo,$t0
+	adde	$h0hi,$h0hi,$t1
+
+	mulld	$t0,@a[0],$bi
+	mulhdu	$t1,@a[0],$bi
+	addc	$h1lo,$h1lo,$t0
+	adde	$h1hi,$h1hi,$t1
+
+	 mulld	$t0,@a[3],$bi
+	 mulhdu	$t1,@a[3],$bi
+	 ld	$ap,`8*($i+1)`($bp)
+	 mulli	@a[3],@a[3],19
+	 addc	$h4lo,$h4lo,$t0
+	 adde	$h4hi,$h4hi,$t1
+
+	mulld	$t0,@a[1],$bi
+	mulhdu	$t1,@a[1],$bi
+	addc	$h2lo,$h2lo,$t0
+	adde	$h2hi,$h2hi,$t1
+
+	mulld	$t0,@a[2],$bi
+	mulhdu	$t1,@a[2],$bi
+	addc	$h3lo,$h3lo,$t0
+	adde	$h3hi,$h3hi,$t1
+___
+	unshift(@a,pop(@a));
+}
+	($ap,$bi) = ($bi,$ap);
+$code.=<<___;
+	mulld	$t0,$a1,$bi
+	mulhdu	$t1,$a1,$bi
+	addc	$h0lo,$h0lo,$t0
+	adde	$h0hi,$h0hi,$t1
+
+	mulld	$t0,$a2,$bi
+	mulhdu	$t1,$a2,$bi
+	addc	$h1lo,$h1lo,$t0
+	adde	$h1hi,$h1hi,$t1
+
+	mulld	$t0,$a3,$bi
+	mulhdu	$t1,$a3,$bi
+	addc	$h2lo,$h2lo,$t0
+	adde	$h2hi,$h2hi,$t1
+
+	mulld	$t0,$a4,$bi
+	mulhdu	$t1,$a4,$bi
+	addc	$h3lo,$h3lo,$t0
+	adde	$h3hi,$h3hi,$t1
+
+	mulld	$t0,$a0,$bi
+	mulhdu	$t1,$a0,$bi
+	addc	$h4lo,$h4lo,$t0
+	adde	$h4hi,$h4hi,$t1
+
+.Lfe51_reduce:
+	li	$mask,-1
+	srdi	$mask,$mask,13		# 0x7ffffffffffff
+
+	srdi	$t0,$h2lo,51
+	and	$a2,$h2lo,$mask
+	insrdi	$t0,$h2hi,51,0		# h2>>51
+	 srdi	$t1,$h0lo,51
+	 and	$a0,$h0lo,$mask
+	 insrdi	$t1,$h0hi,51,0		# h0>>51
+	addc	$h3lo,$h3lo,$t0
+	addze	$h3hi,$h3hi
+	 addc	$h1lo,$h1lo,$t1
+	 addze	$h1hi,$h1hi
+
+	srdi	$t0,$h3lo,51
+	and	$a3,$h3lo,$mask
+	insrdi	$t0,$h3hi,51,0		# h3>>51
+	 srdi	$t1,$h1lo,51
+	 and	$a1,$h1lo,$mask
+	 insrdi	$t1,$h1hi,51,0		# h1>>51
+	addc	$h4lo,$h4lo,$t0
+	addze	$h4hi,$h4hi
+	 add	$a2,$a2,$t1
+
+	srdi	$t0,$h4lo,51
+	and	$a4,$h4lo,$mask
+	insrdi	$t0,$h4hi,51,0
+	mulli	$t0,$t0,19		# (h4 >> 51) * 19
+
+	add	$a0,$a0,$t0
+
+	srdi	$t1,$a2,51
+	and	$a2,$a2,$mask
+	add	$a3,$a3,$t1
+
+	srdi	$t0,$a0,51
+	and	$a0,$a0,$mask
+	add	$a1,$a1,$t0
+
+	std	$a2,16($rp)
+	std	$a3,24($rp)
+	std	$a4,32($rp)
+	std	$a0,0($rp)
+	std	$a1,8($rp)
+
+	ld	r21,`$FRAME-8*11`($sp)
+	ld	r22,`$FRAME-8*10`($sp)
+	ld	r23,`$FRAME-8*9`($sp)
+	ld	r24,`$FRAME-8*8`($sp)
+	ld	r25,`$FRAME-8*7`($sp)
+	ld	r26,`$FRAME-8*6`($sp)
+	ld	r27,`$FRAME-8*5`($sp)
+	ld	r28,`$FRAME-8*4`($sp)
+	ld	r29,`$FRAME-8*3`($sp)
+	ld	r30,`$FRAME-8*2`($sp)
+	ld	r31,`$FRAME-8*1`($sp)
+	addi	$sp,$sp,$FRAME
+	blr
+	.long	0
+	.byte	0,12,4,0,0x80,11,3,0
+	.long	0
+.size	x25519_fe51_mul,.-x25519_fe51_mul
+___
+{
+my ($a0,$a1,$a2,$a3,$a4,$t0,$t1) = ($a0,$a1,$a2,$a3,$a4,$t0,$t1);
+$code.=<<___;
+.globl	x25519_fe51_sqr
+.type	x25519_fe51_sqr,\@function
+.align	5
+x25519_fe51_sqr:
+	stdu	$sp,-$FRAME($sp)
+	std	r21,`$FRAME-8*11`($sp)
+	std	r22,`$FRAME-8*10`($sp)
+	std	r23,`$FRAME-8*9`($sp)
+	std	r24,`$FRAME-8*8`($sp)
+	std	r25,`$FRAME-8*7`($sp)
+	std	r26,`$FRAME-8*6`($sp)
+	std	r27,`$FRAME-8*5`($sp)
+	std	r28,`$FRAME-8*4`($sp)
+	std	r29,`$FRAME-8*3`($sp)
+	std	r30,`$FRAME-8*2`($sp)
+	std	r31,`$FRAME-8*1`($sp)
+
+	ld	$a0,0($ap)
+	ld	$a1,8($ap)
+	ld	$a2,16($ap)
+	ld	$a3,24($ap)
+	ld	$a4,32($ap)
+
+	add	$bi,$a0,$a0		# a[0]*2
+	mulli	$t1,$a4,19		# a[4]*19
+
+	mulld	$h0lo,$a0,$a0
+	mulhdu	$h0hi,$a0,$a0
+	mulld	$h1lo,$a1,$bi
+	mulhdu	$h1hi,$a1,$bi
+	mulld	$h2lo,$a2,$bi
+	mulhdu	$h2hi,$a2,$bi
+	mulld	$h3lo,$a3,$bi
+	mulhdu	$h3hi,$a3,$bi
+	mulld	$h4lo,$a4,$bi
+	mulhdu	$h4hi,$a4,$bi
+	add	$bi,$a1,$a1		# a[1]*2
+___
+	($a4,$t1) = ($t1,$a4);
+$code.=<<___;
+	mulld	$t0,$t1,$a4
+	mulhdu	$t1,$t1,$a4
+	addc	$h3lo,$h3lo,$t0
+	adde	$h3hi,$h3hi,$t1
+
+	mulli	$bp,$a3,19		# a[3]*19
+
+	mulld	$t0,$a1,$a1
+	mulhdu	$t1,$a1,$a1
+	addc	$h2lo,$h2lo,$t0
+	adde	$h2hi,$h2hi,$t1
+	mulld	$t0,$a2,$bi
+	mulhdu	$t1,$a2,$bi
+	addc	$h3lo,$h3lo,$t0
+	adde	$h3hi,$h3hi,$t1
+	mulld	$t0,$a3,$bi
+	mulhdu	$t1,$a3,$bi
+	addc	$h4lo,$h4lo,$t0
+	adde	$h4hi,$h4hi,$t1
+	mulld	$t0,$a4,$bi
+	mulhdu	$t1,$a4,$bi
+	add	$bi,$a3,$a3		# a[3]*2
+	addc	$h0lo,$h0lo,$t0
+	adde	$h0hi,$h0hi,$t1
+___
+	($a3,$t1) = ($bp,$a3);
+$code.=<<___;
+	mulld	$t0,$t1,$a3
+	mulhdu	$t1,$t1,$a3
+	addc	$h1lo,$h1lo,$t0
+	adde	$h1hi,$h1hi,$t1
+	mulld	$t0,$bi,$a4
+	mulhdu	$t1,$bi,$a4
+	add	$bi,$a2,$a2		# a[2]*2
+	addc	$h2lo,$h2lo,$t0
+	adde	$h2hi,$h2hi,$t1
+
+	mulld	$t0,$a2,$a2
+	mulhdu	$t1,$a2,$a2
+	addc	$h4lo,$h4lo,$t0
+	adde	$h4hi,$h4hi,$t1
+	mulld	$t0,$a3,$bi
+	mulhdu	$t1,$a3,$bi
+	addc	$h0lo,$h0lo,$t0
+	adde	$h0hi,$h0hi,$t1
+	mulld	$t0,$a4,$bi
+	mulhdu	$t1,$a4,$bi
+	addc	$h1lo,$h1lo,$t0
+	adde	$h1hi,$h1hi,$t1
+
+	b	.Lfe51_reduce
+	.long	0
+	.byte	0,12,4,0,0x80,11,2,0
+	.long	0
+.size	x25519_fe51_sqr,.-x25519_fe51_sqr
+___
+}
+$code.=<<___;
+.globl	x25519_fe51_mul121666
+.type	x25519_fe51_mul121666,\@function
+.align	5
+x25519_fe51_mul121666:
+	stdu	$sp,-$FRAME($sp)
+	std	r21,`$FRAME-8*11`($sp)
+	std	r22,`$FRAME-8*10`($sp)
+	std	r23,`$FRAME-8*9`($sp)
+	std	r24,`$FRAME-8*8`($sp)
+	std	r25,`$FRAME-8*7`($sp)
+	std	r26,`$FRAME-8*6`($sp)
+	std	r27,`$FRAME-8*5`($sp)
+	std	r28,`$FRAME-8*4`($sp)
+	std	r29,`$FRAME-8*3`($sp)
+	std	r30,`$FRAME-8*2`($sp)
+	std	r31,`$FRAME-8*1`($sp)
+
+	lis	$bi,`65536>>16`
+	ori	$bi,$bi,`121666-65536`
+	ld	$a0,0($ap)
+	ld	$a1,8($ap)
+	ld	$a2,16($ap)
+	ld	$a3,24($ap)
+	ld	$a4,32($ap)
+
+	mulld	$h0lo,$a0,$bi		# a[0]*121666
+	mulhdu	$h0hi,$a0,$bi
+	mulld	$h1lo,$a1,$bi		# a[1]*121666
+	mulhdu	$h1hi,$a1,$bi
+	mulld	$h2lo,$a2,$bi		# a[2]*121666
+	mulhdu	$h2hi,$a2,$bi
+	mulld	$h3lo,$a3,$bi		# a[3]*121666
+	mulhdu	$h3hi,$a3,$bi
+	mulld	$h4lo,$a4,$bi		# a[4]*121666
+	mulhdu	$h4hi,$a4,$bi
+
+	b	.Lfe51_reduce
+	.long	0
+	.byte	0,12,4,0,0x80,11,2,0
+	.long	0
+.size	x25519_fe51_mul121666,.-x25519_fe51_mul121666
+___
+}
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/x25519-x86_64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/x25519-x86_64.pl
new file mode 100755
index 000000000..18dc6af9f
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/x25519-x86_64.pl
@@ -0,0 +1,1117 @@
+#!/usr/bin/env perl
+# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# X25519 lower-level primitives for x86_64.
+#
+# February 2018.
+#
+# This module implements radix 2^51 multiplication and squaring, and
+# radix 2^64 multiplication, squaring, addition, subtraction and final
+# reduction. Latter radix is used on ADCX/ADOX-capable processors such
+# as Broadwell. On related note one should mention that there are
+# vector implementations that provide significantly better performance
+# on some processors(*), but they are large and overly complex. Which
+# in combination with them being effectively processor-specific makes
+# the undertaking hard to justify. The goal for this implementation
+# is rather versatility and simplicity [and ultimately formal
+# verification].
+#
+# (*)	For example sandy2x should provide ~30% improvement on Sandy
+#	Bridge, but only nominal ~5% on Haswell [and big loss on
+#	Broadwell and successors].
+#
+######################################################################
+# Improvement coefficients:
+#
+#			amd64-51(*)	gcc-5.x(**)
+#
+# P4			+22%		+40%
+# Sandy Bridge		-3%		+11%
+# Haswell		-1%		+13%
+# Broadwell(***)	+30%		+35%
+# Skylake(***)		+33%		+47%
+# Silvermont		+20%		+26%
+# Goldmont		+40%		+50%
+# Bulldozer		+20%		+9%
+# Ryzen(***)		+43%		+40%
+# VIA			+170%		+120%
+#
+# (*)	amd64-51 is popular assembly implementation with 2^51 radix,
+#	only multiplication and squaring subroutines were linked
+#	for comparison, but not complete ladder step; gain on most
+#	processors is because this module refrains from shld, and
+#	minor regression on others is because this does result in
+#	higher instruction count;
+# (**)	compiler is free to inline functions, in assembly one would
+#	need to implement ladder step to do that, and it will improve
+#	performance by several percent;
+# (***)	ADCX/ADOX result for 2^64 radix, there is no corresponding
+#	C implementation, so that comparison is always against
+#	2^51 radix;
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+		=~ /GNU assembler version ([2-9]\.[0-9]+)/) {
+	$addx = ($1>=2.23);
+}
+
+if (!$addx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
+	    `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
+	$addx = ($1>=2.10);
+}
+
+if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
+	    `ml64 2>&1` =~ /Version ([0-9]+)\./) {
+	$addx = ($1>=12);
+}
+
+if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) {
+	my $ver = $2 + $3/100.0;	# 3.1->3.01, 3.10->3.10
+	$addx = ($ver>=3.03);
+}
+
+$code.=<<___;
+.text
+
+.globl	x25519_fe51_mul
+.type	x25519_fe51_mul,\@function,3
+.align	32
+x25519_fe51_mul:
+.cfi_startproc
+	push	%rbp
+.cfi_push	%rbp
+	push	%rbx
+.cfi_push	%rbx
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+	lea	-8*5(%rsp),%rsp
+.cfi_adjust_cfa_offset	40
+.Lfe51_mul_body:
+
+	mov	8*0(%rsi),%rax		# f[0]
+	mov	8*0(%rdx),%r11		# load g[0-4]
+	mov	8*1(%rdx),%r12
+	mov	8*2(%rdx),%r13
+	mov	8*3(%rdx),%rbp
+	mov	8*4(%rdx),%r14
+
+	mov	%rdi,8*4(%rsp)		# offload 1st argument
+	mov	%rax,%rdi
+	mulq	%r11			# f[0]*g[0]
+	mov	%r11,8*0(%rsp)		# offload g[0]
+	mov	%rax,%rbx		# %rbx:%rcx = h0
+	mov	%rdi,%rax
+	mov	%rdx,%rcx
+	mulq	%r12			# f[0]*g[1]
+	mov	%r12,8*1(%rsp)		# offload g[1]
+	mov	%rax,%r8		# %r8:%r9 = h1
+	mov	%rdi,%rax
+	lea	(%r14,%r14,8),%r15
+	mov	%rdx,%r9
+	mulq	%r13			# f[0]*g[2]
+	mov	%r13,8*2(%rsp)		# offload g[2]
+	mov	%rax,%r10		# %r10:%r11 = h2
+	mov	%rdi,%rax
+	lea	(%r14,%r15,2),%rdi	# g[4]*19
+	mov	%rdx,%r11
+	mulq	%rbp			# f[0]*g[3]
+	mov	%rax,%r12		# %r12:%r13 = h3
+	mov	8*0(%rsi),%rax		# f[0]
+	mov	%rdx,%r13
+	mulq	%r14			# f[0]*g[4]
+	mov	%rax,%r14		# %r14:%r15 = h4
+	mov	8*1(%rsi),%rax		# f[1]
+	mov	%rdx,%r15
+
+	mulq	%rdi			# f[1]*g[4]*19
+	add	%rax,%rbx
+	mov	8*2(%rsi),%rax		# f[2]
+	adc	%rdx,%rcx
+	mulq	%rdi			# f[2]*g[4]*19
+	add	%rax,%r8
+	mov	8*3(%rsi),%rax		# f[3]
+	adc	%rdx,%r9
+	mulq	%rdi			# f[3]*g[4]*19
+	add	%rax,%r10
+	mov	8*4(%rsi),%rax		# f[4]
+	adc	%rdx,%r11
+	mulq	%rdi			# f[4]*g[4]*19
+	imulq	\$19,%rbp,%rdi		# g[3]*19
+	add	%rax,%r12
+	mov	8*1(%rsi),%rax		# f[1]
+	adc	%rdx,%r13
+	mulq	%rbp			# f[1]*g[3]
+	mov	8*2(%rsp),%rbp		# g[2]
+	add	%rax,%r14
+	mov	8*2(%rsi),%rax		# f[2]
+	adc	%rdx,%r15
+
+	mulq	%rdi			# f[2]*g[3]*19
+	add	%rax,%rbx
+	mov	8*3(%rsi),%rax		# f[3]
+	adc	%rdx,%rcx
+	mulq	%rdi			# f[3]*g[3]*19
+	add	%rax,%r8
+	mov	8*4(%rsi),%rax		# f[4]
+	adc	%rdx,%r9
+	mulq	%rdi			# f[4]*g[3]*19
+	imulq	\$19,%rbp,%rdi		# g[2]*19
+	add	%rax,%r10
+	mov	8*1(%rsi),%rax		# f[1]
+	adc	%rdx,%r11
+	mulq	%rbp			# f[1]*g[2]
+	add	%rax,%r12
+	mov	8*2(%rsi),%rax		# f[2]
+	adc	%rdx,%r13
+	mulq	%rbp			# f[2]*g[2]
+	mov	8*1(%rsp),%rbp		# g[1]
+	add	%rax,%r14
+	mov	8*3(%rsi),%rax		# f[3]
+	adc	%rdx,%r15
+
+	mulq	%rdi			# f[3]*g[2]*19
+	add	%rax,%rbx
+	mov	8*4(%rsi),%rax		# f[3]
+	adc	%rdx,%rcx
+	mulq	%rdi			# f[4]*g[2]*19
+	add	%rax,%r8
+	mov	8*1(%rsi),%rax		# f[1]
+	adc	%rdx,%r9
+	mulq	%rbp			# f[1]*g[1]
+	imulq	\$19,%rbp,%rdi
+	add	%rax,%r10
+	mov	8*2(%rsi),%rax		# f[2]
+	adc	%rdx,%r11
+	mulq	%rbp			# f[2]*g[1]
+	add	%rax,%r12
+	mov	8*3(%rsi),%rax		# f[3]
+	adc	%rdx,%r13
+	mulq	%rbp			# f[3]*g[1]
+	mov	8*0(%rsp),%rbp		# g[0]
+	add	%rax,%r14
+	mov	8*4(%rsi),%rax		# f[4]
+	adc	%rdx,%r15
+
+	mulq	%rdi			# f[4]*g[1]*19
+	add	%rax,%rbx
+	mov	8*1(%rsi),%rax		# f[1]
+	adc	%rdx,%rcx
+	mul	%rbp			# f[1]*g[0]
+	add	%rax,%r8
+	mov	8*2(%rsi),%rax		# f[2]
+	adc	%rdx,%r9
+	mul	%rbp			# f[2]*g[0]
+	add	%rax,%r10
+	mov	8*3(%rsi),%rax		# f[3]
+	adc	%rdx,%r11
+	mul	%rbp			# f[3]*g[0]
+	add	%rax,%r12
+	mov	8*4(%rsi),%rax		# f[4]
+	adc	%rdx,%r13
+	mulq	%rbp			# f[4]*g[0]
+	add	%rax,%r14
+	adc	%rdx,%r15
+
+	mov	8*4(%rsp),%rdi		# restore 1st argument
+	jmp	.Lreduce51
+.Lfe51_mul_epilogue:
+.cfi_endproc
+.size	x25519_fe51_mul,.-x25519_fe51_mul
+
+.globl	x25519_fe51_sqr
+.type	x25519_fe51_sqr,\@function,2
+.align	32
+x25519_fe51_sqr:
+.cfi_startproc
+	push	%rbp
+.cfi_push	%rbp
+	push	%rbx
+.cfi_push	%rbx
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+	lea	-8*5(%rsp),%rsp
+.cfi_adjust_cfa_offset	40
+.Lfe51_sqr_body:
+
+	mov	8*0(%rsi),%rax		# g[0]
+	mov	8*2(%rsi),%r15		# g[2]
+	mov	8*4(%rsi),%rbp		# g[4]
+
+	mov	%rdi,8*4(%rsp)		# offload 1st argument
+	lea	(%rax,%rax),%r14
+	mulq	%rax			# g[0]*g[0]
+	mov	%rax,%rbx
+	mov	8*1(%rsi),%rax		# g[1]
+	mov	%rdx,%rcx
+	mulq	%r14			# 2*g[0]*g[1]
+	mov	%rax,%r8
+	mov	%r15,%rax
+	mov	%r15,8*0(%rsp)		# offload g[2]
+	mov	%rdx,%r9
+	mulq	%r14			# 2*g[0]*g[2]
+	mov	%rax,%r10
+	mov	8*3(%rsi),%rax
+	mov	%rdx,%r11
+	imulq	\$19,%rbp,%rdi		# g[4]*19
+	mulq	%r14			# 2*g[0]*g[3]
+	mov	%rax,%r12
+	mov	%rbp,%rax
+	mov	%rdx,%r13
+	mulq	%r14			# 2*g[0]*g[4]
+	mov	%rax,%r14
+	mov	%rbp,%rax
+	mov	%rdx,%r15
+
+	mulq	%rdi			# g[4]*g[4]*19
+	add	%rax,%r12
+	mov	8*1(%rsi),%rax		# g[1]
+	adc	%rdx,%r13
+
+	mov	8*3(%rsi),%rsi		# g[3]
+	lea	(%rax,%rax),%rbp
+	mulq	%rax			# g[1]*g[1]
+	add	%rax,%r10
+	mov	8*0(%rsp),%rax		# g[2]
+	adc	%rdx,%r11
+	mulq	%rbp			# 2*g[1]*g[2]
+	add	%rax,%r12
+	mov	%rbp,%rax
+	adc	%rdx,%r13
+	mulq	%rsi			# 2*g[1]*g[3]
+	add	%rax,%r14
+	mov	%rbp,%rax
+	adc	%rdx,%r15
+	imulq	\$19,%rsi,%rbp		# g[3]*19
+	mulq	%rdi			# 2*g[1]*g[4]*19
+	add	%rax,%rbx
+	lea	(%rsi,%rsi),%rax
+	adc	%rdx,%rcx
+
+	mulq	%rdi			# 2*g[3]*g[4]*19
+	add	%rax,%r10
+	mov	%rsi,%rax
+	adc	%rdx,%r11
+	mulq	%rbp			# g[3]*g[3]*19
+	add	%rax,%r8
+	mov	8*0(%rsp),%rax		# g[2]
+	adc	%rdx,%r9
+
+	lea	(%rax,%rax),%rsi
+	mulq	%rax			# g[2]*g[2]
+	add	%rax,%r14
+	mov	%rbp,%rax
+	adc	%rdx,%r15
+	mulq	%rsi			# 2*g[2]*g[3]*19
+	add	%rax,%rbx
+	mov	%rsi,%rax
+	adc	%rdx,%rcx
+	mulq	%rdi			# 2*g[2]*g[4]*19
+	add	%rax,%r8
+	adc	%rdx,%r9
+
+	mov	8*4(%rsp),%rdi		# restore 1st argument
+	jmp	.Lreduce51
+
+.align	32
+.Lreduce51:
+	mov	\$0x7ffffffffffff,%rbp
+
+	mov	%r10,%rdx
+	shr	\$51,%r10
+	shl	\$13,%r11
+	and	%rbp,%rdx		# %rdx = g2 = h2 & mask
+	or	%r10,%r11		# h2>>51
+	add	%r11,%r12
+	adc	\$0,%r13		# h3 += h2>>51
+
+	mov	%rbx,%rax
+	shr	\$51,%rbx
+	shl	\$13,%rcx
+	and	%rbp,%rax		# %rax = g0 = h0 & mask
+	or	%rbx,%rcx		# h0>>51
+	add	%rcx,%r8		# h1 += h0>>51
+	adc	\$0,%r9
+
+	mov	%r12,%rbx
+	shr	\$51,%r12
+	shl	\$13,%r13
+	and	%rbp,%rbx		# %rbx = g3 = h3 & mask
+	or	%r12,%r13		# h3>>51
+	add	%r13,%r14		# h4 += h3>>51
+	adc	\$0,%r15
+
+	mov	%r8,%rcx
+	shr	\$51,%r8
+	shl	\$13,%r9
+	and	%rbp,%rcx		# %rcx = g1 = h1 & mask
+	or	%r8,%r9
+	add	%r9,%rdx		# g2 += h1>>51
+
+	mov	%r14,%r10
+	shr	\$51,%r14
+	shl	\$13,%r15
+	and	%rbp,%r10		# %r10 = g4 = h0 & mask
+	or	%r14,%r15		# h0>>51
+
+	lea	(%r15,%r15,8),%r14
+	lea	(%r15,%r14,2),%r15
+	add	%r15,%rax		# g0 += (h0>>51)*19
+
+	mov	%rdx,%r8
+	and	%rbp,%rdx		# g2 &= mask
+	shr	\$51,%r8
+	add	%r8,%rbx		# g3 += g2>>51
+
+	mov	%rax,%r9
+	and	%rbp,%rax		# g0 &= mask
+	shr	\$51,%r9
+	add	%r9,%rcx		# g1 += g0>>51
+
+	mov	%rax,8*0(%rdi)		# save the result
+	mov	%rcx,8*1(%rdi)
+	mov	%rdx,8*2(%rdi)
+	mov	%rbx,8*3(%rdi)
+	mov	%r10,8*4(%rdi)
+
+	mov	8*5(%rsp),%r15
+.cfi_restore	%r15
+	mov	8*6(%rsp),%r14
+.cfi_restore	%r14
+	mov	8*7(%rsp),%r13
+.cfi_restore	%r13
+	mov	8*8(%rsp),%r12
+.cfi_restore	%r12
+	mov	8*9(%rsp),%rbx
+.cfi_restore	%rbx
+	mov	8*10(%rsp),%rbp
+.cfi_restore	%rbp
+	lea	8*11(%rsp),%rsp
+.cfi_adjust_cfa_offset	88
+.Lfe51_sqr_epilogue:
+	ret
+.cfi_endproc
+.size	x25519_fe51_sqr,.-x25519_fe51_sqr
+
+.globl	x25519_fe51_mul121666
+.type	x25519_fe51_mul121666,\@function,2
+.align	32
+x25519_fe51_mul121666:
+.cfi_startproc
+	push	%rbp
+.cfi_push	%rbp
+	push	%rbx
+.cfi_push	%rbx
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+	lea	-8*5(%rsp),%rsp
+.cfi_adjust_cfa_offset	40
+.Lfe51_mul121666_body:
+	mov	\$121666,%eax
+
+	mulq	8*0(%rsi)
+	mov	%rax,%rbx		# %rbx:%rcx = h0
+	mov	\$121666,%eax
+	mov	%rdx,%rcx
+	mulq	8*1(%rsi)
+	mov	%rax,%r8		# %r8:%r9 = h1
+	mov	\$121666,%eax
+	mov	%rdx,%r9
+	mulq	8*2(%rsi)
+	mov	%rax,%r10		# %r10:%r11 = h2
+	mov	\$121666,%eax
+	mov	%rdx,%r11
+	mulq	8*3(%rsi)
+	mov	%rax,%r12		# %r12:%r13 = h3
+	mov	\$121666,%eax		# f[0]
+	mov	%rdx,%r13
+	mulq	8*4(%rsi)
+	mov	%rax,%r14		# %r14:%r15 = h4
+	mov	%rdx,%r15
+
+	jmp	.Lreduce51
+.Lfe51_mul121666_epilogue:
+.cfi_endproc
+.size	x25519_fe51_mul121666,.-x25519_fe51_mul121666
+___
+########################################################################
+# Base 2^64 subroutines modulo 2*(2^255-19)
+#
+if ($addx) {
+my ($acc0,$acc1,$acc2,$acc3,$acc4,$acc5,$acc6,$acc7) = map("%r$_",(8..15));
+
+$code.=<<___;
+.extern	OPENSSL_ia32cap_P
+.globl	x25519_fe64_eligible
+.type	x25519_fe64_eligible,\@abi-omnipotent
+.align	32
+x25519_fe64_eligible:
+	mov	OPENSSL_ia32cap_P+8(%rip),%ecx
+	xor	%eax,%eax
+	and	\$0x80100,%ecx
+	cmp	\$0x80100,%ecx
+	cmove	%ecx,%eax
+	ret
+.size	x25519_fe64_eligible,.-x25519_fe64_eligible
+
+.globl	x25519_fe64_mul
+.type	x25519_fe64_mul,\@function,3
+.align	32
+x25519_fe64_mul:
+.cfi_startproc
+	push	%rbp
+.cfi_push	%rbp
+	push	%rbx
+.cfi_push	%rbx
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+	push	%rdi			# offload dst
+.cfi_push	%rdi
+	lea	-8*2(%rsp),%rsp
+.cfi_adjust_cfa_offset	16
+.Lfe64_mul_body:
+
+	mov	%rdx,%rax
+	mov	8*0(%rdx),%rbp		# b[0]
+	mov	8*0(%rsi),%rdx		# a[0]
+	mov	8*1(%rax),%rcx		# b[1]
+	mov	8*2(%rax),$acc6		# b[2]
+	mov	8*3(%rax),$acc7		# b[3]
+
+	mulx	%rbp,$acc0,%rax		# a[0]*b[0]
+	xor	%edi,%edi		# cf=0,of=0
+	mulx	%rcx,$acc1,%rbx		# a[0]*b[1]
+	adcx	%rax,$acc1
+	mulx	$acc6,$acc2,%rax	# a[0]*b[2]
+	adcx	%rbx,$acc2
+	mulx	$acc7,$acc3,$acc4	# a[0]*b[3]
+	 mov	8*1(%rsi),%rdx		# a[1]
+	adcx	%rax,$acc3
+	mov	$acc6,(%rsp)		# offload b[2]
+	adcx	%rdi,$acc4		# cf=0
+
+	mulx	%rbp,%rax,%rbx		# a[1]*b[0]
+	adox	%rax,$acc1
+	adcx	%rbx,$acc2
+	mulx	%rcx,%rax,%rbx		# a[1]*b[1]
+	adox	%rax,$acc2
+	adcx	%rbx,$acc3
+	mulx	$acc6,%rax,%rbx		# a[1]*b[2]
+	adox	%rax,$acc3
+	adcx	%rbx,$acc4
+	mulx	$acc7,%rax,$acc5	# a[1]*b[3]
+	 mov	8*2(%rsi),%rdx		# a[2]
+	adox	%rax,$acc4
+	adcx	%rdi,$acc5		# cf=0
+	adox	%rdi,$acc5		# of=0
+
+	mulx	%rbp,%rax,%rbx		# a[2]*b[0]
+	adcx	%rax,$acc2
+	adox	%rbx,$acc3
+	mulx	%rcx,%rax,%rbx		# a[2]*b[1]
+	adcx	%rax,$acc3
+	adox	%rbx,$acc4
+	mulx	$acc6,%rax,%rbx		# a[2]*b[2]
+	adcx	%rax,$acc4
+	adox	%rbx,$acc5
+	mulx	$acc7,%rax,$acc6	# a[2]*b[3]
+	 mov	8*3(%rsi),%rdx		# a[3]
+	adcx	%rax,$acc5
+	adox	%rdi,$acc6		# of=0
+	adcx	%rdi,$acc6		# cf=0
+
+	mulx	%rbp,%rax,%rbx		# a[3]*b[0]
+	adox	%rax,$acc3
+	adcx	%rbx,$acc4
+	mulx	%rcx,%rax,%rbx		# a[3]*b[1]
+	adox	%rax,$acc4
+	adcx	%rbx,$acc5
+	mulx	(%rsp),%rax,%rbx	# a[3]*b[2]
+	adox	%rax,$acc5
+	adcx	%rbx,$acc6
+	mulx	$acc7,%rax,$acc7	# a[3]*b[3]
+	 mov	\$38,%edx
+	adox	%rax,$acc6
+	adcx	%rdi,$acc7		# cf=0
+	adox	%rdi,$acc7		# of=0
+
+	jmp	.Lreduce64
+.Lfe64_mul_epilogue:
+.cfi_endproc
+.size	x25519_fe64_mul,.-x25519_fe64_mul
+
+.globl	x25519_fe64_sqr
+.type	x25519_fe64_sqr,\@function,2
+.align	32
+x25519_fe64_sqr:
+.cfi_startproc
+	push	%rbp
+.cfi_push	%rbp
+	push	%rbx
+.cfi_push	%rbx
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+	push	%rdi			# offload dst
+.cfi_push	%rdi
+	lea	-8*2(%rsp),%rsp
+.cfi_adjust_cfa_offset	16
+.Lfe64_sqr_body:
+
+	mov	8*0(%rsi),%rdx		# a[0]
+	mov	8*1(%rsi),%rcx		# a[1]
+	mov	8*2(%rsi),%rbp		# a[2]
+	mov	8*3(%rsi),%rsi		# a[3]
+
+	################################################################
+	mulx	%rdx,$acc0,$acc7	# a[0]*a[0]
+	mulx	%rcx,$acc1,%rax		# a[0]*a[1]
+	xor	%edi,%edi		# cf=0,of=0
+	mulx	%rbp,$acc2,%rbx		# a[0]*a[2]
+	adcx	%rax,$acc2
+	mulx	%rsi,$acc3,$acc4	# a[0]*a[3]
+	 mov	%rcx,%rdx		# a[1]
+	adcx	%rbx,$acc3
+	adcx	%rdi,$acc4		# cf=0
+
+	################################################################
+	mulx	%rbp,%rax,%rbx		# a[1]*a[2]
+	adox	%rax,$acc3
+	adcx	%rbx,$acc4
+	mulx	%rsi,%rax,$acc5		# a[1]*a[3]
+	 mov	%rbp,%rdx		# a[2]
+	adox	%rax,$acc4
+	adcx	%rdi,$acc5
+
+	################################################################
+	mulx	%rsi,%rax,$acc6		# a[2]*a[3]
+	 mov	%rcx,%rdx		# a[1]
+	adox	%rax,$acc5
+	adcx	%rdi,$acc6		# cf=0
+	adox	%rdi,$acc6		# of=0
+
+	 adcx	$acc1,$acc1		# acc1:6<<1
+	adox	$acc7,$acc1
+	 adcx	$acc2,$acc2
+	mulx	%rdx,%rax,%rbx		# a[1]*a[1]
+	 mov	%rbp,%rdx		# a[2]
+	 adcx	$acc3,$acc3
+	adox	%rax,$acc2
+	 adcx	$acc4,$acc4
+	adox	%rbx,$acc3
+	mulx	%rdx,%rax,%rbx		# a[2]*a[2]
+	 mov	%rsi,%rdx		# a[3]
+	 adcx	$acc5,$acc5
+	adox	%rax,$acc4
+	 adcx	$acc6,$acc6
+	adox	%rbx,$acc5
+	mulx	%rdx,%rax,$acc7		# a[3]*a[3]
+	 mov	\$38,%edx
+	adox	%rax,$acc6
+	adcx	%rdi,$acc7		# cf=0
+	adox	%rdi,$acc7		# of=0
+	jmp	.Lreduce64
+
+.align	32
+.Lreduce64:
+	mulx	$acc4,%rax,%rbx
+	adcx	%rax,$acc0
+	adox	%rbx,$acc1
+	mulx	$acc5,%rax,%rbx
+	adcx	%rax,$acc1
+	adox	%rbx,$acc2
+	mulx	$acc6,%rax,%rbx
+	adcx	%rax,$acc2
+	adox	%rbx,$acc3
+	mulx	$acc7,%rax,$acc4
+	adcx	%rax,$acc3
+	adox	%rdi,$acc4
+	adcx	%rdi,$acc4
+
+	mov	8*2(%rsp),%rdi		# restore dst
+	imulq	%rdx,$acc4
+
+	add	$acc4,$acc0
+	adc	\$0,$acc1
+	adc	\$0,$acc2
+	adc	\$0,$acc3
+
+	sbb	%rax,%rax		# cf -> mask
+	and	\$38,%rax
+
+	add	%rax,$acc0
+	mov	$acc1,8*1(%rdi)
+	mov	$acc2,8*2(%rdi)
+	mov	$acc3,8*3(%rdi)
+	mov	$acc0,8*0(%rdi)
+
+	mov	8*3(%rsp),%r15
+.cfi_restore	%r15
+	mov	8*4(%rsp),%r14
+.cfi_restore	%r14
+	mov	8*5(%rsp),%r13
+.cfi_restore	%r13
+	mov	8*6(%rsp),%r12
+.cfi_restore	%r12
+	mov	8*7(%rsp),%rbx
+.cfi_restore	%rbx
+	mov	8*8(%rsp),%rbp
+.cfi_restore	%rbp
+	lea	8*9(%rsp),%rsp
+.cfi_adjust_cfa_offset	88
+.Lfe64_sqr_epilogue:
+	ret
+.cfi_endproc
+.size	x25519_fe64_sqr,.-x25519_fe64_sqr
+
+.globl	x25519_fe64_mul121666
+.type	x25519_fe64_mul121666,\@function,2
+.align	32
+x25519_fe64_mul121666:
+.Lfe64_mul121666_body:
+	mov	\$121666,%edx
+	mulx	8*0(%rsi),$acc0,%rcx
+	mulx	8*1(%rsi),$acc1,%rax
+	add	%rcx,$acc1
+	mulx	8*2(%rsi),$acc2,%rcx
+	adc	%rax,$acc2
+	mulx	8*3(%rsi),$acc3,%rax
+	adc	%rcx,$acc3
+	adc	\$0,%rax
+
+	imulq	\$38,%rax,%rax
+
+	add	%rax,$acc0
+	adc	\$0,$acc1
+	adc	\$0,$acc2
+	adc	\$0,$acc3
+
+	sbb	%rax,%rax		# cf -> mask
+	and	\$38,%rax
+
+	add	%rax,$acc0
+	mov	$acc1,8*1(%rdi)
+	mov	$acc2,8*2(%rdi)
+	mov	$acc3,8*3(%rdi)
+	mov	$acc0,8*0(%rdi)
+
+.Lfe64_mul121666_epilogue:
+	ret
+.size	x25519_fe64_mul121666,.-x25519_fe64_mul121666
+
+.globl	x25519_fe64_add
+.type	x25519_fe64_add,\@function,3
+.align	32
+x25519_fe64_add:
+.Lfe64_add_body:
+	mov	8*0(%rsi),$acc0
+	mov	8*1(%rsi),$acc1
+	mov	8*2(%rsi),$acc2
+	mov	8*3(%rsi),$acc3
+
+	add	8*0(%rdx),$acc0
+	adc	8*1(%rdx),$acc1
+	adc	8*2(%rdx),$acc2
+	adc	8*3(%rdx),$acc3
+
+	sbb	%rax,%rax		# cf -> mask
+	and	\$38,%rax
+
+	add	%rax,$acc0
+	adc	\$0,$acc1
+	adc	\$0,$acc2
+	mov	$acc1,8*1(%rdi)
+	adc	\$0,$acc3
+	mov	$acc2,8*2(%rdi)
+	sbb	%rax,%rax		# cf -> mask
+	mov	$acc3,8*3(%rdi)
+	and	\$38,%rax
+
+	add	%rax,$acc0
+	mov	$acc0,8*0(%rdi)
+
+.Lfe64_add_epilogue:
+	ret
+.size	x25519_fe64_add,.-x25519_fe64_add
+
+.globl	x25519_fe64_sub
+.type	x25519_fe64_sub,\@function,3
+.align	32
+x25519_fe64_sub:
+.Lfe64_sub_body:
+	mov	8*0(%rsi),$acc0
+	mov	8*1(%rsi),$acc1
+	mov	8*2(%rsi),$acc2
+	mov	8*3(%rsi),$acc3
+
+	sub	8*0(%rdx),$acc0
+	sbb	8*1(%rdx),$acc1
+	sbb	8*2(%rdx),$acc2
+	sbb	8*3(%rdx),$acc3
+
+	sbb	%rax,%rax		# cf -> mask
+	and	\$38,%rax
+
+	sub	%rax,$acc0
+	sbb	\$0,$acc1
+	sbb	\$0,$acc2
+	mov	$acc1,8*1(%rdi)
+	sbb	\$0,$acc3
+	mov	$acc2,8*2(%rdi)
+	sbb	%rax,%rax		# cf -> mask
+	mov	$acc3,8*3(%rdi)
+	and	\$38,%rax
+
+	sub	%rax,$acc0
+	mov	$acc0,8*0(%rdi)
+
+.Lfe64_sub_epilogue:
+	ret
+.size	x25519_fe64_sub,.-x25519_fe64_sub
+
+.globl	x25519_fe64_tobytes
+.type	x25519_fe64_tobytes,\@function,2
+.align	32
+x25519_fe64_tobytes:
+.Lfe64_to_body:
+	mov	8*0(%rsi),$acc0
+	mov	8*1(%rsi),$acc1
+	mov	8*2(%rsi),$acc2
+	mov	8*3(%rsi),$acc3
+
+	################################# reduction modulo 2^255-19
+	lea	($acc3,$acc3),%rax
+	sar	\$63,$acc3		# most significant bit -> mask
+	shr	\$1,%rax		# most significant bit cleared
+	and	\$19,$acc3
+	add	\$19,$acc3		# compare to modulus in the same go
+
+	add	$acc3,$acc0
+	adc	\$0,$acc1
+	adc	\$0,$acc2
+	adc	\$0,%rax
+
+	lea	(%rax,%rax),$acc3
+	sar	\$63,%rax		# most significant bit -> mask
+	shr	\$1,$acc3		# most significant bit cleared
+	not	%rax
+	and	\$19,%rax
+
+	sub	%rax,$acc0
+	sbb	\$0,$acc1
+	sbb	\$0,$acc2
+	sbb	\$0,$acc3
+
+	mov	$acc0,8*0(%rdi)
+	mov	$acc1,8*1(%rdi)
+	mov	$acc2,8*2(%rdi)
+	mov	$acc3,8*3(%rdi)
+
+.Lfe64_to_epilogue:
+	ret
+.size	x25519_fe64_tobytes,.-x25519_fe64_tobytes
+___
+} else {
+$code.=<<___;
+.globl	x25519_fe64_eligible
+.type	x25519_fe64_eligible,\@abi-omnipotent
+.align	32
+x25519_fe64_eligible:
+	xor	%eax,%eax
+	ret
+.size	x25519_fe64_eligible,.-x25519_fe64_eligible
+
+.globl	x25519_fe64_mul
+.type	x25519_fe64_mul,\@abi-omnipotent
+.globl	x25519_fe64_sqr
+.globl	x25519_fe64_mul121666
+.globl	x25519_fe64_add
+.globl	x25519_fe64_sub
+.globl	x25519_fe64_tobytes
+x25519_fe64_mul:
+x25519_fe64_sqr:
+x25519_fe64_mul121666:
+x25519_fe64_add:
+x25519_fe64_sub:
+x25519_fe64_tobytes:
+	.byte	0x0f,0x0b	# ud2
+	ret
+.size	x25519_fe64_mul,.-x25519_fe64_mul
+___
+}
+$code.=<<___;
+.asciz	"X25519 primitives for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern	__imp_RtlVirtualUnwind
+
+.type	short_handler,\@abi-omnipotent
+.align	16
+short_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# end of prologue label
+	cmp	%r10,%rbx		# context->Rip<end of prologue label
+	jb	.Lcommon_seh_tail
+
+	mov	152($context),%rax	# pull context->Rsp
+	jmp	.Lcommon_seh_tail
+.size	short_handler,.-short_handler
+
+.type	full_handler,\@abi-omnipotent
+.align	16
+full_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# end of prologue label
+	cmp	%r10,%rbx		# context->Rip<end of prologue label
+	jb	.Lcommon_seh_tail
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lcommon_seh_tail
+
+	mov	8(%r11),%r10d		# HandlerData[2]
+	lea	(%rax,%r10),%rax
+
+	mov	-8(%rax),%rbp
+	mov	-16(%rax),%rbx
+	mov	-24(%rax),%r12
+	mov	-32(%rax),%r13
+	mov	-40(%rax),%r14
+	mov	-48(%rax),%r15
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+	mov	%r14,232($context)	# restore context->R14
+	mov	%r15,240($context)	# restore context->R15
+
+.Lcommon_seh_tail:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$154,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	full_handler,.-full_handler
+
+.section	.pdata
+.align	4
+	.rva	.LSEH_begin_x25519_fe51_mul
+	.rva	.LSEH_end_x25519_fe51_mul
+	.rva	.LSEH_info_x25519_fe51_mul
+
+	.rva	.LSEH_begin_x25519_fe51_sqr
+	.rva	.LSEH_end_x25519_fe51_sqr
+	.rva	.LSEH_info_x25519_fe51_sqr
+
+	.rva	.LSEH_begin_x25519_fe51_mul121666
+	.rva	.LSEH_end_x25519_fe51_mul121666
+	.rva	.LSEH_info_x25519_fe51_mul121666
+___
+$code.=<<___	if ($addx);
+	.rva	.LSEH_begin_x25519_fe64_mul
+	.rva	.LSEH_end_x25519_fe64_mul
+	.rva	.LSEH_info_x25519_fe64_mul
+
+	.rva	.LSEH_begin_x25519_fe64_sqr
+	.rva	.LSEH_end_x25519_fe64_sqr
+	.rva	.LSEH_info_x25519_fe64_sqr
+
+	.rva	.LSEH_begin_x25519_fe64_mul121666
+	.rva	.LSEH_end_x25519_fe64_mul121666
+	.rva	.LSEH_info_x25519_fe64_mul121666
+
+	.rva	.LSEH_begin_x25519_fe64_add
+	.rva	.LSEH_end_x25519_fe64_add
+	.rva	.LSEH_info_x25519_fe64_add
+
+	.rva	.LSEH_begin_x25519_fe64_sub
+	.rva	.LSEH_end_x25519_fe64_sub
+	.rva	.LSEH_info_x25519_fe64_sub
+
+	.rva	.LSEH_begin_x25519_fe64_tobytes
+	.rva	.LSEH_end_x25519_fe64_tobytes
+	.rva	.LSEH_info_x25519_fe64_tobytes
+___
+$code.=<<___;
+.section	.xdata
+.align	8
+.LSEH_info_x25519_fe51_mul:
+	.byte	9,0,0,0
+	.rva	full_handler
+	.rva	.Lfe51_mul_body,.Lfe51_mul_epilogue	# HandlerData[]
+	.long	88,0
+.LSEH_info_x25519_fe51_sqr:
+	.byte	9,0,0,0
+	.rva	full_handler
+	.rva	.Lfe51_sqr_body,.Lfe51_sqr_epilogue	# HandlerData[]
+	.long	88,0
+.LSEH_info_x25519_fe51_mul121666:
+	.byte	9,0,0,0
+	.rva	full_handler
+	.rva	.Lfe51_mul121666_body,.Lfe51_mul121666_epilogue	# HandlerData[]
+	.long	88,0
+___
+$code.=<<___	if ($addx);
+.LSEH_info_x25519_fe64_mul:
+	.byte	9,0,0,0
+	.rva	full_handler
+	.rva	.Lfe64_mul_body,.Lfe64_mul_epilogue	# HandlerData[]
+	.long	72,0
+.LSEH_info_x25519_fe64_sqr:
+	.byte	9,0,0,0
+	.rva	full_handler
+	.rva	.Lfe64_sqr_body,.Lfe64_sqr_epilogue	# HandlerData[]
+	.long	72,0
+.LSEH_info_x25519_fe64_mul121666:
+	.byte	9,0,0,0
+	.rva	short_handler
+	.rva	.Lfe64_mul121666_body,.Lfe64_mul121666_epilogue	# HandlerData[]
+.LSEH_info_x25519_fe64_add:
+	.byte	9,0,0,0
+	.rva	short_handler
+	.rva	.Lfe64_add_body,.Lfe64_add_epilogue	# HandlerData[]
+.LSEH_info_x25519_fe64_sub:
+	.byte	9,0,0,0
+	.rva	short_handler
+	.rva	.Lfe64_sub_body,.Lfe64_sub_epilogue	# HandlerData[]
+.LSEH_info_x25519_fe64_tobytes:
+	.byte	9,0,0,0
+	.rva	short_handler
+	.rva	.Lfe64_to_body,.Lfe64_to_epilogue	# HandlerData[]
+___
+}
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/build.info
new file mode 100644
index 000000000..a1e673e34
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/build.info
@@ -0,0 +1,42 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c \
+        ec_err.c ec_curve.c ec_check.c ec_print.c ec_asn1.c ec_key.c \
+        ec2_smpl.c ec_ameth.c ec_pmeth.c eck_prn.c \
+        ecp_nistp224.c ecp_nistp256.c ecp_nistp521.c ecp_nistputil.c \
+        ecp_oct.c ec2_oct.c ec_oct.c ec_kmeth.c ecdh_ossl.c ecdh_kdf.c \
+        ecdsa_ossl.c ecdsa_sign.c ecdsa_vrf.c curve25519.c ecx_meth.c \
+        curve448/arch_32/f_impl.c curve448/f_generic.c curve448/scalar.c \
+        curve448/curve448_tables.c curve448/eddsa.c curve448/curve448.c \
+        {- $target{ec_asm_src} -}
+
+GENERATE[ecp_nistz256-x86.s]=asm/ecp_nistz256-x86.pl \
+        $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR)
+
+GENERATE[ecp_nistz256-x86_64.s]=asm/ecp_nistz256-x86_64.pl $(PERLASM_SCHEME)
+
+GENERATE[ecp_nistz256-avx2.s]=asm/ecp_nistz256-avx2.pl $(PERLASM_SCHEME)
+
+GENERATE[ecp_nistz256-sparcv9.S]=asm/ecp_nistz256-sparcv9.pl $(PERLASM_SCHEME)
+INCLUDE[ecp_nistz256-sparcv9.o]=..
+
+GENERATE[ecp_nistz256-armv4.S]=asm/ecp_nistz256-armv4.pl $(PERLASM_SCHEME)
+INCLUDE[ecp_nistz256-armv4.o]=..
+GENERATE[ecp_nistz256-armv8.S]=asm/ecp_nistz256-armv8.pl $(PERLASM_SCHEME)
+INCLUDE[ecp_nistz256-armv8.o]=..
+GENERATE[ecp_nistz256-ppc64.s]=asm/ecp_nistz256-ppc64.pl $(PERLASM_SCHEME)
+
+GENERATE[x25519-x86_64.s]=asm/x25519-x86_64.pl $(PERLASM_SCHEME)
+GENERATE[x25519-ppc64.s]=asm/x25519-ppc64.pl $(PERLASM_SCHEME)
+
+BEGINRAW[Makefile]
+{- $builddir -}/ecp_nistz256-%.S:	{- $sourcedir -}/asm/ecp_nistz256-%.pl
+	CC="$(CC)" $(PERL) $< $(PERLASM_SCHEME) $@
+ENDRAW[Makefile]
+
+INCLUDE[curve448/arch_32/f_impl.o]=curve448/arch_32 curve448
+INCLUDE[curve448/f_generic.o]=curve448/arch_32 curve448
+INCLUDE[curve448/scalar.o]=curve448/arch_32 curve448
+INCLUDE[curve448/curve448_tables.o]=curve448/arch_32 curve448
+INCLUDE[curve448/eddsa.o]=curve448/arch_32 curve448
+INCLUDE[curve448/curve448.o]=curve448/arch_32 curve448
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve25519.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve25519.c
new file mode 100644
index 000000000..aa999cc59
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve25519.c
@@ -0,0 +1,5596 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include "ec_lcl.h"
+#include <openssl/sha.h>
+
+#if defined(X25519_ASM) && (defined(__x86_64) || defined(__x86_64__) || \
+                            defined(_M_AMD64) || defined(_M_X64))
+
+# define BASE_2_64_IMPLEMENTED
+
+typedef uint64_t fe64[4];
+
+int x25519_fe64_eligible(void);
+
+/*
+ * Following subroutines perform corresponding operations modulo
+ * 2^256-38, i.e. double the curve modulus. However, inputs and
+ * outputs are permitted to be partially reduced, i.e. to remain
+ * in [0..2^256) range. It's all tied up in final fe64_tobytes
+ * that performs full reduction modulo 2^255-19.
+ *
+ * There are no reference C implementations for these.
+ */
+void x25519_fe64_mul(fe64 h, const fe64 f, const fe64 g);
+void x25519_fe64_sqr(fe64 h, const fe64 f);
+void x25519_fe64_mul121666(fe64 h, fe64 f);
+void x25519_fe64_add(fe64 h, const fe64 f, const fe64 g);
+void x25519_fe64_sub(fe64 h, const fe64 f, const fe64 g);
+void x25519_fe64_tobytes(uint8_t *s, const fe64 f);
+# define fe64_mul x25519_fe64_mul
+# define fe64_sqr x25519_fe64_sqr
+# define fe64_mul121666 x25519_fe64_mul121666
+# define fe64_add x25519_fe64_add
+# define fe64_sub x25519_fe64_sub
+# define fe64_tobytes x25519_fe64_tobytes
+
+static uint64_t load_8(const uint8_t *in)
+{
+    uint64_t result;
+
+    result = in[0];
+    result |= ((uint64_t)in[1]) << 8;
+    result |= ((uint64_t)in[2]) << 16;
+    result |= ((uint64_t)in[3]) << 24;
+    result |= ((uint64_t)in[4]) << 32;
+    result |= ((uint64_t)in[5]) << 40;
+    result |= ((uint64_t)in[6]) << 48;
+    result |= ((uint64_t)in[7]) << 56;
+
+    return result;
+}
+
+static void fe64_frombytes(fe64 h, const uint8_t *s)
+{
+    h[0] = load_8(s);
+    h[1] = load_8(s + 8);
+    h[2] = load_8(s + 16);
+    h[3] = load_8(s + 24) & 0x7fffffffffffffff;
+}
+
+static void fe64_0(fe64 h)
+{
+    h[0] = 0;
+    h[1] = 0;
+    h[2] = 0;
+    h[3] = 0;
+}
+
+static void fe64_1(fe64 h)
+{
+    h[0] = 1;
+    h[1] = 0;
+    h[2] = 0;
+    h[3] = 0;
+}
+
+static void fe64_copy(fe64 h, const fe64 f)
+{
+    h[0] = f[0];
+    h[1] = f[1];
+    h[2] = f[2];
+    h[3] = f[3];
+}
+
+static void fe64_cswap(fe64 f, fe64 g, unsigned int b)
+{
+    int i;
+    uint64_t mask = 0 - (uint64_t)b;
+
+    for (i = 0; i < 4; i++) {
+        uint64_t x = f[i] ^ g[i];
+        x &= mask;
+        f[i] ^= x;
+        g[i] ^= x;
+    }
+}
+
+static void fe64_invert(fe64 out, const fe64 z)
+{
+    fe64 t0;
+    fe64 t1;
+    fe64 t2;
+    fe64 t3;
+    int i;
+
+    /*
+     * Compute z ** -1 = z ** (2 ** 255 - 19 - 2) with the exponent as
+     * 2 ** 255 - 21 = (2 ** 5) * (2 ** 250 - 1) + 11.
+     */
+
+    /* t0 = z ** 2 */
+    fe64_sqr(t0, z);
+
+    /* t1 = t0 ** (2 ** 2) = z ** 8 */
+    fe64_sqr(t1, t0);
+    fe64_sqr(t1, t1);
+
+    /* t1 = z * t1 = z ** 9 */
+    fe64_mul(t1, z, t1);
+    /* t0 = t0 * t1 = z ** 11 -- stash t0 away for the end. */
+    fe64_mul(t0, t0, t1);
+
+    /* t2 = t0 ** 2 = z ** 22 */
+    fe64_sqr(t2, t0);
+
+    /* t1 = t1 * t2 = z ** (2 ** 5 - 1) */
+    fe64_mul(t1, t1, t2);
+
+    /* t2 = t1 ** (2 ** 5) = z ** ((2 ** 5) * (2 ** 5 - 1)) */
+    fe64_sqr(t2, t1);
+    for (i = 1; i < 5; ++i)
+        fe64_sqr(t2, t2);
+
+    /* t1 = t1 * t2 = z ** ((2 ** 5 + 1) * (2 ** 5 - 1)) = z ** (2 ** 10 - 1) */
+    fe64_mul(t1, t2, t1);
+
+    /* Continuing similarly... */
+
+    /* t2 = z ** (2 ** 20 - 1) */
+    fe64_sqr(t2, t1);
+    for (i = 1; i < 10; ++i)
+        fe64_sqr(t2, t2);
+
+    fe64_mul(t2, t2, t1);
+
+    /* t2 = z ** (2 ** 40 - 1) */
+    fe64_sqr(t3, t2);
+    for (i = 1; i < 20; ++i)
+        fe64_sqr(t3, t3);
+
+    fe64_mul(t2, t3, t2);
+
+    /* t2 = z ** (2 ** 10) * (2 ** 40 - 1) */
+    for (i = 0; i < 10; ++i)
+        fe64_sqr(t2, t2);
+
+    /* t1 = z ** (2 ** 50 - 1) */
+    fe64_mul(t1, t2, t1);
+
+    /* t2 = z ** (2 ** 100 - 1) */
+    fe64_sqr(t2, t1);
+    for (i = 1; i < 50; ++i)
+        fe64_sqr(t2, t2);
+
+    fe64_mul(t2, t2, t1);
+
+    /* t2 = z ** (2 ** 200 - 1) */
+    fe64_sqr(t3, t2);
+    for (i = 1; i < 100; ++i)
+        fe64_sqr(t3, t3);
+
+    fe64_mul(t2, t3, t2);
+
+    /* t2 = z ** ((2 ** 50) * (2 ** 200 - 1) */
+    for (i = 0; i < 50; ++i)
+        fe64_sqr(t2, t2);
+
+    /* t1 = z ** (2 ** 250 - 1) */
+    fe64_mul(t1, t2, t1);
+
+    /* t1 = z ** ((2 ** 5) * (2 ** 250 - 1)) */
+    for (i = 0; i < 5; ++i)
+        fe64_sqr(t1, t1);
+
+    /* Recall t0 = z ** 11; out = z ** (2 ** 255 - 21) */
+    fe64_mul(out, t1, t0);
+}
+
+/*
+ * Duplicate of original x25519_scalar_mult_generic, but using
+ * fe64_* subroutines.
+ */
+static void x25519_scalar_mulx(uint8_t out[32], const uint8_t scalar[32],
+                               const uint8_t point[32])
+{
+    fe64 x1, x2, z2, x3, z3, tmp0, tmp1;
+    uint8_t e[32];
+    unsigned swap = 0;
+    int pos;
+
+    memcpy(e, scalar, 32);
+    e[0]  &= 0xf8;
+    e[31] &= 0x7f;
+    e[31] |= 0x40;
+    fe64_frombytes(x1, point);
+    fe64_1(x2);
+    fe64_0(z2);
+    fe64_copy(x3, x1);
+    fe64_1(z3);
+
+    for (pos = 254; pos >= 0; --pos) {
+        unsigned int b = 1 & (e[pos / 8] >> (pos & 7));
+
+        swap ^= b;
+        fe64_cswap(x2, x3, swap);
+        fe64_cswap(z2, z3, swap);
+        swap = b;
+        fe64_sub(tmp0, x3, z3);
+        fe64_sub(tmp1, x2, z2);
+        fe64_add(x2, x2, z2);
+        fe64_add(z2, x3, z3);
+        fe64_mul(z3, x2, tmp0);
+        fe64_mul(z2, z2, tmp1);
+        fe64_sqr(tmp0, tmp1);
+        fe64_sqr(tmp1, x2);
+        fe64_add(x3, z3, z2);
+        fe64_sub(z2, z3, z2);
+        fe64_mul(x2, tmp1, tmp0);
+        fe64_sub(tmp1, tmp1, tmp0);
+        fe64_sqr(z2, z2);
+        fe64_mul121666(z3, tmp1);
+        fe64_sqr(x3, x3);
+        fe64_add(tmp0, tmp0, z3);
+        fe64_mul(z3, x1, z2);
+        fe64_mul(z2, tmp1, tmp0);
+    }
+
+    fe64_invert(z2, z2);
+    fe64_mul(x2, x2, z2);
+    fe64_tobytes(out, x2);
+
+    OPENSSL_cleanse(e, sizeof(e));
+}
+#endif
+
+#if defined(X25519_ASM) \
+    || ( (defined(__SIZEOF_INT128__) && __SIZEOF_INT128__ == 16) \
+         && !defined(__sparc__) \
+         && !(defined(__ANDROID__) && !defined(__clang__)) )
+/*
+ * Base 2^51 implementation. It's virtually no different from reference
+ * base 2^25.5 implementation in respect to lax boundary conditions for
+ * intermediate values and even individual limbs. So that whatever you
+ * know about the reference, applies even here...
+ */
+# define BASE_2_51_IMPLEMENTED
+
+typedef uint64_t fe51[5];
+
+static const uint64_t MASK51 = 0x7ffffffffffff;
+
+static uint64_t load_7(const uint8_t *in)
+{
+    uint64_t result;
+
+    result = in[0];
+    result |= ((uint64_t)in[1]) << 8;
+    result |= ((uint64_t)in[2]) << 16;
+    result |= ((uint64_t)in[3]) << 24;
+    result |= ((uint64_t)in[4]) << 32;
+    result |= ((uint64_t)in[5]) << 40;
+    result |= ((uint64_t)in[6]) << 48;
+
+    return result;
+}
+
+static uint64_t load_6(const uint8_t *in)
+{
+    uint64_t result;
+
+    result = in[0];
+    result |= ((uint64_t)in[1]) << 8;
+    result |= ((uint64_t)in[2]) << 16;
+    result |= ((uint64_t)in[3]) << 24;
+    result |= ((uint64_t)in[4]) << 32;
+    result |= ((uint64_t)in[5]) << 40;
+
+    return result;
+}
+
+static void fe51_frombytes(fe51 h, const uint8_t *s)
+{
+    uint64_t h0 = load_7(s);                                /* 56 bits */
+    uint64_t h1 = load_6(s + 7) << 5;                       /* 53 bits */
+    uint64_t h2 = load_7(s + 13) << 2;                      /* 58 bits */
+    uint64_t h3 = load_6(s + 20) << 7;                      /* 55 bits */
+    uint64_t h4 = (load_6(s + 26) & 0x7fffffffffff) << 4;   /* 51 bits */
+
+    h1 |= h0 >> 51; h0 &= MASK51;
+    h2 |= h1 >> 51; h1 &= MASK51;
+    h3 |= h2 >> 51; h2 &= MASK51;
+    h4 |= h3 >> 51; h3 &= MASK51;
+
+    h[0] = h0;
+    h[1] = h1;
+    h[2] = h2;
+    h[3] = h3;
+    h[4] = h4;
+}
+
+static void fe51_tobytes(uint8_t *s, const fe51 h)
+{
+    uint64_t h0 = h[0];
+    uint64_t h1 = h[1];
+    uint64_t h2 = h[2];
+    uint64_t h3 = h[3];
+    uint64_t h4 = h[4];
+    uint64_t q;
+
+    /* compare to modulus */
+    q = (h0 + 19) >> 51;
+    q = (h1 + q) >> 51;
+    q = (h2 + q) >> 51;
+    q = (h3 + q) >> 51;
+    q = (h4 + q) >> 51;
+
+    /* full reduce */
+    h0 += 19 * q;
+    h1 += h0 >> 51; h0 &= MASK51;
+    h2 += h1 >> 51; h1 &= MASK51;
+    h3 += h2 >> 51; h2 &= MASK51;
+    h4 += h3 >> 51; h3 &= MASK51;
+                    h4 &= MASK51;
+
+    /* smash */
+    s[0] = (uint8_t)(h0 >> 0);
+    s[1] = (uint8_t)(h0 >> 8);
+    s[2] = (uint8_t)(h0 >> 16);
+    s[3] = (uint8_t)(h0 >> 24);
+    s[4] = (uint8_t)(h0 >> 32);
+    s[5] = (uint8_t)(h0 >> 40);
+    s[6] = (uint8_t)((h0 >> 48) | ((uint32_t)h1 << 3));
+    s[7] = (uint8_t)(h1 >> 5);
+    s[8] = (uint8_t)(h1 >> 13);
+    s[9] = (uint8_t)(h1 >> 21);
+    s[10] = (uint8_t)(h1 >> 29);
+    s[11] = (uint8_t)(h1 >> 37);
+    s[12] = (uint8_t)((h1 >> 45) | ((uint32_t)h2 << 6));
+    s[13] = (uint8_t)(h2 >> 2);
+    s[14] = (uint8_t)(h2 >> 10);
+    s[15] = (uint8_t)(h2 >> 18);
+    s[16] = (uint8_t)(h2 >> 26);
+    s[17] = (uint8_t)(h2 >> 34);
+    s[18] = (uint8_t)(h2 >> 42);
+    s[19] = (uint8_t)((h2 >> 50) | ((uint32_t)h3 << 1));
+    s[20] = (uint8_t)(h3 >> 7);
+    s[21] = (uint8_t)(h3 >> 15);
+    s[22] = (uint8_t)(h3 >> 23);
+    s[23] = (uint8_t)(h3 >> 31);
+    s[24] = (uint8_t)(h3 >> 39);
+    s[25] = (uint8_t)((h3 >> 47) | ((uint32_t)h4 << 4));
+    s[26] = (uint8_t)(h4 >> 4);
+    s[27] = (uint8_t)(h4 >> 12);
+    s[28] = (uint8_t)(h4 >> 20);
+    s[29] = (uint8_t)(h4 >> 28);
+    s[30] = (uint8_t)(h4 >> 36);
+    s[31] = (uint8_t)(h4 >> 44);
+}
+
+# if defined(X25519_ASM)
+void x25519_fe51_mul(fe51 h, const fe51 f, const fe51 g);
+void x25519_fe51_sqr(fe51 h, const fe51 f);
+void x25519_fe51_mul121666(fe51 h, fe51 f);
+#  define fe51_mul x25519_fe51_mul
+#  define fe51_sq  x25519_fe51_sqr
+#  define fe51_mul121666 x25519_fe51_mul121666
+# else
+
+typedef __uint128_t u128;
+
+static void fe51_mul(fe51 h, const fe51 f, const fe51 g)
+{
+    u128 h0, h1, h2, h3, h4;
+    uint64_t f_i, g0, g1, g2, g3, g4;
+
+    f_i = f[0];
+    h0 = (u128)f_i * (g0 = g[0]);
+    h1 = (u128)f_i * (g1 = g[1]);
+    h2 = (u128)f_i * (g2 = g[2]);
+    h3 = (u128)f_i * (g3 = g[3]);
+    h4 = (u128)f_i * (g4 = g[4]);
+
+    f_i = f[1];
+    h0 += (u128)f_i * (g4 *= 19);
+    h1 += (u128)f_i * g0;
+    h2 += (u128)f_i * g1;
+    h3 += (u128)f_i * g2;
+    h4 += (u128)f_i * g3;
+
+    f_i = f[2];
+    h0 += (u128)f_i * (g3 *= 19);
+    h1 += (u128)f_i * g4;
+    h2 += (u128)f_i * g0;
+    h3 += (u128)f_i * g1;
+    h4 += (u128)f_i * g2;
+
+    f_i = f[3];
+    h0 += (u128)f_i * (g2 *= 19);
+    h1 += (u128)f_i * g3;
+    h2 += (u128)f_i * g4;
+    h3 += (u128)f_i * g0;
+    h4 += (u128)f_i * g1;
+
+    f_i = f[4];
+    h0 += (u128)f_i * (g1 *= 19);
+    h1 += (u128)f_i * g2;
+    h2 += (u128)f_i * g3;
+    h3 += (u128)f_i * g4;
+    h4 += (u128)f_i * g0;
+
+    /* partial [lazy] reduction */
+    h3 += (uint64_t)(h2 >> 51); g2 = (uint64_t)h2 & MASK51;
+    h1 += (uint64_t)(h0 >> 51); g0 = (uint64_t)h0 & MASK51;
+
+    h4 += (uint64_t)(h3 >> 51); g3 = (uint64_t)h3 & MASK51;
+    g2 += (uint64_t)(h1 >> 51); g1 = (uint64_t)h1 & MASK51;
+
+    g0 += (uint64_t)(h4 >> 51) * 19; g4 = (uint64_t)h4 & MASK51;
+    g3 += g2 >> 51; g2 &= MASK51;
+    g1 += g0 >> 51; g0 &= MASK51;
+
+    h[0] = g0;
+    h[1] = g1;
+    h[2] = g2;
+    h[3] = g3;
+    h[4] = g4;
+}
+
+static void fe51_sq(fe51 h, const fe51 f)
+{
+#  if defined(OPENSSL_SMALL_FOOTPRINT)
+    fe51_mul(h, f, f);
+#  else
+    /* dedicated squaring gives 16-25% overall improvement */
+    uint64_t g0 = f[0];
+    uint64_t g1 = f[1];
+    uint64_t g2 = f[2];
+    uint64_t g3 = f[3];
+    uint64_t g4 = f[4];
+    u128 h0, h1, h2, h3, h4;
+
+    h0 = (u128)g0 * g0;     g0 *= 2;
+    h1 = (u128)g0 * g1;
+    h2 = (u128)g0 * g2;
+    h3 = (u128)g0 * g3;
+    h4 = (u128)g0 * g4;
+
+    g0 = g4;                /* borrow g0 */
+    h3 += (u128)g0 * (g4 *= 19);
+
+    h2 += (u128)g1 * g1;    g1 *= 2;
+    h3 += (u128)g1 * g2;
+    h4 += (u128)g1 * g3;
+    h0 += (u128)g1 * g4;
+
+    g0 = g3;                /* borrow g0 */
+    h1 += (u128)g0 * (g3 *= 19);
+    h2 += (u128)(g0 * 2) * g4;
+
+    h4 += (u128)g2 * g2;    g2 *= 2;
+    h0 += (u128)g2 * g3;
+    h1 += (u128)g2 * g4;
+
+    /* partial [lazy] reduction */
+    h3 += (uint64_t)(h2 >> 51); g2 = (uint64_t)h2 & MASK51;
+    h1 += (uint64_t)(h0 >> 51); g0 = (uint64_t)h0 & MASK51;
+
+    h4 += (uint64_t)(h3 >> 51); g3 = (uint64_t)h3 & MASK51;
+    g2 += (uint64_t)(h1 >> 51); g1 = (uint64_t)h1 & MASK51;
+
+    g0 += (uint64_t)(h4 >> 51) * 19; g4 = (uint64_t)h4 & MASK51;
+    g3 += g2 >> 51; g2 &= MASK51;
+    g1 += g0 >> 51; g0 &= MASK51;
+
+    h[0] = g0;
+    h[1] = g1;
+    h[2] = g2;
+    h[3] = g3;
+    h[4] = g4;
+#  endif
+}
+
+static void fe51_mul121666(fe51 h, fe51 f)
+{
+    u128 h0 = f[0] * (u128)121666;
+    u128 h1 = f[1] * (u128)121666;
+    u128 h2 = f[2] * (u128)121666;
+    u128 h3 = f[3] * (u128)121666;
+    u128 h4 = f[4] * (u128)121666;
+    uint64_t g0, g1, g2, g3, g4;
+
+    h3 += (uint64_t)(h2 >> 51); g2 = (uint64_t)h2 & MASK51;
+    h1 += (uint64_t)(h0 >> 51); g0 = (uint64_t)h0 & MASK51;
+
+    h4 += (uint64_t)(h3 >> 51); g3 = (uint64_t)h3 & MASK51;
+    g2 += (uint64_t)(h1 >> 51); g1 = (uint64_t)h1 & MASK51;
+
+    g0 += (uint64_t)(h4 >> 51) * 19; g4 = (uint64_t)h4 & MASK51;
+    g3 += g2 >> 51; g2 &= MASK51;
+    g1 += g0 >> 51; g0 &= MASK51;
+
+    h[0] = g0;
+    h[1] = g1;
+    h[2] = g2;
+    h[3] = g3;
+    h[4] = g4;
+}
+# endif
+
+static void fe51_add(fe51 h, const fe51 f, const fe51 g)
+{
+    h[0] = f[0] + g[0];
+    h[1] = f[1] + g[1];
+    h[2] = f[2] + g[2];
+    h[3] = f[3] + g[3];
+    h[4] = f[4] + g[4];
+}
+
+static void fe51_sub(fe51 h, const fe51 f, const fe51 g)
+{
+    /*
+     * Add 2*modulus to ensure that result remains positive
+     * even if subtrahend is partially reduced.
+     */
+    h[0] = (f[0] + 0xfffffffffffda) - g[0];
+    h[1] = (f[1] + 0xffffffffffffe) - g[1];
+    h[2] = (f[2] + 0xffffffffffffe) - g[2];
+    h[3] = (f[3] + 0xffffffffffffe) - g[3];
+    h[4] = (f[4] + 0xffffffffffffe) - g[4];
+}
+
+static void fe51_0(fe51 h)
+{
+    h[0] = 0;
+    h[1] = 0;
+    h[2] = 0;
+    h[3] = 0;
+    h[4] = 0;
+}
+
+static void fe51_1(fe51 h)
+{
+    h[0] = 1;
+    h[1] = 0;
+    h[2] = 0;
+    h[3] = 0;
+    h[4] = 0;
+}
+
+static void fe51_copy(fe51 h, const fe51 f)
+{
+    h[0] = f[0];
+    h[1] = f[1];
+    h[2] = f[2];
+    h[3] = f[3];
+    h[4] = f[4];
+}
+
+static void fe51_cswap(fe51 f, fe51 g, unsigned int b)
+{
+    int i;
+    uint64_t mask = 0 - (uint64_t)b;
+
+    for (i = 0; i < 5; i++) {
+        int64_t x = f[i] ^ g[i];
+        x &= mask;
+        f[i] ^= x;
+        g[i] ^= x;
+    }
+}
+
+static void fe51_invert(fe51 out, const fe51 z)
+{
+    fe51 t0;
+    fe51 t1;
+    fe51 t2;
+    fe51 t3;
+    int i;
+
+    /*
+     * Compute z ** -1 = z ** (2 ** 255 - 19 - 2) with the exponent as
+     * 2 ** 255 - 21 = (2 ** 5) * (2 ** 250 - 1) + 11.
+     */
+
+    /* t0 = z ** 2 */
+    fe51_sq(t0, z);
+
+    /* t1 = t0 ** (2 ** 2) = z ** 8 */
+    fe51_sq(t1, t0);
+    fe51_sq(t1, t1);
+
+    /* t1 = z * t1 = z ** 9 */
+    fe51_mul(t1, z, t1);
+    /* t0 = t0 * t1 = z ** 11 -- stash t0 away for the end. */
+    fe51_mul(t0, t0, t1);
+
+    /* t2 = t0 ** 2 = z ** 22 */
+    fe51_sq(t2, t0);
+
+    /* t1 = t1 * t2 = z ** (2 ** 5 - 1) */
+    fe51_mul(t1, t1, t2);
+
+    /* t2 = t1 ** (2 ** 5) = z ** ((2 ** 5) * (2 ** 5 - 1)) */
+    fe51_sq(t2, t1);
+    for (i = 1; i < 5; ++i)
+        fe51_sq(t2, t2);
+
+    /* t1 = t1 * t2 = z ** ((2 ** 5 + 1) * (2 ** 5 - 1)) = z ** (2 ** 10 - 1) */
+    fe51_mul(t1, t2, t1);
+
+    /* Continuing similarly... */
+
+    /* t2 = z ** (2 ** 20 - 1) */
+    fe51_sq(t2, t1);
+    for (i = 1; i < 10; ++i)
+        fe51_sq(t2, t2);
+
+    fe51_mul(t2, t2, t1);
+
+    /* t2 = z ** (2 ** 40 - 1) */
+    fe51_sq(t3, t2);
+    for (i = 1; i < 20; ++i)
+        fe51_sq(t3, t3);
+
+    fe51_mul(t2, t3, t2);
+
+    /* t2 = z ** (2 ** 10) * (2 ** 40 - 1) */
+    for (i = 0; i < 10; ++i)
+        fe51_sq(t2, t2);
+
+    /* t1 = z ** (2 ** 50 - 1) */
+    fe51_mul(t1, t2, t1);
+
+    /* t2 = z ** (2 ** 100 - 1) */
+    fe51_sq(t2, t1);
+    for (i = 1; i < 50; ++i)
+        fe51_sq(t2, t2);
+
+    fe51_mul(t2, t2, t1);
+
+    /* t2 = z ** (2 ** 200 - 1) */
+    fe51_sq(t3, t2);
+    for (i = 1; i < 100; ++i)
+        fe51_sq(t3, t3);
+
+    fe51_mul(t2, t3, t2);
+
+    /* t2 = z ** ((2 ** 50) * (2 ** 200 - 1) */
+    for (i = 0; i < 50; ++i)
+        fe51_sq(t2, t2);
+
+    /* t1 = z ** (2 ** 250 - 1) */
+    fe51_mul(t1, t2, t1);
+
+    /* t1 = z ** ((2 ** 5) * (2 ** 250 - 1)) */
+    for (i = 0; i < 5; ++i)
+        fe51_sq(t1, t1);
+
+    /* Recall t0 = z ** 11; out = z ** (2 ** 255 - 21) */
+    fe51_mul(out, t1, t0);
+}
+
+/*
+ * Duplicate of original x25519_scalar_mult_generic, but using
+ * fe51_* subroutines.
+ */
+static void x25519_scalar_mult(uint8_t out[32], const uint8_t scalar[32],
+                               const uint8_t point[32])
+{
+    fe51 x1, x2, z2, x3, z3, tmp0, tmp1;
+    uint8_t e[32];
+    unsigned swap = 0;
+    int pos;
+
+# ifdef BASE_2_64_IMPLEMENTED
+    if (x25519_fe64_eligible()) {
+        x25519_scalar_mulx(out, scalar, point);
+        return;
+    }
+# endif
+
+    memcpy(e, scalar, 32);
+    e[0]  &= 0xf8;
+    e[31] &= 0x7f;
+    e[31] |= 0x40;
+    fe51_frombytes(x1, point);
+    fe51_1(x2);
+    fe51_0(z2);
+    fe51_copy(x3, x1);
+    fe51_1(z3);
+
+    for (pos = 254; pos >= 0; --pos) {
+        unsigned int b = 1 & (e[pos / 8] >> (pos & 7));
+
+        swap ^= b;
+        fe51_cswap(x2, x3, swap);
+        fe51_cswap(z2, z3, swap);
+        swap = b;
+        fe51_sub(tmp0, x3, z3);
+        fe51_sub(tmp1, x2, z2);
+        fe51_add(x2, x2, z2);
+        fe51_add(z2, x3, z3);
+        fe51_mul(z3, tmp0, x2);
+        fe51_mul(z2, z2, tmp1);
+        fe51_sq(tmp0, tmp1);
+        fe51_sq(tmp1, x2);
+        fe51_add(x3, z3, z2);
+        fe51_sub(z2, z3, z2);
+        fe51_mul(x2, tmp1, tmp0);
+        fe51_sub(tmp1, tmp1, tmp0);
+        fe51_sq(z2, z2);
+        fe51_mul121666(z3, tmp1);
+        fe51_sq(x3, x3);
+        fe51_add(tmp0, tmp0, z3);
+        fe51_mul(z3, x1, z2);
+        fe51_mul(z2, tmp1, tmp0);
+    }
+
+    fe51_invert(z2, z2);
+    fe51_mul(x2, x2, z2);
+    fe51_tobytes(out, x2);
+
+    OPENSSL_cleanse(e, sizeof(e));
+}
+#endif
+
+/*
+ * Reference base 2^25.5 implementation.
+ *
+ * This code is mostly taken from the ref10 version of Ed25519 in SUPERCOP
+ * 20141124 (http://bench.cr.yp.to/supercop.html).
+ *
+ * The field functions are shared by Ed25519 and X25519 where possible.
+ */
+
+/*
+ * fe means field element. Here the field is \Z/(2^255-19). An element t,
+ * entries t[0]...t[9], represents the integer t[0]+2^26 t[1]+2^51 t[2]+2^77
+ * t[3]+2^102 t[4]+...+2^230 t[9]. Bounds on each t[i] vary depending on
+ * context.
+ */
+typedef int32_t fe[10];
+
+static const int64_t kBottom21Bits =  0x1fffffLL;
+static const int64_t kBottom25Bits = 0x1ffffffLL;
+static const int64_t kBottom26Bits = 0x3ffffffLL;
+static const int64_t kTop39Bits = 0xfffffffffe000000LL;
+static const int64_t kTop38Bits = 0xfffffffffc000000LL;
+
+static uint64_t load_3(const uint8_t *in)
+{
+    uint64_t result;
+
+    result  = ((uint64_t)in[0]);
+    result |= ((uint64_t)in[1]) << 8;
+    result |= ((uint64_t)in[2]) << 16;
+    return result;
+}
+
+static uint64_t load_4(const uint8_t *in)
+{
+    uint64_t result;
+
+    result  = ((uint64_t)in[0]);
+    result |= ((uint64_t)in[1]) << 8;
+    result |= ((uint64_t)in[2]) << 16;
+    result |= ((uint64_t)in[3]) << 24;
+    return result;
+}
+
+static void fe_frombytes(fe h, const uint8_t *s)
+{
+    /* Ignores top bit of h. */
+    int64_t h0 =  load_4(s);
+    int64_t h1 =  load_3(s +  4) << 6;
+    int64_t h2 =  load_3(s +  7) << 5;
+    int64_t h3 =  load_3(s + 10) << 3;
+    int64_t h4 =  load_3(s + 13) << 2;
+    int64_t h5 =  load_4(s + 16);
+    int64_t h6 =  load_3(s + 20) << 7;
+    int64_t h7 =  load_3(s + 23) << 5;
+    int64_t h8 =  load_3(s + 26) << 4;
+    int64_t h9 = (load_3(s + 29) & 0x7fffff) << 2;
+    int64_t carry0;
+    int64_t carry1;
+    int64_t carry2;
+    int64_t carry3;
+    int64_t carry4;
+    int64_t carry5;
+    int64_t carry6;
+    int64_t carry7;
+    int64_t carry8;
+    int64_t carry9;
+
+    carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits;
+    carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits;
+    carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits;
+    carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits;
+    carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits;
+
+    carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
+    carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits;
+    carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
+    carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits;
+    carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits;
+
+    h[0] = (int32_t)h0;
+    h[1] = (int32_t)h1;
+    h[2] = (int32_t)h2;
+    h[3] = (int32_t)h3;
+    h[4] = (int32_t)h4;
+    h[5] = (int32_t)h5;
+    h[6] = (int32_t)h6;
+    h[7] = (int32_t)h7;
+    h[8] = (int32_t)h8;
+    h[9] = (int32_t)h9;
+}
+
+/*
+ * Preconditions:
+ *   |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+ *
+ * Write p=2^255-19; q=floor(h/p).
+ * Basic claim: q = floor(2^(-255)(h + 19 2^(-25)h9 + 2^(-1))).
+ *
+ * Proof:
+ *   Have |h|<=p so |q|<=1 so |19^2 2^(-255) q|<1/4.
+ *   Also have |h-2^230 h9|<2^231 so |19 2^(-255)(h-2^230 h9)|<1/4.
+ *
+ *   Write y=2^(-1)-19^2 2^(-255)q-19 2^(-255)(h-2^230 h9).
+ *   Then 0<y<1.
+ *
+ *   Write r=h-pq.
+ *   Have 0<=r<=p-1=2^255-20.
+ *   Thus 0<=r+19(2^-255)r<r+19(2^-255)2^255<=2^255-1.
+ *
+ *   Write x=r+19(2^-255)r+y.
+ *   Then 0<x<2^255 so floor(2^(-255)x) = 0 so floor(q+2^(-255)x) = q.
+ *
+ *   Have q+2^(-255)x = 2^(-255)(h + 19 2^(-25) h9 + 2^(-1))
+ *   so floor(2^(-255)(h + 19 2^(-25) h9 + 2^(-1))) = q.
+ */
+static void fe_tobytes(uint8_t *s, const fe h)
+{
+    int32_t h0 = h[0];
+    int32_t h1 = h[1];
+    int32_t h2 = h[2];
+    int32_t h3 = h[3];
+    int32_t h4 = h[4];
+    int32_t h5 = h[5];
+    int32_t h6 = h[6];
+    int32_t h7 = h[7];
+    int32_t h8 = h[8];
+    int32_t h9 = h[9];
+    int32_t q;
+
+    q = (19 * h9 + (((int32_t) 1) << 24)) >> 25;
+    q = (h0 + q) >> 26;
+    q = (h1 + q) >> 25;
+    q = (h2 + q) >> 26;
+    q = (h3 + q) >> 25;
+    q = (h4 + q) >> 26;
+    q = (h5 + q) >> 25;
+    q = (h6 + q) >> 26;
+    q = (h7 + q) >> 25;
+    q = (h8 + q) >> 26;
+    q = (h9 + q) >> 25;
+
+    /* Goal: Output h-(2^255-19)q, which is between 0 and 2^255-20. */
+    h0 += 19 * q;
+    /* Goal: Output h-2^255 q, which is between 0 and 2^255-20. */
+
+    h1 += h0 >> 26; h0 &= kBottom26Bits;
+    h2 += h1 >> 25; h1 &= kBottom25Bits;
+    h3 += h2 >> 26; h2 &= kBottom26Bits;
+    h4 += h3 >> 25; h3 &= kBottom25Bits;
+    h5 += h4 >> 26; h4 &= kBottom26Bits;
+    h6 += h5 >> 25; h5 &= kBottom25Bits;
+    h7 += h6 >> 26; h6 &= kBottom26Bits;
+    h8 += h7 >> 25; h7 &= kBottom25Bits;
+    h9 += h8 >> 26; h8 &= kBottom26Bits;
+                    h9 &= kBottom25Bits;
+    /* h10 = carry9 */
+
+    /*
+     * Goal: Output h0+...+2^255 h10-2^255 q, which is between 0 and 2^255-20.
+     * Have h0+...+2^230 h9 between 0 and 2^255-1;
+     * evidently 2^255 h10-2^255 q = 0.
+     * Goal: Output h0+...+2^230 h9.
+     */
+    s[ 0] = (uint8_t) (h0 >>  0);
+    s[ 1] = (uint8_t) (h0 >>  8);
+    s[ 2] = (uint8_t) (h0 >> 16);
+    s[ 3] = (uint8_t)((h0 >> 24) | ((uint32_t)(h1) << 2));
+    s[ 4] = (uint8_t) (h1 >>  6);
+    s[ 5] = (uint8_t) (h1 >> 14);
+    s[ 6] = (uint8_t)((h1 >> 22) | ((uint32_t)(h2) << 3));
+    s[ 7] = (uint8_t) (h2 >>  5);
+    s[ 8] = (uint8_t) (h2 >> 13);
+    s[ 9] = (uint8_t)((h2 >> 21) | ((uint32_t)(h3) << 5));
+    s[10] = (uint8_t) (h3 >>  3);
+    s[11] = (uint8_t) (h3 >> 11);
+    s[12] = (uint8_t)((h3 >> 19) | ((uint32_t)(h4) << 6));
+    s[13] = (uint8_t) (h4 >>  2);
+    s[14] = (uint8_t) (h4 >> 10);
+    s[15] = (uint8_t) (h4 >> 18);
+    s[16] = (uint8_t) (h5 >>  0);
+    s[17] = (uint8_t) (h5 >>  8);
+    s[18] = (uint8_t) (h5 >> 16);
+    s[19] = (uint8_t)((h5 >> 24) | ((uint32_t)(h6) << 1));
+    s[20] = (uint8_t) (h6 >>  7);
+    s[21] = (uint8_t) (h6 >> 15);
+    s[22] = (uint8_t)((h6 >> 23) | ((uint32_t)(h7) << 3));
+    s[23] = (uint8_t) (h7 >>  5);
+    s[24] = (uint8_t) (h7 >> 13);
+    s[25] = (uint8_t)((h7 >> 21) | ((uint32_t)(h8) << 4));
+    s[26] = (uint8_t) (h8 >>  4);
+    s[27] = (uint8_t) (h8 >> 12);
+    s[28] = (uint8_t)((h8 >> 20) | ((uint32_t)(h9) << 6));
+    s[29] = (uint8_t) (h9 >>  2);
+    s[30] = (uint8_t) (h9 >> 10);
+    s[31] = (uint8_t) (h9 >> 18);
+}
+
+/* h = f */
+static void fe_copy(fe h, const fe f)
+{
+    memmove(h, f, sizeof(int32_t) * 10);
+}
+
+/* h = 0 */
+static void fe_0(fe h)
+{
+    memset(h, 0, sizeof(int32_t) * 10);
+}
+
+/* h = 1 */
+static void fe_1(fe h)
+{
+    memset(h, 0, sizeof(int32_t) * 10);
+    h[0] = 1;
+}
+
+/*
+ * h = f + g
+ *
+ * Can overlap h with f or g.
+ *
+ * Preconditions:
+ *    |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+ *    |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+ *
+ * Postconditions:
+ *    |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+ */
+static void fe_add(fe h, const fe f, const fe g)
+{
+    unsigned i;
+
+    for (i = 0; i < 10; i++) {
+        h[i] = f[i] + g[i];
+    }
+}
+
+/*
+ * h = f - g
+ *
+ * Can overlap h with f or g.
+ *
+ * Preconditions:
+ *    |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+ *    |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+ *
+ * Postconditions:
+ *    |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+ */
+static void fe_sub(fe h, const fe f, const fe g)
+{
+    unsigned i;
+
+    for (i = 0; i < 10; i++) {
+        h[i] = f[i] - g[i];
+    }
+}
+
+/*
+ * h = f * g
+ *
+ * Can overlap h with f or g.
+ *
+ * Preconditions:
+ *    |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
+ *    |g| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
+ *
+ * Postconditions:
+ *    |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc.
+ *
+ * Notes on implementation strategy:
+ *
+ * Using schoolbook multiplication.
+ * Karatsuba would save a little in some cost models.
+ *
+ * Most multiplications by 2 and 19 are 32-bit precomputations;
+ * cheaper than 64-bit postcomputations.
+ *
+ * There is one remaining multiplication by 19 in the carry chain;
+ * one *19 precomputation can be merged into this,
+ * but the resulting data flow is considerably less clean.
+ *
+ * There are 12 carries below.
+ * 10 of them are 2-way parallelizable and vectorizable.
+ * Can get away with 11 carries, but then data flow is much deeper.
+ *
+ * With tighter constraints on inputs can squeeze carries into int32.
+ */
+static void fe_mul(fe h, const fe f, const fe g)
+{
+    int32_t f0 = f[0];
+    int32_t f1 = f[1];
+    int32_t f2 = f[2];
+    int32_t f3 = f[3];
+    int32_t f4 = f[4];
+    int32_t f5 = f[5];
+    int32_t f6 = f[6];
+    int32_t f7 = f[7];
+    int32_t f8 = f[8];
+    int32_t f9 = f[9];
+    int32_t g0 = g[0];
+    int32_t g1 = g[1];
+    int32_t g2 = g[2];
+    int32_t g3 = g[3];
+    int32_t g4 = g[4];
+    int32_t g5 = g[5];
+    int32_t g6 = g[6];
+    int32_t g7 = g[7];
+    int32_t g8 = g[8];
+    int32_t g9 = g[9];
+    int32_t g1_19 = 19 * g1; /* 1.959375*2^29 */
+    int32_t g2_19 = 19 * g2; /* 1.959375*2^30; still ok */
+    int32_t g3_19 = 19 * g3;
+    int32_t g4_19 = 19 * g4;
+    int32_t g5_19 = 19 * g5;
+    int32_t g6_19 = 19 * g6;
+    int32_t g7_19 = 19 * g7;
+    int32_t g8_19 = 19 * g8;
+    int32_t g9_19 = 19 * g9;
+    int32_t f1_2 = 2 * f1;
+    int32_t f3_2 = 2 * f3;
+    int32_t f5_2 = 2 * f5;
+    int32_t f7_2 = 2 * f7;
+    int32_t f9_2 = 2 * f9;
+    int64_t f0g0    = f0   * (int64_t) g0;
+    int64_t f0g1    = f0   * (int64_t) g1;
+    int64_t f0g2    = f0   * (int64_t) g2;
+    int64_t f0g3    = f0   * (int64_t) g3;
+    int64_t f0g4    = f0   * (int64_t) g4;
+    int64_t f0g5    = f0   * (int64_t) g5;
+    int64_t f0g6    = f0   * (int64_t) g6;
+    int64_t f0g7    = f0   * (int64_t) g7;
+    int64_t f0g8    = f0   * (int64_t) g8;
+    int64_t f0g9    = f0   * (int64_t) g9;
+    int64_t f1g0    = f1   * (int64_t) g0;
+    int64_t f1g1_2  = f1_2 * (int64_t) g1;
+    int64_t f1g2    = f1   * (int64_t) g2;
+    int64_t f1g3_2  = f1_2 * (int64_t) g3;
+    int64_t f1g4    = f1   * (int64_t) g4;
+    int64_t f1g5_2  = f1_2 * (int64_t) g5;
+    int64_t f1g6    = f1   * (int64_t) g6;
+    int64_t f1g7_2  = f1_2 * (int64_t) g7;
+    int64_t f1g8    = f1   * (int64_t) g8;
+    int64_t f1g9_38 = f1_2 * (int64_t) g9_19;
+    int64_t f2g0    = f2   * (int64_t) g0;
+    int64_t f2g1    = f2   * (int64_t) g1;
+    int64_t f2g2    = f2   * (int64_t) g2;
+    int64_t f2g3    = f2   * (int64_t) g3;
+    int64_t f2g4    = f2   * (int64_t) g4;
+    int64_t f2g5    = f2   * (int64_t) g5;
+    int64_t f2g6    = f2   * (int64_t) g6;
+    int64_t f2g7    = f2   * (int64_t) g7;
+    int64_t f2g8_19 = f2   * (int64_t) g8_19;
+    int64_t f2g9_19 = f2   * (int64_t) g9_19;
+    int64_t f3g0    = f3   * (int64_t) g0;
+    int64_t f3g1_2  = f3_2 * (int64_t) g1;
+    int64_t f3g2    = f3   * (int64_t) g2;
+    int64_t f3g3_2  = f3_2 * (int64_t) g3;
+    int64_t f3g4    = f3   * (int64_t) g4;
+    int64_t f3g5_2  = f3_2 * (int64_t) g5;
+    int64_t f3g6    = f3   * (int64_t) g6;
+    int64_t f3g7_38 = f3_2 * (int64_t) g7_19;
+    int64_t f3g8_19 = f3   * (int64_t) g8_19;
+    int64_t f3g9_38 = f3_2 * (int64_t) g9_19;
+    int64_t f4g0    = f4   * (int64_t) g0;
+    int64_t f4g1    = f4   * (int64_t) g1;
+    int64_t f4g2    = f4   * (int64_t) g2;
+    int64_t f4g3    = f4   * (int64_t) g3;
+    int64_t f4g4    = f4   * (int64_t) g4;
+    int64_t f4g5    = f4   * (int64_t) g5;
+    int64_t f4g6_19 = f4   * (int64_t) g6_19;
+    int64_t f4g7_19 = f4   * (int64_t) g7_19;
+    int64_t f4g8_19 = f4   * (int64_t) g8_19;
+    int64_t f4g9_19 = f4   * (int64_t) g9_19;
+    int64_t f5g0    = f5   * (int64_t) g0;
+    int64_t f5g1_2  = f5_2 * (int64_t) g1;
+    int64_t f5g2    = f5   * (int64_t) g2;
+    int64_t f5g3_2  = f5_2 * (int64_t) g3;
+    int64_t f5g4    = f5   * (int64_t) g4;
+    int64_t f5g5_38 = f5_2 * (int64_t) g5_19;
+    int64_t f5g6_19 = f5   * (int64_t) g6_19;
+    int64_t f5g7_38 = f5_2 * (int64_t) g7_19;
+    int64_t f5g8_19 = f5   * (int64_t) g8_19;
+    int64_t f5g9_38 = f5_2 * (int64_t) g9_19;
+    int64_t f6g0    = f6   * (int64_t) g0;
+    int64_t f6g1    = f6   * (int64_t) g1;
+    int64_t f6g2    = f6   * (int64_t) g2;
+    int64_t f6g3    = f6   * (int64_t) g3;
+    int64_t f6g4_19 = f6   * (int64_t) g4_19;
+    int64_t f6g5_19 = f6   * (int64_t) g5_19;
+    int64_t f6g6_19 = f6   * (int64_t) g6_19;
+    int64_t f6g7_19 = f6   * (int64_t) g7_19;
+    int64_t f6g8_19 = f6   * (int64_t) g8_19;
+    int64_t f6g9_19 = f6   * (int64_t) g9_19;
+    int64_t f7g0    = f7   * (int64_t) g0;
+    int64_t f7g1_2  = f7_2 * (int64_t) g1;
+    int64_t f7g2    = f7   * (int64_t) g2;
+    int64_t f7g3_38 = f7_2 * (int64_t) g3_19;
+    int64_t f7g4_19 = f7   * (int64_t) g4_19;
+    int64_t f7g5_38 = f7_2 * (int64_t) g5_19;
+    int64_t f7g6_19 = f7   * (int64_t) g6_19;
+    int64_t f7g7_38 = f7_2 * (int64_t) g7_19;
+    int64_t f7g8_19 = f7   * (int64_t) g8_19;
+    int64_t f7g9_38 = f7_2 * (int64_t) g9_19;
+    int64_t f8g0    = f8   * (int64_t) g0;
+    int64_t f8g1    = f8   * (int64_t) g1;
+    int64_t f8g2_19 = f8   * (int64_t) g2_19;
+    int64_t f8g3_19 = f8   * (int64_t) g3_19;
+    int64_t f8g4_19 = f8   * (int64_t) g4_19;
+    int64_t f8g5_19 = f8   * (int64_t) g5_19;
+    int64_t f8g6_19 = f8   * (int64_t) g6_19;
+    int64_t f8g7_19 = f8   * (int64_t) g7_19;
+    int64_t f8g8_19 = f8   * (int64_t) g8_19;
+    int64_t f8g9_19 = f8   * (int64_t) g9_19;
+    int64_t f9g0    = f9   * (int64_t) g0;
+    int64_t f9g1_38 = f9_2 * (int64_t) g1_19;
+    int64_t f9g2_19 = f9   * (int64_t) g2_19;
+    int64_t f9g3_38 = f9_2 * (int64_t) g3_19;
+    int64_t f9g4_19 = f9   * (int64_t) g4_19;
+    int64_t f9g5_38 = f9_2 * (int64_t) g5_19;
+    int64_t f9g6_19 = f9   * (int64_t) g6_19;
+    int64_t f9g7_38 = f9_2 * (int64_t) g7_19;
+    int64_t f9g8_19 = f9   * (int64_t) g8_19;
+    int64_t f9g9_38 = f9_2 * (int64_t) g9_19;
+    int64_t h0 = f0g0 + f1g9_38 + f2g8_19 + f3g7_38 + f4g6_19 + f5g5_38 + f6g4_19 + f7g3_38 + f8g2_19 + f9g1_38;
+    int64_t h1 = f0g1 + f1g0    + f2g9_19 + f3g8_19 + f4g7_19 + f5g6_19 + f6g5_19 + f7g4_19 + f8g3_19 + f9g2_19;
+    int64_t h2 = f0g2 + f1g1_2  + f2g0    + f3g9_38 + f4g8_19 + f5g7_38 + f6g6_19 + f7g5_38 + f8g4_19 + f9g3_38;
+    int64_t h3 = f0g3 + f1g2    + f2g1    + f3g0    + f4g9_19 + f5g8_19 + f6g7_19 + f7g6_19 + f8g5_19 + f9g4_19;
+    int64_t h4 = f0g4 + f1g3_2  + f2g2    + f3g1_2  + f4g0    + f5g9_38 + f6g8_19 + f7g7_38 + f8g6_19 + f9g5_38;
+    int64_t h5 = f0g5 + f1g4    + f2g3    + f3g2    + f4g1    + f5g0    + f6g9_19 + f7g8_19 + f8g7_19 + f9g6_19;
+    int64_t h6 = f0g6 + f1g5_2  + f2g4    + f3g3_2  + f4g2    + f5g1_2  + f6g0    + f7g9_38 + f8g8_19 + f9g7_38;
+    int64_t h7 = f0g7 + f1g6    + f2g5    + f3g4    + f4g3    + f5g2    + f6g1    + f7g0    + f8g9_19 + f9g8_19;
+    int64_t h8 = f0g8 + f1g7_2  + f2g6    + f3g5_2  + f4g4    + f5g3_2  + f6g2    + f7g1_2  + f8g0    + f9g9_38;
+    int64_t h9 = f0g9 + f1g8    + f2g7    + f3g6    + f4g5    + f5g4    + f6g3    + f7g2    + f8g1    + f9g0   ;
+    int64_t carry0;
+    int64_t carry1;
+    int64_t carry2;
+    int64_t carry3;
+    int64_t carry4;
+    int64_t carry5;
+    int64_t carry6;
+    int64_t carry7;
+    int64_t carry8;
+    int64_t carry9;
+
+    /* |h0| <= (1.65*1.65*2^52*(1+19+19+19+19)+1.65*1.65*2^50*(38+38+38+38+38))
+     *   i.e. |h0| <= 1.4*2^60; narrower ranges for h2, h4, h6, h8
+     * |h1| <= (1.65*1.65*2^51*(1+1+19+19+19+19+19+19+19+19))
+     *   i.e. |h1| <= 1.7*2^59; narrower ranges for h3, h5, h7, h9 */
+
+    carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
+    carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
+    /* |h0| <= 2^25 */
+    /* |h4| <= 2^25 */
+    /* |h1| <= 1.71*2^59 */
+    /* |h5| <= 1.71*2^59 */
+
+    carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits;
+    carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits;
+    /* |h1| <= 2^24; from now on fits into int32 */
+    /* |h5| <= 2^24; from now on fits into int32 */
+    /* |h2| <= 1.41*2^60 */
+    /* |h6| <= 1.41*2^60 */
+
+    carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits;
+    carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits;
+    /* |h2| <= 2^25; from now on fits into int32 unchanged */
+    /* |h6| <= 2^25; from now on fits into int32 unchanged */
+    /* |h3| <= 1.71*2^59 */
+    /* |h7| <= 1.71*2^59 */
+
+    carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits;
+    carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits;
+    /* |h3| <= 2^24; from now on fits into int32 unchanged */
+    /* |h7| <= 2^24; from now on fits into int32 unchanged */
+    /* |h4| <= 1.72*2^34 */
+    /* |h8| <= 1.41*2^60 */
+
+    carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
+    carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits;
+    /* |h4| <= 2^25; from now on fits into int32 unchanged */
+    /* |h8| <= 2^25; from now on fits into int32 unchanged */
+    /* |h5| <= 1.01*2^24 */
+    /* |h9| <= 1.71*2^59 */
+
+    carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits;
+    /* |h9| <= 2^24; from now on fits into int32 unchanged */
+    /* |h0| <= 1.1*2^39 */
+
+    carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
+    /* |h0| <= 2^25; from now on fits into int32 unchanged */
+    /* |h1| <= 1.01*2^24 */
+
+    h[0] = (int32_t)h0;
+    h[1] = (int32_t)h1;
+    h[2] = (int32_t)h2;
+    h[3] = (int32_t)h3;
+    h[4] = (int32_t)h4;
+    h[5] = (int32_t)h5;
+    h[6] = (int32_t)h6;
+    h[7] = (int32_t)h7;
+    h[8] = (int32_t)h8;
+    h[9] = (int32_t)h9;
+}
+
+/*
+ * h = f * f
+ *
+ * Can overlap h with f.
+ *
+ * Preconditions:
+ *    |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
+ *
+ * Postconditions:
+ *    |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc.
+ *
+ * See fe_mul.c for discussion of implementation strategy.
+ */
+static void fe_sq(fe h, const fe f)
+{
+    int32_t f0 = f[0];
+    int32_t f1 = f[1];
+    int32_t f2 = f[2];
+    int32_t f3 = f[3];
+    int32_t f4 = f[4];
+    int32_t f5 = f[5];
+    int32_t f6 = f[6];
+    int32_t f7 = f[7];
+    int32_t f8 = f[8];
+    int32_t f9 = f[9];
+    int32_t f0_2 = 2 * f0;
+    int32_t f1_2 = 2 * f1;
+    int32_t f2_2 = 2 * f2;
+    int32_t f3_2 = 2 * f3;
+    int32_t f4_2 = 2 * f4;
+    int32_t f5_2 = 2 * f5;
+    int32_t f6_2 = 2 * f6;
+    int32_t f7_2 = 2 * f7;
+    int32_t f5_38 = 38 * f5; /* 1.959375*2^30 */
+    int32_t f6_19 = 19 * f6; /* 1.959375*2^30 */
+    int32_t f7_38 = 38 * f7; /* 1.959375*2^30 */
+    int32_t f8_19 = 19 * f8; /* 1.959375*2^30 */
+    int32_t f9_38 = 38 * f9; /* 1.959375*2^30 */
+    int64_t f0f0    = f0   * (int64_t) f0;
+    int64_t f0f1_2  = f0_2 * (int64_t) f1;
+    int64_t f0f2_2  = f0_2 * (int64_t) f2;
+    int64_t f0f3_2  = f0_2 * (int64_t) f3;
+    int64_t f0f4_2  = f0_2 * (int64_t) f4;
+    int64_t f0f5_2  = f0_2 * (int64_t) f5;
+    int64_t f0f6_2  = f0_2 * (int64_t) f6;
+    int64_t f0f7_2  = f0_2 * (int64_t) f7;
+    int64_t f0f8_2  = f0_2 * (int64_t) f8;
+    int64_t f0f9_2  = f0_2 * (int64_t) f9;
+    int64_t f1f1_2  = f1_2 * (int64_t) f1;
+    int64_t f1f2_2  = f1_2 * (int64_t) f2;
+    int64_t f1f3_4  = f1_2 * (int64_t) f3_2;
+    int64_t f1f4_2  = f1_2 * (int64_t) f4;
+    int64_t f1f5_4  = f1_2 * (int64_t) f5_2;
+    int64_t f1f6_2  = f1_2 * (int64_t) f6;
+    int64_t f1f7_4  = f1_2 * (int64_t) f7_2;
+    int64_t f1f8_2  = f1_2 * (int64_t) f8;
+    int64_t f1f9_76 = f1_2 * (int64_t) f9_38;
+    int64_t f2f2    = f2   * (int64_t) f2;
+    int64_t f2f3_2  = f2_2 * (int64_t) f3;
+    int64_t f2f4_2  = f2_2 * (int64_t) f4;
+    int64_t f2f5_2  = f2_2 * (int64_t) f5;
+    int64_t f2f6_2  = f2_2 * (int64_t) f6;
+    int64_t f2f7_2  = f2_2 * (int64_t) f7;
+    int64_t f2f8_38 = f2_2 * (int64_t) f8_19;
+    int64_t f2f9_38 = f2   * (int64_t) f9_38;
+    int64_t f3f3_2  = f3_2 * (int64_t) f3;
+    int64_t f3f4_2  = f3_2 * (int64_t) f4;
+    int64_t f3f5_4  = f3_2 * (int64_t) f5_2;
+    int64_t f3f6_2  = f3_2 * (int64_t) f6;
+    int64_t f3f7_76 = f3_2 * (int64_t) f7_38;
+    int64_t f3f8_38 = f3_2 * (int64_t) f8_19;
+    int64_t f3f9_76 = f3_2 * (int64_t) f9_38;
+    int64_t f4f4    = f4   * (int64_t) f4;
+    int64_t f4f5_2  = f4_2 * (int64_t) f5;
+    int64_t f4f6_38 = f4_2 * (int64_t) f6_19;
+    int64_t f4f7_38 = f4   * (int64_t) f7_38;
+    int64_t f4f8_38 = f4_2 * (int64_t) f8_19;
+    int64_t f4f9_38 = f4   * (int64_t) f9_38;
+    int64_t f5f5_38 = f5   * (int64_t) f5_38;
+    int64_t f5f6_38 = f5_2 * (int64_t) f6_19;
+    int64_t f5f7_76 = f5_2 * (int64_t) f7_38;
+    int64_t f5f8_38 = f5_2 * (int64_t) f8_19;
+    int64_t f5f9_76 = f5_2 * (int64_t) f9_38;
+    int64_t f6f6_19 = f6   * (int64_t) f6_19;
+    int64_t f6f7_38 = f6   * (int64_t) f7_38;
+    int64_t f6f8_38 = f6_2 * (int64_t) f8_19;
+    int64_t f6f9_38 = f6   * (int64_t) f9_38;
+    int64_t f7f7_38 = f7   * (int64_t) f7_38;
+    int64_t f7f8_38 = f7_2 * (int64_t) f8_19;
+    int64_t f7f9_76 = f7_2 * (int64_t) f9_38;
+    int64_t f8f8_19 = f8   * (int64_t) f8_19;
+    int64_t f8f9_38 = f8   * (int64_t) f9_38;
+    int64_t f9f9_38 = f9   * (int64_t) f9_38;
+    int64_t h0 = f0f0   + f1f9_76 + f2f8_38 + f3f7_76 + f4f6_38 + f5f5_38;
+    int64_t h1 = f0f1_2 + f2f9_38 + f3f8_38 + f4f7_38 + f5f6_38;
+    int64_t h2 = f0f2_2 + f1f1_2  + f3f9_76 + f4f8_38 + f5f7_76 + f6f6_19;
+    int64_t h3 = f0f3_2 + f1f2_2  + f4f9_38 + f5f8_38 + f6f7_38;
+    int64_t h4 = f0f4_2 + f1f3_4  + f2f2    + f5f9_76 + f6f8_38 + f7f7_38;
+    int64_t h5 = f0f5_2 + f1f4_2  + f2f3_2  + f6f9_38 + f7f8_38;
+    int64_t h6 = f0f6_2 + f1f5_4  + f2f4_2  + f3f3_2  + f7f9_76 + f8f8_19;
+    int64_t h7 = f0f7_2 + f1f6_2  + f2f5_2  + f3f4_2  + f8f9_38;
+    int64_t h8 = f0f8_2 + f1f7_4  + f2f6_2  + f3f5_4  + f4f4    + f9f9_38;
+    int64_t h9 = f0f9_2 + f1f8_2  + f2f7_2  + f3f6_2  + f4f5_2;
+    int64_t carry0;
+    int64_t carry1;
+    int64_t carry2;
+    int64_t carry3;
+    int64_t carry4;
+    int64_t carry5;
+    int64_t carry6;
+    int64_t carry7;
+    int64_t carry8;
+    int64_t carry9;
+
+    carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
+    carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
+
+    carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits;
+    carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits;
+
+    carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits;
+    carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits;
+
+    carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits;
+    carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits;
+
+    carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
+    carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits;
+
+    carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits;
+
+    carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
+
+    h[0] = (int32_t)h0;
+    h[1] = (int32_t)h1;
+    h[2] = (int32_t)h2;
+    h[3] = (int32_t)h3;
+    h[4] = (int32_t)h4;
+    h[5] = (int32_t)h5;
+    h[6] = (int32_t)h6;
+    h[7] = (int32_t)h7;
+    h[8] = (int32_t)h8;
+    h[9] = (int32_t)h9;
+}
+
+static void fe_invert(fe out, const fe z)
+{
+    fe t0;
+    fe t1;
+    fe t2;
+    fe t3;
+    int i;
+
+    /*
+     * Compute z ** -1 = z ** (2 ** 255 - 19 - 2) with the exponent as
+     * 2 ** 255 - 21 = (2 ** 5) * (2 ** 250 - 1) + 11.
+     */
+
+    /* t0 = z ** 2 */
+    fe_sq(t0, z);
+
+    /* t1 = t0 ** (2 ** 2) = z ** 8 */
+    fe_sq(t1, t0);
+    fe_sq(t1, t1);
+
+    /* t1 = z * t1 = z ** 9 */
+    fe_mul(t1, z, t1);
+    /* t0 = t0 * t1 = z ** 11 -- stash t0 away for the end. */
+    fe_mul(t0, t0, t1);
+
+    /* t2 = t0 ** 2 = z ** 22 */
+    fe_sq(t2, t0);
+
+    /* t1 = t1 * t2 = z ** (2 ** 5 - 1) */
+    fe_mul(t1, t1, t2);
+
+    /* t2 = t1 ** (2 ** 5) = z ** ((2 ** 5) * (2 ** 5 - 1)) */
+    fe_sq(t2, t1);
+    for (i = 1; i < 5; ++i) {
+        fe_sq(t2, t2);
+    }
+
+    /* t1 = t1 * t2 = z ** ((2 ** 5 + 1) * (2 ** 5 - 1)) = z ** (2 ** 10 - 1) */
+    fe_mul(t1, t2, t1);
+
+    /* Continuing similarly... */
+
+    /* t2 = z ** (2 ** 20 - 1) */
+    fe_sq(t2, t1);
+    for (i = 1; i < 10; ++i) {
+        fe_sq(t2, t2);
+    }
+    fe_mul(t2, t2, t1);
+
+    /* t2 = z ** (2 ** 40 - 1) */
+    fe_sq(t3, t2);
+    for (i = 1; i < 20; ++i) {
+        fe_sq(t3, t3);
+    }
+    fe_mul(t2, t3, t2);
+
+    /* t2 = z ** (2 ** 10) * (2 ** 40 - 1) */
+    for (i = 0; i < 10; ++i) {
+        fe_sq(t2, t2);
+    }
+    /* t1 = z ** (2 ** 50 - 1) */
+    fe_mul(t1, t2, t1);
+
+    /* t2 = z ** (2 ** 100 - 1) */
+    fe_sq(t2, t1);
+    for (i = 1; i < 50; ++i) {
+        fe_sq(t2, t2);
+    }
+    fe_mul(t2, t2, t1);
+
+    /* t2 = z ** (2 ** 200 - 1) */
+    fe_sq(t3, t2);
+    for (i = 1; i < 100; ++i) {
+        fe_sq(t3, t3);
+    }
+    fe_mul(t2, t3, t2);
+
+    /* t2 = z ** ((2 ** 50) * (2 ** 200 - 1) */
+    fe_sq(t2, t2);
+    for (i = 1; i < 50; ++i) {
+        fe_sq(t2, t2);
+    }
+
+    /* t1 = z ** (2 ** 250 - 1) */
+    fe_mul(t1, t2, t1);
+
+    /* t1 = z ** ((2 ** 5) * (2 ** 250 - 1)) */
+    fe_sq(t1, t1);
+    for (i = 1; i < 5; ++i) {
+        fe_sq(t1, t1);
+    }
+
+    /* Recall t0 = z ** 11; out = z ** (2 ** 255 - 21) */
+    fe_mul(out, t1, t0);
+}
+
+/*
+ * h = -f
+ *
+ * Preconditions:
+ *    |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+ *
+ * Postconditions:
+ *    |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+ */
+static void fe_neg(fe h, const fe f)
+{
+    unsigned i;
+
+    for (i = 0; i < 10; i++) {
+        h[i] = -f[i];
+    }
+}
+
+/*
+ * Replace (f,g) with (g,g) if b == 1;
+ * replace (f,g) with (f,g) if b == 0.
+ *
+ * Preconditions: b in {0,1}.
+ */
+static void fe_cmov(fe f, const fe g, unsigned b)
+{
+    size_t i;
+
+    b = 0-b;
+    for (i = 0; i < 10; i++) {
+        int32_t x = f[i] ^ g[i];
+        x &= b;
+        f[i] ^= x;
+    }
+}
+
+/*
+ * return 0 if f == 0
+ * return 1 if f != 0
+ *
+ * Preconditions:
+ *    |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+ */
+static int fe_isnonzero(const fe f)
+{
+    uint8_t s[32];
+    static const uint8_t zero[32] = {0};
+
+    fe_tobytes(s, f);
+
+    return CRYPTO_memcmp(s, zero, sizeof(zero)) != 0;
+}
+
+/*
+ * return 1 if f is in {1,3,5,...,q-2}
+ * return 0 if f is in {0,2,4,...,q-1}
+ *
+ * Preconditions:
+ *    |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+ */
+static int fe_isnegative(const fe f)
+{
+    uint8_t s[32];
+
+    fe_tobytes(s, f);
+    return s[0] & 1;
+}
+
+/*
+ * h = 2 * f * f
+ *
+ * Can overlap h with f.
+ *
+ * Preconditions:
+ *    |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
+ *
+ * Postconditions:
+ *    |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc.
+ *
+ * See fe_mul.c for discussion of implementation strategy.
+ */
+static void fe_sq2(fe h, const fe f)
+{
+    int32_t f0 = f[0];
+    int32_t f1 = f[1];
+    int32_t f2 = f[2];
+    int32_t f3 = f[3];
+    int32_t f4 = f[4];
+    int32_t f5 = f[5];
+    int32_t f6 = f[6];
+    int32_t f7 = f[7];
+    int32_t f8 = f[8];
+    int32_t f9 = f[9];
+    int32_t f0_2 = 2 * f0;
+    int32_t f1_2 = 2 * f1;
+    int32_t f2_2 = 2 * f2;
+    int32_t f3_2 = 2 * f3;
+    int32_t f4_2 = 2 * f4;
+    int32_t f5_2 = 2 * f5;
+    int32_t f6_2 = 2 * f6;
+    int32_t f7_2 = 2 * f7;
+    int32_t f5_38 = 38 * f5; /* 1.959375*2^30 */
+    int32_t f6_19 = 19 * f6; /* 1.959375*2^30 */
+    int32_t f7_38 = 38 * f7; /* 1.959375*2^30 */
+    int32_t f8_19 = 19 * f8; /* 1.959375*2^30 */
+    int32_t f9_38 = 38 * f9; /* 1.959375*2^30 */
+    int64_t f0f0    = f0   * (int64_t) f0;
+    int64_t f0f1_2  = f0_2 * (int64_t) f1;
+    int64_t f0f2_2  = f0_2 * (int64_t) f2;
+    int64_t f0f3_2  = f0_2 * (int64_t) f3;
+    int64_t f0f4_2  = f0_2 * (int64_t) f4;
+    int64_t f0f5_2  = f0_2 * (int64_t) f5;
+    int64_t f0f6_2  = f0_2 * (int64_t) f6;
+    int64_t f0f7_2  = f0_2 * (int64_t) f7;
+    int64_t f0f8_2  = f0_2 * (int64_t) f8;
+    int64_t f0f9_2  = f0_2 * (int64_t) f9;
+    int64_t f1f1_2  = f1_2 * (int64_t) f1;
+    int64_t f1f2_2  = f1_2 * (int64_t) f2;
+    int64_t f1f3_4  = f1_2 * (int64_t) f3_2;
+    int64_t f1f4_2  = f1_2 * (int64_t) f4;
+    int64_t f1f5_4  = f1_2 * (int64_t) f5_2;
+    int64_t f1f6_2  = f1_2 * (int64_t) f6;
+    int64_t f1f7_4  = f1_2 * (int64_t) f7_2;
+    int64_t f1f8_2  = f1_2 * (int64_t) f8;
+    int64_t f1f9_76 = f1_2 * (int64_t) f9_38;
+    int64_t f2f2    = f2   * (int64_t) f2;
+    int64_t f2f3_2  = f2_2 * (int64_t) f3;
+    int64_t f2f4_2  = f2_2 * (int64_t) f4;
+    int64_t f2f5_2  = f2_2 * (int64_t) f5;
+    int64_t f2f6_2  = f2_2 * (int64_t) f6;
+    int64_t f2f7_2  = f2_2 * (int64_t) f7;
+    int64_t f2f8_38 = f2_2 * (int64_t) f8_19;
+    int64_t f2f9_38 = f2   * (int64_t) f9_38;
+    int64_t f3f3_2  = f3_2 * (int64_t) f3;
+    int64_t f3f4_2  = f3_2 * (int64_t) f4;
+    int64_t f3f5_4  = f3_2 * (int64_t) f5_2;
+    int64_t f3f6_2  = f3_2 * (int64_t) f6;
+    int64_t f3f7_76 = f3_2 * (int64_t) f7_38;
+    int64_t f3f8_38 = f3_2 * (int64_t) f8_19;
+    int64_t f3f9_76 = f3_2 * (int64_t) f9_38;
+    int64_t f4f4    = f4   * (int64_t) f4;
+    int64_t f4f5_2  = f4_2 * (int64_t) f5;
+    int64_t f4f6_38 = f4_2 * (int64_t) f6_19;
+    int64_t f4f7_38 = f4   * (int64_t) f7_38;
+    int64_t f4f8_38 = f4_2 * (int64_t) f8_19;
+    int64_t f4f9_38 = f4   * (int64_t) f9_38;
+    int64_t f5f5_38 = f5   * (int64_t) f5_38;
+    int64_t f5f6_38 = f5_2 * (int64_t) f6_19;
+    int64_t f5f7_76 = f5_2 * (int64_t) f7_38;
+    int64_t f5f8_38 = f5_2 * (int64_t) f8_19;
+    int64_t f5f9_76 = f5_2 * (int64_t) f9_38;
+    int64_t f6f6_19 = f6   * (int64_t) f6_19;
+    int64_t f6f7_38 = f6   * (int64_t) f7_38;
+    int64_t f6f8_38 = f6_2 * (int64_t) f8_19;
+    int64_t f6f9_38 = f6   * (int64_t) f9_38;
+    int64_t f7f7_38 = f7   * (int64_t) f7_38;
+    int64_t f7f8_38 = f7_2 * (int64_t) f8_19;
+    int64_t f7f9_76 = f7_2 * (int64_t) f9_38;
+    int64_t f8f8_19 = f8   * (int64_t) f8_19;
+    int64_t f8f9_38 = f8   * (int64_t) f9_38;
+    int64_t f9f9_38 = f9   * (int64_t) f9_38;
+    int64_t h0 = f0f0   + f1f9_76 + f2f8_38 + f3f7_76 + f4f6_38 + f5f5_38;
+    int64_t h1 = f0f1_2 + f2f9_38 + f3f8_38 + f4f7_38 + f5f6_38;
+    int64_t h2 = f0f2_2 + f1f1_2  + f3f9_76 + f4f8_38 + f5f7_76 + f6f6_19;
+    int64_t h3 = f0f3_2 + f1f2_2  + f4f9_38 + f5f8_38 + f6f7_38;
+    int64_t h4 = f0f4_2 + f1f3_4  + f2f2    + f5f9_76 + f6f8_38 + f7f7_38;
+    int64_t h5 = f0f5_2 + f1f4_2  + f2f3_2  + f6f9_38 + f7f8_38;
+    int64_t h6 = f0f6_2 + f1f5_4  + f2f4_2  + f3f3_2  + f7f9_76 + f8f8_19;
+    int64_t h7 = f0f7_2 + f1f6_2  + f2f5_2  + f3f4_2  + f8f9_38;
+    int64_t h8 = f0f8_2 + f1f7_4  + f2f6_2  + f3f5_4  + f4f4    + f9f9_38;
+    int64_t h9 = f0f9_2 + f1f8_2  + f2f7_2  + f3f6_2  + f4f5_2;
+    int64_t carry0;
+    int64_t carry1;
+    int64_t carry2;
+    int64_t carry3;
+    int64_t carry4;
+    int64_t carry5;
+    int64_t carry6;
+    int64_t carry7;
+    int64_t carry8;
+    int64_t carry9;
+
+    h0 += h0;
+    h1 += h1;
+    h2 += h2;
+    h3 += h3;
+    h4 += h4;
+    h5 += h5;
+    h6 += h6;
+    h7 += h7;
+    h8 += h8;
+    h9 += h9;
+
+    carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
+    carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
+
+    carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits;
+    carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits;
+
+    carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits;
+    carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits;
+
+    carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits;
+    carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits;
+
+    carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
+    carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits;
+
+    carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits;
+
+    carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
+
+    h[0] = (int32_t)h0;
+    h[1] = (int32_t)h1;
+    h[2] = (int32_t)h2;
+    h[3] = (int32_t)h3;
+    h[4] = (int32_t)h4;
+    h[5] = (int32_t)h5;
+    h[6] = (int32_t)h6;
+    h[7] = (int32_t)h7;
+    h[8] = (int32_t)h8;
+    h[9] = (int32_t)h9;
+}
+
+static void fe_pow22523(fe out, const fe z)
+{
+    fe t0;
+    fe t1;
+    fe t2;
+    int i;
+
+    fe_sq(t0, z);
+    fe_sq(t1, t0);
+    for (i = 1; i < 2; ++i) {
+        fe_sq(t1, t1);
+    }
+    fe_mul(t1, z, t1);
+    fe_mul(t0, t0, t1);
+    fe_sq(t0, t0);
+    fe_mul(t0, t1, t0);
+    fe_sq(t1, t0);
+    for (i = 1; i < 5; ++i) {
+        fe_sq(t1, t1);
+    }
+    fe_mul(t0, t1, t0);
+    fe_sq(t1, t0);
+    for (i = 1; i < 10; ++i) {
+        fe_sq(t1, t1);
+    }
+    fe_mul(t1, t1, t0);
+    fe_sq(t2, t1);
+    for (i = 1; i < 20; ++i) {
+        fe_sq(t2, t2);
+    }
+    fe_mul(t1, t2, t1);
+    fe_sq(t1, t1);
+    for (i = 1; i < 10; ++i) {
+        fe_sq(t1, t1);
+    }
+    fe_mul(t0, t1, t0);
+    fe_sq(t1, t0);
+    for (i = 1; i < 50; ++i) {
+        fe_sq(t1, t1);
+    }
+    fe_mul(t1, t1, t0);
+    fe_sq(t2, t1);
+    for (i = 1; i < 100; ++i) {
+        fe_sq(t2, t2);
+    }
+    fe_mul(t1, t2, t1);
+    fe_sq(t1, t1);
+    for (i = 1; i < 50; ++i) {
+        fe_sq(t1, t1);
+    }
+    fe_mul(t0, t1, t0);
+    fe_sq(t0, t0);
+    for (i = 1; i < 2; ++i) {
+        fe_sq(t0, t0);
+    }
+    fe_mul(out, t0, z);
+}
+
+/*
+ * ge means group element.
+ *
+ * Here the group is the set of pairs (x,y) of field elements (see fe.h)
+ * satisfying -x^2 + y^2 = 1 + d x^2y^2
+ * where d = -121665/121666.
+ *
+ * Representations:
+ *   ge_p2 (projective): (X:Y:Z) satisfying x=X/Z, y=Y/Z
+ *   ge_p3 (extended): (X:Y:Z:T) satisfying x=X/Z, y=Y/Z, XY=ZT
+ *   ge_p1p1 (completed): ((X:Z),(Y:T)) satisfying x=X/Z, y=Y/T
+ *   ge_precomp (Duif): (y+x,y-x,2dxy)
+ */
+typedef struct {
+    fe X;
+    fe Y;
+    fe Z;
+} ge_p2;
+
+typedef struct {
+    fe X;
+    fe Y;
+    fe Z;
+    fe T;
+} ge_p3;
+
+typedef struct {
+    fe X;
+    fe Y;
+    fe Z;
+    fe T;
+} ge_p1p1;
+
+typedef struct {
+    fe yplusx;
+    fe yminusx;
+    fe xy2d;
+} ge_precomp;
+
+typedef struct {
+    fe YplusX;
+    fe YminusX;
+    fe Z;
+    fe T2d;
+} ge_cached;
+
+static void ge_tobytes(uint8_t *s, const ge_p2 *h)
+{
+    fe recip;
+    fe x;
+    fe y;
+
+    fe_invert(recip, h->Z);
+    fe_mul(x, h->X, recip);
+    fe_mul(y, h->Y, recip);
+    fe_tobytes(s, y);
+    s[31] ^= fe_isnegative(x) << 7;
+}
+
+static void ge_p3_tobytes(uint8_t *s, const ge_p3 *h)
+{
+    fe recip;
+    fe x;
+    fe y;
+
+    fe_invert(recip, h->Z);
+    fe_mul(x, h->X, recip);
+    fe_mul(y, h->Y, recip);
+    fe_tobytes(s, y);
+    s[31] ^= fe_isnegative(x) << 7;
+}
+
+static const fe d = {
+    -10913610, 13857413, -15372611, 6949391,   114729,
+    -8787816,  -6275908, -3247719,  -18696448, -12055116
+};
+
+static const fe sqrtm1 = {
+    -32595792, -7943725,  9377950,  3500415, 12389472,
+    -272473,   -25146209, -2005654, 326686,  11406482
+};
+
+static int ge_frombytes_vartime(ge_p3 *h, const uint8_t *s)
+{
+    fe u;
+    fe v;
+    fe v3;
+    fe vxx;
+    fe check;
+
+    fe_frombytes(h->Y, s);
+    fe_1(h->Z);
+    fe_sq(u, h->Y);
+    fe_mul(v, u, d);
+    fe_sub(u, u, h->Z); /* u = y^2-1 */
+    fe_add(v, v, h->Z); /* v = dy^2+1 */
+
+    fe_sq(v3, v);
+    fe_mul(v3, v3, v); /* v3 = v^3 */
+    fe_sq(h->X, v3);
+    fe_mul(h->X, h->X, v);
+    fe_mul(h->X, h->X, u); /* x = uv^7 */
+
+    fe_pow22523(h->X, h->X); /* x = (uv^7)^((q-5)/8) */
+    fe_mul(h->X, h->X, v3);
+    fe_mul(h->X, h->X, u); /* x = uv^3(uv^7)^((q-5)/8) */
+
+    fe_sq(vxx, h->X);
+    fe_mul(vxx, vxx, v);
+    fe_sub(check, vxx, u); /* vx^2-u */
+    if (fe_isnonzero(check)) {
+        fe_add(check, vxx, u); /* vx^2+u */
+        if (fe_isnonzero(check)) {
+            return -1;
+        }
+        fe_mul(h->X, h->X, sqrtm1);
+    }
+
+    if (fe_isnegative(h->X) != (s[31] >> 7)) {
+        fe_neg(h->X, h->X);
+    }
+
+    fe_mul(h->T, h->X, h->Y);
+    return 0;
+}
+
+static void ge_p2_0(ge_p2 *h)
+{
+    fe_0(h->X);
+    fe_1(h->Y);
+    fe_1(h->Z);
+}
+
+static void ge_p3_0(ge_p3 *h)
+{
+    fe_0(h->X);
+    fe_1(h->Y);
+    fe_1(h->Z);
+    fe_0(h->T);
+}
+
+static void ge_precomp_0(ge_precomp *h)
+{
+    fe_1(h->yplusx);
+    fe_1(h->yminusx);
+    fe_0(h->xy2d);
+}
+
+/* r = p */
+static void ge_p3_to_p2(ge_p2 *r, const ge_p3 *p)
+{
+    fe_copy(r->X, p->X);
+    fe_copy(r->Y, p->Y);
+    fe_copy(r->Z, p->Z);
+}
+
+static const fe d2 = {
+    -21827239, -5839606,  -30745221, 13898782, 229458,
+    15978800,  -12551817, -6495438,  29715968, 9444199
+};
+
+/* r = p */
+static void ge_p3_to_cached(ge_cached *r, const ge_p3 *p)
+{
+    fe_add(r->YplusX, p->Y, p->X);
+    fe_sub(r->YminusX, p->Y, p->X);
+    fe_copy(r->Z, p->Z);
+    fe_mul(r->T2d, p->T, d2);
+}
+
+/* r = p */
+static void ge_p1p1_to_p2(ge_p2 *r, const ge_p1p1 *p)
+{
+    fe_mul(r->X, p->X, p->T);
+    fe_mul(r->Y, p->Y, p->Z);
+    fe_mul(r->Z, p->Z, p->T);
+}
+
+/* r = p */
+static void ge_p1p1_to_p3(ge_p3 *r, const ge_p1p1 *p)
+{
+    fe_mul(r->X, p->X, p->T);
+    fe_mul(r->Y, p->Y, p->Z);
+    fe_mul(r->Z, p->Z, p->T);
+    fe_mul(r->T, p->X, p->Y);
+}
+
+/* r = 2 * p */
+static void ge_p2_dbl(ge_p1p1 *r, const ge_p2 *p)
+{
+    fe t0;
+
+    fe_sq(r->X, p->X);
+    fe_sq(r->Z, p->Y);
+    fe_sq2(r->T, p->Z);
+    fe_add(r->Y, p->X, p->Y);
+    fe_sq(t0, r->Y);
+    fe_add(r->Y, r->Z, r->X);
+    fe_sub(r->Z, r->Z, r->X);
+    fe_sub(r->X, t0, r->Y);
+    fe_sub(r->T, r->T, r->Z);
+}
+
+/* r = 2 * p */
+static void ge_p3_dbl(ge_p1p1 *r, const ge_p3 *p)
+{
+    ge_p2 q;
+    ge_p3_to_p2(&q, p);
+    ge_p2_dbl(r, &q);
+}
+
+/* r = p + q */
+static void ge_madd(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q)
+{
+    fe t0;
+
+    fe_add(r->X, p->Y, p->X);
+    fe_sub(r->Y, p->Y, p->X);
+    fe_mul(r->Z, r->X, q->yplusx);
+    fe_mul(r->Y, r->Y, q->yminusx);
+    fe_mul(r->T, q->xy2d, p->T);
+    fe_add(t0, p->Z, p->Z);
+    fe_sub(r->X, r->Z, r->Y);
+    fe_add(r->Y, r->Z, r->Y);
+    fe_add(r->Z, t0, r->T);
+    fe_sub(r->T, t0, r->T);
+}
+
+/* r = p - q */
+static void ge_msub(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q)
+{
+    fe t0;
+
+    fe_add(r->X, p->Y, p->X);
+    fe_sub(r->Y, p->Y, p->X);
+    fe_mul(r->Z, r->X, q->yminusx);
+    fe_mul(r->Y, r->Y, q->yplusx);
+    fe_mul(r->T, q->xy2d, p->T);
+    fe_add(t0, p->Z, p->Z);
+    fe_sub(r->X, r->Z, r->Y);
+    fe_add(r->Y, r->Z, r->Y);
+    fe_sub(r->Z, t0, r->T);
+    fe_add(r->T, t0, r->T);
+}
+
+/* r = p + q */
+static void ge_add(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q)
+{
+    fe t0;
+
+    fe_add(r->X, p->Y, p->X);
+    fe_sub(r->Y, p->Y, p->X);
+    fe_mul(r->Z, r->X, q->YplusX);
+    fe_mul(r->Y, r->Y, q->YminusX);
+    fe_mul(r->T, q->T2d, p->T);
+    fe_mul(r->X, p->Z, q->Z);
+    fe_add(t0, r->X, r->X);
+    fe_sub(r->X, r->Z, r->Y);
+    fe_add(r->Y, r->Z, r->Y);
+    fe_add(r->Z, t0, r->T);
+    fe_sub(r->T, t0, r->T);
+}
+
+/* r = p - q */
+static void ge_sub(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q)
+{
+    fe t0;
+
+    fe_add(r->X, p->Y, p->X);
+    fe_sub(r->Y, p->Y, p->X);
+    fe_mul(r->Z, r->X, q->YminusX);
+    fe_mul(r->Y, r->Y, q->YplusX);
+    fe_mul(r->T, q->T2d, p->T);
+    fe_mul(r->X, p->Z, q->Z);
+    fe_add(t0, r->X, r->X);
+    fe_sub(r->X, r->Z, r->Y);
+    fe_add(r->Y, r->Z, r->Y);
+    fe_sub(r->Z, t0, r->T);
+    fe_add(r->T, t0, r->T);
+}
+
+static uint8_t equal(signed char b, signed char c)
+{
+    uint8_t ub = b;
+    uint8_t uc = c;
+    uint8_t x = ub ^ uc; /* 0: yes; 1..255: no */
+    uint32_t y = x;      /* 0: yes; 1..255: no */
+    y -= 1;              /* 4294967295: yes; 0..254: no */
+    y >>= 31;            /* 1: yes; 0: no */
+    return y;
+}
+
+static void cmov(ge_precomp *t, const ge_precomp *u, uint8_t b)
+{
+    fe_cmov(t->yplusx, u->yplusx, b);
+    fe_cmov(t->yminusx, u->yminusx, b);
+    fe_cmov(t->xy2d, u->xy2d, b);
+}
+
+/* k25519Precomp[i][j] = (j+1)*256^i*B */
+static const ge_precomp k25519Precomp[32][8] = {
+    {
+        {
+            {25967493, -14356035, 29566456, 3660896, -12694345, 4014787,
+             27544626, -11754271, -6079156, 2047605},
+            {-12545711, 934262, -2722910, 3049990, -727428, 9406986, 12720692,
+             5043384, 19500929, -15469378},
+            {-8738181, 4489570, 9688441, -14785194, 10184609, -12363380,
+             29287919, 11864899, -24514362, -4438546},
+        },
+        {
+            {-12815894, -12976347, -21581243, 11784320, -25355658, -2750717,
+             -11717903, -3814571, -358445, -10211303},
+            {-21703237, 6903825, 27185491, 6451973, -29577724, -9554005,
+             -15616551, 11189268, -26829678, -5319081},
+            {26966642, 11152617, 32442495, 15396054, 14353839, -12752335,
+             -3128826, -9541118, -15472047, -4166697},
+        },
+        {
+            {15636291, -9688557, 24204773, -7912398, 616977, -16685262,
+             27787600, -14772189, 28944400, -1550024},
+            {16568933, 4717097, -11556148, -1102322, 15682896, -11807043,
+             16354577, -11775962, 7689662, 11199574},
+            {30464156, -5976125, -11779434, -15670865, 23220365, 15915852,
+             7512774, 10017326, -17749093, -9920357},
+        },
+        {
+            {-17036878, 13921892, 10945806, -6033431, 27105052, -16084379,
+             -28926210, 15006023, 3284568, -6276540},
+            {23599295, -8306047, -11193664, -7687416, 13236774, 10506355,
+             7464579, 9656445, 13059162, 10374397},
+            {7798556, 16710257, 3033922, 2874086, 28997861, 2835604, 32406664,
+             -3839045, -641708, -101325},
+        },
+        {
+            {10861363, 11473154, 27284546, 1981175, -30064349, 12577861,
+             32867885, 14515107, -15438304, 10819380},
+            {4708026, 6336745, 20377586, 9066809, -11272109, 6594696, -25653668,
+             12483688, -12668491, 5581306},
+            {19563160, 16186464, -29386857, 4097519, 10237984, -4348115,
+             28542350, 13850243, -23678021, -15815942},
+        },
+        {
+            {-15371964, -12862754, 32573250, 4720197, -26436522, 5875511,
+             -19188627, -15224819, -9818940, -12085777},
+            {-8549212, 109983, 15149363, 2178705, 22900618, 4543417, 3044240,
+             -15689887, 1762328, 14866737},
+            {-18199695, -15951423, -10473290, 1707278, -17185920, 3916101,
+             -28236412, 3959421, 27914454, 4383652},
+        },
+        {
+            {5153746, 9909285, 1723747, -2777874, 30523605, 5516873, 19480852,
+             5230134, -23952439, -15175766},
+            {-30269007, -3463509, 7665486, 10083793, 28475525, 1649722,
+             20654025, 16520125, 30598449, 7715701},
+            {28881845, 14381568, 9657904, 3680757, -20181635, 7843316,
+             -31400660, 1370708, 29794553, -1409300},
+        },
+        {
+            {14499471, -2729599, -33191113, -4254652, 28494862, 14271267,
+             30290735, 10876454, -33154098, 2381726},
+            {-7195431, -2655363, -14730155, 462251, -27724326, 3941372,
+             -6236617, 3696005, -32300832, 15351955},
+            {27431194, 8222322, 16448760, -3907995, -18707002, 11938355,
+             -32961401, -2970515, 29551813, 10109425},
+        },
+    },
+    {
+        {
+            {-13657040, -13155431, -31283750, 11777098, 21447386, 6519384,
+             -2378284, -1627556, 10092783, -4764171},
+            {27939166, 14210322, 4677035, 16277044, -22964462, -12398139,
+             -32508754, 12005538, -17810127, 12803510},
+            {17228999, -15661624, -1233527, 300140, -1224870, -11714777,
+             30364213, -9038194, 18016357, 4397660},
+        },
+        {
+            {-10958843, -7690207, 4776341, -14954238, 27850028, -15602212,
+             -26619106, 14544525, -17477504, 982639},
+            {29253598, 15796703, -2863982, -9908884, 10057023, 3163536, 7332899,
+             -4120128, -21047696, 9934963},
+            {5793303, 16271923, -24131614, -10116404, 29188560, 1206517,
+             -14747930, 4559895, -30123922, -10897950},
+        },
+        {
+            {-27643952, -11493006, 16282657, -11036493, 28414021, -15012264,
+             24191034, 4541697, -13338309, 5500568},
+            {12650548, -1497113, 9052871, 11355358, -17680037, -8400164,
+             -17430592, 12264343, 10874051, 13524335},
+            {25556948, -3045990, 714651, 2510400, 23394682, -10415330, 33119038,
+             5080568, -22528059, 5376628},
+        },
+        {
+            {-26088264, -4011052, -17013699, -3537628, -6726793, 1920897,
+             -22321305, -9447443, 4535768, 1569007},
+            {-2255422, 14606630, -21692440, -8039818, 28430649, 8775819,
+             -30494562, 3044290, 31848280, 12543772},
+            {-22028579, 2943893, -31857513, 6777306, 13784462, -4292203,
+             -27377195, -2062731, 7718482, 14474653},
+        },
+        {
+            {2385315, 2454213, -22631320, 46603, -4437935, -15680415, 656965,
+             -7236665, 24316168, -5253567},
+            {13741529, 10911568, -33233417, -8603737, -20177830, -1033297,
+             33040651, -13424532, -20729456, 8321686},
+            {21060490, -2212744, 15712757, -4336099, 1639040, 10656336,
+             23845965, -11874838, -9984458, 608372},
+        },
+        {
+            {-13672732, -15087586, -10889693, -7557059, -6036909, 11305547,
+             1123968, -6780577, 27229399, 23887},
+            {-23244140, -294205, -11744728, 14712571, -29465699, -2029617,
+             12797024, -6440308, -1633405, 16678954},
+            {-29500620, 4770662, -16054387, 14001338, 7830047, 9564805,
+             -1508144, -4795045, -17169265, 4904953},
+        },
+        {
+            {24059557, 14617003, 19037157, -15039908, 19766093, -14906429,
+             5169211, 16191880, 2128236, -4326833},
+            {-16981152, 4124966, -8540610, -10653797, 30336522, -14105247,
+             -29806336, 916033, -6882542, -2986532},
+            {-22630907, 12419372, -7134229, -7473371, -16478904, 16739175,
+             285431, 2763829, 15736322, 4143876},
+        },
+        {
+            {2379352, 11839345, -4110402, -5988665, 11274298, 794957, 212801,
+             -14594663, 23527084, -16458268},
+            {33431127, -11130478, -17838966, -15626900, 8909499, 8376530,
+             -32625340, 4087881, -15188911, -14416214},
+            {1767683, 7197987, -13205226, -2022635, -13091350, 448826, 5799055,
+             4357868, -4774191, -16323038},
+        },
+    },
+    {
+        {
+            {6721966, 13833823, -23523388, -1551314, 26354293, -11863321,
+             23365147, -3949732, 7390890, 2759800},
+            {4409041, 2052381, 23373853, 10530217, 7676779, -12885954, 21302353,
+             -4264057, 1244380, -12919645},
+            {-4421239, 7169619, 4982368, -2957590, 30256825, -2777540, 14086413,
+             9208236, 15886429, 16489664},
+        },
+        {
+            {1996075, 10375649, 14346367, 13311202, -6874135, -16438411,
+             -13693198, 398369, -30606455, -712933},
+            {-25307465, 9795880, -2777414, 14878809, -33531835, 14780363,
+             13348553, 12076947, -30836462, 5113182},
+            {-17770784, 11797796, 31950843, 13929123, -25888302, 12288344,
+             -30341101, -7336386, 13847711, 5387222},
+        },
+        {
+            {-18582163, -3416217, 17824843, -2340966, 22744343, -10442611,
+             8763061, 3617786, -19600662, 10370991},
+            {20246567, -14369378, 22358229, -543712, 18507283, -10413996,
+             14554437, -8746092, 32232924, 16763880},
+            {9648505, 10094563, 26416693, 14745928, -30374318, -6472621,
+             11094161, 15689506, 3140038, -16510092},
+        },
+        {
+            {-16160072, 5472695, 31895588, 4744994, 8823515, 10365685,
+             -27224800, 9448613, -28774454, 366295},
+            {19153450, 11523972, -11096490, -6503142, -24647631, 5420647,
+             28344573, 8041113, 719605, 11671788},
+            {8678025, 2694440, -6808014, 2517372, 4964326, 11152271, -15432916,
+             -15266516, 27000813, -10195553},
+        },
+        {
+            {-15157904, 7134312, 8639287, -2814877, -7235688, 10421742, 564065,
+             5336097, 6750977, -14521026},
+            {11836410, -3979488, 26297894, 16080799, 23455045, 15735944,
+             1695823, -8819122, 8169720, 16220347},
+            {-18115838, 8653647, 17578566, -6092619, -8025777, -16012763,
+             -11144307, -2627664, -5990708, -14166033},
+        },
+        {
+            {-23308498, -10968312, 15213228, -10081214, -30853605, -11050004,
+             27884329, 2847284, 2655861, 1738395},
+            {-27537433, -14253021, -25336301, -8002780, -9370762, 8129821,
+             21651608, -3239336, -19087449, -11005278},
+            {1533110, 3437855, 23735889, 459276, 29970501, 11335377, 26030092,
+             5821408, 10478196, 8544890},
+        },
+        {
+            {32173121, -16129311, 24896207, 3921497, 22579056, -3410854,
+             19270449, 12217473, 17789017, -3395995},
+            {-30552961, -2228401, -15578829, -10147201, 13243889, 517024,
+             15479401, -3853233, 30460520, 1052596},
+            {-11614875, 13323618, 32618793, 8175907, -15230173, 12596687,
+             27491595, -4612359, 3179268, -9478891},
+        },
+        {
+            {31947069, -14366651, -4640583, -15339921, -15125977, -6039709,
+             -14756777, -16411740, 19072640, -9511060},
+            {11685058, 11822410, 3158003, -13952594, 33402194, -4165066,
+             5977896, -5215017, 473099, 5040608},
+            {-20290863, 8198642, -27410132, 11602123, 1290375, -2799760,
+             28326862, 1721092, -19558642, -3131606},
+        },
+    },
+    {
+        {
+            {7881532, 10687937, 7578723, 7738378, -18951012, -2553952, 21820786,
+             8076149, -27868496, 11538389},
+            {-19935666, 3899861, 18283497, -6801568, -15728660, -11249211,
+             8754525, 7446702, -5676054, 5797016},
+            {-11295600, -3793569, -15782110, -7964573, 12708869, -8456199,
+             2014099, -9050574, -2369172, -5877341},
+        },
+        {
+            {-22472376, -11568741, -27682020, 1146375, 18956691, 16640559,
+             1192730, -3714199, 15123619, 10811505},
+            {14352098, -3419715, -18942044, 10822655, 32750596, 4699007, -70363,
+             15776356, -28886779, -11974553},
+            {-28241164, -8072475, -4978962, -5315317, 29416931, 1847569,
+             -20654173, -16484855, 4714547, -9600655},
+        },
+        {
+            {15200332, 8368572, 19679101, 15970074, -31872674, 1959451,
+             24611599, -4543832, -11745876, 12340220},
+            {12876937, -10480056, 33134381, 6590940, -6307776, 14872440,
+             9613953, 8241152, 15370987, 9608631},
+            {-4143277, -12014408, 8446281, -391603, 4407738, 13629032, -7724868,
+             15866074, -28210621, -8814099},
+        },
+        {
+            {26660628, -15677655, 8393734, 358047, -7401291, 992988, -23904233,
+             858697, 20571223, 8420556},
+            {14620715, 13067227, -15447274, 8264467, 14106269, 15080814,
+             33531827, 12516406, -21574435, -12476749},
+            {236881, 10476226, 57258, -14677024, 6472998, 2466984, 17258519,
+             7256740, 8791136, 15069930},
+        },
+        {
+            {1276410, -9371918, 22949635, -16322807, -23493039, -5702186,
+             14711875, 4874229, -30663140, -2331391},
+            {5855666, 4990204, -13711848, 7294284, -7804282, 1924647, -1423175,
+             -7912378, -33069337, 9234253},
+            {20590503, -9018988, 31529744, -7352666, -2706834, 10650548,
+             31559055, -11609587, 18979186, 13396066},
+        },
+        {
+            {24474287, 4968103, 22267082, 4407354, 24063882, -8325180,
+             -18816887, 13594782, 33514650, 7021958},
+            {-11566906, -6565505, -21365085, 15928892, -26158305, 4315421,
+             -25948728, -3916677, -21480480, 12868082},
+            {-28635013, 13504661, 19988037, -2132761, 21078225, 6443208,
+             -21446107, 2244500, -12455797, -8089383},
+        },
+        {
+            {-30595528, 13793479, -5852820, 319136, -25723172, -6263899,
+             33086546, 8957937, -15233648, 5540521},
+            {-11630176, -11503902, -8119500, -7643073, 2620056, 1022908,
+             -23710744, -1568984, -16128528, -14962807},
+            {23152971, 775386, 27395463, 14006635, -9701118, 4649512, 1689819,
+             892185, -11513277, -15205948},
+        },
+        {
+            {9770129, 9586738, 26496094, 4324120, 1556511, -3550024, 27453819,
+             4763127, -19179614, 5867134},
+            {-32765025, 1927590, 31726409, -4753295, 23962434, -16019500,
+             27846559, 5931263, -29749703, -16108455},
+            {27461885, -2977536, 22380810, 1815854, -23033753, -3031938,
+             7283490, -15148073, -19526700, 7734629},
+        },
+    },
+    {
+        {
+            {-8010264, -9590817, -11120403, 6196038, 29344158, -13430885,
+             7585295, -3176626, 18549497, 15302069},
+            {-32658337, -6171222, -7672793, -11051681, 6258878, 13504381,
+             10458790, -6418461, -8872242, 8424746},
+            {24687205, 8613276, -30667046, -3233545, 1863892, -1830544,
+             19206234, 7134917, -11284482, -828919},
+        },
+        {
+            {11334899, -9218022, 8025293, 12707519, 17523892, -10476071,
+             10243738, -14685461, -5066034, 16498837},
+            {8911542, 6887158, -9584260, -6958590, 11145641, -9543680, 17303925,
+             -14124238, 6536641, 10543906},
+            {-28946384, 15479763, -17466835, 568876, -1497683, 11223454,
+             -2669190, -16625574, -27235709, 8876771},
+        },
+        {
+            {-25742899, -12566864, -15649966, -846607, -33026686, -796288,
+             -33481822, 15824474, -604426, -9039817},
+            {10330056, 70051, 7957388, -9002667, 9764902, 15609756, 27698697,
+             -4890037, 1657394, 3084098},
+            {10477963, -7470260, 12119566, -13250805, 29016247, -5365589,
+             31280319, 14396151, -30233575, 15272409},
+        },
+        {
+            {-12288309, 3169463, 28813183, 16658753, 25116432, -5630466,
+             -25173957, -12636138, -25014757, 1950504},
+            {-26180358, 9489187, 11053416, -14746161, -31053720, 5825630,
+             -8384306, -8767532, 15341279, 8373727},
+            {28685821, 7759505, -14378516, -12002860, -31971820, 4079242,
+             298136, -10232602, -2878207, 15190420},
+        },
+        {
+            {-32932876, 13806336, -14337485, -15794431, -24004620, 10940928,
+             8669718, 2742393, -26033313, -6875003},
+            {-1580388, -11729417, -25979658, -11445023, -17411874, -10912854,
+             9291594, -16247779, -12154742, 6048605},
+            {-30305315, 14843444, 1539301, 11864366, 20201677, 1900163,
+             13934231, 5128323, 11213262, 9168384},
+        },
+        {
+            {-26280513, 11007847, 19408960, -940758, -18592965, -4328580,
+             -5088060, -11105150, 20470157, -16398701},
+            {-23136053, 9282192, 14855179, -15390078, -7362815, -14408560,
+             -22783952, 14461608, 14042978, 5230683},
+            {29969567, -2741594, -16711867, -8552442, 9175486, -2468974,
+             21556951, 3506042, -5933891, -12449708},
+        },
+        {
+            {-3144746, 8744661, 19704003, 4581278, -20430686, 6830683,
+             -21284170, 8971513, -28539189, 15326563},
+            {-19464629, 10110288, -17262528, -3503892, -23500387, 1355669,
+             -15523050, 15300988, -20514118, 9168260},
+            {-5353335, 4488613, -23803248, 16314347, 7780487, -15638939,
+             -28948358, 9601605, 33087103, -9011387},
+        },
+        {
+            {-19443170, -15512900, -20797467, -12445323, -29824447, 10229461,
+             -27444329, -15000531, -5996870, 15664672},
+            {23294591, -16632613, -22650781, -8470978, 27844204, 11461195,
+             13099750, -2460356, 18151676, 13417686},
+            {-24722913, -4176517, -31150679, 5988919, -26858785, 6685065,
+             1661597, -12551441, 15271676, -15452665},
+        },
+    },
+    {
+        {
+            {11433042, -13228665, 8239631, -5279517, -1985436, -725718,
+             -18698764, 2167544, -6921301, -13440182},
+            {-31436171, 15575146, 30436815, 12192228, -22463353, 9395379,
+             -9917708, -8638997, 12215110, 12028277},
+            {14098400, 6555944, 23007258, 5757252, -15427832, -12950502,
+             30123440, 4617780, -16900089, -655628},
+        },
+        {
+            {-4026201, -15240835, 11893168, 13718664, -14809462, 1847385,
+             -15819999, 10154009, 23973261, -12684474},
+            {-26531820, -3695990, -1908898, 2534301, -31870557, -16550355,
+             18341390, -11419951, 32013174, -10103539},
+            {-25479301, 10876443, -11771086, -14625140, -12369567, 1838104,
+             21911214, 6354752, 4425632, -837822},
+        },
+        {
+            {-10433389, -14612966, 22229858, -3091047, -13191166, 776729,
+             -17415375, -12020462, 4725005, 14044970},
+            {19268650, -7304421, 1555349, 8692754, -21474059, -9910664, 6347390,
+             -1411784, -19522291, -16109756},
+            {-24864089, 12986008, -10898878, -5558584, -11312371, -148526,
+             19541418, 8180106, 9282262, 10282508},
+        },
+        {
+            {-26205082, 4428547, -8661196, -13194263, 4098402, -14165257,
+             15522535, 8372215, 5542595, -10702683},
+            {-10562541, 14895633, 26814552, -16673850, -17480754, -2489360,
+             -2781891, 6993761, -18093885, 10114655},
+            {-20107055, -929418, 31422704, 10427861, -7110749, 6150669,
+             -29091755, -11529146, 25953725, -106158},
+        },
+        {
+            {-4234397, -8039292, -9119125, 3046000, 2101609, -12607294,
+             19390020, 6094296, -3315279, 12831125},
+            {-15998678, 7578152, 5310217, 14408357, -33548620, -224739,
+             31575954, 6326196, 7381791, -2421839},
+            {-20902779, 3296811, 24736065, -16328389, 18374254, 7318640,
+             6295303, 8082724, -15362489, 12339664},
+        },
+        {
+            {27724736, 2291157, 6088201, -14184798, 1792727, 5857634, 13848414,
+             15768922, 25091167, 14856294},
+            {-18866652, 8331043, 24373479, 8541013, -701998, -9269457, 12927300,
+             -12695493, -22182473, -9012899},
+            {-11423429, -5421590, 11632845, 3405020, 30536730, -11674039,
+             -27260765, 13866390, 30146206, 9142070},
+        },
+        {
+            {3924129, -15307516, -13817122, -10054960, 12291820, -668366,
+             -27702774, 9326384, -8237858, 4171294},
+            {-15921940, 16037937, 6713787, 16606682, -21612135, 2790944,
+             26396185, 3731949, 345228, -5462949},
+            {-21327538, 13448259, 25284571, 1143661, 20614966, -8849387,
+             2031539, -12391231, -16253183, -13582083},
+        },
+        {
+            {31016211, -16722429, 26371392, -14451233, -5027349, 14854137,
+             17477601, 3842657, 28012650, -16405420},
+            {-5075835, 9368966, -8562079, -4600902, -15249953, 6970560,
+             -9189873, 16292057, -8867157, 3507940},
+            {29439664, 3537914, 23333589, 6997794, -17555561, -11018068,
+             -15209202, -15051267, -9164929, 6580396},
+        },
+    },
+    {
+        {
+            {-12185861, -7679788, 16438269, 10826160, -8696817, -6235611,
+             17860444, -9273846, -2095802, 9304567},
+            {20714564, -4336911, 29088195, 7406487, 11426967, -5095705,
+             14792667, -14608617, 5289421, -477127},
+            {-16665533, -10650790, -6160345, -13305760, 9192020, -1802462,
+             17271490, 12349094, 26939669, -3752294},
+        },
+        {
+            {-12889898, 9373458, 31595848, 16374215, 21471720, 13221525,
+             -27283495, -12348559, -3698806, 117887},
+            {22263325, -6560050, 3984570, -11174646, -15114008, -566785,
+             28311253, 5358056, -23319780, 541964},
+            {16259219, 3261970, 2309254, -15534474, -16885711, -4581916,
+             24134070, -16705829, -13337066, -13552195},
+        },
+        {
+            {9378160, -13140186, -22845982, -12745264, 28198281, -7244098,
+             -2399684, -717351, 690426, 14876244},
+            {24977353, -314384, -8223969, -13465086, 28432343, -1176353,
+             -13068804, -12297348, -22380984, 6618999},
+            {-1538174, 11685646, 12944378, 13682314, -24389511, -14413193,
+             8044829, -13817328, 32239829, -5652762},
+        },
+        {
+            {-18603066, 4762990, -926250, 8885304, -28412480, -3187315, 9781647,
+             -10350059, 32779359, 5095274},
+            {-33008130, -5214506, -32264887, -3685216, 9460461, -9327423,
+             -24601656, 14506724, 21639561, -2630236},
+            {-16400943, -13112215, 25239338, 15531969, 3987758, -4499318,
+             -1289502, -6863535, 17874574, 558605},
+        },
+        {
+            {-13600129, 10240081, 9171883, 16131053, -20869254, 9599700,
+             33499487, 5080151, 2085892, 5119761},
+            {-22205145, -2519528, -16381601, 414691, -25019550, 2170430,
+             30634760, -8363614, -31999993, -5759884},
+            {-6845704, 15791202, 8550074, -1312654, 29928809, -12092256,
+             27534430, -7192145, -22351378, 12961482},
+        },
+        {
+            {-24492060, -9570771, 10368194, 11582341, -23397293, -2245287,
+             16533930, 8206996, -30194652, -5159638},
+            {-11121496, -3382234, 2307366, 6362031, -135455, 8868177, -16835630,
+             7031275, 7589640, 8945490},
+            {-32152748, 8917967, 6661220, -11677616, -1192060, -15793393,
+             7251489, -11182180, 24099109, -14456170},
+        },
+        {
+            {5019558, -7907470, 4244127, -14714356, -26933272, 6453165,
+             -19118182, -13289025, -6231896, -10280736},
+            {10853594, 10721687, 26480089, 5861829, -22995819, 1972175,
+             -1866647, -10557898, -3363451, -6441124},
+            {-17002408, 5906790, 221599, -6563147, 7828208, -13248918, 24362661,
+             -2008168, -13866408, 7421392},
+        },
+        {
+            {8139927, -6546497, 32257646, -5890546, 30375719, 1886181,
+             -21175108, 15441252, 28826358, -4123029},
+            {6267086, 9695052, 7709135, -16603597, -32869068, -1886135,
+             14795160, -7840124, 13746021, -1742048},
+            {28584902, 7787108, -6732942, -15050729, 22846041, -7571236,
+             -3181936, -363524, 4771362, -8419958},
+        },
+    },
+    {
+        {
+            {24949256, 6376279, -27466481, -8174608, -18646154, -9930606,
+             33543569, -12141695, 3569627, 11342593},
+            {26514989, 4740088, 27912651, 3697550, 19331575, -11472339, 6809886,
+             4608608, 7325975, -14801071},
+            {-11618399, -14554430, -24321212, 7655128, -1369274, 5214312,
+             -27400540, 10258390, -17646694, -8186692},
+        },
+        {
+            {11431204, 15823007, 26570245, 14329124, 18029990, 4796082,
+             -31446179, 15580664, 9280358, -3973687},
+            {-160783, -10326257, -22855316, -4304997, -20861367, -13621002,
+             -32810901, -11181622, -15545091, 4387441},
+            {-20799378, 12194512, 3937617, -5805892, -27154820, 9340370,
+             -24513992, 8548137, 20617071, -7482001},
+        },
+        {
+            {-938825, -3930586, -8714311, 16124718, 24603125, -6225393,
+             -13775352, -11875822, 24345683, 10325460},
+            {-19855277, -1568885, -22202708, 8714034, 14007766, 6928528,
+             16318175, -1010689, 4766743, 3552007},
+            {-21751364, -16730916, 1351763, -803421, -4009670, 3950935, 3217514,
+             14481909, 10988822, -3994762},
+        },
+        {
+            {15564307, -14311570, 3101243, 5684148, 30446780, -8051356,
+             12677127, -6505343, -8295852, 13296005},
+            {-9442290, 6624296, -30298964, -11913677, -4670981, -2057379,
+             31521204, 9614054, -30000824, 12074674},
+            {4771191, -135239, 14290749, -13089852, 27992298, 14998318,
+             -1413936, -1556716, 29832613, -16391035},
+        },
+        {
+            {7064884, -7541174, -19161962, -5067537, -18891269, -2912736,
+             25825242, 5293297, -27122660, 13101590},
+            {-2298563, 2439670, -7466610, 1719965, -27267541, -16328445,
+             32512469, -5317593, -30356070, -4190957},
+            {-30006540, 10162316, -33180176, 3981723, -16482138, -13070044,
+             14413974, 9515896, 19568978, 9628812},
+        },
+        {
+            {33053803, 199357, 15894591, 1583059, 27380243, -4580435, -17838894,
+             -6106839, -6291786, 3437740},
+            {-18978877, 3884493, 19469877, 12726490, 15913552, 13614290,
+             -22961733, 70104, 7463304, 4176122},
+            {-27124001, 10659917, 11482427, -16070381, 12771467, -6635117,
+             -32719404, -5322751, 24216882, 5944158},
+        },
+        {
+            {8894125, 7450974, -2664149, -9765752, -28080517, -12389115,
+             19345746, 14680796, 11632993, 5847885},
+            {26942781, -2315317, 9129564, -4906607, 26024105, 11769399,
+             -11518837, 6367194, -9727230, 4782140},
+            {19916461, -4828410, -22910704, -11414391, 25606324, -5972441,
+             33253853, 8220911, 6358847, -1873857},
+        },
+        {
+            {801428, -2081702, 16569428, 11065167, 29875704, 96627, 7908388,
+             -4480480, -13538503, 1387155},
+            {19646058, 5720633, -11416706, 12814209, 11607948, 12749789,
+             14147075, 15156355, -21866831, 11835260},
+            {19299512, 1155910, 28703737, 14890794, 2925026, 7269399, 26121523,
+             15467869, -26560550, 5052483},
+        },
+    },
+    {
+        {
+            {-3017432, 10058206, 1980837, 3964243, 22160966, 12322533, -6431123,
+             -12618185, 12228557, -7003677},
+            {32944382, 14922211, -22844894, 5188528, 21913450, -8719943,
+             4001465, 13238564, -6114803, 8653815},
+            {22865569, -4652735, 27603668, -12545395, 14348958, 8234005,
+             24808405, 5719875, 28483275, 2841751},
+        },
+        {
+            {-16420968, -1113305, -327719, -12107856, 21886282, -15552774,
+             -1887966, -315658, 19932058, -12739203},
+            {-11656086, 10087521, -8864888, -5536143, -19278573, -3055912,
+             3999228, 13239134, -4777469, -13910208},
+            {1382174, -11694719, 17266790, 9194690, -13324356, 9720081,
+             20403944, 11284705, -14013818, 3093230},
+        },
+        {
+            {16650921, -11037932, -1064178, 1570629, -8329746, 7352753, -302424,
+             16271225, -24049421, -6691850},
+            {-21911077, -5927941, -4611316, -5560156, -31744103, -10785293,
+             24123614, 15193618, -21652117, -16739389},
+            {-9935934, -4289447, -25279823, 4372842, 2087473, 10399484,
+             31870908, 14690798, 17361620, 11864968},
+        },
+        {
+            {-11307610, 6210372, 13206574, 5806320, -29017692, -13967200,
+             -12331205, -7486601, -25578460, -16240689},
+            {14668462, -12270235, 26039039, 15305210, 25515617, 4542480,
+             10453892, 6577524, 9145645, -6443880},
+            {5974874, 3053895, -9433049, -10385191, -31865124, 3225009,
+             -7972642, 3936128, -5652273, -3050304},
+        },
+        {
+            {30625386, -4729400, -25555961, -12792866, -20484575, 7695099,
+             17097188, -16303496, -27999779, 1803632},
+            {-3553091, 9865099, -5228566, 4272701, -5673832, -16689700,
+             14911344, 12196514, -21405489, 7047412},
+            {20093277, 9920966, -11138194, -5343857, 13161587, 12044805,
+             -32856851, 4124601, -32343828, -10257566},
+        },
+        {
+            {-20788824, 14084654, -13531713, 7842147, 19119038, -13822605,
+             4752377, -8714640, -21679658, 2288038},
+            {-26819236, -3283715, 29965059, 3039786, -14473765, 2540457,
+             29457502, 14625692, -24819617, 12570232},
+            {-1063558, -11551823, 16920318, 12494842, 1278292, -5869109,
+             -21159943, -3498680, -11974704, 4724943},
+        },
+        {
+            {17960970, -11775534, -4140968, -9702530, -8876562, -1410617,
+             -12907383, -8659932, -29576300, 1903856},
+            {23134274, -14279132, -10681997, -1611936, 20684485, 15770816,
+             -12989750, 3190296, 26955097, 14109738},
+            {15308788, 5320727, -30113809, -14318877, 22902008, 7767164,
+             29425325, -11277562, 31960942, 11934971},
+        },
+        {
+            {-27395711, 8435796, 4109644, 12222639, -24627868, 14818669,
+             20638173, 4875028, 10491392, 1379718},
+            {-13159415, 9197841, 3875503, -8936108, -1383712, -5879801,
+             33518459, 16176658, 21432314, 12180697},
+            {-11787308, 11500838, 13787581, -13832590, -22430679, 10140205,
+             1465425, 12689540, -10301319, -13872883},
+        },
+    },
+    {
+        {
+            {5414091, -15386041, -21007664, 9643570, 12834970, 1186149,
+             -2622916, -1342231, 26128231, 6032912},
+            {-26337395, -13766162, 32496025, -13653919, 17847801, -12669156,
+             3604025, 8316894, -25875034, -10437358},
+            {3296484, 6223048, 24680646, -12246460, -23052020, 5903205,
+             -8862297, -4639164, 12376617, 3188849},
+        },
+        {
+            {29190488, -14659046, 27549113, -1183516, 3520066, -10697301,
+             32049515, -7309113, -16109234, -9852307},
+            {-14744486, -9309156, 735818, -598978, -20407687, -5057904,
+             25246078, -15795669, 18640741, -960977},
+            {-6928835, -16430795, 10361374, 5642961, 4910474, 12345252,
+             -31638386, -494430, 10530747, 1053335},
+        },
+        {
+            {-29265967, -14186805, -13538216, -12117373, -19457059, -10655384,
+             -31462369, -2948985, 24018831, 15026644},
+            {-22592535, -3145277, -2289276, 5953843, -13440189, 9425631,
+             25310643, 13003497, -2314791, -15145616},
+            {-27419985, -603321, -8043984, -1669117, -26092265, 13987819,
+             -27297622, 187899, -23166419, -2531735},
+        },
+        {
+            {-21744398, -13810475, 1844840, 5021428, -10434399, -15911473,
+             9716667, 16266922, -5070217, 726099},
+            {29370922, -6053998, 7334071, -15342259, 9385287, 2247707,
+             -13661962, -4839461, 30007388, -15823341},
+            {-936379, 16086691, 23751945, -543318, -1167538, -5189036, 9137109,
+             730663, 9835848, 4555336},
+        },
+        {
+            {-23376435, 1410446, -22253753, -12899614, 30867635, 15826977,
+             17693930, 544696, -11985298, 12422646},
+            {31117226, -12215734, -13502838, 6561947, -9876867, -12757670,
+             -5118685, -4096706, 29120153, 13924425},
+            {-17400879, -14233209, 19675799, -2734756, -11006962, -5858820,
+             -9383939, -11317700, 7240931, -237388},
+        },
+        {
+            {-31361739, -11346780, -15007447, -5856218, -22453340, -12152771,
+             1222336, 4389483, 3293637, -15551743},
+            {-16684801, -14444245, 11038544, 11054958, -13801175, -3338533,
+             -24319580, 7733547, 12796905, -6335822},
+            {-8759414, -10817836, -25418864, 10783769, -30615557, -9746811,
+             -28253339, 3647836, 3222231, -11160462},
+        },
+        {
+            {18606113, 1693100, -25448386, -15170272, 4112353, 10045021,
+             23603893, -2048234, -7550776, 2484985},
+            {9255317, -3131197, -12156162, -1004256, 13098013, -9214866,
+             16377220, -2102812, -19802075, -3034702},
+            {-22729289, 7496160, -5742199, 11329249, 19991973, -3347502,
+             -31718148, 9936966, -30097688, -10618797},
+        },
+        {
+            {21878590, -5001297, 4338336, 13643897, -3036865, 13160960,
+             19708896, 5415497, -7360503, -4109293},
+            {27736861, 10103576, 12500508, 8502413, -3413016, -9633558,
+             10436918, -1550276, -23659143, -8132100},
+            {19492550, -12104365, -29681976, -852630, -3208171, 12403437,
+             30066266, 8367329, 13243957, 8709688},
+        },
+    },
+    {
+        {
+            {12015105, 2801261, 28198131, 10151021, 24818120, -4743133,
+             -11194191, -5645734, 5150968, 7274186},
+            {2831366, -12492146, 1478975, 6122054, 23825128, -12733586,
+             31097299, 6083058, 31021603, -9793610},
+            {-2529932, -2229646, 445613, 10720828, -13849527, -11505937,
+             -23507731, 16354465, 15067285, -14147707},
+        },
+        {
+            {7840942, 14037873, -33364863, 15934016, -728213, -3642706,
+             21403988, 1057586, -19379462, -12403220},
+            {915865, -16469274, 15608285, -8789130, -24357026, 6060030,
+             -17371319, 8410997, -7220461, 16527025},
+            {32922597, -556987, 20336074, -16184568, 10903705, -5384487,
+             16957574, 52992, 23834301, 6588044},
+        },
+        {
+            {32752030, 11232950, 3381995, -8714866, 22652988, -10744103,
+             17159699, 16689107, -20314580, -1305992},
+            {-4689649, 9166776, -25710296, -10847306, 11576752, 12733943,
+             7924251, -2752281, 1976123, -7249027},
+            {21251222, 16309901, -2983015, -6783122, 30810597, 12967303, 156041,
+             -3371252, 12331345, -8237197},
+        },
+        {
+            {8651614, -4477032, -16085636, -4996994, 13002507, 2950805,
+             29054427, -5106970, 10008136, -4667901},
+            {31486080, 15114593, -14261250, 12951354, 14369431, -7387845,
+             16347321, -13662089, 8684155, -10532952},
+            {19443825, 11385320, 24468943, -9659068, -23919258, 2187569,
+             -26263207, -6086921, 31316348, 14219878},
+        },
+        {
+            {-28594490, 1193785, 32245219, 11392485, 31092169, 15722801,
+             27146014, 6992409, 29126555, 9207390},
+            {32382935, 1110093, 18477781, 11028262, -27411763, -7548111,
+             -4980517, 10843782, -7957600, -14435730},
+            {2814918, 7836403, 27519878, -7868156, -20894015, -11553689,
+             -21494559, 8550130, 28346258, 1994730},
+        },
+        {
+            {-19578299, 8085545, -14000519, -3948622, 2785838, -16231307,
+             -19516951, 7174894, 22628102, 8115180},
+            {-30405132, 955511, -11133838, -15078069, -32447087, -13278079,
+             -25651578, 3317160, -9943017, 930272},
+            {-15303681, -6833769, 28856490, 1357446, 23421993, 1057177,
+             24091212, -1388970, -22765376, -10650715},
+        },
+        {
+            {-22751231, -5303997, -12907607, -12768866, -15811511, -7797053,
+             -14839018, -16554220, -1867018, 8398970},
+            {-31969310, 2106403, -4736360, 1362501, 12813763, 16200670,
+             22981545, -6291273, 18009408, -15772772},
+            {-17220923, -9545221, -27784654, 14166835, 29815394, 7444469,
+             29551787, -3727419, 19288549, 1325865},
+        },
+        {
+            {15100157, -15835752, -23923978, -1005098, -26450192, 15509408,
+             12376730, -3479146, 33166107, -8042750},
+            {20909231, 13023121, -9209752, 16251778, -5778415, -8094914,
+             12412151, 10018715, 2213263, -13878373},
+            {32529814, -11074689, 30361439, -16689753, -9135940, 1513226,
+             22922121, 6382134, -5766928, 8371348},
+        },
+    },
+    {
+        {
+            {9923462, 11271500, 12616794, 3544722, -29998368, -1721626,
+             12891687, -8193132, -26442943, 10486144},
+            {-22597207, -7012665, 8587003, -8257861, 4084309, -12970062, 361726,
+             2610596, -23921530, -11455195},
+            {5408411, -1136691, -4969122, 10561668, 24145918, 14240566,
+             31319731, -4235541, 19985175, -3436086},
+        },
+        {
+            {-13994457, 16616821, 14549246, 3341099, 32155958, 13648976,
+             -17577068, 8849297, 65030, 8370684},
+            {-8320926, -12049626, 31204563, 5839400, -20627288, -1057277,
+             -19442942, 6922164, 12743482, -9800518},
+            {-2361371, 12678785, 28815050, 4759974, -23893047, 4884717,
+             23783145, 11038569, 18800704, 255233},
+        },
+        {
+            {-5269658, -1773886, 13957886, 7990715, 23132995, 728773, 13393847,
+             9066957, 19258688, -14753793},
+            {-2936654, -10827535, -10432089, 14516793, -3640786, 4372541,
+             -31934921, 2209390, -1524053, 2055794},
+            {580882, 16705327, 5468415, -2683018, -30926419, -14696000,
+             -7203346, -8994389, -30021019, 7394435},
+        },
+        {
+            {23838809, 1822728, -15738443, 15242727, 8318092, -3733104,
+             -21672180, -3492205, -4821741, 14799921},
+            {13345610, 9759151, 3371034, -16137791, 16353039, 8577942, 31129804,
+             13496856, -9056018, 7402518},
+            {2286874, -4435931, -20042458, -2008336, -13696227, 5038122,
+             11006906, -15760352, 8205061, 1607563},
+        },
+        {
+            {14414086, -8002132, 3331830, -3208217, 22249151, -5594188,
+             18364661, -2906958, 30019587, -9029278},
+            {-27688051, 1585953, -10775053, 931069, -29120221, -11002319,
+             -14410829, 12029093, 9944378, 8024},
+            {4368715, -3709630, 29874200, -15022983, -20230386, -11410704,
+             -16114594, -999085, -8142388, 5640030},
+        },
+        {
+            {10299610, 13746483, 11661824, 16234854, 7630238, 5998374, 9809887,
+             -16694564, 15219798, -14327783},
+            {27425505, -5719081, 3055006, 10660664, 23458024, 595578, -15398605,
+             -1173195, -18342183, 9742717},
+            {6744077, 2427284, 26042789, 2720740, -847906, 1118974, 32324614,
+             7406442, 12420155, 1994844},
+        },
+        {
+            {14012521, -5024720, -18384453, -9578469, -26485342, -3936439,
+             -13033478, -10909803, 24319929, -6446333},
+            {16412690, -4507367, 10772641, 15929391, -17068788, -4658621,
+             10555945, -10484049, -30102368, -4739048},
+            {22397382, -7767684, -9293161, -12792868, 17166287, -9755136,
+             -27333065, 6199366, 21880021, -12250760},
+        },
+        {
+            {-4283307, 5368523, -31117018, 8163389, -30323063, 3209128,
+             16557151, 8890729, 8840445, 4957760},
+            {-15447727, 709327, -6919446, -10870178, -29777922, 6522332,
+             -21720181, 12130072, -14796503, 5005757},
+            {-2114751, -14308128, 23019042, 15765735, -25269683, 6002752,
+             10183197, -13239326, -16395286, -2176112},
+        },
+    },
+    {
+        {
+            {-19025756, 1632005, 13466291, -7995100, -23640451, 16573537,
+             -32013908, -3057104, 22208662, 2000468},
+            {3065073, -1412761, -25598674, -361432, -17683065, -5703415,
+             -8164212, 11248527, -3691214, -7414184},
+            {10379208, -6045554, 8877319, 1473647, -29291284, -12507580,
+             16690915, 2553332, -3132688, 16400289},
+        },
+        {
+            {15716668, 1254266, -18472690, 7446274, -8448918, 6344164,
+             -22097271, -7285580, 26894937, 9132066},
+            {24158887, 12938817, 11085297, -8177598, -28063478, -4457083,
+             -30576463, 64452, -6817084, -2692882},
+            {13488534, 7794716, 22236231, 5989356, 25426474, -12578208, 2350710,
+             -3418511, -4688006, 2364226},
+        },
+        {
+            {16335052, 9132434, 25640582, 6678888, 1725628, 8517937, -11807024,
+             -11697457, 15445875, -7798101},
+            {29004207, -7867081, 28661402, -640412, -12794003, -7943086,
+             31863255, -4135540, -278050, -15759279},
+            {-6122061, -14866665, -28614905, 14569919, -10857999, -3591829,
+             10343412, -6976290, -29828287, -10815811},
+        },
+        {
+            {27081650, 3463984, 14099042, -4517604, 1616303, -6205604, 29542636,
+             15372179, 17293797, 960709},
+            {20263915, 11434237, -5765435, 11236810, 13505955, -10857102,
+             -16111345, 6493122, -19384511, 7639714},
+            {-2830798, -14839232, 25403038, -8215196, -8317012, -16173699,
+             18006287, -16043750, 29994677, -15808121},
+        },
+        {
+            {9769828, 5202651, -24157398, -13631392, -28051003, -11561624,
+             -24613141, -13860782, -31184575, 709464},
+            {12286395, 13076066, -21775189, -1176622, -25003198, 4057652,
+             -32018128, -8890874, 16102007, 13205847},
+            {13733362, 5599946, 10557076, 3195751, -5557991, 8536970, -25540170,
+             8525972, 10151379, 10394400},
+        },
+        {
+            {4024660, -16137551, 22436262, 12276534, -9099015, -2686099,
+             19698229, 11743039, -33302334, 8934414},
+            {-15879800, -4525240, -8580747, -2934061, 14634845, -698278,
+             -9449077, 3137094, -11536886, 11721158},
+            {17555939, -5013938, 8268606, 2331751, -22738815, 9761013, 9319229,
+             8835153, -9205489, -1280045},
+        },
+        {
+            {-461409, -7830014, 20614118, 16688288, -7514766, -4807119,
+             22300304, 505429, 6108462, -6183415},
+            {-5070281, 12367917, -30663534, 3234473, 32617080, -8422642,
+             29880583, -13483331, -26898490, -7867459},
+            {-31975283, 5726539, 26934134, 10237677, -3173717, -605053,
+             24199304, 3795095, 7592688, -14992079},
+        },
+        {
+            {21594432, -14964228, 17466408, -4077222, 32537084, 2739898,
+             6407723, 12018833, -28256052, 4298412},
+            {-20650503, -11961496, -27236275, 570498, 3767144, -1717540,
+             13891942, -1569194, 13717174, 10805743},
+            {-14676630, -15644296, 15287174, 11927123, 24177847, -8175568,
+             -796431, 14860609, -26938930, -5863836},
+        },
+    },
+    {
+        {
+            {12962541, 5311799, -10060768, 11658280, 18855286, -7954201,
+             13286263, -12808704, -4381056, 9882022},
+            {18512079, 11319350, -20123124, 15090309, 18818594, 5271736,
+             -22727904, 3666879, -23967430, -3299429},
+            {-6789020, -3146043, 16192429, 13241070, 15898607, -14206114,
+             -10084880, -6661110, -2403099, 5276065},
+        },
+        {
+            {30169808, -5317648, 26306206, -11750859, 27814964, 7069267,
+             7152851, 3684982, 1449224, 13082861},
+            {10342826, 3098505, 2119311, 193222, 25702612, 12233820, 23697382,
+             15056736, -21016438, -8202000},
+            {-33150110, 3261608, 22745853, 7948688, 19370557, -15177665,
+             -26171976, 6482814, -10300080, -11060101},
+        },
+        {
+            {32869458, -5408545, 25609743, 15678670, -10687769, -15471071,
+             26112421, 2521008, -22664288, 6904815},
+            {29506923, 4457497, 3377935, -9796444, -30510046, 12935080, 1561737,
+             3841096, -29003639, -6657642},
+            {10340844, -6630377, -18656632, -2278430, 12621151, -13339055,
+             30878497, -11824370, -25584551, 5181966},
+        },
+        {
+            {25940115, -12658025, 17324188, -10307374, -8671468, 15029094,
+             24396252, -16450922, -2322852, -12388574},
+            {-21765684, 9916823, -1300409, 4079498, -1028346, 11909559, 1782390,
+             12641087, 20603771, -6561742},
+            {-18882287, -11673380, 24849422, 11501709, 13161720, -4768874,
+             1925523, 11914390, 4662781, 7820689},
+        },
+        {
+            {12241050, -425982, 8132691, 9393934, 32846760, -1599620, 29749456,
+             12172924, 16136752, 15264020},
+            {-10349955, -14680563, -8211979, 2330220, -17662549, -14545780,
+             10658213, 6671822, 19012087, 3772772},
+            {3753511, -3421066, 10617074, 2028709, 14841030, -6721664, 28718732,
+             -15762884, 20527771, 12988982},
+        },
+        {
+            {-14822485, -5797269, -3707987, 12689773, -898983, -10914866,
+             -24183046, -10564943, 3299665, -12424953},
+            {-16777703, -15253301, -9642417, 4978983, 3308785, 8755439, 6943197,
+             6461331, -25583147, 8991218},
+            {-17226263, 1816362, -1673288, -6086439, 31783888, -8175991,
+             -32948145, 7417950, -30242287, 1507265},
+        },
+        {
+            {29692663, 6829891, -10498800, 4334896, 20945975, -11906496,
+             -28887608, 8209391, 14606362, -10647073},
+            {-3481570, 8707081, 32188102, 5672294, 22096700, 1711240, -33020695,
+             9761487, 4170404, -2085325},
+            {-11587470, 14855945, -4127778, -1531857, -26649089, 15084046,
+             22186522, 16002000, -14276837, -8400798},
+        },
+        {
+            {-4811456, 13761029, -31703877, -2483919, -3312471, 7869047,
+             -7113572, -9620092, 13240845, 10965870},
+            {-7742563, -8256762, -14768334, -13656260, -23232383, 12387166,
+             4498947, 14147411, 29514390, 4302863},
+            {-13413405, -12407859, 20757302, -13801832, 14785143, 8976368,
+             -5061276, -2144373, 17846988, -13971927},
+        },
+    },
+    {
+        {
+            {-2244452, -754728, -4597030, -1066309, -6247172, 1455299,
+             -21647728, -9214789, -5222701, 12650267},
+            {-9906797, -16070310, 21134160, 12198166, -27064575, 708126, 387813,
+             13770293, -19134326, 10958663},
+            {22470984, 12369526, 23446014, -5441109, -21520802, -9698723,
+             -11772496, -11574455, -25083830, 4271862},
+        },
+        {
+            {-25169565, -10053642, -19909332, 15361595, -5984358, 2159192,
+             75375, -4278529, -32526221, 8469673},
+            {15854970, 4148314, -8893890, 7259002, 11666551, 13824734,
+             -30531198, 2697372, 24154791, -9460943},
+            {15446137, -15806644, 29759747, 14019369, 30811221, -9610191,
+             -31582008, 12840104, 24913809, 9815020},
+        },
+        {
+            {-4709286, -5614269, -31841498, -12288893, -14443537, 10799414,
+             -9103676, 13438769, 18735128, 9466238},
+            {11933045, 9281483, 5081055, -5183824, -2628162, -4905629, -7727821,
+             -10896103, -22728655, 16199064},
+            {14576810, 379472, -26786533, -8317236, -29426508, -10812974,
+             -102766, 1876699, 30801119, 2164795},
+        },
+        {
+            {15995086, 3199873, 13672555, 13712240, -19378835, -4647646,
+             -13081610, -15496269, -13492807, 1268052},
+            {-10290614, -3659039, -3286592, 10948818, 23037027, 3794475,
+             -3470338, -12600221, -17055369, 3565904},
+            {29210088, -9419337, -5919792, -4952785, 10834811, -13327726,
+             -16512102, -10820713, -27162222, -14030531},
+        },
+        {
+            {-13161890, 15508588, 16663704, -8156150, -28349942, 9019123,
+             -29183421, -3769423, 2244111, -14001979},
+            {-5152875, -3800936, -9306475, -6071583, 16243069, 14684434,
+             -25673088, -16180800, 13491506, 4641841},
+            {10813417, 643330, -19188515, -728916, 30292062, -16600078,
+             27548447, -7721242, 14476989, -12767431},
+        },
+        {
+            {10292079, 9984945, 6481436, 8279905, -7251514, 7032743, 27282937,
+             -1644259, -27912810, 12651324},
+            {-31185513, -813383, 22271204, 11835308, 10201545, 15351028,
+             17099662, 3988035, 21721536, -3148940},
+            {10202177, -6545839, -31373232, -9574638, -32150642, -8119683,
+             -12906320, 3852694, 13216206, 14842320},
+        },
+        {
+            {-15815640, -10601066, -6538952, -7258995, -6984659, -6581778,
+             -31500847, 13765824, -27434397, 9900184},
+            {14465505, -13833331, -32133984, -14738873, -27443187, 12990492,
+             33046193, 15796406, -7051866, -8040114},
+            {30924417, -8279620, 6359016, -12816335, 16508377, 9071735,
+             -25488601, 15413635, 9524356, -7018878},
+        },
+        {
+            {12274201, -13175547, 32627641, -1785326, 6736625, 13267305,
+             5237659, -5109483, 15663516, 4035784},
+            {-2951309, 8903985, 17349946, 601635, -16432815, -4612556,
+             -13732739, -15889334, -22258478, 4659091},
+            {-16916263, -4952973, -30393711, -15158821, 20774812, 15897498,
+             5736189, 15026997, -2178256, -13455585},
+        },
+    },
+    {
+        {
+            {-8858980, -2219056, 28571666, -10155518, -474467, -10105698,
+             -3801496, 278095, 23440562, -290208},
+            {10226241, -5928702, 15139956, 120818, -14867693, 5218603, 32937275,
+             11551483, -16571960, -7442864},
+            {17932739, -12437276, -24039557, 10749060, 11316803, 7535897,
+             22503767, 5561594, -3646624, 3898661},
+        },
+        {
+            {7749907, -969567, -16339731, -16464, -25018111, 15122143, -1573531,
+             7152530, 21831162, 1245233},
+            {26958459, -14658026, 4314586, 8346991, -5677764, 11960072,
+             -32589295, -620035, -30402091, -16716212},
+            {-12165896, 9166947, 33491384, 13673479, 29787085, 13096535,
+             6280834, 14587357, -22338025, 13987525},
+        },
+        {
+            {-24349909, 7778775, 21116000, 15572597, -4833266, -5357778,
+             -4300898, -5124639, -7469781, -2858068},
+            {9681908, -6737123, -31951644, 13591838, -6883821, 386950, 31622781,
+             6439245, -14581012, 4091397},
+            {-8426427, 1470727, -28109679, -1596990, 3978627, -5123623,
+             -19622683, 12092163, 29077877, -14741988},
+        },
+        {
+            {5269168, -6859726, -13230211, -8020715, 25932563, 1763552,
+             -5606110, -5505881, -20017847, 2357889},
+            {32264008, -15407652, -5387735, -1160093, -2091322, -3946900,
+             23104804, -12869908, 5727338, 189038},
+            {14609123, -8954470, -6000566, -16622781, -14577387, -7743898,
+             -26745169, 10942115, -25888931, -14884697},
+        },
+        {
+            {20513500, 5557931, -15604613, 7829531, 26413943, -2019404,
+             -21378968, 7471781, 13913677, -5137875},
+            {-25574376, 11967826, 29233242, 12948236, -6754465, 4713227,
+             -8940970, 14059180, 12878652, 8511905},
+            {-25656801, 3393631, -2955415, -7075526, -2250709, 9366908,
+             -30223418, 6812974, 5568676, -3127656},
+        },
+        {
+            {11630004, 12144454, 2116339, 13606037, 27378885, 15676917,
+             -17408753, -13504373, -14395196, 8070818},
+            {27117696, -10007378, -31282771, -5570088, 1127282, 12772488,
+             -29845906, 10483306, -11552749, -1028714},
+            {10637467, -5688064, 5674781, 1072708, -26343588, -6982302,
+             -1683975, 9177853, -27493162, 15431203},
+        },
+        {
+            {20525145, 10892566, -12742472, 12779443, -29493034, 16150075,
+             -28240519, 14943142, -15056790, -7935931},
+            {-30024462, 5626926, -551567, -9981087, 753598, 11981191, 25244767,
+             -3239766, -3356550, 9594024},
+            {-23752644, 2636870, -5163910, -10103818, 585134, 7877383, 11345683,
+             -6492290, 13352335, -10977084},
+        },
+        {
+            {-1931799, -5407458, 3304649, -12884869, 17015806, -4877091,
+             -29783850, -7752482, -13215537, -319204},
+            {20239939, 6607058, 6203985, 3483793, -18386976, -779229, -20723742,
+             15077870, -22750759, 14523817},
+            {27406042, -6041657, 27423596, -4497394, 4996214, 10002360,
+             -28842031, -4545494, -30172742, -4805667},
+        },
+    },
+    {
+        {
+            {11374242, 12660715, 17861383, -12540833, 10935568, 1099227,
+             -13886076, -9091740, -27727044, 11358504},
+            {-12730809, 10311867, 1510375, 10778093, -2119455, -9145702,
+             32676003, 11149336, -26123651, 4985768},
+            {-19096303, 341147, -6197485, -239033, 15756973, -8796662, -983043,
+             13794114, -19414307, -15621255},
+        },
+        {
+            {6490081, 11940286, 25495923, -7726360, 8668373, -8751316, 3367603,
+             6970005, -1691065, -9004790},
+            {1656497, 13457317, 15370807, 6364910, 13605745, 8362338, -19174622,
+             -5475723, -16796596, -5031438},
+            {-22273315, -13524424, -64685, -4334223, -18605636, -10921968,
+             -20571065, -7007978, -99853, -10237333},
+        },
+        {
+            {17747465, 10039260, 19368299, -4050591, -20630635, -16041286,
+             31992683, -15857976, -29260363, -5511971},
+            {31932027, -4986141, -19612382, 16366580, 22023614, 88450, 11371999,
+             -3744247, 4882242, -10626905},
+            {29796507, 37186, 19818052, 10115756, -11829032, 3352736, 18551198,
+             3272828, -5190932, -4162409},
+        },
+        {
+            {12501286, 4044383, -8612957, -13392385, -32430052, 5136599,
+             -19230378, -3529697, 330070, -3659409},
+            {6384877, 2899513, 17807477, 7663917, -2358888, 12363165, 25366522,
+             -8573892, -271295, 12071499},
+            {-8365515, -4042521, 25133448, -4517355, -6211027, 2265927,
+             -32769618, 1936675, -5159697, 3829363},
+        },
+        {
+            {28425966, -5835433, -577090, -4697198, -14217555, 6870930, 7921550,
+             -6567787, 26333140, 14267664},
+            {-11067219, 11871231, 27385719, -10559544, -4585914, -11189312,
+             10004786, -8709488, -21761224, 8930324},
+            {-21197785, -16396035, 25654216, -1725397, 12282012, 11008919,
+             1541940, 4757911, -26491501, -16408940},
+        },
+        {
+            {13537262, -7759490, -20604840, 10961927, -5922820, -13218065,
+             -13156584, 6217254, -15943699, 13814990},
+            {-17422573, 15157790, 18705543, 29619, 24409717, -260476, 27361681,
+             9257833, -1956526, -1776914},
+            {-25045300, -10191966, 15366585, 15166509, -13105086, 8423556,
+             -29171540, 12361135, -18685978, 4578290},
+        },
+        {
+            {24579768, 3711570, 1342322, -11180126, -27005135, 14124956,
+             -22544529, 14074919, 21964432, 8235257},
+            {-6528613, -2411497, 9442966, -5925588, 12025640, -1487420,
+             -2981514, -1669206, 13006806, 2355433},
+            {-16304899, -13605259, -6632427, -5142349, 16974359, -10911083,
+             27202044, 1719366, 1141648, -12796236},
+        },
+        {
+            {-12863944, -13219986, -8318266, -11018091, -6810145, -4843894,
+             13475066, -3133972, 32674895, 13715045},
+            {11423335, -5468059, 32344216, 8962751, 24989809, 9241752,
+             -13265253, 16086212, -28740881, -15642093},
+            {-1409668, 12530728, -6368726, 10847387, 19531186, -14132160,
+             -11709148, 7791794, -27245943, 4383347},
+        },
+    },
+    {
+        {
+            {-28970898, 5271447, -1266009, -9736989, -12455236, 16732599,
+             -4862407, -4906449, 27193557, 6245191},
+            {-15193956, 5362278, -1783893, 2695834, 4960227, 12840725, 23061898,
+             3260492, 22510453, 8577507},
+            {-12632451, 11257346, -32692994, 13548177, -721004, 10879011,
+             31168030, 13952092, -29571492, -3635906},
+        },
+        {
+            {3877321, -9572739, 32416692, 5405324, -11004407, -13656635,
+             3759769, 11935320, 5611860, 8164018},
+            {-16275802, 14667797, 15906460, 12155291, -22111149, -9039718,
+             32003002, -8832289, 5773085, -8422109},
+            {-23788118, -8254300, 1950875, 8937633, 18686727, 16459170, -905725,
+             12376320, 31632953, 190926},
+        },
+        {
+            {-24593607, -16138885, -8423991, 13378746, 14162407, 6901328,
+             -8288749, 4508564, -25341555, -3627528},
+            {8884438, -5884009, 6023974, 10104341, -6881569, -4941533, 18722941,
+             -14786005, -1672488, 827625},
+            {-32720583, -16289296, -32503547, 7101210, 13354605, 2659080,
+             -1800575, -14108036, -24878478, 1541286},
+        },
+        {
+            {2901347, -1117687, 3880376, -10059388, -17620940, -3612781,
+             -21802117, -3567481, 20456845, -1885033},
+            {27019610, 12299467, -13658288, -1603234, -12861660, -4861471,
+             -19540150, -5016058, 29439641, 15138866},
+            {21536104, -6626420, -32447818, -10690208, -22408077, 5175814,
+             -5420040, -16361163, 7779328, 109896},
+        },
+        {
+            {30279744, 14648750, -8044871, 6425558, 13639621, -743509, 28698390,
+             12180118, 23177719, -554075},
+            {26572847, 3405927, -31701700, 12890905, -19265668, 5335866,
+             -6493768, 2378492, 4439158, -13279347},
+            {-22716706, 3489070, -9225266, -332753, 18875722, -1140095,
+             14819434, -12731527, -17717757, -5461437},
+        },
+        {
+            {-5056483, 16566551, 15953661, 3767752, -10436499, 15627060,
+             -820954, 2177225, 8550082, -15114165},
+            {-18473302, 16596775, -381660, 15663611, 22860960, 15585581,
+             -27844109, -3582739, -23260460, -8428588},
+            {-32480551, 15707275, -8205912, -5652081, 29464558, 2713815,
+             -22725137, 15860482, -21902570, 1494193},
+        },
+        {
+            {-19562091, -14087393, -25583872, -9299552, 13127842, 759709,
+             21923482, 16529112, 8742704, 12967017},
+            {-28464899, 1553205, 32536856, -10473729, -24691605, -406174,
+             -8914625, -2933896, -29903758, 15553883},
+            {21877909, 3230008, 9881174, 10539357, -4797115, 2841332, 11543572,
+             14513274, 19375923, -12647961},
+        },
+        {
+            {8832269, -14495485, 13253511, 5137575, 5037871, 4078777, 24880818,
+             -6222716, 2862653, 9455043},
+            {29306751, 5123106, 20245049, -14149889, 9592566, 8447059, -2077124,
+             -2990080, 15511449, 4789663},
+            {-20679756, 7004547, 8824831, -9434977, -4045704, -3750736,
+             -5754762, 108893, 23513200, 16652362},
+        },
+    },
+    {
+        {
+            {-33256173, 4144782, -4476029, -6579123, 10770039, -7155542,
+             -6650416, -12936300, -18319198, 10212860},
+            {2756081, 8598110, 7383731, -6859892, 22312759, -1105012, 21179801,
+             2600940, -9988298, -12506466},
+            {-24645692, 13317462, -30449259, -15653928, 21365574, -10869657,
+             11344424, 864440, -2499677, -16710063},
+        },
+        {
+            {-26432803, 6148329, -17184412, -14474154, 18782929, -275997,
+             -22561534, 211300, 2719757, 4940997},
+            {-1323882, 3911313, -6948744, 14759765, -30027150, 7851207,
+             21690126, 8518463, 26699843, 5276295},
+            {-13149873, -6429067, 9396249, 365013, 24703301, -10488939, 1321586,
+             149635, -15452774, 7159369},
+        },
+        {
+            {9987780, -3404759, 17507962, 9505530, 9731535, -2165514, 22356009,
+             8312176, 22477218, -8403385},
+            {18155857, -16504990, 19744716, 9006923, 15154154, -10538976,
+             24256460, -4864995, -22548173, 9334109},
+            {2986088, -4911893, 10776628, -3473844, 10620590, -7083203,
+             -21413845, 14253545, -22587149, 536906},
+        },
+        {
+            {4377756, 8115836, 24567078, 15495314, 11625074, 13064599, 7390551,
+             10589625, 10838060, -15420424},
+            {-19342404, 867880, 9277171, -3218459, -14431572, -1986443,
+             19295826, -15796950, 6378260, 699185},
+            {7895026, 4057113, -7081772, -13077756, -17886831, -323126, -716039,
+             15693155, -5045064, -13373962},
+        },
+        {
+            {-7737563, -5869402, -14566319, -7406919, 11385654, 13201616,
+             31730678, -10962840, -3918636, -9669325},
+            {10188286, -15770834, -7336361, 13427543, 22223443, 14896287,
+             30743455, 7116568, -21786507, 5427593},
+            {696102, 13206899, 27047647, -10632082, 15285305, -9853179,
+             10798490, -4578720, 19236243, 12477404},
+        },
+        {
+            {-11229439, 11243796, -17054270, -8040865, -788228, -8167967,
+             -3897669, 11180504, -23169516, 7733644},
+            {17800790, -14036179, -27000429, -11766671, 23887827, 3149671,
+             23466177, -10538171, 10322027, 15313801},
+            {26246234, 11968874, 32263343, -5468728, 6830755, -13323031,
+             -15794704, -101982, -24449242, 10890804},
+        },
+        {
+            {-31365647, 10271363, -12660625, -6267268, 16690207, -13062544,
+             -14982212, 16484931, 25180797, -5334884},
+            {-586574, 10376444, -32586414, -11286356, 19801893, 10997610,
+             2276632, 9482883, 316878, 13820577},
+            {-9882808, -4510367, -2115506, 16457136, -11100081, 11674996,
+             30756178, -7515054, 30696930, -3712849},
+        },
+        {
+            {32988917, -9603412, 12499366, 7910787, -10617257, -11931514,
+             -7342816, -9985397, -32349517, 7392473},
+            {-8855661, 15927861, 9866406, -3649411, -2396914, -16655781,
+             -30409476, -9134995, 25112947, -2926644},
+            {-2504044, -436966, 25621774, -5678772, 15085042, -5479877,
+             -24884878, -13526194, 5537438, -13914319},
+        },
+    },
+    {
+        {
+            {-11225584, 2320285, -9584280, 10149187, -33444663, 5808648,
+             -14876251, -1729667, 31234590, 6090599},
+            {-9633316, 116426, 26083934, 2897444, -6364437, -2688086, 609721,
+             15878753, -6970405, -9034768},
+            {-27757857, 247744, -15194774, -9002551, 23288161, -10011936,
+             -23869595, 6503646, 20650474, 1804084},
+        },
+        {
+            {-27589786, 15456424, 8972517, 8469608, 15640622, 4439847, 3121995,
+             -10329713, 27842616, -202328},
+            {-15306973, 2839644, 22530074, 10026331, 4602058, 5048462, 28248656,
+             5031932, -11375082, 12714369},
+            {20807691, -7270825, 29286141, 11421711, -27876523, -13868230,
+             -21227475, 1035546, -19733229, 12796920},
+        },
+        {
+            {12076899, -14301286, -8785001, -11848922, -25012791, 16400684,
+             -17591495, -12899438, 3480665, -15182815},
+            {-32361549, 5457597, 28548107, 7833186, 7303070, -11953545,
+             -24363064, -15921875, -33374054, 2771025},
+            {-21389266, 421932, 26597266, 6860826, 22486084, -6737172,
+             -17137485, -4210226, -24552282, 15673397},
+        },
+        {
+            {-20184622, 2338216, 19788685, -9620956, -4001265, -8740893,
+             -20271184, 4733254, 3727144, -12934448},
+            {6120119, 814863, -11794402, -622716, 6812205, -15747771, 2019594,
+             7975683, 31123697, -10958981},
+            {30069250, -11435332, 30434654, 2958439, 18399564, -976289,
+             12296869, 9204260, -16432438, 9648165},
+        },
+        {
+            {32705432, -1550977, 30705658, 7451065, -11805606, 9631813, 3305266,
+             5248604, -26008332, -11377501},
+            {17219865, 2375039, -31570947, -5575615, -19459679, 9219903, 294711,
+             15298639, 2662509, -16297073},
+            {-1172927, -7558695, -4366770, -4287744, -21346413, -8434326,
+             32087529, -1222777, 32247248, -14389861},
+        },
+        {
+            {14312628, 1221556, 17395390, -8700143, -4945741, -8684635,
+             -28197744, -9637817, -16027623, -13378845},
+            {-1428825, -9678990, -9235681, 6549687, -7383069, -468664, 23046502,
+             9803137, 17597934, 2346211},
+            {18510800, 15337574, 26171504, 981392, -22241552, 7827556,
+             -23491134, -11323352, 3059833, -11782870},
+        },
+        {
+            {10141598, 6082907, 17829293, -1947643, 9830092, 13613136,
+             -25556636, -5544586, -33502212, 3592096},
+            {33114168, -15889352, -26525686, -13343397, 33076705, 8716171,
+             1151462, 1521897, -982665, -6837803},
+            {-32939165, -4255815, 23947181, -324178, -33072974, -12305637,
+             -16637686, 3891704, 26353178, 693168},
+        },
+        {
+            {30374239, 1595580, -16884039, 13186931, 4600344, 406904, 9585294,
+             -400668, 31375464, 14369965},
+            {-14370654, -7772529, 1510301, 6434173, -18784789, -6262728,
+             32732230, -13108839, 17901441, 16011505},
+            {18171223, -11934626, -12500402, 15197122, -11038147, -15230035,
+             -19172240, -16046376, 8764035, 12309598},
+        },
+    },
+    {
+        {
+            {5975908, -5243188, -19459362, -9681747, -11541277, 14015782,
+             -23665757, 1228319, 17544096, -10593782},
+            {5811932, -1715293, 3442887, -2269310, -18367348, -8359541,
+             -18044043, -15410127, -5565381, 12348900},
+            {-31399660, 11407555, 25755363, 6891399, -3256938, 14872274,
+             -24849353, 8141295, -10632534, -585479},
+        },
+        {
+            {-12675304, 694026, -5076145, 13300344, 14015258, -14451394,
+             -9698672, -11329050, 30944593, 1130208},
+            {8247766, -6710942, -26562381, -7709309, -14401939, -14648910,
+             4652152, 2488540, 23550156, -271232},
+            {17294316, -3788438, 7026748, 15626851, 22990044, 113481, 2267737,
+             -5908146, -408818, -137719},
+        },
+        {
+            {16091085, -16253926, 18599252, 7340678, 2137637, -1221657,
+             -3364161, 14550936, 3260525, -7166271},
+            {-4910104, -13332887, 18550887, 10864893, -16459325, -7291596,
+             -23028869, -13204905, -12748722, 2701326},
+            {-8574695, 16099415, 4629974, -16340524, -20786213, -6005432,
+             -10018363, 9276971, 11329923, 1862132},
+        },
+        {
+            {14763076, -15903608, -30918270, 3689867, 3511892, 10313526,
+             -21951088, 12219231, -9037963, -940300},
+            {8894987, -3446094, 6150753, 3013931, 301220, 15693451, -31981216,
+             -2909717, -15438168, 11595570},
+            {15214962, 3537601, -26238722, -14058872, 4418657, -15230761,
+             13947276, 10730794, -13489462, -4363670},
+        },
+        {
+            {-2538306, 7682793, 32759013, 263109, -29984731, -7955452,
+             -22332124, -10188635, 977108, 699994},
+            {-12466472, 4195084, -9211532, 550904, -15565337, 12917920,
+             19118110, -439841, -30534533, -14337913},
+            {31788461, -14507657, 4799989, 7372237, 8808585, -14747943, 9408237,
+             -10051775, 12493932, -5409317},
+        },
+        {
+            {-25680606, 5260744, -19235809, -6284470, -3695942, 16566087,
+             27218280, 2607121, 29375955, 6024730},
+            {842132, -2794693, -4763381, -8722815, 26332018, -12405641,
+             11831880, 6985184, -9940361, 2854096},
+            {-4847262, -7969331, 2516242, -5847713, 9695691, -7221186, 16512645,
+             960770, 12121869, 16648078},
+        },
+        {
+            {-15218652, 14667096, -13336229, 2013717, 30598287, -464137,
+             -31504922, -7882064, 20237806, 2838411},
+            {-19288047, 4453152, 15298546, -16178388, 22115043, -15972604,
+             12544294, -13470457, 1068881, -12499905},
+            {-9558883, -16518835, 33238498, 13506958, 30505848, -1114596,
+             -8486907, -2630053, 12521378, 4845654},
+        },
+        {
+            {-28198521, 10744108, -2958380, 10199664, 7759311, -13088600,
+             3409348, -873400, -6482306, -12885870},
+            {-23561822, 6230156, -20382013, 10655314, -24040585, -11621172,
+             10477734, -1240216, -3113227, 13974498},
+            {12966261, 15550616, -32038948, -1615346, 21025980, -629444,
+             5642325, 7188737, 18895762, 12629579},
+        },
+    },
+    {
+        {
+            {14741879, -14946887, 22177208, -11721237, 1279741, 8058600,
+             11758140, 789443, 32195181, 3895677},
+            {10758205, 15755439, -4509950, 9243698, -4879422, 6879879, -2204575,
+             -3566119, -8982069, 4429647},
+            {-2453894, 15725973, -20436342, -10410672, -5803908, -11040220,
+             -7135870, -11642895, 18047436, -15281743},
+        },
+        {
+            {-25173001, -11307165, 29759956, 11776784, -22262383, -15820455,
+             10993114, -12850837, -17620701, -9408468},
+            {21987233, 700364, -24505048, 14972008, -7774265, -5718395,
+             32155026, 2581431, -29958985, 8773375},
+            {-25568350, 454463, -13211935, 16126715, 25240068, 8594567,
+             20656846, 12017935, -7874389, -13920155},
+        },
+        {
+            {6028182, 6263078, -31011806, -11301710, -818919, 2461772,
+             -31841174, -5468042, -1721788, -2776725},
+            {-12278994, 16624277, 987579, -5922598, 32908203, 1248608, 7719845,
+             -4166698, 28408820, 6816612},
+            {-10358094, -8237829, 19549651, -12169222, 22082623, 16147817,
+             20613181, 13982702, -10339570, 5067943},
+        },
+        {
+            {-30505967, -3821767, 12074681, 13582412, -19877972, 2443951,
+             -19719286, 12746132, 5331210, -10105944},
+            {30528811, 3601899, -1957090, 4619785, -27361822, -15436388,
+             24180793, -12570394, 27679908, -1648928},
+            {9402404, -13957065, 32834043, 10838634, -26580150, -13237195,
+             26653274, -8685565, 22611444, -12715406},
+        },
+        {
+            {22190590, 1118029, 22736441, 15130463, -30460692, -5991321,
+             19189625, -4648942, 4854859, 6622139},
+            {-8310738, -2953450, -8262579, -3388049, -10401731, -271929,
+             13424426, -3567227, 26404409, 13001963},
+            {-31241838, -15415700, -2994250, 8939346, 11562230, -12840670,
+             -26064365, -11621720, -15405155, 11020693},
+        },
+        {
+            {1866042, -7949489, -7898649, -10301010, 12483315, 13477547,
+             3175636, -12424163, 28761762, 1406734},
+            {-448555, -1777666, 13018551, 3194501, -9580420, -11161737,
+             24760585, -4347088, 25577411, -13378680},
+            {-24290378, 4759345, -690653, -1852816, 2066747, 10693769,
+             -29595790, 9884936, -9368926, 4745410},
+        },
+        {
+            {-9141284, 6049714, -19531061, -4341411, -31260798, 9944276,
+             -15462008, -11311852, 10931924, -11931931},
+            {-16561513, 14112680, -8012645, 4817318, -8040464, -11414606,
+             -22853429, 10856641, -20470770, 13434654},
+            {22759489, -10073434, -16766264, -1871422, 13637442, -10168091,
+             1765144, -12654326, 28445307, -5364710},
+        },
+        {
+            {29875063, 12493613, 2795536, -3786330, 1710620, 15181182,
+             -10195717, -8788675, 9074234, 1167180},
+            {-26205683, 11014233, -9842651, -2635485, -26908120, 7532294,
+             -18716888, -9535498, 3843903, 9367684},
+            {-10969595, -6403711, 9591134, 9582310, 11349256, 108879, 16235123,
+             8601684, -139197, 4242895},
+        },
+    },
+    {
+        {
+            {22092954, -13191123, -2042793, -11968512, 32186753, -11517388,
+             -6574341, 2470660, -27417366, 16625501},
+            {-11057722, 3042016, 13770083, -9257922, 584236, -544855, -7770857,
+             2602725, -27351616, 14247413},
+            {6314175, -10264892, -32772502, 15957557, -10157730, 168750,
+             -8618807, 14290061, 27108877, -1180880},
+        },
+        {
+            {-8586597, -7170966, 13241782, 10960156, -32991015, -13794596,
+             33547976, -11058889, -27148451, 981874},
+            {22833440, 9293594, -32649448, -13618667, -9136966, 14756819,
+             -22928859, -13970780, -10479804, -16197962},
+            {-7768587, 3326786, -28111797, 10783824, 19178761, 14905060,
+             22680049, 13906969, -15933690, 3797899},
+        },
+        {
+            {21721356, -4212746, -12206123, 9310182, -3882239, -13653110,
+             23740224, -2709232, 20491983, -8042152},
+            {9209270, -15135055, -13256557, -6167798, -731016, 15289673,
+             25947805, 15286587, 30997318, -6703063},
+            {7392032, 16618386, 23946583, -8039892, -13265164, -1533858,
+             -14197445, -2321576, 17649998, -250080},
+        },
+        {
+            {-9301088, -14193827, 30609526, -3049543, -25175069, -1283752,
+             -15241566, -9525724, -2233253, 7662146},
+            {-17558673, 1763594, -33114336, 15908610, -30040870, -12174295,
+             7335080, -8472199, -3174674, 3440183},
+            {-19889700, -5977008, -24111293, -9688870, 10799743, -16571957,
+             40450, -4431835, 4862400, 1133},
+        },
+        {
+            {-32856209, -7873957, -5422389, 14860950, -16319031, 7956142,
+             7258061, 311861, -30594991, -7379421},
+            {-3773428, -1565936, 28985340, 7499440, 24445838, 9325937, 29727763,
+             16527196, 18278453, 15405622},
+            {-4381906, 8508652, -19898366, -3674424, -5984453, 15149970,
+             -13313598, 843523, -21875062, 13626197},
+        },
+        {
+            {2281448, -13487055, -10915418, -2609910, 1879358, 16164207,
+             -10783882, 3953792, 13340839, 15928663},
+            {31727126, -7179855, -18437503, -8283652, 2875793, -16390330,
+             -25269894, -7014826, -23452306, 5964753},
+            {4100420, -5959452, -17179337, 6017714, -18705837, 12227141,
+             -26684835, 11344144, 2538215, -7570755},
+        },
+        {
+            {-9433605, 6123113, 11159803, -2156608, 30016280, 14966241,
+             -20474983, 1485421, -629256, -15958862},
+            {-26804558, 4260919, 11851389, 9658551, -32017107, 16367492,
+             -20205425, -13191288, 11659922, -11115118},
+            {26180396, 10015009, -30844224, -8581293, 5418197, 9480663, 2231568,
+             -10170080, 33100372, -1306171},
+        },
+        {
+            {15121113, -5201871, -10389905, 15427821, -27509937, -15992507,
+             21670947, 4486675, -5931810, -14466380},
+            {16166486, -9483733, -11104130, 6023908, -31926798, -1364923,
+             2340060, -16254968, -10735770, -10039824},
+            {28042865, -3557089, -12126526, 12259706, -3717498, -6945899,
+             6766453, -8689599, 18036436, 5803270},
+        },
+    },
+    {
+        {
+            {-817581, 6763912, 11803561, 1585585, 10958447, -2671165, 23855391,
+             4598332, -6159431, -14117438},
+            {-31031306, -14256194, 17332029, -2383520, 31312682, -5967183,
+             696309, 50292, -20095739, 11763584},
+            {-594563, -2514283, -32234153, 12643980, 12650761, 14811489, 665117,
+             -12613632, -19773211, -10713562},
+        },
+        {
+            {30464590, -11262872, -4127476, -12734478, 19835327, -7105613,
+             -24396175, 2075773, -17020157, 992471},
+            {18357185, -6994433, 7766382, 16342475, -29324918, 411174, 14578841,
+             8080033, -11574335, -10601610},
+            {19598397, 10334610, 12555054, 2555664, 18821899, -10339780,
+             21873263, 16014234, 26224780, 16452269},
+        },
+        {
+            {-30223925, 5145196, 5944548, 16385966, 3976735, 2009897, -11377804,
+             -7618186, -20533829, 3698650},
+            {14187449, 3448569, -10636236, -10810935, -22663880, -3433596,
+             7268410, -10890444, 27394301, 12015369},
+            {19695761, 16087646, 28032085, 12999827, 6817792, 11427614,
+             20244189, -1312777, -13259127, -3402461},
+        },
+        {
+            {30860103, 12735208, -1888245, -4699734, -16974906, 2256940,
+             -8166013, 12298312, -8550524, -10393462},
+            {-5719826, -11245325, -1910649, 15569035, 26642876, -7587760,
+             -5789354, -15118654, -4976164, 12651793},
+            {-2848395, 9953421, 11531313, -5282879, 26895123, -12697089,
+             -13118820, -16517902, 9768698, -2533218},
+        },
+        {
+            {-24719459, 1894651, -287698, -4704085, 15348719, -8156530,
+             32767513, 12765450, 4940095, 10678226},
+            {18860224, 15980149, -18987240, -1562570, -26233012, -11071856,
+             -7843882, 13944024, -24372348, 16582019},
+            {-15504260, 4970268, -29893044, 4175593, -20993212, -2199756,
+             -11704054, 15444560, -11003761, 7989037},
+        },
+        {
+            {31490452, 5568061, -2412803, 2182383, -32336847, 4531686,
+             -32078269, 6200206, -19686113, -14800171},
+            {-17308668, -15879940, -31522777, -2831, -32887382, 16375549,
+             8680158, -16371713, 28550068, -6857132},
+            {-28126887, -5688091, 16837845, -1820458, -6850681, 12700016,
+             -30039981, 4364038, 1155602, 5988841},
+        },
+        {
+            {21890435, -13272907, -12624011, 12154349, -7831873, 15300496,
+             23148983, -4470481, 24618407, 8283181},
+            {-33136107, -10512751, 9975416, 6841041, -31559793, 16356536,
+             3070187, -7025928, 1466169, 10740210},
+            {-1509399, -15488185, -13503385, -10655916, 32799044, 909394,
+             -13938903, -5779719, -32164649, -15327040},
+        },
+        {
+            {3960823, -14267803, -28026090, -15918051, -19404858, 13146868,
+             15567327, 951507, -3260321, -573935},
+            {24740841, 5052253, -30094131, 8961361, 25877428, 6165135,
+             -24368180, 14397372, -7380369, -6144105},
+            {-28888365, 3510803, -28103278, -1158478, -11238128, -10631454,
+             -15441463, -14453128, -1625486, -6494814},
+        },
+    },
+    {
+        {
+            {793299, -9230478, 8836302, -6235707, -27360908, -2369593, 33152843,
+             -4885251, -9906200, -621852},
+            {5666233, 525582, 20782575, -8038419, -24538499, 14657740, 16099374,
+             1468826, -6171428, -15186581},
+            {-4859255, -3779343, -2917758, -6748019, 7778750, 11688288,
+             -30404353, -9871238, -1558923, -9863646},
+        },
+        {
+            {10896332, -7719704, 824275, 472601, -19460308, 3009587, 25248958,
+             14783338, -30581476, -15757844},
+            {10566929, 12612572, -31944212, 11118703, -12633376, 12362879,
+             21752402, 8822496, 24003793, 14264025},
+            {27713862, -7355973, -11008240, 9227530, 27050101, 2504721,
+             23886875, -13117525, 13958495, -5732453},
+        },
+        {
+            {-23481610, 4867226, -27247128, 3900521, 29838369, -8212291,
+             -31889399, -10041781, 7340521, -15410068},
+            {4646514, -8011124, -22766023, -11532654, 23184553, 8566613,
+             31366726, -1381061, -15066784, -10375192},
+            {-17270517, 12723032, -16993061, 14878794, 21619651, -6197576,
+             27584817, 3093888, -8843694, 3849921},
+        },
+        {
+            {-9064912, 2103172, 25561640, -15125738, -5239824, 9582958,
+             32477045, -9017955, 5002294, -15550259},
+            {-12057553, -11177906, 21115585, -13365155, 8808712, -12030708,
+             16489530, 13378448, -25845716, 12741426},
+            {-5946367, 10645103, -30911586, 15390284, -3286982, -7118677,
+             24306472, 15852464, 28834118, -7646072},
+        },
+        {
+            {-17335748, -9107057, -24531279, 9434953, -8472084, -583362,
+             -13090771, 455841, 20461858, 5491305},
+            {13669248, -16095482, -12481974, -10203039, -14569770, -11893198,
+             -24995986, 11293807, -28588204, -9421832},
+            {28497928, 6272777, -33022994, 14470570, 8906179, -1225630,
+             18504674, -14165166, 29867745, -8795943},
+        },
+        {
+            {-16207023, 13517196, -27799630, -13697798, 24009064, -6373891,
+             -6367600, -13175392, 22853429, -4012011},
+            {24191378, 16712145, -13931797, 15217831, 14542237, 1646131,
+             18603514, -11037887, 12876623, -2112447},
+            {17902668, 4518229, -411702, -2829247, 26878217, 5258055, -12860753,
+             608397, 16031844, 3723494},
+        },
+        {
+            {-28632773, 12763728, -20446446, 7577504, 33001348, -13017745,
+             17558842, -7872890, 23896954, -4314245},
+            {-20005381, -12011952, 31520464, 605201, 2543521, 5991821, -2945064,
+             7229064, -9919646, -8826859},
+            {28816045, 298879, -28165016, -15920938, 19000928, -1665890,
+             -12680833, -2949325, -18051778, -2082915},
+        },
+        {
+            {16000882, -344896, 3493092, -11447198, -29504595, -13159789,
+             12577740, 16041268, -19715240, 7847707},
+            {10151868, 10572098, 27312476, 7922682, 14825339, 4723128,
+             -32855931, -6519018, -10020567, 3852848},
+            {-11430470, 15697596, -21121557, -4420647, 5386314, 15063598,
+             16514493, -15932110, 29330899, -15076224},
+        },
+    },
+    {
+        {
+            {-25499735, -4378794, -15222908, -6901211, 16615731, 2051784,
+             3303702, 15490, -27548796, 12314391},
+            {15683520, -6003043, 18109120, -9980648, 15337968, -5997823,
+             -16717435, 15921866, 16103996, -3731215},
+            {-23169824, -10781249, 13588192, -1628807, -3798557, -1074929,
+             -19273607, 5402699, -29815713, -9841101},
+        },
+        {
+            {23190676, 2384583, -32714340, 3462154, -29903655, -1529132,
+             -11266856, 8911517, -25205859, 2739713},
+            {21374101, -3554250, -33524649, 9874411, 15377179, 11831242,
+             -33529904, 6134907, 4931255, 11987849},
+            {-7732, -2978858, -16223486, 7277597, 105524, -322051, -31480539,
+             13861388, -30076310, 10117930},
+        },
+        {
+            {-29501170, -10744872, -26163768, 13051539, -25625564, 5089643,
+             -6325503, 6704079, 12890019, 15728940},
+            {-21972360, -11771379, -951059, -4418840, 14704840, 2695116, 903376,
+             -10428139, 12885167, 8311031},
+            {-17516482, 5352194, 10384213, -13811658, 7506451, 13453191,
+             26423267, 4384730, 1888765, -5435404},
+        },
+        {
+            {-25817338, -3107312, -13494599, -3182506, 30896459, -13921729,
+             -32251644, -12707869, -19464434, -3340243},
+            {-23607977, -2665774, -526091, 4651136, 5765089, 4618330, 6092245,
+             14845197, 17151279, -9854116},
+            {-24830458, -12733720, -15165978, 10367250, -29530908, -265356,
+             22825805, -7087279, -16866484, 16176525},
+        },
+        {
+            {-23583256, 6564961, 20063689, 3798228, -4740178, 7359225, 2006182,
+             -10363426, -28746253, -10197509},
+            {-10626600, -4486402, -13320562, -5125317, 3432136, -6393229,
+             23632037, -1940610, 32808310, 1099883},
+            {15030977, 5768825, -27451236, -2887299, -6427378, -15361371,
+             -15277896, -6809350, 2051441, -15225865},
+        },
+        {
+            {-3362323, -7239372, 7517890, 9824992, 23555850, 295369, 5148398,
+             -14154188, -22686354, 16633660},
+            {4577086, -16752288, 13249841, -15304328, 19958763, -14537274,
+             18559670, -10759549, 8402478, -9864273},
+            {-28406330, -1051581, -26790155, -907698, -17212414, -11030789,
+             9453451, -14980072, 17983010, 9967138},
+        },
+        {
+            {-25762494, 6524722, 26585488, 9969270, 24709298, 1220360, -1677990,
+             7806337, 17507396, 3651560},
+            {-10420457, -4118111, 14584639, 15971087, -15768321, 8861010,
+             26556809, -5574557, -18553322, -11357135},
+            {2839101, 14284142, 4029895, 3472686, 14402957, 12689363, -26642121,
+             8459447, -5605463, -7621941},
+        },
+        {
+            {-4839289, -3535444, 9744961, 2871048, 25113978, 3187018, -25110813,
+             -849066, 17258084, -7977739},
+            {18164541, -10595176, -17154882, -1542417, 19237078, -9745295,
+             23357533, -15217008, 26908270, 12150756},
+            {-30264870, -7647865, 5112249, -7036672, -1499807, -6974257, 43168,
+             -5537701, -32302074, 16215819},
+        },
+    },
+    {
+        {
+            {-6898905, 9824394, -12304779, -4401089, -31397141, -6276835,
+             32574489, 12532905, -7503072, -8675347},
+            {-27343522, -16515468, -27151524, -10722951, 946346, 16291093,
+             254968, 7168080, 21676107, -1943028},
+            {21260961, -8424752, -16831886, -11920822, -23677961, 3968121,
+             -3651949, -6215466, -3556191, -7913075},
+        },
+        {
+            {16544754, 13250366, -16804428, 15546242, -4583003, 12757258,
+             -2462308, -8680336, -18907032, -9662799},
+            {-2415239, -15577728, 18312303, 4964443, -15272530, -12653564,
+             26820651, 16690659, 25459437, -4564609},
+            {-25144690, 11425020, 28423002, -11020557, -6144921, -15826224,
+             9142795, -2391602, -6432418, -1644817},
+        },
+        {
+            {-23104652, 6253476, 16964147, -3768872, -25113972, -12296437,
+             -27457225, -16344658, 6335692, 7249989},
+            {-30333227, 13979675, 7503222, -12368314, -11956721, -4621693,
+             -30272269, 2682242, 25993170, -12478523},
+            {4364628, 5930691, 32304656, -10044554, -8054781, 15091131,
+             22857016, -10598955, 31820368, 15075278},
+        },
+        {
+            {31879134, -8918693, 17258761, 90626, -8041836, -4917709, 24162788,
+             -9650886, -17970238, 12833045},
+            {19073683, 14851414, -24403169, -11860168, 7625278, 11091125,
+             -19619190, 2074449, -9413939, 14905377},
+            {24483667, -11935567, -2518866, -11547418, -1553130, 15355506,
+             -25282080, 9253129, 27628530, -7555480},
+        },
+        {
+            {17597607, 8340603, 19355617, 552187, 26198470, -3176583, 4593324,
+             -9157582, -14110875, 15297016},
+            {510886, 14337390, -31785257, 16638632, 6328095, 2713355, -20217417,
+             -11864220, 8683221, 2921426},
+            {18606791, 11874196, 27155355, -5281482, -24031742, 6265446,
+             -25178240, -1278924, 4674690, 13890525},
+        },
+        {
+            {13609624, 13069022, -27372361, -13055908, 24360586, 9592974,
+             14977157, 9835105, 4389687, 288396},
+            {9922506, -519394, 13613107, 5883594, -18758345, -434263, -12304062,
+             8317628, 23388070, 16052080},
+            {12720016, 11937594, -31970060, -5028689, 26900120, 8561328,
+             -20155687, -11632979, -14754271, -10812892},
+        },
+        {
+            {15961858, 14150409, 26716931, -665832, -22794328, 13603569,
+             11829573, 7467844, -28822128, 929275},
+            {11038231, -11582396, -27310482, -7316562, -10498527, -16307831,
+             -23479533, -9371869, -21393143, 2465074},
+            {20017163, -4323226, 27915242, 1529148, 12396362, 15675764,
+             13817261, -9658066, 2463391, -4622140},
+        },
+        {
+            {-16358878, -12663911, -12065183, 4996454, -1256422, 1073572,
+             9583558, 12851107, 4003896, 12673717},
+            {-1731589, -15155870, -3262930, 16143082, 19294135, 13385325,
+             14741514, -9103726, 7903886, 2348101},
+            {24536016, -16515207, 12715592, -3862155, 1511293, 10047386,
+             -3842346, -7129159, -28377538, 10048127},
+        },
+    },
+    {
+        {
+            {-12622226, -6204820, 30718825, 2591312, -10617028, 12192840,
+             18873298, -7297090, -32297756, 15221632},
+            {-26478122, -11103864, 11546244, -1852483, 9180880, 7656409,
+             -21343950, 2095755, 29769758, 6593415},
+            {-31994208, -2907461, 4176912, 3264766, 12538965, -868111, 26312345,
+             -6118678, 30958054, 8292160},
+        },
+        {
+            {31429822, -13959116, 29173532, 15632448, 12174511, -2760094,
+             32808831, 3977186, 26143136, -3148876},
+            {22648901, 1402143, -22799984, 13746059, 7936347, 365344, -8668633,
+             -1674433, -3758243, -2304625},
+            {-15491917, 8012313, -2514730, -12702462, -23965846, -10254029,
+             -1612713, -1535569, -16664475, 8194478},
+        },
+        {
+            {27338066, -7507420, -7414224, 10140405, -19026427, -6589889,
+             27277191, 8855376, 28572286, 3005164},
+            {26287124, 4821776, 25476601, -4145903, -3764513, -15788984,
+             -18008582, 1182479, -26094821, -13079595},
+            {-7171154, 3178080, 23970071, 6201893, -17195577, -4489192,
+             -21876275, -13982627, 32208683, -1198248},
+        },
+        {
+            {-16657702, 2817643, -10286362, 14811298, 6024667, 13349505,
+             -27315504, -10497842, -27672585, -11539858},
+            {15941029, -9405932, -21367050, 8062055, 31876073, -238629,
+             -15278393, -1444429, 15397331, -4130193},
+            {8934485, -13485467, -23286397, -13423241, -32446090, 14047986,
+             31170398, -1441021, -27505566, 15087184},
+        },
+        {
+            {-18357243, -2156491, 24524913, -16677868, 15520427, -6360776,
+             -15502406, 11461896, 16788528, -5868942},
+            {-1947386, 16013773, 21750665, 3714552, -17401782, -16055433,
+             -3770287, -10323320, 31322514, -11615635},
+            {21426655, -5650218, -13648287, -5347537, -28812189, -4920970,
+             -18275391, -14621414, 13040862, -12112948},
+        },
+        {
+            {11293895, 12478086, -27136401, 15083750, -29307421, 14748872,
+             14555558, -13417103, 1613711, 4896935},
+            {-25894883, 15323294, -8489791, -8057900, 25967126, -13425460,
+             2825960, -4897045, -23971776, -11267415},
+            {-15924766, -5229880, -17443532, 6410664, 3622847, 10243618,
+             20615400, 12405433, -23753030, -8436416},
+        },
+        {
+            {-7091295, 12556208, -20191352, 9025187, -17072479, 4333801,
+             4378436, 2432030, 23097949, -566018},
+            {4565804, -16025654, 20084412, -7842817, 1724999, 189254, 24767264,
+             10103221, -18512313, 2424778},
+            {366633, -11976806, 8173090, -6890119, 30788634, 5745705, -7168678,
+             1344109, -3642553, 12412659},
+        },
+        {
+            {-24001791, 7690286, 14929416, -168257, -32210835, -13412986,
+             24162697, -15326504, -3141501, 11179385},
+            {18289522, -14724954, 8056945, 16430056, -21729724, 7842514,
+             -6001441, -1486897, -18684645, -11443503},
+            {476239, 6601091, -6152790, -9723375, 17503545, -4863900, 27672959,
+             13403813, 11052904, 5219329},
+        },
+    },
+    {
+        {
+            {20678546, -8375738, -32671898, 8849123, -5009758, 14574752,
+             31186971, -3973730, 9014762, -8579056},
+            {-13644050, -10350239, -15962508, 5075808, -1514661, -11534600,
+             -33102500, 9160280, 8473550, -3256838},
+            {24900749, 14435722, 17209120, -15292541, -22592275, 9878983,
+             -7689309, -16335821, -24568481, 11788948},
+        },
+        {
+            {-3118155, -11395194, -13802089, 14797441, 9652448, -6845904,
+             -20037437, 10410733, -24568470, -1458691},
+            {-15659161, 16736706, -22467150, 10215878, -9097177, 7563911,
+             11871841, -12505194, -18513325, 8464118},
+            {-23400612, 8348507, -14585951, -861714, -3950205, -6373419,
+             14325289, 8628612, 33313881, -8370517},
+        },
+        {
+            {-20186973, -4967935, 22367356, 5271547, -1097117, -4788838,
+             -24805667, -10236854, -8940735, -5818269},
+            {-6948785, -1795212, -32625683, -16021179, 32635414, -7374245,
+             15989197, -12838188, 28358192, -4253904},
+            {-23561781, -2799059, -32351682, -1661963, -9147719, 10429267,
+             -16637684, 4072016, -5351664, 5596589},
+        },
+        {
+            {-28236598, -3390048, 12312896, 6213178, 3117142, 16078565,
+             29266239, 2557221, 1768301, 15373193},
+            {-7243358, -3246960, -4593467, -7553353, -127927, -912245, -1090902,
+             -4504991, -24660491, 3442910},
+            {-30210571, 5124043, 14181784, 8197961, 18964734, -11939093,
+             22597931, 7176455, -18585478, 13365930},
+        },
+        {
+            {-7877390, -1499958, 8324673, 4690079, 6261860, 890446, 24538107,
+             -8570186, -9689599, -3031667},
+            {25008904, -10771599, -4305031, -9638010, 16265036, 15721635,
+             683793, -11823784, 15723479, -15163481},
+            {-9660625, 12374379, -27006999, -7026148, -7724114, -12314514,
+             11879682, 5400171, 519526, -1235876},
+        },
+        {
+            {22258397, -16332233, -7869817, 14613016, -22520255, -2950923,
+             -20353881, 7315967, 16648397, 7605640},
+            {-8081308, -8464597, -8223311, 9719710, 19259459, -15348212,
+             23994942, -5281555, -9468848, 4763278},
+            {-21699244, 9220969, -15730624, 1084137, -25476107, -2852390,
+             31088447, -7764523, -11356529, 728112},
+        },
+        {
+            {26047220, -11751471, -6900323, -16521798, 24092068, 9158119,
+             -4273545, -12555558, -29365436, -5498272},
+            {17510331, -322857, 5854289, 8403524, 17133918, -3112612, -28111007,
+             12327945, 10750447, 10014012},
+            {-10312768, 3936952, 9156313, -8897683, 16498692, -994647,
+             -27481051, -666732, 3424691, 7540221},
+        },
+        {
+            {30322361, -6964110, 11361005, -4143317, 7433304, 4989748, -7071422,
+             -16317219, -9244265, 15258046},
+            {13054562, -2779497, 19155474, 469045, -12482797, 4566042, 5631406,
+             2711395, 1062915, -5136345},
+            {-19240248, -11254599, -29509029, -7499965, -5835763, 13005411,
+             -6066489, 12194497, 32960380, 1459310},
+        },
+    },
+    {
+        {
+            {19852034, 7027924, 23669353, 10020366, 8586503, -6657907, 394197,
+             -6101885, 18638003, -11174937},
+            {31395534, 15098109, 26581030, 8030562, -16527914, -5007134,
+             9012486, -7584354, -6643087, -5442636},
+            {-9192165, -2347377, -1997099, 4529534, 25766844, 607986, -13222,
+             9677543, -32294889, -6456008},
+        },
+        {
+            {-2444496, -149937, 29348902, 8186665, 1873760, 12489863, -30934579,
+             -7839692, -7852844, -8138429},
+            {-15236356, -15433509, 7766470, 746860, 26346930, -10221762,
+             -27333451, 10754588, -9431476, 5203576},
+            {31834314, 14135496, -770007, 5159118, 20917671, -16768096,
+             -7467973, -7337524, 31809243, 7347066},
+        },
+        {
+            {-9606723, -11874240, 20414459, 13033986, 13716524, -11691881,
+             19797970, -12211255, 15192876, -2087490},
+            {-12663563, -2181719, 1168162, -3804809, 26747877, -14138091,
+             10609330, 12694420, 33473243, -13382104},
+            {33184999, 11180355, 15832085, -11385430, -1633671, 225884,
+             15089336, -11023903, -6135662, 14480053},
+        },
+        {
+            {31308717, -5619998, 31030840, -1897099, 15674547, -6582883,
+             5496208, 13685227, 27595050, 8737275},
+            {-20318852, -15150239, 10933843, -16178022, 8335352, -7546022,
+             -31008351, -12610604, 26498114, 66511},
+            {22644454, -8761729, -16671776, 4884562, -3105614, -13559366,
+             30540766, -4286747, -13327787, -7515095},
+        },
+        {
+            {-28017847, 9834845, 18617207, -2681312, -3401956, -13307506,
+             8205540, 13585437, -17127465, 15115439},
+            {23711543, -672915, 31206561, -8362711, 6164647, -9709987,
+             -33535882, -1426096, 8236921, 16492939},
+            {-23910559, -13515526, -26299483, -4503841, 25005590, -7687270,
+             19574902, 10071562, 6708380, -6222424},
+        },
+        {
+            {2101391, -4930054, 19702731, 2367575, -15427167, 1047675, 5301017,
+             9328700, 29955601, -11678310},
+            {3096359, 9271816, -21620864, -15521844, -14847996, -7592937,
+             -25892142, -12635595, -9917575, 6216608},
+            {-32615849, 338663, -25195611, 2510422, -29213566, -13820213,
+             24822830, -6146567, -26767480, 7525079},
+        },
+        {
+            {-23066649, -13985623, 16133487, -7896178, -3389565, 778788,
+             -910336, -2782495, -19386633, 11994101},
+            {21691500, -13624626, -641331, -14367021, 3285881, -3483596,
+             -25064666, 9718258, -7477437, 13381418},
+            {18445390, -4202236, 14979846, 11622458, -1727110, -3582980,
+             23111648, -6375247, 28535282, 15779576},
+        },
+        {
+            {30098053, 3089662, -9234387, 16662135, -21306940, 11308411,
+             -14068454, 12021730, 9955285, -16303356},
+            {9734894, -14576830, -7473633, -9138735, 2060392, 11313496,
+             -18426029, 9924399, 20194861, 13380996},
+            {-26378102, -7965207, -22167821, 15789297, -18055342, -6168792,
+             -1984914, 15707771, 26342023, 10146099},
+        },
+    },
+    {
+        {
+            {-26016874, -219943, 21339191, -41388, 19745256, -2878700,
+             -29637280, 2227040, 21612326, -545728},
+            {-13077387, 1184228, 23562814, -5970442, -20351244, -6348714,
+             25764461, 12243797, -20856566, 11649658},
+            {-10031494, 11262626, 27384172, 2271902, 26947504, -15997771, 39944,
+             6114064, 33514190, 2333242},
+        },
+        {
+            {-21433588, -12421821, 8119782, 7219913, -21830522, -9016134,
+             -6679750, -12670638, 24350578, -13450001},
+            {-4116307, -11271533, -23886186, 4843615, -30088339, 690623,
+             -31536088, -10406836, 8317860, 12352766},
+            {18200138, -14475911, -33087759, -2696619, -23702521, -9102511,
+             -23552096, -2287550, 20712163, 6719373},
+        },
+        {
+            {26656208, 6075253, -7858556, 1886072, -28344043, 4262326, 11117530,
+             -3763210, 26224235, -3297458},
+            {-17168938, -14854097, -3395676, -16369877, -19954045, 14050420,
+             21728352, 9493610, 18620611, -16428628},
+            {-13323321, 13325349, 11432106, 5964811, 18609221, 6062965,
+             -5269471, -9725556, -30701573, -16479657},
+        },
+        {
+            {-23860538, -11233159, 26961357, 1640861, -32413112, -16737940,
+             12248509, -5240639, 13735342, 1934062},
+            {25089769, 6742589, 17081145, -13406266, 21909293, -16067981,
+             -15136294, -3765346, -21277997, 5473616},
+            {31883677, -7961101, 1083432, -11572403, 22828471, 13290673,
+             -7125085, 12469656, 29111212, -5451014},
+        },
+        {
+            {24244947, -15050407, -26262976, 2791540, -14997599, 16666678,
+             24367466, 6388839, -10295587, 452383},
+            {-25640782, -3417841, 5217916, 16224624, 19987036, -4082269,
+             -24236251, -5915248, 15766062, 8407814},
+            {-20406999, 13990231, 15495425, 16395525, 5377168, 15166495,
+             -8917023, -4388953, -8067909, 2276718},
+        },
+        {
+            {30157918, 12924066, -17712050, 9245753, 19895028, 3368142,
+             -23827587, 5096219, 22740376, -7303417},
+            {2041139, -14256350, 7783687, 13876377, -25946985, -13352459,
+             24051124, 13742383, -15637599, 13295222},
+            {33338237, -8505733, 12532113, 7977527, 9106186, -1715251,
+             -17720195, -4612972, -4451357, -14669444},
+        },
+        {
+            {-20045281, 5454097, -14346548, 6447146, 28862071, 1883651,
+             -2469266, -4141880, 7770569, 9620597},
+            {23208068, 7979712, 33071466, 8149229, 1758231, -10834995, 30945528,
+             -1694323, -33502340, -14767970},
+            {1439958, -16270480, -1079989, -793782, 4625402, 10647766, -5043801,
+             1220118, 30494170, -11440799},
+        },
+        {
+            {-5037580, -13028295, -2970559, -3061767, 15640974, -6701666,
+             -26739026, 926050, -1684339, -13333647},
+            {13908495, -3549272, 30919928, -6273825, -21521863, 7989039,
+             9021034, 9078865, 3353509, 4033511},
+            {-29663431, -15113610, 32259991, -344482, 24295849, -12912123,
+             23161163, 8839127, 27485041, 7356032},
+        },
+    },
+    {
+        {
+            {9661027, 705443, 11980065, -5370154, -1628543, 14661173, -6346142,
+             2625015, 28431036, -16771834},
+            {-23839233, -8311415, -25945511, 7480958, -17681669, -8354183,
+             -22545972, 14150565, 15970762, 4099461},
+            {29262576, 16756590, 26350592, -8793563, 8529671, -11208050,
+             13617293, -9937143, 11465739, 8317062},
+        },
+        {
+            {-25493081, -6962928, 32500200, -9419051, -23038724, -2302222,
+             14898637, 3848455, 20969334, -5157516},
+            {-20384450, -14347713, -18336405, 13884722, -33039454, 2842114,
+             -21610826, -3649888, 11177095, 14989547},
+            {-24496721, -11716016, 16959896, 2278463, 12066309, 10137771,
+             13515641, 2581286, -28487508, 9930240},
+        },
+        {
+            {-17751622, -2097826, 16544300, -13009300, -15914807, -14949081,
+             18345767, -13403753, 16291481, -5314038},
+            {-33229194, 2553288, 32678213, 9875984, 8534129, 6889387, -9676774,
+             6957617, 4368891, 9788741},
+            {16660756, 7281060, -10830758, 12911820, 20108584, -8101676,
+             -21722536, -8613148, 16250552, -11111103},
+        },
+        {
+            {-19765507, 2390526, -16551031, 14161980, 1905286, 6414907, 4689584,
+             10604807, -30190403, 4782747},
+            {-1354539, 14736941, -7367442, -13292886, 7710542, -14155590,
+             -9981571, 4383045, 22546403, 437323},
+            {31665577, -12180464, -16186830, 1491339, -18368625, 3294682,
+             27343084, 2786261, -30633590, -14097016},
+        },
+        {
+            {-14467279, -683715, -33374107, 7448552, 19294360, 14334329,
+             -19690631, 2355319, -19284671, -6114373},
+            {15121312, -15796162, 6377020, -6031361, -10798111, -12957845,
+             18952177, 15496498, -29380133, 11754228},
+            {-2637277, -13483075, 8488727, -14303896, 12728761, -1622493,
+             7141596, 11724556, 22761615, -10134141},
+        },
+        {
+            {16918416, 11729663, -18083579, 3022987, -31015732, -13339659,
+             -28741185, -12227393, 32851222, 11717399},
+            {11166634, 7338049, -6722523, 4531520, -29468672, -7302055,
+             31474879, 3483633, -1193175, -4030831},
+            {-185635, 9921305, 31456609, -13536438, -12013818, 13348923,
+             33142652, 6546660, -19985279, -3948376},
+        },
+        {
+            {-32460596, 11266712, -11197107, -7899103, 31703694, 3855903,
+             -8537131, -12833048, -30772034, -15486313},
+            {-18006477, 12709068, 3991746, -6479188, -21491523, -10550425,
+             -31135347, -16049879, 10928917, 3011958},
+            {-6957757, -15594337, 31696059, 334240, 29576716, 14796075,
+             -30831056, -12805180, 18008031, 10258577},
+        },
+        {
+            {-22448644, 15655569, 7018479, -4410003, -30314266, -1201591,
+             -1853465, 1367120, 25127874, 6671743},
+            {29701166, -14373934, -10878120, 9279288, -17568, 13127210,
+             21382910, 11042292, 25838796, 4642684},
+            {-20430234, 14955537, -24126347, 8124619, -5369288, -5990470,
+             30468147, -13900640, 18423289, 4177476},
+        },
+    },
+};
+
+static uint8_t negative(signed char b)
+{
+    uint32_t x = b;
+
+    x >>= 31; /* 1: yes; 0: no */
+    return x;
+}
+
+static void table_select(ge_precomp *t, int pos, signed char b)
+{
+    ge_precomp minust;
+    uint8_t bnegative = negative(b);
+    uint8_t babs = b - ((uint8_t)((-bnegative) & b) << 1);
+
+    ge_precomp_0(t);
+    cmov(t, &k25519Precomp[pos][0], equal(babs, 1));
+    cmov(t, &k25519Precomp[pos][1], equal(babs, 2));
+    cmov(t, &k25519Precomp[pos][2], equal(babs, 3));
+    cmov(t, &k25519Precomp[pos][3], equal(babs, 4));
+    cmov(t, &k25519Precomp[pos][4], equal(babs, 5));
+    cmov(t, &k25519Precomp[pos][5], equal(babs, 6));
+    cmov(t, &k25519Precomp[pos][6], equal(babs, 7));
+    cmov(t, &k25519Precomp[pos][7], equal(babs, 8));
+    fe_copy(minust.yplusx, t->yminusx);
+    fe_copy(minust.yminusx, t->yplusx);
+    fe_neg(minust.xy2d, t->xy2d);
+    cmov(t, &minust, bnegative);
+}
+
+/*
+ * h = a * B
+ *
+ * where a = a[0]+256*a[1]+...+256^31 a[31]
+ * B is the Ed25519 base point (x,4/5) with x positive.
+ *
+ * Preconditions:
+ *   a[31] <= 127
+ */
+static void ge_scalarmult_base(ge_p3 *h, const uint8_t *a)
+{
+    signed char e[64];
+    signed char carry;
+    ge_p1p1 r;
+    ge_p2 s;
+    ge_precomp t;
+    int i;
+
+    for (i = 0; i < 32; ++i) {
+        e[2 * i + 0] = (a[i] >> 0) & 15;
+        e[2 * i + 1] = (a[i] >> 4) & 15;
+    }
+    /* each e[i] is between 0 and 15 */
+    /* e[63] is between 0 and 7 */
+
+    carry = 0;
+    for (i = 0; i < 63; ++i) {
+        e[i] += carry;
+        carry = e[i] + 8;
+        carry >>= 4;
+        e[i] -= carry << 4;
+    }
+    e[63] += carry;
+    /* each e[i] is between -8 and 8 */
+
+    ge_p3_0(h);
+    for (i = 1; i < 64; i += 2) {
+        table_select(&t, i / 2, e[i]);
+        ge_madd(&r, h, &t);
+        ge_p1p1_to_p3(h, &r);
+    }
+
+    ge_p3_dbl(&r, h);
+    ge_p1p1_to_p2(&s, &r);
+    ge_p2_dbl(&r, &s);
+    ge_p1p1_to_p2(&s, &r);
+    ge_p2_dbl(&r, &s);
+    ge_p1p1_to_p2(&s, &r);
+    ge_p2_dbl(&r, &s);
+    ge_p1p1_to_p3(h, &r);
+
+    for (i = 0; i < 64; i += 2) {
+        table_select(&t, i / 2, e[i]);
+        ge_madd(&r, h, &t);
+        ge_p1p1_to_p3(h, &r);
+    }
+
+    OPENSSL_cleanse(e, sizeof(e));
+}
+
+#if !defined(BASE_2_51_IMPLEMENTED)
+/*
+ * Replace (f,g) with (g,f) if b == 1;
+ * replace (f,g) with (f,g) if b == 0.
+ *
+ * Preconditions: b in {0,1}.
+ */
+static void fe_cswap(fe f, fe g, unsigned int b)
+{
+    size_t i;
+
+    b = 0-b;
+    for (i = 0; i < 10; i++) {
+        int32_t x = f[i] ^ g[i];
+        x &= b;
+        f[i] ^= x;
+        g[i] ^= x;
+    }
+}
+
+/*
+ * h = f * 121666
+ *
+ * Can overlap h with f.
+ *
+ * Preconditions:
+ *    |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+ *
+ * Postconditions:
+ *    |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+ */
+static void fe_mul121666(fe h, fe f)
+{
+    int32_t f0 = f[0];
+    int32_t f1 = f[1];
+    int32_t f2 = f[2];
+    int32_t f3 = f[3];
+    int32_t f4 = f[4];
+    int32_t f5 = f[5];
+    int32_t f6 = f[6];
+    int32_t f7 = f[7];
+    int32_t f8 = f[8];
+    int32_t f9 = f[9];
+    int64_t h0 = f0 * (int64_t) 121666;
+    int64_t h1 = f1 * (int64_t) 121666;
+    int64_t h2 = f2 * (int64_t) 121666;
+    int64_t h3 = f3 * (int64_t) 121666;
+    int64_t h4 = f4 * (int64_t) 121666;
+    int64_t h5 = f5 * (int64_t) 121666;
+    int64_t h6 = f6 * (int64_t) 121666;
+    int64_t h7 = f7 * (int64_t) 121666;
+    int64_t h8 = f8 * (int64_t) 121666;
+    int64_t h9 = f9 * (int64_t) 121666;
+    int64_t carry0;
+    int64_t carry1;
+    int64_t carry2;
+    int64_t carry3;
+    int64_t carry4;
+    int64_t carry5;
+    int64_t carry6;
+    int64_t carry7;
+    int64_t carry8;
+    int64_t carry9;
+
+    carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits;
+    carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits;
+    carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits;
+    carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits;
+    carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits;
+
+    carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
+    carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits;
+    carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
+    carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits;
+    carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits;
+
+    h[0] = (int32_t)h0;
+    h[1] = (int32_t)h1;
+    h[2] = (int32_t)h2;
+    h[3] = (int32_t)h3;
+    h[4] = (int32_t)h4;
+    h[5] = (int32_t)h5;
+    h[6] = (int32_t)h6;
+    h[7] = (int32_t)h7;
+    h[8] = (int32_t)h8;
+    h[9] = (int32_t)h9;
+}
+
+static void x25519_scalar_mult_generic(uint8_t out[32],
+                                       const uint8_t scalar[32],
+                                       const uint8_t point[32]) {
+    fe x1, x2, z2, x3, z3, tmp0, tmp1;
+    uint8_t e[32];
+    unsigned swap = 0;
+    int pos;
+
+    memcpy(e, scalar, 32);
+    e[0] &= 248;
+    e[31] &= 127;
+    e[31] |= 64;
+    fe_frombytes(x1, point);
+    fe_1(x2);
+    fe_0(z2);
+    fe_copy(x3, x1);
+    fe_1(z3);
+
+    for (pos = 254; pos >= 0; --pos) {
+        unsigned b = 1 & (e[pos / 8] >> (pos & 7));
+        swap ^= b;
+        fe_cswap(x2, x3, swap);
+        fe_cswap(z2, z3, swap);
+        swap = b;
+        fe_sub(tmp0, x3, z3);
+        fe_sub(tmp1, x2, z2);
+        fe_add(x2, x2, z2);
+        fe_add(z2, x3, z3);
+        fe_mul(z3, tmp0, x2);
+        fe_mul(z2, z2, tmp1);
+        fe_sq(tmp0, tmp1);
+        fe_sq(tmp1, x2);
+        fe_add(x3, z3, z2);
+        fe_sub(z2, z3, z2);
+        fe_mul(x2, tmp1, tmp0);
+        fe_sub(tmp1, tmp1, tmp0);
+        fe_sq(z2, z2);
+        fe_mul121666(z3, tmp1);
+        fe_sq(x3, x3);
+        fe_add(tmp0, tmp0, z3);
+        fe_mul(z3, x1, z2);
+        fe_mul(z2, tmp1, tmp0);
+    }
+
+    fe_invert(z2, z2);
+    fe_mul(x2, x2, z2);
+    fe_tobytes(out, x2);
+
+    OPENSSL_cleanse(e, sizeof(e));
+}
+
+static void x25519_scalar_mult(uint8_t out[32], const uint8_t scalar[32],
+                               const uint8_t point[32]) {
+    x25519_scalar_mult_generic(out, scalar, point);
+}
+#endif
+
+static void slide(signed char *r, const uint8_t *a)
+{
+    int i;
+    int b;
+    int k;
+
+    for (i = 0; i < 256; ++i) {
+        r[i] = 1 & (a[i >> 3] >> (i & 7));
+    }
+
+    for (i = 0; i < 256; ++i) {
+        if (r[i]) {
+            for (b = 1; b <= 6 && i + b < 256; ++b) {
+                if (r[i + b]) {
+                    if (r[i] + (r[i + b] << b) <= 15) {
+                        r[i] += r[i + b] << b;
+                        r[i + b] = 0;
+                    } else if (r[i] - (r[i + b] << b) >= -15) {
+                        r[i] -= r[i + b] << b;
+                        for (k = i + b; k < 256; ++k) {
+                            if (!r[k]) {
+                                r[k] = 1;
+                                break;
+                            }
+                            r[k] = 0;
+                        }
+                    } else {
+                        break;
+                    }
+                }
+            }
+        }
+    }
+}
+
+static const ge_precomp Bi[8] = {
+    {
+        {25967493, -14356035, 29566456, 3660896, -12694345, 4014787, 27544626,
+         -11754271, -6079156, 2047605},
+        {-12545711, 934262, -2722910, 3049990, -727428, 9406986, 12720692,
+         5043384, 19500929, -15469378},
+        {-8738181, 4489570, 9688441, -14785194, 10184609, -12363380, 29287919,
+         11864899, -24514362, -4438546},
+    },
+    {
+        {15636291, -9688557, 24204773, -7912398, 616977, -16685262, 27787600,
+         -14772189, 28944400, -1550024},
+        {16568933, 4717097, -11556148, -1102322, 15682896, -11807043, 16354577,
+         -11775962, 7689662, 11199574},
+        {30464156, -5976125, -11779434, -15670865, 23220365, 15915852, 7512774,
+         10017326, -17749093, -9920357},
+    },
+    {
+        {10861363, 11473154, 27284546, 1981175, -30064349, 12577861, 32867885,
+         14515107, -15438304, 10819380},
+        {4708026, 6336745, 20377586, 9066809, -11272109, 6594696, -25653668,
+         12483688, -12668491, 5581306},
+        {19563160, 16186464, -29386857, 4097519, 10237984, -4348115, 28542350,
+         13850243, -23678021, -15815942},
+    },
+    {
+        {5153746, 9909285, 1723747, -2777874, 30523605, 5516873, 19480852,
+         5230134, -23952439, -15175766},
+        {-30269007, -3463509, 7665486, 10083793, 28475525, 1649722, 20654025,
+         16520125, 30598449, 7715701},
+        {28881845, 14381568, 9657904, 3680757, -20181635, 7843316, -31400660,
+         1370708, 29794553, -1409300},
+    },
+    {
+        {-22518993, -6692182, 14201702, -8745502, -23510406, 8844726, 18474211,
+         -1361450, -13062696, 13821877},
+        {-6455177, -7839871, 3374702, -4740862, -27098617, -10571707, 31655028,
+         -7212327, 18853322, -14220951},
+        {4566830, -12963868, -28974889, -12240689, -7602672, -2830569, -8514358,
+         -10431137, 2207753, -3209784},
+    },
+    {
+        {-25154831, -4185821, 29681144, 7868801, -6854661, -9423865, -12437364,
+         -663000, -31111463, -16132436},
+        {25576264, -2703214, 7349804, -11814844, 16472782, 9300885, 3844789,
+         15725684, 171356, 6466918},
+        {23103977, 13316479, 9739013, -16149481, 817875, -15038942, 8965339,
+         -14088058, -30714912, 16193877},
+    },
+    {
+        {-33521811, 3180713, -2394130, 14003687, -16903474, -16270840, 17238398,
+         4729455, -18074513, 9256800},
+        {-25182317, -4174131, 32336398, 5036987, -21236817, 11360617, 22616405,
+         9761698, -19827198, 630305},
+        {-13720693, 2639453, -24237460, -7406481, 9494427, -5774029, -6554551,
+         -15960994, -2449256, -14291300},
+    },
+    {
+        {-3151181, -5046075, 9282714, 6866145, -31907062, -863023, -18940575,
+         15033784, 25105118, -7894876},
+        {-24326370, 15950226, -31801215, -14592823, -11662737, -5090925,
+         1573892, -2625887, 2198790, -15804619},
+        {-3099351, 10324967, -2241613, 7453183, -5446979, -2735503, -13812022,
+         -16236442, -32461234, -12290683},
+    },
+};
+
+/*
+ * r = a * A + b * B
+ *
+ * where a = a[0]+256*a[1]+...+256^31 a[31].
+ * and b = b[0]+256*b[1]+...+256^31 b[31].
+ * B is the Ed25519 base point (x,4/5) with x positive.
+ */
+static void ge_double_scalarmult_vartime(ge_p2 *r, const uint8_t *a,
+                                         const ge_p3 *A, const uint8_t *b)
+{
+    signed char aslide[256];
+    signed char bslide[256];
+    ge_cached Ai[8]; /* A,3A,5A,7A,9A,11A,13A,15A */
+    ge_p1p1 t;
+    ge_p3 u;
+    ge_p3 A2;
+    int i;
+
+    slide(aslide, a);
+    slide(bslide, b);
+
+    ge_p3_to_cached(&Ai[0], A);
+    ge_p3_dbl(&t, A);
+    ge_p1p1_to_p3(&A2, &t);
+    ge_add(&t, &A2, &Ai[0]);
+    ge_p1p1_to_p3(&u, &t);
+    ge_p3_to_cached(&Ai[1], &u);
+    ge_add(&t, &A2, &Ai[1]);
+    ge_p1p1_to_p3(&u, &t);
+    ge_p3_to_cached(&Ai[2], &u);
+    ge_add(&t, &A2, &Ai[2]);
+    ge_p1p1_to_p3(&u, &t);
+    ge_p3_to_cached(&Ai[3], &u);
+    ge_add(&t, &A2, &Ai[3]);
+    ge_p1p1_to_p3(&u, &t);
+    ge_p3_to_cached(&Ai[4], &u);
+    ge_add(&t, &A2, &Ai[4]);
+    ge_p1p1_to_p3(&u, &t);
+    ge_p3_to_cached(&Ai[5], &u);
+    ge_add(&t, &A2, &Ai[5]);
+    ge_p1p1_to_p3(&u, &t);
+    ge_p3_to_cached(&Ai[6], &u);
+    ge_add(&t, &A2, &Ai[6]);
+    ge_p1p1_to_p3(&u, &t);
+    ge_p3_to_cached(&Ai[7], &u);
+
+    ge_p2_0(r);
+
+    for (i = 255; i >= 0; --i) {
+        if (aslide[i] || bslide[i]) {
+            break;
+        }
+    }
+
+    for (; i >= 0; --i) {
+        ge_p2_dbl(&t, r);
+
+        if (aslide[i] > 0) {
+            ge_p1p1_to_p3(&u, &t);
+            ge_add(&t, &u, &Ai[aslide[i] / 2]);
+        } else if (aslide[i] < 0) {
+            ge_p1p1_to_p3(&u, &t);
+            ge_sub(&t, &u, &Ai[(-aslide[i]) / 2]);
+        }
+
+        if (bslide[i] > 0) {
+            ge_p1p1_to_p3(&u, &t);
+            ge_madd(&t, &u, &Bi[bslide[i] / 2]);
+        } else if (bslide[i] < 0) {
+            ge_p1p1_to_p3(&u, &t);
+            ge_msub(&t, &u, &Bi[(-bslide[i]) / 2]);
+        }
+
+        ge_p1p1_to_p2(r, &t);
+    }
+}
+
+/*
+ * The set of scalars is \Z/l
+ * where l = 2^252 + 27742317777372353535851937790883648493.
+ *
+ * Input:
+ *   s[0]+256*s[1]+...+256^63*s[63] = s
+ *
+ * Output:
+ *   s[0]+256*s[1]+...+256^31*s[31] = s mod l
+ *   where l = 2^252 + 27742317777372353535851937790883648493.
+ *   Overwrites s in place.
+*/
+static void x25519_sc_reduce(uint8_t *s)
+{
+    int64_t s0  = kBottom21Bits &  load_3(s);
+    int64_t s1  = kBottom21Bits & (load_4(s +  2) >> 5);
+    int64_t s2  = kBottom21Bits & (load_3(s +  5) >> 2);
+    int64_t s3  = kBottom21Bits & (load_4(s +  7) >> 7);
+    int64_t s4  = kBottom21Bits & (load_4(s + 10) >> 4);
+    int64_t s5  = kBottom21Bits & (load_3(s + 13) >> 1);
+    int64_t s6  = kBottom21Bits & (load_4(s + 15) >> 6);
+    int64_t s7  = kBottom21Bits & (load_3(s + 18) >> 3);
+    int64_t s8  = kBottom21Bits &  load_3(s + 21);
+    int64_t s9  = kBottom21Bits & (load_4(s + 23) >> 5);
+    int64_t s10 = kBottom21Bits & (load_3(s + 26) >> 2);
+    int64_t s11 = kBottom21Bits & (load_4(s + 28) >> 7);
+    int64_t s12 = kBottom21Bits & (load_4(s + 31) >> 4);
+    int64_t s13 = kBottom21Bits & (load_3(s + 34) >> 1);
+    int64_t s14 = kBottom21Bits & (load_4(s + 36) >> 6);
+    int64_t s15 = kBottom21Bits & (load_3(s + 39) >> 3);
+    int64_t s16 = kBottom21Bits &  load_3(s + 42);
+    int64_t s17 = kBottom21Bits & (load_4(s + 44) >> 5);
+    int64_t s18 = kBottom21Bits & (load_3(s + 47) >> 2);
+    int64_t s19 = kBottom21Bits & (load_4(s + 49) >> 7);
+    int64_t s20 = kBottom21Bits & (load_4(s + 52) >> 4);
+    int64_t s21 = kBottom21Bits & (load_3(s + 55) >> 1);
+    int64_t s22 = kBottom21Bits & (load_4(s + 57) >> 6);
+    int64_t s23 =                 (load_4(s + 60) >> 3);
+    int64_t carry0;
+    int64_t carry1;
+    int64_t carry2;
+    int64_t carry3;
+    int64_t carry4;
+    int64_t carry5;
+    int64_t carry6;
+    int64_t carry7;
+    int64_t carry8;
+    int64_t carry9;
+    int64_t carry10;
+    int64_t carry11;
+    int64_t carry12;
+    int64_t carry13;
+    int64_t carry14;
+    int64_t carry15;
+    int64_t carry16;
+
+    s11 += s23 * 666643;
+    s12 += s23 * 470296;
+    s13 += s23 * 654183;
+    s14 -= s23 * 997805;
+    s15 += s23 * 136657;
+    s16 -= s23 * 683901;
+    s23  = 0;
+
+    s10 += s22 * 666643;
+    s11 += s22 * 470296;
+    s12 += s22 * 654183;
+    s13 -= s22 * 997805;
+    s14 += s22 * 136657;
+    s15 -= s22 * 683901;
+    s22  = 0;
+
+    s9  += s21 * 666643;
+    s10 += s21 * 470296;
+    s11 += s21 * 654183;
+    s12 -= s21 * 997805;
+    s13 += s21 * 136657;
+    s14 -= s21 * 683901;
+    s21  = 0;
+
+    s8  += s20 * 666643;
+    s9  += s20 * 470296;
+    s10 += s20 * 654183;
+    s11 -= s20 * 997805;
+    s12 += s20 * 136657;
+    s13 -= s20 * 683901;
+    s20  = 0;
+
+    s7  += s19 * 666643;
+    s8  += s19 * 470296;
+    s9  += s19 * 654183;
+    s10 -= s19 * 997805;
+    s11 += s19 * 136657;
+    s12 -= s19 * 683901;
+    s19  = 0;
+
+    s6  += s18 * 666643;
+    s7  += s18 * 470296;
+    s8  += s18 * 654183;
+    s9  -= s18 * 997805;
+    s10 += s18 * 136657;
+    s11 -= s18 * 683901;
+    s18  = 0;
+
+    carry6 = (s6 + (1 << 20)) >> 21;
+    s7  += carry6;
+    s6  -= carry6 * (1 << 21);
+    carry8 = (s8 + (1 << 20)) >> 21;
+    s9  += carry8;
+    s8  -= carry8 * (1 << 21);
+    carry10 = (s10 + (1 << 20)) >> 21;
+    s11 += carry10;
+    s10 -= carry10 * (1 << 21);
+    carry12 = (s12 + (1 << 20)) >> 21;
+    s13 += carry12;
+    s12 -= carry12 * (1 << 21);
+    carry14 = (s14 + (1 << 20)) >> 21;
+    s15 += carry14;
+    s14 -= carry14 * (1 << 21);
+    carry16 = (s16 + (1 << 20)) >> 21;
+    s17 += carry16;
+    s16 -= carry16 * (1 << 21);
+
+    carry7 = (s7 + (1 << 20)) >> 21;
+    s8  += carry7;
+    s7  -= carry7 * (1 << 21);
+    carry9 = (s9 + (1 << 20)) >> 21;
+    s10 += carry9;
+    s9  -= carry9 * (1 << 21);
+    carry11 = (s11 + (1 << 20)) >> 21;
+    s12 += carry11;
+    s11 -= carry11 * (1 << 21);
+    carry13 = (s13 + (1 << 20)) >> 21;
+    s14 += carry13;
+    s13 -= carry13 * (1 << 21);
+    carry15 = (s15 + (1 << 20)) >> 21;
+    s16 += carry15;
+    s15 -= carry15 * (1 << 21);
+
+    s5  += s17 * 666643;
+    s6  += s17 * 470296;
+    s7  += s17 * 654183;
+    s8  -= s17 * 997805;
+    s9  += s17 * 136657;
+    s10 -= s17 * 683901;
+    s17  = 0;
+
+    s4  += s16 * 666643;
+    s5  += s16 * 470296;
+    s6  += s16 * 654183;
+    s7  -= s16 * 997805;
+    s8  += s16 * 136657;
+    s9  -= s16 * 683901;
+    s16  = 0;
+
+    s3  += s15 * 666643;
+    s4  += s15 * 470296;
+    s5  += s15 * 654183;
+    s6  -= s15 * 997805;
+    s7  += s15 * 136657;
+    s8  -= s15 * 683901;
+    s15  = 0;
+
+    s2  += s14 * 666643;
+    s3  += s14 * 470296;
+    s4  += s14 * 654183;
+    s5  -= s14 * 997805;
+    s6  += s14 * 136657;
+    s7  -= s14 * 683901;
+    s14  = 0;
+
+    s1  += s13 * 666643;
+    s2  += s13 * 470296;
+    s3  += s13 * 654183;
+    s4  -= s13 * 997805;
+    s5  += s13 * 136657;
+    s6  -= s13 * 683901;
+    s13  = 0;
+
+    s0  += s12 * 666643;
+    s1  += s12 * 470296;
+    s2  += s12 * 654183;
+    s3  -= s12 * 997805;
+    s4  += s12 * 136657;
+    s5  -= s12 * 683901;
+    s12  = 0;
+
+    carry0 = (s0 + (1 << 20)) >> 21;
+    s1  += carry0;
+    s0  -= carry0 * (1 << 21);
+    carry2 = (s2 + (1 << 20)) >> 21;
+    s3  += carry2;
+    s2  -= carry2 * (1 << 21);
+    carry4 = (s4 + (1 << 20)) >> 21;
+    s5  += carry4;
+    s4  -= carry4 * (1 << 21);
+    carry6 = (s6 + (1 << 20)) >> 21;
+    s7 += carry6;
+    s6 -= carry6 * (1 << 21);
+    carry8 = (s8 + (1 << 20)) >> 21;
+    s9  += carry8;
+    s8  -= carry8 * (1 << 21);
+    carry10 = (s10 + (1 << 20)) >> 21;
+    s11 += carry10;
+    s10 -= carry10 * (1 << 21);
+
+    carry1 = (s1 + (1 << 20)) >> 21;
+    s2  += carry1;
+    s1  -= carry1 * (1 << 21);
+    carry3 = (s3 + (1 << 20)) >> 21;
+    s4  += carry3;
+    s3  -= carry3 * (1 << 21);
+    carry5 = (s5 + (1 << 20)) >> 21;
+    s6  += carry5;
+    s5  -= carry5 * (1 << 21);
+    carry7 = (s7 + (1 << 20)) >> 21;
+    s8  += carry7;
+    s7  -= carry7 * (1 << 21);
+    carry9 = (s9 + (1 << 20)) >> 21;
+    s10 += carry9;
+    s9  -= carry9 * (1 << 21);
+    carry11 = (s11 + (1 << 20)) >> 21;
+    s12 += carry11;
+    s11 -= carry11 * (1 << 21);
+
+    s0  += s12 * 666643;
+    s1  += s12 * 470296;
+    s2  += s12 * 654183;
+    s3  -= s12 * 997805;
+    s4  += s12 * 136657;
+    s5  -= s12 * 683901;
+    s12  = 0;
+
+    carry0 = s0 >> 21;
+    s1  += carry0;
+    s0  -= carry0 * (1 << 21);
+    carry1 = s1 >> 21;
+    s2  += carry1;
+    s1  -= carry1 * (1 << 21);
+    carry2 = s2 >> 21;
+    s3  += carry2;
+    s2  -= carry2 * (1 << 21);
+    carry3 = s3 >> 21;
+    s4  += carry3;
+    s3  -= carry3 * (1 << 21);
+    carry4 = s4 >> 21;
+    s5  += carry4;
+    s4  -= carry4 * (1 << 21);
+    carry5 = s5 >> 21;
+    s6  += carry5;
+    s5  -= carry5 * (1 << 21);
+    carry6 = s6 >> 21;
+    s7  += carry6;
+    s6  -= carry6 * (1 << 21);
+    carry7 = s7 >> 21;
+    s8  += carry7;
+    s7  -= carry7 * (1 << 21);
+    carry8 = s8 >> 21;
+    s9  += carry8;
+    s8  -= carry8 * (1 << 21);
+    carry9 = s9 >> 21;
+    s10 += carry9;
+    s9  -= carry9 * (1 << 21);
+    carry10 = s10 >> 21;
+    s11 += carry10;
+    s10 -= carry10 * (1 << 21);
+    carry11 = s11 >> 21;
+    s12 += carry11;
+    s11 -= carry11 * (1 << 21);
+
+    s0  += s12 * 666643;
+    s1  += s12 * 470296;
+    s2  += s12 * 654183;
+    s3  -= s12 * 997805;
+    s4  += s12 * 136657;
+    s5  -= s12 * 683901;
+    s12  = 0;
+
+    carry0 = s0 >> 21;
+    s1  += carry0;
+    s0  -= carry0 * (1 << 21);
+    carry1 = s1 >> 21;
+    s2  += carry1;
+    s1  -= carry1 * (1 << 21);
+    carry2 = s2 >> 21;
+    s3  += carry2;
+    s2  -= carry2 * (1 << 21);
+    carry3 = s3 >> 21;
+    s4  += carry3;
+    s3  -= carry3 * (1 << 21);
+    carry4 = s4 >> 21;
+    s5  += carry4;
+    s4  -= carry4 * (1 << 21);
+    carry5 = s5 >> 21;
+    s6  += carry5;
+    s5  -= carry5 * (1 << 21);
+    carry6 = s6 >> 21;
+    s7  += carry6;
+    s6  -= carry6 * (1 << 21);
+    carry7 = s7 >> 21;
+    s8  += carry7;
+    s7  -= carry7 * (1 << 21);
+    carry8 = s8 >> 21;
+    s9  += carry8;
+    s8  -= carry8 * (1 << 21);
+    carry9 = s9 >> 21;
+    s10 += carry9;
+    s9  -= carry9 * (1 << 21);
+    carry10 = s10 >> 21;
+    s11 += carry10;
+    s10 -= carry10 * (1 << 21);
+
+    s[ 0] = (uint8_t) (s0  >>  0);
+    s[ 1] = (uint8_t) (s0  >>  8);
+    s[ 2] = (uint8_t)((s0  >> 16) | (s1  <<  5));
+    s[ 3] = (uint8_t) (s1  >>  3);
+    s[ 4] = (uint8_t) (s1  >> 11);
+    s[ 5] = (uint8_t)((s1  >> 19) | (s2  <<  2));
+    s[ 6] = (uint8_t) (s2  >>  6);
+    s[ 7] = (uint8_t)((s2  >> 14) | (s3  <<  7));
+    s[ 8] = (uint8_t) (s3  >>  1);
+    s[ 9] = (uint8_t) (s3  >>  9);
+    s[10] = (uint8_t)((s3  >> 17) | (s4  <<  4));
+    s[11] = (uint8_t) (s4  >>  4);
+    s[12] = (uint8_t) (s4  >> 12);
+    s[13] = (uint8_t)((s4  >> 20) | (s5  <<  1));
+    s[14] = (uint8_t) (s5  >>  7);
+    s[15] = (uint8_t)((s5  >> 15) | (s6  <<  6));
+    s[16] = (uint8_t) (s6  >>  2);
+    s[17] = (uint8_t) (s6  >> 10);
+    s[18] = (uint8_t)((s6  >> 18) | (s7  <<  3));
+    s[19] = (uint8_t) (s7  >>  5);
+    s[20] = (uint8_t) (s7  >> 13);
+    s[21] = (uint8_t) (s8  >>  0);
+    s[22] = (uint8_t) (s8  >>  8);
+    s[23] = (uint8_t)((s8  >> 16) | (s9  <<  5));
+    s[24] = (uint8_t) (s9  >>  3);
+    s[25] = (uint8_t) (s9  >> 11);
+    s[26] = (uint8_t)((s9  >> 19) | (s10 <<  2));
+    s[27] = (uint8_t) (s10 >>  6);
+    s[28] = (uint8_t)((s10 >> 14) | (s11 <<  7));
+    s[29] = (uint8_t) (s11 >>  1);
+    s[30] = (uint8_t) (s11 >>  9);
+    s[31] = (uint8_t) (s11 >> 17);
+}
+
+/*
+ * Input:
+ *   a[0]+256*a[1]+...+256^31*a[31] = a
+ *   b[0]+256*b[1]+...+256^31*b[31] = b
+ *   c[0]+256*c[1]+...+256^31*c[31] = c
+ *
+ * Output:
+ *   s[0]+256*s[1]+...+256^31*s[31] = (ab+c) mod l
+ *   where l = 2^252 + 27742317777372353535851937790883648493.
+ */
+static void sc_muladd(uint8_t *s, const uint8_t *a, const uint8_t *b,
+                      const uint8_t *c)
+{
+    int64_t a0  = kBottom21Bits &  load_3(a);
+    int64_t a1  = kBottom21Bits & (load_4(a +  2) >> 5);
+    int64_t a2  = kBottom21Bits & (load_3(a +  5) >> 2);
+    int64_t a3  = kBottom21Bits & (load_4(a +  7) >> 7);
+    int64_t a4  = kBottom21Bits & (load_4(a + 10) >> 4);
+    int64_t a5  = kBottom21Bits & (load_3(a + 13) >> 1);
+    int64_t a6  = kBottom21Bits & (load_4(a + 15) >> 6);
+    int64_t a7  = kBottom21Bits & (load_3(a + 18) >> 3);
+    int64_t a8  = kBottom21Bits &  load_3(a + 21);
+    int64_t a9  = kBottom21Bits & (load_4(a + 23) >> 5);
+    int64_t a10 = kBottom21Bits & (load_3(a + 26) >> 2);
+    int64_t a11 =                 (load_4(a + 28) >> 7);
+    int64_t b0  = kBottom21Bits &  load_3(b);
+    int64_t b1  = kBottom21Bits & (load_4(b +  2) >> 5);
+    int64_t b2  = kBottom21Bits & (load_3(b +  5) >> 2);
+    int64_t b3  = kBottom21Bits & (load_4(b +  7) >> 7);
+    int64_t b4  = kBottom21Bits & (load_4(b + 10) >> 4);
+    int64_t b5  = kBottom21Bits & (load_3(b + 13) >> 1);
+    int64_t b6  = kBottom21Bits & (load_4(b + 15) >> 6);
+    int64_t b7  = kBottom21Bits & (load_3(b + 18) >> 3);
+    int64_t b8  = kBottom21Bits &  load_3(b + 21);
+    int64_t b9  = kBottom21Bits & (load_4(b + 23) >> 5);
+    int64_t b10 = kBottom21Bits & (load_3(b + 26) >> 2);
+    int64_t b11 =                 (load_4(b + 28) >> 7);
+    int64_t c0  = kBottom21Bits &  load_3(c);
+    int64_t c1  = kBottom21Bits & (load_4(c +  2) >> 5);
+    int64_t c2  = kBottom21Bits & (load_3(c +  5) >> 2);
+    int64_t c3  = kBottom21Bits & (load_4(c +  7) >> 7);
+    int64_t c4  = kBottom21Bits & (load_4(c + 10) >> 4);
+    int64_t c5  = kBottom21Bits & (load_3(c + 13) >> 1);
+    int64_t c6  = kBottom21Bits & (load_4(c + 15) >> 6);
+    int64_t c7  = kBottom21Bits & (load_3(c + 18) >> 3);
+    int64_t c8  = kBottom21Bits &  load_3(c + 21);
+    int64_t c9  = kBottom21Bits & (load_4(c + 23) >> 5);
+    int64_t c10 = kBottom21Bits & (load_3(c + 26) >> 2);
+    int64_t c11 =                 (load_4(c + 28) >> 7);
+    int64_t s0;
+    int64_t s1;
+    int64_t s2;
+    int64_t s3;
+    int64_t s4;
+    int64_t s5;
+    int64_t s6;
+    int64_t s7;
+    int64_t s8;
+    int64_t s9;
+    int64_t s10;
+    int64_t s11;
+    int64_t s12;
+    int64_t s13;
+    int64_t s14;
+    int64_t s15;
+    int64_t s16;
+    int64_t s17;
+    int64_t s18;
+    int64_t s19;
+    int64_t s20;
+    int64_t s21;
+    int64_t s22;
+    int64_t s23;
+    int64_t carry0;
+    int64_t carry1;
+    int64_t carry2;
+    int64_t carry3;
+    int64_t carry4;
+    int64_t carry5;
+    int64_t carry6;
+    int64_t carry7;
+    int64_t carry8;
+    int64_t carry9;
+    int64_t carry10;
+    int64_t carry11;
+    int64_t carry12;
+    int64_t carry13;
+    int64_t carry14;
+    int64_t carry15;
+    int64_t carry16;
+    int64_t carry17;
+    int64_t carry18;
+    int64_t carry19;
+    int64_t carry20;
+    int64_t carry21;
+    int64_t carry22;
+
+    s0  = c0   +   a0 * b0;
+    s1  = c1   +   a0 * b1   +   a1 * b0;
+    s2  = c2   +   a0 * b2   +   a1 * b1   +   a2 * b0;
+    s3  = c3   +   a0 * b3   +   a1 * b2   +   a2 * b1  +   a3 * b0;
+    s4  = c4   +   a0 * b4   +   a1 * b3   +   a2 * b2  +   a3 * b1  +   a4 * b0;
+    s5  = c5   +   a0 * b5   +   a1 * b4   +   a2 * b3  +   a3 * b2  +   a4 * b1  +   a5 * b0;
+    s6  = c6   +   a0 * b6   +   a1 * b5   +   a2 * b4  +   a3 * b3  +   a4 * b2  +   a5 * b1 +   a6 * b0;
+    s7  = c7   +   a0 * b7   +   a1 * b6   +   a2 * b5  +   a3 * b4  +   a4 * b3  +   a5 * b2 +   a6 * b1   +   a7 * b0;
+    s8  = c8   +   a0 * b8   +   a1 * b7   +   a2 * b6  +   a3 * b5  +   a4 * b4  +   a5 * b3 +   a6 * b2   +   a7 * b1   +   a8 * b0;
+    s9  = c9   +   a0 * b9   +   a1 * b8   +   a2 * b7  +   a3 * b6  +   a4 * b5  +   a5 * b4 +   a6 * b3   +   a7 * b2   +   a8 * b1  +   a9 * b0;
+    s10 = c10  +   a0 * b10  +   a1 * b9   +   a2 * b8  +   a3 * b7  +   a4 * b6  +   a5 * b5 +   a6 * b4   +   a7 * b3   +   a8 * b2  +   a9 * b1  +  a10 * b0;
+    s11 = c11  +   a0 * b11  +   a1 * b10  +   a2 * b9  +   a3 * b8  +   a4 * b7  +   a5 * b6 +   a6 * b5   +   a7 * b4   +   a8 * b3  +   a9 * b2  +  a10 * b1  +  a11 * b0;
+    s12 =          a1 * b11  +   a2 * b10  +   a3 * b9  +   a4 * b8  +   a5 * b7  +   a6 * b6 +   a7 * b5   +   a8 * b4   +   a9 * b3  +  a10 * b2  +  a11 * b1;
+    s13 =          a2 * b11  +   a3 * b10  +   a4 * b9  +   a5 * b8  +   a6 * b7  +   a7 * b6 +   a8 * b5   +   a9 * b4   +  a10 * b3  +  a11 * b2;
+    s14 =          a3 * b11  +   a4 * b10  +   a5 * b9  +   a6 * b8  +   a7 * b7  +   a8 * b6 +   a9 * b5   +  a10 * b4   +  a11 * b3;
+    s15 =          a4 * b11  +   a5 * b10  +   a6 * b9  +   a7 * b8  +   a8 * b7  +   a9 * b6 +  a10 * b5   +  a11 * b4;
+    s16 =          a5 * b11  +   a6 * b10  +   a7 * b9  +   a8 * b8  +   a9 * b7  +  a10 * b6 +  a11 * b5;
+    s17 =          a6 * b11  +   a7 * b10  +   a8 * b9  +   a9 * b8  +  a10 * b7  +  a11 * b6;
+    s18 =          a7 * b11  +   a8 * b10  +   a9 * b9  +  a10 * b8  +  a11 * b7;
+    s19 =          a8 * b11  +   a9 * b10  +  a10 * b9  +  a11 * b8;
+    s20 =          a9 * b11  +  a10 * b10  +  a11 * b9;
+    s21 =         a10 * b11  +  a11 * b10;
+    s22 =         a11 * b11;
+    s23 =         0;
+
+    carry0 = (s0 + (1 << 20)) >> 21;
+    s1  += carry0;
+    s0  -= carry0 * (1 << 21);
+    carry2 = (s2 + (1 << 20)) >> 21;
+    s3  += carry2;
+    s2  -= carry2 * (1 << 21);
+    carry4 = (s4 + (1 << 20)) >> 21;
+    s5  += carry4;
+    s4  -= carry4 * (1 << 21);
+    carry6 = (s6 + (1 << 20)) >> 21;
+    s7  += carry6;
+    s6  -= carry6 * (1 << 21);
+    carry8 = (s8 + (1 << 20)) >> 21;
+    s9  += carry8;
+    s8  -= carry8 * (1 << 21);
+    carry10 = (s10 + (1 << 20)) >> 21;
+    s11 += carry10;
+    s10 -= carry10 * (1 << 21);
+    carry12 = (s12 + (1 << 20)) >> 21;
+    s13 += carry12;
+    s12 -= carry12 * (1 << 21);
+    carry14 = (s14 + (1 << 20)) >> 21;
+    s15 += carry14;
+    s14 -= carry14 * (1 << 21);
+    carry16 = (s16 + (1 << 20)) >> 21;
+    s17 += carry16;
+    s16 -= carry16 * (1 << 21);
+    carry18 = (s18 + (1 << 20)) >> 21;
+    s19 += carry18;
+    s18 -= carry18 * (1 << 21);
+    carry20 = (s20 + (1 << 20)) >> 21;
+    s21 += carry20;
+    s20 -= carry20 * (1 << 21);
+    carry22 = (s22 + (1 << 20)) >> 21;
+    s23 += carry22;
+    s22 -= carry22 * (1 << 21);
+
+    carry1 = (s1 + (1 << 20)) >> 21;
+    s2  += carry1;
+    s1  -= carry1 * (1 << 21);
+    carry3 = (s3 + (1 << 20)) >> 21;
+    s4  += carry3;
+    s3  -= carry3 * (1 << 21);
+    carry5 = (s5 + (1 << 20)) >> 21;
+    s6  += carry5;
+    s5  -= carry5 * (1 << 21);
+    carry7 = (s7 + (1 << 20)) >> 21;
+    s8  += carry7;
+    s7  -= carry7 * (1 << 21);
+    carry9 = (s9 + (1 << 20)) >> 21;
+    s10 += carry9;
+    s9  -= carry9 * (1 << 21);
+    carry11 = (s11 + (1 << 20)) >> 21;
+    s12 += carry11;
+    s11 -= carry11 * (1 << 21);
+    carry13 = (s13 + (1 << 20)) >> 21;
+    s14 += carry13;
+    s13 -= carry13 * (1 << 21);
+    carry15 = (s15 + (1 << 20)) >> 21;
+    s16 += carry15;
+    s15 -= carry15 * (1 << 21);
+    carry17 = (s17 + (1 << 20)) >> 21;
+    s18 += carry17;
+    s17 -= carry17 * (1 << 21);
+    carry19 = (s19 + (1 << 20)) >> 21;
+    s20 += carry19;
+    s19 -= carry19 * (1 << 21);
+    carry21 = (s21 + (1 << 20)) >> 21;
+    s22 += carry21;
+    s21 -= carry21 * (1 << 21);
+
+    s11 += s23 * 666643;
+    s12 += s23 * 470296;
+    s13 += s23 * 654183;
+    s14 -= s23 * 997805;
+    s15 += s23 * 136657;
+    s16 -= s23 * 683901;
+    s23  = 0;
+
+    s10 += s22 * 666643;
+    s11 += s22 * 470296;
+    s12 += s22 * 654183;
+    s13 -= s22 * 997805;
+    s14 += s22 * 136657;
+    s15 -= s22 * 683901;
+    s22  = 0;
+
+    s9  += s21 * 666643;
+    s10 += s21 * 470296;
+    s11 += s21 * 654183;
+    s12 -= s21 * 997805;
+    s13 += s21 * 136657;
+    s14 -= s21 * 683901;
+    s21  = 0;
+
+    s8  += s20 * 666643;
+    s9  += s20 * 470296;
+    s10 += s20 * 654183;
+    s11 -= s20 * 997805;
+    s12 += s20 * 136657;
+    s13 -= s20 * 683901;
+    s20  = 0;
+
+    s7  += s19 * 666643;
+    s8  += s19 * 470296;
+    s9  += s19 * 654183;
+    s10 -= s19 * 997805;
+    s11 += s19 * 136657;
+    s12 -= s19 * 683901;
+    s19  = 0;
+
+    s6  += s18 * 666643;
+    s7  += s18 * 470296;
+    s8  += s18 * 654183;
+    s9  -= s18 * 997805;
+    s10 += s18 * 136657;
+    s11 -= s18 * 683901;
+    s18  = 0;
+
+    carry6 = (s6 + (1 << 20)) >> 21;
+    s7  += carry6;
+    s6  -= carry6 * (1 << 21);
+    carry8 = (s8 + (1 << 20)) >> 21;
+    s9  += carry8;
+    s8  -= carry8 * (1 << 21);
+    carry10 = (s10 + (1 << 20)) >> 21;
+    s11 += carry10;
+    s10 -= carry10 * (1 << 21);
+    carry12 = (s12 + (1 << 20)) >> 21;
+    s13 += carry12;
+    s12 -= carry12 * (1 << 21);
+    carry14 = (s14 + (1 << 20)) >> 21;
+    s15 += carry14;
+    s14 -= carry14 * (1 << 21);
+    carry16 = (s16 + (1 << 20)) >> 21;
+    s17 += carry16;
+    s16 -= carry16 * (1 << 21);
+
+    carry7 = (s7 + (1 << 20)) >> 21;
+    s8  += carry7;
+    s7  -= carry7 * (1 << 21);
+    carry9 = (s9 + (1 << 20)) >> 21;
+    s10 += carry9;
+    s9  -= carry9 * (1 << 21);
+    carry11 = (s11 + (1 << 20)) >> 21;
+    s12 += carry11;
+    s11 -= carry11 * (1 << 21);
+    carry13 = (s13 + (1 << 20)) >> 21;
+    s14 += carry13;
+    s13 -= carry13 * (1 << 21);
+    carry15 = (s15 + (1 << 20)) >> 21;
+    s16 += carry15;
+    s15 -= carry15 * (1 << 21);
+
+    s5  += s17 * 666643;
+    s6  += s17 * 470296;
+    s7  += s17 * 654183;
+    s8  -= s17 * 997805;
+    s9  += s17 * 136657;
+    s10 -= s17 * 683901;
+    s17  = 0;
+
+    s4  += s16 * 666643;
+    s5  += s16 * 470296;
+    s6  += s16 * 654183;
+    s7  -= s16 * 997805;
+    s8  += s16 * 136657;
+    s9  -= s16 * 683901;
+    s16  = 0;
+
+    s3  += s15 * 666643;
+    s4  += s15 * 470296;
+    s5  += s15 * 654183;
+    s6  -= s15 * 997805;
+    s7  += s15 * 136657;
+    s8  -= s15 * 683901;
+    s15  = 0;
+
+    s2  += s14 * 666643;
+    s3  += s14 * 470296;
+    s4  += s14 * 654183;
+    s5  -= s14 * 997805;
+    s6  += s14 * 136657;
+    s7  -= s14 * 683901;
+    s14  = 0;
+
+    s1  += s13 * 666643;
+    s2  += s13 * 470296;
+    s3  += s13 * 654183;
+    s4  -= s13 * 997805;
+    s5  += s13 * 136657;
+    s6  -= s13 * 683901;
+    s13  = 0;
+
+    s0  += s12 * 666643;
+    s1  += s12 * 470296;
+    s2  += s12 * 654183;
+    s3  -= s12 * 997805;
+    s4  += s12 * 136657;
+    s5  -= s12 * 683901;
+    s12 = 0;
+
+    carry0 = (s0 + (1 << 20)) >> 21;
+    s1  += carry0;
+    s0  -= carry0 * (1 << 21);
+    carry2 = (s2 + (1 << 20)) >> 21;
+    s3  += carry2;
+    s2  -= carry2 * (1 << 21);
+    carry4 = (s4 + (1 << 20)) >> 21;
+    s5  += carry4;
+    s4  -= carry4 * (1 << 21);
+    carry6 = (s6 + (1 << 20)) >> 21;
+    s7  += carry6;
+    s6  -= carry6 * (1 << 21);
+    carry8 = (s8 + (1 << 20)) >> 21;
+    s9  += carry8;
+    s8  -= carry8 * (1 << 21);
+    carry10 = (s10 + (1 << 20)) >> 21;
+    s11 += carry10;
+    s10 -= carry10 * (1 << 21);
+
+    carry1 = (s1 + (1 << 20)) >> 21;
+    s2  += carry1;
+    s1  -= carry1 * (1 << 21);
+    carry3 = (s3 + (1 << 20)) >> 21;
+    s4  += carry3;
+    s3  -= carry3 * (1 << 21);
+    carry5 = (s5 + (1 << 20)) >> 21;
+    s6  += carry5;
+    s5  -= carry5 * (1 << 21);
+    carry7 = (s7 + (1 << 20)) >> 21;
+    s8  += carry7;
+    s7  -= carry7 * (1 << 21);
+    carry9 = (s9 + (1 << 20)) >> 21;
+    s10 += carry9;
+    s9  -= carry9 * (1 << 21);
+    carry11 = (s11 + (1 << 20)) >> 21;
+    s12 += carry11;
+    s11 -= carry11 * (1 << 21);
+
+    s0  += s12 * 666643;
+    s1  += s12 * 470296;
+    s2  += s12 * 654183;
+    s3  -= s12 * 997805;
+    s4  += s12 * 136657;
+    s5  -= s12 * 683901;
+    s12  = 0;
+
+    carry0 = s0 >> 21;
+    s1  += carry0;
+    s0  -= carry0 * (1 << 21);
+    carry1 = s1 >> 21;
+    s2  += carry1;
+    s1  -= carry1 * (1 << 21);
+    carry2 = s2 >> 21;
+    s3  += carry2;
+    s2  -= carry2 * (1 << 21);
+    carry3 = s3 >> 21;
+    s4  += carry3;
+    s3  -= carry3 * (1 << 21);
+    carry4 = s4 >> 21;
+    s5  += carry4;
+    s4  -= carry4 * (1 << 21);
+    carry5 = s5 >> 21;
+    s6  += carry5;
+    s5  -= carry5 * (1 << 21);
+    carry6 = s6 >> 21;
+    s7  += carry6;
+    s6  -= carry6 * (1 << 21);
+    carry7 = s7 >> 21;
+    s8  += carry7;
+    s7  -= carry7 * (1 << 21);
+    carry8 = s8 >> 21;
+    s9  += carry8;
+    s8  -= carry8 * (1 << 21);
+    carry9 = s9 >> 21;
+    s10 += carry9;
+    s9  -= carry9 * (1 << 21);
+    carry10 = s10 >> 21;
+    s11 += carry10;
+    s10 -= carry10 * (1 << 21);
+    carry11 = s11 >> 21;
+    s12 += carry11;
+    s11 -= carry11 * (1 << 21);
+
+    s0  += s12 * 666643;
+    s1  += s12 * 470296;
+    s2  += s12 * 654183;
+    s3  -= s12 * 997805;
+    s4  += s12 * 136657;
+    s5  -= s12 * 683901;
+    s12  = 0;
+
+    carry0 = s0 >> 21;
+    s1  += carry0;
+    s0  -= carry0 * (1 << 21);
+    carry1 = s1 >> 21;
+    s2  += carry1;
+    s1  -= carry1 * (1 << 21);
+    carry2 = s2 >> 21;
+    s3  += carry2;
+    s2  -= carry2 * (1 << 21);
+    carry3 = s3 >> 21;
+    s4  += carry3;
+    s3  -= carry3 * (1 << 21);
+    carry4 = s4 >> 21;
+    s5  += carry4;
+    s4  -= carry4 * (1 << 21);
+    carry5 = s5 >> 21;
+    s6  += carry5;
+    s5  -= carry5 * (1 << 21);
+    carry6 = s6 >> 21;
+    s7  += carry6;
+    s6  -= carry6 * (1 << 21);
+    carry7 = s7 >> 21;
+    s8  += carry7;
+    s7  -= carry7 * (1 << 21);
+    carry8 = s8 >> 21;
+    s9  += carry8;
+    s8  -= carry8 * (1 << 21);
+    carry9 = s9 >> 21;
+    s10 += carry9;
+    s9  -= carry9 * (1 << 21);
+    carry10 = s10 >> 21;
+    s11 += carry10;
+    s10 -= carry10 * (1 << 21);
+
+    s[ 0] = (uint8_t) (s0  >>  0);
+    s[ 1] = (uint8_t) (s0  >>  8);
+    s[ 2] = (uint8_t)((s0  >> 16) | (s1 << 5));
+    s[ 3] = (uint8_t) (s1  >>  3);
+    s[ 4] = (uint8_t) (s1  >> 11);
+    s[ 5] = (uint8_t)((s1  >> 19) | (s2 << 2));
+    s[ 6] = (uint8_t) (s2  >>  6);
+    s[ 7] = (uint8_t)((s2  >> 14) | (s3 << 7));
+    s[ 8] = (uint8_t) (s3  >>  1);
+    s[ 9] = (uint8_t) (s3  >>  9);
+    s[10] = (uint8_t)((s3  >> 17) | (s4 << 4));
+    s[11] = (uint8_t) (s4  >>  4);
+    s[12] = (uint8_t) (s4  >> 12);
+    s[13] = (uint8_t)((s4  >> 20) | (s5 << 1));
+    s[14] = (uint8_t) (s5  >>  7);
+    s[15] = (uint8_t)((s5  >> 15) | (s6 << 6));
+    s[16] = (uint8_t) (s6  >>  2);
+    s[17] = (uint8_t) (s6  >> 10);
+    s[18] = (uint8_t)((s6  >> 18) | (s7 << 3));
+    s[19] = (uint8_t) (s7  >>  5);
+    s[20] = (uint8_t) (s7  >> 13);
+    s[21] = (uint8_t) (s8  >>  0);
+    s[22] = (uint8_t) (s8  >>  8);
+    s[23] = (uint8_t)((s8  >> 16) | (s9 << 5));
+    s[24] = (uint8_t) (s9  >>  3);
+    s[25] = (uint8_t) (s9  >> 11);
+    s[26] = (uint8_t)((s9  >> 19) | (s10 << 2));
+    s[27] = (uint8_t) (s10 >>  6);
+    s[28] = (uint8_t)((s10 >> 14) | (s11 << 7));
+    s[29] = (uint8_t) (s11 >>  1);
+    s[30] = (uint8_t) (s11 >>  9);
+    s[31] = (uint8_t) (s11 >> 17);
+}
+
+int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len,
+                 const uint8_t public_key[32], const uint8_t private_key[32])
+{
+    uint8_t az[SHA512_DIGEST_LENGTH];
+    uint8_t nonce[SHA512_DIGEST_LENGTH];
+    ge_p3 R;
+    uint8_t hram[SHA512_DIGEST_LENGTH];
+    SHA512_CTX hash_ctx;
+
+    SHA512_Init(&hash_ctx);
+    SHA512_Update(&hash_ctx, private_key, 32);
+    SHA512_Final(az, &hash_ctx);
+
+    az[0] &= 248;
+    az[31] &= 63;
+    az[31] |= 64;
+
+    SHA512_Init(&hash_ctx);
+    SHA512_Update(&hash_ctx, az + 32, 32);
+    SHA512_Update(&hash_ctx, message, message_len);
+    SHA512_Final(nonce, &hash_ctx);
+
+    x25519_sc_reduce(nonce);
+    ge_scalarmult_base(&R, nonce);
+    ge_p3_tobytes(out_sig, &R);
+
+    SHA512_Init(&hash_ctx);
+    SHA512_Update(&hash_ctx, out_sig, 32);
+    SHA512_Update(&hash_ctx, public_key, 32);
+    SHA512_Update(&hash_ctx, message, message_len);
+    SHA512_Final(hram, &hash_ctx);
+
+    x25519_sc_reduce(hram);
+    sc_muladd(out_sig + 32, hram, az, nonce);
+
+    OPENSSL_cleanse(&hash_ctx, sizeof(hash_ctx));
+    OPENSSL_cleanse(nonce, sizeof(nonce));
+    OPENSSL_cleanse(az, sizeof(az));
+
+    return 1;
+}
+
+static const char allzeroes[15];
+
+int ED25519_verify(const uint8_t *message, size_t message_len,
+                   const uint8_t signature[64], const uint8_t public_key[32])
+{
+    int i;
+    ge_p3 A;
+    const uint8_t *r, *s;
+    SHA512_CTX hash_ctx;
+    ge_p2 R;
+    uint8_t rcheck[32];
+    uint8_t h[SHA512_DIGEST_LENGTH];
+    /* 27742317777372353535851937790883648493 in little endian format */
+    const uint8_t l_low[16] = {
+        0xED, 0xD3, 0xF5, 0x5C, 0x1A, 0x63, 0x12, 0x58, 0xD6, 0x9C, 0xF7, 0xA2,
+        0xDE, 0xF9, 0xDE, 0x14
+    };
+
+    r = signature;
+    s = signature + 32;
+
+    /*
+     * Check 0 <= s < L where L = 2^252 + 27742317777372353535851937790883648493
+     *
+     * If not the signature is publicly invalid. Since it's public we can do the
+     * check in variable time.
+     *
+     * First check the most significant byte
+     */
+    if (s[31] > 0x10)
+        return 0;
+    if (s[31] == 0x10) {
+        /*
+         * Most significant byte indicates a value close to 2^252 so check the
+         * rest
+         */
+        if (memcmp(s + 16, allzeroes, sizeof(allzeroes)) != 0)
+            return 0;
+        for (i = 15; i >= 0; i--) {
+            if (s[i] < l_low[i])
+                break;
+            if (s[i] > l_low[i])
+                return 0;
+        }
+        if (i < 0)
+            return 0;
+    }
+
+    if (ge_frombytes_vartime(&A, public_key) != 0) {
+        return 0;
+    }
+
+    fe_neg(A.X, A.X);
+    fe_neg(A.T, A.T);
+
+    SHA512_Init(&hash_ctx);
+    SHA512_Update(&hash_ctx, r, 32);
+    SHA512_Update(&hash_ctx, public_key, 32);
+    SHA512_Update(&hash_ctx, message, message_len);
+    SHA512_Final(h, &hash_ctx);
+
+    x25519_sc_reduce(h);
+
+    ge_double_scalarmult_vartime(&R, h, &A, s);
+
+    ge_tobytes(rcheck, &R);
+
+    return CRYPTO_memcmp(rcheck, r, sizeof(rcheck)) == 0;
+}
+
+void ED25519_public_from_private(uint8_t out_public_key[32],
+                                 const uint8_t private_key[32])
+{
+    uint8_t az[SHA512_DIGEST_LENGTH];
+    ge_p3 A;
+
+    SHA512(private_key, 32, az);
+
+    az[0] &= 248;
+    az[31] &= 63;
+    az[31] |= 64;
+
+    ge_scalarmult_base(&A, az);
+    ge_p3_tobytes(out_public_key, &A);
+
+    OPENSSL_cleanse(az, sizeof(az));
+}
+
+int X25519(uint8_t out_shared_key[32], const uint8_t private_key[32],
+           const uint8_t peer_public_value[32])
+{
+    static const uint8_t kZeros[32] = {0};
+    x25519_scalar_mult(out_shared_key, private_key, peer_public_value);
+    /* The all-zero output results when the input is a point of small order. */
+    return CRYPTO_memcmp(kZeros, out_shared_key, 32) != 0;
+}
+
+void X25519_public_from_private(uint8_t out_public_value[32],
+                                const uint8_t private_key[32])
+{
+    uint8_t e[32];
+    ge_p3 A;
+    fe zplusy, zminusy, zminusy_inv;
+
+    memcpy(e, private_key, 32);
+    e[0] &= 248;
+    e[31] &= 127;
+    e[31] |= 64;
+
+    ge_scalarmult_base(&A, e);
+
+    /*
+     * We only need the u-coordinate of the curve25519 point.
+     * The map is u=(y+1)/(1-y). Since y=Y/Z, this gives
+     * u=(Z+Y)/(Z-Y).
+     */
+    fe_add(zplusy, A.Z, A.Y);
+    fe_sub(zminusy, A.Z, A.Y);
+    fe_invert(zminusy_inv, zminusy);
+    fe_mul(zplusy, zplusy, zminusy_inv);
+    fe_tobytes(out_public_value, zplusy);
+
+    OPENSSL_cleanse(e, sizeof(e));
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/arch_32/arch_intrinsics.h b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/arch_32/arch_intrinsics.h
new file mode 100644
index 000000000..48081c771
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/arch_32/arch_intrinsics.h
@@ -0,0 +1,27 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016 Cryptography Research, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Mike Hamburg
+ */
+
+#ifndef HEADER_ARCH_32_ARCH_INTRINSICS_H
+# define HEADER_ARCH_32_ARCH_INTRINSICS_H
+
+#include "internal/constant_time_locl.h"
+
+# define ARCH_WORD_BITS 32
+
+#define word_is_zero(a)     constant_time_is_zero_32(a)
+
+static ossl_inline uint64_t widemul(uint32_t a, uint32_t b)
+{
+    return ((uint64_t)a) * b;
+}
+
+#endif                          /* HEADER_ARCH_32_ARCH_INTRINSICS_H */
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/arch_32/f_impl.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/arch_32/f_impl.c
new file mode 100644
index 000000000..8a89d276e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/arch_32/f_impl.c
@@ -0,0 +1,95 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2014 Cryptography Research, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Mike Hamburg
+ */
+
+#include "field.h"
+
+void gf_mul(gf_s * RESTRICT cs, const gf as, const gf bs)
+{
+    const uint32_t *a = as->limb, *b = bs->limb;
+    uint32_t *c = cs->limb;
+    uint64_t accum0 = 0, accum1 = 0, accum2 = 0;
+    uint32_t mask = (1 << 28) - 1;
+    uint32_t aa[8], bb[8];
+    int i, j;
+
+    for (i = 0; i < 8; i++) {
+        aa[i] = a[i] + a[i + 8];
+        bb[i] = b[i] + b[i + 8];
+    }
+
+    for (j = 0; j < 8; j++) {
+        accum2 = 0;
+        for (i = 0; i < j + 1; i++) {
+            accum2 += widemul(a[j - i], b[i]);
+            accum1 += widemul(aa[j - i], bb[i]);
+            accum0 += widemul(a[8 + j - i], b[8 + i]);
+        }
+        accum1 -= accum2;
+        accum0 += accum2;
+        accum2 = 0;
+        for (i = j + 1; i < 8; i++) {
+            accum0 -= widemul(a[8 + j - i], b[i]);
+            accum2 += widemul(aa[8 + j - i], bb[i]);
+            accum1 += widemul(a[16 + j - i], b[8 + i]);
+        }
+        accum1 += accum2;
+        accum0 += accum2;
+        c[j] = ((uint32_t)(accum0)) & mask;
+        c[j + 8] = ((uint32_t)(accum1)) & mask;
+        accum0 >>= 28;
+        accum1 >>= 28;
+    }
+
+    accum0 += accum1;
+    accum0 += c[8];
+    accum1 += c[0];
+    c[8] = ((uint32_t)(accum0)) & mask;
+    c[0] = ((uint32_t)(accum1)) & mask;
+
+    accum0 >>= 28;
+    accum1 >>= 28;
+    c[9] += ((uint32_t)(accum0));
+    c[1] += ((uint32_t)(accum1));
+}
+
+void gf_mulw_unsigned(gf_s * RESTRICT cs, const gf as, uint32_t b)
+{
+    const uint32_t *a = as->limb;
+    uint32_t *c = cs->limb;
+    uint64_t accum0 = 0, accum8 = 0;
+    uint32_t mask = (1 << 28) - 1;
+    int i;
+
+    assert(b <= mask);
+
+    for (i = 0; i < 8; i++) {
+        accum0 += widemul(b, a[i]);
+        accum8 += widemul(b, a[i + 8]);
+        c[i] = accum0 & mask;
+        accum0 >>= 28;
+        c[i + 8] = accum8 & mask;
+        accum8 >>= 28;
+    }
+
+    accum0 += accum8 + c[8];
+    c[8] = ((uint32_t)accum0) & mask;
+    c[9] += (uint32_t)(accum0 >> 28);
+
+    accum8 += c[0];
+    c[0] = ((uint32_t)accum8) & mask;
+    c[1] += (uint32_t)(accum8 >> 28);
+}
+
+void gf_sqr(gf_s * RESTRICT cs, const gf as)
+{
+    gf_mul(cs, as, as);         /* Performs better with a dedicated square */
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/arch_32/f_impl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/arch_32/f_impl.h
new file mode 100644
index 000000000..bbde84a03
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/arch_32/f_impl.h
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2014-2016 Cryptography Research, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Mike Hamburg
+ */
+
+#ifndef HEADER_ARCH_32_F_IMPL_H
+# define HEADER_ARCH_32_F_IMPL_H
+
+# define GF_HEADROOM 2
+# define LIMB(x) ((x) & ((1 << 28) - 1)), ((x) >> 28)
+# define FIELD_LITERAL(a, b, c, d, e, f, g, h) \
+    {{LIMB(a), LIMB(b), LIMB(c), LIMB(d), LIMB(e), LIMB(f), LIMB(g), LIMB(h)}}
+
+# define LIMB_PLACE_VALUE(i) 28
+
+void gf_add_RAW(gf out, const gf a, const gf b)
+{
+    unsigned int i;
+
+    for (i = 0; i < NLIMBS; i++)
+        out->limb[i] = a->limb[i] + b->limb[i];
+}
+
+void gf_sub_RAW(gf out, const gf a, const gf b)
+{
+    unsigned int i;
+
+    for (i = 0; i < NLIMBS; i++)
+        out->limb[i] = a->limb[i] - b->limb[i];
+}
+
+void gf_bias(gf a, int amt)
+{
+    unsigned int i;
+    uint32_t co1 = ((1 << 28) - 1) * amt, co2 = co1 - amt;
+
+    for (i = 0; i < NLIMBS; i++)
+        a->limb[i] += (i == NLIMBS / 2) ? co2 : co1;
+}
+
+void gf_weak_reduce(gf a)
+{
+    uint32_t mask = (1 << 28) - 1;
+    uint32_t tmp = a->limb[NLIMBS - 1] >> 28;
+    unsigned int i;
+
+    a->limb[NLIMBS / 2] += tmp;
+    for (i = NLIMBS - 1; i > 0; i--)
+        a->limb[i] = (a->limb[i] & mask) + (a->limb[i - 1] >> 28);
+    a->limb[0] = (a->limb[0] & mask) + tmp;
+}
+
+#endif                  /* HEADER_ARCH_32_F_IMPL_H */
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/curve448.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/curve448.c
new file mode 100644
index 000000000..7dc68c885
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/curve448.c
@@ -0,0 +1,727 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2016 Cryptography Research, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Mike Hamburg
+ */
+#include <openssl/crypto.h>
+#include "word.h"
+#include "field.h"
+
+#include "point_448.h"
+#include "ed448.h"
+#include "curve448_lcl.h"
+
+#define COFACTOR 4
+
+#define C448_WNAF_FIXED_TABLE_BITS 5
+#define C448_WNAF_VAR_TABLE_BITS 3
+
+#define EDWARDS_D       (-39081)
+
+static const curve448_scalar_t precomputed_scalarmul_adjustment = {
+    {
+        {
+            SC_LIMB(0xc873d6d54a7bb0cf), SC_LIMB(0xe933d8d723a70aad),
+            SC_LIMB(0xbb124b65129c96fd), SC_LIMB(0x00000008335dc163)
+        }
+    }
+};
+
+#define TWISTED_D (EDWARDS_D - 1)
+
+#define WBITS C448_WORD_BITS   /* NB this may be different from ARCH_WORD_BITS */
+
+/* Inverse. */
+static void gf_invert(gf y, const gf x, int assert_nonzero)
+{
+    mask_t ret;
+    gf t1, t2;
+
+    gf_sqr(t1, x);              /* o^2 */
+    ret = gf_isr(t2, t1);       /* +-1/sqrt(o^2) = +-1/o */
+    (void)ret;
+    if (assert_nonzero)
+        assert(ret);
+    gf_sqr(t1, t2);
+    gf_mul(t2, t1, x);          /* not direct to y in case of alias. */
+    gf_copy(y, t2);
+}
+
+/** identity = (0,1) */
+const curve448_point_t curve448_point_identity =
+    { {{{{0}}}, {{{1}}}, {{{1}}}, {{{0}}}} };
+
+static void point_double_internal(curve448_point_t p, const curve448_point_t q,
+                                  int before_double)
+{
+    gf a, b, c, d;
+
+    gf_sqr(c, q->x);
+    gf_sqr(a, q->y);
+    gf_add_nr(d, c, a);         /* 2+e */
+    gf_add_nr(p->t, q->y, q->x); /* 2+e */
+    gf_sqr(b, p->t);
+    gf_subx_nr(b, b, d, 3);     /* 4+e */
+    gf_sub_nr(p->t, a, c);      /* 3+e */
+    gf_sqr(p->x, q->z);
+    gf_add_nr(p->z, p->x, p->x); /* 2+e */
+    gf_subx_nr(a, p->z, p->t, 4); /* 6+e */
+    if (GF_HEADROOM == 5)
+        gf_weak_reduce(a);      /* or 1+e */
+    gf_mul(p->x, a, b);
+    gf_mul(p->z, p->t, a);
+    gf_mul(p->y, p->t, d);
+    if (!before_double)
+        gf_mul(p->t, b, d);
+}
+
+void curve448_point_double(curve448_point_t p, const curve448_point_t q)
+{
+    point_double_internal(p, q, 0);
+}
+
+/* Operations on [p]niels */
+static ossl_inline void cond_neg_niels(niels_t n, mask_t neg)
+{
+    gf_cond_swap(n->a, n->b, neg);
+    gf_cond_neg(n->c, neg);
+}
+
+static void pt_to_pniels(pniels_t b, const curve448_point_t a)
+{
+    gf_sub(b->n->a, a->y, a->x);
+    gf_add(b->n->b, a->x, a->y);
+    gf_mulw(b->n->c, a->t, 2 * TWISTED_D);
+    gf_add(b->z, a->z, a->z);
+}
+
+static void pniels_to_pt(curve448_point_t e, const pniels_t d)
+{
+    gf eu;
+
+    gf_add(eu, d->n->b, d->n->a);
+    gf_sub(e->y, d->n->b, d->n->a);
+    gf_mul(e->t, e->y, eu);
+    gf_mul(e->x, d->z, e->y);
+    gf_mul(e->y, d->z, eu);
+    gf_sqr(e->z, d->z);
+}
+
+static void niels_to_pt(curve448_point_t e, const niels_t n)
+{
+    gf_add(e->y, n->b, n->a);
+    gf_sub(e->x, n->b, n->a);
+    gf_mul(e->t, e->y, e->x);
+    gf_copy(e->z, ONE);
+}
+
+static void add_niels_to_pt(curve448_point_t d, const niels_t e,
+                            int before_double)
+{
+    gf a, b, c;
+
+    gf_sub_nr(b, d->y, d->x);   /* 3+e */
+    gf_mul(a, e->a, b);
+    gf_add_nr(b, d->x, d->y);   /* 2+e */
+    gf_mul(d->y, e->b, b);
+    gf_mul(d->x, e->c, d->t);
+    gf_add_nr(c, a, d->y);      /* 2+e */
+    gf_sub_nr(b, d->y, a);      /* 3+e */
+    gf_sub_nr(d->y, d->z, d->x); /* 3+e */
+    gf_add_nr(a, d->x, d->z);   /* 2+e */
+    gf_mul(d->z, a, d->y);
+    gf_mul(d->x, d->y, b);
+    gf_mul(d->y, a, c);
+    if (!before_double)
+        gf_mul(d->t, b, c);
+}
+
+static void sub_niels_from_pt(curve448_point_t d, const niels_t e,
+                              int before_double)
+{
+    gf a, b, c;
+
+    gf_sub_nr(b, d->y, d->x);   /* 3+e */
+    gf_mul(a, e->b, b);
+    gf_add_nr(b, d->x, d->y);   /* 2+e */
+    gf_mul(d->y, e->a, b);
+    gf_mul(d->x, e->c, d->t);
+    gf_add_nr(c, a, d->y);      /* 2+e */
+    gf_sub_nr(b, d->y, a);      /* 3+e */
+    gf_add_nr(d->y, d->z, d->x); /* 2+e */
+    gf_sub_nr(a, d->z, d->x);   /* 3+e */
+    gf_mul(d->z, a, d->y);
+    gf_mul(d->x, d->y, b);
+    gf_mul(d->y, a, c);
+    if (!before_double)
+        gf_mul(d->t, b, c);
+}
+
+static void add_pniels_to_pt(curve448_point_t p, const pniels_t pn,
+                             int before_double)
+{
+    gf L0;
+
+    gf_mul(L0, p->z, pn->z);
+    gf_copy(p->z, L0);
+    add_niels_to_pt(p, pn->n, before_double);
+}
+
+static void sub_pniels_from_pt(curve448_point_t p, const pniels_t pn,
+                               int before_double)
+{
+    gf L0;
+
+    gf_mul(L0, p->z, pn->z);
+    gf_copy(p->z, L0);
+    sub_niels_from_pt(p, pn->n, before_double);
+}
+
+c448_bool_t curve448_point_eq(const curve448_point_t p,
+                              const curve448_point_t q)
+{
+    mask_t succ;
+    gf a, b;
+
+    /* equality mod 2-torsion compares x/y */
+    gf_mul(a, p->y, q->x);
+    gf_mul(b, q->y, p->x);
+    succ = gf_eq(a, b);
+
+    return mask_to_bool(succ);
+}
+
+c448_bool_t curve448_point_valid(const curve448_point_t p)
+{
+    mask_t out;
+    gf a, b, c;
+
+    gf_mul(a, p->x, p->y);
+    gf_mul(b, p->z, p->t);
+    out = gf_eq(a, b);
+    gf_sqr(a, p->x);
+    gf_sqr(b, p->y);
+    gf_sub(a, b, a);
+    gf_sqr(b, p->t);
+    gf_mulw(c, b, TWISTED_D);
+    gf_sqr(b, p->z);
+    gf_add(b, b, c);
+    out &= gf_eq(a, b);
+    out &= ~gf_eq(p->z, ZERO);
+    return mask_to_bool(out);
+}
+
+static ossl_inline void constant_time_lookup_niels(niels_s * RESTRICT ni,
+                                                   const niels_t * table,
+                                                   int nelts, int idx)
+{
+    constant_time_lookup(ni, table, sizeof(niels_s), nelts, idx);
+}
+
+void curve448_precomputed_scalarmul(curve448_point_t out,
+                                    const curve448_precomputed_s * table,
+                                    const curve448_scalar_t scalar)
+{
+    unsigned int i, j, k;
+    const unsigned int n = COMBS_N, t = COMBS_T, s = COMBS_S;
+    niels_t ni;
+    curve448_scalar_t scalar1x;
+
+    curve448_scalar_add(scalar1x, scalar, precomputed_scalarmul_adjustment);
+    curve448_scalar_halve(scalar1x, scalar1x);
+
+    for (i = s; i > 0; i--) {
+        if (i != s)
+            point_double_internal(out, out, 0);
+
+        for (j = 0; j < n; j++) {
+            int tab = 0;
+            mask_t invert;
+
+            for (k = 0; k < t; k++) {
+                unsigned int bit = (i - 1) + s * (k + j * t);
+
+                if (bit < C448_SCALAR_BITS)
+                    tab |=
+                        (scalar1x->limb[bit / WBITS] >> (bit % WBITS) & 1) << k;
+            }
+
+            invert = (tab >> (t - 1)) - 1;
+            tab ^= invert;
+            tab &= (1 << (t - 1)) - 1;
+
+            constant_time_lookup_niels(ni, &table->table[j << (t - 1)],
+                                       1 << (t - 1), tab);
+
+            cond_neg_niels(ni, invert);
+            if ((i != s) || j != 0)
+                add_niels_to_pt(out, ni, j == n - 1 && i != 1);
+            else
+                niels_to_pt(out, ni);
+        }
+    }
+
+    OPENSSL_cleanse(ni, sizeof(ni));
+    OPENSSL_cleanse(scalar1x, sizeof(scalar1x));
+}
+
+void curve448_point_mul_by_ratio_and_encode_like_eddsa(
+                                    uint8_t enc[EDDSA_448_PUBLIC_BYTES],
+                                    const curve448_point_t p)
+{
+    gf x, y, z, t;
+    curve448_point_t q;
+
+    /* The point is now on the twisted curve.  Move it to untwisted. */
+    curve448_point_copy(q, p);
+
+    {
+        /* 4-isogeny: 2xy/(y^+x^2), (y^2-x^2)/(2z^2-y^2+x^2) */
+        gf u;
+
+        gf_sqr(x, q->x);
+        gf_sqr(t, q->y);
+        gf_add(u, x, t);
+        gf_add(z, q->y, q->x);
+        gf_sqr(y, z);
+        gf_sub(y, y, u);
+        gf_sub(z, t, x);
+        gf_sqr(x, q->z);
+        gf_add(t, x, x);
+        gf_sub(t, t, z);
+        gf_mul(x, t, y);
+        gf_mul(y, z, u);
+        gf_mul(z, u, t);
+        OPENSSL_cleanse(u, sizeof(u));
+    }
+
+    /* Affinize */
+    gf_invert(z, z, 1);
+    gf_mul(t, x, z);
+    gf_mul(x, y, z);
+
+    /* Encode */
+    enc[EDDSA_448_PRIVATE_BYTES - 1] = 0;
+    gf_serialize(enc, x, 1);
+    enc[EDDSA_448_PRIVATE_BYTES - 1] |= 0x80 & gf_lobit(t);
+
+    OPENSSL_cleanse(x, sizeof(x));
+    OPENSSL_cleanse(y, sizeof(y));
+    OPENSSL_cleanse(z, sizeof(z));
+    OPENSSL_cleanse(t, sizeof(t));
+    curve448_point_destroy(q);
+}
+
+c448_error_t curve448_point_decode_like_eddsa_and_mul_by_ratio(
+                                curve448_point_t p,
+                                const uint8_t enc[EDDSA_448_PUBLIC_BYTES])
+{
+    uint8_t enc2[EDDSA_448_PUBLIC_BYTES];
+    mask_t low;
+    mask_t succ;
+
+    memcpy(enc2, enc, sizeof(enc2));
+
+    low = ~word_is_zero(enc2[EDDSA_448_PRIVATE_BYTES - 1] & 0x80);
+    enc2[EDDSA_448_PRIVATE_BYTES - 1] &= ~0x80;
+
+    succ = gf_deserialize(p->y, enc2, 1, 0);
+    succ &= word_is_zero(enc2[EDDSA_448_PRIVATE_BYTES - 1]);
+
+    gf_sqr(p->x, p->y);
+    gf_sub(p->z, ONE, p->x);    /* num = 1-y^2 */
+    gf_mulw(p->t, p->x, EDWARDS_D); /* dy^2 */
+    gf_sub(p->t, ONE, p->t);    /* denom = 1-dy^2 or 1-d + dy^2 */
+
+    gf_mul(p->x, p->z, p->t);
+    succ &= gf_isr(p->t, p->x); /* 1/sqrt(num * denom) */
+
+    gf_mul(p->x, p->t, p->z);   /* sqrt(num / denom) */
+    gf_cond_neg(p->x, gf_lobit(p->x) ^ low);
+    gf_copy(p->z, ONE);
+
+    {
+        gf a, b, c, d;
+
+        /* 4-isogeny 2xy/(y^2-ax^2), (y^2+ax^2)/(2-y^2-ax^2) */
+        gf_sqr(c, p->x);
+        gf_sqr(a, p->y);
+        gf_add(d, c, a);
+        gf_add(p->t, p->y, p->x);
+        gf_sqr(b, p->t);
+        gf_sub(b, b, d);
+        gf_sub(p->t, a, c);
+        gf_sqr(p->x, p->z);
+        gf_add(p->z, p->x, p->x);
+        gf_sub(a, p->z, d);
+        gf_mul(p->x, a, b);
+        gf_mul(p->z, p->t, a);
+        gf_mul(p->y, p->t, d);
+        gf_mul(p->t, b, d);
+        OPENSSL_cleanse(a, sizeof(a));
+        OPENSSL_cleanse(b, sizeof(b));
+        OPENSSL_cleanse(c, sizeof(c));
+        OPENSSL_cleanse(d, sizeof(d));
+    }
+
+    OPENSSL_cleanse(enc2, sizeof(enc2));
+    assert(curve448_point_valid(p) || ~succ);
+
+    return c448_succeed_if(mask_to_bool(succ));
+}
+
+c448_error_t x448_int(uint8_t out[X_PUBLIC_BYTES],
+                      const uint8_t base[X_PUBLIC_BYTES],
+                      const uint8_t scalar[X_PRIVATE_BYTES])
+{
+    gf x1, x2, z2, x3, z3, t1, t2;
+    int t;
+    mask_t swap = 0;
+    mask_t nz;
+
+    (void)gf_deserialize(x1, base, 1, 0);
+    gf_copy(x2, ONE);
+    gf_copy(z2, ZERO);
+    gf_copy(x3, x1);
+    gf_copy(z3, ONE);
+
+    for (t = X_PRIVATE_BITS - 1; t >= 0; t--) {
+        uint8_t sb = scalar[t / 8];
+        mask_t k_t;
+
+        /* Scalar conditioning */
+        if (t / 8 == 0)
+            sb &= -(uint8_t)COFACTOR;
+        else if (t == X_PRIVATE_BITS - 1)
+            sb = -1;
+
+        k_t = (sb >> (t % 8)) & 1;
+        k_t = 0 - k_t;             /* set to all 0s or all 1s */
+
+        swap ^= k_t;
+        gf_cond_swap(x2, x3, swap);
+        gf_cond_swap(z2, z3, swap);
+        swap = k_t;
+
+        /*
+         * The "_nr" below skips coefficient reduction. In the following
+         * comments, "2+e" is saying that the coefficients are at most 2+epsilon
+         * times the reduction limit.
+         */
+        gf_add_nr(t1, x2, z2);  /* A = x2 + z2 */ /* 2+e */
+        gf_sub_nr(t2, x2, z2);  /* B = x2 - z2 */ /* 3+e */
+        gf_sub_nr(z2, x3, z3);  /* D = x3 - z3 */ /* 3+e */
+        gf_mul(x2, t1, z2);     /* DA */
+        gf_add_nr(z2, z3, x3);  /* C = x3 + z3 */ /* 2+e */
+        gf_mul(x3, t2, z2);     /* CB */
+        gf_sub_nr(z3, x2, x3);  /* DA-CB */ /* 3+e */
+        gf_sqr(z2, z3);         /* (DA-CB)^2 */
+        gf_mul(z3, x1, z2);     /* z3 = x1(DA-CB)^2 */
+        gf_add_nr(z2, x2, x3);  /* (DA+CB) */ /* 2+e */
+        gf_sqr(x3, z2);         /* x3 = (DA+CB)^2 */
+
+        gf_sqr(z2, t1);         /* AA = A^2 */
+        gf_sqr(t1, t2);         /* BB = B^2 */
+        gf_mul(x2, z2, t1);     /* x2 = AA*BB */
+        gf_sub_nr(t2, z2, t1);  /* E = AA-BB */ /* 3+e */
+
+        gf_mulw(t1, t2, -EDWARDS_D); /* E*-d = a24*E */
+        gf_add_nr(t1, t1, z2);  /* AA + a24*E */ /* 2+e */
+        gf_mul(z2, t2, t1);     /* z2 = E(AA+a24*E) */
+    }
+
+    /* Finish */
+    gf_cond_swap(x2, x3, swap);
+    gf_cond_swap(z2, z3, swap);
+    gf_invert(z2, z2, 0);
+    gf_mul(x1, x2, z2);
+    gf_serialize(out, x1, 1);
+    nz = ~gf_eq(x1, ZERO);
+
+    OPENSSL_cleanse(x1, sizeof(x1));
+    OPENSSL_cleanse(x2, sizeof(x2));
+    OPENSSL_cleanse(z2, sizeof(z2));
+    OPENSSL_cleanse(x3, sizeof(x3));
+    OPENSSL_cleanse(z3, sizeof(z3));
+    OPENSSL_cleanse(t1, sizeof(t1));
+    OPENSSL_cleanse(t2, sizeof(t2));
+
+    return c448_succeed_if(mask_to_bool(nz));
+}
+
+void curve448_point_mul_by_ratio_and_encode_like_x448(uint8_t
+                                                      out[X_PUBLIC_BYTES],
+                                                      const curve448_point_t p)
+{
+    curve448_point_t q;
+
+    curve448_point_copy(q, p);
+    gf_invert(q->t, q->x, 0);   /* 1/x */
+    gf_mul(q->z, q->t, q->y);   /* y/x */
+    gf_sqr(q->y, q->z);         /* (y/x)^2 */
+    gf_serialize(out, q->y, 1);
+    curve448_point_destroy(q);
+}
+
+void x448_derive_public_key(uint8_t out[X_PUBLIC_BYTES],
+                            const uint8_t scalar[X_PRIVATE_BYTES])
+{
+    /* Scalar conditioning */
+    uint8_t scalar2[X_PRIVATE_BYTES];
+    curve448_scalar_t the_scalar;
+    curve448_point_t p;
+    unsigned int i;
+
+    memcpy(scalar2, scalar, sizeof(scalar2));
+    scalar2[0] &= -(uint8_t)COFACTOR;
+
+    scalar2[X_PRIVATE_BYTES - 1] &= ~((0u - 1u) << ((X_PRIVATE_BITS + 7) % 8));
+    scalar2[X_PRIVATE_BYTES - 1] |= 1 << ((X_PRIVATE_BITS + 7) % 8);
+
+    curve448_scalar_decode_long(the_scalar, scalar2, sizeof(scalar2));
+
+    /* Compensate for the encoding ratio */
+    for (i = 1; i < X448_ENCODE_RATIO; i <<= 1)
+        curve448_scalar_halve(the_scalar, the_scalar);
+
+    curve448_precomputed_scalarmul(p, curve448_precomputed_base, the_scalar);
+    curve448_point_mul_by_ratio_and_encode_like_x448(out, p);
+    curve448_point_destroy(p);
+}
+
+/* Control for variable-time scalar multiply algorithms. */
+struct smvt_control {
+    int power, addend;
+};
+
+#if defined(__GNUC__) && (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 3))
+# define NUMTRAILINGZEROS	__builtin_ctz
+#else
+# define NUMTRAILINGZEROS	numtrailingzeros
+static uint32_t numtrailingzeros(uint32_t i)
+{
+    uint32_t tmp;
+    uint32_t num = 31;
+
+    if (i == 0)
+        return 32;
+
+    tmp = i << 16;
+    if (tmp != 0) {
+        i = tmp;
+        num -= 16;
+    }
+    tmp = i << 8;
+    if (tmp != 0) {
+        i = tmp;
+        num -= 8;
+    }
+    tmp = i << 4;
+    if (tmp != 0) {
+        i = tmp;
+        num -= 4;
+    }
+    tmp = i << 2;
+    if (tmp != 0) {
+        i = tmp;
+        num -= 2;
+    }
+    tmp = i << 1;
+    if (tmp != 0)
+        num--;
+
+    return num;
+}
+#endif
+
+static int recode_wnaf(struct smvt_control *control,
+                       /* [nbits/(table_bits + 1) + 3] */
+                       const curve448_scalar_t scalar,
+                       unsigned int table_bits)
+{
+    unsigned int table_size = C448_SCALAR_BITS / (table_bits + 1) + 3;
+    int position = table_size - 1; /* at the end */
+    uint64_t current = scalar->limb[0] & 0xFFFF;
+    uint32_t mask = (1 << (table_bits + 1)) - 1;
+    unsigned int w;
+    const unsigned int B_OVER_16 = sizeof(scalar->limb[0]) / 2;
+    unsigned int n, i;
+
+    /* place the end marker */
+    control[position].power = -1;
+    control[position].addend = 0;
+    position--;
+
+    /*
+     * PERF: Could negate scalar if it's large.  But then would need more cases
+     * in the actual code that uses it, all for an expected reduction of like
+     * 1/5 op. Probably not worth it.
+     */
+
+    for (w = 1; w < (C448_SCALAR_BITS - 1) / 16 + 3; w++) {
+        if (w < (C448_SCALAR_BITS - 1) / 16 + 1) {
+            /* Refill the 16 high bits of current */
+            current += (uint32_t)((scalar->limb[w / B_OVER_16]
+                       >> (16 * (w % B_OVER_16))) << 16);
+        }
+
+        while (current & 0xFFFF) {
+            uint32_t pos = NUMTRAILINGZEROS((uint32_t)current);
+            uint32_t odd = (uint32_t)current >> pos;
+            int32_t delta = odd & mask;
+
+            assert(position >= 0);
+            if (odd & (1 << (table_bits + 1)))
+                delta -= (1 << (table_bits + 1));
+            current -= delta * (1 << pos);
+            control[position].power = pos + 16 * (w - 1);
+            control[position].addend = delta;
+            position--;
+        }
+        current >>= 16;
+    }
+    assert(current == 0);
+
+    position++;
+    n = table_size - position;
+    for (i = 0; i < n; i++)
+        control[i] = control[i + position];
+
+    return n - 1;
+}
+
+static void prepare_wnaf_table(pniels_t * output,
+                               const curve448_point_t working,
+                               unsigned int tbits)
+{
+    curve448_point_t tmp;
+    int i;
+    pniels_t twop;
+
+    pt_to_pniels(output[0], working);
+
+    if (tbits == 0)
+        return;
+
+    curve448_point_double(tmp, working);
+    pt_to_pniels(twop, tmp);
+
+    add_pniels_to_pt(tmp, output[0], 0);
+    pt_to_pniels(output[1], tmp);
+
+    for (i = 2; i < 1 << tbits; i++) {
+        add_pniels_to_pt(tmp, twop, 0);
+        pt_to_pniels(output[i], tmp);
+    }
+
+    curve448_point_destroy(tmp);
+    OPENSSL_cleanse(twop, sizeof(twop));
+}
+
+void curve448_base_double_scalarmul_non_secret(curve448_point_t combo,
+                                               const curve448_scalar_t scalar1,
+                                               const curve448_point_t base2,
+                                               const curve448_scalar_t scalar2)
+{
+    const int table_bits_var = C448_WNAF_VAR_TABLE_BITS;
+    const int table_bits_pre = C448_WNAF_FIXED_TABLE_BITS;
+    struct smvt_control control_var[C448_SCALAR_BITS /
+                                    (C448_WNAF_VAR_TABLE_BITS + 1) + 3];
+    struct smvt_control control_pre[C448_SCALAR_BITS /
+                                    (C448_WNAF_FIXED_TABLE_BITS + 1) + 3];
+    int ncb_pre = recode_wnaf(control_pre, scalar1, table_bits_pre);
+    int ncb_var = recode_wnaf(control_var, scalar2, table_bits_var);
+    pniels_t precmp_var[1 << C448_WNAF_VAR_TABLE_BITS];
+    int contp = 0, contv = 0, i;
+
+    prepare_wnaf_table(precmp_var, base2, table_bits_var);
+    i = control_var[0].power;
+
+    if (i < 0) {
+        curve448_point_copy(combo, curve448_point_identity);
+        return;
+    }
+    if (i > control_pre[0].power) {
+        pniels_to_pt(combo, precmp_var[control_var[0].addend >> 1]);
+        contv++;
+    } else if (i == control_pre[0].power && i >= 0) {
+        pniels_to_pt(combo, precmp_var[control_var[0].addend >> 1]);
+        add_niels_to_pt(combo, curve448_wnaf_base[control_pre[0].addend >> 1],
+                        i);
+        contv++;
+        contp++;
+    } else {
+        i = control_pre[0].power;
+        niels_to_pt(combo, curve448_wnaf_base[control_pre[0].addend >> 1]);
+        contp++;
+    }
+
+    for (i--; i >= 0; i--) {
+        int cv = (i == control_var[contv].power);
+        int cp = (i == control_pre[contp].power);
+
+        point_double_internal(combo, combo, i && !(cv || cp));
+
+        if (cv) {
+            assert(control_var[contv].addend);
+
+            if (control_var[contv].addend > 0)
+                add_pniels_to_pt(combo,
+                                 precmp_var[control_var[contv].addend >> 1],
+                                 i && !cp);
+            else
+                sub_pniels_from_pt(combo,
+                                   precmp_var[(-control_var[contv].addend)
+                                              >> 1], i && !cp);
+            contv++;
+        }
+
+        if (cp) {
+            assert(control_pre[contp].addend);
+
+            if (control_pre[contp].addend > 0)
+                add_niels_to_pt(combo,
+                                curve448_wnaf_base[control_pre[contp].addend
+                                                   >> 1], i);
+            else
+                sub_niels_from_pt(combo,
+                                  curve448_wnaf_base[(-control_pre
+                                                      [contp].addend) >> 1], i);
+            contp++;
+        }
+    }
+
+    /* This function is non-secret, but whatever this is cheap. */
+    OPENSSL_cleanse(control_var, sizeof(control_var));
+    OPENSSL_cleanse(control_pre, sizeof(control_pre));
+    OPENSSL_cleanse(precmp_var, sizeof(precmp_var));
+
+    assert(contv == ncb_var);
+    (void)ncb_var;
+    assert(contp == ncb_pre);
+    (void)ncb_pre;
+}
+
+void curve448_point_destroy(curve448_point_t point)
+{
+    OPENSSL_cleanse(point, sizeof(curve448_point_t));
+}
+
+int X448(uint8_t out_shared_key[56], const uint8_t private_key[56],
+         const uint8_t peer_public_value[56])
+{
+    return x448_int(out_shared_key, peer_public_value, private_key)
+           == C448_SUCCESS;
+}
+
+void X448_public_from_private(uint8_t out_public_value[56],
+                              const uint8_t private_key[56])
+{
+    x448_derive_public_key(out_public_value, private_key);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/curve448_lcl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/curve448_lcl.h
new file mode 100644
index 000000000..2bc3bd84c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/curve448_lcl.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+#ifndef HEADER_CURVE448_LCL_H
+# define HEADER_CURVE448_LCL_H
+# include "curve448utils.h"
+
+int X448(uint8_t out_shared_key[56], const uint8_t private_key[56],
+         const uint8_t peer_public_value[56]);
+
+void X448_public_from_private(uint8_t out_public_value[56],
+                              const uint8_t private_key[56]);
+
+int ED448_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len,
+               const uint8_t public_key[57], const uint8_t private_key[57],
+               const uint8_t *context, size_t context_len);
+
+int ED448_verify(const uint8_t *message, size_t message_len,
+                 const uint8_t signature[114], const uint8_t public_key[57],
+                 const uint8_t *context, size_t context_len);
+
+int ED448ph_sign(uint8_t *out_sig, const uint8_t hash[64],
+                 const uint8_t public_key[57], const uint8_t private_key[57],
+                 const uint8_t *context, size_t context_len);
+
+int ED448ph_verify(const uint8_t hash[64], const uint8_t signature[114],
+                   const uint8_t public_key[57], const uint8_t *context,
+                   size_t context_len);
+
+int ED448_public_from_private(uint8_t out_public_key[57],
+                              const uint8_t private_key[57]);
+
+#endif              /* HEADER_CURVE448_LCL_H */
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/curve448_tables.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/curve448_tables.c
new file mode 100644
index 000000000..a1185b1ee
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/curve448_tables.c
@@ -0,0 +1,475 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2016 Cryptography Research, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Mike Hamburg
+ */
+#include "field.h"
+
+#include "point_448.h"
+
+static const curve448_precomputed_s curve448_precomputed_base_table = {
+    {
+        {{
+            {FIELD_LITERAL(0x00cc3b062366f4cc,0x003d6e34e314aa3c,0x00d51c0a7521774d,0x0094e060eec6ab8b,0x00d21291b4d80082,0x00befed12b55ef1e,0x00c3dd2df5c94518,0x00e0a7b112b8d4e6)},
+            {FIELD_LITERAL(0x0019eb5608d8723a,0x00d1bab52fb3aedb,0x00270a7311ebc90c,0x0037c12b91be7f13,0x005be16cd8b5c704,0x003e181acda888e1,0x00bc1f00fc3fc6d0,0x00d3839bfa319e20)},
+            {FIELD_LITERAL(0x003caeb88611909f,0x00ea8b378c4df3d4,0x00b3295b95a5a19a,0x00a65f97514bdfb5,0x00b39efba743cab1,0x0016ba98b862fd2d,0x0001508812ee71d7,0x000a75740eea114a)},
+        }}, {{
+            {FIELD_LITERAL(0x00ebcf0eb649f823,0x00166d332e98ea03,0x0059ddf64f5cd5f6,0x0047763123d9471b,0x00a64065c53ef62f,0x00978e44c480153d,0x000b5b2a0265f194,0x0046a24b9f32965a)},
+            {FIELD_LITERAL(0x00b9eef787034df0,0x0020bc24de3390cd,0x000022160bae99bb,0x00ae66e886e97946,0x0048d4bbe02cbb8b,0x0072ba97b34e38d4,0x00eae7ec8f03e85a,0x005ba92ecf808b2c)},
+            {FIELD_LITERAL(0x00c9cfbbe74258fd,0x00843a979ea9eaa7,0x000cbb4371cfbe90,0x0059bac8f7f0a628,0x004b3dff882ff530,0x0011869df4d90733,0x00595aa71f4abfc2,0x0070e2d38990c2e6)},
+        }}, {{
+            {FIELD_LITERAL(0x00de2010c0a01733,0x00c739a612e24297,0x00a7212643141d7c,0x00f88444f6b67c11,0x00484b7b16ec28f2,0x009c1b8856af9c68,0x00ff4669591fe9d6,0x0054974be08a32c8)},
+            {FIELD_LITERAL(0x0010de3fd682ceed,0x008c07642d83ca4e,0x0013bb064e00a1cc,0x009411ae27870e11,0x00ea8e5b4d531223,0x0032fe7d2aaece2e,0x00d989e243e7bb41,0x000fe79a508e9b8b)},
+            {FIELD_LITERAL(0x005e0426b9bfc5b1,0x0041a5b1d29ee4fa,0x0015b0def7774391,0x00bc164f1f51af01,0x00d543b0942797b9,0x003c129b6398099c,0x002b114c6e5adf18,0x00b4e630e4018a7b)},
+        }}, {{
+            {FIELD_LITERAL(0x00d490afc95f8420,0x00b096bf50c1d9b9,0x00799fd707679866,0x007c74d9334afbea,0x00efaa8be80ff4ed,0x0075c4943bb81694,0x00c21c2fca161f36,0x00e77035d492bfee)},
+            {FIELD_LITERAL(0x006658a190dd6661,0x00e0e9bab38609a6,0x0028895c802237ed,0x006a0229c494f587,0x002dcde96c9916b7,0x00d158822de16218,0x00173b917a06856f,0x00ca78a79ae07326)},
+            {FIELD_LITERAL(0x00e35bfc79caced4,0x0087238a3e1fe3bb,0x00bcbf0ff4ceff5b,0x00a19c1c94099b91,0x0071e102b49db976,0x0059e3d004eada1e,0x008da78afa58a47e,0x00579c8ebf269187)},
+        }}, {{
+            {FIELD_LITERAL(0x00a16c2905eee75f,0x009d4bcaea2c7e1d,0x00d3bd79bfad19df,0x0050da745193342c,0x006abdb8f6b29ab1,0x00a24fe0a4fef7ef,0x0063730da1057dfb,0x00a08c312c8eb108)},
+            {FIELD_LITERAL(0x00b583be005375be,0x00a40c8f8a4e3df4,0x003fac4a8f5bdbf7,0x00d4481d872cd718,0x004dc8749cdbaefe,0x00cce740d5e5c975,0x000b1c1f4241fd21,0x00a76de1b4e1cd07)},
+            {FIELD_LITERAL(0x007a076500d30b62,0x000a6e117b7f090f,0x00c8712ae7eebd9a,0x000fbd6c1d5f6ff7,0x003a7977246ebf11,0x00166ed969c6600e,0x00aa42e469c98bec,0x00dc58f307cf0666)},
+        }}, {{
+            {FIELD_LITERAL(0x004b491f65a9a28b,0x006a10309e8a55b7,0x00b67210185187ef,0x00cf6497b12d9b8f,0x0085778c56e2b1ba,0x0015b4c07a814d85,0x00686479e62da561,0x008de5d88f114916)},
+            {FIELD_LITERAL(0x00e37c88d6bba7b1,0x003e4577e1b8d433,0x0050d8ea5f510ec0,0x0042fc9f2da9ef59,0x003bd074c1141420,0x00561b8b7b68774e,0x00232e5e5d1013a3,0x006b7f2cb3d7e73f)},
+            {FIELD_LITERAL(0x004bdd0f0b41e6a0,0x001773057c405d24,0x006029f99915bd97,0x006a5ba70a17fe2f,0x0046111977df7e08,0x004d8124c89fb6b7,0x00580983b2bb2724,0x00207bf330d6f3fe)},
+        }}, {{
+            {FIELD_LITERAL(0x007efdc93972a48b,0x002f5e50e78d5fee,0x0080dc11d61c7fe5,0x0065aa598707245b,0x009abba2300641be,0x000c68787656543a,0x00ffe0fef2dc0a17,0x00007ffbd6cb4f3a)},
+            {FIELD_LITERAL(0x0036012f2b836efc,0x00458c126d6b5fbc,0x00a34436d719ad1e,0x0097be6167117dea,0x0009c219c879cff3,0x0065564493e60755,0x00993ac94a8cdec0,0x002d4885a4d0dbaf)},
+            {FIELD_LITERAL(0x00598b60b4c068ba,0x00c547a0be7f1afd,0x009582164acf12af,0x00af4acac4fbbe40,0x005f6ca7c539121a,0x003b6e752ebf9d66,0x00f08a30d5cac5d4,0x00e399bb5f97c5a9)},
+        }}, {{
+            {FIELD_LITERAL(0x007445a0409c0a66,0x00a65c369f3829c0,0x0031d248a4f74826,0x006817f34defbe8e,0x00649741d95ebf2e,0x00d46466ab16b397,0x00fdc35703bee414,0x00343b43334525f8)},
+            {FIELD_LITERAL(0x001796bea93f6401,0x00090c5a42e85269,0x00672412ba1252ed,0x001201d47b6de7de,0x006877bccfe66497,0x00b554fd97a4c161,0x009753f42dbac3cf,0x00e983e3e378270a)},
+            {FIELD_LITERAL(0x00ac3eff18849872,0x00f0eea3bff05690,0x00a6d72c21dd505d,0x001b832642424169,0x00a6813017b540e5,0x00a744bd71b385cd,0x0022a7d089130a7b,0x004edeec9a133486)},
+        }}, {{
+            {FIELD_LITERAL(0x00b2d6729196e8a9,0x0088a9bb2031cef4,0x00579e7787dc1567,0x0030f49feb059190,0x00a0b1d69c7f7d8f,0x0040bdcc6d9d806f,0x00d76c4037edd095,0x00bbf24376415dd7)},
+            {FIELD_LITERAL(0x00240465ff5a7197,0x00bb97e76caf27d0,0x004b4edbf8116d39,0x001d8586f708cbaa,0x000f8ee8ff8e4a50,0x00dde5a1945dd622,0x00e6fc1c0957e07c,0x0041c9cdabfd88a0)},
+            {FIELD_LITERAL(0x005344b0bf5b548c,0x002957d0b705cc99,0x00f586a70390553d,0x0075b3229f583cc3,0x00a1aa78227490e4,0x001bf09cf7957717,0x00cf6bf344325f52,0x0065bd1c23ca3ecf)},
+        }}, {{
+            {FIELD_LITERAL(0x009bff3b3239363c,0x00e17368796ef7c0,0x00528b0fe0971f3a,0x0008014fc8d4a095,0x00d09f2e8a521ec4,0x006713ab5dde5987,0x0003015758e0dbb1,0x00215999f1ba212d)},
+            {FIELD_LITERAL(0x002c88e93527da0e,0x0077c78f3456aad5,0x0071087a0a389d1c,0x00934dac1fb96dbd,0x008470e801162697,0x005bc2196cd4ad49,0x00e535601d5087c3,0x00769888700f497f)},
+            {FIELD_LITERAL(0x00da7a4b557298ad,0x0019d2589ea5df76,0x00ef3e38be0c6497,0x00a9644e1312609a,0x004592f61b2558da,0x0082c1df510d7e46,0x0042809a535c0023,0x00215bcb5afd7757)},
+        }}, {{
+            {FIELD_LITERAL(0x002b9df55a1a4213,0x00dcfc3b464a26be,0x00c4f9e07a8144d5,0x00c8e0617a92b602,0x008e3c93accafae0,0x00bf1bcb95b2ca60,0x004ce2426a613bf3,0x00266cac58e40921)},
+            {FIELD_LITERAL(0x008456d5db76e8f0,0x0032ca9cab2ce163,0x0059f2b8bf91abcf,0x0063c2a021712788,0x00f86155af22f72d,0x00db98b2a6c005a0,0x00ac6e416a693ac4,0x007a93572af53226)},
+            {FIELD_LITERAL(0x0087767520f0de22,0x0091f64012279fb5,0x001050f1f0644999,0x004f097a2477ad3c,0x006b37913a9947bd,0x001a3d78645af241,0x0057832bbb3008a7,0x002c1d902b80dc20)},
+        }}, {{
+            {FIELD_LITERAL(0x001a6002bf178877,0x009bce168aa5af50,0x005fc318ff04a7f5,0x0052818f55c36461,0x008768f5d4b24afb,0x0037ffbae7b69c85,0x0018195a4b61edc0,0x001e12ea088434b2)},
+            {FIELD_LITERAL(0x0047d3f804e7ab07,0x00a809ab5f905260,0x00b3ffc7cdaf306d,0x00746e8ec2d6e509,0x00d0dade8887a645,0x00acceeebde0dd37,0x009bc2579054686b,0x0023804f97f1c2bf)},
+            {FIELD_LITERAL(0x0043e2e2e50b80d7,0x00143aafe4427e0f,0x005594aaecab855b,0x008b12ccaaecbc01,0x002deeb091082bc3,0x009cca4be2ae7514,0x00142b96e696d047,0x00ad2a2b1c05256a)},
+        }}, {{
+            {FIELD_LITERAL(0x003914f2f144b78b,0x007a95dd8bee6f68,0x00c7f4384d61c8e6,0x004e51eb60f1bdb2,0x00f64be7aa4621d8,0x006797bfec2f0ac0,0x007d17aab3c75900,0x001893e73cac8bc5)},
+            {FIELD_LITERAL(0x00140360b768665b,0x00b68aca4967f977,0x0001089b66195ae4,0x00fe71122185e725,0x000bca2618d49637,0x00a54f0557d7e98a,0x00cdcd2f91d6f417,0x00ab8c13741fd793)},
+            {FIELD_LITERAL(0x00725ee6b1e549e0,0x007124a0769777fa,0x000b68fdad07ae42,0x0085b909cd4952df,0x0092d2e3c81606f4,0x009f22f6cac099a0,0x00f59da57f2799a8,0x00f06c090122f777)},
+        }}, {{
+            {FIELD_LITERAL(0x00ce0bed0a3532bc,0x001a5048a22df16b,0x00e31db4cbad8bf1,0x00e89292120cf00e,0x007d1dd1a9b00034,0x00e2a9041ff8f680,0x006a4c837ae596e7,0x00713af1068070b3)},
+            {FIELD_LITERAL(0x00c4fe64ce66d04b,0x00b095d52e09b3d7,0x00758bbecb1a3a8e,0x00f35cce8d0650c0,0x002b878aa5984473,0x0062e0a3b7544ddc,0x00b25b290ed116fe,0x007b0f6abe0bebf2)},
+            {FIELD_LITERAL(0x0081d4e3addae0a8,0x003410c836c7ffcc,0x00c8129ad89e4314,0x000e3d5a23922dcd,0x00d91e46f29c31f3,0x006c728cde8c5947,0x002bc655ba2566c0,0x002ca94721533108)},
+        }}, {{
+            {FIELD_LITERAL(0x0051e4b3f764d8a9,0x0019792d46e904a0,0x00853bc13dbc8227,0x000840208179f12d,0x0068243474879235,0x0013856fbfe374d0,0x00bda12fe8676424,0x00bbb43635926eb2)},
+            {FIELD_LITERAL(0x0012cdc880a93982,0x003c495b21cd1b58,0x00b7e5c93f22a26e,0x0044aa82dfb99458,0x009ba092cdffe9c0,0x00a14b3ab2083b73,0x000271c2f70e1c4b,0x00eea9cac0f66eb8)},
+            {FIELD_LITERAL(0x001a1847c4ac5480,0x00b1b412935bb03a,0x00f74285983bf2b2,0x00624138b5b5d0f1,0x008820c0b03d38bf,0x00b94e50a18c1572,0x0060f6934841798f,0x00c52f5d66d6ebe2)},
+        }}, {{
+            {FIELD_LITERAL(0x00da23d59f9bcea6,0x00e0f27007a06a4b,0x00128b5b43a6758c,0x000cf50190fa8b56,0x00fc877aba2b2d72,0x00623bef52edf53f,0x00e6af6b819669e2,0x00e314dc34fcaa4f)},
+            {FIELD_LITERAL(0x0066e5eddd164d1e,0x00418a7c6fe28238,0x0002e2f37e962c25,0x00f01f56b5975306,0x0048842fa503875c,0x0057b0e968078143,0x00ff683024f3d134,0x0082ae28fcad12e4)},
+            {FIELD_LITERAL(0x0011ddfd21260e42,0x00d05b0319a76892,0x00183ea4368e9b8f,0x00b0815662affc96,0x00b466a5e7ce7c88,0x00db93b07506e6ee,0x0033885f82f62401,0x0086f9090ec9b419)},
+        }}, {{
+            {FIELD_LITERAL(0x00d95d1c5fcb435a,0x0016d1ed6b5086f9,0x00792aa0b7e54d71,0x0067b65715f1925d,0x00a219755ec6176b,0x00bc3f026b12c28f,0x00700c897ffeb93e,0x0089b83f6ec50b46)},
+            {FIELD_LITERAL(0x003c97e6384da36e,0x00423d53eac81a09,0x00b70d68f3cdce35,0x00ee7959b354b92c,0x00f4e9718819c8ca,0x009349f12acbffe9,0x005aee7b62cb7da6,0x00d97764154ffc86)},
+            {FIELD_LITERAL(0x00526324babb46dc,0x002ee99b38d7bf9e,0x007ea51794706ef4,0x00abeb04da6e3c39,0x006b457c1d281060,0x00fe243e9a66c793,0x00378de0fb6c6ee4,0x003e4194b9c3cb93)},
+        }}, {{
+            {FIELD_LITERAL(0x00fed3cd80ca2292,0x0015b043a73ca613,0x000a9fd7bf9be227,0x003b5e03de2db983,0x005af72d46904ef7,0x00c0f1b5c49faa99,0x00dc86fc3bd305e1,0x00c92f08c1cb1797)},
+            {FIELD_LITERAL(0x0079680ce111ed3b,0x001a1ed82806122c,0x000c2e7466d15df3,0x002c407f6f7150fd,0x00c5e7c96b1b0ce3,0x009aa44626863ff9,0x00887b8b5b80be42,0x00b6023cec964825)},
+            {FIELD_LITERAL(0x00e4a8e1048970c8,0x0062887b7830a302,0x00bcf1c8cd81402b,0x0056dbb81a68f5be,0x0014eced83f12452,0x00139e1a510150df,0x00bb81140a82d1a3,0x000febcc1aaf1aa7)},
+        }}, {{
+            {FIELD_LITERAL(0x00a7527958238159,0x0013ec9537a84cd6,0x001d7fee7d562525,0x00b9eefa6191d5e5,0x00dbc97db70bcb8a,0x00481affc7a4d395,0x006f73d3e70c31bb,0x00183f324ed96a61)},
+            {FIELD_LITERAL(0x0039dd7ce7fc6860,0x00d64f6425653da1,0x003e037c7f57d0af,0x0063477a06e2bcf2,0x001727dbb7ac67e6,0x0049589f5efafe2e,0x00fc0fef2e813d54,0x008baa5d087fb50d)},
+            {FIELD_LITERAL(0x0024fb59d9b457c7,0x00a7d4e060223e4c,0x00c118d1b555fd80,0x0082e216c732f22a,0x00cd2a2993089504,0x003638e836a3e13d,0x000d855ee89b4729,0x008ec5b7d4810c91)},
+        }}, {{
+            {FIELD_LITERAL(0x001bf51f7d65cdfd,0x00d14cdafa16a97d,0x002c38e60fcd10e7,0x00a27446e393efbd,0x000b5d8946a71fdd,0x0063df2cde128f2f,0x006c8679569b1888,0x0059ffc4925d732d)},
+            {FIELD_LITERAL(0x00ece96f95f2b66f,0x00ece7952813a27b,0x0026fc36592e489e,0x007157d1a2de0f66,0x00759dc111d86ddf,0x0012881e5780bb0f,0x00c8ccc83ad29496,0x0012b9bd1929eb71)},
+            {FIELD_LITERAL(0x000fa15a20da5df0,0x00349ddb1a46cd31,0x002c512ad1d8e726,0x00047611f669318d,0x009e68fba591e17e,0x004320dffa803906,0x00a640874951a3d3,0x00b6353478baa24f)},
+        }}, {{
+            {FIELD_LITERAL(0x009696510000d333,0x00ec2f788bc04826,0x000e4d02b1f67ba5,0x00659aa8dace08b6,0x00d7a38a3a3ae533,0x008856defa8c746b,0x004d7a4402d3da1a,0x00ea82e06229260f)},
+            {FIELD_LITERAL(0x006a15bb20f75c0c,0x0079a144027a5d0c,0x00d19116ce0b4d70,0x0059b83bcb0b268e,0x005f58f63f16c127,0x0079958318ee2c37,0x00defbb063d07f82,0x00f1f0b931d2d446)},
+            {FIELD_LITERAL(0x00cb5e4c3c35d422,0x008df885ca43577f,0x00fa50b16ca3e471,0x005a0e58e17488c8,0x00b2ceccd6d34d19,0x00f01d5d235e36e9,0x00db2e7e4be6ca44,0x00260ab77f35fccd)},
+        }}, {{
+            {FIELD_LITERAL(0x006f6fd9baac61d5,0x002a7710a020a895,0x009de0db7fc03d4d,0x00cdedcb1875f40b,0x00050caf9b6b1e22,0x005e3a6654456ab0,0x00775fdf8c4423d4,0x0028701ea5738b5d)},
+            {FIELD_LITERAL(0x009ffd90abfeae96,0x00cba3c2b624a516,0x005ef08bcee46c91,0x00e6fde30afb6185,0x00f0b4db4f818ce4,0x006c54f45d2127f5,0x00040125035854c7,0x00372658a3287e13)},
+            {FIELD_LITERAL(0x00d7070fb1beb2ab,0x0078fc845a93896b,0x006894a4b2f224a6,0x005bdd8192b9dbde,0x00b38839874b3a9e,0x00f93618b04b7a57,0x003e3ec75fd2c67e,0x00bf5e6bfc29494a)},
+        }}, {{
+            {FIELD_LITERAL(0x00f19224ebba2aa5,0x0074f89d358e694d,0x00eea486597135ad,0x0081579a4555c7e1,0x0010b9b872930a9d,0x00f002e87a30ecc0,0x009b9d66b6de56e2,0x00a3c4f45e8004eb)},
+            {FIELD_LITERAL(0x0045e8dda9400888,0x002ff12e5fc05db7,0x00a7098d54afe69c,0x00cdbe846a500585,0x00879c1593ca1882,0x003f7a7fea76c8b0,0x002cd73dd0c8e0a1,0x00645d6ce96f51fe)},
+            {FIELD_LITERAL(0x002b7e83e123d6d6,0x00398346f7419c80,0x0042922e55940163,0x005e7fc5601886a3,0x00e88f2cee1d3103,0x00e7fab135f2e377,0x00b059984dbf0ded,0x0009ce080faa5bb8)},
+        }}, {{
+            {FIELD_LITERAL(0x0085e78af7758979,0x00275a4ee1631a3a,0x00d26bc0ed78b683,0x004f8355ea21064f,0x00d618e1a32696e5,0x008d8d7b150e5680,0x00a74cd854b278d2,0x001dd62702203ea0)},
+            {FIELD_LITERAL(0x00f89335c2a59286,0x00a0f5c905d55141,0x00b41fb836ee9382,0x00e235d51730ca43,0x00a5cb37b5c0a69a,0x009b966ffe136c45,0x00cb2ea10bf80ed1,0x00fb2b370b40dc35)},
+            {FIELD_LITERAL(0x00d687d16d4ee8ba,0x0071520bdd069dff,0x00de85c60d32355d,0x0087d2e3565102f4,0x00cde391b8dfc9aa,0x00e18d69efdfefe5,0x004a9d0591954e91,0x00fa36dd8b50eee5)},
+        }}, {{
+            {FIELD_LITERAL(0x002e788749a865f7,0x006e4dc3116861ea,0x009f1428c37276e6,0x00e7d2e0fc1e1226,0x003aeebc6b6c45f6,0x0071a8073bf500c9,0x004b22ad986b530c,0x00f439e63c0d79d4)},
+            {FIELD_LITERAL(0x006bc3d53011f470,0x00032d6e692b83e8,0x00059722f497cd0b,0x0009b4e6f0c497cc,0x0058a804b7cce6c0,0x002b71d3302bbd5d,0x00e2f82a36765fce,0x008dded99524c703)},
+            {FIELD_LITERAL(0x004d058953747d64,0x00701940fe79aa6f,0x00a620ac71c760bf,0x009532b611158b75,0x00547ed7f466f300,0x003cb5ab53a8401a,0x00c7763168ce3120,0x007e48e33e4b9ab2)},
+        }}, {{
+            {FIELD_LITERAL(0x001b2fc57bf3c738,0x006a3f918993fb80,0x0026f7a14fdec288,0x0075a2cdccef08db,0x00d3ecbc9eecdbf1,0x0048c40f06e5bf7f,0x00d63e423009896b,0x000598bc99c056a8)},
+            {FIELD_LITERAL(0x002f194eaafa46dc,0x008e38f57fe87613,0x00dc8e5ae25f4ab2,0x000a17809575e6bd,0x00d3ec7923ba366a,0x003a7e72e0ad75e3,0x0010024b88436e0a,0x00ed3c5444b64051)},
+            {FIELD_LITERAL(0x00831fc1340af342,0x00c9645669466d35,0x007692b4cc5a080f,0x009fd4a47ac9259f,0x001eeddf7d45928b,0x003c0446fc45f28b,0x002c0713aa3e2507,0x0095706935f0f41e)},
+        }}, {{
+            {FIELD_LITERAL(0x00766ae4190ec6d8,0x0065768cabc71380,0x00b902598416cdc2,0x00380021ad38df52,0x008f0b89d6551134,0x004254d4cc62c5a5,0x000d79f4484b9b94,0x00b516732ae3c50e)},
+            {FIELD_LITERAL(0x001fb73475c45509,0x00d2b2e5ea43345a,0x00cb3c3842077bd1,0x0029f90ad820946e,0x007c11b2380778aa,0x009e54ece62c1704,0x004bc60c41ca01c3,0x004525679a5a0b03)},
+            {FIELD_LITERAL(0x00c64fbddbed87b3,0x0040601d11731faa,0x009c22475b6f9d67,0x0024b79dae875f15,0x00616fed3f02c3b0,0x0000cf39f6af2d3b,0x00c46bac0aa9a688,0x00ab23e2800da204)},
+        }}, {{
+            {FIELD_LITERAL(0x000b3a37617632b0,0x00597199fe1cfb6c,0x0042a7ccdfeafdd6,0x004cc9f15ebcea17,0x00f436e596a6b4a4,0x00168861142df0d8,0x000753edfec26af5,0x000c495d7e388116)},
+            {FIELD_LITERAL(0x0017085f4a346148,0x00c7cf7a37f62272,0x001776e129bc5c30,0x009955134c9eef2a,0x001ba5bdf1df07be,0x00ec39497103a55c,0x006578354fda6cfb,0x005f02719d4f15ee)},
+            {FIELD_LITERAL(0x0052b9d9b5d9655d,0x00d4ec7ba1b461c3,0x00f95df4974f280b,0x003d8e5ca11aeb51,0x00d4981eb5a70b26,0x000af9a4f6659f29,0x004598c846faeb43,0x0049d9a183a47670)},
+        }}, {{
+            {FIELD_LITERAL(0x000a72d23dcb3f1f,0x00a3737f84011727,0x00f870c0fbbf4a47,0x00a7aadd04b5c9ca,0x000c7715c67bd072,0x00015a136afcd74e,0x0080d5caea499634,0x0026b448ec7514b7)},
+            {FIELD_LITERAL(0x00b60167d9e7d065,0x00e60ba0d07381e8,0x003a4f17b725c2d4,0x006c19fe176b64fa,0x003b57b31af86ccb,0x0021047c286180fd,0x00bdc8fb00c6dbb6,0x00fe4a9f4bab4f3f)},
+            {FIELD_LITERAL(0x0088ffc3a16111f7,0x009155e4245d0bc8,0x00851d68220572d5,0x00557ace1e514d29,0x0031d7c339d91022,0x00101d0ae2eaceea,0x00246ab3f837b66a,0x00d5216d381ff530)},
+        }}, {{
+            {FIELD_LITERAL(0x0057e7ea35f36dae,0x00f47d7ad15de22e,0x00d757ea4b105115,0x008311457d579d7e,0x00b49b75b1edd4eb,0x0081c7ff742fd63a,0x00ddda3187433df6,0x00475727d55f9c66)},
+            {FIELD_LITERAL(0x00a6295218dc136a,0x00563b3af0e9c012,0x00d3753b0145db1b,0x004550389c043dc1,0x00ea94ae27401bdf,0x002b0b949f2b7956,0x00c63f780ad8e23c,0x00e591c47d6bab15)},
+            {FIELD_LITERAL(0x00416c582b058eb6,0x004107da5b2cc695,0x00b3cd2556aeec64,0x00c0b418267e57a1,0x001799293579bd2e,0x0046ed44590e4d07,0x001d7459b3630a1e,0x00c6afba8b6696aa)},
+        }}, {{
+            {FIELD_LITERAL(0x008d6009b26da3f8,0x00898e88ca06b1ca,0x00edb22b2ed7fe62,0x00fbc93516aabe80,0x008b4b470c42ce0d,0x00e0032ba7d0dcbb,0x00d76da3a956ecc8,0x007f20fe74e3852a)},
+            {FIELD_LITERAL(0x002419222c607674,0x00a7f23af89188b3,0x00ad127284e73d1c,0x008bba582fae1c51,0x00fc6aa7ca9ecab1,0x003df5319eb6c2ba,0x002a05af8a8b199a,0x004bf8354558407c)},
+            {FIELD_LITERAL(0x00ce7d4a30f0fcbf,0x00d02c272629f03d,0x0048c001f7400bc2,0x002c21368011958d,0x0098a550391e96b5,0x002d80b66390f379,0x001fa878760cc785,0x001adfce54b613d5)},
+        }}, {{
+            {FIELD_LITERAL(0x001ed4dc71fa2523,0x005d0bff19bf9b5c,0x00c3801cee065a64,0x001ed0b504323fbf,0x0003ab9fdcbbc593,0x00df82070178b8d2,0x00a2bcaa9c251f85,0x00c628a3674bd02e)},
+            {FIELD_LITERAL(0x006b7a0674f9f8de,0x00a742414e5c7cff,0x0041cbf3c6e13221,0x00e3a64fd207af24,0x0087c05f15fbe8d1,0x004c50936d9e8a33,0x001306ec21042b6d,0x00a4f4137d1141c2)},
+            {FIELD_LITERAL(0x0009e6fb921568b0,0x00b3c60120219118,0x002a6c3460dd503a,0x009db1ef11654b54,0x0063e4bf0be79601,0x00670d34bb2592b9,0x00dcee2f6c4130ce,0x00b2682e88e77f54)},
+        }}, {{
+            {FIELD_LITERAL(0x000d5b4b3da135ab,0x00838f3e5064d81d,0x00d44eb50f6d94ed,0x0008931ab502ac6d,0x00debe01ca3d3586,0x0025c206775f0641,0x005ad4b6ae912763,0x007e2c318ad8f247)},
+            {FIELD_LITERAL(0x00ddbe0750dd1add,0x004b3c7b885844b8,0x00363e7ecf12f1ae,0x0062e953e6438f9d,0x0023cc73b076afe9,0x00b09fa083b4da32,0x00c7c3d2456c541d,0x005b591ec6b694d4)},
+            {FIELD_LITERAL(0x0028656e19d62fcf,0x0052a4af03df148d,0x00122765ddd14e42,0x00f2252904f67157,0x004741965b636f3a,0x006441d296132cb9,0x005e2106f956a5b7,0x00247029592d335c)},
+        }}, {{
+            {FIELD_LITERAL(0x003fe038eb92f894,0x000e6da1b72e8e32,0x003a1411bfcbe0fa,0x00b55d473164a9e4,0x00b9a775ac2df48d,0x0002ddf350659e21,0x00a279a69eb19cb3,0x00f844eab25cba44)},
+            {FIELD_LITERAL(0x00c41d1f9c1f1ac1,0x007b2df4e9f19146,0x00b469355fd5ba7a,0x00b5e1965afc852a,0x00388d5f1e2d8217,0x0022079e4c09ae93,0x0014268acd4ef518,0x00c1dd8d9640464c)},
+            {FIELD_LITERAL(0x0038526adeed0c55,0x00dd68c607e3fe85,0x00f746ddd48a5d57,0x0042f2952b963b7c,0x001cbbd6876d5ec2,0x005e341470bca5c2,0x00871d41e085f413,0x00e53ab098f45732)},
+        }}, {{
+            {FIELD_LITERAL(0x004d51124797c831,0x008f5ae3750347ad,0x0070ced94c1a0c8e,0x00f6db2043898e64,0x000d00c9a5750cd0,0x000741ec59bad712,0x003c9d11aab37b7f,0x00a67ba169807714)},
+            {FIELD_LITERAL(0x00adb2c1566e8b8f,0x0096c68a35771a9a,0x00869933356f334a,0x00ba9c93459f5962,0x009ec73fb6e8ca4b,0x003c3802c27202e1,0x0031f5b733e0c008,0x00f9058c19611fa9)},
+            {FIELD_LITERAL(0x00238f01814a3421,0x00c325a44b6cce28,0x002136f97aeb0e73,0x000cac8268a4afe2,0x0022fd218da471b3,0x009dcd8dfff8def9,0x00cb9f8181d999bb,0x00143ae56edea349)},
+        }}, {{
+            {FIELD_LITERAL(0x0000623bf87622c5,0x00a1966fdd069496,0x00c315b7b812f9fc,0x00bdf5efcd128b97,0x001d464f532e3e16,0x003cd94f081bfd7e,0x00ed9dae12ce4009,0x002756f5736eee70)},
+            {FIELD_LITERAL(0x00a5187e6ee7341b,0x00e6d52e82d83b6e,0x00df3c41323094a7,0x00b3324f444e9de9,0x00689eb21a35bfe5,0x00f16363becd548d,0x00e187cc98e7f60f,0x00127d9062f0ccab)},
+            {FIELD_LITERAL(0x004ad71b31c29e40,0x00a5fcace12fae29,0x004425b5597280ed,0x00e7ef5d716c3346,0x0010b53ada410ac8,0x0092310226060c9b,0x0091c26128729c7e,0x0088b42900f8ec3b)},
+        }}, {{
+            {FIELD_LITERAL(0x00f1e26e9762d4a8,0x00d9d74082183414,0x00ffec9bd57a0282,0x000919e128fd497a,0x00ab7ae7d00fe5f8,0x0054dc442851ff68,0x00c9ebeb3b861687,0x00507f7cab8b698f)},
+            {FIELD_LITERAL(0x00c13c5aae3ae341,0x009c6c9ed98373e7,0x00098f26864577a8,0x0015b886e9488b45,0x0037692c42aadba5,0x00b83170b8e7791c,0x001670952ece1b44,0x00fd932a39276da2)},
+            {FIELD_LITERAL(0x0081a3259bef3398,0x005480fff416107b,0x00ce4f607d21be98,0x003ffc084b41df9b,0x0043d0bb100502d1,0x00ec35f575ba3261,0x00ca18f677300ef3,0x00e8bb0a827d8548)},
+        }}, {{
+            {FIELD_LITERAL(0x00df76b3328ada72,0x002e20621604a7c2,0x00f910638a105b09,0x00ef4724d96ef2cd,0x00377d83d6b8a2f7,0x00b4f48805ade324,0x001cd5da8b152018,0x0045af671a20ca7f)},
+            {FIELD_LITERAL(0x009ae3b93a56c404,0x004a410b7a456699,0x00023a619355e6b2,0x009cdc7297387257,0x0055b94d4ae70d04,0x002cbd607f65b005,0x003208b489697166,0x00ea2aa058867370)},
+            {FIELD_LITERAL(0x00f29d2598ee3f32,0x00b4ac5385d82adc,0x007633eaf04df19b,0x00aa2d3d77ceab01,0x004a2302fcbb778a,0x00927f225d5afa34,0x004a8e9d5047f237,0x008224ae9dbce530)},
+        }}, {{
+            {FIELD_LITERAL(0x001cf640859b02f8,0x00758d1d5d5ce427,0x00763c784ef4604c,0x005fa81aee205270,0x00ac537bfdfc44cb,0x004b919bd342d670,0x00238508d9bf4b7a,0x00154888795644f3)},
+            {FIELD_LITERAL(0x00c845923c084294,0x00072419a201bc25,0x0045f408b5f8e669,0x00e9d6a186b74dfe,0x00e19108c68fa075,0x0017b91d874177b7,0x002f0ca2c7912c5a,0x009400aa385a90a2)},
+            {FIELD_LITERAL(0x0071110b01482184,0x00cfed0044f2bef8,0x0034f2901cf4662e,0x003b4ae2a67f9834,0x00cca9b96fe94810,0x00522507ae77abd0,0x00bac7422721e73e,0x0066622b0f3a62b0)},
+        }}, {{
+            {FIELD_LITERAL(0x00f8ac5cf4705b6a,0x00867d82dcb457e3,0x007e13ab2ccc2ce9,0x009ee9a018d3930e,0x008370f8ecb42df8,0x002d9f019add263e,0x003302385b92d196,0x00a15654536e2c0c)},
+            {FIELD_LITERAL(0x0026ef1614e160af,0x00c023f9edfc9c76,0x00cff090da5f57ba,0x0076db7a66643ae9,0x0019462f8c646999,0x008fec00b3854b22,0x00d55041692a0a1c,0x0065db894215ca00)},
+            {FIELD_LITERAL(0x00a925036e0a451c,0x002a0390c36b6cc1,0x00f27020d90894f4,0x008d90d52cbd3d7f,0x00e1d0137392f3b8,0x00f017c158b51a8f,0x00cac313d3ed7dbc,0x00b99a81e3eb42d3)},
+        }}, {{
+            {FIELD_LITERAL(0x00b54850275fe626,0x0053a3fd1ec71140,0x00e3d2d7dbe096fa,0x00e4ac7b595cce4c,0x0077bad449c0a494,0x00b7c98814afd5b3,0x0057226f58486cf9,0x00b1557154f0cc57)},
+            {FIELD_LITERAL(0x008cc9cd236315c0,0x0031d9c5b39fda54,0x00a5713ef37e1171,0x00293d5ae2886325,0x00c4aba3e05015e1,0x0003f35ef78e4fc6,0x0039d6bd3ac1527b,0x0019d7c3afb77106)},
+            {FIELD_LITERAL(0x007b162931a985af,0x00ad40a2e0daa713,0x006df27c4009f118,0x00503e9f4e2e8bec,0x00751a77c82c182d,0x000298937769245b,0x00ffb1e8fabf9ee5,0x0008334706e09abe)},
+        }}, {{
+            {FIELD_LITERAL(0x00dbca4e98a7dcd9,0x00ee29cfc78bde99,0x00e4a3b6995f52e9,0x0045d70189ae8096,0x00fd2a8a3b9b0d1b,0x00af1793b107d8e1,0x00dbf92cbe4afa20,0x00da60f798e3681d)},
+            {FIELD_LITERAL(0x004246bfcecc627a,0x004ba431246c03a4,0x00bd1d101872d497,0x003b73d3f185ee16,0x001feb2e2678c0e3,0x00ff13c5a89dec76,0x00ed06042e771d8f,0x00a4fd2a897a83dd)},
+            {FIELD_LITERAL(0x009a4a3be50d6597,0x00de3165fc5a1096,0x004f3f56e345b0c7,0x00f7bf721d5ab8bc,0x004313e47b098c50,0x00e4c7d5c0e1adbb,0x002e3e3db365051e,0x00a480c2cd6a96fb)},
+        }}, {{
+            {FIELD_LITERAL(0x00417fa30a7119ed,0x00af257758419751,0x00d358a487b463d4,0x0089703cc720b00d,0x00ce56314ff7f271,0x0064db171ade62c1,0x00640b36d4a22fed,0x00424eb88696d23f)},
+            {FIELD_LITERAL(0x004ede34af2813f3,0x00d4a8e11c9e8216,0x004796d5041de8a5,0x00c4c6b4d21cc987,0x00e8a433ee07fa1e,0x0055720b5abcc5a1,0x008873ea9c74b080,0x005b3fec1ab65d48)},
+            {FIELD_LITERAL(0x0047e5277db70ec5,0x000a096c66db7d6b,0x00b4164cc1730159,0x004a9f783fe720fe,0x00a8177b94449dbc,0x0095a24ff49a599f,0x0069c1c578250cbc,0x00452019213debf4)},
+        }}, {{
+            {FIELD_LITERAL(0x0021ce99e09ebda3,0x00fcbd9f91875ad0,0x009bbf6b7b7a0b5f,0x00388886a69b1940,0x00926a56d0f81f12,0x00e12903c3358d46,0x005dfce4e8e1ce9d,0x0044cfa94e2f7e23)},
+            {FIELD_LITERAL(0x001bd59c09e982ea,0x00f72daeb937b289,0x0018b76dca908e0e,0x00edb498512384ad,0x00ce0243b6cc9538,0x00f96ff690cb4e70,0x007c77bf9f673c8d,0x005bf704c088a528)},
+            {FIELD_LITERAL(0x0093d4628dcb33be,0x0095263d51d42582,0x0049b3222458fe06,0x00e7fce73b653a7f,0x003ca2ebce60b369,0x00c5de239a32bea4,0x0063b8b3d71fb6bf,0x0039aeeb78a1a839)},
+        }}, {{
+            {FIELD_LITERAL(0x007dc52da400336c,0x001fded1e15b9457,0x00902e00f5568e3a,0x00219bef40456d2d,0x005684161fb3dbc9,0x004a4e9be49a76ea,0x006e685ae88b78ff,0x0021c42f13042d3c)},
+            {FIELD_LITERAL(0x00fb22bb5fd3ce50,0x0017b48aada7ae54,0x00fd5c44ad19a536,0x000ccc4e4e55e45c,0x00fd637d45b4c3f5,0x0038914e023c37cf,0x00ac1881d6a8d898,0x00611ed8d3d943a8)},
+            {FIELD_LITERAL(0x0056e2259d113d2b,0x00594819b284ec16,0x00c7bf794bb36696,0x00721ee75097cdc6,0x00f71be9047a2892,0x00df6ba142564edf,0x0069580b7a184e8d,0x00f056e38fca0fee)},
+        }}, {{
+            {FIELD_LITERAL(0x009df98566a18c6d,0x00cf3a200968f219,0x0044ba60da6d9086,0x00dbc9c0e344da03,0x000f9401c4466855,0x00d46a57c5b0a8d1,0x00875a635d7ac7c6,0x00ef4a933b7e0ae6)},
+            {FIELD_LITERAL(0x005e8694077a1535,0x008bef75f71c8f1d,0x000a7c1316423511,0x00906e1d70604320,0x003fc46c1a2ffbd6,0x00d1d5022e68f360,0x002515fba37bbf46,0x00ca16234e023b44)},
+            {FIELD_LITERAL(0x00787c99561f4690,0x00a857a8c1561f27,0x00a10df9223c09fe,0x00b98a9562e3b154,0x004330b8744c3ed2,0x00e06812807ec5c4,0x00e4cf6a7db9f1e3,0x00d95b089f132a34)},
+        }}, {{
+            {FIELD_LITERAL(0x002922b39ca33eec,0x0090d12a5f3ab194,0x00ab60c02fb5f8ed,0x00188d292abba1cf,0x00e10edec9698f6e,0x0069a4d9934133c8,0x0024aac40e6d3d06,0x001702c2177661b0)},
+            {FIELD_LITERAL(0x00139078397030bd,0x000e3c447e859a00,0x0064a5b334c82393,0x00b8aabeb7358093,0x00020778bb9ae73b,0x0032ee94c7892a18,0x008215253cb41bda,0x005e2797593517ae)},
+            {FIELD_LITERAL(0x0083765a5f855d4a,0x0051b6d1351b8ee2,0x00116de548b0f7bb,0x0087bd88703affa0,0x0095b2cc34d7fdd2,0x0084cd81b53f0bc8,0x008562fc995350ed,0x00a39abb193651e3)},
+        }}, {{
+            {FIELD_LITERAL(0x0019e23f0474b114,0x00eb94c2ad3b437e,0x006ddb34683b75ac,0x00391f9209b564c6,0x00083b3bb3bff7aa,0x00eedcd0f6dceefc,0x00b50817f794fe01,0x0036474deaaa75c9)},
+            {FIELD_LITERAL(0x0091868594265aa2,0x00797accae98ca6d,0x0008d8c5f0f8a184,0x00d1f4f1c2b2fe6e,0x0036783dfb48a006,0x008c165120503527,0x0025fd780058ce9b,0x0068beb007be7d27)},
+            {FIELD_LITERAL(0x00d0ff88aa7c90c2,0x00b2c60dacf53394,0x0094a7284d9666d6,0x00bed9022ce7a19d,0x00c51553f0cd7682,0x00c3fb870b124992,0x008d0bc539956c9b,0x00fc8cf258bb8885)},
+        }}, {{
+            {FIELD_LITERAL(0x003667bf998406f8,0x0000115c43a12975,0x001e662f3b20e8fd,0x0019ffa534cb24eb,0x00016be0dc8efb45,0x00ff76a8b26243f5,0x00ae20d241a541e3,0x0069bd6af13cd430)},
+            {FIELD_LITERAL(0x0045fdc16487cda3,0x00b2d8e844cf2ed7,0x00612c50e88c1607,0x00a08aabc66c1672,0x006031fdcbb24d97,0x001b639525744b93,0x004409d62639ab17,0x00a1853d0347ab1d)},
+            {FIELD_LITERAL(0x0075a1a56ebf5c21,0x00a3e72be9ac53ed,0x00efcde1629170c2,0x0004225fe91ef535,0x0088049fc73dfda7,0x004abc74857e1288,0x0024e2434657317c,0x00d98cb3d3e5543c)},
+        }}, {{
+            {FIELD_LITERAL(0x00b4b53eab6bdb19,0x009b22d8b43711d0,0x00d948b9d961785d,0x00cb167b6f279ead,0x00191de3a678e1c9,0x00d9dd9511095c2e,0x00f284324cd43067,0x00ed74fa535151dd)},
+            {FIELD_LITERAL(0x007e32c049b5c477,0x009d2bfdbd9bcfd8,0x00636e93045938c6,0x007fde4af7687298,0x0046a5184fafa5d3,0x0079b1e7f13a359b,0x00875adf1fb927d6,0x00333e21c61bcad2)},
+            {FIELD_LITERAL(0x00048014f73d8b8d,0x0075684aa0966388,0x0092be7df06dc47c,0x0097cebcd0f5568a,0x005a7004d9c4c6a9,0x00b0ecbb659924c7,0x00d90332dd492a7c,0x0057fc14df11493d)},
+        }}, {{
+            {FIELD_LITERAL(0x0008ed8ea0ad95be,0x0041d324b9709645,0x00e25412257a19b4,0x0058df9f3423d8d2,0x00a9ab20def71304,0x009ae0dbf8ac4a81,0x00c9565977e4392a,0x003c9269444baf55)},
+            {FIELD_LITERAL(0x007df6cbb926830b,0x00d336058ae37865,0x007af47dac696423,0x0048d3011ec64ac8,0x006b87666e40049f,0x0036a2e0e51303d7,0x00ba319bd79dbc55,0x003e2737ecc94f53)},
+            {FIELD_LITERAL(0x00d296ff726272d9,0x00f6d097928fcf57,0x00e0e616a55d7013,0x00deaf454ed9eac7,0x0073a56bedef4d92,0x006ccfdf6fc92e19,0x009d1ee1371a7218,0x00ee3c2ee4462d80)},
+        }}, {{
+            {FIELD_LITERAL(0x00437bce9bccdf9d,0x00e0c8e2f85dc0a3,0x00c91a7073995a19,0x00856ec9fe294559,0x009e4b33394b156e,0x00e245b0dc497e5c,0x006a54e687eeaeff,0x00f1cd1cd00fdb7c)},
+            {FIELD_LITERAL(0x008132ae5c5d8cd1,0x00121d68324a1d9f,0x00d6be9dafcb8c76,0x00684d9070edf745,0x00519fbc96d7448e,0x00388182fdc1f27e,0x000235baed41f158,0x00bf6cf6f1a1796a)},
+            {FIELD_LITERAL(0x002adc4b4d148219,0x003084ada0d3a90a,0x0046de8aab0f2e4e,0x00452d342a67b5fd,0x00d4b50f01d4de21,0x00db6d9fc0cefb79,0x008c184c86a462cd,0x00e17c83764d42da)},
+        }}, {{
+            {FIELD_LITERAL(0x007b2743b9a1e01a,0x007847ffd42688c4,0x006c7844d610a316,0x00f0cb8b250aa4b0,0x00a19060143b3ae6,0x0014eb10b77cfd80,0x000170905729dd06,0x00063b5b9cd72477)},
+            {FIELD_LITERAL(0x00ce382dc7993d92,0x00021153e938b4c8,0x00096f7567f48f51,0x0058f81ddfe4b0d5,0x00cc379a56b355c7,0x002c760770d3e819,0x00ee22d1d26e5a40,0x00de6d93d5b082d7)},
+            {FIELD_LITERAL(0x000a91a42c52e056,0x00185f6b77fce7ea,0x000803c51962f6b5,0x0022528582ba563d,0x0043f8040e9856d6,0x0085a29ec81fb860,0x005f9a611549f5ff,0x00c1f974ecbd4b06)},
+        }}, {{
+            {FIELD_LITERAL(0x005b64c6fd65ec97,0x00c1fdd7f877bc7f,0x000d9cc6c89f841c,0x005c97b7f1aff9ad,0x0075e3c61475d47e,0x001ecb1ba8153011,0x00fe7f1c8d71d40d,0x003fa9757a229832)},
+            {FIELD_LITERAL(0x00ffc5c89d2b0cba,0x00d363d42e3e6fc3,0x0019a1a0118e2e8a,0x00f7baeff48882e1,0x001bd5af28c6b514,0x0055476ca2253cb2,0x00d8eb1977e2ddf3,0x00b173b1adb228a1)},
+            {FIELD_LITERAL(0x00f2cb99dd0ad707,0x00e1e08b6859ddd8,0x000008f2d0650bcc,0x00d7ed392f8615c3,0x00976750a94da27f,0x003e83bb0ecb69ba,0x00df8e8d15c14ac6,0x00f9f7174295d9c2)},
+        }}, {{
+            {FIELD_LITERAL(0x00f11cc8e0e70bcb,0x00e5dc689974e7dd,0x0014e409f9ee5870,0x00826e6689acbd63,0x008a6f4e3d895d88,0x00b26a8da41fd4ad,0x000fb7723f83efd7,0x009c749db0a5f6c3)},
+            {FIELD_LITERAL(0x002389319450f9ba,0x003677f31aa1250a,0x0092c3db642f38cb,0x00f8b64c0dfc9773,0x00cd49fe3505b795,0x0068105a4090a510,0x00df0ba2072a8bb6,0x00eb396143afd8be)},
+            {FIELD_LITERAL(0x00a0d4ecfb24cdff,0x00ddaf8008ba6479,0x00f0b3e36d4b0f44,0x003734bd3af1f146,0x00b87e2efc75527e,0x00d230df55ddab50,0x002613257ae56c1d,0x00bc0946d135934d)},
+        }}, {{
+            {FIELD_LITERAL(0x00468711bd994651,0x0033108fa67561bf,0x0089d760192a54b4,0x00adc433de9f1871,0x000467d05f36e050,0x007847e0f0579f7f,0x00a2314ad320052d,0x00b3a93649f0b243)},
+            {FIELD_LITERAL(0x0067f8f0c4fe26c9,0x0079c4a3cc8f67b9,0x0082b1e62f23550d,0x00f2d409caefd7f5,0x0080e67dcdb26e81,0x0087ae993ea1f98a,0x00aa108becf61d03,0x001acf11efb608a3)},
+            {FIELD_LITERAL(0x008225febbab50d9,0x00f3b605e4dd2083,0x00a32b28189e23d2,0x00d507e5e5eb4c97,0x005a1a84e302821f,0x0006f54c1c5f08c7,0x00a347c8cb2843f0,0x0009f73e9544bfa5)},
+        }}, {{
+            {FIELD_LITERAL(0x006c59c9ae744185,0x009fc32f1b4282cd,0x004d6348ca59b1ac,0x00105376881be067,0x00af4096013147dc,0x004abfb5a5cb3124,0x000d2a7f8626c354,0x009c6ed568e07431)},
+            {FIELD_LITERAL(0x00e828333c297f8b,0x009ef3cf8c3f7e1f,0x00ab45f8fff31cb9,0x00c8b4178cb0b013,0x00d0c50dd3260a3f,0x0097126ac257f5bc,0x0042376cc90c705a,0x001d96fdb4a1071e)},
+            {FIELD_LITERAL(0x00542d44d89ee1a8,0x00306642e0442d98,0x0090853872b87338,0x002362cbf22dc044,0x002c222adff663b8,0x0067c924495fcb79,0x000e621d983c977c,0x00df77a9eccb66fb)},
+        }}, {{
+            {FIELD_LITERAL(0x002809e4bbf1814a,0x00b9e854f9fafb32,0x00d35e67c10f7a67,0x008f1bcb76e748cf,0x004224d9515687d2,0x005ba0b774e620c4,0x00b5e57db5d54119,0x00e15babe5683282)},
+            {FIELD_LITERAL(0x00832d02369b482c,0x00cba52ff0d93450,0x003fa9c908d554db,0x008d1e357b54122f,0x00abd91c2dc950c6,0x007eff1df4c0ec69,0x003f6aeb13fb2d31,0x00002d6179fc5b2c)},
+            {FIELD_LITERAL(0x0046c9eda81c9c89,0x00b60cb71c8f62fc,0x0022f5a683baa558,0x00f87319fccdf997,0x009ca09b51ce6a22,0x005b12baf4af7d77,0x008a46524a1e33e2,0x00035a77e988be0d)},
+        }}, {{
+            {FIELD_LITERAL(0x00a7efe46a7dbe2f,0x002f66fd55014fe7,0x006a428afa1ff026,0x0056caaa9604ab72,0x0033f3bcd7fac8ae,0x00ccb1aa01c86764,0x00158d1edf13bf40,0x009848ee76fcf3b4)},
+            {FIELD_LITERAL(0x00a9e7730a819691,0x00d9cc73c4992b70,0x00e299bde067de5a,0x008c314eb705192a,0x00e7226f17e8a3cc,0x0029dfd956e65a47,0x0053a8e839073b12,0x006f942b2ab1597e)},
+            {FIELD_LITERAL(0x001c3d780ecd5e39,0x0094f247fbdcc5fe,0x00d5c786fd527764,0x00b6f4da74f0db2a,0x0080f1f8badcd5fc,0x00f36a373ad2e23b,0x00f804f9f4343bf2,0x00d1af40ec623982)},
+        }}, {{
+            {FIELD_LITERAL(0x0082aeace5f1b144,0x00f68b3108cf4dd3,0x00634af01dde3020,0x000beab5df5c2355,0x00e8b790d1b49b0b,0x00e48d15854e36f4,0x0040ab2d95f3db9f,0x002711c4ed9e899a)},
+            {FIELD_LITERAL(0x0039343746531ebe,0x00c8509d835d429d,0x00e79eceff6b0018,0x004abfd31e8efce5,0x007bbfaaa1e20210,0x00e3be89c193e179,0x001c420f4c31d585,0x00f414a315bef5ae)},
+            {FIELD_LITERAL(0x007c296a24990df8,0x00d5d07525a75588,0x00dd8e113e94b7e7,0x007bbc58febe0cc8,0x0029f51af9bfcad3,0x007e9311ec7ab6f3,0x009a884de1676343,0x0050d5f2dce84be9)},
+        }}, {{
+            {FIELD_LITERAL(0x005fa020cca2450a,0x00491c29db6416d8,0x0037cefe3f9f9a85,0x003d405230647066,0x0049e835f0fdbe89,0x00feb78ac1a0815c,0x00828e4b32dc9724,0x00db84f2dc8d6fd4)},
+            {FIELD_LITERAL(0x0098cddc8b39549a,0x006da37e3b05d22c,0x00ce633cfd4eb3cb,0x00fda288ef526acd,0x0025338878c5d30a,0x00f34438c4e5a1b4,0x00584efea7c310f1,0x0041a551f1b660ad)},
+            {FIELD_LITERAL(0x00d7f7a8fbd6437a,0x0062872413bf3753,0x00ad4bbcb43c584b,0x007fe49be601d7e3,0x0077c659789babf4,0x00eb45fcb06a741b,0x005ce244913f9708,0x0088426401736326)},
+        }}, {{
+            {FIELD_LITERAL(0x007bf562ca768d7c,0x006c1f3a174e387c,0x00f024b447fee939,0x007e7af75f01143f,0x003adb70b4eed89d,0x00e43544021ad79a,0x0091f7f7042011f6,0x0093c1a1ee3a0ddc)},
+            {FIELD_LITERAL(0x00a0b68ec1eb72d2,0x002c03235c0d45a0,0x00553627323fe8c5,0x006186e94b17af94,0x00a9906196e29f14,0x0025b3aee6567733,0x007e0dd840080517,0x0018eb5801a4ba93)},
+            {FIELD_LITERAL(0x00d7fe7017bf6a40,0x006e3f0624be0c42,0x00ffbba205358245,0x00f9fc2cf8194239,0x008d93b37bf15b4e,0x006ddf2e38be8e95,0x002b6e79bf5fcff9,0x00ab355da425e2de)},
+        }}, {{
+            {FIELD_LITERAL(0x00938f97e20be973,0x0099141a36aaf306,0x0057b0ca29e545a1,0x0085db571f9fbc13,0x008b333c554b4693,0x0043ab6ef3e241cb,0x0054fb20aa1e5c70,0x00be0ff852760adf)},
+            {FIELD_LITERAL(0x003973d8938971d6,0x002aca26fa80c1f5,0x00108af1faa6b513,0x00daae275d7924e6,0x0053634ced721308,0x00d2355fe0bbd443,0x00357612b2d22095,0x00f9bb9dd4136cf3)},
+            {FIELD_LITERAL(0x002bff12cf5e03a5,0x001bdb1fa8a19cf8,0x00c91c6793f84d39,0x00f869f1b2eba9af,0x0059bc547dc3236b,0x00d91611d6d38689,0x00e062daaa2c0214,0x00ed3c047cc2bc82)},
+        }}, {{
+            {FIELD_LITERAL(0x000050d70c32b31a,0x001939d576d437b3,0x00d709e598bf9fe6,0x00a885b34bd2ee9e,0x00dd4b5c08ab1a50,0x0091bebd50b55639,0x00cf79ff64acdbc6,0x006067a39d826336)},
+            {FIELD_LITERAL(0x0062dd0fb31be374,0x00fcc96b84c8e727,0x003f64f1375e6ae3,0x0057d9b6dd1af004,0x00d6a167b1103c7b,0x00dd28f3180fb537,0x004ff27ad7167128,0x008934c33461f2ac)},
+            {FIELD_LITERAL(0x0065b472b7900043,0x00ba7efd2ff1064b,0x000b67d6c4c3020f,0x0012d28469f4e46d,0x0031c32939703ec7,0x00b49f0bce133066,0x00f7e10416181d47,0x005c90f51867eecc)},
+        }}, {{
+            {FIELD_LITERAL(0x0051207abd179101,0x00fc2a5c20d9c5da,0x00fb9d5f2701b6df,0x002dd040fdea82b8,0x00f163b0738442ff,0x00d9736bd68855b8,0x00e0d8e93005e61c,0x00df5a40b3988570)},
+            {FIELD_LITERAL(0x0006918f5dfce6dc,0x00d4bf1c793c57fb,0x0069a3f649435364,0x00e89a50e5b0cd6e,0x00b9f6a237e973af,0x006d4ed8b104e41d,0x00498946a3924cd2,0x00c136ec5ac9d4f7)},
+            {FIELD_LITERAL(0x0011a9c290ac5336,0x002b9a2d4a6a6533,0x009a8a68c445d937,0x00361b27b07e5e5c,0x003c043b1755b974,0x00b7eb66cf1155ee,0x0077af5909eefff2,0x0098f609877cc806)},
+        }}, {{
+            {FIELD_LITERAL(0x00ab13af436bf8f4,0x000bcf0a0dac8574,0x00d50c864f705045,0x00c40e611debc842,0x0085010489bd5caa,0x007c5050acec026f,0x00f67d943c8da6d1,0x00de1da0278074c6)},
+            {FIELD_LITERAL(0x00b373076597455f,0x00e83f1af53ac0f5,0x0041f63c01dc6840,0x0097dea19b0c6f4b,0x007f9d63b4c1572c,0x00e692d492d0f5f0,0x00cbcb392e83b4ad,0x0069c0f39ed9b1a8)},
+            {FIELD_LITERAL(0x00861030012707c9,0x009fbbdc7fd4aafb,0x008f591d6b554822,0x00df08a41ea18ade,0x009d7d83e642abea,0x0098c71bda3b78ff,0x0022c89e7021f005,0x0044d29a3fe1e3c4)},
+        }}, {{
+            {FIELD_LITERAL(0x00e748cd7b5c52f2,0x00ea9df883f89cc3,0x0018970df156b6c7,0x00c5a46c2a33a847,0x00cbde395e32aa09,0x0072474ebb423140,0x00fb00053086a23d,0x001dafcfe22d4e1f)},
+            {FIELD_LITERAL(0x00c903ee6d825540,0x00add6c4cf98473e,0x007636efed4227f1,0x00905124ae55e772,0x00e6b38fab12ed53,0x0045e132b863fe55,0x003974662edb366a,0x00b1787052be8208)},
+            {FIELD_LITERAL(0x00a614b00d775c7c,0x00d7c78941cc7754,0x00422dd68b5dabc4,0x00a6110f0167d28b,0x00685a309c252886,0x00b439ffd5143660,0x003656e29ee7396f,0x00c7c9b9ed5ad854)},
+        }}, {{
+            {FIELD_LITERAL(0x0040f7e7c5b37bf2,0x0064e4dc81181bba,0x00a8767ae2a366b6,0x001496b4f90546f2,0x002a28493f860441,0x0021f59513049a3a,0x00852d369a8b7ee3,0x00dd2e7d8b7d30a9)},
+            {FIELD_LITERAL(0x00006e34a35d9fbc,0x00eee4e48b2f019a,0x006b344743003a5f,0x00541d514f04a7e3,0x00e81f9ee7647455,0x005e2b916c438f81,0x00116f8137b7eff0,0x009bd3decc7039d1)},
+            {FIELD_LITERAL(0x0005d226f434110d,0x00af8288b8ef21d5,0x004a7a52ef181c8c,0x00be0b781b4b06de,0x00e6e3627ded07e1,0x00e43aa342272b8b,0x00e86ab424577d84,0x00fb292c566e35bb)},
+        }}, {{
+            {FIELD_LITERAL(0x00334f5303ea1222,0x00dfb3dbeb0a5d3e,0x002940d9592335c1,0x00706a7a63e8938a,0x005a533558bc4caf,0x00558e33192022a9,0x00970d9faf74c133,0x002979fcb63493ca)},
+            {FIELD_LITERAL(0x00e38abece3c82ab,0x005a51f18a2c7a86,0x009dafa2e86d592e,0x00495a62eb688678,0x00b79df74c0eb212,0x0023e8cc78b75982,0x005998cb91075e13,0x00735aa9ba61bc76)},
+            {FIELD_LITERAL(0x00d9f7a82ddbe628,0x00a1fc782889ae0f,0x0071ffda12d14b66,0x0037cf4eca7fb3d5,0x00c80bc242c58808,0x0075bf8c2d08c863,0x008d41f31afc52a7,0x00197962ecf38741)},
+        }}, {{
+            {FIELD_LITERAL(0x006e9f475cccf2ee,0x00454b9cd506430c,0x00224a4fb79ee479,0x0062e3347ef0b5e2,0x0034fd2a3512232a,0x00b8b3cb0f457046,0x00eb20165daa38ec,0x00128eebc2d9c0f7)},
+            {FIELD_LITERAL(0x00bfc5fa1e4ea21f,0x00c21d7b6bb892e6,0x00cf043f3acf0291,0x00c13f2f849b3c90,0x00d1a97ebef10891,0x0061e130a445e7fe,0x0019513fdedbf22b,0x001d60c813bff841)},
+            {FIELD_LITERAL(0x0019561c7fcf0213,0x00e3dca6843ebd77,0x0068ea95b9ca920e,0x009bdfb70f253595,0x00c68f59186aa02a,0x005aee1cca1c3039,0x00ab79a8a937a1ce,0x00b9a0e549959e6f)},
+        }}, {{
+            {FIELD_LITERAL(0x00c79e0b6d97dfbd,0x00917c71fd2bc6e8,0x00db7529ccfb63d8,0x00be5be957f17866,0x00a9e11fdc2cdac1,0x007b91a8e1f44443,0x00a3065e4057d80f,0x004825f5b8d5f6d4)},
+            {FIELD_LITERAL(0x003e4964fa8a8fc8,0x00f6a1cdbcf41689,0x00943cb18fe7fda7,0x00606dafbf34440a,0x005d37a86399c789,0x00e79a2a69417403,0x00fe34f7e68b8866,0x0011f448ed2df10e)},
+            {FIELD_LITERAL(0x00f1f57efcc1fcc4,0x00513679117de154,0x002e5b5b7c86d8c3,0x009f6486561f9cfb,0x00169e74b0170cf7,0x00900205af4af696,0x006acfddb77853f3,0x00df184c90f31068)},
+        }}, {{
+            {FIELD_LITERAL(0x00b37396c3320791,0x00fc7b67175c5783,0x00c36d2cd73ecc38,0x0080ebcc0b328fc5,0x0043a5b22b35d35d,0x00466c9f1713c9da,0x0026ad346dcaa8da,0x007c684e701183a6)},
+            {FIELD_LITERAL(0x00fd579ffb691713,0x00b76af4f81c412d,0x00f239de96110f82,0x00e965fb437f0306,0x00ca7e9436900921,0x00e487f1325fa24a,0x00633907de476380,0x00721c62ac5b8ea0)},
+            {FIELD_LITERAL(0x00c0d54e542eb4f9,0x004ed657171c8dcf,0x00b743a4f7c2a39b,0x00fd9f93ed6cc567,0x00307fae3113e58b,0x0058aa577c93c319,0x00d254556f35b346,0x00491aada2203f0d)},
+        }}, {{
+            {FIELD_LITERAL(0x00dff3103786ff34,0x000144553b1f20c3,0x0095613baeb930e4,0x00098058275ea5d4,0x007cd1402b046756,0x0074d74e4d58aee3,0x005f93fc343ff69b,0x00873df17296b3b0)},
+            {FIELD_LITERAL(0x00c4a1fb48635413,0x00b5dd54423ad59f,0x009ff5d53fd24a88,0x003c98d267fc06a7,0x002db7cb20013641,0x00bd1d6716e191f2,0x006dbc8b29094241,0x0044bbf233dafa2c)},
+            {FIELD_LITERAL(0x0055838d41f531e6,0x00bf6a2dd03c81b2,0x005827a061c4839e,0x0000de2cbb36aac3,0x002efa29d9717478,0x00f9e928cc8a77ba,0x00c134b458def9ef,0x00958a182223fc48)},
+        }}, {{
+            {FIELD_LITERAL(0x000a9ee23c06881f,0x002c727d3d871945,0x00f47d971512d24a,0x00671e816f9ef31a,0x00883af2cfaad673,0x00601f98583d6c9a,0x00b435f5adc79655,0x00ad87b71c04bff2)},
+            {FIELD_LITERAL(0x007860d99db787cf,0x00fda8983018f4a8,0x008c8866bac4743c,0x00ef471f84c82a3f,0x00abea5976d3b8e7,0x00714882896cd015,0x00b49fae584ddac5,0x008e33a1a0b69c81)},
+            {FIELD_LITERAL(0x007b6ee2c9e8a9ec,0x002455dbbd89d622,0x006490cf4eaab038,0x00d925f6c3081561,0x00153b3047de7382,0x003b421f8bdceb6f,0x00761a4a5049da78,0x00980348c5202433)},
+        }}, {{
+            {FIELD_LITERAL(0x007f8a43da97dd5c,0x00058539c800fc7b,0x0040f3cf5a28414a,0x00d68dd0d95283d6,0x004adce9da90146e,0x00befa41c7d4f908,0x007603bc2e3c3060,0x00bdf360ab3545db)},
+            {FIELD_LITERAL(0x00eebfd4e2312cc3,0x00474b2564e4fc8c,0x003303ef14b1da9b,0x003c93e0e66beb1d,0x0013619b0566925a,0x008817c24d901bf3,0x00b62bd8898d218b,0x0075a7716f1e88a2)},
+            {FIELD_LITERAL(0x0009218da1e6890f,0x0026907f5fd02575,0x004dabed5f19d605,0x003abf181870249d,0x00b52fd048cc92c4,0x00b6dd51e415a5c5,0x00d9eb82bd2b4014,0x002c865a43b46b43)},
+        }}, {{
+            {FIELD_LITERAL(0x0070047189452f4c,0x00f7ad12e1ce78d5,0x00af1ba51ec44a8b,0x005f39f63e667cd6,0x00058eac4648425e,0x00d7fdab42bea03b,0x0028576a5688de15,0x00af973209e77c10)},
+            {FIELD_LITERAL(0x00c338b915d8fef0,0x00a893292045c39a,0x0028ab4f2eba6887,0x0060743cb519fd61,0x0006213964093ac0,0x007c0b7a43f6266d,0x008e3557c4fa5bda,0x002da976de7b8d9d)},
+            {FIELD_LITERAL(0x0048729f8a8b6dcd,0x00fe23b85cc4d323,0x00e7384d16e4db0e,0x004a423970678942,0x00ec0b763345d4ba,0x00c477b9f99ed721,0x00c29dad3777b230,0x001c517b466f7df6)},
+        }}, {{
+            {FIELD_LITERAL(0x006366c380f7b574,0x001c7d1f09ff0438,0x003e20a7301f5b22,0x00d3efb1916d28f6,0x0049f4f81060ce83,0x00c69d91ea43ced1,0x002b6f3e5cd269ed,0x005b0fb22ce9ec65)},
+            {FIELD_LITERAL(0x00aa2261022d883f,0x00ebcca4548010ac,0x002528512e28a437,0x0070ca7676b66082,0x0084bda170f7c6d3,0x00581b4747c9b8bb,0x005c96a01061c7e2,0x00fb7c4a362b5273)},
+            {FIELD_LITERAL(0x00c30020eb512d02,0x0060f288283a4d26,0x00b7ed13becde260,0x0075ebb74220f6e9,0x00701079fcfe8a1f,0x001c28fcdff58938,0x002e4544b8f4df6b,0x0060c5bc4f1a7d73)},
+        }}, {{
+            {FIELD_LITERAL(0x00ae307cf069f701,0x005859f222dd618b,0x00212d6c46ec0b0d,0x00a0fe4642afb62d,0x00420d8e4a0a8903,0x00a80ff639bdf7b0,0x0019bee1490b5d8e,0x007439e4b9c27a86)},
+            {FIELD_LITERAL(0x00a94700032a093f,0x0076e96c225216e7,0x00a63a4316e45f91,0x007d8bbb4645d3b2,0x00340a6ff22793eb,0x006f935d4572aeb7,0x00b1fb69f00afa28,0x009e8f3423161ed3)},
+            {FIELD_LITERAL(0x009ef49c6b5ced17,0x00a555e6269e9f0a,0x007e6f1d79ec73b5,0x009ac78695a32ac4,0x0001d77fbbcd5682,0x008cea1fee0aaeed,0x00f42bea82a53462,0x002e46ab96cafcc9)},
+        }}, {{
+            {FIELD_LITERAL(0x0051cfcc5885377a,0x00dce566cb1803ca,0x00430c7643f2c7d4,0x00dce1a1337bdcc0,0x0010d5bd7283c128,0x003b1b547f9b46fe,0x000f245e37e770ab,0x007b72511f022b37)},
+            {FIELD_LITERAL(0x0060db815bc4786c,0x006fab25beedc434,0x00c610d06084797c,0x000c48f08537bec0,0x0031aba51c5b93da,0x007968fa6e01f347,0x0030070da52840c6,0x00c043c225a4837f)},
+            {FIELD_LITERAL(0x001bcfd00649ee93,0x006dceb47e2a0fd5,0x00f2cebda0cf8fd0,0x00b6b9d9d1fbdec3,0x00815262e6490611,0x00ef7f5ce3176760,0x00e49cd0c998d58b,0x005fc6cc269ba57c)},
+        }}, {{
+            {FIELD_LITERAL(0x008940211aa0d633,0x00addae28136571d,0x00d68fdbba20d673,0x003bc6129bc9e21a,0x000346cf184ebe9a,0x0068774d741ebc7f,0x0019d5e9e6966557,0x0003cbd7f981b651)},
+            {FIELD_LITERAL(0x004a2902926f8d3f,0x00ad79b42637ab75,0x0088f60b90f2d4e8,0x0030f54ef0e398c4,0x00021dc9bf99681e,0x007ebf66fde74ee3,0x004ade654386e9a4,0x00e7485066be4c27)},
+            {FIELD_LITERAL(0x00445f1263983be0,0x004cf371dda45e6a,0x00744a89d5a310e7,0x001f20ce4f904833,0x00e746edebe66e29,0x000912ab1f6c153d,0x00f61d77d9b2444c,0x0001499cd6647610)},
+        }}
+    }
+};
+const struct curve448_precomputed_s *curve448_precomputed_base
+    = &curve448_precomputed_base_table;
+
+static const niels_t curve448_wnaf_base_table[32] = {
+    {{
+        {FIELD_LITERAL(0x00303cda6feea532,0x00860f1d5a3850e4,0x00226b9fa4728ccd,0x00e822938a0a0c0c,0x00263a61c9ea9216,0x001204029321b828,0x006a468360983c65,0x0002846f0a782143)},
+        {FIELD_LITERAL(0x00303cda6feea532,0x00860f1d5a3850e4,0x00226b9fa4728ccd,0x006822938a0a0c0c,0x00263a61c9ea9215,0x001204029321b828,0x006a468360983c65,0x0082846f0a782143)},
+        {FIELD_LITERAL(0x00ef8e22b275198d,0x00b0eb141a0b0e8b,0x001f6789da3cb38c,0x006d2ff8ed39073e,0x00610bdb69a167f3,0x00571f306c9689b4,0x00f557e6f84b2df8,0x002affd38b2c86db)},
+    }}, {{
+        {FIELD_LITERAL(0x00cea0fc8d2e88b5,0x00821612d69f1862,0x0074c283b3e67522,0x005a195ba05a876d,0x000cddfe557feea4,0x008046c795bcc5e5,0x00540969f4d6e119,0x00d27f96d6b143d5)},
+        {FIELD_LITERAL(0x000c3b1019d474e8,0x00e19533e4952284,0x00cc9810ba7c920a,0x00f103d2785945ac,0x00bfa5696cc69b34,0x00a8d3d51e9ca839,0x005623cb459586b9,0x00eae7ce1cd52e9e)},
+        {FIELD_LITERAL(0x0005a178751dd7d8,0x002cc3844c69c42f,0x00acbfe5efe10539,0x009c20f43431a65a,0x008435d96374a7b3,0x009ee57566877bd3,0x0044691725ed4757,0x001e87bb2fe2c6b2)},
+    }}, {{
+        {FIELD_LITERAL(0x000cedc4debf7a04,0x002ffa45000470ac,0x002e9f9678201915,0x0017da1208c4fe72,0x007d558cc7d656cb,0x0037a827287cf289,0x00142472d3441819,0x009c21f166cf8dd1)},
+        {FIELD_LITERAL(0x003ef83af164b2f2,0x000949a5a0525d0d,0x00f4498186cac051,0x00e77ac09ef126d2,0x0073ae0b2c9296e9,0x001c163f6922e3ed,0x0062946159321bea,0x00cfb79b22990b39)},
+        {FIELD_LITERAL(0x00b001431ca9e654,0x002d7e5eabcc9a3a,0x0052e8114c2f6747,0x0079ac4f94487f92,0x00bffd919b5d749c,0x00261f92ad15e620,0x00718397b7a97895,0x00c1443e6ebbc0c4)},
+    }}, {{
+        {FIELD_LITERAL(0x00eacd90c1e0a049,0x008977935b149fbe,0x0004cb9ba11c93dc,0x009fbd5b3470844d,0x004bc18c9bfc22cf,0x0057679a991839f3,0x00ef15b76fb4092e,0x0074a5173a225041)},
+        {FIELD_LITERAL(0x003f5f9d7ec4777b,0x00ab2e733c919c94,0x001bb6c035245ae5,0x00a325a49a883630,0x0033e9a9ea3cea2f,0x00e442a1eaa0e844,0x00b2116d5b0e71b8,0x00c16abed6d64047)},
+        {FIELD_LITERAL(0x00c560b5ed051165,0x001945adc5d65094,0x00e221865710f910,0x00cc12bc9e9b8ceb,0x004faa9518914e35,0x0017476d89d42f6d,0x00b8f637c8fa1c8b,0x0088c7d2790864b8)},
+    }}, {{
+        {FIELD_LITERAL(0x00ef7eafc1c69be6,0x0085d3855778fbea,0x002c8d5b450cb6f5,0x004e77de5e1e7fec,0x0047c057893abded,0x001b430b85d51e16,0x00965c7b45640c3c,0x00487b2bb1162b97)},
+        {FIELD_LITERAL(0x0099c73a311beec2,0x00a3eff38d8912ad,0x002efa9d1d7e8972,0x00f717ae1e14d126,0x002833f795850c8b,0x0066c12ad71486bd,0x00ae9889da4820eb,0x00d6044309555c08)},
+        {FIELD_LITERAL(0x004b1c5283d15e41,0x00669d8ea308ff75,0x0004390233f762a1,0x00e1d67b83cb6cec,0x003eebaa964c78b1,0x006b0aff965eb664,0x00b313d4470bdc37,0x008814ffcb3cb9d8)},
+    }}, {{
+        {FIELD_LITERAL(0x009724b8ce68db70,0x007678b5ed006f3d,0x00bdf4b89c0abd73,0x00299748e04c7c6d,0x00ddd86492c3c977,0x00c5a7febfa30a99,0x00ed84715b4b02bb,0x00319568adf70486)},
+        {FIELD_LITERAL(0x0070ff2d864de5bb,0x005a37eeb637ee95,0x0033741c258de160,0x00e6ca5cb1988f46,0x001ceabd92a24661,0x0030957bd500fe40,0x001c3362afe912c5,0x005187889f678bd2)},
+        {FIELD_LITERAL(0x0086835fc62bbdc7,0x009c3516ca4910a1,0x00956c71f8d00783,0x0095c78fcf63235f,0x00fc7ff6ba05c222,0x00cdd8b3f8d74a52,0x00ac5ae16de8256e,0x00e9d4be8ed48624)},
+    }}, {{
+        {FIELD_LITERAL(0x00c0ce11405df2d8,0x004e3f37b293d7b6,0x002410172e1ac6db,0x00b8dbff4bf8143d,0x003a7b409d56eb66,0x003e0f6a0dfef9af,0x0081c4e4d3645be1,0x00ce76076b127623)},
+        {FIELD_LITERAL(0x00f6ee0f98974239,0x0042d89af07d3a4f,0x00846b7fe84346b5,0x006a21fc6a8d39a1,0x00ac8bc2541ff2d9,0x006d4e2a77732732,0x009a39b694cc3f2f,0x0085c0aa2a404c8f)},
+        {FIELD_LITERAL(0x00b261101a218548,0x00c1cae96424277b,0x00869da0a77dd268,0x00bc0b09f8ec83ea,0x00d61027f8e82ba9,0x00aa4c85999dce67,0x00eac3132b9f3fe1,0x00fb9b0cf1c695d2)},
+    }}, {{
+        {FIELD_LITERAL(0x0043079295512f0d,0x0046a009861758e0,0x003ee2842a807378,0x0034cc9d1298e4fa,0x009744eb4d31b3ee,0x00afacec96650cd0,0x00ac891b313761ae,0x00e864d6d26e708a)},
+        {FIELD_LITERAL(0x00a84d7c8a23b491,0x0088e19aa868b27f,0x0005986d43e78ce9,0x00f28012f0606d28,0x0017ded7e10249b3,0x005ed4084b23af9b,0x00b9b0a940564472,0x00ad9056cceeb1f4)},
+        {FIELD_LITERAL(0x00db91b357fe755e,0x00a1aa544b15359c,0x00af4931a0195574,0x007686124fe11aef,0x00d1ead3c7b9ef7e,0x00aaf5fc580f8c15,0x00e727be147ee1ec,0x003c61c1e1577b86)},
+    }}, {{
+        {FIELD_LITERAL(0x009d3fca983220cf,0x00cd11acbc853dc4,0x0017590409d27f1d,0x00d2176698082802,0x00fa01251b2838c8,0x00dd297a0d9b51c6,0x00d76c92c045820a,0x00534bc7c46c9033)},
+        {FIELD_LITERAL(0x0080ed9bc9b07338,0x00fceac7745d2652,0x008a9d55f5f2cc69,0x0096ce72df301ac5,0x00f53232e7974d87,0x0071728c7ae73947,0x0090507602570778,0x00cb81cfd883b1b2)},
+        {FIELD_LITERAL(0x005011aadea373da,0x003a8578ec896034,0x00f20a6535fa6d71,0x005152d31e5a87cf,0x002bac1c8e68ca31,0x00b0e323db4c1381,0x00f1d596b7d5ae25,0x00eae458097cb4e0)},
+    }}, {{
+        {FIELD_LITERAL(0x00920ac80f9b0d21,0x00f80f7f73401246,0x0086d37849b557d6,0x0002bd4b317b752e,0x00b26463993a42bb,0x002070422a73b129,0x00341acaa0380cb3,0x00541914dd66a1b2)},
+        {FIELD_LITERAL(0x00c1513cd66abe8c,0x000139e01118944d,0x0064abbcb8080bbb,0x00b3b08202473142,0x00c629ef25da2403,0x00f0aec3310d9b7f,0x0050b2227472d8cd,0x00f6c8a922d41fb4)},
+        {FIELD_LITERAL(0x001075ccf26b7b1f,0x00bb6bb213170433,0x00e9491ad262da79,0x009ef4f48d2d384c,0x008992770766f09d,0x001584396b6b1101,0x00af3f8676c9feef,0x0024603c40269118)},
+    }}, {{
+        {FIELD_LITERAL(0x009dd7b31319527c,0x001e7ac948d873a9,0x00fa54b46ef9673a,0x0066efb8d5b02fe6,0x00754b1d3928aeae,0x0004262ac72a6f6b,0x0079b7d49a6eb026,0x003126a753540102)},
+        {FIELD_LITERAL(0x009666e24f693947,0x00f714311269d45f,0x0010ffac1d0c851c,0x0066e80c37363497,0x00f1f4ad010c60b0,0x0015c87408470ff7,0x00651d5e9c7766a4,0x008138819d7116de)},
+        {FIELD_LITERAL(0x003934b11c57253b,0x00ef308edf21f46e,0x00e54e99c7a16198,0x0080d57135764e63,0x00751c27b946bc24,0x00dd389ce4e9e129,0x00a1a2bfd1cd84dc,0x002fae73e5149b32)},
+    }}, {{
+        {FIELD_LITERAL(0x00911657dffb4cdd,0x00c100b7cc553d06,0x00449d075ec467cc,0x007062100bc64e70,0x0043cf86f7bd21e7,0x00f401dc4b797dea,0x005224afb2f62e65,0x00d1ede3fb5a42be)},
+        {FIELD_LITERAL(0x00f2ba36a41aa144,0x00a0c22d946ee18f,0x008aae8ef9a14f99,0x00eef4d79b19bb36,0x008e75ce3d27b1fc,0x00a65daa03b29a27,0x00d9cc83684eb145,0x009e1ed80cc2ed74)},
+        {FIELD_LITERAL(0x00bed953d1997988,0x00b93ed175a24128,0x00871c5963fb6365,0x00ca2df20014a787,0x00f5d9c1d0b34322,0x00f6f5942818db0a,0x004cc091f49c9906,0x00e8a188a60bff9f)},
+    }}, {{
+        {FIELD_LITERAL(0x0032c7762032fae8,0x00e4087232e0bc21,0x00f767344b6e8d85,0x00bbf369b76c2aa2,0x008a1f46c6e1570c,0x001368cd9780369f,0x007359a39d079430,0x0003646512921434)},
+        {FIELD_LITERAL(0x007c4b47ca7c73e7,0x005396221039734b,0x008b64ddf0e45d7e,0x00bfad5af285e6c2,0x008ec711c5b1a1a8,0x00cf663301237f98,0x00917ee3f1655126,0x004152f337efedd8)},
+        {FIELD_LITERAL(0x0007c7edc9305daa,0x000a6664f273701c,0x00f6e78795e200b1,0x005d05b9ecd2473e,0x0014f5f17c865786,0x00c7fd2d166fa995,0x004939a2d8eb80e0,0x002244ba0942c199)},
+    }}, {{
+        {FIELD_LITERAL(0x00321e767f0262cf,0x002e57d776caf68e,0x00bf2c94814f0437,0x00c339196acd622f,0x001db4cce71e2770,0x001ded5ddba6eee2,0x0078608ab1554c8d,0x00067fe0ab76365b)},
+        {FIELD_LITERAL(0x00f09758e11e3985,0x00169efdbd64fad3,0x00e8889b7d6dacd6,0x0035cdd58ea88209,0x00bcda47586d7f49,0x003cdddcb2879088,0x0016da70187e954b,0x009556ea2e92aacd)},
+        {FIELD_LITERAL(0x008cab16bd1ff897,0x00b389972cdf753f,0x00ea8ed1e46dfdc0,0x004fe7ef94c589f4,0x002b8ae9b805ecf3,0x0025c08d892874a5,0x0023938e98d44c4c,0x00f759134cabf69c)},
+    }}, {{
+        {FIELD_LITERAL(0x006c2a84678e4b3b,0x007a194aacd1868f,0x00ed0225af424761,0x00da0a6f293c64b8,0x001062ac5c6a7a18,0x0030f5775a8aeef4,0x0002acaad76b7af0,0x00410b8fd63a579f)},
+        {FIELD_LITERAL(0x001ec59db3d9590e,0x001e9e3f1c3f182d,0x0045a9c3ec2cab14,0x0008198572aeb673,0x00773b74068bd167,0x0012535eaa395434,0x0044dba9e3bbb74a,0x002fba4d3c74bd0e)},
+        {FIELD_LITERAL(0x0042bf08fe66922c,0x003318b8fbb49e8c,0x00d75946004aa14c,0x00f601586b42bf1c,0x00c74cf1d912fe66,0x00abcb36974b30ad,0x007eb78720c9d2b8,0x009f54ab7bd4df85)},
+    }}, {{
+        {FIELD_LITERAL(0x00db9fc948f73826,0x00fa8b3746ed8ee9,0x00132cb65aafbeb2,0x00c36ff3fe7925b8,0x00837daed353d2fe,0x00ec661be0667cf4,0x005beb8ed2e90204,0x00d77dd69e564967)},
+        {FIELD_LITERAL(0x0042e6268b861751,0x0008dd0469500c16,0x00b51b57c338a3fd,0x00cc4497d85cff6b,0x002f13d6b57c34a4,0x0083652eaf301105,0x00cc344294cc93a8,0x0060f4d02810e270)},
+        {FIELD_LITERAL(0x00a8954363cd518b,0x00ad171124bccb7b,0x0065f46a4adaae00,0x001b1a5b2a96e500,0x0043fe24f8233285,0x0066996d8ae1f2c3,0x00c530f3264169f9,0x00c0f92d07cf6a57)},
+    }}, {{
+        {FIELD_LITERAL(0x0036a55c6815d943,0x008c8d1def993db3,0x002e0e1e8ff7318f,0x00d883a4b92db00a,0x002f5e781ae33906,0x001a72adb235c06d,0x00f2e59e736e9caa,0x001a4b58e3031914)},
+        {FIELD_LITERAL(0x00d73bfae5e00844,0x00bf459766fb5f52,0x0061b4f5a5313cde,0x004392d4c3b95514,0x000d3551b1077523,0x0000998840ee5d71,0x006de6e340448b7b,0x00251aa504875d6e)},
+        {FIELD_LITERAL(0x003bf343427ac342,0x00adc0a78642b8c5,0x0003b893175a8314,0x0061a34ade5703bc,0x00ea3ea8bb71d632,0x00be0df9a1f198c2,0x0046dd8e7c1635fb,0x00f1523fdd25d5e5)},
+    }}, {{
+        {FIELD_LITERAL(0x00633f63fc9dd406,0x00e713ff80e04a43,0x0060c6e970f2d621,0x00a57cd7f0df1891,0x00f2406a550650bb,0x00b064290efdc684,0x001eab0144d17916,0x00cd15f863c293ab)},
+        {FIELD_LITERAL(0x0029cec55273f70d,0x007044ee275c6340,0x0040f637a93015e2,0x00338bb78db5aae9,0x001491b2a6132147,0x00a125d6cfe6bde3,0x005f7ac561ba8669,0x001d5eaea3fbaacf)},
+        {FIELD_LITERAL(0x00054e9635e3be31,0x000e43f31e2872be,0x00d05b1c9e339841,0x006fac50bd81fd98,0x00cdc7852eaebb09,0x004ff519b061991b,0x009099e8107d4c85,0x00273e24c36a4a61)},
+    }}, {{
+        {FIELD_LITERAL(0x00070b4441ef2c46,0x00efa5b02801a109,0x00bf0b8c3ee64adf,0x008a67e0b3452e98,0x001916b1f2fa7a74,0x00d781a78ff6cdc3,0x008682ce57e5c919,0x00cc1109dd210da3)},
+        {FIELD_LITERAL(0x00cae8aaff388663,0x005e983a35dda1c7,0x007ab1030d8e37f4,0x00e48940f5d032fe,0x006a36f9ef30b331,0x009be6f03958c757,0x0086231ceba91400,0x008bd0f7b823e7aa)},
+        {FIELD_LITERAL(0x00cf881ebef5a45a,0x004ebea78e7c6f2c,0x0090da9209cf26a0,0x00de2b2e4c775b84,0x0071d6031c3c15ae,0x00d9e927ef177d70,0x00894ee8c23896fd,0x00e3b3b401e41aad)},
+    }}, {{
+        {FIELD_LITERAL(0x00204fef26864170,0x00819269c5dee0f8,0x00bfb4713ec97966,0x0026339a6f34df78,0x001f26e64c761dc2,0x00effe3af313cb60,0x00e17b70138f601b,0x00f16e1ccd9ede5e)},
+        {FIELD_LITERAL(0x005d9a8353fdb2db,0x0055cc2048c698f0,0x00f6c4ac89657218,0x00525034d73faeb2,0x00435776fbda3c7d,0x0070ea5312323cbc,0x007a105d44d069fb,0x006dbc8d6dc786aa)},
+        {FIELD_LITERAL(0x0017cff19cd394ec,0x00fef7b810922587,0x00e6483970dff548,0x00ddf36ad6874264,0x00e61778523fcce2,0x0093a66c0c93b24a,0x00fd367114db7f86,0x007652d7ddce26dd)},
+    }}, {{
+        {FIELD_LITERAL(0x00d92ced7ba12843,0x00aea9c7771e86e7,0x0046639693354f7b,0x00a628dbb6a80c47,0x003a0b0507372953,0x00421113ab45c0d9,0x00e545f08362ab7a,0x0028ce087b4d6d96)},
+        {FIELD_LITERAL(0x00a67ee7cf9f99eb,0x005713b275f2ff68,0x00f1d536a841513d,0x00823b59b024712e,0x009c46b9d0d38cec,0x00cdb1595aa2d7d4,0x008375b3423d9af8,0x000ab0b516d978f7)},
+        {FIELD_LITERAL(0x00428dcb3c510b0f,0x00585607ea24bb4e,0x003736bf1603687a,0x00c47e568c4fe3c7,0x003cd00282848605,0x0043a487c3b91939,0x004ffc04e1095a06,0x00a4c989a3d4b918)},
+    }}, {{
+        {FIELD_LITERAL(0x00a8778d0e429f7a,0x004c02b059105a68,0x0016653b609da3ff,0x00d5107bd1a12d27,0x00b4708f9a771cab,0x00bb63b662033f69,0x0072f322240e7215,0x0019445b59c69222)},
+        {FIELD_LITERAL(0x00cf4f6069a658e6,0x0053ca52859436a6,0x0064b994d7e3e117,0x00cb469b9a07f534,0x00cfb68f399e9d47,0x00f0dcb8dac1c6e7,0x00f2ab67f538b3a5,0x0055544f178ab975)},
+        {FIELD_LITERAL(0x0099b7a2685d538c,0x00e2f1897b7c0018,0x003adac8ce48dae3,0x00089276d5c50c0c,0x00172fca07ad6717,0x00cb1a72f54069e5,0x004ee42f133545b3,0x00785f8651362f16)},
+    }}, {{
+        {FIELD_LITERAL(0x0049cbac38509e11,0x0015234505d42cdf,0x00794fb0b5840f1c,0x00496437344045a5,0x0031b6d944e4f9b0,0x00b207318ac1f5d8,0x0000c840da7f5c5d,0x00526f373a5c8814)},
+        {FIELD_LITERAL(0x002c7b7742d1dfd9,0x002cabeb18623c01,0x00055f5e3e044446,0x006c20f3b4ef54ba,0x00c600141ec6b35f,0x00354f437f1a32a3,0x00bac4624a3520f9,0x00c483f734a90691)},
+        {FIELD_LITERAL(0x0053a737d422918d,0x00f7fca1d8758625,0x00c360336dadb04c,0x00f38e3d9158a1b8,0x0069ce3b418e84c6,0x005d1697eca16ead,0x00f8bd6a35ece13d,0x007885dfc2b5afea)},
+    }}, {{
+        {FIELD_LITERAL(0x00c3617ae260776c,0x00b20dc3e96922d7,0x00a1a7802246706a,0x00ca6505a5240244,0x002246b62d919782,0x001439102d7aa9b3,0x00e8af1139e6422c,0x00c888d1b52f2b05)},
+        {FIELD_LITERAL(0x005b67690ffd41d9,0x005294f28df516f9,0x00a879272412fcb9,0x00098b629a6d1c8d,0x00fabd3c8050865a,0x00cd7e5b0a3879c5,0x00153238210f3423,0x00357cac101e9f42)},
+        {FIELD_LITERAL(0x008917b454444fb7,0x00f59247c97e441b,0x00a6200a6815152d,0x0009a4228601d254,0x001c0360559bd374,0x007563362039cb36,0x00bd75b48d74e32b,0x0017f515ac3499e8)},
+    }}, {{
+        {FIELD_LITERAL(0x001532a7ffe41c5a,0x00eb1edce358d6bf,0x00ddbacc7b678a7b,0x008a7b70f3c841a3,0x00f1923bf27d3f4c,0x000b2713ed8f7873,0x00aaf67e29047902,0x0044994a70b3976d)},
+        {FIELD_LITERAL(0x00d54e802082d42c,0x00a55aa0dce7cc6c,0x006477b96073f146,0x0082efe4ceb43594,0x00a922bcba026845,0x0077f19d1ab75182,0x00c2bb2737846e59,0x0004d7eec791dd33)},
+        {FIELD_LITERAL(0x0044588d1a81d680,0x00b0a9097208e4f8,0x00212605350dc57e,0x0028717cd2871123,0x00fb083c100fd979,0x0045a056ce063fdf,0x00a5d604b4dd6a41,0x001dabc08ba4e236)},
+    }}, {{
+        {FIELD_LITERAL(0x00c4887198d7a7fa,0x00244f98fb45784a,0x0045911e15a15d01,0x001d323d374c0966,0x00967c3915196562,0x0039373abd2f3c67,0x000d2c5614312423,0x0041cf2215442ce3)},
+        {FIELD_LITERAL(0x008ede889ada7f06,0x001611e91de2e135,0x00fdb9a458a471b9,0x00563484e03710d1,0x0031cc81925e3070,0x0062c97b3af80005,0x00fa733eea28edeb,0x00e82457e1ebbc88)},
+        {FIELD_LITERAL(0x006a0df5fe9b6f59,0x00a0d4ff46040d92,0x004a7cedb6f93250,0x00d1df8855b8c357,0x00e73a46086fd058,0x0048fb0add6dfe59,0x001e03a28f1b4e3d,0x00a871c993308d76)},
+    }}, {{
+        {FIELD_LITERAL(0x0030dbb2d1766ec8,0x00586c0ad138555e,0x00d1a34f9e91c77c,0x0063408ad0e89014,0x00d61231b05f6f5b,0x0009abf569f5fd8a,0x00aec67a110f1c43,0x0031d1a790938dd7)},
+        {FIELD_LITERAL(0x006cded841e2a862,0x00198d60af0ab6fb,0x0018f09db809e750,0x004e6ac676016263,0x00eafcd1620969cb,0x002c9784ca34917d,0x0054f00079796de7,0x00d9fab5c5972204)},
+        {FIELD_LITERAL(0x004bd0fee2438a83,0x00b571e62b0f83bd,0x0059287d7ce74800,0x00fb3631b645c3f0,0x00a018e977f78494,0x0091e27065c27b12,0x007696c1817165e0,0x008c40be7c45ba3a)},
+    }}, {{
+        {FIELD_LITERAL(0x00a0f326327cb684,0x001c7d0f672680ff,0x008c1c81ffb112d1,0x00f8f801674eddc8,0x00e926d5d48c2a9d,0x005bd6d954c6fe9a,0x004c6b24b4e33703,0x00d05eb5c09105cc)},
+        {FIELD_LITERAL(0x00d61731caacf2cf,0x002df0c7609e01c5,0x00306172208b1e2b,0x00b413fe4fb2b686,0x00826d360902a221,0x003f8d056e67e7f7,0x0065025b0175e989,0x00369add117865eb)},
+        {FIELD_LITERAL(0x00aaf895aec2fa11,0x000f892bc313eb52,0x005b1c794dad050b,0x003f8ec4864cec14,0x00af81058d0b90e5,0x00ebe43e183997bb,0x00a9d610f9f3e615,0x007acd8eec2e88d3)},
+    }}, {{
+        {FIELD_LITERAL(0x0049b2fab13812a3,0x00846db32cd60431,0x000177fa578c8d6c,0x00047d0e2ad4bc51,0x00b158ba38d1e588,0x006a45daad79e3f3,0x000997b93cab887b,0x00c47ea42fa23dc3)},
+        {FIELD_LITERAL(0x0012b6fef7aeb1ca,0x009412768194b6a7,0x00ff0d351f23ab93,0x007e8a14c1aff71b,0x006c1c0170c512bc,0x0016243ea02ab2e5,0x007bb6865b303f3e,0x0015ce6b29b159f4)},
+        {FIELD_LITERAL(0x009961cd02e68108,0x00e2035d3a1d0836,0x005d51f69b5e1a1d,0x004bccb4ea36edcd,0x0069be6a7aeef268,0x0063f4dd9de8d5a7,0x006283783092ca35,0x0075a31af2c35409)},
+    }}, {{
+        {FIELD_LITERAL(0x00c412365162e8cf,0x00012283fb34388a,0x003e6543babf39e2,0x00eead6b3a804978,0x0099c0314e8b326f,0x00e98e0a8d477a4f,0x00d2eb96b127a687,0x00ed8d7df87571bb)},
+        {FIELD_LITERAL(0x00777463e308cacf,0x00c8acb93950132d,0x00ebddbf4ca48b2c,0x0026ad7ca0795a0a,0x00f99a3d9a715064,0x000d60bcf9d4dfcc,0x005e65a73a437a06,0x0019d536a8db56c8)},
+        {FIELD_LITERAL(0x00192d7dd558d135,0x0027cd6a8323ffa7,0x00239f1a412dc1e7,0x0046b4b3be74fc5c,0x0020c47a2bef5bce,0x00aa17e48f43862b,0x00f7e26c96342e5f,0x0008011c530f39a9)},
+    }}, {{
+        {FIELD_LITERAL(0x00aad4ac569bf0f1,0x00a67adc90b27740,0x0048551369a5751a,0x0031252584a3306a,0x0084e15df770e6fc,0x00d7bba1c74b5805,0x00a80ef223af1012,0x0089c85ceb843a34)},
+        {FIELD_LITERAL(0x00c4545be4a54004,0x0099e11f60357e6c,0x001f3936d19515a6,0x007793df84341a6e,0x0051061886717ffa,0x00e9b0a660b28f85,0x0044ea685892de0d,0x000257d2a1fda9d9)},
+        {FIELD_LITERAL(0x007e8b01b24ac8a8,0x006cf3b0b5ca1337,0x00f1607d3e36a570,0x0039b7fab82991a1,0x00231777065840c5,0x00998e5afdd346f9,0x00b7dc3e64acc85f,0x00baacc748013ad6)},
+    }}, {{
+        {FIELD_LITERAL(0x008ea6a4177580bf,0x005fa1953e3f0378,0x005fe409ac74d614,0x00452327f477e047,0x00a4018507fb6073,0x007b6e71951caac8,0x0012b42ab8a6ce91,0x0080eca677294ab7)},
+        {FIELD_LITERAL(0x00a53edc023ba69b,0x00c6afa83ddde2e8,0x00c3f638b307b14e,0x004a357a64414062,0x00e4d94d8b582dc9,0x001739caf71695b7,0x0012431b2ae28de1,0x003b6bc98682907c)},
+        {FIELD_LITERAL(0x008a9a93be1f99d6,0x0079fa627cc699c8,0x00b0cfb134ba84c8,0x001c4b778249419a,0x00df4ab3d9c44f40,0x009f596e6c1a9e3c,0x001979c0df237316,0x00501e953a919b87)},
+    }}
+};
+const niels_t *curve448_wnaf_base = curve448_wnaf_base_table;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/curve448utils.h b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/curve448utils.h
new file mode 100644
index 000000000..9bf837993
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/curve448utils.h
@@ -0,0 +1,78 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015 Cryptography Research, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Mike Hamburg
+ */
+
+#ifndef HEADER_CURVE448UTILS_H
+# define HEADER_CURVE448UTILS_H
+
+# include <openssl/e_os2.h>
+
+/*
+ * Internal word types. Somewhat tricky.  This could be decided separately per
+ * platform.  However, the structs do need to be all the same size and
+ * alignment on a given platform to support dynamic linking, since even if you
+ * header was built with eg arch_neon, you might end up linking a library built
+ * with arch_arm32.
+ */
+# ifndef C448_WORD_BITS
+#  if (defined(__SIZEOF_INT128__) && (__SIZEOF_INT128__ == 16)) \
+      && !defined(__sparc__)
+#   define C448_WORD_BITS 64      /* The number of bits in a word */
+#  else
+#   define C448_WORD_BITS 32      /* The number of bits in a word */
+#  endif
+# endif
+
+# if C448_WORD_BITS == 64
+/* Word size for internal computations */
+typedef uint64_t c448_word_t;
+/* Signed word size for internal computations */
+typedef int64_t c448_sword_t;
+/* "Boolean" type, will be set to all-zero or all-one (i.e. -1u) */
+typedef uint64_t c448_bool_t;
+/* Double-word size for internal computations */
+typedef __uint128_t c448_dword_t;
+/* Signed double-word size for internal computations */
+typedef __int128_t c448_dsword_t;
+# elif C448_WORD_BITS == 32
+/* Word size for internal computations */
+typedef uint32_t c448_word_t;
+/* Signed word size for internal computations */
+typedef int32_t c448_sword_t;
+/* "Boolean" type, will be set to all-zero or all-one (i.e. -1u) */
+typedef uint32_t c448_bool_t;
+/* Double-word size for internal computations */
+typedef uint64_t c448_dword_t;
+/* Signed double-word size for internal computations */
+typedef int64_t c448_dsword_t;
+# else
+#  error "Only supporting C448_WORD_BITS = 32 or 64 for now"
+# endif
+
+/* C448_TRUE = -1 so that C448_TRUE & x = x */
+# define C448_TRUE      (0 - (c448_bool_t)1)
+
+/* C448_FALSE = 0 so that C448_FALSE & x = 0 */
+# define C448_FALSE     0
+
+/* Another boolean type used to indicate success or failure. */
+typedef enum {
+    C448_SUCCESS = -1, /**< The operation succeeded. */
+    C448_FAILURE = 0   /**< The operation failed. */
+} c448_error_t;
+
+/* Return success if x is true */
+static ossl_inline c448_error_t c448_succeed_if(c448_bool_t x)
+{
+    return (c448_error_t) x;
+}
+
+#endif                          /* __C448_COMMON_H__ */
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/ed448.h b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/ed448.h
new file mode 100644
index 000000000..5fe939e8e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/ed448.h
@@ -0,0 +1,195 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2016 Cryptography Research, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Mike Hamburg
+ */
+
+#ifndef HEADER_ED448_H
+# define HEADER_ED448_H
+
+# include "point_448.h"
+
+/* Number of bytes in an EdDSA public key. */
+# define EDDSA_448_PUBLIC_BYTES 57
+
+/* Number of bytes in an EdDSA private key. */
+# define EDDSA_448_PRIVATE_BYTES EDDSA_448_PUBLIC_BYTES
+
+/* Number of bytes in an EdDSA private key. */
+# define EDDSA_448_SIGNATURE_BYTES (EDDSA_448_PUBLIC_BYTES + \
+                                    EDDSA_448_PRIVATE_BYTES)
+
+/* EdDSA encoding ratio. */
+# define C448_EDDSA_ENCODE_RATIO 4
+
+/* EdDSA decoding ratio. */
+# define C448_EDDSA_DECODE_RATIO (4 / 4)
+
+/*
+ * EdDSA key generation.  This function uses a different (non-Decaf) encoding.
+ *
+ * pubkey (out): The public key.
+ * privkey (in): The private key.
+ */
+c448_error_t c448_ed448_derive_public_key(
+                        uint8_t pubkey [EDDSA_448_PUBLIC_BYTES],
+                        const uint8_t privkey [EDDSA_448_PRIVATE_BYTES]);
+
+/*
+ * EdDSA signing.
+ *
+ * signature (out): The signature.
+ * privkey (in): The private key.
+ * pubkey (in):  The public key.
+ * message (in):  The message to sign.
+ * message_len (in):  The length of the message.
+ * prehashed (in):  Nonzero if the message is actually the hash of something
+ *                  you want to sign.
+ * context (in):  A "context" for this signature of up to 255 bytes.
+ * context_len (in):  Length of the context.
+ *
+ * For Ed25519, it is unsafe to use the same key for both prehashed and
+ * non-prehashed messages, at least without some very careful protocol-level
+ * disambiguation.  For Ed448 it is safe.
+ */
+c448_error_t c448_ed448_sign(
+                        uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
+                        const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
+                        const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
+                        const uint8_t *message, size_t message_len,
+                        uint8_t prehashed, const uint8_t *context,
+                        size_t context_len);
+
+/*
+ * EdDSA signing with prehash.
+ *
+ * signature (out): The signature.
+ * privkey (in): The private key.
+ * pubkey (in): The public key.
+ * hash (in): The hash of the message.  This object will not be modified by the
+ *            call.
+ * context (in): A "context" for this signature of up to 255 bytes.  Must be the
+ *               same as what was used for the prehash.
+ * context_len (in): Length of the context.
+ *
+ * For Ed25519, it is unsafe to use the same key for both prehashed and
+ * non-prehashed messages, at least without some very careful protocol-level
+ * disambiguation.  For Ed448 it is safe.
+ */
+c448_error_t c448_ed448_sign_prehash(
+                        uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
+                        const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
+                        const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
+                        const uint8_t hash[64],
+                        const uint8_t *context,
+                        size_t context_len);
+
+/*
+ * EdDSA signature verification.
+ *
+ * Uses the standard (i.e. less-strict) verification formula.
+ *
+ * signature (in): The signature.
+ * pubkey (in): The public key.
+ * message (in): The message to verify.
+ * message_len (in): The length of the message.
+ * prehashed (in): Nonzero if the message is actually the hash of something you
+ *                 want to verify.
+ * context (in): A "context" for this signature of up to 255 bytes.
+ * context_len (in): Length of the context.
+ *
+ * For Ed25519, it is unsafe to use the same key for both prehashed and
+ * non-prehashed messages, at least without some very careful protocol-level
+ * disambiguation.  For Ed448 it is safe.
+ */
+c448_error_t c448_ed448_verify(const uint8_t
+                                 signature[EDDSA_448_SIGNATURE_BYTES],
+                                 const uint8_t
+                                 pubkey[EDDSA_448_PUBLIC_BYTES],
+                                 const uint8_t *message, size_t message_len,
+                                 uint8_t prehashed, const uint8_t *context,
+                                 uint8_t context_len);
+
+/*
+ * EdDSA signature verification.
+ *
+ * Uses the standard (i.e. less-strict) verification formula.
+ *
+ * signature (in): The signature.
+ * pubkey (in): The public key.
+ * hash (in): The hash of the message.  This object will not be modified by the
+ *            call.
+ * context (in): A "context" for this signature of up to 255 bytes.  Must be the
+ *               same as what was used for the prehash.
+ * context_len (in): Length of the context.
+ *
+ * For Ed25519, it is unsafe to use the same key for both prehashed and
+ * non-prehashed messages, at least without some very careful protocol-level
+ * disambiguation.  For Ed448 it is safe.
+ */
+c448_error_t c448_ed448_verify_prehash(
+                    const uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
+                    const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
+                    const uint8_t hash[64],
+                    const uint8_t *context,
+                    uint8_t context_len);
+
+/*
+ * EdDSA point encoding.  Used internally, exposed externally.
+ * Multiplies by C448_EDDSA_ENCODE_RATIO first.
+ *
+ * The multiplication is required because the EdDSA encoding represents
+ * the cofactor information, but the Decaf encoding ignores it (which
+ * is the whole point).  So if you decode from EdDSA and re-encode to
+ * EdDSA, the cofactor info must get cleared, because the intermediate
+ * representation doesn't track it.
+ *
+ * The way we handle this is to multiply by C448_EDDSA_DECODE_RATIO when
+ * decoding, and by C448_EDDSA_ENCODE_RATIO when encoding.  The product of
+ * these ratios is always exactly the cofactor 4, so the cofactor ends up
+ * cleared one way or another.  But exactly how that shakes out depends on the
+ * base points specified in RFC 8032.
+ *
+ * The upshot is that if you pass the Decaf/Ristretto base point to
+ * this function, you will get C448_EDDSA_ENCODE_RATIO times the
+ * EdDSA base point.
+ *
+ * enc (out): The encoded point.
+ * p (in): The point.
+ */
+void curve448_point_mul_by_ratio_and_encode_like_eddsa(
+                                    uint8_t enc [EDDSA_448_PUBLIC_BYTES],
+                                    const curve448_point_t p);
+
+/*
+ * EdDSA point decoding.  Multiplies by C448_EDDSA_DECODE_RATIO, and
+ * ignores cofactor information.
+ *
+ * See notes on curve448_point_mul_by_ratio_and_encode_like_eddsa
+ *
+ * enc (out): The encoded point.
+ * p (in): The point.
+ */
+c448_error_t curve448_point_decode_like_eddsa_and_mul_by_ratio(
+                            curve448_point_t p,
+                            const uint8_t enc[EDDSA_448_PUBLIC_BYTES]);
+
+/*
+ * EdDSA to ECDH private key conversion
+ * Using the appropriate hash function, hash the EdDSA private key
+ * and keep only the lower bytes to get the ECDH private key
+ *
+ * x (out): The ECDH private key as in RFC7748
+ * ed (in): The EdDSA private key
+ */
+c448_error_t c448_ed448_convert_private_key_to_x448(
+                            uint8_t x[X448_PRIVATE_BYTES],
+                            const uint8_t ed[EDDSA_448_PRIVATE_BYTES]);
+
+#endif                          /* HEADER_ED448_H */
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/eddsa.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/eddsa.c
new file mode 100644
index 000000000..b28f7dff9
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/eddsa.c
@@ -0,0 +1,372 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2016 Cryptography Research, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Mike Hamburg
+ */
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/evp.h>
+#include "curve448_lcl.h"
+#include "word.h"
+#include "ed448.h"
+#include "internal/numbers.h"
+
+#define COFACTOR 4
+
+static c448_error_t oneshot_hash(uint8_t *out, size_t outlen,
+                                 const uint8_t *in, size_t inlen)
+{
+    EVP_MD_CTX *hashctx = EVP_MD_CTX_new();
+
+    if (hashctx == NULL)
+        return C448_FAILURE;
+
+    if (!EVP_DigestInit_ex(hashctx, EVP_shake256(), NULL)
+            || !EVP_DigestUpdate(hashctx, in, inlen)
+            || !EVP_DigestFinalXOF(hashctx, out, outlen)) {
+        EVP_MD_CTX_free(hashctx);
+        return C448_FAILURE;
+    }
+
+    EVP_MD_CTX_free(hashctx);
+    return C448_SUCCESS;
+}
+
+static void clamp(uint8_t secret_scalar_ser[EDDSA_448_PRIVATE_BYTES])
+{
+    secret_scalar_ser[0] &= -COFACTOR;
+    secret_scalar_ser[EDDSA_448_PRIVATE_BYTES - 1] = 0;
+    secret_scalar_ser[EDDSA_448_PRIVATE_BYTES - 2] |= 0x80;
+}
+
+static c448_error_t hash_init_with_dom(EVP_MD_CTX *hashctx, uint8_t prehashed,
+                                       uint8_t for_prehash,
+                                       const uint8_t *context,
+                                       size_t context_len)
+{
+    const char *dom_s = "SigEd448";
+    uint8_t dom[2];
+
+    if (context_len > UINT8_MAX)
+        return C448_FAILURE;
+
+    dom[0] = (uint8_t)(2 - (prehashed == 0 ? 1 : 0)
+                       - (for_prehash == 0 ? 1 : 0));
+    dom[1] = (uint8_t)context_len;
+
+    if (!EVP_DigestInit_ex(hashctx, EVP_shake256(), NULL)
+            || !EVP_DigestUpdate(hashctx, dom_s, strlen(dom_s))
+            || !EVP_DigestUpdate(hashctx, dom, sizeof(dom))
+            || !EVP_DigestUpdate(hashctx, context, context_len))
+        return C448_FAILURE;
+
+    return C448_SUCCESS;
+}
+
+/* In this file because it uses the hash */
+c448_error_t c448_ed448_convert_private_key_to_x448(
+                            uint8_t x[X448_PRIVATE_BYTES],
+                            const uint8_t ed [EDDSA_448_PRIVATE_BYTES])
+{
+    /* pass the private key through oneshot_hash function */
+    /* and keep the first X448_PRIVATE_BYTES bytes */
+    return oneshot_hash(x, X448_PRIVATE_BYTES, ed,
+                        EDDSA_448_PRIVATE_BYTES);
+}
+
+c448_error_t c448_ed448_derive_public_key(
+                        uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
+                        const uint8_t privkey[EDDSA_448_PRIVATE_BYTES])
+{
+    /* only this much used for keygen */
+    uint8_t secret_scalar_ser[EDDSA_448_PRIVATE_BYTES];
+    curve448_scalar_t secret_scalar;
+    unsigned int c;
+    curve448_point_t p;
+
+    if (!oneshot_hash(secret_scalar_ser, sizeof(secret_scalar_ser), privkey,
+                      EDDSA_448_PRIVATE_BYTES))
+        return C448_FAILURE;
+
+    clamp(secret_scalar_ser);
+
+    curve448_scalar_decode_long(secret_scalar, secret_scalar_ser,
+                                sizeof(secret_scalar_ser));
+
+    /*
+     * Since we are going to mul_by_cofactor during encoding, divide by it
+     * here. However, the EdDSA base point is not the same as the decaf base
+     * point if the sigma isogeny is in use: the EdDSA base point is on
+     * Etwist_d/(1-d) and the decaf base point is on Etwist_d, and when
+     * converted it effectively picks up a factor of 2 from the isogenies.  So
+     * we might start at 2 instead of 1.
+     */
+    for (c = 1; c < C448_EDDSA_ENCODE_RATIO; c <<= 1)
+        curve448_scalar_halve(secret_scalar, secret_scalar);
+
+    curve448_precomputed_scalarmul(p, curve448_precomputed_base, secret_scalar);
+
+    curve448_point_mul_by_ratio_and_encode_like_eddsa(pubkey, p);
+
+    /* Cleanup */
+    curve448_scalar_destroy(secret_scalar);
+    curve448_point_destroy(p);
+    OPENSSL_cleanse(secret_scalar_ser, sizeof(secret_scalar_ser));
+
+    return C448_SUCCESS;
+}
+
+c448_error_t c448_ed448_sign(
+                        uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
+                        const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
+                        const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
+                        const uint8_t *message, size_t message_len,
+                        uint8_t prehashed, const uint8_t *context,
+                        size_t context_len)
+{
+    curve448_scalar_t secret_scalar;
+    EVP_MD_CTX *hashctx = EVP_MD_CTX_new();
+    c448_error_t ret = C448_FAILURE;
+    curve448_scalar_t nonce_scalar;
+    uint8_t nonce_point[EDDSA_448_PUBLIC_BYTES] = { 0 };
+    unsigned int c;
+    curve448_scalar_t challenge_scalar;
+
+    if (hashctx == NULL)
+        return C448_FAILURE;
+
+    {
+        /*
+         * Schedule the secret key, First EDDSA_448_PRIVATE_BYTES is serialised
+         * secret scalar,next EDDSA_448_PRIVATE_BYTES bytes is the seed.
+         */
+        uint8_t expanded[EDDSA_448_PRIVATE_BYTES * 2];
+
+        if (!oneshot_hash(expanded, sizeof(expanded), privkey,
+                          EDDSA_448_PRIVATE_BYTES))
+            goto err;
+        clamp(expanded);
+        curve448_scalar_decode_long(secret_scalar, expanded,
+                                    EDDSA_448_PRIVATE_BYTES);
+
+        /* Hash to create the nonce */
+        if (!hash_init_with_dom(hashctx, prehashed, 0, context, context_len)
+                || !EVP_DigestUpdate(hashctx,
+                                     expanded + EDDSA_448_PRIVATE_BYTES,
+                                     EDDSA_448_PRIVATE_BYTES)
+                || !EVP_DigestUpdate(hashctx, message, message_len)) {
+            OPENSSL_cleanse(expanded, sizeof(expanded));
+            goto err;
+        }
+        OPENSSL_cleanse(expanded, sizeof(expanded));
+    }
+
+    /* Decode the nonce */
+    {
+        uint8_t nonce[2 * EDDSA_448_PRIVATE_BYTES];
+
+        if (!EVP_DigestFinalXOF(hashctx, nonce, sizeof(nonce)))
+            goto err;
+        curve448_scalar_decode_long(nonce_scalar, nonce, sizeof(nonce));
+        OPENSSL_cleanse(nonce, sizeof(nonce));
+    }
+
+    {
+        /* Scalarmul to create the nonce-point */
+        curve448_scalar_t nonce_scalar_2;
+        curve448_point_t p;
+
+        curve448_scalar_halve(nonce_scalar_2, nonce_scalar);
+        for (c = 2; c < C448_EDDSA_ENCODE_RATIO; c <<= 1)
+            curve448_scalar_halve(nonce_scalar_2, nonce_scalar_2);
+
+        curve448_precomputed_scalarmul(p, curve448_precomputed_base,
+                                       nonce_scalar_2);
+        curve448_point_mul_by_ratio_and_encode_like_eddsa(nonce_point, p);
+        curve448_point_destroy(p);
+        curve448_scalar_destroy(nonce_scalar_2);
+    }
+
+    {
+        uint8_t challenge[2 * EDDSA_448_PRIVATE_BYTES];
+
+        /* Compute the challenge */
+        if (!hash_init_with_dom(hashctx, prehashed, 0, context, context_len)
+                || !EVP_DigestUpdate(hashctx, nonce_point, sizeof(nonce_point))
+                || !EVP_DigestUpdate(hashctx, pubkey, EDDSA_448_PUBLIC_BYTES)
+                || !EVP_DigestUpdate(hashctx, message, message_len)
+                || !EVP_DigestFinalXOF(hashctx, challenge, sizeof(challenge)))
+            goto err;
+
+        curve448_scalar_decode_long(challenge_scalar, challenge,
+                                    sizeof(challenge));
+        OPENSSL_cleanse(challenge, sizeof(challenge));
+    }
+
+    curve448_scalar_mul(challenge_scalar, challenge_scalar, secret_scalar);
+    curve448_scalar_add(challenge_scalar, challenge_scalar, nonce_scalar);
+
+    OPENSSL_cleanse(signature, EDDSA_448_SIGNATURE_BYTES);
+    memcpy(signature, nonce_point, sizeof(nonce_point));
+    curve448_scalar_encode(&signature[EDDSA_448_PUBLIC_BYTES],
+                           challenge_scalar);
+
+    curve448_scalar_destroy(secret_scalar);
+    curve448_scalar_destroy(nonce_scalar);
+    curve448_scalar_destroy(challenge_scalar);
+
+    ret = C448_SUCCESS;
+ err:
+    EVP_MD_CTX_free(hashctx);
+    return ret;
+}
+
+c448_error_t c448_ed448_sign_prehash(
+                        uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
+                        const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
+                        const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
+                        const uint8_t hash[64], const uint8_t *context,
+                        size_t context_len)
+{
+    return c448_ed448_sign(signature, privkey, pubkey, hash, 64, 1, context,
+                           context_len);
+}
+
+c448_error_t c448_ed448_verify(
+                    const uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
+                    const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
+                    const uint8_t *message, size_t message_len,
+                    uint8_t prehashed, const uint8_t *context,
+                    uint8_t context_len)
+{
+    curve448_point_t pk_point, r_point;
+    c448_error_t error;
+    curve448_scalar_t challenge_scalar;
+    curve448_scalar_t response_scalar;
+    /* Order in little endian format */
+    static const uint8_t order[] = {
+        0xF3, 0x44, 0x58, 0xAB, 0x92, 0xC2, 0x78, 0x23, 0x55, 0x8F, 0xC5, 0x8D,
+        0x72, 0xC2, 0x6C, 0x21, 0x90, 0x36, 0xD6, 0xAE, 0x49, 0xDB, 0x4E, 0xC4,
+        0xE9, 0x23, 0xCA, 0x7C, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x3F, 0x00
+    };
+    int i;
+
+    /*
+     * Check that s (second 57 bytes of the sig) is less than the order. Both
+     * s and the order are in little-endian format. This can be done in
+     * variable time, since if this is not the case the signature if publicly
+     * invalid.
+     */
+    for (i = EDDSA_448_PUBLIC_BYTES - 1; i >= 0; i--) {
+        if (signature[i + EDDSA_448_PUBLIC_BYTES] > order[i])
+            return C448_FAILURE;
+        if (signature[i + EDDSA_448_PUBLIC_BYTES] < order[i])
+            break;
+    }
+    if (i < 0)
+        return C448_FAILURE;
+
+    error =
+        curve448_point_decode_like_eddsa_and_mul_by_ratio(pk_point, pubkey);
+
+    if (C448_SUCCESS != error)
+        return error;
+
+    error =
+        curve448_point_decode_like_eddsa_and_mul_by_ratio(r_point, signature);
+    if (C448_SUCCESS != error)
+        return error;
+
+    {
+        /* Compute the challenge */
+        EVP_MD_CTX *hashctx = EVP_MD_CTX_new();
+        uint8_t challenge[2 * EDDSA_448_PRIVATE_BYTES];
+
+        if (hashctx == NULL
+                || !hash_init_with_dom(hashctx, prehashed, 0, context,
+                                       context_len)
+                || !EVP_DigestUpdate(hashctx, signature, EDDSA_448_PUBLIC_BYTES)
+                || !EVP_DigestUpdate(hashctx, pubkey, EDDSA_448_PUBLIC_BYTES)
+                || !EVP_DigestUpdate(hashctx, message, message_len)
+                || !EVP_DigestFinalXOF(hashctx, challenge, sizeof(challenge))) {
+            EVP_MD_CTX_free(hashctx);
+            return C448_FAILURE;
+        }
+
+        EVP_MD_CTX_free(hashctx);
+        curve448_scalar_decode_long(challenge_scalar, challenge,
+                                    sizeof(challenge));
+        OPENSSL_cleanse(challenge, sizeof(challenge));
+    }
+    curve448_scalar_sub(challenge_scalar, curve448_scalar_zero,
+                        challenge_scalar);
+
+    curve448_scalar_decode_long(response_scalar,
+                                &signature[EDDSA_448_PUBLIC_BYTES],
+                                EDDSA_448_PRIVATE_BYTES);
+
+    /* pk_point = -c(x(P)) + (cx + k)G = kG */
+    curve448_base_double_scalarmul_non_secret(pk_point,
+                                              response_scalar,
+                                              pk_point, challenge_scalar);
+    return c448_succeed_if(curve448_point_eq(pk_point, r_point));
+}
+
+c448_error_t c448_ed448_verify_prehash(
+                    const uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
+                    const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
+                    const uint8_t hash[64], const uint8_t *context,
+                    uint8_t context_len)
+{
+    return c448_ed448_verify(signature, pubkey, hash, 64, 1, context,
+                             context_len);
+}
+
+int ED448_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len,
+               const uint8_t public_key[57], const uint8_t private_key[57],
+               const uint8_t *context, size_t context_len)
+{
+    return c448_ed448_sign(out_sig, private_key, public_key, message,
+                           message_len, 0, context, context_len)
+        == C448_SUCCESS;
+}
+
+int ED448_verify(const uint8_t *message, size_t message_len,
+                 const uint8_t signature[114], const uint8_t public_key[57],
+                 const uint8_t *context, size_t context_len)
+{
+    return c448_ed448_verify(signature, public_key, message, message_len, 0,
+                             context, (uint8_t)context_len) == C448_SUCCESS;
+}
+
+int ED448ph_sign(uint8_t *out_sig, const uint8_t hash[64],
+                 const uint8_t public_key[57], const uint8_t private_key[57],
+                 const uint8_t *context, size_t context_len)
+{
+    return c448_ed448_sign_prehash(out_sig, private_key, public_key, hash,
+                                   context, context_len) == C448_SUCCESS;
+
+}
+
+int ED448ph_verify(const uint8_t hash[64], const uint8_t signature[114],
+                   const uint8_t public_key[57], const uint8_t *context,
+                   size_t context_len)
+{
+    return c448_ed448_verify_prehash(signature, public_key, hash, context,
+                                     (uint8_t)context_len) == C448_SUCCESS;
+}
+
+int ED448_public_from_private(uint8_t out_public_key[57],
+                              const uint8_t private_key[57])
+{
+    return c448_ed448_derive_public_key(out_public_key, private_key)
+        == C448_SUCCESS;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/f_generic.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/f_generic.c
new file mode 100644
index 000000000..ed8f36d86
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/f_generic.c
@@ -0,0 +1,204 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2016 Cryptography Research, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Mike Hamburg
+ */
+#include "field.h"
+
+static const gf MODULUS = {
+    FIELD_LITERAL(0xffffffffffffff, 0xffffffffffffff, 0xffffffffffffff,
+                  0xffffffffffffff, 0xfffffffffffffe, 0xffffffffffffff,
+                  0xffffffffffffff, 0xffffffffffffff)
+};
+
+/* Serialize to wire format. */
+void gf_serialize(uint8_t serial[SER_BYTES], const gf x, int with_hibit)
+{
+    unsigned int j = 0, fill = 0;
+    dword_t buffer = 0;
+    int i;
+    gf red;
+
+    gf_copy(red, x);
+    gf_strong_reduce(red);
+    if (!with_hibit)
+        assert(gf_hibit(red) == 0);
+
+    for (i = 0; i < (with_hibit ? X_SER_BYTES : SER_BYTES); i++) {
+        if (fill < 8 && j < NLIMBS) {
+            buffer |= ((dword_t) red->limb[LIMBPERM(j)]) << fill;
+            fill += LIMB_PLACE_VALUE(LIMBPERM(j));
+            j++;
+        }
+        serial[i] = (uint8_t)buffer;
+        fill -= 8;
+        buffer >>= 8;
+    }
+}
+
+/* Return high bit of x = low bit of 2x mod p */
+mask_t gf_hibit(const gf x)
+{
+    gf y;
+
+    gf_add(y, x, x);
+    gf_strong_reduce(y);
+    return 0 - (y->limb[0] & 1);
+}
+
+/* Return high bit of x = low bit of 2x mod p */
+mask_t gf_lobit(const gf x)
+{
+    gf y;
+
+    gf_copy(y, x);
+    gf_strong_reduce(y);
+    return 0 - (y->limb[0] & 1);
+}
+
+/* Deserialize from wire format; return -1 on success and 0 on failure. */
+mask_t gf_deserialize(gf x, const uint8_t serial[SER_BYTES], int with_hibit,
+                      uint8_t hi_nmask)
+{
+    unsigned int j = 0, fill = 0;
+    dword_t buffer = 0;
+    dsword_t scarry = 0;
+    const unsigned nbytes = with_hibit ? X_SER_BYTES : SER_BYTES;
+    unsigned int i;
+    mask_t succ;
+
+    for (i = 0; i < NLIMBS; i++) {
+        while (fill < LIMB_PLACE_VALUE(LIMBPERM(i)) && j < nbytes) {
+            uint8_t sj;
+
+            sj = serial[j];
+            if (j == nbytes - 1)
+                sj &= ~hi_nmask;
+            buffer |= ((dword_t) sj) << fill;
+            fill += 8;
+            j++;
+        }
+        x->limb[LIMBPERM(i)] = (word_t)
+            ((i < NLIMBS - 1) ? buffer & LIMB_MASK(LIMBPERM(i)) : buffer);
+        fill -= LIMB_PLACE_VALUE(LIMBPERM(i));
+        buffer >>= LIMB_PLACE_VALUE(LIMBPERM(i));
+        scarry =
+            (scarry + x->limb[LIMBPERM(i)] -
+             MODULUS->limb[LIMBPERM(i)]) >> (8 * sizeof(word_t));
+    }
+    succ = with_hibit ? 0 - (mask_t) 1 : ~gf_hibit(x);
+    return succ & word_is_zero((word_t)buffer) & ~word_is_zero((word_t)scarry);
+}
+
+/* Reduce to canonical form. */
+void gf_strong_reduce(gf a)
+{
+    dsword_t scarry;
+    word_t scarry_0;
+    dword_t carry = 0;
+    unsigned int i;
+
+    /* first, clear high */
+    gf_weak_reduce(a);          /* Determined to have negligible perf impact. */
+
+    /* now the total is less than 2p */
+
+    /* compute total_value - p.  No need to reduce mod p. */
+    scarry = 0;
+    for (i = 0; i < NLIMBS; i++) {
+        scarry = scarry + a->limb[LIMBPERM(i)] - MODULUS->limb[LIMBPERM(i)];
+        a->limb[LIMBPERM(i)] = scarry & LIMB_MASK(LIMBPERM(i));
+        scarry >>= LIMB_PLACE_VALUE(LIMBPERM(i));
+    }
+
+    /*
+     * uncommon case: it was >= p, so now scarry = 0 and this = x common case:
+     * it was < p, so now scarry = -1 and this = x - p + 2^255 so let's add
+     * back in p.  will carry back off the top for 2^255.
+     */
+    assert(scarry == 0 || scarry == -1);
+
+    scarry_0 = (word_t)scarry;
+
+    /* add it back */
+    for (i = 0; i < NLIMBS; i++) {
+        carry =
+            carry + a->limb[LIMBPERM(i)] +
+            (scarry_0 & MODULUS->limb[LIMBPERM(i)]);
+        a->limb[LIMBPERM(i)] = carry & LIMB_MASK(LIMBPERM(i));
+        carry >>= LIMB_PLACE_VALUE(LIMBPERM(i));
+    }
+
+    assert(carry < 2 && ((word_t)carry + scarry_0) == 0);
+}
+
+/* Subtract two gf elements d=a-b */
+void gf_sub(gf d, const gf a, const gf b)
+{
+    gf_sub_RAW(d, a, b);
+    gf_bias(d, 2);
+    gf_weak_reduce(d);
+}
+
+/* Add two field elements d = a+b */
+void gf_add(gf d, const gf a, const gf b)
+{
+    gf_add_RAW(d, a, b);
+    gf_weak_reduce(d);
+}
+
+/* Compare a==b */
+mask_t gf_eq(const gf a, const gf b)
+{
+    gf c;
+    mask_t ret = 0;
+    unsigned int i;
+
+    gf_sub(c, a, b);
+    gf_strong_reduce(c);
+
+    for (i = 0; i < NLIMBS; i++)
+        ret |= c->limb[LIMBPERM(i)];
+
+    return word_is_zero(ret);
+}
+
+mask_t gf_isr(gf a, const gf x)
+{
+    gf L0, L1, L2;
+
+    gf_sqr(L1, x);
+    gf_mul(L2, x, L1);
+    gf_sqr(L1, L2);
+    gf_mul(L2, x, L1);
+    gf_sqrn(L1, L2, 3);
+    gf_mul(L0, L2, L1);
+    gf_sqrn(L1, L0, 3);
+    gf_mul(L0, L2, L1);
+    gf_sqrn(L2, L0, 9);
+    gf_mul(L1, L0, L2);
+    gf_sqr(L0, L1);
+    gf_mul(L2, x, L0);
+    gf_sqrn(L0, L2, 18);
+    gf_mul(L2, L1, L0);
+    gf_sqrn(L0, L2, 37);
+    gf_mul(L1, L2, L0);
+    gf_sqrn(L0, L1, 37);
+    gf_mul(L1, L2, L0);
+    gf_sqrn(L0, L1, 111);
+    gf_mul(L2, L1, L0);
+    gf_sqr(L0, L2);
+    gf_mul(L1, x, L0);
+    gf_sqrn(L0, L1, 223);
+    gf_mul(L1, L2, L0);
+    gf_sqr(L2, L1);
+    gf_mul(L0, L2, x);
+    gf_copy(a, L1);
+    return gf_eq(L0, ONE);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/field.h b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/field.h
new file mode 100644
index 000000000..d96d4c023
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/field.h
@@ -0,0 +1,168 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2014 Cryptography Research, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Mike Hamburg
+ */
+
+#ifndef HEADER_FIELD_H
+# define HEADER_FIELD_H
+
+# include "internal/constant_time_locl.h"
+# include <string.h>
+# include <assert.h>
+# include "word.h"
+
+# define NLIMBS (64/sizeof(word_t))
+# define X_SER_BYTES 56
+# define SER_BYTES 56
+
+# if defined(__GNUC__) || defined(__clang__)
+#  define INLINE_UNUSED __inline__ __attribute__((__unused__,__always_inline__))
+#  define RESTRICT __restrict__
+#  define ALIGNED __attribute__((__aligned__(16)))
+# else
+#  define INLINE_UNUSED ossl_inline
+#  define RESTRICT
+#  define ALIGNED
+# endif
+
+typedef struct gf_s {
+    word_t limb[NLIMBS];
+} ALIGNED gf_s, gf[1];
+
+/* RFC 7748 support */
+# define X_PUBLIC_BYTES  X_SER_BYTES
+# define X_PRIVATE_BYTES X_PUBLIC_BYTES
+# define X_PRIVATE_BITS  448
+
+static INLINE_UNUSED void gf_copy(gf out, const gf a)
+{
+    *out = *a;
+}
+
+static INLINE_UNUSED void gf_add_RAW(gf out, const gf a, const gf b);
+static INLINE_UNUSED void gf_sub_RAW(gf out, const gf a, const gf b);
+static INLINE_UNUSED void gf_bias(gf inout, int amount);
+static INLINE_UNUSED void gf_weak_reduce(gf inout);
+
+void gf_strong_reduce(gf inout);
+void gf_add(gf out, const gf a, const gf b);
+void gf_sub(gf out, const gf a, const gf b);
+void gf_mul(gf_s * RESTRICT out, const gf a, const gf b);
+void gf_mulw_unsigned(gf_s * RESTRICT out, const gf a, uint32_t b);
+void gf_sqr(gf_s * RESTRICT out, const gf a);
+mask_t gf_isr(gf a, const gf x); /** a^2 x = 1, QNR, or 0 if x=0.  Return true if successful */
+mask_t gf_eq(const gf x, const gf y);
+mask_t gf_lobit(const gf x);
+mask_t gf_hibit(const gf x);
+
+void gf_serialize(uint8_t *serial, const gf x, int with_highbit);
+mask_t gf_deserialize(gf x, const uint8_t serial[SER_BYTES], int with_hibit,
+                      uint8_t hi_nmask);
+
+# include "f_impl.h"            /* Bring in the inline implementations */
+
+# define LIMBPERM(i) (i)
+# define LIMB_MASK(i) (((1)<<LIMB_PLACE_VALUE(i))-1)
+
+static const gf ZERO = {{{0}}}, ONE = {{{1}}};
+
+/* Square x, n times. */
+static ossl_inline void gf_sqrn(gf_s * RESTRICT y, const gf x, int n)
+{
+    gf tmp;
+
+    assert(n > 0);
+    if (n & 1) {
+        gf_sqr(y, x);
+        n--;
+    } else {
+        gf_sqr(tmp, x);
+        gf_sqr(y, tmp);
+        n -= 2;
+    }
+    for (; n; n -= 2) {
+        gf_sqr(tmp, y);
+        gf_sqr(y, tmp);
+    }
+}
+
+# define gf_add_nr gf_add_RAW
+
+/* Subtract mod p.  Bias by 2 and don't reduce  */
+static ossl_inline void gf_sub_nr(gf c, const gf a, const gf b)
+{
+    gf_sub_RAW(c, a, b);
+    gf_bias(c, 2);
+    if (GF_HEADROOM < 3)
+        gf_weak_reduce(c);
+}
+
+/* Subtract mod p. Bias by amt but don't reduce.  */
+static ossl_inline void gf_subx_nr(gf c, const gf a, const gf b, int amt)
+{
+    gf_sub_RAW(c, a, b);
+    gf_bias(c, amt);
+    if (GF_HEADROOM < amt + 1)
+        gf_weak_reduce(c);
+}
+
+/* Mul by signed int.  Not constant-time WRT the sign of that int. */
+static ossl_inline void gf_mulw(gf c, const gf a, int32_t w)
+{
+    if (w > 0) {
+        gf_mulw_unsigned(c, a, w);
+    } else {
+        gf_mulw_unsigned(c, a, -w);
+        gf_sub(c, ZERO, c);
+    }
+}
+
+/* Constant time, x = is_z ? z : y */
+static ossl_inline void gf_cond_sel(gf x, const gf y, const gf z, mask_t is_z)
+{
+    size_t i;
+
+    for (i = 0; i < NLIMBS; i++) {
+#if ARCH_WORD_BITS == 32
+        x[0].limb[i] = constant_time_select_32(is_z, z[0].limb[i],
+                                               y[0].limb[i]);
+#else
+        /* Must be 64 bit */
+        x[0].limb[i] = constant_time_select_64(is_z, z[0].limb[i],
+                                               y[0].limb[i]);
+#endif
+    }
+}
+
+/* Constant time, if (neg) x=-x; */
+static ossl_inline void gf_cond_neg(gf x, mask_t neg)
+{
+    gf y;
+
+    gf_sub(y, ZERO, x);
+    gf_cond_sel(x, x, y, neg);
+}
+
+/* Constant time, if (swap) (x,y) = (y,x); */
+static ossl_inline void gf_cond_swap(gf x, gf_s * RESTRICT y, mask_t swap)
+{
+    size_t i;
+
+    for (i = 0; i < NLIMBS; i++) {
+#if ARCH_WORD_BITS == 32
+        constant_time_cond_swap_32(swap, &(x[0].limb[i]), &(y->limb[i]));
+#else
+        /* Must be 64 bit */
+        constant_time_cond_swap_64(swap, &(x[0].limb[i]), &(y->limb[i]));
+#endif
+    }
+}
+
+#endif                          /* HEADER_FIELD_H */
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/point_448.h b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/point_448.h
new file mode 100644
index 000000000..399f91b9a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/point_448.h
@@ -0,0 +1,301 @@
+/*
+ * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2016 Cryptography Research, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Mike Hamburg
+ */
+
+#ifndef HEADER_POINT_448_H
+# define HEADER_POINT_448_H
+
+# include "curve448utils.h"
+# include "field.h"
+
+/* Comb config: number of combs, n, t, s. */
+#define COMBS_N 5
+#define COMBS_T 5
+#define COMBS_S 18
+
+/* Projective Niels coordinates */
+typedef struct {
+    gf a, b, c;
+} niels_s, niels_t[1];
+typedef struct {
+    niels_t n;
+    gf z;
+} pniels_t[1];
+
+/* Precomputed base */
+struct curve448_precomputed_s {
+    niels_t table[COMBS_N << (COMBS_T - 1)];
+};
+
+# define C448_SCALAR_LIMBS ((446-1)/C448_WORD_BITS+1)
+
+/* The number of bits in a scalar */
+# define C448_SCALAR_BITS 446
+
+/* Number of bytes in a serialized scalar. */
+# define C448_SCALAR_BYTES 56
+
+/* X448 encoding ratio. */
+# define X448_ENCODE_RATIO 2
+
+/* Number of bytes in an x448 public key */
+# define X448_PUBLIC_BYTES 56
+
+/* Number of bytes in an x448 private key */
+# define X448_PRIVATE_BYTES 56
+
+/* Twisted Edwards extended homogeneous coordinates */
+typedef struct curve448_point_s {
+    gf x, y, z, t;
+} curve448_point_t[1];
+
+/* Precomputed table based on a point.  Can be trivial implementation. */
+struct curve448_precomputed_s;
+
+/* Precomputed table based on a point.  Can be trivial implementation. */
+typedef struct curve448_precomputed_s curve448_precomputed_s;
+
+/* Scalar is stored packed, because we don't need the speed. */
+typedef struct curve448_scalar_s {
+    c448_word_t limb[C448_SCALAR_LIMBS];
+} curve448_scalar_t[1];
+
+/* A scalar equal to 1. */
+extern const curve448_scalar_t curve448_scalar_one;
+
+/* A scalar equal to 0. */
+extern const curve448_scalar_t curve448_scalar_zero;
+
+/* The identity point on the curve. */
+extern const curve448_point_t curve448_point_identity;
+
+/* Precomputed table for the base point on the curve. */
+extern const struct curve448_precomputed_s *curve448_precomputed_base;
+extern const niels_t *curve448_wnaf_base;
+
+/*
+ * Read a scalar from wire format or from bytes.
+ *
+ * ser (in): Serialized form of a scalar.
+ * out (out): Deserialized form.
+ *
+ * Returns:
+ * C448_SUCCESS: The scalar was correctly encoded.
+ * C448_FAILURE: The scalar was greater than the modulus, and has been reduced
+ * modulo that modulus.
+ */
+c448_error_t curve448_scalar_decode(curve448_scalar_t out,
+                                    const unsigned char ser[C448_SCALAR_BYTES]);
+
+/*
+ * Read a scalar from wire format or from bytes.  Reduces mod scalar prime.
+ *
+ * ser (in): Serialized form of a scalar.
+ * ser_len (in): Length of serialized form.
+ * out (out): Deserialized form.
+ */
+void curve448_scalar_decode_long(curve448_scalar_t out,
+                                 const unsigned char *ser, size_t ser_len);
+
+/*
+ * Serialize a scalar to wire format.
+ *
+ * ser (out): Serialized form of a scalar.
+ * s (in): Deserialized scalar.
+ */
+void curve448_scalar_encode(unsigned char ser[C448_SCALAR_BYTES],
+                            const curve448_scalar_t s);
+
+/*
+ * Add two scalars. |a|, |b| and |out| may alias each other.
+ *
+ * a (in): One scalar.
+ * b (in): Another scalar.
+ * out (out): a+b.
+ */
+void curve448_scalar_add(curve448_scalar_t out,
+                         const curve448_scalar_t a, const curve448_scalar_t b);
+
+/*
+ * Subtract two scalars.  |a|, |b| and |out| may alias each other.
+ * a (in): One scalar.
+ * b (in): Another scalar.
+ * out (out): a-b.
+ */
+void curve448_scalar_sub(curve448_scalar_t out,
+                         const curve448_scalar_t a, const curve448_scalar_t b);
+
+/*
+ * Multiply two scalars. |a|, |b| and |out| may alias each other.
+ *
+ * a (in): One scalar.
+ * b (in): Another scalar.
+ * out (out): a*b.
+ */
+void curve448_scalar_mul(curve448_scalar_t out,
+                         const curve448_scalar_t a, const curve448_scalar_t b);
+
+/*
+* Halve a scalar.  |a| and |out| may alias each other.
+*
+* a (in): A scalar.
+* out (out): a/2.
+*/
+void curve448_scalar_halve(curve448_scalar_t out, const curve448_scalar_t a);
+
+/*
+ * Copy a scalar.  The scalars may alias each other, in which case this
+ * function does nothing.
+ *
+ * a (in): A scalar.
+ * out (out): Will become a copy of a.
+ */
+static ossl_inline void curve448_scalar_copy(curve448_scalar_t out,
+                                             const curve448_scalar_t a)
+{
+    *out = *a;
+}
+
+/*
+ * Copy a point.  The input and output may alias, in which case this function
+ * does nothing.
+ *
+ * a (out): A copy of the point.
+ * b (in): Any point.
+ */
+static ossl_inline void curve448_point_copy(curve448_point_t a,
+                                            const curve448_point_t b)
+{
+    *a = *b;
+}
+
+/*
+ * Test whether two points are equal.  If yes, return C448_TRUE, else return
+ * C448_FALSE.
+ *
+ * a (in): A point.
+ * b (in): Another point.
+ *
+ * Returns:
+ * C448_TRUE: The points are equal.
+ * C448_FALSE: The points are not equal.
+ */
+__owur c448_bool_t curve448_point_eq(const curve448_point_t a,
+                                     const curve448_point_t b);
+
+/*
+ * Double a point. Equivalent to curve448_point_add(two_a,a,a), but potentially
+ * faster.
+ *
+ * two_a (out): The sum a+a.
+ * a (in): A point.
+ */
+void curve448_point_double(curve448_point_t two_a, const curve448_point_t a);
+
+/*
+ * RFC 7748 Diffie-Hellman scalarmul.  This function uses a different
+ * (non-Decaf) encoding.
+ *
+ * out (out): The scaled point base*scalar
+ * base (in): The point to be scaled.
+ * scalar (in): The scalar to multiply by.
+ *
+ * Returns:
+ * C448_SUCCESS: The scalarmul succeeded.
+ * C448_FAILURE: The scalarmul didn't succeed, because the base point is in a
+ * small subgroup.
+ */
+__owur c448_error_t x448_int(uint8_t out[X448_PUBLIC_BYTES],
+                             const uint8_t base[X448_PUBLIC_BYTES],
+                             const uint8_t scalar[X448_PRIVATE_BYTES]);
+
+/*
+ * Multiply a point by X448_ENCODE_RATIO, then encode it like RFC 7748.
+ *
+ * This function is mainly used internally, but is exported in case
+ * it will be useful.
+ *
+ * The ratio is necessary because the internal representation doesn't
+ * track the cofactor information, so on output we must clear the cofactor.
+ * This would multiply by the cofactor, but in fact internally points are always
+ * even, so it multiplies by half the cofactor instead.
+ *
+ * As it happens, this aligns with the base point definitions; that is,
+ * if you pass the Decaf/Ristretto base point to this function, the result
+ * will be X448_ENCODE_RATIO times the X448
+ * base point.
+ *
+ * out (out): The scaled and encoded point.
+ * p (in): The point to be scaled and encoded.
+ */
+void curve448_point_mul_by_ratio_and_encode_like_x448(
+                                        uint8_t out[X448_PUBLIC_BYTES],
+                                        const curve448_point_t p);
+
+/*
+ * RFC 7748 Diffie-Hellman base point scalarmul.  This function uses a different
+ * (non-Decaf) encoding.
+ *
+ * out (out): The scaled point base*scalar
+ * scalar (in): The scalar to multiply by.
+ */
+void x448_derive_public_key(uint8_t out[X448_PUBLIC_BYTES],
+                            const uint8_t scalar[X448_PRIVATE_BYTES]);
+
+/*
+ * Multiply a precomputed base point by a scalar: out = scalar*base.
+ *
+ * scaled (out): The scaled point base*scalar
+ * base (in): The point to be scaled.
+ * scalar (in): The scalar to multiply by.
+ */
+void curve448_precomputed_scalarmul(curve448_point_t scaled,
+                                    const curve448_precomputed_s * base,
+                                    const curve448_scalar_t scalar);
+
+/*
+ * Multiply two base points by two scalars:
+ * combo = scalar1*curve448_point_base + scalar2*base2.
+ *
+ * Otherwise equivalent to curve448_point_double_scalarmul, but may be
+ * faster at the expense of being variable time.
+ *
+ * combo (out): The linear combination scalar1*base + scalar2*base2.
+ * scalar1 (in): A first scalar to multiply by.
+ * base2 (in): A second point to be scaled.
+ * scalar2 (in) A second scalar to multiply by.
+ *
+ * Warning: This function takes variable time, and may leak the scalars used.
+ * It is designed for signature verification.
+ */
+void curve448_base_double_scalarmul_non_secret(curve448_point_t combo,
+                                               const curve448_scalar_t scalar1,
+                                               const curve448_point_t base2,
+                                               const curve448_scalar_t scalar2);
+
+/*
+ * Test that a point is valid, for debugging purposes.
+ *
+ * to_test (in): The point to test.
+ *
+ * Returns:
+ * C448_TRUE The point is valid.
+ * C448_FALSE The point is invalid.
+ */
+__owur c448_bool_t curve448_point_valid(const curve448_point_t to_test);
+
+/* Overwrite scalar with zeros. */
+void curve448_scalar_destroy(curve448_scalar_t scalar);
+
+/* Overwrite point with zeros. */
+void curve448_point_destroy(curve448_point_t point);
+
+#endif                          /* HEADER_POINT_448_H */
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/scalar.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/scalar.c
new file mode 100644
index 000000000..b5702c025
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/scalar.c
@@ -0,0 +1,235 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2016 Cryptography Research, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Mike Hamburg
+ */
+#include <openssl/crypto.h>
+
+#include "word.h"
+#include "point_448.h"
+
+static const c448_word_t MONTGOMERY_FACTOR = (c448_word_t) 0x3bd440fae918bc5;
+static const curve448_scalar_t sc_p = {
+    {
+        {
+            SC_LIMB(0x2378c292ab5844f3), SC_LIMB(0x216cc2728dc58f55),
+            SC_LIMB(0xc44edb49aed63690), SC_LIMB(0xffffffff7cca23e9),
+            SC_LIMB(0xffffffffffffffff), SC_LIMB(0xffffffffffffffff),
+            SC_LIMB(0x3fffffffffffffff)
+        }
+    }
+}, sc_r2 = {
+    {
+        {
+
+            SC_LIMB(0xe3539257049b9b60), SC_LIMB(0x7af32c4bc1b195d9),
+            SC_LIMB(0x0d66de2388ea1859), SC_LIMB(0xae17cf725ee4d838),
+            SC_LIMB(0x1a9cc14ba3c47c44), SC_LIMB(0x2052bcb7e4d070af),
+            SC_LIMB(0x3402a939f823b729)
+        }
+    }
+};
+
+#define WBITS C448_WORD_BITS   /* NB this may be different from ARCH_WORD_BITS */
+
+const curve448_scalar_t curve448_scalar_one = {{{1}}};
+const curve448_scalar_t curve448_scalar_zero = {{{0}}};
+
+/*
+ * {extra,accum} - sub +? p
+ * Must have extra <= 1
+ */
+static void sc_subx(curve448_scalar_t out,
+                    const c448_word_t accum[C448_SCALAR_LIMBS],
+                    const curve448_scalar_t sub,
+                    const curve448_scalar_t p, c448_word_t extra)
+{
+    c448_dsword_t chain = 0;
+    unsigned int i;
+    c448_word_t borrow;
+
+    for (i = 0; i < C448_SCALAR_LIMBS; i++) {
+        chain = (chain + accum[i]) - sub->limb[i];
+        out->limb[i] = (c448_word_t)chain;
+        chain >>= WBITS;
+    }
+    borrow = (c448_word_t)chain + extra;     /* = 0 or -1 */
+
+    chain = 0;
+    for (i = 0; i < C448_SCALAR_LIMBS; i++) {
+        chain = (chain + out->limb[i]) + (p->limb[i] & borrow);
+        out->limb[i] = (c448_word_t)chain;
+        chain >>= WBITS;
+    }
+}
+
+static void sc_montmul(curve448_scalar_t out, const curve448_scalar_t a,
+                       const curve448_scalar_t b)
+{
+    unsigned int i, j;
+    c448_word_t accum[C448_SCALAR_LIMBS + 1] = { 0 };
+    c448_word_t hi_carry = 0;
+
+    for (i = 0; i < C448_SCALAR_LIMBS; i++) {
+        c448_word_t mand = a->limb[i];
+        const c448_word_t *mier = b->limb;
+
+        c448_dword_t chain = 0;
+        for (j = 0; j < C448_SCALAR_LIMBS; j++) {
+            chain += ((c448_dword_t) mand) * mier[j] + accum[j];
+            accum[j] = (c448_word_t)chain;
+            chain >>= WBITS;
+        }
+        accum[j] = (c448_word_t)chain;
+
+        mand = accum[0] * MONTGOMERY_FACTOR;
+        chain = 0;
+        mier = sc_p->limb;
+        for (j = 0; j < C448_SCALAR_LIMBS; j++) {
+            chain += (c448_dword_t) mand *mier[j] + accum[j];
+            if (j)
+                accum[j - 1] = (c448_word_t)chain;
+            chain >>= WBITS;
+        }
+        chain += accum[j];
+        chain += hi_carry;
+        accum[j - 1] = (c448_word_t)chain;
+        hi_carry = chain >> WBITS;
+    }
+
+    sc_subx(out, accum, sc_p, sc_p, hi_carry);
+}
+
+void curve448_scalar_mul(curve448_scalar_t out, const curve448_scalar_t a,
+                         const curve448_scalar_t b)
+{
+    sc_montmul(out, a, b);
+    sc_montmul(out, out, sc_r2);
+}
+
+void curve448_scalar_sub(curve448_scalar_t out, const curve448_scalar_t a,
+                         const curve448_scalar_t b)
+{
+    sc_subx(out, a->limb, b, sc_p, 0);
+}
+
+void curve448_scalar_add(curve448_scalar_t out, const curve448_scalar_t a,
+                         const curve448_scalar_t b)
+{
+    c448_dword_t chain = 0;
+    unsigned int i;
+
+    for (i = 0; i < C448_SCALAR_LIMBS; i++) {
+        chain = (chain + a->limb[i]) + b->limb[i];
+        out->limb[i] = (c448_word_t)chain;
+        chain >>= WBITS;
+    }
+    sc_subx(out, out->limb, sc_p, sc_p, (c448_word_t)chain);
+}
+
+static ossl_inline void scalar_decode_short(curve448_scalar_t s,
+                                            const unsigned char *ser,
+                                            size_t nbytes)
+{
+    size_t i, j, k = 0;
+
+    for (i = 0; i < C448_SCALAR_LIMBS; i++) {
+        c448_word_t out = 0;
+
+        for (j = 0; j < sizeof(c448_word_t) && k < nbytes; j++, k++)
+            out |= ((c448_word_t) ser[k]) << (8 * j);
+        s->limb[i] = out;
+    }
+}
+
+c448_error_t curve448_scalar_decode(
+                                curve448_scalar_t s,
+                                const unsigned char ser[C448_SCALAR_BYTES])
+{
+    unsigned int i;
+    c448_dsword_t accum = 0;
+
+    scalar_decode_short(s, ser, C448_SCALAR_BYTES);
+    for (i = 0; i < C448_SCALAR_LIMBS; i++)
+        accum = (accum + s->limb[i] - sc_p->limb[i]) >> WBITS;
+    /* Here accum == 0 or -1 */
+
+    curve448_scalar_mul(s, s, curve448_scalar_one); /* ham-handed reduce */
+
+    return c448_succeed_if(~word_is_zero((uint32_t)accum));
+}
+
+void curve448_scalar_destroy(curve448_scalar_t scalar)
+{
+    OPENSSL_cleanse(scalar, sizeof(curve448_scalar_t));
+}
+
+void curve448_scalar_decode_long(curve448_scalar_t s,
+                                 const unsigned char *ser, size_t ser_len)
+{
+    size_t i;
+    curve448_scalar_t t1, t2;
+
+    if (ser_len == 0) {
+        curve448_scalar_copy(s, curve448_scalar_zero);
+        return;
+    }
+
+    i = ser_len - (ser_len % C448_SCALAR_BYTES);
+    if (i == ser_len)
+        i -= C448_SCALAR_BYTES;
+
+    scalar_decode_short(t1, &ser[i], ser_len - i);
+
+    if (ser_len == sizeof(curve448_scalar_t)) {
+        assert(i == 0);
+        /* ham-handed reduce */
+        curve448_scalar_mul(s, t1, curve448_scalar_one);
+        curve448_scalar_destroy(t1);
+        return;
+    }
+
+    while (i) {
+        i -= C448_SCALAR_BYTES;
+        sc_montmul(t1, t1, sc_r2);
+        (void)curve448_scalar_decode(t2, ser + i);
+        curve448_scalar_add(t1, t1, t2);
+    }
+
+    curve448_scalar_copy(s, t1);
+    curve448_scalar_destroy(t1);
+    curve448_scalar_destroy(t2);
+}
+
+void curve448_scalar_encode(unsigned char ser[C448_SCALAR_BYTES],
+                            const curve448_scalar_t s)
+{
+    unsigned int i, j, k = 0;
+
+    for (i = 0; i < C448_SCALAR_LIMBS; i++) {
+        for (j = 0; j < sizeof(c448_word_t); j++, k++)
+            ser[k] = s->limb[i] >> (8 * j);
+    }
+}
+
+void curve448_scalar_halve(curve448_scalar_t out, const curve448_scalar_t a)
+{
+    c448_word_t mask = 0 - (a->limb[0] & 1);
+    c448_dword_t chain = 0;
+    unsigned int i;
+
+    for (i = 0; i < C448_SCALAR_LIMBS; i++) {
+        chain = (chain + a->limb[i]) + (sc_p->limb[i] & mask);
+        out->limb[i] = (c448_word_t)chain;
+        chain >>= C448_WORD_BITS;
+    }
+    for (i = 0; i < C448_SCALAR_LIMBS - 1; i++)
+        out->limb[i] = out->limb[i] >> 1 | out->limb[i + 1] << (WBITS - 1);
+    out->limb[i] = out->limb[i] >> 1 | (c448_word_t)(chain << (WBITS - 1));
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/word.h b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/word.h
new file mode 100644
index 000000000..a48b9e053
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/word.h
@@ -0,0 +1,81 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2014 Cryptography Research, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Mike Hamburg
+ */
+
+#ifndef HEADER_WORD_H
+# define HEADER_WORD_H
+
+# include <string.h>
+# include <assert.h>
+# include <stdlib.h>
+# include <openssl/e_os2.h>
+# include "arch_intrinsics.h"
+# include "curve448utils.h"
+
+# if (ARCH_WORD_BITS == 64)
+typedef uint64_t word_t, mask_t;
+typedef __uint128_t dword_t;
+typedef int32_t hsword_t;
+typedef int64_t sword_t;
+typedef __int128_t dsword_t;
+# elif (ARCH_WORD_BITS == 32)
+typedef uint32_t word_t, mask_t;
+typedef uint64_t dword_t;
+typedef int16_t hsword_t;
+typedef int32_t sword_t;
+typedef int64_t dsword_t;
+# else
+#  error "For now, we only support 32- and 64-bit architectures."
+# endif
+
+/*
+ * Scalar limbs are keyed off of the API word size instead of the arch word
+ * size.
+ */
+# if C448_WORD_BITS == 64
+#  define SC_LIMB(x) (x)
+# elif C448_WORD_BITS == 32
+#  define SC_LIMB(x) ((uint32_t)(x)),((x) >> 32)
+# else
+#  error "For now we only support 32- and 64-bit architectures."
+# endif
+
+/*
+ * The plan on booleans: The external interface uses c448_bool_t, but this
+ * might be a different size than our particular arch's word_t (and thus
+ * mask_t).  Also, the caller isn't guaranteed to pass it as nonzero.  So
+ * bool_to_mask converts word sizes and checks nonzero. On the flip side,
+ * mask_t is always -1 or 0, but it might be a different size than
+ * c448_bool_t. On the third hand, we have success vs boolean types, but
+ * that's handled in common.h: it converts between c448_bool_t and
+ * c448_error_t.
+ */
+static ossl_inline c448_bool_t mask_to_bool(mask_t m)
+{
+    return (c448_sword_t)(sword_t)m;
+}
+
+static ossl_inline mask_t bool_to_mask(c448_bool_t m)
+{
+    /* On most arches this will be optimized to a simple cast. */
+    mask_t ret = 0;
+    unsigned int i;
+    unsigned int limit = sizeof(c448_bool_t) / sizeof(mask_t);
+
+    if (limit < 1)
+        limit = 1;
+    for (i = 0; i < limit; i++)
+        ret |= ~word_is_zero(m >> (i * 8 * sizeof(word_t)));
+
+    return ret;
+}
+
+#endif                          /* HEADER_WORD_H */
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec2_oct.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec2_oct.c
new file mode 100644
index 000000000..0867f994e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec2_oct.c
@@ -0,0 +1,337 @@
+/*
+ * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+
+#include "ec_lcl.h"
+
+#ifndef OPENSSL_NO_EC2M
+
+/*-
+ * Calculates and sets the affine coordinates of an EC_POINT from the given
+ * compressed coordinates.  Uses algorithm 2.3.4 of SEC 1.
+ * Note that the simple implementation only uses affine coordinates.
+ *
+ * The method is from the following publication:
+ *
+ *     Harper, Menezes, Vanstone:
+ *     "Public-Key Cryptosystems with Very Small Key Lengths",
+ *     EUROCRYPT '92, Springer-Verlag LNCS 658,
+ *     published February 1993
+ *
+ * US Patents 6,141,420 and 6,618,483 (Vanstone, Mullin, Agnew) describe
+ * the same method, but claim no priority date earlier than July 29, 1994
+ * (and additionally fail to cite the EUROCRYPT '92 publication as prior art).
+ */
+int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group,
+                                              EC_POINT *point,
+                                              const BIGNUM *x_, int y_bit,
+                                              BN_CTX *ctx)
+{
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *tmp, *x, *y, *z;
+    int ret = 0, z0;
+
+    /* clear error queue */
+    ERR_clear_error();
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    y_bit = (y_bit != 0) ? 1 : 0;
+
+    BN_CTX_start(ctx);
+    tmp = BN_CTX_get(ctx);
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    z = BN_CTX_get(ctx);
+    if (z == NULL)
+        goto err;
+
+    if (!BN_GF2m_mod_arr(x, x_, group->poly))
+        goto err;
+    if (BN_is_zero(x)) {
+        if (!BN_GF2m_mod_sqrt_arr(y, group->b, group->poly, ctx))
+            goto err;
+    } else {
+        if (!group->meth->field_sqr(group, tmp, x, ctx))
+            goto err;
+        if (!group->meth->field_div(group, tmp, group->b, tmp, ctx))
+            goto err;
+        if (!BN_GF2m_add(tmp, group->a, tmp))
+            goto err;
+        if (!BN_GF2m_add(tmp, x, tmp))
+            goto err;
+        if (!BN_GF2m_mod_solve_quad_arr(z, tmp, group->poly, ctx)) {
+            unsigned long err = ERR_peek_last_error();
+
+            if (ERR_GET_LIB(err) == ERR_LIB_BN
+                && ERR_GET_REASON(err) == BN_R_NO_SOLUTION) {
+                ERR_clear_error();
+                ECerr(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES,
+                      EC_R_INVALID_COMPRESSED_POINT);
+            } else
+                ECerr(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES,
+                      ERR_R_BN_LIB);
+            goto err;
+        }
+        z0 = (BN_is_odd(z)) ? 1 : 0;
+        if (!group->meth->field_mul(group, y, x, z, ctx))
+            goto err;
+        if (z0 != y_bit) {
+            if (!BN_GF2m_add(y, y, x))
+                goto err;
+        }
+    }
+
+    if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx))
+        goto err;
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+/*
+ * Converts an EC_POINT to an octet string. If buf is NULL, the encoded
+ * length will be returned. If the length len of buf is smaller than required
+ * an error will be returned.
+ */
+size_t ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point,
+                                point_conversion_form_t form,
+                                unsigned char *buf, size_t len, BN_CTX *ctx)
+{
+    size_t ret;
+    BN_CTX *new_ctx = NULL;
+    int used_ctx = 0;
+    BIGNUM *x, *y, *yxi;
+    size_t field_len, i, skip;
+
+    if ((form != POINT_CONVERSION_COMPRESSED)
+        && (form != POINT_CONVERSION_UNCOMPRESSED)
+        && (form != POINT_CONVERSION_HYBRID)) {
+        ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_INVALID_FORM);
+        goto err;
+    }
+
+    if (EC_POINT_is_at_infinity(group, point)) {
+        /* encodes to a single 0 octet */
+        if (buf != NULL) {
+            if (len < 1) {
+                ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
+                return 0;
+            }
+            buf[0] = 0;
+        }
+        return 1;
+    }
+
+    /* ret := required output buffer length */
+    field_len = (EC_GROUP_get_degree(group) + 7) / 8;
+    ret =
+        (form ==
+         POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len;
+
+    /* if 'buf' is NULL, just return required length */
+    if (buf != NULL) {
+        if (len < ret) {
+            ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
+            goto err;
+        }
+
+        if (ctx == NULL) {
+            ctx = new_ctx = BN_CTX_new();
+            if (ctx == NULL)
+                return 0;
+        }
+
+        BN_CTX_start(ctx);
+        used_ctx = 1;
+        x = BN_CTX_get(ctx);
+        y = BN_CTX_get(ctx);
+        yxi = BN_CTX_get(ctx);
+        if (yxi == NULL)
+            goto err;
+
+        if (!EC_POINT_get_affine_coordinates(group, point, x, y, ctx))
+            goto err;
+
+        buf[0] = form;
+        if ((form != POINT_CONVERSION_UNCOMPRESSED) && !BN_is_zero(x)) {
+            if (!group->meth->field_div(group, yxi, y, x, ctx))
+                goto err;
+            if (BN_is_odd(yxi))
+                buf[0]++;
+        }
+
+        i = 1;
+
+        skip = field_len - BN_num_bytes(x);
+        if (skip > field_len) {
+            ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        while (skip > 0) {
+            buf[i++] = 0;
+            skip--;
+        }
+        skip = BN_bn2bin(x, buf + i);
+        i += skip;
+        if (i != 1 + field_len) {
+            ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        if (form == POINT_CONVERSION_UNCOMPRESSED
+            || form == POINT_CONVERSION_HYBRID) {
+            skip = field_len - BN_num_bytes(y);
+            if (skip > field_len) {
+                ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            while (skip > 0) {
+                buf[i++] = 0;
+                skip--;
+            }
+            skip = BN_bn2bin(y, buf + i);
+            i += skip;
+        }
+
+        if (i != ret) {
+            ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+    }
+
+    if (used_ctx)
+        BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+
+ err:
+    if (used_ctx)
+        BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return 0;
+}
+
+/*
+ * Converts an octet string representation to an EC_POINT. Note that the
+ * simple implementation only uses affine coordinates.
+ */
+int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
+                             const unsigned char *buf, size_t len,
+                             BN_CTX *ctx)
+{
+    point_conversion_form_t form;
+    int y_bit;
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *x, *y, *yxi;
+    size_t field_len, enc_len;
+    int ret = 0;
+
+    if (len == 0) {
+        ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL);
+        return 0;
+    }
+    form = buf[0];
+    y_bit = form & 1;
+    form = form & ~1U;
+    if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED)
+        && (form != POINT_CONVERSION_UNCOMPRESSED)
+        && (form != POINT_CONVERSION_HYBRID)) {
+        ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+        return 0;
+    }
+    if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit) {
+        ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+        return 0;
+    }
+
+    if (form == 0) {
+        if (len != 1) {
+            ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+            return 0;
+        }
+
+        return EC_POINT_set_to_infinity(group, point);
+    }
+
+    field_len = (EC_GROUP_get_degree(group) + 7) / 8;
+    enc_len =
+        (form ==
+         POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len;
+
+    if (len != enc_len) {
+        ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+        return 0;
+    }
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    BN_CTX_start(ctx);
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    yxi = BN_CTX_get(ctx);
+    if (yxi == NULL)
+        goto err;
+
+    if (!BN_bin2bn(buf + 1, field_len, x))
+        goto err;
+    if (BN_ucmp(x, group->field) >= 0) {
+        ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+        goto err;
+    }
+
+    if (form == POINT_CONVERSION_COMPRESSED) {
+        if (!EC_POINT_set_compressed_coordinates(group, point, x, y_bit, ctx))
+            goto err;
+    } else {
+        if (!BN_bin2bn(buf + 1 + field_len, field_len, y))
+            goto err;
+        if (BN_ucmp(y, group->field) >= 0) {
+            ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+            goto err;
+        }
+        if (form == POINT_CONVERSION_HYBRID) {
+            if (!group->meth->field_div(group, yxi, y, x, ctx))
+                goto err;
+            if (y_bit != BN_is_odd(yxi)) {
+                ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+                goto err;
+            }
+        }
+
+        /*
+         * EC_POINT_set_affine_coordinates is responsible for checking that
+         * the point is on the curve.
+         */
+        if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx))
+            goto err;
+    }
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec2_smpl.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec2_smpl.c
new file mode 100644
index 000000000..0a05a7aee
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec2_smpl.c
@@ -0,0 +1,970 @@
+/*
+ * Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+
+#include "internal/bn_int.h"
+#include "ec_lcl.h"
+
+#ifndef OPENSSL_NO_EC2M
+
+/*
+ * Initialize a GF(2^m)-based EC_GROUP structure. Note that all other members
+ * are handled by EC_GROUP_new.
+ */
+int ec_GF2m_simple_group_init(EC_GROUP *group)
+{
+    group->field = BN_new();
+    group->a = BN_new();
+    group->b = BN_new();
+
+    if (group->field == NULL || group->a == NULL || group->b == NULL) {
+        BN_free(group->field);
+        BN_free(group->a);
+        BN_free(group->b);
+        return 0;
+    }
+    return 1;
+}
+
+/*
+ * Free a GF(2^m)-based EC_GROUP structure. Note that all other members are
+ * handled by EC_GROUP_free.
+ */
+void ec_GF2m_simple_group_finish(EC_GROUP *group)
+{
+    BN_free(group->field);
+    BN_free(group->a);
+    BN_free(group->b);
+}
+
+/*
+ * Clear and free a GF(2^m)-based EC_GROUP structure. Note that all other
+ * members are handled by EC_GROUP_clear_free.
+ */
+void ec_GF2m_simple_group_clear_finish(EC_GROUP *group)
+{
+    BN_clear_free(group->field);
+    BN_clear_free(group->a);
+    BN_clear_free(group->b);
+    group->poly[0] = 0;
+    group->poly[1] = 0;
+    group->poly[2] = 0;
+    group->poly[3] = 0;
+    group->poly[4] = 0;
+    group->poly[5] = -1;
+}
+
+/*
+ * Copy a GF(2^m)-based EC_GROUP structure. Note that all other members are
+ * handled by EC_GROUP_copy.
+ */
+int ec_GF2m_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src)
+{
+    if (!BN_copy(dest->field, src->field))
+        return 0;
+    if (!BN_copy(dest->a, src->a))
+        return 0;
+    if (!BN_copy(dest->b, src->b))
+        return 0;
+    dest->poly[0] = src->poly[0];
+    dest->poly[1] = src->poly[1];
+    dest->poly[2] = src->poly[2];
+    dest->poly[3] = src->poly[3];
+    dest->poly[4] = src->poly[4];
+    dest->poly[5] = src->poly[5];
+    if (bn_wexpand(dest->a, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) ==
+        NULL)
+        return 0;
+    if (bn_wexpand(dest->b, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) ==
+        NULL)
+        return 0;
+    bn_set_all_zero(dest->a);
+    bn_set_all_zero(dest->b);
+    return 1;
+}
+
+/* Set the curve parameters of an EC_GROUP structure. */
+int ec_GF2m_simple_group_set_curve(EC_GROUP *group,
+                                   const BIGNUM *p, const BIGNUM *a,
+                                   const BIGNUM *b, BN_CTX *ctx)
+{
+    int ret = 0, i;
+
+    /* group->field */
+    if (!BN_copy(group->field, p))
+        goto err;
+    i = BN_GF2m_poly2arr(group->field, group->poly, 6) - 1;
+    if ((i != 5) && (i != 3)) {
+        ECerr(EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD);
+        goto err;
+    }
+
+    /* group->a */
+    if (!BN_GF2m_mod_arr(group->a, a, group->poly))
+        goto err;
+    if (bn_wexpand(group->a, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2)
+        == NULL)
+        goto err;
+    bn_set_all_zero(group->a);
+
+    /* group->b */
+    if (!BN_GF2m_mod_arr(group->b, b, group->poly))
+        goto err;
+    if (bn_wexpand(group->b, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2)
+        == NULL)
+        goto err;
+    bn_set_all_zero(group->b);
+
+    ret = 1;
+ err:
+    return ret;
+}
+
+/*
+ * Get the curve parameters of an EC_GROUP structure. If p, a, or b are NULL
+ * then there values will not be set but the method will return with success.
+ */
+int ec_GF2m_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p,
+                                   BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
+{
+    int ret = 0;
+
+    if (p != NULL) {
+        if (!BN_copy(p, group->field))
+            return 0;
+    }
+
+    if (a != NULL) {
+        if (!BN_copy(a, group->a))
+            goto err;
+    }
+
+    if (b != NULL) {
+        if (!BN_copy(b, group->b))
+            goto err;
+    }
+
+    ret = 1;
+
+ err:
+    return ret;
+}
+
+/*
+ * Gets the degree of the field.  For a curve over GF(2^m) this is the value
+ * m.
+ */
+int ec_GF2m_simple_group_get_degree(const EC_GROUP *group)
+{
+    return BN_num_bits(group->field) - 1;
+}
+
+/*
+ * Checks the discriminant of the curve. y^2 + x*y = x^3 + a*x^2 + b is an
+ * elliptic curve <=> b != 0 (mod p)
+ */
+int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *group,
+                                            BN_CTX *ctx)
+{
+    int ret = 0;
+    BIGNUM *b;
+    BN_CTX *new_ctx = NULL;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL) {
+            ECerr(EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT,
+                  ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+    BN_CTX_start(ctx);
+    b = BN_CTX_get(ctx);
+    if (b == NULL)
+        goto err;
+
+    if (!BN_GF2m_mod_arr(b, group->b, group->poly))
+        goto err;
+
+    /*
+     * check the discriminant: y^2 + x*y = x^3 + a*x^2 + b is an elliptic
+     * curve <=> b != 0 (mod p)
+     */
+    if (BN_is_zero(b))
+        goto err;
+
+    ret = 1;
+
+ err:
+    if (ctx != NULL)
+        BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+/* Initializes an EC_POINT. */
+int ec_GF2m_simple_point_init(EC_POINT *point)
+{
+    point->X = BN_new();
+    point->Y = BN_new();
+    point->Z = BN_new();
+
+    if (point->X == NULL || point->Y == NULL || point->Z == NULL) {
+        BN_free(point->X);
+        BN_free(point->Y);
+        BN_free(point->Z);
+        return 0;
+    }
+    return 1;
+}
+
+/* Frees an EC_POINT. */
+void ec_GF2m_simple_point_finish(EC_POINT *point)
+{
+    BN_free(point->X);
+    BN_free(point->Y);
+    BN_free(point->Z);
+}
+
+/* Clears and frees an EC_POINT. */
+void ec_GF2m_simple_point_clear_finish(EC_POINT *point)
+{
+    BN_clear_free(point->X);
+    BN_clear_free(point->Y);
+    BN_clear_free(point->Z);
+    point->Z_is_one = 0;
+}
+
+/*
+ * Copy the contents of one EC_POINT into another.  Assumes dest is
+ * initialized.
+ */
+int ec_GF2m_simple_point_copy(EC_POINT *dest, const EC_POINT *src)
+{
+    if (!BN_copy(dest->X, src->X))
+        return 0;
+    if (!BN_copy(dest->Y, src->Y))
+        return 0;
+    if (!BN_copy(dest->Z, src->Z))
+        return 0;
+    dest->Z_is_one = src->Z_is_one;
+    dest->curve_name = src->curve_name;
+
+    return 1;
+}
+
+/*
+ * Set an EC_POINT to the point at infinity. A point at infinity is
+ * represented by having Z=0.
+ */
+int ec_GF2m_simple_point_set_to_infinity(const EC_GROUP *group,
+                                         EC_POINT *point)
+{
+    point->Z_is_one = 0;
+    BN_zero(point->Z);
+    return 1;
+}
+
+/*
+ * Set the coordinates of an EC_POINT using affine coordinates. Note that
+ * the simple implementation only uses affine coordinates.
+ */
+int ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP *group,
+                                                EC_POINT *point,
+                                                const BIGNUM *x,
+                                                const BIGNUM *y, BN_CTX *ctx)
+{
+    int ret = 0;
+    if (x == NULL || y == NULL) {
+        ECerr(EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES,
+              ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
+    if (!BN_copy(point->X, x))
+        goto err;
+    BN_set_negative(point->X, 0);
+    if (!BN_copy(point->Y, y))
+        goto err;
+    BN_set_negative(point->Y, 0);
+    if (!BN_copy(point->Z, BN_value_one()))
+        goto err;
+    BN_set_negative(point->Z, 0);
+    point->Z_is_one = 1;
+    ret = 1;
+
+ err:
+    return ret;
+}
+
+/*
+ * Gets the affine coordinates of an EC_POINT. Note that the simple
+ * implementation only uses affine coordinates.
+ */
+int ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *group,
+                                                const EC_POINT *point,
+                                                BIGNUM *x, BIGNUM *y,
+                                                BN_CTX *ctx)
+{
+    int ret = 0;
+
+    if (EC_POINT_is_at_infinity(group, point)) {
+        ECerr(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES,
+              EC_R_POINT_AT_INFINITY);
+        return 0;
+    }
+
+    if (BN_cmp(point->Z, BN_value_one())) {
+        ECerr(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (x != NULL) {
+        if (!BN_copy(x, point->X))
+            goto err;
+        BN_set_negative(x, 0);
+    }
+    if (y != NULL) {
+        if (!BN_copy(y, point->Y))
+            goto err;
+        BN_set_negative(y, 0);
+    }
+    ret = 1;
+
+ err:
+    return ret;
+}
+
+/*
+ * Computes a + b and stores the result in r.  r could be a or b, a could be
+ * b. Uses algorithm A.10.2 of IEEE P1363.
+ */
+int ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
+                       const EC_POINT *b, BN_CTX *ctx)
+{
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *x0, *y0, *x1, *y1, *x2, *y2, *s, *t;
+    int ret = 0;
+
+    if (EC_POINT_is_at_infinity(group, a)) {
+        if (!EC_POINT_copy(r, b))
+            return 0;
+        return 1;
+    }
+
+    if (EC_POINT_is_at_infinity(group, b)) {
+        if (!EC_POINT_copy(r, a))
+            return 0;
+        return 1;
+    }
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    BN_CTX_start(ctx);
+    x0 = BN_CTX_get(ctx);
+    y0 = BN_CTX_get(ctx);
+    x1 = BN_CTX_get(ctx);
+    y1 = BN_CTX_get(ctx);
+    x2 = BN_CTX_get(ctx);
+    y2 = BN_CTX_get(ctx);
+    s = BN_CTX_get(ctx);
+    t = BN_CTX_get(ctx);
+    if (t == NULL)
+        goto err;
+
+    if (a->Z_is_one) {
+        if (!BN_copy(x0, a->X))
+            goto err;
+        if (!BN_copy(y0, a->Y))
+            goto err;
+    } else {
+        if (!EC_POINT_get_affine_coordinates(group, a, x0, y0, ctx))
+            goto err;
+    }
+    if (b->Z_is_one) {
+        if (!BN_copy(x1, b->X))
+            goto err;
+        if (!BN_copy(y1, b->Y))
+            goto err;
+    } else {
+        if (!EC_POINT_get_affine_coordinates(group, b, x1, y1, ctx))
+            goto err;
+    }
+
+    if (BN_GF2m_cmp(x0, x1)) {
+        if (!BN_GF2m_add(t, x0, x1))
+            goto err;
+        if (!BN_GF2m_add(s, y0, y1))
+            goto err;
+        if (!group->meth->field_div(group, s, s, t, ctx))
+            goto err;
+        if (!group->meth->field_sqr(group, x2, s, ctx))
+            goto err;
+        if (!BN_GF2m_add(x2, x2, group->a))
+            goto err;
+        if (!BN_GF2m_add(x2, x2, s))
+            goto err;
+        if (!BN_GF2m_add(x2, x2, t))
+            goto err;
+    } else {
+        if (BN_GF2m_cmp(y0, y1) || BN_is_zero(x1)) {
+            if (!EC_POINT_set_to_infinity(group, r))
+                goto err;
+            ret = 1;
+            goto err;
+        }
+        if (!group->meth->field_div(group, s, y1, x1, ctx))
+            goto err;
+        if (!BN_GF2m_add(s, s, x1))
+            goto err;
+
+        if (!group->meth->field_sqr(group, x2, s, ctx))
+            goto err;
+        if (!BN_GF2m_add(x2, x2, s))
+            goto err;
+        if (!BN_GF2m_add(x2, x2, group->a))
+            goto err;
+    }
+
+    if (!BN_GF2m_add(y2, x1, x2))
+        goto err;
+    if (!group->meth->field_mul(group, y2, y2, s, ctx))
+        goto err;
+    if (!BN_GF2m_add(y2, y2, x2))
+        goto err;
+    if (!BN_GF2m_add(y2, y2, y1))
+        goto err;
+
+    if (!EC_POINT_set_affine_coordinates(group, r, x2, y2, ctx))
+        goto err;
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+/*
+ * Computes 2 * a and stores the result in r.  r could be a. Uses algorithm
+ * A.10.2 of IEEE P1363.
+ */
+int ec_GF2m_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
+                       BN_CTX *ctx)
+{
+    return ec_GF2m_simple_add(group, r, a, a, ctx);
+}
+
+int ec_GF2m_simple_invert(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
+{
+    if (EC_POINT_is_at_infinity(group, point) || BN_is_zero(point->Y))
+        /* point is its own inverse */
+        return 1;
+
+    if (!EC_POINT_make_affine(group, point, ctx))
+        return 0;
+    return BN_GF2m_add(point->Y, point->X, point->Y);
+}
+
+/* Indicates whether the given point is the point at infinity. */
+int ec_GF2m_simple_is_at_infinity(const EC_GROUP *group,
+                                  const EC_POINT *point)
+{
+    return BN_is_zero(point->Z);
+}
+
+/*-
+ * Determines whether the given EC_POINT is an actual point on the curve defined
+ * in the EC_GROUP.  A point is valid if it satisfies the Weierstrass equation:
+ *      y^2 + x*y = x^3 + a*x^2 + b.
+ */
+int ec_GF2m_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
+                               BN_CTX *ctx)
+{
+    int ret = -1;
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *lh, *y2;
+    int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *,
+                      const BIGNUM *, BN_CTX *);
+    int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
+
+    if (EC_POINT_is_at_infinity(group, point))
+        return 1;
+
+    field_mul = group->meth->field_mul;
+    field_sqr = group->meth->field_sqr;
+
+    /* only support affine coordinates */
+    if (!point->Z_is_one)
+        return -1;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return -1;
+    }
+
+    BN_CTX_start(ctx);
+    y2 = BN_CTX_get(ctx);
+    lh = BN_CTX_get(ctx);
+    if (lh == NULL)
+        goto err;
+
+    /*-
+     * We have a curve defined by a Weierstrass equation
+     *      y^2 + x*y = x^3 + a*x^2 + b.
+     *  <=> x^3 + a*x^2 + x*y + b + y^2 = 0
+     *  <=> ((x + a) * x + y ) * x + b + y^2 = 0
+     */
+    if (!BN_GF2m_add(lh, point->X, group->a))
+        goto err;
+    if (!field_mul(group, lh, lh, point->X, ctx))
+        goto err;
+    if (!BN_GF2m_add(lh, lh, point->Y))
+        goto err;
+    if (!field_mul(group, lh, lh, point->X, ctx))
+        goto err;
+    if (!BN_GF2m_add(lh, lh, group->b))
+        goto err;
+    if (!field_sqr(group, y2, point->Y, ctx))
+        goto err;
+    if (!BN_GF2m_add(lh, lh, y2))
+        goto err;
+    ret = BN_is_zero(lh);
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+/*-
+ * Indicates whether two points are equal.
+ * Return values:
+ *  -1   error
+ *   0   equal (in affine coordinates)
+ *   1   not equal
+ */
+int ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a,
+                       const EC_POINT *b, BN_CTX *ctx)
+{
+    BIGNUM *aX, *aY, *bX, *bY;
+    BN_CTX *new_ctx = NULL;
+    int ret = -1;
+
+    if (EC_POINT_is_at_infinity(group, a)) {
+        return EC_POINT_is_at_infinity(group, b) ? 0 : 1;
+    }
+
+    if (EC_POINT_is_at_infinity(group, b))
+        return 1;
+
+    if (a->Z_is_one && b->Z_is_one) {
+        return ((BN_cmp(a->X, b->X) == 0) && BN_cmp(a->Y, b->Y) == 0) ? 0 : 1;
+    }
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return -1;
+    }
+
+    BN_CTX_start(ctx);
+    aX = BN_CTX_get(ctx);
+    aY = BN_CTX_get(ctx);
+    bX = BN_CTX_get(ctx);
+    bY = BN_CTX_get(ctx);
+    if (bY == NULL)
+        goto err;
+
+    if (!EC_POINT_get_affine_coordinates(group, a, aX, aY, ctx))
+        goto err;
+    if (!EC_POINT_get_affine_coordinates(group, b, bX, bY, ctx))
+        goto err;
+    ret = ((BN_cmp(aX, bX) == 0) && BN_cmp(aY, bY) == 0) ? 0 : 1;
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+/* Forces the given EC_POINT to internally use affine coordinates. */
+int ec_GF2m_simple_make_affine(const EC_GROUP *group, EC_POINT *point,
+                               BN_CTX *ctx)
+{
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *x, *y;
+    int ret = 0;
+
+    if (point->Z_is_one || EC_POINT_is_at_infinity(group, point))
+        return 1;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    BN_CTX_start(ctx);
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    if (y == NULL)
+        goto err;
+
+    if (!EC_POINT_get_affine_coordinates(group, point, x, y, ctx))
+        goto err;
+    if (!BN_copy(point->X, x))
+        goto err;
+    if (!BN_copy(point->Y, y))
+        goto err;
+    if (!BN_one(point->Z))
+        goto err;
+    point->Z_is_one = 1;
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+/*
+ * Forces each of the EC_POINTs in the given array to use affine coordinates.
+ */
+int ec_GF2m_simple_points_make_affine(const EC_GROUP *group, size_t num,
+                                      EC_POINT *points[], BN_CTX *ctx)
+{
+    size_t i;
+
+    for (i = 0; i < num; i++) {
+        if (!group->meth->make_affine(group, points[i], ctx))
+            return 0;
+    }
+
+    return 1;
+}
+
+/* Wrapper to simple binary polynomial field multiplication implementation. */
+int ec_GF2m_simple_field_mul(const EC_GROUP *group, BIGNUM *r,
+                             const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+{
+    return BN_GF2m_mod_mul_arr(r, a, b, group->poly, ctx);
+}
+
+/* Wrapper to simple binary polynomial field squaring implementation. */
+int ec_GF2m_simple_field_sqr(const EC_GROUP *group, BIGNUM *r,
+                             const BIGNUM *a, BN_CTX *ctx)
+{
+    return BN_GF2m_mod_sqr_arr(r, a, group->poly, ctx);
+}
+
+/* Wrapper to simple binary polynomial field division implementation. */
+int ec_GF2m_simple_field_div(const EC_GROUP *group, BIGNUM *r,
+                             const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+{
+    return BN_GF2m_mod_div(r, a, b, group->field, ctx);
+}
+
+/*-
+ * Lopez-Dahab ladder, pre step.
+ * See e.g. "Guide to ECC" Alg 3.40.
+ * Modified to blind s and r independently.
+ * s:= p, r := 2p
+ */
+static
+int ec_GF2m_simple_ladder_pre(const EC_GROUP *group,
+                              EC_POINT *r, EC_POINT *s,
+                              EC_POINT *p, BN_CTX *ctx)
+{
+    /* if p is not affine, something is wrong */
+    if (p->Z_is_one == 0)
+        return 0;
+
+    /* s blinding: make sure lambda (s->Z here) is not zero */
+    do {
+        if (!BN_priv_rand(s->Z, BN_num_bits(group->field) - 1,
+                          BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) {
+            ECerr(EC_F_EC_GF2M_SIMPLE_LADDER_PRE, ERR_R_BN_LIB);
+            return 0;
+        }
+    } while (BN_is_zero(s->Z));
+
+    /* if field_encode defined convert between representations */
+    if ((group->meth->field_encode != NULL
+         && !group->meth->field_encode(group, s->Z, s->Z, ctx))
+        || !group->meth->field_mul(group, s->X, p->X, s->Z, ctx))
+        return 0;
+
+    /* r blinding: make sure lambda (r->Y here for storage) is not zero */
+    do {
+        if (!BN_priv_rand(r->Y, BN_num_bits(group->field) - 1,
+                          BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) {
+            ECerr(EC_F_EC_GF2M_SIMPLE_LADDER_PRE, ERR_R_BN_LIB);
+            return 0;
+        }
+    } while (BN_is_zero(r->Y));
+
+    if ((group->meth->field_encode != NULL
+         && !group->meth->field_encode(group, r->Y, r->Y, ctx))
+        || !group->meth->field_sqr(group, r->Z, p->X, ctx)
+        || !group->meth->field_sqr(group, r->X, r->Z, ctx)
+        || !BN_GF2m_add(r->X, r->X, group->b)
+        || !group->meth->field_mul(group, r->Z, r->Z, r->Y, ctx)
+        || !group->meth->field_mul(group, r->X, r->X, r->Y, ctx))
+        return 0;
+
+    s->Z_is_one = 0;
+    r->Z_is_one = 0;
+
+    return 1;
+}
+
+/*-
+ * Ladder step: differential addition-and-doubling, mixed Lopez-Dahab coords.
+ * http://www.hyperelliptic.org/EFD/g12o/auto-code/shortw/xz/ladder/mladd-2003-s.op3
+ * s := r + s, r := 2r
+ */
+static
+int ec_GF2m_simple_ladder_step(const EC_GROUP *group,
+                               EC_POINT *r, EC_POINT *s,
+                               EC_POINT *p, BN_CTX *ctx)
+{
+    if (!group->meth->field_mul(group, r->Y, r->Z, s->X, ctx)
+        || !group->meth->field_mul(group, s->X, r->X, s->Z, ctx)
+        || !group->meth->field_sqr(group, s->Y, r->Z, ctx)
+        || !group->meth->field_sqr(group, r->Z, r->X, ctx)
+        || !BN_GF2m_add(s->Z, r->Y, s->X)
+        || !group->meth->field_sqr(group, s->Z, s->Z, ctx)
+        || !group->meth->field_mul(group, s->X, r->Y, s->X, ctx)
+        || !group->meth->field_mul(group, r->Y, s->Z, p->X, ctx)
+        || !BN_GF2m_add(s->X, s->X, r->Y)
+        || !group->meth->field_sqr(group, r->Y, r->Z, ctx)
+        || !group->meth->field_mul(group, r->Z, r->Z, s->Y, ctx)
+        || !group->meth->field_sqr(group, s->Y, s->Y, ctx)
+        || !group->meth->field_mul(group, s->Y, s->Y, group->b, ctx)
+        || !BN_GF2m_add(r->X, r->Y, s->Y))
+        return 0;
+
+    return 1;
+}
+
+/*-
+ * Recover affine (x,y) result from Lopez-Dahab r and s, affine p.
+ * See e.g. "Fast Multiplication on Elliptic Curves over GF(2**m)
+ * without Precomputation" (Lopez and Dahab, CHES 1999),
+ * Appendix Alg Mxy.
+ */
+static
+int ec_GF2m_simple_ladder_post(const EC_GROUP *group,
+                               EC_POINT *r, EC_POINT *s,
+                               EC_POINT *p, BN_CTX *ctx)
+{
+    int ret = 0;
+    BIGNUM *t0, *t1, *t2 = NULL;
+
+    if (BN_is_zero(r->Z))
+        return EC_POINT_set_to_infinity(group, r);
+
+    if (BN_is_zero(s->Z)) {
+        if (!EC_POINT_copy(r, p)
+            || !EC_POINT_invert(group, r, ctx)) {
+            ECerr(EC_F_EC_GF2M_SIMPLE_LADDER_POST, ERR_R_EC_LIB);
+            return 0;
+        }
+        return 1;
+    }
+
+    BN_CTX_start(ctx);
+    t0 = BN_CTX_get(ctx);
+    t1 = BN_CTX_get(ctx);
+    t2 = BN_CTX_get(ctx);
+    if (t2 == NULL) {
+        ECerr(EC_F_EC_GF2M_SIMPLE_LADDER_POST, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (!group->meth->field_mul(group, t0, r->Z, s->Z, ctx)
+        || !group->meth->field_mul(group, t1, p->X, r->Z, ctx)
+        || !BN_GF2m_add(t1, r->X, t1)
+        || !group->meth->field_mul(group, t2, p->X, s->Z, ctx)
+        || !group->meth->field_mul(group, r->Z, r->X, t2, ctx)
+        || !BN_GF2m_add(t2, t2, s->X)
+        || !group->meth->field_mul(group, t1, t1, t2, ctx)
+        || !group->meth->field_sqr(group, t2, p->X, ctx)
+        || !BN_GF2m_add(t2, p->Y, t2)
+        || !group->meth->field_mul(group, t2, t2, t0, ctx)
+        || !BN_GF2m_add(t1, t2, t1)
+        || !group->meth->field_mul(group, t2, p->X, t0, ctx)
+        || !group->meth->field_inv(group, t2, t2, ctx)
+        || !group->meth->field_mul(group, t1, t1, t2, ctx)
+        || !group->meth->field_mul(group, r->X, r->Z, t2, ctx)
+        || !BN_GF2m_add(t2, p->X, r->X)
+        || !group->meth->field_mul(group, t2, t2, t1, ctx)
+        || !BN_GF2m_add(r->Y, p->Y, t2)
+        || !BN_one(r->Z))
+        goto err;
+
+    r->Z_is_one = 1;
+
+    /* GF(2^m) field elements should always have BIGNUM::neg = 0 */
+    BN_set_negative(r->X, 0);
+    BN_set_negative(r->Y, 0);
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+static
+int ec_GF2m_simple_points_mul(const EC_GROUP *group, EC_POINT *r,
+                              const BIGNUM *scalar, size_t num,
+                              const EC_POINT *points[],
+                              const BIGNUM *scalars[],
+                              BN_CTX *ctx)
+{
+    int ret = 0;
+    EC_POINT *t = NULL;
+
+    /*-
+     * We limit use of the ladder only to the following cases:
+     * - r := scalar * G
+     *   Fixed point mul: scalar != NULL && num == 0;
+     * - r := scalars[0] * points[0]
+     *   Variable point mul: scalar == NULL && num == 1;
+     * - r := scalar * G + scalars[0] * points[0]
+     *   used, e.g., in ECDSA verification: scalar != NULL && num == 1
+     *
+     * In any other case (num > 1) we use the default wNAF implementation.
+     *
+     * We also let the default implementation handle degenerate cases like group
+     * order or cofactor set to 0.
+     */
+    if (num > 1 || BN_is_zero(group->order) || BN_is_zero(group->cofactor))
+        return ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx);
+
+    if (scalar != NULL && num == 0)
+        /* Fixed point multiplication */
+        return ec_scalar_mul_ladder(group, r, scalar, NULL, ctx);
+
+    if (scalar == NULL && num == 1)
+        /* Variable point multiplication */
+        return ec_scalar_mul_ladder(group, r, scalars[0], points[0], ctx);
+
+    /*-
+     * Double point multiplication:
+     *  r := scalar * G + scalars[0] * points[0]
+     */
+
+    if ((t = EC_POINT_new(group)) == NULL) {
+        ECerr(EC_F_EC_GF2M_SIMPLE_POINTS_MUL, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    if (!ec_scalar_mul_ladder(group, t, scalar, NULL, ctx)
+        || !ec_scalar_mul_ladder(group, r, scalars[0], points[0], ctx)
+        || !EC_POINT_add(group, r, t, r, ctx))
+        goto err;
+
+    ret = 1;
+
+ err:
+    EC_POINT_free(t);
+    return ret;
+}
+
+/*-
+ * Computes the multiplicative inverse of a in GF(2^m), storing the result in r.
+ * If a is zero (or equivalent), you'll get a EC_R_CANNOT_INVERT error.
+ * SCA hardening is with blinding: BN_GF2m_mod_inv does that.
+ */
+static int ec_GF2m_simple_field_inv(const EC_GROUP *group, BIGNUM *r,
+                                    const BIGNUM *a, BN_CTX *ctx)
+{
+    int ret;
+
+    if (!(ret = BN_GF2m_mod_inv(r, a, group->field, ctx)))
+        ECerr(EC_F_EC_GF2M_SIMPLE_FIELD_INV, EC_R_CANNOT_INVERT);
+    return ret;
+}
+
+const EC_METHOD *EC_GF2m_simple_method(void)
+{
+    static const EC_METHOD ret = {
+        EC_FLAGS_DEFAULT_OCT,
+        NID_X9_62_characteristic_two_field,
+        ec_GF2m_simple_group_init,
+        ec_GF2m_simple_group_finish,
+        ec_GF2m_simple_group_clear_finish,
+        ec_GF2m_simple_group_copy,
+        ec_GF2m_simple_group_set_curve,
+        ec_GF2m_simple_group_get_curve,
+        ec_GF2m_simple_group_get_degree,
+        ec_group_simple_order_bits,
+        ec_GF2m_simple_group_check_discriminant,
+        ec_GF2m_simple_point_init,
+        ec_GF2m_simple_point_finish,
+        ec_GF2m_simple_point_clear_finish,
+        ec_GF2m_simple_point_copy,
+        ec_GF2m_simple_point_set_to_infinity,
+        0, /* set_Jprojective_coordinates_GFp */
+        0, /* get_Jprojective_coordinates_GFp */
+        ec_GF2m_simple_point_set_affine_coordinates,
+        ec_GF2m_simple_point_get_affine_coordinates,
+        0, /* point_set_compressed_coordinates */
+        0, /* point2oct */
+        0, /* oct2point */
+        ec_GF2m_simple_add,
+        ec_GF2m_simple_dbl,
+        ec_GF2m_simple_invert,
+        ec_GF2m_simple_is_at_infinity,
+        ec_GF2m_simple_is_on_curve,
+        ec_GF2m_simple_cmp,
+        ec_GF2m_simple_make_affine,
+        ec_GF2m_simple_points_make_affine,
+        ec_GF2m_simple_points_mul,
+        0, /* precompute_mult */
+        0, /* have_precompute_mult */
+        ec_GF2m_simple_field_mul,
+        ec_GF2m_simple_field_sqr,
+        ec_GF2m_simple_field_div,
+        ec_GF2m_simple_field_inv,
+        0, /* field_encode */
+        0, /* field_decode */
+        0, /* field_set_to_one */
+        ec_key_simple_priv2oct,
+        ec_key_simple_oct2priv,
+        0, /* set private */
+        ec_key_simple_generate_key,
+        ec_key_simple_check_key,
+        ec_key_simple_generate_public_key,
+        0, /* keycopy */
+        0, /* keyfinish */
+        ecdh_simple_compute_key,
+        0, /* field_inverse_mod_ord */
+        0, /* blind_coordinates */
+        ec_GF2m_simple_ladder_pre,
+        ec_GF2m_simple_ladder_step,
+        ec_GF2m_simple_ladder_post
+    };
+
+    return &ret;
+}
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_ameth.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_ameth.c
new file mode 100644
index 000000000..8b363e096
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_ameth.c
@@ -0,0 +1,942 @@
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/ec.h>
+#include <openssl/bn.h>
+#include <openssl/cms.h>
+#include <openssl/asn1t.h>
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
+#include "ec_lcl.h"
+
+#ifndef OPENSSL_NO_CMS
+static int ecdh_cms_decrypt(CMS_RecipientInfo *ri);
+static int ecdh_cms_encrypt(CMS_RecipientInfo *ri);
+#endif
+
+static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key)
+{
+    const EC_GROUP *group;
+    int nid;
+    if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL) {
+        ECerr(EC_F_ECKEY_PARAM2TYPE, EC_R_MISSING_PARAMETERS);
+        return 0;
+    }
+    if (EC_GROUP_get_asn1_flag(group)
+        && (nid = EC_GROUP_get_curve_name(group)))
+        /* we have a 'named curve' => just set the OID */
+    {
+        *ppval = OBJ_nid2obj(nid);
+        *pptype = V_ASN1_OBJECT;
+    } else {                    /* explicit parameters */
+
+        ASN1_STRING *pstr = NULL;
+        pstr = ASN1_STRING_new();
+        if (pstr == NULL)
+            return 0;
+        pstr->length = i2d_ECParameters(ec_key, &pstr->data);
+        if (pstr->length <= 0) {
+            ASN1_STRING_free(pstr);
+            ECerr(EC_F_ECKEY_PARAM2TYPE, ERR_R_EC_LIB);
+            return 0;
+        }
+        *ppval = pstr;
+        *pptype = V_ASN1_SEQUENCE;
+    }
+    return 1;
+}
+
+static int eckey_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
+{
+    EC_KEY *ec_key = pkey->pkey.ec;
+    void *pval = NULL;
+    int ptype;
+    unsigned char *penc = NULL, *p;
+    int penclen;
+
+    if (!eckey_param2type(&ptype, &pval, ec_key)) {
+        ECerr(EC_F_ECKEY_PUB_ENCODE, ERR_R_EC_LIB);
+        return 0;
+    }
+    penclen = i2o_ECPublicKey(ec_key, NULL);
+    if (penclen <= 0)
+        goto err;
+    penc = OPENSSL_malloc(penclen);
+    if (penc == NULL)
+        goto err;
+    p = penc;
+    penclen = i2o_ECPublicKey(ec_key, &p);
+    if (penclen <= 0)
+        goto err;
+    if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_EC),
+                               ptype, pval, penc, penclen))
+        return 1;
+ err:
+    if (ptype == V_ASN1_OBJECT)
+        ASN1_OBJECT_free(pval);
+    else
+        ASN1_STRING_free(pval);
+    OPENSSL_free(penc);
+    return 0;
+}
+
+static EC_KEY *eckey_type2param(int ptype, const void *pval)
+{
+    EC_KEY *eckey = NULL;
+    EC_GROUP *group = NULL;
+
+    if (ptype == V_ASN1_SEQUENCE) {
+        const ASN1_STRING *pstr = pval;
+        const unsigned char *pm = pstr->data;
+        int pmlen = pstr->length;
+
+        if ((eckey = d2i_ECParameters(NULL, &pm, pmlen)) == NULL) {
+            ECerr(EC_F_ECKEY_TYPE2PARAM, EC_R_DECODE_ERROR);
+            goto ecerr;
+        }
+    } else if (ptype == V_ASN1_OBJECT) {
+        const ASN1_OBJECT *poid = pval;
+
+        /*
+         * type == V_ASN1_OBJECT => the parameters are given by an asn1 OID
+         */
+        if ((eckey = EC_KEY_new()) == NULL) {
+            ECerr(EC_F_ECKEY_TYPE2PARAM, ERR_R_MALLOC_FAILURE);
+            goto ecerr;
+        }
+        group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(poid));
+        if (group == NULL)
+            goto ecerr;
+        EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
+        if (EC_KEY_set_group(eckey, group) == 0)
+            goto ecerr;
+        EC_GROUP_free(group);
+    } else {
+        ECerr(EC_F_ECKEY_TYPE2PARAM, EC_R_DECODE_ERROR);
+        goto ecerr;
+    }
+
+    return eckey;
+
+ ecerr:
+    EC_KEY_free(eckey);
+    EC_GROUP_free(group);
+    return NULL;
+}
+
+static int eckey_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
+{
+    const unsigned char *p = NULL;
+    const void *pval;
+    int ptype, pklen;
+    EC_KEY *eckey = NULL;
+    X509_ALGOR *palg;
+
+    if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
+        return 0;
+    X509_ALGOR_get0(NULL, &ptype, &pval, palg);
+
+    eckey = eckey_type2param(ptype, pval);
+
+    if (!eckey) {
+        ECerr(EC_F_ECKEY_PUB_DECODE, ERR_R_EC_LIB);
+        return 0;
+    }
+
+    /* We have parameters now set public key */
+    if (!o2i_ECPublicKey(&eckey, &p, pklen)) {
+        ECerr(EC_F_ECKEY_PUB_DECODE, EC_R_DECODE_ERROR);
+        goto ecerr;
+    }
+
+    EVP_PKEY_assign_EC_KEY(pkey, eckey);
+    return 1;
+
+ ecerr:
+    EC_KEY_free(eckey);
+    return 0;
+}
+
+static int eckey_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+    int r;
+    const EC_GROUP *group = EC_KEY_get0_group(b->pkey.ec);
+    const EC_POINT *pa = EC_KEY_get0_public_key(a->pkey.ec),
+        *pb = EC_KEY_get0_public_key(b->pkey.ec);
+    if (group == NULL || pa == NULL || pb == NULL)
+        return -2;
+    r = EC_POINT_cmp(group, pa, pb, NULL);
+    if (r == 0)
+        return 1;
+    if (r == 1)
+        return 0;
+    return -2;
+}
+
+static int eckey_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
+{
+    const unsigned char *p = NULL;
+    const void *pval;
+    int ptype, pklen;
+    EC_KEY *eckey = NULL;
+    const X509_ALGOR *palg;
+
+    if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
+        return 0;
+    X509_ALGOR_get0(NULL, &ptype, &pval, palg);
+
+    eckey = eckey_type2param(ptype, pval);
+
+    if (!eckey)
+        goto ecliberr;
+
+    /* We have parameters now set private key */
+    if (!d2i_ECPrivateKey(&eckey, &p, pklen)) {
+        ECerr(EC_F_ECKEY_PRIV_DECODE, EC_R_DECODE_ERROR);
+        goto ecerr;
+    }
+
+    EVP_PKEY_assign_EC_KEY(pkey, eckey);
+    return 1;
+
+ ecliberr:
+    ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
+ ecerr:
+    EC_KEY_free(eckey);
+    return 0;
+}
+
+static int eckey_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
+{
+    EC_KEY ec_key = *(pkey->pkey.ec);
+    unsigned char *ep, *p;
+    int eplen, ptype;
+    void *pval;
+    unsigned int old_flags;
+
+    if (!eckey_param2type(&ptype, &pval, &ec_key)) {
+        ECerr(EC_F_ECKEY_PRIV_ENCODE, EC_R_DECODE_ERROR);
+        return 0;
+    }
+
+    /* set the private key */
+
+    /*
+     * do not include the parameters in the SEC1 private key see PKCS#11
+     * 12.11
+     */
+    old_flags = EC_KEY_get_enc_flags(&ec_key);
+    EC_KEY_set_enc_flags(&ec_key, old_flags | EC_PKEY_NO_PARAMETERS);
+
+    eplen = i2d_ECPrivateKey(&ec_key, NULL);
+    if (!eplen) {
+        ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB);
+        return 0;
+    }
+    ep = OPENSSL_malloc(eplen);
+    if (ep == NULL) {
+        ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    p = ep;
+    if (!i2d_ECPrivateKey(&ec_key, &p)) {
+        OPENSSL_free(ep);
+        ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB);
+        return 0;
+    }
+
+    if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_X9_62_id_ecPublicKey), 0,
+                         ptype, pval, ep, eplen)) {
+        OPENSSL_free(ep);
+        return 0;
+    }
+
+    return 1;
+}
+
+static int int_ec_size(const EVP_PKEY *pkey)
+{
+    return ECDSA_size(pkey->pkey.ec);
+}
+
+static int ec_bits(const EVP_PKEY *pkey)
+{
+    return EC_GROUP_order_bits(EC_KEY_get0_group(pkey->pkey.ec));
+}
+
+static int ec_security_bits(const EVP_PKEY *pkey)
+{
+    int ecbits = ec_bits(pkey);
+    if (ecbits >= 512)
+        return 256;
+    if (ecbits >= 384)
+        return 192;
+    if (ecbits >= 256)
+        return 128;
+    if (ecbits >= 224)
+        return 112;
+    if (ecbits >= 160)
+        return 80;
+    return ecbits / 2;
+}
+
+static int ec_missing_parameters(const EVP_PKEY *pkey)
+{
+    if (pkey->pkey.ec == NULL || EC_KEY_get0_group(pkey->pkey.ec) == NULL)
+        return 1;
+    return 0;
+}
+
+static int ec_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
+{
+    EC_GROUP *group = EC_GROUP_dup(EC_KEY_get0_group(from->pkey.ec));
+
+    if (group == NULL)
+        return 0;
+    if (to->pkey.ec == NULL) {
+        to->pkey.ec = EC_KEY_new();
+        if (to->pkey.ec == NULL)
+            goto err;
+    }
+    if (EC_KEY_set_group(to->pkey.ec, group) == 0)
+        goto err;
+    EC_GROUP_free(group);
+    return 1;
+ err:
+    EC_GROUP_free(group);
+    return 0;
+}
+
+static int ec_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+    const EC_GROUP *group_a = EC_KEY_get0_group(a->pkey.ec),
+        *group_b = EC_KEY_get0_group(b->pkey.ec);
+    if (group_a == NULL || group_b == NULL)
+        return -2;
+    if (EC_GROUP_cmp(group_a, group_b, NULL))
+        return 0;
+    else
+        return 1;
+}
+
+static void int_ec_free(EVP_PKEY *pkey)
+{
+    EC_KEY_free(pkey->pkey.ec);
+}
+
+typedef enum {
+    EC_KEY_PRINT_PRIVATE,
+    EC_KEY_PRINT_PUBLIC,
+    EC_KEY_PRINT_PARAM
+} ec_print_t;
+
+static int do_EC_KEY_print(BIO *bp, const EC_KEY *x, int off, ec_print_t ktype)
+{
+    const char *ecstr;
+    unsigned char *priv = NULL, *pub = NULL;
+    size_t privlen = 0, publen = 0;
+    int ret = 0;
+    const EC_GROUP *group;
+
+    if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL) {
+        ECerr(EC_F_DO_EC_KEY_PRINT, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
+    if (ktype != EC_KEY_PRINT_PARAM && EC_KEY_get0_public_key(x) != NULL) {
+        publen = EC_KEY_key2buf(x, EC_KEY_get_conv_form(x), &pub, NULL);
+        if (publen == 0)
+            goto err;
+    }
+
+    if (ktype == EC_KEY_PRINT_PRIVATE && EC_KEY_get0_private_key(x) != NULL) {
+        privlen = EC_KEY_priv2buf(x, &priv);
+        if (privlen == 0)
+            goto err;
+    }
+
+    if (ktype == EC_KEY_PRINT_PRIVATE)
+        ecstr = "Private-Key";
+    else if (ktype == EC_KEY_PRINT_PUBLIC)
+        ecstr = "Public-Key";
+    else
+        ecstr = "ECDSA-Parameters";
+
+    if (!BIO_indent(bp, off, 128))
+        goto err;
+    if (BIO_printf(bp, "%s: (%d bit)\n", ecstr,
+                   EC_GROUP_order_bits(group)) <= 0)
+        goto err;
+
+    if (privlen != 0) {
+        if (BIO_printf(bp, "%*spriv:\n", off, "") <= 0)
+            goto err;
+        if (ASN1_buf_print(bp, priv, privlen, off + 4) == 0)
+            goto err;
+    }
+
+    if (publen != 0) {
+        if (BIO_printf(bp, "%*spub:\n", off, "") <= 0)
+            goto err;
+        if (ASN1_buf_print(bp, pub, publen, off + 4) == 0)
+            goto err;
+    }
+
+    if (!ECPKParameters_print(bp, group, off))
+        goto err;
+    ret = 1;
+ err:
+    if (!ret)
+        ECerr(EC_F_DO_EC_KEY_PRINT, ERR_R_EC_LIB);
+    OPENSSL_clear_free(priv, privlen);
+    OPENSSL_free(pub);
+    return ret;
+}
+
+static int eckey_param_decode(EVP_PKEY *pkey,
+                              const unsigned char **pder, int derlen)
+{
+    EC_KEY *eckey;
+
+    if ((eckey = d2i_ECParameters(NULL, pder, derlen)) == NULL) {
+        ECerr(EC_F_ECKEY_PARAM_DECODE, ERR_R_EC_LIB);
+        return 0;
+    }
+    EVP_PKEY_assign_EC_KEY(pkey, eckey);
+    return 1;
+}
+
+static int eckey_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
+{
+    return i2d_ECParameters(pkey->pkey.ec, pder);
+}
+
+static int eckey_param_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                             ASN1_PCTX *ctx)
+{
+    return do_EC_KEY_print(bp, pkey->pkey.ec, indent, EC_KEY_PRINT_PARAM);
+}
+
+static int eckey_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                           ASN1_PCTX *ctx)
+{
+    return do_EC_KEY_print(bp, pkey->pkey.ec, indent, EC_KEY_PRINT_PUBLIC);
+}
+
+static int eckey_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                            ASN1_PCTX *ctx)
+{
+    return do_EC_KEY_print(bp, pkey->pkey.ec, indent, EC_KEY_PRINT_PRIVATE);
+}
+
+static int old_ec_priv_decode(EVP_PKEY *pkey,
+                              const unsigned char **pder, int derlen)
+{
+    EC_KEY *ec;
+
+    if ((ec = d2i_ECPrivateKey(NULL, pder, derlen)) == NULL) {
+        ECerr(EC_F_OLD_EC_PRIV_DECODE, EC_R_DECODE_ERROR);
+        return 0;
+    }
+    EVP_PKEY_assign_EC_KEY(pkey, ec);
+    return 1;
+}
+
+static int old_ec_priv_encode(const EVP_PKEY *pkey, unsigned char **pder)
+{
+    return i2d_ECPrivateKey(pkey->pkey.ec, pder);
+}
+
+static int ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+{
+    switch (op) {
+    case ASN1_PKEY_CTRL_PKCS7_SIGN:
+        if (arg1 == 0) {
+            int snid, hnid;
+            X509_ALGOR *alg1, *alg2;
+            PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2);
+            if (alg1 == NULL || alg1->algorithm == NULL)
+                return -1;
+            hnid = OBJ_obj2nid(alg1->algorithm);
+            if (hnid == NID_undef)
+                return -1;
+            if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
+                return -1;
+            X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
+        }
+        return 1;
+#ifndef OPENSSL_NO_CMS
+    case ASN1_PKEY_CTRL_CMS_SIGN:
+        if (arg1 == 0) {
+            int snid, hnid;
+            X509_ALGOR *alg1, *alg2;
+            CMS_SignerInfo_get0_algs(arg2, NULL, NULL, &alg1, &alg2);
+            if (alg1 == NULL || alg1->algorithm == NULL)
+                return -1;
+            hnid = OBJ_obj2nid(alg1->algorithm);
+            if (hnid == NID_undef)
+                return -1;
+            if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
+                return -1;
+            X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
+        }
+        return 1;
+
+    case ASN1_PKEY_CTRL_CMS_ENVELOPE:
+        if (arg1 == 1)
+            return ecdh_cms_decrypt(arg2);
+        else if (arg1 == 0)
+            return ecdh_cms_encrypt(arg2);
+        return -2;
+
+    case ASN1_PKEY_CTRL_CMS_RI_TYPE:
+        *(int *)arg2 = CMS_RECIPINFO_AGREE;
+        return 1;
+#endif
+
+    case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
+        *(int *)arg2 = NID_sha256;
+        return 1;
+
+    case ASN1_PKEY_CTRL_SET1_TLS_ENCPT:
+        return EC_KEY_oct2key(EVP_PKEY_get0_EC_KEY(pkey), arg2, arg1, NULL);
+
+    case ASN1_PKEY_CTRL_GET1_TLS_ENCPT:
+        return EC_KEY_key2buf(EVP_PKEY_get0_EC_KEY(pkey),
+                              POINT_CONVERSION_UNCOMPRESSED, arg2, NULL);
+
+    default:
+        return -2;
+
+    }
+
+}
+
+static int ec_pkey_check(const EVP_PKEY *pkey)
+{
+    EC_KEY *eckey = pkey->pkey.ec;
+
+    /* stay consistent to what EVP_PKEY_check demands */
+    if (eckey->priv_key == NULL) {
+        ECerr(EC_F_EC_PKEY_CHECK, EC_R_MISSING_PRIVATE_KEY);
+        return 0;
+    }
+
+    return EC_KEY_check_key(eckey);
+}
+
+static int ec_pkey_public_check(const EVP_PKEY *pkey)
+{
+    EC_KEY *eckey = pkey->pkey.ec;
+
+    /*
+     * Note: it unnecessary to check eckey->pub_key here since
+     * it will be checked in EC_KEY_check_key(). In fact, the
+     * EC_KEY_check_key() mainly checks the public key, and checks
+     * the private key optionally (only if there is one). So if
+     * someone passes a whole EC key (public + private), this
+     * will also work...
+     */
+
+    return EC_KEY_check_key(eckey);
+}
+
+static int ec_pkey_param_check(const EVP_PKEY *pkey)
+{
+    EC_KEY *eckey = pkey->pkey.ec;
+
+    /* stay consistent to what EVP_PKEY_check demands */
+    if (eckey->group == NULL) {
+        ECerr(EC_F_EC_PKEY_PARAM_CHECK, EC_R_MISSING_PARAMETERS);
+        return 0;
+    }
+
+    return EC_GROUP_check(eckey->group, NULL);
+}
+
+const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = {
+    EVP_PKEY_EC,
+    EVP_PKEY_EC,
+    0,
+    "EC",
+    "OpenSSL EC algorithm",
+
+    eckey_pub_decode,
+    eckey_pub_encode,
+    eckey_pub_cmp,
+    eckey_pub_print,
+
+    eckey_priv_decode,
+    eckey_priv_encode,
+    eckey_priv_print,
+
+    int_ec_size,
+    ec_bits,
+    ec_security_bits,
+
+    eckey_param_decode,
+    eckey_param_encode,
+    ec_missing_parameters,
+    ec_copy_parameters,
+    ec_cmp_parameters,
+    eckey_param_print,
+    0,
+
+    int_ec_free,
+    ec_pkey_ctrl,
+    old_ec_priv_decode,
+    old_ec_priv_encode,
+
+    0, 0, 0,
+
+    ec_pkey_check,
+    ec_pkey_public_check,
+    ec_pkey_param_check
+};
+
+#if !defined(OPENSSL_NO_SM2)
+const EVP_PKEY_ASN1_METHOD sm2_asn1_meth = {
+   EVP_PKEY_SM2,
+   EVP_PKEY_EC,
+   ASN1_PKEY_ALIAS
+};
+#endif
+
+int EC_KEY_print(BIO *bp, const EC_KEY *x, int off)
+{
+    int private = EC_KEY_get0_private_key(x) != NULL;
+
+    return do_EC_KEY_print(bp, x, off,
+                private ? EC_KEY_PRINT_PRIVATE : EC_KEY_PRINT_PUBLIC);
+}
+
+int ECParameters_print(BIO *bp, const EC_KEY *x)
+{
+    return do_EC_KEY_print(bp, x, 4, EC_KEY_PRINT_PARAM);
+}
+
+#ifndef OPENSSL_NO_CMS
+
+static int ecdh_cms_set_peerkey(EVP_PKEY_CTX *pctx,
+                                X509_ALGOR *alg, ASN1_BIT_STRING *pubkey)
+{
+    const ASN1_OBJECT *aoid;
+    int atype;
+    const void *aval;
+    int rv = 0;
+    EVP_PKEY *pkpeer = NULL;
+    EC_KEY *ecpeer = NULL;
+    const unsigned char *p;
+    int plen;
+    X509_ALGOR_get0(&aoid, &atype, &aval, alg);
+    if (OBJ_obj2nid(aoid) != NID_X9_62_id_ecPublicKey)
+        goto err;
+    /* If absent parameters get group from main key */
+    if (atype == V_ASN1_UNDEF || atype == V_ASN1_NULL) {
+        const EC_GROUP *grp;
+        EVP_PKEY *pk;
+        pk = EVP_PKEY_CTX_get0_pkey(pctx);
+        if (!pk)
+            goto err;
+        grp = EC_KEY_get0_group(pk->pkey.ec);
+        ecpeer = EC_KEY_new();
+        if (ecpeer == NULL)
+            goto err;
+        if (!EC_KEY_set_group(ecpeer, grp))
+            goto err;
+    } else {
+        ecpeer = eckey_type2param(atype, aval);
+        if (!ecpeer)
+            goto err;
+    }
+    /* We have parameters now set public key */
+    plen = ASN1_STRING_length(pubkey);
+    p = ASN1_STRING_get0_data(pubkey);
+    if (!p || !plen)
+        goto err;
+    if (!o2i_ECPublicKey(&ecpeer, &p, plen))
+        goto err;
+    pkpeer = EVP_PKEY_new();
+    if (pkpeer == NULL)
+        goto err;
+    EVP_PKEY_set1_EC_KEY(pkpeer, ecpeer);
+    if (EVP_PKEY_derive_set_peer(pctx, pkpeer) > 0)
+        rv = 1;
+ err:
+    EC_KEY_free(ecpeer);
+    EVP_PKEY_free(pkpeer);
+    return rv;
+}
+
+/* Set KDF parameters based on KDF NID */
+static int ecdh_cms_set_kdf_param(EVP_PKEY_CTX *pctx, int eckdf_nid)
+{
+    int kdf_nid, kdfmd_nid, cofactor;
+    const EVP_MD *kdf_md;
+    if (eckdf_nid == NID_undef)
+        return 0;
+
+    /* Lookup KDF type, cofactor mode and digest */
+    if (!OBJ_find_sigid_algs(eckdf_nid, &kdfmd_nid, &kdf_nid))
+        return 0;
+
+    if (kdf_nid == NID_dh_std_kdf)
+        cofactor = 0;
+    else if (kdf_nid == NID_dh_cofactor_kdf)
+        cofactor = 1;
+    else
+        return 0;
+
+    if (EVP_PKEY_CTX_set_ecdh_cofactor_mode(pctx, cofactor) <= 0)
+        return 0;
+
+    if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, EVP_PKEY_ECDH_KDF_X9_63) <= 0)
+        return 0;
+
+    kdf_md = EVP_get_digestbynid(kdfmd_nid);
+    if (!kdf_md)
+        return 0;
+
+    if (EVP_PKEY_CTX_set_ecdh_kdf_md(pctx, kdf_md) <= 0)
+        return 0;
+    return 1;
+}
+
+static int ecdh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
+{
+    int rv = 0;
+
+    X509_ALGOR *alg, *kekalg = NULL;
+    ASN1_OCTET_STRING *ukm;
+    const unsigned char *p;
+    unsigned char *der = NULL;
+    int plen, keylen;
+    const EVP_CIPHER *kekcipher;
+    EVP_CIPHER_CTX *kekctx;
+
+    if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm))
+        return 0;
+
+    if (!ecdh_cms_set_kdf_param(pctx, OBJ_obj2nid(alg->algorithm))) {
+        ECerr(EC_F_ECDH_CMS_SET_SHARED_INFO, EC_R_KDF_PARAMETER_ERROR);
+        return 0;
+    }
+
+    if (alg->parameter->type != V_ASN1_SEQUENCE)
+        return 0;
+
+    p = alg->parameter->value.sequence->data;
+    plen = alg->parameter->value.sequence->length;
+    kekalg = d2i_X509_ALGOR(NULL, &p, plen);
+    if (!kekalg)
+        goto err;
+    kekctx = CMS_RecipientInfo_kari_get0_ctx(ri);
+    if (!kekctx)
+        goto err;
+    kekcipher = EVP_get_cipherbyobj(kekalg->algorithm);
+    if (!kekcipher || EVP_CIPHER_mode(kekcipher) != EVP_CIPH_WRAP_MODE)
+        goto err;
+    if (!EVP_EncryptInit_ex(kekctx, kekcipher, NULL, NULL, NULL))
+        goto err;
+    if (EVP_CIPHER_asn1_to_param(kekctx, kekalg->parameter) <= 0)
+        goto err;
+
+    keylen = EVP_CIPHER_CTX_key_length(kekctx);
+    if (EVP_PKEY_CTX_set_ecdh_kdf_outlen(pctx, keylen) <= 0)
+        goto err;
+
+    plen = CMS_SharedInfo_encode(&der, kekalg, ukm, keylen);
+
+    if (!plen)
+        goto err;
+
+    if (EVP_PKEY_CTX_set0_ecdh_kdf_ukm(pctx, der, plen) <= 0)
+        goto err;
+    der = NULL;
+
+    rv = 1;
+ err:
+    X509_ALGOR_free(kekalg);
+    OPENSSL_free(der);
+    return rv;
+}
+
+static int ecdh_cms_decrypt(CMS_RecipientInfo *ri)
+{
+    EVP_PKEY_CTX *pctx;
+    pctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
+    if (!pctx)
+        return 0;
+    /* See if we need to set peer key */
+    if (!EVP_PKEY_CTX_get0_peerkey(pctx)) {
+        X509_ALGOR *alg;
+        ASN1_BIT_STRING *pubkey;
+        if (!CMS_RecipientInfo_kari_get0_orig_id(ri, &alg, &pubkey,
+                                                 NULL, NULL, NULL))
+            return 0;
+        if (!alg || !pubkey)
+            return 0;
+        if (!ecdh_cms_set_peerkey(pctx, alg, pubkey)) {
+            ECerr(EC_F_ECDH_CMS_DECRYPT, EC_R_PEER_KEY_ERROR);
+            return 0;
+        }
+    }
+    /* Set ECDH derivation parameters and initialise unwrap context */
+    if (!ecdh_cms_set_shared_info(pctx, ri)) {
+        ECerr(EC_F_ECDH_CMS_DECRYPT, EC_R_SHARED_INFO_ERROR);
+        return 0;
+    }
+    return 1;
+}
+
+static int ecdh_cms_encrypt(CMS_RecipientInfo *ri)
+{
+    EVP_PKEY_CTX *pctx;
+    EVP_PKEY *pkey;
+    EVP_CIPHER_CTX *ctx;
+    int keylen;
+    X509_ALGOR *talg, *wrap_alg = NULL;
+    const ASN1_OBJECT *aoid;
+    ASN1_BIT_STRING *pubkey;
+    ASN1_STRING *wrap_str;
+    ASN1_OCTET_STRING *ukm;
+    unsigned char *penc = NULL;
+    int penclen;
+    int rv = 0;
+    int ecdh_nid, kdf_type, kdf_nid, wrap_nid;
+    const EVP_MD *kdf_md;
+    pctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
+    if (!pctx)
+        return 0;
+    /* Get ephemeral key */
+    pkey = EVP_PKEY_CTX_get0_pkey(pctx);
+    if (!CMS_RecipientInfo_kari_get0_orig_id(ri, &talg, &pubkey,
+                                             NULL, NULL, NULL))
+        goto err;
+    X509_ALGOR_get0(&aoid, NULL, NULL, talg);
+    /* Is everything uninitialised? */
+    if (aoid == OBJ_nid2obj(NID_undef)) {
+
+        EC_KEY *eckey = pkey->pkey.ec;
+        /* Set the key */
+        unsigned char *p;
+
+        penclen = i2o_ECPublicKey(eckey, NULL);
+        if (penclen <= 0)
+            goto err;
+        penc = OPENSSL_malloc(penclen);
+        if (penc == NULL)
+            goto err;
+        p = penc;
+        penclen = i2o_ECPublicKey(eckey, &p);
+        if (penclen <= 0)
+            goto err;
+        ASN1_STRING_set0(pubkey, penc, penclen);
+        pubkey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
+        pubkey->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+
+        penc = NULL;
+        X509_ALGOR_set0(talg, OBJ_nid2obj(NID_X9_62_id_ecPublicKey),
+                        V_ASN1_UNDEF, NULL);
+    }
+
+    /* See if custom parameters set */
+    kdf_type = EVP_PKEY_CTX_get_ecdh_kdf_type(pctx);
+    if (kdf_type <= 0)
+        goto err;
+    if (!EVP_PKEY_CTX_get_ecdh_kdf_md(pctx, &kdf_md))
+        goto err;
+    ecdh_nid = EVP_PKEY_CTX_get_ecdh_cofactor_mode(pctx);
+    if (ecdh_nid < 0)
+        goto err;
+    else if (ecdh_nid == 0)
+        ecdh_nid = NID_dh_std_kdf;
+    else if (ecdh_nid == 1)
+        ecdh_nid = NID_dh_cofactor_kdf;
+
+    if (kdf_type == EVP_PKEY_ECDH_KDF_NONE) {
+        kdf_type = EVP_PKEY_ECDH_KDF_X9_63;
+        if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, kdf_type) <= 0)
+            goto err;
+    } else
+        /* Unknown KDF */
+        goto err;
+    if (kdf_md == NULL) {
+        /* Fixme later for better MD */
+        kdf_md = EVP_sha1();
+        if (EVP_PKEY_CTX_set_ecdh_kdf_md(pctx, kdf_md) <= 0)
+            goto err;
+    }
+
+    if (!CMS_RecipientInfo_kari_get0_alg(ri, &talg, &ukm))
+        goto err;
+
+    /* Lookup NID for KDF+cofactor+digest */
+
+    if (!OBJ_find_sigid_by_algs(&kdf_nid, EVP_MD_type(kdf_md), ecdh_nid))
+        goto err;
+    /* Get wrap NID */
+    ctx = CMS_RecipientInfo_kari_get0_ctx(ri);
+    wrap_nid = EVP_CIPHER_CTX_type(ctx);
+    keylen = EVP_CIPHER_CTX_key_length(ctx);
+
+    /* Package wrap algorithm in an AlgorithmIdentifier */
+
+    wrap_alg = X509_ALGOR_new();
+    if (wrap_alg == NULL)
+        goto err;
+    wrap_alg->algorithm = OBJ_nid2obj(wrap_nid);
+    wrap_alg->parameter = ASN1_TYPE_new();
+    if (wrap_alg->parameter == NULL)
+        goto err;
+    if (EVP_CIPHER_param_to_asn1(ctx, wrap_alg->parameter) <= 0)
+        goto err;
+    if (ASN1_TYPE_get(wrap_alg->parameter) == NID_undef) {
+        ASN1_TYPE_free(wrap_alg->parameter);
+        wrap_alg->parameter = NULL;
+    }
+
+    if (EVP_PKEY_CTX_set_ecdh_kdf_outlen(pctx, keylen) <= 0)
+        goto err;
+
+    penclen = CMS_SharedInfo_encode(&penc, wrap_alg, ukm, keylen);
+
+    if (!penclen)
+        goto err;
+
+    if (EVP_PKEY_CTX_set0_ecdh_kdf_ukm(pctx, penc, penclen) <= 0)
+        goto err;
+    penc = NULL;
+
+    /*
+     * Now need to wrap encoding of wrap AlgorithmIdentifier into parameter
+     * of another AlgorithmIdentifier.
+     */
+    penclen = i2d_X509_ALGOR(wrap_alg, &penc);
+    if (!penc || !penclen)
+        goto err;
+    wrap_str = ASN1_STRING_new();
+    if (wrap_str == NULL)
+        goto err;
+    ASN1_STRING_set0(wrap_str, penc, penclen);
+    penc = NULL;
+    X509_ALGOR_set0(talg, OBJ_nid2obj(kdf_nid), V_ASN1_SEQUENCE, wrap_str);
+
+    rv = 1;
+
+ err:
+    OPENSSL_free(penc);
+    X509_ALGOR_free(wrap_alg);
+    return rv;
+}
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_asn1.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_asn1.c
new file mode 100644
index 000000000..13c56a621
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_asn1.c
@@ -0,0 +1,1221 @@
+/*
+ * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include "ec_lcl.h"
+#include <openssl/err.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+#include "internal/nelem.h"
+
+int EC_GROUP_get_basis_type(const EC_GROUP *group)
+{
+    int i;
+
+    if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
+        NID_X9_62_characteristic_two_field)
+        /* everything else is currently not supported */
+        return 0;
+
+    /* Find the last non-zero element of group->poly[] */
+    for (i = 0;
+         i < (int)OSSL_NELEM(group->poly) && group->poly[i] != 0;
+         i++)
+        continue;
+
+    if (i == 4)
+        return NID_X9_62_ppBasis;
+    else if (i == 2)
+        return NID_X9_62_tpBasis;
+    else
+        /* everything else is currently not supported */
+        return 0;
+}
+
+#ifndef OPENSSL_NO_EC2M
+int EC_GROUP_get_trinomial_basis(const EC_GROUP *group, unsigned int *k)
+{
+    if (group == NULL)
+        return 0;
+
+    if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
+        NID_X9_62_characteristic_two_field
+        || !((group->poly[0] != 0) && (group->poly[1] != 0)
+             && (group->poly[2] == 0))) {
+        ECerr(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+
+    if (k)
+        *k = group->poly[1];
+
+    return 1;
+}
+
+int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1,
+                                   unsigned int *k2, unsigned int *k3)
+{
+    if (group == NULL)
+        return 0;
+
+    if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
+        NID_X9_62_characteristic_two_field
+        || !((group->poly[0] != 0) && (group->poly[1] != 0)
+             && (group->poly[2] != 0) && (group->poly[3] != 0)
+             && (group->poly[4] == 0))) {
+        ECerr(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+
+    if (k1)
+        *k1 = group->poly[3];
+    if (k2)
+        *k2 = group->poly[2];
+    if (k3)
+        *k3 = group->poly[1];
+
+    return 1;
+}
+#endif
+
+/* some structures needed for the asn1 encoding */
+typedef struct x9_62_pentanomial_st {
+    int32_t k1;
+    int32_t k2;
+    int32_t k3;
+} X9_62_PENTANOMIAL;
+
+typedef struct x9_62_characteristic_two_st {
+    int32_t m;
+    ASN1_OBJECT *type;
+    union {
+        char *ptr;
+        /* NID_X9_62_onBasis */
+        ASN1_NULL *onBasis;
+        /* NID_X9_62_tpBasis */
+        ASN1_INTEGER *tpBasis;
+        /* NID_X9_62_ppBasis */
+        X9_62_PENTANOMIAL *ppBasis;
+        /* anything else */
+        ASN1_TYPE *other;
+    } p;
+} X9_62_CHARACTERISTIC_TWO;
+
+typedef struct x9_62_fieldid_st {
+    ASN1_OBJECT *fieldType;
+    union {
+        char *ptr;
+        /* NID_X9_62_prime_field */
+        ASN1_INTEGER *prime;
+        /* NID_X9_62_characteristic_two_field */
+        X9_62_CHARACTERISTIC_TWO *char_two;
+        /* anything else */
+        ASN1_TYPE *other;
+    } p;
+} X9_62_FIELDID;
+
+typedef struct x9_62_curve_st {
+    ASN1_OCTET_STRING *a;
+    ASN1_OCTET_STRING *b;
+    ASN1_BIT_STRING *seed;
+} X9_62_CURVE;
+
+struct ec_parameters_st {
+    int32_t version;
+    X9_62_FIELDID *fieldID;
+    X9_62_CURVE *curve;
+    ASN1_OCTET_STRING *base;
+    ASN1_INTEGER *order;
+    ASN1_INTEGER *cofactor;
+} /* ECPARAMETERS */ ;
+
+struct ecpk_parameters_st {
+    int type;
+    union {
+        ASN1_OBJECT *named_curve;
+        ECPARAMETERS *parameters;
+        ASN1_NULL *implicitlyCA;
+    } value;
+} /* ECPKPARAMETERS */ ;
+
+/* SEC1 ECPrivateKey */
+typedef struct ec_privatekey_st {
+    int32_t version;
+    ASN1_OCTET_STRING *privateKey;
+    ECPKPARAMETERS *parameters;
+    ASN1_BIT_STRING *publicKey;
+} EC_PRIVATEKEY;
+
+/* the OpenSSL ASN.1 definitions */
+ASN1_SEQUENCE(X9_62_PENTANOMIAL) = {
+        ASN1_EMBED(X9_62_PENTANOMIAL, k1, INT32),
+        ASN1_EMBED(X9_62_PENTANOMIAL, k2, INT32),
+        ASN1_EMBED(X9_62_PENTANOMIAL, k3, INT32)
+} static_ASN1_SEQUENCE_END(X9_62_PENTANOMIAL)
+
+DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL)
+IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL)
+
+ASN1_ADB_TEMPLATE(char_two_def) = ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.other, ASN1_ANY);
+
+ASN1_ADB(X9_62_CHARACTERISTIC_TWO) = {
+        ADB_ENTRY(NID_X9_62_onBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.onBasis, ASN1_NULL)),
+        ADB_ENTRY(NID_X9_62_tpBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.tpBasis, ASN1_INTEGER)),
+        ADB_ENTRY(NID_X9_62_ppBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.ppBasis, X9_62_PENTANOMIAL))
+} ASN1_ADB_END(X9_62_CHARACTERISTIC_TWO, 0, type, 0, &char_two_def_tt, NULL);
+
+ASN1_SEQUENCE(X9_62_CHARACTERISTIC_TWO) = {
+        ASN1_EMBED(X9_62_CHARACTERISTIC_TWO, m, INT32),
+        ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, type, ASN1_OBJECT),
+        ASN1_ADB_OBJECT(X9_62_CHARACTERISTIC_TWO)
+} static_ASN1_SEQUENCE_END(X9_62_CHARACTERISTIC_TWO)
+
+DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO)
+IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO)
+
+ASN1_ADB_TEMPLATE(fieldID_def) = ASN1_SIMPLE(X9_62_FIELDID, p.other, ASN1_ANY);
+
+ASN1_ADB(X9_62_FIELDID) = {
+        ADB_ENTRY(NID_X9_62_prime_field, ASN1_SIMPLE(X9_62_FIELDID, p.prime, ASN1_INTEGER)),
+        ADB_ENTRY(NID_X9_62_characteristic_two_field, ASN1_SIMPLE(X9_62_FIELDID, p.char_two, X9_62_CHARACTERISTIC_TWO))
+} ASN1_ADB_END(X9_62_FIELDID, 0, fieldType, 0, &fieldID_def_tt, NULL);
+
+ASN1_SEQUENCE(X9_62_FIELDID) = {
+        ASN1_SIMPLE(X9_62_FIELDID, fieldType, ASN1_OBJECT),
+        ASN1_ADB_OBJECT(X9_62_FIELDID)
+} static_ASN1_SEQUENCE_END(X9_62_FIELDID)
+
+ASN1_SEQUENCE(X9_62_CURVE) = {
+        ASN1_SIMPLE(X9_62_CURVE, a, ASN1_OCTET_STRING),
+        ASN1_SIMPLE(X9_62_CURVE, b, ASN1_OCTET_STRING),
+        ASN1_OPT(X9_62_CURVE, seed, ASN1_BIT_STRING)
+} static_ASN1_SEQUENCE_END(X9_62_CURVE)
+
+ASN1_SEQUENCE(ECPARAMETERS) = {
+        ASN1_EMBED(ECPARAMETERS, version, INT32),
+        ASN1_SIMPLE(ECPARAMETERS, fieldID, X9_62_FIELDID),
+        ASN1_SIMPLE(ECPARAMETERS, curve, X9_62_CURVE),
+        ASN1_SIMPLE(ECPARAMETERS, base, ASN1_OCTET_STRING),
+        ASN1_SIMPLE(ECPARAMETERS, order, ASN1_INTEGER),
+        ASN1_OPT(ECPARAMETERS, cofactor, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(ECPARAMETERS)
+
+DECLARE_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS)
+IMPLEMENT_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS)
+
+ASN1_CHOICE(ECPKPARAMETERS) = {
+        ASN1_SIMPLE(ECPKPARAMETERS, value.named_curve, ASN1_OBJECT),
+        ASN1_SIMPLE(ECPKPARAMETERS, value.parameters, ECPARAMETERS),
+        ASN1_SIMPLE(ECPKPARAMETERS, value.implicitlyCA, ASN1_NULL)
+} ASN1_CHOICE_END(ECPKPARAMETERS)
+
+DECLARE_ASN1_FUNCTIONS_const(ECPKPARAMETERS)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECPKPARAMETERS, ECPKPARAMETERS)
+IMPLEMENT_ASN1_FUNCTIONS_const(ECPKPARAMETERS)
+
+ASN1_SEQUENCE(EC_PRIVATEKEY) = {
+        ASN1_EMBED(EC_PRIVATEKEY, version, INT32),
+        ASN1_SIMPLE(EC_PRIVATEKEY, privateKey, ASN1_OCTET_STRING),
+        ASN1_EXP_OPT(EC_PRIVATEKEY, parameters, ECPKPARAMETERS, 0),
+        ASN1_EXP_OPT(EC_PRIVATEKEY, publicKey, ASN1_BIT_STRING, 1)
+} static_ASN1_SEQUENCE_END(EC_PRIVATEKEY)
+
+DECLARE_ASN1_FUNCTIONS_const(EC_PRIVATEKEY)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(EC_PRIVATEKEY, EC_PRIVATEKEY)
+IMPLEMENT_ASN1_FUNCTIONS_const(EC_PRIVATEKEY)
+
+/* some declarations of internal function */
+
+/* ec_asn1_group2field() sets the values in a X9_62_FIELDID object */
+static int ec_asn1_group2fieldid(const EC_GROUP *, X9_62_FIELDID *);
+/* ec_asn1_group2curve() sets the values in a X9_62_CURVE object */
+static int ec_asn1_group2curve(const EC_GROUP *, X9_62_CURVE *);
+
+/* the function definitions */
+
+static int ec_asn1_group2fieldid(const EC_GROUP *group, X9_62_FIELDID *field)
+{
+    int ok = 0, nid;
+    BIGNUM *tmp = NULL;
+
+    if (group == NULL || field == NULL)
+        return 0;
+
+    /* clear the old values (if necessary) */
+    ASN1_OBJECT_free(field->fieldType);
+    ASN1_TYPE_free(field->p.other);
+
+    nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group));
+    /* set OID for the field */
+    if ((field->fieldType = OBJ_nid2obj(nid)) == NULL) {
+        ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB);
+        goto err;
+    }
+
+    if (nid == NID_X9_62_prime_field) {
+        if ((tmp = BN_new()) == NULL) {
+            ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        /* the parameters are specified by the prime number p */
+        if (!EC_GROUP_get_curve(group, tmp, NULL, NULL, NULL)) {
+            ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB);
+            goto err;
+        }
+        /* set the prime number */
+        field->p.prime = BN_to_ASN1_INTEGER(tmp, NULL);
+        if (field->p.prime == NULL) {
+            ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_ASN1_LIB);
+            goto err;
+        }
+    } else if (nid == NID_X9_62_characteristic_two_field)
+#ifdef OPENSSL_NO_EC2M
+    {
+        ECerr(EC_F_EC_ASN1_GROUP2FIELDID, EC_R_GF2M_NOT_SUPPORTED);
+        goto err;
+    }
+#else
+    {
+        int field_type;
+        X9_62_CHARACTERISTIC_TWO *char_two;
+
+        field->p.char_two = X9_62_CHARACTERISTIC_TWO_new();
+        char_two = field->p.char_two;
+
+        if (char_two == NULL) {
+            ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        char_two->m = (long)EC_GROUP_get_degree(group);
+
+        field_type = EC_GROUP_get_basis_type(group);
+
+        if (field_type == 0) {
+            ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB);
+            goto err;
+        }
+        /* set base type OID */
+        if ((char_two->type = OBJ_nid2obj(field_type)) == NULL) {
+            ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB);
+            goto err;
+        }
+
+        if (field_type == NID_X9_62_tpBasis) {
+            unsigned int k;
+
+            if (!EC_GROUP_get_trinomial_basis(group, &k))
+                goto err;
+
+            char_two->p.tpBasis = ASN1_INTEGER_new();
+            if (char_two->p.tpBasis == NULL) {
+                ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            if (!ASN1_INTEGER_set(char_two->p.tpBasis, (long)k)) {
+                ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_ASN1_LIB);
+                goto err;
+            }
+        } else if (field_type == NID_X9_62_ppBasis) {
+            unsigned int k1, k2, k3;
+
+            if (!EC_GROUP_get_pentanomial_basis(group, &k1, &k2, &k3))
+                goto err;
+
+            char_two->p.ppBasis = X9_62_PENTANOMIAL_new();
+            if (char_two->p.ppBasis == NULL) {
+                ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+
+            /* set k? values */
+            char_two->p.ppBasis->k1 = (long)k1;
+            char_two->p.ppBasis->k2 = (long)k2;
+            char_two->p.ppBasis->k3 = (long)k3;
+        } else {                /* field_type == NID_X9_62_onBasis */
+
+            /* for ONB the parameters are (asn1) NULL */
+            char_two->p.onBasis = ASN1_NULL_new();
+            if (char_two->p.onBasis == NULL) {
+                ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+        }
+    }
+#endif
+    else {
+        ECerr(EC_F_EC_ASN1_GROUP2FIELDID, EC_R_UNSUPPORTED_FIELD);
+        goto err;
+    }
+
+    ok = 1;
+
+ err:
+    BN_free(tmp);
+    return ok;
+}
+
+static int ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve)
+{
+    int ok = 0;
+    BIGNUM *tmp_1 = NULL, *tmp_2 = NULL;
+    unsigned char *a_buf = NULL, *b_buf = NULL;
+    size_t len;
+
+    if (!group || !curve || !curve->a || !curve->b)
+        return 0;
+
+    if ((tmp_1 = BN_new()) == NULL || (tmp_2 = BN_new()) == NULL) {
+        ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* get a and b */
+    if (!EC_GROUP_get_curve(group, NULL, tmp_1, tmp_2, NULL)) {
+        ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    /*
+     * Per SEC 1, the curve coefficients must be padded up to size. See C.2's
+     * definition of Curve, C.1's definition of FieldElement, and 2.3.5's
+     * definition of how to encode the field elements.
+     */
+    len = ((size_t)EC_GROUP_get_degree(group) + 7) / 8;
+    if ((a_buf = OPENSSL_malloc(len)) == NULL
+        || (b_buf = OPENSSL_malloc(len)) == NULL) {
+        ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (BN_bn2binpad(tmp_1, a_buf, len) < 0
+        || BN_bn2binpad(tmp_2, b_buf, len) < 0) {
+        ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    /* set a and b */
+    if (!ASN1_OCTET_STRING_set(curve->a, a_buf, len)
+        || !ASN1_OCTET_STRING_set(curve->b, b_buf, len)) {
+        ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB);
+        goto err;
+    }
+
+    /* set the seed (optional) */
+    if (group->seed) {
+        if (!curve->seed)
+            if ((curve->seed = ASN1_BIT_STRING_new()) == NULL) {
+                ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+        curve->seed->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
+        curve->seed->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+        if (!ASN1_BIT_STRING_set(curve->seed, group->seed,
+                                 (int)group->seed_len)) {
+            ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB);
+            goto err;
+        }
+    } else {
+        ASN1_BIT_STRING_free(curve->seed);
+        curve->seed = NULL;
+    }
+
+    ok = 1;
+
+ err:
+    OPENSSL_free(a_buf);
+    OPENSSL_free(b_buf);
+    BN_free(tmp_1);
+    BN_free(tmp_2);
+    return ok;
+}
+
+ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group,
+                                               ECPARAMETERS *params)
+{
+    size_t len = 0;
+    ECPARAMETERS *ret = NULL;
+    const BIGNUM *tmp;
+    unsigned char *buffer = NULL;
+    const EC_POINT *point = NULL;
+    point_conversion_form_t form;
+
+    if (params == NULL) {
+        if ((ret = ECPARAMETERS_new()) == NULL) {
+            ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    } else
+        ret = params;
+
+    /* set the version (always one) */
+    ret->version = (long)0x1;
+
+    /* set the fieldID */
+    if (!ec_asn1_group2fieldid(group, ret->fieldID)) {
+        ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    /* set the curve */
+    if (!ec_asn1_group2curve(group, ret->curve)) {
+        ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    /* set the base point */
+    if ((point = EC_GROUP_get0_generator(group)) == NULL) {
+        ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, EC_R_UNDEFINED_GENERATOR);
+        goto err;
+    }
+
+    form = EC_GROUP_get_point_conversion_form(group);
+
+    len = EC_POINT_point2buf(group, point, form, &buffer, NULL);
+    if (len == 0) {
+        ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_EC_LIB);
+        goto err;
+    }
+    if (ret->base == NULL && (ret->base = ASN1_OCTET_STRING_new()) == NULL) {
+        OPENSSL_free(buffer);
+        ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    ASN1_STRING_set0(ret->base, buffer, len);
+
+    /* set the order */
+    tmp = EC_GROUP_get0_order(group);
+    if (tmp == NULL) {
+        ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_EC_LIB);
+        goto err;
+    }
+    ret->order = BN_to_ASN1_INTEGER(tmp, ret->order);
+    if (ret->order == NULL) {
+        ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_ASN1_LIB);
+        goto err;
+    }
+
+    /* set the cofactor (optional) */
+    tmp = EC_GROUP_get0_cofactor(group);
+    if (tmp != NULL) {
+        ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor);
+        if (ret->cofactor == NULL) {
+            ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_ASN1_LIB);
+            goto err;
+        }
+    }
+
+    return ret;
+
+ err:
+    if (params == NULL)
+        ECPARAMETERS_free(ret);
+    return NULL;
+}
+
+ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group,
+                                            ECPKPARAMETERS *params)
+{
+    int ok = 1, tmp;
+    ECPKPARAMETERS *ret = params;
+
+    if (ret == NULL) {
+        if ((ret = ECPKPARAMETERS_new()) == NULL) {
+            ECerr(EC_F_EC_GROUP_GET_ECPKPARAMETERS, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+    } else {
+        if (ret->type == 0)
+            ASN1_OBJECT_free(ret->value.named_curve);
+        else if (ret->type == 1 && ret->value.parameters)
+            ECPARAMETERS_free(ret->value.parameters);
+    }
+
+    if (EC_GROUP_get_asn1_flag(group)) {
+        /*
+         * use the asn1 OID to describe the elliptic curve parameters
+         */
+        tmp = EC_GROUP_get_curve_name(group);
+        if (tmp) {
+            ret->type = 0;
+            if ((ret->value.named_curve = OBJ_nid2obj(tmp)) == NULL)
+                ok = 0;
+        } else
+            /* we don't know the nid => ERROR */
+            ok = 0;
+    } else {
+        /* use the ECPARAMETERS structure */
+        ret->type = 1;
+        if ((ret->value.parameters =
+             EC_GROUP_get_ecparameters(group, NULL)) == NULL)
+            ok = 0;
+    }
+
+    if (!ok) {
+        ECPKPARAMETERS_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params)
+{
+    int ok = 0, tmp;
+    EC_GROUP *ret = NULL;
+    BIGNUM *p = NULL, *a = NULL, *b = NULL;
+    EC_POINT *point = NULL;
+    long field_bits;
+
+    if (!params->fieldID || !params->fieldID->fieldType ||
+        !params->fieldID->p.ptr) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
+        goto err;
+    }
+
+    /*
+     * Now extract the curve parameters a and b. Note that, although SEC 1
+     * specifies the length of their encodings, historical versions of OpenSSL
+     * encoded them incorrectly, so we must accept any length for backwards
+     * compatibility.
+     */
+    if (!params->curve || !params->curve->a ||
+        !params->curve->a->data || !params->curve->b ||
+        !params->curve->b->data) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
+        goto err;
+    }
+    a = BN_bin2bn(params->curve->a->data, params->curve->a->length, NULL);
+    if (a == NULL) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_BN_LIB);
+        goto err;
+    }
+    b = BN_bin2bn(params->curve->b->data, params->curve->b->length, NULL);
+    if (b == NULL) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    /* get the field parameters */
+    tmp = OBJ_obj2nid(params->fieldID->fieldType);
+    if (tmp == NID_X9_62_characteristic_two_field)
+#ifdef OPENSSL_NO_EC2M
+    {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_GF2M_NOT_SUPPORTED);
+        goto err;
+    }
+#else
+    {
+        X9_62_CHARACTERISTIC_TWO *char_two;
+
+        char_two = params->fieldID->p.char_two;
+
+        field_bits = char_two->m;
+        if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) {
+            ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_FIELD_TOO_LARGE);
+            goto err;
+        }
+
+        if ((p = BN_new()) == NULL) {
+            ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        /* get the base type */
+        tmp = OBJ_obj2nid(char_two->type);
+
+        if (tmp == NID_X9_62_tpBasis) {
+            long tmp_long;
+
+            if (!char_two->p.tpBasis) {
+                ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
+                goto err;
+            }
+
+            tmp_long = ASN1_INTEGER_get(char_two->p.tpBasis);
+
+            if (!(char_two->m > tmp_long && tmp_long > 0)) {
+                ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS,
+                      EC_R_INVALID_TRINOMIAL_BASIS);
+                goto err;
+            }
+
+            /* create the polynomial */
+            if (!BN_set_bit(p, (int)char_two->m))
+                goto err;
+            if (!BN_set_bit(p, (int)tmp_long))
+                goto err;
+            if (!BN_set_bit(p, 0))
+                goto err;
+        } else if (tmp == NID_X9_62_ppBasis) {
+            X9_62_PENTANOMIAL *penta;
+
+            penta = char_two->p.ppBasis;
+            if (!penta) {
+                ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
+                goto err;
+            }
+
+            if (!
+                (char_two->m > penta->k3 && penta->k3 > penta->k2
+                 && penta->k2 > penta->k1 && penta->k1 > 0)) {
+                ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS,
+                      EC_R_INVALID_PENTANOMIAL_BASIS);
+                goto err;
+            }
+
+            /* create the polynomial */
+            if (!BN_set_bit(p, (int)char_two->m))
+                goto err;
+            if (!BN_set_bit(p, (int)penta->k1))
+                goto err;
+            if (!BN_set_bit(p, (int)penta->k2))
+                goto err;
+            if (!BN_set_bit(p, (int)penta->k3))
+                goto err;
+            if (!BN_set_bit(p, 0))
+                goto err;
+        } else if (tmp == NID_X9_62_onBasis) {
+            ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_NOT_IMPLEMENTED);
+            goto err;
+        } else {                /* error */
+
+            ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
+            goto err;
+        }
+
+        /* create the EC_GROUP structure */
+        ret = EC_GROUP_new_curve_GF2m(p, a, b, NULL);
+    }
+#endif
+    else if (tmp == NID_X9_62_prime_field) {
+        /* we have a curve over a prime field */
+        /* extract the prime number */
+        if (!params->fieldID->p.prime) {
+            ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
+            goto err;
+        }
+        p = ASN1_INTEGER_to_BN(params->fieldID->p.prime, NULL);
+        if (p == NULL) {
+            ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_ASN1_LIB);
+            goto err;
+        }
+
+        if (BN_is_negative(p) || BN_is_zero(p)) {
+            ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_INVALID_FIELD);
+            goto err;
+        }
+
+        field_bits = BN_num_bits(p);
+        if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) {
+            ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_FIELD_TOO_LARGE);
+            goto err;
+        }
+
+        /* create the EC_GROUP structure */
+        ret = EC_GROUP_new_curve_GFp(p, a, b, NULL);
+    } else {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_INVALID_FIELD);
+        goto err;
+    }
+
+    if (ret == NULL) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    /* extract seed (optional) */
+    if (params->curve->seed != NULL) {
+        OPENSSL_free(ret->seed);
+        if ((ret->seed = OPENSSL_malloc(params->curve->seed->length)) == NULL) {
+            ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        memcpy(ret->seed, params->curve->seed->data,
+               params->curve->seed->length);
+        ret->seed_len = params->curve->seed->length;
+    }
+
+    if (!params->order || !params->base || !params->base->data) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
+        goto err;
+    }
+
+    if ((point = EC_POINT_new(ret)) == NULL)
+        goto err;
+
+    /* set the point conversion form */
+    EC_GROUP_set_point_conversion_form(ret, (point_conversion_form_t)
+                                       (params->base->data[0] & ~0x01));
+
+    /* extract the ec point */
+    if (!EC_POINT_oct2point(ret, point, params->base->data,
+                            params->base->length, NULL)) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    /* extract the order */
+    if ((a = ASN1_INTEGER_to_BN(params->order, a)) == NULL) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_ASN1_LIB);
+        goto err;
+    }
+    if (BN_is_negative(a) || BN_is_zero(a)) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_INVALID_GROUP_ORDER);
+        goto err;
+    }
+    if (BN_num_bits(a) > (int)field_bits + 1) { /* Hasse bound */
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_INVALID_GROUP_ORDER);
+        goto err;
+    }
+
+    /* extract the cofactor (optional) */
+    if (params->cofactor == NULL) {
+        BN_free(b);
+        b = NULL;
+    } else if ((b = ASN1_INTEGER_to_BN(params->cofactor, b)) == NULL) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_ASN1_LIB);
+        goto err;
+    }
+    /* set the generator, order and cofactor (if present) */
+    if (!EC_GROUP_set_generator(ret, point, a, b)) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    ok = 1;
+
+ err:
+    if (!ok) {
+        EC_GROUP_clear_free(ret);
+        ret = NULL;
+    }
+
+    BN_free(p);
+    BN_free(a);
+    BN_free(b);
+    EC_POINT_free(point);
+    return ret;
+}
+
+EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params)
+{
+    EC_GROUP *ret = NULL;
+    int tmp = 0;
+
+    if (params == NULL) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS, EC_R_MISSING_PARAMETERS);
+        return NULL;
+    }
+
+    if (params->type == 0) {    /* the curve is given by an OID */
+        tmp = OBJ_obj2nid(params->value.named_curve);
+        if ((ret = EC_GROUP_new_by_curve_name(tmp)) == NULL) {
+            ECerr(EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS,
+                  EC_R_EC_GROUP_NEW_BY_NAME_FAILURE);
+            return NULL;
+        }
+        EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_NAMED_CURVE);
+    } else if (params->type == 1) { /* the parameters are given by a
+                                     * ECPARAMETERS structure */
+        ret = EC_GROUP_new_from_ecparameters(params->value.parameters);
+        if (!ret) {
+            ECerr(EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS, ERR_R_EC_LIB);
+            return NULL;
+        }
+        EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_EXPLICIT_CURVE);
+    } else if (params->type == 2) { /* implicitlyCA */
+        return NULL;
+    } else {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS, EC_R_ASN1_ERROR);
+        return NULL;
+    }
+
+    return ret;
+}
+
+/* EC_GROUP <-> DER encoding of ECPKPARAMETERS */
+
+EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len)
+{
+    EC_GROUP *group = NULL;
+    ECPKPARAMETERS *params = NULL;
+    const unsigned char *p = *in;
+
+    if ((params = d2i_ECPKPARAMETERS(NULL, &p, len)) == NULL) {
+        ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_D2I_ECPKPARAMETERS_FAILURE);
+        ECPKPARAMETERS_free(params);
+        return NULL;
+    }
+
+    if ((group = EC_GROUP_new_from_ecpkparameters(params)) == NULL) {
+        ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_PKPARAMETERS2GROUP_FAILURE);
+        ECPKPARAMETERS_free(params);
+        return NULL;
+    }
+
+    if (a) {
+        EC_GROUP_clear_free(*a);
+        *a = group;
+    }
+
+    ECPKPARAMETERS_free(params);
+    *in = p;
+    return group;
+}
+
+int i2d_ECPKParameters(const EC_GROUP *a, unsigned char **out)
+{
+    int ret = 0;
+    ECPKPARAMETERS *tmp = EC_GROUP_get_ecpkparameters(a, NULL);
+    if (tmp == NULL) {
+        ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_GROUP2PKPARAMETERS_FAILURE);
+        return 0;
+    }
+    if ((ret = i2d_ECPKPARAMETERS(tmp, out)) == 0) {
+        ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_I2D_ECPKPARAMETERS_FAILURE);
+        ECPKPARAMETERS_free(tmp);
+        return 0;
+    }
+    ECPKPARAMETERS_free(tmp);
+    return ret;
+}
+
+/* some EC_KEY functions */
+
+EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
+{
+    EC_KEY *ret = NULL;
+    EC_PRIVATEKEY *priv_key = NULL;
+    const unsigned char *p = *in;
+
+    if ((priv_key = d2i_EC_PRIVATEKEY(NULL, &p, len)) == NULL) {
+        ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
+        return NULL;
+    }
+
+    if (a == NULL || *a == NULL) {
+        if ((ret = EC_KEY_new()) == NULL) {
+            ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    } else
+        ret = *a;
+
+    if (priv_key->parameters) {
+        EC_GROUP_clear_free(ret->group);
+        ret->group = EC_GROUP_new_from_ecpkparameters(priv_key->parameters);
+    }
+
+    if (ret->group == NULL) {
+        ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    ret->version = priv_key->version;
+
+    if (priv_key->privateKey) {
+        ASN1_OCTET_STRING *pkey = priv_key->privateKey;
+        if (EC_KEY_oct2priv(ret, ASN1_STRING_get0_data(pkey),
+                            ASN1_STRING_length(pkey)) == 0)
+            goto err;
+    } else {
+        ECerr(EC_F_D2I_ECPRIVATEKEY, EC_R_MISSING_PRIVATE_KEY);
+        goto err;
+    }
+
+    EC_POINT_clear_free(ret->pub_key);
+    ret->pub_key = EC_POINT_new(ret->group);
+    if (ret->pub_key == NULL) {
+        ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    if (priv_key->publicKey) {
+        const unsigned char *pub_oct;
+        int pub_oct_len;
+
+        pub_oct = ASN1_STRING_get0_data(priv_key->publicKey);
+        pub_oct_len = ASN1_STRING_length(priv_key->publicKey);
+        if (!EC_KEY_oct2key(ret, pub_oct, pub_oct_len, NULL)) {
+            ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
+            goto err;
+        }
+    } else {
+        if (ret->group->meth->keygenpub == NULL
+            || ret->group->meth->keygenpub(ret) == 0)
+                goto err;
+        /* Remember the original private-key-only encoding. */
+        ret->enc_flag |= EC_PKEY_NO_PUBKEY;
+    }
+
+    if (a)
+        *a = ret;
+    EC_PRIVATEKEY_free(priv_key);
+    *in = p;
+    return ret;
+
+ err:
+    if (a == NULL || *a != ret)
+        EC_KEY_free(ret);
+    EC_PRIVATEKEY_free(priv_key);
+    return NULL;
+}
+
+int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out)
+{
+    int ret = 0, ok = 0;
+    unsigned char *priv= NULL, *pub= NULL;
+    size_t privlen = 0, publen = 0;
+
+    EC_PRIVATEKEY *priv_key = NULL;
+
+    if (a == NULL || a->group == NULL ||
+        (!(a->enc_flag & EC_PKEY_NO_PUBKEY) && a->pub_key == NULL)) {
+        ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
+        goto err;
+    }
+
+    if ((priv_key = EC_PRIVATEKEY_new()) == NULL) {
+        ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    priv_key->version = a->version;
+
+    privlen = EC_KEY_priv2buf(a, &priv);
+
+    if (privlen == 0) {
+        ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    ASN1_STRING_set0(priv_key->privateKey, priv, privlen);
+    priv = NULL;
+
+    if (!(a->enc_flag & EC_PKEY_NO_PARAMETERS)) {
+        if ((priv_key->parameters =
+             EC_GROUP_get_ecpkparameters(a->group,
+                                        priv_key->parameters)) == NULL) {
+            ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
+            goto err;
+        }
+    }
+
+    if (!(a->enc_flag & EC_PKEY_NO_PUBKEY)) {
+        priv_key->publicKey = ASN1_BIT_STRING_new();
+        if (priv_key->publicKey == NULL) {
+            ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        publen = EC_KEY_key2buf(a, a->conv_form, &pub, NULL);
+
+        if (publen == 0) {
+            ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
+            goto err;
+        }
+
+        priv_key->publicKey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
+        priv_key->publicKey->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+        ASN1_STRING_set0(priv_key->publicKey, pub, publen);
+        pub = NULL;
+    }
+
+    if ((ret = i2d_EC_PRIVATEKEY(priv_key, out)) == 0) {
+        ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
+        goto err;
+    }
+    ok = 1;
+ err:
+    OPENSSL_clear_free(priv, privlen);
+    OPENSSL_free(pub);
+    EC_PRIVATEKEY_free(priv_key);
+    return (ok ? ret : 0);
+}
+
+int i2d_ECParameters(EC_KEY *a, unsigned char **out)
+{
+    if (a == NULL) {
+        ECerr(EC_F_I2D_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    return i2d_ECPKParameters(a->group, out);
+}
+
+EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len)
+{
+    EC_KEY *ret;
+
+    if (in == NULL || *in == NULL) {
+        ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+
+    if (a == NULL || *a == NULL) {
+        if ((ret = EC_KEY_new()) == NULL) {
+            ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+    } else
+        ret = *a;
+
+    if (!d2i_ECPKParameters(&ret->group, in, len)) {
+        ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB);
+        if (a == NULL || *a != ret)
+             EC_KEY_free(ret);
+        return NULL;
+    }
+
+    if (a)
+        *a = ret;
+
+    return ret;
+}
+
+EC_KEY *o2i_ECPublicKey(EC_KEY **a, const unsigned char **in, long len)
+{
+    EC_KEY *ret = NULL;
+
+    if (a == NULL || (*a) == NULL || (*a)->group == NULL) {
+        /*
+         * sorry, but a EC_GROUP-structure is necessary to set the public key
+         */
+        ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    ret = *a;
+    if (!EC_KEY_oct2key(ret, *in, len, NULL)) {
+        ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_EC_LIB);
+        return 0;
+    }
+    *in += len;
+    return ret;
+}
+
+int i2o_ECPublicKey(const EC_KEY *a, unsigned char **out)
+{
+    size_t buf_len = 0;
+    int new_buffer = 0;
+
+    if (a == NULL) {
+        ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
+    buf_len = EC_POINT_point2oct(a->group, a->pub_key,
+                                 a->conv_form, NULL, 0, NULL);
+
+    if (out == NULL || buf_len == 0)
+        /* out == NULL => just return the length of the octet string */
+        return buf_len;
+
+    if (*out == NULL) {
+        if ((*out = OPENSSL_malloc(buf_len)) == NULL) {
+            ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        new_buffer = 1;
+    }
+    if (!EC_POINT_point2oct(a->group, a->pub_key, a->conv_form,
+                            *out, buf_len, NULL)) {
+        ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_EC_LIB);
+        if (new_buffer) {
+            OPENSSL_free(*out);
+            *out = NULL;
+        }
+        return 0;
+    }
+    if (!new_buffer)
+        *out += buf_len;
+    return buf_len;
+}
+
+ASN1_SEQUENCE(ECDSA_SIG) = {
+        ASN1_SIMPLE(ECDSA_SIG, r, CBIGNUM),
+        ASN1_SIMPLE(ECDSA_SIG, s, CBIGNUM)
+} static_ASN1_SEQUENCE_END(ECDSA_SIG)
+
+DECLARE_ASN1_FUNCTIONS_const(ECDSA_SIG)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECDSA_SIG, ECDSA_SIG)
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(ECDSA_SIG, ECDSA_SIG, ECDSA_SIG)
+
+ECDSA_SIG *ECDSA_SIG_new(void)
+{
+    ECDSA_SIG *sig = OPENSSL_zalloc(sizeof(*sig));
+    if (sig == NULL)
+        ECerr(EC_F_ECDSA_SIG_NEW, ERR_R_MALLOC_FAILURE);
+    return sig;
+}
+
+void ECDSA_SIG_free(ECDSA_SIG *sig)
+{
+    if (sig == NULL)
+        return;
+    BN_clear_free(sig->r);
+    BN_clear_free(sig->s);
+    OPENSSL_free(sig);
+}
+
+void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
+{
+    if (pr != NULL)
+        *pr = sig->r;
+    if (ps != NULL)
+        *ps = sig->s;
+}
+
+const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig)
+{
+    return sig->r;
+}
+
+const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig)
+{
+    return sig->s;
+}
+
+int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)
+{
+    if (r == NULL || s == NULL)
+        return 0;
+    BN_clear_free(sig->r);
+    BN_clear_free(sig->s);
+    sig->r = r;
+    sig->s = s;
+    return 1;
+}
+
+int ECDSA_size(const EC_KEY *r)
+{
+    int ret, i;
+    ASN1_INTEGER bs;
+    unsigned char buf[4];
+    const EC_GROUP *group;
+
+    if (r == NULL)
+        return 0;
+    group = EC_KEY_get0_group(r);
+    if (group == NULL)
+        return 0;
+
+    i = EC_GROUP_order_bits(group);
+    if (i == 0)
+        return 0;
+    bs.length = (i + 7) / 8;
+    bs.data = buf;
+    bs.type = V_ASN1_INTEGER;
+    /* If the top bit is set the asn1 encoding is 1 larger. */
+    buf[0] = 0xff;
+
+    i = i2d_ASN1_INTEGER(&bs, NULL);
+    i += i;                     /* r and s */
+    ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE);
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_check.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_check.c
new file mode 100644
index 000000000..eeb06ec1c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_check.c
@@ -0,0 +1,72 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "ec_lcl.h"
+#include <openssl/err.h>
+
+int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx)
+{
+    int ret = 0;
+    const BIGNUM *order;
+    BN_CTX *new_ctx = NULL;
+    EC_POINT *point = NULL;
+
+    /* Custom curves assumed to be correct */
+    if ((group->meth->flags & EC_FLAGS_CUSTOM_CURVE) != 0)
+        return 1;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL) {
+            ECerr(EC_F_EC_GROUP_CHECK, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+
+    /* check the discriminant */
+    if (!EC_GROUP_check_discriminant(group, ctx)) {
+        ECerr(EC_F_EC_GROUP_CHECK, EC_R_DISCRIMINANT_IS_ZERO);
+        goto err;
+    }
+
+    /* check the generator */
+    if (group->generator == NULL) {
+        ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_GENERATOR);
+        goto err;
+    }
+    if (EC_POINT_is_on_curve(group, group->generator, ctx) <= 0) {
+        ECerr(EC_F_EC_GROUP_CHECK, EC_R_POINT_IS_NOT_ON_CURVE);
+        goto err;
+    }
+
+    /* check the order of the generator */
+    if ((point = EC_POINT_new(group)) == NULL)
+        goto err;
+    order = EC_GROUP_get0_order(group);
+    if (order == NULL)
+        goto err;
+    if (BN_is_zero(order)) {
+        ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_ORDER);
+        goto err;
+    }
+
+    if (!EC_POINT_mul(group, point, order, NULL, NULL, ctx))
+        goto err;
+    if (!EC_POINT_is_at_infinity(group, point)) {
+        ECerr(EC_F_EC_GROUP_CHECK, EC_R_INVALID_GROUP_ORDER);
+        goto err;
+    }
+
+    ret = 1;
+
+ err:
+    BN_CTX_free(new_ctx);
+    EC_POINT_free(point);
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_curve.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_curve.c
new file mode 100644
index 000000000..bb1ce196d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_curve.c
@@ -0,0 +1,3199 @@
+/*
+ * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include "ec_lcl.h"
+#include <openssl/err.h>
+#include <openssl/obj_mac.h>
+#include <openssl/opensslconf.h>
+#include "internal/nelem.h"
+
+typedef struct {
+    int field_type,             /* either NID_X9_62_prime_field or
+                                 * NID_X9_62_characteristic_two_field */
+     seed_len, param_len;
+    unsigned int cofactor;      /* promoted to BN_ULONG */
+} EC_CURVE_DATA;
+
+/* the nist prime curves */
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 24 * 6];
+} _EC_NIST_PRIME_192 = {
+    {
+        NID_X9_62_prime_field, 20, 24, 1
+    },
+    {
+        /* seed */
+        0x30, 0x45, 0xAE, 0x6F, 0xC8, 0x42, 0x2F, 0x64, 0xED, 0x57, 0x95, 0x28,
+        0xD3, 0x81, 0x20, 0xEA, 0xE1, 0x21, 0x96, 0xD5,
+        /* p */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        /* a */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
+        /* b */
+        0x64, 0x21, 0x05, 0x19, 0xE5, 0x9C, 0x80, 0xE7, 0x0F, 0xA7, 0xE9, 0xAB,
+        0x72, 0x24, 0x30, 0x49, 0xFE, 0xB8, 0xDE, 0xEC, 0xC1, 0x46, 0xB9, 0xB1,
+        /* x */
+        0x18, 0x8D, 0xA8, 0x0E, 0xB0, 0x30, 0x90, 0xF6, 0x7C, 0xBF, 0x20, 0xEB,
+        0x43, 0xA1, 0x88, 0x00, 0xF4, 0xFF, 0x0A, 0xFD, 0x82, 0xFF, 0x10, 0x12,
+        /* y */
+        0x07, 0x19, 0x2b, 0x95, 0xff, 0xc8, 0xda, 0x78, 0x63, 0x10, 0x11, 0xed,
+        0x6b, 0x24, 0xcd, 0xd5, 0x73, 0xf9, 0x77, 0xa1, 0x1e, 0x79, 0x48, 0x11,
+        /* order */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0x99, 0xDE, 0xF8, 0x36, 0x14, 0x6B, 0xC9, 0xB1, 0xB4, 0xD2, 0x28, 0x31
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 28 * 6];
+} _EC_NIST_PRIME_224 = {
+    {
+        NID_X9_62_prime_field, 20, 28, 1
+    },
+    {
+        /* seed */
+        0xBD, 0x71, 0x34, 0x47, 0x99, 0xD5, 0xC7, 0xFC, 0xDC, 0x45, 0xB5, 0x9F,
+        0xA3, 0xB9, 0xAB, 0x8F, 0x6A, 0x94, 0x8B, 0xC5,
+        /* p */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x01,
+        /* a */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFE,
+        /* b */
+        0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, 0xF5, 0x41, 0x32, 0x56,
+        0x50, 0x44, 0xB0, 0xB7, 0xD7, 0xBF, 0xD8, 0xBA, 0x27, 0x0B, 0x39, 0x43,
+        0x23, 0x55, 0xFF, 0xB4,
+        /* x */
+        0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, 0x32, 0x13, 0x90, 0xB9,
+        0x4A, 0x03, 0xC1, 0xD3, 0x56, 0xC2, 0x11, 0x22, 0x34, 0x32, 0x80, 0xD6,
+        0x11, 0x5C, 0x1D, 0x21,
+        /* y */
+        0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22, 0xdf, 0xe6,
+        0xcd, 0x43, 0x75, 0xa0, 0x5a, 0x07, 0x47, 0x64, 0x44, 0xd5, 0x81, 0x99,
+        0x85, 0x00, 0x7e, 0x34,
+        /* order */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0x16, 0xA2, 0xE0, 0xB8, 0xF0, 0x3E, 0x13, 0xDD, 0x29, 0x45,
+        0x5C, 0x5C, 0x2A, 0x3D
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 48 * 6];
+} _EC_NIST_PRIME_384 = {
+    {
+        NID_X9_62_prime_field, 20, 48, 1
+    },
+    {
+        /* seed */
+        0xA3, 0x35, 0x92, 0x6A, 0xA3, 0x19, 0xA2, 0x7A, 0x1D, 0x00, 0x89, 0x6A,
+        0x67, 0x73, 0xA4, 0x82, 0x7A, 0xCD, 0xAC, 0x73,
+        /* p */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
+        /* a */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFC,
+        /* b */
+        0xB3, 0x31, 0x2F, 0xA7, 0xE2, 0x3E, 0xE7, 0xE4, 0x98, 0x8E, 0x05, 0x6B,
+        0xE3, 0xF8, 0x2D, 0x19, 0x18, 0x1D, 0x9C, 0x6E, 0xFE, 0x81, 0x41, 0x12,
+        0x03, 0x14, 0x08, 0x8F, 0x50, 0x13, 0x87, 0x5A, 0xC6, 0x56, 0x39, 0x8D,
+        0x8A, 0x2E, 0xD1, 0x9D, 0x2A, 0x85, 0xC8, 0xED, 0xD3, 0xEC, 0x2A, 0xEF,
+        /* x */
+        0xAA, 0x87, 0xCA, 0x22, 0xBE, 0x8B, 0x05, 0x37, 0x8E, 0xB1, 0xC7, 0x1E,
+        0xF3, 0x20, 0xAD, 0x74, 0x6E, 0x1D, 0x3B, 0x62, 0x8B, 0xA7, 0x9B, 0x98,
+        0x59, 0xF7, 0x41, 0xE0, 0x82, 0x54, 0x2A, 0x38, 0x55, 0x02, 0xF2, 0x5D,
+        0xBF, 0x55, 0x29, 0x6C, 0x3A, 0x54, 0x5E, 0x38, 0x72, 0x76, 0x0A, 0xB7,
+        /* y */
+        0x36, 0x17, 0xde, 0x4a, 0x96, 0x26, 0x2c, 0x6f, 0x5d, 0x9e, 0x98, 0xbf,
+        0x92, 0x92, 0xdc, 0x29, 0xf8, 0xf4, 0x1d, 0xbd, 0x28, 0x9a, 0x14, 0x7c,
+        0xe9, 0xda, 0x31, 0x13, 0xb5, 0xf0, 0xb8, 0xc0, 0x0a, 0x60, 0xb1, 0xce,
+        0x1d, 0x7e, 0x81, 0x9d, 0x7a, 0x43, 0x1d, 0x7c, 0x90, 0xea, 0x0e, 0x5f,
+        /* order */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xC7, 0x63, 0x4D, 0x81, 0xF4, 0x37, 0x2D, 0xDF, 0x58, 0x1A, 0x0D, 0xB2,
+        0x48, 0xB0, 0xA7, 0x7A, 0xEC, 0xEC, 0x19, 0x6A, 0xCC, 0xC5, 0x29, 0x73
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 66 * 6];
+} _EC_NIST_PRIME_521 = {
+    {
+        NID_X9_62_prime_field, 20, 66, 1
+    },
+    {
+        /* seed */
+        0xD0, 0x9E, 0x88, 0x00, 0x29, 0x1C, 0xB8, 0x53, 0x96, 0xCC, 0x67, 0x17,
+        0x39, 0x32, 0x84, 0xAA, 0xA0, 0xDA, 0x64, 0xBA,
+        /* p */
+        0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        /* a */
+        0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
+        /* b */
+        0x00, 0x51, 0x95, 0x3E, 0xB9, 0x61, 0x8E, 0x1C, 0x9A, 0x1F, 0x92, 0x9A,
+        0x21, 0xA0, 0xB6, 0x85, 0x40, 0xEE, 0xA2, 0xDA, 0x72, 0x5B, 0x99, 0xB3,
+        0x15, 0xF3, 0xB8, 0xB4, 0x89, 0x91, 0x8E, 0xF1, 0x09, 0xE1, 0x56, 0x19,
+        0x39, 0x51, 0xEC, 0x7E, 0x93, 0x7B, 0x16, 0x52, 0xC0, 0xBD, 0x3B, 0xB1,
+        0xBF, 0x07, 0x35, 0x73, 0xDF, 0x88, 0x3D, 0x2C, 0x34, 0xF1, 0xEF, 0x45,
+        0x1F, 0xD4, 0x6B, 0x50, 0x3F, 0x00,
+        /* x */
+        0x00, 0xC6, 0x85, 0x8E, 0x06, 0xB7, 0x04, 0x04, 0xE9, 0xCD, 0x9E, 0x3E,
+        0xCB, 0x66, 0x23, 0x95, 0xB4, 0x42, 0x9C, 0x64, 0x81, 0x39, 0x05, 0x3F,
+        0xB5, 0x21, 0xF8, 0x28, 0xAF, 0x60, 0x6B, 0x4D, 0x3D, 0xBA, 0xA1, 0x4B,
+        0x5E, 0x77, 0xEF, 0xE7, 0x59, 0x28, 0xFE, 0x1D, 0xC1, 0x27, 0xA2, 0xFF,
+        0xA8, 0xDE, 0x33, 0x48, 0xB3, 0xC1, 0x85, 0x6A, 0x42, 0x9B, 0xF9, 0x7E,
+        0x7E, 0x31, 0xC2, 0xE5, 0xBD, 0x66,
+        /* y */
+        0x01, 0x18, 0x39, 0x29, 0x6a, 0x78, 0x9a, 0x3b, 0xc0, 0x04, 0x5c, 0x8a,
+        0x5f, 0xb4, 0x2c, 0x7d, 0x1b, 0xd9, 0x98, 0xf5, 0x44, 0x49, 0x57, 0x9b,
+        0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17, 0x27, 0x3e, 0x66, 0x2c, 0x97, 0xee,
+        0x72, 0x99, 0x5e, 0xf4, 0x26, 0x40, 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad,
+        0x07, 0x61, 0x35, 0x3c, 0x70, 0x86, 0xa2, 0x72, 0xc2, 0x40, 0x88, 0xbe,
+        0x94, 0x76, 0x9f, 0xd1, 0x66, 0x50,
+        /* order */
+        0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFA, 0x51, 0x86,
+        0x87, 0x83, 0xBF, 0x2F, 0x96, 0x6B, 0x7F, 0xCC, 0x01, 0x48, 0xF7, 0x09,
+        0xA5, 0xD0, 0x3B, 0xB5, 0xC9, 0xB8, 0x89, 0x9C, 0x47, 0xAE, 0xBB, 0x6F,
+        0xB7, 0x1E, 0x91, 0x38, 0x64, 0x09
+    }
+};
+
+/* the x9.62 prime curves (minus the nist prime curves) */
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 24 * 6];
+} _EC_X9_62_PRIME_192V2 = {
+    {
+        NID_X9_62_prime_field, 20, 24, 1
+    },
+    {
+        /* seed */
+        0x31, 0xA9, 0x2E, 0xE2, 0x02, 0x9F, 0xD1, 0x0D, 0x90, 0x1B, 0x11, 0x3E,
+        0x99, 0x07, 0x10, 0xF0, 0xD2, 0x1A, 0xC6, 0xB6,
+        /* p */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        /* a */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
+        /* b */
+        0xCC, 0x22, 0xD6, 0xDF, 0xB9, 0x5C, 0x6B, 0x25, 0xE4, 0x9C, 0x0D, 0x63,
+        0x64, 0xA4, 0xE5, 0x98, 0x0C, 0x39, 0x3A, 0xA2, 0x16, 0x68, 0xD9, 0x53,
+        /* x */
+        0xEE, 0xA2, 0xBA, 0xE7, 0xE1, 0x49, 0x78, 0x42, 0xF2, 0xDE, 0x77, 0x69,
+        0xCF, 0xE9, 0xC9, 0x89, 0xC0, 0x72, 0xAD, 0x69, 0x6F, 0x48, 0x03, 0x4A,
+        /* y */
+        0x65, 0x74, 0xd1, 0x1d, 0x69, 0xb6, 0xec, 0x7a, 0x67, 0x2b, 0xb8, 0x2a,
+        0x08, 0x3d, 0xf2, 0xf2, 0xb0, 0x84, 0x7d, 0xe9, 0x70, 0xb2, 0xde, 0x15,
+        /* order */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE,
+        0x5F, 0xB1, 0xA7, 0x24, 0xDC, 0x80, 0x41, 0x86, 0x48, 0xD8, 0xDD, 0x31
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 24 * 6];
+} _EC_X9_62_PRIME_192V3 = {
+    {
+        NID_X9_62_prime_field, 20, 24, 1
+    },
+    {
+        /* seed */
+        0xC4, 0x69, 0x68, 0x44, 0x35, 0xDE, 0xB3, 0x78, 0xC4, 0xB6, 0x5C, 0xA9,
+        0x59, 0x1E, 0x2A, 0x57, 0x63, 0x05, 0x9A, 0x2E,
+        /* p */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        /* a */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
+        /* b */
+        0x22, 0x12, 0x3D, 0xC2, 0x39, 0x5A, 0x05, 0xCA, 0xA7, 0x42, 0x3D, 0xAE,
+        0xCC, 0xC9, 0x47, 0x60, 0xA7, 0xD4, 0x62, 0x25, 0x6B, 0xD5, 0x69, 0x16,
+        /* x */
+        0x7D, 0x29, 0x77, 0x81, 0x00, 0xC6, 0x5A, 0x1D, 0xA1, 0x78, 0x37, 0x16,
+        0x58, 0x8D, 0xCE, 0x2B, 0x8B, 0x4A, 0xEE, 0x8E, 0x22, 0x8F, 0x18, 0x96,
+        /* y */
+        0x38, 0xa9, 0x0f, 0x22, 0x63, 0x73, 0x37, 0x33, 0x4b, 0x49, 0xdc, 0xb6,
+        0x6a, 0x6d, 0xc8, 0xf9, 0x97, 0x8a, 0xca, 0x76, 0x48, 0xa9, 0x43, 0xb0,
+        /* order */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0x7A, 0x62, 0xD0, 0x31, 0xC8, 0x3F, 0x42, 0x94, 0xF6, 0x40, 0xEC, 0x13
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 30 * 6];
+} _EC_X9_62_PRIME_239V1 = {
+    {
+        NID_X9_62_prime_field, 20, 30, 1
+    },
+    {
+        /* seed */
+        0xE4, 0x3B, 0xB4, 0x60, 0xF0, 0xB8, 0x0C, 0xC0, 0xC0, 0xB0, 0x75, 0x79,
+        0x8E, 0x94, 0x80, 0x60, 0xF8, 0x32, 0x1B, 0x7D,
+        /* p */
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        /* a */
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
+        /* b */
+        0x6B, 0x01, 0x6C, 0x3B, 0xDC, 0xF1, 0x89, 0x41, 0xD0, 0xD6, 0x54, 0x92,
+        0x14, 0x75, 0xCA, 0x71, 0xA9, 0xDB, 0x2F, 0xB2, 0x7D, 0x1D, 0x37, 0x79,
+        0x61, 0x85, 0xC2, 0x94, 0x2C, 0x0A,
+        /* x */
+        0x0F, 0xFA, 0x96, 0x3C, 0xDC, 0xA8, 0x81, 0x6C, 0xCC, 0x33, 0xB8, 0x64,
+        0x2B, 0xED, 0xF9, 0x05, 0xC3, 0xD3, 0x58, 0x57, 0x3D, 0x3F, 0x27, 0xFB,
+        0xBD, 0x3B, 0x3C, 0xB9, 0xAA, 0xAF,
+        /* y */
+        0x7d, 0xeb, 0xe8, 0xe4, 0xe9, 0x0a, 0x5d, 0xae, 0x6e, 0x40, 0x54, 0xca,
+        0x53, 0x0b, 0xa0, 0x46, 0x54, 0xb3, 0x68, 0x18, 0xce, 0x22, 0x6b, 0x39,
+        0xfc, 0xcb, 0x7b, 0x02, 0xf1, 0xae,
+        /* order */
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0x7F, 0xFF, 0xFF, 0x9E, 0x5E, 0x9A, 0x9F, 0x5D, 0x90, 0x71, 0xFB, 0xD1,
+        0x52, 0x26, 0x88, 0x90, 0x9D, 0x0B
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 30 * 6];
+} _EC_X9_62_PRIME_239V2 = {
+    {
+        NID_X9_62_prime_field, 20, 30, 1
+    },
+    {
+        /* seed */
+        0xE8, 0xB4, 0x01, 0x16, 0x04, 0x09, 0x53, 0x03, 0xCA, 0x3B, 0x80, 0x99,
+        0x98, 0x2B, 0xE0, 0x9F, 0xCB, 0x9A, 0xE6, 0x16,
+        /* p */
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        /* a */
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
+        /* b */
+        0x61, 0x7F, 0xAB, 0x68, 0x32, 0x57, 0x6C, 0xBB, 0xFE, 0xD5, 0x0D, 0x99,
+        0xF0, 0x24, 0x9C, 0x3F, 0xEE, 0x58, 0xB9, 0x4B, 0xA0, 0x03, 0x8C, 0x7A,
+        0xE8, 0x4C, 0x8C, 0x83, 0x2F, 0x2C,
+        /* x */
+        0x38, 0xAF, 0x09, 0xD9, 0x87, 0x27, 0x70, 0x51, 0x20, 0xC9, 0x21, 0xBB,
+        0x5E, 0x9E, 0x26, 0x29, 0x6A, 0x3C, 0xDC, 0xF2, 0xF3, 0x57, 0x57, 0xA0,
+        0xEA, 0xFD, 0x87, 0xB8, 0x30, 0xE7,
+        /* y */
+        0x5b, 0x01, 0x25, 0xe4, 0xdb, 0xea, 0x0e, 0xc7, 0x20, 0x6d, 0xa0, 0xfc,
+        0x01, 0xd9, 0xb0, 0x81, 0x32, 0x9f, 0xb5, 0x55, 0xde, 0x6e, 0xf4, 0x60,
+        0x23, 0x7d, 0xff, 0x8b, 0xe4, 0xba,
+        /* order */
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0x80, 0x00, 0x00, 0xCF, 0xA7, 0xE8, 0x59, 0x43, 0x77, 0xD4, 0x14, 0xC0,
+        0x38, 0x21, 0xBC, 0x58, 0x20, 0x63
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 30 * 6];
+} _EC_X9_62_PRIME_239V3 = {
+    {
+        NID_X9_62_prime_field, 20, 30, 1
+    },
+    {
+        /* seed */
+        0x7D, 0x73, 0x74, 0x16, 0x8F, 0xFE, 0x34, 0x71, 0xB6, 0x0A, 0x85, 0x76,
+        0x86, 0xA1, 0x94, 0x75, 0xD3, 0xBF, 0xA2, 0xFF,
+        /* p */
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        /* a */
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
+        /* b */
+        0x25, 0x57, 0x05, 0xFA, 0x2A, 0x30, 0x66, 0x54, 0xB1, 0xF4, 0xCB, 0x03,
+        0xD6, 0xA7, 0x50, 0xA3, 0x0C, 0x25, 0x01, 0x02, 0xD4, 0x98, 0x87, 0x17,
+        0xD9, 0xBA, 0x15, 0xAB, 0x6D, 0x3E,
+        /* x */
+        0x67, 0x68, 0xAE, 0x8E, 0x18, 0xBB, 0x92, 0xCF, 0xCF, 0x00, 0x5C, 0x94,
+        0x9A, 0xA2, 0xC6, 0xD9, 0x48, 0x53, 0xD0, 0xE6, 0x60, 0xBB, 0xF8, 0x54,
+        0xB1, 0xC9, 0x50, 0x5F, 0xE9, 0x5A,
+        /* y */
+        0x16, 0x07, 0xe6, 0x89, 0x8f, 0x39, 0x0c, 0x06, 0xbc, 0x1d, 0x55, 0x2b,
+        0xad, 0x22, 0x6f, 0x3b, 0x6f, 0xcf, 0xe4, 0x8b, 0x6e, 0x81, 0x84, 0x99,
+        0xaf, 0x18, 0xe3, 0xed, 0x6c, 0xf3,
+        /* order */
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0x7F, 0xFF, 0xFF, 0x97, 0x5D, 0xEB, 0x41, 0xB3, 0xA6, 0x05, 0x7C, 0x3C,
+        0x43, 0x21, 0x46, 0x52, 0x65, 0x51
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 32 * 6];
+} _EC_X9_62_PRIME_256V1 = {
+    {
+        NID_X9_62_prime_field, 20, 32, 1
+    },
+    {
+        /* seed */
+        0xC4, 0x9D, 0x36, 0x08, 0x86, 0xE7, 0x04, 0x93, 0x6A, 0x66, 0x78, 0xE1,
+        0x13, 0x9D, 0x26, 0xB7, 0x81, 0x9F, 0x7E, 0x90,
+        /* p */
+        0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        /* a */
+        0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
+        /* b */
+        0x5A, 0xC6, 0x35, 0xD8, 0xAA, 0x3A, 0x93, 0xE7, 0xB3, 0xEB, 0xBD, 0x55,
+        0x76, 0x98, 0x86, 0xBC, 0x65, 0x1D, 0x06, 0xB0, 0xCC, 0x53, 0xB0, 0xF6,
+        0x3B, 0xCE, 0x3C, 0x3E, 0x27, 0xD2, 0x60, 0x4B,
+        /* x */
+        0x6B, 0x17, 0xD1, 0xF2, 0xE1, 0x2C, 0x42, 0x47, 0xF8, 0xBC, 0xE6, 0xE5,
+        0x63, 0xA4, 0x40, 0xF2, 0x77, 0x03, 0x7D, 0x81, 0x2D, 0xEB, 0x33, 0xA0,
+        0xF4, 0xA1, 0x39, 0x45, 0xD8, 0x98, 0xC2, 0x96,
+        /* y */
+        0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb, 0x4a,
+        0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce,
+        0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5,
+        /* order */
+        0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
+        0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
+    }
+};
+
+/* the secg prime curves (minus the nist and x9.62 prime curves) */
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 14 * 6];
+} _EC_SECG_PRIME_112R1 = {
+    {
+        NID_X9_62_prime_field, 20, 14, 1
+    },
+    {
+        /* seed */
+        0x00, 0xF5, 0x0B, 0x02, 0x8E, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61,
+        0x51, 0x75, 0x29, 0x04, 0x72, 0x78, 0x3F, 0xB1,
+        /* p */
+        0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, 0x80, 0x76, 0xBE, 0xAD,
+        0x20, 0x8B,
+        /* a */
+        0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, 0x80, 0x76, 0xBE, 0xAD,
+        0x20, 0x88,
+        /* b */
+        0x65, 0x9E, 0xF8, 0xBA, 0x04, 0x39, 0x16, 0xEE, 0xDE, 0x89, 0x11, 0x70,
+        0x2B, 0x22,
+        /* x */
+        0x09, 0x48, 0x72, 0x39, 0x99, 0x5A, 0x5E, 0xE7, 0x6B, 0x55, 0xF9, 0xC2,
+        0xF0, 0x98,
+        /* y */
+        0xa8, 0x9c, 0xe5, 0xaf, 0x87, 0x24, 0xc0, 0xa2, 0x3e, 0x0e, 0x0f, 0xf7,
+        0x75, 0x00,
+        /* order */
+        0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x76, 0x28, 0xDF, 0xAC, 0x65,
+        0x61, 0xC5
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 14 * 6];
+} _EC_SECG_PRIME_112R2 = {
+    {
+        NID_X9_62_prime_field, 20, 14, 4
+    },
+    {
+        /* seed */
+        0x00, 0x27, 0x57, 0xA1, 0x11, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61,
+        0x51, 0x75, 0x53, 0x16, 0xC0, 0x5E, 0x0B, 0xD4,
+        /* p */
+        0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, 0x80, 0x76, 0xBE, 0xAD,
+        0x20, 0x8B,
+        /* a */
+        0x61, 0x27, 0xC2, 0x4C, 0x05, 0xF3, 0x8A, 0x0A, 0xAA, 0xF6, 0x5C, 0x0E,
+        0xF0, 0x2C,
+        /* b */
+        0x51, 0xDE, 0xF1, 0x81, 0x5D, 0xB5, 0xED, 0x74, 0xFC, 0xC3, 0x4C, 0x85,
+        0xD7, 0x09,
+        /* x */
+        0x4B, 0xA3, 0x0A, 0xB5, 0xE8, 0x92, 0xB4, 0xE1, 0x64, 0x9D, 0xD0, 0x92,
+        0x86, 0x43,
+        /* y */
+        0xad, 0xcd, 0x46, 0xf5, 0x88, 0x2e, 0x37, 0x47, 0xde, 0xf3, 0x6e, 0x95,
+        0x6e, 0x97,
+        /* order */
+        0x36, 0xDF, 0x0A, 0xAF, 0xD8, 0xB8, 0xD7, 0x59, 0x7C, 0xA1, 0x05, 0x20,
+        0xD0, 0x4B
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 16 * 6];
+} _EC_SECG_PRIME_128R1 = {
+    {
+        NID_X9_62_prime_field, 20, 16, 1
+    },
+    {
+        /* seed */
+        0x00, 0x0E, 0x0D, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75,
+        0x0C, 0xC0, 0x3A, 0x44, 0x73, 0xD0, 0x36, 0x79,
+        /* p */
+        0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF,
+        /* a */
+        0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFC,
+        /* b */
+        0xE8, 0x75, 0x79, 0xC1, 0x10, 0x79, 0xF4, 0x3D, 0xD8, 0x24, 0x99, 0x3C,
+        0x2C, 0xEE, 0x5E, 0xD3,
+        /* x */
+        0x16, 0x1F, 0xF7, 0x52, 0x8B, 0x89, 0x9B, 0x2D, 0x0C, 0x28, 0x60, 0x7C,
+        0xA5, 0x2C, 0x5B, 0x86,
+        /* y */
+        0xcf, 0x5a, 0xc8, 0x39, 0x5b, 0xaf, 0xeb, 0x13, 0xc0, 0x2d, 0xa2, 0x92,
+        0xdd, 0xed, 0x7a, 0x83,
+        /* order */
+        0xFF, 0xFF, 0xFF, 0xFE, 0x00, 0x00, 0x00, 0x00, 0x75, 0xA3, 0x0D, 0x1B,
+        0x90, 0x38, 0xA1, 0x15
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 16 * 6];
+} _EC_SECG_PRIME_128R2 = {
+    {
+        NID_X9_62_prime_field, 20, 16, 4
+    },
+    {
+        /* seed */
+        0x00, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75, 0x12, 0xD8,
+        0xF0, 0x34, 0x31, 0xFC, 0xE6, 0x3B, 0x88, 0xF4,
+        /* p */
+        0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF,
+        /* a */
+        0xD6, 0x03, 0x19, 0x98, 0xD1, 0xB3, 0xBB, 0xFE, 0xBF, 0x59, 0xCC, 0x9B,
+        0xBF, 0xF9, 0xAE, 0xE1,
+        /* b */
+        0x5E, 0xEE, 0xFC, 0xA3, 0x80, 0xD0, 0x29, 0x19, 0xDC, 0x2C, 0x65, 0x58,
+        0xBB, 0x6D, 0x8A, 0x5D,
+        /* x */
+        0x7B, 0x6A, 0xA5, 0xD8, 0x5E, 0x57, 0x29, 0x83, 0xE6, 0xFB, 0x32, 0xA7,
+        0xCD, 0xEB, 0xC1, 0x40,
+        /* y */
+        0x27, 0xb6, 0x91, 0x6a, 0x89, 0x4d, 0x3a, 0xee, 0x71, 0x06, 0xfe, 0x80,
+        0x5f, 0xc3, 0x4b, 0x44,
+        /* order */
+        0x3F, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, 0xBE, 0x00, 0x24, 0x72,
+        0x06, 0x13, 0xB5, 0xA3
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 21 * 6];
+} _EC_SECG_PRIME_160K1 = {
+    {
+        NID_X9_62_prime_field, 0, 21, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xAC, 0x73,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        /* b */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07,
+        /* x */
+        0x00, 0x3B, 0x4C, 0x38, 0x2C, 0xE3, 0x7A, 0xA1, 0x92, 0xA4, 0x01, 0x9E,
+        0x76, 0x30, 0x36, 0xF4, 0xF5, 0xDD, 0x4D, 0x7E, 0xBB,
+        /* y */
+        0x00, 0x93, 0x8c, 0xf9, 0x35, 0x31, 0x8f, 0xdc, 0xed, 0x6b, 0xc2, 0x82,
+        0x86, 0x53, 0x17, 0x33, 0xc3, 0xf0, 0x3c, 0x4f, 0xee,
+        /* order */
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xB8,
+        0xFA, 0x16, 0xDF, 0xAB, 0x9A, 0xCA, 0x16, 0xB6, 0xB3
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 21 * 6];
+} _EC_SECG_PRIME_160R1 = {
+    {
+        NID_X9_62_prime_field, 20, 21, 1
+    },
+    {
+        /* seed */
+        0x10, 0x53, 0xCD, 0xE4, 0x2C, 0x14, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56,
+        0x15, 0x17, 0x53, 0x3B, 0xF3, 0xF8, 0x33, 0x45,
+        /* p */
+        0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF,
+        /* a */
+        0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFC,
+        /* b */
+        0x00, 0x1C, 0x97, 0xBE, 0xFC, 0x54, 0xBD, 0x7A, 0x8B, 0x65, 0xAC, 0xF8,
+        0x9F, 0x81, 0xD4, 0xD4, 0xAD, 0xC5, 0x65, 0xFA, 0x45,
+        /* x */
+        0x00, 0x4A, 0x96, 0xB5, 0x68, 0x8E, 0xF5, 0x73, 0x28, 0x46, 0x64, 0x69,
+        0x89, 0x68, 0xC3, 0x8B, 0xB9, 0x13, 0xCB, 0xFC, 0x82,
+        /* y */
+        0x00, 0x23, 0xa6, 0x28, 0x55, 0x31, 0x68, 0x94, 0x7d, 0x59, 0xdc, 0xc9,
+        0x12, 0x04, 0x23, 0x51, 0x37, 0x7a, 0xc5, 0xfb, 0x32,
+        /* order */
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xF4,
+        0xC8, 0xF9, 0x27, 0xAE, 0xD3, 0xCA, 0x75, 0x22, 0x57
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 21 * 6];
+} _EC_SECG_PRIME_160R2 = {
+    {
+        NID_X9_62_prime_field, 20, 21, 1
+    },
+    {
+        /* seed */
+        0xB9, 0x9B, 0x99, 0xB0, 0x99, 0xB3, 0x23, 0xE0, 0x27, 0x09, 0xA4, 0xD6,
+        0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x51,
+        /* p */
+        0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xAC, 0x73,
+        /* a */
+        0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xAC, 0x70,
+        /* b */
+        0x00, 0xB4, 0xE1, 0x34, 0xD3, 0xFB, 0x59, 0xEB, 0x8B, 0xAB, 0x57, 0x27,
+        0x49, 0x04, 0x66, 0x4D, 0x5A, 0xF5, 0x03, 0x88, 0xBA,
+        /* x */
+        0x00, 0x52, 0xDC, 0xB0, 0x34, 0x29, 0x3A, 0x11, 0x7E, 0x1F, 0x4F, 0xF1,
+        0x1B, 0x30, 0xF7, 0x19, 0x9D, 0x31, 0x44, 0xCE, 0x6D,
+        /* y */
+        0x00, 0xfe, 0xaf, 0xfe, 0xf2, 0xe3, 0x31, 0xf2, 0x96, 0xe0, 0x71, 0xfa,
+        0x0d, 0xf9, 0x98, 0x2c, 0xfe, 0xa7, 0xd4, 0x3f, 0x2e,
+        /* order */
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x35,
+        0x1E, 0xE7, 0x86, 0xA8, 0x18, 0xF3, 0xA1, 0xA1, 0x6B
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 24 * 6];
+} _EC_SECG_PRIME_192K1 = {
+    {
+        NID_X9_62_prime_field, 0, 24, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xEE, 0x37,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        /* b */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03,
+        /* x */
+        0xDB, 0x4F, 0xF1, 0x0E, 0xC0, 0x57, 0xE9, 0xAE, 0x26, 0xB0, 0x7D, 0x02,
+        0x80, 0xB7, 0xF4, 0x34, 0x1D, 0xA5, 0xD1, 0xB1, 0xEA, 0xE0, 0x6C, 0x7D,
+        /* y */
+        0x9b, 0x2f, 0x2f, 0x6d, 0x9c, 0x56, 0x28, 0xa7, 0x84, 0x41, 0x63, 0xd0,
+        0x15, 0xbe, 0x86, 0x34, 0x40, 0x82, 0xaa, 0x88, 0xd9, 0x5e, 0x2f, 0x9d,
+        /* order */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE,
+        0x26, 0xF2, 0xFC, 0x17, 0x0F, 0x69, 0x46, 0x6A, 0x74, 0xDE, 0xFD, 0x8D
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 29 * 6];
+} _EC_SECG_PRIME_224K1 = {
+    {
+        NID_X9_62_prime_field, 0, 29, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFE, 0xFF, 0xFF, 0xE5, 0x6D,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00,
+        /* b */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x05,
+        /* x */
+        0x00, 0xA1, 0x45, 0x5B, 0x33, 0x4D, 0xF0, 0x99, 0xDF, 0x30, 0xFC, 0x28,
+        0xA1, 0x69, 0xA4, 0x67, 0xE9, 0xE4, 0x70, 0x75, 0xA9, 0x0F, 0x7E, 0x65,
+        0x0E, 0xB6, 0xB7, 0xA4, 0x5C,
+        /* y */
+        0x00, 0x7e, 0x08, 0x9f, 0xed, 0x7f, 0xba, 0x34, 0x42, 0x82, 0xca, 0xfb,
+        0xd6, 0xf7, 0xe3, 0x19, 0xf7, 0xc0, 0xb0, 0xbd, 0x59, 0xe2, 0xca, 0x4b,
+        0xdb, 0x55, 0x6d, 0x61, 0xa5,
+        /* order */
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x01, 0xDC, 0xE8, 0xD2, 0xEC, 0x61, 0x84, 0xCA, 0xF0, 0xA9,
+        0x71, 0x76, 0x9F, 0xB1, 0xF7
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 32 * 6];
+} _EC_SECG_PRIME_256K1 = {
+    {
+        NID_X9_62_prime_field, 0, 32, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFC, 0x2F,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        /* b */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07,
+        /* x */
+        0x79, 0xBE, 0x66, 0x7E, 0xF9, 0xDC, 0xBB, 0xAC, 0x55, 0xA0, 0x62, 0x95,
+        0xCE, 0x87, 0x0B, 0x07, 0x02, 0x9B, 0xFC, 0xDB, 0x2D, 0xCE, 0x28, 0xD9,
+        0x59, 0xF2, 0x81, 0x5B, 0x16, 0xF8, 0x17, 0x98,
+        /* y */
+        0x48, 0x3a, 0xda, 0x77, 0x26, 0xa3, 0xc4, 0x65, 0x5d, 0xa4, 0xfb, 0xfc,
+        0x0e, 0x11, 0x08, 0xa8, 0xfd, 0x17, 0xb4, 0x48, 0xa6, 0x85, 0x54, 0x19,
+        0x9c, 0x47, 0xd0, 0x8f, 0xfb, 0x10, 0xd4, 0xb8,
+        /* order */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B,
+        0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x41
+    }
+};
+
+/* some wap/wtls curves */
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 15 * 6];
+} _EC_WTLS_8 = {
+    {
+        NID_X9_62_prime_field, 0, 15, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFD, 0xE7,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00,
+        /* b */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x03,
+        /* x */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x01,
+        /* y */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x02,
+        /* order */
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xEC, 0xEA, 0x55, 0x1A,
+        0xD8, 0x37, 0xE9
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 21 * 6];
+} _EC_WTLS_9 = {
+    {
+        NID_X9_62_prime_field, 0, 21, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, 0x80, 0x8F,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        /* b */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03,
+        /* x */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* y */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
+        /* order */
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xCD,
+        0xC9, 0x8A, 0xE0, 0xE2, 0xDE, 0x57, 0x4A, 0xBF, 0x33
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 28 * 6];
+} _EC_WTLS_12 = {
+    {
+        NID_X9_62_prime_field, 0, 28, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x01,
+        /* a */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFE,
+        /* b */
+        0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, 0xF5, 0x41, 0x32, 0x56,
+        0x50, 0x44, 0xB0, 0xB7, 0xD7, 0xBF, 0xD8, 0xBA, 0x27, 0x0B, 0x39, 0x43,
+        0x23, 0x55, 0xFF, 0xB4,
+        /* x */
+        0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, 0x32, 0x13, 0x90, 0xB9,
+        0x4A, 0x03, 0xC1, 0xD3, 0x56, 0xC2, 0x11, 0x22, 0x34, 0x32, 0x80, 0xD6,
+        0x11, 0x5C, 0x1D, 0x21,
+        /* y */
+        0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22, 0xdf, 0xe6,
+        0xcd, 0x43, 0x75, 0xa0, 0x5a, 0x07, 0x47, 0x64, 0x44, 0xd5, 0x81, 0x99,
+        0x85, 0x00, 0x7e, 0x34,
+        /* order */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0x16, 0xA2, 0xE0, 0xB8, 0xF0, 0x3E, 0x13, 0xDD, 0x29, 0x45,
+        0x5C, 0x5C, 0x2A, 0x3D
+    }
+};
+
+#ifndef OPENSSL_NO_EC2M
+
+/* characteristic two curves */
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 15 * 6];
+} _EC_SECG_CHAR2_113R1 = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 15, 2
+    },
+    {
+        /* seed */
+        0x10, 0xE7, 0x23, 0xAB, 0x14, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15,
+        0x17, 0x56, 0xFE, 0xBF, 0x8F, 0xCB, 0x49, 0xA9,
+        /* p */
+        0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x02, 0x01,
+        /* a */
+        0x00, 0x30, 0x88, 0x25, 0x0C, 0xA6, 0xE7, 0xC7, 0xFE, 0x64, 0x9C, 0xE8,
+        0x58, 0x20, 0xF7,
+        /* b */
+        0x00, 0xE8, 0xBE, 0xE4, 0xD3, 0xE2, 0x26, 0x07, 0x44, 0x18, 0x8B, 0xE0,
+        0xE9, 0xC7, 0x23,
+        /* x */
+        0x00, 0x9D, 0x73, 0x61, 0x6F, 0x35, 0xF4, 0xAB, 0x14, 0x07, 0xD7, 0x35,
+        0x62, 0xC1, 0x0F,
+        /* y */
+        0x00, 0xA5, 0x28, 0x30, 0x27, 0x79, 0x58, 0xEE, 0x84, 0xD1, 0x31, 0x5E,
+        0xD3, 0x18, 0x86,
+        /* order */
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xD9, 0xCC, 0xEC, 0x8A,
+        0x39, 0xE5, 0x6F
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 15 * 6];
+} _EC_SECG_CHAR2_113R2 = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 15, 2
+    },
+    {
+        /* seed */
+        0x10, 0xC0, 0xFB, 0x15, 0x76, 0x08, 0x60, 0xDE, 0xF1, 0xEE, 0xF4, 0xD6,
+        0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x5D,
+        /* p */
+        0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x02, 0x01,
+        /* a */
+        0x00, 0x68, 0x99, 0x18, 0xDB, 0xEC, 0x7E, 0x5A, 0x0D, 0xD6, 0xDF, 0xC0,
+        0xAA, 0x55, 0xC7,
+        /* b */
+        0x00, 0x95, 0xE9, 0xA9, 0xEC, 0x9B, 0x29, 0x7B, 0xD4, 0xBF, 0x36, 0xE0,
+        0x59, 0x18, 0x4F,
+        /* x */
+        0x01, 0xA5, 0x7A, 0x6A, 0x7B, 0x26, 0xCA, 0x5E, 0xF5, 0x2F, 0xCD, 0xB8,
+        0x16, 0x47, 0x97,
+        /* y */
+        0x00, 0xB3, 0xAD, 0xC9, 0x4E, 0xD1, 0xFE, 0x67, 0x4C, 0x06, 0xE6, 0x95,
+        0xBA, 0xBA, 0x1D,
+        /* order */
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x08, 0x78, 0x9B, 0x24,
+        0x96, 0xAF, 0x93
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 17 * 6];
+} _EC_SECG_CHAR2_131R1 = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 17, 2
+    },
+    {
+        /* seed */
+        0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75, 0x98, 0x5B, 0xD3,
+        0xAD, 0xBA, 0xDA, 0x21, 0xB4, 0x3A, 0x97, 0xE2,
+        /* p */
+        0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x01, 0x0D,
+        /* a */
+        0x07, 0xA1, 0x1B, 0x09, 0xA7, 0x6B, 0x56, 0x21, 0x44, 0x41, 0x8F, 0xF3,
+        0xFF, 0x8C, 0x25, 0x70, 0xB8,
+        /* b */
+        0x02, 0x17, 0xC0, 0x56, 0x10, 0x88, 0x4B, 0x63, 0xB9, 0xC6, 0xC7, 0x29,
+        0x16, 0x78, 0xF9, 0xD3, 0x41,
+        /* x */
+        0x00, 0x81, 0xBA, 0xF9, 0x1F, 0xDF, 0x98, 0x33, 0xC4, 0x0F, 0x9C, 0x18,
+        0x13, 0x43, 0x63, 0x83, 0x99,
+        /* y */
+        0x07, 0x8C, 0x6E, 0x7E, 0xA3, 0x8C, 0x00, 0x1F, 0x73, 0xC8, 0x13, 0x4B,
+        0x1B, 0x4E, 0xF9, 0xE1, 0x50,
+        /* order */
+        0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x31, 0x23, 0x95,
+        0x3A, 0x94, 0x64, 0xB5, 0x4D
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 17 * 6];
+} _EC_SECG_CHAR2_131R2 = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 17, 2
+    },
+    {
+        /* seed */
+        0x98, 0x5B, 0xD3, 0xAD, 0xBA, 0xD4, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56,
+        0x15, 0x17, 0x5A, 0x21, 0xB4, 0x3A, 0x97, 0xE3,
+        /* p */
+        0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x01, 0x0D,
+        /* a */
+        0x03, 0xE5, 0xA8, 0x89, 0x19, 0xD7, 0xCA, 0xFC, 0xBF, 0x41, 0x5F, 0x07,
+        0xC2, 0x17, 0x65, 0x73, 0xB2,
+        /* b */
+        0x04, 0xB8, 0x26, 0x6A, 0x46, 0xC5, 0x56, 0x57, 0xAC, 0x73, 0x4C, 0xE3,
+        0x8F, 0x01, 0x8F, 0x21, 0x92,
+        /* x */
+        0x03, 0x56, 0xDC, 0xD8, 0xF2, 0xF9, 0x50, 0x31, 0xAD, 0x65, 0x2D, 0x23,
+        0x95, 0x1B, 0xB3, 0x66, 0xA8,
+        /* y */
+        0x06, 0x48, 0xF0, 0x6D, 0x86, 0x79, 0x40, 0xA5, 0x36, 0x6D, 0x9E, 0x26,
+        0x5D, 0xE9, 0xEB, 0x24, 0x0F,
+        /* order */
+        0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x69, 0x54, 0xA2,
+        0x33, 0x04, 0x9B, 0xA9, 0x8F
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 21 * 6];
+} _EC_NIST_CHAR2_163K = {
+    {
+        NID_X9_62_characteristic_two_field, 0, 21, 2
+    },
+    {
+        /* no seed */
+        /* p */
+        0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xC9,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* b */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* x */
+        0x02, 0xFE, 0x13, 0xC0, 0x53, 0x7B, 0xBC, 0x11, 0xAC, 0xAA, 0x07, 0xD7,
+        0x93, 0xDE, 0x4E, 0x6D, 0x5E, 0x5C, 0x94, 0xEE, 0xE8,
+        /* y */
+        0x02, 0x89, 0x07, 0x0F, 0xB0, 0x5D, 0x38, 0xFF, 0x58, 0x32, 0x1F, 0x2E,
+        0x80, 0x05, 0x36, 0xD5, 0x38, 0xCC, 0xDA, 0xA3, 0xD9,
+        /* order */
+        0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x01,
+        0x08, 0xA2, 0xE0, 0xCC, 0x0D, 0x99, 0xF8, 0xA5, 0xEF
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 21 * 6];
+} _EC_SECG_CHAR2_163R1 = {
+    {
+        NID_X9_62_characteristic_two_field, 0, 21, 2
+    },
+    {
+        /* p */
+        0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xC9,
+        /* a */
+        0x07, 0xB6, 0x88, 0x2C, 0xAA, 0xEF, 0xA8, 0x4F, 0x95, 0x54, 0xFF, 0x84,
+        0x28, 0xBD, 0x88, 0xE2, 0x46, 0xD2, 0x78, 0x2A, 0xE2,
+        /* b */
+        0x07, 0x13, 0x61, 0x2D, 0xCD, 0xDC, 0xB4, 0x0A, 0xAB, 0x94, 0x6B, 0xDA,
+        0x29, 0xCA, 0x91, 0xF7, 0x3A, 0xF9, 0x58, 0xAF, 0xD9,
+        /* x */
+        0x03, 0x69, 0x97, 0x96, 0x97, 0xAB, 0x43, 0x89, 0x77, 0x89, 0x56, 0x67,
+        0x89, 0x56, 0x7F, 0x78, 0x7A, 0x78, 0x76, 0xA6, 0x54,
+        /* y */
+        0x00, 0x43, 0x5E, 0xDB, 0x42, 0xEF, 0xAF, 0xB2, 0x98, 0x9D, 0x51, 0xFE,
+        0xFC, 0xE3, 0xC8, 0x09, 0x88, 0xF4, 0x1F, 0xF8, 0x83,
+        /* order */
+        0x03, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x48,
+        0xAA, 0xB6, 0x89, 0xC2, 0x9C, 0xA7, 0x10, 0x27, 0x9B
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 21 * 6];
+} _EC_NIST_CHAR2_163B = {
+    {
+        NID_X9_62_characteristic_two_field, 0, 21, 2
+    },
+    {
+        /* p */
+        0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xC9,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* b */
+        0x02, 0x0A, 0x60, 0x19, 0x07, 0xB8, 0xC9, 0x53, 0xCA, 0x14, 0x81, 0xEB,
+        0x10, 0x51, 0x2F, 0x78, 0x74, 0x4A, 0x32, 0x05, 0xFD,
+        /* x */
+        0x03, 0xF0, 0xEB, 0xA1, 0x62, 0x86, 0xA2, 0xD5, 0x7E, 0xA0, 0x99, 0x11,
+        0x68, 0xD4, 0x99, 0x46, 0x37, 0xE8, 0x34, 0x3E, 0x36,
+        /* y */
+        0x00, 0xD5, 0x1F, 0xBC, 0x6C, 0x71, 0xA0, 0x09, 0x4F, 0xA2, 0xCD, 0xD5,
+        0x45, 0xB1, 0x1C, 0x5C, 0x0C, 0x79, 0x73, 0x24, 0xF1,
+        /* order */
+        0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x92,
+        0xFE, 0x77, 0xE7, 0x0C, 0x12, 0xA4, 0x23, 0x4C, 0x33
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 25 * 6];
+} _EC_SECG_CHAR2_193R1 = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 25, 2
+    },
+    {
+        /* seed */
+        0x10, 0x3F, 0xAE, 0xC7, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51,
+        0x75, 0x77, 0x7F, 0xC5, 0xB1, 0x91, 0xEF, 0x30,
+        /* p */
+        0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80,
+        0x01,
+        /* a */
+        0x00, 0x17, 0x85, 0x8F, 0xEB, 0x7A, 0x98, 0x97, 0x51, 0x69, 0xE1, 0x71,
+        0xF7, 0x7B, 0x40, 0x87, 0xDE, 0x09, 0x8A, 0xC8, 0xA9, 0x11, 0xDF, 0x7B,
+        0x01,
+        /* b */
+        0x00, 0xFD, 0xFB, 0x49, 0xBF, 0xE6, 0xC3, 0xA8, 0x9F, 0xAC, 0xAD, 0xAA,
+        0x7A, 0x1E, 0x5B, 0xBC, 0x7C, 0xC1, 0xC2, 0xE5, 0xD8, 0x31, 0x47, 0x88,
+        0x14,
+        /* x */
+        0x01, 0xF4, 0x81, 0xBC, 0x5F, 0x0F, 0xF8, 0x4A, 0x74, 0xAD, 0x6C, 0xDF,
+        0x6F, 0xDE, 0xF4, 0xBF, 0x61, 0x79, 0x62, 0x53, 0x72, 0xD8, 0xC0, 0xC5,
+        0xE1,
+        /* y */
+        0x00, 0x25, 0xE3, 0x99, 0xF2, 0x90, 0x37, 0x12, 0xCC, 0xF3, 0xEA, 0x9E,
+        0x3A, 0x1A, 0xD1, 0x7F, 0xB0, 0xB3, 0x20, 0x1B, 0x6A, 0xF7, 0xCE, 0x1B,
+        0x05,
+        /* order */
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0xC7, 0xF3, 0x4A, 0x77, 0x8F, 0x44, 0x3A, 0xCC, 0x92, 0x0E, 0xBA,
+        0x49
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 25 * 6];
+} _EC_SECG_CHAR2_193R2 = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 25, 2
+    },
+    {
+        /* seed */
+        0x10, 0xB7, 0xB4, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x51,
+        0x37, 0xC8, 0xA1, 0x6F, 0xD0, 0xDA, 0x22, 0x11,
+        /* p */
+        0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80,
+        0x01,
+        /* a */
+        0x01, 0x63, 0xF3, 0x5A, 0x51, 0x37, 0xC2, 0xCE, 0x3E, 0xA6, 0xED, 0x86,
+        0x67, 0x19, 0x0B, 0x0B, 0xC4, 0x3E, 0xCD, 0x69, 0x97, 0x77, 0x02, 0x70,
+        0x9B,
+        /* b */
+        0x00, 0xC9, 0xBB, 0x9E, 0x89, 0x27, 0xD4, 0xD6, 0x4C, 0x37, 0x7E, 0x2A,
+        0xB2, 0x85, 0x6A, 0x5B, 0x16, 0xE3, 0xEF, 0xB7, 0xF6, 0x1D, 0x43, 0x16,
+        0xAE,
+        /* x */
+        0x00, 0xD9, 0xB6, 0x7D, 0x19, 0x2E, 0x03, 0x67, 0xC8, 0x03, 0xF3, 0x9E,
+        0x1A, 0x7E, 0x82, 0xCA, 0x14, 0xA6, 0x51, 0x35, 0x0A, 0xAE, 0x61, 0x7E,
+        0x8F,
+        /* y */
+        0x01, 0xCE, 0x94, 0x33, 0x56, 0x07, 0xC3, 0x04, 0xAC, 0x29, 0xE7, 0xDE,
+        0xFB, 0xD9, 0xCA, 0x01, 0xF5, 0x96, 0xF9, 0x27, 0x22, 0x4C, 0xDE, 0xCF,
+        0x6C,
+        /* order */
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x01, 0x5A, 0xAB, 0x56, 0x1B, 0x00, 0x54, 0x13, 0xCC, 0xD4, 0xEE, 0x99,
+        0xD5
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 30 * 6];
+} _EC_NIST_CHAR2_233K = {
+    {
+        NID_X9_62_characteristic_two_field, 0, 30, 4
+    },
+    {
+        /* no seed */
+        0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        /* b */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* x */
+        0x01, 0x72, 0x32, 0xBA, 0x85, 0x3A, 0x7E, 0x73, 0x1A, 0xF1, 0x29, 0xF2,
+        0x2F, 0xF4, 0x14, 0x95, 0x63, 0xA4, 0x19, 0xC2, 0x6B, 0xF5, 0x0A, 0x4C,
+        0x9D, 0x6E, 0xEF, 0xAD, 0x61, 0x26,
+        /* y */
+        0x01, 0xDB, 0x53, 0x7D, 0xEC, 0xE8, 0x19, 0xB7, 0xF7, 0x0F, 0x55, 0x5A,
+        0x67, 0xC4, 0x27, 0xA8, 0xCD, 0x9B, 0xF1, 0x8A, 0xEB, 0x9B, 0x56, 0xE0,
+        0xC1, 0x10, 0x56, 0xFA, 0xE6, 0xA3,
+        /* order */
+        0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x06, 0x9D, 0x5B, 0xB9, 0x15, 0xBC, 0xD4, 0x6E, 0xFB,
+        0x1A, 0xD5, 0xF1, 0x73, 0xAB, 0xDF
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 30 * 6];
+} _EC_NIST_CHAR2_233B = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 30, 2
+    },
+    {
+        /* seed */
+        0x74, 0xD5, 0x9F, 0xF0, 0x7F, 0x6B, 0x41, 0x3D, 0x0E, 0xA1, 0x4B, 0x34,
+        0x4B, 0x20, 0xA2, 0xDB, 0x04, 0x9B, 0x50, 0xC3,
+        /* p */
+        0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* b */
+        0x00, 0x66, 0x64, 0x7E, 0xDE, 0x6C, 0x33, 0x2C, 0x7F, 0x8C, 0x09, 0x23,
+        0xBB, 0x58, 0x21, 0x3B, 0x33, 0x3B, 0x20, 0xE9, 0xCE, 0x42, 0x81, 0xFE,
+        0x11, 0x5F, 0x7D, 0x8F, 0x90, 0xAD,
+        /* x */
+        0x00, 0xFA, 0xC9, 0xDF, 0xCB, 0xAC, 0x83, 0x13, 0xBB, 0x21, 0x39, 0xF1,
+        0xBB, 0x75, 0x5F, 0xEF, 0x65, 0xBC, 0x39, 0x1F, 0x8B, 0x36, 0xF8, 0xF8,
+        0xEB, 0x73, 0x71, 0xFD, 0x55, 0x8B,
+        /* y */
+        0x01, 0x00, 0x6A, 0x08, 0xA4, 0x19, 0x03, 0x35, 0x06, 0x78, 0xE5, 0x85,
+        0x28, 0xBE, 0xBF, 0x8A, 0x0B, 0xEF, 0xF8, 0x67, 0xA7, 0xCA, 0x36, 0x71,
+        0x6F, 0x7E, 0x01, 0xF8, 0x10, 0x52,
+        /* order */
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x13, 0xE9, 0x74, 0xE7, 0x2F, 0x8A, 0x69, 0x22, 0x03,
+        0x1D, 0x26, 0x03, 0xCF, 0xE0, 0xD7
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 30 * 6];
+} _EC_SECG_CHAR2_239K1 = {
+    {
+        NID_X9_62_characteristic_two_field, 0, 30, 4
+    },
+    {
+        /* no seed */
+        0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        /* b */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* x */
+        0x29, 0xA0, 0xB6, 0xA8, 0x87, 0xA9, 0x83, 0xE9, 0x73, 0x09, 0x88, 0xA6,
+        0x87, 0x27, 0xA8, 0xB2, 0xD1, 0x26, 0xC4, 0x4C, 0xC2, 0xCC, 0x7B, 0x2A,
+        0x65, 0x55, 0x19, 0x30, 0x35, 0xDC,
+        /* y */
+        0x76, 0x31, 0x08, 0x04, 0xF1, 0x2E, 0x54, 0x9B, 0xDB, 0x01, 0x1C, 0x10,
+        0x30, 0x89, 0xE7, 0x35, 0x10, 0xAC, 0xB2, 0x75, 0xFC, 0x31, 0x2A, 0x5D,
+        0xC6, 0xB7, 0x65, 0x53, 0xF0, 0xCA,
+        /* order */
+        0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x5A, 0x79, 0xFE, 0xC6, 0x7C, 0xB6, 0xE9, 0x1F, 0x1C,
+        0x1D, 0xA8, 0x00, 0xE4, 0x78, 0xA5
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 36 * 6];
+} _EC_NIST_CHAR2_283K = {
+    {
+        NID_X9_62_characteristic_two_field, 0, 36, 4
+    },
+    {
+        /* no seed */
+        0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0xA1,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        /* b */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* x */
+        0x05, 0x03, 0x21, 0x3F, 0x78, 0xCA, 0x44, 0x88, 0x3F, 0x1A, 0x3B, 0x81,
+        0x62, 0xF1, 0x88, 0xE5, 0x53, 0xCD, 0x26, 0x5F, 0x23, 0xC1, 0x56, 0x7A,
+        0x16, 0x87, 0x69, 0x13, 0xB0, 0xC2, 0xAC, 0x24, 0x58, 0x49, 0x28, 0x36,
+        /* y */
+        0x01, 0xCC, 0xDA, 0x38, 0x0F, 0x1C, 0x9E, 0x31, 0x8D, 0x90, 0xF9, 0x5D,
+        0x07, 0xE5, 0x42, 0x6F, 0xE8, 0x7E, 0x45, 0xC0, 0xE8, 0x18, 0x46, 0x98,
+        0xE4, 0x59, 0x62, 0x36, 0x4E, 0x34, 0x11, 0x61, 0x77, 0xDD, 0x22, 0x59,
+        /* order */
+        0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xE9, 0xAE, 0x2E, 0xD0, 0x75, 0x77,
+        0x26, 0x5D, 0xFF, 0x7F, 0x94, 0x45, 0x1E, 0x06, 0x1E, 0x16, 0x3C, 0x61
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 36 * 6];
+} _EC_NIST_CHAR2_283B = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 36, 2
+    },
+    {
+        /* no seed */
+        0x77, 0xE2, 0xB0, 0x73, 0x70, 0xEB, 0x0F, 0x83, 0x2A, 0x6D, 0xD5, 0xB6,
+        0x2D, 0xFC, 0x88, 0xCD, 0x06, 0xBB, 0x84, 0xBE,
+        /* p */
+        0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0xA1,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* b */
+        0x02, 0x7B, 0x68, 0x0A, 0xC8, 0xB8, 0x59, 0x6D, 0xA5, 0xA4, 0xAF, 0x8A,
+        0x19, 0xA0, 0x30, 0x3F, 0xCA, 0x97, 0xFD, 0x76, 0x45, 0x30, 0x9F, 0xA2,
+        0xA5, 0x81, 0x48, 0x5A, 0xF6, 0x26, 0x3E, 0x31, 0x3B, 0x79, 0xA2, 0xF5,
+        /* x */
+        0x05, 0xF9, 0x39, 0x25, 0x8D, 0xB7, 0xDD, 0x90, 0xE1, 0x93, 0x4F, 0x8C,
+        0x70, 0xB0, 0xDF, 0xEC, 0x2E, 0xED, 0x25, 0xB8, 0x55, 0x7E, 0xAC, 0x9C,
+        0x80, 0xE2, 0xE1, 0x98, 0xF8, 0xCD, 0xBE, 0xCD, 0x86, 0xB1, 0x20, 0x53,
+        /* y */
+        0x03, 0x67, 0x68, 0x54, 0xFE, 0x24, 0x14, 0x1C, 0xB9, 0x8F, 0xE6, 0xD4,
+        0xB2, 0x0D, 0x02, 0xB4, 0x51, 0x6F, 0xF7, 0x02, 0x35, 0x0E, 0xDD, 0xB0,
+        0x82, 0x67, 0x79, 0xC8, 0x13, 0xF0, 0xDF, 0x45, 0xBE, 0x81, 0x12, 0xF4,
+        /* order */
+        0x03, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xEF, 0x90, 0x39, 0x96, 0x60, 0xFC,
+        0x93, 0x8A, 0x90, 0x16, 0x5B, 0x04, 0x2A, 0x7C, 0xEF, 0xAD, 0xB3, 0x07
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 52 * 6];
+} _EC_NIST_CHAR2_409K = {
+    {
+        NID_X9_62_characteristic_two_field, 0, 52, 4
+    },
+    {
+        /* no seed */
+        /* p */
+        0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x01,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00,
+        /* b */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x01,
+        /* x */
+        0x00, 0x60, 0xF0, 0x5F, 0x65, 0x8F, 0x49, 0xC1, 0xAD, 0x3A, 0xB1, 0x89,
+        0x0F, 0x71, 0x84, 0x21, 0x0E, 0xFD, 0x09, 0x87, 0xE3, 0x07, 0xC8, 0x4C,
+        0x27, 0xAC, 0xCF, 0xB8, 0xF9, 0xF6, 0x7C, 0xC2, 0xC4, 0x60, 0x18, 0x9E,
+        0xB5, 0xAA, 0xAA, 0x62, 0xEE, 0x22, 0x2E, 0xB1, 0xB3, 0x55, 0x40, 0xCF,
+        0xE9, 0x02, 0x37, 0x46,
+        /* y */
+        0x01, 0xE3, 0x69, 0x05, 0x0B, 0x7C, 0x4E, 0x42, 0xAC, 0xBA, 0x1D, 0xAC,
+        0xBF, 0x04, 0x29, 0x9C, 0x34, 0x60, 0x78, 0x2F, 0x91, 0x8E, 0xA4, 0x27,
+        0xE6, 0x32, 0x51, 0x65, 0xE9, 0xEA, 0x10, 0xE3, 0xDA, 0x5F, 0x6C, 0x42,
+        0xE9, 0xC5, 0x52, 0x15, 0xAA, 0x9C, 0xA2, 0x7A, 0x58, 0x63, 0xEC, 0x48,
+        0xD8, 0xE0, 0x28, 0x6B,
+        /* order */
+        0x00, 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFE, 0x5F, 0x83, 0xB2, 0xD4, 0xEA, 0x20, 0x40, 0x0E, 0xC4,
+        0x55, 0x7D, 0x5E, 0xD3, 0xE3, 0xE7, 0xCA, 0x5B, 0x4B, 0x5C, 0x83, 0xB8,
+        0xE0, 0x1E, 0x5F, 0xCF
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 52 * 6];
+} _EC_NIST_CHAR2_409B = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 52, 2
+    },
+    {
+        /* seed */
+        0x40, 0x99, 0xB5, 0xA4, 0x57, 0xF9, 0xD6, 0x9F, 0x79, 0x21, 0x3D, 0x09,
+        0x4C, 0x4B, 0xCD, 0x4D, 0x42, 0x62, 0x21, 0x0B,
+        /* p */
+        0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x01,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x01,
+        /* b */
+        0x00, 0x21, 0xA5, 0xC2, 0xC8, 0xEE, 0x9F, 0xEB, 0x5C, 0x4B, 0x9A, 0x75,
+        0x3B, 0x7B, 0x47, 0x6B, 0x7F, 0xD6, 0x42, 0x2E, 0xF1, 0xF3, 0xDD, 0x67,
+        0x47, 0x61, 0xFA, 0x99, 0xD6, 0xAC, 0x27, 0xC8, 0xA9, 0xA1, 0x97, 0xB2,
+        0x72, 0x82, 0x2F, 0x6C, 0xD5, 0x7A, 0x55, 0xAA, 0x4F, 0x50, 0xAE, 0x31,
+        0x7B, 0x13, 0x54, 0x5F,
+        /* x */
+        0x01, 0x5D, 0x48, 0x60, 0xD0, 0x88, 0xDD, 0xB3, 0x49, 0x6B, 0x0C, 0x60,
+        0x64, 0x75, 0x62, 0x60, 0x44, 0x1C, 0xDE, 0x4A, 0xF1, 0x77, 0x1D, 0x4D,
+        0xB0, 0x1F, 0xFE, 0x5B, 0x34, 0xE5, 0x97, 0x03, 0xDC, 0x25, 0x5A, 0x86,
+        0x8A, 0x11, 0x80, 0x51, 0x56, 0x03, 0xAE, 0xAB, 0x60, 0x79, 0x4E, 0x54,
+        0xBB, 0x79, 0x96, 0xA7,
+        /* y */
+        0x00, 0x61, 0xB1, 0xCF, 0xAB, 0x6B, 0xE5, 0xF3, 0x2B, 0xBF, 0xA7, 0x83,
+        0x24, 0xED, 0x10, 0x6A, 0x76, 0x36, 0xB9, 0xC5, 0xA7, 0xBD, 0x19, 0x8D,
+        0x01, 0x58, 0xAA, 0x4F, 0x54, 0x88, 0xD0, 0x8F, 0x38, 0x51, 0x4F, 0x1F,
+        0xDF, 0x4B, 0x4F, 0x40, 0xD2, 0x18, 0x1B, 0x36, 0x81, 0xC3, 0x64, 0xBA,
+        0x02, 0x73, 0xC7, 0x06,
+        /* order */
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x01, 0xE2, 0xAA, 0xD6, 0xA6, 0x12, 0xF3, 0x33, 0x07, 0xBE,
+        0x5F, 0xA4, 0x7C, 0x3C, 0x9E, 0x05, 0x2F, 0x83, 0x81, 0x64, 0xCD, 0x37,
+        0xD9, 0xA2, 0x11, 0x73
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 72 * 6];
+} _EC_NIST_CHAR2_571K = {
+    {
+        NID_X9_62_characteristic_two_field, 0, 72, 4
+    },
+    {
+        /* no seed */
+        /* p */
+        0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x25,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        /* b */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* x */
+        0x02, 0x6E, 0xB7, 0xA8, 0x59, 0x92, 0x3F, 0xBC, 0x82, 0x18, 0x96, 0x31,
+        0xF8, 0x10, 0x3F, 0xE4, 0xAC, 0x9C, 0xA2, 0x97, 0x00, 0x12, 0xD5, 0xD4,
+        0x60, 0x24, 0x80, 0x48, 0x01, 0x84, 0x1C, 0xA4, 0x43, 0x70, 0x95, 0x84,
+        0x93, 0xB2, 0x05, 0xE6, 0x47, 0xDA, 0x30, 0x4D, 0xB4, 0xCE, 0xB0, 0x8C,
+        0xBB, 0xD1, 0xBA, 0x39, 0x49, 0x47, 0x76, 0xFB, 0x98, 0x8B, 0x47, 0x17,
+        0x4D, 0xCA, 0x88, 0xC7, 0xE2, 0x94, 0x52, 0x83, 0xA0, 0x1C, 0x89, 0x72,
+        /* y */
+        0x03, 0x49, 0xDC, 0x80, 0x7F, 0x4F, 0xBF, 0x37, 0x4F, 0x4A, 0xEA, 0xDE,
+        0x3B, 0xCA, 0x95, 0x31, 0x4D, 0xD5, 0x8C, 0xEC, 0x9F, 0x30, 0x7A, 0x54,
+        0xFF, 0xC6, 0x1E, 0xFC, 0x00, 0x6D, 0x8A, 0x2C, 0x9D, 0x49, 0x79, 0xC0,
+        0xAC, 0x44, 0xAE, 0xA7, 0x4F, 0xBE, 0xBB, 0xB9, 0xF7, 0x72, 0xAE, 0xDC,
+        0xB6, 0x20, 0xB0, 0x1A, 0x7B, 0xA7, 0xAF, 0x1B, 0x32, 0x04, 0x30, 0xC8,
+        0x59, 0x19, 0x84, 0xF6, 0x01, 0xCD, 0x4C, 0x14, 0x3E, 0xF1, 0xC7, 0xA3,
+        /* order */
+        0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x13, 0x18, 0x50, 0xE1, 0xF1, 0x9A, 0x63, 0xE4, 0xB3, 0x91, 0xA8, 0xDB,
+        0x91, 0x7F, 0x41, 0x38, 0xB6, 0x30, 0xD8, 0x4B, 0xE5, 0xD6, 0x39, 0x38,
+        0x1E, 0x91, 0xDE, 0xB4, 0x5C, 0xFE, 0x77, 0x8F, 0x63, 0x7C, 0x10, 0x01
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 72 * 6];
+} _EC_NIST_CHAR2_571B = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 72, 2
+    },
+    {
+        /* seed */
+        0x2A, 0xA0, 0x58, 0xF7, 0x3A, 0x0E, 0x33, 0xAB, 0x48, 0x6B, 0x0F, 0x61,
+        0x04, 0x10, 0xC5, 0x3A, 0x7F, 0x13, 0x23, 0x10,
+        /* p */
+        0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x25,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* b */
+        0x02, 0xF4, 0x0E, 0x7E, 0x22, 0x21, 0xF2, 0x95, 0xDE, 0x29, 0x71, 0x17,
+        0xB7, 0xF3, 0xD6, 0x2F, 0x5C, 0x6A, 0x97, 0xFF, 0xCB, 0x8C, 0xEF, 0xF1,
+        0xCD, 0x6B, 0xA8, 0xCE, 0x4A, 0x9A, 0x18, 0xAD, 0x84, 0xFF, 0xAB, 0xBD,
+        0x8E, 0xFA, 0x59, 0x33, 0x2B, 0xE7, 0xAD, 0x67, 0x56, 0xA6, 0x6E, 0x29,
+        0x4A, 0xFD, 0x18, 0x5A, 0x78, 0xFF, 0x12, 0xAA, 0x52, 0x0E, 0x4D, 0xE7,
+        0x39, 0xBA, 0xCA, 0x0C, 0x7F, 0xFE, 0xFF, 0x7F, 0x29, 0x55, 0x72, 0x7A,
+        /* x */
+        0x03, 0x03, 0x00, 0x1D, 0x34, 0xB8, 0x56, 0x29, 0x6C, 0x16, 0xC0, 0xD4,
+        0x0D, 0x3C, 0xD7, 0x75, 0x0A, 0x93, 0xD1, 0xD2, 0x95, 0x5F, 0xA8, 0x0A,
+        0xA5, 0xF4, 0x0F, 0xC8, 0xDB, 0x7B, 0x2A, 0xBD, 0xBD, 0xE5, 0x39, 0x50,
+        0xF4, 0xC0, 0xD2, 0x93, 0xCD, 0xD7, 0x11, 0xA3, 0x5B, 0x67, 0xFB, 0x14,
+        0x99, 0xAE, 0x60, 0x03, 0x86, 0x14, 0xF1, 0x39, 0x4A, 0xBF, 0xA3, 0xB4,
+        0xC8, 0x50, 0xD9, 0x27, 0xE1, 0xE7, 0x76, 0x9C, 0x8E, 0xEC, 0x2D, 0x19,
+        /* y */
+        0x03, 0x7B, 0xF2, 0x73, 0x42, 0xDA, 0x63, 0x9B, 0x6D, 0xCC, 0xFF, 0xFE,
+        0xB7, 0x3D, 0x69, 0xD7, 0x8C, 0x6C, 0x27, 0xA6, 0x00, 0x9C, 0xBB, 0xCA,
+        0x19, 0x80, 0xF8, 0x53, 0x39, 0x21, 0xE8, 0xA6, 0x84, 0x42, 0x3E, 0x43,
+        0xBA, 0xB0, 0x8A, 0x57, 0x62, 0x91, 0xAF, 0x8F, 0x46, 0x1B, 0xB2, 0xA8,
+        0xB3, 0x53, 0x1D, 0x2F, 0x04, 0x85, 0xC1, 0x9B, 0x16, 0xE2, 0xF1, 0x51,
+        0x6E, 0x23, 0xDD, 0x3C, 0x1A, 0x48, 0x27, 0xAF, 0x1B, 0x8A, 0xC1, 0x5B,
+        /* order */
+        0x03, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xE6, 0x61, 0xCE, 0x18, 0xFF, 0x55, 0x98, 0x73, 0x08, 0x05, 0x9B, 0x18,
+        0x68, 0x23, 0x85, 0x1E, 0xC7, 0xDD, 0x9C, 0xA1, 0x16, 0x1D, 0xE9, 0x3D,
+        0x51, 0x74, 0xD6, 0x6E, 0x83, 0x82, 0xE9, 0xBB, 0x2F, 0xE8, 0x4E, 0x47
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 21 * 6];
+} _EC_X9_62_CHAR2_163V1 = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 21, 2
+    },
+    {
+        /* seed */
+        0xD2, 0xC0, 0xFB, 0x15, 0x76, 0x08, 0x60, 0xDE, 0xF1, 0xEE, 0xF4, 0xD6,
+        0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x54,
+        /* p */
+        0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x07,
+        /* a */
+        0x07, 0x25, 0x46, 0xB5, 0x43, 0x52, 0x34, 0xA4, 0x22, 0xE0, 0x78, 0x96,
+        0x75, 0xF4, 0x32, 0xC8, 0x94, 0x35, 0xDE, 0x52, 0x42,
+        /* b */
+        0x00, 0xC9, 0x51, 0x7D, 0x06, 0xD5, 0x24, 0x0D, 0x3C, 0xFF, 0x38, 0xC7,
+        0x4B, 0x20, 0xB6, 0xCD, 0x4D, 0x6F, 0x9D, 0xD4, 0xD9,
+        /* x */
+        0x07, 0xAF, 0x69, 0x98, 0x95, 0x46, 0x10, 0x3D, 0x79, 0x32, 0x9F, 0xCC,
+        0x3D, 0x74, 0x88, 0x0F, 0x33, 0xBB, 0xE8, 0x03, 0xCB,
+        /* y */
+        0x01, 0xEC, 0x23, 0x21, 0x1B, 0x59, 0x66, 0xAD, 0xEA, 0x1D, 0x3F, 0x87,
+        0xF7, 0xEA, 0x58, 0x48, 0xAE, 0xF0, 0xB7, 0xCA, 0x9F,
+        /* order */
+        0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xE6,
+        0x0F, 0xC8, 0x82, 0x1C, 0xC7, 0x4D, 0xAE, 0xAF, 0xC1
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 21 * 6];
+} _EC_X9_62_CHAR2_163V2 = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 21, 2
+    },
+    {
+        /* seed */
+        0x53, 0x81, 0x4C, 0x05, 0x0D, 0x44, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56,
+        0x15, 0x17, 0x58, 0x0C, 0xA4, 0xE2, 0x9F, 0xFD,
+        /* p */
+        0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x07,
+        /* a */
+        0x01, 0x08, 0xB3, 0x9E, 0x77, 0xC4, 0xB1, 0x08, 0xBE, 0xD9, 0x81, 0xED,
+        0x0E, 0x89, 0x0E, 0x11, 0x7C, 0x51, 0x1C, 0xF0, 0x72,
+        /* b */
+        0x06, 0x67, 0xAC, 0xEB, 0x38, 0xAF, 0x4E, 0x48, 0x8C, 0x40, 0x74, 0x33,
+        0xFF, 0xAE, 0x4F, 0x1C, 0x81, 0x16, 0x38, 0xDF, 0x20,
+        /* x */
+        0x00, 0x24, 0x26, 0x6E, 0x4E, 0xB5, 0x10, 0x6D, 0x0A, 0x96, 0x4D, 0x92,
+        0xC4, 0x86, 0x0E, 0x26, 0x71, 0xDB, 0x9B, 0x6C, 0xC5,
+        /* y */
+        0x07, 0x9F, 0x68, 0x4D, 0xDF, 0x66, 0x84, 0xC5, 0xCD, 0x25, 0x8B, 0x38,
+        0x90, 0x02, 0x1B, 0x23, 0x86, 0xDF, 0xD1, 0x9F, 0xC5,
+        /* order */
+        0x03, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFD, 0xF6,
+        0x4D, 0xE1, 0x15, 0x1A, 0xDB, 0xB7, 0x8F, 0x10, 0xA7
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 21 * 6];
+} _EC_X9_62_CHAR2_163V3 = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 21, 2
+    },
+    {
+        /* seed */
+        0x50, 0xCB, 0xF1, 0xD9, 0x5C, 0xA9, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75,
+        0x61, 0x51, 0x75, 0xF1, 0x6A, 0x36, 0xA3, 0xB8,
+        /* p */
+        0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x07,
+        /* a */
+        0x07, 0xA5, 0x26, 0xC6, 0x3D, 0x3E, 0x25, 0xA2, 0x56, 0xA0, 0x07, 0x69,
+        0x9F, 0x54, 0x47, 0xE3, 0x2A, 0xE4, 0x56, 0xB5, 0x0E,
+        /* b */
+        0x03, 0xF7, 0x06, 0x17, 0x98, 0xEB, 0x99, 0xE2, 0x38, 0xFD, 0x6F, 0x1B,
+        0xF9, 0x5B, 0x48, 0xFE, 0xEB, 0x48, 0x54, 0x25, 0x2B,
+        /* x */
+        0x02, 0xF9, 0xF8, 0x7B, 0x7C, 0x57, 0x4D, 0x0B, 0xDE, 0xCF, 0x8A, 0x22,
+        0xE6, 0x52, 0x47, 0x75, 0xF9, 0x8C, 0xDE, 0xBD, 0xCB,
+        /* y */
+        0x05, 0xB9, 0x35, 0x59, 0x0C, 0x15, 0x5E, 0x17, 0xEA, 0x48, 0xEB, 0x3F,
+        0xF3, 0x71, 0x8B, 0x89, 0x3D, 0xF5, 0x9A, 0x05, 0xD0,
+        /* order */
+        0x03, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0x1A,
+        0xEE, 0x14, 0x0F, 0x11, 0x0A, 0xFF, 0x96, 0x13, 0x09
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 23 * 6];
+} _EC_X9_62_CHAR2_176V1 = {
+    {
+        NID_X9_62_characteristic_two_field, 0, 23, 0xFF6E
+    },
+    {
+        /* no seed */
+        /* p */
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x07,
+        /* a */
+        0x00, 0xE4, 0xE6, 0xDB, 0x29, 0x95, 0x06, 0x5C, 0x40, 0x7D, 0x9D, 0x39,
+        0xB8, 0xD0, 0x96, 0x7B, 0x96, 0x70, 0x4B, 0xA8, 0xE9, 0xC9, 0x0B,
+        /* b */
+        0x00, 0x5D, 0xDA, 0x47, 0x0A, 0xBE, 0x64, 0x14, 0xDE, 0x8E, 0xC1, 0x33,
+        0xAE, 0x28, 0xE9, 0xBB, 0xD7, 0xFC, 0xEC, 0x0A, 0xE0, 0xFF, 0xF2,
+        /* x */
+        0x00, 0x8D, 0x16, 0xC2, 0x86, 0x67, 0x98, 0xB6, 0x00, 0xF9, 0xF0, 0x8B,
+        0xB4, 0xA8, 0xE8, 0x60, 0xF3, 0x29, 0x8C, 0xE0, 0x4A, 0x57, 0x98,
+        /* y */
+        0x00, 0x6F, 0xA4, 0x53, 0x9C, 0x2D, 0xAD, 0xDD, 0xD6, 0xBA, 0xB5, 0x16,
+        0x7D, 0x61, 0xB4, 0x36, 0xE1, 0xD9, 0x2B, 0xB1, 0x6A, 0x56, 0x2C,
+        /* order */
+        0x00, 0x00, 0x01, 0x00, 0x92, 0x53, 0x73, 0x97, 0xEC, 0xA4, 0xF6, 0x14,
+        0x57, 0x99, 0xD6, 0x2B, 0x0A, 0x19, 0xCE, 0x06, 0xFE, 0x26, 0xAD
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 24 * 6];
+} _EC_X9_62_CHAR2_191V1 = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 24, 2
+    },
+    {
+        /* seed */
+        0x4E, 0x13, 0xCA, 0x54, 0x27, 0x44, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56,
+        0x15, 0x17, 0x55, 0x2F, 0x27, 0x9A, 0x8C, 0x84,
+        /* p */
+        0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x01,
+        /* a */
+        0x28, 0x66, 0x53, 0x7B, 0x67, 0x67, 0x52, 0x63, 0x6A, 0x68, 0xF5, 0x65,
+        0x54, 0xE1, 0x26, 0x40, 0x27, 0x6B, 0x64, 0x9E, 0xF7, 0x52, 0x62, 0x67,
+        /* b */
+        0x2E, 0x45, 0xEF, 0x57, 0x1F, 0x00, 0x78, 0x6F, 0x67, 0xB0, 0x08, 0x1B,
+        0x94, 0x95, 0xA3, 0xD9, 0x54, 0x62, 0xF5, 0xDE, 0x0A, 0xA1, 0x85, 0xEC,
+        /* x */
+        0x36, 0xB3, 0xDA, 0xF8, 0xA2, 0x32, 0x06, 0xF9, 0xC4, 0xF2, 0x99, 0xD7,
+        0xB2, 0x1A, 0x9C, 0x36, 0x91, 0x37, 0xF2, 0xC8, 0x4A, 0xE1, 0xAA, 0x0D,
+        /* y */
+        0x76, 0x5B, 0xE7, 0x34, 0x33, 0xB3, 0xF9, 0x5E, 0x33, 0x29, 0x32, 0xE7,
+        0x0E, 0xA2, 0x45, 0xCA, 0x24, 0x18, 0xEA, 0x0E, 0xF9, 0x80, 0x18, 0xFB,
+        /* order */
+        0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x04, 0xA2, 0x0E, 0x90, 0xC3, 0x90, 0x67, 0xC8, 0x93, 0xBB, 0xB9, 0xA5
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 24 * 6];
+} _EC_X9_62_CHAR2_191V2 = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 24, 4
+    },
+    {
+        /* seed */
+        0x08, 0x71, 0xEF, 0x2F, 0xEF, 0x24, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56,
+        0x15, 0x17, 0x58, 0xBE, 0xE0, 0xD9, 0x5C, 0x15,
+        /* p */
+        0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x01,
+        /* a */
+        0x40, 0x10, 0x28, 0x77, 0x4D, 0x77, 0x77, 0xC7, 0xB7, 0x66, 0x6D, 0x13,
+        0x66, 0xEA, 0x43, 0x20, 0x71, 0x27, 0x4F, 0x89, 0xFF, 0x01, 0xE7, 0x18,
+        /* b */
+        0x06, 0x20, 0x04, 0x8D, 0x28, 0xBC, 0xBD, 0x03, 0xB6, 0x24, 0x9C, 0x99,
+        0x18, 0x2B, 0x7C, 0x8C, 0xD1, 0x97, 0x00, 0xC3, 0x62, 0xC4, 0x6A, 0x01,
+        /* x */
+        0x38, 0x09, 0xB2, 0xB7, 0xCC, 0x1B, 0x28, 0xCC, 0x5A, 0x87, 0x92, 0x6A,
+        0xAD, 0x83, 0xFD, 0x28, 0x78, 0x9E, 0x81, 0xE2, 0xC9, 0xE3, 0xBF, 0x10,
+        /* y */
+        0x17, 0x43, 0x43, 0x86, 0x62, 0x6D, 0x14, 0xF3, 0xDB, 0xF0, 0x17, 0x60,
+        0xD9, 0x21, 0x3A, 0x3E, 0x1C, 0xF3, 0x7A, 0xEC, 0x43, 0x7D, 0x66, 0x8A,
+        /* order */
+        0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x50, 0x50, 0x8C, 0xB8, 0x9F, 0x65, 0x28, 0x24, 0xE0, 0x6B, 0x81, 0x73
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 24 * 6];
+} _EC_X9_62_CHAR2_191V3 = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 24, 6
+    },
+    {
+        /* seed */
+        0xE0, 0x53, 0x51, 0x2D, 0xC6, 0x84, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56,
+        0x15, 0x17, 0x50, 0x67, 0xAE, 0x78, 0x6D, 0x1F,
+        /* p */
+        0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x01,
+        /* a */
+        0x6C, 0x01, 0x07, 0x47, 0x56, 0x09, 0x91, 0x22, 0x22, 0x10, 0x56, 0x91,
+        0x1C, 0x77, 0xD7, 0x7E, 0x77, 0xA7, 0x77, 0xE7, 0xE7, 0xE7, 0x7F, 0xCB,
+        /* b */
+        0x71, 0xFE, 0x1A, 0xF9, 0x26, 0xCF, 0x84, 0x79, 0x89, 0xEF, 0xEF, 0x8D,
+        0xB4, 0x59, 0xF6, 0x63, 0x94, 0xD9, 0x0F, 0x32, 0xAD, 0x3F, 0x15, 0xE8,
+        /* x */
+        0x37, 0x5D, 0x4C, 0xE2, 0x4F, 0xDE, 0x43, 0x44, 0x89, 0xDE, 0x87, 0x46,
+        0xE7, 0x17, 0x86, 0x01, 0x50, 0x09, 0xE6, 0x6E, 0x38, 0xA9, 0x26, 0xDD,
+        /* y */
+        0x54, 0x5A, 0x39, 0x17, 0x61, 0x96, 0x57, 0x5D, 0x98, 0x59, 0x99, 0x36,
+        0x6E, 0x6A, 0xD3, 0x4C, 0xE0, 0xA7, 0x7C, 0xD7, 0x12, 0x7B, 0x06, 0xBE,
+        /* order */
+        0x15, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
+        0x61, 0x0C, 0x0B, 0x19, 0x68, 0x12, 0xBF, 0xB6, 0x28, 0x8A, 0x3E, 0xA3
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 27 * 6];
+} _EC_X9_62_CHAR2_208W1 = {
+    {
+        NID_X9_62_characteristic_two_field, 0, 27, 0xFE48
+    },
+    {
+        /* no seed */
+        /* p */
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x07,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00,
+        /* b */
+        0x00, 0xC8, 0x61, 0x9E, 0xD4, 0x5A, 0x62, 0xE6, 0x21, 0x2E, 0x11, 0x60,
+        0x34, 0x9E, 0x2B, 0xFA, 0x84, 0x44, 0x39, 0xFA, 0xFC, 0x2A, 0x3F, 0xD1,
+        0x63, 0x8F, 0x9E,
+        /* x */
+        0x00, 0x89, 0xFD, 0xFB, 0xE4, 0xAB, 0xE1, 0x93, 0xDF, 0x95, 0x59, 0xEC,
+        0xF0, 0x7A, 0xC0, 0xCE, 0x78, 0x55, 0x4E, 0x27, 0x84, 0xEB, 0x8C, 0x1E,
+        0xD1, 0xA5, 0x7A,
+        /* y */
+        0x00, 0x0F, 0x55, 0xB5, 0x1A, 0x06, 0xE7, 0x8E, 0x9A, 0xC3, 0x8A, 0x03,
+        0x5F, 0xF5, 0x20, 0xD8, 0xB0, 0x17, 0x81, 0xBE, 0xB1, 0xA6, 0xBB, 0x08,
+        0x61, 0x7D, 0xE3,
+        /* order */
+        0x00, 0x00, 0x01, 0x01, 0xBA, 0xF9, 0x5C, 0x97, 0x23, 0xC5, 0x7B, 0x6C,
+        0x21, 0xDA, 0x2E, 0xFF, 0x2D, 0x5E, 0xD5, 0x88, 0xBD, 0xD5, 0x71, 0x7E,
+        0x21, 0x2F, 0x9D
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 30 * 6];
+} _EC_X9_62_CHAR2_239V1 = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 30, 4
+    },
+    {
+        /* seed */
+        0xD3, 0x4B, 0x9A, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75,
+        0xCA, 0x71, 0xB9, 0x20, 0xBF, 0xEF, 0xB0, 0x5D,
+        /* p */
+        0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x10, 0x00, 0x00, 0x00, 0x01,
+        /* a */
+        0x32, 0x01, 0x08, 0x57, 0x07, 0x7C, 0x54, 0x31, 0x12, 0x3A, 0x46, 0xB8,
+        0x08, 0x90, 0x67, 0x56, 0xF5, 0x43, 0x42, 0x3E, 0x8D, 0x27, 0x87, 0x75,
+        0x78, 0x12, 0x57, 0x78, 0xAC, 0x76,
+        /* b */
+        0x79, 0x04, 0x08, 0xF2, 0xEE, 0xDA, 0xF3, 0x92, 0xB0, 0x12, 0xED, 0xEF,
+        0xB3, 0x39, 0x2F, 0x30, 0xF4, 0x32, 0x7C, 0x0C, 0xA3, 0xF3, 0x1F, 0xC3,
+        0x83, 0xC4, 0x22, 0xAA, 0x8C, 0x16,
+        /* x */
+        0x57, 0x92, 0x70, 0x98, 0xFA, 0x93, 0x2E, 0x7C, 0x0A, 0x96, 0xD3, 0xFD,
+        0x5B, 0x70, 0x6E, 0xF7, 0xE5, 0xF5, 0xC1, 0x56, 0xE1, 0x6B, 0x7E, 0x7C,
+        0x86, 0x03, 0x85, 0x52, 0xE9, 0x1D,
+        /* y */
+        0x61, 0xD8, 0xEE, 0x50, 0x77, 0xC3, 0x3F, 0xEC, 0xF6, 0xF1, 0xA1, 0x6B,
+        0x26, 0x8D, 0xE4, 0x69, 0xC3, 0xC7, 0x74, 0x4E, 0xA9, 0xA9, 0x71, 0x64,
+        0x9F, 0xC7, 0xA9, 0x61, 0x63, 0x05,
+        /* order */
+        0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x0F, 0x4D, 0x42, 0xFF, 0xE1, 0x49, 0x2A, 0x49, 0x93,
+        0xF1, 0xCA, 0xD6, 0x66, 0xE4, 0x47
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 30 * 6];
+} _EC_X9_62_CHAR2_239V2 = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 30, 6
+    },
+    {
+        /* seed */
+        0x2A, 0xA6, 0x98, 0x2F, 0xDF, 0xA4, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56,
+        0x15, 0x17, 0x5D, 0x26, 0x67, 0x27, 0x27, 0x7D,
+        /* p */
+        0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x10, 0x00, 0x00, 0x00, 0x01,
+        /* a */
+        0x42, 0x30, 0x01, 0x77, 0x57, 0xA7, 0x67, 0xFA, 0xE4, 0x23, 0x98, 0x56,
+        0x9B, 0x74, 0x63, 0x25, 0xD4, 0x53, 0x13, 0xAF, 0x07, 0x66, 0x26, 0x64,
+        0x79, 0xB7, 0x56, 0x54, 0xE6, 0x5F,
+        /* b */
+        0x50, 0x37, 0xEA, 0x65, 0x41, 0x96, 0xCF, 0xF0, 0xCD, 0x82, 0xB2, 0xC1,
+        0x4A, 0x2F, 0xCF, 0x2E, 0x3F, 0xF8, 0x77, 0x52, 0x85, 0xB5, 0x45, 0x72,
+        0x2F, 0x03, 0xEA, 0xCD, 0xB7, 0x4B,
+        /* x */
+        0x28, 0xF9, 0xD0, 0x4E, 0x90, 0x00, 0x69, 0xC8, 0xDC, 0x47, 0xA0, 0x85,
+        0x34, 0xFE, 0x76, 0xD2, 0xB9, 0x00, 0xB7, 0xD7, 0xEF, 0x31, 0xF5, 0x70,
+        0x9F, 0x20, 0x0C, 0x4C, 0xA2, 0x05,
+        /* y */
+        0x56, 0x67, 0x33, 0x4C, 0x45, 0xAF, 0xF3, 0xB5, 0xA0, 0x3B, 0xAD, 0x9D,
+        0xD7, 0x5E, 0x2C, 0x71, 0xA9, 0x93, 0x62, 0x56, 0x7D, 0x54, 0x53, 0xF7,
+        0xFA, 0x6E, 0x22, 0x7E, 0xC8, 0x33,
+        /* order */
+        0x15, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
+        0x55, 0x55, 0x55, 0x3C, 0x6F, 0x28, 0x85, 0x25, 0x9C, 0x31, 0xE3, 0xFC,
+        0xDF, 0x15, 0x46, 0x24, 0x52, 0x2D
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 30 * 6];
+} _EC_X9_62_CHAR2_239V3 = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 30, 0xA
+    },
+    {
+        /* seed */
+        0x9E, 0x07, 0x6F, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75,
+        0xE1, 0x1E, 0x9F, 0xDD, 0x77, 0xF9, 0x20, 0x41,
+        /* p */
+        0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x10, 0x00, 0x00, 0x00, 0x01,
+        /* a */
+        0x01, 0x23, 0x87, 0x74, 0x66, 0x6A, 0x67, 0x76, 0x6D, 0x66, 0x76, 0xF7,
+        0x78, 0xE6, 0x76, 0xB6, 0x69, 0x99, 0x17, 0x66, 0x66, 0xE6, 0x87, 0x66,
+        0x6D, 0x87, 0x66, 0xC6, 0x6A, 0x9F,
+        /* b */
+        0x6A, 0x94, 0x19, 0x77, 0xBA, 0x9F, 0x6A, 0x43, 0x51, 0x99, 0xAC, 0xFC,
+        0x51, 0x06, 0x7E, 0xD5, 0x87, 0xF5, 0x19, 0xC5, 0xEC, 0xB5, 0x41, 0xB8,
+        0xE4, 0x41, 0x11, 0xDE, 0x1D, 0x40,
+        /* x */
+        0x70, 0xF6, 0xE9, 0xD0, 0x4D, 0x28, 0x9C, 0x4E, 0x89, 0x91, 0x3C, 0xE3,
+        0x53, 0x0B, 0xFD, 0xE9, 0x03, 0x97, 0x7D, 0x42, 0xB1, 0x46, 0xD5, 0x39,
+        0xBF, 0x1B, 0xDE, 0x4E, 0x9C, 0x92,
+        /* y */
+        0x2E, 0x5A, 0x0E, 0xAF, 0x6E, 0x5E, 0x13, 0x05, 0xB9, 0x00, 0x4D, 0xCE,
+        0x5C, 0x0E, 0xD7, 0xFE, 0x59, 0xA3, 0x56, 0x08, 0xF3, 0x38, 0x37, 0xC8,
+        0x16, 0xD8, 0x0B, 0x79, 0xF4, 0x61,
+        /* order */
+        0x0C, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC,
+        0xCC, 0xCC, 0xCC, 0xAC, 0x49, 0x12, 0xD2, 0xD9, 0xDF, 0x90, 0x3E, 0xF9,
+        0x88, 0x8B, 0x8A, 0x0E, 0x4C, 0xFF
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 35 * 6];
+} _EC_X9_62_CHAR2_272W1 = {
+    {
+        NID_X9_62_characteristic_two_field, 0, 35, 0xFF06
+    },
+    {
+        /* no seed */
+        /* p */
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0B,
+        /* a */
+        0x00, 0x91, 0xA0, 0x91, 0xF0, 0x3B, 0x5F, 0xBA, 0x4A, 0xB2, 0xCC, 0xF4,
+        0x9C, 0x4E, 0xDD, 0x22, 0x0F, 0xB0, 0x28, 0x71, 0x2D, 0x42, 0xBE, 0x75,
+        0x2B, 0x2C, 0x40, 0x09, 0x4D, 0xBA, 0xCD, 0xB5, 0x86, 0xFB, 0x20,
+        /* b */
+        0x00, 0x71, 0x67, 0xEF, 0xC9, 0x2B, 0xB2, 0xE3, 0xCE, 0x7C, 0x8A, 0xAA,
+        0xFF, 0x34, 0xE1, 0x2A, 0x9C, 0x55, 0x70, 0x03, 0xD7, 0xC7, 0x3A, 0x6F,
+        0xAF, 0x00, 0x3F, 0x99, 0xF6, 0xCC, 0x84, 0x82, 0xE5, 0x40, 0xF7,
+        /* x */
+        0x00, 0x61, 0x08, 0xBA, 0xBB, 0x2C, 0xEE, 0xBC, 0xF7, 0x87, 0x05, 0x8A,
+        0x05, 0x6C, 0xBE, 0x0C, 0xFE, 0x62, 0x2D, 0x77, 0x23, 0xA2, 0x89, 0xE0,
+        0x8A, 0x07, 0xAE, 0x13, 0xEF, 0x0D, 0x10, 0xD1, 0x71, 0xDD, 0x8D,
+        /* y */
+        0x00, 0x10, 0xC7, 0x69, 0x57, 0x16, 0x85, 0x1E, 0xEF, 0x6B, 0xA7, 0xF6,
+        0x87, 0x2E, 0x61, 0x42, 0xFB, 0xD2, 0x41, 0xB8, 0x30, 0xFF, 0x5E, 0xFC,
+        0xAC, 0xEC, 0xCA, 0xB0, 0x5E, 0x02, 0x00, 0x5D, 0xDE, 0x9D, 0x23,
+        /* order */
+        0x00, 0x00, 0x01, 0x00, 0xFA, 0xF5, 0x13, 0x54, 0xE0, 0xE3, 0x9E, 0x48,
+        0x92, 0xDF, 0x6E, 0x31, 0x9C, 0x72, 0xC8, 0x16, 0x16, 0x03, 0xFA, 0x45,
+        0xAA, 0x7B, 0x99, 0x8A, 0x16, 0x7B, 0x8F, 0x1E, 0x62, 0x95, 0x21
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 39 * 6];
+} _EC_X9_62_CHAR2_304W1 = {
+    {
+        NID_X9_62_characteristic_two_field, 0, 39, 0xFE2E
+    },
+    {
+        /* no seed */
+        /* p */
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x08, 0x07,
+        /* a */
+        0x00, 0xFD, 0x0D, 0x69, 0x31, 0x49, 0xA1, 0x18, 0xF6, 0x51, 0xE6, 0xDC,
+        0xE6, 0x80, 0x20, 0x85, 0x37, 0x7E, 0x5F, 0x88, 0x2D, 0x1B, 0x51, 0x0B,
+        0x44, 0x16, 0x00, 0x74, 0xC1, 0x28, 0x80, 0x78, 0x36, 0x5A, 0x03, 0x96,
+        0xC8, 0xE6, 0x81,
+        /* b */
+        0x00, 0xBD, 0xDB, 0x97, 0xE5, 0x55, 0xA5, 0x0A, 0x90, 0x8E, 0x43, 0xB0,
+        0x1C, 0x79, 0x8E, 0xA5, 0xDA, 0xA6, 0x78, 0x8F, 0x1E, 0xA2, 0x79, 0x4E,
+        0xFC, 0xF5, 0x71, 0x66, 0xB8, 0xC1, 0x40, 0x39, 0x60, 0x1E, 0x55, 0x82,
+        0x73, 0x40, 0xBE,
+        /* x */
+        0x00, 0x19, 0x7B, 0x07, 0x84, 0x5E, 0x9B, 0xE2, 0xD9, 0x6A, 0xDB, 0x0F,
+        0x5F, 0x3C, 0x7F, 0x2C, 0xFF, 0xBD, 0x7A, 0x3E, 0xB8, 0xB6, 0xFE, 0xC3,
+        0x5C, 0x7F, 0xD6, 0x7F, 0x26, 0xDD, 0xF6, 0x28, 0x5A, 0x64, 0x4F, 0x74,
+        0x0A, 0x26, 0x14,
+        /* y */
+        0x00, 0xE1, 0x9F, 0xBE, 0xB7, 0x6E, 0x0D, 0xA1, 0x71, 0x51, 0x7E, 0xCF,
+        0x40, 0x1B, 0x50, 0x28, 0x9B, 0xF0, 0x14, 0x10, 0x32, 0x88, 0x52, 0x7A,
+        0x9B, 0x41, 0x6A, 0x10, 0x5E, 0x80, 0x26, 0x0B, 0x54, 0x9F, 0xDC, 0x1B,
+        0x92, 0xC0, 0x3B,
+        /* order */
+        0x00, 0x00, 0x01, 0x01, 0xD5, 0x56, 0x57, 0x2A, 0xAB, 0xAC, 0x80, 0x01,
+        0x01, 0xD5, 0x56, 0x57, 0x2A, 0xAB, 0xAC, 0x80, 0x01, 0x02, 0x2D, 0x5C,
+        0x91, 0xDD, 0x17, 0x3F, 0x8F, 0xB5, 0x61, 0xDA, 0x68, 0x99, 0x16, 0x44,
+        0x43, 0x05, 0x1D
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 45 * 6];
+} _EC_X9_62_CHAR2_359V1 = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 45, 0x4C
+    },
+    {
+        /* seed */
+        0x2B, 0x35, 0x49, 0x20, 0xB7, 0x24, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56,
+        0x15, 0x17, 0x58, 0x5B, 0xA1, 0x33, 0x2D, 0xC6,
+        /* p */
+        0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* a */
+        0x56, 0x67, 0x67, 0x6A, 0x65, 0x4B, 0x20, 0x75, 0x4F, 0x35, 0x6E, 0xA9,
+        0x20, 0x17, 0xD9, 0x46, 0x56, 0x7C, 0x46, 0x67, 0x55, 0x56, 0xF1, 0x95,
+        0x56, 0xA0, 0x46, 0x16, 0xB5, 0x67, 0xD2, 0x23, 0xA5, 0xE0, 0x56, 0x56,
+        0xFB, 0x54, 0x90, 0x16, 0xA9, 0x66, 0x56, 0xA5, 0x57,
+        /* b */
+        0x24, 0x72, 0xE2, 0xD0, 0x19, 0x7C, 0x49, 0x36, 0x3F, 0x1F, 0xE7, 0xF5,
+        0xB6, 0xDB, 0x07, 0x5D, 0x52, 0xB6, 0x94, 0x7D, 0x13, 0x5D, 0x8C, 0xA4,
+        0x45, 0x80, 0x5D, 0x39, 0xBC, 0x34, 0x56, 0x26, 0x08, 0x96, 0x87, 0x74,
+        0x2B, 0x63, 0x29, 0xE7, 0x06, 0x80, 0x23, 0x19, 0x88,
+        /* x */
+        0x3C, 0x25, 0x8E, 0xF3, 0x04, 0x77, 0x67, 0xE7, 0xED, 0xE0, 0xF1, 0xFD,
+        0xAA, 0x79, 0xDA, 0xEE, 0x38, 0x41, 0x36, 0x6A, 0x13, 0x2E, 0x16, 0x3A,
+        0xCE, 0xD4, 0xED, 0x24, 0x01, 0xDF, 0x9C, 0x6B, 0xDC, 0xDE, 0x98, 0xE8,
+        0xE7, 0x07, 0xC0, 0x7A, 0x22, 0x39, 0xB1, 0xB0, 0x97,
+        /* y */
+        0x53, 0xD7, 0xE0, 0x85, 0x29, 0x54, 0x70, 0x48, 0x12, 0x1E, 0x9C, 0x95,
+        0xF3, 0x79, 0x1D, 0xD8, 0x04, 0x96, 0x39, 0x48, 0xF3, 0x4F, 0xAE, 0x7B,
+        0xF4, 0x4E, 0xA8, 0x23, 0x65, 0xDC, 0x78, 0x68, 0xFE, 0x57, 0xE4, 0xAE,
+        0x2D, 0xE2, 0x11, 0x30, 0x5A, 0x40, 0x71, 0x04, 0xBD,
+        /* order */
+        0x01, 0xAF, 0x28, 0x6B, 0xCA, 0x1A, 0xF2, 0x86, 0xBC, 0xA1, 0xAF, 0x28,
+        0x6B, 0xCA, 0x1A, 0xF2, 0x86, 0xBC, 0xA1, 0xAF, 0x28, 0x6B, 0xC9, 0xFB,
+        0x8F, 0x6B, 0x85, 0xC5, 0x56, 0x89, 0x2C, 0x20, 0xA7, 0xEB, 0x96, 0x4F,
+        0xE7, 0x71, 0x9E, 0x74, 0xF4, 0x90, 0x75, 0x8D, 0x3B
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 47 * 6];
+} _EC_X9_62_CHAR2_368W1 = {
+    {
+        NID_X9_62_characteristic_two_field, 0, 47, 0xFF70
+    },
+    {
+        /* no seed */
+        /* p */
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07,
+        /* a */
+        0x00, 0xE0, 0xD2, 0xEE, 0x25, 0x09, 0x52, 0x06, 0xF5, 0xE2, 0xA4, 0xF9,
+        0xED, 0x22, 0x9F, 0x1F, 0x25, 0x6E, 0x79, 0xA0, 0xE2, 0xB4, 0x55, 0x97,
+        0x0D, 0x8D, 0x0D, 0x86, 0x5B, 0xD9, 0x47, 0x78, 0xC5, 0x76, 0xD6, 0x2F,
+        0x0A, 0xB7, 0x51, 0x9C, 0xCD, 0x2A, 0x1A, 0x90, 0x6A, 0xE3, 0x0D,
+        /* b */
+        0x00, 0xFC, 0x12, 0x17, 0xD4, 0x32, 0x0A, 0x90, 0x45, 0x2C, 0x76, 0x0A,
+        0x58, 0xED, 0xCD, 0x30, 0xC8, 0xDD, 0x06, 0x9B, 0x3C, 0x34, 0x45, 0x38,
+        0x37, 0xA3, 0x4E, 0xD5, 0x0C, 0xB5, 0x49, 0x17, 0xE1, 0xC2, 0x11, 0x2D,
+        0x84, 0xD1, 0x64, 0xF4, 0x44, 0xF8, 0xF7, 0x47, 0x86, 0x04, 0x6A,
+        /* x */
+        0x00, 0x10, 0x85, 0xE2, 0x75, 0x53, 0x81, 0xDC, 0xCC, 0xE3, 0xC1, 0x55,
+        0x7A, 0xFA, 0x10, 0xC2, 0xF0, 0xC0, 0xC2, 0x82, 0x56, 0x46, 0xC5, 0xB3,
+        0x4A, 0x39, 0x4C, 0xBC, 0xFA, 0x8B, 0xC1, 0x6B, 0x22, 0xE7, 0xE7, 0x89,
+        0xE9, 0x27, 0xBE, 0x21, 0x6F, 0x02, 0xE1, 0xFB, 0x13, 0x6A, 0x5F,
+        /* y */
+        0x00, 0x7B, 0x3E, 0xB1, 0xBD, 0xDC, 0xBA, 0x62, 0xD5, 0xD8, 0xB2, 0x05,
+        0x9B, 0x52, 0x57, 0x97, 0xFC, 0x73, 0x82, 0x2C, 0x59, 0x05, 0x9C, 0x62,
+        0x3A, 0x45, 0xFF, 0x38, 0x43, 0xCE, 0xE8, 0xF8, 0x7C, 0xD1, 0x85, 0x5A,
+        0xDA, 0xA8, 0x1E, 0x2A, 0x07, 0x50, 0xB8, 0x0F, 0xDA, 0x23, 0x10,
+        /* order */
+        0x00, 0x00, 0x01, 0x00, 0x90, 0x51, 0x2D, 0xA9, 0xAF, 0x72, 0xB0, 0x83,
+        0x49, 0xD9, 0x8A, 0x5D, 0xD4, 0xC7, 0xB0, 0x53, 0x2E, 0xCA, 0x51, 0xCE,
+        0x03, 0xE2, 0xD1, 0x0F, 0x3B, 0x7A, 0xC5, 0x79, 0xBD, 0x87, 0xE9, 0x09,
+        0xAE, 0x40, 0xA6, 0xF1, 0x31, 0xE9, 0xCF, 0xCE, 0x5B, 0xD9, 0x67
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 54 * 6];
+} _EC_X9_62_CHAR2_431R1 = {
+    {
+        NID_X9_62_characteristic_two_field, 0, 54, 0x2760
+    },
+    {
+        /* no seed */
+        /* p */
+        0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* a */
+        0x1A, 0x82, 0x7E, 0xF0, 0x0D, 0xD6, 0xFC, 0x0E, 0x23, 0x4C, 0xAF, 0x04,
+        0x6C, 0x6A, 0x5D, 0x8A, 0x85, 0x39, 0x5B, 0x23, 0x6C, 0xC4, 0xAD, 0x2C,
+        0xF3, 0x2A, 0x0C, 0xAD, 0xBD, 0xC9, 0xDD, 0xF6, 0x20, 0xB0, 0xEB, 0x99,
+        0x06, 0xD0, 0x95, 0x7F, 0x6C, 0x6F, 0xEA, 0xCD, 0x61, 0x54, 0x68, 0xDF,
+        0x10, 0x4D, 0xE2, 0x96, 0xCD, 0x8F,
+        /* b */
+        0x10, 0xD9, 0xB4, 0xA3, 0xD9, 0x04, 0x7D, 0x8B, 0x15, 0x43, 0x59, 0xAB,
+        0xFB, 0x1B, 0x7F, 0x54, 0x85, 0xB0, 0x4C, 0xEB, 0x86, 0x82, 0x37, 0xDD,
+        0xC9, 0xDE, 0xDA, 0x98, 0x2A, 0x67, 0x9A, 0x5A, 0x91, 0x9B, 0x62, 0x6D,
+        0x4E, 0x50, 0xA8, 0xDD, 0x73, 0x1B, 0x10, 0x7A, 0x99, 0x62, 0x38, 0x1F,
+        0xB5, 0xD8, 0x07, 0xBF, 0x26, 0x18,
+        /* x */
+        0x12, 0x0F, 0xC0, 0x5D, 0x3C, 0x67, 0xA9, 0x9D, 0xE1, 0x61, 0xD2, 0xF4,
+        0x09, 0x26, 0x22, 0xFE, 0xCA, 0x70, 0x1B, 0xE4, 0xF5, 0x0F, 0x47, 0x58,
+        0x71, 0x4E, 0x8A, 0x87, 0xBB, 0xF2, 0xA6, 0x58, 0xEF, 0x8C, 0x21, 0xE7,
+        0xC5, 0xEF, 0xE9, 0x65, 0x36, 0x1F, 0x6C, 0x29, 0x99, 0xC0, 0xC2, 0x47,
+        0xB0, 0xDB, 0xD7, 0x0C, 0xE6, 0xB7,
+        /* y */
+        0x20, 0xD0, 0xAF, 0x89, 0x03, 0xA9, 0x6F, 0x8D, 0x5F, 0xA2, 0xC2, 0x55,
+        0x74, 0x5D, 0x3C, 0x45, 0x1B, 0x30, 0x2C, 0x93, 0x46, 0xD9, 0xB7, 0xE4,
+        0x85, 0xE7, 0xBC, 0xE4, 0x1F, 0x6B, 0x59, 0x1F, 0x3E, 0x8F, 0x6A, 0xDD,
+        0xCB, 0xB0, 0xBC, 0x4C, 0x2F, 0x94, 0x7A, 0x7D, 0xE1, 0xA8, 0x9B, 0x62,
+        0x5D, 0x6A, 0x59, 0x8B, 0x37, 0x60,
+        /* order */
+        0x00, 0x03, 0x40, 0x34, 0x03, 0x40, 0x34, 0x03, 0x40, 0x34, 0x03, 0x40,
+        0x34, 0x03, 0x40, 0x34, 0x03, 0x40, 0x34, 0x03, 0x40, 0x34, 0x03, 0x40,
+        0x34, 0x03, 0x40, 0x34, 0x03, 0x23, 0xC3, 0x13, 0xFA, 0xB5, 0x05, 0x89,
+        0x70, 0x3B, 0x5E, 0xC6, 0x8D, 0x35, 0x87, 0xFE, 0xC6, 0x0D, 0x16, 0x1C,
+        0xC1, 0x49, 0xC1, 0xAD, 0x4A, 0x91
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 15 * 6];
+} _EC_WTLS_1 = {
+    {
+        NID_X9_62_characteristic_two_field, 0, 15, 2
+    },
+    {
+        /* no seed */
+        /* p */
+        0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x02, 0x01,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x01,
+        /* b */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x01,
+        /* x */
+        0x01, 0x66, 0x79, 0x79, 0xA4, 0x0B, 0xA4, 0x97, 0xE5, 0xD5, 0xC2, 0x70,
+        0x78, 0x06, 0x17,
+        /* y */
+        0x00, 0xF4, 0x4B, 0x4A, 0xF1, 0xEC, 0xC2, 0x63, 0x0E, 0x08, 0x78, 0x5C,
+        0xEB, 0xCC, 0x15,
+        /* order */
+        0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFD, 0xBF, 0x91, 0xAF,
+        0x6D, 0xEA, 0x73
+    }
+};
+
+/* IPSec curves */
+/*
+ * NOTE: The of curves over a extension field of non prime degree is not
+ * recommended (Weil-descent). As the group order is not a prime this curve
+ * is not suitable for ECDSA.
+ */
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 20 * 6];
+} _EC_IPSEC_155_ID3 = {
+    {
+        NID_X9_62_characteristic_two_field, 0, 20, 3
+    },
+    {
+        /* no seed */
+        /* p */
+        0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        /* b */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 0x33, 0x8f,
+        /* x */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b,
+        /* y */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xc8,
+        /* order */
+        0x02, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xC7, 0xF3,
+        0xC7, 0x88, 0x1B, 0xD0, 0x86, 0x8F, 0xA8, 0x6C
+    }
+};
+
+/*
+ * NOTE: The of curves over a extension field of non prime degree is not
+ * recommended (Weil-descent). As the group order is not a prime this curve
+ * is not suitable for ECDSA.
+ */
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 24 * 6];
+} _EC_IPSEC_185_ID4 = {
+    {
+        NID_X9_62_characteristic_two_field, 0, 24, 2
+    },
+    {
+        /* no seed */
+        /* p */
+        0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        /* b */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1e, 0xe9,
+        /* x */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18,
+        /* y */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0d,
+        /* order */
+        0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xED, 0xF9, 0x7C, 0x44, 0xDB, 0x9F, 0x24, 0x20, 0xBA, 0xFC, 0xA7, 0x5E
+    }
+};
+
+#endif
+
+/*
+ * These curves were added by Annie Yousar.
+ * For the definition of RFC 5639 curves see
+ * http://www.ietf.org/rfc/rfc5639.txt These curves are generated verifiable
+ * at random, nevertheless the seed is omitted as parameter because the
+ * generation mechanism is different from those defined in ANSI X9.62.
+ */
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 20 * 6];
+} _EC_brainpoolP160r1 = {
+    {
+        NID_X9_62_prime_field, 0, 20, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0xC7, 0xAD,
+        0x95, 0xB3, 0xD8, 0x13, 0x95, 0x15, 0x62, 0x0F,
+        /* a */
+        0x34, 0x0E, 0x7B, 0xE2, 0xA2, 0x80, 0xEB, 0x74, 0xE2, 0xBE, 0x61, 0xBA,
+        0xDA, 0x74, 0x5D, 0x97, 0xE8, 0xF7, 0xC3, 0x00,
+        /* b */
+        0x1E, 0x58, 0x9A, 0x85, 0x95, 0x42, 0x34, 0x12, 0x13, 0x4F, 0xAA, 0x2D,
+        0xBD, 0xEC, 0x95, 0xC8, 0xD8, 0x67, 0x5E, 0x58,
+        /* x */
+        0xBE, 0xD5, 0xAF, 0x16, 0xEA, 0x3F, 0x6A, 0x4F, 0x62, 0x93, 0x8C, 0x46,
+        0x31, 0xEB, 0x5A, 0xF7, 0xBD, 0xBC, 0xDB, 0xC3,
+        /* y */
+        0x16, 0x67, 0xCB, 0x47, 0x7A, 0x1A, 0x8E, 0xC3, 0x38, 0xF9, 0x47, 0x41,
+        0x66, 0x9C, 0x97, 0x63, 0x16, 0xDA, 0x63, 0x21,
+        /* order */
+        0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0x59, 0x91,
+        0xD4, 0x50, 0x29, 0x40, 0x9E, 0x60, 0xFC, 0x09
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 20 * 6];
+} _EC_brainpoolP160t1 = {
+    {
+        NID_X9_62_prime_field, 0, 20, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0xC7, 0xAD,
+        0x95, 0xB3, 0xD8, 0x13, 0x95, 0x15, 0x62, 0x0F,
+        /* a */
+        0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0xC7, 0xAD,
+        0x95, 0xB3, 0xD8, 0x13, 0x95, 0x15, 0x62, 0x0C,
+        /* b */
+        0x7A, 0x55, 0x6B, 0x6D, 0xAE, 0x53, 0x5B, 0x7B, 0x51, 0xED, 0x2C, 0x4D,
+        0x7D, 0xAA, 0x7A, 0x0B, 0x5C, 0x55, 0xF3, 0x80,
+        /* x */
+        0xB1, 0x99, 0xB1, 0x3B, 0x9B, 0x34, 0xEF, 0xC1, 0x39, 0x7E, 0x64, 0xBA,
+        0xEB, 0x05, 0xAC, 0xC2, 0x65, 0xFF, 0x23, 0x78,
+        /* y */
+        0xAD, 0xD6, 0x71, 0x8B, 0x7C, 0x7C, 0x19, 0x61, 0xF0, 0x99, 0x1B, 0x84,
+        0x24, 0x43, 0x77, 0x21, 0x52, 0xC9, 0xE0, 0xAD,
+        /* order */
+        0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0x59, 0x91,
+        0xD4, 0x50, 0x29, 0x40, 0x9E, 0x60, 0xFC, 0x09
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 24 * 6];
+} _EC_brainpoolP192r1 = {
+    {
+        NID_X9_62_prime_field, 0, 24, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x30,
+        0x93, 0xD1, 0x8D, 0xB7, 0x8F, 0xCE, 0x47, 0x6D, 0xE1, 0xA8, 0x62, 0x97,
+        /* a */
+        0x6A, 0x91, 0x17, 0x40, 0x76, 0xB1, 0xE0, 0xE1, 0x9C, 0x39, 0xC0, 0x31,
+        0xFE, 0x86, 0x85, 0xC1, 0xCA, 0xE0, 0x40, 0xE5, 0xC6, 0x9A, 0x28, 0xEF,
+        /* b */
+        0x46, 0x9A, 0x28, 0xEF, 0x7C, 0x28, 0xCC, 0xA3, 0xDC, 0x72, 0x1D, 0x04,
+        0x4F, 0x44, 0x96, 0xBC, 0xCA, 0x7E, 0xF4, 0x14, 0x6F, 0xBF, 0x25, 0xC9,
+        /* x */
+        0xC0, 0xA0, 0x64, 0x7E, 0xAA, 0xB6, 0xA4, 0x87, 0x53, 0xB0, 0x33, 0xC5,
+        0x6C, 0xB0, 0xF0, 0x90, 0x0A, 0x2F, 0x5C, 0x48, 0x53, 0x37, 0x5F, 0xD6,
+        /* y */
+        0x14, 0xB6, 0x90, 0x86, 0x6A, 0xBD, 0x5B, 0xB8, 0x8B, 0x5F, 0x48, 0x28,
+        0xC1, 0x49, 0x00, 0x02, 0xE6, 0x77, 0x3F, 0xA2, 0xFA, 0x29, 0x9B, 0x8F,
+        /* order */
+        0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x2F,
+        0x9E, 0x9E, 0x91, 0x6B, 0x5B, 0xE8, 0xF1, 0x02, 0x9A, 0xC4, 0xAC, 0xC1
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 24 * 6];
+} _EC_brainpoolP192t1 = {
+    {
+        NID_X9_62_prime_field, 0, 24, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x30,
+        0x93, 0xD1, 0x8D, 0xB7, 0x8F, 0xCE, 0x47, 0x6D, 0xE1, 0xA8, 0x62, 0x97,
+        /* a */
+        0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x30,
+        0x93, 0xD1, 0x8D, 0xB7, 0x8F, 0xCE, 0x47, 0x6D, 0xE1, 0xA8, 0x62, 0x94,
+        /* b */
+        0x13, 0xD5, 0x6F, 0xFA, 0xEC, 0x78, 0x68, 0x1E, 0x68, 0xF9, 0xDE, 0xB4,
+        0x3B, 0x35, 0xBE, 0xC2, 0xFB, 0x68, 0x54, 0x2E, 0x27, 0x89, 0x7B, 0x79,
+        /* x */
+        0x3A, 0xE9, 0xE5, 0x8C, 0x82, 0xF6, 0x3C, 0x30, 0x28, 0x2E, 0x1F, 0xE7,
+        0xBB, 0xF4, 0x3F, 0xA7, 0x2C, 0x44, 0x6A, 0xF6, 0xF4, 0x61, 0x81, 0x29,
+        /* y */
+        0x09, 0x7E, 0x2C, 0x56, 0x67, 0xC2, 0x22, 0x3A, 0x90, 0x2A, 0xB5, 0xCA,
+        0x44, 0x9D, 0x00, 0x84, 0xB7, 0xE5, 0xB3, 0xDE, 0x7C, 0xCC, 0x01, 0xC9,
+        /* order */
+        0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x2F,
+        0x9E, 0x9E, 0x91, 0x6B, 0x5B, 0xE8, 0xF1, 0x02, 0x9A, 0xC4, 0xAC, 0xC1
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 28 * 6];
+} _EC_brainpoolP224r1 = {
+    {
+        NID_X9_62_prime_field, 0, 28, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25,
+        0x75, 0xD1, 0xD7, 0x87, 0xB0, 0x9F, 0x07, 0x57, 0x97, 0xDA, 0x89, 0xF5,
+        0x7E, 0xC8, 0xC0, 0xFF,
+        /* a */
+        0x68, 0xA5, 0xE6, 0x2C, 0xA9, 0xCE, 0x6C, 0x1C, 0x29, 0x98, 0x03, 0xA6,
+        0xC1, 0x53, 0x0B, 0x51, 0x4E, 0x18, 0x2A, 0xD8, 0xB0, 0x04, 0x2A, 0x59,
+        0xCA, 0xD2, 0x9F, 0x43,
+        /* b */
+        0x25, 0x80, 0xF6, 0x3C, 0xCF, 0xE4, 0x41, 0x38, 0x87, 0x07, 0x13, 0xB1,
+        0xA9, 0x23, 0x69, 0xE3, 0x3E, 0x21, 0x35, 0xD2, 0x66, 0xDB, 0xB3, 0x72,
+        0x38, 0x6C, 0x40, 0x0B,
+        /* x */
+        0x0D, 0x90, 0x29, 0xAD, 0x2C, 0x7E, 0x5C, 0xF4, 0x34, 0x08, 0x23, 0xB2,
+        0xA8, 0x7D, 0xC6, 0x8C, 0x9E, 0x4C, 0xE3, 0x17, 0x4C, 0x1E, 0x6E, 0xFD,
+        0xEE, 0x12, 0xC0, 0x7D,
+        /* y */
+        0x58, 0xAA, 0x56, 0xF7, 0x72, 0xC0, 0x72, 0x6F, 0x24, 0xC6, 0xB8, 0x9E,
+        0x4E, 0xCD, 0xAC, 0x24, 0x35, 0x4B, 0x9E, 0x99, 0xCA, 0xA3, 0xF6, 0xD3,
+        0x76, 0x14, 0x02, 0xCD,
+        /* order */
+        0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25,
+        0x75, 0xD0, 0xFB, 0x98, 0xD1, 0x16, 0xBC, 0x4B, 0x6D, 0xDE, 0xBC, 0xA3,
+        0xA5, 0xA7, 0x93, 0x9F
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 28 * 6];
+} _EC_brainpoolP224t1 = {
+    {
+        NID_X9_62_prime_field, 0, 28, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25,
+        0x75, 0xD1, 0xD7, 0x87, 0xB0, 0x9F, 0x07, 0x57, 0x97, 0xDA, 0x89, 0xF5,
+        0x7E, 0xC8, 0xC0, 0xFF,
+        /* a */
+        0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25,
+        0x75, 0xD1, 0xD7, 0x87, 0xB0, 0x9F, 0x07, 0x57, 0x97, 0xDA, 0x89, 0xF5,
+        0x7E, 0xC8, 0xC0, 0xFC,
+        /* b */
+        0x4B, 0x33, 0x7D, 0x93, 0x41, 0x04, 0xCD, 0x7B, 0xEF, 0x27, 0x1B, 0xF6,
+        0x0C, 0xED, 0x1E, 0xD2, 0x0D, 0xA1, 0x4C, 0x08, 0xB3, 0xBB, 0x64, 0xF1,
+        0x8A, 0x60, 0x88, 0x8D,
+        /* x */
+        0x6A, 0xB1, 0xE3, 0x44, 0xCE, 0x25, 0xFF, 0x38, 0x96, 0x42, 0x4E, 0x7F,
+        0xFE, 0x14, 0x76, 0x2E, 0xCB, 0x49, 0xF8, 0x92, 0x8A, 0xC0, 0xC7, 0x60,
+        0x29, 0xB4, 0xD5, 0x80,
+        /* y */
+        0x03, 0x74, 0xE9, 0xF5, 0x14, 0x3E, 0x56, 0x8C, 0xD2, 0x3F, 0x3F, 0x4D,
+        0x7C, 0x0D, 0x4B, 0x1E, 0x41, 0xC8, 0xCC, 0x0D, 0x1C, 0x6A, 0xBD, 0x5F,
+        0x1A, 0x46, 0xDB, 0x4C,
+        /* order */
+        0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25,
+        0x75, 0xD0, 0xFB, 0x98, 0xD1, 0x16, 0xBC, 0x4B, 0x6D, 0xDE, 0xBC, 0xA3,
+        0xA5, 0xA7, 0x93, 0x9F
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 32 * 6];
+} _EC_brainpoolP256r1 = {
+    {
+        NID_X9_62_prime_field, 0, 32, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, 0x3E, 0x66, 0x0A, 0x90,
+        0x9D, 0x83, 0x8D, 0x72, 0x6E, 0x3B, 0xF6, 0x23, 0xD5, 0x26, 0x20, 0x28,
+        0x20, 0x13, 0x48, 0x1D, 0x1F, 0x6E, 0x53, 0x77,
+        /* a */
+        0x7D, 0x5A, 0x09, 0x75, 0xFC, 0x2C, 0x30, 0x57, 0xEE, 0xF6, 0x75, 0x30,
+        0x41, 0x7A, 0xFF, 0xE7, 0xFB, 0x80, 0x55, 0xC1, 0x26, 0xDC, 0x5C, 0x6C,
+        0xE9, 0x4A, 0x4B, 0x44, 0xF3, 0x30, 0xB5, 0xD9,
+        /* b */
+        0x26, 0xDC, 0x5C, 0x6C, 0xE9, 0x4A, 0x4B, 0x44, 0xF3, 0x30, 0xB5, 0xD9,
+        0xBB, 0xD7, 0x7C, 0xBF, 0x95, 0x84, 0x16, 0x29, 0x5C, 0xF7, 0xE1, 0xCE,
+        0x6B, 0xCC, 0xDC, 0x18, 0xFF, 0x8C, 0x07, 0xB6,
+        /* x */
+        0x8B, 0xD2, 0xAE, 0xB9, 0xCB, 0x7E, 0x57, 0xCB, 0x2C, 0x4B, 0x48, 0x2F,
+        0xFC, 0x81, 0xB7, 0xAF, 0xB9, 0xDE, 0x27, 0xE1, 0xE3, 0xBD, 0x23, 0xC2,
+        0x3A, 0x44, 0x53, 0xBD, 0x9A, 0xCE, 0x32, 0x62,
+        /* y */
+        0x54, 0x7E, 0xF8, 0x35, 0xC3, 0xDA, 0xC4, 0xFD, 0x97, 0xF8, 0x46, 0x1A,
+        0x14, 0x61, 0x1D, 0xC9, 0xC2, 0x77, 0x45, 0x13, 0x2D, 0xED, 0x8E, 0x54,
+        0x5C, 0x1D, 0x54, 0xC7, 0x2F, 0x04, 0x69, 0x97,
+        /* order */
+        0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, 0x3E, 0x66, 0x0A, 0x90,
+        0x9D, 0x83, 0x8D, 0x71, 0x8C, 0x39, 0x7A, 0xA3, 0xB5, 0x61, 0xA6, 0xF7,
+        0x90, 0x1E, 0x0E, 0x82, 0x97, 0x48, 0x56, 0xA7
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 32 * 6];
+} _EC_brainpoolP256t1 = {
+    {
+        NID_X9_62_prime_field, 0, 32, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, 0x3E, 0x66, 0x0A, 0x90,
+        0x9D, 0x83, 0x8D, 0x72, 0x6E, 0x3B, 0xF6, 0x23, 0xD5, 0x26, 0x20, 0x28,
+        0x20, 0x13, 0x48, 0x1D, 0x1F, 0x6E, 0x53, 0x77,
+        /* a */
+        0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, 0x3E, 0x66, 0x0A, 0x90,
+        0x9D, 0x83, 0x8D, 0x72, 0x6E, 0x3B, 0xF6, 0x23, 0xD5, 0x26, 0x20, 0x28,
+        0x20, 0x13, 0x48, 0x1D, 0x1F, 0x6E, 0x53, 0x74,
+        /* b */
+        0x66, 0x2C, 0x61, 0xC4, 0x30, 0xD8, 0x4E, 0xA4, 0xFE, 0x66, 0xA7, 0x73,
+        0x3D, 0x0B, 0x76, 0xB7, 0xBF, 0x93, 0xEB, 0xC4, 0xAF, 0x2F, 0x49, 0x25,
+        0x6A, 0xE5, 0x81, 0x01, 0xFE, 0xE9, 0x2B, 0x04,
+        /* x */
+        0xA3, 0xE8, 0xEB, 0x3C, 0xC1, 0xCF, 0xE7, 0xB7, 0x73, 0x22, 0x13, 0xB2,
+        0x3A, 0x65, 0x61, 0x49, 0xAF, 0xA1, 0x42, 0xC4, 0x7A, 0xAF, 0xBC, 0x2B,
+        0x79, 0xA1, 0x91, 0x56, 0x2E, 0x13, 0x05, 0xF4,
+        /* y */
+        0x2D, 0x99, 0x6C, 0x82, 0x34, 0x39, 0xC5, 0x6D, 0x7F, 0x7B, 0x22, 0xE1,
+        0x46, 0x44, 0x41, 0x7E, 0x69, 0xBC, 0xB6, 0xDE, 0x39, 0xD0, 0x27, 0x00,
+        0x1D, 0xAB, 0xE8, 0xF3, 0x5B, 0x25, 0xC9, 0xBE,
+        /* order */
+        0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, 0x3E, 0x66, 0x0A, 0x90,
+        0x9D, 0x83, 0x8D, 0x71, 0x8C, 0x39, 0x7A, 0xA3, 0xB5, 0x61, 0xA6, 0xF7,
+        0x90, 0x1E, 0x0E, 0x82, 0x97, 0x48, 0x56, 0xA7
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 40 * 6];
+} _EC_brainpoolP320r1 = {
+    {
+        NID_X9_62_prime_field, 0, 40, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, 0xE1, 0x3C, 0x78, 0x5E,
+        0xD2, 0x01, 0xE0, 0x65, 0xF9, 0x8F, 0xCF, 0xA6, 0xF6, 0xF4, 0x0D, 0xEF,
+        0x4F, 0x92, 0xB9, 0xEC, 0x78, 0x93, 0xEC, 0x28, 0xFC, 0xD4, 0x12, 0xB1,
+        0xF1, 0xB3, 0x2E, 0x27,
+        /* a */
+        0x3E, 0xE3, 0x0B, 0x56, 0x8F, 0xBA, 0xB0, 0xF8, 0x83, 0xCC, 0xEB, 0xD4,
+        0x6D, 0x3F, 0x3B, 0xB8, 0xA2, 0xA7, 0x35, 0x13, 0xF5, 0xEB, 0x79, 0xDA,
+        0x66, 0x19, 0x0E, 0xB0, 0x85, 0xFF, 0xA9, 0xF4, 0x92, 0xF3, 0x75, 0xA9,
+        0x7D, 0x86, 0x0E, 0xB4,
+        /* b */
+        0x52, 0x08, 0x83, 0x94, 0x9D, 0xFD, 0xBC, 0x42, 0xD3, 0xAD, 0x19, 0x86,
+        0x40, 0x68, 0x8A, 0x6F, 0xE1, 0x3F, 0x41, 0x34, 0x95, 0x54, 0xB4, 0x9A,
+        0xCC, 0x31, 0xDC, 0xCD, 0x88, 0x45, 0x39, 0x81, 0x6F, 0x5E, 0xB4, 0xAC,
+        0x8F, 0xB1, 0xF1, 0xA6,
+        /* x */
+        0x43, 0xBD, 0x7E, 0x9A, 0xFB, 0x53, 0xD8, 0xB8, 0x52, 0x89, 0xBC, 0xC4,
+        0x8E, 0xE5, 0xBF, 0xE6, 0xF2, 0x01, 0x37, 0xD1, 0x0A, 0x08, 0x7E, 0xB6,
+        0xE7, 0x87, 0x1E, 0x2A, 0x10, 0xA5, 0x99, 0xC7, 0x10, 0xAF, 0x8D, 0x0D,
+        0x39, 0xE2, 0x06, 0x11,
+        /* y */
+        0x14, 0xFD, 0xD0, 0x55, 0x45, 0xEC, 0x1C, 0xC8, 0xAB, 0x40, 0x93, 0x24,
+        0x7F, 0x77, 0x27, 0x5E, 0x07, 0x43, 0xFF, 0xED, 0x11, 0x71, 0x82, 0xEA,
+        0xA9, 0xC7, 0x78, 0x77, 0xAA, 0xAC, 0x6A, 0xC7, 0xD3, 0x52, 0x45, 0xD1,
+        0x69, 0x2E, 0x8E, 0xE1,
+        /* order */
+        0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, 0xE1, 0x3C, 0x78, 0x5E,
+        0xD2, 0x01, 0xE0, 0x65, 0xF9, 0x8F, 0xCF, 0xA5, 0xB6, 0x8F, 0x12, 0xA3,
+        0x2D, 0x48, 0x2E, 0xC7, 0xEE, 0x86, 0x58, 0xE9, 0x86, 0x91, 0x55, 0x5B,
+        0x44, 0xC5, 0x93, 0x11
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 40 * 6];
+} _EC_brainpoolP320t1 = {
+    {
+        NID_X9_62_prime_field, 0, 40, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, 0xE1, 0x3C, 0x78, 0x5E,
+        0xD2, 0x01, 0xE0, 0x65, 0xF9, 0x8F, 0xCF, 0xA6, 0xF6, 0xF4, 0x0D, 0xEF,
+        0x4F, 0x92, 0xB9, 0xEC, 0x78, 0x93, 0xEC, 0x28, 0xFC, 0xD4, 0x12, 0xB1,
+        0xF1, 0xB3, 0x2E, 0x27,
+        /* a */
+        0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, 0xE1, 0x3C, 0x78, 0x5E,
+        0xD2, 0x01, 0xE0, 0x65, 0xF9, 0x8F, 0xCF, 0xA6, 0xF6, 0xF4, 0x0D, 0xEF,
+        0x4F, 0x92, 0xB9, 0xEC, 0x78, 0x93, 0xEC, 0x28, 0xFC, 0xD4, 0x12, 0xB1,
+        0xF1, 0xB3, 0x2E, 0x24,
+        /* b */
+        0xA7, 0xF5, 0x61, 0xE0, 0x38, 0xEB, 0x1E, 0xD5, 0x60, 0xB3, 0xD1, 0x47,
+        0xDB, 0x78, 0x20, 0x13, 0x06, 0x4C, 0x19, 0xF2, 0x7E, 0xD2, 0x7C, 0x67,
+        0x80, 0xAA, 0xF7, 0x7F, 0xB8, 0xA5, 0x47, 0xCE, 0xB5, 0xB4, 0xFE, 0xF4,
+        0x22, 0x34, 0x03, 0x53,
+        /* x */
+        0x92, 0x5B, 0xE9, 0xFB, 0x01, 0xAF, 0xC6, 0xFB, 0x4D, 0x3E, 0x7D, 0x49,
+        0x90, 0x01, 0x0F, 0x81, 0x34, 0x08, 0xAB, 0x10, 0x6C, 0x4F, 0x09, 0xCB,
+        0x7E, 0xE0, 0x78, 0x68, 0xCC, 0x13, 0x6F, 0xFF, 0x33, 0x57, 0xF6, 0x24,
+        0xA2, 0x1B, 0xED, 0x52,
+        /* y */
+        0x63, 0xBA, 0x3A, 0x7A, 0x27, 0x48, 0x3E, 0xBF, 0x66, 0x71, 0xDB, 0xEF,
+        0x7A, 0xBB, 0x30, 0xEB, 0xEE, 0x08, 0x4E, 0x58, 0xA0, 0xB0, 0x77, 0xAD,
+        0x42, 0xA5, 0xA0, 0x98, 0x9D, 0x1E, 0xE7, 0x1B, 0x1B, 0x9B, 0xC0, 0x45,
+        0x5F, 0xB0, 0xD2, 0xC3,
+        /* order */
+        0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, 0xE1, 0x3C, 0x78, 0x5E,
+        0xD2, 0x01, 0xE0, 0x65, 0xF9, 0x8F, 0xCF, 0xA5, 0xB6, 0x8F, 0x12, 0xA3,
+        0x2D, 0x48, 0x2E, 0xC7, 0xEE, 0x86, 0x58, 0xE9, 0x86, 0x91, 0x55, 0x5B,
+        0x44, 0xC5, 0x93, 0x11
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 48 * 6];
+} _EC_brainpoolP384r1 = {
+    {
+        NID_X9_62_prime_field, 0, 48, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, 0x0F, 0x5D, 0x6F, 0x7E,
+        0x50, 0xE6, 0x41, 0xDF, 0x15, 0x2F, 0x71, 0x09, 0xED, 0x54, 0x56, 0xB4,
+        0x12, 0xB1, 0xDA, 0x19, 0x7F, 0xB7, 0x11, 0x23, 0xAC, 0xD3, 0xA7, 0x29,
+        0x90, 0x1D, 0x1A, 0x71, 0x87, 0x47, 0x00, 0x13, 0x31, 0x07, 0xEC, 0x53,
+        /* a */
+        0x7B, 0xC3, 0x82, 0xC6, 0x3D, 0x8C, 0x15, 0x0C, 0x3C, 0x72, 0x08, 0x0A,
+        0xCE, 0x05, 0xAF, 0xA0, 0xC2, 0xBE, 0xA2, 0x8E, 0x4F, 0xB2, 0x27, 0x87,
+        0x13, 0x91, 0x65, 0xEF, 0xBA, 0x91, 0xF9, 0x0F, 0x8A, 0xA5, 0x81, 0x4A,
+        0x50, 0x3A, 0xD4, 0xEB, 0x04, 0xA8, 0xC7, 0xDD, 0x22, 0xCE, 0x28, 0x26,
+        /* b */
+        0x04, 0xA8, 0xC7, 0xDD, 0x22, 0xCE, 0x28, 0x26, 0x8B, 0x39, 0xB5, 0x54,
+        0x16, 0xF0, 0x44, 0x7C, 0x2F, 0xB7, 0x7D, 0xE1, 0x07, 0xDC, 0xD2, 0xA6,
+        0x2E, 0x88, 0x0E, 0xA5, 0x3E, 0xEB, 0x62, 0xD5, 0x7C, 0xB4, 0x39, 0x02,
+        0x95, 0xDB, 0xC9, 0x94, 0x3A, 0xB7, 0x86, 0x96, 0xFA, 0x50, 0x4C, 0x11,
+        /* x */
+        0x1D, 0x1C, 0x64, 0xF0, 0x68, 0xCF, 0x45, 0xFF, 0xA2, 0xA6, 0x3A, 0x81,
+        0xB7, 0xC1, 0x3F, 0x6B, 0x88, 0x47, 0xA3, 0xE7, 0x7E, 0xF1, 0x4F, 0xE3,
+        0xDB, 0x7F, 0xCA, 0xFE, 0x0C, 0xBD, 0x10, 0xE8, 0xE8, 0x26, 0xE0, 0x34,
+        0x36, 0xD6, 0x46, 0xAA, 0xEF, 0x87, 0xB2, 0xE2, 0x47, 0xD4, 0xAF, 0x1E,
+        /* y */
+        0x8A, 0xBE, 0x1D, 0x75, 0x20, 0xF9, 0xC2, 0xA4, 0x5C, 0xB1, 0xEB, 0x8E,
+        0x95, 0xCF, 0xD5, 0x52, 0x62, 0xB7, 0x0B, 0x29, 0xFE, 0xEC, 0x58, 0x64,
+        0xE1, 0x9C, 0x05, 0x4F, 0xF9, 0x91, 0x29, 0x28, 0x0E, 0x46, 0x46, 0x21,
+        0x77, 0x91, 0x81, 0x11, 0x42, 0x82, 0x03, 0x41, 0x26, 0x3C, 0x53, 0x15,
+        /* order */
+        0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, 0x0F, 0x5D, 0x6F, 0x7E,
+        0x50, 0xE6, 0x41, 0xDF, 0x15, 0x2F, 0x71, 0x09, 0xED, 0x54, 0x56, 0xB3,
+        0x1F, 0x16, 0x6E, 0x6C, 0xAC, 0x04, 0x25, 0xA7, 0xCF, 0x3A, 0xB6, 0xAF,
+        0x6B, 0x7F, 0xC3, 0x10, 0x3B, 0x88, 0x32, 0x02, 0xE9, 0x04, 0x65, 0x65
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 48 * 6];
+} _EC_brainpoolP384t1 = {
+    {
+        NID_X9_62_prime_field, 0, 48, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, 0x0F, 0x5D, 0x6F, 0x7E,
+        0x50, 0xE6, 0x41, 0xDF, 0x15, 0x2F, 0x71, 0x09, 0xED, 0x54, 0x56, 0xB4,
+        0x12, 0xB1, 0xDA, 0x19, 0x7F, 0xB7, 0x11, 0x23, 0xAC, 0xD3, 0xA7, 0x29,
+        0x90, 0x1D, 0x1A, 0x71, 0x87, 0x47, 0x00, 0x13, 0x31, 0x07, 0xEC, 0x53,
+        /* a */
+        0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, 0x0F, 0x5D, 0x6F, 0x7E,
+        0x50, 0xE6, 0x41, 0xDF, 0x15, 0x2F, 0x71, 0x09, 0xED, 0x54, 0x56, 0xB4,
+        0x12, 0xB1, 0xDA, 0x19, 0x7F, 0xB7, 0x11, 0x23, 0xAC, 0xD3, 0xA7, 0x29,
+        0x90, 0x1D, 0x1A, 0x71, 0x87, 0x47, 0x00, 0x13, 0x31, 0x07, 0xEC, 0x50,
+        /* b */
+        0x7F, 0x51, 0x9E, 0xAD, 0xA7, 0xBD, 0xA8, 0x1B, 0xD8, 0x26, 0xDB, 0xA6,
+        0x47, 0x91, 0x0F, 0x8C, 0x4B, 0x93, 0x46, 0xED, 0x8C, 0xCD, 0xC6, 0x4E,
+        0x4B, 0x1A, 0xBD, 0x11, 0x75, 0x6D, 0xCE, 0x1D, 0x20, 0x74, 0xAA, 0x26,
+        0x3B, 0x88, 0x80, 0x5C, 0xED, 0x70, 0x35, 0x5A, 0x33, 0xB4, 0x71, 0xEE,
+        /* x */
+        0x18, 0xDE, 0x98, 0xB0, 0x2D, 0xB9, 0xA3, 0x06, 0xF2, 0xAF, 0xCD, 0x72,
+        0x35, 0xF7, 0x2A, 0x81, 0x9B, 0x80, 0xAB, 0x12, 0xEB, 0xD6, 0x53, 0x17,
+        0x24, 0x76, 0xFE, 0xCD, 0x46, 0x2A, 0xAB, 0xFF, 0xC4, 0xFF, 0x19, 0x1B,
+        0x94, 0x6A, 0x5F, 0x54, 0xD8, 0xD0, 0xAA, 0x2F, 0x41, 0x88, 0x08, 0xCC,
+        /* y */
+        0x25, 0xAB, 0x05, 0x69, 0x62, 0xD3, 0x06, 0x51, 0xA1, 0x14, 0xAF, 0xD2,
+        0x75, 0x5A, 0xD3, 0x36, 0x74, 0x7F, 0x93, 0x47, 0x5B, 0x7A, 0x1F, 0xCA,
+        0x3B, 0x88, 0xF2, 0xB6, 0xA2, 0x08, 0xCC, 0xFE, 0x46, 0x94, 0x08, 0x58,
+        0x4D, 0xC2, 0xB2, 0x91, 0x26, 0x75, 0xBF, 0x5B, 0x9E, 0x58, 0x29, 0x28,
+        /* order */
+        0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, 0x0F, 0x5D, 0x6F, 0x7E,
+        0x50, 0xE6, 0x41, 0xDF, 0x15, 0x2F, 0x71, 0x09, 0xED, 0x54, 0x56, 0xB3,
+        0x1F, 0x16, 0x6E, 0x6C, 0xAC, 0x04, 0x25, 0xA7, 0xCF, 0x3A, 0xB6, 0xAF,
+        0x6B, 0x7F, 0xC3, 0x10, 0x3B, 0x88, 0x32, 0x02, 0xE9, 0x04, 0x65, 0x65
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 64 * 6];
+} _EC_brainpoolP512r1 = {
+    {
+        NID_X9_62_prime_field, 0, 64, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, 0x3F, 0xD4, 0xE6, 0xAE,
+        0x33, 0xC9, 0xFC, 0x07, 0xCB, 0x30, 0x8D, 0xB3, 0xB3, 0xC9, 0xD2, 0x0E,
+        0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33, 0x08, 0x71, 0x7D, 0x4D, 0x9B, 0x00,
+        0x9B, 0xC6, 0x68, 0x42, 0xAE, 0xCD, 0xA1, 0x2A, 0xE6, 0xA3, 0x80, 0xE6,
+        0x28, 0x81, 0xFF, 0x2F, 0x2D, 0x82, 0xC6, 0x85, 0x28, 0xAA, 0x60, 0x56,
+        0x58, 0x3A, 0x48, 0xF3,
+        /* a */
+        0x78, 0x30, 0xA3, 0x31, 0x8B, 0x60, 0x3B, 0x89, 0xE2, 0x32, 0x71, 0x45,
+        0xAC, 0x23, 0x4C, 0xC5, 0x94, 0xCB, 0xDD, 0x8D, 0x3D, 0xF9, 0x16, 0x10,
+        0xA8, 0x34, 0x41, 0xCA, 0xEA, 0x98, 0x63, 0xBC, 0x2D, 0xED, 0x5D, 0x5A,
+        0xA8, 0x25, 0x3A, 0xA1, 0x0A, 0x2E, 0xF1, 0xC9, 0x8B, 0x9A, 0xC8, 0xB5,
+        0x7F, 0x11, 0x17, 0xA7, 0x2B, 0xF2, 0xC7, 0xB9, 0xE7, 0xC1, 0xAC, 0x4D,
+        0x77, 0xFC, 0x94, 0xCA,
+        /* b */
+        0x3D, 0xF9, 0x16, 0x10, 0xA8, 0x34, 0x41, 0xCA, 0xEA, 0x98, 0x63, 0xBC,
+        0x2D, 0xED, 0x5D, 0x5A, 0xA8, 0x25, 0x3A, 0xA1, 0x0A, 0x2E, 0xF1, 0xC9,
+        0x8B, 0x9A, 0xC8, 0xB5, 0x7F, 0x11, 0x17, 0xA7, 0x2B, 0xF2, 0xC7, 0xB9,
+        0xE7, 0xC1, 0xAC, 0x4D, 0x77, 0xFC, 0x94, 0xCA, 0xDC, 0x08, 0x3E, 0x67,
+        0x98, 0x40, 0x50, 0xB7, 0x5E, 0xBA, 0xE5, 0xDD, 0x28, 0x09, 0xBD, 0x63,
+        0x80, 0x16, 0xF7, 0x23,
+        /* x */
+        0x81, 0xAE, 0xE4, 0xBD, 0xD8, 0x2E, 0xD9, 0x64, 0x5A, 0x21, 0x32, 0x2E,
+        0x9C, 0x4C, 0x6A, 0x93, 0x85, 0xED, 0x9F, 0x70, 0xB5, 0xD9, 0x16, 0xC1,
+        0xB4, 0x3B, 0x62, 0xEE, 0xF4, 0xD0, 0x09, 0x8E, 0xFF, 0x3B, 0x1F, 0x78,
+        0xE2, 0xD0, 0xD4, 0x8D, 0x50, 0xD1, 0x68, 0x7B, 0x93, 0xB9, 0x7D, 0x5F,
+        0x7C, 0x6D, 0x50, 0x47, 0x40, 0x6A, 0x5E, 0x68, 0x8B, 0x35, 0x22, 0x09,
+        0xBC, 0xB9, 0xF8, 0x22,
+        /* y */
+        0x7D, 0xDE, 0x38, 0x5D, 0x56, 0x63, 0x32, 0xEC, 0xC0, 0xEA, 0xBF, 0xA9,
+        0xCF, 0x78, 0x22, 0xFD, 0xF2, 0x09, 0xF7, 0x00, 0x24, 0xA5, 0x7B, 0x1A,
+        0xA0, 0x00, 0xC5, 0x5B, 0x88, 0x1F, 0x81, 0x11, 0xB2, 0xDC, 0xDE, 0x49,
+        0x4A, 0x5F, 0x48, 0x5E, 0x5B, 0xCA, 0x4B, 0xD8, 0x8A, 0x27, 0x63, 0xAE,
+        0xD1, 0xCA, 0x2B, 0x2F, 0xA8, 0xF0, 0x54, 0x06, 0x78, 0xCD, 0x1E, 0x0F,
+        0x3A, 0xD8, 0x08, 0x92,
+        /* order */
+        0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, 0x3F, 0xD4, 0xE6, 0xAE,
+        0x33, 0xC9, 0xFC, 0x07, 0xCB, 0x30, 0x8D, 0xB3, 0xB3, 0xC9, 0xD2, 0x0E,
+        0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33, 0x08, 0x70, 0x55, 0x3E, 0x5C, 0x41,
+        0x4C, 0xA9, 0x26, 0x19, 0x41, 0x86, 0x61, 0x19, 0x7F, 0xAC, 0x10, 0x47,
+        0x1D, 0xB1, 0xD3, 0x81, 0x08, 0x5D, 0xDA, 0xDD, 0xB5, 0x87, 0x96, 0x82,
+        0x9C, 0xA9, 0x00, 0x69
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 64 * 6];
+} _EC_brainpoolP512t1 = {
+    {
+        NID_X9_62_prime_field, 0, 64, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, 0x3F, 0xD4, 0xE6, 0xAE,
+        0x33, 0xC9, 0xFC, 0x07, 0xCB, 0x30, 0x8D, 0xB3, 0xB3, 0xC9, 0xD2, 0x0E,
+        0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33, 0x08, 0x71, 0x7D, 0x4D, 0x9B, 0x00,
+        0x9B, 0xC6, 0x68, 0x42, 0xAE, 0xCD, 0xA1, 0x2A, 0xE6, 0xA3, 0x80, 0xE6,
+        0x28, 0x81, 0xFF, 0x2F, 0x2D, 0x82, 0xC6, 0x85, 0x28, 0xAA, 0x60, 0x56,
+        0x58, 0x3A, 0x48, 0xF3,
+        /* a */
+        0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, 0x3F, 0xD4, 0xE6, 0xAE,
+        0x33, 0xC9, 0xFC, 0x07, 0xCB, 0x30, 0x8D, 0xB3, 0xB3, 0xC9, 0xD2, 0x0E,
+        0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33, 0x08, 0x71, 0x7D, 0x4D, 0x9B, 0x00,
+        0x9B, 0xC6, 0x68, 0x42, 0xAE, 0xCD, 0xA1, 0x2A, 0xE6, 0xA3, 0x80, 0xE6,
+        0x28, 0x81, 0xFF, 0x2F, 0x2D, 0x82, 0xC6, 0x85, 0x28, 0xAA, 0x60, 0x56,
+        0x58, 0x3A, 0x48, 0xF0,
+        /* b */
+        0x7C, 0xBB, 0xBC, 0xF9, 0x44, 0x1C, 0xFA, 0xB7, 0x6E, 0x18, 0x90, 0xE4,
+        0x68, 0x84, 0xEA, 0xE3, 0x21, 0xF7, 0x0C, 0x0B, 0xCB, 0x49, 0x81, 0x52,
+        0x78, 0x97, 0x50, 0x4B, 0xEC, 0x3E, 0x36, 0xA6, 0x2B, 0xCD, 0xFA, 0x23,
+        0x04, 0x97, 0x65, 0x40, 0xF6, 0x45, 0x00, 0x85, 0xF2, 0xDA, 0xE1, 0x45,
+        0xC2, 0x25, 0x53, 0xB4, 0x65, 0x76, 0x36, 0x89, 0x18, 0x0E, 0xA2, 0x57,
+        0x18, 0x67, 0x42, 0x3E,
+        /* x */
+        0x64, 0x0E, 0xCE, 0x5C, 0x12, 0x78, 0x87, 0x17, 0xB9, 0xC1, 0xBA, 0x06,
+        0xCB, 0xC2, 0xA6, 0xFE, 0xBA, 0x85, 0x84, 0x24, 0x58, 0xC5, 0x6D, 0xDE,
+        0x9D, 0xB1, 0x75, 0x8D, 0x39, 0xC0, 0x31, 0x3D, 0x82, 0xBA, 0x51, 0x73,
+        0x5C, 0xDB, 0x3E, 0xA4, 0x99, 0xAA, 0x77, 0xA7, 0xD6, 0x94, 0x3A, 0x64,
+        0xF7, 0xA3, 0xF2, 0x5F, 0xE2, 0x6F, 0x06, 0xB5, 0x1B, 0xAA, 0x26, 0x96,
+        0xFA, 0x90, 0x35, 0xDA,
+        /* y */
+        0x5B, 0x53, 0x4B, 0xD5, 0x95, 0xF5, 0xAF, 0x0F, 0xA2, 0xC8, 0x92, 0x37,
+        0x6C, 0x84, 0xAC, 0xE1, 0xBB, 0x4E, 0x30, 0x19, 0xB7, 0x16, 0x34, 0xC0,
+        0x11, 0x31, 0x15, 0x9C, 0xAE, 0x03, 0xCE, 0xE9, 0xD9, 0x93, 0x21, 0x84,
+        0xBE, 0xEF, 0x21, 0x6B, 0xD7, 0x1D, 0xF2, 0xDA, 0xDF, 0x86, 0xA6, 0x27,
+        0x30, 0x6E, 0xCF, 0xF9, 0x6D, 0xBB, 0x8B, 0xAC, 0xE1, 0x98, 0xB6, 0x1E,
+        0x00, 0xF8, 0xB3, 0x32,
+        /* order */
+        0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, 0x3F, 0xD4, 0xE6, 0xAE,
+        0x33, 0xC9, 0xFC, 0x07, 0xCB, 0x30, 0x8D, 0xB3, 0xB3, 0xC9, 0xD2, 0x0E,
+        0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33, 0x08, 0x70, 0x55, 0x3E, 0x5C, 0x41,
+        0x4C, 0xA9, 0x26, 0x19, 0x41, 0x86, 0x61, 0x19, 0x7F, 0xAC, 0x10, 0x47,
+        0x1D, 0xB1, 0xD3, 0x81, 0x08, 0x5D, 0xDA, 0xDD, 0xB5, 0x87, 0x96, 0x82,
+        0x9C, 0xA9, 0x00, 0x69
+    }
+};
+
+#ifndef OPENSSL_NO_SM2
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 32 * 6];
+} _EC_sm2p256v1 = {
+    {
+       NID_X9_62_prime_field, 0, 32, 1
+    },
+    {
+        /* no seed */
+
+        /* p */
+        0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
+        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+        /* a */
+        0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
+        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc,
+        /* b */
+        0x28, 0xe9, 0xfa, 0x9e, 0x9d, 0x9f, 0x5e, 0x34, 0x4d, 0x5a, 0x9e, 0x4b,
+        0xcf, 0x65, 0x09, 0xa7, 0xf3, 0x97, 0x89, 0xf5, 0x15, 0xab, 0x8f, 0x92,
+        0xdd, 0xbc, 0xbd, 0x41, 0x4d, 0x94, 0x0e, 0x93,
+        /* x */
+        0x32, 0xc4, 0xae, 0x2c, 0x1f, 0x19, 0x81, 0x19, 0x5f, 0x99, 0x04, 0x46,
+        0x6a, 0x39, 0xc9, 0x94, 0x8f, 0xe3, 0x0b, 0xbf, 0xf2, 0x66, 0x0b, 0xe1,
+        0x71, 0x5a, 0x45, 0x89, 0x33, 0x4c, 0x74, 0xc7,
+        /* y */
+        0xbc, 0x37, 0x36, 0xa2, 0xf4, 0xf6, 0x77, 0x9c, 0x59, 0xbd, 0xce, 0xe3,
+        0x6b, 0x69, 0x21, 0x53, 0xd0, 0xa9, 0x87, 0x7c, 0xc6, 0x2a, 0x47, 0x40,
+        0x02, 0xdf, 0x32, 0xe5, 0x21, 0x39, 0xf0, 0xa0,
+        /* order */
+        0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+        0xff, 0xff, 0xff, 0xff, 0x72, 0x03, 0xdf, 0x6b, 0x21, 0xc6, 0x05, 0x2b,
+        0x53, 0xbb, 0xf4, 0x09, 0x39, 0xd5, 0x41, 0x23,
+    }
+};
+#endif /* OPENSSL_NO_SM2 */
+
+typedef struct _ec_list_element_st {
+    int nid;
+    const EC_CURVE_DATA *data;
+    const EC_METHOD *(*meth) (void);
+    const char *comment;
+} ec_list_element;
+
+static const ec_list_element curve_list[] = {
+    /* prime field curves */
+    /* secg curves */
+    {NID_secp112r1, &_EC_SECG_PRIME_112R1.h, 0,
+     "SECG/WTLS curve over a 112 bit prime field"},
+    {NID_secp112r2, &_EC_SECG_PRIME_112R2.h, 0,
+     "SECG curve over a 112 bit prime field"},
+    {NID_secp128r1, &_EC_SECG_PRIME_128R1.h, 0,
+     "SECG curve over a 128 bit prime field"},
+    {NID_secp128r2, &_EC_SECG_PRIME_128R2.h, 0,
+     "SECG curve over a 128 bit prime field"},
+    {NID_secp160k1, &_EC_SECG_PRIME_160K1.h, 0,
+     "SECG curve over a 160 bit prime field"},
+    {NID_secp160r1, &_EC_SECG_PRIME_160R1.h, 0,
+     "SECG curve over a 160 bit prime field"},
+    {NID_secp160r2, &_EC_SECG_PRIME_160R2.h, 0,
+     "SECG/WTLS curve over a 160 bit prime field"},
+    /* SECG secp192r1 is the same as X9.62 prime192v1 and hence omitted */
+    {NID_secp192k1, &_EC_SECG_PRIME_192K1.h, 0,
+     "SECG curve over a 192 bit prime field"},
+    {NID_secp224k1, &_EC_SECG_PRIME_224K1.h, 0,
+     "SECG curve over a 224 bit prime field"},
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+    {NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method,
+     "NIST/SECG curve over a 224 bit prime field"},
+#else
+    {NID_secp224r1, &_EC_NIST_PRIME_224.h, 0,
+     "NIST/SECG curve over a 224 bit prime field"},
+#endif
+    {NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0,
+     "SECG curve over a 256 bit prime field"},
+    /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
+    {NID_secp384r1, &_EC_NIST_PRIME_384.h, 0,
+     "NIST/SECG curve over a 384 bit prime field"},
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+    {NID_secp521r1, &_EC_NIST_PRIME_521.h, EC_GFp_nistp521_method,
+     "NIST/SECG curve over a 521 bit prime field"},
+#else
+    {NID_secp521r1, &_EC_NIST_PRIME_521.h, 0,
+     "NIST/SECG curve over a 521 bit prime field"},
+#endif
+    /* X9.62 curves */
+    {NID_X9_62_prime192v1, &_EC_NIST_PRIME_192.h, 0,
+     "NIST/X9.62/SECG curve over a 192 bit prime field"},
+    {NID_X9_62_prime192v2, &_EC_X9_62_PRIME_192V2.h, 0,
+     "X9.62 curve over a 192 bit prime field"},
+    {NID_X9_62_prime192v3, &_EC_X9_62_PRIME_192V3.h, 0,
+     "X9.62 curve over a 192 bit prime field"},
+    {NID_X9_62_prime239v1, &_EC_X9_62_PRIME_239V1.h, 0,
+     "X9.62 curve over a 239 bit prime field"},
+    {NID_X9_62_prime239v2, &_EC_X9_62_PRIME_239V2.h, 0,
+     "X9.62 curve over a 239 bit prime field"},
+    {NID_X9_62_prime239v3, &_EC_X9_62_PRIME_239V3.h, 0,
+     "X9.62 curve over a 239 bit prime field"},
+    {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h,
+#if defined(ECP_NISTZ256_ASM)
+     EC_GFp_nistz256_method,
+#elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
+     EC_GFp_nistp256_method,
+#else
+     0,
+#endif
+     "X9.62/SECG curve over a 256 bit prime field"},
+#ifndef OPENSSL_NO_EC2M
+    /* characteristic two field curves */
+    /* NIST/SECG curves */
+    {NID_sect113r1, &_EC_SECG_CHAR2_113R1.h, 0,
+     "SECG curve over a 113 bit binary field"},
+    {NID_sect113r2, &_EC_SECG_CHAR2_113R2.h, 0,
+     "SECG curve over a 113 bit binary field"},
+    {NID_sect131r1, &_EC_SECG_CHAR2_131R1.h, 0,
+     "SECG/WTLS curve over a 131 bit binary field"},
+    {NID_sect131r2, &_EC_SECG_CHAR2_131R2.h, 0,
+     "SECG curve over a 131 bit binary field"},
+    {NID_sect163k1, &_EC_NIST_CHAR2_163K.h, 0,
+     "NIST/SECG/WTLS curve over a 163 bit binary field"},
+    {NID_sect163r1, &_EC_SECG_CHAR2_163R1.h, 0,
+     "SECG curve over a 163 bit binary field"},
+    {NID_sect163r2, &_EC_NIST_CHAR2_163B.h, 0,
+     "NIST/SECG curve over a 163 bit binary field"},
+    {NID_sect193r1, &_EC_SECG_CHAR2_193R1.h, 0,
+     "SECG curve over a 193 bit binary field"},
+    {NID_sect193r2, &_EC_SECG_CHAR2_193R2.h, 0,
+     "SECG curve over a 193 bit binary field"},
+    {NID_sect233k1, &_EC_NIST_CHAR2_233K.h, 0,
+     "NIST/SECG/WTLS curve over a 233 bit binary field"},
+    {NID_sect233r1, &_EC_NIST_CHAR2_233B.h, 0,
+     "NIST/SECG/WTLS curve over a 233 bit binary field"},
+    {NID_sect239k1, &_EC_SECG_CHAR2_239K1.h, 0,
+     "SECG curve over a 239 bit binary field"},
+    {NID_sect283k1, &_EC_NIST_CHAR2_283K.h, 0,
+     "NIST/SECG curve over a 283 bit binary field"},
+    {NID_sect283r1, &_EC_NIST_CHAR2_283B.h, 0,
+     "NIST/SECG curve over a 283 bit binary field"},
+    {NID_sect409k1, &_EC_NIST_CHAR2_409K.h, 0,
+     "NIST/SECG curve over a 409 bit binary field"},
+    {NID_sect409r1, &_EC_NIST_CHAR2_409B.h, 0,
+     "NIST/SECG curve over a 409 bit binary field"},
+    {NID_sect571k1, &_EC_NIST_CHAR2_571K.h, 0,
+     "NIST/SECG curve over a 571 bit binary field"},
+    {NID_sect571r1, &_EC_NIST_CHAR2_571B.h, 0,
+     "NIST/SECG curve over a 571 bit binary field"},
+    /* X9.62 curves */
+    {NID_X9_62_c2pnb163v1, &_EC_X9_62_CHAR2_163V1.h, 0,
+     "X9.62 curve over a 163 bit binary field"},
+    {NID_X9_62_c2pnb163v2, &_EC_X9_62_CHAR2_163V2.h, 0,
+     "X9.62 curve over a 163 bit binary field"},
+    {NID_X9_62_c2pnb163v3, &_EC_X9_62_CHAR2_163V3.h, 0,
+     "X9.62 curve over a 163 bit binary field"},
+    {NID_X9_62_c2pnb176v1, &_EC_X9_62_CHAR2_176V1.h, 0,
+     "X9.62 curve over a 176 bit binary field"},
+    {NID_X9_62_c2tnb191v1, &_EC_X9_62_CHAR2_191V1.h, 0,
+     "X9.62 curve over a 191 bit binary field"},
+    {NID_X9_62_c2tnb191v2, &_EC_X9_62_CHAR2_191V2.h, 0,
+     "X9.62 curve over a 191 bit binary field"},
+    {NID_X9_62_c2tnb191v3, &_EC_X9_62_CHAR2_191V3.h, 0,
+     "X9.62 curve over a 191 bit binary field"},
+    {NID_X9_62_c2pnb208w1, &_EC_X9_62_CHAR2_208W1.h, 0,
+     "X9.62 curve over a 208 bit binary field"},
+    {NID_X9_62_c2tnb239v1, &_EC_X9_62_CHAR2_239V1.h, 0,
+     "X9.62 curve over a 239 bit binary field"},
+    {NID_X9_62_c2tnb239v2, &_EC_X9_62_CHAR2_239V2.h, 0,
+     "X9.62 curve over a 239 bit binary field"},
+    {NID_X9_62_c2tnb239v3, &_EC_X9_62_CHAR2_239V3.h, 0,
+     "X9.62 curve over a 239 bit binary field"},
+    {NID_X9_62_c2pnb272w1, &_EC_X9_62_CHAR2_272W1.h, 0,
+     "X9.62 curve over a 272 bit binary field"},
+    {NID_X9_62_c2pnb304w1, &_EC_X9_62_CHAR2_304W1.h, 0,
+     "X9.62 curve over a 304 bit binary field"},
+    {NID_X9_62_c2tnb359v1, &_EC_X9_62_CHAR2_359V1.h, 0,
+     "X9.62 curve over a 359 bit binary field"},
+    {NID_X9_62_c2pnb368w1, &_EC_X9_62_CHAR2_368W1.h, 0,
+     "X9.62 curve over a 368 bit binary field"},
+    {NID_X9_62_c2tnb431r1, &_EC_X9_62_CHAR2_431R1.h, 0,
+     "X9.62 curve over a 431 bit binary field"},
+    /*
+     * the WAP/WTLS curves [unlike SECG, spec has its own OIDs for curves
+     * from X9.62]
+     */
+    {NID_wap_wsg_idm_ecid_wtls1, &_EC_WTLS_1.h, 0,
+     "WTLS curve over a 113 bit binary field"},
+    {NID_wap_wsg_idm_ecid_wtls3, &_EC_NIST_CHAR2_163K.h, 0,
+     "NIST/SECG/WTLS curve over a 163 bit binary field"},
+    {NID_wap_wsg_idm_ecid_wtls4, &_EC_SECG_CHAR2_113R1.h, 0,
+     "SECG curve over a 113 bit binary field"},
+    {NID_wap_wsg_idm_ecid_wtls5, &_EC_X9_62_CHAR2_163V1.h, 0,
+     "X9.62 curve over a 163 bit binary field"},
+#endif
+    {NID_wap_wsg_idm_ecid_wtls6, &_EC_SECG_PRIME_112R1.h, 0,
+     "SECG/WTLS curve over a 112 bit prime field"},
+    {NID_wap_wsg_idm_ecid_wtls7, &_EC_SECG_PRIME_160R2.h, 0,
+     "SECG/WTLS curve over a 160 bit prime field"},
+    {NID_wap_wsg_idm_ecid_wtls8, &_EC_WTLS_8.h, 0,
+     "WTLS curve over a 112 bit prime field"},
+    {NID_wap_wsg_idm_ecid_wtls9, &_EC_WTLS_9.h, 0,
+     "WTLS curve over a 160 bit prime field"},
+#ifndef OPENSSL_NO_EC2M
+    {NID_wap_wsg_idm_ecid_wtls10, &_EC_NIST_CHAR2_233K.h, 0,
+     "NIST/SECG/WTLS curve over a 233 bit binary field"},
+    {NID_wap_wsg_idm_ecid_wtls11, &_EC_NIST_CHAR2_233B.h, 0,
+     "NIST/SECG/WTLS curve over a 233 bit binary field"},
+#endif
+    {NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12.h, 0,
+     "WTLS curve over a 224 bit prime field"},
+#ifndef OPENSSL_NO_EC2M
+    /* IPSec curves */
+    {NID_ipsec3, &_EC_IPSEC_155_ID3.h, 0,
+     "\n\tIPSec/IKE/Oakley curve #3 over a 155 bit binary field.\n"
+     "\tNot suitable for ECDSA.\n\tQuestionable extension field!"},
+    {NID_ipsec4, &_EC_IPSEC_185_ID4.h, 0,
+     "\n\tIPSec/IKE/Oakley curve #4 over a 185 bit binary field.\n"
+     "\tNot suitable for ECDSA.\n\tQuestionable extension field!"},
+#endif
+    /* brainpool curves */
+    {NID_brainpoolP160r1, &_EC_brainpoolP160r1.h, 0,
+     "RFC 5639 curve over a 160 bit prime field"},
+    {NID_brainpoolP160t1, &_EC_brainpoolP160t1.h, 0,
+     "RFC 5639 curve over a 160 bit prime field"},
+    {NID_brainpoolP192r1, &_EC_brainpoolP192r1.h, 0,
+     "RFC 5639 curve over a 192 bit prime field"},
+    {NID_brainpoolP192t1, &_EC_brainpoolP192t1.h, 0,
+     "RFC 5639 curve over a 192 bit prime field"},
+    {NID_brainpoolP224r1, &_EC_brainpoolP224r1.h, 0,
+     "RFC 5639 curve over a 224 bit prime field"},
+    {NID_brainpoolP224t1, &_EC_brainpoolP224t1.h, 0,
+     "RFC 5639 curve over a 224 bit prime field"},
+    {NID_brainpoolP256r1, &_EC_brainpoolP256r1.h, 0,
+     "RFC 5639 curve over a 256 bit prime field"},
+    {NID_brainpoolP256t1, &_EC_brainpoolP256t1.h, 0,
+     "RFC 5639 curve over a 256 bit prime field"},
+    {NID_brainpoolP320r1, &_EC_brainpoolP320r1.h, 0,
+     "RFC 5639 curve over a 320 bit prime field"},
+    {NID_brainpoolP320t1, &_EC_brainpoolP320t1.h, 0,
+     "RFC 5639 curve over a 320 bit prime field"},
+    {NID_brainpoolP384r1, &_EC_brainpoolP384r1.h, 0,
+     "RFC 5639 curve over a 384 bit prime field"},
+    {NID_brainpoolP384t1, &_EC_brainpoolP384t1.h, 0,
+     "RFC 5639 curve over a 384 bit prime field"},
+    {NID_brainpoolP512r1, &_EC_brainpoolP512r1.h, 0,
+     "RFC 5639 curve over a 512 bit prime field"},
+    {NID_brainpoolP512t1, &_EC_brainpoolP512t1.h, 0,
+     "RFC 5639 curve over a 512 bit prime field"},
+#ifndef OPENSSL_NO_SM2
+    {NID_sm2, &_EC_sm2p256v1.h, 0,
+     "SM2 curve over a 256 bit prime field"},
+#endif
+};
+
+#define curve_list_length OSSL_NELEM(curve_list)
+
+static EC_GROUP *ec_group_new_from_data(const ec_list_element curve)
+{
+    EC_GROUP *group = NULL;
+    EC_POINT *P = NULL;
+    BN_CTX *ctx = NULL;
+    BIGNUM *p = NULL, *a = NULL, *b = NULL, *x = NULL, *y = NULL, *order =
+        NULL;
+    int ok = 0;
+    int seed_len, param_len;
+    const EC_METHOD *meth;
+    const EC_CURVE_DATA *data;
+    const unsigned char *params;
+
+    /* If no curve data curve method must handle everything */
+    if (curve.data == NULL)
+        return EC_GROUP_new(curve.meth != NULL ? curve.meth() : NULL);
+
+    if ((ctx = BN_CTX_new()) == NULL) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    data = curve.data;
+    seed_len = data->seed_len;
+    param_len = data->param_len;
+    params = (const unsigned char *)(data + 1); /* skip header */
+    params += seed_len;         /* skip seed */
+
+    if ((p = BN_bin2bn(params + 0 * param_len, param_len, NULL)) == NULL
+        || (a = BN_bin2bn(params + 1 * param_len, param_len, NULL)) == NULL
+        || (b = BN_bin2bn(params + 2 * param_len, param_len, NULL)) == NULL) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    if (curve.meth != 0) {
+        meth = curve.meth();
+        if (((group = EC_GROUP_new(meth)) == NULL) ||
+            (!(group->meth->group_set_curve(group, p, a, b, ctx)))) {
+            ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+            goto err;
+        }
+    } else if (data->field_type == NID_X9_62_prime_field) {
+        if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL) {
+            ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+            goto err;
+        }
+    }
+#ifndef OPENSSL_NO_EC2M
+    else {                      /* field_type ==
+                                 * NID_X9_62_characteristic_two_field */
+
+        if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL) {
+            ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+            goto err;
+        }
+    }
+#endif
+
+    EC_GROUP_set_curve_name(group, curve.nid);
+
+    if ((P = EC_POINT_new(group)) == NULL) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    if ((x = BN_bin2bn(params + 3 * param_len, param_len, NULL)) == NULL
+        || (y = BN_bin2bn(params + 4 * param_len, param_len, NULL)) == NULL) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
+        goto err;
+    }
+    if (!EC_POINT_set_affine_coordinates(group, P, x, y, ctx)) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+        goto err;
+    }
+    if ((order = BN_bin2bn(params + 5 * param_len, param_len, NULL)) == NULL
+        || !BN_set_word(x, (BN_ULONG)data->cofactor)) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
+        goto err;
+    }
+    if (!EC_GROUP_set_generator(group, P, order, x)) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+        goto err;
+    }
+    if (seed_len) {
+        if (!EC_GROUP_set_seed(group, params - seed_len, seed_len)) {
+            ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+            goto err;
+        }
+    }
+    ok = 1;
+ err:
+    if (!ok) {
+        EC_GROUP_free(group);
+        group = NULL;
+    }
+    EC_POINT_free(P);
+    BN_CTX_free(ctx);
+    BN_free(p);
+    BN_free(a);
+    BN_free(b);
+    BN_free(order);
+    BN_free(x);
+    BN_free(y);
+    return group;
+}
+
+EC_GROUP *EC_GROUP_new_by_curve_name(int nid)
+{
+    size_t i;
+    EC_GROUP *ret = NULL;
+
+    if (nid <= 0)
+        return NULL;
+
+    for (i = 0; i < curve_list_length; i++)
+        if (curve_list[i].nid == nid) {
+            ret = ec_group_new_from_data(curve_list[i]);
+            break;
+        }
+
+    if (ret == NULL) {
+        ECerr(EC_F_EC_GROUP_NEW_BY_CURVE_NAME, EC_R_UNKNOWN_GROUP);
+        return NULL;
+    }
+
+    return ret;
+}
+
+size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems)
+{
+    size_t i, min;
+
+    if (r == NULL || nitems == 0)
+        return curve_list_length;
+
+    min = nitems < curve_list_length ? nitems : curve_list_length;
+
+    for (i = 0; i < min; i++) {
+        r[i].nid = curve_list[i].nid;
+        r[i].comment = curve_list[i].comment;
+    }
+
+    return curve_list_length;
+}
+
+/* Functions to translate between common NIST curve names and NIDs */
+
+typedef struct {
+    const char *name;           /* NIST Name of curve */
+    int nid;                    /* Curve NID */
+} EC_NIST_NAME;
+
+static EC_NIST_NAME nist_curves[] = {
+    {"B-163", NID_sect163r2},
+    {"B-233", NID_sect233r1},
+    {"B-283", NID_sect283r1},
+    {"B-409", NID_sect409r1},
+    {"B-571", NID_sect571r1},
+    {"K-163", NID_sect163k1},
+    {"K-233", NID_sect233k1},
+    {"K-283", NID_sect283k1},
+    {"K-409", NID_sect409k1},
+    {"K-571", NID_sect571k1},
+    {"P-192", NID_X9_62_prime192v1},
+    {"P-224", NID_secp224r1},
+    {"P-256", NID_X9_62_prime256v1},
+    {"P-384", NID_secp384r1},
+    {"P-521", NID_secp521r1}
+};
+
+const char *EC_curve_nid2nist(int nid)
+{
+    size_t i;
+    for (i = 0; i < OSSL_NELEM(nist_curves); i++) {
+        if (nist_curves[i].nid == nid)
+            return nist_curves[i].name;
+    }
+    return NULL;
+}
+
+int EC_curve_nist2nid(const char *name)
+{
+    size_t i;
+    for (i = 0; i < OSSL_NELEM(nist_curves); i++) {
+        if (strcmp(nist_curves[i].name, name) == 0)
+            return nist_curves[i].nid;
+    }
+    return NID_undef;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_cvt.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_cvt.c
new file mode 100644
index 000000000..0ec346c12
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_cvt.c
@@ -0,0 +1,82 @@
+/*
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include "ec_lcl.h"
+
+EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a,
+                                 const BIGNUM *b, BN_CTX *ctx)
+{
+    const EC_METHOD *meth;
+    EC_GROUP *ret;
+
+#if defined(OPENSSL_BN_ASM_MONT)
+    /*
+     * This might appear controversial, but the fact is that generic
+     * prime method was observed to deliver better performance even
+     * for NIST primes on a range of platforms, e.g.: 60%-15%
+     * improvement on IA-64, ~25% on ARM, 30%-90% on P4, 20%-25%
+     * in 32-bit build and 35%--12% in 64-bit build on Core2...
+     * Coefficients are relative to optimized bn_nist.c for most
+     * intensive ECDSA verify and ECDH operations for 192- and 521-
+     * bit keys respectively. Choice of these boundary values is
+     * arguable, because the dependency of improvement coefficient
+     * from key length is not a "monotone" curve. For example while
+     * 571-bit result is 23% on ARM, 384-bit one is -1%. But it's
+     * generally faster, sometimes "respectfully" faster, sometimes
+     * "tolerably" slower... What effectively happens is that loop
+     * with bn_mul_add_words is put against bn_mul_mont, and the
+     * latter "wins" on short vectors. Correct solution should be
+     * implementing dedicated NxN multiplication subroutines for
+     * small N. But till it materializes, let's stick to generic
+     * prime method...
+     *                                              <appro>
+     */
+    meth = EC_GFp_mont_method();
+#else
+    if (BN_nist_mod_func(p))
+        meth = EC_GFp_nist_method();
+    else
+        meth = EC_GFp_mont_method();
+#endif
+
+    ret = EC_GROUP_new(meth);
+    if (ret == NULL)
+        return NULL;
+
+    if (!EC_GROUP_set_curve(ret, p, a, b, ctx)) {
+        EC_GROUP_clear_free(ret);
+        return NULL;
+    }
+
+    return ret;
+}
+
+#ifndef OPENSSL_NO_EC2M
+EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
+                                  const BIGNUM *b, BN_CTX *ctx)
+{
+    const EC_METHOD *meth;
+    EC_GROUP *ret;
+
+    meth = EC_GF2m_simple_method();
+
+    ret = EC_GROUP_new(meth);
+    if (ret == NULL)
+        return NULL;
+
+    if (!EC_GROUP_set_curve(ret, p, a, b, ctx)) {
+        EC_GROUP_clear_free(ret);
+        return NULL;
+    }
+
+    return ret;
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_err.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_err.c
new file mode 100644
index 000000000..ce3493823
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_err.c
@@ -0,0 +1,394 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/ecerr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA EC_str_functs[] = {
+    {ERR_PACK(ERR_LIB_EC, EC_F_BN_TO_FELEM, 0), "BN_to_felem"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_D2I_ECPARAMETERS, 0), "d2i_ECParameters"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_D2I_ECPKPARAMETERS, 0), "d2i_ECPKParameters"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_D2I_ECPRIVATEKEY, 0), "d2i_ECPrivateKey"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_DO_EC_KEY_PRINT, 0), "do_EC_KEY_print"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECDH_CMS_DECRYPT, 0), "ecdh_cms_decrypt"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECDH_CMS_SET_SHARED_INFO, 0),
+     "ecdh_cms_set_shared_info"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECDH_COMPUTE_KEY, 0), "ECDH_compute_key"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECDH_SIMPLE_COMPUTE_KEY, 0),
+     "ecdh_simple_compute_key"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_DO_SIGN_EX, 0), "ECDSA_do_sign_ex"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_DO_VERIFY, 0), "ECDSA_do_verify"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_SIGN_EX, 0), "ECDSA_sign_ex"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_SIGN_SETUP, 0), "ECDSA_sign_setup"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_SIG_NEW, 0), "ECDSA_SIG_new"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_VERIFY, 0), "ECDSA_verify"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECD_ITEM_VERIFY, 0), "ecd_item_verify"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_PARAM2TYPE, 0), "eckey_param2type"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_PARAM_DECODE, 0), "eckey_param_decode"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_PRIV_DECODE, 0), "eckey_priv_decode"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_PRIV_ENCODE, 0), "eckey_priv_encode"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_PUB_DECODE, 0), "eckey_pub_decode"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_PUB_ENCODE, 0), "eckey_pub_encode"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_TYPE2PARAM, 0), "eckey_type2param"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECPARAMETERS_PRINT, 0), "ECParameters_print"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECPARAMETERS_PRINT_FP, 0),
+     "ECParameters_print_fp"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECPKPARAMETERS_PRINT, 0),
+     "ECPKParameters_print"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECPKPARAMETERS_PRINT_FP, 0),
+     "ECPKParameters_print_fp"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECP_NISTZ256_GET_AFFINE, 0),
+     "ecp_nistz256_get_affine"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECP_NISTZ256_INV_MOD_ORD, 0),
+     "ecp_nistz256_inv_mod_ord"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECP_NISTZ256_MULT_PRECOMPUTE, 0),
+     "ecp_nistz256_mult_precompute"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECP_NISTZ256_POINTS_MUL, 0),
+     "ecp_nistz256_points_mul"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECP_NISTZ256_PRE_COMP_NEW, 0),
+     "ecp_nistz256_pre_comp_new"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECP_NISTZ256_WINDOWED_MUL, 0),
+     "ecp_nistz256_windowed_mul"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECX_KEY_OP, 0), "ecx_key_op"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECX_PRIV_ENCODE, 0), "ecx_priv_encode"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECX_PUB_ENCODE, 0), "ecx_pub_encode"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_ASN1_GROUP2CURVE, 0), "ec_asn1_group2curve"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_ASN1_GROUP2FIELDID, 0),
+     "ec_asn1_group2fieldid"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY, 0),
+     "ec_GF2m_montgomery_point_multiply"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_FIELD_INV, 0),
+     "ec_GF2m_simple_field_inv"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT, 0),
+     "ec_GF2m_simple_group_check_discriminant"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE, 0),
+     "ec_GF2m_simple_group_set_curve"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_LADDER_POST, 0),
+     "ec_GF2m_simple_ladder_post"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_LADDER_PRE, 0),
+     "ec_GF2m_simple_ladder_pre"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_OCT2POINT, 0),
+     "ec_GF2m_simple_oct2point"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_POINT2OCT, 0),
+     "ec_GF2m_simple_point2oct"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_POINTS_MUL, 0),
+     "ec_GF2m_simple_points_mul"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES, 0),
+     "ec_GF2m_simple_point_get_affine_coordinates"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES, 0),
+     "ec_GF2m_simple_point_set_affine_coordinates"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES, 0),
+     "ec_GF2m_simple_set_compressed_coordinates"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_FIELD_DECODE, 0),
+     "ec_GFp_mont_field_decode"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_FIELD_ENCODE, 0),
+     "ec_GFp_mont_field_encode"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_FIELD_INV, 0),
+     "ec_GFp_mont_field_inv"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_FIELD_MUL, 0),
+     "ec_GFp_mont_field_mul"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE, 0),
+     "ec_GFp_mont_field_set_to_one"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_FIELD_SQR, 0),
+     "ec_GFp_mont_field_sqr"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_GROUP_SET_CURVE, 0),
+     "ec_GFp_mont_group_set_curve"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE, 0),
+     "ec_GFp_nistp224_group_set_curve"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP224_POINTS_MUL, 0),
+     "ec_GFp_nistp224_points_mul"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES, 0),
+     "ec_GFp_nistp224_point_get_affine_coordinates"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE, 0),
+     "ec_GFp_nistp256_group_set_curve"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP256_POINTS_MUL, 0),
+     "ec_GFp_nistp256_points_mul"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES, 0),
+     "ec_GFp_nistp256_point_get_affine_coordinates"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE, 0),
+     "ec_GFp_nistp521_group_set_curve"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP521_POINTS_MUL, 0),
+     "ec_GFp_nistp521_points_mul"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES, 0),
+     "ec_GFp_nistp521_point_get_affine_coordinates"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NIST_FIELD_MUL, 0),
+     "ec_GFp_nist_field_mul"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NIST_FIELD_SQR, 0),
+     "ec_GFp_nist_field_sqr"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NIST_GROUP_SET_CURVE, 0),
+     "ec_GFp_nist_group_set_curve"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES, 0),
+     "ec_GFp_simple_blind_coordinates"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_FIELD_INV, 0),
+     "ec_GFp_simple_field_inv"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT, 0),
+     "ec_GFp_simple_group_check_discriminant"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, 0),
+     "ec_GFp_simple_group_set_curve"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_MAKE_AFFINE, 0),
+     "ec_GFp_simple_make_affine"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_OCT2POINT, 0),
+     "ec_GFp_simple_oct2point"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_POINT2OCT, 0),
+     "ec_GFp_simple_point2oct"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, 0),
+     "ec_GFp_simple_points_make_affine"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES, 0),
+     "ec_GFp_simple_point_get_affine_coordinates"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES, 0),
+     "ec_GFp_simple_point_set_affine_coordinates"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, 0),
+     "ec_GFp_simple_set_compressed_coordinates"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_CHECK, 0), "EC_GROUP_check"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_CHECK_DISCRIMINANT, 0),
+     "EC_GROUP_check_discriminant"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_COPY, 0), "EC_GROUP_copy"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_CURVE, 0), "EC_GROUP_get_curve"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_CURVE_GF2M, 0),
+     "EC_GROUP_get_curve_GF2m"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_CURVE_GFP, 0),
+     "EC_GROUP_get_curve_GFp"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_DEGREE, 0), "EC_GROUP_get_degree"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_ECPARAMETERS, 0),
+     "EC_GROUP_get_ecparameters"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_ECPKPARAMETERS, 0),
+     "EC_GROUP_get_ecpkparameters"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS, 0),
+     "EC_GROUP_get_pentanomial_basis"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_TRINOMIAL_BASIS, 0),
+     "EC_GROUP_get_trinomial_basis"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_NEW, 0), "EC_GROUP_new"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_NEW_BY_CURVE_NAME, 0),
+     "EC_GROUP_new_by_curve_name"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_NEW_FROM_DATA, 0),
+     "ec_group_new_from_data"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, 0),
+     "EC_GROUP_new_from_ecparameters"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS, 0),
+     "EC_GROUP_new_from_ecpkparameters"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_SET_CURVE, 0), "EC_GROUP_set_curve"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_SET_CURVE_GF2M, 0),
+     "EC_GROUP_set_curve_GF2m"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_SET_CURVE_GFP, 0),
+     "EC_GROUP_set_curve_GFp"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_SET_GENERATOR, 0),
+     "EC_GROUP_set_generator"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_SET_SEED, 0), "EC_GROUP_set_seed"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_CHECK_KEY, 0), "EC_KEY_check_key"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_COPY, 0), "EC_KEY_copy"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_GENERATE_KEY, 0), "EC_KEY_generate_key"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_NEW, 0), "EC_KEY_new"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_NEW_METHOD, 0), "EC_KEY_new_method"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_OCT2PRIV, 0), "EC_KEY_oct2priv"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_PRINT, 0), "EC_KEY_print"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_PRINT_FP, 0), "EC_KEY_print_fp"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_PRIV2BUF, 0), "EC_KEY_priv2buf"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_PRIV2OCT, 0), "EC_KEY_priv2oct"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES, 0),
+     "EC_KEY_set_public_key_affine_coordinates"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_SIMPLE_CHECK_KEY, 0),
+     "ec_key_simple_check_key"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_SIMPLE_OCT2PRIV, 0),
+     "ec_key_simple_oct2priv"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_SIMPLE_PRIV2OCT, 0),
+     "ec_key_simple_priv2oct"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_PKEY_CHECK, 0), "ec_pkey_check"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_PKEY_PARAM_CHECK, 0), "ec_pkey_param_check"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINTS_MAKE_AFFINE, 0),
+     "EC_POINTs_make_affine"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINTS_MUL, 0), "EC_POINTs_mul"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_ADD, 0), "EC_POINT_add"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_BN2POINT, 0), "EC_POINT_bn2point"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_CMP, 0), "EC_POINT_cmp"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_COPY, 0), "EC_POINT_copy"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_DBL, 0), "EC_POINT_dbl"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_GET_AFFINE_COORDINATES, 0),
+     "EC_POINT_get_affine_coordinates"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, 0),
+     "EC_POINT_get_affine_coordinates_GF2m"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, 0),
+     "EC_POINT_get_affine_coordinates_GFp"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, 0),
+     "EC_POINT_get_Jprojective_coordinates_GFp"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_INVERT, 0), "EC_POINT_invert"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_IS_AT_INFINITY, 0),
+     "EC_POINT_is_at_infinity"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_IS_ON_CURVE, 0),
+     "EC_POINT_is_on_curve"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_MAKE_AFFINE, 0),
+     "EC_POINT_make_affine"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_NEW, 0), "EC_POINT_new"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_OCT2POINT, 0), "EC_POINT_oct2point"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_POINT2BUF, 0), "EC_POINT_point2buf"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_POINT2OCT, 0), "EC_POINT_point2oct"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_AFFINE_COORDINATES, 0),
+     "EC_POINT_set_affine_coordinates"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, 0),
+     "EC_POINT_set_affine_coordinates_GF2m"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, 0),
+     "EC_POINT_set_affine_coordinates_GFp"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_COMPRESSED_COORDINATES, 0),
+     "EC_POINT_set_compressed_coordinates"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, 0),
+     "EC_POINT_set_compressed_coordinates_GF2m"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, 0),
+     "EC_POINT_set_compressed_coordinates_GFp"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, 0),
+     "EC_POINT_set_Jprojective_coordinates_GFp"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_TO_INFINITY, 0),
+     "EC_POINT_set_to_infinity"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_PRE_COMP_NEW, 0), "ec_pre_comp_new"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_SCALAR_MUL_LADDER, 0),
+     "ec_scalar_mul_ladder"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_WNAF_MUL, 0), "ec_wNAF_mul"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_WNAF_PRECOMPUTE_MULT, 0),
+     "ec_wNAF_precompute_mult"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_I2D_ECPARAMETERS, 0), "i2d_ECParameters"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_I2D_ECPKPARAMETERS, 0), "i2d_ECPKParameters"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_I2D_ECPRIVATEKEY, 0), "i2d_ECPrivateKey"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_I2O_ECPUBLICKEY, 0), "i2o_ECPublicKey"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_NISTP224_PRE_COMP_NEW, 0),
+     "nistp224_pre_comp_new"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_NISTP256_PRE_COMP_NEW, 0),
+     "nistp256_pre_comp_new"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_NISTP521_PRE_COMP_NEW, 0),
+     "nistp521_pre_comp_new"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_O2I_ECPUBLICKEY, 0), "o2i_ECPublicKey"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_OLD_EC_PRIV_DECODE, 0), "old_ec_priv_decode"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_OSSL_ECDH_COMPUTE_KEY, 0),
+     "ossl_ecdh_compute_key"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_OSSL_ECDSA_SIGN_SIG, 0), "ossl_ecdsa_sign_sig"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_OSSL_ECDSA_VERIFY_SIG, 0),
+     "ossl_ecdsa_verify_sig"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_ECD_CTRL, 0), "pkey_ecd_ctrl"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_ECD_DIGESTSIGN, 0), "pkey_ecd_digestsign"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_ECD_DIGESTSIGN25519, 0),
+     "pkey_ecd_digestsign25519"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_ECD_DIGESTSIGN448, 0),
+     "pkey_ecd_digestsign448"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_ECX_DERIVE, 0), "pkey_ecx_derive"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_CTRL, 0), "pkey_ec_ctrl"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_CTRL_STR, 0), "pkey_ec_ctrl_str"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_DERIVE, 0), "pkey_ec_derive"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_INIT, 0), "pkey_ec_init"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_KDF_DERIVE, 0), "pkey_ec_kdf_derive"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_KEYGEN, 0), "pkey_ec_keygen"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_PARAMGEN, 0), "pkey_ec_paramgen"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_SIGN, 0), "pkey_ec_sign"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_VALIDATE_ECX_DERIVE, 0), "validate_ecx_derive"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA EC_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_ASN1_ERROR), "asn1 error"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_BAD_SIGNATURE), "bad signature"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_BIGNUM_OUT_OF_RANGE), "bignum out of range"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_BUFFER_TOO_SMALL), "buffer too small"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_CANNOT_INVERT), "cannot invert"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_COORDINATES_OUT_OF_RANGE),
+    "coordinates out of range"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH),
+    "curve does not support ecdh"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING),
+    "curve does not support signing"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_D2I_ECPKPARAMETERS_FAILURE),
+    "d2i ecpkparameters failure"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_DECODE_ERROR), "decode error"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_DISCRIMINANT_IS_ZERO),
+    "discriminant is zero"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_EC_GROUP_NEW_BY_NAME_FAILURE),
+    "ec group new by name failure"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_FIELD_TOO_LARGE), "field too large"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_GF2M_NOT_SUPPORTED), "gf2m not supported"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_GROUP2PKPARAMETERS_FAILURE),
+    "group2pkparameters failure"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_I2D_ECPKPARAMETERS_FAILURE),
+    "i2d ecpkparameters failure"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INCOMPATIBLE_OBJECTS),
+    "incompatible objects"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_ARGUMENT), "invalid argument"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_COMPRESSED_POINT),
+    "invalid compressed point"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_COMPRESSION_BIT),
+    "invalid compression bit"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_CURVE), "invalid curve"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_DIGEST), "invalid digest"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_DIGEST_TYPE), "invalid digest type"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_ENCODING), "invalid encoding"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_FIELD), "invalid field"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_FORM), "invalid form"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_GROUP_ORDER), "invalid group order"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_KEY), "invalid key"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_OUTPUT_LENGTH),
+    "invalid output length"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_PEER_KEY), "invalid peer key"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_PENTANOMIAL_BASIS),
+    "invalid pentanomial basis"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_PRIVATE_KEY), "invalid private key"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_TRINOMIAL_BASIS),
+    "invalid trinomial basis"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_KDF_PARAMETER_ERROR), "kdf parameter error"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_KEYS_NOT_SET), "keys not set"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_LADDER_POST_FAILURE), "ladder post failure"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_LADDER_PRE_FAILURE), "ladder pre failure"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_LADDER_STEP_FAILURE), "ladder step failure"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_MISSING_PARAMETERS), "missing parameters"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_MISSING_PRIVATE_KEY), "missing private key"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_NEED_NEW_SETUP_VALUES),
+    "need new setup values"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_NOT_A_NIST_PRIME), "not a NIST prime"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_NOT_IMPLEMENTED), "not implemented"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_NOT_INITIALIZED), "not initialized"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_NO_PARAMETERS_SET), "no parameters set"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_NO_PRIVATE_VALUE), "no private value"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_OPERATION_NOT_SUPPORTED),
+    "operation not supported"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_PASSED_NULL_PARAMETER),
+    "passed null parameter"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_PEER_KEY_ERROR), "peer key error"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_PKPARAMETERS2GROUP_FAILURE),
+    "pkparameters2group failure"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_POINT_ARITHMETIC_FAILURE),
+    "point arithmetic failure"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_POINT_AT_INFINITY), "point at infinity"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_POINT_COORDINATES_BLIND_FAILURE),
+    "point coordinates blind failure"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_POINT_IS_NOT_ON_CURVE),
+    "point is not on curve"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_RANDOM_NUMBER_GENERATION_FAILED),
+    "random number generation failed"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_SHARED_INFO_ERROR), "shared info error"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_SLOT_FULL), "slot full"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_UNDEFINED_GENERATOR), "undefined generator"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_UNDEFINED_ORDER), "undefined order"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_UNKNOWN_COFACTOR), "unknown cofactor"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_UNKNOWN_GROUP), "unknown group"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_UNKNOWN_ORDER), "unknown order"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_UNSUPPORTED_FIELD), "unsupported field"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_WRONG_CURVE_PARAMETERS),
+    "wrong curve parameters"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_WRONG_ORDER), "wrong order"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_EC_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(EC_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(EC_str_functs);
+        ERR_load_strings_const(EC_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_key.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_key.c
new file mode 100644
index 000000000..9349abf03
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_key.c
@@ -0,0 +1,618 @@
+/*
+ * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <string.h>
+#include "ec_lcl.h"
+#include "internal/refcount.h"
+#include <openssl/err.h>
+#include <openssl/engine.h>
+
+EC_KEY *EC_KEY_new(void)
+{
+    return EC_KEY_new_method(NULL);
+}
+
+EC_KEY *EC_KEY_new_by_curve_name(int nid)
+{
+    EC_KEY *ret = EC_KEY_new();
+    if (ret == NULL)
+        return NULL;
+    ret->group = EC_GROUP_new_by_curve_name(nid);
+    if (ret->group == NULL) {
+        EC_KEY_free(ret);
+        return NULL;
+    }
+    if (ret->meth->set_group != NULL
+        && ret->meth->set_group(ret, ret->group) == 0) {
+        EC_KEY_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+void EC_KEY_free(EC_KEY *r)
+{
+    int i;
+
+    if (r == NULL)
+        return;
+
+    CRYPTO_DOWN_REF(&r->references, &i, r->lock);
+    REF_PRINT_COUNT("EC_KEY", r);
+    if (i > 0)
+        return;
+    REF_ASSERT_ISNT(i < 0);
+
+    if (r->meth != NULL && r->meth->finish != NULL)
+        r->meth->finish(r);
+
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_finish(r->engine);
+#endif
+
+    if (r->group && r->group->meth->keyfinish)
+        r->group->meth->keyfinish(r);
+
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY, r, &r->ex_data);
+    CRYPTO_THREAD_lock_free(r->lock);
+    EC_GROUP_free(r->group);
+    EC_POINT_free(r->pub_key);
+    BN_clear_free(r->priv_key);
+
+    OPENSSL_clear_free((void *)r, sizeof(EC_KEY));
+}
+
+EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src)
+{
+    if (dest == NULL || src == NULL) {
+        ECerr(EC_F_EC_KEY_COPY, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+    if (src->meth != dest->meth) {
+        if (dest->meth->finish != NULL)
+            dest->meth->finish(dest);
+        if (dest->group && dest->group->meth->keyfinish)
+            dest->group->meth->keyfinish(dest);
+#ifndef OPENSSL_NO_ENGINE
+        if (ENGINE_finish(dest->engine) == 0)
+            return 0;
+        dest->engine = NULL;
+#endif
+    }
+    /* copy the parameters */
+    if (src->group != NULL) {
+        const EC_METHOD *meth = EC_GROUP_method_of(src->group);
+        /* clear the old group */
+        EC_GROUP_free(dest->group);
+        dest->group = EC_GROUP_new(meth);
+        if (dest->group == NULL)
+            return NULL;
+        if (!EC_GROUP_copy(dest->group, src->group))
+            return NULL;
+
+        /*  copy the public key */
+        if (src->pub_key != NULL) {
+            EC_POINT_free(dest->pub_key);
+            dest->pub_key = EC_POINT_new(src->group);
+            if (dest->pub_key == NULL)
+                return NULL;
+            if (!EC_POINT_copy(dest->pub_key, src->pub_key))
+                return NULL;
+        }
+        /* copy the private key */
+        if (src->priv_key != NULL) {
+            if (dest->priv_key == NULL) {
+                dest->priv_key = BN_new();
+                if (dest->priv_key == NULL)
+                    return NULL;
+            }
+            if (!BN_copy(dest->priv_key, src->priv_key))
+                return NULL;
+            if (src->group->meth->keycopy
+                && src->group->meth->keycopy(dest, src) == 0)
+                return NULL;
+        }
+    }
+
+
+    /* copy the rest */
+    dest->enc_flag = src->enc_flag;
+    dest->conv_form = src->conv_form;
+    dest->version = src->version;
+    dest->flags = src->flags;
+    if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_EC_KEY,
+                            &dest->ex_data, &src->ex_data))
+        return NULL;
+
+    if (src->meth != dest->meth) {
+#ifndef OPENSSL_NO_ENGINE
+        if (src->engine != NULL && ENGINE_init(src->engine) == 0)
+            return NULL;
+        dest->engine = src->engine;
+#endif
+        dest->meth = src->meth;
+    }
+
+    if (src->meth->copy != NULL && src->meth->copy(dest, src) == 0)
+        return NULL;
+
+    return dest;
+}
+
+EC_KEY *EC_KEY_dup(const EC_KEY *ec_key)
+{
+    EC_KEY *ret = EC_KEY_new_method(ec_key->engine);
+
+    if (ret == NULL)
+        return NULL;
+
+    if (EC_KEY_copy(ret, ec_key) == NULL) {
+        EC_KEY_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+int EC_KEY_up_ref(EC_KEY *r)
+{
+    int i;
+
+    if (CRYPTO_UP_REF(&r->references, &i, r->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("EC_KEY", r);
+    REF_ASSERT_ISNT(i < 2);
+    return ((i > 1) ? 1 : 0);
+}
+
+ENGINE *EC_KEY_get0_engine(const EC_KEY *eckey)
+{
+    return eckey->engine;
+}
+
+int EC_KEY_generate_key(EC_KEY *eckey)
+{
+    if (eckey == NULL || eckey->group == NULL) {
+        ECerr(EC_F_EC_KEY_GENERATE_KEY, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if (eckey->meth->keygen != NULL)
+        return eckey->meth->keygen(eckey);
+    ECerr(EC_F_EC_KEY_GENERATE_KEY, EC_R_OPERATION_NOT_SUPPORTED);
+    return 0;
+}
+
+int ossl_ec_key_gen(EC_KEY *eckey)
+{
+    return eckey->group->meth->keygen(eckey);
+}
+
+int ec_key_simple_generate_key(EC_KEY *eckey)
+{
+    int ok = 0;
+    BN_CTX *ctx = NULL;
+    BIGNUM *priv_key = NULL;
+    const BIGNUM *order = NULL;
+    EC_POINT *pub_key = NULL;
+
+    if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+
+    if (eckey->priv_key == NULL) {
+        priv_key = BN_new();
+        if (priv_key == NULL)
+            goto err;
+    } else
+        priv_key = eckey->priv_key;
+
+    order = EC_GROUP_get0_order(eckey->group);
+    if (order == NULL)
+        goto err;
+
+    do
+        if (!BN_priv_rand_range(priv_key, order))
+            goto err;
+    while (BN_is_zero(priv_key)) ;
+
+    if (eckey->pub_key == NULL) {
+        pub_key = EC_POINT_new(eckey->group);
+        if (pub_key == NULL)
+            goto err;
+    } else
+        pub_key = eckey->pub_key;
+
+    if (!EC_POINT_mul(eckey->group, pub_key, priv_key, NULL, NULL, ctx))
+        goto err;
+
+    eckey->priv_key = priv_key;
+    eckey->pub_key = pub_key;
+
+    ok = 1;
+
+ err:
+    if (eckey->pub_key == NULL)
+        EC_POINT_free(pub_key);
+    if (eckey->priv_key != priv_key)
+        BN_free(priv_key);
+    BN_CTX_free(ctx);
+    return ok;
+}
+
+int ec_key_simple_generate_public_key(EC_KEY *eckey)
+{
+    return EC_POINT_mul(eckey->group, eckey->pub_key, eckey->priv_key, NULL,
+                        NULL, NULL);
+}
+
+int EC_KEY_check_key(const EC_KEY *eckey)
+{
+    if (eckey == NULL || eckey->group == NULL || eckey->pub_key == NULL) {
+        ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
+    if (eckey->group->meth->keycheck == NULL) {
+        ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+
+    return eckey->group->meth->keycheck(eckey);
+}
+
+int ec_key_simple_check_key(const EC_KEY *eckey)
+{
+    int ok = 0;
+    BN_CTX *ctx = NULL;
+    const BIGNUM *order = NULL;
+    EC_POINT *point = NULL;
+
+    if (eckey == NULL || eckey->group == NULL || eckey->pub_key == NULL) {
+        ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
+    if (EC_POINT_is_at_infinity(eckey->group, eckey->pub_key)) {
+        ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_POINT_AT_INFINITY);
+        goto err;
+    }
+
+    if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+    if ((point = EC_POINT_new(eckey->group)) == NULL)
+        goto err;
+
+    /* testing whether the pub_key is on the elliptic curve */
+    if (EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx) <= 0) {
+        ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE);
+        goto err;
+    }
+    /* testing whether pub_key * order is the point at infinity */
+    order = eckey->group->order;
+    if (BN_is_zero(order)) {
+        ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_INVALID_GROUP_ORDER);
+        goto err;
+    }
+    if (!EC_POINT_mul(eckey->group, point, NULL, eckey->pub_key, order, ctx)) {
+        ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, ERR_R_EC_LIB);
+        goto err;
+    }
+    if (!EC_POINT_is_at_infinity(eckey->group, point)) {
+        ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_WRONG_ORDER);
+        goto err;
+    }
+    /*
+     * in case the priv_key is present : check if generator * priv_key ==
+     * pub_key
+     */
+    if (eckey->priv_key != NULL) {
+        if (BN_cmp(eckey->priv_key, order) >= 0) {
+            ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_WRONG_ORDER);
+            goto err;
+        }
+        if (!EC_POINT_mul(eckey->group, point, eckey->priv_key,
+                          NULL, NULL, ctx)) {
+            ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, ERR_R_EC_LIB);
+            goto err;
+        }
+        if (EC_POINT_cmp(eckey->group, point, eckey->pub_key, ctx) != 0) {
+            ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_INVALID_PRIVATE_KEY);
+            goto err;
+        }
+    }
+    ok = 1;
+ err:
+    BN_CTX_free(ctx);
+    EC_POINT_free(point);
+    return ok;
+}
+
+int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x,
+                                             BIGNUM *y)
+{
+    BN_CTX *ctx = NULL;
+    BIGNUM *tx, *ty;
+    EC_POINT *point = NULL;
+    int ok = 0;
+
+    if (key == NULL || key->group == NULL || x == NULL || y == NULL) {
+        ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
+              ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        return 0;
+
+    BN_CTX_start(ctx);
+    point = EC_POINT_new(key->group);
+
+    if (point == NULL)
+        goto err;
+
+    tx = BN_CTX_get(ctx);
+    ty = BN_CTX_get(ctx);
+    if (ty == NULL)
+        goto err;
+
+    if (!EC_POINT_set_affine_coordinates(key->group, point, x, y, ctx))
+        goto err;
+    if (!EC_POINT_get_affine_coordinates(key->group, point, tx, ty, ctx))
+        goto err;
+
+    /*
+     * Check if retrieved coordinates match originals and are less than field
+     * order: if not values are out of range.
+     */
+    if (BN_cmp(x, tx) || BN_cmp(y, ty)
+        || (BN_cmp(x, key->group->field) >= 0)
+        || (BN_cmp(y, key->group->field) >= 0)) {
+        ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
+              EC_R_COORDINATES_OUT_OF_RANGE);
+        goto err;
+    }
+
+    if (!EC_KEY_set_public_key(key, point))
+        goto err;
+
+    if (EC_KEY_check_key(key) == 0)
+        goto err;
+
+    ok = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    EC_POINT_free(point);
+    return ok;
+
+}
+
+const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key)
+{
+    return key->group;
+}
+
+int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group)
+{
+    if (key->meth->set_group != NULL && key->meth->set_group(key, group) == 0)
+        return 0;
+    EC_GROUP_free(key->group);
+    key->group = EC_GROUP_dup(group);
+    return (key->group == NULL) ? 0 : 1;
+}
+
+const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key)
+{
+    return key->priv_key;
+}
+
+int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv_key)
+{
+    if (key->group == NULL || key->group->meth == NULL)
+        return 0;
+    if (key->group->meth->set_private != NULL
+        && key->group->meth->set_private(key, priv_key) == 0)
+        return 0;
+    if (key->meth->set_private != NULL
+        && key->meth->set_private(key, priv_key) == 0)
+        return 0;
+    BN_clear_free(key->priv_key);
+    key->priv_key = BN_dup(priv_key);
+    return (key->priv_key == NULL) ? 0 : 1;
+}
+
+const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key)
+{
+    return key->pub_key;
+}
+
+int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub_key)
+{
+    if (key->meth->set_public != NULL
+        && key->meth->set_public(key, pub_key) == 0)
+        return 0;
+    EC_POINT_free(key->pub_key);
+    key->pub_key = EC_POINT_dup(pub_key, key->group);
+    return (key->pub_key == NULL) ? 0 : 1;
+}
+
+unsigned int EC_KEY_get_enc_flags(const EC_KEY *key)
+{
+    return key->enc_flag;
+}
+
+void EC_KEY_set_enc_flags(EC_KEY *key, unsigned int flags)
+{
+    key->enc_flag = flags;
+}
+
+point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key)
+{
+    return key->conv_form;
+}
+
+void EC_KEY_set_conv_form(EC_KEY *key, point_conversion_form_t cform)
+{
+    key->conv_form = cform;
+    if (key->group != NULL)
+        EC_GROUP_set_point_conversion_form(key->group, cform);
+}
+
+void EC_KEY_set_asn1_flag(EC_KEY *key, int flag)
+{
+    if (key->group != NULL)
+        EC_GROUP_set_asn1_flag(key->group, flag);
+}
+
+int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx)
+{
+    if (key->group == NULL)
+        return 0;
+    return EC_GROUP_precompute_mult(key->group, ctx);
+}
+
+int EC_KEY_get_flags(const EC_KEY *key)
+{
+    return key->flags;
+}
+
+void EC_KEY_set_flags(EC_KEY *key, int flags)
+{
+    key->flags |= flags;
+}
+
+void EC_KEY_clear_flags(EC_KEY *key, int flags)
+{
+    key->flags &= ~flags;
+}
+
+size_t EC_KEY_key2buf(const EC_KEY *key, point_conversion_form_t form,
+                        unsigned char **pbuf, BN_CTX *ctx)
+{
+    if (key == NULL || key->pub_key == NULL || key->group == NULL)
+        return 0;
+    return EC_POINT_point2buf(key->group, key->pub_key, form, pbuf, ctx);
+}
+
+int EC_KEY_oct2key(EC_KEY *key, const unsigned char *buf, size_t len,
+                   BN_CTX *ctx)
+{
+    if (key == NULL || key->group == NULL)
+        return 0;
+    if (key->pub_key == NULL)
+        key->pub_key = EC_POINT_new(key->group);
+    if (key->pub_key == NULL)
+        return 0;
+    if (EC_POINT_oct2point(key->group, key->pub_key, buf, len, ctx) == 0)
+        return 0;
+    /*
+     * Save the point conversion form.
+     * For non-custom curves the first octet of the buffer (excluding
+     * the last significant bit) contains the point conversion form.
+     * EC_POINT_oct2point() has already performed sanity checking of
+     * the buffer so we know it is valid.
+     */
+    if ((key->group->meth->flags & EC_FLAGS_CUSTOM_CURVE) == 0)
+        key->conv_form = (point_conversion_form_t)(buf[0] & ~0x01);
+    return 1;
+}
+
+size_t EC_KEY_priv2oct(const EC_KEY *eckey,
+                       unsigned char *buf, size_t len)
+{
+    if (eckey->group == NULL || eckey->group->meth == NULL)
+        return 0;
+    if (eckey->group->meth->priv2oct == NULL) {
+        ECerr(EC_F_EC_KEY_PRIV2OCT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+
+    return eckey->group->meth->priv2oct(eckey, buf, len);
+}
+
+size_t ec_key_simple_priv2oct(const EC_KEY *eckey,
+                              unsigned char *buf, size_t len)
+{
+    size_t buf_len;
+
+    buf_len = (EC_GROUP_order_bits(eckey->group) + 7) / 8;
+    if (eckey->priv_key == NULL)
+        return 0;
+    if (buf == NULL)
+        return buf_len;
+    else if (len < buf_len)
+        return 0;
+
+    /* Octetstring may need leading zeros if BN is to short */
+
+    if (BN_bn2binpad(eckey->priv_key, buf, buf_len) == -1) {
+        ECerr(EC_F_EC_KEY_SIMPLE_PRIV2OCT, EC_R_BUFFER_TOO_SMALL);
+        return 0;
+    }
+
+    return buf_len;
+}
+
+int EC_KEY_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len)
+{
+    if (eckey->group == NULL || eckey->group->meth == NULL)
+        return 0;
+    if (eckey->group->meth->oct2priv == NULL) {
+        ECerr(EC_F_EC_KEY_OCT2PRIV, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    return eckey->group->meth->oct2priv(eckey, buf, len);
+}
+
+int ec_key_simple_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len)
+{
+    if (eckey->priv_key == NULL)
+        eckey->priv_key = BN_secure_new();
+    if (eckey->priv_key == NULL) {
+        ECerr(EC_F_EC_KEY_SIMPLE_OCT2PRIV, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    eckey->priv_key = BN_bin2bn(buf, len, eckey->priv_key);
+    if (eckey->priv_key == NULL) {
+        ECerr(EC_F_EC_KEY_SIMPLE_OCT2PRIV, ERR_R_BN_LIB);
+        return 0;
+    }
+    return 1;
+}
+
+size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf)
+{
+    size_t len;
+    unsigned char *buf;
+
+    len = EC_KEY_priv2oct(eckey, NULL, 0);
+    if (len == 0)
+        return 0;
+    if ((buf = OPENSSL_malloc(len)) == NULL) {
+        ECerr(EC_F_EC_KEY_PRIV2BUF, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    len = EC_KEY_priv2oct(eckey, buf, len);
+    if (len == 0) {
+        OPENSSL_free(buf);
+        return 0;
+    }
+    *pbuf = buf;
+    return len;
+}
+
+int EC_KEY_can_sign(const EC_KEY *eckey)
+{
+    if (eckey->group == NULL || eckey->group->meth == NULL
+        || (eckey->group->meth->flags & EC_FLAGS_NO_SIGN))
+        return 0;
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_kmeth.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_kmeth.c
new file mode 100644
index 000000000..64a5d2087
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_kmeth.c
@@ -0,0 +1,317 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include <openssl/ec.h>
+#include <openssl/engine.h>
+#include <openssl/err.h>
+#include "ec_lcl.h"
+
+
+static const EC_KEY_METHOD openssl_ec_key_method = {
+    "OpenSSL EC_KEY method",
+    0,
+    0,0,0,0,0,0,
+    ossl_ec_key_gen,
+    ossl_ecdh_compute_key,
+    ossl_ecdsa_sign,
+    ossl_ecdsa_sign_setup,
+    ossl_ecdsa_sign_sig,
+    ossl_ecdsa_verify,
+    ossl_ecdsa_verify_sig
+};
+
+static const EC_KEY_METHOD *default_ec_key_meth = &openssl_ec_key_method;
+
+const EC_KEY_METHOD *EC_KEY_OpenSSL(void)
+{
+    return &openssl_ec_key_method;
+}
+
+const EC_KEY_METHOD *EC_KEY_get_default_method(void)
+{
+    return default_ec_key_meth;
+}
+
+void EC_KEY_set_default_method(const EC_KEY_METHOD *meth)
+{
+    if (meth == NULL)
+        default_ec_key_meth = &openssl_ec_key_method;
+    else
+        default_ec_key_meth = meth;
+}
+
+const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key)
+{
+    return key->meth;
+}
+
+int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth)
+{
+    void (*finish)(EC_KEY *key) = key->meth->finish;
+
+    if (finish != NULL)
+        finish(key);
+
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_finish(key->engine);
+    key->engine = NULL;
+#endif
+
+    key->meth = meth;
+    if (meth->init != NULL)
+        return meth->init(key);
+    return 1;
+}
+
+EC_KEY *EC_KEY_new_method(ENGINE *engine)
+{
+    EC_KEY *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ret->references = 1;
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+
+    ret->meth = EC_KEY_get_default_method();
+#ifndef OPENSSL_NO_ENGINE
+    if (engine != NULL) {
+        if (!ENGINE_init(engine)) {
+            ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_ENGINE_LIB);
+            goto err;
+        }
+        ret->engine = engine;
+    } else
+        ret->engine = ENGINE_get_default_EC();
+    if (ret->engine != NULL) {
+        ret->meth = ENGINE_get_EC(ret->engine);
+        if (ret->meth == NULL) {
+            ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_ENGINE_LIB);
+            goto err;
+        }
+    }
+#endif
+
+    ret->version = 1;
+    ret->conv_form = POINT_CONVERSION_UNCOMPRESSED;
+
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_EC_KEY, ret, &ret->ex_data)) {
+        goto err;
+    }
+
+    if (ret->meth->init != NULL && ret->meth->init(ret) == 0) {
+        ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_INIT_FAIL);
+        goto err;
+    }
+    return ret;
+
+ err:
+    EC_KEY_free(ret);
+    return NULL;
+}
+
+int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
+                     const EC_KEY *eckey,
+                     void *(*KDF) (const void *in, size_t inlen, void *out,
+                                   size_t *outlen))
+{
+    unsigned char *sec = NULL;
+    size_t seclen;
+    if (eckey->meth->compute_key == NULL) {
+        ECerr(EC_F_ECDH_COMPUTE_KEY, EC_R_OPERATION_NOT_SUPPORTED);
+        return 0;
+    }
+    if (outlen > INT_MAX) {
+        ECerr(EC_F_ECDH_COMPUTE_KEY, EC_R_INVALID_OUTPUT_LENGTH);
+        return 0;
+    }
+    if (!eckey->meth->compute_key(&sec, &seclen, pub_key, eckey))
+        return 0;
+    if (KDF != NULL) {
+        KDF(sec, seclen, out, &outlen);
+    } else {
+        if (outlen > seclen)
+            outlen = seclen;
+        memcpy(out, sec, outlen);
+    }
+    OPENSSL_clear_free(sec, seclen);
+    return outlen;
+}
+
+EC_KEY_METHOD *EC_KEY_METHOD_new(const EC_KEY_METHOD *meth)
+{
+    EC_KEY_METHOD *ret = OPENSSL_zalloc(sizeof(*meth));
+
+    if (ret == NULL)
+        return NULL;
+    if (meth != NULL)
+        *ret = *meth;
+    ret->flags |= EC_KEY_METHOD_DYNAMIC;
+    return ret;
+}
+
+void EC_KEY_METHOD_free(EC_KEY_METHOD *meth)
+{
+    if (meth->flags & EC_KEY_METHOD_DYNAMIC)
+        OPENSSL_free(meth);
+}
+
+void EC_KEY_METHOD_set_init(EC_KEY_METHOD *meth,
+                            int (*init)(EC_KEY *key),
+                            void (*finish)(EC_KEY *key),
+                            int (*copy)(EC_KEY *dest, const EC_KEY *src),
+                            int (*set_group)(EC_KEY *key, const EC_GROUP *grp),
+                            int (*set_private)(EC_KEY *key,
+                                               const BIGNUM *priv_key),
+                            int (*set_public)(EC_KEY *key,
+                                              const EC_POINT *pub_key))
+{
+    meth->init = init;
+    meth->finish = finish;
+    meth->copy = copy;
+    meth->set_group = set_group;
+    meth->set_private = set_private;
+    meth->set_public = set_public;
+}
+
+void EC_KEY_METHOD_set_keygen(EC_KEY_METHOD *meth,
+                              int (*keygen)(EC_KEY *key))
+{
+    meth->keygen = keygen;
+}
+
+void EC_KEY_METHOD_set_compute_key(EC_KEY_METHOD *meth,
+                                   int (*ckey)(unsigned char **psec,
+                                               size_t *pseclen,
+                                               const EC_POINT *pub_key,
+                                               const EC_KEY *ecdh))
+{
+    meth->compute_key = ckey;
+}
+
+void EC_KEY_METHOD_set_sign(EC_KEY_METHOD *meth,
+                            int (*sign)(int type, const unsigned char *dgst,
+                                        int dlen, unsigned char *sig,
+                                        unsigned int *siglen,
+                                        const BIGNUM *kinv, const BIGNUM *r,
+                                        EC_KEY *eckey),
+                            int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in,
+                                              BIGNUM **kinvp, BIGNUM **rp),
+                            ECDSA_SIG *(*sign_sig)(const unsigned char *dgst,
+                                                   int dgst_len,
+                                                   const BIGNUM *in_kinv,
+                                                   const BIGNUM *in_r,
+                                                   EC_KEY *eckey))
+{
+    meth->sign = sign;
+    meth->sign_setup = sign_setup;
+    meth->sign_sig = sign_sig;
+}
+
+void EC_KEY_METHOD_set_verify(EC_KEY_METHOD *meth,
+                              int (*verify)(int type, const unsigned
+                                            char *dgst, int dgst_len,
+                                            const unsigned char *sigbuf,
+                                            int sig_len, EC_KEY *eckey),
+                              int (*verify_sig)(const unsigned char *dgst,
+                                                int dgst_len,
+                                                const ECDSA_SIG *sig,
+                                                EC_KEY *eckey))
+{
+    meth->verify = verify;
+    meth->verify_sig = verify_sig;
+}
+
+void EC_KEY_METHOD_get_init(const EC_KEY_METHOD *meth,
+                            int (**pinit)(EC_KEY *key),
+                            void (**pfinish)(EC_KEY *key),
+                            int (**pcopy)(EC_KEY *dest, const EC_KEY *src),
+                            int (**pset_group)(EC_KEY *key,
+                                               const EC_GROUP *grp),
+                            int (**pset_private)(EC_KEY *key,
+                                                 const BIGNUM *priv_key),
+                            int (**pset_public)(EC_KEY *key,
+                                                const EC_POINT *pub_key))
+{
+    if (pinit != NULL)
+        *pinit = meth->init;
+    if (pfinish != NULL)
+        *pfinish = meth->finish;
+    if (pcopy != NULL)
+        *pcopy = meth->copy;
+    if (pset_group != NULL)
+        *pset_group = meth->set_group;
+    if (pset_private != NULL)
+        *pset_private = meth->set_private;
+    if (pset_public != NULL)
+        *pset_public = meth->set_public;
+}
+
+void EC_KEY_METHOD_get_keygen(const EC_KEY_METHOD *meth,
+                              int (**pkeygen)(EC_KEY *key))
+{
+    if (pkeygen != NULL)
+        *pkeygen = meth->keygen;
+}
+
+void EC_KEY_METHOD_get_compute_key(const EC_KEY_METHOD *meth,
+                                   int (**pck)(unsigned char **pout,
+                                               size_t *poutlen,
+                                               const EC_POINT *pub_key,
+                                               const EC_KEY *ecdh))
+{
+    if (pck != NULL)
+        *pck = meth->compute_key;
+}
+
+void EC_KEY_METHOD_get_sign(const EC_KEY_METHOD *meth,
+                            int (**psign)(int type, const unsigned char *dgst,
+                                          int dlen, unsigned char *sig,
+                                          unsigned int *siglen,
+                                          const BIGNUM *kinv, const BIGNUM *r,
+                                          EC_KEY *eckey),
+                            int (**psign_setup)(EC_KEY *eckey, BN_CTX *ctx_in,
+                                                BIGNUM **kinvp, BIGNUM **rp),
+                            ECDSA_SIG *(**psign_sig)(const unsigned char *dgst,
+                                                     int dgst_len,
+                                                     const BIGNUM *in_kinv,
+                                                     const BIGNUM *in_r,
+                                                     EC_KEY *eckey))
+{
+    if (psign != NULL)
+        *psign = meth->sign;
+    if (psign_setup != NULL)
+        *psign_setup = meth->sign_setup;
+    if (psign_sig != NULL)
+        *psign_sig = meth->sign_sig;
+}
+
+void EC_KEY_METHOD_get_verify(const EC_KEY_METHOD *meth,
+                              int (**pverify)(int type, const unsigned
+                                              char *dgst, int dgst_len,
+                                              const unsigned char *sigbuf,
+                                              int sig_len, EC_KEY *eckey),
+                              int (**pverify_sig)(const unsigned char *dgst,
+                                                  int dgst_len,
+                                                  const ECDSA_SIG *sig,
+                                                  EC_KEY *eckey))
+{
+    if (pverify != NULL)
+        *pverify = meth->verify;
+    if (pverify_sig != NULL)
+        *pverify_sig = meth->verify_sig;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_lcl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_lcl.h
new file mode 100644
index 000000000..119255f1d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_lcl.h
@@ -0,0 +1,737 @@
+/*
+ * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdlib.h>
+
+#include <openssl/obj_mac.h>
+#include <openssl/ec.h>
+#include <openssl/bn.h>
+#include "internal/refcount.h"
+#include "internal/ec_int.h"
+
+#if defined(__SUNPRO_C)
+# if __SUNPRO_C >= 0x520
+#  pragma error_messages (off,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE)
+# endif
+#endif
+
+/* Use default functions for poin2oct, oct2point and compressed coordinates */
+#define EC_FLAGS_DEFAULT_OCT    0x1
+
+/* Use custom formats for EC_GROUP, EC_POINT and EC_KEY */
+#define EC_FLAGS_CUSTOM_CURVE   0x2
+
+/* Curve does not support signing operations */
+#define EC_FLAGS_NO_SIGN        0x4
+
+/*
+ * Structure details are not part of the exported interface, so all this may
+ * change in future versions.
+ */
+
+struct ec_method_st {
+    /* Various method flags */
+    int flags;
+    /* used by EC_METHOD_get_field_type: */
+    int field_type;             /* a NID */
+    /*
+     * used by EC_GROUP_new, EC_GROUP_free, EC_GROUP_clear_free,
+     * EC_GROUP_copy:
+     */
+    int (*group_init) (EC_GROUP *);
+    void (*group_finish) (EC_GROUP *);
+    void (*group_clear_finish) (EC_GROUP *);
+    int (*group_copy) (EC_GROUP *, const EC_GROUP *);
+    /* used by EC_GROUP_set_curve, EC_GROUP_get_curve: */
+    int (*group_set_curve) (EC_GROUP *, const BIGNUM *p, const BIGNUM *a,
+                            const BIGNUM *b, BN_CTX *);
+    int (*group_get_curve) (const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b,
+                            BN_CTX *);
+    /* used by EC_GROUP_get_degree: */
+    int (*group_get_degree) (const EC_GROUP *);
+    int (*group_order_bits) (const EC_GROUP *);
+    /* used by EC_GROUP_check: */
+    int (*group_check_discriminant) (const EC_GROUP *, BN_CTX *);
+    /*
+     * used by EC_POINT_new, EC_POINT_free, EC_POINT_clear_free,
+     * EC_POINT_copy:
+     */
+    int (*point_init) (EC_POINT *);
+    void (*point_finish) (EC_POINT *);
+    void (*point_clear_finish) (EC_POINT *);
+    int (*point_copy) (EC_POINT *, const EC_POINT *);
+    /*-
+     * used by EC_POINT_set_to_infinity,
+     * EC_POINT_set_Jprojective_coordinates_GFp,
+     * EC_POINT_get_Jprojective_coordinates_GFp,
+     * EC_POINT_set_affine_coordinates,
+     * EC_POINT_get_affine_coordinates,
+     * EC_POINT_set_compressed_coordinates:
+     */
+    int (*point_set_to_infinity) (const EC_GROUP *, EC_POINT *);
+    int (*point_set_Jprojective_coordinates_GFp) (const EC_GROUP *,
+                                                  EC_POINT *, const BIGNUM *x,
+                                                  const BIGNUM *y,
+                                                  const BIGNUM *z, BN_CTX *);
+    int (*point_get_Jprojective_coordinates_GFp) (const EC_GROUP *,
+                                                  const EC_POINT *, BIGNUM *x,
+                                                  BIGNUM *y, BIGNUM *z,
+                                                  BN_CTX *);
+    int (*point_set_affine_coordinates) (const EC_GROUP *, EC_POINT *,
+                                         const BIGNUM *x, const BIGNUM *y,
+                                         BN_CTX *);
+    int (*point_get_affine_coordinates) (const EC_GROUP *, const EC_POINT *,
+                                         BIGNUM *x, BIGNUM *y, BN_CTX *);
+    int (*point_set_compressed_coordinates) (const EC_GROUP *, EC_POINT *,
+                                             const BIGNUM *x, int y_bit,
+                                             BN_CTX *);
+    /* used by EC_POINT_point2oct, EC_POINT_oct2point: */
+    size_t (*point2oct) (const EC_GROUP *, const EC_POINT *,
+                         point_conversion_form_t form, unsigned char *buf,
+                         size_t len, BN_CTX *);
+    int (*oct2point) (const EC_GROUP *, EC_POINT *, const unsigned char *buf,
+                      size_t len, BN_CTX *);
+    /* used by EC_POINT_add, EC_POINT_dbl, ECP_POINT_invert: */
+    int (*add) (const EC_GROUP *, EC_POINT *r, const EC_POINT *a,
+                const EC_POINT *b, BN_CTX *);
+    int (*dbl) (const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *);
+    int (*invert) (const EC_GROUP *, EC_POINT *, BN_CTX *);
+    /*
+     * used by EC_POINT_is_at_infinity, EC_POINT_is_on_curve, EC_POINT_cmp:
+     */
+    int (*is_at_infinity) (const EC_GROUP *, const EC_POINT *);
+    int (*is_on_curve) (const EC_GROUP *, const EC_POINT *, BN_CTX *);
+    int (*point_cmp) (const EC_GROUP *, const EC_POINT *a, const EC_POINT *b,
+                      BN_CTX *);
+    /* used by EC_POINT_make_affine, EC_POINTs_make_affine: */
+    int (*make_affine) (const EC_GROUP *, EC_POINT *, BN_CTX *);
+    int (*points_make_affine) (const EC_GROUP *, size_t num, EC_POINT *[],
+                               BN_CTX *);
+    /*
+     * used by EC_POINTs_mul, EC_POINT_mul, EC_POINT_precompute_mult,
+     * EC_POINT_have_precompute_mult (default implementations are used if the
+     * 'mul' pointer is 0):
+     */
+    /*-
+     * mul() calculates the value
+     *
+     *   r := generator * scalar
+     *        + points[0] * scalars[0]
+     *        + ...
+     *        + points[num-1] * scalars[num-1].
+     *
+     * For a fixed point multiplication (scalar != NULL, num == 0)
+     * or a variable point multiplication (scalar == NULL, num == 1),
+     * mul() must use a constant time algorithm: in both cases callers
+     * should provide an input scalar (either scalar or scalars[0])
+     * in the range [0, ec_group_order); for robustness, implementers
+     * should handle the case when the scalar has not been reduced, but
+     * may treat it as an unusual input, without any constant-timeness
+     * guarantee.
+     */
+    int (*mul) (const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
+                size_t num, const EC_POINT *points[], const BIGNUM *scalars[],
+                BN_CTX *);
+    int (*precompute_mult) (EC_GROUP *group, BN_CTX *);
+    int (*have_precompute_mult) (const EC_GROUP *group);
+    /* internal functions */
+    /*
+     * 'field_mul', 'field_sqr', and 'field_div' can be used by 'add' and
+     * 'dbl' so that the same implementations of point operations can be used
+     * with different optimized implementations of expensive field
+     * operations:
+     */
+    int (*field_mul) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                      const BIGNUM *b, BN_CTX *);
+    int (*field_sqr) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
+    int (*field_div) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                      const BIGNUM *b, BN_CTX *);
+    /*-
+     * 'field_inv' computes the multipicative inverse of a in the field,
+     * storing the result in r.
+     *
+     * If 'a' is zero (or equivalent), you'll get an EC_R_CANNOT_INVERT error.
+     */
+    int (*field_inv) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
+    /* e.g. to Montgomery */
+    int (*field_encode) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                         BN_CTX *);
+    /* e.g. from Montgomery */
+    int (*field_decode) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                         BN_CTX *);
+    int (*field_set_to_one) (const EC_GROUP *, BIGNUM *r, BN_CTX *);
+    /* private key operations */
+    size_t (*priv2oct)(const EC_KEY *eckey, unsigned char *buf, size_t len);
+    int (*oct2priv)(EC_KEY *eckey, const unsigned char *buf, size_t len);
+    int (*set_private)(EC_KEY *eckey, const BIGNUM *priv_key);
+    int (*keygen)(EC_KEY *eckey);
+    int (*keycheck)(const EC_KEY *eckey);
+    int (*keygenpub)(EC_KEY *eckey);
+    int (*keycopy)(EC_KEY *dst, const EC_KEY *src);
+    void (*keyfinish)(EC_KEY *eckey);
+    /* custom ECDH operation */
+    int (*ecdh_compute_key)(unsigned char **pout, size_t *poutlen,
+                            const EC_POINT *pub_key, const EC_KEY *ecdh);
+    /* Inverse modulo order */
+    int (*field_inverse_mod_ord)(const EC_GROUP *, BIGNUM *r,
+                                 const BIGNUM *x, BN_CTX *);
+    int (*blind_coordinates)(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx);
+    int (*ladder_pre)(const EC_GROUP *group,
+                      EC_POINT *r, EC_POINT *s,
+                      EC_POINT *p, BN_CTX *ctx);
+    int (*ladder_step)(const EC_GROUP *group,
+                       EC_POINT *r, EC_POINT *s,
+                       EC_POINT *p, BN_CTX *ctx);
+    int (*ladder_post)(const EC_GROUP *group,
+                       EC_POINT *r, EC_POINT *s,
+                       EC_POINT *p, BN_CTX *ctx);
+};
+
+/*
+ * Types and functions to manipulate pre-computed values.
+ */
+typedef struct nistp224_pre_comp_st NISTP224_PRE_COMP;
+typedef struct nistp256_pre_comp_st NISTP256_PRE_COMP;
+typedef struct nistp521_pre_comp_st NISTP521_PRE_COMP;
+typedef struct nistz256_pre_comp_st NISTZ256_PRE_COMP;
+typedef struct ec_pre_comp_st EC_PRE_COMP;
+
+struct ec_group_st {
+    const EC_METHOD *meth;
+    EC_POINT *generator;        /* optional */
+    BIGNUM *order, *cofactor;
+    int curve_name;             /* optional NID for named curve */
+    int asn1_flag;              /* flag to control the asn1 encoding */
+    point_conversion_form_t asn1_form;
+    unsigned char *seed;        /* optional seed for parameters (appears in
+                                 * ASN1) */
+    size_t seed_len;
+    /*
+     * The following members are handled by the method functions, even if
+     * they appear generic
+     */
+    /*
+     * Field specification. For curves over GF(p), this is the modulus; for
+     * curves over GF(2^m), this is the irreducible polynomial defining the
+     * field.
+     */
+    BIGNUM *field;
+    /*
+     * Field specification for curves over GF(2^m). The irreducible f(t) is
+     * then of the form: t^poly[0] + t^poly[1] + ... + t^poly[k] where m =
+     * poly[0] > poly[1] > ... > poly[k] = 0. The array is terminated with
+     * poly[k+1]=-1. All elliptic curve irreducibles have at most 5 non-zero
+     * terms.
+     */
+    int poly[6];
+    /*
+     * Curve coefficients. (Here the assumption is that BIGNUMs can be used
+     * or abused for all kinds of fields, not just GF(p).) For characteristic
+     * > 3, the curve is defined by a Weierstrass equation of the form y^2 =
+     * x^3 + a*x + b. For characteristic 2, the curve is defined by an
+     * equation of the form y^2 + x*y = x^3 + a*x^2 + b.
+     */
+    BIGNUM *a, *b;
+    /* enable optimized point arithmetics for special case */
+    int a_is_minus3;
+    /* method-specific (e.g., Montgomery structure) */
+    void *field_data1;
+    /* method-specific */
+    void *field_data2;
+    /* method-specific */
+    int (*field_mod_func) (BIGNUM *, const BIGNUM *, const BIGNUM *,
+                           BN_CTX *);
+    /* data for ECDSA inverse */
+    BN_MONT_CTX *mont_data;
+
+    /*
+     * Precomputed values for speed. The PCT_xxx names match the
+     * pre_comp.xxx union names; see the SETPRECOMP and HAVEPRECOMP
+     * macros, below.
+     */
+    enum {
+        PCT_none,
+        PCT_nistp224, PCT_nistp256, PCT_nistp521, PCT_nistz256,
+        PCT_ec
+    } pre_comp_type;
+    union {
+        NISTP224_PRE_COMP *nistp224;
+        NISTP256_PRE_COMP *nistp256;
+        NISTP521_PRE_COMP *nistp521;
+        NISTZ256_PRE_COMP *nistz256;
+        EC_PRE_COMP *ec;
+    } pre_comp;
+};
+
+#define SETPRECOMP(g, type, pre) \
+    g->pre_comp_type = PCT_##type, g->pre_comp.type = pre
+#define HAVEPRECOMP(g, type) \
+    g->pre_comp_type == PCT_##type && g->pre_comp.type != NULL
+
+struct ec_key_st {
+    const EC_KEY_METHOD *meth;
+    ENGINE *engine;
+    int version;
+    EC_GROUP *group;
+    EC_POINT *pub_key;
+    BIGNUM *priv_key;
+    unsigned int enc_flag;
+    point_conversion_form_t conv_form;
+    CRYPTO_REF_COUNT references;
+    int flags;
+    CRYPTO_EX_DATA ex_data;
+    CRYPTO_RWLOCK *lock;
+};
+
+struct ec_point_st {
+    const EC_METHOD *meth;
+    /* NID for the curve if known */
+    int curve_name;
+    /*
+     * All members except 'meth' are handled by the method functions, even if
+     * they appear generic
+     */
+    BIGNUM *X;
+    BIGNUM *Y;
+    BIGNUM *Z;                  /* Jacobian projective coordinates: * (X, Y,
+                                 * Z) represents (X/Z^2, Y/Z^3) if Z != 0 */
+    int Z_is_one;               /* enable optimized point arithmetics for
+                                 * special case */
+};
+
+static ossl_inline int ec_point_is_compat(const EC_POINT *point,
+                                          const EC_GROUP *group)
+{
+    if (group->meth != point->meth
+        || (group->curve_name != 0
+            && point->curve_name != 0
+            && group->curve_name != point->curve_name))
+        return 0;
+
+    return 1;
+}
+
+NISTP224_PRE_COMP *EC_nistp224_pre_comp_dup(NISTP224_PRE_COMP *);
+NISTP256_PRE_COMP *EC_nistp256_pre_comp_dup(NISTP256_PRE_COMP *);
+NISTP521_PRE_COMP *EC_nistp521_pre_comp_dup(NISTP521_PRE_COMP *);
+NISTZ256_PRE_COMP *EC_nistz256_pre_comp_dup(NISTZ256_PRE_COMP *);
+NISTP256_PRE_COMP *EC_nistp256_pre_comp_dup(NISTP256_PRE_COMP *);
+EC_PRE_COMP *EC_ec_pre_comp_dup(EC_PRE_COMP *);
+
+void EC_pre_comp_free(EC_GROUP *group);
+void EC_nistp224_pre_comp_free(NISTP224_PRE_COMP *);
+void EC_nistp256_pre_comp_free(NISTP256_PRE_COMP *);
+void EC_nistp521_pre_comp_free(NISTP521_PRE_COMP *);
+void EC_nistz256_pre_comp_free(NISTZ256_PRE_COMP *);
+void EC_ec_pre_comp_free(EC_PRE_COMP *);
+
+/*
+ * method functions in ec_mult.c (ec_lib.c uses these as defaults if
+ * group->method->mul is 0)
+ */
+int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
+                size_t num, const EC_POINT *points[], const BIGNUM *scalars[],
+                BN_CTX *);
+int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *);
+int ec_wNAF_have_precompute_mult(const EC_GROUP *group);
+
+/* method functions in ecp_smpl.c */
+int ec_GFp_simple_group_init(EC_GROUP *);
+void ec_GFp_simple_group_finish(EC_GROUP *);
+void ec_GFp_simple_group_clear_finish(EC_GROUP *);
+int ec_GFp_simple_group_copy(EC_GROUP *, const EC_GROUP *);
+int ec_GFp_simple_group_set_curve(EC_GROUP *, const BIGNUM *p,
+                                  const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+int ec_GFp_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a,
+                                  BIGNUM *b, BN_CTX *);
+int ec_GFp_simple_group_get_degree(const EC_GROUP *);
+int ec_GFp_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *);
+int ec_GFp_simple_point_init(EC_POINT *);
+void ec_GFp_simple_point_finish(EC_POINT *);
+void ec_GFp_simple_point_clear_finish(EC_POINT *);
+int ec_GFp_simple_point_copy(EC_POINT *, const EC_POINT *);
+int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *);
+int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *,
+                                                  EC_POINT *, const BIGNUM *x,
+                                                  const BIGNUM *y,
+                                                  const BIGNUM *z, BN_CTX *);
+int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *,
+                                                  const EC_POINT *, BIGNUM *x,
+                                                  BIGNUM *y, BIGNUM *z,
+                                                  BN_CTX *);
+int ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *, EC_POINT *,
+                                               const BIGNUM *x,
+                                               const BIGNUM *y, BN_CTX *);
+int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *,
+                                               const EC_POINT *, BIGNUM *x,
+                                               BIGNUM *y, BN_CTX *);
+int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *, EC_POINT *,
+                                             const BIGNUM *x, int y_bit,
+                                             BN_CTX *);
+size_t ec_GFp_simple_point2oct(const EC_GROUP *, const EC_POINT *,
+                               point_conversion_form_t form,
+                               unsigned char *buf, size_t len, BN_CTX *);
+int ec_GFp_simple_oct2point(const EC_GROUP *, EC_POINT *,
+                            const unsigned char *buf, size_t len, BN_CTX *);
+int ec_GFp_simple_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a,
+                      const EC_POINT *b, BN_CTX *);
+int ec_GFp_simple_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a,
+                      BN_CTX *);
+int ec_GFp_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *);
+int ec_GFp_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *);
+int ec_GFp_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *);
+int ec_GFp_simple_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b,
+                      BN_CTX *);
+int ec_GFp_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);
+int ec_GFp_simple_points_make_affine(const EC_GROUP *, size_t num,
+                                     EC_POINT *[], BN_CTX *);
+int ec_GFp_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                            const BIGNUM *b, BN_CTX *);
+int ec_GFp_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                            BN_CTX *);
+int ec_GFp_simple_field_inv(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                            BN_CTX *);
+int ec_GFp_simple_blind_coordinates(const EC_GROUP *group, EC_POINT *p,
+                                    BN_CTX *ctx);
+int ec_GFp_simple_ladder_pre(const EC_GROUP *group,
+                             EC_POINT *r, EC_POINT *s,
+                             EC_POINT *p, BN_CTX *ctx);
+int ec_GFp_simple_ladder_step(const EC_GROUP *group,
+                              EC_POINT *r, EC_POINT *s,
+                              EC_POINT *p, BN_CTX *ctx);
+int ec_GFp_simple_ladder_post(const EC_GROUP *group,
+                              EC_POINT *r, EC_POINT *s,
+                              EC_POINT *p, BN_CTX *ctx);
+
+/* method functions in ecp_mont.c */
+int ec_GFp_mont_group_init(EC_GROUP *);
+int ec_GFp_mont_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a,
+                                const BIGNUM *b, BN_CTX *);
+void ec_GFp_mont_group_finish(EC_GROUP *);
+void ec_GFp_mont_group_clear_finish(EC_GROUP *);
+int ec_GFp_mont_group_copy(EC_GROUP *, const EC_GROUP *);
+int ec_GFp_mont_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                          const BIGNUM *b, BN_CTX *);
+int ec_GFp_mont_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                          BN_CTX *);
+int ec_GFp_mont_field_inv(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                          BN_CTX *);
+int ec_GFp_mont_field_encode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                             BN_CTX *);
+int ec_GFp_mont_field_decode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                             BN_CTX *);
+int ec_GFp_mont_field_set_to_one(const EC_GROUP *, BIGNUM *r, BN_CTX *);
+
+/* method functions in ecp_nist.c */
+int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src);
+int ec_GFp_nist_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a,
+                                const BIGNUM *b, BN_CTX *);
+int ec_GFp_nist_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                          const BIGNUM *b, BN_CTX *);
+int ec_GFp_nist_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                          BN_CTX *);
+
+/* method functions in ec2_smpl.c */
+int ec_GF2m_simple_group_init(EC_GROUP *);
+void ec_GF2m_simple_group_finish(EC_GROUP *);
+void ec_GF2m_simple_group_clear_finish(EC_GROUP *);
+int ec_GF2m_simple_group_copy(EC_GROUP *, const EC_GROUP *);
+int ec_GF2m_simple_group_set_curve(EC_GROUP *, const BIGNUM *p,
+                                   const BIGNUM *a, const BIGNUM *b,
+                                   BN_CTX *);
+int ec_GF2m_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a,
+                                   BIGNUM *b, BN_CTX *);
+int ec_GF2m_simple_group_get_degree(const EC_GROUP *);
+int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *);
+int ec_GF2m_simple_point_init(EC_POINT *);
+void ec_GF2m_simple_point_finish(EC_POINT *);
+void ec_GF2m_simple_point_clear_finish(EC_POINT *);
+int ec_GF2m_simple_point_copy(EC_POINT *, const EC_POINT *);
+int ec_GF2m_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *);
+int ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP *, EC_POINT *,
+                                                const BIGNUM *x,
+                                                const BIGNUM *y, BN_CTX *);
+int ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *,
+                                                const EC_POINT *, BIGNUM *x,
+                                                BIGNUM *y, BN_CTX *);
+int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *, EC_POINT *,
+                                              const BIGNUM *x, int y_bit,
+                                              BN_CTX *);
+size_t ec_GF2m_simple_point2oct(const EC_GROUP *, const EC_POINT *,
+                                point_conversion_form_t form,
+                                unsigned char *buf, size_t len, BN_CTX *);
+int ec_GF2m_simple_oct2point(const EC_GROUP *, EC_POINT *,
+                             const unsigned char *buf, size_t len, BN_CTX *);
+int ec_GF2m_simple_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a,
+                       const EC_POINT *b, BN_CTX *);
+int ec_GF2m_simple_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a,
+                       BN_CTX *);
+int ec_GF2m_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *);
+int ec_GF2m_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *);
+int ec_GF2m_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *);
+int ec_GF2m_simple_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b,
+                       BN_CTX *);
+int ec_GF2m_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);
+int ec_GF2m_simple_points_make_affine(const EC_GROUP *, size_t num,
+                                      EC_POINT *[], BN_CTX *);
+int ec_GF2m_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                             const BIGNUM *b, BN_CTX *);
+int ec_GF2m_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                             BN_CTX *);
+int ec_GF2m_simple_field_div(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                             const BIGNUM *b, BN_CTX *);
+
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+/* method functions in ecp_nistp224.c */
+int ec_GFp_nistp224_group_init(EC_GROUP *group);
+int ec_GFp_nistp224_group_set_curve(EC_GROUP *group, const BIGNUM *p,
+                                    const BIGNUM *a, const BIGNUM *n,
+                                    BN_CTX *);
+int ec_GFp_nistp224_point_get_affine_coordinates(const EC_GROUP *group,
+                                                 const EC_POINT *point,
+                                                 BIGNUM *x, BIGNUM *y,
+                                                 BN_CTX *ctx);
+int ec_GFp_nistp224_mul(const EC_GROUP *group, EC_POINT *r,
+                        const BIGNUM *scalar, size_t num,
+                        const EC_POINT *points[], const BIGNUM *scalars[],
+                        BN_CTX *);
+int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r,
+                               const BIGNUM *scalar, size_t num,
+                               const EC_POINT *points[],
+                               const BIGNUM *scalars[], BN_CTX *ctx);
+int ec_GFp_nistp224_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
+int ec_GFp_nistp224_have_precompute_mult(const EC_GROUP *group);
+
+/* method functions in ecp_nistp256.c */
+int ec_GFp_nistp256_group_init(EC_GROUP *group);
+int ec_GFp_nistp256_group_set_curve(EC_GROUP *group, const BIGNUM *p,
+                                    const BIGNUM *a, const BIGNUM *n,
+                                    BN_CTX *);
+int ec_GFp_nistp256_point_get_affine_coordinates(const EC_GROUP *group,
+                                                 const EC_POINT *point,
+                                                 BIGNUM *x, BIGNUM *y,
+                                                 BN_CTX *ctx);
+int ec_GFp_nistp256_mul(const EC_GROUP *group, EC_POINT *r,
+                        const BIGNUM *scalar, size_t num,
+                        const EC_POINT *points[], const BIGNUM *scalars[],
+                        BN_CTX *);
+int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r,
+                               const BIGNUM *scalar, size_t num,
+                               const EC_POINT *points[],
+                               const BIGNUM *scalars[], BN_CTX *ctx);
+int ec_GFp_nistp256_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
+int ec_GFp_nistp256_have_precompute_mult(const EC_GROUP *group);
+
+/* method functions in ecp_nistp521.c */
+int ec_GFp_nistp521_group_init(EC_GROUP *group);
+int ec_GFp_nistp521_group_set_curve(EC_GROUP *group, const BIGNUM *p,
+                                    const BIGNUM *a, const BIGNUM *n,
+                                    BN_CTX *);
+int ec_GFp_nistp521_point_get_affine_coordinates(const EC_GROUP *group,
+                                                 const EC_POINT *point,
+                                                 BIGNUM *x, BIGNUM *y,
+                                                 BN_CTX *ctx);
+int ec_GFp_nistp521_mul(const EC_GROUP *group, EC_POINT *r,
+                        const BIGNUM *scalar, size_t num,
+                        const EC_POINT *points[], const BIGNUM *scalars[],
+                        BN_CTX *);
+int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r,
+                               const BIGNUM *scalar, size_t num,
+                               const EC_POINT *points[],
+                               const BIGNUM *scalars[], BN_CTX *ctx);
+int ec_GFp_nistp521_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
+int ec_GFp_nistp521_have_precompute_mult(const EC_GROUP *group);
+
+/* utility functions in ecp_nistputil.c */
+void ec_GFp_nistp_points_make_affine_internal(size_t num, void *point_array,
+                                              size_t felem_size,
+                                              void *tmp_felems,
+                                              void (*felem_one) (void *out),
+                                              int (*felem_is_zero) (const void
+                                                                    *in),
+                                              void (*felem_assign) (void *out,
+                                                                    const void
+                                                                    *in),
+                                              void (*felem_square) (void *out,
+                                                                    const void
+                                                                    *in),
+                                              void (*felem_mul) (void *out,
+                                                                 const void
+                                                                 *in1,
+                                                                 const void
+                                                                 *in2),
+                                              void (*felem_inv) (void *out,
+                                                                 const void
+                                                                 *in),
+                                              void (*felem_contract) (void
+                                                                      *out,
+                                                                      const
+                                                                      void
+                                                                      *in));
+void ec_GFp_nistp_recode_scalar_bits(unsigned char *sign,
+                                     unsigned char *digit, unsigned char in);
+#endif
+int ec_group_simple_order_bits(const EC_GROUP *group);
+
+#ifdef ECP_NISTZ256_ASM
+/** Returns GFp methods using montgomery multiplication, with x86-64 optimized
+ * P256. See http://eprint.iacr.org/2013/816.
+ *  \return  EC_METHOD object
+ */
+const EC_METHOD *EC_GFp_nistz256_method(void);
+#endif
+
+size_t ec_key_simple_priv2oct(const EC_KEY *eckey,
+                              unsigned char *buf, size_t len);
+int ec_key_simple_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len);
+int ec_key_simple_generate_key(EC_KEY *eckey);
+int ec_key_simple_generate_public_key(EC_KEY *eckey);
+int ec_key_simple_check_key(const EC_KEY *eckey);
+
+/* EC_METHOD definitions */
+
+struct ec_key_method_st {
+    const char *name;
+    int32_t flags;
+    int (*init)(EC_KEY *key);
+    void (*finish)(EC_KEY *key);
+    int (*copy)(EC_KEY *dest, const EC_KEY *src);
+    int (*set_group)(EC_KEY *key, const EC_GROUP *grp);
+    int (*set_private)(EC_KEY *key, const BIGNUM *priv_key);
+    int (*set_public)(EC_KEY *key, const EC_POINT *pub_key);
+    int (*keygen)(EC_KEY *key);
+    int (*compute_key)(unsigned char **pout, size_t *poutlen,
+                       const EC_POINT *pub_key, const EC_KEY *ecdh);
+    int (*sign)(int type, const unsigned char *dgst, int dlen, unsigned char
+                *sig, unsigned int *siglen, const BIGNUM *kinv,
+                const BIGNUM *r, EC_KEY *eckey);
+    int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
+                      BIGNUM **rp);
+    ECDSA_SIG *(*sign_sig)(const unsigned char *dgst, int dgst_len,
+                           const BIGNUM *in_kinv, const BIGNUM *in_r,
+                           EC_KEY *eckey);
+
+    int (*verify)(int type, const unsigned char *dgst, int dgst_len,
+                  const unsigned char *sigbuf, int sig_len, EC_KEY *eckey);
+    int (*verify_sig)(const unsigned char *dgst, int dgst_len,
+                      const ECDSA_SIG *sig, EC_KEY *eckey);
+};
+
+#define EC_KEY_METHOD_DYNAMIC   1
+
+int ossl_ec_key_gen(EC_KEY *eckey);
+int ossl_ecdh_compute_key(unsigned char **pout, size_t *poutlen,
+                          const EC_POINT *pub_key, const EC_KEY *ecdh);
+int ecdh_simple_compute_key(unsigned char **pout, size_t *poutlen,
+                            const EC_POINT *pub_key, const EC_KEY *ecdh);
+
+struct ECDSA_SIG_st {
+    BIGNUM *r;
+    BIGNUM *s;
+};
+
+int ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
+                          BIGNUM **rp);
+int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen,
+                    unsigned char *sig, unsigned int *siglen,
+                    const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey);
+ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
+                               const BIGNUM *in_kinv, const BIGNUM *in_r,
+                               EC_KEY *eckey);
+int ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len,
+                      const unsigned char *sigbuf, int sig_len, EC_KEY *eckey);
+int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
+                          const ECDSA_SIG *sig, EC_KEY *eckey);
+
+int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len,
+                 const uint8_t public_key[32], const uint8_t private_key[32]);
+int ED25519_verify(const uint8_t *message, size_t message_len,
+                   const uint8_t signature[64], const uint8_t public_key[32]);
+void ED25519_public_from_private(uint8_t out_public_key[32],
+                                 const uint8_t private_key[32]);
+
+int X25519(uint8_t out_shared_key[32], const uint8_t private_key[32],
+           const uint8_t peer_public_value[32]);
+void X25519_public_from_private(uint8_t out_public_value[32],
+                                const uint8_t private_key[32]);
+
+/*-
+ * This functions computes a single point multiplication over the EC group,
+ * using, at a high level, a Montgomery ladder with conditional swaps, with
+ * various timing attack defenses.
+ *
+ * It performs either a fixed point multiplication
+ *          (scalar * generator)
+ * when point is NULL, or a variable point multiplication
+ *          (scalar * point)
+ * when point is not NULL.
+ *
+ * `scalar` cannot be NULL and should be in the range [0,n) otherwise all
+ * constant time bets are off (where n is the cardinality of the EC group).
+ *
+ * This function expects `group->order` and `group->cardinality` to be well
+ * defined and non-zero: it fails with an error code otherwise.
+ *
+ * NB: This says nothing about the constant-timeness of the ladder step
+ * implementation (i.e., the default implementation is based on EC_POINT_add and
+ * EC_POINT_dbl, which of course are not constant time themselves) or the
+ * underlying multiprecision arithmetic.
+ *
+ * The product is stored in `r`.
+ *
+ * This is an internal function: callers are in charge of ensuring that the
+ * input parameters `group`, `r`, `scalar` and `ctx` are not NULL.
+ *
+ * Returns 1 on success, 0 otherwise.
+ */
+int ec_scalar_mul_ladder(const EC_GROUP *group, EC_POINT *r,
+                         const BIGNUM *scalar, const EC_POINT *point,
+                         BN_CTX *ctx);
+
+int ec_point_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx);
+
+static ossl_inline int ec_point_ladder_pre(const EC_GROUP *group,
+                                           EC_POINT *r, EC_POINT *s,
+                                           EC_POINT *p, BN_CTX *ctx)
+{
+    if (group->meth->ladder_pre != NULL)
+        return group->meth->ladder_pre(group, r, s, p, ctx);
+
+    if (!EC_POINT_copy(s, p)
+        || !EC_POINT_dbl(group, r, s, ctx))
+        return 0;
+
+    return 1;
+}
+
+static ossl_inline int ec_point_ladder_step(const EC_GROUP *group,
+                                            EC_POINT *r, EC_POINT *s,
+                                            EC_POINT *p, BN_CTX *ctx)
+{
+    if (group->meth->ladder_step != NULL)
+        return group->meth->ladder_step(group, r, s, p, ctx);
+
+    if (!EC_POINT_add(group, s, r, s, ctx)
+        || !EC_POINT_dbl(group, r, r, ctx))
+        return 0;
+
+    return 1;
+
+}
+
+static ossl_inline int ec_point_ladder_post(const EC_GROUP *group,
+                                            EC_POINT *r, EC_POINT *s,
+                                            EC_POINT *p, BN_CTX *ctx)
+{
+    if (group->meth->ladder_post != NULL)
+        return group->meth->ladder_post(group, r, s, p, ctx);
+
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_lib.c
new file mode 100644
index 000000000..b89e3979d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_lib.c
@@ -0,0 +1,1121 @@
+/*
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+
+#include <openssl/err.h>
+#include <openssl/opensslv.h>
+
+#include "ec_lcl.h"
+
+/* functions for EC_GROUP objects */
+
+EC_GROUP *EC_GROUP_new(const EC_METHOD *meth)
+{
+    EC_GROUP *ret;
+
+    if (meth == NULL) {
+        ECerr(EC_F_EC_GROUP_NEW, EC_R_SLOT_FULL);
+        return NULL;
+    }
+    if (meth->group_init == 0) {
+        ECerr(EC_F_EC_GROUP_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return NULL;
+    }
+
+    ret = OPENSSL_zalloc(sizeof(*ret));
+    if (ret == NULL) {
+        ECerr(EC_F_EC_GROUP_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ret->meth = meth;
+    if ((ret->meth->flags & EC_FLAGS_CUSTOM_CURVE) == 0) {
+        ret->order = BN_new();
+        if (ret->order == NULL)
+            goto err;
+        ret->cofactor = BN_new();
+        if (ret->cofactor == NULL)
+            goto err;
+    }
+    ret->asn1_flag = OPENSSL_EC_NAMED_CURVE;
+    ret->asn1_form = POINT_CONVERSION_UNCOMPRESSED;
+    if (!meth->group_init(ret))
+        goto err;
+    return ret;
+
+ err:
+    BN_free(ret->order);
+    BN_free(ret->cofactor);
+    OPENSSL_free(ret);
+    return NULL;
+}
+
+void EC_pre_comp_free(EC_GROUP *group)
+{
+    switch (group->pre_comp_type) {
+    case PCT_none:
+        break;
+    case PCT_nistz256:
+#ifdef ECP_NISTZ256_ASM
+        EC_nistz256_pre_comp_free(group->pre_comp.nistz256);
+#endif
+        break;
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+    case PCT_nistp224:
+        EC_nistp224_pre_comp_free(group->pre_comp.nistp224);
+        break;
+    case PCT_nistp256:
+        EC_nistp256_pre_comp_free(group->pre_comp.nistp256);
+        break;
+    case PCT_nistp521:
+        EC_nistp521_pre_comp_free(group->pre_comp.nistp521);
+        break;
+#else
+    case PCT_nistp224:
+    case PCT_nistp256:
+    case PCT_nistp521:
+        break;
+#endif
+    case PCT_ec:
+        EC_ec_pre_comp_free(group->pre_comp.ec);
+        break;
+    }
+    group->pre_comp.ec = NULL;
+}
+
+void EC_GROUP_free(EC_GROUP *group)
+{
+    if (!group)
+        return;
+
+    if (group->meth->group_finish != 0)
+        group->meth->group_finish(group);
+
+    EC_pre_comp_free(group);
+    BN_MONT_CTX_free(group->mont_data);
+    EC_POINT_free(group->generator);
+    BN_free(group->order);
+    BN_free(group->cofactor);
+    OPENSSL_free(group->seed);
+    OPENSSL_free(group);
+}
+
+void EC_GROUP_clear_free(EC_GROUP *group)
+{
+    if (!group)
+        return;
+
+    if (group->meth->group_clear_finish != 0)
+        group->meth->group_clear_finish(group);
+    else if (group->meth->group_finish != 0)
+        group->meth->group_finish(group);
+
+    EC_pre_comp_free(group);
+    BN_MONT_CTX_free(group->mont_data);
+    EC_POINT_clear_free(group->generator);
+    BN_clear_free(group->order);
+    BN_clear_free(group->cofactor);
+    OPENSSL_clear_free(group->seed, group->seed_len);
+    OPENSSL_clear_free(group, sizeof(*group));
+}
+
+int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src)
+{
+    if (dest->meth->group_copy == 0) {
+        ECerr(EC_F_EC_GROUP_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (dest->meth != src->meth) {
+        ECerr(EC_F_EC_GROUP_COPY, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    if (dest == src)
+        return 1;
+
+    dest->curve_name = src->curve_name;
+
+    /* Copy precomputed */
+    dest->pre_comp_type = src->pre_comp_type;
+    switch (src->pre_comp_type) {
+    case PCT_none:
+        dest->pre_comp.ec = NULL;
+        break;
+    case PCT_nistz256:
+#ifdef ECP_NISTZ256_ASM
+        dest->pre_comp.nistz256 = EC_nistz256_pre_comp_dup(src->pre_comp.nistz256);
+#endif
+        break;
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+    case PCT_nistp224:
+        dest->pre_comp.nistp224 = EC_nistp224_pre_comp_dup(src->pre_comp.nistp224);
+        break;
+    case PCT_nistp256:
+        dest->pre_comp.nistp256 = EC_nistp256_pre_comp_dup(src->pre_comp.nistp256);
+        break;
+    case PCT_nistp521:
+        dest->pre_comp.nistp521 = EC_nistp521_pre_comp_dup(src->pre_comp.nistp521);
+        break;
+#else
+    case PCT_nistp224:
+    case PCT_nistp256:
+    case PCT_nistp521:
+        break;
+#endif
+    case PCT_ec:
+        dest->pre_comp.ec = EC_ec_pre_comp_dup(src->pre_comp.ec);
+        break;
+    }
+
+    if (src->mont_data != NULL) {
+        if (dest->mont_data == NULL) {
+            dest->mont_data = BN_MONT_CTX_new();
+            if (dest->mont_data == NULL)
+                return 0;
+        }
+        if (!BN_MONT_CTX_copy(dest->mont_data, src->mont_data))
+            return 0;
+    } else {
+        /* src->generator == NULL */
+        BN_MONT_CTX_free(dest->mont_data);
+        dest->mont_data = NULL;
+    }
+
+    if (src->generator != NULL) {
+        if (dest->generator == NULL) {
+            dest->generator = EC_POINT_new(dest);
+            if (dest->generator == NULL)
+                return 0;
+        }
+        if (!EC_POINT_copy(dest->generator, src->generator))
+            return 0;
+    } else {
+        /* src->generator == NULL */
+        EC_POINT_clear_free(dest->generator);
+        dest->generator = NULL;
+    }
+
+    if ((src->meth->flags & EC_FLAGS_CUSTOM_CURVE) == 0) {
+        if (!BN_copy(dest->order, src->order))
+            return 0;
+        if (!BN_copy(dest->cofactor, src->cofactor))
+            return 0;
+    }
+
+    dest->asn1_flag = src->asn1_flag;
+    dest->asn1_form = src->asn1_form;
+
+    if (src->seed) {
+        OPENSSL_free(dest->seed);
+        if ((dest->seed = OPENSSL_malloc(src->seed_len)) == NULL) {
+            ECerr(EC_F_EC_GROUP_COPY, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        if (!memcpy(dest->seed, src->seed, src->seed_len))
+            return 0;
+        dest->seed_len = src->seed_len;
+    } else {
+        OPENSSL_free(dest->seed);
+        dest->seed = NULL;
+        dest->seed_len = 0;
+    }
+
+    return dest->meth->group_copy(dest, src);
+}
+
+EC_GROUP *EC_GROUP_dup(const EC_GROUP *a)
+{
+    EC_GROUP *t = NULL;
+    int ok = 0;
+
+    if (a == NULL)
+        return NULL;
+
+    if ((t = EC_GROUP_new(a->meth)) == NULL)
+        return NULL;
+    if (!EC_GROUP_copy(t, a))
+        goto err;
+
+    ok = 1;
+
+ err:
+    if (!ok) {
+        EC_GROUP_free(t);
+        return NULL;
+    }
+        return t;
+}
+
+const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group)
+{
+    return group->meth;
+}
+
+int EC_METHOD_get_field_type(const EC_METHOD *meth)
+{
+    return meth->field_type;
+}
+
+static int ec_precompute_mont_data(EC_GROUP *);
+
+int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,
+                           const BIGNUM *order, const BIGNUM *cofactor)
+{
+    if (generator == NULL) {
+        ECerr(EC_F_EC_GROUP_SET_GENERATOR, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
+    if (group->generator == NULL) {
+        group->generator = EC_POINT_new(group);
+        if (group->generator == NULL)
+            return 0;
+    }
+    if (!EC_POINT_copy(group->generator, generator))
+        return 0;
+
+    if (order != NULL) {
+        if (!BN_copy(group->order, order))
+            return 0;
+    } else
+        BN_zero(group->order);
+
+    if (cofactor != NULL) {
+        if (!BN_copy(group->cofactor, cofactor))
+            return 0;
+    } else
+        BN_zero(group->cofactor);
+
+    /*
+     * Some groups have an order with
+     * factors of two, which makes the Montgomery setup fail.
+     * |group->mont_data| will be NULL in this case.
+     */
+    if (BN_is_odd(group->order)) {
+        return ec_precompute_mont_data(group);
+    }
+
+    BN_MONT_CTX_free(group->mont_data);
+    group->mont_data = NULL;
+    return 1;
+}
+
+const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group)
+{
+    return group->generator;
+}
+
+BN_MONT_CTX *EC_GROUP_get_mont_data(const EC_GROUP *group)
+{
+    return group->mont_data;
+}
+
+int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx)
+{
+    if (group->order == NULL)
+        return 0;
+    if (!BN_copy(order, group->order))
+        return 0;
+
+    return !BN_is_zero(order);
+}
+
+const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group)
+{
+    return group->order;
+}
+
+int EC_GROUP_order_bits(const EC_GROUP *group)
+{
+    return group->meth->group_order_bits(group);
+}
+
+int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor,
+                          BN_CTX *ctx)
+{
+
+    if (group->cofactor == NULL)
+        return 0;
+    if (!BN_copy(cofactor, group->cofactor))
+        return 0;
+
+    return !BN_is_zero(group->cofactor);
+}
+
+const BIGNUM *EC_GROUP_get0_cofactor(const EC_GROUP *group)
+{
+    return group->cofactor;
+}
+
+void EC_GROUP_set_curve_name(EC_GROUP *group, int nid)
+{
+    group->curve_name = nid;
+}
+
+int EC_GROUP_get_curve_name(const EC_GROUP *group)
+{
+    return group->curve_name;
+}
+
+void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag)
+{
+    group->asn1_flag = flag;
+}
+
+int EC_GROUP_get_asn1_flag(const EC_GROUP *group)
+{
+    return group->asn1_flag;
+}
+
+void EC_GROUP_set_point_conversion_form(EC_GROUP *group,
+                                        point_conversion_form_t form)
+{
+    group->asn1_form = form;
+}
+
+point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP
+                                                           *group)
+{
+    return group->asn1_form;
+}
+
+size_t EC_GROUP_set_seed(EC_GROUP *group, const unsigned char *p, size_t len)
+{
+    OPENSSL_free(group->seed);
+    group->seed = NULL;
+    group->seed_len = 0;
+
+    if (!len || !p)
+        return 1;
+
+    if ((group->seed = OPENSSL_malloc(len)) == NULL) {
+        ECerr(EC_F_EC_GROUP_SET_SEED, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    memcpy(group->seed, p, len);
+    group->seed_len = len;
+
+    return len;
+}
+
+unsigned char *EC_GROUP_get0_seed(const EC_GROUP *group)
+{
+    return group->seed;
+}
+
+size_t EC_GROUP_get_seed_len(const EC_GROUP *group)
+{
+    return group->seed_len;
+}
+
+int EC_GROUP_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
+                       const BIGNUM *b, BN_CTX *ctx)
+{
+    if (group->meth->group_set_curve == 0) {
+        ECerr(EC_F_EC_GROUP_SET_CURVE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    return group->meth->group_set_curve(group, p, a, b, ctx);
+}
+
+int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b,
+                       BN_CTX *ctx)
+{
+    if (group->meth->group_get_curve == NULL) {
+        ECerr(EC_F_EC_GROUP_GET_CURVE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    return group->meth->group_get_curve(group, p, a, b, ctx);
+}
+
+#if OPENSSL_API_COMPAT < 0x10200000L
+int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
+                           const BIGNUM *b, BN_CTX *ctx)
+{
+    return EC_GROUP_set_curve(group, p, a, b, ctx);
+}
+
+int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a,
+                           BIGNUM *b, BN_CTX *ctx)
+{
+    return EC_GROUP_get_curve(group, p, a, b, ctx);
+}
+
+# ifndef OPENSSL_NO_EC2M
+int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
+                            const BIGNUM *b, BN_CTX *ctx)
+{
+    return EC_GROUP_set_curve(group, p, a, b, ctx);
+}
+
+int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a,
+                            BIGNUM *b, BN_CTX *ctx)
+{
+    return EC_GROUP_get_curve(group, p, a, b, ctx);
+}
+# endif
+#endif
+
+int EC_GROUP_get_degree(const EC_GROUP *group)
+{
+    if (group->meth->group_get_degree == 0) {
+        ECerr(EC_F_EC_GROUP_GET_DEGREE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    return group->meth->group_get_degree(group);
+}
+
+int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx)
+{
+    if (group->meth->group_check_discriminant == 0) {
+        ECerr(EC_F_EC_GROUP_CHECK_DISCRIMINANT,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    return group->meth->group_check_discriminant(group, ctx);
+}
+
+int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx)
+{
+    int r = 0;
+    BIGNUM *a1, *a2, *a3, *b1, *b2, *b3;
+    BN_CTX *ctx_new = NULL;
+
+    /* compare the field types */
+    if (EC_METHOD_get_field_type(EC_GROUP_method_of(a)) !=
+        EC_METHOD_get_field_type(EC_GROUP_method_of(b)))
+        return 1;
+    /* compare the curve name (if present in both) */
+    if (EC_GROUP_get_curve_name(a) && EC_GROUP_get_curve_name(b) &&
+        EC_GROUP_get_curve_name(a) != EC_GROUP_get_curve_name(b))
+        return 1;
+    if (a->meth->flags & EC_FLAGS_CUSTOM_CURVE)
+        return 0;
+
+    if (ctx == NULL)
+        ctx_new = ctx = BN_CTX_new();
+    if (ctx == NULL)
+        return -1;
+
+    BN_CTX_start(ctx);
+    a1 = BN_CTX_get(ctx);
+    a2 = BN_CTX_get(ctx);
+    a3 = BN_CTX_get(ctx);
+    b1 = BN_CTX_get(ctx);
+    b2 = BN_CTX_get(ctx);
+    b3 = BN_CTX_get(ctx);
+    if (b3 == NULL) {
+        BN_CTX_end(ctx);
+        BN_CTX_free(ctx_new);
+        return -1;
+    }
+
+    /*
+     * XXX This approach assumes that the external representation of curves
+     * over the same field type is the same.
+     */
+    if (!a->meth->group_get_curve(a, a1, a2, a3, ctx) ||
+        !b->meth->group_get_curve(b, b1, b2, b3, ctx))
+        r = 1;
+
+    if (r || BN_cmp(a1, b1) || BN_cmp(a2, b2) || BN_cmp(a3, b3))
+        r = 1;
+
+    /* XXX EC_POINT_cmp() assumes that the methods are equal */
+    if (r || EC_POINT_cmp(a, EC_GROUP_get0_generator(a),
+                          EC_GROUP_get0_generator(b), ctx))
+        r = 1;
+
+    if (!r) {
+        const BIGNUM *ao, *bo, *ac, *bc;
+        /* compare the order and cofactor */
+        ao = EC_GROUP_get0_order(a);
+        bo = EC_GROUP_get0_order(b);
+        ac = EC_GROUP_get0_cofactor(a);
+        bc = EC_GROUP_get0_cofactor(b);
+        if (ao == NULL || bo == NULL) {
+            BN_CTX_end(ctx);
+            BN_CTX_free(ctx_new);
+            return -1;
+        }
+        if (BN_cmp(ao, bo) || BN_cmp(ac, bc))
+            r = 1;
+    }
+
+    BN_CTX_end(ctx);
+    BN_CTX_free(ctx_new);
+
+    return r;
+}
+
+/* functions for EC_POINT objects */
+
+EC_POINT *EC_POINT_new(const EC_GROUP *group)
+{
+    EC_POINT *ret;
+
+    if (group == NULL) {
+        ECerr(EC_F_EC_POINT_NEW, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+    if (group->meth->point_init == NULL) {
+        ECerr(EC_F_EC_POINT_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return NULL;
+    }
+
+    ret = OPENSSL_zalloc(sizeof(*ret));
+    if (ret == NULL) {
+        ECerr(EC_F_EC_POINT_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ret->meth = group->meth;
+    ret->curve_name = group->curve_name;
+
+    if (!ret->meth->point_init(ret)) {
+        OPENSSL_free(ret);
+        return NULL;
+    }
+
+    return ret;
+}
+
+void EC_POINT_free(EC_POINT *point)
+{
+    if (!point)
+        return;
+
+    if (point->meth->point_finish != 0)
+        point->meth->point_finish(point);
+    OPENSSL_free(point);
+}
+
+void EC_POINT_clear_free(EC_POINT *point)
+{
+    if (!point)
+        return;
+
+    if (point->meth->point_clear_finish != 0)
+        point->meth->point_clear_finish(point);
+    else if (point->meth->point_finish != 0)
+        point->meth->point_finish(point);
+    OPENSSL_clear_free(point, sizeof(*point));
+}
+
+int EC_POINT_copy(EC_POINT *dest, const EC_POINT *src)
+{
+    if (dest->meth->point_copy == 0) {
+        ECerr(EC_F_EC_POINT_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (dest->meth != src->meth
+            || (dest->curve_name != src->curve_name
+                && dest->curve_name != 0
+                && src->curve_name != 0)) {
+        ECerr(EC_F_EC_POINT_COPY, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    if (dest == src)
+        return 1;
+    return dest->meth->point_copy(dest, src);
+}
+
+EC_POINT *EC_POINT_dup(const EC_POINT *a, const EC_GROUP *group)
+{
+    EC_POINT *t;
+    int r;
+
+    if (a == NULL)
+        return NULL;
+
+    t = EC_POINT_new(group);
+    if (t == NULL)
+        return NULL;
+    r = EC_POINT_copy(t, a);
+    if (!r) {
+        EC_POINT_free(t);
+        return NULL;
+    }
+    return t;
+}
+
+const EC_METHOD *EC_POINT_method_of(const EC_POINT *point)
+{
+    return point->meth;
+}
+
+int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point)
+{
+    if (group->meth->point_set_to_infinity == 0) {
+        ECerr(EC_F_EC_POINT_SET_TO_INFINITY,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (group->meth != point->meth) {
+        ECerr(EC_F_EC_POINT_SET_TO_INFINITY, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    return group->meth->point_set_to_infinity(group, point);
+}
+
+int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group,
+                                             EC_POINT *point, const BIGNUM *x,
+                                             const BIGNUM *y, const BIGNUM *z,
+                                             BN_CTX *ctx)
+{
+    if (group->meth->point_set_Jprojective_coordinates_GFp == 0) {
+        ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (!ec_point_is_compat(point, group)) {
+        ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP,
+              EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    return group->meth->point_set_Jprojective_coordinates_GFp(group, point, x,
+                                                              y, z, ctx);
+}
+
+int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
+                                             const EC_POINT *point, BIGNUM *x,
+                                             BIGNUM *y, BIGNUM *z,
+                                             BN_CTX *ctx)
+{
+    if (group->meth->point_get_Jprojective_coordinates_GFp == 0) {
+        ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (!ec_point_is_compat(point, group)) {
+        ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP,
+              EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    return group->meth->point_get_Jprojective_coordinates_GFp(group, point, x,
+                                                              y, z, ctx);
+}
+
+int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *point,
+                                    const BIGNUM *x, const BIGNUM *y,
+                                    BN_CTX *ctx)
+{
+    if (group->meth->point_set_affine_coordinates == NULL) {
+        ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (!ec_point_is_compat(point, group)) {
+        ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    if (!group->meth->point_set_affine_coordinates(group, point, x, y, ctx))
+        return 0;
+
+    if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
+        ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES, EC_R_POINT_IS_NOT_ON_CURVE);
+        return 0;
+    }
+    return 1;
+}
+
+#if OPENSSL_API_COMPAT < 0x10200000L
+int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group,
+                                        EC_POINT *point, const BIGNUM *x,
+                                        const BIGNUM *y, BN_CTX *ctx)
+{
+    return EC_POINT_set_affine_coordinates(group, point, x, y, ctx);
+}
+
+# ifndef OPENSSL_NO_EC2M
+int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group,
+                                         EC_POINT *point, const BIGNUM *x,
+                                         const BIGNUM *y, BN_CTX *ctx)
+{
+    return EC_POINT_set_affine_coordinates(group, point, x, y, ctx);
+}
+# endif
+#endif
+
+int EC_POINT_get_affine_coordinates(const EC_GROUP *group,
+                                    const EC_POINT *point, BIGNUM *x, BIGNUM *y,
+                                    BN_CTX *ctx)
+{
+    if (group->meth->point_get_affine_coordinates == NULL) {
+        ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (!ec_point_is_compat(point, group)) {
+        ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    if (EC_POINT_is_at_infinity(group, point)) {
+        ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES, EC_R_POINT_AT_INFINITY);
+        return 0;
+    }
+    return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);
+}
+
+#if OPENSSL_API_COMPAT < 0x10200000L
+int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
+                                        const EC_POINT *point, BIGNUM *x,
+                                        BIGNUM *y, BN_CTX *ctx)
+{
+    return EC_POINT_get_affine_coordinates(group, point, x, y, ctx);
+}
+
+# ifndef OPENSSL_NO_EC2M
+int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group,
+                                         const EC_POINT *point, BIGNUM *x,
+                                         BIGNUM *y, BN_CTX *ctx)
+{
+    return EC_POINT_get_affine_coordinates(group, point, x, y, ctx);
+}
+# endif
+#endif
+
+int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
+                 const EC_POINT *b, BN_CTX *ctx)
+{
+    if (group->meth->add == 0) {
+        ECerr(EC_F_EC_POINT_ADD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (!ec_point_is_compat(r, group) || !ec_point_is_compat(a, group)
+        || !ec_point_is_compat(b, group)) {
+        ECerr(EC_F_EC_POINT_ADD, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    return group->meth->add(group, r, a, b, ctx);
+}
+
+int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
+                 BN_CTX *ctx)
+{
+    if (group->meth->dbl == 0) {
+        ECerr(EC_F_EC_POINT_DBL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (!ec_point_is_compat(r, group) || !ec_point_is_compat(a, group)) {
+        ECerr(EC_F_EC_POINT_DBL, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    return group->meth->dbl(group, r, a, ctx);
+}
+
+int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx)
+{
+    if (group->meth->invert == 0) {
+        ECerr(EC_F_EC_POINT_INVERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (!ec_point_is_compat(a, group)) {
+        ECerr(EC_F_EC_POINT_INVERT, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    return group->meth->invert(group, a, ctx);
+}
+
+int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
+{
+    if (group->meth->is_at_infinity == 0) {
+        ECerr(EC_F_EC_POINT_IS_AT_INFINITY,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (!ec_point_is_compat(point, group)) {
+        ECerr(EC_F_EC_POINT_IS_AT_INFINITY, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    return group->meth->is_at_infinity(group, point);
+}
+
+/*
+ * Check whether an EC_POINT is on the curve or not. Note that the return
+ * value for this function should NOT be treated as a boolean. Return values:
+ *  1: The point is on the curve
+ *  0: The point is not on the curve
+ * -1: An error occurred
+ */
+int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
+                         BN_CTX *ctx)
+{
+    if (group->meth->is_on_curve == 0) {
+        ECerr(EC_F_EC_POINT_IS_ON_CURVE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (!ec_point_is_compat(point, group)) {
+        ECerr(EC_F_EC_POINT_IS_ON_CURVE, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    return group->meth->is_on_curve(group, point, ctx);
+}
+
+int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b,
+                 BN_CTX *ctx)
+{
+    if (group->meth->point_cmp == 0) {
+        ECerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return -1;
+    }
+    if (!ec_point_is_compat(a, group) || !ec_point_is_compat(b, group)) {
+        ECerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS);
+        return -1;
+    }
+    return group->meth->point_cmp(group, a, b, ctx);
+}
+
+int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
+{
+    if (group->meth->make_affine == 0) {
+        ECerr(EC_F_EC_POINT_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (!ec_point_is_compat(point, group)) {
+        ECerr(EC_F_EC_POINT_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    return group->meth->make_affine(group, point, ctx);
+}
+
+int EC_POINTs_make_affine(const EC_GROUP *group, size_t num,
+                          EC_POINT *points[], BN_CTX *ctx)
+{
+    size_t i;
+
+    if (group->meth->points_make_affine == 0) {
+        ECerr(EC_F_EC_POINTS_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    for (i = 0; i < num; i++) {
+        if (!ec_point_is_compat(points[i], group)) {
+            ECerr(EC_F_EC_POINTS_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS);
+            return 0;
+        }
+    }
+    return group->meth->points_make_affine(group, num, points, ctx);
+}
+
+/*
+ * Functions for point multiplication. If group->meth->mul is 0, we use the
+ * wNAF-based implementations in ec_mult.c; otherwise we dispatch through
+ * methods.
+ */
+
+int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
+                  size_t num, const EC_POINT *points[],
+                  const BIGNUM *scalars[], BN_CTX *ctx)
+{
+    int ret = 0;
+    size_t i = 0;
+    BN_CTX *new_ctx = NULL;
+
+    if ((scalar == NULL) && (num == 0)) {
+        return EC_POINT_set_to_infinity(group, r);
+    }
+
+    if (!ec_point_is_compat(r, group)) {
+        ECerr(EC_F_EC_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    for (i = 0; i < num; i++) {
+        if (!ec_point_is_compat(points[i], group)) {
+            ECerr(EC_F_EC_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS);
+            return 0;
+        }
+    }
+
+    if (ctx == NULL && (ctx = new_ctx = BN_CTX_secure_new()) == NULL) {
+        ECerr(EC_F_EC_POINTS_MUL, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    if (group->meth->mul != NULL)
+        ret = group->meth->mul(group, r, scalar, num, points, scalars, ctx);
+    else
+        /* use default */
+        ret = ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx);
+
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar,
+                 const EC_POINT *point, const BIGNUM *p_scalar, BN_CTX *ctx)
+{
+    /* just a convenient interface to EC_POINTs_mul() */
+
+    const EC_POINT *points[1];
+    const BIGNUM *scalars[1];
+
+    points[0] = point;
+    scalars[0] = p_scalar;
+
+    return EC_POINTs_mul(group, r, g_scalar,
+                         (point != NULL
+                          && p_scalar != NULL), points, scalars, ctx);
+}
+
+int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
+{
+    if (group->meth->mul == 0)
+        /* use default */
+        return ec_wNAF_precompute_mult(group, ctx);
+
+    if (group->meth->precompute_mult != 0)
+        return group->meth->precompute_mult(group, ctx);
+    else
+        return 1;               /* nothing to do, so report success */
+}
+
+int EC_GROUP_have_precompute_mult(const EC_GROUP *group)
+{
+    if (group->meth->mul == 0)
+        /* use default */
+        return ec_wNAF_have_precompute_mult(group);
+
+    if (group->meth->have_precompute_mult != 0)
+        return group->meth->have_precompute_mult(group);
+    else
+        return 0;               /* cannot tell whether precomputation has
+                                 * been performed */
+}
+
+/*
+ * ec_precompute_mont_data sets |group->mont_data| from |group->order| and
+ * returns one on success. On error it returns zero.
+ */
+static int ec_precompute_mont_data(EC_GROUP *group)
+{
+    BN_CTX *ctx = BN_CTX_new();
+    int ret = 0;
+
+    BN_MONT_CTX_free(group->mont_data);
+    group->mont_data = NULL;
+
+    if (ctx == NULL)
+        goto err;
+
+    group->mont_data = BN_MONT_CTX_new();
+    if (group->mont_data == NULL)
+        goto err;
+
+    if (!BN_MONT_CTX_set(group->mont_data, group->order, ctx)) {
+        BN_MONT_CTX_free(group->mont_data);
+        group->mont_data = NULL;
+        goto err;
+    }
+
+    ret = 1;
+
+ err:
+
+    BN_CTX_free(ctx);
+    return ret;
+}
+
+int EC_KEY_set_ex_data(EC_KEY *key, int idx, void *arg)
+{
+    return CRYPTO_set_ex_data(&key->ex_data, idx, arg);
+}
+
+void *EC_KEY_get_ex_data(const EC_KEY *key, int idx)
+{
+    return CRYPTO_get_ex_data(&key->ex_data, idx);
+}
+
+int ec_group_simple_order_bits(const EC_GROUP *group)
+{
+    if (group->order == NULL)
+        return 0;
+    return BN_num_bits(group->order);
+}
+
+static int ec_field_inverse_mod_ord(const EC_GROUP *group, BIGNUM *r,
+                                    const BIGNUM *x, BN_CTX *ctx)
+{
+    BIGNUM *e = NULL;
+    BN_CTX *new_ctx = NULL;
+    int ret = 0;
+
+    if (group->mont_data == NULL)
+        return 0;
+
+    if (ctx == NULL && (ctx = new_ctx = BN_CTX_secure_new()) == NULL)
+        return 0;
+
+    BN_CTX_start(ctx);
+    if ((e = BN_CTX_get(ctx)) == NULL)
+        goto err;
+
+    /*-
+     * We want inverse in constant time, therefore we utilize the fact
+     * order must be prime and use Fermats Little Theorem instead.
+     */
+    if (!BN_set_word(e, 2))
+        goto err;
+    if (!BN_sub(e, group->order, e))
+        goto err;
+    /*-
+     * Exponent e is public.
+     * No need for scatter-gather or BN_FLG_CONSTTIME.
+     */
+    if (!BN_mod_exp_mont(r, x, e, group->order, ctx, group->mont_data))
+        goto err;
+
+    ret = 1;
+
+ err:
+    if (ctx != NULL)
+        BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+/*-
+ * Default behavior, if group->meth->field_inverse_mod_ord is NULL:
+ * - When group->order is even, this function returns an error.
+ * - When group->order is otherwise composite, the correctness
+ *   of the output is not guaranteed.
+ * - When x is outside the range [1, group->order), the correctness
+ *   of the output is not guaranteed.
+ * - Otherwise, this function returns the multiplicative inverse in the
+ *   range [1, group->order).
+ *
+ * EC_METHODs must implement their own field_inverse_mod_ord for
+ * other functionality.
+ */
+int ec_group_do_inverse_ord(const EC_GROUP *group, BIGNUM *res,
+                            const BIGNUM *x, BN_CTX *ctx)
+{
+    if (group->meth->field_inverse_mod_ord != NULL)
+        return group->meth->field_inverse_mod_ord(group, res, x, ctx);
+    else
+        return ec_field_inverse_mod_ord(group, res, x, ctx);
+}
+
+/*-
+ * Coordinate blinding for EC_POINT.
+ *
+ * The underlying EC_METHOD can optionally implement this function:
+ * underlying implementations should return 0 on errors, or 1 on
+ * success.
+ *
+ * This wrapper returns 1 in case the underlying EC_METHOD does not
+ * support coordinate blinding.
+ */
+int ec_point_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx)
+{
+    if (group->meth->blind_coordinates == NULL)
+        return 1; /* ignore if not implemented */
+
+    return group->meth->blind_coordinates(group, p, ctx);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_mult.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_mult.c
new file mode 100644
index 000000000..0e0a5e139
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_mult.c
@@ -0,0 +1,970 @@
+/*
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include <openssl/err.h>
+
+#include "internal/cryptlib.h"
+#include "internal/bn_int.h"
+#include "ec_lcl.h"
+#include "internal/refcount.h"
+
+/*
+ * This file implements the wNAF-based interleaving multi-exponentiation method
+ * Formerly at:
+ *   http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller.html#multiexp
+ * You might now find it here:
+ *   http://link.springer.com/chapter/10.1007%2F3-540-45537-X_13
+ *   http://www.bmoeller.de/pdf/TI-01-08.multiexp.pdf
+ * For multiplication with precomputation, we use wNAF splitting, formerly at:
+ *   http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller.html#fastexp
+ */
+
+/* structure for precomputed multiples of the generator */
+struct ec_pre_comp_st {
+    const EC_GROUP *group;      /* parent EC_GROUP object */
+    size_t blocksize;           /* block size for wNAF splitting */
+    size_t numblocks;           /* max. number of blocks for which we have
+                                 * precomputation */
+    size_t w;                   /* window size */
+    EC_POINT **points;          /* array with pre-calculated multiples of
+                                 * generator: 'num' pointers to EC_POINT
+                                 * objects followed by a NULL */
+    size_t num;                 /* numblocks * 2^(w-1) */
+    CRYPTO_REF_COUNT references;
+    CRYPTO_RWLOCK *lock;
+};
+
+static EC_PRE_COMP *ec_pre_comp_new(const EC_GROUP *group)
+{
+    EC_PRE_COMP *ret = NULL;
+
+    if (!group)
+        return NULL;
+
+    ret = OPENSSL_zalloc(sizeof(*ret));
+    if (ret == NULL) {
+        ECerr(EC_F_EC_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
+        return ret;
+    }
+
+    ret->group = group;
+    ret->blocksize = 8;         /* default */
+    ret->w = 4;                 /* default */
+    ret->references = 1;
+
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        ECerr(EC_F_EC_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+EC_PRE_COMP *EC_ec_pre_comp_dup(EC_PRE_COMP *pre)
+{
+    int i;
+    if (pre != NULL)
+        CRYPTO_UP_REF(&pre->references, &i, pre->lock);
+    return pre;
+}
+
+void EC_ec_pre_comp_free(EC_PRE_COMP *pre)
+{
+    int i;
+
+    if (pre == NULL)
+        return;
+
+    CRYPTO_DOWN_REF(&pre->references, &i, pre->lock);
+    REF_PRINT_COUNT("EC_ec", pre);
+    if (i > 0)
+        return;
+    REF_ASSERT_ISNT(i < 0);
+
+    if (pre->points != NULL) {
+        EC_POINT **pts;
+
+        for (pts = pre->points; *pts != NULL; pts++)
+            EC_POINT_free(*pts);
+        OPENSSL_free(pre->points);
+    }
+    CRYPTO_THREAD_lock_free(pre->lock);
+    OPENSSL_free(pre);
+}
+
+#define EC_POINT_BN_set_flags(P, flags) do { \
+    BN_set_flags((P)->X, (flags)); \
+    BN_set_flags((P)->Y, (flags)); \
+    BN_set_flags((P)->Z, (flags)); \
+} while(0)
+
+/*-
+ * This functions computes a single point multiplication over the EC group,
+ * using, at a high level, a Montgomery ladder with conditional swaps, with
+ * various timing attack defenses.
+ *
+ * It performs either a fixed point multiplication
+ *          (scalar * generator)
+ * when point is NULL, or a variable point multiplication
+ *          (scalar * point)
+ * when point is not NULL.
+ *
+ * `scalar` cannot be NULL and should be in the range [0,n) otherwise all
+ * constant time bets are off (where n is the cardinality of the EC group).
+ *
+ * This function expects `group->order` and `group->cardinality` to be well
+ * defined and non-zero: it fails with an error code otherwise.
+ *
+ * NB: This says nothing about the constant-timeness of the ladder step
+ * implementation (i.e., the default implementation is based on EC_POINT_add and
+ * EC_POINT_dbl, which of course are not constant time themselves) or the
+ * underlying multiprecision arithmetic.
+ *
+ * The product is stored in `r`.
+ *
+ * This is an internal function: callers are in charge of ensuring that the
+ * input parameters `group`, `r`, `scalar` and `ctx` are not NULL.
+ *
+ * Returns 1 on success, 0 otherwise.
+ */
+int ec_scalar_mul_ladder(const EC_GROUP *group, EC_POINT *r,
+                         const BIGNUM *scalar, const EC_POINT *point,
+                         BN_CTX *ctx)
+{
+    int i, cardinality_bits, group_top, kbit, pbit, Z_is_one;
+    EC_POINT *p = NULL;
+    EC_POINT *s = NULL;
+    BIGNUM *k = NULL;
+    BIGNUM *lambda = NULL;
+    BIGNUM *cardinality = NULL;
+    int ret = 0;
+
+    /* early exit if the input point is the point at infinity */
+    if (point != NULL && EC_POINT_is_at_infinity(group, point))
+        return EC_POINT_set_to_infinity(group, r);
+
+    if (BN_is_zero(group->order)) {
+        ECerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_UNKNOWN_ORDER);
+        return 0;
+    }
+    if (BN_is_zero(group->cofactor)) {
+        ECerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_UNKNOWN_COFACTOR);
+        return 0;
+    }
+
+    BN_CTX_start(ctx);
+
+    if (((p = EC_POINT_new(group)) == NULL)
+        || ((s = EC_POINT_new(group)) == NULL)) {
+        ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (point == NULL) {
+        if (!EC_POINT_copy(p, group->generator)) {
+            ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_EC_LIB);
+            goto err;
+        }
+    } else {
+        if (!EC_POINT_copy(p, point)) {
+            ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_EC_LIB);
+            goto err;
+        }
+    }
+
+    EC_POINT_BN_set_flags(p, BN_FLG_CONSTTIME);
+    EC_POINT_BN_set_flags(r, BN_FLG_CONSTTIME);
+    EC_POINT_BN_set_flags(s, BN_FLG_CONSTTIME);
+
+    cardinality = BN_CTX_get(ctx);
+    lambda = BN_CTX_get(ctx);
+    k = BN_CTX_get(ctx);
+    if (k == NULL) {
+        ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (!BN_mul(cardinality, group->order, group->cofactor, ctx)) {
+        ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    /*
+     * Group cardinalities are often on a word boundary.
+     * So when we pad the scalar, some timing diff might
+     * pop if it needs to be expanded due to carries.
+     * So expand ahead of time.
+     */
+    cardinality_bits = BN_num_bits(cardinality);
+    group_top = bn_get_top(cardinality);
+    if ((bn_wexpand(k, group_top + 2) == NULL)
+        || (bn_wexpand(lambda, group_top + 2) == NULL)) {
+        ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    if (!BN_copy(k, scalar)) {
+        ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    BN_set_flags(k, BN_FLG_CONSTTIME);
+
+    if ((BN_num_bits(k) > cardinality_bits) || (BN_is_negative(k))) {
+        /*-
+         * this is an unusual input, and we don't guarantee
+         * constant-timeness
+         */
+        if (!BN_nnmod(k, k, cardinality, ctx)) {
+            ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB);
+            goto err;
+        }
+    }
+
+    if (!BN_add(lambda, k, cardinality)) {
+        ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB);
+        goto err;
+    }
+    BN_set_flags(lambda, BN_FLG_CONSTTIME);
+    if (!BN_add(k, lambda, cardinality)) {
+        ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB);
+        goto err;
+    }
+    /*
+     * lambda := scalar + cardinality
+     * k := scalar + 2*cardinality
+     */
+    kbit = BN_is_bit_set(lambda, cardinality_bits);
+    BN_consttime_swap(kbit, k, lambda, group_top + 2);
+
+    group_top = bn_get_top(group->field);
+    if ((bn_wexpand(s->X, group_top) == NULL)
+        || (bn_wexpand(s->Y, group_top) == NULL)
+        || (bn_wexpand(s->Z, group_top) == NULL)
+        || (bn_wexpand(r->X, group_top) == NULL)
+        || (bn_wexpand(r->Y, group_top) == NULL)
+        || (bn_wexpand(r->Z, group_top) == NULL)
+        || (bn_wexpand(p->X, group_top) == NULL)
+        || (bn_wexpand(p->Y, group_top) == NULL)
+        || (bn_wexpand(p->Z, group_top) == NULL)) {
+        ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    /*-
+     * Apply coordinate blinding for EC_POINT.
+     *
+     * The underlying EC_METHOD can optionally implement this function:
+     * ec_point_blind_coordinates() returns 0 in case of errors or 1 on
+     * success or if coordinate blinding is not implemented for this
+     * group.
+     */
+    if (!ec_point_blind_coordinates(group, p, ctx)) {
+        ECerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_POINT_COORDINATES_BLIND_FAILURE);
+        goto err;
+    }
+
+    /* Initialize the Montgomery ladder */
+    if (!ec_point_ladder_pre(group, r, s, p, ctx)) {
+        ECerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_LADDER_PRE_FAILURE);
+        goto err;
+    }
+
+    /* top bit is a 1, in a fixed pos */
+    pbit = 1;
+
+#define EC_POINT_CSWAP(c, a, b, w, t) do {         \
+        BN_consttime_swap(c, (a)->X, (b)->X, w);   \
+        BN_consttime_swap(c, (a)->Y, (b)->Y, w);   \
+        BN_consttime_swap(c, (a)->Z, (b)->Z, w);   \
+        t = ((a)->Z_is_one ^ (b)->Z_is_one) & (c); \
+        (a)->Z_is_one ^= (t);                      \
+        (b)->Z_is_one ^= (t);                      \
+} while(0)
+
+    /*-
+     * The ladder step, with branches, is
+     *
+     * k[i] == 0: S = add(R, S), R = dbl(R)
+     * k[i] == 1: R = add(S, R), S = dbl(S)
+     *
+     * Swapping R, S conditionally on k[i] leaves you with state
+     *
+     * k[i] == 0: T, U = R, S
+     * k[i] == 1: T, U = S, R
+     *
+     * Then perform the ECC ops.
+     *
+     * U = add(T, U)
+     * T = dbl(T)
+     *
+     * Which leaves you with state
+     *
+     * k[i] == 0: U = add(R, S), T = dbl(R)
+     * k[i] == 1: U = add(S, R), T = dbl(S)
+     *
+     * Swapping T, U conditionally on k[i] leaves you with state
+     *
+     * k[i] == 0: R, S = T, U
+     * k[i] == 1: R, S = U, T
+     *
+     * Which leaves you with state
+     *
+     * k[i] == 0: S = add(R, S), R = dbl(R)
+     * k[i] == 1: R = add(S, R), S = dbl(S)
+     *
+     * So we get the same logic, but instead of a branch it's a
+     * conditional swap, followed by ECC ops, then another conditional swap.
+     *
+     * Optimization: The end of iteration i and start of i-1 looks like
+     *
+     * ...
+     * CSWAP(k[i], R, S)
+     * ECC
+     * CSWAP(k[i], R, S)
+     * (next iteration)
+     * CSWAP(k[i-1], R, S)
+     * ECC
+     * CSWAP(k[i-1], R, S)
+     * ...
+     *
+     * So instead of two contiguous swaps, you can merge the condition
+     * bits and do a single swap.
+     *
+     * k[i]   k[i-1]    Outcome
+     * 0      0         No Swap
+     * 0      1         Swap
+     * 1      0         Swap
+     * 1      1         No Swap
+     *
+     * This is XOR. pbit tracks the previous bit of k.
+     */
+
+    for (i = cardinality_bits - 1; i >= 0; i--) {
+        kbit = BN_is_bit_set(k, i) ^ pbit;
+        EC_POINT_CSWAP(kbit, r, s, group_top, Z_is_one);
+
+        /* Perform a single step of the Montgomery ladder */
+        if (!ec_point_ladder_step(group, r, s, p, ctx)) {
+            ECerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_LADDER_STEP_FAILURE);
+            goto err;
+        }
+        /*
+         * pbit logic merges this cswap with that of the
+         * next iteration
+         */
+        pbit ^= kbit;
+    }
+    /* one final cswap to move the right value into r */
+    EC_POINT_CSWAP(pbit, r, s, group_top, Z_is_one);
+#undef EC_POINT_CSWAP
+
+    /* Finalize ladder (and recover full point coordinates) */
+    if (!ec_point_ladder_post(group, r, s, p, ctx)) {
+        ECerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_LADDER_POST_FAILURE);
+        goto err;
+    }
+
+    ret = 1;
+
+ err:
+    EC_POINT_free(p);
+    EC_POINT_free(s);
+    BN_CTX_end(ctx);
+
+    return ret;
+}
+
+#undef EC_POINT_BN_set_flags
+
+/*
+ * TODO: table should be optimised for the wNAF-based implementation,
+ * sometimes smaller windows will give better performance (thus the
+ * boundaries should be increased)
+ */
+#define EC_window_bits_for_scalar_size(b) \
+                ((size_t) \
+                 ((b) >= 2000 ? 6 : \
+                  (b) >=  800 ? 5 : \
+                  (b) >=  300 ? 4 : \
+                  (b) >=   70 ? 3 : \
+                  (b) >=   20 ? 2 : \
+                  1))
+
+/*-
+ * Compute
+ *      \sum scalars[i]*points[i],
+ * also including
+ *      scalar*generator
+ * in the addition if scalar != NULL
+ */
+int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
+                size_t num, const EC_POINT *points[], const BIGNUM *scalars[],
+                BN_CTX *ctx)
+{
+    const EC_POINT *generator = NULL;
+    EC_POINT *tmp = NULL;
+    size_t totalnum;
+    size_t blocksize = 0, numblocks = 0; /* for wNAF splitting */
+    size_t pre_points_per_block = 0;
+    size_t i, j;
+    int k;
+    int r_is_inverted = 0;
+    int r_is_at_infinity = 1;
+    size_t *wsize = NULL;       /* individual window sizes */
+    signed char **wNAF = NULL;  /* individual wNAFs */
+    size_t *wNAF_len = NULL;
+    size_t max_len = 0;
+    size_t num_val;
+    EC_POINT **val = NULL;      /* precomputation */
+    EC_POINT **v;
+    EC_POINT ***val_sub = NULL; /* pointers to sub-arrays of 'val' or
+                                 * 'pre_comp->points' */
+    const EC_PRE_COMP *pre_comp = NULL;
+    int num_scalar = 0;         /* flag: will be set to 1 if 'scalar' must be
+                                 * treated like other scalars, i.e.
+                                 * precomputation is not available */
+    int ret = 0;
+
+    if (!BN_is_zero(group->order) && !BN_is_zero(group->cofactor)) {
+        /*-
+         * Handle the common cases where the scalar is secret, enforcing a
+         * scalar multiplication implementation based on a Montgomery ladder,
+         * with various timing attack defenses.
+         */
+        if ((scalar != NULL) && (num == 0)) {
+            /*-
+             * In this case we want to compute scalar * GeneratorPoint: this
+             * codepath is reached most prominently by (ephemeral) key
+             * generation of EC cryptosystems (i.e. ECDSA keygen and sign setup,
+             * ECDH keygen/first half), where the scalar is always secret. This
+             * is why we ignore if BN_FLG_CONSTTIME is actually set and we
+             * always call the ladder version.
+             */
+            return ec_scalar_mul_ladder(group, r, scalar, NULL, ctx);
+        }
+        if ((scalar == NULL) && (num == 1)) {
+            /*-
+             * In this case we want to compute scalar * VariablePoint: this
+             * codepath is reached most prominently by the second half of ECDH,
+             * where the secret scalar is multiplied by the peer's public point.
+             * To protect the secret scalar, we ignore if BN_FLG_CONSTTIME is
+             * actually set and we always call the ladder version.
+             */
+            return ec_scalar_mul_ladder(group, r, scalars[0], points[0], ctx);
+        }
+    }
+
+    if (scalar != NULL) {
+        generator = EC_GROUP_get0_generator(group);
+        if (generator == NULL) {
+            ECerr(EC_F_EC_WNAF_MUL, EC_R_UNDEFINED_GENERATOR);
+            goto err;
+        }
+
+        /* look if we can use precomputed multiples of generator */
+
+        pre_comp = group->pre_comp.ec;
+        if (pre_comp && pre_comp->numblocks
+            && (EC_POINT_cmp(group, generator, pre_comp->points[0], ctx) ==
+                0)) {
+            blocksize = pre_comp->blocksize;
+
+            /*
+             * determine maximum number of blocks that wNAF splitting may
+             * yield (NB: maximum wNAF length is bit length plus one)
+             */
+            numblocks = (BN_num_bits(scalar) / blocksize) + 1;
+
+            /*
+             * we cannot use more blocks than we have precomputation for
+             */
+            if (numblocks > pre_comp->numblocks)
+                numblocks = pre_comp->numblocks;
+
+            pre_points_per_block = (size_t)1 << (pre_comp->w - 1);
+
+            /* check that pre_comp looks sane */
+            if (pre_comp->num != (pre_comp->numblocks * pre_points_per_block)) {
+                ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+        } else {
+            /* can't use precomputation */
+            pre_comp = NULL;
+            numblocks = 1;
+            num_scalar = 1;     /* treat 'scalar' like 'num'-th element of
+                                 * 'scalars' */
+        }
+    }
+
+    totalnum = num + numblocks;
+
+    wsize = OPENSSL_malloc(totalnum * sizeof(wsize[0]));
+    wNAF_len = OPENSSL_malloc(totalnum * sizeof(wNAF_len[0]));
+    /* include space for pivot */
+    wNAF = OPENSSL_malloc((totalnum + 1) * sizeof(wNAF[0]));
+    val_sub = OPENSSL_malloc(totalnum * sizeof(val_sub[0]));
+
+    /* Ensure wNAF is initialised in case we end up going to err */
+    if (wNAF != NULL)
+        wNAF[0] = NULL;         /* preliminary pivot */
+
+    if (wsize == NULL || wNAF_len == NULL || wNAF == NULL || val_sub == NULL) {
+        ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /*
+     * num_val will be the total number of temporarily precomputed points
+     */
+    num_val = 0;
+
+    for (i = 0; i < num + num_scalar; i++) {
+        size_t bits;
+
+        bits = i < num ? BN_num_bits(scalars[i]) : BN_num_bits(scalar);
+        wsize[i] = EC_window_bits_for_scalar_size(bits);
+        num_val += (size_t)1 << (wsize[i] - 1);
+        wNAF[i + 1] = NULL;     /* make sure we always have a pivot */
+        wNAF[i] =
+            bn_compute_wNAF((i < num ? scalars[i] : scalar), wsize[i],
+                            &wNAF_len[i]);
+        if (wNAF[i] == NULL)
+            goto err;
+        if (wNAF_len[i] > max_len)
+            max_len = wNAF_len[i];
+    }
+
+    if (numblocks) {
+        /* we go here iff scalar != NULL */
+
+        if (pre_comp == NULL) {
+            if (num_scalar != 1) {
+                ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            /* we have already generated a wNAF for 'scalar' */
+        } else {
+            signed char *tmp_wNAF = NULL;
+            size_t tmp_len = 0;
+
+            if (num_scalar != 0) {
+                ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+
+            /*
+             * use the window size for which we have precomputation
+             */
+            wsize[num] = pre_comp->w;
+            tmp_wNAF = bn_compute_wNAF(scalar, wsize[num], &tmp_len);
+            if (!tmp_wNAF)
+                goto err;
+
+            if (tmp_len <= max_len) {
+                /*
+                 * One of the other wNAFs is at least as long as the wNAF
+                 * belonging to the generator, so wNAF splitting will not buy
+                 * us anything.
+                 */
+
+                numblocks = 1;
+                totalnum = num + 1; /* don't use wNAF splitting */
+                wNAF[num] = tmp_wNAF;
+                wNAF[num + 1] = NULL;
+                wNAF_len[num] = tmp_len;
+                /*
+                 * pre_comp->points starts with the points that we need here:
+                 */
+                val_sub[num] = pre_comp->points;
+            } else {
+                /*
+                 * don't include tmp_wNAF directly into wNAF array - use wNAF
+                 * splitting and include the blocks
+                 */
+
+                signed char *pp;
+                EC_POINT **tmp_points;
+
+                if (tmp_len < numblocks * blocksize) {
+                    /*
+                     * possibly we can do with fewer blocks than estimated
+                     */
+                    numblocks = (tmp_len + blocksize - 1) / blocksize;
+                    if (numblocks > pre_comp->numblocks) {
+                        ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+                        OPENSSL_free(tmp_wNAF);
+                        goto err;
+                    }
+                    totalnum = num + numblocks;
+                }
+
+                /* split wNAF in 'numblocks' parts */
+                pp = tmp_wNAF;
+                tmp_points = pre_comp->points;
+
+                for (i = num; i < totalnum; i++) {
+                    if (i < totalnum - 1) {
+                        wNAF_len[i] = blocksize;
+                        if (tmp_len < blocksize) {
+                            ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+                            OPENSSL_free(tmp_wNAF);
+                            goto err;
+                        }
+                        tmp_len -= blocksize;
+                    } else
+                        /*
+                         * last block gets whatever is left (this could be
+                         * more or less than 'blocksize'!)
+                         */
+                        wNAF_len[i] = tmp_len;
+
+                    wNAF[i + 1] = NULL;
+                    wNAF[i] = OPENSSL_malloc(wNAF_len[i]);
+                    if (wNAF[i] == NULL) {
+                        ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
+                        OPENSSL_free(tmp_wNAF);
+                        goto err;
+                    }
+                    memcpy(wNAF[i], pp, wNAF_len[i]);
+                    if (wNAF_len[i] > max_len)
+                        max_len = wNAF_len[i];
+
+                    if (*tmp_points == NULL) {
+                        ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+                        OPENSSL_free(tmp_wNAF);
+                        goto err;
+                    }
+                    val_sub[i] = tmp_points;
+                    tmp_points += pre_points_per_block;
+                    pp += blocksize;
+                }
+                OPENSSL_free(tmp_wNAF);
+            }
+        }
+    }
+
+    /*
+     * All points we precompute now go into a single array 'val'.
+     * 'val_sub[i]' is a pointer to the subarray for the i-th point, or to a
+     * subarray of 'pre_comp->points' if we already have precomputation.
+     */
+    val = OPENSSL_malloc((num_val + 1) * sizeof(val[0]));
+    if (val == NULL) {
+        ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    val[num_val] = NULL;        /* pivot element */
+
+    /* allocate points for precomputation */
+    v = val;
+    for (i = 0; i < num + num_scalar; i++) {
+        val_sub[i] = v;
+        for (j = 0; j < ((size_t)1 << (wsize[i] - 1)); j++) {
+            *v = EC_POINT_new(group);
+            if (*v == NULL)
+                goto err;
+            v++;
+        }
+    }
+    if (!(v == val + num_val)) {
+        ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    if ((tmp = EC_POINT_new(group)) == NULL)
+        goto err;
+
+    /*-
+     * prepare precomputed values:
+     *    val_sub[i][0] :=     points[i]
+     *    val_sub[i][1] := 3 * points[i]
+     *    val_sub[i][2] := 5 * points[i]
+     *    ...
+     */
+    for (i = 0; i < num + num_scalar; i++) {
+        if (i < num) {
+            if (!EC_POINT_copy(val_sub[i][0], points[i]))
+                goto err;
+        } else {
+            if (!EC_POINT_copy(val_sub[i][0], generator))
+                goto err;
+        }
+
+        if (wsize[i] > 1) {
+            if (!EC_POINT_dbl(group, tmp, val_sub[i][0], ctx))
+                goto err;
+            for (j = 1; j < ((size_t)1 << (wsize[i] - 1)); j++) {
+                if (!EC_POINT_add
+                    (group, val_sub[i][j], val_sub[i][j - 1], tmp, ctx))
+                    goto err;
+            }
+        }
+    }
+
+    if (!EC_POINTs_make_affine(group, num_val, val, ctx))
+        goto err;
+
+    r_is_at_infinity = 1;
+
+    for (k = max_len - 1; k >= 0; k--) {
+        if (!r_is_at_infinity) {
+            if (!EC_POINT_dbl(group, r, r, ctx))
+                goto err;
+        }
+
+        for (i = 0; i < totalnum; i++) {
+            if (wNAF_len[i] > (size_t)k) {
+                int digit = wNAF[i][k];
+                int is_neg;
+
+                if (digit) {
+                    is_neg = digit < 0;
+
+                    if (is_neg)
+                        digit = -digit;
+
+                    if (is_neg != r_is_inverted) {
+                        if (!r_is_at_infinity) {
+                            if (!EC_POINT_invert(group, r, ctx))
+                                goto err;
+                        }
+                        r_is_inverted = !r_is_inverted;
+                    }
+
+                    /* digit > 0 */
+
+                    if (r_is_at_infinity) {
+                        if (!EC_POINT_copy(r, val_sub[i][digit >> 1]))
+                            goto err;
+                        r_is_at_infinity = 0;
+                    } else {
+                        if (!EC_POINT_add
+                            (group, r, r, val_sub[i][digit >> 1], ctx))
+                            goto err;
+                    }
+                }
+            }
+        }
+    }
+
+    if (r_is_at_infinity) {
+        if (!EC_POINT_set_to_infinity(group, r))
+            goto err;
+    } else {
+        if (r_is_inverted)
+            if (!EC_POINT_invert(group, r, ctx))
+                goto err;
+    }
+
+    ret = 1;
+
+ err:
+    EC_POINT_free(tmp);
+    OPENSSL_free(wsize);
+    OPENSSL_free(wNAF_len);
+    if (wNAF != NULL) {
+        signed char **w;
+
+        for (w = wNAF; *w != NULL; w++)
+            OPENSSL_free(*w);
+
+        OPENSSL_free(wNAF);
+    }
+    if (val != NULL) {
+        for (v = val; *v != NULL; v++)
+            EC_POINT_clear_free(*v);
+
+        OPENSSL_free(val);
+    }
+    OPENSSL_free(val_sub);
+    return ret;
+}
+
+/*-
+ * ec_wNAF_precompute_mult()
+ * creates an EC_PRE_COMP object with preprecomputed multiples of the generator
+ * for use with wNAF splitting as implemented in ec_wNAF_mul().
+ *
+ * 'pre_comp->points' is an array of multiples of the generator
+ * of the following form:
+ * points[0] =     generator;
+ * points[1] = 3 * generator;
+ * ...
+ * points[2^(w-1)-1] =     (2^(w-1)-1) * generator;
+ * points[2^(w-1)]   =     2^blocksize * generator;
+ * points[2^(w-1)+1] = 3 * 2^blocksize * generator;
+ * ...
+ * points[2^(w-1)*(numblocks-1)-1] = (2^(w-1)) *  2^(blocksize*(numblocks-2)) * generator
+ * points[2^(w-1)*(numblocks-1)]   =              2^(blocksize*(numblocks-1)) * generator
+ * ...
+ * points[2^(w-1)*numblocks-1]     = (2^(w-1)) *  2^(blocksize*(numblocks-1)) * generator
+ * points[2^(w-1)*numblocks]       = NULL
+ */
+int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
+{
+    const EC_POINT *generator;
+    EC_POINT *tmp_point = NULL, *base = NULL, **var;
+    BN_CTX *new_ctx = NULL;
+    const BIGNUM *order;
+    size_t i, bits, w, pre_points_per_block, blocksize, numblocks, num;
+    EC_POINT **points = NULL;
+    EC_PRE_COMP *pre_comp;
+    int ret = 0;
+
+    /* if there is an old EC_PRE_COMP object, throw it away */
+    EC_pre_comp_free(group);
+    if ((pre_comp = ec_pre_comp_new(group)) == NULL)
+        return 0;
+
+    generator = EC_GROUP_get0_generator(group);
+    if (generator == NULL) {
+        ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, EC_R_UNDEFINED_GENERATOR);
+        goto err;
+    }
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            goto err;
+    }
+
+    BN_CTX_start(ctx);
+
+    order = EC_GROUP_get0_order(group);
+    if (order == NULL)
+        goto err;
+    if (BN_is_zero(order)) {
+        ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, EC_R_UNKNOWN_ORDER);
+        goto err;
+    }
+
+    bits = BN_num_bits(order);
+    /*
+     * The following parameters mean we precompute (approximately) one point
+     * per bit. TBD: The combination 8, 4 is perfect for 160 bits; for other
+     * bit lengths, other parameter combinations might provide better
+     * efficiency.
+     */
+    blocksize = 8;
+    w = 4;
+    if (EC_window_bits_for_scalar_size(bits) > w) {
+        /* let's not make the window too small ... */
+        w = EC_window_bits_for_scalar_size(bits);
+    }
+
+    numblocks = (bits + blocksize - 1) / blocksize; /* max. number of blocks
+                                                     * to use for wNAF
+                                                     * splitting */
+
+    pre_points_per_block = (size_t)1 << (w - 1);
+    num = pre_points_per_block * numblocks; /* number of points to compute
+                                             * and store */
+
+    points = OPENSSL_malloc(sizeof(*points) * (num + 1));
+    if (points == NULL) {
+        ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    var = points;
+    var[num] = NULL;            /* pivot */
+    for (i = 0; i < num; i++) {
+        if ((var[i] = EC_POINT_new(group)) == NULL) {
+            ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+
+    if ((tmp_point = EC_POINT_new(group)) == NULL
+        || (base = EC_POINT_new(group)) == NULL) {
+        ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (!EC_POINT_copy(base, generator))
+        goto err;
+
+    /* do the precomputation */
+    for (i = 0; i < numblocks; i++) {
+        size_t j;
+
+        if (!EC_POINT_dbl(group, tmp_point, base, ctx))
+            goto err;
+
+        if (!EC_POINT_copy(*var++, base))
+            goto err;
+
+        for (j = 1; j < pre_points_per_block; j++, var++) {
+            /*
+             * calculate odd multiples of the current base point
+             */
+            if (!EC_POINT_add(group, *var, tmp_point, *(var - 1), ctx))
+                goto err;
+        }
+
+        if (i < numblocks - 1) {
+            /*
+             * get the next base (multiply current one by 2^blocksize)
+             */
+            size_t k;
+
+            if (blocksize <= 2) {
+                ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+
+            if (!EC_POINT_dbl(group, base, tmp_point, ctx))
+                goto err;
+            for (k = 2; k < blocksize; k++) {
+                if (!EC_POINT_dbl(group, base, base, ctx))
+                    goto err;
+            }
+        }
+    }
+
+    if (!EC_POINTs_make_affine(group, num, points, ctx))
+        goto err;
+
+    pre_comp->group = group;
+    pre_comp->blocksize = blocksize;
+    pre_comp->numblocks = numblocks;
+    pre_comp->w = w;
+    pre_comp->points = points;
+    points = NULL;
+    pre_comp->num = num;
+    SETPRECOMP(group, ec, pre_comp);
+    pre_comp = NULL;
+    ret = 1;
+
+ err:
+    if (ctx != NULL)
+        BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    EC_ec_pre_comp_free(pre_comp);
+    if (points) {
+        EC_POINT **p;
+
+        for (p = points; *p != NULL; p++)
+            EC_POINT_free(*p);
+        OPENSSL_free(points);
+    }
+    EC_POINT_free(tmp_point);
+    EC_POINT_free(base);
+    return ret;
+}
+
+int ec_wNAF_have_precompute_mult(const EC_GROUP *group)
+{
+    return HAVEPRECOMP(group, ec);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_oct.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_oct.c
new file mode 100644
index 000000000..522f79e67
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_oct.c
@@ -0,0 +1,150 @@
+/*
+ * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+
+#include <openssl/err.h>
+#include <openssl/opensslv.h>
+
+#include "ec_lcl.h"
+
+int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point,
+                                        const BIGNUM *x, int y_bit, BN_CTX *ctx)
+{
+    if (group->meth->point_set_compressed_coordinates == NULL
+        && !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) {
+        ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (!ec_point_is_compat(point, group)) {
+        ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES,
+              EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) {
+        if (group->meth->field_type == NID_X9_62_prime_field)
+            return ec_GFp_simple_set_compressed_coordinates(group, point, x,
+                                                            y_bit, ctx);
+        else
+#ifdef OPENSSL_NO_EC2M
+        {
+            ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES,
+                  EC_R_GF2M_NOT_SUPPORTED);
+            return 0;
+        }
+#else
+            return ec_GF2m_simple_set_compressed_coordinates(group, point, x,
+                                                             y_bit, ctx);
+#endif
+    }
+    return group->meth->point_set_compressed_coordinates(group, point, x,
+                                                         y_bit, ctx);
+}
+
+#if OPENSSL_API_COMPAT < 0x10200000L
+int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group,
+                                            EC_POINT *point, const BIGNUM *x,
+                                            int y_bit, BN_CTX *ctx)
+{
+    return EC_POINT_set_compressed_coordinates(group, point, x, y_bit, ctx);
+}
+
+# ifndef OPENSSL_NO_EC2M
+int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group,
+                                             EC_POINT *point, const BIGNUM *x,
+                                             int y_bit, BN_CTX *ctx)
+{
+    return EC_POINT_set_compressed_coordinates(group, point, x, y_bit, ctx);
+}
+# endif
+#endif
+
+size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point,
+                          point_conversion_form_t form, unsigned char *buf,
+                          size_t len, BN_CTX *ctx)
+{
+    if (group->meth->point2oct == 0
+        && !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) {
+        ECerr(EC_F_EC_POINT_POINT2OCT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (!ec_point_is_compat(point, group)) {
+        ECerr(EC_F_EC_POINT_POINT2OCT, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) {
+        if (group->meth->field_type == NID_X9_62_prime_field)
+            return ec_GFp_simple_point2oct(group, point, form, buf, len, ctx);
+        else
+#ifdef OPENSSL_NO_EC2M
+        {
+            ECerr(EC_F_EC_POINT_POINT2OCT, EC_R_GF2M_NOT_SUPPORTED);
+            return 0;
+        }
+#else
+            return ec_GF2m_simple_point2oct(group, point,
+                                            form, buf, len, ctx);
+#endif
+    }
+
+    return group->meth->point2oct(group, point, form, buf, len, ctx);
+}
+
+int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *point,
+                       const unsigned char *buf, size_t len, BN_CTX *ctx)
+{
+    if (group->meth->oct2point == 0
+        && !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) {
+        ECerr(EC_F_EC_POINT_OCT2POINT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (!ec_point_is_compat(point, group)) {
+        ECerr(EC_F_EC_POINT_OCT2POINT, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) {
+        if (group->meth->field_type == NID_X9_62_prime_field)
+            return ec_GFp_simple_oct2point(group, point, buf, len, ctx);
+        else
+#ifdef OPENSSL_NO_EC2M
+        {
+            ECerr(EC_F_EC_POINT_OCT2POINT, EC_R_GF2M_NOT_SUPPORTED);
+            return 0;
+        }
+#else
+            return ec_GF2m_simple_oct2point(group, point, buf, len, ctx);
+#endif
+    }
+    return group->meth->oct2point(group, point, buf, len, ctx);
+}
+
+size_t EC_POINT_point2buf(const EC_GROUP *group, const EC_POINT *point,
+                          point_conversion_form_t form,
+                          unsigned char **pbuf, BN_CTX *ctx)
+{
+    size_t len;
+    unsigned char *buf;
+
+    len = EC_POINT_point2oct(group, point, form, NULL, 0, NULL);
+    if (len == 0)
+        return 0;
+    if ((buf = OPENSSL_malloc(len)) == NULL) {
+        ECerr(EC_F_EC_POINT_POINT2BUF, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    len = EC_POINT_point2oct(group, point, form, buf, len, ctx);
+    if (len == 0) {
+        OPENSSL_free(buf);
+        return 0;
+    }
+    *pbuf = buf;
+    return len;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_pmeth.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_pmeth.c
new file mode 100644
index 000000000..f4ad0749e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_pmeth.c
@@ -0,0 +1,472 @@
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/ec.h>
+#include "ec_lcl.h"
+#include <openssl/evp.h>
+#include "internal/evp_int.h"
+
+/* EC pkey context structure */
+
+typedef struct {
+    /* Key and paramgen group */
+    EC_GROUP *gen_group;
+    /* message digest */
+    const EVP_MD *md;
+    /* Duplicate key if custom cofactor needed */
+    EC_KEY *co_key;
+    /* Cofactor mode */
+    signed char cofactor_mode;
+    /* KDF (if any) to use for ECDH */
+    char kdf_type;
+    /* Message digest to use for key derivation */
+    const EVP_MD *kdf_md;
+    /* User key material */
+    unsigned char *kdf_ukm;
+    size_t kdf_ukmlen;
+    /* KDF output length */
+    size_t kdf_outlen;
+} EC_PKEY_CTX;
+
+static int pkey_ec_init(EVP_PKEY_CTX *ctx)
+{
+    EC_PKEY_CTX *dctx;
+
+    if ((dctx = OPENSSL_zalloc(sizeof(*dctx))) == NULL) {
+        ECerr(EC_F_PKEY_EC_INIT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    dctx->cofactor_mode = -1;
+    dctx->kdf_type = EVP_PKEY_ECDH_KDF_NONE;
+    ctx->data = dctx;
+    return 1;
+}
+
+static int pkey_ec_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
+{
+    EC_PKEY_CTX *dctx, *sctx;
+    if (!pkey_ec_init(dst))
+        return 0;
+    sctx = src->data;
+    dctx = dst->data;
+    if (sctx->gen_group) {
+        dctx->gen_group = EC_GROUP_dup(sctx->gen_group);
+        if (!dctx->gen_group)
+            return 0;
+    }
+    dctx->md = sctx->md;
+
+    if (sctx->co_key) {
+        dctx->co_key = EC_KEY_dup(sctx->co_key);
+        if (!dctx->co_key)
+            return 0;
+    }
+    dctx->kdf_type = sctx->kdf_type;
+    dctx->kdf_md = sctx->kdf_md;
+    dctx->kdf_outlen = sctx->kdf_outlen;
+    if (sctx->kdf_ukm) {
+        dctx->kdf_ukm = OPENSSL_memdup(sctx->kdf_ukm, sctx->kdf_ukmlen);
+        if (!dctx->kdf_ukm)
+            return 0;
+    } else
+        dctx->kdf_ukm = NULL;
+    dctx->kdf_ukmlen = sctx->kdf_ukmlen;
+    return 1;
+}
+
+static void pkey_ec_cleanup(EVP_PKEY_CTX *ctx)
+{
+    EC_PKEY_CTX *dctx = ctx->data;
+    if (dctx != NULL) {
+        EC_GROUP_free(dctx->gen_group);
+        EC_KEY_free(dctx->co_key);
+        OPENSSL_free(dctx->kdf_ukm);
+        OPENSSL_free(dctx);
+        ctx->data = NULL;
+    }
+}
+
+static int pkey_ec_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                        const unsigned char *tbs, size_t tbslen)
+{
+    int ret, type;
+    unsigned int sltmp;
+    EC_PKEY_CTX *dctx = ctx->data;
+    EC_KEY *ec = ctx->pkey->pkey.ec;
+    const int sig_sz = ECDSA_size(ec);
+
+    /* ensure cast to size_t is safe */
+    if (!ossl_assert(sig_sz > 0))
+        return 0;
+
+    if (sig == NULL) {
+        *siglen = (size_t)sig_sz;
+        return 1;
+    }
+
+    if (*siglen < (size_t)sig_sz) {
+        ECerr(EC_F_PKEY_EC_SIGN, EC_R_BUFFER_TOO_SMALL);
+        return 0;
+    }
+
+    type = (dctx->md != NULL) ? EVP_MD_type(dctx->md) : NID_sha1;
+
+    ret = ECDSA_sign(type, tbs, tbslen, sig, &sltmp, ec);
+
+    if (ret <= 0)
+        return ret;
+    *siglen = (size_t)sltmp;
+    return 1;
+}
+
+static int pkey_ec_verify(EVP_PKEY_CTX *ctx,
+                          const unsigned char *sig, size_t siglen,
+                          const unsigned char *tbs, size_t tbslen)
+{
+    int ret, type;
+    EC_PKEY_CTX *dctx = ctx->data;
+    EC_KEY *ec = ctx->pkey->pkey.ec;
+
+    if (dctx->md)
+        type = EVP_MD_type(dctx->md);
+    else
+        type = NID_sha1;
+
+    ret = ECDSA_verify(type, tbs, tbslen, sig, siglen, ec);
+
+    return ret;
+}
+
+#ifndef OPENSSL_NO_EC
+static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
+{
+    int ret;
+    size_t outlen;
+    const EC_POINT *pubkey = NULL;
+    EC_KEY *eckey;
+    EC_PKEY_CTX *dctx = ctx->data;
+    if (!ctx->pkey || !ctx->peerkey) {
+        ECerr(EC_F_PKEY_EC_DERIVE, EC_R_KEYS_NOT_SET);
+        return 0;
+    }
+
+    eckey = dctx->co_key ? dctx->co_key : ctx->pkey->pkey.ec;
+
+    if (!key) {
+        const EC_GROUP *group;
+        group = EC_KEY_get0_group(eckey);
+        *keylen = (EC_GROUP_get_degree(group) + 7) / 8;
+        return 1;
+    }
+    pubkey = EC_KEY_get0_public_key(ctx->peerkey->pkey.ec);
+
+    /*
+     * NB: unlike PKCS#3 DH, if *outlen is less than maximum size this is not
+     * an error, the result is truncated.
+     */
+
+    outlen = *keylen;
+
+    ret = ECDH_compute_key(key, outlen, pubkey, eckey, 0);
+    if (ret <= 0)
+        return 0;
+    *keylen = ret;
+    return 1;
+}
+
+static int pkey_ec_kdf_derive(EVP_PKEY_CTX *ctx,
+                              unsigned char *key, size_t *keylen)
+{
+    EC_PKEY_CTX *dctx = ctx->data;
+    unsigned char *ktmp = NULL;
+    size_t ktmplen;
+    int rv = 0;
+    if (dctx->kdf_type == EVP_PKEY_ECDH_KDF_NONE)
+        return pkey_ec_derive(ctx, key, keylen);
+    if (!key) {
+        *keylen = dctx->kdf_outlen;
+        return 1;
+    }
+    if (*keylen != dctx->kdf_outlen)
+        return 0;
+    if (!pkey_ec_derive(ctx, NULL, &ktmplen))
+        return 0;
+    if ((ktmp = OPENSSL_malloc(ktmplen)) == NULL) {
+        ECerr(EC_F_PKEY_EC_KDF_DERIVE, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    if (!pkey_ec_derive(ctx, ktmp, &ktmplen))
+        goto err;
+    /* Do KDF stuff */
+    if (!ecdh_KDF_X9_63(key, *keylen, ktmp, ktmplen,
+                        dctx->kdf_ukm, dctx->kdf_ukmlen, dctx->kdf_md))
+        goto err;
+    rv = 1;
+
+ err:
+    OPENSSL_clear_free(ktmp, ktmplen);
+    return rv;
+}
+#endif
+
+static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    EC_PKEY_CTX *dctx = ctx->data;
+    EC_GROUP *group;
+    switch (type) {
+    case EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID:
+        group = EC_GROUP_new_by_curve_name(p1);
+        if (group == NULL) {
+            ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_CURVE);
+            return 0;
+        }
+        EC_GROUP_free(dctx->gen_group);
+        dctx->gen_group = group;
+        return 1;
+
+    case EVP_PKEY_CTRL_EC_PARAM_ENC:
+        if (!dctx->gen_group) {
+            ECerr(EC_F_PKEY_EC_CTRL, EC_R_NO_PARAMETERS_SET);
+            return 0;
+        }
+        EC_GROUP_set_asn1_flag(dctx->gen_group, p1);
+        return 1;
+
+#ifndef OPENSSL_NO_EC
+    case EVP_PKEY_CTRL_EC_ECDH_COFACTOR:
+        if (p1 == -2) {
+            if (dctx->cofactor_mode != -1)
+                return dctx->cofactor_mode;
+            else {
+                EC_KEY *ec_key = ctx->pkey->pkey.ec;
+                return EC_KEY_get_flags(ec_key) & EC_FLAG_COFACTOR_ECDH ? 1 : 0;
+            }
+        } else if (p1 < -1 || p1 > 1)
+            return -2;
+        dctx->cofactor_mode = p1;
+        if (p1 != -1) {
+            EC_KEY *ec_key = ctx->pkey->pkey.ec;
+            if (!ec_key->group)
+                return -2;
+            /* If cofactor is 1 cofactor mode does nothing */
+            if (BN_is_one(ec_key->group->cofactor))
+                return 1;
+            if (!dctx->co_key) {
+                dctx->co_key = EC_KEY_dup(ec_key);
+                if (!dctx->co_key)
+                    return 0;
+            }
+            if (p1)
+                EC_KEY_set_flags(dctx->co_key, EC_FLAG_COFACTOR_ECDH);
+            else
+                EC_KEY_clear_flags(dctx->co_key, EC_FLAG_COFACTOR_ECDH);
+        } else {
+            EC_KEY_free(dctx->co_key);
+            dctx->co_key = NULL;
+        }
+        return 1;
+#endif
+
+    case EVP_PKEY_CTRL_EC_KDF_TYPE:
+        if (p1 == -2)
+            return dctx->kdf_type;
+        if (p1 != EVP_PKEY_ECDH_KDF_NONE && p1 != EVP_PKEY_ECDH_KDF_X9_63)
+            return -2;
+        dctx->kdf_type = p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_EC_KDF_MD:
+        dctx->kdf_md = p2;
+        return 1;
+
+    case EVP_PKEY_CTRL_GET_EC_KDF_MD:
+        *(const EVP_MD **)p2 = dctx->kdf_md;
+        return 1;
+
+    case EVP_PKEY_CTRL_EC_KDF_OUTLEN:
+        if (p1 <= 0)
+            return -2;
+        dctx->kdf_outlen = (size_t)p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN:
+        *(int *)p2 = dctx->kdf_outlen;
+        return 1;
+
+    case EVP_PKEY_CTRL_EC_KDF_UKM:
+        OPENSSL_free(dctx->kdf_ukm);
+        dctx->kdf_ukm = p2;
+        if (p2)
+            dctx->kdf_ukmlen = p1;
+        else
+            dctx->kdf_ukmlen = 0;
+        return 1;
+
+    case EVP_PKEY_CTRL_GET_EC_KDF_UKM:
+        *(unsigned char **)p2 = dctx->kdf_ukm;
+        return dctx->kdf_ukmlen;
+
+    case EVP_PKEY_CTRL_MD:
+        if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 &&
+            EVP_MD_type((const EVP_MD *)p2) != NID_ecdsa_with_SHA1 &&
+            EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
+            EVP_MD_type((const EVP_MD *)p2) != NID_sha256 &&
+            EVP_MD_type((const EVP_MD *)p2) != NID_sha384 &&
+            EVP_MD_type((const EVP_MD *)p2) != NID_sha512) {
+            ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_DIGEST_TYPE);
+            return 0;
+        }
+        dctx->md = p2;
+        return 1;
+
+    case EVP_PKEY_CTRL_GET_MD:
+        *(const EVP_MD **)p2 = dctx->md;
+        return 1;
+
+    case EVP_PKEY_CTRL_PEER_KEY:
+        /* Default behaviour is OK */
+    case EVP_PKEY_CTRL_DIGESTINIT:
+    case EVP_PKEY_CTRL_PKCS7_SIGN:
+    case EVP_PKEY_CTRL_CMS_SIGN:
+        return 1;
+
+    default:
+        return -2;
+
+    }
+}
+
+static int pkey_ec_ctrl_str(EVP_PKEY_CTX *ctx,
+                            const char *type, const char *value)
+{
+    if (strcmp(type, "ec_paramgen_curve") == 0) {
+        int nid;
+        nid = EC_curve_nist2nid(value);
+        if (nid == NID_undef)
+            nid = OBJ_sn2nid(value);
+        if (nid == NID_undef)
+            nid = OBJ_ln2nid(value);
+        if (nid == NID_undef) {
+            ECerr(EC_F_PKEY_EC_CTRL_STR, EC_R_INVALID_CURVE);
+            return 0;
+        }
+        return EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid);
+    } else if (strcmp(type, "ec_param_enc") == 0) {
+        int param_enc;
+        if (strcmp(value, "explicit") == 0)
+            param_enc = 0;
+        else if (strcmp(value, "named_curve") == 0)
+            param_enc = OPENSSL_EC_NAMED_CURVE;
+        else
+            return -2;
+        return EVP_PKEY_CTX_set_ec_param_enc(ctx, param_enc);
+    } else if (strcmp(type, "ecdh_kdf_md") == 0) {
+        const EVP_MD *md;
+        if ((md = EVP_get_digestbyname(value)) == NULL) {
+            ECerr(EC_F_PKEY_EC_CTRL_STR, EC_R_INVALID_DIGEST);
+            return 0;
+        }
+        return EVP_PKEY_CTX_set_ecdh_kdf_md(ctx, md);
+    } else if (strcmp(type, "ecdh_cofactor_mode") == 0) {
+        int co_mode;
+        co_mode = atoi(value);
+        return EVP_PKEY_CTX_set_ecdh_cofactor_mode(ctx, co_mode);
+    }
+
+    return -2;
+}
+
+static int pkey_ec_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+    EC_KEY *ec = NULL;
+    EC_PKEY_CTX *dctx = ctx->data;
+    int ret;
+
+    if (dctx->gen_group == NULL) {
+        ECerr(EC_F_PKEY_EC_PARAMGEN, EC_R_NO_PARAMETERS_SET);
+        return 0;
+    }
+    ec = EC_KEY_new();
+    if (ec == NULL)
+        return 0;
+    if (!(ret = EC_KEY_set_group(ec, dctx->gen_group))
+        || !ossl_assert(ret = EVP_PKEY_assign_EC_KEY(pkey, ec)))
+        EC_KEY_free(ec);
+    return ret;
+}
+
+static int pkey_ec_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+    EC_KEY *ec = NULL;
+    EC_PKEY_CTX *dctx = ctx->data;
+    int ret;
+
+    if (ctx->pkey == NULL && dctx->gen_group == NULL) {
+        ECerr(EC_F_PKEY_EC_KEYGEN, EC_R_NO_PARAMETERS_SET);
+        return 0;
+    }
+    ec = EC_KEY_new();
+    if (ec == NULL)
+        return 0;
+    if (!ossl_assert(EVP_PKEY_assign_EC_KEY(pkey, ec))) {
+        EC_KEY_free(ec);
+        return 0;
+    }
+    /* Note: if error is returned, we count on caller to free pkey->pkey.ec */
+    if (ctx->pkey != NULL)
+        ret = EVP_PKEY_copy_parameters(pkey, ctx->pkey);
+    else
+        ret = EC_KEY_set_group(ec, dctx->gen_group);
+
+    return ret ? EC_KEY_generate_key(ec) : 0;
+}
+
+const EVP_PKEY_METHOD ec_pkey_meth = {
+    EVP_PKEY_EC,
+    0,
+    pkey_ec_init,
+    pkey_ec_copy,
+    pkey_ec_cleanup,
+
+    0,
+    pkey_ec_paramgen,
+
+    0,
+    pkey_ec_keygen,
+
+    0,
+    pkey_ec_sign,
+
+    0,
+    pkey_ec_verify,
+
+    0, 0,
+
+    0, 0, 0, 0,
+
+    0,
+    0,
+
+    0,
+    0,
+
+    0,
+#ifndef OPENSSL_NO_EC
+    pkey_ec_kdf_derive,
+#else
+    0,
+#endif
+    pkey_ec_ctrl,
+    pkey_ec_ctrl_str
+};
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_print.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_print.c
new file mode 100644
index 000000000..027a51928
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_print.c
@@ -0,0 +1,121 @@
+/*
+ * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include "ec_lcl.h"
+
+BIGNUM *EC_POINT_point2bn(const EC_GROUP *group,
+                          const EC_POINT *point,
+                          point_conversion_form_t form,
+                          BIGNUM *ret, BN_CTX *ctx)
+{
+    size_t buf_len = 0;
+    unsigned char *buf;
+
+    buf_len = EC_POINT_point2buf(group, point, form, &buf, ctx);
+
+    if (buf_len == 0)
+        return NULL;
+
+    ret = BN_bin2bn(buf, buf_len, ret);
+
+    OPENSSL_free(buf);
+
+    return ret;
+}
+
+EC_POINT *EC_POINT_bn2point(const EC_GROUP *group,
+                            const BIGNUM *bn, EC_POINT *point, BN_CTX *ctx)
+{
+    size_t buf_len = 0;
+    unsigned char *buf;
+    EC_POINT *ret;
+
+    if ((buf_len = BN_num_bytes(bn)) == 0)
+        return NULL;
+    if ((buf = OPENSSL_malloc(buf_len)) == NULL) {
+        ECerr(EC_F_EC_POINT_BN2POINT, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if (!BN_bn2bin(bn, buf)) {
+        OPENSSL_free(buf);
+        return NULL;
+    }
+
+    if (point == NULL) {
+        if ((ret = EC_POINT_new(group)) == NULL) {
+            OPENSSL_free(buf);
+            return NULL;
+        }
+    } else
+        ret = point;
+
+    if (!EC_POINT_oct2point(group, ret, buf, buf_len, ctx)) {
+        if (ret != point)
+            EC_POINT_clear_free(ret);
+        OPENSSL_free(buf);
+        return NULL;
+    }
+
+    OPENSSL_free(buf);
+    return ret;
+}
+
+static const char *HEX_DIGITS = "0123456789ABCDEF";
+
+/* the return value must be freed (using OPENSSL_free()) */
+char *EC_POINT_point2hex(const EC_GROUP *group,
+                         const EC_POINT *point,
+                         point_conversion_form_t form, BN_CTX *ctx)
+{
+    char *ret, *p;
+    size_t buf_len = 0, i;
+    unsigned char *buf = NULL, *pbuf;
+
+    buf_len = EC_POINT_point2buf(group, point, form, &buf, ctx);
+
+    if (buf_len == 0)
+        return NULL;
+
+    ret = OPENSSL_malloc(buf_len * 2 + 2);
+    if (ret == NULL) {
+        OPENSSL_free(buf);
+        return NULL;
+    }
+    p = ret;
+    pbuf = buf;
+    for (i = buf_len; i > 0; i--) {
+        int v = (int)*(pbuf++);
+        *(p++) = HEX_DIGITS[v >> 4];
+        *(p++) = HEX_DIGITS[v & 0x0F];
+    }
+    *p = '\0';
+
+    OPENSSL_free(buf);
+
+    return ret;
+}
+
+EC_POINT *EC_POINT_hex2point(const EC_GROUP *group,
+                             const char *buf, EC_POINT *point, BN_CTX *ctx)
+{
+    EC_POINT *ret = NULL;
+    BIGNUM *tmp_bn = NULL;
+
+    if (!BN_hex2bn(&tmp_bn, buf))
+        return NULL;
+
+    ret = EC_POINT_bn2point(group, tmp_bn, point, ctx);
+
+    BN_clear_free(tmp_bn);
+
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecdh_kdf.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecdh_kdf.c
new file mode 100644
index 000000000..d686f9d89
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecdh_kdf.c
@@ -0,0 +1,81 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include <openssl/ec.h>
+#include <openssl/evp.h>
+#include "ec_lcl.h"
+
+/* Key derivation function from X9.63/SECG */
+/* Way more than we will ever need */
+#define ECDH_KDF_MAX    (1 << 30)
+
+int ecdh_KDF_X9_63(unsigned char *out, size_t outlen,
+                   const unsigned char *Z, size_t Zlen,
+                   const unsigned char *sinfo, size_t sinfolen,
+                   const EVP_MD *md)
+{
+    EVP_MD_CTX *mctx = NULL;
+    int rv = 0;
+    unsigned int i;
+    size_t mdlen;
+    unsigned char ctr[4];
+    if (sinfolen > ECDH_KDF_MAX || outlen > ECDH_KDF_MAX
+        || Zlen > ECDH_KDF_MAX)
+        return 0;
+    mctx = EVP_MD_CTX_new();
+    if (mctx == NULL)
+        return 0;
+    mdlen = EVP_MD_size(md);
+    for (i = 1;; i++) {
+        unsigned char mtmp[EVP_MAX_MD_SIZE];
+        if (!EVP_DigestInit_ex(mctx, md, NULL))
+            goto err;
+        ctr[3] = i & 0xFF;
+        ctr[2] = (i >> 8) & 0xFF;
+        ctr[1] = (i >> 16) & 0xFF;
+        ctr[0] = (i >> 24) & 0xFF;
+        if (!EVP_DigestUpdate(mctx, Z, Zlen))
+            goto err;
+        if (!EVP_DigestUpdate(mctx, ctr, sizeof(ctr)))
+            goto err;
+        if (!EVP_DigestUpdate(mctx, sinfo, sinfolen))
+            goto err;
+        if (outlen >= mdlen) {
+            if (!EVP_DigestFinal(mctx, out, NULL))
+                goto err;
+            outlen -= mdlen;
+            if (outlen == 0)
+                break;
+            out += mdlen;
+        } else {
+            if (!EVP_DigestFinal(mctx, mtmp, NULL))
+                goto err;
+            memcpy(out, mtmp, outlen);
+            OPENSSL_cleanse(mtmp, mdlen);
+            break;
+        }
+    }
+    rv = 1;
+ err:
+    EVP_MD_CTX_free(mctx);
+    return rv;
+}
+
+/*-
+ * The old name for ecdh_KDF_X9_63
+ * Retained for ABI compatibility
+ */
+int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
+                   const unsigned char *Z, size_t Zlen,
+                   const unsigned char *sinfo, size_t sinfolen,
+                   const EVP_MD *md)
+{
+    return ecdh_KDF_X9_63(out, outlen, Z, Zlen, sinfo, sinfolen, md);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecdh_ossl.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecdh_ossl.c
new file mode 100644
index 000000000..bd93793a1
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecdh_ossl.c
@@ -0,0 +1,121 @@
+/*
+ * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include <limits.h>
+
+#include "internal/cryptlib.h"
+
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/objects.h>
+#include <openssl/ec.h>
+#include "ec_lcl.h"
+
+int ossl_ecdh_compute_key(unsigned char **psec, size_t *pseclen,
+                          const EC_POINT *pub_key, const EC_KEY *ecdh)
+{
+    if (ecdh->group->meth->ecdh_compute_key == NULL) {
+        ECerr(EC_F_OSSL_ECDH_COMPUTE_KEY, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH);
+        return 0;
+    }
+
+    return ecdh->group->meth->ecdh_compute_key(psec, pseclen, pub_key, ecdh);
+}
+
+/*-
+ * This implementation is based on the following primitives in the IEEE 1363 standard:
+ *  - ECKAS-DH1
+ *  - ECSVDP-DH
+ */
+int ecdh_simple_compute_key(unsigned char **pout, size_t *poutlen,
+                            const EC_POINT *pub_key, const EC_KEY *ecdh)
+{
+    BN_CTX *ctx;
+    EC_POINT *tmp = NULL;
+    BIGNUM *x = NULL;
+    const BIGNUM *priv_key;
+    const EC_GROUP *group;
+    int ret = 0;
+    size_t buflen, len;
+    unsigned char *buf = NULL;
+
+    if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+    x = BN_CTX_get(ctx);
+    if (x == NULL) {
+        ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    priv_key = EC_KEY_get0_private_key(ecdh);
+    if (priv_key == NULL) {
+        ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, EC_R_NO_PRIVATE_VALUE);
+        goto err;
+    }
+
+    group = EC_KEY_get0_group(ecdh);
+
+    if (EC_KEY_get_flags(ecdh) & EC_FLAG_COFACTOR_ECDH) {
+        if (!EC_GROUP_get_cofactor(group, x, NULL) ||
+            !BN_mul(x, x, priv_key, ctx)) {
+            ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        priv_key = x;
+    }
+
+    if ((tmp = EC_POINT_new(group)) == NULL) {
+        ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (!EC_POINT_mul(group, tmp, NULL, pub_key, priv_key, ctx)) {
+        ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, EC_R_POINT_ARITHMETIC_FAILURE);
+        goto err;
+    }
+
+    if (!EC_POINT_get_affine_coordinates(group, tmp, x, NULL, ctx)) {
+        ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, EC_R_POINT_ARITHMETIC_FAILURE);
+        goto err;
+    }
+
+    buflen = (EC_GROUP_get_degree(group) + 7) / 8;
+    len = BN_num_bytes(x);
+    if (len > buflen) {
+        ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    if ((buf = OPENSSL_malloc(buflen)) == NULL) {
+        ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    memset(buf, 0, buflen - len);
+    if (len != (size_t)BN_bn2bin(x, buf + buflen - len)) {
+        ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    *pout = buf;
+    *poutlen = buflen;
+    buf = NULL;
+
+    ret = 1;
+
+ err:
+    EC_POINT_free(tmp);
+    if (ctx)
+        BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    OPENSSL_free(buf);
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecdsa_ossl.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecdsa_ossl.c
new file mode 100644
index 000000000..e35c7600d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecdsa_ossl.c
@@ -0,0 +1,417 @@
+/*
+ * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include <openssl/err.h>
+#include <openssl/obj_mac.h>
+#include <openssl/rand.h>
+#include "internal/bn_int.h"
+#include "ec_lcl.h"
+
+int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen,
+                    unsigned char *sig, unsigned int *siglen,
+                    const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey)
+{
+    ECDSA_SIG *s;
+
+    s = ECDSA_do_sign_ex(dgst, dlen, kinv, r, eckey);
+    if (s == NULL) {
+        *siglen = 0;
+        return 0;
+    }
+    *siglen = i2d_ECDSA_SIG(s, &sig);
+    ECDSA_SIG_free(s);
+    return 1;
+}
+
+static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in,
+                            BIGNUM **kinvp, BIGNUM **rp,
+                            const unsigned char *dgst, int dlen)
+{
+    BN_CTX *ctx = NULL;
+    BIGNUM *k = NULL, *r = NULL, *X = NULL;
+    const BIGNUM *order;
+    EC_POINT *tmp_point = NULL;
+    const EC_GROUP *group;
+    int ret = 0;
+    int order_bits;
+
+    if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) {
+        ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
+    if (!EC_KEY_can_sign(eckey)) {
+        ECerr(EC_F_ECDSA_SIGN_SETUP, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING);
+        return 0;
+    }
+
+    if ((ctx = ctx_in) == NULL) {
+        if ((ctx = BN_CTX_new()) == NULL) {
+            ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+    }
+
+    k = BN_new();               /* this value is later returned in *kinvp */
+    r = BN_new();               /* this value is later returned in *rp */
+    X = BN_new();
+    if (k == NULL || r == NULL || X == NULL) {
+        ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if ((tmp_point = EC_POINT_new(group)) == NULL) {
+        ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
+        goto err;
+    }
+    order = EC_GROUP_get0_order(group);
+
+    /* Preallocate space */
+    order_bits = BN_num_bits(order);
+    if (!BN_set_bit(k, order_bits)
+        || !BN_set_bit(r, order_bits)
+        || !BN_set_bit(X, order_bits))
+        goto err;
+
+    do {
+        /* get random k */
+        do {
+            if (dgst != NULL) {
+                if (!BN_generate_dsa_nonce(k, order,
+                                           EC_KEY_get0_private_key(eckey),
+                                           dgst, dlen, ctx)) {
+                    ECerr(EC_F_ECDSA_SIGN_SETUP,
+                          EC_R_RANDOM_NUMBER_GENERATION_FAILED);
+                    goto err;
+                }
+            } else {
+                if (!BN_priv_rand_range(k, order)) {
+                    ECerr(EC_F_ECDSA_SIGN_SETUP,
+                          EC_R_RANDOM_NUMBER_GENERATION_FAILED);
+                    goto err;
+                }
+            }
+        } while (BN_is_zero(k));
+
+        /* compute r the x-coordinate of generator * k */
+        if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) {
+            ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
+            goto err;
+        }
+
+        if (!EC_POINT_get_affine_coordinates(group, tmp_point, X, NULL, ctx)) {
+            ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
+            goto err;
+        }
+
+        if (!BN_nnmod(r, X, order, ctx)) {
+            ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
+            goto err;
+        }
+    } while (BN_is_zero(r));
+
+    /* compute the inverse of k */
+    if (!ec_group_do_inverse_ord(group, k, k, ctx)) {
+        ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    /* clear old values if necessary */
+    BN_clear_free(*rp);
+    BN_clear_free(*kinvp);
+    /* save the pre-computed values  */
+    *rp = r;
+    *kinvp = k;
+    ret = 1;
+ err:
+    if (!ret) {
+        BN_clear_free(k);
+        BN_clear_free(r);
+    }
+    if (ctx != ctx_in)
+        BN_CTX_free(ctx);
+    EC_POINT_free(tmp_point);
+    BN_clear_free(X);
+    return ret;
+}
+
+int ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
+                          BIGNUM **rp)
+{
+    return ecdsa_sign_setup(eckey, ctx_in, kinvp, rp, NULL, 0);
+}
+
+ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
+                               const BIGNUM *in_kinv, const BIGNUM *in_r,
+                               EC_KEY *eckey)
+{
+    int ok = 0, i;
+    BIGNUM *kinv = NULL, *s, *m = NULL;
+    const BIGNUM *order, *ckinv;
+    BN_CTX *ctx = NULL;
+    const EC_GROUP *group;
+    ECDSA_SIG *ret;
+    const BIGNUM *priv_key;
+
+    group = EC_KEY_get0_group(eckey);
+    priv_key = EC_KEY_get0_private_key(eckey);
+
+    if (group == NULL || priv_key == NULL) {
+        ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+
+    if (!EC_KEY_can_sign(eckey)) {
+        ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING);
+        return NULL;
+    }
+
+    ret = ECDSA_SIG_new();
+    if (ret == NULL) {
+        ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    ret->r = BN_new();
+    ret->s = BN_new();
+    if (ret->r == NULL || ret->s == NULL) {
+        ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    s = ret->s;
+
+    if ((ctx = BN_CTX_new()) == NULL
+        || (m = BN_new()) == NULL) {
+        ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    order = EC_GROUP_get0_order(group);
+    i = BN_num_bits(order);
+    /*
+     * Need to truncate digest if it is too long: first truncate whole bytes.
+     */
+    if (8 * dgst_len > i)
+        dgst_len = (i + 7) / 8;
+    if (!BN_bin2bn(dgst, dgst_len, m)) {
+        ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
+        goto err;
+    }
+    /* If still too long, truncate remaining bits with a shift */
+    if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
+        ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
+        goto err;
+    }
+    do {
+        if (in_kinv == NULL || in_r == NULL) {
+            if (!ecdsa_sign_setup(eckey, ctx, &kinv, &ret->r, dgst, dgst_len)) {
+                ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_ECDSA_LIB);
+                goto err;
+            }
+            ckinv = kinv;
+        } else {
+            ckinv = in_kinv;
+            if (BN_copy(ret->r, in_r) == NULL) {
+                ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+        }
+
+        /*
+         * With only one multiplicant being in Montgomery domain
+         * multiplication yields real result without post-conversion.
+         * Also note that all operations but last are performed with
+         * zero-padded vectors. Last operation, BN_mod_mul_montgomery
+         * below, returns user-visible value with removed zero padding.
+         */
+        if (!bn_to_mont_fixed_top(s, ret->r, group->mont_data, ctx)
+            || !bn_mul_mont_fixed_top(s, s, priv_key, group->mont_data, ctx)) {
+            ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
+            goto err;
+        }
+        if (!bn_mod_add_fixed_top(s, s, m, order)) {
+            ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
+            goto err;
+        }
+        /*
+         * |s| can still be larger than modulus, because |m| can be. In
+         * such case we count on Montgomery reduction to tie it up.
+         */
+        if (!bn_to_mont_fixed_top(s, s, group->mont_data, ctx)
+            || !BN_mod_mul_montgomery(s, s, ckinv, group->mont_data, ctx)) {
+            ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
+            goto err;
+        }
+
+        if (BN_is_zero(s)) {
+            /*
+             * if kinv and r have been supplied by the caller, don't
+             * generate new kinv and r values
+             */
+            if (in_kinv != NULL && in_r != NULL) {
+                ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_NEED_NEW_SETUP_VALUES);
+                goto err;
+            }
+        } else {
+            /* s != 0 => we have a valid signature */
+            break;
+        }
+    } while (1);
+
+    ok = 1;
+ err:
+    if (!ok) {
+        ECDSA_SIG_free(ret);
+        ret = NULL;
+    }
+    BN_CTX_free(ctx);
+    BN_clear_free(m);
+    BN_clear_free(kinv);
+    return ret;
+}
+
+/*-
+ * returns
+ *      1: correct signature
+ *      0: incorrect signature
+ *     -1: error
+ */
+int ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len,
+                      const unsigned char *sigbuf, int sig_len, EC_KEY *eckey)
+{
+    ECDSA_SIG *s;
+    const unsigned char *p = sigbuf;
+    unsigned char *der = NULL;
+    int derlen = -1;
+    int ret = -1;
+
+    s = ECDSA_SIG_new();
+    if (s == NULL)
+        return ret;
+    if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL)
+        goto err;
+    /* Ensure signature uses DER and doesn't have trailing garbage */
+    derlen = i2d_ECDSA_SIG(s, &der);
+    if (derlen != sig_len || memcmp(sigbuf, der, derlen) != 0)
+        goto err;
+    ret = ECDSA_do_verify(dgst, dgst_len, s, eckey);
+ err:
+    OPENSSL_clear_free(der, derlen);
+    ECDSA_SIG_free(s);
+    return ret;
+}
+
+int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
+                          const ECDSA_SIG *sig, EC_KEY *eckey)
+{
+    int ret = -1, i;
+    BN_CTX *ctx;
+    const BIGNUM *order;
+    BIGNUM *u1, *u2, *m, *X;
+    EC_POINT *point = NULL;
+    const EC_GROUP *group;
+    const EC_POINT *pub_key;
+
+    /* check input values */
+    if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL ||
+        (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, EC_R_MISSING_PARAMETERS);
+        return -1;
+    }
+
+    if (!EC_KEY_can_sign(eckey)) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING);
+        return -1;
+    }
+
+    ctx = BN_CTX_new();
+    if (ctx == NULL) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+    BN_CTX_start(ctx);
+    u1 = BN_CTX_get(ctx);
+    u2 = BN_CTX_get(ctx);
+    m = BN_CTX_get(ctx);
+    X = BN_CTX_get(ctx);
+    if (X == NULL) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    order = EC_GROUP_get0_order(group);
+    if (order == NULL) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
+        BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) ||
+        BN_is_negative(sig->s) || BN_ucmp(sig->s, order) >= 0) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, EC_R_BAD_SIGNATURE);
+        ret = 0;                /* signature is invalid */
+        goto err;
+    }
+    /* calculate tmp1 = inv(S) mod order */
+    if (!ec_group_do_inverse_ord(group, u2, sig->s, ctx)) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
+        goto err;
+    }
+    /* digest -> m */
+    i = BN_num_bits(order);
+    /*
+     * Need to truncate digest if it is too long: first truncate whole bytes.
+     */
+    if (8 * dgst_len > i)
+        dgst_len = (i + 7) / 8;
+    if (!BN_bin2bn(dgst, dgst_len, m)) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
+        goto err;
+    }
+    /* If still too long truncate remaining bits with a shift */
+    if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
+        goto err;
+    }
+    /* u1 = m * tmp mod order */
+    if (!BN_mod_mul(u1, m, u2, order, ctx)) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
+        goto err;
+    }
+    /* u2 = r * w mod q */
+    if (!BN_mod_mul(u2, sig->r, u2, order, ctx)) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    if ((point = EC_POINT_new(group)) == NULL) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (!EC_POINT_mul(group, point, u1, pub_key, u2, ctx)) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    if (!EC_POINT_get_affine_coordinates(group, point, X, NULL, ctx)) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    if (!BN_nnmod(u1, X, order, ctx)) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
+        goto err;
+    }
+    /*  if the signature is correct u1 is equal to sig->r */
+    ret = (BN_ucmp(u1, sig->r) == 0);
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    EC_POINT_free(point);
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecdsa_sign.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecdsa_sign.c
new file mode 100644
index 000000000..aee06e991
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecdsa_sign.c
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/ec.h>
+#include "ec_lcl.h"
+#include <openssl/err.h>
+
+ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey)
+{
+    return ECDSA_do_sign_ex(dgst, dlen, NULL, NULL, eckey);
+}
+
+ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dlen,
+                            const BIGNUM *kinv, const BIGNUM *rp,
+                            EC_KEY *eckey)
+{
+    if (eckey->meth->sign_sig != NULL)
+        return eckey->meth->sign_sig(dgst, dlen, kinv, rp, eckey);
+    ECerr(EC_F_ECDSA_DO_SIGN_EX, EC_R_OPERATION_NOT_SUPPORTED);
+    return NULL;
+}
+
+int ECDSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char
+               *sig, unsigned int *siglen, EC_KEY *eckey)
+{
+    return ECDSA_sign_ex(type, dgst, dlen, sig, siglen, NULL, NULL, eckey);
+}
+
+int ECDSA_sign_ex(int type, const unsigned char *dgst, int dlen,
+                  unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv,
+                  const BIGNUM *r, EC_KEY *eckey)
+{
+    if (eckey->meth->sign != NULL)
+        return eckey->meth->sign(type, dgst, dlen, sig, siglen, kinv, r, eckey);
+    ECerr(EC_F_ECDSA_SIGN_EX, EC_R_OPERATION_NOT_SUPPORTED);
+    return 0;
+}
+
+int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
+                     BIGNUM **rp)
+{
+    if (eckey->meth->sign_setup != NULL)
+        return eckey->meth->sign_setup(eckey, ctx_in, kinvp, rp);
+    ECerr(EC_F_ECDSA_SIGN_SETUP, EC_R_OPERATION_NOT_SUPPORTED);
+    return 0;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecdsa_vrf.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecdsa_vrf.c
new file mode 100644
index 000000000..f61a20063
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecdsa_vrf.c
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/ec.h>
+#include "ec_lcl.h"
+#include <openssl/err.h>
+
+/*-
+ * returns
+ *      1: correct signature
+ *      0: incorrect signature
+ *     -1: error
+ */
+int ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
+                    const ECDSA_SIG *sig, EC_KEY *eckey)
+{
+    if (eckey->meth->verify_sig != NULL)
+        return eckey->meth->verify_sig(dgst, dgst_len, sig, eckey);
+    ECerr(EC_F_ECDSA_DO_VERIFY, EC_R_OPERATION_NOT_SUPPORTED);
+    return 0;
+}
+
+/*-
+ * returns
+ *      1: correct signature
+ *      0: incorrect signature
+ *     -1: error
+ */
+int ECDSA_verify(int type, const unsigned char *dgst, int dgst_len,
+                 const unsigned char *sigbuf, int sig_len, EC_KEY *eckey)
+{
+    if (eckey->meth->verify != NULL)
+        return eckey->meth->verify(type, dgst, dgst_len, sigbuf, sig_len,
+                                   eckey);
+    ECerr(EC_F_ECDSA_VERIFY, EC_R_OPERATION_NOT_SUPPORTED);
+    return 0;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/eck_prn.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/eck_prn.c
new file mode 100644
index 000000000..b538fadcb
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/eck_prn.c
@@ -0,0 +1,259 @@
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/ec.h>
+#include <openssl/bn.h>
+
+#ifndef OPENSSL_NO_STDIO
+int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        ECerr(EC_F_ECPKPARAMETERS_PRINT_FP, ERR_R_BUF_LIB);
+        return 0;
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = ECPKParameters_print(b, x, off);
+    BIO_free(b);
+    return ret;
+}
+
+int EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        ECerr(EC_F_EC_KEY_PRINT_FP, ERR_R_BIO_LIB);
+        return 0;
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = EC_KEY_print(b, x, off);
+    BIO_free(b);
+    return ret;
+}
+
+int ECParameters_print_fp(FILE *fp, const EC_KEY *x)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        ECerr(EC_F_ECPARAMETERS_PRINT_FP, ERR_R_BIO_LIB);
+        return 0;
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = ECParameters_print(b, x);
+    BIO_free(b);
+    return ret;
+}
+#endif
+
+static int print_bin(BIO *fp, const char *str, const unsigned char *num,
+                     size_t len, int off);
+
+int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off)
+{
+    int ret = 0, reason = ERR_R_BIO_LIB;
+    BN_CTX *ctx = NULL;
+    const EC_POINT *point = NULL;
+    BIGNUM *p = NULL, *a = NULL, *b = NULL, *gen = NULL;
+    const BIGNUM *order = NULL, *cofactor = NULL;
+    const unsigned char *seed;
+    size_t seed_len = 0;
+
+    static const char *gen_compressed = "Generator (compressed):";
+    static const char *gen_uncompressed = "Generator (uncompressed):";
+    static const char *gen_hybrid = "Generator (hybrid):";
+
+    if (!x) {
+        reason = ERR_R_PASSED_NULL_PARAMETER;
+        goto err;
+    }
+
+    ctx = BN_CTX_new();
+    if (ctx == NULL) {
+        reason = ERR_R_MALLOC_FAILURE;
+        goto err;
+    }
+
+    if (EC_GROUP_get_asn1_flag(x)) {
+        /* the curve parameter are given by an asn1 OID */
+        int nid;
+        const char *nname;
+
+        if (!BIO_indent(bp, off, 128))
+            goto err;
+
+        nid = EC_GROUP_get_curve_name(x);
+        if (nid == 0)
+            goto err;
+        if (BIO_printf(bp, "ASN1 OID: %s", OBJ_nid2sn(nid)) <= 0)
+            goto err;
+        if (BIO_printf(bp, "\n") <= 0)
+            goto err;
+        nname = EC_curve_nid2nist(nid);
+        if (nname) {
+            if (!BIO_indent(bp, off, 128))
+                goto err;
+            if (BIO_printf(bp, "NIST CURVE: %s\n", nname) <= 0)
+                goto err;
+        }
+    } else {
+        /* explicit parameters */
+        int is_char_two = 0;
+        point_conversion_form_t form;
+        int tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(x));
+
+        if (tmp_nid == NID_X9_62_characteristic_two_field)
+            is_char_two = 1;
+
+        if ((p = BN_new()) == NULL || (a = BN_new()) == NULL ||
+            (b = BN_new()) == NULL) {
+            reason = ERR_R_MALLOC_FAILURE;
+            goto err;
+        }
+
+        if (!EC_GROUP_get_curve(x, p, a, b, ctx)) {
+            reason = ERR_R_EC_LIB;
+            goto err;
+        }
+
+        if ((point = EC_GROUP_get0_generator(x)) == NULL) {
+            reason = ERR_R_EC_LIB;
+            goto err;
+        }
+        order = EC_GROUP_get0_order(x);
+        cofactor = EC_GROUP_get0_cofactor(x);
+        if (order == NULL) {
+            reason = ERR_R_EC_LIB;
+            goto err;
+        }
+
+        form = EC_GROUP_get_point_conversion_form(x);
+
+        if ((gen = EC_POINT_point2bn(x, point, form, NULL, ctx)) == NULL) {
+            reason = ERR_R_EC_LIB;
+            goto err;
+        }
+
+        if ((seed = EC_GROUP_get0_seed(x)) != NULL)
+            seed_len = EC_GROUP_get_seed_len(x);
+
+        if (!BIO_indent(bp, off, 128))
+            goto err;
+
+        /* print the 'short name' of the field type */
+        if (BIO_printf(bp, "Field Type: %s\n", OBJ_nid2sn(tmp_nid))
+            <= 0)
+            goto err;
+
+        if (is_char_two) {
+            /* print the 'short name' of the base type OID */
+            int basis_type = EC_GROUP_get_basis_type(x);
+            if (basis_type == 0)
+                goto err;
+
+            if (!BIO_indent(bp, off, 128))
+                goto err;
+
+            if (BIO_printf(bp, "Basis Type: %s\n",
+                           OBJ_nid2sn(basis_type)) <= 0)
+                goto err;
+
+            /* print the polynomial */
+            if ((p != NULL) && !ASN1_bn_print(bp, "Polynomial:", p, NULL,
+                                              off))
+                goto err;
+        } else {
+            if ((p != NULL) && !ASN1_bn_print(bp, "Prime:", p, NULL, off))
+                goto err;
+        }
+        if ((a != NULL) && !ASN1_bn_print(bp, "A:   ", a, NULL, off))
+            goto err;
+        if ((b != NULL) && !ASN1_bn_print(bp, "B:   ", b, NULL, off))
+            goto err;
+        if (form == POINT_CONVERSION_COMPRESSED) {
+            if ((gen != NULL) && !ASN1_bn_print(bp, gen_compressed, gen,
+                                                NULL, off))
+                goto err;
+        } else if (form == POINT_CONVERSION_UNCOMPRESSED) {
+            if ((gen != NULL) && !ASN1_bn_print(bp, gen_uncompressed, gen,
+                                                NULL, off))
+                goto err;
+        } else {                /* form == POINT_CONVERSION_HYBRID */
+
+            if ((gen != NULL) && !ASN1_bn_print(bp, gen_hybrid, gen,
+                                                NULL, off))
+                goto err;
+        }
+        if ((order != NULL) && !ASN1_bn_print(bp, "Order: ", order,
+                                              NULL, off))
+            goto err;
+        if ((cofactor != NULL) && !ASN1_bn_print(bp, "Cofactor: ", cofactor,
+                                                 NULL, off))
+            goto err;
+        if (seed && !print_bin(bp, "Seed:", seed, seed_len, off))
+            goto err;
+    }
+    ret = 1;
+ err:
+    if (!ret)
+        ECerr(EC_F_ECPKPARAMETERS_PRINT, reason);
+    BN_free(p);
+    BN_free(a);
+    BN_free(b);
+    BN_free(gen);
+    BN_CTX_free(ctx);
+    return ret;
+}
+
+static int print_bin(BIO *fp, const char *name, const unsigned char *buf,
+                     size_t len, int off)
+{
+    size_t i;
+    char str[128 + 1 + 4];
+
+    if (buf == NULL)
+        return 1;
+    if (off > 0) {
+        if (off > 128)
+            off = 128;
+        memset(str, ' ', off);
+        if (BIO_write(fp, str, off) <= 0)
+            return 0;
+    } else {
+        off = 0;
+    }
+
+    if (BIO_printf(fp, "%s", name) <= 0)
+        return 0;
+
+    for (i = 0; i < len; i++) {
+        if ((i % 15) == 0) {
+            str[0] = '\n';
+            memset(&(str[1]), ' ', off + 4);
+            if (BIO_write(fp, str, off + 1 + 4) <= 0)
+                return 0;
+        }
+        if (BIO_printf(fp, "%02x%s", buf[i], ((i + 1) == len) ? "" : ":") <=
+            0)
+            return 0;
+    }
+    if (BIO_write(fp, "\n", 1) <= 0)
+        return 0;
+
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_mont.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_mont.c
new file mode 100644
index 000000000..252e66ef3
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_mont.c
@@ -0,0 +1,291 @@
+/*
+ * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+
+#include "ec_lcl.h"
+
+const EC_METHOD *EC_GFp_mont_method(void)
+{
+    static const EC_METHOD ret = {
+        EC_FLAGS_DEFAULT_OCT,
+        NID_X9_62_prime_field,
+        ec_GFp_mont_group_init,
+        ec_GFp_mont_group_finish,
+        ec_GFp_mont_group_clear_finish,
+        ec_GFp_mont_group_copy,
+        ec_GFp_mont_group_set_curve,
+        ec_GFp_simple_group_get_curve,
+        ec_GFp_simple_group_get_degree,
+        ec_group_simple_order_bits,
+        ec_GFp_simple_group_check_discriminant,
+        ec_GFp_simple_point_init,
+        ec_GFp_simple_point_finish,
+        ec_GFp_simple_point_clear_finish,
+        ec_GFp_simple_point_copy,
+        ec_GFp_simple_point_set_to_infinity,
+        ec_GFp_simple_set_Jprojective_coordinates_GFp,
+        ec_GFp_simple_get_Jprojective_coordinates_GFp,
+        ec_GFp_simple_point_set_affine_coordinates,
+        ec_GFp_simple_point_get_affine_coordinates,
+        0, 0, 0,
+        ec_GFp_simple_add,
+        ec_GFp_simple_dbl,
+        ec_GFp_simple_invert,
+        ec_GFp_simple_is_at_infinity,
+        ec_GFp_simple_is_on_curve,
+        ec_GFp_simple_cmp,
+        ec_GFp_simple_make_affine,
+        ec_GFp_simple_points_make_affine,
+        0 /* mul */ ,
+        0 /* precompute_mult */ ,
+        0 /* have_precompute_mult */ ,
+        ec_GFp_mont_field_mul,
+        ec_GFp_mont_field_sqr,
+        0 /* field_div */ ,
+        ec_GFp_mont_field_inv,
+        ec_GFp_mont_field_encode,
+        ec_GFp_mont_field_decode,
+        ec_GFp_mont_field_set_to_one,
+        ec_key_simple_priv2oct,
+        ec_key_simple_oct2priv,
+        0, /* set private */
+        ec_key_simple_generate_key,
+        ec_key_simple_check_key,
+        ec_key_simple_generate_public_key,
+        0, /* keycopy */
+        0, /* keyfinish */
+        ecdh_simple_compute_key,
+        0, /* field_inverse_mod_ord */
+        ec_GFp_simple_blind_coordinates,
+        ec_GFp_simple_ladder_pre,
+        ec_GFp_simple_ladder_step,
+        ec_GFp_simple_ladder_post
+    };
+
+    return &ret;
+}
+
+int ec_GFp_mont_group_init(EC_GROUP *group)
+{
+    int ok;
+
+    ok = ec_GFp_simple_group_init(group);
+    group->field_data1 = NULL;
+    group->field_data2 = NULL;
+    return ok;
+}
+
+void ec_GFp_mont_group_finish(EC_GROUP *group)
+{
+    BN_MONT_CTX_free(group->field_data1);
+    group->field_data1 = NULL;
+    BN_free(group->field_data2);
+    group->field_data2 = NULL;
+    ec_GFp_simple_group_finish(group);
+}
+
+void ec_GFp_mont_group_clear_finish(EC_GROUP *group)
+{
+    BN_MONT_CTX_free(group->field_data1);
+    group->field_data1 = NULL;
+    BN_clear_free(group->field_data2);
+    group->field_data2 = NULL;
+    ec_GFp_simple_group_clear_finish(group);
+}
+
+int ec_GFp_mont_group_copy(EC_GROUP *dest, const EC_GROUP *src)
+{
+    BN_MONT_CTX_free(dest->field_data1);
+    dest->field_data1 = NULL;
+    BN_clear_free(dest->field_data2);
+    dest->field_data2 = NULL;
+
+    if (!ec_GFp_simple_group_copy(dest, src))
+        return 0;
+
+    if (src->field_data1 != NULL) {
+        dest->field_data1 = BN_MONT_CTX_new();
+        if (dest->field_data1 == NULL)
+            return 0;
+        if (!BN_MONT_CTX_copy(dest->field_data1, src->field_data1))
+            goto err;
+    }
+    if (src->field_data2 != NULL) {
+        dest->field_data2 = BN_dup(src->field_data2);
+        if (dest->field_data2 == NULL)
+            goto err;
+    }
+
+    return 1;
+
+ err:
+    BN_MONT_CTX_free(dest->field_data1);
+    dest->field_data1 = NULL;
+    return 0;
+}
+
+int ec_GFp_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p,
+                                const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+{
+    BN_CTX *new_ctx = NULL;
+    BN_MONT_CTX *mont = NULL;
+    BIGNUM *one = NULL;
+    int ret = 0;
+
+    BN_MONT_CTX_free(group->field_data1);
+    group->field_data1 = NULL;
+    BN_free(group->field_data2);
+    group->field_data2 = NULL;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    mont = BN_MONT_CTX_new();
+    if (mont == NULL)
+        goto err;
+    if (!BN_MONT_CTX_set(mont, p, ctx)) {
+        ECerr(EC_F_EC_GFP_MONT_GROUP_SET_CURVE, ERR_R_BN_LIB);
+        goto err;
+    }
+    one = BN_new();
+    if (one == NULL)
+        goto err;
+    if (!BN_to_montgomery(one, BN_value_one(), mont, ctx))
+        goto err;
+
+    group->field_data1 = mont;
+    mont = NULL;
+    group->field_data2 = one;
+    one = NULL;
+
+    ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);
+
+    if (!ret) {
+        BN_MONT_CTX_free(group->field_data1);
+        group->field_data1 = NULL;
+        BN_free(group->field_data2);
+        group->field_data2 = NULL;
+    }
+
+ err:
+    BN_free(one);
+    BN_CTX_free(new_ctx);
+    BN_MONT_CTX_free(mont);
+    return ret;
+}
+
+int ec_GFp_mont_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
+                          const BIGNUM *b, BN_CTX *ctx)
+{
+    if (group->field_data1 == NULL) {
+        ECerr(EC_F_EC_GFP_MONT_FIELD_MUL, EC_R_NOT_INITIALIZED);
+        return 0;
+    }
+
+    return BN_mod_mul_montgomery(r, a, b, group->field_data1, ctx);
+}
+
+int ec_GFp_mont_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
+                          BN_CTX *ctx)
+{
+    if (group->field_data1 == NULL) {
+        ECerr(EC_F_EC_GFP_MONT_FIELD_SQR, EC_R_NOT_INITIALIZED);
+        return 0;
+    }
+
+    return BN_mod_mul_montgomery(r, a, a, group->field_data1, ctx);
+}
+
+/*-
+ * Computes the multiplicative inverse of a in GF(p), storing the result in r.
+ * If a is zero (or equivalent), you'll get a EC_R_CANNOT_INVERT error.
+ * We have a Mont structure, so SCA hardening is FLT inversion.
+ */
+int ec_GFp_mont_field_inv(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
+                            BN_CTX *ctx)
+{
+    BIGNUM *e = NULL;
+    BN_CTX *new_ctx = NULL;
+    int ret = 0;
+
+    if (group->field_data1 == NULL)
+        return 0;
+
+    if (ctx == NULL && (ctx = new_ctx = BN_CTX_secure_new()) == NULL)
+        return 0;
+
+    BN_CTX_start(ctx);
+    if ((e = BN_CTX_get(ctx)) == NULL)
+        goto err;
+
+    /* Inverse in constant time with Fermats Little Theorem */
+    if (!BN_set_word(e, 2))
+        goto err;
+    if (!BN_sub(e, group->field, e))
+        goto err;
+    /*-
+     * Exponent e is public.
+     * No need for scatter-gather or BN_FLG_CONSTTIME.
+     */
+    if (!BN_mod_exp_mont(r, a, e, group->field, ctx, group->field_data1))
+        goto err;
+
+    /* throw an error on zero */
+    if (BN_is_zero(r)) {
+        ECerr(EC_F_EC_GFP_MONT_FIELD_INV, EC_R_CANNOT_INVERT);
+        goto err;
+    }
+
+    ret = 1;
+
+  err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+int ec_GFp_mont_field_encode(const EC_GROUP *group, BIGNUM *r,
+                             const BIGNUM *a, BN_CTX *ctx)
+{
+    if (group->field_data1 == NULL) {
+        ECerr(EC_F_EC_GFP_MONT_FIELD_ENCODE, EC_R_NOT_INITIALIZED);
+        return 0;
+    }
+
+    return BN_to_montgomery(r, a, (BN_MONT_CTX *)group->field_data1, ctx);
+}
+
+int ec_GFp_mont_field_decode(const EC_GROUP *group, BIGNUM *r,
+                             const BIGNUM *a, BN_CTX *ctx)
+{
+    if (group->field_data1 == NULL) {
+        ECerr(EC_F_EC_GFP_MONT_FIELD_DECODE, EC_R_NOT_INITIALIZED);
+        return 0;
+    }
+
+    return BN_from_montgomery(r, a, group->field_data1, ctx);
+}
+
+int ec_GFp_mont_field_set_to_one(const EC_GROUP *group, BIGNUM *r,
+                                 BN_CTX *ctx)
+{
+    if (group->field_data2 == NULL) {
+        ECerr(EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE, EC_R_NOT_INITIALIZED);
+        return 0;
+    }
+
+    if (!BN_copy(r, group->field_data2))
+        return 0;
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_nist.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_nist.c
new file mode 100644
index 000000000..5eaa99d84
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_nist.c
@@ -0,0 +1,168 @@
+/*
+ * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <limits.h>
+
+#include <openssl/err.h>
+#include <openssl/obj_mac.h>
+#include "ec_lcl.h"
+
+const EC_METHOD *EC_GFp_nist_method(void)
+{
+    static const EC_METHOD ret = {
+        EC_FLAGS_DEFAULT_OCT,
+        NID_X9_62_prime_field,
+        ec_GFp_simple_group_init,
+        ec_GFp_simple_group_finish,
+        ec_GFp_simple_group_clear_finish,
+        ec_GFp_nist_group_copy,
+        ec_GFp_nist_group_set_curve,
+        ec_GFp_simple_group_get_curve,
+        ec_GFp_simple_group_get_degree,
+        ec_group_simple_order_bits,
+        ec_GFp_simple_group_check_discriminant,
+        ec_GFp_simple_point_init,
+        ec_GFp_simple_point_finish,
+        ec_GFp_simple_point_clear_finish,
+        ec_GFp_simple_point_copy,
+        ec_GFp_simple_point_set_to_infinity,
+        ec_GFp_simple_set_Jprojective_coordinates_GFp,
+        ec_GFp_simple_get_Jprojective_coordinates_GFp,
+        ec_GFp_simple_point_set_affine_coordinates,
+        ec_GFp_simple_point_get_affine_coordinates,
+        0, 0, 0,
+        ec_GFp_simple_add,
+        ec_GFp_simple_dbl,
+        ec_GFp_simple_invert,
+        ec_GFp_simple_is_at_infinity,
+        ec_GFp_simple_is_on_curve,
+        ec_GFp_simple_cmp,
+        ec_GFp_simple_make_affine,
+        ec_GFp_simple_points_make_affine,
+        0 /* mul */ ,
+        0 /* precompute_mult */ ,
+        0 /* have_precompute_mult */ ,
+        ec_GFp_nist_field_mul,
+        ec_GFp_nist_field_sqr,
+        0 /* field_div */ ,
+        ec_GFp_simple_field_inv,
+        0 /* field_encode */ ,
+        0 /* field_decode */ ,
+        0,                      /* field_set_to_one */
+        ec_key_simple_priv2oct,
+        ec_key_simple_oct2priv,
+        0, /* set private */
+        ec_key_simple_generate_key,
+        ec_key_simple_check_key,
+        ec_key_simple_generate_public_key,
+        0, /* keycopy */
+        0, /* keyfinish */
+        ecdh_simple_compute_key,
+        0, /* field_inverse_mod_ord */
+        ec_GFp_simple_blind_coordinates,
+        ec_GFp_simple_ladder_pre,
+        ec_GFp_simple_ladder_step,
+        ec_GFp_simple_ladder_post
+    };
+
+    return &ret;
+}
+
+int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src)
+{
+    dest->field_mod_func = src->field_mod_func;
+
+    return ec_GFp_simple_group_copy(dest, src);
+}
+
+int ec_GFp_nist_group_set_curve(EC_GROUP *group, const BIGNUM *p,
+                                const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+{
+    int ret = 0;
+    BN_CTX *new_ctx = NULL;
+
+    if (ctx == NULL)
+        if ((ctx = new_ctx = BN_CTX_new()) == NULL)
+            return 0;
+
+    BN_CTX_start(ctx);
+
+    if (BN_ucmp(BN_get0_nist_prime_192(), p) == 0)
+        group->field_mod_func = BN_nist_mod_192;
+    else if (BN_ucmp(BN_get0_nist_prime_224(), p) == 0)
+        group->field_mod_func = BN_nist_mod_224;
+    else if (BN_ucmp(BN_get0_nist_prime_256(), p) == 0)
+        group->field_mod_func = BN_nist_mod_256;
+    else if (BN_ucmp(BN_get0_nist_prime_384(), p) == 0)
+        group->field_mod_func = BN_nist_mod_384;
+    else if (BN_ucmp(BN_get0_nist_prime_521(), p) == 0)
+        group->field_mod_func = BN_nist_mod_521;
+    else {
+        ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_NIST_PRIME);
+        goto err;
+    }
+
+    ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+int ec_GFp_nist_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
+                          const BIGNUM *b, BN_CTX *ctx)
+{
+    int ret = 0;
+    BN_CTX *ctx_new = NULL;
+
+    if (!group || !r || !a || !b) {
+        ECerr(EC_F_EC_GFP_NIST_FIELD_MUL, ERR_R_PASSED_NULL_PARAMETER);
+        goto err;
+    }
+    if (!ctx)
+        if ((ctx_new = ctx = BN_CTX_new()) == NULL)
+            goto err;
+
+    if (!BN_mul(r, a, b, ctx))
+        goto err;
+    if (!group->field_mod_func(r, r, group->field, ctx))
+        goto err;
+
+    ret = 1;
+ err:
+    BN_CTX_free(ctx_new);
+    return ret;
+}
+
+int ec_GFp_nist_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
+                          BN_CTX *ctx)
+{
+    int ret = 0;
+    BN_CTX *ctx_new = NULL;
+
+    if (!group || !r || !a) {
+        ECerr(EC_F_EC_GFP_NIST_FIELD_SQR, EC_R_PASSED_NULL_PARAMETER);
+        goto err;
+    }
+    if (!ctx)
+        if ((ctx_new = ctx = BN_CTX_new()) == NULL)
+            goto err;
+
+    if (!BN_sqr(r, a, ctx))
+        goto err;
+    if (!group->field_mod_func(r, r, group->field, ctx))
+        goto err;
+
+    ret = 1;
+ err:
+    BN_CTX_free(ctx_new);
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_nistp224.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_nistp224.c
new file mode 100644
index 000000000..025273a14
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_nistp224.c
@@ -0,0 +1,1716 @@
+/*
+ * Copyright 2010-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Copyright 2011 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ *
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/*
+ * A 64-bit implementation of the NIST P-224 elliptic curve point multiplication
+ *
+ * Inspired by Daniel J. Bernstein's public domain nistp224 implementation
+ * and Adam Langley's public domain 64-bit C implementation of curve25519
+ */
+
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_EC_NISTP_64_GCC_128
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <stdint.h>
+# include <string.h>
+# include <openssl/err.h>
+# include "ec_lcl.h"
+
+# if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16
+  /* even with gcc, the typedef won't work for 32-bit platforms */
+typedef __uint128_t uint128_t;  /* nonstandard; implemented by gcc on 64-bit
+                                 * platforms */
+# else
+#  error "Your compiler doesn't appear to support 128-bit integer types"
+# endif
+
+typedef uint8_t u8;
+typedef uint64_t u64;
+
+/******************************************************************************/
+/*-
+ * INTERNAL REPRESENTATION OF FIELD ELEMENTS
+ *
+ * Field elements are represented as a_0 + 2^56*a_1 + 2^112*a_2 + 2^168*a_3
+ * using 64-bit coefficients called 'limbs',
+ * and sometimes (for multiplication results) as
+ * b_0 + 2^56*b_1 + 2^112*b_2 + 2^168*b_3 + 2^224*b_4 + 2^280*b_5 + 2^336*b_6
+ * using 128-bit coefficients called 'widelimbs'.
+ * A 4-limb representation is an 'felem';
+ * a 7-widelimb representation is a 'widefelem'.
+ * Even within felems, bits of adjacent limbs overlap, and we don't always
+ * reduce the representations: we ensure that inputs to each felem
+ * multiplication satisfy a_i < 2^60, so outputs satisfy b_i < 4*2^60*2^60,
+ * and fit into a 128-bit word without overflow. The coefficients are then
+ * again partially reduced to obtain an felem satisfying a_i < 2^57.
+ * We only reduce to the unique minimal representation at the end of the
+ * computation.
+ */
+
+typedef uint64_t limb;
+typedef uint128_t widelimb;
+
+typedef limb felem[4];
+typedef widelimb widefelem[7];
+
+/*
+ * Field element represented as a byte array. 28*8 = 224 bits is also the
+ * group order size for the elliptic curve, and we also use this type for
+ * scalars for point multiplication.
+ */
+typedef u8 felem_bytearray[28];
+
+static const felem_bytearray nistp224_curve_params[5] = {
+    {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */
+     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01},
+    {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* a */
+     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF,
+     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE},
+    {0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, 0xF5, 0x41, /* b */
+     0x32, 0x56, 0x50, 0x44, 0xB0, 0xB7, 0xD7, 0xBF, 0xD8, 0xBA,
+     0x27, 0x0B, 0x39, 0x43, 0x23, 0x55, 0xFF, 0xB4},
+    {0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, 0x32, 0x13, /* x */
+     0x90, 0xB9, 0x4A, 0x03, 0xC1, 0xD3, 0x56, 0xC2, 0x11, 0x22,
+     0x34, 0x32, 0x80, 0xD6, 0x11, 0x5C, 0x1D, 0x21},
+    {0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22, /* y */
+     0xdf, 0xe6, 0xcd, 0x43, 0x75, 0xa0, 0x5a, 0x07, 0x47, 0x64,
+     0x44, 0xd5, 0x81, 0x99, 0x85, 0x00, 0x7e, 0x34}
+};
+
+/*-
+ * Precomputed multiples of the standard generator
+ * Points are given in coordinates (X, Y, Z) where Z normally is 1
+ * (0 for the point at infinity).
+ * For each field element, slice a_0 is word 0, etc.
+ *
+ * The table has 2 * 16 elements, starting with the following:
+ * index | bits    | point
+ * ------+---------+------------------------------
+ *     0 | 0 0 0 0 | 0G
+ *     1 | 0 0 0 1 | 1G
+ *     2 | 0 0 1 0 | 2^56G
+ *     3 | 0 0 1 1 | (2^56 + 1)G
+ *     4 | 0 1 0 0 | 2^112G
+ *     5 | 0 1 0 1 | (2^112 + 1)G
+ *     6 | 0 1 1 0 | (2^112 + 2^56)G
+ *     7 | 0 1 1 1 | (2^112 + 2^56 + 1)G
+ *     8 | 1 0 0 0 | 2^168G
+ *     9 | 1 0 0 1 | (2^168 + 1)G
+ *    10 | 1 0 1 0 | (2^168 + 2^56)G
+ *    11 | 1 0 1 1 | (2^168 + 2^56 + 1)G
+ *    12 | 1 1 0 0 | (2^168 + 2^112)G
+ *    13 | 1 1 0 1 | (2^168 + 2^112 + 1)G
+ *    14 | 1 1 1 0 | (2^168 + 2^112 + 2^56)G
+ *    15 | 1 1 1 1 | (2^168 + 2^112 + 2^56 + 1)G
+ * followed by a copy of this with each element multiplied by 2^28.
+ *
+ * The reason for this is so that we can clock bits into four different
+ * locations when doing simple scalar multiplies against the base point,
+ * and then another four locations using the second 16 elements.
+ */
+static const felem gmul[2][16][3] = {
+{{{0, 0, 0, 0},
+  {0, 0, 0, 0},
+  {0, 0, 0, 0}},
+ {{0x3280d6115c1d21, 0xc1d356c2112234, 0x7f321390b94a03, 0xb70e0cbd6bb4bf},
+  {0xd5819985007e34, 0x75a05a07476444, 0xfb4c22dfe6cd43, 0xbd376388b5f723},
+  {1, 0, 0, 0}},
+ {{0xfd9675666ebbe9, 0xbca7664d40ce5e, 0x2242df8d8a2a43, 0x1f49bbb0f99bc5},
+  {0x29e0b892dc9c43, 0xece8608436e662, 0xdc858f185310d0, 0x9812dd4eb8d321},
+  {1, 0, 0, 0}},
+ {{0x6d3e678d5d8eb8, 0x559eed1cb362f1, 0x16e9a3bbce8a3f, 0xeedcccd8c2a748},
+  {0xf19f90ed50266d, 0xabf2b4bf65f9df, 0x313865468fafec, 0x5cb379ba910a17},
+  {1, 0, 0, 0}},
+ {{0x0641966cab26e3, 0x91fb2991fab0a0, 0xefec27a4e13a0b, 0x0499aa8a5f8ebe},
+  {0x7510407766af5d, 0x84d929610d5450, 0x81d77aae82f706, 0x6916f6d4338c5b},
+  {1, 0, 0, 0}},
+ {{0xea95ac3b1f15c6, 0x086000905e82d4, 0xdd323ae4d1c8b1, 0x932b56be7685a3},
+  {0x9ef93dea25dbbf, 0x41665960f390f0, 0xfdec76dbe2a8a7, 0x523e80f019062a},
+  {1, 0, 0, 0}},
+ {{0x822fdd26732c73, 0xa01c83531b5d0f, 0x363f37347c1ba4, 0xc391b45c84725c},
+  {0xbbd5e1b2d6ad24, 0xddfbcde19dfaec, 0xc393da7e222a7f, 0x1efb7890ede244},
+  {1, 0, 0, 0}},
+ {{0x4c9e90ca217da1, 0xd11beca79159bb, 0xff8d33c2c98b7c, 0x2610b39409f849},
+  {0x44d1352ac64da0, 0xcdbb7b2c46b4fb, 0x966c079b753c89, 0xfe67e4e820b112},
+  {1, 0, 0, 0}},
+ {{0xe28cae2df5312d, 0xc71b61d16f5c6e, 0x79b7619a3e7c4c, 0x05c73240899b47},
+  {0x9f7f6382c73e3a, 0x18615165c56bda, 0x641fab2116fd56, 0x72855882b08394},
+  {1, 0, 0, 0}},
+ {{0x0469182f161c09, 0x74a98ca8d00fb5, 0xb89da93489a3e0, 0x41c98768fb0c1d},
+  {0xe5ea05fb32da81, 0x3dce9ffbca6855, 0x1cfe2d3fbf59e6, 0x0e5e03408738a7},
+  {1, 0, 0, 0}},
+ {{0xdab22b2333e87f, 0x4430137a5dd2f6, 0xe03ab9f738beb8, 0xcb0c5d0dc34f24},
+  {0x764a7df0c8fda5, 0x185ba5c3fa2044, 0x9281d688bcbe50, 0xc40331df893881},
+  {1, 0, 0, 0}},
+ {{0xb89530796f0f60, 0xade92bd26909a3, 0x1a0c83fb4884da, 0x1765bf22a5a984},
+  {0x772a9ee75db09e, 0x23bc6c67cec16f, 0x4c1edba8b14e2f, 0xe2a215d9611369},
+  {1, 0, 0, 0}},
+ {{0x571e509fb5efb3, 0xade88696410552, 0xc8ae85fada74fe, 0x6c7e4be83bbde3},
+  {0xff9f51160f4652, 0xb47ce2495a6539, 0xa2946c53b582f4, 0x286d2db3ee9a60},
+  {1, 0, 0, 0}},
+ {{0x40bbd5081a44af, 0x0995183b13926c, 0xbcefba6f47f6d0, 0x215619e9cc0057},
+  {0x8bc94d3b0df45e, 0xf11c54a3694f6f, 0x8631b93cdfe8b5, 0xe7e3f4b0982db9},
+  {1, 0, 0, 0}},
+ {{0xb17048ab3e1c7b, 0xac38f36ff8a1d8, 0x1c29819435d2c6, 0xc813132f4c07e9},
+  {0x2891425503b11f, 0x08781030579fea, 0xf5426ba5cc9674, 0x1e28ebf18562bc},
+  {1, 0, 0, 0}},
+ {{0x9f31997cc864eb, 0x06cd91d28b5e4c, 0xff17036691a973, 0xf1aef351497c58},
+  {0xdd1f2d600564ff, 0xdead073b1402db, 0x74a684435bd693, 0xeea7471f962558},
+  {1, 0, 0, 0}}},
+{{{0, 0, 0, 0},
+  {0, 0, 0, 0},
+  {0, 0, 0, 0}},
+ {{0x9665266dddf554, 0x9613d78b60ef2d, 0xce27a34cdba417, 0xd35ab74d6afc31},
+  {0x85ccdd22deb15e, 0x2137e5783a6aab, 0xa141cffd8c93c6, 0x355a1830e90f2d},
+  {1, 0, 0, 0}},
+ {{0x1a494eadaade65, 0xd6da4da77fe53c, 0xe7992996abec86, 0x65c3553c6090e3},
+  {0xfa610b1fb09346, 0xf1c6540b8a4aaf, 0xc51a13ccd3cbab, 0x02995b1b18c28a},
+  {1, 0, 0, 0}},
+ {{0x7874568e7295ef, 0x86b419fbe38d04, 0xdc0690a7550d9a, 0xd3966a44beac33},
+  {0x2b7280ec29132f, 0xbeaa3b6a032df3, 0xdc7dd88ae41200, 0xd25e2513e3a100},
+  {1, 0, 0, 0}},
+ {{0x924857eb2efafd, 0xac2bce41223190, 0x8edaa1445553fc, 0x825800fd3562d5},
+  {0x8d79148ea96621, 0x23a01c3dd9ed8d, 0xaf8b219f9416b5, 0xd8db0cc277daea},
+  {1, 0, 0, 0}},
+ {{0x76a9c3b1a700f0, 0xe9acd29bc7e691, 0x69212d1a6b0327, 0x6322e97fe154be},
+  {0x469fc5465d62aa, 0x8d41ed18883b05, 0x1f8eae66c52b88, 0xe4fcbe9325be51},
+  {1, 0, 0, 0}},
+ {{0x825fdf583cac16, 0x020b857c7b023a, 0x683c17744b0165, 0x14ffd0a2daf2f1},
+  {0x323b36184218f9, 0x4944ec4e3b47d4, 0xc15b3080841acf, 0x0bced4b01a28bb},
+  {1, 0, 0, 0}},
+ {{0x92ac22230df5c4, 0x52f33b4063eda8, 0xcb3f19870c0c93, 0x40064f2ba65233},
+  {0xfe16f0924f8992, 0x012da25af5b517, 0x1a57bb24f723a6, 0x06f8bc76760def},
+  {1, 0, 0, 0}},
+ {{0x4a7084f7817cb9, 0xbcab0738ee9a78, 0x3ec11e11d9c326, 0xdc0fe90e0f1aae},
+  {0xcf639ea5f98390, 0x5c350aa22ffb74, 0x9afae98a4047b7, 0x956ec2d617fc45},
+  {1, 0, 0, 0}},
+ {{0x4306d648c1be6a, 0x9247cd8bc9a462, 0xf5595e377d2f2e, 0xbd1c3caff1a52e},
+  {0x045e14472409d0, 0x29f3e17078f773, 0x745a602b2d4f7d, 0x191837685cdfbb},
+  {1, 0, 0, 0}},
+ {{0x5b6ee254a8cb79, 0x4953433f5e7026, 0xe21faeb1d1def4, 0xc4c225785c09de},
+  {0x307ce7bba1e518, 0x31b125b1036db8, 0x47e91868839e8f, 0xc765866e33b9f3},
+  {1, 0, 0, 0}},
+ {{0x3bfece24f96906, 0x4794da641e5093, 0xde5df64f95db26, 0x297ecd89714b05},
+  {0x701bd3ebb2c3aa, 0x7073b4f53cb1d5, 0x13c5665658af16, 0x9895089d66fe58},
+  {1, 0, 0, 0}},
+ {{0x0fef05f78c4790, 0x2d773633b05d2e, 0x94229c3a951c94, 0xbbbd70df4911bb},
+  {0xb2c6963d2c1168, 0x105f47a72b0d73, 0x9fdf6111614080, 0x7b7e94b39e67b0},
+  {1, 0, 0, 0}},
+ {{0xad1a7d6efbe2b3, 0xf012482c0da69d, 0x6b3bdf12438345, 0x40d7558d7aa4d9},
+  {0x8a09fffb5c6d3d, 0x9a356e5d9ffd38, 0x5973f15f4f9b1c, 0xdcd5f59f63c3ea},
+  {1, 0, 0, 0}},
+ {{0xacf39f4c5ca7ab, 0x4c8071cc5fd737, 0xc64e3602cd1184, 0x0acd4644c9abba},
+  {0x6c011a36d8bf6e, 0xfecd87ba24e32a, 0x19f6f56574fad8, 0x050b204ced9405},
+  {1, 0, 0, 0}},
+ {{0xed4f1cae7d9a96, 0x5ceef7ad94c40a, 0x778e4a3bf3ef9b, 0x7405783dc3b55e},
+  {0x32477c61b6e8c6, 0xb46a97570f018b, 0x91176d0a7e95d1, 0x3df90fbc4c7d0e},
+  {1, 0, 0, 0}}}
+};
+
+/* Precomputation for the group generator. */
+struct nistp224_pre_comp_st {
+    felem g_pre_comp[2][16][3];
+    CRYPTO_REF_COUNT references;
+    CRYPTO_RWLOCK *lock;
+};
+
+const EC_METHOD *EC_GFp_nistp224_method(void)
+{
+    static const EC_METHOD ret = {
+        EC_FLAGS_DEFAULT_OCT,
+        NID_X9_62_prime_field,
+        ec_GFp_nistp224_group_init,
+        ec_GFp_simple_group_finish,
+        ec_GFp_simple_group_clear_finish,
+        ec_GFp_nist_group_copy,
+        ec_GFp_nistp224_group_set_curve,
+        ec_GFp_simple_group_get_curve,
+        ec_GFp_simple_group_get_degree,
+        ec_group_simple_order_bits,
+        ec_GFp_simple_group_check_discriminant,
+        ec_GFp_simple_point_init,
+        ec_GFp_simple_point_finish,
+        ec_GFp_simple_point_clear_finish,
+        ec_GFp_simple_point_copy,
+        ec_GFp_simple_point_set_to_infinity,
+        ec_GFp_simple_set_Jprojective_coordinates_GFp,
+        ec_GFp_simple_get_Jprojective_coordinates_GFp,
+        ec_GFp_simple_point_set_affine_coordinates,
+        ec_GFp_nistp224_point_get_affine_coordinates,
+        0 /* point_set_compressed_coordinates */ ,
+        0 /* point2oct */ ,
+        0 /* oct2point */ ,
+        ec_GFp_simple_add,
+        ec_GFp_simple_dbl,
+        ec_GFp_simple_invert,
+        ec_GFp_simple_is_at_infinity,
+        ec_GFp_simple_is_on_curve,
+        ec_GFp_simple_cmp,
+        ec_GFp_simple_make_affine,
+        ec_GFp_simple_points_make_affine,
+        ec_GFp_nistp224_points_mul,
+        ec_GFp_nistp224_precompute_mult,
+        ec_GFp_nistp224_have_precompute_mult,
+        ec_GFp_nist_field_mul,
+        ec_GFp_nist_field_sqr,
+        0 /* field_div */ ,
+        ec_GFp_simple_field_inv,
+        0 /* field_encode */ ,
+        0 /* field_decode */ ,
+        0,                      /* field_set_to_one */
+        ec_key_simple_priv2oct,
+        ec_key_simple_oct2priv,
+        0, /* set private */
+        ec_key_simple_generate_key,
+        ec_key_simple_check_key,
+        ec_key_simple_generate_public_key,
+        0, /* keycopy */
+        0, /* keyfinish */
+        ecdh_simple_compute_key,
+        0, /* field_inverse_mod_ord */
+        0, /* blind_coordinates */
+        0, /* ladder_pre */
+        0, /* ladder_step */
+        0  /* ladder_post */
+    };
+
+    return &ret;
+}
+
+/*
+ * Helper functions to convert field elements to/from internal representation
+ */
+static void bin28_to_felem(felem out, const u8 in[28])
+{
+    out[0] = *((const uint64_t *)(in)) & 0x00ffffffffffffff;
+    out[1] = (*((const uint64_t *)(in + 7))) & 0x00ffffffffffffff;
+    out[2] = (*((const uint64_t *)(in + 14))) & 0x00ffffffffffffff;
+    out[3] = (*((const uint64_t *)(in+20))) >> 8;
+}
+
+static void felem_to_bin28(u8 out[28], const felem in)
+{
+    unsigned i;
+    for (i = 0; i < 7; ++i) {
+        out[i] = in[0] >> (8 * i);
+        out[i + 7] = in[1] >> (8 * i);
+        out[i + 14] = in[2] >> (8 * i);
+        out[i + 21] = in[3] >> (8 * i);
+    }
+}
+
+/* To preserve endianness when using BN_bn2bin and BN_bin2bn */
+static void flip_endian(u8 *out, const u8 *in, unsigned len)
+{
+    unsigned i;
+    for (i = 0; i < len; ++i)
+        out[i] = in[len - 1 - i];
+}
+
+/* From OpenSSL BIGNUM to internal representation */
+static int BN_to_felem(felem out, const BIGNUM *bn)
+{
+    felem_bytearray b_in;
+    felem_bytearray b_out;
+    unsigned num_bytes;
+
+    /* BN_bn2bin eats leading zeroes */
+    memset(b_out, 0, sizeof(b_out));
+    num_bytes = BN_num_bytes(bn);
+    if (num_bytes > sizeof(b_out)) {
+        ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE);
+        return 0;
+    }
+    if (BN_is_negative(bn)) {
+        ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE);
+        return 0;
+    }
+    num_bytes = BN_bn2bin(bn, b_in);
+    flip_endian(b_out, b_in, num_bytes);
+    bin28_to_felem(out, b_out);
+    return 1;
+}
+
+/* From internal representation to OpenSSL BIGNUM */
+static BIGNUM *felem_to_BN(BIGNUM *out, const felem in)
+{
+    felem_bytearray b_in, b_out;
+    felem_to_bin28(b_in, in);
+    flip_endian(b_out, b_in, sizeof(b_out));
+    return BN_bin2bn(b_out, sizeof(b_out), out);
+}
+
+/******************************************************************************/
+/*-
+ *                              FIELD OPERATIONS
+ *
+ * Field operations, using the internal representation of field elements.
+ * NB! These operations are specific to our point multiplication and cannot be
+ * expected to be correct in general - e.g., multiplication with a large scalar
+ * will cause an overflow.
+ *
+ */
+
+static void felem_one(felem out)
+{
+    out[0] = 1;
+    out[1] = 0;
+    out[2] = 0;
+    out[3] = 0;
+}
+
+static void felem_assign(felem out, const felem in)
+{
+    out[0] = in[0];
+    out[1] = in[1];
+    out[2] = in[2];
+    out[3] = in[3];
+}
+
+/* Sum two field elements: out += in */
+static void felem_sum(felem out, const felem in)
+{
+    out[0] += in[0];
+    out[1] += in[1];
+    out[2] += in[2];
+    out[3] += in[3];
+}
+
+/* Subtract field elements: out -= in */
+/* Assumes in[i] < 2^57 */
+static void felem_diff(felem out, const felem in)
+{
+    static const limb two58p2 = (((limb) 1) << 58) + (((limb) 1) << 2);
+    static const limb two58m2 = (((limb) 1) << 58) - (((limb) 1) << 2);
+    static const limb two58m42m2 = (((limb) 1) << 58) -
+        (((limb) 1) << 42) - (((limb) 1) << 2);
+
+    /* Add 0 mod 2^224-2^96+1 to ensure out > in */
+    out[0] += two58p2;
+    out[1] += two58m42m2;
+    out[2] += two58m2;
+    out[3] += two58m2;
+
+    out[0] -= in[0];
+    out[1] -= in[1];
+    out[2] -= in[2];
+    out[3] -= in[3];
+}
+
+/* Subtract in unreduced 128-bit mode: out -= in */
+/* Assumes in[i] < 2^119 */
+static void widefelem_diff(widefelem out, const widefelem in)
+{
+    static const widelimb two120 = ((widelimb) 1) << 120;
+    static const widelimb two120m64 = (((widelimb) 1) << 120) -
+        (((widelimb) 1) << 64);
+    static const widelimb two120m104m64 = (((widelimb) 1) << 120) -
+        (((widelimb) 1) << 104) - (((widelimb) 1) << 64);
+
+    /* Add 0 mod 2^224-2^96+1 to ensure out > in */
+    out[0] += two120;
+    out[1] += two120m64;
+    out[2] += two120m64;
+    out[3] += two120;
+    out[4] += two120m104m64;
+    out[5] += two120m64;
+    out[6] += two120m64;
+
+    out[0] -= in[0];
+    out[1] -= in[1];
+    out[2] -= in[2];
+    out[3] -= in[3];
+    out[4] -= in[4];
+    out[5] -= in[5];
+    out[6] -= in[6];
+}
+
+/* Subtract in mixed mode: out128 -= in64 */
+/* in[i] < 2^63 */
+static void felem_diff_128_64(widefelem out, const felem in)
+{
+    static const widelimb two64p8 = (((widelimb) 1) << 64) +
+        (((widelimb) 1) << 8);
+    static const widelimb two64m8 = (((widelimb) 1) << 64) -
+        (((widelimb) 1) << 8);
+    static const widelimb two64m48m8 = (((widelimb) 1) << 64) -
+        (((widelimb) 1) << 48) - (((widelimb) 1) << 8);
+
+    /* Add 0 mod 2^224-2^96+1 to ensure out > in */
+    out[0] += two64p8;
+    out[1] += two64m48m8;
+    out[2] += two64m8;
+    out[3] += two64m8;
+
+    out[0] -= in[0];
+    out[1] -= in[1];
+    out[2] -= in[2];
+    out[3] -= in[3];
+}
+
+/*
+ * Multiply a field element by a scalar: out = out * scalar The scalars we
+ * actually use are small, so results fit without overflow
+ */
+static void felem_scalar(felem out, const limb scalar)
+{
+    out[0] *= scalar;
+    out[1] *= scalar;
+    out[2] *= scalar;
+    out[3] *= scalar;
+}
+
+/*
+ * Multiply an unreduced field element by a scalar: out = out * scalar The
+ * scalars we actually use are small, so results fit without overflow
+ */
+static void widefelem_scalar(widefelem out, const widelimb scalar)
+{
+    out[0] *= scalar;
+    out[1] *= scalar;
+    out[2] *= scalar;
+    out[3] *= scalar;
+    out[4] *= scalar;
+    out[5] *= scalar;
+    out[6] *= scalar;
+}
+
+/* Square a field element: out = in^2 */
+static void felem_square(widefelem out, const felem in)
+{
+    limb tmp0, tmp1, tmp2;
+    tmp0 = 2 * in[0];
+    tmp1 = 2 * in[1];
+    tmp2 = 2 * in[2];
+    out[0] = ((widelimb) in[0]) * in[0];
+    out[1] = ((widelimb) in[0]) * tmp1;
+    out[2] = ((widelimb) in[0]) * tmp2 + ((widelimb) in[1]) * in[1];
+    out[3] = ((widelimb) in[3]) * tmp0 + ((widelimb) in[1]) * tmp2;
+    out[4] = ((widelimb) in[3]) * tmp1 + ((widelimb) in[2]) * in[2];
+    out[5] = ((widelimb) in[3]) * tmp2;
+    out[6] = ((widelimb) in[3]) * in[3];
+}
+
+/* Multiply two field elements: out = in1 * in2 */
+static void felem_mul(widefelem out, const felem in1, const felem in2)
+{
+    out[0] = ((widelimb) in1[0]) * in2[0];
+    out[1] = ((widelimb) in1[0]) * in2[1] + ((widelimb) in1[1]) * in2[0];
+    out[2] = ((widelimb) in1[0]) * in2[2] + ((widelimb) in1[1]) * in2[1] +
+             ((widelimb) in1[2]) * in2[0];
+    out[3] = ((widelimb) in1[0]) * in2[3] + ((widelimb) in1[1]) * in2[2] +
+             ((widelimb) in1[2]) * in2[1] + ((widelimb) in1[3]) * in2[0];
+    out[4] = ((widelimb) in1[1]) * in2[3] + ((widelimb) in1[2]) * in2[2] +
+             ((widelimb) in1[3]) * in2[1];
+    out[5] = ((widelimb) in1[2]) * in2[3] + ((widelimb) in1[3]) * in2[2];
+    out[6] = ((widelimb) in1[3]) * in2[3];
+}
+
+/*-
+ * Reduce seven 128-bit coefficients to four 64-bit coefficients.
+ * Requires in[i] < 2^126,
+ * ensures out[0] < 2^56, out[1] < 2^56, out[2] < 2^56, out[3] <= 2^56 + 2^16 */
+static void felem_reduce(felem out, const widefelem in)
+{
+    static const widelimb two127p15 = (((widelimb) 1) << 127) +
+        (((widelimb) 1) << 15);
+    static const widelimb two127m71 = (((widelimb) 1) << 127) -
+        (((widelimb) 1) << 71);
+    static const widelimb two127m71m55 = (((widelimb) 1) << 127) -
+        (((widelimb) 1) << 71) - (((widelimb) 1) << 55);
+    widelimb output[5];
+
+    /* Add 0 mod 2^224-2^96+1 to ensure all differences are positive */
+    output[0] = in[0] + two127p15;
+    output[1] = in[1] + two127m71m55;
+    output[2] = in[2] + two127m71;
+    output[3] = in[3];
+    output[4] = in[4];
+
+    /* Eliminate in[4], in[5], in[6] */
+    output[4] += in[6] >> 16;
+    output[3] += (in[6] & 0xffff) << 40;
+    output[2] -= in[6];
+
+    output[3] += in[5] >> 16;
+    output[2] += (in[5] & 0xffff) << 40;
+    output[1] -= in[5];
+
+    output[2] += output[4] >> 16;
+    output[1] += (output[4] & 0xffff) << 40;
+    output[0] -= output[4];
+
+    /* Carry 2 -> 3 -> 4 */
+    output[3] += output[2] >> 56;
+    output[2] &= 0x00ffffffffffffff;
+
+    output[4] = output[3] >> 56;
+    output[3] &= 0x00ffffffffffffff;
+
+    /* Now output[2] < 2^56, output[3] < 2^56, output[4] < 2^72 */
+
+    /* Eliminate output[4] */
+    output[2] += output[4] >> 16;
+    /* output[2] < 2^56 + 2^56 = 2^57 */
+    output[1] += (output[4] & 0xffff) << 40;
+    output[0] -= output[4];
+
+    /* Carry 0 -> 1 -> 2 -> 3 */
+    output[1] += output[0] >> 56;
+    out[0] = output[0] & 0x00ffffffffffffff;
+
+    output[2] += output[1] >> 56;
+    /* output[2] < 2^57 + 2^72 */
+    out[1] = output[1] & 0x00ffffffffffffff;
+    output[3] += output[2] >> 56;
+    /* output[3] <= 2^56 + 2^16 */
+    out[2] = output[2] & 0x00ffffffffffffff;
+
+    /*-
+     * out[0] < 2^56, out[1] < 2^56, out[2] < 2^56,
+     * out[3] <= 2^56 + 2^16 (due to final carry),
+     * so out < 2*p
+     */
+    out[3] = output[3];
+}
+
+static void felem_square_reduce(felem out, const felem in)
+{
+    widefelem tmp;
+    felem_square(tmp, in);
+    felem_reduce(out, tmp);
+}
+
+static void felem_mul_reduce(felem out, const felem in1, const felem in2)
+{
+    widefelem tmp;
+    felem_mul(tmp, in1, in2);
+    felem_reduce(out, tmp);
+}
+
+/*
+ * Reduce to unique minimal representation. Requires 0 <= in < 2*p (always
+ * call felem_reduce first)
+ */
+static void felem_contract(felem out, const felem in)
+{
+    static const int64_t two56 = ((limb) 1) << 56;
+    /* 0 <= in < 2*p, p = 2^224 - 2^96 + 1 */
+    /* if in > p , reduce in = in - 2^224 + 2^96 - 1 */
+    int64_t tmp[4], a;
+    tmp[0] = in[0];
+    tmp[1] = in[1];
+    tmp[2] = in[2];
+    tmp[3] = in[3];
+    /* Case 1: a = 1 iff in >= 2^224 */
+    a = (in[3] >> 56);
+    tmp[0] -= a;
+    tmp[1] += a << 40;
+    tmp[3] &= 0x00ffffffffffffff;
+    /*
+     * Case 2: a = 0 iff p <= in < 2^224, i.e., the high 128 bits are all 1
+     * and the lower part is non-zero
+     */
+    a = ((in[3] & in[2] & (in[1] | 0x000000ffffffffff)) + 1) |
+        (((int64_t) (in[0] + (in[1] & 0x000000ffffffffff)) - 1) >> 63);
+    a &= 0x00ffffffffffffff;
+    /* turn a into an all-one mask (if a = 0) or an all-zero mask */
+    a = (a - 1) >> 63;
+    /* subtract 2^224 - 2^96 + 1 if a is all-one */
+    tmp[3] &= a ^ 0xffffffffffffffff;
+    tmp[2] &= a ^ 0xffffffffffffffff;
+    tmp[1] &= (a ^ 0xffffffffffffffff) | 0x000000ffffffffff;
+    tmp[0] -= 1 & a;
+
+    /*
+     * eliminate negative coefficients: if tmp[0] is negative, tmp[1] must be
+     * non-zero, so we only need one step
+     */
+    a = tmp[0] >> 63;
+    tmp[0] += two56 & a;
+    tmp[1] -= 1 & a;
+
+    /* carry 1 -> 2 -> 3 */
+    tmp[2] += tmp[1] >> 56;
+    tmp[1] &= 0x00ffffffffffffff;
+
+    tmp[3] += tmp[2] >> 56;
+    tmp[2] &= 0x00ffffffffffffff;
+
+    /* Now 0 <= out < p */
+    out[0] = tmp[0];
+    out[1] = tmp[1];
+    out[2] = tmp[2];
+    out[3] = tmp[3];
+}
+
+/*
+ * Get negative value: out = -in
+ * Requires in[i] < 2^63,
+ * ensures out[0] < 2^56, out[1] < 2^56, out[2] < 2^56, out[3] <= 2^56 + 2^16
+ */
+static void felem_neg(felem out, const felem in)
+{
+    widefelem tmp = {0};
+    felem_diff_128_64(tmp, in);
+    felem_reduce(out, tmp);
+}
+
+/*
+ * Zero-check: returns 1 if input is 0, and 0 otherwise. We know that field
+ * elements are reduced to in < 2^225, so we only need to check three cases:
+ * 0, 2^224 - 2^96 + 1, and 2^225 - 2^97 + 2
+ */
+static limb felem_is_zero(const felem in)
+{
+    limb zero, two224m96p1, two225m97p2;
+
+    zero = in[0] | in[1] | in[2] | in[3];
+    zero = (((int64_t) (zero) - 1) >> 63) & 1;
+    two224m96p1 = (in[0] ^ 1) | (in[1] ^ 0x00ffff0000000000)
+        | (in[2] ^ 0x00ffffffffffffff) | (in[3] ^ 0x00ffffffffffffff);
+    two224m96p1 = (((int64_t) (two224m96p1) - 1) >> 63) & 1;
+    two225m97p2 = (in[0] ^ 2) | (in[1] ^ 0x00fffe0000000000)
+        | (in[2] ^ 0x00ffffffffffffff) | (in[3] ^ 0x01ffffffffffffff);
+    two225m97p2 = (((int64_t) (two225m97p2) - 1) >> 63) & 1;
+    return (zero | two224m96p1 | two225m97p2);
+}
+
+static int felem_is_zero_int(const void *in)
+{
+    return (int)(felem_is_zero(in) & ((limb) 1));
+}
+
+/* Invert a field element */
+/* Computation chain copied from djb's code */
+static void felem_inv(felem out, const felem in)
+{
+    felem ftmp, ftmp2, ftmp3, ftmp4;
+    widefelem tmp;
+    unsigned i;
+
+    felem_square(tmp, in);
+    felem_reduce(ftmp, tmp);    /* 2 */
+    felem_mul(tmp, in, ftmp);
+    felem_reduce(ftmp, tmp);    /* 2^2 - 1 */
+    felem_square(tmp, ftmp);
+    felem_reduce(ftmp, tmp);    /* 2^3 - 2 */
+    felem_mul(tmp, in, ftmp);
+    felem_reduce(ftmp, tmp);    /* 2^3 - 1 */
+    felem_square(tmp, ftmp);
+    felem_reduce(ftmp2, tmp);   /* 2^4 - 2 */
+    felem_square(tmp, ftmp2);
+    felem_reduce(ftmp2, tmp);   /* 2^5 - 4 */
+    felem_square(tmp, ftmp2);
+    felem_reduce(ftmp2, tmp);   /* 2^6 - 8 */
+    felem_mul(tmp, ftmp2, ftmp);
+    felem_reduce(ftmp, tmp);    /* 2^6 - 1 */
+    felem_square(tmp, ftmp);
+    felem_reduce(ftmp2, tmp);   /* 2^7 - 2 */
+    for (i = 0; i < 5; ++i) {   /* 2^12 - 2^6 */
+        felem_square(tmp, ftmp2);
+        felem_reduce(ftmp2, tmp);
+    }
+    felem_mul(tmp, ftmp2, ftmp);
+    felem_reduce(ftmp2, tmp);   /* 2^12 - 1 */
+    felem_square(tmp, ftmp2);
+    felem_reduce(ftmp3, tmp);   /* 2^13 - 2 */
+    for (i = 0; i < 11; ++i) {  /* 2^24 - 2^12 */
+        felem_square(tmp, ftmp3);
+        felem_reduce(ftmp3, tmp);
+    }
+    felem_mul(tmp, ftmp3, ftmp2);
+    felem_reduce(ftmp2, tmp);   /* 2^24 - 1 */
+    felem_square(tmp, ftmp2);
+    felem_reduce(ftmp3, tmp);   /* 2^25 - 2 */
+    for (i = 0; i < 23; ++i) {  /* 2^48 - 2^24 */
+        felem_square(tmp, ftmp3);
+        felem_reduce(ftmp3, tmp);
+    }
+    felem_mul(tmp, ftmp3, ftmp2);
+    felem_reduce(ftmp3, tmp);   /* 2^48 - 1 */
+    felem_square(tmp, ftmp3);
+    felem_reduce(ftmp4, tmp);   /* 2^49 - 2 */
+    for (i = 0; i < 47; ++i) {  /* 2^96 - 2^48 */
+        felem_square(tmp, ftmp4);
+        felem_reduce(ftmp4, tmp);
+    }
+    felem_mul(tmp, ftmp3, ftmp4);
+    felem_reduce(ftmp3, tmp);   /* 2^96 - 1 */
+    felem_square(tmp, ftmp3);
+    felem_reduce(ftmp4, tmp);   /* 2^97 - 2 */
+    for (i = 0; i < 23; ++i) {  /* 2^120 - 2^24 */
+        felem_square(tmp, ftmp4);
+        felem_reduce(ftmp4, tmp);
+    }
+    felem_mul(tmp, ftmp2, ftmp4);
+    felem_reduce(ftmp2, tmp);   /* 2^120 - 1 */
+    for (i = 0; i < 6; ++i) {   /* 2^126 - 2^6 */
+        felem_square(tmp, ftmp2);
+        felem_reduce(ftmp2, tmp);
+    }
+    felem_mul(tmp, ftmp2, ftmp);
+    felem_reduce(ftmp, tmp);    /* 2^126 - 1 */
+    felem_square(tmp, ftmp);
+    felem_reduce(ftmp, tmp);    /* 2^127 - 2 */
+    felem_mul(tmp, ftmp, in);
+    felem_reduce(ftmp, tmp);    /* 2^127 - 1 */
+    for (i = 0; i < 97; ++i) {  /* 2^224 - 2^97 */
+        felem_square(tmp, ftmp);
+        felem_reduce(ftmp, tmp);
+    }
+    felem_mul(tmp, ftmp, ftmp3);
+    felem_reduce(out, tmp);     /* 2^224 - 2^96 - 1 */
+}
+
+/*
+ * Copy in constant time: if icopy == 1, copy in to out, if icopy == 0, copy
+ * out to itself.
+ */
+static void copy_conditional(felem out, const felem in, limb icopy)
+{
+    unsigned i;
+    /*
+     * icopy is a (64-bit) 0 or 1, so copy is either all-zero or all-one
+     */
+    const limb copy = -icopy;
+    for (i = 0; i < 4; ++i) {
+        const limb tmp = copy & (in[i] ^ out[i]);
+        out[i] ^= tmp;
+    }
+}
+
+/******************************************************************************/
+/*-
+ *                       ELLIPTIC CURVE POINT OPERATIONS
+ *
+ * Points are represented in Jacobian projective coordinates:
+ * (X, Y, Z) corresponds to the affine point (X/Z^2, Y/Z^3),
+ * or to the point at infinity if Z == 0.
+ *
+ */
+
+/*-
+ * Double an elliptic curve point:
+ * (X', Y', Z') = 2 * (X, Y, Z), where
+ * X' = (3 * (X - Z^2) * (X + Z^2))^2 - 8 * X * Y^2
+ * Y' = 3 * (X - Z^2) * (X + Z^2) * (4 * X * Y^2 - X') - 8 * Y^4
+ * Z' = (Y + Z)^2 - Y^2 - Z^2 = 2 * Y * Z
+ * Outputs can equal corresponding inputs, i.e., x_out == x_in is allowed,
+ * while x_out == y_in is not (maybe this works, but it's not tested).
+ */
+static void
+point_double(felem x_out, felem y_out, felem z_out,
+             const felem x_in, const felem y_in, const felem z_in)
+{
+    widefelem tmp, tmp2;
+    felem delta, gamma, beta, alpha, ftmp, ftmp2;
+
+    felem_assign(ftmp, x_in);
+    felem_assign(ftmp2, x_in);
+
+    /* delta = z^2 */
+    felem_square(tmp, z_in);
+    felem_reduce(delta, tmp);
+
+    /* gamma = y^2 */
+    felem_square(tmp, y_in);
+    felem_reduce(gamma, tmp);
+
+    /* beta = x*gamma */
+    felem_mul(tmp, x_in, gamma);
+    felem_reduce(beta, tmp);
+
+    /* alpha = 3*(x-delta)*(x+delta) */
+    felem_diff(ftmp, delta);
+    /* ftmp[i] < 2^57 + 2^58 + 2 < 2^59 */
+    felem_sum(ftmp2, delta);
+    /* ftmp2[i] < 2^57 + 2^57 = 2^58 */
+    felem_scalar(ftmp2, 3);
+    /* ftmp2[i] < 3 * 2^58 < 2^60 */
+    felem_mul(tmp, ftmp, ftmp2);
+    /* tmp[i] < 2^60 * 2^59 * 4 = 2^121 */
+    felem_reduce(alpha, tmp);
+
+    /* x' = alpha^2 - 8*beta */
+    felem_square(tmp, alpha);
+    /* tmp[i] < 4 * 2^57 * 2^57 = 2^116 */
+    felem_assign(ftmp, beta);
+    felem_scalar(ftmp, 8);
+    /* ftmp[i] < 8 * 2^57 = 2^60 */
+    felem_diff_128_64(tmp, ftmp);
+    /* tmp[i] < 2^116 + 2^64 + 8 < 2^117 */
+    felem_reduce(x_out, tmp);
+
+    /* z' = (y + z)^2 - gamma - delta */
+    felem_sum(delta, gamma);
+    /* delta[i] < 2^57 + 2^57 = 2^58 */
+    felem_assign(ftmp, y_in);
+    felem_sum(ftmp, z_in);
+    /* ftmp[i] < 2^57 + 2^57 = 2^58 */
+    felem_square(tmp, ftmp);
+    /* tmp[i] < 4 * 2^58 * 2^58 = 2^118 */
+    felem_diff_128_64(tmp, delta);
+    /* tmp[i] < 2^118 + 2^64 + 8 < 2^119 */
+    felem_reduce(z_out, tmp);
+
+    /* y' = alpha*(4*beta - x') - 8*gamma^2 */
+    felem_scalar(beta, 4);
+    /* beta[i] < 4 * 2^57 = 2^59 */
+    felem_diff(beta, x_out);
+    /* beta[i] < 2^59 + 2^58 + 2 < 2^60 */
+    felem_mul(tmp, alpha, beta);
+    /* tmp[i] < 4 * 2^57 * 2^60 = 2^119 */
+    felem_square(tmp2, gamma);
+    /* tmp2[i] < 4 * 2^57 * 2^57 = 2^116 */
+    widefelem_scalar(tmp2, 8);
+    /* tmp2[i] < 8 * 2^116 = 2^119 */
+    widefelem_diff(tmp, tmp2);
+    /* tmp[i] < 2^119 + 2^120 < 2^121 */
+    felem_reduce(y_out, tmp);
+}
+
+/*-
+ * Add two elliptic curve points:
+ * (X_1, Y_1, Z_1) + (X_2, Y_2, Z_2) = (X_3, Y_3, Z_3), where
+ * X_3 = (Z_1^3 * Y_2 - Z_2^3 * Y_1)^2 - (Z_1^2 * X_2 - Z_2^2 * X_1)^3 -
+ * 2 * Z_2^2 * X_1 * (Z_1^2 * X_2 - Z_2^2 * X_1)^2
+ * Y_3 = (Z_1^3 * Y_2 - Z_2^3 * Y_1) * (Z_2^2 * X_1 * (Z_1^2 * X_2 - Z_2^2 * X_1)^2 - X_3) -
+ *        Z_2^3 * Y_1 * (Z_1^2 * X_2 - Z_2^2 * X_1)^3
+ * Z_3 = (Z_1^2 * X_2 - Z_2^2 * X_1) * (Z_1 * Z_2)
+ *
+ * This runs faster if 'mixed' is set, which requires Z_2 = 1 or Z_2 = 0.
+ */
+
+/*
+ * This function is not entirely constant-time: it includes a branch for
+ * checking whether the two input points are equal, (while not equal to the
+ * point at infinity). This case never happens during single point
+ * multiplication, so there is no timing leak for ECDH or ECDSA signing.
+ */
+static void point_add(felem x3, felem y3, felem z3,
+                      const felem x1, const felem y1, const felem z1,
+                      const int mixed, const felem x2, const felem y2,
+                      const felem z2)
+{
+    felem ftmp, ftmp2, ftmp3, ftmp4, ftmp5, x_out, y_out, z_out;
+    widefelem tmp, tmp2;
+    limb z1_is_zero, z2_is_zero, x_equal, y_equal;
+
+    if (!mixed) {
+        /* ftmp2 = z2^2 */
+        felem_square(tmp, z2);
+        felem_reduce(ftmp2, tmp);
+
+        /* ftmp4 = z2^3 */
+        felem_mul(tmp, ftmp2, z2);
+        felem_reduce(ftmp4, tmp);
+
+        /* ftmp4 = z2^3*y1 */
+        felem_mul(tmp2, ftmp4, y1);
+        felem_reduce(ftmp4, tmp2);
+
+        /* ftmp2 = z2^2*x1 */
+        felem_mul(tmp2, ftmp2, x1);
+        felem_reduce(ftmp2, tmp2);
+    } else {
+        /*
+         * We'll assume z2 = 1 (special case z2 = 0 is handled later)
+         */
+
+        /* ftmp4 = z2^3*y1 */
+        felem_assign(ftmp4, y1);
+
+        /* ftmp2 = z2^2*x1 */
+        felem_assign(ftmp2, x1);
+    }
+
+    /* ftmp = z1^2 */
+    felem_square(tmp, z1);
+    felem_reduce(ftmp, tmp);
+
+    /* ftmp3 = z1^3 */
+    felem_mul(tmp, ftmp, z1);
+    felem_reduce(ftmp3, tmp);
+
+    /* tmp = z1^3*y2 */
+    felem_mul(tmp, ftmp3, y2);
+    /* tmp[i] < 4 * 2^57 * 2^57 = 2^116 */
+
+    /* ftmp3 = z1^3*y2 - z2^3*y1 */
+    felem_diff_128_64(tmp, ftmp4);
+    /* tmp[i] < 2^116 + 2^64 + 8 < 2^117 */
+    felem_reduce(ftmp3, tmp);
+
+    /* tmp = z1^2*x2 */
+    felem_mul(tmp, ftmp, x2);
+    /* tmp[i] < 4 * 2^57 * 2^57 = 2^116 */
+
+    /* ftmp = z1^2*x2 - z2^2*x1 */
+    felem_diff_128_64(tmp, ftmp2);
+    /* tmp[i] < 2^116 + 2^64 + 8 < 2^117 */
+    felem_reduce(ftmp, tmp);
+
+    /*
+     * the formulae are incorrect if the points are equal so we check for
+     * this and do doubling if this happens
+     */
+    x_equal = felem_is_zero(ftmp);
+    y_equal = felem_is_zero(ftmp3);
+    z1_is_zero = felem_is_zero(z1);
+    z2_is_zero = felem_is_zero(z2);
+    /* In affine coordinates, (X_1, Y_1) == (X_2, Y_2) */
+    if (x_equal && y_equal && !z1_is_zero && !z2_is_zero) {
+        point_double(x3, y3, z3, x1, y1, z1);
+        return;
+    }
+
+    /* ftmp5 = z1*z2 */
+    if (!mixed) {
+        felem_mul(tmp, z1, z2);
+        felem_reduce(ftmp5, tmp);
+    } else {
+        /* special case z2 = 0 is handled later */
+        felem_assign(ftmp5, z1);
+    }
+
+    /* z_out = (z1^2*x2 - z2^2*x1)*(z1*z2) */
+    felem_mul(tmp, ftmp, ftmp5);
+    felem_reduce(z_out, tmp);
+
+    /* ftmp = (z1^2*x2 - z2^2*x1)^2 */
+    felem_assign(ftmp5, ftmp);
+    felem_square(tmp, ftmp);
+    felem_reduce(ftmp, tmp);
+
+    /* ftmp5 = (z1^2*x2 - z2^2*x1)^3 */
+    felem_mul(tmp, ftmp, ftmp5);
+    felem_reduce(ftmp5, tmp);
+
+    /* ftmp2 = z2^2*x1*(z1^2*x2 - z2^2*x1)^2 */
+    felem_mul(tmp, ftmp2, ftmp);
+    felem_reduce(ftmp2, tmp);
+
+    /* tmp = z2^3*y1*(z1^2*x2 - z2^2*x1)^3 */
+    felem_mul(tmp, ftmp4, ftmp5);
+    /* tmp[i] < 4 * 2^57 * 2^57 = 2^116 */
+
+    /* tmp2 = (z1^3*y2 - z2^3*y1)^2 */
+    felem_square(tmp2, ftmp3);
+    /* tmp2[i] < 4 * 2^57 * 2^57 < 2^116 */
+
+    /* tmp2 = (z1^3*y2 - z2^3*y1)^2 - (z1^2*x2 - z2^2*x1)^3 */
+    felem_diff_128_64(tmp2, ftmp5);
+    /* tmp2[i] < 2^116 + 2^64 + 8 < 2^117 */
+
+    /* ftmp5 = 2*z2^2*x1*(z1^2*x2 - z2^2*x1)^2 */
+    felem_assign(ftmp5, ftmp2);
+    felem_scalar(ftmp5, 2);
+    /* ftmp5[i] < 2 * 2^57 = 2^58 */
+
+    /*-
+     * x_out = (z1^3*y2 - z2^3*y1)^2 - (z1^2*x2 - z2^2*x1)^3 -
+     *  2*z2^2*x1*(z1^2*x2 - z2^2*x1)^2
+     */
+    felem_diff_128_64(tmp2, ftmp5);
+    /* tmp2[i] < 2^117 + 2^64 + 8 < 2^118 */
+    felem_reduce(x_out, tmp2);
+
+    /* ftmp2 = z2^2*x1*(z1^2*x2 - z2^2*x1)^2 - x_out */
+    felem_diff(ftmp2, x_out);
+    /* ftmp2[i] < 2^57 + 2^58 + 2 < 2^59 */
+
+    /*
+     * tmp2 = (z1^3*y2 - z2^3*y1)*(z2^2*x1*(z1^2*x2 - z2^2*x1)^2 - x_out)
+     */
+    felem_mul(tmp2, ftmp3, ftmp2);
+    /* tmp2[i] < 4 * 2^57 * 2^59 = 2^118 */
+
+    /*-
+     * y_out = (z1^3*y2 - z2^3*y1)*(z2^2*x1*(z1^2*x2 - z2^2*x1)^2 - x_out) -
+     *  z2^3*y1*(z1^2*x2 - z2^2*x1)^3
+     */
+    widefelem_diff(tmp2, tmp);
+    /* tmp2[i] < 2^118 + 2^120 < 2^121 */
+    felem_reduce(y_out, tmp2);
+
+    /*
+     * the result (x_out, y_out, z_out) is incorrect if one of the inputs is
+     * the point at infinity, so we need to check for this separately
+     */
+
+    /*
+     * if point 1 is at infinity, copy point 2 to output, and vice versa
+     */
+    copy_conditional(x_out, x2, z1_is_zero);
+    copy_conditional(x_out, x1, z2_is_zero);
+    copy_conditional(y_out, y2, z1_is_zero);
+    copy_conditional(y_out, y1, z2_is_zero);
+    copy_conditional(z_out, z2, z1_is_zero);
+    copy_conditional(z_out, z1, z2_is_zero);
+    felem_assign(x3, x_out);
+    felem_assign(y3, y_out);
+    felem_assign(z3, z_out);
+}
+
+/*
+ * select_point selects the |idx|th point from a precomputation table and
+ * copies it to out.
+ * The pre_comp array argument should be size of |size| argument
+ */
+static void select_point(const u64 idx, unsigned int size,
+                         const felem pre_comp[][3], felem out[3])
+{
+    unsigned i, j;
+    limb *outlimbs = &out[0][0];
+
+    memset(out, 0, sizeof(*out) * 3);
+    for (i = 0; i < size; i++) {
+        const limb *inlimbs = &pre_comp[i][0][0];
+        u64 mask = i ^ idx;
+        mask |= mask >> 4;
+        mask |= mask >> 2;
+        mask |= mask >> 1;
+        mask &= 1;
+        mask--;
+        for (j = 0; j < 4 * 3; j++)
+            outlimbs[j] |= inlimbs[j] & mask;
+    }
+}
+
+/* get_bit returns the |i|th bit in |in| */
+static char get_bit(const felem_bytearray in, unsigned i)
+{
+    if (i >= 224)
+        return 0;
+    return (in[i >> 3] >> (i & 7)) & 1;
+}
+
+/*
+ * Interleaved point multiplication using precomputed point multiples: The
+ * small point multiples 0*P, 1*P, ..., 16*P are in pre_comp[], the scalars
+ * in scalars[]. If g_scalar is non-NULL, we also add this multiple of the
+ * generator, using certain (large) precomputed multiples in g_pre_comp.
+ * Output point (X, Y, Z) is stored in x_out, y_out, z_out
+ */
+static void batch_mul(felem x_out, felem y_out, felem z_out,
+                      const felem_bytearray scalars[],
+                      const unsigned num_points, const u8 *g_scalar,
+                      const int mixed, const felem pre_comp[][17][3],
+                      const felem g_pre_comp[2][16][3])
+{
+    int i, skip;
+    unsigned num;
+    unsigned gen_mul = (g_scalar != NULL);
+    felem nq[3], tmp[4];
+    u64 bits;
+    u8 sign, digit;
+
+    /* set nq to the point at infinity */
+    memset(nq, 0, sizeof(nq));
+
+    /*
+     * Loop over all scalars msb-to-lsb, interleaving additions of multiples
+     * of the generator (two in each of the last 28 rounds) and additions of
+     * other points multiples (every 5th round).
+     */
+    skip = 1;                   /* save two point operations in the first
+                                 * round */
+    for (i = (num_points ? 220 : 27); i >= 0; --i) {
+        /* double */
+        if (!skip)
+            point_double(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2]);
+
+        /* add multiples of the generator */
+        if (gen_mul && (i <= 27)) {
+            /* first, look 28 bits upwards */
+            bits = get_bit(g_scalar, i + 196) << 3;
+            bits |= get_bit(g_scalar, i + 140) << 2;
+            bits |= get_bit(g_scalar, i + 84) << 1;
+            bits |= get_bit(g_scalar, i + 28);
+            /* select the point to add, in constant time */
+            select_point(bits, 16, g_pre_comp[1], tmp);
+
+            if (!skip) {
+                /* value 1 below is argument for "mixed" */
+                point_add(nq[0], nq[1], nq[2],
+                          nq[0], nq[1], nq[2], 1, tmp[0], tmp[1], tmp[2]);
+            } else {
+                memcpy(nq, tmp, 3 * sizeof(felem));
+                skip = 0;
+            }
+
+            /* second, look at the current position */
+            bits = get_bit(g_scalar, i + 168) << 3;
+            bits |= get_bit(g_scalar, i + 112) << 2;
+            bits |= get_bit(g_scalar, i + 56) << 1;
+            bits |= get_bit(g_scalar, i);
+            /* select the point to add, in constant time */
+            select_point(bits, 16, g_pre_comp[0], tmp);
+            point_add(nq[0], nq[1], nq[2],
+                      nq[0], nq[1], nq[2],
+                      1 /* mixed */ , tmp[0], tmp[1], tmp[2]);
+        }
+
+        /* do other additions every 5 doublings */
+        if (num_points && (i % 5 == 0)) {
+            /* loop over all scalars */
+            for (num = 0; num < num_points; ++num) {
+                bits = get_bit(scalars[num], i + 4) << 5;
+                bits |= get_bit(scalars[num], i + 3) << 4;
+                bits |= get_bit(scalars[num], i + 2) << 3;
+                bits |= get_bit(scalars[num], i + 1) << 2;
+                bits |= get_bit(scalars[num], i) << 1;
+                bits |= get_bit(scalars[num], i - 1);
+                ec_GFp_nistp_recode_scalar_bits(&sign, &digit, bits);
+
+                /* select the point to add or subtract */
+                select_point(digit, 17, pre_comp[num], tmp);
+                felem_neg(tmp[3], tmp[1]); /* (X, -Y, Z) is the negative
+                                            * point */
+                copy_conditional(tmp[1], tmp[3], sign);
+
+                if (!skip) {
+                    point_add(nq[0], nq[1], nq[2],
+                              nq[0], nq[1], nq[2],
+                              mixed, tmp[0], tmp[1], tmp[2]);
+                } else {
+                    memcpy(nq, tmp, 3 * sizeof(felem));
+                    skip = 0;
+                }
+            }
+        }
+    }
+    felem_assign(x_out, nq[0]);
+    felem_assign(y_out, nq[1]);
+    felem_assign(z_out, nq[2]);
+}
+
+/******************************************************************************/
+/*
+ * FUNCTIONS TO MANAGE PRECOMPUTATION
+ */
+
+static NISTP224_PRE_COMP *nistp224_pre_comp_new(void)
+{
+    NISTP224_PRE_COMP *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (!ret) {
+        ECerr(EC_F_NISTP224_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
+        return ret;
+    }
+
+    ret->references = 1;
+
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        ECerr(EC_F_NISTP224_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+NISTP224_PRE_COMP *EC_nistp224_pre_comp_dup(NISTP224_PRE_COMP *p)
+{
+    int i;
+    if (p != NULL)
+        CRYPTO_UP_REF(&p->references, &i, p->lock);
+    return p;
+}
+
+void EC_nistp224_pre_comp_free(NISTP224_PRE_COMP *p)
+{
+    int i;
+
+    if (p == NULL)
+        return;
+
+    CRYPTO_DOWN_REF(&p->references, &i, p->lock);
+    REF_PRINT_COUNT("EC_nistp224", x);
+    if (i > 0)
+        return;
+    REF_ASSERT_ISNT(i < 0);
+
+    CRYPTO_THREAD_lock_free(p->lock);
+    OPENSSL_free(p);
+}
+
+/******************************************************************************/
+/*
+ * OPENSSL EC_METHOD FUNCTIONS
+ */
+
+int ec_GFp_nistp224_group_init(EC_GROUP *group)
+{
+    int ret;
+    ret = ec_GFp_simple_group_init(group);
+    group->a_is_minus3 = 1;
+    return ret;
+}
+
+int ec_GFp_nistp224_group_set_curve(EC_GROUP *group, const BIGNUM *p,
+                                    const BIGNUM *a, const BIGNUM *b,
+                                    BN_CTX *ctx)
+{
+    int ret = 0;
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *curve_p, *curve_a, *curve_b;
+
+    if (ctx == NULL)
+        if ((ctx = new_ctx = BN_CTX_new()) == NULL)
+            return 0;
+    BN_CTX_start(ctx);
+    curve_p = BN_CTX_get(ctx);
+    curve_a = BN_CTX_get(ctx);
+    curve_b = BN_CTX_get(ctx);
+    if (curve_b == NULL)
+        goto err;
+    BN_bin2bn(nistp224_curve_params[0], sizeof(felem_bytearray), curve_p);
+    BN_bin2bn(nistp224_curve_params[1], sizeof(felem_bytearray), curve_a);
+    BN_bin2bn(nistp224_curve_params[2], sizeof(felem_bytearray), curve_b);
+    if ((BN_cmp(curve_p, p)) || (BN_cmp(curve_a, a)) || (BN_cmp(curve_b, b))) {
+        ECerr(EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE,
+              EC_R_WRONG_CURVE_PARAMETERS);
+        goto err;
+    }
+    group->field_mod_func = BN_nist_mod_224;
+    ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+/*
+ * Takes the Jacobian coordinates (X, Y, Z) of a point and returns (X', Y') =
+ * (X/Z^2, Y/Z^3)
+ */
+int ec_GFp_nistp224_point_get_affine_coordinates(const EC_GROUP *group,
+                                                 const EC_POINT *point,
+                                                 BIGNUM *x, BIGNUM *y,
+                                                 BN_CTX *ctx)
+{
+    felem z1, z2, x_in, y_in, x_out, y_out;
+    widefelem tmp;
+
+    if (EC_POINT_is_at_infinity(group, point)) {
+        ECerr(EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES,
+              EC_R_POINT_AT_INFINITY);
+        return 0;
+    }
+    if ((!BN_to_felem(x_in, point->X)) || (!BN_to_felem(y_in, point->Y)) ||
+        (!BN_to_felem(z1, point->Z)))
+        return 0;
+    felem_inv(z2, z1);
+    felem_square(tmp, z2);
+    felem_reduce(z1, tmp);
+    felem_mul(tmp, x_in, z1);
+    felem_reduce(x_in, tmp);
+    felem_contract(x_out, x_in);
+    if (x != NULL) {
+        if (!felem_to_BN(x, x_out)) {
+            ECerr(EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES,
+                  ERR_R_BN_LIB);
+            return 0;
+        }
+    }
+    felem_mul(tmp, z1, z2);
+    felem_reduce(z1, tmp);
+    felem_mul(tmp, y_in, z1);
+    felem_reduce(y_in, tmp);
+    felem_contract(y_out, y_in);
+    if (y != NULL) {
+        if (!felem_to_BN(y, y_out)) {
+            ECerr(EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES,
+                  ERR_R_BN_LIB);
+            return 0;
+        }
+    }
+    return 1;
+}
+
+static void make_points_affine(size_t num, felem points[ /* num */ ][3],
+                               felem tmp_felems[ /* num+1 */ ])
+{
+    /*
+     * Runs in constant time, unless an input is the point at infinity (which
+     * normally shouldn't happen).
+     */
+    ec_GFp_nistp_points_make_affine_internal(num,
+                                             points,
+                                             sizeof(felem),
+                                             tmp_felems,
+                                             (void (*)(void *))felem_one,
+                                             felem_is_zero_int,
+                                             (void (*)(void *, const void *))
+                                             felem_assign,
+                                             (void (*)(void *, const void *))
+                                             felem_square_reduce, (void (*)
+                                                                   (void *,
+                                                                    const void
+                                                                    *,
+                                                                    const void
+                                                                    *))
+                                             felem_mul_reduce,
+                                             (void (*)(void *, const void *))
+                                             felem_inv,
+                                             (void (*)(void *, const void *))
+                                             felem_contract);
+}
+
+/*
+ * Computes scalar*generator + \sum scalars[i]*points[i], ignoring NULL
+ * values Result is stored in r (r can equal one of the inputs).
+ */
+int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r,
+                               const BIGNUM *scalar, size_t num,
+                               const EC_POINT *points[],
+                               const BIGNUM *scalars[], BN_CTX *ctx)
+{
+    int ret = 0;
+    int j;
+    unsigned i;
+    int mixed = 0;
+    BIGNUM *x, *y, *z, *tmp_scalar;
+    felem_bytearray g_secret;
+    felem_bytearray *secrets = NULL;
+    felem (*pre_comp)[17][3] = NULL;
+    felem *tmp_felems = NULL;
+    felem_bytearray tmp;
+    unsigned num_bytes;
+    int have_pre_comp = 0;
+    size_t num_points = num;
+    felem x_in, y_in, z_in, x_out, y_out, z_out;
+    NISTP224_PRE_COMP *pre = NULL;
+    const felem(*g_pre_comp)[16][3] = NULL;
+    EC_POINT *generator = NULL;
+    const EC_POINT *p = NULL;
+    const BIGNUM *p_scalar = NULL;
+
+    BN_CTX_start(ctx);
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    z = BN_CTX_get(ctx);
+    tmp_scalar = BN_CTX_get(ctx);
+    if (tmp_scalar == NULL)
+        goto err;
+
+    if (scalar != NULL) {
+        pre = group->pre_comp.nistp224;
+        if (pre)
+            /* we have precomputation, try to use it */
+            g_pre_comp = (const felem(*)[16][3])pre->g_pre_comp;
+        else
+            /* try to use the standard precomputation */
+            g_pre_comp = &gmul[0];
+        generator = EC_POINT_new(group);
+        if (generator == NULL)
+            goto err;
+        /* get the generator from precomputation */
+        if (!felem_to_BN(x, g_pre_comp[0][1][0]) ||
+            !felem_to_BN(y, g_pre_comp[0][1][1]) ||
+            !felem_to_BN(z, g_pre_comp[0][1][2])) {
+            ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB);
+            goto err;
+        }
+        if (!EC_POINT_set_Jprojective_coordinates_GFp(group,
+                                                      generator, x, y, z,
+                                                      ctx))
+            goto err;
+        if (0 == EC_POINT_cmp(group, generator, group->generator, ctx))
+            /* precomputation matches generator */
+            have_pre_comp = 1;
+        else
+            /*
+             * we don't have valid precomputation: treat the generator as a
+             * random point
+             */
+            num_points = num_points + 1;
+    }
+
+    if (num_points > 0) {
+        if (num_points >= 3) {
+            /*
+             * unless we precompute multiples for just one or two points,
+             * converting those into affine form is time well spent
+             */
+            mixed = 1;
+        }
+        secrets = OPENSSL_zalloc(sizeof(*secrets) * num_points);
+        pre_comp = OPENSSL_zalloc(sizeof(*pre_comp) * num_points);
+        if (mixed)
+            tmp_felems =
+                OPENSSL_malloc(sizeof(felem) * (num_points * 17 + 1));
+        if ((secrets == NULL) || (pre_comp == NULL)
+            || (mixed && (tmp_felems == NULL))) {
+            ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        /*
+         * we treat NULL scalars as 0, and NULL points as points at infinity,
+         * i.e., they contribute nothing to the linear combination
+         */
+        for (i = 0; i < num_points; ++i) {
+            if (i == num)
+                /* the generator */
+            {
+                p = EC_GROUP_get0_generator(group);
+                p_scalar = scalar;
+            } else
+                /* the i^th point */
+            {
+                p = points[i];
+                p_scalar = scalars[i];
+            }
+            if ((p_scalar != NULL) && (p != NULL)) {
+                /* reduce scalar to 0 <= scalar < 2^224 */
+                if ((BN_num_bits(p_scalar) > 224)
+                    || (BN_is_negative(p_scalar))) {
+                    /*
+                     * this is an unusual input, and we don't guarantee
+                     * constant-timeness
+                     */
+                    if (!BN_nnmod(tmp_scalar, p_scalar, group->order, ctx)) {
+                        ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB);
+                        goto err;
+                    }
+                    num_bytes = BN_bn2bin(tmp_scalar, tmp);
+                } else
+                    num_bytes = BN_bn2bin(p_scalar, tmp);
+                flip_endian(secrets[i], tmp, num_bytes);
+                /* precompute multiples */
+                if ((!BN_to_felem(x_out, p->X)) ||
+                    (!BN_to_felem(y_out, p->Y)) ||
+                    (!BN_to_felem(z_out, p->Z)))
+                    goto err;
+                felem_assign(pre_comp[i][1][0], x_out);
+                felem_assign(pre_comp[i][1][1], y_out);
+                felem_assign(pre_comp[i][1][2], z_out);
+                for (j = 2; j <= 16; ++j) {
+                    if (j & 1) {
+                        point_add(pre_comp[i][j][0], pre_comp[i][j][1],
+                                  pre_comp[i][j][2], pre_comp[i][1][0],
+                                  pre_comp[i][1][1], pre_comp[i][1][2], 0,
+                                  pre_comp[i][j - 1][0],
+                                  pre_comp[i][j - 1][1],
+                                  pre_comp[i][j - 1][2]);
+                    } else {
+                        point_double(pre_comp[i][j][0], pre_comp[i][j][1],
+                                     pre_comp[i][j][2], pre_comp[i][j / 2][0],
+                                     pre_comp[i][j / 2][1],
+                                     pre_comp[i][j / 2][2]);
+                    }
+                }
+            }
+        }
+        if (mixed)
+            make_points_affine(num_points * 17, pre_comp[0], tmp_felems);
+    }
+
+    /* the scalar for the generator */
+    if ((scalar != NULL) && (have_pre_comp)) {
+        memset(g_secret, 0, sizeof(g_secret));
+        /* reduce scalar to 0 <= scalar < 2^224 */
+        if ((BN_num_bits(scalar) > 224) || (BN_is_negative(scalar))) {
+            /*
+             * this is an unusual input, and we don't guarantee
+             * constant-timeness
+             */
+            if (!BN_nnmod(tmp_scalar, scalar, group->order, ctx)) {
+                ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB);
+                goto err;
+            }
+            num_bytes = BN_bn2bin(tmp_scalar, tmp);
+        } else
+            num_bytes = BN_bn2bin(scalar, tmp);
+        flip_endian(g_secret, tmp, num_bytes);
+        /* do the multiplication with generator precomputation */
+        batch_mul(x_out, y_out, z_out,
+                  (const felem_bytearray(*))secrets, num_points,
+                  g_secret,
+                  mixed, (const felem(*)[17][3])pre_comp, g_pre_comp);
+    } else
+        /* do the multiplication without generator precomputation */
+        batch_mul(x_out, y_out, z_out,
+                  (const felem_bytearray(*))secrets, num_points,
+                  NULL, mixed, (const felem(*)[17][3])pre_comp, NULL);
+    /* reduce the output to its unique minimal representation */
+    felem_contract(x_in, x_out);
+    felem_contract(y_in, y_out);
+    felem_contract(z_in, z_out);
+    if ((!felem_to_BN(x, x_in)) || (!felem_to_BN(y, y_in)) ||
+        (!felem_to_BN(z, z_in))) {
+        ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB);
+        goto err;
+    }
+    ret = EC_POINT_set_Jprojective_coordinates_GFp(group, r, x, y, z, ctx);
+
+ err:
+    BN_CTX_end(ctx);
+    EC_POINT_free(generator);
+    OPENSSL_free(secrets);
+    OPENSSL_free(pre_comp);
+    OPENSSL_free(tmp_felems);
+    return ret;
+}
+
+int ec_GFp_nistp224_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
+{
+    int ret = 0;
+    NISTP224_PRE_COMP *pre = NULL;
+    int i, j;
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *x, *y;
+    EC_POINT *generator = NULL;
+    felem tmp_felems[32];
+
+    /* throw away old precomputation */
+    EC_pre_comp_free(group);
+    if (ctx == NULL)
+        if ((ctx = new_ctx = BN_CTX_new()) == NULL)
+            return 0;
+    BN_CTX_start(ctx);
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    if (y == NULL)
+        goto err;
+    /* get the generator */
+    if (group->generator == NULL)
+        goto err;
+    generator = EC_POINT_new(group);
+    if (generator == NULL)
+        goto err;
+    BN_bin2bn(nistp224_curve_params[3], sizeof(felem_bytearray), x);
+    BN_bin2bn(nistp224_curve_params[4], sizeof(felem_bytearray), y);
+    if (!EC_POINT_set_affine_coordinates(group, generator, x, y, ctx))
+        goto err;
+    if ((pre = nistp224_pre_comp_new()) == NULL)
+        goto err;
+    /*
+     * if the generator is the standard one, use built-in precomputation
+     */
+    if (0 == EC_POINT_cmp(group, generator, group->generator, ctx)) {
+        memcpy(pre->g_pre_comp, gmul, sizeof(pre->g_pre_comp));
+        goto done;
+    }
+    if ((!BN_to_felem(pre->g_pre_comp[0][1][0], group->generator->X)) ||
+        (!BN_to_felem(pre->g_pre_comp[0][1][1], group->generator->Y)) ||
+        (!BN_to_felem(pre->g_pre_comp[0][1][2], group->generator->Z)))
+        goto err;
+    /*
+     * compute 2^56*G, 2^112*G, 2^168*G for the first table, 2^28*G, 2^84*G,
+     * 2^140*G, 2^196*G for the second one
+     */
+    for (i = 1; i <= 8; i <<= 1) {
+        point_double(pre->g_pre_comp[1][i][0], pre->g_pre_comp[1][i][1],
+                     pre->g_pre_comp[1][i][2], pre->g_pre_comp[0][i][0],
+                     pre->g_pre_comp[0][i][1], pre->g_pre_comp[0][i][2]);
+        for (j = 0; j < 27; ++j) {
+            point_double(pre->g_pre_comp[1][i][0], pre->g_pre_comp[1][i][1],
+                         pre->g_pre_comp[1][i][2], pre->g_pre_comp[1][i][0],
+                         pre->g_pre_comp[1][i][1], pre->g_pre_comp[1][i][2]);
+        }
+        if (i == 8)
+            break;
+        point_double(pre->g_pre_comp[0][2 * i][0],
+                     pre->g_pre_comp[0][2 * i][1],
+                     pre->g_pre_comp[0][2 * i][2], pre->g_pre_comp[1][i][0],
+                     pre->g_pre_comp[1][i][1], pre->g_pre_comp[1][i][2]);
+        for (j = 0; j < 27; ++j) {
+            point_double(pre->g_pre_comp[0][2 * i][0],
+                         pre->g_pre_comp[0][2 * i][1],
+                         pre->g_pre_comp[0][2 * i][2],
+                         pre->g_pre_comp[0][2 * i][0],
+                         pre->g_pre_comp[0][2 * i][1],
+                         pre->g_pre_comp[0][2 * i][2]);
+        }
+    }
+    for (i = 0; i < 2; i++) {
+        /* g_pre_comp[i][0] is the point at infinity */
+        memset(pre->g_pre_comp[i][0], 0, sizeof(pre->g_pre_comp[i][0]));
+        /* the remaining multiples */
+        /* 2^56*G + 2^112*G resp. 2^84*G + 2^140*G */
+        point_add(pre->g_pre_comp[i][6][0], pre->g_pre_comp[i][6][1],
+                  pre->g_pre_comp[i][6][2], pre->g_pre_comp[i][4][0],
+                  pre->g_pre_comp[i][4][1], pre->g_pre_comp[i][4][2],
+                  0, pre->g_pre_comp[i][2][0], pre->g_pre_comp[i][2][1],
+                  pre->g_pre_comp[i][2][2]);
+        /* 2^56*G + 2^168*G resp. 2^84*G + 2^196*G */
+        point_add(pre->g_pre_comp[i][10][0], pre->g_pre_comp[i][10][1],
+                  pre->g_pre_comp[i][10][2], pre->g_pre_comp[i][8][0],
+                  pre->g_pre_comp[i][8][1], pre->g_pre_comp[i][8][2],
+                  0, pre->g_pre_comp[i][2][0], pre->g_pre_comp[i][2][1],
+                  pre->g_pre_comp[i][2][2]);
+        /* 2^112*G + 2^168*G resp. 2^140*G + 2^196*G */
+        point_add(pre->g_pre_comp[i][12][0], pre->g_pre_comp[i][12][1],
+                  pre->g_pre_comp[i][12][2], pre->g_pre_comp[i][8][0],
+                  pre->g_pre_comp[i][8][1], pre->g_pre_comp[i][8][2],
+                  0, pre->g_pre_comp[i][4][0], pre->g_pre_comp[i][4][1],
+                  pre->g_pre_comp[i][4][2]);
+        /*
+         * 2^56*G + 2^112*G + 2^168*G resp. 2^84*G + 2^140*G + 2^196*G
+         */
+        point_add(pre->g_pre_comp[i][14][0], pre->g_pre_comp[i][14][1],
+                  pre->g_pre_comp[i][14][2], pre->g_pre_comp[i][12][0],
+                  pre->g_pre_comp[i][12][1], pre->g_pre_comp[i][12][2],
+                  0, pre->g_pre_comp[i][2][0], pre->g_pre_comp[i][2][1],
+                  pre->g_pre_comp[i][2][2]);
+        for (j = 1; j < 8; ++j) {
+            /* odd multiples: add G resp. 2^28*G */
+            point_add(pre->g_pre_comp[i][2 * j + 1][0],
+                      pre->g_pre_comp[i][2 * j + 1][1],
+                      pre->g_pre_comp[i][2 * j + 1][2],
+                      pre->g_pre_comp[i][2 * j][0],
+                      pre->g_pre_comp[i][2 * j][1],
+                      pre->g_pre_comp[i][2 * j][2], 0,
+                      pre->g_pre_comp[i][1][0], pre->g_pre_comp[i][1][1],
+                      pre->g_pre_comp[i][1][2]);
+        }
+    }
+    make_points_affine(31, &(pre->g_pre_comp[0][1]), tmp_felems);
+
+ done:
+    SETPRECOMP(group, nistp224, pre);
+    pre = NULL;
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    EC_POINT_free(generator);
+    BN_CTX_free(new_ctx);
+    EC_nistp224_pre_comp_free(pre);
+    return ret;
+}
+
+int ec_GFp_nistp224_have_precompute_mult(const EC_GROUP *group)
+{
+    return HAVEPRECOMP(group, nistp224);
+}
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_nistp256.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_nistp256.c
new file mode 100644
index 000000000..a21e5f78f
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_nistp256.c
@@ -0,0 +1,2355 @@
+/*
+ * Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Copyright 2011 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ *
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/*
+ * A 64-bit implementation of the NIST P-256 elliptic curve point multiplication
+ *
+ * OpenSSL integration was taken from Emilia Kasper's work in ecp_nistp224.c.
+ * Otherwise based on Emilia's P224 work, which was inspired by my curve25519
+ * work which got its smarts from Daniel J. Bernstein's work on the same.
+ */
+
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_EC_NISTP_64_GCC_128
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <stdint.h>
+# include <string.h>
+# include <openssl/err.h>
+# include "ec_lcl.h"
+
+# if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16
+  /* even with gcc, the typedef won't work for 32-bit platforms */
+typedef __uint128_t uint128_t;  /* nonstandard; implemented by gcc on 64-bit
+                                 * platforms */
+typedef __int128_t int128_t;
+# else
+#  error "Your compiler doesn't appear to support 128-bit integer types"
+# endif
+
+typedef uint8_t u8;
+typedef uint32_t u32;
+typedef uint64_t u64;
+
+/*
+ * The underlying field. P256 operates over GF(2^256-2^224+2^192+2^96-1). We
+ * can serialise an element of this field into 32 bytes. We call this an
+ * felem_bytearray.
+ */
+
+typedef u8 felem_bytearray[32];
+
+/*
+ * These are the parameters of P256, taken from FIPS 186-3, page 86. These
+ * values are big-endian.
+ */
+static const felem_bytearray nistp256_curve_params[5] = {
+    {0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, /* p */
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
+     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+    {0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, /* a = -3 */
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
+     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc}, /* b */
+    {0x5a, 0xc6, 0x35, 0xd8, 0xaa, 0x3a, 0x93, 0xe7,
+     0xb3, 0xeb, 0xbd, 0x55, 0x76, 0x98, 0x86, 0xbc,
+     0x65, 0x1d, 0x06, 0xb0, 0xcc, 0x53, 0xb0, 0xf6,
+     0x3b, 0xce, 0x3c, 0x3e, 0x27, 0xd2, 0x60, 0x4b},
+    {0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, /* x */
+     0xf8, 0xbc, 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2,
+     0x77, 0x03, 0x7d, 0x81, 0x2d, 0xeb, 0x33, 0xa0,
+     0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96},
+    {0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, /* y */
+     0x8e, 0xe7, 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16,
+     0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce,
+     0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5}
+};
+
+/*-
+ * The representation of field elements.
+ * ------------------------------------
+ *
+ * We represent field elements with either four 128-bit values, eight 128-bit
+ * values, or four 64-bit values. The field element represented is:
+ *   v[0]*2^0 + v[1]*2^64 + v[2]*2^128 + v[3]*2^192  (mod p)
+ * or:
+ *   v[0]*2^0 + v[1]*2^64 + v[2]*2^128 + ... + v[8]*2^512  (mod p)
+ *
+ * 128-bit values are called 'limbs'. Since the limbs are spaced only 64 bits
+ * apart, but are 128-bits wide, the most significant bits of each limb overlap
+ * with the least significant bits of the next.
+ *
+ * A field element with four limbs is an 'felem'. One with eight limbs is a
+ * 'longfelem'
+ *
+ * A field element with four, 64-bit values is called a 'smallfelem'. Small
+ * values are used as intermediate values before multiplication.
+ */
+
+# define NLIMBS 4
+
+typedef uint128_t limb;
+typedef limb felem[NLIMBS];
+typedef limb longfelem[NLIMBS * 2];
+typedef u64 smallfelem[NLIMBS];
+
+/* This is the value of the prime as four 64-bit words, little-endian. */
+static const u64 kPrime[4] =
+    { 0xfffffffffffffffful, 0xffffffff, 0, 0xffffffff00000001ul };
+static const u64 bottom63bits = 0x7ffffffffffffffful;
+
+/*
+ * bin32_to_felem takes a little-endian byte array and converts it into felem
+ * form. This assumes that the CPU is little-endian.
+ */
+static void bin32_to_felem(felem out, const u8 in[32])
+{
+    out[0] = *((u64 *)&in[0]);
+    out[1] = *((u64 *)&in[8]);
+    out[2] = *((u64 *)&in[16]);
+    out[3] = *((u64 *)&in[24]);
+}
+
+/*
+ * smallfelem_to_bin32 takes a smallfelem and serialises into a little
+ * endian, 32 byte array. This assumes that the CPU is little-endian.
+ */
+static void smallfelem_to_bin32(u8 out[32], const smallfelem in)
+{
+    *((u64 *)&out[0]) = in[0];
+    *((u64 *)&out[8]) = in[1];
+    *((u64 *)&out[16]) = in[2];
+    *((u64 *)&out[24]) = in[3];
+}
+
+/* To preserve endianness when using BN_bn2bin and BN_bin2bn */
+static void flip_endian(u8 *out, const u8 *in, unsigned len)
+{
+    unsigned i;
+    for (i = 0; i < len; ++i)
+        out[i] = in[len - 1 - i];
+}
+
+/* BN_to_felem converts an OpenSSL BIGNUM into an felem */
+static int BN_to_felem(felem out, const BIGNUM *bn)
+{
+    felem_bytearray b_in;
+    felem_bytearray b_out;
+    unsigned num_bytes;
+
+    /* BN_bn2bin eats leading zeroes */
+    memset(b_out, 0, sizeof(b_out));
+    num_bytes = BN_num_bytes(bn);
+    if (num_bytes > sizeof(b_out)) {
+        ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE);
+        return 0;
+    }
+    if (BN_is_negative(bn)) {
+        ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE);
+        return 0;
+    }
+    num_bytes = BN_bn2bin(bn, b_in);
+    flip_endian(b_out, b_in, num_bytes);
+    bin32_to_felem(out, b_out);
+    return 1;
+}
+
+/* felem_to_BN converts an felem into an OpenSSL BIGNUM */
+static BIGNUM *smallfelem_to_BN(BIGNUM *out, const smallfelem in)
+{
+    felem_bytearray b_in, b_out;
+    smallfelem_to_bin32(b_in, in);
+    flip_endian(b_out, b_in, sizeof(b_out));
+    return BN_bin2bn(b_out, sizeof(b_out), out);
+}
+
+/*-
+ * Field operations
+ * ----------------
+ */
+
+static void smallfelem_one(smallfelem out)
+{
+    out[0] = 1;
+    out[1] = 0;
+    out[2] = 0;
+    out[3] = 0;
+}
+
+static void smallfelem_assign(smallfelem out, const smallfelem in)
+{
+    out[0] = in[0];
+    out[1] = in[1];
+    out[2] = in[2];
+    out[3] = in[3];
+}
+
+static void felem_assign(felem out, const felem in)
+{
+    out[0] = in[0];
+    out[1] = in[1];
+    out[2] = in[2];
+    out[3] = in[3];
+}
+
+/* felem_sum sets out = out + in. */
+static void felem_sum(felem out, const felem in)
+{
+    out[0] += in[0];
+    out[1] += in[1];
+    out[2] += in[2];
+    out[3] += in[3];
+}
+
+/* felem_small_sum sets out = out + in. */
+static void felem_small_sum(felem out, const smallfelem in)
+{
+    out[0] += in[0];
+    out[1] += in[1];
+    out[2] += in[2];
+    out[3] += in[3];
+}
+
+/* felem_scalar sets out = out * scalar */
+static void felem_scalar(felem out, const u64 scalar)
+{
+    out[0] *= scalar;
+    out[1] *= scalar;
+    out[2] *= scalar;
+    out[3] *= scalar;
+}
+
+/* longfelem_scalar sets out = out * scalar */
+static void longfelem_scalar(longfelem out, const u64 scalar)
+{
+    out[0] *= scalar;
+    out[1] *= scalar;
+    out[2] *= scalar;
+    out[3] *= scalar;
+    out[4] *= scalar;
+    out[5] *= scalar;
+    out[6] *= scalar;
+    out[7] *= scalar;
+}
+
+# define two105m41m9 (((limb)1) << 105) - (((limb)1) << 41) - (((limb)1) << 9)
+# define two105 (((limb)1) << 105)
+# define two105m41p9 (((limb)1) << 105) - (((limb)1) << 41) + (((limb)1) << 9)
+
+/* zero105 is 0 mod p */
+static const felem zero105 =
+    { two105m41m9, two105, two105m41p9, two105m41p9 };
+
+/*-
+ * smallfelem_neg sets |out| to |-small|
+ * On exit:
+ *   out[i] < out[i] + 2^105
+ */
+static void smallfelem_neg(felem out, const smallfelem small)
+{
+    /* In order to prevent underflow, we subtract from 0 mod p. */
+    out[0] = zero105[0] - small[0];
+    out[1] = zero105[1] - small[1];
+    out[2] = zero105[2] - small[2];
+    out[3] = zero105[3] - small[3];
+}
+
+/*-
+ * felem_diff subtracts |in| from |out|
+ * On entry:
+ *   in[i] < 2^104
+ * On exit:
+ *   out[i] < out[i] + 2^105
+ */
+static void felem_diff(felem out, const felem in)
+{
+    /*
+     * In order to prevent underflow, we add 0 mod p before subtracting.
+     */
+    out[0] += zero105[0];
+    out[1] += zero105[1];
+    out[2] += zero105[2];
+    out[3] += zero105[3];
+
+    out[0] -= in[0];
+    out[1] -= in[1];
+    out[2] -= in[2];
+    out[3] -= in[3];
+}
+
+# define two107m43m11 (((limb)1) << 107) - (((limb)1) << 43) - (((limb)1) << 11)
+# define two107 (((limb)1) << 107)
+# define two107m43p11 (((limb)1) << 107) - (((limb)1) << 43) + (((limb)1) << 11)
+
+/* zero107 is 0 mod p */
+static const felem zero107 =
+    { two107m43m11, two107, two107m43p11, two107m43p11 };
+
+/*-
+ * An alternative felem_diff for larger inputs |in|
+ * felem_diff_zero107 subtracts |in| from |out|
+ * On entry:
+ *   in[i] < 2^106
+ * On exit:
+ *   out[i] < out[i] + 2^107
+ */
+static void felem_diff_zero107(felem out, const felem in)
+{
+    /*
+     * In order to prevent underflow, we add 0 mod p before subtracting.
+     */
+    out[0] += zero107[0];
+    out[1] += zero107[1];
+    out[2] += zero107[2];
+    out[3] += zero107[3];
+
+    out[0] -= in[0];
+    out[1] -= in[1];
+    out[2] -= in[2];
+    out[3] -= in[3];
+}
+
+/*-
+ * longfelem_diff subtracts |in| from |out|
+ * On entry:
+ *   in[i] < 7*2^67
+ * On exit:
+ *   out[i] < out[i] + 2^70 + 2^40
+ */
+static void longfelem_diff(longfelem out, const longfelem in)
+{
+    static const limb two70m8p6 =
+        (((limb) 1) << 70) - (((limb) 1) << 8) + (((limb) 1) << 6);
+    static const limb two70p40 = (((limb) 1) << 70) + (((limb) 1) << 40);
+    static const limb two70 = (((limb) 1) << 70);
+    static const limb two70m40m38p6 =
+        (((limb) 1) << 70) - (((limb) 1) << 40) - (((limb) 1) << 38) +
+        (((limb) 1) << 6);
+    static const limb two70m6 = (((limb) 1) << 70) - (((limb) 1) << 6);
+
+    /* add 0 mod p to avoid underflow */
+    out[0] += two70m8p6;
+    out[1] += two70p40;
+    out[2] += two70;
+    out[3] += two70m40m38p6;
+    out[4] += two70m6;
+    out[5] += two70m6;
+    out[6] += two70m6;
+    out[7] += two70m6;
+
+    /* in[i] < 7*2^67 < 2^70 - 2^40 - 2^38 + 2^6 */
+    out[0] -= in[0];
+    out[1] -= in[1];
+    out[2] -= in[2];
+    out[3] -= in[3];
+    out[4] -= in[4];
+    out[5] -= in[5];
+    out[6] -= in[6];
+    out[7] -= in[7];
+}
+
+# define two64m0 (((limb)1) << 64) - 1
+# define two110p32m0 (((limb)1) << 110) + (((limb)1) << 32) - 1
+# define two64m46 (((limb)1) << 64) - (((limb)1) << 46)
+# define two64m32 (((limb)1) << 64) - (((limb)1) << 32)
+
+/* zero110 is 0 mod p */
+static const felem zero110 = { two64m0, two110p32m0, two64m46, two64m32 };
+
+/*-
+ * felem_shrink converts an felem into a smallfelem. The result isn't quite
+ * minimal as the value may be greater than p.
+ *
+ * On entry:
+ *   in[i] < 2^109
+ * On exit:
+ *   out[i] < 2^64
+ */
+static void felem_shrink(smallfelem out, const felem in)
+{
+    felem tmp;
+    u64 a, b, mask;
+    u64 high, low;
+    static const u64 kPrime3Test = 0x7fffffff00000001ul; /* 2^63 - 2^32 + 1 */
+
+    /* Carry 2->3 */
+    tmp[3] = zero110[3] + in[3] + ((u64)(in[2] >> 64));
+    /* tmp[3] < 2^110 */
+
+    tmp[2] = zero110[2] + (u64)in[2];
+    tmp[0] = zero110[0] + in[0];
+    tmp[1] = zero110[1] + in[1];
+    /* tmp[0] < 2**110, tmp[1] < 2^111, tmp[2] < 2**65 */
+
+    /*
+     * We perform two partial reductions where we eliminate the high-word of
+     * tmp[3]. We don't update the other words till the end.
+     */
+    a = tmp[3] >> 64;           /* a < 2^46 */
+    tmp[3] = (u64)tmp[3];
+    tmp[3] -= a;
+    tmp[3] += ((limb) a) << 32;
+    /* tmp[3] < 2^79 */
+
+    b = a;
+    a = tmp[3] >> 64;           /* a < 2^15 */
+    b += a;                     /* b < 2^46 + 2^15 < 2^47 */
+    tmp[3] = (u64)tmp[3];
+    tmp[3] -= a;
+    tmp[3] += ((limb) a) << 32;
+    /* tmp[3] < 2^64 + 2^47 */
+
+    /*
+     * This adjusts the other two words to complete the two partial
+     * reductions.
+     */
+    tmp[0] += b;
+    tmp[1] -= (((limb) b) << 32);
+
+    /*
+     * In order to make space in tmp[3] for the carry from 2 -> 3, we
+     * conditionally subtract kPrime if tmp[3] is large enough.
+     */
+    high = (u64)(tmp[3] >> 64);
+    /* As tmp[3] < 2^65, high is either 1 or 0 */
+    high = 0 - high;
+    /*-
+     * high is:
+     *   all ones   if the high word of tmp[3] is 1
+     *   all zeros  if the high word of tmp[3] if 0
+     */
+    low = (u64)tmp[3];
+    mask = 0 - (low >> 63);
+    /*-
+     * mask is:
+     *   all ones   if the MSB of low is 1
+     *   all zeros  if the MSB of low if 0
+     */
+    low &= bottom63bits;
+    low -= kPrime3Test;
+    /* if low was greater than kPrime3Test then the MSB is zero */
+    low = ~low;
+    low = 0 - (low >> 63);
+    /*-
+     * low is:
+     *   all ones   if low was > kPrime3Test
+     *   all zeros  if low was <= kPrime3Test
+     */
+    mask = (mask & low) | high;
+    tmp[0] -= mask & kPrime[0];
+    tmp[1] -= mask & kPrime[1];
+    /* kPrime[2] is zero, so omitted */
+    tmp[3] -= mask & kPrime[3];
+    /* tmp[3] < 2**64 - 2**32 + 1 */
+
+    tmp[1] += ((u64)(tmp[0] >> 64));
+    tmp[0] = (u64)tmp[0];
+    tmp[2] += ((u64)(tmp[1] >> 64));
+    tmp[1] = (u64)tmp[1];
+    tmp[3] += ((u64)(tmp[2] >> 64));
+    tmp[2] = (u64)tmp[2];
+    /* tmp[i] < 2^64 */
+
+    out[0] = tmp[0];
+    out[1] = tmp[1];
+    out[2] = tmp[2];
+    out[3] = tmp[3];
+}
+
+/* smallfelem_expand converts a smallfelem to an felem */
+static void smallfelem_expand(felem out, const smallfelem in)
+{
+    out[0] = in[0];
+    out[1] = in[1];
+    out[2] = in[2];
+    out[3] = in[3];
+}
+
+/*-
+ * smallfelem_square sets |out| = |small|^2
+ * On entry:
+ *   small[i] < 2^64
+ * On exit:
+ *   out[i] < 7 * 2^64 < 2^67
+ */
+static void smallfelem_square(longfelem out, const smallfelem small)
+{
+    limb a;
+    u64 high, low;
+
+    a = ((uint128_t) small[0]) * small[0];
+    low = a;
+    high = a >> 64;
+    out[0] = low;
+    out[1] = high;
+
+    a = ((uint128_t) small[0]) * small[1];
+    low = a;
+    high = a >> 64;
+    out[1] += low;
+    out[1] += low;
+    out[2] = high;
+
+    a = ((uint128_t) small[0]) * small[2];
+    low = a;
+    high = a >> 64;
+    out[2] += low;
+    out[2] *= 2;
+    out[3] = high;
+
+    a = ((uint128_t) small[0]) * small[3];
+    low = a;
+    high = a >> 64;
+    out[3] += low;
+    out[4] = high;
+
+    a = ((uint128_t) small[1]) * small[2];
+    low = a;
+    high = a >> 64;
+    out[3] += low;
+    out[3] *= 2;
+    out[4] += high;
+
+    a = ((uint128_t) small[1]) * small[1];
+    low = a;
+    high = a >> 64;
+    out[2] += low;
+    out[3] += high;
+
+    a = ((uint128_t) small[1]) * small[3];
+    low = a;
+    high = a >> 64;
+    out[4] += low;
+    out[4] *= 2;
+    out[5] = high;
+
+    a = ((uint128_t) small[2]) * small[3];
+    low = a;
+    high = a >> 64;
+    out[5] += low;
+    out[5] *= 2;
+    out[6] = high;
+    out[6] += high;
+
+    a = ((uint128_t) small[2]) * small[2];
+    low = a;
+    high = a >> 64;
+    out[4] += low;
+    out[5] += high;
+
+    a = ((uint128_t) small[3]) * small[3];
+    low = a;
+    high = a >> 64;
+    out[6] += low;
+    out[7] = high;
+}
+
+/*-
+ * felem_square sets |out| = |in|^2
+ * On entry:
+ *   in[i] < 2^109
+ * On exit:
+ *   out[i] < 7 * 2^64 < 2^67
+ */
+static void felem_square(longfelem out, const felem in)
+{
+    u64 small[4];
+    felem_shrink(small, in);
+    smallfelem_square(out, small);
+}
+
+/*-
+ * smallfelem_mul sets |out| = |small1| * |small2|
+ * On entry:
+ *   small1[i] < 2^64
+ *   small2[i] < 2^64
+ * On exit:
+ *   out[i] < 7 * 2^64 < 2^67
+ */
+static void smallfelem_mul(longfelem out, const smallfelem small1,
+                           const smallfelem small2)
+{
+    limb a;
+    u64 high, low;
+
+    a = ((uint128_t) small1[0]) * small2[0];
+    low = a;
+    high = a >> 64;
+    out[0] = low;
+    out[1] = high;
+
+    a = ((uint128_t) small1[0]) * small2[1];
+    low = a;
+    high = a >> 64;
+    out[1] += low;
+    out[2] = high;
+
+    a = ((uint128_t) small1[1]) * small2[0];
+    low = a;
+    high = a >> 64;
+    out[1] += low;
+    out[2] += high;
+
+    a = ((uint128_t) small1[0]) * small2[2];
+    low = a;
+    high = a >> 64;
+    out[2] += low;
+    out[3] = high;
+
+    a = ((uint128_t) small1[1]) * small2[1];
+    low = a;
+    high = a >> 64;
+    out[2] += low;
+    out[3] += high;
+
+    a = ((uint128_t) small1[2]) * small2[0];
+    low = a;
+    high = a >> 64;
+    out[2] += low;
+    out[3] += high;
+
+    a = ((uint128_t) small1[0]) * small2[3];
+    low = a;
+    high = a >> 64;
+    out[3] += low;
+    out[4] = high;
+
+    a = ((uint128_t) small1[1]) * small2[2];
+    low = a;
+    high = a >> 64;
+    out[3] += low;
+    out[4] += high;
+
+    a = ((uint128_t) small1[2]) * small2[1];
+    low = a;
+    high = a >> 64;
+    out[3] += low;
+    out[4] += high;
+
+    a = ((uint128_t) small1[3]) * small2[0];
+    low = a;
+    high = a >> 64;
+    out[3] += low;
+    out[4] += high;
+
+    a = ((uint128_t) small1[1]) * small2[3];
+    low = a;
+    high = a >> 64;
+    out[4] += low;
+    out[5] = high;
+
+    a = ((uint128_t) small1[2]) * small2[2];
+    low = a;
+    high = a >> 64;
+    out[4] += low;
+    out[5] += high;
+
+    a = ((uint128_t) small1[3]) * small2[1];
+    low = a;
+    high = a >> 64;
+    out[4] += low;
+    out[5] += high;
+
+    a = ((uint128_t) small1[2]) * small2[3];
+    low = a;
+    high = a >> 64;
+    out[5] += low;
+    out[6] = high;
+
+    a = ((uint128_t) small1[3]) * small2[2];
+    low = a;
+    high = a >> 64;
+    out[5] += low;
+    out[6] += high;
+
+    a = ((uint128_t) small1[3]) * small2[3];
+    low = a;
+    high = a >> 64;
+    out[6] += low;
+    out[7] = high;
+}
+
+/*-
+ * felem_mul sets |out| = |in1| * |in2|
+ * On entry:
+ *   in1[i] < 2^109
+ *   in2[i] < 2^109
+ * On exit:
+ *   out[i] < 7 * 2^64 < 2^67
+ */
+static void felem_mul(longfelem out, const felem in1, const felem in2)
+{
+    smallfelem small1, small2;
+    felem_shrink(small1, in1);
+    felem_shrink(small2, in2);
+    smallfelem_mul(out, small1, small2);
+}
+
+/*-
+ * felem_small_mul sets |out| = |small1| * |in2|
+ * On entry:
+ *   small1[i] < 2^64
+ *   in2[i] < 2^109
+ * On exit:
+ *   out[i] < 7 * 2^64 < 2^67
+ */
+static void felem_small_mul(longfelem out, const smallfelem small1,
+                            const felem in2)
+{
+    smallfelem small2;
+    felem_shrink(small2, in2);
+    smallfelem_mul(out, small1, small2);
+}
+
+# define two100m36m4 (((limb)1) << 100) - (((limb)1) << 36) - (((limb)1) << 4)
+# define two100 (((limb)1) << 100)
+# define two100m36p4 (((limb)1) << 100) - (((limb)1) << 36) + (((limb)1) << 4)
+/* zero100 is 0 mod p */
+static const felem zero100 =
+    { two100m36m4, two100, two100m36p4, two100m36p4 };
+
+/*-
+ * Internal function for the different flavours of felem_reduce.
+ * felem_reduce_ reduces the higher coefficients in[4]-in[7].
+ * On entry:
+ *   out[0] >= in[6] + 2^32*in[6] + in[7] + 2^32*in[7]
+ *   out[1] >= in[7] + 2^32*in[4]
+ *   out[2] >= in[5] + 2^32*in[5]
+ *   out[3] >= in[4] + 2^32*in[5] + 2^32*in[6]
+ * On exit:
+ *   out[0] <= out[0] + in[4] + 2^32*in[5]
+ *   out[1] <= out[1] + in[5] + 2^33*in[6]
+ *   out[2] <= out[2] + in[7] + 2*in[6] + 2^33*in[7]
+ *   out[3] <= out[3] + 2^32*in[4] + 3*in[7]
+ */
+static void felem_reduce_(felem out, const longfelem in)
+{
+    int128_t c;
+    /* combine common terms from below */
+    c = in[4] + (in[5] << 32);
+    out[0] += c;
+    out[3] -= c;
+
+    c = in[5] - in[7];
+    out[1] += c;
+    out[2] -= c;
+
+    /* the remaining terms */
+    /* 256: [(0,1),(96,-1),(192,-1),(224,1)] */
+    out[1] -= (in[4] << 32);
+    out[3] += (in[4] << 32);
+
+    /* 320: [(32,1),(64,1),(128,-1),(160,-1),(224,-1)] */
+    out[2] -= (in[5] << 32);
+
+    /* 384: [(0,-1),(32,-1),(96,2),(128,2),(224,-1)] */
+    out[0] -= in[6];
+    out[0] -= (in[6] << 32);
+    out[1] += (in[6] << 33);
+    out[2] += (in[6] * 2);
+    out[3] -= (in[6] << 32);
+
+    /* 448: [(0,-1),(32,-1),(64,-1),(128,1),(160,2),(192,3)] */
+    out[0] -= in[7];
+    out[0] -= (in[7] << 32);
+    out[2] += (in[7] << 33);
+    out[3] += (in[7] * 3);
+}
+
+/*-
+ * felem_reduce converts a longfelem into an felem.
+ * To be called directly after felem_square or felem_mul.
+ * On entry:
+ *   in[0] < 2^64, in[1] < 3*2^64, in[2] < 5*2^64, in[3] < 7*2^64
+ *   in[4] < 7*2^64, in[5] < 5*2^64, in[6] < 3*2^64, in[7] < 2*64
+ * On exit:
+ *   out[i] < 2^101
+ */
+static void felem_reduce(felem out, const longfelem in)
+{
+    out[0] = zero100[0] + in[0];
+    out[1] = zero100[1] + in[1];
+    out[2] = zero100[2] + in[2];
+    out[3] = zero100[3] + in[3];
+
+    felem_reduce_(out, in);
+
+    /*-
+     * out[0] > 2^100 - 2^36 - 2^4 - 3*2^64 - 3*2^96 - 2^64 - 2^96 > 0
+     * out[1] > 2^100 - 2^64 - 7*2^96 > 0
+     * out[2] > 2^100 - 2^36 + 2^4 - 5*2^64 - 5*2^96 > 0
+     * out[3] > 2^100 - 2^36 + 2^4 - 7*2^64 - 5*2^96 - 3*2^96 > 0
+     *
+     * out[0] < 2^100 + 2^64 + 7*2^64 + 5*2^96 < 2^101
+     * out[1] < 2^100 + 3*2^64 + 5*2^64 + 3*2^97 < 2^101
+     * out[2] < 2^100 + 5*2^64 + 2^64 + 3*2^65 + 2^97 < 2^101
+     * out[3] < 2^100 + 7*2^64 + 7*2^96 + 3*2^64 < 2^101
+     */
+}
+
+/*-
+ * felem_reduce_zero105 converts a larger longfelem into an felem.
+ * On entry:
+ *   in[0] < 2^71
+ * On exit:
+ *   out[i] < 2^106
+ */
+static void felem_reduce_zero105(felem out, const longfelem in)
+{
+    out[0] = zero105[0] + in[0];
+    out[1] = zero105[1] + in[1];
+    out[2] = zero105[2] + in[2];
+    out[3] = zero105[3] + in[3];
+
+    felem_reduce_(out, in);
+
+    /*-
+     * out[0] > 2^105 - 2^41 - 2^9 - 2^71 - 2^103 - 2^71 - 2^103 > 0
+     * out[1] > 2^105 - 2^71 - 2^103 > 0
+     * out[2] > 2^105 - 2^41 + 2^9 - 2^71 - 2^103 > 0
+     * out[3] > 2^105 - 2^41 + 2^9 - 2^71 - 2^103 - 2^103 > 0
+     *
+     * out[0] < 2^105 + 2^71 + 2^71 + 2^103 < 2^106
+     * out[1] < 2^105 + 2^71 + 2^71 + 2^103 < 2^106
+     * out[2] < 2^105 + 2^71 + 2^71 + 2^71 + 2^103 < 2^106
+     * out[3] < 2^105 + 2^71 + 2^103 + 2^71 < 2^106
+     */
+}
+
+/*
+ * subtract_u64 sets *result = *result - v and *carry to one if the
+ * subtraction underflowed.
+ */
+static void subtract_u64(u64 *result, u64 *carry, u64 v)
+{
+    uint128_t r = *result;
+    r -= v;
+    *carry = (r >> 64) & 1;
+    *result = (u64)r;
+}
+
+/*
+ * felem_contract converts |in| to its unique, minimal representation. On
+ * entry: in[i] < 2^109
+ */
+static void felem_contract(smallfelem out, const felem in)
+{
+    unsigned i;
+    u64 all_equal_so_far = 0, result = 0, carry;
+
+    felem_shrink(out, in);
+    /* small is minimal except that the value might be > p */
+
+    all_equal_so_far--;
+    /*
+     * We are doing a constant time test if out >= kPrime. We need to compare
+     * each u64, from most-significant to least significant. For each one, if
+     * all words so far have been equal (m is all ones) then a non-equal
+     * result is the answer. Otherwise we continue.
+     */
+    for (i = 3; i < 4; i--) {
+        u64 equal;
+        uint128_t a = ((uint128_t) kPrime[i]) - out[i];
+        /*
+         * if out[i] > kPrime[i] then a will underflow and the high 64-bits
+         * will all be set.
+         */
+        result |= all_equal_so_far & ((u64)(a >> 64));
+
+        /*
+         * if kPrime[i] == out[i] then |equal| will be all zeros and the
+         * decrement will make it all ones.
+         */
+        equal = kPrime[i] ^ out[i];
+        equal--;
+        equal &= equal << 32;
+        equal &= equal << 16;
+        equal &= equal << 8;
+        equal &= equal << 4;
+        equal &= equal << 2;
+        equal &= equal << 1;
+        equal = 0 - (equal >> 63);
+
+        all_equal_so_far &= equal;
+    }
+
+    /*
+     * if all_equal_so_far is still all ones then the two values are equal
+     * and so out >= kPrime is true.
+     */
+    result |= all_equal_so_far;
+
+    /* if out >= kPrime then we subtract kPrime. */
+    subtract_u64(&out[0], &carry, result & kPrime[0]);
+    subtract_u64(&out[1], &carry, carry);
+    subtract_u64(&out[2], &carry, carry);
+    subtract_u64(&out[3], &carry, carry);
+
+    subtract_u64(&out[1], &carry, result & kPrime[1]);
+    subtract_u64(&out[2], &carry, carry);
+    subtract_u64(&out[3], &carry, carry);
+
+    subtract_u64(&out[2], &carry, result & kPrime[2]);
+    subtract_u64(&out[3], &carry, carry);
+
+    subtract_u64(&out[3], &carry, result & kPrime[3]);
+}
+
+static void smallfelem_square_contract(smallfelem out, const smallfelem in)
+{
+    longfelem longtmp;
+    felem tmp;
+
+    smallfelem_square(longtmp, in);
+    felem_reduce(tmp, longtmp);
+    felem_contract(out, tmp);
+}
+
+static void smallfelem_mul_contract(smallfelem out, const smallfelem in1,
+                                    const smallfelem in2)
+{
+    longfelem longtmp;
+    felem tmp;
+
+    smallfelem_mul(longtmp, in1, in2);
+    felem_reduce(tmp, longtmp);
+    felem_contract(out, tmp);
+}
+
+/*-
+ * felem_is_zero returns a limb with all bits set if |in| == 0 (mod p) and 0
+ * otherwise.
+ * On entry:
+ *   small[i] < 2^64
+ */
+static limb smallfelem_is_zero(const smallfelem small)
+{
+    limb result;
+    u64 is_p;
+
+    u64 is_zero = small[0] | small[1] | small[2] | small[3];
+    is_zero--;
+    is_zero &= is_zero << 32;
+    is_zero &= is_zero << 16;
+    is_zero &= is_zero << 8;
+    is_zero &= is_zero << 4;
+    is_zero &= is_zero << 2;
+    is_zero &= is_zero << 1;
+    is_zero = 0 - (is_zero >> 63);
+
+    is_p = (small[0] ^ kPrime[0]) |
+        (small[1] ^ kPrime[1]) |
+        (small[2] ^ kPrime[2]) | (small[3] ^ kPrime[3]);
+    is_p--;
+    is_p &= is_p << 32;
+    is_p &= is_p << 16;
+    is_p &= is_p << 8;
+    is_p &= is_p << 4;
+    is_p &= is_p << 2;
+    is_p &= is_p << 1;
+    is_p = 0 - (is_p >> 63);
+
+    is_zero |= is_p;
+
+    result = is_zero;
+    result |= ((limb) is_zero) << 64;
+    return result;
+}
+
+static int smallfelem_is_zero_int(const void *small)
+{
+    return (int)(smallfelem_is_zero(small) & ((limb) 1));
+}
+
+/*-
+ * felem_inv calculates |out| = |in|^{-1}
+ *
+ * Based on Fermat's Little Theorem:
+ *   a^p = a (mod p)
+ *   a^{p-1} = 1 (mod p)
+ *   a^{p-2} = a^{-1} (mod p)
+ */
+static void felem_inv(felem out, const felem in)
+{
+    felem ftmp, ftmp2;
+    /* each e_I will hold |in|^{2^I - 1} */
+    felem e2, e4, e8, e16, e32, e64;
+    longfelem tmp;
+    unsigned i;
+
+    felem_square(tmp, in);
+    felem_reduce(ftmp, tmp);    /* 2^1 */
+    felem_mul(tmp, in, ftmp);
+    felem_reduce(ftmp, tmp);    /* 2^2 - 2^0 */
+    felem_assign(e2, ftmp);
+    felem_square(tmp, ftmp);
+    felem_reduce(ftmp, tmp);    /* 2^3 - 2^1 */
+    felem_square(tmp, ftmp);
+    felem_reduce(ftmp, tmp);    /* 2^4 - 2^2 */
+    felem_mul(tmp, ftmp, e2);
+    felem_reduce(ftmp, tmp);    /* 2^4 - 2^0 */
+    felem_assign(e4, ftmp);
+    felem_square(tmp, ftmp);
+    felem_reduce(ftmp, tmp);    /* 2^5 - 2^1 */
+    felem_square(tmp, ftmp);
+    felem_reduce(ftmp, tmp);    /* 2^6 - 2^2 */
+    felem_square(tmp, ftmp);
+    felem_reduce(ftmp, tmp);    /* 2^7 - 2^3 */
+    felem_square(tmp, ftmp);
+    felem_reduce(ftmp, tmp);    /* 2^8 - 2^4 */
+    felem_mul(tmp, ftmp, e4);
+    felem_reduce(ftmp, tmp);    /* 2^8 - 2^0 */
+    felem_assign(e8, ftmp);
+    for (i = 0; i < 8; i++) {
+        felem_square(tmp, ftmp);
+        felem_reduce(ftmp, tmp);
+    }                           /* 2^16 - 2^8 */
+    felem_mul(tmp, ftmp, e8);
+    felem_reduce(ftmp, tmp);    /* 2^16 - 2^0 */
+    felem_assign(e16, ftmp);
+    for (i = 0; i < 16; i++) {
+        felem_square(tmp, ftmp);
+        felem_reduce(ftmp, tmp);
+    }                           /* 2^32 - 2^16 */
+    felem_mul(tmp, ftmp, e16);
+    felem_reduce(ftmp, tmp);    /* 2^32 - 2^0 */
+    felem_assign(e32, ftmp);
+    for (i = 0; i < 32; i++) {
+        felem_square(tmp, ftmp);
+        felem_reduce(ftmp, tmp);
+    }                           /* 2^64 - 2^32 */
+    felem_assign(e64, ftmp);
+    felem_mul(tmp, ftmp, in);
+    felem_reduce(ftmp, tmp);    /* 2^64 - 2^32 + 2^0 */
+    for (i = 0; i < 192; i++) {
+        felem_square(tmp, ftmp);
+        felem_reduce(ftmp, tmp);
+    }                           /* 2^256 - 2^224 + 2^192 */
+
+    felem_mul(tmp, e64, e32);
+    felem_reduce(ftmp2, tmp);   /* 2^64 - 2^0 */
+    for (i = 0; i < 16; i++) {
+        felem_square(tmp, ftmp2);
+        felem_reduce(ftmp2, tmp);
+    }                           /* 2^80 - 2^16 */
+    felem_mul(tmp, ftmp2, e16);
+    felem_reduce(ftmp2, tmp);   /* 2^80 - 2^0 */
+    for (i = 0; i < 8; i++) {
+        felem_square(tmp, ftmp2);
+        felem_reduce(ftmp2, tmp);
+    }                           /* 2^88 - 2^8 */
+    felem_mul(tmp, ftmp2, e8);
+    felem_reduce(ftmp2, tmp);   /* 2^88 - 2^0 */
+    for (i = 0; i < 4; i++) {
+        felem_square(tmp, ftmp2);
+        felem_reduce(ftmp2, tmp);
+    }                           /* 2^92 - 2^4 */
+    felem_mul(tmp, ftmp2, e4);
+    felem_reduce(ftmp2, tmp);   /* 2^92 - 2^0 */
+    felem_square(tmp, ftmp2);
+    felem_reduce(ftmp2, tmp);   /* 2^93 - 2^1 */
+    felem_square(tmp, ftmp2);
+    felem_reduce(ftmp2, tmp);   /* 2^94 - 2^2 */
+    felem_mul(tmp, ftmp2, e2);
+    felem_reduce(ftmp2, tmp);   /* 2^94 - 2^0 */
+    felem_square(tmp, ftmp2);
+    felem_reduce(ftmp2, tmp);   /* 2^95 - 2^1 */
+    felem_square(tmp, ftmp2);
+    felem_reduce(ftmp2, tmp);   /* 2^96 - 2^2 */
+    felem_mul(tmp, ftmp2, in);
+    felem_reduce(ftmp2, tmp);   /* 2^96 - 3 */
+
+    felem_mul(tmp, ftmp2, ftmp);
+    felem_reduce(out, tmp);     /* 2^256 - 2^224 + 2^192 + 2^96 - 3 */
+}
+
+static void smallfelem_inv_contract(smallfelem out, const smallfelem in)
+{
+    felem tmp;
+
+    smallfelem_expand(tmp, in);
+    felem_inv(tmp, tmp);
+    felem_contract(out, tmp);
+}
+
+/*-
+ * Group operations
+ * ----------------
+ *
+ * Building on top of the field operations we have the operations on the
+ * elliptic curve group itself. Points on the curve are represented in Jacobian
+ * coordinates
+ */
+
+/*-
+ * point_double calculates 2*(x_in, y_in, z_in)
+ *
+ * The method is taken from:
+ *   http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2001-b
+ *
+ * Outputs can equal corresponding inputs, i.e., x_out == x_in is allowed.
+ * while x_out == y_in is not (maybe this works, but it's not tested).
+ */
+static void
+point_double(felem x_out, felem y_out, felem z_out,
+             const felem x_in, const felem y_in, const felem z_in)
+{
+    longfelem tmp, tmp2;
+    felem delta, gamma, beta, alpha, ftmp, ftmp2;
+    smallfelem small1, small2;
+
+    felem_assign(ftmp, x_in);
+    /* ftmp[i] < 2^106 */
+    felem_assign(ftmp2, x_in);
+    /* ftmp2[i] < 2^106 */
+
+    /* delta = z^2 */
+    felem_square(tmp, z_in);
+    felem_reduce(delta, tmp);
+    /* delta[i] < 2^101 */
+
+    /* gamma = y^2 */
+    felem_square(tmp, y_in);
+    felem_reduce(gamma, tmp);
+    /* gamma[i] < 2^101 */
+    felem_shrink(small1, gamma);
+
+    /* beta = x*gamma */
+    felem_small_mul(tmp, small1, x_in);
+    felem_reduce(beta, tmp);
+    /* beta[i] < 2^101 */
+
+    /* alpha = 3*(x-delta)*(x+delta) */
+    felem_diff(ftmp, delta);
+    /* ftmp[i] < 2^105 + 2^106 < 2^107 */
+    felem_sum(ftmp2, delta);
+    /* ftmp2[i] < 2^105 + 2^106 < 2^107 */
+    felem_scalar(ftmp2, 3);
+    /* ftmp2[i] < 3 * 2^107 < 2^109 */
+    felem_mul(tmp, ftmp, ftmp2);
+    felem_reduce(alpha, tmp);
+    /* alpha[i] < 2^101 */
+    felem_shrink(small2, alpha);
+
+    /* x' = alpha^2 - 8*beta */
+    smallfelem_square(tmp, small2);
+    felem_reduce(x_out, tmp);
+    felem_assign(ftmp, beta);
+    felem_scalar(ftmp, 8);
+    /* ftmp[i] < 8 * 2^101 = 2^104 */
+    felem_diff(x_out, ftmp);
+    /* x_out[i] < 2^105 + 2^101 < 2^106 */
+
+    /* z' = (y + z)^2 - gamma - delta */
+    felem_sum(delta, gamma);
+    /* delta[i] < 2^101 + 2^101 = 2^102 */
+    felem_assign(ftmp, y_in);
+    felem_sum(ftmp, z_in);
+    /* ftmp[i] < 2^106 + 2^106 = 2^107 */
+    felem_square(tmp, ftmp);
+    felem_reduce(z_out, tmp);
+    felem_diff(z_out, delta);
+    /* z_out[i] < 2^105 + 2^101 < 2^106 */
+
+    /* y' = alpha*(4*beta - x') - 8*gamma^2 */
+    felem_scalar(beta, 4);
+    /* beta[i] < 4 * 2^101 = 2^103 */
+    felem_diff_zero107(beta, x_out);
+    /* beta[i] < 2^107 + 2^103 < 2^108 */
+    felem_small_mul(tmp, small2, beta);
+    /* tmp[i] < 7 * 2^64 < 2^67 */
+    smallfelem_square(tmp2, small1);
+    /* tmp2[i] < 7 * 2^64 */
+    longfelem_scalar(tmp2, 8);
+    /* tmp2[i] < 8 * 7 * 2^64 = 7 * 2^67 */
+    longfelem_diff(tmp, tmp2);
+    /* tmp[i] < 2^67 + 2^70 + 2^40 < 2^71 */
+    felem_reduce_zero105(y_out, tmp);
+    /* y_out[i] < 2^106 */
+}
+
+/*
+ * point_double_small is the same as point_double, except that it operates on
+ * smallfelems
+ */
+static void
+point_double_small(smallfelem x_out, smallfelem y_out, smallfelem z_out,
+                   const smallfelem x_in, const smallfelem y_in,
+                   const smallfelem z_in)
+{
+    felem felem_x_out, felem_y_out, felem_z_out;
+    felem felem_x_in, felem_y_in, felem_z_in;
+
+    smallfelem_expand(felem_x_in, x_in);
+    smallfelem_expand(felem_y_in, y_in);
+    smallfelem_expand(felem_z_in, z_in);
+    point_double(felem_x_out, felem_y_out, felem_z_out,
+                 felem_x_in, felem_y_in, felem_z_in);
+    felem_shrink(x_out, felem_x_out);
+    felem_shrink(y_out, felem_y_out);
+    felem_shrink(z_out, felem_z_out);
+}
+
+/* copy_conditional copies in to out iff mask is all ones. */
+static void copy_conditional(felem out, const felem in, limb mask)
+{
+    unsigned i;
+    for (i = 0; i < NLIMBS; ++i) {
+        const limb tmp = mask & (in[i] ^ out[i]);
+        out[i] ^= tmp;
+    }
+}
+
+/* copy_small_conditional copies in to out iff mask is all ones. */
+static void copy_small_conditional(felem out, const smallfelem in, limb mask)
+{
+    unsigned i;
+    const u64 mask64 = mask;
+    for (i = 0; i < NLIMBS; ++i) {
+        out[i] = ((limb) (in[i] & mask64)) | (out[i] & ~mask);
+    }
+}
+
+/*-
+ * point_add calculates (x1, y1, z1) + (x2, y2, z2)
+ *
+ * The method is taken from:
+ *   http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-2007-bl,
+ * adapted for mixed addition (z2 = 1, or z2 = 0 for the point at infinity).
+ *
+ * This function includes a branch for checking whether the two input points
+ * are equal, (while not equal to the point at infinity). This case never
+ * happens during single point multiplication, so there is no timing leak for
+ * ECDH or ECDSA signing.
+ */
+static void point_add(felem x3, felem y3, felem z3,
+                      const felem x1, const felem y1, const felem z1,
+                      const int mixed, const smallfelem x2,
+                      const smallfelem y2, const smallfelem z2)
+{
+    felem ftmp, ftmp2, ftmp3, ftmp4, ftmp5, ftmp6, x_out, y_out, z_out;
+    longfelem tmp, tmp2;
+    smallfelem small1, small2, small3, small4, small5;
+    limb x_equal, y_equal, z1_is_zero, z2_is_zero;
+
+    felem_shrink(small3, z1);
+
+    z1_is_zero = smallfelem_is_zero(small3);
+    z2_is_zero = smallfelem_is_zero(z2);
+
+    /* ftmp = z1z1 = z1**2 */
+    smallfelem_square(tmp, small3);
+    felem_reduce(ftmp, tmp);
+    /* ftmp[i] < 2^101 */
+    felem_shrink(small1, ftmp);
+
+    if (!mixed) {
+        /* ftmp2 = z2z2 = z2**2 */
+        smallfelem_square(tmp, z2);
+        felem_reduce(ftmp2, tmp);
+        /* ftmp2[i] < 2^101 */
+        felem_shrink(small2, ftmp2);
+
+        felem_shrink(small5, x1);
+
+        /* u1 = ftmp3 = x1*z2z2 */
+        smallfelem_mul(tmp, small5, small2);
+        felem_reduce(ftmp3, tmp);
+        /* ftmp3[i] < 2^101 */
+
+        /* ftmp5 = z1 + z2 */
+        felem_assign(ftmp5, z1);
+        felem_small_sum(ftmp5, z2);
+        /* ftmp5[i] < 2^107 */
+
+        /* ftmp5 = (z1 + z2)**2 - (z1z1 + z2z2) = 2z1z2 */
+        felem_square(tmp, ftmp5);
+        felem_reduce(ftmp5, tmp);
+        /* ftmp2 = z2z2 + z1z1 */
+        felem_sum(ftmp2, ftmp);
+        /* ftmp2[i] < 2^101 + 2^101 = 2^102 */
+        felem_diff(ftmp5, ftmp2);
+        /* ftmp5[i] < 2^105 + 2^101 < 2^106 */
+
+        /* ftmp2 = z2 * z2z2 */
+        smallfelem_mul(tmp, small2, z2);
+        felem_reduce(ftmp2, tmp);
+
+        /* s1 = ftmp2 = y1 * z2**3 */
+        felem_mul(tmp, y1, ftmp2);
+        felem_reduce(ftmp6, tmp);
+        /* ftmp6[i] < 2^101 */
+    } else {
+        /*
+         * We'll assume z2 = 1 (special case z2 = 0 is handled later)
+         */
+
+        /* u1 = ftmp3 = x1*z2z2 */
+        felem_assign(ftmp3, x1);
+        /* ftmp3[i] < 2^106 */
+
+        /* ftmp5 = 2z1z2 */
+        felem_assign(ftmp5, z1);
+        felem_scalar(ftmp5, 2);
+        /* ftmp5[i] < 2*2^106 = 2^107 */
+
+        /* s1 = ftmp2 = y1 * z2**3 */
+        felem_assign(ftmp6, y1);
+        /* ftmp6[i] < 2^106 */
+    }
+
+    /* u2 = x2*z1z1 */
+    smallfelem_mul(tmp, x2, small1);
+    felem_reduce(ftmp4, tmp);
+
+    /* h = ftmp4 = u2 - u1 */
+    felem_diff_zero107(ftmp4, ftmp3);
+    /* ftmp4[i] < 2^107 + 2^101 < 2^108 */
+    felem_shrink(small4, ftmp4);
+
+    x_equal = smallfelem_is_zero(small4);
+
+    /* z_out = ftmp5 * h */
+    felem_small_mul(tmp, small4, ftmp5);
+    felem_reduce(z_out, tmp);
+    /* z_out[i] < 2^101 */
+
+    /* ftmp = z1 * z1z1 */
+    smallfelem_mul(tmp, small1, small3);
+    felem_reduce(ftmp, tmp);
+
+    /* s2 = tmp = y2 * z1**3 */
+    felem_small_mul(tmp, y2, ftmp);
+    felem_reduce(ftmp5, tmp);
+
+    /* r = ftmp5 = (s2 - s1)*2 */
+    felem_diff_zero107(ftmp5, ftmp6);
+    /* ftmp5[i] < 2^107 + 2^107 = 2^108 */
+    felem_scalar(ftmp5, 2);
+    /* ftmp5[i] < 2^109 */
+    felem_shrink(small1, ftmp5);
+    y_equal = smallfelem_is_zero(small1);
+
+    if (x_equal && y_equal && !z1_is_zero && !z2_is_zero) {
+        point_double(x3, y3, z3, x1, y1, z1);
+        return;
+    }
+
+    /* I = ftmp = (2h)**2 */
+    felem_assign(ftmp, ftmp4);
+    felem_scalar(ftmp, 2);
+    /* ftmp[i] < 2*2^108 = 2^109 */
+    felem_square(tmp, ftmp);
+    felem_reduce(ftmp, tmp);
+
+    /* J = ftmp2 = h * I */
+    felem_mul(tmp, ftmp4, ftmp);
+    felem_reduce(ftmp2, tmp);
+
+    /* V = ftmp4 = U1 * I */
+    felem_mul(tmp, ftmp3, ftmp);
+    felem_reduce(ftmp4, tmp);
+
+    /* x_out = r**2 - J - 2V */
+    smallfelem_square(tmp, small1);
+    felem_reduce(x_out, tmp);
+    felem_assign(ftmp3, ftmp4);
+    felem_scalar(ftmp4, 2);
+    felem_sum(ftmp4, ftmp2);
+    /* ftmp4[i] < 2*2^101 + 2^101 < 2^103 */
+    felem_diff(x_out, ftmp4);
+    /* x_out[i] < 2^105 + 2^101 */
+
+    /* y_out = r(V-x_out) - 2 * s1 * J */
+    felem_diff_zero107(ftmp3, x_out);
+    /* ftmp3[i] < 2^107 + 2^101 < 2^108 */
+    felem_small_mul(tmp, small1, ftmp3);
+    felem_mul(tmp2, ftmp6, ftmp2);
+    longfelem_scalar(tmp2, 2);
+    /* tmp2[i] < 2*2^67 = 2^68 */
+    longfelem_diff(tmp, tmp2);
+    /* tmp[i] < 2^67 + 2^70 + 2^40 < 2^71 */
+    felem_reduce_zero105(y_out, tmp);
+    /* y_out[i] < 2^106 */
+
+    copy_small_conditional(x_out, x2, z1_is_zero);
+    copy_conditional(x_out, x1, z2_is_zero);
+    copy_small_conditional(y_out, y2, z1_is_zero);
+    copy_conditional(y_out, y1, z2_is_zero);
+    copy_small_conditional(z_out, z2, z1_is_zero);
+    copy_conditional(z_out, z1, z2_is_zero);
+    felem_assign(x3, x_out);
+    felem_assign(y3, y_out);
+    felem_assign(z3, z_out);
+}
+
+/*
+ * point_add_small is the same as point_add, except that it operates on
+ * smallfelems
+ */
+static void point_add_small(smallfelem x3, smallfelem y3, smallfelem z3,
+                            smallfelem x1, smallfelem y1, smallfelem z1,
+                            smallfelem x2, smallfelem y2, smallfelem z2)
+{
+    felem felem_x3, felem_y3, felem_z3;
+    felem felem_x1, felem_y1, felem_z1;
+    smallfelem_expand(felem_x1, x1);
+    smallfelem_expand(felem_y1, y1);
+    smallfelem_expand(felem_z1, z1);
+    point_add(felem_x3, felem_y3, felem_z3, felem_x1, felem_y1, felem_z1, 0,
+              x2, y2, z2);
+    felem_shrink(x3, felem_x3);
+    felem_shrink(y3, felem_y3);
+    felem_shrink(z3, felem_z3);
+}
+
+/*-
+ * Base point pre computation
+ * --------------------------
+ *
+ * Two different sorts of precomputed tables are used in the following code.
+ * Each contain various points on the curve, where each point is three field
+ * elements (x, y, z).
+ *
+ * For the base point table, z is usually 1 (0 for the point at infinity).
+ * This table has 2 * 16 elements, starting with the following:
+ * index | bits    | point
+ * ------+---------+------------------------------
+ *     0 | 0 0 0 0 | 0G
+ *     1 | 0 0 0 1 | 1G
+ *     2 | 0 0 1 0 | 2^64G
+ *     3 | 0 0 1 1 | (2^64 + 1)G
+ *     4 | 0 1 0 0 | 2^128G
+ *     5 | 0 1 0 1 | (2^128 + 1)G
+ *     6 | 0 1 1 0 | (2^128 + 2^64)G
+ *     7 | 0 1 1 1 | (2^128 + 2^64 + 1)G
+ *     8 | 1 0 0 0 | 2^192G
+ *     9 | 1 0 0 1 | (2^192 + 1)G
+ *    10 | 1 0 1 0 | (2^192 + 2^64)G
+ *    11 | 1 0 1 1 | (2^192 + 2^64 + 1)G
+ *    12 | 1 1 0 0 | (2^192 + 2^128)G
+ *    13 | 1 1 0 1 | (2^192 + 2^128 + 1)G
+ *    14 | 1 1 1 0 | (2^192 + 2^128 + 2^64)G
+ *    15 | 1 1 1 1 | (2^192 + 2^128 + 2^64 + 1)G
+ * followed by a copy of this with each element multiplied by 2^32.
+ *
+ * The reason for this is so that we can clock bits into four different
+ * locations when doing simple scalar multiplies against the base point,
+ * and then another four locations using the second 16 elements.
+ *
+ * Tables for other points have table[i] = iG for i in 0 .. 16. */
+
+/* gmul is the table of precomputed base points */
+static const smallfelem gmul[2][16][3] = {
+    {{{0, 0, 0, 0},
+      {0, 0, 0, 0},
+      {0, 0, 0, 0}},
+     {{0xf4a13945d898c296, 0x77037d812deb33a0, 0xf8bce6e563a440f2,
+       0x6b17d1f2e12c4247},
+      {0xcbb6406837bf51f5, 0x2bce33576b315ece, 0x8ee7eb4a7c0f9e16,
+       0x4fe342e2fe1a7f9b},
+      {1, 0, 0, 0}},
+     {{0x90e75cb48e14db63, 0x29493baaad651f7e, 0x8492592e326e25de,
+       0x0fa822bc2811aaa5},
+      {0xe41124545f462ee7, 0x34b1a65050fe82f5, 0x6f4ad4bcb3df188b,
+       0xbff44ae8f5dba80d},
+      {1, 0, 0, 0}},
+     {{0x93391ce2097992af, 0xe96c98fd0d35f1fa, 0xb257c0de95e02789,
+       0x300a4bbc89d6726f},
+      {0xaa54a291c08127a0, 0x5bb1eeada9d806a5, 0x7f1ddb25ff1e3c6f,
+       0x72aac7e0d09b4644},
+      {1, 0, 0, 0}},
+     {{0x57c84fc9d789bd85, 0xfc35ff7dc297eac3, 0xfb982fd588c6766e,
+       0x447d739beedb5e67},
+      {0x0c7e33c972e25b32, 0x3d349b95a7fae500, 0xe12e9d953a4aaff7,
+       0x2d4825ab834131ee},
+      {1, 0, 0, 0}},
+     {{0x13949c932a1d367f, 0xef7fbd2b1a0a11b7, 0xddc6068bb91dfc60,
+       0xef9519328a9c72ff},
+      {0x196035a77376d8a8, 0x23183b0895ca1740, 0xc1ee9807022c219c,
+       0x611e9fc37dbb2c9b},
+      {1, 0, 0, 0}},
+     {{0xcae2b1920b57f4bc, 0x2936df5ec6c9bc36, 0x7dea6482e11238bf,
+       0x550663797b51f5d8},
+      {0x44ffe216348a964c, 0x9fb3d576dbdefbe1, 0x0afa40018d9d50e5,
+       0x157164848aecb851},
+      {1, 0, 0, 0}},
+     {{0xe48ecafffc5cde01, 0x7ccd84e70d715f26, 0xa2e8f483f43e4391,
+       0xeb5d7745b21141ea},
+      {0xcac917e2731a3479, 0x85f22cfe2844b645, 0x0990e6a158006cee,
+       0xeafd72ebdbecc17b},
+      {1, 0, 0, 0}},
+     {{0x6cf20ffb313728be, 0x96439591a3c6b94a, 0x2736ff8344315fc5,
+       0xa6d39677a7849276},
+      {0xf2bab833c357f5f4, 0x824a920c2284059b, 0x66b8babd2d27ecdf,
+       0x674f84749b0b8816},
+      {1, 0, 0, 0}},
+     {{0x2df48c04677c8a3e, 0x74e02f080203a56b, 0x31855f7db8c7fedb,
+       0x4e769e7672c9ddad},
+      {0xa4c36165b824bbb0, 0xfb9ae16f3b9122a5, 0x1ec0057206947281,
+       0x42b99082de830663},
+      {1, 0, 0, 0}},
+     {{0x6ef95150dda868b9, 0xd1f89e799c0ce131, 0x7fdc1ca008a1c478,
+       0x78878ef61c6ce04d},
+      {0x9c62b9121fe0d976, 0x6ace570ebde08d4f, 0xde53142c12309def,
+       0xb6cb3f5d7b72c321},
+      {1, 0, 0, 0}},
+     {{0x7f991ed2c31a3573, 0x5b82dd5bd54fb496, 0x595c5220812ffcae,
+       0x0c88bc4d716b1287},
+      {0x3a57bf635f48aca8, 0x7c8181f4df2564f3, 0x18d1b5b39c04e6aa,
+       0xdd5ddea3f3901dc6},
+      {1, 0, 0, 0}},
+     {{0xe96a79fb3e72ad0c, 0x43a0a28c42ba792f, 0xefe0a423083e49f3,
+       0x68f344af6b317466},
+      {0xcdfe17db3fb24d4a, 0x668bfc2271f5c626, 0x604ed93c24d67ff3,
+       0x31b9c405f8540a20},
+      {1, 0, 0, 0}},
+     {{0xd36b4789a2582e7f, 0x0d1a10144ec39c28, 0x663c62c3edbad7a0,
+       0x4052bf4b6f461db9},
+      {0x235a27c3188d25eb, 0xe724f33999bfcc5b, 0x862be6bd71d70cc8,
+       0xfecf4d5190b0fc61},
+      {1, 0, 0, 0}},
+     {{0x74346c10a1d4cfac, 0xafdf5cc08526a7a4, 0x123202a8f62bff7a,
+       0x1eddbae2c802e41a},
+      {0x8fa0af2dd603f844, 0x36e06b7e4c701917, 0x0c45f45273db33a0,
+       0x43104d86560ebcfc},
+      {1, 0, 0, 0}},
+     {{0x9615b5110d1d78e5, 0x66b0de3225c4744b, 0x0a4a46fb6aaf363a,
+       0xb48e26b484f7a21c},
+      {0x06ebb0f621a01b2d, 0xc004e4048b7b0f98, 0x64131bcdfed6f668,
+       0xfac015404d4d3dab},
+      {1, 0, 0, 0}}},
+    {{{0, 0, 0, 0},
+      {0, 0, 0, 0},
+      {0, 0, 0, 0}},
+     {{0x3a5a9e22185a5943, 0x1ab919365c65dfb6, 0x21656b32262c71da,
+       0x7fe36b40af22af89},
+      {0xd50d152c699ca101, 0x74b3d5867b8af212, 0x9f09f40407dca6f1,
+       0xe697d45825b63624},
+      {1, 0, 0, 0}},
+     {{0xa84aa9397512218e, 0xe9a521b074ca0141, 0x57880b3a18a2e902,
+       0x4a5b506612a677a6},
+      {0x0beada7a4c4f3840, 0x626db15419e26d9d, 0xc42604fbe1627d40,
+       0xeb13461ceac089f1},
+      {1, 0, 0, 0}},
+     {{0xf9faed0927a43281, 0x5e52c4144103ecbc, 0xc342967aa815c857,
+       0x0781b8291c6a220a},
+      {0x5a8343ceeac55f80, 0x88f80eeee54a05e3, 0x97b2a14f12916434,
+       0x690cde8df0151593},
+      {1, 0, 0, 0}},
+     {{0xaee9c75df7f82f2a, 0x9e4c35874afdf43a, 0xf5622df437371326,
+       0x8a535f566ec73617},
+      {0xc5f9a0ac223094b7, 0xcde533864c8c7669, 0x37e02819085a92bf,
+       0x0455c08468b08bd7},
+      {1, 0, 0, 0}},
+     {{0x0c0a6e2c9477b5d9, 0xf9a4bf62876dc444, 0x5050a949b6cdc279,
+       0x06bada7ab77f8276},
+      {0xc8b4aed1ea48dac9, 0xdebd8a4b7ea1070f, 0x427d49101366eb70,
+       0x5b476dfd0e6cb18a},
+      {1, 0, 0, 0}},
+     {{0x7c5c3e44278c340a, 0x4d54606812d66f3b, 0x29a751b1ae23c5d8,
+       0x3e29864e8a2ec908},
+      {0x142d2a6626dbb850, 0xad1744c4765bd780, 0x1f150e68e322d1ed,
+       0x239b90ea3dc31e7e},
+      {1, 0, 0, 0}},
+     {{0x78c416527a53322a, 0x305dde6709776f8e, 0xdbcab759f8862ed4,
+       0x820f4dd949f72ff7},
+      {0x6cc544a62b5debd4, 0x75be5d937b4e8cc4, 0x1b481b1b215c14d3,
+       0x140406ec783a05ec},
+      {1, 0, 0, 0}},
+     {{0x6a703f10e895df07, 0xfd75f3fa01876bd8, 0xeb5b06e70ce08ffe,
+       0x68f6b8542783dfee},
+      {0x90c76f8a78712655, 0xcf5293d2f310bf7f, 0xfbc8044dfda45028,
+       0xcbe1feba92e40ce6},
+      {1, 0, 0, 0}},
+     {{0xe998ceea4396e4c1, 0xfc82ef0b6acea274, 0x230f729f2250e927,
+       0xd0b2f94d2f420109},
+      {0x4305adddb38d4966, 0x10b838f8624c3b45, 0x7db2636658954e7a,
+       0x971459828b0719e5},
+      {1, 0, 0, 0}},
+     {{0x4bd6b72623369fc9, 0x57f2929e53d0b876, 0xc2d5cba4f2340687,
+       0x961610004a866aba},
+      {0x49997bcd2e407a5e, 0x69ab197d92ddcb24, 0x2cf1f2438fe5131c,
+       0x7acb9fadcee75e44},
+      {1, 0, 0, 0}},
+     {{0x254e839423d2d4c0, 0xf57f0c917aea685b, 0xa60d880f6f75aaea,
+       0x24eb9acca333bf5b},
+      {0xe3de4ccb1cda5dea, 0xfeef9341c51a6b4f, 0x743125f88bac4c4d,
+       0x69f891c5acd079cc},
+      {1, 0, 0, 0}},
+     {{0xeee44b35702476b5, 0x7ed031a0e45c2258, 0xb422d1e7bd6f8514,
+       0xe51f547c5972a107},
+      {0xa25bcd6fc9cf343d, 0x8ca922ee097c184e, 0xa62f98b3a9fe9a06,
+       0x1c309a2b25bb1387},
+      {1, 0, 0, 0}},
+     {{0x9295dbeb1967c459, 0xb00148833472c98e, 0xc504977708011828,
+       0x20b87b8aa2c4e503},
+      {0x3063175de057c277, 0x1bd539338fe582dd, 0x0d11adef5f69a044,
+       0xf5c6fa49919776be},
+      {1, 0, 0, 0}},
+     {{0x8c944e760fd59e11, 0x3876cba1102fad5f, 0xa454c3fad83faa56,
+       0x1ed7d1b9332010b9},
+      {0xa1011a270024b889, 0x05e4d0dcac0cd344, 0x52b520f0eb6a2a24,
+       0x3a2b03f03217257a},
+      {1, 0, 0, 0}},
+     {{0xf20fc2afdf1d043d, 0xf330240db58d5a62, 0xfc7d229ca0058c3b,
+       0x15fee545c78dd9f6},
+      {0x501e82885bc98cda, 0x41ef80e5d046ac04, 0x557d9f49461210fb,
+       0x4ab5b6b2b8753f81},
+      {1, 0, 0, 0}}}
+};
+
+/*
+ * select_point selects the |idx|th point from a precomputation table and
+ * copies it to out.
+ */
+static void select_point(const u64 idx, unsigned int size,
+                         const smallfelem pre_comp[16][3], smallfelem out[3])
+{
+    unsigned i, j;
+    u64 *outlimbs = &out[0][0];
+
+    memset(out, 0, sizeof(*out) * 3);
+
+    for (i = 0; i < size; i++) {
+        const u64 *inlimbs = (u64 *)&pre_comp[i][0][0];
+        u64 mask = i ^ idx;
+        mask |= mask >> 4;
+        mask |= mask >> 2;
+        mask |= mask >> 1;
+        mask &= 1;
+        mask--;
+        for (j = 0; j < NLIMBS * 3; j++)
+            outlimbs[j] |= inlimbs[j] & mask;
+    }
+}
+
+/* get_bit returns the |i|th bit in |in| */
+static char get_bit(const felem_bytearray in, int i)
+{
+    if ((i < 0) || (i >= 256))
+        return 0;
+    return (in[i >> 3] >> (i & 7)) & 1;
+}
+
+/*
+ * Interleaved point multiplication using precomputed point multiples: The
+ * small point multiples 0*P, 1*P, ..., 17*P are in pre_comp[], the scalars
+ * in scalars[]. If g_scalar is non-NULL, we also add this multiple of the
+ * generator, using certain (large) precomputed multiples in g_pre_comp.
+ * Output point (X, Y, Z) is stored in x_out, y_out, z_out
+ */
+static void batch_mul(felem x_out, felem y_out, felem z_out,
+                      const felem_bytearray scalars[],
+                      const unsigned num_points, const u8 *g_scalar,
+                      const int mixed, const smallfelem pre_comp[][17][3],
+                      const smallfelem g_pre_comp[2][16][3])
+{
+    int i, skip;
+    unsigned num, gen_mul = (g_scalar != NULL);
+    felem nq[3], ftmp;
+    smallfelem tmp[3];
+    u64 bits;
+    u8 sign, digit;
+
+    /* set nq to the point at infinity */
+    memset(nq, 0, sizeof(nq));
+
+    /*
+     * Loop over all scalars msb-to-lsb, interleaving additions of multiples
+     * of the generator (two in each of the last 32 rounds) and additions of
+     * other points multiples (every 5th round).
+     */
+    skip = 1;                   /* save two point operations in the first
+                                 * round */
+    for (i = (num_points ? 255 : 31); i >= 0; --i) {
+        /* double */
+        if (!skip)
+            point_double(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2]);
+
+        /* add multiples of the generator */
+        if (gen_mul && (i <= 31)) {
+            /* first, look 32 bits upwards */
+            bits = get_bit(g_scalar, i + 224) << 3;
+            bits |= get_bit(g_scalar, i + 160) << 2;
+            bits |= get_bit(g_scalar, i + 96) << 1;
+            bits |= get_bit(g_scalar, i + 32);
+            /* select the point to add, in constant time */
+            select_point(bits, 16, g_pre_comp[1], tmp);
+
+            if (!skip) {
+                /* Arg 1 below is for "mixed" */
+                point_add(nq[0], nq[1], nq[2],
+                          nq[0], nq[1], nq[2], 1, tmp[0], tmp[1], tmp[2]);
+            } else {
+                smallfelem_expand(nq[0], tmp[0]);
+                smallfelem_expand(nq[1], tmp[1]);
+                smallfelem_expand(nq[2], tmp[2]);
+                skip = 0;
+            }
+
+            /* second, look at the current position */
+            bits = get_bit(g_scalar, i + 192) << 3;
+            bits |= get_bit(g_scalar, i + 128) << 2;
+            bits |= get_bit(g_scalar, i + 64) << 1;
+            bits |= get_bit(g_scalar, i);
+            /* select the point to add, in constant time */
+            select_point(bits, 16, g_pre_comp[0], tmp);
+            /* Arg 1 below is for "mixed" */
+            point_add(nq[0], nq[1], nq[2],
+                      nq[0], nq[1], nq[2], 1, tmp[0], tmp[1], tmp[2]);
+        }
+
+        /* do other additions every 5 doublings */
+        if (num_points && (i % 5 == 0)) {
+            /* loop over all scalars */
+            for (num = 0; num < num_points; ++num) {
+                bits = get_bit(scalars[num], i + 4) << 5;
+                bits |= get_bit(scalars[num], i + 3) << 4;
+                bits |= get_bit(scalars[num], i + 2) << 3;
+                bits |= get_bit(scalars[num], i + 1) << 2;
+                bits |= get_bit(scalars[num], i) << 1;
+                bits |= get_bit(scalars[num], i - 1);
+                ec_GFp_nistp_recode_scalar_bits(&sign, &digit, bits);
+
+                /*
+                 * select the point to add or subtract, in constant time
+                 */
+                select_point(digit, 17, pre_comp[num], tmp);
+                smallfelem_neg(ftmp, tmp[1]); /* (X, -Y, Z) is the negative
+                                               * point */
+                copy_small_conditional(ftmp, tmp[1], (((limb) sign) - 1));
+                felem_contract(tmp[1], ftmp);
+
+                if (!skip) {
+                    point_add(nq[0], nq[1], nq[2],
+                              nq[0], nq[1], nq[2],
+                              mixed, tmp[0], tmp[1], tmp[2]);
+                } else {
+                    smallfelem_expand(nq[0], tmp[0]);
+                    smallfelem_expand(nq[1], tmp[1]);
+                    smallfelem_expand(nq[2], tmp[2]);
+                    skip = 0;
+                }
+            }
+        }
+    }
+    felem_assign(x_out, nq[0]);
+    felem_assign(y_out, nq[1]);
+    felem_assign(z_out, nq[2]);
+}
+
+/* Precomputation for the group generator. */
+struct nistp256_pre_comp_st {
+    smallfelem g_pre_comp[2][16][3];
+    CRYPTO_REF_COUNT references;
+    CRYPTO_RWLOCK *lock;
+};
+
+const EC_METHOD *EC_GFp_nistp256_method(void)
+{
+    static const EC_METHOD ret = {
+        EC_FLAGS_DEFAULT_OCT,
+        NID_X9_62_prime_field,
+        ec_GFp_nistp256_group_init,
+        ec_GFp_simple_group_finish,
+        ec_GFp_simple_group_clear_finish,
+        ec_GFp_nist_group_copy,
+        ec_GFp_nistp256_group_set_curve,
+        ec_GFp_simple_group_get_curve,
+        ec_GFp_simple_group_get_degree,
+        ec_group_simple_order_bits,
+        ec_GFp_simple_group_check_discriminant,
+        ec_GFp_simple_point_init,
+        ec_GFp_simple_point_finish,
+        ec_GFp_simple_point_clear_finish,
+        ec_GFp_simple_point_copy,
+        ec_GFp_simple_point_set_to_infinity,
+        ec_GFp_simple_set_Jprojective_coordinates_GFp,
+        ec_GFp_simple_get_Jprojective_coordinates_GFp,
+        ec_GFp_simple_point_set_affine_coordinates,
+        ec_GFp_nistp256_point_get_affine_coordinates,
+        0 /* point_set_compressed_coordinates */ ,
+        0 /* point2oct */ ,
+        0 /* oct2point */ ,
+        ec_GFp_simple_add,
+        ec_GFp_simple_dbl,
+        ec_GFp_simple_invert,
+        ec_GFp_simple_is_at_infinity,
+        ec_GFp_simple_is_on_curve,
+        ec_GFp_simple_cmp,
+        ec_GFp_simple_make_affine,
+        ec_GFp_simple_points_make_affine,
+        ec_GFp_nistp256_points_mul,
+        ec_GFp_nistp256_precompute_mult,
+        ec_GFp_nistp256_have_precompute_mult,
+        ec_GFp_nist_field_mul,
+        ec_GFp_nist_field_sqr,
+        0 /* field_div */ ,
+        ec_GFp_simple_field_inv,
+        0 /* field_encode */ ,
+        0 /* field_decode */ ,
+        0,                      /* field_set_to_one */
+        ec_key_simple_priv2oct,
+        ec_key_simple_oct2priv,
+        0, /* set private */
+        ec_key_simple_generate_key,
+        ec_key_simple_check_key,
+        ec_key_simple_generate_public_key,
+        0, /* keycopy */
+        0, /* keyfinish */
+        ecdh_simple_compute_key,
+        0, /* field_inverse_mod_ord */
+        0, /* blind_coordinates */
+        0, /* ladder_pre */
+        0, /* ladder_step */
+        0  /* ladder_post */
+    };
+
+    return &ret;
+}
+
+/******************************************************************************/
+/*
+ * FUNCTIONS TO MANAGE PRECOMPUTATION
+ */
+
+static NISTP256_PRE_COMP *nistp256_pre_comp_new(void)
+{
+    NISTP256_PRE_COMP *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        ECerr(EC_F_NISTP256_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
+        return ret;
+    }
+
+    ret->references = 1;
+
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        ECerr(EC_F_NISTP256_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+NISTP256_PRE_COMP *EC_nistp256_pre_comp_dup(NISTP256_PRE_COMP *p)
+{
+    int i;
+    if (p != NULL)
+        CRYPTO_UP_REF(&p->references, &i, p->lock);
+    return p;
+}
+
+void EC_nistp256_pre_comp_free(NISTP256_PRE_COMP *pre)
+{
+    int i;
+
+    if (pre == NULL)
+        return;
+
+    CRYPTO_DOWN_REF(&pre->references, &i, pre->lock);
+    REF_PRINT_COUNT("EC_nistp256", x);
+    if (i > 0)
+        return;
+    REF_ASSERT_ISNT(i < 0);
+
+    CRYPTO_THREAD_lock_free(pre->lock);
+    OPENSSL_free(pre);
+}
+
+/******************************************************************************/
+/*
+ * OPENSSL EC_METHOD FUNCTIONS
+ */
+
+int ec_GFp_nistp256_group_init(EC_GROUP *group)
+{
+    int ret;
+    ret = ec_GFp_simple_group_init(group);
+    group->a_is_minus3 = 1;
+    return ret;
+}
+
+int ec_GFp_nistp256_group_set_curve(EC_GROUP *group, const BIGNUM *p,
+                                    const BIGNUM *a, const BIGNUM *b,
+                                    BN_CTX *ctx)
+{
+    int ret = 0;
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *curve_p, *curve_a, *curve_b;
+
+    if (ctx == NULL)
+        if ((ctx = new_ctx = BN_CTX_new()) == NULL)
+            return 0;
+    BN_CTX_start(ctx);
+    curve_p = BN_CTX_get(ctx);
+    curve_a = BN_CTX_get(ctx);
+    curve_b = BN_CTX_get(ctx);
+    if (curve_b == NULL)
+        goto err;
+    BN_bin2bn(nistp256_curve_params[0], sizeof(felem_bytearray), curve_p);
+    BN_bin2bn(nistp256_curve_params[1], sizeof(felem_bytearray), curve_a);
+    BN_bin2bn(nistp256_curve_params[2], sizeof(felem_bytearray), curve_b);
+    if ((BN_cmp(curve_p, p)) || (BN_cmp(curve_a, a)) || (BN_cmp(curve_b, b))) {
+        ECerr(EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE,
+              EC_R_WRONG_CURVE_PARAMETERS);
+        goto err;
+    }
+    group->field_mod_func = BN_nist_mod_256;
+    ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+/*
+ * Takes the Jacobian coordinates (X, Y, Z) of a point and returns (X', Y') =
+ * (X/Z^2, Y/Z^3)
+ */
+int ec_GFp_nistp256_point_get_affine_coordinates(const EC_GROUP *group,
+                                                 const EC_POINT *point,
+                                                 BIGNUM *x, BIGNUM *y,
+                                                 BN_CTX *ctx)
+{
+    felem z1, z2, x_in, y_in;
+    smallfelem x_out, y_out;
+    longfelem tmp;
+
+    if (EC_POINT_is_at_infinity(group, point)) {
+        ECerr(EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES,
+              EC_R_POINT_AT_INFINITY);
+        return 0;
+    }
+    if ((!BN_to_felem(x_in, point->X)) || (!BN_to_felem(y_in, point->Y)) ||
+        (!BN_to_felem(z1, point->Z)))
+        return 0;
+    felem_inv(z2, z1);
+    felem_square(tmp, z2);
+    felem_reduce(z1, tmp);
+    felem_mul(tmp, x_in, z1);
+    felem_reduce(x_in, tmp);
+    felem_contract(x_out, x_in);
+    if (x != NULL) {
+        if (!smallfelem_to_BN(x, x_out)) {
+            ECerr(EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES,
+                  ERR_R_BN_LIB);
+            return 0;
+        }
+    }
+    felem_mul(tmp, z1, z2);
+    felem_reduce(z1, tmp);
+    felem_mul(tmp, y_in, z1);
+    felem_reduce(y_in, tmp);
+    felem_contract(y_out, y_in);
+    if (y != NULL) {
+        if (!smallfelem_to_BN(y, y_out)) {
+            ECerr(EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES,
+                  ERR_R_BN_LIB);
+            return 0;
+        }
+    }
+    return 1;
+}
+
+/* points below is of size |num|, and tmp_smallfelems is of size |num+1| */
+static void make_points_affine(size_t num, smallfelem points[][3],
+                               smallfelem tmp_smallfelems[])
+{
+    /*
+     * Runs in constant time, unless an input is the point at infinity (which
+     * normally shouldn't happen).
+     */
+    ec_GFp_nistp_points_make_affine_internal(num,
+                                             points,
+                                             sizeof(smallfelem),
+                                             tmp_smallfelems,
+                                             (void (*)(void *))smallfelem_one,
+                                             smallfelem_is_zero_int,
+                                             (void (*)(void *, const void *))
+                                             smallfelem_assign,
+                                             (void (*)(void *, const void *))
+                                             smallfelem_square_contract,
+                                             (void (*)
+                                              (void *, const void *,
+                                               const void *))
+                                             smallfelem_mul_contract,
+                                             (void (*)(void *, const void *))
+                                             smallfelem_inv_contract,
+                                             /* nothing to contract */
+                                             (void (*)(void *, const void *))
+                                             smallfelem_assign);
+}
+
+/*
+ * Computes scalar*generator + \sum scalars[i]*points[i], ignoring NULL
+ * values Result is stored in r (r can equal one of the inputs).
+ */
+int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r,
+                               const BIGNUM *scalar, size_t num,
+                               const EC_POINT *points[],
+                               const BIGNUM *scalars[], BN_CTX *ctx)
+{
+    int ret = 0;
+    int j;
+    int mixed = 0;
+    BIGNUM *x, *y, *z, *tmp_scalar;
+    felem_bytearray g_secret;
+    felem_bytearray *secrets = NULL;
+    smallfelem (*pre_comp)[17][3] = NULL;
+    smallfelem *tmp_smallfelems = NULL;
+    felem_bytearray tmp;
+    unsigned i, num_bytes;
+    int have_pre_comp = 0;
+    size_t num_points = num;
+    smallfelem x_in, y_in, z_in;
+    felem x_out, y_out, z_out;
+    NISTP256_PRE_COMP *pre = NULL;
+    const smallfelem(*g_pre_comp)[16][3] = NULL;
+    EC_POINT *generator = NULL;
+    const EC_POINT *p = NULL;
+    const BIGNUM *p_scalar = NULL;
+
+    BN_CTX_start(ctx);
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    z = BN_CTX_get(ctx);
+    tmp_scalar = BN_CTX_get(ctx);
+    if (tmp_scalar == NULL)
+        goto err;
+
+    if (scalar != NULL) {
+        pre = group->pre_comp.nistp256;
+        if (pre)
+            /* we have precomputation, try to use it */
+            g_pre_comp = (const smallfelem(*)[16][3])pre->g_pre_comp;
+        else
+            /* try to use the standard precomputation */
+            g_pre_comp = &gmul[0];
+        generator = EC_POINT_new(group);
+        if (generator == NULL)
+            goto err;
+        /* get the generator from precomputation */
+        if (!smallfelem_to_BN(x, g_pre_comp[0][1][0]) ||
+            !smallfelem_to_BN(y, g_pre_comp[0][1][1]) ||
+            !smallfelem_to_BN(z, g_pre_comp[0][1][2])) {
+            ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB);
+            goto err;
+        }
+        if (!EC_POINT_set_Jprojective_coordinates_GFp(group,
+                                                      generator, x, y, z,
+                                                      ctx))
+            goto err;
+        if (0 == EC_POINT_cmp(group, generator, group->generator, ctx))
+            /* precomputation matches generator */
+            have_pre_comp = 1;
+        else
+            /*
+             * we don't have valid precomputation: treat the generator as a
+             * random point
+             */
+            num_points++;
+    }
+    if (num_points > 0) {
+        if (num_points >= 3) {
+            /*
+             * unless we precompute multiples for just one or two points,
+             * converting those into affine form is time well spent
+             */
+            mixed = 1;
+        }
+        secrets = OPENSSL_malloc(sizeof(*secrets) * num_points);
+        pre_comp = OPENSSL_malloc(sizeof(*pre_comp) * num_points);
+        if (mixed)
+            tmp_smallfelems =
+              OPENSSL_malloc(sizeof(*tmp_smallfelems) * (num_points * 17 + 1));
+        if ((secrets == NULL) || (pre_comp == NULL)
+            || (mixed && (tmp_smallfelems == NULL))) {
+            ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        /*
+         * we treat NULL scalars as 0, and NULL points as points at infinity,
+         * i.e., they contribute nothing to the linear combination
+         */
+        memset(secrets, 0, sizeof(*secrets) * num_points);
+        memset(pre_comp, 0, sizeof(*pre_comp) * num_points);
+        for (i = 0; i < num_points; ++i) {
+            if (i == num)
+                /*
+                 * we didn't have a valid precomputation, so we pick the
+                 * generator
+                 */
+            {
+                p = EC_GROUP_get0_generator(group);
+                p_scalar = scalar;
+            } else
+                /* the i^th point */
+            {
+                p = points[i];
+                p_scalar = scalars[i];
+            }
+            if ((p_scalar != NULL) && (p != NULL)) {
+                /* reduce scalar to 0 <= scalar < 2^256 */
+                if ((BN_num_bits(p_scalar) > 256)
+                    || (BN_is_negative(p_scalar))) {
+                    /*
+                     * this is an unusual input, and we don't guarantee
+                     * constant-timeness
+                     */
+                    if (!BN_nnmod(tmp_scalar, p_scalar, group->order, ctx)) {
+                        ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB);
+                        goto err;
+                    }
+                    num_bytes = BN_bn2bin(tmp_scalar, tmp);
+                } else
+                    num_bytes = BN_bn2bin(p_scalar, tmp);
+                flip_endian(secrets[i], tmp, num_bytes);
+                /* precompute multiples */
+                if ((!BN_to_felem(x_out, p->X)) ||
+                    (!BN_to_felem(y_out, p->Y)) ||
+                    (!BN_to_felem(z_out, p->Z)))
+                    goto err;
+                felem_shrink(pre_comp[i][1][0], x_out);
+                felem_shrink(pre_comp[i][1][1], y_out);
+                felem_shrink(pre_comp[i][1][2], z_out);
+                for (j = 2; j <= 16; ++j) {
+                    if (j & 1) {
+                        point_add_small(pre_comp[i][j][0], pre_comp[i][j][1],
+                                        pre_comp[i][j][2], pre_comp[i][1][0],
+                                        pre_comp[i][1][1], pre_comp[i][1][2],
+                                        pre_comp[i][j - 1][0],
+                                        pre_comp[i][j - 1][1],
+                                        pre_comp[i][j - 1][2]);
+                    } else {
+                        point_double_small(pre_comp[i][j][0],
+                                           pre_comp[i][j][1],
+                                           pre_comp[i][j][2],
+                                           pre_comp[i][j / 2][0],
+                                           pre_comp[i][j / 2][1],
+                                           pre_comp[i][j / 2][2]);
+                    }
+                }
+            }
+        }
+        if (mixed)
+            make_points_affine(num_points * 17, pre_comp[0], tmp_smallfelems);
+    }
+
+    /* the scalar for the generator */
+    if ((scalar != NULL) && (have_pre_comp)) {
+        memset(g_secret, 0, sizeof(g_secret));
+        /* reduce scalar to 0 <= scalar < 2^256 */
+        if ((BN_num_bits(scalar) > 256) || (BN_is_negative(scalar))) {
+            /*
+             * this is an unusual input, and we don't guarantee
+             * constant-timeness
+             */
+            if (!BN_nnmod(tmp_scalar, scalar, group->order, ctx)) {
+                ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB);
+                goto err;
+            }
+            num_bytes = BN_bn2bin(tmp_scalar, tmp);
+        } else
+            num_bytes = BN_bn2bin(scalar, tmp);
+        flip_endian(g_secret, tmp, num_bytes);
+        /* do the multiplication with generator precomputation */
+        batch_mul(x_out, y_out, z_out,
+                  (const felem_bytearray(*))secrets, num_points,
+                  g_secret,
+                  mixed, (const smallfelem(*)[17][3])pre_comp, g_pre_comp);
+    } else
+        /* do the multiplication without generator precomputation */
+        batch_mul(x_out, y_out, z_out,
+                  (const felem_bytearray(*))secrets, num_points,
+                  NULL, mixed, (const smallfelem(*)[17][3])pre_comp, NULL);
+    /* reduce the output to its unique minimal representation */
+    felem_contract(x_in, x_out);
+    felem_contract(y_in, y_out);
+    felem_contract(z_in, z_out);
+    if ((!smallfelem_to_BN(x, x_in)) || (!smallfelem_to_BN(y, y_in)) ||
+        (!smallfelem_to_BN(z, z_in))) {
+        ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB);
+        goto err;
+    }
+    ret = EC_POINT_set_Jprojective_coordinates_GFp(group, r, x, y, z, ctx);
+
+ err:
+    BN_CTX_end(ctx);
+    EC_POINT_free(generator);
+    OPENSSL_free(secrets);
+    OPENSSL_free(pre_comp);
+    OPENSSL_free(tmp_smallfelems);
+    return ret;
+}
+
+int ec_GFp_nistp256_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
+{
+    int ret = 0;
+    NISTP256_PRE_COMP *pre = NULL;
+    int i, j;
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *x, *y;
+    EC_POINT *generator = NULL;
+    smallfelem tmp_smallfelems[32];
+    felem x_tmp, y_tmp, z_tmp;
+
+    /* throw away old precomputation */
+    EC_pre_comp_free(group);
+    if (ctx == NULL)
+        if ((ctx = new_ctx = BN_CTX_new()) == NULL)
+            return 0;
+    BN_CTX_start(ctx);
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    if (y == NULL)
+        goto err;
+    /* get the generator */
+    if (group->generator == NULL)
+        goto err;
+    generator = EC_POINT_new(group);
+    if (generator == NULL)
+        goto err;
+    BN_bin2bn(nistp256_curve_params[3], sizeof(felem_bytearray), x);
+    BN_bin2bn(nistp256_curve_params[4], sizeof(felem_bytearray), y);
+    if (!EC_POINT_set_affine_coordinates(group, generator, x, y, ctx))
+        goto err;
+    if ((pre = nistp256_pre_comp_new()) == NULL)
+        goto err;
+    /*
+     * if the generator is the standard one, use built-in precomputation
+     */
+    if (0 == EC_POINT_cmp(group, generator, group->generator, ctx)) {
+        memcpy(pre->g_pre_comp, gmul, sizeof(pre->g_pre_comp));
+        goto done;
+    }
+    if ((!BN_to_felem(x_tmp, group->generator->X)) ||
+        (!BN_to_felem(y_tmp, group->generator->Y)) ||
+        (!BN_to_felem(z_tmp, group->generator->Z)))
+        goto err;
+    felem_shrink(pre->g_pre_comp[0][1][0], x_tmp);
+    felem_shrink(pre->g_pre_comp[0][1][1], y_tmp);
+    felem_shrink(pre->g_pre_comp[0][1][2], z_tmp);
+    /*
+     * compute 2^64*G, 2^128*G, 2^192*G for the first table, 2^32*G, 2^96*G,
+     * 2^160*G, 2^224*G for the second one
+     */
+    for (i = 1; i <= 8; i <<= 1) {
+        point_double_small(pre->g_pre_comp[1][i][0], pre->g_pre_comp[1][i][1],
+                           pre->g_pre_comp[1][i][2], pre->g_pre_comp[0][i][0],
+                           pre->g_pre_comp[0][i][1],
+                           pre->g_pre_comp[0][i][2]);
+        for (j = 0; j < 31; ++j) {
+            point_double_small(pre->g_pre_comp[1][i][0],
+                               pre->g_pre_comp[1][i][1],
+                               pre->g_pre_comp[1][i][2],
+                               pre->g_pre_comp[1][i][0],
+                               pre->g_pre_comp[1][i][1],
+                               pre->g_pre_comp[1][i][2]);
+        }
+        if (i == 8)
+            break;
+        point_double_small(pre->g_pre_comp[0][2 * i][0],
+                           pre->g_pre_comp[0][2 * i][1],
+                           pre->g_pre_comp[0][2 * i][2],
+                           pre->g_pre_comp[1][i][0], pre->g_pre_comp[1][i][1],
+                           pre->g_pre_comp[1][i][2]);
+        for (j = 0; j < 31; ++j) {
+            point_double_small(pre->g_pre_comp[0][2 * i][0],
+                               pre->g_pre_comp[0][2 * i][1],
+                               pre->g_pre_comp[0][2 * i][2],
+                               pre->g_pre_comp[0][2 * i][0],
+                               pre->g_pre_comp[0][2 * i][1],
+                               pre->g_pre_comp[0][2 * i][2]);
+        }
+    }
+    for (i = 0; i < 2; i++) {
+        /* g_pre_comp[i][0] is the point at infinity */
+        memset(pre->g_pre_comp[i][0], 0, sizeof(pre->g_pre_comp[i][0]));
+        /* the remaining multiples */
+        /* 2^64*G + 2^128*G resp. 2^96*G + 2^160*G */
+        point_add_small(pre->g_pre_comp[i][6][0], pre->g_pre_comp[i][6][1],
+                        pre->g_pre_comp[i][6][2], pre->g_pre_comp[i][4][0],
+                        pre->g_pre_comp[i][4][1], pre->g_pre_comp[i][4][2],
+                        pre->g_pre_comp[i][2][0], pre->g_pre_comp[i][2][1],
+                        pre->g_pre_comp[i][2][2]);
+        /* 2^64*G + 2^192*G resp. 2^96*G + 2^224*G */
+        point_add_small(pre->g_pre_comp[i][10][0], pre->g_pre_comp[i][10][1],
+                        pre->g_pre_comp[i][10][2], pre->g_pre_comp[i][8][0],
+                        pre->g_pre_comp[i][8][1], pre->g_pre_comp[i][8][2],
+                        pre->g_pre_comp[i][2][0], pre->g_pre_comp[i][2][1],
+                        pre->g_pre_comp[i][2][2]);
+        /* 2^128*G + 2^192*G resp. 2^160*G + 2^224*G */
+        point_add_small(pre->g_pre_comp[i][12][0], pre->g_pre_comp[i][12][1],
+                        pre->g_pre_comp[i][12][2], pre->g_pre_comp[i][8][0],
+                        pre->g_pre_comp[i][8][1], pre->g_pre_comp[i][8][2],
+                        pre->g_pre_comp[i][4][0], pre->g_pre_comp[i][4][1],
+                        pre->g_pre_comp[i][4][2]);
+        /*
+         * 2^64*G + 2^128*G + 2^192*G resp. 2^96*G + 2^160*G + 2^224*G
+         */
+        point_add_small(pre->g_pre_comp[i][14][0], pre->g_pre_comp[i][14][1],
+                        pre->g_pre_comp[i][14][2], pre->g_pre_comp[i][12][0],
+                        pre->g_pre_comp[i][12][1], pre->g_pre_comp[i][12][2],
+                        pre->g_pre_comp[i][2][0], pre->g_pre_comp[i][2][1],
+                        pre->g_pre_comp[i][2][2]);
+        for (j = 1; j < 8; ++j) {
+            /* odd multiples: add G resp. 2^32*G */
+            point_add_small(pre->g_pre_comp[i][2 * j + 1][0],
+                            pre->g_pre_comp[i][2 * j + 1][1],
+                            pre->g_pre_comp[i][2 * j + 1][2],
+                            pre->g_pre_comp[i][2 * j][0],
+                            pre->g_pre_comp[i][2 * j][1],
+                            pre->g_pre_comp[i][2 * j][2],
+                            pre->g_pre_comp[i][1][0],
+                            pre->g_pre_comp[i][1][1],
+                            pre->g_pre_comp[i][1][2]);
+        }
+    }
+    make_points_affine(31, &(pre->g_pre_comp[0][1]), tmp_smallfelems);
+
+ done:
+    SETPRECOMP(group, nistp256, pre);
+    pre = NULL;
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    EC_POINT_free(generator);
+    BN_CTX_free(new_ctx);
+    EC_nistp256_pre_comp_free(pre);
+    return ret;
+}
+
+int ec_GFp_nistp256_have_precompute_mult(const EC_GROUP *group)
+{
+    return HAVEPRECOMP(group, nistp256);
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_nistp521.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_nistp521.c
new file mode 100644
index 000000000..2f47772a3
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_nistp521.c
@@ -0,0 +1,2159 @@
+/*
+ * Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Copyright 2011 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ *
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/*
+ * A 64-bit implementation of the NIST P-521 elliptic curve point multiplication
+ *
+ * OpenSSL integration was taken from Emilia Kasper's work in ecp_nistp224.c.
+ * Otherwise based on Emilia's P224 work, which was inspired by my curve25519
+ * work which got its smarts from Daniel J. Bernstein's work on the same.
+ */
+
+#include <openssl/e_os2.h>
+#ifdef OPENSSL_NO_EC_NISTP_64_GCC_128
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <string.h>
+# include <openssl/err.h>
+# include "ec_lcl.h"
+
+# if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16
+  /* even with gcc, the typedef won't work for 32-bit platforms */
+typedef __uint128_t uint128_t;  /* nonstandard; implemented by gcc on 64-bit
+                                 * platforms */
+# else
+#  error "Your compiler doesn't appear to support 128-bit integer types"
+# endif
+
+typedef uint8_t u8;
+typedef uint64_t u64;
+
+/*
+ * The underlying field. P521 operates over GF(2^521-1). We can serialise an
+ * element of this field into 66 bytes where the most significant byte
+ * contains only a single bit. We call this an felem_bytearray.
+ */
+
+typedef u8 felem_bytearray[66];
+
+/*
+ * These are the parameters of P521, taken from FIPS 186-3, section D.1.2.5.
+ * These values are big-endian.
+ */
+static const felem_bytearray nistp521_curve_params[5] = {
+    {0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, /* p */
+     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+     0xff, 0xff},
+    {0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, /* a = -3 */
+     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+     0xff, 0xfc},
+    {0x00, 0x51, 0x95, 0x3e, 0xb9, 0x61, 0x8e, 0x1c, /* b */
+     0x9a, 0x1f, 0x92, 0x9a, 0x21, 0xa0, 0xb6, 0x85,
+     0x40, 0xee, 0xa2, 0xda, 0x72, 0x5b, 0x99, 0xb3,
+     0x15, 0xf3, 0xb8, 0xb4, 0x89, 0x91, 0x8e, 0xf1,
+     0x09, 0xe1, 0x56, 0x19, 0x39, 0x51, 0xec, 0x7e,
+     0x93, 0x7b, 0x16, 0x52, 0xc0, 0xbd, 0x3b, 0xb1,
+     0xbf, 0x07, 0x35, 0x73, 0xdf, 0x88, 0x3d, 0x2c,
+     0x34, 0xf1, 0xef, 0x45, 0x1f, 0xd4, 0x6b, 0x50,
+     0x3f, 0x00},
+    {0x00, 0xc6, 0x85, 0x8e, 0x06, 0xb7, 0x04, 0x04, /* x */
+     0xe9, 0xcd, 0x9e, 0x3e, 0xcb, 0x66, 0x23, 0x95,
+     0xb4, 0x42, 0x9c, 0x64, 0x81, 0x39, 0x05, 0x3f,
+     0xb5, 0x21, 0xf8, 0x28, 0xaf, 0x60, 0x6b, 0x4d,
+     0x3d, 0xba, 0xa1, 0x4b, 0x5e, 0x77, 0xef, 0xe7,
+     0x59, 0x28, 0xfe, 0x1d, 0xc1, 0x27, 0xa2, 0xff,
+     0xa8, 0xde, 0x33, 0x48, 0xb3, 0xc1, 0x85, 0x6a,
+     0x42, 0x9b, 0xf9, 0x7e, 0x7e, 0x31, 0xc2, 0xe5,
+     0xbd, 0x66},
+    {0x01, 0x18, 0x39, 0x29, 0x6a, 0x78, 0x9a, 0x3b, /* y */
+     0xc0, 0x04, 0x5c, 0x8a, 0x5f, 0xb4, 0x2c, 0x7d,
+     0x1b, 0xd9, 0x98, 0xf5, 0x44, 0x49, 0x57, 0x9b,
+     0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17, 0x27, 0x3e,
+     0x66, 0x2c, 0x97, 0xee, 0x72, 0x99, 0x5e, 0xf4,
+     0x26, 0x40, 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad,
+     0x07, 0x61, 0x35, 0x3c, 0x70, 0x86, 0xa2, 0x72,
+     0xc2, 0x40, 0x88, 0xbe, 0x94, 0x76, 0x9f, 0xd1,
+     0x66, 0x50}
+};
+
+/*-
+ * The representation of field elements.
+ * ------------------------------------
+ *
+ * We represent field elements with nine values. These values are either 64 or
+ * 128 bits and the field element represented is:
+ *   v[0]*2^0 + v[1]*2^58 + v[2]*2^116 + ... + v[8]*2^464  (mod p)
+ * Each of the nine values is called a 'limb'. Since the limbs are spaced only
+ * 58 bits apart, but are greater than 58 bits in length, the most significant
+ * bits of each limb overlap with the least significant bits of the next.
+ *
+ * A field element with 64-bit limbs is an 'felem'. One with 128-bit limbs is a
+ * 'largefelem' */
+
+# define NLIMBS 9
+
+typedef uint64_t limb;
+typedef limb felem[NLIMBS];
+typedef uint128_t largefelem[NLIMBS];
+
+static const limb bottom57bits = 0x1ffffffffffffff;
+static const limb bottom58bits = 0x3ffffffffffffff;
+
+/*
+ * bin66_to_felem takes a little-endian byte array and converts it into felem
+ * form. This assumes that the CPU is little-endian.
+ */
+static void bin66_to_felem(felem out, const u8 in[66])
+{
+    out[0] = (*((limb *) & in[0])) & bottom58bits;
+    out[1] = (*((limb *) & in[7]) >> 2) & bottom58bits;
+    out[2] = (*((limb *) & in[14]) >> 4) & bottom58bits;
+    out[3] = (*((limb *) & in[21]) >> 6) & bottom58bits;
+    out[4] = (*((limb *) & in[29])) & bottom58bits;
+    out[5] = (*((limb *) & in[36]) >> 2) & bottom58bits;
+    out[6] = (*((limb *) & in[43]) >> 4) & bottom58bits;
+    out[7] = (*((limb *) & in[50]) >> 6) & bottom58bits;
+    out[8] = (*((limb *) & in[58])) & bottom57bits;
+}
+
+/*
+ * felem_to_bin66 takes an felem and serialises into a little endian, 66 byte
+ * array. This assumes that the CPU is little-endian.
+ */
+static void felem_to_bin66(u8 out[66], const felem in)
+{
+    memset(out, 0, 66);
+    (*((limb *) & out[0])) = in[0];
+    (*((limb *) & out[7])) |= in[1] << 2;
+    (*((limb *) & out[14])) |= in[2] << 4;
+    (*((limb *) & out[21])) |= in[3] << 6;
+    (*((limb *) & out[29])) = in[4];
+    (*((limb *) & out[36])) |= in[5] << 2;
+    (*((limb *) & out[43])) |= in[6] << 4;
+    (*((limb *) & out[50])) |= in[7] << 6;
+    (*((limb *) & out[58])) = in[8];
+}
+
+/* To preserve endianness when using BN_bn2bin and BN_bin2bn */
+static void flip_endian(u8 *out, const u8 *in, unsigned len)
+{
+    unsigned i;
+    for (i = 0; i < len; ++i)
+        out[i] = in[len - 1 - i];
+}
+
+/* BN_to_felem converts an OpenSSL BIGNUM into an felem */
+static int BN_to_felem(felem out, const BIGNUM *bn)
+{
+    felem_bytearray b_in;
+    felem_bytearray b_out;
+    unsigned num_bytes;
+
+    /* BN_bn2bin eats leading zeroes */
+    memset(b_out, 0, sizeof(b_out));
+    num_bytes = BN_num_bytes(bn);
+    if (num_bytes > sizeof(b_out)) {
+        ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE);
+        return 0;
+    }
+    if (BN_is_negative(bn)) {
+        ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE);
+        return 0;
+    }
+    num_bytes = BN_bn2bin(bn, b_in);
+    flip_endian(b_out, b_in, num_bytes);
+    bin66_to_felem(out, b_out);
+    return 1;
+}
+
+/* felem_to_BN converts an felem into an OpenSSL BIGNUM */
+static BIGNUM *felem_to_BN(BIGNUM *out, const felem in)
+{
+    felem_bytearray b_in, b_out;
+    felem_to_bin66(b_in, in);
+    flip_endian(b_out, b_in, sizeof(b_out));
+    return BN_bin2bn(b_out, sizeof(b_out), out);
+}
+
+/*-
+ * Field operations
+ * ----------------
+ */
+
+static void felem_one(felem out)
+{
+    out[0] = 1;
+    out[1] = 0;
+    out[2] = 0;
+    out[3] = 0;
+    out[4] = 0;
+    out[5] = 0;
+    out[6] = 0;
+    out[7] = 0;
+    out[8] = 0;
+}
+
+static void felem_assign(felem out, const felem in)
+{
+    out[0] = in[0];
+    out[1] = in[1];
+    out[2] = in[2];
+    out[3] = in[3];
+    out[4] = in[4];
+    out[5] = in[5];
+    out[6] = in[6];
+    out[7] = in[7];
+    out[8] = in[8];
+}
+
+/* felem_sum64 sets out = out + in. */
+static void felem_sum64(felem out, const felem in)
+{
+    out[0] += in[0];
+    out[1] += in[1];
+    out[2] += in[2];
+    out[3] += in[3];
+    out[4] += in[4];
+    out[5] += in[5];
+    out[6] += in[6];
+    out[7] += in[7];
+    out[8] += in[8];
+}
+
+/* felem_scalar sets out = in * scalar */
+static void felem_scalar(felem out, const felem in, limb scalar)
+{
+    out[0] = in[0] * scalar;
+    out[1] = in[1] * scalar;
+    out[2] = in[2] * scalar;
+    out[3] = in[3] * scalar;
+    out[4] = in[4] * scalar;
+    out[5] = in[5] * scalar;
+    out[6] = in[6] * scalar;
+    out[7] = in[7] * scalar;
+    out[8] = in[8] * scalar;
+}
+
+/* felem_scalar64 sets out = out * scalar */
+static void felem_scalar64(felem out, limb scalar)
+{
+    out[0] *= scalar;
+    out[1] *= scalar;
+    out[2] *= scalar;
+    out[3] *= scalar;
+    out[4] *= scalar;
+    out[5] *= scalar;
+    out[6] *= scalar;
+    out[7] *= scalar;
+    out[8] *= scalar;
+}
+
+/* felem_scalar128 sets out = out * scalar */
+static void felem_scalar128(largefelem out, limb scalar)
+{
+    out[0] *= scalar;
+    out[1] *= scalar;
+    out[2] *= scalar;
+    out[3] *= scalar;
+    out[4] *= scalar;
+    out[5] *= scalar;
+    out[6] *= scalar;
+    out[7] *= scalar;
+    out[8] *= scalar;
+}
+
+/*-
+ * felem_neg sets |out| to |-in|
+ * On entry:
+ *   in[i] < 2^59 + 2^14
+ * On exit:
+ *   out[i] < 2^62
+ */
+static void felem_neg(felem out, const felem in)
+{
+    /* In order to prevent underflow, we subtract from 0 mod p. */
+    static const limb two62m3 = (((limb) 1) << 62) - (((limb) 1) << 5);
+    static const limb two62m2 = (((limb) 1) << 62) - (((limb) 1) << 4);
+
+    out[0] = two62m3 - in[0];
+    out[1] = two62m2 - in[1];
+    out[2] = two62m2 - in[2];
+    out[3] = two62m2 - in[3];
+    out[4] = two62m2 - in[4];
+    out[5] = two62m2 - in[5];
+    out[6] = two62m2 - in[6];
+    out[7] = two62m2 - in[7];
+    out[8] = two62m2 - in[8];
+}
+
+/*-
+ * felem_diff64 subtracts |in| from |out|
+ * On entry:
+ *   in[i] < 2^59 + 2^14
+ * On exit:
+ *   out[i] < out[i] + 2^62
+ */
+static void felem_diff64(felem out, const felem in)
+{
+    /*
+     * In order to prevent underflow, we add 0 mod p before subtracting.
+     */
+    static const limb two62m3 = (((limb) 1) << 62) - (((limb) 1) << 5);
+    static const limb two62m2 = (((limb) 1) << 62) - (((limb) 1) << 4);
+
+    out[0] += two62m3 - in[0];
+    out[1] += two62m2 - in[1];
+    out[2] += two62m2 - in[2];
+    out[3] += two62m2 - in[3];
+    out[4] += two62m2 - in[4];
+    out[5] += two62m2 - in[5];
+    out[6] += two62m2 - in[6];
+    out[7] += two62m2 - in[7];
+    out[8] += two62m2 - in[8];
+}
+
+/*-
+ * felem_diff_128_64 subtracts |in| from |out|
+ * On entry:
+ *   in[i] < 2^62 + 2^17
+ * On exit:
+ *   out[i] < out[i] + 2^63
+ */
+static void felem_diff_128_64(largefelem out, const felem in)
+{
+    /*
+     * In order to prevent underflow, we add 0 mod p before subtracting.
+     */
+    static const limb two63m6 = (((limb) 1) << 62) - (((limb) 1) << 5);
+    static const limb two63m5 = (((limb) 1) << 62) - (((limb) 1) << 4);
+
+    out[0] += two63m6 - in[0];
+    out[1] += two63m5 - in[1];
+    out[2] += two63m5 - in[2];
+    out[3] += two63m5 - in[3];
+    out[4] += two63m5 - in[4];
+    out[5] += two63m5 - in[5];
+    out[6] += two63m5 - in[6];
+    out[7] += two63m5 - in[7];
+    out[8] += two63m5 - in[8];
+}
+
+/*-
+ * felem_diff_128_64 subtracts |in| from |out|
+ * On entry:
+ *   in[i] < 2^126
+ * On exit:
+ *   out[i] < out[i] + 2^127 - 2^69
+ */
+static void felem_diff128(largefelem out, const largefelem in)
+{
+    /*
+     * In order to prevent underflow, we add 0 mod p before subtracting.
+     */
+    static const uint128_t two127m70 =
+        (((uint128_t) 1) << 127) - (((uint128_t) 1) << 70);
+    static const uint128_t two127m69 =
+        (((uint128_t) 1) << 127) - (((uint128_t) 1) << 69);
+
+    out[0] += (two127m70 - in[0]);
+    out[1] += (two127m69 - in[1]);
+    out[2] += (two127m69 - in[2]);
+    out[3] += (two127m69 - in[3]);
+    out[4] += (two127m69 - in[4]);
+    out[5] += (two127m69 - in[5]);
+    out[6] += (two127m69 - in[6]);
+    out[7] += (two127m69 - in[7]);
+    out[8] += (two127m69 - in[8]);
+}
+
+/*-
+ * felem_square sets |out| = |in|^2
+ * On entry:
+ *   in[i] < 2^62
+ * On exit:
+ *   out[i] < 17 * max(in[i]) * max(in[i])
+ */
+static void felem_square(largefelem out, const felem in)
+{
+    felem inx2, inx4;
+    felem_scalar(inx2, in, 2);
+    felem_scalar(inx4, in, 4);
+
+    /*-
+     * We have many cases were we want to do
+     *   in[x] * in[y] +
+     *   in[y] * in[x]
+     * This is obviously just
+     *   2 * in[x] * in[y]
+     * However, rather than do the doubling on the 128 bit result, we
+     * double one of the inputs to the multiplication by reading from
+     * |inx2|
+     */
+
+    out[0] = ((uint128_t) in[0]) * in[0];
+    out[1] = ((uint128_t) in[0]) * inx2[1];
+    out[2] = ((uint128_t) in[0]) * inx2[2] + ((uint128_t) in[1]) * in[1];
+    out[3] = ((uint128_t) in[0]) * inx2[3] + ((uint128_t) in[1]) * inx2[2];
+    out[4] = ((uint128_t) in[0]) * inx2[4] +
+             ((uint128_t) in[1]) * inx2[3] + ((uint128_t) in[2]) * in[2];
+    out[5] = ((uint128_t) in[0]) * inx2[5] +
+             ((uint128_t) in[1]) * inx2[4] + ((uint128_t) in[2]) * inx2[3];
+    out[6] = ((uint128_t) in[0]) * inx2[6] +
+             ((uint128_t) in[1]) * inx2[5] +
+             ((uint128_t) in[2]) * inx2[4] + ((uint128_t) in[3]) * in[3];
+    out[7] = ((uint128_t) in[0]) * inx2[7] +
+             ((uint128_t) in[1]) * inx2[6] +
+             ((uint128_t) in[2]) * inx2[5] + ((uint128_t) in[3]) * inx2[4];
+    out[8] = ((uint128_t) in[0]) * inx2[8] +
+             ((uint128_t) in[1]) * inx2[7] +
+             ((uint128_t) in[2]) * inx2[6] +
+             ((uint128_t) in[3]) * inx2[5] + ((uint128_t) in[4]) * in[4];
+
+    /*
+     * The remaining limbs fall above 2^521, with the first falling at 2^522.
+     * They correspond to locations one bit up from the limbs produced above
+     * so we would have to multiply by two to align them. Again, rather than
+     * operate on the 128-bit result, we double one of the inputs to the
+     * multiplication. If we want to double for both this reason, and the
+     * reason above, then we end up multiplying by four.
+     */
+
+    /* 9 */
+    out[0] += ((uint128_t) in[1]) * inx4[8] +
+              ((uint128_t) in[2]) * inx4[7] +
+              ((uint128_t) in[3]) * inx4[6] + ((uint128_t) in[4]) * inx4[5];
+
+    /* 10 */
+    out[1] += ((uint128_t) in[2]) * inx4[8] +
+              ((uint128_t) in[3]) * inx4[7] +
+              ((uint128_t) in[4]) * inx4[6] + ((uint128_t) in[5]) * inx2[5];
+
+    /* 11 */
+    out[2] += ((uint128_t) in[3]) * inx4[8] +
+              ((uint128_t) in[4]) * inx4[7] + ((uint128_t) in[5]) * inx4[6];
+
+    /* 12 */
+    out[3] += ((uint128_t) in[4]) * inx4[8] +
+              ((uint128_t) in[5]) * inx4[7] + ((uint128_t) in[6]) * inx2[6];
+
+    /* 13 */
+    out[4] += ((uint128_t) in[5]) * inx4[8] + ((uint128_t) in[6]) * inx4[7];
+
+    /* 14 */
+    out[5] += ((uint128_t) in[6]) * inx4[8] + ((uint128_t) in[7]) * inx2[7];
+
+    /* 15 */
+    out[6] += ((uint128_t) in[7]) * inx4[8];
+
+    /* 16 */
+    out[7] += ((uint128_t) in[8]) * inx2[8];
+}
+
+/*-
+ * felem_mul sets |out| = |in1| * |in2|
+ * On entry:
+ *   in1[i] < 2^64
+ *   in2[i] < 2^63
+ * On exit:
+ *   out[i] < 17 * max(in1[i]) * max(in2[i])
+ */
+static void felem_mul(largefelem out, const felem in1, const felem in2)
+{
+    felem in2x2;
+    felem_scalar(in2x2, in2, 2);
+
+    out[0] = ((uint128_t) in1[0]) * in2[0];
+
+    out[1] = ((uint128_t) in1[0]) * in2[1] +
+             ((uint128_t) in1[1]) * in2[0];
+
+    out[2] = ((uint128_t) in1[0]) * in2[2] +
+             ((uint128_t) in1[1]) * in2[1] +
+             ((uint128_t) in1[2]) * in2[0];
+
+    out[3] = ((uint128_t) in1[0]) * in2[3] +
+             ((uint128_t) in1[1]) * in2[2] +
+             ((uint128_t) in1[2]) * in2[1] +
+             ((uint128_t) in1[3]) * in2[0];
+
+    out[4] = ((uint128_t) in1[0]) * in2[4] +
+             ((uint128_t) in1[1]) * in2[3] +
+             ((uint128_t) in1[2]) * in2[2] +
+             ((uint128_t) in1[3]) * in2[1] +
+             ((uint128_t) in1[4]) * in2[0];
+
+    out[5] = ((uint128_t) in1[0]) * in2[5] +
+             ((uint128_t) in1[1]) * in2[4] +
+             ((uint128_t) in1[2]) * in2[3] +
+             ((uint128_t) in1[3]) * in2[2] +
+             ((uint128_t) in1[4]) * in2[1] +
+             ((uint128_t) in1[5]) * in2[0];
+
+    out[6] = ((uint128_t) in1[0]) * in2[6] +
+             ((uint128_t) in1[1]) * in2[5] +
+             ((uint128_t) in1[2]) * in2[4] +
+             ((uint128_t) in1[3]) * in2[3] +
+             ((uint128_t) in1[4]) * in2[2] +
+             ((uint128_t) in1[5]) * in2[1] +
+             ((uint128_t) in1[6]) * in2[0];
+
+    out[7] = ((uint128_t) in1[0]) * in2[7] +
+             ((uint128_t) in1[1]) * in2[6] +
+             ((uint128_t) in1[2]) * in2[5] +
+             ((uint128_t) in1[3]) * in2[4] +
+             ((uint128_t) in1[4]) * in2[3] +
+             ((uint128_t) in1[5]) * in2[2] +
+             ((uint128_t) in1[6]) * in2[1] +
+             ((uint128_t) in1[7]) * in2[0];
+
+    out[8] = ((uint128_t) in1[0]) * in2[8] +
+             ((uint128_t) in1[1]) * in2[7] +
+             ((uint128_t) in1[2]) * in2[6] +
+             ((uint128_t) in1[3]) * in2[5] +
+             ((uint128_t) in1[4]) * in2[4] +
+             ((uint128_t) in1[5]) * in2[3] +
+             ((uint128_t) in1[6]) * in2[2] +
+             ((uint128_t) in1[7]) * in2[1] +
+             ((uint128_t) in1[8]) * in2[0];
+
+    /* See comment in felem_square about the use of in2x2 here */
+
+    out[0] += ((uint128_t) in1[1]) * in2x2[8] +
+              ((uint128_t) in1[2]) * in2x2[7] +
+              ((uint128_t) in1[3]) * in2x2[6] +
+              ((uint128_t) in1[4]) * in2x2[5] +
+              ((uint128_t) in1[5]) * in2x2[4] +
+              ((uint128_t) in1[6]) * in2x2[3] +
+              ((uint128_t) in1[7]) * in2x2[2] +
+              ((uint128_t) in1[8]) * in2x2[1];
+
+    out[1] += ((uint128_t) in1[2]) * in2x2[8] +
+              ((uint128_t) in1[3]) * in2x2[7] +
+              ((uint128_t) in1[4]) * in2x2[6] +
+              ((uint128_t) in1[5]) * in2x2[5] +
+              ((uint128_t) in1[6]) * in2x2[4] +
+              ((uint128_t) in1[7]) * in2x2[3] +
+              ((uint128_t) in1[8]) * in2x2[2];
+
+    out[2] += ((uint128_t) in1[3]) * in2x2[8] +
+              ((uint128_t) in1[4]) * in2x2[7] +
+              ((uint128_t) in1[5]) * in2x2[6] +
+              ((uint128_t) in1[6]) * in2x2[5] +
+              ((uint128_t) in1[7]) * in2x2[4] +
+              ((uint128_t) in1[8]) * in2x2[3];
+
+    out[3] += ((uint128_t) in1[4]) * in2x2[8] +
+              ((uint128_t) in1[5]) * in2x2[7] +
+              ((uint128_t) in1[6]) * in2x2[6] +
+              ((uint128_t) in1[7]) * in2x2[5] +
+              ((uint128_t) in1[8]) * in2x2[4];
+
+    out[4] += ((uint128_t) in1[5]) * in2x2[8] +
+              ((uint128_t) in1[6]) * in2x2[7] +
+              ((uint128_t) in1[7]) * in2x2[6] +
+              ((uint128_t) in1[8]) * in2x2[5];
+
+    out[5] += ((uint128_t) in1[6]) * in2x2[8] +
+              ((uint128_t) in1[7]) * in2x2[7] +
+              ((uint128_t) in1[8]) * in2x2[6];
+
+    out[6] += ((uint128_t) in1[7]) * in2x2[8] +
+              ((uint128_t) in1[8]) * in2x2[7];
+
+    out[7] += ((uint128_t) in1[8]) * in2x2[8];
+}
+
+static const limb bottom52bits = 0xfffffffffffff;
+
+/*-
+ * felem_reduce converts a largefelem to an felem.
+ * On entry:
+ *   in[i] < 2^128
+ * On exit:
+ *   out[i] < 2^59 + 2^14
+ */
+static void felem_reduce(felem out, const largefelem in)
+{
+    u64 overflow1, overflow2;
+
+    out[0] = ((limb) in[0]) & bottom58bits;
+    out[1] = ((limb) in[1]) & bottom58bits;
+    out[2] = ((limb) in[2]) & bottom58bits;
+    out[3] = ((limb) in[3]) & bottom58bits;
+    out[4] = ((limb) in[4]) & bottom58bits;
+    out[5] = ((limb) in[5]) & bottom58bits;
+    out[6] = ((limb) in[6]) & bottom58bits;
+    out[7] = ((limb) in[7]) & bottom58bits;
+    out[8] = ((limb) in[8]) & bottom58bits;
+
+    /* out[i] < 2^58 */
+
+    out[1] += ((limb) in[0]) >> 58;
+    out[1] += (((limb) (in[0] >> 64)) & bottom52bits) << 6;
+    /*-
+     * out[1] < 2^58 + 2^6 + 2^58
+     *        = 2^59 + 2^6
+     */
+    out[2] += ((limb) (in[0] >> 64)) >> 52;
+
+    out[2] += ((limb) in[1]) >> 58;
+    out[2] += (((limb) (in[1] >> 64)) & bottom52bits) << 6;
+    out[3] += ((limb) (in[1] >> 64)) >> 52;
+
+    out[3] += ((limb) in[2]) >> 58;
+    out[3] += (((limb) (in[2] >> 64)) & bottom52bits) << 6;
+    out[4] += ((limb) (in[2] >> 64)) >> 52;
+
+    out[4] += ((limb) in[3]) >> 58;
+    out[4] += (((limb) (in[3] >> 64)) & bottom52bits) << 6;
+    out[5] += ((limb) (in[3] >> 64)) >> 52;
+
+    out[5] += ((limb) in[4]) >> 58;
+    out[5] += (((limb) (in[4] >> 64)) & bottom52bits) << 6;
+    out[6] += ((limb) (in[4] >> 64)) >> 52;
+
+    out[6] += ((limb) in[5]) >> 58;
+    out[6] += (((limb) (in[5] >> 64)) & bottom52bits) << 6;
+    out[7] += ((limb) (in[5] >> 64)) >> 52;
+
+    out[7] += ((limb) in[6]) >> 58;
+    out[7] += (((limb) (in[6] >> 64)) & bottom52bits) << 6;
+    out[8] += ((limb) (in[6] >> 64)) >> 52;
+
+    out[8] += ((limb) in[7]) >> 58;
+    out[8] += (((limb) (in[7] >> 64)) & bottom52bits) << 6;
+    /*-
+     * out[x > 1] < 2^58 + 2^6 + 2^58 + 2^12
+     *            < 2^59 + 2^13
+     */
+    overflow1 = ((limb) (in[7] >> 64)) >> 52;
+
+    overflow1 += ((limb) in[8]) >> 58;
+    overflow1 += (((limb) (in[8] >> 64)) & bottom52bits) << 6;
+    overflow2 = ((limb) (in[8] >> 64)) >> 52;
+
+    overflow1 <<= 1;            /* overflow1 < 2^13 + 2^7 + 2^59 */
+    overflow2 <<= 1;            /* overflow2 < 2^13 */
+
+    out[0] += overflow1;        /* out[0] < 2^60 */
+    out[1] += overflow2;        /* out[1] < 2^59 + 2^6 + 2^13 */
+
+    out[1] += out[0] >> 58;
+    out[0] &= bottom58bits;
+    /*-
+     * out[0] < 2^58
+     * out[1] < 2^59 + 2^6 + 2^13 + 2^2
+     *        < 2^59 + 2^14
+     */
+}
+
+static void felem_square_reduce(felem out, const felem in)
+{
+    largefelem tmp;
+    felem_square(tmp, in);
+    felem_reduce(out, tmp);
+}
+
+static void felem_mul_reduce(felem out, const felem in1, const felem in2)
+{
+    largefelem tmp;
+    felem_mul(tmp, in1, in2);
+    felem_reduce(out, tmp);
+}
+
+/*-
+ * felem_inv calculates |out| = |in|^{-1}
+ *
+ * Based on Fermat's Little Theorem:
+ *   a^p = a (mod p)
+ *   a^{p-1} = 1 (mod p)
+ *   a^{p-2} = a^{-1} (mod p)
+ */
+static void felem_inv(felem out, const felem in)
+{
+    felem ftmp, ftmp2, ftmp3, ftmp4;
+    largefelem tmp;
+    unsigned i;
+
+    felem_square(tmp, in);
+    felem_reduce(ftmp, tmp);    /* 2^1 */
+    felem_mul(tmp, in, ftmp);
+    felem_reduce(ftmp, tmp);    /* 2^2 - 2^0 */
+    felem_assign(ftmp2, ftmp);
+    felem_square(tmp, ftmp);
+    felem_reduce(ftmp, tmp);    /* 2^3 - 2^1 */
+    felem_mul(tmp, in, ftmp);
+    felem_reduce(ftmp, tmp);    /* 2^3 - 2^0 */
+    felem_square(tmp, ftmp);
+    felem_reduce(ftmp, tmp);    /* 2^4 - 2^1 */
+
+    felem_square(tmp, ftmp2);
+    felem_reduce(ftmp3, tmp);   /* 2^3 - 2^1 */
+    felem_square(tmp, ftmp3);
+    felem_reduce(ftmp3, tmp);   /* 2^4 - 2^2 */
+    felem_mul(tmp, ftmp3, ftmp2);
+    felem_reduce(ftmp3, tmp);   /* 2^4 - 2^0 */
+
+    felem_assign(ftmp2, ftmp3);
+    felem_square(tmp, ftmp3);
+    felem_reduce(ftmp3, tmp);   /* 2^5 - 2^1 */
+    felem_square(tmp, ftmp3);
+    felem_reduce(ftmp3, tmp);   /* 2^6 - 2^2 */
+    felem_square(tmp, ftmp3);
+    felem_reduce(ftmp3, tmp);   /* 2^7 - 2^3 */
+    felem_square(tmp, ftmp3);
+    felem_reduce(ftmp3, tmp);   /* 2^8 - 2^4 */
+    felem_assign(ftmp4, ftmp3);
+    felem_mul(tmp, ftmp3, ftmp);
+    felem_reduce(ftmp4, tmp);   /* 2^8 - 2^1 */
+    felem_square(tmp, ftmp4);
+    felem_reduce(ftmp4, tmp);   /* 2^9 - 2^2 */
+    felem_mul(tmp, ftmp3, ftmp2);
+    felem_reduce(ftmp3, tmp);   /* 2^8 - 2^0 */
+    felem_assign(ftmp2, ftmp3);
+
+    for (i = 0; i < 8; i++) {
+        felem_square(tmp, ftmp3);
+        felem_reduce(ftmp3, tmp); /* 2^16 - 2^8 */
+    }
+    felem_mul(tmp, ftmp3, ftmp2);
+    felem_reduce(ftmp3, tmp);   /* 2^16 - 2^0 */
+    felem_assign(ftmp2, ftmp3);
+
+    for (i = 0; i < 16; i++) {
+        felem_square(tmp, ftmp3);
+        felem_reduce(ftmp3, tmp); /* 2^32 - 2^16 */
+    }
+    felem_mul(tmp, ftmp3, ftmp2);
+    felem_reduce(ftmp3, tmp);   /* 2^32 - 2^0 */
+    felem_assign(ftmp2, ftmp3);
+
+    for (i = 0; i < 32; i++) {
+        felem_square(tmp, ftmp3);
+        felem_reduce(ftmp3, tmp); /* 2^64 - 2^32 */
+    }
+    felem_mul(tmp, ftmp3, ftmp2);
+    felem_reduce(ftmp3, tmp);   /* 2^64 - 2^0 */
+    felem_assign(ftmp2, ftmp3);
+
+    for (i = 0; i < 64; i++) {
+        felem_square(tmp, ftmp3);
+        felem_reduce(ftmp3, tmp); /* 2^128 - 2^64 */
+    }
+    felem_mul(tmp, ftmp3, ftmp2);
+    felem_reduce(ftmp3, tmp);   /* 2^128 - 2^0 */
+    felem_assign(ftmp2, ftmp3);
+
+    for (i = 0; i < 128; i++) {
+        felem_square(tmp, ftmp3);
+        felem_reduce(ftmp3, tmp); /* 2^256 - 2^128 */
+    }
+    felem_mul(tmp, ftmp3, ftmp2);
+    felem_reduce(ftmp3, tmp);   /* 2^256 - 2^0 */
+    felem_assign(ftmp2, ftmp3);
+
+    for (i = 0; i < 256; i++) {
+        felem_square(tmp, ftmp3);
+        felem_reduce(ftmp3, tmp); /* 2^512 - 2^256 */
+    }
+    felem_mul(tmp, ftmp3, ftmp2);
+    felem_reduce(ftmp3, tmp);   /* 2^512 - 2^0 */
+
+    for (i = 0; i < 9; i++) {
+        felem_square(tmp, ftmp3);
+        felem_reduce(ftmp3, tmp); /* 2^521 - 2^9 */
+    }
+    felem_mul(tmp, ftmp3, ftmp4);
+    felem_reduce(ftmp3, tmp);   /* 2^512 - 2^2 */
+    felem_mul(tmp, ftmp3, in);
+    felem_reduce(out, tmp);     /* 2^512 - 3 */
+}
+
+/* This is 2^521-1, expressed as an felem */
+static const felem kPrime = {
+    0x03ffffffffffffff, 0x03ffffffffffffff, 0x03ffffffffffffff,
+    0x03ffffffffffffff, 0x03ffffffffffffff, 0x03ffffffffffffff,
+    0x03ffffffffffffff, 0x03ffffffffffffff, 0x01ffffffffffffff
+};
+
+/*-
+ * felem_is_zero returns a limb with all bits set if |in| == 0 (mod p) and 0
+ * otherwise.
+ * On entry:
+ *   in[i] < 2^59 + 2^14
+ */
+static limb felem_is_zero(const felem in)
+{
+    felem ftmp;
+    limb is_zero, is_p;
+    felem_assign(ftmp, in);
+
+    ftmp[0] += ftmp[8] >> 57;
+    ftmp[8] &= bottom57bits;
+    /* ftmp[8] < 2^57 */
+    ftmp[1] += ftmp[0] >> 58;
+    ftmp[0] &= bottom58bits;
+    ftmp[2] += ftmp[1] >> 58;
+    ftmp[1] &= bottom58bits;
+    ftmp[3] += ftmp[2] >> 58;
+    ftmp[2] &= bottom58bits;
+    ftmp[4] += ftmp[3] >> 58;
+    ftmp[3] &= bottom58bits;
+    ftmp[5] += ftmp[4] >> 58;
+    ftmp[4] &= bottom58bits;
+    ftmp[6] += ftmp[5] >> 58;
+    ftmp[5] &= bottom58bits;
+    ftmp[7] += ftmp[6] >> 58;
+    ftmp[6] &= bottom58bits;
+    ftmp[8] += ftmp[7] >> 58;
+    ftmp[7] &= bottom58bits;
+    /* ftmp[8] < 2^57 + 4 */
+
+    /*
+     * The ninth limb of 2*(2^521-1) is 0x03ffffffffffffff, which is greater
+     * than our bound for ftmp[8]. Therefore we only have to check if the
+     * zero is zero or 2^521-1.
+     */
+
+    is_zero = 0;
+    is_zero |= ftmp[0];
+    is_zero |= ftmp[1];
+    is_zero |= ftmp[2];
+    is_zero |= ftmp[3];
+    is_zero |= ftmp[4];
+    is_zero |= ftmp[5];
+    is_zero |= ftmp[6];
+    is_zero |= ftmp[7];
+    is_zero |= ftmp[8];
+
+    is_zero--;
+    /*
+     * We know that ftmp[i] < 2^63, therefore the only way that the top bit
+     * can be set is if is_zero was 0 before the decrement.
+     */
+    is_zero = 0 - (is_zero >> 63);
+
+    is_p = ftmp[0] ^ kPrime[0];
+    is_p |= ftmp[1] ^ kPrime[1];
+    is_p |= ftmp[2] ^ kPrime[2];
+    is_p |= ftmp[3] ^ kPrime[3];
+    is_p |= ftmp[4] ^ kPrime[4];
+    is_p |= ftmp[5] ^ kPrime[5];
+    is_p |= ftmp[6] ^ kPrime[6];
+    is_p |= ftmp[7] ^ kPrime[7];
+    is_p |= ftmp[8] ^ kPrime[8];
+
+    is_p--;
+    is_p = 0 - (is_p >> 63);
+
+    is_zero |= is_p;
+    return is_zero;
+}
+
+static int felem_is_zero_int(const void *in)
+{
+    return (int)(felem_is_zero(in) & ((limb) 1));
+}
+
+/*-
+ * felem_contract converts |in| to its unique, minimal representation.
+ * On entry:
+ *   in[i] < 2^59 + 2^14
+ */
+static void felem_contract(felem out, const felem in)
+{
+    limb is_p, is_greater, sign;
+    static const limb two58 = ((limb) 1) << 58;
+
+    felem_assign(out, in);
+
+    out[0] += out[8] >> 57;
+    out[8] &= bottom57bits;
+    /* out[8] < 2^57 */
+    out[1] += out[0] >> 58;
+    out[0] &= bottom58bits;
+    out[2] += out[1] >> 58;
+    out[1] &= bottom58bits;
+    out[3] += out[2] >> 58;
+    out[2] &= bottom58bits;
+    out[4] += out[3] >> 58;
+    out[3] &= bottom58bits;
+    out[5] += out[4] >> 58;
+    out[4] &= bottom58bits;
+    out[6] += out[5] >> 58;
+    out[5] &= bottom58bits;
+    out[7] += out[6] >> 58;
+    out[6] &= bottom58bits;
+    out[8] += out[7] >> 58;
+    out[7] &= bottom58bits;
+    /* out[8] < 2^57 + 4 */
+
+    /*
+     * If the value is greater than 2^521-1 then we have to subtract 2^521-1
+     * out. See the comments in felem_is_zero regarding why we don't test for
+     * other multiples of the prime.
+     */
+
+    /*
+     * First, if |out| is equal to 2^521-1, we subtract it out to get zero.
+     */
+
+    is_p = out[0] ^ kPrime[0];
+    is_p |= out[1] ^ kPrime[1];
+    is_p |= out[2] ^ kPrime[2];
+    is_p |= out[3] ^ kPrime[3];
+    is_p |= out[4] ^ kPrime[4];
+    is_p |= out[5] ^ kPrime[5];
+    is_p |= out[6] ^ kPrime[6];
+    is_p |= out[7] ^ kPrime[7];
+    is_p |= out[8] ^ kPrime[8];
+
+    is_p--;
+    is_p &= is_p << 32;
+    is_p &= is_p << 16;
+    is_p &= is_p << 8;
+    is_p &= is_p << 4;
+    is_p &= is_p << 2;
+    is_p &= is_p << 1;
+    is_p = 0 - (is_p >> 63);
+    is_p = ~is_p;
+
+    /* is_p is 0 iff |out| == 2^521-1 and all ones otherwise */
+
+    out[0] &= is_p;
+    out[1] &= is_p;
+    out[2] &= is_p;
+    out[3] &= is_p;
+    out[4] &= is_p;
+    out[5] &= is_p;
+    out[6] &= is_p;
+    out[7] &= is_p;
+    out[8] &= is_p;
+
+    /*
+     * In order to test that |out| >= 2^521-1 we need only test if out[8] >>
+     * 57 is greater than zero as (2^521-1) + x >= 2^522
+     */
+    is_greater = out[8] >> 57;
+    is_greater |= is_greater << 32;
+    is_greater |= is_greater << 16;
+    is_greater |= is_greater << 8;
+    is_greater |= is_greater << 4;
+    is_greater |= is_greater << 2;
+    is_greater |= is_greater << 1;
+    is_greater = 0 - (is_greater >> 63);
+
+    out[0] -= kPrime[0] & is_greater;
+    out[1] -= kPrime[1] & is_greater;
+    out[2] -= kPrime[2] & is_greater;
+    out[3] -= kPrime[3] & is_greater;
+    out[4] -= kPrime[4] & is_greater;
+    out[5] -= kPrime[5] & is_greater;
+    out[6] -= kPrime[6] & is_greater;
+    out[7] -= kPrime[7] & is_greater;
+    out[8] -= kPrime[8] & is_greater;
+
+    /* Eliminate negative coefficients */
+    sign = -(out[0] >> 63);
+    out[0] += (two58 & sign);
+    out[1] -= (1 & sign);
+    sign = -(out[1] >> 63);
+    out[1] += (two58 & sign);
+    out[2] -= (1 & sign);
+    sign = -(out[2] >> 63);
+    out[2] += (two58 & sign);
+    out[3] -= (1 & sign);
+    sign = -(out[3] >> 63);
+    out[3] += (two58 & sign);
+    out[4] -= (1 & sign);
+    sign = -(out[4] >> 63);
+    out[4] += (two58 & sign);
+    out[5] -= (1 & sign);
+    sign = -(out[0] >> 63);
+    out[5] += (two58 & sign);
+    out[6] -= (1 & sign);
+    sign = -(out[6] >> 63);
+    out[6] += (two58 & sign);
+    out[7] -= (1 & sign);
+    sign = -(out[7] >> 63);
+    out[7] += (two58 & sign);
+    out[8] -= (1 & sign);
+    sign = -(out[5] >> 63);
+    out[5] += (two58 & sign);
+    out[6] -= (1 & sign);
+    sign = -(out[6] >> 63);
+    out[6] += (two58 & sign);
+    out[7] -= (1 & sign);
+    sign = -(out[7] >> 63);
+    out[7] += (two58 & sign);
+    out[8] -= (1 & sign);
+}
+
+/*-
+ * Group operations
+ * ----------------
+ *
+ * Building on top of the field operations we have the operations on the
+ * elliptic curve group itself. Points on the curve are represented in Jacobian
+ * coordinates */
+
+/*-
+ * point_double calculates 2*(x_in, y_in, z_in)
+ *
+ * The method is taken from:
+ *   http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2001-b
+ *
+ * Outputs can equal corresponding inputs, i.e., x_out == x_in is allowed.
+ * while x_out == y_in is not (maybe this works, but it's not tested). */
+static void
+point_double(felem x_out, felem y_out, felem z_out,
+             const felem x_in, const felem y_in, const felem z_in)
+{
+    largefelem tmp, tmp2;
+    felem delta, gamma, beta, alpha, ftmp, ftmp2;
+
+    felem_assign(ftmp, x_in);
+    felem_assign(ftmp2, x_in);
+
+    /* delta = z^2 */
+    felem_square(tmp, z_in);
+    felem_reduce(delta, tmp);   /* delta[i] < 2^59 + 2^14 */
+
+    /* gamma = y^2 */
+    felem_square(tmp, y_in);
+    felem_reduce(gamma, tmp);   /* gamma[i] < 2^59 + 2^14 */
+
+    /* beta = x*gamma */
+    felem_mul(tmp, x_in, gamma);
+    felem_reduce(beta, tmp);    /* beta[i] < 2^59 + 2^14 */
+
+    /* alpha = 3*(x-delta)*(x+delta) */
+    felem_diff64(ftmp, delta);
+    /* ftmp[i] < 2^61 */
+    felem_sum64(ftmp2, delta);
+    /* ftmp2[i] < 2^60 + 2^15 */
+    felem_scalar64(ftmp2, 3);
+    /* ftmp2[i] < 3*2^60 + 3*2^15 */
+    felem_mul(tmp, ftmp, ftmp2);
+    /*-
+     * tmp[i] < 17(3*2^121 + 3*2^76)
+     *        = 61*2^121 + 61*2^76
+     *        < 64*2^121 + 64*2^76
+     *        = 2^127 + 2^82
+     *        < 2^128
+     */
+    felem_reduce(alpha, tmp);
+
+    /* x' = alpha^2 - 8*beta */
+    felem_square(tmp, alpha);
+    /*
+     * tmp[i] < 17*2^120 < 2^125
+     */
+    felem_assign(ftmp, beta);
+    felem_scalar64(ftmp, 8);
+    /* ftmp[i] < 2^62 + 2^17 */
+    felem_diff_128_64(tmp, ftmp);
+    /* tmp[i] < 2^125 + 2^63 + 2^62 + 2^17 */
+    felem_reduce(x_out, tmp);
+
+    /* z' = (y + z)^2 - gamma - delta */
+    felem_sum64(delta, gamma);
+    /* delta[i] < 2^60 + 2^15 */
+    felem_assign(ftmp, y_in);
+    felem_sum64(ftmp, z_in);
+    /* ftmp[i] < 2^60 + 2^15 */
+    felem_square(tmp, ftmp);
+    /*
+     * tmp[i] < 17(2^122) < 2^127
+     */
+    felem_diff_128_64(tmp, delta);
+    /* tmp[i] < 2^127 + 2^63 */
+    felem_reduce(z_out, tmp);
+
+    /* y' = alpha*(4*beta - x') - 8*gamma^2 */
+    felem_scalar64(beta, 4);
+    /* beta[i] < 2^61 + 2^16 */
+    felem_diff64(beta, x_out);
+    /* beta[i] < 2^61 + 2^60 + 2^16 */
+    felem_mul(tmp, alpha, beta);
+    /*-
+     * tmp[i] < 17*((2^59 + 2^14)(2^61 + 2^60 + 2^16))
+     *        = 17*(2^120 + 2^75 + 2^119 + 2^74 + 2^75 + 2^30)
+     *        = 17*(2^120 + 2^119 + 2^76 + 2^74 + 2^30)
+     *        < 2^128
+     */
+    felem_square(tmp2, gamma);
+    /*-
+     * tmp2[i] < 17*(2^59 + 2^14)^2
+     *         = 17*(2^118 + 2^74 + 2^28)
+     */
+    felem_scalar128(tmp2, 8);
+    /*-
+     * tmp2[i] < 8*17*(2^118 + 2^74 + 2^28)
+     *         = 2^125 + 2^121 + 2^81 + 2^77 + 2^35 + 2^31
+     *         < 2^126
+     */
+    felem_diff128(tmp, tmp2);
+    /*-
+     * tmp[i] < 2^127 - 2^69 + 17(2^120 + 2^119 + 2^76 + 2^74 + 2^30)
+     *        = 2^127 + 2^124 + 2^122 + 2^120 + 2^118 + 2^80 + 2^78 + 2^76 +
+     *          2^74 + 2^69 + 2^34 + 2^30
+     *        < 2^128
+     */
+    felem_reduce(y_out, tmp);
+}
+
+/* copy_conditional copies in to out iff mask is all ones. */
+static void copy_conditional(felem out, const felem in, limb mask)
+{
+    unsigned i;
+    for (i = 0; i < NLIMBS; ++i) {
+        const limb tmp = mask & (in[i] ^ out[i]);
+        out[i] ^= tmp;
+    }
+}
+
+/*-
+ * point_add calculates (x1, y1, z1) + (x2, y2, z2)
+ *
+ * The method is taken from
+ *   http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-2007-bl,
+ * adapted for mixed addition (z2 = 1, or z2 = 0 for the point at infinity).
+ *
+ * This function includes a branch for checking whether the two input points
+ * are equal (while not equal to the point at infinity). See comment below
+ * on constant-time.
+ */
+static void point_add(felem x3, felem y3, felem z3,
+                      const felem x1, const felem y1, const felem z1,
+                      const int mixed, const felem x2, const felem y2,
+                      const felem z2)
+{
+    felem ftmp, ftmp2, ftmp3, ftmp4, ftmp5, ftmp6, x_out, y_out, z_out;
+    largefelem tmp, tmp2;
+    limb x_equal, y_equal, z1_is_zero, z2_is_zero;
+
+    z1_is_zero = felem_is_zero(z1);
+    z2_is_zero = felem_is_zero(z2);
+
+    /* ftmp = z1z1 = z1**2 */
+    felem_square(tmp, z1);
+    felem_reduce(ftmp, tmp);
+
+    if (!mixed) {
+        /* ftmp2 = z2z2 = z2**2 */
+        felem_square(tmp, z2);
+        felem_reduce(ftmp2, tmp);
+
+        /* u1 = ftmp3 = x1*z2z2 */
+        felem_mul(tmp, x1, ftmp2);
+        felem_reduce(ftmp3, tmp);
+
+        /* ftmp5 = z1 + z2 */
+        felem_assign(ftmp5, z1);
+        felem_sum64(ftmp5, z2);
+        /* ftmp5[i] < 2^61 */
+
+        /* ftmp5 = (z1 + z2)**2 - z1z1 - z2z2 = 2*z1z2 */
+        felem_square(tmp, ftmp5);
+        /* tmp[i] < 17*2^122 */
+        felem_diff_128_64(tmp, ftmp);
+        /* tmp[i] < 17*2^122 + 2^63 */
+        felem_diff_128_64(tmp, ftmp2);
+        /* tmp[i] < 17*2^122 + 2^64 */
+        felem_reduce(ftmp5, tmp);
+
+        /* ftmp2 = z2 * z2z2 */
+        felem_mul(tmp, ftmp2, z2);
+        felem_reduce(ftmp2, tmp);
+
+        /* s1 = ftmp6 = y1 * z2**3 */
+        felem_mul(tmp, y1, ftmp2);
+        felem_reduce(ftmp6, tmp);
+    } else {
+        /*
+         * We'll assume z2 = 1 (special case z2 = 0 is handled later)
+         */
+
+        /* u1 = ftmp3 = x1*z2z2 */
+        felem_assign(ftmp3, x1);
+
+        /* ftmp5 = 2*z1z2 */
+        felem_scalar(ftmp5, z1, 2);
+
+        /* s1 = ftmp6 = y1 * z2**3 */
+        felem_assign(ftmp6, y1);
+    }
+
+    /* u2 = x2*z1z1 */
+    felem_mul(tmp, x2, ftmp);
+    /* tmp[i] < 17*2^120 */
+
+    /* h = ftmp4 = u2 - u1 */
+    felem_diff_128_64(tmp, ftmp3);
+    /* tmp[i] < 17*2^120 + 2^63 */
+    felem_reduce(ftmp4, tmp);
+
+    x_equal = felem_is_zero(ftmp4);
+
+    /* z_out = ftmp5 * h */
+    felem_mul(tmp, ftmp5, ftmp4);
+    felem_reduce(z_out, tmp);
+
+    /* ftmp = z1 * z1z1 */
+    felem_mul(tmp, ftmp, z1);
+    felem_reduce(ftmp, tmp);
+
+    /* s2 = tmp = y2 * z1**3 */
+    felem_mul(tmp, y2, ftmp);
+    /* tmp[i] < 17*2^120 */
+
+    /* r = ftmp5 = (s2 - s1)*2 */
+    felem_diff_128_64(tmp, ftmp6);
+    /* tmp[i] < 17*2^120 + 2^63 */
+    felem_reduce(ftmp5, tmp);
+    y_equal = felem_is_zero(ftmp5);
+    felem_scalar64(ftmp5, 2);
+    /* ftmp5[i] < 2^61 */
+
+    if (x_equal && y_equal && !z1_is_zero && !z2_is_zero) {
+        /*
+         * This is obviously not constant-time but it will almost-never happen
+         * for ECDH / ECDSA. The case where it can happen is during scalar-mult
+         * where the intermediate value gets very close to the group order.
+         * Since |ec_GFp_nistp_recode_scalar_bits| produces signed digits for
+         * the scalar, it's possible for the intermediate value to be a small
+         * negative multiple of the base point, and for the final signed digit
+         * to be the same value. We believe that this only occurs for the scalar
+         * 1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
+         * ffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb
+         * 71e913863f7, in that case the penultimate intermediate is -9G and
+         * the final digit is also -9G. Since this only happens for a single
+         * scalar, the timing leak is irrelevent. (Any attacker who wanted to
+         * check whether a secret scalar was that exact value, can already do
+         * so.)
+         */
+        point_double(x3, y3, z3, x1, y1, z1);
+        return;
+    }
+
+    /* I = ftmp = (2h)**2 */
+    felem_assign(ftmp, ftmp4);
+    felem_scalar64(ftmp, 2);
+    /* ftmp[i] < 2^61 */
+    felem_square(tmp, ftmp);
+    /* tmp[i] < 17*2^122 */
+    felem_reduce(ftmp, tmp);
+
+    /* J = ftmp2 = h * I */
+    felem_mul(tmp, ftmp4, ftmp);
+    felem_reduce(ftmp2, tmp);
+
+    /* V = ftmp4 = U1 * I */
+    felem_mul(tmp, ftmp3, ftmp);
+    felem_reduce(ftmp4, tmp);
+
+    /* x_out = r**2 - J - 2V */
+    felem_square(tmp, ftmp5);
+    /* tmp[i] < 17*2^122 */
+    felem_diff_128_64(tmp, ftmp2);
+    /* tmp[i] < 17*2^122 + 2^63 */
+    felem_assign(ftmp3, ftmp4);
+    felem_scalar64(ftmp4, 2);
+    /* ftmp4[i] < 2^61 */
+    felem_diff_128_64(tmp, ftmp4);
+    /* tmp[i] < 17*2^122 + 2^64 */
+    felem_reduce(x_out, tmp);
+
+    /* y_out = r(V-x_out) - 2 * s1 * J */
+    felem_diff64(ftmp3, x_out);
+    /*
+     * ftmp3[i] < 2^60 + 2^60 = 2^61
+     */
+    felem_mul(tmp, ftmp5, ftmp3);
+    /* tmp[i] < 17*2^122 */
+    felem_mul(tmp2, ftmp6, ftmp2);
+    /* tmp2[i] < 17*2^120 */
+    felem_scalar128(tmp2, 2);
+    /* tmp2[i] < 17*2^121 */
+    felem_diff128(tmp, tmp2);
+        /*-
+         * tmp[i] < 2^127 - 2^69 + 17*2^122
+         *        = 2^126 - 2^122 - 2^6 - 2^2 - 1
+         *        < 2^127
+         */
+    felem_reduce(y_out, tmp);
+
+    copy_conditional(x_out, x2, z1_is_zero);
+    copy_conditional(x_out, x1, z2_is_zero);
+    copy_conditional(y_out, y2, z1_is_zero);
+    copy_conditional(y_out, y1, z2_is_zero);
+    copy_conditional(z_out, z2, z1_is_zero);
+    copy_conditional(z_out, z1, z2_is_zero);
+    felem_assign(x3, x_out);
+    felem_assign(y3, y_out);
+    felem_assign(z3, z_out);
+}
+
+/*-
+ * Base point pre computation
+ * --------------------------
+ *
+ * Two different sorts of precomputed tables are used in the following code.
+ * Each contain various points on the curve, where each point is three field
+ * elements (x, y, z).
+ *
+ * For the base point table, z is usually 1 (0 for the point at infinity).
+ * This table has 16 elements:
+ * index | bits    | point
+ * ------+---------+------------------------------
+ *     0 | 0 0 0 0 | 0G
+ *     1 | 0 0 0 1 | 1G
+ *     2 | 0 0 1 0 | 2^130G
+ *     3 | 0 0 1 1 | (2^130 + 1)G
+ *     4 | 0 1 0 0 | 2^260G
+ *     5 | 0 1 0 1 | (2^260 + 1)G
+ *     6 | 0 1 1 0 | (2^260 + 2^130)G
+ *     7 | 0 1 1 1 | (2^260 + 2^130 + 1)G
+ *     8 | 1 0 0 0 | 2^390G
+ *     9 | 1 0 0 1 | (2^390 + 1)G
+ *    10 | 1 0 1 0 | (2^390 + 2^130)G
+ *    11 | 1 0 1 1 | (2^390 + 2^130 + 1)G
+ *    12 | 1 1 0 0 | (2^390 + 2^260)G
+ *    13 | 1 1 0 1 | (2^390 + 2^260 + 1)G
+ *    14 | 1 1 1 0 | (2^390 + 2^260 + 2^130)G
+ *    15 | 1 1 1 1 | (2^390 + 2^260 + 2^130 + 1)G
+ *
+ * The reason for this is so that we can clock bits into four different
+ * locations when doing simple scalar multiplies against the base point.
+ *
+ * Tables for other points have table[i] = iG for i in 0 .. 16. */
+
+/* gmul is the table of precomputed base points */
+static const felem gmul[16][3] = {
+{{0, 0, 0, 0, 0, 0, 0, 0, 0},
+ {0, 0, 0, 0, 0, 0, 0, 0, 0},
+ {0, 0, 0, 0, 0, 0, 0, 0, 0}},
+{{0x017e7e31c2e5bd66, 0x022cf0615a90a6fe, 0x00127a2ffa8de334,
+  0x01dfbf9d64a3f877, 0x006b4d3dbaa14b5e, 0x014fed487e0a2bd8,
+  0x015b4429c6481390, 0x03a73678fb2d988e, 0x00c6858e06b70404},
+ {0x00be94769fd16650, 0x031c21a89cb09022, 0x039013fad0761353,
+  0x02657bd099031542, 0x03273e662c97ee72, 0x01e6d11a05ebef45,
+  0x03d1bd998f544495, 0x03001172297ed0b1, 0x011839296a789a3b},
+ {1, 0, 0, 0, 0, 0, 0, 0, 0}},
+{{0x0373faacbc875bae, 0x00f325023721c671, 0x00f666fd3dbde5ad,
+  0x01a6932363f88ea7, 0x01fc6d9e13f9c47b, 0x03bcbffc2bbf734e,
+  0x013ee3c3647f3a92, 0x029409fefe75d07d, 0x00ef9199963d85e5},
+ {0x011173743ad5b178, 0x02499c7c21bf7d46, 0x035beaeabb8b1a58,
+  0x00f989c4752ea0a3, 0x0101e1de48a9c1a3, 0x01a20076be28ba6c,
+  0x02f8052e5eb2de95, 0x01bfe8f82dea117c, 0x0160074d3c36ddb7},
+ {1, 0, 0, 0, 0, 0, 0, 0, 0}},
+{{0x012f3fc373393b3b, 0x03d3d6172f1419fa, 0x02adc943c0b86873,
+  0x00d475584177952b, 0x012a4d1673750ee2, 0x00512517a0f13b0c,
+  0x02b184671a7b1734, 0x0315b84236f1a50a, 0x00a4afc472edbdb9},
+ {0x00152a7077f385c4, 0x03044007d8d1c2ee, 0x0065829d61d52b52,
+  0x00494ff6b6631d0d, 0x00a11d94d5f06bcf, 0x02d2f89474d9282e,
+  0x0241c5727c06eeb9, 0x0386928710fbdb9d, 0x01f883f727b0dfbe},
+ {1, 0, 0, 0, 0, 0, 0, 0, 0}},
+{{0x019b0c3c9185544d, 0x006243a37c9d97db, 0x02ee3cbe030a2ad2,
+  0x00cfdd946bb51e0d, 0x0271c00932606b91, 0x03f817d1ec68c561,
+  0x03f37009806a369c, 0x03c1f30baf184fd5, 0x01091022d6d2f065},
+ {0x0292c583514c45ed, 0x0316fca51f9a286c, 0x00300af507c1489a,
+  0x0295f69008298cf1, 0x02c0ed8274943d7b, 0x016509b9b47a431e,
+  0x02bc9de9634868ce, 0x005b34929bffcb09, 0x000c1a0121681524},
+ {1, 0, 0, 0, 0, 0, 0, 0, 0}},
+{{0x0286abc0292fb9f2, 0x02665eee9805b3f7, 0x01ed7455f17f26d6,
+  0x0346355b83175d13, 0x006284944cd0a097, 0x0191895bcdec5e51,
+  0x02e288370afda7d9, 0x03b22312bfefa67a, 0x01d104d3fc0613fe},
+ {0x0092421a12f7e47f, 0x0077a83fa373c501, 0x03bd25c5f696bd0d,
+  0x035c41e4d5459761, 0x01ca0d1742b24f53, 0x00aaab27863a509c,
+  0x018b6de47df73917, 0x025c0b771705cd01, 0x01fd51d566d760a7},
+ {1, 0, 0, 0, 0, 0, 0, 0, 0}},
+{{0x01dd92ff6b0d1dbd, 0x039c5e2e8f8afa69, 0x0261ed13242c3b27,
+  0x0382c6e67026e6a0, 0x01d60b10be2089f9, 0x03c15f3dce86723f,
+  0x03c764a32d2a062d, 0x017307eac0fad056, 0x018207c0b96c5256},
+ {0x0196a16d60e13154, 0x03e6ce74c0267030, 0x00ddbf2b4e52a5aa,
+  0x012738241bbf31c8, 0x00ebe8dc04685a28, 0x024c2ad6d380d4a2,
+  0x035ee062a6e62d0e, 0x0029ed74af7d3a0f, 0x00eef32aec142ebd},
+ {1, 0, 0, 0, 0, 0, 0, 0, 0}},
+{{0x00c31ec398993b39, 0x03a9f45bcda68253, 0x00ac733c24c70890,
+  0x00872b111401ff01, 0x01d178c23195eafb, 0x03bca2c816b87f74,
+  0x0261a9af46fbad7a, 0x0324b2a8dd3d28f9, 0x00918121d8f24e23},
+ {0x032bc8c1ca983cd7, 0x00d869dfb08fc8c6, 0x01693cb61fce1516,
+  0x012a5ea68f4e88a8, 0x010869cab88d7ae3, 0x009081ad277ceee1,
+  0x033a77166d064cdc, 0x03955235a1fb3a95, 0x01251a4a9b25b65e},
+ {1, 0, 0, 0, 0, 0, 0, 0, 0}},
+{{0x00148a3a1b27f40b, 0x0123186df1b31fdc, 0x00026e7beaad34ce,
+  0x01db446ac1d3dbba, 0x0299c1a33437eaec, 0x024540610183cbb7,
+  0x0173bb0e9ce92e46, 0x02b937e43921214b, 0x01ab0436a9bf01b5},
+ {0x0383381640d46948, 0x008dacbf0e7f330f, 0x03602122bcc3f318,
+  0x01ee596b200620d6, 0x03bd0585fda430b3, 0x014aed77fd123a83,
+  0x005ace749e52f742, 0x0390fe041da2b842, 0x0189a8ceb3299242},
+ {1, 0, 0, 0, 0, 0, 0, 0, 0}},
+{{0x012a19d6b3282473, 0x00c0915918b423ce, 0x023a954eb94405ae,
+  0x00529f692be26158, 0x0289fa1b6fa4b2aa, 0x0198ae4ceea346ef,
+  0x0047d8cdfbdedd49, 0x00cc8c8953f0f6b8, 0x001424abbff49203},
+ {0x0256732a1115a03a, 0x0351bc38665c6733, 0x03f7b950fb4a6447,
+  0x000afffa94c22155, 0x025763d0a4dab540, 0x000511e92d4fc283,
+  0x030a7e9eda0ee96c, 0x004c3cd93a28bf0a, 0x017edb3a8719217f},
+ {1, 0, 0, 0, 0, 0, 0, 0, 0}},
+{{0x011de5675a88e673, 0x031d7d0f5e567fbe, 0x0016b2062c970ae5,
+  0x03f4a2be49d90aa7, 0x03cef0bd13822866, 0x03f0923dcf774a6c,
+  0x0284bebc4f322f72, 0x016ab2645302bb2c, 0x01793f95dace0e2a},
+ {0x010646e13527a28f, 0x01ca1babd59dc5e7, 0x01afedfd9a5595df,
+  0x01f15785212ea6b1, 0x0324e5d64f6ae3f4, 0x02d680f526d00645,
+  0x0127920fadf627a7, 0x03b383f75df4f684, 0x0089e0057e783b0a},
+ {1, 0, 0, 0, 0, 0, 0, 0, 0}},
+{{0x00f334b9eb3c26c6, 0x0298fdaa98568dce, 0x01c2d24843a82292,
+  0x020bcb24fa1b0711, 0x02cbdb3d2b1875e6, 0x0014907598f89422,
+  0x03abe3aa43b26664, 0x02cbf47f720bc168, 0x0133b5e73014b79b},
+ {0x034aab5dab05779d, 0x00cdc5d71fee9abb, 0x0399f16bd4bd9d30,
+  0x03582fa592d82647, 0x02be1cdfb775b0e9, 0x0034f7cea32e94cb,
+  0x0335a7f08f56f286, 0x03b707e9565d1c8b, 0x0015c946ea5b614f},
+ {1, 0, 0, 0, 0, 0, 0, 0, 0}},
+{{0x024676f6cff72255, 0x00d14625cac96378, 0x00532b6008bc3767,
+  0x01fc16721b985322, 0x023355ea1b091668, 0x029de7afdc0317c3,
+  0x02fc8a7ca2da037c, 0x02de1217d74a6f30, 0x013f7173175b73bf},
+ {0x0344913f441490b5, 0x0200f9e272b61eca, 0x0258a246b1dd55d2,
+  0x03753db9ea496f36, 0x025e02937a09c5ef, 0x030cbd3d14012692,
+  0x01793a67e70dc72a, 0x03ec1d37048a662e, 0x006550f700c32a8d},
+ {1, 0, 0, 0, 0, 0, 0, 0, 0}},
+{{0x00d3f48a347eba27, 0x008e636649b61bd8, 0x00d3b93716778fb3,
+  0x004d1915757bd209, 0x019d5311a3da44e0, 0x016d1afcbbe6aade,
+  0x0241bf5f73265616, 0x0384672e5d50d39b, 0x005009fee522b684},
+ {0x029b4fab064435fe, 0x018868ee095bbb07, 0x01ea3d6936cc92b8,
+  0x000608b00f78a2f3, 0x02db911073d1c20f, 0x018205938470100a,
+  0x01f1e4964cbe6ff2, 0x021a19a29eed4663, 0x01414485f42afa81},
+ {1, 0, 0, 0, 0, 0, 0, 0, 0}},
+{{0x01612b3a17f63e34, 0x03813992885428e6, 0x022b3c215b5a9608,
+  0x029b4057e19f2fcb, 0x0384059a587af7e6, 0x02d6400ace6fe610,
+  0x029354d896e8e331, 0x00c047ee6dfba65e, 0x0037720542e9d49d},
+ {0x02ce9eed7c5e9278, 0x0374ed703e79643b, 0x01316c54c4072006,
+  0x005aaa09054b2ee8, 0x002824000c840d57, 0x03d4eba24771ed86,
+  0x0189c50aabc3bdae, 0x0338c01541e15510, 0x00466d56e38eed42},
+ {1, 0, 0, 0, 0, 0, 0, 0, 0}},
+{{0x007efd8330ad8bd6, 0x02465ed48047710b, 0x0034c6606b215e0c,
+  0x016ae30c53cbf839, 0x01fa17bd37161216, 0x018ead4e61ce8ab9,
+  0x005482ed5f5dee46, 0x037543755bba1d7f, 0x005e5ac7e70a9d0f},
+ {0x0117e1bb2fdcb2a2, 0x03deea36249f40c4, 0x028d09b4a6246cb7,
+  0x03524b8855bcf756, 0x023d7d109d5ceb58, 0x0178e43e3223ef9c,
+  0x0154536a0c6e966a, 0x037964d1286ee9fe, 0x0199bcd90e125055},
+ {1, 0, 0, 0, 0, 0, 0, 0, 0}}
+};
+
+/*
+ * select_point selects the |idx|th point from a precomputation table and
+ * copies it to out.
+ */
+ /* pre_comp below is of the size provided in |size| */
+static void select_point(const limb idx, unsigned int size,
+                         const felem pre_comp[][3], felem out[3])
+{
+    unsigned i, j;
+    limb *outlimbs = &out[0][0];
+
+    memset(out, 0, sizeof(*out) * 3);
+
+    for (i = 0; i < size; i++) {
+        const limb *inlimbs = &pre_comp[i][0][0];
+        limb mask = i ^ idx;
+        mask |= mask >> 4;
+        mask |= mask >> 2;
+        mask |= mask >> 1;
+        mask &= 1;
+        mask--;
+        for (j = 0; j < NLIMBS * 3; j++)
+            outlimbs[j] |= inlimbs[j] & mask;
+    }
+}
+
+/* get_bit returns the |i|th bit in |in| */
+static char get_bit(const felem_bytearray in, int i)
+{
+    if (i < 0)
+        return 0;
+    return (in[i >> 3] >> (i & 7)) & 1;
+}
+
+/*
+ * Interleaved point multiplication using precomputed point multiples: The
+ * small point multiples 0*P, 1*P, ..., 16*P are in pre_comp[], the scalars
+ * in scalars[]. If g_scalar is non-NULL, we also add this multiple of the
+ * generator, using certain (large) precomputed multiples in g_pre_comp.
+ * Output point (X, Y, Z) is stored in x_out, y_out, z_out
+ */
+static void batch_mul(felem x_out, felem y_out, felem z_out,
+                      const felem_bytearray scalars[],
+                      const unsigned num_points, const u8 *g_scalar,
+                      const int mixed, const felem pre_comp[][17][3],
+                      const felem g_pre_comp[16][3])
+{
+    int i, skip;
+    unsigned num, gen_mul = (g_scalar != NULL);
+    felem nq[3], tmp[4];
+    limb bits;
+    u8 sign, digit;
+
+    /* set nq to the point at infinity */
+    memset(nq, 0, sizeof(nq));
+
+    /*
+     * Loop over all scalars msb-to-lsb, interleaving additions of multiples
+     * of the generator (last quarter of rounds) and additions of other
+     * points multiples (every 5th round).
+     */
+    skip = 1;                   /* save two point operations in the first
+                                 * round */
+    for (i = (num_points ? 520 : 130); i >= 0; --i) {
+        /* double */
+        if (!skip)
+            point_double(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2]);
+
+        /* add multiples of the generator */
+        if (gen_mul && (i <= 130)) {
+            bits = get_bit(g_scalar, i + 390) << 3;
+            if (i < 130) {
+                bits |= get_bit(g_scalar, i + 260) << 2;
+                bits |= get_bit(g_scalar, i + 130) << 1;
+                bits |= get_bit(g_scalar, i);
+            }
+            /* select the point to add, in constant time */
+            select_point(bits, 16, g_pre_comp, tmp);
+            if (!skip) {
+                /* The 1 argument below is for "mixed" */
+                point_add(nq[0], nq[1], nq[2],
+                          nq[0], nq[1], nq[2], 1, tmp[0], tmp[1], tmp[2]);
+            } else {
+                memcpy(nq, tmp, 3 * sizeof(felem));
+                skip = 0;
+            }
+        }
+
+        /* do other additions every 5 doublings */
+        if (num_points && (i % 5 == 0)) {
+            /* loop over all scalars */
+            for (num = 0; num < num_points; ++num) {
+                bits = get_bit(scalars[num], i + 4) << 5;
+                bits |= get_bit(scalars[num], i + 3) << 4;
+                bits |= get_bit(scalars[num], i + 2) << 3;
+                bits |= get_bit(scalars[num], i + 1) << 2;
+                bits |= get_bit(scalars[num], i) << 1;
+                bits |= get_bit(scalars[num], i - 1);
+                ec_GFp_nistp_recode_scalar_bits(&sign, &digit, bits);
+
+                /*
+                 * select the point to add or subtract, in constant time
+                 */
+                select_point(digit, 17, pre_comp[num], tmp);
+                felem_neg(tmp[3], tmp[1]); /* (X, -Y, Z) is the negative
+                                            * point */
+                copy_conditional(tmp[1], tmp[3], (-(limb) sign));
+
+                if (!skip) {
+                    point_add(nq[0], nq[1], nq[2],
+                              nq[0], nq[1], nq[2],
+                              mixed, tmp[0], tmp[1], tmp[2]);
+                } else {
+                    memcpy(nq, tmp, 3 * sizeof(felem));
+                    skip = 0;
+                }
+            }
+        }
+    }
+    felem_assign(x_out, nq[0]);
+    felem_assign(y_out, nq[1]);
+    felem_assign(z_out, nq[2]);
+}
+
+/* Precomputation for the group generator. */
+struct nistp521_pre_comp_st {
+    felem g_pre_comp[16][3];
+    CRYPTO_REF_COUNT references;
+    CRYPTO_RWLOCK *lock;
+};
+
+const EC_METHOD *EC_GFp_nistp521_method(void)
+{
+    static const EC_METHOD ret = {
+        EC_FLAGS_DEFAULT_OCT,
+        NID_X9_62_prime_field,
+        ec_GFp_nistp521_group_init,
+        ec_GFp_simple_group_finish,
+        ec_GFp_simple_group_clear_finish,
+        ec_GFp_nist_group_copy,
+        ec_GFp_nistp521_group_set_curve,
+        ec_GFp_simple_group_get_curve,
+        ec_GFp_simple_group_get_degree,
+        ec_group_simple_order_bits,
+        ec_GFp_simple_group_check_discriminant,
+        ec_GFp_simple_point_init,
+        ec_GFp_simple_point_finish,
+        ec_GFp_simple_point_clear_finish,
+        ec_GFp_simple_point_copy,
+        ec_GFp_simple_point_set_to_infinity,
+        ec_GFp_simple_set_Jprojective_coordinates_GFp,
+        ec_GFp_simple_get_Jprojective_coordinates_GFp,
+        ec_GFp_simple_point_set_affine_coordinates,
+        ec_GFp_nistp521_point_get_affine_coordinates,
+        0 /* point_set_compressed_coordinates */ ,
+        0 /* point2oct */ ,
+        0 /* oct2point */ ,
+        ec_GFp_simple_add,
+        ec_GFp_simple_dbl,
+        ec_GFp_simple_invert,
+        ec_GFp_simple_is_at_infinity,
+        ec_GFp_simple_is_on_curve,
+        ec_GFp_simple_cmp,
+        ec_GFp_simple_make_affine,
+        ec_GFp_simple_points_make_affine,
+        ec_GFp_nistp521_points_mul,
+        ec_GFp_nistp521_precompute_mult,
+        ec_GFp_nistp521_have_precompute_mult,
+        ec_GFp_nist_field_mul,
+        ec_GFp_nist_field_sqr,
+        0 /* field_div */ ,
+        ec_GFp_simple_field_inv,
+        0 /* field_encode */ ,
+        0 /* field_decode */ ,
+        0,                      /* field_set_to_one */
+        ec_key_simple_priv2oct,
+        ec_key_simple_oct2priv,
+        0, /* set private */
+        ec_key_simple_generate_key,
+        ec_key_simple_check_key,
+        ec_key_simple_generate_public_key,
+        0, /* keycopy */
+        0, /* keyfinish */
+        ecdh_simple_compute_key,
+        0, /* field_inverse_mod_ord */
+        0, /* blind_coordinates */
+        0, /* ladder_pre */
+        0, /* ladder_step */
+        0  /* ladder_post */
+    };
+
+    return &ret;
+}
+
+/******************************************************************************/
+/*
+ * FUNCTIONS TO MANAGE PRECOMPUTATION
+ */
+
+static NISTP521_PRE_COMP *nistp521_pre_comp_new(void)
+{
+    NISTP521_PRE_COMP *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        ECerr(EC_F_NISTP521_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
+        return ret;
+    }
+
+    ret->references = 1;
+
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        ECerr(EC_F_NISTP521_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+NISTP521_PRE_COMP *EC_nistp521_pre_comp_dup(NISTP521_PRE_COMP *p)
+{
+    int i;
+    if (p != NULL)
+        CRYPTO_UP_REF(&p->references, &i, p->lock);
+    return p;
+}
+
+void EC_nistp521_pre_comp_free(NISTP521_PRE_COMP *p)
+{
+    int i;
+
+    if (p == NULL)
+        return;
+
+    CRYPTO_DOWN_REF(&p->references, &i, p->lock);
+    REF_PRINT_COUNT("EC_nistp521", x);
+    if (i > 0)
+        return;
+    REF_ASSERT_ISNT(i < 0);
+
+    CRYPTO_THREAD_lock_free(p->lock);
+    OPENSSL_free(p);
+}
+
+/******************************************************************************/
+/*
+ * OPENSSL EC_METHOD FUNCTIONS
+ */
+
+int ec_GFp_nistp521_group_init(EC_GROUP *group)
+{
+    int ret;
+    ret = ec_GFp_simple_group_init(group);
+    group->a_is_minus3 = 1;
+    return ret;
+}
+
+int ec_GFp_nistp521_group_set_curve(EC_GROUP *group, const BIGNUM *p,
+                                    const BIGNUM *a, const BIGNUM *b,
+                                    BN_CTX *ctx)
+{
+    int ret = 0;
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *curve_p, *curve_a, *curve_b;
+
+    if (ctx == NULL)
+        if ((ctx = new_ctx = BN_CTX_new()) == NULL)
+            return 0;
+    BN_CTX_start(ctx);
+    curve_p = BN_CTX_get(ctx);
+    curve_a = BN_CTX_get(ctx);
+    curve_b = BN_CTX_get(ctx);
+    if (curve_b == NULL)
+        goto err;
+    BN_bin2bn(nistp521_curve_params[0], sizeof(felem_bytearray), curve_p);
+    BN_bin2bn(nistp521_curve_params[1], sizeof(felem_bytearray), curve_a);
+    BN_bin2bn(nistp521_curve_params[2], sizeof(felem_bytearray), curve_b);
+    if ((BN_cmp(curve_p, p)) || (BN_cmp(curve_a, a)) || (BN_cmp(curve_b, b))) {
+        ECerr(EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE,
+              EC_R_WRONG_CURVE_PARAMETERS);
+        goto err;
+    }
+    group->field_mod_func = BN_nist_mod_521;
+    ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+/*
+ * Takes the Jacobian coordinates (X, Y, Z) of a point and returns (X', Y') =
+ * (X/Z^2, Y/Z^3)
+ */
+int ec_GFp_nistp521_point_get_affine_coordinates(const EC_GROUP *group,
+                                                 const EC_POINT *point,
+                                                 BIGNUM *x, BIGNUM *y,
+                                                 BN_CTX *ctx)
+{
+    felem z1, z2, x_in, y_in, x_out, y_out;
+    largefelem tmp;
+
+    if (EC_POINT_is_at_infinity(group, point)) {
+        ECerr(EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES,
+              EC_R_POINT_AT_INFINITY);
+        return 0;
+    }
+    if ((!BN_to_felem(x_in, point->X)) || (!BN_to_felem(y_in, point->Y)) ||
+        (!BN_to_felem(z1, point->Z)))
+        return 0;
+    felem_inv(z2, z1);
+    felem_square(tmp, z2);
+    felem_reduce(z1, tmp);
+    felem_mul(tmp, x_in, z1);
+    felem_reduce(x_in, tmp);
+    felem_contract(x_out, x_in);
+    if (x != NULL) {
+        if (!felem_to_BN(x, x_out)) {
+            ECerr(EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES,
+                  ERR_R_BN_LIB);
+            return 0;
+        }
+    }
+    felem_mul(tmp, z1, z2);
+    felem_reduce(z1, tmp);
+    felem_mul(tmp, y_in, z1);
+    felem_reduce(y_in, tmp);
+    felem_contract(y_out, y_in);
+    if (y != NULL) {
+        if (!felem_to_BN(y, y_out)) {
+            ECerr(EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES,
+                  ERR_R_BN_LIB);
+            return 0;
+        }
+    }
+    return 1;
+}
+
+/* points below is of size |num|, and tmp_felems is of size |num+1/ */
+static void make_points_affine(size_t num, felem points[][3],
+                               felem tmp_felems[])
+{
+    /*
+     * Runs in constant time, unless an input is the point at infinity (which
+     * normally shouldn't happen).
+     */
+    ec_GFp_nistp_points_make_affine_internal(num,
+                                             points,
+                                             sizeof(felem),
+                                             tmp_felems,
+                                             (void (*)(void *))felem_one,
+                                             felem_is_zero_int,
+                                             (void (*)(void *, const void *))
+                                             felem_assign,
+                                             (void (*)(void *, const void *))
+                                             felem_square_reduce, (void (*)
+                                                                   (void *,
+                                                                    const void
+                                                                    *,
+                                                                    const void
+                                                                    *))
+                                             felem_mul_reduce,
+                                             (void (*)(void *, const void *))
+                                             felem_inv,
+                                             (void (*)(void *, const void *))
+                                             felem_contract);
+}
+
+/*
+ * Computes scalar*generator + \sum scalars[i]*points[i], ignoring NULL
+ * values Result is stored in r (r can equal one of the inputs).
+ */
+int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r,
+                               const BIGNUM *scalar, size_t num,
+                               const EC_POINT *points[],
+                               const BIGNUM *scalars[], BN_CTX *ctx)
+{
+    int ret = 0;
+    int j;
+    int mixed = 0;
+    BIGNUM *x, *y, *z, *tmp_scalar;
+    felem_bytearray g_secret;
+    felem_bytearray *secrets = NULL;
+    felem (*pre_comp)[17][3] = NULL;
+    felem *tmp_felems = NULL;
+    felem_bytearray tmp;
+    unsigned i, num_bytes;
+    int have_pre_comp = 0;
+    size_t num_points = num;
+    felem x_in, y_in, z_in, x_out, y_out, z_out;
+    NISTP521_PRE_COMP *pre = NULL;
+    felem(*g_pre_comp)[3] = NULL;
+    EC_POINT *generator = NULL;
+    const EC_POINT *p = NULL;
+    const BIGNUM *p_scalar = NULL;
+
+    BN_CTX_start(ctx);
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    z = BN_CTX_get(ctx);
+    tmp_scalar = BN_CTX_get(ctx);
+    if (tmp_scalar == NULL)
+        goto err;
+
+    if (scalar != NULL) {
+        pre = group->pre_comp.nistp521;
+        if (pre)
+            /* we have precomputation, try to use it */
+            g_pre_comp = &pre->g_pre_comp[0];
+        else
+            /* try to use the standard precomputation */
+            g_pre_comp = (felem(*)[3]) gmul;
+        generator = EC_POINT_new(group);
+        if (generator == NULL)
+            goto err;
+        /* get the generator from precomputation */
+        if (!felem_to_BN(x, g_pre_comp[1][0]) ||
+            !felem_to_BN(y, g_pre_comp[1][1]) ||
+            !felem_to_BN(z, g_pre_comp[1][2])) {
+            ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB);
+            goto err;
+        }
+        if (!EC_POINT_set_Jprojective_coordinates_GFp(group,
+                                                      generator, x, y, z,
+                                                      ctx))
+            goto err;
+        if (0 == EC_POINT_cmp(group, generator, group->generator, ctx))
+            /* precomputation matches generator */
+            have_pre_comp = 1;
+        else
+            /*
+             * we don't have valid precomputation: treat the generator as a
+             * random point
+             */
+            num_points++;
+    }
+
+    if (num_points > 0) {
+        if (num_points >= 2) {
+            /*
+             * unless we precompute multiples for just one point, converting
+             * those into affine form is time well spent
+             */
+            mixed = 1;
+        }
+        secrets = OPENSSL_zalloc(sizeof(*secrets) * num_points);
+        pre_comp = OPENSSL_zalloc(sizeof(*pre_comp) * num_points);
+        if (mixed)
+            tmp_felems =
+                OPENSSL_malloc(sizeof(*tmp_felems) * (num_points * 17 + 1));
+        if ((secrets == NULL) || (pre_comp == NULL)
+            || (mixed && (tmp_felems == NULL))) {
+            ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        /*
+         * we treat NULL scalars as 0, and NULL points as points at infinity,
+         * i.e., they contribute nothing to the linear combination
+         */
+        for (i = 0; i < num_points; ++i) {
+            if (i == num)
+                /*
+                 * we didn't have a valid precomputation, so we pick the
+                 * generator
+                 */
+            {
+                p = EC_GROUP_get0_generator(group);
+                p_scalar = scalar;
+            } else
+                /* the i^th point */
+            {
+                p = points[i];
+                p_scalar = scalars[i];
+            }
+            if ((p_scalar != NULL) && (p != NULL)) {
+                /* reduce scalar to 0 <= scalar < 2^521 */
+                if ((BN_num_bits(p_scalar) > 521)
+                    || (BN_is_negative(p_scalar))) {
+                    /*
+                     * this is an unusual input, and we don't guarantee
+                     * constant-timeness
+                     */
+                    if (!BN_nnmod(tmp_scalar, p_scalar, group->order, ctx)) {
+                        ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB);
+                        goto err;
+                    }
+                    num_bytes = BN_bn2bin(tmp_scalar, tmp);
+                } else
+                    num_bytes = BN_bn2bin(p_scalar, tmp);
+                flip_endian(secrets[i], tmp, num_bytes);
+                /* precompute multiples */
+                if ((!BN_to_felem(x_out, p->X)) ||
+                    (!BN_to_felem(y_out, p->Y)) ||
+                    (!BN_to_felem(z_out, p->Z)))
+                    goto err;
+                memcpy(pre_comp[i][1][0], x_out, sizeof(felem));
+                memcpy(pre_comp[i][1][1], y_out, sizeof(felem));
+                memcpy(pre_comp[i][1][2], z_out, sizeof(felem));
+                for (j = 2; j <= 16; ++j) {
+                    if (j & 1) {
+                        point_add(pre_comp[i][j][0], pre_comp[i][j][1],
+                                  pre_comp[i][j][2], pre_comp[i][1][0],
+                                  pre_comp[i][1][1], pre_comp[i][1][2], 0,
+                                  pre_comp[i][j - 1][0],
+                                  pre_comp[i][j - 1][1],
+                                  pre_comp[i][j - 1][2]);
+                    } else {
+                        point_double(pre_comp[i][j][0], pre_comp[i][j][1],
+                                     pre_comp[i][j][2], pre_comp[i][j / 2][0],
+                                     pre_comp[i][j / 2][1],
+                                     pre_comp[i][j / 2][2]);
+                    }
+                }
+            }
+        }
+        if (mixed)
+            make_points_affine(num_points * 17, pre_comp[0], tmp_felems);
+    }
+
+    /* the scalar for the generator */
+    if ((scalar != NULL) && (have_pre_comp)) {
+        memset(g_secret, 0, sizeof(g_secret));
+        /* reduce scalar to 0 <= scalar < 2^521 */
+        if ((BN_num_bits(scalar) > 521) || (BN_is_negative(scalar))) {
+            /*
+             * this is an unusual input, and we don't guarantee
+             * constant-timeness
+             */
+            if (!BN_nnmod(tmp_scalar, scalar, group->order, ctx)) {
+                ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB);
+                goto err;
+            }
+            num_bytes = BN_bn2bin(tmp_scalar, tmp);
+        } else
+            num_bytes = BN_bn2bin(scalar, tmp);
+        flip_endian(g_secret, tmp, num_bytes);
+        /* do the multiplication with generator precomputation */
+        batch_mul(x_out, y_out, z_out,
+                  (const felem_bytearray(*))secrets, num_points,
+                  g_secret,
+                  mixed, (const felem(*)[17][3])pre_comp,
+                  (const felem(*)[3])g_pre_comp);
+    } else
+        /* do the multiplication without generator precomputation */
+        batch_mul(x_out, y_out, z_out,
+                  (const felem_bytearray(*))secrets, num_points,
+                  NULL, mixed, (const felem(*)[17][3])pre_comp, NULL);
+    /* reduce the output to its unique minimal representation */
+    felem_contract(x_in, x_out);
+    felem_contract(y_in, y_out);
+    felem_contract(z_in, z_out);
+    if ((!felem_to_BN(x, x_in)) || (!felem_to_BN(y, y_in)) ||
+        (!felem_to_BN(z, z_in))) {
+        ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB);
+        goto err;
+    }
+    ret = EC_POINT_set_Jprojective_coordinates_GFp(group, r, x, y, z, ctx);
+
+ err:
+    BN_CTX_end(ctx);
+    EC_POINT_free(generator);
+    OPENSSL_free(secrets);
+    OPENSSL_free(pre_comp);
+    OPENSSL_free(tmp_felems);
+    return ret;
+}
+
+int ec_GFp_nistp521_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
+{
+    int ret = 0;
+    NISTP521_PRE_COMP *pre = NULL;
+    int i, j;
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *x, *y;
+    EC_POINT *generator = NULL;
+    felem tmp_felems[16];
+
+    /* throw away old precomputation */
+    EC_pre_comp_free(group);
+    if (ctx == NULL)
+        if ((ctx = new_ctx = BN_CTX_new()) == NULL)
+            return 0;
+    BN_CTX_start(ctx);
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    if (y == NULL)
+        goto err;
+    /* get the generator */
+    if (group->generator == NULL)
+        goto err;
+    generator = EC_POINT_new(group);
+    if (generator == NULL)
+        goto err;
+    BN_bin2bn(nistp521_curve_params[3], sizeof(felem_bytearray), x);
+    BN_bin2bn(nistp521_curve_params[4], sizeof(felem_bytearray), y);
+    if (!EC_POINT_set_affine_coordinates(group, generator, x, y, ctx))
+        goto err;
+    if ((pre = nistp521_pre_comp_new()) == NULL)
+        goto err;
+    /*
+     * if the generator is the standard one, use built-in precomputation
+     */
+    if (0 == EC_POINT_cmp(group, generator, group->generator, ctx)) {
+        memcpy(pre->g_pre_comp, gmul, sizeof(pre->g_pre_comp));
+        goto done;
+    }
+    if ((!BN_to_felem(pre->g_pre_comp[1][0], group->generator->X)) ||
+        (!BN_to_felem(pre->g_pre_comp[1][1], group->generator->Y)) ||
+        (!BN_to_felem(pre->g_pre_comp[1][2], group->generator->Z)))
+        goto err;
+    /* compute 2^130*G, 2^260*G, 2^390*G */
+    for (i = 1; i <= 4; i <<= 1) {
+        point_double(pre->g_pre_comp[2 * i][0], pre->g_pre_comp[2 * i][1],
+                     pre->g_pre_comp[2 * i][2], pre->g_pre_comp[i][0],
+                     pre->g_pre_comp[i][1], pre->g_pre_comp[i][2]);
+        for (j = 0; j < 129; ++j) {
+            point_double(pre->g_pre_comp[2 * i][0],
+                         pre->g_pre_comp[2 * i][1],
+                         pre->g_pre_comp[2 * i][2],
+                         pre->g_pre_comp[2 * i][0],
+                         pre->g_pre_comp[2 * i][1],
+                         pre->g_pre_comp[2 * i][2]);
+        }
+    }
+    /* g_pre_comp[0] is the point at infinity */
+    memset(pre->g_pre_comp[0], 0, sizeof(pre->g_pre_comp[0]));
+    /* the remaining multiples */
+    /* 2^130*G + 2^260*G */
+    point_add(pre->g_pre_comp[6][0], pre->g_pre_comp[6][1],
+              pre->g_pre_comp[6][2], pre->g_pre_comp[4][0],
+              pre->g_pre_comp[4][1], pre->g_pre_comp[4][2],
+              0, pre->g_pre_comp[2][0], pre->g_pre_comp[2][1],
+              pre->g_pre_comp[2][2]);
+    /* 2^130*G + 2^390*G */
+    point_add(pre->g_pre_comp[10][0], pre->g_pre_comp[10][1],
+              pre->g_pre_comp[10][2], pre->g_pre_comp[8][0],
+              pre->g_pre_comp[8][1], pre->g_pre_comp[8][2],
+              0, pre->g_pre_comp[2][0], pre->g_pre_comp[2][1],
+              pre->g_pre_comp[2][2]);
+    /* 2^260*G + 2^390*G */
+    point_add(pre->g_pre_comp[12][0], pre->g_pre_comp[12][1],
+              pre->g_pre_comp[12][2], pre->g_pre_comp[8][0],
+              pre->g_pre_comp[8][1], pre->g_pre_comp[8][2],
+              0, pre->g_pre_comp[4][0], pre->g_pre_comp[4][1],
+              pre->g_pre_comp[4][2]);
+    /* 2^130*G + 2^260*G + 2^390*G */
+    point_add(pre->g_pre_comp[14][0], pre->g_pre_comp[14][1],
+              pre->g_pre_comp[14][2], pre->g_pre_comp[12][0],
+              pre->g_pre_comp[12][1], pre->g_pre_comp[12][2],
+              0, pre->g_pre_comp[2][0], pre->g_pre_comp[2][1],
+              pre->g_pre_comp[2][2]);
+    for (i = 1; i < 8; ++i) {
+        /* odd multiples: add G */
+        point_add(pre->g_pre_comp[2 * i + 1][0],
+                  pre->g_pre_comp[2 * i + 1][1],
+                  pre->g_pre_comp[2 * i + 1][2], pre->g_pre_comp[2 * i][0],
+                  pre->g_pre_comp[2 * i][1], pre->g_pre_comp[2 * i][2], 0,
+                  pre->g_pre_comp[1][0], pre->g_pre_comp[1][1],
+                  pre->g_pre_comp[1][2]);
+    }
+    make_points_affine(15, &(pre->g_pre_comp[1]), tmp_felems);
+
+ done:
+    SETPRECOMP(group, nistp521, pre);
+    ret = 1;
+    pre = NULL;
+ err:
+    BN_CTX_end(ctx);
+    EC_POINT_free(generator);
+    BN_CTX_free(new_ctx);
+    EC_nistp521_pre_comp_free(pre);
+    return ret;
+}
+
+int ec_GFp_nistp521_have_precompute_mult(const EC_GROUP *group)
+{
+    return HAVEPRECOMP(group, nistp521);
+}
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_nistputil.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_nistputil.c
new file mode 100644
index 000000000..97fb63100
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_nistputil.c
@@ -0,0 +1,223 @@
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Copyright 2011 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ *
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_EC_NISTP_64_GCC_128
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+/*
+ * Common utility functions for ecp_nistp224.c, ecp_nistp256.c, ecp_nistp521.c.
+ */
+
+# include <stddef.h>
+# include "ec_lcl.h"
+
+/*
+ * Convert an array of points into affine coordinates. (If the point at
+ * infinity is found (Z = 0), it remains unchanged.) This function is
+ * essentially an equivalent to EC_POINTs_make_affine(), but works with the
+ * internal representation of points as used by ecp_nistp###.c rather than
+ * with (BIGNUM-based) EC_POINT data structures. point_array is the
+ * input/output buffer ('num' points in projective form, i.e. three
+ * coordinates each), based on an internal representation of field elements
+ * of size 'felem_size'. tmp_felems needs to point to a temporary array of
+ * 'num'+1 field elements for storage of intermediate values.
+ */
+void ec_GFp_nistp_points_make_affine_internal(size_t num, void *point_array,
+                                              size_t felem_size,
+                                              void *tmp_felems,
+                                              void (*felem_one) (void *out),
+                                              int (*felem_is_zero) (const void
+                                                                    *in),
+                                              void (*felem_assign) (void *out,
+                                                                    const void
+                                                                    *in),
+                                              void (*felem_square) (void *out,
+                                                                    const void
+                                                                    *in),
+                                              void (*felem_mul) (void *out,
+                                                                 const void
+                                                                 *in1,
+                                                                 const void
+                                                                 *in2),
+                                              void (*felem_inv) (void *out,
+                                                                 const void
+                                                                 *in),
+                                              void (*felem_contract) (void
+                                                                      *out,
+                                                                      const
+                                                                      void
+                                                                      *in))
+{
+    int i = 0;
+
+# define tmp_felem(I) (&((char *)tmp_felems)[(I) * felem_size])
+# define X(I) (&((char *)point_array)[3*(I) * felem_size])
+# define Y(I) (&((char *)point_array)[(3*(I) + 1) * felem_size])
+# define Z(I) (&((char *)point_array)[(3*(I) + 2) * felem_size])
+
+    if (!felem_is_zero(Z(0)))
+        felem_assign(tmp_felem(0), Z(0));
+    else
+        felem_one(tmp_felem(0));
+    for (i = 1; i < (int)num; i++) {
+        if (!felem_is_zero(Z(i)))
+            felem_mul(tmp_felem(i), tmp_felem(i - 1), Z(i));
+        else
+            felem_assign(tmp_felem(i), tmp_felem(i - 1));
+    }
+    /*
+     * Now each tmp_felem(i) is the product of Z(0) .. Z(i), skipping any
+     * zero-valued factors: if Z(i) = 0, we essentially pretend that Z(i) = 1
+     */
+
+    felem_inv(tmp_felem(num - 1), tmp_felem(num - 1));
+    for (i = num - 1; i >= 0; i--) {
+        if (i > 0)
+            /*
+             * tmp_felem(i-1) is the product of Z(0) .. Z(i-1), tmp_felem(i)
+             * is the inverse of the product of Z(0) .. Z(i)
+             */
+            /* 1/Z(i) */
+            felem_mul(tmp_felem(num), tmp_felem(i - 1), tmp_felem(i));
+        else
+            felem_assign(tmp_felem(num), tmp_felem(0)); /* 1/Z(0) */
+
+        if (!felem_is_zero(Z(i))) {
+            if (i > 0)
+                /*
+                 * For next iteration, replace tmp_felem(i-1) by its inverse
+                 */
+                felem_mul(tmp_felem(i - 1), tmp_felem(i), Z(i));
+
+            /*
+             * Convert point (X, Y, Z) into affine form (X/(Z^2), Y/(Z^3), 1)
+             */
+            felem_square(Z(i), tmp_felem(num)); /* 1/(Z^2) */
+            felem_mul(X(i), X(i), Z(i)); /* X/(Z^2) */
+            felem_mul(Z(i), Z(i), tmp_felem(num)); /* 1/(Z^3) */
+            felem_mul(Y(i), Y(i), Z(i)); /* Y/(Z^3) */
+            felem_contract(X(i), X(i));
+            felem_contract(Y(i), Y(i));
+            felem_one(Z(i));
+        } else {
+            if (i > 0)
+                /*
+                 * For next iteration, replace tmp_felem(i-1) by its inverse
+                 */
+                felem_assign(tmp_felem(i - 1), tmp_felem(i));
+        }
+    }
+}
+
+/*-
+ * This function looks at 5+1 scalar bits (5 current, 1 adjacent less
+ * significant bit), and recodes them into a signed digit for use in fast point
+ * multiplication: the use of signed rather than unsigned digits means that
+ * fewer points need to be precomputed, given that point inversion is easy
+ * (a precomputed point dP makes -dP available as well).
+ *
+ * BACKGROUND:
+ *
+ * Signed digits for multiplication were introduced by Booth ("A signed binary
+ * multiplication technique", Quart. Journ. Mech. and Applied Math., vol. IV,
+ * pt. 2 (1951), pp. 236-240), in that case for multiplication of integers.
+ * Booth's original encoding did not generally improve the density of nonzero
+ * digits over the binary representation, and was merely meant to simplify the
+ * handling of signed factors given in two's complement; but it has since been
+ * shown to be the basis of various signed-digit representations that do have
+ * further advantages, including the wNAF, using the following general approach:
+ *
+ * (1) Given a binary representation
+ *
+ *       b_k  ...  b_2  b_1  b_0,
+ *
+ *     of a nonnegative integer (b_k in {0, 1}), rewrite it in digits 0, 1, -1
+ *     by using bit-wise subtraction as follows:
+ *
+ *        b_k b_(k-1)  ...  b_2  b_1  b_0
+ *      -     b_k      ...  b_3  b_2  b_1  b_0
+ *       -------------------------------------
+ *        s_k b_(k-1)  ...  s_3  s_2  s_1  s_0
+ *
+ *     A left-shift followed by subtraction of the original value yields a new
+ *     representation of the same value, using signed bits s_i = b_(i+1) - b_i.
+ *     This representation from Booth's paper has since appeared in the
+ *     literature under a variety of different names including "reversed binary
+ *     form", "alternating greedy expansion", "mutual opposite form", and
+ *     "sign-alternating {+-1}-representation".
+ *
+ *     An interesting property is that among the nonzero bits, values 1 and -1
+ *     strictly alternate.
+ *
+ * (2) Various window schemes can be applied to the Booth representation of
+ *     integers: for example, right-to-left sliding windows yield the wNAF
+ *     (a signed-digit encoding independently discovered by various researchers
+ *     in the 1990s), and left-to-right sliding windows yield a left-to-right
+ *     equivalent of the wNAF (independently discovered by various researchers
+ *     around 2004).
+ *
+ * To prevent leaking information through side channels in point multiplication,
+ * we need to recode the given integer into a regular pattern: sliding windows
+ * as in wNAFs won't do, we need their fixed-window equivalent -- which is a few
+ * decades older: we'll be using the so-called "modified Booth encoding" due to
+ * MacSorley ("High-speed arithmetic in binary computers", Proc. IRE, vol. 49
+ * (1961), pp. 67-91), in a radix-2^5 setting.  That is, we always combine five
+ * signed bits into a signed digit:
+ *
+ *       s_(4j + 4) s_(4j + 3) s_(4j + 2) s_(4j + 1) s_(4j)
+ *
+ * The sign-alternating property implies that the resulting digit values are
+ * integers from -16 to 16.
+ *
+ * Of course, we don't actually need to compute the signed digits s_i as an
+ * intermediate step (that's just a nice way to see how this scheme relates
+ * to the wNAF): a direct computation obtains the recoded digit from the
+ * six bits b_(4j + 4) ... b_(4j - 1).
+ *
+ * This function takes those five bits as an integer (0 .. 63), writing the
+ * recoded digit to *sign (0 for positive, 1 for negative) and *digit (absolute
+ * value, in the range 0 .. 8).  Note that this integer essentially provides the
+ * input bits "shifted to the left" by one position: for example, the input to
+ * compute the least significant recoded digit, given that there's no bit b_-1,
+ * has to be b_4 b_3 b_2 b_1 b_0 0.
+ *
+ */
+void ec_GFp_nistp_recode_scalar_bits(unsigned char *sign,
+                                     unsigned char *digit, unsigned char in)
+{
+    unsigned char s, d;
+
+    s = ~((in >> 5) - 1);       /* sets all bits to MSB(in), 'in' seen as
+                                 * 6-bit value */
+    d = (1 << 6) - in - 1;
+    d = (d & s) | (in & ~s);
+    d = (d >> 1) + (d & 1);
+
+    *sign = s & 1;
+    *digit = d;
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_nistz256.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_nistz256.c
new file mode 100644
index 000000000..aea639416
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_nistz256.c
@@ -0,0 +1,1701 @@
+/*
+ * Copyright 2014-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2014, Intel Corporation. All Rights Reserved.
+ * Copyright (c) 2015, CloudFlare, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Shay Gueron (1, 2), and Vlad Krasnov (1, 3)
+ * (1) Intel Corporation, Israel Development Center, Haifa, Israel
+ * (2) University of Haifa, Israel
+ * (3) CloudFlare, Inc.
+ *
+ * Reference:
+ * S.Gueron and V.Krasnov, "Fast Prime Field Elliptic Curve Cryptography with
+ *                          256 Bit Primes"
+ */
+
+#include <string.h>
+
+#include "internal/cryptlib.h"
+#include "internal/bn_int.h"
+#include "ec_lcl.h"
+#include "internal/refcount.h"
+
+#if BN_BITS2 != 64
+# define TOBN(hi,lo)    lo,hi
+#else
+# define TOBN(hi,lo)    ((BN_ULONG)hi<<32|lo)
+#endif
+
+#if defined(__GNUC__)
+# define ALIGN32        __attribute((aligned(32)))
+#elif defined(_MSC_VER)
+# define ALIGN32        __declspec(align(32))
+#else
+# define ALIGN32
+#endif
+
+#define ALIGNPTR(p,N)   ((unsigned char *)p+N-(size_t)p%N)
+#define P256_LIMBS      (256/BN_BITS2)
+
+typedef unsigned short u16;
+
+typedef struct {
+    BN_ULONG X[P256_LIMBS];
+    BN_ULONG Y[P256_LIMBS];
+    BN_ULONG Z[P256_LIMBS];
+} P256_POINT;
+
+typedef struct {
+    BN_ULONG X[P256_LIMBS];
+    BN_ULONG Y[P256_LIMBS];
+} P256_POINT_AFFINE;
+
+typedef P256_POINT_AFFINE PRECOMP256_ROW[64];
+
+/* structure for precomputed multiples of the generator */
+struct nistz256_pre_comp_st {
+    const EC_GROUP *group;      /* Parent EC_GROUP object */
+    size_t w;                   /* Window size */
+    /*
+     * Constant time access to the X and Y coordinates of the pre-computed,
+     * generator multiplies, in the Montgomery domain. Pre-calculated
+     * multiplies are stored in affine form.
+     */
+    PRECOMP256_ROW *precomp;
+    void *precomp_storage;
+    CRYPTO_REF_COUNT references;
+    CRYPTO_RWLOCK *lock;
+};
+
+/* Functions implemented in assembly */
+/*
+ * Most of below mentioned functions *preserve* the property of inputs
+ * being fully reduced, i.e. being in [0, modulus) range. Simply put if
+ * inputs are fully reduced, then output is too. Note that reverse is
+ * not true, in sense that given partially reduced inputs output can be
+ * either, not unlikely reduced. And "most" in first sentence refers to
+ * the fact that given the calculations flow one can tolerate that
+ * addition, 1st function below, produces partially reduced result *if*
+ * multiplications by 2 and 3, which customarily use addition, fully
+ * reduce it. This effectively gives two options: a) addition produces
+ * fully reduced result [as long as inputs are, just like remaining
+ * functions]; b) addition is allowed to produce partially reduced
+ * result, but multiplications by 2 and 3 perform additional reduction
+ * step. Choice between the two can be platform-specific, but it was a)
+ * in all cases so far...
+ */
+/* Modular add: res = a+b mod P   */
+void ecp_nistz256_add(BN_ULONG res[P256_LIMBS],
+                      const BN_ULONG a[P256_LIMBS],
+                      const BN_ULONG b[P256_LIMBS]);
+/* Modular mul by 2: res = 2*a mod P */
+void ecp_nistz256_mul_by_2(BN_ULONG res[P256_LIMBS],
+                           const BN_ULONG a[P256_LIMBS]);
+/* Modular mul by 3: res = 3*a mod P */
+void ecp_nistz256_mul_by_3(BN_ULONG res[P256_LIMBS],
+                           const BN_ULONG a[P256_LIMBS]);
+
+/* Modular div by 2: res = a/2 mod P */
+void ecp_nistz256_div_by_2(BN_ULONG res[P256_LIMBS],
+                           const BN_ULONG a[P256_LIMBS]);
+/* Modular sub: res = a-b mod P   */
+void ecp_nistz256_sub(BN_ULONG res[P256_LIMBS],
+                      const BN_ULONG a[P256_LIMBS],
+                      const BN_ULONG b[P256_LIMBS]);
+/* Modular neg: res = -a mod P    */
+void ecp_nistz256_neg(BN_ULONG res[P256_LIMBS], const BN_ULONG a[P256_LIMBS]);
+/* Montgomery mul: res = a*b*2^-256 mod P */
+void ecp_nistz256_mul_mont(BN_ULONG res[P256_LIMBS],
+                           const BN_ULONG a[P256_LIMBS],
+                           const BN_ULONG b[P256_LIMBS]);
+/* Montgomery sqr: res = a*a*2^-256 mod P */
+void ecp_nistz256_sqr_mont(BN_ULONG res[P256_LIMBS],
+                           const BN_ULONG a[P256_LIMBS]);
+/* Convert a number from Montgomery domain, by multiplying with 1 */
+void ecp_nistz256_from_mont(BN_ULONG res[P256_LIMBS],
+                            const BN_ULONG in[P256_LIMBS]);
+/* Convert a number to Montgomery domain, by multiplying with 2^512 mod P*/
+void ecp_nistz256_to_mont(BN_ULONG res[P256_LIMBS],
+                          const BN_ULONG in[P256_LIMBS]);
+/* Functions that perform constant time access to the precomputed tables */
+void ecp_nistz256_scatter_w5(P256_POINT *val,
+                             const P256_POINT *in_t, int idx);
+void ecp_nistz256_gather_w5(P256_POINT *val,
+                            const P256_POINT *in_t, int idx);
+void ecp_nistz256_scatter_w7(P256_POINT_AFFINE *val,
+                             const P256_POINT_AFFINE *in_t, int idx);
+void ecp_nistz256_gather_w7(P256_POINT_AFFINE *val,
+                            const P256_POINT_AFFINE *in_t, int idx);
+
+/* One converted into the Montgomery domain */
+static const BN_ULONG ONE[P256_LIMBS] = {
+    TOBN(0x00000000, 0x00000001), TOBN(0xffffffff, 0x00000000),
+    TOBN(0xffffffff, 0xffffffff), TOBN(0x00000000, 0xfffffffe)
+};
+
+static NISTZ256_PRE_COMP *ecp_nistz256_pre_comp_new(const EC_GROUP *group);
+
+/* Precomputed tables for the default generator */
+extern const PRECOMP256_ROW ecp_nistz256_precomputed[37];
+
+/* Recode window to a signed digit, see ecp_nistputil.c for details */
+static unsigned int _booth_recode_w5(unsigned int in)
+{
+    unsigned int s, d;
+
+    s = ~((in >> 5) - 1);
+    d = (1 << 6) - in - 1;
+    d = (d & s) | (in & ~s);
+    d = (d >> 1) + (d & 1);
+
+    return (d << 1) + (s & 1);
+}
+
+static unsigned int _booth_recode_w7(unsigned int in)
+{
+    unsigned int s, d;
+
+    s = ~((in >> 7) - 1);
+    d = (1 << 8) - in - 1;
+    d = (d & s) | (in & ~s);
+    d = (d >> 1) + (d & 1);
+
+    return (d << 1) + (s & 1);
+}
+
+static void copy_conditional(BN_ULONG dst[P256_LIMBS],
+                             const BN_ULONG src[P256_LIMBS], BN_ULONG move)
+{
+    BN_ULONG mask1 = 0-move;
+    BN_ULONG mask2 = ~mask1;
+
+    dst[0] = (src[0] & mask1) ^ (dst[0] & mask2);
+    dst[1] = (src[1] & mask1) ^ (dst[1] & mask2);
+    dst[2] = (src[2] & mask1) ^ (dst[2] & mask2);
+    dst[3] = (src[3] & mask1) ^ (dst[3] & mask2);
+    if (P256_LIMBS == 8) {
+        dst[4] = (src[4] & mask1) ^ (dst[4] & mask2);
+        dst[5] = (src[5] & mask1) ^ (dst[5] & mask2);
+        dst[6] = (src[6] & mask1) ^ (dst[6] & mask2);
+        dst[7] = (src[7] & mask1) ^ (dst[7] & mask2);
+    }
+}
+
+static BN_ULONG is_zero(BN_ULONG in)
+{
+    in |= (0 - in);
+    in = ~in;
+    in >>= BN_BITS2 - 1;
+    return in;
+}
+
+static BN_ULONG is_equal(const BN_ULONG a[P256_LIMBS],
+                         const BN_ULONG b[P256_LIMBS])
+{
+    BN_ULONG res;
+
+    res = a[0] ^ b[0];
+    res |= a[1] ^ b[1];
+    res |= a[2] ^ b[2];
+    res |= a[3] ^ b[3];
+    if (P256_LIMBS == 8) {
+        res |= a[4] ^ b[4];
+        res |= a[5] ^ b[5];
+        res |= a[6] ^ b[6];
+        res |= a[7] ^ b[7];
+    }
+
+    return is_zero(res);
+}
+
+static BN_ULONG is_one(const BIGNUM *z)
+{
+    BN_ULONG res = 0;
+    BN_ULONG *a = bn_get_words(z);
+
+    if (bn_get_top(z) == (P256_LIMBS - P256_LIMBS / 8)) {
+        res = a[0] ^ ONE[0];
+        res |= a[1] ^ ONE[1];
+        res |= a[2] ^ ONE[2];
+        res |= a[3] ^ ONE[3];
+        if (P256_LIMBS == 8) {
+            res |= a[4] ^ ONE[4];
+            res |= a[5] ^ ONE[5];
+            res |= a[6] ^ ONE[6];
+            /*
+             * no check for a[7] (being zero) on 32-bit platforms,
+             * because value of "one" takes only 7 limbs.
+             */
+        }
+        res = is_zero(res);
+    }
+
+    return res;
+}
+
+/*
+ * For reference, this macro is used only when new ecp_nistz256 assembly
+ * module is being developed.  For example, configure with
+ * -DECP_NISTZ256_REFERENCE_IMPLEMENTATION and implement only functions
+ * performing simplest arithmetic operations on 256-bit vectors. Then
+ * work on implementation of higher-level functions performing point
+ * operations. Then remove ECP_NISTZ256_REFERENCE_IMPLEMENTATION
+ * and never define it again. (The correct macro denoting presence of
+ * ecp_nistz256 module is ECP_NISTZ256_ASM.)
+ */
+#ifndef ECP_NISTZ256_REFERENCE_IMPLEMENTATION
+void ecp_nistz256_point_double(P256_POINT *r, const P256_POINT *a);
+void ecp_nistz256_point_add(P256_POINT *r,
+                            const P256_POINT *a, const P256_POINT *b);
+void ecp_nistz256_point_add_affine(P256_POINT *r,
+                                   const P256_POINT *a,
+                                   const P256_POINT_AFFINE *b);
+#else
+/* Point double: r = 2*a */
+static void ecp_nistz256_point_double(P256_POINT *r, const P256_POINT *a)
+{
+    BN_ULONG S[P256_LIMBS];
+    BN_ULONG M[P256_LIMBS];
+    BN_ULONG Zsqr[P256_LIMBS];
+    BN_ULONG tmp0[P256_LIMBS];
+
+    const BN_ULONG *in_x = a->X;
+    const BN_ULONG *in_y = a->Y;
+    const BN_ULONG *in_z = a->Z;
+
+    BN_ULONG *res_x = r->X;
+    BN_ULONG *res_y = r->Y;
+    BN_ULONG *res_z = r->Z;
+
+    ecp_nistz256_mul_by_2(S, in_y);
+
+    ecp_nistz256_sqr_mont(Zsqr, in_z);
+
+    ecp_nistz256_sqr_mont(S, S);
+
+    ecp_nistz256_mul_mont(res_z, in_z, in_y);
+    ecp_nistz256_mul_by_2(res_z, res_z);
+
+    ecp_nistz256_add(M, in_x, Zsqr);
+    ecp_nistz256_sub(Zsqr, in_x, Zsqr);
+
+    ecp_nistz256_sqr_mont(res_y, S);
+    ecp_nistz256_div_by_2(res_y, res_y);
+
+    ecp_nistz256_mul_mont(M, M, Zsqr);
+    ecp_nistz256_mul_by_3(M, M);
+
+    ecp_nistz256_mul_mont(S, S, in_x);
+    ecp_nistz256_mul_by_2(tmp0, S);
+
+    ecp_nistz256_sqr_mont(res_x, M);
+
+    ecp_nistz256_sub(res_x, res_x, tmp0);
+    ecp_nistz256_sub(S, S, res_x);
+
+    ecp_nistz256_mul_mont(S, S, M);
+    ecp_nistz256_sub(res_y, S, res_y);
+}
+
+/* Point addition: r = a+b */
+static void ecp_nistz256_point_add(P256_POINT *r,
+                                   const P256_POINT *a, const P256_POINT *b)
+{
+    BN_ULONG U2[P256_LIMBS], S2[P256_LIMBS];
+    BN_ULONG U1[P256_LIMBS], S1[P256_LIMBS];
+    BN_ULONG Z1sqr[P256_LIMBS];
+    BN_ULONG Z2sqr[P256_LIMBS];
+    BN_ULONG H[P256_LIMBS], R[P256_LIMBS];
+    BN_ULONG Hsqr[P256_LIMBS];
+    BN_ULONG Rsqr[P256_LIMBS];
+    BN_ULONG Hcub[P256_LIMBS];
+
+    BN_ULONG res_x[P256_LIMBS];
+    BN_ULONG res_y[P256_LIMBS];
+    BN_ULONG res_z[P256_LIMBS];
+
+    BN_ULONG in1infty, in2infty;
+
+    const BN_ULONG *in1_x = a->X;
+    const BN_ULONG *in1_y = a->Y;
+    const BN_ULONG *in1_z = a->Z;
+
+    const BN_ULONG *in2_x = b->X;
+    const BN_ULONG *in2_y = b->Y;
+    const BN_ULONG *in2_z = b->Z;
+
+    /*
+     * Infinity in encoded as (,,0)
+     */
+    in1infty = (in1_z[0] | in1_z[1] | in1_z[2] | in1_z[3]);
+    if (P256_LIMBS == 8)
+        in1infty |= (in1_z[4] | in1_z[5] | in1_z[6] | in1_z[7]);
+
+    in2infty = (in2_z[0] | in2_z[1] | in2_z[2] | in2_z[3]);
+    if (P256_LIMBS == 8)
+        in2infty |= (in2_z[4] | in2_z[5] | in2_z[6] | in2_z[7]);
+
+    in1infty = is_zero(in1infty);
+    in2infty = is_zero(in2infty);
+
+    ecp_nistz256_sqr_mont(Z2sqr, in2_z);        /* Z2^2 */
+    ecp_nistz256_sqr_mont(Z1sqr, in1_z);        /* Z1^2 */
+
+    ecp_nistz256_mul_mont(S1, Z2sqr, in2_z);    /* S1 = Z2^3 */
+    ecp_nistz256_mul_mont(S2, Z1sqr, in1_z);    /* S2 = Z1^3 */
+
+    ecp_nistz256_mul_mont(S1, S1, in1_y);       /* S1 = Y1*Z2^3 */
+    ecp_nistz256_mul_mont(S2, S2, in2_y);       /* S2 = Y2*Z1^3 */
+    ecp_nistz256_sub(R, S2, S1);                /* R = S2 - S1 */
+
+    ecp_nistz256_mul_mont(U1, in1_x, Z2sqr);    /* U1 = X1*Z2^2 */
+    ecp_nistz256_mul_mont(U2, in2_x, Z1sqr);    /* U2 = X2*Z1^2 */
+    ecp_nistz256_sub(H, U2, U1);                /* H = U2 - U1 */
+
+    /*
+     * This should not happen during sign/ecdh, so no constant time violation
+     */
+    if (is_equal(U1, U2) && !in1infty && !in2infty) {
+        if (is_equal(S1, S2)) {
+            ecp_nistz256_point_double(r, a);
+            return;
+        } else {
+            memset(r, 0, sizeof(*r));
+            return;
+        }
+    }
+
+    ecp_nistz256_sqr_mont(Rsqr, R);             /* R^2 */
+    ecp_nistz256_mul_mont(res_z, H, in1_z);     /* Z3 = H*Z1*Z2 */
+    ecp_nistz256_sqr_mont(Hsqr, H);             /* H^2 */
+    ecp_nistz256_mul_mont(res_z, res_z, in2_z); /* Z3 = H*Z1*Z2 */
+    ecp_nistz256_mul_mont(Hcub, Hsqr, H);       /* H^3 */
+
+    ecp_nistz256_mul_mont(U2, U1, Hsqr);        /* U1*H^2 */
+    ecp_nistz256_mul_by_2(Hsqr, U2);            /* 2*U1*H^2 */
+
+    ecp_nistz256_sub(res_x, Rsqr, Hsqr);
+    ecp_nistz256_sub(res_x, res_x, Hcub);
+
+    ecp_nistz256_sub(res_y, U2, res_x);
+
+    ecp_nistz256_mul_mont(S2, S1, Hcub);
+    ecp_nistz256_mul_mont(res_y, R, res_y);
+    ecp_nistz256_sub(res_y, res_y, S2);
+
+    copy_conditional(res_x, in2_x, in1infty);
+    copy_conditional(res_y, in2_y, in1infty);
+    copy_conditional(res_z, in2_z, in1infty);
+
+    copy_conditional(res_x, in1_x, in2infty);
+    copy_conditional(res_y, in1_y, in2infty);
+    copy_conditional(res_z, in1_z, in2infty);
+
+    memcpy(r->X, res_x, sizeof(res_x));
+    memcpy(r->Y, res_y, sizeof(res_y));
+    memcpy(r->Z, res_z, sizeof(res_z));
+}
+
+/* Point addition when b is known to be affine: r = a+b */
+static void ecp_nistz256_point_add_affine(P256_POINT *r,
+                                          const P256_POINT *a,
+                                          const P256_POINT_AFFINE *b)
+{
+    BN_ULONG U2[P256_LIMBS], S2[P256_LIMBS];
+    BN_ULONG Z1sqr[P256_LIMBS];
+    BN_ULONG H[P256_LIMBS], R[P256_LIMBS];
+    BN_ULONG Hsqr[P256_LIMBS];
+    BN_ULONG Rsqr[P256_LIMBS];
+    BN_ULONG Hcub[P256_LIMBS];
+
+    BN_ULONG res_x[P256_LIMBS];
+    BN_ULONG res_y[P256_LIMBS];
+    BN_ULONG res_z[P256_LIMBS];
+
+    BN_ULONG in1infty, in2infty;
+
+    const BN_ULONG *in1_x = a->X;
+    const BN_ULONG *in1_y = a->Y;
+    const BN_ULONG *in1_z = a->Z;
+
+    const BN_ULONG *in2_x = b->X;
+    const BN_ULONG *in2_y = b->Y;
+
+    /*
+     * Infinity in encoded as (,,0)
+     */
+    in1infty = (in1_z[0] | in1_z[1] | in1_z[2] | in1_z[3]);
+    if (P256_LIMBS == 8)
+        in1infty |= (in1_z[4] | in1_z[5] | in1_z[6] | in1_z[7]);
+
+    /*
+     * In affine representation we encode infinity as (0,0), which is
+     * not on the curve, so it is OK
+     */
+    in2infty = (in2_x[0] | in2_x[1] | in2_x[2] | in2_x[3] |
+                in2_y[0] | in2_y[1] | in2_y[2] | in2_y[3]);
+    if (P256_LIMBS == 8)
+        in2infty |= (in2_x[4] | in2_x[5] | in2_x[6] | in2_x[7] |
+                     in2_y[4] | in2_y[5] | in2_y[6] | in2_y[7]);
+
+    in1infty = is_zero(in1infty);
+    in2infty = is_zero(in2infty);
+
+    ecp_nistz256_sqr_mont(Z1sqr, in1_z);        /* Z1^2 */
+
+    ecp_nistz256_mul_mont(U2, in2_x, Z1sqr);    /* U2 = X2*Z1^2 */
+    ecp_nistz256_sub(H, U2, in1_x);             /* H = U2 - U1 */
+
+    ecp_nistz256_mul_mont(S2, Z1sqr, in1_z);    /* S2 = Z1^3 */
+
+    ecp_nistz256_mul_mont(res_z, H, in1_z);     /* Z3 = H*Z1*Z2 */
+
+    ecp_nistz256_mul_mont(S2, S2, in2_y);       /* S2 = Y2*Z1^3 */
+    ecp_nistz256_sub(R, S2, in1_y);             /* R = S2 - S1 */
+
+    ecp_nistz256_sqr_mont(Hsqr, H);             /* H^2 */
+    ecp_nistz256_sqr_mont(Rsqr, R);             /* R^2 */
+    ecp_nistz256_mul_mont(Hcub, Hsqr, H);       /* H^3 */
+
+    ecp_nistz256_mul_mont(U2, in1_x, Hsqr);     /* U1*H^2 */
+    ecp_nistz256_mul_by_2(Hsqr, U2);            /* 2*U1*H^2 */
+
+    ecp_nistz256_sub(res_x, Rsqr, Hsqr);
+    ecp_nistz256_sub(res_x, res_x, Hcub);
+    ecp_nistz256_sub(H, U2, res_x);
+
+    ecp_nistz256_mul_mont(S2, in1_y, Hcub);
+    ecp_nistz256_mul_mont(H, H, R);
+    ecp_nistz256_sub(res_y, H, S2);
+
+    copy_conditional(res_x, in2_x, in1infty);
+    copy_conditional(res_x, in1_x, in2infty);
+
+    copy_conditional(res_y, in2_y, in1infty);
+    copy_conditional(res_y, in1_y, in2infty);
+
+    copy_conditional(res_z, ONE, in1infty);
+    copy_conditional(res_z, in1_z, in2infty);
+
+    memcpy(r->X, res_x, sizeof(res_x));
+    memcpy(r->Y, res_y, sizeof(res_y));
+    memcpy(r->Z, res_z, sizeof(res_z));
+}
+#endif
+
+/* r = in^-1 mod p */
+static void ecp_nistz256_mod_inverse(BN_ULONG r[P256_LIMBS],
+                                     const BN_ULONG in[P256_LIMBS])
+{
+    /*
+     * The poly is ffffffff 00000001 00000000 00000000 00000000 ffffffff
+     * ffffffff ffffffff We use FLT and used poly-2 as exponent
+     */
+    BN_ULONG p2[P256_LIMBS];
+    BN_ULONG p4[P256_LIMBS];
+    BN_ULONG p8[P256_LIMBS];
+    BN_ULONG p16[P256_LIMBS];
+    BN_ULONG p32[P256_LIMBS];
+    BN_ULONG res[P256_LIMBS];
+    int i;
+
+    ecp_nistz256_sqr_mont(res, in);
+    ecp_nistz256_mul_mont(p2, res, in);         /* 3*p */
+
+    ecp_nistz256_sqr_mont(res, p2);
+    ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_mul_mont(p4, res, p2);         /* f*p */
+
+    ecp_nistz256_sqr_mont(res, p4);
+    ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_mul_mont(p8, res, p4);         /* ff*p */
+
+    ecp_nistz256_sqr_mont(res, p8);
+    for (i = 0; i < 7; i++)
+        ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_mul_mont(p16, res, p8);        /* ffff*p */
+
+    ecp_nistz256_sqr_mont(res, p16);
+    for (i = 0; i < 15; i++)
+        ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_mul_mont(p32, res, p16);       /* ffffffff*p */
+
+    ecp_nistz256_sqr_mont(res, p32);
+    for (i = 0; i < 31; i++)
+        ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_mul_mont(res, res, in);
+
+    for (i = 0; i < 32 * 4; i++)
+        ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_mul_mont(res, res, p32);
+
+    for (i = 0; i < 32; i++)
+        ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_mul_mont(res, res, p32);
+
+    for (i = 0; i < 16; i++)
+        ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_mul_mont(res, res, p16);
+
+    for (i = 0; i < 8; i++)
+        ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_mul_mont(res, res, p8);
+
+    ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_mul_mont(res, res, p4);
+
+    ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_mul_mont(res, res, p2);
+
+    ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_mul_mont(res, res, in);
+
+    memcpy(r, res, sizeof(res));
+}
+
+/*
+ * ecp_nistz256_bignum_to_field_elem copies the contents of |in| to |out| and
+ * returns one if it fits. Otherwise it returns zero.
+ */
+__owur static int ecp_nistz256_bignum_to_field_elem(BN_ULONG out[P256_LIMBS],
+                                                    const BIGNUM *in)
+{
+    return bn_copy_words(out, in, P256_LIMBS);
+}
+
+/* r = sum(scalar[i]*point[i]) */
+__owur static int ecp_nistz256_windowed_mul(const EC_GROUP *group,
+                                            P256_POINT *r,
+                                            const BIGNUM **scalar,
+                                            const EC_POINT **point,
+                                            size_t num, BN_CTX *ctx)
+{
+    size_t i;
+    int j, ret = 0;
+    unsigned int idx;
+    unsigned char (*p_str)[33] = NULL;
+    const unsigned int window_size = 5;
+    const unsigned int mask = (1 << (window_size + 1)) - 1;
+    unsigned int wvalue;
+    P256_POINT *temp;           /* place for 5 temporary points */
+    const BIGNUM **scalars = NULL;
+    P256_POINT (*table)[16] = NULL;
+    void *table_storage = NULL;
+
+    if ((num * 16 + 6) > OPENSSL_MALLOC_MAX_NELEMS(P256_POINT)
+        || (table_storage =
+            OPENSSL_malloc((num * 16 + 5) * sizeof(P256_POINT) + 64)) == NULL
+        || (p_str =
+            OPENSSL_malloc(num * 33 * sizeof(unsigned char))) == NULL
+        || (scalars = OPENSSL_malloc(num * sizeof(BIGNUM *))) == NULL) {
+        ECerr(EC_F_ECP_NISTZ256_WINDOWED_MUL, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    table = (void *)ALIGNPTR(table_storage, 64);
+    temp = (P256_POINT *)(table + num);
+
+    for (i = 0; i < num; i++) {
+        P256_POINT *row = table[i];
+
+        /* This is an unusual input, we don't guarantee constant-timeness. */
+        if ((BN_num_bits(scalar[i]) > 256) || BN_is_negative(scalar[i])) {
+            BIGNUM *mod;
+
+            if ((mod = BN_CTX_get(ctx)) == NULL)
+                goto err;
+            if (!BN_nnmod(mod, scalar[i], group->order, ctx)) {
+                ECerr(EC_F_ECP_NISTZ256_WINDOWED_MUL, ERR_R_BN_LIB);
+                goto err;
+            }
+            scalars[i] = mod;
+        } else
+            scalars[i] = scalar[i];
+
+        for (j = 0; j < bn_get_top(scalars[i]) * BN_BYTES; j += BN_BYTES) {
+            BN_ULONG d = bn_get_words(scalars[i])[j / BN_BYTES];
+
+            p_str[i][j + 0] = (unsigned char)d;
+            p_str[i][j + 1] = (unsigned char)(d >> 8);
+            p_str[i][j + 2] = (unsigned char)(d >> 16);
+            p_str[i][j + 3] = (unsigned char)(d >>= 24);
+            if (BN_BYTES == 8) {
+                d >>= 8;
+                p_str[i][j + 4] = (unsigned char)d;
+                p_str[i][j + 5] = (unsigned char)(d >> 8);
+                p_str[i][j + 6] = (unsigned char)(d >> 16);
+                p_str[i][j + 7] = (unsigned char)(d >> 24);
+            }
+        }
+        for (; j < 33; j++)
+            p_str[i][j] = 0;
+
+        if (!ecp_nistz256_bignum_to_field_elem(temp[0].X, point[i]->X)
+            || !ecp_nistz256_bignum_to_field_elem(temp[0].Y, point[i]->Y)
+            || !ecp_nistz256_bignum_to_field_elem(temp[0].Z, point[i]->Z)) {
+            ECerr(EC_F_ECP_NISTZ256_WINDOWED_MUL,
+                  EC_R_COORDINATES_OUT_OF_RANGE);
+            goto err;
+        }
+
+        /*
+         * row[0] is implicitly (0,0,0) (the point at infinity), therefore it
+         * is not stored. All other values are actually stored with an offset
+         * of -1 in table.
+         */
+
+        ecp_nistz256_scatter_w5  (row, &temp[0], 1);
+        ecp_nistz256_point_double(&temp[1], &temp[0]);              /*1+1=2  */
+        ecp_nistz256_scatter_w5  (row, &temp[1], 2);
+        ecp_nistz256_point_add   (&temp[2], &temp[1], &temp[0]);    /*2+1=3  */
+        ecp_nistz256_scatter_w5  (row, &temp[2], 3);
+        ecp_nistz256_point_double(&temp[1], &temp[1]);              /*2*2=4  */
+        ecp_nistz256_scatter_w5  (row, &temp[1], 4);
+        ecp_nistz256_point_double(&temp[2], &temp[2]);              /*2*3=6  */
+        ecp_nistz256_scatter_w5  (row, &temp[2], 6);
+        ecp_nistz256_point_add   (&temp[3], &temp[1], &temp[0]);    /*4+1=5  */
+        ecp_nistz256_scatter_w5  (row, &temp[3], 5);
+        ecp_nistz256_point_add   (&temp[4], &temp[2], &temp[0]);    /*6+1=7  */
+        ecp_nistz256_scatter_w5  (row, &temp[4], 7);
+        ecp_nistz256_point_double(&temp[1], &temp[1]);              /*2*4=8  */
+        ecp_nistz256_scatter_w5  (row, &temp[1], 8);
+        ecp_nistz256_point_double(&temp[2], &temp[2]);              /*2*6=12 */
+        ecp_nistz256_scatter_w5  (row, &temp[2], 12);
+        ecp_nistz256_point_double(&temp[3], &temp[3]);              /*2*5=10 */
+        ecp_nistz256_scatter_w5  (row, &temp[3], 10);
+        ecp_nistz256_point_double(&temp[4], &temp[4]);              /*2*7=14 */
+        ecp_nistz256_scatter_w5  (row, &temp[4], 14);
+        ecp_nistz256_point_add   (&temp[2], &temp[2], &temp[0]);    /*12+1=13*/
+        ecp_nistz256_scatter_w5  (row, &temp[2], 13);
+        ecp_nistz256_point_add   (&temp[3], &temp[3], &temp[0]);    /*10+1=11*/
+        ecp_nistz256_scatter_w5  (row, &temp[3], 11);
+        ecp_nistz256_point_add   (&temp[4], &temp[4], &temp[0]);    /*14+1=15*/
+        ecp_nistz256_scatter_w5  (row, &temp[4], 15);
+        ecp_nistz256_point_add   (&temp[2], &temp[1], &temp[0]);    /*8+1=9  */
+        ecp_nistz256_scatter_w5  (row, &temp[2], 9);
+        ecp_nistz256_point_double(&temp[1], &temp[1]);              /*2*8=16 */
+        ecp_nistz256_scatter_w5  (row, &temp[1], 16);
+    }
+
+    idx = 255;
+
+    wvalue = p_str[0][(idx - 1) / 8];
+    wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+
+    /*
+     * We gather to temp[0], because we know it's position relative
+     * to table
+     */
+    ecp_nistz256_gather_w5(&temp[0], table[0], _booth_recode_w5(wvalue) >> 1);
+    memcpy(r, &temp[0], sizeof(temp[0]));
+
+    while (idx >= 5) {
+        for (i = (idx == 255 ? 1 : 0); i < num; i++) {
+            unsigned int off = (idx - 1) / 8;
+
+            wvalue = p_str[i][off] | p_str[i][off + 1] << 8;
+            wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+
+            wvalue = _booth_recode_w5(wvalue);
+
+            ecp_nistz256_gather_w5(&temp[0], table[i], wvalue >> 1);
+
+            ecp_nistz256_neg(temp[1].Y, temp[0].Y);
+            copy_conditional(temp[0].Y, temp[1].Y, (wvalue & 1));
+
+            ecp_nistz256_point_add(r, r, &temp[0]);
+        }
+
+        idx -= window_size;
+
+        ecp_nistz256_point_double(r, r);
+        ecp_nistz256_point_double(r, r);
+        ecp_nistz256_point_double(r, r);
+        ecp_nistz256_point_double(r, r);
+        ecp_nistz256_point_double(r, r);
+    }
+
+    /* Final window */
+    for (i = 0; i < num; i++) {
+        wvalue = p_str[i][0];
+        wvalue = (wvalue << 1) & mask;
+
+        wvalue = _booth_recode_w5(wvalue);
+
+        ecp_nistz256_gather_w5(&temp[0], table[i], wvalue >> 1);
+
+        ecp_nistz256_neg(temp[1].Y, temp[0].Y);
+        copy_conditional(temp[0].Y, temp[1].Y, wvalue & 1);
+
+        ecp_nistz256_point_add(r, r, &temp[0]);
+    }
+
+    ret = 1;
+ err:
+    OPENSSL_free(table_storage);
+    OPENSSL_free(p_str);
+    OPENSSL_free(scalars);
+    return ret;
+}
+
+/* Coordinates of G, for which we have precomputed tables */
+static const BN_ULONG def_xG[P256_LIMBS] = {
+    TOBN(0x79e730d4, 0x18a9143c), TOBN(0x75ba95fc, 0x5fedb601),
+    TOBN(0x79fb732b, 0x77622510), TOBN(0x18905f76, 0xa53755c6)
+};
+
+static const BN_ULONG def_yG[P256_LIMBS] = {
+    TOBN(0xddf25357, 0xce95560a), TOBN(0x8b4ab8e4, 0xba19e45c),
+    TOBN(0xd2e88688, 0xdd21f325), TOBN(0x8571ff18, 0x25885d85)
+};
+
+/*
+ * ecp_nistz256_is_affine_G returns one if |generator| is the standard, P-256
+ * generator.
+ */
+static int ecp_nistz256_is_affine_G(const EC_POINT *generator)
+{
+    return (bn_get_top(generator->X) == P256_LIMBS) &&
+        (bn_get_top(generator->Y) == P256_LIMBS) &&
+        is_equal(bn_get_words(generator->X), def_xG) &&
+        is_equal(bn_get_words(generator->Y), def_yG) &&
+        is_one(generator->Z);
+}
+
+__owur static int ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx)
+{
+    /*
+     * We precompute a table for a Booth encoded exponent (wNAF) based
+     * computation. Each table holds 64 values for safe access, with an
+     * implicit value of infinity at index zero. We use window of size 7, and
+     * therefore require ceil(256/7) = 37 tables.
+     */
+    const BIGNUM *order;
+    EC_POINT *P = NULL, *T = NULL;
+    const EC_POINT *generator;
+    NISTZ256_PRE_COMP *pre_comp;
+    BN_CTX *new_ctx = NULL;
+    int i, j, k, ret = 0;
+    size_t w;
+
+    PRECOMP256_ROW *preComputedTable = NULL;
+    unsigned char *precomp_storage = NULL;
+
+    /* if there is an old NISTZ256_PRE_COMP object, throw it away */
+    EC_pre_comp_free(group);
+    generator = EC_GROUP_get0_generator(group);
+    if (generator == NULL) {
+        ECerr(EC_F_ECP_NISTZ256_MULT_PRECOMPUTE, EC_R_UNDEFINED_GENERATOR);
+        return 0;
+    }
+
+    if (ecp_nistz256_is_affine_G(generator)) {
+        /*
+         * No need to calculate tables for the standard generator because we
+         * have them statically.
+         */
+        return 1;
+    }
+
+    if ((pre_comp = ecp_nistz256_pre_comp_new(group)) == NULL)
+        return 0;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            goto err;
+    }
+
+    BN_CTX_start(ctx);
+
+    order = EC_GROUP_get0_order(group);
+    if (order == NULL)
+        goto err;
+
+    if (BN_is_zero(order)) {
+        ECerr(EC_F_ECP_NISTZ256_MULT_PRECOMPUTE, EC_R_UNKNOWN_ORDER);
+        goto err;
+    }
+
+    w = 7;
+
+    if ((precomp_storage =
+         OPENSSL_malloc(37 * 64 * sizeof(P256_POINT_AFFINE) + 64)) == NULL) {
+        ECerr(EC_F_ECP_NISTZ256_MULT_PRECOMPUTE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    preComputedTable = (void *)ALIGNPTR(precomp_storage, 64);
+
+    P = EC_POINT_new(group);
+    T = EC_POINT_new(group);
+    if (P == NULL || T == NULL)
+        goto err;
+
+    /*
+     * The zero entry is implicitly infinity, and we skip it, storing other
+     * values with -1 offset.
+     */
+    if (!EC_POINT_copy(T, generator))
+        goto err;
+
+    for (k = 0; k < 64; k++) {
+        if (!EC_POINT_copy(P, T))
+            goto err;
+        for (j = 0; j < 37; j++) {
+            P256_POINT_AFFINE temp;
+            /*
+             * It would be faster to use EC_POINTs_make_affine and
+             * make multiple points affine at the same time.
+             */
+            if (!EC_POINT_make_affine(group, P, ctx))
+                goto err;
+            if (!ecp_nistz256_bignum_to_field_elem(temp.X, P->X) ||
+                !ecp_nistz256_bignum_to_field_elem(temp.Y, P->Y)) {
+                ECerr(EC_F_ECP_NISTZ256_MULT_PRECOMPUTE,
+                      EC_R_COORDINATES_OUT_OF_RANGE);
+                goto err;
+            }
+            ecp_nistz256_scatter_w7(preComputedTable[j], &temp, k);
+            for (i = 0; i < 7; i++) {
+                if (!EC_POINT_dbl(group, P, P, ctx))
+                    goto err;
+            }
+        }
+        if (!EC_POINT_add(group, T, T, generator, ctx))
+            goto err;
+    }
+
+    pre_comp->group = group;
+    pre_comp->w = w;
+    pre_comp->precomp = preComputedTable;
+    pre_comp->precomp_storage = precomp_storage;
+    precomp_storage = NULL;
+    SETPRECOMP(group, nistz256, pre_comp);
+    pre_comp = NULL;
+    ret = 1;
+
+ err:
+    if (ctx != NULL)
+        BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+
+    EC_nistz256_pre_comp_free(pre_comp);
+    OPENSSL_free(precomp_storage);
+    EC_POINT_free(P);
+    EC_POINT_free(T);
+    return ret;
+}
+
+/*
+ * Note that by default ECP_NISTZ256_AVX2 is undefined. While it's great
+ * code processing 4 points in parallel, corresponding serial operation
+ * is several times slower, because it uses 29x29=58-bit multiplication
+ * as opposite to 64x64=128-bit in integer-only scalar case. As result
+ * it doesn't provide *significant* performance improvement. Note that
+ * just defining ECP_NISTZ256_AVX2 is not sufficient to make it work,
+ * you'd need to compile even asm/ecp_nistz256-avx.pl module.
+ */
+#if defined(ECP_NISTZ256_AVX2)
+# if !(defined(__x86_64) || defined(__x86_64__) || \
+       defined(_M_AMD64) || defined(_M_X64)) || \
+     !(defined(__GNUC__) || defined(_MSC_VER)) /* this is for ALIGN32 */
+#  undef ECP_NISTZ256_AVX2
+# else
+/* Constant time access, loading four values, from four consecutive tables */
+void ecp_nistz256_avx2_multi_gather_w7(void *result, const void *in,
+                                       int index0, int index1, int index2,
+                                       int index3);
+void ecp_nistz256_avx2_transpose_convert(void *RESULTx4, const void *in);
+void ecp_nistz256_avx2_convert_transpose_back(void *result, const void *Ax4);
+void ecp_nistz256_avx2_point_add_affine_x4(void *RESULTx4, const void *Ax4,
+                                           const void *Bx4);
+void ecp_nistz256_avx2_point_add_affines_x4(void *RESULTx4, const void *Ax4,
+                                            const void *Bx4);
+void ecp_nistz256_avx2_to_mont(void *RESULTx4, const void *Ax4);
+void ecp_nistz256_avx2_from_mont(void *RESULTx4, const void *Ax4);
+void ecp_nistz256_avx2_set1(void *RESULTx4);
+int ecp_nistz_avx2_eligible(void);
+
+static void booth_recode_w7(unsigned char *sign,
+                            unsigned char *digit, unsigned char in)
+{
+    unsigned char s, d;
+
+    s = ~((in >> 7) - 1);
+    d = (1 << 8) - in - 1;
+    d = (d & s) | (in & ~s);
+    d = (d >> 1) + (d & 1);
+
+    *sign = s & 1;
+    *digit = d;
+}
+
+/*
+ * ecp_nistz256_avx2_mul_g performs multiplication by G, using only the
+ * precomputed table. It does 4 affine point additions in parallel,
+ * significantly speeding up point multiplication for a fixed value.
+ */
+static void ecp_nistz256_avx2_mul_g(P256_POINT *r,
+                                    unsigned char p_str[33],
+                                    const P256_POINT_AFFINE(*preComputedTable)[64])
+{
+    const unsigned int window_size = 7;
+    const unsigned int mask = (1 << (window_size + 1)) - 1;
+    unsigned int wvalue;
+    /* Using 4 windows at a time */
+    unsigned char sign0, digit0;
+    unsigned char sign1, digit1;
+    unsigned char sign2, digit2;
+    unsigned char sign3, digit3;
+    unsigned int idx = 0;
+    BN_ULONG tmp[P256_LIMBS];
+    int i;
+
+    ALIGN32 BN_ULONG aX4[4 * 9 * 3] = { 0 };
+    ALIGN32 BN_ULONG bX4[4 * 9 * 2] = { 0 };
+    ALIGN32 P256_POINT_AFFINE point_arr[4];
+    ALIGN32 P256_POINT res_point_arr[4];
+
+    /* Initial four windows */
+    wvalue = *((u16 *) & p_str[0]);
+    wvalue = (wvalue << 1) & mask;
+    idx += window_size;
+    booth_recode_w7(&sign0, &digit0, wvalue);
+    wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
+    wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+    idx += window_size;
+    booth_recode_w7(&sign1, &digit1, wvalue);
+    wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
+    wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+    idx += window_size;
+    booth_recode_w7(&sign2, &digit2, wvalue);
+    wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
+    wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+    idx += window_size;
+    booth_recode_w7(&sign3, &digit3, wvalue);
+
+    ecp_nistz256_avx2_multi_gather_w7(point_arr, preComputedTable[0],
+                                      digit0, digit1, digit2, digit3);
+
+    ecp_nistz256_neg(tmp, point_arr[0].Y);
+    copy_conditional(point_arr[0].Y, tmp, sign0);
+    ecp_nistz256_neg(tmp, point_arr[1].Y);
+    copy_conditional(point_arr[1].Y, tmp, sign1);
+    ecp_nistz256_neg(tmp, point_arr[2].Y);
+    copy_conditional(point_arr[2].Y, tmp, sign2);
+    ecp_nistz256_neg(tmp, point_arr[3].Y);
+    copy_conditional(point_arr[3].Y, tmp, sign3);
+
+    ecp_nistz256_avx2_transpose_convert(aX4, point_arr);
+    ecp_nistz256_avx2_to_mont(aX4, aX4);
+    ecp_nistz256_avx2_to_mont(&aX4[4 * 9], &aX4[4 * 9]);
+    ecp_nistz256_avx2_set1(&aX4[4 * 9 * 2]);
+
+    wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
+    wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+    idx += window_size;
+    booth_recode_w7(&sign0, &digit0, wvalue);
+    wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
+    wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+    idx += window_size;
+    booth_recode_w7(&sign1, &digit1, wvalue);
+    wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
+    wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+    idx += window_size;
+    booth_recode_w7(&sign2, &digit2, wvalue);
+    wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
+    wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+    idx += window_size;
+    booth_recode_w7(&sign3, &digit3, wvalue);
+
+    ecp_nistz256_avx2_multi_gather_w7(point_arr, preComputedTable[4 * 1],
+                                      digit0, digit1, digit2, digit3);
+
+    ecp_nistz256_neg(tmp, point_arr[0].Y);
+    copy_conditional(point_arr[0].Y, tmp, sign0);
+    ecp_nistz256_neg(tmp, point_arr[1].Y);
+    copy_conditional(point_arr[1].Y, tmp, sign1);
+    ecp_nistz256_neg(tmp, point_arr[2].Y);
+    copy_conditional(point_arr[2].Y, tmp, sign2);
+    ecp_nistz256_neg(tmp, point_arr[3].Y);
+    copy_conditional(point_arr[3].Y, tmp, sign3);
+
+    ecp_nistz256_avx2_transpose_convert(bX4, point_arr);
+    ecp_nistz256_avx2_to_mont(bX4, bX4);
+    ecp_nistz256_avx2_to_mont(&bX4[4 * 9], &bX4[4 * 9]);
+    /* Optimized when both inputs are affine */
+    ecp_nistz256_avx2_point_add_affines_x4(aX4, aX4, bX4);
+
+    for (i = 2; i < 9; i++) {
+        wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
+        wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+        idx += window_size;
+        booth_recode_w7(&sign0, &digit0, wvalue);
+        wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
+        wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+        idx += window_size;
+        booth_recode_w7(&sign1, &digit1, wvalue);
+        wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
+        wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+        idx += window_size;
+        booth_recode_w7(&sign2, &digit2, wvalue);
+        wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
+        wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+        idx += window_size;
+        booth_recode_w7(&sign3, &digit3, wvalue);
+
+        ecp_nistz256_avx2_multi_gather_w7(point_arr,
+                                          preComputedTable[4 * i],
+                                          digit0, digit1, digit2, digit3);
+
+        ecp_nistz256_neg(tmp, point_arr[0].Y);
+        copy_conditional(point_arr[0].Y, tmp, sign0);
+        ecp_nistz256_neg(tmp, point_arr[1].Y);
+        copy_conditional(point_arr[1].Y, tmp, sign1);
+        ecp_nistz256_neg(tmp, point_arr[2].Y);
+        copy_conditional(point_arr[2].Y, tmp, sign2);
+        ecp_nistz256_neg(tmp, point_arr[3].Y);
+        copy_conditional(point_arr[3].Y, tmp, sign3);
+
+        ecp_nistz256_avx2_transpose_convert(bX4, point_arr);
+        ecp_nistz256_avx2_to_mont(bX4, bX4);
+        ecp_nistz256_avx2_to_mont(&bX4[4 * 9], &bX4[4 * 9]);
+
+        ecp_nistz256_avx2_point_add_affine_x4(aX4, aX4, bX4);
+    }
+
+    ecp_nistz256_avx2_from_mont(&aX4[4 * 9 * 0], &aX4[4 * 9 * 0]);
+    ecp_nistz256_avx2_from_mont(&aX4[4 * 9 * 1], &aX4[4 * 9 * 1]);
+    ecp_nistz256_avx2_from_mont(&aX4[4 * 9 * 2], &aX4[4 * 9 * 2]);
+
+    ecp_nistz256_avx2_convert_transpose_back(res_point_arr, aX4);
+    /* Last window is performed serially */
+    wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
+    wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+    booth_recode_w7(&sign0, &digit0, wvalue);
+    ecp_nistz256_gather_w7((P256_POINT_AFFINE *)r,
+                           preComputedTable[36], digit0);
+    ecp_nistz256_neg(tmp, r->Y);
+    copy_conditional(r->Y, tmp, sign0);
+    memcpy(r->Z, ONE, sizeof(ONE));
+    /* Sum the four windows */
+    ecp_nistz256_point_add(r, r, &res_point_arr[0]);
+    ecp_nistz256_point_add(r, r, &res_point_arr[1]);
+    ecp_nistz256_point_add(r, r, &res_point_arr[2]);
+    ecp_nistz256_point_add(r, r, &res_point_arr[3]);
+}
+# endif
+#endif
+
+__owur static int ecp_nistz256_set_from_affine(EC_POINT *out, const EC_GROUP *group,
+                                               const P256_POINT_AFFINE *in,
+                                               BN_CTX *ctx)
+{
+    int ret = 0;
+
+    if ((ret = bn_set_words(out->X, in->X, P256_LIMBS))
+        && (ret = bn_set_words(out->Y, in->Y, P256_LIMBS))
+        && (ret = bn_set_words(out->Z, ONE, P256_LIMBS)))
+        out->Z_is_one = 1;
+
+    return ret;
+}
+
+/* r = scalar*G + sum(scalars[i]*points[i]) */
+__owur static int ecp_nistz256_points_mul(const EC_GROUP *group,
+                                          EC_POINT *r,
+                                          const BIGNUM *scalar,
+                                          size_t num,
+                                          const EC_POINT *points[],
+                                          const BIGNUM *scalars[], BN_CTX *ctx)
+{
+    int i = 0, ret = 0, no_precomp_for_generator = 0, p_is_infinity = 0;
+    unsigned char p_str[33] = { 0 };
+    const PRECOMP256_ROW *preComputedTable = NULL;
+    const NISTZ256_PRE_COMP *pre_comp = NULL;
+    const EC_POINT *generator = NULL;
+    const BIGNUM **new_scalars = NULL;
+    const EC_POINT **new_points = NULL;
+    unsigned int idx = 0;
+    const unsigned int window_size = 7;
+    const unsigned int mask = (1 << (window_size + 1)) - 1;
+    unsigned int wvalue;
+    ALIGN32 union {
+        P256_POINT p;
+        P256_POINT_AFFINE a;
+    } t, p;
+    BIGNUM *tmp_scalar;
+
+    if ((num + 1) == 0 || (num + 1) > OPENSSL_MALLOC_MAX_NELEMS(void *)) {
+        ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    BN_CTX_start(ctx);
+
+    if (scalar) {
+        generator = EC_GROUP_get0_generator(group);
+        if (generator == NULL) {
+            ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, EC_R_UNDEFINED_GENERATOR);
+            goto err;
+        }
+
+        /* look if we can use precomputed multiples of generator */
+        pre_comp = group->pre_comp.nistz256;
+
+        if (pre_comp) {
+            /*
+             * If there is a precomputed table for the generator, check that
+             * it was generated with the same generator.
+             */
+            EC_POINT *pre_comp_generator = EC_POINT_new(group);
+            if (pre_comp_generator == NULL)
+                goto err;
+
+            ecp_nistz256_gather_w7(&p.a, pre_comp->precomp[0], 1);
+            if (!ecp_nistz256_set_from_affine(pre_comp_generator,
+                                              group, &p.a, ctx)) {
+                EC_POINT_free(pre_comp_generator);
+                goto err;
+            }
+
+            if (0 == EC_POINT_cmp(group, generator, pre_comp_generator, ctx))
+                preComputedTable = (const PRECOMP256_ROW *)pre_comp->precomp;
+
+            EC_POINT_free(pre_comp_generator);
+        }
+
+        if (preComputedTable == NULL && ecp_nistz256_is_affine_G(generator)) {
+            /*
+             * If there is no precomputed data, but the generator is the
+             * default, a hardcoded table of precomputed data is used. This
+             * is because applications, such as Apache, do not use
+             * EC_KEY_precompute_mult.
+             */
+            preComputedTable = ecp_nistz256_precomputed;
+        }
+
+        if (preComputedTable) {
+            if ((BN_num_bits(scalar) > 256)
+                || BN_is_negative(scalar)) {
+                if ((tmp_scalar = BN_CTX_get(ctx)) == NULL)
+                    goto err;
+
+                if (!BN_nnmod(tmp_scalar, scalar, group->order, ctx)) {
+                    ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, ERR_R_BN_LIB);
+                    goto err;
+                }
+                scalar = tmp_scalar;
+            }
+
+            for (i = 0; i < bn_get_top(scalar) * BN_BYTES; i += BN_BYTES) {
+                BN_ULONG d = bn_get_words(scalar)[i / BN_BYTES];
+
+                p_str[i + 0] = (unsigned char)d;
+                p_str[i + 1] = (unsigned char)(d >> 8);
+                p_str[i + 2] = (unsigned char)(d >> 16);
+                p_str[i + 3] = (unsigned char)(d >>= 24);
+                if (BN_BYTES == 8) {
+                    d >>= 8;
+                    p_str[i + 4] = (unsigned char)d;
+                    p_str[i + 5] = (unsigned char)(d >> 8);
+                    p_str[i + 6] = (unsigned char)(d >> 16);
+                    p_str[i + 7] = (unsigned char)(d >> 24);
+                }
+            }
+
+            for (; i < 33; i++)
+                p_str[i] = 0;
+
+#if defined(ECP_NISTZ256_AVX2)
+            if (ecp_nistz_avx2_eligible()) {
+                ecp_nistz256_avx2_mul_g(&p.p, p_str, preComputedTable);
+            } else
+#endif
+            {
+                BN_ULONG infty;
+
+                /* First window */
+                wvalue = (p_str[0] << 1) & mask;
+                idx += window_size;
+
+                wvalue = _booth_recode_w7(wvalue);
+
+                ecp_nistz256_gather_w7(&p.a, preComputedTable[0],
+                                       wvalue >> 1);
+
+                ecp_nistz256_neg(p.p.Z, p.p.Y);
+                copy_conditional(p.p.Y, p.p.Z, wvalue & 1);
+
+                /*
+                 * Since affine infinity is encoded as (0,0) and
+                 * Jacobian ias (,,0), we need to harmonize them
+                 * by assigning "one" or zero to Z.
+                 */
+                infty = (p.p.X[0] | p.p.X[1] | p.p.X[2] | p.p.X[3] |
+                         p.p.Y[0] | p.p.Y[1] | p.p.Y[2] | p.p.Y[3]);
+                if (P256_LIMBS == 8)
+                    infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] |
+                              p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]);
+
+                infty = 0 - is_zero(infty);
+                infty = ~infty;
+
+                p.p.Z[0] = ONE[0] & infty;
+                p.p.Z[1] = ONE[1] & infty;
+                p.p.Z[2] = ONE[2] & infty;
+                p.p.Z[3] = ONE[3] & infty;
+                if (P256_LIMBS == 8) {
+                    p.p.Z[4] = ONE[4] & infty;
+                    p.p.Z[5] = ONE[5] & infty;
+                    p.p.Z[6] = ONE[6] & infty;
+                    p.p.Z[7] = ONE[7] & infty;
+                }
+
+                for (i = 1; i < 37; i++) {
+                    unsigned int off = (idx - 1) / 8;
+                    wvalue = p_str[off] | p_str[off + 1] << 8;
+                    wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+                    idx += window_size;
+
+                    wvalue = _booth_recode_w7(wvalue);
+
+                    ecp_nistz256_gather_w7(&t.a,
+                                           preComputedTable[i], wvalue >> 1);
+
+                    ecp_nistz256_neg(t.p.Z, t.a.Y);
+                    copy_conditional(t.a.Y, t.p.Z, wvalue & 1);
+
+                    ecp_nistz256_point_add_affine(&p.p, &p.p, &t.a);
+                }
+            }
+        } else {
+            p_is_infinity = 1;
+            no_precomp_for_generator = 1;
+        }
+    } else
+        p_is_infinity = 1;
+
+    if (no_precomp_for_generator) {
+        /*
+         * Without a precomputed table for the generator, it has to be
+         * handled like a normal point.
+         */
+        new_scalars = OPENSSL_malloc((num + 1) * sizeof(BIGNUM *));
+        if (new_scalars == NULL) {
+            ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        new_points = OPENSSL_malloc((num + 1) * sizeof(EC_POINT *));
+        if (new_points == NULL) {
+            ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        memcpy(new_scalars, scalars, num * sizeof(BIGNUM *));
+        new_scalars[num] = scalar;
+        memcpy(new_points, points, num * sizeof(EC_POINT *));
+        new_points[num] = generator;
+
+        scalars = new_scalars;
+        points = new_points;
+        num++;
+    }
+
+    if (num) {
+        P256_POINT *out = &t.p;
+        if (p_is_infinity)
+            out = &p.p;
+
+        if (!ecp_nistz256_windowed_mul(group, out, scalars, points, num, ctx))
+            goto err;
+
+        if (!p_is_infinity)
+            ecp_nistz256_point_add(&p.p, &p.p, out);
+    }
+
+    /* Not constant-time, but we're only operating on the public output. */
+    if (!bn_set_words(r->X, p.p.X, P256_LIMBS) ||
+        !bn_set_words(r->Y, p.p.Y, P256_LIMBS) ||
+        !bn_set_words(r->Z, p.p.Z, P256_LIMBS)) {
+        goto err;
+    }
+    r->Z_is_one = is_one(r->Z) & 1;
+
+    ret = 1;
+
+err:
+    BN_CTX_end(ctx);
+    OPENSSL_free(new_points);
+    OPENSSL_free(new_scalars);
+    return ret;
+}
+
+__owur static int ecp_nistz256_get_affine(const EC_GROUP *group,
+                                          const EC_POINT *point,
+                                          BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
+{
+    BN_ULONG z_inv2[P256_LIMBS];
+    BN_ULONG z_inv3[P256_LIMBS];
+    BN_ULONG x_aff[P256_LIMBS];
+    BN_ULONG y_aff[P256_LIMBS];
+    BN_ULONG point_x[P256_LIMBS], point_y[P256_LIMBS], point_z[P256_LIMBS];
+    BN_ULONG x_ret[P256_LIMBS], y_ret[P256_LIMBS];
+
+    if (EC_POINT_is_at_infinity(group, point)) {
+        ECerr(EC_F_ECP_NISTZ256_GET_AFFINE, EC_R_POINT_AT_INFINITY);
+        return 0;
+    }
+
+    if (!ecp_nistz256_bignum_to_field_elem(point_x, point->X) ||
+        !ecp_nistz256_bignum_to_field_elem(point_y, point->Y) ||
+        !ecp_nistz256_bignum_to_field_elem(point_z, point->Z)) {
+        ECerr(EC_F_ECP_NISTZ256_GET_AFFINE, EC_R_COORDINATES_OUT_OF_RANGE);
+        return 0;
+    }
+
+    ecp_nistz256_mod_inverse(z_inv3, point_z);
+    ecp_nistz256_sqr_mont(z_inv2, z_inv3);
+    ecp_nistz256_mul_mont(x_aff, z_inv2, point_x);
+
+    if (x != NULL) {
+        ecp_nistz256_from_mont(x_ret, x_aff);
+        if (!bn_set_words(x, x_ret, P256_LIMBS))
+            return 0;
+    }
+
+    if (y != NULL) {
+        ecp_nistz256_mul_mont(z_inv3, z_inv3, z_inv2);
+        ecp_nistz256_mul_mont(y_aff, z_inv3, point_y);
+        ecp_nistz256_from_mont(y_ret, y_aff);
+        if (!bn_set_words(y, y_ret, P256_LIMBS))
+            return 0;
+    }
+
+    return 1;
+}
+
+static NISTZ256_PRE_COMP *ecp_nistz256_pre_comp_new(const EC_GROUP *group)
+{
+    NISTZ256_PRE_COMP *ret = NULL;
+
+    if (!group)
+        return NULL;
+
+    ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        ECerr(EC_F_ECP_NISTZ256_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
+        return ret;
+    }
+
+    ret->group = group;
+    ret->w = 6;                 /* default */
+    ret->references = 1;
+
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        ECerr(EC_F_ECP_NISTZ256_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+NISTZ256_PRE_COMP *EC_nistz256_pre_comp_dup(NISTZ256_PRE_COMP *p)
+{
+    int i;
+    if (p != NULL)
+        CRYPTO_UP_REF(&p->references, &i, p->lock);
+    return p;
+}
+
+void EC_nistz256_pre_comp_free(NISTZ256_PRE_COMP *pre)
+{
+    int i;
+
+    if (pre == NULL)
+        return;
+
+    CRYPTO_DOWN_REF(&pre->references, &i, pre->lock);
+    REF_PRINT_COUNT("EC_nistz256", x);
+    if (i > 0)
+        return;
+    REF_ASSERT_ISNT(i < 0);
+
+    OPENSSL_free(pre->precomp_storage);
+    CRYPTO_THREAD_lock_free(pre->lock);
+    OPENSSL_free(pre);
+}
+
+
+static int ecp_nistz256_window_have_precompute_mult(const EC_GROUP *group)
+{
+    /* There is a hard-coded table for the default generator. */
+    const EC_POINT *generator = EC_GROUP_get0_generator(group);
+
+    if (generator != NULL && ecp_nistz256_is_affine_G(generator)) {
+        /* There is a hard-coded table for the default generator. */
+        return 1;
+    }
+
+    return HAVEPRECOMP(group, nistz256);
+}
+
+#if defined(__x86_64) || defined(__x86_64__) || \
+    defined(_M_AMD64) || defined(_M_X64) || \
+    defined(__powerpc64__) || defined(_ARCH_PP64) || \
+    defined(__aarch64__)
+/*
+ * Montgomery mul modulo Order(P): res = a*b*2^-256 mod Order(P)
+ */
+void ecp_nistz256_ord_mul_mont(BN_ULONG res[P256_LIMBS],
+                               const BN_ULONG a[P256_LIMBS],
+                               const BN_ULONG b[P256_LIMBS]);
+void ecp_nistz256_ord_sqr_mont(BN_ULONG res[P256_LIMBS],
+                               const BN_ULONG a[P256_LIMBS],
+                               int rep);
+
+static int ecp_nistz256_inv_mod_ord(const EC_GROUP *group, BIGNUM *r,
+                                    const BIGNUM *x, BN_CTX *ctx)
+{
+    /* RR = 2^512 mod ord(p256) */
+    static const BN_ULONG RR[P256_LIMBS]  = {
+        TOBN(0x83244c95,0xbe79eea2), TOBN(0x4699799c,0x49bd6fa6),
+        TOBN(0x2845b239,0x2b6bec59), TOBN(0x66e12d94,0xf3d95620)
+    };
+    /* The constant 1 (unlike ONE that is one in Montgomery representation) */
+    static const BN_ULONG one[P256_LIMBS] = {
+        TOBN(0,1), TOBN(0,0), TOBN(0,0), TOBN(0,0)
+    };
+    /*
+     * We don't use entry 0 in the table, so we omit it and address
+     * with -1 offset.
+     */
+    BN_ULONG table[15][P256_LIMBS];
+    BN_ULONG out[P256_LIMBS], t[P256_LIMBS];
+    int i, ret = 0;
+    enum {
+        i_1 = 0, i_10,     i_11,     i_101, i_111, i_1010, i_1111,
+        i_10101, i_101010, i_101111, i_x6,  i_x8,  i_x16,  i_x32
+    };
+
+    /*
+     * Catch allocation failure early.
+     */
+    if (bn_wexpand(r, P256_LIMBS) == NULL) {
+        ECerr(EC_F_ECP_NISTZ256_INV_MOD_ORD, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    if ((BN_num_bits(x) > 256) || BN_is_negative(x)) {
+        BIGNUM *tmp;
+
+        if ((tmp = BN_CTX_get(ctx)) == NULL
+            || !BN_nnmod(tmp, x, group->order, ctx)) {
+            ECerr(EC_F_ECP_NISTZ256_INV_MOD_ORD, ERR_R_BN_LIB);
+            goto err;
+        }
+        x = tmp;
+    }
+
+    if (!ecp_nistz256_bignum_to_field_elem(t, x)) {
+        ECerr(EC_F_ECP_NISTZ256_INV_MOD_ORD, EC_R_COORDINATES_OUT_OF_RANGE);
+        goto err;
+    }
+
+    ecp_nistz256_ord_mul_mont(table[0], t, RR);
+#if 0
+    /*
+     * Original sparse-then-fixed-window algorithm, retained for reference.
+     */
+    for (i = 2; i < 16; i += 2) {
+        ecp_nistz256_ord_sqr_mont(table[i-1], table[i/2-1], 1);
+        ecp_nistz256_ord_mul_mont(table[i], table[i-1], table[0]);
+    }
+
+    /*
+     * The top 128bit of the exponent are highly redudndant, so we
+     * perform an optimized flow
+     */
+    ecp_nistz256_ord_sqr_mont(t, table[15-1], 4);   /* f0 */
+    ecp_nistz256_ord_mul_mont(t, t, table[15-1]);   /* ff */
+
+    ecp_nistz256_ord_sqr_mont(out, t, 8);           /* ff00 */
+    ecp_nistz256_ord_mul_mont(out, out, t);         /* ffff */
+
+    ecp_nistz256_ord_sqr_mont(t, out, 16);          /* ffff0000 */
+    ecp_nistz256_ord_mul_mont(t, t, out);           /* ffffffff */
+
+    ecp_nistz256_ord_sqr_mont(out, t, 64);          /* ffffffff0000000000000000 */
+    ecp_nistz256_ord_mul_mont(out, out, t);         /* ffffffff00000000ffffffff */
+
+    ecp_nistz256_ord_sqr_mont(out, out, 32);        /* ffffffff00000000ffffffff00000000 */
+    ecp_nistz256_ord_mul_mont(out, out, t);         /* ffffffff00000000ffffffffffffffff */
+
+    /*
+     * The bottom 128 bit of the exponent are processed with fixed 4-bit window
+     */
+    for(i = 0; i < 32; i++) {
+        /* expLo - the low 128 bits of the exponent we use (ord(p256) - 2),
+         * split into nibbles */
+        static const unsigned char expLo[32]  = {
+            0xb,0xc,0xe,0x6,0xf,0xa,0xa,0xd,0xa,0x7,0x1,0x7,0x9,0xe,0x8,0x4,
+            0xf,0x3,0xb,0x9,0xc,0xa,0xc,0x2,0xf,0xc,0x6,0x3,0x2,0x5,0x4,0xf
+        };
+
+        ecp_nistz256_ord_sqr_mont(out, out, 4);
+        /* The exponent is public, no need in constant-time access */
+        ecp_nistz256_ord_mul_mont(out, out, table[expLo[i]-1]);
+    }
+#else
+    /*
+     * https://briansmith.org/ecc-inversion-addition-chains-01#p256_scalar_inversion
+     *
+     * Even though this code path spares 12 squarings, 4.5%, and 13
+     * multiplications, 25%, on grand scale sign operation is not that
+     * much faster, not more that 2%...
+     */
+
+    /* pre-calculate powers */
+    ecp_nistz256_ord_sqr_mont(table[i_10], table[i_1], 1);
+
+    ecp_nistz256_ord_mul_mont(table[i_11], table[i_1], table[i_10]);
+
+    ecp_nistz256_ord_mul_mont(table[i_101], table[i_11], table[i_10]);
+
+    ecp_nistz256_ord_mul_mont(table[i_111], table[i_101], table[i_10]);
+
+    ecp_nistz256_ord_sqr_mont(table[i_1010], table[i_101], 1);
+
+    ecp_nistz256_ord_mul_mont(table[i_1111], table[i_1010], table[i_101]);
+
+    ecp_nistz256_ord_sqr_mont(table[i_10101], table[i_1010], 1);
+    ecp_nistz256_ord_mul_mont(table[i_10101], table[i_10101], table[i_1]);
+
+    ecp_nistz256_ord_sqr_mont(table[i_101010], table[i_10101], 1);
+
+    ecp_nistz256_ord_mul_mont(table[i_101111], table[i_101010], table[i_101]);
+
+    ecp_nistz256_ord_mul_mont(table[i_x6], table[i_101010], table[i_10101]);
+
+    ecp_nistz256_ord_sqr_mont(table[i_x8], table[i_x6], 2);
+    ecp_nistz256_ord_mul_mont(table[i_x8], table[i_x8], table[i_11]);
+
+    ecp_nistz256_ord_sqr_mont(table[i_x16], table[i_x8], 8);
+    ecp_nistz256_ord_mul_mont(table[i_x16], table[i_x16], table[i_x8]);
+
+    ecp_nistz256_ord_sqr_mont(table[i_x32], table[i_x16], 16);
+    ecp_nistz256_ord_mul_mont(table[i_x32], table[i_x32], table[i_x16]);
+
+    /* calculations */
+    ecp_nistz256_ord_sqr_mont(out, table[i_x32], 64);
+    ecp_nistz256_ord_mul_mont(out, out, table[i_x32]);
+
+    for (i = 0; i < 27; i++) {
+        static const struct { unsigned char p, i; } chain[27] = {
+            { 32, i_x32 }, { 6,  i_101111 }, { 5,  i_111    },
+            { 4,  i_11  }, { 5,  i_1111   }, { 5,  i_10101  },
+            { 4,  i_101 }, { 3,  i_101    }, { 3,  i_101    },
+            { 5,  i_111 }, { 9,  i_101111 }, { 6,  i_1111   },
+            { 2,  i_1   }, { 5,  i_1      }, { 6,  i_1111   },
+            { 5,  i_111 }, { 4,  i_111    }, { 5,  i_111    },
+            { 5,  i_101 }, { 3,  i_11     }, { 10, i_101111 },
+            { 2,  i_11  }, { 5,  i_11     }, { 5,  i_11     },
+            { 3,  i_1   }, { 7,  i_10101  }, { 6,  i_1111   }
+        };
+
+        ecp_nistz256_ord_sqr_mont(out, out, chain[i].p);
+        ecp_nistz256_ord_mul_mont(out, out, table[chain[i].i]);
+    }
+#endif
+    ecp_nistz256_ord_mul_mont(out, out, one);
+
+    /*
+     * Can't fail, but check return code to be consistent anyway.
+     */
+    if (!bn_set_words(r, out, P256_LIMBS))
+        goto err;
+
+    ret = 1;
+err:
+    return ret;
+}
+#else
+# define ecp_nistz256_inv_mod_ord NULL
+#endif
+
+const EC_METHOD *EC_GFp_nistz256_method(void)
+{
+    static const EC_METHOD ret = {
+        EC_FLAGS_DEFAULT_OCT,
+        NID_X9_62_prime_field,
+        ec_GFp_mont_group_init,
+        ec_GFp_mont_group_finish,
+        ec_GFp_mont_group_clear_finish,
+        ec_GFp_mont_group_copy,
+        ec_GFp_mont_group_set_curve,
+        ec_GFp_simple_group_get_curve,
+        ec_GFp_simple_group_get_degree,
+        ec_group_simple_order_bits,
+        ec_GFp_simple_group_check_discriminant,
+        ec_GFp_simple_point_init,
+        ec_GFp_simple_point_finish,
+        ec_GFp_simple_point_clear_finish,
+        ec_GFp_simple_point_copy,
+        ec_GFp_simple_point_set_to_infinity,
+        ec_GFp_simple_set_Jprojective_coordinates_GFp,
+        ec_GFp_simple_get_Jprojective_coordinates_GFp,
+        ec_GFp_simple_point_set_affine_coordinates,
+        ecp_nistz256_get_affine,
+        0, 0, 0,
+        ec_GFp_simple_add,
+        ec_GFp_simple_dbl,
+        ec_GFp_simple_invert,
+        ec_GFp_simple_is_at_infinity,
+        ec_GFp_simple_is_on_curve,
+        ec_GFp_simple_cmp,
+        ec_GFp_simple_make_affine,
+        ec_GFp_simple_points_make_affine,
+        ecp_nistz256_points_mul,                    /* mul */
+        ecp_nistz256_mult_precompute,               /* precompute_mult */
+        ecp_nistz256_window_have_precompute_mult,   /* have_precompute_mult */
+        ec_GFp_mont_field_mul,
+        ec_GFp_mont_field_sqr,
+        0,                                          /* field_div */
+        ec_GFp_mont_field_inv,
+        ec_GFp_mont_field_encode,
+        ec_GFp_mont_field_decode,
+        ec_GFp_mont_field_set_to_one,
+        ec_key_simple_priv2oct,
+        ec_key_simple_oct2priv,
+        0, /* set private */
+        ec_key_simple_generate_key,
+        ec_key_simple_check_key,
+        ec_key_simple_generate_public_key,
+        0, /* keycopy */
+        0, /* keyfinish */
+        ecdh_simple_compute_key,
+        ecp_nistz256_inv_mod_ord,                   /* can be #define-d NULL */
+        0,                                          /* blind_coordinates */
+        0,                                          /* ladder_pre */
+        0,                                          /* ladder_step */
+        0                                           /* ladder_post */
+    };
+
+    return &ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_nistz256_table.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_nistz256_table.c
new file mode 100644
index 000000000..3f5625c6c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_nistz256_table.c
@@ -0,0 +1,9542 @@
+/*
+ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This is the precomputed constant time access table for the code in
+ * ecp_montp256.c, for the default generator. The table consists of 37
+ * subtables, each subtable contains 64 affine points. The affine points are
+ * encoded as eight uint64's, four for the x coordinate and four for the y.
+ * Both values are in little-endian order. There are 37 tables because a
+ * signed, 6-bit wNAF form of the scalar is used and ceil(256/(6 + 1)) = 37.
+ * Within each table there are 64 values because the 6-bit wNAF value can
+ * take 64 values, ignoring the sign bit, which is implemented by performing
+ * a negation of the affine point when required. We would like to align it
+ * to 2MB in order to increase the chances of using a large page but that
+ * appears to lead to invalid ELF files being produced.
+ */
+
+#if defined(__GNUC__)
+__attribute((aligned(4096)))
+#elif defined(_MSC_VER)
+__declspec(align(4096))
+#elif defined(__SUNPRO_C)
+# pragma align 4096(ecp_nistz256_precomputed)
+#endif
+static const BN_ULONG ecp_nistz256_precomputed[37][64 *
+                                                   sizeof(P256_POINT_AFFINE) /
+                                                   sizeof(BN_ULONG)] = {
+    {TOBN(0x79e730d4, 0x18a9143c), TOBN(0x75ba95fc, 0x5fedb601),
+     TOBN(0x79fb732b, 0x77622510), TOBN(0x18905f76, 0xa53755c6),
+     TOBN(0xddf25357, 0xce95560a), TOBN(0x8b4ab8e4, 0xba19e45c),
+     TOBN(0xd2e88688, 0xdd21f325), TOBN(0x8571ff18, 0x25885d85),
+     TOBN(0x850046d4, 0x10ddd64d), TOBN(0xaa6ae3c1, 0xa433827d),
+     TOBN(0x73220503, 0x8d1490d9), TOBN(0xf6bb32e4, 0x3dcf3a3b),
+     TOBN(0x2f3648d3, 0x61bee1a5), TOBN(0x152cd7cb, 0xeb236ff8),
+     TOBN(0x19a8fb0e, 0x92042dbe), TOBN(0x78c57751, 0x0a5b8a3b),
+     TOBN(0xffac3f90, 0x4eebc127), TOBN(0xb027f84a, 0x087d81fb),
+     TOBN(0x66ad77dd, 0x87cbbc98), TOBN(0x26936a3f, 0xb6ff747e),
+     TOBN(0xb04c5c1f, 0xc983a7eb), TOBN(0x583e47ad, 0x0861fe1a),
+     TOBN(0x78820831, 0x1a2ee98e), TOBN(0xd5f06a29, 0xe587cc07),
+     TOBN(0x74b0b50d, 0x46918dcc), TOBN(0x4650a6ed, 0xc623c173),
+     TOBN(0x0cdaacac, 0xe8100af2), TOBN(0x577362f5, 0x41b0176b),
+     TOBN(0x2d96f24c, 0xe4cbaba6), TOBN(0x17628471, 0xfad6f447),
+     TOBN(0x6b6c36de, 0xe5ddd22e), TOBN(0x84b14c39, 0x4c5ab863),
+     TOBN(0xbe1b8aae, 0xc45c61f5), TOBN(0x90ec649a, 0x94b9537d),
+     TOBN(0x941cb5aa, 0xd076c20c), TOBN(0xc9079605, 0x890523c8),
+     TOBN(0xeb309b4a, 0xe7ba4f10), TOBN(0x73c568ef, 0xe5eb882b),
+     TOBN(0x3540a987, 0x7e7a1f68), TOBN(0x73a076bb, 0x2dd1e916),
+     TOBN(0x40394737, 0x3e77664a), TOBN(0x55ae744f, 0x346cee3e),
+     TOBN(0xd50a961a, 0x5b17a3ad), TOBN(0x13074b59, 0x54213673),
+     TOBN(0x93d36220, 0xd377e44b), TOBN(0x299c2b53, 0xadff14b5),
+     TOBN(0xf424d44c, 0xef639f11), TOBN(0xa4c9916d, 0x4a07f75f),
+     TOBN(0x0746354e, 0xa0173b4f), TOBN(0x2bd20213, 0xd23c00f7),
+     TOBN(0xf43eaab5, 0x0c23bb08), TOBN(0x13ba5119, 0xc3123e03),
+     TOBN(0x2847d030, 0x3f5b9d4d), TOBN(0x6742f2f2, 0x5da67bdd),
+     TOBN(0xef933bdc, 0x77c94195), TOBN(0xeaedd915, 0x6e240867),
+     TOBN(0x27f14cd1, 0x9499a78f), TOBN(0x462ab5c5, 0x6f9b3455),
+     TOBN(0x8f90f02a, 0xf02cfc6b), TOBN(0xb763891e, 0xb265230d),
+     TOBN(0xf59da3a9, 0x532d4977), TOBN(0x21e3327d, 0xcf9eba15),
+     TOBN(0x123c7b84, 0xbe60bbf0), TOBN(0x56ec12f2, 0x7706df76),
+     TOBN(0x75c96e8f, 0x264e20e8), TOBN(0xabe6bfed, 0x59a7a841),
+     TOBN(0x2cc09c04, 0x44c8eb00), TOBN(0xe05b3080, 0xf0c4e16b),
+     TOBN(0x1eb7777a, 0xa45f3314), TOBN(0x56af7bed, 0xce5d45e3),
+     TOBN(0x2b6e019a, 0x88b12f1a), TOBN(0x086659cd, 0xfd835f9b),
+     TOBN(0x2c18dbd1, 0x9dc21ec8), TOBN(0x98f9868a, 0x0fcf8139),
+     TOBN(0x737d2cd6, 0x48250b49), TOBN(0xcc61c947, 0x24b3428f),
+     TOBN(0x0c2b4078, 0x80dd9e76), TOBN(0xc43a8991, 0x383fbe08),
+     TOBN(0x5f7d2d65, 0x779be5d2), TOBN(0x78719a54, 0xeb3b4ab5),
+     TOBN(0xea7d260a, 0x6245e404), TOBN(0x9de40795, 0x6e7fdfe0),
+     TOBN(0x1ff3a415, 0x8dac1ab5), TOBN(0x3e7090f1, 0x649c9073),
+     TOBN(0x1a768561, 0x2b944e88), TOBN(0x250f939e, 0xe57f61c8),
+     TOBN(0x0c0daa89, 0x1ead643d), TOBN(0x68930023, 0xe125b88e),
+     TOBN(0x04b71aa7, 0xd2697768), TOBN(0xabdedef5, 0xca345a33),
+     TOBN(0x2409d29d, 0xee37385e), TOBN(0x4ee1df77, 0xcb83e156),
+     TOBN(0x0cac12d9, 0x1cbb5b43), TOBN(0x170ed2f6, 0xca895637),
+     TOBN(0x28228cfa, 0x8ade6d66), TOBN(0x7ff57c95, 0x53238aca),
+     TOBN(0xccc42563, 0x4b2ed709), TOBN(0x0e356769, 0x856fd30d),
+     TOBN(0xbcbcd43f, 0x559e9811), TOBN(0x738477ac, 0x5395b759),
+     TOBN(0x35752b90, 0xc00ee17f), TOBN(0x68748390, 0x742ed2e3),
+     TOBN(0x7cd06422, 0xbd1f5bc1), TOBN(0xfbc08769, 0xc9e7b797),
+     TOBN(0xa242a35b, 0xb0cf664a), TOBN(0x126e48f7, 0x7f9707e3),
+     TOBN(0x1717bf54, 0xc6832660), TOBN(0xfaae7332, 0xfd12c72e),
+     TOBN(0x27b52db7, 0x995d586b), TOBN(0xbe29569e, 0x832237c2),
+     TOBN(0xe8e4193e, 0x2a65e7db), TOBN(0x152706dc, 0x2eaa1bbb),
+     TOBN(0x72bcd8b7, 0xbc60055b), TOBN(0x03cc23ee, 0x56e27e4b),
+     TOBN(0xee337424, 0xe4819370), TOBN(0xe2aa0e43, 0x0ad3da09),
+     TOBN(0x40b8524f, 0x6383c45d), TOBN(0xd7663554, 0x42a41b25),
+     TOBN(0x64efa6de, 0x778a4797), TOBN(0x2042170a, 0x7079adf4),
+     TOBN(0x808b0b65, 0x0bc6fb80), TOBN(0x5882e075, 0x3ffe2e6b),
+     TOBN(0xd5ef2f7c, 0x2c83f549), TOBN(0x54d63c80, 0x9103b723),
+     TOBN(0xf2f11bd6, 0x52a23f9b), TOBN(0x3670c319, 0x4b0b6587),
+     TOBN(0x55c4623b, 0xb1580e9e), TOBN(0x64edf7b2, 0x01efe220),
+     TOBN(0x97091dcb, 0xd53c5c9d), TOBN(0xf17624b6, 0xac0a177b),
+     TOBN(0xb0f13975, 0x2cfe2dff), TOBN(0xc1a35c0a, 0x6c7a574e),
+     TOBN(0x227d3146, 0x93e79987), TOBN(0x0575bf30, 0xe89cb80e),
+     TOBN(0x2f4e247f, 0x0d1883bb), TOBN(0xebd51226, 0x3274c3d0),
+     TOBN(0x5f3e51c8, 0x56ada97a), TOBN(0x4afc964d, 0x8f8b403e),
+     TOBN(0xa6f247ab, 0x412e2979), TOBN(0x675abd1b, 0x6f80ebda),
+     TOBN(0x66a2bd72, 0x5e485a1d), TOBN(0x4b2a5caf, 0x8f4f0b3c),
+     TOBN(0x2626927f, 0x1b847bba), TOBN(0x6c6fc7d9, 0x0502394d),
+     TOBN(0xfea912ba, 0xa5659ae8), TOBN(0x68363aba, 0x25e1a16e),
+     TOBN(0xb8842277, 0x752c41ac), TOBN(0xfe545c28, 0x2897c3fc),
+     TOBN(0x2d36e9e7, 0xdc4c696b), TOBN(0x5806244a, 0xfba977c5),
+     TOBN(0x85665e9b, 0xe39508c1), TOBN(0xf720ee25, 0x6d12597b),
+     TOBN(0x8a979129, 0xd2337a31), TOBN(0x5916868f, 0x0f862bdc),
+     TOBN(0x048099d9, 0x5dd283ba), TOBN(0xe2d1eeb6, 0xfe5bfb4e),
+     TOBN(0x82ef1c41, 0x7884005d), TOBN(0xa2d4ec17, 0xffffcbae),
+     TOBN(0x9161c53f, 0x8aa95e66), TOBN(0x5ee104e1, 0xc5fee0d0),
+     TOBN(0x562e4cec, 0xc135b208), TOBN(0x74e1b265, 0x4783f47d),
+     TOBN(0x6d2a506c, 0x5a3f3b30), TOBN(0xecead9f4, 0xc16762fc),
+     TOBN(0xf29dd4b2, 0xe286e5b9), TOBN(0x1b0fadc0, 0x83bb3c61),
+     TOBN(0x7a75023e, 0x7fac29a4), TOBN(0xc086d5f1, 0xc9477fa3),
+     TOBN(0x0fc61135, 0x2f6f3076), TOBN(0xc99ffa23, 0xe3912a9a),
+     TOBN(0x6a0b0685, 0xd2f8ba3d), TOBN(0xfdc777e8, 0xe93358a4),
+     TOBN(0x94a787bb, 0x35415f04), TOBN(0x640c2d6a, 0x4d23fea4),
+     TOBN(0x9de917da, 0x153a35b5), TOBN(0x793e8d07, 0x5d5cd074),
+     TOBN(0xf4f87653, 0x2de45068), TOBN(0x37c7a7e8, 0x9e2e1f6e),
+     TOBN(0xd0825fa2, 0xa3584069), TOBN(0xaf2cea7c, 0x1727bf42),
+     TOBN(0x0360a4fb, 0x9e4785a9), TOBN(0xe5fda49c, 0x27299f4a),
+     TOBN(0x48068e13, 0x71ac2f71), TOBN(0x83d0687b, 0x9077666f),
+     TOBN(0x6d3883b2, 0x15d02819), TOBN(0x6d0d7550, 0x40dd9a35),
+     TOBN(0x61d7cbf9, 0x1d2b469f), TOBN(0xf97b232f, 0x2efc3115),
+     TOBN(0xa551d750, 0xb24bcbc7), TOBN(0x11ea4949, 0x88a1e356),
+     TOBN(0x7669f031, 0x93cb7501), TOBN(0x595dc55e, 0xca737b8a),
+     TOBN(0xa4a319ac, 0xd837879f), TOBN(0x6fc1b49e, 0xed6b67b0),
+     TOBN(0xe3959933, 0x32f1f3af), TOBN(0x966742eb, 0x65432a2e),
+     TOBN(0x4b8dc9fe, 0xb4966228), TOBN(0x96cc6312, 0x43f43950),
+     TOBN(0x12068859, 0xc9b731ee), TOBN(0x7b948dc3, 0x56f79968),
+     TOBN(0x61e4ad32, 0xed1f8008), TOBN(0xe6c9267a, 0xd8b17538),
+     TOBN(0x1ac7c5eb, 0x857ff6fb), TOBN(0x994baaa8, 0x55f2fb10),
+     TOBN(0x84cf14e1, 0x1d248018), TOBN(0x5a39898b, 0x628ac508),
+     TOBN(0x14fde97b, 0x5fa944f5), TOBN(0xed178030, 0xd12e5ac7),
+     TOBN(0x042c2af4, 0x97e2feb4), TOBN(0xd36a42d7, 0xaebf7313),
+     TOBN(0x49d2c9eb, 0x084ffdd7), TOBN(0x9f8aa54b, 0x2ef7c76a),
+     TOBN(0x9200b7ba, 0x09895e70), TOBN(0x3bd0c66f, 0xddb7fb58),
+     TOBN(0x2d97d108, 0x78eb4cbb), TOBN(0x2d431068, 0xd84bde31),
+     TOBN(0x4b523eb7, 0x172ccd1f), TOBN(0x7323cb28, 0x30a6a892),
+     TOBN(0x97082ec0, 0xcfe153eb), TOBN(0xe97f6b6a, 0xf2aadb97),
+     TOBN(0x1d3d393e, 0xd1a83da1), TOBN(0xa6a7f9c7, 0x804b2a68),
+     TOBN(0x4a688b48, 0x2d0cb71e), TOBN(0xa9b4cc5f, 0x40585278),
+     TOBN(0x5e5db46a, 0xcb66e132), TOBN(0xf1be963a, 0x0d925880),
+     TOBN(0x944a7027, 0x0317b9e2), TOBN(0xe266f959, 0x48603d48),
+     TOBN(0x98db6673, 0x5c208899), TOBN(0x90472447, 0xa2fb18a3),
+     TOBN(0x8a966939, 0x777c619f), TOBN(0x3798142a, 0x2a3be21b),
+     TOBN(0xb4241cb1, 0x3298b343), TOBN(0xa3a14e49, 0xb44f65a1),
+     TOBN(0xc5f4d6cd, 0x3ac77acd), TOBN(0xd0288cb5, 0x52b6fc3c),
+     TOBN(0xd5cc8c2f, 0x1c040abc), TOBN(0xb675511e, 0x06bf9b4a),
+     TOBN(0xd667da37, 0x9b3aa441), TOBN(0x460d45ce, 0x51601f72),
+     TOBN(0xe2f73c69, 0x6755ff89), TOBN(0xdd3cf7e7, 0x473017e6),
+     TOBN(0x8ef5689d, 0x3cf7600d), TOBN(0x948dc4f8, 0xb1fc87b4),
+     TOBN(0xd9e9fe81, 0x4ea53299), TOBN(0x2d921ca2, 0x98eb6028),
+     TOBN(0xfaecedfd, 0x0c9803fc), TOBN(0xf38ae891, 0x4d7b4745),
+     TOBN(0xd8c5fccf, 0xc5e3a3d8), TOBN(0xbefd904c, 0x4079dfbf),
+     TOBN(0xbc6d6a58, 0xfead0197), TOBN(0x39227077, 0x695532a4),
+     TOBN(0x09e23e6d, 0xdbef42f5), TOBN(0x7e449b64, 0x480a9908),
+     TOBN(0x7b969c1a, 0xad9a2e40), TOBN(0x6231d792, 0x9591c2a4),
+     TOBN(0x87151456, 0x0f664534), TOBN(0x85ceae7c, 0x4b68f103),
+     TOBN(0xac09c4ae, 0x65578ab9), TOBN(0x33ec6868, 0xf044b10c),
+     TOBN(0x6ac4832b, 0x3a8ec1f1), TOBN(0x5509d128, 0x5847d5ef),
+     TOBN(0xf909604f, 0x763f1574), TOBN(0xb16c4303, 0xc32f63c4),
+     TOBN(0xb6ab2014, 0x7ca23cd3), TOBN(0xcaa7a5c6, 0xa391849d),
+     TOBN(0x5b0673a3, 0x75678d94), TOBN(0xc982ddd4, 0xdd303e64),
+     TOBN(0xfd7b000b, 0x5db6f971), TOBN(0xbba2cb1f, 0x6f876f92),
+     TOBN(0xc77332a3, 0x3c569426), TOBN(0xa159100c, 0x570d74f8),
+     TOBN(0xfd16847f, 0xdec67ef5), TOBN(0x742ee464, 0x233e76b7),
+     TOBN(0x0b8e4134, 0xefc2b4c8), TOBN(0xca640b86, 0x42a3e521),
+     TOBN(0x653a0190, 0x8ceb6aa9), TOBN(0x313c300c, 0x547852d5),
+     TOBN(0x24e4ab12, 0x6b237af7), TOBN(0x2ba90162, 0x8bb47af8),
+     TOBN(0x3d5e58d6, 0xa8219bb7), TOBN(0xc691d0bd, 0x1b06c57f),
+     TOBN(0x0ae4cb10, 0xd257576e), TOBN(0x3569656c, 0xd54a3dc3),
+     TOBN(0xe5ebaebd, 0x94cda03a), TOBN(0x934e82d3, 0x162bfe13),
+     TOBN(0x450ac0ba, 0xe251a0c6), TOBN(0x480b9e11, 0xdd6da526),
+     TOBN(0x00467bc5, 0x8cce08b5), TOBN(0xb636458c, 0x7f178d55),
+     TOBN(0xc5748bae, 0xa677d806), TOBN(0x2763a387, 0xdfa394eb),
+     TOBN(0xa12b448a, 0x7d3cebb6), TOBN(0xe7adda3e, 0x6f20d850),
+     TOBN(0xf63ebce5, 0x1558462c), TOBN(0x58b36143, 0x620088a8),
+     TOBN(0x8a2cc3ca, 0x4d63c0ee), TOBN(0x51233117, 0x0fe948ce),
+     TOBN(0x7463fd85, 0x222ef33b), TOBN(0xadf0c7dc, 0x7c603d6c),
+     TOBN(0x0ec32d3b, 0xfe7765e5), TOBN(0xccaab359, 0xbf380409),
+     TOBN(0xbdaa84d6, 0x8e59319c), TOBN(0xd9a4c280, 0x9c80c34d),
+     TOBN(0xa9d89488, 0xa059c142), TOBN(0x6f5ae714, 0xff0b9346),
+     TOBN(0x068f237d, 0x16fb3664), TOBN(0x5853e4c4, 0x363186ac),
+     TOBN(0xe2d87d23, 0x63c52f98), TOBN(0x2ec4a766, 0x81828876),
+     TOBN(0x47b864fa, 0xe14e7b1c), TOBN(0x0c0bc0e5, 0x69192408),
+     TOBN(0xe4d7681d, 0xb82e9f3e), TOBN(0x83200f0b, 0xdf25e13c),
+     TOBN(0x8909984c, 0x66f27280), TOBN(0x462d7b00, 0x75f73227),
+     TOBN(0xd90ba188, 0xf2651798), TOBN(0x74c6e18c, 0x36ab1c34),
+     TOBN(0xab256ea3, 0x5ef54359), TOBN(0x03466612, 0xd1aa702f),
+     TOBN(0x624d6049, 0x2ed22e91), TOBN(0x6fdfe0b5, 0x6f072822),
+     TOBN(0xeeca1115, 0x39ce2271), TOBN(0x98100a4f, 0xdb01614f),
+     TOBN(0xb6b0daa2, 0xa35c628f), TOBN(0xb6f94d2e, 0xc87e9a47),
+     TOBN(0xc6773259, 0x1d57d9ce), TOBN(0xf70bfeec, 0x03884a7b),
+     TOBN(0x5fb35ccf, 0xed2bad01), TOBN(0xa155cbe3, 0x1da6a5c7),
+     TOBN(0xc2e2594c, 0x30a92f8f), TOBN(0x649c89ce, 0x5bfafe43),
+     TOBN(0xd158667d, 0xe9ff257a), TOBN(0x9b359611, 0xf32c50ae),
+     TOBN(0x4b00b20b, 0x906014cf), TOBN(0xf3a8cfe3, 0x89bc7d3d),
+     TOBN(0x4ff23ffd, 0x248a7d06), TOBN(0x80c5bfb4, 0x878873fa),
+     TOBN(0xb7d9ad90, 0x05745981), TOBN(0x179c85db, 0x3db01994),
+     TOBN(0xba41b062, 0x61a6966c), TOBN(0x4d82d052, 0xeadce5a8),
+     TOBN(0x9e91cd3b, 0xa5e6a318), TOBN(0x47795f4f, 0x95b2dda0),
+     TOBN(0xecfd7c1f, 0xd55a897c), TOBN(0x009194ab, 0xb29110fb),
+     TOBN(0x5f0e2046, 0xe381d3b0), TOBN(0x5f3425f6, 0xa98dd291),
+     TOBN(0xbfa06687, 0x730d50da), TOBN(0x0423446c, 0x4b083b7f),
+     TOBN(0x397a247d, 0xd69d3417), TOBN(0xeb629f90, 0x387ba42a),
+     TOBN(0x1ee426cc, 0xd5cd79bf), TOBN(0x0032940b, 0x946c6e18),
+     TOBN(0x1b1e8ae0, 0x57477f58), TOBN(0xe94f7d34, 0x6d823278),
+     TOBN(0xc747cb96, 0x782ba21a), TOBN(0xc5254469, 0xf72b33a5),
+     TOBN(0x772ef6de, 0xc7f80c81), TOBN(0xd73acbfe, 0x2cd9e6b5),
+     TOBN(0x4075b5b1, 0x49ee90d9), TOBN(0x785c339a, 0xa06e9eba),
+     TOBN(0xa1030d5b, 0xabf825e0), TOBN(0xcec684c3, 0xa42931dc),
+     TOBN(0x42ab62c9, 0xc1586e63), TOBN(0x45431d66, 0x5ab43f2b),
+     TOBN(0x57c8b2c0, 0x55f7835d), TOBN(0x033da338, 0xc1b7f865),
+     TOBN(0x283c7513, 0xcaa76097), TOBN(0x0a624fa9, 0x36c83906),
+     TOBN(0x6b20afec, 0x715af2c7), TOBN(0x4b969974, 0xeba78bfd),
+     TOBN(0x220755cc, 0xd921d60e), TOBN(0x9b944e10, 0x7baeca13),
+     TOBN(0x04819d51, 0x5ded93d4), TOBN(0x9bbff86e, 0x6dddfd27),
+     TOBN(0x6b344130, 0x77adc612), TOBN(0xa7496529, 0xbbd803a0),
+     TOBN(0x1a1baaa7, 0x6d8805bd), TOBN(0xc8403902, 0x470343ad),
+     TOBN(0x39f59f66, 0x175adff1), TOBN(0x0b26d7fb, 0xb7d8c5b7),
+     TOBN(0xa875f5ce, 0x529d75e3), TOBN(0x85efc7e9, 0x41325cc2),
+     TOBN(0x21950b42, 0x1ff6acd3), TOBN(0xffe70484, 0x53dc6909),
+     TOBN(0xff4cd0b2, 0x28766127), TOBN(0xabdbe608, 0x4fb7db2b),
+     TOBN(0x837c9228, 0x5e1109e8), TOBN(0x26147d27, 0xf4645b5a),
+     TOBN(0x4d78f592, 0xf7818ed8), TOBN(0xd394077e, 0xf247fa36),
+     TOBN(0x0fb9c2d0, 0x488c171a), TOBN(0xa78bfbaa, 0x13685278),
+     TOBN(0xedfbe268, 0xd5b1fa6a), TOBN(0x0dceb8db, 0x2b7eaba7),
+     TOBN(0xbf9e8089, 0x9ae2b710), TOBN(0xefde7ae6, 0xa4449c96),
+     TOBN(0x43b7716b, 0xcc143a46), TOBN(0xd7d34194, 0xc3628c13),
+     TOBN(0x508cec1c, 0x3b3f64c9), TOBN(0xe20bc0ba, 0x1e5edf3f),
+     TOBN(0xda1deb85, 0x2f4318d4), TOBN(0xd20ebe0d, 0x5c3fa443),
+     TOBN(0x370b4ea7, 0x73241ea3), TOBN(0x61f1511c, 0x5e1a5f65),
+     TOBN(0x99a5e23d, 0x82681c62), TOBN(0xd731e383, 0xa2f54c2d),
+     TOBN(0x2692f36e, 0x83445904), TOBN(0x2e0ec469, 0xaf45f9c0),
+     TOBN(0x905a3201, 0xc67528b7), TOBN(0x88f77f34, 0xd0e5e542),
+     TOBN(0xf67a8d29, 0x5864687c), TOBN(0x23b92eae, 0x22df3562),
+     TOBN(0x5c27014b, 0x9bbec39e), TOBN(0x7ef2f226, 0x9c0f0f8d),
+     TOBN(0x97359638, 0x546c4d8d), TOBN(0x5f9c3fc4, 0x92f24679),
+     TOBN(0x912e8bed, 0xa8c8acd9), TOBN(0xec3a318d, 0x306634b0),
+     TOBN(0x80167f41, 0xc31cb264), TOBN(0x3db82f6f, 0x522113f2),
+     TOBN(0xb155bcd2, 0xdcafe197), TOBN(0xfba1da59, 0x43465283),
+     TOBN(0xa0425b8e, 0xb212cf53), TOBN(0x4f2e512e, 0xf8557c5f),
+     TOBN(0xc1286ff9, 0x25c4d56c), TOBN(0xbb8a0fea, 0xee26c851),
+     TOBN(0xc28f70d2, 0xe7d6107e), TOBN(0x7ee0c444, 0xe76265aa),
+     TOBN(0x3df277a4, 0x1d1936b1), TOBN(0x1a556e3f, 0xea9595eb),
+     TOBN(0x258bbbf9, 0xe7305683), TOBN(0x31eea5bf, 0x07ef5be6),
+     TOBN(0x0deb0e4a, 0x46c814c1), TOBN(0x5cee8449, 0xa7b730dd),
+     TOBN(0xeab495c5, 0xa0182bde), TOBN(0xee759f87, 0x9e27a6b4),
+     TOBN(0xc2cf6a68, 0x80e518ca), TOBN(0x25e8013f, 0xf14cf3f4),
+     TOBN(0x8fc44140, 0x7e8d7a14), TOBN(0xbb1ff3ca, 0x9556f36a),
+     TOBN(0x6a844385, 0x14600044), TOBN(0xba3f0c4a, 0x7451ae63),
+     TOBN(0xdfcac25b, 0x1f9af32a), TOBN(0x01e0db86, 0xb1f2214b),
+     TOBN(0x4e9a5bc2, 0xa4b596ac), TOBN(0x83927681, 0x026c2c08),
+     TOBN(0x3ec832e7, 0x7acaca28), TOBN(0x1bfeea57, 0xc7385b29),
+     TOBN(0x068212e3, 0xfd1eaf38), TOBN(0xc1329830, 0x6acf8ccc),
+     TOBN(0xb909f2db, 0x2aac9e59), TOBN(0x5748060d, 0xb661782a),
+     TOBN(0xc5ab2632, 0xc79b7a01), TOBN(0xda44c6c6, 0x00017626),
+     TOBN(0xf26c00e8, 0xa7ea82f0), TOBN(0x99cac80d, 0xe4299aaf),
+     TOBN(0xd66fe3b6, 0x7ed78be1), TOBN(0x305f725f, 0x648d02cd),
+     TOBN(0x33ed1bc4, 0x623fb21b), TOBN(0xfa70533e, 0x7a6319ad),
+     TOBN(0x17ab562d, 0xbe5ffb3e), TOBN(0x06374994, 0x56674741),
+     TOBN(0x69d44ed6, 0x5c46aa8e), TOBN(0x2100d5d3, 0xa8d063d1),
+     TOBN(0xcb9727ea, 0xa2d17c36), TOBN(0x4c2bab1b, 0x8add53b7),
+     TOBN(0xa084e90c, 0x15426704), TOBN(0x778afcd3, 0xa837ebea),
+     TOBN(0x6651f701, 0x7ce477f8), TOBN(0xa0624998, 0x46fb7a8b),
+     TOBN(0xdc1e6828, 0xed8a6e19), TOBN(0x33fc2336, 0x4189d9c7),
+     TOBN(0x026f8fe2, 0x671c39bc), TOBN(0xd40c4ccd, 0xbc6f9915),
+     TOBN(0xafa135bb, 0xf80e75ca), TOBN(0x12c651a0, 0x22adff2c),
+     TOBN(0xc40a04bd, 0x4f51ad96), TOBN(0x04820109, 0xbbe4e832),
+     TOBN(0x3667eb1a, 0x7f4c04cc), TOBN(0x59556621, 0xa9404f84),
+     TOBN(0x71cdf653, 0x7eceb50a), TOBN(0x994a44a6, 0x9b8335fa),
+     TOBN(0xd7faf819, 0xdbeb9b69), TOBN(0x473c5680, 0xeed4350d),
+     TOBN(0xb6658466, 0xda44bba2), TOBN(0x0d1bc780, 0x872bdbf3),
+     TOBN(0xe535f175, 0xa1962f91), TOBN(0x6ed7e061, 0xed58f5a7),
+     TOBN(0x177aa4c0, 0x2089a233), TOBN(0x0dbcb03a, 0xe539b413),
+     TOBN(0xe3dc424e, 0xbb32e38e), TOBN(0x6472e5ef, 0x6806701e),
+     TOBN(0xdd47ff98, 0x814be9ee), TOBN(0x6b60cfff, 0x35ace009),
+     TOBN(0xb8d3d931, 0x9ff91fe5), TOBN(0x039c4800, 0xf0518eed),
+     TOBN(0x95c37632, 0x9182cb26), TOBN(0x0763a434, 0x82fc568d),
+     TOBN(0x707c04d5, 0x383e76ba), TOBN(0xac98b930, 0x824e8197),
+     TOBN(0x92bf7c8f, 0x91230de0), TOBN(0x90876a01, 0x40959b70),
+     TOBN(0xdb6d96f3, 0x05968b80), TOBN(0x380a0913, 0x089f73b9),
+     TOBN(0x7da70b83, 0xc2c61e01), TOBN(0x95fb8394, 0x569b38c7),
+     TOBN(0x9a3c6512, 0x80edfe2f), TOBN(0x8f726bb9, 0x8faeaf82),
+     TOBN(0x8010a4a0, 0x78424bf8), TOBN(0x29672044, 0x0e844970)}
+    ,
+    {TOBN(0x63c5cb81, 0x7a2ad62a), TOBN(0x7ef2b6b9, 0xac62ff54),
+     TOBN(0x3749bba4, 0xb3ad9db5), TOBN(0xad311f2c, 0x46d5a617),
+     TOBN(0xb77a8087, 0xc2ff3b6d), TOBN(0xb46feaf3, 0x367834ff),
+     TOBN(0xf8aa266d, 0x75d6b138), TOBN(0xfa38d320, 0xec008188),
+     TOBN(0x486d8ffa, 0x696946fc), TOBN(0x50fbc6d8, 0xb9cba56d),
+     TOBN(0x7e3d423e, 0x90f35a15), TOBN(0x7c3da195, 0xc0dd962c),
+     TOBN(0xe673fdb0, 0x3cfd5d8b), TOBN(0x0704b7c2, 0x889dfca5),
+     TOBN(0xf6ce581f, 0xf52305aa), TOBN(0x399d49eb, 0x914d5e53),
+     TOBN(0x380a496d, 0x6ec293cd), TOBN(0x733dbda7, 0x8e7051f5),
+     TOBN(0x037e388d, 0xb849140a), TOBN(0xee4b32b0, 0x5946dbf6),
+     TOBN(0xb1c4fda9, 0xcae368d1), TOBN(0x5001a7b0, 0xfdb0b2f3),
+     TOBN(0x6df59374, 0x2e3ac46e), TOBN(0x4af675f2, 0x39b3e656),
+     TOBN(0x44e38110, 0x39949296), TOBN(0x5b63827b, 0x361db1b5),
+     TOBN(0x3e5323ed, 0x206eaff5), TOBN(0x942370d2, 0xc21f4290),
+     TOBN(0xf2caaf2e, 0xe0d985a1), TOBN(0x192cc64b, 0x7239846d),
+     TOBN(0x7c0b8f47, 0xae6312f8), TOBN(0x7dc61f91, 0x96620108),
+     TOBN(0xb830fb5b, 0xc2da7de9), TOBN(0xd0e643df, 0x0ff8d3be),
+     TOBN(0x31ee77ba, 0x188a9641), TOBN(0x4e8aa3aa, 0xbcf6d502),
+     TOBN(0xf9fb6532, 0x9a49110f), TOBN(0xd18317f6, 0x2dd6b220),
+     TOBN(0x7e3ced41, 0x52c3ea5a), TOBN(0x0d296a14, 0x7d579c4a),
+     TOBN(0x35d6a53e, 0xed4c3717), TOBN(0x9f8240cf, 0x3d0ed2a3),
+     TOBN(0x8c0d4d05, 0xe5543aa5), TOBN(0x45d5bbfb, 0xdd33b4b4),
+     TOBN(0xfa04cc73, 0x137fd28e), TOBN(0x862ac6ef, 0xc73b3ffd),
+     TOBN(0x403ff9f5, 0x31f51ef2), TOBN(0x34d5e0fc, 0xbc73f5a2),
+     TOBN(0xf2526820, 0x08913f4f), TOBN(0xea20ed61, 0xeac93d95),
+     TOBN(0x51ed38b4, 0x6ca6b26c), TOBN(0x8662dcbc, 0xea4327b0),
+     TOBN(0x6daf295c, 0x725d2aaa), TOBN(0xbad2752f, 0x8e52dcda),
+     TOBN(0x2210e721, 0x0b17dacc), TOBN(0xa37f7912, 0xd51e8232),
+     TOBN(0x4f7081e1, 0x44cc3add), TOBN(0xd5ffa1d6, 0x87be82cf),
+     TOBN(0x89890b6c, 0x0edd6472), TOBN(0xada26e1a, 0x3ed17863),
+     TOBN(0x276f2715, 0x63483caa), TOBN(0xe6924cd9, 0x2f6077fd),
+     TOBN(0x05a7fe98, 0x0a466e3c), TOBN(0xf1c794b0, 0xb1902d1f),
+     TOBN(0xe5213688, 0x82a8042c), TOBN(0xd931cfaf, 0xcd278298),
+     TOBN(0x069a0ae0, 0xf597a740), TOBN(0x0adbb3f3, 0xeb59107c),
+     TOBN(0x983e951e, 0x5eaa8eb8), TOBN(0xe663a8b5, 0x11b48e78),
+     TOBN(0x1631cc0d, 0x8a03f2c5), TOBN(0x7577c11e, 0x11e271e2),
+     TOBN(0x33b2385c, 0x08369a90), TOBN(0x2990c59b, 0x190eb4f8),
+     TOBN(0x819a6145, 0xc68eac80), TOBN(0x7a786d62, 0x2ec4a014),
+     TOBN(0x33faadbe, 0x20ac3a8d), TOBN(0x31a21781, 0x5aba2d30),
+     TOBN(0x209d2742, 0xdba4f565), TOBN(0xdb2ce9e3, 0x55aa0fbb),
+     TOBN(0x8cef334b, 0x168984df), TOBN(0xe81dce17, 0x33879638),
+     TOBN(0xf6e6949c, 0x263720f0), TOBN(0x5c56feaf, 0xf593cbec),
+     TOBN(0x8bff5601, 0xfde58c84), TOBN(0x74e24117, 0x2eccb314),
+     TOBN(0xbcf01b61, 0x4c9a8a78), TOBN(0xa233e35e, 0x544c9868),
+     TOBN(0xb3156bf3, 0x8bd7aff1), TOBN(0x1b5ee4cb, 0x1d81b146),
+     TOBN(0x7ba1ac41, 0xd628a915), TOBN(0x8f3a8f9c, 0xfd89699e),
+     TOBN(0x7329b9c9, 0xa0748be7), TOBN(0x1d391c95, 0xa92e621f),
+     TOBN(0xe51e6b21, 0x4d10a837), TOBN(0xd255f53a, 0x4947b435),
+     TOBN(0x07669e04, 0xf1788ee3), TOBN(0xc14f27af, 0xa86938a2),
+     TOBN(0x8b47a334, 0xe93a01c0), TOBN(0xff627438, 0xd9366808),
+     TOBN(0x7a0985d8, 0xca2a5965), TOBN(0x3d9a5542, 0xd6e9b9b3),
+     TOBN(0xc23eb80b, 0x4cf972e8), TOBN(0x5c1c33bb, 0x4fdf72fd),
+     TOBN(0x0c4a58d4, 0x74a86108), TOBN(0xf8048a8f, 0xee4c5d90),
+     TOBN(0xe3c7c924, 0xe86d4c80), TOBN(0x28c889de, 0x056a1e60),
+     TOBN(0x57e2662e, 0xb214a040), TOBN(0xe8c48e98, 0x37e10347),
+     TOBN(0x87742862, 0x80ac748a), TOBN(0xf1c24022, 0x186b06f2),
+     TOBN(0xac2dd4c3, 0x5f74040a), TOBN(0x409aeb71, 0xfceac957),
+     TOBN(0x4fbad782, 0x55c4ec23), TOBN(0xb359ed61, 0x8a7b76ec),
+     TOBN(0x12744926, 0xed6f4a60), TOBN(0xe21e8d7f, 0x4b912de3),
+     TOBN(0xe2575a59, 0xfc705a59), TOBN(0x72f1d4de, 0xed2dbc0e),
+     TOBN(0x3d2b24b9, 0xeb7926b8), TOBN(0xbff88cb3, 0xcdbe5509),
+     TOBN(0xd0f399af, 0xe4dd640b), TOBN(0x3c5fe130, 0x2f76ed45),
+     TOBN(0x6f3562f4, 0x3764fb3d), TOBN(0x7b5af318, 0x3151b62d),
+     TOBN(0xd5bd0bc7, 0xd79ce5f3), TOBN(0xfdaf6b20, 0xec66890f),
+     TOBN(0x735c67ec, 0x6063540c), TOBN(0x50b259c2, 0xe5f9cb8f),
+     TOBN(0xb8734f9a, 0x3f99c6ab), TOBN(0xf8cc13d5, 0xa3a7bc85),
+     TOBN(0x80c1b305, 0xc5217659), TOBN(0xfe5364d4, 0x4ec12a54),
+     TOBN(0xbd87045e, 0x681345fe), TOBN(0x7f8efeb1, 0x582f897f),
+     TOBN(0xe8cbf1e5, 0xd5923359), TOBN(0xdb0cea9d, 0x539b9fb0),
+     TOBN(0x0c5b34cf, 0x49859b98), TOBN(0x5e583c56, 0xa4403cc6),
+     TOBN(0x11fc1a2d, 0xd48185b7), TOBN(0xc93fbc7e, 0x6e521787),
+     TOBN(0x47e7a058, 0x05105b8b), TOBN(0x7b4d4d58, 0xdb8260c8),
+     TOBN(0xe33930b0, 0x46eb842a), TOBN(0x8e844a9a, 0x7bdae56d),
+     TOBN(0x34ef3a9e, 0x13f7fdfc), TOBN(0xb3768f82, 0x636ca176),
+     TOBN(0x2821f4e0, 0x4e09e61c), TOBN(0x414dc3a1, 0xa0c7cddc),
+     TOBN(0xd5379437, 0x54945fcd), TOBN(0x151b6eef, 0xb3555ff1),
+     TOBN(0xb31bd613, 0x6339c083), TOBN(0x39ff8155, 0xdfb64701),
+     TOBN(0x7c3388d2, 0xe29604ab), TOBN(0x1e19084b, 0xa6b10442),
+     TOBN(0x17cf54c0, 0xeccd47ef), TOBN(0x89693385, 0x4a5dfb30),
+     TOBN(0x69d023fb, 0x47daf9f6), TOBN(0x9222840b, 0x7d91d959),
+     TOBN(0x439108f5, 0x803bac62), TOBN(0x0b7dd91d, 0x379bd45f),
+     TOBN(0xd651e827, 0xca63c581), TOBN(0x5c5d75f6, 0x509c104f),
+     TOBN(0x7d5fc738, 0x1f2dc308), TOBN(0x20faa7bf, 0xd98454be),
+     TOBN(0x95374bee, 0xa517b031), TOBN(0xf036b9b1, 0x642692ac),
+     TOBN(0xc5106109, 0x39842194), TOBN(0xb7e2353e, 0x49d05295),
+     TOBN(0xfc8c1d5c, 0xefb42ee0), TOBN(0xe04884eb, 0x08ce811c),
+     TOBN(0xf1f75d81, 0x7419f40e), TOBN(0x5b0ac162, 0xa995c241),
+     TOBN(0x120921bb, 0xc4c55646), TOBN(0x713520c2, 0x8d33cf97),
+     TOBN(0xb4a65a5c, 0xe98c5100), TOBN(0x6cec871d, 0x2ddd0f5a),
+     TOBN(0x251f0b7f, 0x9ba2e78b), TOBN(0x224a8434, 0xce3a2a5f),
+     TOBN(0x26827f61, 0x25f5c46f), TOBN(0x6a22bedc, 0x48545ec0),
+     TOBN(0x25ae5fa0, 0xb1bb5cdc), TOBN(0xd693682f, 0xfcb9b98f),
+     TOBN(0x32027fe8, 0x91e5d7d3), TOBN(0xf14b7d17, 0x73a07678),
+     TOBN(0xf88497b3, 0xc0dfdd61), TOBN(0xf7c2eec0, 0x2a8c4f48),
+     TOBN(0xaa5573f4, 0x3756e621), TOBN(0xc013a240, 0x1825b948),
+     TOBN(0x1c03b345, 0x63878572), TOBN(0xa0472bea, 0x653a4184),
+     TOBN(0xf4222e27, 0x0ac69a80), TOBN(0x34096d25, 0xf51e54f6),
+     TOBN(0x00a648cb, 0x8fffa591), TOBN(0x4e87acdc, 0x69b6527f),
+     TOBN(0x0575e037, 0xe285ccb4), TOBN(0x188089e4, 0x50ddcf52),
+     TOBN(0xaa96c9a8, 0x870ff719), TOBN(0x74a56cd8, 0x1fc7e369),
+     TOBN(0x41d04ee2, 0x1726931a), TOBN(0x0bbbb2c8, 0x3660ecfd),
+     TOBN(0xa6ef6de5, 0x24818e18), TOBN(0xe421cc51, 0xe7d57887),
+     TOBN(0xf127d208, 0xbea87be6), TOBN(0x16a475d3, 0xb1cdd682),
+     TOBN(0x9db1b684, 0x439b63f7), TOBN(0x5359b3db, 0xf0f113b6),
+     TOBN(0xdfccf1de, 0x8bf06e31), TOBN(0x1fdf8f44, 0xdd383901),
+     TOBN(0x10775cad, 0x5017e7d2), TOBN(0xdfc3a597, 0x58d11eef),
+     TOBN(0x6ec9c8a0, 0xb1ecff10), TOBN(0xee6ed6cc, 0x28400549),
+     TOBN(0xb5ad7bae, 0x1b4f8d73), TOBN(0x61b4f11d, 0xe00aaab9),
+     TOBN(0x7b32d69b, 0xd4eff2d7), TOBN(0x88ae6771, 0x4288b60f),
+     TOBN(0x159461b4, 0x37a1e723), TOBN(0x1f3d4789, 0x570aae8c),
+     TOBN(0x869118c0, 0x7f9871da), TOBN(0x35fbda78, 0xf635e278),
+     TOBN(0x738f3641, 0xe1541dac), TOBN(0x6794b13a, 0xc0dae45f),
+     TOBN(0x065064ac, 0x09cc0917), TOBN(0x27c53729, 0xc68540fd),
+     TOBN(0x0d2d4c8e, 0xef227671), TOBN(0xd23a9f80, 0xa1785a04),
+     TOBN(0x98c59528, 0x52650359), TOBN(0xfa09ad01, 0x74a1acad),
+     TOBN(0x082d5a29, 0x0b55bf5c), TOBN(0xa40f1c67, 0x419b8084),
+     TOBN(0x3a5c752e, 0xdcc18770), TOBN(0x4baf1f2f, 0x8825c3a5),
+     TOBN(0xebd63f74, 0x21b153ed), TOBN(0xa2383e47, 0xb2f64723),
+     TOBN(0xe7bf620a, 0x2646d19a), TOBN(0x56cb44ec, 0x03c83ffd),
+     TOBN(0xaf7267c9, 0x4f6be9f1), TOBN(0x8b2dfd7b, 0xc06bb5e9),
+     TOBN(0xb87072f2, 0xa672c5c7), TOBN(0xeacb11c8, 0x0d53c5e2),
+     TOBN(0x22dac29d, 0xff435932), TOBN(0x37bdb99d, 0x4408693c),
+     TOBN(0xf6e62fb6, 0x2899c20f), TOBN(0x3535d512, 0x447ece24),
+     TOBN(0xfbdc6b88, 0xff577ce3), TOBN(0x726693bd, 0x190575f2),
+     TOBN(0x6772b0e5, 0xab4b35a2), TOBN(0x1d8b6001, 0xf5eeaacf),
+     TOBN(0x728f7ce4, 0x795b9580), TOBN(0x4a20ed2a, 0x41fb81da),
+     TOBN(0x9f685cd4, 0x4fec01e6), TOBN(0x3ed7ddcc, 0xa7ff50ad),
+     TOBN(0x460fd264, 0x0c2d97fd), TOBN(0x3a241426, 0xeb82f4f9),
+     TOBN(0x17d1df2c, 0x6a8ea820), TOBN(0xb2b50d3b, 0xf22cc254),
+     TOBN(0x03856cba, 0xb7291426), TOBN(0x87fd26ae, 0x04f5ee39),
+     TOBN(0x9cb696cc, 0x02bee4ba), TOBN(0x53121804, 0x06820fd6),
+     TOBN(0xa5dfc269, 0x0212e985), TOBN(0x666f7ffa, 0x160f9a09),
+     TOBN(0xc503cd33, 0xbccd9617), TOBN(0x365dede4, 0xba7730a3),
+     TOBN(0x798c6355, 0x5ddb0786), TOBN(0xa6c3200e, 0xfc9cd3bc),
+     TOBN(0x060ffb2c, 0xe5e35efd), TOBN(0x99a4e25b, 0x5555a1c1),
+     TOBN(0x11d95375, 0xf70b3751), TOBN(0x0a57354a, 0x160e1bf6),
+     TOBN(0xecb3ae4b, 0xf8e4b065), TOBN(0x07a834c4, 0x2e53022b),
+     TOBN(0x1cd300b3, 0x8692ed96), TOBN(0x16a6f792, 0x61ee14ec),
+     TOBN(0x8f1063c6, 0x6a8649ed), TOBN(0xfbcdfcfe, 0x869f3e14),
+     TOBN(0x2cfb97c1, 0x00a7b3ec), TOBN(0xcea49b3c, 0x7130c2f1),
+     TOBN(0x462d044f, 0xe9d96488), TOBN(0x4b53d52e, 0x8182a0c1),
+     TOBN(0x84b6ddd3, 0x0391e9e9), TOBN(0x80ab7b48, 0xb1741a09),
+     TOBN(0xec0e15d4, 0x27d3317f), TOBN(0x8dfc1ddb, 0x1a64671e),
+     TOBN(0x93cc5d5f, 0xd49c5b92), TOBN(0xc995d53d, 0x3674a331),
+     TOBN(0x302e41ec, 0x090090ae), TOBN(0x2278a0cc, 0xedb06830),
+     TOBN(0x1d025932, 0xfbc99690), TOBN(0x0c32fbd2, 0xb80d68da),
+     TOBN(0xd79146da, 0xf341a6c1), TOBN(0xae0ba139, 0x1bef68a0),
+     TOBN(0xc6b8a563, 0x8d774b3a), TOBN(0x1cf307bd, 0x880ba4d7),
+     TOBN(0xc033bdc7, 0x19803511), TOBN(0xa9f97b3b, 0x8888c3be),
+     TOBN(0x3d68aebc, 0x85c6d05e), TOBN(0xc3b88a9d, 0x193919eb),
+     TOBN(0x2d300748, 0xc48b0ee3), TOBN(0x7506bc7c, 0x07a746c1),
+     TOBN(0xfc48437c, 0x6e6d57f3), TOBN(0x5bd71587, 0xcfeaa91a),
+     TOBN(0xa4ed0408, 0xc1bc5225), TOBN(0xd0b946db, 0x2719226d),
+     TOBN(0x109ecd62, 0x758d2d43), TOBN(0x75c8485a, 0x2751759b),
+     TOBN(0xb0b75f49, 0x9ce4177a), TOBN(0x4fa61a1e, 0x79c10c3d),
+     TOBN(0xc062d300, 0xa167fcd7), TOBN(0x4df3874c, 0x750f0fa8),
+     TOBN(0x29ae2cf9, 0x83dfedc9), TOBN(0xf8437134, 0x8d87631a),
+     TOBN(0xaf571711, 0x7429c8d2), TOBN(0x18d15867, 0x146d9272),
+     TOBN(0x83053ecf, 0x69769bb7), TOBN(0xc55eb856, 0xc479ab82),
+     TOBN(0x5ef7791c, 0x21b0f4b2), TOBN(0xaa5956ba, 0x3d491525),
+     TOBN(0x407a96c2, 0x9fe20eba), TOBN(0xf27168bb, 0xe52a5ad3),
+     TOBN(0x43b60ab3, 0xbf1d9d89), TOBN(0xe45c51ef, 0x710e727a),
+     TOBN(0xdfca5276, 0x099b4221), TOBN(0x8dc6407c, 0x2557a159),
+     TOBN(0x0ead8335, 0x91035895), TOBN(0x0a9db957, 0x9c55dc32),
+     TOBN(0xe40736d3, 0xdf61bc76), TOBN(0x13a619c0, 0x3f778cdb),
+     TOBN(0x6dd921a4, 0xc56ea28f), TOBN(0x76a52433, 0x2fa647b4),
+     TOBN(0x23591891, 0xac5bdc5d), TOBN(0xff4a1a72, 0xbac7dc01),
+     TOBN(0x9905e261, 0x62df8453), TOBN(0x3ac045df, 0xe63b265f),
+     TOBN(0x8a3f341b, 0xad53dba7), TOBN(0x8ec269cc, 0x837b625a),
+     TOBN(0xd71a2782, 0x3ae31189), TOBN(0x8fb4f9a3, 0x55e96120),
+     TOBN(0x804af823, 0xff9875cf), TOBN(0x23224f57, 0x5d442a9b),
+     TOBN(0x1c4d3b9e, 0xecc62679), TOBN(0x91da22fb, 0xa0e7ddb1),
+     TOBN(0xa370324d, 0x6c04a661), TOBN(0x9710d3b6, 0x5e376d17),
+     TOBN(0xed8c98f0, 0x3044e357), TOBN(0xc364ebbe, 0x6422701c),
+     TOBN(0x347f5d51, 0x7733d61c), TOBN(0xd55644b9, 0xcea826c3),
+     TOBN(0x80c6e0ad, 0x55a25548), TOBN(0x0aa7641d, 0x844220a7),
+     TOBN(0x1438ec81, 0x31810660), TOBN(0x9dfa6507, 0xde4b4043),
+     TOBN(0x10b515d8, 0xcc3e0273), TOBN(0x1b6066dd, 0x28d8cfb2),
+     TOBN(0xd3b04591, 0x9c9efebd), TOBN(0x425d4bdf, 0xa21c1ff4),
+     TOBN(0x5fe5af19, 0xd57607d3), TOBN(0xbbf773f7, 0x54481084),
+     TOBN(0x8435bd69, 0x94b03ed1), TOBN(0xd9ad1de3, 0x634cc546),
+     TOBN(0x2cf423fc, 0x00e420ca), TOBN(0xeed26d80, 0xa03096dd),
+     TOBN(0xd7f60be7, 0xa4db09d2), TOBN(0xf47f569d, 0x960622f7),
+     TOBN(0xe5925fd7, 0x7296c729), TOBN(0xeff2db26, 0x26ca2715),
+     TOBN(0xa6fcd014, 0xb913e759), TOBN(0x53da4786, 0x8ff4de93),
+     TOBN(0x14616d79, 0xc32068e1), TOBN(0xb187d664, 0xccdf352e),
+     TOBN(0xf7afb650, 0x1dc90b59), TOBN(0x8170e943, 0x7daa1b26),
+     TOBN(0xc8e3bdd8, 0x700c0a84), TOBN(0x6e8d345f, 0x6482bdfa),
+     TOBN(0x84cfbfa1, 0xc5c5ea50), TOBN(0xd3baf14c, 0x67960681),
+     TOBN(0x26398403, 0x0dd50942), TOBN(0xe4b7839c, 0x4716a663),
+     TOBN(0xd5f1f794, 0xe7de6dc0), TOBN(0x5cd0f4d4, 0x622aa7ce),
+     TOBN(0x5295f3f1, 0x59acfeec), TOBN(0x8d933552, 0x953e0607),
+     TOBN(0xc7db8ec5, 0x776c5722), TOBN(0xdc467e62, 0x2b5f290c),
+     TOBN(0xd4297e70, 0x4ff425a9), TOBN(0x4be924c1, 0x0cf7bb72),
+     TOBN(0x0d5dc5ae, 0xa1892131), TOBN(0x8bf8a8e3, 0xa705c992),
+     TOBN(0x73a0b064, 0x7a305ac5), TOBN(0x00c9ca4e, 0x9a8c77a8),
+     TOBN(0x5dfee80f, 0x83774bdd), TOBN(0x63131602, 0x85734485),
+     TOBN(0xa1b524ae, 0x914a69a9), TOBN(0xebc2ffaf, 0xd4e300d7),
+     TOBN(0x52c93db7, 0x7cfa46a5), TOBN(0x71e6161f, 0x21653b50),
+     TOBN(0x3574fc57, 0xa4bc580a), TOBN(0xc09015dd, 0xe1bc1253),
+     TOBN(0x4b7b47b2, 0xd174d7aa), TOBN(0x4072d8e8, 0xf3a15d04),
+     TOBN(0xeeb7d47f, 0xd6fa07ed), TOBN(0x6f2b9ff9, 0xedbdafb1),
+     TOBN(0x18c51615, 0x3760fe8a), TOBN(0x7a96e6bf, 0xf06c6c13),
+     TOBN(0x4d7a0410, 0x0ea2d071), TOBN(0xa1914e9b, 0x0be2a5ce),
+     TOBN(0x5726e357, 0xd8a3c5cf), TOBN(0x1197ecc3, 0x2abb2b13),
+     TOBN(0x6c0d7f7f, 0x31ae88dd), TOBN(0x15b20d1a, 0xfdbb3efe),
+     TOBN(0xcd06aa26, 0x70584039), TOBN(0x2277c969, 0xa7dc9747),
+     TOBN(0xbca69587, 0x7855d815), TOBN(0x899ea238, 0x5188b32a),
+     TOBN(0x37d9228b, 0x760c1c9d), TOBN(0xc7efbb11, 0x9b5c18da),
+     TOBN(0x7f0d1bc8, 0x19f6dbc5), TOBN(0x4875384b, 0x07e6905b),
+     TOBN(0xc7c50baa, 0x3ba8cd86), TOBN(0xb0ce40fb, 0xc2905de0),
+     TOBN(0x70840673, 0x7a231952), TOBN(0xa912a262, 0xcf43de26),
+     TOBN(0x9c38ddcc, 0xeb5b76c1), TOBN(0x746f5285, 0x26fc0ab4),
+     TOBN(0x52a63a50, 0xd62c269f), TOBN(0x60049c55, 0x99458621),
+     TOBN(0xe7f48f82, 0x3c2f7c9e), TOBN(0x6bd99043, 0x917d5cf3),
+     TOBN(0xeb1317a8, 0x8701f469), TOBN(0xbd3fe2ed, 0x9a449fe0),
+     TOBN(0x421e79ca, 0x12ef3d36), TOBN(0x9ee3c36c, 0x3e7ea5de),
+     TOBN(0xe48198b5, 0xcdff36f7), TOBN(0xaff4f967, 0xc6b82228),
+     TOBN(0x15e19dd0, 0xc47adb7e), TOBN(0x45699b23, 0x032e7dfa),
+     TOBN(0x40680c8b, 0x1fae026a), TOBN(0x5a347a48, 0x550dbf4d),
+     TOBN(0xe652533b, 0x3cef0d7d), TOBN(0xd94f7b18, 0x2bbb4381),
+     TOBN(0x838752be, 0x0e80f500), TOBN(0x8e6e2488, 0x9e9c9bfb),
+     TOBN(0xc9751697, 0x16caca6a), TOBN(0x866c49d8, 0x38531ad9),
+     TOBN(0xc917e239, 0x7151ade1), TOBN(0x2d016ec1, 0x6037c407),
+     TOBN(0xa407ccc9, 0x00eac3f9), TOBN(0x835f6280, 0xe2ed4748),
+     TOBN(0xcc54c347, 0x1cc98e0d), TOBN(0x0e969937, 0xdcb572eb),
+     TOBN(0x1b16c8e8, 0x8f30c9cb), TOBN(0xa606ae75, 0x373c4661),
+     TOBN(0x47aa689b, 0x35502cab), TOBN(0xf89014ae, 0x4d9bb64f),
+     TOBN(0x202f6a9c, 0x31c71f7b), TOBN(0x01f95aa3, 0x296ffe5c),
+     TOBN(0x5fc06014, 0x53cec3a3), TOBN(0xeb991237, 0x5f498a45),
+     TOBN(0xae9a935e, 0x5d91ba87), TOBN(0xc6ac6281, 0x0b564a19),
+     TOBN(0x8a8fe81c, 0x3bd44e69), TOBN(0x7c8b467f, 0x9dd11d45),
+     TOBN(0xf772251f, 0xea5b8e69), TOBN(0xaeecb3bd, 0xc5b75fbc),
+     TOBN(0x1aca3331, 0x887ff0e5), TOBN(0xbe5d49ff, 0x19f0a131),
+     TOBN(0x582c13aa, 0xe5c8646f), TOBN(0xdbaa12e8, 0x20e19980),
+     TOBN(0x8f40f31a, 0xf7abbd94), TOBN(0x1f13f5a8, 0x1dfc7663),
+     TOBN(0x5d81f1ee, 0xaceb4fc0), TOBN(0x36256002, 0x5e6f0f42),
+     TOBN(0x4b67d6d7, 0x751370c8), TOBN(0x2608b698, 0x03e80589),
+     TOBN(0xcfc0d2fc, 0x05268301), TOBN(0xa6943d39, 0x40309212),
+     TOBN(0x192a90c2, 0x1fd0e1c2), TOBN(0xb209f113, 0x37f1dc76),
+     TOBN(0xefcc5e06, 0x97bf1298), TOBN(0xcbdb6730, 0x219d639e),
+     TOBN(0xd009c116, 0xb81e8c6f), TOBN(0xa3ffdde3, 0x1a7ce2e5),
+     TOBN(0xc53fbaaa, 0xa914d3ba), TOBN(0x836d500f, 0x88df85ee),
+     TOBN(0xd98dc71b, 0x66ee0751), TOBN(0x5a3d7005, 0x714516fd),
+     TOBN(0x21d3634d, 0x39eedbba), TOBN(0x35cd2e68, 0x0455a46d),
+     TOBN(0xc8cafe65, 0xf9d7eb0c), TOBN(0xbda3ce9e, 0x00cefb3e),
+     TOBN(0xddc17a60, 0x2c9cf7a4), TOBN(0x01572ee4, 0x7bcb8773),
+     TOBN(0xa92b2b01, 0x8c7548df), TOBN(0x732fd309, 0xa84600e3),
+     TOBN(0xe22109c7, 0x16543a40), TOBN(0x9acafd36, 0xfede3c6c),
+     TOBN(0xfb206852, 0x6824e614), TOBN(0x2a4544a9, 0xda25dca0),
+     TOBN(0x25985262, 0x91d60b06), TOBN(0x281b7be9, 0x28753545),
+     TOBN(0xec667b1a, 0x90f13b27), TOBN(0x33a83aff, 0x940e2eb4),
+     TOBN(0x80009862, 0xd5d721d5), TOBN(0x0c3357a3, 0x5bd3a182),
+     TOBN(0x27f3a83b, 0x7aa2cda4), TOBN(0xb58ae74e, 0xf6f83085),
+     TOBN(0x2a911a81, 0x2e6dad6b), TOBN(0xde286051, 0xf43d6c5b),
+     TOBN(0x4bdccc41, 0xf996c4d8), TOBN(0xe7312ec0, 0x0ae1e24e)}
+    ,
+    {TOBN(0xf8d112e7, 0x6e6485b3), TOBN(0x4d3e24db, 0x771c52f8),
+     TOBN(0x48e3ee41, 0x684a2f6d), TOBN(0x7161957d, 0x21d95551),
+     TOBN(0x19631283, 0xcdb12a6c), TOBN(0xbf3fa882, 0x2e50e164),
+     TOBN(0xf6254b63, 0x3166cc73), TOBN(0x3aefa7ae, 0xaee8cc38),
+     TOBN(0x79b0fe62, 0x3b36f9fd), TOBN(0x26543b23, 0xfde19fc0),
+     TOBN(0x136e64a0, 0x958482ef), TOBN(0x23f63771, 0x9b095825),
+     TOBN(0x14cfd596, 0xb6a1142e), TOBN(0x5ea6aac6, 0x335aac0b),
+     TOBN(0x86a0e8bd, 0xf3081dd5), TOBN(0x5fb89d79, 0x003dc12a),
+     TOBN(0xf615c33a, 0xf72e34d4), TOBN(0x0bd9ea40, 0x110eec35),
+     TOBN(0x1c12bc5b, 0xc1dea34e), TOBN(0x686584c9, 0x49ae4699),
+     TOBN(0x13ad95d3, 0x8c97b942), TOBN(0x4609561a, 0x4e5c7562),
+     TOBN(0x9e94a4ae, 0xf2737f89), TOBN(0xf57594c6, 0x371c78b6),
+     TOBN(0x0f0165fc, 0xe3779ee3), TOBN(0xe00e7f9d, 0xbd495d9e),
+     TOBN(0x1fa4efa2, 0x20284e7a), TOBN(0x4564bade, 0x47ac6219),
+     TOBN(0x90e6312a, 0xc4708e8e), TOBN(0x4f5725fb, 0xa71e9adf),
+     TOBN(0xe95f55ae, 0x3d684b9f), TOBN(0x47f7ccb1, 0x1e94b415),
+     TOBN(0x7322851b, 0x8d946581), TOBN(0xf0d13133, 0xbdf4a012),
+     TOBN(0xa3510f69, 0x6584dae0), TOBN(0x03a7c171, 0x3c9f6c6d),
+     TOBN(0x5be97f38, 0xe475381a), TOBN(0xca1ba422, 0x85823334),
+     TOBN(0xf83cc5c7, 0x0be17dda), TOBN(0x158b1494, 0x0b918c0f),
+     TOBN(0xda3a77e5, 0x522e6b69), TOBN(0x69c908c3, 0xbbcd6c18),
+     TOBN(0x1f1b9e48, 0xd924fd56), TOBN(0x37c64e36, 0xaa4bb3f7),
+     TOBN(0x5a4fdbdf, 0xee478d7d), TOBN(0xba75c8bc, 0x0193f7a0),
+     TOBN(0x84bc1e84, 0x56cd16df), TOBN(0x1fb08f08, 0x46fad151),
+     TOBN(0x8a7cabf9, 0x842e9f30), TOBN(0xa331d4bf, 0x5eab83af),
+     TOBN(0xd272cfba, 0x017f2a6a), TOBN(0x27560abc, 0x83aba0e3),
+     TOBN(0x94b83387, 0x0e3a6b75), TOBN(0x25c6aea2, 0x6b9f50f5),
+     TOBN(0x803d691d, 0xb5fdf6d0), TOBN(0x03b77509, 0xe6333514),
+     TOBN(0x36178903, 0x61a341c1), TOBN(0x3604dc60, 0x0cfd6142),
+     TOBN(0x022295eb, 0x8533316c), TOBN(0x3dbde4ac, 0x44af2922),
+     TOBN(0x898afc5d, 0x1c7eef69), TOBN(0x58896805, 0xd14f4fa1),
+     TOBN(0x05002160, 0x203c21ca), TOBN(0x6f0d1f30, 0x40ef730b),
+     TOBN(0x8e8c44d4, 0x196224f8), TOBN(0x75a4ab95, 0x374d079d),
+     TOBN(0x79085ecc, 0x7d48f123), TOBN(0x56f04d31, 0x1bf65ad8),
+     TOBN(0xe220bf1c, 0xbda602b2), TOBN(0x73ee1742, 0xf9612c69),
+     TOBN(0x76008fc8, 0x084fd06b), TOBN(0x4000ef9f, 0xf11380d1),
+     TOBN(0x48201b4b, 0x12cfe297), TOBN(0x3eee129c, 0x292f74e5),
+     TOBN(0xe1fe114e, 0xc9e874e8), TOBN(0x899b055c, 0x92c5fc41),
+     TOBN(0x4e477a64, 0x3a39c8cf), TOBN(0x82f09efe, 0x78963cc9),
+     TOBN(0x6fd3fd8f, 0xd333f863), TOBN(0x85132b2a, 0xdc949c63),
+     TOBN(0x7e06a3ab, 0x516eb17b), TOBN(0x73bec06f, 0xd2c7372b),
+     TOBN(0xe4f74f55, 0xba896da6), TOBN(0xbb4afef8, 0x8e9eb40f),
+     TOBN(0x2d75bec8, 0xe61d66b0), TOBN(0x02bda4b4, 0xef29300b),
+     TOBN(0x8bbaa8de, 0x026baa5a), TOBN(0xff54befd, 0xa07f4440),
+     TOBN(0xbd9b8b1d, 0xbe7a2af3), TOBN(0xec51caa9, 0x4fb74a72),
+     TOBN(0xb9937a4b, 0x63879697), TOBN(0x7c9a9d20, 0xec2687d5),
+     TOBN(0x1773e44f, 0x6ef5f014), TOBN(0x8abcf412, 0xe90c6900),
+     TOBN(0x387bd022, 0x8142161e), TOBN(0x50393755, 0xfcb6ff2a),
+     TOBN(0x9813fd56, 0xed6def63), TOBN(0x53cf6482, 0x7d53106c),
+     TOBN(0x991a35bd, 0x431f7ac1), TOBN(0xf1e274dd, 0x63e65faf),
+     TOBN(0xf63ffa3c, 0x44cc7880), TOBN(0x411a426b, 0x7c256981),
+     TOBN(0xb698b9fd, 0x93a420e0), TOBN(0x89fdddc0, 0xae53f8fe),
+     TOBN(0x766e0722, 0x32398baa), TOBN(0x205fee42, 0x5cfca031),
+     TOBN(0xa49f5341, 0x7a029cf2), TOBN(0xa88c68b8, 0x4023890d),
+     TOBN(0xbc275041, 0x7337aaa8), TOBN(0x9ed364ad, 0x0eb384f4),
+     TOBN(0xe0816f85, 0x29aba92f), TOBN(0x2e9e1941, 0x04e38a88),
+     TOBN(0x57eef44a, 0x3dafd2d5), TOBN(0x35d1fae5, 0x97ed98d8),
+     TOBN(0x50628c09, 0x2307f9b1), TOBN(0x09d84aae, 0xd6cba5c6),
+     TOBN(0x67071bc7, 0x88aaa691), TOBN(0x2dea57a9, 0xafe6cb03),
+     TOBN(0xdfe11bb4, 0x3d78ac01), TOBN(0x7286418c, 0x7fd7aa51),
+     TOBN(0xfabf7709, 0x77f7195a), TOBN(0x8ec86167, 0xadeb838f),
+     TOBN(0xea1285a8, 0xbb4f012d), TOBN(0xd6883503, 0x9a3eab3f),
+     TOBN(0xee5d24f8, 0x309004c2), TOBN(0xa96e4b76, 0x13ffe95e),
+     TOBN(0x0cdffe12, 0xbd223ea4), TOBN(0x8f5c2ee5, 0xb6739a53),
+     TOBN(0x5cb4aaa5, 0xdd968198), TOBN(0xfa131c52, 0x72413a6c),
+     TOBN(0x53d46a90, 0x9536d903), TOBN(0xb270f0d3, 0x48606d8e),
+     TOBN(0x518c7564, 0xa053a3bc), TOBN(0x088254b7, 0x1a86caef),
+     TOBN(0xb3ba8cb4, 0x0ab5efd0), TOBN(0x5c59900e, 0x4605945d),
+     TOBN(0xecace1dd, 0xa1887395), TOBN(0x40960f36, 0x932a65de),
+     TOBN(0x9611ff5c, 0x3aa95529), TOBN(0xc58215b0, 0x7c1e5a36),
+     TOBN(0xd48c9b58, 0xf0e1a524), TOBN(0xb406856b, 0xf590dfb8),
+     TOBN(0xc7605e04, 0x9cd95662), TOBN(0x0dd036ee, 0xa33ecf82),
+     TOBN(0xa50171ac, 0xc33156b3), TOBN(0xf09d24ea, 0x4a80172e),
+     TOBN(0x4e1f72c6, 0x76dc8eef), TOBN(0xe60caadc, 0x5e3d44ee),
+     TOBN(0x006ef8a6, 0x979b1d8f), TOBN(0x60908a1c, 0x97788d26),
+     TOBN(0x6e08f95b, 0x266feec0), TOBN(0x618427c2, 0x22e8c94e),
+     TOBN(0x3d613339, 0x59145a65), TOBN(0xcd9bc368, 0xfa406337),
+     TOBN(0x82d11be3, 0x2d8a52a0), TOBN(0xf6877b27, 0x97a1c590),
+     TOBN(0x837a819b, 0xf5cbdb25), TOBN(0x2a4fd1d8, 0xde090249),
+     TOBN(0x622a7de7, 0x74990e5f), TOBN(0x840fa5a0, 0x7945511b),
+     TOBN(0x30b974be, 0x6558842d), TOBN(0x70df8c64, 0x17f3d0a6),
+     TOBN(0x7c803520, 0x7542e46d), TOBN(0x7251fe7f, 0xe4ecc823),
+     TOBN(0xe59134cb, 0x5e9aac9a), TOBN(0x11bb0934, 0xf0045d71),
+     TOBN(0x53e5d9b5, 0xdbcb1d4e), TOBN(0x8d97a905, 0x92defc91),
+     TOBN(0xfe289327, 0x7946d3f9), TOBN(0xe132bd24, 0x07472273),
+     TOBN(0xeeeb510c, 0x1eb6ae86), TOBN(0x777708c5, 0xf0595067),
+     TOBN(0x18e2c8cd, 0x1297029e), TOBN(0x2c61095c, 0xbbf9305e),
+     TOBN(0xe466c258, 0x6b85d6d9), TOBN(0x8ac06c36, 0xda1ea530),
+     TOBN(0xa365dc39, 0xa1304668), TOBN(0xe4a9c885, 0x07f89606),
+     TOBN(0x65a4898f, 0xacc7228d), TOBN(0x3e2347ff, 0x84ca8303),
+     TOBN(0xa5f6fb77, 0xea7d23a3), TOBN(0x2fac257d, 0x672a71cd),
+     TOBN(0x6908bef8, 0x7e6a44d3), TOBN(0x8ff87566, 0x891d3d7a),
+     TOBN(0xe58e90b3, 0x6b0cf82e), TOBN(0x6438d246, 0x2615b5e7),
+     TOBN(0x07b1f8fc, 0x669c145a), TOBN(0xb0d8b2da, 0x36f1e1cb),
+     TOBN(0x54d5dadb, 0xd9184c4d), TOBN(0x3dbb18d5, 0xf93d9976),
+     TOBN(0x0a3e0f56, 0xd1147d47), TOBN(0x2afa8c8d, 0xa0a48609),
+     TOBN(0x275353e8, 0xbc36742c), TOBN(0x898f427e, 0xeea0ed90),
+     TOBN(0x26f4947e, 0x3e477b00), TOBN(0x8ad8848a, 0x308741e3),
+     TOBN(0x6c703c38, 0xd74a2a46), TOBN(0x5e3e05a9, 0x9ba17ba2),
+     TOBN(0xc1fa6f66, 0x4ab9a9e4), TOBN(0x474a2d9a, 0x3841d6ec),
+     TOBN(0x871239ad, 0x653ae326), TOBN(0x14bcf72a, 0xa74cbb43),
+     TOBN(0x8737650e, 0x20d4c083), TOBN(0x3df86536, 0x110ed4af),
+     TOBN(0xd2d86fe7, 0xb53ca555), TOBN(0x688cb00d, 0xabd5d538),
+     TOBN(0xcf81bda3, 0x1ad38468), TOBN(0x7ccfe3cc, 0xf01167b6),
+     TOBN(0xcf4f47e0, 0x6c4c1fe6), TOBN(0x557e1f1a, 0x298bbb79),
+     TOBN(0xf93b974f, 0x30d45a14), TOBN(0x174a1d2d, 0x0baf97c4),
+     TOBN(0x7a003b30, 0xc51fbf53), TOBN(0xd8940991, 0xee68b225),
+     TOBN(0x5b0aa7b7, 0x1c0f4173), TOBN(0x975797c9, 0xa20a7153),
+     TOBN(0x26e08c07, 0xe3533d77), TOBN(0xd7222e6a, 0x2e341c99),
+     TOBN(0x9d60ec3d, 0x8d2dc4ed), TOBN(0xbdfe0d8f, 0x7c476cf8),
+     TOBN(0x1fe59ab6, 0x1d056605), TOBN(0xa9ea9df6, 0x86a8551f),
+     TOBN(0x8489941e, 0x47fb8d8c), TOBN(0xfeb874eb, 0x4a7f1b10),
+     TOBN(0xfe5fea86, 0x7ee0d98f), TOBN(0x201ad34b, 0xdbf61864),
+     TOBN(0x45d8fe47, 0x37c031d4), TOBN(0xd5f49fae, 0x795f0822),
+     TOBN(0xdb0fb291, 0xc7f4a40c), TOBN(0x2e69d9c1, 0x730ddd92),
+     TOBN(0x754e1054, 0x49d76987), TOBN(0x8a24911d, 0x7662db87),
+     TOBN(0x61fc1810, 0x60a71676), TOBN(0xe852d1a8, 0xf66a8ad1),
+     TOBN(0x172bbd65, 0x6417231e), TOBN(0x0d6de7bd, 0x3babb11f),
+     TOBN(0x6fde6f88, 0xc8e347f8), TOBN(0x1c587547, 0x9bd99cc3),
+     TOBN(0x78e54ed0, 0x34076950), TOBN(0x97f0f334, 0x796e83ba),
+     TOBN(0xe4dbe1ce, 0x4924867a), TOBN(0xbd5f51b0, 0x60b84917),
+     TOBN(0x37530040, 0x3cb09a79), TOBN(0xdb3fe0f8, 0xff1743d8),
+     TOBN(0xed7894d8, 0x556fa9db), TOBN(0xfa262169, 0x23412fbf),
+     TOBN(0x563be0db, 0xba7b9291), TOBN(0x6ca8b8c0, 0x0c9fb234),
+     TOBN(0xed406aa9, 0xbd763802), TOBN(0xc21486a0, 0x65303da1),
+     TOBN(0x61ae291e, 0xc7e62ec4), TOBN(0x622a0492, 0xdf99333e),
+     TOBN(0x7fd80c9d, 0xbb7a8ee0), TOBN(0xdc2ed3bc, 0x6c01aedb),
+     TOBN(0x35c35a12, 0x08be74ec), TOBN(0xd540cb1a, 0x469f671f),
+     TOBN(0xd16ced4e, 0xcf84f6c7), TOBN(0x8561fb9c, 0x2d090f43),
+     TOBN(0x7e693d79, 0x6f239db4), TOBN(0xa736f928, 0x77bd0d94),
+     TOBN(0x07b4d929, 0x2c1950ee), TOBN(0xda177543, 0x56dc11b3),
+     TOBN(0xa5dfbbaa, 0x7a6a878e), TOBN(0x1c70cb29, 0x4decb08a),
+     TOBN(0xfba28c8b, 0x6f0f7c50), TOBN(0xa8eba2b8, 0x854dcc6d),
+     TOBN(0x5ff8e89a, 0x36b78642), TOBN(0x070c1c8e, 0xf6873adf),
+     TOBN(0xbbd3c371, 0x6484d2e4), TOBN(0xfb78318f, 0x0d414129),
+     TOBN(0x2621a39c, 0x6ad93b0b), TOBN(0x979d74c2, 0xa9e917f7),
+     TOBN(0xfc195647, 0x61fb0428), TOBN(0x4d78954a, 0xbee624d4),
+     TOBN(0xb94896e0, 0xb8ae86fd), TOBN(0x6667ac0c, 0xc91c8b13),
+     TOBN(0x9f180512, 0x43bcf832), TOBN(0xfbadf8b7, 0xa0010137),
+     TOBN(0xc69b4089, 0xb3ba8aa7), TOBN(0xfac4bacd, 0xe687ce85),
+     TOBN(0x9164088d, 0x977eab40), TOBN(0x51f4c5b6, 0x2760b390),
+     TOBN(0xd238238f, 0x340dd553), TOBN(0x358566c3, 0xdb1d31c9),
+     TOBN(0x3a5ad69e, 0x5068f5ff), TOBN(0xf31435fc, 0xdaff6b06),
+     TOBN(0xae549a5b, 0xd6debff0), TOBN(0x59e5f0b7, 0x75e01331),
+     TOBN(0x5d492fb8, 0x98559acf), TOBN(0x96018c2e, 0x4db79b50),
+     TOBN(0x55f4a48f, 0x609f66aa), TOBN(0x1943b3af, 0x4900a14f),
+     TOBN(0xc22496df, 0x15a40d39), TOBN(0xb2a44684, 0x4c20f7c5),
+     TOBN(0x76a35afa, 0x3b98404c), TOBN(0xbec75725, 0xff5d1b77),
+     TOBN(0xb67aa163, 0xbea06444), TOBN(0x27e95bb2, 0xf724b6f2),
+     TOBN(0x3c20e3e9, 0xd238c8ab), TOBN(0x1213754e, 0xddd6ae17),
+     TOBN(0x8c431020, 0x716e0f74), TOBN(0x6679c82e, 0xffc095c2),
+     TOBN(0x2eb3adf4, 0xd0ac2932), TOBN(0x2cc970d3, 0x01bb7a76),
+     TOBN(0x70c71f2f, 0x740f0e66), TOBN(0x545c616b, 0x2b6b23cc),
+     TOBN(0x4528cfcb, 0xb40a8bd7), TOBN(0xff839633, 0x2ab27722),
+     TOBN(0x049127d9, 0x025ac99a), TOBN(0xd314d4a0, 0x2b63e33b),
+     TOBN(0xc8c310e7, 0x28d84519), TOBN(0x0fcb8983, 0xb3bc84ba),
+     TOBN(0x2cc52261, 0x38634818), TOBN(0x501814f4, 0xb44c2e0b),
+     TOBN(0xf7e181aa, 0x54dfdba3), TOBN(0xcfd58ff0, 0xe759718c),
+     TOBN(0xf90cdb14, 0xd3b507a8), TOBN(0x57bd478e, 0xc50bdad8),
+     TOBN(0x29c197e2, 0x50e5f9aa), TOBN(0x4db6eef8, 0xe40bc855),
+     TOBN(0x2cc8f21a, 0xd1fc0654), TOBN(0xc71cc963, 0x81269d73),
+     TOBN(0xecfbb204, 0x077f49f9), TOBN(0xdde92571, 0xca56b793),
+     TOBN(0x9abed6a3, 0xf97ad8f7), TOBN(0xe6c19d3f, 0x924de3bd),
+     TOBN(0x8dce92f4, 0xa140a800), TOBN(0x85f44d1e, 0x1337af07),
+     TOBN(0x5953c08b, 0x09d64c52), TOBN(0xa1b5e49f, 0xf5df9749),
+     TOBN(0x336a8fb8, 0x52735f7d), TOBN(0xb332b6db, 0x9add676b),
+     TOBN(0x558b88a0, 0xb4511aa4), TOBN(0x09788752, 0xdbd5cc55),
+     TOBN(0x16b43b9c, 0xd8cd52bd), TOBN(0x7f0bc5a0, 0xc2a2696b),
+     TOBN(0x146e12d4, 0xc11f61ef), TOBN(0x9ce10754, 0x3a83e79e),
+     TOBN(0x08ec73d9, 0x6cbfca15), TOBN(0x09ff29ad, 0x5b49653f),
+     TOBN(0xe31b72bd, 0xe7da946e), TOBN(0xebf9eb3b, 0xee80a4f2),
+     TOBN(0xd1aabd08, 0x17598ce4), TOBN(0x18b5fef4, 0x53f37e80),
+     TOBN(0xd5d5cdd3, 0x5958cd79), TOBN(0x3580a1b5, 0x1d373114),
+     TOBN(0xa36e4c91, 0xfa935726), TOBN(0xa38c534d, 0xef20d760),
+     TOBN(0x7088e40a, 0x2ff5845b), TOBN(0xe5bb40bd, 0xbd78177f),
+     TOBN(0x4f06a7a8, 0x857f9920), TOBN(0xe3cc3e50, 0xe968f05d),
+     TOBN(0x1d68b7fe, 0xe5682d26), TOBN(0x5206f76f, 0xaec7f87c),
+     TOBN(0x41110530, 0x041951ab), TOBN(0x58ec52c1, 0xd4b5a71a),
+     TOBN(0xf3488f99, 0x0f75cf9a), TOBN(0xf411951f, 0xba82d0d5),
+     TOBN(0x27ee75be, 0x618895ab), TOBN(0xeae060d4, 0x6d8aab14),
+     TOBN(0x9ae1df73, 0x7fb54dc2), TOBN(0x1f3e391b, 0x25963649),
+     TOBN(0x242ec32a, 0xfe055081), TOBN(0x5bd450ef, 0x8491c9bd),
+     TOBN(0x367efc67, 0x981eb389), TOBN(0xed7e1928, 0x3a0550d5),
+     TOBN(0x362e776b, 0xab3ce75c), TOBN(0xe890e308, 0x1f24c523),
+     TOBN(0xb961b682, 0xfeccef76), TOBN(0x8b8e11f5, 0x8bba6d92),
+     TOBN(0x8f2ccc4c, 0x2b2375c4), TOBN(0x0d7f7a52, 0xe2f86cfa),
+     TOBN(0xfd94d30a, 0x9efe5633), TOBN(0x2d8d246b, 0x5451f934),
+     TOBN(0x2234c6e3, 0x244e6a00), TOBN(0xde2b5b0d, 0xddec8c50),
+     TOBN(0x2ce53c5a, 0xbf776f5b), TOBN(0x6f724071, 0x60357b05),
+     TOBN(0xb2593717, 0x71bf3f7a), TOBN(0x87d2501c, 0x440c4a9f),
+     TOBN(0x440552e1, 0x87b05340), TOBN(0xb7bf7cc8, 0x21624c32),
+     TOBN(0x4155a6ce, 0x22facddb), TOBN(0x5a4228cb, 0x889837ef),
+     TOBN(0xef87d6d6, 0xfd4fd671), TOBN(0xa233687e, 0xc2daa10e),
+     TOBN(0x75622244, 0x03c0eb96), TOBN(0x7632d184, 0x8bf19be6),
+     TOBN(0x05d0f8e9, 0x40735ff4), TOBN(0x3a3e6e13, 0xc00931f1),
+     TOBN(0x31ccde6a, 0xdafe3f18), TOBN(0xf381366a, 0xcfe51207),
+     TOBN(0x24c222a9, 0x60167d92), TOBN(0x62f9d6f8, 0x7529f18c),
+     TOBN(0x412397c0, 0x0353b114), TOBN(0x334d89dc, 0xef808043),
+     TOBN(0xd9ec63ba, 0x2a4383ce), TOBN(0xcec8e937, 0x5cf92ba0),
+     TOBN(0xfb8b4288, 0xc8be74c0), TOBN(0x67d6912f, 0x105d4391),
+     TOBN(0x7b996c46, 0x1b913149), TOBN(0x36aae2ef, 0x3a4e02da),
+     TOBN(0xb68aa003, 0x972de594), TOBN(0x284ec70d, 0x4ec6d545),
+     TOBN(0xf3d2b2d0, 0x61391d54), TOBN(0x69c5d5d6, 0xfe114e92),
+     TOBN(0xbe0f00b5, 0xb4482dff), TOBN(0xe1596fa5, 0xf5bf33c5),
+     TOBN(0x10595b56, 0x96a71cba), TOBN(0x944938b2, 0xfdcadeb7),
+     TOBN(0xa282da4c, 0xfccd8471), TOBN(0x98ec05f3, 0x0d37bfe1),
+     TOBN(0xe171ce1b, 0x0698304a), TOBN(0x2d691444, 0x21bdf79b),
+     TOBN(0xd0cd3b74, 0x1b21dec1), TOBN(0x712ecd8b, 0x16a15f71),
+     TOBN(0x8d4c00a7, 0x00fd56e1), TOBN(0x02ec9692, 0xf9527c18),
+     TOBN(0x21c44937, 0x4a3e42e1), TOBN(0x9176fbab, 0x1392ae0a),
+     TOBN(0x8726f1ba, 0x44b7b618), TOBN(0xb4d7aae9, 0xf1de491c),
+     TOBN(0xf91df7b9, 0x07b582c0), TOBN(0x7e116c30, 0xef60aa3a),
+     TOBN(0x99270f81, 0x466265d7), TOBN(0xb15b6fe2, 0x4df7adf0),
+     TOBN(0xfe33b2d3, 0xf9738f7f), TOBN(0x48553ab9, 0xd6d70f95),
+     TOBN(0x2cc72ac8, 0xc21e94db), TOBN(0x795ac38d, 0xbdc0bbee),
+     TOBN(0x0a1be449, 0x2e40478f), TOBN(0x81bd3394, 0x052bde55),
+     TOBN(0x63c8dbe9, 0x56b3c4f2), TOBN(0x017a99cf, 0x904177cc),
+     TOBN(0x947bbddb, 0x4d010fc1), TOBN(0xacf9b00b, 0xbb2c9b21),
+     TOBN(0x2970bc8d, 0x47173611), TOBN(0x1a4cbe08, 0xac7d756f),
+     TOBN(0x06d9f4aa, 0x67d541a2), TOBN(0xa3e8b689, 0x59c2cf44),
+     TOBN(0xaad066da, 0x4d88f1dd), TOBN(0xc604f165, 0x7ad35dea),
+     TOBN(0x7edc0720, 0x4478ca67), TOBN(0xa10dfae0, 0xba02ce06),
+     TOBN(0xeceb1c76, 0xaf36f4e4), TOBN(0x994b2292, 0xaf3f8f48),
+     TOBN(0xbf9ed77b, 0x77c8a68c), TOBN(0x74f544ea, 0x51744c9d),
+     TOBN(0x82d05bb9, 0x8113a757), TOBN(0x4ef2d2b4, 0x8a9885e4),
+     TOBN(0x1e332be5, 0x1aa7865f), TOBN(0x22b76b18, 0x290d1a52),
+     TOBN(0x308a2310, 0x44351683), TOBN(0x9d861896, 0xa3f22840),
+     TOBN(0x5959ddcd, 0x841ed947), TOBN(0x0def0c94, 0x154b73bf),
+     TOBN(0xf0105417, 0x4c7c15e0), TOBN(0x539bfb02, 0x3a277c32),
+     TOBN(0xe699268e, 0xf9dccf5f), TOBN(0x9f5796a5, 0x0247a3bd),
+     TOBN(0x8b839de8, 0x4f157269), TOBN(0xc825c1e5, 0x7a30196b),
+     TOBN(0x6ef0aabc, 0xdc8a5a91), TOBN(0xf4a8ce6c, 0x498b7fe6),
+     TOBN(0x1cce35a7, 0x70cbac78), TOBN(0x83488e9b, 0xf6b23958),
+     TOBN(0x0341a070, 0xd76cb011), TOBN(0xda6c9d06, 0xae1b2658),
+     TOBN(0xb701fb30, 0xdd648c52), TOBN(0x994ca02c, 0x52fb9fd1),
+     TOBN(0x06933117, 0x6f563086), TOBN(0x3d2b8100, 0x17856bab),
+     TOBN(0xe89f48c8, 0x5963a46e), TOBN(0x658ab875, 0xa99e61c7),
+     TOBN(0x6e296f87, 0x4b8517b4), TOBN(0x36c4fcdc, 0xfc1bc656),
+     TOBN(0xde5227a1, 0xa3906def), TOBN(0x9fe95f57, 0x62418945),
+     TOBN(0x20c91e81, 0xfdd96cde), TOBN(0x5adbe47e, 0xda4480de),
+     TOBN(0xa009370f, 0x396de2b6), TOBN(0x98583d4b, 0xf0ecc7bd),
+     TOBN(0xf44f6b57, 0xe51d0672), TOBN(0x03d6b078, 0x556b1984),
+     TOBN(0x27dbdd93, 0xb0b64912), TOBN(0x9b3a3434, 0x15687b09),
+     TOBN(0x0dba6461, 0x51ec20a9), TOBN(0xec93db7f, 0xff28187c),
+     TOBN(0x00ff8c24, 0x66e48bdd), TOBN(0x2514f2f9, 0x11ccd78e),
+     TOBN(0xeba11f4f, 0xe1250603), TOBN(0x8a22cd41, 0x243fa156),
+     TOBN(0xa4e58df4, 0xb283e4c6), TOBN(0x78c29859, 0x8b39783f),
+     TOBN(0x5235aee2, 0xa5259809), TOBN(0xc16284b5, 0x0e0227dd),
+     TOBN(0xa5f57916, 0x1338830d), TOBN(0x6d4b8a6b, 0xd2123fca),
+     TOBN(0x236ea68a, 0xf9c546f8), TOBN(0xc1d36873, 0xfa608d36),
+     TOBN(0xcd76e495, 0x8d436d13), TOBN(0xd4d9c221, 0x8fb080af),
+     TOBN(0x665c1728, 0xe8ad3fb5), TOBN(0xcf1ebe4d, 0xb3d572e0),
+     TOBN(0xa7a8746a, 0x584c5e20), TOBN(0x267e4ea1, 0xb9dc7035),
+     TOBN(0x593a15cf, 0xb9548c9b), TOBN(0x5e6e2135, 0x4bd012f3),
+     TOBN(0xdf31cc6a, 0x8c8f936e), TOBN(0x8af84d04, 0xb5c241dc),
+     TOBN(0x63990a6f, 0x345efb86), TOBN(0x6fef4e61, 0xb9b962cb)}
+    ,
+    {TOBN(0xf6368f09, 0x25722608), TOBN(0x131260db, 0x131cf5c6),
+     TOBN(0x40eb353b, 0xfab4f7ac), TOBN(0x85c78880, 0x37eee829),
+     TOBN(0x4c1581ff, 0xc3bdf24e), TOBN(0x5bff75cb, 0xf5c3c5a8),
+     TOBN(0x35e8c83f, 0xa14e6f40), TOBN(0xb81d1c0f, 0x0295e0ca),
+     TOBN(0xfcde7cc8, 0xf43a730f), TOBN(0xe89b6f3c, 0x33ab590e),
+     TOBN(0xc823f529, 0xad03240b), TOBN(0x82b79afe, 0x98bea5db),
+     TOBN(0x568f2856, 0x962fe5de), TOBN(0x0c590adb, 0x60c591f3),
+     TOBN(0x1fc74a14, 0x4a28a858), TOBN(0x3b662498, 0xb3203f4c),
+     TOBN(0x91e3cf0d, 0x6c39765a), TOBN(0xa2db3acd, 0xac3cca0b),
+     TOBN(0x288f2f08, 0xcb953b50), TOBN(0x2414582c, 0xcf43cf1a),
+     TOBN(0x8dec8bbc, 0x60eee9a8), TOBN(0x54c79f02, 0x729aa042),
+     TOBN(0xd81cd5ec, 0x6532f5d5), TOBN(0xa672303a, 0xcf82e15f),
+     TOBN(0x376aafa8, 0x719c0563), TOBN(0xcd8ad2dc, 0xbc5fc79f),
+     TOBN(0x303fdb9f, 0xcb750cd3), TOBN(0x14ff052f, 0x4418b08e),
+     TOBN(0xf75084cf, 0x3e2d6520), TOBN(0x7ebdf0f8, 0x144ed509),
+     TOBN(0xf43bf0f2, 0xd3f25b98), TOBN(0x86ad71cf, 0xa354d837),
+     TOBN(0xb827fe92, 0x26f43572), TOBN(0xdfd3ab5b, 0x5d824758),
+     TOBN(0x315dd23a, 0x539094c1), TOBN(0x85c0e37a, 0x66623d68),
+     TOBN(0x575c7972, 0x7be19ae0), TOBN(0x616a3396, 0xdf0d36b5),
+     TOBN(0xa1ebb3c8, 0x26b1ff7e), TOBN(0x635b9485, 0x140ad453),
+     TOBN(0x92bf3cda, 0xda430c0b), TOBN(0x4702850e, 0x3a96dac6),
+     TOBN(0xc91cf0a5, 0x15ac326a), TOBN(0x95de4f49, 0xab8c25e4),
+     TOBN(0xb01bad09, 0xe265c17c), TOBN(0x24e45464, 0x087b3881),
+     TOBN(0xd43e583c, 0xe1fac5ca), TOBN(0xe17cb318, 0x6ead97a6),
+     TOBN(0x6cc39243, 0x74dcec46), TOBN(0x33cfc02d, 0x54c2b73f),
+     TOBN(0x82917844, 0xf26cd99c), TOBN(0x8819dd95, 0xd1773f89),
+     TOBN(0x09572aa6, 0x0871f427), TOBN(0x8e0cf365, 0xf6f01c34),
+     TOBN(0x7fa52988, 0xbff1f5af), TOBN(0x4eb357ea, 0xe75e8e50),
+     TOBN(0xd9d0c8c4, 0x868af75d), TOBN(0xd7325cff, 0x45c8c7ea),
+     TOBN(0xab471996, 0xcc81ecb0), TOBN(0xff5d55f3, 0x611824ed),
+     TOBN(0xbe314541, 0x1977a0ee), TOBN(0x5085c4c5, 0x722038c6),
+     TOBN(0x2d5335bf, 0xf94bb495), TOBN(0x894ad8a6, 0xc8e2a082),
+     TOBN(0x5c3e2341, 0xada35438), TOBN(0xf4a9fc89, 0x049b8c4e),
+     TOBN(0xbeeb355a, 0x9f17cf34), TOBN(0x3f311e0e, 0x6c91fe10),
+     TOBN(0xc2d20038, 0x92ab9891), TOBN(0x257bdcc1, 0x3e8ce9a9),
+     TOBN(0x1b2d9789, 0x88c53bee), TOBN(0x927ce89a, 0xcdba143a),
+     TOBN(0xb0a32cca, 0x523db280), TOBN(0x5c889f8a, 0x50d43783),
+     TOBN(0x503e04b3, 0x4897d16f), TOBN(0x8cdb6e78, 0x08f5f2e8),
+     TOBN(0x6ab91cf0, 0x179c8e74), TOBN(0xd8874e52, 0x48211d60),
+     TOBN(0xf948d4d5, 0xea851200), TOBN(0x4076d41e, 0xe6f9840a),
+     TOBN(0xc20e263c, 0x47b517ea), TOBN(0x79a448fd, 0x30685e5e),
+     TOBN(0xe55f6f78, 0xf90631a0), TOBN(0x88a790b1, 0xa79e6346),
+     TOBN(0x62160c7d, 0x80969fe8), TOBN(0x54f92fd4, 0x41491bb9),
+     TOBN(0xa6645c23, 0x5c957526), TOBN(0xf44cc5ae, 0xbea3ce7b),
+     TOBN(0xf7628327, 0x8b1e68b7), TOBN(0xc731ad7a, 0x303f29d3),
+     TOBN(0xfe5a9ca9, 0x57d03ecb), TOBN(0x96c0d50c, 0x41bc97a7),
+     TOBN(0xc4669fe7, 0x9b4f7f24), TOBN(0xfdd781d8, 0x3d9967ef),
+     TOBN(0x7892c7c3, 0x5d2c208d), TOBN(0x8bf64f7c, 0xae545cb3),
+     TOBN(0xc01f862c, 0x467be912), TOBN(0xf4c85ee9, 0xc73d30cc),
+     TOBN(0x1fa6f4be, 0x6ab83ec7), TOBN(0xa07a3c1c, 0x4e3e3cf9),
+     TOBN(0x87f8ef45, 0x0c00beb3), TOBN(0x30e2c2b3, 0x000d4c3e),
+     TOBN(0x1aa00b94, 0xfe08bf5b), TOBN(0x32c133aa, 0x9224ef52),
+     TOBN(0x38df16bb, 0x32e5685d), TOBN(0x68a9e069, 0x58e6f544),
+     TOBN(0x495aaff7, 0xcdc5ebc6), TOBN(0xf894a645, 0x378b135f),
+     TOBN(0xf316350a, 0x09e27ecf), TOBN(0xeced201e, 0x58f7179d),
+     TOBN(0x2eec273c, 0xe97861ba), TOBN(0x47ec2cae, 0xd693be2e),
+     TOBN(0xfa4c97c4, 0xf68367ce), TOBN(0xe4f47d0b, 0xbe5a5755),
+     TOBN(0x17de815d, 0xb298a979), TOBN(0xd7eca659, 0xc177dc7d),
+     TOBN(0x20fdbb71, 0x49ded0a3), TOBN(0x4cb2aad4, 0xfb34d3c5),
+     TOBN(0x2cf31d28, 0x60858a33), TOBN(0x3b6873ef, 0xa24aa40f),
+     TOBN(0x540234b2, 0x2c11bb37), TOBN(0x2d0366dd, 0xed4c74a3),
+     TOBN(0xf9a968da, 0xeec5f25d), TOBN(0x36601068, 0x67b63142),
+     TOBN(0x07cd6d2c, 0x68d7b6d4), TOBN(0xa8f74f09, 0x0c842942),
+     TOBN(0xe2751404, 0x7768b1ee), TOBN(0x4b5f7e89, 0xfe62aee4),
+     TOBN(0xc6a77177, 0x89070d26), TOBN(0xa1f28e4e, 0xdd1c8bc7),
+     TOBN(0xea5f4f06, 0x469e1f17), TOBN(0x78fc242a, 0xfbdb78e0),
+     TOBN(0xc9c7c592, 0x8b0588f1), TOBN(0xb6b7a0fd, 0x1535921e),
+     TOBN(0xcc5bdb91, 0xbde5ae35), TOBN(0xb42c485e, 0x12ff1864),
+     TOBN(0xa1113e13, 0xdbab98aa), TOBN(0xde9d469b, 0xa17b1024),
+     TOBN(0x23f48b37, 0xc0462d3a), TOBN(0x3752e537, 0x7c5c078d),
+     TOBN(0xe3a86add, 0x15544eb9), TOBN(0xf013aea7, 0x80fba279),
+     TOBN(0x8b5bb76c, 0xf22001b5), TOBN(0xe617ba14, 0xf02891ab),
+     TOBN(0xd39182a6, 0x936219d3), TOBN(0x5ce1f194, 0xae51cb19),
+     TOBN(0xc78f8598, 0xbf07a74c), TOBN(0x6d7158f2, 0x22cbf1bc),
+     TOBN(0x3b846b21, 0xe300ce18), TOBN(0x35fba630, 0x2d11275d),
+     TOBN(0x5fe25c36, 0xa0239b9b), TOBN(0xd8beb35d, 0xdf05d940),
+     TOBN(0x4db02bb0, 0x1f7e320d), TOBN(0x0641c364, 0x6da320ea),
+     TOBN(0x6d95fa5d, 0x821389a3), TOBN(0x92699748, 0x8fcd8e3d),
+     TOBN(0x316fef17, 0xceb6c143), TOBN(0x67fcb841, 0xd933762b),
+     TOBN(0xbb837e35, 0x118b17f8), TOBN(0x4b92552f, 0x9fd24821),
+     TOBN(0xae6bc70e, 0x46aca793), TOBN(0x1cf0b0e4, 0xe579311b),
+     TOBN(0x8dc631be, 0x5802f716), TOBN(0x099bdc6f, 0xbddbee4d),
+     TOBN(0xcc352bb2, 0x0caf8b05), TOBN(0xf74d505a, 0x72d63df2),
+     TOBN(0xb9876d4b, 0x91c4f408), TOBN(0x1ce18473, 0x9e229b2d),
+     TOBN(0x49507597, 0x83abdb4a), TOBN(0x850fbcb6, 0xdee84b18),
+     TOBN(0x6325236e, 0x609e67dc), TOBN(0x04d831d9, 0x9336c6d8),
+     TOBN(0x8deaae3b, 0xfa12d45d), TOBN(0xe425f8ce, 0x4746e246),
+     TOBN(0x8004c175, 0x24f5f31e), TOBN(0xaca16d8f, 0xad62c3b7),
+     TOBN(0x0dc15a6a, 0x9152f934), TOBN(0xf1235e5d, 0xed0e12c1),
+     TOBN(0xc33c06ec, 0xda477dac), TOBN(0x76be8732, 0xb2ea0006),
+     TOBN(0xcf3f7831, 0x0c0cd313), TOBN(0x3c524553, 0xa614260d),
+     TOBN(0x31a756f8, 0xcab22d15), TOBN(0x03ee10d1, 0x77827a20),
+     TOBN(0xd1e059b2, 0x1994ef20), TOBN(0x2a653b69, 0x638ae318),
+     TOBN(0x70d5eb58, 0x2f699010), TOBN(0x279739f7, 0x09f5f84a),
+     TOBN(0x5da4663c, 0x8b799336), TOBN(0xfdfdf14d, 0x203c37eb),
+     TOBN(0x32d8a9dc, 0xa1dbfb2d), TOBN(0xab40cff0, 0x77d48f9b),
+     TOBN(0xc018b383, 0xd20b42d5), TOBN(0xf9a810ef, 0x9f78845f),
+     TOBN(0x40af3753, 0xbdba9df0), TOBN(0xb90bdcfc, 0x131dfdf9),
+     TOBN(0x18720591, 0xf01ab782), TOBN(0xc823f211, 0x6af12a88),
+     TOBN(0xa51b80f3, 0x0dc14401), TOBN(0xde248f77, 0xfb2dfbe3),
+     TOBN(0xef5a44e5, 0x0cafe751), TOBN(0x73997c9c, 0xd4dcd221),
+     TOBN(0x32fd86d1, 0xde854024), TOBN(0xd5b53adc, 0xa09b84bb),
+     TOBN(0x008d7a11, 0xdcedd8d1), TOBN(0x406bd1c8, 0x74b32c84),
+     TOBN(0x5d4472ff, 0x05dde8b1), TOBN(0x2e25f2cd, 0xfce2b32f),
+     TOBN(0xbec0dd5e, 0x29dfc254), TOBN(0x4455fcf6, 0x2b98b267),
+     TOBN(0x0b4d43a5, 0xc72df2ad), TOBN(0xea70e6be, 0x48a75397),
+     TOBN(0x2aad6169, 0x5820f3bf), TOBN(0xf410d2dd, 0x9e37f68f),
+     TOBN(0x70fb7dba, 0x7be5ac83), TOBN(0x636bb645, 0x36ec3eec),
+     TOBN(0x27104ea3, 0x9754e21c), TOBN(0xbc87a3e6, 0x8d63c373),
+     TOBN(0x483351d7, 0x4109db9a), TOBN(0x0fa724e3, 0x60134da7),
+     TOBN(0x9ff44c29, 0xb0720b16), TOBN(0x2dd0cf13, 0x06aceead),
+     TOBN(0x5942758c, 0xe26929a6), TOBN(0x96c5db92, 0xb766a92b),
+     TOBN(0xcec7d4c0, 0x5f18395e), TOBN(0xd3f22744, 0x1f80d032),
+     TOBN(0x7a68b37a, 0xcb86075b), TOBN(0x074764dd, 0xafef92db),
+     TOBN(0xded1e950, 0x7bc7f389), TOBN(0xc580c850, 0xb9756460),
+     TOBN(0xaeeec2a4, 0x7da48157), TOBN(0x3f0b4e7f, 0x82c587b3),
+     TOBN(0x231c6de8, 0xa9f19c53), TOBN(0x5717bd73, 0x6974e34e),
+     TOBN(0xd9e1d216, 0xf1508fa9), TOBN(0x9f112361, 0xdadaa124),
+     TOBN(0x80145e31, 0x823b7348), TOBN(0x4dd8f0d5, 0xac634069),
+     TOBN(0xe3d82fc7, 0x2297c258), TOBN(0x276fcfee, 0x9cee7431),
+     TOBN(0x8eb61b5e, 0x2bc0aea9), TOBN(0x4f668fd5, 0xde329431),
+     TOBN(0x03a32ab1, 0x38e4b87e), TOBN(0xe1374517, 0x73d0ef0b),
+     TOBN(0x1a46f7e6, 0x853ac983), TOBN(0xc3bdf42e, 0x68e78a57),
+     TOBN(0xacf20785, 0x2ea96dd1), TOBN(0xa10649b9, 0xf1638460),
+     TOBN(0xf2369f0b, 0x879fbbed), TOBN(0x0ff0ae86, 0xda9d1869),
+     TOBN(0x5251d759, 0x56766f45), TOBN(0x4984d8c0, 0x2be8d0fc),
+     TOBN(0x7ecc95a6, 0xd21008f0), TOBN(0x29bd54a0, 0x3a1a1c49),
+     TOBN(0xab9828c5, 0xd26c50f3), TOBN(0x32c0087c, 0x51d0d251),
+     TOBN(0x9bac3ce6, 0x0c1cdb26), TOBN(0xcd94d947, 0x557ca205),
+     TOBN(0x1b1bd598, 0x9db1fdcd), TOBN(0x0eda0108, 0xa3d8b149),
+     TOBN(0x95066610, 0x56152fcc), TOBN(0xc2f037e6, 0xe7192b33),
+     TOBN(0xdeffb41a, 0xc92e05a4), TOBN(0x1105f6c2, 0xc2f6c62e),
+     TOBN(0x68e73500, 0x8733913c), TOBN(0xcce86163, 0x3f3adc40),
+     TOBN(0xf407a942, 0x38a278e9), TOBN(0xd13c1b9d, 0x2ab21292),
+     TOBN(0x93ed7ec7, 0x1c74cf5c), TOBN(0x8887dc48, 0xf1a4c1b4),
+     TOBN(0x3830ff30, 0x4b3a11f1), TOBN(0x358c5a3c, 0x58937cb6),
+     TOBN(0x027dc404, 0x89022829), TOBN(0x40e93977, 0x3b798f79),
+     TOBN(0x90ad3337, 0x38be6ead), TOBN(0x9c23f6bc, 0xf34c0a5d),
+     TOBN(0xd1711a35, 0xfbffd8bb), TOBN(0x60fcfb49, 0x1949d3dd),
+     TOBN(0x09c8ef4b, 0x7825d93a), TOBN(0x24233cff, 0xa0a8c968),
+     TOBN(0x67ade46c, 0xe6d982af), TOBN(0xebb6bf3e, 0xe7544d7c),
+     TOBN(0xd6b9ba76, 0x3d8bd087), TOBN(0x46fe382d, 0x4dc61280),
+     TOBN(0xbd39a7e8, 0xb5bdbd75), TOBN(0xab381331, 0xb8f228fe),
+     TOBN(0x0709a77c, 0xce1c4300), TOBN(0x6a247e56, 0xf337ceac),
+     TOBN(0x8f34f21b, 0x636288be), TOBN(0x9dfdca74, 0xc8a7c305),
+     TOBN(0x6decfd1b, 0xea919e04), TOBN(0xcdf2688d, 0x8e1991f8),
+     TOBN(0xe607df44, 0xd0f8a67e), TOBN(0xd985df4b, 0x0b58d010),
+     TOBN(0x57f834c5, 0x0c24f8f4), TOBN(0xe976ef56, 0xa0bf01ae),
+     TOBN(0x536395ac, 0xa1c32373), TOBN(0x351027aa, 0x734c0a13),
+     TOBN(0xd2f1b5d6, 0x5e6bd5bc), TOBN(0x2b539e24, 0x223debed),
+     TOBN(0xd4994cec, 0x0eaa1d71), TOBN(0x2a83381d, 0x661dcf65),
+     TOBN(0x5f1aed2f, 0x7b54c740), TOBN(0x0bea3fa5, 0xd6dda5ee),
+     TOBN(0x9d4fb684, 0x36cc6134), TOBN(0x8eb9bbf3, 0xc0a443dd),
+     TOBN(0xfc500e2e, 0x383b7d2a), TOBN(0x7aad621c, 0x5b775257),
+     TOBN(0x69284d74, 0x0a8f7cc0), TOBN(0xe820c2ce, 0x07562d65),
+     TOBN(0xbf9531b9, 0x499758ee), TOBN(0x73e95ca5, 0x6ee0cc2d),
+     TOBN(0xf61790ab, 0xfbaf50a5), TOBN(0xdf55e76b, 0x684e0750),
+     TOBN(0xec516da7, 0xf176b005), TOBN(0x575553bb, 0x7a2dddc7),
+     TOBN(0x37c87ca3, 0x553afa73), TOBN(0x315f3ffc, 0x4d55c251),
+     TOBN(0xe846442a, 0xaf3e5d35), TOBN(0x61b91149, 0x6495ff28),
+     TOBN(0x23cc95d3, 0xfa326dc3), TOBN(0x1df4da1f, 0x18fc2cea),
+     TOBN(0x24bf9adc, 0xd0a37d59), TOBN(0xb6710053, 0x320d6e1e),
+     TOBN(0x96f9667e, 0x618344d1), TOBN(0xcc7ce042, 0xa06445af),
+     TOBN(0xa02d8514, 0xd68dbc3a), TOBN(0x4ea109e4, 0x280b5a5b),
+     TOBN(0x5741a7ac, 0xb40961bf), TOBN(0x4ada5937, 0x6aa56bfa),
+     TOBN(0x7feb9145, 0x02b765d1), TOBN(0x561e97be, 0xe6ad1582),
+     TOBN(0xbbc4a5b6, 0xda3982f5), TOBN(0x0c2659ed, 0xb546f468),
+     TOBN(0xb8e7e6aa, 0x59612d20), TOBN(0xd83dfe20, 0xac19e8e0),
+     TOBN(0x8530c45f, 0xb835398c), TOBN(0x6106a8bf, 0xb38a41c2),
+     TOBN(0x21e8f9a6, 0x35f5dcdb), TOBN(0x39707137, 0xcae498ed),
+     TOBN(0x70c23834, 0xd8249f00), TOBN(0x9f14b58f, 0xab2537a0),
+     TOBN(0xd043c365, 0x5f61c0c2), TOBN(0xdc5926d6, 0x09a194a7),
+     TOBN(0xddec0339, 0x8e77738a), TOBN(0xd07a63ef, 0xfba46426),
+     TOBN(0x2e58e79c, 0xee7f6e86), TOBN(0xe59b0459, 0xff32d241),
+     TOBN(0xc5ec84e5, 0x20fa0338), TOBN(0x97939ac8, 0xeaff5ace),
+     TOBN(0x0310a4e3, 0xb4a38313), TOBN(0x9115fba2, 0x8f9d9885),
+     TOBN(0x8dd710c2, 0x5fadf8c3), TOBN(0x66be38a2, 0xce19c0e2),
+     TOBN(0xd42a279c, 0x4cfe5022), TOBN(0x597bb530, 0x0e24e1b8),
+     TOBN(0x3cde86b7, 0xc153ca7f), TOBN(0xa8d30fb3, 0x707d63bd),
+     TOBN(0xac905f92, 0xbd60d21e), TOBN(0x98e7ffb6, 0x7b9a54ab),
+     TOBN(0xd7147df8, 0xe9726a30), TOBN(0xb5e216ff, 0xafce3533),
+     TOBN(0xb550b799, 0x2ff1ec40), TOBN(0x6b613b87, 0xa1e953fd),
+     TOBN(0x87b88dba, 0x792d5610), TOBN(0x2ee1270a, 0xa190fbe1),
+     TOBN(0x02f4e2dc, 0x2ef581da), TOBN(0x016530e4, 0xeff82a95),
+     TOBN(0xcbb93dfd, 0x8fd6ee89), TOBN(0x16d3d986, 0x46848fff),
+     TOBN(0x600eff24, 0x1da47adf), TOBN(0x1b9754a0, 0x0ad47a71),
+     TOBN(0x8f9266df, 0x70c33b98), TOBN(0xaadc87ae, 0xdf34186e),
+     TOBN(0x0d2ce8e1, 0x4ad24132), TOBN(0x8a47cbfc, 0x19946eba),
+     TOBN(0x47feeb66, 0x62b5f3af), TOBN(0xcefab561, 0x0abb3734),
+     TOBN(0x449de60e, 0x19f35cb1), TOBN(0x39f8db14, 0x157f0eb9),
+     TOBN(0xffaecc5b, 0x3c61bfd6), TOBN(0xa5a4d41d, 0x41216703),
+     TOBN(0x7f8fabed, 0x224e1cc2), TOBN(0x0d5a8186, 0x871ad953),
+     TOBN(0xf10774f7, 0xd22da9a9), TOBN(0x45b8a678, 0xcc8a9b0d),
+     TOBN(0xd9c2e722, 0xbdc32cff), TOBN(0xbf71b5f5, 0x337202a5),
+     TOBN(0x95c57f2f, 0x69fc4db9), TOBN(0xb6dad34c, 0x765d01e1),
+     TOBN(0x7e0bd13f, 0xcb904635), TOBN(0x61751253, 0x763a588c),
+     TOBN(0xd85c2997, 0x81af2c2d), TOBN(0xc0f7d9c4, 0x81b9d7da),
+     TOBN(0x838a34ae, 0x08533e8d), TOBN(0x15c4cb08, 0x311d8311),
+     TOBN(0x97f83285, 0x8e121e14), TOBN(0xeea7dc1e, 0x85000a5f),
+     TOBN(0x0c6059b6, 0x5d256274), TOBN(0xec9beace, 0xb95075c0),
+     TOBN(0x173daad7, 0x1df97828), TOBN(0xbf851cb5, 0xa8937877),
+     TOBN(0xb083c594, 0x01646f3c), TOBN(0x3bad30cf, 0x50c6d352),
+     TOBN(0xfeb2b202, 0x496bbcea), TOBN(0x3cf9fd4f, 0x18a1e8ba),
+     TOBN(0xd26de7ff, 0x1c066029), TOBN(0x39c81e9e, 0x4e9ed4f8),
+     TOBN(0xd8be0cb9, 0x7b390d35), TOBN(0x01df2bbd, 0x964aab27),
+     TOBN(0x3e8c1a65, 0xc3ef64f8), TOBN(0x567291d1, 0x716ed1dd),
+     TOBN(0x95499c6c, 0x5f5406d3), TOBN(0x71fdda39, 0x5ba8e23f),
+     TOBN(0xcfeb320e, 0xd5096ece), TOBN(0xbe7ba92b, 0xca66dd16),
+     TOBN(0x4608d36b, 0xc6fb5a7d), TOBN(0xe3eea15a, 0x6d2dd0e0),
+     TOBN(0x75b0a3eb, 0x8f97a36a), TOBN(0xf59814cc, 0x1c83de1e),
+     TOBN(0x56c9c5b0, 0x1c33c23f), TOBN(0xa96c1da4, 0x6faa4136),
+     TOBN(0x46bf2074, 0xde316551), TOBN(0x3b866e7b, 0x1f756c8f),
+     TOBN(0x727727d8, 0x1495ed6b), TOBN(0xb2394243, 0xb682dce7),
+     TOBN(0x8ab8454e, 0x758610f3), TOBN(0xc243ce84, 0x857d72a4),
+     TOBN(0x7b320d71, 0xdbbf370f), TOBN(0xff9afa37, 0x78e0f7ca),
+     TOBN(0x0119d1e0, 0xea7b523f), TOBN(0xb997f8cb, 0x058c7d42),
+     TOBN(0x285bcd2a, 0x37bbb184), TOBN(0x51dcec49, 0xa45d1fa6),
+     TOBN(0x6ade3b64, 0xe29634cb), TOBN(0x080c94a7, 0x26b86ef1),
+     TOBN(0xba583db1, 0x2283fbe3), TOBN(0x902bddc8, 0x5a9315ed),
+     TOBN(0x07c1ccb3, 0x86964bec), TOBN(0x78f4eacf, 0xb6258301),
+     TOBN(0x4bdf3a49, 0x56f90823), TOBN(0xba0f5080, 0x741d777b),
+     TOBN(0x091d71c3, 0xf38bf760), TOBN(0x9633d50f, 0x9b625b02),
+     TOBN(0x03ecb743, 0xb8c9de61), TOBN(0xb4751254, 0x5de74720),
+     TOBN(0x9f9defc9, 0x74ce1cb2), TOBN(0x774a4f6a, 0x00bd32ef),
+     TOBN(0xaca385f7, 0x73848f22), TOBN(0x53dad716, 0xf3f8558e),
+     TOBN(0xab7b34b0, 0x93c471f9), TOBN(0xf530e069, 0x19644bc7),
+     TOBN(0x3d9fb1ff, 0xdd59d31a), TOBN(0x4382e0df, 0x08daa795),
+     TOBN(0x165c6f4b, 0xd5cc88d7), TOBN(0xeaa392d5, 0x4a18c900),
+     TOBN(0x94203c67, 0x648024ee), TOBN(0x188763f2, 0x8c2fabcd),
+     TOBN(0xa80f87ac, 0xbbaec835), TOBN(0x632c96e0, 0xf29d8d54),
+     TOBN(0x29b0a60e, 0x4c00a95e), TOBN(0x2ef17f40, 0xe011e9fa),
+     TOBN(0xf6c0e1d1, 0x15b77223), TOBN(0xaaec2c62, 0x14b04e32),
+     TOBN(0xd35688d8, 0x3d84e58c), TOBN(0x2af5094c, 0x958571db),
+     TOBN(0x4fff7e19, 0x760682a6), TOBN(0x4cb27077, 0xe39a407c),
+     TOBN(0x0f59c547, 0x4ff0e321), TOBN(0x169f34a6, 0x1b34c8ff),
+     TOBN(0x2bff1096, 0x52bc1ba7), TOBN(0xa25423b7, 0x83583544),
+     TOBN(0x5d55d5d5, 0x0ac8b782), TOBN(0xff6622ec, 0x2db3c892),
+     TOBN(0x48fce741, 0x6b8bb642), TOBN(0x31d6998c, 0x69d7e3dc),
+     TOBN(0xdbaf8004, 0xcadcaed0), TOBN(0x801b0142, 0xd81d053c),
+     TOBN(0x94b189fc, 0x59630ec6), TOBN(0x120e9934, 0xaf762c8e),
+     TOBN(0x53a29aa4, 0xfdc6a404), TOBN(0x19d8e01e, 0xa1909948),
+     TOBN(0x3cfcabf1, 0xd7e89681), TOBN(0x3321a50d, 0x4e132d37),
+     TOBN(0xd0496863, 0xe9a86111), TOBN(0x8c0cde61, 0x06a3bc65),
+     TOBN(0xaf866c49, 0xfc9f8eef), TOBN(0x2066350e, 0xff7f5141),
+     TOBN(0x4f8a4689, 0xe56ddfbd), TOBN(0xea1b0c07, 0xfe32983a),
+     TOBN(0x2b317462, 0x873cb8cb), TOBN(0x658deddc, 0x2d93229f),
+     TOBN(0x65efaf4d, 0x0f64ef58), TOBN(0xfe43287d, 0x730cc7a8),
+     TOBN(0xaebc0c72, 0x3d047d70), TOBN(0x92efa539, 0xd92d26c9),
+     TOBN(0x06e78457, 0x94b56526), TOBN(0x415cb80f, 0x0961002d),
+     TOBN(0x89e5c565, 0x76dcb10f), TOBN(0x8bbb6982, 0xff9259fe),
+     TOBN(0x4fe8795b, 0x9abc2668), TOBN(0xb5d4f534, 0x1e678fb1),
+     TOBN(0x6601f3be, 0x7b7da2b9), TOBN(0x98da59e2, 0xa13d6805),
+     TOBN(0x190d8ea6, 0x01799a52), TOBN(0xa20cec41, 0xb86d2952),
+     TOBN(0x3062ffb2, 0x7fff2a7c), TOBN(0x741b32e5, 0x79f19d37),
+     TOBN(0xf80d8181, 0x4eb57d47), TOBN(0x7a2d0ed4, 0x16aef06b),
+     TOBN(0x09735fb0, 0x1cecb588), TOBN(0x1641caaa, 0xc6061f5b)}
+    ,
+    {TOBN(0x7f99824f, 0x20151427), TOBN(0x206828b6, 0x92430206),
+     TOBN(0xaa9097d7, 0xe1112357), TOBN(0xacf9a2f2, 0x09e414ec),
+     TOBN(0xdbdac9da, 0x27915356), TOBN(0x7e0734b7, 0x001efee3),
+     TOBN(0x54fab5bb, 0xd2b288e2), TOBN(0x4c630fc4, 0xf62dd09c),
+     TOBN(0x8537107a, 0x1ac2703b), TOBN(0xb49258d8, 0x6bc857b5),
+     TOBN(0x57df14de, 0xbcdaccd1), TOBN(0x24ab68d7, 0xc4ae8529),
+     TOBN(0x7ed8b5d4, 0x734e59d0), TOBN(0x5f8740c8, 0xc495cc80),
+     TOBN(0x84aedd5a, 0x291db9b3), TOBN(0x80b360f8, 0x4fb995be),
+     TOBN(0xae915f5d, 0x5fa067d1), TOBN(0x4134b57f, 0x9668960c),
+     TOBN(0xbd3656d6, 0xa48edaac), TOBN(0xdac1e3e4, 0xfc1d7436),
+     TOBN(0x674ff869, 0xd81fbb26), TOBN(0x449ed3ec, 0xb26c33d4),
+     TOBN(0x85138705, 0xd94203e8), TOBN(0xccde538b, 0xbeeb6f4a),
+     TOBN(0x55d5c68d, 0xa61a76fa), TOBN(0x598b441d, 0xca1554dc),
+     TOBN(0xd39923b9, 0x773b279c), TOBN(0x33331d3c, 0x36bf9efc),
+     TOBN(0x2d4c848e, 0x298de399), TOBN(0xcfdb8e77, 0xa1a27f56),
+     TOBN(0x94c855ea, 0x57b8ab70), TOBN(0xdcdb9dae, 0x6f7879ba),
+     TOBN(0x7bdff8c2, 0x019f2a59), TOBN(0xb3ce5bb3, 0xcb4fbc74),
+     TOBN(0xea907f68, 0x8a9173dd), TOBN(0x6cd3d0d3, 0x95a75439),
+     TOBN(0x92ecc4d6, 0xefed021c), TOBN(0x09a9f9b0, 0x6a77339a),
+     TOBN(0x87ca6b15, 0x7188c64a), TOBN(0x10c29968, 0x44899158),
+     TOBN(0x5859a229, 0xed6e82ef), TOBN(0x16f338e3, 0x65ebaf4e),
+     TOBN(0x0cd31387, 0x5ead67ae), TOBN(0x1c73d228, 0x54ef0bb4),
+     TOBN(0x4cb55131, 0x74a5c8c7), TOBN(0x01cd2970, 0x7f69ad6a),
+     TOBN(0xa04d00dd, 0xe966f87e), TOBN(0xd96fe447, 0x0b7b0321),
+     TOBN(0x342ac06e, 0x88fbd381), TOBN(0x02cd4a84, 0x5c35a493),
+     TOBN(0xe8fa89de, 0x54f1bbcd), TOBN(0x341d6367, 0x2575ed4c),
+     TOBN(0xebe357fb, 0xd238202b), TOBN(0x600b4d1a, 0xa984ead9),
+     TOBN(0xc35c9f44, 0x52436ea0), TOBN(0x96fe0a39, 0xa370751b),
+     TOBN(0x4c4f0736, 0x7f636a38), TOBN(0x9f943fb7, 0x0e76d5cb),
+     TOBN(0xb03510ba, 0xa8b68b8b), TOBN(0xc246780a, 0x9ed07a1f),
+     TOBN(0x3c051415, 0x6d549fc2), TOBN(0xc2953f31, 0x607781ca),
+     TOBN(0x955e2c69, 0xd8d95413), TOBN(0xb300fadc, 0x7bd282e3),
+     TOBN(0x81fe7b50, 0x87e9189f), TOBN(0xdb17375c, 0xf42dda27),
+     TOBN(0x22f7d896, 0xcf0a5904), TOBN(0xa0e57c5a, 0xebe348e6),
+     TOBN(0xa61011d3, 0xf40e3c80), TOBN(0xb1189321, 0x8db705c5),
+     TOBN(0x4ed9309e, 0x50fedec3), TOBN(0xdcf14a10, 0x4d6d5c1d),
+     TOBN(0x056c265b, 0x55691342), TOBN(0xe8e08504, 0x91049dc7),
+     TOBN(0x131329f5, 0xc9bae20a), TOBN(0x96c8b3e8, 0xd9dccdb4),
+     TOBN(0x8c5ff838, 0xfb4ee6b4), TOBN(0xfc5a9aeb, 0x41e8ccf0),
+     TOBN(0x7417b764, 0xfae050c6), TOBN(0x0953c3d7, 0x00452080),
+     TOBN(0x21372682, 0x38dfe7e8), TOBN(0xea417e15, 0x2bb79d4b),
+     TOBN(0x59641f1c, 0x76e7cf2d), TOBN(0x271e3059, 0xea0bcfcc),
+     TOBN(0x624c7dfd, 0x7253ecbd), TOBN(0x2f552e25, 0x4fca6186),
+     TOBN(0xcbf84ecd, 0x4d866e9c), TOBN(0x73967709, 0xf68d4610),
+     TOBN(0xa14b1163, 0xc27901b4), TOBN(0xfd9236e0, 0x899b8bf3),
+     TOBN(0x42b091ec, 0xcbc6da0a), TOBN(0xbb1dac6f, 0x5ad1d297),
+     TOBN(0x80e61d53, 0xa91cf76e), TOBN(0x4110a412, 0xd31f1ee7),
+     TOBN(0x2d87c3ba, 0x13efcf77), TOBN(0x1f374bb4, 0xdf450d76),
+     TOBN(0x5e78e2f2, 0x0d188dab), TOBN(0xe3968ed0, 0xf4b885ef),
+     TOBN(0x46c0568e, 0x7314570f), TOBN(0x31616338, 0x01170521),
+     TOBN(0x18e1e7e2, 0x4f0c8afe), TOBN(0x4caa75ff, 0xdeea78da),
+     TOBN(0x82db67f2, 0x7c5d8a51), TOBN(0x36a44d86, 0x6f505370),
+     TOBN(0xd72c5bda, 0x0333974f), TOBN(0x5db516ae, 0x27a70146),
+     TOBN(0x34705281, 0x210ef921), TOBN(0xbff17a8f, 0x0c9c38e5),
+     TOBN(0x78f4814e, 0x12476da1), TOBN(0xc1e16613, 0x33c16980),
+     TOBN(0x9e5b386f, 0x424d4bca), TOBN(0x4c274e87, 0xc85740de),
+     TOBN(0xb6a9b88d, 0x6c2f5226), TOBN(0x14d1b944, 0x550d7ca8),
+     TOBN(0x580c85fc, 0x1fc41709), TOBN(0xc1da368b, 0x54c6d519),
+     TOBN(0x2b0785ce, 0xd5113cf7), TOBN(0x0670f633, 0x5a34708f),
+     TOBN(0x46e23767, 0x15cc3f88), TOBN(0x1b480cfa, 0x50c72c8f),
+     TOBN(0x20288602, 0x4147519a), TOBN(0xd0981eac, 0x26b372f0),
+     TOBN(0xa9d4a7ca, 0xa785ebc8), TOBN(0xd953c50d, 0xdbdf58e9),
+     TOBN(0x9d6361cc, 0xfd590f8f), TOBN(0x72e9626b, 0x44e6c917),
+     TOBN(0x7fd96110, 0x22eb64cf), TOBN(0x863ebb7e, 0x9eb288f3),
+     TOBN(0x6e6ab761, 0x6aca8ee7), TOBN(0x97d10b39, 0xd7b40358),
+     TOBN(0x1687d377, 0x1e5feb0d), TOBN(0xc83e50e4, 0x8265a27a),
+     TOBN(0x8f75a9fe, 0xc954b313), TOBN(0xcc2e8f47, 0x310d1f61),
+     TOBN(0xf5ba81c5, 0x6557d0e0), TOBN(0x25f9680c, 0x3eaf6207),
+     TOBN(0xf95c6609, 0x4354080b), TOBN(0x5225bfa5, 0x7bf2fe1c),
+     TOBN(0xc5c004e2, 0x5c7d98fa), TOBN(0x3561bf1c, 0x019aaf60),
+     TOBN(0x5e6f9f17, 0xba151474), TOBN(0xdec2f934, 0xb04f6eca),
+     TOBN(0x64e368a1, 0x269acb1e), TOBN(0x1332d9e4, 0x0cdda493),
+     TOBN(0x60d6cf69, 0xdf23de05), TOBN(0x66d17da2, 0x009339a0),
+     TOBN(0x9fcac985, 0x0a693923), TOBN(0xbcf057fc, 0xed7c6a6d),
+     TOBN(0xc3c5c8c5, 0xf0b5662c), TOBN(0x25318dd8, 0xdcba4f24),
+     TOBN(0x60e8cb75, 0x082b69ff), TOBN(0x7c23b3ee, 0x1e728c01),
+     TOBN(0x15e10a0a, 0x097e4403), TOBN(0xcb3d0a86, 0x19854665),
+     TOBN(0x88d8e211, 0xd67d4826), TOBN(0xb39af66e, 0x0b9d2839),
+     TOBN(0xa5f94588, 0xbd475ca8), TOBN(0xe06b7966, 0xc077b80b),
+     TOBN(0xfedb1485, 0xda27c26c), TOBN(0xd290d33a, 0xfe0fd5e0),
+     TOBN(0xa40bcc47, 0xf34fb0fa), TOBN(0xb4760cc8, 0x1fb1ab09),
+     TOBN(0x8fca0993, 0xa273bfe3), TOBN(0x13e4fe07, 0xf70b213c),
+     TOBN(0x3bcdb992, 0xfdb05163), TOBN(0x8c484b11, 0x0c2b19b6),
+     TOBN(0x1acb815f, 0xaaf2e3e2), TOBN(0xc6905935, 0xb89ff1b4),
+     TOBN(0xb2ad6f9d, 0x586e74e1), TOBN(0x488883ad, 0x67b80484),
+     TOBN(0x758aa2c7, 0x369c3ddb), TOBN(0x8ab74e69, 0x9f9afd31),
+     TOBN(0x10fc2d28, 0x5e21beb1), TOBN(0x3484518a, 0x318c42f9),
+     TOBN(0x377427dc, 0x53cf40c3), TOBN(0x9de0781a, 0x391bc1d9),
+     TOBN(0x8faee858, 0x693807e1), TOBN(0xa3865327, 0x4e81ccc7),
+     TOBN(0x02c30ff2, 0x6f835b84), TOBN(0xb604437b, 0x0d3d38d4),
+     TOBN(0xb3fc8a98, 0x5ca1823d), TOBN(0xb82f7ec9, 0x03be0324),
+     TOBN(0xee36d761, 0xcf684a33), TOBN(0x5a01df0e, 0x9f29bf7d),
+     TOBN(0x686202f3, 0x1306583d), TOBN(0x05b10da0, 0x437c622e),
+     TOBN(0xbf9aaa0f, 0x076a7bc8), TOBN(0x25e94efb, 0x8f8f4e43),
+     TOBN(0x8a35c9b7, 0xfa3dc26d), TOBN(0xe0e5fb93, 0x96ff03c5),
+     TOBN(0xa77e3843, 0xebc394ce), TOBN(0xcede6595, 0x8361de60),
+     TOBN(0xd27c22f6, 0xa1993545), TOBN(0xab01cc36, 0x24d671ba),
+     TOBN(0x63fa2877, 0xa169c28e), TOBN(0x925ef904, 0x2eb08376),
+     TOBN(0x3b2fa3cf, 0x53aa0b32), TOBN(0xb27beb5b, 0x71c49d7a),
+     TOBN(0xb60e1834, 0xd105e27f), TOBN(0xd6089788, 0x4f68570d),
+     TOBN(0x23094ce0, 0xd6fbc2ac), TOBN(0x738037a1, 0x815ff551),
+     TOBN(0xda73b1bb, 0x6bef119c), TOBN(0xdcf6c430, 0xeef506ba),
+     TOBN(0x00e4fe7b, 0xe3ef104a), TOBN(0xebdd9a2c, 0x0a065628),
+     TOBN(0x853a81c3, 0x8792043e), TOBN(0x22ad6ece, 0xb3b59108),
+     TOBN(0x9fb813c0, 0x39cd297d), TOBN(0x8ec7e16e, 0x05bda5d9),
+     TOBN(0x2834797c, 0x0d104b96), TOBN(0xcc11a2e7, 0x7c511510),
+     TOBN(0x96ca5a53, 0x96ee6380), TOBN(0x054c8655, 0xcea38742),
+     TOBN(0xb5946852, 0xd54dfa7d), TOBN(0x97c422e7, 0x1f4ab207),
+     TOBN(0xbf907509, 0x0c22b540), TOBN(0x2cde42aa, 0xb7c267d4),
+     TOBN(0xba18f9ed, 0x5ab0d693), TOBN(0x3ba62aa6, 0x6e4660d9),
+     TOBN(0xb24bf97b, 0xab9ea96a), TOBN(0x5d039642, 0xe3b60e32),
+     TOBN(0x4e6a4506, 0x7c4d9bd5), TOBN(0x666c5b9e, 0x7ed4a6a4),
+     TOBN(0xfa3fdcd9, 0x8edbd7cc), TOBN(0x4660bb87, 0xc6ccd753),
+     TOBN(0x9ae90820, 0x21e6b64f), TOBN(0x8a56a713, 0xb36bfb3f),
+     TOBN(0xabfce096, 0x5726d47f), TOBN(0x9eed01b2, 0x0b1a9a7f),
+     TOBN(0x30e9cad4, 0x4eb74a37), TOBN(0x7b2524cc, 0x53e9666d),
+     TOBN(0x6a29683b, 0x8f4b002f), TOBN(0xc2200d7a, 0x41f4fc20),
+     TOBN(0xcf3af47a, 0x3a338acc), TOBN(0x6539a4fb, 0xe7128975),
+     TOBN(0xcec31c14, 0xc33c7fcf), TOBN(0x7eb6799b, 0xc7be322b),
+     TOBN(0x119ef4e9, 0x6646f623), TOBN(0x7b7a26a5, 0x54d7299b),
+     TOBN(0xcb37f08d, 0x403f46f2), TOBN(0x94b8fc43, 0x1a0ec0c7),
+     TOBN(0xbb8514e3, 0xc332142f), TOBN(0xf3ed2c33, 0xe80d2a7a),
+     TOBN(0x8d2080af, 0xb639126c), TOBN(0xf7b6be60, 0xe3553ade),
+     TOBN(0x3950aa9f, 0x1c7e2b09), TOBN(0x847ff958, 0x6410f02b),
+     TOBN(0x877b7cf5, 0x678a31b0), TOBN(0xd50301ae, 0x3998b620),
+     TOBN(0x734257c5, 0xc00fb396), TOBN(0xf9fb18a0, 0x04e672a6),
+     TOBN(0xff8bd8eb, 0xe8758851), TOBN(0x1e64e4c6, 0x5d99ba44),
+     TOBN(0x4b8eaedf, 0x7dfd93b7), TOBN(0xba2f2a98, 0x04e76b8c),
+     TOBN(0x7d790cba, 0xe8053433), TOBN(0xc8e725a0, 0x3d2c9585),
+     TOBN(0x58c5c476, 0xcdd8f5ed), TOBN(0xd106b952, 0xefa9fe1d),
+     TOBN(0x3c5c775b, 0x0eff13a9), TOBN(0x242442ba, 0xe057b930),
+     TOBN(0xe9f458d4, 0xc9b70cbd), TOBN(0x69b71448, 0xa3cdb89a),
+     TOBN(0x41ee46f6, 0x0e2ed742), TOBN(0x573f1045, 0x40067493),
+     TOBN(0xb1e154ff, 0x9d54c304), TOBN(0x2ad0436a, 0x8d3a7502),
+     TOBN(0xee4aaa2d, 0x431a8121), TOBN(0xcd38b3ab, 0x886f11ed),
+     TOBN(0x57d49ea6, 0x034a0eb7), TOBN(0xd2b773bd, 0xf7e85e58),
+     TOBN(0x4a559ac4, 0x9b5c1f14), TOBN(0xc444be1a, 0x3e54df2b),
+     TOBN(0x13aad704, 0xeda41891), TOBN(0xcd927bec, 0x5eb5c788),
+     TOBN(0xeb3c8516, 0xe48c8a34), TOBN(0x1b7ac812, 0x4b546669),
+     TOBN(0x1815f896, 0x594df8ec), TOBN(0x87c6a79c, 0x79227865),
+     TOBN(0xae02a2f0, 0x9b56ddbd), TOBN(0x1339b5ac, 0x8a2f1cf3),
+     TOBN(0xf2b569c7, 0x839dff0d), TOBN(0xb0b9e864, 0xfee9a43d),
+     TOBN(0x4ff8ca41, 0x77bb064e), TOBN(0x145a2812, 0xfd249f63),
+     TOBN(0x3ab7beac, 0xf86f689a), TOBN(0x9bafec27, 0x01d35f5e),
+     TOBN(0x28054c65, 0x4265aa91), TOBN(0xa4b18304, 0x035efe42),
+     TOBN(0x6887b0e6, 0x9639dec7), TOBN(0xf4b8f6ad, 0x3d52aea5),
+     TOBN(0xfb9293cc, 0x971a8a13), TOBN(0x3f159e5d, 0x4c934d07),
+     TOBN(0x2c50e9b1, 0x09acbc29), TOBN(0x08eb65e6, 0x7154d129),
+     TOBN(0x4feff589, 0x30b75c3e), TOBN(0x0bb82fe2, 0x94491c93),
+     TOBN(0xd8ac377a, 0x89af62bb), TOBN(0xd7b51490, 0x9685e49f),
+     TOBN(0xabca9a7b, 0x04497f19), TOBN(0x1b35ed0a, 0x1a7ad13f),
+     TOBN(0x6b601e21, 0x3ec86ed6), TOBN(0xda91fcb9, 0xce0c76f1),
+     TOBN(0x9e28507b, 0xd7ab27e1), TOBN(0x7c19a555, 0x63945b7b),
+     TOBN(0x6b43f0a1, 0xaafc9827), TOBN(0x443b4fbd, 0x3aa55b91),
+     TOBN(0x962b2e65, 0x6962c88f), TOBN(0x139da8d4, 0xce0db0ca),
+     TOBN(0xb93f05dd, 0x1b8d6c4f), TOBN(0x779cdff7, 0x180b9824),
+     TOBN(0xbba23fdd, 0xae57c7b7), TOBN(0x345342f2, 0x1b932522),
+     TOBN(0xfd9c80fe, 0x556d4aa3), TOBN(0xa03907ba, 0x6525bb61),
+     TOBN(0x38b010e1, 0xff218933), TOBN(0xc066b654, 0xaa52117b),
+     TOBN(0x8e141920, 0x94f2e6ea), TOBN(0x66a27dca, 0x0d32f2b2),
+     TOBN(0x69c7f993, 0x048b3717), TOBN(0xbf5a989a, 0xb178ae1c),
+     TOBN(0x49fa9058, 0x564f1d6b), TOBN(0x27ec6e15, 0xd31fde4e),
+     TOBN(0x4cce0373, 0x7276e7fc), TOBN(0x64086d79, 0x89d6bf02),
+     TOBN(0x5a72f046, 0x4ccdd979), TOBN(0x909c3566, 0x47775631),
+     TOBN(0x1c07bc6b, 0x75dd7125), TOBN(0xb4c6bc97, 0x87a0428d),
+     TOBN(0x507ece52, 0xfdeb6b9d), TOBN(0xfca56512, 0xb2c95432),
+     TOBN(0x15d97181, 0xd0e8bd06), TOBN(0x384dd317, 0xc6bb46ea),
+     TOBN(0x5441ea20, 0x3952b624), TOBN(0xbcf70dee, 0x4e7dc2fb),
+     TOBN(0x372b016e, 0x6628e8c3), TOBN(0x07a0d667, 0xb60a7522),
+     TOBN(0xcf05751b, 0x0a344ee2), TOBN(0x0ec09a48, 0x118bdeec),
+     TOBN(0x6e4b3d4e, 0xd83dce46), TOBN(0x43a6316d, 0x99d2fc6e),
+     TOBN(0xa99d8989, 0x56cf044c), TOBN(0x7c7f4454, 0xae3e5fb7),
+     TOBN(0xb2e6b121, 0xfbabbe92), TOBN(0x281850fb, 0xe1330076),
+     TOBN(0x093581ec, 0x97890015), TOBN(0x69b1dded, 0x75ff77f5),
+     TOBN(0x7cf0b18f, 0xab105105), TOBN(0x953ced31, 0xa89ccfef),
+     TOBN(0x3151f85f, 0xeb914009), TOBN(0x3c9f1b87, 0x88ed48ad),
+     TOBN(0xc9aba1a1, 0x4a7eadcb), TOBN(0x928e7501, 0x522e71cf),
+     TOBN(0xeaede727, 0x3a2e4f83), TOBN(0x467e10d1, 0x1ce3bbd3),
+     TOBN(0xf3442ac3, 0xb955dcf0), TOBN(0xba96307d, 0xd3d5e527),
+     TOBN(0xf763a10e, 0xfd77f474), TOBN(0x5d744bd0, 0x6a6e1ff0),
+     TOBN(0xd287282a, 0xa777899e), TOBN(0xe20eda8f, 0xd03f3cde),
+     TOBN(0x6a7e75bb, 0x50b07d31), TOBN(0x0b7e2a94, 0x6f379de4),
+     TOBN(0x31cb64ad, 0x19f593cf), TOBN(0x7b1a9e4f, 0x1e76ef1d),
+     TOBN(0xe18c9c9d, 0xb62d609c), TOBN(0x439bad6d, 0xe779a650),
+     TOBN(0x219d9066, 0xe032f144), TOBN(0x1db632b8, 0xe8b2ec6a),
+     TOBN(0xff0d0fd4, 0xfda12f78), TOBN(0x56fb4c2d, 0x2a25d265),
+     TOBN(0x5f4e2ee1, 0x255a03f1), TOBN(0x61cd6af2, 0xe96af176),
+     TOBN(0xe0317ba8, 0xd068bc97), TOBN(0x927d6bab, 0x264b988e),
+     TOBN(0xa18f07e0, 0xe90fb21e), TOBN(0x00fd2b80, 0xbba7fca1),
+     TOBN(0x20387f27, 0x95cd67b5), TOBN(0x5b89a4e7, 0xd39707f7),
+     TOBN(0x8f83ad3f, 0x894407ce), TOBN(0xa0025b94, 0x6c226132),
+     TOBN(0xc79563c7, 0xf906c13b), TOBN(0x5f548f31, 0x4e7bb025),
+     TOBN(0x2b4c6b8f, 0xeac6d113), TOBN(0xa67e3f9c, 0x0e813c76),
+     TOBN(0x3982717c, 0x3fe1f4b9), TOBN(0x58865819, 0x26d8050e),
+     TOBN(0x99f3640c, 0xf7f06f20), TOBN(0xdc610216, 0x2a66ebc2),
+     TOBN(0x52f2c175, 0x767a1e08), TOBN(0x05660e1a, 0x5999871b),
+     TOBN(0x6b0f1762, 0x6d3c4693), TOBN(0xf0e7d627, 0x37ed7bea),
+     TOBN(0xc51758c7, 0xb75b226d), TOBN(0x40a88628, 0x1f91613b),
+     TOBN(0x889dbaa7, 0xbbb38ce0), TOBN(0xe0404b65, 0xbddcad81),
+     TOBN(0xfebccd3a, 0x8bc9671f), TOBN(0xfbf9a357, 0xee1f5375),
+     TOBN(0x5dc169b0, 0x28f33398), TOBN(0xb07ec11d, 0x72e90f65),
+     TOBN(0xae7f3b4a, 0xfaab1eb1), TOBN(0xd970195e, 0x5f17538a),
+     TOBN(0x52b05cbe, 0x0181e640), TOBN(0xf5debd62, 0x2643313d),
+     TOBN(0x76148154, 0x5df31f82), TOBN(0x23e03b33, 0x3a9e13c5),
+     TOBN(0xff758949, 0x4fde0c1f), TOBN(0xbf8a1abe, 0xe5b6ec20),
+     TOBN(0x702278fb, 0x87e1db6c), TOBN(0xc447ad7a, 0x35ed658f),
+     TOBN(0x48d4aa38, 0x03d0ccf2), TOBN(0x80acb338, 0x819a7c03),
+     TOBN(0x9bc7c89e, 0x6e17cecc), TOBN(0x46736b8b, 0x03be1d82),
+     TOBN(0xd65d7b60, 0xc0432f96), TOBN(0xddebe7a3, 0xdeb5442f),
+     TOBN(0x79a25307, 0x7dff69a2), TOBN(0x37a56d94, 0x02cf3122),
+     TOBN(0x8bab8aed, 0xf2350d0a), TOBN(0x13c3f276, 0x037b0d9a),
+     TOBN(0xc664957c, 0x44c65cae), TOBN(0x88b44089, 0xc2e71a88),
+     TOBN(0xdb88e5a3, 0x5cb02664), TOBN(0x5d4c0bf1, 0x8686c72e),
+     TOBN(0xea3d9b62, 0xa682d53e), TOBN(0x9b605ef4, 0x0b2ad431),
+     TOBN(0x71bac202, 0xc69645d0), TOBN(0xa115f03a, 0x6a1b66e7),
+     TOBN(0xfe2c563a, 0x158f4dc4), TOBN(0xf715b3a0, 0x4d12a78c),
+     TOBN(0x8f7f0a48, 0xd413213a), TOBN(0x2035806d, 0xc04becdb),
+     TOBN(0xecd34a99, 0x5d8587f5), TOBN(0x4d8c3079, 0x9f6d3a71),
+     TOBN(0x1b2a2a67, 0x8d95a8f6), TOBN(0xc58c9d7d, 0xf2110d0d),
+     TOBN(0xdeee81d5, 0xcf8fba3f), TOBN(0xa42be3c0, 0x0c7cdf68),
+     TOBN(0x2126f742, 0xd43b5eaa), TOBN(0x054a0766, 0xdfa59b85),
+     TOBN(0x9d0d5e36, 0x126bfd45), TOBN(0xa1f8fbd7, 0x384f8a8f),
+     TOBN(0x317680f5, 0xd563fccc), TOBN(0x48ca5055, 0xf280a928),
+     TOBN(0xe00b81b2, 0x27b578cf), TOBN(0x10aad918, 0x2994a514),
+     TOBN(0xd9e07b62, 0xb7bdc953), TOBN(0x9f0f6ff2, 0x5bc086dd),
+     TOBN(0x09d1ccff, 0x655eee77), TOBN(0x45475f79, 0x5bef7df1),
+     TOBN(0x3faa28fa, 0x86f702cc), TOBN(0x92e60905, 0x0f021f07),
+     TOBN(0xe9e62968, 0x7f8fa8c6), TOBN(0xbd71419a, 0xf036ea2c),
+     TOBN(0x171ee1cc, 0x6028da9a), TOBN(0x5352fe1a, 0xc251f573),
+     TOBN(0xf8ff236e, 0x3fa997f4), TOBN(0xd831b6c9, 0xa5749d5f),
+     TOBN(0x7c872e1d, 0xe350e2c2), TOBN(0xc56240d9, 0x1e0ce403),
+     TOBN(0xf9deb077, 0x6974f5cb), TOBN(0x7d50ba87, 0x961c3728),
+     TOBN(0xd6f89426, 0x5a3a2518), TOBN(0xcf817799, 0xc6303d43),
+     TOBN(0x510a0471, 0x619e5696), TOBN(0xab049ff6, 0x3a5e307b),
+     TOBN(0xe4cdf9b0, 0xfeb13ec7), TOBN(0xd5e97117, 0x9d8ff90c),
+     TOBN(0xf6f64d06, 0x9afa96af), TOBN(0x00d0bf5e, 0x9d2012a2),
+     TOBN(0xe63f301f, 0x358bcdc0), TOBN(0x07689e99, 0x0a9d47f8),
+     TOBN(0x1f689e2f, 0x4f43d43a), TOBN(0x4d542a16, 0x90920904),
+     TOBN(0xaea293d5, 0x9ca0a707), TOBN(0xd061fe45, 0x8ac68065),
+     TOBN(0x1033bf1b, 0x0090008c), TOBN(0x29749558, 0xc08a6db6),
+     TOBN(0x74b5fc59, 0xc1d5d034), TOBN(0xf712e9f6, 0x67e215e0),
+     TOBN(0xfd520cbd, 0x860200e6), TOBN(0x0229acb4, 0x3ea22588),
+     TOBN(0x9cd1e14c, 0xfff0c82e), TOBN(0x87684b62, 0x59c69e73),
+     TOBN(0xda85e61c, 0x96ccb989), TOBN(0x2d5dbb02, 0xa3d06493),
+     TOBN(0xf22ad33a, 0xe86b173c), TOBN(0xe8e41ea5, 0xa79ff0e3),
+     TOBN(0x01d2d725, 0xdd0d0c10), TOBN(0x31f39088, 0x032d28f9),
+     TOBN(0x7b3f71e1, 0x7829839e), TOBN(0x0cf691b4, 0x4502ae58),
+     TOBN(0xef658dbd, 0xbefc6115), TOBN(0xa5cd6ee5, 0xb3ab5314),
+     TOBN(0x206c8d7b, 0x5f1d2347), TOBN(0x794645ba, 0x4cc2253a),
+     TOBN(0xd517d8ff, 0x58389e08), TOBN(0x4fa20dee, 0x9f847288),
+     TOBN(0xeba072d8, 0xd797770a), TOBN(0x7360c91d, 0xbf429e26),
+     TOBN(0x7200a3b3, 0x80af8279), TOBN(0x6a1c9150, 0x82dadce3),
+     TOBN(0x0ee6d3a7, 0xc35d8794), TOBN(0x042e6558, 0x0356bae5),
+     TOBN(0x9f59698d, 0x643322fd), TOBN(0x9379ae15, 0x50a61967),
+     TOBN(0x64b9ae62, 0xfcc9981e), TOBN(0xaed3d631, 0x6d2934c6),
+     TOBN(0x2454b302, 0x5e4e65eb), TOBN(0xab09f647, 0xf9950428)}
+    ,
+    {TOBN(0xb2083a12, 0x22248acc), TOBN(0x1f6ec0ef, 0x3264e366),
+     TOBN(0x5659b704, 0x5afdee28), TOBN(0x7a823a40, 0xe6430bb5),
+     TOBN(0x24592a04, 0xe1900a79), TOBN(0xcde09d4a, 0xc9ee6576),
+     TOBN(0x52b6463f, 0x4b5ea54a), TOBN(0x1efe9ed3, 0xd3ca65a7),
+     TOBN(0xe27a6dbe, 0x305406dd), TOBN(0x8eb7dc7f, 0xdd5d1957),
+     TOBN(0xf54a6876, 0x387d4d8f), TOBN(0x9c479409, 0xc7762de4),
+     TOBN(0xbe4d5b5d, 0x99b30778), TOBN(0x25380c56, 0x6e793682),
+     TOBN(0x602d37f3, 0xdac740e3), TOBN(0x140deabe, 0x1566e4ae),
+     TOBN(0x4481d067, 0xafd32acf), TOBN(0xd8f0fcca, 0xe1f71ccf),
+     TOBN(0xd208dd0c, 0xb596f2da), TOBN(0xd049d730, 0x9aad93f9),
+     TOBN(0xc79f263d, 0x42ab580e), TOBN(0x09411bb1, 0x23f707b4),
+     TOBN(0x8cfde1ff, 0x835e0eda), TOBN(0x72707490, 0x90f03402),
+     TOBN(0xeaee6126, 0xc49a861e), TOBN(0x024f3b65, 0xe14f0d06),
+     TOBN(0x51a3f1e8, 0xc69bfc17), TOBN(0xc3c3a8e9, 0xa7686381),
+     TOBN(0x3400752c, 0xb103d4c8), TOBN(0x02bc4613, 0x9218b36b),
+     TOBN(0xc67f75eb, 0x7651504a), TOBN(0xd6848b56, 0xd02aebfa),
+     TOBN(0xbd9802e6, 0xc30fa92b), TOBN(0x5a70d96d, 0x9a552784),
+     TOBN(0x9085c4ea, 0x3f83169b), TOBN(0xfa9423bb, 0x06908228),
+     TOBN(0x2ffebe12, 0xfe97a5b9), TOBN(0x85da6049, 0x71b99118),
+     TOBN(0x9cbc2f7f, 0x63178846), TOBN(0xfd96bc70, 0x9153218e),
+     TOBN(0x958381db, 0x1782269b), TOBN(0xae34bf79, 0x2597e550),
+     TOBN(0xbb5c6064, 0x5f385153), TOBN(0x6f0e96af, 0xe3088048),
+     TOBN(0xbf6a0215, 0x77884456), TOBN(0xb3b5688c, 0x69310ea7),
+     TOBN(0x17c94295, 0x04fad2de), TOBN(0xe020f0e5, 0x17896d4d),
+     TOBN(0x730ba0ab, 0x0976505f), TOBN(0x567f6813, 0x095e2ec5),
+     TOBN(0x47062010, 0x6331ab71), TOBN(0x72cfa977, 0x41d22b9f),
+     TOBN(0x33e55ead, 0x8a2373da), TOBN(0xa8d0d5f4, 0x7ba45a68),
+     TOBN(0xba1d8f9c, 0x03029d15), TOBN(0x8f34f1cc, 0xfc55b9f3),
+     TOBN(0xcca4428d, 0xbbe5a1a9), TOBN(0x8187fd5f, 0x3126bd67),
+     TOBN(0x0036973a, 0x48105826), TOBN(0xa39b6663, 0xb8bd61a0),
+     TOBN(0x6d42deef, 0x2d65a808), TOBN(0x4969044f, 0x94636b19),
+     TOBN(0xf611ee47, 0xdd5d564c), TOBN(0x7b2f3a49, 0xd2873077),
+     TOBN(0x94157d45, 0x300eb294), TOBN(0x2b2a656e, 0x169c1494),
+     TOBN(0xc000dd76, 0xd3a47aa9), TOBN(0xa2864e4f, 0xa6243ea4),
+     TOBN(0x82716c47, 0xdb89842e), TOBN(0x12dfd7d7, 0x61479fb7),
+     TOBN(0x3b9a2c56, 0xe0b2f6dc), TOBN(0x46be862a, 0xd7f85d67),
+     TOBN(0x03b0d8dd, 0x0f82b214), TOBN(0x460c34f9, 0xf103cbc6),
+     TOBN(0xf32e5c03, 0x18d79e19), TOBN(0x8b8888ba, 0xa84117f8),
+     TOBN(0x8f3c37dc, 0xc0722677), TOBN(0x10d21be9, 0x1c1c0f27),
+     TOBN(0xd47c8468, 0xe0f7a0c6), TOBN(0x9bf02213, 0xadecc0e0),
+     TOBN(0x0baa7d12, 0x42b48b99), TOBN(0x1bcb665d, 0x48424096),
+     TOBN(0x8b847cd6, 0xebfb5cfb), TOBN(0x87c2ae56, 0x9ad4d10d),
+     TOBN(0xf1cbb122, 0x0de36726), TOBN(0xe7043c68, 0x3fdfbd21),
+     TOBN(0x4bd0826a, 0x4e79d460), TOBN(0x11f5e598, 0x4bd1a2cb),
+     TOBN(0x97554160, 0xb7fe7b6e), TOBN(0x7d16189a, 0x400a3fb2),
+     TOBN(0xd73e9bea, 0xe328ca1e), TOBN(0x0dd04b97, 0xe793d8cc),
+     TOBN(0xa9c83c9b, 0x506db8cc), TOBN(0x5cd47aae, 0xcf38814c),
+     TOBN(0x26fc430d, 0xb64b45e6), TOBN(0x079b5499, 0xd818ea84),
+     TOBN(0xebb01102, 0xc1c24a3b), TOBN(0xca24e568, 0x1c161c1a),
+     TOBN(0x103eea69, 0x36f00a4a), TOBN(0x9ad76ee8, 0x76176c7b),
+     TOBN(0x97451fc2, 0x538e0ff7), TOBN(0x94f89809, 0x6604b3b0),
+     TOBN(0x6311436e, 0x3249cfd7), TOBN(0x27b4a7bd, 0x41224f69),
+     TOBN(0x03b5d21a, 0xe0ac2941), TOBN(0x279b0254, 0xc2d31937),
+     TOBN(0x3307c052, 0xcac992d0), TOBN(0x6aa7cb92, 0xefa8b1f3),
+     TOBN(0x5a182580, 0x0d37c7a5), TOBN(0x13380c37, 0x342d5422),
+     TOBN(0x92ac2d66, 0xd5d2ef92), TOBN(0x035a70c9, 0x030c63c6),
+     TOBN(0xc16025dd, 0x4ce4f152), TOBN(0x1f419a71, 0xf9df7c06),
+     TOBN(0x6d5b2214, 0x91e4bb14), TOBN(0xfc43c6cc, 0x839fb4ce),
+     TOBN(0x49f06591, 0x925d6b2d), TOBN(0x4b37d9d3, 0x62186598),
+     TOBN(0x8c54a971, 0xd01b1629), TOBN(0xe1a9c29f, 0x51d50e05),
+     TOBN(0x5109b785, 0x71ba1861), TOBN(0x48b22d5c, 0xd0c8f93d),
+     TOBN(0xe8fa84a7, 0x8633bb93), TOBN(0x53fba6ba, 0x5aebbd08),
+     TOBN(0x7ff27df3, 0xe5eea7d8), TOBN(0x521c8796, 0x68ca7158),
+     TOBN(0xb9d5133b, 0xce6f1a05), TOBN(0x2d50cd53, 0xfd0ebee4),
+     TOBN(0xc82115d6, 0xc5a3ef16), TOBN(0x993eff9d, 0xba079221),
+     TOBN(0xe4da2c5e, 0x4b5da81c), TOBN(0x9a89dbdb, 0x8033fd85),
+     TOBN(0x60819ebf, 0x2b892891), TOBN(0x53902b21, 0x5d14a4d5),
+     TOBN(0x6ac35051, 0xd7fda421), TOBN(0xcc6ab885, 0x61c83284),
+     TOBN(0x14eba133, 0xf74cff17), TOBN(0x240aaa03, 0xecb813f2),
+     TOBN(0xcfbb6540, 0x6f665bee), TOBN(0x084b1fe4, 0xa425ad73),
+     TOBN(0x009d5d16, 0xd081f6a6), TOBN(0x35304fe8, 0xeef82c90),
+     TOBN(0xf20346d5, 0xaa9eaa22), TOBN(0x0ada9f07, 0xac1c91e3),
+     TOBN(0xa6e21678, 0x968a6144), TOBN(0x54c1f77c, 0x07b31a1e),
+     TOBN(0xd6bb787e, 0x5781fbe1), TOBN(0x61bd2ee0, 0xe31f1c4a),
+     TOBN(0xf25aa1e9, 0x781105fc), TOBN(0x9cf2971f, 0x7b2f8e80),
+     TOBN(0x26d15412, 0xcdff919b), TOBN(0x01db4ebe, 0x34bc896e),
+     TOBN(0x7d9b3e23, 0xb40df1cf), TOBN(0x59337373, 0x94e971b4),
+     TOBN(0xbf57bd14, 0x669cf921), TOBN(0x865daedf, 0x0c1a1064),
+     TOBN(0x3eb70bd3, 0x83279125), TOBN(0xbc3d5b9f, 0x34ecdaab),
+     TOBN(0x91e3ed7e, 0x5f755caf), TOBN(0x49699f54, 0xd41e6f02),
+     TOBN(0x185770e1, 0xd4a7a15b), TOBN(0x08f3587a, 0xeaac87e7),
+     TOBN(0x352018db, 0x473133ea), TOBN(0x674ce719, 0x04fd30fc),
+     TOBN(0x7b8d9835, 0x088b3e0e), TOBN(0x7a0356a9, 0x5d0d47a1),
+     TOBN(0x9d9e7659, 0x6474a3c4), TOBN(0x61ea48a7, 0xff66966c),
+     TOBN(0x30417758, 0x0f3e4834), TOBN(0xfdbb21c2, 0x17a9afcb),
+     TOBN(0x756fa17f, 0x2f9a67b3), TOBN(0x2a6b2421, 0xa245c1a8),
+     TOBN(0x64be2794, 0x4af02291), TOBN(0xade465c6, 0x2a5804fe),
+     TOBN(0x8dffbd39, 0xa6f08fd7), TOBN(0xc4efa84c, 0xaa14403b),
+     TOBN(0xa1b91b2a, 0x442b0f5c), TOBN(0xb748e317, 0xcf997736),
+     TOBN(0x8d1b62bf, 0xcee90e16), TOBN(0x907ae271, 0x0b2078c0),
+     TOBN(0xdf31534b, 0x0c9bcddd), TOBN(0x043fb054, 0x39adce83),
+     TOBN(0x99031043, 0xd826846a), TOBN(0x61a9c0d6, 0xb144f393),
+     TOBN(0xdab48046, 0x47718427), TOBN(0xdf17ff9b, 0x6e830f8b),
+     TOBN(0x408d7ee8, 0xe49a1347), TOBN(0x6ac71e23, 0x91c1d4ae),
+     TOBN(0xc8cbb9fd, 0x1defd73c), TOBN(0x19840657, 0xbbbbfec5),
+     TOBN(0x39db1cb5, 0x9e7ef8ea), TOBN(0x78aa8296, 0x64105f30),
+     TOBN(0xa3d9b7f0, 0xa3738c29), TOBN(0x0a2f235a, 0xbc3250a3),
+     TOBN(0x55e506f6, 0x445e4caf), TOBN(0x0974f73d, 0x33475f7a),
+     TOBN(0xd37dbba3, 0x5ba2f5a8), TOBN(0x542c6e63, 0x6af40066),
+     TOBN(0x26d99b53, 0xc5d73e2c), TOBN(0x06060d7d, 0x6c3ca33e),
+     TOBN(0xcdbef1c2, 0x065fef4a), TOBN(0x77e60f7d, 0xfd5b92e3),
+     TOBN(0xd7c549f0, 0x26708350), TOBN(0x201b3ad0, 0x34f121bf),
+     TOBN(0x5fcac2a1, 0x0334fc14), TOBN(0x8a9a9e09, 0x344552f6),
+     TOBN(0x7dd8a1d3, 0x97653082), TOBN(0x5fc0738f, 0x79d4f289),
+     TOBN(0x787d244d, 0x17d2d8c3), TOBN(0xeffc6345, 0x70830684),
+     TOBN(0x5ddb96dd, 0xe4f73ae5), TOBN(0x8efb14b1, 0x172549a5),
+     TOBN(0x6eb73eee, 0x2245ae7a), TOBN(0xbca4061e, 0xea11f13e),
+     TOBN(0xb577421d, 0x30b01f5d), TOBN(0xaa688b24, 0x782e152c),
+     TOBN(0x67608e71, 0xbd3502ba), TOBN(0x4ef41f24, 0xb4de75a0),
+     TOBN(0xb08dde5e, 0xfd6125e5), TOBN(0xde484825, 0xa409543f),
+     TOBN(0x1f198d98, 0x65cc2295), TOBN(0x428a3771, 0x6e0edfa2),
+     TOBN(0x4f9697a2, 0xadf35fc7), TOBN(0x01a43c79, 0xf7cac3c7),
+     TOBN(0xb05d7059, 0x0fd3659a), TOBN(0x8927f30c, 0xbb7f2d9a),
+     TOBN(0x4023d1ac, 0x8cf984d3), TOBN(0x32125ed3, 0x02897a45),
+     TOBN(0xfb572dad, 0x3d414205), TOBN(0x73000ef2, 0xe3fa82a9),
+     TOBN(0x4c0868e9, 0xf10a5581), TOBN(0x5b61fc67, 0x6b0b3ca5),
+     TOBN(0xc1258d5b, 0x7cae440c), TOBN(0x21c08b41, 0x402b7531),
+     TOBN(0xf61a8955, 0xde932321), TOBN(0x3568faf8, 0x2d1408af),
+     TOBN(0x71b15e99, 0x9ecf965b), TOBN(0xf14ed248, 0xe917276f),
+     TOBN(0xc6f4caa1, 0x820cf9e2), TOBN(0x681b20b2, 0x18d83c7e),
+     TOBN(0x6cde738d, 0xc6c01120), TOBN(0x71db0813, 0xae70e0db),
+     TOBN(0x95fc0644, 0x74afe18c), TOBN(0x34619053, 0x129e2be7),
+     TOBN(0x80615cea, 0xdb2a3b15), TOBN(0x0a49a19e, 0xdb4c7073),
+     TOBN(0x0e1b84c8, 0x8fd2d367), TOBN(0xd74bf462, 0x033fb8aa),
+     TOBN(0x889f6d65, 0x533ef217), TOBN(0x7158c7e4, 0xc3ca2e87),
+     TOBN(0xfb670dfb, 0xdc2b4167), TOBN(0x75910a01, 0x844c257f),
+     TOBN(0xf336bf07, 0xcf88577d), TOBN(0x22245250, 0xe45e2ace),
+     TOBN(0x2ed92e8d, 0x7ca23d85), TOBN(0x29f8be4c, 0x2b812f58),
+     TOBN(0xdd9ebaa7, 0x076fe12b), TOBN(0x3f2400cb, 0xae1537f9),
+     TOBN(0x1aa93528, 0x17bdfb46), TOBN(0xc0f98430, 0x67883b41),
+     TOBN(0x5590ede1, 0x0170911d), TOBN(0x7562f5bb, 0x34d4b17f),
+     TOBN(0xe1fa1df2, 0x1826b8d2), TOBN(0xb40b796a, 0x6bd80d59),
+     TOBN(0xd65bf197, 0x3467ba92), TOBN(0x8c9b46db, 0xf70954b0),
+     TOBN(0x97c8a0f3, 0x0e78f15d), TOBN(0xa8f3a69a, 0x85a4c961),
+     TOBN(0x4242660f, 0x61e4ce9b), TOBN(0xbf06aab3, 0x6ea6790c),
+     TOBN(0xc6706f8e, 0xec986416), TOBN(0x9e56dec1, 0x9a9fc225),
+     TOBN(0x527c46f4, 0x9a9898d9), TOBN(0xd799e77b, 0x5633cdef),
+     TOBN(0x24eacc16, 0x7d9e4297), TOBN(0xabb61cea, 0x6b1cb734),
+     TOBN(0xbee2e8a7, 0xf778443c), TOBN(0x3bb42bf1, 0x29de2fe6),
+     TOBN(0xcbed86a1, 0x3003bb6f), TOBN(0xd3918e6c, 0xd781cdf6),
+     TOBN(0x4bee3271, 0x9a5103f1), TOBN(0x5243efc6, 0xf50eac06),
+     TOBN(0xb8e122cb, 0x6adcc119), TOBN(0x1b7faa84, 0xc0b80a08),
+     TOBN(0x32c3d1bd, 0x6dfcd08c), TOBN(0x129dec4e, 0x0be427de),
+     TOBN(0x98ab679c, 0x1d263c83), TOBN(0xafc83cb7, 0xcef64eff),
+     TOBN(0x85eb6088, 0x2fa6be76), TOBN(0x892585fb, 0x1328cbfe),
+     TOBN(0xc154d3ed, 0xcf618dda), TOBN(0xc44f601b, 0x3abaf26e),
+     TOBN(0x7bf57d0b, 0x2be1fdfd), TOBN(0xa833bd2d, 0x21137fee),
+     TOBN(0x9353af36, 0x2db591a8), TOBN(0xc76f26dc, 0x5562a056),
+     TOBN(0x1d87e47d, 0x3fdf5a51), TOBN(0x7afb5f93, 0x55c9cab0),
+     TOBN(0x91bbf58f, 0x89e0586e), TOBN(0x7c72c018, 0x0d843709),
+     TOBN(0xa9a5aafb, 0x99b5c3dc), TOBN(0xa48a0f1d, 0x3844aeb0),
+     TOBN(0x7178b7dd, 0xb667e482), TOBN(0x453985e9, 0x6e23a59a),
+     TOBN(0x4a54c860, 0x01b25dd8), TOBN(0x0dd37f48, 0xfb897c8a),
+     TOBN(0x5f8aa610, 0x0ea90cd9), TOBN(0xc8892c68, 0x16d5830d),
+     TOBN(0xeb4befc0, 0xef514ca5), TOBN(0x478eb679, 0xe72c9ee6),
+     TOBN(0x9bca20da, 0xdbc40d5f), TOBN(0xf015de21, 0xdde4f64a),
+     TOBN(0xaa6a4de0, 0xeaf4b8a5), TOBN(0x68cfd9ca, 0x4bc60e32),
+     TOBN(0x668a4b01, 0x7fd15e70), TOBN(0xd9f0694a, 0xf27dc09d),
+     TOBN(0xf6c3cad5, 0xba708bcd), TOBN(0x5cd2ba69, 0x5bb95c2a),
+     TOBN(0xaa28c1d3, 0x33c0a58f), TOBN(0x23e274e3, 0xabc77870),
+     TOBN(0x44c3692d, 0xdfd20a4a), TOBN(0x091c5fd3, 0x81a66653),
+     TOBN(0x6c0bb691, 0x09a0757d), TOBN(0x9072e8b9, 0x667343ea),
+     TOBN(0x31d40eb0, 0x80848bec), TOBN(0x95bd480a, 0x79fd36cc),
+     TOBN(0x01a77c61, 0x65ed43f5), TOBN(0xafccd127, 0x2e0d40bf),
+     TOBN(0xeccfc82d, 0x1cc1884b), TOBN(0xc85ac201, 0x5d4753b4),
+     TOBN(0xc7a6caac, 0x658e099f), TOBN(0xcf46369e, 0x04b27390),
+     TOBN(0xe2e7d049, 0x506467ea), TOBN(0x481b63a2, 0x37cdeccc),
+     TOBN(0x4029abd8, 0xed80143a), TOBN(0x28bfe3c7, 0xbcb00b88),
+     TOBN(0x3bec1009, 0x0643d84a), TOBN(0x885f3668, 0xabd11041),
+     TOBN(0xdb02432c, 0xf83a34d6), TOBN(0x32f7b360, 0x719ceebe),
+     TOBN(0xf06c7837, 0xdad1fe7a), TOBN(0x60a157a9, 0x5441a0b0),
+     TOBN(0x704970e9, 0xe2d47550), TOBN(0xcd2bd553, 0x271b9020),
+     TOBN(0xff57f82f, 0x33e24a0b), TOBN(0x9cbee23f, 0xf2565079),
+     TOBN(0x16353427, 0xeb5f5825), TOBN(0x276feec4, 0xe948d662),
+     TOBN(0xd1b62bc6, 0xda10032b), TOBN(0x718351dd, 0xf0e72a53),
+     TOBN(0x93452076, 0x2420e7ba), TOBN(0x96368fff, 0x3a00118d),
+     TOBN(0x00ce2d26, 0x150a49e4), TOBN(0x0c28b636, 0x3f04706b),
+     TOBN(0xbad65a46, 0x58b196d0), TOBN(0x6c8455fc, 0xec9f8b7c),
+     TOBN(0xe90c895f, 0x2d71867e), TOBN(0x5c0be31b, 0xedf9f38c),
+     TOBN(0x2a37a15e, 0xd8f6ec04), TOBN(0x239639e7, 0x8cd85251),
+     TOBN(0xd8975315, 0x9c7c4c6b), TOBN(0x603aa3c0, 0xd7409af7),
+     TOBN(0xb8d53d0c, 0x007132fb), TOBN(0x68d12af7, 0xa6849238),
+     TOBN(0xbe0607e7, 0xbf5d9279), TOBN(0x9aa50055, 0xaada74ce),
+     TOBN(0xe81079cb, 0xba7e8ccb), TOBN(0x610c71d1, 0xa5f4ff5e),
+     TOBN(0x9e2ee1a7, 0x5aa07093), TOBN(0xca84004b, 0xa75da47c),
+     TOBN(0x074d3951, 0x3de75401), TOBN(0xf938f756, 0xbb311592),
+     TOBN(0x96197618, 0x00a43421), TOBN(0x39a25362, 0x07bc78c8),
+     TOBN(0x278f710a, 0x0a171276), TOBN(0xb28446ea, 0x8d1a8f08),
+     TOBN(0x184781bf, 0xe3b6a661), TOBN(0x7751cb1d, 0xe6d279f7),
+     TOBN(0xf8ff95d6, 0xc59eb662), TOBN(0x186d90b7, 0x58d3dea7),
+     TOBN(0x0e4bb6c1, 0xdfb4f754), TOBN(0x5c5cf56b, 0x2b2801dc),
+     TOBN(0xc561e452, 0x1f54564d), TOBN(0xb4fb8c60, 0xf0dd7f13),
+     TOBN(0xf8849630, 0x33ff98c7), TOBN(0x9619fffa, 0xcf17769c),
+     TOBN(0xf8090bf6, 0x1bfdd80a), TOBN(0x14d9a149, 0x422cfe63),
+     TOBN(0xb354c360, 0x6f6df9ea), TOBN(0xdbcf770d, 0x218f17ea),
+     TOBN(0x207db7c8, 0x79eb3480), TOBN(0x213dbda8, 0x559b6a26),
+     TOBN(0xac4c200b, 0x29fc81b3), TOBN(0xebc3e09f, 0x171d87c1),
+     TOBN(0x91799530, 0x1481aa9e), TOBN(0x051b92e1, 0x92e114fa),
+     TOBN(0xdf8f92e9, 0xecb5537f), TOBN(0x44b1b2cc, 0x290c7483),
+     TOBN(0xa711455a, 0x2adeb016), TOBN(0x964b6856, 0x81a10c2c),
+     TOBN(0x4f159d99, 0xcec03623), TOBN(0x05532225, 0xef3271ea),
+     TOBN(0xb231bea3, 0xc5ee4849), TOBN(0x57a54f50, 0x7094f103),
+     TOBN(0x3e2d421d, 0x9598b352), TOBN(0xe865a49c, 0x67412ab4),
+     TOBN(0xd2998a25, 0x1cc3a912), TOBN(0x5d092808, 0x0c74d65d),
+     TOBN(0x73f45908, 0x4088567a), TOBN(0xeb6b280e, 0x1f214a61),
+     TOBN(0x8c9adc34, 0xcaf0c13d), TOBN(0x39d12938, 0xf561fb80),
+     TOBN(0xb2dc3a5e, 0xbc6edfb4), TOBN(0x7485b1b1, 0xfe4d210e),
+     TOBN(0x062e0400, 0xe186ae72), TOBN(0x91e32d5c, 0x6eeb3b88),
+     TOBN(0x6df574d7, 0x4be59224), TOBN(0xebc88ccc, 0x716d55f3),
+     TOBN(0x26c2e6d0, 0xcad6ed33), TOBN(0xc6e21e7d, 0x0d3e8b10),
+     TOBN(0x2cc5840e, 0x5bcc36bb), TOBN(0x9292445e, 0x7da74f69),
+     TOBN(0x8be8d321, 0x4e5193a8), TOBN(0x3ec23629, 0x8df06413),
+     TOBN(0xc7e9ae85, 0xb134defa), TOBN(0x6073b1d0, 0x1bb2d475),
+     TOBN(0xb9ad615e, 0x2863c00d), TOBN(0x9e29493d, 0x525f4ac4),
+     TOBN(0xc32b1dea, 0x4e9acf4f), TOBN(0x3e1f01c8, 0xa50db88d),
+     TOBN(0xb05d70ea, 0x04da916c), TOBN(0x714b0d0a, 0xd865803e),
+     TOBN(0x4bd493fc, 0x9920cb5e), TOBN(0x5b44b1f7, 0x92c7a3ac),
+     TOBN(0xa2a77293, 0xbcec9235), TOBN(0x5ee06e87, 0xcd378553),
+     TOBN(0xceff8173, 0xda621607), TOBN(0x2bb03e4c, 0x99f5d290),
+     TOBN(0x2945106a, 0xa6f734ac), TOBN(0xb5056604, 0xd25c4732),
+     TOBN(0x5945920c, 0xe079afee), TOBN(0x686e17a0, 0x6789831f),
+     TOBN(0x5966bee8, 0xb74a5ae5), TOBN(0x38a673a2, 0x1e258d46),
+     TOBN(0xbd1cc1f2, 0x83141c95), TOBN(0x3b2ecf4f, 0x0e96e486),
+     TOBN(0xcd3aa896, 0x74e5fc78), TOBN(0x415ec10c, 0x2482fa7a),
+     TOBN(0x15234419, 0x80503380), TOBN(0x513d917a, 0xd314b392),
+     TOBN(0xb0b52f4e, 0x63caecae), TOBN(0x07bf22ad, 0x2dc7780b),
+     TOBN(0xe761e8a1, 0xe4306839), TOBN(0x1b3be962, 0x5dd7feaa),
+     TOBN(0x4fe728de, 0x74c778f1), TOBN(0xf1fa0bda, 0x5e0070f6),
+     TOBN(0x85205a31, 0x6ec3f510), TOBN(0x2c7e4a14, 0xd2980475),
+     TOBN(0xde3c19c0, 0x6f30ebfd), TOBN(0xdb1c1f38, 0xd4b7e644),
+     TOBN(0xfe291a75, 0x5dce364a), TOBN(0xb7b22a3c, 0x058f5be3),
+     TOBN(0x2cd2c302, 0x37fea38c), TOBN(0x2930967a, 0x2e17be17),
+     TOBN(0x87f009de, 0x0c061c65), TOBN(0xcb014aac, 0xedc6ed44),
+     TOBN(0x49bd1cb4, 0x3bafb1eb), TOBN(0x81bd8b5c, 0x282d3688),
+     TOBN(0x1cdab87e, 0xf01a17af), TOBN(0x21f37ac4, 0xe710063b),
+     TOBN(0x5a6c5676, 0x42fc8193), TOBN(0xf4753e70, 0x56a6015c),
+     TOBN(0x020f795e, 0xa15b0a44), TOBN(0x8f37c8d7, 0x8958a958),
+     TOBN(0x63b7e89b, 0xa4b675b5), TOBN(0xb4fb0c0c, 0x0fc31aea),
+     TOBN(0xed95e639, 0xa7ff1f2e), TOBN(0x9880f5a3, 0x619614fb),
+     TOBN(0xdeb6ff02, 0x947151ab), TOBN(0x5bc5118c, 0xa868dcdb),
+     TOBN(0xd8da2055, 0x4c20cea5), TOBN(0xcac2776e, 0x14c4d69a),
+     TOBN(0xcccb22c1, 0x622d599b), TOBN(0xa4ddb653, 0x68a9bb50),
+     TOBN(0x2c4ff151, 0x1b4941b4), TOBN(0xe1ff19b4, 0x6efba588),
+     TOBN(0x35034363, 0xc48345e0), TOBN(0x45542e3d, 0x1e29dfc4),
+     TOBN(0xf197cb91, 0x349f7aed), TOBN(0x3b2b5a00, 0x8fca8420),
+     TOBN(0x7c175ee8, 0x23aaf6d8), TOBN(0x54dcf421, 0x35af32b6),
+     TOBN(0x0ba14307, 0x27d6561e), TOBN(0x879d5ee4, 0xd175b1e2),
+     TOBN(0xc7c43673, 0x99807db5), TOBN(0x77a54455, 0x9cd55bcd),
+     TOBN(0xe6c2ff13, 0x0105c072), TOBN(0x18f7a99f, 0x8dda7da4),
+     TOBN(0x4c301820, 0x0e2d35c1), TOBN(0x06a53ca0, 0xd9cc6c82),
+     TOBN(0xaa21cc1e, 0xf1aa1d9e), TOBN(0x32414334, 0x4a75b1e8),
+     TOBN(0x2a6d1328, 0x0ebe9fdc), TOBN(0x16bd173f, 0x98a4755a),
+     TOBN(0xfbb9b245, 0x2133ffd9), TOBN(0x39a8b2f1, 0x830f1a20),
+     TOBN(0x484bc97d, 0xd5a1f52a), TOBN(0xd6aebf56, 0xa40eddf8),
+     TOBN(0x32257acb, 0x76ccdac6), TOBN(0xaf4d36ec, 0x1586ff27),
+     TOBN(0x8eaa8863, 0xf8de7dd1), TOBN(0x0045d5cf, 0x88647c16)}
+    ,
+    {TOBN(0xa6f3d574, 0xc005979d), TOBN(0xc2072b42, 0x6a40e350),
+     TOBN(0xfca5c156, 0x8de2ecf9), TOBN(0xa8c8bf5b, 0xa515344e),
+     TOBN(0x97aee555, 0x114df14a), TOBN(0xd4374a4d, 0xfdc5ec6b),
+     TOBN(0x754cc28f, 0x2ca85418), TOBN(0x71cb9e27, 0xd3c41f78),
+     TOBN(0x89105079, 0x03605c39), TOBN(0xf0843d9e, 0xa142c96c),
+     TOBN(0xf3744934, 0x16923684), TOBN(0x732caa2f, 0xfa0a2893),
+     TOBN(0xb2e8c270, 0x61160170), TOBN(0xc32788cc, 0x437fbaa3),
+     TOBN(0x39cd818e, 0xa6eda3ac), TOBN(0xe2e94239, 0x9e2b2e07),
+     TOBN(0x6967d39b, 0x0260e52a), TOBN(0xd42585cc, 0x90653325),
+     TOBN(0x0d9bd605, 0x21ca7954), TOBN(0x4fa20877, 0x81ed57b3),
+     TOBN(0x60c1eff8, 0xe34a0bbe), TOBN(0x56b0040c, 0x84f6ef64),
+     TOBN(0x28be2b24, 0xb1af8483), TOBN(0xb2278163, 0xf5531614),
+     TOBN(0x8df27545, 0x5922ac1c), TOBN(0xa7b3ef5c, 0xa52b3f63),
+     TOBN(0x8e77b214, 0x71de57c4), TOBN(0x31682c10, 0x834c008b),
+     TOBN(0xc76824f0, 0x4bd55d31), TOBN(0xb6d1c086, 0x17b61c71),
+     TOBN(0x31db0903, 0xc2a5089d), TOBN(0x9c092172, 0x184e5d3f),
+     TOBN(0xdd7ced5b, 0xc00cc638), TOBN(0x1a2015eb, 0x61278fc2),
+     TOBN(0x2e8e5288, 0x6a37f8d6), TOBN(0xc457786f, 0xe79933ad),
+     TOBN(0xb3fe4cce, 0x2c51211a), TOBN(0xad9b10b2, 0x24c20498),
+     TOBN(0x90d87a4f, 0xd28db5e5), TOBN(0x698cd105, 0x3aca2fc3),
+     TOBN(0x4f112d07, 0xe91b536d), TOBN(0xceb982f2, 0x9eba09d6),
+     TOBN(0x3c157b2c, 0x197c396f), TOBN(0xe23c2d41, 0x7b66eb24),
+     TOBN(0x480c57d9, 0x3f330d37), TOBN(0xb3a4c8a1, 0x79108deb),
+     TOBN(0x702388de, 0xcb199ce5), TOBN(0x0b019211, 0xb944a8d4),
+     TOBN(0x24f2a692, 0x840bb336), TOBN(0x7c353bdc, 0xa669fa7b),
+     TOBN(0xda20d6fc, 0xdec9c300), TOBN(0x625fbe2f, 0xa13a4f17),
+     TOBN(0xa2b1b61a, 0xdbc17328), TOBN(0x008965bf, 0xa9515621),
+     TOBN(0x49690939, 0xc620ff46), TOBN(0x182dd27d, 0x8717e91c),
+     TOBN(0x5ace5035, 0xea6c3997), TOBN(0x54259aaa, 0xc2610bef),
+     TOBN(0xef18bb3f, 0x3c80dd39), TOBN(0x6910b95b, 0x5fc3fa39),
+     TOBN(0xfce2f510, 0x43e09aee), TOBN(0xced56c9f, 0xa7675665),
+     TOBN(0x10e265ac, 0xd872db61), TOBN(0x6982812e, 0xae9fce69),
+     TOBN(0x29be11c6, 0xce800998), TOBN(0x72bb1752, 0xb90360d9),
+     TOBN(0x2c193197, 0x5a4ad590), TOBN(0x2ba2f548, 0x9fc1dbc0),
+     TOBN(0x7fe4eebb, 0xe490ebe0), TOBN(0x12a0a4cd, 0x7fae11c0),
+     TOBN(0x7197cf81, 0xe903ba37), TOBN(0xcf7d4aa8, 0xde1c6dd8),
+     TOBN(0x92af6bf4, 0x3fd5684c), TOBN(0x2b26eecf, 0x80360aa1),
+     TOBN(0xbd960f30, 0x00546a82), TOBN(0x407b3c43, 0xf59ad8fe),
+     TOBN(0x86cae5fe, 0x249c82ba), TOBN(0x9e0faec7, 0x2463744c),
+     TOBN(0x87f551e8, 0x94916272), TOBN(0x033f9344, 0x6ceb0615),
+     TOBN(0x1e5eb0d1, 0x8be82e84), TOBN(0x89967f0e, 0x7a582fef),
+     TOBN(0xbcf687d5, 0xa6e921fa), TOBN(0xdfee4cf3, 0xd37a09ba),
+     TOBN(0x94f06965, 0xb493c465), TOBN(0x638b9a1c, 0x7635c030),
+     TOBN(0x76667864, 0x66f05e9f), TOBN(0xccaf6808, 0xc04da725),
+     TOBN(0xca2eb690, 0x768fccfc), TOBN(0xf402d37d, 0xb835b362),
+     TOBN(0x0efac0d0, 0xe2fdfcce), TOBN(0xefc9cdef, 0xb638d990),
+     TOBN(0x2af12b72, 0xd1669a8b), TOBN(0x33c536bc, 0x5774ccbd),
+     TOBN(0x30b21909, 0xfb34870e), TOBN(0xc38fa2f7, 0x7df25aca),
+     TOBN(0x74c5f02b, 0xbf81f3f5), TOBN(0x0525a5ae, 0xaf7e4581),
+     TOBN(0x88d2aaba, 0x433c54ae), TOBN(0xed9775db, 0x806a56c5),
+     TOBN(0xd320738a, 0xc0edb37d), TOBN(0x25fdb6ee, 0x66cc1f51),
+     TOBN(0xac661d17, 0x10600d76), TOBN(0x931ec1f3, 0xbdd1ed76),
+     TOBN(0x65c11d62, 0x19ee43f1), TOBN(0x5cd57c3e, 0x60829d97),
+     TOBN(0xd26c91a3, 0x984be6e8), TOBN(0xf08d9309, 0x8b0c53bd),
+     TOBN(0x94bc9e5b, 0xc016e4ea), TOBN(0xd3916839, 0x11d43d2b),
+     TOBN(0x886c5ad7, 0x73701155), TOBN(0xe0377626, 0x20b00715),
+     TOBN(0x7f01c9ec, 0xaa80ba59), TOBN(0x3083411a, 0x68538e51),
+     TOBN(0x970370f1, 0xe88128af), TOBN(0x625cc3db, 0x91dec14b),
+     TOBN(0xfef9666c, 0x01ac3107), TOBN(0xb2a8d577, 0xd5057ac3),
+     TOBN(0xb0f26299, 0x92be5df7), TOBN(0xf579c8e5, 0x00353924),
+     TOBN(0xb8fa3d93, 0x1341ed7a), TOBN(0x4223272c, 0xa7b59d49),
+     TOBN(0x3dcb1947, 0x83b8c4a4), TOBN(0x4e413c01, 0xed1302e4),
+     TOBN(0x6d999127, 0xe17e44ce), TOBN(0xee86bf75, 0x33b3adfb),
+     TOBN(0xf6902fe6, 0x25aa96ca), TOBN(0xb73540e4, 0xe5aae47d),
+     TOBN(0x32801d7b, 0x1b4a158c), TOBN(0xe571c99e, 0x27e2a369),
+     TOBN(0x40cb76c0, 0x10d9f197), TOBN(0xc308c289, 0x3167c0ae),
+     TOBN(0xa6ef9dd3, 0xeb7958f2), TOBN(0xa7226dfc, 0x300879b1),
+     TOBN(0x6cd0b362, 0x7edf0636), TOBN(0x4efbce6c, 0x7bc37eed),
+     TOBN(0x75f92a05, 0x8d699021), TOBN(0x586d4c79, 0x772566e3),
+     TOBN(0x378ca5f1, 0x761ad23a), TOBN(0x650d86fc, 0x1465a8ac),
+     TOBN(0x7a4ed457, 0x842ba251), TOBN(0x6b65e3e6, 0x42234933),
+     TOBN(0xaf1543b7, 0x31aad657), TOBN(0xa4cefe98, 0xcbfec369),
+     TOBN(0xb587da90, 0x9f47befb), TOBN(0x6562e9fb, 0x41312d13),
+     TOBN(0xa691ea59, 0xeff1cefe), TOBN(0xcc30477a, 0x05fc4cf6),
+     TOBN(0xa1632461, 0x0b0ffd3d), TOBN(0xa1f16f3b, 0x5b355956),
+     TOBN(0x5b148d53, 0x4224ec24), TOBN(0xdc834e7b, 0xf977012a),
+     TOBN(0x7bfc5e75, 0xb2c69dbc), TOBN(0x3aa77a29, 0x03c3da6c),
+     TOBN(0xde0df03c, 0xca910271), TOBN(0xcbd5ca4a, 0x7806dc55),
+     TOBN(0xe1ca5807, 0x6db476cb), TOBN(0xfde15d62, 0x5f37a31e),
+     TOBN(0xf49af520, 0xf41af416), TOBN(0x96c5c5b1, 0x7d342db5),
+     TOBN(0x155c43b7, 0xeb4ceb9b), TOBN(0x2e993010, 0x4e77371a),
+     TOBN(0x1d2987da, 0x675d43af), TOBN(0xef2bc1c0, 0x8599fd72),
+     TOBN(0x96894b7b, 0x9342f6b2), TOBN(0x201eadf2, 0x7c8e71f0),
+     TOBN(0xf3479d9f, 0x4a1f3efc), TOBN(0xe0f8a742, 0x702a9704),
+     TOBN(0xeafd44b6, 0xb3eba40c), TOBN(0xf9739f29, 0xc1c1e0d0),
+     TOBN(0x0091471a, 0x619d505e), TOBN(0xc15f9c96, 0x9d7c263e),
+     TOBN(0x5be47285, 0x83afbe33), TOBN(0xa3b6d6af, 0x04f1e092),
+     TOBN(0xe76526b9, 0x751a9d11), TOBN(0x2ec5b26d, 0x9a4ae4d2),
+     TOBN(0xeb66f4d9, 0x02f6fb8d), TOBN(0x4063c561, 0x96912164),
+     TOBN(0xeb7050c1, 0x80ef3000), TOBN(0x288d1c33, 0xeaa5b3f0),
+     TOBN(0xe87c68d6, 0x07806fd8), TOBN(0xb2f7f9d5, 0x4bbbf50f),
+     TOBN(0x25972f3a, 0xac8d6627), TOBN(0xf8547774, 0x10e8c13b),
+     TOBN(0xcc50ef6c, 0x872b4a60), TOBN(0xab2a34a4, 0x4613521b),
+     TOBN(0x39c5c190, 0x983e15d1), TOBN(0x61dde5df, 0x59905512),
+     TOBN(0xe417f621, 0x9f2275f3), TOBN(0x0750c8b6, 0x451d894b),
+     TOBN(0x75b04ab9, 0x78b0bdaa), TOBN(0x3bfd9fd4, 0x458589bd),
+     TOBN(0xf1013e30, 0xee9120b6), TOBN(0x2b51af93, 0x23a4743e),
+     TOBN(0xea96ffae, 0x48d14d9e), TOBN(0x71dc0dbe, 0x698a1d32),
+     TOBN(0x914962d2, 0x0180cca4), TOBN(0x1ae60677, 0xc3568963),
+     TOBN(0x8cf227b1, 0x437bc444), TOBN(0xc650c83b, 0xc9962c7a),
+     TOBN(0x23c2c7dd, 0xfe7ccfc4), TOBN(0xf925c89d, 0x1b929d48),
+     TOBN(0x4460f74b, 0x06783c33), TOBN(0xac2c8d49, 0xa590475a),
+     TOBN(0xfb40b407, 0xb807bba0), TOBN(0x9d1e362d, 0x69ff8f3a),
+     TOBN(0xa33e9681, 0xcbef64a4), TOBN(0x67ece5fa, 0x332fb4b2),
+     TOBN(0x6900a99b, 0x739f10e3), TOBN(0xc3341ca9, 0xff525925),
+     TOBN(0xee18a626, 0xa9e2d041), TOBN(0xa5a83685, 0x29580ddd),
+     TOBN(0xf3470c81, 0x9d7de3cd), TOBN(0xedf02586, 0x2062cf9c),
+     TOBN(0xf43522fa, 0xc010edb0), TOBN(0x30314135, 0x13a4b1ae),
+     TOBN(0xc792e02a, 0xdb22b94b), TOBN(0x993d8ae9, 0xa1eaa45b),
+     TOBN(0x8aad6cd3, 0xcd1e1c63), TOBN(0x89529ca7, 0xc5ce688a),
+     TOBN(0x2ccee3aa, 0xe572a253), TOBN(0xe02b6438, 0x02a21efb),
+     TOBN(0xa7091b6e, 0xc9430358), TOBN(0x06d1b1fa, 0x9d7db504),
+     TOBN(0x58846d32, 0xc4744733), TOBN(0x40517c71, 0x379f9e34),
+     TOBN(0x2f65655f, 0x130ef6ca), TOBN(0x526e4488, 0xf1f3503f),
+     TOBN(0x8467bd17, 0x7ee4a976), TOBN(0x1d9dc913, 0x921363d1),
+     TOBN(0xd8d24c33, 0xb069e041), TOBN(0x5eb5da0a, 0x2cdf7f51),
+     TOBN(0x1c0f3cb1, 0x197b994f), TOBN(0x3c95a6c5, 0x2843eae9),
+     TOBN(0x7766ffc9, 0xa6097ea5), TOBN(0x7bea4093, 0xd723b867),
+     TOBN(0xb48e1f73, 0x4db378f9), TOBN(0x70025b00, 0xe37b77ac),
+     TOBN(0x943dc8e7, 0xaf24ad46), TOBN(0xb98a15ac, 0x16d00a85),
+     TOBN(0x3adc38ba, 0x2743b004), TOBN(0xb1c7f4f7, 0x334415ee),
+     TOBN(0xea43df8f, 0x1e62d05a), TOBN(0x32618905, 0x9d76a3b6),
+     TOBN(0x2fbd0bb5, 0xa23a0f46), TOBN(0x5bc971db, 0x6a01918c),
+     TOBN(0x7801d94a, 0xb4743f94), TOBN(0xb94df65e, 0x676ae22b),
+     TOBN(0xaafcbfab, 0xaf95894c), TOBN(0x7b9bdc07, 0x276b2241),
+     TOBN(0xeaf98362, 0x5bdda48b), TOBN(0x5977faf2, 0xa3fcb4df),
+     TOBN(0xbed042ef, 0x052c4b5b), TOBN(0x9fe87f71, 0x067591f0),
+     TOBN(0xc89c73ca, 0x22f24ec7), TOBN(0x7d37fa9e, 0xe64a9f1b),
+     TOBN(0x2710841a, 0x15562627), TOBN(0x2c01a613, 0xc243b034),
+     TOBN(0x1d135c56, 0x2bc68609), TOBN(0xc2ca1715, 0x8b03f1f6),
+     TOBN(0xc9966c2d, 0x3eb81d82), TOBN(0xc02abf4a, 0x8f6df13e),
+     TOBN(0x77b34bd7, 0x8f72b43b), TOBN(0xaff6218f, 0x360c82b0),
+     TOBN(0x0aa5726c, 0x8d55b9d2), TOBN(0xdc0adbe9, 0x99e9bffb),
+     TOBN(0x9097549c, 0xefb9e72a), TOBN(0x16755712, 0x9dfb3111),
+     TOBN(0xdd8bf984, 0xf26847f9), TOBN(0xbcb8e387, 0xdfb30cb7),
+     TOBN(0xc1fd32a7, 0x5171ef9c), TOBN(0x977f3fc7, 0x389b363f),
+     TOBN(0x116eaf2b, 0xf4babda0), TOBN(0xfeab68bd, 0xf7113c8e),
+     TOBN(0xd1e3f064, 0xb7def526), TOBN(0x1ac30885, 0xe0b3fa02),
+     TOBN(0x1c5a6e7b, 0x40142d9d), TOBN(0x839b5603, 0x30921c0b),
+     TOBN(0x48f301fa, 0x36a116a3), TOBN(0x380e1107, 0xcfd9ee6d),
+     TOBN(0x7945ead8, 0x58854be1), TOBN(0x4111c12e, 0xcbd4d49d),
+     TOBN(0xece3b1ec, 0x3a29c2ef), TOBN(0x6356d404, 0x8d3616f5),
+     TOBN(0x9f0d6a8f, 0x594d320e), TOBN(0x0989316d, 0xf651ccd2),
+     TOBN(0x6c32117a, 0x0f8fdde4), TOBN(0x9abe5cc5, 0xa26a9bbc),
+     TOBN(0xcff560fb, 0x9723f671), TOBN(0x21b2a12d, 0x7f3d593c),
+     TOBN(0xe4cb18da, 0x24ba0696), TOBN(0x186e2220, 0xc3543384),
+     TOBN(0x722f64e0, 0x88312c29), TOBN(0x94282a99, 0x17dc7752),
+     TOBN(0x62467bbf, 0x5a85ee89), TOBN(0xf435c650, 0xf10076a0),
+     TOBN(0xc9ff1539, 0x43b3a50b), TOBN(0x7132130c, 0x1a53efbc),
+     TOBN(0x31bfe063, 0xf7b0c5b7), TOBN(0xb0179a7d, 0x4ea994cc),
+     TOBN(0x12d064b3, 0xc85f455b), TOBN(0x47259328, 0x8f6e0062),
+     TOBN(0xf64e590b, 0xb875d6d9), TOBN(0x22dd6225, 0xad92bcc7),
+     TOBN(0xb658038e, 0xb9c3bd6d), TOBN(0x00cdb0d6, 0xfbba27c8),
+     TOBN(0x0c681337, 0x1062c45d), TOBN(0xd8515b8c, 0x2d33407d),
+     TOBN(0xcb8f699e, 0x8cbb5ecf), TOBN(0x8c4347f8, 0xc608d7d8),
+     TOBN(0x2c11850a, 0xbb3e00db), TOBN(0x20a8dafd, 0xecb49d19),
+     TOBN(0xbd781480, 0x45ee2f40), TOBN(0x75e354af, 0x416b60cf),
+     TOBN(0xde0b58a1, 0x8d49a8c4), TOBN(0xe40e94e2, 0xfa359536),
+     TOBN(0xbd4fa59f, 0x62accd76), TOBN(0x05cf466a, 0x8c762837),
+     TOBN(0xb5abda99, 0x448c277b), TOBN(0x5a9e01bf, 0x48b13740),
+     TOBN(0x9d457798, 0x326aad8d), TOBN(0xbdef4954, 0xc396f7e7),
+     TOBN(0x6fb274a2, 0xc253e292), TOBN(0x2800bf0a, 0x1cfe53e7),
+     TOBN(0x22426d31, 0x44438fd4), TOBN(0xef233923, 0x5e259f9a),
+     TOBN(0x4188503c, 0x03f66264), TOBN(0x9e5e7f13, 0x7f9fdfab),
+     TOBN(0x565eb76c, 0x5fcc1aba), TOBN(0xea632548, 0x59b5bff8),
+     TOBN(0x5587c087, 0xaab6d3fa), TOBN(0x92b639ea, 0x6ce39c1b),
+     TOBN(0x0706e782, 0x953b135c), TOBN(0x7308912e, 0x425268ef),
+     TOBN(0x599e92c7, 0x090e7469), TOBN(0x83b90f52, 0x9bc35e75),
+     TOBN(0x4750b3d0, 0x244975b3), TOBN(0xf3a44358, 0x11965d72),
+     TOBN(0x179c6774, 0x9c8dc751), TOBN(0xff18cdfe, 0xd23d9ff0),
+     TOBN(0xc4013833, 0x2028e247), TOBN(0x96e280e2, 0xf3bfbc79),
+     TOBN(0xf60417bd, 0xd0880a84), TOBN(0x263c9f3d, 0x2a568151),
+     TOBN(0x36be15b3, 0x2d2ce811), TOBN(0x846dc0c2, 0xf8291d21),
+     TOBN(0x5cfa0ecb, 0x789fcfdb), TOBN(0x45a0beed, 0xd7535b9a),
+     TOBN(0xec8e9f07, 0x96d69af1), TOBN(0x31a7c5b8, 0x599ab6dc),
+     TOBN(0xd36d45ef, 0xf9e2e09f), TOBN(0x3cf49ef1, 0xdcee954b),
+     TOBN(0x6be34cf3, 0x086cff9b), TOBN(0x88dbd491, 0x39a3360f),
+     TOBN(0x1e96b8cc, 0x0dbfbd1d), TOBN(0xc1e5f7bf, 0xcb7e2552),
+     TOBN(0x0547b214, 0x28819d98), TOBN(0xc770dd9c, 0x7aea9dcb),
+     TOBN(0xaef0d4c7, 0x041d68c8), TOBN(0xcc2b9818, 0x13cb9ba8),
+     TOBN(0x7fc7bc76, 0xfe86c607), TOBN(0x6b7b9337, 0x502a9a95),
+     TOBN(0x1948dc27, 0xd14dab63), TOBN(0x249dd198, 0xdae047be),
+     TOBN(0xe8356584, 0xa981a202), TOBN(0x3531dd18, 0x3a893387),
+     TOBN(0x1be11f90, 0xc85c7209), TOBN(0x93d2fe1e, 0xe2a52b5a),
+     TOBN(0x8225bfe2, 0xec6d6b97), TOBN(0x9cf6d6f4, 0xbd0aa5de),
+     TOBN(0x911459cb, 0x54779f5f), TOBN(0x5649cddb, 0x86aeb1f3),
+     TOBN(0x32133579, 0x3f26ce5a), TOBN(0xc289a102, 0x550f431e),
+     TOBN(0x559dcfda, 0x73b84c6f), TOBN(0x84973819, 0xee3ac4d7),
+     TOBN(0xb51e55e6, 0xf2606a82), TOBN(0xe25f7061, 0x90f2fb57),
+     TOBN(0xacef6c2a, 0xb1a4e37c), TOBN(0x864e359d, 0x5dcf2706),
+     TOBN(0x479e6b18, 0x7ce57316), TOBN(0x2cab2500, 0x3a96b23d),
+     TOBN(0xed489862, 0x8ef16df7), TOBN(0x2056538c, 0xef3758b5),
+     TOBN(0xa7df865e, 0xf15d3101), TOBN(0x80c5533a, 0x61b553d7),
+     TOBN(0x366e1997, 0x4ed14294), TOBN(0x6620741f, 0xb3c0bcd6),
+     TOBN(0x21d1d9c4, 0xedc45418), TOBN(0x005b859e, 0xc1cc4a9d),
+     TOBN(0xdf01f630, 0xa1c462f0), TOBN(0x15d06cf3, 0xf26820c7),
+     TOBN(0x9f7f24ee, 0x3484be47), TOBN(0x2ff33e96, 0x4a0c902f),
+     TOBN(0x00bdf457, 0x5a0bc453), TOBN(0x2378dfaf, 0x1aa238db),
+     TOBN(0x272420ec, 0x856720f2), TOBN(0x2ad9d95b, 0x96797291),
+     TOBN(0xd1242cc6, 0x768a1558), TOBN(0x2e287f8b, 0x5cc86aa8),
+     TOBN(0x796873d0, 0x990cecaa), TOBN(0xade55f81, 0x675d4080),
+     TOBN(0x2645eea3, 0x21f0cd84), TOBN(0x7a1efa0f, 0xb4e17d02),
+     TOBN(0xf6858420, 0x037cc061), TOBN(0x682e05f0, 0xd5d43e12),
+     TOBN(0x59c36994, 0x27218710), TOBN(0x85cbba4d, 0x3f7cd2fc),
+     TOBN(0x726f9729, 0x7a3cd22a), TOBN(0x9f8cd5dc, 0x4a628397),
+     TOBN(0x17b93ab9, 0xc23165ed), TOBN(0xff5f5dbf, 0x122823d4),
+     TOBN(0xc1e4e4b5, 0x654a446d), TOBN(0xd1a9496f, 0x677257ba),
+     TOBN(0x6387ba94, 0xde766a56), TOBN(0x23608bc8, 0x521ec74a),
+     TOBN(0x16a522d7, 0x6688c4d4), TOBN(0x9d6b4282, 0x07373abd),
+     TOBN(0xa62f07ac, 0xb42efaa3), TOBN(0xf73e00f7, 0xe3b90180),
+     TOBN(0x36175fec, 0x49421c3e), TOBN(0xc4e44f9b, 0x3dcf2678),
+     TOBN(0x76df436b, 0x7220f09f), TOBN(0x172755fb, 0x3aa8b6cf),
+     TOBN(0xbab89d57, 0x446139cc), TOBN(0x0a0a6e02, 0x5fe0208f),
+     TOBN(0xcdbb63e2, 0x11e5d399), TOBN(0x33ecaa12, 0xa8977f0b),
+     TOBN(0x59598b21, 0xf7c42664), TOBN(0xb3e91b32, 0xab65d08a),
+     TOBN(0x035822ee, 0xf4502526), TOBN(0x1dcf0176, 0x720a82a9),
+     TOBN(0x50f8598f, 0x3d589e02), TOBN(0xdf0478ff, 0xb1d63d2c),
+     TOBN(0x8b8068bd, 0x1571cd07), TOBN(0x30c3aa4f, 0xd79670cd),
+     TOBN(0x25e8fd4b, 0x941ade7f), TOBN(0x3d1debdc, 0x32790011),
+     TOBN(0x65b6dcbd, 0x3a3f9ff0), TOBN(0x282736a4, 0x793de69c),
+     TOBN(0xef69a0c3, 0xd41d3bd3), TOBN(0xb533b8c9, 0x07a26bde),
+     TOBN(0xe2801d97, 0xdb2edf9f), TOBN(0xdc4a8269, 0xe1877af0),
+     TOBN(0x6c1c5851, 0x3d590dbe), TOBN(0x84632f6b, 0xee4e9357),
+     TOBN(0xd36d36b7, 0x79b33374), TOBN(0xb46833e3, 0x9bbca2e6),
+     TOBN(0x37893913, 0xf7fc0586), TOBN(0x385315f7, 0x66bf4719),
+     TOBN(0x72c56293, 0xb31855dc), TOBN(0xd1416d4e, 0x849061fe),
+     TOBN(0xbeb3ab78, 0x51047213), TOBN(0x447f6e61, 0xf040c996),
+     TOBN(0xd06d310d, 0x638b1d0c), TOBN(0xe28a413f, 0xbad1522e),
+     TOBN(0x685a76cb, 0x82003f86), TOBN(0x610d07f7, 0x0bcdbca3),
+     TOBN(0x6ff66021, 0x9ca4c455), TOBN(0x7df39b87, 0xcea10eec),
+     TOBN(0xb9255f96, 0xe22db218), TOBN(0x8cc6d9eb, 0x08a34c44),
+     TOBN(0xcd4ffb86, 0x859f9276), TOBN(0x8fa15eb2, 0x50d07335),
+     TOBN(0xdf553845, 0xcf2c24b5), TOBN(0x89f66a9f, 0x52f9c3ba),
+     TOBN(0x8f22b5b9, 0xe4a7ceb3), TOBN(0xaffef809, 0x0e134686),
+     TOBN(0x3e53e1c6, 0x8eb8fac2), TOBN(0x93c1e4eb, 0x28aec98e),
+     TOBN(0xb6b91ec5, 0x32a43bcb), TOBN(0x2dbfa947, 0xb2d74a51),
+     TOBN(0xe065d190, 0xca84bad7), TOBN(0xfb13919f, 0xad58e65c),
+     TOBN(0x3c41718b, 0xf1cb6e31), TOBN(0x688969f0, 0x06d05c3f),
+     TOBN(0xd4f94ce7, 0x21264d45), TOBN(0xfdfb65e9, 0x7367532b),
+     TOBN(0x5b1be8b1, 0x0945a39d), TOBN(0x229f789c, 0x2b8baf3b),
+     TOBN(0xd8f41f3e, 0x6f49f15d), TOBN(0x678ce828, 0x907f0792),
+     TOBN(0xc69ace82, 0xfca6e867), TOBN(0x106451ae, 0xd01dcc89),
+     TOBN(0x1bb4f7f0, 0x19fc32d2), TOBN(0x64633dfc, 0xb00c52d2),
+     TOBN(0x8f13549a, 0xad9ea445), TOBN(0x99a3bf50, 0xfb323705),
+     TOBN(0x0c9625a2, 0x534d4dbc), TOBN(0x45b8f1d1, 0xc2a2fea3),
+     TOBN(0x76ec21a1, 0xa530fc1a), TOBN(0x4bac9c2a, 0x9e5bd734),
+     TOBN(0x5996d76a, 0x7b4e3587), TOBN(0x0045cdee, 0x1182d9e3),
+     TOBN(0x1aee24b9, 0x1207f13d), TOBN(0x66452e97, 0x97345a41),
+     TOBN(0x16e5b054, 0x9f950cd0), TOBN(0x9cc72fb1, 0xd7fdd075),
+     TOBN(0x6edd61e7, 0x66249663), TOBN(0xde4caa4d, 0xf043cccb),
+     TOBN(0x11b1f57a, 0x55c7ac17), TOBN(0x779cbd44, 0x1a85e24d),
+     TOBN(0x78030f86, 0xe46081e7), TOBN(0xfd4a6032, 0x8e20f643),
+     TOBN(0xcc7a6488, 0x0a750c0f), TOBN(0x39bacfe3, 0x4e548e83),
+     TOBN(0x3d418c76, 0x0c110f05), TOBN(0x3e4daa4c, 0xb1f11588),
+     TOBN(0x2733e7b5, 0x5ffc69ff), TOBN(0x46f147bc, 0x92053127),
+     TOBN(0x885b2434, 0xd722df94), TOBN(0x6a444f65, 0xe6fc6b7c)}
+    ,
+    {TOBN(0x7a1a465a, 0xc3f16ea8), TOBN(0x115a461d, 0xb2f1d11c),
+     TOBN(0x4767dd95, 0x6c68a172), TOBN(0x3392f2eb, 0xd13a4698),
+     TOBN(0xc7a99ccd, 0xe526cdc7), TOBN(0x8e537fdc, 0x22292b81),
+     TOBN(0x76d8cf69, 0xa6d39198), TOBN(0xffc5ff43, 0x2446852d),
+     TOBN(0x97b14f7e, 0xa90567e6), TOBN(0x513257b7, 0xb6ae5cb7),
+     TOBN(0x85454a3c, 0x9f10903d), TOBN(0xd8d2c9ad, 0x69bc3724),
+     TOBN(0x38da9324, 0x6b29cb44), TOBN(0xb540a21d, 0x77c8cbac),
+     TOBN(0x9bbfe435, 0x01918e42), TOBN(0xfffa707a, 0x56c3614e),
+     TOBN(0x0ce4e3f1, 0xd4e353b7), TOBN(0x062d8a14, 0xef46b0a0),
+     TOBN(0x6408d5ab, 0x574b73fd), TOBN(0xbc41d1c9, 0xd3273ffd),
+     TOBN(0x3538e1e7, 0x6be77800), TOBN(0x71fe8b37, 0xc5655031),
+     TOBN(0x1cd91621, 0x6b9b331a), TOBN(0xad825d0b, 0xbb388f73),
+     TOBN(0x56c2e05b, 0x1cb76219), TOBN(0x0ec0bf91, 0x71567e7e),
+     TOBN(0xe7076f86, 0x61c4c910), TOBN(0xd67b085b, 0xbabc04d9),
+     TOBN(0x9fb90459, 0x5e93a96a), TOBN(0x7526c1ea, 0xfbdc249a),
+     TOBN(0x0d44d367, 0xecdd0bb7), TOBN(0x95399917, 0x9dc0d695),
+     TOBN(0x61360ee9, 0x9e240d18), TOBN(0x057cdcac, 0xb4b94466),
+     TOBN(0xe7667cd1, 0x2fe5325c), TOBN(0x1fa297b5, 0x21974e3b),
+     TOBN(0xfa4081e7, 0xdb083d76), TOBN(0x31993be6, 0xf206bd15),
+     TOBN(0x8949269b, 0x14c19f8c), TOBN(0x21468d72, 0xa9d92357),
+     TOBN(0x2ccbc583, 0xa4c506ec), TOBN(0x957ed188, 0xd1acfe97),
+     TOBN(0x8baed833, 0x12f1aea2), TOBN(0xef2a6cb4, 0x8325362d),
+     TOBN(0x130dde42, 0x8e195c43), TOBN(0xc842025a, 0x0e6050c6),
+     TOBN(0x2da972a7, 0x08686a5d), TOBN(0xb52999a1, 0xe508b4a8),
+     TOBN(0xd9f090b9, 0x10a5a8bd), TOBN(0xca91d249, 0x096864da),
+     TOBN(0x8e6a93be, 0x3f67dbc1), TOBN(0xacae6fba, 0xf5f4764c),
+     TOBN(0x1563c6e0, 0xd21411a0), TOBN(0x28fa787f, 0xda0a4ad8),
+     TOBN(0xd524491c, 0x908c8030), TOBN(0x1257ba0e, 0x4c795f07),
+     TOBN(0x83f49167, 0xceca9754), TOBN(0x426d2cf6, 0x4b7939a0),
+     TOBN(0x2555e355, 0x723fd0bf), TOBN(0xa96e6d06, 0xc4f144e2),
+     TOBN(0x4768a8dd, 0x87880e61), TOBN(0x15543815, 0xe508e4d5),
+     TOBN(0x09d7e772, 0xb1b65e15), TOBN(0x63439dd6, 0xac302fa0),
+     TOBN(0xb93f802f, 0xc14e35c2), TOBN(0x71735b7c, 0x4341333c),
+     TOBN(0x03a25104, 0x16d4f362), TOBN(0x3f4d069b, 0xbf433c8e),
+     TOBN(0x0d83ae01, 0xf78f5a7c), TOBN(0x50a8ffbe, 0x7c4eed07),
+     TOBN(0xc74f8906, 0x76e10f83), TOBN(0x7d080966, 0x9ddaf8e1),
+     TOBN(0xb11df8e1, 0x698e04cc), TOBN(0x877be203, 0x169005c8),
+     TOBN(0x32749e8c, 0x4f3c6179), TOBN(0x2dbc9d0a, 0x7853fc05),
+     TOBN(0x187d4f93, 0x9454d937), TOBN(0xe682ce9d, 0xb4800e1b),
+     TOBN(0xa9129ad8, 0x165e68e8), TOBN(0x0fe29735, 0xbe7f785b),
+     TOBN(0x5303f40c, 0x5b9e02b7), TOBN(0xa37c9692, 0x35ee04e8),
+     TOBN(0x5f46cc20, 0x34d6632b), TOBN(0x55ef72b2, 0x96ac545b),
+     TOBN(0xabec5c1f, 0x7b91b062), TOBN(0x0a79e1c7, 0xbb33e821),
+     TOBN(0xbb04b428, 0x3a9f4117), TOBN(0x0de1f28f, 0xfd2a475a),
+     TOBN(0x31019ccf, 0x3a4434b4), TOBN(0xa3458111, 0x1a7954dc),
+     TOBN(0xa9dac80d, 0xe34972a7), TOBN(0xb043d054, 0x74f6b8dd),
+     TOBN(0x021c319e, 0x11137b1a), TOBN(0x00a754ce, 0xed5cc03f),
+     TOBN(0x0aa2c794, 0xcbea5ad4), TOBN(0x093e67f4, 0x70c015b6),
+     TOBN(0x72cdfee9, 0xc97e3f6b), TOBN(0xc10bcab4, 0xb6da7461),
+     TOBN(0x3b02d2fc, 0xb59806b9), TOBN(0x85185e89, 0xa1de6f47),
+     TOBN(0x39e6931f, 0x0eb6c4d4), TOBN(0x4d4440bd, 0xd4fa5b04),
+     TOBN(0x5418786e, 0x34be7eb8), TOBN(0x6380e521, 0x9d7259bc),
+     TOBN(0x20ac0351, 0xd598d710), TOBN(0x272c4166, 0xcb3a4da4),
+     TOBN(0xdb82fe1a, 0xca71de1f), TOBN(0x746e79f2, 0xd8f54b0f),
+     TOBN(0x6e7fc736, 0x4b573e9b), TOBN(0x75d03f46, 0xfd4b5040),
+     TOBN(0x5c1cc36d, 0x0b98d87b), TOBN(0x513ba3f1, 0x1f472da1),
+     TOBN(0x79d0af26, 0xabb177dd), TOBN(0xf82ab568, 0x7891d564),
+     TOBN(0x2b6768a9, 0x72232173), TOBN(0xefbb3bb0, 0x8c1f6619),
+     TOBN(0xb29c11db, 0xa6d18358), TOBN(0x519e2797, 0xb0916d3a),
+     TOBN(0xd4dc18f0, 0x9188e290), TOBN(0x648e86e3, 0x98b0ca7f),
+     TOBN(0x859d3145, 0x983c38b5), TOBN(0xb14f176c, 0x637abc8b),
+     TOBN(0x2793fb9d, 0xcaff7be6), TOBN(0xebe5a55f, 0x35a66a5a),
+     TOBN(0x7cec1dcd, 0x9f87dc59), TOBN(0x7c595cd3, 0xfbdbf560),
+     TOBN(0x5b543b22, 0x26eb3257), TOBN(0x69080646, 0xc4c935fd),
+     TOBN(0x7f2e4403, 0x81e9ede3), TOBN(0x243c3894, 0xcaf6df0a),
+     TOBN(0x7c605bb1, 0x1c073b11), TOBN(0xcd06a541, 0xba6a4a62),
+     TOBN(0x29168949, 0x49d4e2e5), TOBN(0x33649d07, 0x4af66880),
+     TOBN(0xbfc0c885, 0xe9a85035), TOBN(0xb4e52113, 0xfc410f4b),
+     TOBN(0xdca3b706, 0x78a6513b), TOBN(0x92ea4a2a, 0x9edb1943),
+     TOBN(0x02642216, 0xdb6e2dd8), TOBN(0x9b45d0b4, 0x9fd57894),
+     TOBN(0x114e70db, 0xc69d11ae), TOBN(0x1477dd19, 0x4c57595f),
+     TOBN(0xbc2208b4, 0xec77c272), TOBN(0x95c5b4d7, 0xdb68f59c),
+     TOBN(0xb8c4fc63, 0x42e532b7), TOBN(0x386ba422, 0x9ae35290),
+     TOBN(0xfb5dda42, 0xd201ecbc), TOBN(0x2353dc8b, 0xa0e38fd6),
+     TOBN(0x9a0b85ea, 0x68f7e978), TOBN(0x96ec5682, 0x2ad6d11f),
+     TOBN(0x5e279d6c, 0xe5f6886d), TOBN(0xd3fe03cd, 0x3cb1914d),
+     TOBN(0xfe541fa4, 0x7ea67c77), TOBN(0x952bd2af, 0xe3ea810c),
+     TOBN(0x791fef56, 0x8d01d374), TOBN(0xa3a1c621, 0x0f11336e),
+     TOBN(0x5ad0d5a9, 0xc7ec6d79), TOBN(0xff7038af, 0x3225c342),
+     TOBN(0x003c6689, 0xbc69601b), TOBN(0x25059bc7, 0x45e8747d),
+     TOBN(0xfa4965b2, 0xf2086fbf), TOBN(0xf6840ea6, 0x86916078),
+     TOBN(0xd7ac7620, 0x70081d6c), TOBN(0xe600da31, 0xb5328645),
+     TOBN(0x01916f63, 0x529b8a80), TOBN(0xe80e4858, 0x2d7d6f3e),
+     TOBN(0x29eb0fe8, 0xd664ca7c), TOBN(0xf017637b, 0xe7b43b0c),
+     TOBN(0x9a75c806, 0x76cb2566), TOBN(0x8f76acb1, 0xb24892d9),
+     TOBN(0x7ae7b9cc, 0x1f08fe45), TOBN(0x19ef7329, 0x6a4907d8),
+     TOBN(0x2db4ab71, 0x5f228bf0), TOBN(0xf3cdea39, 0x817032d7),
+     TOBN(0x0b1f482e, 0xdcabe3c0), TOBN(0x3baf76b4, 0xbb86325c),
+     TOBN(0xd49065e0, 0x10089465), TOBN(0x3bab5d29, 0x8e77c596),
+     TOBN(0x7636c3a6, 0x193dbd95), TOBN(0xdef5d294, 0xb246e499),
+     TOBN(0xb22c58b9, 0x286b2475), TOBN(0xa0b93939, 0xcd80862b),
+     TOBN(0x3002c83a, 0xf0992388), TOBN(0x6de01f9b, 0xeacbe14c),
+     TOBN(0x6aac688e, 0xadd70482), TOBN(0x708de92a, 0x7b4a4e8a),
+     TOBN(0x75b6dd73, 0x758a6eef), TOBN(0xea4bf352, 0x725b3c43),
+     TOBN(0x10041f2c, 0x87912868), TOBN(0xb1b1be95, 0xef09297a),
+     TOBN(0x19ae23c5, 0xa9f3860a), TOBN(0xc4f0f839, 0x515dcf4b),
+     TOBN(0x3c7ecca3, 0x97f6306a), TOBN(0x744c44ae, 0x68a3a4b0),
+     TOBN(0x69cd13a0, 0xb3a1d8a2), TOBN(0x7cad0a1e, 0x5256b578),
+     TOBN(0xea653fcd, 0x33791d9e), TOBN(0x9cc2a05d, 0x74b2e05f),
+     TOBN(0x73b391dc, 0xfd7affa2), TOBN(0xddb7091e, 0xb6b05442),
+     TOBN(0xc71e27bf, 0x8538a5c6), TOBN(0x195c63dd, 0x89abff17),
+     TOBN(0xfd315285, 0x1b71e3da), TOBN(0x9cbdfda7, 0xfa680fa0),
+     TOBN(0x9db876ca, 0x849d7eab), TOBN(0xebe2764b, 0x3c273271),
+     TOBN(0x663357e3, 0xf208dcea), TOBN(0x8c5bd833, 0x565b1b70),
+     TOBN(0xccc3b4f5, 0x9837fc0d), TOBN(0x9b641ba8, 0xa79cf00f),
+     TOBN(0x7428243d, 0xdfdf3990), TOBN(0x83a594c4, 0x020786b1),
+     TOBN(0xb712451a, 0x526c4502), TOBN(0x9d39438e, 0x6adb3f93),
+     TOBN(0xfdb261e3, 0xe9ff0ccd), TOBN(0x80344e3c, 0xe07af4c3),
+     TOBN(0x75900d7c, 0x2fa4f126), TOBN(0x08a3b865, 0x5c99a232),
+     TOBN(0x2478b6bf, 0xdb25e0c3), TOBN(0x482cc2c2, 0x71db2edf),
+     TOBN(0x37df7e64, 0x5f321bb8), TOBN(0x8a93821b, 0x9a8005b4),
+     TOBN(0x3fa2f10c, 0xcc8c1958), TOBN(0x0d332218, 0x2c269d0a),
+     TOBN(0x20ab8119, 0xe246b0e6), TOBN(0xb39781e4, 0xd349fd17),
+     TOBN(0xd293231e, 0xb31aa100), TOBN(0x4b779c97, 0xbb032168),
+     TOBN(0x4b3f19e1, 0xc8470500), TOBN(0x45b7efe9, 0x0c4c869d),
+     TOBN(0xdb84f38a, 0xa1a6bbcc), TOBN(0x3b59cb15, 0xb2fddbc1),
+     TOBN(0xba5514df, 0x3fd165e8), TOBN(0x499fd6a9, 0x061f8811),
+     TOBN(0x72cd1fe0, 0xbfef9f00), TOBN(0x120a4bb9, 0x79ad7e8a),
+     TOBN(0xf2ffd095, 0x5f4a5ac5), TOBN(0xcfd174f1, 0x95a7a2f0),
+     TOBN(0xd42301ba, 0x9d17baf1), TOBN(0xd2fa487a, 0x77f22089),
+     TOBN(0x9cb09efe, 0xb1dc77e1), TOBN(0xe9566939, 0x21c99682),
+     TOBN(0x8c546901, 0x6c6067bb), TOBN(0xfd378574, 0x61c24456),
+     TOBN(0x2b6a6cbe, 0x81796b33), TOBN(0x62d550f6, 0x58e87f8b),
+     TOBN(0x1b763e1c, 0x7f1b01b4), TOBN(0x4b93cfea, 0x1b1b5e12),
+     TOBN(0xb9345238, 0x1d531696), TOBN(0x57201c00, 0x88cdde69),
+     TOBN(0xdde92251, 0x9a86afc7), TOBN(0xe3043895, 0xbd35cea8),
+     TOBN(0x7608c1e1, 0x8555970d), TOBN(0x8267dfa9, 0x2535935e),
+     TOBN(0xd4c60a57, 0x322ea38b), TOBN(0xe0bf7977, 0x804ef8b5),
+     TOBN(0x1a0dab28, 0xc06fece4), TOBN(0xd405991e, 0x94e7b49d),
+     TOBN(0xc542b6d2, 0x706dab28), TOBN(0xcb228da3, 0xa91618fb),
+     TOBN(0x224e4164, 0x107d1cea), TOBN(0xeb9fdab3, 0xd0f5d8f1),
+     TOBN(0xc02ba386, 0x0d6e41cd), TOBN(0x676a72c5, 0x9b1f7146),
+     TOBN(0xffd6dd98, 0x4d6cb00b), TOBN(0xcef9c5ca, 0xde2e8d7c),
+     TOBN(0xa1bbf5d7, 0x641c7936), TOBN(0x1b95b230, 0xee8f772e),
+     TOBN(0xf765a92e, 0xe8ac25b1), TOBN(0xceb04cfc, 0x3a18b7c6),
+     TOBN(0x27944cef, 0x0acc8966), TOBN(0xcbb3c957, 0x434c1004),
+     TOBN(0x9c9971a1, 0xa43ff93c), TOBN(0x5bc2db17, 0xa1e358a9),
+     TOBN(0x45b4862e, 0xa8d9bc82), TOBN(0x70ebfbfb, 0x2201e052),
+     TOBN(0xafdf64c7, 0x92871591), TOBN(0xea5bcae6, 0xb42d0219),
+     TOBN(0xde536c55, 0x2ad8f03c), TOBN(0xcd6c3f4d, 0xa76aa33c),
+     TOBN(0xbeb5f623, 0x0bca6de3), TOBN(0xdd20dd99, 0xb1e706fd),
+     TOBN(0x90b3ff9d, 0xac9059d4), TOBN(0x2d7b2902, 0x7ccccc4e),
+     TOBN(0x8a090a59, 0xce98840f), TOBN(0xa5d947e0, 0x8410680a),
+     TOBN(0x49ae346a, 0x923379a5), TOBN(0x7dbc84f9, 0xb28a3156),
+     TOBN(0xfd40d916, 0x54a1aff2), TOBN(0xabf318ba, 0x3a78fb9b),
+     TOBN(0x50152ed8, 0x3029f95e), TOBN(0x9fc1dd77, 0xc58ad7fa),
+     TOBN(0x5fa57915, 0x13595c17), TOBN(0xb9504668, 0x8f62b3a9),
+     TOBN(0x907b5b24, 0xff3055b0), TOBN(0x2e995e35, 0x9a84f125),
+     TOBN(0x87dacf69, 0x7e9bbcfb), TOBN(0x95d0c1d6, 0xe86d96e3),
+     TOBN(0x65726e3c, 0x2d95a75c), TOBN(0x2c3c9001, 0xacd27f21),
+     TOBN(0x1deab561, 0x6c973f57), TOBN(0x108b7e2c, 0xa5221643),
+     TOBN(0x5fee9859, 0xc4ef79d4), TOBN(0xbd62b88a, 0x40d4b8c6),
+     TOBN(0xb4dd29c4, 0x197c75d6), TOBN(0x266a6df2, 0xb7076feb),
+     TOBN(0x9512d0ea, 0x4bf2df11), TOBN(0x1320c24f, 0x6b0cc9ec),
+     TOBN(0x6bb1e0e1, 0x01a59596), TOBN(0x8317c5bb, 0xeff9aaac),
+     TOBN(0x65bb405e, 0x385aa6c9), TOBN(0x613439c1, 0x8f07988f),
+     TOBN(0xd730049f, 0x16a66e91), TOBN(0xe97f2820, 0xfa1b0e0d),
+     TOBN(0x4131e003, 0x304c28ea), TOBN(0x820ab732, 0x526bac62),
+     TOBN(0xb2ac9ef9, 0x28714423), TOBN(0x54ecfffa, 0xadb10cb2),
+     TOBN(0x8781476e, 0xf886a4cc), TOBN(0x4b2c87b5, 0xdb2f8d49),
+     TOBN(0xe857cd20, 0x0a44295d), TOBN(0x707d7d21, 0x58c6b044),
+     TOBN(0xae8521f9, 0xf596757c), TOBN(0x87448f03, 0x67b2b714),
+     TOBN(0x13a9bc45, 0x5ebcd58d), TOBN(0x79bcced9, 0x9122d3c1),
+     TOBN(0x3c644247, 0x9e076642), TOBN(0x0cf22778, 0x2df4767d),
+     TOBN(0x5e61aee4, 0x71d444b6), TOBN(0x211236bf, 0xc5084a1d),
+     TOBN(0x7e15bc9a, 0x4fd3eaf6), TOBN(0x68df2c34, 0xab622bf5),
+     TOBN(0x9e674f0f, 0x59bf4f36), TOBN(0xf883669b, 0xd7f34d73),
+     TOBN(0xc48ac1b8, 0x31497b1d), TOBN(0x323b925d, 0x5106703b),
+     TOBN(0x22156f42, 0x74082008), TOBN(0xeffc521a, 0xc8482bcb),
+     TOBN(0x5c6831bf, 0x12173479), TOBN(0xcaa2528f, 0xc4739490),
+     TOBN(0x84d2102a, 0x8f1b3c4d), TOBN(0xcf64dfc1, 0x2d9bec0d),
+     TOBN(0x433febad, 0x78a546ef), TOBN(0x1f621ec3, 0x7b73cef1),
+     TOBN(0x6aecd627, 0x37338615), TOBN(0x162082ab, 0x01d8edf6),
+     TOBN(0x833a8119, 0x19e86b66), TOBN(0x6023a251, 0xd299b5db),
+     TOBN(0xf5bb0c3a, 0xbbf04b89), TOBN(0x6735eb69, 0xae749a44),
+     TOBN(0xd0e058c5, 0x4713de3b), TOBN(0xfdf2593e, 0x2c3d4ccd),
+     TOBN(0x1b8f414e, 0xfdd23667), TOBN(0xdd52aaca, 0xfa2015ee),
+     TOBN(0x3e31b517, 0xbd9625ff), TOBN(0x5ec9322d, 0x8db5918c),
+     TOBN(0xbc73ac85, 0xa96f5294), TOBN(0x82aa5bf3, 0x61a0666a),
+     TOBN(0x49755810, 0xbf08ac42), TOBN(0xd21cdfd5, 0x891cedfc),
+     TOBN(0x918cb57b, 0x67f8be10), TOBN(0x365d1a7c, 0x56ffa726),
+     TOBN(0x2435c504, 0x6532de93), TOBN(0xc0fc5e10, 0x2674cd02),
+     TOBN(0x6e51fcf8, 0x9cbbb142), TOBN(0x1d436e5a, 0xafc50692),
+     TOBN(0x766bffff, 0x3fbcae22), TOBN(0x3148c2fd, 0xfd55d3b8),
+     TOBN(0x52c7fdc9, 0x233222fa), TOBN(0x89ff1092, 0xe419fb6b),
+     TOBN(0x3cd6db99, 0x25254977), TOBN(0x2e85a161, 0x1cf12ca7),
+     TOBN(0xadd2547c, 0xdc810bc9), TOBN(0xea3f458f, 0x9d257c22),
+     TOBN(0x642c1fbe, 0x27d6b19b), TOBN(0xed07e6b5, 0x140481a6),
+     TOBN(0x6ada1d42, 0x86d2e0f8), TOBN(0xe5920122, 0x0e8a9fd5),
+     TOBN(0x02c936af, 0x708c1b49), TOBN(0x60f30fee, 0x2b4bfaff),
+     TOBN(0x6637ad06, 0x858e6a61), TOBN(0xce4c7767, 0x3fd374d0),
+     TOBN(0x39d54b2d, 0x7188defb), TOBN(0xa8c9d250, 0xf56a6b66),
+     TOBN(0x58fc0f5e, 0xb24fe1dc), TOBN(0x9eaf9dee, 0x6b73f24c),
+     TOBN(0xa90d588b, 0x33650705), TOBN(0xde5b62c5, 0xaf2ec729),
+     TOBN(0x5c72cfae, 0xd3c2b36e), TOBN(0x868c19d5, 0x034435da),
+     TOBN(0x88605f93, 0xe17ee145), TOBN(0xaa60c4ee, 0x77a5d5b1),
+     TOBN(0xbcf5bfd2, 0x3b60c472), TOBN(0xaf4ef13c, 0xeb1d3049),
+     TOBN(0x373f44fc, 0xe13895c9), TOBN(0xf29b382f, 0x0cbc9822),
+     TOBN(0x1bfcb853, 0x73efaef6), TOBN(0xcf56ac9c, 0xa8c96f40),
+     TOBN(0xd7adf109, 0x7a191e24), TOBN(0x98035f44, 0xbf8a8dc2),
+     TOBN(0xf40a71b9, 0x1e750c84), TOBN(0xc57f7b0c, 0x5dc6c469),
+     TOBN(0x49a0e79c, 0x6fbc19c1), TOBN(0x6b0f5889, 0xa48ebdb8),
+     TOBN(0x5d3fd084, 0xa07c4e9f), TOBN(0xc3830111, 0xab27de14),
+     TOBN(0x0e4929fe, 0x33e08dcc), TOBN(0xf4a5ad24, 0x40bb73a3),
+     TOBN(0xde86c2bf, 0x490f97ca), TOBN(0x288f09c6, 0x67a1ce18),
+     TOBN(0x364bb886, 0x1844478d), TOBN(0x7840fa42, 0xceedb040),
+     TOBN(0x1269fdd2, 0x5a631b37), TOBN(0x94761f1e, 0xa47c8b7d),
+     TOBN(0xfc0c2e17, 0x481c6266), TOBN(0x85e16ea2, 0x3daa5fa7),
+     TOBN(0xccd86033, 0x92491048), TOBN(0x0c2f6963, 0xf4d402d7),
+     TOBN(0x6336f7df, 0xdf6a865c), TOBN(0x0a2a463c, 0xb5c02a87),
+     TOBN(0xb0e29be7, 0xbf2f12ee), TOBN(0xf0a22002, 0x66bad988),
+     TOBN(0x27f87e03, 0x9123c1d7), TOBN(0x21669c55, 0x328a8c98),
+     TOBN(0x186b9803, 0x92f14529), TOBN(0xd3d056cc, 0x63954df3),
+     TOBN(0x2f03fd58, 0x175a46f6), TOBN(0x63e34ebe, 0x11558558),
+     TOBN(0xe13fedee, 0x5b80cfa5), TOBN(0xe872a120, 0xd401dbd1),
+     TOBN(0x52657616, 0xe8a9d667), TOBN(0xbc8da4b6, 0xe08d6693),
+     TOBN(0x370fb9bb, 0x1b703e75), TOBN(0x6773b186, 0xd4338363),
+     TOBN(0x18dad378, 0xecef7bff), TOBN(0xaac787ed, 0x995677da),
+     TOBN(0x4801ea8b, 0x0437164b), TOBN(0xf430ad20, 0x73fe795e),
+     TOBN(0xb164154d, 0x8ee5eb73), TOBN(0x0884ecd8, 0x108f7c0e),
+     TOBN(0x0e6ec096, 0x5f520698), TOBN(0x640631fe, 0x44f7b8d9),
+     TOBN(0x92fd34fc, 0xa35a68b9), TOBN(0x9c5a4b66, 0x4d40cf4e),
+     TOBN(0x949454bf, 0x80b6783d), TOBN(0x80e701fe, 0x3a320a10),
+     TOBN(0x8d1a564a, 0x1a0a39b2), TOBN(0x1436d53d, 0x320587db),
+     TOBN(0xf5096e6d, 0x6556c362), TOBN(0xbc23a3c0, 0xe2455d7e),
+     TOBN(0x3a7aee54, 0x807230f9), TOBN(0x9ba1cfa6, 0x22ae82fd),
+     TOBN(0x833a057a, 0x99c5d706), TOBN(0x8be85f4b, 0x842315c9),
+     TOBN(0xd083179a, 0x66a72f12), TOBN(0x2fc77d5d, 0xcdcc73cd),
+     TOBN(0x22b88a80, 0x5616ee30), TOBN(0xfb09548f, 0xe7ab1083),
+     TOBN(0x8ad6ab0d, 0x511270cd), TOBN(0x61f6c57a, 0x6924d9ab),
+     TOBN(0xa0f7bf72, 0x90aecb08), TOBN(0x849f87c9, 0x0df784a4),
+     TOBN(0x27c79c15, 0xcfaf1d03), TOBN(0xbbf9f675, 0xc463face),
+     TOBN(0x91502c65, 0x765ba543), TOBN(0x18ce3cac, 0x42ea60dd),
+     TOBN(0xe5cee6ac, 0x6e43ecb3), TOBN(0x63e4e910, 0x68f2aeeb),
+     TOBN(0x26234fa3, 0xc85932ee), TOBN(0x96883e8b, 0x4c90c44d),
+     TOBN(0x29b9e738, 0xa18a50f6), TOBN(0xbfc62b2a, 0x3f0420df),
+     TOBN(0xd22a7d90, 0x6d3e1fa9), TOBN(0x17115618, 0xfe05b8a3),
+     TOBN(0x2a0c9926, 0xbb2b9c01), TOBN(0xc739fcc6, 0xe07e76a2),
+     TOBN(0x540e9157, 0x165e439a), TOBN(0x06353a62, 0x6a9063d8),
+     TOBN(0x84d95594, 0x61e927a3), TOBN(0x013b9b26, 0xe2e0be7f),
+     TOBN(0x4feaec3b, 0x973497f1), TOBN(0x15c0f94e, 0x093ebc2d),
+     TOBN(0x6af5f227, 0x33af0583), TOBN(0x0c2af206, 0xc61f3340),
+     TOBN(0xd25dbdf1, 0x4457397c), TOBN(0x2e8ed017, 0xcabcbae0),
+     TOBN(0xe3010938, 0xc2815306), TOBN(0xbaa99337, 0xe8c6cd68),
+     TOBN(0x08513182, 0x3b0ec7de), TOBN(0x1e1b822b, 0x58df05df),
+     TOBN(0x5c14842f, 0xa5c3b683), TOBN(0x98fe977e, 0x3eba34ce),
+     TOBN(0xfd2316c2, 0x0d5e8873), TOBN(0xe48d839a, 0xbd0d427d),
+     TOBN(0x495b2218, 0x623fc961), TOBN(0x24ee56e7, 0xb46fba5e),
+     TOBN(0x9184a55b, 0x91e4de58), TOBN(0xa7488ca5, 0xdfdea288),
+     TOBN(0xa723862e, 0xa8dcc943), TOBN(0x92d762b2, 0x849dc0fc),
+     TOBN(0x3c444a12, 0x091ff4a9), TOBN(0x581113fa, 0x0cada274),
+     TOBN(0xb9de0a45, 0x30d8eae2), TOBN(0x5e0fcd85, 0xdf6b41ea),
+     TOBN(0x6233ea68, 0xc094dbb5), TOBN(0xb77d062e, 0xd968d410),
+     TOBN(0x3e719bbc, 0x58b3002d), TOBN(0x68e7dd3d, 0x3dc49d58),
+     TOBN(0x8d825740, 0x013a5e58), TOBN(0x21311747, 0x3c9e3c1b),
+     TOBN(0x0cb0a2a7, 0x7c99b6ab), TOBN(0x5c48a3b3, 0xc2f888f2)}
+    ,
+    {TOBN(0xc7913e91, 0x991724f3), TOBN(0x5eda799c, 0x39cbd686),
+     TOBN(0xddb595c7, 0x63d4fc1e), TOBN(0x6b63b80b, 0xac4fed54),
+     TOBN(0x6ea0fc69, 0x7e5fb516), TOBN(0x737708ba, 0xd0f1c964),
+     TOBN(0x9628745f, 0x11a92ca5), TOBN(0x61f37958, 0x9a86967a),
+     TOBN(0x9af39b2c, 0xaa665072), TOBN(0x78322fa4, 0xefd324ef),
+     TOBN(0x3d153394, 0xc327bd31), TOBN(0x81d5f271, 0x3129dab0),
+     TOBN(0xc72e0c42, 0xf48027f5), TOBN(0xaa40cdbc, 0x8536e717),
+     TOBN(0xf45a657a, 0x2d369d0f), TOBN(0xb03bbfc4, 0xea7f74e6),
+     TOBN(0x46a8c418, 0x0d738ded), TOBN(0x6f1a5bb0, 0xe0de5729),
+     TOBN(0xf10230b9, 0x8ba81675), TOBN(0x32c6f30c, 0x112b33d4),
+     TOBN(0x7559129d, 0xd8fffb62), TOBN(0x6a281b47, 0xb459bf05),
+     TOBN(0x77c1bd3a, 0xfa3b6776), TOBN(0x0709b380, 0x7829973a),
+     TOBN(0x8c26b232, 0xa3326505), TOBN(0x38d69272, 0xee1d41bf),
+     TOBN(0x0459453e, 0xffe32afa), TOBN(0xce8143ad, 0x7cb3ea87),
+     TOBN(0x932ec1fa, 0x7e6ab666), TOBN(0x6cd2d230, 0x22286264),
+     TOBN(0x459a46fe, 0x6736f8ed), TOBN(0x50bf0d00, 0x9eca85bb),
+     TOBN(0x0b825852, 0x877a21ec), TOBN(0x300414a7, 0x0f537a94),
+     TOBN(0x3f1cba40, 0x21a9a6a2), TOBN(0x50824eee, 0x76943c00),
+     TOBN(0xa0dbfcec, 0xf83cba5d), TOBN(0xf9538148, 0x93b4f3c0),
+     TOBN(0x61744162, 0x48f24dd7), TOBN(0x5322d64d, 0xe4fb09dd),
+     TOBN(0x57447384, 0x3d9325f3), TOBN(0xa9bef2d0, 0xf371cb84),
+     TOBN(0x77d2188b, 0xa61e36c5), TOBN(0xbbd6a7d7, 0xc602df72),
+     TOBN(0xba3aa902, 0x8f61bc0b), TOBN(0xf49085ed, 0x6ed0b6a1),
+     TOBN(0x8bc625d6, 0xae6e8298), TOBN(0x832b0b1d, 0xa2e9c01d),
+     TOBN(0xa337c447, 0xf1f0ced1), TOBN(0x800cc793, 0x9492dd2b),
+     TOBN(0x4b93151d, 0xbea08efa), TOBN(0x820cf3f8, 0xde0a741e),
+     TOBN(0xff1982dc, 0x1c0f7d13), TOBN(0xef921960, 0x84dde6ca),
+     TOBN(0x1ad7d972, 0x45f96ee3), TOBN(0x319c8dbe, 0x29dea0c7),
+     TOBN(0xd3ea3871, 0x7b82b99b), TOBN(0x75922d4d, 0x470eb624),
+     TOBN(0x8f66ec54, 0x3b95d466), TOBN(0x66e673cc, 0xbee1e346),
+     TOBN(0x6afe67c4, 0xb5f2b89a), TOBN(0x3de9c1e6, 0x290e5cd3),
+     TOBN(0x8c278bb6, 0x310a2ada), TOBN(0x420fa384, 0x0bdb323b),
+     TOBN(0x0ae1d63b, 0x0eb919b0), TOBN(0xd74ee51d, 0xa74b9620),
+     TOBN(0x395458d0, 0xa674290c), TOBN(0x324c930f, 0x4620a510),
+     TOBN(0x2d1f4d19, 0xfbac27d4), TOBN(0x4086e8ca, 0x9bedeeac),
+     TOBN(0x0cdd211b, 0x9b679ab8), TOBN(0x5970167d, 0x7090fec4),
+     TOBN(0x3420f2c9, 0xfaf1fc63), TOBN(0x616d333a, 0x328c8bb4),
+     TOBN(0x7d65364c, 0x57f1fe4a), TOBN(0x9343e877, 0x55e5c73a),
+     TOBN(0x5795176b, 0xe970e78c), TOBN(0xa36ccebf, 0x60533627),
+     TOBN(0xfc7c7380, 0x09cdfc1b), TOBN(0xb39a2afe, 0xb3fec326),
+     TOBN(0xb7ff1ba1, 0x6224408a), TOBN(0xcc856e92, 0x247cfc5e),
+     TOBN(0x01f102e7, 0xc18bc493), TOBN(0x4613ab74, 0x2091c727),
+     TOBN(0xaa25e89c, 0xc420bf2b), TOBN(0x00a53176, 0x90337ec2),
+     TOBN(0xd2be9f43, 0x7d025fc7), TOBN(0x3316fb85, 0x6e6fe3dc),
+     TOBN(0x27520af5, 0x9ac50814), TOBN(0xfdf95e78, 0x9a8e4223),
+     TOBN(0xb7e7df2a, 0x56bec5a0), TOBN(0xf7022f7d, 0xdf159e5d),
+     TOBN(0x93eeeab1, 0xcac1fe8f), TOBN(0x8040188c, 0x37451168),
+     TOBN(0x7ee8aa8a, 0xd967dce6), TOBN(0xfa0e79e7, 0x3abc9299),
+     TOBN(0x67332cfc, 0x2064cfd1), TOBN(0x339c31de, 0xb0651934),
+     TOBN(0x719b28d5, 0x2a3bcbea), TOBN(0xee74c82b, 0x9d6ae5c6),
+     TOBN(0x0927d05e, 0xbaf28ee6), TOBN(0x82cecf2c, 0x9d719028),
+     TOBN(0x0b0d353e, 0xddb30289), TOBN(0xfe4bb977, 0xfddb2e29),
+     TOBN(0xbb5bb990, 0x640bfd9e), TOBN(0xd226e277, 0x82f62108),
+     TOBN(0x4bf00985, 0x02ffdd56), TOBN(0x7756758a, 0x2ca1b1b5),
+     TOBN(0xc32b62a3, 0x5285fe91), TOBN(0xedbc546a, 0x8c9cd140),
+     TOBN(0x1e47a013, 0xaf5cb008), TOBN(0xbca7e720, 0x073ce8f2),
+     TOBN(0xe10b2ab8, 0x17a91cae), TOBN(0xb89aab65, 0x08e27f63),
+     TOBN(0x7b3074a7, 0xdba3ddf9), TOBN(0x1c20ce09, 0x330c2972),
+     TOBN(0x6b9917b4, 0x5fcf7e33), TOBN(0xe6793743, 0x945ceb42),
+     TOBN(0x18fc2215, 0x5c633d19), TOBN(0xad1adb3c, 0xc7485474),
+     TOBN(0x646f9679, 0x6424c49b), TOBN(0xf888dfe8, 0x67c241c9),
+     TOBN(0xe12d4b93, 0x24f68b49), TOBN(0x9a6b62d8, 0xa571df20),
+     TOBN(0x81b4b26d, 0x179483cb), TOBN(0x666f9632, 0x9511fae2),
+     TOBN(0xd281b3e4, 0xd53aa51f), TOBN(0x7f96a765, 0x7f3dbd16),
+     TOBN(0xa7f8b5bf, 0x074a30ce), TOBN(0xd7f52107, 0x005a32e6),
+     TOBN(0x6f9e0907, 0x50237ed4), TOBN(0x2f21da47, 0x8096fa2b),
+     TOBN(0xf3e19cb4, 0xeec863a0), TOBN(0xd18f77fd, 0x9527620a),
+     TOBN(0x9505c81c, 0x407c1cf8), TOBN(0x9998db4e, 0x1b6ec284),
+     TOBN(0x7e3389e5, 0xc247d44d), TOBN(0x12507141, 0x3f4f3d80),
+     TOBN(0xd4ba0110, 0x4a78a6c7), TOBN(0x312874a0, 0x767720be),
+     TOBN(0xded059a6, 0x75944370), TOBN(0xd6123d90, 0x3b2c0bdd),
+     TOBN(0xa56b717b, 0x51c108e3), TOBN(0x9bb7940e, 0x070623e9),
+     TOBN(0x794e2d59, 0x84ac066c), TOBN(0xf5954a92, 0xe68c69a0),
+     TOBN(0x28c52458, 0x4fd99dcc), TOBN(0x60e639fc, 0xb1012517),
+     TOBN(0xc2e60125, 0x7de79248), TOBN(0xe9ef6404, 0xf12fc6d7),
+     TOBN(0x4c4f2808, 0x2a3b5d32), TOBN(0x865ad32e, 0xc768eb8a),
+     TOBN(0xac02331b, 0x13fb70b6), TOBN(0x037b44c1, 0x95599b27),
+     TOBN(0x1a860fc4, 0x60bd082c), TOBN(0xa2e25745, 0xc980cd01),
+     TOBN(0xee3387a8, 0x1da0263e), TOBN(0x931bfb95, 0x2d10f3d6),
+     TOBN(0x5b687270, 0xa1f24a32), TOBN(0xf140e65d, 0xca494b86),
+     TOBN(0x4f4ddf91, 0xb2f1ac7a), TOBN(0xf99eaabb, 0x760fee27),
+     TOBN(0x57f4008a, 0x49c228e5), TOBN(0x090be440, 0x1cf713bb),
+     TOBN(0xac91fbe4, 0x5004f022), TOBN(0xd838c2c2, 0x569e1af6),
+     TOBN(0xd6c7d20b, 0x0f1daaa5), TOBN(0xaa063ac1, 0x1bbb02c0),
+     TOBN(0x0938a422, 0x59558a78), TOBN(0x5343c669, 0x8435da2f),
+     TOBN(0x96f67b18, 0x034410dc), TOBN(0x7cc1e424, 0x84510804),
+     TOBN(0x86a1543f, 0x16dfbb7d), TOBN(0x921fa942, 0x5b5bd592),
+     TOBN(0x9dcccb6e, 0xb33dd03c), TOBN(0x8581ddd9, 0xb843f51e),
+     TOBN(0x54935fcb, 0x81d73c9e), TOBN(0x6d07e979, 0x0a5e97ab),
+     TOBN(0x4dc7b30a, 0xcf3a6bab), TOBN(0x147ab1f3, 0x170bee11),
+     TOBN(0x0aaf8e3d, 0x9fafdee4), TOBN(0xfab3dbcb, 0x538a8b95),
+     TOBN(0x405df4b3, 0x6ef13871), TOBN(0xf1f4e9cb, 0x088d5a49),
+     TOBN(0x9bcd24d3, 0x66b33f1d), TOBN(0x3b97b820, 0x5ce445c0),
+     TOBN(0xe2926549, 0xba93ff61), TOBN(0xd9c341ce, 0x4dafe616),
+     TOBN(0xfb30a76e, 0x16efb6f3), TOBN(0xdf24b8ca, 0x605b953c),
+     TOBN(0x8bd52afe, 0xc2fffb9f), TOBN(0xbbac5ff7, 0xe19d0b96),
+     TOBN(0x43c01b87, 0x459afccd), TOBN(0x6bd45143, 0xb7432652),
+     TOBN(0x84734530, 0x55b5d78e), TOBN(0x81088fdb, 0x1554ba7d),
+     TOBN(0xada0a52c, 0x1e269375), TOBN(0xf9f037c4, 0x2dc5ec10),
+     TOBN(0xc0660607, 0x94bfbc11), TOBN(0xc0a630bb, 0xc9c40d2f),
+     TOBN(0x5efc797e, 0xab64c31e), TOBN(0xffdb1dab, 0x74507144),
+     TOBN(0xf6124287, 0x1ca6790c), TOBN(0xe9609d81, 0xe69bf1bf),
+     TOBN(0xdb898595, 0x00d24fc9), TOBN(0x9c750333, 0xe51fb417),
+     TOBN(0x51830a91, 0xfef7bbde), TOBN(0x0ce67dc8, 0x945f585c),
+     TOBN(0x9a730ed4, 0x4763eb50), TOBN(0x24a0e221, 0xc1ab0d66),
+     TOBN(0x643b6393, 0x648748f3), TOBN(0x1982daa1, 0x6d3c6291),
+     TOBN(0x6f00a9f7, 0x8bbc5549), TOBN(0x7a1783e1, 0x7f36384e),
+     TOBN(0xe8346323, 0xde977f50), TOBN(0x91ab688d, 0xb245502a),
+     TOBN(0x331ab6b5, 0x6d0bdd66), TOBN(0x0a6ef32e, 0x64b71229),
+     TOBN(0x1028150e, 0xfe7c352f), TOBN(0x27e04350, 0xce7b39d3),
+     TOBN(0x2a3c8acd, 0xc1070c82), TOBN(0xfb2034d3, 0x80c9feef),
+     TOBN(0x2d729621, 0x709f3729), TOBN(0x8df290bf, 0x62cb4549),
+     TOBN(0x02f99f33, 0xfc2e4326), TOBN(0x3b30076d, 0x5eddf032),
+     TOBN(0xbb21f8cf, 0x0c652fb5), TOBN(0x314fb49e, 0xed91cf7b),
+     TOBN(0xa013eca5, 0x2f700750), TOBN(0x2b9e3c23, 0x712a4575),
+     TOBN(0xe5355557, 0xaf30fbb0), TOBN(0x1ada3516, 0x7c77e771),
+     TOBN(0x45f6ecb2, 0x7b135670), TOBN(0xe85d19df, 0x7cfc202e),
+     TOBN(0x0f1b50c7, 0x58d1be9f), TOBN(0x5ebf2c0a, 0xead2e344),
+     TOBN(0x1531fe4e, 0xabc199c9), TOBN(0xc7032592, 0x56bab0ae),
+     TOBN(0x16ab2e48, 0x6c1fec54), TOBN(0x0f87fda8, 0x04280188),
+     TOBN(0xdc9f46fc, 0x609e4a74), TOBN(0x2a44a143, 0xba667f91),
+     TOBN(0xbc3d8b95, 0xb4d83436), TOBN(0xa01e4bd0, 0xc7bd2958),
+     TOBN(0x7b182932, 0x73483c90), TOBN(0xa79c6aa1, 0xa7c7b598),
+     TOBN(0xbf3983c6, 0xeaaac07e), TOBN(0x8f18181e, 0x96e0d4e6),
+     TOBN(0x8553d37c, 0x051af62b), TOBN(0xe9a998eb, 0x0bf94496),
+     TOBN(0xe0844f9f, 0xb0d59aa1), TOBN(0x983fd558, 0xe6afb813),
+     TOBN(0x9670c0ca, 0x65d69804), TOBN(0x732b22de, 0x6ea5ff2d),
+     TOBN(0xd7640ba9, 0x5fd8623b), TOBN(0x9f619163, 0xa6351782),
+     TOBN(0x0bfc27ee, 0xacee5043), TOBN(0xae419e73, 0x2eb10f02),
+     TOBN(0x19c028d1, 0x8943fb05), TOBN(0x71f01cf7, 0xff13aa2a),
+     TOBN(0x7790737e, 0x8887a132), TOBN(0x67513309, 0x66318410),
+     TOBN(0x9819e8a3, 0x7ddb795e), TOBN(0xfecb8ef5, 0xdad100b2),
+     TOBN(0x59f74a22, 0x3021926a), TOBN(0xb7c28a49, 0x6f9b4c1c),
+     TOBN(0xed1a733f, 0x912ad0ab), TOBN(0x42a910af, 0x01a5659c),
+     TOBN(0x3842c6e0, 0x7bd68cab), TOBN(0x2b57fa38, 0x76d70ac8),
+     TOBN(0x8a6707a8, 0x3c53aaeb), TOBN(0x62c1c510, 0x65b4db18),
+     TOBN(0x8de2c1fb, 0xb2d09dc7), TOBN(0xc3dfed12, 0x266bd23b),
+     TOBN(0x927d039b, 0xd5b27db6), TOBN(0x2fb2f0f1, 0x103243da),
+     TOBN(0xf855a07b, 0x80be7399), TOBN(0xed9327ce, 0x1f9f27a8),
+     TOBN(0xa0bd99c7, 0x729bdef7), TOBN(0x2b67125e, 0x28250d88),
+     TOBN(0x784b26e8, 0x8670ced7), TOBN(0xe3dfe41f, 0xc31bd3b4),
+     TOBN(0x9e353a06, 0xbcc85cbc), TOBN(0x302e2909, 0x60178a9d),
+     TOBN(0x860abf11, 0xa6eac16e), TOBN(0x76447000, 0xaa2b3aac),
+     TOBN(0x46ff9d19, 0x850afdab), TOBN(0x35bdd6a5, 0xfdb2d4c1),
+     TOBN(0xe82594b0, 0x7e5c9ce9), TOBN(0x0f379e53, 0x20af346e),
+     TOBN(0x608b31e3, 0xbc65ad4a), TOBN(0x710c6b12, 0x267c4826),
+     TOBN(0x51c966f9, 0x71954cf1), TOBN(0xb1cec793, 0x0d0aa215),
+     TOBN(0x1f155989, 0x86bd23a8), TOBN(0xae2ff99c, 0xf9452e86),
+     TOBN(0xd8dd953c, 0x340ceaa2), TOBN(0x26355275, 0x2e2e9333),
+     TOBN(0x15d4e5f9, 0x8586f06d), TOBN(0xd6bf94a8, 0xf7cab546),
+     TOBN(0x33c59a0a, 0xb76a9af0), TOBN(0x52740ab3, 0xba095af7),
+     TOBN(0xc444de8a, 0x24389ca0), TOBN(0xcc6f9863, 0x706da0cb),
+     TOBN(0xb5a741a7, 0x6b2515cf), TOBN(0x71c41601, 0x9585c749),
+     TOBN(0x78350d4f, 0xe683de97), TOBN(0x31d61524, 0x63d0b5f5),
+     TOBN(0x7a0cc5e1, 0xfbce090b), TOBN(0xaac927ed, 0xfbcb2a5b),
+     TOBN(0xe920de49, 0x20d84c35), TOBN(0x8c06a0b6, 0x22b4de26),
+     TOBN(0xd34dd58b, 0xafe7ddf3), TOBN(0x55851fed, 0xc1e6e55b),
+     TOBN(0xd1395616, 0x960696e7), TOBN(0x940304b2, 0x5f22705f),
+     TOBN(0x6f43f861, 0xb0a2a860), TOBN(0xcf121282, 0x0e7cc981),
+     TOBN(0x12186212, 0x0ab64a96), TOBN(0x09215b9a, 0xb789383c),
+     TOBN(0x311eb305, 0x37387c09), TOBN(0xc5832fce, 0xf03ee760),
+     TOBN(0x30358f58, 0x32f7ea19), TOBN(0xe01d3c34, 0x91d53551),
+     TOBN(0x1ca5ee41, 0xda48ea80), TOBN(0x34e71e8e, 0xcf4fa4c1),
+     TOBN(0x312abd25, 0x7af1e1c7), TOBN(0xe3afcdeb, 0x2153f4a5),
+     TOBN(0x9d5c84d7, 0x00235e9a), TOBN(0x0308d3f4, 0x8c4c836f),
+     TOBN(0xc0a66b04, 0x89332de5), TOBN(0x610dd399, 0x89e566ef),
+     TOBN(0xf8eea460, 0xd1ac1635), TOBN(0x84cbb3fb, 0x20a2c0df),
+     TOBN(0x40afb488, 0xe74a48c5), TOBN(0x29738198, 0xd326b150),
+     TOBN(0x2a17747f, 0xa6d74081), TOBN(0x60ea4c05, 0x55a26214),
+     TOBN(0x53514bb4, 0x1f88c5fe), TOBN(0xedd64567, 0x7e83426c),
+     TOBN(0xd5d6cbec, 0x96460b25), TOBN(0xa12fd0ce, 0x68dc115e),
+     TOBN(0xc5bc3ed2, 0x697840ea), TOBN(0x969876a8, 0xa6331e31),
+     TOBN(0x60c36217, 0x472ff580), TOBN(0xf4229705, 0x4ad41393),
+     TOBN(0x4bd99ef0, 0xa03b8b92), TOBN(0x501c7317, 0xc144f4f6),
+     TOBN(0x159009b3, 0x18464945), TOBN(0x6d5e594c, 0x74c5c6be),
+     TOBN(0x2d587011, 0x321a3660), TOBN(0xd1e184b1, 0x3898d022),
+     TOBN(0x5ba04752, 0x4c6a7e04), TOBN(0x47fa1e2b, 0x45550b65),
+     TOBN(0x9419daf0, 0x48c0a9a5), TOBN(0x66362953, 0x7c243236),
+     TOBN(0xcd0744b1, 0x5cb12a88), TOBN(0x561b6f9a, 0x2b646188),
+     TOBN(0x599415a5, 0x66c2c0c0), TOBN(0xbe3f0859, 0x0f83f09a),
+     TOBN(0x9141c5be, 0xb92041b8), TOBN(0x01ae38c7, 0x26477d0d),
+     TOBN(0xca8b71f3, 0xd12c7a94), TOBN(0xfab5b31f, 0x765c70db),
+     TOBN(0x76ae7492, 0x487443e9), TOBN(0x8595a310, 0x990d1349),
+     TOBN(0xf8dbeda8, 0x7d460a37), TOBN(0x7f7ad082, 0x1e45a38f),
+     TOBN(0xed1d4db6, 0x1059705a), TOBN(0xa3dd492a, 0xe6b9c697),
+     TOBN(0x4b92ee3a, 0x6eb38bd5), TOBN(0xbab2609d, 0x67cc0bb7),
+     TOBN(0x7fc4fe89, 0x6e70ee82), TOBN(0xeff2c56e, 0x13e6b7e3),
+     TOBN(0x9b18959e, 0x34d26fca), TOBN(0x2517ab66, 0x889d6b45),
+     TOBN(0xf167b4e0, 0xbdefdd4f), TOBN(0x69958465, 0xf366e401),
+     TOBN(0x5aa368ab, 0xa73bbec0), TOBN(0x12148709, 0x7b240c21),
+     TOBN(0x378c3233, 0x18969006), TOBN(0xcb4d73ce, 0xe1fe53d1),
+     TOBN(0x5f50a80e, 0x130c4361), TOBN(0xd67f5951, 0x7ef5212b),
+     TOBN(0xf145e21e, 0x9e70c72e), TOBN(0xb2e52e29, 0x5566d2fb),
+     TOBN(0x44eaba4a, 0x032397f5), TOBN(0x5e56937b, 0x7e31a7de),
+     TOBN(0x68dcf517, 0x456c61e1), TOBN(0xbc2e954a, 0xa8b0a388),
+     TOBN(0xe3552fa7, 0x60a8b755), TOBN(0x03442dae, 0x73ad0cde),
+     TOBN(0x37ffe747, 0xceb26210), TOBN(0x983545e8, 0x787baef9),
+     TOBN(0x8b8c8535, 0x86a3de31), TOBN(0xc621dbcb, 0xfacd46db),
+     TOBN(0x82e442e9, 0x59266fbb), TOBN(0xa3514c37, 0x339d471c),
+     TOBN(0x3a11b771, 0x62cdad96), TOBN(0xf0cb3b3c, 0xecf9bdf0),
+     TOBN(0x3fcbdbce, 0x478e2135), TOBN(0x7547b5cf, 0xbda35342),
+     TOBN(0xa97e81f1, 0x8a677af6), TOBN(0xc8c2bf83, 0x28817987),
+     TOBN(0xdf07eaaf, 0x45580985), TOBN(0xc68d1f05, 0xc93b45cb),
+     TOBN(0x106aa2fe, 0xc77b4cac), TOBN(0x4c1d8afc, 0x04a7ae86),
+     TOBN(0xdb41c3fd, 0x9eb45ab2), TOBN(0x5b234b5b, 0xd4b22e74),
+     TOBN(0xda253dec, 0xf215958a), TOBN(0x67e0606e, 0xa04edfa0),
+     TOBN(0xabbbf070, 0xef751b11), TOBN(0xf352f175, 0xf6f06dce),
+     TOBN(0xdfc4b6af, 0x6839f6b4), TOBN(0x53ddf9a8, 0x9959848e),
+     TOBN(0xda49c379, 0xc21520b0), TOBN(0x90864ff0, 0xdbd5d1b6),
+     TOBN(0x2f055d23, 0x5f49c7f7), TOBN(0xe51e4e6a, 0xa796b2d8),
+     TOBN(0xc361a67f, 0x5c9dc340), TOBN(0x5ad53c37, 0xbca7c620),
+     TOBN(0xda1d6588, 0x32c756d0), TOBN(0xad60d911, 0x8bb67e13),
+     TOBN(0xd6c47bdf, 0x0eeec8c6), TOBN(0x4a27fec1, 0x078a1821),
+     TOBN(0x081f7415, 0xc3099524), TOBN(0x8effdf0b, 0x82cd8060),
+     TOBN(0xdb70ec1c, 0x65842df8), TOBN(0x8821b358, 0xd319a901),
+     TOBN(0x72ee56ee, 0xde42b529), TOBN(0x5bb39592, 0x236e4286),
+     TOBN(0xd1183316, 0xfd6f7140), TOBN(0xf9fadb5b, 0xbd8e81f7),
+     TOBN(0x701d5e0c, 0x5a02d962), TOBN(0xfdee4dbf, 0x1b601324),
+     TOBN(0xbed17407, 0x35d7620e), TOBN(0x04e3c2c3, 0xf48c0012),
+     TOBN(0x9ee29da7, 0x3455449a), TOBN(0x562cdef4, 0x91a836c4),
+     TOBN(0x8f682a5f, 0x47701097), TOBN(0x617125d8, 0xff88d0c2),
+     TOBN(0x948fda24, 0x57bb86dd), TOBN(0x348abb8f, 0x289f7286),
+     TOBN(0xeb10eab5, 0x99d94bbd), TOBN(0xd51ba28e, 0x4684d160),
+     TOBN(0xabe0e51c, 0x30c8f41a), TOBN(0x66588b45, 0x13254f4a),
+     TOBN(0x147ebf01, 0xfad097a5), TOBN(0x49883ea8, 0x610e815d),
+     TOBN(0xe44d60ba, 0x8a11de56), TOBN(0xa970de6e, 0x827a7a6d),
+     TOBN(0x2be41424, 0x5e17fc19), TOBN(0xd833c657, 0x01214057),
+     TOBN(0x1375813b, 0x363e723f), TOBN(0x6820bb88, 0xe6a52e9b),
+     TOBN(0x7e7f6970, 0xd875d56a), TOBN(0xd6a0a9ac, 0x51fbf6bf),
+     TOBN(0x54ba8790, 0xa3083c12), TOBN(0xebaeb23d, 0x6ae7eb64),
+     TOBN(0xa8685c3a, 0xb99a907a), TOBN(0xf1e74550, 0x026bf40b),
+     TOBN(0x7b73a027, 0xc802cd9e), TOBN(0x9a8a927c, 0x4fef4635),
+     TOBN(0xe1b6f60c, 0x08191224), TOBN(0xc4126ebb, 0xde4ec091),
+     TOBN(0xe1dff4dc, 0x4ae38d84), TOBN(0xde3f57db, 0x4f2ef985),
+     TOBN(0x34964337, 0xd446a1dd), TOBN(0x7bf217a0, 0x859e77f6),
+     TOBN(0x8ff10527, 0x8e1d13f5), TOBN(0xa304ef03, 0x74eeae27),
+     TOBN(0xfc6f5e47, 0xd19dfa5a), TOBN(0xdb007de3, 0x7fad982b),
+     TOBN(0x28205ad1, 0x613715f5), TOBN(0x251e6729, 0x7889529e),
+     TOBN(0x72705184, 0x1ae98e78), TOBN(0xf818537d, 0x271cac32),
+     TOBN(0xc8a15b7e, 0xb7f410f5), TOBN(0xc474356f, 0x81f62393),
+     TOBN(0x92dbdc5a, 0xc242316b), TOBN(0xabe060ac, 0xdbf4aff5),
+     TOBN(0x6e8c38fe, 0x909a8ec6), TOBN(0x43e514e5, 0x6116cb94),
+     TOBN(0x2078fa38, 0x07d784f9), TOBN(0x1161a880, 0xf4b5b357),
+     TOBN(0x5283ce79, 0x13adea3d), TOBN(0x0756c3e6, 0xcc6a910b),
+     TOBN(0x60bcfe01, 0xaaa79697), TOBN(0x04a73b29, 0x56391db1),
+     TOBN(0xdd8dad47, 0x189b45a0), TOBN(0xbfac0dd0, 0x48d5b8d9),
+     TOBN(0x34ab3af5, 0x7d3d2ec2), TOBN(0x6fa2fc2d, 0x207bd3af),
+     TOBN(0x9ff40092, 0x66550ded), TOBN(0x719b3e87, 0x1fd5b913),
+     TOBN(0xa573a496, 0x6d17fbc7), TOBN(0x0cd1a70a, 0x73d2b24e),
+     TOBN(0x34e2c5ca, 0xb2676937), TOBN(0xe7050b06, 0xbf669f21),
+     TOBN(0xfbe948b6, 0x1ede9046), TOBN(0xa0530051, 0x97662659),
+     TOBN(0x58cbd4ed, 0xf10124c5), TOBN(0xde2646e4, 0xdd6c06c8),
+     TOBN(0x332f8108, 0x8cad38c0), TOBN(0x471b7e90, 0x6bd68ae2),
+     TOBN(0x56ac3fb2, 0x0d8e27a3), TOBN(0xb54660db, 0x136b4b0d),
+     TOBN(0x123a1e11, 0xa6fd8de4), TOBN(0x44dbffea, 0xa37799ef),
+     TOBN(0x4540b977, 0xce6ac17c), TOBN(0x495173a8, 0xaf60acef)}
+    ,
+    {TOBN(0x9ebb284d, 0x391c2a82), TOBN(0xbcdd4863, 0x158308e8),
+     TOBN(0x006f16ec, 0x83f1edca), TOBN(0xa13e2c37, 0x695dc6c8),
+     TOBN(0x2ab756f0, 0x4a057a87), TOBN(0xa8765500, 0xa6b48f98),
+     TOBN(0x4252face, 0x68651c44), TOBN(0xa52b540b, 0xe1765e02),
+     TOBN(0x4f922fc5, 0x16a0d2bb), TOBN(0x0d5cc16c, 0x1a623499),
+     TOBN(0x9241cf3a, 0x57c62c8b), TOBN(0x2f5e6961, 0xfd1b667f),
+     TOBN(0x5c15c70b, 0xf5a01797), TOBN(0x3d20b44d, 0x60956192),
+     TOBN(0x04911b37, 0x071fdb52), TOBN(0xf648f916, 0x8d6f0f7b),
+     TOBN(0x6dc1acaf, 0xe60b7cf7), TOBN(0x25860a50, 0x84a9d869),
+     TOBN(0x56fc6f09, 0xe7ba8ac4), TOBN(0x828c5bd0, 0x6148d29e),
+     TOBN(0xac6b435e, 0xdc55ae5f), TOBN(0xa527f56c, 0xc0117411),
+     TOBN(0x94d5045e, 0xfd24342c), TOBN(0x2c4c0a35, 0x70b67c0d),
+     TOBN(0x027cc8b8, 0xfac61d9a), TOBN(0x7d25e062, 0xe3c6fe8a),
+     TOBN(0xe08805bf, 0xe5bff503), TOBN(0x13271e6c, 0x6ff632f7),
+     TOBN(0x55dca6c0, 0x232f76a5), TOBN(0x8957c32d, 0x701ef426),
+     TOBN(0xee728bcb, 0xa10a5178), TOBN(0x5ea60411, 0xb62c5173),
+     TOBN(0xfc4e964e, 0xd0b8892b), TOBN(0x9ea17683, 0x9301bb74),
+     TOBN(0x6265c5ae, 0xfcc48626), TOBN(0xe60cf82e, 0xbb3e9102),
+     TOBN(0x57adf797, 0xd4df5531), TOBN(0x235b59a1, 0x8deeefe2),
+     TOBN(0x60adcf58, 0x3f306eb1), TOBN(0x105c2753, 0x3d09492d),
+     TOBN(0x4090914b, 0xb5def996), TOBN(0x1cb69c83, 0x233dd1e7),
+     TOBN(0xc1e9c1d3, 0x9b3d5e76), TOBN(0x1f3338ed, 0xfccf6012),
+     TOBN(0xb1e95d0d, 0x2f5378a8), TOBN(0xacf4c2c7, 0x2f00cd21),
+     TOBN(0x6e984240, 0xeb5fe290), TOBN(0xd66c038d, 0x248088ae),
+     TOBN(0x804d264a, 0xf94d70cf), TOBN(0xbdb802ef, 0x7314bf7e),
+     TOBN(0x8fb54de2, 0x4333ed02), TOBN(0x740461e0, 0x285635d9),
+     TOBN(0x4113b2c8, 0x365e9383), TOBN(0xea762c83, 0x3fdef652),
+     TOBN(0x4eec6e2e, 0x47b956c1), TOBN(0xa3d814be, 0x65620fa4),
+     TOBN(0x9ad5462b, 0xb4d8bc50), TOBN(0x181c0b16, 0xa9195770),
+     TOBN(0xebd4fe1c, 0x78412a68), TOBN(0xae0341bc, 0xc0dff48c),
+     TOBN(0xb6bc45cf, 0x7003e866), TOBN(0xf11a6dea, 0x8a24a41b),
+     TOBN(0x5407151a, 0xd04c24c2), TOBN(0x62c9d27d, 0xda5b7b68),
+     TOBN(0x2e964235, 0x88cceff6), TOBN(0x8594c54f, 0x8b07ed69),
+     TOBN(0x1578e73c, 0xc84d0d0d), TOBN(0x7b4e1055, 0xff532868),
+     TOBN(0xa348c0d5, 0xb5ec995a), TOBN(0xbf4b9d55, 0x14289a54),
+     TOBN(0x9ba155a6, 0x58fbd777), TOBN(0x186ed7a8, 0x1a84491d),
+     TOBN(0xd4992b30, 0x614c0900), TOBN(0xda98d121, 0xbd00c24b),
+     TOBN(0x7f534dc8, 0x7ec4bfa1), TOBN(0x4a5ff674, 0x37dc34bc),
+     TOBN(0x68c196b8, 0x1d7ea1d7), TOBN(0x38cf2893, 0x80a6d208),
+     TOBN(0xfd56cd09, 0xe3cbbd6e), TOBN(0xec72e27e, 0x4205a5b6),
+     TOBN(0x15ea68f5, 0xa44f77f7), TOBN(0x7aa5f9fd, 0xb43c52bc),
+     TOBN(0x86ff676f, 0x94f0e609), TOBN(0xa4cde963, 0x2e2d432b),
+     TOBN(0x8cafa0c0, 0xeee470af), TOBN(0x84137d0e, 0x8a3f5ec8),
+     TOBN(0xebb40411, 0xfaa31231), TOBN(0xa239c13f, 0x6f7f7ccf),
+     TOBN(0x32865719, 0xa8afd30b), TOBN(0x86798328, 0x8a826dce),
+     TOBN(0xdf04e891, 0xc4a8fbe0), TOBN(0xbb6b6e1b, 0xebf56ad3),
+     TOBN(0x0a695b11, 0x471f1ff0), TOBN(0xd76c3389, 0xbe15baf0),
+     TOBN(0x018edb95, 0xbe96c43e), TOBN(0xf2beaaf4, 0x90794158),
+     TOBN(0x152db09e, 0xc3076a27), TOBN(0x5e82908e, 0xe416545d),
+     TOBN(0xa2c41272, 0x356d6f2e), TOBN(0xdc9c9642, 0x31fd74e1),
+     TOBN(0x66ceb88d, 0x519bf615), TOBN(0xe29ecd76, 0x05a2274e),
+     TOBN(0x3a0473c4, 0xbf5e2fa0), TOBN(0x6b6eb671, 0x64284e67),
+     TOBN(0xe8b97932, 0xb88756dd), TOBN(0xed4e8652, 0xf17e3e61),
+     TOBN(0xc2dd1499, 0x3ee1c4a4), TOBN(0xc0aaee17, 0x597f8c0e),
+     TOBN(0x15c4edb9, 0x6c168af3), TOBN(0x6563c7bf, 0xb39ae875),
+     TOBN(0xadfadb6f, 0x20adb436), TOBN(0xad55e8c9, 0x9a042ac0),
+     TOBN(0x975a1ed8, 0xb76da1f5), TOBN(0x10dfa466, 0xa58acb94),
+     TOBN(0x8dd7f7e3, 0xac060282), TOBN(0x6813e66a, 0x572a051e),
+     TOBN(0xb4ccae1e, 0x350cb901), TOBN(0xb653d656, 0x50cb7822),
+     TOBN(0x42484710, 0xdfab3b87), TOBN(0xcd7ee537, 0x9b670fd0),
+     TOBN(0x0a50b12e, 0x523b8bf6), TOBN(0x8009eb5b, 0x8f910c1b),
+     TOBN(0xf535af82, 0x4a167588), TOBN(0x0f835f9c, 0xfb2a2abd),
+     TOBN(0xf59b2931, 0x2afceb62), TOBN(0xc797df2a, 0x169d383f),
+     TOBN(0xeb3f5fb0, 0x66ac02b0), TOBN(0x029d4c6f, 0xdaa2d0ca),
+     TOBN(0xd4059bc1, 0xafab4bc5), TOBN(0x833f5c6f, 0x56783247),
+     TOBN(0xb5346630, 0x8d2d3605), TOBN(0x83387891, 0xd34d8433),
+     TOBN(0xd973b30f, 0xadd9419a), TOBN(0xbcca1099, 0xafe3fce8),
+     TOBN(0x08178315, 0x0809aac6), TOBN(0x01b7f21a, 0x540f0f11),
+     TOBN(0x65c29219, 0x909523c8), TOBN(0xa62f648f, 0xa3a1c741),
+     TOBN(0x88598d4f, 0x60c9e55a), TOBN(0xbce9141b, 0x0e4f347a),
+     TOBN(0x9af97d84, 0x35f9b988), TOBN(0x0210da62, 0x320475b6),
+     TOBN(0x3c076e22, 0x9191476c), TOBN(0x7520dbd9, 0x44fc7834),
+     TOBN(0x6a6b2cfe, 0xc1ab1bbd), TOBN(0xef8a65be, 0xdc650938),
+     TOBN(0x72855540, 0x805d7bc4), TOBN(0xda389396, 0xed11fdfd),
+     TOBN(0xa9d5bd36, 0x74660876), TOBN(0x11d67c54, 0xb45dff35),
+     TOBN(0x6af7d148, 0xa4f5da94), TOBN(0xbb8d4c3f, 0xc0bbeb31),
+     TOBN(0x87a7ebd1, 0xe0a1b12a), TOBN(0x1e4ef88d, 0x770ba95f),
+     TOBN(0x8c33345c, 0xdc2ae9cb), TOBN(0xcecf1276, 0x01cc8403),
+     TOBN(0x687c012e, 0x1b39b80f), TOBN(0xfd90d0ad, 0x35c33ba4),
+     TOBN(0xa3ef5a67, 0x5c9661c2), TOBN(0x368fc88e, 0xe017429e),
+     TOBN(0xd30c6761, 0x196a2fa2), TOBN(0x931b9817, 0xbd5b312e),
+     TOBN(0xba01000c, 0x72f54a31), TOBN(0xa203d2c8, 0x66eaa541),
+     TOBN(0xf2abdee0, 0x98939db3), TOBN(0xe37d6c2c, 0x3e606c02),
+     TOBN(0xf2921574, 0x521ff643), TOBN(0x2781b3c4, 0xd7e2fca3),
+     TOBN(0x664300b0, 0x7850ec06), TOBN(0xac5a38b9, 0x7d3a10cf),
+     TOBN(0x9233188d, 0xe34ab39d), TOBN(0xe77057e4, 0x5072cbb9),
+     TOBN(0xbcf0c042, 0xb59e78df), TOBN(0x4cfc91e8, 0x1d97de52),
+     TOBN(0x4661a26c, 0x3ee0ca4a), TOBN(0x5620a4c1, 0xfb8507bc),
+     TOBN(0x4b44d4aa, 0x049f842c), TOBN(0xceabc5d5, 0x1540e82b),
+     TOBN(0x306710fd, 0x15c6f156), TOBN(0xbe5ae52b, 0x63db1d72),
+     TOBN(0x06f1e7e6, 0x334957f1), TOBN(0x57e388f0, 0x31144a70),
+     TOBN(0xfb69bb2f, 0xdf96447b), TOBN(0x0f78ebd3, 0x73e38a12),
+     TOBN(0xb8222605, 0x2b7ce542), TOBN(0xe6d4ce99, 0x7472bde1),
+     TOBN(0x53e16ebe, 0x09d2f4da), TOBN(0x180ff42e, 0x53b92b2e),
+     TOBN(0xc59bcc02, 0x2c34a1c6), TOBN(0x3803d6f9, 0x422c46c2),
+     TOBN(0x18aff74f, 0x5c14a8a2), TOBN(0x55aebf80, 0x10a08b28),
+     TOBN(0x66097d58, 0x7135593f), TOBN(0x32e6eff7, 0x2be570cd),
+     TOBN(0x584e6a10, 0x2a8c860d), TOBN(0xcd185890, 0xa2eb4163),
+     TOBN(0x7ceae99d, 0x6d97e134), TOBN(0xd42c6b70, 0xdd8447ce),
+     TOBN(0x59ddbb4a, 0xb8c50273), TOBN(0x03c612df, 0x3cf34e1e),
+     TOBN(0x84b9ca15, 0x04b6c5a0), TOBN(0x35216f39, 0x18f0e3a3),
+     TOBN(0x3ec2d2bc, 0xbd986c00), TOBN(0x8bf546d9, 0xd19228fe),
+     TOBN(0xd1c655a4, 0x4cd623c3), TOBN(0x366ce718, 0x502b8e5a),
+     TOBN(0x2cfc84b4, 0xeea0bfe7), TOBN(0xe01d5cee, 0xcf443e8e),
+     TOBN(0x8ec045d9, 0x036520f8), TOBN(0xdfb3c3d1, 0x92d40e98),
+     TOBN(0x0bac4cce, 0xcc559a04), TOBN(0x35eccae5, 0x240ea6b1),
+     TOBN(0x180b32db, 0xf8a5a0ac), TOBN(0x547972a5, 0xeb699700),
+     TOBN(0xa3765801, 0xca26bca0), TOBN(0x57e09d0e, 0xa647f25a),
+     TOBN(0xb956970e, 0x2fdd23cc), TOBN(0xb80288bc, 0x5682e971),
+     TOBN(0xe6e6d91e, 0x9ae86ebc), TOBN(0x0564c83f, 0x8c9f1939),
+     TOBN(0x551932a2, 0x39560368), TOBN(0xe893752b, 0x049c28e2),
+     TOBN(0x0b03cee5, 0xa6a158c3), TOBN(0xe12d656b, 0x04964263),
+     TOBN(0x4b47554e, 0x63e3bc1d), TOBN(0xc719b6a2, 0x45044ff7),
+     TOBN(0x4f24d30a, 0xe48daa07), TOBN(0xa3f37556, 0xc8c1edc3),
+     TOBN(0x9a47bf76, 0x0700d360), TOBN(0xbb1a1824, 0x822ae4e2),
+     TOBN(0x22e275a3, 0x89f1fb4c), TOBN(0x72b1aa23, 0x9968c5f5),
+     TOBN(0xa75feaca, 0xbe063f64), TOBN(0x9b392f43, 0xbce47a09),
+     TOBN(0xd4241509, 0x1ad07aca), TOBN(0x4b0c591b, 0x8d26cd0f),
+     TOBN(0x2d42ddfd, 0x92f1169a), TOBN(0x63aeb1ac, 0x4cbf2392),
+     TOBN(0x1de9e877, 0x0691a2af), TOBN(0xebe79af7, 0xd98021da),
+     TOBN(0xcfdf2a4e, 0x40e50acf), TOBN(0xf0a98ad7, 0xaf01d665),
+     TOBN(0xefb640bf, 0x1831be1f), TOBN(0x6fe8bd2f, 0x80e9ada0),
+     TOBN(0x94c103a1, 0x6cafbc91), TOBN(0x170f8759, 0x8308e08c),
+     TOBN(0x5de2d2ab, 0x9780ff4f), TOBN(0x666466bc, 0x45b201f2),
+     TOBN(0x58af2010, 0xf5b343bc), TOBN(0x0f2e400a, 0xf2f142fe),
+     TOBN(0x3483bfde, 0xa85f4bdf), TOBN(0xf0b1d093, 0x03bfeaa9),
+     TOBN(0x2ea01b95, 0xc7081603), TOBN(0xe943e4c9, 0x3dba1097),
+     TOBN(0x47be92ad, 0xb438f3a6), TOBN(0x00bb7742, 0xe5bf6636),
+     TOBN(0x136b7083, 0x824297b4), TOBN(0x9d0e5580, 0x5584455f),
+     TOBN(0xab48cedc, 0xf1c7d69e), TOBN(0x53a9e481, 0x2a256e76),
+     TOBN(0x0402b0e0, 0x65eb2413), TOBN(0xdadbbb84, 0x8fc407a7),
+     TOBN(0xa65cd5a4, 0x8d7f5492), TOBN(0x21d44293, 0x74bae294),
+     TOBN(0x66917ce6, 0x3b5f1cc4), TOBN(0x37ae52ea, 0xce872e62),
+     TOBN(0xbb087b72, 0x2905f244), TOBN(0x12077086, 0x1e6af74f),
+     TOBN(0x4b644e49, 0x1058edea), TOBN(0x827510e3, 0xb638ca1d),
+     TOBN(0x8cf2b704, 0x6038591c), TOBN(0xffc8b47a, 0xfe635063),
+     TOBN(0x3ae220e6, 0x1b4d5e63), TOBN(0xbd864742, 0x9d961b4b),
+     TOBN(0x610c107e, 0x9bd16bed), TOBN(0x4270352a, 0x1127147b),
+     TOBN(0x7d17ffe6, 0x64cfc50e), TOBN(0x50dee01a, 0x1e36cb42),
+     TOBN(0x068a7622, 0x35dc5f9a), TOBN(0x9a08d536, 0xdf53f62c),
+     TOBN(0x4ed71457, 0x6be5f7de), TOBN(0xd93006f8, 0xc2263c9e),
+     TOBN(0xe073694c, 0xcacacb36), TOBN(0x2ff7a5b4, 0x3ae118ab),
+     TOBN(0x3cce53f1, 0xcd871236), TOBN(0xf156a39d, 0xc2aa6d52),
+     TOBN(0x9cc5f271, 0xb198d76d), TOBN(0xbc615b6f, 0x81383d39),
+     TOBN(0xa54538e8, 0xde3eee6b), TOBN(0x58c77538, 0xab910d91),
+     TOBN(0x31e5bdbc, 0x58d278bd), TOBN(0x3cde4adf, 0xb963acae),
+     TOBN(0xb1881fd2, 0x5302169c), TOBN(0x8ca60fa0, 0xa989ed8b),
+     TOBN(0xa1999458, 0xff96a0ee), TOBN(0xc1141f03, 0xac6c283d),
+     TOBN(0x7677408d, 0x6dfafed3), TOBN(0x33a01653, 0x39661588),
+     TOBN(0x3c9c15ec, 0x0b726fa0), TOBN(0x090cfd93, 0x6c9b56da),
+     TOBN(0xe34f4bae, 0xa3c40af5), TOBN(0x3469eadb, 0xd21129f1),
+     TOBN(0xcc51674a, 0x1e207ce8), TOBN(0x1e293b24, 0xc83b1ef9),
+     TOBN(0x17173d13, 0x1e6c0bb4), TOBN(0x19004695, 0x90776d35),
+     TOBN(0xe7980e34, 0x6de6f922), TOBN(0x873554cb, 0xf4dd9a22),
+     TOBN(0x0316c627, 0xcbf18a51), TOBN(0x4d93651b, 0x3032c081),
+     TOBN(0x207f2771, 0x3946834d), TOBN(0x2c08d7b4, 0x30cdbf80),
+     TOBN(0x137a4fb4, 0x86df2a61), TOBN(0xa1ed9c07, 0xecf7b4a2),
+     TOBN(0xb2e460e2, 0x7bd042ff), TOBN(0xb7f5e2fa, 0x5f62f5ec),
+     TOBN(0x7aa6ec6b, 0xcc2423b7), TOBN(0x75ce0a7f, 0xba63eea7),
+     TOBN(0x67a45fb1, 0xf250a6e1), TOBN(0x93bc919c, 0xe53cdc9f),
+     TOBN(0x9271f56f, 0x871942df), TOBN(0x2372ff6f, 0x7859ad66),
+     TOBN(0x5f4c2b96, 0x33cb1a78), TOBN(0xe3e29101, 0x5838aa83),
+     TOBN(0xa7ed1611, 0xe4e8110c), TOBN(0x2a2d70d5, 0x330198ce),
+     TOBN(0xbdf132e8, 0x6720efe0), TOBN(0xe61a8962, 0x66a471bf),
+     TOBN(0x796d3a85, 0x825808bd), TOBN(0x51dc3cb7, 0x3fd6e902),
+     TOBN(0x643c768a, 0x916219d1), TOBN(0x36cd7685, 0xa2ad7d32),
+     TOBN(0xe3db9d05, 0xb22922a4), TOBN(0x6494c87e, 0xdba29660),
+     TOBN(0xf0ac91df, 0xbcd2ebc7), TOBN(0x4deb57a0, 0x45107f8d),
+     TOBN(0x42271f59, 0xc3d12a73), TOBN(0x5f71687c, 0xa5c2c51d),
+     TOBN(0xcb1f50c6, 0x05797bcb), TOBN(0x29ed0ed9, 0xd6d34eb0),
+     TOBN(0xe5fe5b47, 0x4683c2eb), TOBN(0x4956eeb5, 0x97447c46),
+     TOBN(0x5b163a43, 0x71207167), TOBN(0x93fa2fed, 0x0248c5ef),
+     TOBN(0x67930af2, 0x31f63950), TOBN(0xa77797c1, 0x14caa2c9),
+     TOBN(0x526e80ee, 0x27ac7e62), TOBN(0xe1e6e626, 0x58b28aec),
+     TOBN(0x636178b0, 0xb3c9fef0), TOBN(0xaf7752e0, 0x6d5f90be),
+     TOBN(0x94ecaf18, 0xeece51cf), TOBN(0x2864d0ed, 0xca806e1f),
+     TOBN(0x6de2e383, 0x97c69134), TOBN(0x5a42c316, 0xeb291293),
+     TOBN(0xc7779219, 0x6a60bae0), TOBN(0xa24de346, 0x6b7599d1),
+     TOBN(0x49d374aa, 0xb75d4941), TOBN(0x98900586, 0x2d501ff0),
+     TOBN(0x9f16d40e, 0xeb7974cf), TOBN(0x1033860b, 0xcdd8c115),
+     TOBN(0xb6c69ac8, 0x2094cec3), TOBN(0x9976fb88, 0x403b770c),
+     TOBN(0x1dea026c, 0x4859590d), TOBN(0xb6acbb46, 0x8562d1fd),
+     TOBN(0x7cd6c461, 0x44569d85), TOBN(0xc3190a36, 0x97f0891d),
+     TOBN(0xc6f53195, 0x48d5a17d), TOBN(0x7d919966, 0xd749abc8),
+     TOBN(0x65104837, 0xdd1c8a20), TOBN(0x7e5410c8, 0x2f683419),
+     TOBN(0x958c3ca8, 0xbe94022e), TOBN(0x605c3197, 0x6145dac2),
+     TOBN(0x3fc07501, 0x01683d54), TOBN(0x1d7127c5, 0x595b1234),
+     TOBN(0x10b8f87c, 0x9481277f), TOBN(0x677db2a8, 0xe65a1adb),
+     TOBN(0xec2fccaa, 0xddce3345), TOBN(0x2a6811b7, 0x012a4350),
+     TOBN(0x96760ff1, 0xac598bdc), TOBN(0x054d652a, 0xd1bf4128),
+     TOBN(0x0a1151d4, 0x92a21005), TOBN(0xad7f3971, 0x33110fdf),
+     TOBN(0x8c95928c, 0x1960100f), TOBN(0x6c91c825, 0x7bf03362),
+     TOBN(0xc8c8b2a2, 0xce309f06), TOBN(0xfdb27b59, 0xca27204b),
+     TOBN(0xd223eaa5, 0x0848e32e), TOBN(0xb93e4b2e, 0xe7bfaf1e),
+     TOBN(0xc5308ae6, 0x44aa3ded), TOBN(0x317a666a, 0xc015d573),
+     TOBN(0xc888ce23, 0x1a979707), TOBN(0xf141c1e6, 0x0d5c4958),
+     TOBN(0xb53b7de5, 0x61906373), TOBN(0x858dbade, 0xeb999595),
+     TOBN(0x8cbb47b2, 0xa59e5c36), TOBN(0x660318b3, 0xdcf4e842),
+     TOBN(0xbd161ccd, 0x12ba4b7a), TOBN(0xf399daab, 0xf8c8282a),
+     TOBN(0x1587633a, 0xeeb2130d), TOBN(0xa465311a, 0xda38dd7d),
+     TOBN(0x5f75eec8, 0x64d3779b), TOBN(0x3c5d0476, 0xad64c171),
+     TOBN(0x87410371, 0x2a914428), TOBN(0x8096a891, 0x90e2fc29),
+     TOBN(0xd3d2ae9d, 0x23b3ebc2), TOBN(0x90bdd6db, 0xa580cfd6),
+     TOBN(0x52dbb7f3, 0xc5b01f6c), TOBN(0xe68eded4, 0xe102a2dc),
+     TOBN(0x17785b77, 0x99eb6df0), TOBN(0x26c3cc51, 0x7386b779),
+     TOBN(0x345ed988, 0x6417a48e), TOBN(0xe990b4e4, 0x07d6ef31),
+     TOBN(0x0f456b7e, 0x2586abba), TOBN(0x239ca6a5, 0x59c96e9a),
+     TOBN(0xe327459c, 0xe2eb4206), TOBN(0x3a4c3313, 0xa002b90a),
+     TOBN(0x2a114806, 0xf6a3f6fb), TOBN(0xad5cad2f, 0x85c251dd),
+     TOBN(0x92c1f613, 0xf5a784d3), TOBN(0xec7bfacf, 0x349766d5),
+     TOBN(0x04b3cd33, 0x3e23cb3b), TOBN(0x3979fe84, 0xc5a64b2d),
+     TOBN(0x192e2720, 0x7e589106), TOBN(0xa60c43d1, 0xa15b527f),
+     TOBN(0x2dae9082, 0xbe7cf3a6), TOBN(0xcc86ba92, 0xbc967274),
+     TOBN(0xf28a2ce8, 0xaea0a8a9), TOBN(0x404ca6d9, 0x6ee988b3),
+     TOBN(0xfd7e9c5d, 0x005921b8), TOBN(0xf56297f1, 0x44e79bf9),
+     TOBN(0xa163b460, 0x0d75ddc2), TOBN(0x30b23616, 0xa1f2be87),
+     TOBN(0x4b070d21, 0xbfe50e2b), TOBN(0x7ef8cfd0, 0xe1bfede1),
+     TOBN(0xadba0011, 0x2aac4ae0), TOBN(0x2a3e7d01, 0xb9ebd033),
+     TOBN(0x995277ec, 0xe38d9d1c), TOBN(0xb500249e, 0x9c5d2de3),
+     TOBN(0x8912b820, 0xf13ca8c9), TOBN(0xc8798114, 0x877793af),
+     TOBN(0x19e6125d, 0xec3f1dec), TOBN(0x07b1f040, 0x911178da),
+     TOBN(0xd93ededa, 0x904a6738), TOBN(0x55187a5a, 0x0bebedcd),
+     TOBN(0xf7d04722, 0xeb329d41), TOBN(0xf449099e, 0xf170b391),
+     TOBN(0xfd317a69, 0xca99f828), TOBN(0x50c3db2b, 0x34a4976d),
+     TOBN(0xe9ba7784, 0x3757b392), TOBN(0x326caefd, 0xaa3ca05a),
+     TOBN(0x78e5293b, 0xf1e593d4), TOBN(0x7842a937, 0x0d98fd13),
+     TOBN(0xe694bf96, 0x5f96b10d), TOBN(0x373a9df6, 0x06a8cd05),
+     TOBN(0x997d1e51, 0xe8f0c7fc), TOBN(0x1d019790, 0x63fd972e),
+     TOBN(0x0064d858, 0x5499fb32), TOBN(0x7b67bad9, 0x77a8aeb7),
+     TOBN(0x1d3eb977, 0x2d08eec5), TOBN(0x5fc047a6, 0xcbabae1d),
+     TOBN(0x0577d159, 0xe54a64bb), TOBN(0x8862201b, 0xc43497e4),
+     TOBN(0xad6b4e28, 0x2ce0608d), TOBN(0x8b687b7d, 0x0b167aac),
+     TOBN(0x6ed4d367, 0x8b2ecfa9), TOBN(0x24dfe62d, 0xa90c3c38),
+     TOBN(0xa1862e10, 0x3fe5c42b), TOBN(0x1ca73dca, 0xd5732a9f),
+     TOBN(0x35f038b7, 0x76bb87ad), TOBN(0x674976ab, 0xf242b81f),
+     TOBN(0x4f2bde7e, 0xb0fd90cd), TOBN(0x6efc172e, 0xa7fdf092),
+     TOBN(0x3806b69b, 0x92222f1f), TOBN(0x5a2459ca, 0x6cf7ae70),
+     TOBN(0x6789f69c, 0xa85217ee), TOBN(0x5f232b5e, 0xe3dc85ac),
+     TOBN(0x660e3ec5, 0x48e9e516), TOBN(0x124b4e47, 0x3197eb31),
+     TOBN(0x10a0cb13, 0xaafcca23), TOBN(0x7bd63ba4, 0x8213224f),
+     TOBN(0xaffad7cc, 0x290a7f4f), TOBN(0x6b409c9e, 0x0286b461),
+     TOBN(0x58ab809f, 0xffa407af), TOBN(0xc3122eed, 0xc68ac073),
+     TOBN(0x17bf9e50, 0x4ef24d7e), TOBN(0x5d929794, 0x3e2a5811),
+     TOBN(0x519bc867, 0x02902e01), TOBN(0x76bba5da, 0x39c8a851),
+     TOBN(0xe9f9669c, 0xda94951e), TOBN(0x4b6af58d, 0x66b8d418),
+     TOBN(0xfa321074, 0x17d426a4), TOBN(0xc78e66a9, 0x9dde6027),
+     TOBN(0x0516c083, 0x4a53b964), TOBN(0xfc659d38, 0xff602330),
+     TOBN(0x0ab55e5c, 0x58c5c897), TOBN(0x985099b2, 0x838bc5df),
+     TOBN(0x061d9efc, 0xc52fc238), TOBN(0x712b2728, 0x6ac1da3f),
+     TOBN(0xfb658149, 0x9283fe08), TOBN(0x4954ac94, 0xb8aaa2f7),
+     TOBN(0x85c0ada4, 0x7fb2e74f), TOBN(0xee8ba98e, 0xb89926b0),
+     TOBN(0xe4f9d37d, 0x23d1af5b), TOBN(0x14ccdbf9, 0xba9b015e),
+     TOBN(0xb674481b, 0x7bfe7178), TOBN(0x4e1debae, 0x65405868),
+     TOBN(0x061b2821, 0xc48c867d), TOBN(0x69c15b35, 0x513b30ea),
+     TOBN(0x3b4a1666, 0x36871088), TOBN(0xe5e29f5d, 0x1220b1ff),
+     TOBN(0x4b82bb35, 0x233d9f4d), TOBN(0x4e076333, 0x18cdc675)}
+    ,
+    {TOBN(0x0d53f5c7, 0xa3e6fced), TOBN(0xe8cbbdd5, 0xf45fbdeb),
+     TOBN(0xf85c01df, 0x13339a70), TOBN(0x0ff71880, 0x142ceb81),
+     TOBN(0x4c4e8774, 0xbd70437a), TOBN(0x5fb32891, 0xba0bda6a),
+     TOBN(0x1cdbebd2, 0xf18bd26e), TOBN(0x2f9526f1, 0x03a9d522),
+     TOBN(0x40ce3051, 0x92c4d684), TOBN(0x8b04d725, 0x7612efcd),
+     TOBN(0xb9dcda36, 0x6f9cae20), TOBN(0x0edc4d24, 0xf058856c),
+     TOBN(0x64f2e6bf, 0x85427900), TOBN(0x3de81295, 0xdc09dfea),
+     TOBN(0xd41b4487, 0x379bf26c), TOBN(0x50b62c6d, 0x6df135a9),
+     TOBN(0xd4f8e3b4, 0xc72dfe67), TOBN(0xc416b0f6, 0x90e19fdf),
+     TOBN(0x18b9098d, 0x4c13bd35), TOBN(0xac11118a, 0x15b8cb9e),
+     TOBN(0xf598a318, 0xf0062841), TOBN(0xbfe0602f, 0x89f356f4),
+     TOBN(0x7ae3637e, 0x30177a0c), TOBN(0x34097747, 0x61136537),
+     TOBN(0x0db2fb5e, 0xd005832a), TOBN(0x5f5efd3b, 0x91042e4f),
+     TOBN(0x8c4ffdc6, 0xed70f8ca), TOBN(0xe4645d0b, 0xb52da9cc),
+     TOBN(0x9596f58b, 0xc9001d1f), TOBN(0x52c8f0bc, 0x4e117205),
+     TOBN(0xfd4aa0d2, 0xe398a084), TOBN(0x815bfe3a, 0x104f49de),
+     TOBN(0x97e5443f, 0x23885e5f), TOBN(0xf72f8f99, 0xe8433aab),
+     TOBN(0xbd00b154, 0xe4d4e604), TOBN(0xd0b35e6a, 0xe5e173ff),
+     TOBN(0x57b2a048, 0x9164722d), TOBN(0x3e3c665b, 0x88761ec8),
+     TOBN(0x6bdd1397, 0x3da83832), TOBN(0x3c8b1a1e, 0x73dafe3b),
+     TOBN(0x4497ace6, 0x54317cac), TOBN(0xbe600ab9, 0x521771b3),
+     TOBN(0xb42e409e, 0xb0dfe8b8), TOBN(0x386a67d7, 0x3942310f),
+     TOBN(0x25548d8d, 0x4431cc28), TOBN(0xa7cff142, 0x985dc524),
+     TOBN(0x4d60f5a1, 0x93c4be32), TOBN(0x83ebd5c8, 0xd071c6e1),
+     TOBN(0xba3a80a7, 0xb1fd2b0b), TOBN(0x9b3ad396, 0x5bec33e8),
+     TOBN(0xb3868d61, 0x79743fb3), TOBN(0xcfd169fc, 0xfdb462fa),
+     TOBN(0xd3b499d7, 0x9ce0a6af), TOBN(0x55dc1cf1, 0xe42d3ff8),
+     TOBN(0x04fb9e6c, 0xc6c3e1b2), TOBN(0x47e6961d, 0x6f69a474),
+     TOBN(0x54eb3acc, 0xe548b37b), TOBN(0xb38e7542, 0x84d40549),
+     TOBN(0x8c3daa51, 0x7b341b4f), TOBN(0x2f6928ec, 0x690bf7fa),
+     TOBN(0x0496b323, 0x86ce6c41), TOBN(0x01be1c55, 0x10adadcd),
+     TOBN(0xc04e67e7, 0x4bb5faf9), TOBN(0x3cbaf678, 0xe15c9985),
+     TOBN(0x8cd12145, 0x50ca4247), TOBN(0xba1aa47a, 0xe7dd30aa),
+     TOBN(0x2f81ddf1, 0xe58fee24), TOBN(0x03452936, 0xeec9b0e8),
+     TOBN(0x8bdc3b81, 0x243aea96), TOBN(0x9a2919af, 0x15c3d0e5),
+     TOBN(0x9ea640ec, 0x10948361), TOBN(0x5ac86d5b, 0x6e0bcccf),
+     TOBN(0xf892d918, 0xc36cf440), TOBN(0xaed3e837, 0xc939719c),
+     TOBN(0xb07b08d2, 0xc0218b64), TOBN(0x6f1bcbba, 0xce9790dd),
+     TOBN(0x4a84d6ed, 0x60919b8e), TOBN(0xd8900791, 0x8ac1f9eb),
+     TOBN(0xf84941aa, 0x0dd5daef), TOBN(0xb22fe40a, 0x67fd62c5),
+     TOBN(0x97e15ba2, 0x157f2db3), TOBN(0xbda2fc8f, 0x8e28ca9c),
+     TOBN(0x5d050da4, 0x37b9f454), TOBN(0x3d57eb57, 0x2379d72e),
+     TOBN(0xe9b5eba2, 0xfb5ee997), TOBN(0x01648ca2, 0xe11538ca),
+     TOBN(0x32bb76f6, 0xf6327974), TOBN(0x338f14b8, 0xff3f4bb7),
+     TOBN(0x524d226a, 0xd7ab9a2d), TOBN(0x9c00090d, 0x7dfae958),
+     TOBN(0x0ba5f539, 0x8751d8c2), TOBN(0x8afcbcdd, 0x3ab8262d),
+     TOBN(0x57392729, 0xe99d043b), TOBN(0xef51263b, 0xaebc943a),
+     TOBN(0x9feace93, 0x20862935), TOBN(0x639efc03, 0xb06c817b),
+     TOBN(0x1fe054b3, 0x66b4be7a), TOBN(0x3f25a9de, 0x84a37a1e),
+     TOBN(0xf39ef1ad, 0x78d75cd9), TOBN(0xd7b58f49, 0x5062c1b5),
+     TOBN(0x6f74f9a9, 0xff563436), TOBN(0xf718ff29, 0xe8af51e7),
+     TOBN(0x5234d313, 0x15e97fec), TOBN(0xb6a8e2b1, 0x292f1c0a),
+     TOBN(0xa7f53aa8, 0x327720c1), TOBN(0x956ca322, 0xba092cc8),
+     TOBN(0x8f03d64a, 0x28746c4d), TOBN(0x51fe1782, 0x66d0d392),
+     TOBN(0xd19b34db, 0x3c832c80), TOBN(0x60dccc5c, 0x6da2e3b4),
+     TOBN(0x245dd62e, 0x0a104ccc), TOBN(0xa7ab1de1, 0x620b21fd),
+     TOBN(0xb293ae0b, 0x3893d123), TOBN(0xf7b75783, 0xb15ee71c),
+     TOBN(0x5aa3c614, 0x42a9468b), TOBN(0xd686123c, 0xdb15d744),
+     TOBN(0x8c616891, 0xa7ab4116), TOBN(0x6fcd72c8, 0xa4e6a459),
+     TOBN(0xac219110, 0x77e5fad7), TOBN(0xfb6a20e7, 0x704fa46b),
+     TOBN(0xe839be7d, 0x341d81dc), TOBN(0xcddb6889, 0x32148379),
+     TOBN(0xda6211a1, 0xf7026ead), TOBN(0xf3b2575f, 0xf4d1cc5e),
+     TOBN(0x40cfc8f6, 0xa7a73ae6), TOBN(0x83879a5e, 0x61d5b483),
+     TOBN(0xc5acb1ed, 0x41a50ebc), TOBN(0x59a60cc8, 0x3c07d8fa),
+     TOBN(0x1b73bdce, 0xb1876262), TOBN(0x2b0d79f0, 0x12af4ee9),
+     TOBN(0x8bcf3b0b, 0xd46e1d07), TOBN(0x17d6af9d, 0xe45d152f),
+     TOBN(0x73520461, 0x6d736451), TOBN(0x43cbbd97, 0x56b0bf5a),
+     TOBN(0xb0833a5b, 0xd5999b9d), TOBN(0x702614f0, 0xeb72e398),
+     TOBN(0x0aadf01a, 0x59c3e9f8), TOBN(0x40200e77, 0xce6b3d16),
+     TOBN(0xda22bdd3, 0xdeddafad), TOBN(0x76dedaf4, 0x310d72e1),
+     TOBN(0x49ef807c, 0x4bc2e88f), TOBN(0x6ba81291, 0x146dd5a5),
+     TOBN(0xa1a4077a, 0x7d8d59e9), TOBN(0x87b6a2e7, 0x802db349),
+     TOBN(0xd5679997, 0x1b4e598e), TOBN(0xf499ef1f, 0x06fe4b1d),
+     TOBN(0x3978d3ae, 0xfcb267c5), TOBN(0xb582b557, 0x235786d0),
+     TOBN(0x32b3b2ca, 0x1715cb07), TOBN(0x4c3de6a2, 0x8480241d),
+     TOBN(0x63b5ffed, 0xcb571ecd), TOBN(0xeaf53900, 0xed2fe9a9),
+     TOBN(0xdec98d4a, 0xc3b81990), TOBN(0x1cb83722, 0x9e0cc8fe),
+     TOBN(0xfe0b0491, 0xd2b427b9), TOBN(0x0f2386ac, 0xe983a66c),
+     TOBN(0x930c4d1e, 0xb3291213), TOBN(0xa2f82b2e, 0x59a62ae4),
+     TOBN(0x77233853, 0xf93e89e3), TOBN(0x7f8063ac, 0x11777c7f),
+     TOBN(0xff0eb567, 0x59ad2877), TOBN(0x6f454642, 0x9865c754),
+     TOBN(0xe6fe701a, 0x236e9a84), TOBN(0xc586ef16, 0x06e40fc3),
+     TOBN(0x3f62b6e0, 0x24bafad9), TOBN(0xc8b42bd2, 0x64da906a),
+     TOBN(0xc98e1eb4, 0xda3276a0), TOBN(0x30d0e5fc, 0x06cbf852),
+     TOBN(0x1b6b2ae1, 0xe8b4dfd4), TOBN(0xd754d5c7, 0x8301cbac),
+     TOBN(0x66097629, 0x112a39ac), TOBN(0xf86b5999, 0x93ba4ab9),
+     TOBN(0x26c9dea7, 0x99f9d581), TOBN(0x0473b1a8, 0xc2fafeaa),
+     TOBN(0x1469af55, 0x3b2505a5), TOBN(0x227d16d7, 0xd6a43323),
+     TOBN(0x3316f73c, 0xad3d97f9), TOBN(0x52bf3bb5, 0x1f137455),
+     TOBN(0x953eafeb, 0x09954e7c), TOBN(0xa721dfed, 0xdd732411),
+     TOBN(0xb4929821, 0x141d4579), TOBN(0x3411321c, 0xaa3bd435),
+     TOBN(0xafb355aa, 0x17fa6015), TOBN(0xb4e7ef4a, 0x18e42f0e),
+     TOBN(0x604ac97c, 0x59371000), TOBN(0xe1c48c70, 0x7f759c18),
+     TOBN(0x3f62ecc5, 0xa5db6b65), TOBN(0x0a78b173, 0x38a21495),
+     TOBN(0x6be1819d, 0xbcc8ad94), TOBN(0x70dc04f6, 0xd89c3400),
+     TOBN(0x462557b4, 0xa6b4840a), TOBN(0x544c6ade, 0x60bd21c0),
+     TOBN(0x6a00f24e, 0x907a544b), TOBN(0xa7520dcb, 0x313da210),
+     TOBN(0xfe939b75, 0x11e4994b), TOBN(0x918b6ba6, 0xbc275d70),
+     TOBN(0xd3e5e0fc, 0x644be892), TOBN(0x707a9816, 0xfdaf6c42),
+     TOBN(0x60145567, 0xf15c13fe), TOBN(0x4818ebaa, 0xe130a54a),
+     TOBN(0x28aad3ad, 0x58d2f767), TOBN(0xdc5267fd, 0xd7e7c773),
+     TOBN(0x4919cc88, 0xc3afcc98), TOBN(0xaa2e6ab0, 0x2db8cd4b),
+     TOBN(0xd46fec04, 0xd0c63eaa), TOBN(0xa1cb92c5, 0x19ffa832),
+     TOBN(0x678dd178, 0xe43a631f), TOBN(0xfb5ae1cd, 0x3dc788b3),
+     TOBN(0x68b4fb90, 0x6e77de04), TOBN(0x7992bcf0, 0xf06dbb97),
+     TOBN(0x896e6a13, 0xc417c01d), TOBN(0x8d96332c, 0xb956be01),
+     TOBN(0x902fc93a, 0x413aa2b9), TOBN(0x99a4d915, 0xfc98c8a5),
+     TOBN(0x52c29407, 0x565f1137), TOBN(0x4072690f, 0x21e4f281),
+     TOBN(0x36e607cf, 0x02ff6072), TOBN(0xa47d2ca9, 0x8ad98cdc),
+     TOBN(0xbf471d1e, 0xf5f56609), TOBN(0xbcf86623, 0xf264ada0),
+     TOBN(0xb70c0687, 0xaa9e5cb6), TOBN(0xc98124f2, 0x17401c6c),
+     TOBN(0x8189635f, 0xd4a61435), TOBN(0xd28fb8af, 0xa9d98ea6),
+     TOBN(0xb9a67c2a, 0x40c251f8), TOBN(0x88cd5d87, 0xa2da44be),
+     TOBN(0x437deb96, 0xe09b5423), TOBN(0x150467db, 0x64287dc1),
+     TOBN(0xe161debb, 0xcdabb839), TOBN(0xa79e9742, 0xf1839a3e),
+     TOBN(0xbb8dd3c2, 0x652d202b), TOBN(0x7b3e67f7, 0xe9f97d96),
+     TOBN(0x5aa5d78f, 0xb1cb6ac9), TOBN(0xffa13e8e, 0xca1d0d45),
+     TOBN(0x369295dd, 0x2ba5bf95), TOBN(0xd68bd1f8, 0x39aff05e),
+     TOBN(0xaf0d86f9, 0x26d783f2), TOBN(0x543a59b3, 0xfc3aafc1),
+     TOBN(0x3fcf81d2, 0x7b7da97c), TOBN(0xc990a056, 0xd25dee46),
+     TOBN(0x3e6775b8, 0x519cce2c), TOBN(0xfc9af71f, 0xae13d863),
+     TOBN(0x774a4a6f, 0x47c1605c), TOBN(0x46ba4245, 0x2fd205e8),
+     TOBN(0xa06feea4, 0xd3fd524d), TOBN(0x1e724641, 0x6de1acc2),
+     TOBN(0xf53816f1, 0x334e2b42), TOBN(0x49e5918e, 0x922f0024),
+     TOBN(0x439530b6, 0x65c7322d), TOBN(0xcf12cc01, 0xb3c1b3fb),
+     TOBN(0xc70b0186, 0x0172f685), TOBN(0xb915ee22, 0x1b58391d),
+     TOBN(0x9afdf03b, 0xa317db24), TOBN(0x87dec659, 0x17b8ffc4),
+     TOBN(0x7f46597b, 0xe4d3d050), TOBN(0x80a1c1ed, 0x006500e7),
+     TOBN(0x84902a96, 0x78bf030e), TOBN(0xfb5e9c9a, 0x50560148),
+     TOBN(0x6dae0a92, 0x63362426), TOBN(0xdcaeecf4, 0xa9e30c40),
+     TOBN(0xc0d887bb, 0x518d0c6b), TOBN(0x99181152, 0xcb985b9d),
+     TOBN(0xad186898, 0xef7bc381), TOBN(0x18168ffb, 0x9ee46201),
+     TOBN(0x9a04cdaa, 0x2502753c), TOBN(0xbb279e26, 0x51407c41),
+     TOBN(0xeacb03aa, 0xf23564e5), TOBN(0x18336582, 0x71e61016),
+     TOBN(0x8684b8c4, 0xeb809877), TOBN(0xb336e18d, 0xea0e672e),
+     TOBN(0xefb601f0, 0x34ee5867), TOBN(0x2733edbe, 0x1341cfd1),
+     TOBN(0xb15e809a, 0x26025c3c), TOBN(0xe6e981a6, 0x9350df88),
+     TOBN(0x92376237, 0x8502fd8e), TOBN(0x4791f216, 0x0c12be9b),
+     TOBN(0xb7256789, 0x25f02425), TOBN(0xec863194, 0x7a974443),
+     TOBN(0x7c0ce882, 0xfb41cc52), TOBN(0xc266ff7e, 0xf25c07f2),
+     TOBN(0x3d4da8c3, 0x017025f3), TOBN(0xefcf628c, 0xfb9579b4),
+     TOBN(0x5c4d0016, 0x1f3716ec), TOBN(0x9c27ebc4, 0x6801116e),
+     TOBN(0x5eba0ea1, 0x1da1767e), TOBN(0xfe151452, 0x47004c57),
+     TOBN(0x3ace6df6, 0x8c2373b7), TOBN(0x75c3dffe, 0x5dbc37ac),
+     TOBN(0x3dc32a73, 0xddc925fc), TOBN(0xb679c841, 0x2f65ee0b),
+     TOBN(0x715a3295, 0x451cbfeb), TOBN(0xd9889768, 0xf76e9a29),
+     TOBN(0xec20ce7f, 0xb28ad247), TOBN(0xe99146c4, 0x00894d79),
+     TOBN(0x71457d7c, 0x9f5e3ea7), TOBN(0x097b2662, 0x38030031),
+     TOBN(0xdb7f6ae6, 0xcf9f82a8), TOBN(0x319decb9, 0x438f473a),
+     TOBN(0xa63ab386, 0x283856c3), TOBN(0x13e3172f, 0xb06a361b),
+     TOBN(0x2959f8dc, 0x7d5a006c), TOBN(0x2dbc27c6, 0x75fba752),
+     TOBN(0xc1227ab2, 0x87c22c9e), TOBN(0x06f61f75, 0x71a268b2),
+     TOBN(0x1b6bb971, 0x04779ce2), TOBN(0xaca83812, 0x0aadcb1d),
+     TOBN(0x297ae0bc, 0xaeaab2d5), TOBN(0xa5c14ee7, 0x5bfb9f13),
+     TOBN(0xaa00c583, 0xf17a62c7), TOBN(0x39eb962c, 0x173759f6),
+     TOBN(0x1eeba1d4, 0x86c9a88f), TOBN(0x0ab6c37a, 0xdf016c5e),
+     TOBN(0xa2a147db, 0xa28a0749), TOBN(0x246c20d6, 0xee519165),
+     TOBN(0x5068d1b1, 0xd3810715), TOBN(0xb1e7018c, 0x748160b9),
+     TOBN(0x03f5b1fa, 0xf380ff62), TOBN(0xef7fb1dd, 0xf3cb2c1e),
+     TOBN(0xeab539a8, 0xfc91a7da), TOBN(0x83ddb707, 0xf3f9b561),
+     TOBN(0xc550e211, 0xfe7df7a4), TOBN(0xa7cd07f2, 0x063f6f40),
+     TOBN(0xb0de3635, 0x2976879c), TOBN(0xb5f83f85, 0xe55741da),
+     TOBN(0x4ea9d25e, 0xf3d8ac3d), TOBN(0x6fe2066f, 0x62819f02),
+     TOBN(0x4ab2b9c2, 0xcef4a564), TOBN(0x1e155d96, 0x5ffa2de3),
+     TOBN(0x0eb0a19b, 0xc3a72d00), TOBN(0x4037665b, 0x8513c31b),
+     TOBN(0x2fb2b6bf, 0x04c64637), TOBN(0x45c34d6e, 0x08cdc639),
+     TOBN(0x56f1e10f, 0xf01fd796), TOBN(0x4dfb8101, 0xfe3667b8),
+     TOBN(0xe0eda253, 0x9021d0c0), TOBN(0x7a94e9ff, 0x8a06c6ab),
+     TOBN(0x2d3bb0d9, 0xbb9aa882), TOBN(0xea20e4e5, 0xec05fd10),
+     TOBN(0xed7eeb5f, 0x1a1ca64e), TOBN(0x2fa6b43c, 0xc6327cbd),
+     TOBN(0xb577e3cf, 0x3aa91121), TOBN(0x8c6bd5ea, 0x3a34079b),
+     TOBN(0xd7e5ba39, 0x60e02fc0), TOBN(0xf16dd2c3, 0x90141bf8),
+     TOBN(0xb57276d9, 0x80101b98), TOBN(0x760883fd, 0xb82f0f66),
+     TOBN(0x89d7de75, 0x4bc3eff3), TOBN(0x03b60643, 0x5dc2ab40),
+     TOBN(0xcd6e53df, 0xe05beeac), TOBN(0xf2f1e862, 0xbc3325cd),
+     TOBN(0xdd0f7921, 0x774f03c3), TOBN(0x97ca7221, 0x4552cc1b),
+     TOBN(0x5a0d6afe, 0x1cd19f72), TOBN(0xa20915dc, 0xf183fbeb),
+     TOBN(0x9fda4b40, 0x832c403c), TOBN(0x32738edd, 0xbe425442),
+     TOBN(0x469a1df6, 0xb5eccf1a), TOBN(0x4b5aff42, 0x28bbe1f0),
+     TOBN(0x31359d7f, 0x570dfc93), TOBN(0xa18be235, 0xf0088628),
+     TOBN(0xa5b30fba, 0xb00ed3a9), TOBN(0x34c61374, 0x73cdf8be),
+     TOBN(0x2c5c5f46, 0xabc56797), TOBN(0x5cecf93d, 0xb82a8ae2),
+     TOBN(0x7d3dbe41, 0xa968fbf0), TOBN(0xd23d4583, 0x1a5c7f3d),
+     TOBN(0xf28f69a0, 0xc087a9c7), TOBN(0xc2d75471, 0x474471ca),
+     TOBN(0x36ec9f4a, 0x4eb732ec), TOBN(0x6c943bbd, 0xb1ca6bed),
+     TOBN(0xd64535e1, 0xf2457892), TOBN(0x8b84a8ea, 0xf7e2ac06),
+     TOBN(0xe0936cd3, 0x2499dd5f), TOBN(0x12053d7e, 0x0ed04e57),
+     TOBN(0x4bdd0076, 0xe4305d9d), TOBN(0x34a527b9, 0x1f67f0a2),
+     TOBN(0xe79a4af0, 0x9cec46ea), TOBN(0xb15347a1, 0x658b9bc7),
+     TOBN(0x6bd2796f, 0x35af2f75), TOBN(0xac957990, 0x4051c435),
+     TOBN(0x2669dda3, 0xc33a655d), TOBN(0x5d503c2e, 0x88514aa3),
+     TOBN(0xdfa11337, 0x3753dd41), TOBN(0x3f054673, 0x0b754f78),
+     TOBN(0xbf185677, 0x496125bd), TOBN(0xfb0023c8, 0x3775006c),
+     TOBN(0xfa0f072f, 0x3a037899), TOBN(0x4222b6eb, 0x0e4aea57),
+     TOBN(0x3dde5e76, 0x7866d25a), TOBN(0xb6eb04f8, 0x4837aa6f),
+     TOBN(0x5315591a, 0x2cf1cdb8), TOBN(0x6dfb4f41, 0x2d4e683c),
+     TOBN(0x7e923ea4, 0x48ee1f3a), TOBN(0x9604d9f7, 0x05a2afd5),
+     TOBN(0xbe1d4a33, 0x40ea4948), TOBN(0x5b45f1f4, 0xb44cbd2f),
+     TOBN(0x5faf8376, 0x4acc757e), TOBN(0xa7cf9ab8, 0x63d68ff7),
+     TOBN(0x8ad62f69, 0xdf0e404b), TOBN(0xd65f33c2, 0x12bdafdf),
+     TOBN(0xc365de15, 0xa377b14e), TOBN(0x6bf5463b, 0x8e39f60c),
+     TOBN(0x62030d2d, 0x2ce68148), TOBN(0xd95867ef, 0xe6f843a8),
+     TOBN(0xd39a0244, 0xef5ab017), TOBN(0x0bd2d8c1, 0x4ab55d12),
+     TOBN(0xc9503db3, 0x41639169), TOBN(0x2d4e25b0, 0xf7660c8a),
+     TOBN(0x760cb3b5, 0xe224c5d7), TOBN(0xfa3baf8c, 0x68616919),
+     TOBN(0x9fbca113, 0x8d142552), TOBN(0x1ab18bf1, 0x7669ebf5),
+     TOBN(0x55e6f53e, 0x9bdf25dd), TOBN(0x04cc0bf3, 0xcb6cd154),
+     TOBN(0x595bef49, 0x95e89080), TOBN(0xfe9459a8, 0x104a9ac1),
+     TOBN(0xad2d89ca, 0xcce9bb32), TOBN(0xddea65e1, 0xf7de8285),
+     TOBN(0x62ed8c35, 0xb351bd4b), TOBN(0x4150ff36, 0x0c0e19a7),
+     TOBN(0x86e3c801, 0x345f4e47), TOBN(0x3bf21f71, 0x203a266c),
+     TOBN(0x7ae110d4, 0x855b1f13), TOBN(0x5d6aaf6a, 0x07262517),
+     TOBN(0x1e0f12e1, 0x813d28f1), TOBN(0x6000e11d, 0x7ad7a523),
+     TOBN(0xc7d8deef, 0xc744a17b), TOBN(0x1e990b48, 0x14c05a00),
+     TOBN(0x68fddaee, 0x93e976d5), TOBN(0x696241d1, 0x46610d63),
+     TOBN(0xb204e7c3, 0x893dda88), TOBN(0x8bccfa65, 0x6a3a6946),
+     TOBN(0xb59425b4, 0xc5cd1411), TOBN(0x701b4042, 0xff3658b1),
+     TOBN(0xe3e56bca, 0x4784cf93), TOBN(0x27de5f15, 0x8fe68d60),
+     TOBN(0x4ab9cfce, 0xf8d53f19), TOBN(0xddb10311, 0xa40a730d),
+     TOBN(0x6fa73cd1, 0x4eee0a8a), TOBN(0xfd548748, 0x5249719d),
+     TOBN(0x49d66316, 0xa8123ef0), TOBN(0x73c32db4, 0xe7f95438),
+     TOBN(0x2e2ed209, 0x0d9e7854), TOBN(0xf98a9329, 0x9d9f0507),
+     TOBN(0xc5d33cf6, 0x0c6aa20a), TOBN(0x9a32ba14, 0x75279bb2),
+     TOBN(0x7e3202cb, 0x774a7307), TOBN(0x64ed4bc4, 0xe8c42dbd),
+     TOBN(0xc20f1a06, 0xd4caed0d), TOBN(0xb8021407, 0x171d22b3),
+     TOBN(0xd426ca04, 0xd13268d7), TOBN(0x92377007, 0x25f4d126),
+     TOBN(0x4204cbc3, 0x71f21a85), TOBN(0x18461b7a, 0xf82369ba),
+     TOBN(0xc0c07d31, 0x3fc858f9), TOBN(0x5deb5a50, 0xe2bab569),
+     TOBN(0xd5959d46, 0xd5eea89e), TOBN(0xfdff8424, 0x08437f4b),
+     TOBN(0xf21071e4, 0x3cfe254f), TOBN(0x72417696, 0x95468321),
+     TOBN(0x5d8288b9, 0x102cae3e), TOBN(0x2d143e3d, 0xf1965dff),
+     TOBN(0x00c9a376, 0xa078d847), TOBN(0x6fc0da31, 0x26028731),
+     TOBN(0xa2baeadf, 0xe45083a2), TOBN(0x66bc7218, 0x5e5b4bcd),
+     TOBN(0x2c826442, 0xd04b8e7f), TOBN(0xc19f5451, 0x6c4b586b),
+     TOBN(0x60182c49, 0x5b7eeed5), TOBN(0xd9954ecd, 0x7aa9dfa1),
+     TOBN(0xa403a8ec, 0xc73884ad), TOBN(0x7fb17de2, 0x9bb39041),
+     TOBN(0x694b64c5, 0xabb020e8), TOBN(0x3d18c184, 0x19c4eec7),
+     TOBN(0x9c4673ef, 0x1c4793e5), TOBN(0xc7b8aeb5, 0x056092e6),
+     TOBN(0x3aa1ca43, 0xf0f8c16b), TOBN(0x224ed5ec, 0xd679b2f6),
+     TOBN(0x0d56eeaf, 0x55a205c9), TOBN(0xbfe115ba, 0x4b8e028b),
+     TOBN(0x97e60849, 0x3927f4fe), TOBN(0xf91fbf94, 0x759aa7c5),
+     TOBN(0x985af769, 0x6be90a51), TOBN(0xc1277b78, 0x78ccb823),
+     TOBN(0x395b656e, 0xe7a75952), TOBN(0x00df7de0, 0x928da5f5),
+     TOBN(0x09c23175, 0x4ca4454f), TOBN(0x4ec971f4, 0x7aa2d3c1),
+     TOBN(0x45c3c507, 0xe75d9ccc), TOBN(0x63b7be8a, 0x3dc90306),
+     TOBN(0x37e09c66, 0x5db44bdc), TOBN(0x50d60da1, 0x6841c6a2),
+     TOBN(0x6f9b65ee, 0x08df1b12), TOBN(0x38734879, 0x7ff089df),
+     TOBN(0x9c331a66, 0x3fe8013d), TOBN(0x017f5de9, 0x5f42fcc8),
+     TOBN(0x43077866, 0xe8e57567), TOBN(0xc9f781ce, 0xf9fcdb18),
+     TOBN(0x38131dda, 0x9b12e174), TOBN(0x25d84aa3, 0x8a03752a),
+     TOBN(0x45e09e09, 0x4d0c0ce2), TOBN(0x1564008b, 0x92bebba5),
+     TOBN(0xf7e8ad31, 0xa87284c7), TOBN(0xb7c4b46c, 0x97e7bbaa),
+     TOBN(0x3e22a7b3, 0x97acf4ec), TOBN(0x0426c400, 0x5ea8b640),
+     TOBN(0x5e3295a6, 0x4e969285), TOBN(0x22aabc59, 0xa6a45670),
+     TOBN(0xb929714c, 0x5f5942bc), TOBN(0x9a6168bd, 0xfa3182ed),
+     TOBN(0x2216a665, 0x104152ba), TOBN(0x46908d03, 0xb6926368)}
+    ,
+    {TOBN(0xa9f5d874, 0x5a1251fb), TOBN(0x967747a8, 0xc72725c7),
+     TOBN(0x195c33e5, 0x31ffe89e), TOBN(0x609d210f, 0xe964935e),
+     TOBN(0xcafd6ca8, 0x2fe12227), TOBN(0xaf9b5b96, 0x0426469d),
+     TOBN(0x2e9ee04c, 0x5693183c), TOBN(0x1084a333, 0xc8146fef),
+     TOBN(0x96649933, 0xaed1d1f7), TOBN(0x566eaff3, 0x50563090),
+     TOBN(0x345057f0, 0xad2e39cf), TOBN(0x148ff65b, 0x1f832124),
+     TOBN(0x042e89d4, 0xcf94cf0d), TOBN(0x319bec84, 0x520c58b3),
+     TOBN(0x2a267626, 0x5361aa0d), TOBN(0xc86fa302, 0x8fbc87ad),
+     TOBN(0xfc83d2ab, 0x5c8b06d5), TOBN(0xb1a785a2, 0xfe4eac46),
+     TOBN(0xb99315bc, 0x846f7779), TOBN(0xcf31d816, 0xef9ea505),
+     TOBN(0x2391fe6a, 0x15d7dc85), TOBN(0x2f132b04, 0xb4016b33),
+     TOBN(0x29547fe3, 0x181cb4c7), TOBN(0xdb66d8a6, 0x650155a1),
+     TOBN(0x6b66d7e1, 0xadc1696f), TOBN(0x98ebe593, 0x0acd72d0),
+     TOBN(0x65f24550, 0xcc1b7435), TOBN(0xce231393, 0xb4b9a5ec),
+     TOBN(0x234a22d4, 0xdb067df9), TOBN(0x98dda095, 0xcaff9b00),
+     TOBN(0x1bbc75a0, 0x6100c9c1), TOBN(0x1560a9c8, 0x939cf695),
+     TOBN(0xcf006d3e, 0x99e0925f), TOBN(0x2dd74a96, 0x6322375a),
+     TOBN(0xc58b446a, 0xb56af5ba), TOBN(0x50292683, 0xe0b9b4f1),
+     TOBN(0xe2c34cb4, 0x1aeaffa3), TOBN(0x8b17203f, 0x9b9587c1),
+     TOBN(0x6d559207, 0xead1350c), TOBN(0x2b66a215, 0xfb7f9604),
+     TOBN(0x0850325e, 0xfe51bf74), TOBN(0x9c4f579e, 0x5e460094),
+     TOBN(0x5c87b92a, 0x76da2f25), TOBN(0x889de4e0, 0x6febef33),
+     TOBN(0x6900ec06, 0x646083ce), TOBN(0xbe2a0335, 0xbfe12773),
+     TOBN(0xadd1da35, 0xc5344110), TOBN(0x757568b7, 0xb802cd20),
+     TOBN(0x75559779, 0x00f7e6c8), TOBN(0x38e8b94f, 0x0facd2f0),
+     TOBN(0xfea1f3af, 0x03fde375), TOBN(0x5e11a1d8, 0x75881dfc),
+     TOBN(0xb3a6b02e, 0xc1e2f2ef), TOBN(0x193d2bbb, 0xc605a6c5),
+     TOBN(0x325ffeee, 0x339a0b2d), TOBN(0x27b6a724, 0x9e0c8846),
+     TOBN(0xe4050f1c, 0xf1c367ca), TOBN(0x9bc85a9b, 0xc90fbc7d),
+     TOBN(0xa373c4a2, 0xe1a11032), TOBN(0xb64232b7, 0xad0393a9),
+     TOBN(0xf5577eb0, 0x167dad29), TOBN(0x1604f301, 0x94b78ab2),
+     TOBN(0x0baa94af, 0xe829348b), TOBN(0x77fbd8dd, 0x41654342),
+     TOBN(0xdab50ea5, 0xb964e39a), TOBN(0xd4c29e3c, 0xd0d3c76e),
+     TOBN(0x80dae67c, 0x56d11964), TOBN(0x7307a8bf, 0xe5ffcc2f),
+     TOBN(0x65bbc1aa, 0x91708c3b), TOBN(0xa151e62c, 0x28bf0eeb),
+     TOBN(0x6cb53381, 0x6fa34db7), TOBN(0x5139e05c, 0xa29403a8),
+     TOBN(0x6ff651b4, 0x94a7cd2e), TOBN(0x5671ffd1, 0x0699336c),
+     TOBN(0x6f5fd2cc, 0x979a896a), TOBN(0x11e893a8, 0xd8148cef),
+     TOBN(0x988906a1, 0x65cf7b10), TOBN(0x81b67178, 0xc50d8485),
+     TOBN(0x7c0deb35, 0x8a35b3de), TOBN(0x423ac855, 0xc1d29799),
+     TOBN(0xaf580d87, 0xdac50b74), TOBN(0x28b2b89f, 0x5869734c),
+     TOBN(0x99a3b936, 0x874e28fb), TOBN(0xbb2c9190, 0x25f3f73a),
+     TOBN(0x199f6918, 0x84a9d5b7), TOBN(0x7ebe2325, 0x7e770374),
+     TOBN(0xf442e107, 0x0738efe2), TOBN(0xcf9f3f56, 0xcf9082d2),
+     TOBN(0x719f69e1, 0x09618708), TOBN(0xcc9e8364, 0xc183f9b1),
+     TOBN(0xec203a95, 0x366a21af), TOBN(0x6aec5d6d, 0x068b141f),
+     TOBN(0xee2df78a, 0x994f04e9), TOBN(0xb39ccae8, 0x271245b0),
+     TOBN(0xb875a4a9, 0x97e43f4f), TOBN(0x507dfe11, 0xdb2cea98),
+     TOBN(0x4fbf81cb, 0x489b03e9), TOBN(0xdb86ec5b, 0x6ec414fa),
+     TOBN(0xfad444f9, 0xf51b3ae5), TOBN(0xca7d33d6, 0x1914e3fe),
+     TOBN(0xa9c32f5c, 0x0ae6c4d0), TOBN(0xa9ca1d1e, 0x73969568),
+     TOBN(0x98043c31, 0x1aa7467e), TOBN(0xe832e75c, 0xe21b5ac6),
+     TOBN(0x314b7aea, 0x5232123d), TOBN(0x08307c8c, 0x65ae86db),
+     TOBN(0x06e7165c, 0xaa4668ed), TOBN(0xb170458b, 0xb4d3ec39),
+     TOBN(0x4d2e3ec6, 0xc19bb986), TOBN(0xc5f34846, 0xae0304ed),
+     TOBN(0x917695a0, 0x6c9f9722), TOBN(0x6c7f7317, 0x4cab1c0a),
+     TOBN(0x6295940e, 0x9d6d2e8b), TOBN(0xd318b8c1, 0x549f7c97),
+     TOBN(0x22453204, 0x97713885), TOBN(0x468d834b, 0xa8a440fe),
+     TOBN(0xd81fe5b2, 0xbfba796e), TOBN(0x152364db, 0x6d71f116),
+     TOBN(0xbb8c7c59, 0xb5b66e53), TOBN(0x0b12c61b, 0x2641a192),
+     TOBN(0x31f14802, 0xfcf0a7fd), TOBN(0x42fd0789, 0x5488b01e),
+     TOBN(0x71d78d6d, 0x9952b498), TOBN(0x8eb572d9, 0x07ac5201),
+     TOBN(0xe0a2a44c, 0x4d194a88), TOBN(0xd2b63fd9, 0xba017e66),
+     TOBN(0x78efc6c8, 0xf888aefc), TOBN(0xb76f6bda, 0x4a881a11),
+     TOBN(0x187f314b, 0xb46c2397), TOBN(0x004cf566, 0x5ded2819),
+     TOBN(0xa9ea5704, 0x38764d34), TOBN(0xbba45217, 0x78084709),
+     TOBN(0x06474571, 0x1171121e), TOBN(0xad7b7eb1, 0xe7c9b671),
+     TOBN(0xdacfbc40, 0x730f7507), TOBN(0x178cd8c6, 0xc7ad7bd1),
+     TOBN(0xbf0be101, 0xb2a67238), TOBN(0x3556d367, 0xaf9c14f2),
+     TOBN(0x104b7831, 0xa5662075), TOBN(0x58ca59bb, 0x79d9e60a),
+     TOBN(0x4bc45392, 0xa569a73b), TOBN(0x517a52e8, 0x5698f6c9),
+     TOBN(0x85643da5, 0xaeadd755), TOBN(0x1aed0cd5, 0x2a581b84),
+     TOBN(0xb9b4ff84, 0x80af1372), TOBN(0x244c3113, 0xf1ba5d1f),
+     TOBN(0x2a5dacbe, 0xf5f98d31), TOBN(0x2c3323e8, 0x4375bc2a),
+     TOBN(0x17a3ab4a, 0x5594b1dd), TOBN(0xa1928bfb, 0xceb4797e),
+     TOBN(0xe83af245, 0xe4886a19), TOBN(0x8979d546, 0x72b5a74a),
+     TOBN(0xa0f726bc, 0x19f9e967), TOBN(0xd9d03152, 0xe8fbbf4e),
+     TOBN(0xcfd6f51d, 0xb7707d40), TOBN(0x633084d9, 0x63f6e6e0),
+     TOBN(0xedcd9cdc, 0x55667eaf), TOBN(0x73b7f92b, 0x2e44d56f),
+     TOBN(0xfb2e39b6, 0x4e962b14), TOBN(0x7d408f6e, 0xf671fcbf),
+     TOBN(0xcc634ddc, 0x164a89bb), TOBN(0x74a42bb2, 0x3ef3bd05),
+     TOBN(0x1280dbb2, 0x428decbb), TOBN(0x6103f6bb, 0x402c8596),
+     TOBN(0xfa2bf581, 0x355a5752), TOBN(0x562f96a8, 0x00946674),
+     TOBN(0x4e4ca16d, 0x6da0223b), TOBN(0xfe47819f, 0x28d3aa25),
+     TOBN(0x9eea3075, 0xf8dfcf8a), TOBN(0xa284f0aa, 0x95669825),
+     TOBN(0xb3fca250, 0x867d3fd8), TOBN(0x20757b5f, 0x269d691e),
+     TOBN(0xf2c24020, 0x93b8a5de), TOBN(0xd3f93359, 0xebc06da6),
+     TOBN(0x1178293e, 0xb2739c33), TOBN(0xd2a3e770, 0xbcd686e5),
+     TOBN(0xa76f49f4, 0xcd941534), TOBN(0x0d37406b, 0xe3c71c0e),
+     TOBN(0x172d9397, 0x3b97f7e3), TOBN(0xec17e239, 0xbd7fd0de),
+     TOBN(0xe3290551, 0x6f496ba2), TOBN(0x6a693172, 0x36ad50e7),
+     TOBN(0xc4e539a2, 0x83e7eff5), TOBN(0x752737e7, 0x18e1b4cf),
+     TOBN(0xa2f7932c, 0x68af43ee), TOBN(0x5502468e, 0x703d00bd),
+     TOBN(0xe5dc978f, 0x2fb061f5), TOBN(0xc9a1904a, 0x28c815ad),
+     TOBN(0xd3af538d, 0x470c56a4), TOBN(0x159abc5f, 0x193d8ced),
+     TOBN(0x2a37245f, 0x20108ef3), TOBN(0xfa17081e, 0x223f7178),
+     TOBN(0x27b0fb2b, 0x10c8c0f5), TOBN(0x2102c3ea, 0x40650547),
+     TOBN(0x594564df, 0x8ac3bfa7), TOBN(0x98102033, 0x509dad96),
+     TOBN(0x6989643f, 0xf1d18a13), TOBN(0x35eebd91, 0xd7fc5af0),
+     TOBN(0x078d096a, 0xfaeaafd8), TOBN(0xb7a89341, 0xdef3de98),
+     TOBN(0x2a206e8d, 0xecf2a73a), TOBN(0x066a6397, 0x8e551994),
+     TOBN(0x3a6a088a, 0xb98d53a2), TOBN(0x0ce7c67c, 0x2d1124aa),
+     TOBN(0x48cec671, 0x759a113c), TOBN(0xe3b373d3, 0x4f6f67fa),
+     TOBN(0x5455d479, 0xfd36727b), TOBN(0xe5a428ee, 0xa13c0d81),
+     TOBN(0xb853dbc8, 0x1c86682b), TOBN(0xb78d2727, 0xb8d02b2a),
+     TOBN(0xaaf69bed, 0x8ebc329a), TOBN(0xdb6b40b3, 0x293b2148),
+     TOBN(0xe42ea77d, 0xb8c4961f), TOBN(0xb1a12f7c, 0x20e5e0ab),
+     TOBN(0xa0ec5274, 0x79e8b05e), TOBN(0x68027391, 0xfab60a80),
+     TOBN(0x6bfeea5f, 0x16b1bd5e), TOBN(0xf957e420, 0x4de30ad3),
+     TOBN(0xcbaf664e, 0x6a353b9e), TOBN(0x5c873312, 0x26d14feb),
+     TOBN(0x4e87f98c, 0xb65f57cb), TOBN(0xdb60a621, 0x5e0cdd41),
+     TOBN(0x67c16865, 0xa6881440), TOBN(0x1093ef1a, 0x46ab52aa),
+     TOBN(0xc095afb5, 0x3f4ece64), TOBN(0x6a6bb02e, 0x7604551a),
+     TOBN(0x55d44b4e, 0x0b26b8cd), TOBN(0xe5f9a999, 0xf971268a),
+     TOBN(0xc08ec425, 0x11a7de84), TOBN(0x83568095, 0xfda469dd),
+     TOBN(0x737bfba1, 0x6c6c90a2), TOBN(0x1cb9c4a0, 0xbe229831),
+     TOBN(0x93bccbba, 0xbb2eec64), TOBN(0xa0c23b64, 0xda03adbe),
+     TOBN(0x5f7aa00a, 0xe0e86ac4), TOBN(0x470b941e, 0xfc1401e6),
+     TOBN(0x5ad8d679, 0x9df43574), TOBN(0x4ccfb8a9, 0x0f65d810),
+     TOBN(0x1bce80e3, 0xaa7fbd81), TOBN(0x273291ad, 0x9508d20a),
+     TOBN(0xf5c4b46b, 0x42a92806), TOBN(0x810684ec, 0xa86ab44a),
+     TOBN(0x4591640b, 0xca0bc9f8), TOBN(0xb5efcdfc, 0x5c4b6054),
+     TOBN(0x16fc8907, 0x6e9edd12), TOBN(0xe29d0b50, 0xd4d792f9),
+     TOBN(0xa45fd01c, 0x9b03116d), TOBN(0x85035235, 0xc81765a4),
+     TOBN(0x1fe2a9b2, 0xb4b4b67c), TOBN(0xc1d10df0, 0xe8020604),
+     TOBN(0x9d64abfc, 0xbc8058d8), TOBN(0x8943b9b2, 0x712a0fbb),
+     TOBN(0x90eed914, 0x3b3def04), TOBN(0x85ab3aa2, 0x4ce775ff),
+     TOBN(0x605fd4ca, 0x7bbc9040), TOBN(0x8b34a564, 0xe2c75dfb),
+     TOBN(0x41ffc94a, 0x10358560), TOBN(0x2d8a5072, 0x9e5c28aa),
+     TOBN(0xe915a0fc, 0x4cc7eb15), TOBN(0xe9efab05, 0x8f6d0f5d),
+     TOBN(0xdbab47a9, 0xd19e9b91), TOBN(0x8cfed745, 0x0276154c),
+     TOBN(0x154357ae, 0x2cfede0d), TOBN(0x520630df, 0x19f5a4ef),
+     TOBN(0x25759f7c, 0xe382360f), TOBN(0xb6db05c9, 0x88bf5857),
+     TOBN(0x2917d61d, 0x6c58d46c), TOBN(0x14f8e491, 0xfd20cb7a),
+     TOBN(0xb68a727a, 0x11c20340), TOBN(0x0386f86f, 0xaf7ccbb6),
+     TOBN(0x5c8bc6cc, 0xfee09a20), TOBN(0x7d76ff4a, 0xbb7eea35),
+     TOBN(0xa7bdebe7, 0xdb15be7a), TOBN(0x67a08054, 0xd89f0302),
+     TOBN(0x56bf0ea9, 0xc1193364), TOBN(0xc8244467, 0x62837ebe),
+     TOBN(0x32bd8e8b, 0x20d841b8), TOBN(0x127a0548, 0xdbb8a54f),
+     TOBN(0x83dd4ca6, 0x63b20236), TOBN(0x87714718, 0x203491fa),
+     TOBN(0x4dabcaaa, 0xaa8a5288), TOBN(0x91cc0c8a, 0xaf23a1c9),
+     TOBN(0x34c72c6a, 0x3f220e0c), TOBN(0xbcc20bdf, 0x1232144a),
+     TOBN(0x6e2f42da, 0xa20ede1b), TOBN(0xc441f00c, 0x74a00515),
+     TOBN(0xbf46a5b6, 0x734b8c4b), TOBN(0x57409503, 0x7b56c9a4),
+     TOBN(0x9f735261, 0xe4585d45), TOBN(0x9231faed, 0x6734e642),
+     TOBN(0x1158a176, 0xbe70ee6c), TOBN(0x35f1068d, 0x7c3501bf),
+     TOBN(0x6beef900, 0xa2d26115), TOBN(0x649406f2, 0xef0afee3),
+     TOBN(0x3f43a60a, 0xbc2420a1), TOBN(0x509002a7, 0xd5aee4ac),
+     TOBN(0xb46836a5, 0x3ff3571b), TOBN(0x24f98b78, 0x837927c1),
+     TOBN(0x6254256a, 0x4533c716), TOBN(0xf27abb0b, 0xd07ee196),
+     TOBN(0xd7cf64fc, 0x5c6d5bfd), TOBN(0x6915c751, 0xf0cd7a77),
+     TOBN(0xd9f59012, 0x8798f534), TOBN(0x772b0da8, 0xf81d8b5f),
+     TOBN(0x1244260c, 0x2e03fa69), TOBN(0x36cf0e3a, 0x3be1a374),
+     TOBN(0x6e7c1633, 0xef06b960), TOBN(0xa71a4c55, 0x671f90f6),
+     TOBN(0x7a941251, 0x33c673db), TOBN(0xc0bea510, 0x73e8c131),
+     TOBN(0x61a8a699, 0xd4f6c734), TOBN(0x25e78c88, 0x341ed001),
+     TOBN(0x5c18acf8, 0x8e2f7d90), TOBN(0xfdbf33d7, 0x77be32cd),
+     TOBN(0x0a085cd7, 0xd2eb5ee9), TOBN(0x2d702cfb, 0xb3201115),
+     TOBN(0xb6e0ebdb, 0x85c88ce8), TOBN(0x23a3ce3c, 0x1e01d617),
+     TOBN(0x3041618e, 0x567333ac), TOBN(0x9dd0fd8f, 0x157edb6b),
+     TOBN(0x27f74702, 0xb57872b8), TOBN(0x2ef26b4f, 0x657d5fe1),
+     TOBN(0x95426f0a, 0x57cf3d40), TOBN(0x847e2ad1, 0x65a6067a),
+     TOBN(0xd474d9a0, 0x09996a74), TOBN(0x16a56acd, 0x2a26115c),
+     TOBN(0x02a615c3, 0xd16f4d43), TOBN(0xcc3fc965, 0xaadb85b7),
+     TOBN(0x386bda73, 0xce07d1b0), TOBN(0xd82910c2, 0x58ad4178),
+     TOBN(0x124f82cf, 0xcd2617f4), TOBN(0xcc2f5e8d, 0xef691770),
+     TOBN(0x82702550, 0xb8c30ccc), TOBN(0x7b856aea, 0x1a8e575a),
+     TOBN(0xbb822fef, 0xb1ab9459), TOBN(0x085928bc, 0xec24e38e),
+     TOBN(0x5d0402ec, 0xba8f4b4d), TOBN(0xc07cd4ba, 0x00b4d58b),
+     TOBN(0x5d8dffd5, 0x29227e7a), TOBN(0x61d44d0c, 0x31bf386f),
+     TOBN(0xe486dc2b, 0x135e6f4d), TOBN(0x680962eb, 0xe79410ef),
+     TOBN(0xa61bd343, 0xf10088b5), TOBN(0x6aa76076, 0xe2e28686),
+     TOBN(0x80463d11, 0x8fb98871), TOBN(0xcb26f5c3, 0xbbc76aff),
+     TOBN(0xd4ab8edd, 0xfbe03614), TOBN(0xc8eb579b, 0xc0cf2dee),
+     TOBN(0xcc004c15, 0xc93bae41), TOBN(0x46fbae5d, 0x3aeca3b2),
+     TOBN(0x671235cf, 0x0f1e9ab1), TOBN(0xadfba934, 0x9ec285c1),
+     TOBN(0x88ded013, 0xf216c980), TOBN(0xc8ac4fb8, 0xf79e0bc1),
+     TOBN(0xa29b89c6, 0xfb97a237), TOBN(0xb697b780, 0x9922d8e7),
+     TOBN(0x3142c639, 0xddb945b5), TOBN(0x447b06c7, 0xe094c3a9),
+     TOBN(0xcdcb3642, 0x72266c90), TOBN(0x633aad08, 0xa9385046),
+     TOBN(0xa36c936b, 0xb57c6477), TOBN(0x871f8b64, 0xe94dbcc6),
+     TOBN(0x28d0fb62, 0xa591a67b), TOBN(0x9d40e081, 0xc1d926f5),
+     TOBN(0x3111eaf6, 0xf2d84b5a), TOBN(0x228993f9, 0xa565b644),
+     TOBN(0x0ccbf592, 0x2c83188b), TOBN(0xf87b30ab, 0x3df3e197),
+     TOBN(0xb8658b31, 0x7642bca8), TOBN(0x1a032d7f, 0x52800f17),
+     TOBN(0x051dcae5, 0x79bf9445), TOBN(0xeba6b8ee, 0x54a2e253),
+     TOBN(0x5c8b9cad, 0xd4485692), TOBN(0x84bda40e, 0x8986e9be),
+     TOBN(0xd16d16a4, 0x2f0db448), TOBN(0x8ec80050, 0xa14d4188),
+     TOBN(0xb2b26107, 0x98fa7aaa), TOBN(0x41209ee4, 0xf073aa4e),
+     TOBN(0xf1570359, 0xf2d6b19b), TOBN(0xcbe6868c, 0xfc577caf),
+     TOBN(0x186c4bdc, 0x32c04dd3), TOBN(0xa6c35fae, 0xcfeee397),
+     TOBN(0xb4a1b312, 0xf086c0cf), TOBN(0xe0a5ccc6, 0xd9461fe2),
+     TOBN(0xc32278aa, 0x1536189f), TOBN(0x1126c55f, 0xba6df571),
+     TOBN(0x0f71a602, 0xb194560e), TOBN(0x8b2d7405, 0x324bd6e1),
+     TOBN(0x8481939e, 0x3738be71), TOBN(0xb5090b1a, 0x1a4d97a9),
+     TOBN(0x116c65a3, 0xf05ba915), TOBN(0x21863ad3, 0xaae448aa),
+     TOBN(0xd24e2679, 0xa7aae5d3), TOBN(0x7076013d, 0x0de5c1c4),
+     TOBN(0x2d50f8ba, 0xbb05b629), TOBN(0x73c1abe2, 0x6e66efbb),
+     TOBN(0xefd4b422, 0xf2488af7), TOBN(0xe4105d02, 0x663ba575),
+     TOBN(0x7eb60a8b, 0x53a69457), TOBN(0x62210008, 0xc945973b),
+     TOBN(0xfb255478, 0x77a50ec6), TOBN(0xbf0392f7, 0x0a37a72c),
+     TOBN(0xa0a7a19c, 0x4be18e7a), TOBN(0x90d8ea16, 0x25b1e0af),
+     TOBN(0x7582a293, 0xef953f57), TOBN(0x90a64d05, 0xbdc5465a),
+     TOBN(0xca79c497, 0xe2510717), TOBN(0x560dbb7c, 0x18cb641f),
+     TOBN(0x1d8e3286, 0x4b66abfb), TOBN(0xd26f52e5, 0x59030900),
+     TOBN(0x1ee3f643, 0x5584941a), TOBN(0x6d3b3730, 0x569f5958),
+     TOBN(0x9ff2a62f, 0x4789dba5), TOBN(0x91fcb815, 0x72b5c9b7),
+     TOBN(0xf446cb7d, 0x6c8f9a0e), TOBN(0x48f625c1, 0x39b7ecb5),
+     TOBN(0xbabae801, 0x1c6219b8), TOBN(0xe7a562d9, 0x28ac2f23),
+     TOBN(0xe1b48732, 0x26e20588), TOBN(0x06ee1cad, 0x775af051),
+     TOBN(0xda29ae43, 0xfaff79f7), TOBN(0xc141a412, 0x652ee9e0),
+     TOBN(0x1e127f6f, 0x195f4bd0), TOBN(0x29c6ab4f, 0x072f34f8),
+     TOBN(0x7b7c1477, 0x30448112), TOBN(0x82b51af1, 0xe4a38656),
+     TOBN(0x2bf2028a, 0x2f315010), TOBN(0xc9a4a01f, 0x6ea88cd4),
+     TOBN(0xf63e95d8, 0x257e5818), TOBN(0xdd8efa10, 0xb4519b16),
+     TOBN(0xed8973e0, 0x0da910bf), TOBN(0xed49d077, 0x5c0fe4a9),
+     TOBN(0xac3aac5e, 0xb7caee1e), TOBN(0x1033898d, 0xa7f4da57),
+     TOBN(0x42145c0e, 0x5c6669b9), TOBN(0x42daa688, 0xc1aa2aa0),
+     TOBN(0x629cc15c, 0x1a1d885a), TOBN(0x25572ec0, 0xf4b76817),
+     TOBN(0x8312e435, 0x9c8f8f28), TOBN(0x8107f8cd, 0x81965490),
+     TOBN(0x516ff3a3, 0x6fa6110c), TOBN(0x74fb1eb1, 0xfb93561f),
+     TOBN(0x6c0c9047, 0x8457522b), TOBN(0xcfd32104, 0x6bb8bdc6),
+     TOBN(0x2d6884a2, 0xcc80ad57), TOBN(0x7c27fc35, 0x86a9b637),
+     TOBN(0x3461baed, 0xadf4e8cd), TOBN(0x1d56251a, 0x617242f0),
+     TOBN(0x0b80d209, 0xc955bef4), TOBN(0xdf02cad2, 0x06adb047),
+     TOBN(0xf0d7cb91, 0x5ec74fee), TOBN(0xd2503375, 0x1111ba44),
+     TOBN(0x9671755e, 0xdf53cb36), TOBN(0x54dcb612, 0x3368551b),
+     TOBN(0x66d69aac, 0xc8a025a4), TOBN(0x6be946c6, 0xe77ef445),
+     TOBN(0x719946d1, 0xa995e094), TOBN(0x65e848f6, 0xe51e04d8),
+     TOBN(0xe62f3300, 0x6a1e3113), TOBN(0x1541c7c1, 0x501de503),
+     TOBN(0x4daac9fa, 0xf4acfade), TOBN(0x0e585897, 0x44cd0b71),
+     TOBN(0x544fd869, 0x0a51cd77), TOBN(0x60fc20ed, 0x0031016d),
+     TOBN(0x58b404ec, 0xa4276867), TOBN(0x46f6c3cc, 0x34f34993),
+     TOBN(0x477ca007, 0xc636e5bd), TOBN(0x8018f5e5, 0x7c458b47),
+     TOBN(0xa1202270, 0xe47b668f), TOBN(0xcef48ccd, 0xee14f203),
+     TOBN(0x23f98bae, 0x62ff9b4d), TOBN(0x55acc035, 0xc589eddd),
+     TOBN(0x3fe712af, 0x64db4444), TOBN(0x19e9d634, 0xbecdd480),
+     TOBN(0xe08bc047, 0xa930978a), TOBN(0x2dbf24ec, 0xa1280733),
+     TOBN(0x3c0ae38c, 0x2cd706b2), TOBN(0x5b012a5b, 0x359017b9),
+     TOBN(0x3943c38c, 0x72e0f5ae), TOBN(0x786167ea, 0x57176fa3),
+     TOBN(0xe5f9897d, 0x594881dc), TOBN(0x6b5efad8, 0xcfb820c1),
+     TOBN(0xb2179093, 0xd55018de), TOBN(0x39ad7d32, 0x0bac56ce),
+     TOBN(0xb55122e0, 0x2cfc0e81), TOBN(0x117c4661, 0xf6d89daa),
+     TOBN(0x362d01e1, 0xcb64fa09), TOBN(0x6a309b4e, 0x3e9c4ddd),
+     TOBN(0xfa979fb7, 0xabea49b1), TOBN(0xb4b1d27d, 0x10e2c6c5),
+     TOBN(0xbd61c2c4, 0x23afde7a), TOBN(0xeb6614f8, 0x9786d358),
+     TOBN(0x4a5d816b, 0x7f6f7459), TOBN(0xe431a44f, 0x09360e7b),
+     TOBN(0x8c27a032, 0xc309914c), TOBN(0xcea5d68a, 0xcaede3d8),
+     TOBN(0x3668f665, 0x3a0a3f95), TOBN(0x89369416, 0x7ceba27b),
+     TOBN(0x89981fad, 0xe4728fe9), TOBN(0x7102c8a0, 0x8a093562),
+     TOBN(0xbb80310e, 0x235d21c8), TOBN(0x505e55d1, 0xbefb7f7b),
+     TOBN(0xa0a90811, 0x12958a67), TOBN(0xd67e106a, 0x4d851fef),
+     TOBN(0xb84011a9, 0x431dd80e), TOBN(0xeb7c7cca, 0x73306cd9),
+     TOBN(0x20fadd29, 0xd1b3b730), TOBN(0x83858b5b, 0xfe37b3d3),
+     TOBN(0xbf4cd193, 0xb6251d5c), TOBN(0x1cca1fd3, 0x1352d952),
+     TOBN(0xc66157a4, 0x90fbc051), TOBN(0x7990a638, 0x89b98636),}
+    ,
+    {TOBN(0xe5aa692a, 0x87dec0e1), TOBN(0x010ded8d, 0xf7b39d00),
+     TOBN(0x7b1b80c8, 0x54cfa0b5), TOBN(0x66beb876, 0xa0f8ea28),
+     TOBN(0x50d7f531, 0x3476cd0e), TOBN(0xa63d0e65, 0xb08d3949),
+     TOBN(0x1a09eea9, 0x53479fc6), TOBN(0x82ae9891, 0xf499e742),
+     TOBN(0xab58b910, 0x5ca7d866), TOBN(0x582967e2, 0x3adb3b34),
+     TOBN(0x89ae4447, 0xcceac0bc), TOBN(0x919c667c, 0x7bf56af5),
+     TOBN(0x9aec17b1, 0x60f5dcd7), TOBN(0xec697b9f, 0xddcaadbc),
+     TOBN(0x0b98f341, 0x463467f5), TOBN(0xb187f1f7, 0xa967132f),
+     TOBN(0x90fe7a1d, 0x214aeb18), TOBN(0x1506af3c, 0x741432f7),
+     TOBN(0xbb5565f9, 0xe591a0c4), TOBN(0x10d41a77, 0xb44f1bc3),
+     TOBN(0xa09d65e4, 0xa84bde96), TOBN(0x42f060d8, 0xf20a6a1c),
+     TOBN(0x652a3bfd, 0xf27f9ce7), TOBN(0xb6bdb65c, 0x3b3d739f),
+     TOBN(0xeb5ddcb6, 0xec7fae9f), TOBN(0x995f2714, 0xefb66e5a),
+     TOBN(0xdee95d8e, 0x69445d52), TOBN(0x1b6c2d46, 0x09e27620),
+     TOBN(0x32621c31, 0x8129d716), TOBN(0xb03909f1, 0x0958c1aa),
+     TOBN(0x8c468ef9, 0x1af4af63), TOBN(0x162c429f, 0xfba5cdf6),
+     TOBN(0x2f682343, 0x753b9371), TOBN(0x29cab45a, 0x5f1f9cd7),
+     TOBN(0x571623ab, 0xb245db96), TOBN(0xc507db09, 0x3fd79999),
+     TOBN(0x4e2ef652, 0xaf036c32), TOBN(0x86f0cc78, 0x05018e5c),
+     TOBN(0xc10a73d4, 0xab8be350), TOBN(0x6519b397, 0x7e826327),
+     TOBN(0xe8cb5eef, 0x9c053df7), TOBN(0x8de25b37, 0xb300ea6f),
+     TOBN(0xdb03fa92, 0xc849cffb), TOBN(0x242e43a7, 0xe84169bb),
+     TOBN(0xe4fa51f4, 0xdd6f958e), TOBN(0x6925a77f, 0xf4445a8d),
+     TOBN(0xe6e72a50, 0xe90d8949), TOBN(0xc66648e3, 0x2b1f6390),
+     TOBN(0xb2ab1957, 0x173e460c), TOBN(0x1bbbce75, 0x30704590),
+     TOBN(0xc0a90dbd, 0xdb1c7162), TOBN(0x505e399e, 0x15cdd65d),
+     TOBN(0x68434dcb, 0x57797ab7), TOBN(0x60ad35ba, 0x6a2ca8e8),
+     TOBN(0x4bfdb1e0, 0xde3336c1), TOBN(0xbbef99eb, 0xd8b39015),
+     TOBN(0x6c3b96f3, 0x1711ebec), TOBN(0x2da40f1f, 0xce98fdc4),
+     TOBN(0xb99774d3, 0x57b4411f), TOBN(0x87c8bdf4, 0x15b65bb6),
+     TOBN(0xda3a89e3, 0xc2eef12d), TOBN(0xde95bb9b, 0x3c7471f3),
+     TOBN(0x600f225b, 0xd812c594), TOBN(0x54907c5d, 0x2b75a56b),
+     TOBN(0xa93cc5f0, 0x8db60e35), TOBN(0x743e3cd6, 0xfa833319),
+     TOBN(0x7dad5c41, 0xf81683c9), TOBN(0x70c1e7d9, 0x9c34107e),
+     TOBN(0x0edc4a39, 0xa6be0907), TOBN(0x36d47035, 0x86d0b7d3),
+     TOBN(0x8c76da03, 0x272bfa60), TOBN(0x0b4a07ea, 0x0f08a414),
+     TOBN(0x699e4d29, 0x45c1dd53), TOBN(0xcadc5898, 0x231debb5),
+     TOBN(0xdf49fcc7, 0xa77f00e0), TOBN(0x93057bbf, 0xa73e5a0e),
+     TOBN(0x2f8b7ecd, 0x027a4cd1), TOBN(0x114734b3, 0xc614011a),
+     TOBN(0xe7a01db7, 0x67677c68), TOBN(0x89d9be5e, 0x7e273f4f),
+     TOBN(0xd225cb2e, 0x089808ef), TOBN(0xf1f7a27d, 0xd59e4107),
+     TOBN(0x53afc761, 0x8211b9c9), TOBN(0x0361bc67, 0xe6819159),
+     TOBN(0x2a865d0b, 0x7f071426), TOBN(0x6a3c1810, 0xe7072567),
+     TOBN(0x3e3bca1e, 0x0d6bcabd), TOBN(0xa1b02bc1, 0x408591bc),
+     TOBN(0xe0deee59, 0x31fba239), TOBN(0xf47424d3, 0x98bd91d1),
+     TOBN(0x0f8886f4, 0x071a3c1d), TOBN(0x3f7d41e8, 0xa819233b),
+     TOBN(0x708623c2, 0xcf6eb998), TOBN(0x86bb49af, 0x609a287f),
+     TOBN(0x942bb249, 0x63c90762), TOBN(0x0ef6eea5, 0x55a9654b),
+     TOBN(0x5f6d2d72, 0x36f5defe), TOBN(0xfa9922dc, 0x56f99176),
+     TOBN(0x6c8c5ece, 0xf78ce0c7), TOBN(0x7b44589d, 0xbe09b55e),
+     TOBN(0xe11b3bca, 0x9ea83770), TOBN(0xd7fa2c7f, 0x2ab71547),
+     TOBN(0x2a3dd6fa, 0x2a1ddcc0), TOBN(0x09acb430, 0x5a7b7707),
+     TOBN(0x4add4a2e, 0x649d4e57), TOBN(0xcd53a2b0, 0x1917526e),
+     TOBN(0xc5262330, 0x20b44ac4), TOBN(0x4028746a, 0xbaa2c31d),
+     TOBN(0x51318390, 0x64291d4c), TOBN(0xbf48f151, 0xee5ad909),
+     TOBN(0xcce57f59, 0x7b185681), TOBN(0x7c3ac1b0, 0x4854d442),
+     TOBN(0x65587dc3, 0xc093c171), TOBN(0xae7acb24, 0x24f42b65),
+     TOBN(0x5a338adb, 0x955996cb), TOBN(0xc8e65675, 0x6051f91b),
+     TOBN(0x66711fba, 0x28b8d0b1), TOBN(0x15d74137, 0xb6c10a90),
+     TOBN(0x70cdd7eb, 0x3a232a80), TOBN(0xc9e2f07f, 0x6191ed24),
+     TOBN(0xa80d1db6, 0xf79588c0), TOBN(0xfa52fc69, 0xb55768cc),
+     TOBN(0x0b4df1ae, 0x7f54438a), TOBN(0x0cadd1a7, 0xf9b46a4f),
+     TOBN(0xb40ea6b3, 0x1803dd6f), TOBN(0x488e4fa5, 0x55eaae35),
+     TOBN(0x9f047d55, 0x382e4e16), TOBN(0xc9b5b7e0, 0x2f6e0c98),
+     TOBN(0x6b1bd2d3, 0x95762649), TOBN(0xa9604ee7, 0xc7aea3f6),
+     TOBN(0x3646ff27, 0x6dc6f896), TOBN(0x9bf0e7f5, 0x2860bad1),
+     TOBN(0x2d92c821, 0x7cb44b92), TOBN(0xa2f5ce63, 0xaea9c182),
+     TOBN(0xd0a2afb1, 0x9154a5fd), TOBN(0x482e474c, 0x95801da6),
+     TOBN(0xc19972d0, 0xb611c24b), TOBN(0x1d468e65, 0x60a8f351),
+     TOBN(0xeb758069, 0x7bcf6421), TOBN(0xec9dd0ee, 0x88fbc491),
+     TOBN(0x5b59d2bf, 0x956c2e32), TOBN(0x73dc6864, 0xdcddf94e),
+     TOBN(0xfd5e2321, 0xbcee7665), TOBN(0xa7b4f8ef, 0x5e9a06c4),
+     TOBN(0xfba918dd, 0x7280f855), TOBN(0xbbaac260, 0x8baec688),
+     TOBN(0xa3b3f00f, 0x33400f42), TOBN(0x3d2dba29, 0x66f2e6e4),
+     TOBN(0xb6f71a94, 0x98509375), TOBN(0x8f33031f, 0xcea423cc),
+     TOBN(0x009b8dd0, 0x4807e6fb), TOBN(0x5163cfe5, 0x5cdb954c),
+     TOBN(0x03cc8f17, 0xcf41c6e8), TOBN(0xf1f03c2a, 0x037b925c),
+     TOBN(0xc39c19cc, 0x66d2427c), TOBN(0x823d24ba, 0x7b6c18e4),
+     TOBN(0x32ef9013, 0x901f0b4f), TOBN(0x684360f1, 0xf8941c2e),
+     TOBN(0x0ebaff52, 0x2c28092e), TOBN(0x7891e4e3, 0x256c932f),
+     TOBN(0x51264319, 0xac445e3d), TOBN(0x553432e7, 0x8ea74381),
+     TOBN(0xe6eeaa69, 0x67e9c50a), TOBN(0x27ced284, 0x62e628c7),
+     TOBN(0x3f96d375, 0x7a4afa57), TOBN(0xde0a14c3, 0xe484c150),
+     TOBN(0x364a24eb, 0x38bd9923), TOBN(0x1df18da0, 0xe5177422),
+     TOBN(0x174e8f82, 0xd8d38a9b), TOBN(0x2e97c600, 0xe7de1391),
+     TOBN(0xc5709850, 0xa1c175dd), TOBN(0x969041a0, 0x32ae5035),
+     TOBN(0xcbfd533b, 0x76a2086b), TOBN(0xd6bba71b, 0xd7c2e8fe),
+     TOBN(0xb2d58ee6, 0x099dfb67), TOBN(0x3a8b342d, 0x064a85d9),
+     TOBN(0x3bc07649, 0x522f9be3), TOBN(0x690c075b, 0xdf1f49a8),
+     TOBN(0x80e1aee8, 0x3854ec42), TOBN(0x2a7dbf44, 0x17689dc7),
+     TOBN(0xc004fc0e, 0x3faf4078), TOBN(0xb2f02e9e, 0xdf11862c),
+     TOBN(0xf10a5e0f, 0xa0a1b7b3), TOBN(0x30aca623, 0x8936ec80),
+     TOBN(0xf83cbf05, 0x02f40d9a), TOBN(0x4681c468, 0x2c318a4d),
+     TOBN(0x98575618, 0x0e9c2674), TOBN(0xbe79d046, 0x1847092e),
+     TOBN(0xaf1e480a, 0x78bd01e0), TOBN(0x6dd359e4, 0x72a51db9),
+     TOBN(0x62ce3821, 0xe3afbab6), TOBN(0xc5cee5b6, 0x17733199),
+     TOBN(0xe08b30d4, 0x6ffd9fbb), TOBN(0x6e5bc699, 0x36c610b7),
+     TOBN(0xf343cff2, 0x9ce262cf), TOBN(0xca2e4e35, 0x68b914c1),
+     TOBN(0x011d64c0, 0x16de36c5), TOBN(0xe0b10fdd, 0x42e2b829),
+     TOBN(0x78942981, 0x6685aaf8), TOBN(0xe7511708, 0x230ede97),
+     TOBN(0x671ed8fc, 0x3b922bf8), TOBN(0xe4d8c0a0, 0x4c29b133),
+     TOBN(0x87eb1239, 0x3b6e99c4), TOBN(0xaff3974c, 0x8793beba),
+     TOBN(0x03749405, 0x2c18df9b), TOBN(0xc5c3a293, 0x91007139),
+     TOBN(0x6a77234f, 0xe37a0b95), TOBN(0x02c29a21, 0xb661c96b),
+     TOBN(0xc3aaf1d6, 0x141ecf61), TOBN(0x9195509e, 0x3bb22f53),
+     TOBN(0x29597404, 0x22d51357), TOBN(0x1b083822, 0x537bed60),
+     TOBN(0xcd7d6e35, 0xe07289f0), TOBN(0x1f94c48c, 0x6dd86eff),
+     TOBN(0xc8bb1f82, 0xeb0f9cfa), TOBN(0x9ee0b7e6, 0x1b2eb97d),
+     TOBN(0x5a52fe2e, 0x34d74e31), TOBN(0xa352c310, 0x3bf79ab6),
+     TOBN(0x97ff6c5a, 0xabfeeb8f), TOBN(0xbfbe8fef, 0xf5c97305),
+     TOBN(0xd6081ce6, 0xa7904608), TOBN(0x1f812f3a, 0xc4fca249),
+     TOBN(0x9b24bc9a, 0xb9e5e200), TOBN(0x91022c67, 0x38012ee8),
+     TOBN(0xe83d9c5d, 0x30a713a1), TOBN(0x4876e3f0, 0x84ef0f93),
+     TOBN(0xc9777029, 0xc1fbf928), TOBN(0xef7a6bb3, 0xbce7d2a4),
+     TOBN(0xb8067228, 0xdfa2a659), TOBN(0xd5cd3398, 0xd877a48f),
+     TOBN(0xbea4fd8f, 0x025d0f3f), TOBN(0xd67d2e35, 0x2eae7c2b),
+     TOBN(0x184de7d7, 0xcc5f4394), TOBN(0xb5551b5c, 0x4536e142),
+     TOBN(0x2e89b212, 0xd34aa60a), TOBN(0x14a96fea, 0xf50051d5),
+     TOBN(0x4e21ef74, 0x0d12bb0b), TOBN(0xc522f020, 0x60b9677e),
+     TOBN(0x8b12e467, 0x2df7731d), TOBN(0x39f80382, 0x7b326d31),
+     TOBN(0xdfb8630c, 0x39024a94), TOBN(0xaacb96a8, 0x97319452),
+     TOBN(0xd68a3961, 0xeda3867c), TOBN(0x0c58e2b0, 0x77c4ffca),
+     TOBN(0x3d545d63, 0x4da919fa), TOBN(0xef79b69a, 0xf15e2289),
+     TOBN(0x54bc3d3d, 0x808bab10), TOBN(0xc8ab3007, 0x45f82c37),
+     TOBN(0xc12738b6, 0x7c4a658a), TOBN(0xb3c47639, 0x40e72182),
+     TOBN(0x3b77be46, 0x8798e44f), TOBN(0xdc047df2, 0x17a7f85f),
+     TOBN(0x2439d4c5, 0x5e59d92d), TOBN(0xcedca475, 0xe8e64d8d),
+     TOBN(0xa724cd0d, 0x87ca9b16), TOBN(0x35e4fd59, 0xa5540dfe),
+     TOBN(0xf8c1ff18, 0xe4bcf6b1), TOBN(0x856d6285, 0x295018fa),
+     TOBN(0x433f665c, 0x3263c949), TOBN(0xa6a76dd6, 0xa1f21409),
+     TOBN(0x17d32334, 0xcc7b4f79), TOBN(0xa1d03122, 0x06720e4a),
+     TOBN(0xadb6661d, 0x81d9bed5), TOBN(0xf0d6fb02, 0x11db15d1),
+     TOBN(0x7fd11ad5, 0x1fb747d2), TOBN(0xab50f959, 0x3033762b),
+     TOBN(0x2a7e711b, 0xfbefaf5a), TOBN(0xc7393278, 0x3fef2bbf),
+     TOBN(0xe29fa244, 0x0df6f9be), TOBN(0x9092757b, 0x71efd215),
+     TOBN(0xee60e311, 0x4f3d6fd9), TOBN(0x338542d4, 0x0acfb78b),
+     TOBN(0x44a23f08, 0x38961a0f), TOBN(0x1426eade, 0x986987ca),
+     TOBN(0x36e6ee2e, 0x4a863cc6), TOBN(0x48059420, 0x628b8b79),
+     TOBN(0x30303ad8, 0x7396e1de), TOBN(0x5c8bdc48, 0x38c5aad1),
+     TOBN(0x3e40e11f, 0x5c8f5066), TOBN(0xabd6e768, 0x8d246bbd),
+     TOBN(0x68aa40bb, 0x23330a01), TOBN(0xd23f5ee4, 0xc34eafa0),
+     TOBN(0x3bbee315, 0x5de02c21), TOBN(0x18dd4397, 0xd1d8dd06),
+     TOBN(0x3ba1939a, 0x122d7b44), TOBN(0xe6d3b40a, 0xa33870d6),
+     TOBN(0x8e620f70, 0x1c4fe3f8), TOBN(0xf6bba1a5, 0xd3a50cbf),
+     TOBN(0x4a78bde5, 0xcfc0aee0), TOBN(0x847edc46, 0xc08c50bd),
+     TOBN(0xbaa2439c, 0xad63c9b2), TOBN(0xceb4a728, 0x10fc2acb),
+     TOBN(0xa419e40e, 0x26da033d), TOBN(0x6cc3889d, 0x03e02683),
+     TOBN(0x1cd28559, 0xfdccf725), TOBN(0x0fd7e0f1, 0x8d13d208),
+     TOBN(0x01b9733b, 0x1f0df9d4), TOBN(0x8cc2c5f3, 0xa2b5e4f3),
+     TOBN(0x43053bfa, 0x3a304fd4), TOBN(0x8e87665c, 0x0a9f1aa7),
+     TOBN(0x087f29ec, 0xd73dc965), TOBN(0x15ace455, 0x3e9023db),
+     TOBN(0x2370e309, 0x2bce28b4), TOBN(0xf9723442, 0xb6b1e84a),
+     TOBN(0xbeee662e, 0xb72d9f26), TOBN(0xb19396de, 0xf0e47109),
+     TOBN(0x85b1fa73, 0xe13289d0), TOBN(0x436cf77e, 0x54e58e32),
+     TOBN(0x0ec833b3, 0xe990ef77), TOBN(0x7373e3ed, 0x1b11fc25),
+     TOBN(0xbe0eda87, 0x0fc332ce), TOBN(0xced04970, 0x8d7ea856),
+     TOBN(0xf85ff785, 0x7e977ca0), TOBN(0xb66ee8da, 0xdfdd5d2b),
+     TOBN(0xf5e37950, 0x905af461), TOBN(0x587b9090, 0x966d487c),
+     TOBN(0x6a198a1b, 0x32ba0127), TOBN(0xa7720e07, 0x141615ac),
+     TOBN(0xa23f3499, 0x996ef2f2), TOBN(0xef5f64b4, 0x470bcb3d),
+     TOBN(0xa526a962, 0x92b8c559), TOBN(0x0c14aac0, 0x69740a0f),
+     TOBN(0x0d41a9e3, 0xa6bdc0a5), TOBN(0x97d52106, 0x9c48aef4),
+     TOBN(0xcf16bd30, 0x3e7c253b), TOBN(0xcc834b1a, 0x47fdedc1),
+     TOBN(0x7362c6e5, 0x373aab2e), TOBN(0x264ed85e, 0xc5f590ff),
+     TOBN(0x7a46d9c0, 0x66d41870), TOBN(0xa50c20b1, 0x4787ba09),
+     TOBN(0x185e7e51, 0xe3d44635), TOBN(0xb3b3e080, 0x31e2d8dc),
+     TOBN(0xbed1e558, 0xa179e9d9), TOBN(0x2daa3f79, 0x74a76781),
+     TOBN(0x4372baf2, 0x3a40864f), TOBN(0x46900c54, 0x4fe75cb5),
+     TOBN(0xb95f171e, 0xf76765d0), TOBN(0x4ad726d2, 0x95c87502),
+     TOBN(0x2ec769da, 0x4d7c99bd), TOBN(0x5e2ddd19, 0xc36cdfa8),
+     TOBN(0xc22117fc, 0xa93e6dea), TOBN(0xe8a2583b, 0x93771123),
+     TOBN(0xbe2f6089, 0xfa08a3a2), TOBN(0x4809d5ed, 0x8f0e1112),
+     TOBN(0x3b414aa3, 0xda7a095e), TOBN(0x9049acf1, 0x26f5aadd),
+     TOBN(0x78d46a4d, 0x6be8b84a), TOBN(0xd66b1963, 0xb732b9b3),
+     TOBN(0x5c2ac2a0, 0xde6e9555), TOBN(0xcf52d098, 0xb5bd8770),
+     TOBN(0x15a15fa6, 0x0fd28921), TOBN(0x56ccb81e, 0x8b27536d),
+     TOBN(0x0f0d8ab8, 0x9f4ccbb8), TOBN(0xed5f44d2, 0xdb221729),
+     TOBN(0x43141988, 0x00bed10c), TOBN(0xc94348a4, 0x1d735b8b),
+     TOBN(0x79f3e9c4, 0x29ef8479), TOBN(0x4c13a4e3, 0x614c693f),
+     TOBN(0x32c9af56, 0x8e143a14), TOBN(0xbc517799, 0xe29ac5c4),
+     TOBN(0x05e17992, 0x2774856f), TOBN(0x6e52fb05, 0x6c1bf55f),
+     TOBN(0xaeda4225, 0xe4f19e16), TOBN(0x70f4728a, 0xaf5ccb26),
+     TOBN(0x5d2118d1, 0xb2947f22), TOBN(0xc827ea16, 0x281d6fb9),
+     TOBN(0x8412328d, 0x8cf0eabd), TOBN(0x45ee9fb2, 0x03ef9dcf),
+     TOBN(0x8e700421, 0xbb937d63), TOBN(0xdf8ff2d5, 0xcc4b37a6),
+     TOBN(0xa4c0d5b2, 0x5ced7b68), TOBN(0x6537c1ef, 0xc7308f59),
+     TOBN(0x25ce6a26, 0x3b37f8e8), TOBN(0x170e9a9b, 0xdeebc6ce),
+     TOBN(0xdd037952, 0x8728d72c), TOBN(0x445b0e55, 0x850154bc),
+     TOBN(0x4b7d0e06, 0x83a7337b), TOBN(0x1e3416d4, 0xffecf249),
+     TOBN(0x24840eff, 0x66a2b71f), TOBN(0xd0d9a50a, 0xb37cc26d),
+     TOBN(0xe2198150, 0x6fe28ef7), TOBN(0x3cc5ef16, 0x23324c7f),
+     TOBN(0x220f3455, 0x769b5263), TOBN(0xe2ade2f1, 0xa10bf475),
+     TOBN(0x28cd20fa, 0x458d3671), TOBN(0x1549722c, 0x2dc4847b),
+     TOBN(0x6dd01e55, 0x591941e3), TOBN(0x0e6fbcea, 0x27128ccb),
+     TOBN(0xae1a1e6b, 0x3bef0262), TOBN(0xfa8c472c, 0x8f54e103),
+     TOBN(0x7539c0a8, 0x72c052ec), TOBN(0xd7b27369, 0x5a3490e9),
+     TOBN(0x143fe1f1, 0x71684349), TOBN(0x36b4722e, 0x32e19b97),
+     TOBN(0xdc059227, 0x90980aff), TOBN(0x175c9c88, 0x9e13d674),
+     TOBN(0xa7de5b22, 0x6e6bfdb1), TOBN(0x5ea5b7b2, 0xbedb4b46),
+     TOBN(0xd5570191, 0xd34a6e44), TOBN(0xfcf60d2e, 0xa24ff7e6),
+     TOBN(0x614a392d, 0x677819e1), TOBN(0x7be74c7e, 0xaa5a29e8),
+     TOBN(0xab50fece, 0x63c85f3f), TOBN(0xaca2e2a9, 0x46cab337),
+     TOBN(0x7f700388, 0x122a6fe3), TOBN(0xdb69f703, 0x882a04a8),
+     TOBN(0x9a77935d, 0xcf7aed57), TOBN(0xdf16207c, 0x8d91c86f),
+     TOBN(0x2fca49ab, 0x63ed9998), TOBN(0xa3125c44, 0xa77ddf96),
+     TOBN(0x05dd8a86, 0x24344072), TOBN(0xa023dda2, 0xfec3fb56),
+     TOBN(0x421b41fc, 0x0c743032), TOBN(0x4f2120c1, 0x5e438639),
+     TOBN(0xfb7cae51, 0xc83c1b07), TOBN(0xb2370caa, 0xcac2171a),
+     TOBN(0x2eb2d962, 0x6cc820fb), TOBN(0x59feee5c, 0xb85a44bf),
+     TOBN(0x94620fca, 0x5b6598f0), TOBN(0x6b922cae, 0x7e314051),
+     TOBN(0xff8745ad, 0x106bed4e), TOBN(0x546e71f5, 0xdfa1e9ab),
+     TOBN(0x935c1e48, 0x1ec29487), TOBN(0x9509216c, 0x4d936530),
+     TOBN(0xc7ca3067, 0x85c9a2db), TOBN(0xd6ae5152, 0x6be8606f),
+     TOBN(0x09dbcae6, 0xe14c651d), TOBN(0xc9536e23, 0x9bc32f96),
+     TOBN(0xa90535a9, 0x34521b03), TOBN(0xf39c526c, 0x878756ff),
+     TOBN(0x383172ec, 0x8aedf03c), TOBN(0x20a8075e, 0xefe0c034),
+     TOBN(0xf22f9c62, 0x64026422), TOBN(0x8dd10780, 0x24b9d076),
+     TOBN(0x944c742a, 0x3bef2950), TOBN(0x55b9502e, 0x88a2b00b),
+     TOBN(0xa59e14b4, 0x86a09817), TOBN(0xa39dd3ac, 0x47bb4071),
+     TOBN(0x55137f66, 0x3be0592f), TOBN(0x07fcafd4, 0xc9e63f5b),
+     TOBN(0x963652ee, 0x346eb226), TOBN(0x7dfab085, 0xec2facb7),
+     TOBN(0x273bf2b8, 0x691add26), TOBN(0x30d74540, 0xf2b46c44),
+     TOBN(0x05e8e73e, 0xf2c2d065), TOBN(0xff9b8a00, 0xd42eeac9),
+     TOBN(0x2fcbd205, 0x97209d22), TOBN(0xeb740ffa, 0xde14ea2c),
+     TOBN(0xc71ff913, 0xa8aef518), TOBN(0x7bfc74bb, 0xfff4cfa2),
+     TOBN(0x1716680c, 0xb6b36048), TOBN(0x121b2cce, 0x9ef79af1),
+     TOBN(0xbff3c836, 0xa01eb3d3), TOBN(0x50eb1c6a, 0x5f79077b),
+     TOBN(0xa48c32d6, 0xa004bbcf), TOBN(0x47a59316, 0x7d64f61d),
+     TOBN(0x6068147f, 0x93102016), TOBN(0x12c5f654, 0x94d12576),
+     TOBN(0xefb071a7, 0xc9bc6b91), TOBN(0x7c2da0c5, 0x6e23ea95),
+     TOBN(0xf4fd45b6, 0xd4a1dd5d), TOBN(0x3e7ad9b6, 0x9122b13c),
+     TOBN(0x342ca118, 0xe6f57a48), TOBN(0x1c2e94a7, 0x06f8288f),
+     TOBN(0x99e68f07, 0x5a97d231), TOBN(0x7c80de97, 0x4d838758),
+     TOBN(0xbce0f5d0, 0x05872727), TOBN(0xbe5d95c2, 0x19c4d016),
+     TOBN(0x921d5cb1, 0x9c2492ee), TOBN(0x42192dc1, 0x404d6fb3),
+     TOBN(0x4c84dcd1, 0x32f988d3), TOBN(0xde26d61f, 0xa17b8e85),
+     TOBN(0xc466dcb6, 0x137c7408), TOBN(0x9a38d7b6, 0x36a266da),
+     TOBN(0x7ef5cb06, 0x83bebf1b), TOBN(0xe5cdcbbf, 0x0fd014e3),
+     TOBN(0x30aa376d, 0xf65965a0), TOBN(0x60fe88c2, 0xebb3e95e),
+     TOBN(0x33fd0b61, 0x66ee6f20), TOBN(0x8827dcdb, 0x3f41f0a0),
+     TOBN(0xbf8a9d24, 0x0c56c690), TOBN(0x40265dad, 0xddb7641d),
+     TOBN(0x522b05bf, 0x3a6b662b), TOBN(0x466d1dfe, 0xb1478c9b),
+     TOBN(0xaa616962, 0x1484469b), TOBN(0x0db60549, 0x02df8f9f),
+     TOBN(0xc37bca02, 0x3cb8bf51), TOBN(0x5effe346, 0x21371ce8),
+     TOBN(0xe8f65264, 0xff112c32), TOBN(0x8a9c736d, 0x7b971fb2),
+     TOBN(0xa4f19470, 0x7b75080d), TOBN(0xfc3f2c5a, 0x8839c59b),
+     TOBN(0x1d6c777e, 0x5aeb49c2), TOBN(0xf3db034d, 0xda1addfe),
+     TOBN(0xd76fee5a, 0x5535affc), TOBN(0x0853ac70, 0xb92251fd),
+     TOBN(0x37e3d594, 0x8b2a29d5), TOBN(0x28f1f457, 0x4de00ddb),
+     TOBN(0x8083c1b5, 0xf42c328b), TOBN(0xd8ef1d8f, 0xe493c73b),
+     TOBN(0x96fb6260, 0x41dc61bd), TOBN(0xf74e8a9d, 0x27ee2f8a),
+     TOBN(0x7c605a80, 0x2c946a5d), TOBN(0xeed48d65, 0x3839ccfd),
+     TOBN(0x9894344f, 0x3a29467a), TOBN(0xde81e949, 0xc51eba6d),
+     TOBN(0xdaea066b, 0xa5e5c2f2), TOBN(0x3fc8a614, 0x08c8c7b3),
+     TOBN(0x7adff88f, 0x06d0de9f), TOBN(0xbbc11cf5, 0x3b75ce0a),
+     TOBN(0x9fbb7acc, 0xfbbc87d5), TOBN(0xa1458e26, 0x7badfde2)}
+    ,
+    {TOBN(0x1cb43668, 0xe039c256), TOBN(0x5f26fb8b, 0x7c17fd5d),
+     TOBN(0xeee426af, 0x79aa062b), TOBN(0x072002d0, 0xd78fbf04),
+     TOBN(0x4c9ca237, 0xe84fb7e3), TOBN(0xb401d8a1, 0x0c82133d),
+     TOBN(0xaaa52592, 0x6d7e4181), TOBN(0xe9430833, 0x73dbb152),
+     TOBN(0xf92dda31, 0xbe24319a), TOBN(0x03f7d28b, 0xe095a8e7),
+     TOBN(0xa52fe840, 0x98782185), TOBN(0x276ddafe, 0x29c24dbc),
+     TOBN(0x80cd5496, 0x1d7a64eb), TOBN(0xe4360889, 0x7f1dbe42),
+     TOBN(0x2f81a877, 0x8438d2d5), TOBN(0x7e4d52a8, 0x85169036),
+     TOBN(0x19e3d5b1, 0x1d59715d), TOBN(0xc7eaa762, 0xd788983e),
+     TOBN(0xe5a730b0, 0xabf1f248), TOBN(0xfbab8084, 0xfae3fd83),
+     TOBN(0x65e50d21, 0x53765b2f), TOBN(0xbdd4e083, 0xfa127f3d),
+     TOBN(0x9cf3c074, 0x397b1b10), TOBN(0x59f8090c, 0xb1b59fd3),
+     TOBN(0x7b15fd9d, 0x615faa8f), TOBN(0x8fa1eb40, 0x968554ed),
+     TOBN(0x7bb4447e, 0x7aa44882), TOBN(0x2bb2d0d1, 0x029fff32),
+     TOBN(0x075e2a64, 0x6caa6d2f), TOBN(0x8eb879de, 0x22e7351b),
+     TOBN(0xbcd5624e, 0x9a506c62), TOBN(0x218eaef0, 0xa87e24dc),
+     TOBN(0x37e56847, 0x44ddfa35), TOBN(0x9ccfc5c5, 0xdab3f747),
+     TOBN(0x9ac1df3f, 0x1ee96cf4), TOBN(0x0c0571a1, 0x3b480b8f),
+     TOBN(0x2fbeb3d5, 0x4b3a7b3c), TOBN(0x35c03669, 0x5dcdbb99),
+     TOBN(0x52a0f5dc, 0xb2415b3a), TOBN(0xd57759b4, 0x4413ed9a),
+     TOBN(0x1fe647d8, 0x3d30a2c5), TOBN(0x0857f77e, 0xf78a81dc),
+     TOBN(0x11d5a334, 0x131a4a9b), TOBN(0xc0a94af9, 0x29d393f5),
+     TOBN(0xbc3a5c0b, 0xdaa6ec1a), TOBN(0xba9fe493, 0x88d2d7ed),
+     TOBN(0xbb4335b4, 0xbb614797), TOBN(0x991c4d68, 0x72f83533),
+     TOBN(0x53258c28, 0xd2f01cb3), TOBN(0x93d6eaa3, 0xd75db0b1),
+     TOBN(0x419a2b0d, 0xe87d0db4), TOBN(0xa1e48f03, 0xd8fe8493),
+     TOBN(0xf747faf6, 0xc508b23a), TOBN(0xf137571a, 0x35d53549),
+     TOBN(0x9f5e58e2, 0xfcf9b838), TOBN(0xc7186cee, 0xa7fd3cf5),
+     TOBN(0x77b868ce, 0xe978a1d3), TOBN(0xe3a68b33, 0x7ab92d04),
+     TOBN(0x51029794, 0x87a5b862), TOBN(0x5f0606c3, 0x3a61d41d),
+     TOBN(0x2814be27, 0x6f9326f1), TOBN(0x2f521c14, 0xc6fe3c2e),
+     TOBN(0x17464d7d, 0xacdf7351), TOBN(0x10f5f9d3, 0x777f7e44),
+     TOBN(0xce8e616b, 0x269fb37d), TOBN(0xaaf73804, 0x7de62de5),
+     TOBN(0xaba11175, 0x4fdd4153), TOBN(0x515759ba, 0x3770b49b),
+     TOBN(0x8b09ebf8, 0xaa423a61), TOBN(0x592245a1, 0xcd41fb92),
+     TOBN(0x1cba8ec1, 0x9b4c8936), TOBN(0xa87e91e3, 0xaf36710e),
+     TOBN(0x1fd84ce4, 0x3d34a2e3), TOBN(0xee3759ce, 0xb43b5d61),
+     TOBN(0x895bc78c, 0x619186c7), TOBN(0xf19c3809, 0xcbb9725a),
+     TOBN(0xc0be21aa, 0xde744b1f), TOBN(0xa7d222b0, 0x60f8056b),
+     TOBN(0x74be6157, 0xb23efe11), TOBN(0x6fab2b4f, 0x0cd68253),
+     TOBN(0xad33ea5f, 0x4bf1d725), TOBN(0x9c1d8ee2, 0x4f6c950f),
+     TOBN(0x544ee78a, 0xa377af06), TOBN(0x54f489bb, 0x94a113e1),
+     TOBN(0x8f11d634, 0x992fb7e8), TOBN(0x0169a7aa, 0xa2a44347),
+     TOBN(0x1d49d4af, 0x95020e00), TOBN(0x95945722, 0xe08e120b),
+     TOBN(0xb6e33878, 0xa4d32282), TOBN(0xe36e029d, 0x48020ae7),
+     TOBN(0xe05847fb, 0x37a9b750), TOBN(0xf876812c, 0xb29e3819),
+     TOBN(0x84ad138e, 0xd23a17f0), TOBN(0x6d7b4480, 0xf0b3950e),
+     TOBN(0xdfa8aef4, 0x2fd67ae0), TOBN(0x8d3eea24, 0x52333af6),
+     TOBN(0x0d052075, 0xb15d5acc), TOBN(0xc6d9c79f, 0xbd815bc4),
+     TOBN(0x8dcafd88, 0xdfa36cf2), TOBN(0x908ccbe2, 0x38aa9070),
+     TOBN(0x638722c4, 0xba35afce), TOBN(0x5a3da8b0, 0xfd6abf0b),
+     TOBN(0x2dce252c, 0xc9c335c1), TOBN(0x84e7f0de, 0x65aa799b),
+     TOBN(0x2101a522, 0xb99a72cb), TOBN(0x06de6e67, 0x87618016),
+     TOBN(0x5ff8c7cd, 0xe6f3653e), TOBN(0x0a821ab5, 0xc7a6754a),
+     TOBN(0x7e3fa52b, 0x7cb0b5a2), TOBN(0xa7fb121c, 0xc9048790),
+     TOBN(0x1a725020, 0x06ce053a), TOBN(0xb490a31f, 0x04e929b0),
+     TOBN(0xe17be47d, 0x62dd61ad), TOBN(0x781a961c, 0x6be01371),
+     TOBN(0x1063bfd3, 0xdae3cbba), TOBN(0x35647406, 0x7f73c9ba),
+     TOBN(0xf50e957b, 0x2736a129), TOBN(0xa6313702, 0xed13f256),
+     TOBN(0x9436ee65, 0x3a19fcc5), TOBN(0xcf2bdb29, 0xe7a4c8b6),
+     TOBN(0xb06b1244, 0xc5f95cd8), TOBN(0xda8c8af0, 0xf4ab95f4),
+     TOBN(0x1bae59c2, 0xb9e5836d), TOBN(0x07d51e7e, 0x3acffffc),
+     TOBN(0x01e15e6a, 0xc2ccbcda), TOBN(0x3bc1923f, 0x8528c3e0),
+     TOBN(0x43324577, 0xa49fead4), TOBN(0x61a1b884, 0x2aa7a711),
+     TOBN(0xf9a86e08, 0x700230ef), TOBN(0x0af585a1, 0xbd19adf8),
+     TOBN(0x7645f361, 0xf55ad8f2), TOBN(0x6e676223, 0x46c3614c),
+     TOBN(0x23cb257c, 0x4e774d3f), TOBN(0x82a38513, 0xac102d1b),
+     TOBN(0x9bcddd88, 0x7b126aa5), TOBN(0xe716998b, 0xeefd3ee4),
+     TOBN(0x4239d571, 0xfb167583), TOBN(0xdd011c78, 0xd16c8f8a),
+     TOBN(0x271c2895, 0x69a27519), TOBN(0x9ce0a3b7, 0xd2d64b6a),
+     TOBN(0x8c977289, 0xd5ec6738), TOBN(0xa3b49f9a, 0x8840ef6b),
+     TOBN(0x808c14c9, 0x9a453419), TOBN(0x5c00295b, 0x0cf0a2d5),
+     TOBN(0x524414fb, 0x1d4bcc76), TOBN(0xb07691d2, 0x459a88f1),
+     TOBN(0x77f43263, 0xf70d110f), TOBN(0x64ada5e0, 0xb7abf9f3),
+     TOBN(0xafd0f94e, 0x5b544cf5), TOBN(0xb4a13a15, 0xfd2713fe),
+     TOBN(0xb99b7d6e, 0x250c74f4), TOBN(0x097f2f73, 0x20324e45),
+     TOBN(0x994b37d8, 0xaffa8208), TOBN(0xc3c31b0b, 0xdc29aafc),
+     TOBN(0x3da74651, 0x7a3a607f), TOBN(0xd8e1b8c1, 0xfe6955d6),
+     TOBN(0x716e1815, 0xc8418682), TOBN(0x541d487f, 0x7dc91d97),
+     TOBN(0x48a04669, 0xc6996982), TOBN(0xf39cab15, 0x83a6502e),
+     TOBN(0x025801a0, 0xe68db055), TOBN(0xf3569758, 0xba3338d5),
+     TOBN(0xb0c8c0aa, 0xee2afa84), TOBN(0x4f6985d3, 0xfb6562d1),
+     TOBN(0x351f1f15, 0x132ed17a), TOBN(0x510ed0b4, 0xc04365fe),
+     TOBN(0xa3f98138, 0xe5b1f066), TOBN(0xbc9d95d6, 0x32df03dc),
+     TOBN(0xa83ccf6e, 0x19abd09e), TOBN(0x0b4097c1, 0x4ff17edb),
+     TOBN(0x58a5c478, 0xd64a06ce), TOBN(0x2ddcc3fd, 0x544a58fd),
+     TOBN(0xd449503d, 0x9e8153b8), TOBN(0x3324fd02, 0x7774179b),
+     TOBN(0xaf5d47c8, 0xdbd9120c), TOBN(0xeb860162, 0x34fa94db),
+     TOBN(0x5817bdd1, 0x972f07f4), TOBN(0xe5579e2e, 0xd27bbceb),
+     TOBN(0x86847a1f, 0x5f11e5a6), TOBN(0xb39ed255, 0x7c3cf048),
+     TOBN(0xe1076417, 0xa2f62e55), TOBN(0x6b9ab38f, 0x1bcf82a2),
+     TOBN(0x4bb7c319, 0x7aeb29f9), TOBN(0xf6d17da3, 0x17227a46),
+     TOBN(0xab53ddbd, 0x0f968c00), TOBN(0xa03da7ec, 0x000c880b),
+     TOBN(0x7b239624, 0x6a9ad24d), TOBN(0x612c0401, 0x01ec60d0),
+     TOBN(0x70d10493, 0x109f5df1), TOBN(0xfbda4030, 0x80af7550),
+     TOBN(0x30b93f95, 0xc6b9a9b3), TOBN(0x0c74ec71, 0x007d9418),
+     TOBN(0x94175564, 0x6edb951f), TOBN(0x5f4a9d78, 0x7f22c282),
+     TOBN(0xb7870895, 0xb38d1196), TOBN(0xbc593df3, 0xa228ce7c),
+     TOBN(0xc78c5bd4, 0x6af3641a), TOBN(0x7802200b, 0x3d9b3dcc),
+     TOBN(0x0dc73f32, 0x8be33304), TOBN(0x847ed87d, 0x61ffb79a),
+     TOBN(0xf85c974e, 0x6d671192), TOBN(0x1e14100a, 0xde16f60f),
+     TOBN(0x45cb0d5a, 0x95c38797), TOBN(0x18923bba, 0x9b022da4),
+     TOBN(0xef2be899, 0xbbe7e86e), TOBN(0x4a1510ee, 0x216067bf),
+     TOBN(0xd98c8154, 0x84d5ce3e), TOBN(0x1af777f0, 0xf92a2b90),
+     TOBN(0x9fbcb400, 0x4ef65724), TOBN(0x3e04a4c9, 0x3c0ca6fe),
+     TOBN(0xfb3e2cb5, 0x55002994), TOBN(0x1f3a93c5, 0x5363ecab),
+     TOBN(0x1fe00efe, 0x3923555b), TOBN(0x744bedd9, 0x1e1751ea),
+     TOBN(0x3fb2db59, 0x6ab69357), TOBN(0x8dbd7365, 0xf5e6618b),
+     TOBN(0x99d53099, 0xdf1ea40e), TOBN(0xb3f24a0b, 0x57d61e64),
+     TOBN(0xd088a198, 0x596eb812), TOBN(0x22c8361b, 0x5762940b),
+     TOBN(0x66f01f97, 0xf9c0d95c), TOBN(0x88461172, 0x8e43cdae),
+     TOBN(0x11599a7f, 0xb72b15c3), TOBN(0x135a7536, 0x420d95cc),
+     TOBN(0x2dcdf0f7, 0x5f7ae2f6), TOBN(0x15fc6e1d, 0xd7fa6da2),
+     TOBN(0x81ca829a, 0xd1d441b6), TOBN(0x84c10cf8, 0x04a106b6),
+     TOBN(0xa9b26c95, 0xa73fbbd0), TOBN(0x7f24e0cb, 0x4d8f6ee8),
+     TOBN(0x48b45937, 0x1e25a043), TOBN(0xf8a74fca, 0x036f3dfe),
+     TOBN(0x1ed46585, 0xc9f84296), TOBN(0x7fbaa8fb, 0x3bc278b0),
+     TOBN(0xa8e96cd4, 0x6c4fcbd0), TOBN(0x940a1202, 0x73b60a5f),
+     TOBN(0x34aae120, 0x55a4aec8), TOBN(0x550e9a74, 0xdbd742f0),
+     TOBN(0x794456d7, 0x228c68ab), TOBN(0x492f8868, 0xa4e25ec6),
+     TOBN(0x682915ad, 0xb2d8f398), TOBN(0xf13b51cc, 0x5b84c953),
+     TOBN(0xcda90ab8, 0x5bb917d6), TOBN(0x4b615560, 0x4ea3dee1),
+     TOBN(0x578b4e85, 0x0a52c1c8), TOBN(0xeab1a695, 0x20b75fc4),
+     TOBN(0x60c14f3c, 0xaa0bb3c6), TOBN(0x220f448a, 0xb8216094),
+     TOBN(0x4fe7ee31, 0xb0e63d34), TOBN(0xf4600572, 0xa9e54fab),
+     TOBN(0xc0493334, 0xd5e7b5a4), TOBN(0x8589fb92, 0x06d54831),
+     TOBN(0xaa70f5cc, 0x6583553a), TOBN(0x0879094a, 0xe25649e5),
+     TOBN(0xcc904507, 0x10044652), TOBN(0xebb0696d, 0x02541c4f),
+     TOBN(0x5a171fde, 0xb9718710), TOBN(0x38f1bed8, 0xf374a9f5),
+     TOBN(0xc8c582e1, 0xba39bdc1), TOBN(0xfc457b0a, 0x908cc0ce),
+     TOBN(0x9a187fd4, 0x883841e2), TOBN(0x8ec25b39, 0x38725381),
+     TOBN(0x2553ed05, 0x96f84395), TOBN(0x095c7661, 0x6f6c6897),
+     TOBN(0x917ac85c, 0x4bdc5610), TOBN(0xb2885fe4, 0x179eb301),
+     TOBN(0x5fc65547, 0x8b78bdcc), TOBN(0x4a9fc893, 0xe59e4699),
+     TOBN(0xbb7ff0cd, 0x3ce299af), TOBN(0x195be9b3, 0xadf38b20),
+     TOBN(0x6a929c87, 0xd38ddb8f), TOBN(0x55fcc99c, 0xb21a51b9),
+     TOBN(0x2b695b4c, 0x721a4593), TOBN(0xed1e9a15, 0x768eaac2),
+     TOBN(0xfb63d71c, 0x7489f914), TOBN(0xf98ba31c, 0x78118910),
+     TOBN(0x80291373, 0x9b128eb4), TOBN(0x7801214e, 0xd448af4a),
+     TOBN(0xdbd2e22b, 0x55418dd3), TOBN(0xeffb3c0d, 0xd3998242),
+     TOBN(0xdfa6077c, 0xc7bf3827), TOBN(0xf2165bcb, 0x47f8238f),
+     TOBN(0xfe37cf68, 0x8564d554), TOBN(0xe5f825c4, 0x0a81fb98),
+     TOBN(0x43cc4f67, 0xffed4d6f), TOBN(0xbc609578, 0xb50a34b0),
+     TOBN(0x8aa8fcf9, 0x5041faf1), TOBN(0x5659f053, 0x651773b6),
+     TOBN(0xe87582c3, 0x6044d63b), TOBN(0xa6089409, 0x0cdb0ca0),
+     TOBN(0x8c993e0f, 0xbfb2bcf6), TOBN(0xfc64a719, 0x45985cfc),
+     TOBN(0x15c4da80, 0x83dbedba), TOBN(0x804ae112, 0x2be67df7),
+     TOBN(0xda4c9658, 0xa23defde), TOBN(0x12002ddd, 0x5156e0d3),
+     TOBN(0xe68eae89, 0x5dd21b96), TOBN(0x8b99f28b, 0xcf44624d),
+     TOBN(0x0ae00808, 0x1ec8897a), TOBN(0xdd0a9303, 0x6712f76e),
+     TOBN(0x96237522, 0x4e233de4), TOBN(0x192445b1, 0x2b36a8a5),
+     TOBN(0xabf9ff74, 0x023993d9), TOBN(0x21f37bf4, 0x2aad4a8f),
+     TOBN(0x340a4349, 0xf8bd2bbd), TOBN(0x1d902cd9, 0x4868195d),
+     TOBN(0x3d27bbf1, 0xe5fdb6f1), TOBN(0x7a5ab088, 0x124f9f1c),
+     TOBN(0xc466ab06, 0xf7a09e03), TOBN(0x2f8a1977, 0x31f2c123),
+     TOBN(0xda355dc7, 0x041b6657), TOBN(0xcb840d12, 0x8ece2a7c),
+     TOBN(0xb600ad9f, 0x7db32675), TOBN(0x78fea133, 0x07a06f1b),
+     TOBN(0x5d032269, 0xb31f6094), TOBN(0x07753ef5, 0x83ec37aa),
+     TOBN(0x03485aed, 0x9c0bea78), TOBN(0x41bb3989, 0xbc3f4524),
+     TOBN(0x09403761, 0x697f726d), TOBN(0x6109beb3, 0xdf394820),
+     TOBN(0x804111ea, 0x3b6d1145), TOBN(0xb6271ea9, 0xa8582654),
+     TOBN(0x619615e6, 0x24e66562), TOBN(0xa2554945, 0xd7b6ad9c),
+     TOBN(0xd9c4985e, 0x99bfe35f), TOBN(0x9770ccc0, 0x7b51cdf6),
+     TOBN(0x7c327013, 0x92881832), TOBN(0x8777d45f, 0x286b26d1),
+     TOBN(0x9bbeda22, 0xd847999d), TOBN(0x03aa33b6, 0xc3525d32),
+     TOBN(0x4b7b96d4, 0x28a959a1), TOBN(0xbb3786e5, 0x31e5d234),
+     TOBN(0xaeb5d3ce, 0x6961f247), TOBN(0x20aa85af, 0x02f93d3f),
+     TOBN(0x9cd1ad3d, 0xd7a7ae4f), TOBN(0xbf6688f0, 0x781adaa8),
+     TOBN(0xb1b40e86, 0x7469cead), TOBN(0x1904c524, 0x309fca48),
+     TOBN(0x9b7312af, 0x4b54bbc7), TOBN(0xbe24bf8f, 0x593affa2),
+     TOBN(0xbe5e0790, 0xbd98764b), TOBN(0xa0f45f17, 0xa26e299e),
+     TOBN(0x4af0d2c2, 0x6b8fe4c7), TOBN(0xef170db1, 0x8ae8a3e6),
+     TOBN(0x0e8d61a0, 0x29e0ccc1), TOBN(0xcd53e87e, 0x60ad36ca),
+     TOBN(0x328c6623, 0xc8173822), TOBN(0x7ee1767d, 0xa496be55),
+     TOBN(0x89f13259, 0x648945af), TOBN(0x9e45a5fd, 0x25c8009c),
+     TOBN(0xaf2febd9, 0x1f61ab8c), TOBN(0x43f6bc86, 0x8a275385),
+     TOBN(0x87792348, 0xf2142e79), TOBN(0x17d89259, 0xc6e6238a),
+     TOBN(0x7536d2f6, 0x4a839d9b), TOBN(0x1f428fce, 0x76a1fbdc),
+     TOBN(0x1c109601, 0x0db06dfe), TOBN(0xbfc16bc1, 0x50a3a3cc),
+     TOBN(0xf9cbd9ec, 0x9b30f41b), TOBN(0x5b5da0d6, 0x00138cce),
+     TOBN(0xec1d0a48, 0x56ef96a7), TOBN(0xb47eb848, 0x982bf842),
+     TOBN(0x66deae32, 0xec3f700d), TOBN(0x4e43c42c, 0xaa1181e0),
+     TOBN(0xa1d72a31, 0xd1a4aa2a), TOBN(0x440d4668, 0xc004f3ce),
+     TOBN(0x0d6a2d3b, 0x45fe8a7a), TOBN(0x820e52e2, 0xfb128365),
+     TOBN(0x29ac5fcf, 0x25e51b09), TOBN(0x180cd2bf, 0x2023d159),
+     TOBN(0xa9892171, 0xa1ebf90e), TOBN(0xf97c4c87, 0x7c132181),
+     TOBN(0x9f1dc724, 0xc03dbb7e), TOBN(0xae043765, 0x018cbbe4),
+     TOBN(0xfb0b2a36, 0x0767d153), TOBN(0xa8e2f4d6, 0x249cbaeb),
+     TOBN(0x172a5247, 0xd95ea168), TOBN(0x1758fada, 0x2970764a),
+     TOBN(0xac803a51, 0x1d978169), TOBN(0x299cfe2e, 0xde77e01b),
+     TOBN(0x652a1e17, 0xb0a98927), TOBN(0x2e26e1d1, 0x20014495),
+     TOBN(0x7ae0af9f, 0x7175b56a), TOBN(0xc2e22a80, 0xd64b9f95),
+     TOBN(0x4d0ff9fb, 0xd90a060a), TOBN(0x496a27db, 0xbaf38085),
+     TOBN(0x32305401, 0xda776bcf), TOBN(0xb8cdcef6, 0x725f209e),
+     TOBN(0x61ba0f37, 0x436a0bba), TOBN(0x263fa108, 0x76860049),
+     TOBN(0x92beb98e, 0xda3542cf), TOBN(0xa2d4d14a, 0xd5849538),
+     TOBN(0x989b9d68, 0x12e9a1bc), TOBN(0x61d9075c, 0x5f6e3268),
+     TOBN(0x352c6aa9, 0x99ace638), TOBN(0xde4e4a55, 0x920f43ff),
+     TOBN(0xe5e4144a, 0xd673c017), TOBN(0x667417ae, 0x6f6e05ea),
+     TOBN(0x613416ae, 0xdcd1bd56), TOBN(0x5eb36201, 0x86693711),
+     TOBN(0x2d7bc504, 0x3a1aa914), TOBN(0x175a1299, 0x76dc5975),
+     TOBN(0xe900e0f2, 0x3fc8125c), TOBN(0x569ef68c, 0x11198875),
+     TOBN(0x9012db63, 0x63a113b4), TOBN(0xe3bd3f56, 0x98835766),
+     TOBN(0xa5c94a52, 0x76412dea), TOBN(0xad9e2a09, 0xaa735e5c),
+     TOBN(0x405a984c, 0x508b65e9), TOBN(0xbde4a1d1, 0x6df1a0d1),
+     TOBN(0x1a9433a1, 0xdfba80da), TOBN(0xe9192ff9, 0x9440ad2e),
+     TOBN(0x9f649696, 0x5099fe92), TOBN(0x25ddb65c, 0x0b27a54a),
+     TOBN(0x178279dd, 0xc590da61), TOBN(0x5479a999, 0xfbde681a),
+     TOBN(0xd0e84e05, 0x013fe162), TOBN(0xbe11dc92, 0x632d471b),
+     TOBN(0xdf0b0c45, 0xfc0e089f), TOBN(0x04fb15b0, 0x4c144025),
+     TOBN(0xa61d5fc2, 0x13c99927), TOBN(0xa033e9e0, 0x3de2eb35),
+     TOBN(0xf8185d5c, 0xb8dacbb4), TOBN(0x9a88e265, 0x8644549d),
+     TOBN(0xf717af62, 0x54671ff6), TOBN(0x4bd4241b, 0x5fa58603),
+     TOBN(0x06fba40b, 0xe67773c0), TOBN(0xc1d933d2, 0x6a2847e9),
+     TOBN(0xf4f5acf3, 0x689e2c70), TOBN(0x92aab0e7, 0x46bafd31),
+     TOBN(0x798d76aa, 0x3473f6e5), TOBN(0xcc6641db, 0x93141934),
+     TOBN(0xcae27757, 0xd31e535e), TOBN(0x04cc43b6, 0x87c2ee11),
+     TOBN(0x8d1f9675, 0x2e029ffa), TOBN(0xc2150672, 0xe4cc7a2c),
+     TOBN(0x3b03c1e0, 0x8d68b013), TOBN(0xa9d6816f, 0xedf298f3),
+     TOBN(0x1bfbb529, 0xa2804464), TOBN(0x95a52fae, 0x5db22125),
+     TOBN(0x55b32160, 0x0e1cb64e), TOBN(0x004828f6, 0x7e7fc9fe),
+     TOBN(0x13394b82, 0x1bb0fb93), TOBN(0xb6293a2d, 0x35f1a920),
+     TOBN(0xde35ef21, 0xd145d2d9), TOBN(0xbe6225b3, 0xbb8fa603),
+     TOBN(0x00fc8f6b, 0x32cf252d), TOBN(0xa28e52e6, 0x117cf8c2),
+     TOBN(0x9d1dc89b, 0x4c371e6d), TOBN(0xcebe0675, 0x36ef0f28),
+     TOBN(0x5de05d09, 0xa4292f81), TOBN(0xa8303593, 0x353e3083),
+     TOBN(0xa1715b0a, 0x7e37a9bb), TOBN(0x8c56f61e, 0x2b8faec3),
+     TOBN(0x52507431, 0x33c9b102), TOBN(0x0130cefc, 0xa44431f0),
+     TOBN(0x56039fa0, 0xbd865cfb), TOBN(0x4b03e578, 0xbc5f1dd7),
+     TOBN(0x40edf2e4, 0xbabe7224), TOBN(0xc752496d, 0x3a1988f6),
+     TOBN(0xd1572d3b, 0x564beb6b), TOBN(0x0db1d110, 0x39a1c608),
+     TOBN(0x568d1934, 0x16f60126), TOBN(0x05ae9668, 0xf354af33),
+     TOBN(0x19de6d37, 0xc92544f2), TOBN(0xcc084353, 0xa35837d5),
+     TOBN(0xcbb6869c, 0x1a514ece), TOBN(0xb633e728, 0x2e1d1066),
+     TOBN(0xf15dd69f, 0x936c581c), TOBN(0x96e7b8ce, 0x7439c4f9),
+     TOBN(0x5e676f48, 0x2e448a5b), TOBN(0xb2ca7d5b, 0xfd916bbb),
+     TOBN(0xd55a2541, 0xf5024025), TOBN(0x47bc5769, 0xe4c2d937),
+     TOBN(0x7d31b92a, 0x0362189f), TOBN(0x83f3086e, 0xef7816f9),
+     TOBN(0xf9f46d94, 0xb587579a), TOBN(0xec2d22d8, 0x30e76c5f),
+     TOBN(0x27d57461, 0xb000ffcf), TOBN(0xbb7e65f9, 0x364ffc2c),
+     TOBN(0x7c7c9477, 0x6652a220), TOBN(0x61618f89, 0xd696c981),
+     TOBN(0x5021701d, 0x89effff3), TOBN(0xf2c8ff8e, 0x7c314163),
+     TOBN(0x2da413ad, 0x8efb4d3e), TOBN(0x937b5adf, 0xce176d95),
+     TOBN(0x22867d34, 0x2a67d51c), TOBN(0x262b9b10, 0x18eb3ac9),
+     TOBN(0x4e314fe4, 0xc43ff28b), TOBN(0x76476627, 0x6a664e7a),
+     TOBN(0x3e90e40b, 0xb7a565c2), TOBN(0x8588993a, 0xc1acf831),
+     TOBN(0xd7b501d6, 0x8f938829), TOBN(0x996627ee, 0x3edd7d4c),
+     TOBN(0x37d44a62, 0x90cd34c7), TOBN(0xa8327499, 0xf3833e8d),
+     TOBN(0x2e18917d, 0x4bf50353), TOBN(0x85dd726b, 0x556765fb),
+     TOBN(0x54fe65d6, 0x93d5ab66), TOBN(0x3ddbaced, 0x915c25fe),
+     TOBN(0xa799d9a4, 0x12f22e85), TOBN(0xe2a24867, 0x6d06f6bc),
+     TOBN(0xf4f1ee56, 0x43ca1637), TOBN(0xfda2828b, 0x61ece30a),
+     TOBN(0x758c1a3e, 0xa2dee7a6), TOBN(0xdcde2f3c, 0x734b2284),
+     TOBN(0xaba445d2, 0x4eaba6ad), TOBN(0x35aaf668, 0x76cee0a7),
+     TOBN(0x7e0b04a9, 0xe5aa049a), TOBN(0xe74083ad, 0x91103e84),
+     TOBN(0xbeb183ce, 0x40afecc3), TOBN(0x6b89de9f, 0xea043f7a),}
+    ,
+    {TOBN(0x0e299d23, 0xfe67ba66), TOBN(0x91450760, 0x93cf2f34),
+     TOBN(0xf45b5ea9, 0x97fcf913), TOBN(0x5be00843, 0x8bd7ddda),
+     TOBN(0x358c3e05, 0xd53ff04d), TOBN(0xbf7ccdc3, 0x5de91ef7),
+     TOBN(0xad684dbf, 0xb69ec1a0), TOBN(0x367e7cf2, 0x801fd997),
+     TOBN(0x0ca1f3b7, 0xb0dc8595), TOBN(0x27de4608, 0x9f1d9f2e),
+     TOBN(0x1af3bf39, 0xbadd82a7), TOBN(0x79356a79, 0x65862448),
+     TOBN(0xc0602345, 0xf5f9a052), TOBN(0x1a8b0f89, 0x139a42f9),
+     TOBN(0xb53eee42, 0x844d40fc), TOBN(0x93b0bfe5, 0x4e5b6368),
+     TOBN(0x5434dd02, 0xc024789c), TOBN(0x90dca9ea, 0x41b57bfc),
+     TOBN(0x8aa898e2, 0x243398df), TOBN(0xf607c834, 0x894a94bb),
+     TOBN(0xbb07be97, 0xc2c99b76), TOBN(0x6576ba67, 0x18c29302),
+     TOBN(0x3d79efcc, 0xe703a88c), TOBN(0xf259ced7, 0xb6a0d106),
+     TOBN(0x0f893a5d, 0xc8de610b), TOBN(0xe8c515fb, 0x67e223ce),
+     TOBN(0x7774bfa6, 0x4ead6dc5), TOBN(0x89d20f95, 0x925c728f),
+     TOBN(0x7a1e0966, 0x098583ce), TOBN(0xa2eedb94, 0x93f2a7d7),
+     TOBN(0x1b282097, 0x4c304d4a), TOBN(0x0842e3da, 0xc077282d),
+     TOBN(0xe4d972a3, 0x3b9e2d7b), TOBN(0x7cc60b27, 0xc48218ff),
+     TOBN(0x8fc70838, 0x84149d91), TOBN(0x5c04346f, 0x2f461ecc),
+     TOBN(0xebe9fdf2, 0x614650a9), TOBN(0x5e35b537, 0xc1f666ac),
+     TOBN(0x645613d1, 0x88babc83), TOBN(0x88cace3a, 0xc5e1c93e),
+     TOBN(0x209ca375, 0x3de92e23), TOBN(0xccb03cc8, 0x5fbbb6e3),
+     TOBN(0xccb90f03, 0xd7b1487e), TOBN(0xfa9c2a38, 0xc710941f),
+     TOBN(0x756c3823, 0x6724ceed), TOBN(0x3a902258, 0x192d0323),
+     TOBN(0xb150e519, 0xea5e038e), TOBN(0xdcba2865, 0xc7427591),
+     TOBN(0xe549237f, 0x78890732), TOBN(0xc443bef9, 0x53fcb4d9),
+     TOBN(0x9884d8a6, 0xeb3480d6), TOBN(0x8a35b6a1, 0x3048b186),
+     TOBN(0xb4e44716, 0x65e9a90a), TOBN(0x45bf380d, 0x653006c0),
+     TOBN(0x8f3f820d, 0x4fe9ae3b), TOBN(0x244a35a0, 0x979a3b71),
+     TOBN(0xa1010e9d, 0x74cd06ff), TOBN(0x9c17c7df, 0xaca3eeac),
+     TOBN(0x74c86cd3, 0x8063aa2b), TOBN(0x8595c4b3, 0x734614ff),
+     TOBN(0xa3de00ca, 0x990f62cc), TOBN(0xd9bed213, 0xca0c3be5),
+     TOBN(0x7886078a, 0xdf8ce9f5), TOBN(0xddb27ce3, 0x5cd44444),
+     TOBN(0xed374a66, 0x58926ddd), TOBN(0x138b2d49, 0x908015b8),
+     TOBN(0x886c6579, 0xde1f7ab8), TOBN(0x888b9aa0, 0xc3020b7a),
+     TOBN(0xd3ec034e, 0x3a96e355), TOBN(0xba65b0b8, 0xf30fbe9a),
+     TOBN(0x064c8e50, 0xff21367a), TOBN(0x1f508ea4, 0x0b04b46e),
+     TOBN(0x98561a49, 0x747c866c), TOBN(0xbbb1e5fe, 0x0518a062),
+     TOBN(0x20ff4e8b, 0xecdc3608), TOBN(0x7f55cded, 0x20184027),
+     TOBN(0x8d73ec95, 0xf38c85f0), TOBN(0x5b589fdf, 0x8bc3b8c3),
+     TOBN(0xbe95dd98, 0x0f12b66f), TOBN(0xf5bd1a09, 0x0e338e01),
+     TOBN(0x65163ae5, 0x5e915918), TOBN(0x6158d6d9, 0x86f8a46b),
+     TOBN(0x8466b538, 0xeeebf99c), TOBN(0xca8761f6, 0xbca477ef),
+     TOBN(0xaf3449c2, 0x9ebbc601), TOBN(0xef3b0f41, 0xe0c3ae2f),
+     TOBN(0xaa6c577d, 0x5de63752), TOBN(0xe9166601, 0x64682a51),
+     TOBN(0x5a3097be, 0xfc15aa1e), TOBN(0x40d12548, 0xb54b0745),
+     TOBN(0x5bad4706, 0x519a5f12), TOBN(0xed03f717, 0xa439dee6),
+     TOBN(0x0794bb6c, 0x4a02c499), TOBN(0xf725083d, 0xcffe71d2),
+     TOBN(0x2cad7519, 0x0f3adcaf), TOBN(0x7f68ea1c, 0x43729310),
+     TOBN(0xe747c8c7, 0xb7ffd977), TOBN(0xec104c35, 0x80761a22),
+     TOBN(0x8395ebaf, 0x5a3ffb83), TOBN(0xfb3261f4, 0xe4b63db7),
+     TOBN(0x53544960, 0xd883e544), TOBN(0x13520d70, 0x8cc2eeb8),
+     TOBN(0x08f6337b, 0xd3d65f99), TOBN(0x83997db2, 0x781cf95b),
+     TOBN(0xce6ff106, 0x0dbd2c01), TOBN(0x4f8eea6b, 0x1f9ce934),
+     TOBN(0x546f7c4b, 0x0e993921), TOBN(0x6236a324, 0x5e753fc7),
+     TOBN(0x65a41f84, 0xa16022e9), TOBN(0x0c18d878, 0x43d1dbb2),
+     TOBN(0x73c55640, 0x2d4cef9c), TOBN(0xa0428108, 0x70444c74),
+     TOBN(0x68e4f15e, 0x9afdfb3c), TOBN(0x49a56143, 0x5bdfb6df),
+     TOBN(0xa9bc1bd4, 0x5f823d97), TOBN(0xbceb5970, 0xea111c2a),
+     TOBN(0x366b455f, 0xb269bbc4), TOBN(0x7cd85e1e, 0xe9bc5d62),
+     TOBN(0xc743c41c, 0x4f18b086), TOBN(0xa4b40990, 0x95294fb9),
+     TOBN(0x9c7c581d, 0x26ee8382), TOBN(0xcf17dcc5, 0x359d638e),
+     TOBN(0xee8273ab, 0xb728ae3d), TOBN(0x1d112926, 0xf821f047),
+     TOBN(0x11498477, 0x50491a74), TOBN(0x687fa761, 0xfde0dfb9),
+     TOBN(0x2c258022, 0x7ea435ab), TOBN(0x6b8bdb94, 0x91ce7e3f),
+     TOBN(0x4c5b5dc9, 0x3bf834aa), TOBN(0x04371819, 0x4f6c7e4b),
+     TOBN(0xc284e00a, 0x3736bcad), TOBN(0x0d881118, 0x21ae8f8d),
+     TOBN(0xf9cf0f82, 0xf48c8e33), TOBN(0xa11fd075, 0xa1bf40db),
+     TOBN(0xdceab0de, 0xdc2733e5), TOBN(0xc560a8b5, 0x8e986bd7),
+     TOBN(0x48dd1fe2, 0x3929d097), TOBN(0x3885b290, 0x92f188f1),
+     TOBN(0x0f2ae613, 0xda6fcdac), TOBN(0x9054303e, 0xb662a46c),
+     TOBN(0xb6871e44, 0x0738042a), TOBN(0x98e6a977, 0xbdaf6449),
+     TOBN(0xd8bc0650, 0xd1c9df1b), TOBN(0xef3d6451, 0x36e098f9),
+     TOBN(0x03fbae82, 0xb6d72d28), TOBN(0x77ca9db1, 0xf5d84080),
+     TOBN(0x8a112cff, 0xa58efc1c), TOBN(0x518d761c, 0xc564cb4a),
+     TOBN(0x69b5740e, 0xf0d1b5ce), TOBN(0x717039cc, 0xe9eb1785),
+     TOBN(0x3fe29f90, 0x22f53382), TOBN(0x8e54ba56, 0x6bc7c95c),
+     TOBN(0x9c806d8a, 0xf7f91d0f), TOBN(0x3b61b0f1, 0xa82a5728),
+     TOBN(0x4640032d, 0x94d76754), TOBN(0x273eb5de, 0x47d834c6),
+     TOBN(0x2988abf7, 0x7b4e4d53), TOBN(0xb7ce66bf, 0xde401777),
+     TOBN(0x9fba6b32, 0x715071b3), TOBN(0x82413c24, 0xad3a1a98),
+     TOBN(0x5b7fc8c4, 0xe0e8ad93), TOBN(0xb5679aee, 0x5fab868d),
+     TOBN(0xb1f9d2fa, 0x2b3946f3), TOBN(0x458897dc, 0x5685b50a),
+     TOBN(0x1e98c930, 0x89d0caf3), TOBN(0x39564c5f, 0x78642e92),
+     TOBN(0x1b77729a, 0x0dbdaf18), TOBN(0xf9170722, 0x579e82e6),
+     TOBN(0x680c0317, 0xe4515fa5), TOBN(0xf85cff84, 0xfb0c790f),
+     TOBN(0xc7a82aab, 0x6d2e0765), TOBN(0x7446bca9, 0x35c82b32),
+     TOBN(0x5de607aa, 0x6d63184f), TOBN(0x7c1a46a8, 0x262803a6),
+     TOBN(0xd218313d, 0xaebe8035), TOBN(0x92113ffd, 0xc73c51f8),
+     TOBN(0x4b38e083, 0x12e7e46c), TOBN(0x69d0a37a, 0x56126bd5),
+     TOBN(0xfb3f324b, 0x73c07e04), TOBN(0xa0c22f67, 0x8fda7267),
+     TOBN(0x8f2c0051, 0x4d2c7d8f), TOBN(0xbc45ced3, 0xcbe2cae5),
+     TOBN(0xe1c6cf07, 0xa8f0f277), TOBN(0xbc392312, 0x1eb99a98),
+     TOBN(0x75537b7e, 0x3cc8ac85), TOBN(0x8d725f57, 0xdd02753b),
+     TOBN(0xfd05ff64, 0xb737df2f), TOBN(0x55fe8712, 0xf6d2531d),
+     TOBN(0x57ce04a9, 0x6ab6b01c), TOBN(0x69a02a89, 0x7cd93724),
+     TOBN(0x4f82ac35, 0xcf86699b), TOBN(0x8242d3ad, 0x9cb4b232),
+     TOBN(0x713d0f65, 0xd62105e5), TOBN(0xbb222bfa, 0x2d29be61),
+     TOBN(0xf2f9a79e, 0x6cfbef09), TOBN(0xfc24d8d3, 0xd5d6782f),
+     TOBN(0x5db77085, 0xd4129967), TOBN(0xdb81c3cc, 0xdc3c2a43),
+     TOBN(0x9d655fc0, 0x05d8d9a3), TOBN(0x3f5d057a, 0x54298026),
+     TOBN(0x1157f56d, 0x88c54694), TOBN(0xb26baba5, 0x9b09573e),
+     TOBN(0x2cab03b0, 0x22adffd1), TOBN(0x60a412c8, 0xdd69f383),
+     TOBN(0xed76e98b, 0x54b25039), TOBN(0xd4ee67d3, 0x687e714d),
+     TOBN(0x87739648, 0x7b00b594), TOBN(0xce419775, 0xc9ef709b),
+     TOBN(0x40f76f85, 0x1c203a40), TOBN(0x30d352d6, 0xeafd8f91),
+     TOBN(0xaf196d3d, 0x95578dd2), TOBN(0xea4bb3d7, 0x77cc3f3d),
+     TOBN(0x42a5bd03, 0xb98e782b), TOBN(0xac958c40, 0x0624920d),
+     TOBN(0xb838134c, 0xfc56fcc8), TOBN(0x86ec4ccf, 0x89572e5e),
+     TOBN(0x69c43526, 0x9be47be0), TOBN(0x323b7dd8, 0xcb28fea1),
+     TOBN(0xfa5538ba, 0x3a6c67e5), TOBN(0xef921d70, 0x1d378e46),
+     TOBN(0xf92961fc, 0x3c4b880e), TOBN(0x3f6f914e, 0x98940a67),
+     TOBN(0xa990eb0a, 0xfef0ff39), TOBN(0xa6c2920f, 0xf0eeff9c),
+     TOBN(0xca804166, 0x51b8d9a3), TOBN(0x42531bc9, 0x0ffb0db1),
+     TOBN(0x72ce4718, 0xaa82e7ce), TOBN(0x6e199913, 0xdf574741),
+     TOBN(0xd5f1b13d, 0xd5d36946), TOBN(0x8255dc65, 0xf68f0194),
+     TOBN(0xdc9df4cd, 0x8710d230), TOBN(0x3453c20f, 0x138c1988),
+     TOBN(0x9af98dc0, 0x89a6ef01), TOBN(0x4dbcc3f0, 0x9857df85),
+     TOBN(0x34805601, 0x5c1ad924), TOBN(0x40448da5, 0xd0493046),
+     TOBN(0xf629926d, 0x4ee343e2), TOBN(0x6343f1bd, 0x90e8a301),
+     TOBN(0xefc93491, 0x40815b3f), TOBN(0xf882a423, 0xde8f66fb),
+     TOBN(0x3a12d5f4, 0xe7db9f57), TOBN(0x7dfba38a, 0x3c384c27),
+     TOBN(0x7a904bfd, 0x6fc660b1), TOBN(0xeb6c5db3, 0x2773b21c),
+     TOBN(0xc350ee66, 0x1cdfe049), TOBN(0x9baac0ce, 0x44540f29),
+     TOBN(0xbc57b6ab, 0xa5ec6aad), TOBN(0x167ce8c3, 0x0a7c1baa),
+     TOBN(0xb23a03a5, 0x53fb2b56), TOBN(0x6ce141e7, 0x4e057f78),
+     TOBN(0x796525c3, 0x89e490d9), TOBN(0x0bc95725, 0xa31a7e75),
+     TOBN(0x1ec56791, 0x1220fd06), TOBN(0x716e3a3c, 0x408b0bd6),
+     TOBN(0x31cd6bf7, 0xe8ebeba9), TOBN(0xa7326ca6, 0xbee6b670),
+     TOBN(0x3d9f851c, 0xcd090c43), TOBN(0x561e8f13, 0xf12c3988),
+     TOBN(0x50490b6a, 0x904b7be4), TOBN(0x61690ce1, 0x0410737b),
+     TOBN(0x299e9a37, 0x0f009052), TOBN(0x258758f0, 0xf026092e),
+     TOBN(0x9fa255f3, 0xfdfcdc0f), TOBN(0xdbc9fb1f, 0xc0e1bcd2),
+     TOBN(0x35f9dd6e, 0x24651840), TOBN(0xdca45a84, 0xa5c59abc),
+     TOBN(0x103d396f, 0xecca4938), TOBN(0x4532da0a, 0xb97b3f29),
+     TOBN(0xc4135ea5, 0x1999a6bf), TOBN(0x3aa9505a, 0x5e6bf2ee),
+     TOBN(0xf77cef06, 0x3f5be093), TOBN(0x97d1a0f8, 0xa943152e),
+     TOBN(0x2cb0ebba, 0x2e1c21dd), TOBN(0xf41b29fc, 0x2c6797c4),
+     TOBN(0xc6e17321, 0xb300101f), TOBN(0x4422b0e9, 0xd0d79a89),
+     TOBN(0x49e4901c, 0x92f1bfc4), TOBN(0x06ab1f8f, 0xe1e10ed9),
+     TOBN(0x84d35577, 0xdb2926b8), TOBN(0xca349d39, 0x356e8ec2),
+     TOBN(0x70b63d32, 0x343bf1a9), TOBN(0x8fd3bd28, 0x37d1a6b1),
+     TOBN(0x0454879c, 0x316865b4), TOBN(0xee959ff6, 0xc458efa2),
+     TOBN(0x0461dcf8, 0x9706dc3f), TOBN(0x737db0e2, 0x164e4b2e),
+     TOBN(0x09262680, 0x2f8843c8), TOBN(0x54498bbc, 0x7745e6f6),
+     TOBN(0x359473fa, 0xa29e24af), TOBN(0xfcc3c454, 0x70aa87a1),
+     TOBN(0xfd2c4bf5, 0x00573ace), TOBN(0xb65b514e, 0x28dd1965),
+     TOBN(0xe46ae7cf, 0x2193e393), TOBN(0x60e9a4e1, 0xf5444d97),
+     TOBN(0xe7594e96, 0x00ff38ed), TOBN(0x43d84d2f, 0x0a0e0f02),
+     TOBN(0x8b6db141, 0xee398a21), TOBN(0xb88a56ae, 0xe3bcc5be),
+     TOBN(0x0a1aa52f, 0x373460ea), TOBN(0x20da1a56, 0x160bb19b),
+     TOBN(0xfb54999d, 0x65bf0384), TOBN(0x71a14d24, 0x5d5a180e),
+     TOBN(0xbc44db7b, 0x21737b04), TOBN(0xd84fcb18, 0x01dd8e92),
+     TOBN(0x80de937b, 0xfa44b479), TOBN(0x53505499, 0x5c98fd4f),
+     TOBN(0x1edb12ab, 0x28f08727), TOBN(0x4c58b582, 0xa5f3ef53),
+     TOBN(0xbfb236d8, 0x8327f246), TOBN(0xc3a3bfaa, 0x4d7df320),
+     TOBN(0xecd96c59, 0xb96024f2), TOBN(0xfc293a53, 0x7f4e0433),
+     TOBN(0x5341352b, 0x5acf6e10), TOBN(0xc50343fd, 0xafe652c3),
+     TOBN(0x4af3792d, 0x18577a7f), TOBN(0xe1a4c617, 0xaf16823d),
+     TOBN(0x9b26d0cd, 0x33425d0a), TOBN(0x306399ed, 0x9b7bc47f),
+     TOBN(0x2a792f33, 0x706bb20b), TOBN(0x31219614, 0x98111055),
+     TOBN(0x864ec064, 0x87f5d28b), TOBN(0x11392d91, 0x962277fd),
+     TOBN(0xb5aa7942, 0xbb6aed5f), TOBN(0x080094dc, 0x47e799d9),
+     TOBN(0x4afa588c, 0x208ba19b), TOBN(0xd3e7570f, 0x8512f284),
+     TOBN(0xcbae64e6, 0x02f5799a), TOBN(0xdeebe7ef, 0x514b9492),
+     TOBN(0x30300f98, 0xe5c298ff), TOBN(0x17f561be, 0x3678361f),
+     TOBN(0xf52ff312, 0x98cb9a16), TOBN(0x6233c3bc, 0x5562d490),
+     TOBN(0x7bfa15a1, 0x92e3a2cb), TOBN(0x961bcfd1, 0xe6365119),
+     TOBN(0x3bdd29bf, 0x2c8c53b1), TOBN(0x739704df, 0x822844ba),
+     TOBN(0x7dacfb58, 0x7e7b754b), TOBN(0x23360791, 0xa806c9b9),
+     TOBN(0xe7eb88c9, 0x23504452), TOBN(0x2983e996, 0x852c1783),
+     TOBN(0xdd4ae529, 0x958d881d), TOBN(0x026bae03, 0x262c7b3c),
+     TOBN(0x3a6f9193, 0x960b52d1), TOBN(0xd0980f90, 0x92696cfb),
+     TOBN(0x4c1f428c, 0xd5f30851), TOBN(0x94dfed27, 0x2a4f6630),
+     TOBN(0x4df53772, 0xfc5d48a4), TOBN(0xdd2d5a2f, 0x933260ce),
+     TOBN(0x574115bd, 0xd44cc7a5), TOBN(0x4ba6b20d, 0xbd12533a),
+     TOBN(0x30e93cb8, 0x243057c9), TOBN(0x794c486a, 0x14de320e),
+     TOBN(0xe925d4ce, 0xf21496e4), TOBN(0xf951d198, 0xec696331),
+     TOBN(0x9810e2de, 0x3e8d812f), TOBN(0xd0a47259, 0x389294ab),
+     TOBN(0x513ba2b5, 0x0e3bab66), TOBN(0x462caff5, 0xabad306f),
+     TOBN(0xe2dc6d59, 0xaf04c49e), TOBN(0x1aeb8750, 0xe0b84b0b),
+     TOBN(0xc034f12f, 0x2f7d0ca2), TOBN(0x6d2e8128, 0xe06acf2f),
+     TOBN(0x801f4f83, 0x21facc2f), TOBN(0xa1170c03, 0xf40ef607),
+     TOBN(0xfe0a1d4f, 0x7805a99c), TOBN(0xbde56a36, 0xcc26aba5),
+     TOBN(0x5b1629d0, 0x35531f40), TOBN(0xac212c2b, 0x9afa6108),
+     TOBN(0x30a06bf3, 0x15697be5), TOBN(0x6f0545dc, 0x2c63c7c1),
+     TOBN(0x5d8cb842, 0x7ccdadaf), TOBN(0xd52e379b, 0xac7015bb),
+     TOBN(0xc4f56147, 0xf462c23e), TOBN(0xd44a4298, 0x46bc24b0),
+     TOBN(0xbc73d23a, 0xe2856d4f), TOBN(0x61cedd8c, 0x0832bcdf),
+     TOBN(0x60953556, 0x99f241d7), TOBN(0xee4adbd7, 0x001a349d),
+     TOBN(0x0b35bf6a, 0xaa89e491), TOBN(0x7f0076f4, 0x136f7546),
+     TOBN(0xd19a18ba, 0x9264da3d), TOBN(0x6eb2d2cd, 0x62a7a28b),
+     TOBN(0xcdba941f, 0x8761c971), TOBN(0x1550518b, 0xa3be4a5d),
+     TOBN(0xd0e8e2f0, 0x57d0b70c), TOBN(0xeea8612e, 0xcd133ba3),
+     TOBN(0x814670f0, 0x44416aec), TOBN(0x424db6c3, 0x30775061),
+     TOBN(0xd96039d1, 0x16213fd1), TOBN(0xc61e7fa5, 0x18a3478f),
+     TOBN(0xa805bdcc, 0xcb0c5021), TOBN(0xbdd6f3a8, 0x0cc616dd),
+     TOBN(0x06009667, 0x5d97f7e2), TOBN(0x31db0fc1, 0xaf0bf4b6),
+     TOBN(0x23680ed4, 0x5491627a), TOBN(0xb99a3c66, 0x7d741fb1),
+     TOBN(0xe9bb5f55, 0x36b1ff92), TOBN(0x29738577, 0x512b388d),
+     TOBN(0xdb8a2ce7, 0x50fcf263), TOBN(0x385346d4, 0x6c4f7b47),
+     TOBN(0xbe86c5ef, 0x31631f9e), TOBN(0xbf91da21, 0x03a57a29),
+     TOBN(0xc3b1f796, 0x7b23f821), TOBN(0x0f7d00d2, 0x770db354),
+     TOBN(0x8ffc6c3b, 0xd8fe79da), TOBN(0xcc5e8c40, 0xd525c996),
+     TOBN(0x4640991d, 0xcfff632a), TOBN(0x64d97e8c, 0x67112528),
+     TOBN(0xc232d973, 0x02f1cd1e), TOBN(0xce87eacb, 0x1dd212a4),
+     TOBN(0x6e4c8c73, 0xe69802f7), TOBN(0x12ef0290, 0x1fffddbd),
+     TOBN(0x941ec74e, 0x1bcea6e2), TOBN(0xd0b54024, 0x3cb92cbb),
+     TOBN(0x809fb9d4, 0x7e8f9d05), TOBN(0x3bf16159, 0xf2992aae),
+     TOBN(0xad40f279, 0xf8a7a838), TOBN(0x11aea631, 0x05615660),
+     TOBN(0xbf52e6f1, 0xa01f6fa1), TOBN(0xef046995, 0x3dc2aec9),
+     TOBN(0x785dbec9, 0xd8080711), TOBN(0xe1aec60a, 0x9fdedf76),
+     TOBN(0xece797b5, 0xfa21c126), TOBN(0xc66e898f, 0x05e52732),
+     TOBN(0x39bb69c4, 0x08811fdb), TOBN(0x8bfe1ef8, 0x2fc7f082),
+     TOBN(0xc8e7a393, 0x174f4138), TOBN(0xfba8ad1d, 0xd58d1f98),
+     TOBN(0xbc21d0ce, 0xbfd2fd5b), TOBN(0x0b839a82, 0x6ee60d61),
+     TOBN(0xaacf7658, 0xafd22253), TOBN(0xb526bed8, 0xaae396b3),
+     TOBN(0xccc1bbc2, 0x38564464), TOBN(0x9e3ff947, 0x8c45bc73),
+     TOBN(0xcde9bca3, 0x58188a78), TOBN(0x138b8ee0, 0xd73bf8f7),
+     TOBN(0x5c7e234c, 0x4123c489), TOBN(0x66e69368, 0xfa643297),
+     TOBN(0x0629eeee, 0x39a15fa3), TOBN(0x95fab881, 0xa9e2a927),
+     TOBN(0xb2497007, 0xeafbb1e1), TOBN(0xd75c9ce6, 0xe75b7a93),
+     TOBN(0x3558352d, 0xefb68d78), TOBN(0xa2f26699, 0x223f6396),
+     TOBN(0xeb911ecf, 0xe469b17a), TOBN(0x62545779, 0xe72d3ec2),
+     TOBN(0x8ea47de7, 0x82cb113f), TOBN(0xebe4b086, 0x4e1fa98d),
+     TOBN(0xec2d5ed7, 0x8cdfedb1), TOBN(0xa535c077, 0xfe211a74),
+     TOBN(0x9678109b, 0x11d244c5), TOBN(0xf17c8bfb, 0xbe299a76),
+     TOBN(0xb651412e, 0xfb11fbc4), TOBN(0xea0b5482, 0x94ab3f65),
+     TOBN(0xd8dffd95, 0x0cf78243), TOBN(0x2e719e57, 0xce0361d4),
+     TOBN(0x9007f085, 0x304ddc5b), TOBN(0x095e8c6d, 0x4daba2ea),
+     TOBN(0x5a33cdb4, 0x3f9d28a9), TOBN(0x85b95cd8, 0xe2283003),
+     TOBN(0xbcd6c819, 0xb9744733), TOBN(0x29c5f538, 0xfc7f5783),
+     TOBN(0x6c49b2fa, 0xd59038e4), TOBN(0x68349cc1, 0x3bbe1018),
+     TOBN(0xcc490c1d, 0x21830ee5), TOBN(0x36f9c4ee, 0xe9bfa297),
+     TOBN(0x58fd7294, 0x48de1a94), TOBN(0xaadb13a8, 0x4e8f2cdc),
+     TOBN(0x515eaaa0, 0x81313dba), TOBN(0xc76bb468, 0xc2152dd8),
+     TOBN(0x357f8d75, 0xa653dbf8), TOBN(0xe4d8c4d1, 0xb14ac143),
+     TOBN(0xbdb8e675, 0xb055cb40), TOBN(0x898f8e7b, 0x977b5167),
+     TOBN(0xecc65651, 0xb82fb863), TOBN(0x56544814, 0x6d88f01f),
+     TOBN(0xb0928e95, 0x263a75a9), TOBN(0xcfb6836f, 0x1a22fcda),
+     TOBN(0x651d14db, 0x3f3bd37c), TOBN(0x1d3837fb, 0xb6ad4664),
+     TOBN(0x7c5fb538, 0xff4f94ab), TOBN(0x7243c712, 0x6d7fb8f2),
+     TOBN(0xef13d60c, 0xa85c5287), TOBN(0x18cfb7c7, 0x4bb8dd1b),
+     TOBN(0x82f9bfe6, 0x72908219), TOBN(0x35c4592b, 0x9d5144ab),
+     TOBN(0x52734f37, 0x9cf4b42f), TOBN(0x6bac55e7, 0x8c60ddc4),
+     TOBN(0xb5cd811e, 0x94dea0f6), TOBN(0x259ecae4, 0xe18cc1a3),
+     TOBN(0x6a0e836e, 0x15e660f8), TOBN(0x6c639ea6, 0x0e02bff2),
+     TOBN(0x8721b8cb, 0x7e1026fd), TOBN(0x9e73b50b, 0x63261942),
+     TOBN(0xb8c70974, 0x77f01da3), TOBN(0x1839e6a6, 0x8268f57f),
+     TOBN(0x571b9415, 0x5150b805), TOBN(0x1892389e, 0xf92c7097),
+     TOBN(0x8d69c18e, 0x4a084b95), TOBN(0x7014c512, 0xbe5b495c),
+     TOBN(0x4780db36, 0x1b07523c), TOBN(0x2f6219ce, 0x2c1c64fa),
+     TOBN(0xc38b81b0, 0x602c105a), TOBN(0xab4f4f20, 0x5dc8e360),
+     TOBN(0x20d3c982, 0xcf7d62d2), TOBN(0x1f36e29d, 0x23ba8150),
+     TOBN(0x48ae0bf0, 0x92763f9e), TOBN(0x7a527e6b, 0x1d3a7007),
+     TOBN(0xb4a89097, 0x581a85e3), TOBN(0x1f1a520f, 0xdc158be5),
+     TOBN(0xf98db37d, 0x167d726e), TOBN(0x8802786e, 0x1113e862)}
+    ,
+    {TOBN(0xefb2149e, 0x36f09ab0), TOBN(0x03f163ca, 0x4a10bb5b),
+     TOBN(0xd0297045, 0x06e20998), TOBN(0x56f0af00, 0x1b5a3bab),
+     TOBN(0x7af4cfec, 0x70880e0d), TOBN(0x7332a66f, 0xbe3d913f),
+     TOBN(0x32e6c84a, 0x7eceb4bd), TOBN(0xedc4a79a, 0x9c228f55),
+     TOBN(0xc37c7dd0, 0xc55c4496), TOBN(0xa6a96357, 0x25bbabd2),
+     TOBN(0x5b7e63f2, 0xadd7f363), TOBN(0x9dce3782, 0x2e73f1df),
+     TOBN(0xe1e5a16a, 0xb2b91f71), TOBN(0xe4489823, 0x5ba0163c),
+     TOBN(0xf2759c32, 0xf6e515ad), TOBN(0xa5e2f1f8, 0x8615eecf),
+     TOBN(0x74519be7, 0xabded551), TOBN(0x03d358b8, 0xc8b74410),
+     TOBN(0x4d00b10b, 0x0e10d9a9), TOBN(0x6392b0b1, 0x28da52b7),
+     TOBN(0x6744a298, 0x0b75c904), TOBN(0xc305b0ae, 0xa8f7f96c),
+     TOBN(0x042e421d, 0x182cf932), TOBN(0xf6fc5d50, 0x9e4636ca),
+     TOBN(0x795847c9, 0xd64cc78c), TOBN(0x6c50621b, 0x9b6cb27b),
+     TOBN(0x07099bf8, 0xdf8022ab), TOBN(0x48f862eb, 0xc04eda1d),
+     TOBN(0xd12732ed, 0xe1603c16), TOBN(0x19a80e0f, 0x5c9a9450),
+     TOBN(0xe2257f54, 0xb429b4fc), TOBN(0x66d3b2c6, 0x45460515),
+     TOBN(0x6ca4f87e, 0x822e37be), TOBN(0x73f237b4, 0x253bda4e),
+     TOBN(0xf747f3a2, 0x41190aeb), TOBN(0xf06fa36f, 0x804cf284),
+     TOBN(0x0a6bbb6e, 0xfc621c12), TOBN(0x5d624b64, 0x40b80ec6),
+     TOBN(0x4b072425, 0x7ba556f3), TOBN(0x7fa0c354, 0x3e2d20a8),
+     TOBN(0xe921fa31, 0xe3229d41), TOBN(0xa929c652, 0x94531bd4),
+     TOBN(0x84156027, 0xa6d38209), TOBN(0xf3d69f73, 0x6bdb97bd),
+     TOBN(0x8906d19a, 0x16833631), TOBN(0x68a34c2e, 0x03d51be3),
+     TOBN(0xcb59583b, 0x0e511cd8), TOBN(0x99ce6bfd, 0xfdc132a8),
+     TOBN(0x3facdaaa, 0xffcdb463), TOBN(0x658bbc1a, 0x34a38b08),
+     TOBN(0x12a801f8, 0xf1a9078d), TOBN(0x1567bcf9, 0x6ab855de),
+     TOBN(0xe08498e0, 0x3572359b), TOBN(0xcf0353e5, 0x8659e68b),
+     TOBN(0xbb86e9c8, 0x7d23807c), TOBN(0xbc08728d, 0x2198e8a2),
+     TOBN(0x8de2b7bc, 0x453cadd6), TOBN(0x203900a7, 0xbc0bc1f8),
+     TOBN(0xbcd86e47, 0xa6abd3af), TOBN(0x911cac12, 0x8502effb),
+     TOBN(0x2d550242, 0xec965469), TOBN(0x0e9f7692, 0x29e0017e),
+     TOBN(0x633f078f, 0x65979885), TOBN(0xfb87d449, 0x4cf751ef),
+     TOBN(0xe1790e4b, 0xfc25419a), TOBN(0x36467203, 0x4bff3cfd),
+     TOBN(0xc8db6386, 0x25b6e83f), TOBN(0x6cc69f23, 0x6cad6fd2),
+     TOBN(0x0219e45a, 0x6bc68bb9), TOBN(0xe43d79b6, 0x297f7334),
+     TOBN(0x7d445368, 0x465dc97c), TOBN(0x4b9eea32, 0x2a0b949a),
+     TOBN(0x1b96c6ba, 0x6102d021), TOBN(0xeaafac78, 0x2f4461ea),
+     TOBN(0xd4b85c41, 0xc49f19a8), TOBN(0x275c28e4, 0xcf538875),
+     TOBN(0x35451a9d, 0xdd2e54e0), TOBN(0x6991adb5, 0x0605618b),
+     TOBN(0x5b8b4bcd, 0x7b36cd24), TOBN(0x372a4f8c, 0x56f37216),
+     TOBN(0xc890bd73, 0xa6a5da60), TOBN(0x6f083da0, 0xdc4c9ff0),
+     TOBN(0xf4e14d94, 0xf0536e57), TOBN(0xf9ee1eda, 0xaaec8243),
+     TOBN(0x571241ec, 0x8bdcf8e7), TOBN(0xa5db8271, 0x0b041e26),
+     TOBN(0x9a0b9a99, 0xe3fff040), TOBN(0xcaaf21dd, 0x7c271202),
+     TOBN(0xb4e2b2e1, 0x4f0dd2e8), TOBN(0xe77e7c4f, 0x0a377ac7),
+     TOBN(0x69202c3f, 0x0d7a2198), TOBN(0xf759b7ff, 0x28200eb8),
+     TOBN(0xc87526ed, 0xdcfe314e), TOBN(0xeb84c524, 0x53d5cf99),
+     TOBN(0xb1b52ace, 0x515138b6), TOBN(0x5aa7ff8c, 0x23fca3f4),
+     TOBN(0xff0b13c3, 0xb9791a26), TOBN(0x960022da, 0xcdd58b16),
+     TOBN(0xdbd55c92, 0x57aad2de), TOBN(0x3baaaaa3, 0xf30fe619),
+     TOBN(0x9a4b2346, 0x0d881efd), TOBN(0x506416c0, 0x46325e2a),
+     TOBN(0x91381e76, 0x035c18d4), TOBN(0xb3bb68be, 0xf27817b0),
+     TOBN(0x15bfb8bf, 0x5116f937), TOBN(0x7c64a586, 0xc1268943),
+     TOBN(0x71e25cc3, 0x8419a2c8), TOBN(0x9fd6b0c4, 0x8335f463),
+     TOBN(0x4bf0ba3c, 0xe8ee0e0e), TOBN(0x6f6fba60, 0x298c21fa),
+     TOBN(0x57d57b39, 0xae66bee0), TOBN(0x292d5130, 0x22672544),
+     TOBN(0xf451105d, 0xbab093b3), TOBN(0x012f59b9, 0x02839986),
+     TOBN(0x8a915802, 0x3474a89c), TOBN(0x048c919c, 0x2de03e97),
+     TOBN(0xc476a2b5, 0x91071cd5), TOBN(0x791ed89a, 0x034970a5),
+     TOBN(0x89bd9042, 0xe1b7994b), TOBN(0x8eaf5179, 0xa1057ffd),
+     TOBN(0x6066e2a2, 0xd551ee10), TOBN(0x87a8f1d8, 0x727e09a6),
+     TOBN(0x00d08bab, 0x2c01148d), TOBN(0x6da8e4f1, 0x424f33fe),
+     TOBN(0x466d17f0, 0xcf9a4e71), TOBN(0xff502010, 0x3bf5cb19),
+     TOBN(0xdccf97d8, 0xd062ecc0), TOBN(0x80c0d9af, 0x81d80ac4),
+     TOBN(0xe87771d8, 0x033f2876), TOBN(0xb0186ec6, 0x7d5cc3db),
+     TOBN(0x58e8bb80, 0x3bc9bc1d), TOBN(0x4d1395cc, 0x6f6ef60e),
+     TOBN(0xa73c62d6, 0x186244a0), TOBN(0x918e5f23, 0x110a5b53),
+     TOBN(0xed4878ca, 0x741b7eab), TOBN(0x3038d71a, 0xdbe03e51),
+     TOBN(0x840204b7, 0xa93c3246), TOBN(0x21ab6069, 0xa0b9b4cd),
+     TOBN(0xf5fa6e2b, 0xb1d64218), TOBN(0x1de6ad0e, 0xf3d56191),
+     TOBN(0x570aaa88, 0xff1929c7), TOBN(0xc6df4c6b, 0x640e87b5),
+     TOBN(0xde8a74f2, 0xc65f0ccc), TOBN(0x8b972fd5, 0xe6f6cc01),
+     TOBN(0x3fff36b6, 0x0b846531), TOBN(0xba7e45e6, 0x10a5e475),
+     TOBN(0x84a1d10e, 0x4145b6c5), TOBN(0xf1f7f91a, 0x5e046d9d),
+     TOBN(0x0317a692, 0x44de90d7), TOBN(0x951a1d4a, 0xf199c15e),
+     TOBN(0x91f78046, 0xc9d73deb), TOBN(0x74c82828, 0xfab8224f),
+     TOBN(0xaa6778fc, 0xe7560b90), TOBN(0xb4073e61, 0xa7e824ce),
+     TOBN(0xff0d693c, 0xd642eba8), TOBN(0x7ce2e57a, 0x5dccef38),
+     TOBN(0x89c2c789, 0x1df1ad46), TOBN(0x83a06922, 0x098346fd),
+     TOBN(0x2d715d72, 0xda2fc177), TOBN(0x7b6dd71d, 0x85b6cf1d),
+     TOBN(0xc60a6d0a, 0x73fa9cb0), TOBN(0xedd3992e, 0x328bf5a9),
+     TOBN(0xc380ddd0, 0x832c8c82), TOBN(0xd182d410, 0xa2a0bf50),
+     TOBN(0x7d9d7438, 0xd9a528db), TOBN(0xe8b1a0e9, 0xcaf53994),
+     TOBN(0xddd6e5fe, 0x0e19987c), TOBN(0xacb8df03, 0x190b059d),
+     TOBN(0x53703a32, 0x8300129f), TOBN(0x1f637662, 0x68c43bfd),
+     TOBN(0xbcbd1913, 0x00e54051), TOBN(0x812fcc62, 0x7bf5a8c5),
+     TOBN(0x3f969d5f, 0x29fb85da), TOBN(0x72f4e00a, 0x694759e8),
+     TOBN(0x426b6e52, 0x790726b7), TOBN(0x617bbc87, 0x3bdbb209),
+     TOBN(0x511f8bb9, 0x97aee317), TOBN(0x812a4096, 0xe81536a8),
+     TOBN(0x137dfe59, 0x3ac09b9b), TOBN(0x0682238f, 0xba8c9a7a),
+     TOBN(0x7072ead6, 0xaeccb4bd), TOBN(0x6a34e9aa, 0x692ba633),
+     TOBN(0xc82eaec2, 0x6fff9d33), TOBN(0xfb753512, 0x1d4d2b62),
+     TOBN(0x1a0445ff, 0x1d7aadab), TOBN(0x65d38260, 0xd5f6a67c),
+     TOBN(0x6e62fb08, 0x91cfb26f), TOBN(0xef1e0fa5, 0x5c7d91d6),
+     TOBN(0x47e7c7ba, 0x33db72cd), TOBN(0x017cbc09, 0xfa7c74b2),
+     TOBN(0x3c931590, 0xf50a503c), TOBN(0xcac54f60, 0x616baa42),
+     TOBN(0x9b6cd380, 0xb2369f0f), TOBN(0x97d3a70d, 0x23c76151),
+     TOBN(0x5f9dd6fc, 0x9862a9c6), TOBN(0x044c4ab2, 0x12312f51),
+     TOBN(0x035ea0fd, 0x834a2ddc), TOBN(0x49e6b862, 0xcc7b826d),
+     TOBN(0xb03d6883, 0x62fce490), TOBN(0x62f2497a, 0xb37e36e9),
+     TOBN(0x04b005b6, 0xc6458293), TOBN(0x36bb5276, 0xe8d10af7),
+     TOBN(0xacf2dc13, 0x8ee617b8), TOBN(0x470d2d35, 0xb004b3d4),
+     TOBN(0x06790832, 0xfeeb1b77), TOBN(0x2bb75c39, 0x85657f9c),
+     TOBN(0xd70bd4ed, 0xc0f60004), TOBN(0xfe797ecc, 0x219b018b),
+     TOBN(0x9b5bec2a, 0x753aebcc), TOBN(0xdaf9f3dc, 0xc939eca5),
+     TOBN(0xd6bc6833, 0xd095ad09), TOBN(0x98abdd51, 0xdaa4d2fc),
+     TOBN(0xd9840a31, 0x8d168be5), TOBN(0xcf7c10e0, 0x2325a23c),
+     TOBN(0xa5c02aa0, 0x7e6ecfaf), TOBN(0x2462e7e6, 0xb5bfdf18),
+     TOBN(0xab2d8a8b, 0xa0cc3f12), TOBN(0x68dd485d, 0xbc672a29),
+     TOBN(0x72039752, 0x596f2cd3), TOBN(0x5d3eea67, 0xa0cf3d8d),
+     TOBN(0x810a1a81, 0xe6602671), TOBN(0x8f144a40, 0x14026c0c),
+     TOBN(0xbc753a6d, 0x76b50f85), TOBN(0xc4dc21e8, 0x645cd4a4),
+     TOBN(0xc5262dea, 0x521d0378), TOBN(0x802b8e0e, 0x05011c6f),
+     TOBN(0x1ba19cbb, 0x0b4c19ea), TOBN(0x21db64b5, 0xebf0aaec),
+     TOBN(0x1f394ee9, 0x70342f9d), TOBN(0x93a10aee, 0x1bc44a14),
+     TOBN(0xa7eed31b, 0x3efd0baa), TOBN(0x6e7c824e, 0x1d154e65),
+     TOBN(0xee23fa81, 0x9966e7ee), TOBN(0x64ec4aa8, 0x05b7920d),
+     TOBN(0x2d44462d, 0x2d90aad4), TOBN(0xf44dd195, 0xdf277ad5),
+     TOBN(0x8d6471f1, 0xbb46b6a1), TOBN(0x1e65d313, 0xfd885090),
+     TOBN(0x33a800f5, 0x13a977b4), TOBN(0xaca9d721, 0x0797e1ef),
+     TOBN(0x9a5a85a0, 0xfcff6a17), TOBN(0x9970a3f3, 0x1eca7cee),
+     TOBN(0xbb9f0d6b, 0xc9504be3), TOBN(0xe0c504be, 0xadd24ee2),
+     TOBN(0x7e09d956, 0x77fcc2f4), TOBN(0xef1a5227, 0x65bb5fc4),
+     TOBN(0x145d4fb1, 0x8b9286aa), TOBN(0x66fd0c5d, 0x6649028b),
+     TOBN(0x98857ceb, 0x1bf4581c), TOBN(0xe635e186, 0xaca7b166),
+     TOBN(0x278ddd22, 0x659722ac), TOBN(0xa0903c4c, 0x1db68007),
+     TOBN(0x366e4589, 0x48f21402), TOBN(0x31b49c14, 0xb96abda2),
+     TOBN(0x329c4b09, 0xe0403190), TOBN(0x97197ca3, 0xd29f43fe),
+     TOBN(0x8073dd1e, 0x274983d8), TOBN(0xda1a3bde, 0x55717c8f),
+     TOBN(0xfd3d4da2, 0x0361f9d1), TOBN(0x1332d081, 0x4c7de1ce),
+     TOBN(0x9b7ef7a3, 0xaa6d0e10), TOBN(0x17db2e73, 0xf54f1c4a),
+     TOBN(0xaf3dffae, 0x4cd35567), TOBN(0xaaa2f406, 0xe56f4e71),
+     TOBN(0x8966759e, 0x7ace3fc7), TOBN(0x9594eacf, 0x45a8d8c6),
+     TOBN(0x8de3bd8b, 0x91834e0e), TOBN(0xafe4ca53, 0x548c0421),
+     TOBN(0xfdd7e856, 0xe6ee81c6), TOBN(0x8f671beb, 0x6b891a3a),
+     TOBN(0xf7a58f2b, 0xfae63829), TOBN(0x9ab186fb, 0x9c11ac9f),
+     TOBN(0x8d6eb369, 0x10b5be76), TOBN(0x046b7739, 0xfb040bcd),
+     TOBN(0xccb4529f, 0xcb73de88), TOBN(0x1df0fefc, 0xcf26be03),
+     TOBN(0xad7757a6, 0xbcfcd027), TOBN(0xa8786c75, 0xbb3165ca),
+     TOBN(0xe9db1e34, 0x7e99a4d9), TOBN(0x99ee86df, 0xb06c504b),
+     TOBN(0x5b7c2ddd, 0xc15c9f0a), TOBN(0xdf87a734, 0x4295989e),
+     TOBN(0x59ece47c, 0x03d08fda), TOBN(0xb074d3dd, 0xad5fc702),
+     TOBN(0x20407903, 0x51a03776), TOBN(0x2bb1f77b, 0x2a608007),
+     TOBN(0x25c58f4f, 0xe1153185), TOBN(0xe6df62f6, 0x766e6447),
+     TOBN(0xefb3d1be, 0xed51275a), TOBN(0x5de47dc7, 0x2f0f483f),
+     TOBN(0x7932d98e, 0x97c2bedf), TOBN(0xd5c11927, 0x0219f8a1),
+     TOBN(0x9d751200, 0xa73a294e), TOBN(0x5f88434a, 0x9dc20172),
+     TOBN(0xd28d9fd3, 0xa26f506a), TOBN(0xa890cd31, 0x9d1dcd48),
+     TOBN(0x0aebaec1, 0x70f4d3b4), TOBN(0xfd1a1369, 0x0ffc8d00),
+     TOBN(0xb9d9c240, 0x57d57838), TOBN(0x45929d26, 0x68bac361),
+     TOBN(0x5a2cd060, 0x25b15ca6), TOBN(0x4b3c83e1, 0x6e474446),
+     TOBN(0x1aac7578, 0xee1e5134), TOBN(0xa418f5d6, 0xc91e2f41),
+     TOBN(0x6936fc8a, 0x213ed68b), TOBN(0x860ae7ed, 0x510a5224),
+     TOBN(0x63660335, 0xdef09b53), TOBN(0x641b2897, 0xcd79c98d),
+     TOBN(0x29bd38e1, 0x01110f35), TOBN(0x79c26f42, 0x648b1937),
+     TOBN(0x64dae519, 0x9d9164f4), TOBN(0xd85a2310, 0x0265c273),
+     TOBN(0x7173dd5d, 0x4b07e2b1), TOBN(0xd144c4cb, 0x8d9ea221),
+     TOBN(0xe8b04ea4, 0x1105ab14), TOBN(0x92dda542, 0xfe80d8f1),
+     TOBN(0xe9982fa8, 0xcf03dce6), TOBN(0x8b5ea965, 0x1a22cffc),
+     TOBN(0xf7f4ea7f, 0x3fad88c4), TOBN(0x62db773e, 0x6a5ba95c),
+     TOBN(0xd20f02fb, 0x93f24567), TOBN(0xfd46c69a, 0x315257ca),
+     TOBN(0x0ac74cc7, 0x8bcab987), TOBN(0x46f31c01, 0x5ceca2f5),
+     TOBN(0x40aedb59, 0x888b219e), TOBN(0xe50ecc37, 0xe1fccd02),
+     TOBN(0x1bcd9dad, 0x911f816c), TOBN(0x583cc1ec, 0x8db9b00c),
+     TOBN(0xf3cd2e66, 0xa483bf11), TOBN(0xfa08a6f5, 0xb1b2c169),
+     TOBN(0xf375e245, 0x4be9fa28), TOBN(0x99a7ffec, 0x5b6d011f),
+     TOBN(0x6a3ebddb, 0xc4ae62da), TOBN(0x6cea00ae, 0x374aef5d),
+     TOBN(0xab5fb98d, 0x9d4d05bc), TOBN(0x7cba1423, 0xd560f252),
+     TOBN(0x49b2cc21, 0x208490de), TOBN(0x1ca66ec3, 0xbcfb2879),
+     TOBN(0x7f1166b7, 0x1b6fb16f), TOBN(0xfff63e08, 0x65fe5db3),
+     TOBN(0xb8345abe, 0x8b2610be), TOBN(0xb732ed80, 0x39de3df4),
+     TOBN(0x0e24ed50, 0x211c32b4), TOBN(0xd10d8a69, 0x848ff27d),
+     TOBN(0xc1074398, 0xed4de248), TOBN(0xd7cedace, 0x10488927),
+     TOBN(0xa4aa6bf8, 0x85673e13), TOBN(0xb46bae91, 0x6daf30af),
+     TOBN(0x07088472, 0xfcef7ad8), TOBN(0x61151608, 0xd4b35e97),
+     TOBN(0xbcfe8f26, 0xdde29986), TOBN(0xeb84c4c7, 0xd5a34c79),
+     TOBN(0xc1eec55c, 0x164e1214), TOBN(0x891be86d, 0xa147bb03),
+     TOBN(0x9fab4d10, 0x0ba96835), TOBN(0xbf01e9b8, 0xa5c1ae9f),
+     TOBN(0x6b4de139, 0xb186ebc0), TOBN(0xd5c74c26, 0x85b91bca),
+     TOBN(0x5086a99c, 0xc2d93854), TOBN(0xeed62a7b, 0xa7a9dfbc),
+     TOBN(0x8778ed6f, 0x76b7618a), TOBN(0xbff750a5, 0x03b66062),
+     TOBN(0x4cb7be22, 0xb65186db), TOBN(0x369dfbf0, 0xcc3a6d13),
+     TOBN(0xc7dab26c, 0x7191a321), TOBN(0x9edac3f9, 0x40ed718e),
+     TOBN(0xbc142b36, 0xd0cfd183), TOBN(0xc8af82f6, 0x7c991693),
+     TOBN(0xb3d1e4d8, 0x97ce0b2a), TOBN(0xe6d7c87f, 0xc3a55cdf),
+     TOBN(0x35846b95, 0x68b81afe), TOBN(0x018d12af, 0xd3c239d8),
+     TOBN(0x2b2c6208, 0x01206e15), TOBN(0xe0e42453, 0xa3b882c6),
+     TOBN(0x854470a3, 0xa50162d5), TOBN(0x08157478, 0x7017a62a),
+     TOBN(0x18bd3fb4, 0x820357c7), TOBN(0x992039ae, 0x6f1458ad),
+     TOBN(0x9a1df3c5, 0x25b44aa1), TOBN(0x2d780357, 0xed3d5281),
+     TOBN(0x58cf7e4d, 0xc77ad4d4), TOBN(0xd49a7998, 0xf9df4fc4),
+     TOBN(0x4465a8b5, 0x1d71205e), TOBN(0xa0ee0ea6, 0x649254aa),
+     TOBN(0x4b5eeecf, 0xab7bd771), TOBN(0x6c873073, 0x35c262b9),
+     TOBN(0xdc5bd648, 0x3c9d61e7), TOBN(0x233d6d54, 0x321460d2),
+     TOBN(0xd20c5626, 0xfc195bcc), TOBN(0x25445958, 0x04d78b63),
+     TOBN(0xe03fcb3d, 0x17ec8ef3), TOBN(0x54b690d1, 0x46b8f781),
+     TOBN(0x82fa2c8a, 0x21230646), TOBN(0xf51aabb9, 0x084f418c),
+     TOBN(0xff4fbec1, 0x1a30ba43), TOBN(0x6a5acf73, 0x743c9df7),
+     TOBN(0x1da2b357, 0xd635b4d5), TOBN(0xc3de68dd, 0xecd5c1da),
+     TOBN(0xa689080b, 0xd61af0dd), TOBN(0xdea5938a, 0xd665bf99),
+     TOBN(0x0231d71a, 0xfe637294), TOBN(0x01968aa6, 0xa5a81cd8),
+     TOBN(0x11252d50, 0x048e63b5), TOBN(0xc446bc52, 0x6ca007e9),
+     TOBN(0xef8c50a6, 0x96d6134b), TOBN(0x9361fbf5, 0x9e09a05c),
+     TOBN(0xf17f85a6, 0xdca3291a), TOBN(0xb178d548, 0xff251a21),
+     TOBN(0x87f6374b, 0xa4df3915), TOBN(0x566ce1bf, 0x2fd5d608),
+     TOBN(0x425cba4d, 0x7de35102), TOBN(0x6b745f8f, 0x58c5d5e2),
+     TOBN(0x88402af6, 0x63122edf), TOBN(0x3190f9ed, 0x3b989a89),
+     TOBN(0x4ad3d387, 0xebba3156), TOBN(0xef385ad9, 0xc7c469a5),
+     TOBN(0xb08281de, 0x3f642c29), TOBN(0x20be0888, 0x910ffb88),
+     TOBN(0xf353dd4a, 0xd5292546), TOBN(0x3f1627de, 0x8377a262),
+     TOBN(0xa5faa013, 0xeefcd638), TOBN(0x8f3bf626, 0x74cc77c3),
+     TOBN(0x32618f65, 0xa348f55e), TOBN(0x5787c0dc, 0x9fefeb9e),
+     TOBN(0xf1673aa2, 0xd9a23e44), TOBN(0x88dfa993, 0x4e10690d),
+     TOBN(0x1ced1b36, 0x2bf91108), TOBN(0x9193ceca, 0x3af48649),
+     TOBN(0xfb34327d, 0x2d738fc5), TOBN(0x6697b037, 0x975fee6c),
+     TOBN(0x2f485da0, 0xc04079a5), TOBN(0x2cdf5735, 0x2feaa1ac),
+     TOBN(0x76944420, 0xbd55659e), TOBN(0x7973e32b, 0x4376090c),
+     TOBN(0x86bb4fe1, 0x163b591a), TOBN(0x10441aed, 0xc196f0ca),
+     TOBN(0x3b431f4a, 0x045ad915), TOBN(0x6c11b437, 0xa4afacb1),
+     TOBN(0x30b0c7db, 0x71fdbbd8), TOBN(0xb642931f, 0xeda65acd),
+     TOBN(0x4baae6e8, 0x9c92b235), TOBN(0xa73bbd0e, 0x6b3993a1),
+     TOBN(0xd06d60ec, 0x693dd031), TOBN(0x03cab91b, 0x7156881c),
+     TOBN(0xd615862f, 0x1db3574b), TOBN(0x485b0185, 0x64bb061a),
+     TOBN(0x27434988, 0xa0181e06), TOBN(0x2cd61ad4, 0xc1c0c757),
+     TOBN(0x3effed5a, 0x2ff9f403), TOBN(0x8dc98d8b, 0x62239029),
+     TOBN(0x2206021e, 0x1f17b70d), TOBN(0xafbec0ca, 0xbf510015),
+     TOBN(0x9fed7164, 0x80130dfa), TOBN(0x306dc2b5, 0x8a02dcf5),
+     TOBN(0x48f06620, 0xfeb10fc0), TOBN(0x78d1e1d5, 0x5a57cf51),
+     TOBN(0xadef8c5a, 0x192ef710), TOBN(0x88afbd4b, 0x3b7431f9),
+     TOBN(0x7e1f7407, 0x64250c9e), TOBN(0x6e31318d, 0xb58bec07),
+     TOBN(0xfd4fc4b8, 0x24f89b4e), TOBN(0x65a5dd88, 0x48c36a2a),
+     TOBN(0x4f1eccff, 0xf024baa7), TOBN(0x22a21cf2, 0xcba94650),
+     TOBN(0x95d29dee, 0x42a554f7), TOBN(0x828983a5, 0x002ec4ba),
+     TOBN(0x8112a1f7, 0x8badb73d), TOBN(0x79ea8897, 0xa27c1839),
+     TOBN(0x8969a5a7, 0xd065fd83), TOBN(0xf49af791, 0xb262a0bc),
+     TOBN(0xfcdea8b6, 0xaf2b5127), TOBN(0x10e913e1, 0x564c2dbc),
+     TOBN(0x51239d14, 0xbc21ef51), TOBN(0xe51c3ceb, 0x4ce57292),
+     TOBN(0x795ff068, 0x47bbcc3b), TOBN(0x86b46e1e, 0xbd7e11e6),
+     TOBN(0x0ea6ba23, 0x80041ef4), TOBN(0xd72fe505, 0x6262342e),
+     TOBN(0x8abc6dfd, 0x31d294d4), TOBN(0xbbe017a2, 0x1278c2c9),
+     TOBN(0xb1fcfa09, 0xb389328a), TOBN(0x322fbc62, 0xd01771b5),
+     TOBN(0x04c0d063, 0x60b045bf), TOBN(0xdb652edc, 0x10e52d01),
+     TOBN(0x50ef932c, 0x03ec6627), TOBN(0xde1b3b2d, 0xc1ee50e3),
+     TOBN(0x5ab7bdc5, 0xdc37a90d), TOBN(0xfea67213, 0x31e33a96),
+     TOBN(0x6482b5cb, 0x4f2999aa), TOBN(0x38476cc6, 0xb8cbf0dd),
+     TOBN(0x93ebfacb, 0x173405bb), TOBN(0x15cdafe7, 0xe52369ec),
+     TOBN(0xd42d5ba4, 0xd935b7db), TOBN(0x648b6004, 0x1c99a4cd),
+     TOBN(0x785101bd, 0xa3b5545b), TOBN(0x4bf2c38a, 0x9dd67faf),
+     TOBN(0xb1aadc63, 0x4442449c), TOBN(0xe0e9921a, 0x33ad4fb8),
+     TOBN(0x5c552313, 0xaa686d82), TOBN(0xdee635fa, 0x465d866c),
+     TOBN(0xbc3c224a, 0x18ee6e8a), TOBN(0xeed748a6, 0xed42e02f),
+     TOBN(0xe70f930a, 0xd474cd08), TOBN(0x774ea6ec, 0xfff24adf),
+     TOBN(0x03e2de1c, 0xf3480d4a), TOBN(0xf0d8edc7, 0xbc8acf1a),
+     TOBN(0xf23e3303, 0x68295a9c), TOBN(0xfadd5f68, 0xc546a97d),
+     TOBN(0x895597ad, 0x96f8acb1), TOBN(0xbddd49d5, 0x671bdae2),
+     TOBN(0x16fcd528, 0x21dd43f4), TOBN(0xa5a45412, 0x6619141a)}
+    ,
+    {TOBN(0x8ce9b6bf, 0xc360e25a), TOBN(0xe6425195, 0x075a1a78),
+     TOBN(0x9dc756a8, 0x481732f4), TOBN(0x83c0440f, 0x5432b57a),
+     TOBN(0xc670b3f1, 0xd720281f), TOBN(0x2205910e, 0xd135e051),
+     TOBN(0xded14b0e, 0xdb052be7), TOBN(0x697b3d27, 0xc568ea39),
+     TOBN(0x2e599b9a, 0xfb3ff9ed), TOBN(0x28c2e0ab, 0x17f6515c),
+     TOBN(0x1cbee4fd, 0x474da449), TOBN(0x071279a4, 0x4f364452),
+     TOBN(0x97abff66, 0x01fbe855), TOBN(0x3ee394e8, 0x5fda51c4),
+     TOBN(0x190385f6, 0x67597c0b), TOBN(0x6e9fccc6, 0xa27ee34b),
+     TOBN(0x0b89de93, 0x14092ebb), TOBN(0xf17256bd, 0x428e240c),
+     TOBN(0xcf89a7f3, 0x93d2f064), TOBN(0x4f57841e, 0xe1ed3b14),
+     TOBN(0x4ee14405, 0xe708d855), TOBN(0x856aae72, 0x03f1c3d0),
+     TOBN(0xc8e5424f, 0xbdd7eed5), TOBN(0x3333e4ef, 0x73ab4270),
+     TOBN(0x3bc77ade, 0xdda492f8), TOBN(0xc11a3aea, 0x78297205),
+     TOBN(0x5e89a3e7, 0x34931b4c), TOBN(0x17512e2e, 0x9f5694bb),
+     TOBN(0x5dc349f3, 0x177bf8b6), TOBN(0x232ea4ba, 0x08c7ff3e),
+     TOBN(0x9c4f9d16, 0xf511145d), TOBN(0xccf109a3, 0x33b379c3),
+     TOBN(0xe75e7a88, 0xa1f25897), TOBN(0x7ac6961f, 0xa1b5d4d8),
+     TOBN(0xe3e10773, 0x08f3ed5c), TOBN(0x208a54ec, 0x0a892dfb),
+     TOBN(0xbe826e19, 0x78660710), TOBN(0x0cf70a97, 0x237df2c8),
+     TOBN(0x418a7340, 0xed704da5), TOBN(0xa3eeb9a9, 0x08ca33fd),
+     TOBN(0x49d96233, 0x169bca96), TOBN(0x04d286d4, 0x2da6aafb),
+     TOBN(0xc09606ec, 0xa0c2fa94), TOBN(0x8869d0d5, 0x23ff0fb3),
+     TOBN(0xa99937e5, 0xd0150d65), TOBN(0xa92e2503, 0x240c14c9),
+     TOBN(0x656bf945, 0x108e2d49), TOBN(0x152a733a, 0xa2f59e2b),
+     TOBN(0xb4323d58, 0x8434a920), TOBN(0xc0af8e93, 0x622103c5),
+     TOBN(0x667518ef, 0x938dbf9a), TOBN(0xa1843073, 0x83a9cdf2),
+     TOBN(0x350a94aa, 0x5447ab80), TOBN(0xe5e5a325, 0xc75a3d61),
+     TOBN(0x74ba507f, 0x68411a9e), TOBN(0x10581fc1, 0x594f70c5),
+     TOBN(0x60e28570, 0x80eb24a9), TOBN(0x7bedfb4d, 0x488e0cfd),
+     TOBN(0x721ebbd7, 0xc259cdb8), TOBN(0x0b0da855, 0xbc6390a9),
+     TOBN(0x2b4d04db, 0xde314c70), TOBN(0xcdbf1fbc, 0x6c32e846),
+     TOBN(0x33833eab, 0xb162fc9e), TOBN(0x9939b48b, 0xb0dd3ab7),
+     TOBN(0x5aaa98a7, 0xcb0c9c8c), TOBN(0x75105f30, 0x81c4375c),
+     TOBN(0xceee5057, 0x5ef1c90f), TOBN(0xb31e065f, 0xc23a17bf),
+     TOBN(0x5364d275, 0xd4b6d45a), TOBN(0xd363f3ad, 0x62ec8996),
+     TOBN(0xb5d21239, 0x4391c65b), TOBN(0x84564765, 0xebb41b47),
+     TOBN(0x20d18ecc, 0x37107c78), TOBN(0xacff3b6b, 0x570c2a66),
+     TOBN(0x22f975d9, 0x9bd0d845), TOBN(0xef0a0c46, 0xba178fa0),
+     TOBN(0x1a419651, 0x76b6028e), TOBN(0xc49ec674, 0x248612d4),
+     TOBN(0x5b6ac4f2, 0x7338af55), TOBN(0x06145e62, 0x7bee5a36),
+     TOBN(0x33e95d07, 0xe75746b5), TOBN(0x1c1e1f6d, 0xc40c78be),
+     TOBN(0x967833ef, 0x222ff8e2), TOBN(0x4bedcf6a, 0xb49180ad),
+     TOBN(0x6b37e9c1, 0x3d7a4c8a), TOBN(0x2748887c, 0x6ddfe760),
+     TOBN(0xf7055123, 0xaa3a5bbc), TOBN(0x954ff225, 0x7bbb8e74),
+     TOBN(0xc42b8ab1, 0x97c3dfb9), TOBN(0x55a549b0, 0xcf168154),
+     TOBN(0xad6748e7, 0xc1b50692), TOBN(0x2775780f, 0x6fc5cbcb),
+     TOBN(0x4eab80b8, 0xe1c9d7c8), TOBN(0x8c69dae1, 0x3fdbcd56),
+     TOBN(0x47e6b4fb, 0x9969eace), TOBN(0x002f1085, 0xa705cb5a),
+     TOBN(0x4e23ca44, 0x6d3fea55), TOBN(0xb4ae9c86, 0xf4810568),
+     TOBN(0x47bfb91b, 0x2a62f27d), TOBN(0x60deb4c9, 0xd9bac28c),
+     TOBN(0xa892d894, 0x7de6c34c), TOBN(0x4ee68259, 0x4494587d),
+     TOBN(0x914ee14e, 0x1a3f8a5b), TOBN(0xbb113eaa, 0x28700385),
+     TOBN(0x81ca03b9, 0x2115b4c9), TOBN(0x7c163d38, 0x8908cad1),
+     TOBN(0xc912a118, 0xaa18179a), TOBN(0xe09ed750, 0x886e3081),
+     TOBN(0xa676e3fa, 0x26f516ca), TOBN(0x753cacf7, 0x8e732f91),
+     TOBN(0x51592aea, 0x833da8b4), TOBN(0xc626f42f, 0x4cbea8aa),
+     TOBN(0xef9dc899, 0xa7b56eaf), TOBN(0x00c0e52c, 0x34ef7316),
+     TOBN(0x5b1e4e24, 0xfe818a86), TOBN(0x9d31e20d, 0xc538be47),
+     TOBN(0x22eb932d, 0x3ed68974), TOBN(0xe44bbc08, 0x7c4e87c4),
+     TOBN(0x4121086e, 0x0dde9aef), TOBN(0x8e6b9cff, 0x134f4345),
+     TOBN(0x96892c1f, 0x711b0eb9), TOBN(0xb905f2c8, 0x780ab954),
+     TOBN(0xace26309, 0xa20792db), TOBN(0xec8ac9b3, 0x0684e126),
+     TOBN(0x486ad8b6, 0xb40a2447), TOBN(0x60121fc1, 0x9fe3fb24),
+     TOBN(0x5626fccf, 0x1a8e3b3f), TOBN(0x4e568622, 0x6ad1f394),
+     TOBN(0xda7aae0d, 0x196aa5a1), TOBN(0xe0df8c77, 0x1041b5fb),
+     TOBN(0x451465d9, 0x26b318b7), TOBN(0xc29b6e55, 0x7ab136e9),
+     TOBN(0x2c2ab48b, 0x71148463), TOBN(0xb5738de3, 0x64454a76),
+     TOBN(0x54ccf9a0, 0x5a03abe4), TOBN(0x377c0296, 0x0427d58e),
+     TOBN(0x73f5f0b9, 0x2bb39c1f), TOBN(0x14373f2c, 0xe608d8c5),
+     TOBN(0xdcbfd314, 0x00fbb805), TOBN(0xdf18fb20, 0x83afdcfb),
+     TOBN(0x81a57f42, 0x42b3523f), TOBN(0xe958532d, 0x87f650fb),
+     TOBN(0xaa8dc8b6, 0x8b0a7d7c), TOBN(0x1b75dfb7, 0x150166be),
+     TOBN(0x90e4f7c9, 0x2d7d1413), TOBN(0x67e2d6b5, 0x9834f597),
+     TOBN(0x4fd4f4f9, 0xa808c3e8), TOBN(0xaf8237e0, 0xd5281ec1),
+     TOBN(0x25ab5fdc, 0x84687cee), TOBN(0xc5ded6b1, 0xa5b26c09),
+     TOBN(0x8e4a5aec, 0xc8ea7650), TOBN(0x23b73e5c, 0x14cc417f),
+     TOBN(0x2bfb4318, 0x3037bf52), TOBN(0xb61e6db5, 0x78c725d7),
+     TOBN(0x8efd4060, 0xbbb3e5d7), TOBN(0x2e014701, 0xdbac488e),
+     TOBN(0xac75cf9a, 0x360aa449), TOBN(0xb70cfd05, 0x79634d08),
+     TOBN(0xa591536d, 0xfffb15ef), TOBN(0xb2c37582, 0xd07c106c),
+     TOBN(0xb4293fdc, 0xf50225f9), TOBN(0xc52e175c, 0xb0e12b03),
+     TOBN(0xf649c3ba, 0xd0a8bf64), TOBN(0x745a8fef, 0xeb8ae3c6),
+     TOBN(0x30d7e5a3, 0x58321bc3), TOBN(0xb1732be7, 0x0bc4df48),
+     TOBN(0x1f217993, 0xe9ea5058), TOBN(0xf7a71cde, 0x3e4fd745),
+     TOBN(0x86cc533e, 0x894c5bbb), TOBN(0x6915c7d9, 0x69d83082),
+     TOBN(0xa6aa2d05, 0x5815c244), TOBN(0xaeeee592, 0x49b22ce5),
+     TOBN(0x89e39d13, 0x78135486), TOBN(0x3a275c1f, 0x16b76f2f),
+     TOBN(0xdb6bcc1b, 0xe036e8f5), TOBN(0x4df69b21, 0x5e4709f5),
+     TOBN(0xa188b250, 0x2d0f39aa), TOBN(0x622118bb, 0x15a85947),
+     TOBN(0x2ebf520f, 0xfde0f4fa), TOBN(0xa40e9f29, 0x4860e539),
+     TOBN(0x7b6a51eb, 0x22b57f0f), TOBN(0x849a33b9, 0x7e80644a),
+     TOBN(0x50e5d16f, 0x1cf095fe), TOBN(0xd754b54e, 0xec55f002),
+     TOBN(0x5cfbbb22, 0x236f4a98), TOBN(0x0b0c59e9, 0x066800bb),
+     TOBN(0x4ac69a8f, 0x5a9a7774), TOBN(0x2b33f804, 0xd6bec948),
+     TOBN(0xb3729295, 0x32e6c466), TOBN(0x68956d0f, 0x4e599c73),
+     TOBN(0xa47a249f, 0x155c31cc), TOBN(0x24d80f0d, 0xe1ce284e),
+     TOBN(0xcd821dfb, 0x988baf01), TOBN(0xe6331a7d, 0xdbb16647),
+     TOBN(0x1eb8ad33, 0x094cb960), TOBN(0x593cca38, 0xc91bbca5),
+     TOBN(0x384aac8d, 0x26567456), TOBN(0x40fa0309, 0xc04b6490),
+     TOBN(0x97834cd6, 0xdab6c8f6), TOBN(0x68a7318d, 0x3f91e55f),
+     TOBN(0xa00fd04e, 0xfc4d3157), TOBN(0xb56f8ab2, 0x2bf3bdea),
+     TOBN(0x014f5648, 0x4fa57172), TOBN(0x948c5860, 0x450abdb3),
+     TOBN(0x342b5df0, 0x0ebd4f08), TOBN(0x3e5168cd, 0x0e82938e),
+     TOBN(0x7aedc1ce, 0xb0df5dd0), TOBN(0x6bbbc6d9, 0xe5732516),
+     TOBN(0xc7bfd486, 0x605daaa6), TOBN(0x46fd72b7, 0xbb9a6c9e),
+     TOBN(0xe4847fb1, 0xa124fb89), TOBN(0x75959cbd, 0xa2d8ffbc),
+     TOBN(0x42579f65, 0xc8a588ee), TOBN(0x368c92e6, 0xb80b499d),
+     TOBN(0xea4ef6cd, 0x999a5df1), TOBN(0xaa73bb7f, 0x936fe604),
+     TOBN(0xf347a70d, 0x6457d188), TOBN(0x86eda86b, 0x8b7a388b),
+     TOBN(0xb7cdff06, 0x0ccd6013), TOBN(0xbeb1b6c7, 0xd0053fb2),
+     TOBN(0x0b022387, 0x99240a9f), TOBN(0x1bbb384f, 0x776189b2),
+     TOBN(0x8695e71e, 0x9066193a), TOBN(0x2eb50097, 0x06ffac7e),
+     TOBN(0x0654a9c0, 0x4a7d2caa), TOBN(0x6f3fb3d1, 0xa5aaa290),
+     TOBN(0x835db041, 0xff476e8f), TOBN(0x540b8b0b, 0xc42295e4),
+     TOBN(0xa5c73ac9, 0x05e214f5), TOBN(0x9a74075a, 0x56a0b638),
+     TOBN(0x2e4b1090, 0xce9e680b), TOBN(0x57a5b479, 0x6b8d9afa),
+     TOBN(0x0dca48e7, 0x26bfe65c), TOBN(0x097e391c, 0x7290c307),
+     TOBN(0x683c462e, 0x6669e72e), TOBN(0xf505be1e, 0x062559ac),
+     TOBN(0x5fbe3ea1, 0xe3a3035a), TOBN(0x6431ebf6, 0x9cd50da8),
+     TOBN(0xfd169d5c, 0x1f6407f2), TOBN(0x8d838a95, 0x60fce6b8),
+     TOBN(0x2a2bfa7f, 0x650006f0), TOBN(0xdfd7dad3, 0x50c0fbb2),
+     TOBN(0x92452495, 0xccf9ad96), TOBN(0x183bf494, 0xd95635f9),
+     TOBN(0x02d5df43, 0x4a7bd989), TOBN(0x505385cc, 0xa5431095),
+     TOBN(0xdd98e67d, 0xfd43f53e), TOBN(0xd61e1a6c, 0x500c34a9),
+     TOBN(0x5a4b46c6, 0x4a8a3d62), TOBN(0x8469c4d0, 0x247743d2),
+     TOBN(0x2bb3a13d, 0x88f7e433), TOBN(0x62b23a10, 0x01be5849),
+     TOBN(0xe83596b4, 0xa63d1a4c), TOBN(0x454e7fea, 0x7d183f3e),
+     TOBN(0x643fce61, 0x17afb01c), TOBN(0x4e65e5e6, 0x1c4c3638),
+     TOBN(0x41d85ea1, 0xef74c45b), TOBN(0x2cfbfa66, 0xae328506),
+     TOBN(0x98b078f5, 0x3ada7da9), TOBN(0xd985fe37, 0xec752fbb),
+     TOBN(0xeece68fe, 0x5a0148b4), TOBN(0x6f9a55c7, 0x2d78136d),
+     TOBN(0x232dccc4, 0xd2b729ce), TOBN(0xa27e0dfd, 0x90aafbc4),
+     TOBN(0x96474452, 0x12b4603e), TOBN(0xa876c551, 0x6b706d14),
+     TOBN(0xdf145fcf, 0x69a9d412), TOBN(0xe2ab75b7, 0x2d479c34),
+     TOBN(0x12df9a76, 0x1a23ff97), TOBN(0xc6138992, 0x5d359d10),
+     TOBN(0x6e51c7ae, 0xfa835f22), TOBN(0x69a79cb1, 0xc0fcc4d9),
+     TOBN(0xf57f350d, 0x594cc7e1), TOBN(0x3079ca63, 0x3350ab79),
+     TOBN(0x226fb614, 0x9aff594a), TOBN(0x35afec02, 0x6d59a62b),
+     TOBN(0x9bee46f4, 0x06ed2c6e), TOBN(0x58da1735, 0x7d939a57),
+     TOBN(0x44c50402, 0x8fd1797e), TOBN(0xd8853e7c, 0x5ccea6ca),
+     TOBN(0x4065508d, 0xa35fcd5f), TOBN(0x8965df8c, 0x495ccaeb),
+     TOBN(0x0f2da850, 0x12e1a962), TOBN(0xee471b94, 0xc1cf1cc4),
+     TOBN(0xcef19bc8, 0x0a08fb75), TOBN(0x704958f5, 0x81de3591),
+     TOBN(0x2867f8b2, 0x3aef4f88), TOBN(0x8d749384, 0xea9f9a5f),
+     TOBN(0x1b385537, 0x8c9049f4), TOBN(0x5be948f3, 0x7b92d8b6),
+     TOBN(0xd96f725d, 0xb6e2bd6b), TOBN(0x37a222bc, 0x958c454d),
+     TOBN(0xe7c61abb, 0x8809bf61), TOBN(0x46f07fbc, 0x1346f18d),
+     TOBN(0xfb567a7a, 0xe87c0d1c), TOBN(0x84a461c8, 0x7ef3d07a),
+     TOBN(0x0a5adce6, 0xd9278d98), TOBN(0x24d94813, 0x9dfc73e1),
+     TOBN(0x4f3528b6, 0x054321c3), TOBN(0x2e03fdde, 0x692ea706),
+     TOBN(0x10e60619, 0x47b533c0), TOBN(0x1a8bc73f, 0x2ca3c055),
+     TOBN(0xae58d4b2, 0x1bb62b8f), TOBN(0xb2045a73, 0x584a24e3),
+     TOBN(0x3ab3d5af, 0xbd76e195), TOBN(0x478dd1ad, 0x6938a810),
+     TOBN(0x6ffab393, 0x6ee3d5cb), TOBN(0xdfb693db, 0x22b361e4),
+     TOBN(0xf9694496, 0x51dbf1a7), TOBN(0xcab4b4ef, 0x08a2e762),
+     TOBN(0xe8c92f25, 0xd39bba9a), TOBN(0x850e61bc, 0xf1464d96),
+     TOBN(0xb7e830e3, 0xdc09508b), TOBN(0xfaf6d2cf, 0x74317655),
+     TOBN(0x72606ceb, 0xdf690355), TOBN(0x48bb92b3, 0xd0c3ded6),
+     TOBN(0x65b75484, 0x5c7cf892), TOBN(0xf6cd7ac9, 0xd5d5f01f),
+     TOBN(0xc2c30a59, 0x96401d69), TOBN(0x91268650, 0xed921878),
+     TOBN(0x380bf913, 0xb78c558f), TOBN(0x43c0baeb, 0xc8afdaa9),
+     TOBN(0x377f61d5, 0x54f169d3), TOBN(0xf8da07e3, 0xae5ff20b),
+     TOBN(0xb676c49d, 0xa8a90ea8), TOBN(0x81c1ff2b, 0x83a29b21),
+     TOBN(0x383297ac, 0x2ad8d276), TOBN(0x3001122f, 0xba89f982),
+     TOBN(0xe1d794be, 0x6718e448), TOBN(0x246c1482, 0x7c3e6e13),
+     TOBN(0x56646ef8, 0x5d26b5ef), TOBN(0x80f5091e, 0x88069cdd),
+     TOBN(0xc5992e2f, 0x724bdd38), TOBN(0x02e915b4, 0x8471e8c7),
+     TOBN(0x96ff320a, 0x0d0ff2a9), TOBN(0xbf886487, 0x4384d1a0),
+     TOBN(0xbbe1e6a6, 0xc93f72d6), TOBN(0xd5f75d12, 0xcad800ea),
+     TOBN(0xfa40a09f, 0xe7acf117), TOBN(0x32c8cdd5, 0x7581a355),
+     TOBN(0x74221992, 0x7023c499), TOBN(0xa8afe5d7, 0x38ec3901),
+     TOBN(0x5691afcb, 0xa90e83f0), TOBN(0x41bcaa03, 0x0b8f8eac),
+     TOBN(0xe38b5ff9, 0x8d2668d5), TOBN(0x0715281a, 0x7ad81965),
+     TOBN(0x1bc8fc7c, 0x03c6ce11), TOBN(0xcbbee6e2, 0x8b650436),
+     TOBN(0x06b00fe8, 0x0cdb9808), TOBN(0x17d6e066, 0xfe3ed315),
+     TOBN(0x2e9d38c6, 0x4d0b5018), TOBN(0xab8bfd56, 0x844dcaef),
+     TOBN(0x42894a59, 0x513aed8b), TOBN(0xf77f3b6d, 0x314bd07a),
+     TOBN(0xbbdecb8f, 0x8e42b582), TOBN(0xf10e2fa8, 0xd2390fe6),
+     TOBN(0xefb95022, 0x62a2f201), TOBN(0x4d59ea50, 0x50ee32b0),
+     TOBN(0xd87f7728, 0x6da789a8), TOBN(0xcf98a2cf, 0xf79492c4),
+     TOBN(0xf9577239, 0x720943c2), TOBN(0xba044cf5, 0x3990b9d0),
+     TOBN(0x5aa8e823, 0x95f2884a), TOBN(0x834de6ed, 0x0278a0af),
+     TOBN(0xc8e1ee9a, 0x5f25bd12), TOBN(0x9259ceaa, 0x6f7ab271),
+     TOBN(0x7e6d97a2, 0x77d00b76), TOBN(0x5c0c6eea, 0xa437832a),
+     TOBN(0x5232c20f, 0x5606b81d), TOBN(0xabd7b375, 0x0d991ee5),
+     TOBN(0x4d2bfe35, 0x8632d951), TOBN(0x78f85146, 0x98ed9364),
+     TOBN(0x951873f0, 0xf30c3282), TOBN(0x0da8ac80, 0xa789230b),
+     TOBN(0x3ac7789c, 0x5398967f), TOBN(0xa69b8f7f, 0xbdda0fb5),
+     TOBN(0xe5db7717, 0x6add8545), TOBN(0x1b71cb66, 0x72c49b66),
+     TOBN(0xd8560739, 0x68421d77), TOBN(0x03840fe8, 0x83e3afea),
+     TOBN(0xb391dad5, 0x1ec69977), TOBN(0xae243fb9, 0x307f6726),
+     TOBN(0xc88ac87b, 0xe8ca160c), TOBN(0x5174cced, 0x4ce355f4),
+     TOBN(0x98a35966, 0xe58ba37d), TOBN(0xfdcc8da2, 0x7817335d),
+     TOBN(0x5b752830, 0x83fbc7bf), TOBN(0x68e419d4, 0xd9c96984),
+     TOBN(0x409a39f4, 0x02a40380), TOBN(0x88940faf, 0x1fe977bc),
+     TOBN(0xc640a94b, 0x8f8edea6), TOBN(0x1e22cd17, 0xed11547d),
+     TOBN(0xe28568ce, 0x59ffc3e2), TOBN(0x60aa1b55, 0xc1dee4e7),
+     TOBN(0xc67497c8, 0x837cb363), TOBN(0x06fb438a, 0x105a2bf2),
+     TOBN(0x30357ec4, 0x500d8e20), TOBN(0x1ad9095d, 0x0670db10),
+     TOBN(0x7f589a05, 0xc73b7cfd), TOBN(0xf544607d, 0x880d6d28),
+     TOBN(0x17ba93b1, 0xa20ef103), TOBN(0xad859130, 0x6ba6577b),
+     TOBN(0x65c91cf6, 0x6fa214a0), TOBN(0xd7d49c6c, 0x27990da5),
+     TOBN(0xecd9ec8d, 0x20bb569d), TOBN(0xbd4b2502, 0xeeffbc33),
+     TOBN(0x2056ca5a, 0x6bed0467), TOBN(0x7916a1f7, 0x5b63728c),
+     TOBN(0xd4f9497d, 0x53a4f566), TOBN(0x89734664, 0x97b56810),
+     TOBN(0xf8e1da74, 0x0494a621), TOBN(0x82546a93, 0x8d011c68),
+     TOBN(0x1f3acb19, 0xc61ac162), TOBN(0x52f8fa9c, 0xabad0d3e),
+     TOBN(0x15356523, 0xb4b7ea43), TOBN(0x5a16ad61, 0xae608125),
+     TOBN(0xb0bcb87f, 0x4faed184), TOBN(0x5f236b1d, 0x5029f45f),
+     TOBN(0xd42c7607, 0x0bc6b1fc), TOBN(0xc644324e, 0x68aefce3),
+     TOBN(0x8e191d59, 0x5c5d8446), TOBN(0xc0208077, 0x13ae1979),
+     TOBN(0xadcaee55, 0x3ba59cc7), TOBN(0x20ed6d6b, 0xa2cb81ba),
+     TOBN(0x0952ba19, 0xb6efcffc), TOBN(0x60f12d68, 0x97c0b87c),
+     TOBN(0x4ee2c7c4, 0x9caa30bc), TOBN(0x767238b7, 0x97fbff4e),
+     TOBN(0xebc73921, 0x501b5d92), TOBN(0x3279e3df, 0xc2a37737),
+     TOBN(0x9fc12bc8, 0x6d197543), TOBN(0xfa94dc6f, 0x0a40db4e),
+     TOBN(0x7392b41a, 0x530ccbbd), TOBN(0x87c82146, 0xea823525),
+     TOBN(0xa52f984c, 0x05d98d0c), TOBN(0x2ae57d73, 0x5ef6974c),
+     TOBN(0x9377f7bf, 0x3042a6dd), TOBN(0xb1a007c0, 0x19647a64),
+     TOBN(0xfaa9079a, 0x0cca9767), TOBN(0x3d81a25b, 0xf68f72d5),
+     TOBN(0x752067f8, 0xff81578e), TOBN(0x78622150, 0x9045447d),
+     TOBN(0xc0c22fcf, 0x0505aa6f), TOBN(0x1030f0a6, 0x6bed1c77),
+     TOBN(0x31f29f15, 0x1f0bd739), TOBN(0x2d7989c7, 0xe6debe85),
+     TOBN(0x5c070e72, 0x8e677e98), TOBN(0x0a817bd3, 0x06e81fd5),
+     TOBN(0xc110d830, 0xb0f2ac95), TOBN(0x48d0995a, 0xab20e64e),
+     TOBN(0x0f3e00e1, 0x7729cd9a), TOBN(0x2a570c20, 0xdd556946),
+     TOBN(0x912dbcfd, 0x4e86214d), TOBN(0x2d014ee2, 0xcf615498),
+     TOBN(0x55e2b1e6, 0x3530d76e), TOBN(0xc5135ae4, 0xfd0fd6d1),
+     TOBN(0x0066273a, 0xd4f3049f), TOBN(0xbb8e9893, 0xe7087477),
+     TOBN(0x2dba1ddb, 0x14c6e5fd), TOBN(0xdba37886, 0x51f57e6c),
+     TOBN(0x5aaee0a6, 0x5a72f2cf), TOBN(0x1208bfbf, 0x7bea5642),
+     TOBN(0xf5c6aa3b, 0x67872c37), TOBN(0xd726e083, 0x43f93224),
+     TOBN(0x1854daa5, 0x061f1658), TOBN(0xc0016df1, 0xdf0cd2b3),
+     TOBN(0xc2a3f23e, 0x833d50de), TOBN(0x73b681d2, 0xbbbd3017),
+     TOBN(0x2f046dc4, 0x3ac343c0), TOBN(0x9c847e7d, 0x85716421),
+     TOBN(0xe1e13c91, 0x0917eed4), TOBN(0x3fc9eebd, 0x63a1b9c6),
+     TOBN(0x0f816a72, 0x7fe02299), TOBN(0x6335ccc2, 0x294f3319),
+     TOBN(0x3820179f, 0x4745c5be), TOBN(0xe647b782, 0x922f066e),
+     TOBN(0xc22e49de, 0x02cafb8a), TOBN(0x299bc2ff, 0xfcc2eccc),
+     TOBN(0x9a8feea2, 0x6e0e8282), TOBN(0xa627278b, 0xfe893205),
+     TOBN(0xa7e19733, 0x7933e47b), TOBN(0xf4ff6b13, 0x2e766402),
+     TOBN(0xa4d8be0a, 0x98440d9f), TOBN(0x658f5c2f, 0x38938808),
+     TOBN(0x90b75677, 0xc95b3b3e), TOBN(0xfa044269, 0x3137b6ff),
+     TOBN(0x077b039b, 0x43c47c29), TOBN(0xcca95dd3, 0x8a6445b2),
+     TOBN(0x0b498ba4, 0x2333fc4c), TOBN(0x274f8e68, 0xf736a1b1),
+     TOBN(0x6ca348fd, 0x5f1d4b2e), TOBN(0x24d3be78, 0xa8f10199),
+     TOBN(0x8535f858, 0xca14f530), TOBN(0xa6e7f163, 0x5b982e51),
+     TOBN(0x847c8512, 0x36e1bf62), TOBN(0xf6a7c58e, 0x03448418),
+     TOBN(0x583f3703, 0xf9374ab6), TOBN(0x864f9195, 0x6e564145),
+     TOBN(0x33bc3f48, 0x22526d50), TOBN(0x9f323c80, 0x1262a496),
+     TOBN(0xaa97a7ae, 0x3f046a9a), TOBN(0x70da183e, 0xdf8a039a),
+     TOBN(0x5b68f71c, 0x52aa0ba6), TOBN(0x9be0fe51, 0x21459c2d),
+     TOBN(0xc1e17eb6, 0xcbc613e5), TOBN(0x33131d55, 0x497ea61c),
+     TOBN(0x2f69d39e, 0xaf7eded5), TOBN(0x73c2f434, 0xde6af11b),
+     TOBN(0x4ca52493, 0xa4a375fa), TOBN(0x5f06787c, 0xb833c5c2),
+     TOBN(0x814e091f, 0x3e6e71cf), TOBN(0x76451f57, 0x8b746666)}
+    ,
+    {TOBN(0x80f9bdef, 0x694db7e0), TOBN(0xedca8787, 0xb9fcddc6),
+     TOBN(0x51981c34, 0x03b8dce1), TOBN(0x4274dcf1, 0x70e10ba1),
+     TOBN(0xf72743b8, 0x6def6d1a), TOBN(0xd25b1670, 0xebdb1866),
+     TOBN(0xc4491e8c, 0x050c6f58), TOBN(0x2be2b2ab, 0x87fbd7f5),
+     TOBN(0x3e0e5c9d, 0xd111f8ec), TOBN(0xbcc33f8d, 0xb7c4e760),
+     TOBN(0x702f9a91, 0xbd392a51), TOBN(0x7da4a795, 0xc132e92d),
+     TOBN(0x1a0b0ae3, 0x0bb1151b), TOBN(0x54febac8, 0x02e32251),
+     TOBN(0xea3a5082, 0x694e9e78), TOBN(0xe58ffec1, 0xe4fe40b8),
+     TOBN(0xf85592fc, 0xd1e0cf9e), TOBN(0xdea75f0d, 0xc0e7b2e8),
+     TOBN(0xc04215cf, 0xc135584e), TOBN(0x174fc727, 0x2f57092a),
+     TOBN(0xe7277877, 0xeb930bea), TOBN(0x504caccb, 0x5eb02a5a),
+     TOBN(0xf9fe08f7, 0xf5241b9b), TOBN(0xe7fb62f4, 0x8d5ca954),
+     TOBN(0xfbb8349d, 0x29c4120b), TOBN(0x9f94391f, 0xc0d0d915),
+     TOBN(0xc4074fa7, 0x5410ba51), TOBN(0xa66adbf6, 0x150a5911),
+     TOBN(0xc164543c, 0x34bfca38), TOBN(0xe0f27560, 0xb9e1ccfc),
+     TOBN(0x99da0f53, 0xe820219c), TOBN(0xe8234498, 0xc6b4997a),
+     TOBN(0xcfb88b76, 0x9d4c5423), TOBN(0x9e56eb10, 0xb0521c49),
+     TOBN(0x418e0b5e, 0xbe8700a1), TOBN(0x00cbaad6, 0xf93cb58a),
+     TOBN(0xe923fbde, 0xd92a5e67), TOBN(0xca4979ac, 0x1f347f11),
+     TOBN(0x89162d85, 0x6bc0585b), TOBN(0xdd6254af, 0xac3c70e3),
+     TOBN(0x7b23c513, 0x516e19e4), TOBN(0x56e2e847, 0xc5c4d593),
+     TOBN(0x9f727d73, 0x5ce71ef6), TOBN(0x5b6304a6, 0xf79a44c5),
+     TOBN(0x6638a736, 0x3ab7e433), TOBN(0x1adea470, 0xfe742f83),
+     TOBN(0xe054b854, 0x5b7fc19f), TOBN(0xf935381a, 0xba1d0698),
+     TOBN(0x546eab2d, 0x799e9a74), TOBN(0x96239e0e, 0xa949f729),
+     TOBN(0xca274c6b, 0x7090055a), TOBN(0x835142c3, 0x9020c9b0),
+     TOBN(0xa405667a, 0xa2e8807f), TOBN(0x29f2c085, 0x1aa3d39e),
+     TOBN(0xcc555d64, 0x42fc72f5), TOBN(0xe856e0e7, 0xfbeacb3c),
+     TOBN(0xb5504f9d, 0x918e4936), TOBN(0x65035ef6, 0xb2513982),
+     TOBN(0x0553a0c2, 0x6f4d9cb9), TOBN(0x6cb10d56, 0xbea85509),
+     TOBN(0x48d957b7, 0xa242da11), TOBN(0x16a4d3dd, 0x672b7268),
+     TOBN(0x3d7e637c, 0x8502a96b), TOBN(0x27c7032b, 0x730d463b),
+     TOBN(0xbdc02b18, 0xe4136a14), TOBN(0xbacf969d, 0x678e32bf),
+     TOBN(0xc98d89a3, 0xdd9c3c03), TOBN(0x7b92420a, 0x23becc4f),
+     TOBN(0xd4b41f78, 0xc64d565c), TOBN(0x9f969d00, 0x10f28295),
+     TOBN(0xec7f7f76, 0xb13d051a), TOBN(0x08945e1e, 0xa92da585),
+     TOBN(0x55366b7d, 0x5846426f), TOBN(0xe7d09e89, 0x247d441d),
+     TOBN(0x510b404d, 0x736fbf48), TOBN(0x7fa003d0, 0xe784bd7d),
+     TOBN(0x25f7614f, 0x17fd9596), TOBN(0x49e0e0a1, 0x35cb98db),
+     TOBN(0x2c65957b, 0x2e83a76a), TOBN(0x5d40da8d, 0xcddbe0f8),
+     TOBN(0xf2b8c405, 0x050bad24), TOBN(0x8918426d, 0xc2aa4823),
+     TOBN(0x2aeab3dd, 0xa38365a7), TOBN(0x72031717, 0x7c91b690),
+     TOBN(0x8b00d699, 0x60a94120), TOBN(0x478a255d, 0xe99eaeec),
+     TOBN(0xbf656a5f, 0x6f60aafd), TOBN(0xdfd7cb75, 0x5dee77b3),
+     TOBN(0x37f68bb4, 0xa595939d), TOBN(0x03556479, 0x28740217),
+     TOBN(0x8e740e7c, 0x84ad7612), TOBN(0xd89bc843, 0x9044695f),
+     TOBN(0xf7f3da5d, 0x85a9184d), TOBN(0x562563bb, 0x9fc0b074),
+     TOBN(0x06d2e6aa, 0xf88a888e), TOBN(0x612d8643, 0x161fbe7c),
+     TOBN(0x465edba7, 0xf64085e7), TOBN(0xb230f304, 0x29aa8511),
+     TOBN(0x53388426, 0xcda2d188), TOBN(0x90885735, 0x4b666649),
+     TOBN(0x6f02ff9a, 0x652f54f6), TOBN(0x65c82294, 0x5fae2bf0),
+     TOBN(0x7816ade0, 0x62f5eee3), TOBN(0xdcdbdf43, 0xfcc56d70),
+     TOBN(0x9fb3bba3, 0x54530bb2), TOBN(0xbde3ef77, 0xcb0869ea),
+     TOBN(0x89bc9046, 0x0b431163), TOBN(0x4d03d7d2, 0xe4819a35),
+     TOBN(0x33ae4f9e, 0x43b6a782), TOBN(0x216db307, 0x9c88a686),
+     TOBN(0x91dd88e0, 0x00ffedd9), TOBN(0xb280da9f, 0x12bd4840),
+     TOBN(0x32a7cb8a, 0x1635e741), TOBN(0xfe14008a, 0x78be02a7),
+     TOBN(0x3fafb334, 0x1b7ae030), TOBN(0x7fd508e7, 0x5add0ce9),
+     TOBN(0x72c83219, 0xd607ad51), TOBN(0x0f229c0a, 0x8d40964a),
+     TOBN(0x1be2c336, 0x1c878da2), TOBN(0xe0c96742, 0xeab2ab86),
+     TOBN(0x458f8691, 0x3e538cd7), TOBN(0xa7001f6c, 0x8e08ad53),
+     TOBN(0x52b8c6e6, 0xbf5d15ff), TOBN(0x548234a4, 0x011215dd),
+     TOBN(0xff5a9d2d, 0x3d5b4045), TOBN(0xb0ffeeb6, 0x4a904190),
+     TOBN(0x55a3aca4, 0x48607f8b), TOBN(0x8cbd665c, 0x30a0672a),
+     TOBN(0x87f834e0, 0x42583068), TOBN(0x02da2aeb, 0xf3f6e683),
+     TOBN(0x6b763e5d, 0x05c12248), TOBN(0x7230378f, 0x65a8aefc),
+     TOBN(0x93bd80b5, 0x71e8e5ca), TOBN(0x53ab041c, 0xb3b62524),
+     TOBN(0x1b860513, 0x6c9c552e), TOBN(0xe84d402c, 0xd5524e66),
+     TOBN(0xa37f3573, 0xf37f5937), TOBN(0xeb0f6c7d, 0xd1e4fca5),
+     TOBN(0x2965a554, 0xac8ab0fc), TOBN(0x17fbf56c, 0x274676ac),
+     TOBN(0x2e2f6bd9, 0xacf7d720), TOBN(0x41fc8f88, 0x10224766),
+     TOBN(0x517a14b3, 0x85d53bef), TOBN(0xdae327a5, 0x7d76a7d1),
+     TOBN(0x6ad0a065, 0xc4818267), TOBN(0x33aa189b, 0x37c1bbc1),
+     TOBN(0x64970b52, 0x27392a92), TOBN(0x21699a1c, 0x2d1535ea),
+     TOBN(0xcd20779c, 0xc2d7a7fd), TOBN(0xe3186059, 0x99c83cf2),
+     TOBN(0x9b69440b, 0x72c0b8c7), TOBN(0xa81497d7, 0x7b9e0e4d),
+     TOBN(0x515d5c89, 0x1f5f82dc), TOBN(0x9a7f67d7, 0x6361079e),
+     TOBN(0xa8da81e3, 0x11a35330), TOBN(0xe44990c4, 0x4b18be1b),
+     TOBN(0xc7d5ed95, 0xaf103e59), TOBN(0xece8aba7, 0x8dac9261),
+     TOBN(0xbe82b099, 0x9394b8d3), TOBN(0x6830f09a, 0x16adfe83),
+     TOBN(0x250a29b4, 0x88172d01), TOBN(0x8b20bd65, 0xcaff9e02),
+     TOBN(0xb8a7661e, 0xe8a6329a), TOBN(0x4520304d, 0xd3fce920),
+     TOBN(0xae45da1f, 0x2b47f7ef), TOBN(0xe07f5288, 0x5bffc540),
+     TOBN(0xf7997009, 0x3464f874), TOBN(0x2244c2cd, 0xa6fa1f38),
+     TOBN(0x43c41ac1, 0x94d7d9b1), TOBN(0x5bafdd82, 0xc82e7f17),
+     TOBN(0xdf0614c1, 0x5fda0fca), TOBN(0x74b043a7, 0xa8ae37ad),
+     TOBN(0x3ba6afa1, 0x9e71734c), TOBN(0x15d5437e, 0x9c450f2e),
+     TOBN(0x4a5883fe, 0x67e242b1), TOBN(0x5143bdc2, 0x2c1953c2),
+     TOBN(0x542b8b53, 0xfc5e8920), TOBN(0x363bf9a8, 0x9a9cee08),
+     TOBN(0x02375f10, 0xc3486e08), TOBN(0x2037543b, 0x8c5e70d2),
+     TOBN(0x7109bccc, 0x625640b4), TOBN(0xcbc1051e, 0x8bc62c3b),
+     TOBN(0xf8455fed, 0x803f26ea), TOBN(0x6badceab, 0xeb372424),
+     TOBN(0xa2a9ce7c, 0x6b53f5f9), TOBN(0x64246595, 0x1b176d99),
+     TOBN(0xb1298d36, 0xb95c081b), TOBN(0x53505bb8, 0x1d9a9ee6),
+     TOBN(0x3f6f9e61, 0xf2ba70b0), TOBN(0xd07e16c9, 0x8afad453),
+     TOBN(0x9f1694bb, 0xe7eb4a6a), TOBN(0xdfebced9, 0x3cb0bc8e),
+     TOBN(0x92d3dcdc, 0x53868c8b), TOBN(0x174311a2, 0x386107a6),
+     TOBN(0x4109e07c, 0x689b4e64), TOBN(0x30e4587f, 0x2df3dcb6),
+     TOBN(0x841aea31, 0x0811b3b2), TOBN(0x6144d41d, 0x0cce43ea),
+     TOBN(0x464c4581, 0x2a9a7803), TOBN(0xd03d371f, 0x3e158930),
+     TOBN(0xc676d7f2, 0xb1f3390b), TOBN(0x9f7a1b8c, 0xa5b61272),
+     TOBN(0x4ebebfc9, 0xc2e127a9), TOBN(0x4602500c, 0x5dd997bf),
+     TOBN(0x7f09771c, 0x4711230f), TOBN(0x058eb37c, 0x020f09c1),
+     TOBN(0xab693d4b, 0xfee5e38b), TOBN(0x9289eb1f, 0x4653cbc0),
+     TOBN(0xbecf46ab, 0xd51b9cf5), TOBN(0xd2aa9c02, 0x9f0121af),
+     TOBN(0x36aaf7d2, 0xe90dc274), TOBN(0x909e4ea0, 0x48b95a3c),
+     TOBN(0xe6b70496, 0x6f32dbdb), TOBN(0x672188a0, 0x8b030b3e),
+     TOBN(0xeeffe5b3, 0xcfb617e2), TOBN(0x87e947de, 0x7c82709e),
+     TOBN(0xa44d2b39, 0x1770f5a7), TOBN(0xe4d4d791, 0x0e44eb82),
+     TOBN(0x42e69d1e, 0x3f69712a), TOBN(0xbf11c4d6, 0xac6a820e),
+     TOBN(0xb5e7f3e5, 0x42c4224c), TOBN(0xd6b4e81c, 0x449d941c),
+     TOBN(0x5d72bd16, 0x5450e878), TOBN(0x6a61e28a, 0xee25ac54),
+     TOBN(0x33272094, 0xe6f1cd95), TOBN(0x7512f30d, 0x0d18673f),
+     TOBN(0x32f7a4ca, 0x5afc1464), TOBN(0x2f095656, 0x6bbb977b),
+     TOBN(0x586f47ca, 0xa8226200), TOBN(0x02c868ad, 0x1ac07369),
+     TOBN(0x4ef2b845, 0xc613acbe), TOBN(0x43d7563e, 0x0386054c),
+     TOBN(0x54da9dc7, 0xab952578), TOBN(0xb5423df2, 0x26e84d0b),
+     TOBN(0xa8b64eeb, 0x9b872042), TOBN(0xac205782, 0x5990f6df),
+     TOBN(0x4ff696eb, 0x21f4c77a), TOBN(0x1a79c3e4, 0xaab273af),
+     TOBN(0x29bc922e, 0x9436b3f1), TOBN(0xff807ef8, 0xd6d9a27a),
+     TOBN(0x82acea3d, 0x778f22a0), TOBN(0xfb10b2e8, 0x5b5e7469),
+     TOBN(0xc0b16980, 0x2818ee7d), TOBN(0x011afff4, 0xc91c1a2f),
+     TOBN(0x95a6d126, 0xad124418), TOBN(0x31c081a5, 0xe72e295f),
+     TOBN(0x36bb283a, 0xf2f4db75), TOBN(0xd115540f, 0x7acef462),
+     TOBN(0xc7f3a8f8, 0x33f6746c), TOBN(0x21e46f65, 0xfea990ca),
+     TOBN(0x915fd5c5, 0xcaddb0a9), TOBN(0xbd41f016, 0x78614555),
+     TOBN(0x346f4434, 0x426ffb58), TOBN(0x80559436, 0x14dbc204),
+     TOBN(0xf3dd20fe, 0x5a969b7f), TOBN(0x9d59e956, 0xe899a39a),
+     TOBN(0xf1b0971c, 0x8ad4cf4b), TOBN(0x03448860, 0x2ffb8fb8),
+     TOBN(0xf071ac3c, 0x65340ba4), TOBN(0x408d0596, 0xb27fd758),
+     TOBN(0xe7c78ea4, 0x98c364b0), TOBN(0xa4aac4a5, 0x051e8ab5),
+     TOBN(0xb9e1d560, 0x485d9002), TOBN(0x9acd518a, 0x88844455),
+     TOBN(0xe4ca688f, 0xd06f56c0), TOBN(0xa48af70d, 0xdf027972),
+     TOBN(0x691f0f04, 0x5e9a609d), TOBN(0xa9dd82cd, 0xee61270e),
+     TOBN(0x8903ca63, 0xa0ef18d3), TOBN(0x9fb7ee35, 0x3d6ca3bd),
+     TOBN(0xa7b4a09c, 0xabf47d03), TOBN(0x4cdada01, 0x1c67de8e),
+     TOBN(0x52003749, 0x9355a244), TOBN(0xe77fd2b6, 0x4f2151a9),
+     TOBN(0x695d6cf6, 0x66b4efcb), TOBN(0xc5a0cacf, 0xda2cfe25),
+     TOBN(0x104efe5c, 0xef811865), TOBN(0xf52813e8, 0x9ea5cc3d),
+     TOBN(0x855683dc, 0x40b58dbc), TOBN(0x0338ecde, 0x175fcb11),
+     TOBN(0xf9a05637, 0x74921592), TOBN(0xb4f1261d, 0xb9bb9d31),
+     TOBN(0x551429b7, 0x4e9c5459), TOBN(0xbe182e6f, 0x6ea71f53),
+     TOBN(0xd3a3b07c, 0xdfc50573), TOBN(0x9ba1afda, 0x62be8d44),
+     TOBN(0x9bcfd2cb, 0x52ab65d3), TOBN(0xdf11d547, 0xa9571802),
+     TOBN(0x099403ee, 0x02a2404a), TOBN(0x497406f4, 0x21088a71),
+     TOBN(0x99479409, 0x5004ae71), TOBN(0xbdb42078, 0xa812c362),
+     TOBN(0x2b72a30f, 0xd8828442), TOBN(0x283add27, 0xfcb5ed1c),
+     TOBN(0xf7c0e200, 0x66a40015), TOBN(0x3e3be641, 0x08b295ef),
+     TOBN(0xac127dc1, 0xe038a675), TOBN(0x729deff3, 0x8c5c6320),
+     TOBN(0xb7df8fd4, 0xa90d2c53), TOBN(0x9b74b0ec, 0x681e7cd3),
+     TOBN(0x5cb5a623, 0xdab407e5), TOBN(0xcdbd3615, 0x76b340c6),
+     TOBN(0xa184415a, 0x7d28392c), TOBN(0xc184c1d8, 0xe96f7830),
+     TOBN(0xc3204f19, 0x81d3a80f), TOBN(0xfde0c841, 0xc8e02432),
+     TOBN(0x78203b3e, 0x8149e0c1), TOBN(0x5904bdbb, 0x08053a73),
+     TOBN(0x30fc1dd1, 0x101b6805), TOBN(0x43c223bc, 0x49aa6d49),
+     TOBN(0x9ed67141, 0x7a174087), TOBN(0x311469a0, 0xd5997008),
+     TOBN(0xb189b684, 0x5e43fc61), TOBN(0xf3282375, 0xe0d3ab57),
+     TOBN(0x4fa34b67, 0xb1181da8), TOBN(0x621ed0b2, 0x99ee52b8),
+     TOBN(0x9b178de1, 0xad990676), TOBN(0xd51de67b, 0x56d54065),
+     TOBN(0x2a2c27c4, 0x7538c201), TOBN(0x33856ec8, 0x38a40f5c),
+     TOBN(0x2522fc15, 0xbe6cdcde), TOBN(0x1e603f33, 0x9f0c6f89),
+     TOBN(0x7994edc3, 0x103e30a6), TOBN(0x033a00db, 0x220c853e),
+     TOBN(0xd3cfa409, 0xf7bb7fd7), TOBN(0x70f8781e, 0x462d18f6),
+     TOBN(0xbbd82980, 0x687fe295), TOBN(0x6eef4c32, 0x595669f3),
+     TOBN(0x86a9303b, 0x2f7e85c3), TOBN(0x5fce4621, 0x71988f9b),
+     TOBN(0x5b935bf6, 0xc138acb5), TOBN(0x30ea7d67, 0x25661212),
+     TOBN(0xef1eb5f4, 0xe51ab9a2), TOBN(0x0587c98a, 0xae067c78),
+     TOBN(0xb3ce1b3c, 0x77ca9ca6), TOBN(0x2a553d4d, 0x54b5f057),
+     TOBN(0xc7898236, 0x4da29ec2), TOBN(0xdbdd5d13, 0xb9c57316),
+     TOBN(0xc57d6e6b, 0x2cd80d47), TOBN(0x80b460cf, 0xfe9e7391),
+     TOBN(0x98648cab, 0xf963c31e), TOBN(0x67f9f633, 0xcc4d32fd),
+     TOBN(0x0af42a9d, 0xfdf7c687), TOBN(0x55f292a3, 0x0b015ea7),
+     TOBN(0x89e468b2, 0xcd21ab3d), TOBN(0xe504f022, 0xc393d392),
+     TOBN(0xab21e1d4, 0xa5013af9), TOBN(0xe3283f78, 0xc2c28acb),
+     TOBN(0xf38b35f6, 0x226bf99f), TOBN(0xe8354274, 0x0e291e69),
+     TOBN(0x61673a15, 0xb20c162d), TOBN(0xc101dc75, 0xb04fbdbe),
+     TOBN(0x8323b4c2, 0x255bd617), TOBN(0x6c969693, 0x6c2a9154),
+     TOBN(0xc6e65860, 0x62679387), TOBN(0x8e01db0c, 0xb8c88e23),
+     TOBN(0x33c42873, 0x893a5559), TOBN(0x7630f04b, 0x47a3e149),
+     TOBN(0xb5d80805, 0xddcf35f8), TOBN(0x582ca080, 0x77dfe732),
+     TOBN(0x2c7156e1, 0x0b1894a0), TOBN(0x92034001, 0xd81c68c0),
+     TOBN(0xed225d00, 0xc8b115b5), TOBN(0x237f9c22, 0x83b907f2),
+     TOBN(0x0ea2f32f, 0x4470e2c0), TOBN(0xb725f7c1, 0x58be4e95),
+     TOBN(0x0f1dcafa, 0xb1ae5463), TOBN(0x59ed5187, 0x1ba2fc04),
+     TOBN(0xf6e0f316, 0xd0115d4d), TOBN(0x5180b12f, 0xd3691599),
+     TOBN(0x157e32c9, 0x527f0a41), TOBN(0x7b0b081d, 0xa8e0ecc0),
+     TOBN(0x6dbaaa8a, 0xbf4f0dd0), TOBN(0x99b289c7, 0x4d252696),
+     TOBN(0x79b7755e, 0xdbf864fe), TOBN(0x6974e2b1, 0x76cad3ab),
+     TOBN(0x35dbbee2, 0x06ddd657), TOBN(0xe7cbdd11, 0x2ff3a96d),
+     TOBN(0x88381968, 0x076be758), TOBN(0x2d737e72, 0x08c91f5d),
+     TOBN(0x5f83ab62, 0x86ec3776), TOBN(0x98aa649d, 0x945fa7a1),
+     TOBN(0xf477ec37, 0x72ef0933), TOBN(0x66f52b1e, 0x098c17b1),
+     TOBN(0x9eec58fb, 0xd803738b), TOBN(0x91aaade7, 0xe4e86aa4),
+     TOBN(0x6b1ae617, 0xa5b51492), TOBN(0x63272121, 0xbbc45974),
+     TOBN(0x7e0e28f0, 0x862c5129), TOBN(0x0a8f79a9, 0x3321a4a0),
+     TOBN(0xe26d1664, 0x5041c88f), TOBN(0x0571b805, 0x53233e3a),
+     TOBN(0xd1b0ccde, 0xc9520711), TOBN(0x55a9e4ed, 0x3c8b84bf),
+     TOBN(0x9426bd39, 0xa1fef314), TOBN(0x4f5f638e, 0x6eb93f2b),
+     TOBN(0xba2a1ed3, 0x2bf9341b), TOBN(0xd63c1321, 0x4d42d5a9),
+     TOBN(0xd2964a89, 0x316dc7c5), TOBN(0xd1759606, 0xca511851),
+     TOBN(0xd8a9201f, 0xf9e6ed35), TOBN(0xb7b5ee45, 0x6736925a),
+     TOBN(0x0a83fbbc, 0x99581af7), TOBN(0x3076bc40, 0x64eeb051),
+     TOBN(0x5511c98c, 0x02dec312), TOBN(0x270de898, 0x238dcb78),
+     TOBN(0x2cf4cf9c, 0x539c08c9), TOBN(0xa70cb65e, 0x38d3b06e),
+     TOBN(0xb12ec10e, 0xcfe57bbd), TOBN(0x82c7b656, 0x35a0c2b5),
+     TOBN(0xddc7d5cd, 0x161c67bd), TOBN(0xe32e8985, 0xae3a32cc),
+     TOBN(0x7aba9444, 0xd11a5529), TOBN(0xe964ed02, 0x2427fa1a),
+     TOBN(0x1528392d, 0x24a1770a), TOBN(0xa152ce2c, 0x12c72fcd),
+     TOBN(0x714553a4, 0x8ec07649), TOBN(0x18b4c290, 0x459dd453),
+     TOBN(0xea32b714, 0x7b64b110), TOBN(0xb871bfa5, 0x2e6f07a2),
+     TOBN(0xb67112e5, 0x9e2e3c9b), TOBN(0xfbf250e5, 0x44aa90f6),
+     TOBN(0xf77aedb8, 0xbd539006), TOBN(0x3b0cdf9a, 0xd172a66f),
+     TOBN(0xedf69fea, 0xf8c51187), TOBN(0x05bb67ec, 0x741e4da7),
+     TOBN(0x47df0f32, 0x08114345), TOBN(0x56facb07, 0xbb9792b1),
+     TOBN(0xf3e007e9, 0x8f6229e4), TOBN(0x62d103f4, 0x526fba0f),
+     TOBN(0x4f33bef7, 0xb0339d79), TOBN(0x9841357b, 0xb59bfec1),
+     TOBN(0xfa8dbb59, 0xc34e6705), TOBN(0xc3c7180b, 0x7fdaa84c),
+     TOBN(0xf95872fc, 0xa4108537), TOBN(0x8750cc3b, 0x932a3e5a),
+     TOBN(0xb61cc69d, 0xb7275d7d), TOBN(0xffa0168b, 0x2e59b2e9),
+     TOBN(0xca032abc, 0x6ecbb493), TOBN(0x1d86dbd3, 0x2c9082d8),
+     TOBN(0xae1e0b67, 0xe28ef5ba), TOBN(0x2c9a4699, 0xcb18e169),
+     TOBN(0x0ecd0e33, 0x1e6bbd20), TOBN(0x571b360e, 0xaf5e81d2),
+     TOBN(0xcd9fea58, 0x101c1d45), TOBN(0x6651788e, 0x18880452),
+     TOBN(0xa9972635, 0x1f8dd446), TOBN(0x44bed022, 0xe37281d0),
+     TOBN(0x094b2b2d, 0x33da525d), TOBN(0xf193678e, 0x13144fd8),
+     TOBN(0xb8ab5ba4, 0xf4c1061d), TOBN(0x4343b5fa, 0xdccbe0f4),
+     TOBN(0xa8702371, 0x63812713), TOBN(0x47bf6d2d, 0xf7611d93),
+     TOBN(0x46729b8c, 0xbd21e1d7), TOBN(0x7484d4e0, 0xd629e77d),
+     TOBN(0x830e6eea, 0x60dbac1f), TOBN(0x23d8c484, 0xda06a2f7),
+     TOBN(0x896714b0, 0x50ca535b), TOBN(0xdc8d3644, 0xebd97a9b),
+     TOBN(0x106ef9fa, 0xb12177b4), TOBN(0xf79bf464, 0x534d5d9c),
+     TOBN(0x2537a349, 0xa6ab360b), TOBN(0xc7c54253, 0xa00c744f),
+     TOBN(0xb3c7a047, 0xe5911a76), TOBN(0x61ffa5c8, 0x647f1ee7),
+     TOBN(0x15aed36f, 0x8f56ab42), TOBN(0x6a0d41b0, 0xa3ff9ac9),
+     TOBN(0x68f469f5, 0xcc30d357), TOBN(0xbe9adf81, 0x6b72be96),
+     TOBN(0x1cd926fe, 0x903ad461), TOBN(0x7e89e38f, 0xcaca441b),
+     TOBN(0xf0f82de5, 0xfacf69d4), TOBN(0x363b7e76, 0x4775344c),
+     TOBN(0x6894f312, 0xb2e36d04), TOBN(0x3c6cb4fe, 0x11d1c9a5),
+     TOBN(0x85d9c339, 0x4008e1f2), TOBN(0x5e9a85ea, 0x249f326c),
+     TOBN(0xdc35c60a, 0x678c5e06), TOBN(0xc08b944f, 0x9f86fba9),
+     TOBN(0xde40c02c, 0x89f71f0f), TOBN(0xad8f3e31, 0xff3da3c0),
+     TOBN(0x3ea5096b, 0x42125ded), TOBN(0x13879cbf, 0xa7379183),
+     TOBN(0x6f4714a5, 0x6b306a0b), TOBN(0x359c2ea6, 0x67646c5e),
+     TOBN(0xfacf8943, 0x07726368), TOBN(0x07a58935, 0x65ff431e),
+     TOBN(0x24d661d1, 0x68754ab0), TOBN(0x801fce1d, 0x6f429a76),
+     TOBN(0xc068a85f, 0xa58ce769), TOBN(0xedc35c54, 0x5d5eca2b),
+     TOBN(0xea31276f, 0xa3f660d1), TOBN(0xa0184ebe, 0xb8fc7167),
+     TOBN(0x0f20f21a, 0x1d8db0ae), TOBN(0xd96d095f, 0x56c35e12),
+     TOBN(0xedf402b5, 0xf8c2a25b), TOBN(0x1bb772b9, 0x059204b6),
+     TOBN(0x50cbeae2, 0x19b4e34c), TOBN(0x93109d80, 0x3fa0845a),
+     TOBN(0x54f7ccf7, 0x8ef59fb5), TOBN(0x3b438fe2, 0x88070963),
+     TOBN(0x9e28c659, 0x31f3ba9b), TOBN(0x9cc31b46, 0xead9da92),
+     TOBN(0x3c2f0ba9, 0xb733aa5f), TOBN(0xdece47cb, 0xf05af235),
+     TOBN(0xf8e3f715, 0xa2ac82a5), TOBN(0xc97ba641, 0x2203f18a),
+     TOBN(0xc3af5504, 0x09c11060), TOBN(0x56ea2c05, 0x46af512d),
+     TOBN(0xfac28daf, 0xf3f28146), TOBN(0x87fab43a, 0x959ef494),}
+    ,
+    {TOBN(0x09891641, 0xd4c5105f), TOBN(0x1ae80f8e, 0x6d7fbd65),
+     TOBN(0x9d67225f, 0xbee6bdb0), TOBN(0x3b433b59, 0x7fc4d860),
+     TOBN(0x44e66db6, 0x93e85638), TOBN(0xf7b59252, 0xe3e9862f),
+     TOBN(0xdb785157, 0x665c32ec), TOBN(0x702fefd7, 0xae362f50),
+     TOBN(0x3754475d, 0x0fefb0c3), TOBN(0xd48fb56b, 0x46d7c35d),
+     TOBN(0xa070b633, 0x363798a4), TOBN(0xae89f3d2, 0x8fdb98e6),
+     TOBN(0x970b89c8, 0x6363d14c), TOBN(0x89817521, 0x67abd27d),
+     TOBN(0x9bf7d474, 0x44d5a021), TOBN(0xb3083baf, 0xcac72aee),
+     TOBN(0x389741de, 0xbe949a44), TOBN(0x638e9388, 0x546a4fa5),
+     TOBN(0x3fe6419c, 0xa0047bdc), TOBN(0x7047f648, 0xaaea57ca),
+     TOBN(0x54e48a90, 0x41fbab17), TOBN(0xda8e0b28, 0x576bdba2),
+     TOBN(0xe807eebc, 0xc72afddc), TOBN(0x07d3336d, 0xf42577bf),
+     TOBN(0x62a8c244, 0xbfe20925), TOBN(0x91c19ac3, 0x8fdce867),
+     TOBN(0x5a96a5d5, 0xdd387063), TOBN(0x61d587d4, 0x21d324f6),
+     TOBN(0xe87673a2, 0xa37173ea), TOBN(0x23848008, 0x53778b65),
+     TOBN(0x10f8441e, 0x05bab43e), TOBN(0xfa11fe12, 0x4621efbe),
+     TOBN(0x047b772e, 0x81685d7b), TOBN(0x23f27d81, 0xbf34a976),
+     TOBN(0xc27608e2, 0x915f48ef), TOBN(0x3b0b43fa, 0xa521d5c3),
+     TOBN(0x7613fb26, 0x63ca7284), TOBN(0x7f5729b4, 0x1d4db837),
+     TOBN(0x87b14898, 0x583b526b), TOBN(0x00b732a6, 0xbbadd3d1),
+     TOBN(0x8e02f426, 0x2048e396), TOBN(0x436b50b6, 0x383d9de4),
+     TOBN(0xf78d3481, 0x471e85ad), TOBN(0x8b01ea6a, 0xd005c8d6),
+     TOBN(0xd3c7afee, 0x97015c07), TOBN(0x46cdf1a9, 0x4e3ba2ae),
+     TOBN(0x7a42e501, 0x83d3a1d2), TOBN(0xd54b5268, 0xb541dff4),
+     TOBN(0x3f24cf30, 0x4e23e9bc), TOBN(0x4387f816, 0x126e3624),
+     TOBN(0x26a46a03, 0x3b0b6d61), TOBN(0xaf1bc845, 0x8b2d777c),
+     TOBN(0x25c401ba, 0x527de79c), TOBN(0x0e1346d4, 0x4261bbb6),
+     TOBN(0x4b96c44b, 0x287b4bc7), TOBN(0x658493c7, 0x5254562f),
+     TOBN(0x23f949fe, 0xb8a24a20), TOBN(0x17ebfed1, 0xf52ca53f),
+     TOBN(0x9b691bbe, 0xbcfb4853), TOBN(0x5617ff6b, 0x6278a05d),
+     TOBN(0x241b34c5, 0xe3c99ebd), TOBN(0xfc64242e, 0x1784156a),
+     TOBN(0x4206482f, 0x695d67df), TOBN(0xb967ce0e, 0xee27c011),
+     TOBN(0x65db3751, 0x21c80b5d), TOBN(0x2e7a563c, 0xa31ecca0),
+     TOBN(0xe56ffc4e, 0x5238a07e), TOBN(0x3d6c2966, 0x32ced854),
+     TOBN(0xe99d7d1a, 0xaf70b885), TOBN(0xafc3bad9, 0x2d686459),
+     TOBN(0x9c78bf46, 0x0cc8ba5b), TOBN(0x5a439519, 0x18955aa3),
+     TOBN(0xf8b517a8, 0x5fe4e314), TOBN(0xe60234d0, 0xfcb8906f),
+     TOBN(0xffe542ac, 0xf2061b23), TOBN(0x287e191f, 0x6b4cb59c),
+     TOBN(0x21857ddc, 0x09d877d8), TOBN(0x1c23478c, 0x14678941),
+     TOBN(0xbbf0c056, 0xb6e05ea4), TOBN(0x82da4b53, 0xb01594fe),
+     TOBN(0xf7526791, 0xfadb8608), TOBN(0x049e832d, 0x7b74cdf6),
+     TOBN(0xa43581cc, 0xc2b90a34), TOBN(0x73639eb8, 0x9360b10c),
+     TOBN(0x4fba331f, 0xe1e4a71b), TOBN(0x6ffd6b93, 0x8072f919),
+     TOBN(0x6e53271c, 0x65679032), TOBN(0x67206444, 0xf14272ce),
+     TOBN(0xc0f734a3, 0xb2335834), TOBN(0x9526205a, 0x90ef6860),
+     TOBN(0xcb8be717, 0x04e2bb0d), TOBN(0x2418871e, 0x02f383fa),
+     TOBN(0xd7177681, 0x4082c157), TOBN(0xcc914ad0, 0x29c20073),
+     TOBN(0xf186c1eb, 0xe587e728), TOBN(0x6fdb3c22, 0x61bcd5fd),
+     TOBN(0x30d014a6, 0xf2f9f8e9), TOBN(0x963ece23, 0x4fec49d2),
+     TOBN(0x862025c5, 0x9605a8d9), TOBN(0x39874445, 0x19f8929a),
+     TOBN(0x01b6ff65, 0x12bf476a), TOBN(0x598a64d8, 0x09cf7d91),
+     TOBN(0xd7ec7749, 0x93be56ca), TOBN(0x10899785, 0xcbb33615),
+     TOBN(0xb8a092fd, 0x02eee3ad), TOBN(0xa86b3d35, 0x30145270),
+     TOBN(0x323d98c6, 0x8512b675), TOBN(0x4b8bc785, 0x62ebb40f),
+     TOBN(0x7d301f54, 0x413f9cde), TOBN(0xa5e4fb4f, 0x2bab5664),
+     TOBN(0x1d2b252d, 0x1cbfec23), TOBN(0xfcd576bb, 0xe177120d),
+     TOBN(0x04427d3e, 0x83731a34), TOBN(0x2bb9028e, 0xed836e8e),
+     TOBN(0xb36acff8, 0xb612ca7c), TOBN(0xb88fe5ef, 0xd3d9c73a),
+     TOBN(0xbe2a6bc6, 0xedea4eb3), TOBN(0x43b93133, 0x488eec77),
+     TOBN(0xf41ff566, 0xb17106e1), TOBN(0x469e9172, 0x654efa32),
+     TOBN(0xb4480f04, 0x41c23fa3), TOBN(0xb4712eb0, 0xc1989a2e),
+     TOBN(0x3ccbba0f, 0x93a29ca7), TOBN(0x6e205c14, 0xd619428c),
+     TOBN(0x90db7957, 0xb3641686), TOBN(0x0432691d, 0x45ac8b4e),
+     TOBN(0x07a759ac, 0xf64e0350), TOBN(0x0514d89c, 0x9c972517),
+     TOBN(0x1701147f, 0xa8e67fc3), TOBN(0x9e2e0b8b, 0xab2085be),
+     TOBN(0xd5651824, 0xac284e57), TOBN(0x890d4325, 0x74893664),
+     TOBN(0x8a7c5e6e, 0xc55e68a3), TOBN(0xbf12e90b, 0x4339c85a),
+     TOBN(0x31846b85, 0xf922b655), TOBN(0x9a54ce4d, 0x0bf4d700),
+     TOBN(0xd7f4e83a, 0xf1a14295), TOBN(0x916f955c, 0xb285d4f9),
+     TOBN(0xe57bb0e0, 0x99ffdaba), TOBN(0x28a43034, 0xeab0d152),
+     TOBN(0x0a36ffa2, 0xb8a9cef8), TOBN(0x5517407e, 0xb9ec051a),
+     TOBN(0x9c796096, 0xea68e672), TOBN(0x853db5fb, 0xfb3c77fb),
+     TOBN(0x21474ba9, 0xe864a51a), TOBN(0x6c267699, 0x6e8a1b8b),
+     TOBN(0x7c823626, 0x94120a28), TOBN(0xe61e9a48, 0x8383a5db),
+     TOBN(0x7dd75003, 0x9f84216d), TOBN(0xab020d07, 0xad43cd85),
+     TOBN(0x9437ae48, 0xda12c659), TOBN(0x6449c2eb, 0xe65452ad),
+     TOBN(0xcc7c4c1c, 0x2cf9d7c1), TOBN(0x1320886a, 0xee95e5ab),
+     TOBN(0xbb7b9056, 0xbeae170c), TOBN(0xc8a5b250, 0xdbc0d662),
+     TOBN(0x4ed81432, 0xc11d2303), TOBN(0x7da66912, 0x1f03769f),
+     TOBN(0x3ac7a5fd, 0x84539828), TOBN(0x14dada94, 0x3bccdd02),
+     TOBN(0x8b84c321, 0x7ef6b0d1), TOBN(0x52a9477a, 0x7c933f22),
+     TOBN(0x5ef6728a, 0xfd440b82), TOBN(0x5c3bd859, 0x6ce4bd5e),
+     TOBN(0x918b80f5, 0xf22c2d3e), TOBN(0x368d5040, 0xb7bb6cc5),
+     TOBN(0xb66142a1, 0x2695a11c), TOBN(0x60ac583a, 0xeb19ea70),
+     TOBN(0x317cbb98, 0x0eab2437), TOBN(0x8cc08c55, 0x5e2654c8),
+     TOBN(0xfe2d6520, 0xe6d8307f), TOBN(0xe9f147f3, 0x57428993),
+     TOBN(0x5f9c7d14, 0xd2fd6cf1), TOBN(0xa3ecd064, 0x2d4fcbb0),
+     TOBN(0xad83fef0, 0x8e7341f7), TOBN(0x643f23a0, 0x3a63115c),
+     TOBN(0xd38a78ab, 0xe65ab743), TOBN(0xbf7c75b1, 0x35edc89c),
+     TOBN(0x3dd8752e, 0x530df568), TOBN(0xf85c4a76, 0xe308c682),
+     TOBN(0x4c9955b2, 0xe68acf37), TOBN(0xa544df3d, 0xab32af85),
+     TOBN(0x4b8ec3f5, 0xa25cf493), TOBN(0x4d8f2764, 0x1a622feb),
+     TOBN(0x7bb4f7aa, 0xf0dcbc49), TOBN(0x7de551f9, 0x70bbb45b),
+     TOBN(0xcfd0f3e4, 0x9f2ca2e5), TOBN(0xece58709, 0x1f5c76ef),
+     TOBN(0x32920edd, 0x167d79ae), TOBN(0x039df8a2, 0xfa7d7ec1),
+     TOBN(0xf46206c0, 0xbb30af91), TOBN(0x1ff5e2f5, 0x22676b59),
+     TOBN(0x11f4a039, 0x6ea51d66), TOBN(0x506c1445, 0x807d7a26),
+     TOBN(0x60da5705, 0x755a9b24), TOBN(0x8fc8cc32, 0x1f1a319e),
+     TOBN(0x83642d4d, 0x9433d67d), TOBN(0x7fa5cb8f, 0x6a7dd296),
+     TOBN(0x576591db, 0x9b7bde07), TOBN(0x13173d25, 0x419716fb),
+     TOBN(0xea30599d, 0xd5b340ff), TOBN(0xfc6b5297, 0xb0fe76c5),
+     TOBN(0x1c6968c8, 0xab8f5adc), TOBN(0xf723c7f5, 0x901c928d),
+     TOBN(0x4203c321, 0x9773d402), TOBN(0xdf7c6aa3, 0x1b51dd47),
+     TOBN(0x3d49e37a, 0x552be23c), TOBN(0x57febee8, 0x0b5a6e87),
+     TOBN(0xc5ecbee4, 0x7bd8e739), TOBN(0x79d44994, 0xae63bf75),
+     TOBN(0x168bd00f, 0x38fb8923), TOBN(0x75d48ee4, 0xd0533130),
+     TOBN(0x554f77aa, 0xdb5cdf33), TOBN(0x3396e896, 0x3c696769),
+     TOBN(0x2fdddbf2, 0xd3fd674e), TOBN(0xbbb8f6ee, 0x99d0e3e5),
+     TOBN(0x51b90651, 0xcbae2f70), TOBN(0xefc4bc05, 0x93aaa8eb),
+     TOBN(0x8ecd8689, 0xdd1df499), TOBN(0x1aee99a8, 0x22f367a5),
+     TOBN(0x95d485b9, 0xae8274c5), TOBN(0x6c14d445, 0x7d30b39c),
+     TOBN(0xbafea90b, 0xbcc1ef81), TOBN(0x7c5f317a, 0xa459a2ed),
+     TOBN(0x01211075, 0x4ef44227), TOBN(0xa17bed6e, 0xdc20f496),
+     TOBN(0x0cdfe424, 0x819853cd), TOBN(0x13793298, 0xf71e2ce7),
+     TOBN(0x3c1f3078, 0xdbbe307b), TOBN(0x6dd1c20e, 0x76ee9936),
+     TOBN(0x23ee4b57, 0x423caa20), TOBN(0x4ac3793b, 0x8efb840e),
+     TOBN(0x934438eb, 0xed1f8ca0), TOBN(0x3e546658, 0x4ebb25a2),
+     TOBN(0xc415af0e, 0xc069896f), TOBN(0xc13eddb0, 0x9a5aa43d),
+     TOBN(0x7a04204f, 0xd49eb8f6), TOBN(0xd0d5bdfc, 0xd74f1670),
+     TOBN(0x3697e286, 0x56fc0558), TOBN(0x10207371, 0x01cebade),
+     TOBN(0x5f87e690, 0x0647a82b), TOBN(0x908e0ed4, 0x8f40054f),
+     TOBN(0xa9f633d4, 0x79853803), TOBN(0x8ed13c9a, 0x4a28b252),
+     TOBN(0x3e2ef676, 0x1f460f64), TOBN(0x53930b9b, 0x36d06336),
+     TOBN(0x347073ac, 0x8fc4979b), TOBN(0x84380e0e, 0x5ecd5597),
+     TOBN(0xe3b22c6b, 0xc4fe3c39), TOBN(0xba4a8153, 0x6c7bebdf),
+     TOBN(0xf23ab6b7, 0x25693459), TOBN(0x53bc3770, 0x14922b11),
+     TOBN(0x4645c8ab, 0x5afc60db), TOBN(0xaa022355, 0x20b9f2a3),
+     TOBN(0x52a2954c, 0xce0fc507), TOBN(0x8c2731bb, 0x7ce1c2e7),
+     TOBN(0xf39608ab, 0x18a0339d), TOBN(0xac7a658d, 0x3735436c),
+     TOBN(0xb22c2b07, 0xcd992b4f), TOBN(0x4e83daec, 0xf40dcfd4),
+     TOBN(0x8a34c7be, 0x2f39ea3e), TOBN(0xef0c005f, 0xb0a56d2e),
+     TOBN(0x62731f6a, 0x6edd8038), TOBN(0x5721d740, 0x4e3cb075),
+     TOBN(0x1ea41511, 0xfbeeee1b), TOBN(0xd1ef5e73, 0xef1d0c05),
+     TOBN(0x42feefd1, 0x73c07d35), TOBN(0xe530a00a, 0x8a329493),
+     TOBN(0x5d55b7fe, 0xf15ebfb0), TOBN(0x549de03c, 0xd322491a),
+     TOBN(0xf7b5f602, 0x745b3237), TOBN(0x3632a3a2, 0x1ab6e2b6),
+     TOBN(0x0d3bba89, 0x0ef59f78), TOBN(0x0dfc6443, 0xc9e52b9a),
+     TOBN(0x1dc79699, 0x72631447), TOBN(0xef033917, 0xb3be20b1),
+     TOBN(0x0c92735d, 0xb1383948), TOBN(0xc1fc29a2, 0xc0dd7d7d),
+     TOBN(0x6485b697, 0x403ed068), TOBN(0x13bfaab3, 0xaac93bdc),
+     TOBN(0x410dc6a9, 0x0deeaf52), TOBN(0xb003fb02, 0x4c641c15),
+     TOBN(0x1384978c, 0x5bc504c4), TOBN(0x37640487, 0x864a6a77),
+     TOBN(0x05991bc6, 0x222a77da), TOBN(0x62260a57, 0x5e47eb11),
+     TOBN(0xc7af6613, 0xf21b432c), TOBN(0x22f3acc9, 0xab4953e9),
+     TOBN(0x52934922, 0x8e41d155), TOBN(0x4d024568, 0x3ac059ef),
+     TOBN(0xb0201755, 0x4d884411), TOBN(0xce8055cf, 0xa59a178f),
+     TOBN(0xcd77d1af, 0xf6204549), TOBN(0xa0a00a3e, 0xc7066759),
+     TOBN(0x471071ef, 0x0272c229), TOBN(0x009bcf6b, 0xd3c4b6b0),
+     TOBN(0x2a2638a8, 0x22305177), TOBN(0xd51d59df, 0x41645bbf),
+     TOBN(0xa81142fd, 0xc0a7a3c0), TOBN(0xa17eca6d, 0x4c7063ee),
+     TOBN(0x0bb887ed, 0x60d9dcec), TOBN(0xd6d28e51, 0x20ad2455),
+     TOBN(0xebed6308, 0xa67102ba), TOBN(0x042c3114, 0x8bffa408),
+     TOBN(0xfd099ac5, 0x8aa68e30), TOBN(0x7a6a3d7c, 0x1483513e),
+     TOBN(0xffcc6b75, 0xba2d8f0c), TOBN(0x54dacf96, 0x1e78b954),
+     TOBN(0xf645696f, 0xa4a9af89), TOBN(0x3a411940, 0x06ac98ec),
+     TOBN(0x41b8b3f6, 0x22a67a20), TOBN(0x2d0b1e0f, 0x99dec626),
+     TOBN(0x27c89192, 0x40be34e8), TOBN(0xc7162b37, 0x91907f35),
+     TOBN(0x90188ec1, 0xa956702b), TOBN(0xca132f7d, 0xdf93769c),
+     TOBN(0x3ece44f9, 0x0e2025b4), TOBN(0x67aaec69, 0x0c62f14c),
+     TOBN(0xad741418, 0x22e3cc11), TOBN(0xcf9b75c3, 0x7ff9a50e),
+     TOBN(0x02fa2b16, 0x4d348272), TOBN(0xbd99d61a, 0x9959d56d),
+     TOBN(0xbc4f19db, 0x18762916), TOBN(0xcc7cce50, 0x49c1ac80),
+     TOBN(0x4d59ebaa, 0xd846bd83), TOBN(0x8775a9dc, 0xa9202849),
+     TOBN(0x07ec4ae1, 0x6e1f4ca9), TOBN(0x27eb5875, 0xba893f11),
+     TOBN(0x00284d51, 0x662cc565), TOBN(0x82353a6b, 0x0db4138d),
+     TOBN(0xd9c7aaaa, 0xaa32a594), TOBN(0xf5528b5e, 0xa5669c47),
+     TOBN(0xf3220231, 0x2f23c5ff), TOBN(0xe3e8147a, 0x6affa3a1),
+     TOBN(0xfb423d5c, 0x202ddda0), TOBN(0x3d6414ac, 0x6b871bd4),
+     TOBN(0x586f82e1, 0xa51a168a), TOBN(0xb712c671, 0x48ae5448),
+     TOBN(0x9a2e4bd1, 0x76233eb8), TOBN(0x0188223a, 0x78811ca9),
+     TOBN(0x553c5e21, 0xf7c18de1), TOBN(0x7682e451, 0xb27bb286),
+     TOBN(0x3ed036b3, 0x0e51e929), TOBN(0xf487211b, 0xec9cb34f),
+     TOBN(0x0d094277, 0x0c24efc8), TOBN(0x0349fd04, 0xbef737a4),
+     TOBN(0x6d1c9dd2, 0x514cdd28), TOBN(0x29c135ff, 0x30da9521),
+     TOBN(0xea6e4508, 0xf78b0b6f), TOBN(0x176f5dd2, 0x678c143c),
+     TOBN(0x08148418, 0x4be21e65), TOBN(0x27f7525c, 0xe7df38c4),
+     TOBN(0x1fb70e09, 0x748ab1a4), TOBN(0x9cba50a0, 0x5efe4433),
+     TOBN(0x7846c7a6, 0x15f75af2), TOBN(0x2a7c2c57, 0x5ee73ea8),
+     TOBN(0x42e566a4, 0x3f0a449a), TOBN(0x45474c3b, 0xad90fc3d),
+     TOBN(0x7447be3d, 0x8b61d057), TOBN(0x3e9d1cf1, 0x3a4ec092),
+     TOBN(0x1603e453, 0xf380a6e6), TOBN(0x0b86e431, 0x9b1437c2),
+     TOBN(0x7a4173f2, 0xef29610a), TOBN(0x8fa729a7, 0xf03d57f7),
+     TOBN(0x3e186f6e, 0x6c9c217e), TOBN(0xbe1d3079, 0x91919524),
+     TOBN(0x92a62a70, 0x153d4fb1), TOBN(0x32ed3e34, 0xd68c2f71),
+     TOBN(0xd785027f, 0x9eb1a8b7), TOBN(0xbc37eb77, 0xc5b22fe8),
+     TOBN(0x466b34f0, 0xb9d6a191), TOBN(0x008a89af, 0x9a05f816),
+     TOBN(0x19b028fb, 0x7d42c10a), TOBN(0x7fe8c92f, 0x49b3f6b8),
+     TOBN(0x58907cc0, 0xa5a0ade3), TOBN(0xb3154f51, 0x559d1a7c),
+     TOBN(0x5066efb6, 0xd9790ed6), TOBN(0xa77a0cbc, 0xa6aa793b),
+     TOBN(0x1a915f3c, 0x223e042e), TOBN(0x1c5def04, 0x69c5874b),
+     TOBN(0x0e830078, 0x73b6c1da), TOBN(0x55cf85d2, 0xfcd8557a),
+     TOBN(0x0f7c7c76, 0x0460f3b1), TOBN(0x87052acb, 0x46e58063),
+     TOBN(0x09212b80, 0x907eae66), TOBN(0x3cb068e0, 0x4d721c89),
+     TOBN(0xa87941ae, 0xdd45ac1c), TOBN(0xde8d5c0d, 0x0daa0dbb),
+     TOBN(0xda421fdc, 0xe3502e6e), TOBN(0xc8944201, 0x4d89a084),
+     TOBN(0x7307ba5e, 0xf0c24bfb), TOBN(0xda212beb, 0x20bde0ef),
+     TOBN(0xea2da24b, 0xf82ce682), TOBN(0x058d3816, 0x07f71fe4),
+     TOBN(0x35a02462, 0x5ffad8de), TOBN(0xcd7b05dc, 0xaadcefab),
+     TOBN(0xd442f8ed, 0x1d9f54ec), TOBN(0x8be3d618, 0xb2d3b5ca),
+     TOBN(0xe2220ed0, 0xe06b2ce2), TOBN(0x82699a5f, 0x1b0da4c0),
+     TOBN(0x3ff106f5, 0x71c0c3a7), TOBN(0x8f580f5a, 0x0d34180c),
+     TOBN(0x4ebb120e, 0x22d7d375), TOBN(0x5e5782cc, 0xe9513675),
+     TOBN(0x2275580c, 0x99c82a70), TOBN(0xe8359fbf, 0x15ea8c4c),
+     TOBN(0x53b48db8, 0x7b415e70), TOBN(0xaacf2240, 0x100c6014),
+     TOBN(0x9faaccf5, 0xe4652f1d), TOBN(0xbd6fdd2a, 0xd56157b2),
+     TOBN(0xa4f4fb1f, 0x6261ec50), TOBN(0x244e55ad, 0x476bcd52),
+     TOBN(0x881c9305, 0x047d320b), TOBN(0x1ca983d5, 0x6181263f),
+     TOBN(0x354e9a44, 0x278fb8ee), TOBN(0xad2dbc0f, 0x396e4964),
+     TOBN(0x723f3aa2, 0x9268b3de), TOBN(0x0d1ca29a, 0xe6e0609a),
+     TOBN(0x794866aa, 0x6cf44252), TOBN(0x0b59f3e3, 0x01af87ed),
+     TOBN(0xe234e5ff, 0x7f4a6c51), TOBN(0xa8768fd2, 0x61dc2f7e),
+     TOBN(0xdafc7332, 0x0a94d81f), TOBN(0xd7f84282, 0x06938ce1),
+     TOBN(0xae0b3c0e, 0x0546063e), TOBN(0x7fbadcb2, 0x5d61abc6),
+     TOBN(0xd5d7a2c9, 0x369ac400), TOBN(0xa5978d09, 0xae67d10c),
+     TOBN(0x290f211e, 0x4f85eaac), TOBN(0xe61e2ad1, 0xfacac681),
+     TOBN(0xae125225, 0x388384cd), TOBN(0xa7fb68e9, 0xccfde30f),
+     TOBN(0x7a59b936, 0x3daed4c2), TOBN(0x80a9aa40, 0x2606f789),
+     TOBN(0xb40c1ea5, 0xf6a6d90a), TOBN(0x948364d3, 0x514d5885),
+     TOBN(0x062ebc60, 0x70985182), TOBN(0xa6db5b0e, 0x33310895),
+     TOBN(0x64a12175, 0xe329c2f5), TOBN(0xc5f25bd2, 0x90ea237e),
+     TOBN(0x7915c524, 0x2d0a4c23), TOBN(0xeb5d26e4, 0x6bb3cc52),
+     TOBN(0x369a9116, 0xc09e2c92), TOBN(0x0c527f92, 0xcf182cf8),
+     TOBN(0x9e591938, 0x2aede0ac), TOBN(0xb2922208, 0x6cc34939),
+     TOBN(0x3c9d8962, 0x99a34361), TOBN(0x3c81836d, 0xc1905fe6),
+     TOBN(0x4bfeb57f, 0xa001ec5a), TOBN(0xe993f5bb, 0xa0dc5dba),
+     TOBN(0x47884109, 0x724a1380), TOBN(0x8a0369ab, 0x32fe9a04),
+     TOBN(0xea068d60, 0x8c927db8), TOBN(0xbf5f37cf, 0x94655741),
+     TOBN(0x47d402a2, 0x04b6c7ea), TOBN(0x4551c295, 0x6af259cb),
+     TOBN(0x698b71e7, 0xed77ee8b), TOBN(0xbddf7bd0, 0xf309d5c7),
+     TOBN(0x6201c22c, 0x34e780ca), TOBN(0xab04f7d8, 0x4c295ef4),
+     TOBN(0x1c947294, 0x4313a8ce), TOBN(0xe532e4ac, 0x92ca4cfe),
+     TOBN(0x89738f80, 0xd0a7a97a), TOBN(0xec088c88, 0xa580fd5b),
+     TOBN(0x612b1ecc, 0x42ce9e51), TOBN(0x8f9840fd, 0xb25fdd2a),
+     TOBN(0x3cda78c0, 0x01e7f839), TOBN(0x546b3d3a, 0xece05480),
+     TOBN(0x271719a9, 0x80d30916), TOBN(0x45497107, 0x584c20c4),
+     TOBN(0xaf8f9478, 0x5bc78608), TOBN(0x28c7d484, 0x277e2a4c),
+     TOBN(0xfce01767, 0x88a2ffe4), TOBN(0xdc506a35, 0x28e169a5),
+     TOBN(0x0ea10861, 0x7af9c93a), TOBN(0x1ed24361, 0x03fa0e08),
+     TOBN(0x96eaaa92, 0xa3d694e7), TOBN(0xc0f43b4d, 0xef50bc74),
+     TOBN(0xce6aa58c, 0x64114db4), TOBN(0x8218e8ea, 0x7c000fd4),
+     TOBN(0xac815dfb, 0x185f8844), TOBN(0xcd7e90cb, 0x1557abfb),
+     TOBN(0x23d16655, 0xafbfecdf), TOBN(0x80f3271f, 0x085cac4a),
+     TOBN(0x7fc39aa7, 0xd0e62f47), TOBN(0x88d519d1, 0x460a48e5),
+     TOBN(0x59559ac4, 0xd28f101e), TOBN(0x7981d9e9, 0xca9ae816),
+     TOBN(0x5c38652c, 0x9ac38203), TOBN(0x86eaf87f, 0x57657fe5),
+     TOBN(0x568fc472, 0xe21f5416), TOBN(0x2afff39c, 0xe7e597b5),
+     TOBN(0x3adbbb07, 0x256d4eab), TOBN(0x22598692, 0x8285ab89),
+     TOBN(0x35f8112a, 0x041caefe), TOBN(0x95df02e3, 0xa5064c8b),
+     TOBN(0x4d63356e, 0xc7004bf3), TOBN(0x230a08f4, 0xdb83c7de),
+     TOBN(0xca27b270, 0x8709a7b7), TOBN(0x0d1c4cc4, 0xcb9abd2d),
+     TOBN(0x8a0bc66e, 0x7550fee8), TOBN(0x369cd4c7, 0x9cf7247e),
+     TOBN(0x75562e84, 0x92b5b7e7), TOBN(0x8fed0da0, 0x5802af7b),
+     TOBN(0x6a7091c2, 0xe48fb889), TOBN(0x26882c13, 0x7b8a9d06),
+     TOBN(0xa2498663, 0x1b82a0e2), TOBN(0x844ed736, 0x3518152d),
+     TOBN(0x282f476f, 0xd86e27c7), TOBN(0xa04edaca, 0x04afefdc),
+     TOBN(0x8b256ebc, 0x6119e34d), TOBN(0x56a413e9, 0x0787d78b),}
+    ,
+    {TOBN(0x82ee061d, 0x5a74be50), TOBN(0xe41781c4, 0xdea16ff5),
+     TOBN(0xe0b0c81e, 0x99bfc8a2), TOBN(0x624f4d69, 0x0b547e2d),
+     TOBN(0x3a83545d, 0xbdcc9ae4), TOBN(0x2573dbb6, 0x409b1e8e),
+     TOBN(0x482960c4, 0xa6c93539), TOBN(0xf01059ad, 0x5ae18798),
+     TOBN(0x715c9f97, 0x3112795f), TOBN(0xe8244437, 0x984e6ee1),
+     TOBN(0x55cb4858, 0xecb66bcd), TOBN(0x7c136735, 0xabaffbee),
+     TOBN(0x54661595, 0x5dbec38e), TOBN(0x51c0782c, 0x388ad153),
+     TOBN(0x9ba4c53a, 0xc6e0952f), TOBN(0x27e6782a, 0x1b21dfa8),
+     TOBN(0x682f903d, 0x4ed2dbc2), TOBN(0x0eba59c8, 0x7c3b2d83),
+     TOBN(0x8e9dc84d, 0x9c7e9335), TOBN(0x5f9b21b0, 0x0eb226d7),
+     TOBN(0xe33bd394, 0xaf267bae), TOBN(0xaa86cc25, 0xbe2e15ae),
+     TOBN(0x4f0bf67d, 0x6a8ec500), TOBN(0x5846aa44, 0xf9630658),
+     TOBN(0xfeb09740, 0xe2c2bf15), TOBN(0x627a2205, 0xa9e99704),
+     TOBN(0xec8d73d0, 0xc2fbc565), TOBN(0x223eed8f, 0xc20c8de8),
+     TOBN(0x1ee32583, 0xa8363b49), TOBN(0x1a0b6cb9, 0xc9c2b0a6),
+     TOBN(0x49f7c3d2, 0x90dbc85c), TOBN(0xa8dfbb97, 0x1ef4c1ac),
+     TOBN(0xafb34d4c, 0x65c7c2ab), TOBN(0x1d4610e7, 0xe2c5ea84),
+     TOBN(0x893f6d1b, 0x973c4ab5), TOBN(0xa3cdd7e9, 0x945ba5c4),
+     TOBN(0x60514983, 0x064417ee), TOBN(0x1459b23c, 0xad6bdf2b),
+     TOBN(0x23b2c341, 0x5cf726c3), TOBN(0x3a829635, 0x32d6354a),
+     TOBN(0x294f901f, 0xab192c18), TOBN(0xec5fcbfe, 0x7030164f),
+     TOBN(0xe2e2fcb7, 0xe2246ba6), TOBN(0x1e7c88b3, 0x221a1a0c),
+     TOBN(0x72c7dd93, 0xc92d88c5), TOBN(0x41c2148e, 0x1106fb59),
+     TOBN(0x547dd4f5, 0xa0f60f14), TOBN(0xed9b52b2, 0x63960f31),
+     TOBN(0x6c8349eb, 0xb0a5b358), TOBN(0xb154c5c2, 0x9e7e2ed6),
+     TOBN(0xcad5eccf, 0xeda462db), TOBN(0xf2d6dbe4, 0x2de66b69),
+     TOBN(0x426aedf3, 0x8665e5b2), TOBN(0x488a8513, 0x7b7f5723),
+     TOBN(0x15cc43b3, 0x8bcbb386), TOBN(0x27ad0af3, 0xd791d879),
+     TOBN(0xc16c236e, 0x846e364f), TOBN(0x7f33527c, 0xdea50ca0),
+     TOBN(0xc4810775, 0x0926b86d), TOBN(0x6c2a3609, 0x0598e70c),
+     TOBN(0xa6755e52, 0xf024e924), TOBN(0xe0fa07a4, 0x9db4afca),
+     TOBN(0x15c3ce7d, 0x66831790), TOBN(0x5b4ef350, 0xa6cbb0d6),
+     TOBN(0x2c4aafc4, 0xb6205969), TOBN(0x42563f02, 0xf6c7854f),
+     TOBN(0x016aced5, 0x1d983b48), TOBN(0xfeb356d8, 0x99949755),
+     TOBN(0x8c2a2c81, 0xd1a39bd7), TOBN(0x8f44340f, 0xe6934ae9),
+     TOBN(0x148cf91c, 0x447904da), TOBN(0x7340185f, 0x0f51a926),
+     TOBN(0x2f8f00fb, 0x7409ab46), TOBN(0x057e78e6, 0x80e289b2),
+     TOBN(0x03e5022c, 0xa888e5d1), TOBN(0x3c87111a, 0x9dede4e2),
+     TOBN(0x5b9b0e1c, 0x7809460b), TOBN(0xe751c852, 0x71c9abc7),
+     TOBN(0x8b944e28, 0xc7cc1dc9), TOBN(0x4f201ffa, 0x1d3cfa08),
+     TOBN(0x02fc905c, 0x3e6721ce), TOBN(0xd52d70da, 0xd0b3674c),
+     TOBN(0x5dc2e5ca, 0x18810da4), TOBN(0xa984b273, 0x5c69dd99),
+     TOBN(0x63b92527, 0x84de5ca4), TOBN(0x2f1c9872, 0xc852dec4),
+     TOBN(0x18b03593, 0xc2e3de09), TOBN(0x19d70b01, 0x9813dc2f),
+     TOBN(0x42806b2d, 0xa6dc1d29), TOBN(0xd3030009, 0xf871e144),
+     TOBN(0xa1feb333, 0xaaf49276), TOBN(0xb5583b9e, 0xc70bc04b),
+     TOBN(0x1db0be78, 0x95695f20), TOBN(0xfc841811, 0x89d012b5),
+     TOBN(0x6409f272, 0x05f61643), TOBN(0x40d34174, 0xd5883128),
+     TOBN(0xd79196f5, 0x67419833), TOBN(0x6059e252, 0x863b7b08),
+     TOBN(0x84da1817, 0x1c56700c), TOBN(0x5758ee56, 0xb28d3ec4),
+     TOBN(0x7da2771d, 0x013b0ea6), TOBN(0xfddf524b, 0x54c5e9b9),
+     TOBN(0x7df4faf8, 0x24305d80), TOBN(0x58f5c1bf, 0x3a97763f),
+     TOBN(0xa5af37f1, 0x7c696042), TOBN(0xd4cba22c, 0x4a2538de),
+     TOBN(0x211cb995, 0x9ea42600), TOBN(0xcd105f41, 0x7b069889),
+     TOBN(0xb1e1cf19, 0xddb81e74), TOBN(0x472f2d89, 0x5157b8ca),
+     TOBN(0x086fb008, 0xee9db885), TOBN(0x365cd570, 0x0f26d131),
+     TOBN(0x284b02bb, 0xa2be7053), TOBN(0xdcbbf7c6, 0x7ab9a6d6),
+     TOBN(0x4425559c, 0x20f7a530), TOBN(0x961f2dfa, 0x188767c8),
+     TOBN(0xe2fd9435, 0x70dc80c4), TOBN(0x104d6b63, 0xf0784120),
+     TOBN(0x7f592bc1, 0x53567122), TOBN(0xf6bc1246, 0xf688ad77),
+     TOBN(0x05214c05, 0x0f15dde9), TOBN(0xa47a76a8, 0x0d5f2b82),
+     TOBN(0xbb254d30, 0x62e82b62), TOBN(0x11a05fe0, 0x3ec955ee),
+     TOBN(0x7eaff46e, 0x9d529b36), TOBN(0x55ab1301, 0x8f9e3df6),
+     TOBN(0xc463e371, 0x99317698), TOBN(0xfd251438, 0xccda47ad),
+     TOBN(0xca9c3547, 0x23d695ea), TOBN(0x48ce626e, 0x16e589b5),
+     TOBN(0x6b5b64c7, 0xb187d086), TOBN(0xd02e1794, 0xb2207948),
+     TOBN(0x8b58e98f, 0x7198111d), TOBN(0x90ca6305, 0xdcf9c3cc),
+     TOBN(0x5691fe72, 0xf34089b0), TOBN(0x60941af1, 0xfc7c80ff),
+     TOBN(0xa09bc0a2, 0x22eb51e5), TOBN(0xc0bb7244, 0xaa9cf09a),
+     TOBN(0x36a8077f, 0x80159f06), TOBN(0x8b5c989e, 0xdddc560e),
+     TOBN(0x19d2f316, 0x512e1f43), TOBN(0x02eac554, 0xad08ff62),
+     TOBN(0x012ab84c, 0x07d20b4e), TOBN(0x37d1e115, 0xd6d4e4e1),
+     TOBN(0xb6443e1a, 0xab7b19a8), TOBN(0xf08d067e, 0xdef8cd45),
+     TOBN(0x63adf3e9, 0x685e03da), TOBN(0xcf15a10e, 0x4792b916),
+     TOBN(0xf44bcce5, 0xb738a425), TOBN(0xebe131d5, 0x9636b2fd),
+     TOBN(0x94068841, 0x7850d605), TOBN(0x09684eaa, 0xb40d749d),
+     TOBN(0x8c3c669c, 0x72ba075b), TOBN(0x89f78b55, 0xba469015),
+     TOBN(0x5706aade, 0x3e9f8ba8), TOBN(0x6d8bd565, 0xb32d7ed7),
+     TOBN(0x25f4e63b, 0x805f08d6), TOBN(0x7f48200d, 0xc3bcc1b5),
+     TOBN(0x4e801968, 0xb025d847), TOBN(0x74afac04, 0x87cbe0a8),
+     TOBN(0x43ed2c2b, 0x7e63d690), TOBN(0xefb6bbf0, 0x0223cdb8),
+     TOBN(0x4fec3cae, 0x2884d3fe), TOBN(0x065ecce6, 0xd75e25a4),
+     TOBN(0x6c2294ce, 0x69f79071), TOBN(0x0d9a8e5f, 0x044b8666),
+     TOBN(0x5009f238, 0x17b69d8f), TOBN(0x3c29f8fe, 0xc5dfdaf7),
+     TOBN(0x9067528f, 0xebae68c4), TOBN(0x5b385632, 0x30c5ba21),
+     TOBN(0x540df119, 0x1fdd1aec), TOBN(0xcf37825b, 0xcfba4c78),
+     TOBN(0x77eff980, 0xbeb11454), TOBN(0x40a1a991, 0x60c1b066),
+     TOBN(0xe8018980, 0xf889a1c7), TOBN(0xb9c52ae9, 0x76c24be0),
+     TOBN(0x05fbbcce, 0x45650ef4), TOBN(0xae000f10, 0x8aa29ac7),
+     TOBN(0x884b7172, 0x4f04c470), TOBN(0x7cd4fde2, 0x19bb5c25),
+     TOBN(0x6477b22a, 0xe8840869), TOBN(0xa8868859, 0x5fbd0686),
+     TOBN(0xf23cc02e, 0x1116dfba), TOBN(0x76cd563f, 0xd87d7776),
+     TOBN(0xe2a37598, 0xa9d82abf), TOBN(0x5f188ccb, 0xe6c170f5),
+     TOBN(0x81682200, 0x5066b087), TOBN(0xda22c212, 0xc7155ada),
+     TOBN(0x151e5d3a, 0xfbddb479), TOBN(0x4b606b84, 0x6d715b99),
+     TOBN(0x4a73b54b, 0xf997cb2e), TOBN(0x9a1bfe43, 0x3ecd8b66),
+     TOBN(0x1c312809, 0x2a67d48a), TOBN(0xcd6a671e, 0x031fa9e2),
+     TOBN(0xbec3312a, 0x0e43a34a), TOBN(0x1d935639, 0x55ef47d3),
+     TOBN(0x5ea02489, 0x8fea73ea), TOBN(0x8247b364, 0xa035afb2),
+     TOBN(0xb58300a6, 0x5265b54c), TOBN(0x3286662f, 0x722c7148),
+     TOBN(0xb77fd76b, 0xb4ec4c20), TOBN(0xf0a12fa7, 0x0f3fe3fd),
+     TOBN(0xf845bbf5, 0x41d8c7e8), TOBN(0xe4d969ca, 0x5ec10aa8),
+     TOBN(0x4c0053b7, 0x43e232a3), TOBN(0xdc7a3fac, 0x37f8a45a),
+     TOBN(0x3c4261c5, 0x20d81c8f), TOBN(0xfd4b3453, 0xb00eab00),
+     TOBN(0x76d48f86, 0xd36e3062), TOBN(0x626c5277, 0xa143ff02),
+     TOBN(0x538174de, 0xaf76f42e), TOBN(0x2267aa86, 0x6407ceac),
+     TOBN(0xfad76351, 0x72e572d5), TOBN(0xab861af7, 0xba7330eb),
+     TOBN(0xa0a1c8c7, 0x418d8657), TOBN(0x988821cb, 0x20289a52),
+     TOBN(0x79732522, 0xcccc18ad), TOBN(0xaadf3f8d, 0xf1a6e027),
+     TOBN(0xf7382c93, 0x17c2354d), TOBN(0x5ce1680c, 0xd818b689),
+     TOBN(0x359ebbfc, 0xd9ecbee9), TOBN(0x4330689c, 0x1cae62ac),
+     TOBN(0xb55ce5b4, 0xc51ac38a), TOBN(0x7921dfea, 0xfe238ee8),
+     TOBN(0x3972bef8, 0x271d1ca5), TOBN(0x3e423bc7, 0xe8aabd18),
+     TOBN(0x57b09f3f, 0x44a3e5e3), TOBN(0x5da886ae, 0x7b444d66),
+     TOBN(0x68206634, 0xa9964375), TOBN(0x356a2fa3, 0x699cd0ff),
+     TOBN(0xaf0faa24, 0xdba515e9), TOBN(0x536e1f5c, 0xb321d79a),
+     TOBN(0xd3b9913a, 0x5c04e4ea), TOBN(0xd549dcfe, 0xd6f11513),
+     TOBN(0xee227bf5, 0x79fd1d94), TOBN(0x9f35afee, 0xb43f2c67),
+     TOBN(0xd2638d24, 0xf1314f53), TOBN(0x62baf948, 0xcabcd822),
+     TOBN(0x5542de29, 0x4ef48db0), TOBN(0xb3eb6a04, 0xfc5f6bb2),
+     TOBN(0x23c110ae, 0x1208e16a), TOBN(0x1a4d15b5, 0xf8363e24),
+     TOBN(0x30716844, 0x164be00b), TOBN(0xa8e24824, 0xf6f4690d),
+     TOBN(0x548773a2, 0x90b170cf), TOBN(0xa1bef331, 0x42f191f4),
+     TOBN(0x70f418d0, 0x9247aa97), TOBN(0xea06028e, 0x48be9147),
+     TOBN(0xe13122f3, 0xdbfb894e), TOBN(0xbe9b79f6, 0xce274b18),
+     TOBN(0x85a49de5, 0xca58aadf), TOBN(0x24957758, 0x11487351),
+     TOBN(0x111def61, 0xbb939099), TOBN(0x1d6a974a, 0x26d13694),
+     TOBN(0x4474b4ce, 0xd3fc253b), TOBN(0x3a1485e6, 0x4c5db15e),
+     TOBN(0xe79667b4, 0x147c15b4), TOBN(0xe34f553b, 0x7bc61301),
+     TOBN(0x032b80f8, 0x17094381), TOBN(0x55d8bafd, 0x723eaa21),
+     TOBN(0x5a987995, 0xf1c0e74e), TOBN(0x5a9b292e, 0xebba289c),
+     TOBN(0x413cd4b2, 0xeb4c8251), TOBN(0x98b5d243, 0xd162db0a),
+     TOBN(0xbb47bf66, 0x68342520), TOBN(0x08d68949, 0xbaa862d1),
+     TOBN(0x11f349c7, 0xe906abcd), TOBN(0x454ce985, 0xed7bf00e),
+     TOBN(0xacab5c9e, 0xb55b803b), TOBN(0xb03468ea, 0x31e3c16d),
+     TOBN(0x5c24213d, 0xd273bf12), TOBN(0x211538eb, 0x71587887),
+     TOBN(0x198e4a2f, 0x731dea2d), TOBN(0xd5856cf2, 0x74ed7b2a),
+     TOBN(0x86a632eb, 0x13a664fe), TOBN(0x932cd909, 0xbda41291),
+     TOBN(0x850e95d4, 0xc0c4ddc0), TOBN(0xc0f422f8, 0x347fc2c9),
+     TOBN(0xe68cbec4, 0x86076bcb), TOBN(0xf9e7c0c0, 0xcd6cd286),
+     TOBN(0x65994ddb, 0x0f5f27ca), TOBN(0xe85461fb, 0xa80d59ff),
+     TOBN(0xff05481a, 0x66601023), TOBN(0xc665427a, 0xfc9ebbfb),
+     TOBN(0xb0571a69, 0x7587fd52), TOBN(0x935289f8, 0x8d49efce),
+     TOBN(0x61becc60, 0xea420688), TOBN(0xb22639d9, 0x13a786af),
+     TOBN(0x1a8e6220, 0x361ecf90), TOBN(0x001f23e0, 0x25506463),
+     TOBN(0xe4ae9b5d, 0x0a5c2b79), TOBN(0xebc9cdad, 0xd8149db5),
+     TOBN(0xb33164a1, 0x934aa728), TOBN(0x750eb00e, 0xae9b60f3),
+     TOBN(0x5a91615b, 0x9b9cfbfd), TOBN(0x97015cbf, 0xef45f7f6),
+     TOBN(0xb462c4a5, 0xbf5151df), TOBN(0x21adcc41, 0xb07118f2),
+     TOBN(0xd60c545b, 0x043fa42c), TOBN(0xfc21aa54, 0xe96be1ab),
+     TOBN(0xe84bc32f, 0x4e51ea80), TOBN(0x3dae45f0, 0x259b5d8d),
+     TOBN(0xbb73c7eb, 0xc38f1b5e), TOBN(0xe405a74a, 0xe8ae617d),
+     TOBN(0xbb1ae9c6, 0x9f1c56bd), TOBN(0x8c176b98, 0x49f196a4),
+     TOBN(0xc448f311, 0x6875092b), TOBN(0xb5afe3de, 0x9f976033),
+     TOBN(0xa8dafd49, 0x145813e5), TOBN(0x687fc4d9, 0xe2b34226),
+     TOBN(0xf2dfc92d, 0x4c7ff57f), TOBN(0x004e3fc1, 0x401f1b46),
+     TOBN(0x5afddab6, 0x1430c9ab), TOBN(0x0bdd41d3, 0x2238e997),
+     TOBN(0xf0947430, 0x418042ae), TOBN(0x71f9adda, 0xcdddc4cb),
+     TOBN(0x7090c016, 0xc52dd907), TOBN(0xd9bdf44d, 0x29e2047f),
+     TOBN(0xe6f1fe80, 0x1b1011a6), TOBN(0xb63accbc, 0xd9acdc78),
+     TOBN(0xcfc7e235, 0x1272a95b), TOBN(0x0c667717, 0xa6276ac8),
+     TOBN(0x3c0d3709, 0xe2d7eef7), TOBN(0x5add2b06, 0x9a685b3e),
+     TOBN(0x363ad32d, 0x14ea5d65), TOBN(0xf8e01f06, 0x8d7dd506),
+     TOBN(0xc9ea2213, 0x75b4aac6), TOBN(0xed2a2bf9, 0x0d353466),
+     TOBN(0x439d79b5, 0xe9d3a7c3), TOBN(0x8e0ee5a6, 0x81b7f34b),
+     TOBN(0xcf3dacf5, 0x1dc4ba75), TOBN(0x1d3d1773, 0xeb3310c7),
+     TOBN(0xa8e67112, 0x7747ae83), TOBN(0x31f43160, 0x197d6b40),
+     TOBN(0x0521ccee, 0xcd961400), TOBN(0x67246f11, 0xf6535768),
+     TOBN(0x702fcc5a, 0xef0c3133), TOBN(0x247cc45d, 0x7e16693b),
+     TOBN(0xfd484e49, 0xc729b749), TOBN(0x522cef7d, 0xb218320f),
+     TOBN(0xe56ef405, 0x59ab93b3), TOBN(0x225fba11, 0x9f181071),
+     TOBN(0x33bd6595, 0x15330ed0), TOBN(0xc4be69d5, 0x1ddb32f7),
+     TOBN(0x264c7668, 0x0448087c), TOBN(0xac30903f, 0x71432dae),
+     TOBN(0x3851b266, 0x00f9bf47), TOBN(0x400ed311, 0x6cdd6d03),
+     TOBN(0x045e79fe, 0xf8fd2424), TOBN(0xfdfd974a, 0xfa6da98b),
+     TOBN(0x45c9f641, 0x0c1e673a), TOBN(0x76f2e733, 0x5b2c5168),
+     TOBN(0x1adaebb5, 0x2a601753), TOBN(0xb286514c, 0xc57c2d49),
+     TOBN(0xd8769670, 0x1e0bfd24), TOBN(0x950c547e, 0x04478922),
+     TOBN(0xd1d41969, 0xe5d32bfe), TOBN(0x30bc1472, 0x750d6c3e),
+     TOBN(0x8f3679fe, 0xe0e27f3a), TOBN(0x8f64a7dc, 0xa4a6ee0c),
+     TOBN(0x2fe59937, 0x633dfb1f), TOBN(0xea82c395, 0x977f2547),
+     TOBN(0xcbdfdf1a, 0x661ea646), TOBN(0xc7ccc591, 0xb9085451),
+     TOBN(0x82177962, 0x81761e13), TOBN(0xda57596f, 0x9196885c),
+     TOBN(0xbc17e849, 0x28ffbd70), TOBN(0x1e6e0a41, 0x2671d36f),
+     TOBN(0x61ae872c, 0x4152fcf5), TOBN(0x441c87b0, 0x9e77e754),
+     TOBN(0xd0799dd5, 0xa34dff09), TOBN(0x766b4e44, 0x88a6b171),
+     TOBN(0xdc06a512, 0x11f1c792), TOBN(0xea02ae93, 0x4be35c3e),
+     TOBN(0xe5ca4d6d, 0xe90c469e), TOBN(0x4df4368e, 0x56e4ff5c),
+     TOBN(0x7817acab, 0x4baef62e), TOBN(0x9f5a2202, 0xa85b91e8),
+     TOBN(0x9666ebe6, 0x6ce57610), TOBN(0x32ad31f3, 0xf73bfe03),
+     TOBN(0x628330a4, 0x25bcf4d6), TOBN(0xea950593, 0x515056e6),
+     TOBN(0x59811c89, 0xe1332156), TOBN(0xc89cf1fe, 0x8c11b2d7),
+     TOBN(0x75b63913, 0x04e60cc0), TOBN(0xce811e8d, 0x4625d375),
+     TOBN(0x030e43fc, 0x2d26e562), TOBN(0xfbb30b4b, 0x608d36a0),
+     TOBN(0x634ff82c, 0x48528118), TOBN(0x7c6fe085, 0xcd285911),
+     TOBN(0x7f2830c0, 0x99358f28), TOBN(0x2e60a95e, 0x665e6c09),
+     TOBN(0x08407d3d, 0x9b785dbf), TOBN(0x530889ab, 0xa759bce7),
+     TOBN(0xf228e0e6, 0x52f61239), TOBN(0x2b6d1461, 0x6879be3c),
+     TOBN(0xe6902c04, 0x51a7bbf7), TOBN(0x30ad99f0, 0x76f24a64),
+     TOBN(0x66d9317a, 0x98bc6da0), TOBN(0xf4f877f3, 0xcb596ac0),
+     TOBN(0xb05ff62d, 0x4c44f119), TOBN(0x4555f536, 0xe9b77416),
+     TOBN(0xc7c0d059, 0x8caed63b), TOBN(0x0cd2b7ce, 0xc358b2a9),
+     TOBN(0x3f33287b, 0x46945fa3), TOBN(0xf8785b20, 0xd67c8791),
+     TOBN(0xc54a7a61, 0x9637bd08), TOBN(0x54d4598c, 0x18be79d7),
+     TOBN(0x889e5acb, 0xc46d7ce1), TOBN(0x9a515bb7, 0x8b085877),
+     TOBN(0xfac1a03d, 0x0b7a5050), TOBN(0x7d3e738a, 0xf2926035),
+     TOBN(0x861cc2ce, 0x2a6cb0eb), TOBN(0x6f2e2955, 0x8f7adc79),
+     TOBN(0x61c4d451, 0x33016376), TOBN(0xd9fd2c80, 0x5ad59090),
+     TOBN(0xe5a83738, 0xb2b836a1), TOBN(0x855b41a0, 0x7c0d6622),
+     TOBN(0x186fe317, 0x7cc19af1), TOBN(0x6465c1ff, 0xfdd99acb),
+     TOBN(0x46e5c23f, 0x6974b99e), TOBN(0x75a7cf8b, 0xa2717cbe),
+     TOBN(0x4d2ebc3f, 0x062be658), TOBN(0x094b4447, 0x5f209c98),
+     TOBN(0x4af285ed, 0xb940cb5a), TOBN(0x6706d792, 0x7cc82f10),
+     TOBN(0xc8c8776c, 0x030526fa), TOBN(0xfa8e6f76, 0xa0da9140),
+     TOBN(0x77ea9d34, 0x591ee4f0), TOBN(0x5f46e337, 0x40274166),
+     TOBN(0x1bdf98bb, 0xea671457), TOBN(0xd7c08b46, 0x862a1fe2),
+     TOBN(0x46cc303c, 0x1c08ad63), TOBN(0x99543440, 0x4c845e7b),
+     TOBN(0x1b8fbdb5, 0x48f36bf7), TOBN(0x5b82c392, 0x8c8273a7),
+     TOBN(0x08f712c4, 0x928435d5), TOBN(0x071cf0f1, 0x79330380),
+     TOBN(0xc74c2d24, 0xa8da054a), TOBN(0xcb0e7201, 0x43c46b5c),
+     TOBN(0x0ad7337a, 0xc0b7eff3), TOBN(0x8552225e, 0xc5e48b3c),
+     TOBN(0xe6f78b0c, 0x73f13a5f), TOBN(0x5e70062e, 0x82349cbe),
+     TOBN(0x6b8d5048, 0xe7073969), TOBN(0x392d2a29, 0xc33cb3d2),
+     TOBN(0xee4f727c, 0x4ecaa20f), TOBN(0xa068c99e, 0x2ccde707),
+     TOBN(0xfcd5651f, 0xb87a2913), TOBN(0xea3e3c15, 0x3cc252f0),
+     TOBN(0x777d92df, 0x3b6cd3e4), TOBN(0x7a414143, 0xc5a732e7),
+     TOBN(0xa895951a, 0xa71ff493), TOBN(0xfe980c92, 0xbbd37cf6),
+     TOBN(0x45bd5e64, 0xdecfeeff), TOBN(0x910dc2a9, 0xa44c43e9),
+     TOBN(0xcb403f26, 0xcca9f54d), TOBN(0x928bbdfb, 0x9303f6db),
+     TOBN(0x3c37951e, 0xa9eee67c), TOBN(0x3bd61a52, 0xf79961c3),
+     TOBN(0x09a238e6, 0x395c9a79), TOBN(0x6940ca2d, 0x61eb352d),
+     TOBN(0x7d1e5c5e, 0xc1875631), TOBN(0x1e19742c, 0x1e1b20d1),
+     TOBN(0x4633d908, 0x23fc2e6e), TOBN(0xa76e29a9, 0x08959149),
+     TOBN(0x61069d9c, 0x84ed7da5), TOBN(0x0baa11cf, 0x5dbcad51),
+     TOBN(0xd01eec64, 0x961849da), TOBN(0x93b75f1f, 0xaf3d8c28),
+     TOBN(0x57bc4f9f, 0x1ca2ee44), TOBN(0x5a26322d, 0x00e00558),
+     TOBN(0x1888d658, 0x61a023ef), TOBN(0x1d72aab4, 0xb9e5246e),
+     TOBN(0xa9a26348, 0xe5563ec0), TOBN(0xa0971963, 0xc3439a43),
+     TOBN(0x567dd54b, 0xadb9b5b7), TOBN(0x73fac1a1, 0xc45a524b),
+     TOBN(0x8fe97ef7, 0xfe38e608), TOBN(0x608748d2, 0x3f384f48),
+     TOBN(0xb0571794, 0xc486094f), TOBN(0x869254a3, 0x8bf3a8d6),
+     TOBN(0x148a8dd1, 0x310b0e25), TOBN(0x99ab9f3f, 0x9aa3f7d8),
+     TOBN(0x0927c68a, 0x6706c02e), TOBN(0x22b5e76c, 0x69790e6c),
+     TOBN(0x6c325260, 0x6c71376c), TOBN(0x53a57690, 0x09ef6657),
+     TOBN(0x8d63f852, 0xedffcf3a), TOBN(0xb4d2ed04, 0x3c0a6f55),
+     TOBN(0xdb3aa8de, 0x12519b9e), TOBN(0x5d38e9c4, 0x1e0a569a),
+     TOBN(0x871528bf, 0x303747e2), TOBN(0xa208e77c, 0xf5b5c18d),
+     TOBN(0x9d129c88, 0xca6bf923), TOBN(0xbcbf197f, 0xbf02839f),
+     TOBN(0x9b9bf030, 0x27323194), TOBN(0x3b055a8b, 0x339ca59d),
+     TOBN(0xb46b2312, 0x0f669520), TOBN(0x19789f1f, 0x497e5f24),
+     TOBN(0x9c499468, 0xaaf01801), TOBN(0x72ee1190, 0x8b69d59c),
+     TOBN(0x8bd39595, 0xacf4c079), TOBN(0x3ee11ece, 0x8e0cd048),
+     TOBN(0xebde86ec, 0x1ed66f18), TOBN(0x225d906b, 0xd61fce43),
+     TOBN(0x5cab07d6, 0xe8bed74d), TOBN(0x16e4617f, 0x27855ab7),
+     TOBN(0x6568aadd, 0xb2fbc3dd), TOBN(0xedb5484f, 0x8aeddf5b),
+     TOBN(0x878f20e8, 0x6dcf2fad), TOBN(0x3516497c, 0x615f5699),}
+    ,
+    {TOBN(0xef0a3fec, 0xfa181e69), TOBN(0x9ea02f81, 0x30d69a98),
+     TOBN(0xb2e9cf8e, 0x66eab95d), TOBN(0x520f2beb, 0x24720021),
+     TOBN(0x621c540a, 0x1df84361), TOBN(0x12037721, 0x71fa6d5d),
+     TOBN(0x6e3c7b51, 0x0ff5f6ff), TOBN(0x817a069b, 0xabb2bef3),
+     TOBN(0x83572fb6, 0xb294cda6), TOBN(0x6ce9bf75, 0xb9039f34),
+     TOBN(0x20e012f0, 0x095cbb21), TOBN(0xa0aecc1b, 0xd063f0da),
+     TOBN(0x57c21c3a, 0xf02909e5), TOBN(0xc7d59ecf, 0x48ce9cdc),
+     TOBN(0x2732b844, 0x8ae336f8), TOBN(0x056e3723, 0x3f4f85f4),
+     TOBN(0x8a10b531, 0x89e800ca), TOBN(0x50fe0c17, 0x145208fd),
+     TOBN(0x9e43c0d3, 0xb714ba37), TOBN(0x427d200e, 0x34189acc),
+     TOBN(0x05dee24f, 0xe616e2c0), TOBN(0x9c25f4c8, 0xee1854c1),
+     TOBN(0x4d3222a5, 0x8f342a73), TOBN(0x0807804f, 0xa027c952),
+     TOBN(0xc222653a, 0x4f0d56f3), TOBN(0x961e4047, 0xca28b805),
+     TOBN(0x2c03f8b0, 0x4a73434b), TOBN(0x4c966787, 0xab712a19),
+     TOBN(0xcc196c42, 0x864fee42), TOBN(0xc1be93da, 0x5b0ece5c),
+     TOBN(0xa87d9f22, 0xc131c159), TOBN(0x2bb6d593, 0xdce45655),
+     TOBN(0x22c49ec9, 0xb809b7ce), TOBN(0x8a41486b, 0xe2c72c2c),
+     TOBN(0x813b9420, 0xfea0bf36), TOBN(0xb3d36ee9, 0xa66dac69),
+     TOBN(0x6fddc08a, 0x328cc987), TOBN(0x0a3bcd2c, 0x3a326461),
+     TOBN(0x7103c49d, 0xd810dbba), TOBN(0xf9d81a28, 0x4b78a4c4),
+     TOBN(0x3de865ad, 0xe4d55941), TOBN(0xdedafa5e, 0x30384087),
+     TOBN(0x6f414abb, 0x4ef18b9b), TOBN(0x9ee9ea42, 0xfaee5268),
+     TOBN(0x260faa16, 0x37a55a4a), TOBN(0xeb19a514, 0x015f93b9),
+     TOBN(0x51d7ebd2, 0x9e9c3598), TOBN(0x523fc56d, 0x1932178e),
+     TOBN(0x501d070c, 0xb98fe684), TOBN(0xd60fbe9a, 0x124a1458),
+     TOBN(0xa45761c8, 0x92bc6b3f), TOBN(0xf5384858, 0xfe6f27cb),
+     TOBN(0x4b0271f7, 0xb59e763b), TOBN(0x3d4606a9, 0x5b5a8e5e),
+     TOBN(0x1eda5d9b, 0x05a48292), TOBN(0xda7731d0, 0xe6fec446),
+     TOBN(0xa3e33693, 0x90d45871), TOBN(0xe9764040, 0x06166d8d),
+     TOBN(0xb5c33682, 0x89a90403), TOBN(0x4bd17983, 0x72f1d637),
+     TOBN(0xa616679e, 0xd5d2c53a), TOBN(0x5ec4bcd8, 0xfdcf3b87),
+     TOBN(0xae6d7613, 0xb66a694e), TOBN(0x7460fc76, 0xe3fc27e5),
+     TOBN(0x70469b82, 0x95caabee), TOBN(0xde024ca5, 0x889501e3),
+     TOBN(0x6bdadc06, 0x076ed265), TOBN(0x0cb1236b, 0x5a0ef8b2),
+     TOBN(0x4065ddbf, 0x0972ebf9), TOBN(0xf1dd3875, 0x22aca432),
+     TOBN(0xa88b97cf, 0x744aff76), TOBN(0xd1359afd, 0xfe8e3d24),
+     TOBN(0x52a3ba2b, 0x91502cf3), TOBN(0x2c3832a8, 0x084db75d),
+     TOBN(0x04a12ddd, 0xde30b1c9), TOBN(0x7802eabc, 0xe31fd60c),
+     TOBN(0x33707327, 0xa37fddab), TOBN(0x65d6f2ab, 0xfaafa973),
+     TOBN(0x3525c5b8, 0x11e6f91a), TOBN(0x76aeb0c9, 0x5f46530b),
+     TOBN(0xe8815ff6, 0x2f93a675), TOBN(0xa6ec9684, 0x05f48679),
+     TOBN(0x6dcbb556, 0x358ae884), TOBN(0x0af61472, 0xe19e3873),
+     TOBN(0x72334372, 0xa5f696be), TOBN(0xc65e57ea, 0x6f22fb70),
+     TOBN(0x268da30c, 0x946cea90), TOBN(0x136a8a87, 0x65681b2a),
+     TOBN(0xad5e81dc, 0x0f9f44d4), TOBN(0xf09a6960, 0x2c46585a),
+     TOBN(0xd1649164, 0xc447d1b1), TOBN(0x3b4b36c8, 0x879dc8b1),
+     TOBN(0x20d4177b, 0x3b6b234c), TOBN(0x096a2505, 0x1730d9d0),
+     TOBN(0x0611b9b8, 0xef80531d), TOBN(0xba904b3b, 0x64bb495d),
+     TOBN(0x1192d9d4, 0x93a3147a), TOBN(0x9f30a5dc, 0x9a565545),
+     TOBN(0x90b1f9cb, 0x6ef07212), TOBN(0x29958546, 0x0d87fc13),
+     TOBN(0xd3323eff, 0xc17db9ba), TOBN(0xcb18548c, 0xcb1644a8),
+     TOBN(0x18a306d4, 0x4f49ffbc), TOBN(0x28d658f1, 0x4c2e8684),
+     TOBN(0x44ba60cd, 0xa99f8c71), TOBN(0x67b7abdb, 0x4bf742ff),
+     TOBN(0x66310f9c, 0x914b3f99), TOBN(0xae430a32, 0xf412c161),
+     TOBN(0x1e6776d3, 0x88ace52f), TOBN(0x4bc0fa24, 0x52d7067d),
+     TOBN(0x03c286aa, 0x8f07cd1b), TOBN(0x4cb8f38c, 0xa985b2c1),
+     TOBN(0x83ccbe80, 0x8c3bff36), TOBN(0x005a0bd2, 0x5263e575),
+     TOBN(0x460d7dda, 0x259bdcd1), TOBN(0x4a1c5642, 0xfa5cab6b),
+     TOBN(0x2b7bdbb9, 0x9fe4fc88), TOBN(0x09418e28, 0xcc97bbb5),
+     TOBN(0xd8274fb4, 0xa12321ae), TOBN(0xb137007d, 0x5c87b64e),
+     TOBN(0x80531fe1, 0xc63c4962), TOBN(0x50541e89, 0x981fdb25),
+     TOBN(0xdc1291a1, 0xfd4c2b6b), TOBN(0xc0693a17, 0xa6df4fca),
+     TOBN(0xb2c4604e, 0x0117f203), TOBN(0x245f1963, 0x0a99b8d0),
+     TOBN(0xaedc20aa, 0xc6212c44), TOBN(0xb1ed4e56, 0x520f52a8),
+     TOBN(0xfe48f575, 0xf8547be3), TOBN(0x0a7033cd, 0xa9e45f98),
+     TOBN(0x4b45d3a9, 0x18c50100), TOBN(0xb2a6cd6a, 0xa61d41da),
+     TOBN(0x60bbb4f5, 0x57933c6b), TOBN(0xa7538ebd, 0x2b0d7ffc),
+     TOBN(0x9ea3ab8d, 0x8cd626b6), TOBN(0x8273a484, 0x3601625a),
+     TOBN(0x88859845, 0x0168e508), TOBN(0x8cbc9bb2, 0x99a94abd),
+     TOBN(0x713ac792, 0xfab0a671), TOBN(0xa3995b19, 0x6c9ebffc),
+     TOBN(0xe711668e, 0x1239e152), TOBN(0x56892558, 0xbbb8dff4),
+     TOBN(0x8bfc7dab, 0xdbf17963), TOBN(0x5b59fe5a, 0xb3de1253),
+     TOBN(0x7e3320eb, 0x34a9f7ae), TOBN(0xe5e8cf72, 0xd751efe4),
+     TOBN(0x7ea003bc, 0xd9be2f37), TOBN(0xc0f551a0, 0xb6c08ef7),
+     TOBN(0x56606268, 0x038f6725), TOBN(0x1dd38e35, 0x6d92d3b6),
+     TOBN(0x07dfce7c, 0xc3cbd686), TOBN(0x4e549e04, 0x651c5da8),
+     TOBN(0x4058f93b, 0x08b19340), TOBN(0xc2fae6f4, 0xcac6d89d),
+     TOBN(0x4bad8a8c, 0x8f159cc7), TOBN(0x0ddba4b3, 0xcb0b601c),
+     TOBN(0xda4fc7b5, 0x1dd95f8c), TOBN(0x1d163cd7, 0xcea5c255),
+     TOBN(0x30707d06, 0x274a8c4c), TOBN(0x79d9e008, 0x2802e9ce),
+     TOBN(0x02a29ebf, 0xe6ddd505), TOBN(0x37064e74, 0xb50bed1a),
+     TOBN(0x3f6bae65, 0xa7327d57), TOBN(0x3846f5f1, 0xf83920bc),
+     TOBN(0x87c37491, 0x60df1b9b), TOBN(0x4cfb2895, 0x2d1da29f),
+     TOBN(0x10a478ca, 0x4ed1743c), TOBN(0x390c6030, 0x3edd47c6),
+     TOBN(0x8f3e5312, 0x8c0a78de), TOBN(0xccd02bda, 0x1e85df70),
+     TOBN(0xd6c75c03, 0xa61b6582), TOBN(0x0762921c, 0xfc0eebd1),
+     TOBN(0xd34d0823, 0xd85010c0), TOBN(0xd73aaacb, 0x0044cf1f),
+     TOBN(0xfb4159bb, 0xa3b5e78a), TOBN(0x2287c7f7, 0xe5826f3f),
+     TOBN(0x4aeaf742, 0x580b1a01), TOBN(0xf080415d, 0x60423b79),
+     TOBN(0xe12622cd, 0xa7dea144), TOBN(0x49ea4996, 0x59d62472),
+     TOBN(0xb42991ef, 0x571f3913), TOBN(0x0610f214, 0xf5b25a8a),
+     TOBN(0x47adc585, 0x30b79e8f), TOBN(0xf90e3df6, 0x07a065a2),
+     TOBN(0x5d0a5deb, 0x43e2e034), TOBN(0x53fb5a34, 0x444024aa),
+     TOBN(0xa8628c68, 0x6b0c9f7f), TOBN(0x9c69c29c, 0xac563656),
+     TOBN(0x5a231feb, 0xbace47b6), TOBN(0xbdce0289, 0x9ea5a2ec),
+     TOBN(0x05da1fac, 0x9463853e), TOBN(0x96812c52, 0x509e78aa),
+     TOBN(0xd3fb5771, 0x57151692), TOBN(0xeb2721f8, 0xd98e1c44),
+     TOBN(0xc0506087, 0x32399be1), TOBN(0xda5a5511, 0xd979d8b8),
+     TOBN(0x737ed55d, 0xc6f56780), TOBN(0xe20d3004, 0x0dc7a7f4),
+     TOBN(0x02ce7301, 0xf5941a03), TOBN(0x91ef5215, 0xed30f83a),
+     TOBN(0x28727fc1, 0x4092d85f), TOBN(0x72d223c6, 0x5c49e41a),
+     TOBN(0xa7cf30a2, 0xba6a4d81), TOBN(0x7c086209, 0xb030d87d),
+     TOBN(0x04844c7d, 0xfc588b09), TOBN(0x728cd499, 0x5874bbb0),
+     TOBN(0xcc1281ee, 0xe84c0495), TOBN(0x0769b5ba, 0xec31958f),
+     TOBN(0x665c228b, 0xf99c2471), TOBN(0xf2d8a11b, 0x191eb110),
+     TOBN(0x4594f494, 0xd36d7024), TOBN(0x482ded8b, 0xcdcb25a1),
+     TOBN(0xc958a9d8, 0xdadd4885), TOBN(0x7004477e, 0xf1d2b547),
+     TOBN(0x0a45f6ef, 0x2a0af550), TOBN(0x4fc739d6, 0x2f8d6351),
+     TOBN(0x75cdaf27, 0x786f08a9), TOBN(0x8700bb26, 0x42c2737f),
+     TOBN(0x855a7141, 0x1c4e2670), TOBN(0x810188c1, 0x15076fef),
+     TOBN(0xc251d0c9, 0xabcd3297), TOBN(0xae4c8967, 0xf48108eb),
+     TOBN(0xbd146de7, 0x18ceed30), TOBN(0xf9d4f07a, 0xc986bced),
+     TOBN(0x5ad98ed5, 0x83fa1e08), TOBN(0x7780d33e, 0xbeabd1fb),
+     TOBN(0xe330513c, 0x903b1196), TOBN(0xba11de9e, 0xa47bc8c4),
+     TOBN(0x684334da, 0x02c2d064), TOBN(0x7ecf360d, 0xa48de23b),
+     TOBN(0x57a1b474, 0x0a9089d8), TOBN(0xf28fa439, 0xff36734c),
+     TOBN(0xf2a482cb, 0xea4570b3), TOBN(0xee65d68b, 0xa5ebcee9),
+     TOBN(0x988d0036, 0xb9694cd5), TOBN(0x53edd0e9, 0x37885d32),
+     TOBN(0xe37e3307, 0xbeb9bc6d), TOBN(0xe9abb907, 0x9f5c6768),
+     TOBN(0x4396ccd5, 0x51f2160f), TOBN(0x2500888c, 0x47336da6),
+     TOBN(0x383f9ed9, 0x926fce43), TOBN(0x809dd1c7, 0x04da2930),
+     TOBN(0x30f6f596, 0x8a4cb227), TOBN(0x0d700c7f, 0x73a56b38),
+     TOBN(0x1825ea33, 0xab64a065), TOBN(0xaab9b735, 0x1338df80),
+     TOBN(0x1516100d, 0x9b63f57f), TOBN(0x2574395a, 0x27a6a634),
+     TOBN(0xb5560fb6, 0x700a1acd), TOBN(0xe823fd73, 0xfd999681),
+     TOBN(0xda915d1f, 0x6cb4e1ba), TOBN(0x0d030118, 0x6ebe00a3),
+     TOBN(0x744fb0c9, 0x89fca8cd), TOBN(0x970d01db, 0xf9da0e0b),
+     TOBN(0x0ad8c564, 0x7931d76f), TOBN(0xb15737bf, 0xf659b96a),
+     TOBN(0xdc9933e8, 0xa8b484e7), TOBN(0xb2fdbdf9, 0x7a26dec7),
+     TOBN(0x2349e9a4, 0x9f1f0136), TOBN(0x7860368e, 0x70fddddb),
+     TOBN(0xd93d2c1c, 0xf9ad3e18), TOBN(0x6d6c5f17, 0x689f4e79),
+     TOBN(0x7a544d91, 0xb24ff1b6), TOBN(0x3e12a5eb, 0xfe16cd8c),
+     TOBN(0x543574e9, 0xa56b872f), TOBN(0xa1ad550c, 0xfcf68ea2),
+     TOBN(0x689e37d2, 0x3f560ef7), TOBN(0x8c54b9ca, 0xc9d47a8b),
+     TOBN(0x46d40a4a, 0x088ac342), TOBN(0xec450c7c, 0x1576c6d0),
+     TOBN(0xb589e31c, 0x1f9689e9), TOBN(0xdacf2602, 0xb8781718),
+     TOBN(0xa89237c6, 0xc8cb6b42), TOBN(0x1326fc93, 0xb96ef381),
+     TOBN(0x55d56c6d, 0xb5f07825), TOBN(0xacba2eea, 0x7449e22d),
+     TOBN(0x74e0887a, 0x633c3000), TOBN(0xcb6cd172, 0xd7cbcf71),
+     TOBN(0x309e81de, 0xc36cf1be), TOBN(0x07a18a6d, 0x60ae399b),
+     TOBN(0xb36c2679, 0x9edce57e), TOBN(0x52b892f4, 0xdf001d41),
+     TOBN(0xd884ae5d, 0x16a1f2c6), TOBN(0x9b329424, 0xefcc370a),
+     TOBN(0x3120daf2, 0xbd2e21df), TOBN(0x55298d2d, 0x02470a99),
+     TOBN(0x0b78af6c, 0xa05db32e), TOBN(0x5c76a331, 0x601f5636),
+     TOBN(0xaae861ff, 0xf8a4f29c), TOBN(0x70dc9240, 0xd68f8d49),
+     TOBN(0x960e649f, 0x81b1321c), TOBN(0x3d2c801b, 0x8792e4ce),
+     TOBN(0xf479f772, 0x42521876), TOBN(0x0bed93bc, 0x416c79b1),
+     TOBN(0xa67fbc05, 0x263e5bc9), TOBN(0x01e8e630, 0x521db049),
+     TOBN(0x76f26738, 0xc6f3431e), TOBN(0xe609cb02, 0xe3267541),
+     TOBN(0xb10cff2d, 0x818c877c), TOBN(0x1f0e75ce, 0x786a13cb),
+     TOBN(0xf4fdca64, 0x1158544d), TOBN(0x5d777e89, 0x6cb71ed0),
+     TOBN(0x3c233737, 0xa9aa4755), TOBN(0x7b453192, 0xe527ab40),
+     TOBN(0xdb59f688, 0x39f05ffe), TOBN(0x8f4f4be0, 0x6d82574e),
+     TOBN(0xcce3450c, 0xee292d1b), TOBN(0xaa448a12, 0x61ccd086),
+     TOBN(0xabce91b3, 0xf7914967), TOBN(0x4537f09b, 0x1908a5ed),
+     TOBN(0xa812421e, 0xf51042e7), TOBN(0xfaf5cebc, 0xec0b3a34),
+     TOBN(0x730ffd87, 0x4ca6b39a), TOBN(0x70fb72ed, 0x02efd342),
+     TOBN(0xeb4735f9, 0xd75c8edb), TOBN(0xc11f2157, 0xc278aa51),
+     TOBN(0xc459f635, 0xbf3bfebf), TOBN(0x3a1ff0b4, 0x6bd9601f),
+     TOBN(0xc9d12823, 0xc420cb73), TOBN(0x3e9af3e2, 0x3c2915a3),
+     TOBN(0xe0c82c72, 0xb41c3440), TOBN(0x175239e5, 0xe3039a5f),
+     TOBN(0xe1084b8a, 0x558795a3), TOBN(0x328d0a1d, 0xd01e5c60),
+     TOBN(0x0a495f2e, 0xd3788a04), TOBN(0x25d8ff16, 0x66c11a9f),
+     TOBN(0xf5155f05, 0x9ed692d6), TOBN(0x954fa107, 0x4f425fe4),
+     TOBN(0xd16aabf2, 0xe98aaa99), TOBN(0x90cd8ba0, 0x96b0f88a),
+     TOBN(0x957f4782, 0xc154026a), TOBN(0x54ee0734, 0x52af56d2),
+     TOBN(0xbcf89e54, 0x45b4147a), TOBN(0x3d102f21, 0x9a52816c),
+     TOBN(0x6808517e, 0x39b62e77), TOBN(0x92e25421, 0x69169ad8),
+     TOBN(0xd721d871, 0xbb608558), TOBN(0x60e4ebae, 0xf6d4ff9b),
+     TOBN(0x0ba10819, 0x41f2763e), TOBN(0xca2e45be, 0x51ee3247),
+     TOBN(0x66d172ec, 0x2bfd7a5f), TOBN(0x528a8f2f, 0x74d0b12d),
+     TOBN(0xe17f1e38, 0xdabe70dc), TOBN(0x1d5d7316, 0x9f93983c),
+     TOBN(0x51b2184a, 0xdf423e31), TOBN(0xcb417291, 0xaedb1a10),
+     TOBN(0x2054ca93, 0x625bcab9), TOBN(0x54396860, 0xa98998f0),
+     TOBN(0x4e53f6c4, 0xa54ae57e), TOBN(0x0ffeb590, 0xee648e9d),
+     TOBN(0xfbbdaadc, 0x6afaf6bc), TOBN(0xf88ae796, 0xaa3bfb8a),
+     TOBN(0x209f1d44, 0xd2359ed9), TOBN(0xac68dd03, 0xf3544ce2),
+     TOBN(0xf378da47, 0xfd51e569), TOBN(0xe1abd860, 0x2cc80097),
+     TOBN(0x23ca18d9, 0x343b6e3a), TOBN(0x480797e8, 0xb40a1bae),
+     TOBN(0xd1f0c717, 0x533f3e67), TOBN(0x44896970, 0x06e6cdfc),
+     TOBN(0x8ca21055, 0x52a82e8d), TOBN(0xb2caf785, 0x78460cdc),
+     TOBN(0x4c1b7b62, 0xe9037178), TOBN(0xefc09d2c, 0xdb514b58),
+     TOBN(0x5f2df9ee, 0x9113be5c), TOBN(0x2fbda78f, 0xb3f9271c),
+     TOBN(0xe09a81af, 0x8f83fc54), TOBN(0x06b13866, 0x8afb5141),
+     TOBN(0x38f6480f, 0x43e3865d), TOBN(0x72dd77a8, 0x1ddf47d9),
+     TOBN(0xf2a8e971, 0x4c205ff7), TOBN(0x46d449d8, 0x9d088ad8),
+     TOBN(0x926619ea, 0x185d706f), TOBN(0xe47e02eb, 0xc7dd7f62),
+     TOBN(0xe7f120a7, 0x8cbc2031), TOBN(0xc18bef00, 0x998d4ac9),
+     TOBN(0x18f37a9c, 0x6bdf22da), TOBN(0xefbc432f, 0x90dc82df),
+     TOBN(0xc52cef8e, 0x5d703651), TOBN(0x82887ba0, 0xd99881a5),
+     TOBN(0x7cec9dda, 0xb920ec1d), TOBN(0xd0d7e8c3, 0xec3e8d3b),
+     TOBN(0x445bc395, 0x4ca88747), TOBN(0xedeaa2e0, 0x9fd53535),
+     TOBN(0x461b1d93, 0x6cc87475), TOBN(0xd92a52e2, 0x6d2383bd),
+     TOBN(0xfabccb59, 0xd7903546), TOBN(0x6111a761, 0x3d14b112),
+     TOBN(0x0ae584fe, 0xb3d5f612), TOBN(0x5ea69b8d, 0x60e828ec),
+     TOBN(0x6c078985, 0x54087030), TOBN(0x649cab04, 0xac4821fe),
+     TOBN(0x25ecedcf, 0x8bdce214), TOBN(0xb5622f72, 0x86af7361),
+     TOBN(0x0e1227aa, 0x7038b9e2), TOBN(0xd0efb273, 0xac20fa77),
+     TOBN(0x817ff88b, 0x79df975b), TOBN(0x856bf286, 0x1999503e),
+     TOBN(0xb4d5351f, 0x5038ec46), TOBN(0x740a52c5, 0xfc42af6e),
+     TOBN(0x2e38bb15, 0x2cbb1a3f), TOBN(0xc3eb99fe, 0x17a83429),
+     TOBN(0xca4fcbf1, 0xdd66bb74), TOBN(0x880784d6, 0xcde5e8fc),
+     TOBN(0xddc84c1c, 0xb4e7a0be), TOBN(0x8780510d, 0xbd15a72f),
+     TOBN(0x44bcf1af, 0x81ec30e1), TOBN(0x141e50a8, 0x0a61073e),
+     TOBN(0x0d955718, 0x47be87ae), TOBN(0x68a61417, 0xf76a4372),
+     TOBN(0xf57e7e87, 0xc607c3d3), TOBN(0x043afaf8, 0x5252f332),
+     TOBN(0xcc14e121, 0x1552a4d2), TOBN(0xb6dee692, 0xbb4d4ab4),
+     TOBN(0xb6ab74c8, 0xa03816a4), TOBN(0x84001ae4, 0x6f394a29),
+     TOBN(0x5bed8344, 0xd795fb45), TOBN(0x57326e7d, 0xb79f55a5),
+     TOBN(0xc9533ce0, 0x4accdffc), TOBN(0x53473caf, 0x3993fa04),
+     TOBN(0x7906eb93, 0xa13df4c8), TOBN(0xa73e51f6, 0x97cbe46f),
+     TOBN(0xd1ab3ae1, 0x0ae4ccf8), TOBN(0x25614508, 0x8a5b3dbc),
+     TOBN(0x61eff962, 0x11a71b27), TOBN(0xdf71412b, 0x6bb7fa39),
+     TOBN(0xb31ba6b8, 0x2bd7f3ef), TOBN(0xb0b9c415, 0x69180d29),
+     TOBN(0xeec14552, 0x014cdde5), TOBN(0x702c624b, 0x227b4bbb),
+     TOBN(0x2b15e8c2, 0xd3e988f3), TOBN(0xee3bcc6d, 0xa4f7fd04),
+     TOBN(0x9d00822a, 0x42ac6c85), TOBN(0x2db0cea6, 0x1df9f2b7),
+     TOBN(0xd7cad2ab, 0x42de1e58), TOBN(0x346ed526, 0x2d6fbb61),
+     TOBN(0xb3962995, 0x1a2faf09), TOBN(0x2fa8a580, 0x7c25612e),
+     TOBN(0x30ae04da, 0x7cf56490), TOBN(0x75662908, 0x0eea3961),
+     TOBN(0x3609f5c5, 0x3d080847), TOBN(0xcb081d39, 0x5241d4f6),
+     TOBN(0xb4fb3810, 0x77961a63), TOBN(0xc20c5984, 0x2abb66fc),
+     TOBN(0x3d40aa7c, 0xf902f245), TOBN(0x9cb12736, 0x4e536b1e),
+     TOBN(0x5eda24da, 0x99b3134f), TOBN(0xafbd9c69, 0x5cd011af),
+     TOBN(0x9a16e30a, 0xc7088c7d), TOBN(0x5ab65710, 0x3207389f),
+     TOBN(0x1b09547f, 0xe7407a53), TOBN(0x2322f9d7, 0x4fdc6eab),
+     TOBN(0xc0f2f22d, 0x7430de4d), TOBN(0x19382696, 0xe68ca9a9),
+     TOBN(0x17f1eff1, 0x918e5868), TOBN(0xe3b5b635, 0x586f4204),
+     TOBN(0x146ef980, 0x3fbc4341), TOBN(0x359f2c80, 0x5b5eed4e),
+     TOBN(0x9f35744e, 0x7482e41d), TOBN(0x9a9ac3ec, 0xf3b224c2),
+     TOBN(0x9161a6fe, 0x91fc50ae), TOBN(0x89ccc66b, 0xc613fa7c),
+     TOBN(0x89268b14, 0xc732f15a), TOBN(0x7cd6f4e2, 0xb467ed03),
+     TOBN(0xfbf79869, 0xce56b40e), TOBN(0xf93e094c, 0xc02dde98),
+     TOBN(0xefe0c3a8, 0xedee2cd7), TOBN(0x90f3ffc0, 0xb268fd42),
+     TOBN(0x81a7fd56, 0x08241aed), TOBN(0x95ab7ad8, 0x00b1afe8),
+     TOBN(0x40127056, 0x3e310d52), TOBN(0xd3ffdeb1, 0x09d9fc43),
+     TOBN(0xc8f85c91, 0xd11a8594), TOBN(0x2e74d258, 0x31cf6db8),
+     TOBN(0x829c7ca3, 0x02b5dfd0), TOBN(0xe389cfbe, 0x69143c86),
+     TOBN(0xd01b6405, 0x941768d8), TOBN(0x45103995, 0x03bf825d),
+     TOBN(0xcc4ee166, 0x56cd17e2), TOBN(0xbea3c283, 0xba037e79),
+     TOBN(0x4e1ac06e, 0xd9a47520), TOBN(0xfbfe18aa, 0xaf852404),
+     TOBN(0x5615f8e2, 0x8087648a), TOBN(0x7301e47e, 0xb9d150d9),
+     TOBN(0x79f9f9dd, 0xb299b977), TOBN(0x76697a7b, 0xa5b78314),
+     TOBN(0x10d67468, 0x7d7c90e7), TOBN(0x7afffe03, 0x937210b5),
+     TOBN(0x5aef3e4b, 0x28c22cee), TOBN(0xefb0ecd8, 0x09fd55ae),
+     TOBN(0x4cea7132, 0x0d2a5d6a), TOBN(0x9cfb5fa1, 0x01db6357),
+     TOBN(0x395e0b57, 0xf36e1ac5), TOBN(0x008fa9ad, 0x36cafb7d),
+     TOBN(0x8f6cdf70, 0x5308c4db), TOBN(0x51527a37, 0x95ed2477),
+     TOBN(0xba0dee30, 0x5bd21311), TOBN(0x6ed41b22, 0x909c90d7),
+     TOBN(0xc5f6b758, 0x7c8696d3), TOBN(0x0db8eaa8, 0x3ce83a80),
+     TOBN(0xd297fe37, 0xb24b4b6f), TOBN(0xfe58afe8, 0x522d1f0d),
+     TOBN(0x97358736, 0x8c98dbd9), TOBN(0x6bc226ca, 0x9454a527),
+     TOBN(0xa12b384e, 0xce53c2d0), TOBN(0x779d897d, 0x5e4606da),
+     TOBN(0xa53e47b0, 0x73ec12b0), TOBN(0x462dbbba, 0x5756f1ad),
+     TOBN(0x69fe09f2, 0xcafe37b6), TOBN(0x273d1ebf, 0xecce2e17),
+     TOBN(0x8ac1d538, 0x3cf607fd), TOBN(0x8035f7ff, 0x12e10c25),}
+    ,
+    {TOBN(0x854d34c7, 0x7e6c5520), TOBN(0xc27df9ef, 0xdcb9ea58),
+     TOBN(0x405f2369, 0xd686666d), TOBN(0x29d1febf, 0x0417aa85),
+     TOBN(0x9846819e, 0x93470afe), TOBN(0x3e6a9669, 0xe2a27f9e),
+     TOBN(0x24d008a2, 0xe31e6504), TOBN(0xdba7cecf, 0x9cb7680a),
+     TOBN(0xecaff541, 0x338d6e43), TOBN(0x56f7dd73, 0x4541d5cc),
+     TOBN(0xb5d426de, 0x96bc88ca), TOBN(0x48d94f6b, 0x9ed3a2c3),
+     TOBN(0x6354a3bb, 0x2ef8279c), TOBN(0xd575465b, 0x0b1867f2),
+     TOBN(0xef99b0ff, 0x95225151), TOBN(0xf3e19d88, 0xf94500d8),
+     TOBN(0x92a83268, 0xe32dd620), TOBN(0x913ec99f, 0x627849a2),
+     TOBN(0xedd8fdfa, 0x2c378882), TOBN(0xaf96f33e, 0xee6f8cfe),
+     TOBN(0xc06737e5, 0xdc3fa8a5), TOBN(0x236bb531, 0xb0b03a1d),
+     TOBN(0x33e59f29, 0x89f037b0), TOBN(0x13f9b5a7, 0xd9a12a53),
+     TOBN(0x0d0df6ce, 0x51efb310), TOBN(0xcb5b2eb4, 0x958df5be),
+     TOBN(0xd6459e29, 0x36158e59), TOBN(0x82aae2b9, 0x1466e336),
+     TOBN(0xfb658a39, 0x411aa636), TOBN(0x7152ecc5, 0xd4c0a933),
+     TOBN(0xf10c758a, 0x49f026b7), TOBN(0xf4837f97, 0xcb09311f),
+     TOBN(0xddfb02c4, 0xc753c45f), TOBN(0x18ca81b6, 0xf9c840fe),
+     TOBN(0x846fd09a, 0xb0f8a3e6), TOBN(0xb1162add, 0xe7733dbc),
+     TOBN(0x7070ad20, 0x236e3ab6), TOBN(0xf88cdaf5, 0xb2a56326),
+     TOBN(0x05fc8719, 0x997cbc7a), TOBN(0x442cd452, 0x4b665272),
+     TOBN(0x7807f364, 0xb71698f5), TOBN(0x6ba418d2, 0x9f7b605e),
+     TOBN(0xfd20b00f, 0xa03b2cbb), TOBN(0x883eca37, 0xda54386f),
+     TOBN(0xff0be43f, 0xf3437f24), TOBN(0xe910b432, 0xa48bb33c),
+     TOBN(0x4963a128, 0x329df765), TOBN(0xac1dd556, 0xbe2fe6f7),
+     TOBN(0x557610f9, 0x24a0a3fc), TOBN(0x38e17bf4, 0xe881c3f9),
+     TOBN(0x6ba84faf, 0xed0dac99), TOBN(0xd4a222c3, 0x59eeb918),
+     TOBN(0xc79c1dbe, 0x13f542b6), TOBN(0x1fc65e0d, 0xe425d457),
+     TOBN(0xeffb754f, 0x1debb779), TOBN(0x638d8fd0, 0x9e08af60),
+     TOBN(0x994f523a, 0x626332d5), TOBN(0x7bc38833, 0x5561bb44),
+     TOBN(0x005ed4b0, 0x3d845ea2), TOBN(0xd39d3ee1, 0xc2a1f08a),
+     TOBN(0x6561fdd3, 0xe7676b0d), TOBN(0x620e35ff, 0xfb706017),
+     TOBN(0x36ce424f, 0xf264f9a8), TOBN(0xc4c3419f, 0xda2681f7),
+     TOBN(0xfb6afd2f, 0x69beb6e8), TOBN(0x3a50b993, 0x6d700d03),
+     TOBN(0xc840b2ad, 0x0c83a14f), TOBN(0x573207be, 0x54085bef),
+     TOBN(0x5af882e3, 0x09fe7e5b), TOBN(0x957678a4, 0x3b40a7e1),
+     TOBN(0x172d4bdd, 0x543056e2), TOBN(0x9c1b26b4, 0x0df13c0a),
+     TOBN(0x1c30861c, 0xf405ff06), TOBN(0xebac86bd, 0x486e828b),
+     TOBN(0xe791a971, 0x636933fc), TOBN(0x50e7c2be, 0x7aeee947),
+     TOBN(0xc3d4a095, 0xfa90d767), TOBN(0xae60eb7b, 0xe670ab7b),
+     TOBN(0x17633a64, 0x397b056d), TOBN(0x93a21f33, 0x105012aa),
+     TOBN(0x663c370b, 0xabb88643), TOBN(0x91df36d7, 0x22e21599),
+     TOBN(0x183ba835, 0x8b761671), TOBN(0x381eea1d, 0x728f3bf1),
+     TOBN(0xb9b2f1ba, 0x39966e6c), TOBN(0x7c464a28, 0xe7295492),
+     TOBN(0x0fd5f70a, 0x09b26b7f), TOBN(0xa9aba1f9, 0xfbe009df),
+     TOBN(0x857c1f22, 0x369b87ad), TOBN(0x3c00e5d9, 0x32fca556),
+     TOBN(0x1ad74cab, 0x90b06466), TOBN(0xa7112386, 0x550faaf2),
+     TOBN(0x7435e198, 0x6d9bd5f5), TOBN(0x2dcc7e38, 0x59c3463f),
+     TOBN(0xdc7df748, 0xca7bd4b2), TOBN(0x13cd4c08, 0x9dec2f31),
+     TOBN(0x0d3b5df8, 0xe3237710), TOBN(0x0dadb26e, 0xcbd2f7b0),
+     TOBN(0x9f5966ab, 0xe4aa082b), TOBN(0x666ec8de, 0x350e966e),
+     TOBN(0x1bfd1ed5, 0xee524216), TOBN(0xcd93c59b, 0x41dab0b6),
+     TOBN(0x658a8435, 0xd186d6ba), TOBN(0x1b7d34d2, 0x159d1195),
+     TOBN(0x5936e460, 0x22caf46b), TOBN(0x6a45dd8f, 0x9a96fe4f),
+     TOBN(0xf7925434, 0xb98f474e), TOBN(0x41410412, 0x0053ef15),
+     TOBN(0x71cf8d12, 0x41de97bf), TOBN(0xb8547b61, 0xbd80bef4),
+     TOBN(0xb47d3970, 0xc4db0037), TOBN(0xf1bcd328, 0xfef20dff),
+     TOBN(0x31a92e09, 0x10caad67), TOBN(0x1f591960, 0x5531a1e1),
+     TOBN(0x3bb852e0, 0x5f4fc840), TOBN(0x63e297ca, 0x93a72c6c),
+     TOBN(0x3c2b0b2e, 0x49abad67), TOBN(0x6ec405fc, 0xed3db0d9),
+     TOBN(0xdc14a530, 0x7fef1d40), TOBN(0xccd19846, 0x280896fc),
+     TOBN(0x00f83176, 0x9bb81648), TOBN(0xd69eb485, 0x653120d0),
+     TOBN(0xd17d75f4, 0x4ccabc62), TOBN(0x34a07f82, 0xb749fcb1),
+     TOBN(0x2c3af787, 0xbbfb5554), TOBN(0xb06ed4d0, 0x62e283f8),
+     TOBN(0x5722889f, 0xa19213a0), TOBN(0x162b085e, 0xdcf3c7b4),
+     TOBN(0xbcaecb31, 0xe0dd3eca), TOBN(0xc6237fbc, 0xe52f13a5),
+     TOBN(0xcc2b6b03, 0x27bac297), TOBN(0x2ae1cac5, 0xb917f54a),
+     TOBN(0x474807d4, 0x7845ae4f), TOBN(0xfec7dd92, 0xce5972e0),
+     TOBN(0xc3bd2541, 0x1d7915bb), TOBN(0x66f85dc4, 0xd94907ca),
+     TOBN(0xd981b888, 0xbdbcf0ca), TOBN(0xd75f5da6, 0xdf279e9f),
+     TOBN(0x128bbf24, 0x7054e934), TOBN(0x3c6ff6e5, 0x81db134b),
+     TOBN(0x795b7cf4, 0x047d26e4), TOBN(0xf370f7b8, 0x5049ec37),
+     TOBN(0xc6712d4d, 0xced945af), TOBN(0xdf30b5ec, 0x095642bc),
+     TOBN(0x9b034c62, 0x4896246e), TOBN(0x5652c016, 0xee90bbd1),
+     TOBN(0xeb38636f, 0x87fedb73), TOBN(0x5e32f847, 0x0135a613),
+     TOBN(0x0703b312, 0xcf933c83), TOBN(0xd05bb76e, 0x1a7f47e6),
+     TOBN(0x825e4f0c, 0x949c2415), TOBN(0x569e5622, 0x7250d6f8),
+     TOBN(0xbbe9eb3a, 0x6568013e), TOBN(0x8dbd203f, 0x22f243fc),
+     TOBN(0x9dbd7694, 0xb342734a), TOBN(0x8f6d12f8, 0x46afa984),
+     TOBN(0xb98610a2, 0xc9eade29), TOBN(0xbab4f323, 0x47dd0f18),
+     TOBN(0x5779737b, 0x671c0d46), TOBN(0x10b6a7c6, 0xd3e0a42a),
+     TOBN(0xfb19ddf3, 0x3035b41c), TOBN(0xd336343f, 0x99c45895),
+     TOBN(0x61fe4938, 0x54c857e5), TOBN(0xc4d506be, 0xae4e57d5),
+     TOBN(0x3cd8c8cb, 0xbbc33f75), TOBN(0x7281f08a, 0x9262c77d),
+     TOBN(0x083f4ea6, 0xf11a2823), TOBN(0x8895041e, 0x9fba2e33),
+     TOBN(0xfcdfea49, 0x9c438edf), TOBN(0x7678dcc3, 0x91edba44),
+     TOBN(0xf07b3b87, 0xe2ba50f0), TOBN(0xc13888ef, 0x43948c1b),
+     TOBN(0xc2135ad4, 0x1140af42), TOBN(0x8e5104f3, 0x926ed1a7),
+     TOBN(0xf24430cb, 0x88f6695f), TOBN(0x0ce0637b, 0x6d73c120),
+     TOBN(0xb2db01e6, 0xfe631e8f), TOBN(0x1c5563d7, 0xd7bdd24b),
+     TOBN(0x8daea3ba, 0x369ad44f), TOBN(0x000c81b6, 0x8187a9f9),
+     TOBN(0x5f48a951, 0xaae1fd9a), TOBN(0xe35626c7, 0x8d5aed8a),
+     TOBN(0x20952763, 0x0498c622), TOBN(0x76d17634, 0x773aa504),
+     TOBN(0x36d90dda, 0xeb300f7a), TOBN(0x9dcf7dfc, 0xedb5e801),
+     TOBN(0x645cb268, 0x74d5244c), TOBN(0xa127ee79, 0x348e3aa2),
+     TOBN(0x488acc53, 0x575f1dbb), TOBN(0x95037e85, 0x80e6161e),
+     TOBN(0x57e59283, 0x292650d0), TOBN(0xabe67d99, 0x14938216),
+     TOBN(0x3c7f944b, 0x3f8e1065), TOBN(0xed908cb6, 0x330e8924),
+     TOBN(0x08ee8fd5, 0x6f530136), TOBN(0x2227b7d5, 0xd7ffc169),
+     TOBN(0x4f55c893, 0xb5cd6dd5), TOBN(0x82225e11, 0xa62796e8),
+     TOBN(0x5c6cead1, 0xcb18e12c), TOBN(0x4381ae0c, 0x84f5a51a),
+     TOBN(0x345913d3, 0x7fafa4c8), TOBN(0x3d918082, 0x0491aac0),
+     TOBN(0x9347871f, 0x3e69264c), TOBN(0xbea9dd3c, 0xb4f4f0cd),
+     TOBN(0xbda5d067, 0x3eadd3e7), TOBN(0x0033c1b8, 0x0573bcd8),
+     TOBN(0x25589379, 0x5da2486c), TOBN(0xcb89ee5b, 0x86abbee7),
+     TOBN(0x8fe0a8f3, 0x22532e5d), TOBN(0xb6410ff0, 0x727dfc4c),
+     TOBN(0x619b9d58, 0x226726db), TOBN(0x5ec25669, 0x7a2b2dc7),
+     TOBN(0xaf4d2e06, 0x4c3beb01), TOBN(0x852123d0, 0x7acea556),
+     TOBN(0x0e9470fa, 0xf783487a), TOBN(0x75a7ea04, 0x5664b3eb),
+     TOBN(0x4ad78f35, 0x6798e4ba), TOBN(0x9214e6e5, 0xc7d0e091),
+     TOBN(0xc420b488, 0xb1290403), TOBN(0x64049e0a, 0xfc295749),
+     TOBN(0x03ef5af1, 0x3ae9841f), TOBN(0xdbe4ca19, 0xb0b662a6),
+     TOBN(0x46845c5f, 0xfa453458), TOBN(0xf8dabf19, 0x10b66722),
+     TOBN(0xb650f0aa, 0xcce2793b), TOBN(0x71db851e, 0xc5ec47c1),
+     TOBN(0x3eb78f3e, 0x3b234fa9), TOBN(0xb0c60f35, 0xfc0106ce),
+     TOBN(0x05427121, 0x774eadbd), TOBN(0x25367faf, 0xce323863),
+     TOBN(0x7541b5c9, 0xcd086976), TOBN(0x4ff069e2, 0xdc507ad1),
+     TOBN(0x74145256, 0x8776e667), TOBN(0x6e76142c, 0xb23c6bb5),
+     TOBN(0xdbf30712, 0x1b3a8a87), TOBN(0x60e7363e, 0x98450836),
+     TOBN(0x5741450e, 0xb7366d80), TOBN(0xe4ee14ca, 0x4837dbdf),
+     TOBN(0xa765eb9b, 0x69d4316f), TOBN(0x04548dca, 0x8ef43825),
+     TOBN(0x9c9f4e4c, 0x5ae888eb), TOBN(0x733abb51, 0x56e9ac99),
+     TOBN(0xdaad3c20, 0xba6ac029), TOBN(0x9b8dd3d3, 0x2ba3e38e),
+     TOBN(0xa9bb4c92, 0x0bc5d11a), TOBN(0xf20127a7, 0x9c5f88a3),
+     TOBN(0x4f52b06e, 0x161d3cb8), TOBN(0x26c1ff09, 0x6afaf0a6),
+     TOBN(0x32670d2f, 0x7189e71f), TOBN(0xc6438748, 0x5ecf91e7),
+     TOBN(0x15758e57, 0xdb757a21), TOBN(0x427d09f8, 0x290a9ce5),
+     TOBN(0x846a308f, 0x38384a7a), TOBN(0xaac3acb4, 0xb0732b99),
+     TOBN(0x9e941009, 0x17845819), TOBN(0x95cba111, 0xa7ce5e03),
+     TOBN(0x6f3d4f7f, 0xb00009c4), TOBN(0xb8396c27, 0x8ff28b5f),
+     TOBN(0xb1a9ae43, 0x1c97975d), TOBN(0x9d7ba8af, 0xe5d9fed5),
+     TOBN(0x338cf09f, 0x34f485b6), TOBN(0xbc0ddacc, 0x64122516),
+     TOBN(0xa450da12, 0x05d471fe), TOBN(0x4c3a6250, 0x628dd8c9),
+     TOBN(0x69c7d103, 0xd1295837), TOBN(0xa2893e50, 0x3807eb2f),
+     TOBN(0xd6e1e1de, 0xbdb41491), TOBN(0xc630745b, 0x5e138235),
+     TOBN(0xc892109e, 0x48661ae1), TOBN(0x8d17e7eb, 0xea2b2674),
+     TOBN(0x00ec0f87, 0xc328d6b5), TOBN(0x6d858645, 0xf079ff9e),
+     TOBN(0x6cdf243e, 0x19115ead), TOBN(0x1ce1393e, 0x4bac4fcf),
+     TOBN(0x2c960ed0, 0x9c29f25b), TOBN(0x59be4d8e, 0x9d388a05),
+     TOBN(0x0d46e06c, 0xd0def72b), TOBN(0xb923db5d, 0xe0342748),
+     TOBN(0xf7d3aacd, 0x936d4a3d), TOBN(0x558519cc, 0x0b0b099e),
+     TOBN(0x3ea8ebf8, 0x827097ef), TOBN(0x259353db, 0xd054f55d),
+     TOBN(0x84c89abc, 0x6d2ed089), TOBN(0x5c548b69, 0x8e096a7c),
+     TOBN(0xd587f616, 0x994b995d), TOBN(0x4d1531f6, 0xa5845601),
+     TOBN(0x792ab31e, 0x451fd9f0), TOBN(0xc8b57bb2, 0x65adf6ca),
+     TOBN(0x68440fcb, 0x1cd5ad73), TOBN(0xb9c860e6, 0x6144da4f),
+     TOBN(0x2ab286aa, 0x8462beb8), TOBN(0xcc6b8fff, 0xef46797f),
+     TOBN(0xac820da4, 0x20c8a471), TOBN(0x69ae05a1, 0x77ff7faf),
+     TOBN(0xb9163f39, 0xbfb5da77), TOBN(0xbd03e590, 0x2c73ab7a),
+     TOBN(0x7e862b5e, 0xb2940d9e), TOBN(0x3c663d86, 0x4b9af564),
+     TOBN(0xd8309031, 0xbde3033d), TOBN(0x298231b2, 0xd42c5bc6),
+     TOBN(0x42090d2c, 0x552ad093), TOBN(0xa4799d1c, 0xff854695),
+     TOBN(0x0a88b5d6, 0xd31f0d00), TOBN(0xf8b40825, 0xa2f26b46),
+     TOBN(0xec29b1ed, 0xf1bd7218), TOBN(0xd491c53b, 0x4b24c86e),
+     TOBN(0xd2fe588f, 0x3395ea65), TOBN(0x6f3764f7, 0x4456ef15),
+     TOBN(0xdb43116d, 0xcdc34800), TOBN(0xcdbcd456, 0xc1e33955),
+     TOBN(0xefdb5540, 0x74ab286b), TOBN(0x948c7a51, 0xd18c5d7c),
+     TOBN(0xeb81aa37, 0x7378058e), TOBN(0x41c746a1, 0x04411154),
+     TOBN(0xa10c73bc, 0xfb828ac7), TOBN(0x6439be91, 0x9d972b29),
+     TOBN(0x4bf3b4b0, 0x43a2fbad), TOBN(0x39e6dadf, 0x82b5e840),
+     TOBN(0x4f716408, 0x6397bd4c), TOBN(0x0f7de568, 0x7f1eeccb),
+     TOBN(0x5865c5a1, 0xd2ffbfc1), TOBN(0xf74211fa, 0x4ccb6451),
+     TOBN(0x66368a88, 0xc0b32558), TOBN(0x5b539dc2, 0x9ad7812e),
+     TOBN(0x579483d0, 0x2f3af6f6), TOBN(0x52132078, 0x99934ece),
+     TOBN(0x50b9650f, 0xdcc9e983), TOBN(0xca989ec9, 0xaee42b8a),
+     TOBN(0x6a44c829, 0xd6f62f99), TOBN(0x8f06a309, 0x4c2a7c0c),
+     TOBN(0x4ea2b3a0, 0x98a0cb0a), TOBN(0x5c547b70, 0xbeee8364),
+     TOBN(0x461d40e1, 0x682afe11), TOBN(0x9e0fc77a, 0x7b41c0a8),
+     TOBN(0x79e4aefd, 0xe20d5d36), TOBN(0x2916e520, 0x32dd9f63),
+     TOBN(0xf59e52e8, 0x3f883faf), TOBN(0x396f9639, 0x2b868d35),
+     TOBN(0xc902a9df, 0x4ca19881), TOBN(0x0fc96822, 0xdb2401a6),
+     TOBN(0x41237587, 0x66f1c68d), TOBN(0x10fc6de3, 0xfb476c0d),
+     TOBN(0xf8b6b579, 0x841f5d90), TOBN(0x2ba8446c, 0xfa24f44a),
+     TOBN(0xa237b920, 0xef4a9975), TOBN(0x60bb6004, 0x2330435f),
+     TOBN(0xd6f4ab5a, 0xcfb7e7b5), TOBN(0xb2ac5097, 0x83435391),
+     TOBN(0xf036ee2f, 0xb0d1ea67), TOBN(0xae779a6a, 0x74c56230),
+     TOBN(0x59bff8c8, 0xab838ae6), TOBN(0xcd83ca99, 0x9b38e6f0),
+     TOBN(0xbb27bef5, 0xe33deed3), TOBN(0xe6356f6f, 0x001892a8),
+     TOBN(0xbf3be6cc, 0x7adfbd3e), TOBN(0xaecbc81c, 0x33d1ac9d),
+     TOBN(0xe4feb909, 0xe6e861dc), TOBN(0x90a247a4, 0x53f5f801),
+     TOBN(0x01c50acb, 0x27346e57), TOBN(0xce29242e, 0x461acc1b),
+     TOBN(0x04dd214a, 0x2f998a91), TOBN(0x271ee9b1, 0xd4baf27b),
+     TOBN(0x7e3027d1, 0xe8c26722), TOBN(0x21d1645c, 0x1820dce5),
+     TOBN(0x086f242c, 0x7501779c), TOBN(0xf0061407, 0xfa0e8009),
+     TOBN(0xf23ce477, 0x60187129), TOBN(0x05bbdedb, 0x0fde9bd0),
+     TOBN(0x682f4832, 0x25d98473), TOBN(0xf207fe85, 0x5c658427),
+     TOBN(0xb6fdd7ba, 0x4166ffa1), TOBN(0x0c314056, 0x9eed799d),
+     TOBN(0x0db8048f, 0x4107e28f), TOBN(0x74ed3871, 0x41216840),
+     TOBN(0x74489f8f, 0x56a3c06e), TOBN(0x1e1c005b, 0x12777134),
+     TOBN(0xdb332a73, 0xf37ec3c3), TOBN(0xc65259bd, 0xdd59eba0),
+     TOBN(0x2291709c, 0xdb4d3257), TOBN(0x9a793b25, 0xbd389390),
+     TOBN(0xf39fe34b, 0xe43756f0), TOBN(0x2f76bdce, 0x9afb56c9),
+     TOBN(0x9f37867a, 0x61208b27), TOBN(0xea1d4307, 0x089972c3),
+     TOBN(0x8c595330, 0x8bdf623a), TOBN(0x5f5accda, 0x8441fb7d),
+     TOBN(0xfafa9418, 0x32ddfd95), TOBN(0x6ad40c5a, 0x0fde9be7),
+     TOBN(0x43faba89, 0xaeca8709), TOBN(0xc64a7cf1, 0x2c248a9d),
+     TOBN(0x16620252, 0x72637a76), TOBN(0xaee1c791, 0x22b8d1bb),
+     TOBN(0xf0f798fd, 0x21a843b2), TOBN(0x56e4ed4d, 0x8d005cb1),
+     TOBN(0x355f7780, 0x1f0d8abe), TOBN(0x197b04cf, 0x34522326),
+     TOBN(0x41f9b31f, 0xfd42c13f), TOBN(0x5ef7feb2, 0xb40f933d),
+     TOBN(0x27326f42, 0x5d60bad4), TOBN(0x027ecdb2, 0x8c92cf89),
+     TOBN(0x04aae4d1, 0x4e3352fe), TOBN(0x08414d2f, 0x73591b90),
+     TOBN(0x5ed6124e, 0xb7da7d60), TOBN(0xb985b931, 0x4d13d4ec),
+     TOBN(0xa592d3ab, 0x96bf36f9), TOBN(0x012dbed5, 0xbbdf51df),
+     TOBN(0xa57963c0, 0xdf6c177d), TOBN(0x010ec869, 0x87ca29cf),
+     TOBN(0xba1700f6, 0xbf926dff), TOBN(0x7c9fdbd1, 0xf4bf6bc2),
+     TOBN(0xdc18dc8f, 0x64da11f5), TOBN(0xa6074b7a, 0xd938ae75),
+     TOBN(0x14270066, 0xe84f44a4), TOBN(0x99998d38, 0xd27b954e),
+     TOBN(0xc1be8ab2, 0xb4f38e9a), TOBN(0x8bb55bbf, 0x15c01016),
+     TOBN(0xf73472b4, 0x0ea2ab30), TOBN(0xd365a340, 0xf73d68dd),
+     TOBN(0xc01a7168, 0x19c2e1eb), TOBN(0x32f49e37, 0x34061719),
+     TOBN(0xb73c57f1, 0x01d8b4d6), TOBN(0x03c8423c, 0x26b47700),
+     TOBN(0x321d0bc8, 0xa4d8826a), TOBN(0x6004213c, 0x4bc0e638),
+     TOBN(0xf78c64a1, 0xc1c06681), TOBN(0x16e0a16f, 0xef018e50),
+     TOBN(0x31cbdf91, 0xdb42b2b3), TOBN(0xf8f4ffce, 0xe0d36f58),
+     TOBN(0xcdcc71cd, 0x4cc5e3e0), TOBN(0xd55c7cfa, 0xa129e3e0),
+     TOBN(0xccdb6ba0, 0x0fb2cbf1), TOBN(0x6aba0005, 0xc4bce3cb),
+     TOBN(0x501cdb30, 0xd232cfc4), TOBN(0x9ddcf12e, 0xd58a3cef),
+     TOBN(0x02d2cf9c, 0x87e09149), TOBN(0xdc5d7ec7, 0x2c976257),
+     TOBN(0x6447986e, 0x0b50d7dd), TOBN(0x88fdbaf7, 0x807f112a),
+     TOBN(0x58c9822a, 0xb00ae9f6), TOBN(0x6abfb950, 0x6d3d27e0),
+     TOBN(0xd0a74487, 0x8a429f4f), TOBN(0x0649712b, 0xdb516609),
+     TOBN(0xb826ba57, 0xe769b5df), TOBN(0x82335df2, 0x1fc7aaf2),
+     TOBN(0x2389f067, 0x5c93d995), TOBN(0x59ac367a, 0x68677be6),
+     TOBN(0xa77985ff, 0x21d9951b), TOBN(0x038956fb, 0x85011cce),
+     TOBN(0x608e48cb, 0xbb734e37), TOBN(0xc08c0bf2, 0x2be5b26f),
+     TOBN(0x17bbdd3b, 0xf9b1a0d9), TOBN(0xeac7d898, 0x10483319),
+     TOBN(0xc95c4baf, 0xbc1a6dea), TOBN(0xfdd0e2bf, 0x172aafdb),
+     TOBN(0x40373cbc, 0x8235c41a), TOBN(0x14303f21, 0xfb6f41d5),
+     TOBN(0xba063621, 0x0408f237), TOBN(0xcad3b09a, 0xecd2d1ed),
+     TOBN(0x4667855a, 0x52abb6a2), TOBN(0xba9157dc, 0xaa8b417b),
+     TOBN(0xfe7f3507, 0x4f013efb), TOBN(0x1b112c4b, 0xaa38c4a2),
+     TOBN(0xa1406a60, 0x9ba64345), TOBN(0xe53cba33, 0x6993c80b),
+     TOBN(0x45466063, 0xded40d23), TOBN(0x3d5f1f4d, 0x54908e25),
+     TOBN(0x9ebefe62, 0x403c3c31), TOBN(0x274ea0b5, 0x0672a624),
+     TOBN(0xff818d99, 0x451d1b71), TOBN(0x80e82643, 0x8f79cf79),
+     TOBN(0xa165df13, 0x73ce37f5), TOBN(0xa744ef4f, 0xfe3a21fd),
+     TOBN(0x73f1e7f5, 0xcf551396), TOBN(0xc616898e, 0x868c676b),
+     TOBN(0x671c28c7, 0x8c442c36), TOBN(0xcfe5e558, 0x5e0a317d),
+     TOBN(0x1242d818, 0x7051f476), TOBN(0x56fad2a6, 0x14f03442),
+     TOBN(0x262068bc, 0x0a44d0f6), TOBN(0xdfa2cd6e, 0xce6edf4e),
+     TOBN(0x0f43813a, 0xd15d1517), TOBN(0x61214cb2, 0x377d44f5),
+     TOBN(0xd399aa29, 0xc639b35f), TOBN(0x42136d71, 0x54c51c19),
+     TOBN(0x9774711b, 0x08417221), TOBN(0x0a5546b3, 0x52545a57),
+     TOBN(0x80624c41, 0x1150582d), TOBN(0x9ec5c418, 0xfbc555bc),
+     TOBN(0x2c87dcad, 0x771849f1), TOBN(0xb0c932c5, 0x01d7bf6f),
+     TOBN(0x6aa5cd3e, 0x89116eb2), TOBN(0xd378c25a, 0x51ca7bd3),
+     TOBN(0xc612a0da, 0x9e6e3e31), TOBN(0x0417a54d, 0xb68ad5d0),
+     TOBN(0x00451e4a, 0x22c6edb8), TOBN(0x9fbfe019, 0xb42827ce),
+     TOBN(0x2fa92505, 0xba9384a2), TOBN(0x21b8596e, 0x64ad69c1),
+     TOBN(0x8f4fcc49, 0x983b35a6), TOBN(0xde093760, 0x72754672),
+     TOBN(0x2f14ccc8, 0xf7bffe6d), TOBN(0x27566bff, 0x5d94263d),
+     TOBN(0xb5b4e9c6, 0x2df3ec30), TOBN(0x94f1d7d5, 0x3e6ea6ba),
+     TOBN(0x97b7851a, 0xaaca5e9b), TOBN(0x518aa521, 0x56713b97),
+     TOBN(0x3357e8c7, 0x150a61f6), TOBN(0x7842e7e2, 0xec2c2b69),
+     TOBN(0x8dffaf65, 0x6868a548), TOBN(0xd963bd82, 0xe068fc81),
+     TOBN(0x64da5c8b, 0x65917733), TOBN(0x927090ff, 0x7b247328),}
+    ,
+    {TOBN(0x214bc9a7, 0xd298c241), TOBN(0xe3b697ba, 0x56807cfd),
+     TOBN(0xef1c7802, 0x4564eadb), TOBN(0xdde8cdcf, 0xb48149c5),
+     TOBN(0x946bf0a7, 0x5a4d2604), TOBN(0x27154d7f, 0x6c1538af),
+     TOBN(0x95cc9230, 0xde5b1fcc), TOBN(0xd88519e9, 0x66864f82),
+     TOBN(0xb828dd1a, 0x7cb1282c), TOBN(0xa08d7626, 0xbe46973a),
+     TOBN(0x6baf8d40, 0xe708d6b2), TOBN(0x72571fa1, 0x4daeb3f3),
+     TOBN(0x85b1732f, 0xf22dfd98), TOBN(0x87ab01a7, 0x0087108d),
+     TOBN(0xaaaafea8, 0x5988207a), TOBN(0xccc832f8, 0x69f00755),
+     TOBN(0x964d950e, 0x36ff3bf0), TOBN(0x8ad20f6f, 0xf0b34638),
+     TOBN(0x4d9177b3, 0xb5d7585f), TOBN(0xcf839760, 0xef3f019f),
+     TOBN(0x582fc5b3, 0x8288c545), TOBN(0x2f8e4e9b, 0x13116bd1),
+     TOBN(0xf91e1b2f, 0x332120ef), TOBN(0xcf568724, 0x2a17dd23),
+     TOBN(0x488f1185, 0xca8d9d1a), TOBN(0xadf2c77d, 0xd987ded2),
+     TOBN(0x5f3039f0, 0x60c46124), TOBN(0xe5d70b75, 0x71e095f4),
+     TOBN(0x82d58650, 0x6260e70f), TOBN(0x39d75ea7, 0xf750d105),
+     TOBN(0x8cf3d0b1, 0x75bac364), TOBN(0xf3a7564d, 0x21d01329),
+     TOBN(0x182f04cd, 0x2f52d2a7), TOBN(0x4fde149a, 0xe2df565a),
+     TOBN(0xb80c5eec, 0xa79fb2f7), TOBN(0xab491d7b, 0x22ddc897),
+     TOBN(0x99d76c18, 0xc6312c7f), TOBN(0xca0d5f3d, 0x6aa41a57),
+     TOBN(0x71207325, 0xd15363a0), TOBN(0xe82aa265, 0xbeb252c2),
+     TOBN(0x94ab4700, 0xec3128c2), TOBN(0x6c76d862, 0x8e383f49),
+     TOBN(0xdc36b150, 0xc03024eb), TOBN(0xfb439477, 0x53daac69),
+     TOBN(0xfc68764a, 0x8dc79623), TOBN(0x5b86995d, 0xb440fbb2),
+     TOBN(0xd66879bf, 0xccc5ee0d), TOBN(0x05228942, 0x95aa8bd3),
+     TOBN(0xb51a40a5, 0x1e6a75c1), TOBN(0x24327c76, 0x0ea7d817),
+     TOBN(0x06630182, 0x07774597), TOBN(0xd6fdbec3, 0x97fa7164),
+     TOBN(0x20c99dfb, 0x13c90f48), TOBN(0xd6ac5273, 0x686ef263),
+     TOBN(0xc6a50bdc, 0xfef64eeb), TOBN(0xcd87b281, 0x86fdfc32),
+     TOBN(0xb24aa43e, 0x3fcd3efc), TOBN(0xdd26c034, 0xb8088e9a),
+     TOBN(0xa5ef4dc9, 0xbd3d46ea), TOBN(0xa2f99d58, 0x8a4c6a6f),
+     TOBN(0xddabd355, 0x2f1da46c), TOBN(0x72c3f8ce, 0x1afacdd1),
+     TOBN(0xd90c4eee, 0x92d40578), TOBN(0xd28bb41f, 0xca623b94),
+     TOBN(0x50fc0711, 0x745edc11), TOBN(0x9dd9ad7d, 0x3dc87558),
+     TOBN(0xce6931fb, 0xb49d1e64), TOBN(0x6c77a0a2, 0xc98bd0f9),
+     TOBN(0x62b9a629, 0x6baf7cb1), TOBN(0xcf065f91, 0xccf72d22),
+     TOBN(0x7203cce9, 0x79639071), TOBN(0x09ae4885, 0xf9cb732f),
+     TOBN(0x5e7c3bec, 0xee8314f3), TOBN(0x1c068aed, 0xdbea298f),
+     TOBN(0x08d381f1, 0x7c80acec), TOBN(0x03b56be8, 0xe330495b),
+     TOBN(0xaeffb8f2, 0x9222882d), TOBN(0x95ff38f6, 0xc4af8bf7),
+     TOBN(0x50e32d35, 0x1fc57d8c), TOBN(0x6635be52, 0x17b444f0),
+     TOBN(0x04d15276, 0xa5177900), TOBN(0x4e1dbb47, 0xf6858752),
+     TOBN(0x5b475622, 0xc615796c), TOBN(0xa6fa0387, 0x691867bf),
+     TOBN(0xed7f5d56, 0x2844c6d0), TOBN(0xc633cf9b, 0x03a2477d),
+     TOBN(0xf6be5c40, 0x2d3721d6), TOBN(0xaf312eb7, 0xe9fd68e6),
+     TOBN(0x242792d2, 0xe7417ce1), TOBN(0xff42bc71, 0x970ee7f5),
+     TOBN(0x1ff4dc6d, 0x5c67a41e), TOBN(0x77709b7b, 0x20882a58),
+     TOBN(0x3554731d, 0xbe217f2c), TOBN(0x2af2a8cd, 0x5bb72177),
+     TOBN(0x58eee769, 0x591dd059), TOBN(0xbb2930c9, 0x4bba6477),
+     TOBN(0x863ee047, 0x7d930cfc), TOBN(0x4c262ad1, 0x396fd1f4),
+     TOBN(0xf4765bc8, 0x039af7e1), TOBN(0x2519834b, 0x5ba104f6),
+     TOBN(0x7cd61b4c, 0xd105f961), TOBN(0xa5415da5, 0xd63bca54),
+     TOBN(0x778280a0, 0x88a1f17c), TOBN(0xc4968949, 0x2329512c),
+     TOBN(0x174a9126, 0xcecdaa7a), TOBN(0xfc8c7e0e, 0x0b13247b),
+     TOBN(0x29c110d2, 0x3484c1c4), TOBN(0xf8eb8757, 0x831dfc3b),
+     TOBN(0x022f0212, 0xc0067452), TOBN(0x3f6f69ee, 0x7b9b926c),
+     TOBN(0x09032da0, 0xef42daf4), TOBN(0x79f00ade, 0x83f80de4),
+     TOBN(0x6210db71, 0x81236c97), TOBN(0x74f7685b, 0x3ee0781f),
+     TOBN(0x4df7da7b, 0xa3e41372), TOBN(0x2aae38b1, 0xb1a1553e),
+     TOBN(0x1688e222, 0xf6dd9d1b), TOBN(0x57695448, 0x5b8b6487),
+     TOBN(0x478d2127, 0x4b2edeaa), TOBN(0xb2818fa5, 0x1e85956a),
+     TOBN(0x1e6addda, 0xf176f2c0), TOBN(0x01ca4604, 0xe2572658),
+     TOBN(0x0a404ded, 0x85342ffb), TOBN(0x8cf60f96, 0x441838d6),
+     TOBN(0x9bbc691c, 0xc9071c4a), TOBN(0xfd588744, 0x34442803),
+     TOBN(0x97101c85, 0x809c0d81), TOBN(0xa7fb754c, 0x8c456f7f),
+     TOBN(0xc95f3c5c, 0xd51805e1), TOBN(0xab4ccd39, 0xb299dca8),
+     TOBN(0x3e03d20b, 0x47eaf500), TOBN(0xfa3165c1, 0xd7b80893),
+     TOBN(0x005e8b54, 0xe160e552), TOBN(0xdc4972ba, 0x9019d11f),
+     TOBN(0x21a6972e, 0x0c9a4a7a), TOBN(0xa52c258f, 0x37840fd7),
+     TOBN(0xf8559ff4, 0xc1e99d81), TOBN(0x08e1a7d6, 0xa3c617c0),
+     TOBN(0xb398fd43, 0x248c6ba7), TOBN(0x6ffedd91, 0xd1283794),
+     TOBN(0x8a6a59d2, 0xd629d208), TOBN(0xa9d141d5, 0x3490530e),
+     TOBN(0x42f6fc18, 0x38505989), TOBN(0x09bf250d, 0x479d94ee),
+     TOBN(0x223ad3b1, 0xb3822790), TOBN(0x6c5926c0, 0x93b8971c),
+     TOBN(0x609efc7e, 0x75f7fa62), TOBN(0x45d66a6d, 0x1ec2d989),
+     TOBN(0x4422d663, 0x987d2792), TOBN(0x4a73caad, 0x3eb31d2b),
+     TOBN(0xf06c2ac1, 0xa32cb9e6), TOBN(0xd9445c5f, 0x91aeba84),
+     TOBN(0x6af7a1d5, 0xaf71013f), TOBN(0xe68216e5, 0x0bedc946),
+     TOBN(0xf4cba30b, 0xd27370a0), TOBN(0x7981afbf, 0x870421cc),
+     TOBN(0x02496a67, 0x9449f0e1), TOBN(0x86cfc4be, 0x0a47edae),
+     TOBN(0x3073c936, 0xb1feca22), TOBN(0xf5694612, 0x03f8f8fb),
+     TOBN(0xd063b723, 0x901515ea), TOBN(0x4c6c77a5, 0x749cf038),
+     TOBN(0x6361e360, 0xab9e5059), TOBN(0x596cf171, 0xa76a37c0),
+     TOBN(0x800f53fa, 0x6530ae7a), TOBN(0x0f5e631e, 0x0792a7a6),
+     TOBN(0x5cc29c24, 0xefdb81c9), TOBN(0xa269e868, 0x3f9c40ba),
+     TOBN(0xec14f9e1, 0x2cb7191e), TOBN(0x78ea1bd8, 0xe5b08ea6),
+     TOBN(0x3c65aa9b, 0x46332bb9), TOBN(0x84cc22b3, 0xbf80ce25),
+     TOBN(0x0098e9e9, 0xd49d5bf1), TOBN(0xcd4ec1c6, 0x19087da4),
+     TOBN(0x3c9d07c5, 0xaef6e357), TOBN(0x839a0268, 0x9f8f64b8),
+     TOBN(0xc5e9eb62, 0xc6d8607f), TOBN(0x759689f5, 0x6aa995e4),
+     TOBN(0x70464669, 0xbbb48317), TOBN(0x921474bf, 0xe402417d),
+     TOBN(0xcabe135b, 0x2a354c8c), TOBN(0xd51e52d2, 0x812fa4b5),
+     TOBN(0xec741096, 0x53311fe8), TOBN(0x4f774535, 0xb864514b),
+     TOBN(0xbcadd671, 0x5bde48f8), TOBN(0xc9703873, 0x2189bc7d),
+     TOBN(0x5d45299e, 0xc709ee8a), TOBN(0xd1287ee2, 0x845aaff8),
+     TOBN(0x7d1f8874, 0xdb1dbf1f), TOBN(0xea46588b, 0x990c88d6),
+     TOBN(0x60ba649a, 0x84368313), TOBN(0xd5fdcbce, 0x60d543ae),
+     TOBN(0x90b46d43, 0x810d5ab0), TOBN(0x6739d8f9, 0x04d7e5cc),
+     TOBN(0x021c1a58, 0x0d337c33), TOBN(0x00a61162, 0x68e67c40),
+     TOBN(0x95ef413b, 0x379f0a1f), TOBN(0xfe126605, 0xe9e2ab95),
+     TOBN(0x67578b85, 0x2f5f199c), TOBN(0xf5c00329, 0x2cb84913),
+     TOBN(0xf7956430, 0x37577dd8), TOBN(0x83b82af4, 0x29c5fe88),
+     TOBN(0x9c1bea26, 0xcdbdc132), TOBN(0x589fa086, 0x9c04339e),
+     TOBN(0x033e9538, 0xb13799df), TOBN(0x85fa8b21, 0xd295d034),
+     TOBN(0xdf17f73f, 0xbd9ddcca), TOBN(0xf32bd122, 0xddb66334),
+     TOBN(0x55ef88a7, 0x858b044c), TOBN(0x1f0d69c2, 0x5aa9e397),
+     TOBN(0x55fd9cc3, 0x40d85559), TOBN(0xc774df72, 0x7785ddb2),
+     TOBN(0x5dcce9f6, 0xd3bd2e1c), TOBN(0xeb30da20, 0xa85dfed0),
+     TOBN(0x5ed7f5bb, 0xd3ed09c4), TOBN(0x7d42a35c, 0x82a9c1bd),
+     TOBN(0xcf3de995, 0x9890272d), TOBN(0x75f3432a, 0x3e713a10),
+     TOBN(0x5e13479f, 0xe28227b8), TOBN(0xb8561ea9, 0xfefacdc8),
+     TOBN(0xa6a297a0, 0x8332aafd), TOBN(0x9b0d8bb5, 0x73809b62),
+     TOBN(0xd2fa1cfd, 0x0c63036f), TOBN(0x7a16eb55, 0xbd64bda8),
+     TOBN(0x3f5cf5f6, 0x78e62ddc), TOBN(0x2267c454, 0x07fd752b),
+     TOBN(0x5e361b6b, 0x5e437bbe), TOBN(0x95c59501, 0x8354e075),
+     TOBN(0xec725f85, 0xf2b254d9), TOBN(0x844b617d, 0x2cb52b4e),
+     TOBN(0xed8554f5, 0xcf425fb5), TOBN(0xab67703e, 0x2af9f312),
+     TOBN(0x4cc34ec1, 0x3cf48283), TOBN(0xb09daa25, 0x9c8a705e),
+     TOBN(0xd1e9d0d0, 0x5b7d4f84), TOBN(0x4df6ef64, 0xdb38929d),
+     TOBN(0xe16b0763, 0xaa21ba46), TOBN(0xc6b1d178, 0xa293f8fb),
+     TOBN(0x0ff5b602, 0xd520aabf), TOBN(0x94d671bd, 0xc339397a),
+     TOBN(0x7c7d98cf, 0x4f5792fa), TOBN(0x7c5e0d67, 0x11215261),
+     TOBN(0x9b19a631, 0xa7c5a6d4), TOBN(0xc8511a62, 0x7a45274d),
+     TOBN(0x0c16621c, 0xa5a60d99), TOBN(0xf7fbab88, 0xcf5e48cb),
+     TOBN(0xab1e6ca2, 0xf7ddee08), TOBN(0x83bd08ce, 0xe7867f3c),
+     TOBN(0xf7e48e8a, 0x2ac13e27), TOBN(0x4494f6df, 0x4eb1a9f5),
+     TOBN(0xedbf84eb, 0x981f0a62), TOBN(0x49badc32, 0x536438f0),
+     TOBN(0x50bea541, 0x004f7571), TOBN(0xbac67d10, 0xdf1c94ee),
+     TOBN(0x253d73a1, 0xb727bc31), TOBN(0xb3d01cf2, 0x30686e28),
+     TOBN(0x51b77b1b, 0x55fd0b8b), TOBN(0xa099d183, 0xfeec3173),
+     TOBN(0x202b1fb7, 0x670e72b7), TOBN(0xadc88b33, 0xa8e1635f),
+     TOBN(0x34e8216a, 0xf989d905), TOBN(0xc2e68d20, 0x29b58d01),
+     TOBN(0x11f81c92, 0x6fe55a93), TOBN(0x15f1462a, 0x8f296f40),
+     TOBN(0x1915d375, 0xea3d62f2), TOBN(0xa17765a3, 0x01c8977d),
+     TOBN(0x7559710a, 0xe47b26f6), TOBN(0xe0bd29c8, 0x535077a5),
+     TOBN(0x615f976d, 0x08d84858), TOBN(0x370dfe85, 0x69ced5c1),
+     TOBN(0xbbc7503c, 0xa734fa56), TOBN(0xfbb9f1ec, 0x91ac4574),
+     TOBN(0x95d7ec53, 0x060dd7ef), TOBN(0xeef2dacd, 0x6e657979),
+     TOBN(0x54511af3, 0xe2a08235), TOBN(0x1e324aa4, 0x1f4aea3d),
+     TOBN(0x550e7e71, 0xe6e67671), TOBN(0xbccd5190, 0xbf52faf7),
+     TOBN(0xf880d316, 0x223cc62a), TOBN(0x0d402c7e, 0x2b32eb5d),
+     TOBN(0xa40bc039, 0x306a5a3b), TOBN(0x4e0a41fd, 0x96783a1b),
+     TOBN(0xa1e8d39a, 0x0253cdd4), TOBN(0x6480be26, 0xc7388638),
+     TOBN(0xee365e1d, 0x2285f382), TOBN(0x188d8d8f, 0xec0b5c36),
+     TOBN(0x34ef1a48, 0x1f0f4d82), TOBN(0x1a8f43e1, 0xa487d29a),
+     TOBN(0x8168226d, 0x77aefb3a), TOBN(0xf69a751e, 0x1e72c253),
+     TOBN(0x8e04359a, 0xe9594df1), TOBN(0x475ffd7d, 0xd14c0467),
+     TOBN(0xb5a2c2b1, 0x3844e95c), TOBN(0x85caf647, 0xdd12ef94),
+     TOBN(0x1ecd2a9f, 0xf1063d00), TOBN(0x1dd2e229, 0x23843311),
+     TOBN(0x38f0e09d, 0x73d17244), TOBN(0x3ede7746, 0x8fc653f1),
+     TOBN(0xae4459f5, 0xdc20e21c), TOBN(0x00db2ffa, 0x6a8599ea),
+     TOBN(0x11682c39, 0x30cfd905), TOBN(0x4934d074, 0xa5c112a6),
+     TOBN(0xbdf063c5, 0x568bfe95), TOBN(0x779a440a, 0x016c441a),
+     TOBN(0x0c23f218, 0x97d6fbdc), TOBN(0xd3a5cd87, 0xe0776aac),
+     TOBN(0xcee37f72, 0xd712e8db), TOBN(0xfb28c70d, 0x26f74e8d),
+     TOBN(0xffe0c728, 0xb61301a0), TOBN(0xa6282168, 0xd3724354),
+     TOBN(0x7ff4cb00, 0x768ffedc), TOBN(0xc51b3088, 0x03b02de9),
+     TOBN(0xa5a8147c, 0x3902dda5), TOBN(0x35d2f706, 0xfe6973b4),
+     TOBN(0x5ac2efcf, 0xc257457e), TOBN(0x933f48d4, 0x8700611b),
+     TOBN(0xc365af88, 0x4912beb2), TOBN(0x7f5a4de6, 0x162edf94),
+     TOBN(0xc646ba7c, 0x0c32f34b), TOBN(0x632c6af3, 0xb2091074),
+     TOBN(0x58d4f2e3, 0x753e43a9), TOBN(0x70e1d217, 0x24d4e23f),
+     TOBN(0xb24bf729, 0xafede6a6), TOBN(0x7f4a94d8, 0x710c8b60),
+     TOBN(0xaad90a96, 0x8d4faa6a), TOBN(0xd9ed0b32, 0xb066b690),
+     TOBN(0x52fcd37b, 0x78b6dbfd), TOBN(0x0b64615e, 0x8bd2b431),
+     TOBN(0x228e2048, 0xcfb9fad5), TOBN(0xbeaa386d, 0x240b76bd),
+     TOBN(0x2d6681c8, 0x90dad7bc), TOBN(0x3e553fc3, 0x06d38f5e),
+     TOBN(0xf27cdb9b, 0x9d5f9750), TOBN(0x3e85c52a, 0xd28c5b0e),
+     TOBN(0x190795af, 0x5247c39b), TOBN(0x547831eb, 0xbddd6828),
+     TOBN(0xf327a227, 0x4a82f424), TOBN(0x36919c78, 0x7e47f89d),
+     TOBN(0xe4783919, 0x43c7392c), TOBN(0xf101b9aa, 0x2316fefe),
+     TOBN(0xbcdc9e9c, 0x1c5009d2), TOBN(0xfb55ea13, 0x9cd18345),
+     TOBN(0xf5b5e231, 0xa3ce77c7), TOBN(0xde6b4527, 0xd2f2cb3d),
+     TOBN(0x10f6a333, 0x9bb26f5f), TOBN(0x1e85db8e, 0x044d85b6),
+     TOBN(0xc3697a08, 0x94197e54), TOBN(0x65e18cc0, 0xa7cb4ea8),
+     TOBN(0xa38c4f50, 0xa471fe6e), TOBN(0xf031747a, 0x2f13439c),
+     TOBN(0x53c4a6ba, 0xc007318b), TOBN(0xa8da3ee5, 0x1deccb3d),
+     TOBN(0x0555b31c, 0x558216b1), TOBN(0x90c7810c, 0x2f79e6c2),
+     TOBN(0x9b669f4d, 0xfe8eed3c), TOBN(0x70398ec8, 0xe0fac126),
+     TOBN(0xa96a449e, 0xf701b235), TOBN(0x0ceecdb3, 0xeb94f395),
+     TOBN(0x285fc368, 0xd0cb7431), TOBN(0x0d37bb52, 0x16a18c64),
+     TOBN(0x05110d38, 0xb880d2dd), TOBN(0xa60f177b, 0x65930d57),
+     TOBN(0x7da34a67, 0xf36235f5), TOBN(0x47f5e17c, 0x183816b9),
+     TOBN(0xc7664b57, 0xdb394af4), TOBN(0x39ba215d, 0x7036f789),
+     TOBN(0x46d2ca0e, 0x2f27b472), TOBN(0xc42647ee, 0xf73a84b7),
+     TOBN(0x44bc7545, 0x64488f1d), TOBN(0xaa922708, 0xf4cf85d5),
+     TOBN(0x721a01d5, 0x53e4df63), TOBN(0x649c0c51, 0x5db46ced),
+     TOBN(0x6bf0d64e, 0x3cffcb6c), TOBN(0xe3bf93fe, 0x50f71d96),
+     TOBN(0x75044558, 0xbcc194a0), TOBN(0x16ae3372, 0x6afdc554),
+     TOBN(0xbfc01adf, 0x5ca48f3f), TOBN(0x64352f06, 0xe22a9b84),
+     TOBN(0xcee54da1, 0xc1099e4a), TOBN(0xbbda54e8, 0xfa1b89c0),
+     TOBN(0x166a3df5, 0x6f6e55fb), TOBN(0x1ca44a24, 0x20176f88),
+     TOBN(0x936afd88, 0xdfb7b5ff), TOBN(0xe34c2437, 0x8611d4a0),
+     TOBN(0x7effbb75, 0x86142103), TOBN(0x6704ba1b, 0x1f34fc4d),
+     TOBN(0x7c2a468f, 0x10c1b122), TOBN(0x36b3a610, 0x8c6aace9),
+     TOBN(0xabfcc0a7, 0x75a0d050), TOBN(0x066f9197, 0x3ce33e32),
+     TOBN(0xce905ef4, 0x29fe09be), TOBN(0x89ee25ba, 0xa8376351),
+     TOBN(0x2a3ede22, 0xfd29dc76), TOBN(0x7fd32ed9, 0x36f17260),
+     TOBN(0x0cadcf68, 0x284b4126), TOBN(0x63422f08, 0xa7951fc8),
+     TOBN(0x562b24f4, 0x0807e199), TOBN(0xfe9ce5d1, 0x22ad4490),
+     TOBN(0xc2f51b10, 0x0db2b1b4), TOBN(0xeb3613ff, 0xe4541d0d),
+     TOBN(0xbd2c4a05, 0x2680813b), TOBN(0x527aa55d, 0x561b08d6),
+     TOBN(0xa9f8a40e, 0xa7205558), TOBN(0xe3eea56f, 0x243d0bec),
+     TOBN(0x7b853817, 0xa0ff58b3), TOBN(0xb67d3f65, 0x1a69e627),
+     TOBN(0x0b76bbb9, 0xa869b5d6), TOBN(0xa3afeb82, 0x546723ed),
+     TOBN(0x5f24416d, 0x3e554892), TOBN(0x8413b53d, 0x430e2a45),
+     TOBN(0x99c56aee, 0x9032a2a0), TOBN(0x09432bf6, 0xeec367b1),
+     TOBN(0x552850c6, 0xdaf0ecc1), TOBN(0x49ebce55, 0x5bc92048),
+     TOBN(0xdfb66ba6, 0x54811307), TOBN(0x1b84f797, 0x6f298597),
+     TOBN(0x79590481, 0x8d1d7a0d), TOBN(0xd9fabe03, 0x3a6fa556),
+     TOBN(0xa40f9c59, 0xba9e5d35), TOBN(0xcb1771c1, 0xf6247577),
+     TOBN(0x542a47ca, 0xe9a6312b), TOBN(0xa34b3560, 0x552dd8c5),
+     TOBN(0xfdf94de0, 0x0d794716), TOBN(0xd46124a9, 0x9c623094),
+     TOBN(0x56b7435d, 0x68afe8b4), TOBN(0x27f20540, 0x6c0d8ea1),
+     TOBN(0x12b77e14, 0x73186898), TOBN(0xdbc3dd46, 0x7479490f),
+     TOBN(0x951a9842, 0xc03b0c05), TOBN(0x8b1b3bb3, 0x7921bc96),
+     TOBN(0xa573b346, 0x2b202e0a), TOBN(0x77e4665d, 0x47254d56),
+     TOBN(0x08b70dfc, 0xd23e3984), TOBN(0xab86e8bc, 0xebd14236),
+     TOBN(0xaa3e07f8, 0x57114ba7), TOBN(0x5ac71689, 0xab0ef4f2),
+     TOBN(0x88fca384, 0x0139d9af), TOBN(0x72733f88, 0x76644af0),
+     TOBN(0xf122f72a, 0x65d74f4a), TOBN(0x13931577, 0xa5626c7a),
+     TOBN(0xd5b5d9eb, 0x70f8d5a4), TOBN(0x375adde7, 0xd7bbb228),
+     TOBN(0x31e88b86, 0x0c1c0b32), TOBN(0xd1f568c4, 0x173edbaa),
+     TOBN(0x1592fc83, 0x5459df02), TOBN(0x2beac0fb, 0x0fcd9a7e),
+     TOBN(0xb0a6fdb8, 0x1b473b0a), TOBN(0xe3224c6f, 0x0fe8fc48),
+     TOBN(0x680bd00e, 0xe87edf5b), TOBN(0x30385f02, 0x20e77cf5),
+     TOBN(0xe9ab98c0, 0x4d42d1b2), TOBN(0x72d191d2, 0xd3816d77),
+     TOBN(0x1564daca, 0x0917d9e5), TOBN(0x394eab59, 0x1f8fed7f),
+     TOBN(0xa209aa8d, 0x7fbb3896), TOBN(0x5564f3b9, 0xbe6ac98e),
+     TOBN(0xead21d05, 0xd73654ef), TOBN(0x68d1a9c4, 0x13d78d74),
+     TOBN(0x61e01708, 0x6d4973a0), TOBN(0x83da3500, 0x46e6d32a),
+     TOBN(0x6a3dfca4, 0x68ae0118), TOBN(0xa1b9a4c9, 0xd02da069),
+     TOBN(0x0b2ff9c7, 0xebab8302), TOBN(0x98af07c3, 0x944ba436),
+     TOBN(0x85997326, 0x995f0f9f), TOBN(0x467fade0, 0x71b58bc6),
+     TOBN(0x47e4495a, 0xbd625a2b), TOBN(0xfdd2d01d, 0x33c3b8cd),
+     TOBN(0x2c38ae28, 0xc693f9fa), TOBN(0x48622329, 0x348f7999),
+     TOBN(0x97bf738e, 0x2161f583), TOBN(0x15ee2fa7, 0x565e8cc9),
+     TOBN(0xa1a5c845, 0x5777e189), TOBN(0xcc10bee0, 0x456f2829),
+     TOBN(0x8ad95c56, 0xda762bd5), TOBN(0x152e2214, 0xe9d91da8),
+     TOBN(0x975b0e72, 0x7cb23c74), TOBN(0xfd5d7670, 0xa90c66df),
+     TOBN(0xb5b5b8ad, 0x225ffc53), TOBN(0xab6dff73, 0xfaded2ae),
+     TOBN(0xebd56781, 0x6f4cbe9d), TOBN(0x0ed8b249, 0x6a574bd7),
+     TOBN(0x41c246fe, 0x81a881fa), TOBN(0x91564805, 0xc3db9c70),
+     TOBN(0xd7c12b08, 0x5b862809), TOBN(0x1facd1f1, 0x55858d7b),
+     TOBN(0x7693747c, 0xaf09e92a), TOBN(0x3b69dcba, 0x189a425f),
+     TOBN(0x0be28e9f, 0x967365ef), TOBN(0x57300eb2, 0xe801f5c9),
+     TOBN(0x93b8ac6a, 0xd583352f), TOBN(0xa2cf1f89, 0xcd05b2b7),
+     TOBN(0x7c0c9b74, 0x4dcc40cc), TOBN(0xfee38c45, 0xada523fb),
+     TOBN(0xb49a4dec, 0x1099cc4d), TOBN(0x325c377f, 0x69f069c6),
+     TOBN(0xe12458ce, 0x476cc9ff), TOBN(0x580e0b6c, 0xc6d4cb63),
+     TOBN(0xd561c8b7, 0x9072289b), TOBN(0x0377f264, 0xa619e6da),
+     TOBN(0x26685362, 0x88e591a5), TOBN(0xa453a7bd, 0x7523ca2b),
+     TOBN(0x8a9536d2, 0xc1df4533), TOBN(0xc8e50f2f, 0xbe972f79),
+     TOBN(0xd433e50f, 0x6d3549cf), TOBN(0x6f33696f, 0xfacd665e),
+     TOBN(0x695bfdac, 0xce11fcb4), TOBN(0x810ee252, 0xaf7c9860),
+     TOBN(0x65450fe1, 0x7159bb2c), TOBN(0xf7dfbebe, 0x758b357b),
+     TOBN(0x2b057e74, 0xd69fea72), TOBN(0xd485717a, 0x92731745),}
+    ,
+    {TOBN(0x896c42e8, 0xee36860c), TOBN(0xdaf04dfd, 0x4113c22d),
+     TOBN(0x1adbb7b7, 0x44104213), TOBN(0xe5fd5fa1, 0x1fd394ea),
+     TOBN(0x68235d94, 0x1a4e0551), TOBN(0x6772cfbe, 0x18d10151),
+     TOBN(0x276071e3, 0x09984523), TOBN(0xe4e879de, 0x5a56ba98),
+     TOBN(0xaaafafb0, 0x285b9491), TOBN(0x01a0be88, 0x1e4c705e),
+     TOBN(0xff1d4f5d, 0x2ad9caab), TOBN(0x6e349a4a, 0xc37a233f),
+     TOBN(0xcf1c1246, 0x4a1c6a16), TOBN(0xd99e6b66, 0x29383260),
+     TOBN(0xea3d4366, 0x5f6d5471), TOBN(0x36974d04, 0xff8cc89b),
+     TOBN(0xc26c49a1, 0xcfe89d80), TOBN(0xb42c026d, 0xda9c8371),
+     TOBN(0xca6c013a, 0xdad066d2), TOBN(0xfb8f7228, 0x56a4f3ee),
+     TOBN(0x08b579ec, 0xd850935b), TOBN(0x34c1a74c, 0xd631e1b3),
+     TOBN(0xcb5fe596, 0xac198534), TOBN(0x39ff21f6, 0xe1f24f25),
+     TOBN(0x27f29e14, 0x8f929057), TOBN(0x7a64ae06, 0xc0c853df),
+     TOBN(0x256cd183, 0x58e9c5ce), TOBN(0x9d9cce82, 0xded092a5),
+     TOBN(0xcc6e5979, 0x6e93b7c7), TOBN(0xe1e47092, 0x31bb9e27),
+     TOBN(0xb70b3083, 0xaa9e29a0), TOBN(0xbf181a75, 0x3785e644),
+     TOBN(0xf53f2c65, 0x8ead09f7), TOBN(0x1335e1d5, 0x9780d14d),
+     TOBN(0x69cc20e0, 0xcd1b66bc), TOBN(0x9b670a37, 0xbbe0bfc8),
+     TOBN(0xce53dc81, 0x28efbeed), TOBN(0x0c74e77c, 0x8326a6e5),
+     TOBN(0x3604e0d2, 0xb88e9a63), TOBN(0xbab38fca, 0x13dc2248),
+     TOBN(0x8ed6e8c8, 0x5c0a3f1e), TOBN(0xbcad2492, 0x7c87c37f),
+     TOBN(0xfdfb62bb, 0x9ee3b78d), TOBN(0xeba8e477, 0xcbceba46),
+     TOBN(0x37d38cb0, 0xeeaede4b), TOBN(0x0bc498e8, 0x7976deb6),
+     TOBN(0xb2944c04, 0x6b6147fb), TOBN(0x8b123f35, 0xf71f9609),
+     TOBN(0xa155dcc7, 0xde79dc24), TOBN(0xf1168a32, 0x558f69cd),
+     TOBN(0xbac21595, 0x0d1850df), TOBN(0x15c8295b, 0xb204c848),
+     TOBN(0xf661aa36, 0x7d8184ff), TOBN(0xc396228e, 0x30447bdb),
+     TOBN(0x11cd5143, 0xbde4a59e), TOBN(0xe3a26e3b, 0x6beab5e6),
+     TOBN(0xd3b3a13f, 0x1402b9d0), TOBN(0x573441c3, 0x2c7bc863),
+     TOBN(0x4b301ec4, 0x578c3e6e), TOBN(0xc26fc9c4, 0x0adaf57e),
+     TOBN(0x96e71bfd, 0x7493cea3), TOBN(0xd05d4b3f, 0x1af81456),
+     TOBN(0xdaca2a8a, 0x6a8c608f), TOBN(0x53ef07f6, 0x0725b276),
+     TOBN(0x07a5fbd2, 0x7824fc56), TOBN(0x34675218, 0x13289077),
+     TOBN(0x5bf69fd5, 0xe0c48349), TOBN(0xa613ddd3, 0xb6aa7875),
+     TOBN(0x7f78c19c, 0x5450d866), TOBN(0x46f4409c, 0x8f84a481),
+     TOBN(0x9f1d1928, 0x90fce239), TOBN(0x016c4168, 0xb2ce44b9),
+     TOBN(0xbae023f0, 0xc7435978), TOBN(0xb152c888, 0x20e30e19),
+     TOBN(0x9c241645, 0xe3fa6faf), TOBN(0x735d95c1, 0x84823e60),
+     TOBN(0x03197573, 0x03955317), TOBN(0x0b4b02a9, 0xf03b4995),
+     TOBN(0x076bf559, 0x70274600), TOBN(0x32c5cc53, 0xaaf57508),
+     TOBN(0xe8af6d1f, 0x60624129), TOBN(0xb7bc5d64, 0x9a5e2b5e),
+     TOBN(0x3814b048, 0x5f082d72), TOBN(0x76f267f2, 0xce19677a),
+     TOBN(0x626c630f, 0xb36eed93), TOBN(0x55230cd7, 0x3bf56803),
+     TOBN(0x78837949, 0xce2736a0), TOBN(0x0d792d60, 0xaa6c55f1),
+     TOBN(0x0318dbfd, 0xd5c7c5d2), TOBN(0xb38f8da7, 0x072b342d),
+     TOBN(0x3569bddc, 0x7b8de38a), TOBN(0xf25b5887, 0xa1c94842),
+     TOBN(0xb2d5b284, 0x2946ad60), TOBN(0x854f29ad, 0xe9d1707e),
+     TOBN(0xaa5159dc, 0x2c6a4509), TOBN(0x899f94c0, 0x57189837),
+     TOBN(0xcf6adc51, 0xf4a55b03), TOBN(0x261762de, 0x35e3b2d5),
+     TOBN(0x4cc43012, 0x04827b51), TOBN(0xcd22a113, 0xc6021442),
+     TOBN(0xce2fd61a, 0x247c9569), TOBN(0x59a50973, 0xd152beca),
+     TOBN(0x6c835a11, 0x63a716d4), TOBN(0xc26455ed, 0x187dedcf),
+     TOBN(0x27f536e0, 0x49ce89e7), TOBN(0x18908539, 0xcc890cb5),
+     TOBN(0x308909ab, 0xd83c2aa1), TOBN(0xecd3142b, 0x1ab73bd3),
+     TOBN(0x6a85bf59, 0xb3f5ab84), TOBN(0x3c320a68, 0xf2bea4c6),
+     TOBN(0xad8dc538, 0x6da4541f), TOBN(0xeaf34eb0, 0xb7c41186),
+     TOBN(0x1c780129, 0x977c97c4), TOBN(0x5ff9beeb, 0xc57eb9fa),
+     TOBN(0xa24d0524, 0xc822c478), TOBN(0xfd8eec2a, 0x461cd415),
+     TOBN(0xfbde194e, 0xf027458c), TOBN(0xb4ff5319, 0x1d1be115),
+     TOBN(0x63f874d9, 0x4866d6f4), TOBN(0x35c75015, 0xb21ad0c9),
+     TOBN(0xa6b5c9d6, 0x46ac49d2), TOBN(0x42c77c0b, 0x83137aa9),
+     TOBN(0x24d000fc, 0x68225a38), TOBN(0x0f63cfc8, 0x2fe1e907),
+     TOBN(0x22d1b01b, 0xc6441f95), TOBN(0x7d38f719, 0xec8e448f),
+     TOBN(0x9b33fa5f, 0x787fb1ba), TOBN(0x94dcfda1, 0x190158df),
+     TOBN(0xc47cb339, 0x5f6d4a09), TOBN(0x6b4f355c, 0xee52b826),
+     TOBN(0x3d100f5d, 0xf51b930a), TOBN(0xf4512fac, 0x9f668f69),
+     TOBN(0x546781d5, 0x206c4c74), TOBN(0xd021d4d4, 0xcb4d2e48),
+     TOBN(0x494a54c2, 0xca085c2d), TOBN(0xf1dbaca4, 0x520850a8),
+     TOBN(0x63c79326, 0x490a1aca), TOBN(0xcb64dd9c, 0x41526b02),
+     TOBN(0xbb772591, 0xa2979258), TOBN(0x3f582970, 0x48d97846),
+     TOBN(0xd66b70d1, 0x7c213ba7), TOBN(0xc28febb5, 0xe8a0ced4),
+     TOBN(0x6b911831, 0xc10338c1), TOBN(0x0d54e389, 0xbf0126f3),
+     TOBN(0x7048d460, 0x4af206ee), TOBN(0x786c88f6, 0x77e97cb9),
+     TOBN(0xd4375ae1, 0xac64802e), TOBN(0x469bcfe1, 0xd53ec11c),
+     TOBN(0xfc9b340d, 0x47062230), TOBN(0xe743bb57, 0xc5b4a3ac),
+     TOBN(0xfe00b4aa, 0x59ef45ac), TOBN(0x29a4ef23, 0x59edf188),
+     TOBN(0x40242efe, 0xb483689b), TOBN(0x2575d3f6, 0x513ac262),
+     TOBN(0xf30037c8, 0x0ca6db72), TOBN(0xc9fcce82, 0x98864be2),
+     TOBN(0x84a112ff, 0x0149362d), TOBN(0x95e57582, 0x1c4ae971),
+     TOBN(0x1fa4b1a8, 0x945cf86c), TOBN(0x4525a734, 0x0b024a2f),
+     TOBN(0xe76c8b62, 0x8f338360), TOBN(0x483ff593, 0x28edf32b),
+     TOBN(0x67e8e90a, 0x298b1aec), TOBN(0x9caab338, 0x736d9a21),
+     TOBN(0x5c09d2fd, 0x66892709), TOBN(0x2496b4dc, 0xb55a1d41),
+     TOBN(0x93f5fb1a, 0xe24a4394), TOBN(0x08c75049, 0x6fa8f6c1),
+     TOBN(0xcaead1c2, 0xc905d85f), TOBN(0xe9d7f790, 0x0733ae57),
+     TOBN(0x24c9a65c, 0xf07cdd94), TOBN(0x7389359c, 0xa4b55931),
+     TOBN(0xf58709b7, 0x367e45f7), TOBN(0x1f203067, 0xcb7e7adc),
+     TOBN(0x82444bff, 0xc7b72818), TOBN(0x07303b35, 0xbaac8033),
+     TOBN(0x1e1ee4e4, 0xd13b7ea1), TOBN(0xe6489b24, 0xe0e74180),
+     TOBN(0xa5f2c610, 0x7e70ef70), TOBN(0xa1655412, 0xbdd10894),
+     TOBN(0x555ebefb, 0x7af4194e), TOBN(0x533c1c3c, 0x8e89bd9c),
+     TOBN(0x735b9b57, 0x89895856), TOBN(0x15fb3cd2, 0x567f5c15),
+     TOBN(0x057fed45, 0x526f09fd), TOBN(0xe8a4f10c, 0x8128240a),
+     TOBN(0x9332efc4, 0xff2bfd8d), TOBN(0x214e77a0, 0xbd35aa31),
+     TOBN(0x32896d73, 0x14faa40e), TOBN(0x767867ec, 0x01e5f186),
+     TOBN(0xc9adf8f1, 0x17a1813e), TOBN(0xcb6cda78, 0x54741795),
+     TOBN(0xb7521b6d, 0x349d51aa), TOBN(0xf56b5a9e, 0xe3c7b8e9),
+     TOBN(0xc6f1e5c9, 0x32a096df), TOBN(0x083667c4, 0xa3635024),
+     TOBN(0x365ea135, 0x18087f2f), TOBN(0xf1b8eaac, 0xd136e45d),
+     TOBN(0xc8a0e484, 0x73aec989), TOBN(0xd75a324b, 0x142c9259),
+     TOBN(0xb7b4d001, 0x01dae185), TOBN(0x45434e0b, 0x9b7a94bc),
+     TOBN(0xf54339af, 0xfbd8cb0b), TOBN(0xdcc4569e, 0xe98ef49e),
+     TOBN(0x7789318a, 0x09a51299), TOBN(0x81b4d206, 0xb2b025d8),
+     TOBN(0xf64aa418, 0xfae85792), TOBN(0x3e50258f, 0xacd7baf7),
+     TOBN(0xdce84cdb, 0x2996864b), TOBN(0xa2e67089, 0x1f485fa4),
+     TOBN(0xb28b2bb6, 0x534c6a5a), TOBN(0x31a7ec6b, 0xc94b9d39),
+     TOBN(0x1d217766, 0xd6bc20da), TOBN(0x4acdb5ec, 0x86761190),
+     TOBN(0x68726328, 0x73701063), TOBN(0x4d24ee7c, 0x2128c29b),
+     TOBN(0xc072ebd3, 0xa19fd868), TOBN(0x612e481c, 0xdb8ddd3b),
+     TOBN(0xb4e1d754, 0x1a64d852), TOBN(0x00ef95ac, 0xc4c6c4ab),
+     TOBN(0x1536d2ed, 0xaa0a6c46), TOBN(0x61294086, 0x43774790),
+     TOBN(0x54af25e8, 0x343fda10), TOBN(0x9ff9d98d, 0xfd25d6f2),
+     TOBN(0x0746af7c, 0x468b8835), TOBN(0x977a31cb, 0x730ecea7),
+     TOBN(0xa5096b80, 0xc2cf4a81), TOBN(0xaa986833, 0x6458c37a),
+     TOBN(0x6af29bf3, 0xa6bd9d34), TOBN(0x6a62fe9b, 0x33c5d854),
+     TOBN(0x50e6c304, 0xb7133b5e), TOBN(0x04b60159, 0x7d6e6848),
+     TOBN(0x4cd296df, 0x5579bea4), TOBN(0x10e35ac8, 0x5ceedaf1),
+     TOBN(0x04c4c5fd, 0xe3bcc5b1), TOBN(0x95f9ee8a, 0x89412cf9),
+     TOBN(0x2c9459ee, 0x82b6eb0f), TOBN(0x2e845765, 0x95c2aadd),
+     TOBN(0x774a84ae, 0xd327fcfe), TOBN(0xd8c93722, 0x0368d476),
+     TOBN(0x0dbd5748, 0xf83e8a3b), TOBN(0xa579aa96, 0x8d2495f3),
+     TOBN(0x535996a0, 0xae496e9b), TOBN(0x07afbfe9, 0xb7f9bcc2),
+     TOBN(0x3ac1dc6d, 0x5b7bd293), TOBN(0x3b592cff, 0x7022323d),
+     TOBN(0xba0deb98, 0x9c0a3e76), TOBN(0x18e78e9f, 0x4b197acb),
+     TOBN(0x211cde10, 0x296c36ef), TOBN(0x7ee89672, 0x82c4da77),
+     TOBN(0xb617d270, 0xa57836da), TOBN(0xf0cd9c31, 0x9cb7560b),
+     TOBN(0x01fdcbf7, 0xe455fe90), TOBN(0x3fb53cbb, 0x7e7334f3),
+     TOBN(0x781e2ea4, 0x4e7de4ec), TOBN(0x8adab3ad, 0x0b384fd0),
+     TOBN(0x129eee2f, 0x53d64829), TOBN(0x7a471e17, 0xa261492b),
+     TOBN(0xe4f9adb9, 0xe4cb4a2c), TOBN(0x3d359f6f, 0x97ba2c2d),
+     TOBN(0x346c6786, 0x0aacd697), TOBN(0x92b444c3, 0x75c2f8a8),
+     TOBN(0xc79fa117, 0xd85df44e), TOBN(0x56782372, 0x398ddf31),
+     TOBN(0x60e690f2, 0xbbbab3b8), TOBN(0x4851f8ae, 0x8b04816b),
+     TOBN(0xc72046ab, 0x9c92e4d2), TOBN(0x518c74a1, 0x7cf3136b),
+     TOBN(0xff4eb50a, 0xf9877d4c), TOBN(0x14578d90, 0xa919cabb),
+     TOBN(0x8218f8c4, 0xac5eb2b6), TOBN(0xa3ccc547, 0x542016e4),
+     TOBN(0x025bf48e, 0x327f8349), TOBN(0xf3e97346, 0xf43cb641),
+     TOBN(0xdc2bafdf, 0x500f1085), TOBN(0x57167876, 0x2f063055),
+     TOBN(0x5bd914b9, 0x411925a6), TOBN(0x7c078d48, 0xa1123de5),
+     TOBN(0xee6bf835, 0x182b165d), TOBN(0xb11b5e5b, 0xba519727),
+     TOBN(0xe33ea76c, 0x1eea7b85), TOBN(0x2352b461, 0x92d4f85e),
+     TOBN(0xf101d334, 0xafe115bb), TOBN(0xfabc1294, 0x889175a3),
+     TOBN(0x7f6bcdc0, 0x5233f925), TOBN(0xe0a802db, 0xe77fec55),
+     TOBN(0xbdb47b75, 0x8069b659), TOBN(0x1c5e12de, 0xf98fbd74),
+     TOBN(0x869c58c6, 0x4b8457ee), TOBN(0xa5360f69, 0x4f7ea9f7),
+     TOBN(0xe576c09f, 0xf460b38f), TOBN(0x6b70d548, 0x22b7fb36),
+     TOBN(0x3fd237f1, 0x3bfae315), TOBN(0x33797852, 0xcbdff369),
+     TOBN(0x97df25f5, 0x25b516f9), TOBN(0x46f388f2, 0xba38ad2d),
+     TOBN(0x656c4658, 0x89d8ddbb), TOBN(0x8830b26e, 0x70f38ee8),
+     TOBN(0x4320fd5c, 0xde1212b0), TOBN(0xc34f30cf, 0xe4a2edb2),
+     TOBN(0xabb131a3, 0x56ab64b8), TOBN(0x7f77f0cc, 0xd99c5d26),
+     TOBN(0x66856a37, 0xbf981d94), TOBN(0x19e76d09, 0x738bd76e),
+     TOBN(0xe76c8ac3, 0x96238f39), TOBN(0xc0a482be, 0xa830b366),
+     TOBN(0xb7b8eaff, 0x0b4eb499), TOBN(0x8ecd83bc, 0x4bfb4865),
+     TOBN(0x971b2cb7, 0xa2f3776f), TOBN(0xb42176a4, 0xf4b88adf),
+     TOBN(0xb9617df5, 0xbe1fa446), TOBN(0x8b32d508, 0xcd031bd2),
+     TOBN(0x1c6bd47d, 0x53b618c0), TOBN(0xc424f46c, 0x6a227923),
+     TOBN(0x7303ffde, 0xdd92d964), TOBN(0xe9712878, 0x71b5abf2),
+     TOBN(0x8f48a632, 0xf815561d), TOBN(0x85f48ff5, 0xd3c055d1),
+     TOBN(0x222a1427, 0x7525684f), TOBN(0xd0d841a0, 0x67360cc3),
+     TOBN(0x4245a926, 0x0b9267c6), TOBN(0xc78913f1, 0xcf07f863),
+     TOBN(0xaa844c8e, 0x4d0d9e24), TOBN(0xa42ad522, 0x3d5f9017),
+     TOBN(0xbd371749, 0xa2c989d5), TOBN(0x928292df, 0xe1f5e78e),
+     TOBN(0x493b383e, 0x0a1ea6da), TOBN(0x5136fd8d, 0x13aee529),
+     TOBN(0x860c44b1, 0xf2c34a99), TOBN(0x3b00aca4, 0xbf5855ac),
+     TOBN(0xabf6aaa0, 0xfaaf37be), TOBN(0x65f43682, 0x2a53ec08),
+     TOBN(0x1d9a5801, 0xa11b12e1), TOBN(0x78a7ab2c, 0xe20ed475),
+     TOBN(0x0de1067e, 0x9a41e0d5), TOBN(0x30473f5f, 0x305023ea),
+     TOBN(0xdd3ae09d, 0x169c7d97), TOBN(0x5cd5baa4, 0xcfaef9cd),
+     TOBN(0x5cd7440b, 0x65a44803), TOBN(0xdc13966a, 0x47f364de),
+     TOBN(0x077b2be8, 0x2b8357c1), TOBN(0x0cb1b4c5, 0xe9d57c2a),
+     TOBN(0x7a4ceb32, 0x05ff363e), TOBN(0xf310fa4d, 0xca35a9ef),
+     TOBN(0xdbb7b352, 0xf97f68c6), TOBN(0x0c773b50, 0x0b02cf58),
+     TOBN(0xea2e4821, 0x3c1f96d9), TOBN(0xffb357b0, 0xeee01815),
+     TOBN(0xb9c924cd, 0xe0f28039), TOBN(0x0b36c95a, 0x46a3fbe4),
+     TOBN(0x1faaaea4, 0x5e46db6c), TOBN(0xcae575c3, 0x1928aaff),
+     TOBN(0x7f671302, 0xa70dab86), TOBN(0xfcbd12a9, 0x71c58cfc),
+     TOBN(0xcbef9acf, 0xbee0cb92), TOBN(0x573da0b9, 0xf8c1b583),
+     TOBN(0x4752fcfe, 0x0d41d550), TOBN(0xe7eec0e3, 0x2155cffe),
+     TOBN(0x0fc39fcb, 0x545ae248), TOBN(0x522cb8d1, 0x8065f44e),
+     TOBN(0x263c962a, 0x70cbb96c), TOBN(0xe034362a, 0xbcd124a9),
+     TOBN(0xf120db28, 0x3c2ae58d), TOBN(0xb9a38d49, 0xfef6d507),
+     TOBN(0xb1fd2a82, 0x1ff140fd), TOBN(0xbd162f30, 0x20aee7e0),
+     TOBN(0x4e17a5d4, 0xcb251949), TOBN(0x2aebcb83, 0x4f7e1c3d),
+     TOBN(0x608eb25f, 0x937b0527), TOBN(0xf42e1e47, 0xeb7d9997),
+     TOBN(0xeba699c4, 0xb8a53a29), TOBN(0x1f921c71, 0xe091b536),
+     TOBN(0xcce29e7b, 0x5b26bbd5), TOBN(0x7a8ef5ed, 0x3b61a680),
+     TOBN(0xe5ef8043, 0xba1f1c7e), TOBN(0x16ea8217, 0x18158dda),
+     TOBN(0x01778a2b, 0x599ff0f9), TOBN(0x68a923d7, 0x8104fc6b),
+     TOBN(0x5bfa44df, 0xda694ff3), TOBN(0x4f7199db, 0xf7667f12),
+     TOBN(0xc06d8ff6, 0xe46f2a79), TOBN(0x08b5dead, 0xe9f8131d),
+     TOBN(0x02519a59, 0xabb4ce7c), TOBN(0xc4f710bc, 0xb42aec3e),
+     TOBN(0x3d77b057, 0x78bde41a), TOBN(0x6474bf80, 0xb4186b5a),
+     TOBN(0x048b3f67, 0x88c65741), TOBN(0xc64519de, 0x03c7c154),
+     TOBN(0xdf073846, 0x0edfcc4f), TOBN(0x319aa737, 0x48f1aa6b),
+     TOBN(0x8b9f8a02, 0xca909f77), TOBN(0x90258139, 0x7580bfef),
+     TOBN(0xd8bfd3ca, 0xc0c22719), TOBN(0xc60209e4, 0xc9ca151e),
+     TOBN(0x7a744ab5, 0xd9a1a69c), TOBN(0x6de5048b, 0x14937f8f),
+     TOBN(0x171938d8, 0xe115ac04), TOBN(0x7df70940, 0x1c6b16d2),
+     TOBN(0xa6aeb663, 0x7f8e94e7), TOBN(0xc130388e, 0x2a2cf094),
+     TOBN(0x1850be84, 0x77f54e6e), TOBN(0x9f258a72, 0x65d60fe5),
+     TOBN(0xff7ff0c0, 0x6c9146d6), TOBN(0x039aaf90, 0xe63a830b),
+     TOBN(0x38f27a73, 0x9460342f), TOBN(0x4703148c, 0x3f795f8a),
+     TOBN(0x1bb5467b, 0x9681a97e), TOBN(0x00931ba5, 0xecaeb594),
+     TOBN(0xcdb6719d, 0x786f337c), TOBN(0xd9c01cd2, 0xe704397d),
+     TOBN(0x0f4a3f20, 0x555c2fef), TOBN(0x00452509, 0x7c0af223),
+     TOBN(0x54a58047, 0x84db8e76), TOBN(0x3bacf1aa, 0x93c8aa06),
+     TOBN(0x11ca957c, 0xf7919422), TOBN(0x50641053, 0x78cdaa40),
+     TOBN(0x7a303874, 0x9f7144ae), TOBN(0x170c963f, 0x43d4acfd),
+     TOBN(0x5e148149, 0x58ddd3ef), TOBN(0xa7bde582, 0x9e72dba8),
+     TOBN(0x0769da8b, 0x6fa68750), TOBN(0xfa64e532, 0x572e0249),
+     TOBN(0xfcaadf9d, 0x2619ad31), TOBN(0x87882daa, 0xa7b349cd),
+     TOBN(0x9f6eb731, 0x6c67a775), TOBN(0xcb10471a, 0xefc5d0b1),
+     TOBN(0xb433750c, 0xe1b806b2), TOBN(0x19c5714d, 0x57b1ae7e),
+     TOBN(0xc0dc8b7b, 0xed03fd3f), TOBN(0xdd03344f, 0x31bc194e),
+     TOBN(0xa66c52a7, 0x8c6320b5), TOBN(0x8bc82ce3, 0xd0b6fd93),
+     TOBN(0xf8e13501, 0xb35f1341), TOBN(0xe53156dd, 0x25a43e42),
+     TOBN(0xd3adf27e, 0x4daeb85c), TOBN(0xb81d8379, 0xbbeddeb5),
+     TOBN(0x1b0b546e, 0x2e435867), TOBN(0x9020eb94, 0xeba5dd60),
+     TOBN(0x37d91161, 0x8210cb9d), TOBN(0x4c596b31, 0x5c91f1cf),
+     TOBN(0xb228a90f, 0x0e0b040d), TOBN(0xbaf02d82, 0x45ff897f),
+     TOBN(0x2aac79e6, 0x00fa6122), TOBN(0x24828817, 0x8e36f557),
+     TOBN(0xb9521d31, 0x113ec356), TOBN(0x9e48861e, 0x15eff1f8),
+     TOBN(0x2aa1d412, 0xe0d41715), TOBN(0x71f86203, 0x53f131b8),
+     TOBN(0xf60da8da, 0x3fd19408), TOBN(0x4aa716dc, 0x278d9d99),
+     TOBN(0x394531f7, 0xa8c51c90), TOBN(0xb560b0e8, 0xf59db51c),
+     TOBN(0xa28fc992, 0xfa34bdad), TOBN(0xf024fa14, 0x9cd4f8bd),
+     TOBN(0x5cf530f7, 0x23a9d0d3), TOBN(0x615ca193, 0xe28c9b56),
+     TOBN(0x6d2a483d, 0x6f73c51e), TOBN(0xa4cb2412, 0xea0dc2dd),
+     TOBN(0x50663c41, 0x1eb917ff), TOBN(0x3d3a74cf, 0xeade299e),
+     TOBN(0x29b3990f, 0x4a7a9202), TOBN(0xa9bccf59, 0xa7b15c3d),
+     TOBN(0x66a3ccdc, 0xa5df9208), TOBN(0x48027c14, 0x43f2f929),
+     TOBN(0xd385377c, 0x40b557f0), TOBN(0xe001c366, 0xcd684660),
+     TOBN(0x1b18ed6b, 0xe2183a27), TOBN(0x879738d8, 0x63210329),
+     TOBN(0xa687c74b, 0xbda94882), TOBN(0xd1bbcc48, 0xa684b299),
+     TOBN(0xaf6f1112, 0x863b3724), TOBN(0x6943d1b4, 0x2c8ce9f8),
+     TOBN(0xe044a3bb, 0x098cafb4), TOBN(0x27ed2310, 0x60d48caf),
+     TOBN(0x542b5675, 0x3a31b84d), TOBN(0xcbf3dd50, 0xfcddbed7),
+     TOBN(0x25031f16, 0x41b1d830), TOBN(0xa7ec851d, 0xcb0c1e27),
+     TOBN(0xac1c8fe0, 0xb5ae75db), TOBN(0xb24c7557, 0x08c52120),
+     TOBN(0x57f811dc, 0x1d4636c3), TOBN(0xf8436526, 0x681a9939),
+     TOBN(0x1f6bc6d9, 0x9c81adb3), TOBN(0x840f8ac3, 0x5b7d80d4),
+     TOBN(0x731a9811, 0xf4387f1a), TOBN(0x7c501cd3, 0xb5156880),
+     TOBN(0xa5ca4a07, 0xdfe68867), TOBN(0xf123d8f0, 0x5fcea120),
+     TOBN(0x1fbb0e71, 0xd607039e), TOBN(0x2b70e215, 0xcd3a4546),
+     TOBN(0x32d2f01d, 0x53324091), TOBN(0xb796ff08, 0x180ab19b),
+     TOBN(0x32d87a86, 0x3c57c4aa), TOBN(0x2aed9caf, 0xb7c49a27),
+     TOBN(0x9fb35eac, 0x31630d98), TOBN(0x338e8cdf, 0x5c3e20a3),
+     TOBN(0x80f16182, 0x66cde8db), TOBN(0x4e159980, 0x2d72fd36),
+     TOBN(0xd7b8f13b, 0x9b6e5072), TOBN(0xf5213907, 0x3b7b5dc1),
+     TOBN(0x4d431f1d, 0x8ce4396e), TOBN(0x37a1a680, 0xa7ed2142),
+     TOBN(0xbf375696, 0xd01aaf6b), TOBN(0xaa1c0c54, 0xe63aab66),
+     TOBN(0x3014368b, 0x4ed80940), TOBN(0x67e6d056, 0x7a6fcedd),
+     TOBN(0x7c208c49, 0xca97579f), TOBN(0xfe3d7a81, 0xa23597f6),
+     TOBN(0x5e203202, 0x7e096ae2), TOBN(0xb1f3e1e7, 0x24b39366),
+     TOBN(0x26da26f3, 0x2fdcdffc), TOBN(0x79422f1d, 0x6097be83),}
+    ,
+    {TOBN(0x263a2cfb, 0x9db3b381), TOBN(0x9c3a2dee, 0xd4df0a4b),
+     TOBN(0x728d06e9, 0x7d04e61f), TOBN(0x8b1adfbc, 0x42449325),
+     TOBN(0x6ec1d939, 0x7e053a1b), TOBN(0xee2be5c7, 0x66daf707),
+     TOBN(0x80ba1e14, 0x810ac7ab), TOBN(0xdd2ae778, 0xf530f174),
+     TOBN(0x0435d97a, 0x205b9d8b), TOBN(0x6eb8f064, 0x056756d4),
+     TOBN(0xd5e88a8b, 0xb6f8210e), TOBN(0x070ef12d, 0xec9fd9ea),
+     TOBN(0x4d849505, 0x3bcc876a), TOBN(0x12a75338, 0xa7404ce3),
+     TOBN(0xd22b49e1, 0xb8a1db5e), TOBN(0xec1f2051, 0x14bfa5ad),
+     TOBN(0xadbaeb79, 0xb6828f36), TOBN(0x9d7a0258, 0x01bd5b9e),
+     TOBN(0xeda01e0d, 0x1e844b0c), TOBN(0x4b625175, 0x887edfc9),
+     TOBN(0x14109fdd, 0x9669b621), TOBN(0x88a2ca56, 0xf6f87b98),
+     TOBN(0xfe2eb788, 0x170df6bc), TOBN(0x0cea06f4, 0xffa473f9),
+     TOBN(0x43ed81b5, 0xc4e83d33), TOBN(0xd9f35879, 0x5efd488b),
+     TOBN(0x164a620f, 0x9deb4d0f), TOBN(0xc6927bdb, 0xac6a7394),
+     TOBN(0x45c28df7, 0x9f9e0f03), TOBN(0x2868661e, 0xfcd7e1a9),
+     TOBN(0x7cf4e8d0, 0xffa348f1), TOBN(0x6bd4c284, 0x398538e0),
+     TOBN(0x2618a091, 0x289a8619), TOBN(0xef796e60, 0x6671b173),
+     TOBN(0x664e46e5, 0x9090c632), TOBN(0xa38062d4, 0x1e66f8fb),
+     TOBN(0x6c744a20, 0x0573274e), TOBN(0xd07b67e4, 0xa9271394),
+     TOBN(0x391223b2, 0x6bdc0e20), TOBN(0xbe2d93f1, 0xeb0a05a7),
+     TOBN(0xf23e2e53, 0x3f36d141), TOBN(0xe84bb3d4, 0x4dfca442),
+     TOBN(0xb804a48d, 0x6b7c023a), TOBN(0x1e16a8fa, 0x76431c3b),
+     TOBN(0x1b5452ad, 0xddd472e0), TOBN(0x7d405ee7, 0x0d1ee127),
+     TOBN(0x50fc6f1d, 0xffa27599), TOBN(0x351ac53c, 0xbf391b35),
+     TOBN(0x7efa14b8, 0x4444896b), TOBN(0x64974d2f, 0xf94027fb),
+     TOBN(0xefdcd0e8, 0xde84487d), TOBN(0x8c45b260, 0x2b48989b),
+     TOBN(0xa8fcbbc2, 0xd8463487), TOBN(0xd1b2b3f7, 0x3fbc476c),
+     TOBN(0x21d005b7, 0xc8f443c0), TOBN(0x518f2e67, 0x40c0139c),
+     TOBN(0x56036e8c, 0x06d75fc1), TOBN(0x2dcf7bb7, 0x3249a89f),
+     TOBN(0x81dd1d3d, 0xe245e7dd), TOBN(0xf578dc4b, 0xebd6e2a7),
+     TOBN(0x4c028903, 0xdf2ce7a0), TOBN(0xaee36288, 0x9c39afac),
+     TOBN(0xdc847c31, 0x146404ab), TOBN(0x6304c0d8, 0xa4e97818),
+     TOBN(0xae51dca2, 0xa91f6791), TOBN(0x2abe4190, 0x9baa9efc),
+     TOBN(0xd9d2e2f4, 0x559c7ac1), TOBN(0xe82f4b51, 0xfc9f773a),
+     TOBN(0xa7713027, 0x4073e81c), TOBN(0xc0276fac, 0xfbb596fc),
+     TOBN(0x1d819fc9, 0xa684f70c), TOBN(0x29b47fdd, 0xc9f7b1e0),
+     TOBN(0x358de103, 0x459b1940), TOBN(0xec881c59, 0x5b013e93),
+     TOBN(0x51574c93, 0x49532ad3), TOBN(0x2db1d445, 0xb37b46de),
+     TOBN(0xc6445b87, 0xdf239fd8), TOBN(0xc718af75, 0x151d24ee),
+     TOBN(0xaea1c4a4, 0xf43c6259), TOBN(0x40c0e5d7, 0x70be02f7),
+     TOBN(0x6a4590f4, 0x721b33f2), TOBN(0x2124f1fb, 0xfedf04ea),
+     TOBN(0xf8e53cde, 0x9745efe7), TOBN(0xe7e10432, 0x65f046d9),
+     TOBN(0xc3fca28e, 0xe4d0c7e6), TOBN(0x847e339a, 0x87253b1b),
+     TOBN(0x9b595348, 0x3743e643), TOBN(0xcb6a0a0b, 0x4fd12fc5),
+     TOBN(0xfb6836c3, 0x27d02dcc), TOBN(0x5ad00982, 0x7a68bcc2),
+     TOBN(0x1b24b44c, 0x005e912d), TOBN(0xcc83d20f, 0x811fdcfe),
+     TOBN(0x36527ec1, 0x666fba0c), TOBN(0x69948197, 0x14754635),
+     TOBN(0xfcdcb1a8, 0x556da9c2), TOBN(0xa5934267, 0x81a732b2),
+     TOBN(0xec1214ed, 0xa714181d), TOBN(0x609ac13b, 0x6067b341),
+     TOBN(0xff4b4c97, 0xa545df1f), TOBN(0xa1240501, 0x34d2076b),
+     TOBN(0x6efa0c23, 0x1409ca97), TOBN(0x254cc1a8, 0x20638c43),
+     TOBN(0xd4e363af, 0xdcfb46cd), TOBN(0x62c2adc3, 0x03942a27),
+     TOBN(0xc67b9df0, 0x56e46483), TOBN(0xa55abb20, 0x63736356),
+     TOBN(0xab93c098, 0xc551bc52), TOBN(0x382b49f9, 0xb15fe64b),
+     TOBN(0x9ec221ad, 0x4dff8d47), TOBN(0x79caf615, 0x437df4d6),
+     TOBN(0x5f13dc64, 0xbb456509), TOBN(0xe4c589d9, 0x191f0714),
+     TOBN(0x27b6a8ab, 0x3fd40e09), TOBN(0xe455842e, 0x77313ea9),
+     TOBN(0x8b51d1e2, 0x1f55988b), TOBN(0x5716dd73, 0x062bbbfc),
+     TOBN(0x633c11e5, 0x4e8bf3de), TOBN(0x9a0e77b6, 0x1b85be3b),
+     TOBN(0x56510729, 0x0911cca6), TOBN(0x27e76495, 0xefa6590f),
+     TOBN(0xe4ac8b33, 0x070d3aab), TOBN(0x2643672b, 0x9a2cd5e5),
+     TOBN(0x52eff79b, 0x1cfc9173), TOBN(0x665ca49b, 0x90a7c13f),
+     TOBN(0x5a8dda59, 0xb3efb998), TOBN(0x8a5b922d, 0x052f1341),
+     TOBN(0xae9ebbab, 0x3cf9a530), TOBN(0x35986e7b, 0xf56da4d7),
+     TOBN(0x3a636b5c, 0xff3513cc), TOBN(0xbb0cf8ba, 0x3198f7dd),
+     TOBN(0xb8d40522, 0x41f16f86), TOBN(0x760575d8, 0xde13a7bf),
+     TOBN(0x36f74e16, 0x9f7aa181), TOBN(0x163a3ecf, 0xf509ed1c),
+     TOBN(0x6aead61f, 0x3c40a491), TOBN(0x158c95fc, 0xdfe8fcaa),
+     TOBN(0xa3991b6e, 0x13cda46f), TOBN(0x79482415, 0x342faed0),
+     TOBN(0xf3ba5bde, 0x666b5970), TOBN(0x1d52e6bc, 0xb26ab6dd),
+     TOBN(0x768ba1e7, 0x8608dd3d), TOBN(0x4930db2a, 0xea076586),
+     TOBN(0xd9575714, 0xe7dc1afa), TOBN(0x1fc7bf7d, 0xf7c58817),
+     TOBN(0x6b47accd, 0xd9eee96c), TOBN(0x0ca277fb, 0xe58cec37),
+     TOBN(0x113fe413, 0xe702c42a), TOBN(0xdd1764ee, 0xc47cbe51),
+     TOBN(0x041e7cde, 0x7b3ed739), TOBN(0x50cb7459, 0x5ce9e1c0),
+     TOBN(0x35568513, 0x2925b212), TOBN(0x7cff95c4, 0x001b081c),
+     TOBN(0x63ee4cbd, 0x8088b454), TOBN(0xdb7f32f7, 0x9a9e0c8a),
+     TOBN(0xb377d418, 0x6b2447cb), TOBN(0xe3e982aa, 0xd370219b),
+     TOBN(0x06ccc1e4, 0xc2a2a593), TOBN(0x72c36865, 0x0773f24f),
+     TOBN(0xa13b4da7, 0x95859423), TOBN(0x8bbf1d33, 0x75040c8f),
+     TOBN(0x726f0973, 0xda50c991), TOBN(0x48afcd5b, 0x822d6ee2),
+     TOBN(0xe5fc718b, 0x20fd7771), TOBN(0xb9e8e77d, 0xfd0807a1),
+     TOBN(0x7f5e0f44, 0x99a7703d), TOBN(0x6972930e, 0x618e36f3),
+     TOBN(0x2b7c77b8, 0x23807bbe), TOBN(0xe5b82405, 0xcb27ff50),
+     TOBN(0xba8b8be3, 0xbd379062), TOBN(0xd64b7a1d, 0x2dce4a92),
+     TOBN(0x040a73c5, 0xb2952e37), TOBN(0x0a9e252e, 0xd438aeca),
+     TOBN(0xdd43956b, 0xc39d3bcb), TOBN(0x1a31ca00, 0xb32b2d63),
+     TOBN(0xd67133b8, 0x5c417a18), TOBN(0xd08e4790, 0x2ef442c8),
+     TOBN(0x98cb1ae9, 0x255c0980), TOBN(0x4bd86381, 0x2b4a739f),
+     TOBN(0x5a5c31e1, 0x1e4a45a1), TOBN(0x1e5d55fe, 0x9cb0db2f),
+     TOBN(0x74661b06, 0x8ff5cc29), TOBN(0x026b389f, 0x0eb8a4f4),
+     TOBN(0x536b21a4, 0x58848c24), TOBN(0x2e5bf8ec, 0x81dc72b0),
+     TOBN(0x03c187d0, 0xad886aac), TOBN(0x5c16878a, 0xb771b645),
+     TOBN(0xb07dfc6f, 0xc74045ab), TOBN(0x2c6360bf, 0x7800caed),
+     TOBN(0x24295bb5, 0xb9c972a3), TOBN(0xc9e6f88e, 0x7c9a6dba),
+     TOBN(0x90ffbf24, 0x92a79aa6), TOBN(0xde29d50a, 0x41c26ac2),
+     TOBN(0x9f0af483, 0xd309cbe6), TOBN(0x5b020d8a, 0xe0bced4f),
+     TOBN(0x606e986d, 0xb38023e3), TOBN(0xad8f2c9d, 0x1abc6933),
+     TOBN(0x19292e1d, 0xe7400e93), TOBN(0xfe3e18a9, 0x52be5e4d),
+     TOBN(0xe8e9771d, 0x2e0680bf), TOBN(0x8c5bec98, 0xc54db063),
+     TOBN(0x2af9662a, 0x74a55d1f), TOBN(0xe3fbf28f, 0x046f66d8),
+     TOBN(0xa3a72ab4, 0xd4dc4794), TOBN(0x09779f45, 0x5c7c2dd8),
+     TOBN(0xd893bdaf, 0xc3d19d8d), TOBN(0xd5a75094, 0x57d6a6df),
+     TOBN(0x8cf8fef9, 0x952e6255), TOBN(0x3da67cfb, 0xda9a8aff),
+     TOBN(0x4c23f62a, 0x2c160dcd), TOBN(0x34e6c5e3, 0x8f90eaef),
+     TOBN(0x35865519, 0xa9a65d5a), TOBN(0x07c48aae, 0x8fd38a3d),
+     TOBN(0xb7e7aeda, 0x50068527), TOBN(0x2c09ef23, 0x1c90936a),
+     TOBN(0x31ecfeb6, 0xe879324c), TOBN(0xa0871f6b, 0xfb0ec938),
+     TOBN(0xb1f0fb68, 0xd84d835d), TOBN(0xc90caf39, 0x861dc1e6),
+     TOBN(0x12e5b046, 0x7594f8d7), TOBN(0x26897ae2, 0x65012b92),
+     TOBN(0xbcf68a08, 0xa4d6755d), TOBN(0x403ee41c, 0x0991fbda),
+     TOBN(0x733e343e, 0x3bbf17e8), TOBN(0xd2c7980d, 0x679b3d65),
+     TOBN(0x33056232, 0xd2e11305), TOBN(0x966be492, 0xf3c07a6f),
+     TOBN(0x6a8878ff, 0xbb15509d), TOBN(0xff221101, 0x0a9b59a4),
+     TOBN(0x6c9f564a, 0xabe30129), TOBN(0xc6f2c940, 0x336e64cf),
+     TOBN(0x0fe75262, 0x8b0c8022), TOBN(0xbe0267e9, 0x6ae8db87),
+     TOBN(0x22e192f1, 0x93bc042b), TOBN(0xf085b534, 0xb237c458),
+     TOBN(0xa0d192bd, 0x832c4168), TOBN(0x7a76e9e3, 0xbdf6271d),
+     TOBN(0x52a882fa, 0xb88911b5), TOBN(0xc85345e4, 0xb4db0eb5),
+     TOBN(0xa3be02a6, 0x81a7c3ff), TOBN(0x51889c8c, 0xf0ec0469),
+     TOBN(0x9d031369, 0xa5e829e5), TOBN(0xcbb4c6fc, 0x1607aa41),
+     TOBN(0x75ac59a6, 0x241d84c1), TOBN(0xc043f2bf, 0x8829e0ee),
+     TOBN(0x82a38f75, 0x8ea5e185), TOBN(0x8bda40b9, 0xd87cbd9f),
+     TOBN(0x9e65e75e, 0x2d8fc601), TOBN(0x3d515f74, 0xa35690b3),
+     TOBN(0x534acf4f, 0xda79e5ac), TOBN(0x68b83b3a, 0x8630215f),
+     TOBN(0x5c748b2e, 0xd085756e), TOBN(0xb0317258, 0xe5d37cb2),
+     TOBN(0x6735841a, 0xc5ccc2c4), TOBN(0x7d7dc96b, 0x3d9d5069),
+     TOBN(0xa147e410, 0xfd1754bd), TOBN(0x65296e94, 0xd399ddd5),
+     TOBN(0xf6b5b2d0, 0xbc8fa5bc), TOBN(0x8a5ead67, 0x500c277b),
+     TOBN(0x214625e6, 0xdfa08a5d), TOBN(0x51fdfedc, 0x959cf047),
+     TOBN(0x6bc9430b, 0x289fca32), TOBN(0xe36ff0cf, 0x9d9bdc3f),
+     TOBN(0x2fe187cb, 0x58ea0ede), TOBN(0xed66af20, 0x5a900b3f),
+     TOBN(0x00e0968b, 0x5fa9f4d6), TOBN(0x2d4066ce, 0x37a362e7),
+     TOBN(0xa99a9748, 0xbd07e772), TOBN(0x710989c0, 0x06a4f1d0),
+     TOBN(0xd5dedf35, 0xce40cbd8), TOBN(0xab55c5f0, 0x1743293d),
+     TOBN(0x766f1144, 0x8aa24e2c), TOBN(0x94d874f8, 0x605fbcb4),
+     TOBN(0xa365f0e8, 0xa518001b), TOBN(0xee605eb6, 0x9d04ef0f),
+     TOBN(0x5a3915cd, 0xba8d4d25), TOBN(0x44c0e1b8, 0xb5113472),
+     TOBN(0xcbb024e8, 0x8b6740dc), TOBN(0x89087a53, 0xee1d4f0c),
+     TOBN(0xa88fa05c, 0x1fc4e372), TOBN(0x8bf395cb, 0xaf8b3af2),
+     TOBN(0x1e71c9a1, 0xdeb8568b), TOBN(0xa35daea0, 0x80fb3d32),
+     TOBN(0xe8b6f266, 0x2cf8fb81), TOBN(0x6d51afe8, 0x9490696a),
+     TOBN(0x81beac6e, 0x51803a19), TOBN(0xe3d24b7f, 0x86219080),
+     TOBN(0x727cfd9d, 0xdf6f463c), TOBN(0x8c6865ca, 0x72284ee8),
+     TOBN(0x32c88b7d, 0xb743f4ef), TOBN(0x3793909b, 0xe7d11dce),
+     TOBN(0xd398f922, 0x2ff2ebe8), TOBN(0x2c70ca44, 0xe5e49796),
+     TOBN(0xdf4d9929, 0xcb1131b1), TOBN(0x7826f298, 0x25888e79),
+     TOBN(0x4d3a112c, 0xf1d8740a), TOBN(0x00384cb6, 0x270afa8b),
+     TOBN(0xcb64125b, 0x3ab48095), TOBN(0x3451c256, 0x62d05106),
+     TOBN(0xd73d577d, 0xa4955845), TOBN(0x39570c16, 0xbf9f4433),
+     TOBN(0xd7dfaad3, 0xadecf263), TOBN(0xf1c3d8d1, 0xdc76e102),
+     TOBN(0x5e774a58, 0x54c6a836), TOBN(0xdad4b672, 0x3e92d47b),
+     TOBN(0xbe7e990f, 0xf0d796a0), TOBN(0x5fc62478, 0xdf0e8b02),
+     TOBN(0x8aae8bf4, 0x030c00ad), TOBN(0x3d2db93b, 0x9004ba0f),
+     TOBN(0xe48c8a79, 0xd85d5ddc), TOBN(0xe907caa7, 0x6bb07f34),
+     TOBN(0x58db343a, 0xa39eaed5), TOBN(0x0ea6e007, 0xadaf5724),
+     TOBN(0xe00df169, 0xd23233f3), TOBN(0x3e322796, 0x77cb637f),
+     TOBN(0x1f897c0e, 0x1da0cf6c), TOBN(0xa651f5d8, 0x31d6bbdd),
+     TOBN(0xdd61af19, 0x1a230c76), TOBN(0xbd527272, 0xcdaa5e4a),
+     TOBN(0xca753636, 0xd0abcd7e), TOBN(0x78bdd37c, 0x370bd8dc),
+     TOBN(0xc23916c2, 0x17cd93fe), TOBN(0x65b97a4d, 0xdadce6e2),
+     TOBN(0xe04ed4eb, 0x174e42f8), TOBN(0x1491ccaa, 0xbb21480a),
+     TOBN(0x145a8280, 0x23196332), TOBN(0x3c3862d7, 0x587b479a),
+     TOBN(0x9f4a88a3, 0x01dcd0ed), TOBN(0x4da2b7ef, 0x3ea12f1f),
+     TOBN(0xf8e7ae33, 0xb126e48e), TOBN(0x404a0b32, 0xf494e237),
+     TOBN(0x9beac474, 0xc55acadb), TOBN(0x4ee5cf3b, 0xcbec9fd9),
+     TOBN(0x336b33b9, 0x7df3c8c3), TOBN(0xbd905fe3, 0xb76808fd),
+     TOBN(0x8f436981, 0xaa45c16a), TOBN(0x255c5bfa, 0x3dd27b62),
+     TOBN(0x71965cbf, 0xc3dd9b4d), TOBN(0xce23edbf, 0xfc068a87),
+     TOBN(0xb78d4725, 0x745b029b), TOBN(0x74610713, 0xcefdd9bd),
+     TOBN(0x7116f75f, 0x1266bf52), TOBN(0x02046722, 0x18e49bb6),
+     TOBN(0xdf43df9f, 0x3d6f19e3), TOBN(0xef1bc7d0, 0xe685cb2f),
+     TOBN(0xcddb27c1, 0x7078c432), TOBN(0xe1961b9c, 0xb77fedb7),
+     TOBN(0x1edc2f5c, 0xc2290570), TOBN(0x2c3fefca, 0x19cbd886),
+     TOBN(0xcf880a36, 0xc2af389a), TOBN(0x96c610fd, 0xbda71cea),
+     TOBN(0xf03977a9, 0x32aa8463), TOBN(0x8eb7763f, 0x8586d90a),
+     TOBN(0x3f342454, 0x2a296e77), TOBN(0xc8718683, 0x42837a35),
+     TOBN(0x7dc71090, 0x6a09c731), TOBN(0x54778ffb, 0x51b816db),
+     TOBN(0x6b33bfec, 0xaf06defd), TOBN(0xfe3c105f, 0x8592b70b),
+     TOBN(0xf937fda4, 0x61da6114), TOBN(0x3c13e651, 0x4c266ad7),
+     TOBN(0xe363a829, 0x855938e8), TOBN(0x2eeb5d9e, 0x9de54b72),
+     TOBN(0xbeb93b0e, 0x20ccfab9), TOBN(0x3dffbb5f, 0x25e61a25),
+     TOBN(0x7f655e43, 0x1acc093d), TOBN(0x0cb6cc3d, 0x3964ce61),
+     TOBN(0x6ab283a1, 0xe5e9b460), TOBN(0x55d787c5, 0xa1c7e72d),
+     TOBN(0x4d2efd47, 0xdeadbf02), TOBN(0x11e80219, 0xac459068),
+     TOBN(0x810c7626, 0x71f311f0), TOBN(0xfa17ef8d, 0x4ab6ef53),
+     TOBN(0xaf47fd25, 0x93e43bff), TOBN(0x5cb5ff3f, 0x0be40632),
+     TOBN(0x54687106, 0x8ee61da3), TOBN(0x7764196e, 0xb08afd0f),
+     TOBN(0x831ab3ed, 0xf0290a8f), TOBN(0xcae81966, 0xcb47c387),
+     TOBN(0xaad7dece, 0x184efb4f), TOBN(0xdcfc53b3, 0x4749110e),
+     TOBN(0x6698f23c, 0x4cb632f9), TOBN(0xc42a1ad6, 0xb91f8067),
+     TOBN(0xb116a81d, 0x6284180a), TOBN(0xebedf5f8, 0xe901326f),
+     TOBN(0xf2274c9f, 0x97e3e044), TOBN(0x42018520, 0x11d09fc9),
+     TOBN(0x56a65f17, 0xd18e6e23), TOBN(0x2ea61e2a, 0x352b683c),
+     TOBN(0x27d291bc, 0x575eaa94), TOBN(0x9e7bc721, 0xb8ff522d),
+     TOBN(0x5f7268bf, 0xa7f04d6f), TOBN(0x5868c73f, 0xaba41748),
+     TOBN(0x9f85c2db, 0x7be0eead), TOBN(0x511e7842, 0xff719135),
+     TOBN(0x5a06b1e9, 0xc5ea90d7), TOBN(0x0c19e283, 0x26fab631),
+     TOBN(0x8af8f0cf, 0xe9206c55), TOBN(0x89389cb4, 0x3553c06a),
+     TOBN(0x39dbed97, 0xf65f8004), TOBN(0x0621b037, 0xc508991d),
+     TOBN(0x1c52e635, 0x96e78cc4), TOBN(0x5385c8b2, 0x0c06b4a8),
+     TOBN(0xd84ddfdb, 0xb0e87d03), TOBN(0xc49dfb66, 0x934bafad),
+     TOBN(0x7071e170, 0x59f70772), TOBN(0x3a073a84, 0x3a1db56b),
+     TOBN(0x03494903, 0x3b8af190), TOBN(0x7d882de3, 0xd32920f0),
+     TOBN(0x91633f0a, 0xb2cf8940), TOBN(0x72b0b178, 0x6f948f51),
+     TOBN(0x2d28dc30, 0x782653c8), TOBN(0x88829849, 0xdb903a05),
+     TOBN(0xb8095d0c, 0x6a19d2bb), TOBN(0x4b9e7f0c, 0x86f782cb),
+     TOBN(0x7af73988, 0x2d907064), TOBN(0xd12be0fe, 0x8b32643c),
+     TOBN(0x358ed23d, 0x0e165dc3), TOBN(0x3d47ce62, 0x4e2378ce),
+     TOBN(0x7e2bb0b9, 0xfeb8a087), TOBN(0x3246e8ae, 0xe29e10b9),
+     TOBN(0x459f4ec7, 0x03ce2b4d), TOBN(0xe9b4ca1b, 0xbbc077cf),
+     TOBN(0x2613b4f2, 0x0e9940c1), TOBN(0xfc598bb9, 0x047d1eb1),
+     TOBN(0x9744c62b, 0x45036099), TOBN(0xa9dee742, 0x167c65d8),
+     TOBN(0x0c511525, 0xdabe1943), TOBN(0xda110554, 0x93c6c624),
+     TOBN(0xae00a52c, 0x651a3be2), TOBN(0xcda5111d, 0x884449a6),
+     TOBN(0x063c06f4, 0xff33bed1), TOBN(0x73baaf9a, 0x0d3d76b4),
+     TOBN(0x52fb0c9d, 0x7fc63668), TOBN(0x6886c9dd, 0x0c039cde),
+     TOBN(0x602bd599, 0x55b22351), TOBN(0xb00cab02, 0x360c7c13),
+     TOBN(0x8cb616bc, 0x81b69442), TOBN(0x41486700, 0xb55c3cee),
+     TOBN(0x71093281, 0xf49ba278), TOBN(0xad956d9c, 0x64a50710),
+     TOBN(0x9561f28b, 0x638a7e81), TOBN(0x54155cdf, 0x5980ddc3),
+     TOBN(0xb2db4a96, 0xd26f247a), TOBN(0x9d774e4e, 0x4787d100),
+     TOBN(0x1a9e6e2e, 0x078637d2), TOBN(0x1c363e2d, 0x5e0ae06a),
+     TOBN(0x7493483e, 0xe9cfa354), TOBN(0x76843cb3, 0x7f74b98d),
+     TOBN(0xbaca6591, 0xd4b66947), TOBN(0xb452ce98, 0x04460a8c),
+     TOBN(0x6830d246, 0x43768f55), TOBN(0xf4197ed8, 0x7dff12df),
+     TOBN(0x6521b472, 0x400dd0f7), TOBN(0x59f5ca8f, 0x4b1e7093),
+     TOBN(0x6feff11b, 0x080338ae), TOBN(0x0ada31f6, 0xa29ca3c6),
+     TOBN(0x24794eb6, 0x94a2c215), TOBN(0xd83a43ab, 0x05a57ab4),
+     TOBN(0x264a543a, 0x2a6f89fe), TOBN(0x2c2a3868, 0xdd5ec7c2),
+     TOBN(0xd3373940, 0x8439d9b2), TOBN(0x715ea672, 0x0acd1f11),
+     TOBN(0x42c1d235, 0xe7e6cc19), TOBN(0x81ce6e96, 0xb990585c),
+     TOBN(0x04e5dfe0, 0xd809c7bd), TOBN(0xd7b2580c, 0x8f1050ab),
+     TOBN(0x6d91ad78, 0xd8a4176f), TOBN(0x0af556ee, 0x4e2e897c),
+     TOBN(0x162a8b73, 0x921de0ac), TOBN(0x52ac9c22, 0x7ea78400),
+     TOBN(0xee2a4eea, 0xefce2174), TOBN(0xbe61844e, 0x6d637f79),
+     TOBN(0x0491f1bc, 0x789a283b), TOBN(0x72d3ac3d, 0x880836f4),
+     TOBN(0xaa1c5ea3, 0x88e5402d), TOBN(0x1b192421, 0xd5cc473d),
+     TOBN(0x5c0b9998, 0x9dc84cac), TOBN(0xb0a8482d, 0x9c6e75b8),
+     TOBN(0x639961d0, 0x3a191ce2), TOBN(0xda3bc865, 0x6d837930),
+     TOBN(0xca990653, 0x056e6f8f), TOBN(0x84861c41, 0x64d133a7),
+     TOBN(0x8b403276, 0x746abe40), TOBN(0xb7b4d51a, 0xebf8e303),
+     TOBN(0x05b43211, 0x220a255d), TOBN(0xc997152c, 0x02419e6e),
+     TOBN(0x76ff47b6, 0x630c2fea), TOBN(0x50518677, 0x281fdade),
+     TOBN(0x3283b8ba, 0xcf902b0b), TOBN(0x8d4b4eb5, 0x37db303b),
+     TOBN(0xcc89f42d, 0x755011bc), TOBN(0xb43d74bb, 0xdd09d19b),
+     TOBN(0x65746bc9, 0x8adba350), TOBN(0x364eaf8c, 0xb51c1927),
+     TOBN(0x13c76596, 0x10ad72ec), TOBN(0x30045121, 0xf8d40c20),
+     TOBN(0x6d2d99b7, 0xea7b979b), TOBN(0xcd78cd74, 0xe6fb3bcd),
+     TOBN(0x11e45a9e, 0x86cffbfe), TOBN(0x78a61cf4, 0x637024f6),
+     TOBN(0xd06bc872, 0x3d502295), TOBN(0xf1376854, 0x458cb288),
+     TOBN(0xb9db26a1, 0x342f8586), TOBN(0xf33effcf, 0x4beee09e),
+     TOBN(0xd7e0c4cd, 0xb30cfb3a), TOBN(0x6d09b8c1, 0x6c9db4c8),
+     TOBN(0x40ba1a42, 0x07c8d9df), TOBN(0x6fd495f7, 0x1c52c66d),
+     TOBN(0xfb0e169f, 0x275264da), TOBN(0x80c2b746, 0xe57d8362),
+     TOBN(0xedd987f7, 0x49ad7222), TOBN(0xfdc229af, 0x4398ec7b),}
+    ,
+    {TOBN(0xb0d1ed84, 0x52666a58), TOBN(0x4bcb6e00, 0xe6a9c3c2),
+     TOBN(0x3c57411c, 0x26906408), TOBN(0xcfc20755, 0x13556400),
+     TOBN(0xa08b1c50, 0x5294dba3), TOBN(0xa30ba286, 0x8b7dd31e),
+     TOBN(0xd70ba90e, 0x991eca74), TOBN(0x094e142c, 0xe762c2b9),
+     TOBN(0xb81d783e, 0x979f3925), TOBN(0x1efd130a, 0xaf4c89a7),
+     TOBN(0x525c2144, 0xfd1bf7fa), TOBN(0x4b296904, 0x1b265a9e),
+     TOBN(0xed8e9634, 0xb9db65b6), TOBN(0x35c82e32, 0x03599d8a),
+     TOBN(0xdaa7a54f, 0x403563f3), TOBN(0x9df088ad, 0x022c38ab),
+     TOBN(0xe5cfb066, 0xbb3fd30a), TOBN(0x429169da, 0xeff0354e),
+     TOBN(0x809cf852, 0x3524e36c), TOBN(0x136f4fb3, 0x0155be1d),
+     TOBN(0x4826af01, 0x1fbba712), TOBN(0x6ef0f0b4, 0x506ba1a1),
+     TOBN(0xd9928b31, 0x77aea73e), TOBN(0xe2bf6af2, 0x5eaa244e),
+     TOBN(0x8d084f12, 0x4237b64b), TOBN(0x688ebe99, 0xe3ecfd07),
+     TOBN(0x57b8a70c, 0xf6845dd8), TOBN(0x808fc59c, 0x5da4a325),
+     TOBN(0xa9032b2b, 0xa3585862), TOBN(0xb66825d5, 0xedf29386),
+     TOBN(0xb5a5a8db, 0x431ec29b), TOBN(0xbb143a98, 0x3a1e8dc8),
+     TOBN(0x35ee94ce, 0x12ae381b), TOBN(0x3a7f176c, 0x86ccda90),
+     TOBN(0xc63a657e, 0x4606eaca), TOBN(0x9ae5a380, 0x43cd04df),
+     TOBN(0x9bec8d15, 0xed251b46), TOBN(0x1f5d6d30, 0xcaca5e64),
+     TOBN(0x347b3b35, 0x9ff20f07), TOBN(0x4d65f034, 0xf7e4b286),
+     TOBN(0x9e93ba24, 0xf111661e), TOBN(0xedced484, 0xb105eb04),
+     TOBN(0x96dc9ba1, 0xf424b578), TOBN(0xbf8f66b7, 0xe83e9069),
+     TOBN(0x872d4df4, 0xd7ed8216), TOBN(0xbf07f377, 0x8e2cbecf),
+     TOBN(0x4281d899, 0x98e73754), TOBN(0xfec85fbb, 0x8aab8708),
+     TOBN(0x9a3c0dee, 0xa5ba5b0b), TOBN(0xe6a116ce, 0x42d05299),
+     TOBN(0xae9775fe, 0xe9b02d42), TOBN(0x72b05200, 0xa1545cb6),
+     TOBN(0xbc506f7d, 0x31a3b4ea), TOBN(0xe5893078, 0x8bbd9b32),
+     TOBN(0xc8bc5f37, 0xe4b12a97), TOBN(0x6b000c06, 0x4a73b671),
+     TOBN(0x13b5bf22, 0x765fa7d0), TOBN(0x59805bf0, 0x1d6a5370),
+     TOBN(0x67a5e29d, 0x4280db98), TOBN(0x4f53916f, 0x776b1ce3),
+     TOBN(0x714ff61f, 0x33ddf626), TOBN(0x4206238e, 0xa085d103),
+     TOBN(0x1c50d4b7, 0xe5809ee3), TOBN(0x999f450d, 0x85f8eb1d),
+     TOBN(0x658a6051, 0xe4c79e9b), TOBN(0x1394cb73, 0xc66a9fea),
+     TOBN(0x27f31ed5, 0xc6be7b23), TOBN(0xf4c88f36, 0x5aa6f8fe),
+     TOBN(0x0fb0721f, 0x4aaa499e), TOBN(0x68b3a7d5, 0xe3fb2a6b),
+     TOBN(0xa788097d, 0x3a92851d), TOBN(0x060e7f8a, 0xe96f4913),
+     TOBN(0x82eebe73, 0x1a3a93bc), TOBN(0x42bbf465, 0xa21adc1a),
+     TOBN(0xc10b6fa4, 0xef030efd), TOBN(0x247aa4c7, 0x87b097bb),
+     TOBN(0x8b8dc632, 0xf60c77da), TOBN(0x6ffbc26a, 0xc223523e),
+     TOBN(0xa4f6ff11, 0x344579cf), TOBN(0x5825653c, 0x980250f6),
+     TOBN(0xb2dd097e, 0xbc1aa2b9), TOBN(0x07889393, 0x37a0333a),
+     TOBN(0x1cf55e71, 0x37a0db38), TOBN(0x2648487f, 0x792c1613),
+     TOBN(0xdad01336, 0x3fcef261), TOBN(0x6239c81d, 0x0eabf129),
+     TOBN(0x8ee761de, 0x9d276be2), TOBN(0x406a7a34, 0x1eda6ad3),
+     TOBN(0x4bf367ba, 0x4a493b31), TOBN(0x54f20a52, 0x9bf7f026),
+     TOBN(0xb696e062, 0x9795914b), TOBN(0xcddab96d, 0x8bf236ac),
+     TOBN(0x4ff2c70a, 0xed25ea13), TOBN(0xfa1d09eb, 0x81cbbbe7),
+     TOBN(0x88fc8c87, 0x468544c5), TOBN(0x847a670d, 0x696b3317),
+     TOBN(0xf133421e, 0x64bcb626), TOBN(0xaea638c8, 0x26dee0b5),
+     TOBN(0xd6e7680b, 0xb310346c), TOBN(0xe06f4097, 0xd5d4ced3),
+     TOBN(0x09961452, 0x7512a30b), TOBN(0xf3d867fd, 0xe589a59a),
+     TOBN(0x2e73254f, 0x52d0c180), TOBN(0x9063d8a3, 0x333c74ac),
+     TOBN(0xeda6c595, 0xd314e7bc), TOBN(0x2ee7464b, 0x467899ed),
+     TOBN(0x1cef423c, 0x0a1ed5d3), TOBN(0x217e76ea, 0x69cc7613),
+     TOBN(0x27ccce1f, 0xe7cda917), TOBN(0x12d8016b, 0x8a893f16),
+     TOBN(0xbcd6de84, 0x9fc74f6b), TOBN(0xfa5817e2, 0xf3144e61),
+     TOBN(0x1f354164, 0x0821ee4c), TOBN(0x1583eab4, 0x0bc61992),
+     TOBN(0x7490caf6, 0x1d72879f), TOBN(0x998ad9f3, 0xf76ae7b2),
+     TOBN(0x1e181950, 0xa41157f7), TOBN(0xa9d7e1e6, 0xe8da3a7e),
+     TOBN(0x963784eb, 0x8426b95f), TOBN(0x0ee4ed6e, 0x542e2a10),
+     TOBN(0xb79d4cc5, 0xac751e7b), TOBN(0x93f96472, 0xfd4211bd),
+     TOBN(0x8c72d3d2, 0xc8de4fc6), TOBN(0x7b69cbf5, 0xdf44f064),
+     TOBN(0x3da90ca2, 0xf4bf94e1), TOBN(0x1a5325f8, 0xf12894e2),
+     TOBN(0x0a437f6c, 0x7917d60b), TOBN(0x9be70486, 0x96c9cb5d),
+     TOBN(0xb4d880bf, 0xe1dc5c05), TOBN(0xd738adda, 0xeebeeb57),
+     TOBN(0x6f0119d3, 0xdf0fe6a3), TOBN(0x5c686e55, 0x66eaaf5a),
+     TOBN(0x9cb10b50, 0xdfd0b7ec), TOBN(0xbdd0264b, 0x6a497c21),
+     TOBN(0xfc093514, 0x8c546c96), TOBN(0x58a947fa, 0x79dbf42a),
+     TOBN(0xc0b48d4e, 0x49ccd6d7), TOBN(0xff8fb02c, 0x88bd5580),
+     TOBN(0xc75235e9, 0x07d473b2), TOBN(0x4fab1ac5, 0xa2188af3),
+     TOBN(0x030fa3bc, 0x97576ec0), TOBN(0xe8c946e8, 0x0b7e7d2f),
+     TOBN(0x40a5c9cc, 0x70305600), TOBN(0x6d8260a9, 0xc8b013b4),
+     TOBN(0x0368304f, 0x70bba85c), TOBN(0xad090da1, 0xa4a0d311),
+     TOBN(0x7170e870, 0x2415eec1), TOBN(0xbfba35fe, 0x8461ea47),
+     TOBN(0x6279019a, 0xc1e91938), TOBN(0xa47638f3, 0x1afc415f),
+     TOBN(0x36c65cbb, 0xbcba0e0f), TOBN(0x02160efb, 0x034e2c48),
+     TOBN(0xe6c51073, 0x615cd9e4), TOBN(0x498ec047, 0xf1243c06),
+     TOBN(0x3e5a8809, 0xb17b3d8c), TOBN(0x5cd99e61, 0x0cc565f1),
+     TOBN(0x81e312df, 0x7851dafe), TOBN(0xf156f5ba, 0xa79061e2),
+     TOBN(0x80d62b71, 0x880c590e), TOBN(0xbec9746f, 0x0a39faa1),
+     TOBN(0x1d98a9c1, 0xc8ed1f7a), TOBN(0x09e43bb5, 0xa81d5ff2),
+     TOBN(0xd5f00f68, 0x0da0794a), TOBN(0x412050d9, 0x661aa836),
+     TOBN(0xa89f7c4e, 0x90747e40), TOBN(0x6dc05ebb, 0xb62a3686),
+     TOBN(0xdf4de847, 0x308e3353), TOBN(0x53868fbb, 0x9fb53bb9),
+     TOBN(0x2b09d2c3, 0xcfdcf7dd), TOBN(0x41a9fce3, 0x723fcab4),
+     TOBN(0x73d905f7, 0x07f57ca3), TOBN(0x080f9fb1, 0xac8e1555),
+     TOBN(0x7c088e84, 0x9ba7a531), TOBN(0x07d35586, 0xed9a147f),
+     TOBN(0x602846ab, 0xaf48c336), TOBN(0x7320fd32, 0x0ccf0e79),
+     TOBN(0xaa780798, 0xb18bd1ff), TOBN(0x52c2e300, 0xafdd2905),
+     TOBN(0xf27ea3d6, 0x434267cd), TOBN(0x8b96d16d, 0x15605b5f),
+     TOBN(0x7bb31049, 0x4b45706b), TOBN(0xe7f58b8e, 0x743d25f8),
+     TOBN(0xe9b5e45b, 0x87f30076), TOBN(0xd19448d6, 0x5d053d5a),
+     TOBN(0x1ecc8cb9, 0xd3210a04), TOBN(0x6bc7d463, 0xdafb5269),
+     TOBN(0x3e59b10a, 0x67c3489f), TOBN(0x1769788c, 0x65641e1b),
+     TOBN(0x8a53b82d, 0xbd6cb838), TOBN(0x7066d6e6, 0x236d5f22),
+     TOBN(0x03aa1c61, 0x6908536e), TOBN(0xc971da0d, 0x66ae9809),
+     TOBN(0x01b3a86b, 0xc49a2fac), TOBN(0x3b8420c0, 0x3092e77a),
+     TOBN(0x02057300, 0x7d6fb556), TOBN(0x6941b2a1, 0xbff40a87),
+     TOBN(0x140b6308, 0x0658ff2a), TOBN(0x87804363, 0x3424ab36),
+     TOBN(0x0253bd51, 0x5751e299), TOBN(0xc75bcd76, 0x449c3e3a),
+     TOBN(0x92eb4090, 0x7f8f875d), TOBN(0x9c9d754e, 0x56c26bbf),
+     TOBN(0x158cea61, 0x8110bbe7), TOBN(0x62a6b802, 0x745f91ea),
+     TOBN(0xa79c41aa, 0xc6e7394b), TOBN(0x445b6a83, 0xad57ef10),
+     TOBN(0x0c5277eb, 0x6ea6f40c), TOBN(0x319fe96b, 0x88633365),
+     TOBN(0x0b0fc61f, 0x385f63cb), TOBN(0x41250c84, 0x22bdd127),
+     TOBN(0x67d153f1, 0x09e942c2), TOBN(0x60920d08, 0xc021ad5d),
+     TOBN(0x229f5746, 0x724d81a5), TOBN(0xb7ffb892, 0x5bba3299),
+     TOBN(0x518c51a1, 0xde413032), TOBN(0x2a9bfe77, 0x3c2fd94c),
+     TOBN(0xcbcde239, 0x3191f4fd), TOBN(0x43093e16, 0xd3d6ada1),
+     TOBN(0x184579f3, 0x58769606), TOBN(0x2c94a8b3, 0xd236625c),
+     TOBN(0x6922b9c0, 0x5c437d8e), TOBN(0x3d4ae423, 0xd8d9f3c8),
+     TOBN(0xf72c31c1, 0x2e7090a2), TOBN(0x4ac3f5f3, 0xd76a55bd),
+     TOBN(0x342508fc, 0x6b6af991), TOBN(0x0d527100, 0x1b5cebbd),
+     TOBN(0xb84740d0, 0xdd440dd7), TOBN(0x748ef841, 0x780162fd),
+     TOBN(0xa8dbfe0e, 0xdfc6fafb), TOBN(0xeadfdf05, 0xf7300f27),
+     TOBN(0x7d06555f, 0xfeba4ec9), TOBN(0x12c56f83, 0x9e25fa97),
+     TOBN(0x77f84203, 0xd39b8c34), TOBN(0xed8b1be6, 0x3125eddb),
+     TOBN(0x5bbf2441, 0xf6e39dc5), TOBN(0xb00f6ee6, 0x6a5d678a),
+     TOBN(0xba456ecf, 0x57d0ea99), TOBN(0xdcae0f58, 0x17e06c43),
+     TOBN(0x01643de4, 0x0f5b4baa), TOBN(0x2c324341, 0xd161b9be),
+     TOBN(0x80177f55, 0xe126d468), TOBN(0xed325f1f, 0x76748e09),
+     TOBN(0x6116004a, 0xcfa9bdc2), TOBN(0x2d8607e6, 0x3a9fb468),
+     TOBN(0x0e573e27, 0x6009d660), TOBN(0x3a525d2e, 0x8d10c5a1),
+     TOBN(0xd26cb45c, 0x3b9009a0), TOBN(0xb6b0cdc0, 0xde9d7448),
+     TOBN(0x949c9976, 0xe1337c26), TOBN(0x6faadebd, 0xd73d68e5),
+     TOBN(0x9e158614, 0xf1b768d9), TOBN(0x22dfa557, 0x9cc4f069),
+     TOBN(0xccd6da17, 0xbe93c6d6), TOBN(0x24866c61, 0xa504f5b9),
+     TOBN(0x2121353c, 0x8d694da1), TOBN(0x1c6ca580, 0x0140b8c6),
+     TOBN(0xc245ad8c, 0xe964021e), TOBN(0xb83bffba, 0x032b82b3),
+     TOBN(0xfaa220c6, 0x47ef9898), TOBN(0x7e8d3ac6, 0x982c948a),
+     TOBN(0x1faa2091, 0xbc2d124a), TOBN(0xbd54c3dd, 0x05b15ff4),
+     TOBN(0x386bf3ab, 0xc87c6fb7), TOBN(0xfb2b0563, 0xfdeb6f66),
+     TOBN(0x4e77c557, 0x5b45afb4), TOBN(0xe9ded649, 0xefb8912d),
+     TOBN(0x7ec9bbf5, 0x42f6e557), TOBN(0x2570dfff, 0x62671f00),
+     TOBN(0x2b3bfb78, 0x88e084bd), TOBN(0xa024b238, 0xf37fe5b4),
+     TOBN(0x44e7dc04, 0x95649aee), TOBN(0x498ca255, 0x5e7ec1d8),
+     TOBN(0x3bc766ea, 0xaaa07e86), TOBN(0x0db6facb, 0xf3608586),
+     TOBN(0xbadd2549, 0xbdc259c8), TOBN(0x95af3c6e, 0x041c649f),
+     TOBN(0xb36a928c, 0x02e30afb), TOBN(0x9b5356ad, 0x008a88b8),
+     TOBN(0x4b67a5f1, 0xcf1d9e9d), TOBN(0xc6542e47, 0xa5d8d8ce),
+     TOBN(0x73061fe8, 0x7adfb6cc), TOBN(0xcc826fd3, 0x98678141),
+     TOBN(0x00e758b1, 0x3c80515a), TOBN(0x6afe3247, 0x41485083),
+     TOBN(0x0fcb08b9, 0xb6ae8a75), TOBN(0xb8cf388d, 0x4acf51e1),
+     TOBN(0x344a5560, 0x6961b9d6), TOBN(0x1a6778b8, 0x6a97fd0c),
+     TOBN(0xd840fdc1, 0xecc4c7e3), TOBN(0xde9fe47d, 0x16db68cc),
+     TOBN(0xe95f89de, 0xa3e216aa), TOBN(0x84f1a6a4, 0x9594a8be),
+     TOBN(0x7ddc7d72, 0x5a7b162b), TOBN(0xc5cfda19, 0xadc817a3),
+     TOBN(0x80a5d350, 0x78b58d46), TOBN(0x93365b13, 0x82978f19),
+     TOBN(0x2e44d225, 0x26a1fc90), TOBN(0x0d6d10d2, 0x4d70705d),
+     TOBN(0xd94b6b10, 0xd70c45f4), TOBN(0x0f201022, 0xb216c079),
+     TOBN(0xcec966c5, 0x658fde41), TOBN(0xa8d2bc7d, 0x7e27601d),
+     TOBN(0xbfcce3e1, 0xff230be7), TOBN(0x3394ff6b, 0x0033ffb5),
+     TOBN(0xd890c509, 0x8132c9af), TOBN(0xaac4b0eb, 0x361e7868),
+     TOBN(0x5194ded3, 0xe82d15aa), TOBN(0x4550bd2e, 0x23ae6b7d),
+     TOBN(0x3fda318e, 0xea5399d4), TOBN(0xd989bffa, 0x91638b80),
+     TOBN(0x5ea124d0, 0xa14aa12d), TOBN(0x1fb1b899, 0x3667b944),
+     TOBN(0x95ec7969, 0x44c44d6a), TOBN(0x91df144a, 0x57e86137),
+     TOBN(0x915fd620, 0x73adac44), TOBN(0x8f01732d, 0x59a83801),
+     TOBN(0xec579d25, 0x3aa0a633), TOBN(0x06de5e7c, 0xc9d6d59c),
+     TOBN(0xc132f958, 0xb1ef8010), TOBN(0x29476f96, 0xe65c1a02),
+     TOBN(0x336a77c0, 0xd34c3565), TOBN(0xef1105b2, 0x1b9f1e9e),
+     TOBN(0x63e6d08b, 0xf9e08002), TOBN(0x9aff2f21, 0xc613809e),
+     TOBN(0xb5754f85, 0x3a80e75d), TOBN(0xde71853e, 0x6bbda681),
+     TOBN(0x86f041df, 0x8197fd7a), TOBN(0x8b332e08, 0x127817fa),
+     TOBN(0x05d99be8, 0xb9c20cda), TOBN(0x89f7aad5, 0xd5cd0c98),
+     TOBN(0x7ef936fe, 0x5bb94183), TOBN(0x92ca0753, 0xb05cd7f2),
+     TOBN(0x9d65db11, 0x74a1e035), TOBN(0x02628cc8, 0x13eaea92),
+     TOBN(0xf2d9e242, 0x49e4fbf2), TOBN(0x94fdfd9b, 0xe384f8b7),
+     TOBN(0x65f56054, 0x63428c6b), TOBN(0x2f7205b2, 0x90b409a5),
+     TOBN(0xf778bb78, 0xff45ae11), TOBN(0xa13045be, 0xc5ee53b2),
+     TOBN(0xe00a14ff, 0x03ef77fe), TOBN(0x689cd59f, 0xffef8bef),
+     TOBN(0x3578f0ed, 0x1e9ade22), TOBN(0xe99f3ec0, 0x6268b6a8),
+     TOBN(0xa2057d91, 0xea1b3c3e), TOBN(0x2d1a7053, 0xb8823a4a),
+     TOBN(0xabbb336a, 0x2cca451e), TOBN(0xcd2466e3, 0x2218bb5d),
+     TOBN(0x3ac1f42f, 0xc8cb762d), TOBN(0x7e312aae, 0x7690211f),
+     TOBN(0xebb9bd73, 0x45d07450), TOBN(0x207c4b82, 0x46c2213f),
+     TOBN(0x99d425c1, 0x375913ec), TOBN(0x94e45e96, 0x67908220),
+     TOBN(0xc08f3087, 0xcd67dbf6), TOBN(0xa5670fbe, 0xc0887056),
+     TOBN(0x6717b64a, 0x66f5b8fc), TOBN(0xd5a56aea, 0x786fec28),
+     TOBN(0xa8c3f55f, 0xc0ff4952), TOBN(0xa77fefae, 0x457ac49b),
+     TOBN(0x29882d7c, 0x98379d44), TOBN(0xd000bdfb, 0x509edc8a),
+     TOBN(0xc6f95979, 0xe66fe464), TOBN(0x504a6115, 0xfa61bde0),
+     TOBN(0x56b3b871, 0xeffea31a), TOBN(0x2d3de26d, 0xf0c21a54),
+     TOBN(0x21dbff31, 0x834753bf), TOBN(0xe67ecf49, 0x69269d86),
+     TOBN(0x7a176952, 0x151fe690), TOBN(0x03515804, 0x7f2adb5f),
+     TOBN(0xee794b15, 0xd1b62a8d), TOBN(0xf004ceec, 0xaae454e6),
+     TOBN(0x0897ea7c, 0xf0386fac), TOBN(0x3b62ff12, 0xd1fca751),
+     TOBN(0x154181df, 0x1b7a04ec), TOBN(0x2008e04a, 0xfb5847ec),
+     TOBN(0xd147148e, 0x41dbd772), TOBN(0x2b419f73, 0x22942654),
+     TOBN(0x669f30d3, 0xe9c544f7), TOBN(0x52a2c223, 0xc8540149),
+     TOBN(0x5da9ee14, 0x634dfb02), TOBN(0x5f074ff0, 0xf47869f3),
+     TOBN(0x74ee878d, 0xa3933acc), TOBN(0xe6510651, 0x4fe35ed1),
+     TOBN(0xb3eb9482, 0xf1012e7a), TOBN(0x51013cc0, 0xa8a566ae),
+     TOBN(0xdd5e9243, 0x47c00d3b), TOBN(0x7fde089d, 0x946bb0e5),
+     TOBN(0x030754fe, 0xc731b4b3), TOBN(0x12a136a4, 0x99fda062),
+     TOBN(0x7c1064b8, 0x5a1a35bc), TOBN(0xbf1f5763, 0x446c84ef),
+     TOBN(0xed29a56d, 0xa16d4b34), TOBN(0x7fba9d09, 0xdca21c4f),
+     TOBN(0x66d7ac00, 0x6d8de486), TOBN(0x60061987, 0x73a2a5e1),
+     TOBN(0x8b400f86, 0x9da28ff0), TOBN(0x3133f708, 0x43c4599c),
+     TOBN(0x9911c9b8, 0xee28cb0d), TOBN(0xcd7e2874, 0x8e0af61d),
+     TOBN(0x5a85f0f2, 0x72ed91fc), TOBN(0x85214f31, 0x9cd4a373),
+     TOBN(0x881fe5be, 0x1925253c), TOBN(0xd8dc98e0, 0x91e8bc76),
+     TOBN(0x7120affe, 0x585cc3a2), TOBN(0x724952ed, 0x735bf97a),
+     TOBN(0x5581e7dc, 0x3eb34581), TOBN(0x5cbff4f2, 0xe52ee57d),
+     TOBN(0x8d320a0e, 0x87d8cc7b), TOBN(0x9beaa7f3, 0xf1d280d0),
+     TOBN(0x7a0b9571, 0x9beec704), TOBN(0x9126332e, 0x5b7f0057),
+     TOBN(0x01fbc1b4, 0x8ed3bd6d), TOBN(0x35bb2c12, 0xd945eb24),
+     TOBN(0x6404694e, 0x9a8ae255), TOBN(0xb6092eec, 0x8d6abfb3),
+     TOBN(0x4d76143f, 0xcc058865), TOBN(0x7b0a5af2, 0x6e249922),
+     TOBN(0x8aef9440, 0x6a50d353), TOBN(0xe11e4bcc, 0x64f0e07a),
+     TOBN(0x4472993a, 0xa14a90fa), TOBN(0x7706e20c, 0xba0c51d4),
+     TOBN(0xf403292f, 0x1532672d), TOBN(0x52573bfa, 0x21829382),
+     TOBN(0x6a7bb6a9, 0x3b5bdb83), TOBN(0x08da65c0, 0xa4a72318),
+     TOBN(0xc58d22aa, 0x63eb065f), TOBN(0x1717596c, 0x1b15d685),
+     TOBN(0x112df0d0, 0xb266d88b), TOBN(0xf688ae97, 0x5941945a),
+     TOBN(0x487386e3, 0x7c292cac), TOBN(0x42f3b50d, 0x57d6985c),
+     TOBN(0x6da4f998, 0x6a90fc34), TOBN(0xc8f257d3, 0x65ca8a8d),
+     TOBN(0xc2feabca, 0x6951f762), TOBN(0xe1bc81d0, 0x74c323ac),
+     TOBN(0x1bc68f67, 0x251a2a12), TOBN(0x10d86587, 0xbe8a70dc),
+     TOBN(0xd648af7f, 0xf0f84d2e), TOBN(0xf0aa9ebc, 0x6a43ac92),
+     TOBN(0x69e3be04, 0x27596893), TOBN(0xb6bb02a6, 0x45bf452b),
+     TOBN(0x0875c11a, 0xf4c698c8), TOBN(0x6652b5c7, 0xbece3794),
+     TOBN(0x7b3755fd, 0x4f5c0499), TOBN(0x6ea16558, 0xb5532b38),
+     TOBN(0xd1c69889, 0xa2e96ef7), TOBN(0x9c773c3a, 0x61ed8f48),
+     TOBN(0x2b653a40, 0x9b323abc), TOBN(0xe26605e1, 0xf0e1d791),
+     TOBN(0x45d41064, 0x4a87157a), TOBN(0x8f9a78b7, 0xcbbce616),
+     TOBN(0xcf1e44aa, 0xc407eddd), TOBN(0x81ddd1d8, 0xa35b964f),
+     TOBN(0x473e339e, 0xfd083999), TOBN(0x6c94bdde, 0x8e796802),
+     TOBN(0x5a304ada, 0x8545d185), TOBN(0x82ae44ea, 0x738bb8cb),
+     TOBN(0x628a35e3, 0xdf87e10e), TOBN(0xd3624f3d, 0xa15b9fe3),
+     TOBN(0xcc44209b, 0x14be4254), TOBN(0x7d0efcbc, 0xbdbc2ea5),
+     TOBN(0x1f603362, 0x04c37bbe), TOBN(0x21f363f5, 0x56a5852c),
+     TOBN(0xa1503d1c, 0xa8501550), TOBN(0x2251e0e1, 0xd8ab10bb),
+     TOBN(0xde129c96, 0x6961c51c), TOBN(0x1f7246a4, 0x81910f68),
+     TOBN(0x2eb744ee, 0x5f2591f2), TOBN(0x3c47d33f, 0x5e627157),
+     TOBN(0x4d6d62c9, 0x22f3bd68), TOBN(0x6120a64b, 0xcb8df856),
+     TOBN(0x3a9ac6c0, 0x7b5d07df), TOBN(0xa92b9558, 0x7ef39783),
+     TOBN(0xe128a134, 0xab3a9b4f), TOBN(0x41c18807, 0xb1252f05),
+     TOBN(0xfc7ed089, 0x80ba9b1c), TOBN(0xac8dc6de, 0xc532a9dd),
+     TOBN(0xbf829cef, 0x55246809), TOBN(0x101b784f, 0x5b4ee80f),
+     TOBN(0xc09945bb, 0xb6f11603), TOBN(0x57b09dbe, 0x41d2801e),
+     TOBN(0xfba5202f, 0xa97534a8), TOBN(0x7fd8ae5f, 0xc17b9614),
+     TOBN(0xa50ba666, 0x78308435), TOBN(0x9572f77c, 0xd3868c4d),
+     TOBN(0x0cef7bfd, 0x2dd7aab0), TOBN(0xe7958e08, 0x2c7c79ff),
+     TOBN(0x81262e42, 0x25346689), TOBN(0x716da290, 0xb07c7004),
+     TOBN(0x35f911ea, 0xb7950ee3), TOBN(0x6fd72969, 0x261d21b5),
+     TOBN(0x52389803, 0x08b640d3), TOBN(0x5b0026ee, 0x887f12a1),
+     TOBN(0x20e21660, 0x742e9311), TOBN(0x0ef6d541, 0x5ff77ff7),
+     TOBN(0x969127f0, 0xf9c41135), TOBN(0xf21d60c9, 0x68a64993),
+     TOBN(0x656e5d0c, 0xe541875c), TOBN(0xf1e0f84e, 0xa1d3c233),
+     TOBN(0x9bcca359, 0x06002d60), TOBN(0xbe2da60c, 0x06191552),
+     TOBN(0x5da8bbae, 0x61181ec3), TOBN(0x9f04b823, 0x65806f19),
+     TOBN(0xf1604a7d, 0xd4b79bb8), TOBN(0xaee806fb, 0x52c878c8),
+     TOBN(0x34144f11, 0x8d47b8e8), TOBN(0x72edf52b, 0x949f9054),
+     TOBN(0xebfca84e, 0x2127015a), TOBN(0x9051d0c0, 0x9cb7cef3),
+     TOBN(0x86e8fe58, 0x296deec8), TOBN(0x33b28188, 0x41010d74),}
+    ,
+    {TOBN(0x01079383, 0x171b445f), TOBN(0x9bcf21e3, 0x8131ad4c),
+     TOBN(0x8cdfe205, 0xc93987e8), TOBN(0xe63f4152, 0xc92e8c8f),
+     TOBN(0x729462a9, 0x30add43d), TOBN(0x62ebb143, 0xc980f05a),
+     TOBN(0x4f3954e5, 0x3b06e968), TOBN(0xfe1d75ad, 0x242cf6b1),
+     TOBN(0x5f95c6c7, 0xaf8685c8), TOBN(0xd4c1c8ce, 0x2f8f01aa),
+     TOBN(0xc44bbe32, 0x2574692a), TOBN(0xb8003478, 0xd4a4a068),
+     TOBN(0x7c8fc6e5, 0x2eca3cdb), TOBN(0xea1db16b, 0xec04d399),
+     TOBN(0xb05bc82e, 0x8f2bc5cf), TOBN(0x763d517f, 0xf44793d2),
+     TOBN(0x4451c1b8, 0x08bd98d0), TOBN(0x644b1cd4, 0x6575f240),
+     TOBN(0x6907eb33, 0x7375d270), TOBN(0x56c8bebd, 0xfa2286bd),
+     TOBN(0xc713d2ac, 0xc4632b46), TOBN(0x17da427a, 0xafd60242),
+     TOBN(0x313065b7, 0xc95c7546), TOBN(0xf8239898, 0xbf17a3de),
+     TOBN(0xf3b7963f, 0x4c830320), TOBN(0x842c7aa0, 0x903203e3),
+     TOBN(0xaf22ca0a, 0xe7327afb), TOBN(0x38e13092, 0x967609b6),
+     TOBN(0x73b8fb62, 0x757558f1), TOBN(0x3cc3e831, 0xf7eca8c1),
+     TOBN(0xe4174474, 0xf6331627), TOBN(0xa77989ca, 0xc3c40234),
+     TOBN(0xe5fd17a1, 0x44a081e0), TOBN(0xd797fb7d, 0xb70e296a),
+     TOBN(0x2b472b30, 0x481f719c), TOBN(0x0e632a98, 0xfe6f8c52),
+     TOBN(0x89ccd116, 0xc5f0c284), TOBN(0xf51088af, 0x2d987c62),
+     TOBN(0x2a2bccda, 0x4c2de6cf), TOBN(0x810f9efe, 0xf679f0f9),
+     TOBN(0xb0f394b9, 0x7ffe4b3e), TOBN(0x0b691d21, 0xe5fa5d21),
+     TOBN(0xb0bd7747, 0x9dfbbc75), TOBN(0xd2830fda, 0xfaf78b00),
+     TOBN(0xf78c249c, 0x52434f57), TOBN(0x4b1f7545, 0x98096dab),
+     TOBN(0x73bf6f94, 0x8ff8c0b3), TOBN(0x34aef03d, 0x454e134c),
+     TOBN(0xf8d151f4, 0xb7ac7ec5), TOBN(0xd6ceb95a, 0xe50da7d5),
+     TOBN(0xa1b492b0, 0xdc3a0eb8), TOBN(0x75157b69, 0xb3dd2863),
+     TOBN(0xe2c4c74e, 0xc5413d62), TOBN(0xbe329ff7, 0xbc5fc4c7),
+     TOBN(0x835a2aea, 0x60fa9dda), TOBN(0xf117f5ad, 0x7445cb87),
+     TOBN(0xae8317f4, 0xb0166f7a), TOBN(0xfbd3e3f7, 0xceec74e6),
+     TOBN(0xfdb516ac, 0xe0874bfd), TOBN(0x3d846019, 0xc681f3a3),
+     TOBN(0x0b12ee5c, 0x7c1620b0), TOBN(0xba68b4dd, 0x2b63c501),
+     TOBN(0xac03cd32, 0x6668c51e), TOBN(0x2a6279f7, 0x4e0bcb5b),
+     TOBN(0x17bd69b0, 0x6ae85c10), TOBN(0x72946979, 0x1dfdd3a6),
+     TOBN(0xd9a03268, 0x2c078bec), TOBN(0x41c6a658, 0xbfd68a52),
+     TOBN(0xcdea1024, 0x0e023900), TOBN(0xbaeec121, 0xb10d144d),
+     TOBN(0x5a600e74, 0x058ab8dc), TOBN(0x1333af21, 0xbb89ccdd),
+     TOBN(0xdf25eae0, 0x3aaba1f1), TOBN(0x2cada16e, 0x3b7144cf),
+     TOBN(0x657ee27d, 0x71ab98bc), TOBN(0x99088b4c, 0x7a6fc96e),
+     TOBN(0x05d5c0a0, 0x3549dbd4), TOBN(0x42cbdf8f, 0xf158c3ac),
+     TOBN(0x3fb6b3b0, 0x87edd685), TOBN(0x22071cf6, 0x86f064d0),
+     TOBN(0xd2d6721f, 0xff2811e5), TOBN(0xdb81b703, 0xfe7fae8c),
+     TOBN(0x3cfb74ef, 0xd3f1f7bb), TOBN(0x0cdbcd76, 0x16cdeb5d),
+     TOBN(0x4f39642a, 0x566a808c), TOBN(0x02b74454, 0x340064d6),
+     TOBN(0xfabbadca, 0x0528fa6f), TOBN(0xe4c3074c, 0xd3fc0bb6),
+     TOBN(0xb32cb8b0, 0xb796d219), TOBN(0xc3e95f4f, 0x34741dd9),
+     TOBN(0x87212125, 0x68edf6f5), TOBN(0x7a03aee4, 0xa2b9cb8e),
+     TOBN(0x0cd3c376, 0xf53a89aa), TOBN(0x0d8af9b1, 0x948a28dc),
+     TOBN(0xcf86a3f4, 0x902ab04f), TOBN(0x8aacb62a, 0x7f42002d),
+     TOBN(0x106985eb, 0xf62ffd52), TOBN(0xe670b54e, 0x5797bf10),
+     TOBN(0x4b405209, 0xc5e30aef), TOBN(0x12c97a20, 0x4365b5e9),
+     TOBN(0x104646ce, 0x1fe32093), TOBN(0x13cb4ff6, 0x3907a8c9),
+     TOBN(0x8b9f30d1, 0xd46e726b), TOBN(0xe1985e21, 0xaba0f499),
+     TOBN(0xc573dea9, 0x10a230cd), TOBN(0x24f46a93, 0xcd30f947),
+     TOBN(0xf2623fcf, 0xabe2010a), TOBN(0x3f278cb2, 0x73f00e4f),
+     TOBN(0xed55c67d, 0x50b920eb), TOBN(0xf1cb9a2d, 0x8e760571),
+     TOBN(0x7c50d109, 0x0895b709), TOBN(0x4207cf07, 0x190d4369),
+     TOBN(0x3b027e81, 0xc4127fe1), TOBN(0xa9f8b9ad, 0x3ae9c566),
+     TOBN(0x5ab10851, 0xacbfbba5), TOBN(0xa747d648, 0x569556f5),
+     TOBN(0xcc172b5c, 0x2ba97bf7), TOBN(0x15e0f77d, 0xbcfa3324),
+     TOBN(0xa345b797, 0x7686279d), TOBN(0x5a723480, 0xe38003d3),
+     TOBN(0xfd8e139f, 0x8f5fcda8), TOBN(0xf3e558c4, 0xbdee5bfd),
+     TOBN(0xd76cbaf4, 0xe33f9f77), TOBN(0x3a4c97a4, 0x71771969),
+     TOBN(0xda27e84b, 0xf6dce6a7), TOBN(0xff373d96, 0x13e6c2d1),
+     TOBN(0xf115193c, 0xd759a6e9), TOBN(0x3f9b7025, 0x63d2262c),
+     TOBN(0xd9764a31, 0x317cd062), TOBN(0x30779d8e, 0x199f8332),
+     TOBN(0xd8074106, 0x16b11b0b), TOBN(0x7917ab9f, 0x78aeaed8),
+     TOBN(0xb67a9cbe, 0x28fb1d8e), TOBN(0x2e313563, 0x136eda33),
+     TOBN(0x010b7069, 0xa371a86c), TOBN(0x44d90fa2, 0x6744e6b7),
+     TOBN(0x68190867, 0xd6b3e243), TOBN(0x9fe6cd9d, 0x59048c48),
+     TOBN(0xb900b028, 0x95731538), TOBN(0xa012062f, 0x32cae04f),
+     TOBN(0x8107c8bc, 0x9399d082), TOBN(0x47e8c54a, 0x41df12e2),
+     TOBN(0x14ba5117, 0xb6ef3f73), TOBN(0x22260bea, 0x81362f0b),
+     TOBN(0x90ea261e, 0x1a18cc20), TOBN(0x2192999f, 0x2321d636),
+     TOBN(0xef64d314, 0xe311b6a0), TOBN(0xd7401e4c, 0x3b54a1f5),
+     TOBN(0x19019983, 0x6fbca2ba), TOBN(0x46ad3293, 0x8fbffc4b),
+     TOBN(0xa142d3f6, 0x3786bf40), TOBN(0xeb5cbc26, 0xb67039fc),
+     TOBN(0x9cb0ae6c, 0x252bd479), TOBN(0x05e0f88a, 0x12b5848f),
+     TOBN(0x78f6d2b2, 0xa5c97663), TOBN(0x6f6e149b, 0xc162225c),
+     TOBN(0xe602235c, 0xde601a89), TOBN(0xd17bbe98, 0xf373be1f),
+     TOBN(0xcaf49a5b, 0xa8471827), TOBN(0x7e1a0a85, 0x18aaa116),
+     TOBN(0x6c833196, 0x270580c3), TOBN(0x1e233839, 0xf1c98a14),
+     TOBN(0x67b2f7b4, 0xae34e0a5), TOBN(0x47ac8745, 0xd8ce7289),
+     TOBN(0x2b74779a, 0x100dd467), TOBN(0x274a4337, 0x4ee50d09),
+     TOBN(0x603dcf13, 0x83608bc9), TOBN(0xcd9da6c3, 0xc89e8388),
+     TOBN(0x2660199f, 0x355116ac), TOBN(0xcc38bb59, 0xb6d18eed),
+     TOBN(0x3075f31f, 0x2f4bc071), TOBN(0x9774457f, 0x265dc57e),
+     TOBN(0x06a6a9c8, 0xc6db88bb), TOBN(0x6429d07f, 0x4ec98e04),
+     TOBN(0x8d05e57b, 0x05ecaa8b), TOBN(0x20f140b1, 0x7872ea7b),
+     TOBN(0xdf8c0f09, 0xca494693), TOBN(0x48d3a020, 0xf252e909),
+     TOBN(0x4c5c29af, 0x57b14b12), TOBN(0x7e6fa37d, 0xbf47ad1c),
+     TOBN(0x66e7b506, 0x49a0c938), TOBN(0xb72c0d48, 0x6be5f41f),
+     TOBN(0x6a6242b8, 0xb2359412), TOBN(0xcd35c774, 0x8e859480),
+     TOBN(0x12536fea, 0x87baa627), TOBN(0x58c1fec1, 0xf72aa680),
+     TOBN(0x6c29b637, 0x601e5dc9), TOBN(0x9e3c3c1c, 0xde9e01b9),
+     TOBN(0xefc8127b, 0x2bcfe0b0), TOBN(0x35107102, 0x2a12f50d),
+     TOBN(0x6ccd6cb1, 0x4879b397), TOBN(0xf792f804, 0xf8a82f21),
+     TOBN(0x509d4804, 0xa9b46402), TOBN(0xedddf85d, 0xc10f0850),
+     TOBN(0x928410dc, 0x4b6208aa), TOBN(0xf6229c46, 0x391012dc),
+     TOBN(0xc5a7c41e, 0x7727b9b6), TOBN(0x289e4e4b, 0xaa444842),
+     TOBN(0x049ba1d9, 0xe9a947ea), TOBN(0x44f9e47f, 0x83c8debc),
+     TOBN(0xfa77a1fe, 0x611f8b8e), TOBN(0xfd2e416a, 0xf518f427),
+     TOBN(0xc5fffa70, 0x114ebac3), TOBN(0xfe57c4e9, 0x5d89697b),
+     TOBN(0xfdd053ac, 0xb1aaf613), TOBN(0x31df210f, 0xea585a45),
+     TOBN(0x318cc10e, 0x24985034), TOBN(0x1a38efd1, 0x5f1d6130),
+     TOBN(0xbf86f237, 0x0b1e9e21), TOBN(0xb258514d, 0x1dbe88aa),
+     TOBN(0x1e38a588, 0x90c1baf9), TOBN(0x2936a01e, 0xbdb9b692),
+     TOBN(0xd576de98, 0x6dd5b20c), TOBN(0xb586bf71, 0x70f98ecf),
+     TOBN(0xcccf0f12, 0xc42d2fd7), TOBN(0x8717e61c, 0xfb35bd7b),
+     TOBN(0x8b1e5722, 0x35e6fc06), TOBN(0x3477728f, 0x0b3e13d5),
+     TOBN(0x150c294d, 0xaa8a7372), TOBN(0xc0291d43, 0x3bfa528a),
+     TOBN(0xc6c8bc67, 0xcec5a196), TOBN(0xdeeb31e4, 0x5c2e8a7c),
+     TOBN(0xba93e244, 0xfb6e1c51), TOBN(0xb9f8b71b, 0x2e28e156),
+     TOBN(0xce65a287, 0x968a2ab9), TOBN(0xe3c5ce69, 0x46bbcb1f),
+     TOBN(0xf8c835b9, 0xe7ae3f30), TOBN(0x16bbee26, 0xff72b82b),
+     TOBN(0x665e2017, 0xfd42cd22), TOBN(0x1e139970, 0xf8b1d2a0),
+     TOBN(0x125cda29, 0x79204932), TOBN(0x7aee94a5, 0x49c3bee5),
+     TOBN(0x68c70160, 0x89821a66), TOBN(0xf7c37678, 0x8f981669),
+     TOBN(0xd90829fc, 0x48cc3645), TOBN(0x346af049, 0xd70addfc),
+     TOBN(0x2057b232, 0x370bf29c), TOBN(0xf90c73ce, 0x42e650ee),
+     TOBN(0xe03386ea, 0xa126ab90), TOBN(0x0e266e7e, 0x975a087b),
+     TOBN(0x80578eb9, 0x0fca65d9), TOBN(0x7e2989ea, 0x16af45b8),
+     TOBN(0x7438212d, 0xcac75a4e), TOBN(0x38c7ca39, 0x4fef36b8),
+     TOBN(0x8650c494, 0xd402676a), TOBN(0x26ab5a66, 0xf72c7c48),
+     TOBN(0x4e6cb426, 0xce3a464e), TOBN(0xf8f99896, 0x2b72f841),
+     TOBN(0x8c318491, 0x1a335cc8), TOBN(0x563459ba, 0x6a5913e4),
+     TOBN(0x1b920d61, 0xc7b32919), TOBN(0x805ab8b6, 0xa02425ad),
+     TOBN(0x2ac512da, 0x8d006086), TOBN(0x6ca4846a, 0xbcf5c0fd),
+     TOBN(0xafea51d8, 0xac2138d7), TOBN(0xcb647545, 0x344cd443),
+     TOBN(0x0429ee8f, 0xbd7d9040), TOBN(0xee66a2de, 0x819b9c96),
+     TOBN(0x54f9ec25, 0xdea7d744), TOBN(0x2ffea642, 0x671721bb),
+     TOBN(0x4f19dbd1, 0x114344ea), TOBN(0x04304536, 0xfd0dbc8b),
+     TOBN(0x014b50aa, 0x29ec7f91), TOBN(0xb5fc22fe, 0xbb06014d),
+     TOBN(0x60d963a9, 0x1ee682e0), TOBN(0xdf48abc0, 0xfe85c727),
+     TOBN(0x0cadba13, 0x2e707c2d), TOBN(0xde608d3a, 0xa645aeff),
+     TOBN(0x05f1c28b, 0xedafd883), TOBN(0x3c362ede, 0xbd94de1f),
+     TOBN(0x8dd0629d, 0x13593e41), TOBN(0x0a5e736f, 0x766d6eaf),
+     TOBN(0xbfa92311, 0xf68cf9d1), TOBN(0xa4f9ef87, 0xc1797556),
+     TOBN(0x10d75a1f, 0x5601c209), TOBN(0x651c374c, 0x09b07361),
+     TOBN(0x49950b58, 0x88b5cead), TOBN(0x0ef00058, 0x6fa9dbaa),
+     TOBN(0xf51ddc26, 0x4e15f33a), TOBN(0x1f8b5ca6, 0x2ef46140),
+     TOBN(0x343ac0a3, 0xee9523f0), TOBN(0xbb75eab2, 0x975ea978),
+     TOBN(0x1bccf332, 0x107387f4), TOBN(0x790f9259, 0x9ab0062e),
+     TOBN(0xf1a363ad, 0x1e4f6a5f), TOBN(0x06e08b84, 0x62519a50),
+     TOBN(0x60915187, 0x7265f1ee), TOBN(0x6a80ca34, 0x93ae985e),
+     TOBN(0x81b29768, 0xaaba4864), TOBN(0xb13cabf2, 0x8d52a7d6),
+     TOBN(0xb5c36348, 0x8ead03f1), TOBN(0xc932ad95, 0x81c7c1c0),
+     TOBN(0x5452708e, 0xcae1e27b), TOBN(0x9dac4269, 0x1b0df648),
+     TOBN(0x233e3f0c, 0xdfcdb8bc), TOBN(0xe6ceccdf, 0xec540174),
+     TOBN(0xbd0d845e, 0x95081181), TOBN(0xcc8a7920, 0x699355d5),
+     TOBN(0x111c0f6d, 0xc3b375a8), TOBN(0xfd95bc6b, 0xfd51e0dc),
+     TOBN(0x4a106a26, 0x6888523a), TOBN(0x4d142bd6, 0xcb01a06d),
+     TOBN(0x79bfd289, 0xadb9b397), TOBN(0x0bdbfb94, 0xe9863914),
+     TOBN(0x29d8a229, 0x1660f6a6), TOBN(0x7f6abcd6, 0x551c042d),
+     TOBN(0x13039deb, 0x0ac3ffe8), TOBN(0xa01be628, 0xec8523fb),
+     TOBN(0x6ea34103, 0x0ca1c328), TOBN(0xc74114bd, 0xb903928e),
+     TOBN(0x8aa4ff4e, 0x9e9144b0), TOBN(0x7064091f, 0x7f9a4b17),
+     TOBN(0xa3f4f521, 0xe447f2c4), TOBN(0x81b8da7a, 0x604291f0),
+     TOBN(0xd680bc46, 0x7d5926de), TOBN(0x84f21fd5, 0x34a1202f),
+     TOBN(0x1d1e3181, 0x4e9df3d8), TOBN(0x1ca4861a, 0x39ab8d34),
+     TOBN(0x809ddeec, 0x5b19aa4a), TOBN(0x59f72f7e, 0x4d329366),
+     TOBN(0xa2f93f41, 0x386d5087), TOBN(0x40bf739c, 0xdd67d64f),
+     TOBN(0xb4494205, 0x66702158), TOBN(0xc33c65be, 0x73b1e178),
+     TOBN(0xcdcd657c, 0x38ca6153), TOBN(0x97f4519a, 0xdc791976),
+     TOBN(0xcc7c7f29, 0xcd6e1f39), TOBN(0x38de9cfb, 0x7e3c3932),
+     TOBN(0xe448eba3, 0x7b793f85), TOBN(0xe9f8dbf9, 0xf067e914),
+     TOBN(0xc0390266, 0xf114ae87), TOBN(0x39ed75a7, 0xcd6a8e2a),
+     TOBN(0xadb14848, 0x7ffba390), TOBN(0x67f8cb8b, 0x6af9bc09),
+     TOBN(0x322c3848, 0x9c7476db), TOBN(0xa320fecf, 0x52a538d6),
+     TOBN(0xe0493002, 0xb2aced2b), TOBN(0xdfba1809, 0x616bd430),
+     TOBN(0x531c4644, 0xc331be70), TOBN(0xbc04d32e, 0x90d2e450),
+     TOBN(0x1805a0d1, 0x0f9f142d), TOBN(0x2c44a0c5, 0x47ee5a23),
+     TOBN(0x31875a43, 0x3989b4e3), TOBN(0x6b1949fd, 0x0c063481),
+     TOBN(0x2dfb9e08, 0xbe0f4492), TOBN(0x3ff0da03, 0xe9d5e517),
+     TOBN(0x03dbe9a1, 0xf79466a8), TOBN(0x0b87bcd0, 0x15ea9932),
+     TOBN(0xeb64fc83, 0xab1f58ab), TOBN(0x6d9598da, 0x817edc8a),
+     TOBN(0x699cff66, 0x1d3b67e5), TOBN(0x645c0f29, 0x92635853),
+     TOBN(0x253cdd82, 0xeabaf21c), TOBN(0x82b9602a, 0x2241659e),
+     TOBN(0x2cae07ec, 0x2d9f7091), TOBN(0xbe4c720c, 0x8b48cd9b),
+     TOBN(0x6ce5bc03, 0x6f08d6c9), TOBN(0x36e8a997, 0xaf10bf40),
+     TOBN(0x83422d21, 0x3e10ff12), TOBN(0x7b26d3eb, 0xbcc12494),
+     TOBN(0xb240d2d0, 0xc9469ad6), TOBN(0xc4a11b4d, 0x30afa05b),
+     TOBN(0x4b604ace, 0xdd6ba286), TOBN(0x18486600, 0x3ee2864c),
+     TOBN(0x5869d6ba, 0x8d9ce5be), TOBN(0x0d8f68c5, 0xff4bfb0d),
+     TOBN(0xb69f210b, 0x5700cf73), TOBN(0x61f6653a, 0x6d37c135),
+     TOBN(0xff3d432b, 0x5aff5a48), TOBN(0x0d81c4b9, 0x72ba3a69),
+     TOBN(0xee879ae9, 0xfa1899ef), TOBN(0xbac7e2a0, 0x2d6acafd),
+     TOBN(0xd6d93f6c, 0x1c664399), TOBN(0x4c288de1, 0x5bcb135d),
+     TOBN(0x83031dab, 0x9dab7cbf), TOBN(0xfe23feb0, 0x3abbf5f0),
+     TOBN(0x9f1b2466, 0xcdedca85), TOBN(0x140bb710, 0x1a09538c),
+     TOBN(0xac8ae851, 0x5e11115d), TOBN(0x0d63ff67, 0x6f03f59e),
+     TOBN(0x755e5551, 0x7d234afb), TOBN(0x61c2db4e, 0x7e208fc1),
+     TOBN(0xaa9859ce, 0xf28a4b5d), TOBN(0xbdd6d4fc, 0x34af030f),
+     TOBN(0xd1c4a26d, 0x3be01cb1), TOBN(0x9ba14ffc, 0x243aa07c),
+     TOBN(0xf95cd3a9, 0xb2503502), TOBN(0xe379bc06, 0x7d2a93ab),
+     TOBN(0x3efc18e9, 0xd4ca8d68), TOBN(0x083558ec, 0x80bb412a),
+     TOBN(0xd903b940, 0x9645a968), TOBN(0xa499f0b6, 0x9ba6054f),
+     TOBN(0x208b573c, 0xb8349abe), TOBN(0x3baab3e5, 0x30b4fc1c),
+     TOBN(0x87e978ba, 0xcb524990), TOBN(0x3524194e, 0xccdf0e80),
+     TOBN(0x62711725, 0x7d4bcc42), TOBN(0xe90a3d9b, 0xb90109ba),
+     TOBN(0x3b1bdd57, 0x1323e1e0), TOBN(0xb78e9bd5, 0x5eae1599),
+     TOBN(0x0794b746, 0x9e03d278), TOBN(0x80178605, 0xd70e6297),
+     TOBN(0x171792f8, 0x99c97855), TOBN(0x11b393ee, 0xf5a86b5c),
+     TOBN(0x48ef6582, 0xd8884f27), TOBN(0xbd44737a, 0xbf19ba5f),
+     TOBN(0x8698de4c, 0xa42062c6), TOBN(0x8975eb80, 0x61ce9c54),
+     TOBN(0xd50e57c7, 0xd7fe71f3), TOBN(0x15342190, 0xbc97ce38),
+     TOBN(0x51bda2de, 0x4df07b63), TOBN(0xba12aeae, 0x200eb87d),
+     TOBN(0xabe135d2, 0xa9b4f8f6), TOBN(0x04619d65, 0xfad6d99c),
+     TOBN(0x4a6683a7, 0x7994937c), TOBN(0x7a778c8b, 0x6f94f09a),
+     TOBN(0x8c508623, 0x20a71b89), TOBN(0x241a2aed, 0x1c229165),
+     TOBN(0x352be595, 0xaaf83a99), TOBN(0x9fbfee7f, 0x1562bac8),
+     TOBN(0xeaf658b9, 0x5c4017e3), TOBN(0x1dc7f9e0, 0x15120b86),
+     TOBN(0xd84f13dd, 0x4c034d6f), TOBN(0x283dd737, 0xeaea3038),
+     TOBN(0x197f2609, 0xcd85d6a2), TOBN(0x6ebbc345, 0xfae60177),
+     TOBN(0xb80f031b, 0x4e12fede), TOBN(0xde55d0c2, 0x07a2186b),
+     TOBN(0x1fb3e37f, 0x24dcdd5a), TOBN(0x8d602da5, 0x7ed191fb),
+     TOBN(0x108fb056, 0x76023e0d), TOBN(0x70178c71, 0x459c20c0),
+     TOBN(0xfad5a386, 0x3fe54cf0), TOBN(0xa4a3ec4f, 0x02bbb475),
+     TOBN(0x1aa5ec20, 0x919d94d7), TOBN(0x5d3b63b5, 0xa81e4ab3),
+     TOBN(0x7fa733d8, 0x5ad3d2af), TOBN(0xfbc586dd, 0xd1ac7a37),
+     TOBN(0x282925de, 0x40779614), TOBN(0xfe0ffffb, 0xe74a242a),
+     TOBN(0x3f39e67f, 0x906151e5), TOBN(0xcea27f5f, 0x55e10649),
+     TOBN(0xdca1d4e1, 0xc17cf7b7), TOBN(0x0c326d12, 0x2fe2362d),
+     TOBN(0x05f7ac33, 0x7dd35df3), TOBN(0x0c3b7639, 0xc396dbdf),
+     TOBN(0x0912f5ac, 0x03b7db1c), TOBN(0x9dea4b70, 0x5c9ed4a9),
+     TOBN(0x475e6e53, 0xaae3f639), TOBN(0xfaba0e7c, 0xfc278bac),
+     TOBN(0x16f9e221, 0x9490375f), TOBN(0xaebf9746, 0xa5a7ed0a),
+     TOBN(0x45f9af3f, 0xf41ad5d6), TOBN(0x03c4623c, 0xb2e99224),
+     TOBN(0x82c5bb5c, 0xb3cf56aa), TOBN(0x64311819, 0x34567ed3),
+     TOBN(0xec57f211, 0x8be489ac), TOBN(0x2821895d, 0xb9a1104b),
+     TOBN(0x610dc875, 0x6064e007), TOBN(0x8e526f3f, 0x5b20d0fe),
+     TOBN(0x6e71ca77, 0x5b645aee), TOBN(0x3d1dcb9f, 0x800e10ff),
+     TOBN(0x36b51162, 0x189cf6de), TOBN(0x2c5a3e30, 0x6bb17353),
+     TOBN(0xc186cd3e, 0x2a6c6fbf), TOBN(0xa74516fa, 0x4bf97906),
+     TOBN(0x5b4b8f4b, 0x279d6901), TOBN(0x0c4e57b4, 0x2b573743),
+     TOBN(0x75fdb229, 0xb6e386b6), TOBN(0xb46793fd, 0x99deac27),
+     TOBN(0xeeec47ea, 0xcf712629), TOBN(0xe965f3c4, 0xcbc3b2dd),
+     TOBN(0x8dd1fb83, 0x425c6559), TOBN(0x7fc00ee6, 0x0af06fda),
+     TOBN(0xe98c9225, 0x33d956df), TOBN(0x0f1ef335, 0x4fbdc8a2),
+     TOBN(0x2abb5145, 0xb79b8ea2), TOBN(0x40fd2945, 0xbdbff288),
+     TOBN(0x6a814ac4, 0xd7185db7), TOBN(0xc4329d6f, 0xc084609a),
+     TOBN(0xc9ba7b52, 0xed1be45d), TOBN(0x891dd20d, 0xe4cd2c74),
+     TOBN(0x5a4d4a7f, 0x824139b1), TOBN(0x66c17716, 0xb873c710),
+     TOBN(0x5e5bc141, 0x2843c4e0), TOBN(0xd5ac4817, 0xb97eb5bf),
+     TOBN(0xc0f8af54, 0x450c95c7), TOBN(0xc91b3fa0, 0x318406c5),
+     TOBN(0x360c340a, 0xab9d97f8), TOBN(0xfb57bd07, 0x90a2d611),
+     TOBN(0x4339ae3c, 0xa6a6f7e5), TOBN(0x9c1fcd2a, 0x2feb8a10),
+     TOBN(0x972bcca9, 0xc7ea7432), TOBN(0x1b0b924c, 0x308076f6),
+     TOBN(0x80b2814a, 0x2a5b4ca5), TOBN(0x2f78f55b, 0x61ef3b29),
+     TOBN(0xf838744a, 0xc18a414f), TOBN(0xc611eaae, 0x903d0a86),
+     TOBN(0x94dabc16, 0x2a453f55), TOBN(0xe6f2e3da, 0x14efb279),
+     TOBN(0x5b7a6017, 0x9320dc3c), TOBN(0x692e382f, 0x8df6b5a4),
+     TOBN(0x3f5e15e0, 0x2d40fa90), TOBN(0xc87883ae, 0x643dd318),
+     TOBN(0x511053e4, 0x53544774), TOBN(0x834d0ecc, 0x3adba2bc),
+     TOBN(0x4215d7f7, 0xbae371f5), TOBN(0xfcfd57bf, 0x6c8663bc),
+     TOBN(0xded2383d, 0xd6901b1d), TOBN(0x3b49fbb4, 0xb5587dc3),
+     TOBN(0xfd44a08d, 0x07625f62), TOBN(0x3ee4d65b, 0x9de9b762),}
+    ,
+    {TOBN(0x64e5137d, 0x0d63d1fa), TOBN(0x658fc052, 0x02a9d89f),
+     TOBN(0x48894874, 0x50436309), TOBN(0xe9ae30f8, 0xd598da61),
+     TOBN(0x2ed710d1, 0x818baf91), TOBN(0xe27e9e06, 0x8b6a0c20),
+     TOBN(0x1e28dcfb, 0x1c1a6b44), TOBN(0x883acb64, 0xd6ac57dc),
+     TOBN(0x8735728d, 0xc2c6ff70), TOBN(0x79d6122f, 0xc5dc2235),
+     TOBN(0x23f5d003, 0x19e277f9), TOBN(0x7ee84e25, 0xdded8cc7),
+     TOBN(0x91a8afb0, 0x63cd880a), TOBN(0x3f3ea7c6, 0x3574af60),
+     TOBN(0x0cfcdc84, 0x02de7f42), TOBN(0x62d0792f, 0xb31aa152),
+     TOBN(0x8e1b4e43, 0x8a5807ce), TOBN(0xad283893, 0xe4109a7e),
+     TOBN(0xc30cc9cb, 0xafd59dda), TOBN(0xf65f36c6, 0x3d8d8093),
+     TOBN(0xdf31469e, 0xa60d32b2), TOBN(0xee93df4b, 0x3e8191c8),
+     TOBN(0x9c1017c5, 0x355bdeb5), TOBN(0xd2623185, 0x8616aa28),
+     TOBN(0xb02c83f9, 0xdec31a21), TOBN(0x988c8b23, 0x6ad9d573),
+     TOBN(0x53e983ae, 0xa57be365), TOBN(0xe968734d, 0x646f834e),
+     TOBN(0x9137ea8f, 0x5da6309b), TOBN(0x10f3a624, 0xc1f1ce16),
+     TOBN(0x782a9ea2, 0xca440921), TOBN(0xdf94739e, 0x5b46f1b5),
+     TOBN(0x9f9be006, 0xcce85c9b), TOBN(0x360e70d6, 0xa4c7c2d3),
+     TOBN(0x2cd5beea, 0xaefa1e60), TOBN(0x64cf63c0, 0x8c3d2b6d),
+     TOBN(0xfb107fa3, 0xe1cf6f90), TOBN(0xb7e937c6, 0xd5e044e6),
+     TOBN(0x74e8ca78, 0xce34db9f), TOBN(0x4f8b36c1, 0x3e210bd0),
+     TOBN(0x1df165a4, 0x34a35ea8), TOBN(0x3418e0f7, 0x4d4412f6),
+     TOBN(0x5af1f8af, 0x518836c3), TOBN(0x42ceef4d, 0x130e1965),
+     TOBN(0x5560ca0b, 0x543a1957), TOBN(0xc33761e5, 0x886cb123),
+     TOBN(0x66624b1f, 0xfe98ed30), TOBN(0xf772f4bf, 0x1090997d),
+     TOBN(0xf4e540bb, 0x4885d410), TOBN(0x7287f810, 0x9ba5f8d7),
+     TOBN(0x22d0d865, 0xde98dfb1), TOBN(0x49ff51a1, 0xbcfbb8a3),
+     TOBN(0xb6b6fa53, 0x6bc3012e), TOBN(0x3d31fd72, 0x170d541d),
+     TOBN(0x8018724f, 0x4b0f4966), TOBN(0x79e7399f, 0x87dbde07),
+     TOBN(0x56f8410e, 0xf4f8b16a), TOBN(0x97241afe, 0xc47b266a),
+     TOBN(0x0a406b8e, 0x6d9c87c1), TOBN(0x803f3e02, 0xcd42ab1b),
+     TOBN(0x7f0309a8, 0x04dbec69), TOBN(0xa83b85f7, 0x3bbad05f),
+     TOBN(0xc6097273, 0xad8e197f), TOBN(0xc097440e, 0x5067adc1),
+     TOBN(0x730eafb6, 0x3524ff16), TOBN(0xd7f9b51e, 0x823fc6ce),
+     TOBN(0x27bd0d32, 0x443e4ac0), TOBN(0x40c59ad9, 0x4d66f217),
+     TOBN(0x6c33136f, 0x17c387a4), TOBN(0x5043b8d5, 0xeb86804d),
+     TOBN(0x74970312, 0x675a73c9), TOBN(0x838fdb31, 0xf16669b6),
+     TOBN(0xc507b6dd, 0x418e7ddd), TOBN(0x39888d93, 0x472f19d6),
+     TOBN(0x7eae26be, 0x0c27eb4d), TOBN(0x17b53ed3, 0xfbabb884),
+     TOBN(0xfc27021b, 0x2b01ae4f), TOBN(0x88462e87, 0xcf488682),
+     TOBN(0xbee096ec, 0x215e2d87), TOBN(0xeb2fea9a, 0xd242e29b),
+     TOBN(0x5d985b5f, 0xb821fc28), TOBN(0x89d2e197, 0xdc1e2ad2),
+     TOBN(0x55b566b8, 0x9030ba62), TOBN(0xe3fd41b5, 0x4f41b1c6),
+     TOBN(0xb738ac2e, 0xb9a96d61), TOBN(0x7f8567ca, 0x369443f4),
+     TOBN(0x8698622d, 0xf803a440), TOBN(0x2b586236, 0x8fe2f4dc),
+     TOBN(0xbbcc00c7, 0x56b95bce), TOBN(0x5ec03906, 0x616da680),
+     TOBN(0x79162ee6, 0x72214252), TOBN(0x43132b63, 0x86a892d2),
+     TOBN(0x4bdd3ff2, 0x2f3263bf), TOBN(0xd5b3733c, 0x9cd0a142),
+     TOBN(0x592eaa82, 0x44415ccb), TOBN(0x663e8924, 0x8d5474ea),
+     TOBN(0x8058a25e, 0x5236344e), TOBN(0x82e8df9d, 0xbda76ee6),
+     TOBN(0xdcf6efd8, 0x11cc3d22), TOBN(0x00089cda, 0x3b4ab529),
+     TOBN(0x91d3a071, 0xbd38a3db), TOBN(0x4ea97fc0, 0xef72b925),
+     TOBN(0x0c9fc15b, 0xea3edf75), TOBN(0x5a6297cd, 0xa4348ed3),
+     TOBN(0x0d38ab35, 0xce7c42d4), TOBN(0x9fd493ef, 0x82feab10),
+     TOBN(0x46056b6d, 0x82111b45), TOBN(0xda11dae1, 0x73efc5c3),
+     TOBN(0xdc740278, 0x5545a7fb), TOBN(0xbdb2601c, 0x40d507e6),
+     TOBN(0x121dfeeb, 0x7066fa58), TOBN(0x214369a8, 0x39ae8c2a),
+     TOBN(0x195709cb, 0x06e0956c), TOBN(0x4c9d254f, 0x010cd34b),
+     TOBN(0xf51e13f7, 0x0471a532), TOBN(0xe19d6791, 0x1e73054d),
+     TOBN(0xf702a628, 0xdb5c7be3), TOBN(0xc7141218, 0xb24dde05),
+     TOBN(0xdc18233c, 0xf29b2e2e), TOBN(0x3a6bd1e8, 0x85342dba),
+     TOBN(0x3f747fa0, 0xb311898c), TOBN(0xe2a272e4, 0xcd0eac65),
+     TOBN(0x4bba5851, 0xf914d0bc), TOBN(0x7a1a9660, 0xc4a43ee3),
+     TOBN(0xe5a367ce, 0xa1c8cde9), TOBN(0x9d958ba9, 0x7271abe3),
+     TOBN(0xf3ff7eb6, 0x3d1615cd), TOBN(0xa2280dce, 0xf5ae20b0),
+     TOBN(0x56dba5c1, 0xcf640147), TOBN(0xea5a2e3d, 0x5e83d118),
+     TOBN(0x04cd6b6d, 0xda24c511), TOBN(0x1c0f4671, 0xe854d214),
+     TOBN(0x91a6b7a9, 0x69565381), TOBN(0xdc966240, 0xdecf1f5b),
+     TOBN(0x1b22d21c, 0xfcf5d009), TOBN(0x2a05f641, 0x9021dbd5),
+     TOBN(0x8c0ed566, 0xd4312483), TOBN(0x5179a95d, 0x643e216f),
+     TOBN(0xcc185fec, 0x17044493), TOBN(0xb3063339, 0x54991a21),
+     TOBN(0xd801ecdb, 0x0081a726), TOBN(0x0149b0c6, 0x4fa89bbb),
+     TOBN(0xafe9065a, 0x4391b6b9), TOBN(0xedc92786, 0xd633f3a3),
+     TOBN(0xe408c24a, 0xae6a8e13), TOBN(0x85833fde, 0x9f3897ab),
+     TOBN(0x43800e7e, 0xd81a0715), TOBN(0xde08e346, 0xb44ffc5f),
+     TOBN(0x7094184c, 0xcdeff2e0), TOBN(0x49f9387b, 0x165eaed1),
+     TOBN(0x635d6129, 0x777c468a), TOBN(0x8c0dcfd1, 0x538c2dd8),
+     TOBN(0xd6d9d9e3, 0x7a6a308b), TOBN(0x62375830, 0x4c2767d3),
+     TOBN(0x874a8bc6, 0xf38cbeb6), TOBN(0xd94d3f1a, 0xccb6fd9e),
+     TOBN(0x92a9735b, 0xba21f248), TOBN(0x272ad0e5, 0x6cd1efb0),
+     TOBN(0x7437b69c, 0x05b03284), TOBN(0xe7f04702, 0x6948c225),
+     TOBN(0x8a56c04a, 0xcba2ecec), TOBN(0x0c181270, 0xe3a73e41),
+     TOBN(0x6cb34e9d, 0x03e93725), TOBN(0xf77c8713, 0x496521a9),
+     TOBN(0x94569183, 0xfa7f9f90), TOBN(0xf2e7aa4c, 0x8c9707ad),
+     TOBN(0xced2c9ba, 0x26c1c9a3), TOBN(0x9109fe96, 0x40197507),
+     TOBN(0x9ae868a9, 0xe9adfe1c), TOBN(0x3984403d, 0x314e39bb),
+     TOBN(0xb5875720, 0xf2fe378f), TOBN(0x33f901e0, 0xba44a628),
+     TOBN(0xea1125fe, 0x3652438c), TOBN(0xae9ec4e6, 0x9dd1f20b),
+     TOBN(0x1e740d9e, 0xbebf7fbd), TOBN(0x6dbd3ddc, 0x42dbe79c),
+     TOBN(0x62082aec, 0xedd36776), TOBN(0xf612c478, 0xe9859039),
+     TOBN(0xa493b201, 0x032f7065), TOBN(0xebd4d8f2, 0x4ff9b211),
+     TOBN(0x3f23a0aa, 0xaac4cb32), TOBN(0xea3aadb7, 0x15ed4005),
+     TOBN(0xacf17ea4, 0xafa27e63), TOBN(0x56125c1a, 0xc11fd66c),
+     TOBN(0x266344a4, 0x3794f8dc), TOBN(0xdcca923a, 0x483c5c36),
+     TOBN(0x2d6b6bbf, 0x3f9d10a0), TOBN(0xb320c5ca, 0x81d9bdf3),
+     TOBN(0x620e28ff, 0x47b50a95), TOBN(0x933e3b01, 0xcef03371),
+     TOBN(0xf081bf85, 0x99100153), TOBN(0x183be9a0, 0xc3a8c8d6),
+     TOBN(0x4e3ddc5a, 0xd6bbe24d), TOBN(0xc6c74630, 0x53843795),
+     TOBN(0x78193dd7, 0x65ec2d4c), TOBN(0xb8df26cc, 0xcd3c89b2),
+     TOBN(0x98dbe399, 0x5a483f8d), TOBN(0x72d8a957, 0x7dd3313a),
+     TOBN(0x65087294, 0xab0bd375), TOBN(0xfcd89248, 0x7c259d16),
+     TOBN(0x8a9443d7, 0x7613aa81), TOBN(0x80100800, 0x85fe6584),
+     TOBN(0x70fc4dbc, 0x7fb10288), TOBN(0xf58280d3, 0xe86beee8),
+     TOBN(0x14fdd82f, 0x7c978c38), TOBN(0xdf1204c1, 0x0de44d7b),
+     TOBN(0xa08a1c84, 0x4160252f), TOBN(0x591554ca, 0xc17646a5),
+     TOBN(0x214a37d6, 0xa05bd525), TOBN(0x48d5f09b, 0x07957b3c),
+     TOBN(0x0247cdcb, 0xd7109bc9), TOBN(0x40f9e4bb, 0x30599ce7),
+     TOBN(0xc325fa03, 0xf46ad2ec), TOBN(0x00f766cf, 0xc3e3f9ee),
+     TOBN(0xab556668, 0xd43a4577), TOBN(0x68d30a61, 0x3ee03b93),
+     TOBN(0x7ddc81ea, 0x77b46a08), TOBN(0xcf5a6477, 0xc7480699),
+     TOBN(0x43a8cb34, 0x6633f683), TOBN(0x1b867e6b, 0x92363c60),
+     TOBN(0x43921114, 0x1f60558e), TOBN(0xcdbcdd63, 0x2f41450e),
+     TOBN(0x7fc04601, 0xcc630e8b), TOBN(0xea7c66d5, 0x97038b43),
+     TOBN(0x7259b8a5, 0x04e99fd8), TOBN(0x98a8dd12, 0x4785549a),
+     TOBN(0x0e459a7c, 0x840552e1), TOBN(0xcdfcf4d0, 0x4bb0909e),
+     TOBN(0x34a86db2, 0x53758da7), TOBN(0xe643bb83, 0xeac997e1),
+     TOBN(0x96400bd7, 0x530c5b7e), TOBN(0x9f97af87, 0xb41c8b52),
+     TOBN(0x34fc8820, 0xfbeee3f9), TOBN(0x93e53490, 0x49091afd),
+     TOBN(0x764b9be5, 0x9a31f35c), TOBN(0x71f37864, 0x57e3d924),
+     TOBN(0x02fb34e0, 0x943aa75e), TOBN(0xa18c9c58, 0xab8ff6e4),
+     TOBN(0x080f31b1, 0x33cf0d19), TOBN(0x5c9682db, 0x083518a7),
+     TOBN(0x873d4ca6, 0xb709c3de), TOBN(0x64a84262, 0x3575b8f0),
+     TOBN(0x6275da1f, 0x020154bb), TOBN(0x97678caa, 0xd17cf1ab),
+     TOBN(0x8779795f, 0x951a95c3), TOBN(0xdd35b163, 0x50fccc08),
+     TOBN(0x32709627, 0x33d8f031), TOBN(0x3c5ab10a, 0x498dd85c),
+     TOBN(0xb6c185c3, 0x41dca566), TOBN(0x7de7feda, 0xd8622aa3),
+     TOBN(0x99e84d92, 0x901b6dfb), TOBN(0x30a02b0e, 0x7c4ad288),
+     TOBN(0xc7c81daa, 0x2fd3cf36), TOBN(0xd1319547, 0xdf89e59f),
+     TOBN(0xb2be8184, 0xcd496733), TOBN(0xd5f449eb, 0x93d3412b),
+     TOBN(0x7ea41b1b, 0x25fe531d), TOBN(0xf9797432, 0x6a1d5646),
+     TOBN(0x86067f72, 0x2bde501a), TOBN(0xf91481c0, 0x0c85e89c),
+     TOBN(0xca8ee465, 0xf8b05bc6), TOBN(0x1844e1cf, 0x02e83cda),
+     TOBN(0xca82114a, 0xb4dbe33b), TOBN(0x0f9f8769, 0x4eabfde2),
+     TOBN(0x4936b1c0, 0x38b27fe2), TOBN(0x63b6359b, 0xaba402df),
+     TOBN(0x40c0ea2f, 0x656bdbab), TOBN(0x9c992a89, 0x6580c39c),
+     TOBN(0x600e8f15, 0x2a60aed1), TOBN(0xeb089ca4, 0xe0bf49df),
+     TOBN(0x9c233d7d, 0x2d42d99a), TOBN(0x648d3f95, 0x4c6bc2fa),
+     TOBN(0xdcc383a8, 0xe1add3f3), TOBN(0xf42c0c6a, 0x4f64a348),
+     TOBN(0x2abd176f, 0x0030dbdb), TOBN(0x4de501a3, 0x7d6c215e),
+     TOBN(0x4a107c1f, 0x4b9a64bc), TOBN(0xa77f0ad3, 0x2496cd59),
+     TOBN(0xfb78ac62, 0x7688dffb), TOBN(0x7025a2ca, 0x67937d8e),
+     TOBN(0xfde8b2d1, 0xd1a8f4e7), TOBN(0xf5b3da47, 0x7354927c),
+     TOBN(0xe48606a3, 0xd9205735), TOBN(0xac477cc6, 0xe177b917),
+     TOBN(0xfb1f73d2, 0xa883239a), TOBN(0xe12572f6, 0xcc8b8357),
+     TOBN(0x9d355e9c, 0xfb1f4f86), TOBN(0x89b795f8, 0xd9f3ec6e),
+     TOBN(0x27be56f1, 0xb54398dc), TOBN(0x1890efd7, 0x3fedeed5),
+     TOBN(0x62f77f1f, 0x9c6d0140), TOBN(0x7ef0e314, 0x596f0ee4),
+     TOBN(0x50ca6631, 0xcc61dab3), TOBN(0x4a39801d, 0xf4866e4f),
+     TOBN(0x66c8d032, 0xae363b39), TOBN(0x22c591e5, 0x2ead66aa),
+     TOBN(0x954ba308, 0xde02a53e), TOBN(0x2a6c060f, 0xd389f357),
+     TOBN(0xe6cfcde8, 0xfbf40b66), TOBN(0x8e02fc56, 0xc6340ce1),
+     TOBN(0xe4957795, 0x73adb4ba), TOBN(0x7b86122c, 0xa7b03805),
+     TOBN(0x63f83512, 0x0c8e6fa6), TOBN(0x83660ea0, 0x057d7804),
+     TOBN(0xbad79105, 0x21ba473c), TOBN(0xb6c50bee, 0xded5389d),
+     TOBN(0xee2caf4d, 0xaa7c9bc0), TOBN(0xd97b8de4, 0x8c4e98a7),
+     TOBN(0xa9f63e70, 0xab3bbddb), TOBN(0x3898aabf, 0x2597815a),
+     TOBN(0x7659af89, 0xac15b3d9), TOBN(0xedf7725b, 0x703ce784),
+     TOBN(0x25470fab, 0xe085116b), TOBN(0x04a43375, 0x87285310),
+     TOBN(0x4e39187e, 0xe2bfd52f), TOBN(0x36166b44, 0x7d9ebc74),
+     TOBN(0x92ad433c, 0xfd4b322c), TOBN(0x726aa817, 0xba79ab51),
+     TOBN(0xf96eacd8, 0xc1db15eb), TOBN(0xfaf71e91, 0x0476be63),
+     TOBN(0xdd69a640, 0x641fad98), TOBN(0xb7995918, 0x29622559),
+     TOBN(0x03c6daa5, 0xde4199dc), TOBN(0x92cadc97, 0xad545eb4),
+     TOBN(0x1028238b, 0x256534e4), TOBN(0x73e80ce6, 0x8595409a),
+     TOBN(0x690d4c66, 0xd05dc59b), TOBN(0xc95f7b8f, 0x981dee80),
+     TOBN(0xf4337014, 0xd856ac25), TOBN(0x441bd9dd, 0xac524dca),
+     TOBN(0x640b3d85, 0x5f0499f5), TOBN(0x39cf84a9, 0xd5fda182),
+     TOBN(0x04e7b055, 0xb2aa95a0), TOBN(0x29e33f0a, 0x0ddf1860),
+     TOBN(0x082e74b5, 0x423f6b43), TOBN(0x217edeb9, 0x0aaa2b0f),
+     TOBN(0x58b83f35, 0x83cbea55), TOBN(0xc485ee4d, 0xbc185d70),
+     TOBN(0x833ff03b, 0x1e5f6992), TOBN(0xb5b9b9cc, 0xcf0c0dd5),
+     TOBN(0x7caaee8e, 0x4e9e8a50), TOBN(0x462e907b, 0x6269dafd),
+     TOBN(0x6ed5cee9, 0xfbe791c6), TOBN(0x68ca3259, 0xed430790),
+     TOBN(0x2b72bdf2, 0x13b5ba88), TOBN(0x60294c8a, 0x35ef0ac4),
+     TOBN(0x9c3230ed, 0x19b99b08), TOBN(0x560fff17, 0x6c2589aa),
+     TOBN(0x552b8487, 0xd6770374), TOBN(0xa373202d, 0x9a56f685),
+     TOBN(0xd3e7f907, 0x45f175d9), TOBN(0x3c2f315f, 0xd080d810),
+     TOBN(0x1130e9dd, 0x7b9520e8), TOBN(0xc078f9e2, 0x0af037b5),
+     TOBN(0x38cd2ec7, 0x1e9c104c), TOBN(0x0f684368, 0xc472fe92),
+     TOBN(0xd3f1b5ed, 0x6247e7ef), TOBN(0xb32d33a9, 0x396dfe21),
+     TOBN(0x46f59cf4, 0x4a9aa2c2), TOBN(0x69cd5168, 0xff0f7e41),
+     TOBN(0x3f59da0f, 0x4b3234da), TOBN(0xcf0b0235, 0xb4579ebe),
+     TOBN(0x6d1cbb25, 0x6d2476c7), TOBN(0x4f0837e6, 0x9dc30f08),
+     TOBN(0x9a4075bb, 0x906f6e98), TOBN(0x253bb434, 0xc761e7d1),
+     TOBN(0xde2e645f, 0x6e73af10), TOBN(0xb89a4060, 0x0c5f131c),
+     TOBN(0xd12840c5, 0xb8cc037f), TOBN(0x3d093a5b, 0x7405bb47),
+     TOBN(0x6202c253, 0x206348b8), TOBN(0xbf5d57fc, 0xc55a3ca7),
+     TOBN(0x89f6c90c, 0x8c3bef48), TOBN(0x23ac7623, 0x5a0a960a),
+     TOBN(0xdfbd3d6b, 0x552b42ab), TOBN(0x3ef22458, 0x132061f6),
+     TOBN(0xd74e9bda, 0xc97e6516), TOBN(0x88779360, 0xc230f49e),
+     TOBN(0xa6ec1de3, 0x1e74ea49), TOBN(0x581dcee5, 0x3fb645a2),
+     TOBN(0xbaef2391, 0x8f483f14), TOBN(0x6d2dddfc, 0xd137d13b),
+     TOBN(0x54cde50e, 0xd2743a42), TOBN(0x89a34fc5, 0xe4d97e67),
+     TOBN(0x13f1f5b3, 0x12e08ce5), TOBN(0xa80540b8, 0xa7f0b2ca),
+     TOBN(0x854bcf77, 0x01982805), TOBN(0xb8653ffd, 0x233bea04),
+     TOBN(0x8e7b8787, 0x02b0b4c9), TOBN(0x2675261f, 0x9acb170a),
+     TOBN(0x061a9d90, 0x930c14e5), TOBN(0xb59b30e0, 0xdef0abea),
+     TOBN(0x1dc19ea6, 0x0200ec7d), TOBN(0xb6f4a3f9, 0x0bce132b),
+     TOBN(0xb8d5de90, 0xf13e27e0), TOBN(0xbaee5ef0, 0x1fade16f),
+     TOBN(0x6f406aaa, 0xe4c6cf38), TOBN(0xab4cfe06, 0xd1369815),
+     TOBN(0x0dcffe87, 0xefd550c6), TOBN(0x9d4f59c7, 0x75ff7d39),
+     TOBN(0xb02553b1, 0x51deb6ad), TOBN(0x812399a4, 0xb1877749),
+     TOBN(0xce90f71f, 0xca6006e1), TOBN(0xc32363a6, 0xb02b6e77),
+     TOBN(0x02284fbe, 0xdc36c64d), TOBN(0x86c81e31, 0xa7e1ae61),
+     TOBN(0x2576c7e5, 0xb909d94a), TOBN(0x8b6f7d02, 0x818b2bb0),
+     TOBN(0xeca3ed07, 0x56faa38a), TOBN(0xa3790e6c, 0x9305bb54),
+     TOBN(0xd784eeda, 0x7bc73061), TOBN(0xbd56d369, 0x6dd50614),
+     TOBN(0xd6575949, 0x229a8aa9), TOBN(0xdcca8f47, 0x4595ec28),
+     TOBN(0x814305c1, 0x06ab4fe6), TOBN(0xc8c39768, 0x24f43f16),
+     TOBN(0xe2a45f36, 0x523f2b36), TOBN(0x995c6493, 0x920d93bb),
+     TOBN(0xf8afdab7, 0x90f1632b), TOBN(0x79ebbecd, 0x1c295954),
+     TOBN(0xc7bb3ddb, 0x79592f48), TOBN(0x67216a7b, 0x5f88e998),
+     TOBN(0xd91f098b, 0xbc01193e), TOBN(0xf7d928a5, 0xb1db83fc),
+     TOBN(0x55e38417, 0xe991f600), TOBN(0x2a91113e, 0x2981a934),
+     TOBN(0xcbc9d648, 0x06b13bde), TOBN(0xb011b6ac, 0x0755ff44),
+     TOBN(0x6f4cb518, 0x045ec613), TOBN(0x522d2d31, 0xc2f5930a),
+     TOBN(0x5acae1af, 0x382e65de), TOBN(0x57643067, 0x27bc966f),
+     TOBN(0x5e12705d, 0x1c7193f0), TOBN(0xf0f32f47, 0x3be8858e),
+     TOBN(0x785c3d7d, 0x96c6dfc7), TOBN(0xd75b4a20, 0xbf31795d),
+     TOBN(0x91acf17b, 0x342659d4), TOBN(0xe596ea34, 0x44f0378f),
+     TOBN(0x4515708f, 0xce52129d), TOBN(0x17387e1e, 0x79f2f585),
+     TOBN(0x72cfd2e9, 0x49dee168), TOBN(0x1ae05223, 0x3e2af239),
+     TOBN(0x009e75be, 0x1d94066a), TOBN(0x6cca31c7, 0x38abf413),
+     TOBN(0xb50bd61d, 0x9bc49908), TOBN(0x4a9b4a8c, 0xf5e2bc1e),
+     TOBN(0xeb6cc5f7, 0x946f83ac), TOBN(0x27da93fc, 0xebffab28),
+     TOBN(0xea314c96, 0x4821c8c5), TOBN(0x8de49ded, 0xa83c15f4),
+     TOBN(0x7a64cf20, 0x7af33004), TOBN(0x45f1bfeb, 0xc9627e10),
+     TOBN(0x878b0626, 0x54b9df60), TOBN(0x5e4fdc3c, 0xa95c0b33),
+     TOBN(0xe54a37ca, 0xc2035d8e), TOBN(0x9087cda9, 0x80f20b8c),
+     TOBN(0x36f61c23, 0x8319ade4), TOBN(0x766f287a, 0xde8cfdf8),
+     TOBN(0x48821948, 0x346f3705), TOBN(0x49a7b853, 0x16e4f4a2),
+     TOBN(0xb9b3f8a7, 0x5cedadfd), TOBN(0x8f562815, 0x8db2a815),
+     TOBN(0xc0b7d554, 0x01f68f95), TOBN(0x12971e27, 0x688a208e),
+     TOBN(0xc9f8b696, 0xd0ff34fc), TOBN(0x20824de2, 0x1222718c),
+     TOBN(0x7213cf9f, 0x0c95284d), TOBN(0xe2ad741b, 0xdc158240),
+     TOBN(0x0ee3a6df, 0x54043ccf), TOBN(0x16ff479b, 0xd84412b3),
+     TOBN(0xf6c74ee0, 0xdfc98af0), TOBN(0xa78a169f, 0x52fcd2fb),
+     TOBN(0xd8ae8746, 0x99c930e9), TOBN(0x1d33e858, 0x49e117a5),
+     TOBN(0x7581fcb4, 0x6624759f), TOBN(0xde50644f, 0x5bedc01d),
+     TOBN(0xbeec5d00, 0xcaf3155e), TOBN(0x672d66ac, 0xbc73e75f),
+     TOBN(0x86b9d8c6, 0x270b01db), TOBN(0xd249ef83, 0x50f55b79),
+     TOBN(0x6131d6d4, 0x73978fe3), TOBN(0xcc4e4542, 0x754b00a1),
+     TOBN(0x4e05df05, 0x57dfcfe9), TOBN(0x94b29cdd, 0x51ef6bf0),
+     TOBN(0xe4530cff, 0x9bc7edf2), TOBN(0x8ac236fd, 0xd3da65f3),
+     TOBN(0x0faf7d5f, 0xc8eb0b48), TOBN(0x4d2de14c, 0x660eb039),
+     TOBN(0xc006bba7, 0x60430e54), TOBN(0x10a2d0d6, 0xda3289ab),
+     TOBN(0x9c037a5d, 0xd7979c59), TOBN(0x04d1f3d3, 0xa116d944),
+     TOBN(0x9ff22473, 0x8a0983cd), TOBN(0x28e25b38, 0xc883cabb),
+     TOBN(0xe968dba5, 0x47a58995), TOBN(0x2c80b505, 0x774eebdf),
+     TOBN(0xee763b71, 0x4a953beb), TOBN(0x502e223f, 0x1642e7f6),
+     TOBN(0x6fe4b641, 0x61d5e722), TOBN(0x9d37c5b0, 0xdbef5316),
+     TOBN(0x0115ed70, 0xf8330bc7), TOBN(0x139850e6, 0x75a72789),
+     TOBN(0x27d7faec, 0xffceccc2), TOBN(0x3016a860, 0x4fd9f7f6),
+     TOBN(0xc492ec64, 0x4cd8f64c), TOBN(0x58a2d790, 0x279d7b51),
+     TOBN(0x0ced1fc5, 0x1fc75256), TOBN(0x3e658aed, 0x8f433017),
+     TOBN(0x0b61942e, 0x05da59eb), TOBN(0xba3d60a3, 0x0ddc3722),
+     TOBN(0x7c311cd1, 0x742e7f87), TOBN(0x6473ffee, 0xf6b01b6e),}
+    ,
+    {TOBN(0x8303604f, 0x692ac542), TOBN(0xf079ffe1, 0x227b91d3),
+     TOBN(0x19f63e63, 0x15aaf9bd), TOBN(0xf99ee565, 0xf1f344fb),
+     TOBN(0x8a1d661f, 0xd6219199), TOBN(0x8c883bc6, 0xd48ce41c),
+     TOBN(0x1065118f, 0x3c74d904), TOBN(0x713889ee, 0x0faf8b1b),
+     TOBN(0x972b3f8f, 0x81a1b3be), TOBN(0x4f3ce145, 0xce2764a0),
+     TOBN(0xe2d0f1cc, 0x28c4f5f7), TOBN(0xdeee0c0d, 0xc7f3985b),
+     TOBN(0x7df4adc0, 0xd39e25c3), TOBN(0x40619820, 0xc467a080),
+     TOBN(0x440ebc93, 0x61cf5a58), TOBN(0x527729a6, 0x422ad600),
+     TOBN(0xca6c0937, 0xb1b76ba6), TOBN(0x1a2eab85, 0x4d2026dc),
+     TOBN(0xb1715e15, 0x19d9ae0a), TOBN(0xf1ad9199, 0xbac4a026),
+     TOBN(0x35b3dfb8, 0x07ea7b0e), TOBN(0xedf5496f, 0x3ed9eb89),
+     TOBN(0x8932e5ff, 0x2d6d08ab), TOBN(0xf314874e, 0x25bd2731),
+     TOBN(0xefb26a75, 0x3f73f449), TOBN(0x1d1c94f8, 0x8d44fc79),
+     TOBN(0x49f0fbc5, 0x3bc0dc4d), TOBN(0xb747ea0b, 0x3698a0d0),
+     TOBN(0x5218c3fe, 0x228d291e), TOBN(0x35b804b5, 0x43c129d6),
+     TOBN(0xfac859b8, 0xd1acc516), TOBN(0x6c10697d, 0x95d6e668),
+     TOBN(0xc38e438f, 0x0876fd4e), TOBN(0x45f0c307, 0x83d2f383),
+     TOBN(0x203cc2ec, 0xb10934cb), TOBN(0x6a8f2439, 0x2c9d46ee),
+     TOBN(0xf16b431b, 0x65ccde7b), TOBN(0x41e2cd18, 0x27e76a6f),
+     TOBN(0xb9c8cf8f, 0x4e3484d7), TOBN(0x64426efd, 0x8315244a),
+     TOBN(0x1c0a8e44, 0xfc94dea3), TOBN(0x34c8cdbf, 0xdad6a0b0),
+     TOBN(0x919c3840, 0x04113cef), TOBN(0xfd32fba4, 0x15490ffa),
+     TOBN(0x58d190f6, 0x795dcfb7), TOBN(0xfef01b03, 0x83588baf),
+     TOBN(0x9e6d1d63, 0xca1fc1c0), TOBN(0x53173f96, 0xf0a41ac9),
+     TOBN(0x2b1d402a, 0xba16f73b), TOBN(0x2fb31014, 0x8cf9b9fc),
+     TOBN(0x2d51e60e, 0x446ef7bf), TOBN(0xc731021b, 0xb91e1745),
+     TOBN(0x9d3b4724, 0x4fee99d4), TOBN(0x4bca48b6, 0xfac5c1ea),
+     TOBN(0x70f5f514, 0xbbea9af7), TOBN(0x751f55a5, 0x974c283a),
+     TOBN(0x6e30251a, 0xcb452fdb), TOBN(0x31ee6965, 0x50f30650),
+     TOBN(0xb0b3e508, 0x933548d9), TOBN(0xb8949a4f, 0xf4b0ef5b),
+     TOBN(0x208b8326, 0x3c88f3bd), TOBN(0xab147c30, 0xdb1d9989),
+     TOBN(0xed6515fd, 0x44d4df03), TOBN(0x17a12f75, 0xe72eb0c5),
+     TOBN(0x3b59796d, 0x36cf69db), TOBN(0x1219eee9, 0x56670c18),
+     TOBN(0xfe3341f7, 0x7a070d8e), TOBN(0x9b70130b, 0xa327f90c),
+     TOBN(0x36a32462, 0x0ae18e0e), TOBN(0x2021a623, 0x46c0a638),
+     TOBN(0x251b5817, 0xc62eb0d4), TOBN(0x87bfbcdf, 0x4c762293),
+     TOBN(0xf78ab505, 0xcdd61d64), TOBN(0x8c7a53fc, 0xc8c18857),
+     TOBN(0xa653ce6f, 0x16147515), TOBN(0x9c923aa5, 0xea7d52d5),
+     TOBN(0xc24709cb, 0x5c18871f), TOBN(0x7d53bec8, 0x73b3cc74),
+     TOBN(0x59264aff, 0xfdd1d4c4), TOBN(0x5555917e, 0x240da582),
+     TOBN(0xcae8bbda, 0x548f5a0e), TOBN(0x1910eaba, 0x3bbfbbe1),
+     TOBN(0xae579685, 0x7677afc3), TOBN(0x49ea61f1, 0x73ff0b5c),
+     TOBN(0x78655478, 0x4f7c3922), TOBN(0x95d337cd, 0x20c68eef),
+     TOBN(0x68f1e1e5, 0xdf779ab9), TOBN(0x14b491b0, 0xb5cf69a8),
+     TOBN(0x7a6cbbe0, 0x28e3fe89), TOBN(0xe7e1fee4, 0xc5aac0eb),
+     TOBN(0x7f47eda5, 0x697e5140), TOBN(0x4f450137, 0xb454921f),
+     TOBN(0xdb625f84, 0x95cd8185), TOBN(0x74be0ba1, 0xcdb2e583),
+     TOBN(0xaee4fd7c, 0xdd5e6de4), TOBN(0x4251437d, 0xe8101739),
+     TOBN(0x686d72a0, 0xac620366), TOBN(0x4be3fb9c, 0xb6d59344),
+     TOBN(0x6e8b44e7, 0xa1eb75b9), TOBN(0x84e39da3, 0x91a5c10c),
+     TOBN(0x37cc1490, 0xb38f0409), TOBN(0x02951943, 0x2c2ade82),
+     TOBN(0x9b688783, 0x1190a2d8), TOBN(0x25627d14, 0x231182ba),
+     TOBN(0x6eb550aa, 0x658a6d87), TOBN(0x1405aaa7, 0xcf9c7325),
+     TOBN(0xd147142e, 0x5c8748c9), TOBN(0x7f637e4f, 0x53ede0e0),
+     TOBN(0xf8ca2776, 0x14ffad2c), TOBN(0xe58fb1bd, 0xbafb6791),
+     TOBN(0x17158c23, 0xbf8f93fc), TOBN(0x7f15b373, 0x0a4a4655),
+     TOBN(0x39d4add2, 0xd842ca72), TOBN(0xa71e4391, 0x3ed96305),
+     TOBN(0x5bb09cbe, 0x6700be14), TOBN(0x68d69d54, 0xd8befcf6),
+     TOBN(0xa45f5367, 0x37183bcf), TOBN(0x7152b7bb, 0x3370dff7),
+     TOBN(0xcf887baa, 0xbf12525b), TOBN(0xe7ac7bdd, 0xd6d1e3cd),
+     TOBN(0x25914f78, 0x81fdad90), TOBN(0xcf638f56, 0x0d2cf6ab),
+     TOBN(0xb90bc03f, 0xcc054de5), TOBN(0x932811a7, 0x18b06350),
+     TOBN(0x2f00b330, 0x9bbd11ff), TOBN(0x76108a6f, 0xb4044974),
+     TOBN(0x801bb9e0, 0xa851d266), TOBN(0x0dd099be, 0xbf8990c1),
+     TOBN(0x58c5aaaa, 0xabe32986), TOBN(0x0fe9dd2a, 0x50d59c27),
+     TOBN(0x84951ff4, 0x8d307305), TOBN(0x6c23f829, 0x86529b78),
+     TOBN(0x50bb2218, 0x0b136a79), TOBN(0x7e2174de, 0x77a20996),
+     TOBN(0x6f00a4b9, 0xc0bb4da6), TOBN(0x89a25a17, 0xefdde8da),
+     TOBN(0xf728a27e, 0xc11ee01d), TOBN(0xf900553a, 0xe5f10dfb),
+     TOBN(0x189a83c8, 0x02ec893c), TOBN(0x3ca5bdc1, 0x23f66d77),
+     TOBN(0x98781537, 0x97eada9f), TOBN(0x59c50ab3, 0x10256230),
+     TOBN(0x346042d9, 0x323c69b3), TOBN(0x1b715a6d, 0x2c460449),
+     TOBN(0xa41dd476, 0x6ae06e0b), TOBN(0xcdd7888e, 0x9d42e25f),
+     TOBN(0x0f395f74, 0x56b25a20), TOBN(0xeadfe0ae, 0x8700e27e),
+     TOBN(0xb09d52a9, 0x69950093), TOBN(0x3525d9cb, 0x327f8d40),
+     TOBN(0xb8235a94, 0x67df886a), TOBN(0x77e4b0dd, 0x035faec2),
+     TOBN(0x115eb20a, 0x517d7061), TOBN(0x77fe3433, 0x6c2df683),
+     TOBN(0x6870ddc7, 0xcdc6fc67), TOBN(0xb1610588, 0x0b87de83),
+     TOBN(0x343584ca, 0xd9c4ddbe), TOBN(0xb3164f1c, 0x3d754be2),
+     TOBN(0x0731ed3a, 0xc1e6c894), TOBN(0x26327dec, 0x4f6b904c),
+     TOBN(0x9d49c6de, 0x97b5cd32), TOBN(0x40835dae, 0xb5eceecd),
+     TOBN(0xc66350ed, 0xd9ded7fe), TOBN(0x8aeebb5c, 0x7a678804),
+     TOBN(0x51d42fb7, 0x5b8ee9ec), TOBN(0xd7a17bdd, 0x8e3ca118),
+     TOBN(0x40d7511a, 0x2ef4400e), TOBN(0xc48990ac, 0x875a66f4),
+     TOBN(0x8de07d2a, 0x2199e347), TOBN(0xbee75556, 0x2a39e051),
+     TOBN(0x56918786, 0x916e51dc), TOBN(0xeb191313, 0x4a2d89ec),
+     TOBN(0x6679610d, 0x37d341ed), TOBN(0x434fbb41, 0x56d51c2b),
+     TOBN(0xe54b7ee7, 0xd7492dba), TOBN(0xaa33a79a, 0x59021493),
+     TOBN(0x49fc5054, 0xe4bd6d3d), TOBN(0x09540f04, 0x5ab551d0),
+     TOBN(0x8acc9085, 0x4942d3a6), TOBN(0x231af02f, 0x2d28323b),
+     TOBN(0x93458cac, 0x0992c163), TOBN(0x1fef8e71, 0x888e3bb4),
+     TOBN(0x27578da5, 0xbe8c268c), TOBN(0xcc8be792, 0xe805ec00),
+     TOBN(0x29267bae, 0xc61c3855), TOBN(0xebff429d, 0x58c1fd3b),
+     TOBN(0x22d886c0, 0x8c0b93b8), TOBN(0xca5e00b2, 0x2ddb8953),
+     TOBN(0xcf330117, 0xc3fed8b7), TOBN(0xd49ac6fa, 0x819c01f6),
+     TOBN(0x6ddaa6bd, 0x3c0fbd54), TOBN(0x91743068, 0x8049a2cf),
+     TOBN(0xd67f981e, 0xaff2ef81), TOBN(0xc3654d35, 0x2818ae80),
+     TOBN(0x81d05044, 0x1b2aa892), TOBN(0x2db067bf, 0x3d099328),
+     TOBN(0xe7c79e86, 0x703dcc97), TOBN(0xe66f9b37, 0xe133e215),
+     TOBN(0xcdf119a6, 0xe39a7a5c), TOBN(0x47c60de3, 0x876f1b61),
+     TOBN(0x6e405939, 0xd860f1b2), TOBN(0x3e9a1dbc, 0xf5ed4d4a),
+     TOBN(0x3f23619e, 0xc9b6bcbd), TOBN(0x5ee790cf, 0x734e4497),
+     TOBN(0xf0a834b1, 0x5bdaf9bb), TOBN(0x02cedda7, 0x4ca295f0),
+     TOBN(0x4619aa2b, 0xcb8e378c), TOBN(0xe5613244, 0xcc987ea4),
+     TOBN(0x0bc022cc, 0x76b23a50), TOBN(0x4a2793ad, 0x0a6c21ce),
+     TOBN(0x38328780, 0x89cac3f5), TOBN(0x29176f1b, 0xcba26d56),
+     TOBN(0x06296187, 0x4f6f59eb), TOBN(0x86e9bca9, 0x8bdc658e),
+     TOBN(0x2ca9c4d3, 0x57e30402), TOBN(0x5438b216, 0x516a09bb),
+     TOBN(0x0a6a063c, 0x7672765a), TOBN(0x37a3ce64, 0x0547b9bf),
+     TOBN(0x42c099c8, 0x98b1a633), TOBN(0xb5ab800d, 0x05ee6961),
+     TOBN(0xf1963f59, 0x11a5acd6), TOBN(0xbaee6157, 0x46201063),
+     TOBN(0x36d9a649, 0xa596210a), TOBN(0xaed04363, 0x1ba7138c),
+     TOBN(0xcf817d1c, 0xa4a82b76), TOBN(0x5586960e, 0xf3806be9),
+     TOBN(0x7ab67c89, 0x09dc6bb5), TOBN(0x52ace7a0, 0x114fe7eb),
+     TOBN(0xcd987618, 0xcbbc9b70), TOBN(0x4f06fd5a, 0x604ca5e1),
+     TOBN(0x90af14ca, 0x6dbde133), TOBN(0x1afe4322, 0x948a3264),
+     TOBN(0xa70d2ca6, 0xc44b2c6c), TOBN(0xab726799, 0x0ef87dfe),
+     TOBN(0x310f64dc, 0x2e696377), TOBN(0x49b42e68, 0x4c8126a0),
+     TOBN(0x0ea444c3, 0xcea0b176), TOBN(0x53a8ddf7, 0xcb269182),
+     TOBN(0xf3e674eb, 0xbbba9dcb), TOBN(0x0d2878a8, 0xd8669d33),
+     TOBN(0x04b935d5, 0xd019b6a3), TOBN(0xbb5cf88e, 0x406f1e46),
+     TOBN(0xa1912d16, 0x5b57c111), TOBN(0x9803fc21, 0x19ebfd78),
+     TOBN(0x4f231c9e, 0xc07764a9), TOBN(0xd93286ee, 0xb75bd055),
+     TOBN(0x83a9457d, 0x8ee6c9de), TOBN(0x04695915, 0x6087ec90),
+     TOBN(0x14c6dd8a, 0x58d6cd46), TOBN(0x9cb633b5, 0x8e6634d2),
+     TOBN(0xc1305047, 0xf81bc328), TOBN(0x12ede0e2, 0x26a177e5),
+     TOBN(0x332cca62, 0x065a6f4f), TOBN(0xc3a47ecd, 0x67be487b),
+     TOBN(0x741eb187, 0x0f47ed1c), TOBN(0x99e66e58, 0xe7598b14),
+     TOBN(0x6f0544ca, 0x63d0ff12), TOBN(0xe5efc784, 0xb610a05f),
+     TOBN(0xf72917b1, 0x7cad7b47), TOBN(0x3ff6ea20, 0xf2cac0c0),
+     TOBN(0xcc23791b, 0xf21db8b7), TOBN(0x7dac70b1, 0xd7d93565),
+     TOBN(0x682cda1d, 0x694bdaad), TOBN(0xeb88bb8c, 0x1023516d),
+     TOBN(0xc4c634b4, 0xdfdbeb1b), TOBN(0x22f5ca72, 0xb4ee4dea),
+     TOBN(0x1045a368, 0xe6524821), TOBN(0xed9e8a3f, 0x052b18b2),
+     TOBN(0x9b7f2cb1, 0xb961f49a), TOBN(0x7fee2ec1, 0x7b009670),
+     TOBN(0x350d8754, 0x22507a6d), TOBN(0x561bd711, 0x4db55f1d),
+     TOBN(0x4c189ccc, 0x320bbcaf), TOBN(0x568434cf, 0xdf1de48c),
+     TOBN(0x6af1b00e, 0x0fa8f128), TOBN(0xf0ba9d02, 0x8907583c),
+     TOBN(0x735a4004, 0x32ff9f60), TOBN(0x3dd8e4b6, 0xc25dcf33),
+     TOBN(0xf2230f16, 0x42c74cef), TOBN(0xd8117623, 0x013fa8ad),
+     TOBN(0x36822876, 0xf51fe76e), TOBN(0x8a6811cc, 0x11d62589),
+     TOBN(0xc3fc7e65, 0x46225718), TOBN(0xb7df2c9f, 0xc82fdbcd),
+     TOBN(0x3b1d4e52, 0xdd7b205b), TOBN(0xb6959478, 0x47a2e414),
+     TOBN(0x05e4d793, 0xefa91148), TOBN(0xb47ed446, 0xfd2e9675),
+     TOBN(0x1a7098b9, 0x04c9d9bf), TOBN(0x661e2881, 0x1b793048),
+     TOBN(0xb1a16966, 0xb01ee461), TOBN(0xbc521308, 0x2954746f),
+     TOBN(0xc909a0fc, 0x2477de50), TOBN(0xd80bb41c, 0x7dbd51ef),
+     TOBN(0xa85be7ec, 0x53294905), TOBN(0x6d465b18, 0x83958f97),
+     TOBN(0x16f6f330, 0xfb6840fd), TOBN(0xfaaeb214, 0x3401e6c8),
+     TOBN(0xaf83d30f, 0xccb5b4f8), TOBN(0x22885739, 0x266dec4b),
+     TOBN(0x51b4367c, 0x7bc467df), TOBN(0x926562e3, 0xd842d27a),
+     TOBN(0xdfcb6614, 0x0fea14a6), TOBN(0xeb394dae, 0xf2734cd9),
+     TOBN(0x3eeae5d2, 0x11c0be98), TOBN(0xb1e6ed11, 0x814e8165),
+     TOBN(0x191086bc, 0xe52bce1c), TOBN(0x14b74cc6, 0xa75a04da),
+     TOBN(0x63cf1186, 0x8c060985), TOBN(0x071047de, 0x2dbd7f7c),
+     TOBN(0x4e433b8b, 0xce0942ca), TOBN(0xecbac447, 0xd8fec61d),
+     TOBN(0x8f0ed0e2, 0xebf3232f), TOBN(0xfff80f9e, 0xc52a2edd),
+     TOBN(0xad9ab433, 0x75b55fdb), TOBN(0x73ca7820, 0xe42e0c11),
+     TOBN(0x6dace0a0, 0xe6251b46), TOBN(0x89bc6b5c, 0x4c0d932d),
+     TOBN(0x3438cd77, 0x095da19a), TOBN(0x2f24a939, 0x8d48bdfb),
+     TOBN(0x99b47e46, 0x766561b7), TOBN(0x736600e6, 0x0ed0322a),
+     TOBN(0x06a47cb1, 0x638e1865), TOBN(0x927c1c2d, 0xcb136000),
+     TOBN(0x29542337, 0x0cc5df69), TOBN(0x99b37c02, 0x09d649a9),
+     TOBN(0xc5f0043c, 0x6aefdb27), TOBN(0x6cdd9987, 0x1be95c27),
+     TOBN(0x69850931, 0x390420d2), TOBN(0x299c40ac, 0x0983efa4),
+     TOBN(0x3a05e778, 0xaf39aead), TOBN(0x84274408, 0x43a45193),
+     TOBN(0x6bcd0fb9, 0x91a711a0), TOBN(0x461592c8, 0x9f52ab17),
+     TOBN(0xb49302b4, 0xda3c6ed6), TOBN(0xc51fddc7, 0x330d7067),
+     TOBN(0x94babeb6, 0xda50d531), TOBN(0x521b840d, 0xa6a7b9da),
+     TOBN(0x5305151e, 0x404bdc89), TOBN(0x1bcde201, 0xd0d07449),
+     TOBN(0xf427a78b, 0x3b76a59a), TOBN(0xf84841ce, 0x07791a1b),
+     TOBN(0xebd314be, 0xbf91ed1c), TOBN(0x8e61d34c, 0xbf172943),
+     TOBN(0x1d5dc451, 0x5541b892), TOBN(0xb186ee41, 0xfc9d9e54),
+     TOBN(0x9d9f345e, 0xd5bf610d), TOBN(0x3e7ba65d, 0xf6acca9f),
+     TOBN(0x9dda787a, 0xa8369486), TOBN(0x09f9dab7, 0x8eb5ba53),
+     TOBN(0x5afb2033, 0xd6481bc3), TOBN(0x76f4ce30, 0xafa62104),
+     TOBN(0xa8fa00cf, 0xf4f066b5), TOBN(0x89ab5143, 0x461dafc2),
+     TOBN(0x44339ed7, 0xa3389998), TOBN(0x2ff862f1, 0xbc214903),
+     TOBN(0x2c88f985, 0xb05556e3), TOBN(0xcd96058e, 0x3467081e),
+     TOBN(0x7d6a4176, 0xedc637ea), TOBN(0xe1743d09, 0x36a5acdc),
+     TOBN(0x66fd72e2, 0x7eb37726), TOBN(0xf7fa264e, 0x1481a037),
+     TOBN(0x9fbd3bde, 0x45f4aa79), TOBN(0xed1e0147, 0x767c3e22),
+     TOBN(0x7621f979, 0x82e7abe2), TOBN(0x19eedc72, 0x45f633f8),
+     TOBN(0xe69b155e, 0x6137bf3a), TOBN(0xa0ad13ce, 0x414ee94e),
+     TOBN(0x93e3d524, 0x1c0e651a), TOBN(0xab1a6e2a, 0x02ce227e),
+     TOBN(0xe7af1797, 0x4ab27eca), TOBN(0x245446de, 0xbd444f39),
+     TOBN(0x59e22a21, 0x56c07613), TOBN(0x43deafce, 0xf4275498),
+     TOBN(0x10834ccb, 0x67fd0946), TOBN(0xa75841e5, 0x47406edf),
+     TOBN(0xebd6a677, 0x7b0ac93d), TOBN(0xa6e37b0d, 0x78f5e0d7),
+     TOBN(0x2516c096, 0x76f5492b), TOBN(0x1e4bf888, 0x9ac05f3a),
+     TOBN(0xcdb42ce0, 0x4df0ba2b), TOBN(0x935d5cfd, 0x5062341b),
+     TOBN(0x8a303333, 0x82acac20), TOBN(0x429438c4, 0x5198b00e),
+     TOBN(0x1d083bc9, 0x049d33fa), TOBN(0x58b82dda, 0x946f67ff),
+     TOBN(0xac3e2db8, 0x67a1d6a3), TOBN(0x62e6bead, 0x1798aac8),
+     TOBN(0xfc85980f, 0xde46c58c), TOBN(0xa7f69379, 0x69c8d7be),
+     TOBN(0x23557927, 0x837b35ec), TOBN(0x06a933d8, 0xe0790c0c),
+     TOBN(0x827c0e9b, 0x077ff55d), TOBN(0x53977798, 0xbb26e680),
+     TOBN(0x59530874, 0x1d9cb54f), TOBN(0xcca3f449, 0x4aac53ef),
+     TOBN(0x11dc5c87, 0xa07eda0f), TOBN(0xc138bccf, 0xfd6400c8),
+     TOBN(0x549680d3, 0x13e5da72), TOBN(0xc93eed82, 0x4540617e),
+     TOBN(0xfd3db157, 0x4d0b75c0), TOBN(0x9716eb42, 0x6386075b),
+     TOBN(0x0639605c, 0x817b2c16), TOBN(0x09915109, 0xf1e4f201),
+     TOBN(0x35c9a928, 0x5cca6c3b), TOBN(0xb25f7d1a, 0x3505c900),
+     TOBN(0xeb9f7d20, 0x630480c4), TOBN(0xc3c7b8c6, 0x2a1a501c),
+     TOBN(0x3f99183c, 0x5a1f8e24), TOBN(0xfdb118fa, 0x9dd255f0),
+     TOBN(0xb9b18b90, 0xc27f62a6), TOBN(0xe8f732f7, 0x396ec191),
+     TOBN(0x524a2d91, 0x0be786ab), TOBN(0x5d32adef, 0x0ac5a0f5),
+     TOBN(0x9b53d4d6, 0x9725f694), TOBN(0x032a76c6, 0x0510ba89),
+     TOBN(0x840391a3, 0xebeb1544), TOBN(0x44b7b88c, 0x3ed73ac3),
+     TOBN(0xd24bae7a, 0x256cb8b3), TOBN(0x7ceb151a, 0xe394cb12),
+     TOBN(0xbd6b66d0, 0x5bc1e6a8), TOBN(0xec70cecb, 0x090f07bf),
+     TOBN(0x270644ed, 0x7d937589), TOBN(0xee9e1a3d, 0x5f1dccfe),
+     TOBN(0xb0d40a84, 0x745b98d2), TOBN(0xda429a21, 0x2556ed40),
+     TOBN(0xf676eced, 0x85148cb9), TOBN(0x5a22d40c, 0xded18936),
+     TOBN(0x3bc4b9e5, 0x70e8a4ce), TOBN(0xbfd1445b, 0x9eae0379),
+     TOBN(0xf23f2c0c, 0x1a0bd47e), TOBN(0xa9c0bb31, 0xe1845531),
+     TOBN(0x9ddc4d60, 0x0a4c3f6b), TOBN(0xbdfaad79, 0x2c15ef44),
+     TOBN(0xce55a236, 0x7f484acc), TOBN(0x08653ca7, 0x055b1f15),
+     TOBN(0x2efa8724, 0x538873a3), TOBN(0x09299e5d, 0xace1c7e7),
+     TOBN(0x07afab66, 0xade332ba), TOBN(0x9be1fdf6, 0x92dd71b7),
+     TOBN(0xa49b5d59, 0x5758b11c), TOBN(0x0b852893, 0xc8654f40),
+     TOBN(0xb63ef6f4, 0x52379447), TOBN(0xd4957d29, 0x105e690c),
+     TOBN(0x7d484363, 0x646559b0), TOBN(0xf4a8273c, 0x49788a8e),
+     TOBN(0xee406cb8, 0x34ce54a9), TOBN(0x1e1c260f, 0xf86fda9b),
+     TOBN(0xe150e228, 0xcf6a4a81), TOBN(0x1fa3b6a3, 0x1b488772),
+     TOBN(0x1e6ff110, 0xc5a9c15b), TOBN(0xc6133b91, 0x8ad6aa47),
+     TOBN(0x8ac5d55c, 0x9dffa978), TOBN(0xba1d1c1d, 0x5f3965f2),
+     TOBN(0xf969f4e0, 0x7732b52f), TOBN(0xfceecdb5, 0xa5172a07),
+     TOBN(0xb0120a5f, 0x10f2b8f5), TOBN(0xc83a6cdf, 0x5c4c2f63),
+     TOBN(0x4d47a491, 0xf8f9c213), TOBN(0xd9e1cce5, 0xd3f1bbd5),
+     TOBN(0x0d91bc7c, 0xaba7e372), TOBN(0xfcdc74c8, 0xdfd1a2db),
+     TOBN(0x05efa800, 0x374618e5), TOBN(0x11216969, 0x15a7925e),
+     TOBN(0xd4c89823, 0xf6021c5d), TOBN(0x880d5e84, 0xeff14423),
+     TOBN(0x6523bc5a, 0x6dcd1396), TOBN(0xd1acfdfc, 0x113c978b),
+     TOBN(0xb0c164e8, 0xbbb66840), TOBN(0xf7f4301e, 0x72b58459),
+     TOBN(0xc29ad4a6, 0xa638e8ec), TOBN(0xf5ab8961, 0x46b78699),
+     TOBN(0x9dbd7974, 0x0e954750), TOBN(0x0121de88, 0x64f9d2c6),
+     TOBN(0x2e597b42, 0xd985232e), TOBN(0x55b6c3c5, 0x53451777),
+     TOBN(0xbb53e547, 0x519cb9fb), TOBN(0xf134019f, 0x8428600d),
+     TOBN(0x5a473176, 0xe081791a), TOBN(0x2f3e2263, 0x35fb0c08),
+     TOBN(0xb28c3017, 0x73d273b0), TOBN(0xccd21076, 0x7721ef9a),
+     TOBN(0x054cc292, 0xb650dc39), TOBN(0x662246de, 0x6188045e),
+     TOBN(0x904b52fa, 0x6b83c0d1), TOBN(0xa72df267, 0x97e9cd46),
+     TOBN(0x886b43cd, 0x899725e4), TOBN(0x2b651688, 0xd849ff22),
+     TOBN(0x60479b79, 0x02f34533), TOBN(0x5e354c14, 0x0c77c148),
+     TOBN(0xb4bb7581, 0xa8537c78), TOBN(0x188043d7, 0xefe1495f),
+     TOBN(0x9ba12f42, 0x8c1d5026), TOBN(0x2e0c8a26, 0x93d4aaab),
+     TOBN(0xbdba7b8b, 0xaa57c450), TOBN(0x140c9ad6, 0x9bbdafef),
+     TOBN(0x2067aa42, 0x25ac0f18), TOBN(0xf7b1295b, 0x04d1fbf3),
+     TOBN(0x14829111, 0xa4b04824), TOBN(0x2ce3f192, 0x33bd5e91),
+     TOBN(0x9c7a1d55, 0x8f2e1b72), TOBN(0xfe932286, 0x302aa243),
+     TOBN(0x497ca7b4, 0xd4be9554), TOBN(0xb8e821b8, 0xe0547a6e),
+     TOBN(0xfb2838be, 0x67e573e0), TOBN(0x05891db9, 0x4084c44b),
+     TOBN(0x91311373, 0x96c1c2c5), TOBN(0x6aebfa3f, 0xd958444b),
+     TOBN(0xac9cdce9, 0xe56e55c1), TOBN(0x7148ced3, 0x2caa46d0),
+     TOBN(0x2e10c7ef, 0xb61fe8eb), TOBN(0x9fd835da, 0xff97cf4d),}
+    ,
+    {TOBN(0xa36da109, 0x081e9387), TOBN(0xfb9780d7, 0x8c935828),
+     TOBN(0xd5940332, 0xe540b015), TOBN(0xc9d7b51b, 0xe0f466fa),
+     TOBN(0xfaadcd41, 0xd6d9f671), TOBN(0xba6c1e28, 0xb1a2ac17),
+     TOBN(0x066a7833, 0xed201e5f), TOBN(0x19d99719, 0xf90f462b),
+     TOBN(0xf431f462, 0x060b5f61), TOBN(0xa56f46b4, 0x7bd057c2),
+     TOBN(0x348dca6c, 0x47e1bf65), TOBN(0x9a38783e, 0x41bcf1ff),
+     TOBN(0x7a5d33a9, 0xda710718), TOBN(0x5a779987, 0x2e0aeaf6),
+     TOBN(0xca87314d, 0x2d29d187), TOBN(0xfa0edc3e, 0xc687d733),
+     TOBN(0x9df33621, 0x6a31e09b), TOBN(0xde89e44d, 0xc1350e35),
+     TOBN(0x29214871, 0x4ca0cf52), TOBN(0xdf379672, 0x0b88a538),
+     TOBN(0xc92a510a, 0x2591d61b), TOBN(0x79aa87d7, 0x585b447b),
+     TOBN(0xf67db604, 0xe5287f77), TOBN(0x1697c8bf, 0x5efe7a80),
+     TOBN(0x1c894849, 0xcb198ac7), TOBN(0xa884a93d, 0x0f264665),
+     TOBN(0x2da964ef, 0x9b200678), TOBN(0x3c351b87, 0x009834e6),
+     TOBN(0xafb2ef9f, 0xe2c4b44b), TOBN(0x580f6c47, 0x3326790c),
+     TOBN(0xb8480521, 0x0b02264a), TOBN(0x8ba6f9e2, 0x42a194e2),
+     TOBN(0xfc87975f, 0x8fb54738), TOBN(0x35160788, 0x27c3ead3),
+     TOBN(0x834116d2, 0xb74a085a), TOBN(0x53c99a73, 0xa62fe996),
+     TOBN(0x87585be0, 0x5b81c51b), TOBN(0x925bafa8, 0xbe0852b7),
+     TOBN(0x76a4fafd, 0xa84d19a7), TOBN(0x39a45982, 0x585206d4),
+     TOBN(0x499b6ab6, 0x5eb03c0e), TOBN(0xf19b7954, 0x72bc3fde),
+     TOBN(0xa86b5b9c, 0x6e3a80d2), TOBN(0xe4377508, 0x6d42819f),
+     TOBN(0xc1663650, 0xbb3ee8a3), TOBN(0x75eb14fc, 0xb132075f),
+     TOBN(0xa8ccc906, 0x7ad834f6), TOBN(0xea6a2474, 0xe6e92ffd),
+     TOBN(0x9d72fd95, 0x0f8d6758), TOBN(0xcb84e101, 0x408c07dd),
+     TOBN(0xb9114bfd, 0xa5e23221), TOBN(0x358b5fe2, 0xe94e742c),
+     TOBN(0x1c0577ec, 0x95f40e75), TOBN(0xf0155451, 0x3d73f3d6),
+     TOBN(0x9d55cd67, 0xbd1b9b66), TOBN(0x63e86e78, 0xaf8d63c7),
+     TOBN(0x39d934ab, 0xd3c095f1), TOBN(0x04b261be, 0xe4b76d71),
+     TOBN(0x1d2e6970, 0xe73e6984), TOBN(0x879fb23b, 0x5e5fcb11),
+     TOBN(0x11506c72, 0xdfd75490), TOBN(0x3a97d085, 0x61bcf1c1),
+     TOBN(0x43201d82, 0xbf5e7007), TOBN(0x7f0ac52f, 0x798232a7),
+     TOBN(0x2715cbc4, 0x6eb564d4), TOBN(0x8d6c752c, 0x9e570e29),
+     TOBN(0xf80247c8, 0x9ef5fd5d), TOBN(0xc3c66b46, 0xd53eb514),
+     TOBN(0x9666b401, 0x0f87de56), TOBN(0xce62c06f, 0xc6c603b5),
+     TOBN(0xae7b4c60, 0x7e4fc942), TOBN(0x38ac0b77, 0x663a9c19),
+     TOBN(0xcb4d20ee, 0x4b049136), TOBN(0x8b63bf12, 0x356a4613),
+     TOBN(0x1221aef6, 0x70e08128), TOBN(0xe62d8c51, 0x4acb6b16),
+     TOBN(0x71f64a67, 0x379e7896), TOBN(0xb25237a2, 0xcafd7fa5),
+     TOBN(0xf077bd98, 0x3841ba6a), TOBN(0xc4ac0244, 0x3cd16e7e),
+     TOBN(0x548ba869, 0x21fea4ca), TOBN(0xd36d0817, 0xf3dfdac1),
+     TOBN(0x09d8d71f, 0xf4685faf), TOBN(0x8eff66be, 0xc52c459a),
+     TOBN(0x182faee7, 0x0b57235e), TOBN(0xee3c39b1, 0x0106712b),
+     TOBN(0x5107331f, 0xc0fcdcb0), TOBN(0x669fb9dc, 0xa51054ba),
+     TOBN(0xb25101fb, 0x319d7682), TOBN(0xb0293129, 0x0a982fee),
+     TOBN(0x51c1c9b9, 0x0261b344), TOBN(0x0e008c5b, 0xbfd371fa),
+     TOBN(0xd866dd1c, 0x0278ca33), TOBN(0x666f76a6, 0xe5aa53b1),
+     TOBN(0xe5cfb779, 0x6013a2cf), TOBN(0x1d3a1aad, 0xa3521836),
+     TOBN(0xcedd2531, 0x73faa485), TOBN(0xc8ee6c4f, 0xc0a76878),
+     TOBN(0xddbccfc9, 0x2a11667d), TOBN(0x1a418ea9, 0x1c2f695a),
+     TOBN(0xdb11bd92, 0x51f73971), TOBN(0x3e4b3c82, 0xda2ed89f),
+     TOBN(0x9a44f3f4, 0xe73e0319), TOBN(0xd1e3de0f, 0x303431af),
+     TOBN(0x3c5604ff, 0x50f75f9c), TOBN(0x1d8eddf3, 0x7e752b22),
+     TOBN(0x0ef074dd, 0x3c9a1118), TOBN(0xd0ffc172, 0xccb86d7b),
+     TOBN(0xabd1ece3, 0x037d90f2), TOBN(0xe3f307d6, 0x6055856c),
+     TOBN(0x422f9328, 0x7e4c6daf), TOBN(0x902aac66, 0x334879a0),
+     TOBN(0xb6a1e7bf, 0x94cdfade), TOBN(0x6c97e1ed, 0x7fc6d634),
+     TOBN(0x662ad24d, 0xa2fb63f8), TOBN(0xf81be1b9, 0xa5928405),
+     TOBN(0x86d765e4, 0xd14b4206), TOBN(0xbecc2e0e, 0x8fa0db65),
+     TOBN(0xa28838e0, 0xb17fc76c), TOBN(0xe49a602a, 0xe37cf24e),
+     TOBN(0x76b4131a, 0x567193ec), TOBN(0xaf3c305a, 0xe5f6e70b),
+     TOBN(0x9587bd39, 0x031eebdd), TOBN(0x5709def8, 0x71bbe831),
+     TOBN(0x57059983, 0x0eb2b669), TOBN(0x4d80ce1b, 0x875b7029),
+     TOBN(0x838a7da8, 0x0364ac16), TOBN(0x2f431d23, 0xbe1c83ab),
+     TOBN(0xe56812a6, 0xf9294dd3), TOBN(0xb448d01f, 0x9b4b0d77),
+     TOBN(0xf3ae6061, 0x04e8305c), TOBN(0x2bead645, 0x94d8c63e),
+     TOBN(0x0a85434d, 0x84fd8b07), TOBN(0x537b983f, 0xf7a9dee5),
+     TOBN(0xedcc5f18, 0xef55bd85), TOBN(0x2041af62, 0x21c6cf8b),
+     TOBN(0x8e52874c, 0xb940c71e), TOBN(0x211935a9, 0xdb5f4b3a),
+     TOBN(0x94350492, 0x301b1dc3), TOBN(0x33d2646d, 0x29958620),
+     TOBN(0x16b0d64b, 0xef911404), TOBN(0x9d1f25ea, 0x9a3c5ef4),
+     TOBN(0x20f200eb, 0x4a352c78), TOBN(0x43929f2c, 0x4bd0b428),
+     TOBN(0xa5656667, 0xc7196e29), TOBN(0x7992c2f0, 0x9391be48),
+     TOBN(0xaaa97cbd, 0x9ee0cd6e), TOBN(0x51b0310c, 0x3dc8c9bf),
+     TOBN(0x237f8acf, 0xdd9f22cb), TOBN(0xbb1d81a1, 0xb585d584),
+     TOBN(0x8d5d85f5, 0x8c416388), TOBN(0x0d6e5a5a, 0x42fe474f),
+     TOBN(0xe7812766, 0x38235d4e), TOBN(0x1c62bd67, 0x496e3298),
+     TOBN(0x8378660c, 0x3f175bc8), TOBN(0x4d04e189, 0x17afdd4d),
+     TOBN(0x32a81601, 0x85a8068c), TOBN(0xdb58e4e1, 0x92b29a85),
+     TOBN(0xe8a65b86, 0xc70d8a3b), TOBN(0x5f0e6f4e, 0x98a0403b),
+     TOBN(0x08129684, 0x69ed2370), TOBN(0x34dc30bd, 0x0871ee26),
+     TOBN(0x3a5ce948, 0x7c9c5b05), TOBN(0x7d487b80, 0x43a90c87),
+     TOBN(0x4089ba37, 0xdd0e7179), TOBN(0x45f80191, 0xb4041811),
+     TOBN(0x1c3e1058, 0x98747ba5), TOBN(0x98c4e13a, 0x6e1ae592),
+     TOBN(0xd44636e6, 0xe82c9f9e), TOBN(0x711db87c, 0xc33a1043),
+     TOBN(0x6f431263, 0xaa8aec05), TOBN(0x43ff120d, 0x2744a4aa),
+     TOBN(0xd3bd892f, 0xae77779b), TOBN(0xf0fe0cc9, 0x8cdc9f82),
+     TOBN(0xca5f7fe6, 0xf1c5b1bc), TOBN(0xcc63a682, 0x44929a72),
+     TOBN(0xc7eaba0c, 0x09dbe19a), TOBN(0x2f3585ad, 0x6b5c73c2),
+     TOBN(0x8ab8924b, 0x0ae50c30), TOBN(0x17fcd27a, 0x638b30ba),
+     TOBN(0xaf414d34, 0x10b3d5a5), TOBN(0x09c107d2, 0x2a9accf1),
+     TOBN(0x15dac49f, 0x946a6242), TOBN(0xaec3df2a, 0xd707d642),
+     TOBN(0x2c2492b7, 0x3f894ae0), TOBN(0xf59df3e5, 0xb75f18ce),
+     TOBN(0x7cb740d2, 0x8f53cad0), TOBN(0x3eb585fb, 0xc4f01294),
+     TOBN(0x17da0c86, 0x32c7f717), TOBN(0xeb8c795b, 0xaf943f4c),
+     TOBN(0x4ee23fb5, 0xf67c51d2), TOBN(0xef187575, 0x68889949),
+     TOBN(0xa6b4bdb2, 0x0389168b), TOBN(0xc4ecd258, 0xea577d03),
+     TOBN(0x3a63782b, 0x55743082), TOBN(0x6f678f4c, 0xc72f08cd),
+     TOBN(0x553511cf, 0x65e58dd8), TOBN(0xd53b4e3e, 0xd402c0cd),
+     TOBN(0x37de3e29, 0xa037c14c), TOBN(0x86b6c516, 0xc05712aa),
+     TOBN(0x2834da3e, 0xb38dff6f), TOBN(0xbe012c52, 0xea636be8),
+     TOBN(0x292d238c, 0x61dd37f8), TOBN(0x0e54523f, 0x8f8142db),
+     TOBN(0xe31eb436, 0x036a05d8), TOBN(0x83e3cdff, 0x1e93c0ff),
+     TOBN(0x3fd2fe0f, 0x50821ddf), TOBN(0xc8e19b0d, 0xff9eb33b),
+     TOBN(0xc8cc943f, 0xb569a5fe), TOBN(0xad0090d4, 0xd4342d75),
+     TOBN(0x82090b4b, 0xcaeca000), TOBN(0xca39687f, 0x1bd410eb),
+     TOBN(0xe7bb0df7, 0x65959d77), TOBN(0x39d78218, 0x9c964999),
+     TOBN(0xd87f62e8, 0xb2415451), TOBN(0xe5efb774, 0xbed76108),
+     TOBN(0x3ea011a4, 0xe822f0d0), TOBN(0xbc647ad1, 0x5a8704f8),
+     TOBN(0xbb315b35, 0x50c6820f), TOBN(0x863dec3d, 0xb7e76bec),
+     TOBN(0x01ff5d3a, 0xf017bfc7), TOBN(0x20054439, 0x976b8229),
+     TOBN(0x067fca37, 0x0bbd0d3b), TOBN(0xf63dde64, 0x7f5e3d0f),
+     TOBN(0x22dbefb3, 0x2a4c94e9), TOBN(0xafbff0fe, 0x96f8278a),
+     TOBN(0x80aea0b1, 0x3503793d), TOBN(0xb2238029, 0x5f06cd29),
+     TOBN(0x65703e57, 0x8ec3feca), TOBN(0x06c38314, 0x393e7053),
+     TOBN(0xa0b751eb, 0x7c6734c4), TOBN(0xd2e8a435, 0xc59f0f1e),
+     TOBN(0x147d9052, 0x5e9ca895), TOBN(0x2f4dd31e, 0x972072df),
+     TOBN(0xa16fda8e, 0xe6c6755c), TOBN(0xc66826ff, 0xcf196558),
+     TOBN(0x1f1a76a3, 0x0cf43895), TOBN(0xa9d604e0, 0x83c3097b),
+     TOBN(0xe1908309, 0x66390e0e), TOBN(0xa50bf753, 0xb3c85eff),
+     TOBN(0x0696bdde, 0xf6a70251), TOBN(0x548b801b, 0x3c6ab16a),
+     TOBN(0x37fcf704, 0xa4d08762), TOBN(0x090b3def, 0xdff76c4e),
+     TOBN(0x87e8cb89, 0x69cb9158), TOBN(0x44a90744, 0x995ece43),
+     TOBN(0xf85395f4, 0x0ad9fbf5), TOBN(0x49b0f6c5, 0x4fb0c82d),
+     TOBN(0x75d9bc15, 0xadf7cccf), TOBN(0x81a3e5d6, 0xdfa1e1b0),
+     TOBN(0x8c39e444, 0x249bc17e), TOBN(0xf37dccb2, 0x8ea7fd43),
+     TOBN(0xda654873, 0x907fba12), TOBN(0x35daa6da, 0x4a372904),
+     TOBN(0x0564cfc6, 0x6283a6c5), TOBN(0xd09fa4f6, 0x4a9395bf),
+     TOBN(0x688e9ec9, 0xaeb19a36), TOBN(0xd913f1ce, 0xc7bfbfb4),
+     TOBN(0x797b9a3c, 0x61c2faa6), TOBN(0x2f979bec, 0x6a0a9c12),
+     TOBN(0xb5969d0f, 0x359679ec), TOBN(0xebcf523d, 0x079b0460),
+     TOBN(0xfd6b0008, 0x10fab870), TOBN(0x3f2edcda, 0x9373a39c),
+     TOBN(0x0d64f9a7, 0x6f568431), TOBN(0xf848c27c, 0x02f8898c),
+     TOBN(0xf418ade1, 0x260b5bd5), TOBN(0xc1f3e323, 0x6973dee8),
+     TOBN(0x46e9319c, 0x26c185dd), TOBN(0x6d85b7d8, 0x546f0ac4),
+     TOBN(0x427965f2, 0x247f9d57), TOBN(0xb519b636, 0xb0035f48),
+     TOBN(0x6b6163a9, 0xab87d59c), TOBN(0xff9f58c3, 0x39caaa11),
+     TOBN(0x4ac39cde, 0x3177387b), TOBN(0x5f6557c2, 0x873e77f9),
+     TOBN(0x67504006, 0x36a83041), TOBN(0x9b1c96ca, 0x75ef196c),
+     TOBN(0xf34283de, 0xb08c7940), TOBN(0x7ea09644, 0x1128c316),
+     TOBN(0xb510b3b5, 0x6aa39dff), TOBN(0x59b43da2, 0x9f8e4d8c),
+     TOBN(0xa8ce31fd, 0x9e4c4b9f), TOBN(0x0e20be26, 0xc1303c01),
+     TOBN(0x18187182, 0xe8ee47c9), TOBN(0xd9687cdb, 0x7db98101),
+     TOBN(0x7a520e4d, 0xa1e14ff6), TOBN(0x429808ba, 0x8836d572),
+     TOBN(0xa37ca60d, 0x4944b663), TOBN(0xf901f7a9, 0xa3f91ae5),
+     TOBN(0xe4e3e76e, 0x9e36e3b1), TOBN(0x9aa219cf, 0x29d93250),
+     TOBN(0x347fe275, 0x056a2512), TOBN(0xa4d643d9, 0xde65d95c),
+     TOBN(0x9669d396, 0x699fc3ed), TOBN(0xb598dee2, 0xcf8c6bbe),
+     TOBN(0x682ac1e5, 0xdda9e5c6), TOBN(0x4e0d3c72, 0xcaa9fc95),
+     TOBN(0x17faaade, 0x772bea44), TOBN(0x5ef8428c, 0xab0009c8),
+     TOBN(0xcc4ce47a, 0x460ff016), TOBN(0xda6d12bf, 0x725281cb),
+     TOBN(0x44c67848, 0x0223aad2), TOBN(0x6e342afa, 0x36256e28),
+     TOBN(0x1400bb0b, 0x93a37c04), TOBN(0x62b1bc9b, 0xdd10bd96),
+     TOBN(0x7251adeb, 0x0dac46b7), TOBN(0x7d33b92e, 0x7be4ef51),
+     TOBN(0x28b2a94b, 0xe61fa29a), TOBN(0x4b2be13f, 0x06422233),
+     TOBN(0x36d6d062, 0x330d8d37), TOBN(0x5ef80e1e, 0xb28ca005),
+     TOBN(0x174d4699, 0x6d16768e), TOBN(0x9fc4ff6a, 0x628bf217),
+     TOBN(0x77705a94, 0x154e490d), TOBN(0x9d96dd28, 0x8d2d997a),
+     TOBN(0x77e2d9d8, 0xce5d72c4), TOBN(0x9d06c5a4, 0xc11c714f),
+     TOBN(0x02aa5136, 0x79e4a03e), TOBN(0x1386b3c2, 0x030ff28b),
+     TOBN(0xfe82e8a6, 0xfb283f61), TOBN(0x7df203e5, 0xf3abc3fb),
+     TOBN(0xeec7c351, 0x3a4d3622), TOBN(0xf7d17dbf, 0xdf762761),
+     TOBN(0xc3956e44, 0x522055f0), TOBN(0xde3012db, 0x8fa748db),
+     TOBN(0xca9fcb63, 0xbf1dcc14), TOBN(0xa56d9dcf, 0xbe4e2f3a),
+     TOBN(0xb86186b6, 0x8bcec9c2), TOBN(0x7cf24df9, 0x680b9f06),
+     TOBN(0xc46b45ea, 0xc0d29281), TOBN(0xfff42bc5, 0x07b10e12),
+     TOBN(0x12263c40, 0x4d289427), TOBN(0x3d5f1899, 0xb4848ec4),
+     TOBN(0x11f97010, 0xd040800c), TOBN(0xb4c5f529, 0x300feb20),
+     TOBN(0xcc543f8f, 0xde94fdcb), TOBN(0xe96af739, 0xc7c2f05e),
+     TOBN(0xaa5e0036, 0x882692e1), TOBN(0x09c75b68, 0x950d4ae9),
+     TOBN(0x62f63df2, 0xb5932a7a), TOBN(0x2658252e, 0xde0979ad),
+     TOBN(0x2a19343f, 0xb5e69631), TOBN(0x718c7501, 0x525b666b),
+     TOBN(0x26a42d69, 0xea40dc3a), TOBN(0xdc84ad22, 0xaecc018f),
+     TOBN(0x25c36c7b, 0x3270f04a), TOBN(0x46ba6d47, 0x50fa72ed),
+     TOBN(0x6c37d1c5, 0x93e58a8e), TOBN(0xa2394731, 0x120c088c),
+     TOBN(0xc3be4263, 0xcb6e86da), TOBN(0x2c417d36, 0x7126d038),
+     TOBN(0x5b70f9c5, 0x8b6f8efa), TOBN(0x671a2faa, 0x37718536),
+     TOBN(0xd3ced3c6, 0xb539c92b), TOBN(0xe56f1bd9, 0xa31203c2),
+     TOBN(0x8b096ec4, 0x9ff3c8eb), TOBN(0x2deae432, 0x43491cea),
+     TOBN(0x2465c6eb, 0x17943794), TOBN(0x5d267e66, 0x20586843),
+     TOBN(0x9d3d116d, 0xb07159d0), TOBN(0xae07a67f, 0xc1896210),
+     TOBN(0x8fc84d87, 0xbb961579), TOBN(0x30009e49, 0x1c1f8dd6),
+     TOBN(0x8a8caf22, 0xe3132819), TOBN(0xcffa197c, 0xf23ab4ff),
+     TOBN(0x58103a44, 0x205dd687), TOBN(0x57b796c3, 0x0ded67a2),
+     TOBN(0x0b9c3a6c, 0xa1779ad7), TOBN(0xa33cfe2e, 0x357c09c5),
+     TOBN(0x2ea29315, 0x3db4a57e), TOBN(0x91959695, 0x8ebeb52e),
+     TOBN(0x118db9a6, 0xe546c879), TOBN(0x8e996df4, 0x6295c8d6),
+     TOBN(0xdd990484, 0x55ec806b), TOBN(0x24f291ca, 0x165c1035),
+     TOBN(0xcca523bb, 0x440e2229), TOBN(0x324673a2, 0x73ef4d04),
+     TOBN(0xaf3adf34, 0x3e11ec39), TOBN(0x6136d7f1, 0xdc5968d3),
+     TOBN(0x7a7b2899, 0xb053a927), TOBN(0x3eaa2661, 0xae067ecd),
+     TOBN(0x8549b9c8, 0x02779cd9), TOBN(0x061d7940, 0xc53385ea),
+     TOBN(0x3e0ba883, 0xf06d18bd), TOBN(0x4ba6de53, 0xb2700843),
+     TOBN(0xb966b668, 0x591a9e4d), TOBN(0x93f67567, 0x7f4fa0ed),
+     TOBN(0x5a02711b, 0x4347237b), TOBN(0xbc041e2f, 0xe794608e),
+     TOBN(0x55af10f5, 0x70f73d8c), TOBN(0xd2d4d4f7, 0xbb7564f7),
+     TOBN(0xd7d27a89, 0xb3e93ce7), TOBN(0xf7b5a875, 0x5d3a2c1b),
+     TOBN(0xb29e68a0, 0x255b218a), TOBN(0xb533837e, 0x8af76754),
+     TOBN(0xd1b05a73, 0x579fab2e), TOBN(0xb41055a1, 0xecd74385),
+     TOBN(0xb2369274, 0x445e9115), TOBN(0x2972a7c4, 0xf520274e),
+     TOBN(0x6c08334e, 0xf678e68a), TOBN(0x4e4160f0, 0x99b057ed),
+     TOBN(0x3cfe11b8, 0x52ccb69a), TOBN(0x2fd1823a, 0x21c8f772),
+     TOBN(0xdf7f072f, 0x3298f055), TOBN(0x8c0566f9, 0xfec74a6e),
+     TOBN(0xe549e019, 0x5bb4d041), TOBN(0x7c3930ba, 0x9208d850),
+     TOBN(0xe07141fc, 0xaaa2902b), TOBN(0x539ad799, 0xe4f69ad3),
+     TOBN(0xa6453f94, 0x813f9ffd), TOBN(0xc58d3c48, 0x375bc2f7),
+     TOBN(0xb3326fad, 0x5dc64e96), TOBN(0x3aafcaa9, 0xb240e354),
+     TOBN(0x1d1b0903, 0xaca1e7a9), TOBN(0x4ceb9767, 0x1211b8a0),
+     TOBN(0xeca83e49, 0xe32a858e), TOBN(0x4c32892e, 0xae907bad),
+     TOBN(0xd5b42ab6, 0x2eb9b494), TOBN(0x7fde3ee2, 0x1eabae1b),
+     TOBN(0x13b5ab09, 0xcaf54957), TOBN(0xbfb028be, 0xe5f5d5d5),
+     TOBN(0x928a0650, 0x2003e2c0), TOBN(0x90793aac, 0x67476843),
+     TOBN(0x5e942e79, 0xc81710a0), TOBN(0x557e4a36, 0x27ccadd4),
+     TOBN(0x72a2bc56, 0x4bcf6d0c), TOBN(0x09ee5f43, 0x26d7b80c),
+     TOBN(0x6b70dbe9, 0xd4292f19), TOBN(0x56f74c26, 0x63f16b18),
+     TOBN(0xc23db0f7, 0x35fbb42a), TOBN(0xb606bdf6, 0x6ae10040),
+     TOBN(0x1eb15d4d, 0x044573ac), TOBN(0x7dc3cf86, 0x556b0ba4),
+     TOBN(0x97af9a33, 0xc60df6f7), TOBN(0x0b1ef85c, 0xa716ce8c),
+     TOBN(0x2922f884, 0xc96958be), TOBN(0x7c32fa94, 0x35690963),
+     TOBN(0x2d7f667c, 0xeaa00061), TOBN(0xeaaf7c17, 0x3547365c),
+     TOBN(0x1eb4de46, 0x87032d58), TOBN(0xc54f3d83, 0x5e2c79e0),
+     TOBN(0x07818df4, 0x5d04ef23), TOBN(0x55faa9c8, 0x673d41b4),
+     TOBN(0xced64f6f, 0x89b95355), TOBN(0x4860d2ea, 0xb7415c84),
+     TOBN(0x5fdb9bd2, 0x050ebad3), TOBN(0xdb53e0cc, 0x6685a5bf),
+     TOBN(0xb830c031, 0x9feb6593), TOBN(0xdd87f310, 0x6accff17),
+     TOBN(0x2303ebab, 0x9f555c10), TOBN(0x94603695, 0x287e7065),
+     TOBN(0xf88311c3, 0x2e83358c), TOBN(0x508dd9b4, 0xeefb0178),
+     TOBN(0x7ca23706, 0x2dba8652), TOBN(0x62aac5a3, 0x0047abe5),
+     TOBN(0x9a61d2a0, 0x8b1ea7b3), TOBN(0xd495ab63, 0xae8b1485),
+     TOBN(0x38740f84, 0x87052f99), TOBN(0x178ebe5b, 0xb2974eea),
+     TOBN(0x030bbcca, 0x5b36d17f), TOBN(0xb5e4cce3, 0xaaf86eea),
+     TOBN(0xb51a0220, 0x68f8e9e0), TOBN(0xa4348796, 0x09eb3e75),
+     TOBN(0xbe592309, 0xeef1a752), TOBN(0x5d7162d7, 0x6f2aa1ed),
+     TOBN(0xaebfb5ed, 0x0f007dd2), TOBN(0x255e14b2, 0xc89edd22),
+     TOBN(0xba85e072, 0x0303b697), TOBN(0xc5d17e25, 0xf05720ff),
+     TOBN(0x02b58d6e, 0x5128ebb6), TOBN(0x2c80242d, 0xd754e113),
+     TOBN(0x919fca5f, 0xabfae1ca), TOBN(0x937afaac, 0x1a21459b),
+     TOBN(0x9e0ca91c, 0x1f66a4d2), TOBN(0x194cc7f3, 0x23ec1331),
+     TOBN(0xad25143a, 0x8aa11690), TOBN(0xbe40ad8d, 0x09b59e08),
+     TOBN(0x37d60d9b, 0xe750860a), TOBN(0x6c53b008, 0xc6bf434c),
+     TOBN(0xb572415d, 0x1356eb80), TOBN(0xb8bf9da3, 0x9578ded8),
+     TOBN(0x22658e36, 0x5e8fb38b), TOBN(0x9b70ce22, 0x5af8cb22),
+     TOBN(0x7c00018a, 0x829a8180), TOBN(0x84329f93, 0xb81ed295),
+     TOBN(0x7c343ea2, 0x5f3cea83), TOBN(0x38f8655f, 0x67586536),
+     TOBN(0xa661a0d0, 0x1d3ec517), TOBN(0x98744652, 0x512321ae),
+     TOBN(0x084ca591, 0xeca92598), TOBN(0xa9bb9dc9, 0x1dcb3feb),
+     TOBN(0x14c54355, 0x78b4c240), TOBN(0x5ed62a3b, 0x610cafdc),
+     TOBN(0x07512f37, 0x1b38846b), TOBN(0x571bb70a, 0xb0e38161),
+     TOBN(0xb556b95b, 0x2da705d2), TOBN(0x3ef8ada6, 0xb1a08f98),
+     TOBN(0x85302ca7, 0xddecfbe5), TOBN(0x0e530573, 0x943105cd),
+     TOBN(0x60554d55, 0x21a9255d), TOBN(0x63a32fa1, 0xf2f3802a),
+     TOBN(0x35c8c5b0, 0xcd477875), TOBN(0x97f458ea, 0x6ad42da1),
+     TOBN(0x832d7080, 0xeb6b242d), TOBN(0xd30bd023, 0x3b71e246),
+     TOBN(0x7027991b, 0xbe31139d), TOBN(0x68797e91, 0x462e4e53),
+     TOBN(0x423fe20a, 0x6b4e185a), TOBN(0x82f2c67e, 0x42d9b707),
+     TOBN(0x25c81768, 0x4cf7811b), TOBN(0xbd53005e, 0x045bb95d),}
+    ,
+    {TOBN(0xe5f649be, 0x9d8e68fd), TOBN(0xdb0f0533, 0x1b044320),
+     TOBN(0xf6fde9b3, 0xe0c33398), TOBN(0x92f4209b, 0x66c8cfae),
+     TOBN(0xe9d1afcc, 0x1a739d4b), TOBN(0x09aea75f, 0xa28ab8de),
+     TOBN(0x14375fb5, 0xeac6f1d0), TOBN(0x6420b560, 0x708f7aa5),
+     TOBN(0x9eae499c, 0x6254dc41), TOBN(0x7e293924, 0x7a837e7e),
+     TOBN(0x74aec08c, 0x090524a7), TOBN(0xf82b9219, 0x8d6f55f2),
+     TOBN(0x493c962e, 0x1402cec5), TOBN(0x9f17ca17, 0xfa2f30e7),
+     TOBN(0xbcd783e8, 0xe9b879cb), TOBN(0xea3d8c14, 0x5a6f145f),
+     TOBN(0xdede15e7, 0x5e0dee6e), TOBN(0x74f24872, 0xdc628aa2),
+     TOBN(0xd3e9c4fe, 0x7861bb93), TOBN(0x56d4822a, 0x6187b2e0),
+     TOBN(0xb66417cf, 0xc59826f9), TOBN(0xca260969, 0x2408169e),
+     TOBN(0xedf69d06, 0xc79ef885), TOBN(0x00031f8a, 0xdc7d138f),
+     TOBN(0x103c46e6, 0x0ebcf726), TOBN(0x4482b831, 0x6231470e),
+     TOBN(0x6f6dfaca, 0x487c2109), TOBN(0x2e0ace97, 0x62e666ef),
+     TOBN(0x3246a9d3, 0x1f8d1f42), TOBN(0x1b1e83f1, 0x574944d2),
+     TOBN(0x13dfa63a, 0xa57f334b), TOBN(0x0cf8daed, 0x9f025d81),
+     TOBN(0x30d78ea8, 0x00ee11c1), TOBN(0xeb053cd4, 0xb5e3dd75),
+     TOBN(0x9b65b13e, 0xd58c43c5), TOBN(0xc3ad49bd, 0xbd151663),
+     TOBN(0x99fd8e41, 0xb6427990), TOBN(0x12cf15bd, 0x707eae1e),
+     TOBN(0x29ad4f1b, 0x1aabb71e), TOBN(0x5143e74d, 0x07545d0e),
+     TOBN(0x30266336, 0xc88bdee1), TOBN(0x25f29306, 0x5876767c),
+     TOBN(0x9c078571, 0xc6731996), TOBN(0xc88690b2, 0xed552951),
+     TOBN(0x274f2c2d, 0x852705b4), TOBN(0xb0bf8d44, 0x4e09552d),
+     TOBN(0x7628beeb, 0x986575d1), TOBN(0x407be238, 0x7f864651),
+     TOBN(0x0e5e3049, 0xa639fc6b), TOBN(0xe75c35d9, 0x86003625),
+     TOBN(0x0cf35bd8, 0x5dcc1646), TOBN(0x8bcaced2, 0x6c26273a),
+     TOBN(0xe22ecf1d, 0xb5536742), TOBN(0x013dd897, 0x1a9e068b),
+     TOBN(0x17f411cb, 0x8a7909c5), TOBN(0x5757ac98, 0x861dd506),
+     TOBN(0x85de1f0d, 0x1e935abb), TOBN(0xdefd10b4, 0x154de37a),
+     TOBN(0xb8d9e392, 0x369cebb5), TOBN(0x54d5ef9b, 0x761324be),
+     TOBN(0x4d6341ba, 0x74f17e26), TOBN(0xc0a0e3c8, 0x78c1dde4),
+     TOBN(0xa6d77581, 0x87d918fd), TOBN(0x66876015, 0x02ca3a13),
+     TOBN(0xc7313e9c, 0xf36658f0), TOBN(0xc433ef1c, 0x71f8057e),
+     TOBN(0x85326246, 0x1b6a835a), TOBN(0xc8f05398, 0x7c86394c),
+     TOBN(0xff398cdf, 0xe983c4a1), TOBN(0xbf5e8162, 0x03b7b931),
+     TOBN(0x93193c46, 0xb7b9045b), TOBN(0x1e4ebf5d, 0xa4a6e46b),
+     TOBN(0xf9942a60, 0x43a24fe7), TOBN(0x29c1191e, 0xffb3492b),
+     TOBN(0x9f662449, 0x902fde05), TOBN(0xc792a7ac, 0x6713c32d),
+     TOBN(0x2fd88ad8, 0xb737982c), TOBN(0x7e3a0319, 0xa21e60e3),
+     TOBN(0x09b0de44, 0x7383591a), TOBN(0x6df141ee, 0x8310a456),
+     TOBN(0xaec1a039, 0xe6d6f471), TOBN(0x14b2ba0f, 0x1198d12e),
+     TOBN(0xebc1a160, 0x3aeee5ac), TOBN(0x401f4836, 0xe0b964ce),
+     TOBN(0x2ee43796, 0x4fd03f66), TOBN(0x3fdb4e49, 0xdd8f3f12),
+     TOBN(0x6ef267f6, 0x29380f18), TOBN(0x3e8e9670, 0x8da64d16),
+     TOBN(0xbc19180c, 0x207674f1), TOBN(0x112e09a7, 0x33ae8fdb),
+     TOBN(0x99667554, 0x6aaeb71e), TOBN(0x79432af1, 0xe101b1c7),
+     TOBN(0xd5eb558f, 0xde2ddec6), TOBN(0x81392d1f, 0x5357753f),
+     TOBN(0xa7a76b97, 0x3ae1158a), TOBN(0x416fbbff, 0x4a899991),
+     TOBN(0x9e65fdfd, 0x0d4a9dcf), TOBN(0x7bc29e48, 0x944ddf12),
+     TOBN(0xbc1a92d9, 0x3c856866), TOBN(0x273c6905, 0x6e98dfe2),
+     TOBN(0x69fce418, 0xcdfaa6b8), TOBN(0x606bd823, 0x5061c69f),
+     TOBN(0x42d495a0, 0x6af75e27), TOBN(0x8ed3d505, 0x6d873a1f),
+     TOBN(0xaf552841, 0x6ab25b6a), TOBN(0xc6c0ffc7, 0x2b1a4523),
+     TOBN(0xab18827b, 0x21c99e03), TOBN(0x060e8648, 0x9034691b),
+     TOBN(0x5207f90f, 0x93c7f398), TOBN(0x9f4a96cb, 0x82f8d10b),
+     TOBN(0xdd71cd79, 0x3ad0f9e3), TOBN(0x84f435d2, 0xfc3a54f5),
+     TOBN(0x4b03c55b, 0x8e33787f), TOBN(0xef42f975, 0xa6384673),
+     TOBN(0xff7304f7, 0x5051b9f0), TOBN(0x18aca1dc, 0x741c87c2),
+     TOBN(0x56f120a7, 0x2d4bfe80), TOBN(0xfd823b3d, 0x053e732c),
+     TOBN(0x11bccfe4, 0x7537ca16), TOBN(0xdf6c9c74, 0x1b5a996b),
+     TOBN(0xee7332c7, 0x904fc3fa), TOBN(0x14a23f45, 0xc7e3636a),
+     TOBN(0xc38659c3, 0xf091d9aa), TOBN(0x4a995e5d, 0xb12d8540),
+     TOBN(0x20a53bec, 0xf3a5598a), TOBN(0x56534b17, 0xb1eaa995),
+     TOBN(0x9ed3dca4, 0xbf04e03c), TOBN(0x716c563a, 0xd8d56268),
+     TOBN(0x27ba77a4, 0x1d6178e7), TOBN(0xe4c80c40, 0x68a1ff8e),
+     TOBN(0x75011099, 0x0a13f63d), TOBN(0x7bf33521, 0xa61d46f3),
+     TOBN(0x0aff218e, 0x10b365bb), TOBN(0x81021804, 0x0fd7ea75),
+     TOBN(0x05a3fd8a, 0xa4b3a925), TOBN(0xb829e75f, 0x9b3db4e6),
+     TOBN(0x6bdc75a5, 0x4d53e5fb), TOBN(0x04a5dc02, 0xd52717e3),
+     TOBN(0x86af502f, 0xe9a42ec2), TOBN(0x8867e8fb, 0x2630e382),
+     TOBN(0xbf845c6e, 0xbec9889b), TOBN(0x54f491f2, 0xcb47c98d),
+     TOBN(0xa3091fba, 0x790c2a12), TOBN(0xd7f6fd78, 0xc20f708b),
+     TOBN(0xa569ac30, 0xacde5e17), TOBN(0xd0f996d0, 0x6852b4d7),
+     TOBN(0xe51d4bb5, 0x4609ae54), TOBN(0x3fa37d17, 0x0daed061),
+     TOBN(0x62a88684, 0x34b8fb41), TOBN(0x99a2acbd, 0x9efb64f1),
+     TOBN(0xb75c1a5e, 0x6448e1f2), TOBN(0xfa99951a, 0x42b5a069),
+     TOBN(0x6d956e89, 0x2f3b26e7), TOBN(0xf4709860, 0xda875247),
+     TOBN(0x3ad15179, 0x2482dda3), TOBN(0xd64110e3, 0x017d82f0),
+     TOBN(0x14928d2c, 0xfad414e4), TOBN(0x2b155f58, 0x2ed02b24),
+     TOBN(0x481a141b, 0xcb821bf1), TOBN(0x12e3c770, 0x4f81f5da),
+     TOBN(0xe49c5de5, 0x9fff8381), TOBN(0x11053232, 0x5bbec894),
+     TOBN(0xa0d051cc, 0x454d88c4), TOBN(0x4f6db89c, 0x1f8e531b),
+     TOBN(0x34fe3fd6, 0xca563a44), TOBN(0x7f5c2215, 0x58da8ab9),
+     TOBN(0x8445016d, 0x9474f0a1), TOBN(0x17d34d61, 0xcb7d8a0a),
+     TOBN(0x8e9d3910, 0x1c474019), TOBN(0xcaff2629, 0xd52ceefb),
+     TOBN(0xf9cf3e32, 0xc1622c2b), TOBN(0xd4b95e3c, 0xe9071a05),
+     TOBN(0xfbbca61f, 0x1594438c), TOBN(0x1eb6e6a6, 0x04aadedf),
+     TOBN(0x853027f4, 0x68e14940), TOBN(0x221d322a, 0xdfabda9c),
+     TOBN(0xed8ea9f6, 0xb7cb179a), TOBN(0xdc7b764d, 0xb7934dcc),
+     TOBN(0xfcb13940, 0x5e09180d), TOBN(0x6629a6bf, 0xb47dc2dd),
+     TOBN(0xbfc55e4e, 0x9f5a915e), TOBN(0xb1db9d37, 0x6204441e),
+     TOBN(0xf82d68cf, 0x930c5f53), TOBN(0x17d3a142, 0xcbb605b1),
+     TOBN(0xdd5944ea, 0x308780f2), TOBN(0xdc8de761, 0x3845f5e4),
+     TOBN(0x6beaba7d, 0x7624d7a3), TOBN(0x1e709afd, 0x304df11e),
+     TOBN(0x95364376, 0x02170456), TOBN(0xbf204b3a, 0xc8f94b64),
+     TOBN(0x4e53af7c, 0x5680ca68), TOBN(0x0526074a, 0xe0c67574),
+     TOBN(0x95d8cef8, 0xecd92af6), TOBN(0xe6b9fa7a, 0x6cd1745a),
+     TOBN(0x3d546d3d, 0xa325c3e4), TOBN(0x1f57691d, 0x9ae93aae),
+     TOBN(0xe891f3fe, 0x9d2e1a33), TOBN(0xd430093f, 0xac063d35),
+     TOBN(0xeda59b12, 0x5513a327), TOBN(0xdc2134f3, 0x5536f18f),
+     TOBN(0xaa51fe2c, 0x5c210286), TOBN(0x3f68aaee, 0x1cab658c),
+     TOBN(0x5a23a00b, 0xf9357292), TOBN(0x9a626f39, 0x7efdabed),
+     TOBN(0xfe2b3bf3, 0x199d78e3), TOBN(0xb7a2af77, 0x71bbc345),
+     TOBN(0x3d19827a, 0x1e59802c), TOBN(0x823bbc15, 0xb487a51c),
+     TOBN(0x856139f2, 0x99d0a422), TOBN(0x9ac3df65, 0xf456c6fb),
+     TOBN(0xaddf65c6, 0x701f8bd6), TOBN(0x149f321e, 0x3758df87),
+     TOBN(0xb1ecf714, 0x721b7eba), TOBN(0xe17df098, 0x31a3312a),
+     TOBN(0xdb2fd6ec, 0xd5c4d581), TOBN(0xfd02996f, 0x8fcea1b3),
+     TOBN(0xe29fa63e, 0x7882f14f), TOBN(0xc9f6dc35, 0x07c6cadc),
+     TOBN(0x46f22d6f, 0xb882bed0), TOBN(0x1a45755b, 0xd118e52c),
+     TOBN(0x9f2c7c27, 0x7c4608cf), TOBN(0x7ccbdf32, 0x568012c2),
+     TOBN(0xfcb0aedd, 0x61729b0e), TOBN(0x7ca2ca9e, 0xf7d75dbf),
+     TOBN(0xf58fecb1, 0x6f640f62), TOBN(0xe274b92b, 0x39f51946),
+     TOBN(0x7f4dfc04, 0x6288af44), TOBN(0x0a91f32a, 0xeac329e5),
+     TOBN(0x43ad274b, 0xd6aaba31), TOBN(0x719a1640, 0x0f6884f9),
+     TOBN(0x685d29f6, 0xdaf91e20), TOBN(0x5ec1cc33, 0x27e49d52),
+     TOBN(0x38f4de96, 0x3b54a059), TOBN(0x0e0015e5, 0xefbcfdb3),
+     TOBN(0x177d23d9, 0x4dbb8da6), TOBN(0x98724aa2, 0x97a617ad),
+     TOBN(0x30f0885b, 0xfdb6558e), TOBN(0xf9f7a28a, 0xc7899a96),
+     TOBN(0xd2ae8ac8, 0x872dc112), TOBN(0xfa0642ca, 0x73c3c459),
+     TOBN(0x15296981, 0xe7dfc8d6), TOBN(0x67cd4450, 0x1fb5b94a),
+     TOBN(0x0ec71cf1, 0x0eddfd37), TOBN(0xc7e5eeb3, 0x9a8eddc7),
+     TOBN(0x02ac8e3d, 0x81d95028), TOBN(0x0088f172, 0x70b0e35d),
+     TOBN(0xec041fab, 0xe1881fe3), TOBN(0x62cf71b8, 0xd99e7faa),
+     TOBN(0x5043dea7, 0xe0f222c2), TOBN(0x309d42ac, 0x72e65142),
+     TOBN(0x94fe9ddd, 0x9216cd30), TOBN(0xd6539c7d, 0x0f87feec),
+     TOBN(0x03c5a57c, 0x432ac7d7), TOBN(0x72692cf0, 0x327fda10),
+     TOBN(0xec28c85f, 0x280698de), TOBN(0x2331fb46, 0x7ec283b1),
+     TOBN(0xd34bfa32, 0x2867e633), TOBN(0x78709a82, 0x0a9cc815),
+     TOBN(0xb7fe6964, 0x875e2fa5), TOBN(0x25cc064f, 0x9e98bfb5),
+     TOBN(0x9eb0151c, 0x493a65c5), TOBN(0x5fb5d941, 0x53182464),
+     TOBN(0x69e6f130, 0xf04618e2), TOBN(0xa8ecec22, 0xf89c8ab6),
+     TOBN(0xcd6ac88b, 0xb96209bd), TOBN(0x65fa8cdb, 0xb3e1c9e0),
+     TOBN(0xa47d22f5, 0x4a8d8eac), TOBN(0x83895cdf, 0x8d33f963),
+     TOBN(0xa8adca59, 0xb56cd3d1), TOBN(0x10c8350b, 0xdaf38232),
+     TOBN(0x2b161fb3, 0xa5080a9f), TOBN(0xbe7f5c64, 0x3af65b3a),
+     TOBN(0x2c754039, 0x97403a11), TOBN(0x94626cf7, 0x121b96af),
+     TOBN(0x431de7c4, 0x6a983ec2), TOBN(0x3780dd3a, 0x52cc3df7),
+     TOBN(0xe28a0e46, 0x2baf8e3b), TOBN(0xabe68aad, 0x51d299ae),
+     TOBN(0x603eb8f9, 0x647a2408), TOBN(0x14c61ed6, 0x5c750981),
+     TOBN(0x88b34414, 0xc53352e7), TOBN(0x5a34889c, 0x1337d46e),
+     TOBN(0x612c1560, 0xf95f2bc8), TOBN(0x8a3f8441, 0xd4807a3a),
+     TOBN(0x680d9e97, 0x5224da68), TOBN(0x60cd6e88, 0xc3eb00e9),
+     TOBN(0x3875a98e, 0x9a6bc375), TOBN(0xdc80f924, 0x4fd554c2),
+     TOBN(0x6c4b3415, 0x6ac77407), TOBN(0xa1e5ea8f, 0x25420681),
+     TOBN(0x541bfa14, 0x4607a458), TOBN(0x5dbc7e7a, 0x96d7fbf9),
+     TOBN(0x646a851b, 0x31590a47), TOBN(0x039e85ba, 0x15ee6df8),
+     TOBN(0xd19fa231, 0xd7b43fc0), TOBN(0x84bc8be8, 0x299a0e04),
+     TOBN(0x2b9d2936, 0xf20df03a), TOBN(0x24054382, 0x8608d472),
+     TOBN(0x76b6ba04, 0x9149202a), TOBN(0xb21c3831, 0x3670e7b7),
+     TOBN(0xddd93059, 0xd6fdee10), TOBN(0x9da47ad3, 0x78488e71),
+     TOBN(0x99cc1dfd, 0xa0fcfb25), TOBN(0x42abde10, 0x64696954),
+     TOBN(0x14cc15fc, 0x17eab9fe), TOBN(0xd6e863e4, 0xd3e70972),
+     TOBN(0x29a7765c, 0x6432112c), TOBN(0x88660001, 0x5b0774d8),
+     TOBN(0x3729175a, 0x2c088eae), TOBN(0x13afbcae, 0x8230b8d4),
+     TOBN(0x44768151, 0x915f4379), TOBN(0xf086431a, 0xd8d22812),
+     TOBN(0x37461955, 0xc298b974), TOBN(0x905fb5f0, 0xf8711e04),
+     TOBN(0x787abf3a, 0xfe969d18), TOBN(0x392167c2, 0x6f6a494e),
+     TOBN(0xfc7a0d2d, 0x28c511da), TOBN(0xf127c7dc, 0xb66a262d),
+     TOBN(0xf9c4bb95, 0xfd63fdf0), TOBN(0x90016589, 0x3913ef46),
+     TOBN(0x74d2a73c, 0x11aa600d), TOBN(0x2f5379bd, 0x9fb5ab52),
+     TOBN(0xe49e53a4, 0x7fb70068), TOBN(0x68dd39e5, 0x404aa9a7),
+     TOBN(0xb9b0cf57, 0x2ecaa9c3), TOBN(0xba0e103b, 0xe824826b),
+     TOBN(0x60c2198b, 0x4631a3c4), TOBN(0xc5ff84ab, 0xfa8966a2),
+     TOBN(0x2d6ebe22, 0xac95aff8), TOBN(0x1c9bb6db, 0xb5a46d09),
+     TOBN(0x419062da, 0x53ee4f8d), TOBN(0x7b9042d0, 0xbb97efef),
+     TOBN(0x0f87f080, 0x830cf6bd), TOBN(0x4861d19a, 0x6ec8a6c6),
+     TOBN(0xd3a0daa1, 0x202f01aa), TOBN(0xb0111674, 0xf25afbd5),
+     TOBN(0x6d00d6cf, 0x1afb20d9), TOBN(0x13695000, 0x40671bc5),
+     TOBN(0x913ab0dc, 0x2485ea9b), TOBN(0x1f2bed06, 0x9eef61ac),
+     TOBN(0x850c8217, 0x6d799e20), TOBN(0x93415f37, 0x3271c2de),
+     TOBN(0x5afb06e9, 0x6c4f5910), TOBN(0x688a52df, 0xc4e9e421),
+     TOBN(0x30495ba3, 0xe2a9a6db), TOBN(0x4601303d, 0x58f9268b),
+     TOBN(0xbe3b0dad, 0x7eb0f04f), TOBN(0x4ea47250, 0x4456936d),
+     TOBN(0x8caf8798, 0xd33fd3e7), TOBN(0x1ccd8a89, 0xeb433708),
+     TOBN(0x9effe3e8, 0x87fd50ad), TOBN(0xbe240a56, 0x6b29c4df),
+     TOBN(0xec4ffd98, 0xca0e7ebd), TOBN(0xf586783a, 0xe748616e),
+     TOBN(0xa5b00d8f, 0xc77baa99), TOBN(0x0acada29, 0xb4f34c9c),
+     TOBN(0x36dad67d, 0x0fe723ac), TOBN(0x1d8e53a5, 0x39c36c1e),
+     TOBN(0xe4dd342d, 0x1f4bea41), TOBN(0x64fd5e35, 0xebc9e4e0),
+     TOBN(0x96f01f90, 0x57908805), TOBN(0xb5b9ea3d, 0x5ed480dd),
+     TOBN(0x366c5dc2, 0x3efd2dd0), TOBN(0xed2fe305, 0x6e9dfa27),
+     TOBN(0x4575e892, 0x6e9197e2), TOBN(0x11719c09, 0xab502a5d),
+     TOBN(0x264c7bec, 0xe81f213f), TOBN(0x741b9241, 0x55f5c457),
+     TOBN(0x78ac7b68, 0x49a5f4f4), TOBN(0xf91d70a2, 0x9fc45b7d),
+     TOBN(0x39b05544, 0xb0f5f355), TOBN(0x11f06bce, 0xeef930d9),
+     TOBN(0xdb84d25d, 0x038d05e1), TOBN(0x04838ee5, 0xbacc1d51),
+     TOBN(0x9da3ce86, 0x9e8ee00b), TOBN(0xc3412057, 0xc36eda1f),
+     TOBN(0xae80b913, 0x64d9c2f4), TOBN(0x7468bac3, 0xa010a8ff),
+     TOBN(0xdfd20037, 0x37359d41), TOBN(0x1a0f5ab8, 0x15efeacc),
+     TOBN(0x7c25ad2f, 0x659d0ce0), TOBN(0x4011bcbb, 0x6785cff1),
+     TOBN(0x128b9912, 0x7e2192c7), TOBN(0xa549d8e1, 0x13ccb0e8),
+     TOBN(0x805588d8, 0xc85438b1), TOBN(0x5680332d, 0xbc25cb27),
+     TOBN(0xdcd1bc96, 0x1a4bfdf4), TOBN(0x779ff428, 0x706f6566),
+     TOBN(0x8bbee998, 0xf059987a), TOBN(0xf6ce8cf2, 0xcc686de7),
+     TOBN(0xf8ad3c4a, 0x953cfdb2), TOBN(0xd1d426d9, 0x2205da36),
+     TOBN(0xb3c0f13f, 0xc781a241), TOBN(0x3e89360e, 0xd75362a8),
+     TOBN(0xccd05863, 0xc8a91184), TOBN(0x9bd0c9b7, 0xefa8a7f4),
+     TOBN(0x97ee4d53, 0x8a912a4b), TOBN(0xde5e15f8, 0xbcf518fd),
+     TOBN(0x6a055bf8, 0xc467e1e0), TOBN(0x10be4b4b, 0x1587e256),
+     TOBN(0xd90c14f2, 0x668621c9), TOBN(0xd5518f51, 0xab9c92c1),
+     TOBN(0x8e6a0100, 0xd6d47b3c), TOBN(0xcbe980dd, 0x66716175),
+     TOBN(0x500d3f10, 0xddd83683), TOBN(0x3b6cb35d, 0x99cac73c),
+     TOBN(0x53730c8b, 0x6083d550), TOBN(0xcf159767, 0xdf0a1987),
+     TOBN(0x84bfcf53, 0x43ad73b3), TOBN(0x1b528c20, 0x4f035a94),
+     TOBN(0x4294edf7, 0x33eeac69), TOBN(0xb6283e83, 0x817f3240),
+     TOBN(0xc3fdc959, 0x0a5f25b1), TOBN(0xefaf8aa5, 0x5844ee22),
+     TOBN(0xde269ba5, 0xdbdde4de), TOBN(0xe3347160, 0xc56133bf),
+     TOBN(0xc1184219, 0x8d9ea9f8), TOBN(0x090de5db, 0xf3fc1ab5),
+     TOBN(0x404c37b1, 0x0bf22cda), TOBN(0x7de20ec8, 0xf5618894),
+     TOBN(0x754c588e, 0xecdaecab), TOBN(0x6ca4b0ed, 0x88342743),
+     TOBN(0x76f08bdd, 0xf4a938ec), TOBN(0xd182de89, 0x91493ccb),
+     TOBN(0xd652c53e, 0xc8a4186a), TOBN(0xb3e878db, 0x946d8e33),
+     TOBN(0x088453c0, 0x5f37663c), TOBN(0x5cd9daaa, 0xb407748b),
+     TOBN(0xa1f5197f, 0x586d5e72), TOBN(0x47500be8, 0xc443ca59),
+     TOBN(0x78ef35b2, 0xe2652424), TOBN(0x09c5d26f, 0x6dd7767d),
+     TOBN(0x7175a79a, 0xa74d3f7b), TOBN(0x0428fd8d, 0xcf5ea459),
+     TOBN(0x511cb97c, 0xa5d1746d), TOBN(0x36363939, 0xe71d1278),
+     TOBN(0xcf2df955, 0x10350bf4), TOBN(0xb3817439, 0x60aae782),
+     TOBN(0xa748c0e4, 0x3e688809), TOBN(0x98021fbf, 0xd7a5a006),
+     TOBN(0x9076a70c, 0x0e367a98), TOBN(0xbea1bc15, 0x0f62b7c2),
+     TOBN(0x2645a68c, 0x30fe0343), TOBN(0xacaffa78, 0x699dc14f),
+     TOBN(0xf4469964, 0x457bf9c4), TOBN(0x0db6407b, 0x0d2ead83),
+     TOBN(0x68d56cad, 0xb2c6f3eb), TOBN(0x3b512e73, 0xf376356c),
+     TOBN(0xe43b0e1f, 0xfce10408), TOBN(0x89ddc003, 0x5a5e257d),
+     TOBN(0xb0ae0d12, 0x0362e5b3), TOBN(0x07f983c7, 0xb0519161),
+     TOBN(0xc2e94d15, 0x5d5231e7), TOBN(0xcff22aed, 0x0b4f9513),
+     TOBN(0xb02588dd, 0x6ad0b0b5), TOBN(0xb967d1ac, 0x11d0dcd5),
+     TOBN(0x8dac6bc6, 0xcf777b6c), TOBN(0x0062bdbd, 0x4c6d1959),
+     TOBN(0x53da71b5, 0x0ef5cc85), TOBN(0x07012c7d, 0x4006f14f),
+     TOBN(0x4617f962, 0xac47800d), TOBN(0x53365f2b, 0xc102ed75),
+     TOBN(0xb422efcb, 0x4ab8c9d3), TOBN(0x195cb26b, 0x34af31c9),
+     TOBN(0x3a926e29, 0x05f2c4ce), TOBN(0xbd2bdecb, 0x9856966c),
+     TOBN(0x5d16ab3a, 0x85527015), TOBN(0x9f81609e, 0x4486c231),
+     TOBN(0xd8b96b2c, 0xda350002), TOBN(0xbd054690, 0xfa1b7d36),
+     TOBN(0xdc90ebf5, 0xe71d79bc), TOBN(0xf241b6f9, 0x08964e4e),
+     TOBN(0x7c838643, 0x2fe3cd4c), TOBN(0xe0f33acb, 0xb4bc633c),
+     TOBN(0xb4a9ecec, 0x3d139f1f), TOBN(0x05ce69cd, 0xdc4a1f49),
+     TOBN(0xa19d1b16, 0xf5f98aaf), TOBN(0x45bb71d6, 0x6f23e0ef),
+     TOBN(0x33789fcd, 0x46cdfdd3), TOBN(0x9b8e2978, 0xcee040ca),
+     TOBN(0x9c69b246, 0xae0a6828), TOBN(0xba533d24, 0x7078d5aa),
+     TOBN(0x7a2e42c0, 0x7bb4fbdb), TOBN(0xcfb4879a, 0x7035385c),
+     TOBN(0x8c3dd30b, 0x3281705b), TOBN(0x7e361c6c, 0x404fe081),
+     TOBN(0x7b21649c, 0x3f604edf), TOBN(0x5dbf6a3f, 0xe52ffe47),
+     TOBN(0xc41b7c23, 0x4b54d9bf), TOBN(0x1374e681, 0x3511c3d9),
+     TOBN(0x1863bf16, 0xc1b2b758), TOBN(0x90e78507, 0x1e9e6a96),
+     TOBN(0xab4bf98d, 0x5d86f174), TOBN(0xd74e0bd3, 0x85e96fe4),
+     TOBN(0x8afde39f, 0xcac5d344), TOBN(0x90946dbc, 0xbd91b847),
+     TOBN(0xf5b42358, 0xfe1a838c), TOBN(0x05aae6c5, 0x620ac9d8),
+     TOBN(0x8e193bd8, 0xa1ce5a0b), TOBN(0x8f710571, 0x4dabfd72),
+     TOBN(0x8d8fdd48, 0x182caaac), TOBN(0x8c4aeefa, 0x040745cf),
+     TOBN(0x73c6c30a, 0xf3b93e6d), TOBN(0x991241f3, 0x16f42011),
+     TOBN(0xa0158eea, 0xe457a477), TOBN(0xd19857db, 0xee6ddc05),
+     TOBN(0xb3265224, 0x18c41671), TOBN(0x3ffdfc7e, 0x3c2c0d58),
+     TOBN(0x3a3a5254, 0x26ee7cda), TOBN(0x341b0869, 0xdf02c3a8),
+     TOBN(0xa023bf42, 0x723bbfc8), TOBN(0x3d15002a, 0x14452691),}
+    ,
+    {TOBN(0x5ef7324c, 0x85edfa30), TOBN(0x25976554, 0x87d4f3da),
+     TOBN(0x352f5bc0, 0xdcb50c86), TOBN(0x8f6927b0, 0x4832a96c),
+     TOBN(0xd08ee1ba, 0x55f2f94c), TOBN(0x6a996f99, 0x344b45fa),
+     TOBN(0xe133cb8d, 0xa8aa455d), TOBN(0x5d0721ec, 0x758dc1f7),
+     TOBN(0x6ba7a920, 0x79e5fb67), TOBN(0xe1331feb, 0x70aa725e),
+     TOBN(0x5080ccf5, 0x7df5d837), TOBN(0xe4cae01d, 0x7ff72e21),
+     TOBN(0xd9243ee6, 0x0412a77d), TOBN(0x06ff7cac, 0xdf449025),
+     TOBN(0xbe75f7cd, 0x23ef5a31), TOBN(0xbc957822, 0x0ddef7a8),
+     TOBN(0x8cf7230c, 0xb0ce1c55), TOBN(0x5b534d05, 0x0bbfb607),
+     TOBN(0xee1ef113, 0x0e16363b), TOBN(0x27e0aa7a, 0xb4999e82),
+     TOBN(0xce1dac2d, 0x79362c41), TOBN(0x67920c90, 0x91bb6cb0),
+     TOBN(0x1e648d63, 0x2223df24), TOBN(0x0f7d9eef, 0xe32e8f28),
+     TOBN(0x6943f39a, 0xfa833834), TOBN(0x22951722, 0xa6328562),
+     TOBN(0x81d63dd5, 0x4170fc10), TOBN(0x9f5fa58f, 0xaecc2e6d),
+     TOBN(0xb66c8725, 0xe77d9a3b), TOBN(0x11235cea, 0x6384ebe0),
+     TOBN(0x06a8c118, 0x5845e24a), TOBN(0x0137b286, 0xebd093b1),
+     TOBN(0xc589e1ce, 0x44ace150), TOBN(0xe0f8d3d9, 0x4381e97c),
+     TOBN(0x59e99b11, 0x62c5a4b8), TOBN(0x90d262f7, 0xfd0ec9f9),
+     TOBN(0xfbc854c9, 0x283e13c9), TOBN(0x2d04fde7, 0xaedc7085),
+     TOBN(0x057d7765, 0x47dcbecb), TOBN(0x8dbdf591, 0x9a76fa5f),
+     TOBN(0xd0150695, 0x0de1e578), TOBN(0x2e1463e7, 0xe9f72bc6),
+     TOBN(0xffa68441, 0x1b39eca5), TOBN(0x673c8530, 0x7c037f2f),
+     TOBN(0xd0d6a600, 0x747f91da), TOBN(0xb08d43e1, 0xc9cb78e9),
+     TOBN(0x0fc0c644, 0x27b5cef5), TOBN(0x5c1d160a, 0xa60a2fd6),
+     TOBN(0xf98cae53, 0x28c8e13b), TOBN(0x375f10c4, 0xb2eddcd1),
+     TOBN(0xd4eb8b7f, 0x5cce06ad), TOBN(0xb4669f45, 0x80a2e1ef),
+     TOBN(0xd593f9d0, 0x5bbd8699), TOBN(0x5528a4c9, 0xe7976d13),
+     TOBN(0x3923e095, 0x1c7e28d3), TOBN(0xb9293790, 0x3f6bb577),
+     TOBN(0xdb567d6a, 0xc42bd6d2), TOBN(0x6df86468, 0xbb1f96ae),
+     TOBN(0x0efe5b1a, 0x4843b28e), TOBN(0x961bbb05, 0x6379b240),
+     TOBN(0xb6caf5f0, 0x70a6a26b), TOBN(0x70686c0d, 0x328e6e39),
+     TOBN(0x80da06cf, 0x895fc8d3), TOBN(0x804d8810, 0xb363fdc9),
+     TOBN(0xbe22877b, 0x207f1670), TOBN(0x9b0dd188, 0x4e615291),
+     TOBN(0x625ae8dc, 0x97a3c2bf), TOBN(0x08584ef7, 0x439b86e8),
+     TOBN(0xde7190a5, 0xdcd898ff), TOBN(0x26286c40, 0x2058ee3d),
+     TOBN(0x3db0b217, 0x5f87b1c1), TOBN(0xcc334771, 0x102a6db5),
+     TOBN(0xd99de954, 0x2f770fb1), TOBN(0x97c1c620, 0x4cd7535e),
+     TOBN(0xd3b6c448, 0x3f09cefc), TOBN(0xd725af15, 0x5a63b4f8),
+     TOBN(0x0c95d24f, 0xc01e20ec), TOBN(0xdfd37494, 0x9ae7121f),
+     TOBN(0x7d6ddb72, 0xec77b7ec), TOBN(0xfe079d3b, 0x0353a4ae),
+     TOBN(0x3066e70a, 0x2e6ac8d2), TOBN(0x9c6b5a43, 0x106e5c05),
+     TOBN(0x52d3c6f5, 0xede59b8c), TOBN(0x30d6a5c3, 0xfccec9ae),
+     TOBN(0xedec7c22, 0x4fc0a9ef), TOBN(0x190ff083, 0x95c16ced),
+     TOBN(0xbe12ec8f, 0x94de0fde), TOBN(0x0d131ab8, 0x852d3433),
+     TOBN(0x42ace07e, 0x85701291), TOBN(0x94793ed9, 0x194061a8),
+     TOBN(0x30e83ed6, 0xd7f4a485), TOBN(0x9eec7269, 0xf9eeff4d),
+     TOBN(0x90acba59, 0x0c9d8005), TOBN(0x5feca458, 0x1e79b9d1),
+     TOBN(0x8fbe5427, 0x1d506a1e), TOBN(0xa32b2c8e, 0x2439cfa7),
+     TOBN(0x1671c173, 0x73dd0b4e), TOBN(0x37a28214, 0x44a054c6),
+     TOBN(0x81760a1b, 0x4e8b53f1), TOBN(0xa6c04224, 0xf9f93b9e),
+     TOBN(0x18784b34, 0xcf671e3c), TOBN(0x81bbecd2, 0xcda9b994),
+     TOBN(0x38831979, 0xb2ab3848), TOBN(0xef54feb7, 0xf2e03c2d),
+     TOBN(0xcf197ca7, 0xfb8088fa), TOBN(0x01427247, 0x4ddc96c5),
+     TOBN(0xa2d2550a, 0x30777176), TOBN(0x53469898, 0x4d0cf71d),
+     TOBN(0x6ce937b8, 0x3a2aaac6), TOBN(0xe9f91dc3, 0x5af38d9b),
+     TOBN(0x2598ad83, 0xc8bf2899), TOBN(0x8e706ac9, 0xb5536c16),
+     TOBN(0x40dc7495, 0xf688dc98), TOBN(0x26490cd7, 0x124c4afc),
+     TOBN(0xe651ec84, 0x1f18775c), TOBN(0x393ea6c3, 0xb4fdaf4a),
+     TOBN(0x1e1f3343, 0x7f338e0d), TOBN(0x39fb832b, 0x6053e7b5),
+     TOBN(0x46e702da, 0x619e14d5), TOBN(0x859cacd1, 0xcdeef6e0),
+     TOBN(0x63b99ce7, 0x4462007d), TOBN(0xb8ab48a5, 0x4cb5f5b7),
+     TOBN(0x9ec673d2, 0xf55edde7), TOBN(0xd1567f74, 0x8cfaefda),
+     TOBN(0x46381b6b, 0x0887bcec), TOBN(0x694497ce, 0xe178f3c2),
+     TOBN(0x5e6525e3, 0x1e6266cb), TOBN(0x5931de26, 0x697d6413),
+     TOBN(0x87f8df7c, 0x0e58d493), TOBN(0xb1ae5ed0, 0x58b73f12),
+     TOBN(0xc368f784, 0xdea0c34d), TOBN(0x9bd0a120, 0x859a91a0),
+     TOBN(0xb00d88b7, 0xcc863c68), TOBN(0x3a1cc11e, 0x3d1f4d65),
+     TOBN(0xea38e0e7, 0x0aa85593), TOBN(0x37f13e98, 0x7dc4aee8),
+     TOBN(0x10d38667, 0xbc947bad), TOBN(0x738e07ce, 0x2a36ee2e),
+     TOBN(0xc93470cd, 0xc577fcac), TOBN(0xdee1b616, 0x2782470d),
+     TOBN(0x36a25e67, 0x2e793d12), TOBN(0xd6aa6cae, 0xe0f186da),
+     TOBN(0x474d0fd9, 0x80e07af7), TOBN(0xf7cdc47d, 0xba8a5cd4),
+     TOBN(0x28af6d9d, 0xab15247f), TOBN(0x7c789c10, 0x493a537f),
+     TOBN(0x7ac9b110, 0x23a334e7), TOBN(0x0236ac09, 0x12c9c277),
+     TOBN(0xa7e5bd25, 0x1d7a5144), TOBN(0x098b9c2a, 0xf13ec4ec),
+     TOBN(0x3639daca, 0xd3f0abca), TOBN(0x642da81a, 0xa23960f9),
+     TOBN(0x7d2e5c05, 0x4f7269b1), TOBN(0xfcf30777, 0xe287c385),
+     TOBN(0x10edc84f, 0xf2a46f21), TOBN(0x35441757, 0x4f43fa36),
+     TOBN(0xf1327899, 0xfd703431), TOBN(0xa438d7a6, 0x16dd587a),
+     TOBN(0x65c34c57, 0xe9c8352d), TOBN(0xa728edab, 0x5cc5a24e),
+     TOBN(0xaed78abc, 0x42531689), TOBN(0x0a51a0e8, 0x010963ef),
+     TOBN(0x5776fa0a, 0xd717d9b3), TOBN(0xf356c239, 0x7dd3428b),
+     TOBN(0x29903fff, 0x8d3a3dac), TOBN(0x409597fa, 0x3d94491f),
+     TOBN(0x4cd7a5ff, 0xbf4a56a4), TOBN(0xe5096474, 0x8adab462),
+     TOBN(0xa97b5126, 0x5c3427b0), TOBN(0x6401405c, 0xd282c9bd),
+     TOBN(0x3629f8d7, 0x222c5c45), TOBN(0xb1c02c16, 0xe8d50aed),
+     TOBN(0xbea2ed75, 0xd9635bc9), TOBN(0x226790c7, 0x6e24552f),
+     TOBN(0x3c33f2a3, 0x65f1d066), TOBN(0x2a43463e, 0x6dfccc2e),
+     TOBN(0x8cc3453a, 0xdb483761), TOBN(0xe7cc6085, 0x65d5672b),
+     TOBN(0x277ed6cb, 0xde3efc87), TOBN(0x19f2f368, 0x69234eaf),
+     TOBN(0x9aaf4317, 0x5c0b800b), TOBN(0x1f1e7c89, 0x8b6da6e2),
+     TOBN(0x6cfb4715, 0xb94ec75e), TOBN(0xd590dd5f, 0x453118c2),
+     TOBN(0x14e49da1, 0x1f17a34c), TOBN(0x5420ab39, 0x235a1456),
+     TOBN(0xb7637241, 0x2f50363b), TOBN(0x7b15d623, 0xc3fabb6e),
+     TOBN(0xa0ef40b1, 0xe274e49c), TOBN(0x5cf50744, 0x96b1860a),
+     TOBN(0xd6583fbf, 0x66afe5a4), TOBN(0x44240510, 0xf47e3e9a),
+     TOBN(0x99254343, 0x11b2d595), TOBN(0xf1367499, 0xeec8df57),
+     TOBN(0x3cb12c61, 0x3e73dd05), TOBN(0xd248c033, 0x7dac102a),
+     TOBN(0xcf154f13, 0xa77739f5), TOBN(0xbf4288cb, 0x23d2af42),
+     TOBN(0xaa64c9b6, 0x32e4a1cf), TOBN(0xee8c07a8, 0xc8a208f3),
+     TOBN(0xe10d4999, 0x6fe8393f), TOBN(0x0f809a3f, 0xe91f3a32),
+     TOBN(0x61096d1c, 0x802f63c8), TOBN(0x289e1462, 0x57750d3d),
+     TOBN(0xed06167e, 0x9889feea), TOBN(0xd5c9c0e2, 0xe0993909),
+     TOBN(0x46fca0d8, 0x56508ac6), TOBN(0x91826047, 0x4f1b8e83),
+     TOBN(0x4f2c877a, 0x9a4a2751), TOBN(0x71bd0072, 0xcae6fead),
+     TOBN(0x38df8dcc, 0x06aa1941), TOBN(0x5a074b4c, 0x63beeaa8),
+     TOBN(0xd6d65934, 0xc1cec8ed), TOBN(0xa6ecb49e, 0xaabc03bd),
+     TOBN(0xaade91c2, 0xde8a8415), TOBN(0xcfb0efdf, 0x691136e0),
+     TOBN(0x11af45ee, 0x23ab3495), TOBN(0xa132df88, 0x0b77463d),
+     TOBN(0x8923c15c, 0x815d06f4), TOBN(0xc3ceb3f5, 0x0d61a436),
+     TOBN(0xaf52291d, 0xe88fb1da), TOBN(0xea057974, 0x1da12179),
+     TOBN(0xb0d7218c, 0xd2fef720), TOBN(0x6c0899c9, 0x8e1d8845),
+     TOBN(0x98157504, 0x752ddad7), TOBN(0xd60bd74f, 0xa1a68a97),
+     TOBN(0x7047a3a9, 0xf658fb99), TOBN(0x1f5d86d6, 0x5f8511e4),
+     TOBN(0xb8a4bc42, 0x4b5a6d88), TOBN(0x69eb2c33, 0x1abefa7d),
+     TOBN(0x95bf39e8, 0x13c9c510), TOBN(0xf571960a, 0xd48aab43),
+     TOBN(0x7e8cfbcf, 0x704e23c6), TOBN(0xc71b7d22, 0x28aaa65b),
+     TOBN(0xa041b2bd, 0x245e3c83), TOBN(0x69b98834, 0xd21854ff),
+     TOBN(0x89d227a3, 0x963bfeec), TOBN(0x99947aaa, 0xde7da7cb),
+     TOBN(0x1d9ee9db, 0xee68a9b1), TOBN(0x0a08f003, 0x698ec368),
+     TOBN(0xe9ea4094, 0x78ef2487), TOBN(0xc8d2d415, 0x02cfec26),
+     TOBN(0xc52f9a6e, 0xb7dcf328), TOBN(0x0ed489e3, 0x85b6a937),
+     TOBN(0x9b94986b, 0xbef3366e), TOBN(0x0de59c70, 0xedddddb8),
+     TOBN(0xffdb748c, 0xeadddbe2), TOBN(0x9b9784bb, 0x8266ea40),
+     TOBN(0x142b5502, 0x1a93507a), TOBN(0xb4cd1187, 0x8d3c06cf),
+     TOBN(0xdf70e76a, 0x91ec3f40), TOBN(0x484e81ad, 0x4e7553c2),
+     TOBN(0x830f87b5, 0x272e9d6e), TOBN(0xea1c93e5, 0xc6ff514a),
+     TOBN(0x67cc2adc, 0xc4192a8e), TOBN(0xc77e27e2, 0x42f4535a),
+     TOBN(0x9cdbab36, 0xd2b713c5), TOBN(0x86274ea0, 0xcf7b0cd3),
+     TOBN(0x784680f3, 0x09af826b), TOBN(0xbfcc837a, 0x0c72dea3),
+     TOBN(0xa8bdfe9d, 0xd6529b73), TOBN(0x708aa228, 0x63a88002),
+     TOBN(0x6c7a9a54, 0xc91d45b9), TOBN(0xdf1a38bb, 0xfd004f56),
+     TOBN(0x2e8c9a26, 0xb8bad853), TOBN(0x2d52cea3, 0x3723eae7),
+     TOBN(0x054d6d81, 0x56ca2830), TOBN(0xa3317d14, 0x9a8dc411),
+     TOBN(0xa08662fe, 0xfd4ddeda), TOBN(0xed2a153a, 0xb55d792b),
+     TOBN(0x7035c16a, 0xbfc6e944), TOBN(0xb6bc5834, 0x00171cf3),
+     TOBN(0xe27152b3, 0x83d102b6), TOBN(0xfe695a47, 0x0646b848),
+     TOBN(0xa5bb09d8, 0x916e6d37), TOBN(0xb4269d64, 0x0d17015e),
+     TOBN(0x8d8156a1, 0x0a1d2285), TOBN(0xfeef6c51, 0x46d26d72),
+     TOBN(0x9dac57c8, 0x4c5434a7), TOBN(0x0282e5be, 0x59d39e31),
+     TOBN(0xedfff181, 0x721c486d), TOBN(0x301baf10, 0xbc58824e),
+     TOBN(0x8136a6aa, 0x00570031), TOBN(0x55aaf78c, 0x1cddde68),
+     TOBN(0x26829371, 0x59c63952), TOBN(0x3a3bd274, 0x8bc25baf),
+     TOBN(0xecdf8657, 0xb7e52dc3), TOBN(0x2dd8c087, 0xfd78e6c8),
+     TOBN(0x20553274, 0xf5531461), TOBN(0x8b4a1281, 0x5d95499b),
+     TOBN(0xe2c8763a, 0x1a80f9d2), TOBN(0xd1dbe32b, 0x4ddec758),
+     TOBN(0xaf12210d, 0x30c34169), TOBN(0xba74a953, 0x78baa533),
+     TOBN(0x3d133c6e, 0xa438f254), TOBN(0xa431531a, 0x201bef5b),
+     TOBN(0x15295e22, 0xf669d7ec), TOBN(0xca374f64, 0x357fb515),
+     TOBN(0x8a8406ff, 0xeaa3fdb3), TOBN(0x106ae448, 0xdf3f2da8),
+     TOBN(0x8f9b0a90, 0x33c8e9a1), TOBN(0x234645e2, 0x71ad5885),
+     TOBN(0x3d083224, 0x1c0aed14), TOBN(0xf10a7d3e, 0x7a942d46),
+     TOBN(0x7c11deee, 0x40d5c9be), TOBN(0xb2bae7ff, 0xba84ed98),
+     TOBN(0x93e97139, 0xaad58ddd), TOBN(0x3d872796, 0x3f6d1fa3),
+     TOBN(0x483aca81, 0x8569ff13), TOBN(0x8b89a5fb, 0x9a600f72),
+     TOBN(0x4cbc27c3, 0xc06f2b86), TOBN(0x22130713, 0x63ad9c0b),
+     TOBN(0xb5358b1e, 0x48ac2840), TOBN(0x18311294, 0xecba9477),
+     TOBN(0xda58f990, 0xa6946b43), TOBN(0x3098baf9, 0x9ab41819),
+     TOBN(0x66c4c158, 0x4198da52), TOBN(0xab4fc17c, 0x146bfd1b),
+     TOBN(0x2f0a4c3c, 0xbf36a908), TOBN(0x2ae9e34b, 0x58cf7838),
+     TOBN(0xf411529e, 0x3fa11b1f), TOBN(0x21e43677, 0x974af2b4),
+     TOBN(0x7c20958e, 0xc230793b), TOBN(0x710ea885, 0x16e840f3),
+     TOBN(0xfc0b21fc, 0xc5dc67cf), TOBN(0x08d51647, 0x88405718),
+     TOBN(0xd955c21f, 0xcfe49eb7), TOBN(0x9722a5d5, 0x56dd4a1f),
+     TOBN(0xc9ef50e2, 0xc861baa5), TOBN(0xc0c21a5d, 0x9505ac3e),
+     TOBN(0xaf6b9a33, 0x8b7c063f), TOBN(0xc6370339, 0x2f4779c1),
+     TOBN(0x22df99c7, 0x638167c3), TOBN(0xfe6ffe76, 0x795db30c),
+     TOBN(0x2b822d33, 0xa4854989), TOBN(0xfef031dd, 0x30563aa5),
+     TOBN(0x16b09f82, 0xd57c667f), TOBN(0xc70312ce, 0xcc0b76f1),
+     TOBN(0xbf04a9e6, 0xc9118aec), TOBN(0x82fcb419, 0x3409d133),
+     TOBN(0x1a8ab385, 0xab45d44d), TOBN(0xfba07222, 0x617b83a3),
+     TOBN(0xb05f50dd, 0x58e81b52), TOBN(0x1d8db553, 0x21ce5aff),
+     TOBN(0x3097b8d4, 0xe344a873), TOBN(0x7d8d116d, 0xfe36d53e),
+     TOBN(0x6db22f58, 0x7875e750), TOBN(0x2dc5e373, 0x43e144ea),
+     TOBN(0xc05f32e6, 0xe799eb95), TOBN(0xe9e5f4df, 0x6899e6ec),
+     TOBN(0xbdc3bd68, 0x1fab23d5), TOBN(0xb72b8ab7, 0x73af60e6),
+     TOBN(0x8db27ae0, 0x2cecc84a), TOBN(0x600016d8, 0x7bdb871c),
+     TOBN(0x42a44b13, 0xd7c46f58), TOBN(0xb8919727, 0xc3a77d39),
+     TOBN(0xcfc6bbbd, 0xdafd6088), TOBN(0x1a740146, 0x6bd20d39),
+     TOBN(0x8c747abd, 0x98c41072), TOBN(0x4c91e765, 0xbdf68ea1),
+     TOBN(0x7c95e5ca, 0x08819a78), TOBN(0xcf48b729, 0xc9587921),
+     TOBN(0x091c7c5f, 0xdebbcc7d), TOBN(0x6f287404, 0xf0e05149),
+     TOBN(0xf83b5ac2, 0x26cd44ec), TOBN(0x88ae32a6, 0xcfea250e),
+     TOBN(0x6ac5047a, 0x1d06ebc5), TOBN(0xc7e550b4, 0xd434f781),
+     TOBN(0x61ab1cf2, 0x5c727bd2), TOBN(0x2e4badb1, 0x1cf915b0),
+     TOBN(0x1b4dadec, 0xf69d3920), TOBN(0xe61b1ca6, 0xf14c1dfe),
+     TOBN(0x90b479cc, 0xbd6bd51f), TOBN(0x8024e401, 0x8045ec30),
+     TOBN(0xcab29ca3, 0x25ef0e62), TOBN(0x4f2e9416, 0x49e4ebc0),
+     TOBN(0x45eb40ec, 0x0ccced58), TOBN(0x25cd4b9c, 0x0da44f98),
+     TOBN(0x43e06458, 0x871812c6), TOBN(0x99f80d55, 0x16cef651),
+     TOBN(0x571340c9, 0xce6dc153), TOBN(0x138d5117, 0xd8665521),
+     TOBN(0xacdb45bc, 0x4e07014d), TOBN(0x2f34bb38, 0x84b60b91),
+     TOBN(0xf44a4fd2, 0x2ae8921e), TOBN(0xb039288e, 0x892ba1e2),
+     TOBN(0x9da50174, 0xb1c180b2), TOBN(0x6b70ab66, 0x1693dc87),
+     TOBN(0x7e9babc9, 0xe7057481), TOBN(0x4581ddef, 0x9c80dc41),
+     TOBN(0x0c890da9, 0x51294682), TOBN(0x0b5629d3, 0x3f4736e5),
+     TOBN(0x2340c79e, 0xb06f5b41), TOBN(0xa42e84ce, 0x4e243469),
+     TOBN(0xf9a20135, 0x045a71a9), TOBN(0xefbfb415, 0xd27b6fb6),
+     TOBN(0x25ebea23, 0x9d33cd6f), TOBN(0x9caedb88, 0xaa6c0af8),
+     TOBN(0x53dc7e9a, 0xd9ce6f96), TOBN(0x3897f9fd, 0x51e0b15a),
+     TOBN(0xf51cb1f8, 0x8e5d788e), TOBN(0x1aec7ba8, 0xe1d490ee),
+     TOBN(0x265991e0, 0xcc58cb3c), TOBN(0x9f306e8c, 0x9fc3ad31),
+     TOBN(0x5fed006e, 0x5040a0ac), TOBN(0xca9d5043, 0xfb476f2e),
+     TOBN(0xa19c06e8, 0xbeea7a23), TOBN(0xd2865801, 0x0edabb63),
+     TOBN(0xdb92293f, 0x6967469a), TOBN(0x2894d839, 0x8d8a8ed8),
+     TOBN(0x87c9e406, 0xbbc77122), TOBN(0x8671c6f1, 0x2ea3a26a),
+     TOBN(0xe42df8d6, 0xd7de9853), TOBN(0x2e3ce346, 0xb1f2bcc7),
+     TOBN(0xda601dfc, 0x899d50cf), TOBN(0xbfc913de, 0xfb1b598f),
+     TOBN(0x81c4909f, 0xe61f7908), TOBN(0x192e304f, 0x9bbc7b29),
+     TOBN(0xc3ed8738, 0xc104b338), TOBN(0xedbe9e47, 0x783f5d61),
+     TOBN(0x0c06e9be, 0x2db30660), TOBN(0xda3e613f, 0xc0eb7d8e),
+     TOBN(0xd8fa3e97, 0x322e096e), TOBN(0xfebd91e8, 0xd336e247),
+     TOBN(0x8f13ccc4, 0xdf655a49), TOBN(0xa9e00dfc, 0x5eb20210),
+     TOBN(0x84631d0f, 0xc656b6ea), TOBN(0x93a058cd, 0xd8c0d947),
+     TOBN(0x6846904a, 0x67bd3448), TOBN(0x4a3d4e1a, 0xf394fd5c),
+     TOBN(0xc102c1a5, 0xdb225f52), TOBN(0xe3455bba, 0xfc4f5e9a),
+     TOBN(0x6b36985b, 0x4b9ad1ce), TOBN(0xa9818536, 0x5bb7f793),
+     TOBN(0x6c25e1d0, 0x48b1a416), TOBN(0x1381dd53, 0x3c81bee7),
+     TOBN(0xd2a30d61, 0x7a4a7620), TOBN(0xc8412926, 0x39b8944c),
+     TOBN(0x3c1c6fbe, 0x7a97c33a), TOBN(0x941e541d, 0x938664e7),
+     TOBN(0x417499e8, 0x4a34f239), TOBN(0x15fdb83c, 0xb90402d5),
+     TOBN(0xb75f46bf, 0x433aa832), TOBN(0xb61e15af, 0x63215db1),
+     TOBN(0xaabe59d4, 0xa127f89a), TOBN(0x5d541e0c, 0x07e816da),
+     TOBN(0xaaba0659, 0xa618b692), TOBN(0x55327733, 0x17266026),
+     TOBN(0xaf53a0fc, 0x95f57552), TOBN(0x32947650, 0x6cacb0c9),
+     TOBN(0x253ff58d, 0xc821be01), TOBN(0xb0309531, 0xa06f1146),
+     TOBN(0x59bbbdf5, 0x05c2e54d), TOBN(0x158f27ad, 0x26e8dd22),
+     TOBN(0xcc5b7ffb, 0x397e1e53), TOBN(0xae03f65b, 0x7fc1e50d),
+     TOBN(0xa9784ebd, 0x9c95f0f9), TOBN(0x5ed9deb2, 0x24640771),
+     TOBN(0x31244af7, 0x035561c4), TOBN(0x87332f3a, 0x7ee857de),
+     TOBN(0x09e16e9e, 0x2b9e0d88), TOBN(0x52d910f4, 0x56a06049),
+     TOBN(0x507ed477, 0xa9592f48), TOBN(0x85cb917b, 0x2365d678),
+     TOBN(0xf8511c93, 0x4c8998d1), TOBN(0x2186a3f1, 0x730ea58f),
+     TOBN(0x50189626, 0xb2029db0), TOBN(0x9137a6d9, 0x02ceb75a),
+     TOBN(0x2fe17f37, 0x748bc82c), TOBN(0x87c2e931, 0x80469f8c),
+     TOBN(0x850f71cd, 0xbf891aa2), TOBN(0x0ca1b89b, 0x75ec3d8d),
+     TOBN(0x516c43aa, 0x5e1cd3cd), TOBN(0x89397808, 0x9a887c28),
+     TOBN(0x0059c699, 0xddea1f9f), TOBN(0x7737d6fa, 0x8e6868f7),
+     TOBN(0x6d93746a, 0x60f1524b), TOBN(0x36985e55, 0xba052aa7),
+     TOBN(0x41b1d322, 0xed923ea5), TOBN(0x3429759f, 0x25852a11),
+     TOBN(0xbeca6ec3, 0x092e9f41), TOBN(0x3a238c66, 0x62256bbd),
+     TOBN(0xd82958ea, 0x70ad487d), TOBN(0x4ac8aaf9, 0x65610d93),
+     TOBN(0x3fa101b1, 0x5e4ccab0), TOBN(0x9bf430f2, 0x9de14bfb),
+     TOBN(0xa10f5cc6, 0x6531899d), TOBN(0x590005fb, 0xea8ce17d),
+     TOBN(0xc437912f, 0x24544cb6), TOBN(0x9987b71a, 0xd79ac2e3),
+     TOBN(0x13e3d9dd, 0xc058a212), TOBN(0x00075aac, 0xd2de9606),
+     TOBN(0x80ab508b, 0x6cac8369), TOBN(0x87842be7, 0xf54f6c89),
+     TOBN(0xa7ad663d, 0x6bc532a4), TOBN(0x67813de7, 0x78a91bc8),
+     TOBN(0x5dcb61ce, 0xc3427239), TOBN(0x5f3c7cf0, 0xc56934d9),
+     TOBN(0xc079e0fb, 0xe3191591), TOBN(0xe40896bd, 0xb01aada7),
+     TOBN(0x8d466791, 0x0492d25f), TOBN(0x8aeb30c9, 0xe7408276),
+     TOBN(0xe9437495, 0x9287aacc), TOBN(0x23d4708d, 0x79fe03d4),
+     TOBN(0x8cda9cf2, 0xd0c05199), TOBN(0x502fbc22, 0xfae78454),
+     TOBN(0xc0bda9df, 0xf572a182), TOBN(0x5f9b71b8, 0x6158b372),
+     TOBN(0xe0f33a59, 0x2b82dd07), TOBN(0x76302735, 0x9523032e),
+     TOBN(0x7fe1a721, 0xc4505a32), TOBN(0x7b6e3e82, 0xf796409f),}
+    ,
+    {TOBN(0xe3417bc0, 0x35d0b34a), TOBN(0x440b386b, 0x8327c0a7),
+     TOBN(0x8fb7262d, 0xac0362d1), TOBN(0x2c41114c, 0xe0cdf943),
+     TOBN(0x2ba5cef1, 0xad95a0b1), TOBN(0xc09b37a8, 0x67d54362),
+     TOBN(0x26d6cdd2, 0x01e486c9), TOBN(0x20477abf, 0x42ff9297),
+     TOBN(0xa004dcb3, 0x292a9287), TOBN(0xddc15cf6, 0x77b092c7),
+     TOBN(0x083a8464, 0x806c0605), TOBN(0x4a68df70, 0x3db997b0),
+     TOBN(0x9c134e45, 0x05bf7dd0), TOBN(0xa4e63d39, 0x8ccf7f8c),
+     TOBN(0xa6e6517f, 0x41b5f8af), TOBN(0xaa8b9342, 0xad7bc1cc),
+     TOBN(0x126f35b5, 0x1e706ad9), TOBN(0xb99cebb4, 0xc3a9ebdf),
+     TOBN(0xa75389af, 0xbf608d90), TOBN(0x76113c4f, 0xc6c89858),
+     TOBN(0x80de8eb0, 0x97e2b5aa), TOBN(0x7e1022cc, 0x63b91304),
+     TOBN(0x3bdab605, 0x6ccc066c), TOBN(0x33cbb144, 0xb2edf900),
+     TOBN(0xc4176471, 0x7af715d2), TOBN(0xe2f7f594, 0xd0134a96),
+     TOBN(0x2c1873ef, 0xa41ec956), TOBN(0xe4e7b4f6, 0x77821304),
+     TOBN(0xe5c8ff97, 0x88d5374a), TOBN(0x2b915e63, 0x80823d5b),
+     TOBN(0xea6bc755, 0xb2ee8fe2), TOBN(0x6657624c, 0xe7112651),
+     TOBN(0x157af101, 0xdace5aca), TOBN(0xc4fdbcf2, 0x11a6a267),
+     TOBN(0xdaddf340, 0xc49c8609), TOBN(0x97e49f52, 0xe9604a65),
+     TOBN(0x9be8e790, 0x937e2ad5), TOBN(0x846e2508, 0x326e17f1),
+     TOBN(0x3f38007a, 0x0bbbc0dc), TOBN(0xcf03603f, 0xb11e16d6),
+     TOBN(0xd6f800e0, 0x7442f1d5), TOBN(0x475607d1, 0x66e0e3ab),
+     TOBN(0x82807f16, 0xb7c64047), TOBN(0x8858e1e3, 0xa749883d),
+     TOBN(0x5859120b, 0x8231ee10), TOBN(0x1b80e7eb, 0x638a1ece),
+     TOBN(0xcb72525a, 0xc6aa73a4), TOBN(0xa7cdea3d, 0x844423ac),
+     TOBN(0x5ed0c007, 0xf8ae7c38), TOBN(0x6db07a5c, 0x3d740192),
+     TOBN(0xbe5e9c2a, 0x5fe36db3), TOBN(0xd5b9d57a, 0x76e95046),
+     TOBN(0x54ac32e7, 0x8eba20f2), TOBN(0xef11ca8f, 0x71b9a352),
+     TOBN(0x305e373e, 0xff98a658), TOBN(0xffe5a100, 0x823eb667),
+     TOBN(0x57477b11, 0xe51732d2), TOBN(0xdfd6eb28, 0x2538fc0e),
+     TOBN(0x5c43b0cc, 0x3b39eec5), TOBN(0x6af12778, 0xcb36cc57),
+     TOBN(0x70b0852d, 0x06c425ae), TOBN(0x6df92f8c, 0x5c221b9b),
+     TOBN(0x6c8d4f9e, 0xce826d9c), TOBN(0xf59aba7b, 0xb49359c3),
+     TOBN(0x5c8ed8d5, 0xda64309d), TOBN(0x61a6de56, 0x91b30704),
+     TOBN(0xd6b52f6a, 0x2f9b5808), TOBN(0x0eee4194, 0x98c958a7),
+     TOBN(0xcddd9aab, 0x771e4caa), TOBN(0x83965dfd, 0x78bc21be),
+     TOBN(0x02affce3, 0xb3b504f5), TOBN(0x30847a21, 0x561c8291),
+     TOBN(0xd2eb2cf1, 0x52bfda05), TOBN(0xe0e4c4e9, 0x6197b98c),
+     TOBN(0x1d35076c, 0xf8a1726f), TOBN(0x6c06085b, 0x2db11e3d),
+     TOBN(0x15c0c4d7, 0x4463ba14), TOBN(0x9d292f83, 0x0030238c),
+     TOBN(0x1311ee8b, 0x3727536d), TOBN(0xfeea86ef, 0xbeaedc1e),
+     TOBN(0xb9d18cd3, 0x66131e2e), TOBN(0xf31d974f, 0x80fe2682),
+     TOBN(0xb6e49e0f, 0xe4160289), TOBN(0x7c48ec0b, 0x08e92799),
+     TOBN(0x818111d8, 0xd1989aa7), TOBN(0xb34fa0aa, 0xebf926f9),
+     TOBN(0xdb5fe2f5, 0xa245474a), TOBN(0xf80a6ebb, 0x3c7ca756),
+     TOBN(0xa7f96054, 0xafa05dd8), TOBN(0x26dfcf21, 0xfcaf119e),
+     TOBN(0xe20ef2e3, 0x0564bb59), TOBN(0xef4dca50, 0x61cb02b8),
+     TOBN(0xcda7838a, 0x65d30672), TOBN(0x8b08d534, 0xfd657e86),
+     TOBN(0x4c5b4395, 0x46d595c8), TOBN(0x39b58725, 0x425cb836),
+     TOBN(0x8ea61059, 0x3de9abe3), TOBN(0x40434881, 0x9cdc03be),
+     TOBN(0x9b261245, 0xcfedce8c), TOBN(0x78c318b4, 0xcf5234a1),
+     TOBN(0x510bcf16, 0xfde24c99), TOBN(0x2a77cb75, 0xa2c2ff5d),
+     TOBN(0x9c895c2b, 0x27960fb4), TOBN(0xd30ce975, 0xb0eda42b),
+     TOBN(0xfda85393, 0x1a62cc26), TOBN(0x23c69b96, 0x50c0e052),
+     TOBN(0xa227df15, 0xbfc633f3), TOBN(0x2ac78848, 0x1bae7d48),
+     TOBN(0x487878f9, 0x187d073d), TOBN(0x6c2be919, 0x967f807d),
+     TOBN(0x765861d8, 0x336e6d8f), TOBN(0x88b8974c, 0xce528a43),
+     TOBN(0x09521177, 0xff57d051), TOBN(0x2ff38037, 0xfb6a1961),
+     TOBN(0xfc0aba74, 0xa3d76ad4), TOBN(0x7c764803, 0x25a7ec17),
+     TOBN(0x7532d75f, 0x48879bc8), TOBN(0xea7eacc0, 0x58ce6bc1),
+     TOBN(0xc82176b4, 0x8e896c16), TOBN(0x9a30e0b2, 0x2c750fed),
+     TOBN(0xc37e2c2e, 0x421d3aa4), TOBN(0xf926407c, 0xe84fa840),
+     TOBN(0x18abc03d, 0x1454e41c), TOBN(0x26605ecd, 0x3f7af644),
+     TOBN(0x242341a6, 0xd6a5eabf), TOBN(0x1edb84f4, 0x216b668e),
+     TOBN(0xd836edb8, 0x04010102), TOBN(0x5b337ce7, 0x945e1d8c),
+     TOBN(0xd2075c77, 0xc055dc14), TOBN(0x2a0ffa25, 0x81d89cdf),
+     TOBN(0x8ce815ea, 0x6ffdcbaf), TOBN(0xa3428878, 0xfb648867),
+     TOBN(0x277699cf, 0x884655fb), TOBN(0xfa5b5bd6, 0x364d3e41),
+     TOBN(0x01f680c6, 0x441e1cb7), TOBN(0x3fd61e66, 0xb70a7d67),
+     TOBN(0x666ba2dc, 0xcc78cf66), TOBN(0xb3018174, 0x6fdbff77),
+     TOBN(0x8d4dd0db, 0x168d4668), TOBN(0x259455d0, 0x1dab3a2a),
+     TOBN(0xf58564c5, 0xcde3acec), TOBN(0x77141925, 0x13adb276),
+     TOBN(0x527d725d, 0x8a303f65), TOBN(0x55deb6c9, 0xe6f38f7b),
+     TOBN(0xfd5bb657, 0xb1fa70fb), TOBN(0xfa07f50f, 0xd8073a00),
+     TOBN(0xf72e3aa7, 0xbca02500), TOBN(0xf68f895d, 0x9975740d),
+     TOBN(0x30112060, 0x5cae2a6a), TOBN(0x01bd7218, 0x02874842),
+     TOBN(0x3d423891, 0x7ce47bd3), TOBN(0xa66663c1, 0x789544f6),
+     TOBN(0x864d05d7, 0x3272d838), TOBN(0xe22924f9, 0xfa6295c5),
+     TOBN(0x8189593f, 0x6c2fda32), TOBN(0x330d7189, 0xb184b544),
+     TOBN(0x79efa62c, 0xbde1f714), TOBN(0x35771c94, 0xe5cb1a63),
+     TOBN(0x2f4826b8, 0x641c8332), TOBN(0x00a894fb, 0xc8cee854),
+     TOBN(0xb4b9a39b, 0x36194d40), TOBN(0xe857a7c5, 0x77612601),
+     TOBN(0xf4209dd2, 0x4ecf2f58), TOBN(0x82b9e66d, 0x5a033487),
+     TOBN(0xc1e36934, 0xe4e8b9dd), TOBN(0xd2372c9d, 0xa42377d7),
+     TOBN(0x51dc94c7, 0x0e3ae43b), TOBN(0x4c57761e, 0x04474f6f),
+     TOBN(0xdcdacd0a, 0x1058a318), TOBN(0x369cf3f5, 0x78053a9a),
+     TOBN(0xc6c3de50, 0x31c68de2), TOBN(0x4653a576, 0x3c4b6d9f),
+     TOBN(0x1688dd5a, 0xaa4e5c97), TOBN(0x5be80aa1, 0xb7ab3c74),
+     TOBN(0x70cefe7c, 0xbc65c283), TOBN(0x57f95f13, 0x06867091),
+     TOBN(0xa39114e2, 0x4415503b), TOBN(0xc08ff7c6, 0x4cbb17e9),
+     TOBN(0x1eff674d, 0xd7dec966), TOBN(0x6d4690af, 0x53376f63),
+     TOBN(0xff6fe32e, 0xea74237b), TOBN(0xc436d17e, 0xcd57508e),
+     TOBN(0x15aa28e1, 0xedcc40fe), TOBN(0x0d769c04, 0x581bbb44),
+     TOBN(0xc240b6de, 0x34eaacda), TOBN(0xd9e116e8, 0x2ba0f1de),
+     TOBN(0xcbe45ec7, 0x79438e55), TOBN(0x91787c9d, 0x96f752d7),
+     TOBN(0x897f532b, 0xf129ac2f), TOBN(0xd307b7c8, 0x5a36e22c),
+     TOBN(0x91940675, 0x749fb8f3), TOBN(0xd14f95d0, 0x157fdb28),
+     TOBN(0xfe51d029, 0x6ae55043), TOBN(0x8931e98f, 0x44a87de1),
+     TOBN(0xe57f1cc6, 0x09e4fee2), TOBN(0x0d063b67, 0x4e072d92),
+     TOBN(0x70a998b9, 0xed0e4316), TOBN(0xe74a736b, 0x306aca46),
+     TOBN(0xecf0fbf2, 0x4fda97c7), TOBN(0xa40f65cb, 0x3e178d93),
+     TOBN(0x16253604, 0x16df4285), TOBN(0xb0c9babb, 0xd0c56ae2),
+     TOBN(0x73032b19, 0xcfc5cfc3), TOBN(0xe497e5c3, 0x09752056),
+     TOBN(0x12096bb4, 0x164bda96), TOBN(0x1ee42419, 0xa0b74da1),
+     TOBN(0x8fc36243, 0x403826ba), TOBN(0x0c8f0069, 0xdc09e660),
+     TOBN(0x8667e981, 0xc27253c9), TOBN(0x05a6aefb, 0x92b36a45),
+     TOBN(0xa62c4b36, 0x9cb7bb46), TOBN(0x8394f375, 0x11f7027b),
+     TOBN(0x747bc79c, 0x5f109d0f), TOBN(0xcad88a76, 0x5b8cc60a),
+     TOBN(0x80c5a66b, 0x58f09e68), TOBN(0xe753d451, 0xf6127eac),
+     TOBN(0xc44b74a1, 0x5b0ec6f5), TOBN(0x47989fe4, 0x5289b2b8),
+     TOBN(0x745f8484, 0x58d6fc73), TOBN(0xec362a6f, 0xf61c70ab),
+     TOBN(0x070c98a7, 0xb3a8ad41), TOBN(0x73a20fc0, 0x7b63db51),
+     TOBN(0xed2c2173, 0xf44c35f4), TOBN(0x8a56149d, 0x9acc9dca),
+     TOBN(0x98f17881, 0x9ac6e0f4), TOBN(0x360fdeaf, 0xa413b5ed),
+     TOBN(0x0625b8f4, 0xa300b0fd), TOBN(0xf1f4d76a, 0x5b3222d3),
+     TOBN(0x9d6f5109, 0x587f76b8), TOBN(0x8b4ee08d, 0x2317fdb5),
+     TOBN(0x88089bb7, 0x8c68b095), TOBN(0x95570e9a, 0x5808d9b9),
+     TOBN(0xa395c36f, 0x35d33ae7), TOBN(0x200ea123, 0x50bb5a94),
+     TOBN(0x20c789bd, 0x0bafe84b), TOBN(0x243ef52d, 0x0919276a),
+     TOBN(0x3934c577, 0xe23ae233), TOBN(0xb93807af, 0xa460d1ec),
+     TOBN(0xb72a53b1, 0xf8fa76a4), TOBN(0xd8914cb0, 0xc3ca4491),
+     TOBN(0x2e128494, 0x3fb42622), TOBN(0x3b2700ac, 0x500907d5),
+     TOBN(0xf370fb09, 0x1a95ec63), TOBN(0xf8f30be2, 0x31b6dfbd),
+     TOBN(0xf2b2f8d2, 0x69e55f15), TOBN(0x1fead851, 0xcc1323e9),
+     TOBN(0xfa366010, 0xd9e5eef6), TOBN(0x64d487b0, 0xe316107e),
+     TOBN(0x4c076b86, 0xd23ddc82), TOBN(0x03fd344c, 0x7e0143f0),
+     TOBN(0xa95362ff, 0x317af2c5), TOBN(0x0add3db7, 0xe18b7a4f),
+     TOBN(0x9c673e3f, 0x8260e01b), TOBN(0xfbeb49e5, 0x54a1cc91),
+     TOBN(0x91351bf2, 0x92f2e433), TOBN(0xc755e7ec, 0x851141eb),
+     TOBN(0xc9a95139, 0x29607745), TOBN(0x0ca07420, 0xa26f2b28),
+     TOBN(0xcb2790e7, 0x4bc6f9dd), TOBN(0x345bbb58, 0xadcaffc0),
+     TOBN(0xc65ea38c, 0xbe0f27a2), TOBN(0x67c24d7c, 0x641fcb56),
+     TOBN(0x2c25f0a7, 0xa9e2c757), TOBN(0x93f5cdb0, 0x16f16c49),
+     TOBN(0x2ca5a9d7, 0xc5ee30a1), TOBN(0xd1593635, 0xb909b729),
+     TOBN(0x804ce9f3, 0xdadeff48), TOBN(0xec464751, 0xb07c30c3),
+     TOBN(0x89d65ff3, 0x9e49af6a), TOBN(0xf2d6238a, 0x6f3d01bc),
+     TOBN(0x1095561e, 0x0bced843), TOBN(0x51789e12, 0xc8a13fd8),
+     TOBN(0xd633f929, 0x763231df), TOBN(0x46df9f7d, 0xe7cbddef),
+     TOBN(0x01c889c0, 0xcb265da8), TOBN(0xfce1ad10, 0xaf4336d2),
+     TOBN(0x8d110df6, 0xfc6a0a7e), TOBN(0xdd431b98, 0x6da425dc),
+     TOBN(0xcdc4aeab, 0x1834aabe), TOBN(0x84deb124, 0x8439b7fc),
+     TOBN(0x8796f169, 0x3c2a5998), TOBN(0x9b9247b4, 0x7947190d),
+     TOBN(0x55b9d9a5, 0x11597014), TOBN(0x7e9dd70d, 0x7b1566ee),
+     TOBN(0x94ad78f7, 0xcbcd5e64), TOBN(0x0359ac17, 0x9bd4c032),
+     TOBN(0x3b11baaf, 0x7cc222ae), TOBN(0xa6a6e284, 0xba78e812),
+     TOBN(0x8392053f, 0x24cea1a0), TOBN(0xc97bce4a, 0x33621491),
+     TOBN(0x7eb1db34, 0x35399ee9), TOBN(0x473f78ef, 0xece81ad1),
+     TOBN(0x41d72fe0, 0xf63d3d0d), TOBN(0xe620b880, 0xafab62fc),
+     TOBN(0x92096bc9, 0x93158383), TOBN(0x41a21357, 0x8f896f6c),
+     TOBN(0x1b5ee2fa, 0xc7dcfcab), TOBN(0x650acfde, 0x9546e007),
+     TOBN(0xc081b749, 0xb1b02e07), TOBN(0xda9e41a0, 0xf9eca03d),
+     TOBN(0x013ba727, 0x175a54ab), TOBN(0xca0cd190, 0xea5d8d10),
+     TOBN(0x85ea52c0, 0x95fd96a9), TOBN(0x2c591b9f, 0xbc5c3940),
+     TOBN(0x6fb4d4e4, 0x2bad4d5f), TOBN(0xfa4c3590, 0xfef0059b),
+     TOBN(0x6a10218a, 0xf5122294), TOBN(0x9a78a81a, 0xa85751d1),
+     TOBN(0x04f20579, 0xa98e84e7), TOBN(0xfe1242c0, 0x4997e5b5),
+     TOBN(0xe77a273b, 0xca21e1e4), TOBN(0xfcc8b1ef, 0x9411939d),
+     TOBN(0xe20ea302, 0x92d0487a), TOBN(0x1442dbec, 0x294b91fe),
+     TOBN(0x1f7a4afe, 0xbb6b0e8f), TOBN(0x1700ef74, 0x6889c318),
+     TOBN(0xf5bbffc3, 0x70f1fc62), TOBN(0x3b31d4b6, 0x69c79cca),
+     TOBN(0xe8bc2aab, 0xa7f6340d), TOBN(0xb0b08ab4, 0xa725e10a),
+     TOBN(0x44f05701, 0xae340050), TOBN(0xba4b3016, 0x1cf0c569),
+     TOBN(0x5aa29f83, 0xfbe19a51), TOBN(0x1b9ed428, 0xb71d752e),
+     TOBN(0x1666e54e, 0xeb4819f5), TOBN(0x616cdfed, 0x9e18b75b),
+     TOBN(0x112ed5be, 0x3ee27b0b), TOBN(0xfbf28319, 0x44c7de4d),
+     TOBN(0xd685ec85, 0xe0e60d84), TOBN(0x68037e30, 0x1db7ee78),
+     TOBN(0x5b65bdcd, 0x003c4d6e), TOBN(0x33e7363a, 0x93e29a6a),
+     TOBN(0x995b3a61, 0x08d0756c), TOBN(0xd727f85c, 0x2faf134b),
+     TOBN(0xfac6edf7, 0x1d337823), TOBN(0x99b9aa50, 0x0439b8b4),
+     TOBN(0x722eb104, 0xe2b4e075), TOBN(0x49987295, 0x437c4926),
+     TOBN(0xb1e4c0e4, 0x46a9b82d), TOBN(0xd0cb3197, 0x57a006f5),
+     TOBN(0xf3de0f7d, 0xd7808c56), TOBN(0xb5c54d8f, 0x51f89772),
+     TOBN(0x500a114a, 0xadbd31aa), TOBN(0x9afaaaa6, 0x295f6cab),
+     TOBN(0x94705e21, 0x04cf667a), TOBN(0xfc2a811b, 0x9d3935d7),
+     TOBN(0x560b0280, 0x6d09267c), TOBN(0xf19ed119, 0xf780e53b),
+     TOBN(0xf0227c09, 0x067b6269), TOBN(0x967b8533, 0x5caef599),
+     TOBN(0x155b9243, 0x68efeebc), TOBN(0xcd6d34f5, 0xc497bae6),
+     TOBN(0x1dd8d5d3, 0x6cceb370), TOBN(0x2aeac579, 0xa78d7bf9),
+     TOBN(0x5d65017d, 0x70b67a62), TOBN(0x70c8e44f, 0x17c53f67),
+     TOBN(0xd1fc0950, 0x86a34d09), TOBN(0xe0fca256, 0xe7134907),
+     TOBN(0xe24fa29c, 0x80fdd315), TOBN(0x2c4acd03, 0xd87499ad),
+     TOBN(0xbaaf7517, 0x3b5a9ba6), TOBN(0xb9cbe1f6, 0x12e51a51),
+     TOBN(0xd88edae3, 0x5e154897), TOBN(0xe4309c3c, 0x77b66ca0),
+     TOBN(0xf5555805, 0xf67f3746), TOBN(0x85fc37ba, 0xa36401ff),
+     TOBN(0xdf86e2ca, 0xd9499a53), TOBN(0x6270b2a3, 0xecbc955b),
+     TOBN(0xafae64f5, 0x974ad33b), TOBN(0x04d85977, 0xfe7b2df1),
+     TOBN(0x2a3db3ff, 0x4ab03f73), TOBN(0x0b87878a, 0x8702740a),
+     TOBN(0x6d263f01, 0x5a061732), TOBN(0xc25430ce, 0xa32a1901),
+     TOBN(0xf7ebab3d, 0xdb155018), TOBN(0x3a86f693, 0x63a9b78e),
+     TOBN(0x349ae368, 0xda9f3804), TOBN(0x470f07fe, 0xa164349c),
+     TOBN(0xd52f4cc9, 0x8562baa5), TOBN(0xc74a9e86, 0x2b290df3),
+     TOBN(0xd3a1aa35, 0x43471a24), TOBN(0x239446be, 0xb8194511),
+     TOBN(0xbec2dd00, 0x81dcd44d), TOBN(0xca3d7f0f, 0xc42ac82d),
+     TOBN(0x1f3db085, 0xfdaf4520), TOBN(0xbb6d3e80, 0x4549daf2),
+     TOBN(0xf5969d8a, 0x19ad5c42), TOBN(0x7052b13d, 0xdbfd1511),
+     TOBN(0x11890d1b, 0x682b9060), TOBN(0xa71d3883, 0xac34452c),
+     TOBN(0xa438055b, 0x783805b4), TOBN(0x43241277, 0x4725b23e),
+     TOBN(0xf20cf96e, 0x4901bbed), TOBN(0x6419c710, 0xf432a2bb),
+     TOBN(0x57a0fbb9, 0xdfa9cd7d), TOBN(0x589111e4, 0x00daa249),
+     TOBN(0x19809a33, 0x7b60554e), TOBN(0xea5f8887, 0xede283a4),
+     TOBN(0x2d713802, 0x503bfd35), TOBN(0x151bb0af, 0x585d2a53),
+     TOBN(0x40b08f74, 0x43b30ca8), TOBN(0xe10b5bba, 0xd9934583),
+     TOBN(0xe8a546d6, 0xb51110ad), TOBN(0x1dd50e66, 0x28e0b6c5),
+     TOBN(0x292e9d54, 0xcff2b821), TOBN(0x3882555d, 0x47281760),
+     TOBN(0x134838f8, 0x3724d6e3), TOBN(0xf2c679e0, 0x22ddcda1),
+     TOBN(0x40ee8815, 0x6d2a5768), TOBN(0x7f227bd2, 0x1c1e7e2d),
+     TOBN(0x487ba134, 0xd04ff443), TOBN(0x76e2ff3d, 0xc614e54b),
+     TOBN(0x36b88d6f, 0xa3177ec7), TOBN(0xbf731d51, 0x2328fff5),
+     TOBN(0x758caea2, 0x49ba158e), TOBN(0x5ab8ff4c, 0x02938188),
+     TOBN(0x33e16056, 0x35edc56d), TOBN(0x5a69d349, 0x7e940d79),
+     TOBN(0x6c4fd001, 0x03866dcb), TOBN(0x20a38f57, 0x4893cdef),
+     TOBN(0xfbf3e790, 0xfac3a15b), TOBN(0x6ed7ea2e, 0x7a4f8e6b),
+     TOBN(0xa663eb4f, 0xbc3aca86), TOBN(0x22061ea5, 0x080d53f7),
+     TOBN(0x2480dfe6, 0xf546783f), TOBN(0xd38bc6da, 0x5a0a641e),
+     TOBN(0xfb093cd1, 0x2ede8965), TOBN(0x89654db4, 0xacb455cf),
+     TOBN(0x413cbf9a, 0x26e1adee), TOBN(0x291f3764, 0x373294d4),
+     TOBN(0x00797257, 0x648083fe), TOBN(0x25f504d3, 0x208cc341),
+     TOBN(0x635a8e5e, 0xc3a0ee43), TOBN(0x70aaebca, 0x679898ff),
+     TOBN(0x9ee9f547, 0x5dc63d56), TOBN(0xce987966, 0xffb34d00),
+     TOBN(0xf9f86b19, 0x5e26310a), TOBN(0x9e435484, 0x382a8ca8),
+     TOBN(0x253bcb81, 0xc2352fe4), TOBN(0xa4eac8b0, 0x4474b571),
+     TOBN(0xc1b97512, 0xc1ad8cf8), TOBN(0x193b4e9e, 0x99e0b697),
+     TOBN(0x939d2716, 0x01e85df0), TOBN(0x4fb265b3, 0xcd44eafd),
+     TOBN(0x321e7dcd, 0xe51e1ae2), TOBN(0x8e3a8ca6, 0xe3d8b096),
+     TOBN(0x8de46cb0, 0x52604998), TOBN(0x91099ad8, 0x39072aa7),
+     TOBN(0x2617f91c, 0x93aa96b8), TOBN(0x0fc8716b, 0x7fca2e13),
+     TOBN(0xa7106f5e, 0x95328723), TOBN(0xd1c9c40b, 0x262e6522),
+     TOBN(0xb9bafe86, 0x42b7c094), TOBN(0x1873439d, 0x1543c021),
+     TOBN(0xe1baa5de, 0x5cbefd5d), TOBN(0xa363fc5e, 0x521e8aff),
+     TOBN(0xefe6320d, 0xf862eaac), TOBN(0x14419c63, 0x22c647dc),
+     TOBN(0x0e06707c, 0x4e46d428), TOBN(0xcb6c834f, 0x4a178f8f),
+     TOBN(0x0f993a45, 0xd30f917c), TOBN(0xd4c4b049, 0x9879afee),
+     TOBN(0xb6142a1e, 0x70500063), TOBN(0x7c9b41c3, 0xa5d9d605),
+     TOBN(0xbc00fc2f, 0x2f8ba2c7), TOBN(0x0966eb2f, 0x7c67aa28),
+     TOBN(0x13f7b516, 0x5a786972), TOBN(0x3bfb7557, 0x8a2fbba0),
+     TOBN(0x131c4f23, 0x5a2b9620), TOBN(0xbff3ed27, 0x6faf46be),
+     TOBN(0x9b4473d1, 0x7e172323), TOBN(0x421e8878, 0x339f6246),
+     TOBN(0x0fa8587a, 0x25a41632), TOBN(0xc0814124, 0xa35b6c93),
+     TOBN(0x2b18a9f5, 0x59ebb8db), TOBN(0x264e3357, 0x76edb29c),
+     TOBN(0xaf245ccd, 0xc87c51e2), TOBN(0x16b3015b, 0x501e6214),
+     TOBN(0xbb31c560, 0x0a3882ce), TOBN(0x6961bb94, 0xfec11e04),
+     TOBN(0x3b825b8d, 0xeff7a3a0), TOBN(0xbec33738, 0xb1df7326),
+     TOBN(0x68ad747c, 0x99604a1f), TOBN(0xd154c934, 0x9a3bd499),
+     TOBN(0xac33506f, 0x1cc7a906), TOBN(0x73bb5392, 0x6c560e8f),
+     TOBN(0x6428fcbe, 0x263e3944), TOBN(0xc11828d5, 0x1c387434),
+     TOBN(0x3cd04be1, 0x3e4b12ff), TOBN(0xc3aad9f9, 0x2d88667c),
+     TOBN(0xc52ddcf8, 0x248120cf), TOBN(0x985a892e, 0x2a389532),
+     TOBN(0xfbb4b21b, 0x3bb85fa0), TOBN(0xf95375e0, 0x8dfc6269),
+     TOBN(0xfb4fb06c, 0x7ee2acea), TOBN(0x6785426e, 0x309c4d1f),
+     TOBN(0x659b17c8, 0xd8ceb147), TOBN(0x9b649eee, 0xb70a5554),
+     TOBN(0x6b7fa0b5, 0xac6bc634), TOBN(0xd99fe2c7, 0x1d6e732f),
+     TOBN(0x30e6e762, 0x8d3abba2), TOBN(0x18fee6e7, 0xa797b799),
+     TOBN(0x5c9d360d, 0xc696464d), TOBN(0xe3baeb48, 0x27bfde12),
+     TOBN(0x2bf5db47, 0xf23206d5), TOBN(0x2f6d3420, 0x1d260152),
+     TOBN(0x17b87653, 0x3f8ff89a), TOBN(0x5157c30c, 0x378fa458),
+     TOBN(0x7517c5c5, 0x2d4fb936), TOBN(0xef22f7ac, 0xe6518cdc),
+     TOBN(0xdeb483e6, 0xbf847a64), TOBN(0xf5084558, 0x92e0fa89),}
+    ,
+    {TOBN(0xab9659d8, 0xdf7304d4), TOBN(0xb71bcf1b, 0xff210e8e),
+     TOBN(0xa9a2438b, 0xd73fbd60), TOBN(0x4595cd1f, 0x5d11b4de),
+     TOBN(0x9c0d329a, 0x4835859d), TOBN(0x4a0f0d2d, 0x7dbb6e56),
+     TOBN(0xc6038e5e, 0xdf928a4e), TOBN(0xc9429621, 0x8f5ad154),
+     TOBN(0x91213462, 0xf23f2d92), TOBN(0x6cab71bd, 0x60b94078),
+     TOBN(0x6bdd0a63, 0x176cde20), TOBN(0x54c9b20c, 0xee4d54bc),
+     TOBN(0x3cd2d8aa, 0x9f2ac02f), TOBN(0x03f8e617, 0x206eedb0),
+     TOBN(0xc7f68e16, 0x93086434), TOBN(0x831469c5, 0x92dd3db9),
+     TOBN(0x8521df24, 0x8f981354), TOBN(0x587e23ec, 0x3588a259),
+     TOBN(0xcbedf281, 0xd7a0992c), TOBN(0x06930a55, 0x38961407),
+     TOBN(0x09320deb, 0xbe5bbe21), TOBN(0xa7ffa5b5, 0x2491817f),
+     TOBN(0xe6c8b4d9, 0x09065160), TOBN(0xac4f3992, 0xfff6d2a9),
+     TOBN(0x7aa7a158, 0x3ae9c1bd), TOBN(0xe0af6d98, 0xe37ce240),
+     TOBN(0xe54342d9, 0x28ab38b4), TOBN(0xe8b75007, 0x0a1c98ca),
+     TOBN(0xefce86af, 0xe02358f2), TOBN(0x31b8b856, 0xea921228),
+     TOBN(0x052a1912, 0x0a1c67fc), TOBN(0xb4069ea4, 0xe3aead59),
+     TOBN(0x3232d6e2, 0x7fa03cb3), TOBN(0xdb938e5b, 0x0fdd7d88),
+     TOBN(0x04c1d2cd, 0x2ccbfc5d), TOBN(0xd2f45c12, 0xaf3a580f),
+     TOBN(0x592620b5, 0x7883e614), TOBN(0x5fd27e68, 0xbe7c5f26),
+     TOBN(0x139e45a9, 0x1567e1e3), TOBN(0x2cc71d2d, 0x44d8aaaf),
+     TOBN(0x4a9090cd, 0xe36d0757), TOBN(0xf722d7b1, 0xd9a29382),
+     TOBN(0xfb7fb04c, 0x04b48ddf), TOBN(0x628ad2a7, 0xebe16f43),
+     TOBN(0xcd3fbfb5, 0x20226040), TOBN(0x6c34ecb1, 0x5104b6c4),
+     TOBN(0x30c0754e, 0xc903c188), TOBN(0xec336b08, 0x2d23cab0),
+     TOBN(0x473d62a2, 0x1e206ee5), TOBN(0xf1e27480, 0x8c49a633),
+     TOBN(0x87ab956c, 0xe9f6b2c3), TOBN(0x61830b48, 0x62b606ea),
+     TOBN(0x67cd6846, 0xe78e815f), TOBN(0xfe40139f, 0x4c02082a),
+     TOBN(0x52bbbfcb, 0x952ec365), TOBN(0x74c11642, 0x6b9836ab),
+     TOBN(0x9f51439e, 0x558df019), TOBN(0x230da4ba, 0xac712b27),
+     TOBN(0x518919e3, 0x55185a24), TOBN(0x4dcefcdd, 0x84b78f50),
+     TOBN(0xa7d90fb2, 0xa47d4c5a), TOBN(0x55ac9abf, 0xb30e009e),
+     TOBN(0xfd2fc359, 0x74eed273), TOBN(0xb72d824c, 0xdbea8faf),
+     TOBN(0xce721a74, 0x4513e2ca), TOBN(0x0b418612, 0x38240b2c),
+     TOBN(0x05199968, 0xd5baa450), TOBN(0xeb1757ed, 0x2b0e8c25),
+     TOBN(0x6ebc3e28, 0x3dfac6d5), TOBN(0xb2431e2e, 0x48a237f5),
+     TOBN(0x2acb5e23, 0x52f61499), TOBN(0x5558a2a7, 0xe06c936b),
+     TOBN(0xd213f923, 0xcbb13d1b), TOBN(0x98799f42, 0x5bfb9bfe),
+     TOBN(0x1ae8ddc9, 0x701144a9), TOBN(0x0b8b3bb6, 0x4c5595ee),
+     TOBN(0x0ea9ef2e, 0x3ecebb21), TOBN(0x17cb6c4b, 0x3671f9a7),
+     TOBN(0x47ef464f, 0x726f1d1f), TOBN(0x171b9484, 0x6943a276),
+     TOBN(0x51a4ae2d, 0x7ef0329c), TOBN(0x08509222, 0x91c4402a),
+     TOBN(0x64a61d35, 0xafd45bbc), TOBN(0x38f096fe, 0x3035a851),
+     TOBN(0xc7468b74, 0xa1dec027), TOBN(0xe8cf10e7, 0x4fc7dcba),
+     TOBN(0xea35ff40, 0xf4a06353), TOBN(0x0b4c0dfa, 0x8b77dd66),
+     TOBN(0x779b8552, 0xde7e5c19), TOBN(0xfab28609, 0xc1c0256c),
+     TOBN(0x64f58eee, 0xabd4743d), TOBN(0x4e8ef838, 0x7b6cc93b),
+     TOBN(0xee650d26, 0x4cb1bf3d), TOBN(0x4c1f9d09, 0x73dedf61),
+     TOBN(0xaef7c9d7, 0xbfb70ced), TOBN(0x1ec0507e, 0x1641de1e),
+     TOBN(0xcd7e5cc7, 0xcde45079), TOBN(0xde173c9a, 0x516ac9e4),
+     TOBN(0x517a8494, 0xc170315c), TOBN(0x438fd905, 0x91d8e8fb),
+     TOBN(0x5145c506, 0xc7d9630b), TOBN(0x6457a87b, 0xf47d4d75),
+     TOBN(0xd31646bf, 0x0d9a80e8), TOBN(0x453add2b, 0xcef3aabe),
+     TOBN(0xc9941109, 0xa607419d), TOBN(0xfaa71e62, 0xbb6bca80),
+     TOBN(0x34158c13, 0x07c431f3), TOBN(0x594abebc, 0x992bc47a),
+     TOBN(0x6dfea691, 0xeb78399f), TOBN(0x48aafb35, 0x3f42cba4),
+     TOBN(0xedcd65af, 0x077c04f0), TOBN(0x1a29a366, 0xe884491a),
+     TOBN(0x023a40e5, 0x1c21f2bf), TOBN(0xf99a513c, 0xa5057aee),
+     TOBN(0xa3fe7e25, 0xbcab072e), TOBN(0x8568d2e1, 0x40e32bcf),
+     TOBN(0x904594eb, 0xd3f69d9f), TOBN(0x181a9733, 0x07affab1),
+     TOBN(0xe4d68d76, 0xb6e330f4), TOBN(0x87a6dafb, 0xc75a7fc1),
+     TOBN(0x549db2b5, 0xef7d9289), TOBN(0x2480d4a8, 0x197f015a),
+     TOBN(0x61d5590b, 0xc40493b6), TOBN(0x3a55b52e, 0x6f780331),
+     TOBN(0x40eb8115, 0x309eadb0), TOBN(0xdea7de5a, 0x92e5c625),
+     TOBN(0x64d631f0, 0xcc6a3d5a), TOBN(0x9d5e9d7c, 0x93e8dd61),
+     TOBN(0xf297bef5, 0x206d3ffc), TOBN(0x23d5e033, 0x7d808bd4),
+     TOBN(0x4a4f6912, 0xd24cf5ba), TOBN(0xe4d8163b, 0x09cdaa8a),
+     TOBN(0x0e0de9ef, 0xd3082e8e), TOBN(0x4fe1246c, 0x0192f360),
+     TOBN(0x1f900150, 0x4b8eee0a), TOBN(0x5219da81, 0xf1da391b),
+     TOBN(0x7bf6a5c1, 0xf7ea25aa), TOBN(0xd165e6bf, 0xfbb07d5f),
+     TOBN(0xe3539361, 0x89e78671), TOBN(0xa3fcac89, 0x2bac4219),
+     TOBN(0xdfab6fd4, 0xf0baa8ab), TOBN(0x5a4adac1, 0xe2c1c2e5),
+     TOBN(0x6cd75e31, 0x40d85849), TOBN(0xce263fea, 0x19b39181),
+     TOBN(0xcb6803d3, 0x07032c72), TOBN(0x7f40d5ce, 0x790968c8),
+     TOBN(0xa6de86bd, 0xdce978f0), TOBN(0x25547c4f, 0x368f751c),
+     TOBN(0xb1e685fd, 0x65fb2a9e), TOBN(0xce69336f, 0x1eb9179c),
+     TOBN(0xb15d1c27, 0x12504442), TOBN(0xb7df465c, 0xb911a06b),
+     TOBN(0xb8d804a3, 0x315980cd), TOBN(0x693bc492, 0xfa3bebf7),
+     TOBN(0x3578aeee, 0x2253c504), TOBN(0x158de498, 0xcd2474a2),
+     TOBN(0x1331f5c7, 0xcfda8368), TOBN(0xd2d7bbb3, 0x78d7177e),
+     TOBN(0xdf61133a, 0xf3c1e46e), TOBN(0x5836ce7d, 0xd30e7be8),
+     TOBN(0x83084f19, 0x94f834cb), TOBN(0xd35653d4, 0x429ed782),
+     TOBN(0xa542f16f, 0x59e58243), TOBN(0xc2b52f65, 0x0470a22d),
+     TOBN(0xe3b6221b, 0x18f23d96), TOBN(0xcb05abac, 0x3f5252b4),
+     TOBN(0xca00938b, 0x87d61402), TOBN(0x2f186cdd, 0x411933e4),
+     TOBN(0xe042ece5, 0x9a29a5c5), TOBN(0xb19b3c07, 0x3b6c8402),
+     TOBN(0xc97667c7, 0x19d92684), TOBN(0xb5624622, 0xebc66372),
+     TOBN(0x0cb96e65, 0x3c04fa02), TOBN(0x83a7176c, 0x8eaa39aa),
+     TOBN(0x2033561d, 0xeaa1633f), TOBN(0x45a9d086, 0x4533df73),
+     TOBN(0xe0542c1d, 0x3dc090bc), TOBN(0x82c996ef, 0xaa59c167),
+     TOBN(0xe3f735e8, 0x0ee7fc4d), TOBN(0x7b179393, 0x7c35db79),
+     TOBN(0xb6419e25, 0xf8c5dbfd), TOBN(0x4d9d7a1e, 0x1f327b04),
+     TOBN(0x979f6f9b, 0x298dfca8), TOBN(0xc7c5dff1, 0x8de9366a),
+     TOBN(0x1b7a588d, 0x04c82bdd), TOBN(0x68005534, 0xf8319dfd),
+     TOBN(0xde8a55b5, 0xd8eb9580), TOBN(0x5ea886da, 0x8d5bca81),
+     TOBN(0xe8530a01, 0x252a0b4d), TOBN(0x1bffb4fe, 0x35eaa0a1),
+     TOBN(0x2ad828b1, 0xd8e99563), TOBN(0x7de96ef5, 0x95f9cd87),
+     TOBN(0x4abb2d0c, 0xd77d970c), TOBN(0x03cfb933, 0xd33ef9cb),
+     TOBN(0xb0547c01, 0x8b211fe9), TOBN(0x2fe64809, 0xa56ed1c6),
+     TOBN(0xcb7d5624, 0xc2ac98cc), TOBN(0x2a1372c0, 0x1a393e33),
+     TOBN(0xc8d1ec1c, 0x29660521), TOBN(0xf3d31b04, 0xb37ac3e9),
+     TOBN(0xa29ae9df, 0x5ece6e7c), TOBN(0x0603ac8f, 0x0facfb55),
+     TOBN(0xcfe85b7a, 0xdda233a5), TOBN(0xe618919f, 0xbd75f0b8),
+     TOBN(0xf555a3d2, 0x99bf1603), TOBN(0x1f43afc9, 0xf184255a),
+     TOBN(0xdcdaf341, 0x319a3e02), TOBN(0xd3b117ef, 0x03903a39),
+     TOBN(0xe095da13, 0x65d1d131), TOBN(0x86f16367, 0xc37ad03e),
+     TOBN(0x5f37389e, 0x462cd8dd), TOBN(0xc103fa04, 0xd67a60e6),
+     TOBN(0x57c34344, 0xf4b478f0), TOBN(0xce91edd8, 0xe117c98d),
+     TOBN(0x001777b0, 0x231fc12e), TOBN(0x11ae47f2, 0xb207bccb),
+     TOBN(0xd983cf8d, 0x20f8a242), TOBN(0x7aff5b1d, 0xf22e1ad8),
+     TOBN(0x68fd11d0, 0x7fc4feb3), TOBN(0x5d53ae90, 0xb0f1c3e1),
+     TOBN(0x50fb7905, 0xec041803), TOBN(0x85e3c977, 0x14404888),
+     TOBN(0x0e67faed, 0xac628d8f), TOBN(0x2e865150, 0x6668532c),
+     TOBN(0x15acaaa4, 0x6a67a6b0), TOBN(0xf4cdee25, 0xb25cec41),
+     TOBN(0x49ee565a, 0xe4c6701e), TOBN(0x2a04ca66, 0xfc7d63d8),
+     TOBN(0xeb105018, 0xef0543fb), TOBN(0xf709a4f5, 0xd1b0d81d),
+     TOBN(0x5b906ee6, 0x2915d333), TOBN(0xf4a87412, 0x96f1f0ab),
+     TOBN(0xb6b82fa7, 0x4d82f4c2), TOBN(0x90725a60, 0x6804efb3),
+     TOBN(0xbc82ec46, 0xadc3425e), TOBN(0xb7b80581, 0x2787843e),
+     TOBN(0xdf46d91c, 0xdd1fc74c), TOBN(0xdc1c62cb, 0xe783a6c4),
+     TOBN(0x59d1b9f3, 0x1a04cbba), TOBN(0xd87f6f72, 0x95e40764),
+     TOBN(0x02b4cfc1, 0x317f4a76), TOBN(0x8d2703eb, 0x91036bce),
+     TOBN(0x98206cc6, 0xa5e72a56), TOBN(0x57be9ed1, 0xcf53fb0f),
+     TOBN(0x09374571, 0xef0b17ac), TOBN(0x74b2655e, 0xd9181b38),
+     TOBN(0xc8f80ea8, 0x89935d0e), TOBN(0xc0d9e942, 0x91529936),
+     TOBN(0x19686041, 0x1e84e0e5), TOBN(0xa5db84d3, 0xaea34c93),
+     TOBN(0xf9d5bb19, 0x7073a732), TOBN(0xb8d2fe56, 0x6bcfd7c0),
+     TOBN(0x45775f36, 0xf3eb82fa), TOBN(0x8cb20ccc, 0xfdff8b58),
+     TOBN(0x1659b65f, 0x8374c110), TOBN(0xb8b4a422, 0x330c789a),
+     TOBN(0x75e3c3ea, 0x6fe8208b), TOBN(0xbd74b9e4, 0x286e78fe),
+     TOBN(0x0be2e81b, 0xd7d93a1a), TOBN(0x7ed06e27, 0xdd0a5aae),
+     TOBN(0x721f5a58, 0x6be8b800), TOBN(0x428299d1, 0xd846db28),
+     TOBN(0x95cb8e6b, 0x5be88ed3), TOBN(0xc3186b23, 0x1c034e11),
+     TOBN(0xa6312c9e, 0x8977d99b), TOBN(0xbe944331, 0x83f531e7),
+     TOBN(0x8232c0c2, 0x18d3b1d4), TOBN(0x617aae8b, 0xe1247b73),
+     TOBN(0x40153fc4, 0x282aec3b), TOBN(0xc6063d2f, 0xf7b8f823),
+     TOBN(0x68f10e58, 0x3304f94c), TOBN(0x31efae74, 0xee676346),
+     TOBN(0xbadb6c6d, 0x40a9b97c), TOBN(0x14702c63, 0x4f666256),
+     TOBN(0xdeb954f1, 0x5184b2e3), TOBN(0x5184a526, 0x94b6ca40),
+     TOBN(0xfff05337, 0x003c32ea), TOBN(0x5aa374dd, 0x205974c7),
+     TOBN(0x9a763854, 0x4b0dd71a), TOBN(0x459cd27f, 0xdeb947ec),
+     TOBN(0xa6e28161, 0x459c2b92), TOBN(0x2f020fa8, 0x75ee8ef5),
+     TOBN(0xb132ec2d, 0x30b06310), TOBN(0xc3e15899, 0xbc6a4530),
+     TOBN(0xdc5f53fe, 0xaa3f451a), TOBN(0x3a3c7f23, 0xc2d9acac),
+     TOBN(0x2ec2f892, 0x6b27e58b), TOBN(0x68466ee7, 0xd742799f),
+     TOBN(0x98324dd4, 0x1fa26613), TOBN(0xa2dc6dab, 0xbdc29d63),
+     TOBN(0xf9675faa, 0xd712d657), TOBN(0x813994be, 0x21fd8d15),
+     TOBN(0x5ccbb722, 0xfd4f7553), TOBN(0x5135ff8b, 0xf3a36b20),
+     TOBN(0x44be28af, 0x69559df5), TOBN(0x40b65bed, 0x9d41bf30),
+     TOBN(0xd98bf2a4, 0x3734e520), TOBN(0x5e3abbe3, 0x209bdcba),
+     TOBN(0x77c76553, 0xbc945b35), TOBN(0x5331c093, 0xc6ef14aa),
+     TOBN(0x518ffe29, 0x76b60c80), TOBN(0x2285593b, 0x7ace16f8),
+     TOBN(0xab1f64cc, 0xbe2b9784), TOBN(0xe8f2c0d9, 0xab2421b6),
+     TOBN(0x617d7174, 0xc1df065c), TOBN(0xafeeb5ab, 0x5f6578fa),
+     TOBN(0x16ff1329, 0x263b54a8), TOBN(0x45c55808, 0xc990dce3),
+     TOBN(0x42eab6c0, 0xecc8c177), TOBN(0x799ea9b5, 0x5982ecaa),
+     TOBN(0xf65da244, 0xb607ef8e), TOBN(0x8ab226ce, 0x32a3fc2c),
+     TOBN(0x745741e5, 0x7ea973dc), TOBN(0x5c00ca70, 0x20888f2e),
+     TOBN(0x7cdce3cf, 0x45fd9cf1), TOBN(0x8a741ef1, 0x5507f872),
+     TOBN(0x47c51c2f, 0x196b4cec), TOBN(0x70d08e43, 0xc97ea618),
+     TOBN(0x930da15c, 0x15b18a2b), TOBN(0x33b6c678, 0x2f610514),
+     TOBN(0xc662e4f8, 0x07ac9794), TOBN(0x1eccf050, 0xba06cb79),
+     TOBN(0x1ff08623, 0xe7d954e5), TOBN(0x6ef2c5fb, 0x24cf71c3),
+     TOBN(0xb2c063d2, 0x67978453), TOBN(0xa0cf3796, 0x1d654af8),
+     TOBN(0x7cb242ea, 0x7ebdaa37), TOBN(0x206e0b10, 0xb86747e0),
+     TOBN(0x481dae5f, 0xd5ecfefc), TOBN(0x07084fd8, 0xc2bff8fc),
+     TOBN(0x8040a01a, 0xea324596), TOBN(0x4c646980, 0xd4de4036),
+     TOBN(0x9eb8ab4e, 0xd65abfc3), TOBN(0xe01cb91f, 0x13541ec7),
+     TOBN(0x8f029adb, 0xfd695012), TOBN(0x9ae28483, 0x3c7569ec),
+     TOBN(0xa5614c9e, 0xa66d80a1), TOBN(0x680a3e44, 0x75f5f911),
+     TOBN(0x0c07b14d, 0xceba4fc1), TOBN(0x891c285b, 0xa13071c1),
+     TOBN(0xcac67ceb, 0x799ece3c), TOBN(0x29b910a9, 0x41e07e27),
+     TOBN(0x66bdb409, 0xf2e43123), TOBN(0x06f8b137, 0x7ac9ecbe),
+     TOBN(0x5981fafd, 0x38547090), TOBN(0x19ab8b9f, 0x85e3415d),
+     TOBN(0xfc28c194, 0xc7e31b27), TOBN(0x843be0aa, 0x6fbcbb42),
+     TOBN(0xf3b1ed43, 0xa6db836c), TOBN(0x2a1330e4, 0x01a45c05),
+     TOBN(0x4f19f3c5, 0x95c1a377), TOBN(0xa85f39d0, 0x44b5ee33),
+     TOBN(0x3da18e6d, 0x4ae52834), TOBN(0x5a403b39, 0x7423dcb0),
+     TOBN(0xbb555e0a, 0xf2374aef), TOBN(0x2ad599c4, 0x1e8ca111),
+     TOBN(0x1b3a2fb9, 0x014b3bf8), TOBN(0x73092684, 0xf66d5007),
+     TOBN(0x079f1426, 0xc4340102), TOBN(0x1827cf81, 0x8fddf4de),
+     TOBN(0xc83605f6, 0xf10ff927), TOBN(0xd3871451, 0x23739fc6),
+     TOBN(0x6d163450, 0xcac1c2cc), TOBN(0x6b521296, 0xa2ec1ac5),
+     TOBN(0x0606c4f9, 0x6e3cb4a5), TOBN(0xe47d3f41, 0x778abff7),
+     TOBN(0x425a8d5e, 0xbe8e3a45), TOBN(0x53ea9e97, 0xa6102160),
+     TOBN(0x477a106e, 0x39cbb688), TOBN(0x532401d2, 0xf3386d32),
+     TOBN(0x8e564f64, 0xb1b9b421), TOBN(0xca9b8388, 0x81dad33f),
+     TOBN(0xb1422b4e, 0x2093913e), TOBN(0x533d2f92, 0x69bc8112),
+     TOBN(0x3fa017be, 0xebe7b2c7), TOBN(0xb2767c4a, 0xcaf197c6),
+     TOBN(0xc925ff87, 0xaedbae9f), TOBN(0x7daf0eb9, 0x36880a54),
+     TOBN(0x9284ddf5, 0x9c4d0e71), TOBN(0x1581cf93, 0x316f8cf5),
+     TOBN(0x3eeca887, 0x3ac1f452), TOBN(0xb417fce9, 0xfb6aeffe),
+     TOBN(0xa5918046, 0xeefb8dc3), TOBN(0x73d318ac, 0x02209400),
+     TOBN(0xe800400f, 0x728693e5), TOBN(0xe87d814b, 0x339927ed),
+     TOBN(0x93e94d3b, 0x57ea9910), TOBN(0xff8a35b6, 0x2245fb69),
+     TOBN(0x043853d7, 0x7f200d34), TOBN(0x470f1e68, 0x0f653ce1),
+     TOBN(0x81ac05bd, 0x59a06379), TOBN(0xa14052c2, 0x03930c29),
+     TOBN(0x6b72fab5, 0x26bc2797), TOBN(0x13670d16, 0x99f16771),
+     TOBN(0x00170052, 0x1e3e48d1), TOBN(0x978fe401, 0xb7adf678),
+     TOBN(0x55ecfb92, 0xd41c5dd4), TOBN(0x5ff8e247, 0xc7b27da5),
+     TOBN(0xe7518272, 0x013fb606), TOBN(0x5768d7e5, 0x2f547a3c),
+     TOBN(0xbb24eaa3, 0x60017a5f), TOBN(0x6b18e6e4, 0x9c64ce9b),
+     TOBN(0xc225c655, 0x103dde07), TOBN(0xfc3672ae, 0x7592f7ea),
+     TOBN(0x9606ad77, 0xd06283a1), TOBN(0x542fc650, 0xe4d59d99),
+     TOBN(0xabb57c49, 0x2a40e7c2), TOBN(0xac948f13, 0xa8db9f55),
+     TOBN(0x6d4c9682, 0xb04465c3), TOBN(0xe3d062fa, 0x6468bd15),
+     TOBN(0xa51729ac, 0x5f318d7e), TOBN(0x1fc87df6, 0x9eb6fc95),
+     TOBN(0x63d146a8, 0x0591f652), TOBN(0xa861b8f7, 0x589621aa),
+     TOBN(0x59f5f15a, 0xce31348c), TOBN(0x8f663391, 0x440da6da),
+     TOBN(0xcfa778ac, 0xb591ffa3), TOBN(0x027ca9c5, 0x4cdfebce),
+     TOBN(0xbe8e05a5, 0x444ea6b3), TOBN(0x8aab4e69, 0xa78d8254),
+     TOBN(0x2437f04f, 0xb474d6b8), TOBN(0x6597ffd4, 0x045b3855),
+     TOBN(0xbb0aea4e, 0xca47ecaa), TOBN(0x568aae83, 0x85c7ebfc),
+     TOBN(0x0e966e64, 0xc73b2383), TOBN(0x49eb3447, 0xd17d8762),
+     TOBN(0xde107821, 0x8da05dab), TOBN(0x443d8baa, 0x016b7236),
+     TOBN(0x163b63a5, 0xea7610d6), TOBN(0xe47e4185, 0xce1ca979),
+     TOBN(0xae648b65, 0x80baa132), TOBN(0xebf53de2, 0x0e0d5b64),
+     TOBN(0x8d3bfcb4, 0xd3c8c1ca), TOBN(0x0d914ef3, 0x5d04b309),
+     TOBN(0x55ef6415, 0x3de7d395), TOBN(0xbde1666f, 0x26b850e8),
+     TOBN(0xdbe1ca6e, 0xd449ab19), TOBN(0x8902b322, 0xe89a2672),
+     TOBN(0xb1674b7e, 0xdacb7a53), TOBN(0x8e9faf6e, 0xf52523ff),
+     TOBN(0x6ba535da, 0x9a85788b), TOBN(0xd21f03ae, 0xbd0626d4),
+     TOBN(0x099f8c47, 0xe873dc64), TOBN(0xcda8564d, 0x018ec97e),
+     TOBN(0x3e8d7a5c, 0xde92c68c), TOBN(0x78e035a1, 0x73323cc4),
+     TOBN(0x3ef26275, 0xf880ff7c), TOBN(0xa4ee3dff, 0x273eedaa),
+     TOBN(0x58823507, 0xaf4e18f8), TOBN(0x967ec9b5, 0x0672f328),
+     TOBN(0x9ded19d9, 0x559d3186), TOBN(0x5e2ab3de, 0x6cdce39c),
+     TOBN(0xabad6e4d, 0x11c226df), TOBN(0xf9783f43, 0x87723014),
+     TOBN(0x9a49a0cf, 0x1a885719), TOBN(0xfc0c1a5a, 0x90da9dbf),
+     TOBN(0x8bbaec49, 0x571d92ac), TOBN(0x569e85fe, 0x4692517f),
+     TOBN(0x8333b014, 0xa14ea4af), TOBN(0x32f2a62f, 0x12e5c5ad),
+     TOBN(0x98c2ce3a, 0x06d89b85), TOBN(0xb90741aa, 0x2ff77a08),
+     TOBN(0x2530defc, 0x01f795a2), TOBN(0xd6e5ba0b, 0x84b3c199),
+     TOBN(0x7d8e8451, 0x12e4c936), TOBN(0xae419f7d, 0xbd0be17b),
+     TOBN(0xa583fc8c, 0x22262bc9), TOBN(0x6b842ac7, 0x91bfe2bd),
+     TOBN(0x33cef4e9, 0x440d6827), TOBN(0x5f69f4de, 0xef81fb14),
+     TOBN(0xf16cf6f6, 0x234fbb92), TOBN(0x76ae3fc3, 0xd9e7e158),
+     TOBN(0x4e89f6c2, 0xe9740b33), TOBN(0x677bc85d, 0x4962d6a1),
+     TOBN(0x6c6d8a7f, 0x68d10d15), TOBN(0x5f9a7224, 0x0257b1cd),
+     TOBN(0x7096b916, 0x4ad85961), TOBN(0x5f8c47f7, 0xe657ab4a),
+     TOBN(0xde57d7d0, 0xf7461d7e), TOBN(0x7eb6094d, 0x80ce5ee2),
+     TOBN(0x0b1e1dfd, 0x34190547), TOBN(0x8a394f43, 0xf05dd150),
+     TOBN(0x0a9eb24d, 0x97df44e6), TOBN(0x78ca06bf, 0x87675719),
+     TOBN(0x6f0b3462, 0x6ffeec22), TOBN(0x9d91bcea, 0x36cdd8fb),
+     TOBN(0xac83363c, 0xa105be47), TOBN(0x81ba76c1, 0x069710e3),
+     TOBN(0x3d1b24cb, 0x28c682c6), TOBN(0x27f25228, 0x8612575b),
+     TOBN(0xb587c779, 0xe8e66e98), TOBN(0x7b0c03e9, 0x405eb1fe),
+     TOBN(0xfdf0d030, 0x15b548e7), TOBN(0xa8be76e0, 0x38b36af7),
+     TOBN(0x4cdab04a, 0x4f310c40), TOBN(0x6287223e, 0xf47ecaec),
+     TOBN(0x678e6055, 0x8b399320), TOBN(0x61fe3fa6, 0xc01e4646),
+     TOBN(0xc482866b, 0x03261a5e), TOBN(0xdfcf45b8, 0x5c2f244a),
+     TOBN(0x8fab9a51, 0x2f684b43), TOBN(0xf796c654, 0xc7220a66),
+     TOBN(0x1d90707e, 0xf5afa58f), TOBN(0x2c421d97, 0x4fdbe0de),
+     TOBN(0xc4f4cda3, 0xaf2ebc2f), TOBN(0xa0af843d, 0xcb4efe24),
+     TOBN(0x53b857c1, 0x9ccd10b1), TOBN(0xddc9d1eb, 0x914d3e04),
+     TOBN(0x7bdec8bb, 0x62771deb), TOBN(0x829277aa, 0x91c5aa81),
+     TOBN(0x7af18dd6, 0x832391ae), TOBN(0x1740f316, 0xc71a84ca),}
+    ,
+    {TOBN(0x8928e99a, 0xeeaf8c49), TOBN(0xee7aa73d, 0x6e24d728),
+     TOBN(0x4c5007c2, 0xe72b156c), TOBN(0x5fcf57c5, 0xed408a1d),
+     TOBN(0x9f719e39, 0xb6057604), TOBN(0x7d343c01, 0xc2868bbf),
+     TOBN(0x2cca254b, 0x7e103e2d), TOBN(0xe6eb38a9, 0xf131bea2),
+     TOBN(0xb33e624f, 0x8be762b4), TOBN(0x2a9ee4d1, 0x058e3413),
+     TOBN(0x968e6369, 0x67d805fa), TOBN(0x9848949b, 0x7db8bfd7),
+     TOBN(0x5308d7e5, 0xd23a8417), TOBN(0x892f3b1d, 0xf3e29da5),
+     TOBN(0xc95c139e, 0x3dee471f), TOBN(0x8631594d, 0xd757e089),
+     TOBN(0xe0c82a3c, 0xde918dcc), TOBN(0x2e7b5994, 0x26fdcf4b),
+     TOBN(0x82c50249, 0x32cb1b2d), TOBN(0xea613a9d, 0x7657ae07),
+     TOBN(0xc2eb5f6c, 0xf1fdc9f7), TOBN(0xb6eae8b8, 0x879fe682),
+     TOBN(0x253dfee0, 0x591cbc7f), TOBN(0x000da713, 0x3e1290e6),
+     TOBN(0x1083e2ea, 0x1f095615), TOBN(0x0a28ad77, 0x14e68c33),
+     TOBN(0x6bfc0252, 0x3d8818be), TOBN(0xb585113a, 0xf35850cd),
+     TOBN(0x7d935f0b, 0x30df8aa1), TOBN(0xaddda07c, 0x4ab7e3ac),
+     TOBN(0x92c34299, 0x552f00cb), TOBN(0xc33ed1de, 0x2909df6c),
+     TOBN(0x22c2195d, 0x80e87766), TOBN(0x9e99e6d8, 0x9ddf4ac0),
+     TOBN(0x09642e4e, 0x65e74934), TOBN(0x2610ffa2, 0xff1ff241),
+     TOBN(0x4d1d47d4, 0x751c8159), TOBN(0x697b4985, 0xaf3a9363),
+     TOBN(0x0318ca46, 0x87477c33), TOBN(0xa90cb565, 0x9441eff3),
+     TOBN(0x58bb3848, 0x36f024cb), TOBN(0x85be1f77, 0x36016168),
+     TOBN(0x6c59587c, 0xdc7e07f1), TOBN(0x191be071, 0xaf1d8f02),
+     TOBN(0xbf169fa5, 0xcca5e55c), TOBN(0x3864ba3c, 0xf7d04eac),
+     TOBN(0x915e367f, 0x8d7d05db), TOBN(0xb48a876d, 0xa6549e5d),
+     TOBN(0xef89c656, 0x580e40a2), TOBN(0xf194ed8c, 0x728068bc),
+     TOBN(0x74528045, 0xa47990c9), TOBN(0xf53fc7d7, 0x5e1a4649),
+     TOBN(0xbec5ae9b, 0x78593e7d), TOBN(0x2cac4ee3, 0x41db65d7),
+     TOBN(0xa8c1eb24, 0x04a3d39b), TOBN(0x53b7d634, 0x03f8f3ef),
+     TOBN(0x2dc40d48, 0x3e07113c), TOBN(0x6e4a5d39, 0x7d8b63ae),
+     TOBN(0x5582a94b, 0x79684c2b), TOBN(0x932b33d4, 0x622da26c),
+     TOBN(0xf534f651, 0x0dbbf08d), TOBN(0x211d07c9, 0x64c23a52),
+     TOBN(0x0eeece0f, 0xee5bdc9b), TOBN(0xdf178168, 0xf7015558),
+     TOBN(0xd4294635, 0x0a712229), TOBN(0x93cbe448, 0x09273f8c),
+     TOBN(0x00b095ef, 0x8f13bc83), TOBN(0xbb741972, 0x8798978c),
+     TOBN(0x9d7309a2, 0x56dbe6e7), TOBN(0xe578ec56, 0x5a5d39ec),
+     TOBN(0x3961151b, 0x851f9a31), TOBN(0x2da7715d, 0xe5709eb4),
+     TOBN(0x867f3017, 0x53dfabf0), TOBN(0x728d2078, 0xb8e39259),
+     TOBN(0x5c75a0cd, 0x815d9958), TOBN(0xf84867a6, 0x16603be1),
+     TOBN(0xc865b13d, 0x70e35b1c), TOBN(0x02414468, 0x19b03e2c),
+     TOBN(0xe46041da, 0xac1f3121), TOBN(0x7c9017ad, 0x6f028a7c),
+     TOBN(0xabc96de9, 0x0a482873), TOBN(0x4265d6b1, 0xb77e54d4),
+     TOBN(0x68c38e79, 0xa57d88e7), TOBN(0xd461d766, 0x9ce82de3),
+     TOBN(0x817a9ec5, 0x64a7e489), TOBN(0xcc5675cd, 0xa0def5f2),
+     TOBN(0x9a00e785, 0x985d494e), TOBN(0xc626833f, 0x1b03514a),
+     TOBN(0xabe7905a, 0x83cdd60e), TOBN(0x50602fb5, 0xa1170184),
+     TOBN(0x689886cd, 0xb023642a), TOBN(0xd568d090, 0xa6e1fb00),
+     TOBN(0x5b1922c7, 0x0259217f), TOBN(0x93831cd9, 0xc43141e4),
+     TOBN(0xdfca3587, 0x0c95f86e), TOBN(0xdec2057a, 0x568ae828),
+     TOBN(0xc44ea599, 0xf98a759a), TOBN(0x55a0a7a2, 0xf7c23c1d),
+     TOBN(0xd5ffb6e6, 0x94c4f687), TOBN(0x3563cce2, 0x12848478),
+     TOBN(0x812b3517, 0xe7b1fbe1), TOBN(0x8a7dc979, 0x4f7338e0),
+     TOBN(0x211ecee9, 0x52d048db), TOBN(0x2eea4056, 0xc86ea3b8),
+     TOBN(0xd8cb68a7, 0xba772b34), TOBN(0xe16ed341, 0x5f4e2541),
+     TOBN(0x9b32f6a6, 0x0fec14db), TOBN(0xeee376f7, 0x391698be),
+     TOBN(0xe9a7aa17, 0x83674c02), TOBN(0x65832f97, 0x5843022a),
+     TOBN(0x29f3a8da, 0x5ba4990f), TOBN(0x79a59c3a, 0xfb8e3216),
+     TOBN(0x9cdc4d2e, 0xbd19bb16), TOBN(0xc6c7cfd0, 0xb3262d86),
+     TOBN(0xd4ce14d0, 0x969c0b47), TOBN(0x1fa352b7, 0x13e56128),
+     TOBN(0x383d55b8, 0x973db6d3), TOBN(0x71836850, 0xe8e5b7bf),
+     TOBN(0xc7714596, 0xe6bb571f), TOBN(0x259df31f, 0x2d5b2dd2),
+     TOBN(0x568f8925, 0x913cc16d), TOBN(0x18bc5b6d, 0xe1a26f5a),
+     TOBN(0xdfa413be, 0xf5f499ae), TOBN(0xf8835dec, 0xc3f0ae84),
+     TOBN(0xb6e60bd8, 0x65a40ab0), TOBN(0x65596439, 0x194b377e),
+     TOBN(0xbcd85625, 0x92084a69), TOBN(0x5ce433b9, 0x4f23ede0),
+     TOBN(0xe8e8f04f, 0x6ad65143), TOBN(0x11511827, 0xd6e14af6),
+     TOBN(0x3d390a10, 0x8295c0c7), TOBN(0x71e29ee4, 0x621eba16),
+     TOBN(0xa588fc09, 0x63717b46), TOBN(0x02be02fe, 0xe06ad4a2),
+     TOBN(0x931558c6, 0x04c22b22), TOBN(0xbb4d4bd6, 0x12f3c849),
+     TOBN(0x54a4f496, 0x20efd662), TOBN(0x92ba6d20, 0xc5952d14),
+     TOBN(0x2db8ea1e, 0xcc9784c2), TOBN(0x81cc10ca, 0x4b353644),
+     TOBN(0x40b570ad, 0x4b4d7f6c), TOBN(0x5c9f1d96, 0x84a1dcd2),
+     TOBN(0x01379f81, 0x3147e797), TOBN(0xe5c6097b, 0x2bd499f5),
+     TOBN(0x40dcafa6, 0x328e5e20), TOBN(0xf7b5244a, 0x54815550),
+     TOBN(0xb9a4f118, 0x47bfc978), TOBN(0x0ea0e79f, 0xd25825b1),
+     TOBN(0xa50f96eb, 0x646c7ecf), TOBN(0xeb811493, 0x446dea9d),
+     TOBN(0x2af04677, 0xdfabcf69), TOBN(0xbe3a068f, 0xc713f6e8),
+     TOBN(0x860d523d, 0x42e06189), TOBN(0xbf077941, 0x4e3aff13),
+     TOBN(0x0b616dca, 0xc1b20650), TOBN(0xe66dd6d1, 0x2131300d),
+     TOBN(0xd4a0fd67, 0xff99abde), TOBN(0xc9903550, 0xc7aac50d),
+     TOBN(0x022ecf8b, 0x7c46b2d7), TOBN(0x3333b1e8, 0x3abf92af),
+     TOBN(0x11cc113c, 0x6c491c14), TOBN(0x05976688, 0x80dd3f88),
+     TOBN(0xf5b4d9e7, 0x29d932ed), TOBN(0xe982aad8, 0xa2c38b6d),
+     TOBN(0x6f925347, 0x8be0dcf0), TOBN(0x700080ae, 0x65ca53f2),
+     TOBN(0xd8131156, 0x443ca77f), TOBN(0xe92d6942, 0xec51f984),
+     TOBN(0xd2a08af8, 0x85dfe9ae), TOBN(0xd825d9a5, 0x4d2a86ca),
+     TOBN(0x2c53988d, 0x39dff020), TOBN(0xf38b135a, 0x430cdc40),
+     TOBN(0x0c918ae0, 0x62a7150b), TOBN(0xf31fd8de, 0x0c340e9b),
+     TOBN(0xafa0e7ae, 0x4dbbf02e), TOBN(0x5847fb2a, 0x5eba6239),
+     TOBN(0x6b1647dc, 0xdccbac8b), TOBN(0xb642aa78, 0x06f485c8),
+     TOBN(0x873f3765, 0x7038ecdf), TOBN(0x2ce5e865, 0xfa49d3fe),
+     TOBN(0xea223788, 0xc98c4400), TOBN(0x8104a8cd, 0xf1fa5279),
+     TOBN(0xbcf7cc7a, 0x06becfd7), TOBN(0x49424316, 0xc8f974ae),
+     TOBN(0xc0da65e7, 0x84d6365d), TOBN(0xbcb7443f, 0x8f759fb8),
+     TOBN(0x35c712b1, 0x7ae81930), TOBN(0x80428dff, 0x4c6e08ab),
+     TOBN(0xf19dafef, 0xa4faf843), TOBN(0xced8538d, 0xffa9855f),
+     TOBN(0x20ac409c, 0xbe3ac7ce), TOBN(0x358c1fb6, 0x882da71e),
+     TOBN(0xafa9c0e5, 0xfd349961), TOBN(0x2b2cfa51, 0x8421c2fc),
+     TOBN(0x2a80db17, 0xf3a28d38), TOBN(0xa8aba539, 0x5d138e7e),
+     TOBN(0x52012d1d, 0x6e96eb8d), TOBN(0x65d8dea0, 0xcbaf9622),
+     TOBN(0x57735447, 0xb264f56c), TOBN(0xbeebef3f, 0x1b6c8da2),
+     TOBN(0xfc346d98, 0xce785254), TOBN(0xd50e8d72, 0xbb64a161),
+     TOBN(0xc03567c7, 0x49794add), TOBN(0x15a76065, 0x752c7ef6),
+     TOBN(0x59f3a222, 0x961f23d6), TOBN(0x378e4438, 0x73ecc0b0),
+     TOBN(0xc74be434, 0x5a82fde4), TOBN(0xae509af2, 0xd8b9cf34),
+     TOBN(0x4a61ee46, 0x577f44a1), TOBN(0xe09b748c, 0xb611deeb),
+     TOBN(0xc0481b2c, 0xf5f7b884), TOBN(0x35626678, 0x61acfa6b),
+     TOBN(0x37f4c518, 0xbf8d21e6), TOBN(0x22d96531, 0xb205a76d),
+     TOBN(0x37fb85e1, 0x954073c0), TOBN(0xbceafe4f, 0x65b3a567),
+     TOBN(0xefecdef7, 0xbe42a582), TOBN(0xd3fc6080, 0x65046be6),
+     TOBN(0xc9af13c8, 0x09e8dba9), TOBN(0x1e6c9847, 0x641491ff),
+     TOBN(0x3b574925, 0xd30c31f7), TOBN(0xb7eb72ba, 0xac2a2122),
+     TOBN(0x776a0dac, 0xef0859e7), TOBN(0x06fec314, 0x21900942),
+     TOBN(0x2464bc10, 0xf8c22049), TOBN(0x9bfbcce7, 0x875ebf69),
+     TOBN(0xd7a88e2a, 0x4336326b), TOBN(0xda05261c, 0x5bc2acfa),
+     TOBN(0xc29f5bdc, 0xeba7efc8), TOBN(0x471237ca, 0x25dbbf2e),
+     TOBN(0xa72773f2, 0x2975f127), TOBN(0xdc744e8e, 0x04d0b326),
+     TOBN(0x38a7ed16, 0xa56edb73), TOBN(0x64357e37, 0x2c007e70),
+     TOBN(0xa167d15b, 0x5080b400), TOBN(0x07b41164, 0x23de4be1),
+     TOBN(0xb2d91e32, 0x74c89883), TOBN(0x3c162821, 0x2882e7ed),
+     TOBN(0xad6b36ba, 0x7503e482), TOBN(0x48434e8e, 0x0ea34331),
+     TOBN(0x79f4f24f, 0x2c7ae0b9), TOBN(0xc46fbf81, 0x1939b44a),
+     TOBN(0x76fefae8, 0x56595eb1), TOBN(0x417b66ab, 0xcd5f29c7),
+     TOBN(0x5f2332b2, 0xc5ceec20), TOBN(0xd69661ff, 0xe1a1cae2),
+     TOBN(0x5ede7e52, 0x9b0286e6), TOBN(0x9d062529, 0xe276b993),
+     TOBN(0x324794b0, 0x7e50122b), TOBN(0xdd744f8b, 0x4af07ca5),
+     TOBN(0x30a12f08, 0xd63fc97b), TOBN(0x39650f1a, 0x76626d9d),
+     TOBN(0x101b47f7, 0x1fa38477), TOBN(0x3d815f19, 0xd4dc124f),
+     TOBN(0x1569ae95, 0xb26eb58a), TOBN(0xc3cde188, 0x95fb1887),
+     TOBN(0x54e9f37b, 0xf9539a48), TOBN(0xb0100e06, 0x7408c1a5),
+     TOBN(0x821d9811, 0xea580cbb), TOBN(0x8af52d35, 0x86e50c56),
+     TOBN(0xdfbd9d47, 0xdbbf698b), TOBN(0x2961a1ea, 0x03dc1c73),
+     TOBN(0x203d38f8, 0xe76a5df8), TOBN(0x08a53a68, 0x6def707a),
+     TOBN(0x26eefb48, 0x1bee45d4), TOBN(0xb3cee346, 0x3c688036),
+     TOBN(0x463c5315, 0xc42f2469), TOBN(0x19d84d2e, 0x81378162),
+     TOBN(0x22d7c3c5, 0x1c4d349f), TOBN(0x65965844, 0x163d59c5),
+     TOBN(0xcf198c56, 0xb8abceae), TOBN(0x6fb1fb1b, 0x628559d5),
+     TOBN(0x8bbffd06, 0x07bf8fe3), TOBN(0x46259c58, 0x3467734b),
+     TOBN(0xd8953cea, 0x35f7f0d3), TOBN(0x1f0bece2, 0xd65b0ff1),
+     TOBN(0xf7d5b4b3, 0xf3c72914), TOBN(0x29e8ea95, 0x3cb53389),
+     TOBN(0x4a365626, 0x836b6d46), TOBN(0xe849f910, 0xea174fde),
+     TOBN(0x7ec62fbb, 0xf4737f21), TOBN(0xd8dba5ab, 0x6209f5ac),
+     TOBN(0x24b5d7a9, 0xa5f9adbe), TOBN(0x707d28f7, 0xa61dc768),
+     TOBN(0x7711460b, 0xcaa999ea), TOBN(0xba7b174d, 0x1c92e4cc),
+     TOBN(0x3c4bab66, 0x18d4bf2d), TOBN(0xb8f0c980, 0xeb8bd279),
+     TOBN(0x024bea9a, 0x324b4737), TOBN(0xfba9e423, 0x32a83bca),
+     TOBN(0x6e635643, 0xa232dced), TOBN(0x99619367, 0x2571c8ba),
+     TOBN(0xe8c9f357, 0x54b7032b), TOBN(0xf936b3ba, 0x2442d54a),
+     TOBN(0x2263f0f0, 0x8290c65a), TOBN(0x48989780, 0xee2c7fdb),
+     TOBN(0xadc5d55a, 0x13d4f95e), TOBN(0x737cff85, 0xad9b8500),
+     TOBN(0x271c557b, 0x8a73f43d), TOBN(0xbed617a4, 0xe18bc476),
+     TOBN(0x66245401, 0x7dfd8ab2), TOBN(0xae7b89ae, 0x3a2870aa),
+     TOBN(0x1b555f53, 0x23a7e545), TOBN(0x6791e247, 0xbe057e4c),
+     TOBN(0x860136ad, 0x324fa34d), TOBN(0xea111447, 0x4cbeae28),
+     TOBN(0x023a4270, 0xbedd3299), TOBN(0x3d5c3a7f, 0xc1c35c34),
+     TOBN(0xb0f6db67, 0x8d0412d2), TOBN(0xd92625e2, 0xfcdc6b9a),
+     TOBN(0x92ae5ccc, 0x4e28a982), TOBN(0xea251c36, 0x47a3ce7e),
+     TOBN(0x9d658932, 0x790691bf), TOBN(0xed610589, 0x06b736ae),
+     TOBN(0x712c2f04, 0xc0d63b6e), TOBN(0x5cf06fd5, 0xc63d488f),
+     TOBN(0x97363fac, 0xd9588e41), TOBN(0x1f9bf762, 0x2b93257e),
+     TOBN(0xa9d1ffc4, 0x667acace), TOBN(0x1cf4a1aa, 0x0a061ecf),
+     TOBN(0x40e48a49, 0xdc1818d0), TOBN(0x0643ff39, 0xa3621ab0),
+     TOBN(0x5768640c, 0xe39ef639), TOBN(0x1fc099ea, 0x04d86854),
+     TOBN(0x9130b9c3, 0xeccd28fd), TOBN(0xd743cbd2, 0x7eec54ab),
+     TOBN(0x052b146f, 0xe5b475b6), TOBN(0x058d9a82, 0x900a7d1f),
+     TOBN(0x65e02292, 0x91262b72), TOBN(0x96f924f9, 0xbb0edf03),
+     TOBN(0x5cfa59c8, 0xfe206842), TOBN(0xf6037004, 0x5eafa720),
+     TOBN(0x5f30699e, 0x18d7dd96), TOBN(0x381e8782, 0xcbab2495),
+     TOBN(0x91669b46, 0xdd8be949), TOBN(0xb40606f5, 0x26aae8ef),
+     TOBN(0x2812b839, 0xfc6751a4), TOBN(0x16196214, 0xfba800ef),
+     TOBN(0x4398d5ca, 0x4c1a2875), TOBN(0x720c00ee, 0x653d8349),
+     TOBN(0xc2699eb0, 0xd820007c), TOBN(0x880ee660, 0xa39b5825),
+     TOBN(0x70694694, 0x471f6984), TOBN(0xf7d16ea8, 0xe3dda99a),
+     TOBN(0x28d675b2, 0xc0519a23), TOBN(0x9ebf94fe, 0x4f6952e3),
+     TOBN(0xf28bb767, 0xa2294a8a), TOBN(0x85512b4d, 0xfe0af3f5),
+     TOBN(0x18958ba8, 0x99b16a0d), TOBN(0x95c2430c, 0xba7548a7),
+     TOBN(0xb30d1b10, 0xa16be615), TOBN(0xe3ebbb97, 0x85bfb74c),
+     TOBN(0xa3273cfe, 0x18549fdb), TOBN(0xf6e200bf, 0x4fcdb792),
+     TOBN(0x54a76e18, 0x83aba56c), TOBN(0x73ec66f6, 0x89ef6aa2),
+     TOBN(0x8d17add7, 0xd1b9a305), TOBN(0xa959c5b9, 0xb7ae1b9d),
+     TOBN(0x88643522, 0x6bcc094a), TOBN(0xcc5616c4, 0xd7d429b9),
+     TOBN(0xa6dada01, 0xe6a33f7c), TOBN(0xc6217a07, 0x9d4e70ad),
+     TOBN(0xd619a818, 0x09c15b7c), TOBN(0xea06b329, 0x0e80c854),
+     TOBN(0x174811ce, 0xa5f5e7b9), TOBN(0x66dfc310, 0x787c65f4),
+     TOBN(0x4ea7bd69, 0x3316ab54), TOBN(0xc12c4acb, 0x1dcc0f70),
+     TOBN(0xe4308d1a, 0x1e407dd9), TOBN(0xe8a3587c, 0x91afa997),
+     TOBN(0xea296c12, 0xab77b7a5), TOBN(0xb5ad49e4, 0x673c0d52),
+     TOBN(0x40f9b2b2, 0x7006085a), TOBN(0xa88ff340, 0x87bf6ec2),
+     TOBN(0x978603b1, 0x4e3066a6), TOBN(0xb3f99fc2, 0xb5e486e2),
+     TOBN(0x07b53f5e, 0xb2e63645), TOBN(0xbe57e547, 0x84c84232),
+     TOBN(0xd779c216, 0x7214d5cf), TOBN(0x617969cd, 0x029a3aca),
+     TOBN(0xd17668cd, 0x8a7017a0), TOBN(0x77b4d19a, 0xbe9b7ee8),
+     TOBN(0x58fd0e93, 0x9c161776), TOBN(0xa8c4f4ef, 0xd5968a72),
+     TOBN(0x296071cc, 0x67b3de77), TOBN(0xae3c0b8e, 0x634f7905),
+     TOBN(0x67e440c2, 0x8a7100c9), TOBN(0xbb8c3c1b, 0xeb4b9b42),
+     TOBN(0x6d71e8ea, 0xc51b3583), TOBN(0x7591f5af, 0x9525e642),
+     TOBN(0xf73a2f7b, 0x13f509f3), TOBN(0x618487aa, 0x5619ac9b),
+     TOBN(0x3a72e5f7, 0x9d61718a), TOBN(0x00413bcc, 0x7592d28c),
+     TOBN(0x7d9b11d3, 0x963c35cf), TOBN(0x77623bcf, 0xb90a46ed),
+     TOBN(0xdeef273b, 0xdcdd2a50), TOBN(0x4a741f9b, 0x0601846e),
+     TOBN(0x33b89e51, 0x0ec6e929), TOBN(0xcb02319f, 0x8b7f22cd),
+     TOBN(0xbbe1500d, 0x084bae24), TOBN(0x2f0ae8d7, 0x343d2693),
+     TOBN(0xacffb5f2, 0x7cdef811), TOBN(0xaa0c030a, 0x263fb94f),
+     TOBN(0x6eef0d61, 0xa0f442de), TOBN(0xf92e1817, 0x27b139d3),
+     TOBN(0x1ae6deb7, 0x0ad8bc28), TOBN(0xa89e38dc, 0xc0514130),
+     TOBN(0x81eeb865, 0xd2fdca23), TOBN(0x5a15ee08, 0xcc8ef895),
+     TOBN(0x768fa10a, 0x01905614), TOBN(0xeff5b8ef, 0x880ee19b),
+     TOBN(0xf0c0cabb, 0xcb1c8a0e), TOBN(0x2e1ee9cd, 0xb8c838f9),
+     TOBN(0x0587d8b8, 0x8a4a14c0), TOBN(0xf6f27896, 0x2ff698e5),
+     TOBN(0xed38ef1c, 0x89ee6256), TOBN(0xf44ee1fe, 0x6b353b45),
+     TOBN(0x9115c0c7, 0x70e903b3), TOBN(0xc78ec0a1, 0x818f31df),
+     TOBN(0x6c003324, 0xb7dccbc6), TOBN(0xd96dd1f3, 0x163bbc25),
+     TOBN(0x33aa82dd, 0x5cedd805), TOBN(0x123aae4f, 0x7f7eb2f1),
+     TOBN(0x1723fcf5, 0xa26262cd), TOBN(0x1f7f4d5d, 0x0060ebd5),
+     TOBN(0xf19c5c01, 0xb2eaa3af), TOBN(0x2ccb9b14, 0x9790accf),
+     TOBN(0x1f9c1cad, 0x52324aa6), TOBN(0x63200526, 0x7247df54),
+     TOBN(0x5732fe42, 0xbac96f82), TOBN(0x52fe771f, 0x01a1c384),
+     TOBN(0x546ca13d, 0xb1001684), TOBN(0xb56b4eee, 0xa1709f75),
+     TOBN(0x266545a9, 0xd5db8672), TOBN(0xed971c90, 0x1e8f3cfb),
+     TOBN(0x4e7d8691, 0xe3a07b29), TOBN(0x7570d9ec, 0xe4b696b9),
+     TOBN(0xdc5fa067, 0x7bc7e9ae), TOBN(0x68b44caf, 0xc82c4844),
+     TOBN(0x519d34b3, 0xbf44da80), TOBN(0x283834f9, 0x5ab32e66),
+     TOBN(0x6e608797, 0x6278a000), TOBN(0x1e62960e, 0x627312f6),
+     TOBN(0x9b87b27b, 0xe6901c55), TOBN(0x80e78538, 0x24fdbc1f),
+     TOBN(0xbbbc0951, 0x2facc27d), TOBN(0x06394239, 0xac143b5a),
+     TOBN(0x35bb4a40, 0x376c1944), TOBN(0x7cb62694, 0x63da1511),
+     TOBN(0xafd29161, 0xb7148a3b), TOBN(0xa6f9d9ed, 0x4e2ea2ee),
+     TOBN(0x15dc2ca2, 0x880dd212), TOBN(0x903c3813, 0xa61139a9),
+     TOBN(0x2aa7b46d, 0x6c0f8785), TOBN(0x36ce2871, 0x901c60ff),
+     TOBN(0xc683b028, 0xe10d9c12), TOBN(0x7573baa2, 0x032f33d3),
+     TOBN(0x87a9b1f6, 0x67a31b58), TOBN(0xfd3ed11a, 0xf4ffae12),
+     TOBN(0x83dcaa9a, 0x0cb2748e), TOBN(0x8239f018, 0x5d6fdf16),
+     TOBN(0xba67b49c, 0x72753941), TOBN(0x2beec455, 0xc321cb36),
+     TOBN(0x88015606, 0x3f8b84ce), TOBN(0x76417083, 0x8d38c86f),
+     TOBN(0x054f1ca7, 0x598953dd), TOBN(0xc939e110, 0x4e8e7429),
+     TOBN(0x9b1ac2b3, 0x5a914f2f), TOBN(0x39e35ed3, 0xe74b8f9c),
+     TOBN(0xd0debdb2, 0x781b2fb0), TOBN(0x1585638f, 0x2d997ba2),
+     TOBN(0x9c4b646e, 0x9e2fce99), TOBN(0x68a21081, 0x1e80857f),
+     TOBN(0x06d54e44, 0x3643b52a), TOBN(0xde8d6d63, 0x0d8eb843),
+     TOBN(0x70321563, 0x42146a0a), TOBN(0x8ba826f2, 0x5eaa3622),
+     TOBN(0x227a58bd, 0x86138787), TOBN(0x43b6c03c, 0x10281d37),
+     TOBN(0x6326afbb, 0xb54dde39), TOBN(0x744e5e8a, 0xdb6f2d5f),
+     TOBN(0x48b2a99a, 0xcff158e1), TOBN(0xa93c8fa0, 0xef87918f),
+     TOBN(0x2182f956, 0xde058c5c), TOBN(0x216235d2, 0x936f9e7a),
+     TOBN(0xace0c0db, 0xd2e31e67), TOBN(0xc96449bf, 0xf23ac3e7),
+     TOBN(0x7e9a2874, 0x170693bd), TOBN(0xa28e14fd, 0xa45e6335),
+     TOBN(0x5757f6b3, 0x56427344), TOBN(0x822e4556, 0xacf8edf9),
+     TOBN(0x2b7a6ee2, 0xe6a285cd), TOBN(0x5866f211, 0xa9df3af0),
+     TOBN(0x40dde2dd, 0xf845b844), TOBN(0x986c3726, 0x110e5e49),
+     TOBN(0x73680c2a, 0xf7172277), TOBN(0x57b94f0f, 0x0cccb244),
+     TOBN(0xbdff7267, 0x2d438ca7), TOBN(0xbad1ce11, 0xcf4663fd),
+     TOBN(0x9813ed9d, 0xd8f71cae), TOBN(0xf43272a6, 0x961fdaa6),
+     TOBN(0xbeff0119, 0xbd6d1637), TOBN(0xfebc4f91, 0x30361978),
+     TOBN(0x02b37a95, 0x2f41deff), TOBN(0x0e44a59a, 0xe63b89b7),
+     TOBN(0x673257dc, 0x143ff951), TOBN(0x19c02205, 0xd752baf4),
+     TOBN(0x46c23069, 0xc4b7d692), TOBN(0x2e6392c3, 0xfd1502ac),
+     TOBN(0x6057b1a2, 0x1b220846), TOBN(0xe51ff946, 0x0c1b5b63),}
+    ,
+    {TOBN(0x6e85cb51, 0x566c5c43), TOBN(0xcff9c919, 0x3597f046),
+     TOBN(0x9354e90c, 0x4994d94a), TOBN(0xe0a39332, 0x2147927d),
+     TOBN(0x8427fac1, 0x0dc1eb2b), TOBN(0x88cfd8c2, 0x2ff319fa),
+     TOBN(0xe2d4e684, 0x01965274), TOBN(0xfa2e067d, 0x67aaa746),
+     TOBN(0xb6d92a7f, 0x3e5f9f11), TOBN(0x9afe153a, 0xd6cb3b8e),
+     TOBN(0x4d1a6dd7, 0xddf800bd), TOBN(0xf6c13cc0, 0xcaf17e19),
+     TOBN(0x15f6c58e, 0x325fc3ee), TOBN(0x71095400, 0xa31dc3b2),
+     TOBN(0x168e7c07, 0xafa3d3e7), TOBN(0x3f8417a1, 0x94c7ae2d),
+     TOBN(0xec234772, 0x813b230d), TOBN(0x634d0f5f, 0x17344427),
+     TOBN(0x11548ab1, 0xd77fc56a), TOBN(0x7fab1750, 0xce06af77),
+     TOBN(0xb62c10a7, 0x4f7c4f83), TOBN(0xa7d2edc4, 0x220a67d9),
+     TOBN(0x1c404170, 0x921209a0), TOBN(0x0b9815a0, 0xface59f0),
+     TOBN(0x2842589b, 0x319540c3), TOBN(0x18490f59, 0xa283d6f8),
+     TOBN(0xa2731f84, 0xdaae9fcb), TOBN(0x3db6d960, 0xc3683ba0),
+     TOBN(0xc85c63bb, 0x14611069), TOBN(0xb19436af, 0x0788bf05),
+     TOBN(0x905459df, 0x347460d2), TOBN(0x73f6e094, 0xe11a7db1),
+     TOBN(0xdc7f938e, 0xb6357f37), TOBN(0xc5d00f79, 0x2bd8aa62),
+     TOBN(0xc878dcb9, 0x2ca979fc), TOBN(0x37e83ed9, 0xeb023a99),
+     TOBN(0x6b23e273, 0x1560bf3d), TOBN(0x1086e459, 0x1d0fae61),
+     TOBN(0x78248316, 0x9a9414bd), TOBN(0x1b956bc0, 0xf0ea9ea1),
+     TOBN(0x7b85bb91, 0xc31b9c38), TOBN(0x0c5aa90b, 0x48ef57b5),
+     TOBN(0xdedeb169, 0xaf3bab6f), TOBN(0xe610ad73, 0x2d373685),
+     TOBN(0xf13870df, 0x02ba8e15), TOBN(0x0337edb6, 0x8ca7f771),
+     TOBN(0xe4acf747, 0xb62c036c), TOBN(0xd921d576, 0xb6b94e81),
+     TOBN(0xdbc86439, 0x2c422f7a), TOBN(0xfb635362, 0xed348898),
+     TOBN(0x83084668, 0xc45bfcd1), TOBN(0xc357c9e3, 0x2b315e11),
+     TOBN(0xb173b540, 0x5b2e5b8c), TOBN(0x7e946931, 0xe102b9a4),
+     TOBN(0x17c890eb, 0x7b0fb199), TOBN(0xec225a83, 0xd61b662b),
+     TOBN(0xf306a3c8, 0xee3c76cb), TOBN(0x3cf11623, 0xd32a1f6e),
+     TOBN(0xe6d5ab64, 0x6863e956), TOBN(0x3b8a4cbe, 0x5c005c26),
+     TOBN(0xdcd529a5, 0x9ce6bb27), TOBN(0xc4afaa52, 0x04d4b16f),
+     TOBN(0xb0624a26, 0x7923798d), TOBN(0x85e56df6, 0x6b307fab),
+     TOBN(0x0281893c, 0x2bf29698), TOBN(0x91fc19a4, 0xd7ce7603),
+     TOBN(0x75a5dca3, 0xad9a558f), TOBN(0x40ceb3fa, 0x4d50bf77),
+     TOBN(0x1baf6060, 0xbc9ba369), TOBN(0x927e1037, 0x597888c2),
+     TOBN(0xd936bf19, 0x86a34c07), TOBN(0xd4cf10c1, 0xc34ae980),
+     TOBN(0x3a3e5334, 0x859dd614), TOBN(0x9c475b5b, 0x18d0c8ee),
+     TOBN(0x63080d1f, 0x07cd51d5), TOBN(0xc9c0d0a6, 0xb88b4326),
+     TOBN(0x1ac98691, 0xc234296f), TOBN(0x2a0a83a4, 0x94887fb6),
+     TOBN(0x56511427, 0x0cea9cf2), TOBN(0x5230a6e8, 0xa24802f5),
+     TOBN(0xf7a2bf0f, 0x72e3d5c1), TOBN(0x37717446, 0x4f21439e),
+     TOBN(0xfedcbf25, 0x9ce30334), TOBN(0xe0030a78, 0x7ce202f9),
+     TOBN(0x6f2d9ebf, 0x1202e9ca), TOBN(0xe79dde6c, 0x75e6e591),
+     TOBN(0xf52072af, 0xf1dac4f8), TOBN(0x6c8d087e, 0xbb9b404d),
+     TOBN(0xad0fc73d, 0xbce913af), TOBN(0x909e587b, 0x458a07cb),
+     TOBN(0x1300da84, 0xd4f00c8a), TOBN(0x425cd048, 0xb54466ac),
+     TOBN(0xb59cb9be, 0x90e9d8bf), TOBN(0x991616db, 0x3e431b0e),
+     TOBN(0xd3aa117a, 0x531aecff), TOBN(0x91af92d3, 0x59f4dc3b),
+     TOBN(0x9b1ec292, 0xe93fda29), TOBN(0x76bb6c17, 0xe97d91bc),
+     TOBN(0x7509d95f, 0xaface1e6), TOBN(0x3653fe47, 0xbe855ae3),
+     TOBN(0x73180b28, 0x0f680e75), TOBN(0x75eefd1b, 0xeeb6c26c),
+     TOBN(0xa4cdf29f, 0xb66d4236), TOBN(0x2d70a997, 0x6b5821d8),
+     TOBN(0x7a3ee207, 0x20445c36), TOBN(0x71d1ac82, 0x59877174),
+     TOBN(0x0fc539f7, 0x949f73e9), TOBN(0xd05cf3d7, 0x982e3081),
+     TOBN(0x8758e20b, 0x7b1c7129), TOBN(0xffadcc20, 0x569e61f2),
+     TOBN(0xb05d3a2f, 0x59544c2d), TOBN(0xbe16f5c1, 0x9fff5e53),
+     TOBN(0x73cf65b8, 0xaad58135), TOBN(0x622c2119, 0x037aa5be),
+     TOBN(0x79373b3f, 0x646fd6a0), TOBN(0x0e029db5, 0x0d3978cf),
+     TOBN(0x8bdfc437, 0x94fba037), TOBN(0xaefbd687, 0x620797a6),
+     TOBN(0x3fa5382b, 0xbd30d38e), TOBN(0x7627cfbf, 0x585d7464),
+     TOBN(0xb2330fef, 0x4e4ca463), TOBN(0xbcef7287, 0x3566cc63),
+     TOBN(0xd161d2ca, 0xcf780900), TOBN(0x135dc539, 0x5b54827d),
+     TOBN(0x638f052e, 0x27bf1bc6), TOBN(0x10a224f0, 0x07dfa06c),
+     TOBN(0xe973586d, 0x6d3321da), TOBN(0x8b0c5738, 0x26152c8f),
+     TOBN(0x07ef4f2a, 0x34606074), TOBN(0x80fe7fe8, 0xa0f7047a),
+     TOBN(0x3d1a8152, 0xe1a0e306), TOBN(0x32cf43d8, 0x88da5222),
+     TOBN(0xbf89a95f, 0x5f02ffe6), TOBN(0x3d9eb9a4, 0x806ad3ea),
+     TOBN(0x012c17bb, 0x79c8e55e), TOBN(0xfdcd1a74, 0x99c81dac),
+     TOBN(0x7043178b, 0xb9556098), TOBN(0x4090a1df, 0x801c3886),
+     TOBN(0x759800ff, 0x9b67b912), TOBN(0x3e5c0304, 0x232620c8),
+     TOBN(0x4b9d3c4b, 0x70dceeca), TOBN(0xbb2d3c15, 0x181f648e),
+     TOBN(0xf981d837, 0x6e33345c), TOBN(0xb626289b, 0x0cf2297a),
+     TOBN(0x766ac659, 0x8baebdcf), TOBN(0x1a28ae09, 0x75df01e5),
+     TOBN(0xb71283da, 0x375876d8), TOBN(0x4865a96d, 0x607b9800),
+     TOBN(0x25dd1bcd, 0x237936b2), TOBN(0x332f4f4b, 0x60417494),
+     TOBN(0xd0923d68, 0x370a2147), TOBN(0x497f5dfb, 0xdc842203),
+     TOBN(0x9dc74cbd, 0x32be5e0f), TOBN(0x7475bcb7, 0x17a01375),
+     TOBN(0x438477c9, 0x50d872b1), TOBN(0xcec67879, 0xffe1d63d),
+     TOBN(0x9b006014, 0xd8578c70), TOBN(0xc9ad99a8, 0x78bb6b8b),
+     TOBN(0x6799008e, 0x11fb3806), TOBN(0xcfe81435, 0xcd44cab3),
+     TOBN(0xa2ee1582, 0x2f4fb344), TOBN(0xb8823450, 0x483fa6eb),
+     TOBN(0x622d323d, 0x652c7749), TOBN(0xd8474a98, 0xbeb0a15b),
+     TOBN(0xe43c154d, 0x5d1c00d0), TOBN(0x7fd581d9, 0x0e3e7aac),
+     TOBN(0x2b44c619, 0x2525ddf8), TOBN(0x67a033eb, 0xb8ae9739),
+     TOBN(0x113ffec1, 0x9ef2d2e4), TOBN(0x1bf6767e, 0xd5a0ea7f),
+     TOBN(0x57fff75e, 0x03714c0a), TOBN(0xa23c422e, 0x0a23e9ee),
+     TOBN(0xdd5f6b2d, 0x540f83af), TOBN(0xc2c2c27e, 0x55ea46a7),
+     TOBN(0xeb6b4246, 0x672a1208), TOBN(0xd13599f7, 0xae634f7a),
+     TOBN(0xcf914b5c, 0xd7b32c6e), TOBN(0x61a5a640, 0xeaf61814),
+     TOBN(0x8dc3df8b, 0x208a1bbb), TOBN(0xef627fd6, 0xb6d79aa5),
+     TOBN(0x44232ffc, 0xc4c86bc8), TOBN(0xe6f9231b, 0x061539fe),
+     TOBN(0x1d04f25a, 0x958b9533), TOBN(0x180cf934, 0x49e8c885),
+     TOBN(0x89689595, 0x9884aaf7), TOBN(0xb1959be3, 0x07b348a6),
+     TOBN(0x96250e57, 0x3c147c87), TOBN(0xae0efb3a, 0xdd0c61f8),
+     TOBN(0xed00745e, 0xca8c325e), TOBN(0x3c911696, 0xecff3f70),
+     TOBN(0x73acbc65, 0x319ad41d), TOBN(0x7b01a020, 0xf0b1c7ef),
+     TOBN(0xea32b293, 0x63a1483f), TOBN(0x89eabe71, 0x7a248f96),
+     TOBN(0x9c6231d3, 0x343157e5), TOBN(0x93a375e5, 0xdf3c546d),
+     TOBN(0xe76e9343, 0x6a2afe69), TOBN(0xc4f89100, 0xe166c88e),
+     TOBN(0x248efd0d, 0x4f872093), TOBN(0xae0eb3ea, 0x8fe0ea61),
+     TOBN(0xaf89790d, 0x9d79046e), TOBN(0x4d650f2d, 0x6cee0976),
+     TOBN(0xa3935d9a, 0x43071eca), TOBN(0x66fcd2c9, 0x283b0bfe),
+     TOBN(0x0e665eb5, 0x696605f1), TOBN(0xe77e5d07, 0xa54cd38d),
+     TOBN(0x90ee050a, 0x43d950cf), TOBN(0x86ddebda, 0xd32e69b5),
+     TOBN(0x6ad94a3d, 0xfddf7415), TOBN(0xf7fa1309, 0x3f6e8d5a),
+     TOBN(0xc4831d1d, 0xe9957f75), TOBN(0x7de28501, 0xd5817447),
+     TOBN(0x6f1d7078, 0x9e2aeb6b), TOBN(0xba2b9ff4, 0xf67a53c2),
+     TOBN(0x36963767, 0xdf9defc3), TOBN(0x479deed3, 0x0d38022c),
+     TOBN(0xd2edb89b, 0x3a8631e8), TOBN(0x8de855de, 0x7a213746),
+     TOBN(0xb2056cb7, 0xb00c5f11), TOBN(0xdeaefbd0, 0x2c9b85e4),
+     TOBN(0x03f39a8d, 0xd150892d), TOBN(0x37b84686, 0x218b7985),
+     TOBN(0x36296dd8, 0xb7375f1a), TOBN(0x472cd4b1, 0xb78e898e),
+     TOBN(0x15dff651, 0xe9f05de9), TOBN(0xd4045069, 0x2ce98ba9),
+     TOBN(0x8466a7ae, 0x9b38024c), TOBN(0xb910e700, 0xe5a6b5ef),
+     TOBN(0xae1c56ea, 0xb3aa8f0d), TOBN(0xbab2a507, 0x7eee74a6),
+     TOBN(0x0dca11e2, 0x4b4c4620), TOBN(0xfd896e2e, 0x4c47d1f4),
+     TOBN(0xeb45ae53, 0x308fbd93), TOBN(0x46cd5a2e, 0x02c36fda),
+     TOBN(0x6a3d4e90, 0xbaa48385), TOBN(0xdd55e62e, 0x9dbe9960),
+     TOBN(0xa1406aa0, 0x2a81ede7), TOBN(0x6860dd14, 0xf9274ea7),
+     TOBN(0xcfdcb0c2, 0x80414f86), TOBN(0xff410b10, 0x22f94327),
+     TOBN(0x5a33cc38, 0x49ad467b), TOBN(0xefb48b6c, 0x0a7335f1),
+     TOBN(0x14fb54a4, 0xb153a360), TOBN(0x604aa9d2, 0xb52469cc),
+     TOBN(0x5e9dc486, 0x754e48e9), TOBN(0x693cb455, 0x37471e8e),
+     TOBN(0xfb2fd7cd, 0x8d3b37b6), TOBN(0x63345e16, 0xcf09ff07),
+     TOBN(0x9910ba6b, 0x23a5d896), TOBN(0x1fe19e35, 0x7fe4364e),
+     TOBN(0x6e1da8c3, 0x9a33c677), TOBN(0x15b4488b, 0x29fd9fd0),
+     TOBN(0x1f439254, 0x1a1f22bf), TOBN(0x920a8a70, 0xab8163e8),
+     TOBN(0x3fd1b249, 0x07e5658e), TOBN(0xf2c4f79c, 0xb6ec839b),
+     TOBN(0x1abbc3d0, 0x4aa38d1b), TOBN(0x3b0db35c, 0xb5d9510e),
+     TOBN(0x1754ac78, 0x3e60dec0), TOBN(0x53272fd7, 0xea099b33),
+     TOBN(0x5fb0494f, 0x07a8e107), TOBN(0x4a89e137, 0x6a8191fa),
+     TOBN(0xa113b7f6, 0x3c4ad544), TOBN(0x88a2e909, 0x6cb9897b),
+     TOBN(0x17d55de3, 0xb44a3f84), TOBN(0xacb2f344, 0x17c6c690),
+     TOBN(0x32088168, 0x10232390), TOBN(0xf2e8a61f, 0x6c733bf7),
+     TOBN(0xa774aab6, 0x9c2d7652), TOBN(0xfb5307e3, 0xed95c5bc),
+     TOBN(0xa05c73c2, 0x4981f110), TOBN(0x1baae31c, 0xa39458c9),
+     TOBN(0x1def185b, 0xcbea62e7), TOBN(0xe8ac9eae, 0xeaf63059),
+     TOBN(0x098a8cfd, 0x9921851c), TOBN(0xd959c3f1, 0x3abe2f5b),
+     TOBN(0xa4f19525, 0x20e40ae5), TOBN(0x320789e3, 0x07a24aa1),
+     TOBN(0x259e6927, 0x7392b2bc), TOBN(0x58f6c667, 0x1918668b),
+     TOBN(0xce1db2bb, 0xc55d2d8b), TOBN(0x41d58bb7, 0xf4f6ca56),
+     TOBN(0x7650b680, 0x8f877614), TOBN(0x905e16ba, 0xf4c349ed),
+     TOBN(0xed415140, 0xf661acac), TOBN(0x3b8784f0, 0xcb2270af),
+     TOBN(0x3bc280ac, 0x8a402cba), TOBN(0xd53f7146, 0x0937921a),
+     TOBN(0xc03c8ee5, 0xe5681e83), TOBN(0x62126105, 0xf6ac9e4a),
+     TOBN(0x9503a53f, 0x936b1a38), TOBN(0x3d45e2d4, 0x782fecbd),
+     TOBN(0x69a5c439, 0x76e8ae98), TOBN(0xb53b2eeb, 0xbfb4b00e),
+     TOBN(0xf1674712, 0x72386c89), TOBN(0x30ca34a2, 0x4268bce4),
+     TOBN(0x7f1ed86c, 0x78341730), TOBN(0x8ef5beb8, 0xb525e248),
+     TOBN(0xbbc489fd, 0xb74fbf38), TOBN(0x38a92a0e, 0x91a0b382),
+     TOBN(0x7a77ba3f, 0x22433ccf), TOBN(0xde8362d6, 0xa29f05a9),
+     TOBN(0x7f6a30ea, 0x61189afc), TOBN(0x693b5505, 0x59ef114f),
+     TOBN(0x50266bc0, 0xcd1797a1), TOBN(0xea17b47e, 0xf4b7af2d),
+     TOBN(0xd6c4025c, 0x3df9483e), TOBN(0x8cbb9d9f, 0xa37b18c9),
+     TOBN(0x91cbfd9c, 0x4d8424cf), TOBN(0xdb7048f1, 0xab1c3506),
+     TOBN(0x9eaf641f, 0x028206a3), TOBN(0xf986f3f9, 0x25bdf6ce),
+     TOBN(0x262143b5, 0x224c08dc), TOBN(0x2bbb09b4, 0x81b50c91),
+     TOBN(0xc16ed709, 0xaca8c84f), TOBN(0xa6210d9d, 0xb2850ca8),
+     TOBN(0x6d8df67a, 0x09cb54d6), TOBN(0x91eef6e0, 0x500919a4),
+     TOBN(0x90f61381, 0x0f132857), TOBN(0x9acede47, 0xf8d5028b),
+     TOBN(0x844d1b71, 0x90b771c3), TOBN(0x563b71e4, 0xba6426be),
+     TOBN(0x2efa2e83, 0xbdb802ff), TOBN(0x3410cbab, 0xab5b4a41),
+     TOBN(0x555b2d26, 0x30da84dd), TOBN(0xd0711ae9, 0xee1cc29a),
+     TOBN(0xcf3e8c60, 0x2f547792), TOBN(0x03d7d5de, 0xdc678b35),
+     TOBN(0x071a2fa8, 0xced806b8), TOBN(0x222e6134, 0x697f1478),
+     TOBN(0xdc16fd5d, 0xabfcdbbf), TOBN(0x44912ebf, 0x121b53b8),
+     TOBN(0xac943674, 0x2496c27c), TOBN(0x8ea3176c, 0x1ffc26b0),
+     TOBN(0xb6e224ac, 0x13debf2c), TOBN(0x524cc235, 0xf372a832),
+     TOBN(0xd706e1d8, 0x9f6f1b18), TOBN(0x2552f005, 0x44cce35b),
+     TOBN(0x8c8326c2, 0xa88e31fc), TOBN(0xb5468b2c, 0xf9552047),
+     TOBN(0xce683e88, 0x3ff90f2b), TOBN(0x77947bdf, 0x2f0a5423),
+     TOBN(0xd0a1b28b, 0xed56e328), TOBN(0xaee35253, 0xc20134ac),
+     TOBN(0x7e98367d, 0x3567962f), TOBN(0x379ed61f, 0x8188bffb),
+     TOBN(0x73bba348, 0xfaf130a1), TOBN(0x6c1f75e1, 0x904ed734),
+     TOBN(0x18956642, 0x3b4a79fc), TOBN(0xf20bc83d, 0x54ef4493),
+     TOBN(0x836d425d, 0x9111eca1), TOBN(0xe5b5c318, 0x009a8dcf),
+     TOBN(0x3360b25d, 0x13221bc5), TOBN(0x707baad2, 0x6b3eeaf7),
+     TOBN(0xd7279ed8, 0x743a95a1), TOBN(0x7450a875, 0x969e809f),
+     TOBN(0x32b6bd53, 0xe5d0338f), TOBN(0x1e77f7af, 0x2b883bbc),
+     TOBN(0x90da12cc, 0x1063ecd0), TOBN(0xe2697b58, 0xc315be47),
+     TOBN(0x2771a5bd, 0xda85d534), TOBN(0x53e78c1f, 0xff980eea),
+     TOBN(0xadf1cf84, 0x900385e7), TOBN(0x7d3b14f6, 0xc9387b62),
+     TOBN(0x170e74b0, 0xcb8f2bd2), TOBN(0x2d50b486, 0x827fa993),
+     TOBN(0xcdbe8c9a, 0xf6f32bab), TOBN(0x55e906b0, 0xc3b93ab8),
+     TOBN(0x747f22fc, 0x8fe280d1), TOBN(0xcd8e0de5, 0xb2e114ab),
+     TOBN(0x5ab7dbeb, 0xe10b68b0), TOBN(0x9dc63a9c, 0xa480d4b2),
+     TOBN(0x78d4bc3b, 0x4be1495f), TOBN(0x25eb3db8, 0x9359122d),
+     TOBN(0x3f8ac05b, 0x0809cbdc), TOBN(0xbf4187bb, 0xd37c702f),
+     TOBN(0x84cea069, 0x1416a6a5), TOBN(0x8f860c79, 0x43ef881c),
+     TOBN(0x41311f8a, 0x38038a5d), TOBN(0xe78c2ec0, 0xfc612067),
+     TOBN(0x494d2e81, 0x5ad73581), TOBN(0xb4cc9e00, 0x59604097),
+     TOBN(0xff558aec, 0xf3612cba), TOBN(0x35beef7a, 0x9e36c39e),
+     TOBN(0x1845c7cf, 0xdbcf41b9), TOBN(0x5703662a, 0xaea997c0),
+     TOBN(0x8b925afe, 0xe402f6d8), TOBN(0xd0a1b1ae, 0x4dd72162),
+     TOBN(0x9f47b375, 0x03c41c4b), TOBN(0xa023829b, 0x0391d042),
+     TOBN(0x5f5045c3, 0x503b8b0a), TOBN(0x123c2688, 0x98c010e5),
+     TOBN(0x324ec0cc, 0x36ba06ee), TOBN(0xface3115, 0x3dd2cc0c),
+     TOBN(0xb364f3be, 0xf333e91f), TOBN(0xef8aff73, 0x28e832b0),
+     TOBN(0x1e9bad04, 0x2d05841b), TOBN(0x42f0e3df, 0x356a21e2),
+     TOBN(0xa3270bcb, 0x4add627e), TOBN(0xb09a8158, 0xd322e711),
+     TOBN(0x86e326a1, 0x0fee104a), TOBN(0xad7788f8, 0x3703f65d),
+     TOBN(0x7e765430, 0x47bc4833), TOBN(0x6cee582b, 0x2b9b893a),
+     TOBN(0x9cd2a167, 0xe8f55a7b), TOBN(0xefbee3c6, 0xd9e4190d),
+     TOBN(0x33ee7185, 0xd40c2e9d), TOBN(0x844cc9c5, 0xa380b548),
+     TOBN(0x323f8ecd, 0x66926e04), TOBN(0x0001e38f, 0x8110c1ba),
+     TOBN(0x8dbcac12, 0xfc6a7f07), TOBN(0xd65e1d58, 0x0cec0827),
+     TOBN(0xd2cd4141, 0xbe76ca2d), TOBN(0x7895cf5c, 0xe892f33a),
+     TOBN(0x956d230d, 0x367139d2), TOBN(0xa91abd3e, 0xd012c4c1),
+     TOBN(0x34fa4883, 0x87eb36bf), TOBN(0xc5f07102, 0x914b8fb4),
+     TOBN(0x90f0e579, 0xadb9c95f), TOBN(0xfe6ea8cb, 0x28888195),
+     TOBN(0x7b9b5065, 0xedfa9284), TOBN(0x6c510bd2, 0x2b8c8d65),
+     TOBN(0xd7b8ebef, 0xcbe8aafd), TOBN(0xedb3af98, 0x96b1da07),
+     TOBN(0x28ff779d, 0x6295d426), TOBN(0x0c4f6ac7, 0x3fa3ad7b),
+     TOBN(0xec44d054, 0x8b8e2604), TOBN(0x9b32a66d, 0x8b0050e1),
+     TOBN(0x1f943366, 0xf0476ce2), TOBN(0x7554d953, 0xa602c7b4),
+     TOBN(0xbe35aca6, 0x524f2809), TOBN(0xb6881229, 0xfd4edbea),
+     TOBN(0xe8cd0c8f, 0x508efb63), TOBN(0x9eb5b5c8, 0x6abcefc7),
+     TOBN(0xf5621f5f, 0xb441ab4f), TOBN(0x79e6c046, 0xb76a2b22),
+     TOBN(0x74a4792c, 0xe37a1f69), TOBN(0xcbd252cb, 0x03542b60),
+     TOBN(0x785f65d5, 0xb3c20bd3), TOBN(0x8dea6143, 0x4fabc60c),
+     TOBN(0x45e21446, 0xde673629), TOBN(0x57f7aa1e, 0x703c2d21),
+     TOBN(0xa0e99b7f, 0x98c868c7), TOBN(0x4e42f66d, 0x8b641676),
+     TOBN(0x602884dc, 0x91077896), TOBN(0xa0d690cf, 0xc2c9885b),
+     TOBN(0xfeb4da33, 0x3b9a5187), TOBN(0x5f789598, 0x153c87ee),
+     TOBN(0x2192dd47, 0x52b16dba), TOBN(0xdeefc0e6, 0x3524c1b1),
+     TOBN(0x465ea76e, 0xe4383693), TOBN(0x79401711, 0x361b8d98),
+     TOBN(0xa5f9ace9, 0xf21a15cb), TOBN(0x73d26163, 0xefee9aeb),
+     TOBN(0xcca844b3, 0xe677016c), TOBN(0x6c122b07, 0x57eaee06),
+     TOBN(0xb782dce7, 0x15f09690), TOBN(0x508b9b12, 0x2dfc0fc9),
+     TOBN(0x9015ab4b, 0x65d89fc6), TOBN(0x5e79dab7, 0xd6d5bb0f),
+     TOBN(0x64f021f0, 0x6c775aa2), TOBN(0xdf09d8cc, 0x37c7eca1),
+     TOBN(0x9a761367, 0xef2fa506), TOBN(0xed4ca476, 0x5b81eec6),
+     TOBN(0x262ede36, 0x10bbb8b5), TOBN(0x0737ce83, 0x0641ada3),
+     TOBN(0x4c94288a, 0xe9831ccc), TOBN(0x487fc1ce, 0x8065e635),
+     TOBN(0xb13d7ab3, 0xb8bb3659), TOBN(0xdea5df3e, 0x855e4120),
+     TOBN(0xb9a18573, 0x85eb0244), TOBN(0x1a1b8ea3, 0xa7cfe0a3),
+     TOBN(0x3b837119, 0x67b0867c), TOBN(0x8d5e0d08, 0x9d364520),
+     TOBN(0x52dccc1e, 0xd930f0e3), TOBN(0xefbbcec7, 0xbf20bbaf),
+     TOBN(0x99cffcab, 0x0263ad10), TOBN(0xd8199e6d, 0xfcd18f8a),
+     TOBN(0x64e2773f, 0xe9f10617), TOBN(0x0079e8e1, 0x08704848),
+     TOBN(0x1169989f, 0x8a342283), TOBN(0x8097799c, 0xa83012e6),
+     TOBN(0xece966cb, 0x8a6a9001), TOBN(0x93b3afef, 0x072ac7fc),
+     TOBN(0xe6893a2a, 0x2db3d5ba), TOBN(0x263dc462, 0x89bf4fdc),
+     TOBN(0x8852dfc9, 0xe0396673), TOBN(0x7ac70895, 0x3af362b6),
+     TOBN(0xbb9cce4d, 0x5c2f342b), TOBN(0xbf80907a, 0xb52d7aae),
+     TOBN(0x97f3d3cd, 0x2161bcd0), TOBN(0xb25b0834, 0x0962744d),
+     TOBN(0xc5b18ea5, 0x6c3a1dda), TOBN(0xfe4ec7eb, 0x06c92317),
+     TOBN(0xb787b890, 0xad1c4afe), TOBN(0xdccd9a92, 0x0ede801a),
+     TOBN(0x9ac6ddda, 0xdb58da1f), TOBN(0x22bbc12f, 0xb8cae6ee),
+     TOBN(0xc6f8bced, 0x815c4a43), TOBN(0x8105a92c, 0xf96480c7),
+     TOBN(0x0dc3dbf3, 0x7a859d51), TOBN(0xe3ec7ce6, 0x3041196b),
+     TOBN(0xd9f64b25, 0x0d1067c9), TOBN(0xf2321321, 0x3d1f8dd8),
+     TOBN(0x8b5c619c, 0x76497ee8), TOBN(0x5d2b0ac6, 0xc717370e),
+     TOBN(0x98204cb6, 0x4fcf68e1), TOBN(0x0bdec211, 0x62bc6792),
+     TOBN(0x6973ccef, 0xa63b1011), TOBN(0xf9e3fa97, 0xe0de1ac5),
+     TOBN(0x5efb693e, 0x3d0e0c8b), TOBN(0x037248e9, 0xd2d4fcb4),}
+    ,
+    {TOBN(0x80802dc9, 0x1ec34f9e), TOBN(0xd8772d35, 0x33810603),
+     TOBN(0x3f06d66c, 0x530cb4f3), TOBN(0x7be5ed0d, 0xc475c129),
+     TOBN(0xcb9e3c19, 0x31e82b10), TOBN(0xc63d2857, 0xc9ff6b4c),
+     TOBN(0xb92118c6, 0x92a1b45e), TOBN(0x0aec4414, 0x7285bbca),
+     TOBN(0xfc189ae7, 0x1e29a3ef), TOBN(0xcbe906f0, 0x4c93302e),
+     TOBN(0xd0107914, 0xceaae10e), TOBN(0xb7a23f34, 0xb68e19f8),
+     TOBN(0xe9d875c2, 0xefd2119d), TOBN(0x03198c6e, 0xfcadc9c8),
+     TOBN(0x65591bf6, 0x4da17113), TOBN(0x3cf0bbf8, 0x3d443038),
+     TOBN(0xae485bb7, 0x2b724759), TOBN(0x945353e1, 0xb2d4c63a),
+     TOBN(0x82159d07, 0xde7d6f2c), TOBN(0x389caef3, 0x4ec5b109),
+     TOBN(0x4a8ebb53, 0xdb65ef14), TOBN(0x2dc2cb7e, 0xdd99de43),
+     TOBN(0x816fa3ed, 0x83f2405f), TOBN(0x73429bb9, 0xc14208a3),
+     TOBN(0xb618d590, 0xb01e6e27), TOBN(0x047e2ccd, 0xe180b2dc),
+     TOBN(0xd1b299b5, 0x04aea4a9), TOBN(0x412c9e1e, 0x9fa403a4),
+     TOBN(0x88d28a36, 0x79407552), TOBN(0x49c50136, 0xf332b8e3),
+     TOBN(0x3a1b6fcc, 0xe668de19), TOBN(0x178851bc, 0x75122b97),
+     TOBN(0xb1e13752, 0xfb85fa4c), TOBN(0xd61257ce, 0x383c8ce9),
+     TOBN(0xd43da670, 0xd2f74dae), TOBN(0xa35aa23f, 0xbf846bbb),
+     TOBN(0x5e74235d, 0x4421fc83), TOBN(0xf6df8ee0, 0xc363473b),
+     TOBN(0x34d7f52a, 0x3c4aa158), TOBN(0x50d05aab, 0x9bc6d22e),
+     TOBN(0x8c56e735, 0xa64785f4), TOBN(0xbc56637b, 0x5f29cd07),
+     TOBN(0x53b2bb80, 0x3ee35067), TOBN(0x50235a0f, 0xdc919270),
+     TOBN(0x191ab6d8, 0xf2c4aa65), TOBN(0xc3475831, 0x8396023b),
+     TOBN(0x80400ba5, 0xf0f805ba), TOBN(0x8881065b, 0x5ec0f80f),
+     TOBN(0xc370e522, 0xcc1b5e83), TOBN(0xde2d4ad1, 0x860b8bfb),
+     TOBN(0xad364df0, 0x67b256df), TOBN(0x8f12502e, 0xe0138997),
+     TOBN(0x503fa0dc, 0x7783920a), TOBN(0xe80014ad, 0xc0bc866a),
+     TOBN(0x3f89b744, 0xd3064ba6), TOBN(0x03511dcd, 0xcba5dba5),
+     TOBN(0x197dd46d, 0x95a7b1a2), TOBN(0x9c4e7ad6, 0x3c6341fb),
+     TOBN(0x426eca29, 0x484c2ece), TOBN(0x9211e489, 0xde7f4f8a),
+     TOBN(0x14997f6e, 0xc78ef1f4), TOBN(0x2b2c0910, 0x06574586),
+     TOBN(0x17286a6e, 0x1c3eede8), TOBN(0x25f92e47, 0x0f60e018),
+     TOBN(0x805c5646, 0x31890a36), TOBN(0x703ef600, 0x57feea5b),
+     TOBN(0x389f747c, 0xaf3c3030), TOBN(0xe0e5daeb, 0x54dd3739),
+     TOBN(0xfe24a4c3, 0xc9c9f155), TOBN(0x7e4bf176, 0xb5393962),
+     TOBN(0x37183de2, 0xaf20bf29), TOBN(0x4a1bd7b5, 0xf95a8c3b),
+     TOBN(0xa83b9699, 0x46191d3d), TOBN(0x281fc8dd, 0x7b87f257),
+     TOBN(0xb18e2c13, 0x54107588), TOBN(0x6372def7, 0x9b2bafe8),
+     TOBN(0xdaf4bb48, 0x0d8972ca), TOBN(0x3f2dd4b7, 0x56167a3f),
+     TOBN(0x1eace32d, 0x84310cf4), TOBN(0xe3bcefaf, 0xe42700aa),
+     TOBN(0x5fe5691e, 0xd785e73d), TOBN(0xa5db5ab6, 0x2ea60467),
+     TOBN(0x02e23d41, 0xdfc6514a), TOBN(0x35e8048e, 0xe03c3665),
+     TOBN(0x3f8b118f, 0x1adaa0f8), TOBN(0x28ec3b45, 0x84ce1a5a),
+     TOBN(0xe8cacc6e, 0x2c6646b8), TOBN(0x1343d185, 0xdbd0e40f),
+     TOBN(0xe5d7f844, 0xcaaa358c), TOBN(0x1a1db7e4, 0x9924182a),
+     TOBN(0xd64cd42d, 0x9c875d9a), TOBN(0xb37b515f, 0x042eeec8),
+     TOBN(0x4d4dd409, 0x7b165fbe), TOBN(0xfc322ed9, 0xe206eff3),
+     TOBN(0x7dee4102, 0x59b7e17e), TOBN(0x55a481c0, 0x8236ca00),
+     TOBN(0x8c885312, 0xc23fc975), TOBN(0x15715806, 0x05d6297b),
+     TOBN(0xa078868e, 0xf78edd39), TOBN(0x956b31e0, 0x03c45e52),
+     TOBN(0x470275d5, 0xff7b33a6), TOBN(0xc8d5dc3a, 0x0c7e673f),
+     TOBN(0x419227b4, 0x7e2f2598), TOBN(0x8b37b634, 0x4c14a975),
+     TOBN(0xd0667ed6, 0x8b11888c), TOBN(0x5e0e8c3e, 0x803e25dc),
+     TOBN(0x34e5d0dc, 0xb987a24a), TOBN(0x9f40ac3b, 0xae920323),
+     TOBN(0x5463de95, 0x34e0f63a), TOBN(0xa128bf92, 0x6b6328f9),
+     TOBN(0x491ccd7c, 0xda64f1b7), TOBN(0x7ef1ec27, 0xc47bde35),
+     TOBN(0xa857240f, 0xa36a2737), TOBN(0x35dc1366, 0x63621bc1),
+     TOBN(0x7a3a6453, 0xd4fb6897), TOBN(0x80f1a439, 0xc929319d),
+     TOBN(0xfc18274b, 0xf8cb0ba0), TOBN(0xb0b53766, 0x8078c5eb),
+     TOBN(0xfb0d4924, 0x1e01d0ef), TOBN(0x50d7c67d, 0x372ab09c),
+     TOBN(0xb4e370af, 0x3aeac968), TOBN(0xe4f7fee9, 0xc4b63266),
+     TOBN(0xb4acd4c2, 0xe3ac5664), TOBN(0xf8910bd2, 0xceb38cbf),
+     TOBN(0x1c3ae50c, 0xc9c0726e), TOBN(0x15309569, 0xd97b40bf),
+     TOBN(0x70884b7f, 0xfd5a5a1b), TOBN(0x3890896a, 0xef8314cd),
+     TOBN(0x58e1515c, 0xa5618c93), TOBN(0xe665432b, 0x77d942d1),
+     TOBN(0xb32181bf, 0xb6f767a8), TOBN(0x753794e8, 0x3a604110),
+     TOBN(0x09afeb7c, 0xe8c0dbcc), TOBN(0x31e02613, 0x598673a3),
+     TOBN(0x5d98e557, 0x7d46db00), TOBN(0xfc21fb8c, 0x9d985b28),
+     TOBN(0xc9040116, 0xb0843e0b), TOBN(0x53b1b3a8, 0x69b04531),
+     TOBN(0xdd1649f0, 0x85d7d830), TOBN(0xbb3bcc87, 0xcb7427e8),
+     TOBN(0x77261100, 0xc93dce83), TOBN(0x7e79da61, 0xa1922a2a),
+     TOBN(0x587a2b02, 0xf3149ce8), TOBN(0x147e1384, 0xde92ec83),
+     TOBN(0x484c83d3, 0xaf077f30), TOBN(0xea78f844, 0x0658b53a),
+     TOBN(0x912076c2, 0x027aec53), TOBN(0xf34714e3, 0x93c8177d),
+     TOBN(0x37ef5d15, 0xc2376c84), TOBN(0x8315b659, 0x3d1aa783),
+     TOBN(0x3a75c484, 0xef852a90), TOBN(0x0ba0c58a, 0x16086bd4),
+     TOBN(0x29688d7a, 0x529a6d48), TOBN(0x9c7f250d, 0xc2f19203),
+     TOBN(0x123042fb, 0x682e2df9), TOBN(0x2b7587e7, 0xad8121bc),
+     TOBN(0x30fc0233, 0xe0182a65), TOBN(0xb82ecf87, 0xe3e1128a),
+     TOBN(0x71682861, 0x93fb098f), TOBN(0x043e21ae, 0x85e9e6a7),
+     TOBN(0xab5b49d6, 0x66c834ea), TOBN(0x3be43e18, 0x47414287),
+     TOBN(0xf40fb859, 0x219a2a47), TOBN(0x0e6559e9, 0xcc58df3c),
+     TOBN(0xfe1dfe8e, 0x0c6615b4), TOBN(0x14abc8fd, 0x56459d70),
+     TOBN(0x7be0fa8e, 0x05de0386), TOBN(0x8e63ef68, 0xe9035c7c),
+     TOBN(0x116401b4, 0x53b31e91), TOBN(0x0cba7ad4, 0x4436b4d8),
+     TOBN(0x9151f9a0, 0x107afd66), TOBN(0xafaca8d0, 0x1f0ee4c4),
+     TOBN(0x75fe5c1d, 0x9ee9761c), TOBN(0x3497a16b, 0xf0c0588f),
+     TOBN(0x3ee2bebd, 0x0304804c), TOBN(0xa8fb9a60, 0xc2c990b9),
+     TOBN(0xd14d32fe, 0x39251114), TOBN(0x36bf25bc, 0xcac73366),
+     TOBN(0xc9562c66, 0xdba7495c), TOBN(0x324d301b, 0x46ad348b),
+     TOBN(0x9f46620c, 0xd670407e), TOBN(0x0ea8d4f1, 0xe3733a01),
+     TOBN(0xd396d532, 0xb0c324e0), TOBN(0x5b211a0e, 0x03c317cd),
+     TOBN(0x090d7d20, 0x5ffe7b37), TOBN(0x3b7f3efb, 0x1747d2da),
+     TOBN(0xa2cb525f, 0xb54fc519), TOBN(0x6e220932, 0xf66a971e),
+     TOBN(0xddc160df, 0xb486d440), TOBN(0x7fcfec46, 0x3fe13465),
+     TOBN(0x83da7e4e, 0x76e4c151), TOBN(0xd6fa48a1, 0xd8d302b5),
+     TOBN(0xc6304f26, 0x5872cd88), TOBN(0x806c1d3c, 0x278b90a1),
+     TOBN(0x3553e725, 0xcaf0bc1c), TOBN(0xff59e603, 0xbb9d8d5c),
+     TOBN(0xa4550f32, 0x7a0b85dd), TOBN(0xdec5720a, 0x93ecc217),
+     TOBN(0x0b88b741, 0x69d62213), TOBN(0x7212f245, 0x5b365955),
+     TOBN(0x20764111, 0xb5cae787), TOBN(0x13cb7f58, 0x1dfd3124),
+     TOBN(0x2dca77da, 0x1175aefb), TOBN(0xeb75466b, 0xffaae775),
+     TOBN(0x74d76f3b, 0xdb6cff32), TOBN(0x7440f37a, 0x61fcda9a),
+     TOBN(0x1bb3ac92, 0xb525028b), TOBN(0x20fbf8f7, 0xa1975f29),
+     TOBN(0x982692e1, 0xdf83097f), TOBN(0x28738f6c, 0x554b0800),
+     TOBN(0xdc703717, 0xa2ce2f2f), TOBN(0x7913b93c, 0x40814194),
+     TOBN(0x04924593, 0x1fe89636), TOBN(0x7b98443f, 0xf78834a6),
+     TOBN(0x11c6ab01, 0x5114a5a1), TOBN(0x60deb383, 0xffba5f4c),
+     TOBN(0x4caa54c6, 0x01a982e6), TOBN(0x1dd35e11, 0x3491cd26),
+     TOBN(0x973c315f, 0x7cbd6b05), TOBN(0xcab00775, 0x52494724),
+     TOBN(0x04659b1f, 0x6565e15a), TOBN(0xbf30f529, 0x8c8fb026),
+     TOBN(0xfc21641b, 0xa8a0de37), TOBN(0xe9c7a366, 0xfa5e5114),
+     TOBN(0xdb849ca5, 0x52f03ad8), TOBN(0xc7e8dbe9, 0x024e35c0),
+     TOBN(0xa1a2bbac, 0xcfc3c789), TOBN(0xbf733e7d, 0x9c26f262),
+     TOBN(0x882ffbf5, 0xb8444823), TOBN(0xb7224e88, 0x6bf8483b),
+     TOBN(0x53023b8b, 0x65bef640), TOBN(0xaabfec91, 0xd4d5f8cd),
+     TOBN(0xa40e1510, 0x079ea1bd), TOBN(0x1ad9addc, 0xd05d5d26),
+     TOBN(0xdb3f2eab, 0x13e68d4f), TOBN(0x1cff1ae2, 0x640f803f),
+     TOBN(0xe0e7b749, 0xd4cee117), TOBN(0x8e9f275b, 0x4036d909),
+     TOBN(0xce34e31d, 0x8f4d4c38), TOBN(0x22b37f69, 0xd75130fc),
+     TOBN(0x83e0f1fd, 0xb4014604), TOBN(0xa8ce9919, 0x89415078),
+     TOBN(0x82375b75, 0x41792efe), TOBN(0x4f59bf5c, 0x97d4515b),
+     TOBN(0xac4f324f, 0x923a277d), TOBN(0xd9bc9b7d, 0x650f3406),
+     TOBN(0xc6fa87d1, 0x8a39bc51), TOBN(0x82588530, 0x5ccc108f),
+     TOBN(0x5ced3c9f, 0x82e4c634), TOBN(0x8efb8314, 0x3a4464f8),
+     TOBN(0xe706381b, 0x7a1dca25), TOBN(0x6cd15a3c, 0x5a2a412b),
+     TOBN(0x9347a8fd, 0xbfcd8fb5), TOBN(0x31db2eef, 0x6e54cd22),
+     TOBN(0xc4aeb11e, 0xf8d8932f), TOBN(0x11e7c1ed, 0x344411af),
+     TOBN(0x2653050c, 0xdc9a151e), TOBN(0x9edbfc08, 0x3bb0a859),
+     TOBN(0x926c81c7, 0xfd5691e7), TOBN(0x9c1b2342, 0x6f39019a),
+     TOBN(0x64a81c8b, 0x7f8474b9), TOBN(0x90657c07, 0x01761819),
+     TOBN(0x390b3331, 0x55e0375a), TOBN(0xc676c626, 0xb6ebc47d),
+     TOBN(0x51623247, 0xb7d6dee8), TOBN(0x0948d927, 0x79659313),
+     TOBN(0x99700161, 0xe9ab35ed), TOBN(0x06cc32b4, 0x8ddde408),
+     TOBN(0x6f2fd664, 0x061ef338), TOBN(0x1606fa02, 0xc202e9ed),
+     TOBN(0x55388bc1, 0x929ba99b), TOBN(0xc4428c5e, 0x1e81df69),
+     TOBN(0xce2028ae, 0xf91b0b2a), TOBN(0xce870a23, 0xf03dfd3f),
+     TOBN(0x66ec2c87, 0x0affe8ed), TOBN(0xb205fb46, 0x284d0c00),
+     TOBN(0xbf5dffe7, 0x44cefa48), TOBN(0xb6fc37a8, 0xa19876d7),
+     TOBN(0xbecfa84c, 0x08b72863), TOBN(0xd7205ff5, 0x2576374f),
+     TOBN(0x80330d32, 0x8887de41), TOBN(0x5de0df0c, 0x869ea534),
+     TOBN(0x13f42753, 0x3c56ea17), TOBN(0xeb1f6069, 0x452b1a78),
+     TOBN(0x50474396, 0xe30ea15c), TOBN(0x575816a1, 0xc1494125),
+     TOBN(0xbe1ce55b, 0xfe6bb38f), TOBN(0xb901a948, 0x96ae30f7),
+     TOBN(0xe5af0f08, 0xd8fc3548), TOBN(0x5010b5d0, 0xd73bfd08),
+     TOBN(0x993d2880, 0x53fe655a), TOBN(0x99f2630b, 0x1c1309fd),
+     TOBN(0xd8677baf, 0xb4e3b76f), TOBN(0x14e51ddc, 0xb840784b),
+     TOBN(0x326c750c, 0xbf0092ce), TOBN(0xc83d306b, 0xf528320f),
+     TOBN(0xc4456715, 0x77d4715c), TOBN(0xd30019f9, 0x6b703235),
+     TOBN(0x207ccb2e, 0xd669e986), TOBN(0x57c824af, 0xf6dbfc28),
+     TOBN(0xf0eb532f, 0xd8f92a23), TOBN(0x4a557fd4, 0x9bb98fd2),
+     TOBN(0xa57acea7, 0xc1e6199a), TOBN(0x0c663820, 0x8b94b1ed),
+     TOBN(0x9b42be8f, 0xf83a9266), TOBN(0xc7741c97, 0x0101bd45),
+     TOBN(0x95770c11, 0x07bd9ceb), TOBN(0x1f50250a, 0x8b2e0744),
+     TOBN(0xf762eec8, 0x1477b654), TOBN(0xc65b900e, 0x15efe59a),
+     TOBN(0x88c96148, 0x9546a897), TOBN(0x7e8025b3, 0xc30b4d7c),
+     TOBN(0xae4065ef, 0x12045cf9), TOBN(0x6fcb2caf, 0x9ccce8bd),
+     TOBN(0x1fa0ba4e, 0xf2cf6525), TOBN(0xf683125d, 0xcb72c312),
+     TOBN(0xa01da4ea, 0xe312410e), TOBN(0x67e28677, 0x6cd8e830),
+     TOBN(0xabd95752, 0x98fb3f07), TOBN(0x05f11e11, 0xeef649a5),
+     TOBN(0xba47faef, 0x9d3472c2), TOBN(0x3adff697, 0xc77d1345),
+     TOBN(0x4761fa04, 0xdd15afee), TOBN(0x64f1f61a, 0xb9e69462),
+     TOBN(0xfa691fab, 0x9bfb9093), TOBN(0x3df8ae8f, 0xa1133dfe),
+     TOBN(0xcd5f8967, 0x58cc710d), TOBN(0xfbb88d50, 0x16c7fe79),
+     TOBN(0x8e011b4c, 0xe88c50d1), TOBN(0x7532e807, 0xa8771c4f),
+     TOBN(0x64c78a48, 0xe2278ee4), TOBN(0x0b283e83, 0x3845072a),
+     TOBN(0x98a6f291, 0x49e69274), TOBN(0xb96e9668, 0x1868b21c),
+     TOBN(0x38f0adc2, 0xb1a8908e), TOBN(0x90afcff7, 0x1feb829d),
+     TOBN(0x9915a383, 0x210b0856), TOBN(0xa5a80602, 0xdef04889),
+     TOBN(0x800e9af9, 0x7c64d509), TOBN(0x81382d0b, 0xb8996f6f),
+     TOBN(0x490eba53, 0x81927e27), TOBN(0x46c63b32, 0x4af50182),
+     TOBN(0x784c5fd9, 0xd3ad62ce), TOBN(0xe4fa1870, 0xf8ae8736),
+     TOBN(0x4ec9d0bc, 0xd7466b25), TOBN(0x84ddbe1a, 0xdb235c65),
+     TOBN(0x5e2645ee, 0x163c1688), TOBN(0x570bd00e, 0x00eba747),
+     TOBN(0xfa51b629, 0x128bfa0f), TOBN(0x92fce1bd, 0x6c1d3b68),
+     TOBN(0x3e7361dc, 0xb66778b1), TOBN(0x9c7d249d, 0x5561d2bb),
+     TOBN(0xa40b28bf, 0x0bbc6229), TOBN(0x1c83c05e, 0xdfd91497),
+     TOBN(0x5f9f5154, 0xf083df05), TOBN(0xbac38b3c, 0xeee66c9d),
+     TOBN(0xf71db7e3, 0xec0dfcfd), TOBN(0xf2ecda8e, 0x8b0a8416),
+     TOBN(0x52fddd86, 0x7812aa66), TOBN(0x2896ef10, 0x4e6f4272),
+     TOBN(0xff27186a, 0x0fe9a745), TOBN(0x08249fcd, 0x49ca70db),
+     TOBN(0x7425a2e6, 0x441cac49), TOBN(0xf4a0885a, 0xece5ff57),
+     TOBN(0x6e2cb731, 0x7d7ead58), TOBN(0xf96cf7d6, 0x1898d104),
+     TOBN(0xafe67c9d, 0x4f2c9a89), TOBN(0x89895a50, 0x1c7bf5bc),
+     TOBN(0xdc7cb8e5, 0x573cecfa), TOBN(0x66497eae, 0xd15f03e6),
+     TOBN(0x6bc0de69, 0x3f084420), TOBN(0x323b9b36, 0xacd532b0),
+     TOBN(0xcfed390a, 0x0115a3c1), TOBN(0x9414c40b, 0x2d65ca0e),
+     TOBN(0x641406bd, 0x2f530c78), TOBN(0x29369a44, 0x833438f2),
+     TOBN(0x996884f5, 0x903fa271), TOBN(0xe6da0fd2, 0xb9da921e),
+     TOBN(0xa6f2f269, 0x5db01e54), TOBN(0x1ee3e9bd, 0x6876214e),
+     TOBN(0xa26e181c, 0xe27a9497), TOBN(0x36d254e4, 0x8e215e04),
+     TOBN(0x42f32a6c, 0x252cabca), TOBN(0x99481487, 0x80b57614),
+     TOBN(0x4c4dfe69, 0x40d9cae1), TOBN(0x05869580, 0x11a10f09),
+     TOBN(0xca287b57, 0x3491b64b), TOBN(0x77862d5d, 0x3fd4a53b),
+     TOBN(0xbf94856e, 0x50349126), TOBN(0x2be30bd1, 0x71c5268f),
+     TOBN(0x10393f19, 0xcbb650a6), TOBN(0x639531fe, 0x778cf9fd),
+     TOBN(0x02556a11, 0xb2935359), TOBN(0xda38aa96, 0xaf8c126e),
+     TOBN(0x47dbe6c2, 0x0960167f), TOBN(0x37bbabb6, 0x501901cd),
+     TOBN(0xb6e979e0, 0x2c947778), TOBN(0xd69a5175, 0x7a1a1dc6),
+     TOBN(0xc3ed5095, 0x9d9faf0c), TOBN(0x4dd9c096, 0x1d5fa5f0),
+     TOBN(0xa0c4304d, 0x64f16ea8), TOBN(0x8b1cac16, 0x7e718623),
+     TOBN(0x0b576546, 0x7c67f03e), TOBN(0x559cf5ad, 0xcbd88c01),
+     TOBN(0x074877bb, 0x0e2af19a), TOBN(0x1f717ec1, 0xa1228c92),
+     TOBN(0x70bcb800, 0x326e8920), TOBN(0xec6e2c5c, 0x4f312804),
+     TOBN(0x426aea7d, 0x3fca4752), TOBN(0xf12c0949, 0x2211f62a),
+     TOBN(0x24beecd8, 0x7be7b6b5), TOBN(0xb77eaf4c, 0x36d7a27d),
+     TOBN(0x154c2781, 0xfda78fd3), TOBN(0x848a83b0, 0x264eeabe),
+     TOBN(0x81287ef0, 0x4ffe2bc4), TOBN(0x7b6d88c6, 0xb6b6fc2a),
+     TOBN(0x805fb947, 0xce417d99), TOBN(0x4b93dcc3, 0x8b916cc4),
+     TOBN(0x72e65bb3, 0x21273323), TOBN(0xbcc1badd, 0x6ea9886e),
+     TOBN(0x0e223011, 0x4bc5ee85), TOBN(0xa561be74, 0xc18ee1e4),
+     TOBN(0x762fd2d4, 0xa6bcf1f1), TOBN(0x50e6a5a4, 0x95231489),
+     TOBN(0xca96001f, 0xa00b500b), TOBN(0x5c098cfc, 0x5d7dcdf5),
+     TOBN(0xa64e2d2e, 0x8c446a85), TOBN(0xbae9bcf1, 0x971f3c62),
+     TOBN(0x4ec22683, 0x8435a2c5), TOBN(0x8ceaed6c, 0x4bad4643),
+     TOBN(0xe9f8fb47, 0xccccf4e3), TOBN(0xbd4f3fa4, 0x1ce3b21e),
+     TOBN(0xd79fb110, 0xa3db3292), TOBN(0xe28a37da, 0xb536c66a),
+     TOBN(0x279ce87b, 0x8e49e6a9), TOBN(0x70ccfe8d, 0xfdcec8e3),
+     TOBN(0x2193e4e0, 0x3ba464b2), TOBN(0x0f39d60e, 0xaca9a398),
+     TOBN(0x7d7932af, 0xf82c12ab), TOBN(0xd8ff50ed, 0x91e7e0f7),
+     TOBN(0xea961058, 0xfa28a7e0), TOBN(0xc726cf25, 0x0bf5ec74),
+     TOBN(0xe74d55c8, 0xdb229666), TOBN(0x0bd9abbf, 0xa57f5799),
+     TOBN(0x7479ef07, 0x4dfc47b3), TOBN(0xd9c65fc3, 0x0c52f91d),
+     TOBN(0x8e0283fe, 0x36a8bde2), TOBN(0xa32a8b5e, 0x7d4b7280),
+     TOBN(0x6a677c61, 0x12e83233), TOBN(0x0fbb3512, 0xdcc9bf28),
+     TOBN(0x562e8ea5, 0x0d780f61), TOBN(0x0db8b22b, 0x1dc4e89c),
+     TOBN(0x0a6fd1fb, 0x89be0144), TOBN(0x8c77d246, 0xca57113b),
+     TOBN(0x4639075d, 0xff09c91c), TOBN(0x5b47b17f, 0x5060824c),
+     TOBN(0x58aea2b0, 0x16287b52), TOBN(0xa1343520, 0xd0cd8eb0),
+     TOBN(0x6148b4d0, 0xc5d58573), TOBN(0xdd2b6170, 0x291c68ae),
+     TOBN(0xa61b3929, 0x1da3b3b7), TOBN(0x5f946d79, 0x08c4ac10),
+     TOBN(0x4105d4a5, 0x7217d583), TOBN(0x5061da3d, 0x25e6de5e),
+     TOBN(0x3113940d, 0xec1b4991), TOBN(0xf12195e1, 0x36f485ae),
+     TOBN(0xa7507fb2, 0x731a2ee0), TOBN(0x95057a8e, 0x6e9e196e),
+     TOBN(0xa3c2c911, 0x2e130136), TOBN(0x97dfbb36, 0x33c60d15),
+     TOBN(0xcaf3c581, 0xb300ee2b), TOBN(0x77f25d90, 0xf4bac8b8),
+     TOBN(0xdb1c4f98, 0x6d840cd6), TOBN(0x471d62c0, 0xe634288c),
+     TOBN(0x8ec2f85e, 0xcec8a161), TOBN(0x41f37cbc, 0xfa6f4ae2),
+     TOBN(0x6793a20f, 0x4b709985), TOBN(0x7a7bd33b, 0xefa8985b),
+     TOBN(0x2c6a3fbd, 0x938e6446), TOBN(0x19042619, 0x2a8d47c1),
+     TOBN(0x16848667, 0xcc36975f), TOBN(0x02acf168, 0x9d5f1dfb),
+     TOBN(0x62d41ad4, 0x613baa94), TOBN(0xb56fbb92, 0x9f684670),
+     TOBN(0xce610d0d, 0xe9e40569), TOBN(0x7b99c65f, 0x35489fef),
+     TOBN(0x0c88ad1b, 0x3df18b97), TOBN(0x81b7d9be, 0x5d0e9edb),
+     TOBN(0xd85218c0, 0xc716cc0a), TOBN(0xf4b5ff90, 0x85691c49),
+     TOBN(0xa4fd666b, 0xce356ac6), TOBN(0x17c72895, 0x4b327a7a),
+     TOBN(0xf93d5085, 0xda6be7de), TOBN(0xff71530e, 0x3301d34e),
+     TOBN(0x4cd96442, 0xd8f448e8), TOBN(0x9283d331, 0x2ed18ffa),
+     TOBN(0x4d33dd99, 0x2a849870), TOBN(0xa716964b, 0x41576335),
+     TOBN(0xff5e3a9b, 0x179be0e5), TOBN(0x5b9d6b1b, 0x83b13632),
+     TOBN(0x3b8bd7d4, 0xa52f313b), TOBN(0xc9dd95a0, 0x637a4660),
+     TOBN(0x30035962, 0x0b3e218f), TOBN(0xce1481a3, 0xc7b28a3c),
+     TOBN(0xab41b43a, 0x43228d83), TOBN(0x24ae1c30, 0x4ad63f99),
+     TOBN(0x8e525f1a, 0x46a51229), TOBN(0x14af860f, 0xcd26d2b4),
+     TOBN(0xd6baef61, 0x3f714aa1), TOBN(0xf51865ad, 0xeb78795e),
+     TOBN(0xd3e21fce, 0xe6a9d694), TOBN(0x82ceb1dd, 0x8a37b527)}
+};
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_oct.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_oct.c
new file mode 100644
index 000000000..7ade1b3d2
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_oct.c
@@ -0,0 +1,366 @@
+/*
+ * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/symhacks.h>
+
+#include "ec_lcl.h"
+
+int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group,
+                                             EC_POINT *point,
+                                             const BIGNUM *x_, int y_bit,
+                                             BN_CTX *ctx)
+{
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *tmp1, *tmp2, *x, *y;
+    int ret = 0;
+
+    /* clear error queue */
+    ERR_clear_error();
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    y_bit = (y_bit != 0);
+
+    BN_CTX_start(ctx);
+    tmp1 = BN_CTX_get(ctx);
+    tmp2 = BN_CTX_get(ctx);
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    if (y == NULL)
+        goto err;
+
+    /*-
+     * Recover y.  We have a Weierstrass equation
+     *     y^2 = x^3 + a*x + b,
+     * so  y  is one of the square roots of  x^3 + a*x + b.
+     */
+
+    /* tmp1 := x^3 */
+    if (!BN_nnmod(x, x_, group->field, ctx))
+        goto err;
+    if (group->meth->field_decode == 0) {
+        /* field_{sqr,mul} work on standard representation */
+        if (!group->meth->field_sqr(group, tmp2, x_, ctx))
+            goto err;
+        if (!group->meth->field_mul(group, tmp1, tmp2, x_, ctx))
+            goto err;
+    } else {
+        if (!BN_mod_sqr(tmp2, x_, group->field, ctx))
+            goto err;
+        if (!BN_mod_mul(tmp1, tmp2, x_, group->field, ctx))
+            goto err;
+    }
+
+    /* tmp1 := tmp1 + a*x */
+    if (group->a_is_minus3) {
+        if (!BN_mod_lshift1_quick(tmp2, x, group->field))
+            goto err;
+        if (!BN_mod_add_quick(tmp2, tmp2, x, group->field))
+            goto err;
+        if (!BN_mod_sub_quick(tmp1, tmp1, tmp2, group->field))
+            goto err;
+    } else {
+        if (group->meth->field_decode) {
+            if (!group->meth->field_decode(group, tmp2, group->a, ctx))
+                goto err;
+            if (!BN_mod_mul(tmp2, tmp2, x, group->field, ctx))
+                goto err;
+        } else {
+            /* field_mul works on standard representation */
+            if (!group->meth->field_mul(group, tmp2, group->a, x, ctx))
+                goto err;
+        }
+
+        if (!BN_mod_add_quick(tmp1, tmp1, tmp2, group->field))
+            goto err;
+    }
+
+    /* tmp1 := tmp1 + b */
+    if (group->meth->field_decode) {
+        if (!group->meth->field_decode(group, tmp2, group->b, ctx))
+            goto err;
+        if (!BN_mod_add_quick(tmp1, tmp1, tmp2, group->field))
+            goto err;
+    } else {
+        if (!BN_mod_add_quick(tmp1, tmp1, group->b, group->field))
+            goto err;
+    }
+
+    if (!BN_mod_sqrt(y, tmp1, group->field, ctx)) {
+        unsigned long err = ERR_peek_last_error();
+
+        if (ERR_GET_LIB(err) == ERR_LIB_BN
+            && ERR_GET_REASON(err) == BN_R_NOT_A_SQUARE) {
+            ERR_clear_error();
+            ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES,
+                  EC_R_INVALID_COMPRESSED_POINT);
+        } else
+            ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES,
+                  ERR_R_BN_LIB);
+        goto err;
+    }
+
+    if (y_bit != BN_is_odd(y)) {
+        if (BN_is_zero(y)) {
+            int kron;
+
+            kron = BN_kronecker(x, group->field, ctx);
+            if (kron == -2)
+                goto err;
+
+            if (kron == 1)
+                ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES,
+                      EC_R_INVALID_COMPRESSION_BIT);
+            else
+                /*
+                 * BN_mod_sqrt() should have caught this error (not a square)
+                 */
+                ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES,
+                      EC_R_INVALID_COMPRESSED_POINT);
+            goto err;
+        }
+        if (!BN_usub(y, group->field, y))
+            goto err;
+    }
+    if (y_bit != BN_is_odd(y)) {
+        ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES,
+              ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx))
+        goto err;
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+size_t ec_GFp_simple_point2oct(const EC_GROUP *group, const EC_POINT *point,
+                               point_conversion_form_t form,
+                               unsigned char *buf, size_t len, BN_CTX *ctx)
+{
+    size_t ret;
+    BN_CTX *new_ctx = NULL;
+    int used_ctx = 0;
+    BIGNUM *x, *y;
+    size_t field_len, i, skip;
+
+    if ((form != POINT_CONVERSION_COMPRESSED)
+        && (form != POINT_CONVERSION_UNCOMPRESSED)
+        && (form != POINT_CONVERSION_HYBRID)) {
+        ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_INVALID_FORM);
+        goto err;
+    }
+
+    if (EC_POINT_is_at_infinity(group, point)) {
+        /* encodes to a single 0 octet */
+        if (buf != NULL) {
+            if (len < 1) {
+                ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
+                return 0;
+            }
+            buf[0] = 0;
+        }
+        return 1;
+    }
+
+    /* ret := required output buffer length */
+    field_len = BN_num_bytes(group->field);
+    ret =
+        (form ==
+         POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len;
+
+    /* if 'buf' is NULL, just return required length */
+    if (buf != NULL) {
+        if (len < ret) {
+            ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
+            goto err;
+        }
+
+        if (ctx == NULL) {
+            ctx = new_ctx = BN_CTX_new();
+            if (ctx == NULL)
+                return 0;
+        }
+
+        BN_CTX_start(ctx);
+        used_ctx = 1;
+        x = BN_CTX_get(ctx);
+        y = BN_CTX_get(ctx);
+        if (y == NULL)
+            goto err;
+
+        if (!EC_POINT_get_affine_coordinates(group, point, x, y, ctx))
+            goto err;
+
+        if ((form == POINT_CONVERSION_COMPRESSED
+             || form == POINT_CONVERSION_HYBRID) && BN_is_odd(y))
+            buf[0] = form + 1;
+        else
+            buf[0] = form;
+
+        i = 1;
+
+        skip = field_len - BN_num_bytes(x);
+        if (skip > field_len) {
+            ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        while (skip > 0) {
+            buf[i++] = 0;
+            skip--;
+        }
+        skip = BN_bn2bin(x, buf + i);
+        i += skip;
+        if (i != 1 + field_len) {
+            ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        if (form == POINT_CONVERSION_UNCOMPRESSED
+            || form == POINT_CONVERSION_HYBRID) {
+            skip = field_len - BN_num_bytes(y);
+            if (skip > field_len) {
+                ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            while (skip > 0) {
+                buf[i++] = 0;
+                skip--;
+            }
+            skip = BN_bn2bin(y, buf + i);
+            i += skip;
+        }
+
+        if (i != ret) {
+            ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+    }
+
+    if (used_ctx)
+        BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+
+ err:
+    if (used_ctx)
+        BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return 0;
+}
+
+int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
+                            const unsigned char *buf, size_t len, BN_CTX *ctx)
+{
+    point_conversion_form_t form;
+    int y_bit;
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *x, *y;
+    size_t field_len, enc_len;
+    int ret = 0;
+
+    if (len == 0) {
+        ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL);
+        return 0;
+    }
+    form = buf[0];
+    y_bit = form & 1;
+    form = form & ~1U;
+    if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED)
+        && (form != POINT_CONVERSION_UNCOMPRESSED)
+        && (form != POINT_CONVERSION_HYBRID)) {
+        ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+        return 0;
+    }
+    if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit) {
+        ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+        return 0;
+    }
+
+    if (form == 0) {
+        if (len != 1) {
+            ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+            return 0;
+        }
+
+        return EC_POINT_set_to_infinity(group, point);
+    }
+
+    field_len = BN_num_bytes(group->field);
+    enc_len =
+        (form ==
+         POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len;
+
+    if (len != enc_len) {
+        ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+        return 0;
+    }
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    BN_CTX_start(ctx);
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    if (y == NULL)
+        goto err;
+
+    if (!BN_bin2bn(buf + 1, field_len, x))
+        goto err;
+    if (BN_ucmp(x, group->field) >= 0) {
+        ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+        goto err;
+    }
+
+    if (form == POINT_CONVERSION_COMPRESSED) {
+        if (!EC_POINT_set_compressed_coordinates(group, point, x, y_bit, ctx))
+            goto err;
+    } else {
+        if (!BN_bin2bn(buf + 1 + field_len, field_len, y))
+            goto err;
+        if (BN_ucmp(y, group->field) >= 0) {
+            ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+            goto err;
+        }
+        if (form == POINT_CONVERSION_HYBRID) {
+            if (y_bit != BN_is_odd(y)) {
+                ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+                goto err;
+            }
+        }
+
+        /*
+         * EC_POINT_set_affine_coordinates is responsible for checking that
+         * the point is on the curve.
+         */
+        if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx))
+            goto err;
+    }
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_smpl.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_smpl.c
new file mode 100644
index 000000000..f6a6cedb0
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_smpl.c
@@ -0,0 +1,1689 @@
+/*
+ * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/symhacks.h>
+
+#include "ec_lcl.h"
+
+const EC_METHOD *EC_GFp_simple_method(void)
+{
+    static const EC_METHOD ret = {
+        EC_FLAGS_DEFAULT_OCT,
+        NID_X9_62_prime_field,
+        ec_GFp_simple_group_init,
+        ec_GFp_simple_group_finish,
+        ec_GFp_simple_group_clear_finish,
+        ec_GFp_simple_group_copy,
+        ec_GFp_simple_group_set_curve,
+        ec_GFp_simple_group_get_curve,
+        ec_GFp_simple_group_get_degree,
+        ec_group_simple_order_bits,
+        ec_GFp_simple_group_check_discriminant,
+        ec_GFp_simple_point_init,
+        ec_GFp_simple_point_finish,
+        ec_GFp_simple_point_clear_finish,
+        ec_GFp_simple_point_copy,
+        ec_GFp_simple_point_set_to_infinity,
+        ec_GFp_simple_set_Jprojective_coordinates_GFp,
+        ec_GFp_simple_get_Jprojective_coordinates_GFp,
+        ec_GFp_simple_point_set_affine_coordinates,
+        ec_GFp_simple_point_get_affine_coordinates,
+        0, 0, 0,
+        ec_GFp_simple_add,
+        ec_GFp_simple_dbl,
+        ec_GFp_simple_invert,
+        ec_GFp_simple_is_at_infinity,
+        ec_GFp_simple_is_on_curve,
+        ec_GFp_simple_cmp,
+        ec_GFp_simple_make_affine,
+        ec_GFp_simple_points_make_affine,
+        0 /* mul */ ,
+        0 /* precompute_mult */ ,
+        0 /* have_precompute_mult */ ,
+        ec_GFp_simple_field_mul,
+        ec_GFp_simple_field_sqr,
+        0 /* field_div */ ,
+        ec_GFp_simple_field_inv,
+        0 /* field_encode */ ,
+        0 /* field_decode */ ,
+        0,                      /* field_set_to_one */
+        ec_key_simple_priv2oct,
+        ec_key_simple_oct2priv,
+        0, /* set private */
+        ec_key_simple_generate_key,
+        ec_key_simple_check_key,
+        ec_key_simple_generate_public_key,
+        0, /* keycopy */
+        0, /* keyfinish */
+        ecdh_simple_compute_key,
+        0, /* field_inverse_mod_ord */
+        ec_GFp_simple_blind_coordinates,
+        ec_GFp_simple_ladder_pre,
+        ec_GFp_simple_ladder_step,
+        ec_GFp_simple_ladder_post
+    };
+
+    return &ret;
+}
+
+/*
+ * Most method functions in this file are designed to work with
+ * non-trivial representations of field elements if necessary
+ * (see ecp_mont.c): while standard modular addition and subtraction
+ * are used, the field_mul and field_sqr methods will be used for
+ * multiplication, and field_encode and field_decode (if defined)
+ * will be used for converting between representations.
+ *
+ * Functions ec_GFp_simple_points_make_affine() and
+ * ec_GFp_simple_point_get_affine_coordinates() specifically assume
+ * that if a non-trivial representation is used, it is a Montgomery
+ * representation (i.e. 'encoding' means multiplying by some factor R).
+ */
+
+int ec_GFp_simple_group_init(EC_GROUP *group)
+{
+    group->field = BN_new();
+    group->a = BN_new();
+    group->b = BN_new();
+    if (group->field == NULL || group->a == NULL || group->b == NULL) {
+        BN_free(group->field);
+        BN_free(group->a);
+        BN_free(group->b);
+        return 0;
+    }
+    group->a_is_minus3 = 0;
+    return 1;
+}
+
+void ec_GFp_simple_group_finish(EC_GROUP *group)
+{
+    BN_free(group->field);
+    BN_free(group->a);
+    BN_free(group->b);
+}
+
+void ec_GFp_simple_group_clear_finish(EC_GROUP *group)
+{
+    BN_clear_free(group->field);
+    BN_clear_free(group->a);
+    BN_clear_free(group->b);
+}
+
+int ec_GFp_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src)
+{
+    if (!BN_copy(dest->field, src->field))
+        return 0;
+    if (!BN_copy(dest->a, src->a))
+        return 0;
+    if (!BN_copy(dest->b, src->b))
+        return 0;
+
+    dest->a_is_minus3 = src->a_is_minus3;
+
+    return 1;
+}
+
+int ec_GFp_simple_group_set_curve(EC_GROUP *group,
+                                  const BIGNUM *p, const BIGNUM *a,
+                                  const BIGNUM *b, BN_CTX *ctx)
+{
+    int ret = 0;
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *tmp_a;
+
+    /* p must be a prime > 3 */
+    if (BN_num_bits(p) <= 2 || !BN_is_odd(p)) {
+        ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_INVALID_FIELD);
+        return 0;
+    }
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    BN_CTX_start(ctx);
+    tmp_a = BN_CTX_get(ctx);
+    if (tmp_a == NULL)
+        goto err;
+
+    /* group->field */
+    if (!BN_copy(group->field, p))
+        goto err;
+    BN_set_negative(group->field, 0);
+
+    /* group->a */
+    if (!BN_nnmod(tmp_a, a, p, ctx))
+        goto err;
+    if (group->meth->field_encode) {
+        if (!group->meth->field_encode(group, group->a, tmp_a, ctx))
+            goto err;
+    } else if (!BN_copy(group->a, tmp_a))
+        goto err;
+
+    /* group->b */
+    if (!BN_nnmod(group->b, b, p, ctx))
+        goto err;
+    if (group->meth->field_encode)
+        if (!group->meth->field_encode(group, group->b, group->b, ctx))
+            goto err;
+
+    /* group->a_is_minus3 */
+    if (!BN_add_word(tmp_a, 3))
+        goto err;
+    group->a_is_minus3 = (0 == BN_cmp(tmp_a, group->field));
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+int ec_GFp_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a,
+                                  BIGNUM *b, BN_CTX *ctx)
+{
+    int ret = 0;
+    BN_CTX *new_ctx = NULL;
+
+    if (p != NULL) {
+        if (!BN_copy(p, group->field))
+            return 0;
+    }
+
+    if (a != NULL || b != NULL) {
+        if (group->meth->field_decode) {
+            if (ctx == NULL) {
+                ctx = new_ctx = BN_CTX_new();
+                if (ctx == NULL)
+                    return 0;
+            }
+            if (a != NULL) {
+                if (!group->meth->field_decode(group, a, group->a, ctx))
+                    goto err;
+            }
+            if (b != NULL) {
+                if (!group->meth->field_decode(group, b, group->b, ctx))
+                    goto err;
+            }
+        } else {
+            if (a != NULL) {
+                if (!BN_copy(a, group->a))
+                    goto err;
+            }
+            if (b != NULL) {
+                if (!BN_copy(b, group->b))
+                    goto err;
+            }
+        }
+    }
+
+    ret = 1;
+
+ err:
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+int ec_GFp_simple_group_get_degree(const EC_GROUP *group)
+{
+    return BN_num_bits(group->field);
+}
+
+int ec_GFp_simple_group_check_discriminant(const EC_GROUP *group, BN_CTX *ctx)
+{
+    int ret = 0;
+    BIGNUM *a, *b, *order, *tmp_1, *tmp_2;
+    const BIGNUM *p = group->field;
+    BN_CTX *new_ctx = NULL;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL) {
+            ECerr(EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT,
+                  ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+    BN_CTX_start(ctx);
+    a = BN_CTX_get(ctx);
+    b = BN_CTX_get(ctx);
+    tmp_1 = BN_CTX_get(ctx);
+    tmp_2 = BN_CTX_get(ctx);
+    order = BN_CTX_get(ctx);
+    if (order == NULL)
+        goto err;
+
+    if (group->meth->field_decode) {
+        if (!group->meth->field_decode(group, a, group->a, ctx))
+            goto err;
+        if (!group->meth->field_decode(group, b, group->b, ctx))
+            goto err;
+    } else {
+        if (!BN_copy(a, group->a))
+            goto err;
+        if (!BN_copy(b, group->b))
+            goto err;
+    }
+
+    /*-
+     * check the discriminant:
+     * y^2 = x^3 + a*x + b is an elliptic curve <=> 4*a^3 + 27*b^2 != 0 (mod p)
+     * 0 =< a, b < p
+     */
+    if (BN_is_zero(a)) {
+        if (BN_is_zero(b))
+            goto err;
+    } else if (!BN_is_zero(b)) {
+        if (!BN_mod_sqr(tmp_1, a, p, ctx))
+            goto err;
+        if (!BN_mod_mul(tmp_2, tmp_1, a, p, ctx))
+            goto err;
+        if (!BN_lshift(tmp_1, tmp_2, 2))
+            goto err;
+        /* tmp_1 = 4*a^3 */
+
+        if (!BN_mod_sqr(tmp_2, b, p, ctx))
+            goto err;
+        if (!BN_mul_word(tmp_2, 27))
+            goto err;
+        /* tmp_2 = 27*b^2 */
+
+        if (!BN_mod_add(a, tmp_1, tmp_2, p, ctx))
+            goto err;
+        if (BN_is_zero(a))
+            goto err;
+    }
+    ret = 1;
+
+ err:
+    if (ctx != NULL)
+        BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+int ec_GFp_simple_point_init(EC_POINT *point)
+{
+    point->X = BN_new();
+    point->Y = BN_new();
+    point->Z = BN_new();
+    point->Z_is_one = 0;
+
+    if (point->X == NULL || point->Y == NULL || point->Z == NULL) {
+        BN_free(point->X);
+        BN_free(point->Y);
+        BN_free(point->Z);
+        return 0;
+    }
+    return 1;
+}
+
+void ec_GFp_simple_point_finish(EC_POINT *point)
+{
+    BN_free(point->X);
+    BN_free(point->Y);
+    BN_free(point->Z);
+}
+
+void ec_GFp_simple_point_clear_finish(EC_POINT *point)
+{
+    BN_clear_free(point->X);
+    BN_clear_free(point->Y);
+    BN_clear_free(point->Z);
+    point->Z_is_one = 0;
+}
+
+int ec_GFp_simple_point_copy(EC_POINT *dest, const EC_POINT *src)
+{
+    if (!BN_copy(dest->X, src->X))
+        return 0;
+    if (!BN_copy(dest->Y, src->Y))
+        return 0;
+    if (!BN_copy(dest->Z, src->Z))
+        return 0;
+    dest->Z_is_one = src->Z_is_one;
+    dest->curve_name = src->curve_name;
+
+    return 1;
+}
+
+int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *group,
+                                        EC_POINT *point)
+{
+    point->Z_is_one = 0;
+    BN_zero(point->Z);
+    return 1;
+}
+
+int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *group,
+                                                  EC_POINT *point,
+                                                  const BIGNUM *x,
+                                                  const BIGNUM *y,
+                                                  const BIGNUM *z,
+                                                  BN_CTX *ctx)
+{
+    BN_CTX *new_ctx = NULL;
+    int ret = 0;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    if (x != NULL) {
+        if (!BN_nnmod(point->X, x, group->field, ctx))
+            goto err;
+        if (group->meth->field_encode) {
+            if (!group->meth->field_encode(group, point->X, point->X, ctx))
+                goto err;
+        }
+    }
+
+    if (y != NULL) {
+        if (!BN_nnmod(point->Y, y, group->field, ctx))
+            goto err;
+        if (group->meth->field_encode) {
+            if (!group->meth->field_encode(group, point->Y, point->Y, ctx))
+                goto err;
+        }
+    }
+
+    if (z != NULL) {
+        int Z_is_one;
+
+        if (!BN_nnmod(point->Z, z, group->field, ctx))
+            goto err;
+        Z_is_one = BN_is_one(point->Z);
+        if (group->meth->field_encode) {
+            if (Z_is_one && (group->meth->field_set_to_one != 0)) {
+                if (!group->meth->field_set_to_one(group, point->Z, ctx))
+                    goto err;
+            } else {
+                if (!group->
+                    meth->field_encode(group, point->Z, point->Z, ctx))
+                    goto err;
+            }
+        }
+        point->Z_is_one = Z_is_one;
+    }
+
+    ret = 1;
+
+ err:
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
+                                                  const EC_POINT *point,
+                                                  BIGNUM *x, BIGNUM *y,
+                                                  BIGNUM *z, BN_CTX *ctx)
+{
+    BN_CTX *new_ctx = NULL;
+    int ret = 0;
+
+    if (group->meth->field_decode != 0) {
+        if (ctx == NULL) {
+            ctx = new_ctx = BN_CTX_new();
+            if (ctx == NULL)
+                return 0;
+        }
+
+        if (x != NULL) {
+            if (!group->meth->field_decode(group, x, point->X, ctx))
+                goto err;
+        }
+        if (y != NULL) {
+            if (!group->meth->field_decode(group, y, point->Y, ctx))
+                goto err;
+        }
+        if (z != NULL) {
+            if (!group->meth->field_decode(group, z, point->Z, ctx))
+                goto err;
+        }
+    } else {
+        if (x != NULL) {
+            if (!BN_copy(x, point->X))
+                goto err;
+        }
+        if (y != NULL) {
+            if (!BN_copy(y, point->Y))
+                goto err;
+        }
+        if (z != NULL) {
+            if (!BN_copy(z, point->Z))
+                goto err;
+        }
+    }
+
+    ret = 1;
+
+ err:
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+int ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *group,
+                                               EC_POINT *point,
+                                               const BIGNUM *x,
+                                               const BIGNUM *y, BN_CTX *ctx)
+{
+    if (x == NULL || y == NULL) {
+        /*
+         * unlike for projective coordinates, we do not tolerate this
+         */
+        ECerr(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES,
+              ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
+    return EC_POINT_set_Jprojective_coordinates_GFp(group, point, x, y,
+                                                    BN_value_one(), ctx);
+}
+
+int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group,
+                                               const EC_POINT *point,
+                                               BIGNUM *x, BIGNUM *y,
+                                               BN_CTX *ctx)
+{
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *Z, *Z_1, *Z_2, *Z_3;
+    const BIGNUM *Z_;
+    int ret = 0;
+
+    if (EC_POINT_is_at_infinity(group, point)) {
+        ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES,
+              EC_R_POINT_AT_INFINITY);
+        return 0;
+    }
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    BN_CTX_start(ctx);
+    Z = BN_CTX_get(ctx);
+    Z_1 = BN_CTX_get(ctx);
+    Z_2 = BN_CTX_get(ctx);
+    Z_3 = BN_CTX_get(ctx);
+    if (Z_3 == NULL)
+        goto err;
+
+    /* transform  (X, Y, Z)  into  (x, y) := (X/Z^2, Y/Z^3) */
+
+    if (group->meth->field_decode) {
+        if (!group->meth->field_decode(group, Z, point->Z, ctx))
+            goto err;
+        Z_ = Z;
+    } else {
+        Z_ = point->Z;
+    }
+
+    if (BN_is_one(Z_)) {
+        if (group->meth->field_decode) {
+            if (x != NULL) {
+                if (!group->meth->field_decode(group, x, point->X, ctx))
+                    goto err;
+            }
+            if (y != NULL) {
+                if (!group->meth->field_decode(group, y, point->Y, ctx))
+                    goto err;
+            }
+        } else {
+            if (x != NULL) {
+                if (!BN_copy(x, point->X))
+                    goto err;
+            }
+            if (y != NULL) {
+                if (!BN_copy(y, point->Y))
+                    goto err;
+            }
+        }
+    } else {
+        if (!group->meth->field_inv(group, Z_1, Z_, ctx)) {
+            ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES,
+                  ERR_R_BN_LIB);
+            goto err;
+        }
+
+        if (group->meth->field_encode == 0) {
+            /* field_sqr works on standard representation */
+            if (!group->meth->field_sqr(group, Z_2, Z_1, ctx))
+                goto err;
+        } else {
+            if (!BN_mod_sqr(Z_2, Z_1, group->field, ctx))
+                goto err;
+        }
+
+        if (x != NULL) {
+            /*
+             * in the Montgomery case, field_mul will cancel out Montgomery
+             * factor in X:
+             */
+            if (!group->meth->field_mul(group, x, point->X, Z_2, ctx))
+                goto err;
+        }
+
+        if (y != NULL) {
+            if (group->meth->field_encode == 0) {
+                /*
+                 * field_mul works on standard representation
+                 */
+                if (!group->meth->field_mul(group, Z_3, Z_2, Z_1, ctx))
+                    goto err;
+            } else {
+                if (!BN_mod_mul(Z_3, Z_2, Z_1, group->field, ctx))
+                    goto err;
+            }
+
+            /*
+             * in the Montgomery case, field_mul will cancel out Montgomery
+             * factor in Y:
+             */
+            if (!group->meth->field_mul(group, y, point->Y, Z_3, ctx))
+                goto err;
+        }
+    }
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+int ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
+                      const EC_POINT *b, BN_CTX *ctx)
+{
+    int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *,
+                      const BIGNUM *, BN_CTX *);
+    int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
+    const BIGNUM *p;
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *n0, *n1, *n2, *n3, *n4, *n5, *n6;
+    int ret = 0;
+
+    if (a == b)
+        return EC_POINT_dbl(group, r, a, ctx);
+    if (EC_POINT_is_at_infinity(group, a))
+        return EC_POINT_copy(r, b);
+    if (EC_POINT_is_at_infinity(group, b))
+        return EC_POINT_copy(r, a);
+
+    field_mul = group->meth->field_mul;
+    field_sqr = group->meth->field_sqr;
+    p = group->field;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    BN_CTX_start(ctx);
+    n0 = BN_CTX_get(ctx);
+    n1 = BN_CTX_get(ctx);
+    n2 = BN_CTX_get(ctx);
+    n3 = BN_CTX_get(ctx);
+    n4 = BN_CTX_get(ctx);
+    n5 = BN_CTX_get(ctx);
+    n6 = BN_CTX_get(ctx);
+    if (n6 == NULL)
+        goto end;
+
+    /*
+     * Note that in this function we must not read components of 'a' or 'b'
+     * once we have written the corresponding components of 'r'. ('r' might
+     * be one of 'a' or 'b'.)
+     */
+
+    /* n1, n2 */
+    if (b->Z_is_one) {
+        if (!BN_copy(n1, a->X))
+            goto end;
+        if (!BN_copy(n2, a->Y))
+            goto end;
+        /* n1 = X_a */
+        /* n2 = Y_a */
+    } else {
+        if (!field_sqr(group, n0, b->Z, ctx))
+            goto end;
+        if (!field_mul(group, n1, a->X, n0, ctx))
+            goto end;
+        /* n1 = X_a * Z_b^2 */
+
+        if (!field_mul(group, n0, n0, b->Z, ctx))
+            goto end;
+        if (!field_mul(group, n2, a->Y, n0, ctx))
+            goto end;
+        /* n2 = Y_a * Z_b^3 */
+    }
+
+    /* n3, n4 */
+    if (a->Z_is_one) {
+        if (!BN_copy(n3, b->X))
+            goto end;
+        if (!BN_copy(n4, b->Y))
+            goto end;
+        /* n3 = X_b */
+        /* n4 = Y_b */
+    } else {
+        if (!field_sqr(group, n0, a->Z, ctx))
+            goto end;
+        if (!field_mul(group, n3, b->X, n0, ctx))
+            goto end;
+        /* n3 = X_b * Z_a^2 */
+
+        if (!field_mul(group, n0, n0, a->Z, ctx))
+            goto end;
+        if (!field_mul(group, n4, b->Y, n0, ctx))
+            goto end;
+        /* n4 = Y_b * Z_a^3 */
+    }
+
+    /* n5, n6 */
+    if (!BN_mod_sub_quick(n5, n1, n3, p))
+        goto end;
+    if (!BN_mod_sub_quick(n6, n2, n4, p))
+        goto end;
+    /* n5 = n1 - n3 */
+    /* n6 = n2 - n4 */
+
+    if (BN_is_zero(n5)) {
+        if (BN_is_zero(n6)) {
+            /* a is the same point as b */
+            BN_CTX_end(ctx);
+            ret = EC_POINT_dbl(group, r, a, ctx);
+            ctx = NULL;
+            goto end;
+        } else {
+            /* a is the inverse of b */
+            BN_zero(r->Z);
+            r->Z_is_one = 0;
+            ret = 1;
+            goto end;
+        }
+    }
+
+    /* 'n7', 'n8' */
+    if (!BN_mod_add_quick(n1, n1, n3, p))
+        goto end;
+    if (!BN_mod_add_quick(n2, n2, n4, p))
+        goto end;
+    /* 'n7' = n1 + n3 */
+    /* 'n8' = n2 + n4 */
+
+    /* Z_r */
+    if (a->Z_is_one && b->Z_is_one) {
+        if (!BN_copy(r->Z, n5))
+            goto end;
+    } else {
+        if (a->Z_is_one) {
+            if (!BN_copy(n0, b->Z))
+                goto end;
+        } else if (b->Z_is_one) {
+            if (!BN_copy(n0, a->Z))
+                goto end;
+        } else {
+            if (!field_mul(group, n0, a->Z, b->Z, ctx))
+                goto end;
+        }
+        if (!field_mul(group, r->Z, n0, n5, ctx))
+            goto end;
+    }
+    r->Z_is_one = 0;
+    /* Z_r = Z_a * Z_b * n5 */
+
+    /* X_r */
+    if (!field_sqr(group, n0, n6, ctx))
+        goto end;
+    if (!field_sqr(group, n4, n5, ctx))
+        goto end;
+    if (!field_mul(group, n3, n1, n4, ctx))
+        goto end;
+    if (!BN_mod_sub_quick(r->X, n0, n3, p))
+        goto end;
+    /* X_r = n6^2 - n5^2 * 'n7' */
+
+    /* 'n9' */
+    if (!BN_mod_lshift1_quick(n0, r->X, p))
+        goto end;
+    if (!BN_mod_sub_quick(n0, n3, n0, p))
+        goto end;
+    /* n9 = n5^2 * 'n7' - 2 * X_r */
+
+    /* Y_r */
+    if (!field_mul(group, n0, n0, n6, ctx))
+        goto end;
+    if (!field_mul(group, n5, n4, n5, ctx))
+        goto end;               /* now n5 is n5^3 */
+    if (!field_mul(group, n1, n2, n5, ctx))
+        goto end;
+    if (!BN_mod_sub_quick(n0, n0, n1, p))
+        goto end;
+    if (BN_is_odd(n0))
+        if (!BN_add(n0, n0, p))
+            goto end;
+    /* now  0 <= n0 < 2*p,  and n0 is even */
+    if (!BN_rshift1(r->Y, n0))
+        goto end;
+    /* Y_r = (n6 * 'n9' - 'n8' * 'n5^3') / 2 */
+
+    ret = 1;
+
+ end:
+    if (ctx)                    /* otherwise we already called BN_CTX_end */
+        BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+int ec_GFp_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
+                      BN_CTX *ctx)
+{
+    int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *,
+                      const BIGNUM *, BN_CTX *);
+    int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
+    const BIGNUM *p;
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *n0, *n1, *n2, *n3;
+    int ret = 0;
+
+    if (EC_POINT_is_at_infinity(group, a)) {
+        BN_zero(r->Z);
+        r->Z_is_one = 0;
+        return 1;
+    }
+
+    field_mul = group->meth->field_mul;
+    field_sqr = group->meth->field_sqr;
+    p = group->field;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    BN_CTX_start(ctx);
+    n0 = BN_CTX_get(ctx);
+    n1 = BN_CTX_get(ctx);
+    n2 = BN_CTX_get(ctx);
+    n3 = BN_CTX_get(ctx);
+    if (n3 == NULL)
+        goto err;
+
+    /*
+     * Note that in this function we must not read components of 'a' once we
+     * have written the corresponding components of 'r'. ('r' might the same
+     * as 'a'.)
+     */
+
+    /* n1 */
+    if (a->Z_is_one) {
+        if (!field_sqr(group, n0, a->X, ctx))
+            goto err;
+        if (!BN_mod_lshift1_quick(n1, n0, p))
+            goto err;
+        if (!BN_mod_add_quick(n0, n0, n1, p))
+            goto err;
+        if (!BN_mod_add_quick(n1, n0, group->a, p))
+            goto err;
+        /* n1 = 3 * X_a^2 + a_curve */
+    } else if (group->a_is_minus3) {
+        if (!field_sqr(group, n1, a->Z, ctx))
+            goto err;
+        if (!BN_mod_add_quick(n0, a->X, n1, p))
+            goto err;
+        if (!BN_mod_sub_quick(n2, a->X, n1, p))
+            goto err;
+        if (!field_mul(group, n1, n0, n2, ctx))
+            goto err;
+        if (!BN_mod_lshift1_quick(n0, n1, p))
+            goto err;
+        if (!BN_mod_add_quick(n1, n0, n1, p))
+            goto err;
+        /*-
+         * n1 = 3 * (X_a + Z_a^2) * (X_a - Z_a^2)
+         *    = 3 * X_a^2 - 3 * Z_a^4
+         */
+    } else {
+        if (!field_sqr(group, n0, a->X, ctx))
+            goto err;
+        if (!BN_mod_lshift1_quick(n1, n0, p))
+            goto err;
+        if (!BN_mod_add_quick(n0, n0, n1, p))
+            goto err;
+        if (!field_sqr(group, n1, a->Z, ctx))
+            goto err;
+        if (!field_sqr(group, n1, n1, ctx))
+            goto err;
+        if (!field_mul(group, n1, n1, group->a, ctx))
+            goto err;
+        if (!BN_mod_add_quick(n1, n1, n0, p))
+            goto err;
+        /* n1 = 3 * X_a^2 + a_curve * Z_a^4 */
+    }
+
+    /* Z_r */
+    if (a->Z_is_one) {
+        if (!BN_copy(n0, a->Y))
+            goto err;
+    } else {
+        if (!field_mul(group, n0, a->Y, a->Z, ctx))
+            goto err;
+    }
+    if (!BN_mod_lshift1_quick(r->Z, n0, p))
+        goto err;
+    r->Z_is_one = 0;
+    /* Z_r = 2 * Y_a * Z_a */
+
+    /* n2 */
+    if (!field_sqr(group, n3, a->Y, ctx))
+        goto err;
+    if (!field_mul(group, n2, a->X, n3, ctx))
+        goto err;
+    if (!BN_mod_lshift_quick(n2, n2, 2, p))
+        goto err;
+    /* n2 = 4 * X_a * Y_a^2 */
+
+    /* X_r */
+    if (!BN_mod_lshift1_quick(n0, n2, p))
+        goto err;
+    if (!field_sqr(group, r->X, n1, ctx))
+        goto err;
+    if (!BN_mod_sub_quick(r->X, r->X, n0, p))
+        goto err;
+    /* X_r = n1^2 - 2 * n2 */
+
+    /* n3 */
+    if (!field_sqr(group, n0, n3, ctx))
+        goto err;
+    if (!BN_mod_lshift_quick(n3, n0, 3, p))
+        goto err;
+    /* n3 = 8 * Y_a^4 */
+
+    /* Y_r */
+    if (!BN_mod_sub_quick(n0, n2, r->X, p))
+        goto err;
+    if (!field_mul(group, n0, n1, n0, ctx))
+        goto err;
+    if (!BN_mod_sub_quick(r->Y, n0, n3, p))
+        goto err;
+    /* Y_r = n1 * (n2 - X_r) - n3 */
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+int ec_GFp_simple_invert(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
+{
+    if (EC_POINT_is_at_infinity(group, point) || BN_is_zero(point->Y))
+        /* point is its own inverse */
+        return 1;
+
+    return BN_usub(point->Y, group->field, point->Y);
+}
+
+int ec_GFp_simple_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
+{
+    return BN_is_zero(point->Z);
+}
+
+int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
+                              BN_CTX *ctx)
+{
+    int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *,
+                      const BIGNUM *, BN_CTX *);
+    int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
+    const BIGNUM *p;
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *rh, *tmp, *Z4, *Z6;
+    int ret = -1;
+
+    if (EC_POINT_is_at_infinity(group, point))
+        return 1;
+
+    field_mul = group->meth->field_mul;
+    field_sqr = group->meth->field_sqr;
+    p = group->field;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return -1;
+    }
+
+    BN_CTX_start(ctx);
+    rh = BN_CTX_get(ctx);
+    tmp = BN_CTX_get(ctx);
+    Z4 = BN_CTX_get(ctx);
+    Z6 = BN_CTX_get(ctx);
+    if (Z6 == NULL)
+        goto err;
+
+    /*-
+     * We have a curve defined by a Weierstrass equation
+     *      y^2 = x^3 + a*x + b.
+     * The point to consider is given in Jacobian projective coordinates
+     * where  (X, Y, Z)  represents  (x, y) = (X/Z^2, Y/Z^3).
+     * Substituting this and multiplying by  Z^6  transforms the above equation into
+     *      Y^2 = X^3 + a*X*Z^4 + b*Z^6.
+     * To test this, we add up the right-hand side in 'rh'.
+     */
+
+    /* rh := X^2 */
+    if (!field_sqr(group, rh, point->X, ctx))
+        goto err;
+
+    if (!point->Z_is_one) {
+        if (!field_sqr(group, tmp, point->Z, ctx))
+            goto err;
+        if (!field_sqr(group, Z4, tmp, ctx))
+            goto err;
+        if (!field_mul(group, Z6, Z4, tmp, ctx))
+            goto err;
+
+        /* rh := (rh + a*Z^4)*X */
+        if (group->a_is_minus3) {
+            if (!BN_mod_lshift1_quick(tmp, Z4, p))
+                goto err;
+            if (!BN_mod_add_quick(tmp, tmp, Z4, p))
+                goto err;
+            if (!BN_mod_sub_quick(rh, rh, tmp, p))
+                goto err;
+            if (!field_mul(group, rh, rh, point->X, ctx))
+                goto err;
+        } else {
+            if (!field_mul(group, tmp, Z4, group->a, ctx))
+                goto err;
+            if (!BN_mod_add_quick(rh, rh, tmp, p))
+                goto err;
+            if (!field_mul(group, rh, rh, point->X, ctx))
+                goto err;
+        }
+
+        /* rh := rh + b*Z^6 */
+        if (!field_mul(group, tmp, group->b, Z6, ctx))
+            goto err;
+        if (!BN_mod_add_quick(rh, rh, tmp, p))
+            goto err;
+    } else {
+        /* point->Z_is_one */
+
+        /* rh := (rh + a)*X */
+        if (!BN_mod_add_quick(rh, rh, group->a, p))
+            goto err;
+        if (!field_mul(group, rh, rh, point->X, ctx))
+            goto err;
+        /* rh := rh + b */
+        if (!BN_mod_add_quick(rh, rh, group->b, p))
+            goto err;
+    }
+
+    /* 'lh' := Y^2 */
+    if (!field_sqr(group, tmp, point->Y, ctx))
+        goto err;
+
+    ret = (0 == BN_ucmp(tmp, rh));
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a,
+                      const EC_POINT *b, BN_CTX *ctx)
+{
+    /*-
+     * return values:
+     *  -1   error
+     *   0   equal (in affine coordinates)
+     *   1   not equal
+     */
+
+    int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *,
+                      const BIGNUM *, BN_CTX *);
+    int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *tmp1, *tmp2, *Za23, *Zb23;
+    const BIGNUM *tmp1_, *tmp2_;
+    int ret = -1;
+
+    if (EC_POINT_is_at_infinity(group, a)) {
+        return EC_POINT_is_at_infinity(group, b) ? 0 : 1;
+    }
+
+    if (EC_POINT_is_at_infinity(group, b))
+        return 1;
+
+    if (a->Z_is_one && b->Z_is_one) {
+        return ((BN_cmp(a->X, b->X) == 0) && BN_cmp(a->Y, b->Y) == 0) ? 0 : 1;
+    }
+
+    field_mul = group->meth->field_mul;
+    field_sqr = group->meth->field_sqr;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return -1;
+    }
+
+    BN_CTX_start(ctx);
+    tmp1 = BN_CTX_get(ctx);
+    tmp2 = BN_CTX_get(ctx);
+    Za23 = BN_CTX_get(ctx);
+    Zb23 = BN_CTX_get(ctx);
+    if (Zb23 == NULL)
+        goto end;
+
+    /*-
+     * We have to decide whether
+     *     (X_a/Z_a^2, Y_a/Z_a^3) = (X_b/Z_b^2, Y_b/Z_b^3),
+     * or equivalently, whether
+     *     (X_a*Z_b^2, Y_a*Z_b^3) = (X_b*Z_a^2, Y_b*Z_a^3).
+     */
+
+    if (!b->Z_is_one) {
+        if (!field_sqr(group, Zb23, b->Z, ctx))
+            goto end;
+        if (!field_mul(group, tmp1, a->X, Zb23, ctx))
+            goto end;
+        tmp1_ = tmp1;
+    } else
+        tmp1_ = a->X;
+    if (!a->Z_is_one) {
+        if (!field_sqr(group, Za23, a->Z, ctx))
+            goto end;
+        if (!field_mul(group, tmp2, b->X, Za23, ctx))
+            goto end;
+        tmp2_ = tmp2;
+    } else
+        tmp2_ = b->X;
+
+    /* compare  X_a*Z_b^2  with  X_b*Z_a^2 */
+    if (BN_cmp(tmp1_, tmp2_) != 0) {
+        ret = 1;                /* points differ */
+        goto end;
+    }
+
+    if (!b->Z_is_one) {
+        if (!field_mul(group, Zb23, Zb23, b->Z, ctx))
+            goto end;
+        if (!field_mul(group, tmp1, a->Y, Zb23, ctx))
+            goto end;
+        /* tmp1_ = tmp1 */
+    } else
+        tmp1_ = a->Y;
+    if (!a->Z_is_one) {
+        if (!field_mul(group, Za23, Za23, a->Z, ctx))
+            goto end;
+        if (!field_mul(group, tmp2, b->Y, Za23, ctx))
+            goto end;
+        /* tmp2_ = tmp2 */
+    } else
+        tmp2_ = b->Y;
+
+    /* compare  Y_a*Z_b^3  with  Y_b*Z_a^3 */
+    if (BN_cmp(tmp1_, tmp2_) != 0) {
+        ret = 1;                /* points differ */
+        goto end;
+    }
+
+    /* points are equal */
+    ret = 0;
+
+ end:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+int ec_GFp_simple_make_affine(const EC_GROUP *group, EC_POINT *point,
+                              BN_CTX *ctx)
+{
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *x, *y;
+    int ret = 0;
+
+    if (point->Z_is_one || EC_POINT_is_at_infinity(group, point))
+        return 1;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    BN_CTX_start(ctx);
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    if (y == NULL)
+        goto err;
+
+    if (!EC_POINT_get_affine_coordinates(group, point, x, y, ctx))
+        goto err;
+    if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx))
+        goto err;
+    if (!point->Z_is_one) {
+        ECerr(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num,
+                                     EC_POINT *points[], BN_CTX *ctx)
+{
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *tmp, *tmp_Z;
+    BIGNUM **prod_Z = NULL;
+    size_t i;
+    int ret = 0;
+
+    if (num == 0)
+        return 1;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    BN_CTX_start(ctx);
+    tmp = BN_CTX_get(ctx);
+    tmp_Z = BN_CTX_get(ctx);
+    if (tmp_Z == NULL)
+        goto err;
+
+    prod_Z = OPENSSL_malloc(num * sizeof(prod_Z[0]));
+    if (prod_Z == NULL)
+        goto err;
+    for (i = 0; i < num; i++) {
+        prod_Z[i] = BN_new();
+        if (prod_Z[i] == NULL)
+            goto err;
+    }
+
+    /*
+     * Set each prod_Z[i] to the product of points[0]->Z .. points[i]->Z,
+     * skipping any zero-valued inputs (pretend that they're 1).
+     */
+
+    if (!BN_is_zero(points[0]->Z)) {
+        if (!BN_copy(prod_Z[0], points[0]->Z))
+            goto err;
+    } else {
+        if (group->meth->field_set_to_one != 0) {
+            if (!group->meth->field_set_to_one(group, prod_Z[0], ctx))
+                goto err;
+        } else {
+            if (!BN_one(prod_Z[0]))
+                goto err;
+        }
+    }
+
+    for (i = 1; i < num; i++) {
+        if (!BN_is_zero(points[i]->Z)) {
+            if (!group->
+                meth->field_mul(group, prod_Z[i], prod_Z[i - 1], points[i]->Z,
+                                ctx))
+                goto err;
+        } else {
+            if (!BN_copy(prod_Z[i], prod_Z[i - 1]))
+                goto err;
+        }
+    }
+
+    /*
+     * Now use a single explicit inversion to replace every non-zero
+     * points[i]->Z by its inverse.
+     */
+
+    if (!group->meth->field_inv(group, tmp, prod_Z[num - 1], ctx)) {
+        ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB);
+        goto err;
+    }
+    if (group->meth->field_encode != 0) {
+        /*
+         * In the Montgomery case, we just turned R*H (representing H) into
+         * 1/(R*H), but we need R*(1/H) (representing 1/H); i.e. we need to
+         * multiply by the Montgomery factor twice.
+         */
+        if (!group->meth->field_encode(group, tmp, tmp, ctx))
+            goto err;
+        if (!group->meth->field_encode(group, tmp, tmp, ctx))
+            goto err;
+    }
+
+    for (i = num - 1; i > 0; --i) {
+        /*
+         * Loop invariant: tmp is the product of the inverses of points[0]->Z
+         * .. points[i]->Z (zero-valued inputs skipped).
+         */
+        if (!BN_is_zero(points[i]->Z)) {
+            /*
+             * Set tmp_Z to the inverse of points[i]->Z (as product of Z
+             * inverses 0 .. i, Z values 0 .. i - 1).
+             */
+            if (!group->
+                meth->field_mul(group, tmp_Z, prod_Z[i - 1], tmp, ctx))
+                goto err;
+            /*
+             * Update tmp to satisfy the loop invariant for i - 1.
+             */
+            if (!group->meth->field_mul(group, tmp, tmp, points[i]->Z, ctx))
+                goto err;
+            /* Replace points[i]->Z by its inverse. */
+            if (!BN_copy(points[i]->Z, tmp_Z))
+                goto err;
+        }
+    }
+
+    if (!BN_is_zero(points[0]->Z)) {
+        /* Replace points[0]->Z by its inverse. */
+        if (!BN_copy(points[0]->Z, tmp))
+            goto err;
+    }
+
+    /* Finally, fix up the X and Y coordinates for all points. */
+
+    for (i = 0; i < num; i++) {
+        EC_POINT *p = points[i];
+
+        if (!BN_is_zero(p->Z)) {
+            /* turn  (X, Y, 1/Z)  into  (X/Z^2, Y/Z^3, 1) */
+
+            if (!group->meth->field_sqr(group, tmp, p->Z, ctx))
+                goto err;
+            if (!group->meth->field_mul(group, p->X, p->X, tmp, ctx))
+                goto err;
+
+            if (!group->meth->field_mul(group, tmp, tmp, p->Z, ctx))
+                goto err;
+            if (!group->meth->field_mul(group, p->Y, p->Y, tmp, ctx))
+                goto err;
+
+            if (group->meth->field_set_to_one != 0) {
+                if (!group->meth->field_set_to_one(group, p->Z, ctx))
+                    goto err;
+            } else {
+                if (!BN_one(p->Z))
+                    goto err;
+            }
+            p->Z_is_one = 1;
+        }
+    }
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    if (prod_Z != NULL) {
+        for (i = 0; i < num; i++) {
+            if (prod_Z[i] == NULL)
+                break;
+            BN_clear_free(prod_Z[i]);
+        }
+        OPENSSL_free(prod_Z);
+    }
+    return ret;
+}
+
+int ec_GFp_simple_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
+                            const BIGNUM *b, BN_CTX *ctx)
+{
+    return BN_mod_mul(r, a, b, group->field, ctx);
+}
+
+int ec_GFp_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
+                            BN_CTX *ctx)
+{
+    return BN_mod_sqr(r, a, group->field, ctx);
+}
+
+/*-
+ * Computes the multiplicative inverse of a in GF(p), storing the result in r.
+ * If a is zero (or equivalent), you'll get a EC_R_CANNOT_INVERT error.
+ * Since we don't have a Mont structure here, SCA hardening is with blinding.
+ */
+int ec_GFp_simple_field_inv(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
+                            BN_CTX *ctx)
+{
+    BIGNUM *e = NULL;
+    BN_CTX *new_ctx = NULL;
+    int ret = 0;
+
+    if (ctx == NULL && (ctx = new_ctx = BN_CTX_secure_new()) == NULL)
+        return 0;
+
+    BN_CTX_start(ctx);
+    if ((e = BN_CTX_get(ctx)) == NULL)
+        goto err;
+
+    do {
+        if (!BN_priv_rand_range(e, group->field))
+        goto err;
+    } while (BN_is_zero(e));
+
+    /* r := a * e */
+    if (!group->meth->field_mul(group, r, a, e, ctx))
+        goto err;
+    /* r := 1/(a * e) */
+    if (!BN_mod_inverse(r, r, group->field, ctx)) {
+        ECerr(EC_F_EC_GFP_SIMPLE_FIELD_INV, EC_R_CANNOT_INVERT);
+        goto err;
+    }
+    /* r := e/(a * e) = 1/a */
+    if (!group->meth->field_mul(group, r, r, e, ctx))
+        goto err;
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+/*-
+ * Apply randomization of EC point projective coordinates:
+ *
+ *   (X, Y ,Z ) = (lambda^2*X, lambda^3*Y, lambda*Z)
+ *   lambda = [1,group->field)
+ *
+ */
+int ec_GFp_simple_blind_coordinates(const EC_GROUP *group, EC_POINT *p,
+                                    BN_CTX *ctx)
+{
+    int ret = 0;
+    BIGNUM *lambda = NULL;
+    BIGNUM *temp = NULL;
+
+    BN_CTX_start(ctx);
+    lambda = BN_CTX_get(ctx);
+    temp = BN_CTX_get(ctx);
+    if (temp == NULL) {
+        ECerr(EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* make sure lambda is not zero */
+    do {
+        if (!BN_priv_rand_range(lambda, group->field)) {
+            ECerr(EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES, ERR_R_BN_LIB);
+            goto err;
+        }
+    } while (BN_is_zero(lambda));
+
+    /* if field_encode defined convert between representations */
+    if (group->meth->field_encode != NULL
+        && !group->meth->field_encode(group, lambda, lambda, ctx))
+        goto err;
+    if (!group->meth->field_mul(group, p->Z, p->Z, lambda, ctx))
+        goto err;
+    if (!group->meth->field_sqr(group, temp, lambda, ctx))
+        goto err;
+    if (!group->meth->field_mul(group, p->X, p->X, temp, ctx))
+        goto err;
+    if (!group->meth->field_mul(group, temp, temp, lambda, ctx))
+        goto err;
+    if (!group->meth->field_mul(group, p->Y, p->Y, temp, ctx))
+        goto err;
+    p->Z_is_one = 0;
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+/*-
+ * Set s := p, r := 2p.
+ *
+ * For doubling we use Formula 3 from Izu-Takagi "A fast parallel elliptic curve
+ * multiplication resistant against side channel attacks" appendix, as described
+ * at
+ * https://hyperelliptic.org/EFD/g1p/auto-shortw-xz.html#doubling-dbl-2002-it-2
+ *
+ * The input point p will be in randomized Jacobian projective coords:
+ *      x = X/Z**2, y=Y/Z**3
+ *
+ * The output points p, s, and r are converted to standard (homogeneous)
+ * projective coords:
+ *      x = X/Z, y=Y/Z
+ */
+int ec_GFp_simple_ladder_pre(const EC_GROUP *group,
+                             EC_POINT *r, EC_POINT *s,
+                             EC_POINT *p, BN_CTX *ctx)
+{
+    BIGNUM *t1, *t2, *t3, *t4, *t5, *t6 = NULL;
+
+    t1 = r->Z;
+    t2 = r->Y;
+    t3 = s->X;
+    t4 = r->X;
+    t5 = s->Y;
+    t6 = s->Z;
+
+    /* convert p: (X,Y,Z) -> (XZ,Y,Z**3) */
+    if (!group->meth->field_mul(group, p->X, p->X, p->Z, ctx)
+        || !group->meth->field_sqr(group, t1, p->Z, ctx)
+        || !group->meth->field_mul(group, p->Z, p->Z, t1, ctx)
+        /* r := 2p */
+        || !group->meth->field_sqr(group, t2, p->X, ctx)
+        || !group->meth->field_sqr(group, t3, p->Z, ctx)
+        || !group->meth->field_mul(group, t4, t3, group->a, ctx)
+        || !BN_mod_sub_quick(t5, t2, t4, group->field)
+        || !BN_mod_add_quick(t2, t2, t4, group->field)
+        || !group->meth->field_sqr(group, t5, t5, ctx)
+        || !group->meth->field_mul(group, t6, t3, group->b, ctx)
+        || !group->meth->field_mul(group, t1, p->X, p->Z, ctx)
+        || !group->meth->field_mul(group, t4, t1, t6, ctx)
+        || !BN_mod_lshift_quick(t4, t4, 3, group->field)
+        /* r->X coord output */
+        || !BN_mod_sub_quick(r->X, t5, t4, group->field)
+        || !group->meth->field_mul(group, t1, t1, t2, ctx)
+        || !group->meth->field_mul(group, t2, t3, t6, ctx)
+        || !BN_mod_add_quick(t1, t1, t2, group->field)
+        /* r->Z coord output */
+        || !BN_mod_lshift_quick(r->Z, t1, 2, group->field)
+        || !EC_POINT_copy(s, p))
+        return 0;
+
+    r->Z_is_one = 0;
+    s->Z_is_one = 0;
+    p->Z_is_one = 0;
+
+    return 1;
+}
+
+/*-
+ * Differential addition-and-doubling using  Eq. (9) and (10) from Izu-Takagi
+ * "A fast parallel elliptic curve multiplication resistant against side channel
+ * attacks", as described at
+ * https://hyperelliptic.org/EFD/g1p/auto-shortw-xz.html#ladder-ladd-2002-it-4
+ */
+int ec_GFp_simple_ladder_step(const EC_GROUP *group,
+                              EC_POINT *r, EC_POINT *s,
+                              EC_POINT *p, BN_CTX *ctx)
+{
+    int ret = 0;
+    BIGNUM *t0, *t1, *t2, *t3, *t4, *t5, *t6, *t7 = NULL;
+
+    BN_CTX_start(ctx);
+    t0 = BN_CTX_get(ctx);
+    t1 = BN_CTX_get(ctx);
+    t2 = BN_CTX_get(ctx);
+    t3 = BN_CTX_get(ctx);
+    t4 = BN_CTX_get(ctx);
+    t5 = BN_CTX_get(ctx);
+    t6 = BN_CTX_get(ctx);
+    t7 = BN_CTX_get(ctx);
+
+    if (t7 == NULL
+        || !group->meth->field_mul(group, t0, r->X, s->X, ctx)
+        || !group->meth->field_mul(group, t1, r->Z, s->Z, ctx)
+        || !group->meth->field_mul(group, t2, r->X, s->Z, ctx)
+        || !group->meth->field_mul(group, t3, r->Z, s->X, ctx)
+        || !group->meth->field_mul(group, t4, group->a, t1, ctx)
+        || !BN_mod_add_quick(t0, t0, t4, group->field)
+        || !BN_mod_add_quick(t4, t3, t2, group->field)
+        || !group->meth->field_mul(group, t0, t4, t0, ctx)
+        || !group->meth->field_sqr(group, t1, t1, ctx)
+        || !BN_mod_lshift_quick(t7, group->b, 2, group->field)
+        || !group->meth->field_mul(group, t1, t7, t1, ctx)
+        || !BN_mod_lshift1_quick(t0, t0, group->field)
+        || !BN_mod_add_quick(t0, t1, t0, group->field)
+        || !BN_mod_sub_quick(t1, t2, t3, group->field)
+        || !group->meth->field_sqr(group, t1, t1, ctx)
+        || !group->meth->field_mul(group, t3, t1, p->X, ctx)
+        || !group->meth->field_mul(group, t0, p->Z, t0, ctx)
+        /* s->X coord output */
+        || !BN_mod_sub_quick(s->X, t0, t3, group->field)
+        /* s->Z coord output */
+        || !group->meth->field_mul(group, s->Z, p->Z, t1, ctx)
+        || !group->meth->field_sqr(group, t3, r->X, ctx)
+        || !group->meth->field_sqr(group, t2, r->Z, ctx)
+        || !group->meth->field_mul(group, t4, t2, group->a, ctx)
+        || !BN_mod_add_quick(t5, r->X, r->Z, group->field)
+        || !group->meth->field_sqr(group, t5, t5, ctx)
+        || !BN_mod_sub_quick(t5, t5, t3, group->field)
+        || !BN_mod_sub_quick(t5, t5, t2, group->field)
+        || !BN_mod_sub_quick(t6, t3, t4, group->field)
+        || !group->meth->field_sqr(group, t6, t6, ctx)
+        || !group->meth->field_mul(group, t0, t2, t5, ctx)
+        || !group->meth->field_mul(group, t0, t7, t0, ctx)
+        /* r->X coord output */
+        || !BN_mod_sub_quick(r->X, t6, t0, group->field)
+        || !BN_mod_add_quick(t6, t3, t4, group->field)
+        || !group->meth->field_sqr(group, t3, t2, ctx)
+        || !group->meth->field_mul(group, t7, t3, t7, ctx)
+        || !group->meth->field_mul(group, t5, t5, t6, ctx)
+        || !BN_mod_lshift1_quick(t5, t5, group->field)
+        /* r->Z coord output */
+        || !BN_mod_add_quick(r->Z, t7, t5, group->field))
+        goto err;
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+/*-
+ * Recovers the y-coordinate of r using Eq. (8) from Brier-Joye, "Weierstrass
+ * Elliptic Curves and Side-Channel Attacks", modified to work in projective
+ * coordinates and return r in Jacobian projective coordinates.
+ *
+ * X4 = two*Y1*X2*Z3*Z2*Z1;
+ * Y4 = two*b*Z3*SQR(Z2*Z1) + Z3*(a*Z2*Z1+X1*X2)*(X1*Z2+X2*Z1) - X3*SQR(X1*Z2-X2*Z1);
+ * Z4 = two*Y1*Z3*SQR(Z2)*Z1;
+ *
+ * Z4 != 0 because:
+ *  - Z1==0 implies p is at infinity, which would have caused an early exit in
+ *    the caller;
+ *  - Z2==0 implies r is at infinity (handled by the BN_is_zero(r->Z) branch);
+ *  - Z3==0 implies s is at infinity (handled by the BN_is_zero(s->Z) branch);
+ *  - Y1==0 implies p has order 2, so either r or s are infinity and handled by
+ *    one of the BN_is_zero(...) branches.
+ */
+int ec_GFp_simple_ladder_post(const EC_GROUP *group,
+                              EC_POINT *r, EC_POINT *s,
+                              EC_POINT *p, BN_CTX *ctx)
+{
+    int ret = 0;
+    BIGNUM *t0, *t1, *t2, *t3, *t4, *t5, *t6 = NULL;
+
+    if (BN_is_zero(r->Z))
+        return EC_POINT_set_to_infinity(group, r);
+
+    if (BN_is_zero(s->Z)) {
+        /* (X,Y,Z) -> (XZ,YZ**2,Z) */
+        if (!group->meth->field_mul(group, r->X, p->X, p->Z, ctx)
+            || !group->meth->field_sqr(group, r->Z, p->Z, ctx)
+            || !group->meth->field_mul(group, r->Y, p->Y, r->Z, ctx)
+            || !BN_copy(r->Z, p->Z)
+            || !EC_POINT_invert(group, r, ctx))
+            return 0;
+        return 1;
+    }
+
+    BN_CTX_start(ctx);
+    t0 = BN_CTX_get(ctx);
+    t1 = BN_CTX_get(ctx);
+    t2 = BN_CTX_get(ctx);
+    t3 = BN_CTX_get(ctx);
+    t4 = BN_CTX_get(ctx);
+    t5 = BN_CTX_get(ctx);
+    t6 = BN_CTX_get(ctx);
+
+    if (t6 == NULL
+        || !BN_mod_lshift1_quick(t0, p->Y, group->field)
+        || !group->meth->field_mul(group, t1, r->X, p->Z, ctx)
+        || !group->meth->field_mul(group, t2, r->Z, s->Z, ctx)
+        || !group->meth->field_mul(group, t2, t1, t2, ctx)
+        || !group->meth->field_mul(group, t3, t2, t0, ctx)
+        || !group->meth->field_mul(group, t2, r->Z, p->Z, ctx)
+        || !group->meth->field_sqr(group, t4, t2, ctx)
+        || !BN_mod_lshift1_quick(t5, group->b, group->field)
+        || !group->meth->field_mul(group, t4, t4, t5, ctx)
+        || !group->meth->field_mul(group, t6, t2, group->a, ctx)
+        || !group->meth->field_mul(group, t5, r->X, p->X, ctx)
+        || !BN_mod_add_quick(t5, t6, t5, group->field)
+        || !group->meth->field_mul(group, t6, r->Z, p->X, ctx)
+        || !BN_mod_add_quick(t2, t6, t1, group->field)
+        || !group->meth->field_mul(group, t5, t5, t2, ctx)
+        || !BN_mod_sub_quick(t6, t6, t1, group->field)
+        || !group->meth->field_sqr(group, t6, t6, ctx)
+        || !group->meth->field_mul(group, t6, t6, s->X, ctx)
+        || !BN_mod_add_quick(t4, t5, t4, group->field)
+        || !group->meth->field_mul(group, t4, t4, s->Z, ctx)
+        || !BN_mod_sub_quick(t4, t4, t6, group->field)
+        || !group->meth->field_sqr(group, t5, r->Z, ctx)
+        || !group->meth->field_mul(group, r->Z, p->Z, s->Z, ctx)
+        || !group->meth->field_mul(group, r->Z, t5, r->Z, ctx)
+        || !group->meth->field_mul(group, r->Z, r->Z, t0, ctx)
+        /* t3 := X, t4 := Y */
+        /* (X,Y,Z) -> (XZ,YZ**2,Z) */
+        || !group->meth->field_mul(group, r->X, t3, r->Z, ctx)
+        || !group->meth->field_sqr(group, t3, r->Z, ctx)
+        || !group->meth->field_mul(group, r->Y, t4, t3, ctx))
+        goto err;
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecx_meth.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecx_meth.c
new file mode 100644
index 000000000..e4cac99e2
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecx_meth.c
@@ -0,0 +1,841 @@
+/*
+ * Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/ec.h>
+#include <openssl/rand.h>
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
+#include "ec_lcl.h"
+#include "curve448/curve448_lcl.h"
+
+#define X25519_BITS          253
+#define X25519_SECURITY_BITS 128
+
+#define ED25519_SIGSIZE      64
+
+#define X448_BITS            448
+#define ED448_BITS           456
+#define X448_SECURITY_BITS   224
+
+#define ED448_SIGSIZE        114
+
+#define ISX448(id)      ((id) == EVP_PKEY_X448)
+#define IS25519(id)     ((id) == EVP_PKEY_X25519 || (id) == EVP_PKEY_ED25519)
+#define KEYLENID(id)    (IS25519(id) ? X25519_KEYLEN \
+                                     : ((id) == EVP_PKEY_X448 ? X448_KEYLEN \
+                                                              : ED448_KEYLEN))
+#define KEYLEN(p)       KEYLENID((p)->ameth->pkey_id)
+
+
+typedef enum {
+    KEY_OP_PUBLIC,
+    KEY_OP_PRIVATE,
+    KEY_OP_KEYGEN
+} ecx_key_op_t;
+
+/* Setup EVP_PKEY using public, private or generation */
+static int ecx_key_op(EVP_PKEY *pkey, int id, const X509_ALGOR *palg,
+                      const unsigned char *p, int plen, ecx_key_op_t op)
+{
+    ECX_KEY *key = NULL;
+    unsigned char *privkey, *pubkey;
+
+    if (op != KEY_OP_KEYGEN) {
+        if (palg != NULL) {
+            int ptype;
+
+            /* Algorithm parameters must be absent */
+            X509_ALGOR_get0(NULL, &ptype, NULL, palg);
+            if (ptype != V_ASN1_UNDEF) {
+                ECerr(EC_F_ECX_KEY_OP, EC_R_INVALID_ENCODING);
+                return 0;
+            }
+        }
+
+        if (p == NULL || plen != KEYLENID(id)) {
+            ECerr(EC_F_ECX_KEY_OP, EC_R_INVALID_ENCODING);
+            return 0;
+        }
+    }
+
+    key = OPENSSL_zalloc(sizeof(*key));
+    if (key == NULL) {
+        ECerr(EC_F_ECX_KEY_OP, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    pubkey = key->pubkey;
+
+    if (op == KEY_OP_PUBLIC) {
+        memcpy(pubkey, p, plen);
+    } else {
+        privkey = key->privkey = OPENSSL_secure_malloc(KEYLENID(id));
+        if (privkey == NULL) {
+            ECerr(EC_F_ECX_KEY_OP, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (op == KEY_OP_KEYGEN) {
+            if (RAND_priv_bytes(privkey, KEYLENID(id)) <= 0) {
+                OPENSSL_secure_free(privkey);
+                key->privkey = NULL;
+                goto err;
+            }
+            if (id == EVP_PKEY_X25519) {
+                privkey[0] &= 248;
+                privkey[X25519_KEYLEN - 1] &= 127;
+                privkey[X25519_KEYLEN - 1] |= 64;
+            } else if (id == EVP_PKEY_X448) {
+                privkey[0] &= 252;
+                privkey[X448_KEYLEN - 1] |= 128;
+            }
+        } else {
+            memcpy(privkey, p, KEYLENID(id));
+        }
+        switch (id) {
+        case EVP_PKEY_X25519:
+            X25519_public_from_private(pubkey, privkey);
+            break;
+        case EVP_PKEY_ED25519:
+            ED25519_public_from_private(pubkey, privkey);
+            break;
+        case EVP_PKEY_X448:
+            X448_public_from_private(pubkey, privkey);
+            break;
+        case EVP_PKEY_ED448:
+            ED448_public_from_private(pubkey, privkey);
+            break;
+        }
+    }
+
+    EVP_PKEY_assign(pkey, id, key);
+    return 1;
+ err:
+    OPENSSL_free(key);
+    return 0;
+}
+
+static int ecx_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
+{
+    const ECX_KEY *ecxkey = pkey->pkey.ecx;
+    unsigned char *penc;
+
+    if (ecxkey == NULL) {
+        ECerr(EC_F_ECX_PUB_ENCODE, EC_R_INVALID_KEY);
+        return 0;
+    }
+
+    penc = OPENSSL_memdup(ecxkey->pubkey, KEYLEN(pkey));
+    if (penc == NULL) {
+        ECerr(EC_F_ECX_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    if (!X509_PUBKEY_set0_param(pk, OBJ_nid2obj(pkey->ameth->pkey_id),
+                                V_ASN1_UNDEF, NULL, penc, KEYLEN(pkey))) {
+        OPENSSL_free(penc);
+        ECerr(EC_F_ECX_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    return 1;
+}
+
+static int ecx_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
+{
+    const unsigned char *p;
+    int pklen;
+    X509_ALGOR *palg;
+
+    if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
+        return 0;
+    return ecx_key_op(pkey, pkey->ameth->pkey_id, palg, p, pklen,
+                      KEY_OP_PUBLIC);
+}
+
+static int ecx_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+    const ECX_KEY *akey = a->pkey.ecx;
+    const ECX_KEY *bkey = b->pkey.ecx;
+
+    if (akey == NULL || bkey == NULL)
+        return -2;
+
+    return CRYPTO_memcmp(akey->pubkey, bkey->pubkey, KEYLEN(a)) == 0;
+}
+
+static int ecx_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
+{
+    const unsigned char *p;
+    int plen;
+    ASN1_OCTET_STRING *oct = NULL;
+    const X509_ALGOR *palg;
+    int rv;
+
+    if (!PKCS8_pkey_get0(NULL, &p, &plen, &palg, p8))
+        return 0;
+
+    oct = d2i_ASN1_OCTET_STRING(NULL, &p, plen);
+    if (oct == NULL) {
+        p = NULL;
+        plen = 0;
+    } else {
+        p = ASN1_STRING_get0_data(oct);
+        plen = ASN1_STRING_length(oct);
+    }
+
+    rv = ecx_key_op(pkey, pkey->ameth->pkey_id, palg, p, plen, KEY_OP_PRIVATE);
+    ASN1_OCTET_STRING_free(oct);
+    return rv;
+}
+
+static int ecx_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
+{
+    const ECX_KEY *ecxkey = pkey->pkey.ecx;
+    ASN1_OCTET_STRING oct;
+    unsigned char *penc = NULL;
+    int penclen;
+
+    if (ecxkey == NULL || ecxkey->privkey == NULL) {
+        ECerr(EC_F_ECX_PRIV_ENCODE, EC_R_INVALID_PRIVATE_KEY);
+        return 0;
+    }
+
+    oct.data = ecxkey->privkey;
+    oct.length = KEYLEN(pkey);
+    oct.flags = 0;
+
+    penclen = i2d_ASN1_OCTET_STRING(&oct, &penc);
+    if (penclen < 0) {
+        ECerr(EC_F_ECX_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(pkey->ameth->pkey_id), 0,
+                         V_ASN1_UNDEF, NULL, penc, penclen)) {
+        OPENSSL_clear_free(penc, penclen);
+        ECerr(EC_F_ECX_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    return 1;
+}
+
+static int ecx_size(const EVP_PKEY *pkey)
+{
+    return KEYLEN(pkey);
+}
+
+static int ecx_bits(const EVP_PKEY *pkey)
+{
+    if (IS25519(pkey->ameth->pkey_id)) {
+        return X25519_BITS;
+    } else if(ISX448(pkey->ameth->pkey_id)) {
+        return X448_BITS;
+    } else {
+        return ED448_BITS;
+    }
+}
+
+static int ecx_security_bits(const EVP_PKEY *pkey)
+{
+    if (IS25519(pkey->ameth->pkey_id)) {
+        return X25519_SECURITY_BITS;
+    } else {
+        return X448_SECURITY_BITS;
+    }
+}
+
+static void ecx_free(EVP_PKEY *pkey)
+{
+    if (pkey->pkey.ecx != NULL)
+        OPENSSL_secure_clear_free(pkey->pkey.ecx->privkey, KEYLEN(pkey));
+    OPENSSL_free(pkey->pkey.ecx);
+}
+
+/* "parameters" are always equal */
+static int ecx_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+    return 1;
+}
+
+static int ecx_key_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                         ASN1_PCTX *ctx, ecx_key_op_t op)
+{
+    const ECX_KEY *ecxkey = pkey->pkey.ecx;
+    const char *nm = OBJ_nid2ln(pkey->ameth->pkey_id);
+
+    if (op == KEY_OP_PRIVATE) {
+        if (ecxkey == NULL || ecxkey->privkey == NULL) {
+            if (BIO_printf(bp, "%*s<INVALID PRIVATE KEY>\n", indent, "") <= 0)
+                return 0;
+            return 1;
+        }
+        if (BIO_printf(bp, "%*s%s Private-Key:\n", indent, "", nm) <= 0)
+            return 0;
+        if (BIO_printf(bp, "%*spriv:\n", indent, "") <= 0)
+            return 0;
+        if (ASN1_buf_print(bp, ecxkey->privkey, KEYLEN(pkey),
+                           indent + 4) == 0)
+            return 0;
+    } else {
+        if (ecxkey == NULL) {
+            if (BIO_printf(bp, "%*s<INVALID PUBLIC KEY>\n", indent, "") <= 0)
+                return 0;
+            return 1;
+        }
+        if (BIO_printf(bp, "%*s%s Public-Key:\n", indent, "", nm) <= 0)
+            return 0;
+    }
+    if (BIO_printf(bp, "%*spub:\n", indent, "") <= 0)
+        return 0;
+
+    if (ASN1_buf_print(bp, ecxkey->pubkey, KEYLEN(pkey),
+                       indent + 4) == 0)
+        return 0;
+    return 1;
+}
+
+static int ecx_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                          ASN1_PCTX *ctx)
+{
+    return ecx_key_print(bp, pkey, indent, ctx, KEY_OP_PRIVATE);
+}
+
+static int ecx_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                         ASN1_PCTX *ctx)
+{
+    return ecx_key_print(bp, pkey, indent, ctx, KEY_OP_PUBLIC);
+}
+
+static int ecx_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+{
+    switch (op) {
+
+    case ASN1_PKEY_CTRL_SET1_TLS_ENCPT:
+        return ecx_key_op(pkey, pkey->ameth->pkey_id, NULL, arg2, arg1,
+                          KEY_OP_PUBLIC);
+
+    case ASN1_PKEY_CTRL_GET1_TLS_ENCPT:
+        if (pkey->pkey.ecx != NULL) {
+            unsigned char **ppt = arg2;
+
+            *ppt = OPENSSL_memdup(pkey->pkey.ecx->pubkey, KEYLEN(pkey));
+            if (*ppt != NULL)
+                return KEYLEN(pkey);
+        }
+        return 0;
+
+    default:
+        return -2;
+
+    }
+}
+
+static int ecd_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+{
+    switch (op) {
+    case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
+        /* We currently only support Pure EdDSA which takes no digest */
+        *(int *)arg2 = NID_undef;
+        return 2;
+
+    default:
+        return -2;
+
+    }
+}
+
+static int ecx_set_priv_key(EVP_PKEY *pkey, const unsigned char *priv,
+                            size_t len)
+{
+    return ecx_key_op(pkey, pkey->ameth->pkey_id, NULL, priv, len,
+                       KEY_OP_PRIVATE);
+}
+
+static int ecx_set_pub_key(EVP_PKEY *pkey, const unsigned char *pub, size_t len)
+{
+    return ecx_key_op(pkey, pkey->ameth->pkey_id, NULL, pub, len,
+                      KEY_OP_PUBLIC);
+}
+
+static int ecx_get_priv_key(const EVP_PKEY *pkey, unsigned char *priv,
+                            size_t *len)
+{
+    const ECX_KEY *key = pkey->pkey.ecx;
+
+    if (priv == NULL) {
+        *len = KEYLENID(pkey->ameth->pkey_id);
+        return 1;
+    }
+
+    if (key == NULL
+            || key->privkey == NULL
+            || *len < (size_t)KEYLENID(pkey->ameth->pkey_id))
+        return 0;
+
+    *len = KEYLENID(pkey->ameth->pkey_id);
+    memcpy(priv, key->privkey, *len);
+
+    return 1;
+}
+
+static int ecx_get_pub_key(const EVP_PKEY *pkey, unsigned char *pub,
+                           size_t *len)
+{
+    const ECX_KEY *key = pkey->pkey.ecx;
+
+    if (pub == NULL) {
+        *len = KEYLENID(pkey->ameth->pkey_id);
+        return 1;
+    }
+
+    if (key == NULL
+            || *len < (size_t)KEYLENID(pkey->ameth->pkey_id))
+        return 0;
+
+    *len = KEYLENID(pkey->ameth->pkey_id);
+    memcpy(pub, key->pubkey, *len);
+
+    return 1;
+}
+
+const EVP_PKEY_ASN1_METHOD ecx25519_asn1_meth = {
+    EVP_PKEY_X25519,
+    EVP_PKEY_X25519,
+    0,
+    "X25519",
+    "OpenSSL X25519 algorithm",
+
+    ecx_pub_decode,
+    ecx_pub_encode,
+    ecx_pub_cmp,
+    ecx_pub_print,
+
+    ecx_priv_decode,
+    ecx_priv_encode,
+    ecx_priv_print,
+
+    ecx_size,
+    ecx_bits,
+    ecx_security_bits,
+
+    0, 0, 0, 0,
+    ecx_cmp_parameters,
+    0, 0,
+
+    ecx_free,
+    ecx_ctrl,
+    NULL,
+    NULL,
+
+    NULL,
+    NULL,
+    NULL,
+
+    NULL,
+    NULL,
+    NULL,
+
+    ecx_set_priv_key,
+    ecx_set_pub_key,
+    ecx_get_priv_key,
+    ecx_get_pub_key,
+};
+
+const EVP_PKEY_ASN1_METHOD ecx448_asn1_meth = {
+    EVP_PKEY_X448,
+    EVP_PKEY_X448,
+    0,
+    "X448",
+    "OpenSSL X448 algorithm",
+
+    ecx_pub_decode,
+    ecx_pub_encode,
+    ecx_pub_cmp,
+    ecx_pub_print,
+
+    ecx_priv_decode,
+    ecx_priv_encode,
+    ecx_priv_print,
+
+    ecx_size,
+    ecx_bits,
+    ecx_security_bits,
+
+    0, 0, 0, 0,
+    ecx_cmp_parameters,
+    0, 0,
+
+    ecx_free,
+    ecx_ctrl,
+    NULL,
+    NULL,
+
+    NULL,
+    NULL,
+    NULL,
+
+    NULL,
+    NULL,
+    NULL,
+
+    ecx_set_priv_key,
+    ecx_set_pub_key,
+    ecx_get_priv_key,
+    ecx_get_pub_key,
+};
+
+static int ecd_size25519(const EVP_PKEY *pkey)
+{
+    return ED25519_SIGSIZE;
+}
+
+static int ecd_size448(const EVP_PKEY *pkey)
+{
+    return ED448_SIGSIZE;
+}
+
+static int ecd_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+                           X509_ALGOR *sigalg, ASN1_BIT_STRING *str,
+                           EVP_PKEY *pkey)
+{
+    const ASN1_OBJECT *obj;
+    int ptype;
+    int nid;
+
+    /* Sanity check: make sure it is ED25519/ED448 with absent parameters */
+    X509_ALGOR_get0(&obj, &ptype, NULL, sigalg);
+    nid = OBJ_obj2nid(obj);
+    if ((nid != NID_ED25519 && nid != NID_ED448) || ptype != V_ASN1_UNDEF) {
+        ECerr(EC_F_ECD_ITEM_VERIFY, EC_R_INVALID_ENCODING);
+        return 0;
+    }
+
+    if (!EVP_DigestVerifyInit(ctx, NULL, NULL, NULL, pkey))
+        return 0;
+
+    return 2;
+}
+
+static int ecd_item_sign25519(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+                              X509_ALGOR *alg1, X509_ALGOR *alg2,
+                              ASN1_BIT_STRING *str)
+{
+    /* Set algorithms identifiers */
+    X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_ED25519), V_ASN1_UNDEF, NULL);
+    if (alg2)
+        X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_ED25519), V_ASN1_UNDEF, NULL);
+    /* Algorithm idetifiers set: carry on as normal */
+    return 3;
+}
+
+static int ecd_sig_info_set25519(X509_SIG_INFO *siginf, const X509_ALGOR *alg,
+                                 const ASN1_STRING *sig)
+{
+    X509_SIG_INFO_set(siginf, NID_undef, NID_ED25519, X25519_SECURITY_BITS,
+                      X509_SIG_INFO_TLS);
+    return 1;
+}
+
+static int ecd_item_sign448(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+                            X509_ALGOR *alg1, X509_ALGOR *alg2,
+                            ASN1_BIT_STRING *str)
+{
+    /* Set algorithm identifier */
+    X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_ED448), V_ASN1_UNDEF, NULL);
+    if (alg2 != NULL)
+        X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_ED448), V_ASN1_UNDEF, NULL);
+    /* Algorithm identifier set: carry on as normal */
+    return 3;
+}
+
+static int ecd_sig_info_set448(X509_SIG_INFO *siginf, const X509_ALGOR *alg,
+                               const ASN1_STRING *sig)
+{
+    X509_SIG_INFO_set(siginf, NID_undef, NID_ED448, X448_SECURITY_BITS,
+                      X509_SIG_INFO_TLS);
+    return 1;
+}
+
+
+const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth = {
+    EVP_PKEY_ED25519,
+    EVP_PKEY_ED25519,
+    0,
+    "ED25519",
+    "OpenSSL ED25519 algorithm",
+
+    ecx_pub_decode,
+    ecx_pub_encode,
+    ecx_pub_cmp,
+    ecx_pub_print,
+
+    ecx_priv_decode,
+    ecx_priv_encode,
+    ecx_priv_print,
+
+    ecd_size25519,
+    ecx_bits,
+    ecx_security_bits,
+
+    0, 0, 0, 0,
+    ecx_cmp_parameters,
+    0, 0,
+
+    ecx_free,
+    ecd_ctrl,
+    NULL,
+    NULL,
+    ecd_item_verify,
+    ecd_item_sign25519,
+    ecd_sig_info_set25519,
+
+    NULL,
+    NULL,
+    NULL,
+
+    ecx_set_priv_key,
+    ecx_set_pub_key,
+    ecx_get_priv_key,
+    ecx_get_pub_key,
+};
+
+const EVP_PKEY_ASN1_METHOD ed448_asn1_meth = {
+    EVP_PKEY_ED448,
+    EVP_PKEY_ED448,
+    0,
+    "ED448",
+    "OpenSSL ED448 algorithm",
+
+    ecx_pub_decode,
+    ecx_pub_encode,
+    ecx_pub_cmp,
+    ecx_pub_print,
+
+    ecx_priv_decode,
+    ecx_priv_encode,
+    ecx_priv_print,
+
+    ecd_size448,
+    ecx_bits,
+    ecx_security_bits,
+
+    0, 0, 0, 0,
+    ecx_cmp_parameters,
+    0, 0,
+
+    ecx_free,
+    ecd_ctrl,
+    NULL,
+    NULL,
+    ecd_item_verify,
+    ecd_item_sign448,
+    ecd_sig_info_set448,
+
+    NULL,
+    NULL,
+    NULL,
+
+    ecx_set_priv_key,
+    ecx_set_pub_key,
+    ecx_get_priv_key,
+    ecx_get_pub_key,
+};
+
+static int pkey_ecx_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+    return ecx_key_op(pkey, ctx->pmeth->pkey_id, NULL, NULL, 0, KEY_OP_KEYGEN);
+}
+
+static int validate_ecx_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
+                                          size_t *keylen,
+                                          const unsigned char **privkey,
+                                          const unsigned char **pubkey)
+{
+    const ECX_KEY *ecxkey, *peerkey;
+
+    if (ctx->pkey == NULL || ctx->peerkey == NULL) {
+        ECerr(EC_F_VALIDATE_ECX_DERIVE, EC_R_KEYS_NOT_SET);
+        return 0;
+    }
+    ecxkey = ctx->pkey->pkey.ecx;
+    peerkey = ctx->peerkey->pkey.ecx;
+    if (ecxkey == NULL || ecxkey->privkey == NULL) {
+        ECerr(EC_F_VALIDATE_ECX_DERIVE, EC_R_INVALID_PRIVATE_KEY);
+        return 0;
+    }
+    if (peerkey == NULL) {
+        ECerr(EC_F_VALIDATE_ECX_DERIVE, EC_R_INVALID_PEER_KEY);
+        return 0;
+    }
+    *privkey = ecxkey->privkey;
+    *pubkey = peerkey->pubkey;
+
+    return 1;
+}
+
+static int pkey_ecx_derive25519(EVP_PKEY_CTX *ctx, unsigned char *key,
+                                size_t *keylen)
+{
+    const unsigned char *privkey, *pubkey;
+
+    if (!validate_ecx_derive(ctx, key, keylen, &privkey, &pubkey)
+            || (key != NULL
+                && X25519(key, privkey, pubkey) == 0))
+        return 0;
+    *keylen = X25519_KEYLEN;
+    return 1;
+}
+
+static int pkey_ecx_derive448(EVP_PKEY_CTX *ctx, unsigned char *key,
+                              size_t *keylen)
+{
+    const unsigned char *privkey, *pubkey;
+
+    if (!validate_ecx_derive(ctx, key, keylen, &privkey, &pubkey)
+            || (key != NULL
+                && X448(key, privkey, pubkey) == 0))
+        return 0;
+    *keylen = X448_KEYLEN;
+    return 1;
+}
+
+static int pkey_ecx_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    /* Only need to handle peer key for derivation */
+    if (type == EVP_PKEY_CTRL_PEER_KEY)
+        return 1;
+    return -2;
+}
+
+const EVP_PKEY_METHOD ecx25519_pkey_meth = {
+    EVP_PKEY_X25519,
+    0, 0, 0, 0, 0, 0, 0,
+    pkey_ecx_keygen,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    pkey_ecx_derive25519,
+    pkey_ecx_ctrl,
+    0
+};
+
+const EVP_PKEY_METHOD ecx448_pkey_meth = {
+    EVP_PKEY_X448,
+    0, 0, 0, 0, 0, 0, 0,
+    pkey_ecx_keygen,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    pkey_ecx_derive448,
+    pkey_ecx_ctrl,
+    0
+};
+
+static int pkey_ecd_digestsign25519(EVP_MD_CTX *ctx, unsigned char *sig,
+                                    size_t *siglen, const unsigned char *tbs,
+                                    size_t tbslen)
+{
+    const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx;
+
+    if (sig == NULL) {
+        *siglen = ED25519_SIGSIZE;
+        return 1;
+    }
+    if (*siglen < ED25519_SIGSIZE) {
+        ECerr(EC_F_PKEY_ECD_DIGESTSIGN25519, EC_R_BUFFER_TOO_SMALL);
+        return 0;
+    }
+
+    if (ED25519_sign(sig, tbs, tbslen, edkey->pubkey, edkey->privkey) == 0)
+        return 0;
+    *siglen = ED25519_SIGSIZE;
+    return 1;
+}
+
+static int pkey_ecd_digestsign448(EVP_MD_CTX *ctx, unsigned char *sig,
+                                  size_t *siglen, const unsigned char *tbs,
+                                  size_t tbslen)
+{
+    const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx;
+
+    if (sig == NULL) {
+        *siglen = ED448_SIGSIZE;
+        return 1;
+    }
+    if (*siglen < ED448_SIGSIZE) {
+        ECerr(EC_F_PKEY_ECD_DIGESTSIGN448, EC_R_BUFFER_TOO_SMALL);
+        return 0;
+    }
+
+    if (ED448_sign(sig, tbs, tbslen, edkey->pubkey, edkey->privkey, NULL,
+                   0) == 0)
+        return 0;
+    *siglen = ED448_SIGSIZE;
+    return 1;
+}
+
+static int pkey_ecd_digestverify25519(EVP_MD_CTX *ctx, const unsigned char *sig,
+                                      size_t siglen, const unsigned char *tbs,
+                                      size_t tbslen)
+{
+    const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx;
+
+    if (siglen != ED25519_SIGSIZE)
+        return 0;
+
+    return ED25519_verify(tbs, tbslen, sig, edkey->pubkey);
+}
+
+static int pkey_ecd_digestverify448(EVP_MD_CTX *ctx, const unsigned char *sig,
+                                    size_t siglen, const unsigned char *tbs,
+                                    size_t tbslen)
+{
+    const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx;
+
+    if (siglen != ED448_SIGSIZE)
+        return 0;
+
+    return ED448_verify(tbs, tbslen, sig, edkey->pubkey, NULL, 0);
+}
+
+static int pkey_ecd_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    switch (type) {
+    case EVP_PKEY_CTRL_MD:
+        /* Only NULL allowed as digest */
+        if (p2 == NULL || (const EVP_MD *)p2 == EVP_md_null())
+            return 1;
+        ECerr(EC_F_PKEY_ECD_CTRL, EC_R_INVALID_DIGEST_TYPE);
+        return 0;
+
+    case EVP_PKEY_CTRL_DIGESTINIT:
+        return 1;
+    }
+    return -2;
+}
+
+const EVP_PKEY_METHOD ed25519_pkey_meth = {
+    EVP_PKEY_ED25519, EVP_PKEY_FLAG_SIGCTX_CUSTOM,
+    0, 0, 0, 0, 0, 0,
+    pkey_ecx_keygen,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    pkey_ecd_ctrl,
+    0,
+    pkey_ecd_digestsign25519,
+    pkey_ecd_digestverify25519
+};
+
+const EVP_PKEY_METHOD ed448_pkey_meth = {
+    EVP_PKEY_ED448, EVP_PKEY_FLAG_SIGCTX_CUSTOM,
+    0, 0, 0, 0, 0, 0,
+    pkey_ecx_keygen,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    pkey_ecd_ctrl,
+    0,
+    pkey_ecd_digestsign448,
+    pkey_ecd_digestverify448
+};
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/README b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/README
new file mode 100644
index 000000000..c7a5696ca
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/README
@@ -0,0 +1,211 @@
+Notes: 2001-09-24
+-----------------
+
+This "description" (if one chooses to call it that) needed some major updating
+so here goes. This update addresses a change being made at the same time to
+OpenSSL, and it pretty much completely restructures the underlying mechanics of
+the "ENGINE" code. So it serves a double purpose of being a "ENGINE internals
+for masochists" document *and* a rather extensive commit log message. (I'd get
+lynched for sticking all this in CHANGES or the commit mails :-).
+
+ENGINE_TABLE underlies this restructuring, as described in the internal header
+"eng_int.h", implemented in eng_table.c, and used in each of the "class" files;
+tb_rsa.c, tb_dsa.c, etc.
+
+However, "EVP_CIPHER" underlies the motivation and design of ENGINE_TABLE so
+I'll mention a bit about that first. EVP_CIPHER (and most of this applies
+equally to EVP_MD for digests) is both a "method" and a algorithm/mode
+identifier that, in the current API, "lingers". These cipher description +
+implementation structures can be defined or obtained directly by applications,
+or can be loaded "en masse" into EVP storage so that they can be catalogued and
+searched in various ways, ie. two ways of encrypting with the "des_cbc"
+algorithm/mode pair are;
+
+(i) directly;
+     const EVP_CIPHER *cipher = EVP_des_cbc();
+     EVP_EncryptInit(&ctx, cipher, key, iv);
+     [ ... use EVP_EncryptUpdate() and EVP_EncryptFinal() ...]
+
+(ii) indirectly;
+     OpenSSL_add_all_ciphers();
+     cipher = EVP_get_cipherbyname("des_cbc");
+     EVP_EncryptInit(&ctx, cipher, key, iv);
+     [ ... etc ... ]
+
+The latter is more generally used because it also allows ciphers/digests to be
+looked up based on other identifiers which can be useful for automatic cipher
+selection, eg. in SSL/TLS, or by user-controllable configuration.
+
+The important point about this is that EVP_CIPHER definitions and structures are
+passed around with impunity and there is no safe way, without requiring massive
+rewrites of many applications, to assume that EVP_CIPHERs can be reference
+counted. One an EVP_CIPHER is exposed to the caller, neither it nor anything it
+comes from can "safely" be destroyed. Unless of course the way of getting to
+such ciphers is via entirely distinct API calls that didn't exist before.
+However existing API usage cannot be made to understand when an EVP_CIPHER
+pointer, that has been passed to the caller, is no longer being used.
+
+The other problem with the existing API w.r.t. to hooking EVP_CIPHER support
+into ENGINE is storage - the OBJ_NAME-based storage used by EVP to register
+ciphers simultaneously registers cipher *types* and cipher *implementations* -
+they are effectively the same thing, an "EVP_CIPHER" pointer. The problem with
+hooking in ENGINEs is that multiple ENGINEs may implement the same ciphers. The
+solution is necessarily that ENGINE-provided ciphers simply are not registered,
+stored, or exposed to the caller in the same manner as existing ciphers. This is
+especially necessary considering the fact ENGINE uses reference counts to allow
+for cleanup, modularity, and DSO support - yet EVP_CIPHERs, as exposed to
+callers in the current API, support no such controls.
+
+Another sticking point for integrating cipher support into ENGINE is linkage.
+Already there is a problem with the way ENGINE supports RSA, DSA, etc whereby
+they are available *because* they're part of a giant ENGINE called "openssl".
+Ie. all implementations *have* to come from an ENGINE, but we get round that by
+having a giant ENGINE with all the software support encapsulated. This creates
+linker hassles if nothing else - linking a 1-line application that calls 2 basic
+RSA functions (eg. "RSA_free(RSA_new());") will result in large quantities of
+ENGINE code being linked in *and* because of that DSA, DH, and RAND also. If we
+continue with this approach for EVP_CIPHER support (even if it *was* possible)
+we would lose our ability to link selectively by selectively loading certain
+implementations of certain functionality. Touching any part of any kind of
+crypto would result in massive static linkage of everything else. So the
+solution is to change the way ENGINE feeds existing "classes", ie. how the
+hooking to ENGINE works from RSA, DSA, DH, RAND, as well as adding new hooking
+for EVP_CIPHER, and EVP_MD.
+
+The way this is now being done is by mostly reverting back to how things used to
+work prior to ENGINE :-). Ie. RSA now has a "RSA_METHOD" pointer again - this
+was previously replaced by an "ENGINE" pointer and all RSA code that required
+the RSA_METHOD would call ENGINE_get_RSA() each time on its ENGINE handle to
+temporarily get and use the ENGINE's RSA implementation. Apart from being more
+efficient, switching back to each RSA having an RSA_METHOD pointer also allows
+us to conceivably operate with *no* ENGINE. As we'll see, this removes any need
+for a fallback ENGINE that encapsulates default implementations - we can simply
+have our RSA structure pointing its RSA_METHOD pointer to the software
+implementation and have its ENGINE pointer set to NULL.
+
+A look at the EVP_CIPHER hooking is most explanatory, the RSA, DSA (etc) cases
+turn out to be degenerate forms of the same thing. The EVP storage of ciphers,
+and the existing EVP API functions that return "software" implementations and
+descriptions remain untouched. However, the storage takes more meaning in terms
+of "cipher description" and less meaning in terms of "implementation". When an
+EVP_CIPHER_CTX is actually initialised with an EVP_CIPHER method and is about to
+begin en/decryption, the hooking to ENGINE comes into play. What happens is that
+cipher-specific ENGINE code is asked for an ENGINE pointer (a functional
+reference) for any ENGINE that is registered to perform the algo/mode that the
+provided EVP_CIPHER structure represents. Under normal circumstances, that
+ENGINE code will return NULL because no ENGINEs will have had any cipher
+implementations *registered*. As such, a NULL ENGINE pointer is stored in the
+EVP_CIPHER_CTX context, and the EVP_CIPHER structure is left hooked into the
+context and so is used as the implementation. Pretty much how things work now
+except we'd have a redundant ENGINE pointer set to NULL and doing nothing.
+
+Conversely, if an ENGINE *has* been registered to perform the algorithm/mode
+combination represented by the provided EVP_CIPHER, then a functional reference
+to that ENGINE will be returned to the EVP_CIPHER_CTX during initialisation.
+That functional reference will be stored in the context (and released on
+cleanup) - and having that reference provides a *safe* way to use an EVP_CIPHER
+definition that is private to the ENGINE. Ie. the EVP_CIPHER provided by the
+application will actually be replaced by an EVP_CIPHER from the registered
+ENGINE - it will support the same algorithm/mode as the original but will be a
+completely different implementation. Because this EVP_CIPHER isn't stored in the
+EVP storage, nor is it returned to applications from traditional API functions,
+there is no associated problem with it not having reference counts. And of
+course, when one of these "private" cipher implementations is hooked into
+EVP_CIPHER_CTX, it is done whilst the EVP_CIPHER_CTX holds a functional
+reference to the ENGINE that owns it, thus the use of the ENGINE's EVP_CIPHER is
+safe.
+
+The "cipher-specific ENGINE code" I mentioned is implemented in tb_cipher.c but
+in essence it is simply an instantiation of "ENGINE_TABLE" code for use by
+EVP_CIPHER code. tb_digest.c is virtually identical but, of course, it is for
+use by EVP_MD code. Ditto for tb_rsa.c, tb_dsa.c, etc. These instantiations of
+ENGINE_TABLE essentially provide linker-separation of the classes so that even
+if ENGINEs implement *all* possible algorithms, an application using only
+EVP_CIPHER code will link at most code relating to EVP_CIPHER, tb_cipher.c, core
+ENGINE code that is independent of class, and of course the ENGINE
+implementation that the application loaded. It will *not* however link any
+class-specific ENGINE code for digests, RSA, etc nor will it bleed over into
+other APIs, such as the RSA/DSA/etc library code.
+
+ENGINE_TABLE is a little more complicated than may seem necessary but this is
+mostly to avoid a lot of "init()"-thrashing on ENGINEs (that may have to load
+DSOs, and other expensive setup that shouldn't be thrashed unnecessarily) *and*
+to duplicate "default" behaviour. Basically an ENGINE_TABLE instantiation, for
+example tb_cipher.c, implements a hash-table keyed by integer "nid" values.
+These nids provide the uniquenness of an algorithm/mode - and each nid will hash
+to a potentially NULL "ENGINE_PILE". An ENGINE_PILE is essentially a list of
+pointers to ENGINEs that implement that particular 'nid'. Each "pile" uses some
+caching tricks such that requests on that 'nid' will be cached and all future
+requests will return immediately (well, at least with minimal operation) unless
+a change is made to the pile, eg. perhaps an ENGINE was unloaded. The reason is
+that an application could have support for 10 ENGINEs statically linked
+in, and the machine in question may not have any of the hardware those 10
+ENGINEs support. If each of those ENGINEs has a "des_cbc" implementation, we
+want to avoid every EVP_CIPHER_CTX setup from trying (and failing) to initialise
+each of those 10 ENGINEs. Instead, the first such request will try to do that
+and will either return (and cache) a NULL ENGINE pointer or will return a
+functional reference to the first that successfully initialised. In the latter
+case it will also cache an extra functional reference to the ENGINE as a
+"default" for that 'nid'. The caching is acknowledged by a 'uptodate' variable
+that is unset only if un/registration takes place on that pile. Ie. if
+implementations of "des_cbc" are added or removed. This behaviour can be
+tweaked; the ENGINE_TABLE_FLAG_NOINIT value can be passed to
+ENGINE_set_table_flags(), in which case the only ENGINEs that tb_cipher.c will
+try to initialise from the "pile" will be those that are already initialised
+(ie. it's simply an increment of the functional reference count, and no real
+"initialisation" will take place).
+
+RSA, DSA, DH, and RAND all have their own ENGINE_TABLE code as well, and the
+difference is that they all use an implicit 'nid' of 1. Whereas EVP_CIPHERs are
+actually qualitatively different depending on 'nid' (the "des_cbc" EVP_CIPHER is
+not an interoperable implementation of "aes_256_cbc"), RSA_METHODs are
+necessarily interoperable and don't have different flavours, only different
+implementations. In other words, the ENGINE_TABLE for RSA will either be empty,
+or will have a single ENGINE_PILE hashed to by the 'nid' 1 and that pile
+represents ENGINEs that implement the single "type" of RSA there is.
+
+Cleanup - the registration and unregistration may pose questions about how
+cleanup works with the ENGINE_PILE doing all this caching nonsense (ie. when the
+application or EVP_CIPHER code releases its last reference to an ENGINE, the
+ENGINE_PILE code may still have references and thus those ENGINEs will stay
+hooked in forever). The way this is handled is via "unregistration". With these
+new ENGINE changes, an abstract ENGINE can be loaded and initialised, but that
+is an algorithm-agnostic process. Even if initialised, it will not have
+registered any of its implementations (to do so would link all class "table"
+code despite the fact the application may use only ciphers, for example). This
+is deliberately a distinct step. Moreover, registration and unregistration has
+nothing to do with whether an ENGINE is *functional* or not (ie. you can even
+register an ENGINE and its implementations without it being operational, you may
+not even have the drivers to make it operate). What actually happens with
+respect to cleanup is managed inside eng_lib.c with the "engine_cleanup_***"
+functions. These functions are internal-only and each part of ENGINE code that
+could require cleanup will, upon performing its first allocation, register a
+callback with the "engine_cleanup" code. The other part of this that makes it
+tick is that the ENGINE_TABLE instantiations (tb_***.c) use NULL as their
+initialised state. So if RSA code asks for an ENGINE and no ENGINE has
+registered an implementation, the code will simply return NULL and the tb_rsa.c
+state will be unchanged. Thus, no cleanup is required unless registration takes
+place. ENGINE_cleanup() will simply iterate across a list of registered cleanup
+callbacks calling each in turn, and will then internally delete its own storage
+(a STACK). When a cleanup callback is next registered (eg. if the cleanup() is
+part of a graceful restart and the application wants to cleanup all state then
+start again), the internal STACK storage will be freshly allocated. This is much
+the same as the situation in the ENGINE_TABLE instantiations ... NULL is the
+initialised state, so only modification operations (not queries) will cause that
+code to have to register a cleanup.
+
+What else? The bignum callbacks and associated ENGINE functions have been
+removed for two obvious reasons; (i) there was no way to generalise them to the
+mechanism now used by RSA/DSA/..., because there's no such thing as a BIGNUM
+method, and (ii) because of (i), there was no meaningful way for library or
+application code to automatically hook and use ENGINE supplied bignum functions
+anyway. Also, ENGINE_cpy() has been removed (although an internal-only version
+exists) - the idea of providing an ENGINE_cpy() function probably wasn't a good
+one and now certainly doesn't make sense in any generalised way. Some of the
+RSA, DSA, DH, and RAND functions that were fiddled during the original ENGINE
+changes have now, as a consequence, been reverted back. This is because the
+hooking of ENGINE is now automatic (and passive, it can internally use a NULL
+ENGINE pointer to simply ignore ENGINE from then on).
+
+Hell, that should be enough for now ... comments welcome.
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/build.info
new file mode 100644
index 000000000..e00802a3f
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/build.info
@@ -0,0 +1,11 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c \
+        eng_table.c eng_pkey.c eng_fat.c eng_all.c \
+        tb_rsa.c tb_dsa.c tb_dh.c tb_rand.c \
+        tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c tb_eckey.c \
+        eng_openssl.c eng_cnf.c eng_dyn.c \
+        eng_rdrand.c
+IF[{- !$disabled{devcryptoeng} -}]
+  SOURCE[../../libcrypto]=eng_devcrypto.c
+ENDIF
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_all.c b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_all.c
new file mode 100644
index 000000000..af306ccff
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_all.c
@@ -0,0 +1,25 @@
+/*
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include "eng_int.h"
+
+void ENGINE_load_builtin_engines(void)
+{
+    /* Some ENGINEs need this */
+    OPENSSL_cpuid_setup();
+
+    OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL);
+}
+
+#if (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__DragonFly__)) && OPENSSL_API_COMPAT < 0x10100000L
+void ENGINE_setup_bsd_cryptodev(void)
+{
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_cnf.c b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_cnf.c
new file mode 100644
index 000000000..6f0a066d0
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_cnf.c
@@ -0,0 +1,192 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "eng_int.h"
+#include <openssl/conf.h>
+
+/* #define ENGINE_CONF_DEBUG */
+
+/* ENGINE config module */
+
+static const char *skip_dot(const char *name)
+{
+    const char *p = strchr(name, '.');
+
+    if (p != NULL)
+        return p + 1;
+    return name;
+}
+
+static STACK_OF(ENGINE) *initialized_engines = NULL;
+
+static int int_engine_init(ENGINE *e)
+{
+    if (!ENGINE_init(e))
+        return 0;
+    if (!initialized_engines)
+        initialized_engines = sk_ENGINE_new_null();
+    if (!initialized_engines || !sk_ENGINE_push(initialized_engines, e)) {
+        ENGINE_finish(e);
+        return 0;
+    }
+    return 1;
+}
+
+static int int_engine_configure(const char *name, const char *value, const CONF *cnf)
+{
+    int i;
+    int ret = 0;
+    long do_init = -1;
+    STACK_OF(CONF_VALUE) *ecmds;
+    CONF_VALUE *ecmd = NULL;
+    const char *ctrlname, *ctrlvalue;
+    ENGINE *e = NULL;
+    int soft = 0;
+
+    name = skip_dot(name);
+#ifdef ENGINE_CONF_DEBUG
+    fprintf(stderr, "Configuring engine %s\n", name);
+#endif
+    /* Value is a section containing ENGINE commands */
+    ecmds = NCONF_get_section(cnf, value);
+
+    if (!ecmds) {
+        ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE,
+                  ENGINE_R_ENGINE_SECTION_ERROR);
+        return 0;
+    }
+
+    for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) {
+        ecmd = sk_CONF_VALUE_value(ecmds, i);
+        ctrlname = skip_dot(ecmd->name);
+        ctrlvalue = ecmd->value;
+#ifdef ENGINE_CONF_DEBUG
+        fprintf(stderr, "ENGINE conf: doing ctrl(%s,%s)\n", ctrlname,
+                ctrlvalue);
+#endif
+
+        /* First handle some special pseudo ctrls */
+
+        /* Override engine name to use */
+        if (strcmp(ctrlname, "engine_id") == 0)
+            name = ctrlvalue;
+        else if (strcmp(ctrlname, "soft_load") == 0)
+            soft = 1;
+        /* Load a dynamic ENGINE */
+        else if (strcmp(ctrlname, "dynamic_path") == 0) {
+            e = ENGINE_by_id("dynamic");
+            if (!e)
+                goto err;
+            if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", ctrlvalue, 0))
+                goto err;
+            if (!ENGINE_ctrl_cmd_string(e, "LIST_ADD", "2", 0))
+                goto err;
+            if (!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))
+                goto err;
+        }
+        /* ... add other pseudos here ... */
+        else {
+            /*
+             * At this point we need an ENGINE structural reference if we
+             * don't already have one.
+             */
+            if (!e) {
+                e = ENGINE_by_id(name);
+                if (!e && soft) {
+                    ERR_clear_error();
+                    return 1;
+                }
+                if (!e)
+                    goto err;
+            }
+            /*
+             * Allow "EMPTY" to mean no value: this allows a valid "value" to
+             * be passed to ctrls of type NO_INPUT
+             */
+            if (strcmp(ctrlvalue, "EMPTY") == 0)
+                ctrlvalue = NULL;
+            if (strcmp(ctrlname, "init") == 0) {
+                if (!NCONF_get_number_e(cnf, value, "init", &do_init))
+                    goto err;
+                if (do_init == 1) {
+                    if (!int_engine_init(e))
+                        goto err;
+                } else if (do_init != 0) {
+                    ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE,
+                              ENGINE_R_INVALID_INIT_VALUE);
+                    goto err;
+                }
+            } else if (strcmp(ctrlname, "default_algorithms") == 0) {
+                if (!ENGINE_set_default_string(e, ctrlvalue))
+                    goto err;
+            } else if (!ENGINE_ctrl_cmd_string(e, ctrlname, ctrlvalue, 0))
+                goto err;
+        }
+
+    }
+    if (e && (do_init == -1) && !int_engine_init(e)) {
+        ecmd = NULL;
+        goto err;
+    }
+    ret = 1;
+ err:
+    if (ret != 1) {
+        ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE,
+                  ENGINE_R_ENGINE_CONFIGURATION_ERROR);
+        if (ecmd)
+            ERR_add_error_data(6, "section=", ecmd->section,
+                               ", name=", ecmd->name,
+                               ", value=", ecmd->value);
+    }
+    ENGINE_free(e);
+    return ret;
+}
+
+static int int_engine_module_init(CONF_IMODULE *md, const CONF *cnf)
+{
+    STACK_OF(CONF_VALUE) *elist;
+    CONF_VALUE *cval;
+    int i;
+#ifdef ENGINE_CONF_DEBUG
+    fprintf(stderr, "Called engine module: name %s, value %s\n",
+            CONF_imodule_get_name(md), CONF_imodule_get_value(md));
+#endif
+    /* Value is a section containing ENGINEs to configure */
+    elist = NCONF_get_section(cnf, CONF_imodule_get_value(md));
+
+    if (!elist) {
+        ENGINEerr(ENGINE_F_INT_ENGINE_MODULE_INIT,
+                  ENGINE_R_ENGINES_SECTION_ERROR);
+        return 0;
+    }
+
+    for (i = 0; i < sk_CONF_VALUE_num(elist); i++) {
+        cval = sk_CONF_VALUE_value(elist, i);
+        if (!int_engine_configure(cval->name, cval->value, cnf))
+            return 0;
+    }
+
+    return 1;
+}
+
+static void int_engine_module_finish(CONF_IMODULE *md)
+{
+    ENGINE *e;
+
+    while ((e = sk_ENGINE_pop(initialized_engines)))
+        ENGINE_finish(e);
+    sk_ENGINE_free(initialized_engines);
+    initialized_engines = NULL;
+}
+
+void ENGINE_add_conf_module(void)
+{
+    CONF_module_add("engines",
+                    int_engine_module_init, int_engine_module_finish);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_ctrl.c b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_ctrl.c
new file mode 100644
index 000000000..3bc4aab16
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_ctrl.c
@@ -0,0 +1,330 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "eng_int.h"
+
+/*
+ * When querying a ENGINE-specific control command's 'description', this
+ * string is used if the ENGINE_CMD_DEFN has cmd_desc set to NULL.
+ */
+static const char *int_no_description = "";
+
+/*
+ * These internal functions handle 'CMD'-related control commands when the
+ * ENGINE in question has asked us to take care of it (ie. the ENGINE did not
+ * set the ENGINE_FLAGS_MANUAL_CMD_CTRL flag.
+ */
+
+static int int_ctrl_cmd_is_null(const ENGINE_CMD_DEFN *defn)
+{
+    if ((defn->cmd_num == 0) || (defn->cmd_name == NULL))
+        return 1;
+    return 0;
+}
+
+static int int_ctrl_cmd_by_name(const ENGINE_CMD_DEFN *defn, const char *s)
+{
+    int idx = 0;
+    while (!int_ctrl_cmd_is_null(defn) && (strcmp(defn->cmd_name, s) != 0)) {
+        idx++;
+        defn++;
+    }
+    if (int_ctrl_cmd_is_null(defn))
+        /* The given name wasn't found */
+        return -1;
+    return idx;
+}
+
+static int int_ctrl_cmd_by_num(const ENGINE_CMD_DEFN *defn, unsigned int num)
+{
+    int idx = 0;
+    /*
+     * NB: It is stipulated that 'cmd_defn' lists are ordered by cmd_num. So
+     * our searches don't need to take any longer than necessary.
+     */
+    while (!int_ctrl_cmd_is_null(defn) && (defn->cmd_num < num)) {
+        idx++;
+        defn++;
+    }
+    if (defn->cmd_num == num)
+        return idx;
+    /* The given cmd_num wasn't found */
+    return -1;
+}
+
+static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p,
+                           void (*f) (void))
+{
+    int idx;
+    char *s = (char *)p;
+    const ENGINE_CMD_DEFN *cdp;
+
+    /* Take care of the easy one first (eg. it requires no searches) */
+    if (cmd == ENGINE_CTRL_GET_FIRST_CMD_TYPE) {
+        if ((e->cmd_defns == NULL) || int_ctrl_cmd_is_null(e->cmd_defns))
+            return 0;
+        return e->cmd_defns->cmd_num;
+    }
+    /* One or two commands require that "p" be a valid string buffer */
+    if ((cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) ||
+        (cmd == ENGINE_CTRL_GET_NAME_FROM_CMD) ||
+        (cmd == ENGINE_CTRL_GET_DESC_FROM_CMD)) {
+        if (s == NULL) {
+            ENGINEerr(ENGINE_F_INT_CTRL_HELPER, ERR_R_PASSED_NULL_PARAMETER);
+            return -1;
+        }
+    }
+    /* Now handle cmd_name -> cmd_num conversion */
+    if (cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) {
+        if ((e->cmd_defns == NULL)
+            || ((idx = int_ctrl_cmd_by_name(e->cmd_defns, s)) < 0)) {
+            ENGINEerr(ENGINE_F_INT_CTRL_HELPER, ENGINE_R_INVALID_CMD_NAME);
+            return -1;
+        }
+        return e->cmd_defns[idx].cmd_num;
+    }
+    /*
+     * For the rest of the commands, the 'long' argument must specify a valid
+     * command number - so we need to conduct a search.
+     */
+    if ((e->cmd_defns == NULL)
+        || ((idx = int_ctrl_cmd_by_num(e->cmd_defns, (unsigned int)i)) < 0)) {
+        ENGINEerr(ENGINE_F_INT_CTRL_HELPER, ENGINE_R_INVALID_CMD_NUMBER);
+        return -1;
+    }
+    /* Now the logic splits depending on command type */
+    cdp = &e->cmd_defns[idx];
+    switch (cmd) {
+    case ENGINE_CTRL_GET_NEXT_CMD_TYPE:
+        cdp++;
+        return int_ctrl_cmd_is_null(cdp) ? 0 : cdp->cmd_num;
+    case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
+        return strlen(cdp->cmd_name);
+    case ENGINE_CTRL_GET_NAME_FROM_CMD:
+        return strlen(strcpy(s, cdp->cmd_name));
+    case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
+        return strlen(cdp->cmd_desc == NULL ? int_no_description
+                                            : cdp->cmd_desc);
+    case ENGINE_CTRL_GET_DESC_FROM_CMD:
+        return strlen(strcpy(s, cdp->cmd_desc == NULL ? int_no_description
+                                                      : cdp->cmd_desc));
+    case ENGINE_CTRL_GET_CMD_FLAGS:
+        return cdp->cmd_flags;
+    }
+    /* Shouldn't really be here ... */
+    ENGINEerr(ENGINE_F_INT_CTRL_HELPER, ENGINE_R_INTERNAL_LIST_ERROR);
+    return -1;
+}
+
+int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
+{
+    int ctrl_exists, ref_exists;
+    if (e == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    ref_exists = ((e->struct_ref > 0) ? 1 : 0);
+    CRYPTO_THREAD_unlock(global_engine_lock);
+    ctrl_exists = ((e->ctrl == NULL) ? 0 : 1);
+    if (!ref_exists) {
+        ENGINEerr(ENGINE_F_ENGINE_CTRL, ENGINE_R_NO_REFERENCE);
+        return 0;
+    }
+    /*
+     * Intercept any "root-level" commands before trying to hand them on to
+     * ctrl() handlers.
+     */
+    switch (cmd) {
+    case ENGINE_CTRL_HAS_CTRL_FUNCTION:
+        return ctrl_exists;
+    case ENGINE_CTRL_GET_FIRST_CMD_TYPE:
+    case ENGINE_CTRL_GET_NEXT_CMD_TYPE:
+    case ENGINE_CTRL_GET_CMD_FROM_NAME:
+    case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
+    case ENGINE_CTRL_GET_NAME_FROM_CMD:
+    case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
+    case ENGINE_CTRL_GET_DESC_FROM_CMD:
+    case ENGINE_CTRL_GET_CMD_FLAGS:
+        if (ctrl_exists && !(e->flags & ENGINE_FLAGS_MANUAL_CMD_CTRL))
+            return int_ctrl_helper(e, cmd, i, p, f);
+        if (!ctrl_exists) {
+            ENGINEerr(ENGINE_F_ENGINE_CTRL, ENGINE_R_NO_CONTROL_FUNCTION);
+            /*
+             * For these cmd-related functions, failure is indicated by a -1
+             * return value (because 0 is used as a valid return in some
+             * places).
+             */
+            return -1;
+        }
+    default:
+        break;
+    }
+    /* Anything else requires a ctrl() handler to exist. */
+    if (!ctrl_exists) {
+        ENGINEerr(ENGINE_F_ENGINE_CTRL, ENGINE_R_NO_CONTROL_FUNCTION);
+        return 0;
+    }
+    return e->ctrl(e, cmd, i, p, f);
+}
+
+int ENGINE_cmd_is_executable(ENGINE *e, int cmd)
+{
+    int flags;
+    if ((flags =
+         ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, cmd, NULL, NULL)) < 0) {
+        ENGINEerr(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE,
+                  ENGINE_R_INVALID_CMD_NUMBER);
+        return 0;
+    }
+    if (!(flags & ENGINE_CMD_FLAG_NO_INPUT) &&
+        !(flags & ENGINE_CMD_FLAG_NUMERIC) &&
+        !(flags & ENGINE_CMD_FLAG_STRING))
+        return 0;
+    return 1;
+}
+
+int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
+                    long i, void *p, void (*f) (void), int cmd_optional)
+{
+    int num;
+
+    if (e == NULL || cmd_name == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if (e->ctrl == NULL
+        || (num = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FROM_NAME,
+                              0, (void *)cmd_name, NULL)) <= 0) {
+        /*
+         * If the command didn't *have* to be supported, we fake success.
+         * This allows certain settings to be specified for multiple ENGINEs
+         * and only require a change of ENGINE id (without having to
+         * selectively apply settings). Eg. changing from a hardware device
+         * back to the regular software ENGINE without editing the config
+         * file, etc.
+         */
+        if (cmd_optional) {
+            ERR_clear_error();
+            return 1;
+        }
+        ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD, ENGINE_R_INVALID_CMD_NAME);
+        return 0;
+    }
+    /*
+     * Force the result of the control command to 0 or 1, for the reasons
+     * mentioned before.
+     */
+    if (ENGINE_ctrl(e, num, i, p, f) > 0)
+        return 1;
+    return 0;
+}
+
+int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
+                           int cmd_optional)
+{
+    int num, flags;
+    long l;
+    char *ptr;
+
+    if (e == NULL || cmd_name == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if (e->ctrl == NULL
+        || (num = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FROM_NAME,
+                              0, (void *)cmd_name, NULL)) <= 0) {
+        /*
+         * If the command didn't *have* to be supported, we fake success.
+         * This allows certain settings to be specified for multiple ENGINEs
+         * and only require a change of ENGINE id (without having to
+         * selectively apply settings). Eg. changing from a hardware device
+         * back to the regular software ENGINE without editing the config
+         * file, etc.
+         */
+        if (cmd_optional) {
+            ERR_clear_error();
+            return 1;
+        }
+        ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, ENGINE_R_INVALID_CMD_NAME);
+        return 0;
+    }
+    if (!ENGINE_cmd_is_executable(e, num)) {
+        ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+                  ENGINE_R_CMD_NOT_EXECUTABLE);
+        return 0;
+    }
+
+    flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num, NULL, NULL);
+    if (flags < 0) {
+        /*
+         * Shouldn't happen, given that ENGINE_cmd_is_executable() returned
+         * success.
+         */
+        ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+                  ENGINE_R_INTERNAL_LIST_ERROR);
+        return 0;
+    }
+    /*
+     * If the command takes no input, there must be no input. And vice versa.
+     */
+    if (flags & ENGINE_CMD_FLAG_NO_INPUT) {
+        if (arg != NULL) {
+            ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+                      ENGINE_R_COMMAND_TAKES_NO_INPUT);
+            return 0;
+        }
+        /*
+         * We deliberately force the result of ENGINE_ctrl() to 0 or 1 rather
+         * than returning it as "return data". This is to ensure usage of
+         * these commands is consistent across applications and that certain
+         * applications don't understand it one way, and others another.
+         */
+        if (ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0)
+            return 1;
+        return 0;
+    }
+    /* So, we require input */
+    if (arg == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+                  ENGINE_R_COMMAND_TAKES_INPUT);
+        return 0;
+    }
+    /* If it takes string input, that's easy */
+    if (flags & ENGINE_CMD_FLAG_STRING) {
+        /* Same explanation as above */
+        if (ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0)
+            return 1;
+        return 0;
+    }
+    /*
+     * If it doesn't take numeric either, then it is unsupported for use in a
+     * config-setting situation, which is what this function is for. This
+     * should never happen though, because ENGINE_cmd_is_executable() was
+     * used.
+     */
+    if (!(flags & ENGINE_CMD_FLAG_NUMERIC)) {
+        ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+                  ENGINE_R_INTERNAL_LIST_ERROR);
+        return 0;
+    }
+    l = strtol(arg, &ptr, 10);
+    if ((arg == ptr) || (*ptr != '\0')) {
+        ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+                  ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER);
+        return 0;
+    }
+    /*
+     * Force the result of the control command to 0 or 1, for the reasons
+     * mentioned before.
+     */
+    if (ENGINE_ctrl(e, num, l, NULL, NULL) > 0)
+        return 1;
+    return 0;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_devcrypto.c b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_devcrypto.c
new file mode 100644
index 000000000..717d7c277
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_devcrypto.c
@@ -0,0 +1,836 @@
+/*
+ * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <sys/ioctl.h>
+#include <unistd.h>
+#include <assert.h>
+
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <openssl/engine.h>
+#include <openssl/objects.h>
+#include <crypto/cryptodev.h>
+
+#include "internal/engine.h"
+
+/* #define ENGINE_DEVCRYPTO_DEBUG */
+
+#ifdef CRYPTO_ALGORITHM_MIN
+# define CHECK_BSD_STYLE_MACROS
+#endif
+
+/*
+ * ONE global file descriptor for all sessions.  This allows operations
+ * such as digest session data copying (see digest_copy()), but is also
+ * saner...  why re-open /dev/crypto for every session?
+ */
+static int cfd;
+
+static int clean_devcrypto_session(struct session_op *sess) {
+    if (ioctl(cfd, CIOCFSESSION, &sess->ses) < 0) {
+        SYSerr(SYS_F_IOCTL, errno);
+        return 0;
+    }
+    memset(sess, 0, sizeof(struct session_op));
+    return 1;
+}
+
+/******************************************************************************
+ *
+ * Ciphers
+ *
+ * Because they all do the same basic operation, we have only one set of
+ * method functions for them all to share, and a mapping table between
+ * NIDs and cryptodev IDs, with all the necessary size data.
+ *
+ *****/
+
+struct cipher_ctx {
+    struct session_op sess;
+    int op;                      /* COP_ENCRYPT or COP_DECRYPT */
+    unsigned long mode;          /* EVP_CIPH_*_MODE */
+
+    /* to handle ctr mode being a stream cipher */
+    unsigned char partial[EVP_MAX_BLOCK_LENGTH];
+    unsigned int blocksize, num;
+};
+
+static const struct cipher_data_st {
+    int nid;
+    int blocksize;
+    int keylen;
+    int ivlen;
+    int flags;
+    int devcryptoid;
+} cipher_data[] = {
+#ifndef OPENSSL_NO_DES
+    { NID_des_cbc, 8, 8, 8, EVP_CIPH_CBC_MODE, CRYPTO_DES_CBC },
+    { NID_des_ede3_cbc, 8, 24, 8, EVP_CIPH_CBC_MODE, CRYPTO_3DES_CBC },
+#endif
+#ifndef OPENSSL_NO_BF
+    { NID_bf_cbc, 8, 16, 8, EVP_CIPH_CBC_MODE, CRYPTO_BLF_CBC },
+#endif
+#ifndef OPENSSL_NO_CAST
+    { NID_cast5_cbc, 8, 16, 8, EVP_CIPH_CBC_MODE, CRYPTO_CAST_CBC },
+#endif
+    { NID_aes_128_cbc, 16, 128 / 8, 16, EVP_CIPH_CBC_MODE, CRYPTO_AES_CBC },
+    { NID_aes_192_cbc, 16, 192 / 8, 16, EVP_CIPH_CBC_MODE, CRYPTO_AES_CBC },
+    { NID_aes_256_cbc, 16, 256 / 8, 16, EVP_CIPH_CBC_MODE, CRYPTO_AES_CBC },
+#ifndef OPENSSL_NO_RC4
+    { NID_rc4, 1, 16, 0, EVP_CIPH_STREAM_CIPHER, CRYPTO_ARC4 },
+#endif
+#if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_AES_CTR)
+    { NID_aes_128_ctr, 16, 128 / 8, 16, EVP_CIPH_CTR_MODE, CRYPTO_AES_CTR },
+    { NID_aes_192_ctr, 16, 192 / 8, 16, EVP_CIPH_CTR_MODE, CRYPTO_AES_CTR },
+    { NID_aes_256_ctr, 16, 256 / 8, 16, EVP_CIPH_CTR_MODE, CRYPTO_AES_CTR },
+#endif
+#if 0                            /* Not yet supported */
+    { NID_aes_128_xts, 16, 128 / 8 * 2, 16, EVP_CIPH_XTS_MODE, CRYPTO_AES_XTS },
+    { NID_aes_256_xts, 16, 256 / 8 * 2, 16, EVP_CIPH_XTS_MODE, CRYPTO_AES_XTS },
+#endif
+#if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_AES_ECB)
+    { NID_aes_128_ecb, 16, 128 / 8, 0, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB },
+    { NID_aes_192_ecb, 16, 192 / 8, 0, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB },
+    { NID_aes_256_ecb, 16, 256 / 8, 0, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB },
+#endif
+#if 0                            /* Not yet supported */
+    { NID_aes_128_gcm, 16, 128 / 8, 16, EVP_CIPH_GCM_MODE, CRYPTO_AES_GCM },
+    { NID_aes_192_gcm, 16, 192 / 8, 16, EVP_CIPH_GCM_MODE, CRYPTO_AES_GCM },
+    { NID_aes_256_gcm, 16, 256 / 8, 16, EVP_CIPH_GCM_MODE, CRYPTO_AES_GCM },
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+    { NID_camellia_128_cbc, 16, 128 / 8, 16, EVP_CIPH_CBC_MODE,
+      CRYPTO_CAMELLIA_CBC },
+    { NID_camellia_192_cbc, 16, 192 / 8, 16, EVP_CIPH_CBC_MODE,
+      CRYPTO_CAMELLIA_CBC },
+    { NID_camellia_256_cbc, 16, 256 / 8, 16, EVP_CIPH_CBC_MODE,
+      CRYPTO_CAMELLIA_CBC },
+#endif
+};
+
+static size_t get_cipher_data_index(int nid)
+{
+    size_t i;
+
+    for (i = 0; i < OSSL_NELEM(cipher_data); i++)
+        if (nid == cipher_data[i].nid)
+            return i;
+
+    /*
+     * Code further down must make sure that only NIDs in the table above
+     * are used.  If any other NID reaches this function, there's a grave
+     * coding error further down.
+     */
+    assert("Code that never should be reached" == NULL);
+    return -1;
+}
+
+static const struct cipher_data_st *get_cipher_data(int nid)
+{
+    return &cipher_data[get_cipher_data_index(nid)];
+}
+
+/*
+ * Following are the three necessary functions to map OpenSSL functionality
+ * with cryptodev.
+ */
+
+static int cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                       const unsigned char *iv, int enc)
+{
+    struct cipher_ctx *cipher_ctx =
+        (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
+    const struct cipher_data_st *cipher_d =
+        get_cipher_data(EVP_CIPHER_CTX_nid(ctx));
+
+    /* cleanup a previous session */
+    if (cipher_ctx->sess.ses != 0 &&
+        clean_devcrypto_session(&cipher_ctx->sess) == 0)
+        return 0;
+
+    cipher_ctx->sess.cipher = cipher_d->devcryptoid;
+    cipher_ctx->sess.keylen = cipher_d->keylen;
+    cipher_ctx->sess.key = (void *)key;
+    cipher_ctx->op = enc ? COP_ENCRYPT : COP_DECRYPT;
+    cipher_ctx->mode = cipher_d->flags & EVP_CIPH_MODE;
+    cipher_ctx->blocksize = cipher_d->blocksize;
+    if (ioctl(cfd, CIOCGSESSION, &cipher_ctx->sess) < 0) {
+        SYSerr(SYS_F_IOCTL, errno);
+        return 0;
+    }
+
+    return 1;
+}
+
+static int cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                            const unsigned char *in, size_t inl)
+{
+    struct cipher_ctx *cipher_ctx =
+        (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
+    struct crypt_op cryp;
+    unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
+#if !defined(COP_FLAG_WRITE_IV)
+    unsigned char saved_iv[EVP_MAX_IV_LENGTH];
+    const unsigned char *ivptr;
+    size_t nblocks, ivlen;
+#endif
+
+    memset(&cryp, 0, sizeof(cryp));
+    cryp.ses = cipher_ctx->sess.ses;
+    cryp.len = inl;
+    cryp.src = (void *)in;
+    cryp.dst = (void *)out;
+    cryp.iv = (void *)iv;
+    cryp.op = cipher_ctx->op;
+#if !defined(COP_FLAG_WRITE_IV)
+    cryp.flags = 0;
+
+    ivlen = EVP_CIPHER_CTX_iv_length(ctx);
+    if (ivlen > 0)
+        switch (cipher_ctx->mode) {
+        case EVP_CIPH_CBC_MODE:
+            assert(inl >= ivlen);
+            if (!EVP_CIPHER_CTX_encrypting(ctx)) {
+                ivptr = in + inl - ivlen;
+                memcpy(saved_iv, ivptr, ivlen);
+            }
+            break;
+
+        case EVP_CIPH_CTR_MODE:
+            break;
+
+        default: /* should not happen */
+            return 0;
+        }
+#else
+    cryp.flags = COP_FLAG_WRITE_IV;
+#endif
+
+    if (ioctl(cfd, CIOCCRYPT, &cryp) < 0) {
+        SYSerr(SYS_F_IOCTL, errno);
+        return 0;
+    }
+
+#if !defined(COP_FLAG_WRITE_IV)
+    if (ivlen > 0)
+        switch (cipher_ctx->mode) {
+        case EVP_CIPH_CBC_MODE:
+            assert(inl >= ivlen);
+            if (EVP_CIPHER_CTX_encrypting(ctx))
+                ivptr = out + inl - ivlen;
+            else
+                ivptr = saved_iv;
+
+            memcpy(iv, ivptr, ivlen);
+            break;
+
+        case EVP_CIPH_CTR_MODE:
+            nblocks = (inl + cipher_ctx->blocksize - 1)
+                      / cipher_ctx->blocksize;
+            do {
+                ivlen--;
+                nblocks += iv[ivlen];
+                iv[ivlen] = (uint8_t) nblocks;
+                nblocks >>= 8;
+            } while (ivlen);
+            break;
+
+        default: /* should not happen */
+            return 0;
+        }
+#endif
+
+    return 1;
+}
+
+static int ctr_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                         const unsigned char *in, size_t inl)
+{
+    struct cipher_ctx *cipher_ctx =
+        (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
+    size_t nblocks, len;
+
+    /* initial partial block */
+    while (cipher_ctx->num && inl) {
+        (*out++) = *(in++) ^ cipher_ctx->partial[cipher_ctx->num];
+        --inl;
+        cipher_ctx->num = (cipher_ctx->num + 1) % cipher_ctx->blocksize;
+    }
+
+    /* full blocks */
+    if (inl > (unsigned int) cipher_ctx->blocksize) {
+        nblocks = inl/cipher_ctx->blocksize;
+        len = nblocks * cipher_ctx->blocksize;
+        if (cipher_do_cipher(ctx, out, in, len) < 1)
+            return 0;
+        inl -= len;
+        out += len;
+        in += len;
+    }
+
+    /* final partial block */
+    if (inl) {
+        memset(cipher_ctx->partial, 0, cipher_ctx->blocksize);
+        if (cipher_do_cipher(ctx, cipher_ctx->partial, cipher_ctx->partial,
+            cipher_ctx->blocksize) < 1)
+            return 0;
+        while (inl--) {
+            out[cipher_ctx->num] = in[cipher_ctx->num]
+                                   ^ cipher_ctx->partial[cipher_ctx->num];
+            cipher_ctx->num++;
+        }
+    }
+
+    return 1;
+}
+
+static int cipher_ctrl(EVP_CIPHER_CTX *ctx, int type, int p1, void* p2)
+{
+    struct cipher_ctx *cipher_ctx =
+        (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
+    EVP_CIPHER_CTX *to_ctx = (EVP_CIPHER_CTX *)p2;
+    struct cipher_ctx *to_cipher_ctx;
+
+    switch (type) {
+    case EVP_CTRL_COPY:
+        if (cipher_ctx == NULL)
+            return 1;
+        /* when copying the context, a new session needs to be initialized */
+        to_cipher_ctx =
+            (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(to_ctx);
+        memset(&to_cipher_ctx->sess, 0, sizeof(to_cipher_ctx->sess));
+        return cipher_init(to_ctx, cipher_ctx->sess.key, EVP_CIPHER_CTX_iv(ctx),
+                           (cipher_ctx->op == COP_ENCRYPT));
+
+    case EVP_CTRL_INIT:
+        memset(&cipher_ctx->sess, 0, sizeof(cipher_ctx->sess));
+        return 1;
+
+    default:
+        break;
+    }
+
+    return -1;
+}
+
+static int cipher_cleanup(EVP_CIPHER_CTX *ctx)
+{
+    struct cipher_ctx *cipher_ctx =
+        (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
+
+    return clean_devcrypto_session(&cipher_ctx->sess);
+}
+
+/*
+ * Keep a table of known nids and associated methods.
+ * Note that known_cipher_nids[] isn't necessarily indexed the same way as
+ * cipher_data[] above, which known_cipher_methods[] is.
+ */
+static int known_cipher_nids[OSSL_NELEM(cipher_data)];
+static int known_cipher_nids_amount = -1; /* -1 indicates not yet initialised */
+static EVP_CIPHER *known_cipher_methods[OSSL_NELEM(cipher_data)] = { NULL, };
+
+static void prepare_cipher_methods(void)
+{
+    size_t i;
+    struct session_op sess;
+    unsigned long cipher_mode;
+
+    memset(&sess, 0, sizeof(sess));
+    sess.key = (void *)"01234567890123456789012345678901234567890123456789";
+
+    for (i = 0, known_cipher_nids_amount = 0;
+         i < OSSL_NELEM(cipher_data); i++) {
+
+        /*
+         * Check that the algo is really availably by trying to open and close
+         * a session.
+         */
+        sess.cipher = cipher_data[i].devcryptoid;
+        sess.keylen = cipher_data[i].keylen;
+        if (ioctl(cfd, CIOCGSESSION, &sess) < 0
+            || ioctl(cfd, CIOCFSESSION, &sess.ses) < 0)
+            continue;
+
+        cipher_mode = cipher_data[i].flags & EVP_CIPH_MODE;
+
+        if ((known_cipher_methods[i] =
+                 EVP_CIPHER_meth_new(cipher_data[i].nid,
+                                     cipher_mode == EVP_CIPH_CTR_MODE ? 1 :
+                                                    cipher_data[i].blocksize,
+                                     cipher_data[i].keylen)) == NULL
+            || !EVP_CIPHER_meth_set_iv_length(known_cipher_methods[i],
+                                              cipher_data[i].ivlen)
+            || !EVP_CIPHER_meth_set_flags(known_cipher_methods[i],
+                                          cipher_data[i].flags
+                                          | EVP_CIPH_CUSTOM_COPY
+                                          | EVP_CIPH_CTRL_INIT
+                                          | EVP_CIPH_FLAG_DEFAULT_ASN1)
+            || !EVP_CIPHER_meth_set_init(known_cipher_methods[i], cipher_init)
+            || !EVP_CIPHER_meth_set_do_cipher(known_cipher_methods[i],
+                                     cipher_mode == EVP_CIPH_CTR_MODE ?
+                                              ctr_do_cipher :
+                                              cipher_do_cipher)
+            || !EVP_CIPHER_meth_set_ctrl(known_cipher_methods[i], cipher_ctrl)
+            || !EVP_CIPHER_meth_set_cleanup(known_cipher_methods[i],
+                                            cipher_cleanup)
+            || !EVP_CIPHER_meth_set_impl_ctx_size(known_cipher_methods[i],
+                                                  sizeof(struct cipher_ctx))) {
+            EVP_CIPHER_meth_free(known_cipher_methods[i]);
+            known_cipher_methods[i] = NULL;
+        } else {
+            known_cipher_nids[known_cipher_nids_amount++] =
+                cipher_data[i].nid;
+        }
+    }
+}
+
+static const EVP_CIPHER *get_cipher_method(int nid)
+{
+    size_t i = get_cipher_data_index(nid);
+
+    if (i == (size_t)-1)
+        return NULL;
+    return known_cipher_methods[i];
+}
+
+static int get_cipher_nids(const int **nids)
+{
+    *nids = known_cipher_nids;
+    return known_cipher_nids_amount;
+}
+
+static void destroy_cipher_method(int nid)
+{
+    size_t i = get_cipher_data_index(nid);
+
+    EVP_CIPHER_meth_free(known_cipher_methods[i]);
+    known_cipher_methods[i] = NULL;
+}
+
+static void destroy_all_cipher_methods(void)
+{
+    size_t i;
+
+    for (i = 0; i < OSSL_NELEM(cipher_data); i++)
+        destroy_cipher_method(cipher_data[i].nid);
+}
+
+static int devcrypto_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+                             const int **nids, int nid)
+{
+    if (cipher == NULL)
+        return get_cipher_nids(nids);
+
+    *cipher = get_cipher_method(nid);
+
+    return *cipher != NULL;
+}
+
+/*
+ * We only support digests if the cryptodev implementation supports multiple
+ * data updates and session copying.  Otherwise, we would be forced to maintain
+ * a cache, which is perilous if there's a lot of data coming in (if someone
+ * wants to checksum an OpenSSL tarball, for example).
+ */
+#if defined(CIOCCPHASH) && defined(COP_FLAG_UPDATE) && defined(COP_FLAG_FINAL)
+#define IMPLEMENT_DIGEST
+
+/******************************************************************************
+ *
+ * Digests
+ *
+ * Because they all do the same basic operation, we have only one set of
+ * method functions for them all to share, and a mapping table between
+ * NIDs and cryptodev IDs, with all the necessary size data.
+ *
+ *****/
+
+struct digest_ctx {
+    struct session_op sess;
+    /* This signals that the init function was called, not that it succeeded. */
+    int init_called;
+};
+
+static const struct digest_data_st {
+    int nid;
+    int blocksize;
+    int digestlen;
+    int devcryptoid;
+} digest_data[] = {
+#ifndef OPENSSL_NO_MD5
+    { NID_md5, /* MD5_CBLOCK */ 64, 16, CRYPTO_MD5 },
+#endif
+    { NID_sha1, SHA_CBLOCK, 20, CRYPTO_SHA1 },
+#ifndef OPENSSL_NO_RMD160
+# if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_RIPEMD160)
+    { NID_ripemd160, /* RIPEMD160_CBLOCK */ 64, 20, CRYPTO_RIPEMD160 },
+# endif
+#endif
+#if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_SHA2_224)
+    { NID_sha224, SHA256_CBLOCK, 224 / 8, CRYPTO_SHA2_224 },
+#endif
+#if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_SHA2_256)
+    { NID_sha256, SHA256_CBLOCK, 256 / 8, CRYPTO_SHA2_256 },
+#endif
+#if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_SHA2_384)
+    { NID_sha384, SHA512_CBLOCK, 384 / 8, CRYPTO_SHA2_384 },
+#endif
+#if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_SHA2_512)
+    { NID_sha512, SHA512_CBLOCK, 512 / 8, CRYPTO_SHA2_512 },
+#endif
+};
+
+static size_t get_digest_data_index(int nid)
+{
+    size_t i;
+
+    for (i = 0; i < OSSL_NELEM(digest_data); i++)
+        if (nid == digest_data[i].nid)
+            return i;
+
+    /*
+     * Code further down must make sure that only NIDs in the table above
+     * are used.  If any other NID reaches this function, there's a grave
+     * coding error further down.
+     */
+    assert("Code that never should be reached" == NULL);
+    return -1;
+}
+
+static const struct digest_data_st *get_digest_data(int nid)
+{
+    return &digest_data[get_digest_data_index(nid)];
+}
+
+/*
+ * Following are the four necessary functions to map OpenSSL functionality
+ * with cryptodev.
+ */
+
+static int digest_init(EVP_MD_CTX *ctx)
+{
+    struct digest_ctx *digest_ctx =
+        (struct digest_ctx *)EVP_MD_CTX_md_data(ctx);
+    const struct digest_data_st *digest_d =
+        get_digest_data(EVP_MD_CTX_type(ctx));
+
+    digest_ctx->init_called = 1;
+
+    memset(&digest_ctx->sess, 0, sizeof(digest_ctx->sess));
+    digest_ctx->sess.mac = digest_d->devcryptoid;
+    if (ioctl(cfd, CIOCGSESSION, &digest_ctx->sess) < 0) {
+        SYSerr(SYS_F_IOCTL, errno);
+        return 0;
+    }
+
+    return 1;
+}
+
+static int digest_op(struct digest_ctx *ctx, const void *src, size_t srclen,
+                     void *res, unsigned int flags)
+{
+    struct crypt_op cryp;
+
+    memset(&cryp, 0, sizeof(cryp));
+    cryp.ses = ctx->sess.ses;
+    cryp.len = srclen;
+    cryp.src = (void *)src;
+    cryp.dst = NULL;
+    cryp.mac = res;
+    cryp.flags = flags;
+    return ioctl(cfd, CIOCCRYPT, &cryp);
+}
+
+static int digest_update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    struct digest_ctx *digest_ctx =
+        (struct digest_ctx *)EVP_MD_CTX_md_data(ctx);
+
+    if (count == 0)
+        return 1;
+
+    if (digest_ctx == NULL)
+        return 0;
+
+    if (digest_op(digest_ctx, data, count, NULL, COP_FLAG_UPDATE) < 0) {
+        SYSerr(SYS_F_IOCTL, errno);
+        return 0;
+    }
+
+    return 1;
+}
+
+static int digest_final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    struct digest_ctx *digest_ctx =
+        (struct digest_ctx *)EVP_MD_CTX_md_data(ctx);
+
+    if (md == NULL || digest_ctx == NULL)
+        return 0;
+    if (digest_op(digest_ctx, NULL, 0, md, COP_FLAG_FINAL) < 0) {
+        SYSerr(SYS_F_IOCTL, errno);
+        return 0;
+    }
+
+    return 1;
+}
+
+static int digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
+{
+    struct digest_ctx *digest_from =
+        (struct digest_ctx *)EVP_MD_CTX_md_data(from);
+    struct digest_ctx *digest_to =
+        (struct digest_ctx *)EVP_MD_CTX_md_data(to);
+    struct cphash_op cphash;
+
+    if (digest_from == NULL || digest_from->init_called != 1)
+        return 1;
+
+    if (!digest_init(to)) {
+        SYSerr(SYS_F_IOCTL, errno);
+        return 0;
+    }
+
+    cphash.src_ses = digest_from->sess.ses;
+    cphash.dst_ses = digest_to->sess.ses;
+    if (ioctl(cfd, CIOCCPHASH, &cphash) < 0) {
+        SYSerr(SYS_F_IOCTL, errno);
+        return 0;
+    }
+    return 1;
+}
+
+static int digest_cleanup(EVP_MD_CTX *ctx)
+{
+    struct digest_ctx *digest_ctx =
+        (struct digest_ctx *)EVP_MD_CTX_md_data(ctx);
+
+    if (digest_ctx == NULL)
+        return 1;
+
+    return clean_devcrypto_session(&digest_ctx->sess);
+}
+
+static int devcrypto_test_digest(size_t digest_data_index)
+{
+    struct session_op sess1, sess2;
+    struct cphash_op cphash;
+    int ret=0;
+
+    memset(&sess1, 0, sizeof(sess1));
+    memset(&sess2, 0, sizeof(sess2));
+    sess1.mac = digest_data[digest_data_index].devcryptoid;
+    if (ioctl(cfd, CIOCGSESSION, &sess1) < 0)
+        return 0;
+    /* Make sure the driver is capable of hash state copy */
+    sess2.mac = sess1.mac;
+    if (ioctl(cfd, CIOCGSESSION, &sess2) >= 0) {
+        cphash.src_ses = sess1.ses;
+        cphash.dst_ses = sess2.ses;
+        if (ioctl(cfd, CIOCCPHASH, &cphash) >= 0)
+            ret = 1;
+        ioctl(cfd, CIOCFSESSION, &sess2.ses);
+    }
+    ioctl(cfd, CIOCFSESSION, &sess1.ses);
+    return ret;
+}
+
+/*
+ * Keep a table of known nids and associated methods.
+ * Note that known_digest_nids[] isn't necessarily indexed the same way as
+ * digest_data[] above, which known_digest_methods[] is.
+ */
+static int known_digest_nids[OSSL_NELEM(digest_data)];
+static int known_digest_nids_amount = -1; /* -1 indicates not yet initialised */
+static EVP_MD *known_digest_methods[OSSL_NELEM(digest_data)] = { NULL, };
+
+static void prepare_digest_methods(void)
+{
+    size_t i;
+
+    for (i = 0, known_digest_nids_amount = 0; i < OSSL_NELEM(digest_data);
+         i++) {
+
+        /*
+         * Check that the algo is usable
+         */
+        if (!devcrypto_test_digest(i))
+            continue;
+
+        if ((known_digest_methods[i] = EVP_MD_meth_new(digest_data[i].nid,
+                                                       NID_undef)) == NULL
+            || !EVP_MD_meth_set_input_blocksize(known_digest_methods[i],
+                                                digest_data[i].blocksize)
+            || !EVP_MD_meth_set_result_size(known_digest_methods[i],
+                                            digest_data[i].digestlen)
+            || !EVP_MD_meth_set_init(known_digest_methods[i], digest_init)
+            || !EVP_MD_meth_set_update(known_digest_methods[i], digest_update)
+            || !EVP_MD_meth_set_final(known_digest_methods[i], digest_final)
+            || !EVP_MD_meth_set_copy(known_digest_methods[i], digest_copy)
+            || !EVP_MD_meth_set_cleanup(known_digest_methods[i], digest_cleanup)
+            || !EVP_MD_meth_set_app_datasize(known_digest_methods[i],
+                                             sizeof(struct digest_ctx))) {
+            EVP_MD_meth_free(known_digest_methods[i]);
+            known_digest_methods[i] = NULL;
+        } else {
+            known_digest_nids[known_digest_nids_amount++] = digest_data[i].nid;
+        }
+    }
+}
+
+static const EVP_MD *get_digest_method(int nid)
+{
+    size_t i = get_digest_data_index(nid);
+
+    if (i == (size_t)-1)
+        return NULL;
+    return known_digest_methods[i];
+}
+
+static int get_digest_nids(const int **nids)
+{
+    *nids = known_digest_nids;
+    return known_digest_nids_amount;
+}
+
+static void destroy_digest_method(int nid)
+{
+    size_t i = get_digest_data_index(nid);
+
+    EVP_MD_meth_free(known_digest_methods[i]);
+    known_digest_methods[i] = NULL;
+}
+
+static void destroy_all_digest_methods(void)
+{
+    size_t i;
+
+    for (i = 0; i < OSSL_NELEM(digest_data); i++)
+        destroy_digest_method(digest_data[i].nid);
+}
+
+static int devcrypto_digests(ENGINE *e, const EVP_MD **digest,
+                             const int **nids, int nid)
+{
+    if (digest == NULL)
+        return get_digest_nids(nids);
+
+    *digest = get_digest_method(nid);
+
+    return *digest != NULL;
+}
+
+#endif
+
+/******************************************************************************
+ *
+ * LOAD / UNLOAD
+ *
+ *****/
+
+static int devcrypto_unload(ENGINE *e)
+{
+    destroy_all_cipher_methods();
+#ifdef IMPLEMENT_DIGEST
+    destroy_all_digest_methods();
+#endif
+
+    close(cfd);
+
+    return 1;
+}
+/*
+ * This engine is always built into libcrypto, so it doesn't offer any
+ * ability to be dynamically loadable.
+ */
+void engine_load_devcrypto_int()
+{
+    ENGINE *e = NULL;
+
+    if ((cfd = open("/dev/crypto", O_RDWR, 0)) < 0) {
+#ifndef ENGINE_DEVCRYPTO_DEBUG
+        if (errno != ENOENT)
+#endif
+            fprintf(stderr, "Could not open /dev/crypto: %s\n", strerror(errno));
+        return;
+    }
+
+    if ((e = ENGINE_new()) == NULL
+        || !ENGINE_set_destroy_function(e, devcrypto_unload)) {
+        ENGINE_free(e);
+        /*
+         * We know that devcrypto_unload() won't be called when one of the
+         * above two calls have failed, so we close cfd explicitly here to
+         * avoid leaking resources.
+         */
+        close(cfd);
+        return;
+    }
+
+    prepare_cipher_methods();
+#ifdef IMPLEMENT_DIGEST
+    prepare_digest_methods();
+#endif
+
+    if (!ENGINE_set_id(e, "devcrypto")
+        || !ENGINE_set_name(e, "/dev/crypto engine")
+
+/*
+ * Asymmetric ciphers aren't well supported with /dev/crypto.  Among the BSD
+ * implementations, it seems to only exist in FreeBSD, and regarding the
+ * parameters in its crypt_kop, the manual crypto(4) has this to say:
+ *
+ *    The semantics of these arguments are currently undocumented.
+ *
+ * Reading through the FreeBSD source code doesn't give much more than
+ * their CRK_MOD_EXP implementation for ubsec.
+ *
+ * It doesn't look much better with cryptodev-linux.  They have the crypt_kop
+ * structure as well as the command (CRK_*) in cryptodev.h, but no support
+ * seems to be implemented at all for the moment.
+ *
+ * At the time of writing, it seems impossible to write proper support for
+ * FreeBSD's asym features without some very deep knowledge and access to
+ * specific kernel modules.
+ *
+ * /Richard Levitte, 2017-05-11
+ */
+#if 0
+# ifndef OPENSSL_NO_RSA
+        || !ENGINE_set_RSA(e, devcrypto_rsa)
+# endif
+# ifndef OPENSSL_NO_DSA
+        || !ENGINE_set_DSA(e, devcrypto_dsa)
+# endif
+# ifndef OPENSSL_NO_DH
+        || !ENGINE_set_DH(e, devcrypto_dh)
+# endif
+# ifndef OPENSSL_NO_EC
+        || !ENGINE_set_EC(e, devcrypto_ec)
+# endif
+#endif
+        || !ENGINE_set_ciphers(e, devcrypto_ciphers)
+#ifdef IMPLEMENT_DIGEST
+        || !ENGINE_set_digests(e, devcrypto_digests)
+#endif
+        ) {
+        ENGINE_free(e);
+        return;
+    }
+
+    ENGINE_add(e);
+    ENGINE_free(e);          /* Loose our local reference */
+    ERR_clear_error();
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_dyn.c b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_dyn.c
new file mode 100644
index 000000000..843226c07
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_dyn.c
@@ -0,0 +1,510 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "eng_int.h"
+#include "internal/dso.h"
+#include <openssl/crypto.h>
+
+/*
+ * Shared libraries implementing ENGINEs for use by the "dynamic" ENGINE
+ * loader should implement the hook-up functions with the following
+ * prototypes.
+ */
+
+/* Our ENGINE handlers */
+static int dynamic_init(ENGINE *e);
+static int dynamic_finish(ENGINE *e);
+static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p,
+                        void (*f) (void));
+/* Predeclare our context type */
+typedef struct st_dynamic_data_ctx dynamic_data_ctx;
+/* The implementation for the important control command */
+static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx);
+
+#define DYNAMIC_CMD_SO_PATH             ENGINE_CMD_BASE
+#define DYNAMIC_CMD_NO_VCHECK           (ENGINE_CMD_BASE + 1)
+#define DYNAMIC_CMD_ID                  (ENGINE_CMD_BASE + 2)
+#define DYNAMIC_CMD_LIST_ADD            (ENGINE_CMD_BASE + 3)
+#define DYNAMIC_CMD_DIR_LOAD            (ENGINE_CMD_BASE + 4)
+#define DYNAMIC_CMD_DIR_ADD             (ENGINE_CMD_BASE + 5)
+#define DYNAMIC_CMD_LOAD                (ENGINE_CMD_BASE + 6)
+
+/* The constants used when creating the ENGINE */
+static const char *engine_dynamic_id = "dynamic";
+static const char *engine_dynamic_name = "Dynamic engine loading support";
+static const ENGINE_CMD_DEFN dynamic_cmd_defns[] = {
+    {DYNAMIC_CMD_SO_PATH,
+     "SO_PATH",
+     "Specifies the path to the new ENGINE shared library",
+     ENGINE_CMD_FLAG_STRING},
+    {DYNAMIC_CMD_NO_VCHECK,
+     "NO_VCHECK",
+     "Specifies to continue even if version checking fails (boolean)",
+     ENGINE_CMD_FLAG_NUMERIC},
+    {DYNAMIC_CMD_ID,
+     "ID",
+     "Specifies an ENGINE id name for loading",
+     ENGINE_CMD_FLAG_STRING},
+    {DYNAMIC_CMD_LIST_ADD,
+     "LIST_ADD",
+     "Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory)",
+     ENGINE_CMD_FLAG_NUMERIC},
+    {DYNAMIC_CMD_DIR_LOAD,
+     "DIR_LOAD",
+     "Specifies whether to load from 'DIR_ADD' directories (0=no,1=yes,2=mandatory)",
+     ENGINE_CMD_FLAG_NUMERIC},
+    {DYNAMIC_CMD_DIR_ADD,
+     "DIR_ADD",
+     "Adds a directory from which ENGINEs can be loaded",
+     ENGINE_CMD_FLAG_STRING},
+    {DYNAMIC_CMD_LOAD,
+     "LOAD",
+     "Load up the ENGINE specified by other settings",
+     ENGINE_CMD_FLAG_NO_INPUT},
+    {0, NULL, NULL, 0}
+};
+
+/*
+ * Loading code stores state inside the ENGINE structure via the "ex_data"
+ * element. We load all our state into a single structure and use that as a
+ * single context in the "ex_data" stack.
+ */
+struct st_dynamic_data_ctx {
+    /* The DSO object we load that supplies the ENGINE code */
+    DSO *dynamic_dso;
+    /*
+     * The function pointer to the version checking shared library function
+     */
+    dynamic_v_check_fn v_check;
+    /*
+     * The function pointer to the engine-binding shared library function
+     */
+    dynamic_bind_engine bind_engine;
+    /* The default name/path for loading the shared library */
+    char *DYNAMIC_LIBNAME;
+    /* Whether to continue loading on a version check failure */
+    int no_vcheck;
+    /* If non-NULL, stipulates the 'id' of the ENGINE to be loaded */
+    char *engine_id;
+    /*
+     * If non-zero, a successfully loaded ENGINE should be added to the
+     * internal ENGINE list. If 2, the add must succeed or the entire load
+     * should fail.
+     */
+    int list_add_value;
+    /* The symbol name for the version checking function */
+    const char *DYNAMIC_F1;
+    /* The symbol name for the "initialise ENGINE structure" function */
+    const char *DYNAMIC_F2;
+    /*
+     * Whether to never use 'dirs', use 'dirs' as a fallback, or only use
+     * 'dirs' for loading. Default is to use 'dirs' as a fallback.
+     */
+    int dir_load;
+    /* A stack of directories from which ENGINEs could be loaded */
+    STACK_OF(OPENSSL_STRING) *dirs;
+};
+
+/*
+ * This is the "ex_data" index we obtain and reserve for use with our context
+ * structure.
+ */
+static int dynamic_ex_data_idx = -1;
+
+static void int_free_str(char *s)
+{
+    OPENSSL_free(s);
+}
+
+/*
+ * Because our ex_data element may or may not get allocated depending on
+ * whether a "first-use" occurs before the ENGINE is freed, we have a memory
+ * leak problem to solve. We can't declare a "new" handler for the ex_data as
+ * we don't want a dynamic_data_ctx in *all* ENGINE structures of all types
+ * (this is a bug in the design of CRYPTO_EX_DATA). As such, we just declare
+ * a "free" handler and that will get called if an ENGINE is being destroyed
+ * and there was an ex_data element corresponding to our context type.
+ */
+static void dynamic_data_ctx_free_func(void *parent, void *ptr,
+                                       CRYPTO_EX_DATA *ad, int idx, long argl,
+                                       void *argp)
+{
+    if (ptr) {
+        dynamic_data_ctx *ctx = (dynamic_data_ctx *)ptr;
+        DSO_free(ctx->dynamic_dso);
+        OPENSSL_free(ctx->DYNAMIC_LIBNAME);
+        OPENSSL_free(ctx->engine_id);
+        sk_OPENSSL_STRING_pop_free(ctx->dirs, int_free_str);
+        OPENSSL_free(ctx);
+    }
+}
+
+/*
+ * Construct the per-ENGINE context. We create it blindly and then use a lock
+ * to check for a race - if so, all but one of the threads "racing" will have
+ * wasted their time. The alternative involves creating everything inside the
+ * lock which is far worse.
+ */
+static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx)
+{
+    dynamic_data_ctx *c = OPENSSL_zalloc(sizeof(*c));
+    int ret = 1;
+
+    if (c == NULL) {
+        ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    c->dirs = sk_OPENSSL_STRING_new_null();
+    if (c->dirs == NULL) {
+        ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(c);
+        return 0;
+    }
+    c->DYNAMIC_F1 = "v_check";
+    c->DYNAMIC_F2 = "bind_engine";
+    c->dir_load = 1;
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    if ((*ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e,
+                                                       dynamic_ex_data_idx))
+        == NULL) {
+        /* Good, we're the first */
+        ret = ENGINE_set_ex_data(e, dynamic_ex_data_idx, c);
+        if (ret) {
+            *ctx = c;
+            c = NULL;
+        }
+    }
+    CRYPTO_THREAD_unlock(global_engine_lock);
+    /*
+     * If we lost the race to set the context, c is non-NULL and *ctx is the
+     * context of the thread that won.
+     */
+    if (c)
+        sk_OPENSSL_STRING_free(c->dirs);
+    OPENSSL_free(c);
+    return ret;
+}
+
+/*
+ * This function retrieves the context structure from an ENGINE's "ex_data",
+ * or if it doesn't exist yet, sets it up.
+ */
+static dynamic_data_ctx *dynamic_get_data_ctx(ENGINE *e)
+{
+    dynamic_data_ctx *ctx;
+    if (dynamic_ex_data_idx < 0) {
+        /*
+         * Create and register the ENGINE ex_data, and associate our "free"
+         * function with it to ensure any allocated contexts get freed when
+         * an ENGINE goes underground.
+         */
+        int new_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL,
+                                              dynamic_data_ctx_free_func);
+        if (new_idx == -1) {
+            ENGINEerr(ENGINE_F_DYNAMIC_GET_DATA_CTX, ENGINE_R_NO_INDEX);
+            return NULL;
+        }
+        CRYPTO_THREAD_write_lock(global_engine_lock);
+        /* Avoid a race by checking again inside this lock */
+        if (dynamic_ex_data_idx < 0) {
+            /* Good, someone didn't beat us to it */
+            dynamic_ex_data_idx = new_idx;
+            new_idx = -1;
+        }
+        CRYPTO_THREAD_unlock(global_engine_lock);
+        /*
+         * In theory we could "give back" the index here if (new_idx>-1), but
+         * it's not possible and wouldn't gain us much if it were.
+         */
+    }
+    ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e, dynamic_ex_data_idx);
+    /* Check if the context needs to be created */
+    if ((ctx == NULL) && !dynamic_set_data_ctx(e, &ctx))
+        /* "set_data" will set errors if necessary */
+        return NULL;
+    return ctx;
+}
+
+static ENGINE *engine_dynamic(void)
+{
+    ENGINE *ret = ENGINE_new();
+    if (ret == NULL)
+        return NULL;
+    if (!ENGINE_set_id(ret, engine_dynamic_id) ||
+        !ENGINE_set_name(ret, engine_dynamic_name) ||
+        !ENGINE_set_init_function(ret, dynamic_init) ||
+        !ENGINE_set_finish_function(ret, dynamic_finish) ||
+        !ENGINE_set_ctrl_function(ret, dynamic_ctrl) ||
+        !ENGINE_set_flags(ret, ENGINE_FLAGS_BY_ID_COPY) ||
+        !ENGINE_set_cmd_defns(ret, dynamic_cmd_defns)) {
+        ENGINE_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+void engine_load_dynamic_int(void)
+{
+    ENGINE *toadd = engine_dynamic();
+    if (!toadd)
+        return;
+    ENGINE_add(toadd);
+    /*
+     * If the "add" worked, it gets a structural reference. So either way, we
+     * release our just-created reference.
+     */
+    ENGINE_free(toadd);
+    /*
+     * If the "add" didn't work, it was probably a conflict because it was
+     * already added (eg. someone calling ENGINE_load_blah then calling
+     * ENGINE_load_builtin_engines() perhaps).
+     */
+    ERR_clear_error();
+}
+
+static int dynamic_init(ENGINE *e)
+{
+    /*
+     * We always return failure - the "dynamic" engine itself can't be used
+     * for anything.
+     */
+    return 0;
+}
+
+static int dynamic_finish(ENGINE *e)
+{
+    /*
+     * This should never be called on account of "dynamic_init" always
+     * failing.
+     */
+    return 0;
+}
+
+static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
+{
+    dynamic_data_ctx *ctx = dynamic_get_data_ctx(e);
+    int initialised;
+
+    if (!ctx) {
+        ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_NOT_LOADED);
+        return 0;
+    }
+    initialised = ((ctx->dynamic_dso == NULL) ? 0 : 1);
+    /* All our control commands require the ENGINE to be uninitialised */
+    if (initialised) {
+        ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_ALREADY_LOADED);
+        return 0;
+    }
+    switch (cmd) {
+    case DYNAMIC_CMD_SO_PATH:
+        /* a NULL 'p' or a string of zero-length is the same thing */
+        if (p && (strlen((const char *)p) < 1))
+            p = NULL;
+        OPENSSL_free(ctx->DYNAMIC_LIBNAME);
+        if (p)
+            ctx->DYNAMIC_LIBNAME = OPENSSL_strdup(p);
+        else
+            ctx->DYNAMIC_LIBNAME = NULL;
+        return (ctx->DYNAMIC_LIBNAME ? 1 : 0);
+    case DYNAMIC_CMD_NO_VCHECK:
+        ctx->no_vcheck = ((i == 0) ? 0 : 1);
+        return 1;
+    case DYNAMIC_CMD_ID:
+        /* a NULL 'p' or a string of zero-length is the same thing */
+        if (p && (strlen((const char *)p) < 1))
+            p = NULL;
+        OPENSSL_free(ctx->engine_id);
+        if (p)
+            ctx->engine_id = OPENSSL_strdup(p);
+        else
+            ctx->engine_id = NULL;
+        return (ctx->engine_id ? 1 : 0);
+    case DYNAMIC_CMD_LIST_ADD:
+        if ((i < 0) || (i > 2)) {
+            ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_INVALID_ARGUMENT);
+            return 0;
+        }
+        ctx->list_add_value = (int)i;
+        return 1;
+    case DYNAMIC_CMD_LOAD:
+        return dynamic_load(e, ctx);
+    case DYNAMIC_CMD_DIR_LOAD:
+        if ((i < 0) || (i > 2)) {
+            ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_INVALID_ARGUMENT);
+            return 0;
+        }
+        ctx->dir_load = (int)i;
+        return 1;
+    case DYNAMIC_CMD_DIR_ADD:
+        /* a NULL 'p' or a string of zero-length is the same thing */
+        if (!p || (strlen((const char *)p) < 1)) {
+            ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_INVALID_ARGUMENT);
+            return 0;
+        }
+        {
+            char *tmp_str = OPENSSL_strdup(p);
+            if (tmp_str == NULL) {
+                ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+            if (!sk_OPENSSL_STRING_push(ctx->dirs, tmp_str)) {
+                OPENSSL_free(tmp_str);
+                ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+        }
+        return 1;
+    default:
+        break;
+    }
+    ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+    return 0;
+}
+
+static int int_load(dynamic_data_ctx *ctx)
+{
+    int num, loop;
+    /* Unless told not to, try a direct load */
+    if ((ctx->dir_load != 2) && (DSO_load(ctx->dynamic_dso,
+                                          ctx->DYNAMIC_LIBNAME, NULL,
+                                          0)) != NULL)
+        return 1;
+    /* If we're not allowed to use 'dirs' or we have none, fail */
+    if (!ctx->dir_load || (num = sk_OPENSSL_STRING_num(ctx->dirs)) < 1)
+        return 0;
+    for (loop = 0; loop < num; loop++) {
+        const char *s = sk_OPENSSL_STRING_value(ctx->dirs, loop);
+        char *merge = DSO_merge(ctx->dynamic_dso, ctx->DYNAMIC_LIBNAME, s);
+        if (!merge)
+            return 0;
+        if (DSO_load(ctx->dynamic_dso, merge, NULL, 0)) {
+            /* Found what we're looking for */
+            OPENSSL_free(merge);
+            return 1;
+        }
+        OPENSSL_free(merge);
+    }
+    return 0;
+}
+
+static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx)
+{
+    ENGINE cpy;
+    dynamic_fns fns;
+
+    if (ctx->dynamic_dso == NULL)
+        ctx->dynamic_dso = DSO_new();
+    if (ctx->dynamic_dso == NULL)
+        return 0;
+    if (!ctx->DYNAMIC_LIBNAME) {
+        if (!ctx->engine_id)
+            return 0;
+        DSO_ctrl(ctx->dynamic_dso, DSO_CTRL_SET_FLAGS,
+                 DSO_FLAG_NAME_TRANSLATION_EXT_ONLY, NULL);
+        ctx->DYNAMIC_LIBNAME =
+            DSO_convert_filename(ctx->dynamic_dso, ctx->engine_id);
+    }
+    if (!int_load(ctx)) {
+        ENGINEerr(ENGINE_F_DYNAMIC_LOAD, ENGINE_R_DSO_NOT_FOUND);
+        DSO_free(ctx->dynamic_dso);
+        ctx->dynamic_dso = NULL;
+        return 0;
+    }
+    /* We have to find a bind function otherwise it'll always end badly */
+    if (!
+        (ctx->bind_engine =
+         (dynamic_bind_engine) DSO_bind_func(ctx->dynamic_dso,
+                                             ctx->DYNAMIC_F2))) {
+        ctx->bind_engine = NULL;
+        DSO_free(ctx->dynamic_dso);
+        ctx->dynamic_dso = NULL;
+        ENGINEerr(ENGINE_F_DYNAMIC_LOAD, ENGINE_R_DSO_FAILURE);
+        return 0;
+    }
+    /* Do we perform version checking? */
+    if (!ctx->no_vcheck) {
+        unsigned long vcheck_res = 0;
+        /*
+         * Now we try to find a version checking function and decide how to
+         * cope with failure if/when it fails.
+         */
+        ctx->v_check =
+            (dynamic_v_check_fn) DSO_bind_func(ctx->dynamic_dso,
+                                               ctx->DYNAMIC_F1);
+        if (ctx->v_check)
+            vcheck_res = ctx->v_check(OSSL_DYNAMIC_VERSION);
+        /*
+         * We fail if the version checker veto'd the load *or* if it is
+         * deferring to us (by returning its version) and we think it is too
+         * old.
+         */
+        if (vcheck_res < OSSL_DYNAMIC_OLDEST) {
+            /* Fail */
+            ctx->bind_engine = NULL;
+            ctx->v_check = NULL;
+            DSO_free(ctx->dynamic_dso);
+            ctx->dynamic_dso = NULL;
+            ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
+                      ENGINE_R_VERSION_INCOMPATIBILITY);
+            return 0;
+        }
+    }
+    /*
+     * First binary copy the ENGINE structure so that we can roll back if the
+     * hand-over fails
+     */
+    memcpy(&cpy, e, sizeof(ENGINE));
+    /*
+     * Provide the ERR, "ex_data", memory, and locking callbacks so the
+     * loaded library uses our state rather than its own. FIXME: As noted in
+     * engine.h, much of this would be simplified if each area of code
+     * provided its own "summary" structure of all related callbacks. It
+     * would also increase opaqueness.
+     */
+    fns.static_state = ENGINE_get_static_state();
+    CRYPTO_get_mem_functions(&fns.mem_fns.malloc_fn, &fns.mem_fns.realloc_fn,
+                             &fns.mem_fns.free_fn);
+    /*
+     * Now that we've loaded the dynamic engine, make sure no "dynamic"
+     * ENGINE elements will show through.
+     */
+    engine_set_all_null(e);
+
+    /* Try to bind the ENGINE onto our own ENGINE structure */
+    if (!ctx->bind_engine(e, ctx->engine_id, &fns)) {
+        ctx->bind_engine = NULL;
+        ctx->v_check = NULL;
+        DSO_free(ctx->dynamic_dso);
+        ctx->dynamic_dso = NULL;
+        ENGINEerr(ENGINE_F_DYNAMIC_LOAD, ENGINE_R_INIT_FAILED);
+        /* Copy the original ENGINE structure back */
+        memcpy(e, &cpy, sizeof(ENGINE));
+        return 0;
+    }
+    /* Do we try to add this ENGINE to the internal list too? */
+    if (ctx->list_add_value > 0) {
+        if (!ENGINE_add(e)) {
+            /* Do we tolerate this or fail? */
+            if (ctx->list_add_value > 1) {
+                /*
+                 * Fail - NB: By this time, it's too late to rollback, and
+                 * trying to do so allows the bind_engine() code to have
+                 * created leaks. We just have to fail where we are, after
+                 * the ENGINE has changed.
+                 */
+                ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
+                          ENGINE_R_CONFLICTING_ENGINE_ID);
+                return 0;
+            }
+            /* Tolerate */
+            ERR_clear_error();
+        }
+    }
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_err.c b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_err.c
new file mode 100644
index 000000000..bd1aefa18
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_err.c
@@ -0,0 +1,154 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/engineerr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA ENGINE_str_functs[] = {
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_DIGEST_UPDATE, 0), "digest_update"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_DYNAMIC_CTRL, 0), "dynamic_ctrl"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_DYNAMIC_GET_DATA_CTX, 0),
+     "dynamic_get_data_ctx"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_DYNAMIC_LOAD, 0), "dynamic_load"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_DYNAMIC_SET_DATA_CTX, 0),
+     "dynamic_set_data_ctx"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_ADD, 0), "ENGINE_add"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_BY_ID, 0), "ENGINE_by_id"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_CMD_IS_EXECUTABLE, 0),
+     "ENGINE_cmd_is_executable"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_CTRL, 0), "ENGINE_ctrl"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_CTRL_CMD, 0), "ENGINE_ctrl_cmd"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_CTRL_CMD_STRING, 0),
+     "ENGINE_ctrl_cmd_string"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_FINISH, 0), "ENGINE_finish"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_GET_CIPHER, 0),
+     "ENGINE_get_cipher"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_GET_DIGEST, 0),
+     "ENGINE_get_digest"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_GET_FIRST, 0),
+     "ENGINE_get_first"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_GET_LAST, 0), "ENGINE_get_last"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_GET_NEXT, 0), "ENGINE_get_next"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_GET_PKEY_ASN1_METH, 0),
+     "ENGINE_get_pkey_asn1_meth"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_GET_PKEY_METH, 0),
+     "ENGINE_get_pkey_meth"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_GET_PREV, 0), "ENGINE_get_prev"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_INIT, 0), "ENGINE_init"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_LIST_ADD, 0), "engine_list_add"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_LIST_REMOVE, 0),
+     "engine_list_remove"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, 0),
+     "ENGINE_load_private_key"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, 0),
+     "ENGINE_load_public_key"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT, 0),
+     "ENGINE_load_ssl_client_cert"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_NEW, 0), "ENGINE_new"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_PKEY_ASN1_FIND_STR, 0),
+     "ENGINE_pkey_asn1_find_str"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_REMOVE, 0), "ENGINE_remove"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_SET_DEFAULT_STRING, 0),
+     "ENGINE_set_default_string"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_SET_ID, 0), "ENGINE_set_id"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_SET_NAME, 0), "ENGINE_set_name"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_TABLE_REGISTER, 0),
+     "engine_table_register"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_UNLOCKED_FINISH, 0),
+     "engine_unlocked_finish"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_UP_REF, 0), "ENGINE_up_ref"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_INT_CLEANUP_ITEM, 0),
+     "int_cleanup_item"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_INT_CTRL_HELPER, 0), "int_ctrl_helper"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_INT_ENGINE_CONFIGURE, 0),
+     "int_engine_configure"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_INT_ENGINE_MODULE_INIT, 0),
+     "int_engine_module_init"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_OSSL_HMAC_INIT, 0), "ossl_hmac_init"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA ENGINE_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ALREADY_LOADED), "already loaded"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER),
+    "argument is not a number"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_CMD_NOT_EXECUTABLE),
+    "cmd not executable"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_COMMAND_TAKES_INPUT),
+    "command takes input"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_COMMAND_TAKES_NO_INPUT),
+    "command takes no input"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_CONFLICTING_ENGINE_ID),
+    "conflicting engine id"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED),
+    "ctrl command not implemented"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_DSO_FAILURE), "DSO failure"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_DSO_NOT_FOUND), "dso not found"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ENGINES_SECTION_ERROR),
+    "engines section error"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ENGINE_CONFIGURATION_ERROR),
+    "engine configuration error"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ENGINE_IS_NOT_IN_LIST),
+    "engine is not in the list"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ENGINE_SECTION_ERROR),
+    "engine section error"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_FAILED_LOADING_PRIVATE_KEY),
+    "failed loading private key"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_FAILED_LOADING_PUBLIC_KEY),
+    "failed loading public key"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_FINISH_FAILED), "finish failed"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ID_OR_NAME_MISSING),
+    "'id' or 'name' missing"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INIT_FAILED), "init failed"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INTERNAL_LIST_ERROR),
+    "internal list error"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INVALID_ARGUMENT),
+    "invalid argument"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INVALID_CMD_NAME),
+    "invalid cmd name"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INVALID_CMD_NUMBER),
+    "invalid cmd number"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INVALID_INIT_VALUE),
+    "invalid init value"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INVALID_STRING), "invalid string"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NOT_INITIALISED), "not initialised"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NOT_LOADED), "not loaded"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NO_CONTROL_FUNCTION),
+    "no control function"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NO_INDEX), "no index"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NO_LOAD_FUNCTION),
+    "no load function"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NO_REFERENCE), "no reference"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NO_SUCH_ENGINE), "no such engine"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_UNIMPLEMENTED_CIPHER),
+    "unimplemented cipher"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_UNIMPLEMENTED_DIGEST),
+    "unimplemented digest"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD),
+    "unimplemented public key method"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_VERSION_INCOMPATIBILITY),
+    "version incompatibility"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_ENGINE_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(ENGINE_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(ENGINE_str_functs);
+        ERR_load_strings_const(ENGINE_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_fat.c b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_fat.c
new file mode 100644
index 000000000..591fddc8e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_fat.c
@@ -0,0 +1,123 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "eng_int.h"
+#include <openssl/conf.h>
+
+int ENGINE_set_default(ENGINE *e, unsigned int flags)
+{
+    if ((flags & ENGINE_METHOD_CIPHERS) && !ENGINE_set_default_ciphers(e))
+        return 0;
+    if ((flags & ENGINE_METHOD_DIGESTS) && !ENGINE_set_default_digests(e))
+        return 0;
+#ifndef OPENSSL_NO_RSA
+    if ((flags & ENGINE_METHOD_RSA) && !ENGINE_set_default_RSA(e))
+        return 0;
+#endif
+#ifndef OPENSSL_NO_DSA
+    if ((flags & ENGINE_METHOD_DSA) && !ENGINE_set_default_DSA(e))
+        return 0;
+#endif
+#ifndef OPENSSL_NO_DH
+    if ((flags & ENGINE_METHOD_DH) && !ENGINE_set_default_DH(e))
+        return 0;
+#endif
+#ifndef OPENSSL_NO_EC
+    if ((flags & ENGINE_METHOD_EC) && !ENGINE_set_default_EC(e))
+        return 0;
+#endif
+    if ((flags & ENGINE_METHOD_RAND) && !ENGINE_set_default_RAND(e))
+        return 0;
+    if ((flags & ENGINE_METHOD_PKEY_METHS)
+        && !ENGINE_set_default_pkey_meths(e))
+        return 0;
+    if ((flags & ENGINE_METHOD_PKEY_ASN1_METHS)
+        && !ENGINE_set_default_pkey_asn1_meths(e))
+        return 0;
+    return 1;
+}
+
+/* Set default algorithms using a string */
+
+static int int_def_cb(const char *alg, int len, void *arg)
+{
+    unsigned int *pflags = arg;
+    if (alg == NULL)
+        return 0;
+    if (strncmp(alg, "ALL", len) == 0)
+        *pflags |= ENGINE_METHOD_ALL;
+    else if (strncmp(alg, "RSA", len) == 0)
+        *pflags |= ENGINE_METHOD_RSA;
+    else if (strncmp(alg, "DSA", len) == 0)
+        *pflags |= ENGINE_METHOD_DSA;
+    else if (strncmp(alg, "DH", len) == 0)
+        *pflags |= ENGINE_METHOD_DH;
+    else if (strncmp(alg, "EC", len) == 0)
+        *pflags |= ENGINE_METHOD_EC;
+    else if (strncmp(alg, "RAND", len) == 0)
+        *pflags |= ENGINE_METHOD_RAND;
+    else if (strncmp(alg, "CIPHERS", len) == 0)
+        *pflags |= ENGINE_METHOD_CIPHERS;
+    else if (strncmp(alg, "DIGESTS", len) == 0)
+        *pflags |= ENGINE_METHOD_DIGESTS;
+    else if (strncmp(alg, "PKEY", len) == 0)
+        *pflags |= ENGINE_METHOD_PKEY_METHS | ENGINE_METHOD_PKEY_ASN1_METHS;
+    else if (strncmp(alg, "PKEY_CRYPTO", len) == 0)
+        *pflags |= ENGINE_METHOD_PKEY_METHS;
+    else if (strncmp(alg, "PKEY_ASN1", len) == 0)
+        *pflags |= ENGINE_METHOD_PKEY_ASN1_METHS;
+    else
+        return 0;
+    return 1;
+}
+
+int ENGINE_set_default_string(ENGINE *e, const char *def_list)
+{
+    unsigned int flags = 0;
+    if (!CONF_parse_list(def_list, ',', 1, int_def_cb, &flags)) {
+        ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_STRING,
+                  ENGINE_R_INVALID_STRING);
+        ERR_add_error_data(2, "str=", def_list);
+        return 0;
+    }
+    return ENGINE_set_default(e, flags);
+}
+
+int ENGINE_register_complete(ENGINE *e)
+{
+    ENGINE_register_ciphers(e);
+    ENGINE_register_digests(e);
+#ifndef OPENSSL_NO_RSA
+    ENGINE_register_RSA(e);
+#endif
+#ifndef OPENSSL_NO_DSA
+    ENGINE_register_DSA(e);
+#endif
+#ifndef OPENSSL_NO_DH
+    ENGINE_register_DH(e);
+#endif
+#ifndef OPENSSL_NO_EC
+    ENGINE_register_EC(e);
+#endif
+    ENGINE_register_RAND(e);
+    ENGINE_register_pkey_meths(e);
+    ENGINE_register_pkey_asn1_meths(e);
+    return 1;
+}
+
+int ENGINE_register_all_complete(void)
+{
+    ENGINE *e;
+
+    for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+        if (!(e->flags & ENGINE_FLAGS_NO_REGISTER_ALL))
+            ENGINE_register_complete(e);
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_init.c b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_init.c
new file mode 100644
index 000000000..7c235fc47
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_init.c
@@ -0,0 +1,109 @@
+/*
+ * Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include "eng_int.h"
+
+/*
+ * Initialise a engine type for use (or up its functional reference count if
+ * it's already in use). This version is only used internally.
+ */
+int engine_unlocked_init(ENGINE *e)
+{
+    int to_return = 1;
+
+    if ((e->funct_ref == 0) && e->init)
+        /*
+         * This is the first functional reference and the engine requires
+         * initialisation so we do it now.
+         */
+        to_return = e->init(e);
+    if (to_return) {
+        /*
+         * OK, we return a functional reference which is also a structural
+         * reference.
+         */
+        e->struct_ref++;
+        e->funct_ref++;
+        engine_ref_debug(e, 0, 1);
+        engine_ref_debug(e, 1, 1);
+    }
+    return to_return;
+}
+
+/*
+ * Free a functional reference to a engine type. This version is only used
+ * internally.
+ */
+int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers)
+{
+    int to_return = 1;
+
+    /*
+     * Reduce the functional reference count here so if it's the terminating
+     * case, we can release the lock safely and call the finish() handler
+     * without risk of a race. We get a race if we leave the count until
+     * after and something else is calling "finish" at the same time -
+     * there's a chance that both threads will together take the count from 2
+     * to 0 without either calling finish().
+     */
+    e->funct_ref--;
+    engine_ref_debug(e, 1, -1);
+    if ((e->funct_ref == 0) && e->finish) {
+        if (unlock_for_handlers)
+            CRYPTO_THREAD_unlock(global_engine_lock);
+        to_return = e->finish(e);
+        if (unlock_for_handlers)
+            CRYPTO_THREAD_write_lock(global_engine_lock);
+        if (!to_return)
+            return 0;
+    }
+    REF_ASSERT_ISNT(e->funct_ref < 0);
+    /* Release the structural reference too */
+    if (!engine_free_util(e, 0)) {
+        ENGINEerr(ENGINE_F_ENGINE_UNLOCKED_FINISH, ENGINE_R_FINISH_FAILED);
+        return 0;
+    }
+    return to_return;
+}
+
+/* The API (locked) version of "init" */
+int ENGINE_init(ENGINE *e)
+{
+    int ret;
+    if (e == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_INIT, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)) {
+        ENGINEerr(ENGINE_F_ENGINE_INIT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    ret = engine_unlocked_init(e);
+    CRYPTO_THREAD_unlock(global_engine_lock);
+    return ret;
+}
+
+/* The API (locked) version of "finish" */
+int ENGINE_finish(ENGINE *e)
+{
+    int to_return = 1;
+
+    if (e == NULL)
+        return 1;
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    to_return = engine_unlocked_finish(e, 1);
+    CRYPTO_THREAD_unlock(global_engine_lock);
+    if (!to_return) {
+        ENGINEerr(ENGINE_F_ENGINE_FINISH, ENGINE_R_FINISH_FAILED);
+        return 0;
+    }
+    return to_return;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_int.h b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_int.h
new file mode 100644
index 000000000..b95483341
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_int.h
@@ -0,0 +1,171 @@
+/*
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_ENGINE_INT_H
+# define HEADER_ENGINE_INT_H
+
+# include "internal/cryptlib.h"
+# include "internal/engine.h"
+# include "internal/thread_once.h"
+# include "internal/refcount.h"
+
+extern CRYPTO_RWLOCK *global_engine_lock;
+
+/*
+ * If we compile with this symbol defined, then both reference counts in the
+ * ENGINE structure will be monitored with a line of output on stderr for
+ * each change. This prints the engine's pointer address (truncated to
+ * unsigned int), "struct" or "funct" to indicate the reference type, the
+ * before and after reference count, and the file:line-number pair. The
+ * "engine_ref_debug" statements must come *after* the change.
+ */
+# ifdef ENGINE_REF_COUNT_DEBUG
+
+#  define engine_ref_debug(e, isfunct, diff) \
+        fprintf(stderr, "engine: %08x %s from %d to %d (%s:%d)\n", \
+                (unsigned int)(e), (isfunct ? "funct" : "struct"), \
+                ((isfunct) ? ((e)->funct_ref - (diff)) : ((e)->struct_ref - (diff))), \
+                ((isfunct) ? (e)->funct_ref : (e)->struct_ref), \
+                (OPENSSL_FILE), (OPENSSL_LINE))
+
+# else
+
+#  define engine_ref_debug(e, isfunct, diff)
+
+# endif
+
+/*
+ * Any code that will need cleanup operations should use these functions to
+ * register callbacks. engine_cleanup_int() will call all registered
+ * callbacks in order. NB: both the "add" functions assume the engine lock to
+ * already be held (in "write" mode).
+ */
+typedef void (ENGINE_CLEANUP_CB) (void);
+typedef struct st_engine_cleanup_item {
+    ENGINE_CLEANUP_CB *cb;
+} ENGINE_CLEANUP_ITEM;
+DEFINE_STACK_OF(ENGINE_CLEANUP_ITEM)
+void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb);
+void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb);
+
+/* We need stacks of ENGINEs for use in eng_table.c */
+DEFINE_STACK_OF(ENGINE)
+
+/*
+ * If this symbol is defined then engine_table_select(), the function that is
+ * used by RSA, DSA (etc) code to select registered ENGINEs, cache defaults
+ * and functional references (etc), will display debugging summaries to
+ * stderr.
+ */
+/* #define ENGINE_TABLE_DEBUG */
+
+/*
+ * This represents an implementation table. Dependent code should instantiate
+ * it as a (ENGINE_TABLE *) pointer value set initially to NULL.
+ */
+typedef struct st_engine_table ENGINE_TABLE;
+int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
+                          ENGINE *e, const int *nids, int num_nids,
+                          int setdefault);
+void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e);
+void engine_table_cleanup(ENGINE_TABLE **table);
+# ifndef ENGINE_TABLE_DEBUG
+ENGINE *engine_table_select(ENGINE_TABLE **table, int nid);
+# else
+ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f,
+                                int l);
+#  define engine_table_select(t,n) engine_table_select_tmp(t,n,OPENSSL_FILE,OPENSSL_LINE)
+# endif
+typedef void (engine_table_doall_cb) (int nid, STACK_OF(ENGINE) *sk,
+                                      ENGINE *def, void *arg);
+void engine_table_doall(ENGINE_TABLE *table, engine_table_doall_cb *cb,
+                        void *arg);
+
+/*
+ * Internal versions of API functions that have control over locking. These
+ * are used between C files when functionality needs to be shared but the
+ * caller may already be controlling of the engine lock.
+ */
+int engine_unlocked_init(ENGINE *e);
+int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers);
+int engine_free_util(ENGINE *e, int not_locked);
+
+/*
+ * This function will reset all "set"able values in an ENGINE to NULL. This
+ * won't touch reference counts or ex_data, but is equivalent to calling all
+ * the ENGINE_set_***() functions with a NULL value.
+ */
+void engine_set_all_null(ENGINE *e);
+
+/*
+ * NB: Bitwise OR-able values for the "flags" variable in ENGINE are now
+ * exposed in engine.h.
+ */
+
+/* Free up dynamically allocated public key methods associated with ENGINE */
+
+void engine_pkey_meths_free(ENGINE *e);
+void engine_pkey_asn1_meths_free(ENGINE *e);
+
+/* Once initialisation function */
+extern CRYPTO_ONCE engine_lock_init;
+DECLARE_RUN_ONCE(do_engine_lock_init)
+
+/*
+ * This is a structure for storing implementations of various crypto
+ * algorithms and functions.
+ */
+struct engine_st {
+    const char *id;
+    const char *name;
+    const RSA_METHOD *rsa_meth;
+    const DSA_METHOD *dsa_meth;
+    const DH_METHOD *dh_meth;
+    const EC_KEY_METHOD *ec_meth;
+    const RAND_METHOD *rand_meth;
+    /* Cipher handling is via this callback */
+    ENGINE_CIPHERS_PTR ciphers;
+    /* Digest handling is via this callback */
+    ENGINE_DIGESTS_PTR digests;
+    /* Public key handling via this callback */
+    ENGINE_PKEY_METHS_PTR pkey_meths;
+    /* ASN1 public key handling via this callback */
+    ENGINE_PKEY_ASN1_METHS_PTR pkey_asn1_meths;
+    ENGINE_GEN_INT_FUNC_PTR destroy;
+    ENGINE_GEN_INT_FUNC_PTR init;
+    ENGINE_GEN_INT_FUNC_PTR finish;
+    ENGINE_CTRL_FUNC_PTR ctrl;
+    ENGINE_LOAD_KEY_PTR load_privkey;
+    ENGINE_LOAD_KEY_PTR load_pubkey;
+    ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert;
+    const ENGINE_CMD_DEFN *cmd_defns;
+    int flags;
+    /* reference count on the structure itself */
+    CRYPTO_REF_COUNT struct_ref;
+    /*
+     * reference count on usability of the engine type. NB: This controls the
+     * loading and initialisation of any functionality required by this
+     * engine, whereas the previous count is simply to cope with
+     * (de)allocation of this structure. Hence, running_ref <= struct_ref at
+     * all times.
+     */
+    int funct_ref;
+    /* A place to store per-ENGINE data */
+    CRYPTO_EX_DATA ex_data;
+    /* Used to maintain the linked-list of engines. */
+    struct engine_st *prev;
+    struct engine_st *next;
+};
+
+typedef struct st_engine_pile ENGINE_PILE;
+
+DEFINE_LHASH_OF(ENGINE_PILE);
+
+#endif                          /* HEADER_ENGINE_INT_H */
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_lib.c
new file mode 100644
index 000000000..d7f2026fa
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_lib.c
@@ -0,0 +1,299 @@
+/*
+ * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include "eng_int.h"
+#include <openssl/rand.h>
+#include "internal/refcount.h"
+
+CRYPTO_RWLOCK *global_engine_lock;
+
+CRYPTO_ONCE engine_lock_init = CRYPTO_ONCE_STATIC_INIT;
+
+/* The "new"/"free" stuff first */
+
+DEFINE_RUN_ONCE(do_engine_lock_init)
+{
+    if (!OPENSSL_init_crypto(0, NULL))
+        return 0;
+    global_engine_lock = CRYPTO_THREAD_lock_new();
+    return global_engine_lock != NULL;
+}
+
+ENGINE *ENGINE_new(void)
+{
+    ENGINE *ret;
+
+    if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)
+        || (ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    ret->struct_ref = 1;
+    engine_ref_debug(ret, 0, 1);
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ENGINE, ret, &ret->ex_data)) {
+        OPENSSL_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+/*
+ * Placed here (close proximity to ENGINE_new) so that modifications to the
+ * elements of the ENGINE structure are more likely to be caught and changed
+ * here.
+ */
+void engine_set_all_null(ENGINE *e)
+{
+    e->id = NULL;
+    e->name = NULL;
+    e->rsa_meth = NULL;
+    e->dsa_meth = NULL;
+    e->dh_meth = NULL;
+    e->rand_meth = NULL;
+    e->ciphers = NULL;
+    e->digests = NULL;
+    e->destroy = NULL;
+    e->init = NULL;
+    e->finish = NULL;
+    e->ctrl = NULL;
+    e->load_privkey = NULL;
+    e->load_pubkey = NULL;
+    e->cmd_defns = NULL;
+    e->flags = 0;
+}
+
+int engine_free_util(ENGINE *e, int not_locked)
+{
+    int i;
+
+    if (e == NULL)
+        return 1;
+    if (not_locked)
+        CRYPTO_DOWN_REF(&e->struct_ref, &i, global_engine_lock);
+    else
+        i = --e->struct_ref;
+    engine_ref_debug(e, 0, -1);
+    if (i > 0)
+        return 1;
+    REF_ASSERT_ISNT(i < 0);
+    /* Free up any dynamically allocated public key methods */
+    engine_pkey_meths_free(e);
+    engine_pkey_asn1_meths_free(e);
+    /*
+     * Give the ENGINE a chance to do any structural cleanup corresponding to
+     * allocation it did in its constructor (eg. unload error strings)
+     */
+    if (e->destroy)
+        e->destroy(e);
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ENGINE, e, &e->ex_data);
+    OPENSSL_free(e);
+    return 1;
+}
+
+int ENGINE_free(ENGINE *e)
+{
+    return engine_free_util(e, 1);
+}
+
+/* Cleanup stuff */
+
+/*
+ * engine_cleanup_int() is coded such that anything that does work that will
+ * need cleanup can register a "cleanup" callback here. That way we don't get
+ * linker bloat by referring to all *possible* cleanups, but any linker bloat
+ * into code "X" will cause X's cleanup function to end up here.
+ */
+static STACK_OF(ENGINE_CLEANUP_ITEM) *cleanup_stack = NULL;
+static int int_cleanup_check(int create)
+{
+    if (cleanup_stack)
+        return 1;
+    if (!create)
+        return 0;
+    cleanup_stack = sk_ENGINE_CLEANUP_ITEM_new_null();
+    return (cleanup_stack ? 1 : 0);
+}
+
+static ENGINE_CLEANUP_ITEM *int_cleanup_item(ENGINE_CLEANUP_CB *cb)
+{
+    ENGINE_CLEANUP_ITEM *item;
+
+    if ((item = OPENSSL_malloc(sizeof(*item))) == NULL) {
+        ENGINEerr(ENGINE_F_INT_CLEANUP_ITEM, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    item->cb = cb;
+    return item;
+}
+
+void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb)
+{
+    ENGINE_CLEANUP_ITEM *item;
+
+    if (!int_cleanup_check(1))
+        return;
+    item = int_cleanup_item(cb);
+    if (item)
+        sk_ENGINE_CLEANUP_ITEM_insert(cleanup_stack, item, 0);
+}
+
+void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb)
+{
+    ENGINE_CLEANUP_ITEM *item;
+    if (!int_cleanup_check(1))
+        return;
+    item = int_cleanup_item(cb);
+    if (item != NULL) {
+        if (sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item) <= 0)
+            OPENSSL_free(item);
+    }
+}
+
+/* The API function that performs all cleanup */
+static void engine_cleanup_cb_free(ENGINE_CLEANUP_ITEM *item)
+{
+    (*(item->cb)) ();
+    OPENSSL_free(item);
+}
+
+void engine_cleanup_int(void)
+{
+    if (int_cleanup_check(0)) {
+        sk_ENGINE_CLEANUP_ITEM_pop_free(cleanup_stack,
+                                        engine_cleanup_cb_free);
+        cleanup_stack = NULL;
+    }
+    CRYPTO_THREAD_lock_free(global_engine_lock);
+}
+
+/* Now the "ex_data" support */
+
+int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg)
+{
+    return CRYPTO_set_ex_data(&e->ex_data, idx, arg);
+}
+
+void *ENGINE_get_ex_data(const ENGINE *e, int idx)
+{
+    return CRYPTO_get_ex_data(&e->ex_data, idx);
+}
+
+/*
+ * Functions to get/set an ENGINE's elements - mainly to avoid exposing the
+ * ENGINE structure itself.
+ */
+
+int ENGINE_set_id(ENGINE *e, const char *id)
+{
+    if (id == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_SET_ID, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    e->id = id;
+    return 1;
+}
+
+int ENGINE_set_name(ENGINE *e, const char *name)
+{
+    if (name == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_SET_NAME, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    e->name = name;
+    return 1;
+}
+
+int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f)
+{
+    e->destroy = destroy_f;
+    return 1;
+}
+
+int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f)
+{
+    e->init = init_f;
+    return 1;
+}
+
+int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f)
+{
+    e->finish = finish_f;
+    return 1;
+}
+
+int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f)
+{
+    e->ctrl = ctrl_f;
+    return 1;
+}
+
+int ENGINE_set_flags(ENGINE *e, int flags)
+{
+    e->flags = flags;
+    return 1;
+}
+
+int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns)
+{
+    e->cmd_defns = defns;
+    return 1;
+}
+
+const char *ENGINE_get_id(const ENGINE *e)
+{
+    return e->id;
+}
+
+const char *ENGINE_get_name(const ENGINE *e)
+{
+    return e->name;
+}
+
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e)
+{
+    return e->destroy;
+}
+
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e)
+{
+    return e->init;
+}
+
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e)
+{
+    return e->finish;
+}
+
+ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e)
+{
+    return e->ctrl;
+}
+
+int ENGINE_get_flags(const ENGINE *e)
+{
+    return e->flags;
+}
+
+const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e)
+{
+    return e->cmd_defns;
+}
+
+/*
+ * eng_lib.o is pretty much linked into anything that touches ENGINE already,
+ * so put the "static_state" hack here.
+ */
+
+static int internal_static_hack = 0;
+
+void *ENGINE_get_static_state(void)
+{
+    return &internal_static_hack;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_list.c b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_list.c
new file mode 100644
index 000000000..45c339c54
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_list.c
@@ -0,0 +1,349 @@
+/*
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "eng_int.h"
+
+/*
+ * The linked-list of pointers to engine types. engine_list_head incorporates
+ * an implicit structural reference but engine_list_tail does not - the
+ * latter is a computational optimization and only points to something that
+ * is already pointed to by its predecessor in the list (or engine_list_head
+ * itself). In the same way, the use of the "prev" pointer in each ENGINE is
+ * to save excessive list iteration, it doesn't correspond to an extra
+ * structural reference. Hence, engine_list_head, and each non-null "next"
+ * pointer account for the list itself assuming exactly 1 structural
+ * reference on each list member.
+ */
+static ENGINE *engine_list_head = NULL;
+static ENGINE *engine_list_tail = NULL;
+
+/*
+ * This cleanup function is only needed internally. If it should be called,
+ * we register it with the "engine_cleanup_int()" stack to be called during
+ * cleanup.
+ */
+
+static void engine_list_cleanup(void)
+{
+    ENGINE *iterator = engine_list_head;
+
+    while (iterator != NULL) {
+        ENGINE_remove(iterator);
+        iterator = engine_list_head;
+    }
+    return;
+}
+
+/*
+ * These static functions starting with a lower case "engine_" always take
+ * place when global_engine_lock has been locked up.
+ */
+static int engine_list_add(ENGINE *e)
+{
+    int conflict = 0;
+    ENGINE *iterator = NULL;
+
+    if (e == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    iterator = engine_list_head;
+    while (iterator && !conflict) {
+        conflict = (strcmp(iterator->id, e->id) == 0);
+        iterator = iterator->next;
+    }
+    if (conflict) {
+        ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, ENGINE_R_CONFLICTING_ENGINE_ID);
+        return 0;
+    }
+    if (engine_list_head == NULL) {
+        /* We are adding to an empty list. */
+        if (engine_list_tail) {
+            ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, ENGINE_R_INTERNAL_LIST_ERROR);
+            return 0;
+        }
+        engine_list_head = e;
+        e->prev = NULL;
+        /*
+         * The first time the list allocates, we should register the cleanup.
+         */
+        engine_cleanup_add_last(engine_list_cleanup);
+    } else {
+        /* We are adding to the tail of an existing list. */
+        if ((engine_list_tail == NULL) || (engine_list_tail->next != NULL)) {
+            ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, ENGINE_R_INTERNAL_LIST_ERROR);
+            return 0;
+        }
+        engine_list_tail->next = e;
+        e->prev = engine_list_tail;
+    }
+    /*
+     * Having the engine in the list assumes a structural reference.
+     */
+    e->struct_ref++;
+    engine_ref_debug(e, 0, 1);
+    /* However it came to be, e is the last item in the list. */
+    engine_list_tail = e;
+    e->next = NULL;
+    return 1;
+}
+
+static int engine_list_remove(ENGINE *e)
+{
+    ENGINE *iterator;
+
+    if (e == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    /* We need to check that e is in our linked list! */
+    iterator = engine_list_head;
+    while (iterator && (iterator != e))
+        iterator = iterator->next;
+    if (iterator == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE,
+                  ENGINE_R_ENGINE_IS_NOT_IN_LIST);
+        return 0;
+    }
+    /* un-link e from the chain. */
+    if (e->next)
+        e->next->prev = e->prev;
+    if (e->prev)
+        e->prev->next = e->next;
+    /* Correct our head/tail if necessary. */
+    if (engine_list_head == e)
+        engine_list_head = e->next;
+    if (engine_list_tail == e)
+        engine_list_tail = e->prev;
+    engine_free_util(e, 0);
+    return 1;
+}
+
+/* Get the first/last "ENGINE" type available. */
+ENGINE *ENGINE_get_first(void)
+{
+    ENGINE *ret;
+
+    if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)) {
+        ENGINEerr(ENGINE_F_ENGINE_GET_FIRST, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    ret = engine_list_head;
+    if (ret) {
+        ret->struct_ref++;
+        engine_ref_debug(ret, 0, 1);
+    }
+    CRYPTO_THREAD_unlock(global_engine_lock);
+    return ret;
+}
+
+ENGINE *ENGINE_get_last(void)
+{
+    ENGINE *ret;
+
+    if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)) {
+        ENGINEerr(ENGINE_F_ENGINE_GET_LAST, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    ret = engine_list_tail;
+    if (ret) {
+        ret->struct_ref++;
+        engine_ref_debug(ret, 0, 1);
+    }
+    CRYPTO_THREAD_unlock(global_engine_lock);
+    return ret;
+}
+
+/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */
+ENGINE *ENGINE_get_next(ENGINE *e)
+{
+    ENGINE *ret = NULL;
+    if (e == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_GET_NEXT, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    ret = e->next;
+    if (ret) {
+        /* Return a valid structural reference to the next ENGINE */
+        ret->struct_ref++;
+        engine_ref_debug(ret, 0, 1);
+    }
+    CRYPTO_THREAD_unlock(global_engine_lock);
+    /* Release the structural reference to the previous ENGINE */
+    ENGINE_free(e);
+    return ret;
+}
+
+ENGINE *ENGINE_get_prev(ENGINE *e)
+{
+    ENGINE *ret = NULL;
+    if (e == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_GET_PREV, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    ret = e->prev;
+    if (ret) {
+        /* Return a valid structural reference to the next ENGINE */
+        ret->struct_ref++;
+        engine_ref_debug(ret, 0, 1);
+    }
+    CRYPTO_THREAD_unlock(global_engine_lock);
+    /* Release the structural reference to the previous ENGINE */
+    ENGINE_free(e);
+    return ret;
+}
+
+/* Add another "ENGINE" type into the list. */
+int ENGINE_add(ENGINE *e)
+{
+    int to_return = 1;
+    if (e == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_ADD, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if ((e->id == NULL) || (e->name == NULL)) {
+        ENGINEerr(ENGINE_F_ENGINE_ADD, ENGINE_R_ID_OR_NAME_MISSING);
+        return 0;
+    }
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    if (!engine_list_add(e)) {
+        ENGINEerr(ENGINE_F_ENGINE_ADD, ENGINE_R_INTERNAL_LIST_ERROR);
+        to_return = 0;
+    }
+    CRYPTO_THREAD_unlock(global_engine_lock);
+    return to_return;
+}
+
+/* Remove an existing "ENGINE" type from the array. */
+int ENGINE_remove(ENGINE *e)
+{
+    int to_return = 1;
+    if (e == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_REMOVE, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    if (!engine_list_remove(e)) {
+        ENGINEerr(ENGINE_F_ENGINE_REMOVE, ENGINE_R_INTERNAL_LIST_ERROR);
+        to_return = 0;
+    }
+    CRYPTO_THREAD_unlock(global_engine_lock);
+    return to_return;
+}
+
+static void engine_cpy(ENGINE *dest, const ENGINE *src)
+{
+    dest->id = src->id;
+    dest->name = src->name;
+#ifndef OPENSSL_NO_RSA
+    dest->rsa_meth = src->rsa_meth;
+#endif
+#ifndef OPENSSL_NO_DSA
+    dest->dsa_meth = src->dsa_meth;
+#endif
+#ifndef OPENSSL_NO_DH
+    dest->dh_meth = src->dh_meth;
+#endif
+#ifndef OPENSSL_NO_EC
+    dest->ec_meth = src->ec_meth;
+#endif
+    dest->rand_meth = src->rand_meth;
+    dest->ciphers = src->ciphers;
+    dest->digests = src->digests;
+    dest->pkey_meths = src->pkey_meths;
+    dest->destroy = src->destroy;
+    dest->init = src->init;
+    dest->finish = src->finish;
+    dest->ctrl = src->ctrl;
+    dest->load_privkey = src->load_privkey;
+    dest->load_pubkey = src->load_pubkey;
+    dest->cmd_defns = src->cmd_defns;
+    dest->flags = src->flags;
+}
+
+ENGINE *ENGINE_by_id(const char *id)
+{
+    ENGINE *iterator;
+    char *load_dir = NULL;
+    if (id == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_BY_ID, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+    if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)) {
+        ENGINEerr(ENGINE_F_ENGINE_BY_ID, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    iterator = engine_list_head;
+    while (iterator && (strcmp(id, iterator->id) != 0))
+        iterator = iterator->next;
+    if (iterator != NULL) {
+        /*
+         * We need to return a structural reference. If this is an ENGINE
+         * type that returns copies, make a duplicate - otherwise increment
+         * the existing ENGINE's reference count.
+         */
+        if (iterator->flags & ENGINE_FLAGS_BY_ID_COPY) {
+            ENGINE *cp = ENGINE_new();
+            if (cp == NULL)
+                iterator = NULL;
+            else {
+                engine_cpy(cp, iterator);
+                iterator = cp;
+            }
+        } else {
+            iterator->struct_ref++;
+            engine_ref_debug(iterator, 0, 1);
+        }
+    }
+    CRYPTO_THREAD_unlock(global_engine_lock);
+    if (iterator != NULL)
+        return iterator;
+    /*
+     * Prevent infinite recursion if we're looking for the dynamic engine.
+     */
+    if (strcmp(id, "dynamic")) {
+        if ((load_dir = ossl_safe_getenv("OPENSSL_ENGINES")) == NULL)
+            load_dir = ENGINESDIR;
+        iterator = ENGINE_by_id("dynamic");
+        if (!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) ||
+            !ENGINE_ctrl_cmd_string(iterator, "DIR_LOAD", "2", 0) ||
+            !ENGINE_ctrl_cmd_string(iterator, "DIR_ADD",
+                                    load_dir, 0) ||
+            !ENGINE_ctrl_cmd_string(iterator, "LIST_ADD", "1", 0) ||
+            !ENGINE_ctrl_cmd_string(iterator, "LOAD", NULL, 0))
+            goto notfound;
+        return iterator;
+    }
+ notfound:
+    ENGINE_free(iterator);
+    ENGINEerr(ENGINE_F_ENGINE_BY_ID, ENGINE_R_NO_SUCH_ENGINE);
+    ERR_add_error_data(2, "id=", id);
+    return NULL;
+    /* EEK! Experimental code ends */
+}
+
+int ENGINE_up_ref(ENGINE *e)
+{
+    int i;
+    if (e == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_UP_REF, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    CRYPTO_UP_REF(&e->struct_ref, &i, global_engine_lock);
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_openssl.c b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_openssl.c
new file mode 100644
index 000000000..f7ad7a5f4
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_openssl.c
@@ -0,0 +1,648 @@
+/*
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "internal/cryptlib.h"
+#include "internal/engine.h"
+#include <openssl/pem.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/dh.h>
+
+#include <openssl/hmac.h>
+#include <openssl/x509v3.h>
+
+/*
+ * This testing gunk is implemented (and explained) lower down. It also
+ * assumes the application explicitly calls "ENGINE_load_openssl()" because
+ * this is no longer automatic in ENGINE_load_builtin_engines().
+ */
+#define TEST_ENG_OPENSSL_RC4
+#ifndef OPENSSL_NO_STDIO
+#define TEST_ENG_OPENSSL_PKEY
+#endif
+/* #define TEST_ENG_OPENSSL_HMAC */
+/* #define TEST_ENG_OPENSSL_HMAC_INIT */
+/* #define TEST_ENG_OPENSSL_RC4_OTHERS */
+#define TEST_ENG_OPENSSL_RC4_P_INIT
+/* #define TEST_ENG_OPENSSL_RC4_P_CIPHER */
+#define TEST_ENG_OPENSSL_SHA
+/* #define TEST_ENG_OPENSSL_SHA_OTHERS */
+/* #define TEST_ENG_OPENSSL_SHA_P_INIT */
+/* #define TEST_ENG_OPENSSL_SHA_P_UPDATE */
+/* #define TEST_ENG_OPENSSL_SHA_P_FINAL */
+
+/* Now check what of those algorithms are actually enabled */
+#ifdef OPENSSL_NO_RC4
+# undef TEST_ENG_OPENSSL_RC4
+# undef TEST_ENG_OPENSSL_RC4_OTHERS
+# undef TEST_ENG_OPENSSL_RC4_P_INIT
+# undef TEST_ENG_OPENSSL_RC4_P_CIPHER
+#endif
+
+static int openssl_destroy(ENGINE *e);
+
+#ifdef TEST_ENG_OPENSSL_RC4
+static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+                           const int **nids, int nid);
+#endif
+#ifdef TEST_ENG_OPENSSL_SHA
+static int openssl_digests(ENGINE *e, const EVP_MD **digest,
+                           const int **nids, int nid);
+#endif
+
+#ifdef TEST_ENG_OPENSSL_PKEY
+static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,
+                                      UI_METHOD *ui_method,
+                                      void *callback_data);
+#endif
+
+#ifdef TEST_ENG_OPENSSL_HMAC
+static int ossl_register_hmac_meth(void);
+static int ossl_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
+                           const int **nids, int nid);
+#endif
+
+/* The constants used when creating the ENGINE */
+static const char *engine_openssl_id = "openssl";
+static const char *engine_openssl_name = "Software engine support";
+
+/*
+ * This internal function is used by ENGINE_openssl() and possibly by the
+ * "dynamic" ENGINE support too
+ */
+static int bind_helper(ENGINE *e)
+{
+    if (!ENGINE_set_id(e, engine_openssl_id)
+        || !ENGINE_set_name(e, engine_openssl_name)
+        || !ENGINE_set_destroy_function(e, openssl_destroy)
+#ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS
+# ifndef OPENSSL_NO_RSA
+        || !ENGINE_set_RSA(e, RSA_get_default_method())
+# endif
+# ifndef OPENSSL_NO_DSA
+        || !ENGINE_set_DSA(e, DSA_get_default_method())
+# endif
+# ifndef OPENSSL_NO_EC
+        || !ENGINE_set_EC(e, EC_KEY_OpenSSL())
+# endif
+# ifndef OPENSSL_NO_DH
+        || !ENGINE_set_DH(e, DH_get_default_method())
+# endif
+        || !ENGINE_set_RAND(e, RAND_OpenSSL())
+# ifdef TEST_ENG_OPENSSL_RC4
+        || !ENGINE_set_ciphers(e, openssl_ciphers)
+# endif
+# ifdef TEST_ENG_OPENSSL_SHA
+        || !ENGINE_set_digests(e, openssl_digests)
+# endif
+#endif
+#ifdef TEST_ENG_OPENSSL_PKEY
+        || !ENGINE_set_load_privkey_function(e, openssl_load_privkey)
+#endif
+#ifdef TEST_ENG_OPENSSL_HMAC
+        || !ossl_register_hmac_meth()
+        || !ENGINE_set_pkey_meths(e, ossl_pkey_meths)
+#endif
+        )
+        return 0;
+    /*
+     * If we add errors to this ENGINE, ensure the error handling is setup
+     * here
+     */
+    /* openssl_load_error_strings(); */
+    return 1;
+}
+
+static ENGINE *engine_openssl(void)
+{
+    ENGINE *ret = ENGINE_new();
+    if (ret == NULL)
+        return NULL;
+    if (!bind_helper(ret)) {
+        ENGINE_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+void engine_load_openssl_int(void)
+{
+    ENGINE *toadd = engine_openssl();
+    if (!toadd)
+        return;
+    ENGINE_add(toadd);
+    /*
+     * If the "add" worked, it gets a structural reference. So either way, we
+     * release our just-created reference.
+     */
+    ENGINE_free(toadd);
+    ERR_clear_error();
+}
+
+/*
+ * This stuff is needed if this ENGINE is being compiled into a
+ * self-contained shared-library.
+ */
+#ifdef ENGINE_DYNAMIC_SUPPORT
+static int bind_fn(ENGINE *e, const char *id)
+{
+    if (id && (strcmp(id, engine_openssl_id) != 0))
+        return 0;
+    if (!bind_helper(e))
+        return 0;
+    return 1;
+}
+
+IMPLEMENT_DYNAMIC_CHECK_FN()
+    IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+#endif                          /* ENGINE_DYNAMIC_SUPPORT */
+#ifdef TEST_ENG_OPENSSL_RC4
+/*-
+ * This section of code compiles an "alternative implementation" of two modes of
+ * RC4 into this ENGINE. The result is that EVP_CIPHER operation for "rc4"
+ * should under normal circumstances go via this support rather than the default
+ * EVP support. There are other symbols to tweak the testing;
+ *    TEST_ENC_OPENSSL_RC4_OTHERS - print a one line message to stderr each time
+ *        we're asked for a cipher we don't support (should not happen).
+ *    TEST_ENG_OPENSSL_RC4_P_INIT - print a one line message to stderr each time
+ *        the "init_key" handler is called.
+ *    TEST_ENG_OPENSSL_RC4_P_CIPHER - ditto for the "cipher" handler.
+ */
+# include <openssl/rc4.h>
+# define TEST_RC4_KEY_SIZE               16
+typedef struct {
+    unsigned char key[TEST_RC4_KEY_SIZE];
+    RC4_KEY ks;
+} TEST_RC4_KEY;
+# define test(ctx) ((TEST_RC4_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx))
+static int test_rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc)
+{
+# ifdef TEST_ENG_OPENSSL_RC4_P_INIT
+    fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_init_key() called\n");
+# endif
+    memcpy(&test(ctx)->key[0], key, EVP_CIPHER_CTX_key_length(ctx));
+    RC4_set_key(&test(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx),
+                test(ctx)->key);
+    return 1;
+}
+
+static int test_rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                           const unsigned char *in, size_t inl)
+{
+# ifdef TEST_ENG_OPENSSL_RC4_P_CIPHER
+    fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_cipher() called\n");
+# endif
+    RC4(&test(ctx)->ks, inl, in, out);
+    return 1;
+}
+
+static EVP_CIPHER *r4_cipher = NULL;
+static const EVP_CIPHER *test_r4_cipher(void)
+{
+    if (r4_cipher == NULL) {
+        EVP_CIPHER *cipher;
+
+        if ((cipher = EVP_CIPHER_meth_new(NID_rc4, 1, TEST_RC4_KEY_SIZE)) == NULL
+            || !EVP_CIPHER_meth_set_iv_length(cipher, 0)
+            || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_VARIABLE_LENGTH)
+            || !EVP_CIPHER_meth_set_init(cipher, test_rc4_init_key)
+            || !EVP_CIPHER_meth_set_do_cipher(cipher, test_rc4_cipher)
+            || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(TEST_RC4_KEY))) {
+            EVP_CIPHER_meth_free(cipher);
+            cipher = NULL;
+        }
+        r4_cipher = cipher;
+    }
+    return r4_cipher;
+}
+static void test_r4_cipher_destroy(void)
+{
+    EVP_CIPHER_meth_free(r4_cipher);
+    r4_cipher = NULL;
+}
+
+static EVP_CIPHER *r4_40_cipher = NULL;
+static const EVP_CIPHER *test_r4_40_cipher(void)
+{
+    if (r4_40_cipher == NULL) {
+        EVP_CIPHER *cipher;
+
+        if ((cipher = EVP_CIPHER_meth_new(NID_rc4, 1, 5 /* 40 bits */)) == NULL
+            || !EVP_CIPHER_meth_set_iv_length(cipher, 0)
+            || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_VARIABLE_LENGTH)
+            || !EVP_CIPHER_meth_set_init(cipher, test_rc4_init_key)
+            || !EVP_CIPHER_meth_set_do_cipher(cipher, test_rc4_cipher)
+            || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(TEST_RC4_KEY))) {
+            EVP_CIPHER_meth_free(cipher);
+            cipher = NULL;
+        }
+        r4_40_cipher = cipher;
+    }
+    return r4_40_cipher;
+}
+static void test_r4_40_cipher_destroy(void)
+{
+    EVP_CIPHER_meth_free(r4_40_cipher);
+    r4_40_cipher = NULL;
+}
+static int test_cipher_nids(const int **nids)
+{
+    static int cipher_nids[4] = { 0, 0, 0, 0 };
+    static int pos = 0;
+    static int init = 0;
+
+    if (!init) {
+        const EVP_CIPHER *cipher;
+        if ((cipher = test_r4_cipher()) != NULL)
+            cipher_nids[pos++] = EVP_CIPHER_nid(cipher);
+        if ((cipher = test_r4_40_cipher()) != NULL)
+            cipher_nids[pos++] = EVP_CIPHER_nid(cipher);
+        cipher_nids[pos] = 0;
+        init = 1;
+    }
+    *nids = cipher_nids;
+    return pos;
+}
+
+static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+                           const int **nids, int nid)
+{
+    if (!cipher) {
+        /* We are returning a list of supported nids */
+        return test_cipher_nids(nids);
+    }
+    /* We are being asked for a specific cipher */
+    if (nid == NID_rc4)
+        *cipher = test_r4_cipher();
+    else if (nid == NID_rc4_40)
+        *cipher = test_r4_40_cipher();
+    else {
+# ifdef TEST_ENG_OPENSSL_RC4_OTHERS
+        fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) returning NULL for "
+                "nid %d\n", nid);
+# endif
+        *cipher = NULL;
+        return 0;
+    }
+    return 1;
+}
+#endif
+
+#ifdef TEST_ENG_OPENSSL_SHA
+/* Much the same sort of comment as for TEST_ENG_OPENSSL_RC4 */
+# include <openssl/sha.h>
+
+static int test_sha1_init(EVP_MD_CTX *ctx)
+{
+# ifdef TEST_ENG_OPENSSL_SHA_P_INIT
+    fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_init() called\n");
+# endif
+    return SHA1_Init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int test_sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+# ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE
+    fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n");
+# endif
+    return SHA1_Update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int test_sha1_final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+# ifdef TEST_ENG_OPENSSL_SHA_P_FINAL
+    fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_final() called\n");
+# endif
+    return SHA1_Final(md, EVP_MD_CTX_md_data(ctx));
+}
+
+static EVP_MD *sha1_md = NULL;
+static const EVP_MD *test_sha_md(void)
+{
+    if (sha1_md == NULL) {
+        EVP_MD *md;
+
+        if ((md = EVP_MD_meth_new(NID_sha1, NID_sha1WithRSAEncryption)) == NULL
+            || !EVP_MD_meth_set_result_size(md, SHA_DIGEST_LENGTH)
+            || !EVP_MD_meth_set_input_blocksize(md, SHA_CBLOCK)
+            || !EVP_MD_meth_set_app_datasize(md,
+                                             sizeof(EVP_MD *) + sizeof(SHA_CTX))
+            || !EVP_MD_meth_set_flags(md, 0)
+            || !EVP_MD_meth_set_init(md, test_sha1_init)
+            || !EVP_MD_meth_set_update(md, test_sha1_update)
+            || !EVP_MD_meth_set_final(md, test_sha1_final)) {
+            EVP_MD_meth_free(md);
+            md = NULL;
+        }
+        sha1_md = md;
+    }
+    return sha1_md;
+}
+static void test_sha_md_destroy(void)
+{
+    EVP_MD_meth_free(sha1_md);
+    sha1_md = NULL;
+}
+static int test_digest_nids(const int **nids)
+{
+    static int digest_nids[2] = { 0, 0 };
+    static int pos = 0;
+    static int init = 0;
+
+    if (!init) {
+        const EVP_MD *md;
+        if ((md = test_sha_md()) != NULL)
+            digest_nids[pos++] = EVP_MD_type(md);
+        digest_nids[pos] = 0;
+        init = 1;
+    }
+    *nids = digest_nids;
+    return pos;
+}
+
+static int openssl_digests(ENGINE *e, const EVP_MD **digest,
+                           const int **nids, int nid)
+{
+    if (!digest) {
+        /* We are returning a list of supported nids */
+        return test_digest_nids(nids);
+    }
+    /* We are being asked for a specific digest */
+    if (nid == NID_sha1)
+        *digest = test_sha_md();
+    else {
+# ifdef TEST_ENG_OPENSSL_SHA_OTHERS
+        fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) returning NULL for "
+                "nid %d\n", nid);
+# endif
+        *digest = NULL;
+        return 0;
+    }
+    return 1;
+}
+#endif
+
+#ifdef TEST_ENG_OPENSSL_PKEY
+static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,
+                                      UI_METHOD *ui_method,
+                                      void *callback_data)
+{
+    BIO *in;
+    EVP_PKEY *key;
+    fprintf(stderr, "(TEST_ENG_OPENSSL_PKEY)Loading Private key %s\n",
+            key_id);
+    in = BIO_new_file(key_id, "r");
+    if (!in)
+        return NULL;
+    key = PEM_read_bio_PrivateKey(in, NULL, 0, NULL);
+    BIO_free(in);
+    return key;
+}
+#endif
+
+#ifdef TEST_ENG_OPENSSL_HMAC
+
+/*
+ * Experimental HMAC redirection implementation: mainly copied from
+ * hm_pmeth.c
+ */
+
+/* HMAC pkey context structure */
+
+typedef struct {
+    const EVP_MD *md;           /* MD for HMAC use */
+    ASN1_OCTET_STRING ktmp;     /* Temp storage for key */
+    HMAC_CTX *ctx;
+} OSSL_HMAC_PKEY_CTX;
+
+static int ossl_hmac_init(EVP_PKEY_CTX *ctx)
+{
+    OSSL_HMAC_PKEY_CTX *hctx;
+
+    if ((hctx = OPENSSL_zalloc(sizeof(*hctx))) == NULL) {
+        ENGINEerr(ENGINE_F_OSSL_HMAC_INIT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    hctx->ktmp.type = V_ASN1_OCTET_STRING;
+    hctx->ctx = HMAC_CTX_new();
+    if (hctx->ctx == NULL) {
+        OPENSSL_free(hctx);
+        return 0;
+    }
+    EVP_PKEY_CTX_set_data(ctx, hctx);
+    EVP_PKEY_CTX_set0_keygen_info(ctx, NULL, 0);
+# ifdef TEST_ENG_OPENSSL_HMAC_INIT
+    fprintf(stderr, "(TEST_ENG_OPENSSL_HMAC) ossl_hmac_init() called\n");
+# endif
+    return 1;
+}
+
+static void ossl_hmac_cleanup(EVP_PKEY_CTX *ctx);
+
+static int ossl_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
+{
+    OSSL_HMAC_PKEY_CTX *sctx, *dctx;
+
+    /* allocate memory for dst->data and a new HMAC_CTX in dst->data->ctx */
+    if (!ossl_hmac_init(dst))
+        return 0;
+    sctx = EVP_PKEY_CTX_get_data(src);
+    dctx = EVP_PKEY_CTX_get_data(dst);
+    dctx->md = sctx->md;
+    if (!HMAC_CTX_copy(dctx->ctx, sctx->ctx))
+        goto err;
+    if (sctx->ktmp.data) {
+        if (!ASN1_OCTET_STRING_set(&dctx->ktmp,
+                                   sctx->ktmp.data, sctx->ktmp.length))
+            goto err;
+    }
+    return 1;
+err:
+    /* release HMAC_CTX in dst->data->ctx and memory allocated for dst->data */
+    ossl_hmac_cleanup(dst);
+    return 0;
+}
+
+static void ossl_hmac_cleanup(EVP_PKEY_CTX *ctx)
+{
+    OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
+
+    if (hctx) {
+        HMAC_CTX_free(hctx->ctx);
+        OPENSSL_clear_free(hctx->ktmp.data, hctx->ktmp.length);
+        OPENSSL_free(hctx);
+        EVP_PKEY_CTX_set_data(ctx, NULL);
+    }
+}
+
+static int ossl_hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+    ASN1_OCTET_STRING *hkey = NULL;
+    OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
+    if (!hctx->ktmp.data)
+        return 0;
+    hkey = ASN1_OCTET_STRING_dup(&hctx->ktmp);
+    if (!hkey)
+        return 0;
+    EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, hkey);
+
+    return 1;
+}
+
+static int ossl_int_update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(EVP_MD_CTX_pkey_ctx(ctx));
+    if (!HMAC_Update(hctx->ctx, data, count))
+        return 0;
+    return 1;
+}
+
+static int ossl_hmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
+{
+    EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT);
+    EVP_MD_CTX_set_update_fn(mctx, ossl_int_update);
+    return 1;
+}
+
+static int ossl_hmac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig,
+                             size_t *siglen, EVP_MD_CTX *mctx)
+{
+    unsigned int hlen;
+    OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
+    int l = EVP_MD_CTX_size(mctx);
+
+    if (l < 0)
+        return 0;
+    *siglen = l;
+    if (!sig)
+        return 1;
+
+    if (!HMAC_Final(hctx->ctx, sig, &hlen))
+        return 0;
+    *siglen = (size_t)hlen;
+    return 1;
+}
+
+static int ossl_hmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
+    EVP_PKEY *pk;
+    ASN1_OCTET_STRING *key;
+    switch (type) {
+
+    case EVP_PKEY_CTRL_SET_MAC_KEY:
+        if ((!p2 && p1 > 0) || (p1 < -1))
+            return 0;
+        if (!ASN1_OCTET_STRING_set(&hctx->ktmp, p2, p1))
+            return 0;
+        break;
+
+    case EVP_PKEY_CTRL_MD:
+        hctx->md = p2;
+        break;
+
+    case EVP_PKEY_CTRL_DIGESTINIT:
+        pk = EVP_PKEY_CTX_get0_pkey(ctx);
+        key = EVP_PKEY_get0(pk);
+        if (!HMAC_Init_ex(hctx->ctx, key->data, key->length, hctx->md, NULL))
+            return 0;
+        break;
+
+    default:
+        return -2;
+
+    }
+    return 1;
+}
+
+static int ossl_hmac_ctrl_str(EVP_PKEY_CTX *ctx,
+                              const char *type, const char *value)
+{
+    if (!value) {
+        return 0;
+    }
+    if (strcmp(type, "key") == 0) {
+        void *p = (void *)value;
+        return ossl_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, -1, p);
+    }
+    if (strcmp(type, "hexkey") == 0) {
+        unsigned char *key;
+        int r;
+        long keylen;
+        key = OPENSSL_hexstr2buf(value, &keylen);
+        if (!key)
+            return 0;
+        r = ossl_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, keylen, key);
+        OPENSSL_free(key);
+        return r;
+    }
+    return -2;
+}
+
+static EVP_PKEY_METHOD *ossl_hmac_meth;
+
+static int ossl_register_hmac_meth(void)
+{
+    EVP_PKEY_METHOD *meth;
+    meth = EVP_PKEY_meth_new(EVP_PKEY_HMAC, 0);
+    if (meth == NULL)
+        return 0;
+    EVP_PKEY_meth_set_init(meth, ossl_hmac_init);
+    EVP_PKEY_meth_set_copy(meth, ossl_hmac_copy);
+    EVP_PKEY_meth_set_cleanup(meth, ossl_hmac_cleanup);
+
+    EVP_PKEY_meth_set_keygen(meth, 0, ossl_hmac_keygen);
+
+    EVP_PKEY_meth_set_signctx(meth, ossl_hmac_signctx_init,
+                              ossl_hmac_signctx);
+
+    EVP_PKEY_meth_set_ctrl(meth, ossl_hmac_ctrl, ossl_hmac_ctrl_str);
+    ossl_hmac_meth = meth;
+    return 1;
+}
+
+static int ossl_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
+                           const int **nids, int nid)
+{
+    static int ossl_pkey_nids[] = {
+        EVP_PKEY_HMAC,
+        0
+    };
+    if (!pmeth) {
+        *nids = ossl_pkey_nids;
+        return 1;
+    }
+
+    if (nid == EVP_PKEY_HMAC) {
+        *pmeth = ossl_hmac_meth;
+        return 1;
+    }
+
+    *pmeth = NULL;
+    return 0;
+}
+
+#endif
+
+int openssl_destroy(ENGINE *e)
+{
+    test_sha_md_destroy();
+#ifdef TEST_ENG_OPENSSL_RC4
+    test_r4_cipher_destroy();
+    test_r4_40_cipher_destroy();
+#endif
+    return 1;
+}
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_pkey.c b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_pkey.c
new file mode 100644
index 000000000..305a648fe
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_pkey.c
@@ -0,0 +1,140 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "eng_int.h"
+
+/* Basic get/set stuff */
+
+int ENGINE_set_load_privkey_function(ENGINE *e,
+                                     ENGINE_LOAD_KEY_PTR loadpriv_f)
+{
+    e->load_privkey = loadpriv_f;
+    return 1;
+}
+
+int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f)
+{
+    e->load_pubkey = loadpub_f;
+    return 1;
+}
+
+int ENGINE_set_load_ssl_client_cert_function(ENGINE *e,
+                                             ENGINE_SSL_CLIENT_CERT_PTR
+                                             loadssl_f)
+{
+    e->load_ssl_client_cert = loadssl_f;
+    return 1;
+}
+
+ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e)
+{
+    return e->load_privkey;
+}
+
+ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e)
+{
+    return e->load_pubkey;
+}
+
+ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE
+                                                               *e)
+{
+    return e->load_ssl_client_cert;
+}
+
+/* API functions to load public/private keys */
+
+EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
+                                  UI_METHOD *ui_method, void *callback_data)
+{
+    EVP_PKEY *pkey;
+
+    if (e == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
+                  ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    if (e->funct_ref == 0) {
+        CRYPTO_THREAD_unlock(global_engine_lock);
+        ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, ENGINE_R_NOT_INITIALISED);
+        return 0;
+    }
+    CRYPTO_THREAD_unlock(global_engine_lock);
+    if (!e->load_privkey) {
+        ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
+                  ENGINE_R_NO_LOAD_FUNCTION);
+        return 0;
+    }
+    pkey = e->load_privkey(e, key_id, ui_method, callback_data);
+    if (!pkey) {
+        ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
+                  ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
+        return 0;
+    }
+    return pkey;
+}
+
+EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
+                                 UI_METHOD *ui_method, void *callback_data)
+{
+    EVP_PKEY *pkey;
+
+    if (e == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
+                  ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    if (e->funct_ref == 0) {
+        CRYPTO_THREAD_unlock(global_engine_lock);
+        ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, ENGINE_R_NOT_INITIALISED);
+        return 0;
+    }
+    CRYPTO_THREAD_unlock(global_engine_lock);
+    if (!e->load_pubkey) {
+        ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, ENGINE_R_NO_LOAD_FUNCTION);
+        return 0;
+    }
+    pkey = e->load_pubkey(e, key_id, ui_method, callback_data);
+    if (!pkey) {
+        ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
+                  ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
+        return 0;
+    }
+    return pkey;
+}
+
+int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
+                                STACK_OF(X509_NAME) *ca_dn, X509 **pcert,
+                                EVP_PKEY **ppkey, STACK_OF(X509) **pother,
+                                UI_METHOD *ui_method, void *callback_data)
+{
+
+    if (e == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
+                  ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    if (e->funct_ref == 0) {
+        CRYPTO_THREAD_unlock(global_engine_lock);
+        ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
+                  ENGINE_R_NOT_INITIALISED);
+        return 0;
+    }
+    CRYPTO_THREAD_unlock(global_engine_lock);
+    if (!e->load_ssl_client_cert) {
+        ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
+                  ENGINE_R_NO_LOAD_FUNCTION);
+        return 0;
+    }
+    return e->load_ssl_client_cert(e, s, ca_dn, pcert, ppkey, pother,
+                                   ui_method, callback_data);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_rdrand.c b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_rdrand.c
new file mode 100644
index 000000000..261e5debb
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_rdrand.c
@@ -0,0 +1,97 @@
+/*
+ * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+
+#include <stdio.h>
+#include <string.h>
+#include "internal/engine.h"
+#include <openssl/rand.h>
+#include <openssl/err.h>
+#include <openssl/crypto.h>
+
+#if (defined(__i386)   || defined(__i386__)   || defined(_M_IX86) || \
+     defined(__x86_64) || defined(__x86_64__) || \
+     defined(_M_AMD64) || defined (_M_X64)) && defined(OPENSSL_CPUID_OBJ)
+
+size_t OPENSSL_ia32_rdrand_bytes(unsigned char *buf, size_t len);
+
+static int get_random_bytes(unsigned char *buf, int num)
+{
+    if (num < 0) {
+        return 0;
+    }
+
+    return (size_t)num == OPENSSL_ia32_rdrand_bytes(buf, (size_t)num);
+}
+
+static int random_status(void)
+{
+    return 1;
+}
+
+static RAND_METHOD rdrand_meth = {
+    NULL,                       /* seed */
+    get_random_bytes,
+    NULL,                       /* cleanup */
+    NULL,                       /* add */
+    get_random_bytes,
+    random_status,
+};
+
+static int rdrand_init(ENGINE *e)
+{
+    return 1;
+}
+
+static const char *engine_e_rdrand_id = "rdrand";
+static const char *engine_e_rdrand_name = "Intel RDRAND engine";
+
+static int bind_helper(ENGINE *e)
+{
+    if (!ENGINE_set_id(e, engine_e_rdrand_id) ||
+        !ENGINE_set_name(e, engine_e_rdrand_name) ||
+        !ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL) ||
+        !ENGINE_set_init_function(e, rdrand_init) ||
+        !ENGINE_set_RAND(e, &rdrand_meth))
+        return 0;
+
+    return 1;
+}
+
+static ENGINE *ENGINE_rdrand(void)
+{
+    ENGINE *ret = ENGINE_new();
+    if (ret == NULL)
+        return NULL;
+    if (!bind_helper(ret)) {
+        ENGINE_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+void engine_load_rdrand_int(void)
+{
+    extern unsigned int OPENSSL_ia32cap_P[];
+
+    if (OPENSSL_ia32cap_P[1] & (1 << (62 - 32))) {
+        ENGINE *toadd = ENGINE_rdrand();
+        if (!toadd)
+            return;
+        ENGINE_add(toadd);
+        ENGINE_free(toadd);
+        ERR_clear_error();
+    }
+}
+#else
+void engine_load_rdrand_int(void)
+{
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_table.c b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_table.c
new file mode 100644
index 000000000..ac4b02fc1
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_table.c
@@ -0,0 +1,308 @@
+/*
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/lhash.h>
+#include "eng_int.h"
+
+/* The type of the items in the table */
+struct st_engine_pile {
+    /* The 'nid' of this algorithm/mode */
+    int nid;
+    /* ENGINEs that implement this algorithm/mode. */
+    STACK_OF(ENGINE) *sk;
+    /* The default ENGINE to perform this algorithm/mode. */
+    ENGINE *funct;
+    /*
+     * Zero if 'sk' is newer than the cached 'funct', non-zero otherwise
+     */
+    int uptodate;
+};
+
+/* The type exposed in eng_int.h */
+struct st_engine_table {
+    LHASH_OF(ENGINE_PILE) piles;
+};                              /* ENGINE_TABLE */
+
+typedef struct st_engine_pile_doall {
+    engine_table_doall_cb *cb;
+    void *arg;
+} ENGINE_PILE_DOALL;
+
+/* Global flags (ENGINE_TABLE_FLAG_***). */
+static unsigned int table_flags = 0;
+
+/* API function manipulating 'table_flags' */
+unsigned int ENGINE_get_table_flags(void)
+{
+    return table_flags;
+}
+
+void ENGINE_set_table_flags(unsigned int flags)
+{
+    table_flags = flags;
+}
+
+/* Internal functions for the "piles" hash table */
+static unsigned long engine_pile_hash(const ENGINE_PILE *c)
+{
+    return c->nid;
+}
+
+static int engine_pile_cmp(const ENGINE_PILE *a, const ENGINE_PILE *b)
+{
+    return a->nid - b->nid;
+}
+
+static int int_table_check(ENGINE_TABLE **t, int create)
+{
+    LHASH_OF(ENGINE_PILE) *lh;
+
+    if (*t)
+        return 1;
+    if (!create)
+        return 0;
+    if ((lh = lh_ENGINE_PILE_new(engine_pile_hash, engine_pile_cmp)) == NULL)
+        return 0;
+    *t = (ENGINE_TABLE *)lh;
+    return 1;
+}
+
+/*
+ * Privately exposed (via eng_int.h) functions for adding and/or removing
+ * ENGINEs from the implementation table
+ */
+int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
+                          ENGINE *e, const int *nids, int num_nids,
+                          int setdefault)
+{
+    int ret = 0, added = 0;
+    ENGINE_PILE tmplate, *fnd;
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    if (!(*table))
+        added = 1;
+    if (!int_table_check(table, 1))
+        goto end;
+    if (added)
+        /* The cleanup callback needs to be added */
+        engine_cleanup_add_first(cleanup);
+    while (num_nids--) {
+        tmplate.nid = *nids;
+        fnd = lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate);
+        if (!fnd) {
+            fnd = OPENSSL_malloc(sizeof(*fnd));
+            if (fnd == NULL)
+                goto end;
+            fnd->uptodate = 1;
+            fnd->nid = *nids;
+            fnd->sk = sk_ENGINE_new_null();
+            if (!fnd->sk) {
+                OPENSSL_free(fnd);
+                goto end;
+            }
+            fnd->funct = NULL;
+            (void)lh_ENGINE_PILE_insert(&(*table)->piles, fnd);
+            if (lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate) != fnd) {
+                sk_ENGINE_free(fnd->sk);
+                OPENSSL_free(fnd);
+                goto end;
+            }
+        }
+        /* A registration shouldn't add duplicate entries */
+        (void)sk_ENGINE_delete_ptr(fnd->sk, e);
+        /*
+         * if 'setdefault', this ENGINE goes to the head of the list
+         */
+        if (!sk_ENGINE_push(fnd->sk, e))
+            goto end;
+        /* "touch" this ENGINE_PILE */
+        fnd->uptodate = 0;
+        if (setdefault) {
+            if (!engine_unlocked_init(e)) {
+                ENGINEerr(ENGINE_F_ENGINE_TABLE_REGISTER,
+                          ENGINE_R_INIT_FAILED);
+                goto end;
+            }
+            if (fnd->funct)
+                engine_unlocked_finish(fnd->funct, 0);
+            fnd->funct = e;
+            fnd->uptodate = 1;
+        }
+        nids++;
+    }
+    ret = 1;
+ end:
+    CRYPTO_THREAD_unlock(global_engine_lock);
+    return ret;
+}
+
+static void int_unregister_cb(ENGINE_PILE *pile, ENGINE *e)
+{
+    int n;
+    /* Iterate the 'c->sk' stack removing any occurrence of 'e' */
+    while ((n = sk_ENGINE_find(pile->sk, e)) >= 0) {
+        (void)sk_ENGINE_delete(pile->sk, n);
+        pile->uptodate = 0;
+    }
+    if (pile->funct == e) {
+        engine_unlocked_finish(e, 0);
+        pile->funct = NULL;
+    }
+}
+
+IMPLEMENT_LHASH_DOALL_ARG(ENGINE_PILE, ENGINE);
+
+void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e)
+{
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    if (int_table_check(table, 0))
+        lh_ENGINE_PILE_doall_ENGINE(&(*table)->piles, int_unregister_cb, e);
+    CRYPTO_THREAD_unlock(global_engine_lock);
+}
+
+static void int_cleanup_cb_doall(ENGINE_PILE *p)
+{
+    if (!p)
+        return;
+    sk_ENGINE_free(p->sk);
+    if (p->funct)
+        engine_unlocked_finish(p->funct, 0);
+    OPENSSL_free(p);
+}
+
+void engine_table_cleanup(ENGINE_TABLE **table)
+{
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    if (*table) {
+        lh_ENGINE_PILE_doall(&(*table)->piles, int_cleanup_cb_doall);
+        lh_ENGINE_PILE_free(&(*table)->piles);
+        *table = NULL;
+    }
+    CRYPTO_THREAD_unlock(global_engine_lock);
+}
+
+/* return a functional reference for a given 'nid' */
+#ifndef ENGINE_TABLE_DEBUG
+ENGINE *engine_table_select(ENGINE_TABLE **table, int nid)
+#else
+ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f,
+                                int l)
+#endif
+{
+    ENGINE *ret = NULL;
+    ENGINE_PILE tmplate, *fnd = NULL;
+    int initres, loop = 0;
+
+    if (!(*table)) {
+#ifdef ENGINE_TABLE_DEBUG
+        fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, nothing "
+                "registered!\n", f, l, nid);
+#endif
+        return NULL;
+    }
+    ERR_set_mark();
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    /*
+     * Check again inside the lock otherwise we could race against cleanup
+     * operations. But don't worry about a fprintf(stderr).
+     */
+    if (!int_table_check(table, 0))
+        goto end;
+    tmplate.nid = nid;
+    fnd = lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate);
+    if (!fnd)
+        goto end;
+    if (fnd->funct && engine_unlocked_init(fnd->funct)) {
+#ifdef ENGINE_TABLE_DEBUG
+        fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using "
+                "ENGINE '%s' cached\n", f, l, nid, fnd->funct->id);
+#endif
+        ret = fnd->funct;
+        goto end;
+    }
+    if (fnd->uptodate) {
+        ret = fnd->funct;
+        goto end;
+    }
+ trynext:
+    ret = sk_ENGINE_value(fnd->sk, loop++);
+    if (!ret) {
+#ifdef ENGINE_TABLE_DEBUG
+        fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, no "
+                "registered implementations would initialise\n", f, l, nid);
+#endif
+        goto end;
+    }
+    /* Try to initialise the ENGINE? */
+    if ((ret->funct_ref > 0) || !(table_flags & ENGINE_TABLE_FLAG_NOINIT))
+        initres = engine_unlocked_init(ret);
+    else
+        initres = 0;
+    if (initres) {
+        /* Update 'funct' */
+        if ((fnd->funct != ret) && engine_unlocked_init(ret)) {
+            /* If there was a previous default we release it. */
+            if (fnd->funct)
+                engine_unlocked_finish(fnd->funct, 0);
+            fnd->funct = ret;
+#ifdef ENGINE_TABLE_DEBUG
+            fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, "
+                    "setting default to '%s'\n", f, l, nid, ret->id);
+#endif
+        }
+#ifdef ENGINE_TABLE_DEBUG
+        fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using "
+                "newly initialised '%s'\n", f, l, nid, ret->id);
+#endif
+        goto end;
+    }
+    goto trynext;
+ end:
+    /*
+     * If it failed, it is unlikely to succeed again until some future
+     * registrations have taken place. In all cases, we cache.
+     */
+    if (fnd)
+        fnd->uptodate = 1;
+#ifdef ENGINE_TABLE_DEBUG
+    if (ret)
+        fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching "
+                "ENGINE '%s'\n", f, l, nid, ret->id);
+    else
+        fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching "
+                "'no matching ENGINE'\n", f, l, nid);
+#endif
+    CRYPTO_THREAD_unlock(global_engine_lock);
+    /*
+     * Whatever happened, any failed init()s are not failures in this
+     * context, so clear our error state.
+     */
+    ERR_pop_to_mark();
+    return ret;
+}
+
+/* Table enumeration */
+
+static void int_dall(const ENGINE_PILE *pile, ENGINE_PILE_DOALL *dall)
+{
+    dall->cb(pile->nid, pile->sk, pile->funct, dall->arg);
+}
+
+IMPLEMENT_LHASH_DOALL_ARG_CONST(ENGINE_PILE, ENGINE_PILE_DOALL);
+
+void engine_table_doall(ENGINE_TABLE *table, engine_table_doall_cb *cb,
+                        void *arg)
+{
+    ENGINE_PILE_DOALL dall;
+    dall.cb = cb;
+    dall.arg = arg;
+    if (table)
+        lh_ENGINE_PILE_doall_ENGINE_PILE_DOALL(&table->piles, int_dall, &dall);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_asnmth.c b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_asnmth.c
new file mode 100644
index 000000000..4bcc76136
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_asnmth.c
@@ -0,0 +1,209 @@
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include "eng_int.h"
+#include <openssl/evp.h>
+#include "internal/asn1_int.h"
+
+/*
+ * If this symbol is defined then ENGINE_get_pkey_asn1_meth_engine(), the
+ * function that is used by EVP to hook in pkey_asn1_meth code and cache
+ * defaults (etc), will display brief debugging summaries to stderr with the
+ * 'nid'.
+ */
+/* #define ENGINE_PKEY_ASN1_METH_DEBUG */
+
+static ENGINE_TABLE *pkey_asn1_meth_table = NULL;
+
+void ENGINE_unregister_pkey_asn1_meths(ENGINE *e)
+{
+    engine_table_unregister(&pkey_asn1_meth_table, e);
+}
+
+static void engine_unregister_all_pkey_asn1_meths(void)
+{
+    engine_table_cleanup(&pkey_asn1_meth_table);
+}
+
+int ENGINE_register_pkey_asn1_meths(ENGINE *e)
+{
+    if (e->pkey_asn1_meths) {
+        const int *nids;
+        int num_nids = e->pkey_asn1_meths(e, NULL, &nids, 0);
+        if (num_nids > 0)
+            return engine_table_register(&pkey_asn1_meth_table,
+                                         engine_unregister_all_pkey_asn1_meths,
+                                         e, nids, num_nids, 0);
+    }
+    return 1;
+}
+
+void ENGINE_register_all_pkey_asn1_meths(void)
+{
+    ENGINE *e;
+
+    for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+        ENGINE_register_pkey_asn1_meths(e);
+}
+
+int ENGINE_set_default_pkey_asn1_meths(ENGINE *e)
+{
+    if (e->pkey_asn1_meths) {
+        const int *nids;
+        int num_nids = e->pkey_asn1_meths(e, NULL, &nids, 0);
+        if (num_nids > 0)
+            return engine_table_register(&pkey_asn1_meth_table,
+                                         engine_unregister_all_pkey_asn1_meths,
+                                         e, nids, num_nids, 1);
+    }
+    return 1;
+}
+
+/*
+ * Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references) for a given pkey_asn1_meth 'nid'
+ */
+ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid)
+{
+    return engine_table_select(&pkey_asn1_meth_table, nid);
+}
+
+/*
+ * Obtains a pkey_asn1_meth implementation from an ENGINE functional
+ * reference
+ */
+const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid)
+{
+    EVP_PKEY_ASN1_METHOD *ret;
+    ENGINE_PKEY_ASN1_METHS_PTR fn = ENGINE_get_pkey_asn1_meths(e);
+    if (!fn || !fn(e, &ret, NULL, nid)) {
+        ENGINEerr(ENGINE_F_ENGINE_GET_PKEY_ASN1_METH,
+                  ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD);
+        return NULL;
+    }
+    return ret;
+}
+
+/* Gets the pkey_asn1_meth callback from an ENGINE structure */
+ENGINE_PKEY_ASN1_METHS_PTR ENGINE_get_pkey_asn1_meths(const ENGINE *e)
+{
+    return e->pkey_asn1_meths;
+}
+
+/* Sets the pkey_asn1_meth callback in an ENGINE structure */
+int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f)
+{
+    e->pkey_asn1_meths = f;
+    return 1;
+}
+
+/*
+ * Internal function to free up EVP_PKEY_ASN1_METHOD structures before an
+ * ENGINE is destroyed
+ */
+
+void engine_pkey_asn1_meths_free(ENGINE *e)
+{
+    int i;
+    EVP_PKEY_ASN1_METHOD *pkm;
+    if (e->pkey_asn1_meths) {
+        const int *pknids;
+        int npknids;
+        npknids = e->pkey_asn1_meths(e, NULL, &pknids, 0);
+        for (i = 0; i < npknids; i++) {
+            if (e->pkey_asn1_meths(e, &pkm, NULL, pknids[i])) {
+                EVP_PKEY_asn1_free(pkm);
+            }
+        }
+    }
+}
+
+/*
+ * Find a method based on a string. This does a linear search through all
+ * implemented algorithms. This is OK in practice because only a small number
+ * of algorithms are likely to be implemented in an engine and it is not used
+ * for speed critical operations.
+ */
+
+const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e,
+                                                          const char *str,
+                                                          int len)
+{
+    int i, nidcount;
+    const int *nids;
+    EVP_PKEY_ASN1_METHOD *ameth;
+    if (!e->pkey_asn1_meths)
+        return NULL;
+    if (len == -1)
+        len = strlen(str);
+    nidcount = e->pkey_asn1_meths(e, NULL, &nids, 0);
+    for (i = 0; i < nidcount; i++) {
+        e->pkey_asn1_meths(e, &ameth, NULL, nids[i]);
+        if (((int)strlen(ameth->pem_str) == len)
+            && strncasecmp(ameth->pem_str, str, len) == 0)
+            return ameth;
+    }
+    return NULL;
+}
+
+typedef struct {
+    ENGINE *e;
+    const EVP_PKEY_ASN1_METHOD *ameth;
+    const char *str;
+    int len;
+} ENGINE_FIND_STR;
+
+static void look_str_cb(int nid, STACK_OF(ENGINE) *sk, ENGINE *def, void *arg)
+{
+    ENGINE_FIND_STR *lk = arg;
+    int i;
+    if (lk->ameth)
+        return;
+    for (i = 0; i < sk_ENGINE_num(sk); i++) {
+        ENGINE *e = sk_ENGINE_value(sk, i);
+        EVP_PKEY_ASN1_METHOD *ameth;
+        e->pkey_asn1_meths(e, &ameth, NULL, nid);
+        if (ameth != NULL
+                && ((int)strlen(ameth->pem_str) == lk->len)
+                && strncasecmp(ameth->pem_str, lk->str, lk->len) == 0) {
+            lk->e = e;
+            lk->ameth = ameth;
+            return;
+        }
+    }
+}
+
+const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe,
+                                                      const char *str,
+                                                      int len)
+{
+    ENGINE_FIND_STR fstr;
+    fstr.e = NULL;
+    fstr.ameth = NULL;
+    fstr.str = str;
+    fstr.len = len;
+
+    if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)) {
+        ENGINEerr(ENGINE_F_ENGINE_PKEY_ASN1_FIND_STR, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    engine_table_doall(pkey_asn1_meth_table, look_str_cb, &fstr);
+    /* If found obtain a structural reference to engine */
+    if (fstr.e) {
+        fstr.e->struct_ref++;
+        engine_ref_debug(fstr.e, 0, 1);
+    }
+    *pe = fstr.e;
+    CRYPTO_THREAD_unlock(global_engine_lock);
+    return fstr.ameth;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_cipher.c b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_cipher.c
new file mode 100644
index 000000000..faa967c47
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_cipher.c
@@ -0,0 +1,91 @@
+/*
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "eng_int.h"
+
+static ENGINE_TABLE *cipher_table = NULL;
+
+void ENGINE_unregister_ciphers(ENGINE *e)
+{
+    engine_table_unregister(&cipher_table, e);
+}
+
+static void engine_unregister_all_ciphers(void)
+{
+    engine_table_cleanup(&cipher_table);
+}
+
+int ENGINE_register_ciphers(ENGINE *e)
+{
+    if (e->ciphers) {
+        const int *nids;
+        int num_nids = e->ciphers(e, NULL, &nids, 0);
+        if (num_nids > 0)
+            return engine_table_register(&cipher_table,
+                                         engine_unregister_all_ciphers, e,
+                                         nids, num_nids, 0);
+    }
+    return 1;
+}
+
+void ENGINE_register_all_ciphers(void)
+{
+    ENGINE *e;
+
+    for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+        ENGINE_register_ciphers(e);
+}
+
+int ENGINE_set_default_ciphers(ENGINE *e)
+{
+    if (e->ciphers) {
+        const int *nids;
+        int num_nids = e->ciphers(e, NULL, &nids, 0);
+        if (num_nids > 0)
+            return engine_table_register(&cipher_table,
+                                         engine_unregister_all_ciphers, e,
+                                         nids, num_nids, 1);
+    }
+    return 1;
+}
+
+/*
+ * Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references) for a given cipher 'nid'
+ */
+ENGINE *ENGINE_get_cipher_engine(int nid)
+{
+    return engine_table_select(&cipher_table, nid);
+}
+
+/* Obtains a cipher implementation from an ENGINE functional reference */
+const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid)
+{
+    const EVP_CIPHER *ret;
+    ENGINE_CIPHERS_PTR fn = ENGINE_get_ciphers(e);
+    if (!fn || !fn(e, &ret, NULL, nid)) {
+        ENGINEerr(ENGINE_F_ENGINE_GET_CIPHER, ENGINE_R_UNIMPLEMENTED_CIPHER);
+        return NULL;
+    }
+    return ret;
+}
+
+/* Gets the cipher callback from an ENGINE structure */
+ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e)
+{
+    return e->ciphers;
+}
+
+/* Sets the cipher callback in an ENGINE structure */
+int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f)
+{
+    e->ciphers = f;
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_dh.c b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_dh.c
new file mode 100644
index 000000000..785119f65
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_dh.c
@@ -0,0 +1,72 @@
+/*
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "eng_int.h"
+
+static ENGINE_TABLE *dh_table = NULL;
+static const int dummy_nid = 1;
+
+void ENGINE_unregister_DH(ENGINE *e)
+{
+    engine_table_unregister(&dh_table, e);
+}
+
+static void engine_unregister_all_DH(void)
+{
+    engine_table_cleanup(&dh_table);
+}
+
+int ENGINE_register_DH(ENGINE *e)
+{
+    if (e->dh_meth)
+        return engine_table_register(&dh_table,
+                                     engine_unregister_all_DH, e, &dummy_nid,
+                                     1, 0);
+    return 1;
+}
+
+void ENGINE_register_all_DH(void)
+{
+    ENGINE *e;
+
+    for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+        ENGINE_register_DH(e);
+}
+
+int ENGINE_set_default_DH(ENGINE *e)
+{
+    if (e->dh_meth)
+        return engine_table_register(&dh_table,
+                                     engine_unregister_all_DH, e, &dummy_nid,
+                                     1, 1);
+    return 1;
+}
+
+/*
+ * Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references).
+ */
+ENGINE *ENGINE_get_default_DH(void)
+{
+    return engine_table_select(&dh_table, dummy_nid);
+}
+
+/* Obtains an DH implementation from an ENGINE functional reference */
+const DH_METHOD *ENGINE_get_DH(const ENGINE *e)
+{
+    return e->dh_meth;
+}
+
+/* Sets an DH implementation in an ENGINE structure */
+int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth)
+{
+    e->dh_meth = dh_meth;
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_digest.c b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_digest.c
new file mode 100644
index 000000000..d644b1b0a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_digest.c
@@ -0,0 +1,91 @@
+/*
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "eng_int.h"
+
+static ENGINE_TABLE *digest_table = NULL;
+
+void ENGINE_unregister_digests(ENGINE *e)
+{
+    engine_table_unregister(&digest_table, e);
+}
+
+static void engine_unregister_all_digests(void)
+{
+    engine_table_cleanup(&digest_table);
+}
+
+int ENGINE_register_digests(ENGINE *e)
+{
+    if (e->digests) {
+        const int *nids;
+        int num_nids = e->digests(e, NULL, &nids, 0);
+        if (num_nids > 0)
+            return engine_table_register(&digest_table,
+                                         engine_unregister_all_digests, e,
+                                         nids, num_nids, 0);
+    }
+    return 1;
+}
+
+void ENGINE_register_all_digests(void)
+{
+    ENGINE *e;
+
+    for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+        ENGINE_register_digests(e);
+}
+
+int ENGINE_set_default_digests(ENGINE *e)
+{
+    if (e->digests) {
+        const int *nids;
+        int num_nids = e->digests(e, NULL, &nids, 0);
+        if (num_nids > 0)
+            return engine_table_register(&digest_table,
+                                         engine_unregister_all_digests, e,
+                                         nids, num_nids, 1);
+    }
+    return 1;
+}
+
+/*
+ * Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references) for a given digest 'nid'
+ */
+ENGINE *ENGINE_get_digest_engine(int nid)
+{
+    return engine_table_select(&digest_table, nid);
+}
+
+/* Obtains a digest implementation from an ENGINE functional reference */
+const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid)
+{
+    const EVP_MD *ret;
+    ENGINE_DIGESTS_PTR fn = ENGINE_get_digests(e);
+    if (!fn || !fn(e, &ret, NULL, nid)) {
+        ENGINEerr(ENGINE_F_ENGINE_GET_DIGEST, ENGINE_R_UNIMPLEMENTED_DIGEST);
+        return NULL;
+    }
+    return ret;
+}
+
+/* Gets the digest callback from an ENGINE structure */
+ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e)
+{
+    return e->digests;
+}
+
+/* Sets the digest callback in an ENGINE structure */
+int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f)
+{
+    e->digests = f;
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_dsa.c b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_dsa.c
new file mode 100644
index 000000000..65b6ea8d3
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_dsa.c
@@ -0,0 +1,72 @@
+/*
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "eng_int.h"
+
+static ENGINE_TABLE *dsa_table = NULL;
+static const int dummy_nid = 1;
+
+void ENGINE_unregister_DSA(ENGINE *e)
+{
+    engine_table_unregister(&dsa_table, e);
+}
+
+static void engine_unregister_all_DSA(void)
+{
+    engine_table_cleanup(&dsa_table);
+}
+
+int ENGINE_register_DSA(ENGINE *e)
+{
+    if (e->dsa_meth)
+        return engine_table_register(&dsa_table,
+                                     engine_unregister_all_DSA, e, &dummy_nid,
+                                     1, 0);
+    return 1;
+}
+
+void ENGINE_register_all_DSA(void)
+{
+    ENGINE *e;
+
+    for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+        ENGINE_register_DSA(e);
+}
+
+int ENGINE_set_default_DSA(ENGINE *e)
+{
+    if (e->dsa_meth)
+        return engine_table_register(&dsa_table,
+                                     engine_unregister_all_DSA, e, &dummy_nid,
+                                     1, 1);
+    return 1;
+}
+
+/*
+ * Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references).
+ */
+ENGINE *ENGINE_get_default_DSA(void)
+{
+    return engine_table_select(&dsa_table, dummy_nid);
+}
+
+/* Obtains an DSA implementation from an ENGINE functional reference */
+const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e)
+{
+    return e->dsa_meth;
+}
+
+/* Sets an DSA implementation in an ENGINE structure */
+int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth)
+{
+    e->dsa_meth = dsa_meth;
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_eckey.c b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_eckey.c
new file mode 100644
index 000000000..1e5073685
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_eckey.c
@@ -0,0 +1,72 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "eng_int.h"
+
+static ENGINE_TABLE *dh_table = NULL;
+static const int dummy_nid = 1;
+
+void ENGINE_unregister_EC(ENGINE *e)
+{
+    engine_table_unregister(&dh_table, e);
+}
+
+static void engine_unregister_all_EC(void)
+{
+    engine_table_cleanup(&dh_table);
+}
+
+int ENGINE_register_EC(ENGINE *e)
+{
+    if (e->ec_meth != NULL)
+        return engine_table_register(&dh_table,
+                                     engine_unregister_all_EC, e, &dummy_nid,
+                                     1, 0);
+    return 1;
+}
+
+void ENGINE_register_all_EC(void)
+{
+    ENGINE *e;
+
+    for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+        ENGINE_register_EC(e);
+}
+
+int ENGINE_set_default_EC(ENGINE *e)
+{
+    if (e->ec_meth != NULL)
+        return engine_table_register(&dh_table,
+                                     engine_unregister_all_EC, e, &dummy_nid,
+                                     1, 1);
+    return 1;
+}
+
+/*
+ * Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references).
+ */
+ENGINE *ENGINE_get_default_EC(void)
+{
+    return engine_table_select(&dh_table, dummy_nid);
+}
+
+/* Obtains an EC_KEY implementation from an ENGINE functional reference */
+const EC_KEY_METHOD *ENGINE_get_EC(const ENGINE *e)
+{
+    return e->ec_meth;
+}
+
+/* Sets an EC_KEY implementation in an ENGINE structure */
+int ENGINE_set_EC(ENGINE *e, const EC_KEY_METHOD *ec_meth)
+{
+    e->ec_meth = ec_meth;
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_pkmeth.c b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_pkmeth.c
new file mode 100644
index 000000000..03cd1e69d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_pkmeth.c
@@ -0,0 +1,114 @@
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "eng_int.h"
+#include <openssl/evp.h>
+
+static ENGINE_TABLE *pkey_meth_table = NULL;
+
+void ENGINE_unregister_pkey_meths(ENGINE *e)
+{
+    engine_table_unregister(&pkey_meth_table, e);
+}
+
+static void engine_unregister_all_pkey_meths(void)
+{
+    engine_table_cleanup(&pkey_meth_table);
+}
+
+int ENGINE_register_pkey_meths(ENGINE *e)
+{
+    if (e->pkey_meths) {
+        const int *nids;
+        int num_nids = e->pkey_meths(e, NULL, &nids, 0);
+        if (num_nids > 0)
+            return engine_table_register(&pkey_meth_table,
+                                         engine_unregister_all_pkey_meths, e,
+                                         nids, num_nids, 0);
+    }
+    return 1;
+}
+
+void ENGINE_register_all_pkey_meths(void)
+{
+    ENGINE *e;
+
+    for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+        ENGINE_register_pkey_meths(e);
+}
+
+int ENGINE_set_default_pkey_meths(ENGINE *e)
+{
+    if (e->pkey_meths) {
+        const int *nids;
+        int num_nids = e->pkey_meths(e, NULL, &nids, 0);
+        if (num_nids > 0)
+            return engine_table_register(&pkey_meth_table,
+                                         engine_unregister_all_pkey_meths, e,
+                                         nids, num_nids, 1);
+    }
+    return 1;
+}
+
+/*
+ * Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references) for a given pkey_meth 'nid'
+ */
+ENGINE *ENGINE_get_pkey_meth_engine(int nid)
+{
+    return engine_table_select(&pkey_meth_table, nid);
+}
+
+/* Obtains a pkey_meth implementation from an ENGINE functional reference */
+const EVP_PKEY_METHOD *ENGINE_get_pkey_meth(ENGINE *e, int nid)
+{
+    EVP_PKEY_METHOD *ret;
+    ENGINE_PKEY_METHS_PTR fn = ENGINE_get_pkey_meths(e);
+    if (!fn || !fn(e, &ret, NULL, nid)) {
+        ENGINEerr(ENGINE_F_ENGINE_GET_PKEY_METH,
+                  ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD);
+        return NULL;
+    }
+    return ret;
+}
+
+/* Gets the pkey_meth callback from an ENGINE structure */
+ENGINE_PKEY_METHS_PTR ENGINE_get_pkey_meths(const ENGINE *e)
+{
+    return e->pkey_meths;
+}
+
+/* Sets the pkey_meth callback in an ENGINE structure */
+int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f)
+{
+    e->pkey_meths = f;
+    return 1;
+}
+
+/*
+ * Internal function to free up EVP_PKEY_METHOD structures before an ENGINE
+ * is destroyed
+ */
+
+void engine_pkey_meths_free(ENGINE *e)
+{
+    int i;
+    EVP_PKEY_METHOD *pkm;
+    if (e->pkey_meths) {
+        const int *pknids;
+        int npknids;
+        npknids = e->pkey_meths(e, NULL, &pknids, 0);
+        for (i = 0; i < npknids; i++) {
+            if (e->pkey_meths(e, &pkm, NULL, pknids[i])) {
+                EVP_PKEY_meth_free(pkm);
+            }
+        }
+    }
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_rand.c b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_rand.c
new file mode 100644
index 000000000..98a98073c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_rand.c
@@ -0,0 +1,72 @@
+/*
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "eng_int.h"
+
+static ENGINE_TABLE *rand_table = NULL;
+static const int dummy_nid = 1;
+
+void ENGINE_unregister_RAND(ENGINE *e)
+{
+    engine_table_unregister(&rand_table, e);
+}
+
+static void engine_unregister_all_RAND(void)
+{
+    engine_table_cleanup(&rand_table);
+}
+
+int ENGINE_register_RAND(ENGINE *e)
+{
+    if (e->rand_meth)
+        return engine_table_register(&rand_table,
+                                     engine_unregister_all_RAND, e,
+                                     &dummy_nid, 1, 0);
+    return 1;
+}
+
+void ENGINE_register_all_RAND(void)
+{
+    ENGINE *e;
+
+    for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+        ENGINE_register_RAND(e);
+}
+
+int ENGINE_set_default_RAND(ENGINE *e)
+{
+    if (e->rand_meth)
+        return engine_table_register(&rand_table,
+                                     engine_unregister_all_RAND, e,
+                                     &dummy_nid, 1, 1);
+    return 1;
+}
+
+/*
+ * Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references).
+ */
+ENGINE *ENGINE_get_default_RAND(void)
+{
+    return engine_table_select(&rand_table, dummy_nid);
+}
+
+/* Obtains an RAND implementation from an ENGINE functional reference */
+const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e)
+{
+    return e->rand_meth;
+}
+
+/* Sets an RAND implementation in an ENGINE structure */
+int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth)
+{
+    e->rand_meth = rand_meth;
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_rsa.c b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_rsa.c
new file mode 100644
index 000000000..d8d2e34f8
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_rsa.c
@@ -0,0 +1,72 @@
+/*
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "eng_int.h"
+
+static ENGINE_TABLE *rsa_table = NULL;
+static const int dummy_nid = 1;
+
+void ENGINE_unregister_RSA(ENGINE *e)
+{
+    engine_table_unregister(&rsa_table, e);
+}
+
+static void engine_unregister_all_RSA(void)
+{
+    engine_table_cleanup(&rsa_table);
+}
+
+int ENGINE_register_RSA(ENGINE *e)
+{
+    if (e->rsa_meth)
+        return engine_table_register(&rsa_table,
+                                     engine_unregister_all_RSA, e, &dummy_nid,
+                                     1, 0);
+    return 1;
+}
+
+void ENGINE_register_all_RSA(void)
+{
+    ENGINE *e;
+
+    for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+        ENGINE_register_RSA(e);
+}
+
+int ENGINE_set_default_RSA(ENGINE *e)
+{
+    if (e->rsa_meth)
+        return engine_table_register(&rsa_table,
+                                     engine_unregister_all_RSA, e, &dummy_nid,
+                                     1, 1);
+    return 1;
+}
+
+/*
+ * Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references).
+ */
+ENGINE *ENGINE_get_default_RSA(void)
+{
+    return engine_table_select(&rsa_table, dummy_nid);
+}
+
+/* Obtains an RSA implementation from an ENGINE functional reference */
+const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e)
+{
+    return e->rsa_meth;
+}
+
+/* Sets an RSA implementation in an ENGINE structure */
+int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth)
+{
+    e->rsa_meth = rsa_meth;
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/err/README b/trunk/3rdparty/openssl-1.1-fit/crypto/err/README
new file mode 100644
index 000000000..6d2ce0cd0
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/err/README
@@ -0,0 +1,44 @@
+Adding new libraries
+--------------------
+
+When adding a new sub-library to OpenSSL, assign it a library number
+ERR_LIB_XXX, define a macro XXXerr() (both in err.h), add its
+name to ERR_str_libraries[] (in crypto/err/err.c), and add
+ERR_load_XXX_strings() to the ERR_load_crypto_strings() function
+(in crypto/err/err_all.c). Finally, add an entry:
+
+    L      XXX     xxx.h   xxx_err.c
+
+to crypto/err/openssl.ec, and add xxx_err.c to the Makefile.
+Running make errors will then generate a file xxx_err.c, and
+add all error codes used in the library to xxx.h.
+
+Additionally the library include file must have a certain form.
+Typically it will initially look like this:
+
+    #ifndef HEADER_XXX_H
+    #define HEADER_XXX_H
+
+    #ifdef __cplusplus
+    extern "C" {
+    #endif
+
+    /* Include files */
+
+    #include <openssl/bio.h>
+    #include <openssl/x509.h>
+
+    /* Macros, structures and function prototypes */
+
+
+    /* BEGIN ERROR CODES */
+
+The BEGIN ERROR CODES sequence is used by the error code
+generation script as the point to place new error codes, any text
+after this point will be overwritten when make errors is run.
+The closing #endif etc will be automatically added by the script.
+
+The generated C error code file xxx_err.c will load the header
+files stdio.h, openssl/err.h and openssl/xxx.h so the
+header file must load any additional header files containing any
+definitions it uses.
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/err/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/err/build.info
new file mode 100644
index 000000000..6163d95b7
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/err/build.info
@@ -0,0 +1,3 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        err.c err_all.c err_prn.c
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/err/err.c b/trunk/3rdparty/openssl-1.1-fit/crypto/err/err.c
new file mode 100644
index 000000000..c737b2a9c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/err/err.c
@@ -0,0 +1,953 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdarg.h>
+#include <string.h>
+#include "internal/cryptlib_int.h"
+#include "internal/err.h"
+#include "internal/err_int.h"
+#include <openssl/err.h>
+#include <openssl/crypto.h>
+#include <openssl/buffer.h>
+#include <openssl/bio.h>
+#include <openssl/opensslconf.h>
+#include "internal/thread_once.h"
+#include "internal/ctype.h"
+#include "internal/constant_time_locl.h"
+#include "e_os.h"
+
+static int err_load_strings(const ERR_STRING_DATA *str);
+
+static void ERR_STATE_free(ERR_STATE *s);
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA ERR_str_libraries[] = {
+    {ERR_PACK(ERR_LIB_NONE, 0, 0), "unknown library"},
+    {ERR_PACK(ERR_LIB_SYS, 0, 0), "system library"},
+    {ERR_PACK(ERR_LIB_BN, 0, 0), "bignum routines"},
+    {ERR_PACK(ERR_LIB_RSA, 0, 0), "rsa routines"},
+    {ERR_PACK(ERR_LIB_DH, 0, 0), "Diffie-Hellman routines"},
+    {ERR_PACK(ERR_LIB_EVP, 0, 0), "digital envelope routines"},
+    {ERR_PACK(ERR_LIB_BUF, 0, 0), "memory buffer routines"},
+    {ERR_PACK(ERR_LIB_OBJ, 0, 0), "object identifier routines"},
+    {ERR_PACK(ERR_LIB_PEM, 0, 0), "PEM routines"},
+    {ERR_PACK(ERR_LIB_DSA, 0, 0), "dsa routines"},
+    {ERR_PACK(ERR_LIB_X509, 0, 0), "x509 certificate routines"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, 0), "asn1 encoding routines"},
+    {ERR_PACK(ERR_LIB_CONF, 0, 0), "configuration file routines"},
+    {ERR_PACK(ERR_LIB_CRYPTO, 0, 0), "common libcrypto routines"},
+    {ERR_PACK(ERR_LIB_EC, 0, 0), "elliptic curve routines"},
+    {ERR_PACK(ERR_LIB_ECDSA, 0, 0), "ECDSA routines"},
+    {ERR_PACK(ERR_LIB_ECDH, 0, 0), "ECDH routines"},
+    {ERR_PACK(ERR_LIB_SSL, 0, 0), "SSL routines"},
+    {ERR_PACK(ERR_LIB_BIO, 0, 0), "BIO routines"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, 0), "PKCS7 routines"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, 0), "X509 V3 routines"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, 0), "PKCS12 routines"},
+    {ERR_PACK(ERR_LIB_RAND, 0, 0), "random number generator"},
+    {ERR_PACK(ERR_LIB_DSO, 0, 0), "DSO support routines"},
+    {ERR_PACK(ERR_LIB_TS, 0, 0), "time stamp routines"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, 0), "engine routines"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, 0), "OCSP routines"},
+    {ERR_PACK(ERR_LIB_UI, 0, 0), "UI routines"},
+    {ERR_PACK(ERR_LIB_FIPS, 0, 0), "FIPS routines"},
+    {ERR_PACK(ERR_LIB_CMS, 0, 0), "CMS routines"},
+    {ERR_PACK(ERR_LIB_HMAC, 0, 0), "HMAC routines"},
+    {ERR_PACK(ERR_LIB_CT, 0, 0), "CT routines"},
+    {ERR_PACK(ERR_LIB_ASYNC, 0, 0), "ASYNC routines"},
+    {ERR_PACK(ERR_LIB_KDF, 0, 0), "KDF routines"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, 0), "STORE routines"},
+    {ERR_PACK(ERR_LIB_SM2, 0, 0), "SM2 routines"},
+    {0, NULL},
+};
+
+static ERR_STRING_DATA ERR_str_functs[] = {
+    {ERR_PACK(0, SYS_F_FOPEN, 0), "fopen"},
+    {ERR_PACK(0, SYS_F_CONNECT, 0), "connect"},
+    {ERR_PACK(0, SYS_F_GETSERVBYNAME, 0), "getservbyname"},
+    {ERR_PACK(0, SYS_F_SOCKET, 0), "socket"},
+    {ERR_PACK(0, SYS_F_IOCTLSOCKET, 0), "ioctlsocket"},
+    {ERR_PACK(0, SYS_F_BIND, 0), "bind"},
+    {ERR_PACK(0, SYS_F_LISTEN, 0), "listen"},
+    {ERR_PACK(0, SYS_F_ACCEPT, 0), "accept"},
+# ifdef OPENSSL_SYS_WINDOWS
+    {ERR_PACK(0, SYS_F_WSASTARTUP, 0), "WSAstartup"},
+# endif
+    {ERR_PACK(0, SYS_F_OPENDIR, 0), "opendir"},
+    {ERR_PACK(0, SYS_F_FREAD, 0), "fread"},
+    {ERR_PACK(0, SYS_F_GETADDRINFO, 0), "getaddrinfo"},
+    {ERR_PACK(0, SYS_F_GETNAMEINFO, 0), "getnameinfo"},
+    {ERR_PACK(0, SYS_F_SETSOCKOPT, 0), "setsockopt"},
+    {ERR_PACK(0, SYS_F_GETSOCKOPT, 0), "getsockopt"},
+    {ERR_PACK(0, SYS_F_GETSOCKNAME, 0), "getsockname"},
+    {ERR_PACK(0, SYS_F_GETHOSTBYNAME, 0), "gethostbyname"},
+    {ERR_PACK(0, SYS_F_FFLUSH, 0), "fflush"},
+    {ERR_PACK(0, SYS_F_OPEN, 0), "open"},
+    {ERR_PACK(0, SYS_F_CLOSE, 0), "close"},
+    {ERR_PACK(0, SYS_F_IOCTL, 0), "ioctl"},
+    {ERR_PACK(0, SYS_F_STAT, 0), "stat"},
+    {ERR_PACK(0, SYS_F_FCNTL, 0), "fcntl"},
+    {ERR_PACK(0, SYS_F_FSTAT, 0), "fstat"},
+    {0, NULL},
+};
+
+static ERR_STRING_DATA ERR_str_reasons[] = {
+    {ERR_R_SYS_LIB, "system lib"},
+    {ERR_R_BN_LIB, "BN lib"},
+    {ERR_R_RSA_LIB, "RSA lib"},
+    {ERR_R_DH_LIB, "DH lib"},
+    {ERR_R_EVP_LIB, "EVP lib"},
+    {ERR_R_BUF_LIB, "BUF lib"},
+    {ERR_R_OBJ_LIB, "OBJ lib"},
+    {ERR_R_PEM_LIB, "PEM lib"},
+    {ERR_R_DSA_LIB, "DSA lib"},
+    {ERR_R_X509_LIB, "X509 lib"},
+    {ERR_R_ASN1_LIB, "ASN1 lib"},
+    {ERR_R_EC_LIB, "EC lib"},
+    {ERR_R_BIO_LIB, "BIO lib"},
+    {ERR_R_PKCS7_LIB, "PKCS7 lib"},
+    {ERR_R_X509V3_LIB, "X509V3 lib"},
+    {ERR_R_ENGINE_LIB, "ENGINE lib"},
+    {ERR_R_UI_LIB, "UI lib"},
+    {ERR_R_OSSL_STORE_LIB, "STORE lib"},
+    {ERR_R_ECDSA_LIB, "ECDSA lib"},
+
+    {ERR_R_NESTED_ASN1_ERROR, "nested asn1 error"},
+    {ERR_R_MISSING_ASN1_EOS, "missing asn1 eos"},
+
+    {ERR_R_FATAL, "fatal"},
+    {ERR_R_MALLOC_FAILURE, "malloc failure"},
+    {ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
+     "called a function you should not call"},
+    {ERR_R_PASSED_NULL_PARAMETER, "passed a null parameter"},
+    {ERR_R_INTERNAL_ERROR, "internal error"},
+    {ERR_R_DISABLED, "called a function that was disabled at compile-time"},
+    {ERR_R_INIT_FAIL, "init fail"},
+    {ERR_R_OPERATION_FAIL, "operation fail"},
+
+    {0, NULL},
+};
+#endif
+
+static CRYPTO_ONCE err_init = CRYPTO_ONCE_STATIC_INIT;
+static int set_err_thread_local;
+static CRYPTO_THREAD_LOCAL err_thread_local;
+
+static CRYPTO_ONCE err_string_init = CRYPTO_ONCE_STATIC_INIT;
+static CRYPTO_RWLOCK *err_string_lock;
+
+static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *);
+
+/*
+ * The internal state
+ */
+
+static LHASH_OF(ERR_STRING_DATA) *int_error_hash = NULL;
+static int int_err_library_number = ERR_LIB_USER;
+
+static unsigned long get_error_values(int inc, int top, const char **file,
+                                      int *line, const char **data,
+                                      int *flags);
+
+static unsigned long err_string_data_hash(const ERR_STRING_DATA *a)
+{
+    unsigned long ret, l;
+
+    l = a->error;
+    ret = l ^ ERR_GET_LIB(l) ^ ERR_GET_FUNC(l);
+    return (ret ^ ret % 19 * 13);
+}
+
+static int err_string_data_cmp(const ERR_STRING_DATA *a,
+                               const ERR_STRING_DATA *b)
+{
+    if (a->error == b->error)
+        return 0;
+    return a->error > b->error ? 1 : -1;
+}
+
+static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *d)
+{
+    ERR_STRING_DATA *p = NULL;
+
+    CRYPTO_THREAD_read_lock(err_string_lock);
+    p = lh_ERR_STRING_DATA_retrieve(int_error_hash, d);
+    CRYPTO_THREAD_unlock(err_string_lock);
+
+    return p;
+}
+
+#ifndef OPENSSL_NO_ERR
+/* A measurement on Linux 2018-11-21 showed about 3.5kib */
+# define SPACE_SYS_STR_REASONS 4 * 1024
+# define NUM_SYS_STR_REASONS 127
+
+static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS + 1];
+/*
+ * SYS_str_reasons is filled with copies of strerror() results at
+ * initialization. 'errno' values up to 127 should cover all usual errors,
+ * others will be displayed numerically by ERR_error_string. It is crucial
+ * that we have something for each reason code that occurs in
+ * ERR_str_reasons, or bogus reason strings will be returned for SYSerr(),
+ * which always gets an errno value and never one of those 'standard' reason
+ * codes.
+ */
+
+static void build_SYS_str_reasons(void)
+{
+    /* OPENSSL_malloc cannot be used here, use static storage instead */
+    static char strerror_pool[SPACE_SYS_STR_REASONS];
+    char *cur = strerror_pool;
+    size_t cnt = 0;
+    static int init = 1;
+    int i;
+    int saveerrno = get_last_sys_error();
+
+    CRYPTO_THREAD_write_lock(err_string_lock);
+    if (!init) {
+        CRYPTO_THREAD_unlock(err_string_lock);
+        return;
+    }
+
+    for (i = 1; i <= NUM_SYS_STR_REASONS; i++) {
+        ERR_STRING_DATA *str = &SYS_str_reasons[i - 1];
+
+        str->error = ERR_PACK(ERR_LIB_SYS, 0, i);
+        if (str->string == NULL) {
+            if (openssl_strerror_r(i, cur, sizeof(strerror_pool) - cnt)) {
+                size_t l = strlen(cur);
+
+                str->string = cur;
+                cnt += l;
+                if (cnt > sizeof(strerror_pool))
+                    cnt = sizeof(strerror_pool);
+                cur += l;
+
+                /*
+                 * VMS has an unusual quirk of adding spaces at the end of
+                 * some (most? all?) messages.  Lets trim them off.
+                 */
+                while (ossl_isspace(cur[-1])) {
+                    cur--;
+                    cnt--;
+                }
+                *cur++ = '\0';
+                cnt++;
+            }
+        }
+        if (str->string == NULL)
+            str->string = "unknown";
+    }
+
+    /*
+     * Now we still have SYS_str_reasons[NUM_SYS_STR_REASONS] = {0, NULL}, as
+     * required by ERR_load_strings.
+     */
+
+    init = 0;
+
+    CRYPTO_THREAD_unlock(err_string_lock);
+    /* openssl_strerror_r could change errno, but we want to preserve it */
+    set_sys_error(saveerrno);
+    err_load_strings(SYS_str_reasons);
+}
+#endif
+
+#define err_clear_data(p, i) \
+        do { \
+            if ((p)->err_data_flags[i] & ERR_TXT_MALLOCED) {\
+                OPENSSL_free((p)->err_data[i]); \
+                (p)->err_data[i] = NULL; \
+            } \
+            (p)->err_data_flags[i] = 0; \
+        } while (0)
+
+#define err_clear(p, i) \
+        do { \
+            err_clear_data(p, i); \
+            (p)->err_flags[i] = 0; \
+            (p)->err_buffer[i] = 0; \
+            (p)->err_file[i] = NULL; \
+            (p)->err_line[i] = -1; \
+        } while (0)
+
+static void ERR_STATE_free(ERR_STATE *s)
+{
+    int i;
+
+    if (s == NULL)
+        return;
+    for (i = 0; i < ERR_NUM_ERRORS; i++) {
+        err_clear_data(s, i);
+    }
+    OPENSSL_free(s);
+}
+
+DEFINE_RUN_ONCE_STATIC(do_err_strings_init)
+{
+    if (!OPENSSL_init_crypto(0, NULL))
+        return 0;
+    err_string_lock = CRYPTO_THREAD_lock_new();
+    if (err_string_lock == NULL)
+        return 0;
+    int_error_hash = lh_ERR_STRING_DATA_new(err_string_data_hash,
+                                            err_string_data_cmp);
+    if (int_error_hash == NULL) {
+        CRYPTO_THREAD_lock_free(err_string_lock);
+        err_string_lock = NULL;
+        return 0;
+    }
+    return 1;
+}
+
+void err_cleanup(void)
+{
+    if (set_err_thread_local != 0)
+        CRYPTO_THREAD_cleanup_local(&err_thread_local);
+    CRYPTO_THREAD_lock_free(err_string_lock);
+    err_string_lock = NULL;
+    lh_ERR_STRING_DATA_free(int_error_hash);
+    int_error_hash = NULL;
+}
+
+/*
+ * Legacy; pack in the library.
+ */
+static void err_patch(int lib, ERR_STRING_DATA *str)
+{
+    unsigned long plib = ERR_PACK(lib, 0, 0);
+
+    for (; str->error != 0; str++)
+        str->error |= plib;
+}
+
+/*
+ * Hash in |str| error strings. Assumes the URN_ONCE was done.
+ */
+static int err_load_strings(const ERR_STRING_DATA *str)
+{
+    CRYPTO_THREAD_write_lock(err_string_lock);
+    for (; str->error; str++)
+        (void)lh_ERR_STRING_DATA_insert(int_error_hash,
+                                       (ERR_STRING_DATA *)str);
+    CRYPTO_THREAD_unlock(err_string_lock);
+    return 1;
+}
+
+int ERR_load_ERR_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (!RUN_ONCE(&err_string_init, do_err_strings_init))
+        return 0;
+
+    err_load_strings(ERR_str_libraries);
+    err_load_strings(ERR_str_reasons);
+    err_patch(ERR_LIB_SYS, ERR_str_functs);
+    err_load_strings(ERR_str_functs);
+    build_SYS_str_reasons();
+#endif
+    return 1;
+}
+
+int ERR_load_strings(int lib, ERR_STRING_DATA *str)
+{
+    if (ERR_load_ERR_strings() == 0)
+        return 0;
+
+    err_patch(lib, str);
+    err_load_strings(str);
+    return 1;
+}
+
+int ERR_load_strings_const(const ERR_STRING_DATA *str)
+{
+    if (ERR_load_ERR_strings() == 0)
+        return 0;
+    err_load_strings(str);
+    return 1;
+}
+
+int ERR_unload_strings(int lib, ERR_STRING_DATA *str)
+{
+    if (!RUN_ONCE(&err_string_init, do_err_strings_init))
+        return 0;
+
+    CRYPTO_THREAD_write_lock(err_string_lock);
+    /*
+     * We don't need to ERR_PACK the lib, since that was done (to
+     * the table) when it was loaded.
+     */
+    for (; str->error; str++)
+        (void)lh_ERR_STRING_DATA_delete(int_error_hash, str);
+    CRYPTO_THREAD_unlock(err_string_lock);
+
+    return 1;
+}
+
+void err_free_strings_int(void)
+{
+    if (!RUN_ONCE(&err_string_init, do_err_strings_init))
+        return;
+}
+
+/********************************************************/
+
+void ERR_put_error(int lib, int func, int reason, const char *file, int line)
+{
+    ERR_STATE *es;
+
+#ifdef _OSD_POSIX
+    /*
+     * In the BS2000-OSD POSIX subsystem, the compiler generates path names
+     * in the form "*POSIX(/etc/passwd)". This dirty hack strips them to
+     * something sensible. @@@ We shouldn't modify a const string, though.
+     */
+    if (strncmp(file, "*POSIX(", sizeof("*POSIX(") - 1) == 0) {
+        char *end;
+
+        /* Skip the "*POSIX(" prefix */
+        file += sizeof("*POSIX(") - 1;
+        end = &file[strlen(file) - 1];
+        if (*end == ')')
+            *end = '\0';
+        /* Optional: use the basename of the path only. */
+        if ((end = strrchr(file, '/')) != NULL)
+            file = &end[1];
+    }
+#endif
+    es = ERR_get_state();
+    if (es == NULL)
+        return;
+
+    es->top = (es->top + 1) % ERR_NUM_ERRORS;
+    if (es->top == es->bottom)
+        es->bottom = (es->bottom + 1) % ERR_NUM_ERRORS;
+    es->err_flags[es->top] = 0;
+    es->err_buffer[es->top] = ERR_PACK(lib, func, reason);
+    es->err_file[es->top] = file;
+    es->err_line[es->top] = line;
+    err_clear_data(es, es->top);
+}
+
+void ERR_clear_error(void)
+{
+    int i;
+    ERR_STATE *es;
+
+    es = ERR_get_state();
+    if (es == NULL)
+        return;
+
+    for (i = 0; i < ERR_NUM_ERRORS; i++) {
+        err_clear(es, i);
+    }
+    es->top = es->bottom = 0;
+}
+
+unsigned long ERR_get_error(void)
+{
+    return get_error_values(1, 0, NULL, NULL, NULL, NULL);
+}
+
+unsigned long ERR_get_error_line(const char **file, int *line)
+{
+    return get_error_values(1, 0, file, line, NULL, NULL);
+}
+
+unsigned long ERR_get_error_line_data(const char **file, int *line,
+                                      const char **data, int *flags)
+{
+    return get_error_values(1, 0, file, line, data, flags);
+}
+
+unsigned long ERR_peek_error(void)
+{
+    return get_error_values(0, 0, NULL, NULL, NULL, NULL);
+}
+
+unsigned long ERR_peek_error_line(const char **file, int *line)
+{
+    return get_error_values(0, 0, file, line, NULL, NULL);
+}
+
+unsigned long ERR_peek_error_line_data(const char **file, int *line,
+                                       const char **data, int *flags)
+{
+    return get_error_values(0, 0, file, line, data, flags);
+}
+
+unsigned long ERR_peek_last_error(void)
+{
+    return get_error_values(0, 1, NULL, NULL, NULL, NULL);
+}
+
+unsigned long ERR_peek_last_error_line(const char **file, int *line)
+{
+    return get_error_values(0, 1, file, line, NULL, NULL);
+}
+
+unsigned long ERR_peek_last_error_line_data(const char **file, int *line,
+                                            const char **data, int *flags)
+{
+    return get_error_values(0, 1, file, line, data, flags);
+}
+
+static unsigned long get_error_values(int inc, int top, const char **file,
+                                      int *line, const char **data,
+                                      int *flags)
+{
+    int i = 0;
+    ERR_STATE *es;
+    unsigned long ret;
+
+    es = ERR_get_state();
+    if (es == NULL)
+        return 0;
+
+    if (inc && top) {
+        if (file)
+            *file = "";
+        if (line)
+            *line = 0;
+        if (data)
+            *data = "";
+        if (flags)
+            *flags = 0;
+
+        return ERR_R_INTERNAL_ERROR;
+    }
+
+    if (es->bottom == es->top)
+        return 0;
+    if (top)
+        i = es->top;            /* last error */
+    else
+        i = (es->bottom + 1) % ERR_NUM_ERRORS; /* first error */
+
+    ret = es->err_buffer[i];
+    if (inc) {
+        es->bottom = i;
+        es->err_buffer[i] = 0;
+    }
+
+    if (file != NULL && line != NULL) {
+        if (es->err_file[i] == NULL) {
+            *file = "NA";
+            *line = 0;
+        } else {
+            *file = es->err_file[i];
+            *line = es->err_line[i];
+        }
+    }
+
+    if (data == NULL) {
+        if (inc) {
+            err_clear_data(es, i);
+        }
+    } else {
+        if (es->err_data[i] == NULL) {
+            *data = "";
+            if (flags != NULL)
+                *flags = 0;
+        } else {
+            *data = es->err_data[i];
+            if (flags != NULL)
+                *flags = es->err_data_flags[i];
+        }
+    }
+    return ret;
+}
+
+void ERR_error_string_n(unsigned long e, char *buf, size_t len)
+{
+    char lsbuf[64], fsbuf[64], rsbuf[64];
+    const char *ls, *fs, *rs;
+    unsigned long l, f, r;
+
+    if (len == 0)
+        return;
+
+    l = ERR_GET_LIB(e);
+    ls = ERR_lib_error_string(e);
+    if (ls == NULL) {
+        BIO_snprintf(lsbuf, sizeof(lsbuf), "lib(%lu)", l);
+        ls = lsbuf;
+    }
+
+    fs = ERR_func_error_string(e);
+    f = ERR_GET_FUNC(e);
+    if (fs == NULL) {
+        BIO_snprintf(fsbuf, sizeof(fsbuf), "func(%lu)", f);
+        fs = fsbuf;
+    }
+
+    rs = ERR_reason_error_string(e);
+    r = ERR_GET_REASON(e);
+    if (rs == NULL) {
+        BIO_snprintf(rsbuf, sizeof(rsbuf), "reason(%lu)", r);
+        rs = rsbuf;
+    }
+
+    BIO_snprintf(buf, len, "error:%08lX:%s:%s:%s", e, ls, fs, rs);
+    if (strlen(buf) == len - 1) {
+        /* Didn't fit; use a minimal format. */
+        BIO_snprintf(buf, len, "err:%lx:%lx:%lx:%lx", e, l, f, r);
+    }
+}
+
+/*
+ * ERR_error_string_n should be used instead for ret != NULL as
+ * ERR_error_string cannot know how large the buffer is
+ */
+char *ERR_error_string(unsigned long e, char *ret)
+{
+    static char buf[256];
+
+    if (ret == NULL)
+        ret = buf;
+    ERR_error_string_n(e, ret, (int)sizeof(buf));
+    return ret;
+}
+
+const char *ERR_lib_error_string(unsigned long e)
+{
+    ERR_STRING_DATA d, *p;
+    unsigned long l;
+
+    if (!RUN_ONCE(&err_string_init, do_err_strings_init)) {
+        return NULL;
+    }
+
+    l = ERR_GET_LIB(e);
+    d.error = ERR_PACK(l, 0, 0);
+    p = int_err_get_item(&d);
+    return ((p == NULL) ? NULL : p->string);
+}
+
+const char *ERR_func_error_string(unsigned long e)
+{
+    ERR_STRING_DATA d, *p;
+    unsigned long l, f;
+
+    if (!RUN_ONCE(&err_string_init, do_err_strings_init)) {
+        return NULL;
+    }
+
+    l = ERR_GET_LIB(e);
+    f = ERR_GET_FUNC(e);
+    d.error = ERR_PACK(l, f, 0);
+    p = int_err_get_item(&d);
+    return ((p == NULL) ? NULL : p->string);
+}
+
+const char *ERR_reason_error_string(unsigned long e)
+{
+    ERR_STRING_DATA d, *p = NULL;
+    unsigned long l, r;
+
+    if (!RUN_ONCE(&err_string_init, do_err_strings_init)) {
+        return NULL;
+    }
+
+    l = ERR_GET_LIB(e);
+    r = ERR_GET_REASON(e);
+    d.error = ERR_PACK(l, 0, r);
+    p = int_err_get_item(&d);
+    if (!p) {
+        d.error = ERR_PACK(0, 0, r);
+        p = int_err_get_item(&d);
+    }
+    return ((p == NULL) ? NULL : p->string);
+}
+
+void err_delete_thread_state(void)
+{
+    ERR_STATE *state = CRYPTO_THREAD_get_local(&err_thread_local);
+    if (state == NULL)
+        return;
+
+    CRYPTO_THREAD_set_local(&err_thread_local, NULL);
+    ERR_STATE_free(state);
+}
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+void ERR_remove_thread_state(void *dummy)
+{
+}
+#endif
+
+#if OPENSSL_API_COMPAT < 0x10000000L
+void ERR_remove_state(unsigned long pid)
+{
+}
+#endif
+
+DEFINE_RUN_ONCE_STATIC(err_do_init)
+{
+    set_err_thread_local = 1;
+    return CRYPTO_THREAD_init_local(&err_thread_local, NULL);
+}
+
+ERR_STATE *ERR_get_state(void)
+{
+    ERR_STATE *state;
+    int saveerrno = get_last_sys_error();
+
+    if (!OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL))
+        return NULL;
+
+    if (!RUN_ONCE(&err_init, err_do_init))
+        return NULL;
+
+    state = CRYPTO_THREAD_get_local(&err_thread_local);
+    if (state == (ERR_STATE*)-1)
+        return NULL;
+
+    if (state == NULL) {
+        if (!CRYPTO_THREAD_set_local(&err_thread_local, (ERR_STATE*)-1))
+            return NULL;
+
+        if ((state = OPENSSL_zalloc(sizeof(*state))) == NULL) {
+            CRYPTO_THREAD_set_local(&err_thread_local, NULL);
+            return NULL;
+        }
+
+        if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_ERR_STATE)
+                || !CRYPTO_THREAD_set_local(&err_thread_local, state)) {
+            ERR_STATE_free(state);
+            CRYPTO_THREAD_set_local(&err_thread_local, NULL);
+            return NULL;
+        }
+
+        /* Ignore failures from these */
+        OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+    }
+
+    set_sys_error(saveerrno);
+    return state;
+}
+
+/*
+ * err_shelve_state returns the current thread local error state
+ * and freezes the error module until err_unshelve_state is called.
+ */
+int err_shelve_state(void **state)
+{
+    int saveerrno = get_last_sys_error();
+
+    /*
+     * Note, at present our only caller is OPENSSL_init_crypto(), indirectly
+     * via ossl_init_load_crypto_nodelete(), by which point the requested
+     * "base" initialization has already been performed, so the below call is a
+     * NOOP, that re-enters OPENSSL_init_crypto() only to quickly return.
+     *
+     * If are no other valid callers of this function, the call below can be
+     * removed, avoiding the re-entry into OPENSSL_init_crypto().  If there are
+     * potential uses that are not from inside OPENSSL_init_crypto(), then this
+     * call is needed, but some care is required to make sure that the re-entry
+     * remains a NOOP.
+     */
+    if (!OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL))
+        return 0;
+
+    if (!RUN_ONCE(&err_init, err_do_init))
+        return 0;
+
+    *state = CRYPTO_THREAD_get_local(&err_thread_local);
+    if (!CRYPTO_THREAD_set_local(&err_thread_local, (ERR_STATE*)-1))
+        return 0;
+
+    set_sys_error(saveerrno);
+    return 1;
+}
+
+/*
+ * err_unshelve_state restores the error state that was returned
+ * by err_shelve_state previously.
+ */
+void err_unshelve_state(void* state)
+{
+    if (state != (void*)-1)
+        CRYPTO_THREAD_set_local(&err_thread_local, (ERR_STATE*)state);
+}
+
+int ERR_get_next_error_library(void)
+{
+    int ret;
+
+    if (!RUN_ONCE(&err_string_init, do_err_strings_init))
+        return 0;
+
+    CRYPTO_THREAD_write_lock(err_string_lock);
+    ret = int_err_library_number++;
+    CRYPTO_THREAD_unlock(err_string_lock);
+    return ret;
+}
+
+static int err_set_error_data_int(char *data, int flags)
+{
+    ERR_STATE *es;
+    int i;
+
+    es = ERR_get_state();
+    if (es == NULL)
+        return 0;
+
+    i = es->top;
+
+    err_clear_data(es, i);
+    es->err_data[i] = data;
+    es->err_data_flags[i] = flags;
+
+    return 1;
+}
+
+void ERR_set_error_data(char *data, int flags)
+{
+    /*
+     * This function is void so we cannot propagate the error return. Since it
+     * is also in the public API we can't change the return type.
+     */
+    err_set_error_data_int(data, flags);
+}
+
+void ERR_add_error_data(int num, ...)
+{
+    va_list args;
+    va_start(args, num);
+    ERR_add_error_vdata(num, args);
+    va_end(args);
+}
+
+void ERR_add_error_vdata(int num, va_list args)
+{
+    int i, n, s;
+    char *str, *p, *a;
+
+    s = 80;
+    if ((str = OPENSSL_malloc(s + 1)) == NULL) {
+        /* ERRerr(ERR_F_ERR_ADD_ERROR_VDATA, ERR_R_MALLOC_FAILURE); */
+        return;
+    }
+    str[0] = '\0';
+
+    n = 0;
+    for (i = 0; i < num; i++) {
+        a = va_arg(args, char *);
+        if (a == NULL)
+            a = "<NULL>";
+        n += strlen(a);
+        if (n > s) {
+            s = n + 20;
+            p = OPENSSL_realloc(str, s + 1);
+            if (p == NULL) {
+                OPENSSL_free(str);
+                return;
+            }
+            str = p;
+        }
+        OPENSSL_strlcat(str, a, (size_t)s + 1);
+    }
+    if (!err_set_error_data_int(str, ERR_TXT_MALLOCED | ERR_TXT_STRING))
+        OPENSSL_free(str);
+}
+
+int ERR_set_mark(void)
+{
+    ERR_STATE *es;
+
+    es = ERR_get_state();
+    if (es == NULL)
+        return 0;
+
+    if (es->bottom == es->top)
+        return 0;
+    es->err_flags[es->top] |= ERR_FLAG_MARK;
+    return 1;
+}
+
+int ERR_pop_to_mark(void)
+{
+    ERR_STATE *es;
+
+    es = ERR_get_state();
+    if (es == NULL)
+        return 0;
+
+    while (es->bottom != es->top
+           && (es->err_flags[es->top] & ERR_FLAG_MARK) == 0) {
+        err_clear(es, es->top);
+        es->top = es->top > 0 ? es->top - 1 : ERR_NUM_ERRORS - 1;
+    }
+
+    if (es->bottom == es->top)
+        return 0;
+    es->err_flags[es->top] &= ~ERR_FLAG_MARK;
+    return 1;
+}
+
+int ERR_clear_last_mark(void)
+{
+    ERR_STATE *es;
+    int top;
+
+    es = ERR_get_state();
+    if (es == NULL)
+        return 0;
+
+    top = es->top;
+    while (es->bottom != top
+           && (es->err_flags[top] & ERR_FLAG_MARK) == 0) {
+        top = top > 0 ? top - 1 : ERR_NUM_ERRORS - 1;
+    }
+
+    if (es->bottom == top)
+        return 0;
+    es->err_flags[top] &= ~ERR_FLAG_MARK;
+    return 1;
+}
+
+#ifdef UINTPTR_T
+# undef UINTPTR_T
+#endif
+/*
+ * uintptr_t is the answer, but unfortunately C89, current "least common
+ * denominator" doesn't define it. Most legacy platforms typedef it anyway,
+ * so that attempt to fill the gaps means that one would have to identify
+ * that track these gaps, which would be undesirable. Macro it is...
+ */
+#if defined(__VMS) && __INITIAL_POINTER_SIZE==64
+/*
+ * But we can't use size_t on VMS, because it adheres to sizeof(size_t)==4
+ * even in 64-bit builds, which means that it won't work as mask.
+ */
+# define UINTPTR_T unsigned long long
+#else
+# define UINTPTR_T size_t
+#endif
+
+void err_clear_last_constant_time(int clear)
+{
+    ERR_STATE *es;
+    int top;
+
+    es = ERR_get_state();
+    if (es == NULL)
+        return;
+
+    top = es->top;
+
+    es->err_flags[top] &= ~(0 - clear);
+    es->err_buffer[top] &= ~(0UL - clear);
+    es->err_file[top] = (const char *)((UINTPTR_T)es->err_file[top] &
+                                       ~((UINTPTR_T)0 - clear));
+    es->err_line[top] |= 0 - clear;
+
+    es->top = (top + ERR_NUM_ERRORS - clear) % ERR_NUM_ERRORS;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/err/err_all.c b/trunk/3rdparty/openssl-1.1-fit/crypto/err/err_all.c
new file mode 100644
index 000000000..d9ec04b60
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/err/err_all.c
@@ -0,0 +1,101 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/err_int.h"
+#include <openssl/asn1err.h>
+#include <openssl/bnerr.h>
+#include <openssl/ecerr.h>
+#include <openssl/buffererr.h>
+#include <openssl/bioerr.h>
+#include <openssl/comperr.h>
+#include <openssl/rsaerr.h>
+#include <openssl/dherr.h>
+#include <openssl/dsaerr.h>
+#include <openssl/evperr.h>
+#include <openssl/objectserr.h>
+#include <openssl/pemerr.h>
+#include <openssl/pkcs7err.h>
+#include <openssl/x509err.h>
+#include <openssl/x509v3err.h>
+#include <openssl/conferr.h>
+#include <openssl/pkcs12err.h>
+#include <openssl/randerr.h>
+#include "internal/dso.h"
+#include <openssl/engineerr.h>
+#include <openssl/uierr.h>
+#include <openssl/ocsperr.h>
+#include <openssl/err.h>
+#include <openssl/tserr.h>
+#include <openssl/cmserr.h>
+#include <openssl/cterr.h>
+#include <openssl/asyncerr.h>
+#include <openssl/kdferr.h>
+#include <openssl/storeerr.h>
+
+int err_load_crypto_strings_int(void)
+{
+    if (
+#ifndef OPENSSL_NO_ERR
+        ERR_load_ERR_strings() == 0 ||    /* include error strings for SYSerr */
+        ERR_load_BN_strings() == 0 ||
+# ifndef OPENSSL_NO_RSA
+        ERR_load_RSA_strings() == 0 ||
+# endif
+# ifndef OPENSSL_NO_DH
+        ERR_load_DH_strings() == 0 ||
+# endif
+        ERR_load_EVP_strings() == 0 ||
+        ERR_load_BUF_strings() == 0 ||
+        ERR_load_OBJ_strings() == 0 ||
+        ERR_load_PEM_strings() == 0 ||
+# ifndef OPENSSL_NO_DSA
+        ERR_load_DSA_strings() == 0 ||
+# endif
+        ERR_load_X509_strings() == 0 ||
+        ERR_load_ASN1_strings() == 0 ||
+        ERR_load_CONF_strings() == 0 ||
+        ERR_load_CRYPTO_strings() == 0 ||
+# ifndef OPENSSL_NO_COMP
+        ERR_load_COMP_strings() == 0 ||
+# endif
+# ifndef OPENSSL_NO_EC
+        ERR_load_EC_strings() == 0 ||
+# endif
+        /* skip ERR_load_SSL_strings() because it is not in this library */
+        ERR_load_BIO_strings() == 0 ||
+        ERR_load_PKCS7_strings() == 0 ||
+        ERR_load_X509V3_strings() == 0 ||
+        ERR_load_PKCS12_strings() == 0 ||
+        ERR_load_RAND_strings() == 0 ||
+        ERR_load_DSO_strings() == 0 ||
+# ifndef OPENSSL_NO_TS
+        ERR_load_TS_strings() == 0 ||
+# endif
+# ifndef OPENSSL_NO_ENGINE
+        ERR_load_ENGINE_strings() == 0 ||
+# endif
+# ifndef OPENSSL_NO_OCSP
+        ERR_load_OCSP_strings() == 0 ||
+# endif
+        ERR_load_UI_strings() == 0 ||
+# ifndef OPENSSL_NO_CMS
+        ERR_load_CMS_strings() == 0 ||
+# endif
+# ifndef OPENSSL_NO_CT
+        ERR_load_CT_strings() == 0 ||
+# endif
+        ERR_load_ASYNC_strings() == 0 ||
+#endif
+        ERR_load_KDF_strings() == 0 ||
+        ERR_load_OSSL_STORE_strings() == 0)
+        return 0;
+
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/err/err_prn.c b/trunk/3rdparty/openssl-1.1-fit/crypto/err/err_prn.c
new file mode 100644
index 000000000..c82e62947
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/err/err_prn.c
@@ -0,0 +1,65 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/crypto.h>
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+
+void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u),
+                         void *u)
+{
+    unsigned long l;
+    char buf[256];
+    char buf2[4096];
+    const char *file, *data;
+    int line, flags;
+    /*
+     * We don't know what kind of thing CRYPTO_THREAD_ID is. Here is our best
+     * attempt to convert it into something we can print.
+     */
+    union {
+        CRYPTO_THREAD_ID tid;
+        unsigned long ltid;
+    } tid;
+
+    tid.ltid = 0;
+    tid.tid = CRYPTO_THREAD_get_current_id();
+
+    while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0) {
+        ERR_error_string_n(l, buf, sizeof(buf));
+        BIO_snprintf(buf2, sizeof(buf2), "%lu:%s:%s:%d:%s\n", tid.ltid, buf,
+                     file, line, (flags & ERR_TXT_STRING) ? data : "");
+        if (cb(buf2, strlen(buf2), u) <= 0)
+            break;              /* abort outputting the error report */
+    }
+}
+
+static int print_bio(const char *str, size_t len, void *bp)
+{
+    return BIO_write((BIO *)bp, str, len);
+}
+
+void ERR_print_errors(BIO *bp)
+{
+    ERR_print_errors_cb(print_bio, bp);
+}
+
+#ifndef OPENSSL_NO_STDIO
+void ERR_print_errors_fp(FILE *fp)
+{
+    BIO *bio = BIO_new_fp(fp, BIO_NOCLOSE);
+    if (bio == NULL)
+        return;
+
+    ERR_print_errors_cb(print_bio, bio);
+    BIO_free(bio);
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/err/openssl.ec b/trunk/3rdparty/openssl-1.1-fit/crypto/err/openssl.ec
new file mode 100644
index 000000000..3e092eae0
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/err/openssl.ec
@@ -0,0 +1,78 @@
+# configuration file for util/mkerr.pl
+
+# The INPUT HEADER is scanned for declarations
+# LIBNAME       INPUT HEADER                    ERROR-TABLE FILE
+L ERR           NONE                            NONE
+L BN            include/openssl/bn.h            crypto/bn/bn_err.c
+L RSA           include/openssl/rsa.h           crypto/rsa/rsa_err.c
+L DH            include/openssl/dh.h            crypto/dh/dh_err.c
+L EVP           include/openssl/evp.h           crypto/evp/evp_err.c
+L BUF           include/openssl/buffer.h        crypto/buffer/buf_err.c
+L OBJ           include/openssl/objects.h       crypto/objects/obj_err.c
+L PEM           include/openssl/pem.h           crypto/pem/pem_err.c
+L DSA           include/openssl/dsa.h           crypto/dsa/dsa_err.c
+L X509          include/openssl/x509.h          crypto/x509/x509_err.c
+L ASN1          include/openssl/asn1.h          crypto/asn1/asn1_err.c
+L CONF          include/openssl/conf.h          crypto/conf/conf_err.c
+L CRYPTO        include/openssl/crypto.h        crypto/cpt_err.c
+L EC            include/openssl/ec.h            crypto/ec/ec_err.c
+L SSL           include/openssl/ssl.h           ssl/ssl_err.c
+L BIO           include/openssl/bio.h           crypto/bio/bio_err.c
+L PKCS7         include/openssl/pkcs7.h         crypto/pkcs7/pkcs7err.c
+L X509V3        include/openssl/x509v3.h        crypto/x509v3/v3err.c
+L PKCS12        include/openssl/pkcs12.h        crypto/pkcs12/pk12err.c
+L RAND          include/openssl/rand.h          crypto/rand/rand_err.c
+L DSO           include/internal/dso.h          crypto/dso/dso_err.c
+L ENGINE        include/openssl/engine.h        crypto/engine/eng_err.c
+L OCSP          include/openssl/ocsp.h          crypto/ocsp/ocsp_err.c
+L UI            include/openssl/ui.h            crypto/ui/ui_err.c
+L COMP          include/openssl/comp.h          crypto/comp/comp_err.c
+L TS            include/openssl/ts.h            crypto/ts/ts_err.c
+L CMS           include/openssl/cms.h           crypto/cms/cms_err.c
+L CT            include/openssl/ct.h            crypto/ct/ct_err.c
+L ASYNC         include/openssl/async.h         crypto/async/async_err.c
+L KDF           include/openssl/kdf.h           crypto/kdf/kdf_err.c
+L SM2           crypto/include/internal/sm2.h   crypto/sm2/sm2_err.c
+L OSSL_STORE    include/openssl/store.h         crypto/store/store_err.c
+
+# additional header files to be scanned for function names
+L NONE          include/openssl/x509_vfy.h      NONE
+L NONE          crypto/ec/ec_lcl.h              NONE
+L NONE          crypto/cms/cms_lcl.h            NONE
+L NONE          crypto/ct/ct_locl.h             NONE
+L NONE          ssl/ssl_locl.h                  NONE
+
+# SSL/TLS alerts
+R SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE          1010
+R SSL_R_SSLV3_ALERT_BAD_RECORD_MAC              1020
+R SSL_R_TLSV1_ALERT_DECRYPTION_FAILED           1021
+R SSL_R_TLSV1_ALERT_RECORD_OVERFLOW             1022
+R SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE       1030
+R SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE           1040
+R SSL_R_SSLV3_ALERT_NO_CERTIFICATE              1041
+R SSL_R_SSLV3_ALERT_BAD_CERTIFICATE             1042
+R SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE     1043
+R SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED         1044
+R SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED         1045
+R SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN         1046
+R SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER           1047
+R SSL_R_TLSV1_ALERT_UNKNOWN_CA                  1048
+R SSL_R_TLSV1_ALERT_ACCESS_DENIED               1049
+R SSL_R_TLSV1_ALERT_DECODE_ERROR                1050
+R SSL_R_TLSV1_ALERT_DECRYPT_ERROR               1051
+R SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION          1060
+R SSL_R_TLSV1_ALERT_PROTOCOL_VERSION            1070
+R SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY       1071
+R SSL_R_TLSV1_ALERT_INTERNAL_ERROR              1080
+R SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK      1086
+R SSL_R_TLSV1_ALERT_USER_CANCELLED              1090
+R SSL_R_TLSV1_ALERT_NO_RENEGOTIATION            1100
+R SSL_R_TLSV13_ALERT_MISSING_EXTENSION          1109
+R SSL_R_TLSV1_UNSUPPORTED_EXTENSION             1110
+R SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE          1111
+R SSL_R_TLSV1_UNRECOGNIZED_NAME                 1112
+R SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE   1113
+R SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE        1114
+R TLS1_AD_UNKNOWN_PSK_IDENTITY                  1115
+R SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED       1116
+R TLS1_AD_NO_APPLICATION_PROTOCOL               1120
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/err/openssl.txt b/trunk/3rdparty/openssl-1.1-fit/crypto/err/openssl.txt
new file mode 100644
index 000000000..feff1dccd
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/err/openssl.txt
@@ -0,0 +1,3033 @@
+# Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# Function codes
+ASN1_F_A2D_ASN1_OBJECT:100:a2d_ASN1_OBJECT
+ASN1_F_A2I_ASN1_INTEGER:102:a2i_ASN1_INTEGER
+ASN1_F_A2I_ASN1_STRING:103:a2i_ASN1_STRING
+ASN1_F_APPEND_EXP:176:append_exp
+ASN1_F_ASN1_BIO_INIT:113:asn1_bio_init
+ASN1_F_ASN1_BIT_STRING_SET_BIT:183:ASN1_BIT_STRING_set_bit
+ASN1_F_ASN1_CB:177:asn1_cb
+ASN1_F_ASN1_CHECK_TLEN:104:asn1_check_tlen
+ASN1_F_ASN1_COLLECT:106:asn1_collect
+ASN1_F_ASN1_D2I_EX_PRIMITIVE:108:asn1_d2i_ex_primitive
+ASN1_F_ASN1_D2I_FP:109:ASN1_d2i_fp
+ASN1_F_ASN1_D2I_READ_BIO:107:asn1_d2i_read_bio
+ASN1_F_ASN1_DIGEST:184:ASN1_digest
+ASN1_F_ASN1_DO_ADB:110:asn1_do_adb
+ASN1_F_ASN1_DO_LOCK:233:asn1_do_lock
+ASN1_F_ASN1_DUP:111:ASN1_dup
+ASN1_F_ASN1_ENC_SAVE:115:asn1_enc_save
+ASN1_F_ASN1_EX_C2I:204:asn1_ex_c2i
+ASN1_F_ASN1_FIND_END:190:asn1_find_end
+ASN1_F_ASN1_GENERALIZEDTIME_ADJ:216:ASN1_GENERALIZEDTIME_adj
+ASN1_F_ASN1_GENERATE_V3:178:ASN1_generate_v3
+ASN1_F_ASN1_GET_INT64:224:asn1_get_int64
+ASN1_F_ASN1_GET_OBJECT:114:ASN1_get_object
+ASN1_F_ASN1_GET_UINT64:225:asn1_get_uint64
+ASN1_F_ASN1_I2D_BIO:116:ASN1_i2d_bio
+ASN1_F_ASN1_I2D_FP:117:ASN1_i2d_fp
+ASN1_F_ASN1_ITEM_D2I_FP:206:ASN1_item_d2i_fp
+ASN1_F_ASN1_ITEM_DUP:191:ASN1_item_dup
+ASN1_F_ASN1_ITEM_EMBED_D2I:120:asn1_item_embed_d2i
+ASN1_F_ASN1_ITEM_EMBED_NEW:121:asn1_item_embed_new
+ASN1_F_ASN1_ITEM_FLAGS_I2D:118:asn1_item_flags_i2d
+ASN1_F_ASN1_ITEM_I2D_BIO:192:ASN1_item_i2d_bio
+ASN1_F_ASN1_ITEM_I2D_FP:193:ASN1_item_i2d_fp
+ASN1_F_ASN1_ITEM_PACK:198:ASN1_item_pack
+ASN1_F_ASN1_ITEM_SIGN:195:ASN1_item_sign
+ASN1_F_ASN1_ITEM_SIGN_CTX:220:ASN1_item_sign_ctx
+ASN1_F_ASN1_ITEM_UNPACK:199:ASN1_item_unpack
+ASN1_F_ASN1_ITEM_VERIFY:197:ASN1_item_verify
+ASN1_F_ASN1_MBSTRING_NCOPY:122:ASN1_mbstring_ncopy
+ASN1_F_ASN1_OBJECT_NEW:123:ASN1_OBJECT_new
+ASN1_F_ASN1_OUTPUT_DATA:214:asn1_output_data
+ASN1_F_ASN1_PCTX_NEW:205:ASN1_PCTX_new
+ASN1_F_ASN1_PRIMITIVE_NEW:119:asn1_primitive_new
+ASN1_F_ASN1_SCTX_NEW:221:ASN1_SCTX_new
+ASN1_F_ASN1_SIGN:128:ASN1_sign
+ASN1_F_ASN1_STR2TYPE:179:asn1_str2type
+ASN1_F_ASN1_STRING_GET_INT64:227:asn1_string_get_int64
+ASN1_F_ASN1_STRING_GET_UINT64:230:asn1_string_get_uint64
+ASN1_F_ASN1_STRING_SET:186:ASN1_STRING_set
+ASN1_F_ASN1_STRING_TABLE_ADD:129:ASN1_STRING_TABLE_add
+ASN1_F_ASN1_STRING_TO_BN:228:asn1_string_to_bn
+ASN1_F_ASN1_STRING_TYPE_NEW:130:ASN1_STRING_type_new
+ASN1_F_ASN1_TEMPLATE_EX_D2I:132:asn1_template_ex_d2i
+ASN1_F_ASN1_TEMPLATE_NEW:133:asn1_template_new
+ASN1_F_ASN1_TEMPLATE_NOEXP_D2I:131:asn1_template_noexp_d2i
+ASN1_F_ASN1_TIME_ADJ:217:ASN1_TIME_adj
+ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING:134:ASN1_TYPE_get_int_octetstring
+ASN1_F_ASN1_TYPE_GET_OCTETSTRING:135:ASN1_TYPE_get_octetstring
+ASN1_F_ASN1_UTCTIME_ADJ:218:ASN1_UTCTIME_adj
+ASN1_F_ASN1_VERIFY:137:ASN1_verify
+ASN1_F_B64_READ_ASN1:209:b64_read_asn1
+ASN1_F_B64_WRITE_ASN1:210:B64_write_ASN1
+ASN1_F_BIO_NEW_NDEF:208:BIO_new_NDEF
+ASN1_F_BITSTR_CB:180:bitstr_cb
+ASN1_F_BN_TO_ASN1_STRING:229:bn_to_asn1_string
+ASN1_F_C2I_ASN1_BIT_STRING:189:c2i_ASN1_BIT_STRING
+ASN1_F_C2I_ASN1_INTEGER:194:c2i_ASN1_INTEGER
+ASN1_F_C2I_ASN1_OBJECT:196:c2i_ASN1_OBJECT
+ASN1_F_C2I_IBUF:226:c2i_ibuf
+ASN1_F_C2I_UINT64_INT:101:c2i_uint64_int
+ASN1_F_COLLECT_DATA:140:collect_data
+ASN1_F_D2I_ASN1_OBJECT:147:d2i_ASN1_OBJECT
+ASN1_F_D2I_ASN1_UINTEGER:150:d2i_ASN1_UINTEGER
+ASN1_F_D2I_AUTOPRIVATEKEY:207:d2i_AutoPrivateKey
+ASN1_F_D2I_PRIVATEKEY:154:d2i_PrivateKey
+ASN1_F_D2I_PUBLICKEY:155:d2i_PublicKey
+ASN1_F_DO_BUF:142:do_buf
+ASN1_F_DO_CREATE:124:do_create
+ASN1_F_DO_DUMP:125:do_dump
+ASN1_F_DO_TCREATE:222:do_tcreate
+ASN1_F_I2A_ASN1_OBJECT:126:i2a_ASN1_OBJECT
+ASN1_F_I2D_ASN1_BIO_STREAM:211:i2d_ASN1_bio_stream
+ASN1_F_I2D_ASN1_OBJECT:143:i2d_ASN1_OBJECT
+ASN1_F_I2D_DSA_PUBKEY:161:i2d_DSA_PUBKEY
+ASN1_F_I2D_EC_PUBKEY:181:i2d_EC_PUBKEY
+ASN1_F_I2D_PRIVATEKEY:163:i2d_PrivateKey
+ASN1_F_I2D_PUBLICKEY:164:i2d_PublicKey
+ASN1_F_I2D_RSA_PUBKEY:165:i2d_RSA_PUBKEY
+ASN1_F_LONG_C2I:166:long_c2i
+ASN1_F_NDEF_PREFIX:127:ndef_prefix
+ASN1_F_NDEF_SUFFIX:136:ndef_suffix
+ASN1_F_OID_MODULE_INIT:174:oid_module_init
+ASN1_F_PARSE_TAGGING:182:parse_tagging
+ASN1_F_PKCS5_PBE2_SET_IV:167:PKCS5_pbe2_set_iv
+ASN1_F_PKCS5_PBE2_SET_SCRYPT:231:PKCS5_pbe2_set_scrypt
+ASN1_F_PKCS5_PBE_SET:202:PKCS5_pbe_set
+ASN1_F_PKCS5_PBE_SET0_ALGOR:215:PKCS5_pbe_set0_algor
+ASN1_F_PKCS5_PBKDF2_SET:219:PKCS5_pbkdf2_set
+ASN1_F_PKCS5_SCRYPT_SET:232:pkcs5_scrypt_set
+ASN1_F_SMIME_READ_ASN1:212:SMIME_read_ASN1
+ASN1_F_SMIME_TEXT:213:SMIME_text
+ASN1_F_STABLE_GET:138:stable_get
+ASN1_F_STBL_MODULE_INIT:223:stbl_module_init
+ASN1_F_UINT32_C2I:105:uint32_c2i
+ASN1_F_UINT32_NEW:139:uint32_new
+ASN1_F_UINT64_C2I:112:uint64_c2i
+ASN1_F_UINT64_NEW:141:uint64_new
+ASN1_F_X509_CRL_ADD0_REVOKED:169:X509_CRL_add0_revoked
+ASN1_F_X509_INFO_NEW:170:X509_INFO_new
+ASN1_F_X509_NAME_ENCODE:203:x509_name_encode
+ASN1_F_X509_NAME_EX_D2I:158:x509_name_ex_d2i
+ASN1_F_X509_NAME_EX_NEW:171:x509_name_ex_new
+ASN1_F_X509_PKEY_NEW:173:X509_PKEY_new
+ASYNC_F_ASYNC_CTX_NEW:100:async_ctx_new
+ASYNC_F_ASYNC_INIT_THREAD:101:ASYNC_init_thread
+ASYNC_F_ASYNC_JOB_NEW:102:async_job_new
+ASYNC_F_ASYNC_PAUSE_JOB:103:ASYNC_pause_job
+ASYNC_F_ASYNC_START_FUNC:104:async_start_func
+ASYNC_F_ASYNC_START_JOB:105:ASYNC_start_job
+ASYNC_F_ASYNC_WAIT_CTX_SET_WAIT_FD:106:ASYNC_WAIT_CTX_set_wait_fd
+BIO_F_ACPT_STATE:100:acpt_state
+BIO_F_ADDRINFO_WRAP:148:addrinfo_wrap
+BIO_F_ADDR_STRINGS:134:addr_strings
+BIO_F_BIO_ACCEPT:101:BIO_accept
+BIO_F_BIO_ACCEPT_EX:137:BIO_accept_ex
+BIO_F_BIO_ACCEPT_NEW:152:BIO_ACCEPT_new
+BIO_F_BIO_ADDR_NEW:144:BIO_ADDR_new
+BIO_F_BIO_BIND:147:BIO_bind
+BIO_F_BIO_CALLBACK_CTRL:131:BIO_callback_ctrl
+BIO_F_BIO_CONNECT:138:BIO_connect
+BIO_F_BIO_CONNECT_NEW:153:BIO_CONNECT_new
+BIO_F_BIO_CTRL:103:BIO_ctrl
+BIO_F_BIO_GETS:104:BIO_gets
+BIO_F_BIO_GET_HOST_IP:106:BIO_get_host_ip
+BIO_F_BIO_GET_NEW_INDEX:102:BIO_get_new_index
+BIO_F_BIO_GET_PORT:107:BIO_get_port
+BIO_F_BIO_LISTEN:139:BIO_listen
+BIO_F_BIO_LOOKUP:135:BIO_lookup
+BIO_F_BIO_LOOKUP_EX:143:BIO_lookup_ex
+BIO_F_BIO_MAKE_PAIR:121:bio_make_pair
+BIO_F_BIO_METH_NEW:146:BIO_meth_new
+BIO_F_BIO_NEW:108:BIO_new
+BIO_F_BIO_NEW_DGRAM_SCTP:145:BIO_new_dgram_sctp
+BIO_F_BIO_NEW_FILE:109:BIO_new_file
+BIO_F_BIO_NEW_MEM_BUF:126:BIO_new_mem_buf
+BIO_F_BIO_NREAD:123:BIO_nread
+BIO_F_BIO_NREAD0:124:BIO_nread0
+BIO_F_BIO_NWRITE:125:BIO_nwrite
+BIO_F_BIO_NWRITE0:122:BIO_nwrite0
+BIO_F_BIO_PARSE_HOSTSERV:136:BIO_parse_hostserv
+BIO_F_BIO_PUTS:110:BIO_puts
+BIO_F_BIO_READ:111:BIO_read
+BIO_F_BIO_READ_EX:105:BIO_read_ex
+BIO_F_BIO_READ_INTERN:120:bio_read_intern
+BIO_F_BIO_SOCKET:140:BIO_socket
+BIO_F_BIO_SOCKET_NBIO:142:BIO_socket_nbio
+BIO_F_BIO_SOCK_INFO:141:BIO_sock_info
+BIO_F_BIO_SOCK_INIT:112:BIO_sock_init
+BIO_F_BIO_WRITE:113:BIO_write
+BIO_F_BIO_WRITE_EX:119:BIO_write_ex
+BIO_F_BIO_WRITE_INTERN:128:bio_write_intern
+BIO_F_BUFFER_CTRL:114:buffer_ctrl
+BIO_F_CONN_CTRL:127:conn_ctrl
+BIO_F_CONN_STATE:115:conn_state
+BIO_F_DGRAM_SCTP_NEW:149:dgram_sctp_new
+BIO_F_DGRAM_SCTP_READ:132:dgram_sctp_read
+BIO_F_DGRAM_SCTP_WRITE:133:dgram_sctp_write
+BIO_F_DOAPR_OUTCH:150:doapr_outch
+BIO_F_FILE_CTRL:116:file_ctrl
+BIO_F_FILE_READ:130:file_read
+BIO_F_LINEBUFFER_CTRL:129:linebuffer_ctrl
+BIO_F_LINEBUFFER_NEW:151:linebuffer_new
+BIO_F_MEM_WRITE:117:mem_write
+BIO_F_NBIOF_NEW:154:nbiof_new
+BIO_F_SLG_WRITE:155:slg_write
+BIO_F_SSL_NEW:118:SSL_new
+BN_F_BNRAND:127:bnrand
+BN_F_BNRAND_RANGE:138:bnrand_range
+BN_F_BN_BLINDING_CONVERT_EX:100:BN_BLINDING_convert_ex
+BN_F_BN_BLINDING_CREATE_PARAM:128:BN_BLINDING_create_param
+BN_F_BN_BLINDING_INVERT_EX:101:BN_BLINDING_invert_ex
+BN_F_BN_BLINDING_NEW:102:BN_BLINDING_new
+BN_F_BN_BLINDING_UPDATE:103:BN_BLINDING_update
+BN_F_BN_BN2DEC:104:BN_bn2dec
+BN_F_BN_BN2HEX:105:BN_bn2hex
+BN_F_BN_COMPUTE_WNAF:142:bn_compute_wNAF
+BN_F_BN_CTX_GET:116:BN_CTX_get
+BN_F_BN_CTX_NEW:106:BN_CTX_new
+BN_F_BN_CTX_START:129:BN_CTX_start
+BN_F_BN_DIV:107:BN_div
+BN_F_BN_DIV_RECP:130:BN_div_recp
+BN_F_BN_EXP:123:BN_exp
+BN_F_BN_EXPAND_INTERNAL:120:bn_expand_internal
+BN_F_BN_GENCB_NEW:143:BN_GENCB_new
+BN_F_BN_GENERATE_DSA_NONCE:140:BN_generate_dsa_nonce
+BN_F_BN_GENERATE_PRIME_EX:141:BN_generate_prime_ex
+BN_F_BN_GF2M_MOD:131:BN_GF2m_mod
+BN_F_BN_GF2M_MOD_EXP:132:BN_GF2m_mod_exp
+BN_F_BN_GF2M_MOD_MUL:133:BN_GF2m_mod_mul
+BN_F_BN_GF2M_MOD_SOLVE_QUAD:134:BN_GF2m_mod_solve_quad
+BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR:135:BN_GF2m_mod_solve_quad_arr
+BN_F_BN_GF2M_MOD_SQR:136:BN_GF2m_mod_sqr
+BN_F_BN_GF2M_MOD_SQRT:137:BN_GF2m_mod_sqrt
+BN_F_BN_LSHIFT:145:BN_lshift
+BN_F_BN_MOD_EXP2_MONT:118:BN_mod_exp2_mont
+BN_F_BN_MOD_EXP_MONT:109:BN_mod_exp_mont
+BN_F_BN_MOD_EXP_MONT_CONSTTIME:124:BN_mod_exp_mont_consttime
+BN_F_BN_MOD_EXP_MONT_WORD:117:BN_mod_exp_mont_word
+BN_F_BN_MOD_EXP_RECP:125:BN_mod_exp_recp
+BN_F_BN_MOD_EXP_SIMPLE:126:BN_mod_exp_simple
+BN_F_BN_MOD_INVERSE:110:BN_mod_inverse
+BN_F_BN_MOD_INVERSE_NO_BRANCH:139:BN_mod_inverse_no_branch
+BN_F_BN_MOD_LSHIFT_QUICK:119:BN_mod_lshift_quick
+BN_F_BN_MOD_SQRT:121:BN_mod_sqrt
+BN_F_BN_MONT_CTX_NEW:149:BN_MONT_CTX_new
+BN_F_BN_MPI2BN:112:BN_mpi2bn
+BN_F_BN_NEW:113:BN_new
+BN_F_BN_POOL_GET:147:BN_POOL_get
+BN_F_BN_RAND:114:BN_rand
+BN_F_BN_RAND_RANGE:122:BN_rand_range
+BN_F_BN_RECP_CTX_NEW:150:BN_RECP_CTX_new
+BN_F_BN_RSHIFT:146:BN_rshift
+BN_F_BN_SET_WORDS:144:bn_set_words
+BN_F_BN_STACK_PUSH:148:BN_STACK_push
+BN_F_BN_USUB:115:BN_usub
+BUF_F_BUF_MEM_GROW:100:BUF_MEM_grow
+BUF_F_BUF_MEM_GROW_CLEAN:105:BUF_MEM_grow_clean
+BUF_F_BUF_MEM_NEW:101:BUF_MEM_new
+CMS_F_CHECK_CONTENT:99:check_content
+CMS_F_CMS_ADD0_CERT:164:CMS_add0_cert
+CMS_F_CMS_ADD0_RECIPIENT_KEY:100:CMS_add0_recipient_key
+CMS_F_CMS_ADD0_RECIPIENT_PASSWORD:165:CMS_add0_recipient_password
+CMS_F_CMS_ADD1_RECEIPTREQUEST:158:CMS_add1_ReceiptRequest
+CMS_F_CMS_ADD1_RECIPIENT_CERT:101:CMS_add1_recipient_cert
+CMS_F_CMS_ADD1_SIGNER:102:CMS_add1_signer
+CMS_F_CMS_ADD1_SIGNINGTIME:103:cms_add1_signingTime
+CMS_F_CMS_COMPRESS:104:CMS_compress
+CMS_F_CMS_COMPRESSEDDATA_CREATE:105:cms_CompressedData_create
+CMS_F_CMS_COMPRESSEDDATA_INIT_BIO:106:cms_CompressedData_init_bio
+CMS_F_CMS_COPY_CONTENT:107:cms_copy_content
+CMS_F_CMS_COPY_MESSAGEDIGEST:108:cms_copy_messageDigest
+CMS_F_CMS_DATA:109:CMS_data
+CMS_F_CMS_DATAFINAL:110:CMS_dataFinal
+CMS_F_CMS_DATAINIT:111:CMS_dataInit
+CMS_F_CMS_DECRYPT:112:CMS_decrypt
+CMS_F_CMS_DECRYPT_SET1_KEY:113:CMS_decrypt_set1_key
+CMS_F_CMS_DECRYPT_SET1_PASSWORD:166:CMS_decrypt_set1_password
+CMS_F_CMS_DECRYPT_SET1_PKEY:114:CMS_decrypt_set1_pkey
+CMS_F_CMS_DIGESTALGORITHM_FIND_CTX:115:cms_DigestAlgorithm_find_ctx
+CMS_F_CMS_DIGESTALGORITHM_INIT_BIO:116:cms_DigestAlgorithm_init_bio
+CMS_F_CMS_DIGESTEDDATA_DO_FINAL:117:cms_DigestedData_do_final
+CMS_F_CMS_DIGEST_VERIFY:118:CMS_digest_verify
+CMS_F_CMS_ENCODE_RECEIPT:161:cms_encode_Receipt
+CMS_F_CMS_ENCRYPT:119:CMS_encrypt
+CMS_F_CMS_ENCRYPTEDCONTENT_INIT:179:cms_EncryptedContent_init
+CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO:120:cms_EncryptedContent_init_bio
+CMS_F_CMS_ENCRYPTEDDATA_DECRYPT:121:CMS_EncryptedData_decrypt
+CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT:122:CMS_EncryptedData_encrypt
+CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY:123:CMS_EncryptedData_set1_key
+CMS_F_CMS_ENVELOPEDDATA_CREATE:124:CMS_EnvelopedData_create
+CMS_F_CMS_ENVELOPEDDATA_INIT_BIO:125:cms_EnvelopedData_init_bio
+CMS_F_CMS_ENVELOPED_DATA_INIT:126:cms_enveloped_data_init
+CMS_F_CMS_ENV_ASN1_CTRL:171:cms_env_asn1_ctrl
+CMS_F_CMS_FINAL:127:CMS_final
+CMS_F_CMS_GET0_CERTIFICATE_CHOICES:128:cms_get0_certificate_choices
+CMS_F_CMS_GET0_CONTENT:129:CMS_get0_content
+CMS_F_CMS_GET0_ECONTENT_TYPE:130:cms_get0_econtent_type
+CMS_F_CMS_GET0_ENVELOPED:131:cms_get0_enveloped
+CMS_F_CMS_GET0_REVOCATION_CHOICES:132:cms_get0_revocation_choices
+CMS_F_CMS_GET0_SIGNED:133:cms_get0_signed
+CMS_F_CMS_MSGSIGDIGEST_ADD1:162:cms_msgSigDigest_add1
+CMS_F_CMS_RECEIPTREQUEST_CREATE0:159:CMS_ReceiptRequest_create0
+CMS_F_CMS_RECEIPT_VERIFY:160:cms_Receipt_verify
+CMS_F_CMS_RECIPIENTINFO_DECRYPT:134:CMS_RecipientInfo_decrypt
+CMS_F_CMS_RECIPIENTINFO_ENCRYPT:169:CMS_RecipientInfo_encrypt
+CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT:178:cms_RecipientInfo_kari_encrypt
+CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG:175:CMS_RecipientInfo_kari_get0_alg
+CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID:173:\
+	CMS_RecipientInfo_kari_get0_orig_id
+CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS:172:CMS_RecipientInfo_kari_get0_reks
+CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP:174:CMS_RecipientInfo_kari_orig_id_cmp
+CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT:135:cms_RecipientInfo_kekri_decrypt
+CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT:136:cms_RecipientInfo_kekri_encrypt
+CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID:137:CMS_RecipientInfo_kekri_get0_id
+CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP:138:CMS_RecipientInfo_kekri_id_cmp
+CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP:139:CMS_RecipientInfo_ktri_cert_cmp
+CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT:140:cms_RecipientInfo_ktri_decrypt
+CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT:141:cms_RecipientInfo_ktri_encrypt
+CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS:142:CMS_RecipientInfo_ktri_get0_algs
+CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID:143:\
+	CMS_RecipientInfo_ktri_get0_signer_id
+CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT:167:cms_RecipientInfo_pwri_crypt
+CMS_F_CMS_RECIPIENTINFO_SET0_KEY:144:CMS_RecipientInfo_set0_key
+CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD:168:CMS_RecipientInfo_set0_password
+CMS_F_CMS_RECIPIENTINFO_SET0_PKEY:145:CMS_RecipientInfo_set0_pkey
+CMS_F_CMS_SD_ASN1_CTRL:170:cms_sd_asn1_ctrl
+CMS_F_CMS_SET1_IAS:176:cms_set1_ias
+CMS_F_CMS_SET1_KEYID:177:cms_set1_keyid
+CMS_F_CMS_SET1_SIGNERIDENTIFIER:146:cms_set1_SignerIdentifier
+CMS_F_CMS_SET_DETACHED:147:CMS_set_detached
+CMS_F_CMS_SIGN:148:CMS_sign
+CMS_F_CMS_SIGNED_DATA_INIT:149:cms_signed_data_init
+CMS_F_CMS_SIGNERINFO_CONTENT_SIGN:150:cms_SignerInfo_content_sign
+CMS_F_CMS_SIGNERINFO_SIGN:151:CMS_SignerInfo_sign
+CMS_F_CMS_SIGNERINFO_VERIFY:152:CMS_SignerInfo_verify
+CMS_F_CMS_SIGNERINFO_VERIFY_CERT:153:cms_signerinfo_verify_cert
+CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT:154:CMS_SignerInfo_verify_content
+CMS_F_CMS_SIGN_RECEIPT:163:CMS_sign_receipt
+CMS_F_CMS_STREAM:155:CMS_stream
+CMS_F_CMS_UNCOMPRESS:156:CMS_uncompress
+CMS_F_CMS_VERIFY:157:CMS_verify
+CMS_F_KEK_UNWRAP_KEY:180:kek_unwrap_key
+COMP_F_BIO_ZLIB_FLUSH:99:bio_zlib_flush
+COMP_F_BIO_ZLIB_NEW:100:bio_zlib_new
+COMP_F_BIO_ZLIB_READ:101:bio_zlib_read
+COMP_F_BIO_ZLIB_WRITE:102:bio_zlib_write
+COMP_F_COMP_CTX_NEW:103:COMP_CTX_new
+CONF_F_CONF_DUMP_FP:104:CONF_dump_fp
+CONF_F_CONF_LOAD:100:CONF_load
+CONF_F_CONF_LOAD_FP:103:CONF_load_fp
+CONF_F_CONF_PARSE_LIST:119:CONF_parse_list
+CONF_F_DEF_LOAD:120:def_load
+CONF_F_DEF_LOAD_BIO:121:def_load_bio
+CONF_F_GET_NEXT_FILE:107:get_next_file
+CONF_F_MODULE_ADD:122:module_add
+CONF_F_MODULE_INIT:115:module_init
+CONF_F_MODULE_LOAD_DSO:117:module_load_dso
+CONF_F_MODULE_RUN:118:module_run
+CONF_F_NCONF_DUMP_BIO:105:NCONF_dump_bio
+CONF_F_NCONF_DUMP_FP:106:NCONF_dump_fp
+CONF_F_NCONF_GET_NUMBER_E:112:NCONF_get_number_e
+CONF_F_NCONF_GET_SECTION:108:NCONF_get_section
+CONF_F_NCONF_GET_STRING:109:NCONF_get_string
+CONF_F_NCONF_LOAD:113:NCONF_load
+CONF_F_NCONF_LOAD_BIO:110:NCONF_load_bio
+CONF_F_NCONF_LOAD_FP:114:NCONF_load_fp
+CONF_F_NCONF_NEW:111:NCONF_new
+CONF_F_PROCESS_INCLUDE:116:process_include
+CONF_F_SSL_MODULE_INIT:123:ssl_module_init
+CONF_F_STR_COPY:101:str_copy
+CRYPTO_F_CMAC_CTX_NEW:120:CMAC_CTX_new
+CRYPTO_F_CRYPTO_DUP_EX_DATA:110:CRYPTO_dup_ex_data
+CRYPTO_F_CRYPTO_FREE_EX_DATA:111:CRYPTO_free_ex_data
+CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX:100:CRYPTO_get_ex_new_index
+CRYPTO_F_CRYPTO_MEMDUP:115:CRYPTO_memdup
+CRYPTO_F_CRYPTO_NEW_EX_DATA:112:CRYPTO_new_ex_data
+CRYPTO_F_CRYPTO_OCB128_COPY_CTX:121:CRYPTO_ocb128_copy_ctx
+CRYPTO_F_CRYPTO_OCB128_INIT:122:CRYPTO_ocb128_init
+CRYPTO_F_CRYPTO_SET_EX_DATA:102:CRYPTO_set_ex_data
+CRYPTO_F_FIPS_MODE_SET:109:FIPS_mode_set
+CRYPTO_F_GET_AND_LOCK:113:get_and_lock
+CRYPTO_F_OPENSSL_ATEXIT:114:OPENSSL_atexit
+CRYPTO_F_OPENSSL_BUF2HEXSTR:117:OPENSSL_buf2hexstr
+CRYPTO_F_OPENSSL_FOPEN:119:openssl_fopen
+CRYPTO_F_OPENSSL_HEXSTR2BUF:118:OPENSSL_hexstr2buf
+CRYPTO_F_OPENSSL_INIT_CRYPTO:116:OPENSSL_init_crypto
+CRYPTO_F_OPENSSL_LH_NEW:126:OPENSSL_LH_new
+CRYPTO_F_OPENSSL_SK_DEEP_COPY:127:OPENSSL_sk_deep_copy
+CRYPTO_F_OPENSSL_SK_DUP:128:OPENSSL_sk_dup
+CRYPTO_F_PKEY_HMAC_INIT:123:pkey_hmac_init
+CRYPTO_F_PKEY_POLY1305_INIT:124:pkey_poly1305_init
+CRYPTO_F_PKEY_SIPHASH_INIT:125:pkey_siphash_init
+CRYPTO_F_SK_RESERVE:129:sk_reserve
+CT_F_CTLOG_NEW:117:CTLOG_new
+CT_F_CTLOG_NEW_FROM_BASE64:118:CTLOG_new_from_base64
+CT_F_CTLOG_NEW_FROM_CONF:119:ctlog_new_from_conf
+CT_F_CTLOG_STORE_LOAD_CTX_NEW:122:ctlog_store_load_ctx_new
+CT_F_CTLOG_STORE_LOAD_FILE:123:CTLOG_STORE_load_file
+CT_F_CTLOG_STORE_LOAD_LOG:130:ctlog_store_load_log
+CT_F_CTLOG_STORE_NEW:131:CTLOG_STORE_new
+CT_F_CT_BASE64_DECODE:124:ct_base64_decode
+CT_F_CT_POLICY_EVAL_CTX_NEW:133:CT_POLICY_EVAL_CTX_new
+CT_F_CT_V1_LOG_ID_FROM_PKEY:125:ct_v1_log_id_from_pkey
+CT_F_I2O_SCT:107:i2o_SCT
+CT_F_I2O_SCT_LIST:108:i2o_SCT_LIST
+CT_F_I2O_SCT_SIGNATURE:109:i2o_SCT_signature
+CT_F_O2I_SCT:110:o2i_SCT
+CT_F_O2I_SCT_LIST:111:o2i_SCT_LIST
+CT_F_O2I_SCT_SIGNATURE:112:o2i_SCT_signature
+CT_F_SCT_CTX_NEW:126:SCT_CTX_new
+CT_F_SCT_CTX_VERIFY:128:SCT_CTX_verify
+CT_F_SCT_NEW:100:SCT_new
+CT_F_SCT_NEW_FROM_BASE64:127:SCT_new_from_base64
+CT_F_SCT_SET0_LOG_ID:101:SCT_set0_log_id
+CT_F_SCT_SET1_EXTENSIONS:114:SCT_set1_extensions
+CT_F_SCT_SET1_LOG_ID:115:SCT_set1_log_id
+CT_F_SCT_SET1_SIGNATURE:116:SCT_set1_signature
+CT_F_SCT_SET_LOG_ENTRY_TYPE:102:SCT_set_log_entry_type
+CT_F_SCT_SET_SIGNATURE_NID:103:SCT_set_signature_nid
+CT_F_SCT_SET_VERSION:104:SCT_set_version
+DH_F_COMPUTE_KEY:102:compute_key
+DH_F_DHPARAMS_PRINT_FP:101:DHparams_print_fp
+DH_F_DH_BUILTIN_GENPARAMS:106:dh_builtin_genparams
+DH_F_DH_CHECK_EX:121:DH_check_ex
+DH_F_DH_CHECK_PARAMS_EX:122:DH_check_params_ex
+DH_F_DH_CHECK_PUB_KEY_EX:123:DH_check_pub_key_ex
+DH_F_DH_CMS_DECRYPT:114:dh_cms_decrypt
+DH_F_DH_CMS_SET_PEERKEY:115:dh_cms_set_peerkey
+DH_F_DH_CMS_SET_SHARED_INFO:116:dh_cms_set_shared_info
+DH_F_DH_METH_DUP:117:DH_meth_dup
+DH_F_DH_METH_NEW:118:DH_meth_new
+DH_F_DH_METH_SET1_NAME:119:DH_meth_set1_name
+DH_F_DH_NEW_BY_NID:104:DH_new_by_nid
+DH_F_DH_NEW_METHOD:105:DH_new_method
+DH_F_DH_PARAM_DECODE:107:dh_param_decode
+DH_F_DH_PKEY_PUBLIC_CHECK:124:dh_pkey_public_check
+DH_F_DH_PRIV_DECODE:110:dh_priv_decode
+DH_F_DH_PRIV_ENCODE:111:dh_priv_encode
+DH_F_DH_PUB_DECODE:108:dh_pub_decode
+DH_F_DH_PUB_ENCODE:109:dh_pub_encode
+DH_F_DO_DH_PRINT:100:do_dh_print
+DH_F_GENERATE_KEY:103:generate_key
+DH_F_PKEY_DH_CTRL_STR:120:pkey_dh_ctrl_str
+DH_F_PKEY_DH_DERIVE:112:pkey_dh_derive
+DH_F_PKEY_DH_INIT:125:pkey_dh_init
+DH_F_PKEY_DH_KEYGEN:113:pkey_dh_keygen
+DSA_F_DSAPARAMS_PRINT:100:DSAparams_print
+DSA_F_DSAPARAMS_PRINT_FP:101:DSAparams_print_fp
+DSA_F_DSA_BUILTIN_PARAMGEN:125:dsa_builtin_paramgen
+DSA_F_DSA_BUILTIN_PARAMGEN2:126:dsa_builtin_paramgen2
+DSA_F_DSA_DO_SIGN:112:DSA_do_sign
+DSA_F_DSA_DO_VERIFY:113:DSA_do_verify
+DSA_F_DSA_METH_DUP:127:DSA_meth_dup
+DSA_F_DSA_METH_NEW:128:DSA_meth_new
+DSA_F_DSA_METH_SET1_NAME:129:DSA_meth_set1_name
+DSA_F_DSA_NEW_METHOD:103:DSA_new_method
+DSA_F_DSA_PARAM_DECODE:119:dsa_param_decode
+DSA_F_DSA_PRINT_FP:105:DSA_print_fp
+DSA_F_DSA_PRIV_DECODE:115:dsa_priv_decode
+DSA_F_DSA_PRIV_ENCODE:116:dsa_priv_encode
+DSA_F_DSA_PUB_DECODE:117:dsa_pub_decode
+DSA_F_DSA_PUB_ENCODE:118:dsa_pub_encode
+DSA_F_DSA_SIGN:106:DSA_sign
+DSA_F_DSA_SIGN_SETUP:107:DSA_sign_setup
+DSA_F_DSA_SIG_NEW:102:DSA_SIG_new
+DSA_F_OLD_DSA_PRIV_DECODE:122:old_dsa_priv_decode
+DSA_F_PKEY_DSA_CTRL:120:pkey_dsa_ctrl
+DSA_F_PKEY_DSA_CTRL_STR:104:pkey_dsa_ctrl_str
+DSA_F_PKEY_DSA_KEYGEN:121:pkey_dsa_keygen
+DSO_F_DLFCN_BIND_FUNC:100:dlfcn_bind_func
+DSO_F_DLFCN_LOAD:102:dlfcn_load
+DSO_F_DLFCN_MERGER:130:dlfcn_merger
+DSO_F_DLFCN_NAME_CONVERTER:123:dlfcn_name_converter
+DSO_F_DLFCN_UNLOAD:103:dlfcn_unload
+DSO_F_DL_BIND_FUNC:104:dl_bind_func
+DSO_F_DL_LOAD:106:dl_load
+DSO_F_DL_MERGER:131:dl_merger
+DSO_F_DL_NAME_CONVERTER:124:dl_name_converter
+DSO_F_DL_UNLOAD:107:dl_unload
+DSO_F_DSO_BIND_FUNC:108:DSO_bind_func
+DSO_F_DSO_CONVERT_FILENAME:126:DSO_convert_filename
+DSO_F_DSO_CTRL:110:DSO_ctrl
+DSO_F_DSO_FREE:111:DSO_free
+DSO_F_DSO_GET_FILENAME:127:DSO_get_filename
+DSO_F_DSO_GLOBAL_LOOKUP:139:DSO_global_lookup
+DSO_F_DSO_LOAD:112:DSO_load
+DSO_F_DSO_MERGE:132:DSO_merge
+DSO_F_DSO_NEW_METHOD:113:DSO_new_method
+DSO_F_DSO_PATHBYADDR:105:DSO_pathbyaddr
+DSO_F_DSO_SET_FILENAME:129:DSO_set_filename
+DSO_F_DSO_UP_REF:114:DSO_up_ref
+DSO_F_VMS_BIND_SYM:115:vms_bind_sym
+DSO_F_VMS_LOAD:116:vms_load
+DSO_F_VMS_MERGER:133:vms_merger
+DSO_F_VMS_UNLOAD:117:vms_unload
+DSO_F_WIN32_BIND_FUNC:101:win32_bind_func
+DSO_F_WIN32_GLOBALLOOKUP:142:win32_globallookup
+DSO_F_WIN32_JOINER:135:win32_joiner
+DSO_F_WIN32_LOAD:120:win32_load
+DSO_F_WIN32_MERGER:134:win32_merger
+DSO_F_WIN32_NAME_CONVERTER:125:win32_name_converter
+DSO_F_WIN32_PATHBYADDR:109:*
+DSO_F_WIN32_SPLITTER:136:win32_splitter
+DSO_F_WIN32_UNLOAD:121:win32_unload
+EC_F_BN_TO_FELEM:224:BN_to_felem
+EC_F_D2I_ECPARAMETERS:144:d2i_ECParameters
+EC_F_D2I_ECPKPARAMETERS:145:d2i_ECPKParameters
+EC_F_D2I_ECPRIVATEKEY:146:d2i_ECPrivateKey
+EC_F_DO_EC_KEY_PRINT:221:do_EC_KEY_print
+EC_F_ECDH_CMS_DECRYPT:238:ecdh_cms_decrypt
+EC_F_ECDH_CMS_SET_SHARED_INFO:239:ecdh_cms_set_shared_info
+EC_F_ECDH_COMPUTE_KEY:246:ECDH_compute_key
+EC_F_ECDH_SIMPLE_COMPUTE_KEY:257:ecdh_simple_compute_key
+EC_F_ECDSA_DO_SIGN_EX:251:ECDSA_do_sign_ex
+EC_F_ECDSA_DO_VERIFY:252:ECDSA_do_verify
+EC_F_ECDSA_SIGN_EX:254:ECDSA_sign_ex
+EC_F_ECDSA_SIGN_SETUP:248:ECDSA_sign_setup
+EC_F_ECDSA_SIG_NEW:265:ECDSA_SIG_new
+EC_F_ECDSA_VERIFY:253:ECDSA_verify
+EC_F_ECD_ITEM_VERIFY:270:ecd_item_verify
+EC_F_ECKEY_PARAM2TYPE:223:eckey_param2type
+EC_F_ECKEY_PARAM_DECODE:212:eckey_param_decode
+EC_F_ECKEY_PRIV_DECODE:213:eckey_priv_decode
+EC_F_ECKEY_PRIV_ENCODE:214:eckey_priv_encode
+EC_F_ECKEY_PUB_DECODE:215:eckey_pub_decode
+EC_F_ECKEY_PUB_ENCODE:216:eckey_pub_encode
+EC_F_ECKEY_TYPE2PARAM:220:eckey_type2param
+EC_F_ECPARAMETERS_PRINT:147:ECParameters_print
+EC_F_ECPARAMETERS_PRINT_FP:148:ECParameters_print_fp
+EC_F_ECPKPARAMETERS_PRINT:149:ECPKParameters_print
+EC_F_ECPKPARAMETERS_PRINT_FP:150:ECPKParameters_print_fp
+EC_F_ECP_NISTZ256_GET_AFFINE:240:ecp_nistz256_get_affine
+EC_F_ECP_NISTZ256_INV_MOD_ORD:275:ecp_nistz256_inv_mod_ord
+EC_F_ECP_NISTZ256_MULT_PRECOMPUTE:243:ecp_nistz256_mult_precompute
+EC_F_ECP_NISTZ256_POINTS_MUL:241:ecp_nistz256_points_mul
+EC_F_ECP_NISTZ256_PRE_COMP_NEW:244:ecp_nistz256_pre_comp_new
+EC_F_ECP_NISTZ256_WINDOWED_MUL:242:ecp_nistz256_windowed_mul
+EC_F_ECX_KEY_OP:266:ecx_key_op
+EC_F_ECX_PRIV_ENCODE:267:ecx_priv_encode
+EC_F_ECX_PUB_ENCODE:268:ecx_pub_encode
+EC_F_EC_ASN1_GROUP2CURVE:153:ec_asn1_group2curve
+EC_F_EC_ASN1_GROUP2FIELDID:154:ec_asn1_group2fieldid
+EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY:208:ec_GF2m_montgomery_point_multiply
+EC_F_EC_GF2M_SIMPLE_FIELD_INV:296:ec_GF2m_simple_field_inv
+EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT:159:\
+	ec_GF2m_simple_group_check_discriminant
+EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE:195:ec_GF2m_simple_group_set_curve
+EC_F_EC_GF2M_SIMPLE_LADDER_POST:285:ec_GF2m_simple_ladder_post
+EC_F_EC_GF2M_SIMPLE_LADDER_PRE:288:ec_GF2m_simple_ladder_pre
+EC_F_EC_GF2M_SIMPLE_OCT2POINT:160:ec_GF2m_simple_oct2point
+EC_F_EC_GF2M_SIMPLE_POINT2OCT:161:ec_GF2m_simple_point2oct
+EC_F_EC_GF2M_SIMPLE_POINTS_MUL:289:ec_GF2m_simple_points_mul
+EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES:162:\
+	ec_GF2m_simple_point_get_affine_coordinates
+EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES:163:\
+	ec_GF2m_simple_point_set_affine_coordinates
+EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES:164:\
+	ec_GF2m_simple_set_compressed_coordinates
+EC_F_EC_GFP_MONT_FIELD_DECODE:133:ec_GFp_mont_field_decode
+EC_F_EC_GFP_MONT_FIELD_ENCODE:134:ec_GFp_mont_field_encode
+EC_F_EC_GFP_MONT_FIELD_INV:297:ec_GFp_mont_field_inv
+EC_F_EC_GFP_MONT_FIELD_MUL:131:ec_GFp_mont_field_mul
+EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE:209:ec_GFp_mont_field_set_to_one
+EC_F_EC_GFP_MONT_FIELD_SQR:132:ec_GFp_mont_field_sqr
+EC_F_EC_GFP_MONT_GROUP_SET_CURVE:189:ec_GFp_mont_group_set_curve
+EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE:225:ec_GFp_nistp224_group_set_curve
+EC_F_EC_GFP_NISTP224_POINTS_MUL:228:ec_GFp_nistp224_points_mul
+EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES:226:\
+	ec_GFp_nistp224_point_get_affine_coordinates
+EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE:230:ec_GFp_nistp256_group_set_curve
+EC_F_EC_GFP_NISTP256_POINTS_MUL:231:ec_GFp_nistp256_points_mul
+EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES:232:\
+	ec_GFp_nistp256_point_get_affine_coordinates
+EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE:233:ec_GFp_nistp521_group_set_curve
+EC_F_EC_GFP_NISTP521_POINTS_MUL:234:ec_GFp_nistp521_points_mul
+EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES:235:\
+	ec_GFp_nistp521_point_get_affine_coordinates
+EC_F_EC_GFP_NIST_FIELD_MUL:200:ec_GFp_nist_field_mul
+EC_F_EC_GFP_NIST_FIELD_SQR:201:ec_GFp_nist_field_sqr
+EC_F_EC_GFP_NIST_GROUP_SET_CURVE:202:ec_GFp_nist_group_set_curve
+EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES:287:ec_GFp_simple_blind_coordinates
+EC_F_EC_GFP_SIMPLE_FIELD_INV:298:ec_GFp_simple_field_inv
+EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT:165:\
+	ec_GFp_simple_group_check_discriminant
+EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE:166:ec_GFp_simple_group_set_curve
+EC_F_EC_GFP_SIMPLE_MAKE_AFFINE:102:ec_GFp_simple_make_affine
+EC_F_EC_GFP_SIMPLE_OCT2POINT:103:ec_GFp_simple_oct2point
+EC_F_EC_GFP_SIMPLE_POINT2OCT:104:ec_GFp_simple_point2oct
+EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE:137:ec_GFp_simple_points_make_affine
+EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES:167:\
+	ec_GFp_simple_point_get_affine_coordinates
+EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES:168:\
+	ec_GFp_simple_point_set_affine_coordinates
+EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES:169:\
+	ec_GFp_simple_set_compressed_coordinates
+EC_F_EC_GROUP_CHECK:170:EC_GROUP_check
+EC_F_EC_GROUP_CHECK_DISCRIMINANT:171:EC_GROUP_check_discriminant
+EC_F_EC_GROUP_COPY:106:EC_GROUP_copy
+EC_F_EC_GROUP_GET_CURVE:291:EC_GROUP_get_curve
+EC_F_EC_GROUP_GET_CURVE_GF2M:172:EC_GROUP_get_curve_GF2m
+EC_F_EC_GROUP_GET_CURVE_GFP:130:EC_GROUP_get_curve_GFp
+EC_F_EC_GROUP_GET_DEGREE:173:EC_GROUP_get_degree
+EC_F_EC_GROUP_GET_ECPARAMETERS:261:EC_GROUP_get_ecparameters
+EC_F_EC_GROUP_GET_ECPKPARAMETERS:262:EC_GROUP_get_ecpkparameters
+EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS:193:EC_GROUP_get_pentanomial_basis
+EC_F_EC_GROUP_GET_TRINOMIAL_BASIS:194:EC_GROUP_get_trinomial_basis
+EC_F_EC_GROUP_NEW:108:EC_GROUP_new
+EC_F_EC_GROUP_NEW_BY_CURVE_NAME:174:EC_GROUP_new_by_curve_name
+EC_F_EC_GROUP_NEW_FROM_DATA:175:ec_group_new_from_data
+EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS:263:EC_GROUP_new_from_ecparameters
+EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS:264:EC_GROUP_new_from_ecpkparameters
+EC_F_EC_GROUP_SET_CURVE:292:EC_GROUP_set_curve
+EC_F_EC_GROUP_SET_CURVE_GF2M:176:EC_GROUP_set_curve_GF2m
+EC_F_EC_GROUP_SET_CURVE_GFP:109:EC_GROUP_set_curve_GFp
+EC_F_EC_GROUP_SET_GENERATOR:111:EC_GROUP_set_generator
+EC_F_EC_GROUP_SET_SEED:286:EC_GROUP_set_seed
+EC_F_EC_KEY_CHECK_KEY:177:EC_KEY_check_key
+EC_F_EC_KEY_COPY:178:EC_KEY_copy
+EC_F_EC_KEY_GENERATE_KEY:179:EC_KEY_generate_key
+EC_F_EC_KEY_NEW:182:EC_KEY_new
+EC_F_EC_KEY_NEW_METHOD:245:EC_KEY_new_method
+EC_F_EC_KEY_OCT2PRIV:255:EC_KEY_oct2priv
+EC_F_EC_KEY_PRINT:180:EC_KEY_print
+EC_F_EC_KEY_PRINT_FP:181:EC_KEY_print_fp
+EC_F_EC_KEY_PRIV2BUF:279:EC_KEY_priv2buf
+EC_F_EC_KEY_PRIV2OCT:256:EC_KEY_priv2oct
+EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES:229:\
+	EC_KEY_set_public_key_affine_coordinates
+EC_F_EC_KEY_SIMPLE_CHECK_KEY:258:ec_key_simple_check_key
+EC_F_EC_KEY_SIMPLE_OCT2PRIV:259:ec_key_simple_oct2priv
+EC_F_EC_KEY_SIMPLE_PRIV2OCT:260:ec_key_simple_priv2oct
+EC_F_EC_PKEY_CHECK:273:ec_pkey_check
+EC_F_EC_PKEY_PARAM_CHECK:274:ec_pkey_param_check
+EC_F_EC_POINTS_MAKE_AFFINE:136:EC_POINTs_make_affine
+EC_F_EC_POINTS_MUL:290:EC_POINTs_mul
+EC_F_EC_POINT_ADD:112:EC_POINT_add
+EC_F_EC_POINT_BN2POINT:280:EC_POINT_bn2point
+EC_F_EC_POINT_CMP:113:EC_POINT_cmp
+EC_F_EC_POINT_COPY:114:EC_POINT_copy
+EC_F_EC_POINT_DBL:115:EC_POINT_dbl
+EC_F_EC_POINT_GET_AFFINE_COORDINATES:293:EC_POINT_get_affine_coordinates
+EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M:183:\
+	EC_POINT_get_affine_coordinates_GF2m
+EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP:116:EC_POINT_get_affine_coordinates_GFp
+EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP:117:\
+	EC_POINT_get_Jprojective_coordinates_GFp
+EC_F_EC_POINT_INVERT:210:EC_POINT_invert
+EC_F_EC_POINT_IS_AT_INFINITY:118:EC_POINT_is_at_infinity
+EC_F_EC_POINT_IS_ON_CURVE:119:EC_POINT_is_on_curve
+EC_F_EC_POINT_MAKE_AFFINE:120:EC_POINT_make_affine
+EC_F_EC_POINT_NEW:121:EC_POINT_new
+EC_F_EC_POINT_OCT2POINT:122:EC_POINT_oct2point
+EC_F_EC_POINT_POINT2BUF:281:EC_POINT_point2buf
+EC_F_EC_POINT_POINT2OCT:123:EC_POINT_point2oct
+EC_F_EC_POINT_SET_AFFINE_COORDINATES:294:EC_POINT_set_affine_coordinates
+EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M:185:\
+	EC_POINT_set_affine_coordinates_GF2m
+EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP:124:EC_POINT_set_affine_coordinates_GFp
+EC_F_EC_POINT_SET_COMPRESSED_COORDINATES:295:EC_POINT_set_compressed_coordinates
+EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M:186:\
+	EC_POINT_set_compressed_coordinates_GF2m
+EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP:125:\
+	EC_POINT_set_compressed_coordinates_GFp
+EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP:126:\
+	EC_POINT_set_Jprojective_coordinates_GFp
+EC_F_EC_POINT_SET_TO_INFINITY:127:EC_POINT_set_to_infinity
+EC_F_EC_PRE_COMP_NEW:196:ec_pre_comp_new
+EC_F_EC_SCALAR_MUL_LADDER:284:ec_scalar_mul_ladder
+EC_F_EC_WNAF_MUL:187:ec_wNAF_mul
+EC_F_EC_WNAF_PRECOMPUTE_MULT:188:ec_wNAF_precompute_mult
+EC_F_I2D_ECPARAMETERS:190:i2d_ECParameters
+EC_F_I2D_ECPKPARAMETERS:191:i2d_ECPKParameters
+EC_F_I2D_ECPRIVATEKEY:192:i2d_ECPrivateKey
+EC_F_I2O_ECPUBLICKEY:151:i2o_ECPublicKey
+EC_F_NISTP224_PRE_COMP_NEW:227:nistp224_pre_comp_new
+EC_F_NISTP256_PRE_COMP_NEW:236:nistp256_pre_comp_new
+EC_F_NISTP521_PRE_COMP_NEW:237:nistp521_pre_comp_new
+EC_F_O2I_ECPUBLICKEY:152:o2i_ECPublicKey
+EC_F_OLD_EC_PRIV_DECODE:222:old_ec_priv_decode
+EC_F_OSSL_ECDH_COMPUTE_KEY:247:ossl_ecdh_compute_key
+EC_F_OSSL_ECDSA_SIGN_SIG:249:ossl_ecdsa_sign_sig
+EC_F_OSSL_ECDSA_VERIFY_SIG:250:ossl_ecdsa_verify_sig
+EC_F_PKEY_ECD_CTRL:271:pkey_ecd_ctrl
+EC_F_PKEY_ECD_DIGESTSIGN:272:pkey_ecd_digestsign
+EC_F_PKEY_ECD_DIGESTSIGN25519:276:pkey_ecd_digestsign25519
+EC_F_PKEY_ECD_DIGESTSIGN448:277:pkey_ecd_digestsign448
+EC_F_PKEY_ECX_DERIVE:269:pkey_ecx_derive
+EC_F_PKEY_EC_CTRL:197:pkey_ec_ctrl
+EC_F_PKEY_EC_CTRL_STR:198:pkey_ec_ctrl_str
+EC_F_PKEY_EC_DERIVE:217:pkey_ec_derive
+EC_F_PKEY_EC_INIT:282:pkey_ec_init
+EC_F_PKEY_EC_KDF_DERIVE:283:pkey_ec_kdf_derive
+EC_F_PKEY_EC_KEYGEN:199:pkey_ec_keygen
+EC_F_PKEY_EC_PARAMGEN:219:pkey_ec_paramgen
+EC_F_PKEY_EC_SIGN:218:pkey_ec_sign
+EC_F_VALIDATE_ECX_DERIVE:278:validate_ecx_derive
+ENGINE_F_DIGEST_UPDATE:198:digest_update
+ENGINE_F_DYNAMIC_CTRL:180:dynamic_ctrl
+ENGINE_F_DYNAMIC_GET_DATA_CTX:181:dynamic_get_data_ctx
+ENGINE_F_DYNAMIC_LOAD:182:dynamic_load
+ENGINE_F_DYNAMIC_SET_DATA_CTX:183:dynamic_set_data_ctx
+ENGINE_F_ENGINE_ADD:105:ENGINE_add
+ENGINE_F_ENGINE_BY_ID:106:ENGINE_by_id
+ENGINE_F_ENGINE_CMD_IS_EXECUTABLE:170:ENGINE_cmd_is_executable
+ENGINE_F_ENGINE_CTRL:142:ENGINE_ctrl
+ENGINE_F_ENGINE_CTRL_CMD:178:ENGINE_ctrl_cmd
+ENGINE_F_ENGINE_CTRL_CMD_STRING:171:ENGINE_ctrl_cmd_string
+ENGINE_F_ENGINE_FINISH:107:ENGINE_finish
+ENGINE_F_ENGINE_GET_CIPHER:185:ENGINE_get_cipher
+ENGINE_F_ENGINE_GET_DIGEST:186:ENGINE_get_digest
+ENGINE_F_ENGINE_GET_FIRST:195:ENGINE_get_first
+ENGINE_F_ENGINE_GET_LAST:196:ENGINE_get_last
+ENGINE_F_ENGINE_GET_NEXT:115:ENGINE_get_next
+ENGINE_F_ENGINE_GET_PKEY_ASN1_METH:193:ENGINE_get_pkey_asn1_meth
+ENGINE_F_ENGINE_GET_PKEY_METH:192:ENGINE_get_pkey_meth
+ENGINE_F_ENGINE_GET_PREV:116:ENGINE_get_prev
+ENGINE_F_ENGINE_INIT:119:ENGINE_init
+ENGINE_F_ENGINE_LIST_ADD:120:engine_list_add
+ENGINE_F_ENGINE_LIST_REMOVE:121:engine_list_remove
+ENGINE_F_ENGINE_LOAD_PRIVATE_KEY:150:ENGINE_load_private_key
+ENGINE_F_ENGINE_LOAD_PUBLIC_KEY:151:ENGINE_load_public_key
+ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT:194:ENGINE_load_ssl_client_cert
+ENGINE_F_ENGINE_NEW:122:ENGINE_new
+ENGINE_F_ENGINE_PKEY_ASN1_FIND_STR:197:ENGINE_pkey_asn1_find_str
+ENGINE_F_ENGINE_REMOVE:123:ENGINE_remove
+ENGINE_F_ENGINE_SET_DEFAULT_STRING:189:ENGINE_set_default_string
+ENGINE_F_ENGINE_SET_ID:129:ENGINE_set_id
+ENGINE_F_ENGINE_SET_NAME:130:ENGINE_set_name
+ENGINE_F_ENGINE_TABLE_REGISTER:184:engine_table_register
+ENGINE_F_ENGINE_UNLOCKED_FINISH:191:engine_unlocked_finish
+ENGINE_F_ENGINE_UP_REF:190:ENGINE_up_ref
+ENGINE_F_INT_CLEANUP_ITEM:199:int_cleanup_item
+ENGINE_F_INT_CTRL_HELPER:172:int_ctrl_helper
+ENGINE_F_INT_ENGINE_CONFIGURE:188:int_engine_configure
+ENGINE_F_INT_ENGINE_MODULE_INIT:187:int_engine_module_init
+ENGINE_F_OSSL_HMAC_INIT:200:ossl_hmac_init
+EVP_F_AESNI_INIT_KEY:165:aesni_init_key
+EVP_F_AES_GCM_CTRL:196:aes_gcm_ctrl
+EVP_F_AES_INIT_KEY:133:aes_init_key
+EVP_F_AES_OCB_CIPHER:169:aes_ocb_cipher
+EVP_F_AES_T4_INIT_KEY:178:aes_t4_init_key
+EVP_F_AES_WRAP_CIPHER:170:aes_wrap_cipher
+EVP_F_ALG_MODULE_INIT:177:alg_module_init
+EVP_F_ARIA_CCM_INIT_KEY:175:aria_ccm_init_key
+EVP_F_ARIA_GCM_CTRL:197:aria_gcm_ctrl
+EVP_F_ARIA_GCM_INIT_KEY:176:aria_gcm_init_key
+EVP_F_ARIA_INIT_KEY:185:aria_init_key
+EVP_F_B64_NEW:198:b64_new
+EVP_F_CAMELLIA_INIT_KEY:159:camellia_init_key
+EVP_F_CHACHA20_POLY1305_CTRL:182:chacha20_poly1305_ctrl
+EVP_F_CMLL_T4_INIT_KEY:179:cmll_t4_init_key
+EVP_F_DES_EDE3_WRAP_CIPHER:171:des_ede3_wrap_cipher
+EVP_F_DO_SIGVER_INIT:161:do_sigver_init
+EVP_F_ENC_NEW:199:enc_new
+EVP_F_EVP_CIPHERINIT_EX:123:EVP_CipherInit_ex
+EVP_F_EVP_CIPHER_ASN1_TO_PARAM:204:EVP_CIPHER_asn1_to_param
+EVP_F_EVP_CIPHER_CTX_COPY:163:EVP_CIPHER_CTX_copy
+EVP_F_EVP_CIPHER_CTX_CTRL:124:EVP_CIPHER_CTX_ctrl
+EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH:122:EVP_CIPHER_CTX_set_key_length
+EVP_F_EVP_CIPHER_PARAM_TO_ASN1:205:EVP_CIPHER_param_to_asn1
+EVP_F_EVP_DECRYPTFINAL_EX:101:EVP_DecryptFinal_ex
+EVP_F_EVP_DECRYPTUPDATE:166:EVP_DecryptUpdate
+EVP_F_EVP_DIGESTFINALXOF:174:EVP_DigestFinalXOF
+EVP_F_EVP_DIGESTINIT_EX:128:EVP_DigestInit_ex
+EVP_F_EVP_ENCRYPTDECRYPTUPDATE:219:evp_EncryptDecryptUpdate
+EVP_F_EVP_ENCRYPTFINAL_EX:127:EVP_EncryptFinal_ex
+EVP_F_EVP_ENCRYPTUPDATE:167:EVP_EncryptUpdate
+EVP_F_EVP_MD_CTX_COPY_EX:110:EVP_MD_CTX_copy_ex
+EVP_F_EVP_MD_SIZE:162:EVP_MD_size
+EVP_F_EVP_OPENINIT:102:EVP_OpenInit
+EVP_F_EVP_PBE_ALG_ADD:115:EVP_PBE_alg_add
+EVP_F_EVP_PBE_ALG_ADD_TYPE:160:EVP_PBE_alg_add_type
+EVP_F_EVP_PBE_CIPHERINIT:116:EVP_PBE_CipherInit
+EVP_F_EVP_PBE_SCRYPT:181:EVP_PBE_scrypt
+EVP_F_EVP_PKCS82PKEY:111:EVP_PKCS82PKEY
+EVP_F_EVP_PKEY2PKCS8:113:EVP_PKEY2PKCS8
+EVP_F_EVP_PKEY_ASN1_ADD0:188:EVP_PKEY_asn1_add0
+EVP_F_EVP_PKEY_CHECK:186:EVP_PKEY_check
+EVP_F_EVP_PKEY_COPY_PARAMETERS:103:EVP_PKEY_copy_parameters
+EVP_F_EVP_PKEY_CTX_CTRL:137:EVP_PKEY_CTX_ctrl
+EVP_F_EVP_PKEY_CTX_CTRL_STR:150:EVP_PKEY_CTX_ctrl_str
+EVP_F_EVP_PKEY_CTX_DUP:156:EVP_PKEY_CTX_dup
+EVP_F_EVP_PKEY_CTX_MD:168:EVP_PKEY_CTX_md
+EVP_F_EVP_PKEY_DECRYPT:104:EVP_PKEY_decrypt
+EVP_F_EVP_PKEY_DECRYPT_INIT:138:EVP_PKEY_decrypt_init
+EVP_F_EVP_PKEY_DECRYPT_OLD:151:EVP_PKEY_decrypt_old
+EVP_F_EVP_PKEY_DERIVE:153:EVP_PKEY_derive
+EVP_F_EVP_PKEY_DERIVE_INIT:154:EVP_PKEY_derive_init
+EVP_F_EVP_PKEY_DERIVE_SET_PEER:155:EVP_PKEY_derive_set_peer
+EVP_F_EVP_PKEY_ENCRYPT:105:EVP_PKEY_encrypt
+EVP_F_EVP_PKEY_ENCRYPT_INIT:139:EVP_PKEY_encrypt_init
+EVP_F_EVP_PKEY_ENCRYPT_OLD:152:EVP_PKEY_encrypt_old
+EVP_F_EVP_PKEY_GET0_DH:119:EVP_PKEY_get0_DH
+EVP_F_EVP_PKEY_GET0_DSA:120:EVP_PKEY_get0_DSA
+EVP_F_EVP_PKEY_GET0_EC_KEY:131:EVP_PKEY_get0_EC_KEY
+EVP_F_EVP_PKEY_GET0_HMAC:183:EVP_PKEY_get0_hmac
+EVP_F_EVP_PKEY_GET0_POLY1305:184:EVP_PKEY_get0_poly1305
+EVP_F_EVP_PKEY_GET0_RSA:121:EVP_PKEY_get0_RSA
+EVP_F_EVP_PKEY_GET0_SIPHASH:172:EVP_PKEY_get0_siphash
+EVP_F_EVP_PKEY_GET_RAW_PRIVATE_KEY:202:EVP_PKEY_get_raw_private_key
+EVP_F_EVP_PKEY_GET_RAW_PUBLIC_KEY:203:EVP_PKEY_get_raw_public_key
+EVP_F_EVP_PKEY_KEYGEN:146:EVP_PKEY_keygen
+EVP_F_EVP_PKEY_KEYGEN_INIT:147:EVP_PKEY_keygen_init
+EVP_F_EVP_PKEY_METH_ADD0:194:EVP_PKEY_meth_add0
+EVP_F_EVP_PKEY_METH_NEW:195:EVP_PKEY_meth_new
+EVP_F_EVP_PKEY_NEW:106:EVP_PKEY_new
+EVP_F_EVP_PKEY_NEW_CMAC_KEY:193:EVP_PKEY_new_CMAC_key
+EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY:191:EVP_PKEY_new_raw_private_key
+EVP_F_EVP_PKEY_NEW_RAW_PUBLIC_KEY:192:EVP_PKEY_new_raw_public_key
+EVP_F_EVP_PKEY_PARAMGEN:148:EVP_PKEY_paramgen
+EVP_F_EVP_PKEY_PARAMGEN_INIT:149:EVP_PKEY_paramgen_init
+EVP_F_EVP_PKEY_PARAM_CHECK:189:EVP_PKEY_param_check
+EVP_F_EVP_PKEY_PUBLIC_CHECK:190:EVP_PKEY_public_check
+EVP_F_EVP_PKEY_SET1_ENGINE:187:EVP_PKEY_set1_engine
+EVP_F_EVP_PKEY_SET_ALIAS_TYPE:206:EVP_PKEY_set_alias_type
+EVP_F_EVP_PKEY_SIGN:140:EVP_PKEY_sign
+EVP_F_EVP_PKEY_SIGN_INIT:141:EVP_PKEY_sign_init
+EVP_F_EVP_PKEY_VERIFY:142:EVP_PKEY_verify
+EVP_F_EVP_PKEY_VERIFY_INIT:143:EVP_PKEY_verify_init
+EVP_F_EVP_PKEY_VERIFY_RECOVER:144:EVP_PKEY_verify_recover
+EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT:145:EVP_PKEY_verify_recover_init
+EVP_F_EVP_SIGNFINAL:107:EVP_SignFinal
+EVP_F_EVP_VERIFYFINAL:108:EVP_VerifyFinal
+EVP_F_INT_CTX_NEW:157:int_ctx_new
+EVP_F_OK_NEW:200:ok_new
+EVP_F_PKCS5_PBE_KEYIVGEN:117:PKCS5_PBE_keyivgen
+EVP_F_PKCS5_V2_PBE_KEYIVGEN:118:PKCS5_v2_PBE_keyivgen
+EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN:164:PKCS5_v2_PBKDF2_keyivgen
+EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN:180:PKCS5_v2_scrypt_keyivgen
+EVP_F_PKEY_SET_TYPE:158:pkey_set_type
+EVP_F_RC2_MAGIC_TO_METH:109:rc2_magic_to_meth
+EVP_F_RC5_CTRL:125:rc5_ctrl
+EVP_F_S390X_AES_GCM_CTRL:201:s390x_aes_gcm_ctrl
+EVP_F_UPDATE:173:update
+KDF_F_PKEY_HKDF_CTRL_STR:103:pkey_hkdf_ctrl_str
+KDF_F_PKEY_HKDF_DERIVE:102:pkey_hkdf_derive
+KDF_F_PKEY_HKDF_INIT:108:pkey_hkdf_init
+KDF_F_PKEY_SCRYPT_CTRL_STR:104:pkey_scrypt_ctrl_str
+KDF_F_PKEY_SCRYPT_CTRL_UINT64:105:pkey_scrypt_ctrl_uint64
+KDF_F_PKEY_SCRYPT_DERIVE:109:pkey_scrypt_derive
+KDF_F_PKEY_SCRYPT_INIT:106:pkey_scrypt_init
+KDF_F_PKEY_SCRYPT_SET_MEMBUF:107:pkey_scrypt_set_membuf
+KDF_F_PKEY_TLS1_PRF_CTRL_STR:100:pkey_tls1_prf_ctrl_str
+KDF_F_PKEY_TLS1_PRF_DERIVE:101:pkey_tls1_prf_derive
+KDF_F_PKEY_TLS1_PRF_INIT:110:pkey_tls1_prf_init
+KDF_F_TLS1_PRF_ALG:111:tls1_prf_alg
+OBJ_F_OBJ_ADD_OBJECT:105:OBJ_add_object
+OBJ_F_OBJ_ADD_SIGID:107:OBJ_add_sigid
+OBJ_F_OBJ_CREATE:100:OBJ_create
+OBJ_F_OBJ_DUP:101:OBJ_dup
+OBJ_F_OBJ_NAME_NEW_INDEX:106:OBJ_NAME_new_index
+OBJ_F_OBJ_NID2LN:102:OBJ_nid2ln
+OBJ_F_OBJ_NID2OBJ:103:OBJ_nid2obj
+OBJ_F_OBJ_NID2SN:104:OBJ_nid2sn
+OBJ_F_OBJ_TXT2OBJ:108:OBJ_txt2obj
+OCSP_F_D2I_OCSP_NONCE:102:d2i_ocsp_nonce
+OCSP_F_OCSP_BASIC_ADD1_STATUS:103:OCSP_basic_add1_status
+OCSP_F_OCSP_BASIC_SIGN:104:OCSP_basic_sign
+OCSP_F_OCSP_BASIC_SIGN_CTX:119:OCSP_basic_sign_ctx
+OCSP_F_OCSP_BASIC_VERIFY:105:OCSP_basic_verify
+OCSP_F_OCSP_CERT_ID_NEW:101:OCSP_cert_id_new
+OCSP_F_OCSP_CHECK_DELEGATED:106:ocsp_check_delegated
+OCSP_F_OCSP_CHECK_IDS:107:ocsp_check_ids
+OCSP_F_OCSP_CHECK_ISSUER:108:ocsp_check_issuer
+OCSP_F_OCSP_CHECK_VALIDITY:115:OCSP_check_validity
+OCSP_F_OCSP_MATCH_ISSUERID:109:ocsp_match_issuerid
+OCSP_F_OCSP_PARSE_URL:114:OCSP_parse_url
+OCSP_F_OCSP_REQUEST_SIGN:110:OCSP_request_sign
+OCSP_F_OCSP_REQUEST_VERIFY:116:OCSP_request_verify
+OCSP_F_OCSP_RESPONSE_GET1_BASIC:111:OCSP_response_get1_basic
+OCSP_F_PARSE_HTTP_LINE1:118:parse_http_line1
+OSSL_STORE_F_FILE_CTRL:129:file_ctrl
+OSSL_STORE_F_FILE_FIND:138:file_find
+OSSL_STORE_F_FILE_GET_PASS:118:file_get_pass
+OSSL_STORE_F_FILE_LOAD:119:file_load
+OSSL_STORE_F_FILE_LOAD_TRY_DECODE:124:file_load_try_decode
+OSSL_STORE_F_FILE_NAME_TO_URI:126:file_name_to_uri
+OSSL_STORE_F_FILE_OPEN:120:file_open
+OSSL_STORE_F_OSSL_STORE_ATTACH_PEM_BIO:127:ossl_store_attach_pem_bio
+OSSL_STORE_F_OSSL_STORE_EXPECT:130:OSSL_STORE_expect
+OSSL_STORE_F_OSSL_STORE_FILE_ATTACH_PEM_BIO_INT:128:\
+	ossl_store_file_attach_pem_bio_int
+OSSL_STORE_F_OSSL_STORE_FIND:131:OSSL_STORE_find
+OSSL_STORE_F_OSSL_STORE_GET0_LOADER_INT:100:ossl_store_get0_loader_int
+OSSL_STORE_F_OSSL_STORE_INFO_GET1_CERT:101:OSSL_STORE_INFO_get1_CERT
+OSSL_STORE_F_OSSL_STORE_INFO_GET1_CRL:102:OSSL_STORE_INFO_get1_CRL
+OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME:103:OSSL_STORE_INFO_get1_NAME
+OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION:135:\
+	OSSL_STORE_INFO_get1_NAME_description
+OSSL_STORE_F_OSSL_STORE_INFO_GET1_PARAMS:104:OSSL_STORE_INFO_get1_PARAMS
+OSSL_STORE_F_OSSL_STORE_INFO_GET1_PKEY:105:OSSL_STORE_INFO_get1_PKEY
+OSSL_STORE_F_OSSL_STORE_INFO_NEW_CERT:106:OSSL_STORE_INFO_new_CERT
+OSSL_STORE_F_OSSL_STORE_INFO_NEW_CRL:107:OSSL_STORE_INFO_new_CRL
+OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED:123:ossl_store_info_new_EMBEDDED
+OSSL_STORE_F_OSSL_STORE_INFO_NEW_NAME:109:OSSL_STORE_INFO_new_NAME
+OSSL_STORE_F_OSSL_STORE_INFO_NEW_PARAMS:110:OSSL_STORE_INFO_new_PARAMS
+OSSL_STORE_F_OSSL_STORE_INFO_NEW_PKEY:111:OSSL_STORE_INFO_new_PKEY
+OSSL_STORE_F_OSSL_STORE_INFO_SET0_NAME_DESCRIPTION:134:\
+	OSSL_STORE_INFO_set0_NAME_description
+OSSL_STORE_F_OSSL_STORE_INIT_ONCE:112:ossl_store_init_once
+OSSL_STORE_F_OSSL_STORE_LOADER_NEW:113:OSSL_STORE_LOADER_new
+OSSL_STORE_F_OSSL_STORE_OPEN:114:OSSL_STORE_open
+OSSL_STORE_F_OSSL_STORE_OPEN_INT:115:*
+OSSL_STORE_F_OSSL_STORE_REGISTER_LOADER_INT:117:ossl_store_register_loader_int
+OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ALIAS:132:OSSL_STORE_SEARCH_by_alias
+OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ISSUER_SERIAL:133:\
+	OSSL_STORE_SEARCH_by_issuer_serial
+OSSL_STORE_F_OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT:136:\
+	OSSL_STORE_SEARCH_by_key_fingerprint
+OSSL_STORE_F_OSSL_STORE_SEARCH_BY_NAME:137:OSSL_STORE_SEARCH_by_name
+OSSL_STORE_F_OSSL_STORE_UNREGISTER_LOADER_INT:116:\
+	ossl_store_unregister_loader_int
+OSSL_STORE_F_TRY_DECODE_PARAMS:121:try_decode_params
+OSSL_STORE_F_TRY_DECODE_PKCS12:122:try_decode_PKCS12
+OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED:125:try_decode_PKCS8Encrypted
+PEM_F_B2I_DSS:127:b2i_dss
+PEM_F_B2I_PVK_BIO:128:b2i_PVK_bio
+PEM_F_B2I_RSA:129:b2i_rsa
+PEM_F_CHECK_BITLEN_DSA:130:check_bitlen_dsa
+PEM_F_CHECK_BITLEN_RSA:131:check_bitlen_rsa
+PEM_F_D2I_PKCS8PRIVATEKEY_BIO:120:d2i_PKCS8PrivateKey_bio
+PEM_F_D2I_PKCS8PRIVATEKEY_FP:121:d2i_PKCS8PrivateKey_fp
+PEM_F_DO_B2I:132:do_b2i
+PEM_F_DO_B2I_BIO:133:do_b2i_bio
+PEM_F_DO_BLOB_HEADER:134:do_blob_header
+PEM_F_DO_I2B:146:do_i2b
+PEM_F_DO_PK8PKEY:126:do_pk8pkey
+PEM_F_DO_PK8PKEY_FP:125:do_pk8pkey_fp
+PEM_F_DO_PVK_BODY:135:do_PVK_body
+PEM_F_DO_PVK_HEADER:136:do_PVK_header
+PEM_F_GET_HEADER_AND_DATA:143:get_header_and_data
+PEM_F_GET_NAME:144:get_name
+PEM_F_I2B_PVK:137:i2b_PVK
+PEM_F_I2B_PVK_BIO:138:i2b_PVK_bio
+PEM_F_LOAD_IV:101:load_iv
+PEM_F_PEM_ASN1_READ:102:PEM_ASN1_read
+PEM_F_PEM_ASN1_READ_BIO:103:PEM_ASN1_read_bio
+PEM_F_PEM_ASN1_WRITE:104:PEM_ASN1_write
+PEM_F_PEM_ASN1_WRITE_BIO:105:PEM_ASN1_write_bio
+PEM_F_PEM_DEF_CALLBACK:100:PEM_def_callback
+PEM_F_PEM_DO_HEADER:106:PEM_do_header
+PEM_F_PEM_GET_EVP_CIPHER_INFO:107:PEM_get_EVP_CIPHER_INFO
+PEM_F_PEM_READ:108:PEM_read
+PEM_F_PEM_READ_BIO:109:PEM_read_bio
+PEM_F_PEM_READ_BIO_DHPARAMS:141:PEM_read_bio_DHparams
+PEM_F_PEM_READ_BIO_EX:145:PEM_read_bio_ex
+PEM_F_PEM_READ_BIO_PARAMETERS:140:PEM_read_bio_Parameters
+PEM_F_PEM_READ_BIO_PRIVATEKEY:123:PEM_read_bio_PrivateKey
+PEM_F_PEM_READ_DHPARAMS:142:PEM_read_DHparams
+PEM_F_PEM_READ_PRIVATEKEY:124:PEM_read_PrivateKey
+PEM_F_PEM_SIGNFINAL:112:PEM_SignFinal
+PEM_F_PEM_WRITE:113:PEM_write
+PEM_F_PEM_WRITE_BIO:114:PEM_write_bio
+PEM_F_PEM_WRITE_PRIVATEKEY:139:PEM_write_PrivateKey
+PEM_F_PEM_X509_INFO_READ:115:PEM_X509_INFO_read
+PEM_F_PEM_X509_INFO_READ_BIO:116:PEM_X509_INFO_read_bio
+PEM_F_PEM_X509_INFO_WRITE_BIO:117:PEM_X509_INFO_write_bio
+PKCS12_F_OPENSSL_ASC2UNI:121:OPENSSL_asc2uni
+PKCS12_F_OPENSSL_UNI2ASC:124:OPENSSL_uni2asc
+PKCS12_F_OPENSSL_UNI2UTF8:127:OPENSSL_uni2utf8
+PKCS12_F_OPENSSL_UTF82UNI:129:OPENSSL_utf82uni
+PKCS12_F_PKCS12_CREATE:105:PKCS12_create
+PKCS12_F_PKCS12_GEN_MAC:107:PKCS12_gen_mac
+PKCS12_F_PKCS12_INIT:109:PKCS12_init
+PKCS12_F_PKCS12_ITEM_DECRYPT_D2I:106:PKCS12_item_decrypt_d2i
+PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT:108:PKCS12_item_i2d_encrypt
+PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG:117:PKCS12_item_pack_safebag
+PKCS12_F_PKCS12_KEY_GEN_ASC:110:PKCS12_key_gen_asc
+PKCS12_F_PKCS12_KEY_GEN_UNI:111:PKCS12_key_gen_uni
+PKCS12_F_PKCS12_KEY_GEN_UTF8:116:PKCS12_key_gen_utf8
+PKCS12_F_PKCS12_NEWPASS:128:PKCS12_newpass
+PKCS12_F_PKCS12_PACK_P7DATA:114:PKCS12_pack_p7data
+PKCS12_F_PKCS12_PACK_P7ENCDATA:115:PKCS12_pack_p7encdata
+PKCS12_F_PKCS12_PARSE:118:PKCS12_parse
+PKCS12_F_PKCS12_PBE_CRYPT:119:PKCS12_pbe_crypt
+PKCS12_F_PKCS12_PBE_KEYIVGEN:120:PKCS12_PBE_keyivgen
+PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF:112:PKCS12_SAFEBAG_create0_p8inf
+PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8:113:PKCS12_SAFEBAG_create0_pkcs8
+PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT:133:\
+	PKCS12_SAFEBAG_create_pkcs8_encrypt
+PKCS12_F_PKCS12_SETUP_MAC:122:PKCS12_setup_mac
+PKCS12_F_PKCS12_SET_MAC:123:PKCS12_set_mac
+PKCS12_F_PKCS12_UNPACK_AUTHSAFES:130:PKCS12_unpack_authsafes
+PKCS12_F_PKCS12_UNPACK_P7DATA:131:PKCS12_unpack_p7data
+PKCS12_F_PKCS12_VERIFY_MAC:126:PKCS12_verify_mac
+PKCS12_F_PKCS8_ENCRYPT:125:PKCS8_encrypt
+PKCS12_F_PKCS8_SET0_PBE:132:PKCS8_set0_pbe
+PKCS7_F_DO_PKCS7_SIGNED_ATTRIB:136:do_pkcs7_signed_attrib
+PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME:135:PKCS7_add0_attrib_signing_time
+PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP:118:PKCS7_add_attrib_smimecap
+PKCS7_F_PKCS7_ADD_CERTIFICATE:100:PKCS7_add_certificate
+PKCS7_F_PKCS7_ADD_CRL:101:PKCS7_add_crl
+PKCS7_F_PKCS7_ADD_RECIPIENT_INFO:102:PKCS7_add_recipient_info
+PKCS7_F_PKCS7_ADD_SIGNATURE:131:PKCS7_add_signature
+PKCS7_F_PKCS7_ADD_SIGNER:103:PKCS7_add_signer
+PKCS7_F_PKCS7_BIO_ADD_DIGEST:125:PKCS7_bio_add_digest
+PKCS7_F_PKCS7_COPY_EXISTING_DIGEST:138:pkcs7_copy_existing_digest
+PKCS7_F_PKCS7_CTRL:104:PKCS7_ctrl
+PKCS7_F_PKCS7_DATADECODE:112:PKCS7_dataDecode
+PKCS7_F_PKCS7_DATAFINAL:128:PKCS7_dataFinal
+PKCS7_F_PKCS7_DATAINIT:105:PKCS7_dataInit
+PKCS7_F_PKCS7_DATAVERIFY:107:PKCS7_dataVerify
+PKCS7_F_PKCS7_DECRYPT:114:PKCS7_decrypt
+PKCS7_F_PKCS7_DECRYPT_RINFO:133:pkcs7_decrypt_rinfo
+PKCS7_F_PKCS7_ENCODE_RINFO:132:pkcs7_encode_rinfo
+PKCS7_F_PKCS7_ENCRYPT:115:PKCS7_encrypt
+PKCS7_F_PKCS7_FINAL:134:PKCS7_final
+PKCS7_F_PKCS7_FIND_DIGEST:127:PKCS7_find_digest
+PKCS7_F_PKCS7_GET0_SIGNERS:124:PKCS7_get0_signers
+PKCS7_F_PKCS7_RECIP_INFO_SET:130:PKCS7_RECIP_INFO_set
+PKCS7_F_PKCS7_SET_CIPHER:108:PKCS7_set_cipher
+PKCS7_F_PKCS7_SET_CONTENT:109:PKCS7_set_content
+PKCS7_F_PKCS7_SET_DIGEST:126:PKCS7_set_digest
+PKCS7_F_PKCS7_SET_TYPE:110:PKCS7_set_type
+PKCS7_F_PKCS7_SIGN:116:PKCS7_sign
+PKCS7_F_PKCS7_SIGNATUREVERIFY:113:PKCS7_signatureVerify
+PKCS7_F_PKCS7_SIGNER_INFO_SET:129:PKCS7_SIGNER_INFO_set
+PKCS7_F_PKCS7_SIGNER_INFO_SIGN:139:PKCS7_SIGNER_INFO_sign
+PKCS7_F_PKCS7_SIGN_ADD_SIGNER:137:PKCS7_sign_add_signer
+PKCS7_F_PKCS7_SIMPLE_SMIMECAP:119:PKCS7_simple_smimecap
+PKCS7_F_PKCS7_VERIFY:117:PKCS7_verify
+RAND_F_DRBG_BYTES:101:drbg_bytes
+RAND_F_DRBG_GET_ENTROPY:105:drbg_get_entropy
+RAND_F_DRBG_SETUP:117:drbg_setup
+RAND_F_GET_ENTROPY:106:get_entropy
+RAND_F_RAND_BYTES:100:RAND_bytes
+RAND_F_RAND_DRBG_ENABLE_LOCKING:119:rand_drbg_enable_locking
+RAND_F_RAND_DRBG_GENERATE:107:RAND_DRBG_generate
+RAND_F_RAND_DRBG_GET_ENTROPY:120:rand_drbg_get_entropy
+RAND_F_RAND_DRBG_GET_NONCE:123:rand_drbg_get_nonce
+RAND_F_RAND_DRBG_INSTANTIATE:108:RAND_DRBG_instantiate
+RAND_F_RAND_DRBG_NEW:109:RAND_DRBG_new
+RAND_F_RAND_DRBG_RESEED:110:RAND_DRBG_reseed
+RAND_F_RAND_DRBG_RESTART:102:rand_drbg_restart
+RAND_F_RAND_DRBG_SET:104:RAND_DRBG_set
+RAND_F_RAND_DRBG_SET_DEFAULTS:121:RAND_DRBG_set_defaults
+RAND_F_RAND_DRBG_UNINSTANTIATE:118:RAND_DRBG_uninstantiate
+RAND_F_RAND_LOAD_FILE:111:RAND_load_file
+RAND_F_RAND_POOL_ACQUIRE_ENTROPY:122:rand_pool_acquire_entropy
+RAND_F_RAND_POOL_ADD:103:rand_pool_add
+RAND_F_RAND_POOL_ADD_BEGIN:113:rand_pool_add_begin
+RAND_F_RAND_POOL_ADD_END:114:rand_pool_add_end
+RAND_F_RAND_POOL_ATTACH:124:rand_pool_attach
+RAND_F_RAND_POOL_BYTES_NEEDED:115:rand_pool_bytes_needed
+RAND_F_RAND_POOL_NEW:116:rand_pool_new
+RAND_F_RAND_WRITE_FILE:112:RAND_write_file
+RSA_F_CHECK_PADDING_MD:140:check_padding_md
+RSA_F_ENCODE_PKCS1:146:encode_pkcs1
+RSA_F_INT_RSA_VERIFY:145:int_rsa_verify
+RSA_F_OLD_RSA_PRIV_DECODE:147:old_rsa_priv_decode
+RSA_F_PKEY_PSS_INIT:165:pkey_pss_init
+RSA_F_PKEY_RSA_CTRL:143:pkey_rsa_ctrl
+RSA_F_PKEY_RSA_CTRL_STR:144:pkey_rsa_ctrl_str
+RSA_F_PKEY_RSA_SIGN:142:pkey_rsa_sign
+RSA_F_PKEY_RSA_VERIFY:149:pkey_rsa_verify
+RSA_F_PKEY_RSA_VERIFYRECOVER:141:pkey_rsa_verifyrecover
+RSA_F_RSA_ALGOR_TO_MD:156:rsa_algor_to_md
+RSA_F_RSA_BUILTIN_KEYGEN:129:rsa_builtin_keygen
+RSA_F_RSA_CHECK_KEY:123:RSA_check_key
+RSA_F_RSA_CHECK_KEY_EX:160:RSA_check_key_ex
+RSA_F_RSA_CMS_DECRYPT:159:rsa_cms_decrypt
+RSA_F_RSA_CMS_VERIFY:158:rsa_cms_verify
+RSA_F_RSA_ITEM_VERIFY:148:rsa_item_verify
+RSA_F_RSA_METH_DUP:161:RSA_meth_dup
+RSA_F_RSA_METH_NEW:162:RSA_meth_new
+RSA_F_RSA_METH_SET1_NAME:163:RSA_meth_set1_name
+RSA_F_RSA_MGF1_TO_MD:157:*
+RSA_F_RSA_MULTIP_INFO_NEW:166:rsa_multip_info_new
+RSA_F_RSA_NEW_METHOD:106:RSA_new_method
+RSA_F_RSA_NULL:124:*
+RSA_F_RSA_NULL_PRIVATE_DECRYPT:132:*
+RSA_F_RSA_NULL_PRIVATE_ENCRYPT:133:*
+RSA_F_RSA_NULL_PUBLIC_DECRYPT:134:*
+RSA_F_RSA_NULL_PUBLIC_ENCRYPT:135:*
+RSA_F_RSA_OSSL_PRIVATE_DECRYPT:101:rsa_ossl_private_decrypt
+RSA_F_RSA_OSSL_PRIVATE_ENCRYPT:102:rsa_ossl_private_encrypt
+RSA_F_RSA_OSSL_PUBLIC_DECRYPT:103:rsa_ossl_public_decrypt
+RSA_F_RSA_OSSL_PUBLIC_ENCRYPT:104:rsa_ossl_public_encrypt
+RSA_F_RSA_PADDING_ADD_NONE:107:RSA_padding_add_none
+RSA_F_RSA_PADDING_ADD_PKCS1_OAEP:121:RSA_padding_add_PKCS1_OAEP
+RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1:154:RSA_padding_add_PKCS1_OAEP_mgf1
+RSA_F_RSA_PADDING_ADD_PKCS1_PSS:125:RSA_padding_add_PKCS1_PSS
+RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1:152:RSA_padding_add_PKCS1_PSS_mgf1
+RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1:108:RSA_padding_add_PKCS1_type_1
+RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2:109:RSA_padding_add_PKCS1_type_2
+RSA_F_RSA_PADDING_ADD_SSLV23:110:RSA_padding_add_SSLv23
+RSA_F_RSA_PADDING_ADD_X931:127:RSA_padding_add_X931
+RSA_F_RSA_PADDING_CHECK_NONE:111:RSA_padding_check_none
+RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP:122:RSA_padding_check_PKCS1_OAEP
+RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1:153:RSA_padding_check_PKCS1_OAEP_mgf1
+RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1:112:RSA_padding_check_PKCS1_type_1
+RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2:113:RSA_padding_check_PKCS1_type_2
+RSA_F_RSA_PADDING_CHECK_SSLV23:114:RSA_padding_check_SSLv23
+RSA_F_RSA_PADDING_CHECK_X931:128:RSA_padding_check_X931
+RSA_F_RSA_PARAM_DECODE:164:rsa_param_decode
+RSA_F_RSA_PRINT:115:RSA_print
+RSA_F_RSA_PRINT_FP:116:RSA_print_fp
+RSA_F_RSA_PRIV_DECODE:150:rsa_priv_decode
+RSA_F_RSA_PRIV_ENCODE:138:rsa_priv_encode
+RSA_F_RSA_PSS_GET_PARAM:151:rsa_pss_get_param
+RSA_F_RSA_PSS_TO_CTX:155:rsa_pss_to_ctx
+RSA_F_RSA_PUB_DECODE:139:rsa_pub_decode
+RSA_F_RSA_SETUP_BLINDING:136:RSA_setup_blinding
+RSA_F_RSA_SIGN:117:RSA_sign
+RSA_F_RSA_SIGN_ASN1_OCTET_STRING:118:RSA_sign_ASN1_OCTET_STRING
+RSA_F_RSA_VERIFY:119:RSA_verify
+RSA_F_RSA_VERIFY_ASN1_OCTET_STRING:120:RSA_verify_ASN1_OCTET_STRING
+RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1:126:RSA_verify_PKCS1_PSS_mgf1
+RSA_F_SETUP_TBUF:167:setup_tbuf
+SM2_F_PKEY_SM2_COPY:115:pkey_sm2_copy
+SM2_F_PKEY_SM2_CTRL:109:pkey_sm2_ctrl
+SM2_F_PKEY_SM2_CTRL_STR:110:pkey_sm2_ctrl_str
+SM2_F_PKEY_SM2_DIGEST_CUSTOM:114:pkey_sm2_digest_custom
+SM2_F_PKEY_SM2_INIT:111:pkey_sm2_init
+SM2_F_PKEY_SM2_SIGN:112:pkey_sm2_sign
+SM2_F_SM2_COMPUTE_MSG_HASH:100:sm2_compute_msg_hash
+SM2_F_SM2_COMPUTE_USERID_DIGEST:101:sm2_compute_userid_digest
+SM2_F_SM2_COMPUTE_Z_DIGEST:113:sm2_compute_z_digest
+SM2_F_SM2_DECRYPT:102:sm2_decrypt
+SM2_F_SM2_ENCRYPT:103:sm2_encrypt
+SM2_F_SM2_PLAINTEXT_SIZE:104:sm2_plaintext_size
+SM2_F_SM2_SIGN:105:sm2_sign
+SM2_F_SM2_SIG_GEN:106:sm2_sig_gen
+SM2_F_SM2_SIG_VERIFY:107:sm2_sig_verify
+SM2_F_SM2_VERIFY:108:sm2_verify
+SSL_F_ADD_CLIENT_KEY_SHARE_EXT:438:*
+SSL_F_ADD_KEY_SHARE:512:add_key_share
+SSL_F_BYTES_TO_CIPHER_LIST:519:bytes_to_cipher_list
+SSL_F_CHECK_SUITEB_CIPHER_LIST:331:check_suiteb_cipher_list
+SSL_F_CIPHERSUITE_CB:622:ciphersuite_cb
+SSL_F_CONSTRUCT_CA_NAMES:552:construct_ca_names
+SSL_F_CONSTRUCT_KEY_EXCHANGE_TBS:553:construct_key_exchange_tbs
+SSL_F_CONSTRUCT_STATEFUL_TICKET:636:construct_stateful_ticket
+SSL_F_CONSTRUCT_STATELESS_TICKET:637:construct_stateless_ticket
+SSL_F_CREATE_SYNTHETIC_MESSAGE_HASH:539:create_synthetic_message_hash
+SSL_F_CREATE_TICKET_PREQUEL:638:create_ticket_prequel
+SSL_F_CT_MOVE_SCTS:345:ct_move_scts
+SSL_F_CT_STRICT:349:ct_strict
+SSL_F_CUSTOM_EXT_ADD:554:custom_ext_add
+SSL_F_CUSTOM_EXT_PARSE:555:custom_ext_parse
+SSL_F_D2I_SSL_SESSION:103:d2i_SSL_SESSION
+SSL_F_DANE_CTX_ENABLE:347:dane_ctx_enable
+SSL_F_DANE_MTYPE_SET:393:dane_mtype_set
+SSL_F_DANE_TLSA_ADD:394:dane_tlsa_add
+SSL_F_DERIVE_SECRET_KEY_AND_IV:514:derive_secret_key_and_iv
+SSL_F_DO_DTLS1_WRITE:245:do_dtls1_write
+SSL_F_DO_SSL3_WRITE:104:do_ssl3_write
+SSL_F_DTLS1_BUFFER_RECORD:247:dtls1_buffer_record
+SSL_F_DTLS1_CHECK_TIMEOUT_NUM:318:dtls1_check_timeout_num
+SSL_F_DTLS1_HEARTBEAT:305:*
+SSL_F_DTLS1_HM_FRAGMENT_NEW:623:dtls1_hm_fragment_new
+SSL_F_DTLS1_PREPROCESS_FRAGMENT:288:dtls1_preprocess_fragment
+SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS:424:dtls1_process_buffered_records
+SSL_F_DTLS1_PROCESS_RECORD:257:dtls1_process_record
+SSL_F_DTLS1_READ_BYTES:258:dtls1_read_bytes
+SSL_F_DTLS1_READ_FAILED:339:dtls1_read_failed
+SSL_F_DTLS1_RETRANSMIT_MESSAGE:390:dtls1_retransmit_message
+SSL_F_DTLS1_WRITE_APP_DATA_BYTES:268:dtls1_write_app_data_bytes
+SSL_F_DTLS1_WRITE_BYTES:545:dtls1_write_bytes
+SSL_F_DTLSV1_LISTEN:350:DTLSv1_listen
+SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC:371:dtls_construct_change_cipher_spec
+SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST:385:\
+	dtls_construct_hello_verify_request
+SSL_F_DTLS_GET_REASSEMBLED_MESSAGE:370:dtls_get_reassembled_message
+SSL_F_DTLS_PROCESS_HELLO_VERIFY:386:dtls_process_hello_verify
+SSL_F_DTLS_RECORD_LAYER_NEW:635:DTLS_RECORD_LAYER_new
+SSL_F_DTLS_WAIT_FOR_DRY:592:dtls_wait_for_dry
+SSL_F_EARLY_DATA_COUNT_OK:532:early_data_count_ok
+SSL_F_FINAL_EARLY_DATA:556:final_early_data
+SSL_F_FINAL_EC_PT_FORMATS:485:final_ec_pt_formats
+SSL_F_FINAL_EMS:486:final_ems
+SSL_F_FINAL_KEY_SHARE:503:final_key_share
+SSL_F_FINAL_MAXFRAGMENTLEN:557:final_maxfragmentlen
+SSL_F_FINAL_RENEGOTIATE:483:final_renegotiate
+SSL_F_FINAL_SERVER_NAME:558:final_server_name
+SSL_F_FINAL_SIG_ALGS:497:final_sig_algs
+SSL_F_GET_CERT_VERIFY_TBS_DATA:588:get_cert_verify_tbs_data
+SSL_F_NSS_KEYLOG_INT:500:nss_keylog_int
+SSL_F_OPENSSL_INIT_SSL:342:OPENSSL_init_ssl
+SSL_F_OSSL_STATEM_CLIENT13_READ_TRANSITION:436:*
+SSL_F_OSSL_STATEM_CLIENT13_WRITE_TRANSITION:598:\
+	ossl_statem_client13_write_transition
+SSL_F_OSSL_STATEM_CLIENT_CONSTRUCT_MESSAGE:430:*
+SSL_F_OSSL_STATEM_CLIENT_POST_PROCESS_MESSAGE:593:\
+	ossl_statem_client_post_process_message
+SSL_F_OSSL_STATEM_CLIENT_PROCESS_MESSAGE:594:ossl_statem_client_process_message
+SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION:417:ossl_statem_client_read_transition
+SSL_F_OSSL_STATEM_CLIENT_WRITE_TRANSITION:599:\
+	ossl_statem_client_write_transition
+SSL_F_OSSL_STATEM_SERVER13_READ_TRANSITION:437:*
+SSL_F_OSSL_STATEM_SERVER13_WRITE_TRANSITION:600:\
+	ossl_statem_server13_write_transition
+SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE:431:*
+SSL_F_OSSL_STATEM_SERVER_POST_PROCESS_MESSAGE:601:\
+	ossl_statem_server_post_process_message
+SSL_F_OSSL_STATEM_SERVER_POST_WORK:602:ossl_statem_server_post_work
+SSL_F_OSSL_STATEM_SERVER_PROCESS_MESSAGE:603:ossl_statem_server_process_message
+SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION:418:ossl_statem_server_read_transition
+SSL_F_OSSL_STATEM_SERVER_WRITE_TRANSITION:604:\
+	ossl_statem_server_write_transition
+SSL_F_PARSE_CA_NAMES:541:parse_ca_names
+SSL_F_PITEM_NEW:624:pitem_new
+SSL_F_PQUEUE_NEW:625:pqueue_new
+SSL_F_PROCESS_KEY_SHARE_EXT:439:*
+SSL_F_READ_STATE_MACHINE:352:read_state_machine
+SSL_F_SET_CLIENT_CIPHERSUITE:540:set_client_ciphersuite
+SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET:595:srp_generate_client_master_secret
+SSL_F_SRP_GENERATE_SERVER_MASTER_SECRET:589:srp_generate_server_master_secret
+SSL_F_SRP_VERIFY_SERVER_PARAM:596:srp_verify_server_param
+SSL_F_SSL3_CHANGE_CIPHER_STATE:129:ssl3_change_cipher_state
+SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM:130:ssl3_check_cert_and_algorithm
+SSL_F_SSL3_CTRL:213:ssl3_ctrl
+SSL_F_SSL3_CTX_CTRL:133:ssl3_ctx_ctrl
+SSL_F_SSL3_DIGEST_CACHED_RECORDS:293:ssl3_digest_cached_records
+SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC:292:ssl3_do_change_cipher_spec
+SSL_F_SSL3_ENC:608:ssl3_enc
+SSL_F_SSL3_FINAL_FINISH_MAC:285:ssl3_final_finish_mac
+SSL_F_SSL3_FINISH_MAC:587:ssl3_finish_mac
+SSL_F_SSL3_GENERATE_KEY_BLOCK:238:ssl3_generate_key_block
+SSL_F_SSL3_GENERATE_MASTER_SECRET:388:ssl3_generate_master_secret
+SSL_F_SSL3_GET_RECORD:143:ssl3_get_record
+SSL_F_SSL3_INIT_FINISHED_MAC:397:ssl3_init_finished_mac
+SSL_F_SSL3_OUTPUT_CERT_CHAIN:147:ssl3_output_cert_chain
+SSL_F_SSL3_READ_BYTES:148:ssl3_read_bytes
+SSL_F_SSL3_READ_N:149:ssl3_read_n
+SSL_F_SSL3_SETUP_KEY_BLOCK:157:ssl3_setup_key_block
+SSL_F_SSL3_SETUP_READ_BUFFER:156:ssl3_setup_read_buffer
+SSL_F_SSL3_SETUP_WRITE_BUFFER:291:ssl3_setup_write_buffer
+SSL_F_SSL3_WRITE_BYTES:158:ssl3_write_bytes
+SSL_F_SSL3_WRITE_PENDING:159:ssl3_write_pending
+SSL_F_SSL_ADD_CERT_CHAIN:316:ssl_add_cert_chain
+SSL_F_SSL_ADD_CERT_TO_BUF:319:*
+SSL_F_SSL_ADD_CERT_TO_WPACKET:493:ssl_add_cert_to_wpacket
+SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT:298:*
+SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT:277:*
+SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT:307:*
+SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK:215:SSL_add_dir_cert_subjects_to_stack
+SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK:216:\
+	SSL_add_file_cert_subjects_to_stack
+SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT:299:*
+SSL_F_SSL_ADD_SERVERHELLO_TLSEXT:278:*
+SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT:308:*
+SSL_F_SSL_BAD_METHOD:160:ssl_bad_method
+SSL_F_SSL_BUILD_CERT_CHAIN:332:ssl_build_cert_chain
+SSL_F_SSL_BYTES_TO_CIPHER_LIST:161:SSL_bytes_to_cipher_list
+SSL_F_SSL_CACHE_CIPHERLIST:520:ssl_cache_cipherlist
+SSL_F_SSL_CERT_ADD0_CHAIN_CERT:346:ssl_cert_add0_chain_cert
+SSL_F_SSL_CERT_DUP:221:ssl_cert_dup
+SSL_F_SSL_CERT_NEW:162:ssl_cert_new
+SSL_F_SSL_CERT_SET0_CHAIN:340:ssl_cert_set0_chain
+SSL_F_SSL_CHECK_PRIVATE_KEY:163:SSL_check_private_key
+SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT:280:*
+SSL_F_SSL_CHECK_SRP_EXT_CLIENTHELLO:606:ssl_check_srp_ext_ClientHello
+SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG:279:ssl_check_srvr_ecc_cert_and_alg
+SSL_F_SSL_CHOOSE_CLIENT_VERSION:607:ssl_choose_client_version
+SSL_F_SSL_CIPHER_DESCRIPTION:626:SSL_CIPHER_description
+SSL_F_SSL_CIPHER_LIST_TO_BYTES:425:ssl_cipher_list_to_bytes
+SSL_F_SSL_CIPHER_PROCESS_RULESTR:230:ssl_cipher_process_rulestr
+SSL_F_SSL_CIPHER_STRENGTH_SORT:231:ssl_cipher_strength_sort
+SSL_F_SSL_CLEAR:164:SSL_clear
+SSL_F_SSL_CLIENT_HELLO_GET1_EXTENSIONS_PRESENT:627:\
+	SSL_client_hello_get1_extensions_present
+SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD:165:SSL_COMP_add_compression_method
+SSL_F_SSL_CONF_CMD:334:SSL_CONF_cmd
+SSL_F_SSL_CREATE_CIPHER_LIST:166:ssl_create_cipher_list
+SSL_F_SSL_CTRL:232:SSL_ctrl
+SSL_F_SSL_CTX_CHECK_PRIVATE_KEY:168:SSL_CTX_check_private_key
+SSL_F_SSL_CTX_ENABLE_CT:398:SSL_CTX_enable_ct
+SSL_F_SSL_CTX_MAKE_PROFILES:309:ssl_ctx_make_profiles
+SSL_F_SSL_CTX_NEW:169:SSL_CTX_new
+SSL_F_SSL_CTX_SET_ALPN_PROTOS:343:SSL_CTX_set_alpn_protos
+SSL_F_SSL_CTX_SET_CIPHER_LIST:269:SSL_CTX_set_cipher_list
+SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE:290:SSL_CTX_set_client_cert_engine
+SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK:396:SSL_CTX_set_ct_validation_callback
+SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT:219:SSL_CTX_set_session_id_context
+SSL_F_SSL_CTX_SET_SSL_VERSION:170:SSL_CTX_set_ssl_version
+SSL_F_SSL_CTX_SET_TLSEXT_MAX_FRAGMENT_LENGTH:551:\
+	SSL_CTX_set_tlsext_max_fragment_length
+SSL_F_SSL_CTX_USE_CERTIFICATE:171:SSL_CTX_use_certificate
+SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1:172:SSL_CTX_use_certificate_ASN1
+SSL_F_SSL_CTX_USE_CERTIFICATE_FILE:173:SSL_CTX_use_certificate_file
+SSL_F_SSL_CTX_USE_PRIVATEKEY:174:SSL_CTX_use_PrivateKey
+SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1:175:SSL_CTX_use_PrivateKey_ASN1
+SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE:176:SSL_CTX_use_PrivateKey_file
+SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT:272:SSL_CTX_use_psk_identity_hint
+SSL_F_SSL_CTX_USE_RSAPRIVATEKEY:177:SSL_CTX_use_RSAPrivateKey
+SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1:178:SSL_CTX_use_RSAPrivateKey_ASN1
+SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE:179:SSL_CTX_use_RSAPrivateKey_file
+SSL_F_SSL_CTX_USE_SERVERINFO:336:SSL_CTX_use_serverinfo
+SSL_F_SSL_CTX_USE_SERVERINFO_EX:543:SSL_CTX_use_serverinfo_ex
+SSL_F_SSL_CTX_USE_SERVERINFO_FILE:337:SSL_CTX_use_serverinfo_file
+SSL_F_SSL_DANE_DUP:403:ssl_dane_dup
+SSL_F_SSL_DANE_ENABLE:395:SSL_dane_enable
+SSL_F_SSL_DERIVE:590:ssl_derive
+SSL_F_SSL_DO_CONFIG:391:ssl_do_config
+SSL_F_SSL_DO_HANDSHAKE:180:SSL_do_handshake
+SSL_F_SSL_DUP_CA_LIST:408:SSL_dup_CA_list
+SSL_F_SSL_ENABLE_CT:402:SSL_enable_ct
+SSL_F_SSL_GENERATE_PKEY_GROUP:559:ssl_generate_pkey_group
+SSL_F_SSL_GENERATE_SESSION_ID:547:ssl_generate_session_id
+SSL_F_SSL_GET_NEW_SESSION:181:ssl_get_new_session
+SSL_F_SSL_GET_PREV_SESSION:217:ssl_get_prev_session
+SSL_F_SSL_GET_SERVER_CERT_INDEX:322:*
+SSL_F_SSL_GET_SIGN_PKEY:183:*
+SSL_F_SSL_HANDSHAKE_HASH:560:ssl_handshake_hash
+SSL_F_SSL_INIT_WBIO_BUFFER:184:ssl_init_wbio_buffer
+SSL_F_SSL_KEY_UPDATE:515:SSL_key_update
+SSL_F_SSL_LOAD_CLIENT_CA_FILE:185:SSL_load_client_CA_file
+SSL_F_SSL_LOG_MASTER_SECRET:498:*
+SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE:499:ssl_log_rsa_client_key_exchange
+SSL_F_SSL_MODULE_INIT:392:ssl_module_init
+SSL_F_SSL_NEW:186:SSL_new
+SSL_F_SSL_NEXT_PROTO_VALIDATE:565:ssl_next_proto_validate
+SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT:300:*
+SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT:302:*
+SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT:310:*
+SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT:301:*
+SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT:303:*
+SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT:311:*
+SSL_F_SSL_PEEK:270:SSL_peek
+SSL_F_SSL_PEEK_EX:432:SSL_peek_ex
+SSL_F_SSL_PEEK_INTERNAL:522:ssl_peek_internal
+SSL_F_SSL_READ:223:SSL_read
+SSL_F_SSL_READ_EARLY_DATA:529:SSL_read_early_data
+SSL_F_SSL_READ_EX:434:SSL_read_ex
+SSL_F_SSL_READ_INTERNAL:523:ssl_read_internal
+SSL_F_SSL_RENEGOTIATE:516:SSL_renegotiate
+SSL_F_SSL_RENEGOTIATE_ABBREVIATED:546:SSL_renegotiate_abbreviated
+SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT:320:*
+SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT:321:*
+SSL_F_SSL_SESSION_DUP:348:ssl_session_dup
+SSL_F_SSL_SESSION_NEW:189:SSL_SESSION_new
+SSL_F_SSL_SESSION_PRINT_FP:190:SSL_SESSION_print_fp
+SSL_F_SSL_SESSION_SET1_ID:423:SSL_SESSION_set1_id
+SSL_F_SSL_SESSION_SET1_ID_CONTEXT:312:SSL_SESSION_set1_id_context
+SSL_F_SSL_SET_ALPN_PROTOS:344:SSL_set_alpn_protos
+SSL_F_SSL_SET_CERT:191:ssl_set_cert
+SSL_F_SSL_SET_CERT_AND_KEY:621:ssl_set_cert_and_key
+SSL_F_SSL_SET_CIPHER_LIST:271:SSL_set_cipher_list
+SSL_F_SSL_SET_CT_VALIDATION_CALLBACK:399:SSL_set_ct_validation_callback
+SSL_F_SSL_SET_FD:192:SSL_set_fd
+SSL_F_SSL_SET_PKEY:193:ssl_set_pkey
+SSL_F_SSL_SET_RFD:194:SSL_set_rfd
+SSL_F_SSL_SET_SESSION:195:SSL_set_session
+SSL_F_SSL_SET_SESSION_ID_CONTEXT:218:SSL_set_session_id_context
+SSL_F_SSL_SET_SESSION_TICKET_EXT:294:SSL_set_session_ticket_ext
+SSL_F_SSL_SET_TLSEXT_MAX_FRAGMENT_LENGTH:550:SSL_set_tlsext_max_fragment_length
+SSL_F_SSL_SET_WFD:196:SSL_set_wfd
+SSL_F_SSL_SHUTDOWN:224:SSL_shutdown
+SSL_F_SSL_SRP_CTX_INIT:313:SSL_SRP_CTX_init
+SSL_F_SSL_START_ASYNC_JOB:389:ssl_start_async_job
+SSL_F_SSL_UNDEFINED_FUNCTION:197:ssl_undefined_function
+SSL_F_SSL_UNDEFINED_VOID_FUNCTION:244:ssl_undefined_void_function
+SSL_F_SSL_USE_CERTIFICATE:198:SSL_use_certificate
+SSL_F_SSL_USE_CERTIFICATE_ASN1:199:SSL_use_certificate_ASN1
+SSL_F_SSL_USE_CERTIFICATE_FILE:200:SSL_use_certificate_file
+SSL_F_SSL_USE_PRIVATEKEY:201:SSL_use_PrivateKey
+SSL_F_SSL_USE_PRIVATEKEY_ASN1:202:SSL_use_PrivateKey_ASN1
+SSL_F_SSL_USE_PRIVATEKEY_FILE:203:SSL_use_PrivateKey_file
+SSL_F_SSL_USE_PSK_IDENTITY_HINT:273:SSL_use_psk_identity_hint
+SSL_F_SSL_USE_RSAPRIVATEKEY:204:SSL_use_RSAPrivateKey
+SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1:205:SSL_use_RSAPrivateKey_ASN1
+SSL_F_SSL_USE_RSAPRIVATEKEY_FILE:206:SSL_use_RSAPrivateKey_file
+SSL_F_SSL_VALIDATE_CT:400:ssl_validate_ct
+SSL_F_SSL_VERIFY_CERT_CHAIN:207:ssl_verify_cert_chain
+SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE:616:SSL_verify_client_post_handshake
+SSL_F_SSL_WRITE:208:SSL_write
+SSL_F_SSL_WRITE_EARLY_DATA:526:SSL_write_early_data
+SSL_F_SSL_WRITE_EARLY_FINISH:527:*
+SSL_F_SSL_WRITE_EX:433:SSL_write_ex
+SSL_F_SSL_WRITE_INTERNAL:524:ssl_write_internal
+SSL_F_STATE_MACHINE:353:state_machine
+SSL_F_TLS12_CHECK_PEER_SIGALG:333:tls12_check_peer_sigalg
+SSL_F_TLS12_COPY_SIGALGS:533:tls12_copy_sigalgs
+SSL_F_TLS13_CHANGE_CIPHER_STATE:440:tls13_change_cipher_state
+SSL_F_TLS13_ENC:609:tls13_enc
+SSL_F_TLS13_FINAL_FINISH_MAC:605:tls13_final_finish_mac
+SSL_F_TLS13_GENERATE_SECRET:591:tls13_generate_secret
+SSL_F_TLS13_HKDF_EXPAND:561:tls13_hkdf_expand
+SSL_F_TLS13_RESTORE_HANDSHAKE_DIGEST_FOR_PHA:617:\
+	tls13_restore_handshake_digest_for_pha
+SSL_F_TLS13_SAVE_HANDSHAKE_DIGEST_FOR_PHA:618:\
+	tls13_save_handshake_digest_for_pha
+SSL_F_TLS13_SETUP_KEY_BLOCK:441:tls13_setup_key_block
+SSL_F_TLS1_CHANGE_CIPHER_STATE:209:tls1_change_cipher_state
+SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS:341:*
+SSL_F_TLS1_ENC:401:tls1_enc
+SSL_F_TLS1_EXPORT_KEYING_MATERIAL:314:tls1_export_keying_material
+SSL_F_TLS1_GET_CURVELIST:338:tls1_get_curvelist
+SSL_F_TLS1_PRF:284:tls1_PRF
+SSL_F_TLS1_SAVE_U16:628:tls1_save_u16
+SSL_F_TLS1_SETUP_KEY_BLOCK:211:tls1_setup_key_block
+SSL_F_TLS1_SET_GROUPS:629:tls1_set_groups
+SSL_F_TLS1_SET_RAW_SIGALGS:630:tls1_set_raw_sigalgs
+SSL_F_TLS1_SET_SERVER_SIGALGS:335:tls1_set_server_sigalgs
+SSL_F_TLS1_SET_SHARED_SIGALGS:631:tls1_set_shared_sigalgs
+SSL_F_TLS1_SET_SIGALGS:632:tls1_set_sigalgs
+SSL_F_TLS_CHOOSE_SIGALG:513:tls_choose_sigalg
+SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK:354:tls_client_key_exchange_post_work
+SSL_F_TLS_COLLECT_EXTENSIONS:435:tls_collect_extensions
+SSL_F_TLS_CONSTRUCT_CERTIFICATE_AUTHORITIES:542:\
+	tls_construct_certificate_authorities
+SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST:372:tls_construct_certificate_request
+SSL_F_TLS_CONSTRUCT_CERT_STATUS:429:*
+SSL_F_TLS_CONSTRUCT_CERT_STATUS_BODY:494:tls_construct_cert_status_body
+SSL_F_TLS_CONSTRUCT_CERT_VERIFY:496:tls_construct_cert_verify
+SSL_F_TLS_CONSTRUCT_CHANGE_CIPHER_SPEC:427:tls_construct_change_cipher_spec
+SSL_F_TLS_CONSTRUCT_CKE_DHE:404:tls_construct_cke_dhe
+SSL_F_TLS_CONSTRUCT_CKE_ECDHE:405:tls_construct_cke_ecdhe
+SSL_F_TLS_CONSTRUCT_CKE_GOST:406:tls_construct_cke_gost
+SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE:407:tls_construct_cke_psk_preamble
+SSL_F_TLS_CONSTRUCT_CKE_RSA:409:tls_construct_cke_rsa
+SSL_F_TLS_CONSTRUCT_CKE_SRP:410:tls_construct_cke_srp
+SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE:484:tls_construct_client_certificate
+SSL_F_TLS_CONSTRUCT_CLIENT_HELLO:487:tls_construct_client_hello
+SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE:488:tls_construct_client_key_exchange
+SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY:489:*
+SSL_F_TLS_CONSTRUCT_CTOS_ALPN:466:tls_construct_ctos_alpn
+SSL_F_TLS_CONSTRUCT_CTOS_CERTIFICATE:355:*
+SSL_F_TLS_CONSTRUCT_CTOS_COOKIE:535:tls_construct_ctos_cookie
+SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA:530:tls_construct_ctos_early_data
+SSL_F_TLS_CONSTRUCT_CTOS_EC_PT_FORMATS:467:tls_construct_ctos_ec_pt_formats
+SSL_F_TLS_CONSTRUCT_CTOS_EMS:468:tls_construct_ctos_ems
+SSL_F_TLS_CONSTRUCT_CTOS_ETM:469:tls_construct_ctos_etm
+SSL_F_TLS_CONSTRUCT_CTOS_HELLO:356:*
+SSL_F_TLS_CONSTRUCT_CTOS_KEY_EXCHANGE:357:*
+SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE:470:tls_construct_ctos_key_share
+SSL_F_TLS_CONSTRUCT_CTOS_MAXFRAGMENTLEN:549:tls_construct_ctos_maxfragmentlen
+SSL_F_TLS_CONSTRUCT_CTOS_NPN:471:tls_construct_ctos_npn
+SSL_F_TLS_CONSTRUCT_CTOS_PADDING:472:tls_construct_ctos_padding
+SSL_F_TLS_CONSTRUCT_CTOS_POST_HANDSHAKE_AUTH:619:\
+	tls_construct_ctos_post_handshake_auth
+SSL_F_TLS_CONSTRUCT_CTOS_PSK:501:tls_construct_ctos_psk
+SSL_F_TLS_CONSTRUCT_CTOS_PSK_KEX_MODES:509:tls_construct_ctos_psk_kex_modes
+SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE:473:tls_construct_ctos_renegotiate
+SSL_F_TLS_CONSTRUCT_CTOS_SCT:474:tls_construct_ctos_sct
+SSL_F_TLS_CONSTRUCT_CTOS_SERVER_NAME:475:tls_construct_ctos_server_name
+SSL_F_TLS_CONSTRUCT_CTOS_SESSION_TICKET:476:tls_construct_ctos_session_ticket
+SSL_F_TLS_CONSTRUCT_CTOS_SIG_ALGS:477:tls_construct_ctos_sig_algs
+SSL_F_TLS_CONSTRUCT_CTOS_SRP:478:tls_construct_ctos_srp
+SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST:479:tls_construct_ctos_status_request
+SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS:480:\
+	tls_construct_ctos_supported_groups
+SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS:481:\
+	tls_construct_ctos_supported_versions
+SSL_F_TLS_CONSTRUCT_CTOS_USE_SRTP:482:tls_construct_ctos_use_srtp
+SSL_F_TLS_CONSTRUCT_CTOS_VERIFY:358:*
+SSL_F_TLS_CONSTRUCT_ENCRYPTED_EXTENSIONS:443:tls_construct_encrypted_extensions
+SSL_F_TLS_CONSTRUCT_END_OF_EARLY_DATA:536:tls_construct_end_of_early_data
+SSL_F_TLS_CONSTRUCT_EXTENSIONS:447:tls_construct_extensions
+SSL_F_TLS_CONSTRUCT_FINISHED:359:tls_construct_finished
+SSL_F_TLS_CONSTRUCT_HELLO_REQUEST:373:*
+SSL_F_TLS_CONSTRUCT_HELLO_RETRY_REQUEST:510:tls_construct_hello_retry_request
+SSL_F_TLS_CONSTRUCT_KEY_UPDATE:517:tls_construct_key_update
+SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET:428:tls_construct_new_session_ticket
+SSL_F_TLS_CONSTRUCT_NEXT_PROTO:426:tls_construct_next_proto
+SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE:490:tls_construct_server_certificate
+SSL_F_TLS_CONSTRUCT_SERVER_HELLO:491:tls_construct_server_hello
+SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE:492:tls_construct_server_key_exchange
+SSL_F_TLS_CONSTRUCT_STOC_ALPN:451:tls_construct_stoc_alpn
+SSL_F_TLS_CONSTRUCT_STOC_CERTIFICATE:374:*
+SSL_F_TLS_CONSTRUCT_STOC_COOKIE:613:tls_construct_stoc_cookie
+SSL_F_TLS_CONSTRUCT_STOC_CRYPTOPRO_BUG:452:tls_construct_stoc_cryptopro_bug
+SSL_F_TLS_CONSTRUCT_STOC_DONE:375:*
+SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA:531:tls_construct_stoc_early_data
+SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA_INFO:525:*
+SSL_F_TLS_CONSTRUCT_STOC_EC_PT_FORMATS:453:tls_construct_stoc_ec_pt_formats
+SSL_F_TLS_CONSTRUCT_STOC_EMS:454:tls_construct_stoc_ems
+SSL_F_TLS_CONSTRUCT_STOC_ETM:455:tls_construct_stoc_etm
+SSL_F_TLS_CONSTRUCT_STOC_HELLO:376:*
+SSL_F_TLS_CONSTRUCT_STOC_KEY_EXCHANGE:377:*
+SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE:456:tls_construct_stoc_key_share
+SSL_F_TLS_CONSTRUCT_STOC_MAXFRAGMENTLEN:548:tls_construct_stoc_maxfragmentlen
+SSL_F_TLS_CONSTRUCT_STOC_NEXT_PROTO_NEG:457:tls_construct_stoc_next_proto_neg
+SSL_F_TLS_CONSTRUCT_STOC_PSK:504:tls_construct_stoc_psk
+SSL_F_TLS_CONSTRUCT_STOC_RENEGOTIATE:458:tls_construct_stoc_renegotiate
+SSL_F_TLS_CONSTRUCT_STOC_SERVER_NAME:459:tls_construct_stoc_server_name
+SSL_F_TLS_CONSTRUCT_STOC_SESSION_TICKET:460:tls_construct_stoc_session_ticket
+SSL_F_TLS_CONSTRUCT_STOC_STATUS_REQUEST:461:tls_construct_stoc_status_request
+SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS:544:\
+	tls_construct_stoc_supported_groups
+SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS:611:\
+	tls_construct_stoc_supported_versions
+SSL_F_TLS_CONSTRUCT_STOC_USE_SRTP:462:tls_construct_stoc_use_srtp
+SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO:521:\
+	tls_early_post_process_client_hello
+SSL_F_TLS_FINISH_HANDSHAKE:597:tls_finish_handshake
+SSL_F_TLS_GET_MESSAGE_BODY:351:tls_get_message_body
+SSL_F_TLS_GET_MESSAGE_HEADER:387:tls_get_message_header
+SSL_F_TLS_HANDLE_ALPN:562:tls_handle_alpn
+SSL_F_TLS_HANDLE_STATUS_REQUEST:563:tls_handle_status_request
+SSL_F_TLS_PARSE_CERTIFICATE_AUTHORITIES:566:tls_parse_certificate_authorities
+SSL_F_TLS_PARSE_CLIENTHELLO_TLSEXT:449:*
+SSL_F_TLS_PARSE_CTOS_ALPN:567:tls_parse_ctos_alpn
+SSL_F_TLS_PARSE_CTOS_COOKIE:614:tls_parse_ctos_cookie
+SSL_F_TLS_PARSE_CTOS_EARLY_DATA:568:tls_parse_ctos_early_data
+SSL_F_TLS_PARSE_CTOS_EC_PT_FORMATS:569:tls_parse_ctos_ec_pt_formats
+SSL_F_TLS_PARSE_CTOS_EMS:570:tls_parse_ctos_ems
+SSL_F_TLS_PARSE_CTOS_KEY_SHARE:463:tls_parse_ctos_key_share
+SSL_F_TLS_PARSE_CTOS_MAXFRAGMENTLEN:571:tls_parse_ctos_maxfragmentlen
+SSL_F_TLS_PARSE_CTOS_POST_HANDSHAKE_AUTH:620:tls_parse_ctos_post_handshake_auth
+SSL_F_TLS_PARSE_CTOS_PSK:505:tls_parse_ctos_psk
+SSL_F_TLS_PARSE_CTOS_PSK_KEX_MODES:572:tls_parse_ctos_psk_kex_modes
+SSL_F_TLS_PARSE_CTOS_RENEGOTIATE:464:tls_parse_ctos_renegotiate
+SSL_F_TLS_PARSE_CTOS_SERVER_NAME:573:tls_parse_ctos_server_name
+SSL_F_TLS_PARSE_CTOS_SESSION_TICKET:574:tls_parse_ctos_session_ticket
+SSL_F_TLS_PARSE_CTOS_SIG_ALGS:575:tls_parse_ctos_sig_algs
+SSL_F_TLS_PARSE_CTOS_SIG_ALGS_CERT:615:tls_parse_ctos_sig_algs_cert
+SSL_F_TLS_PARSE_CTOS_SRP:576:tls_parse_ctos_srp
+SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST:577:tls_parse_ctos_status_request
+SSL_F_TLS_PARSE_CTOS_SUPPORTED_GROUPS:578:tls_parse_ctos_supported_groups
+SSL_F_TLS_PARSE_CTOS_USE_SRTP:465:tls_parse_ctos_use_srtp
+SSL_F_TLS_PARSE_STOC_ALPN:579:tls_parse_stoc_alpn
+SSL_F_TLS_PARSE_STOC_COOKIE:534:tls_parse_stoc_cookie
+SSL_F_TLS_PARSE_STOC_EARLY_DATA:538:tls_parse_stoc_early_data
+SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO:528:*
+SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS:580:tls_parse_stoc_ec_pt_formats
+SSL_F_TLS_PARSE_STOC_KEY_SHARE:445:tls_parse_stoc_key_share
+SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN:581:tls_parse_stoc_maxfragmentlen
+SSL_F_TLS_PARSE_STOC_NPN:582:tls_parse_stoc_npn
+SSL_F_TLS_PARSE_STOC_PSK:502:tls_parse_stoc_psk
+SSL_F_TLS_PARSE_STOC_RENEGOTIATE:448:tls_parse_stoc_renegotiate
+SSL_F_TLS_PARSE_STOC_SCT:564:tls_parse_stoc_sct
+SSL_F_TLS_PARSE_STOC_SERVER_NAME:583:tls_parse_stoc_server_name
+SSL_F_TLS_PARSE_STOC_SESSION_TICKET:584:tls_parse_stoc_session_ticket
+SSL_F_TLS_PARSE_STOC_STATUS_REQUEST:585:tls_parse_stoc_status_request
+SSL_F_TLS_PARSE_STOC_SUPPORTED_VERSIONS:612:tls_parse_stoc_supported_versions
+SSL_F_TLS_PARSE_STOC_USE_SRTP:446:tls_parse_stoc_use_srtp
+SSL_F_TLS_POST_PROCESS_CLIENT_HELLO:378:tls_post_process_client_hello
+SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE:384:\
+	tls_post_process_client_key_exchange
+SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE:360:tls_prepare_client_certificate
+SSL_F_TLS_PROCESS_AS_HELLO_RETRY_REQUEST:610:tls_process_as_hello_retry_request
+SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST:361:tls_process_certificate_request
+SSL_F_TLS_PROCESS_CERT_STATUS:362:*
+SSL_F_TLS_PROCESS_CERT_STATUS_BODY:495:tls_process_cert_status_body
+SSL_F_TLS_PROCESS_CERT_VERIFY:379:tls_process_cert_verify
+SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC:363:tls_process_change_cipher_spec
+SSL_F_TLS_PROCESS_CKE_DHE:411:tls_process_cke_dhe
+SSL_F_TLS_PROCESS_CKE_ECDHE:412:tls_process_cke_ecdhe
+SSL_F_TLS_PROCESS_CKE_GOST:413:tls_process_cke_gost
+SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE:414:tls_process_cke_psk_preamble
+SSL_F_TLS_PROCESS_CKE_RSA:415:tls_process_cke_rsa
+SSL_F_TLS_PROCESS_CKE_SRP:416:tls_process_cke_srp
+SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE:380:tls_process_client_certificate
+SSL_F_TLS_PROCESS_CLIENT_HELLO:381:tls_process_client_hello
+SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE:382:tls_process_client_key_exchange
+SSL_F_TLS_PROCESS_ENCRYPTED_EXTENSIONS:444:tls_process_encrypted_extensions
+SSL_F_TLS_PROCESS_END_OF_EARLY_DATA:537:tls_process_end_of_early_data
+SSL_F_TLS_PROCESS_FINISHED:364:tls_process_finished
+SSL_F_TLS_PROCESS_HELLO_REQ:507:tls_process_hello_req
+SSL_F_TLS_PROCESS_HELLO_RETRY_REQUEST:511:tls_process_hello_retry_request
+SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT:442:tls_process_initial_server_flight
+SSL_F_TLS_PROCESS_KEY_EXCHANGE:365:tls_process_key_exchange
+SSL_F_TLS_PROCESS_KEY_UPDATE:518:tls_process_key_update
+SSL_F_TLS_PROCESS_NEW_SESSION_TICKET:366:tls_process_new_session_ticket
+SSL_F_TLS_PROCESS_NEXT_PROTO:383:tls_process_next_proto
+SSL_F_TLS_PROCESS_SERVER_CERTIFICATE:367:tls_process_server_certificate
+SSL_F_TLS_PROCESS_SERVER_DONE:368:tls_process_server_done
+SSL_F_TLS_PROCESS_SERVER_HELLO:369:tls_process_server_hello
+SSL_F_TLS_PROCESS_SKE_DHE:419:tls_process_ske_dhe
+SSL_F_TLS_PROCESS_SKE_ECDHE:420:tls_process_ske_ecdhe
+SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE:421:tls_process_ske_psk_preamble
+SSL_F_TLS_PROCESS_SKE_SRP:422:tls_process_ske_srp
+SSL_F_TLS_PSK_DO_BINDER:506:tls_psk_do_binder
+SSL_F_TLS_SCAN_CLIENTHELLO_TLSEXT:450:*
+SSL_F_TLS_SETUP_HANDSHAKE:508:tls_setup_handshake
+SSL_F_USE_CERTIFICATE_CHAIN_FILE:220:use_certificate_chain_file
+SSL_F_WPACKET_INTERN_INIT_LEN:633:wpacket_intern_init_len
+SSL_F_WPACKET_START_SUB_PACKET_LEN__:634:WPACKET_start_sub_packet_len__
+SSL_F_WRITE_STATE_MACHINE:586:write_state_machine
+TS_F_DEF_SERIAL_CB:110:def_serial_cb
+TS_F_DEF_TIME_CB:111:def_time_cb
+TS_F_ESS_ADD_SIGNING_CERT:112:ess_add_signing_cert
+TS_F_ESS_ADD_SIGNING_CERT_V2:147:ess_add_signing_cert_v2
+TS_F_ESS_CERT_ID_NEW_INIT:113:ess_CERT_ID_new_init
+TS_F_ESS_CERT_ID_V2_NEW_INIT:156:ess_cert_id_v2_new_init
+TS_F_ESS_SIGNING_CERT_NEW_INIT:114:ess_SIGNING_CERT_new_init
+TS_F_ESS_SIGNING_CERT_V2_NEW_INIT:157:ess_signing_cert_v2_new_init
+TS_F_INT_TS_RESP_VERIFY_TOKEN:149:int_ts_RESP_verify_token
+TS_F_PKCS7_TO_TS_TST_INFO:148:PKCS7_to_TS_TST_INFO
+TS_F_TS_ACCURACY_SET_MICROS:115:TS_ACCURACY_set_micros
+TS_F_TS_ACCURACY_SET_MILLIS:116:TS_ACCURACY_set_millis
+TS_F_TS_ACCURACY_SET_SECONDS:117:TS_ACCURACY_set_seconds
+TS_F_TS_CHECK_IMPRINTS:100:ts_check_imprints
+TS_F_TS_CHECK_NONCES:101:ts_check_nonces
+TS_F_TS_CHECK_POLICY:102:ts_check_policy
+TS_F_TS_CHECK_SIGNING_CERTS:103:ts_check_signing_certs
+TS_F_TS_CHECK_STATUS_INFO:104:ts_check_status_info
+TS_F_TS_COMPUTE_IMPRINT:145:ts_compute_imprint
+TS_F_TS_CONF_INVALID:151:ts_CONF_invalid
+TS_F_TS_CONF_LOAD_CERT:153:TS_CONF_load_cert
+TS_F_TS_CONF_LOAD_CERTS:154:TS_CONF_load_certs
+TS_F_TS_CONF_LOAD_KEY:155:TS_CONF_load_key
+TS_F_TS_CONF_LOOKUP_FAIL:152:ts_CONF_lookup_fail
+TS_F_TS_CONF_SET_DEFAULT_ENGINE:146:TS_CONF_set_default_engine
+TS_F_TS_GET_STATUS_TEXT:105:ts_get_status_text
+TS_F_TS_MSG_IMPRINT_SET_ALGO:118:TS_MSG_IMPRINT_set_algo
+TS_F_TS_REQ_SET_MSG_IMPRINT:119:TS_REQ_set_msg_imprint
+TS_F_TS_REQ_SET_NONCE:120:TS_REQ_set_nonce
+TS_F_TS_REQ_SET_POLICY_ID:121:TS_REQ_set_policy_id
+TS_F_TS_RESP_CREATE_RESPONSE:122:TS_RESP_create_response
+TS_F_TS_RESP_CREATE_TST_INFO:123:ts_RESP_create_tst_info
+TS_F_TS_RESP_CTX_ADD_FAILURE_INFO:124:TS_RESP_CTX_add_failure_info
+TS_F_TS_RESP_CTX_ADD_MD:125:TS_RESP_CTX_add_md
+TS_F_TS_RESP_CTX_ADD_POLICY:126:TS_RESP_CTX_add_policy
+TS_F_TS_RESP_CTX_NEW:127:TS_RESP_CTX_new
+TS_F_TS_RESP_CTX_SET_ACCURACY:128:TS_RESP_CTX_set_accuracy
+TS_F_TS_RESP_CTX_SET_CERTS:129:TS_RESP_CTX_set_certs
+TS_F_TS_RESP_CTX_SET_DEF_POLICY:130:TS_RESP_CTX_set_def_policy
+TS_F_TS_RESP_CTX_SET_SIGNER_CERT:131:TS_RESP_CTX_set_signer_cert
+TS_F_TS_RESP_CTX_SET_STATUS_INFO:132:TS_RESP_CTX_set_status_info
+TS_F_TS_RESP_GET_POLICY:133:ts_RESP_get_policy
+TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION:134:TS_RESP_set_genTime_with_precision
+TS_F_TS_RESP_SET_STATUS_INFO:135:TS_RESP_set_status_info
+TS_F_TS_RESP_SET_TST_INFO:150:TS_RESP_set_tst_info
+TS_F_TS_RESP_SIGN:136:ts_RESP_sign
+TS_F_TS_RESP_VERIFY_SIGNATURE:106:TS_RESP_verify_signature
+TS_F_TS_TST_INFO_SET_ACCURACY:137:TS_TST_INFO_set_accuracy
+TS_F_TS_TST_INFO_SET_MSG_IMPRINT:138:TS_TST_INFO_set_msg_imprint
+TS_F_TS_TST_INFO_SET_NONCE:139:TS_TST_INFO_set_nonce
+TS_F_TS_TST_INFO_SET_POLICY_ID:140:TS_TST_INFO_set_policy_id
+TS_F_TS_TST_INFO_SET_SERIAL:141:TS_TST_INFO_set_serial
+TS_F_TS_TST_INFO_SET_TIME:142:TS_TST_INFO_set_time
+TS_F_TS_TST_INFO_SET_TSA:143:TS_TST_INFO_set_tsa
+TS_F_TS_VERIFY:108:*
+TS_F_TS_VERIFY_CERT:109:ts_verify_cert
+TS_F_TS_VERIFY_CTX_NEW:144:TS_VERIFY_CTX_new
+UI_F_CLOSE_CONSOLE:115:close_console
+UI_F_ECHO_CONSOLE:116:echo_console
+UI_F_GENERAL_ALLOCATE_BOOLEAN:108:general_allocate_boolean
+UI_F_GENERAL_ALLOCATE_PROMPT:109:general_allocate_prompt
+UI_F_NOECHO_CONSOLE:117:noecho_console
+UI_F_OPEN_CONSOLE:114:open_console
+UI_F_UI_CONSTRUCT_PROMPT:121:UI_construct_prompt
+UI_F_UI_CREATE_METHOD:112:UI_create_method
+UI_F_UI_CTRL:111:UI_ctrl
+UI_F_UI_DUP_ERROR_STRING:101:UI_dup_error_string
+UI_F_UI_DUP_INFO_STRING:102:UI_dup_info_string
+UI_F_UI_DUP_INPUT_BOOLEAN:110:UI_dup_input_boolean
+UI_F_UI_DUP_INPUT_STRING:103:UI_dup_input_string
+UI_F_UI_DUP_USER_DATA:118:UI_dup_user_data
+UI_F_UI_DUP_VERIFY_STRING:106:UI_dup_verify_string
+UI_F_UI_GET0_RESULT:107:UI_get0_result
+UI_F_UI_GET_RESULT_LENGTH:119:UI_get_result_length
+UI_F_UI_NEW_METHOD:104:UI_new_method
+UI_F_UI_PROCESS:113:UI_process
+UI_F_UI_SET_RESULT:105:UI_set_result
+UI_F_UI_SET_RESULT_EX:120:UI_set_result_ex
+X509V3_F_A2I_GENERAL_NAME:164:a2i_GENERAL_NAME
+X509V3_F_ADDR_VALIDATE_PATH_INTERNAL:166:addr_validate_path_internal
+X509V3_F_ASIDENTIFIERCHOICE_CANONIZE:161:ASIdentifierChoice_canonize
+X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL:162:ASIdentifierChoice_is_canonical
+X509V3_F_BIGNUM_TO_STRING:167:bignum_to_string
+X509V3_F_COPY_EMAIL:122:copy_email
+X509V3_F_COPY_ISSUER:123:copy_issuer
+X509V3_F_DO_DIRNAME:144:do_dirname
+X509V3_F_DO_EXT_I2D:135:do_ext_i2d
+X509V3_F_DO_EXT_NCONF:151:do_ext_nconf
+X509V3_F_GNAMES_FROM_SECTNAME:156:gnames_from_sectname
+X509V3_F_I2S_ASN1_ENUMERATED:121:i2s_ASN1_ENUMERATED
+X509V3_F_I2S_ASN1_IA5STRING:149:i2s_ASN1_IA5STRING
+X509V3_F_I2S_ASN1_INTEGER:120:i2s_ASN1_INTEGER
+X509V3_F_I2V_AUTHORITY_INFO_ACCESS:138:i2v_AUTHORITY_INFO_ACCESS
+X509V3_F_LEVEL_ADD_NODE:168:level_add_node
+X509V3_F_NOTICE_SECTION:132:notice_section
+X509V3_F_NREF_NOS:133:nref_nos
+X509V3_F_POLICY_CACHE_CREATE:169:policy_cache_create
+X509V3_F_POLICY_CACHE_NEW:170:policy_cache_new
+X509V3_F_POLICY_DATA_NEW:171:policy_data_new
+X509V3_F_POLICY_SECTION:131:policy_section
+X509V3_F_PROCESS_PCI_VALUE:150:process_pci_value
+X509V3_F_R2I_CERTPOL:130:r2i_certpol
+X509V3_F_R2I_PCI:155:r2i_pci
+X509V3_F_S2I_ASN1_IA5STRING:100:s2i_ASN1_IA5STRING
+X509V3_F_S2I_ASN1_INTEGER:108:s2i_ASN1_INTEGER
+X509V3_F_S2I_ASN1_OCTET_STRING:112:s2i_ASN1_OCTET_STRING
+X509V3_F_S2I_SKEY_ID:115:s2i_skey_id
+X509V3_F_SET_DIST_POINT_NAME:158:set_dist_point_name
+X509V3_F_SXNET_ADD_ID_ASC:125:SXNET_add_id_asc
+X509V3_F_SXNET_ADD_ID_INTEGER:126:SXNET_add_id_INTEGER
+X509V3_F_SXNET_ADD_ID_ULONG:127:SXNET_add_id_ulong
+X509V3_F_SXNET_GET_ID_ASC:128:SXNET_get_id_asc
+X509V3_F_SXNET_GET_ID_ULONG:129:SXNET_get_id_ulong
+X509V3_F_TREE_INIT:172:tree_init
+X509V3_F_V2I_ASIDENTIFIERS:163:v2i_ASIdentifiers
+X509V3_F_V2I_ASN1_BIT_STRING:101:v2i_ASN1_BIT_STRING
+X509V3_F_V2I_AUTHORITY_INFO_ACCESS:139:v2i_AUTHORITY_INFO_ACCESS
+X509V3_F_V2I_AUTHORITY_KEYID:119:v2i_AUTHORITY_KEYID
+X509V3_F_V2I_BASIC_CONSTRAINTS:102:v2i_BASIC_CONSTRAINTS
+X509V3_F_V2I_CRLD:134:v2i_crld
+X509V3_F_V2I_EXTENDED_KEY_USAGE:103:v2i_EXTENDED_KEY_USAGE
+X509V3_F_V2I_GENERAL_NAMES:118:v2i_GENERAL_NAMES
+X509V3_F_V2I_GENERAL_NAME_EX:117:v2i_GENERAL_NAME_ex
+X509V3_F_V2I_IDP:157:v2i_idp
+X509V3_F_V2I_IPADDRBLOCKS:159:v2i_IPAddrBlocks
+X509V3_F_V2I_ISSUER_ALT:153:v2i_issuer_alt
+X509V3_F_V2I_NAME_CONSTRAINTS:147:v2i_NAME_CONSTRAINTS
+X509V3_F_V2I_POLICY_CONSTRAINTS:146:v2i_POLICY_CONSTRAINTS
+X509V3_F_V2I_POLICY_MAPPINGS:145:v2i_POLICY_MAPPINGS
+X509V3_F_V2I_SUBJECT_ALT:154:v2i_subject_alt
+X509V3_F_V2I_TLS_FEATURE:165:v2i_TLS_FEATURE
+X509V3_F_V3_GENERIC_EXTENSION:116:v3_generic_extension
+X509V3_F_X509V3_ADD1_I2D:140:X509V3_add1_i2d
+X509V3_F_X509V3_ADD_VALUE:105:X509V3_add_value
+X509V3_F_X509V3_EXT_ADD:104:X509V3_EXT_add
+X509V3_F_X509V3_EXT_ADD_ALIAS:106:X509V3_EXT_add_alias
+X509V3_F_X509V3_EXT_I2D:136:X509V3_EXT_i2d
+X509V3_F_X509V3_EXT_NCONF:152:X509V3_EXT_nconf
+X509V3_F_X509V3_GET_SECTION:142:X509V3_get_section
+X509V3_F_X509V3_GET_STRING:143:X509V3_get_string
+X509V3_F_X509V3_GET_VALUE_BOOL:110:X509V3_get_value_bool
+X509V3_F_X509V3_PARSE_LIST:109:X509V3_parse_list
+X509V3_F_X509_PURPOSE_ADD:137:X509_PURPOSE_add
+X509V3_F_X509_PURPOSE_SET:141:X509_PURPOSE_set
+X509_F_ADD_CERT_DIR:100:add_cert_dir
+X509_F_BUILD_CHAIN:106:build_chain
+X509_F_BY_FILE_CTRL:101:by_file_ctrl
+X509_F_CHECK_NAME_CONSTRAINTS:149:check_name_constraints
+X509_F_CHECK_POLICY:145:check_policy
+X509_F_DANE_I2D:107:dane_i2d
+X509_F_DIR_CTRL:102:dir_ctrl
+X509_F_GET_CERT_BY_SUBJECT:103:get_cert_by_subject
+X509_F_I2D_X509_AUX:151:i2d_X509_AUX
+X509_F_LOOKUP_CERTS_SK:152:lookup_certs_sk
+X509_F_NETSCAPE_SPKI_B64_DECODE:129:NETSCAPE_SPKI_b64_decode
+X509_F_NETSCAPE_SPKI_B64_ENCODE:130:NETSCAPE_SPKI_b64_encode
+X509_F_NEW_DIR:153:new_dir
+X509_F_X509AT_ADD1_ATTR:135:X509at_add1_attr
+X509_F_X509V3_ADD_EXT:104:X509v3_add_ext
+X509_F_X509_ATTRIBUTE_CREATE_BY_NID:136:X509_ATTRIBUTE_create_by_NID
+X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ:137:X509_ATTRIBUTE_create_by_OBJ
+X509_F_X509_ATTRIBUTE_CREATE_BY_TXT:140:X509_ATTRIBUTE_create_by_txt
+X509_F_X509_ATTRIBUTE_GET0_DATA:139:X509_ATTRIBUTE_get0_data
+X509_F_X509_ATTRIBUTE_SET1_DATA:138:X509_ATTRIBUTE_set1_data
+X509_F_X509_CHECK_PRIVATE_KEY:128:X509_check_private_key
+X509_F_X509_CRL_DIFF:105:X509_CRL_diff
+X509_F_X509_CRL_METHOD_NEW:154:X509_CRL_METHOD_new
+X509_F_X509_CRL_PRINT_FP:147:X509_CRL_print_fp
+X509_F_X509_EXTENSION_CREATE_BY_NID:108:X509_EXTENSION_create_by_NID
+X509_F_X509_EXTENSION_CREATE_BY_OBJ:109:X509_EXTENSION_create_by_OBJ
+X509_F_X509_GET_PUBKEY_PARAMETERS:110:X509_get_pubkey_parameters
+X509_F_X509_LOAD_CERT_CRL_FILE:132:X509_load_cert_crl_file
+X509_F_X509_LOAD_CERT_FILE:111:X509_load_cert_file
+X509_F_X509_LOAD_CRL_FILE:112:X509_load_crl_file
+X509_F_X509_LOOKUP_METH_NEW:160:X509_LOOKUP_meth_new
+X509_F_X509_LOOKUP_NEW:155:X509_LOOKUP_new
+X509_F_X509_NAME_ADD_ENTRY:113:X509_NAME_add_entry
+X509_F_X509_NAME_CANON:156:x509_name_canon
+X509_F_X509_NAME_ENTRY_CREATE_BY_NID:114:X509_NAME_ENTRY_create_by_NID
+X509_F_X509_NAME_ENTRY_CREATE_BY_TXT:131:X509_NAME_ENTRY_create_by_txt
+X509_F_X509_NAME_ENTRY_SET_OBJECT:115:X509_NAME_ENTRY_set_object
+X509_F_X509_NAME_ONELINE:116:X509_NAME_oneline
+X509_F_X509_NAME_PRINT:117:X509_NAME_print
+X509_F_X509_OBJECT_NEW:150:X509_OBJECT_new
+X509_F_X509_PRINT_EX_FP:118:X509_print_ex_fp
+X509_F_X509_PUBKEY_DECODE:148:x509_pubkey_decode
+X509_F_X509_PUBKEY_GET0:119:X509_PUBKEY_get0
+X509_F_X509_PUBKEY_SET:120:X509_PUBKEY_set
+X509_F_X509_REQ_CHECK_PRIVATE_KEY:144:X509_REQ_check_private_key
+X509_F_X509_REQ_PRINT_EX:121:X509_REQ_print_ex
+X509_F_X509_REQ_PRINT_FP:122:X509_REQ_print_fp
+X509_F_X509_REQ_TO_X509:123:X509_REQ_to_X509
+X509_F_X509_STORE_ADD_CERT:124:X509_STORE_add_cert
+X509_F_X509_STORE_ADD_CRL:125:X509_STORE_add_crl
+X509_F_X509_STORE_ADD_LOOKUP:157:X509_STORE_add_lookup
+X509_F_X509_STORE_CTX_GET1_ISSUER:146:X509_STORE_CTX_get1_issuer
+X509_F_X509_STORE_CTX_INIT:143:X509_STORE_CTX_init
+X509_F_X509_STORE_CTX_NEW:142:X509_STORE_CTX_new
+X509_F_X509_STORE_CTX_PURPOSE_INHERIT:134:X509_STORE_CTX_purpose_inherit
+X509_F_X509_STORE_NEW:158:X509_STORE_new
+X509_F_X509_TO_X509_REQ:126:X509_to_X509_REQ
+X509_F_X509_TRUST_ADD:133:X509_TRUST_add
+X509_F_X509_TRUST_SET:141:X509_TRUST_set
+X509_F_X509_VERIFY_CERT:127:X509_verify_cert
+X509_F_X509_VERIFY_PARAM_NEW:159:X509_VERIFY_PARAM_new
+
+#Reason codes
+ASN1_R_ADDING_OBJECT:171:adding object
+ASN1_R_ASN1_PARSE_ERROR:203:asn1 parse error
+ASN1_R_ASN1_SIG_PARSE_ERROR:204:asn1 sig parse error
+ASN1_R_AUX_ERROR:100:aux error
+ASN1_R_BAD_OBJECT_HEADER:102:bad object header
+ASN1_R_BMPSTRING_IS_WRONG_LENGTH:214:bmpstring is wrong length
+ASN1_R_BN_LIB:105:bn lib
+ASN1_R_BOOLEAN_IS_WRONG_LENGTH:106:boolean is wrong length
+ASN1_R_BUFFER_TOO_SMALL:107:buffer too small
+ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER:108:cipher has no object identifier
+ASN1_R_CONTEXT_NOT_INITIALISED:217:context not initialised
+ASN1_R_DATA_IS_WRONG:109:data is wrong
+ASN1_R_DECODE_ERROR:110:decode error
+ASN1_R_DEPTH_EXCEEDED:174:depth exceeded
+ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED:198:digest and key type not supported
+ASN1_R_ENCODE_ERROR:112:encode error
+ASN1_R_ERROR_GETTING_TIME:173:error getting time
+ASN1_R_ERROR_LOADING_SECTION:172:error loading section
+ASN1_R_ERROR_SETTING_CIPHER_PARAMS:114:error setting cipher params
+ASN1_R_EXPECTING_AN_INTEGER:115:expecting an integer
+ASN1_R_EXPECTING_AN_OBJECT:116:expecting an object
+ASN1_R_EXPLICIT_LENGTH_MISMATCH:119:explicit length mismatch
+ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED:120:explicit tag not constructed
+ASN1_R_FIELD_MISSING:121:field missing
+ASN1_R_FIRST_NUM_TOO_LARGE:122:first num too large
+ASN1_R_HEADER_TOO_LONG:123:header too long
+ASN1_R_ILLEGAL_BITSTRING_FORMAT:175:illegal bitstring format
+ASN1_R_ILLEGAL_BOOLEAN:176:illegal boolean
+ASN1_R_ILLEGAL_CHARACTERS:124:illegal characters
+ASN1_R_ILLEGAL_FORMAT:177:illegal format
+ASN1_R_ILLEGAL_HEX:178:illegal hex
+ASN1_R_ILLEGAL_IMPLICIT_TAG:179:illegal implicit tag
+ASN1_R_ILLEGAL_INTEGER:180:illegal integer
+ASN1_R_ILLEGAL_NEGATIVE_VALUE:226:illegal negative value
+ASN1_R_ILLEGAL_NESTED_TAGGING:181:illegal nested tagging
+ASN1_R_ILLEGAL_NULL:125:illegal null
+ASN1_R_ILLEGAL_NULL_VALUE:182:illegal null value
+ASN1_R_ILLEGAL_OBJECT:183:illegal object
+ASN1_R_ILLEGAL_OPTIONAL_ANY:126:illegal optional any
+ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE:170:illegal options on item template
+ASN1_R_ILLEGAL_PADDING:221:illegal padding
+ASN1_R_ILLEGAL_TAGGED_ANY:127:illegal tagged any
+ASN1_R_ILLEGAL_TIME_VALUE:184:illegal time value
+ASN1_R_ILLEGAL_ZERO_CONTENT:222:illegal zero content
+ASN1_R_INTEGER_NOT_ASCII_FORMAT:185:integer not ascii format
+ASN1_R_INTEGER_TOO_LARGE_FOR_LONG:128:integer too large for long
+ASN1_R_INVALID_BIT_STRING_BITS_LEFT:220:invalid bit string bits left
+ASN1_R_INVALID_BMPSTRING_LENGTH:129:invalid bmpstring length
+ASN1_R_INVALID_DIGIT:130:invalid digit
+ASN1_R_INVALID_MIME_TYPE:205:invalid mime type
+ASN1_R_INVALID_MODIFIER:186:invalid modifier
+ASN1_R_INVALID_NUMBER:187:invalid number
+ASN1_R_INVALID_OBJECT_ENCODING:216:invalid object encoding
+ASN1_R_INVALID_SCRYPT_PARAMETERS:227:invalid scrypt parameters
+ASN1_R_INVALID_SEPARATOR:131:invalid separator
+ASN1_R_INVALID_STRING_TABLE_VALUE:218:invalid string table value
+ASN1_R_INVALID_UNIVERSALSTRING_LENGTH:133:invalid universalstring length
+ASN1_R_INVALID_UTF8STRING:134:invalid utf8string
+ASN1_R_INVALID_VALUE:219:invalid value
+ASN1_R_LIST_ERROR:188:list error
+ASN1_R_MIME_NO_CONTENT_TYPE:206:mime no content type
+ASN1_R_MIME_PARSE_ERROR:207:mime parse error
+ASN1_R_MIME_SIG_PARSE_ERROR:208:mime sig parse error
+ASN1_R_MISSING_EOC:137:missing eoc
+ASN1_R_MISSING_SECOND_NUMBER:138:missing second number
+ASN1_R_MISSING_VALUE:189:missing value
+ASN1_R_MSTRING_NOT_UNIVERSAL:139:mstring not universal
+ASN1_R_MSTRING_WRONG_TAG:140:mstring wrong tag
+ASN1_R_NESTED_ASN1_STRING:197:nested asn1 string
+ASN1_R_NESTED_TOO_DEEP:201:nested too deep
+ASN1_R_NON_HEX_CHARACTERS:141:non hex characters
+ASN1_R_NOT_ASCII_FORMAT:190:not ascii format
+ASN1_R_NOT_ENOUGH_DATA:142:not enough data
+ASN1_R_NO_CONTENT_TYPE:209:no content type
+ASN1_R_NO_MATCHING_CHOICE_TYPE:143:no matching choice type
+ASN1_R_NO_MULTIPART_BODY_FAILURE:210:no multipart body failure
+ASN1_R_NO_MULTIPART_BOUNDARY:211:no multipart boundary
+ASN1_R_NO_SIG_CONTENT_TYPE:212:no sig content type
+ASN1_R_NULL_IS_WRONG_LENGTH:144:null is wrong length
+ASN1_R_OBJECT_NOT_ASCII_FORMAT:191:object not ascii format
+ASN1_R_ODD_NUMBER_OF_CHARS:145:odd number of chars
+ASN1_R_SECOND_NUMBER_TOO_LARGE:147:second number too large
+ASN1_R_SEQUENCE_LENGTH_MISMATCH:148:sequence length mismatch
+ASN1_R_SEQUENCE_NOT_CONSTRUCTED:149:sequence not constructed
+ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG:192:sequence or set needs config
+ASN1_R_SHORT_LINE:150:short line
+ASN1_R_SIG_INVALID_MIME_TYPE:213:sig invalid mime type
+ASN1_R_STREAMING_NOT_SUPPORTED:202:streaming not supported
+ASN1_R_STRING_TOO_LONG:151:string too long
+ASN1_R_STRING_TOO_SHORT:152:string too short
+ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD:154:\
+	the asn1 object identifier is not known for this md
+ASN1_R_TIME_NOT_ASCII_FORMAT:193:time not ascii format
+ASN1_R_TOO_LARGE:223:too large
+ASN1_R_TOO_LONG:155:too long
+ASN1_R_TOO_SMALL:224:too small
+ASN1_R_TYPE_NOT_CONSTRUCTED:156:type not constructed
+ASN1_R_TYPE_NOT_PRIMITIVE:195:type not primitive
+ASN1_R_UNEXPECTED_EOC:159:unexpected eoc
+ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH:215:universalstring is wrong length
+ASN1_R_UNKNOWN_FORMAT:160:unknown format
+ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM:161:unknown message digest algorithm
+ASN1_R_UNKNOWN_OBJECT_TYPE:162:unknown object type
+ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE:163:unknown public key type
+ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM:199:unknown signature algorithm
+ASN1_R_UNKNOWN_TAG:194:unknown tag
+ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE:164:unsupported any defined by type
+ASN1_R_UNSUPPORTED_CIPHER:228:unsupported cipher
+ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE:167:unsupported public key type
+ASN1_R_UNSUPPORTED_TYPE:196:unsupported type
+ASN1_R_WRONG_INTEGER_TYPE:225:wrong integer type
+ASN1_R_WRONG_PUBLIC_KEY_TYPE:200:wrong public key type
+ASN1_R_WRONG_TAG:168:wrong tag
+ASYNC_R_FAILED_TO_SET_POOL:101:failed to set pool
+ASYNC_R_FAILED_TO_SWAP_CONTEXT:102:failed to swap context
+ASYNC_R_INIT_FAILED:105:init failed
+ASYNC_R_INVALID_POOL_SIZE:103:invalid pool size
+BIO_R_ACCEPT_ERROR:100:accept error
+BIO_R_ADDRINFO_ADDR_IS_NOT_AF_INET:141:addrinfo addr is not af inet
+BIO_R_AMBIGUOUS_HOST_OR_SERVICE:129:ambiguous host or service
+BIO_R_BAD_FOPEN_MODE:101:bad fopen mode
+BIO_R_BROKEN_PIPE:124:broken pipe
+BIO_R_CONNECT_ERROR:103:connect error
+BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET:107:gethostbyname addr is not af inet
+BIO_R_GETSOCKNAME_ERROR:132:getsockname error
+BIO_R_GETSOCKNAME_TRUNCATED_ADDRESS:133:getsockname truncated address
+BIO_R_GETTING_SOCKTYPE:134:getting socktype
+BIO_R_INVALID_ARGUMENT:125:invalid argument
+BIO_R_INVALID_SOCKET:135:invalid socket
+BIO_R_IN_USE:123:in use
+BIO_R_LENGTH_TOO_LONG:102:length too long
+BIO_R_LISTEN_V6_ONLY:136:listen v6 only
+BIO_R_LOOKUP_RETURNED_NOTHING:142:lookup returned nothing
+BIO_R_MALFORMED_HOST_OR_SERVICE:130:malformed host or service
+BIO_R_NBIO_CONNECT_ERROR:110:nbio connect error
+BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED:143:\
+	no accept addr or service specified
+BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED:144:no hostname or service specified
+BIO_R_NO_PORT_DEFINED:113:no port defined
+BIO_R_NO_SUCH_FILE:128:no such file
+BIO_R_NULL_PARAMETER:115:null parameter
+BIO_R_UNABLE_TO_BIND_SOCKET:117:unable to bind socket
+BIO_R_UNABLE_TO_CREATE_SOCKET:118:unable to create socket
+BIO_R_UNABLE_TO_KEEPALIVE:137:unable to keepalive
+BIO_R_UNABLE_TO_LISTEN_SOCKET:119:unable to listen socket
+BIO_R_UNABLE_TO_NODELAY:138:unable to nodelay
+BIO_R_UNABLE_TO_REUSEADDR:139:unable to reuseaddr
+BIO_R_UNAVAILABLE_IP_FAMILY:145:unavailable ip family
+BIO_R_UNINITIALIZED:120:uninitialized
+BIO_R_UNKNOWN_INFO_TYPE:140:unknown info type
+BIO_R_UNSUPPORTED_IP_FAMILY:146:unsupported ip family
+BIO_R_UNSUPPORTED_METHOD:121:unsupported method
+BIO_R_UNSUPPORTED_PROTOCOL_FAMILY:131:unsupported protocol family
+BIO_R_WRITE_TO_READ_ONLY_BIO:126:write to read only BIO
+BIO_R_WSASTARTUP:122:WSAStartup
+BN_R_ARG2_LT_ARG3:100:arg2 lt arg3
+BN_R_BAD_RECIPROCAL:101:bad reciprocal
+BN_R_BIGNUM_TOO_LONG:114:bignum too long
+BN_R_BITS_TOO_SMALL:118:bits too small
+BN_R_CALLED_WITH_EVEN_MODULUS:102:called with even modulus
+BN_R_DIV_BY_ZERO:103:div by zero
+BN_R_ENCODING_ERROR:104:encoding error
+BN_R_EXPAND_ON_STATIC_BIGNUM_DATA:105:expand on static bignum data
+BN_R_INPUT_NOT_REDUCED:110:input not reduced
+BN_R_INVALID_LENGTH:106:invalid length
+BN_R_INVALID_RANGE:115:invalid range
+BN_R_INVALID_SHIFT:119:invalid shift
+BN_R_NOT_A_SQUARE:111:not a square
+BN_R_NOT_INITIALIZED:107:not initialized
+BN_R_NO_INVERSE:108:no inverse
+BN_R_NO_SOLUTION:116:no solution
+BN_R_PRIVATE_KEY_TOO_LARGE:117:private key too large
+BN_R_P_IS_NOT_PRIME:112:p is not prime
+BN_R_TOO_MANY_ITERATIONS:113:too many iterations
+BN_R_TOO_MANY_TEMPORARY_VARIABLES:109:too many temporary variables
+CMS_R_ADD_SIGNER_ERROR:99:add signer error
+CMS_R_CERTIFICATE_ALREADY_PRESENT:175:certificate already present
+CMS_R_CERTIFICATE_HAS_NO_KEYID:160:certificate has no keyid
+CMS_R_CERTIFICATE_VERIFY_ERROR:100:certificate verify error
+CMS_R_CIPHER_INITIALISATION_ERROR:101:cipher initialisation error
+CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR:102:\
+	cipher parameter initialisation error
+CMS_R_CMS_DATAFINAL_ERROR:103:cms datafinal error
+CMS_R_CMS_LIB:104:cms lib
+CMS_R_CONTENTIDENTIFIER_MISMATCH:170:contentidentifier mismatch
+CMS_R_CONTENT_NOT_FOUND:105:content not found
+CMS_R_CONTENT_TYPE_MISMATCH:171:content type mismatch
+CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA:106:content type not compressed data
+CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA:107:content type not enveloped data
+CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA:108:content type not signed data
+CMS_R_CONTENT_VERIFY_ERROR:109:content verify error
+CMS_R_CTRL_ERROR:110:ctrl error
+CMS_R_CTRL_FAILURE:111:ctrl failure
+CMS_R_DECRYPT_ERROR:112:decrypt error
+CMS_R_ERROR_GETTING_PUBLIC_KEY:113:error getting public key
+CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE:114:\
+	error reading messagedigest attribute
+CMS_R_ERROR_SETTING_KEY:115:error setting key
+CMS_R_ERROR_SETTING_RECIPIENTINFO:116:error setting recipientinfo
+CMS_R_INVALID_ENCRYPTED_KEY_LENGTH:117:invalid encrypted key length
+CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER:176:invalid key encryption parameter
+CMS_R_INVALID_KEY_LENGTH:118:invalid key length
+CMS_R_MD_BIO_INIT_ERROR:119:md bio init error
+CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH:120:\
+	messagedigest attribute wrong length
+CMS_R_MESSAGEDIGEST_WRONG_LENGTH:121:messagedigest wrong length
+CMS_R_MSGSIGDIGEST_ERROR:172:msgsigdigest error
+CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE:162:msgsigdigest verification failure
+CMS_R_MSGSIGDIGEST_WRONG_LENGTH:163:msgsigdigest wrong length
+CMS_R_NEED_ONE_SIGNER:164:need one signer
+CMS_R_NOT_A_SIGNED_RECEIPT:165:not a signed receipt
+CMS_R_NOT_ENCRYPTED_DATA:122:not encrypted data
+CMS_R_NOT_KEK:123:not kek
+CMS_R_NOT_KEY_AGREEMENT:181:not key agreement
+CMS_R_NOT_KEY_TRANSPORT:124:not key transport
+CMS_R_NOT_PWRI:177:not pwri
+CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE:125:not supported for this key type
+CMS_R_NO_CIPHER:126:no cipher
+CMS_R_NO_CONTENT:127:no content
+CMS_R_NO_CONTENT_TYPE:173:no content type
+CMS_R_NO_DEFAULT_DIGEST:128:no default digest
+CMS_R_NO_DIGEST_SET:129:no digest set
+CMS_R_NO_KEY:130:no key
+CMS_R_NO_KEY_OR_CERT:174:no key or cert
+CMS_R_NO_MATCHING_DIGEST:131:no matching digest
+CMS_R_NO_MATCHING_RECIPIENT:132:no matching recipient
+CMS_R_NO_MATCHING_SIGNATURE:166:no matching signature
+CMS_R_NO_MSGSIGDIGEST:167:no msgsigdigest
+CMS_R_NO_PASSWORD:178:no password
+CMS_R_NO_PRIVATE_KEY:133:no private key
+CMS_R_NO_PUBLIC_KEY:134:no public key
+CMS_R_NO_RECEIPT_REQUEST:168:no receipt request
+CMS_R_NO_SIGNERS:135:no signers
+CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE:136:\
+	private key does not match certificate
+CMS_R_RECEIPT_DECODE_ERROR:169:receipt decode error
+CMS_R_RECIPIENT_ERROR:137:recipient error
+CMS_R_SIGNER_CERTIFICATE_NOT_FOUND:138:signer certificate not found
+CMS_R_SIGNFINAL_ERROR:139:signfinal error
+CMS_R_SMIME_TEXT_ERROR:140:smime text error
+CMS_R_STORE_INIT_ERROR:141:store init error
+CMS_R_TYPE_NOT_COMPRESSED_DATA:142:type not compressed data
+CMS_R_TYPE_NOT_DATA:143:type not data
+CMS_R_TYPE_NOT_DIGESTED_DATA:144:type not digested data
+CMS_R_TYPE_NOT_ENCRYPTED_DATA:145:type not encrypted data
+CMS_R_TYPE_NOT_ENVELOPED_DATA:146:type not enveloped data
+CMS_R_UNABLE_TO_FINALIZE_CONTEXT:147:unable to finalize context
+CMS_R_UNKNOWN_CIPHER:148:unknown cipher
+CMS_R_UNKNOWN_DIGEST_ALGORITHM:149:unknown digest algorithm
+CMS_R_UNKNOWN_ID:150:unknown id
+CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM:151:unsupported compression algorithm
+CMS_R_UNSUPPORTED_CONTENT_TYPE:152:unsupported content type
+CMS_R_UNSUPPORTED_KEK_ALGORITHM:153:unsupported kek algorithm
+CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM:179:\
+	unsupported key encryption algorithm
+CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE:155:unsupported recipientinfo type
+CMS_R_UNSUPPORTED_RECIPIENT_TYPE:154:unsupported recipient type
+CMS_R_UNSUPPORTED_TYPE:156:unsupported type
+CMS_R_UNWRAP_ERROR:157:unwrap error
+CMS_R_UNWRAP_FAILURE:180:unwrap failure
+CMS_R_VERIFICATION_FAILURE:158:verification failure
+CMS_R_WRAP_ERROR:159:wrap error
+COMP_R_ZLIB_DEFLATE_ERROR:99:zlib deflate error
+COMP_R_ZLIB_INFLATE_ERROR:100:zlib inflate error
+COMP_R_ZLIB_NOT_SUPPORTED:101:zlib not supported
+CONF_R_ERROR_LOADING_DSO:110:error loading dso
+CONF_R_LIST_CANNOT_BE_NULL:115:list cannot be null
+CONF_R_MISSING_CLOSE_SQUARE_BRACKET:100:missing close square bracket
+CONF_R_MISSING_EQUAL_SIGN:101:missing equal sign
+CONF_R_MISSING_INIT_FUNCTION:112:missing init function
+CONF_R_MODULE_INITIALIZATION_ERROR:109:module initialization error
+CONF_R_NO_CLOSE_BRACE:102:no close brace
+CONF_R_NO_CONF:105:no conf
+CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE:106:no conf or environment variable
+CONF_R_NO_SECTION:107:no section
+CONF_R_NO_SUCH_FILE:114:no such file
+CONF_R_NO_VALUE:108:no value
+CONF_R_NUMBER_TOO_LARGE:121:number too large
+CONF_R_RECURSIVE_DIRECTORY_INCLUDE:111:recursive directory include
+CONF_R_SSL_COMMAND_SECTION_EMPTY:117:ssl command section empty
+CONF_R_SSL_COMMAND_SECTION_NOT_FOUND:118:ssl command section not found
+CONF_R_SSL_SECTION_EMPTY:119:ssl section empty
+CONF_R_SSL_SECTION_NOT_FOUND:120:ssl section not found
+CONF_R_UNABLE_TO_CREATE_NEW_SECTION:103:unable to create new section
+CONF_R_UNKNOWN_MODULE_NAME:113:unknown module name
+CONF_R_VARIABLE_EXPANSION_TOO_LONG:116:variable expansion too long
+CONF_R_VARIABLE_HAS_NO_VALUE:104:variable has no value
+CRYPTO_R_FIPS_MODE_NOT_SUPPORTED:101:fips mode not supported
+CRYPTO_R_ILLEGAL_HEX_DIGIT:102:illegal hex digit
+CRYPTO_R_ODD_NUMBER_OF_DIGITS:103:odd number of digits
+CT_R_BASE64_DECODE_ERROR:108:base64 decode error
+CT_R_INVALID_LOG_ID_LENGTH:100:invalid log id length
+CT_R_LOG_CONF_INVALID:109:log conf invalid
+CT_R_LOG_CONF_INVALID_KEY:110:log conf invalid key
+CT_R_LOG_CONF_MISSING_DESCRIPTION:111:log conf missing description
+CT_R_LOG_CONF_MISSING_KEY:112:log conf missing key
+CT_R_LOG_KEY_INVALID:113:log key invalid
+CT_R_SCT_FUTURE_TIMESTAMP:116:sct future timestamp
+CT_R_SCT_INVALID:104:sct invalid
+CT_R_SCT_INVALID_SIGNATURE:107:sct invalid signature
+CT_R_SCT_LIST_INVALID:105:sct list invalid
+CT_R_SCT_LOG_ID_MISMATCH:114:sct log id mismatch
+CT_R_SCT_NOT_SET:106:sct not set
+CT_R_SCT_UNSUPPORTED_VERSION:115:sct unsupported version
+CT_R_UNRECOGNIZED_SIGNATURE_NID:101:unrecognized signature nid
+CT_R_UNSUPPORTED_ENTRY_TYPE:102:unsupported entry type
+CT_R_UNSUPPORTED_VERSION:103:unsupported version
+DH_R_BAD_GENERATOR:101:bad generator
+DH_R_BN_DECODE_ERROR:109:bn decode error
+DH_R_BN_ERROR:106:bn error
+DH_R_CHECK_INVALID_J_VALUE:115:check invalid j value
+DH_R_CHECK_INVALID_Q_VALUE:116:check invalid q value
+DH_R_CHECK_PUBKEY_INVALID:122:check pubkey invalid
+DH_R_CHECK_PUBKEY_TOO_LARGE:123:check pubkey too large
+DH_R_CHECK_PUBKEY_TOO_SMALL:124:check pubkey too small
+DH_R_CHECK_P_NOT_PRIME:117:check p not prime
+DH_R_CHECK_P_NOT_SAFE_PRIME:118:check p not safe prime
+DH_R_CHECK_Q_NOT_PRIME:119:check q not prime
+DH_R_DECODE_ERROR:104:decode error
+DH_R_INVALID_PARAMETER_NAME:110:invalid parameter name
+DH_R_INVALID_PARAMETER_NID:114:invalid parameter nid
+DH_R_INVALID_PUBKEY:102:invalid public key
+DH_R_KDF_PARAMETER_ERROR:112:kdf parameter error
+DH_R_KEYS_NOT_SET:108:keys not set
+DH_R_MISSING_PUBKEY:125:missing pubkey
+DH_R_MODULUS_TOO_LARGE:103:modulus too large
+DH_R_NOT_SUITABLE_GENERATOR:120:not suitable generator
+DH_R_NO_PARAMETERS_SET:107:no parameters set
+DH_R_NO_PRIVATE_VALUE:100:no private value
+DH_R_PARAMETER_ENCODING_ERROR:105:parameter encoding error
+DH_R_PEER_KEY_ERROR:111:peer key error
+DH_R_SHARED_INFO_ERROR:113:shared info error
+DH_R_UNABLE_TO_CHECK_GENERATOR:121:unable to check generator
+DSA_R_BAD_Q_VALUE:102:bad q value
+DSA_R_BN_DECODE_ERROR:108:bn decode error
+DSA_R_BN_ERROR:109:bn error
+DSA_R_DECODE_ERROR:104:decode error
+DSA_R_INVALID_DIGEST_TYPE:106:invalid digest type
+DSA_R_INVALID_PARAMETERS:112:invalid parameters
+DSA_R_MISSING_PARAMETERS:101:missing parameters
+DSA_R_MODULUS_TOO_LARGE:103:modulus too large
+DSA_R_NO_PARAMETERS_SET:107:no parameters set
+DSA_R_PARAMETER_ENCODING_ERROR:105:parameter encoding error
+DSA_R_Q_NOT_PRIME:113:q not prime
+DSA_R_SEED_LEN_SMALL:110:seed_len is less than the length of q
+DSO_R_CTRL_FAILED:100:control command failed
+DSO_R_DSO_ALREADY_LOADED:110:dso already loaded
+DSO_R_EMPTY_FILE_STRUCTURE:113:empty file structure
+DSO_R_FAILURE:114:failure
+DSO_R_FILENAME_TOO_BIG:101:filename too big
+DSO_R_FINISH_FAILED:102:cleanup method function failed
+DSO_R_INCORRECT_FILE_SYNTAX:115:incorrect file syntax
+DSO_R_LOAD_FAILED:103:could not load the shared library
+DSO_R_NAME_TRANSLATION_FAILED:109:name translation failed
+DSO_R_NO_FILENAME:111:no filename
+DSO_R_NULL_HANDLE:104:a null shared library handle was used
+DSO_R_SET_FILENAME_FAILED:112:set filename failed
+DSO_R_STACK_ERROR:105:the meth_data stack is corrupt
+DSO_R_SYM_FAILURE:106:could not bind to the requested symbol name
+DSO_R_UNLOAD_FAILED:107:could not unload the shared library
+DSO_R_UNSUPPORTED:108:functionality not supported
+EC_R_ASN1_ERROR:115:asn1 error
+EC_R_BAD_SIGNATURE:156:bad signature
+EC_R_BIGNUM_OUT_OF_RANGE:144:bignum out of range
+EC_R_BUFFER_TOO_SMALL:100:buffer too small
+EC_R_CANNOT_INVERT:165:cannot invert
+EC_R_COORDINATES_OUT_OF_RANGE:146:coordinates out of range
+EC_R_CURVE_DOES_NOT_SUPPORT_ECDH:160:curve does not support ecdh
+EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING:159:curve does not support signing
+EC_R_D2I_ECPKPARAMETERS_FAILURE:117:d2i ecpkparameters failure
+EC_R_DECODE_ERROR:142:decode error
+EC_R_DISCRIMINANT_IS_ZERO:118:discriminant is zero
+EC_R_EC_GROUP_NEW_BY_NAME_FAILURE:119:ec group new by name failure
+EC_R_FIELD_TOO_LARGE:143:field too large
+EC_R_GF2M_NOT_SUPPORTED:147:gf2m not supported
+EC_R_GROUP2PKPARAMETERS_FAILURE:120:group2pkparameters failure
+EC_R_I2D_ECPKPARAMETERS_FAILURE:121:i2d ecpkparameters failure
+EC_R_INCOMPATIBLE_OBJECTS:101:incompatible objects
+EC_R_INVALID_ARGUMENT:112:invalid argument
+EC_R_INVALID_COMPRESSED_POINT:110:invalid compressed point
+EC_R_INVALID_COMPRESSION_BIT:109:invalid compression bit
+EC_R_INVALID_CURVE:141:invalid curve
+EC_R_INVALID_DIGEST:151:invalid digest
+EC_R_INVALID_DIGEST_TYPE:138:invalid digest type
+EC_R_INVALID_ENCODING:102:invalid encoding
+EC_R_INVALID_FIELD:103:invalid field
+EC_R_INVALID_FORM:104:invalid form
+EC_R_INVALID_GROUP_ORDER:122:invalid group order
+EC_R_INVALID_KEY:116:invalid key
+EC_R_INVALID_OUTPUT_LENGTH:161:invalid output length
+EC_R_INVALID_PEER_KEY:133:invalid peer key
+EC_R_INVALID_PENTANOMIAL_BASIS:132:invalid pentanomial basis
+EC_R_INVALID_PRIVATE_KEY:123:invalid private key
+EC_R_INVALID_TRINOMIAL_BASIS:137:invalid trinomial basis
+EC_R_KDF_PARAMETER_ERROR:148:kdf parameter error
+EC_R_KEYS_NOT_SET:140:keys not set
+EC_R_LADDER_POST_FAILURE:136:ladder post failure
+EC_R_LADDER_PRE_FAILURE:153:ladder pre failure
+EC_R_LADDER_STEP_FAILURE:162:ladder step failure
+EC_R_MISSING_PARAMETERS:124:missing parameters
+EC_R_MISSING_PRIVATE_KEY:125:missing private key
+EC_R_NEED_NEW_SETUP_VALUES:157:need new setup values
+EC_R_NOT_A_NIST_PRIME:135:not a NIST prime
+EC_R_NOT_IMPLEMENTED:126:not implemented
+EC_R_NOT_INITIALIZED:111:not initialized
+EC_R_NO_PARAMETERS_SET:139:no parameters set
+EC_R_NO_PRIVATE_VALUE:154:no private value
+EC_R_OPERATION_NOT_SUPPORTED:152:operation not supported
+EC_R_PASSED_NULL_PARAMETER:134:passed null parameter
+EC_R_PEER_KEY_ERROR:149:peer key error
+EC_R_PKPARAMETERS2GROUP_FAILURE:127:pkparameters2group failure
+EC_R_POINT_ARITHMETIC_FAILURE:155:point arithmetic failure
+EC_R_POINT_AT_INFINITY:106:point at infinity
+EC_R_POINT_COORDINATES_BLIND_FAILURE:163:point coordinates blind failure
+EC_R_POINT_IS_NOT_ON_CURVE:107:point is not on curve
+EC_R_RANDOM_NUMBER_GENERATION_FAILED:158:random number generation failed
+EC_R_SHARED_INFO_ERROR:150:shared info error
+EC_R_SLOT_FULL:108:slot full
+EC_R_UNDEFINED_GENERATOR:113:undefined generator
+EC_R_UNDEFINED_ORDER:128:undefined order
+EC_R_UNKNOWN_COFACTOR:164:unknown cofactor
+EC_R_UNKNOWN_GROUP:129:unknown group
+EC_R_UNKNOWN_ORDER:114:unknown order
+EC_R_UNSUPPORTED_FIELD:131:unsupported field
+EC_R_WRONG_CURVE_PARAMETERS:145:wrong curve parameters
+EC_R_WRONG_ORDER:130:wrong order
+ENGINE_R_ALREADY_LOADED:100:already loaded
+ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER:133:argument is not a number
+ENGINE_R_CMD_NOT_EXECUTABLE:134:cmd not executable
+ENGINE_R_COMMAND_TAKES_INPUT:135:command takes input
+ENGINE_R_COMMAND_TAKES_NO_INPUT:136:command takes no input
+ENGINE_R_CONFLICTING_ENGINE_ID:103:conflicting engine id
+ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED:119:ctrl command not implemented
+ENGINE_R_DSO_FAILURE:104:DSO failure
+ENGINE_R_DSO_NOT_FOUND:132:dso not found
+ENGINE_R_ENGINES_SECTION_ERROR:148:engines section error
+ENGINE_R_ENGINE_CONFIGURATION_ERROR:102:engine configuration error
+ENGINE_R_ENGINE_IS_NOT_IN_LIST:105:engine is not in the list
+ENGINE_R_ENGINE_SECTION_ERROR:149:engine section error
+ENGINE_R_FAILED_LOADING_PRIVATE_KEY:128:failed loading private key
+ENGINE_R_FAILED_LOADING_PUBLIC_KEY:129:failed loading public key
+ENGINE_R_FINISH_FAILED:106:finish failed
+ENGINE_R_ID_OR_NAME_MISSING:108:'id' or 'name' missing
+ENGINE_R_INIT_FAILED:109:init failed
+ENGINE_R_INTERNAL_LIST_ERROR:110:internal list error
+ENGINE_R_INVALID_ARGUMENT:143:invalid argument
+ENGINE_R_INVALID_CMD_NAME:137:invalid cmd name
+ENGINE_R_INVALID_CMD_NUMBER:138:invalid cmd number
+ENGINE_R_INVALID_INIT_VALUE:151:invalid init value
+ENGINE_R_INVALID_STRING:150:invalid string
+ENGINE_R_NOT_INITIALISED:117:not initialised
+ENGINE_R_NOT_LOADED:112:not loaded
+ENGINE_R_NO_CONTROL_FUNCTION:120:no control function
+ENGINE_R_NO_INDEX:144:no index
+ENGINE_R_NO_LOAD_FUNCTION:125:no load function
+ENGINE_R_NO_REFERENCE:130:no reference
+ENGINE_R_NO_SUCH_ENGINE:116:no such engine
+ENGINE_R_UNIMPLEMENTED_CIPHER:146:unimplemented cipher
+ENGINE_R_UNIMPLEMENTED_DIGEST:147:unimplemented digest
+ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD:101:unimplemented public key method
+ENGINE_R_VERSION_INCOMPATIBILITY:145:version incompatibility
+EVP_R_AES_KEY_SETUP_FAILED:143:aes key setup failed
+EVP_R_ARIA_KEY_SETUP_FAILED:176:aria key setup failed
+EVP_R_BAD_DECRYPT:100:bad decrypt
+EVP_R_BUFFER_TOO_SMALL:155:buffer too small
+EVP_R_CAMELLIA_KEY_SETUP_FAILED:157:camellia key setup failed
+EVP_R_CIPHER_PARAMETER_ERROR:122:cipher parameter error
+EVP_R_COMMAND_NOT_SUPPORTED:147:command not supported
+EVP_R_COPY_ERROR:173:copy error
+EVP_R_CTRL_NOT_IMPLEMENTED:132:ctrl not implemented
+EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED:133:ctrl operation not implemented
+EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH:138:data not multiple of block length
+EVP_R_DECODE_ERROR:114:decode error
+EVP_R_DIFFERENT_KEY_TYPES:101:different key types
+EVP_R_DIFFERENT_PARAMETERS:153:different parameters
+EVP_R_ERROR_LOADING_SECTION:165:error loading section
+EVP_R_ERROR_SETTING_FIPS_MODE:166:error setting fips mode
+EVP_R_EXPECTING_AN_HMAC_KEY:174:expecting an hmac key
+EVP_R_EXPECTING_AN_RSA_KEY:127:expecting an rsa key
+EVP_R_EXPECTING_A_DH_KEY:128:expecting a dh key
+EVP_R_EXPECTING_A_DSA_KEY:129:expecting a dsa key
+EVP_R_EXPECTING_A_EC_KEY:142:expecting a ec key
+EVP_R_EXPECTING_A_POLY1305_KEY:164:expecting a poly1305 key
+EVP_R_EXPECTING_A_SIPHASH_KEY:175:expecting a siphash key
+EVP_R_FIPS_MODE_NOT_SUPPORTED:167:fips mode not supported
+EVP_R_GET_RAW_KEY_FAILED:182:get raw key failed
+EVP_R_ILLEGAL_SCRYPT_PARAMETERS:171:illegal scrypt parameters
+EVP_R_INITIALIZATION_ERROR:134:initialization error
+EVP_R_INPUT_NOT_INITIALIZED:111:input not initialized
+EVP_R_INVALID_DIGEST:152:invalid digest
+EVP_R_INVALID_FIPS_MODE:168:invalid fips mode
+EVP_R_INVALID_KEY:163:invalid key
+EVP_R_INVALID_KEY_LENGTH:130:invalid key length
+EVP_R_INVALID_OPERATION:148:invalid operation
+EVP_R_KEYGEN_FAILURE:120:keygen failure
+EVP_R_KEY_SETUP_FAILED:180:key setup failed
+EVP_R_MEMORY_LIMIT_EXCEEDED:172:memory limit exceeded
+EVP_R_MESSAGE_DIGEST_IS_NULL:159:message digest is null
+EVP_R_METHOD_NOT_SUPPORTED:144:method not supported
+EVP_R_MISSING_PARAMETERS:103:missing parameters
+EVP_R_NOT_XOF_OR_INVALID_LENGTH:178:not XOF or invalid length
+EVP_R_NO_CIPHER_SET:131:no cipher set
+EVP_R_NO_DEFAULT_DIGEST:158:no default digest
+EVP_R_NO_DIGEST_SET:139:no digest set
+EVP_R_NO_KEY_SET:154:no key set
+EVP_R_NO_OPERATION_SET:149:no operation set
+EVP_R_ONLY_ONESHOT_SUPPORTED:177:only oneshot supported
+EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:150:\
+	operation not supported for this keytype
+EVP_R_OPERATON_NOT_INITIALIZED:151:operaton not initialized
+EVP_R_PARTIALLY_OVERLAPPING:162:partially overlapping buffers
+EVP_R_PBKDF2_ERROR:181:pbkdf2 error
+EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED:179:\
+	pkey application asn1 method already registered
+EVP_R_PRIVATE_KEY_DECODE_ERROR:145:private key decode error
+EVP_R_PRIVATE_KEY_ENCODE_ERROR:146:private key encode error
+EVP_R_PUBLIC_KEY_NOT_RSA:106:public key not rsa
+EVP_R_UNKNOWN_CIPHER:160:unknown cipher
+EVP_R_UNKNOWN_DIGEST:161:unknown digest
+EVP_R_UNKNOWN_OPTION:169:unknown option
+EVP_R_UNKNOWN_PBE_ALGORITHM:121:unknown pbe algorithm
+EVP_R_UNSUPPORTED_ALGORITHM:156:unsupported algorithm
+EVP_R_UNSUPPORTED_CIPHER:107:unsupported cipher
+EVP_R_UNSUPPORTED_KEYLENGTH:123:unsupported keylength
+EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION:124:\
+	unsupported key derivation function
+EVP_R_UNSUPPORTED_KEY_SIZE:108:unsupported key size
+EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS:135:unsupported number of rounds
+EVP_R_UNSUPPORTED_PRF:125:unsupported prf
+EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM:118:unsupported private key algorithm
+EVP_R_UNSUPPORTED_SALT_TYPE:126:unsupported salt type
+EVP_R_WRAP_MODE_NOT_ALLOWED:170:wrap mode not allowed
+EVP_R_WRONG_FINAL_BLOCK_LENGTH:109:wrong final block length
+KDF_R_INVALID_DIGEST:100:invalid digest
+KDF_R_MISSING_ITERATION_COUNT:109:missing iteration count
+KDF_R_MISSING_KEY:104:missing key
+KDF_R_MISSING_MESSAGE_DIGEST:105:missing message digest
+KDF_R_MISSING_PARAMETER:101:missing parameter
+KDF_R_MISSING_PASS:110:missing pass
+KDF_R_MISSING_SALT:111:missing salt
+KDF_R_MISSING_SECRET:107:missing secret
+KDF_R_MISSING_SEED:106:missing seed
+KDF_R_UNKNOWN_PARAMETER_TYPE:103:unknown parameter type
+KDF_R_VALUE_ERROR:108:value error
+KDF_R_VALUE_MISSING:102:value missing
+OBJ_R_OID_EXISTS:102:oid exists
+OBJ_R_UNKNOWN_NID:101:unknown nid
+OCSP_R_CERTIFICATE_VERIFY_ERROR:101:certificate verify error
+OCSP_R_DIGEST_ERR:102:digest err
+OCSP_R_ERROR_IN_NEXTUPDATE_FIELD:122:error in nextupdate field
+OCSP_R_ERROR_IN_THISUPDATE_FIELD:123:error in thisupdate field
+OCSP_R_ERROR_PARSING_URL:121:error parsing url
+OCSP_R_MISSING_OCSPSIGNING_USAGE:103:missing ocspsigning usage
+OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE:124:nextupdate before thisupdate
+OCSP_R_NOT_BASIC_RESPONSE:104:not basic response
+OCSP_R_NO_CERTIFICATES_IN_CHAIN:105:no certificates in chain
+OCSP_R_NO_RESPONSE_DATA:108:no response data
+OCSP_R_NO_REVOKED_TIME:109:no revoked time
+OCSP_R_NO_SIGNER_KEY:130:no signer key
+OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE:110:\
+	private key does not match certificate
+OCSP_R_REQUEST_NOT_SIGNED:128:request not signed
+OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA:111:\
+	response contains no revocation data
+OCSP_R_ROOT_CA_NOT_TRUSTED:112:root ca not trusted
+OCSP_R_SERVER_RESPONSE_ERROR:114:server response error
+OCSP_R_SERVER_RESPONSE_PARSE_ERROR:115:server response parse error
+OCSP_R_SIGNATURE_FAILURE:117:signature failure
+OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND:118:signer certificate not found
+OCSP_R_STATUS_EXPIRED:125:status expired
+OCSP_R_STATUS_NOT_YET_VALID:126:status not yet valid
+OCSP_R_STATUS_TOO_OLD:127:status too old
+OCSP_R_UNKNOWN_MESSAGE_DIGEST:119:unknown message digest
+OCSP_R_UNKNOWN_NID:120:unknown nid
+OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE:129:unsupported requestorname type
+OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE:107:ambiguous content type
+OSSL_STORE_R_BAD_PASSWORD_READ:115:bad password read
+OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC:113:error verifying pkcs12 mac
+OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST:121:\
+	fingerprint size does not match digest
+OSSL_STORE_R_INVALID_SCHEME:106:invalid scheme
+OSSL_STORE_R_IS_NOT_A:112:is not a
+OSSL_STORE_R_LOADER_INCOMPLETE:116:loader incomplete
+OSSL_STORE_R_LOADING_STARTED:117:loading started
+OSSL_STORE_R_NOT_A_CERTIFICATE:100:not a certificate
+OSSL_STORE_R_NOT_A_CRL:101:not a crl
+OSSL_STORE_R_NOT_A_KEY:102:not a key
+OSSL_STORE_R_NOT_A_NAME:103:not a name
+OSSL_STORE_R_NOT_PARAMETERS:104:not parameters
+OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR:114:passphrase callback error
+OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE:108:path must be absolute
+OSSL_STORE_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES:119:\
+	search only supported for directories
+OSSL_STORE_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED:109:\
+	ui process interrupted or cancelled
+OSSL_STORE_R_UNREGISTERED_SCHEME:105:unregistered scheme
+OSSL_STORE_R_UNSUPPORTED_CONTENT_TYPE:110:unsupported content type
+OSSL_STORE_R_UNSUPPORTED_OPERATION:118:unsupported operation
+OSSL_STORE_R_UNSUPPORTED_SEARCH_TYPE:120:unsupported search type
+OSSL_STORE_R_URI_AUTHORITY_UNSUPPORTED:111:uri authority unsupported
+PEM_R_BAD_BASE64_DECODE:100:bad base64 decode
+PEM_R_BAD_DECRYPT:101:bad decrypt
+PEM_R_BAD_END_LINE:102:bad end line
+PEM_R_BAD_IV_CHARS:103:bad iv chars
+PEM_R_BAD_MAGIC_NUMBER:116:bad magic number
+PEM_R_BAD_PASSWORD_READ:104:bad password read
+PEM_R_BAD_VERSION_NUMBER:117:bad version number
+PEM_R_BIO_WRITE_FAILURE:118:bio write failure
+PEM_R_CIPHER_IS_NULL:127:cipher is null
+PEM_R_ERROR_CONVERTING_PRIVATE_KEY:115:error converting private key
+PEM_R_EXPECTING_PRIVATE_KEY_BLOB:119:expecting private key blob
+PEM_R_EXPECTING_PUBLIC_KEY_BLOB:120:expecting public key blob
+PEM_R_HEADER_TOO_LONG:128:header too long
+PEM_R_INCONSISTENT_HEADER:121:inconsistent header
+PEM_R_KEYBLOB_HEADER_PARSE_ERROR:122:keyblob header parse error
+PEM_R_KEYBLOB_TOO_SHORT:123:keyblob too short
+PEM_R_MISSING_DEK_IV:129:missing dek iv
+PEM_R_NOT_DEK_INFO:105:not dek info
+PEM_R_NOT_ENCRYPTED:106:not encrypted
+PEM_R_NOT_PROC_TYPE:107:not proc type
+PEM_R_NO_START_LINE:108:no start line
+PEM_R_PROBLEMS_GETTING_PASSWORD:109:problems getting password
+PEM_R_PVK_DATA_TOO_SHORT:124:pvk data too short
+PEM_R_PVK_TOO_SHORT:125:pvk too short
+PEM_R_READ_KEY:111:read key
+PEM_R_SHORT_HEADER:112:short header
+PEM_R_UNEXPECTED_DEK_IV:130:unexpected dek iv
+PEM_R_UNSUPPORTED_CIPHER:113:unsupported cipher
+PEM_R_UNSUPPORTED_ENCRYPTION:114:unsupported encryption
+PEM_R_UNSUPPORTED_KEY_COMPONENTS:126:unsupported key components
+PKCS12_R_CANT_PACK_STRUCTURE:100:cant pack structure
+PKCS12_R_CONTENT_TYPE_NOT_DATA:121:content type not data
+PKCS12_R_DECODE_ERROR:101:decode error
+PKCS12_R_ENCODE_ERROR:102:encode error
+PKCS12_R_ENCRYPT_ERROR:103:encrypt error
+PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE:120:error setting encrypted data type
+PKCS12_R_INVALID_NULL_ARGUMENT:104:invalid null argument
+PKCS12_R_INVALID_NULL_PKCS12_POINTER:105:invalid null pkcs12 pointer
+PKCS12_R_IV_GEN_ERROR:106:iv gen error
+PKCS12_R_KEY_GEN_ERROR:107:key gen error
+PKCS12_R_MAC_ABSENT:108:mac absent
+PKCS12_R_MAC_GENERATION_ERROR:109:mac generation error
+PKCS12_R_MAC_SETUP_ERROR:110:mac setup error
+PKCS12_R_MAC_STRING_SET_ERROR:111:mac string set error
+PKCS12_R_MAC_VERIFY_FAILURE:113:mac verify failure
+PKCS12_R_PARSE_ERROR:114:parse error
+PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR:115:pkcs12 algor cipherinit error
+PKCS12_R_PKCS12_CIPHERFINAL_ERROR:116:pkcs12 cipherfinal error
+PKCS12_R_PKCS12_PBE_CRYPT_ERROR:117:pkcs12 pbe crypt error
+PKCS12_R_UNKNOWN_DIGEST_ALGORITHM:118:unknown digest algorithm
+PKCS12_R_UNSUPPORTED_PKCS12_MODE:119:unsupported pkcs12 mode
+PKCS7_R_CERTIFICATE_VERIFY_ERROR:117:certificate verify error
+PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER:144:cipher has no object identifier
+PKCS7_R_CIPHER_NOT_INITIALIZED:116:cipher not initialized
+PKCS7_R_CONTENT_AND_DATA_PRESENT:118:content and data present
+PKCS7_R_CTRL_ERROR:152:ctrl error
+PKCS7_R_DECRYPT_ERROR:119:decrypt error
+PKCS7_R_DIGEST_FAILURE:101:digest failure
+PKCS7_R_ENCRYPTION_CTRL_FAILURE:149:encryption ctrl failure
+PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE:150:\
+	encryption not supported for this key type
+PKCS7_R_ERROR_ADDING_RECIPIENT:120:error adding recipient
+PKCS7_R_ERROR_SETTING_CIPHER:121:error setting cipher
+PKCS7_R_INVALID_NULL_POINTER:143:invalid null pointer
+PKCS7_R_INVALID_SIGNED_DATA_TYPE:155:invalid signed data type
+PKCS7_R_NO_CONTENT:122:no content
+PKCS7_R_NO_DEFAULT_DIGEST:151:no default digest
+PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND:154:no matching digest type found
+PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE:115:no recipient matches certificate
+PKCS7_R_NO_SIGNATURES_ON_DATA:123:no signatures on data
+PKCS7_R_NO_SIGNERS:142:no signers
+PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE:104:\
+	operation not supported on this type
+PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR:124:pkcs7 add signature error
+PKCS7_R_PKCS7_ADD_SIGNER_ERROR:153:pkcs7 add signer error
+PKCS7_R_PKCS7_DATASIGN:145:pkcs7 datasign
+PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE:127:\
+	private key does not match certificate
+PKCS7_R_SIGNATURE_FAILURE:105:signature failure
+PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND:128:signer certificate not found
+PKCS7_R_SIGNING_CTRL_FAILURE:147:signing ctrl failure
+PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE:148:\
+	signing not supported for this key type
+PKCS7_R_SMIME_TEXT_ERROR:129:smime text error
+PKCS7_R_UNABLE_TO_FIND_CERTIFICATE:106:unable to find certificate
+PKCS7_R_UNABLE_TO_FIND_MEM_BIO:107:unable to find mem bio
+PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST:108:unable to find message digest
+PKCS7_R_UNKNOWN_DIGEST_TYPE:109:unknown digest type
+PKCS7_R_UNKNOWN_OPERATION:110:unknown operation
+PKCS7_R_UNSUPPORTED_CIPHER_TYPE:111:unsupported cipher type
+PKCS7_R_UNSUPPORTED_CONTENT_TYPE:112:unsupported content type
+PKCS7_R_WRONG_CONTENT_TYPE:113:wrong content type
+PKCS7_R_WRONG_PKCS7_TYPE:114:wrong pkcs7 type
+RAND_R_ADDITIONAL_INPUT_TOO_LONG:102:additional input too long
+RAND_R_ALREADY_INSTANTIATED:103:already instantiated
+RAND_R_ARGUMENT_OUT_OF_RANGE:105:argument out of range
+RAND_R_CANNOT_OPEN_FILE:121:Cannot open file
+RAND_R_DRBG_ALREADY_INITIALIZED:129:drbg already initialized
+RAND_R_DRBG_NOT_INITIALISED:104:drbg not initialised
+RAND_R_ENTROPY_INPUT_TOO_LONG:106:entropy input too long
+RAND_R_ENTROPY_OUT_OF_RANGE:124:entropy out of range
+RAND_R_ERROR_ENTROPY_POOL_WAS_IGNORED:127:error entropy pool was ignored
+RAND_R_ERROR_INITIALISING_DRBG:107:error initialising drbg
+RAND_R_ERROR_INSTANTIATING_DRBG:108:error instantiating drbg
+RAND_R_ERROR_RETRIEVING_ADDITIONAL_INPUT:109:error retrieving additional input
+RAND_R_ERROR_RETRIEVING_ENTROPY:110:error retrieving entropy
+RAND_R_ERROR_RETRIEVING_NONCE:111:error retrieving nonce
+RAND_R_FAILED_TO_CREATE_LOCK:126:failed to create lock
+RAND_R_FUNC_NOT_IMPLEMENTED:101:Function not implemented
+RAND_R_FWRITE_ERROR:123:Error writing file
+RAND_R_GENERATE_ERROR:112:generate error
+RAND_R_INTERNAL_ERROR:113:internal error
+RAND_R_IN_ERROR_STATE:114:in error state
+RAND_R_NOT_A_REGULAR_FILE:122:Not a regular file
+RAND_R_NOT_INSTANTIATED:115:not instantiated
+RAND_R_NO_DRBG_IMPLEMENTATION_SELECTED:128:no drbg implementation selected
+RAND_R_PARENT_LOCKING_NOT_ENABLED:130:parent locking not enabled
+RAND_R_PARENT_STRENGTH_TOO_WEAK:131:parent strength too weak
+RAND_R_PERSONALISATION_STRING_TOO_LONG:116:personalisation string too long
+RAND_R_PREDICTION_RESISTANCE_NOT_SUPPORTED:133:\
+	prediction resistance not supported
+RAND_R_PRNG_NOT_SEEDED:100:PRNG not seeded
+RAND_R_RANDOM_POOL_OVERFLOW:125:random pool overflow
+RAND_R_RANDOM_POOL_UNDERFLOW:134:random pool underflow
+RAND_R_REQUEST_TOO_LARGE_FOR_DRBG:117:request too large for drbg
+RAND_R_RESEED_ERROR:118:reseed error
+RAND_R_SELFTEST_FAILURE:119:selftest failure
+RAND_R_TOO_LITTLE_NONCE_REQUESTED:135:too little nonce requested
+RAND_R_TOO_MUCH_NONCE_REQUESTED:136:too much nonce requested
+RAND_R_UNSUPPORTED_DRBG_FLAGS:132:unsupported drbg flags
+RAND_R_UNSUPPORTED_DRBG_TYPE:120:unsupported drbg type
+RSA_R_ALGORITHM_MISMATCH:100:algorithm mismatch
+RSA_R_BAD_E_VALUE:101:bad e value
+RSA_R_BAD_FIXED_HEADER_DECRYPT:102:bad fixed header decrypt
+RSA_R_BAD_PAD_BYTE_COUNT:103:bad pad byte count
+RSA_R_BAD_SIGNATURE:104:bad signature
+RSA_R_BLOCK_TYPE_IS_NOT_01:106:block type is not 01
+RSA_R_BLOCK_TYPE_IS_NOT_02:107:block type is not 02
+RSA_R_DATA_GREATER_THAN_MOD_LEN:108:data greater than mod len
+RSA_R_DATA_TOO_LARGE:109:data too large
+RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE:110:data too large for key size
+RSA_R_DATA_TOO_LARGE_FOR_MODULUS:132:data too large for modulus
+RSA_R_DATA_TOO_SMALL:111:data too small
+RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE:122:data too small for key size
+RSA_R_DIGEST_DOES_NOT_MATCH:158:digest does not match
+RSA_R_DIGEST_NOT_ALLOWED:145:digest not allowed
+RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY:112:digest too big for rsa key
+RSA_R_DMP1_NOT_CONGRUENT_TO_D:124:dmp1 not congruent to d
+RSA_R_DMQ1_NOT_CONGRUENT_TO_D:125:dmq1 not congruent to d
+RSA_R_D_E_NOT_CONGRUENT_TO_1:123:d e not congruent to 1
+RSA_R_FIRST_OCTET_INVALID:133:first octet invalid
+RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE:144:\
+	illegal or unsupported padding mode
+RSA_R_INVALID_DIGEST:157:invalid digest
+RSA_R_INVALID_DIGEST_LENGTH:143:invalid digest length
+RSA_R_INVALID_HEADER:137:invalid header
+RSA_R_INVALID_LABEL:160:invalid label
+RSA_R_INVALID_MESSAGE_LENGTH:131:invalid message length
+RSA_R_INVALID_MGF1_MD:156:invalid mgf1 md
+RSA_R_INVALID_MULTI_PRIME_KEY:167:invalid multi prime key
+RSA_R_INVALID_OAEP_PARAMETERS:161:invalid oaep parameters
+RSA_R_INVALID_PADDING:138:invalid padding
+RSA_R_INVALID_PADDING_MODE:141:invalid padding mode
+RSA_R_INVALID_PSS_PARAMETERS:149:invalid pss parameters
+RSA_R_INVALID_PSS_SALTLEN:146:invalid pss saltlen
+RSA_R_INVALID_SALT_LENGTH:150:invalid salt length
+RSA_R_INVALID_TRAILER:139:invalid trailer
+RSA_R_INVALID_X931_DIGEST:142:invalid x931 digest
+RSA_R_IQMP_NOT_INVERSE_OF_Q:126:iqmp not inverse of q
+RSA_R_KEY_PRIME_NUM_INVALID:165:key prime num invalid
+RSA_R_KEY_SIZE_TOO_SMALL:120:key size too small
+RSA_R_LAST_OCTET_INVALID:134:last octet invalid
+RSA_R_MGF1_DIGEST_NOT_ALLOWED:152:mgf1 digest not allowed
+RSA_R_MODULUS_TOO_LARGE:105:modulus too large
+RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R:168:mp coefficient not inverse of r
+RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D:169:mp exponent not congruent to d
+RSA_R_MP_R_NOT_PRIME:170:mp r not prime
+RSA_R_NO_PUBLIC_EXPONENT:140:no public exponent
+RSA_R_NULL_BEFORE_BLOCK_MISSING:113:null before block missing
+RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES:172:n does not equal product of primes
+RSA_R_N_DOES_NOT_EQUAL_P_Q:127:n does not equal p q
+RSA_R_OAEP_DECODING_ERROR:121:oaep decoding error
+RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:148:\
+	operation not supported for this keytype
+RSA_R_PADDING_CHECK_FAILED:114:padding check failed
+RSA_R_PKCS_DECODING_ERROR:159:pkcs decoding error
+RSA_R_PSS_SALTLEN_TOO_SMALL:164:pss saltlen too small
+RSA_R_P_NOT_PRIME:128:p not prime
+RSA_R_Q_NOT_PRIME:129:q not prime
+RSA_R_RSA_OPERATIONS_NOT_SUPPORTED:130:rsa operations not supported
+RSA_R_SLEN_CHECK_FAILED:136:salt length check failed
+RSA_R_SLEN_RECOVERY_FAILED:135:salt length recovery failed
+RSA_R_SSLV3_ROLLBACK_ATTACK:115:sslv3 rollback attack
+RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD:116:\
+	the asn1 object identifier is not known for this md
+RSA_R_UNKNOWN_ALGORITHM_TYPE:117:unknown algorithm type
+RSA_R_UNKNOWN_DIGEST:166:unknown digest
+RSA_R_UNKNOWN_MASK_DIGEST:151:unknown mask digest
+RSA_R_UNKNOWN_PADDING_TYPE:118:unknown padding type
+RSA_R_UNSUPPORTED_ENCRYPTION_TYPE:162:unsupported encryption type
+RSA_R_UNSUPPORTED_LABEL_SOURCE:163:unsupported label source
+RSA_R_UNSUPPORTED_MASK_ALGORITHM:153:unsupported mask algorithm
+RSA_R_UNSUPPORTED_MASK_PARAMETER:154:unsupported mask parameter
+RSA_R_UNSUPPORTED_SIGNATURE_TYPE:155:unsupported signature type
+RSA_R_VALUE_MISSING:147:value missing
+RSA_R_WRONG_SIGNATURE_LENGTH:119:wrong signature length
+SM2_R_ASN1_ERROR:100:asn1 error
+SM2_R_BAD_SIGNATURE:101:bad signature
+SM2_R_BUFFER_TOO_SMALL:107:buffer too small
+SM2_R_DIST_ID_TOO_LARGE:110:dist id too large
+SM2_R_ID_NOT_SET:112:id not set
+SM2_R_ID_TOO_LARGE:111:id too large
+SM2_R_INVALID_CURVE:108:invalid curve
+SM2_R_INVALID_DIGEST:102:invalid digest
+SM2_R_INVALID_DIGEST_TYPE:103:invalid digest type
+SM2_R_INVALID_ENCODING:104:invalid encoding
+SM2_R_INVALID_FIELD:105:invalid field
+SM2_R_NO_PARAMETERS_SET:109:no parameters set
+SM2_R_USER_ID_TOO_LARGE:106:user id too large
+SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY:291:\
+	application data after close notify
+SSL_R_APP_DATA_IN_HANDSHAKE:100:app data in handshake
+SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT:272:\
+	attempt to reuse session in different context
+SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE:143:\
+	at least TLS 1.0 needed in FIPS mode
+SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE:158:\
+	at least (D)TLS 1.2 needed in Suite B mode
+SSL_R_BAD_CHANGE_CIPHER_SPEC:103:bad change cipher spec
+SSL_R_BAD_CIPHER:186:bad cipher
+SSL_R_BAD_DATA:390:bad data
+SSL_R_BAD_DATA_RETURNED_BY_CALLBACK:106:bad data returned by callback
+SSL_R_BAD_DECOMPRESSION:107:bad decompression
+SSL_R_BAD_DH_VALUE:102:bad dh value
+SSL_R_BAD_DIGEST_LENGTH:111:bad digest length
+SSL_R_BAD_EARLY_DATA:233:bad early data
+SSL_R_BAD_ECC_CERT:304:bad ecc cert
+SSL_R_BAD_ECPOINT:306:bad ecpoint
+SSL_R_BAD_EXTENSION:110:bad extension
+SSL_R_BAD_HANDSHAKE_LENGTH:332:bad handshake length
+SSL_R_BAD_HANDSHAKE_STATE:236:bad handshake state
+SSL_R_BAD_HELLO_REQUEST:105:bad hello request
+SSL_R_BAD_HRR_VERSION:263:bad hrr version
+SSL_R_BAD_KEY_SHARE:108:bad key share
+SSL_R_BAD_KEY_UPDATE:122:bad key update
+SSL_R_BAD_LEGACY_VERSION:292:bad legacy version
+SSL_R_BAD_LENGTH:271:bad length
+SSL_R_BAD_PACKET:240:bad packet
+SSL_R_BAD_PACKET_LENGTH:115:bad packet length
+SSL_R_BAD_PROTOCOL_VERSION_NUMBER:116:bad protocol version number
+SSL_R_BAD_PSK:219:bad psk
+SSL_R_BAD_PSK_IDENTITY:114:bad psk identity
+SSL_R_BAD_RECORD_TYPE:443:bad record type
+SSL_R_BAD_RSA_ENCRYPT:119:bad rsa encrypt
+SSL_R_BAD_SIGNATURE:123:bad signature
+SSL_R_BAD_SRP_A_LENGTH:347:bad srp a length
+SSL_R_BAD_SRP_PARAMETERS:371:bad srp parameters
+SSL_R_BAD_SRTP_MKI_VALUE:352:bad srtp mki value
+SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST:353:bad srtp protection profile list
+SSL_R_BAD_SSL_FILETYPE:124:bad ssl filetype
+SSL_R_BAD_VALUE:384:bad value
+SSL_R_BAD_WRITE_RETRY:127:bad write retry
+SSL_R_BINDER_DOES_NOT_VERIFY:253:binder does not verify
+SSL_R_BIO_NOT_SET:128:bio not set
+SSL_R_BLOCK_CIPHER_PAD_IS_WRONG:129:block cipher pad is wrong
+SSL_R_BN_LIB:130:bn lib
+SSL_R_CALLBACK_FAILED:234:callback failed
+SSL_R_CANNOT_CHANGE_CIPHER:109:cannot change cipher
+SSL_R_CA_DN_LENGTH_MISMATCH:131:ca dn length mismatch
+SSL_R_CA_KEY_TOO_SMALL:397:ca key too small
+SSL_R_CA_MD_TOO_WEAK:398:ca md too weak
+SSL_R_CCS_RECEIVED_EARLY:133:ccs received early
+SSL_R_CERTIFICATE_VERIFY_FAILED:134:certificate verify failed
+SSL_R_CERT_CB_ERROR:377:cert cb error
+SSL_R_CERT_LENGTH_MISMATCH:135:cert length mismatch
+SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED:218:ciphersuite digest has changed
+SSL_R_CIPHER_CODE_WRONG_LENGTH:137:cipher code wrong length
+SSL_R_CIPHER_OR_HASH_UNAVAILABLE:138:cipher or hash unavailable
+SSL_R_CLIENTHELLO_TLSEXT:226:clienthello tlsext
+SSL_R_COMPRESSED_LENGTH_TOO_LONG:140:compressed length too long
+SSL_R_COMPRESSION_DISABLED:343:compression disabled
+SSL_R_COMPRESSION_FAILURE:141:compression failure
+SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE:307:\
+	compression id not within private range
+SSL_R_COMPRESSION_LIBRARY_ERROR:142:compression library error
+SSL_R_CONNECTION_TYPE_NOT_SET:144:connection type not set
+SSL_R_CONTEXT_NOT_DANE_ENABLED:167:context not dane enabled
+SSL_R_COOKIE_GEN_CALLBACK_FAILURE:400:cookie gen callback failure
+SSL_R_COOKIE_MISMATCH:308:cookie mismatch
+SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED:206:\
+	custom ext handler already installed
+SSL_R_DANE_ALREADY_ENABLED:172:dane already enabled
+SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL:173:dane cannot override mtype full
+SSL_R_DANE_NOT_ENABLED:175:dane not enabled
+SSL_R_DANE_TLSA_BAD_CERTIFICATE:180:dane tlsa bad certificate
+SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE:184:dane tlsa bad certificate usage
+SSL_R_DANE_TLSA_BAD_DATA_LENGTH:189:dane tlsa bad data length
+SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH:192:dane tlsa bad digest length
+SSL_R_DANE_TLSA_BAD_MATCHING_TYPE:200:dane tlsa bad matching type
+SSL_R_DANE_TLSA_BAD_PUBLIC_KEY:201:dane tlsa bad public key
+SSL_R_DANE_TLSA_BAD_SELECTOR:202:dane tlsa bad selector
+SSL_R_DANE_TLSA_NULL_DATA:203:dane tlsa null data
+SSL_R_DATA_BETWEEN_CCS_AND_FINISHED:145:data between ccs and finished
+SSL_R_DATA_LENGTH_TOO_LONG:146:data length too long
+SSL_R_DECRYPTION_FAILED:147:decryption failed
+SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC:281:\
+	decryption failed or bad record mac
+SSL_R_DH_KEY_TOO_SMALL:394:dh key too small
+SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG:148:dh public value length is wrong
+SSL_R_DIGEST_CHECK_FAILED:149:digest check failed
+SSL_R_DTLS_MESSAGE_TOO_BIG:334:dtls message too big
+SSL_R_DUPLICATE_COMPRESSION_ID:309:duplicate compression id
+SSL_R_ECC_CERT_NOT_FOR_SIGNING:318:ecc cert not for signing
+SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE:374:ecdh required for suiteb mode
+SSL_R_EE_KEY_TOO_SMALL:399:ee key too small
+SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST:354:empty srtp protection profile list
+SSL_R_ENCRYPTED_LENGTH_TOO_LONG:150:encrypted length too long
+SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST:151:error in received cipher list
+SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN:204:error setting tlsa base domain
+SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE:194:exceeds max fragment size
+SSL_R_EXCESSIVE_MESSAGE_SIZE:152:excessive message size
+SSL_R_EXTENSION_NOT_RECEIVED:279:extension not received
+SSL_R_EXTRA_DATA_IN_MESSAGE:153:extra data in message
+SSL_R_EXT_LENGTH_MISMATCH:163:ext length mismatch
+SSL_R_FAILED_TO_INIT_ASYNC:405:failed to init async
+SSL_R_FRAGMENTED_CLIENT_HELLO:401:fragmented client hello
+SSL_R_GOT_A_FIN_BEFORE_A_CCS:154:got a fin before a ccs
+SSL_R_HTTPS_PROXY_REQUEST:155:https proxy request
+SSL_R_HTTP_REQUEST:156:http request
+SSL_R_ILLEGAL_POINT_COMPRESSION:162:illegal point compression
+SSL_R_ILLEGAL_SUITEB_DIGEST:380:illegal Suite B digest
+SSL_R_INAPPROPRIATE_FALLBACK:373:inappropriate fallback
+SSL_R_INCONSISTENT_COMPRESSION:340:inconsistent compression
+SSL_R_INCONSISTENT_EARLY_DATA_ALPN:222:inconsistent early data alpn
+SSL_R_INCONSISTENT_EARLY_DATA_SNI:231:inconsistent early data sni
+SSL_R_INCONSISTENT_EXTMS:104:inconsistent extms
+SSL_R_INSUFFICIENT_SECURITY:241:insufficient security
+SSL_R_INVALID_ALERT:205:invalid alert
+SSL_R_INVALID_CCS_MESSAGE:260:invalid ccs message
+SSL_R_INVALID_CERTIFICATE_OR_ALG:238:invalid certificate or alg
+SSL_R_INVALID_COMMAND:280:invalid command
+SSL_R_INVALID_COMPRESSION_ALGORITHM:341:invalid compression algorithm
+SSL_R_INVALID_CONFIG:283:invalid config
+SSL_R_INVALID_CONFIGURATION_NAME:113:invalid configuration name
+SSL_R_INVALID_CONTEXT:282:invalid context
+SSL_R_INVALID_CT_VALIDATION_TYPE:212:invalid ct validation type
+SSL_R_INVALID_KEY_UPDATE_TYPE:120:invalid key update type
+SSL_R_INVALID_MAX_EARLY_DATA:174:invalid max early data
+SSL_R_INVALID_NULL_CMD_NAME:385:invalid null cmd name
+SSL_R_INVALID_SEQUENCE_NUMBER:402:invalid sequence number
+SSL_R_INVALID_SERVERINFO_DATA:388:invalid serverinfo data
+SSL_R_INVALID_SESSION_ID:999:invalid session id
+SSL_R_INVALID_SRP_USERNAME:357:invalid srp username
+SSL_R_INVALID_STATUS_RESPONSE:328:invalid status response
+SSL_R_INVALID_TICKET_KEYS_LENGTH:325:invalid ticket keys length
+SSL_R_LENGTH_MISMATCH:159:length mismatch
+SSL_R_LENGTH_TOO_LONG:404:length too long
+SSL_R_LENGTH_TOO_SHORT:160:length too short
+SSL_R_LIBRARY_BUG:274:library bug
+SSL_R_LIBRARY_HAS_NO_CIPHERS:161:library has no ciphers
+SSL_R_MISSING_DSA_SIGNING_CERT:165:missing dsa signing cert
+SSL_R_MISSING_ECDSA_SIGNING_CERT:381:missing ecdsa signing cert
+SSL_R_MISSING_FATAL:256:missing fatal
+SSL_R_MISSING_PARAMETERS:290:missing parameters
+SSL_R_MISSING_RSA_CERTIFICATE:168:missing rsa certificate
+SSL_R_MISSING_RSA_ENCRYPTING_CERT:169:missing rsa encrypting cert
+SSL_R_MISSING_RSA_SIGNING_CERT:170:missing rsa signing cert
+SSL_R_MISSING_SIGALGS_EXTENSION:112:missing sigalgs extension
+SSL_R_MISSING_SIGNING_CERT:221:missing signing cert
+SSL_R_MISSING_SRP_PARAM:358:can't find SRP server param
+SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION:209:missing supported groups extension
+SSL_R_MISSING_TMP_DH_KEY:171:missing tmp dh key
+SSL_R_MISSING_TMP_ECDH_KEY:311:missing tmp ecdh key
+SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA:293:\
+	mixed handshake and non handshake data
+SSL_R_NOT_ON_RECORD_BOUNDARY:182:not on record boundary
+SSL_R_NOT_REPLACING_CERTIFICATE:289:not replacing certificate
+SSL_R_NOT_SERVER:284:not server
+SSL_R_NO_APPLICATION_PROTOCOL:235:no application protocol
+SSL_R_NO_CERTIFICATES_RETURNED:176:no certificates returned
+SSL_R_NO_CERTIFICATE_ASSIGNED:177:no certificate assigned
+SSL_R_NO_CERTIFICATE_SET:179:no certificate set
+SSL_R_NO_CHANGE_FOLLOWING_HRR:214:no change following hrr
+SSL_R_NO_CIPHERS_AVAILABLE:181:no ciphers available
+SSL_R_NO_CIPHERS_SPECIFIED:183:no ciphers specified
+SSL_R_NO_CIPHER_MATCH:185:no cipher match
+SSL_R_NO_CLIENT_CERT_METHOD:331:no client cert method
+SSL_R_NO_COMPRESSION_SPECIFIED:187:no compression specified
+SSL_R_NO_COOKIE_CALLBACK_SET:287:no cookie callback set
+SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER:330:\
+	Peer haven't sent GOST certificate, required for selected ciphersuite
+SSL_R_NO_METHOD_SPECIFIED:188:no method specified
+SSL_R_NO_PEM_EXTENSIONS:389:no pem extensions
+SSL_R_NO_PRIVATE_KEY_ASSIGNED:190:no private key assigned
+SSL_R_NO_PROTOCOLS_AVAILABLE:191:no protocols available
+SSL_R_NO_RENEGOTIATION:339:no renegotiation
+SSL_R_NO_REQUIRED_DIGEST:324:no required digest
+SSL_R_NO_SHARED_CIPHER:193:no shared cipher
+SSL_R_NO_SHARED_GROUPS:410:no shared groups
+SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS:376:no shared signature algorithms
+SSL_R_NO_SRTP_PROFILES:359:no srtp profiles
+SSL_R_NO_SUITABLE_KEY_SHARE:101:no suitable key share
+SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM:118:no suitable signature algorithm
+SSL_R_NO_VALID_SCTS:216:no valid scts
+SSL_R_NO_VERIFY_COOKIE_CALLBACK:403:no verify cookie callback
+SSL_R_NULL_SSL_CTX:195:null ssl ctx
+SSL_R_NULL_SSL_METHOD_PASSED:196:null ssl method passed
+SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED:197:old session cipher not returned
+SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED:344:\
+	old session compression algorithm not returned
+SSL_R_OVERFLOW_ERROR:237:overflow error
+SSL_R_PACKET_LENGTH_TOO_LONG:198:packet length too long
+SSL_R_PARSE_TLSEXT:227:parse tlsext
+SSL_R_PATH_TOO_LONG:270:path too long
+SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE:199:peer did not return a certificate
+SSL_R_PEM_NAME_BAD_PREFIX:391:pem name bad prefix
+SSL_R_PEM_NAME_TOO_SHORT:392:pem name too short
+SSL_R_PIPELINE_FAILURE:406:pipeline failure
+SSL_R_POST_HANDSHAKE_AUTH_ENCODING_ERR:278:post handshake auth encoding err
+SSL_R_PRIVATE_KEY_MISMATCH:288:private key mismatch
+SSL_R_PROTOCOL_IS_SHUTDOWN:207:protocol is shutdown
+SSL_R_PSK_IDENTITY_NOT_FOUND:223:psk identity not found
+SSL_R_PSK_NO_CLIENT_CB:224:psk no client cb
+SSL_R_PSK_NO_SERVER_CB:225:psk no server cb
+SSL_R_READ_BIO_NOT_SET:211:read bio not set
+SSL_R_READ_TIMEOUT_EXPIRED:312:read timeout expired
+SSL_R_RECORD_LENGTH_MISMATCH:213:record length mismatch
+SSL_R_RECORD_TOO_SMALL:298:record too small
+SSL_R_RENEGOTIATE_EXT_TOO_LONG:335:renegotiate ext too long
+SSL_R_RENEGOTIATION_ENCODING_ERR:336:renegotiation encoding err
+SSL_R_RENEGOTIATION_MISMATCH:337:renegotiation mismatch
+SSL_R_REQUEST_PENDING:285:request pending
+SSL_R_REQUEST_SENT:286:request sent
+SSL_R_REQUIRED_CIPHER_MISSING:215:required cipher missing
+SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING:342:\
+	required compression algorithm missing
+SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING:345:scsv received when renegotiating
+SSL_R_SCT_VERIFICATION_FAILED:208:sct verification failed
+SSL_R_SERVERHELLO_TLSEXT:275:serverhello tlsext
+SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED:277:session id context uninitialized
+SSL_R_SHUTDOWN_WHILE_IN_INIT:407:shutdown while in init
+SSL_R_SIGNATURE_ALGORITHMS_ERROR:360:signature algorithms error
+SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE:220:\
+	signature for non signing certificate
+SSL_R_SRP_A_CALC:361:error with the srp params
+SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES:362:srtp could not allocate profiles
+SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG:363:\
+	srtp protection profile list too long
+SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE:364:srtp unknown protection profile
+SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH:232:\
+	ssl3 ext invalid max fragment length
+SSL_R_SSL3_EXT_INVALID_SERVERNAME:319:ssl3 ext invalid servername
+SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE:320:ssl3 ext invalid servername type
+SSL_R_SSL3_SESSION_ID_TOO_LONG:300:ssl3 session id too long
+SSL_R_SSL_COMMAND_SECTION_EMPTY:117:ssl command section empty
+SSL_R_SSL_COMMAND_SECTION_NOT_FOUND:125:ssl command section not found
+SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION:228:ssl ctx has no default ssl version
+SSL_R_SSL_HANDSHAKE_FAILURE:229:ssl handshake failure
+SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS:230:ssl library has no ciphers
+SSL_R_SSL_NEGATIVE_LENGTH:372:ssl negative length
+SSL_R_SSL_SECTION_EMPTY:126:ssl section empty
+SSL_R_SSL_SECTION_NOT_FOUND:136:ssl section not found
+SSL_R_SSL_SESSION_ID_CALLBACK_FAILED:301:ssl session id callback failed
+SSL_R_SSL_SESSION_ID_CONFLICT:302:ssl session id conflict
+SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG:273:ssl session id context too long
+SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH:303:ssl session id has bad length
+SSL_R_SSL_SESSION_ID_TOO_LONG:408:ssl session id too long
+SSL_R_SSL_SESSION_VERSION_MISMATCH:210:ssl session version mismatch
+SSL_R_STILL_IN_INIT:121:still in init
+SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT:365:peer does not accept heartbeats
+SSL_R_TLS_HEARTBEAT_PENDING:366:heartbeat request already pending
+SSL_R_TLS_ILLEGAL_EXPORTER_LABEL:367:tls illegal exporter label
+SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST:157:tls invalid ecpointformat list
+SSL_R_TOO_MANY_KEY_UPDATES:132:too many key updates
+SSL_R_TOO_MANY_WARN_ALERTS:409:too many warn alerts
+SSL_R_TOO_MUCH_EARLY_DATA:164:too much early data
+SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS:314:unable to find ecdh parameters
+SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS:239:\
+	unable to find public key parameters
+SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES:242:unable to load ssl3 md5 routines
+SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES:243:unable to load ssl3 sha1 routines
+SSL_R_UNEXPECTED_CCS_MESSAGE:262:unexpected ccs message
+SSL_R_UNEXPECTED_END_OF_EARLY_DATA:178:unexpected end of early data
+SSL_R_UNEXPECTED_MESSAGE:244:unexpected message
+SSL_R_UNEXPECTED_RECORD:245:unexpected record
+SSL_R_UNINITIALIZED:276:uninitialized
+SSL_R_UNKNOWN_ALERT_TYPE:246:unknown alert type
+SSL_R_UNKNOWN_CERTIFICATE_TYPE:247:unknown certificate type
+SSL_R_UNKNOWN_CIPHER_RETURNED:248:unknown cipher returned
+SSL_R_UNKNOWN_CIPHER_TYPE:249:unknown cipher type
+SSL_R_UNKNOWN_CMD_NAME:386:unknown cmd name
+SSL_R_UNKNOWN_COMMAND:139:unknown command
+SSL_R_UNKNOWN_DIGEST:368:unknown digest
+SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE:250:unknown key exchange type
+SSL_R_UNKNOWN_PKEY_TYPE:251:unknown pkey type
+SSL_R_UNKNOWN_PROTOCOL:252:unknown protocol
+SSL_R_UNKNOWN_SSL_VERSION:254:unknown ssl version
+SSL_R_UNKNOWN_STATE:255:unknown state
+SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED:338:\
+	unsafe legacy renegotiation disabled
+SSL_R_UNSOLICITED_EXTENSION:217:unsolicited extension
+SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM:257:unsupported compression algorithm
+SSL_R_UNSUPPORTED_ELLIPTIC_CURVE:315:unsupported elliptic curve
+SSL_R_UNSUPPORTED_PROTOCOL:258:unsupported protocol
+SSL_R_UNSUPPORTED_SSL_VERSION:259:unsupported ssl version
+SSL_R_UNSUPPORTED_STATUS_TYPE:329:unsupported status type
+SSL_R_USE_SRTP_NOT_NEGOTIATED:369:use srtp not negotiated
+SSL_R_VERSION_TOO_HIGH:166:version too high
+SSL_R_VERSION_TOO_LOW:396:version too low
+SSL_R_WRONG_CERTIFICATE_TYPE:383:wrong certificate type
+SSL_R_WRONG_CIPHER_RETURNED:261:wrong cipher returned
+SSL_R_WRONG_CURVE:378:wrong curve
+SSL_R_WRONG_SIGNATURE_LENGTH:264:wrong signature length
+SSL_R_WRONG_SIGNATURE_SIZE:265:wrong signature size
+SSL_R_WRONG_SIGNATURE_TYPE:370:wrong signature type
+SSL_R_WRONG_SSL_VERSION:266:wrong ssl version
+SSL_R_WRONG_VERSION_NUMBER:267:wrong version number
+SSL_R_X509_LIB:268:x509 lib
+SSL_R_X509_VERIFICATION_SETUP_PROBLEMS:269:x509 verification setup problems
+TS_R_BAD_PKCS7_TYPE:132:bad pkcs7 type
+TS_R_BAD_TYPE:133:bad type
+TS_R_CANNOT_LOAD_CERT:137:cannot load certificate
+TS_R_CANNOT_LOAD_KEY:138:cannot load private key
+TS_R_CERTIFICATE_VERIFY_ERROR:100:certificate verify error
+TS_R_COULD_NOT_SET_ENGINE:127:could not set engine
+TS_R_COULD_NOT_SET_TIME:115:could not set time
+TS_R_DETACHED_CONTENT:134:detached content
+TS_R_ESS_ADD_SIGNING_CERT_ERROR:116:ess add signing cert error
+TS_R_ESS_ADD_SIGNING_CERT_V2_ERROR:139:ess add signing cert v2 error
+TS_R_ESS_SIGNING_CERTIFICATE_ERROR:101:ess signing certificate error
+TS_R_INVALID_NULL_POINTER:102:invalid null pointer
+TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE:117:invalid signer certificate purpose
+TS_R_MESSAGE_IMPRINT_MISMATCH:103:message imprint mismatch
+TS_R_NONCE_MISMATCH:104:nonce mismatch
+TS_R_NONCE_NOT_RETURNED:105:nonce not returned
+TS_R_NO_CONTENT:106:no content
+TS_R_NO_TIME_STAMP_TOKEN:107:no time stamp token
+TS_R_PKCS7_ADD_SIGNATURE_ERROR:118:pkcs7 add signature error
+TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR:119:pkcs7 add signed attr error
+TS_R_PKCS7_TO_TS_TST_INFO_FAILED:129:pkcs7 to ts tst info failed
+TS_R_POLICY_MISMATCH:108:policy mismatch
+TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE:120:\
+	private key does not match certificate
+TS_R_RESPONSE_SETUP_ERROR:121:response setup error
+TS_R_SIGNATURE_FAILURE:109:signature failure
+TS_R_THERE_MUST_BE_ONE_SIGNER:110:there must be one signer
+TS_R_TIME_SYSCALL_ERROR:122:time syscall error
+TS_R_TOKEN_NOT_PRESENT:130:token not present
+TS_R_TOKEN_PRESENT:131:token present
+TS_R_TSA_NAME_MISMATCH:111:tsa name mismatch
+TS_R_TSA_UNTRUSTED:112:tsa untrusted
+TS_R_TST_INFO_SETUP_ERROR:123:tst info setup error
+TS_R_TS_DATASIGN:124:ts datasign
+TS_R_UNACCEPTABLE_POLICY:125:unacceptable policy
+TS_R_UNSUPPORTED_MD_ALGORITHM:126:unsupported md algorithm
+TS_R_UNSUPPORTED_VERSION:113:unsupported version
+TS_R_VAR_BAD_VALUE:135:var bad value
+TS_R_VAR_LOOKUP_FAILURE:136:cannot find config variable
+TS_R_WRONG_CONTENT_TYPE:114:wrong content type
+UI_R_COMMON_OK_AND_CANCEL_CHARACTERS:104:common ok and cancel characters
+UI_R_INDEX_TOO_LARGE:102:index too large
+UI_R_INDEX_TOO_SMALL:103:index too small
+UI_R_NO_RESULT_BUFFER:105:no result buffer
+UI_R_PROCESSING_ERROR:107:processing error
+UI_R_RESULT_TOO_LARGE:100:result too large
+UI_R_RESULT_TOO_SMALL:101:result too small
+UI_R_SYSASSIGN_ERROR:109:sys$assign error
+UI_R_SYSDASSGN_ERROR:110:sys$dassgn error
+UI_R_SYSQIOW_ERROR:111:sys$qiow error
+UI_R_UNKNOWN_CONTROL_COMMAND:106:unknown control command
+UI_R_UNKNOWN_TTYGET_ERRNO_VALUE:108:unknown ttyget errno value
+UI_R_USER_DATA_DUPLICATION_UNSUPPORTED:112:user data duplication unsupported
+X509V3_R_BAD_IP_ADDRESS:118:bad ip address
+X509V3_R_BAD_OBJECT:119:bad object
+X509V3_R_BN_DEC2BN_ERROR:100:bn dec2bn error
+X509V3_R_BN_TO_ASN1_INTEGER_ERROR:101:bn to asn1 integer error
+X509V3_R_DIRNAME_ERROR:149:dirname error
+X509V3_R_DISTPOINT_ALREADY_SET:160:distpoint already set
+X509V3_R_DUPLICATE_ZONE_ID:133:duplicate zone id
+X509V3_R_ERROR_CONVERTING_ZONE:131:error converting zone
+X509V3_R_ERROR_CREATING_EXTENSION:144:error creating extension
+X509V3_R_ERROR_IN_EXTENSION:128:error in extension
+X509V3_R_EXPECTED_A_SECTION_NAME:137:expected a section name
+X509V3_R_EXTENSION_EXISTS:145:extension exists
+X509V3_R_EXTENSION_NAME_ERROR:115:extension name error
+X509V3_R_EXTENSION_NOT_FOUND:102:extension not found
+X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED:103:extension setting not supported
+X509V3_R_EXTENSION_VALUE_ERROR:116:extension value error
+X509V3_R_ILLEGAL_EMPTY_EXTENSION:151:illegal empty extension
+X509V3_R_INCORRECT_POLICY_SYNTAX_TAG:152:incorrect policy syntax tag
+X509V3_R_INVALID_ASNUMBER:162:invalid asnumber
+X509V3_R_INVALID_ASRANGE:163:invalid asrange
+X509V3_R_INVALID_BOOLEAN_STRING:104:invalid boolean string
+X509V3_R_INVALID_EXTENSION_STRING:105:invalid extension string
+X509V3_R_INVALID_INHERITANCE:165:invalid inheritance
+X509V3_R_INVALID_IPADDRESS:166:invalid ipaddress
+X509V3_R_INVALID_MULTIPLE_RDNS:161:invalid multiple rdns
+X509V3_R_INVALID_NAME:106:invalid name
+X509V3_R_INVALID_NULL_ARGUMENT:107:invalid null argument
+X509V3_R_INVALID_NULL_NAME:108:invalid null name
+X509V3_R_INVALID_NULL_VALUE:109:invalid null value
+X509V3_R_INVALID_NUMBER:140:invalid number
+X509V3_R_INVALID_NUMBERS:141:invalid numbers
+X509V3_R_INVALID_OBJECT_IDENTIFIER:110:invalid object identifier
+X509V3_R_INVALID_OPTION:138:invalid option
+X509V3_R_INVALID_POLICY_IDENTIFIER:134:invalid policy identifier
+X509V3_R_INVALID_PROXY_POLICY_SETTING:153:invalid proxy policy setting
+X509V3_R_INVALID_PURPOSE:146:invalid purpose
+X509V3_R_INVALID_SAFI:164:invalid safi
+X509V3_R_INVALID_SECTION:135:invalid section
+X509V3_R_INVALID_SYNTAX:143:invalid syntax
+X509V3_R_ISSUER_DECODE_ERROR:126:issuer decode error
+X509V3_R_MISSING_VALUE:124:missing value
+X509V3_R_NEED_ORGANIZATION_AND_NUMBERS:142:need organization and numbers
+X509V3_R_NO_CONFIG_DATABASE:136:no config database
+X509V3_R_NO_ISSUER_CERTIFICATE:121:no issuer certificate
+X509V3_R_NO_ISSUER_DETAILS:127:no issuer details
+X509V3_R_NO_POLICY_IDENTIFIER:139:no policy identifier
+X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED:154:\
+	no proxy cert policy language defined
+X509V3_R_NO_PUBLIC_KEY:114:no public key
+X509V3_R_NO_SUBJECT_DETAILS:125:no subject details
+X509V3_R_OPERATION_NOT_DEFINED:148:operation not defined
+X509V3_R_OTHERNAME_ERROR:147:othername error
+X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED:155:policy language already defined
+X509V3_R_POLICY_PATH_LENGTH:156:policy path length
+X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED:157:\
+	policy path length already defined
+X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY:159:\
+	policy when proxy language requires no policy
+X509V3_R_SECTION_NOT_FOUND:150:section not found
+X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS:122:unable to get issuer details
+X509V3_R_UNABLE_TO_GET_ISSUER_KEYID:123:unable to get issuer keyid
+X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT:111:unknown bit string argument
+X509V3_R_UNKNOWN_EXTENSION:129:unknown extension
+X509V3_R_UNKNOWN_EXTENSION_NAME:130:unknown extension name
+X509V3_R_UNKNOWN_OPTION:120:unknown option
+X509V3_R_UNSUPPORTED_OPTION:117:unsupported option
+X509V3_R_UNSUPPORTED_TYPE:167:unsupported type
+X509V3_R_USER_TOO_LONG:132:user too long
+X509_R_AKID_MISMATCH:110:akid mismatch
+X509_R_BAD_SELECTOR:133:bad selector
+X509_R_BAD_X509_FILETYPE:100:bad x509 filetype
+X509_R_BASE64_DECODE_ERROR:118:base64 decode error
+X509_R_CANT_CHECK_DH_KEY:114:cant check dh key
+X509_R_CERT_ALREADY_IN_HASH_TABLE:101:cert already in hash table
+X509_R_CRL_ALREADY_DELTA:127:crl already delta
+X509_R_CRL_VERIFY_FAILURE:131:crl verify failure
+X509_R_IDP_MISMATCH:128:idp mismatch
+X509_R_INVALID_DIRECTORY:113:invalid directory
+X509_R_INVALID_FIELD_NAME:119:invalid field name
+X509_R_INVALID_TRUST:123:invalid trust
+X509_R_ISSUER_MISMATCH:129:issuer mismatch
+X509_R_KEY_TYPE_MISMATCH:115:key type mismatch
+X509_R_KEY_VALUES_MISMATCH:116:key values mismatch
+X509_R_LOADING_CERT_DIR:103:loading cert dir
+X509_R_LOADING_DEFAULTS:104:loading defaults
+X509_R_METHOD_NOT_SUPPORTED:124:method not supported
+X509_R_NAME_TOO_LONG:134:name too long
+X509_R_NEWER_CRL_NOT_NEWER:132:newer crl not newer
+X509_R_NO_CERTIFICATE_FOUND:135:no certificate found
+X509_R_NO_CERTIFICATE_OR_CRL_FOUND:136:no certificate or crl found
+X509_R_NO_CERT_SET_FOR_US_TO_VERIFY:105:no cert set for us to verify
+X509_R_NO_CRL_FOUND:137:no crl found
+X509_R_NO_CRL_NUMBER:130:no crl number
+X509_R_PUBLIC_KEY_DECODE_ERROR:125:public key decode error
+X509_R_PUBLIC_KEY_ENCODE_ERROR:126:public key encode error
+X509_R_SHOULD_RETRY:106:should retry
+X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN:107:unable to find parameters in chain
+X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY:108:unable to get certs public key
+X509_R_UNKNOWN_KEY_TYPE:117:unknown key type
+X509_R_UNKNOWN_NID:109:unknown nid
+X509_R_UNKNOWN_PURPOSE_ID:121:unknown purpose id
+X509_R_UNKNOWN_TRUST_ID:120:unknown trust id
+X509_R_UNSUPPORTED_ALGORITHM:111:unsupported algorithm
+X509_R_WRONG_LOOKUP_TYPE:112:wrong lookup type
+X509_R_WRONG_TYPE:122:wrong type
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/bio_b64.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/bio_b64.c
new file mode 100644
index 000000000..9f891f762
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/bio_b64.c
@@ -0,0 +1,553 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
+#include "internal/bio.h"
+
+static int b64_write(BIO *h, const char *buf, int num);
+static int b64_read(BIO *h, char *buf, int size);
+static int b64_puts(BIO *h, const char *str);
+static long b64_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int b64_new(BIO *h);
+static int b64_free(BIO *data);
+static long b64_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
+#define B64_BLOCK_SIZE  1024
+#define B64_BLOCK_SIZE2 768
+#define B64_NONE        0
+#define B64_ENCODE      1
+#define B64_DECODE      2
+
+typedef struct b64_struct {
+    /*
+     * BIO *bio; moved to the BIO structure
+     */
+    int buf_len;
+    int buf_off;
+    int tmp_len;                /* used to find the start when decoding */
+    int tmp_nl;                 /* If true, scan until '\n' */
+    int encode;
+    int start;                  /* have we started decoding yet? */
+    int cont;                   /* <= 0 when finished */
+    EVP_ENCODE_CTX *base64;
+    char buf[EVP_ENCODE_LENGTH(B64_BLOCK_SIZE) + 10];
+    char tmp[B64_BLOCK_SIZE];
+} BIO_B64_CTX;
+
+static const BIO_METHOD methods_b64 = {
+    BIO_TYPE_BASE64,
+    "base64 encoding",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
+    b64_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
+    b64_read,
+    b64_puts,
+    NULL,                       /* b64_gets, */
+    b64_ctrl,
+    b64_new,
+    b64_free,
+    b64_callback_ctrl,
+};
+
+
+const BIO_METHOD *BIO_f_base64(void)
+{
+    return &methods_b64;
+}
+
+static int b64_new(BIO *bi)
+{
+    BIO_B64_CTX *ctx;
+
+    if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
+        EVPerr(EVP_F_B64_NEW, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    ctx->cont = 1;
+    ctx->start = 1;
+    ctx->base64 = EVP_ENCODE_CTX_new();
+    if (ctx->base64 == NULL) {
+        OPENSSL_free(ctx);
+        return 0;
+    }
+
+    BIO_set_data(bi, ctx);
+    BIO_set_init(bi, 1);
+
+    return 1;
+}
+
+static int b64_free(BIO *a)
+{
+    BIO_B64_CTX *ctx;
+    if (a == NULL)
+        return 0;
+
+    ctx = BIO_get_data(a);
+    if (ctx == NULL)
+        return 0;
+
+    EVP_ENCODE_CTX_free(ctx->base64);
+    OPENSSL_free(ctx);
+    BIO_set_data(a, NULL);
+    BIO_set_init(a, 0);
+
+    return 1;
+}
+
+static int b64_read(BIO *b, char *out, int outl)
+{
+    int ret = 0, i, ii, j, k, x, n, num, ret_code = 0;
+    BIO_B64_CTX *ctx;
+    unsigned char *p, *q;
+    BIO *next;
+
+    if (out == NULL)
+        return 0;
+    ctx = (BIO_B64_CTX *)BIO_get_data(b);
+
+    next = BIO_next(b);
+    if ((ctx == NULL) || (next == NULL))
+        return 0;
+
+    BIO_clear_retry_flags(b);
+
+    if (ctx->encode != B64_DECODE) {
+        ctx->encode = B64_DECODE;
+        ctx->buf_len = 0;
+        ctx->buf_off = 0;
+        ctx->tmp_len = 0;
+        EVP_DecodeInit(ctx->base64);
+    }
+
+    /* First check if there are bytes decoded/encoded */
+    if (ctx->buf_len > 0) {
+        OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
+        i = ctx->buf_len - ctx->buf_off;
+        if (i > outl)
+            i = outl;
+        OPENSSL_assert(ctx->buf_off + i < (int)sizeof(ctx->buf));
+        memcpy(out, &(ctx->buf[ctx->buf_off]), i);
+        ret = i;
+        out += i;
+        outl -= i;
+        ctx->buf_off += i;
+        if (ctx->buf_len == ctx->buf_off) {
+            ctx->buf_len = 0;
+            ctx->buf_off = 0;
+        }
+    }
+
+    /*
+     * At this point, we have room of outl bytes and an empty buffer, so we
+     * should read in some more.
+     */
+
+    ret_code = 0;
+    while (outl > 0) {
+        if (ctx->cont <= 0)
+            break;
+
+        i = BIO_read(next, &(ctx->tmp[ctx->tmp_len]),
+                     B64_BLOCK_SIZE - ctx->tmp_len);
+
+        if (i <= 0) {
+            ret_code = i;
+
+            /* Should we continue next time we are called? */
+            if (!BIO_should_retry(next)) {
+                ctx->cont = i;
+                /* If buffer empty break */
+                if (ctx->tmp_len == 0)
+                    break;
+                /* Fall through and process what we have */
+                else
+                    i = 0;
+            }
+            /* else we retry and add more data to buffer */
+            else
+                break;
+        }
+        i += ctx->tmp_len;
+        ctx->tmp_len = i;
+
+        /*
+         * We need to scan, a line at a time until we have a valid line if we
+         * are starting.
+         */
+        if (ctx->start && (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)) {
+            /* ctx->start=1; */
+            ctx->tmp_len = 0;
+        } else if (ctx->start) {
+            q = p = (unsigned char *)ctx->tmp;
+            num = 0;
+            for (j = 0; j < i; j++) {
+                if (*(q++) != '\n')
+                    continue;
+
+                /*
+                 * due to a previous very long line, we need to keep on
+                 * scanning for a '\n' before we even start looking for
+                 * base64 encoded stuff.
+                 */
+                if (ctx->tmp_nl) {
+                    p = q;
+                    ctx->tmp_nl = 0;
+                    continue;
+                }
+
+                k = EVP_DecodeUpdate(ctx->base64,
+                                     (unsigned char *)ctx->buf,
+                                     &num, p, q - p);
+                if ((k <= 0) && (num == 0) && (ctx->start))
+                    EVP_DecodeInit(ctx->base64);
+                else {
+                    if (p != (unsigned char *)
+                        &(ctx->tmp[0])) {
+                        i -= (p - (unsigned char *)
+                              &(ctx->tmp[0]));
+                        for (x = 0; x < i; x++)
+                            ctx->tmp[x] = p[x];
+                    }
+                    EVP_DecodeInit(ctx->base64);
+                    ctx->start = 0;
+                    break;
+                }
+                p = q;
+            }
+
+            /* we fell off the end without starting */
+            if ((j == i) && (num == 0)) {
+                /*
+                 * Is this is one long chunk?, if so, keep on reading until a
+                 * new line.
+                 */
+                if (p == (unsigned char *)&(ctx->tmp[0])) {
+                    /* Check buffer full */
+                    if (i == B64_BLOCK_SIZE) {
+                        ctx->tmp_nl = 1;
+                        ctx->tmp_len = 0;
+                    }
+                } else if (p != q) { /* finished on a '\n' */
+                    n = q - p;
+                    for (ii = 0; ii < n; ii++)
+                        ctx->tmp[ii] = p[ii];
+                    ctx->tmp_len = n;
+                }
+                /* else finished on a '\n' */
+                continue;
+            } else {
+                ctx->tmp_len = 0;
+            }
+        } else if ((i < B64_BLOCK_SIZE) && (ctx->cont > 0)) {
+            /*
+             * If buffer isn't full and we can retry then restart to read in
+             * more data.
+             */
+            continue;
+        }
+
+        if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) {
+            int z, jj;
+
+            jj = i & ~3;        /* process per 4 */
+            z = EVP_DecodeBlock((unsigned char *)ctx->buf,
+                                (unsigned char *)ctx->tmp, jj);
+            if (jj > 2) {
+                if (ctx->tmp[jj - 1] == '=') {
+                    z--;
+                    if (ctx->tmp[jj - 2] == '=')
+                        z--;
+                }
+            }
+            /*
+             * z is now number of output bytes and jj is the number consumed
+             */
+            if (jj != i) {
+                memmove(ctx->tmp, &ctx->tmp[jj], i - jj);
+                ctx->tmp_len = i - jj;
+            }
+            ctx->buf_len = 0;
+            if (z > 0) {
+                ctx->buf_len = z;
+            }
+            i = z;
+        } else {
+            i = EVP_DecodeUpdate(ctx->base64,
+                                 (unsigned char *)ctx->buf, &ctx->buf_len,
+                                 (unsigned char *)ctx->tmp, i);
+            ctx->tmp_len = 0;
+        }
+        /*
+         * If eof or an error was signalled, then the condition
+         * 'ctx->cont <= 0' will prevent b64_read() from reading
+         * more data on subsequent calls. This assignment was
+         * deleted accidentally in commit 5562cfaca4f3.
+         */
+        ctx->cont = i;
+
+        ctx->buf_off = 0;
+        if (i < 0) {
+            ret_code = 0;
+            ctx->buf_len = 0;
+            break;
+        }
+
+        if (ctx->buf_len <= outl)
+            i = ctx->buf_len;
+        else
+            i = outl;
+
+        memcpy(out, ctx->buf, i);
+        ret += i;
+        ctx->buf_off = i;
+        if (ctx->buf_off == ctx->buf_len) {
+            ctx->buf_len = 0;
+            ctx->buf_off = 0;
+        }
+        outl -= i;
+        out += i;
+    }
+    /* BIO_clear_retry_flags(b); */
+    BIO_copy_next_retry(b);
+    return ((ret == 0) ? ret_code : ret);
+}
+
+static int b64_write(BIO *b, const char *in, int inl)
+{
+    int ret = 0;
+    int n;
+    int i;
+    BIO_B64_CTX *ctx;
+    BIO *next;
+
+    ctx = (BIO_B64_CTX *)BIO_get_data(b);
+    next = BIO_next(b);
+    if ((ctx == NULL) || (next == NULL))
+        return 0;
+
+    BIO_clear_retry_flags(b);
+
+    if (ctx->encode != B64_ENCODE) {
+        ctx->encode = B64_ENCODE;
+        ctx->buf_len = 0;
+        ctx->buf_off = 0;
+        ctx->tmp_len = 0;
+        EVP_EncodeInit(ctx->base64);
+    }
+
+    OPENSSL_assert(ctx->buf_off < (int)sizeof(ctx->buf));
+    OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
+    OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
+    n = ctx->buf_len - ctx->buf_off;
+    while (n > 0) {
+        i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n);
+        if (i <= 0) {
+            BIO_copy_next_retry(b);
+            return i;
+        }
+        OPENSSL_assert(i <= n);
+        ctx->buf_off += i;
+        OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf));
+        OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
+        n -= i;
+    }
+    /* at this point all pending data has been written */
+    ctx->buf_off = 0;
+    ctx->buf_len = 0;
+
+    if ((in == NULL) || (inl <= 0))
+        return 0;
+
+    while (inl > 0) {
+        n = (inl > B64_BLOCK_SIZE) ? B64_BLOCK_SIZE : inl;
+
+        if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) {
+            if (ctx->tmp_len > 0) {
+                OPENSSL_assert(ctx->tmp_len <= 3);
+                n = 3 - ctx->tmp_len;
+                /*
+                 * There's a theoretical possibility for this
+                 */
+                if (n > inl)
+                    n = inl;
+                memcpy(&(ctx->tmp[ctx->tmp_len]), in, n);
+                ctx->tmp_len += n;
+                ret += n;
+                if (ctx->tmp_len < 3)
+                    break;
+                ctx->buf_len =
+                    EVP_EncodeBlock((unsigned char *)ctx->buf,
+                                    (unsigned char *)ctx->tmp, ctx->tmp_len);
+                OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
+                OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
+                /*
+                 * Since we're now done using the temporary buffer, the
+                 * length should be 0'd
+                 */
+                ctx->tmp_len = 0;
+            } else {
+                if (n < 3) {
+                    memcpy(ctx->tmp, in, n);
+                    ctx->tmp_len = n;
+                    ret += n;
+                    break;
+                }
+                n -= n % 3;
+                ctx->buf_len =
+                    EVP_EncodeBlock((unsigned char *)ctx->buf,
+                                    (const unsigned char *)in, n);
+                OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
+                OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
+                ret += n;
+            }
+        } else {
+            if (!EVP_EncodeUpdate(ctx->base64,
+                                 (unsigned char *)ctx->buf, &ctx->buf_len,
+                                 (unsigned char *)in, n))
+                return ((ret == 0) ? -1 : ret);
+            OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
+            OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
+            ret += n;
+        }
+        inl -= n;
+        in += n;
+
+        ctx->buf_off = 0;
+        n = ctx->buf_len;
+        while (n > 0) {
+            i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n);
+            if (i <= 0) {
+                BIO_copy_next_retry(b);
+                return ((ret == 0) ? i : ret);
+            }
+            OPENSSL_assert(i <= n);
+            n -= i;
+            ctx->buf_off += i;
+            OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf));
+            OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
+        }
+        ctx->buf_len = 0;
+        ctx->buf_off = 0;
+    }
+    return ret;
+}
+
+static long b64_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    BIO_B64_CTX *ctx;
+    long ret = 1;
+    int i;
+    BIO *next;
+
+    ctx = (BIO_B64_CTX *)BIO_get_data(b);
+    next = BIO_next(b);
+    if ((ctx == NULL) || (next == NULL))
+        return 0;
+
+    switch (cmd) {
+    case BIO_CTRL_RESET:
+        ctx->cont = 1;
+        ctx->start = 1;
+        ctx->encode = B64_NONE;
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    case BIO_CTRL_EOF:         /* More to read */
+        if (ctx->cont <= 0)
+            ret = 1;
+        else
+            ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    case BIO_CTRL_WPENDING:    /* More to write in buffer */
+        OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
+        ret = ctx->buf_len - ctx->buf_off;
+        if ((ret == 0) && (ctx->encode != B64_NONE)
+            && (EVP_ENCODE_CTX_num(ctx->base64) != 0))
+            ret = 1;
+        else if (ret <= 0)
+            ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    case BIO_CTRL_PENDING:     /* More to read in buffer */
+        OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
+        ret = ctx->buf_len - ctx->buf_off;
+        if (ret <= 0)
+            ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    case BIO_CTRL_FLUSH:
+        /* do a final write */
+ again:
+        while (ctx->buf_len != ctx->buf_off) {
+            i = b64_write(b, NULL, 0);
+            if (i < 0)
+                return i;
+        }
+        if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) {
+            if (ctx->tmp_len != 0) {
+                ctx->buf_len = EVP_EncodeBlock((unsigned char *)ctx->buf,
+                                               (unsigned char *)ctx->tmp,
+                                               ctx->tmp_len);
+                ctx->buf_off = 0;
+                ctx->tmp_len = 0;
+                goto again;
+            }
+        } else if (ctx->encode != B64_NONE
+                   && EVP_ENCODE_CTX_num(ctx->base64) != 0) {
+            ctx->buf_off = 0;
+            EVP_EncodeFinal(ctx->base64,
+                            (unsigned char *)ctx->buf, &(ctx->buf_len));
+            /* push out the bytes */
+            goto again;
+        }
+        /* Finally flush the underlying BIO */
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+
+    case BIO_C_DO_STATE_MACHINE:
+        BIO_clear_retry_flags(b);
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        BIO_copy_next_retry(b);
+        break;
+
+    case BIO_CTRL_DUP:
+        break;
+    case BIO_CTRL_INFO:
+    case BIO_CTRL_GET:
+    case BIO_CTRL_SET:
+    default:
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    }
+    return ret;
+}
+
+static long b64_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
+{
+    long ret = 1;
+    BIO *next = BIO_next(b);
+
+    if (next == NULL)
+        return 0;
+    switch (cmd) {
+    default:
+        ret = BIO_callback_ctrl(next, cmd, fp);
+        break;
+    }
+    return ret;
+}
+
+static int b64_puts(BIO *b, const char *str)
+{
+    return b64_write(b, str, strlen(str));
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/bio_enc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/bio_enc.c
new file mode 100644
index 000000000..6639061ea
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/bio_enc.c
@@ -0,0 +1,429 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
+#include "internal/bio.h"
+
+static int enc_write(BIO *h, const char *buf, int num);
+static int enc_read(BIO *h, char *buf, int size);
+static long enc_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int enc_new(BIO *h);
+static int enc_free(BIO *data);
+static long enc_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fps);
+#define ENC_BLOCK_SIZE  (1024*4)
+#define ENC_MIN_CHUNK   (256)
+#define BUF_OFFSET      (ENC_MIN_CHUNK + EVP_MAX_BLOCK_LENGTH)
+
+typedef struct enc_struct {
+    int buf_len;
+    int buf_off;
+    int cont;                   /* <= 0 when finished */
+    int finished;
+    int ok;                     /* bad decrypt */
+    EVP_CIPHER_CTX *cipher;
+    unsigned char *read_start, *read_end;
+    /*
+     * buf is larger than ENC_BLOCK_SIZE because EVP_DecryptUpdate can return
+     * up to a block more data than is presented to it
+     */
+    unsigned char buf[BUF_OFFSET + ENC_BLOCK_SIZE];
+} BIO_ENC_CTX;
+
+static const BIO_METHOD methods_enc = {
+    BIO_TYPE_CIPHER,
+    "cipher",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
+    enc_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
+    enc_read,
+    NULL,                       /* enc_puts, */
+    NULL,                       /* enc_gets, */
+    enc_ctrl,
+    enc_new,
+    enc_free,
+    enc_callback_ctrl,
+};
+
+const BIO_METHOD *BIO_f_cipher(void)
+{
+    return &methods_enc;
+}
+
+static int enc_new(BIO *bi)
+{
+    BIO_ENC_CTX *ctx;
+
+    if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
+        EVPerr(EVP_F_ENC_NEW, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    ctx->cipher = EVP_CIPHER_CTX_new();
+    if (ctx->cipher == NULL) {
+        OPENSSL_free(ctx);
+        return 0;
+    }
+    ctx->cont = 1;
+    ctx->ok = 1;
+    ctx->read_end = ctx->read_start = &(ctx->buf[BUF_OFFSET]);
+    BIO_set_data(bi, ctx);
+    BIO_set_init(bi, 1);
+
+    return 1;
+}
+
+static int enc_free(BIO *a)
+{
+    BIO_ENC_CTX *b;
+
+    if (a == NULL)
+        return 0;
+
+    b = BIO_get_data(a);
+    if (b == NULL)
+        return 0;
+
+    EVP_CIPHER_CTX_free(b->cipher);
+    OPENSSL_clear_free(b, sizeof(BIO_ENC_CTX));
+    BIO_set_data(a, NULL);
+    BIO_set_init(a, 0);
+
+    return 1;
+}
+
+static int enc_read(BIO *b, char *out, int outl)
+{
+    int ret = 0, i, blocksize;
+    BIO_ENC_CTX *ctx;
+    BIO *next;
+
+    if (out == NULL)
+        return 0;
+    ctx = BIO_get_data(b);
+
+    next = BIO_next(b);
+    if ((ctx == NULL) || (next == NULL))
+        return 0;
+
+    /* First check if there are bytes decoded/encoded */
+    if (ctx->buf_len > 0) {
+        i = ctx->buf_len - ctx->buf_off;
+        if (i > outl)
+            i = outl;
+        memcpy(out, &(ctx->buf[ctx->buf_off]), i);
+        ret = i;
+        out += i;
+        outl -= i;
+        ctx->buf_off += i;
+        if (ctx->buf_len == ctx->buf_off) {
+            ctx->buf_len = 0;
+            ctx->buf_off = 0;
+        }
+    }
+
+    blocksize = EVP_CIPHER_CTX_block_size(ctx->cipher);
+    if (blocksize == 1)
+        blocksize = 0;
+
+    /*
+     * At this point, we have room of outl bytes and an empty buffer, so we
+     * should read in some more.
+     */
+
+    while (outl > 0) {
+        if (ctx->cont <= 0)
+            break;
+
+        if (ctx->read_start == ctx->read_end) { /* time to read more data */
+            ctx->read_end = ctx->read_start = &(ctx->buf[BUF_OFFSET]);
+            i = BIO_read(next, ctx->read_start, ENC_BLOCK_SIZE);
+            if (i > 0)
+                ctx->read_end += i;
+        } else {
+            i = ctx->read_end - ctx->read_start;
+        }
+
+        if (i <= 0) {
+            /* Should be continue next time we are called? */
+            if (!BIO_should_retry(next)) {
+                ctx->cont = i;
+                i = EVP_CipherFinal_ex(ctx->cipher,
+                                       ctx->buf, &(ctx->buf_len));
+                ctx->ok = i;
+                ctx->buf_off = 0;
+            } else {
+                ret = (ret == 0) ? i : ret;
+                break;
+            }
+        } else {
+            if (outl > ENC_MIN_CHUNK) {
+                /*
+                 * Depending on flags block cipher decrypt can write
+                 * one extra block and then back off, i.e. output buffer
+                 * has to accommodate extra block...
+                 */
+                int j = outl - blocksize, buf_len;
+
+                if (!EVP_CipherUpdate(ctx->cipher,
+                                      (unsigned char *)out, &buf_len,
+                                      ctx->read_start, i > j ? j : i)) {
+                    BIO_clear_retry_flags(b);
+                    return 0;
+                }
+                ret += buf_len;
+                out += buf_len;
+                outl -= buf_len;
+
+                if ((i -= j) <= 0) {
+                    ctx->read_start = ctx->read_end;
+                    continue;
+                }
+                ctx->read_start += j;
+            }
+            if (i > ENC_MIN_CHUNK)
+                i = ENC_MIN_CHUNK;
+            if (!EVP_CipherUpdate(ctx->cipher,
+                                  ctx->buf, &ctx->buf_len,
+                                  ctx->read_start, i)) {
+                BIO_clear_retry_flags(b);
+                ctx->ok = 0;
+                return 0;
+            }
+            ctx->read_start += i;
+            ctx->cont = 1;
+            /*
+             * Note: it is possible for EVP_CipherUpdate to decrypt zero
+             * bytes because this is or looks like the final block: if this
+             * happens we should retry and either read more data or decrypt
+             * the final block
+             */
+            if (ctx->buf_len == 0)
+                continue;
+        }
+
+        if (ctx->buf_len <= outl)
+            i = ctx->buf_len;
+        else
+            i = outl;
+        if (i <= 0)
+            break;
+        memcpy(out, ctx->buf, i);
+        ret += i;
+        ctx->buf_off = i;
+        outl -= i;
+        out += i;
+    }
+
+    BIO_clear_retry_flags(b);
+    BIO_copy_next_retry(b);
+    return ((ret == 0) ? ctx->cont : ret);
+}
+
+static int enc_write(BIO *b, const char *in, int inl)
+{
+    int ret = 0, n, i;
+    BIO_ENC_CTX *ctx;
+    BIO *next;
+
+    ctx = BIO_get_data(b);
+    next = BIO_next(b);
+    if ((ctx == NULL) || (next == NULL))
+        return 0;
+
+    ret = inl;
+
+    BIO_clear_retry_flags(b);
+    n = ctx->buf_len - ctx->buf_off;
+    while (n > 0) {
+        i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n);
+        if (i <= 0) {
+            BIO_copy_next_retry(b);
+            return i;
+        }
+        ctx->buf_off += i;
+        n -= i;
+    }
+    /* at this point all pending data has been written */
+
+    if ((in == NULL) || (inl <= 0))
+        return 0;
+
+    ctx->buf_off = 0;
+    while (inl > 0) {
+        n = (inl > ENC_BLOCK_SIZE) ? ENC_BLOCK_SIZE : inl;
+        if (!EVP_CipherUpdate(ctx->cipher,
+                              ctx->buf, &ctx->buf_len,
+                              (const unsigned char *)in, n)) {
+            BIO_clear_retry_flags(b);
+            ctx->ok = 0;
+            return 0;
+        }
+        inl -= n;
+        in += n;
+
+        ctx->buf_off = 0;
+        n = ctx->buf_len;
+        while (n > 0) {
+            i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n);
+            if (i <= 0) {
+                BIO_copy_next_retry(b);
+                return (ret == inl) ? i : ret - inl;
+            }
+            n -= i;
+            ctx->buf_off += i;
+        }
+        ctx->buf_len = 0;
+        ctx->buf_off = 0;
+    }
+    BIO_copy_next_retry(b);
+    return ret;
+}
+
+static long enc_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    BIO *dbio;
+    BIO_ENC_CTX *ctx, *dctx;
+    long ret = 1;
+    int i;
+    EVP_CIPHER_CTX **c_ctx;
+    BIO *next;
+
+    ctx = BIO_get_data(b);
+    next = BIO_next(b);
+    if (ctx == NULL)
+        return 0;
+
+    switch (cmd) {
+    case BIO_CTRL_RESET:
+        ctx->ok = 1;
+        ctx->finished = 0;
+        if (!EVP_CipherInit_ex(ctx->cipher, NULL, NULL, NULL, NULL,
+                               EVP_CIPHER_CTX_encrypting(ctx->cipher)))
+            return 0;
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    case BIO_CTRL_EOF:         /* More to read */
+        if (ctx->cont <= 0)
+            ret = 1;
+        else
+            ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    case BIO_CTRL_WPENDING:
+        ret = ctx->buf_len - ctx->buf_off;
+        if (ret <= 0)
+            ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    case BIO_CTRL_PENDING:     /* More to read in buffer */
+        ret = ctx->buf_len - ctx->buf_off;
+        if (ret <= 0)
+            ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    case BIO_CTRL_FLUSH:
+        /* do a final write */
+ again:
+        while (ctx->buf_len != ctx->buf_off) {
+            i = enc_write(b, NULL, 0);
+            if (i < 0)
+                return i;
+        }
+
+        if (!ctx->finished) {
+            ctx->finished = 1;
+            ctx->buf_off = 0;
+            ret = EVP_CipherFinal_ex(ctx->cipher,
+                                     (unsigned char *)ctx->buf,
+                                     &(ctx->buf_len));
+            ctx->ok = (int)ret;
+            if (ret <= 0)
+                break;
+
+            /* push out the bytes */
+            goto again;
+        }
+
+        /* Finally flush the underlying BIO */
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    case BIO_C_GET_CIPHER_STATUS:
+        ret = (long)ctx->ok;
+        break;
+    case BIO_C_DO_STATE_MACHINE:
+        BIO_clear_retry_flags(b);
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        BIO_copy_next_retry(b);
+        break;
+    case BIO_C_GET_CIPHER_CTX:
+        c_ctx = (EVP_CIPHER_CTX **)ptr;
+        *c_ctx = ctx->cipher;
+        BIO_set_init(b, 1);
+        break;
+    case BIO_CTRL_DUP:
+        dbio = (BIO *)ptr;
+        dctx = BIO_get_data(dbio);
+        dctx->cipher = EVP_CIPHER_CTX_new();
+        if (dctx->cipher == NULL)
+            return 0;
+        ret = EVP_CIPHER_CTX_copy(dctx->cipher, ctx->cipher);
+        if (ret)
+            BIO_set_init(dbio, 1);
+        break;
+    default:
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    }
+    return ret;
+}
+
+static long enc_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
+{
+    long ret = 1;
+    BIO *next = BIO_next(b);
+
+    if (next == NULL)
+        return 0;
+    switch (cmd) {
+    default:
+        ret = BIO_callback_ctrl(next, cmd, fp);
+        break;
+    }
+    return ret;
+}
+
+int BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k,
+                   const unsigned char *i, int e)
+{
+    BIO_ENC_CTX *ctx;
+    long (*callback) (struct bio_st *, int, const char *, int, long, long);
+
+    ctx = BIO_get_data(b);
+    if (ctx == NULL)
+        return 0;
+
+    callback = BIO_get_callback(b);
+
+    if ((callback != NULL) &&
+            (callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e,
+                      0L) <= 0))
+        return 0;
+
+    BIO_set_init(b, 1);
+
+    if (!EVP_CipherInit_ex(ctx->cipher, c, NULL, k, i, e))
+        return 0;
+
+    if (callback != NULL)
+        return callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, 1L);
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/bio_md.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/bio_md.c
new file mode 100644
index 000000000..288dee01b
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/bio_md.c
@@ -0,0 +1,233 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
+#include "internal/evp_int.h"
+#include "evp_locl.h"
+#include "internal/bio.h"
+
+/*
+ * BIO_put and BIO_get both add to the digest, BIO_gets returns the digest
+ */
+
+static int md_write(BIO *h, char const *buf, int num);
+static int md_read(BIO *h, char *buf, int size);
+static int md_gets(BIO *h, char *str, int size);
+static long md_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int md_new(BIO *h);
+static int md_free(BIO *data);
+static long md_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
+
+static const BIO_METHOD methods_md = {
+    BIO_TYPE_MD,
+    "message digest",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
+    md_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
+    md_read,
+    NULL,                       /* md_puts, */
+    md_gets,
+    md_ctrl,
+    md_new,
+    md_free,
+    md_callback_ctrl,
+};
+
+const BIO_METHOD *BIO_f_md(void)
+{
+    return &methods_md;
+}
+
+static int md_new(BIO *bi)
+{
+    EVP_MD_CTX *ctx;
+
+    ctx = EVP_MD_CTX_new();
+    if (ctx == NULL)
+        return 0;
+
+    BIO_set_init(bi, 1);
+    BIO_set_data(bi, ctx);
+
+    return 1;
+}
+
+static int md_free(BIO *a)
+{
+    if (a == NULL)
+        return 0;
+    EVP_MD_CTX_free(BIO_get_data(a));
+    BIO_set_data(a, NULL);
+    BIO_set_init(a, 0);
+
+    return 1;
+}
+
+static int md_read(BIO *b, char *out, int outl)
+{
+    int ret = 0;
+    EVP_MD_CTX *ctx;
+    BIO *next;
+
+    if (out == NULL)
+        return 0;
+
+    ctx = BIO_get_data(b);
+    next = BIO_next(b);
+
+    if ((ctx == NULL) || (next == NULL))
+        return 0;
+
+    ret = BIO_read(next, out, outl);
+    if (BIO_get_init(b)) {
+        if (ret > 0) {
+            if (EVP_DigestUpdate(ctx, (unsigned char *)out,
+                                 (unsigned int)ret) <= 0)
+                return -1;
+        }
+    }
+    BIO_clear_retry_flags(b);
+    BIO_copy_next_retry(b);
+    return ret;
+}
+
+static int md_write(BIO *b, const char *in, int inl)
+{
+    int ret = 0;
+    EVP_MD_CTX *ctx;
+    BIO *next;
+
+    if ((in == NULL) || (inl <= 0))
+        return 0;
+
+    ctx = BIO_get_data(b);
+    next = BIO_next(b);
+    if ((ctx != NULL) && (next != NULL))
+        ret = BIO_write(next, in, inl);
+
+    if (BIO_get_init(b)) {
+        if (ret > 0) {
+            if (!EVP_DigestUpdate(ctx, (const unsigned char *)in,
+                                  (unsigned int)ret)) {
+                BIO_clear_retry_flags(b);
+                return 0;
+            }
+        }
+    }
+    if (next != NULL) {
+        BIO_clear_retry_flags(b);
+        BIO_copy_next_retry(b);
+    }
+    return ret;
+}
+
+static long md_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    EVP_MD_CTX *ctx, *dctx, **pctx;
+    const EVP_MD **ppmd;
+    EVP_MD *md;
+    long ret = 1;
+    BIO *dbio, *next;
+
+
+    ctx = BIO_get_data(b);
+    next = BIO_next(b);
+
+    switch (cmd) {
+    case BIO_CTRL_RESET:
+        if (BIO_get_init(b))
+            ret = EVP_DigestInit_ex(ctx, ctx->digest, NULL);
+        else
+            ret = 0;
+        if (ret > 0)
+            ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    case BIO_C_GET_MD:
+        if (BIO_get_init(b)) {
+            ppmd = ptr;
+            *ppmd = ctx->digest;
+        } else
+            ret = 0;
+        break;
+    case BIO_C_GET_MD_CTX:
+        pctx = ptr;
+        *pctx = ctx;
+        BIO_set_init(b, 1);
+        break;
+    case BIO_C_SET_MD_CTX:
+        if (BIO_get_init(b))
+            BIO_set_data(b, ptr);
+        else
+            ret = 0;
+        break;
+    case BIO_C_DO_STATE_MACHINE:
+        BIO_clear_retry_flags(b);
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        BIO_copy_next_retry(b);
+        break;
+
+    case BIO_C_SET_MD:
+        md = ptr;
+        ret = EVP_DigestInit_ex(ctx, md, NULL);
+        if (ret > 0)
+            BIO_set_init(b, 1);
+        break;
+    case BIO_CTRL_DUP:
+        dbio = ptr;
+        dctx = BIO_get_data(dbio);
+        if (!EVP_MD_CTX_copy_ex(dctx, ctx))
+            return 0;
+        BIO_set_init(b, 1);
+        break;
+    default:
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    }
+    return ret;
+}
+
+static long md_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
+{
+    long ret = 1;
+    BIO *next;
+
+    next = BIO_next(b);
+
+    if (next == NULL)
+        return 0;
+
+    switch (cmd) {
+    default:
+        ret = BIO_callback_ctrl(next, cmd, fp);
+        break;
+    }
+    return ret;
+}
+
+static int md_gets(BIO *bp, char *buf, int size)
+{
+    EVP_MD_CTX *ctx;
+    unsigned int ret;
+
+    ctx = BIO_get_data(bp);
+
+    if (size < ctx->digest->md_size)
+        return 0;
+
+    if (EVP_DigestFinal_ex(ctx, (unsigned char *)buf, &ret) <= 0)
+        return -1;
+
+    return (int)ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/bio_ok.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/bio_ok.c
new file mode 100644
index 000000000..a0462219b
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/bio_ok.c
@@ -0,0 +1,610 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*-
+        From: Arne Ansper
+
+        Why BIO_f_reliable?
+
+        I wrote function which took BIO* as argument, read data from it
+        and processed it. Then I wanted to store the input file in
+        encrypted form. OK I pushed BIO_f_cipher to the BIO stack
+        and everything was OK. BUT if user types wrong password
+        BIO_f_cipher outputs only garbage and my function crashes. Yes
+        I can and I should fix my function, but BIO_f_cipher is
+        easy way to add encryption support to many existing applications
+        and it's hard to debug and fix them all.
+
+        So I wanted another BIO which would catch the incorrect passwords and
+        file damages which cause garbage on BIO_f_cipher's output.
+
+        The easy way is to push the BIO_f_md and save the checksum at
+        the end of the file. However there are several problems with this
+        approach:
+
+        1) you must somehow separate checksum from actual data.
+        2) you need lot's of memory when reading the file, because you
+        must read to the end of the file and verify the checksum before
+        letting the application to read the data.
+
+        BIO_f_reliable tries to solve both problems, so that you can
+        read and write arbitrary long streams using only fixed amount
+        of memory.
+
+        BIO_f_reliable splits data stream into blocks. Each block is prefixed
+        with it's length and suffixed with it's digest. So you need only
+        several Kbytes of memory to buffer single block before verifying
+        it's digest.
+
+        BIO_f_reliable goes further and adds several important capabilities:
+
+        1) the digest of the block is computed over the whole stream
+        -- so nobody can rearrange the blocks or remove or replace them.
+
+        2) to detect invalid passwords right at the start BIO_f_reliable
+        adds special prefix to the stream. In order to avoid known plain-text
+        attacks this prefix is generated as follows:
+
+                *) digest is initialized with random seed instead of
+                standardized one.
+                *) same seed is written to output
+                *) well-known text is then hashed and the output
+                of the digest is also written to output.
+
+        reader can now read the seed from stream, hash the same string
+        and then compare the digest output.
+
+        Bad things: BIO_f_reliable knows what's going on in EVP_Digest. I
+        initially wrote and tested this code on x86 machine and wrote the
+        digests out in machine-dependent order :( There are people using
+        this code and I cannot change this easily without making existing
+        data files unreadable.
+
+*/
+
+#include <stdio.h>
+#include <errno.h>
+#include <assert.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include "internal/bio.h"
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include "internal/evp_int.h"
+
+static int ok_write(BIO *h, const char *buf, int num);
+static int ok_read(BIO *h, char *buf, int size);
+static long ok_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int ok_new(BIO *h);
+static int ok_free(BIO *data);
+static long ok_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
+
+static __owur int sig_out(BIO *b);
+static __owur int sig_in(BIO *b);
+static __owur int block_out(BIO *b);
+static __owur int block_in(BIO *b);
+#define OK_BLOCK_SIZE   (1024*4)
+#define OK_BLOCK_BLOCK  4
+#define IOBS            (OK_BLOCK_SIZE+ OK_BLOCK_BLOCK+ 3*EVP_MAX_MD_SIZE)
+#define WELLKNOWN "The quick brown fox jumped over the lazy dog's back."
+
+typedef struct ok_struct {
+    size_t buf_len;
+    size_t buf_off;
+    size_t buf_len_save;
+    size_t buf_off_save;
+    int cont;                   /* <= 0 when finished */
+    int finished;
+    EVP_MD_CTX *md;
+    int blockout;               /* output block is ready */
+    int sigio;                  /* must process signature */
+    unsigned char buf[IOBS];
+} BIO_OK_CTX;
+
+static const BIO_METHOD methods_ok = {
+    BIO_TYPE_CIPHER,
+    "reliable",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
+    ok_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
+    ok_read,
+    NULL,                       /* ok_puts, */
+    NULL,                       /* ok_gets, */
+    ok_ctrl,
+    ok_new,
+    ok_free,
+    ok_callback_ctrl,
+};
+
+const BIO_METHOD *BIO_f_reliable(void)
+{
+    return &methods_ok;
+}
+
+static int ok_new(BIO *bi)
+{
+    BIO_OK_CTX *ctx;
+
+    if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
+        EVPerr(EVP_F_OK_NEW, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    ctx->cont = 1;
+    ctx->sigio = 1;
+    ctx->md = EVP_MD_CTX_new();
+    if (ctx->md == NULL) {
+        OPENSSL_free(ctx);
+        return 0;
+    }
+    BIO_set_init(bi, 0);
+    BIO_set_data(bi, ctx);
+
+    return 1;
+}
+
+static int ok_free(BIO *a)
+{
+    BIO_OK_CTX *ctx;
+
+    if (a == NULL)
+        return 0;
+
+    ctx = BIO_get_data(a);
+
+    EVP_MD_CTX_free(ctx->md);
+    OPENSSL_clear_free(ctx, sizeof(BIO_OK_CTX));
+    BIO_set_data(a, NULL);
+    BIO_set_init(a, 0);
+
+    return 1;
+}
+
+static int ok_read(BIO *b, char *out, int outl)
+{
+    int ret = 0, i, n;
+    BIO_OK_CTX *ctx;
+    BIO *next;
+
+    if (out == NULL)
+        return 0;
+
+    ctx = BIO_get_data(b);
+    next = BIO_next(b);
+
+    if ((ctx == NULL) || (next == NULL) || (BIO_get_init(b) == 0))
+        return 0;
+
+    while (outl > 0) {
+
+        /* copy clean bytes to output buffer */
+        if (ctx->blockout) {
+            i = ctx->buf_len - ctx->buf_off;
+            if (i > outl)
+                i = outl;
+            memcpy(out, &(ctx->buf[ctx->buf_off]), i);
+            ret += i;
+            out += i;
+            outl -= i;
+            ctx->buf_off += i;
+
+            /* all clean bytes are out */
+            if (ctx->buf_len == ctx->buf_off) {
+                ctx->buf_off = 0;
+
+                /*
+                 * copy start of the next block into proper place
+                 */
+                if (ctx->buf_len_save - ctx->buf_off_save > 0) {
+                    ctx->buf_len = ctx->buf_len_save - ctx->buf_off_save;
+                    memmove(ctx->buf, &(ctx->buf[ctx->buf_off_save]),
+                            ctx->buf_len);
+                } else {
+                    ctx->buf_len = 0;
+                }
+                ctx->blockout = 0;
+            }
+        }
+
+        /* output buffer full -- cancel */
+        if (outl == 0)
+            break;
+
+        /* no clean bytes in buffer -- fill it */
+        n = IOBS - ctx->buf_len;
+        i = BIO_read(next, &(ctx->buf[ctx->buf_len]), n);
+
+        if (i <= 0)
+            break;              /* nothing new */
+
+        ctx->buf_len += i;
+
+        /* no signature yet -- check if we got one */
+        if (ctx->sigio == 1) {
+            if (!sig_in(b)) {
+                BIO_clear_retry_flags(b);
+                return 0;
+            }
+        }
+
+        /* signature ok -- check if we got block */
+        if (ctx->sigio == 0) {
+            if (!block_in(b)) {
+                BIO_clear_retry_flags(b);
+                return 0;
+            }
+        }
+
+        /* invalid block -- cancel */
+        if (ctx->cont <= 0)
+            break;
+
+    }
+
+    BIO_clear_retry_flags(b);
+    BIO_copy_next_retry(b);
+    return ret;
+}
+
+static int ok_write(BIO *b, const char *in, int inl)
+{
+    int ret = 0, n, i;
+    BIO_OK_CTX *ctx;
+    BIO *next;
+
+    if (inl <= 0)
+        return inl;
+
+    ctx = BIO_get_data(b);
+    next = BIO_next(b);
+    ret = inl;
+
+    if ((ctx == NULL) || (next == NULL) || (BIO_get_init(b) == 0))
+        return 0;
+
+    if (ctx->sigio && !sig_out(b))
+        return 0;
+
+    do {
+        BIO_clear_retry_flags(b);
+        n = ctx->buf_len - ctx->buf_off;
+        while (ctx->blockout && n > 0) {
+            i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n);
+            if (i <= 0) {
+                BIO_copy_next_retry(b);
+                if (!BIO_should_retry(b))
+                    ctx->cont = 0;
+                return i;
+            }
+            ctx->buf_off += i;
+            n -= i;
+        }
+
+        /* at this point all pending data has been written */
+        ctx->blockout = 0;
+        if (ctx->buf_len == ctx->buf_off) {
+            ctx->buf_len = OK_BLOCK_BLOCK;
+            ctx->buf_off = 0;
+        }
+
+        if ((in == NULL) || (inl <= 0))
+            return 0;
+
+        n = (inl + ctx->buf_len > OK_BLOCK_SIZE + OK_BLOCK_BLOCK) ?
+            (int)(OK_BLOCK_SIZE + OK_BLOCK_BLOCK - ctx->buf_len) : inl;
+
+        memcpy(&ctx->buf[ctx->buf_len], in, n);
+        ctx->buf_len += n;
+        inl -= n;
+        in += n;
+
+        if (ctx->buf_len >= OK_BLOCK_SIZE + OK_BLOCK_BLOCK) {
+            if (!block_out(b)) {
+                BIO_clear_retry_flags(b);
+                return 0;
+            }
+        }
+    } while (inl > 0);
+
+    BIO_clear_retry_flags(b);
+    BIO_copy_next_retry(b);
+    return ret;
+}
+
+static long ok_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    BIO_OK_CTX *ctx;
+    EVP_MD *md;
+    const EVP_MD **ppmd;
+    long ret = 1;
+    int i;
+    BIO *next;
+
+    ctx = BIO_get_data(b);
+    next = BIO_next(b);
+
+    switch (cmd) {
+    case BIO_CTRL_RESET:
+        ctx->buf_len = 0;
+        ctx->buf_off = 0;
+        ctx->buf_len_save = 0;
+        ctx->buf_off_save = 0;
+        ctx->cont = 1;
+        ctx->finished = 0;
+        ctx->blockout = 0;
+        ctx->sigio = 1;
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    case BIO_CTRL_EOF:         /* More to read */
+        if (ctx->cont <= 0)
+            ret = 1;
+        else
+            ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    case BIO_CTRL_PENDING:     /* More to read in buffer */
+    case BIO_CTRL_WPENDING:    /* More to read in buffer */
+        ret = ctx->blockout ? ctx->buf_len - ctx->buf_off : 0;
+        if (ret <= 0)
+            ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    case BIO_CTRL_FLUSH:
+        /* do a final write */
+        if (ctx->blockout == 0)
+            if (!block_out(b))
+                return 0;
+
+        while (ctx->blockout) {
+            i = ok_write(b, NULL, 0);
+            if (i < 0) {
+                ret = i;
+                break;
+            }
+        }
+
+        ctx->finished = 1;
+        ctx->buf_off = ctx->buf_len = 0;
+        ctx->cont = (int)ret;
+
+        /* Finally flush the underlying BIO */
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    case BIO_C_DO_STATE_MACHINE:
+        BIO_clear_retry_flags(b);
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        BIO_copy_next_retry(b);
+        break;
+    case BIO_CTRL_INFO:
+        ret = (long)ctx->cont;
+        break;
+    case BIO_C_SET_MD:
+        md = ptr;
+        if (!EVP_DigestInit_ex(ctx->md, md, NULL))
+            return 0;
+        BIO_set_init(b, 1);
+        break;
+    case BIO_C_GET_MD:
+        if (BIO_get_init(b)) {
+            ppmd = ptr;
+            *ppmd = EVP_MD_CTX_md(ctx->md);
+        } else
+            ret = 0;
+        break;
+    default:
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    }
+    return ret;
+}
+
+static long ok_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
+{
+    long ret = 1;
+    BIO *next;
+
+    next = BIO_next(b);
+
+    if (next == NULL)
+        return 0;
+
+    switch (cmd) {
+    default:
+        ret = BIO_callback_ctrl(next, cmd, fp);
+        break;
+    }
+
+    return ret;
+}
+
+static void longswap(void *_ptr, size_t len)
+{
+    const union {
+        long one;
+        char little;
+    } is_endian = {
+        1
+    };
+
+    if (is_endian.little) {
+        size_t i;
+        unsigned char *p = _ptr, c;
+
+        for (i = 0; i < len; i += 4) {
+            c = p[0], p[0] = p[3], p[3] = c;
+            c = p[1], p[1] = p[2], p[2] = c;
+        }
+    }
+}
+
+static int sig_out(BIO *b)
+{
+    BIO_OK_CTX *ctx;
+    EVP_MD_CTX *md;
+    const EVP_MD *digest;
+    int md_size;
+    void *md_data;
+
+    ctx = BIO_get_data(b);
+    md = ctx->md;
+    digest = EVP_MD_CTX_md(md);
+    md_size = EVP_MD_size(digest);
+    md_data = EVP_MD_CTX_md_data(md);
+
+    if (ctx->buf_len + 2 * md_size > OK_BLOCK_SIZE)
+        return 1;
+
+    if (!EVP_DigestInit_ex(md, digest, NULL))
+        goto berr;
+    /*
+     * FIXME: there's absolutely no guarantee this makes any sense at all,
+     * particularly now EVP_MD_CTX has been restructured.
+     */
+    if (RAND_bytes(md_data, md_size) <= 0)
+        goto berr;
+    memcpy(&(ctx->buf[ctx->buf_len]), md_data, md_size);
+    longswap(&(ctx->buf[ctx->buf_len]), md_size);
+    ctx->buf_len += md_size;
+
+    if (!EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN)))
+        goto berr;
+    if (!EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL))
+        goto berr;
+    ctx->buf_len += md_size;
+    ctx->blockout = 1;
+    ctx->sigio = 0;
+    return 1;
+ berr:
+    BIO_clear_retry_flags(b);
+    return 0;
+}
+
+static int sig_in(BIO *b)
+{
+    BIO_OK_CTX *ctx;
+    EVP_MD_CTX *md;
+    unsigned char tmp[EVP_MAX_MD_SIZE];
+    int ret = 0;
+    const EVP_MD *digest;
+    int md_size;
+    void *md_data;
+
+    ctx = BIO_get_data(b);
+    md = ctx->md;
+    digest = EVP_MD_CTX_md(md);
+    md_size = EVP_MD_size(digest);
+    md_data = EVP_MD_CTX_md_data(md);
+
+    if ((int)(ctx->buf_len - ctx->buf_off) < 2 * md_size)
+        return 1;
+
+    if (!EVP_DigestInit_ex(md, digest, NULL))
+        goto berr;
+    memcpy(md_data, &(ctx->buf[ctx->buf_off]), md_size);
+    longswap(md_data, md_size);
+    ctx->buf_off += md_size;
+
+    if (!EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN)))
+        goto berr;
+    if (!EVP_DigestFinal_ex(md, tmp, NULL))
+        goto berr;
+    ret = memcmp(&(ctx->buf[ctx->buf_off]), tmp, md_size) == 0;
+    ctx->buf_off += md_size;
+    if (ret == 1) {
+        ctx->sigio = 0;
+        if (ctx->buf_len != ctx->buf_off) {
+            memmove(ctx->buf, &(ctx->buf[ctx->buf_off]),
+                    ctx->buf_len - ctx->buf_off);
+        }
+        ctx->buf_len -= ctx->buf_off;
+        ctx->buf_off = 0;
+    } else {
+        ctx->cont = 0;
+    }
+    return 1;
+ berr:
+    BIO_clear_retry_flags(b);
+    return 0;
+}
+
+static int block_out(BIO *b)
+{
+    BIO_OK_CTX *ctx;
+    EVP_MD_CTX *md;
+    unsigned long tl;
+    const EVP_MD *digest;
+    int md_size;
+
+    ctx = BIO_get_data(b);
+    md = ctx->md;
+    digest = EVP_MD_CTX_md(md);
+    md_size = EVP_MD_size(digest);
+
+    tl = ctx->buf_len - OK_BLOCK_BLOCK;
+    ctx->buf[0] = (unsigned char)(tl >> 24);
+    ctx->buf[1] = (unsigned char)(tl >> 16);
+    ctx->buf[2] = (unsigned char)(tl >> 8);
+    ctx->buf[3] = (unsigned char)(tl);
+    if (!EVP_DigestUpdate(md,
+                          (unsigned char *)&(ctx->buf[OK_BLOCK_BLOCK]), tl))
+        goto berr;
+    if (!EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL))
+        goto berr;
+    ctx->buf_len += md_size;
+    ctx->blockout = 1;
+    return 1;
+ berr:
+    BIO_clear_retry_flags(b);
+    return 0;
+}
+
+static int block_in(BIO *b)
+{
+    BIO_OK_CTX *ctx;
+    EVP_MD_CTX *md;
+    unsigned long tl = 0;
+    unsigned char tmp[EVP_MAX_MD_SIZE];
+    int md_size;
+
+    ctx = BIO_get_data(b);
+    md = ctx->md;
+    md_size = EVP_MD_size(EVP_MD_CTX_md(md));
+
+    assert(sizeof(tl) >= OK_BLOCK_BLOCK); /* always true */
+    tl = ctx->buf[0];
+    tl <<= 8;
+    tl |= ctx->buf[1];
+    tl <<= 8;
+    tl |= ctx->buf[2];
+    tl <<= 8;
+    tl |= ctx->buf[3];
+
+    if (ctx->buf_len < tl + OK_BLOCK_BLOCK + md_size)
+        return 1;
+
+    if (!EVP_DigestUpdate(md,
+                          (unsigned char *)&(ctx->buf[OK_BLOCK_BLOCK]), tl))
+        goto berr;
+    if (!EVP_DigestFinal_ex(md, tmp, NULL))
+        goto berr;
+    if (memcmp(&(ctx->buf[tl + OK_BLOCK_BLOCK]), tmp, md_size) == 0) {
+        /* there might be parts from next block lurking around ! */
+        ctx->buf_off_save = tl + OK_BLOCK_BLOCK + md_size;
+        ctx->buf_len_save = ctx->buf_len;
+        ctx->buf_off = OK_BLOCK_BLOCK;
+        ctx->buf_len = tl + OK_BLOCK_BLOCK;
+        ctx->blockout = 1;
+    } else {
+        ctx->cont = 0;
+    }
+    return 1;
+ berr:
+    BIO_clear_retry_flags(b);
+    return 0;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/build.info
new file mode 100644
index 000000000..cc33ac3c4
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/build.info
@@ -0,0 +1,25 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        encode.c digest.c evp_enc.c evp_key.c evp_cnf.c \
+        e_des.c e_bf.c e_idea.c e_des3.c e_camellia.c\
+        e_rc4.c e_aes.c names.c e_seed.c e_aria.c e_sm4.c \
+        e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \
+        m_null.c m_md2.c m_md4.c m_md5.c m_sha1.c m_wp.c \
+        m_md5_sha1.c m_mdc2.c m_ripemd.c m_sha3.c \
+        p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \
+        bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
+        c_allc.c c_alld.c evp_lib.c bio_ok.c \
+        evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c pbe_scrypt.c \
+        e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \
+        e_aes_cbc_hmac_sha1.c e_aes_cbc_hmac_sha256.c e_rc4_hmac_md5.c \
+        e_chacha20_poly1305.c cmeth_lib.c
+
+INCLUDE[e_aes.o]=.. ../modes
+INCLUDE[e_aes_cbc_hmac_sha1.o]=../modes
+INCLUDE[e_aes_cbc_hmac_sha256.o]=../modes
+INCLUDE[e_aria.o]=.. ../modes
+INCLUDE[e_camellia.o]=.. ../modes
+INCLUDE[e_sm4.o]=.. ../modes
+INCLUDE[e_des.o]=..
+INCLUDE[e_des3.o]=..
+INCLUDE[m_sha3.o]=..
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/c_allc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/c_allc.c
new file mode 100644
index 000000000..086b3c4d5
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/c_allc.c
@@ -0,0 +1,266 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include "internal/evp_int.h"
+#include <openssl/pkcs12.h>
+#include <openssl/objects.h>
+
+void openssl_add_all_ciphers_int(void)
+{
+
+#ifndef OPENSSL_NO_DES
+    EVP_add_cipher(EVP_des_cfb());
+    EVP_add_cipher(EVP_des_cfb1());
+    EVP_add_cipher(EVP_des_cfb8());
+    EVP_add_cipher(EVP_des_ede_cfb());
+    EVP_add_cipher(EVP_des_ede3_cfb());
+    EVP_add_cipher(EVP_des_ede3_cfb1());
+    EVP_add_cipher(EVP_des_ede3_cfb8());
+
+    EVP_add_cipher(EVP_des_ofb());
+    EVP_add_cipher(EVP_des_ede_ofb());
+    EVP_add_cipher(EVP_des_ede3_ofb());
+
+    EVP_add_cipher(EVP_desx_cbc());
+    EVP_add_cipher_alias(SN_desx_cbc, "DESX");
+    EVP_add_cipher_alias(SN_desx_cbc, "desx");
+
+    EVP_add_cipher(EVP_des_cbc());
+    EVP_add_cipher_alias(SN_des_cbc, "DES");
+    EVP_add_cipher_alias(SN_des_cbc, "des");
+    EVP_add_cipher(EVP_des_ede_cbc());
+    EVP_add_cipher(EVP_des_ede3_cbc());
+    EVP_add_cipher_alias(SN_des_ede3_cbc, "DES3");
+    EVP_add_cipher_alias(SN_des_ede3_cbc, "des3");
+
+    EVP_add_cipher(EVP_des_ecb());
+    EVP_add_cipher(EVP_des_ede());
+    EVP_add_cipher_alias(SN_des_ede_ecb, "DES-EDE-ECB");
+    EVP_add_cipher_alias(SN_des_ede_ecb, "des-ede-ecb");
+    EVP_add_cipher(EVP_des_ede3());
+    EVP_add_cipher_alias(SN_des_ede3_ecb, "DES-EDE3-ECB");
+    EVP_add_cipher_alias(SN_des_ede3_ecb, "des-ede3-ecb");
+    EVP_add_cipher(EVP_des_ede3_wrap());
+    EVP_add_cipher_alias(SN_id_smime_alg_CMS3DESwrap, "des3-wrap");
+#endif
+
+#ifndef OPENSSL_NO_RC4
+    EVP_add_cipher(EVP_rc4());
+    EVP_add_cipher(EVP_rc4_40());
+# ifndef OPENSSL_NO_MD5
+    EVP_add_cipher(EVP_rc4_hmac_md5());
+# endif
+#endif
+
+#ifndef OPENSSL_NO_IDEA
+    EVP_add_cipher(EVP_idea_ecb());
+    EVP_add_cipher(EVP_idea_cfb());
+    EVP_add_cipher(EVP_idea_ofb());
+    EVP_add_cipher(EVP_idea_cbc());
+    EVP_add_cipher_alias(SN_idea_cbc, "IDEA");
+    EVP_add_cipher_alias(SN_idea_cbc, "idea");
+#endif
+
+#ifndef OPENSSL_NO_SEED
+    EVP_add_cipher(EVP_seed_ecb());
+    EVP_add_cipher(EVP_seed_cfb());
+    EVP_add_cipher(EVP_seed_ofb());
+    EVP_add_cipher(EVP_seed_cbc());
+    EVP_add_cipher_alias(SN_seed_cbc, "SEED");
+    EVP_add_cipher_alias(SN_seed_cbc, "seed");
+#endif
+
+#ifndef OPENSSL_NO_SM4
+    EVP_add_cipher(EVP_sm4_ecb());
+    EVP_add_cipher(EVP_sm4_cbc());
+    EVP_add_cipher(EVP_sm4_cfb());
+    EVP_add_cipher(EVP_sm4_ofb());
+    EVP_add_cipher(EVP_sm4_ctr());
+    EVP_add_cipher_alias(SN_sm4_cbc, "SM4");
+    EVP_add_cipher_alias(SN_sm4_cbc, "sm4");
+#endif
+
+#ifndef OPENSSL_NO_RC2
+    EVP_add_cipher(EVP_rc2_ecb());
+    EVP_add_cipher(EVP_rc2_cfb());
+    EVP_add_cipher(EVP_rc2_ofb());
+    EVP_add_cipher(EVP_rc2_cbc());
+    EVP_add_cipher(EVP_rc2_40_cbc());
+    EVP_add_cipher(EVP_rc2_64_cbc());
+    EVP_add_cipher_alias(SN_rc2_cbc, "RC2");
+    EVP_add_cipher_alias(SN_rc2_cbc, "rc2");
+    EVP_add_cipher_alias(SN_rc2_cbc, "rc2-128");
+    EVP_add_cipher_alias(SN_rc2_64_cbc, "rc2-64");
+    EVP_add_cipher_alias(SN_rc2_40_cbc, "rc2-40");
+#endif
+
+#ifndef OPENSSL_NO_BF
+    EVP_add_cipher(EVP_bf_ecb());
+    EVP_add_cipher(EVP_bf_cfb());
+    EVP_add_cipher(EVP_bf_ofb());
+    EVP_add_cipher(EVP_bf_cbc());
+    EVP_add_cipher_alias(SN_bf_cbc, "BF");
+    EVP_add_cipher_alias(SN_bf_cbc, "bf");
+    EVP_add_cipher_alias(SN_bf_cbc, "blowfish");
+#endif
+
+#ifndef OPENSSL_NO_CAST
+    EVP_add_cipher(EVP_cast5_ecb());
+    EVP_add_cipher(EVP_cast5_cfb());
+    EVP_add_cipher(EVP_cast5_ofb());
+    EVP_add_cipher(EVP_cast5_cbc());
+    EVP_add_cipher_alias(SN_cast5_cbc, "CAST");
+    EVP_add_cipher_alias(SN_cast5_cbc, "cast");
+    EVP_add_cipher_alias(SN_cast5_cbc, "CAST-cbc");
+    EVP_add_cipher_alias(SN_cast5_cbc, "cast-cbc");
+#endif
+
+#ifndef OPENSSL_NO_RC5
+    EVP_add_cipher(EVP_rc5_32_12_16_ecb());
+    EVP_add_cipher(EVP_rc5_32_12_16_cfb());
+    EVP_add_cipher(EVP_rc5_32_12_16_ofb());
+    EVP_add_cipher(EVP_rc5_32_12_16_cbc());
+    EVP_add_cipher_alias(SN_rc5_cbc, "rc5");
+    EVP_add_cipher_alias(SN_rc5_cbc, "RC5");
+#endif
+
+    EVP_add_cipher(EVP_aes_128_ecb());
+    EVP_add_cipher(EVP_aes_128_cbc());
+    EVP_add_cipher(EVP_aes_128_cfb());
+    EVP_add_cipher(EVP_aes_128_cfb1());
+    EVP_add_cipher(EVP_aes_128_cfb8());
+    EVP_add_cipher(EVP_aes_128_ofb());
+    EVP_add_cipher(EVP_aes_128_ctr());
+    EVP_add_cipher(EVP_aes_128_gcm());
+#ifndef OPENSSL_NO_OCB
+    EVP_add_cipher(EVP_aes_128_ocb());
+#endif
+    EVP_add_cipher(EVP_aes_128_xts());
+    EVP_add_cipher(EVP_aes_128_ccm());
+    EVP_add_cipher(EVP_aes_128_wrap());
+    EVP_add_cipher_alias(SN_id_aes128_wrap, "aes128-wrap");
+    EVP_add_cipher(EVP_aes_128_wrap_pad());
+    EVP_add_cipher_alias(SN_aes_128_cbc, "AES128");
+    EVP_add_cipher_alias(SN_aes_128_cbc, "aes128");
+    EVP_add_cipher(EVP_aes_192_ecb());
+    EVP_add_cipher(EVP_aes_192_cbc());
+    EVP_add_cipher(EVP_aes_192_cfb());
+    EVP_add_cipher(EVP_aes_192_cfb1());
+    EVP_add_cipher(EVP_aes_192_cfb8());
+    EVP_add_cipher(EVP_aes_192_ofb());
+    EVP_add_cipher(EVP_aes_192_ctr());
+    EVP_add_cipher(EVP_aes_192_gcm());
+#ifndef OPENSSL_NO_OCB
+    EVP_add_cipher(EVP_aes_192_ocb());
+#endif
+    EVP_add_cipher(EVP_aes_192_ccm());
+    EVP_add_cipher(EVP_aes_192_wrap());
+    EVP_add_cipher_alias(SN_id_aes192_wrap, "aes192-wrap");
+    EVP_add_cipher(EVP_aes_192_wrap_pad());
+    EVP_add_cipher_alias(SN_aes_192_cbc, "AES192");
+    EVP_add_cipher_alias(SN_aes_192_cbc, "aes192");
+    EVP_add_cipher(EVP_aes_256_ecb());
+    EVP_add_cipher(EVP_aes_256_cbc());
+    EVP_add_cipher(EVP_aes_256_cfb());
+    EVP_add_cipher(EVP_aes_256_cfb1());
+    EVP_add_cipher(EVP_aes_256_cfb8());
+    EVP_add_cipher(EVP_aes_256_ofb());
+    EVP_add_cipher(EVP_aes_256_ctr());
+    EVP_add_cipher(EVP_aes_256_gcm());
+#ifndef OPENSSL_NO_OCB
+    EVP_add_cipher(EVP_aes_256_ocb());
+#endif
+    EVP_add_cipher(EVP_aes_256_xts());
+    EVP_add_cipher(EVP_aes_256_ccm());
+    EVP_add_cipher(EVP_aes_256_wrap());
+    EVP_add_cipher_alias(SN_id_aes256_wrap, "aes256-wrap");
+    EVP_add_cipher(EVP_aes_256_wrap_pad());
+    EVP_add_cipher_alias(SN_aes_256_cbc, "AES256");
+    EVP_add_cipher_alias(SN_aes_256_cbc, "aes256");
+    EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1());
+    EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1());
+    EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256());
+    EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256());
+
+#ifndef OPENSSL_NO_ARIA
+    EVP_add_cipher(EVP_aria_128_ecb());
+    EVP_add_cipher(EVP_aria_128_cbc());
+    EVP_add_cipher(EVP_aria_128_cfb());
+    EVP_add_cipher(EVP_aria_128_cfb1());
+    EVP_add_cipher(EVP_aria_128_cfb8());
+    EVP_add_cipher(EVP_aria_128_ctr());
+    EVP_add_cipher(EVP_aria_128_ofb());
+    EVP_add_cipher(EVP_aria_128_gcm());
+    EVP_add_cipher(EVP_aria_128_ccm());
+    EVP_add_cipher_alias(SN_aria_128_cbc, "ARIA128");
+    EVP_add_cipher_alias(SN_aria_128_cbc, "aria128");
+    EVP_add_cipher(EVP_aria_192_ecb());
+    EVP_add_cipher(EVP_aria_192_cbc());
+    EVP_add_cipher(EVP_aria_192_cfb());
+    EVP_add_cipher(EVP_aria_192_cfb1());
+    EVP_add_cipher(EVP_aria_192_cfb8());
+    EVP_add_cipher(EVP_aria_192_ctr());
+    EVP_add_cipher(EVP_aria_192_ofb());
+    EVP_add_cipher(EVP_aria_192_gcm());
+    EVP_add_cipher(EVP_aria_192_ccm());
+    EVP_add_cipher_alias(SN_aria_192_cbc, "ARIA192");
+    EVP_add_cipher_alias(SN_aria_192_cbc, "aria192");
+    EVP_add_cipher(EVP_aria_256_ecb());
+    EVP_add_cipher(EVP_aria_256_cbc());
+    EVP_add_cipher(EVP_aria_256_cfb());
+    EVP_add_cipher(EVP_aria_256_cfb1());
+    EVP_add_cipher(EVP_aria_256_cfb8());
+    EVP_add_cipher(EVP_aria_256_ctr());
+    EVP_add_cipher(EVP_aria_256_ofb());
+    EVP_add_cipher(EVP_aria_256_gcm());
+    EVP_add_cipher(EVP_aria_256_ccm());
+    EVP_add_cipher_alias(SN_aria_256_cbc, "ARIA256");
+    EVP_add_cipher_alias(SN_aria_256_cbc, "aria256");
+#endif
+
+#ifndef OPENSSL_NO_CAMELLIA
+    EVP_add_cipher(EVP_camellia_128_ecb());
+    EVP_add_cipher(EVP_camellia_128_cbc());
+    EVP_add_cipher(EVP_camellia_128_cfb());
+    EVP_add_cipher(EVP_camellia_128_cfb1());
+    EVP_add_cipher(EVP_camellia_128_cfb8());
+    EVP_add_cipher(EVP_camellia_128_ofb());
+    EVP_add_cipher_alias(SN_camellia_128_cbc, "CAMELLIA128");
+    EVP_add_cipher_alias(SN_camellia_128_cbc, "camellia128");
+    EVP_add_cipher(EVP_camellia_192_ecb());
+    EVP_add_cipher(EVP_camellia_192_cbc());
+    EVP_add_cipher(EVP_camellia_192_cfb());
+    EVP_add_cipher(EVP_camellia_192_cfb1());
+    EVP_add_cipher(EVP_camellia_192_cfb8());
+    EVP_add_cipher(EVP_camellia_192_ofb());
+    EVP_add_cipher_alias(SN_camellia_192_cbc, "CAMELLIA192");
+    EVP_add_cipher_alias(SN_camellia_192_cbc, "camellia192");
+    EVP_add_cipher(EVP_camellia_256_ecb());
+    EVP_add_cipher(EVP_camellia_256_cbc());
+    EVP_add_cipher(EVP_camellia_256_cfb());
+    EVP_add_cipher(EVP_camellia_256_cfb1());
+    EVP_add_cipher(EVP_camellia_256_cfb8());
+    EVP_add_cipher(EVP_camellia_256_ofb());
+    EVP_add_cipher_alias(SN_camellia_256_cbc, "CAMELLIA256");
+    EVP_add_cipher_alias(SN_camellia_256_cbc, "camellia256");
+    EVP_add_cipher(EVP_camellia_128_ctr());
+    EVP_add_cipher(EVP_camellia_192_ctr());
+    EVP_add_cipher(EVP_camellia_256_ctr());
+#endif
+
+#ifndef OPENSSL_NO_CHACHA
+    EVP_add_cipher(EVP_chacha20());
+# ifndef OPENSSL_NO_POLY1305
+    EVP_add_cipher(EVP_chacha20_poly1305());
+# endif
+#endif
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/c_alld.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/c_alld.c
new file mode 100644
index 000000000..1267531a7
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/c_alld.c
@@ -0,0 +1,60 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include "internal/evp_int.h"
+#include <openssl/pkcs12.h>
+#include <openssl/objects.h>
+
+void openssl_add_all_digests_int(void)
+{
+#ifndef OPENSSL_NO_MD4
+    EVP_add_digest(EVP_md4());
+#endif
+#ifndef OPENSSL_NO_MD5
+    EVP_add_digest(EVP_md5());
+    EVP_add_digest_alias(SN_md5, "ssl3-md5");
+    EVP_add_digest(EVP_md5_sha1());
+#endif
+    EVP_add_digest(EVP_sha1());
+    EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
+    EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
+#if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES)
+    EVP_add_digest(EVP_mdc2());
+#endif
+#ifndef OPENSSL_NO_RMD160
+    EVP_add_digest(EVP_ripemd160());
+    EVP_add_digest_alias(SN_ripemd160, "ripemd");
+    EVP_add_digest_alias(SN_ripemd160, "rmd160");
+#endif
+    EVP_add_digest(EVP_sha224());
+    EVP_add_digest(EVP_sha256());
+    EVP_add_digest(EVP_sha384());
+    EVP_add_digest(EVP_sha512());
+    EVP_add_digest(EVP_sha512_224());
+    EVP_add_digest(EVP_sha512_256());
+#ifndef OPENSSL_NO_WHIRLPOOL
+    EVP_add_digest(EVP_whirlpool());
+#endif
+#ifndef OPENSSL_NO_SM3
+    EVP_add_digest(EVP_sm3());
+#endif
+#ifndef OPENSSL_NO_BLAKE2
+    EVP_add_digest(EVP_blake2b512());
+    EVP_add_digest(EVP_blake2s256());
+#endif
+    EVP_add_digest(EVP_sha3_224());
+    EVP_add_digest(EVP_sha3_256());
+    EVP_add_digest(EVP_sha3_384());
+    EVP_add_digest(EVP_sha3_512());
+    EVP_add_digest(EVP_shake128());
+    EVP_add_digest(EVP_shake256());
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/cmeth_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/cmeth_lib.c
new file mode 100644
index 000000000..e2295c4dc
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/cmeth_lib.c
@@ -0,0 +1,151 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+
+#include <openssl/evp.h>
+#include "internal/evp_int.h"
+#include "evp_locl.h"
+
+EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len)
+{
+    EVP_CIPHER *cipher = OPENSSL_zalloc(sizeof(EVP_CIPHER));
+
+    if (cipher != NULL) {
+        cipher->nid = cipher_type;
+        cipher->block_size = block_size;
+        cipher->key_len = key_len;
+    }
+    return cipher;
+}
+
+EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher)
+{
+    EVP_CIPHER *to = EVP_CIPHER_meth_new(cipher->nid, cipher->block_size,
+                                         cipher->key_len);
+
+    if (to != NULL)
+        memcpy(to, cipher, sizeof(*to));
+    return to;
+}
+
+void EVP_CIPHER_meth_free(EVP_CIPHER *cipher)
+{
+    OPENSSL_free(cipher);
+}
+
+int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len)
+{
+    cipher->iv_len = iv_len;
+    return 1;
+}
+
+int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags)
+{
+    cipher->flags = flags;
+    return 1;
+}
+
+int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size)
+{
+    cipher->ctx_size = ctx_size;
+    return 1;
+}
+
+int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher,
+                             int (*init) (EVP_CIPHER_CTX *ctx,
+                                          const unsigned char *key,
+                                          const unsigned char *iv,
+                                          int enc))
+{
+    cipher->init = init;
+    return 1;
+}
+
+int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher,
+                                  int (*do_cipher) (EVP_CIPHER_CTX *ctx,
+                                                    unsigned char *out,
+                                                    const unsigned char *in,
+                                                    size_t inl))
+{
+    cipher->do_cipher = do_cipher;
+    return 1;
+}
+
+int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher,
+                                int (*cleanup) (EVP_CIPHER_CTX *))
+{
+    cipher->cleanup = cleanup;
+    return 1;
+}
+
+int EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher,
+                                        int (*set_asn1_parameters) (EVP_CIPHER_CTX *,
+                                                                    ASN1_TYPE *))
+{
+    cipher->set_asn1_parameters = set_asn1_parameters;
+    return 1;
+}
+
+int EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher,
+                                        int (*get_asn1_parameters) (EVP_CIPHER_CTX *,
+                                                                    ASN1_TYPE *))
+{
+    cipher->get_asn1_parameters = get_asn1_parameters;
+    return 1;
+}
+
+int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher,
+                             int (*ctrl) (EVP_CIPHER_CTX *, int type,
+                                          int arg, void *ptr))
+{
+    cipher->ctrl = ctrl;
+    return 1;
+}
+
+
+int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx,
+                                                          const unsigned char *key,
+                                                          const unsigned char *iv,
+                                                          int enc)
+{
+    return cipher->init;
+}
+int (*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx,
+                                                               unsigned char *out,
+                                                               const unsigned char *in,
+                                                               size_t inl)
+{
+    return cipher->do_cipher;
+}
+
+int (*EVP_CIPHER_meth_get_cleanup(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *)
+{
+    return cipher->cleanup;
+}
+
+int (*EVP_CIPHER_meth_get_set_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
+                                                                     ASN1_TYPE *)
+{
+    return cipher->set_asn1_parameters;
+}
+
+int (*EVP_CIPHER_meth_get_get_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
+                                                               ASN1_TYPE *)
+{
+    return cipher->get_asn1_parameters;
+}
+
+int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
+                                                          int type, int arg,
+                                                          void *ptr)
+{
+    return cipher->ctrl;
+}
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/digest.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/digest.c
new file mode 100644
index 000000000..f78dab767
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/digest.c
@@ -0,0 +1,298 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/engine.h>
+#include "internal/evp_int.h"
+#include "evp_locl.h"
+
+/* This call frees resources associated with the context */
+int EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
+{
+    if (ctx == NULL)
+        return 1;
+
+    /*
+     * Don't assume ctx->md_data was cleaned in EVP_Digest_Final, because
+     * sometimes only copies of the context are ever finalised.
+     */
+    if (ctx->digest && ctx->digest->cleanup
+        && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED))
+        ctx->digest->cleanup(ctx);
+    if (ctx->digest && ctx->digest->ctx_size && ctx->md_data
+        && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) {
+        OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
+    }
+    /*
+     * pctx should be freed by the user of EVP_MD_CTX
+     * if EVP_MD_CTX_FLAG_KEEP_PKEY_CTX is set
+     */
+    if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX))
+        EVP_PKEY_CTX_free(ctx->pctx);
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_finish(ctx->engine);
+#endif
+    OPENSSL_cleanse(ctx, sizeof(*ctx));
+
+    return 1;
+}
+
+EVP_MD_CTX *EVP_MD_CTX_new(void)
+{
+    return OPENSSL_zalloc(sizeof(EVP_MD_CTX));
+}
+
+void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
+{
+    EVP_MD_CTX_reset(ctx);
+    OPENSSL_free(ctx);
+}
+
+int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type)
+{
+    EVP_MD_CTX_reset(ctx);
+    return EVP_DigestInit_ex(ctx, type, NULL);
+}
+
+int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
+{
+    EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
+#ifndef OPENSSL_NO_ENGINE
+    /*
+     * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so
+     * this context may already have an ENGINE! Try to avoid releasing the
+     * previous handle, re-querying for an ENGINE, and having a
+     * reinitialisation, when it may all be unnecessary.
+     */
+    if (ctx->engine && ctx->digest &&
+        (type == NULL || (type->type == ctx->digest->type)))
+        goto skip_to_init;
+    if (type) {
+        /*
+         * Ensure an ENGINE left lying around from last time is cleared (the
+         * previous check attempted to avoid this if the same ENGINE and
+         * EVP_MD could be used).
+         */
+        ENGINE_finish(ctx->engine);
+        if (impl != NULL) {
+            if (!ENGINE_init(impl)) {
+                EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR);
+                return 0;
+            }
+        } else {
+            /* Ask if an ENGINE is reserved for this job */
+            impl = ENGINE_get_digest_engine(type->type);
+        }
+        if (impl != NULL) {
+            /* There's an ENGINE for this job ... (apparently) */
+            const EVP_MD *d = ENGINE_get_digest(impl, type->type);
+
+            if (d == NULL) {
+                EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR);
+                ENGINE_finish(impl);
+                return 0;
+            }
+            /* We'll use the ENGINE's private digest definition */
+            type = d;
+            /*
+             * Store the ENGINE functional reference so we know 'type' came
+             * from an ENGINE and we need to release it when done.
+             */
+            ctx->engine = impl;
+        } else
+            ctx->engine = NULL;
+    } else {
+        if (!ctx->digest) {
+            EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_NO_DIGEST_SET);
+            return 0;
+        }
+        type = ctx->digest;
+    }
+#endif
+    if (ctx->digest != type) {
+        if (ctx->digest && ctx->digest->ctx_size) {
+            OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
+            ctx->md_data = NULL;
+        }
+        ctx->digest = type;
+        if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) {
+            ctx->update = type->update;
+            ctx->md_data = OPENSSL_zalloc(type->ctx_size);
+            if (ctx->md_data == NULL) {
+                EVPerr(EVP_F_EVP_DIGESTINIT_EX, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+        }
+    }
+#ifndef OPENSSL_NO_ENGINE
+ skip_to_init:
+#endif
+    if (ctx->pctx) {
+        int r;
+        r = EVP_PKEY_CTX_ctrl(ctx->pctx, -1, EVP_PKEY_OP_TYPE_SIG,
+                              EVP_PKEY_CTRL_DIGESTINIT, 0, ctx);
+        if (r <= 0 && (r != -2))
+            return 0;
+    }
+    if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT)
+        return 1;
+    return ctx->digest->init(ctx);
+}
+
+int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return ctx->update(ctx, data, count);
+}
+
+/* The caller can assume that this removes any secret data from the context */
+int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
+{
+    int ret;
+    ret = EVP_DigestFinal_ex(ctx, md, size);
+    EVP_MD_CTX_reset(ctx);
+    return ret;
+}
+
+/* The caller can assume that this removes any secret data from the context */
+int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
+{
+    int ret;
+
+    OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
+    ret = ctx->digest->final(ctx, md);
+    if (size != NULL)
+        *size = ctx->digest->md_size;
+    if (ctx->digest->cleanup) {
+        ctx->digest->cleanup(ctx);
+        EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
+    }
+    OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size);
+    return ret;
+}
+
+int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t size)
+{
+    int ret = 0;
+
+    if (ctx->digest->flags & EVP_MD_FLAG_XOF
+        && size <= INT_MAX
+        && ctx->digest->md_ctrl(ctx, EVP_MD_CTRL_XOF_LEN, (int)size, NULL)) {
+        ret = ctx->digest->final(ctx, md);
+
+        if (ctx->digest->cleanup != NULL) {
+            ctx->digest->cleanup(ctx);
+            EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
+        }
+        OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size);
+    } else {
+        EVPerr(EVP_F_EVP_DIGESTFINALXOF, EVP_R_NOT_XOF_OR_INVALID_LENGTH);
+    }
+
+    return ret;
+}
+
+int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
+{
+    EVP_MD_CTX_reset(out);
+    return EVP_MD_CTX_copy_ex(out, in);
+}
+
+int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
+{
+    unsigned char *tmp_buf;
+    if ((in == NULL) || (in->digest == NULL)) {
+        EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, EVP_R_INPUT_NOT_INITIALIZED);
+        return 0;
+    }
+#ifndef OPENSSL_NO_ENGINE
+    /* Make sure it's safe to copy a digest context using an ENGINE */
+    if (in->engine && !ENGINE_init(in->engine)) {
+        EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, ERR_R_ENGINE_LIB);
+        return 0;
+    }
+#endif
+
+    if (out->digest == in->digest) {
+        tmp_buf = out->md_data;
+        EVP_MD_CTX_set_flags(out, EVP_MD_CTX_FLAG_REUSE);
+    } else
+        tmp_buf = NULL;
+    EVP_MD_CTX_reset(out);
+    memcpy(out, in, sizeof(*out));
+
+    /* copied EVP_MD_CTX should free the copied EVP_PKEY_CTX */
+    EVP_MD_CTX_clear_flags(out, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX);
+
+    /* Null these variables, since they are getting fixed up
+     * properly below.  Anything else may cause a memleak and/or
+     * double free if any of the memory allocations below fail
+     */
+    out->md_data = NULL;
+    out->pctx = NULL;
+
+    if (in->md_data && out->digest->ctx_size) {
+        if (tmp_buf)
+            out->md_data = tmp_buf;
+        else {
+            out->md_data = OPENSSL_malloc(out->digest->ctx_size);
+            if (out->md_data == NULL) {
+                EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+        }
+        memcpy(out->md_data, in->md_data, out->digest->ctx_size);
+    }
+
+    out->update = in->update;
+
+    if (in->pctx) {
+        out->pctx = EVP_PKEY_CTX_dup(in->pctx);
+        if (!out->pctx) {
+            EVP_MD_CTX_reset(out);
+            return 0;
+        }
+    }
+
+    if (out->digest->copy)
+        return out->digest->copy(out, in);
+
+    return 1;
+}
+
+int EVP_Digest(const void *data, size_t count,
+               unsigned char *md, unsigned int *size, const EVP_MD *type,
+               ENGINE *impl)
+{
+    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+    int ret;
+
+    if (ctx == NULL)
+        return 0;
+    EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_ONESHOT);
+    ret = EVP_DigestInit_ex(ctx, type, impl)
+        && EVP_DigestUpdate(ctx, data, count)
+        && EVP_DigestFinal_ex(ctx, md, size);
+    EVP_MD_CTX_free(ctx);
+
+    return ret;
+}
+
+int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2)
+{
+    if (ctx->digest && ctx->digest->md_ctrl) {
+        int ret = ctx->digest->md_ctrl(ctx, cmd, p1, p2);
+        if (ret <= 0)
+            return 0;
+        return 1;
+    }
+    return 0;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_aes.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_aes.c
new file mode 100644
index 000000000..39eb4f379
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_aes.c
@@ -0,0 +1,4210 @@
+/*
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#include <openssl/crypto.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <string.h>
+#include <assert.h>
+#include <openssl/aes.h>
+#include "internal/evp_int.h"
+#include "modes_lcl.h"
+#include <openssl/rand.h>
+#include "evp_locl.h"
+
+typedef struct {
+    union {
+        double align;
+        AES_KEY ks;
+    } ks;
+    block128_f block;
+    union {
+        cbc128_f cbc;
+        ctr128_f ctr;
+    } stream;
+} EVP_AES_KEY;
+
+typedef struct {
+    union {
+        double align;
+        AES_KEY ks;
+    } ks;                       /* AES key schedule to use */
+    int key_set;                /* Set if key initialised */
+    int iv_set;                 /* Set if an iv is set */
+    GCM128_CONTEXT gcm;
+    unsigned char *iv;          /* Temporary IV store */
+    int ivlen;                  /* IV length */
+    int taglen;
+    int iv_gen;                 /* It is OK to generate IVs */
+    int tls_aad_len;            /* TLS AAD length */
+    ctr128_f ctr;
+} EVP_AES_GCM_CTX;
+
+typedef struct {
+    union {
+        double align;
+        AES_KEY ks;
+    } ks1, ks2;                 /* AES key schedules to use */
+    XTS128_CONTEXT xts;
+    void (*stream) (const unsigned char *in,
+                    unsigned char *out, size_t length,
+                    const AES_KEY *key1, const AES_KEY *key2,
+                    const unsigned char iv[16]);
+} EVP_AES_XTS_CTX;
+
+typedef struct {
+    union {
+        double align;
+        AES_KEY ks;
+    } ks;                       /* AES key schedule to use */
+    int key_set;                /* Set if key initialised */
+    int iv_set;                 /* Set if an iv is set */
+    int tag_set;                /* Set if tag is valid */
+    int len_set;                /* Set if message length set */
+    int L, M;                   /* L and M parameters from RFC3610 */
+    int tls_aad_len;            /* TLS AAD length */
+    CCM128_CONTEXT ccm;
+    ccm128_f str;
+} EVP_AES_CCM_CTX;
+
+#ifndef OPENSSL_NO_OCB
+typedef struct {
+    union {
+        double align;
+        AES_KEY ks;
+    } ksenc;                    /* AES key schedule to use for encryption */
+    union {
+        double align;
+        AES_KEY ks;
+    } ksdec;                    /* AES key schedule to use for decryption */
+    int key_set;                /* Set if key initialised */
+    int iv_set;                 /* Set if an iv is set */
+    OCB128_CONTEXT ocb;
+    unsigned char *iv;          /* Temporary IV store */
+    unsigned char tag[16];
+    unsigned char data_buf[16]; /* Store partial data blocks */
+    unsigned char aad_buf[16];  /* Store partial AAD blocks */
+    int data_buf_len;
+    int aad_buf_len;
+    int ivlen;                  /* IV length */
+    int taglen;
+} EVP_AES_OCB_CTX;
+#endif
+
+#define MAXBITCHUNK     ((size_t)1<<(sizeof(size_t)*8-4))
+
+#ifdef VPAES_ASM
+int vpaes_set_encrypt_key(const unsigned char *userKey, int bits,
+                          AES_KEY *key);
+int vpaes_set_decrypt_key(const unsigned char *userKey, int bits,
+                          AES_KEY *key);
+
+void vpaes_encrypt(const unsigned char *in, unsigned char *out,
+                   const AES_KEY *key);
+void vpaes_decrypt(const unsigned char *in, unsigned char *out,
+                   const AES_KEY *key);
+
+void vpaes_cbc_encrypt(const unsigned char *in,
+                       unsigned char *out,
+                       size_t length,
+                       const AES_KEY *key, unsigned char *ivec, int enc);
+#endif
+#ifdef BSAES_ASM
+void bsaes_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                       size_t length, const AES_KEY *key,
+                       unsigned char ivec[16], int enc);
+void bsaes_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out,
+                                size_t len, const AES_KEY *key,
+                                const unsigned char ivec[16]);
+void bsaes_xts_encrypt(const unsigned char *inp, unsigned char *out,
+                       size_t len, const AES_KEY *key1,
+                       const AES_KEY *key2, const unsigned char iv[16]);
+void bsaes_xts_decrypt(const unsigned char *inp, unsigned char *out,
+                       size_t len, const AES_KEY *key1,
+                       const AES_KEY *key2, const unsigned char iv[16]);
+#endif
+#ifdef AES_CTR_ASM
+void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out,
+                       size_t blocks, const AES_KEY *key,
+                       const unsigned char ivec[AES_BLOCK_SIZE]);
+#endif
+#ifdef AES_XTS_ASM
+void AES_xts_encrypt(const unsigned char *inp, unsigned char *out, size_t len,
+                     const AES_KEY *key1, const AES_KEY *key2,
+                     const unsigned char iv[16]);
+void AES_xts_decrypt(const unsigned char *inp, unsigned char *out, size_t len,
+                     const AES_KEY *key1, const AES_KEY *key2,
+                     const unsigned char iv[16]);
+#endif
+
+/* increment counter (64-bit int) by 1 */
+static void ctr64_inc(unsigned char *counter)
+{
+    int n = 8;
+    unsigned char c;
+
+    do {
+        --n;
+        c = counter[n];
+        ++c;
+        counter[n] = c;
+        if (c)
+            return;
+    } while (n);
+}
+
+#if defined(OPENSSL_CPUID_OBJ) && (defined(__powerpc__) || defined(__ppc__) || defined(_ARCH_PPC))
+# include "ppc_arch.h"
+# ifdef VPAES_ASM
+#  define VPAES_CAPABLE (OPENSSL_ppccap_P & PPC_ALTIVEC)
+# endif
+# define HWAES_CAPABLE  (OPENSSL_ppccap_P & PPC_CRYPTO207)
+# define HWAES_set_encrypt_key aes_p8_set_encrypt_key
+# define HWAES_set_decrypt_key aes_p8_set_decrypt_key
+# define HWAES_encrypt aes_p8_encrypt
+# define HWAES_decrypt aes_p8_decrypt
+# define HWAES_cbc_encrypt aes_p8_cbc_encrypt
+# define HWAES_ctr32_encrypt_blocks aes_p8_ctr32_encrypt_blocks
+# define HWAES_xts_encrypt aes_p8_xts_encrypt
+# define HWAES_xts_decrypt aes_p8_xts_decrypt
+#endif
+
+#if     defined(AES_ASM) && !defined(I386_ONLY) &&      (  \
+        ((defined(__i386)       || defined(__i386__)    || \
+          defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2))|| \
+        defined(__x86_64)       || defined(__x86_64__)  || \
+        defined(_M_AMD64)       || defined(_M_X64)      )
+
+extern unsigned int OPENSSL_ia32cap_P[];
+
+# ifdef VPAES_ASM
+#  define VPAES_CAPABLE   (OPENSSL_ia32cap_P[1]&(1<<(41-32)))
+# endif
+# ifdef BSAES_ASM
+#  define BSAES_CAPABLE   (OPENSSL_ia32cap_P[1]&(1<<(41-32)))
+# endif
+/*
+ * AES-NI section
+ */
+# define AESNI_CAPABLE   (OPENSSL_ia32cap_P[1]&(1<<(57-32)))
+
+int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
+                          AES_KEY *key);
+int aesni_set_decrypt_key(const unsigned char *userKey, int bits,
+                          AES_KEY *key);
+
+void aesni_encrypt(const unsigned char *in, unsigned char *out,
+                   const AES_KEY *key);
+void aesni_decrypt(const unsigned char *in, unsigned char *out,
+                   const AES_KEY *key);
+
+void aesni_ecb_encrypt(const unsigned char *in,
+                       unsigned char *out,
+                       size_t length, const AES_KEY *key, int enc);
+void aesni_cbc_encrypt(const unsigned char *in,
+                       unsigned char *out,
+                       size_t length,
+                       const AES_KEY *key, unsigned char *ivec, int enc);
+
+void aesni_ctr32_encrypt_blocks(const unsigned char *in,
+                                unsigned char *out,
+                                size_t blocks,
+                                const void *key, const unsigned char *ivec);
+
+void aesni_xts_encrypt(const unsigned char *in,
+                       unsigned char *out,
+                       size_t length,
+                       const AES_KEY *key1, const AES_KEY *key2,
+                       const unsigned char iv[16]);
+
+void aesni_xts_decrypt(const unsigned char *in,
+                       unsigned char *out,
+                       size_t length,
+                       const AES_KEY *key1, const AES_KEY *key2,
+                       const unsigned char iv[16]);
+
+void aesni_ccm64_encrypt_blocks(const unsigned char *in,
+                                unsigned char *out,
+                                size_t blocks,
+                                const void *key,
+                                const unsigned char ivec[16],
+                                unsigned char cmac[16]);
+
+void aesni_ccm64_decrypt_blocks(const unsigned char *in,
+                                unsigned char *out,
+                                size_t blocks,
+                                const void *key,
+                                const unsigned char ivec[16],
+                                unsigned char cmac[16]);
+
+# if defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)
+size_t aesni_gcm_encrypt(const unsigned char *in,
+                         unsigned char *out,
+                         size_t len,
+                         const void *key, unsigned char ivec[16], u64 *Xi);
+#  define AES_gcm_encrypt aesni_gcm_encrypt
+size_t aesni_gcm_decrypt(const unsigned char *in,
+                         unsigned char *out,
+                         size_t len,
+                         const void *key, unsigned char ivec[16], u64 *Xi);
+#  define AES_gcm_decrypt aesni_gcm_decrypt
+void gcm_ghash_avx(u64 Xi[2], const u128 Htable[16], const u8 *in,
+                   size_t len);
+#  define AES_GCM_ASM(gctx)       (gctx->ctr==aesni_ctr32_encrypt_blocks && \
+                                 gctx->gcm.ghash==gcm_ghash_avx)
+#  define AES_GCM_ASM2(gctx)      (gctx->gcm.block==(block128_f)aesni_encrypt && \
+                                 gctx->gcm.ghash==gcm_ghash_avx)
+#  undef AES_GCM_ASM2          /* minor size optimization */
+# endif
+
+static int aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                          const unsigned char *iv, int enc)
+{
+    int ret, mode;
+    EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
+
+    mode = EVP_CIPHER_CTX_mode(ctx);
+    if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
+        && !enc) {
+        ret = aesni_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                    &dat->ks.ks);
+        dat->block = (block128_f) aesni_decrypt;
+        dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+            (cbc128_f) aesni_cbc_encrypt : NULL;
+    } else {
+        ret = aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                    &dat->ks.ks);
+        dat->block = (block128_f) aesni_encrypt;
+        if (mode == EVP_CIPH_CBC_MODE)
+            dat->stream.cbc = (cbc128_f) aesni_cbc_encrypt;
+        else if (mode == EVP_CIPH_CTR_MODE)
+            dat->stream.ctr = (ctr128_f) aesni_ctr32_encrypt_blocks;
+        else
+            dat->stream.cbc = NULL;
+    }
+
+    if (ret < 0) {
+        EVPerr(EVP_F_AESNI_INIT_KEY, EVP_R_AES_KEY_SETUP_FAILED);
+        return 0;
+    }
+
+    return 1;
+}
+
+static int aesni_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                            const unsigned char *in, size_t len)
+{
+    aesni_cbc_encrypt(in, out, len, &EVP_C_DATA(EVP_AES_KEY,ctx)->ks.ks,
+                      EVP_CIPHER_CTX_iv_noconst(ctx),
+                      EVP_CIPHER_CTX_encrypting(ctx));
+
+    return 1;
+}
+
+static int aesni_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                            const unsigned char *in, size_t len)
+{
+    size_t bl = EVP_CIPHER_CTX_block_size(ctx);
+
+    if (len < bl)
+        return 1;
+
+    aesni_ecb_encrypt(in, out, len, &EVP_C_DATA(EVP_AES_KEY,ctx)->ks.ks,
+                      EVP_CIPHER_CTX_encrypting(ctx));
+
+    return 1;
+}
+
+# define aesni_ofb_cipher aes_ofb_cipher
+static int aesni_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                            const unsigned char *in, size_t len);
+
+# define aesni_cfb_cipher aes_cfb_cipher
+static int aesni_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                            const unsigned char *in, size_t len);
+
+# define aesni_cfb8_cipher aes_cfb8_cipher
+static int aesni_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                             const unsigned char *in, size_t len);
+
+# define aesni_cfb1_cipher aes_cfb1_cipher
+static int aesni_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                             const unsigned char *in, size_t len);
+
+# define aesni_ctr_cipher aes_ctr_cipher
+static int aesni_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                            const unsigned char *in, size_t len);
+
+static int aesni_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                              const unsigned char *iv, int enc)
+{
+    EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx);
+    if (!iv && !key)
+        return 1;
+    if (key) {
+        aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                              &gctx->ks.ks);
+        CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f) aesni_encrypt);
+        gctx->ctr = (ctr128_f) aesni_ctr32_encrypt_blocks;
+        /*
+         * If we have an iv can set it directly, otherwise use saved IV.
+         */
+        if (iv == NULL && gctx->iv_set)
+            iv = gctx->iv;
+        if (iv) {
+            CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
+            gctx->iv_set = 1;
+        }
+        gctx->key_set = 1;
+    } else {
+        /* If key set use IV, otherwise copy */
+        if (gctx->key_set)
+            CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
+        else
+            memcpy(gctx->iv, iv, gctx->ivlen);
+        gctx->iv_set = 1;
+        gctx->iv_gen = 0;
+    }
+    return 1;
+}
+
+# define aesni_gcm_cipher aes_gcm_cipher
+static int aesni_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                            const unsigned char *in, size_t len);
+
+static int aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                              const unsigned char *iv, int enc)
+{
+    EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx);
+    if (!iv && !key)
+        return 1;
+
+    if (key) {
+        /* key_len is two AES keys */
+        if (enc) {
+            aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4,
+                                  &xctx->ks1.ks);
+            xctx->xts.block1 = (block128_f) aesni_encrypt;
+            xctx->stream = aesni_xts_encrypt;
+        } else {
+            aesni_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4,
+                                  &xctx->ks1.ks);
+            xctx->xts.block1 = (block128_f) aesni_decrypt;
+            xctx->stream = aesni_xts_decrypt;
+        }
+
+        aesni_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2,
+                              EVP_CIPHER_CTX_key_length(ctx) * 4,
+                              &xctx->ks2.ks);
+        xctx->xts.block2 = (block128_f) aesni_encrypt;
+
+        xctx->xts.key1 = &xctx->ks1;
+    }
+
+    if (iv) {
+        xctx->xts.key2 = &xctx->ks2;
+        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 16);
+    }
+
+    return 1;
+}
+
+# define aesni_xts_cipher aes_xts_cipher
+static int aesni_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                            const unsigned char *in, size_t len);
+
+static int aesni_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                              const unsigned char *iv, int enc)
+{
+    EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx);
+    if (!iv && !key)
+        return 1;
+    if (key) {
+        aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                              &cctx->ks.ks);
+        CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
+                           &cctx->ks, (block128_f) aesni_encrypt);
+        cctx->str = enc ? (ccm128_f) aesni_ccm64_encrypt_blocks :
+            (ccm128_f) aesni_ccm64_decrypt_blocks;
+        cctx->key_set = 1;
+    }
+    if (iv) {
+        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 15 - cctx->L);
+        cctx->iv_set = 1;
+    }
+    return 1;
+}
+
+# define aesni_ccm_cipher aes_ccm_cipher
+static int aesni_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                            const unsigned char *in, size_t len);
+
+# ifndef OPENSSL_NO_OCB
+void aesni_ocb_encrypt(const unsigned char *in, unsigned char *out,
+                       size_t blocks, const void *key,
+                       size_t start_block_num,
+                       unsigned char offset_i[16],
+                       const unsigned char L_[][16],
+                       unsigned char checksum[16]);
+void aesni_ocb_decrypt(const unsigned char *in, unsigned char *out,
+                       size_t blocks, const void *key,
+                       size_t start_block_num,
+                       unsigned char offset_i[16],
+                       const unsigned char L_[][16],
+                       unsigned char checksum[16]);
+
+static int aesni_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                              const unsigned char *iv, int enc)
+{
+    EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,ctx);
+    if (!iv && !key)
+        return 1;
+    if (key) {
+        do {
+            /*
+             * We set both the encrypt and decrypt key here because decrypt
+             * needs both. We could possibly optimise to remove setting the
+             * decrypt for an encryption operation.
+             */
+            aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                  &octx->ksenc.ks);
+            aesni_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                  &octx->ksdec.ks);
+            if (!CRYPTO_ocb128_init(&octx->ocb,
+                                    &octx->ksenc.ks, &octx->ksdec.ks,
+                                    (block128_f) aesni_encrypt,
+                                    (block128_f) aesni_decrypt,
+                                    enc ? aesni_ocb_encrypt
+                                        : aesni_ocb_decrypt))
+                return 0;
+        }
+        while (0);
+
+        /*
+         * If we have an iv we can set it directly, otherwise use saved IV.
+         */
+        if (iv == NULL && octx->iv_set)
+            iv = octx->iv;
+        if (iv) {
+            if (CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen)
+                != 1)
+                return 0;
+            octx->iv_set = 1;
+        }
+        octx->key_set = 1;
+    } else {
+        /* If key set use IV, otherwise copy */
+        if (octx->key_set)
+            CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen);
+        else
+            memcpy(octx->iv, iv, octx->ivlen);
+        octx->iv_set = 1;
+    }
+    return 1;
+}
+
+#  define aesni_ocb_cipher aes_ocb_cipher
+static int aesni_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                            const unsigned char *in, size_t len);
+# endif                        /* OPENSSL_NO_OCB */
+
+# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
+static const EVP_CIPHER aesni_##keylen##_##mode = { \
+        nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
+        flags|EVP_CIPH_##MODE##_MODE,   \
+        aesni_init_key,                 \
+        aesni_##mode##_cipher,          \
+        NULL,                           \
+        sizeof(EVP_AES_KEY),            \
+        NULL,NULL,NULL,NULL }; \
+static const EVP_CIPHER aes_##keylen##_##mode = { \
+        nid##_##keylen##_##nmode,blocksize,     \
+        keylen/8,ivlen, \
+        flags|EVP_CIPH_##MODE##_MODE,   \
+        aes_init_key,                   \
+        aes_##mode##_cipher,            \
+        NULL,                           \
+        sizeof(EVP_AES_KEY),            \
+        NULL,NULL,NULL,NULL }; \
+const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
+{ return AESNI_CAPABLE?&aesni_##keylen##_##mode:&aes_##keylen##_##mode; }
+
+# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \
+static const EVP_CIPHER aesni_##keylen##_##mode = { \
+        nid##_##keylen##_##mode,blocksize, \
+        (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \
+        flags|EVP_CIPH_##MODE##_MODE,   \
+        aesni_##mode##_init_key,        \
+        aesni_##mode##_cipher,          \
+        aes_##mode##_cleanup,           \
+        sizeof(EVP_AES_##MODE##_CTX),   \
+        NULL,NULL,aes_##mode##_ctrl,NULL }; \
+static const EVP_CIPHER aes_##keylen##_##mode = { \
+        nid##_##keylen##_##mode,blocksize, \
+        (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \
+        flags|EVP_CIPH_##MODE##_MODE,   \
+        aes_##mode##_init_key,          \
+        aes_##mode##_cipher,            \
+        aes_##mode##_cleanup,           \
+        sizeof(EVP_AES_##MODE##_CTX),   \
+        NULL,NULL,aes_##mode##_ctrl,NULL }; \
+const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
+{ return AESNI_CAPABLE?&aesni_##keylen##_##mode:&aes_##keylen##_##mode; }
+
+#elif   defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))
+
+# include "sparc_arch.h"
+
+extern unsigned int OPENSSL_sparcv9cap_P[];
+
+/*
+ * Initial Fujitsu SPARC64 X support
+ */
+# define HWAES_CAPABLE           (OPENSSL_sparcv9cap_P[0] & SPARCV9_FJAESX)
+# define HWAES_set_encrypt_key aes_fx_set_encrypt_key
+# define HWAES_set_decrypt_key aes_fx_set_decrypt_key
+# define HWAES_encrypt aes_fx_encrypt
+# define HWAES_decrypt aes_fx_decrypt
+# define HWAES_cbc_encrypt aes_fx_cbc_encrypt
+# define HWAES_ctr32_encrypt_blocks aes_fx_ctr32_encrypt_blocks
+
+# define SPARC_AES_CAPABLE       (OPENSSL_sparcv9cap_P[1] & CFR_AES)
+
+void aes_t4_set_encrypt_key(const unsigned char *key, int bits, AES_KEY *ks);
+void aes_t4_set_decrypt_key(const unsigned char *key, int bits, AES_KEY *ks);
+void aes_t4_encrypt(const unsigned char *in, unsigned char *out,
+                    const AES_KEY *key);
+void aes_t4_decrypt(const unsigned char *in, unsigned char *out,
+                    const AES_KEY *key);
+/*
+ * Key-length specific subroutines were chosen for following reason.
+ * Each SPARC T4 core can execute up to 8 threads which share core's
+ * resources. Loading as much key material to registers allows to
+ * minimize references to shared memory interface, as well as amount
+ * of instructions in inner loops [much needed on T4]. But then having
+ * non-key-length specific routines would require conditional branches
+ * either in inner loops or on subroutines' entries. Former is hardly
+ * acceptable, while latter means code size increase to size occupied
+ * by multiple key-length specific subroutines, so why fight?
+ */
+void aes128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const AES_KEY *key,
+                           unsigned char *ivec);
+void aes128_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const AES_KEY *key,
+                           unsigned char *ivec);
+void aes192_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const AES_KEY *key,
+                           unsigned char *ivec);
+void aes192_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const AES_KEY *key,
+                           unsigned char *ivec);
+void aes256_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const AES_KEY *key,
+                           unsigned char *ivec);
+void aes256_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const AES_KEY *key,
+                           unsigned char *ivec);
+void aes128_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t blocks, const AES_KEY *key,
+                             unsigned char *ivec);
+void aes192_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t blocks, const AES_KEY *key,
+                             unsigned char *ivec);
+void aes256_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t blocks, const AES_KEY *key,
+                             unsigned char *ivec);
+void aes128_t4_xts_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t blocks, const AES_KEY *key1,
+                           const AES_KEY *key2, const unsigned char *ivec);
+void aes128_t4_xts_decrypt(const unsigned char *in, unsigned char *out,
+                           size_t blocks, const AES_KEY *key1,
+                           const AES_KEY *key2, const unsigned char *ivec);
+void aes256_t4_xts_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t blocks, const AES_KEY *key1,
+                           const AES_KEY *key2, const unsigned char *ivec);
+void aes256_t4_xts_decrypt(const unsigned char *in, unsigned char *out,
+                           size_t blocks, const AES_KEY *key1,
+                           const AES_KEY *key2, const unsigned char *ivec);
+
+static int aes_t4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                           const unsigned char *iv, int enc)
+{
+    int ret, mode, bits;
+    EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
+
+    mode = EVP_CIPHER_CTX_mode(ctx);
+    bits = EVP_CIPHER_CTX_key_length(ctx) * 8;
+    if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
+        && !enc) {
+        ret = 0;
+        aes_t4_set_decrypt_key(key, bits, &dat->ks.ks);
+        dat->block = (block128_f) aes_t4_decrypt;
+        switch (bits) {
+        case 128:
+            dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+                (cbc128_f) aes128_t4_cbc_decrypt : NULL;
+            break;
+        case 192:
+            dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+                (cbc128_f) aes192_t4_cbc_decrypt : NULL;
+            break;
+        case 256:
+            dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+                (cbc128_f) aes256_t4_cbc_decrypt : NULL;
+            break;
+        default:
+            ret = -1;
+        }
+    } else {
+        ret = 0;
+        aes_t4_set_encrypt_key(key, bits, &dat->ks.ks);
+        dat->block = (block128_f) aes_t4_encrypt;
+        switch (bits) {
+        case 128:
+            if (mode == EVP_CIPH_CBC_MODE)
+                dat->stream.cbc = (cbc128_f) aes128_t4_cbc_encrypt;
+            else if (mode == EVP_CIPH_CTR_MODE)
+                dat->stream.ctr = (ctr128_f) aes128_t4_ctr32_encrypt;
+            else
+                dat->stream.cbc = NULL;
+            break;
+        case 192:
+            if (mode == EVP_CIPH_CBC_MODE)
+                dat->stream.cbc = (cbc128_f) aes192_t4_cbc_encrypt;
+            else if (mode == EVP_CIPH_CTR_MODE)
+                dat->stream.ctr = (ctr128_f) aes192_t4_ctr32_encrypt;
+            else
+                dat->stream.cbc = NULL;
+            break;
+        case 256:
+            if (mode == EVP_CIPH_CBC_MODE)
+                dat->stream.cbc = (cbc128_f) aes256_t4_cbc_encrypt;
+            else if (mode == EVP_CIPH_CTR_MODE)
+                dat->stream.ctr = (ctr128_f) aes256_t4_ctr32_encrypt;
+            else
+                dat->stream.cbc = NULL;
+            break;
+        default:
+            ret = -1;
+        }
+    }
+
+    if (ret < 0) {
+        EVPerr(EVP_F_AES_T4_INIT_KEY, EVP_R_AES_KEY_SETUP_FAILED);
+        return 0;
+    }
+
+    return 1;
+}
+
+# define aes_t4_cbc_cipher aes_cbc_cipher
+static int aes_t4_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                             const unsigned char *in, size_t len);
+
+# define aes_t4_ecb_cipher aes_ecb_cipher
+static int aes_t4_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                             const unsigned char *in, size_t len);
+
+# define aes_t4_ofb_cipher aes_ofb_cipher
+static int aes_t4_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                             const unsigned char *in, size_t len);
+
+# define aes_t4_cfb_cipher aes_cfb_cipher
+static int aes_t4_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                             const unsigned char *in, size_t len);
+
+# define aes_t4_cfb8_cipher aes_cfb8_cipher
+static int aes_t4_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, size_t len);
+
+# define aes_t4_cfb1_cipher aes_cfb1_cipher
+static int aes_t4_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, size_t len);
+
+# define aes_t4_ctr_cipher aes_ctr_cipher
+static int aes_t4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                             const unsigned char *in, size_t len);
+
+static int aes_t4_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                               const unsigned char *iv, int enc)
+{
+    EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx);
+    if (!iv && !key)
+        return 1;
+    if (key) {
+        int bits = EVP_CIPHER_CTX_key_length(ctx) * 8;
+        aes_t4_set_encrypt_key(key, bits, &gctx->ks.ks);
+        CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
+                           (block128_f) aes_t4_encrypt);
+        switch (bits) {
+        case 128:
+            gctx->ctr = (ctr128_f) aes128_t4_ctr32_encrypt;
+            break;
+        case 192:
+            gctx->ctr = (ctr128_f) aes192_t4_ctr32_encrypt;
+            break;
+        case 256:
+            gctx->ctr = (ctr128_f) aes256_t4_ctr32_encrypt;
+            break;
+        default:
+            return 0;
+        }
+        /*
+         * If we have an iv can set it directly, otherwise use saved IV.
+         */
+        if (iv == NULL && gctx->iv_set)
+            iv = gctx->iv;
+        if (iv) {
+            CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
+            gctx->iv_set = 1;
+        }
+        gctx->key_set = 1;
+    } else {
+        /* If key set use IV, otherwise copy */
+        if (gctx->key_set)
+            CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
+        else
+            memcpy(gctx->iv, iv, gctx->ivlen);
+        gctx->iv_set = 1;
+        gctx->iv_gen = 0;
+    }
+    return 1;
+}
+
+# define aes_t4_gcm_cipher aes_gcm_cipher
+static int aes_t4_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                             const unsigned char *in, size_t len);
+
+static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                               const unsigned char *iv, int enc)
+{
+    EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx);
+    if (!iv && !key)
+        return 1;
+
+    if (key) {
+        int bits = EVP_CIPHER_CTX_key_length(ctx) * 4;
+        xctx->stream = NULL;
+        /* key_len is two AES keys */
+        if (enc) {
+            aes_t4_set_encrypt_key(key, bits, &xctx->ks1.ks);
+            xctx->xts.block1 = (block128_f) aes_t4_encrypt;
+            switch (bits) {
+            case 128:
+                xctx->stream = aes128_t4_xts_encrypt;
+                break;
+            case 256:
+                xctx->stream = aes256_t4_xts_encrypt;
+                break;
+            default:
+                return 0;
+            }
+        } else {
+            aes_t4_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4,
+                                   &xctx->ks1.ks);
+            xctx->xts.block1 = (block128_f) aes_t4_decrypt;
+            switch (bits) {
+            case 128:
+                xctx->stream = aes128_t4_xts_decrypt;
+                break;
+            case 256:
+                xctx->stream = aes256_t4_xts_decrypt;
+                break;
+            default:
+                return 0;
+            }
+        }
+
+        aes_t4_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2,
+                               EVP_CIPHER_CTX_key_length(ctx) * 4,
+                               &xctx->ks2.ks);
+        xctx->xts.block2 = (block128_f) aes_t4_encrypt;
+
+        xctx->xts.key1 = &xctx->ks1;
+    }
+
+    if (iv) {
+        xctx->xts.key2 = &xctx->ks2;
+        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 16);
+    }
+
+    return 1;
+}
+
+# define aes_t4_xts_cipher aes_xts_cipher
+static int aes_t4_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                             const unsigned char *in, size_t len);
+
+static int aes_t4_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                               const unsigned char *iv, int enc)
+{
+    EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx);
+    if (!iv && !key)
+        return 1;
+    if (key) {
+        int bits = EVP_CIPHER_CTX_key_length(ctx) * 8;
+        aes_t4_set_encrypt_key(key, bits, &cctx->ks.ks);
+        CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
+                           &cctx->ks, (block128_f) aes_t4_encrypt);
+        cctx->str = NULL;
+        cctx->key_set = 1;
+    }
+    if (iv) {
+        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 15 - cctx->L);
+        cctx->iv_set = 1;
+    }
+    return 1;
+}
+
+# define aes_t4_ccm_cipher aes_ccm_cipher
+static int aes_t4_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                             const unsigned char *in, size_t len);
+
+# ifndef OPENSSL_NO_OCB
+static int aes_t4_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                               const unsigned char *iv, int enc)
+{
+    EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,ctx);
+    if (!iv && !key)
+        return 1;
+    if (key) {
+        do {
+            /*
+             * We set both the encrypt and decrypt key here because decrypt
+             * needs both. We could possibly optimise to remove setting the
+             * decrypt for an encryption operation.
+             */
+            aes_t4_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                   &octx->ksenc.ks);
+            aes_t4_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                   &octx->ksdec.ks);
+            if (!CRYPTO_ocb128_init(&octx->ocb,
+                                    &octx->ksenc.ks, &octx->ksdec.ks,
+                                    (block128_f) aes_t4_encrypt,
+                                    (block128_f) aes_t4_decrypt,
+                                    NULL))
+                return 0;
+        }
+        while (0);
+
+        /*
+         * If we have an iv we can set it directly, otherwise use saved IV.
+         */
+        if (iv == NULL && octx->iv_set)
+            iv = octx->iv;
+        if (iv) {
+            if (CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen)
+                != 1)
+                return 0;
+            octx->iv_set = 1;
+        }
+        octx->key_set = 1;
+    } else {
+        /* If key set use IV, otherwise copy */
+        if (octx->key_set)
+            CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen);
+        else
+            memcpy(octx->iv, iv, octx->ivlen);
+        octx->iv_set = 1;
+    }
+    return 1;
+}
+
+#  define aes_t4_ocb_cipher aes_ocb_cipher
+static int aes_t4_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                             const unsigned char *in, size_t len);
+# endif                        /* OPENSSL_NO_OCB */
+
+# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
+static const EVP_CIPHER aes_t4_##keylen##_##mode = { \
+        nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
+        flags|EVP_CIPH_##MODE##_MODE,   \
+        aes_t4_init_key,                \
+        aes_t4_##mode##_cipher,         \
+        NULL,                           \
+        sizeof(EVP_AES_KEY),            \
+        NULL,NULL,NULL,NULL }; \
+static const EVP_CIPHER aes_##keylen##_##mode = { \
+        nid##_##keylen##_##nmode,blocksize,     \
+        keylen/8,ivlen, \
+        flags|EVP_CIPH_##MODE##_MODE,   \
+        aes_init_key,                   \
+        aes_##mode##_cipher,            \
+        NULL,                           \
+        sizeof(EVP_AES_KEY),            \
+        NULL,NULL,NULL,NULL }; \
+const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
+{ return SPARC_AES_CAPABLE?&aes_t4_##keylen##_##mode:&aes_##keylen##_##mode; }
+
+# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \
+static const EVP_CIPHER aes_t4_##keylen##_##mode = { \
+        nid##_##keylen##_##mode,blocksize, \
+        (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \
+        flags|EVP_CIPH_##MODE##_MODE,   \
+        aes_t4_##mode##_init_key,       \
+        aes_t4_##mode##_cipher,         \
+        aes_##mode##_cleanup,           \
+        sizeof(EVP_AES_##MODE##_CTX),   \
+        NULL,NULL,aes_##mode##_ctrl,NULL }; \
+static const EVP_CIPHER aes_##keylen##_##mode = { \
+        nid##_##keylen##_##mode,blocksize, \
+        (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \
+        flags|EVP_CIPH_##MODE##_MODE,   \
+        aes_##mode##_init_key,          \
+        aes_##mode##_cipher,            \
+        aes_##mode##_cleanup,           \
+        sizeof(EVP_AES_##MODE##_CTX),   \
+        NULL,NULL,aes_##mode##_ctrl,NULL }; \
+const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
+{ return SPARC_AES_CAPABLE?&aes_t4_##keylen##_##mode:&aes_##keylen##_##mode; }
+
+#elif defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
+/*
+ * IBM S390X support
+ */
+# include "s390x_arch.h"
+
+typedef struct {
+    union {
+        double align;
+        /*-
+         * KM-AES parameter block - begin
+         * (see z/Architecture Principles of Operation >= SA22-7832-06)
+         */
+        struct {
+            unsigned char k[32];
+        } param;
+        /* KM-AES parameter block - end */
+    } km;
+    unsigned int fc;
+} S390X_AES_ECB_CTX;
+
+typedef struct {
+    union {
+        double align;
+        /*-
+         * KMO-AES parameter block - begin
+         * (see z/Architecture Principles of Operation >= SA22-7832-08)
+         */
+        struct {
+            unsigned char cv[16];
+            unsigned char k[32];
+        } param;
+        /* KMO-AES parameter block - end */
+    } kmo;
+    unsigned int fc;
+
+    int res;
+} S390X_AES_OFB_CTX;
+
+typedef struct {
+    union {
+        double align;
+        /*-
+         * KMF-AES parameter block - begin
+         * (see z/Architecture Principles of Operation >= SA22-7832-08)
+         */
+        struct {
+            unsigned char cv[16];
+            unsigned char k[32];
+        } param;
+        /* KMF-AES parameter block - end */
+    } kmf;
+    unsigned int fc;
+
+    int res;
+} S390X_AES_CFB_CTX;
+
+typedef struct {
+    union {
+        double align;
+        /*-
+         * KMA-GCM-AES parameter block - begin
+         * (see z/Architecture Principles of Operation >= SA22-7832-11)
+         */
+        struct {
+            unsigned char reserved[12];
+            union {
+                unsigned int w;
+                unsigned char b[4];
+            } cv;
+            union {
+                unsigned long long g[2];
+                unsigned char b[16];
+            } t;
+            unsigned char h[16];
+            unsigned long long taadl;
+            unsigned long long tpcl;
+            union {
+                unsigned long long g[2];
+                unsigned int w[4];
+            } j0;
+            unsigned char k[32];
+        } param;
+        /* KMA-GCM-AES parameter block - end */
+    } kma;
+    unsigned int fc;
+    int key_set;
+
+    unsigned char *iv;
+    int ivlen;
+    int iv_set;
+    int iv_gen;
+
+    int taglen;
+
+    unsigned char ares[16];
+    unsigned char mres[16];
+    unsigned char kres[16];
+    int areslen;
+    int mreslen;
+    int kreslen;
+
+    int tls_aad_len;
+} S390X_AES_GCM_CTX;
+
+typedef struct {
+    union {
+        double align;
+        /*-
+         * Padding is chosen so that ccm.kmac_param.k overlaps with key.k and
+         * ccm.fc with key.k.rounds. Remember that on s390x, an AES_KEY's
+         * rounds field is used to store the function code and that the key
+         * schedule is not stored (if aes hardware support is detected).
+         */
+        struct {
+            unsigned char pad[16];
+            AES_KEY k;
+        } key;
+
+        struct {
+            /*-
+             * KMAC-AES parameter block - begin
+             * (see z/Architecture Principles of Operation >= SA22-7832-08)
+             */
+            struct {
+                union {
+                    unsigned long long g[2];
+                    unsigned char b[16];
+                } icv;
+                unsigned char k[32];
+            } kmac_param;
+            /* KMAC-AES paramater block - end */
+
+            union {
+                unsigned long long g[2];
+                unsigned char b[16];
+            } nonce;
+            union {
+                unsigned long long g[2];
+                unsigned char b[16];
+            } buf;
+
+            unsigned long long blocks;
+            int l;
+            int m;
+            int tls_aad_len;
+            int iv_set;
+            int tag_set;
+            int len_set;
+            int key_set;
+
+            unsigned char pad[140];
+            unsigned int fc;
+        } ccm;
+    } aes;
+} S390X_AES_CCM_CTX;
+
+/* Convert key size to function code: [16,24,32] -> [18,19,20]. */
+# define S390X_AES_FC(keylen)  (S390X_AES_128 + ((((keylen) << 3) - 128) >> 6))
+
+/* Most modes of operation need km for partial block processing. */
+# define S390X_aes_128_CAPABLE (OPENSSL_s390xcap_P.km[0] &	\
+                                S390X_CAPBIT(S390X_AES_128))
+# define S390X_aes_192_CAPABLE (OPENSSL_s390xcap_P.km[0] &	\
+                                S390X_CAPBIT(S390X_AES_192))
+# define S390X_aes_256_CAPABLE (OPENSSL_s390xcap_P.km[0] &	\
+                                S390X_CAPBIT(S390X_AES_256))
+
+# define s390x_aes_init_key aes_init_key
+static int s390x_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                              const unsigned char *iv, int enc);
+
+# define S390X_aes_128_cbc_CAPABLE	1	/* checked by callee */
+# define S390X_aes_192_cbc_CAPABLE	1
+# define S390X_aes_256_cbc_CAPABLE	1
+# define S390X_AES_CBC_CTX		EVP_AES_KEY
+
+# define s390x_aes_cbc_init_key aes_init_key
+
+# define s390x_aes_cbc_cipher aes_cbc_cipher
+static int s390x_aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t len);
+
+# define S390X_aes_128_ecb_CAPABLE	S390X_aes_128_CAPABLE
+# define S390X_aes_192_ecb_CAPABLE	S390X_aes_192_CAPABLE
+# define S390X_aes_256_ecb_CAPABLE	S390X_aes_256_CAPABLE
+
+static int s390x_aes_ecb_init_key(EVP_CIPHER_CTX *ctx,
+                                  const unsigned char *key,
+                                  const unsigned char *iv, int enc)
+{
+    S390X_AES_ECB_CTX *cctx = EVP_C_DATA(S390X_AES_ECB_CTX, ctx);
+    const int keylen = EVP_CIPHER_CTX_key_length(ctx);
+
+    cctx->fc = S390X_AES_FC(keylen);
+    if (!enc)
+        cctx->fc |= S390X_DECRYPT;
+
+    memcpy(cctx->km.param.k, key, keylen);
+    return 1;
+}
+
+static int s390x_aes_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t len)
+{
+    S390X_AES_ECB_CTX *cctx = EVP_C_DATA(S390X_AES_ECB_CTX, ctx);
+
+    s390x_km(in, len, out, cctx->fc, &cctx->km.param);
+    return 1;
+}
+
+# define S390X_aes_128_ofb_CAPABLE (S390X_aes_128_CAPABLE &&		\
+                                    (OPENSSL_s390xcap_P.kmo[0] &	\
+                                     S390X_CAPBIT(S390X_AES_128)))
+# define S390X_aes_192_ofb_CAPABLE (S390X_aes_192_CAPABLE &&		\
+                                    (OPENSSL_s390xcap_P.kmo[0] &	\
+                                     S390X_CAPBIT(S390X_AES_192)))
+# define S390X_aes_256_ofb_CAPABLE (S390X_aes_256_CAPABLE &&		\
+                                    (OPENSSL_s390xcap_P.kmo[0] &	\
+                                     S390X_CAPBIT(S390X_AES_256)))
+
+static int s390x_aes_ofb_init_key(EVP_CIPHER_CTX *ctx,
+                                  const unsigned char *key,
+                                  const unsigned char *ivec, int enc)
+{
+    S390X_AES_OFB_CTX *cctx = EVP_C_DATA(S390X_AES_OFB_CTX, ctx);
+    const unsigned char *iv = EVP_CIPHER_CTX_original_iv(ctx);
+    const int keylen = EVP_CIPHER_CTX_key_length(ctx);
+    const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
+
+    memcpy(cctx->kmo.param.cv, iv, ivlen);
+    memcpy(cctx->kmo.param.k, key, keylen);
+    cctx->fc = S390X_AES_FC(keylen);
+    cctx->res = 0;
+    return 1;
+}
+
+static int s390x_aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t len)
+{
+    S390X_AES_OFB_CTX *cctx = EVP_C_DATA(S390X_AES_OFB_CTX, ctx);
+    int n = cctx->res;
+    int rem;
+
+    while (n && len) {
+        *out = *in ^ cctx->kmo.param.cv[n];
+        n = (n + 1) & 0xf;
+        --len;
+        ++in;
+        ++out;
+    }
+
+    rem = len & 0xf;
+
+    len &= ~(size_t)0xf;
+    if (len) {
+        s390x_kmo(in, len, out, cctx->fc, &cctx->kmo.param);
+
+        out += len;
+        in += len;
+    }
+
+    if (rem) {
+        s390x_km(cctx->kmo.param.cv, 16, cctx->kmo.param.cv, cctx->fc,
+                 cctx->kmo.param.k);
+
+        while (rem--) {
+            out[n] = in[n] ^ cctx->kmo.param.cv[n];
+            ++n;
+        }
+    }
+
+    cctx->res = n;
+    return 1;
+}
+
+# define S390X_aes_128_cfb_CAPABLE (S390X_aes_128_CAPABLE &&		\
+                                    (OPENSSL_s390xcap_P.kmf[0] &	\
+                                     S390X_CAPBIT(S390X_AES_128)))
+# define S390X_aes_192_cfb_CAPABLE (S390X_aes_192_CAPABLE &&		\
+                                    (OPENSSL_s390xcap_P.kmf[0] &	\
+                                     S390X_CAPBIT(S390X_AES_192)))
+# define S390X_aes_256_cfb_CAPABLE (S390X_aes_256_CAPABLE &&		\
+                                    (OPENSSL_s390xcap_P.kmf[0] &	\
+                                     S390X_CAPBIT(S390X_AES_256)))
+
+static int s390x_aes_cfb_init_key(EVP_CIPHER_CTX *ctx,
+                                  const unsigned char *key,
+                                  const unsigned char *ivec, int enc)
+{
+    S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);
+    const unsigned char *iv = EVP_CIPHER_CTX_original_iv(ctx);
+    const int keylen = EVP_CIPHER_CTX_key_length(ctx);
+    const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
+
+    cctx->fc = S390X_AES_FC(keylen);
+    cctx->fc |= 16 << 24;   /* 16 bytes cipher feedback */
+    if (!enc)
+        cctx->fc |= S390X_DECRYPT;
+
+    cctx->res = 0;
+    memcpy(cctx->kmf.param.cv, iv, ivlen);
+    memcpy(cctx->kmf.param.k, key, keylen);
+    return 1;
+}
+
+static int s390x_aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t len)
+{
+    S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);
+    const int keylen = EVP_CIPHER_CTX_key_length(ctx);
+    const int enc = EVP_CIPHER_CTX_encrypting(ctx);
+    int n = cctx->res;
+    int rem;
+    unsigned char tmp;
+
+    while (n && len) {
+        tmp = *in;
+        *out = cctx->kmf.param.cv[n] ^ tmp;
+        cctx->kmf.param.cv[n] = enc ? *out : tmp;
+        n = (n + 1) & 0xf;
+        --len;
+        ++in;
+        ++out;
+    }
+
+    rem = len & 0xf;
+
+    len &= ~(size_t)0xf;
+    if (len) {
+        s390x_kmf(in, len, out, cctx->fc, &cctx->kmf.param);
+
+        out += len;
+        in += len;
+    }
+
+    if (rem) {
+        s390x_km(cctx->kmf.param.cv, 16, cctx->kmf.param.cv,
+                 S390X_AES_FC(keylen), cctx->kmf.param.k);
+
+        while (rem--) {
+            tmp = in[n];
+            out[n] = cctx->kmf.param.cv[n] ^ tmp;
+            cctx->kmf.param.cv[n] = enc ? out[n] : tmp;
+            ++n;
+        }
+    }
+
+    cctx->res = n;
+    return 1;
+}
+
+# define S390X_aes_128_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] &	\
+                                     S390X_CAPBIT(S390X_AES_128))
+# define S390X_aes_192_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] &	\
+                                     S390X_CAPBIT(S390X_AES_192))
+# define S390X_aes_256_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] &	\
+                                     S390X_CAPBIT(S390X_AES_256))
+
+static int s390x_aes_cfb8_init_key(EVP_CIPHER_CTX *ctx,
+                                   const unsigned char *key,
+                                   const unsigned char *ivec, int enc)
+{
+    S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);
+    const unsigned char *iv = EVP_CIPHER_CTX_original_iv(ctx);
+    const int keylen = EVP_CIPHER_CTX_key_length(ctx);
+    const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
+
+    cctx->fc = S390X_AES_FC(keylen);
+    cctx->fc |= 1 << 24;   /* 1 byte cipher feedback */
+    if (!enc)
+        cctx->fc |= S390X_DECRYPT;
+
+    memcpy(cctx->kmf.param.cv, iv, ivlen);
+    memcpy(cctx->kmf.param.k, key, keylen);
+    return 1;
+}
+
+static int s390x_aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                 const unsigned char *in, size_t len)
+{
+    S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);
+
+    s390x_kmf(in, len, out, cctx->fc, &cctx->kmf.param);
+    return 1;
+}
+
+# define S390X_aes_128_cfb1_CAPABLE	0
+# define S390X_aes_192_cfb1_CAPABLE	0
+# define S390X_aes_256_cfb1_CAPABLE	0
+
+# define s390x_aes_cfb1_init_key aes_init_key
+
+# define s390x_aes_cfb1_cipher aes_cfb1_cipher
+static int s390x_aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                 const unsigned char *in, size_t len);
+
+# define S390X_aes_128_ctr_CAPABLE	1	/* checked by callee */
+# define S390X_aes_192_ctr_CAPABLE	1
+# define S390X_aes_256_ctr_CAPABLE	1
+# define S390X_AES_CTR_CTX		EVP_AES_KEY
+
+# define s390x_aes_ctr_init_key aes_init_key
+
+# define s390x_aes_ctr_cipher aes_ctr_cipher
+static int s390x_aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t len);
+
+# define S390X_aes_128_gcm_CAPABLE (S390X_aes_128_CAPABLE &&		\
+                                    (OPENSSL_s390xcap_P.kma[0] &	\
+                                     S390X_CAPBIT(S390X_AES_128)))
+# define S390X_aes_192_gcm_CAPABLE (S390X_aes_192_CAPABLE &&		\
+                                    (OPENSSL_s390xcap_P.kma[0] &	\
+                                     S390X_CAPBIT(S390X_AES_192)))
+# define S390X_aes_256_gcm_CAPABLE (S390X_aes_256_CAPABLE &&		\
+                                    (OPENSSL_s390xcap_P.kma[0] &	\
+                                     S390X_CAPBIT(S390X_AES_256)))
+
+/* iv + padding length for iv lenghts != 12 */
+# define S390X_gcm_ivpadlen(i)	((((i) + 15) >> 4 << 4) + 16)
+
+/*-
+ * Process additional authenticated data. Returns 0 on success. Code is
+ * big-endian.
+ */
+static int s390x_aes_gcm_aad(S390X_AES_GCM_CTX *ctx, const unsigned char *aad,
+                             size_t len)
+{
+    unsigned long long alen;
+    int n, rem;
+
+    if (ctx->kma.param.tpcl)
+        return -2;
+
+    alen = ctx->kma.param.taadl + len;
+    if (alen > (U64(1) << 61) || (sizeof(len) == 8 && alen < len))
+        return -1;
+    ctx->kma.param.taadl = alen;
+
+    n = ctx->areslen;
+    if (n) {
+        while (n && len) {
+            ctx->ares[n] = *aad;
+            n = (n + 1) & 0xf;
+            ++aad;
+            --len;
+        }
+        /* ctx->ares contains a complete block if offset has wrapped around */
+        if (!n) {
+            s390x_kma(ctx->ares, 16, NULL, 0, NULL, ctx->fc, &ctx->kma.param);
+            ctx->fc |= S390X_KMA_HS;
+        }
+        ctx->areslen = n;
+    }
+
+    rem = len & 0xf;
+
+    len &= ~(size_t)0xf;
+    if (len) {
+        s390x_kma(aad, len, NULL, 0, NULL, ctx->fc, &ctx->kma.param);
+        aad += len;
+        ctx->fc |= S390X_KMA_HS;
+    }
+
+    if (rem) {
+        ctx->areslen = rem;
+
+        do {
+            --rem;
+            ctx->ares[rem] = aad[rem];
+        } while (rem);
+    }
+    return 0;
+}
+
+/*-
+ * En/de-crypt plain/cipher-text and authenticate ciphertext. Returns 0 for
+ * success. Code is big-endian.
+ */
+static int s390x_aes_gcm(S390X_AES_GCM_CTX *ctx, const unsigned char *in,
+                         unsigned char *out, size_t len)
+{
+    const unsigned char *inptr;
+    unsigned long long mlen;
+    union {
+        unsigned int w[4];
+        unsigned char b[16];
+    } buf;
+    size_t inlen;
+    int n, rem, i;
+
+    mlen = ctx->kma.param.tpcl + len;
+    if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len))
+        return -1;
+    ctx->kma.param.tpcl = mlen;
+
+    n = ctx->mreslen;
+    if (n) {
+        inptr = in;
+        inlen = len;
+        while (n && inlen) {
+            ctx->mres[n] = *inptr;
+            n = (n + 1) & 0xf;
+            ++inptr;
+            --inlen;
+        }
+        /* ctx->mres contains a complete block if offset has wrapped around */
+        if (!n) {
+            s390x_kma(ctx->ares, ctx->areslen, ctx->mres, 16, buf.b,
+                      ctx->fc | S390X_KMA_LAAD, &ctx->kma.param);
+            ctx->fc |= S390X_KMA_HS;
+            ctx->areslen = 0;
+
+            /* previous call already encrypted/decrypted its remainder,
+             * see comment below */
+            n = ctx->mreslen;
+            while (n) {
+                *out = buf.b[n];
+                n = (n + 1) & 0xf;
+                ++out;
+                ++in;
+                --len;
+            }
+            ctx->mreslen = 0;
+        }
+    }
+
+    rem = len & 0xf;
+
+    len &= ~(size_t)0xf;
+    if (len) {
+        s390x_kma(ctx->ares, ctx->areslen, in, len, out,
+                  ctx->fc | S390X_KMA_LAAD, &ctx->kma.param);
+        in += len;
+        out += len;
+        ctx->fc |= S390X_KMA_HS;
+        ctx->areslen = 0;
+    }
+
+    /*-
+     * If there is a remainder, it has to be saved such that it can be
+     * processed by kma later. However, we also have to do the for-now
+     * unauthenticated encryption/decryption part here and now...
+     */
+    if (rem) {
+        if (!ctx->mreslen) {
+            buf.w[0] = ctx->kma.param.j0.w[0];
+            buf.w[1] = ctx->kma.param.j0.w[1];
+            buf.w[2] = ctx->kma.param.j0.w[2];
+            buf.w[3] = ctx->kma.param.cv.w + 1;
+            s390x_km(buf.b, 16, ctx->kres, ctx->fc & 0x1f, &ctx->kma.param.k);
+        }
+
+        n = ctx->mreslen;
+        for (i = 0; i < rem; i++) {
+            ctx->mres[n + i] = in[i];
+            out[i] = in[i] ^ ctx->kres[n + i];
+        }
+
+        ctx->mreslen += rem;
+    }
+    return 0;
+}
+
+/*-
+ * Initialize context structure. Code is big-endian.
+ */
+static void s390x_aes_gcm_setiv(S390X_AES_GCM_CTX *ctx,
+                                const unsigned char *iv)
+{
+    ctx->kma.param.t.g[0] = 0;
+    ctx->kma.param.t.g[1] = 0;
+    ctx->kma.param.tpcl = 0;
+    ctx->kma.param.taadl = 0;
+    ctx->mreslen = 0;
+    ctx->areslen = 0;
+    ctx->kreslen = 0;
+
+    if (ctx->ivlen == 12) {
+        memcpy(&ctx->kma.param.j0, iv, ctx->ivlen);
+        ctx->kma.param.j0.w[3] = 1;
+        ctx->kma.param.cv.w = 1;
+    } else {
+        /* ctx->iv has the right size and is already padded. */
+        memcpy(ctx->iv, iv, ctx->ivlen);
+        s390x_kma(ctx->iv, S390X_gcm_ivpadlen(ctx->ivlen), NULL, 0, NULL,
+                  ctx->fc, &ctx->kma.param);
+        ctx->fc |= S390X_KMA_HS;
+
+        ctx->kma.param.j0.g[0] = ctx->kma.param.t.g[0];
+        ctx->kma.param.j0.g[1] = ctx->kma.param.t.g[1];
+        ctx->kma.param.cv.w = ctx->kma.param.j0.w[3];
+        ctx->kma.param.t.g[0] = 0;
+        ctx->kma.param.t.g[1] = 0;
+    }
+}
+
+/*-
+ * Performs various operations on the context structure depending on control
+ * type. Returns 1 for success, 0 for failure and -1 for unknown control type.
+ * Code is big-endian.
+ */
+static int s390x_aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+{
+    S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, c);
+    S390X_AES_GCM_CTX *gctx_out;
+    EVP_CIPHER_CTX *out;
+    unsigned char *buf, *iv;
+    int ivlen, enc, len;
+
+    switch (type) {
+    case EVP_CTRL_INIT:
+        ivlen = EVP_CIPHER_CTX_iv_length(c);
+        iv = EVP_CIPHER_CTX_iv_noconst(c);
+        gctx->key_set = 0;
+        gctx->iv_set = 0;
+        gctx->ivlen = ivlen;
+        gctx->iv = iv;
+        gctx->taglen = -1;
+        gctx->iv_gen = 0;
+        gctx->tls_aad_len = -1;
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_IVLEN:
+        if (arg <= 0)
+            return 0;
+
+        if (arg != 12) {
+            iv = EVP_CIPHER_CTX_iv_noconst(c);
+            len = S390X_gcm_ivpadlen(arg);
+
+            /* Allocate memory for iv if needed. */
+            if (gctx->ivlen == 12 || len > S390X_gcm_ivpadlen(gctx->ivlen)) {
+                if (gctx->iv != iv)
+                    OPENSSL_free(gctx->iv);
+
+                if ((gctx->iv = OPENSSL_malloc(len)) == NULL) {
+                    EVPerr(EVP_F_S390X_AES_GCM_CTRL, ERR_R_MALLOC_FAILURE);
+                    return 0;
+                }
+            }
+            /* Add padding. */
+            memset(gctx->iv + arg, 0, len - arg - 8);
+            *((unsigned long long *)(gctx->iv + len - 8)) = arg << 3;
+        }
+        gctx->ivlen = arg;
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_TAG:
+        buf = EVP_CIPHER_CTX_buf_noconst(c);
+        enc = EVP_CIPHER_CTX_encrypting(c);
+        if (arg <= 0 || arg > 16 || enc)
+            return 0;
+
+        memcpy(buf, ptr, arg);
+        gctx->taglen = arg;
+        return 1;
+
+    case EVP_CTRL_AEAD_GET_TAG:
+        enc = EVP_CIPHER_CTX_encrypting(c);
+        if (arg <= 0 || arg > 16 || !enc || gctx->taglen < 0)
+            return 0;
+
+        memcpy(ptr, gctx->kma.param.t.b, arg);
+        return 1;
+
+    case EVP_CTRL_GCM_SET_IV_FIXED:
+        /* Special case: -1 length restores whole iv */
+        if (arg == -1) {
+            memcpy(gctx->iv, ptr, gctx->ivlen);
+            gctx->iv_gen = 1;
+            return 1;
+        }
+        /*
+         * Fixed field must be at least 4 bytes and invocation field at least
+         * 8.
+         */
+        if ((arg < 4) || (gctx->ivlen - arg) < 8)
+            return 0;
+
+        if (arg)
+            memcpy(gctx->iv, ptr, arg);
+
+        enc = EVP_CIPHER_CTX_encrypting(c);
+        if (enc && RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0)
+            return 0;
+
+        gctx->iv_gen = 1;
+        return 1;
+
+    case EVP_CTRL_GCM_IV_GEN:
+        if (gctx->iv_gen == 0 || gctx->key_set == 0)
+            return 0;
+
+        s390x_aes_gcm_setiv(gctx, gctx->iv);
+
+        if (arg <= 0 || arg > gctx->ivlen)
+            arg = gctx->ivlen;
+
+        memcpy(ptr, gctx->iv + gctx->ivlen - arg, arg);
+        /*
+         * Invocation field will be at least 8 bytes in size and so no need
+         * to check wrap around or increment more than last 8 bytes.
+         */
+        ctr64_inc(gctx->iv + gctx->ivlen - 8);
+        gctx->iv_set = 1;
+        return 1;
+
+    case EVP_CTRL_GCM_SET_IV_INV:
+        enc = EVP_CIPHER_CTX_encrypting(c);
+        if (gctx->iv_gen == 0 || gctx->key_set == 0 || enc)
+            return 0;
+
+        memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg);
+        s390x_aes_gcm_setiv(gctx, gctx->iv);
+        gctx->iv_set = 1;
+        return 1;
+
+    case EVP_CTRL_AEAD_TLS1_AAD:
+        /* Save the aad for later use. */
+        if (arg != EVP_AEAD_TLS1_AAD_LEN)
+            return 0;
+
+        buf = EVP_CIPHER_CTX_buf_noconst(c);
+        memcpy(buf, ptr, arg);
+        gctx->tls_aad_len = arg;
+
+        len = buf[arg - 2] << 8 | buf[arg - 1];
+        /* Correct length for explicit iv. */
+        if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN)
+            return 0;
+        len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
+
+        /* If decrypting correct for tag too. */
+        enc = EVP_CIPHER_CTX_encrypting(c);
+        if (!enc) {
+            if (len < EVP_GCM_TLS_TAG_LEN)
+                return 0;
+            len -= EVP_GCM_TLS_TAG_LEN;
+        }
+        buf[arg - 2] = len >> 8;
+        buf[arg - 1] = len & 0xff;
+        /* Extra padding: tag appended to record. */
+        return EVP_GCM_TLS_TAG_LEN;
+
+    case EVP_CTRL_COPY:
+        out = ptr;
+        gctx_out = EVP_C_DATA(S390X_AES_GCM_CTX, out);
+        iv = EVP_CIPHER_CTX_iv_noconst(c);
+
+        if (gctx->iv == iv) {
+            gctx_out->iv = EVP_CIPHER_CTX_iv_noconst(out);
+        } else {
+            len = S390X_gcm_ivpadlen(gctx->ivlen);
+
+            if ((gctx_out->iv = OPENSSL_malloc(len)) == NULL) {
+                EVPerr(EVP_F_S390X_AES_GCM_CTRL, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+
+            memcpy(gctx_out->iv, gctx->iv, len);
+        }
+        return 1;
+
+    default:
+        return -1;
+    }
+}
+
+/*-
+ * Set key and/or iv. Returns 1 on success. Otherwise 0 is returned.
+ */
+static int s390x_aes_gcm_init_key(EVP_CIPHER_CTX *ctx,
+                                  const unsigned char *key,
+                                  const unsigned char *iv, int enc)
+{
+    S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, ctx);
+    int keylen;
+
+    if (iv == NULL && key == NULL)
+        return 1;
+
+    if (key != NULL) {
+        keylen = EVP_CIPHER_CTX_key_length(ctx);
+        memcpy(&gctx->kma.param.k, key, keylen);
+
+        gctx->fc = S390X_AES_FC(keylen);
+        if (!enc)
+            gctx->fc |= S390X_DECRYPT;
+
+        if (iv == NULL && gctx->iv_set)
+            iv = gctx->iv;
+
+        if (iv != NULL) {
+            s390x_aes_gcm_setiv(gctx, iv);
+            gctx->iv_set = 1;
+        }
+        gctx->key_set = 1;
+    } else {
+        if (gctx->key_set)
+            s390x_aes_gcm_setiv(gctx, iv);
+        else
+            memcpy(gctx->iv, iv, gctx->ivlen);
+
+        gctx->iv_set = 1;
+        gctx->iv_gen = 0;
+    }
+    return 1;
+}
+
+/*-
+ * En/de-crypt and authenticate TLS packet. Returns the number of bytes written
+ * if successful. Otherwise -1 is returned. Code is big-endian.
+ */
+static int s390x_aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                    const unsigned char *in, size_t len)
+{
+    S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, ctx);
+    const unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx);
+    const int enc = EVP_CIPHER_CTX_encrypting(ctx);
+    int rv = -1;
+
+    if (out != in || len < (EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN))
+        return -1;
+
+    if (EVP_CIPHER_CTX_ctrl(ctx, enc ? EVP_CTRL_GCM_IV_GEN
+                                     : EVP_CTRL_GCM_SET_IV_INV,
+                            EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0)
+        goto err;
+
+    in += EVP_GCM_TLS_EXPLICIT_IV_LEN;
+    out += EVP_GCM_TLS_EXPLICIT_IV_LEN;
+    len -= EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
+
+    gctx->kma.param.taadl = gctx->tls_aad_len << 3;
+    gctx->kma.param.tpcl = len << 3;
+    s390x_kma(buf, gctx->tls_aad_len, in, len, out,
+              gctx->fc | S390X_KMA_LAAD | S390X_KMA_LPC, &gctx->kma.param);
+
+    if (enc) {
+        memcpy(out + len, gctx->kma.param.t.b, EVP_GCM_TLS_TAG_LEN);
+        rv = len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
+    } else {
+        if (CRYPTO_memcmp(gctx->kma.param.t.b, in + len,
+                          EVP_GCM_TLS_TAG_LEN)) {
+            OPENSSL_cleanse(out, len);
+            goto err;
+        }
+        rv = len;
+    }
+err:
+    gctx->iv_set = 0;
+    gctx->tls_aad_len = -1;
+    return rv;
+}
+
+/*-
+ * Called from EVP layer to initialize context, process additional
+ * authenticated data, en/de-crypt plain/cipher-text and authenticate
+ * ciphertext or process a TLS packet, depending on context. Returns bytes
+ * written on success. Otherwise -1 is returned. Code is big-endian.
+ */
+static int s390x_aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t len)
+{
+    S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, ctx);
+    unsigned char *buf, tmp[16];
+    int enc;
+
+    if (!gctx->key_set)
+        return -1;
+
+    if (gctx->tls_aad_len >= 0)
+        return s390x_aes_gcm_tls_cipher(ctx, out, in, len);
+
+    if (!gctx->iv_set)
+        return -1;
+
+    if (in != NULL) {
+        if (out == NULL) {
+            if (s390x_aes_gcm_aad(gctx, in, len))
+                return -1;
+        } else {
+            if (s390x_aes_gcm(gctx, in, out, len))
+                return -1;
+        }
+        return len;
+    } else {
+        gctx->kma.param.taadl <<= 3;
+        gctx->kma.param.tpcl <<= 3;
+        s390x_kma(gctx->ares, gctx->areslen, gctx->mres, gctx->mreslen, tmp,
+                  gctx->fc | S390X_KMA_LAAD | S390X_KMA_LPC, &gctx->kma.param);
+        /* recall that we already did en-/decrypt gctx->mres
+         * and returned it to caller... */
+        OPENSSL_cleanse(tmp, gctx->mreslen);
+        gctx->iv_set = 0;
+
+        enc = EVP_CIPHER_CTX_encrypting(ctx);
+        if (enc) {
+            gctx->taglen = 16;
+        } else {
+            if (gctx->taglen < 0)
+                return -1;
+
+            buf = EVP_CIPHER_CTX_buf_noconst(ctx);
+            if (CRYPTO_memcmp(buf, gctx->kma.param.t.b, gctx->taglen))
+                return -1;
+        }
+        return 0;
+    }
+}
+
+static int s390x_aes_gcm_cleanup(EVP_CIPHER_CTX *c)
+{
+    S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, c);
+    const unsigned char *iv;
+
+    if (gctx == NULL)
+        return 0;
+
+    iv = EVP_CIPHER_CTX_iv(c);
+    if (iv != gctx->iv)
+        OPENSSL_free(gctx->iv);
+
+    OPENSSL_cleanse(gctx, sizeof(*gctx));
+    return 1;
+}
+
+# define S390X_AES_XTS_CTX		EVP_AES_XTS_CTX
+# define S390X_aes_128_xts_CAPABLE	1	/* checked by callee */
+# define S390X_aes_256_xts_CAPABLE	1
+
+# define s390x_aes_xts_init_key aes_xts_init_key
+static int s390x_aes_xts_init_key(EVP_CIPHER_CTX *ctx,
+                                  const unsigned char *key,
+                                  const unsigned char *iv, int enc);
+# define s390x_aes_xts_cipher aes_xts_cipher
+static int s390x_aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t len);
+# define s390x_aes_xts_ctrl aes_xts_ctrl
+static int s390x_aes_xts_ctrl(EVP_CIPHER_CTX *, int type, int arg, void *ptr);
+# define s390x_aes_xts_cleanup aes_xts_cleanup
+
+# define S390X_aes_128_ccm_CAPABLE (S390X_aes_128_CAPABLE &&		\
+                                    (OPENSSL_s390xcap_P.kmac[0] &	\
+                                     S390X_CAPBIT(S390X_AES_128)))
+# define S390X_aes_192_ccm_CAPABLE (S390X_aes_192_CAPABLE &&		\
+                                    (OPENSSL_s390xcap_P.kmac[0] &	\
+                                     S390X_CAPBIT(S390X_AES_192)))
+# define S390X_aes_256_ccm_CAPABLE (S390X_aes_256_CAPABLE &&		\
+                                    (OPENSSL_s390xcap_P.kmac[0] &	\
+                                     S390X_CAPBIT(S390X_AES_256)))
+
+# define S390X_CCM_AAD_FLAG	0x40
+
+/*-
+ * Set nonce and length fields. Code is big-endian.
+ */
+static inline void s390x_aes_ccm_setiv(S390X_AES_CCM_CTX *ctx,
+                                          const unsigned char *nonce,
+                                          size_t mlen)
+{
+    ctx->aes.ccm.nonce.b[0] &= ~S390X_CCM_AAD_FLAG;
+    ctx->aes.ccm.nonce.g[1] = mlen;
+    memcpy(ctx->aes.ccm.nonce.b + 1, nonce, 15 - ctx->aes.ccm.l);
+}
+
+/*-
+ * Process additional authenticated data. Code is big-endian.
+ */
+static void s390x_aes_ccm_aad(S390X_AES_CCM_CTX *ctx, const unsigned char *aad,
+                              size_t alen)
+{
+    unsigned char *ptr;
+    int i, rem;
+
+    if (!alen)
+        return;
+
+    ctx->aes.ccm.nonce.b[0] |= S390X_CCM_AAD_FLAG;
+
+    /* Suppress 'type-punned pointer dereference' warning. */
+    ptr = ctx->aes.ccm.buf.b;
+
+    if (alen < ((1 << 16) - (1 << 8))) {
+        *(uint16_t *)ptr = alen;
+        i = 2;
+    } else if (sizeof(alen) == 8
+               && alen >= (size_t)1 << (32 % (sizeof(alen) * 8))) {
+        *(uint16_t *)ptr = 0xffff;
+        *(uint64_t *)(ptr + 2) = alen;
+        i = 10;
+    } else {
+        *(uint16_t *)ptr = 0xfffe;
+        *(uint32_t *)(ptr + 2) = alen;
+        i = 6;
+    }
+
+    while (i < 16 && alen) {
+        ctx->aes.ccm.buf.b[i] = *aad;
+        ++aad;
+        --alen;
+        ++i;
+    }
+    while (i < 16) {
+        ctx->aes.ccm.buf.b[i] = 0;
+        ++i;
+    }
+
+    ctx->aes.ccm.kmac_param.icv.g[0] = 0;
+    ctx->aes.ccm.kmac_param.icv.g[1] = 0;
+    s390x_kmac(ctx->aes.ccm.nonce.b, 32, ctx->aes.ccm.fc,
+               &ctx->aes.ccm.kmac_param);
+    ctx->aes.ccm.blocks += 2;
+
+    rem = alen & 0xf;
+    alen &= ~(size_t)0xf;
+    if (alen) {
+        s390x_kmac(aad, alen, ctx->aes.ccm.fc, &ctx->aes.ccm.kmac_param);
+        ctx->aes.ccm.blocks += alen >> 4;
+        aad += alen;
+    }
+    if (rem) {
+        for (i = 0; i < rem; i++)
+            ctx->aes.ccm.kmac_param.icv.b[i] ^= aad[i];
+
+        s390x_km(ctx->aes.ccm.kmac_param.icv.b, 16,
+                 ctx->aes.ccm.kmac_param.icv.b, ctx->aes.ccm.fc,
+                 ctx->aes.ccm.kmac_param.k);
+        ctx->aes.ccm.blocks++;
+    }
+}
+
+/*-
+ * En/de-crypt plain/cipher-text. Compute tag from plaintext. Returns 0 for
+ * success.
+ */
+static int s390x_aes_ccm(S390X_AES_CCM_CTX *ctx, const unsigned char *in,
+                         unsigned char *out, size_t len, int enc)
+{
+    size_t n, rem;
+    unsigned int i, l, num;
+    unsigned char flags;
+
+    flags = ctx->aes.ccm.nonce.b[0];
+    if (!(flags & S390X_CCM_AAD_FLAG)) {
+        s390x_km(ctx->aes.ccm.nonce.b, 16, ctx->aes.ccm.kmac_param.icv.b,
+                 ctx->aes.ccm.fc, ctx->aes.ccm.kmac_param.k);
+        ctx->aes.ccm.blocks++;
+    }
+    l = flags & 0x7;
+    ctx->aes.ccm.nonce.b[0] = l;
+
+    /*-
+     * Reconstruct length from encoded length field
+     * and initialize it with counter value.
+     */
+    n = 0;
+    for (i = 15 - l; i < 15; i++) {
+        n |= ctx->aes.ccm.nonce.b[i];
+        ctx->aes.ccm.nonce.b[i] = 0;
+        n <<= 8;
+    }
+    n |= ctx->aes.ccm.nonce.b[15];
+    ctx->aes.ccm.nonce.b[15] = 1;
+
+    if (n != len)
+        return -1;		/* length mismatch */
+
+    if (enc) {
+        /* Two operations per block plus one for tag encryption */
+        ctx->aes.ccm.blocks += (((len + 15) >> 4) << 1) + 1;
+        if (ctx->aes.ccm.blocks > (1ULL << 61))
+            return -2;		/* too much data */
+    }
+
+    num = 0;
+    rem = len & 0xf;
+    len &= ~(size_t)0xf;
+
+    if (enc) {
+        /* mac-then-encrypt */
+        if (len)
+            s390x_kmac(in, len, ctx->aes.ccm.fc, &ctx->aes.ccm.kmac_param);
+        if (rem) {
+            for (i = 0; i < rem; i++)
+                ctx->aes.ccm.kmac_param.icv.b[i] ^= in[len + i];
+
+            s390x_km(ctx->aes.ccm.kmac_param.icv.b, 16,
+                     ctx->aes.ccm.kmac_param.icv.b, ctx->aes.ccm.fc,
+                     ctx->aes.ccm.kmac_param.k);
+        }
+
+        CRYPTO_ctr128_encrypt_ctr32(in, out, len + rem, &ctx->aes.key.k,
+                                    ctx->aes.ccm.nonce.b, ctx->aes.ccm.buf.b,
+                                    &num, (ctr128_f)AES_ctr32_encrypt);
+    } else {
+        /* decrypt-then-mac */
+        CRYPTO_ctr128_encrypt_ctr32(in, out, len + rem, &ctx->aes.key.k,
+                                    ctx->aes.ccm.nonce.b, ctx->aes.ccm.buf.b,
+                                    &num, (ctr128_f)AES_ctr32_encrypt);
+
+        if (len)
+            s390x_kmac(out, len, ctx->aes.ccm.fc, &ctx->aes.ccm.kmac_param);
+        if (rem) {
+            for (i = 0; i < rem; i++)
+                ctx->aes.ccm.kmac_param.icv.b[i] ^= out[len + i];
+
+            s390x_km(ctx->aes.ccm.kmac_param.icv.b, 16,
+                     ctx->aes.ccm.kmac_param.icv.b, ctx->aes.ccm.fc,
+                     ctx->aes.ccm.kmac_param.k);
+        }
+    }
+    /* encrypt tag */
+    for (i = 15 - l; i < 16; i++)
+        ctx->aes.ccm.nonce.b[i] = 0;
+
+    s390x_km(ctx->aes.ccm.nonce.b, 16, ctx->aes.ccm.buf.b, ctx->aes.ccm.fc,
+             ctx->aes.ccm.kmac_param.k);
+    ctx->aes.ccm.kmac_param.icv.g[0] ^= ctx->aes.ccm.buf.g[0];
+    ctx->aes.ccm.kmac_param.icv.g[1] ^= ctx->aes.ccm.buf.g[1];
+
+    ctx->aes.ccm.nonce.b[0] = flags;	/* restore flags field */
+    return 0;
+}
+
+/*-
+ * En/de-crypt and authenticate TLS packet. Returns the number of bytes written
+ * if successful. Otherwise -1 is returned.
+ */
+static int s390x_aes_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                    const unsigned char *in, size_t len)
+{
+    S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx);
+    unsigned char *ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
+    unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx);
+    const int enc = EVP_CIPHER_CTX_encrypting(ctx);
+
+    if (out != in
+            || len < (EVP_CCM_TLS_EXPLICIT_IV_LEN + (size_t)cctx->aes.ccm.m))
+        return -1;
+
+    if (enc) {
+        /* Set explicit iv (sequence number). */
+        memcpy(out, buf, EVP_CCM_TLS_EXPLICIT_IV_LEN);
+    }
+
+    len -= EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->aes.ccm.m;
+    /*-
+     * Get explicit iv (sequence number). We already have fixed iv
+     * (server/client_write_iv) here.
+     */
+    memcpy(ivec + EVP_CCM_TLS_FIXED_IV_LEN, in, EVP_CCM_TLS_EXPLICIT_IV_LEN);
+    s390x_aes_ccm_setiv(cctx, ivec, len);
+
+    /* Process aad (sequence number|type|version|length) */
+    s390x_aes_ccm_aad(cctx, buf, cctx->aes.ccm.tls_aad_len);
+
+    in += EVP_CCM_TLS_EXPLICIT_IV_LEN;
+    out += EVP_CCM_TLS_EXPLICIT_IV_LEN;
+
+    if (enc) {
+        if (s390x_aes_ccm(cctx, in, out, len, enc))
+            return -1;
+
+        memcpy(out + len, cctx->aes.ccm.kmac_param.icv.b, cctx->aes.ccm.m);
+        return len + EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->aes.ccm.m;
+    } else {
+        if (!s390x_aes_ccm(cctx, in, out, len, enc)) {
+            if (!CRYPTO_memcmp(cctx->aes.ccm.kmac_param.icv.b, in + len,
+                               cctx->aes.ccm.m))
+                return len;
+        }
+
+        OPENSSL_cleanse(out, len);
+        return -1;
+    }
+}
+
+/*-
+ * Set key and flag field and/or iv. Returns 1 if successful. Otherwise 0 is
+ * returned.
+ */
+static int s390x_aes_ccm_init_key(EVP_CIPHER_CTX *ctx,
+                                  const unsigned char *key,
+                                  const unsigned char *iv, int enc)
+{
+    S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx);
+    unsigned char *ivec;
+    int keylen;
+
+    if (iv == NULL && key == NULL)
+        return 1;
+
+    if (key != NULL) {
+        keylen = EVP_CIPHER_CTX_key_length(ctx);
+        cctx->aes.ccm.fc = S390X_AES_FC(keylen);
+        memcpy(cctx->aes.ccm.kmac_param.k, key, keylen);
+
+        /* Store encoded m and l. */
+        cctx->aes.ccm.nonce.b[0] = ((cctx->aes.ccm.l - 1) & 0x7)
+                                 | (((cctx->aes.ccm.m - 2) >> 1) & 0x7) << 3;
+        memset(cctx->aes.ccm.nonce.b + 1, 0,
+               sizeof(cctx->aes.ccm.nonce.b));
+        cctx->aes.ccm.blocks = 0;
+
+        cctx->aes.ccm.key_set = 1;
+    }
+
+    if (iv != NULL) {
+        ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
+        memcpy(ivec, iv, 15 - cctx->aes.ccm.l);
+
+        cctx->aes.ccm.iv_set = 1;
+    }
+
+    return 1;
+}
+
+/*-
+ * Called from EVP layer to initialize context, process additional
+ * authenticated data, en/de-crypt plain/cipher-text and authenticate
+ * plaintext or process a TLS packet, depending on context. Returns bytes
+ * written on success. Otherwise -1 is returned.
+ */
+static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t len)
+{
+    S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx);
+    const int enc = EVP_CIPHER_CTX_encrypting(ctx);
+    int rv;
+    unsigned char *buf, *ivec;
+
+    if (!cctx->aes.ccm.key_set)
+        return -1;
+
+    if (cctx->aes.ccm.tls_aad_len >= 0)
+        return s390x_aes_ccm_tls_cipher(ctx, out, in, len);
+
+    /*-
+     * Final(): Does not return any data. Recall that ccm is mac-then-encrypt
+     * so integrity must be checked already at Update() i.e., before
+     * potentially corrupted data is output.
+     */
+    if (in == NULL && out != NULL)
+        return 0;
+
+    if (!cctx->aes.ccm.iv_set)
+        return -1;
+
+    if (!enc && !cctx->aes.ccm.tag_set)
+        return -1;
+
+    if (out == NULL) {
+        /* Update(): Pass message length. */
+        if (in == NULL) {
+            ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
+            s390x_aes_ccm_setiv(cctx, ivec, len);
+
+            cctx->aes.ccm.len_set = 1;
+            return len;
+        }
+
+        /* Update(): Process aad. */
+        if (!cctx->aes.ccm.len_set && len)
+            return -1;
+
+        s390x_aes_ccm_aad(cctx, in, len);
+        return len;
+    }
+
+    /* Update(): Process message. */
+
+    if (!cctx->aes.ccm.len_set) {
+        /*-
+         * In case message length was not previously set explicitly via
+         * Update(), set it now.
+         */
+        ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
+        s390x_aes_ccm_setiv(cctx, ivec, len);
+
+        cctx->aes.ccm.len_set = 1;
+    }
+
+    if (enc) {
+        if (s390x_aes_ccm(cctx, in, out, len, enc))
+            return -1;
+
+        cctx->aes.ccm.tag_set = 1;
+        return len;
+    } else {
+        rv = -1;
+
+        if (!s390x_aes_ccm(cctx, in, out, len, enc)) {
+            buf = EVP_CIPHER_CTX_buf_noconst(ctx);
+            if (!CRYPTO_memcmp(cctx->aes.ccm.kmac_param.icv.b, buf,
+                               cctx->aes.ccm.m))
+                rv = len;
+        }
+
+        if (rv == -1)
+            OPENSSL_cleanse(out, len);
+
+        cctx->aes.ccm.iv_set = 0;
+        cctx->aes.ccm.tag_set = 0;
+        cctx->aes.ccm.len_set = 0;
+        return rv;
+    }
+}
+
+/*-
+ * Performs various operations on the context structure depending on control
+ * type. Returns 1 for success, 0 for failure and -1 for unknown control type.
+ * Code is big-endian.
+ */
+static int s390x_aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+{
+    S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, c);
+    unsigned char *buf, *iv;
+    int enc, len;
+
+    switch (type) {
+    case EVP_CTRL_INIT:
+        cctx->aes.ccm.key_set = 0;
+        cctx->aes.ccm.iv_set = 0;
+        cctx->aes.ccm.l = 8;
+        cctx->aes.ccm.m = 12;
+        cctx->aes.ccm.tag_set = 0;
+        cctx->aes.ccm.len_set = 0;
+        cctx->aes.ccm.tls_aad_len = -1;
+        return 1;
+
+    case EVP_CTRL_AEAD_TLS1_AAD:
+        if (arg != EVP_AEAD_TLS1_AAD_LEN)
+            return 0;
+
+        /* Save the aad for later use. */
+        buf = EVP_CIPHER_CTX_buf_noconst(c);
+        memcpy(buf, ptr, arg);
+        cctx->aes.ccm.tls_aad_len = arg;
+
+        len = buf[arg - 2] << 8 | buf[arg - 1];
+        if (len < EVP_CCM_TLS_EXPLICIT_IV_LEN)
+            return 0;
+
+        /* Correct length for explicit iv. */
+        len -= EVP_CCM_TLS_EXPLICIT_IV_LEN;
+
+        enc = EVP_CIPHER_CTX_encrypting(c);
+        if (!enc) {
+            if (len < cctx->aes.ccm.m)
+                return 0;
+
+            /* Correct length for tag. */
+            len -= cctx->aes.ccm.m;
+        }
+
+        buf[arg - 2] = len >> 8;
+        buf[arg - 1] = len & 0xff;
+
+        /* Extra padding: tag appended to record. */
+        return cctx->aes.ccm.m;
+
+    case EVP_CTRL_CCM_SET_IV_FIXED:
+        if (arg != EVP_CCM_TLS_FIXED_IV_LEN)
+            return 0;
+
+        /* Copy to first part of the iv. */
+        iv = EVP_CIPHER_CTX_iv_noconst(c);
+        memcpy(iv, ptr, arg);
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_IVLEN:
+        arg = 15 - arg;
+        /* fall-through */
+
+    case EVP_CTRL_CCM_SET_L:
+        if (arg < 2 || arg > 8)
+            return 0;
+
+        cctx->aes.ccm.l = arg;
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_TAG:
+        if ((arg & 1) || arg < 4 || arg > 16)
+            return 0;
+
+        enc = EVP_CIPHER_CTX_encrypting(c);
+        if (enc && ptr)
+            return 0;
+
+        if (ptr) {
+            cctx->aes.ccm.tag_set = 1;
+            buf = EVP_CIPHER_CTX_buf_noconst(c);
+            memcpy(buf, ptr, arg);
+        }
+
+        cctx->aes.ccm.m = arg;
+        return 1;
+
+    case EVP_CTRL_AEAD_GET_TAG:
+        enc = EVP_CIPHER_CTX_encrypting(c);
+        if (!enc || !cctx->aes.ccm.tag_set)
+            return 0;
+
+        if(arg < cctx->aes.ccm.m)
+            return 0;
+
+        memcpy(ptr, cctx->aes.ccm.kmac_param.icv.b, cctx->aes.ccm.m);
+        cctx->aes.ccm.tag_set = 0;
+        cctx->aes.ccm.iv_set = 0;
+        cctx->aes.ccm.len_set = 0;
+        return 1;
+
+    case EVP_CTRL_COPY:
+        return 1;
+
+    default:
+        return -1;
+    }
+}
+
+# define s390x_aes_ccm_cleanup aes_ccm_cleanup
+
+# ifndef OPENSSL_NO_OCB
+#  define S390X_AES_OCB_CTX		EVP_AES_OCB_CTX
+#  define S390X_aes_128_ocb_CAPABLE	0
+#  define S390X_aes_192_ocb_CAPABLE	0
+#  define S390X_aes_256_ocb_CAPABLE	0
+
+#  define s390x_aes_ocb_init_key aes_ocb_init_key
+static int s390x_aes_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                                  const unsigned char *iv, int enc);
+#  define s390x_aes_ocb_cipher aes_ocb_cipher
+static int s390x_aes_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t len);
+#  define s390x_aes_ocb_cleanup aes_ocb_cleanup
+static int s390x_aes_ocb_cleanup(EVP_CIPHER_CTX *);
+#  define s390x_aes_ocb_ctrl aes_ocb_ctrl
+static int s390x_aes_ocb_ctrl(EVP_CIPHER_CTX *, int type, int arg, void *ptr);
+# endif
+
+# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,	\
+                              MODE,flags)				\
+static const EVP_CIPHER s390x_aes_##keylen##_##mode = {			\
+    nid##_##keylen##_##nmode,blocksize,					\
+    keylen / 8,								\
+    ivlen,								\
+    flags | EVP_CIPH_##MODE##_MODE,					\
+    s390x_aes_##mode##_init_key,					\
+    s390x_aes_##mode##_cipher,						\
+    NULL,								\
+    sizeof(S390X_AES_##MODE##_CTX),					\
+    NULL,								\
+    NULL,								\
+    NULL,								\
+    NULL								\
+};									\
+static const EVP_CIPHER aes_##keylen##_##mode = {			\
+    nid##_##keylen##_##nmode,						\
+    blocksize,								\
+    keylen / 8,								\
+    ivlen,								\
+    flags | EVP_CIPH_##MODE##_MODE,					\
+    aes_init_key,							\
+    aes_##mode##_cipher,						\
+    NULL,								\
+    sizeof(EVP_AES_KEY),						\
+    NULL,								\
+    NULL,								\
+    NULL,								\
+    NULL								\
+};									\
+const EVP_CIPHER *EVP_aes_##keylen##_##mode(void)			\
+{									\
+    return S390X_aes_##keylen##_##mode##_CAPABLE ?			\
+           &s390x_aes_##keylen##_##mode : &aes_##keylen##_##mode;	\
+}
+
+# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags)\
+static const EVP_CIPHER s390x_aes_##keylen##_##mode = {			\
+    nid##_##keylen##_##mode,						\
+    blocksize,								\
+    (EVP_CIPH_##MODE##_MODE == EVP_CIPH_XTS_MODE ? 2 : 1) * keylen / 8,	\
+    ivlen,								\
+    flags | EVP_CIPH_##MODE##_MODE,					\
+    s390x_aes_##mode##_init_key,					\
+    s390x_aes_##mode##_cipher,						\
+    s390x_aes_##mode##_cleanup,						\
+    sizeof(S390X_AES_##MODE##_CTX),					\
+    NULL,								\
+    NULL,								\
+    s390x_aes_##mode##_ctrl,						\
+    NULL								\
+};									\
+static const EVP_CIPHER aes_##keylen##_##mode = {			\
+    nid##_##keylen##_##mode,blocksize,					\
+    (EVP_CIPH_##MODE##_MODE == EVP_CIPH_XTS_MODE ? 2 : 1) * keylen / 8,	\
+    ivlen,								\
+    flags | EVP_CIPH_##MODE##_MODE,					\
+    aes_##mode##_init_key,						\
+    aes_##mode##_cipher,						\
+    aes_##mode##_cleanup,						\
+    sizeof(EVP_AES_##MODE##_CTX),					\
+    NULL,								\
+    NULL,								\
+    aes_##mode##_ctrl,							\
+    NULL								\
+};									\
+const EVP_CIPHER *EVP_aes_##keylen##_##mode(void)			\
+{									\
+    return S390X_aes_##keylen##_##mode##_CAPABLE ?			\
+           &s390x_aes_##keylen##_##mode : &aes_##keylen##_##mode;	\
+}
+
+#else
+
+# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
+static const EVP_CIPHER aes_##keylen##_##mode = { \
+        nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
+        flags|EVP_CIPH_##MODE##_MODE,   \
+        aes_init_key,                   \
+        aes_##mode##_cipher,            \
+        NULL,                           \
+        sizeof(EVP_AES_KEY),            \
+        NULL,NULL,NULL,NULL }; \
+const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
+{ return &aes_##keylen##_##mode; }
+
+# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \
+static const EVP_CIPHER aes_##keylen##_##mode = { \
+        nid##_##keylen##_##mode,blocksize, \
+        (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \
+        flags|EVP_CIPH_##MODE##_MODE,   \
+        aes_##mode##_init_key,          \
+        aes_##mode##_cipher,            \
+        aes_##mode##_cleanup,           \
+        sizeof(EVP_AES_##MODE##_CTX),   \
+        NULL,NULL,aes_##mode##_ctrl,NULL }; \
+const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
+{ return &aes_##keylen##_##mode; }
+
+#endif
+
+#if defined(OPENSSL_CPUID_OBJ) && (defined(__arm__) || defined(__arm) || defined(__aarch64__))
+# include "arm_arch.h"
+# if __ARM_MAX_ARCH__>=7
+#  if defined(BSAES_ASM)
+#   define BSAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON)
+#  endif
+#  if defined(VPAES_ASM)
+#   define VPAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON)
+#  endif
+#  define HWAES_CAPABLE (OPENSSL_armcap_P & ARMV8_AES)
+#  define HWAES_set_encrypt_key aes_v8_set_encrypt_key
+#  define HWAES_set_decrypt_key aes_v8_set_decrypt_key
+#  define HWAES_encrypt aes_v8_encrypt
+#  define HWAES_decrypt aes_v8_decrypt
+#  define HWAES_cbc_encrypt aes_v8_cbc_encrypt
+#  define HWAES_ctr32_encrypt_blocks aes_v8_ctr32_encrypt_blocks
+# endif
+#endif
+
+#if defined(HWAES_CAPABLE)
+int HWAES_set_encrypt_key(const unsigned char *userKey, const int bits,
+                          AES_KEY *key);
+int HWAES_set_decrypt_key(const unsigned char *userKey, const int bits,
+                          AES_KEY *key);
+void HWAES_encrypt(const unsigned char *in, unsigned char *out,
+                   const AES_KEY *key);
+void HWAES_decrypt(const unsigned char *in, unsigned char *out,
+                   const AES_KEY *key);
+void HWAES_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                       size_t length, const AES_KEY *key,
+                       unsigned char *ivec, const int enc);
+void HWAES_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out,
+                                size_t len, const AES_KEY *key,
+                                const unsigned char ivec[16]);
+void HWAES_xts_encrypt(const unsigned char *inp, unsigned char *out,
+                       size_t len, const AES_KEY *key1,
+                       const AES_KEY *key2, const unsigned char iv[16]);
+void HWAES_xts_decrypt(const unsigned char *inp, unsigned char *out,
+                       size_t len, const AES_KEY *key1,
+                       const AES_KEY *key2, const unsigned char iv[16]);
+#endif
+
+#define BLOCK_CIPHER_generic_pack(nid,keylen,flags)             \
+        BLOCK_CIPHER_generic(nid,keylen,16,16,cbc,cbc,CBC,flags|EVP_CIPH_FLAG_DEFAULT_ASN1)     \
+        BLOCK_CIPHER_generic(nid,keylen,16,0,ecb,ecb,ECB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1)      \
+        BLOCK_CIPHER_generic(nid,keylen,1,16,ofb128,ofb,OFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1)   \
+        BLOCK_CIPHER_generic(nid,keylen,1,16,cfb128,cfb,CFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1)   \
+        BLOCK_CIPHER_generic(nid,keylen,1,16,cfb1,cfb1,CFB,flags)       \
+        BLOCK_CIPHER_generic(nid,keylen,1,16,cfb8,cfb8,CFB,flags)       \
+        BLOCK_CIPHER_generic(nid,keylen,1,16,ctr,ctr,CTR,flags)
+
+static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                        const unsigned char *iv, int enc)
+{
+    int ret, mode;
+    EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
+
+    mode = EVP_CIPHER_CTX_mode(ctx);
+    if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
+        && !enc) {
+#ifdef HWAES_CAPABLE
+        if (HWAES_CAPABLE) {
+            ret = HWAES_set_decrypt_key(key,
+                                        EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                        &dat->ks.ks);
+            dat->block = (block128_f) HWAES_decrypt;
+            dat->stream.cbc = NULL;
+# ifdef HWAES_cbc_encrypt
+            if (mode == EVP_CIPH_CBC_MODE)
+                dat->stream.cbc = (cbc128_f) HWAES_cbc_encrypt;
+# endif
+        } else
+#endif
+#ifdef BSAES_CAPABLE
+        if (BSAES_CAPABLE && mode == EVP_CIPH_CBC_MODE) {
+            ret = AES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                      &dat->ks.ks);
+            dat->block = (block128_f) AES_decrypt;
+            dat->stream.cbc = (cbc128_f) bsaes_cbc_encrypt;
+        } else
+#endif
+#ifdef VPAES_CAPABLE
+        if (VPAES_CAPABLE) {
+            ret = vpaes_set_decrypt_key(key,
+                                        EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                        &dat->ks.ks);
+            dat->block = (block128_f) vpaes_decrypt;
+            dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+                (cbc128_f) vpaes_cbc_encrypt : NULL;
+        } else
+#endif
+        {
+            ret = AES_set_decrypt_key(key,
+                                      EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                      &dat->ks.ks);
+            dat->block = (block128_f) AES_decrypt;
+            dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+                (cbc128_f) AES_cbc_encrypt : NULL;
+        }
+    } else
+#ifdef HWAES_CAPABLE
+    if (HWAES_CAPABLE) {
+        ret = HWAES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                    &dat->ks.ks);
+        dat->block = (block128_f) HWAES_encrypt;
+        dat->stream.cbc = NULL;
+# ifdef HWAES_cbc_encrypt
+        if (mode == EVP_CIPH_CBC_MODE)
+            dat->stream.cbc = (cbc128_f) HWAES_cbc_encrypt;
+        else
+# endif
+# ifdef HWAES_ctr32_encrypt_blocks
+        if (mode == EVP_CIPH_CTR_MODE)
+            dat->stream.ctr = (ctr128_f) HWAES_ctr32_encrypt_blocks;
+        else
+# endif
+            (void)0;            /* terminate potentially open 'else' */
+    } else
+#endif
+#ifdef BSAES_CAPABLE
+    if (BSAES_CAPABLE && mode == EVP_CIPH_CTR_MODE) {
+        ret = AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                  &dat->ks.ks);
+        dat->block = (block128_f) AES_encrypt;
+        dat->stream.ctr = (ctr128_f) bsaes_ctr32_encrypt_blocks;
+    } else
+#endif
+#ifdef VPAES_CAPABLE
+    if (VPAES_CAPABLE) {
+        ret = vpaes_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                    &dat->ks.ks);
+        dat->block = (block128_f) vpaes_encrypt;
+        dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+            (cbc128_f) vpaes_cbc_encrypt : NULL;
+    } else
+#endif
+    {
+        ret = AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                  &dat->ks.ks);
+        dat->block = (block128_f) AES_encrypt;
+        dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+            (cbc128_f) AES_cbc_encrypt : NULL;
+#ifdef AES_CTR_ASM
+        if (mode == EVP_CIPH_CTR_MODE)
+            dat->stream.ctr = (ctr128_f) AES_ctr32_encrypt;
+#endif
+    }
+
+    if (ret < 0) {
+        EVPerr(EVP_F_AES_INIT_KEY, EVP_R_AES_KEY_SETUP_FAILED);
+        return 0;
+    }
+
+    return 1;
+}
+
+static int aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, size_t len)
+{
+    EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
+
+    if (dat->stream.cbc)
+        (*dat->stream.cbc) (in, out, len, &dat->ks,
+                            EVP_CIPHER_CTX_iv_noconst(ctx),
+                            EVP_CIPHER_CTX_encrypting(ctx));
+    else if (EVP_CIPHER_CTX_encrypting(ctx))
+        CRYPTO_cbc128_encrypt(in, out, len, &dat->ks,
+                              EVP_CIPHER_CTX_iv_noconst(ctx), dat->block);
+    else
+        CRYPTO_cbc128_decrypt(in, out, len, &dat->ks,
+                              EVP_CIPHER_CTX_iv_noconst(ctx), dat->block);
+
+    return 1;
+}
+
+static int aes_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, size_t len)
+{
+    size_t bl = EVP_CIPHER_CTX_block_size(ctx);
+    size_t i;
+    EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
+
+    if (len < bl)
+        return 1;
+
+    for (i = 0, len -= bl; i <= len; i += bl)
+        (*dat->block) (in + i, out + i, &dat->ks);
+
+    return 1;
+}
+
+static int aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, size_t len)
+{
+    EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
+
+    int num = EVP_CIPHER_CTX_num(ctx);
+    CRYPTO_ofb128_encrypt(in, out, len, &dat->ks,
+                          EVP_CIPHER_CTX_iv_noconst(ctx), &num, dat->block);
+    EVP_CIPHER_CTX_set_num(ctx, num);
+    return 1;
+}
+
+static int aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, size_t len)
+{
+    EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
+
+    int num = EVP_CIPHER_CTX_num(ctx);
+    CRYPTO_cfb128_encrypt(in, out, len, &dat->ks,
+                          EVP_CIPHER_CTX_iv_noconst(ctx), &num,
+                          EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+    EVP_CIPHER_CTX_set_num(ctx, num);
+    return 1;
+}
+
+static int aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                           const unsigned char *in, size_t len)
+{
+    EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
+
+    int num = EVP_CIPHER_CTX_num(ctx);
+    CRYPTO_cfb128_8_encrypt(in, out, len, &dat->ks,
+                            EVP_CIPHER_CTX_iv_noconst(ctx), &num,
+                            EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+    EVP_CIPHER_CTX_set_num(ctx, num);
+    return 1;
+}
+
+static int aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                           const unsigned char *in, size_t len)
+{
+    EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
+
+    if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) {
+        int num = EVP_CIPHER_CTX_num(ctx);
+        CRYPTO_cfb128_1_encrypt(in, out, len, &dat->ks,
+                                EVP_CIPHER_CTX_iv_noconst(ctx), &num,
+                                EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+        EVP_CIPHER_CTX_set_num(ctx, num);
+        return 1;
+    }
+
+    while (len >= MAXBITCHUNK) {
+        int num = EVP_CIPHER_CTX_num(ctx);
+        CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, &dat->ks,
+                                EVP_CIPHER_CTX_iv_noconst(ctx), &num,
+                                EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+        EVP_CIPHER_CTX_set_num(ctx, num);
+        len -= MAXBITCHUNK;
+        out += MAXBITCHUNK;
+        in  += MAXBITCHUNK;
+    }
+    if (len) {
+        int num = EVP_CIPHER_CTX_num(ctx);
+        CRYPTO_cfb128_1_encrypt(in, out, len * 8, &dat->ks,
+                                EVP_CIPHER_CTX_iv_noconst(ctx), &num,
+                                EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+        EVP_CIPHER_CTX_set_num(ctx, num);
+    }
+
+    return 1;
+}
+
+static int aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, size_t len)
+{
+    unsigned int num = EVP_CIPHER_CTX_num(ctx);
+    EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
+
+    if (dat->stream.ctr)
+        CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks,
+                                    EVP_CIPHER_CTX_iv_noconst(ctx),
+                                    EVP_CIPHER_CTX_buf_noconst(ctx),
+                                    &num, dat->stream.ctr);
+    else
+        CRYPTO_ctr128_encrypt(in, out, len, &dat->ks,
+                              EVP_CIPHER_CTX_iv_noconst(ctx),
+                              EVP_CIPHER_CTX_buf_noconst(ctx), &num,
+                              dat->block);
+    EVP_CIPHER_CTX_set_num(ctx, num);
+    return 1;
+}
+
+BLOCK_CIPHER_generic_pack(NID_aes, 128, 0)
+    BLOCK_CIPHER_generic_pack(NID_aes, 192, 0)
+    BLOCK_CIPHER_generic_pack(NID_aes, 256, 0)
+
+static int aes_gcm_cleanup(EVP_CIPHER_CTX *c)
+{
+    EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,c);
+    if (gctx == NULL)
+        return 0;
+    OPENSSL_cleanse(&gctx->gcm, sizeof(gctx->gcm));
+    if (gctx->iv != EVP_CIPHER_CTX_iv_noconst(c))
+        OPENSSL_free(gctx->iv);
+    return 1;
+}
+
+static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+{
+    EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,c);
+    switch (type) {
+    case EVP_CTRL_INIT:
+        gctx->key_set = 0;
+        gctx->iv_set = 0;
+        gctx->ivlen = c->cipher->iv_len;
+        gctx->iv = c->iv;
+        gctx->taglen = -1;
+        gctx->iv_gen = 0;
+        gctx->tls_aad_len = -1;
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_IVLEN:
+        if (arg <= 0)
+            return 0;
+        /* Allocate memory for IV if needed */
+        if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) {
+            if (gctx->iv != c->iv)
+                OPENSSL_free(gctx->iv);
+            if ((gctx->iv = OPENSSL_malloc(arg)) == NULL) {
+                EVPerr(EVP_F_AES_GCM_CTRL, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+        }
+        gctx->ivlen = arg;
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_TAG:
+        if (arg <= 0 || arg > 16 || c->encrypt)
+            return 0;
+        memcpy(c->buf, ptr, arg);
+        gctx->taglen = arg;
+        return 1;
+
+    case EVP_CTRL_AEAD_GET_TAG:
+        if (arg <= 0 || arg > 16 || !c->encrypt
+            || gctx->taglen < 0)
+            return 0;
+        memcpy(ptr, c->buf, arg);
+        return 1;
+
+    case EVP_CTRL_GCM_SET_IV_FIXED:
+        /* Special case: -1 length restores whole IV */
+        if (arg == -1) {
+            memcpy(gctx->iv, ptr, gctx->ivlen);
+            gctx->iv_gen = 1;
+            return 1;
+        }
+        /*
+         * Fixed field must be at least 4 bytes and invocation field at least
+         * 8.
+         */
+        if ((arg < 4) || (gctx->ivlen - arg) < 8)
+            return 0;
+        if (arg)
+            memcpy(gctx->iv, ptr, arg);
+        if (c->encrypt && RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0)
+            return 0;
+        gctx->iv_gen = 1;
+        return 1;
+
+    case EVP_CTRL_GCM_IV_GEN:
+        if (gctx->iv_gen == 0 || gctx->key_set == 0)
+            return 0;
+        CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen);
+        if (arg <= 0 || arg > gctx->ivlen)
+            arg = gctx->ivlen;
+        memcpy(ptr, gctx->iv + gctx->ivlen - arg, arg);
+        /*
+         * Invocation field will be at least 8 bytes in size and so no need
+         * to check wrap around or increment more than last 8 bytes.
+         */
+        ctr64_inc(gctx->iv + gctx->ivlen - 8);
+        gctx->iv_set = 1;
+        return 1;
+
+    case EVP_CTRL_GCM_SET_IV_INV:
+        if (gctx->iv_gen == 0 || gctx->key_set == 0 || c->encrypt)
+            return 0;
+        memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg);
+        CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen);
+        gctx->iv_set = 1;
+        return 1;
+
+    case EVP_CTRL_AEAD_TLS1_AAD:
+        /* Save the AAD for later use */
+        if (arg != EVP_AEAD_TLS1_AAD_LEN)
+            return 0;
+        memcpy(c->buf, ptr, arg);
+        gctx->tls_aad_len = arg;
+        {
+            unsigned int len = c->buf[arg - 2] << 8 | c->buf[arg - 1];
+            /* Correct length for explicit IV */
+            if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN)
+                return 0;
+            len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
+            /* If decrypting correct for tag too */
+            if (!c->encrypt) {
+                if (len < EVP_GCM_TLS_TAG_LEN)
+                    return 0;
+                len -= EVP_GCM_TLS_TAG_LEN;
+            }
+            c->buf[arg - 2] = len >> 8;
+            c->buf[arg - 1] = len & 0xff;
+        }
+        /* Extra padding: tag appended to record */
+        return EVP_GCM_TLS_TAG_LEN;
+
+    case EVP_CTRL_COPY:
+        {
+            EVP_CIPHER_CTX *out = ptr;
+            EVP_AES_GCM_CTX *gctx_out = EVP_C_DATA(EVP_AES_GCM_CTX,out);
+            if (gctx->gcm.key) {
+                if (gctx->gcm.key != &gctx->ks)
+                    return 0;
+                gctx_out->gcm.key = &gctx_out->ks;
+            }
+            if (gctx->iv == c->iv)
+                gctx_out->iv = out->iv;
+            else {
+                if ((gctx_out->iv = OPENSSL_malloc(gctx->ivlen)) == NULL) {
+                    EVPerr(EVP_F_AES_GCM_CTRL, ERR_R_MALLOC_FAILURE);
+                    return 0;
+                }
+                memcpy(gctx_out->iv, gctx->iv, gctx->ivlen);
+            }
+            return 1;
+        }
+
+    default:
+        return -1;
+
+    }
+}
+
+static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                            const unsigned char *iv, int enc)
+{
+    EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx);
+    if (!iv && !key)
+        return 1;
+    if (key) {
+        do {
+#ifdef HWAES_CAPABLE
+            if (HWAES_CAPABLE) {
+                HWAES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
+                CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
+                                   (block128_f) HWAES_encrypt);
+# ifdef HWAES_ctr32_encrypt_blocks
+                gctx->ctr = (ctr128_f) HWAES_ctr32_encrypt_blocks;
+# else
+                gctx->ctr = NULL;
+# endif
+                break;
+            } else
+#endif
+#ifdef BSAES_CAPABLE
+            if (BSAES_CAPABLE) {
+                AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
+                CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
+                                   (block128_f) AES_encrypt);
+                gctx->ctr = (ctr128_f) bsaes_ctr32_encrypt_blocks;
+                break;
+            } else
+#endif
+#ifdef VPAES_CAPABLE
+            if (VPAES_CAPABLE) {
+                vpaes_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
+                CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
+                                   (block128_f) vpaes_encrypt);
+                gctx->ctr = NULL;
+                break;
+            } else
+#endif
+                (void)0;        /* terminate potentially open 'else' */
+
+            AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
+            CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
+                               (block128_f) AES_encrypt);
+#ifdef AES_CTR_ASM
+            gctx->ctr = (ctr128_f) AES_ctr32_encrypt;
+#else
+            gctx->ctr = NULL;
+#endif
+        } while (0);
+
+        /*
+         * If we have an iv can set it directly, otherwise use saved IV.
+         */
+        if (iv == NULL && gctx->iv_set)
+            iv = gctx->iv;
+        if (iv) {
+            CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
+            gctx->iv_set = 1;
+        }
+        gctx->key_set = 1;
+    } else {
+        /* If key set use IV, otherwise copy */
+        if (gctx->key_set)
+            CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
+        else
+            memcpy(gctx->iv, iv, gctx->ivlen);
+        gctx->iv_set = 1;
+        gctx->iv_gen = 0;
+    }
+    return 1;
+}
+
+/*
+ * Handle TLS GCM packet format. This consists of the last portion of the IV
+ * followed by the payload and finally the tag. On encrypt generate IV,
+ * encrypt payload and write the tag. On verify retrieve IV, decrypt payload
+ * and verify tag.
+ */
+
+static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, size_t len)
+{
+    EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx);
+    int rv = -1;
+    /* Encrypt/decrypt must be performed in place */
+    if (out != in
+        || len < (EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN))
+        return -1;
+    /*
+     * Set IV from start of buffer or generate IV and write to start of
+     * buffer.
+     */
+    if (EVP_CIPHER_CTX_ctrl(ctx, ctx->encrypt ? EVP_CTRL_GCM_IV_GEN
+                                              : EVP_CTRL_GCM_SET_IV_INV,
+                            EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0)
+        goto err;
+    /* Use saved AAD */
+    if (CRYPTO_gcm128_aad(&gctx->gcm, ctx->buf, gctx->tls_aad_len))
+        goto err;
+    /* Fix buffer and length to point to payload */
+    in += EVP_GCM_TLS_EXPLICIT_IV_LEN;
+    out += EVP_GCM_TLS_EXPLICIT_IV_LEN;
+    len -= EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
+    if (ctx->encrypt) {
+        /* Encrypt payload */
+        if (gctx->ctr) {
+            size_t bulk = 0;
+#if defined(AES_GCM_ASM)
+            if (len >= 32 && AES_GCM_ASM(gctx)) {
+                if (CRYPTO_gcm128_encrypt(&gctx->gcm, NULL, NULL, 0))
+                    return -1;
+
+                bulk = AES_gcm_encrypt(in, out, len,
+                                       gctx->gcm.key,
+                                       gctx->gcm.Yi.c, gctx->gcm.Xi.u);
+                gctx->gcm.len.u[1] += bulk;
+            }
+#endif
+            if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm,
+                                            in + bulk,
+                                            out + bulk,
+                                            len - bulk, gctx->ctr))
+                goto err;
+        } else {
+            size_t bulk = 0;
+#if defined(AES_GCM_ASM2)
+            if (len >= 32 && AES_GCM_ASM2(gctx)) {
+                if (CRYPTO_gcm128_encrypt(&gctx->gcm, NULL, NULL, 0))
+                    return -1;
+
+                bulk = AES_gcm_encrypt(in, out, len,
+                                       gctx->gcm.key,
+                                       gctx->gcm.Yi.c, gctx->gcm.Xi.u);
+                gctx->gcm.len.u[1] += bulk;
+            }
+#endif
+            if (CRYPTO_gcm128_encrypt(&gctx->gcm,
+                                      in + bulk, out + bulk, len - bulk))
+                goto err;
+        }
+        out += len;
+        /* Finally write tag */
+        CRYPTO_gcm128_tag(&gctx->gcm, out, EVP_GCM_TLS_TAG_LEN);
+        rv = len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
+    } else {
+        /* Decrypt */
+        if (gctx->ctr) {
+            size_t bulk = 0;
+#if defined(AES_GCM_ASM)
+            if (len >= 16 && AES_GCM_ASM(gctx)) {
+                if (CRYPTO_gcm128_decrypt(&gctx->gcm, NULL, NULL, 0))
+                    return -1;
+
+                bulk = AES_gcm_decrypt(in, out, len,
+                                       gctx->gcm.key,
+                                       gctx->gcm.Yi.c, gctx->gcm.Xi.u);
+                gctx->gcm.len.u[1] += bulk;
+            }
+#endif
+            if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm,
+                                            in + bulk,
+                                            out + bulk,
+                                            len - bulk, gctx->ctr))
+                goto err;
+        } else {
+            size_t bulk = 0;
+#if defined(AES_GCM_ASM2)
+            if (len >= 16 && AES_GCM_ASM2(gctx)) {
+                if (CRYPTO_gcm128_decrypt(&gctx->gcm, NULL, NULL, 0))
+                    return -1;
+
+                bulk = AES_gcm_decrypt(in, out, len,
+                                       gctx->gcm.key,
+                                       gctx->gcm.Yi.c, gctx->gcm.Xi.u);
+                gctx->gcm.len.u[1] += bulk;
+            }
+#endif
+            if (CRYPTO_gcm128_decrypt(&gctx->gcm,
+                                      in + bulk, out + bulk, len - bulk))
+                goto err;
+        }
+        /* Retrieve tag */
+        CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, EVP_GCM_TLS_TAG_LEN);
+        /* If tag mismatch wipe buffer */
+        if (CRYPTO_memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN)) {
+            OPENSSL_cleanse(out, len);
+            goto err;
+        }
+        rv = len;
+    }
+
+ err:
+    gctx->iv_set = 0;
+    gctx->tls_aad_len = -1;
+    return rv;
+}
+
+static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, size_t len)
+{
+    EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx);
+    /* If not set up, return error */
+    if (!gctx->key_set)
+        return -1;
+
+    if (gctx->tls_aad_len >= 0)
+        return aes_gcm_tls_cipher(ctx, out, in, len);
+
+    if (!gctx->iv_set)
+        return -1;
+    if (in) {
+        if (out == NULL) {
+            if (CRYPTO_gcm128_aad(&gctx->gcm, in, len))
+                return -1;
+        } else if (ctx->encrypt) {
+            if (gctx->ctr) {
+                size_t bulk = 0;
+#if defined(AES_GCM_ASM)
+                if (len >= 32 && AES_GCM_ASM(gctx)) {
+                    size_t res = (16 - gctx->gcm.mres) % 16;
+
+                    if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, res))
+                        return -1;
+
+                    bulk = AES_gcm_encrypt(in + res,
+                                           out + res, len - res,
+                                           gctx->gcm.key, gctx->gcm.Yi.c,
+                                           gctx->gcm.Xi.u);
+                    gctx->gcm.len.u[1] += bulk;
+                    bulk += res;
+                }
+#endif
+                if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm,
+                                                in + bulk,
+                                                out + bulk,
+                                                len - bulk, gctx->ctr))
+                    return -1;
+            } else {
+                size_t bulk = 0;
+#if defined(AES_GCM_ASM2)
+                if (len >= 32 && AES_GCM_ASM2(gctx)) {
+                    size_t res = (16 - gctx->gcm.mres) % 16;
+
+                    if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, res))
+                        return -1;
+
+                    bulk = AES_gcm_encrypt(in + res,
+                                           out + res, len - res,
+                                           gctx->gcm.key, gctx->gcm.Yi.c,
+                                           gctx->gcm.Xi.u);
+                    gctx->gcm.len.u[1] += bulk;
+                    bulk += res;
+                }
+#endif
+                if (CRYPTO_gcm128_encrypt(&gctx->gcm,
+                                          in + bulk, out + bulk, len - bulk))
+                    return -1;
+            }
+        } else {
+            if (gctx->ctr) {
+                size_t bulk = 0;
+#if defined(AES_GCM_ASM)
+                if (len >= 16 && AES_GCM_ASM(gctx)) {
+                    size_t res = (16 - gctx->gcm.mres) % 16;
+
+                    if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, res))
+                        return -1;
+
+                    bulk = AES_gcm_decrypt(in + res,
+                                           out + res, len - res,
+                                           gctx->gcm.key,
+                                           gctx->gcm.Yi.c, gctx->gcm.Xi.u);
+                    gctx->gcm.len.u[1] += bulk;
+                    bulk += res;
+                }
+#endif
+                if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm,
+                                                in + bulk,
+                                                out + bulk,
+                                                len - bulk, gctx->ctr))
+                    return -1;
+            } else {
+                size_t bulk = 0;
+#if defined(AES_GCM_ASM2)
+                if (len >= 16 && AES_GCM_ASM2(gctx)) {
+                    size_t res = (16 - gctx->gcm.mres) % 16;
+
+                    if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, res))
+                        return -1;
+
+                    bulk = AES_gcm_decrypt(in + res,
+                                           out + res, len - res,
+                                           gctx->gcm.key,
+                                           gctx->gcm.Yi.c, gctx->gcm.Xi.u);
+                    gctx->gcm.len.u[1] += bulk;
+                    bulk += res;
+                }
+#endif
+                if (CRYPTO_gcm128_decrypt(&gctx->gcm,
+                                          in + bulk, out + bulk, len - bulk))
+                    return -1;
+            }
+        }
+        return len;
+    } else {
+        if (!ctx->encrypt) {
+            if (gctx->taglen < 0)
+                return -1;
+            if (CRYPTO_gcm128_finish(&gctx->gcm, ctx->buf, gctx->taglen) != 0)
+                return -1;
+            gctx->iv_set = 0;
+            return 0;
+        }
+        CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, 16);
+        gctx->taglen = 16;
+        /* Don't reuse the IV */
+        gctx->iv_set = 0;
+        return 0;
+    }
+
+}
+
+#define CUSTOM_FLAGS    (EVP_CIPH_FLAG_DEFAULT_ASN1 \
+                | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
+                | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \
+                | EVP_CIPH_CUSTOM_COPY)
+
+BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, gcm, GCM,
+                    EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+    BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, gcm, GCM,
+                    EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+    BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, gcm, GCM,
+                    EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+
+static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+{
+    EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,c);
+    if (type == EVP_CTRL_COPY) {
+        EVP_CIPHER_CTX *out = ptr;
+        EVP_AES_XTS_CTX *xctx_out = EVP_C_DATA(EVP_AES_XTS_CTX,out);
+        if (xctx->xts.key1) {
+            if (xctx->xts.key1 != &xctx->ks1)
+                return 0;
+            xctx_out->xts.key1 = &xctx_out->ks1;
+        }
+        if (xctx->xts.key2) {
+            if (xctx->xts.key2 != &xctx->ks2)
+                return 0;
+            xctx_out->xts.key2 = &xctx_out->ks2;
+        }
+        return 1;
+    } else if (type != EVP_CTRL_INIT)
+        return -1;
+    /* key1 and key2 are used as an indicator both key and IV are set */
+    xctx->xts.key1 = NULL;
+    xctx->xts.key2 = NULL;
+    return 1;
+}
+
+static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                            const unsigned char *iv, int enc)
+{
+    EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx);
+    if (!iv && !key)
+        return 1;
+
+    if (key)
+        do {
+#ifdef AES_XTS_ASM
+            xctx->stream = enc ? AES_xts_encrypt : AES_xts_decrypt;
+#else
+            xctx->stream = NULL;
+#endif
+            /* key_len is two AES keys */
+#ifdef HWAES_CAPABLE
+            if (HWAES_CAPABLE) {
+                if (enc) {
+                    HWAES_set_encrypt_key(key,
+                                          EVP_CIPHER_CTX_key_length(ctx) * 4,
+                                          &xctx->ks1.ks);
+                    xctx->xts.block1 = (block128_f) HWAES_encrypt;
+# ifdef HWAES_xts_encrypt
+                    xctx->stream = HWAES_xts_encrypt;
+# endif
+                } else {
+                    HWAES_set_decrypt_key(key,
+                                          EVP_CIPHER_CTX_key_length(ctx) * 4,
+                                          &xctx->ks1.ks);
+                    xctx->xts.block1 = (block128_f) HWAES_decrypt;
+# ifdef HWAES_xts_decrypt
+                    xctx->stream = HWAES_xts_decrypt;
+#endif
+                }
+
+                HWAES_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2,
+                                      EVP_CIPHER_CTX_key_length(ctx) * 4,
+                                      &xctx->ks2.ks);
+                xctx->xts.block2 = (block128_f) HWAES_encrypt;
+
+                xctx->xts.key1 = &xctx->ks1;
+                break;
+            } else
+#endif
+#ifdef BSAES_CAPABLE
+            if (BSAES_CAPABLE)
+                xctx->stream = enc ? bsaes_xts_encrypt : bsaes_xts_decrypt;
+            else
+#endif
+#ifdef VPAES_CAPABLE
+            if (VPAES_CAPABLE) {
+                if (enc) {
+                    vpaes_set_encrypt_key(key,
+                                          EVP_CIPHER_CTX_key_length(ctx) * 4,
+                                          &xctx->ks1.ks);
+                    xctx->xts.block1 = (block128_f) vpaes_encrypt;
+                } else {
+                    vpaes_set_decrypt_key(key,
+                                          EVP_CIPHER_CTX_key_length(ctx) * 4,
+                                          &xctx->ks1.ks);
+                    xctx->xts.block1 = (block128_f) vpaes_decrypt;
+                }
+
+                vpaes_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2,
+                                      EVP_CIPHER_CTX_key_length(ctx) * 4,
+                                      &xctx->ks2.ks);
+                xctx->xts.block2 = (block128_f) vpaes_encrypt;
+
+                xctx->xts.key1 = &xctx->ks1;
+                break;
+            } else
+#endif
+                (void)0;        /* terminate potentially open 'else' */
+
+            if (enc) {
+                AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4,
+                                    &xctx->ks1.ks);
+                xctx->xts.block1 = (block128_f) AES_encrypt;
+            } else {
+                AES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4,
+                                    &xctx->ks1.ks);
+                xctx->xts.block1 = (block128_f) AES_decrypt;
+            }
+
+            AES_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2,
+                                EVP_CIPHER_CTX_key_length(ctx) * 4,
+                                &xctx->ks2.ks);
+            xctx->xts.block2 = (block128_f) AES_encrypt;
+
+            xctx->xts.key1 = &xctx->ks1;
+        } while (0);
+
+    if (iv) {
+        xctx->xts.key2 = &xctx->ks2;
+        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 16);
+    }
+
+    return 1;
+}
+
+static int aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, size_t len)
+{
+    EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx);
+    if (!xctx->xts.key1 || !xctx->xts.key2)
+        return 0;
+    if (!out || !in || len < AES_BLOCK_SIZE)
+        return 0;
+    if (xctx->stream)
+        (*xctx->stream) (in, out, len,
+                         xctx->xts.key1, xctx->xts.key2,
+                         EVP_CIPHER_CTX_iv_noconst(ctx));
+    else if (CRYPTO_xts128_encrypt(&xctx->xts, EVP_CIPHER_CTX_iv_noconst(ctx),
+                                   in, out, len,
+                                   EVP_CIPHER_CTX_encrypting(ctx)))
+        return 0;
+    return 1;
+}
+
+#define aes_xts_cleanup NULL
+
+#define XTS_FLAGS       (EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV \
+                         | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \
+                         | EVP_CIPH_CUSTOM_COPY)
+
+BLOCK_CIPHER_custom(NID_aes, 128, 1, 16, xts, XTS, XTS_FLAGS)
+    BLOCK_CIPHER_custom(NID_aes, 256, 1, 16, xts, XTS, XTS_FLAGS)
+
+static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+{
+    EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,c);
+    switch (type) {
+    case EVP_CTRL_INIT:
+        cctx->key_set = 0;
+        cctx->iv_set = 0;
+        cctx->L = 8;
+        cctx->M = 12;
+        cctx->tag_set = 0;
+        cctx->len_set = 0;
+        cctx->tls_aad_len = -1;
+        return 1;
+
+    case EVP_CTRL_AEAD_TLS1_AAD:
+        /* Save the AAD for later use */
+        if (arg != EVP_AEAD_TLS1_AAD_LEN)
+            return 0;
+        memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg);
+        cctx->tls_aad_len = arg;
+        {
+            uint16_t len =
+                EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] << 8
+                | EVP_CIPHER_CTX_buf_noconst(c)[arg - 1];
+            /* Correct length for explicit IV */
+            if (len < EVP_CCM_TLS_EXPLICIT_IV_LEN)
+                return 0;
+            len -= EVP_CCM_TLS_EXPLICIT_IV_LEN;
+            /* If decrypting correct for tag too */
+            if (!EVP_CIPHER_CTX_encrypting(c)) {
+                if (len < cctx->M)
+                    return 0;
+                len -= cctx->M;
+            }
+            EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] = len >> 8;
+            EVP_CIPHER_CTX_buf_noconst(c)[arg - 1] = len & 0xff;
+        }
+        /* Extra padding: tag appended to record */
+        return cctx->M;
+
+    case EVP_CTRL_CCM_SET_IV_FIXED:
+        /* Sanity check length */
+        if (arg != EVP_CCM_TLS_FIXED_IV_LEN)
+            return 0;
+        /* Just copy to first part of IV */
+        memcpy(EVP_CIPHER_CTX_iv_noconst(c), ptr, arg);
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_IVLEN:
+        arg = 15 - arg;
+        /* fall thru */
+    case EVP_CTRL_CCM_SET_L:
+        if (arg < 2 || arg > 8)
+            return 0;
+        cctx->L = arg;
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_TAG:
+        if ((arg & 1) || arg < 4 || arg > 16)
+            return 0;
+        if (EVP_CIPHER_CTX_encrypting(c) && ptr)
+            return 0;
+        if (ptr) {
+            cctx->tag_set = 1;
+            memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg);
+        }
+        cctx->M = arg;
+        return 1;
+
+    case EVP_CTRL_AEAD_GET_TAG:
+        if (!EVP_CIPHER_CTX_encrypting(c) || !cctx->tag_set)
+            return 0;
+        if (!CRYPTO_ccm128_tag(&cctx->ccm, ptr, (size_t)arg))
+            return 0;
+        cctx->tag_set = 0;
+        cctx->iv_set = 0;
+        cctx->len_set = 0;
+        return 1;
+
+    case EVP_CTRL_COPY:
+        {
+            EVP_CIPHER_CTX *out = ptr;
+            EVP_AES_CCM_CTX *cctx_out = EVP_C_DATA(EVP_AES_CCM_CTX,out);
+            if (cctx->ccm.key) {
+                if (cctx->ccm.key != &cctx->ks)
+                    return 0;
+                cctx_out->ccm.key = &cctx_out->ks;
+            }
+            return 1;
+        }
+
+    default:
+        return -1;
+
+    }
+}
+
+static int aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                            const unsigned char *iv, int enc)
+{
+    EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx);
+    if (!iv && !key)
+        return 1;
+    if (key)
+        do {
+#ifdef HWAES_CAPABLE
+            if (HWAES_CAPABLE) {
+                HWAES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                      &cctx->ks.ks);
+
+                CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
+                                   &cctx->ks, (block128_f) HWAES_encrypt);
+                cctx->str = NULL;
+                cctx->key_set = 1;
+                break;
+            } else
+#endif
+#ifdef VPAES_CAPABLE
+            if (VPAES_CAPABLE) {
+                vpaes_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                      &cctx->ks.ks);
+                CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
+                                   &cctx->ks, (block128_f) vpaes_encrypt);
+                cctx->str = NULL;
+                cctx->key_set = 1;
+                break;
+            }
+#endif
+            AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                &cctx->ks.ks);
+            CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
+                               &cctx->ks, (block128_f) AES_encrypt);
+            cctx->str = NULL;
+            cctx->key_set = 1;
+        } while (0);
+    if (iv) {
+        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 15 - cctx->L);
+        cctx->iv_set = 1;
+    }
+    return 1;
+}
+
+static int aes_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, size_t len)
+{
+    EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx);
+    CCM128_CONTEXT *ccm = &cctx->ccm;
+    /* Encrypt/decrypt must be performed in place */
+    if (out != in || len < (EVP_CCM_TLS_EXPLICIT_IV_LEN + (size_t)cctx->M))
+        return -1;
+    /* If encrypting set explicit IV from sequence number (start of AAD) */
+    if (EVP_CIPHER_CTX_encrypting(ctx))
+        memcpy(out, EVP_CIPHER_CTX_buf_noconst(ctx),
+               EVP_CCM_TLS_EXPLICIT_IV_LEN);
+    /* Get rest of IV from explicit IV */
+    memcpy(EVP_CIPHER_CTX_iv_noconst(ctx) + EVP_CCM_TLS_FIXED_IV_LEN, in,
+           EVP_CCM_TLS_EXPLICIT_IV_LEN);
+    /* Correct length value */
+    len -= EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M;
+    if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx), 15 - cctx->L,
+                            len))
+            return -1;
+    /* Use saved AAD */
+    CRYPTO_ccm128_aad(ccm, EVP_CIPHER_CTX_buf_noconst(ctx), cctx->tls_aad_len);
+    /* Fix buffer to point to payload */
+    in += EVP_CCM_TLS_EXPLICIT_IV_LEN;
+    out += EVP_CCM_TLS_EXPLICIT_IV_LEN;
+    if (EVP_CIPHER_CTX_encrypting(ctx)) {
+        if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len,
+                                                    cctx->str) :
+            CRYPTO_ccm128_encrypt(ccm, in, out, len))
+            return -1;
+        if (!CRYPTO_ccm128_tag(ccm, out + len, cctx->M))
+            return -1;
+        return len + EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M;
+    } else {
+        if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len,
+                                                     cctx->str) :
+            !CRYPTO_ccm128_decrypt(ccm, in, out, len)) {
+            unsigned char tag[16];
+            if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) {
+                if (!CRYPTO_memcmp(tag, in + len, cctx->M))
+                    return len;
+            }
+        }
+        OPENSSL_cleanse(out, len);
+        return -1;
+    }
+}
+
+static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, size_t len)
+{
+    EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx);
+    CCM128_CONTEXT *ccm = &cctx->ccm;
+    /* If not set up, return error */
+    if (!cctx->key_set)
+        return -1;
+
+    if (cctx->tls_aad_len >= 0)
+        return aes_ccm_tls_cipher(ctx, out, in, len);
+
+    /* EVP_*Final() doesn't return any data */
+    if (in == NULL && out != NULL)
+        return 0;
+
+    if (!cctx->iv_set)
+        return -1;
+
+    if (!EVP_CIPHER_CTX_encrypting(ctx) && !cctx->tag_set)
+        return -1;
+    if (!out) {
+        if (!in) {
+            if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx),
+                                    15 - cctx->L, len))
+                return -1;
+            cctx->len_set = 1;
+            return len;
+        }
+        /* If have AAD need message length */
+        if (!cctx->len_set && len)
+            return -1;
+        CRYPTO_ccm128_aad(ccm, in, len);
+        return len;
+    }
+    /* If not set length yet do it */
+    if (!cctx->len_set) {
+        if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx),
+                                15 - cctx->L, len))
+            return -1;
+        cctx->len_set = 1;
+    }
+    if (EVP_CIPHER_CTX_encrypting(ctx)) {
+        if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len,
+                                                    cctx->str) :
+            CRYPTO_ccm128_encrypt(ccm, in, out, len))
+            return -1;
+        cctx->tag_set = 1;
+        return len;
+    } else {
+        int rv = -1;
+        if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len,
+                                                     cctx->str) :
+            !CRYPTO_ccm128_decrypt(ccm, in, out, len)) {
+            unsigned char tag[16];
+            if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) {
+                if (!CRYPTO_memcmp(tag, EVP_CIPHER_CTX_buf_noconst(ctx),
+                                   cctx->M))
+                    rv = len;
+            }
+        }
+        if (rv == -1)
+            OPENSSL_cleanse(out, len);
+        cctx->iv_set = 0;
+        cctx->tag_set = 0;
+        cctx->len_set = 0;
+        return rv;
+    }
+}
+
+#define aes_ccm_cleanup NULL
+
+BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, ccm, CCM,
+                    EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+    BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, ccm, CCM,
+                        EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+    BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, ccm, CCM,
+                        EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+
+typedef struct {
+    union {
+        double align;
+        AES_KEY ks;
+    } ks;
+    /* Indicates if IV has been set */
+    unsigned char *iv;
+} EVP_AES_WRAP_CTX;
+
+static int aes_wrap_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc)
+{
+    EVP_AES_WRAP_CTX *wctx = EVP_C_DATA(EVP_AES_WRAP_CTX,ctx);
+    if (!iv && !key)
+        return 1;
+    if (key) {
+        if (EVP_CIPHER_CTX_encrypting(ctx))
+            AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                &wctx->ks.ks);
+        else
+            AES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                &wctx->ks.ks);
+        if (!iv)
+            wctx->iv = NULL;
+    }
+    if (iv) {
+        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, EVP_CIPHER_CTX_iv_length(ctx));
+        wctx->iv = EVP_CIPHER_CTX_iv_noconst(ctx);
+    }
+    return 1;
+}
+
+static int aes_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                           const unsigned char *in, size_t inlen)
+{
+    EVP_AES_WRAP_CTX *wctx = EVP_C_DATA(EVP_AES_WRAP_CTX,ctx);
+    size_t rv;
+    /* AES wrap with padding has IV length of 4, without padding 8 */
+    int pad = EVP_CIPHER_CTX_iv_length(ctx) == 4;
+    /* No final operation so always return zero length */
+    if (!in)
+        return 0;
+    /* Input length must always be non-zero */
+    if (!inlen)
+        return -1;
+    /* If decrypting need at least 16 bytes and multiple of 8 */
+    if (!EVP_CIPHER_CTX_encrypting(ctx) && (inlen < 16 || inlen & 0x7))
+        return -1;
+    /* If not padding input must be multiple of 8 */
+    if (!pad && inlen & 0x7)
+        return -1;
+    if (is_partially_overlapping(out, in, inlen)) {
+        EVPerr(EVP_F_AES_WRAP_CIPHER, EVP_R_PARTIALLY_OVERLAPPING);
+        return 0;
+    }
+    if (!out) {
+        if (EVP_CIPHER_CTX_encrypting(ctx)) {
+            /* If padding round up to multiple of 8 */
+            if (pad)
+                inlen = (inlen + 7) / 8 * 8;
+            /* 8 byte prefix */
+            return inlen + 8;
+        } else {
+            /*
+             * If not padding output will be exactly 8 bytes smaller than
+             * input. If padding it will be at least 8 bytes smaller but we
+             * don't know how much.
+             */
+            return inlen - 8;
+        }
+    }
+    if (pad) {
+        if (EVP_CIPHER_CTX_encrypting(ctx))
+            rv = CRYPTO_128_wrap_pad(&wctx->ks.ks, wctx->iv,
+                                     out, in, inlen,
+                                     (block128_f) AES_encrypt);
+        else
+            rv = CRYPTO_128_unwrap_pad(&wctx->ks.ks, wctx->iv,
+                                       out, in, inlen,
+                                       (block128_f) AES_decrypt);
+    } else {
+        if (EVP_CIPHER_CTX_encrypting(ctx))
+            rv = CRYPTO_128_wrap(&wctx->ks.ks, wctx->iv,
+                                 out, in, inlen, (block128_f) AES_encrypt);
+        else
+            rv = CRYPTO_128_unwrap(&wctx->ks.ks, wctx->iv,
+                                   out, in, inlen, (block128_f) AES_decrypt);
+    }
+    return rv ? (int)rv : -1;
+}
+
+#define WRAP_FLAGS      (EVP_CIPH_WRAP_MODE \
+                | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
+                | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_FLAG_DEFAULT_ASN1)
+
+static const EVP_CIPHER aes_128_wrap = {
+    NID_id_aes128_wrap,
+    8, 16, 8, WRAP_FLAGS,
+    aes_wrap_init_key, aes_wrap_cipher,
+    NULL,
+    sizeof(EVP_AES_WRAP_CTX),
+    NULL, NULL, NULL, NULL
+};
+
+const EVP_CIPHER *EVP_aes_128_wrap(void)
+{
+    return &aes_128_wrap;
+}
+
+static const EVP_CIPHER aes_192_wrap = {
+    NID_id_aes192_wrap,
+    8, 24, 8, WRAP_FLAGS,
+    aes_wrap_init_key, aes_wrap_cipher,
+    NULL,
+    sizeof(EVP_AES_WRAP_CTX),
+    NULL, NULL, NULL, NULL
+};
+
+const EVP_CIPHER *EVP_aes_192_wrap(void)
+{
+    return &aes_192_wrap;
+}
+
+static const EVP_CIPHER aes_256_wrap = {
+    NID_id_aes256_wrap,
+    8, 32, 8, WRAP_FLAGS,
+    aes_wrap_init_key, aes_wrap_cipher,
+    NULL,
+    sizeof(EVP_AES_WRAP_CTX),
+    NULL, NULL, NULL, NULL
+};
+
+const EVP_CIPHER *EVP_aes_256_wrap(void)
+{
+    return &aes_256_wrap;
+}
+
+static const EVP_CIPHER aes_128_wrap_pad = {
+    NID_id_aes128_wrap_pad,
+    8, 16, 4, WRAP_FLAGS,
+    aes_wrap_init_key, aes_wrap_cipher,
+    NULL,
+    sizeof(EVP_AES_WRAP_CTX),
+    NULL, NULL, NULL, NULL
+};
+
+const EVP_CIPHER *EVP_aes_128_wrap_pad(void)
+{
+    return &aes_128_wrap_pad;
+}
+
+static const EVP_CIPHER aes_192_wrap_pad = {
+    NID_id_aes192_wrap_pad,
+    8, 24, 4, WRAP_FLAGS,
+    aes_wrap_init_key, aes_wrap_cipher,
+    NULL,
+    sizeof(EVP_AES_WRAP_CTX),
+    NULL, NULL, NULL, NULL
+};
+
+const EVP_CIPHER *EVP_aes_192_wrap_pad(void)
+{
+    return &aes_192_wrap_pad;
+}
+
+static const EVP_CIPHER aes_256_wrap_pad = {
+    NID_id_aes256_wrap_pad,
+    8, 32, 4, WRAP_FLAGS,
+    aes_wrap_init_key, aes_wrap_cipher,
+    NULL,
+    sizeof(EVP_AES_WRAP_CTX),
+    NULL, NULL, NULL, NULL
+};
+
+const EVP_CIPHER *EVP_aes_256_wrap_pad(void)
+{
+    return &aes_256_wrap_pad;
+}
+
+#ifndef OPENSSL_NO_OCB
+static int aes_ocb_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+{
+    EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,c);
+    EVP_CIPHER_CTX *newc;
+    EVP_AES_OCB_CTX *new_octx;
+
+    switch (type) {
+    case EVP_CTRL_INIT:
+        octx->key_set = 0;
+        octx->iv_set = 0;
+        octx->ivlen = EVP_CIPHER_CTX_iv_length(c);
+        octx->iv = EVP_CIPHER_CTX_iv_noconst(c);
+        octx->taglen = 16;
+        octx->data_buf_len = 0;
+        octx->aad_buf_len = 0;
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_IVLEN:
+        /* IV len must be 1 to 15 */
+        if (arg <= 0 || arg > 15)
+            return 0;
+
+        octx->ivlen = arg;
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_TAG:
+        if (!ptr) {
+            /* Tag len must be 0 to 16 */
+            if (arg < 0 || arg > 16)
+                return 0;
+
+            octx->taglen = arg;
+            return 1;
+        }
+        if (arg != octx->taglen || EVP_CIPHER_CTX_encrypting(c))
+            return 0;
+        memcpy(octx->tag, ptr, arg);
+        return 1;
+
+    case EVP_CTRL_AEAD_GET_TAG:
+        if (arg != octx->taglen || !EVP_CIPHER_CTX_encrypting(c))
+            return 0;
+
+        memcpy(ptr, octx->tag, arg);
+        return 1;
+
+    case EVP_CTRL_COPY:
+        newc = (EVP_CIPHER_CTX *)ptr;
+        new_octx = EVP_C_DATA(EVP_AES_OCB_CTX,newc);
+        return CRYPTO_ocb128_copy_ctx(&new_octx->ocb, &octx->ocb,
+                                      &new_octx->ksenc.ks,
+                                      &new_octx->ksdec.ks);
+
+    default:
+        return -1;
+
+    }
+}
+
+# ifdef HWAES_CAPABLE
+#  ifdef HWAES_ocb_encrypt
+void HWAES_ocb_encrypt(const unsigned char *in, unsigned char *out,
+                       size_t blocks, const void *key,
+                       size_t start_block_num,
+                       unsigned char offset_i[16],
+                       const unsigned char L_[][16],
+                       unsigned char checksum[16]);
+#  else
+#    define HWAES_ocb_encrypt ((ocb128_f)NULL)
+#  endif
+#  ifdef HWAES_ocb_decrypt
+void HWAES_ocb_decrypt(const unsigned char *in, unsigned char *out,
+                       size_t blocks, const void *key,
+                       size_t start_block_num,
+                       unsigned char offset_i[16],
+                       const unsigned char L_[][16],
+                       unsigned char checksum[16]);
+#  else
+#    define HWAES_ocb_decrypt ((ocb128_f)NULL)
+#  endif
+# endif
+
+static int aes_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                            const unsigned char *iv, int enc)
+{
+    EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,ctx);
+    if (!iv && !key)
+        return 1;
+    if (key) {
+        do {
+            /*
+             * We set both the encrypt and decrypt key here because decrypt
+             * needs both. We could possibly optimise to remove setting the
+             * decrypt for an encryption operation.
+             */
+# ifdef HWAES_CAPABLE
+            if (HWAES_CAPABLE) {
+                HWAES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                      &octx->ksenc.ks);
+                HWAES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                      &octx->ksdec.ks);
+                if (!CRYPTO_ocb128_init(&octx->ocb,
+                                        &octx->ksenc.ks, &octx->ksdec.ks,
+                                        (block128_f) HWAES_encrypt,
+                                        (block128_f) HWAES_decrypt,
+                                        enc ? HWAES_ocb_encrypt
+                                            : HWAES_ocb_decrypt))
+                    return 0;
+                break;
+            }
+# endif
+# ifdef VPAES_CAPABLE
+            if (VPAES_CAPABLE) {
+                vpaes_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                      &octx->ksenc.ks);
+                vpaes_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                      &octx->ksdec.ks);
+                if (!CRYPTO_ocb128_init(&octx->ocb,
+                                        &octx->ksenc.ks, &octx->ksdec.ks,
+                                        (block128_f) vpaes_encrypt,
+                                        (block128_f) vpaes_decrypt,
+                                        NULL))
+                    return 0;
+                break;
+            }
+# endif
+            AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                &octx->ksenc.ks);
+            AES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                &octx->ksdec.ks);
+            if (!CRYPTO_ocb128_init(&octx->ocb,
+                                    &octx->ksenc.ks, &octx->ksdec.ks,
+                                    (block128_f) AES_encrypt,
+                                    (block128_f) AES_decrypt,
+                                    NULL))
+                return 0;
+        }
+        while (0);
+
+        /*
+         * If we have an iv we can set it directly, otherwise use saved IV.
+         */
+        if (iv == NULL && octx->iv_set)
+            iv = octx->iv;
+        if (iv) {
+            if (CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen)
+                != 1)
+                return 0;
+            octx->iv_set = 1;
+        }
+        octx->key_set = 1;
+    } else {
+        /* If key set use IV, otherwise copy */
+        if (octx->key_set)
+            CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen);
+        else
+            memcpy(octx->iv, iv, octx->ivlen);
+        octx->iv_set = 1;
+    }
+    return 1;
+}
+
+static int aes_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, size_t len)
+{
+    unsigned char *buf;
+    int *buf_len;
+    int written_len = 0;
+    size_t trailing_len;
+    EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,ctx);
+
+    /* If IV or Key not set then return error */
+    if (!octx->iv_set)
+        return -1;
+
+    if (!octx->key_set)
+        return -1;
+
+    if (in != NULL) {
+        /*
+         * Need to ensure we are only passing full blocks to low level OCB
+         * routines. We do it here rather than in EVP_EncryptUpdate/
+         * EVP_DecryptUpdate because we need to pass full blocks of AAD too
+         * and those routines don't support that
+         */
+
+        /* Are we dealing with AAD or normal data here? */
+        if (out == NULL) {
+            buf = octx->aad_buf;
+            buf_len = &(octx->aad_buf_len);
+        } else {
+            buf = octx->data_buf;
+            buf_len = &(octx->data_buf_len);
+
+            if (is_partially_overlapping(out + *buf_len, in, len)) {
+                EVPerr(EVP_F_AES_OCB_CIPHER, EVP_R_PARTIALLY_OVERLAPPING);
+                return 0;
+            }
+        }
+
+        /*
+         * If we've got a partially filled buffer from a previous call then
+         * use that data first
+         */
+        if (*buf_len > 0) {
+            unsigned int remaining;
+
+            remaining = AES_BLOCK_SIZE - (*buf_len);
+            if (remaining > len) {
+                memcpy(buf + (*buf_len), in, len);
+                *(buf_len) += len;
+                return 0;
+            }
+            memcpy(buf + (*buf_len), in, remaining);
+
+            /*
+             * If we get here we've filled the buffer, so process it
+             */
+            len -= remaining;
+            in += remaining;
+            if (out == NULL) {
+                if (!CRYPTO_ocb128_aad(&octx->ocb, buf, AES_BLOCK_SIZE))
+                    return -1;
+            } else if (EVP_CIPHER_CTX_encrypting(ctx)) {
+                if (!CRYPTO_ocb128_encrypt(&octx->ocb, buf, out,
+                                           AES_BLOCK_SIZE))
+                    return -1;
+            } else {
+                if (!CRYPTO_ocb128_decrypt(&octx->ocb, buf, out,
+                                           AES_BLOCK_SIZE))
+                    return -1;
+            }
+            written_len = AES_BLOCK_SIZE;
+            *buf_len = 0;
+            if (out != NULL)
+                out += AES_BLOCK_SIZE;
+        }
+
+        /* Do we have a partial block to handle at the end? */
+        trailing_len = len % AES_BLOCK_SIZE;
+
+        /*
+         * If we've got some full blocks to handle, then process these first
+         */
+        if (len != trailing_len) {
+            if (out == NULL) {
+                if (!CRYPTO_ocb128_aad(&octx->ocb, in, len - trailing_len))
+                    return -1;
+            } else if (EVP_CIPHER_CTX_encrypting(ctx)) {
+                if (!CRYPTO_ocb128_encrypt
+                    (&octx->ocb, in, out, len - trailing_len))
+                    return -1;
+            } else {
+                if (!CRYPTO_ocb128_decrypt
+                    (&octx->ocb, in, out, len - trailing_len))
+                    return -1;
+            }
+            written_len += len - trailing_len;
+            in += len - trailing_len;
+        }
+
+        /* Handle any trailing partial block */
+        if (trailing_len > 0) {
+            memcpy(buf, in, trailing_len);
+            *buf_len = trailing_len;
+        }
+
+        return written_len;
+    } else {
+        /*
+         * First of all empty the buffer of any partial block that we might
+         * have been provided - both for data and AAD
+         */
+        if (octx->data_buf_len > 0) {
+            if (EVP_CIPHER_CTX_encrypting(ctx)) {
+                if (!CRYPTO_ocb128_encrypt(&octx->ocb, octx->data_buf, out,
+                                           octx->data_buf_len))
+                    return -1;
+            } else {
+                if (!CRYPTO_ocb128_decrypt(&octx->ocb, octx->data_buf, out,
+                                           octx->data_buf_len))
+                    return -1;
+            }
+            written_len = octx->data_buf_len;
+            octx->data_buf_len = 0;
+        }
+        if (octx->aad_buf_len > 0) {
+            if (!CRYPTO_ocb128_aad
+                (&octx->ocb, octx->aad_buf, octx->aad_buf_len))
+                return -1;
+            octx->aad_buf_len = 0;
+        }
+        /* If decrypting then verify */
+        if (!EVP_CIPHER_CTX_encrypting(ctx)) {
+            if (octx->taglen < 0)
+                return -1;
+            if (CRYPTO_ocb128_finish(&octx->ocb,
+                                     octx->tag, octx->taglen) != 0)
+                return -1;
+            octx->iv_set = 0;
+            return written_len;
+        }
+        /* If encrypting then just get the tag */
+        if (CRYPTO_ocb128_tag(&octx->ocb, octx->tag, 16) != 1)
+            return -1;
+        /* Don't reuse the IV */
+        octx->iv_set = 0;
+        return written_len;
+    }
+}
+
+static int aes_ocb_cleanup(EVP_CIPHER_CTX *c)
+{
+    EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,c);
+    CRYPTO_ocb128_cleanup(&octx->ocb);
+    return 1;
+}
+
+BLOCK_CIPHER_custom(NID_aes, 128, 16, 12, ocb, OCB,
+                    EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+BLOCK_CIPHER_custom(NID_aes, 192, 16, 12, ocb, OCB,
+                    EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+BLOCK_CIPHER_custom(NID_aes, 256, 16, 12, ocb, OCB,
+                    EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+#endif                         /* OPENSSL_NO_OCB */
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_aes_cbc_hmac_sha1.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_aes_cbc_hmac_sha1.c
new file mode 100644
index 000000000..09d24dc3d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -0,0 +1,964 @@
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+
+#include <stdio.h>
+#include <string.h>
+
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/aes.h>
+#include <openssl/sha.h>
+#include <openssl/rand.h>
+#include "modes_lcl.h"
+#include "internal/evp_int.h"
+#include "internal/constant_time_locl.h"
+
+typedef struct {
+    AES_KEY ks;
+    SHA_CTX head, tail, md;
+    size_t payload_length;      /* AAD length in decrypt case */
+    union {
+        unsigned int tls_ver;
+        unsigned char tls_aad[16]; /* 13 used */
+    } aux;
+} EVP_AES_HMAC_SHA1;
+
+#define NO_PAYLOAD_LENGTH       ((size_t)-1)
+
+#if     defined(AES_ASM) &&     ( \
+        defined(__x86_64)       || defined(__x86_64__)  || \
+        defined(_M_AMD64)       || defined(_M_X64)      )
+
+extern unsigned int OPENSSL_ia32cap_P[];
+# define AESNI_CAPABLE   (1<<(57-32))
+
+int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
+                          AES_KEY *key);
+int aesni_set_decrypt_key(const unsigned char *userKey, int bits,
+                          AES_KEY *key);
+
+void aesni_cbc_encrypt(const unsigned char *in,
+                       unsigned char *out,
+                       size_t length,
+                       const AES_KEY *key, unsigned char *ivec, int enc);
+
+void aesni_cbc_sha1_enc(const void *inp, void *out, size_t blocks,
+                        const AES_KEY *key, unsigned char iv[16],
+                        SHA_CTX *ctx, const void *in0);
+
+void aesni256_cbc_sha1_dec(const void *inp, void *out, size_t blocks,
+                           const AES_KEY *key, unsigned char iv[16],
+                           SHA_CTX *ctx, const void *in0);
+
+# define data(ctx) ((EVP_AES_HMAC_SHA1 *)EVP_CIPHER_CTX_get_cipher_data(ctx))
+
+static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
+                                        const unsigned char *inkey,
+                                        const unsigned char *iv, int enc)
+{
+    EVP_AES_HMAC_SHA1 *key = data(ctx);
+    int ret;
+
+    if (enc)
+        ret = aesni_set_encrypt_key(inkey,
+                                    EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                    &key->ks);
+    else
+        ret = aesni_set_decrypt_key(inkey,
+                                    EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                    &key->ks);
+
+    SHA1_Init(&key->head);      /* handy when benchmarking */
+    key->tail = key->head;
+    key->md = key->head;
+
+    key->payload_length = NO_PAYLOAD_LENGTH;
+
+    return ret < 0 ? 0 : 1;
+}
+
+# define STITCHED_CALL
+# undef  STITCHED_DECRYPT_CALL
+
+# if !defined(STITCHED_CALL)
+#  define aes_off 0
+# endif
+
+void sha1_block_data_order(void *c, const void *p, size_t len);
+
+static void sha1_update(SHA_CTX *c, const void *data, size_t len)
+{
+    const unsigned char *ptr = data;
+    size_t res;
+
+    if ((res = c->num)) {
+        res = SHA_CBLOCK - res;
+        if (len < res)
+            res = len;
+        SHA1_Update(c, ptr, res);
+        ptr += res;
+        len -= res;
+    }
+
+    res = len % SHA_CBLOCK;
+    len -= res;
+
+    if (len) {
+        sha1_block_data_order(c, ptr, len / SHA_CBLOCK);
+
+        ptr += len;
+        c->Nh += len >> 29;
+        c->Nl += len <<= 3;
+        if (c->Nl < (unsigned int)len)
+            c->Nh++;
+    }
+
+    if (res)
+        SHA1_Update(c, ptr, res);
+}
+
+# ifdef SHA1_Update
+#  undef SHA1_Update
+# endif
+# define SHA1_Update sha1_update
+
+# if !defined(OPENSSL_NO_MULTIBLOCK)
+
+typedef struct {
+    unsigned int A[8], B[8], C[8], D[8], E[8];
+} SHA1_MB_CTX;
+typedef struct {
+    const unsigned char *ptr;
+    int blocks;
+} HASH_DESC;
+
+void sha1_multi_block(SHA1_MB_CTX *, const HASH_DESC *, int);
+
+typedef struct {
+    const unsigned char *inp;
+    unsigned char *out;
+    int blocks;
+    u64 iv[2];
+} CIPH_DESC;
+
+void aesni_multi_cbc_encrypt(CIPH_DESC *, void *, int);
+
+static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key,
+                                         unsigned char *out,
+                                         const unsigned char *inp,
+                                         size_t inp_len, int n4x)
+{                               /* n4x is 1 or 2 */
+    HASH_DESC hash_d[8], edges[8];
+    CIPH_DESC ciph_d[8];
+    unsigned char storage[sizeof(SHA1_MB_CTX) + 32];
+    union {
+        u64 q[16];
+        u32 d[32];
+        u8 c[128];
+    } blocks[8];
+    SHA1_MB_CTX *ctx;
+    unsigned int frag, last, packlen, i, x4 = 4 * n4x, minblocks, processed =
+        0;
+    size_t ret = 0;
+    u8 *IVs;
+#  if defined(BSWAP8)
+    u64 seqnum;
+#  endif
+
+    /* ask for IVs in bulk */
+    if (RAND_bytes((IVs = blocks[0].c), 16 * x4) <= 0)
+        return 0;
+
+    ctx = (SHA1_MB_CTX *) (storage + 32 - ((size_t)storage % 32)); /* align */
+
+    frag = (unsigned int)inp_len >> (1 + n4x);
+    last = (unsigned int)inp_len + frag - (frag << (1 + n4x));
+    if (last > frag && ((last + 13 + 9) % 64) < (x4 - 1)) {
+        frag++;
+        last -= x4 - 1;
+    }
+
+    packlen = 5 + 16 + ((frag + 20 + 16) & -16);
+
+    /* populate descriptors with pointers and IVs */
+    hash_d[0].ptr = inp;
+    ciph_d[0].inp = inp;
+    /* 5+16 is place for header and explicit IV */
+    ciph_d[0].out = out + 5 + 16;
+    memcpy(ciph_d[0].out - 16, IVs, 16);
+    memcpy(ciph_d[0].iv, IVs, 16);
+    IVs += 16;
+
+    for (i = 1; i < x4; i++) {
+        ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
+        ciph_d[i].out = ciph_d[i - 1].out + packlen;
+        memcpy(ciph_d[i].out - 16, IVs, 16);
+        memcpy(ciph_d[i].iv, IVs, 16);
+        IVs += 16;
+    }
+
+#  if defined(BSWAP8)
+    memcpy(blocks[0].c, key->md.data, 8);
+    seqnum = BSWAP8(blocks[0].q[0]);
+#  endif
+    for (i = 0; i < x4; i++) {
+        unsigned int len = (i == (x4 - 1) ? last : frag);
+#  if !defined(BSWAP8)
+        unsigned int carry, j;
+#  endif
+
+        ctx->A[i] = key->md.h0;
+        ctx->B[i] = key->md.h1;
+        ctx->C[i] = key->md.h2;
+        ctx->D[i] = key->md.h3;
+        ctx->E[i] = key->md.h4;
+
+        /* fix seqnum */
+#  if defined(BSWAP8)
+        blocks[i].q[0] = BSWAP8(seqnum + i);
+#  else
+        for (carry = i, j = 8; j--;) {
+            blocks[i].c[j] = ((u8 *)key->md.data)[j] + carry;
+            carry = (blocks[i].c[j] - carry) >> (sizeof(carry) * 8 - 1);
+        }
+#  endif
+        blocks[i].c[8] = ((u8 *)key->md.data)[8];
+        blocks[i].c[9] = ((u8 *)key->md.data)[9];
+        blocks[i].c[10] = ((u8 *)key->md.data)[10];
+        /* fix length */
+        blocks[i].c[11] = (u8)(len >> 8);
+        blocks[i].c[12] = (u8)(len);
+
+        memcpy(blocks[i].c + 13, hash_d[i].ptr, 64 - 13);
+        hash_d[i].ptr += 64 - 13;
+        hash_d[i].blocks = (len - (64 - 13)) / 64;
+
+        edges[i].ptr = blocks[i].c;
+        edges[i].blocks = 1;
+    }
+
+    /* hash 13-byte headers and first 64-13 bytes of inputs */
+    sha1_multi_block(ctx, edges, n4x);
+    /* hash bulk inputs */
+#  define MAXCHUNKSIZE    2048
+#  if     MAXCHUNKSIZE%64
+#   error  "MAXCHUNKSIZE is not divisible by 64"
+#  elif   MAXCHUNKSIZE
+    /*
+     * goal is to minimize pressure on L1 cache by moving in shorter steps,
+     * so that hashed data is still in the cache by the time we encrypt it
+     */
+    minblocks = ((frag <= last ? frag : last) - (64 - 13)) / 64;
+    if (minblocks > MAXCHUNKSIZE / 64) {
+        for (i = 0; i < x4; i++) {
+            edges[i].ptr = hash_d[i].ptr;
+            edges[i].blocks = MAXCHUNKSIZE / 64;
+            ciph_d[i].blocks = MAXCHUNKSIZE / 16;
+        }
+        do {
+            sha1_multi_block(ctx, edges, n4x);
+            aesni_multi_cbc_encrypt(ciph_d, &key->ks, n4x);
+
+            for (i = 0; i < x4; i++) {
+                edges[i].ptr = hash_d[i].ptr += MAXCHUNKSIZE;
+                hash_d[i].blocks -= MAXCHUNKSIZE / 64;
+                edges[i].blocks = MAXCHUNKSIZE / 64;
+                ciph_d[i].inp += MAXCHUNKSIZE;
+                ciph_d[i].out += MAXCHUNKSIZE;
+                ciph_d[i].blocks = MAXCHUNKSIZE / 16;
+                memcpy(ciph_d[i].iv, ciph_d[i].out - 16, 16);
+            }
+            processed += MAXCHUNKSIZE;
+            minblocks -= MAXCHUNKSIZE / 64;
+        } while (minblocks > MAXCHUNKSIZE / 64);
+    }
+#  endif
+#  undef  MAXCHUNKSIZE
+    sha1_multi_block(ctx, hash_d, n4x);
+
+    memset(blocks, 0, sizeof(blocks));
+    for (i = 0; i < x4; i++) {
+        unsigned int len = (i == (x4 - 1) ? last : frag),
+            off = hash_d[i].blocks * 64;
+        const unsigned char *ptr = hash_d[i].ptr + off;
+
+        off = (len - processed) - (64 - 13) - off; /* remainder actually */
+        memcpy(blocks[i].c, ptr, off);
+        blocks[i].c[off] = 0x80;
+        len += 64 + 13;         /* 64 is HMAC header */
+        len *= 8;               /* convert to bits */
+        if (off < (64 - 8)) {
+#  ifdef BSWAP4
+            blocks[i].d[15] = BSWAP4(len);
+#  else
+            PUTU32(blocks[i].c + 60, len);
+#  endif
+            edges[i].blocks = 1;
+        } else {
+#  ifdef BSWAP4
+            blocks[i].d[31] = BSWAP4(len);
+#  else
+            PUTU32(blocks[i].c + 124, len);
+#  endif
+            edges[i].blocks = 2;
+        }
+        edges[i].ptr = blocks[i].c;
+    }
+
+    /* hash input tails and finalize */
+    sha1_multi_block(ctx, edges, n4x);
+
+    memset(blocks, 0, sizeof(blocks));
+    for (i = 0; i < x4; i++) {
+#  ifdef BSWAP4
+        blocks[i].d[0] = BSWAP4(ctx->A[i]);
+        ctx->A[i] = key->tail.h0;
+        blocks[i].d[1] = BSWAP4(ctx->B[i]);
+        ctx->B[i] = key->tail.h1;
+        blocks[i].d[2] = BSWAP4(ctx->C[i]);
+        ctx->C[i] = key->tail.h2;
+        blocks[i].d[3] = BSWAP4(ctx->D[i]);
+        ctx->D[i] = key->tail.h3;
+        blocks[i].d[4] = BSWAP4(ctx->E[i]);
+        ctx->E[i] = key->tail.h4;
+        blocks[i].c[20] = 0x80;
+        blocks[i].d[15] = BSWAP4((64 + 20) * 8);
+#  else
+        PUTU32(blocks[i].c + 0, ctx->A[i]);
+        ctx->A[i] = key->tail.h0;
+        PUTU32(blocks[i].c + 4, ctx->B[i]);
+        ctx->B[i] = key->tail.h1;
+        PUTU32(blocks[i].c + 8, ctx->C[i]);
+        ctx->C[i] = key->tail.h2;
+        PUTU32(blocks[i].c + 12, ctx->D[i]);
+        ctx->D[i] = key->tail.h3;
+        PUTU32(blocks[i].c + 16, ctx->E[i]);
+        ctx->E[i] = key->tail.h4;
+        blocks[i].c[20] = 0x80;
+        PUTU32(blocks[i].c + 60, (64 + 20) * 8);
+#  endif
+        edges[i].ptr = blocks[i].c;
+        edges[i].blocks = 1;
+    }
+
+    /* finalize MACs */
+    sha1_multi_block(ctx, edges, n4x);
+
+    for (i = 0; i < x4; i++) {
+        unsigned int len = (i == (x4 - 1) ? last : frag), pad, j;
+        unsigned char *out0 = out;
+
+        memcpy(ciph_d[i].out, ciph_d[i].inp, len - processed);
+        ciph_d[i].inp = ciph_d[i].out;
+
+        out += 5 + 16 + len;
+
+        /* write MAC */
+        PUTU32(out + 0, ctx->A[i]);
+        PUTU32(out + 4, ctx->B[i]);
+        PUTU32(out + 8, ctx->C[i]);
+        PUTU32(out + 12, ctx->D[i]);
+        PUTU32(out + 16, ctx->E[i]);
+        out += 20;
+        len += 20;
+
+        /* pad */
+        pad = 15 - len % 16;
+        for (j = 0; j <= pad; j++)
+            *(out++) = pad;
+        len += pad + 1;
+
+        ciph_d[i].blocks = (len - processed) / 16;
+        len += 16;              /* account for explicit iv */
+
+        /* arrange header */
+        out0[0] = ((u8 *)key->md.data)[8];
+        out0[1] = ((u8 *)key->md.data)[9];
+        out0[2] = ((u8 *)key->md.data)[10];
+        out0[3] = (u8)(len >> 8);
+        out0[4] = (u8)(len);
+
+        ret += len + 5;
+        inp += frag;
+    }
+
+    aesni_multi_cbc_encrypt(ciph_d, &key->ks, n4x);
+
+    OPENSSL_cleanse(blocks, sizeof(blocks));
+    OPENSSL_cleanse(ctx, sizeof(*ctx));
+
+    return ret;
+}
+# endif
+
+static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                      const unsigned char *in, size_t len)
+{
+    EVP_AES_HMAC_SHA1 *key = data(ctx);
+    unsigned int l;
+    size_t plen = key->payload_length, iv = 0, /* explicit IV in TLS 1.1 and
+                                                * later */
+        sha_off = 0;
+# if defined(STITCHED_CALL)
+    size_t aes_off = 0, blocks;
+
+    sha_off = SHA_CBLOCK - key->md.num;
+# endif
+
+    key->payload_length = NO_PAYLOAD_LENGTH;
+
+    if (len % AES_BLOCK_SIZE)
+        return 0;
+
+    if (EVP_CIPHER_CTX_encrypting(ctx)) {
+        if (plen == NO_PAYLOAD_LENGTH)
+            plen = len;
+        else if (len !=
+                 ((plen + SHA_DIGEST_LENGTH +
+                   AES_BLOCK_SIZE) & -AES_BLOCK_SIZE))
+            return 0;
+        else if (key->aux.tls_ver >= TLS1_1_VERSION)
+            iv = AES_BLOCK_SIZE;
+
+# if defined(STITCHED_CALL)
+        if (plen > (sha_off + iv)
+            && (blocks = (plen - (sha_off + iv)) / SHA_CBLOCK)) {
+            SHA1_Update(&key->md, in + iv, sha_off);
+
+            aesni_cbc_sha1_enc(in, out, blocks, &key->ks,
+                               EVP_CIPHER_CTX_iv_noconst(ctx),
+                               &key->md, in + iv + sha_off);
+            blocks *= SHA_CBLOCK;
+            aes_off += blocks;
+            sha_off += blocks;
+            key->md.Nh += blocks >> 29;
+            key->md.Nl += blocks <<= 3;
+            if (key->md.Nl < (unsigned int)blocks)
+                key->md.Nh++;
+        } else {
+            sha_off = 0;
+        }
+# endif
+        sha_off += iv;
+        SHA1_Update(&key->md, in + sha_off, plen - sha_off);
+
+        if (plen != len) {      /* "TLS" mode of operation */
+            if (in != out)
+                memcpy(out + aes_off, in + aes_off, plen - aes_off);
+
+            /* calculate HMAC and append it to payload */
+            SHA1_Final(out + plen, &key->md);
+            key->md = key->tail;
+            SHA1_Update(&key->md, out + plen, SHA_DIGEST_LENGTH);
+            SHA1_Final(out + plen, &key->md);
+
+            /* pad the payload|hmac */
+            plen += SHA_DIGEST_LENGTH;
+            for (l = len - plen - 1; plen < len; plen++)
+                out[plen] = l;
+            /* encrypt HMAC|padding at once */
+            aesni_cbc_encrypt(out + aes_off, out + aes_off, len - aes_off,
+                              &key->ks, EVP_CIPHER_CTX_iv_noconst(ctx), 1);
+        } else {
+            aesni_cbc_encrypt(in + aes_off, out + aes_off, len - aes_off,
+                              &key->ks, EVP_CIPHER_CTX_iv_noconst(ctx), 1);
+        }
+    } else {
+        union {
+            unsigned int u[SHA_DIGEST_LENGTH / sizeof(unsigned int)];
+            unsigned char c[32 + SHA_DIGEST_LENGTH];
+        } mac, *pmac;
+
+        /* arrange cache line alignment */
+        pmac = (void *)(((size_t)mac.c + 31) & ((size_t)0 - 32));
+
+        if (plen != NO_PAYLOAD_LENGTH) { /* "TLS" mode of operation */
+            size_t inp_len, mask, j, i;
+            unsigned int res, maxpad, pad, bitlen;
+            int ret = 1;
+            union {
+                unsigned int u[SHA_LBLOCK];
+                unsigned char c[SHA_CBLOCK];
+            } *data = (void *)key->md.data;
+# if defined(STITCHED_DECRYPT_CALL)
+            unsigned char tail_iv[AES_BLOCK_SIZE];
+            int stitch = 0;
+# endif
+
+            if ((key->aux.tls_aad[plen - 4] << 8 | key->aux.tls_aad[plen - 3])
+                >= TLS1_1_VERSION) {
+                if (len < (AES_BLOCK_SIZE + SHA_DIGEST_LENGTH + 1))
+                    return 0;
+
+                /* omit explicit iv */
+                memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), in, AES_BLOCK_SIZE);
+
+                in += AES_BLOCK_SIZE;
+                out += AES_BLOCK_SIZE;
+                len -= AES_BLOCK_SIZE;
+            } else if (len < (SHA_DIGEST_LENGTH + 1))
+                return 0;
+
+# if defined(STITCHED_DECRYPT_CALL)
+            if (len >= 1024 && ctx->key_len == 32) {
+                /* decrypt last block */
+                memcpy(tail_iv, in + len - 2 * AES_BLOCK_SIZE,
+                       AES_BLOCK_SIZE);
+                aesni_cbc_encrypt(in + len - AES_BLOCK_SIZE,
+                                  out + len - AES_BLOCK_SIZE, AES_BLOCK_SIZE,
+                                  &key->ks, tail_iv, 0);
+                stitch = 1;
+            } else
+# endif
+                /* decrypt HMAC|padding at once */
+                aesni_cbc_encrypt(in, out, len, &key->ks,
+                                  EVP_CIPHER_CTX_iv_noconst(ctx), 0);
+
+            /* figure out payload length */
+            pad = out[len - 1];
+            maxpad = len - (SHA_DIGEST_LENGTH + 1);
+            maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8);
+            maxpad &= 255;
+
+            mask = constant_time_ge(maxpad, pad);
+            ret &= mask;
+            /*
+             * If pad is invalid then we will fail the above test but we must
+             * continue anyway because we are in constant time code. However,
+             * we'll use the maxpad value instead of the supplied pad to make
+             * sure we perform well defined pointer arithmetic.
+             */
+            pad = constant_time_select(mask, pad, maxpad);
+
+            inp_len = len - (SHA_DIGEST_LENGTH + pad + 1);
+
+            key->aux.tls_aad[plen - 2] = inp_len >> 8;
+            key->aux.tls_aad[plen - 1] = inp_len;
+
+            /* calculate HMAC */
+            key->md = key->head;
+            SHA1_Update(&key->md, key->aux.tls_aad, plen);
+
+# if defined(STITCHED_DECRYPT_CALL)
+            if (stitch) {
+                blocks = (len - (256 + 32 + SHA_CBLOCK)) / SHA_CBLOCK;
+                aes_off = len - AES_BLOCK_SIZE - blocks * SHA_CBLOCK;
+                sha_off = SHA_CBLOCK - plen;
+
+                aesni_cbc_encrypt(in, out, aes_off, &key->ks, ctx->iv, 0);
+
+                SHA1_Update(&key->md, out, sha_off);
+                aesni256_cbc_sha1_dec(in + aes_off,
+                                      out + aes_off, blocks, &key->ks,
+                                      ctx->iv, &key->md, out + sha_off);
+
+                sha_off += blocks *= SHA_CBLOCK;
+                out += sha_off;
+                len -= sha_off;
+                inp_len -= sha_off;
+
+                key->md.Nl += (blocks << 3); /* at most 18 bits */
+                memcpy(ctx->iv, tail_iv, AES_BLOCK_SIZE);
+            }
+# endif
+
+# if 1      /* see original reference version in #else */
+            len -= SHA_DIGEST_LENGTH; /* amend mac */
+            if (len >= (256 + SHA_CBLOCK)) {
+                j = (len - (256 + SHA_CBLOCK)) & (0 - SHA_CBLOCK);
+                j += SHA_CBLOCK - key->md.num;
+                SHA1_Update(&key->md, out, j);
+                out += j;
+                len -= j;
+                inp_len -= j;
+            }
+
+            /* but pretend as if we hashed padded payload */
+            bitlen = key->md.Nl + (inp_len << 3); /* at most 18 bits */
+#  ifdef BSWAP4
+            bitlen = BSWAP4(bitlen);
+#  else
+            mac.c[0] = 0;
+            mac.c[1] = (unsigned char)(bitlen >> 16);
+            mac.c[2] = (unsigned char)(bitlen >> 8);
+            mac.c[3] = (unsigned char)bitlen;
+            bitlen = mac.u[0];
+#  endif
+
+            pmac->u[0] = 0;
+            pmac->u[1] = 0;
+            pmac->u[2] = 0;
+            pmac->u[3] = 0;
+            pmac->u[4] = 0;
+
+            for (res = key->md.num, j = 0; j < len; j++) {
+                size_t c = out[j];
+                mask = (j - inp_len) >> (sizeof(j) * 8 - 8);
+                c &= mask;
+                c |= 0x80 & ~mask & ~((inp_len - j) >> (sizeof(j) * 8 - 8));
+                data->c[res++] = (unsigned char)c;
+
+                if (res != SHA_CBLOCK)
+                    continue;
+
+                /* j is not incremented yet */
+                mask = 0 - ((inp_len + 7 - j) >> (sizeof(j) * 8 - 1));
+                data->u[SHA_LBLOCK - 1] |= bitlen & mask;
+                sha1_block_data_order(&key->md, data, 1);
+                mask &= 0 - ((j - inp_len - 72) >> (sizeof(j) * 8 - 1));
+                pmac->u[0] |= key->md.h0 & mask;
+                pmac->u[1] |= key->md.h1 & mask;
+                pmac->u[2] |= key->md.h2 & mask;
+                pmac->u[3] |= key->md.h3 & mask;
+                pmac->u[4] |= key->md.h4 & mask;
+                res = 0;
+            }
+
+            for (i = res; i < SHA_CBLOCK; i++, j++)
+                data->c[i] = 0;
+
+            if (res > SHA_CBLOCK - 8) {
+                mask = 0 - ((inp_len + 8 - j) >> (sizeof(j) * 8 - 1));
+                data->u[SHA_LBLOCK - 1] |= bitlen & mask;
+                sha1_block_data_order(&key->md, data, 1);
+                mask &= 0 - ((j - inp_len - 73) >> (sizeof(j) * 8 - 1));
+                pmac->u[0] |= key->md.h0 & mask;
+                pmac->u[1] |= key->md.h1 & mask;
+                pmac->u[2] |= key->md.h2 & mask;
+                pmac->u[3] |= key->md.h3 & mask;
+                pmac->u[4] |= key->md.h4 & mask;
+
+                memset(data, 0, SHA_CBLOCK);
+                j += 64;
+            }
+            data->u[SHA_LBLOCK - 1] = bitlen;
+            sha1_block_data_order(&key->md, data, 1);
+            mask = 0 - ((j - inp_len - 73) >> (sizeof(j) * 8 - 1));
+            pmac->u[0] |= key->md.h0 & mask;
+            pmac->u[1] |= key->md.h1 & mask;
+            pmac->u[2] |= key->md.h2 & mask;
+            pmac->u[3] |= key->md.h3 & mask;
+            pmac->u[4] |= key->md.h4 & mask;
+
+#  ifdef BSWAP4
+            pmac->u[0] = BSWAP4(pmac->u[0]);
+            pmac->u[1] = BSWAP4(pmac->u[1]);
+            pmac->u[2] = BSWAP4(pmac->u[2]);
+            pmac->u[3] = BSWAP4(pmac->u[3]);
+            pmac->u[4] = BSWAP4(pmac->u[4]);
+#  else
+            for (i = 0; i < 5; i++) {
+                res = pmac->u[i];
+                pmac->c[4 * i + 0] = (unsigned char)(res >> 24);
+                pmac->c[4 * i + 1] = (unsigned char)(res >> 16);
+                pmac->c[4 * i + 2] = (unsigned char)(res >> 8);
+                pmac->c[4 * i + 3] = (unsigned char)res;
+            }
+#  endif
+            len += SHA_DIGEST_LENGTH;
+# else      /* pre-lucky-13 reference version of above */
+            SHA1_Update(&key->md, out, inp_len);
+            res = key->md.num;
+            SHA1_Final(pmac->c, &key->md);
+
+            {
+                unsigned int inp_blocks, pad_blocks;
+
+                /* but pretend as if we hashed padded payload */
+                inp_blocks =
+                    1 + ((SHA_CBLOCK - 9 - res) >> (sizeof(res) * 8 - 1));
+                res += (unsigned int)(len - inp_len);
+                pad_blocks = res / SHA_CBLOCK;
+                res %= SHA_CBLOCK;
+                pad_blocks +=
+                    1 + ((SHA_CBLOCK - 9 - res) >> (sizeof(res) * 8 - 1));
+                for (; inp_blocks < pad_blocks; inp_blocks++)
+                    sha1_block_data_order(&key->md, data, 1);
+            }
+# endif
+            key->md = key->tail;
+            SHA1_Update(&key->md, pmac->c, SHA_DIGEST_LENGTH);
+            SHA1_Final(pmac->c, &key->md);
+
+            /* verify HMAC */
+            out += inp_len;
+            len -= inp_len;
+# if 1      /* see original reference version in #else */
+            {
+                unsigned char *p = out + len - 1 - maxpad - SHA_DIGEST_LENGTH;
+                size_t off = out - p;
+                unsigned int c, cmask;
+
+                maxpad += SHA_DIGEST_LENGTH;
+                for (res = 0, i = 0, j = 0; j < maxpad; j++) {
+                    c = p[j];
+                    cmask =
+                        ((int)(j - off - SHA_DIGEST_LENGTH)) >> (sizeof(int) *
+                                                                 8 - 1);
+                    res |= (c ^ pad) & ~cmask; /* ... and padding */
+                    cmask &= ((int)(off - 1 - j)) >> (sizeof(int) * 8 - 1);
+                    res |= (c ^ pmac->c[i]) & cmask;
+                    i += 1 & cmask;
+                }
+                maxpad -= SHA_DIGEST_LENGTH;
+
+                res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1));
+                ret &= (int)~res;
+            }
+# else      /* pre-lucky-13 reference version of above */
+            for (res = 0, i = 0; i < SHA_DIGEST_LENGTH; i++)
+                res |= out[i] ^ pmac->c[i];
+            res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1));
+            ret &= (int)~res;
+
+            /* verify padding */
+            pad = (pad & ~res) | (maxpad & res);
+            out = out + len - 1 - pad;
+            for (res = 0, i = 0; i < pad; i++)
+                res |= out[i] ^ pad;
+
+            res = (0 - res) >> (sizeof(res) * 8 - 1);
+            ret &= (int)~res;
+# endif
+            return ret;
+        } else {
+# if defined(STITCHED_DECRYPT_CALL)
+            if (len >= 1024 && ctx->key_len == 32) {
+                if (sha_off %= SHA_CBLOCK)
+                    blocks = (len - 3 * SHA_CBLOCK) / SHA_CBLOCK;
+                else
+                    blocks = (len - 2 * SHA_CBLOCK) / SHA_CBLOCK;
+                aes_off = len - blocks * SHA_CBLOCK;
+
+                aesni_cbc_encrypt(in, out, aes_off, &key->ks, ctx->iv, 0);
+                SHA1_Update(&key->md, out, sha_off);
+                aesni256_cbc_sha1_dec(in + aes_off,
+                                      out + aes_off, blocks, &key->ks,
+                                      ctx->iv, &key->md, out + sha_off);
+
+                sha_off += blocks *= SHA_CBLOCK;
+                out += sha_off;
+                len -= sha_off;
+
+                key->md.Nh += blocks >> 29;
+                key->md.Nl += blocks <<= 3;
+                if (key->md.Nl < (unsigned int)blocks)
+                    key->md.Nh++;
+            } else
+# endif
+                /* decrypt HMAC|padding at once */
+                aesni_cbc_encrypt(in, out, len, &key->ks,
+                                  EVP_CIPHER_CTX_iv_noconst(ctx), 0);
+
+            SHA1_Update(&key->md, out, len);
+        }
+    }
+
+    return 1;
+}
+
+static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+                                    void *ptr)
+{
+    EVP_AES_HMAC_SHA1 *key = data(ctx);
+
+    switch (type) {
+    case EVP_CTRL_AEAD_SET_MAC_KEY:
+        {
+            unsigned int i;
+            unsigned char hmac_key[64];
+
+            memset(hmac_key, 0, sizeof(hmac_key));
+
+            if (arg > (int)sizeof(hmac_key)) {
+                SHA1_Init(&key->head);
+                SHA1_Update(&key->head, ptr, arg);
+                SHA1_Final(hmac_key, &key->head);
+            } else {
+                memcpy(hmac_key, ptr, arg);
+            }
+
+            for (i = 0; i < sizeof(hmac_key); i++)
+                hmac_key[i] ^= 0x36; /* ipad */
+            SHA1_Init(&key->head);
+            SHA1_Update(&key->head, hmac_key, sizeof(hmac_key));
+
+            for (i = 0; i < sizeof(hmac_key); i++)
+                hmac_key[i] ^= 0x36 ^ 0x5c; /* opad */
+            SHA1_Init(&key->tail);
+            SHA1_Update(&key->tail, hmac_key, sizeof(hmac_key));
+
+            OPENSSL_cleanse(hmac_key, sizeof(hmac_key));
+
+            return 1;
+        }
+    case EVP_CTRL_AEAD_TLS1_AAD:
+        {
+            unsigned char *p = ptr;
+            unsigned int len;
+
+            if (arg != EVP_AEAD_TLS1_AAD_LEN)
+                return -1;
+
+            len = p[arg - 2] << 8 | p[arg - 1];
+
+            if (EVP_CIPHER_CTX_encrypting(ctx)) {
+                key->payload_length = len;
+                if ((key->aux.tls_ver =
+                     p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) {
+                    if (len < AES_BLOCK_SIZE)
+                        return 0;
+                    len -= AES_BLOCK_SIZE;
+                    p[arg - 2] = len >> 8;
+                    p[arg - 1] = len;
+                }
+                key->md = key->head;
+                SHA1_Update(&key->md, p, arg);
+
+                return (int)(((len + SHA_DIGEST_LENGTH +
+                               AES_BLOCK_SIZE) & -AES_BLOCK_SIZE)
+                             - len);
+            } else {
+                memcpy(key->aux.tls_aad, ptr, arg);
+                key->payload_length = arg;
+
+                return SHA_DIGEST_LENGTH;
+            }
+        }
+# if !defined(OPENSSL_NO_MULTIBLOCK)
+    case EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE:
+        return (int)(5 + 16 + ((arg + 20 + 16) & -16));
+    case EVP_CTRL_TLS1_1_MULTIBLOCK_AAD:
+        {
+            EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *param =
+                (EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *) ptr;
+            unsigned int n4x = 1, x4;
+            unsigned int frag, last, packlen, inp_len;
+
+            if (arg < (int)sizeof(EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM))
+                return -1;
+
+            inp_len = param->inp[11] << 8 | param->inp[12];
+
+            if (EVP_CIPHER_CTX_encrypting(ctx)) {
+                if ((param->inp[9] << 8 | param->inp[10]) < TLS1_1_VERSION)
+                    return -1;
+
+                if (inp_len) {
+                    if (inp_len < 4096)
+                        return 0; /* too short */
+
+                    if (inp_len >= 8192 && OPENSSL_ia32cap_P[2] & (1 << 5))
+                        n4x = 2; /* AVX2 */
+                } else if ((n4x = param->interleave / 4) && n4x <= 2)
+                    inp_len = param->len;
+                else
+                    return -1;
+
+                key->md = key->head;
+                SHA1_Update(&key->md, param->inp, 13);
+
+                x4 = 4 * n4x;
+                n4x += 1;
+
+                frag = inp_len >> n4x;
+                last = inp_len + frag - (frag << n4x);
+                if (last > frag && ((last + 13 + 9) % 64 < (x4 - 1))) {
+                    frag++;
+                    last -= x4 - 1;
+                }
+
+                packlen = 5 + 16 + ((frag + 20 + 16) & -16);
+                packlen = (packlen << n4x) - packlen;
+                packlen += 5 + 16 + ((last + 20 + 16) & -16);
+
+                param->interleave = x4;
+
+                return (int)packlen;
+            } else
+                return -1;      /* not yet */
+        }
+    case EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT:
+        {
+            EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *param =
+                (EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *) ptr;
+
+            return (int)tls1_1_multi_block_encrypt(key, param->out,
+                                                   param->inp, param->len,
+                                                   param->interleave / 4);
+        }
+    case EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT:
+# endif
+    default:
+        return -1;
+    }
+}
+
+static EVP_CIPHER aesni_128_cbc_hmac_sha1_cipher = {
+# ifdef NID_aes_128_cbc_hmac_sha1
+    NID_aes_128_cbc_hmac_sha1,
+# else
+    NID_undef,
+# endif
+    AES_BLOCK_SIZE, 16, AES_BLOCK_SIZE,
+    EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 |
+        EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK,
+    aesni_cbc_hmac_sha1_init_key,
+    aesni_cbc_hmac_sha1_cipher,
+    NULL,
+    sizeof(EVP_AES_HMAC_SHA1),
+    EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_set_asn1_iv,
+    EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_get_asn1_iv,
+    aesni_cbc_hmac_sha1_ctrl,
+    NULL
+};
+
+static EVP_CIPHER aesni_256_cbc_hmac_sha1_cipher = {
+# ifdef NID_aes_256_cbc_hmac_sha1
+    NID_aes_256_cbc_hmac_sha1,
+# else
+    NID_undef,
+# endif
+    AES_BLOCK_SIZE, 32, AES_BLOCK_SIZE,
+    EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 |
+        EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK,
+    aesni_cbc_hmac_sha1_init_key,
+    aesni_cbc_hmac_sha1_cipher,
+    NULL,
+    sizeof(EVP_AES_HMAC_SHA1),
+    EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_set_asn1_iv,
+    EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_get_asn1_iv,
+    aesni_cbc_hmac_sha1_ctrl,
+    NULL
+};
+
+const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void)
+{
+    return (OPENSSL_ia32cap_P[1] & AESNI_CAPABLE ?
+            &aesni_128_cbc_hmac_sha1_cipher : NULL);
+}
+
+const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void)
+{
+    return (OPENSSL_ia32cap_P[1] & AESNI_CAPABLE ?
+            &aesni_256_cbc_hmac_sha1_cipher : NULL);
+}
+#else
+const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void)
+{
+    return NULL;
+}
+
+const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void)
+{
+    return NULL;
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_aes_cbc_hmac_sha256.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_aes_cbc_hmac_sha256.c
new file mode 100644
index 000000000..caac0c9d3
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_aes_cbc_hmac_sha256.c
@@ -0,0 +1,950 @@
+/*
+ * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+
+#include <stdio.h>
+#include <string.h>
+
+
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/aes.h>
+#include <openssl/sha.h>
+#include <openssl/rand.h>
+#include "modes_lcl.h"
+#include "internal/constant_time_locl.h"
+#include "internal/evp_int.h"
+
+typedef struct {
+    AES_KEY ks;
+    SHA256_CTX head, tail, md;
+    size_t payload_length;      /* AAD length in decrypt case */
+    union {
+        unsigned int tls_ver;
+        unsigned char tls_aad[16]; /* 13 used */
+    } aux;
+} EVP_AES_HMAC_SHA256;
+
+# define NO_PAYLOAD_LENGTH       ((size_t)-1)
+
+#if     defined(AES_ASM) &&     ( \
+        defined(__x86_64)       || defined(__x86_64__)  || \
+        defined(_M_AMD64)       || defined(_M_X64)      )
+
+extern unsigned int OPENSSL_ia32cap_P[];
+# define AESNI_CAPABLE   (1<<(57-32))
+
+int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
+                          AES_KEY *key);
+int aesni_set_decrypt_key(const unsigned char *userKey, int bits,
+                          AES_KEY *key);
+
+void aesni_cbc_encrypt(const unsigned char *in,
+                       unsigned char *out,
+                       size_t length,
+                       const AES_KEY *key, unsigned char *ivec, int enc);
+
+int aesni_cbc_sha256_enc(const void *inp, void *out, size_t blocks,
+                         const AES_KEY *key, unsigned char iv[16],
+                         SHA256_CTX *ctx, const void *in0);
+
+# define data(ctx) ((EVP_AES_HMAC_SHA256 *)EVP_CIPHER_CTX_get_cipher_data(ctx))
+
+static int aesni_cbc_hmac_sha256_init_key(EVP_CIPHER_CTX *ctx,
+                                          const unsigned char *inkey,
+                                          const unsigned char *iv, int enc)
+{
+    EVP_AES_HMAC_SHA256 *key = data(ctx);
+    int ret;
+
+    if (enc)
+        ret = aesni_set_encrypt_key(inkey,
+                                    EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                    &key->ks);
+    else
+        ret = aesni_set_decrypt_key(inkey,
+                                    EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                    &key->ks);
+
+    SHA256_Init(&key->head);    /* handy when benchmarking */
+    key->tail = key->head;
+    key->md = key->head;
+
+    key->payload_length = NO_PAYLOAD_LENGTH;
+
+    return ret < 0 ? 0 : 1;
+}
+
+# define STITCHED_CALL
+
+# if !defined(STITCHED_CALL)
+#  define aes_off 0
+# endif
+
+void sha256_block_data_order(void *c, const void *p, size_t len);
+
+static void sha256_update(SHA256_CTX *c, const void *data, size_t len)
+{
+    const unsigned char *ptr = data;
+    size_t res;
+
+    if ((res = c->num)) {
+        res = SHA256_CBLOCK - res;
+        if (len < res)
+            res = len;
+        SHA256_Update(c, ptr, res);
+        ptr += res;
+        len -= res;
+    }
+
+    res = len % SHA256_CBLOCK;
+    len -= res;
+
+    if (len) {
+        sha256_block_data_order(c, ptr, len / SHA256_CBLOCK);
+
+        ptr += len;
+        c->Nh += len >> 29;
+        c->Nl += len <<= 3;
+        if (c->Nl < (unsigned int)len)
+            c->Nh++;
+    }
+
+    if (res)
+        SHA256_Update(c, ptr, res);
+}
+
+# ifdef SHA256_Update
+#  undef SHA256_Update
+# endif
+# define SHA256_Update sha256_update
+
+# if !defined(OPENSSL_NO_MULTIBLOCK)
+
+typedef struct {
+    unsigned int A[8], B[8], C[8], D[8], E[8], F[8], G[8], H[8];
+} SHA256_MB_CTX;
+typedef struct {
+    const unsigned char *ptr;
+    int blocks;
+} HASH_DESC;
+
+void sha256_multi_block(SHA256_MB_CTX *, const HASH_DESC *, int);
+
+typedef struct {
+    const unsigned char *inp;
+    unsigned char *out;
+    int blocks;
+    u64 iv[2];
+} CIPH_DESC;
+
+void aesni_multi_cbc_encrypt(CIPH_DESC *, void *, int);
+
+static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key,
+                                         unsigned char *out,
+                                         const unsigned char *inp,
+                                         size_t inp_len, int n4x)
+{                               /* n4x is 1 or 2 */
+    HASH_DESC hash_d[8], edges[8];
+    CIPH_DESC ciph_d[8];
+    unsigned char storage[sizeof(SHA256_MB_CTX) + 32];
+    union {
+        u64 q[16];
+        u32 d[32];
+        u8 c[128];
+    } blocks[8];
+    SHA256_MB_CTX *ctx;
+    unsigned int frag, last, packlen, i, x4 = 4 * n4x, minblocks, processed =
+        0;
+    size_t ret = 0;
+    u8 *IVs;
+#  if defined(BSWAP8)
+    u64 seqnum;
+#  endif
+
+    /* ask for IVs in bulk */
+    if (RAND_bytes((IVs = blocks[0].c), 16 * x4) <= 0)
+        return 0;
+
+    /* align */
+    ctx = (SHA256_MB_CTX *) (storage + 32 - ((size_t)storage % 32));
+
+    frag = (unsigned int)inp_len >> (1 + n4x);
+    last = (unsigned int)inp_len + frag - (frag << (1 + n4x));
+    if (last > frag && ((last + 13 + 9) % 64) < (x4 - 1)) {
+        frag++;
+        last -= x4 - 1;
+    }
+
+    packlen = 5 + 16 + ((frag + 32 + 16) & -16);
+
+    /* populate descriptors with pointers and IVs */
+    hash_d[0].ptr = inp;
+    ciph_d[0].inp = inp;
+    /* 5+16 is place for header and explicit IV */
+    ciph_d[0].out = out + 5 + 16;
+    memcpy(ciph_d[0].out - 16, IVs, 16);
+    memcpy(ciph_d[0].iv, IVs, 16);
+    IVs += 16;
+
+    for (i = 1; i < x4; i++) {
+        ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
+        ciph_d[i].out = ciph_d[i - 1].out + packlen;
+        memcpy(ciph_d[i].out - 16, IVs, 16);
+        memcpy(ciph_d[i].iv, IVs, 16);
+        IVs += 16;
+    }
+
+#  if defined(BSWAP8)
+    memcpy(blocks[0].c, key->md.data, 8);
+    seqnum = BSWAP8(blocks[0].q[0]);
+#  endif
+    for (i = 0; i < x4; i++) {
+        unsigned int len = (i == (x4 - 1) ? last : frag);
+#  if !defined(BSWAP8)
+        unsigned int carry, j;
+#  endif
+
+        ctx->A[i] = key->md.h[0];
+        ctx->B[i] = key->md.h[1];
+        ctx->C[i] = key->md.h[2];
+        ctx->D[i] = key->md.h[3];
+        ctx->E[i] = key->md.h[4];
+        ctx->F[i] = key->md.h[5];
+        ctx->G[i] = key->md.h[6];
+        ctx->H[i] = key->md.h[7];
+
+        /* fix seqnum */
+#  if defined(BSWAP8)
+        blocks[i].q[0] = BSWAP8(seqnum + i);
+#  else
+        for (carry = i, j = 8; j--;) {
+            blocks[i].c[j] = ((u8 *)key->md.data)[j] + carry;
+            carry = (blocks[i].c[j] - carry) >> (sizeof(carry) * 8 - 1);
+        }
+#  endif
+        blocks[i].c[8] = ((u8 *)key->md.data)[8];
+        blocks[i].c[9] = ((u8 *)key->md.data)[9];
+        blocks[i].c[10] = ((u8 *)key->md.data)[10];
+        /* fix length */
+        blocks[i].c[11] = (u8)(len >> 8);
+        blocks[i].c[12] = (u8)(len);
+
+        memcpy(blocks[i].c + 13, hash_d[i].ptr, 64 - 13);
+        hash_d[i].ptr += 64 - 13;
+        hash_d[i].blocks = (len - (64 - 13)) / 64;
+
+        edges[i].ptr = blocks[i].c;
+        edges[i].blocks = 1;
+    }
+
+    /* hash 13-byte headers and first 64-13 bytes of inputs */
+    sha256_multi_block(ctx, edges, n4x);
+    /* hash bulk inputs */
+#  define MAXCHUNKSIZE    2048
+#  if     MAXCHUNKSIZE%64
+#   error  "MAXCHUNKSIZE is not divisible by 64"
+#  elif   MAXCHUNKSIZE
+    /*
+     * goal is to minimize pressure on L1 cache by moving in shorter steps,
+     * so that hashed data is still in the cache by the time we encrypt it
+     */
+    minblocks = ((frag <= last ? frag : last) - (64 - 13)) / 64;
+    if (minblocks > MAXCHUNKSIZE / 64) {
+        for (i = 0; i < x4; i++) {
+            edges[i].ptr = hash_d[i].ptr;
+            edges[i].blocks = MAXCHUNKSIZE / 64;
+            ciph_d[i].blocks = MAXCHUNKSIZE / 16;
+        }
+        do {
+            sha256_multi_block(ctx, edges, n4x);
+            aesni_multi_cbc_encrypt(ciph_d, &key->ks, n4x);
+
+            for (i = 0; i < x4; i++) {
+                edges[i].ptr = hash_d[i].ptr += MAXCHUNKSIZE;
+                hash_d[i].blocks -= MAXCHUNKSIZE / 64;
+                edges[i].blocks = MAXCHUNKSIZE / 64;
+                ciph_d[i].inp += MAXCHUNKSIZE;
+                ciph_d[i].out += MAXCHUNKSIZE;
+                ciph_d[i].blocks = MAXCHUNKSIZE / 16;
+                memcpy(ciph_d[i].iv, ciph_d[i].out - 16, 16);
+            }
+            processed += MAXCHUNKSIZE;
+            minblocks -= MAXCHUNKSIZE / 64;
+        } while (minblocks > MAXCHUNKSIZE / 64);
+    }
+#  endif
+#  undef  MAXCHUNKSIZE
+    sha256_multi_block(ctx, hash_d, n4x);
+
+    memset(blocks, 0, sizeof(blocks));
+    for (i = 0; i < x4; i++) {
+        unsigned int len = (i == (x4 - 1) ? last : frag),
+            off = hash_d[i].blocks * 64;
+        const unsigned char *ptr = hash_d[i].ptr + off;
+
+        off = (len - processed) - (64 - 13) - off; /* remainder actually */
+        memcpy(blocks[i].c, ptr, off);
+        blocks[i].c[off] = 0x80;
+        len += 64 + 13;         /* 64 is HMAC header */
+        len *= 8;               /* convert to bits */
+        if (off < (64 - 8)) {
+#  ifdef BSWAP4
+            blocks[i].d[15] = BSWAP4(len);
+#  else
+            PUTU32(blocks[i].c + 60, len);
+#  endif
+            edges[i].blocks = 1;
+        } else {
+#  ifdef BSWAP4
+            blocks[i].d[31] = BSWAP4(len);
+#  else
+            PUTU32(blocks[i].c + 124, len);
+#  endif
+            edges[i].blocks = 2;
+        }
+        edges[i].ptr = blocks[i].c;
+    }
+
+    /* hash input tails and finalize */
+    sha256_multi_block(ctx, edges, n4x);
+
+    memset(blocks, 0, sizeof(blocks));
+    for (i = 0; i < x4; i++) {
+#  ifdef BSWAP4
+        blocks[i].d[0] = BSWAP4(ctx->A[i]);
+        ctx->A[i] = key->tail.h[0];
+        blocks[i].d[1] = BSWAP4(ctx->B[i]);
+        ctx->B[i] = key->tail.h[1];
+        blocks[i].d[2] = BSWAP4(ctx->C[i]);
+        ctx->C[i] = key->tail.h[2];
+        blocks[i].d[3] = BSWAP4(ctx->D[i]);
+        ctx->D[i] = key->tail.h[3];
+        blocks[i].d[4] = BSWAP4(ctx->E[i]);
+        ctx->E[i] = key->tail.h[4];
+        blocks[i].d[5] = BSWAP4(ctx->F[i]);
+        ctx->F[i] = key->tail.h[5];
+        blocks[i].d[6] = BSWAP4(ctx->G[i]);
+        ctx->G[i] = key->tail.h[6];
+        blocks[i].d[7] = BSWAP4(ctx->H[i]);
+        ctx->H[i] = key->tail.h[7];
+        blocks[i].c[32] = 0x80;
+        blocks[i].d[15] = BSWAP4((64 + 32) * 8);
+#  else
+        PUTU32(blocks[i].c + 0, ctx->A[i]);
+        ctx->A[i] = key->tail.h[0];
+        PUTU32(blocks[i].c + 4, ctx->B[i]);
+        ctx->B[i] = key->tail.h[1];
+        PUTU32(blocks[i].c + 8, ctx->C[i]);
+        ctx->C[i] = key->tail.h[2];
+        PUTU32(blocks[i].c + 12, ctx->D[i]);
+        ctx->D[i] = key->tail.h[3];
+        PUTU32(blocks[i].c + 16, ctx->E[i]);
+        ctx->E[i] = key->tail.h[4];
+        PUTU32(blocks[i].c + 20, ctx->F[i]);
+        ctx->F[i] = key->tail.h[5];
+        PUTU32(blocks[i].c + 24, ctx->G[i]);
+        ctx->G[i] = key->tail.h[6];
+        PUTU32(blocks[i].c + 28, ctx->H[i]);
+        ctx->H[i] = key->tail.h[7];
+        blocks[i].c[32] = 0x80;
+        PUTU32(blocks[i].c + 60, (64 + 32) * 8);
+#  endif
+        edges[i].ptr = blocks[i].c;
+        edges[i].blocks = 1;
+    }
+
+    /* finalize MACs */
+    sha256_multi_block(ctx, edges, n4x);
+
+    for (i = 0; i < x4; i++) {
+        unsigned int len = (i == (x4 - 1) ? last : frag), pad, j;
+        unsigned char *out0 = out;
+
+        memcpy(ciph_d[i].out, ciph_d[i].inp, len - processed);
+        ciph_d[i].inp = ciph_d[i].out;
+
+        out += 5 + 16 + len;
+
+        /* write MAC */
+        PUTU32(out + 0, ctx->A[i]);
+        PUTU32(out + 4, ctx->B[i]);
+        PUTU32(out + 8, ctx->C[i]);
+        PUTU32(out + 12, ctx->D[i]);
+        PUTU32(out + 16, ctx->E[i]);
+        PUTU32(out + 20, ctx->F[i]);
+        PUTU32(out + 24, ctx->G[i]);
+        PUTU32(out + 28, ctx->H[i]);
+        out += 32;
+        len += 32;
+
+        /* pad */
+        pad = 15 - len % 16;
+        for (j = 0; j <= pad; j++)
+            *(out++) = pad;
+        len += pad + 1;
+
+        ciph_d[i].blocks = (len - processed) / 16;
+        len += 16;              /* account for explicit iv */
+
+        /* arrange header */
+        out0[0] = ((u8 *)key->md.data)[8];
+        out0[1] = ((u8 *)key->md.data)[9];
+        out0[2] = ((u8 *)key->md.data)[10];
+        out0[3] = (u8)(len >> 8);
+        out0[4] = (u8)(len);
+
+        ret += len + 5;
+        inp += frag;
+    }
+
+    aesni_multi_cbc_encrypt(ciph_d, &key->ks, n4x);
+
+    OPENSSL_cleanse(blocks, sizeof(blocks));
+    OPENSSL_cleanse(ctx, sizeof(*ctx));
+
+    return ret;
+}
+# endif
+
+static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
+                                        unsigned char *out,
+                                        const unsigned char *in, size_t len)
+{
+    EVP_AES_HMAC_SHA256 *key = data(ctx);
+    unsigned int l;
+    size_t plen = key->payload_length, iv = 0, /* explicit IV in TLS 1.1 and
+                                                * later */
+        sha_off = 0;
+# if defined(STITCHED_CALL)
+    size_t aes_off = 0, blocks;
+
+    sha_off = SHA256_CBLOCK - key->md.num;
+# endif
+
+    key->payload_length = NO_PAYLOAD_LENGTH;
+
+    if (len % AES_BLOCK_SIZE)
+        return 0;
+
+    if (EVP_CIPHER_CTX_encrypting(ctx)) {
+        if (plen == NO_PAYLOAD_LENGTH)
+            plen = len;
+        else if (len !=
+                 ((plen + SHA256_DIGEST_LENGTH +
+                   AES_BLOCK_SIZE) & -AES_BLOCK_SIZE))
+            return 0;
+        else if (key->aux.tls_ver >= TLS1_1_VERSION)
+            iv = AES_BLOCK_SIZE;
+
+# if defined(STITCHED_CALL)
+        /*
+         * Assembly stitch handles AVX-capable processors, but its
+         * performance is not optimal on AMD Jaguar, ~40% worse, for
+         * unknown reasons. Incidentally processor in question supports
+         * AVX, but not AMD-specific XOP extension, which can be used
+         * to identify it and avoid stitch invocation. So that after we
+         * establish that current CPU supports AVX, we even see if it's
+         * either even XOP-capable Bulldozer-based or GenuineIntel one.
+         * But SHAEXT-capable go ahead...
+         */
+        if (((OPENSSL_ia32cap_P[2] & (1 << 29)) ||         /* SHAEXT? */
+             ((OPENSSL_ia32cap_P[1] & (1 << (60 - 32))) && /* AVX? */
+              ((OPENSSL_ia32cap_P[1] & (1 << (43 - 32)))   /* XOP? */
+               | (OPENSSL_ia32cap_P[0] & (1 << 30))))) &&  /* "Intel CPU"? */
+            plen > (sha_off + iv) &&
+            (blocks = (plen - (sha_off + iv)) / SHA256_CBLOCK)) {
+            SHA256_Update(&key->md, in + iv, sha_off);
+
+            (void)aesni_cbc_sha256_enc(in, out, blocks, &key->ks,
+                                       EVP_CIPHER_CTX_iv_noconst(ctx),
+                                       &key->md, in + iv + sha_off);
+            blocks *= SHA256_CBLOCK;
+            aes_off += blocks;
+            sha_off += blocks;
+            key->md.Nh += blocks >> 29;
+            key->md.Nl += blocks <<= 3;
+            if (key->md.Nl < (unsigned int)blocks)
+                key->md.Nh++;
+        } else {
+            sha_off = 0;
+        }
+# endif
+        sha_off += iv;
+        SHA256_Update(&key->md, in + sha_off, plen - sha_off);
+
+        if (plen != len) {      /* "TLS" mode of operation */
+            if (in != out)
+                memcpy(out + aes_off, in + aes_off, plen - aes_off);
+
+            /* calculate HMAC and append it to payload */
+            SHA256_Final(out + plen, &key->md);
+            key->md = key->tail;
+            SHA256_Update(&key->md, out + plen, SHA256_DIGEST_LENGTH);
+            SHA256_Final(out + plen, &key->md);
+
+            /* pad the payload|hmac */
+            plen += SHA256_DIGEST_LENGTH;
+            for (l = len - plen - 1; plen < len; plen++)
+                out[plen] = l;
+            /* encrypt HMAC|padding at once */
+            aesni_cbc_encrypt(out + aes_off, out + aes_off, len - aes_off,
+                              &key->ks, EVP_CIPHER_CTX_iv_noconst(ctx), 1);
+        } else {
+            aesni_cbc_encrypt(in + aes_off, out + aes_off, len - aes_off,
+                              &key->ks, EVP_CIPHER_CTX_iv_noconst(ctx), 1);
+        }
+    } else {
+        union {
+            unsigned int u[SHA256_DIGEST_LENGTH / sizeof(unsigned int)];
+            unsigned char c[64 + SHA256_DIGEST_LENGTH];
+        } mac, *pmac;
+
+        /* arrange cache line alignment */
+        pmac = (void *)(((size_t)mac.c + 63) & ((size_t)0 - 64));
+
+        /* decrypt HMAC|padding at once */
+        aesni_cbc_encrypt(in, out, len, &key->ks,
+                          EVP_CIPHER_CTX_iv_noconst(ctx), 0);
+
+        if (plen != NO_PAYLOAD_LENGTH) { /* "TLS" mode of operation */
+            size_t inp_len, mask, j, i;
+            unsigned int res, maxpad, pad, bitlen;
+            int ret = 1;
+            union {
+                unsigned int u[SHA_LBLOCK];
+                unsigned char c[SHA256_CBLOCK];
+            } *data = (void *)key->md.data;
+
+            if ((key->aux.tls_aad[plen - 4] << 8 | key->aux.tls_aad[plen - 3])
+                >= TLS1_1_VERSION)
+                iv = AES_BLOCK_SIZE;
+
+            if (len < (iv + SHA256_DIGEST_LENGTH + 1))
+                return 0;
+
+            /* omit explicit iv */
+            out += iv;
+            len -= iv;
+
+            /* figure out payload length */
+            pad = out[len - 1];
+            maxpad = len - (SHA256_DIGEST_LENGTH + 1);
+            maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8);
+            maxpad &= 255;
+
+            mask = constant_time_ge(maxpad, pad);
+            ret &= mask;
+            /*
+             * If pad is invalid then we will fail the above test but we must
+             * continue anyway because we are in constant time code. However,
+             * we'll use the maxpad value instead of the supplied pad to make
+             * sure we perform well defined pointer arithmetic.
+             */
+            pad = constant_time_select(mask, pad, maxpad);
+
+            inp_len = len - (SHA256_DIGEST_LENGTH + pad + 1);
+
+            key->aux.tls_aad[plen - 2] = inp_len >> 8;
+            key->aux.tls_aad[plen - 1] = inp_len;
+
+            /* calculate HMAC */
+            key->md = key->head;
+            SHA256_Update(&key->md, key->aux.tls_aad, plen);
+
+# if 1      /* see original reference version in #else */
+            len -= SHA256_DIGEST_LENGTH; /* amend mac */
+            if (len >= (256 + SHA256_CBLOCK)) {
+                j = (len - (256 + SHA256_CBLOCK)) & (0 - SHA256_CBLOCK);
+                j += SHA256_CBLOCK - key->md.num;
+                SHA256_Update(&key->md, out, j);
+                out += j;
+                len -= j;
+                inp_len -= j;
+            }
+
+            /* but pretend as if we hashed padded payload */
+            bitlen = key->md.Nl + (inp_len << 3); /* at most 18 bits */
+#  ifdef BSWAP4
+            bitlen = BSWAP4(bitlen);
+#  else
+            mac.c[0] = 0;
+            mac.c[1] = (unsigned char)(bitlen >> 16);
+            mac.c[2] = (unsigned char)(bitlen >> 8);
+            mac.c[3] = (unsigned char)bitlen;
+            bitlen = mac.u[0];
+#  endif
+
+            pmac->u[0] = 0;
+            pmac->u[1] = 0;
+            pmac->u[2] = 0;
+            pmac->u[3] = 0;
+            pmac->u[4] = 0;
+            pmac->u[5] = 0;
+            pmac->u[6] = 0;
+            pmac->u[7] = 0;
+
+            for (res = key->md.num, j = 0; j < len; j++) {
+                size_t c = out[j];
+                mask = (j - inp_len) >> (sizeof(j) * 8 - 8);
+                c &= mask;
+                c |= 0x80 & ~mask & ~((inp_len - j) >> (sizeof(j) * 8 - 8));
+                data->c[res++] = (unsigned char)c;
+
+                if (res != SHA256_CBLOCK)
+                    continue;
+
+                /* j is not incremented yet */
+                mask = 0 - ((inp_len + 7 - j) >> (sizeof(j) * 8 - 1));
+                data->u[SHA_LBLOCK - 1] |= bitlen & mask;
+                sha256_block_data_order(&key->md, data, 1);
+                mask &= 0 - ((j - inp_len - 72) >> (sizeof(j) * 8 - 1));
+                pmac->u[0] |= key->md.h[0] & mask;
+                pmac->u[1] |= key->md.h[1] & mask;
+                pmac->u[2] |= key->md.h[2] & mask;
+                pmac->u[3] |= key->md.h[3] & mask;
+                pmac->u[4] |= key->md.h[4] & mask;
+                pmac->u[5] |= key->md.h[5] & mask;
+                pmac->u[6] |= key->md.h[6] & mask;
+                pmac->u[7] |= key->md.h[7] & mask;
+                res = 0;
+            }
+
+            for (i = res; i < SHA256_CBLOCK; i++, j++)
+                data->c[i] = 0;
+
+            if (res > SHA256_CBLOCK - 8) {
+                mask = 0 - ((inp_len + 8 - j) >> (sizeof(j) * 8 - 1));
+                data->u[SHA_LBLOCK - 1] |= bitlen & mask;
+                sha256_block_data_order(&key->md, data, 1);
+                mask &= 0 - ((j - inp_len - 73) >> (sizeof(j) * 8 - 1));
+                pmac->u[0] |= key->md.h[0] & mask;
+                pmac->u[1] |= key->md.h[1] & mask;
+                pmac->u[2] |= key->md.h[2] & mask;
+                pmac->u[3] |= key->md.h[3] & mask;
+                pmac->u[4] |= key->md.h[4] & mask;
+                pmac->u[5] |= key->md.h[5] & mask;
+                pmac->u[6] |= key->md.h[6] & mask;
+                pmac->u[7] |= key->md.h[7] & mask;
+
+                memset(data, 0, SHA256_CBLOCK);
+                j += 64;
+            }
+            data->u[SHA_LBLOCK - 1] = bitlen;
+            sha256_block_data_order(&key->md, data, 1);
+            mask = 0 - ((j - inp_len - 73) >> (sizeof(j) * 8 - 1));
+            pmac->u[0] |= key->md.h[0] & mask;
+            pmac->u[1] |= key->md.h[1] & mask;
+            pmac->u[2] |= key->md.h[2] & mask;
+            pmac->u[3] |= key->md.h[3] & mask;
+            pmac->u[4] |= key->md.h[4] & mask;
+            pmac->u[5] |= key->md.h[5] & mask;
+            pmac->u[6] |= key->md.h[6] & mask;
+            pmac->u[7] |= key->md.h[7] & mask;
+
+#  ifdef BSWAP4
+            pmac->u[0] = BSWAP4(pmac->u[0]);
+            pmac->u[1] = BSWAP4(pmac->u[1]);
+            pmac->u[2] = BSWAP4(pmac->u[2]);
+            pmac->u[3] = BSWAP4(pmac->u[3]);
+            pmac->u[4] = BSWAP4(pmac->u[4]);
+            pmac->u[5] = BSWAP4(pmac->u[5]);
+            pmac->u[6] = BSWAP4(pmac->u[6]);
+            pmac->u[7] = BSWAP4(pmac->u[7]);
+#  else
+            for (i = 0; i < 8; i++) {
+                res = pmac->u[i];
+                pmac->c[4 * i + 0] = (unsigned char)(res >> 24);
+                pmac->c[4 * i + 1] = (unsigned char)(res >> 16);
+                pmac->c[4 * i + 2] = (unsigned char)(res >> 8);
+                pmac->c[4 * i + 3] = (unsigned char)res;
+            }
+#  endif
+            len += SHA256_DIGEST_LENGTH;
+# else
+            SHA256_Update(&key->md, out, inp_len);
+            res = key->md.num;
+            SHA256_Final(pmac->c, &key->md);
+
+            {
+                unsigned int inp_blocks, pad_blocks;
+
+                /* but pretend as if we hashed padded payload */
+                inp_blocks =
+                    1 + ((SHA256_CBLOCK - 9 - res) >> (sizeof(res) * 8 - 1));
+                res += (unsigned int)(len - inp_len);
+                pad_blocks = res / SHA256_CBLOCK;
+                res %= SHA256_CBLOCK;
+                pad_blocks +=
+                    1 + ((SHA256_CBLOCK - 9 - res) >> (sizeof(res) * 8 - 1));
+                for (; inp_blocks < pad_blocks; inp_blocks++)
+                    sha1_block_data_order(&key->md, data, 1);
+            }
+# endif      /* pre-lucky-13 reference version of above */
+            key->md = key->tail;
+            SHA256_Update(&key->md, pmac->c, SHA256_DIGEST_LENGTH);
+            SHA256_Final(pmac->c, &key->md);
+
+            /* verify HMAC */
+            out += inp_len;
+            len -= inp_len;
+# if 1      /* see original reference version in #else */
+            {
+                unsigned char *p =
+                    out + len - 1 - maxpad - SHA256_DIGEST_LENGTH;
+                size_t off = out - p;
+                unsigned int c, cmask;
+
+                maxpad += SHA256_DIGEST_LENGTH;
+                for (res = 0, i = 0, j = 0; j < maxpad; j++) {
+                    c = p[j];
+                    cmask =
+                        ((int)(j - off - SHA256_DIGEST_LENGTH)) >>
+                        (sizeof(int) * 8 - 1);
+                    res |= (c ^ pad) & ~cmask; /* ... and padding */
+                    cmask &= ((int)(off - 1 - j)) >> (sizeof(int) * 8 - 1);
+                    res |= (c ^ pmac->c[i]) & cmask;
+                    i += 1 & cmask;
+                }
+                maxpad -= SHA256_DIGEST_LENGTH;
+
+                res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1));
+                ret &= (int)~res;
+            }
+# else      /* pre-lucky-13 reference version of above */
+            for (res = 0, i = 0; i < SHA256_DIGEST_LENGTH; i++)
+                res |= out[i] ^ pmac->c[i];
+            res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1));
+            ret &= (int)~res;
+
+            /* verify padding */
+            pad = (pad & ~res) | (maxpad & res);
+            out = out + len - 1 - pad;
+            for (res = 0, i = 0; i < pad; i++)
+                res |= out[i] ^ pad;
+
+            res = (0 - res) >> (sizeof(res) * 8 - 1);
+            ret &= (int)~res;
+# endif
+            return ret;
+        } else {
+            SHA256_Update(&key->md, out, len);
+        }
+    }
+
+    return 1;
+}
+
+static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+                                      void *ptr)
+{
+    EVP_AES_HMAC_SHA256 *key = data(ctx);
+    unsigned int u_arg = (unsigned int)arg;
+
+    switch (type) {
+    case EVP_CTRL_AEAD_SET_MAC_KEY:
+        {
+            unsigned int i;
+            unsigned char hmac_key[64];
+
+            memset(hmac_key, 0, sizeof(hmac_key));
+
+            if (arg < 0)
+                return -1;
+
+            if (u_arg > sizeof(hmac_key)) {
+                SHA256_Init(&key->head);
+                SHA256_Update(&key->head, ptr, arg);
+                SHA256_Final(hmac_key, &key->head);
+            } else {
+                memcpy(hmac_key, ptr, arg);
+            }
+
+            for (i = 0; i < sizeof(hmac_key); i++)
+                hmac_key[i] ^= 0x36; /* ipad */
+            SHA256_Init(&key->head);
+            SHA256_Update(&key->head, hmac_key, sizeof(hmac_key));
+
+            for (i = 0; i < sizeof(hmac_key); i++)
+                hmac_key[i] ^= 0x36 ^ 0x5c; /* opad */
+            SHA256_Init(&key->tail);
+            SHA256_Update(&key->tail, hmac_key, sizeof(hmac_key));
+
+            OPENSSL_cleanse(hmac_key, sizeof(hmac_key));
+
+            return 1;
+        }
+    case EVP_CTRL_AEAD_TLS1_AAD:
+        {
+            unsigned char *p = ptr;
+            unsigned int len;
+
+            if (arg != EVP_AEAD_TLS1_AAD_LEN)
+                return -1;
+
+            len = p[arg - 2] << 8 | p[arg - 1];
+
+            if (EVP_CIPHER_CTX_encrypting(ctx)) {
+                key->payload_length = len;
+                if ((key->aux.tls_ver =
+                     p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) {
+                    if (len < AES_BLOCK_SIZE)
+                        return 0;
+                    len -= AES_BLOCK_SIZE;
+                    p[arg - 2] = len >> 8;
+                    p[arg - 1] = len;
+                }
+                key->md = key->head;
+                SHA256_Update(&key->md, p, arg);
+
+                return (int)(((len + SHA256_DIGEST_LENGTH +
+                               AES_BLOCK_SIZE) & -AES_BLOCK_SIZE)
+                             - len);
+            } else {
+                memcpy(key->aux.tls_aad, ptr, arg);
+                key->payload_length = arg;
+
+                return SHA256_DIGEST_LENGTH;
+            }
+        }
+# if !defined(OPENSSL_NO_MULTIBLOCK)
+    case EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE:
+        return (int)(5 + 16 + ((arg + 32 + 16) & -16));
+    case EVP_CTRL_TLS1_1_MULTIBLOCK_AAD:
+        {
+            EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *param =
+                (EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *) ptr;
+            unsigned int n4x = 1, x4;
+            unsigned int frag, last, packlen, inp_len;
+
+            if (arg < 0)
+                return -1;
+
+            if (u_arg < sizeof(EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM))
+                return -1;
+
+            inp_len = param->inp[11] << 8 | param->inp[12];
+
+            if (EVP_CIPHER_CTX_encrypting(ctx)) {
+                if ((param->inp[9] << 8 | param->inp[10]) < TLS1_1_VERSION)
+                    return -1;
+
+                if (inp_len) {
+                    if (inp_len < 4096)
+                        return 0; /* too short */
+
+                    if (inp_len >= 8192 && OPENSSL_ia32cap_P[2] & (1 << 5))
+                        n4x = 2; /* AVX2 */
+                } else if ((n4x = param->interleave / 4) && n4x <= 2)
+                    inp_len = param->len;
+                else
+                    return -1;
+
+                key->md = key->head;
+                SHA256_Update(&key->md, param->inp, 13);
+
+                x4 = 4 * n4x;
+                n4x += 1;
+
+                frag = inp_len >> n4x;
+                last = inp_len + frag - (frag << n4x);
+                if (last > frag && ((last + 13 + 9) % 64 < (x4 - 1))) {
+                    frag++;
+                    last -= x4 - 1;
+                }
+
+                packlen = 5 + 16 + ((frag + 32 + 16) & -16);
+                packlen = (packlen << n4x) - packlen;
+                packlen += 5 + 16 + ((last + 32 + 16) & -16);
+
+                param->interleave = x4;
+
+                return (int)packlen;
+            } else
+                return -1;      /* not yet */
+        }
+    case EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT:
+        {
+            EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *param =
+                (EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *) ptr;
+
+            return (int)tls1_1_multi_block_encrypt(key, param->out,
+                                                   param->inp, param->len,
+                                                   param->interleave / 4);
+        }
+    case EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT:
+# endif
+    default:
+        return -1;
+    }
+}
+
+static EVP_CIPHER aesni_128_cbc_hmac_sha256_cipher = {
+# ifdef NID_aes_128_cbc_hmac_sha256
+    NID_aes_128_cbc_hmac_sha256,
+# else
+    NID_undef,
+# endif
+    AES_BLOCK_SIZE, 16, AES_BLOCK_SIZE,
+    EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 |
+        EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK,
+    aesni_cbc_hmac_sha256_init_key,
+    aesni_cbc_hmac_sha256_cipher,
+    NULL,
+    sizeof(EVP_AES_HMAC_SHA256),
+    EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_set_asn1_iv,
+    EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_get_asn1_iv,
+    aesni_cbc_hmac_sha256_ctrl,
+    NULL
+};
+
+static EVP_CIPHER aesni_256_cbc_hmac_sha256_cipher = {
+# ifdef NID_aes_256_cbc_hmac_sha256
+    NID_aes_256_cbc_hmac_sha256,
+# else
+    NID_undef,
+# endif
+    AES_BLOCK_SIZE, 32, AES_BLOCK_SIZE,
+    EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 |
+        EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK,
+    aesni_cbc_hmac_sha256_init_key,
+    aesni_cbc_hmac_sha256_cipher,
+    NULL,
+    sizeof(EVP_AES_HMAC_SHA256),
+    EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_set_asn1_iv,
+    EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_get_asn1_iv,
+    aesni_cbc_hmac_sha256_ctrl,
+    NULL
+};
+
+const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha256(void)
+{
+    return ((OPENSSL_ia32cap_P[1] & AESNI_CAPABLE) &&
+            aesni_cbc_sha256_enc(NULL, NULL, 0, NULL, NULL, NULL, NULL) ?
+            &aesni_128_cbc_hmac_sha256_cipher : NULL);
+}
+
+const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void)
+{
+    return ((OPENSSL_ia32cap_P[1] & AESNI_CAPABLE) &&
+            aesni_cbc_sha256_enc(NULL, NULL, 0, NULL, NULL, NULL, NULL) ?
+            &aesni_256_cbc_hmac_sha256_cipher : NULL);
+}
+#else
+const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha256(void)
+{
+    return NULL;
+}
+
+const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void)
+{
+    return NULL;
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_aria.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_aria.c
new file mode 100644
index 000000000..81c8a7eaf
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_aria.c
@@ -0,0 +1,756 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2017, Oracle and/or its affiliates.  All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#ifndef OPENSSL_NO_ARIA
+# include <openssl/evp.h>
+# include <openssl/modes.h>
+# include <openssl/rand.h>
+# include <openssl/rand_drbg.h>
+# include "internal/aria.h"
+# include "internal/evp_int.h"
+# include "modes_lcl.h"
+# include "evp_locl.h"
+
+/* ARIA subkey Structure */
+typedef struct {
+    ARIA_KEY ks;
+} EVP_ARIA_KEY;
+
+/* ARIA GCM context */
+typedef struct {
+    union {
+        double align;
+        ARIA_KEY ks;
+    } ks;                       /* ARIA subkey to use */
+    int key_set;                /* Set if key initialised */
+    int iv_set;                 /* Set if an iv is set */
+    GCM128_CONTEXT gcm;
+    unsigned char *iv;          /* Temporary IV store */
+    int ivlen;                  /* IV length */
+    int taglen;
+    int iv_gen;                 /* It is OK to generate IVs */
+    int tls_aad_len;            /* TLS AAD length */
+} EVP_ARIA_GCM_CTX;
+
+/* ARIA CCM context */
+typedef struct {
+    union {
+        double align;
+        ARIA_KEY ks;
+    } ks;                       /* ARIA key schedule to use */
+    int key_set;                /* Set if key initialised */
+    int iv_set;                 /* Set if an iv is set */
+    int tag_set;                /* Set if tag is valid */
+    int len_set;                /* Set if message length set */
+    int L, M;                   /* L and M parameters from RFC3610 */
+    int tls_aad_len;            /* TLS AAD length */
+    CCM128_CONTEXT ccm;
+    ccm128_f str;
+} EVP_ARIA_CCM_CTX;
+
+/* The subkey for ARIA is generated. */
+static int aria_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                            const unsigned char *iv, int enc)
+{
+    int ret;
+    int mode = EVP_CIPHER_CTX_mode(ctx);
+
+    if (enc || (mode != EVP_CIPH_ECB_MODE && mode != EVP_CIPH_CBC_MODE))
+        ret = aria_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                        EVP_CIPHER_CTX_get_cipher_data(ctx));
+    else
+        ret = aria_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                        EVP_CIPHER_CTX_get_cipher_data(ctx));
+    if (ret < 0) {
+        EVPerr(EVP_F_ARIA_INIT_KEY,EVP_R_ARIA_KEY_SETUP_FAILED);
+        return 0;
+    }
+    return 1;
+}
+
+static void aria_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t len, const ARIA_KEY *key,
+                             unsigned char *ivec, const int enc)
+{
+
+    if (enc)
+        CRYPTO_cbc128_encrypt(in, out, len, key, ivec,
+                              (block128_f) aria_encrypt);
+    else
+        CRYPTO_cbc128_decrypt(in, out, len, key, ivec,
+                              (block128_f) aria_encrypt);
+}
+
+static void aria_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+                                size_t length, const ARIA_KEY *key,
+                                unsigned char *ivec, int *num, const int enc)
+{
+
+    CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc,
+                          (block128_f) aria_encrypt);
+}
+
+static void aria_cfb1_encrypt(const unsigned char *in, unsigned char *out,
+                              size_t length, const ARIA_KEY *key,
+                              unsigned char *ivec, int *num, const int enc)
+{
+    CRYPTO_cfb128_1_encrypt(in, out, length, key, ivec, num, enc,
+                            (block128_f) aria_encrypt);
+}
+
+static void aria_cfb8_encrypt(const unsigned char *in, unsigned char *out,
+                              size_t length, const ARIA_KEY *key,
+                              unsigned char *ivec, int *num, const int enc)
+{
+    CRYPTO_cfb128_8_encrypt(in, out, length, key, ivec, num, enc,
+                            (block128_f) aria_encrypt);
+}
+
+static void aria_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                             const ARIA_KEY *key, const int enc)
+{
+    aria_encrypt(in, out, key);
+}
+
+static void aria_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t length, const ARIA_KEY *key,
+                             unsigned char *ivec, int *num)
+{
+    CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num,
+                         (block128_f) aria_encrypt);
+}
+
+IMPLEMENT_BLOCK_CIPHER(aria_128, ks, aria, EVP_ARIA_KEY,
+                        NID_aria_128, 16, 16, 16, 128,
+                        0, aria_init_key, NULL,
+                        EVP_CIPHER_set_asn1_iv,
+                        EVP_CIPHER_get_asn1_iv,
+                        NULL)
+IMPLEMENT_BLOCK_CIPHER(aria_192, ks, aria, EVP_ARIA_KEY,
+                        NID_aria_192, 16, 24, 16, 128,
+                        0, aria_init_key, NULL,
+                        EVP_CIPHER_set_asn1_iv,
+                        EVP_CIPHER_get_asn1_iv,
+                        NULL)
+IMPLEMENT_BLOCK_CIPHER(aria_256, ks, aria, EVP_ARIA_KEY,
+                        NID_aria_256, 16, 32, 16, 128,
+                        0, aria_init_key, NULL,
+                        EVP_CIPHER_set_asn1_iv,
+                        EVP_CIPHER_get_asn1_iv,
+                        NULL)
+
+# define IMPLEMENT_ARIA_CFBR(ksize,cbits) \
+                IMPLEMENT_CFBR(aria,aria,EVP_ARIA_KEY,ks,ksize,cbits,16,0)
+IMPLEMENT_ARIA_CFBR(128,1)
+IMPLEMENT_ARIA_CFBR(192,1)
+IMPLEMENT_ARIA_CFBR(256,1)
+IMPLEMENT_ARIA_CFBR(128,8)
+IMPLEMENT_ARIA_CFBR(192,8)
+IMPLEMENT_ARIA_CFBR(256,8)
+
+# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
+static const EVP_CIPHER aria_##keylen##_##mode = { \
+        nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
+        flags|EVP_CIPH_##MODE##_MODE,   \
+        aria_init_key,                  \
+        aria_##mode##_cipher,           \
+        NULL,                           \
+        sizeof(EVP_ARIA_KEY),           \
+        NULL,NULL,NULL,NULL };          \
+const EVP_CIPHER *EVP_aria_##keylen##_##mode(void) \
+{ return &aria_##keylen##_##mode; }
+
+static int aria_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                               const unsigned char *in, size_t len)
+{
+    unsigned int num = EVP_CIPHER_CTX_num(ctx);
+    EVP_ARIA_KEY *dat = EVP_C_DATA(EVP_ARIA_KEY,ctx);
+
+    CRYPTO_ctr128_encrypt(in, out, len, &dat->ks,
+                          EVP_CIPHER_CTX_iv_noconst(ctx),
+                          EVP_CIPHER_CTX_buf_noconst(ctx), &num,
+                          (block128_f) aria_encrypt);
+    EVP_CIPHER_CTX_set_num(ctx, num);
+    return 1;
+}
+
+BLOCK_CIPHER_generic(NID_aria, 128, 1, 16, ctr, ctr, CTR, 0)
+BLOCK_CIPHER_generic(NID_aria, 192, 1, 16, ctr, ctr, CTR, 0)
+BLOCK_CIPHER_generic(NID_aria, 256, 1, 16, ctr, ctr, CTR, 0)
+
+/* Authenticated cipher modes (GCM/CCM) */
+
+/* increment counter (64-bit int) by 1 */
+static void ctr64_inc(unsigned char *counter)
+{
+    int n = 8;
+    unsigned char c;
+
+    do {
+        --n;
+        c = counter[n];
+        ++c;
+        counter[n] = c;
+        if (c)
+            return;
+    } while (n);
+}
+
+static int aria_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                                 const unsigned char *iv, int enc)
+{
+    int ret;
+    EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX,ctx);
+
+    if (!iv && !key)
+        return 1;
+    if (key) {
+        ret = aria_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                   &gctx->ks.ks);
+        CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
+                           (block128_f) aria_encrypt);
+        if (ret < 0) {
+            EVPerr(EVP_F_ARIA_GCM_INIT_KEY,EVP_R_ARIA_KEY_SETUP_FAILED);
+            return 0;
+        }
+
+        /*
+         * If we have an iv can set it directly, otherwise use saved IV.
+         */
+        if (iv == NULL && gctx->iv_set)
+            iv = gctx->iv;
+        if (iv) {
+            CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
+            gctx->iv_set = 1;
+        }
+        gctx->key_set = 1;
+    } else {
+        /* If key set use IV, otherwise copy */
+        if (gctx->key_set)
+            CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
+        else
+            memcpy(gctx->iv, iv, gctx->ivlen);
+        gctx->iv_set = 1;
+        gctx->iv_gen = 0;
+    }
+    return 1;
+}
+
+static int aria_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+{
+    EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX,c);
+
+    switch (type) {
+    case EVP_CTRL_INIT:
+        gctx->key_set = 0;
+        gctx->iv_set = 0;
+        gctx->ivlen = EVP_CIPHER_CTX_iv_length(c);
+        gctx->iv = EVP_CIPHER_CTX_iv_noconst(c);
+        gctx->taglen = -1;
+        gctx->iv_gen = 0;
+        gctx->tls_aad_len = -1;
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_IVLEN:
+        if (arg <= 0)
+            return 0;
+        /* Allocate memory for IV if needed */
+        if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) {
+            if (gctx->iv != EVP_CIPHER_CTX_iv_noconst(c))
+                OPENSSL_free(gctx->iv);
+            if ((gctx->iv = OPENSSL_malloc(arg)) == NULL) {
+                EVPerr(EVP_F_ARIA_GCM_CTRL, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+        }
+        gctx->ivlen = arg;
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_TAG:
+        if (arg <= 0 || arg > 16 || EVP_CIPHER_CTX_encrypting(c))
+            return 0;
+        memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg);
+        gctx->taglen = arg;
+        return 1;
+
+    case EVP_CTRL_AEAD_GET_TAG:
+        if (arg <= 0 || arg > 16 || !EVP_CIPHER_CTX_encrypting(c)
+            || gctx->taglen < 0)
+            return 0;
+        memcpy(ptr, EVP_CIPHER_CTX_buf_noconst(c), arg);
+        return 1;
+
+    case EVP_CTRL_GCM_SET_IV_FIXED:
+        /* Special case: -1 length restores whole IV */
+        if (arg == -1) {
+            memcpy(gctx->iv, ptr, gctx->ivlen);
+            gctx->iv_gen = 1;
+            return 1;
+        }
+        /*
+         * Fixed field must be at least 4 bytes and invocation field at least
+         * 8.
+         */
+        if ((arg < 4) || (gctx->ivlen - arg) < 8)
+            return 0;
+        if (arg)
+            memcpy(gctx->iv, ptr, arg);
+        if (EVP_CIPHER_CTX_encrypting(c)
+            && RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0)
+            return 0;
+        gctx->iv_gen = 1;
+        return 1;
+
+    case EVP_CTRL_GCM_IV_GEN:
+        if (gctx->iv_gen == 0 || gctx->key_set == 0)
+            return 0;
+        CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen);
+        if (arg <= 0 || arg > gctx->ivlen)
+            arg = gctx->ivlen;
+        memcpy(ptr, gctx->iv + gctx->ivlen - arg, arg);
+        /*
+         * Invocation field will be at least 8 bytes in size and so no need
+         * to check wrap around or increment more than last 8 bytes.
+         */
+        ctr64_inc(gctx->iv + gctx->ivlen - 8);
+        gctx->iv_set = 1;
+        return 1;
+
+    case EVP_CTRL_GCM_SET_IV_INV:
+        if (gctx->iv_gen == 0 || gctx->key_set == 0
+            || EVP_CIPHER_CTX_encrypting(c))
+            return 0;
+        memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg);
+        CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen);
+        gctx->iv_set = 1;
+        return 1;
+
+    case EVP_CTRL_AEAD_TLS1_AAD:
+        /* Save the AAD for later use */
+        if (arg != EVP_AEAD_TLS1_AAD_LEN)
+            return 0;
+        memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg);
+        gctx->tls_aad_len = arg;
+        {
+            unsigned int len =
+                EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] << 8
+                | EVP_CIPHER_CTX_buf_noconst(c)[arg - 1];
+            /* Correct length for explicit IV */
+            if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN)
+                return 0;
+            len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
+            /* If decrypting correct for tag too */
+            if (!EVP_CIPHER_CTX_encrypting(c)) {
+                if (len < EVP_GCM_TLS_TAG_LEN)
+                    return 0;
+                len -= EVP_GCM_TLS_TAG_LEN;
+            }
+            EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] = len >> 8;
+            EVP_CIPHER_CTX_buf_noconst(c)[arg - 1] = len & 0xff;
+        }
+        /* Extra padding: tag appended to record */
+        return EVP_GCM_TLS_TAG_LEN;
+
+    case EVP_CTRL_COPY:
+        {
+            EVP_CIPHER_CTX *out = ptr;
+            EVP_ARIA_GCM_CTX *gctx_out = EVP_C_DATA(EVP_ARIA_GCM_CTX,out);
+            if (gctx->gcm.key) {
+                if (gctx->gcm.key != &gctx->ks)
+                    return 0;
+                gctx_out->gcm.key = &gctx_out->ks;
+            }
+            if (gctx->iv == EVP_CIPHER_CTX_iv_noconst(c))
+                gctx_out->iv = EVP_CIPHER_CTX_iv_noconst(out);
+            else {
+                if ((gctx_out->iv = OPENSSL_malloc(gctx->ivlen)) == NULL) {
+                    EVPerr(EVP_F_ARIA_GCM_CTRL, ERR_R_MALLOC_FAILURE);
+                    return 0;
+                }
+                memcpy(gctx_out->iv, gctx->iv, gctx->ivlen);
+            }
+            return 1;
+        }
+
+    default:
+        return -1;
+
+    }
+}
+
+static int aria_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, size_t len)
+{
+    EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX,ctx);
+    int rv = -1;
+
+    /* Encrypt/decrypt must be performed in place */
+    if (out != in
+        || len < (EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN))
+        return -1;
+    /*
+     * Set IV from start of buffer or generate IV and write to start of
+     * buffer.
+     */
+    if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CIPHER_CTX_encrypting(ctx) ?
+                            EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV,
+                            EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0)
+        goto err;
+    /* Use saved AAD */
+    if (CRYPTO_gcm128_aad(&gctx->gcm, EVP_CIPHER_CTX_buf_noconst(ctx),
+                          gctx->tls_aad_len))
+        goto err;
+    /* Fix buffer and length to point to payload */
+    in += EVP_GCM_TLS_EXPLICIT_IV_LEN;
+    out += EVP_GCM_TLS_EXPLICIT_IV_LEN;
+    len -= EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
+    if (EVP_CIPHER_CTX_encrypting(ctx)) {
+        /* Encrypt payload */
+        if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, len))
+            goto err;
+        out += len;
+        /* Finally write tag */
+        CRYPTO_gcm128_tag(&gctx->gcm, out, EVP_GCM_TLS_TAG_LEN);
+        rv = len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
+    } else {
+        /* Decrypt */
+        if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, len))
+            goto err;
+        /* Retrieve tag */
+        CRYPTO_gcm128_tag(&gctx->gcm, EVP_CIPHER_CTX_buf_noconst(ctx),
+                          EVP_GCM_TLS_TAG_LEN);
+        /* If tag mismatch wipe buffer */
+        if (CRYPTO_memcmp(EVP_CIPHER_CTX_buf_noconst(ctx), in + len,
+                          EVP_GCM_TLS_TAG_LEN)) {
+            OPENSSL_cleanse(out, len);
+            goto err;
+        }
+        rv = len;
+    }
+
+ err:
+    gctx->iv_set = 0;
+    gctx->tls_aad_len = -1;
+    return rv;
+}
+
+static int aria_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, size_t len)
+{
+    EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX,ctx);
+
+    /* If not set up, return error */
+    if (!gctx->key_set)
+        return -1;
+
+    if (gctx->tls_aad_len >= 0)
+        return aria_gcm_tls_cipher(ctx, out, in, len);
+
+    if (!gctx->iv_set)
+        return -1;
+    if (in) {
+        if (out == NULL) {
+            if (CRYPTO_gcm128_aad(&gctx->gcm, in, len))
+                return -1;
+        } else if (EVP_CIPHER_CTX_encrypting(ctx)) {
+            if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, len))
+                return -1;
+        } else {
+            if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, len))
+                return -1;
+        }
+        return len;
+    }
+    if (!EVP_CIPHER_CTX_encrypting(ctx)) {
+        if (gctx->taglen < 0)
+            return -1;
+        if (CRYPTO_gcm128_finish(&gctx->gcm,
+                                 EVP_CIPHER_CTX_buf_noconst(ctx),
+                                 gctx->taglen) != 0)
+            return -1;
+        gctx->iv_set = 0;
+        return 0;
+    }
+    CRYPTO_gcm128_tag(&gctx->gcm, EVP_CIPHER_CTX_buf_noconst(ctx), 16);
+    gctx->taglen = 16;
+    /* Don't reuse the IV */
+    gctx->iv_set = 0;
+    return 0;
+}
+
+static int aria_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                            const unsigned char *iv, int enc)
+{
+    int ret;
+    EVP_ARIA_CCM_CTX *cctx = EVP_C_DATA(EVP_ARIA_CCM_CTX,ctx);
+
+    if (!iv && !key)
+        return 1;
+
+    if (key) {
+        ret = aria_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                   &cctx->ks.ks);
+        CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
+                           &cctx->ks, (block128_f) aria_encrypt);
+        if (ret < 0) {
+            EVPerr(EVP_F_ARIA_CCM_INIT_KEY,EVP_R_ARIA_KEY_SETUP_FAILED);
+            return 0;
+        }
+        cctx->str = NULL;
+        cctx->key_set = 1;
+    }
+    if (iv) {
+        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 15 - cctx->L);
+        cctx->iv_set = 1;
+    }
+    return 1;
+}
+
+static int aria_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+{
+    EVP_ARIA_CCM_CTX *cctx = EVP_C_DATA(EVP_ARIA_CCM_CTX,c);
+
+    switch (type) {
+    case EVP_CTRL_INIT:
+        cctx->key_set = 0;
+        cctx->iv_set = 0;
+        cctx->L = 8;
+        cctx->M = 12;
+        cctx->tag_set = 0;
+        cctx->len_set = 0;
+        cctx->tls_aad_len = -1;
+        return 1;
+
+    case EVP_CTRL_AEAD_TLS1_AAD:
+        /* Save the AAD for later use */
+        if (arg != EVP_AEAD_TLS1_AAD_LEN)
+            return 0;
+        memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg);
+        cctx->tls_aad_len = arg;
+        {
+            uint16_t len =
+                EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] << 8
+                | EVP_CIPHER_CTX_buf_noconst(c)[arg - 1];
+            /* Correct length for explicit IV */
+            if (len < EVP_CCM_TLS_EXPLICIT_IV_LEN)
+                return 0;
+            len -= EVP_CCM_TLS_EXPLICIT_IV_LEN;
+            /* If decrypting correct for tag too */
+            if (!EVP_CIPHER_CTX_encrypting(c)) {
+                if (len < cctx->M)
+                    return 0;
+                len -= cctx->M;
+            }
+            EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] = len >> 8;
+            EVP_CIPHER_CTX_buf_noconst(c)[arg - 1] = len & 0xff;
+        }
+        /* Extra padding: tag appended to record */
+        return cctx->M;
+
+    case EVP_CTRL_CCM_SET_IV_FIXED:
+        /* Sanity check length */
+        if (arg != EVP_CCM_TLS_FIXED_IV_LEN)
+            return 0;
+        /* Just copy to first part of IV */
+        memcpy(EVP_CIPHER_CTX_iv_noconst(c), ptr, arg);
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_IVLEN:
+        arg = 15 - arg;
+        /* fall thru */
+    case EVP_CTRL_CCM_SET_L:
+        if (arg < 2 || arg > 8)
+            return 0;
+        cctx->L = arg;
+        return 1;
+    case EVP_CTRL_AEAD_SET_TAG:
+        if ((arg & 1) || arg < 4 || arg > 16)
+            return 0;
+        if (EVP_CIPHER_CTX_encrypting(c) && ptr)
+            return 0;
+        if (ptr) {
+            cctx->tag_set = 1;
+            memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg);
+        }
+        cctx->M = arg;
+        return 1;
+
+    case EVP_CTRL_AEAD_GET_TAG:
+        if (!EVP_CIPHER_CTX_encrypting(c) || !cctx->tag_set)
+            return 0;
+        if (!CRYPTO_ccm128_tag(&cctx->ccm, ptr, (size_t)arg))
+            return 0;
+        cctx->tag_set = 0;
+        cctx->iv_set = 0;
+        cctx->len_set = 0;
+        return 1;
+
+    case EVP_CTRL_COPY:
+        {
+            EVP_CIPHER_CTX *out = ptr;
+            EVP_ARIA_CCM_CTX *cctx_out = EVP_C_DATA(EVP_ARIA_CCM_CTX,out);
+            if (cctx->ccm.key) {
+                if (cctx->ccm.key != &cctx->ks)
+                    return 0;
+                cctx_out->ccm.key = &cctx_out->ks;
+            }
+            return 1;
+        }
+
+    default:
+        return -1;
+    }
+}
+
+static int aria_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, size_t len)
+{
+    EVP_ARIA_CCM_CTX *cctx = EVP_C_DATA(EVP_ARIA_CCM_CTX,ctx);
+    CCM128_CONTEXT *ccm = &cctx->ccm;
+
+    /* Encrypt/decrypt must be performed in place */
+    if (out != in || len < (EVP_CCM_TLS_EXPLICIT_IV_LEN + (size_t)cctx->M))
+        return -1;
+    /* If encrypting set explicit IV from sequence number (start of AAD) */
+    if (EVP_CIPHER_CTX_encrypting(ctx))
+        memcpy(out, EVP_CIPHER_CTX_buf_noconst(ctx),
+               EVP_CCM_TLS_EXPLICIT_IV_LEN);
+    /* Get rest of IV from explicit IV */
+    memcpy(EVP_CIPHER_CTX_iv_noconst(ctx) + EVP_CCM_TLS_FIXED_IV_LEN, in,
+           EVP_CCM_TLS_EXPLICIT_IV_LEN);
+    /* Correct length value */
+    len -= EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M;
+    if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx), 15 - cctx->L,
+                            len))
+            return -1;
+    /* Use saved AAD */
+    CRYPTO_ccm128_aad(ccm, EVP_CIPHER_CTX_buf_noconst(ctx), cctx->tls_aad_len);
+    /* Fix buffer to point to payload */
+    in += EVP_CCM_TLS_EXPLICIT_IV_LEN;
+    out += EVP_CCM_TLS_EXPLICIT_IV_LEN;
+    if (EVP_CIPHER_CTX_encrypting(ctx)) {
+        if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len, cctx->str)
+                      : CRYPTO_ccm128_encrypt(ccm, in, out, len))
+            return -1;
+        if (!CRYPTO_ccm128_tag(ccm, out + len, cctx->M))
+            return -1;
+        return len + EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M;
+    } else {
+        if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len, cctx->str)
+                      : !CRYPTO_ccm128_decrypt(ccm, in, out, len)) {
+            unsigned char tag[16];
+            if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) {
+                if (!CRYPTO_memcmp(tag, in + len, cctx->M))
+                    return len;
+            }
+        }
+        OPENSSL_cleanse(out, len);
+        return -1;
+    }
+}
+
+static int aria_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, size_t len)
+{
+    EVP_ARIA_CCM_CTX *cctx = EVP_C_DATA(EVP_ARIA_CCM_CTX,ctx);
+    CCM128_CONTEXT *ccm = &cctx->ccm;
+
+    /* If not set up, return error */
+    if (!cctx->key_set)
+        return -1;
+
+    if (cctx->tls_aad_len >= 0)
+        return aria_ccm_tls_cipher(ctx, out, in, len);
+
+    /* EVP_*Final() doesn't return any data */
+    if (in == NULL && out != NULL)
+        return 0;
+
+    if (!cctx->iv_set)
+        return -1;
+
+    if (!EVP_CIPHER_CTX_encrypting(ctx) && !cctx->tag_set)
+        return -1;
+    if (!out) {
+        if (!in) {
+            if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx),
+                                    15 - cctx->L, len))
+                return -1;
+            cctx->len_set = 1;
+            return len;
+        }
+        /* If have AAD need message length */
+        if (!cctx->len_set && len)
+            return -1;
+        CRYPTO_ccm128_aad(ccm, in, len);
+        return len;
+    }
+    /* If not set length yet do it */
+    if (!cctx->len_set) {
+        if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx),
+                                15 - cctx->L, len))
+            return -1;
+        cctx->len_set = 1;
+    }
+    if (EVP_CIPHER_CTX_encrypting(ctx)) {
+        if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len, cctx->str)
+                      : CRYPTO_ccm128_encrypt(ccm, in, out, len))
+            return -1;
+        cctx->tag_set = 1;
+        return len;
+    } else {
+        int rv = -1;
+        if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len,
+                                                     cctx->str) :
+            !CRYPTO_ccm128_decrypt(ccm, in, out, len)) {
+            unsigned char tag[16];
+            if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) {
+                if (!CRYPTO_memcmp(tag, EVP_CIPHER_CTX_buf_noconst(ctx),
+                                   cctx->M))
+                    rv = len;
+            }
+        }
+        if (rv == -1)
+            OPENSSL_cleanse(out, len);
+        cctx->iv_set = 0;
+        cctx->tag_set = 0;
+        cctx->len_set = 0;
+        return rv;
+    }
+}
+
+#define ARIA_AUTH_FLAGS  (EVP_CIPH_FLAG_DEFAULT_ASN1 \
+                          | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
+                          | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \
+                          | EVP_CIPH_CUSTOM_COPY | EVP_CIPH_FLAG_AEAD_CIPHER)
+
+#define BLOCK_CIPHER_aead(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
+static const EVP_CIPHER aria_##keylen##_##mode = { \
+        nid##_##keylen##_##nmode,                  \
+        blocksize, keylen/8, ivlen,                \
+        ARIA_AUTH_FLAGS|EVP_CIPH_##MODE##_MODE,    \
+        aria_##mode##_init_key,                    \
+        aria_##mode##_cipher,                      \
+        NULL,                                      \
+        sizeof(EVP_ARIA_##MODE##_CTX),             \
+        NULL,NULL,aria_##mode##_ctrl,NULL };       \
+const EVP_CIPHER *EVP_aria_##keylen##_##mode(void) \
+{ return (EVP_CIPHER*)&aria_##keylen##_##mode; }
+
+BLOCK_CIPHER_aead(NID_aria, 128, 1, 12, gcm, gcm, GCM, 0)
+BLOCK_CIPHER_aead(NID_aria, 192, 1, 12, gcm, gcm, GCM, 0)
+BLOCK_CIPHER_aead(NID_aria, 256, 1, 12, gcm, gcm, GCM, 0)
+
+BLOCK_CIPHER_aead(NID_aria, 128, 1, 12, ccm, ccm, CCM, 0)
+BLOCK_CIPHER_aead(NID_aria, 192, 1, 12, ccm, ccm, CCM, 0)
+BLOCK_CIPHER_aead(NID_aria, 256, 1, 12, ccm, ccm, CCM, 0)
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_bf.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_bf.c
new file mode 100644
index 000000000..dc386905c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_bf.c
@@ -0,0 +1,38 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#ifndef OPENSSL_NO_BF
+# include <openssl/evp.h>
+# include "internal/evp_int.h"
+# include <openssl/objects.h>
+# include <openssl/blowfish.h>
+
+static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                       const unsigned char *iv, int enc);
+
+typedef struct {
+    BF_KEY ks;
+} EVP_BF_KEY;
+
+# define data(ctx)       EVP_C_DATA(EVP_BF_KEY,ctx)
+
+IMPLEMENT_BLOCK_CIPHER(bf, ks, BF, EVP_BF_KEY, NID_bf, 8, 16, 8, 64,
+                       EVP_CIPH_VARIABLE_LENGTH, bf_init_key, NULL,
+                       EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
+
+static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                       const unsigned char *iv, int enc)
+{
+    BF_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), key);
+    return 1;
+}
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_camellia.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_camellia.c
new file mode 100644
index 000000000..2df4a6e3e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_camellia.c
@@ -0,0 +1,366 @@
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_CAMELLIA
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <openssl/evp.h>
+# include <openssl/err.h>
+# include <string.h>
+# include <assert.h>
+# include <openssl/camellia.h>
+# include "internal/evp_int.h"
+# include "modes_lcl.h"
+
+static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc);
+
+/* Camellia subkey Structure */
+typedef struct {
+    CAMELLIA_KEY ks;
+    block128_f block;
+    union {
+        cbc128_f cbc;
+        ctr128_f ctr;
+    } stream;
+} EVP_CAMELLIA_KEY;
+
+# define MAXBITCHUNK     ((size_t)1<<(sizeof(size_t)*8-4))
+
+/* Attribute operation for Camellia */
+# define data(ctx)       EVP_C_DATA(EVP_CAMELLIA_KEY,ctx)
+
+# if defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))
+/* ---------^^^ this is not a typo, just a way to detect that
+ * assembler support was in general requested... */
+#  include "sparc_arch.h"
+
+extern unsigned int OPENSSL_sparcv9cap_P[];
+
+#  define SPARC_CMLL_CAPABLE      (OPENSSL_sparcv9cap_P[1] & CFR_CAMELLIA)
+
+void cmll_t4_set_key(const unsigned char *key, int bits, CAMELLIA_KEY *ks);
+void cmll_t4_encrypt(const unsigned char *in, unsigned char *out,
+                     const CAMELLIA_KEY *key);
+void cmll_t4_decrypt(const unsigned char *in, unsigned char *out,
+                     const CAMELLIA_KEY *key);
+
+void cmll128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                            size_t len, const CAMELLIA_KEY *key,
+                            unsigned char *ivec);
+void cmll128_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
+                            size_t len, const CAMELLIA_KEY *key,
+                            unsigned char *ivec);
+void cmll256_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                            size_t len, const CAMELLIA_KEY *key,
+                            unsigned char *ivec);
+void cmll256_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
+                            size_t len, const CAMELLIA_KEY *key,
+                            unsigned char *ivec);
+void cmll128_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
+                              size_t blocks, const CAMELLIA_KEY *key,
+                              unsigned char *ivec);
+void cmll256_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
+                              size_t blocks, const CAMELLIA_KEY *key,
+                              unsigned char *ivec);
+
+static int cmll_t4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                            const unsigned char *iv, int enc)
+{
+    int ret, mode, bits;
+    EVP_CAMELLIA_KEY *dat =
+        (EVP_CAMELLIA_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx);
+
+    mode = EVP_CIPHER_CTX_mode(ctx);
+    bits = EVP_CIPHER_CTX_key_length(ctx) * 8;
+
+    cmll_t4_set_key(key, bits, &dat->ks);
+
+    if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
+        && !enc) {
+        ret = 0;
+        dat->block = (block128_f) cmll_t4_decrypt;
+        switch (bits) {
+        case 128:
+            dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+                (cbc128_f) cmll128_t4_cbc_decrypt : NULL;
+            break;
+        case 192:
+        case 256:
+            dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+                (cbc128_f) cmll256_t4_cbc_decrypt : NULL;
+            break;
+        default:
+            ret = -1;
+        }
+    } else {
+        ret = 0;
+        dat->block = (block128_f) cmll_t4_encrypt;
+        switch (bits) {
+        case 128:
+            if (mode == EVP_CIPH_CBC_MODE)
+                dat->stream.cbc = (cbc128_f) cmll128_t4_cbc_encrypt;
+            else if (mode == EVP_CIPH_CTR_MODE)
+                dat->stream.ctr = (ctr128_f) cmll128_t4_ctr32_encrypt;
+            else
+                dat->stream.cbc = NULL;
+            break;
+        case 192:
+        case 256:
+            if (mode == EVP_CIPH_CBC_MODE)
+                dat->stream.cbc = (cbc128_f) cmll256_t4_cbc_encrypt;
+            else if (mode == EVP_CIPH_CTR_MODE)
+                dat->stream.ctr = (ctr128_f) cmll256_t4_ctr32_encrypt;
+            else
+                dat->stream.cbc = NULL;
+            break;
+        default:
+            ret = -1;
+        }
+    }
+
+    if (ret < 0) {
+        EVPerr(EVP_F_CMLL_T4_INIT_KEY, EVP_R_CAMELLIA_KEY_SETUP_FAILED);
+        return 0;
+    }
+
+    return 1;
+}
+
+#  define cmll_t4_cbc_cipher camellia_cbc_cipher
+static int cmll_t4_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, size_t len);
+
+#  define cmll_t4_ecb_cipher camellia_ecb_cipher
+static int cmll_t4_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, size_t len);
+
+#  define cmll_t4_ofb_cipher camellia_ofb_cipher
+static int cmll_t4_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, size_t len);
+
+#  define cmll_t4_cfb_cipher camellia_cfb_cipher
+static int cmll_t4_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, size_t len);
+
+#  define cmll_t4_cfb8_cipher camellia_cfb8_cipher
+static int cmll_t4_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                               const unsigned char *in, size_t len);
+
+#  define cmll_t4_cfb1_cipher camellia_cfb1_cipher
+static int cmll_t4_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                               const unsigned char *in, size_t len);
+
+#  define cmll_t4_ctr_cipher camellia_ctr_cipher
+static int cmll_t4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, size_t len);
+
+#  define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
+static const EVP_CIPHER cmll_t4_##keylen##_##mode = { \
+        nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
+        flags|EVP_CIPH_##MODE##_MODE,   \
+        cmll_t4_init_key,               \
+        cmll_t4_##mode##_cipher,        \
+        NULL,                           \
+        sizeof(EVP_CAMELLIA_KEY),       \
+        NULL,NULL,NULL,NULL }; \
+static const EVP_CIPHER camellia_##keylen##_##mode = { \
+        nid##_##keylen##_##nmode,blocksize,     \
+        keylen/8,ivlen, \
+        flags|EVP_CIPH_##MODE##_MODE,   \
+        camellia_init_key,              \
+        camellia_##mode##_cipher,       \
+        NULL,                           \
+        sizeof(EVP_CAMELLIA_KEY),       \
+        NULL,NULL,NULL,NULL }; \
+const EVP_CIPHER *EVP_camellia_##keylen##_##mode(void) \
+{ return SPARC_CMLL_CAPABLE?&cmll_t4_##keylen##_##mode:&camellia_##keylen##_##mode; }
+
+# else
+
+#  define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
+static const EVP_CIPHER camellia_##keylen##_##mode = { \
+        nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
+        flags|EVP_CIPH_##MODE##_MODE,   \
+        camellia_init_key,              \
+        camellia_##mode##_cipher,       \
+        NULL,                           \
+        sizeof(EVP_CAMELLIA_KEY),       \
+        NULL,NULL,NULL,NULL }; \
+const EVP_CIPHER *EVP_camellia_##keylen##_##mode(void) \
+{ return &camellia_##keylen##_##mode; }
+
+# endif
+
+# define BLOCK_CIPHER_generic_pack(nid,keylen,flags)             \
+        BLOCK_CIPHER_generic(nid,keylen,16,16,cbc,cbc,CBC,flags|EVP_CIPH_FLAG_DEFAULT_ASN1)     \
+        BLOCK_CIPHER_generic(nid,keylen,16,0,ecb,ecb,ECB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1)      \
+        BLOCK_CIPHER_generic(nid,keylen,1,16,ofb128,ofb,OFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1)   \
+        BLOCK_CIPHER_generic(nid,keylen,1,16,cfb128,cfb,CFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1)   \
+        BLOCK_CIPHER_generic(nid,keylen,1,16,cfb1,cfb1,CFB,flags)       \
+        BLOCK_CIPHER_generic(nid,keylen,1,16,cfb8,cfb8,CFB,flags)       \
+        BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags)
+
+/* The subkey for Camellia is generated. */
+static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc)
+{
+    int ret, mode;
+    EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
+
+    ret = Camellia_set_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, &dat->ks);
+    if (ret < 0) {
+        EVPerr(EVP_F_CAMELLIA_INIT_KEY, EVP_R_CAMELLIA_KEY_SETUP_FAILED);
+        return 0;
+    }
+
+    mode = EVP_CIPHER_CTX_mode(ctx);
+    if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
+        && !enc) {
+        dat->block = (block128_f) Camellia_decrypt;
+        dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+            (cbc128_f) Camellia_cbc_encrypt : NULL;
+    } else {
+        dat->block = (block128_f) Camellia_encrypt;
+        dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+            (cbc128_f) Camellia_cbc_encrypt : NULL;
+    }
+
+    return 1;
+}
+
+static int camellia_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                               const unsigned char *in, size_t len)
+{
+    EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
+
+    if (dat->stream.cbc)
+        (*dat->stream.cbc) (in, out, len, &dat->ks,
+                            EVP_CIPHER_CTX_iv_noconst(ctx),
+                            EVP_CIPHER_CTX_encrypting(ctx));
+    else if (EVP_CIPHER_CTX_encrypting(ctx))
+        CRYPTO_cbc128_encrypt(in, out, len, &dat->ks,
+                              EVP_CIPHER_CTX_iv_noconst(ctx), dat->block);
+    else
+        CRYPTO_cbc128_decrypt(in, out, len, &dat->ks,
+                              EVP_CIPHER_CTX_iv_noconst(ctx), dat->block);
+
+    return 1;
+}
+
+static int camellia_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                               const unsigned char *in, size_t len)
+{
+    size_t bl = EVP_CIPHER_CTX_block_size(ctx);
+    size_t i;
+    EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
+
+    if (len < bl)
+        return 1;
+
+    for (i = 0, len -= bl; i <= len; i += bl)
+        (*dat->block) (in + i, out + i, &dat->ks);
+
+    return 1;
+}
+
+static int camellia_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                               const unsigned char *in, size_t len)
+{
+    EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
+
+    int num = EVP_CIPHER_CTX_num(ctx);
+    CRYPTO_ofb128_encrypt(in, out, len, &dat->ks,
+                          EVP_CIPHER_CTX_iv_noconst(ctx), &num, dat->block);
+    EVP_CIPHER_CTX_set_num(ctx, num);
+    return 1;
+}
+
+static int camellia_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                               const unsigned char *in, size_t len)
+{
+    EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
+
+    int num = EVP_CIPHER_CTX_num(ctx);
+    CRYPTO_cfb128_encrypt(in, out, len, &dat->ks,
+                          EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+    EVP_CIPHER_CTX_set_num(ctx, num);
+    return 1;
+}
+
+static int camellia_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t len)
+{
+    EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
+
+    int num = EVP_CIPHER_CTX_num(ctx);
+    CRYPTO_cfb128_8_encrypt(in, out, len, &dat->ks,
+                            EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+    EVP_CIPHER_CTX_set_num(ctx, num);
+    return 1;
+}
+
+static int camellia_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t len)
+{
+    EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
+
+    if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) {
+        int num = EVP_CIPHER_CTX_num(ctx);
+        CRYPTO_cfb128_1_encrypt(in, out, len, &dat->ks,
+                                EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+        EVP_CIPHER_CTX_set_num(ctx, num);
+        return 1;
+    }
+
+    while (len >= MAXBITCHUNK) {
+        int num = EVP_CIPHER_CTX_num(ctx);
+        CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, &dat->ks,
+                                EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+        EVP_CIPHER_CTX_set_num(ctx, num);
+        len -= MAXBITCHUNK;
+        out += MAXBITCHUNK;
+        in  += MAXBITCHUNK;
+    }
+    if (len) {
+        int num = EVP_CIPHER_CTX_num(ctx);
+        CRYPTO_cfb128_1_encrypt(in, out, len * 8, &dat->ks,
+                                EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+        EVP_CIPHER_CTX_set_num(ctx, num);
+    }
+
+    return 1;
+}
+
+static int camellia_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                               const unsigned char *in, size_t len)
+{
+    unsigned int num = EVP_CIPHER_CTX_num(ctx);
+    EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
+
+    if (dat->stream.ctr)
+        CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks,
+                                    EVP_CIPHER_CTX_iv_noconst(ctx),
+                                    EVP_CIPHER_CTX_buf_noconst(ctx), &num,
+                                    dat->stream.ctr);
+    else
+        CRYPTO_ctr128_encrypt(in, out, len, &dat->ks,
+                              EVP_CIPHER_CTX_iv_noconst(ctx),
+                              EVP_CIPHER_CTX_buf_noconst(ctx), &num,
+                              dat->block);
+    EVP_CIPHER_CTX_set_num(ctx, num);
+    return 1;
+}
+
+BLOCK_CIPHER_generic_pack(NID_camellia, 128, 0)
+    BLOCK_CIPHER_generic_pack(NID_camellia, 192, 0)
+    BLOCK_CIPHER_generic_pack(NID_camellia, 256, 0)
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_cast.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_cast.c
new file mode 100644
index 000000000..259d44059
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_cast.c
@@ -0,0 +1,40 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_CAST
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include "internal/evp_int.h"
+# include <openssl/cast.h>
+
+static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                         const unsigned char *iv, int enc);
+
+typedef struct {
+    CAST_KEY ks;
+} EVP_CAST_KEY;
+
+# define data(ctx)       EVP_C_DATA(EVP_CAST_KEY,ctx)
+
+IMPLEMENT_BLOCK_CIPHER(cast5, ks, CAST, EVP_CAST_KEY,
+                       NID_cast5, 8, CAST_KEY_LENGTH, 8, 64,
+                       EVP_CIPH_VARIABLE_LENGTH, cast_init_key, NULL,
+                       EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
+
+static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                         const unsigned char *iv, int enc)
+{
+    CAST_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), key);
+    return 1;
+}
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_chacha20_poly1305.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_chacha20_poly1305.c
new file mode 100644
index 000000000..c1917bb86
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_chacha20_poly1305.c
@@ -0,0 +1,630 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_CHACHA
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include "evp_locl.h"
+# include "internal/evp_int.h"
+# include "internal/chacha.h"
+
+typedef struct {
+    union {
+        double align;   /* this ensures even sizeof(EVP_CHACHA_KEY)%8==0 */
+        unsigned int d[CHACHA_KEY_SIZE / 4];
+    } key;
+    unsigned int  counter[CHACHA_CTR_SIZE / 4];
+    unsigned char buf[CHACHA_BLK_SIZE];
+    unsigned int  partial_len;
+} EVP_CHACHA_KEY;
+
+#define data(ctx)   ((EVP_CHACHA_KEY *)(ctx)->cipher_data)
+
+static int chacha_init_key(EVP_CIPHER_CTX *ctx,
+                           const unsigned char user_key[CHACHA_KEY_SIZE],
+                           const unsigned char iv[CHACHA_CTR_SIZE], int enc)
+{
+    EVP_CHACHA_KEY *key = data(ctx);
+    unsigned int i;
+
+    if (user_key)
+        for (i = 0; i < CHACHA_KEY_SIZE; i+=4) {
+            key->key.d[i/4] = CHACHA_U8TOU32(user_key+i);
+        }
+
+    if (iv)
+        for (i = 0; i < CHACHA_CTR_SIZE; i+=4) {
+            key->counter[i/4] = CHACHA_U8TOU32(iv+i);
+        }
+
+    key->partial_len = 0;
+
+    return 1;
+}
+
+static int chacha_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
+                         const unsigned char *inp, size_t len)
+{
+    EVP_CHACHA_KEY *key = data(ctx);
+    unsigned int n, rem, ctr32;
+
+    if ((n = key->partial_len)) {
+        while (len && n < CHACHA_BLK_SIZE) {
+            *out++ = *inp++ ^ key->buf[n++];
+            len--;
+        }
+        key->partial_len = n;
+
+        if (len == 0)
+            return 1;
+
+        if (n == CHACHA_BLK_SIZE) {
+            key->partial_len = 0;
+            key->counter[0]++;
+            if (key->counter[0] == 0)
+                key->counter[1]++;
+        }
+    }
+
+    rem = (unsigned int)(len % CHACHA_BLK_SIZE);
+    len -= rem;
+    ctr32 = key->counter[0];
+    while (len >= CHACHA_BLK_SIZE) {
+        size_t blocks = len / CHACHA_BLK_SIZE;
+        /*
+         * 1<<28 is just a not-so-small yet not-so-large number...
+         * Below condition is practically never met, but it has to
+         * be checked for code correctness.
+         */
+        if (sizeof(size_t)>sizeof(unsigned int) && blocks>(1U<<28))
+            blocks = (1U<<28);
+
+        /*
+         * As ChaCha20_ctr32 operates on 32-bit counter, caller
+         * has to handle overflow. 'if' below detects the
+         * overflow, which is then handled by limiting the
+         * amount of blocks to the exact overflow point...
+         */
+        ctr32 += (unsigned int)blocks;
+        if (ctr32 < blocks) {
+            blocks -= ctr32;
+            ctr32 = 0;
+        }
+        blocks *= CHACHA_BLK_SIZE;
+        ChaCha20_ctr32(out, inp, blocks, key->key.d, key->counter);
+        len -= blocks;
+        inp += blocks;
+        out += blocks;
+
+        key->counter[0] = ctr32;
+        if (ctr32 == 0) key->counter[1]++;
+    }
+
+    if (rem) {
+        memset(key->buf, 0, sizeof(key->buf));
+        ChaCha20_ctr32(key->buf, key->buf, CHACHA_BLK_SIZE,
+                       key->key.d, key->counter);
+        for (n = 0; n < rem; n++)
+            out[n] = inp[n] ^ key->buf[n];
+        key->partial_len = rem;
+    }
+
+    return 1;
+}
+
+static const EVP_CIPHER chacha20 = {
+    NID_chacha20,
+    1,                      /* block_size */
+    CHACHA_KEY_SIZE,        /* key_len */
+    CHACHA_CTR_SIZE,        /* iv_len, 128-bit counter in the context */
+    EVP_CIPH_CUSTOM_IV | EVP_CIPH_ALWAYS_CALL_INIT,
+    chacha_init_key,
+    chacha_cipher,
+    NULL,
+    sizeof(EVP_CHACHA_KEY),
+    NULL,
+    NULL,
+    NULL,
+    NULL
+};
+
+const EVP_CIPHER *EVP_chacha20(void)
+{
+    return &chacha20;
+}
+
+# ifndef OPENSSL_NO_POLY1305
+#  include "internal/poly1305.h"
+
+typedef struct {
+    EVP_CHACHA_KEY key;
+    unsigned int nonce[12/4];
+    unsigned char tag[POLY1305_BLOCK_SIZE];
+    unsigned char tls_aad[POLY1305_BLOCK_SIZE];
+    struct { uint64_t aad, text; } len;
+    int aad, mac_inited, tag_len, nonce_len;
+    size_t tls_payload_length;
+} EVP_CHACHA_AEAD_CTX;
+
+#  define NO_TLS_PAYLOAD_LENGTH ((size_t)-1)
+#  define aead_data(ctx)        ((EVP_CHACHA_AEAD_CTX *)(ctx)->cipher_data)
+#  define POLY1305_ctx(actx)    ((POLY1305 *)(actx + 1))
+
+static int chacha20_poly1305_init_key(EVP_CIPHER_CTX *ctx,
+                                      const unsigned char *inkey,
+                                      const unsigned char *iv, int enc)
+{
+    EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx);
+
+    if (!inkey && !iv)
+        return 1;
+
+    actx->len.aad = 0;
+    actx->len.text = 0;
+    actx->aad = 0;
+    actx->mac_inited = 0;
+    actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH;
+
+    if (iv != NULL) {
+        unsigned char temp[CHACHA_CTR_SIZE] = { 0 };
+
+        /* pad on the left */
+        if (actx->nonce_len <= CHACHA_CTR_SIZE)
+            memcpy(temp + CHACHA_CTR_SIZE - actx->nonce_len, iv,
+                   actx->nonce_len);
+
+        chacha_init_key(ctx, inkey, temp, enc);
+
+        actx->nonce[0] = actx->key.counter[1];
+        actx->nonce[1] = actx->key.counter[2];
+        actx->nonce[2] = actx->key.counter[3];
+    } else {
+        chacha_init_key(ctx, inkey, NULL, enc);
+    }
+
+    return 1;
+}
+
+#  if !defined(OPENSSL_SMALL_FOOTPRINT)
+
+#   if defined(POLY1305_ASM) && (defined(__x86_64) || defined(__x86_64__) || \
+                                 defined(_M_AMD64) || defined(_M_X64))
+#    define XOR128_HELPERS
+void *xor128_encrypt_n_pad(void *out, const void *inp, void *otp, size_t len);
+void *xor128_decrypt_n_pad(void *out, const void *inp, void *otp, size_t len);
+static const unsigned char zero[4 * CHACHA_BLK_SIZE] = { 0 };
+#   else
+static const unsigned char zero[2 * CHACHA_BLK_SIZE] = { 0 };
+#   endif
+
+static int chacha20_poly1305_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                        const unsigned char *in, size_t len)
+{
+    EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx);
+    size_t tail, tohash_len, buf_len, plen = actx->tls_payload_length;
+    unsigned char *buf, *tohash, *ctr, storage[sizeof(zero) + 32];
+
+    if (len != plen + POLY1305_BLOCK_SIZE)
+        return -1;
+
+    buf = storage + ((0 - (size_t)storage) & 15);   /* align */
+    ctr = buf + CHACHA_BLK_SIZE;
+    tohash = buf + CHACHA_BLK_SIZE - POLY1305_BLOCK_SIZE;
+
+#   ifdef XOR128_HELPERS
+    if (plen <= 3 * CHACHA_BLK_SIZE) {
+        actx->key.counter[0] = 0;
+        buf_len = (plen + 2 * CHACHA_BLK_SIZE - 1) & (0 - CHACHA_BLK_SIZE);
+        ChaCha20_ctr32(buf, zero, buf_len, actx->key.key.d,
+                       actx->key.counter);
+        Poly1305_Init(POLY1305_ctx(actx), buf);
+        actx->key.partial_len = 0;
+        memcpy(tohash, actx->tls_aad, POLY1305_BLOCK_SIZE);
+        tohash_len = POLY1305_BLOCK_SIZE;
+        actx->len.aad = EVP_AEAD_TLS1_AAD_LEN;
+        actx->len.text = plen;
+
+        if (plen) {
+            if (ctx->encrypt)
+                ctr = xor128_encrypt_n_pad(out, in, ctr, plen);
+            else
+                ctr = xor128_decrypt_n_pad(out, in, ctr, plen);
+
+            in += plen;
+            out += plen;
+            tohash_len = (size_t)(ctr - tohash);
+        }
+    }
+#   else
+    if (plen <= CHACHA_BLK_SIZE) {
+        size_t i;
+
+        actx->key.counter[0] = 0;
+        ChaCha20_ctr32(buf, zero, (buf_len = 2 * CHACHA_BLK_SIZE),
+                       actx->key.key.d, actx->key.counter);
+        Poly1305_Init(POLY1305_ctx(actx), buf);
+        actx->key.partial_len = 0;
+        memcpy(tohash, actx->tls_aad, POLY1305_BLOCK_SIZE);
+        tohash_len = POLY1305_BLOCK_SIZE;
+        actx->len.aad = EVP_AEAD_TLS1_AAD_LEN;
+        actx->len.text = plen;
+
+        if (ctx->encrypt) {
+            for (i = 0; i < plen; i++) {
+                out[i] = ctr[i] ^= in[i];
+            }
+        } else {
+            for (i = 0; i < plen; i++) {
+                unsigned char c = in[i];
+                out[i] = ctr[i] ^ c;
+                ctr[i] = c;
+            }
+        }
+
+        in += i;
+        out += i;
+
+        tail = (0 - i) & (POLY1305_BLOCK_SIZE - 1);
+        memset(ctr + i, 0, tail);
+        ctr += i + tail;
+        tohash_len += i + tail;
+    }
+#   endif
+    else {
+        actx->key.counter[0] = 0;
+        ChaCha20_ctr32(buf, zero, (buf_len = CHACHA_BLK_SIZE),
+                       actx->key.key.d, actx->key.counter);
+        Poly1305_Init(POLY1305_ctx(actx), buf);
+        actx->key.counter[0] = 1;
+        actx->key.partial_len = 0;
+        Poly1305_Update(POLY1305_ctx(actx), actx->tls_aad, POLY1305_BLOCK_SIZE);
+        tohash = ctr;
+        tohash_len = 0;
+        actx->len.aad = EVP_AEAD_TLS1_AAD_LEN;
+        actx->len.text = plen;
+
+        if (ctx->encrypt) {
+            ChaCha20_ctr32(out, in, plen, actx->key.key.d, actx->key.counter);
+            Poly1305_Update(POLY1305_ctx(actx), out, plen);
+        } else {
+            Poly1305_Update(POLY1305_ctx(actx), in, plen);
+            ChaCha20_ctr32(out, in, plen, actx->key.key.d, actx->key.counter);
+        }
+
+        in += plen;
+        out += plen;
+        tail = (0 - plen) & (POLY1305_BLOCK_SIZE - 1);
+        Poly1305_Update(POLY1305_ctx(actx), zero, tail);
+    }
+
+    {
+        const union {
+            long one;
+            char little;
+        } is_endian = { 1 };
+
+        if (is_endian.little) {
+            memcpy(ctr, (unsigned char *)&actx->len, POLY1305_BLOCK_SIZE);
+        } else {
+            ctr[0]  = (unsigned char)(actx->len.aad);
+            ctr[1]  = (unsigned char)(actx->len.aad>>8);
+            ctr[2]  = (unsigned char)(actx->len.aad>>16);
+            ctr[3]  = (unsigned char)(actx->len.aad>>24);
+            ctr[4]  = (unsigned char)(actx->len.aad>>32);
+            ctr[5]  = (unsigned char)(actx->len.aad>>40);
+            ctr[6]  = (unsigned char)(actx->len.aad>>48);
+            ctr[7]  = (unsigned char)(actx->len.aad>>56);
+
+            ctr[8]  = (unsigned char)(actx->len.text);
+            ctr[9]  = (unsigned char)(actx->len.text>>8);
+            ctr[10] = (unsigned char)(actx->len.text>>16);
+            ctr[11] = (unsigned char)(actx->len.text>>24);
+            ctr[12] = (unsigned char)(actx->len.text>>32);
+            ctr[13] = (unsigned char)(actx->len.text>>40);
+            ctr[14] = (unsigned char)(actx->len.text>>48);
+            ctr[15] = (unsigned char)(actx->len.text>>56);
+        }
+        tohash_len += POLY1305_BLOCK_SIZE;
+    }
+
+    Poly1305_Update(POLY1305_ctx(actx), tohash, tohash_len);
+    OPENSSL_cleanse(buf, buf_len);
+    Poly1305_Final(POLY1305_ctx(actx), ctx->encrypt ? actx->tag
+                                                    : tohash);
+
+    actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH;
+
+    if (ctx->encrypt) {
+        memcpy(out, actx->tag, POLY1305_BLOCK_SIZE);
+    } else {
+        if (CRYPTO_memcmp(tohash, in, POLY1305_BLOCK_SIZE)) {
+            memset(out - (len - POLY1305_BLOCK_SIZE), 0,
+                   len - POLY1305_BLOCK_SIZE);
+            return -1;
+        }
+    }
+
+    return len;
+}
+#  else
+static const unsigned char zero[CHACHA_BLK_SIZE] = { 0 };
+#  endif
+
+static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                    const unsigned char *in, size_t len)
+{
+    EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx);
+    size_t rem, plen = actx->tls_payload_length;
+
+    if (!actx->mac_inited) {
+#  if !defined(OPENSSL_SMALL_FOOTPRINT)
+        if (plen != NO_TLS_PAYLOAD_LENGTH && out != NULL)
+            return chacha20_poly1305_tls_cipher(ctx, out, in, len);
+#  endif
+        actx->key.counter[0] = 0;
+        ChaCha20_ctr32(actx->key.buf, zero, CHACHA_BLK_SIZE,
+                       actx->key.key.d, actx->key.counter);
+        Poly1305_Init(POLY1305_ctx(actx), actx->key.buf);
+        actx->key.counter[0] = 1;
+        actx->key.partial_len = 0;
+        actx->len.aad = actx->len.text = 0;
+        actx->mac_inited = 1;
+        if (plen != NO_TLS_PAYLOAD_LENGTH) {
+            Poly1305_Update(POLY1305_ctx(actx), actx->tls_aad,
+                            EVP_AEAD_TLS1_AAD_LEN);
+            actx->len.aad = EVP_AEAD_TLS1_AAD_LEN;
+            actx->aad = 1;
+        }
+    }
+
+    if (in) {                                   /* aad or text */
+        if (out == NULL) {                      /* aad */
+            Poly1305_Update(POLY1305_ctx(actx), in, len);
+            actx->len.aad += len;
+            actx->aad = 1;
+            return len;
+        } else {                                /* plain- or ciphertext */
+            if (actx->aad) {                    /* wrap up aad */
+                if ((rem = (size_t)actx->len.aad % POLY1305_BLOCK_SIZE))
+                    Poly1305_Update(POLY1305_ctx(actx), zero,
+                                    POLY1305_BLOCK_SIZE - rem);
+                actx->aad = 0;
+            }
+
+            actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH;
+            if (plen == NO_TLS_PAYLOAD_LENGTH)
+                plen = len;
+            else if (len != plen + POLY1305_BLOCK_SIZE)
+                return -1;
+
+            if (ctx->encrypt) {                 /* plaintext */
+                chacha_cipher(ctx, out, in, plen);
+                Poly1305_Update(POLY1305_ctx(actx), out, plen);
+                in += plen;
+                out += plen;
+                actx->len.text += plen;
+            } else {                            /* ciphertext */
+                Poly1305_Update(POLY1305_ctx(actx), in, plen);
+                chacha_cipher(ctx, out, in, plen);
+                in += plen;
+                out += plen;
+                actx->len.text += plen;
+            }
+        }
+    }
+    if (in == NULL                              /* explicit final */
+        || plen != len) {                       /* or tls mode */
+        const union {
+            long one;
+            char little;
+        } is_endian = { 1 };
+        unsigned char temp[POLY1305_BLOCK_SIZE];
+
+        if (actx->aad) {                        /* wrap up aad */
+            if ((rem = (size_t)actx->len.aad % POLY1305_BLOCK_SIZE))
+                Poly1305_Update(POLY1305_ctx(actx), zero,
+                                POLY1305_BLOCK_SIZE - rem);
+            actx->aad = 0;
+        }
+
+        if ((rem = (size_t)actx->len.text % POLY1305_BLOCK_SIZE))
+            Poly1305_Update(POLY1305_ctx(actx), zero,
+                            POLY1305_BLOCK_SIZE - rem);
+
+        if (is_endian.little) {
+            Poly1305_Update(POLY1305_ctx(actx),
+                            (unsigned char *)&actx->len, POLY1305_BLOCK_SIZE);
+        } else {
+            temp[0]  = (unsigned char)(actx->len.aad);
+            temp[1]  = (unsigned char)(actx->len.aad>>8);
+            temp[2]  = (unsigned char)(actx->len.aad>>16);
+            temp[3]  = (unsigned char)(actx->len.aad>>24);
+            temp[4]  = (unsigned char)(actx->len.aad>>32);
+            temp[5]  = (unsigned char)(actx->len.aad>>40);
+            temp[6]  = (unsigned char)(actx->len.aad>>48);
+            temp[7]  = (unsigned char)(actx->len.aad>>56);
+
+            temp[8]  = (unsigned char)(actx->len.text);
+            temp[9]  = (unsigned char)(actx->len.text>>8);
+            temp[10] = (unsigned char)(actx->len.text>>16);
+            temp[11] = (unsigned char)(actx->len.text>>24);
+            temp[12] = (unsigned char)(actx->len.text>>32);
+            temp[13] = (unsigned char)(actx->len.text>>40);
+            temp[14] = (unsigned char)(actx->len.text>>48);
+            temp[15] = (unsigned char)(actx->len.text>>56);
+
+            Poly1305_Update(POLY1305_ctx(actx), temp, POLY1305_BLOCK_SIZE);
+        }
+        Poly1305_Final(POLY1305_ctx(actx), ctx->encrypt ? actx->tag
+                                                        : temp);
+        actx->mac_inited = 0;
+
+        if (in != NULL && len != plen) {        /* tls mode */
+            if (ctx->encrypt) {
+                memcpy(out, actx->tag, POLY1305_BLOCK_SIZE);
+            } else {
+                if (CRYPTO_memcmp(temp, in, POLY1305_BLOCK_SIZE)) {
+                    memset(out - plen, 0, plen);
+                    return -1;
+                }
+            }
+        }
+        else if (!ctx->encrypt) {
+            if (CRYPTO_memcmp(temp, actx->tag, actx->tag_len))
+                return -1;
+        }
+    }
+    return len;
+}
+
+static int chacha20_poly1305_cleanup(EVP_CIPHER_CTX *ctx)
+{
+    EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx);
+    if (actx)
+        OPENSSL_cleanse(ctx->cipher_data, sizeof(*actx) + Poly1305_ctx_size());
+    return 1;
+}
+
+static int chacha20_poly1305_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+                                  void *ptr)
+{
+    EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx);
+
+    switch(type) {
+    case EVP_CTRL_INIT:
+        if (actx == NULL)
+            actx = ctx->cipher_data
+                 = OPENSSL_zalloc(sizeof(*actx) + Poly1305_ctx_size());
+        if (actx == NULL) {
+            EVPerr(EVP_F_CHACHA20_POLY1305_CTRL, EVP_R_INITIALIZATION_ERROR);
+            return 0;
+        }
+        actx->len.aad = 0;
+        actx->len.text = 0;
+        actx->aad = 0;
+        actx->mac_inited = 0;
+        actx->tag_len = 0;
+        actx->nonce_len = 12;
+        actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH;
+        memset(actx->tls_aad, 0, POLY1305_BLOCK_SIZE);
+        return 1;
+
+    case EVP_CTRL_COPY:
+        if (actx) {
+            EVP_CIPHER_CTX *dst = (EVP_CIPHER_CTX *)ptr;
+
+            dst->cipher_data =
+                   OPENSSL_memdup(actx, sizeof(*actx) + Poly1305_ctx_size());
+            if (dst->cipher_data == NULL) {
+                EVPerr(EVP_F_CHACHA20_POLY1305_CTRL, EVP_R_COPY_ERROR);
+                return 0;
+            }
+        }
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_IVLEN:
+        if (arg <= 0 || arg > CHACHA_CTR_SIZE)
+            return 0;
+        actx->nonce_len = arg;
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_IV_FIXED:
+        if (arg != 12)
+            return 0;
+        actx->nonce[0] = actx->key.counter[1]
+                       = CHACHA_U8TOU32((unsigned char *)ptr);
+        actx->nonce[1] = actx->key.counter[2]
+                       = CHACHA_U8TOU32((unsigned char *)ptr+4);
+        actx->nonce[2] = actx->key.counter[3]
+                       = CHACHA_U8TOU32((unsigned char *)ptr+8);
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_TAG:
+        if (arg <= 0 || arg > POLY1305_BLOCK_SIZE)
+            return 0;
+        if (ptr != NULL) {
+            memcpy(actx->tag, ptr, arg);
+            actx->tag_len = arg;
+        }
+        return 1;
+
+    case EVP_CTRL_AEAD_GET_TAG:
+        if (arg <= 0 || arg > POLY1305_BLOCK_SIZE || !ctx->encrypt)
+            return 0;
+        memcpy(ptr, actx->tag, arg);
+        return 1;
+
+    case EVP_CTRL_AEAD_TLS1_AAD:
+        if (arg != EVP_AEAD_TLS1_AAD_LEN)
+            return 0;
+        {
+            unsigned int len;
+            unsigned char *aad = ptr;
+
+            memcpy(actx->tls_aad, ptr, EVP_AEAD_TLS1_AAD_LEN);
+            len = aad[EVP_AEAD_TLS1_AAD_LEN - 2] << 8 |
+                  aad[EVP_AEAD_TLS1_AAD_LEN - 1];
+            aad = actx->tls_aad;
+            if (!ctx->encrypt) {
+                if (len < POLY1305_BLOCK_SIZE)
+                    return 0;
+                len -= POLY1305_BLOCK_SIZE;     /* discount attached tag */
+                aad[EVP_AEAD_TLS1_AAD_LEN - 2] = (unsigned char)(len >> 8);
+                aad[EVP_AEAD_TLS1_AAD_LEN - 1] = (unsigned char)len;
+            }
+            actx->tls_payload_length = len;
+
+            /*
+             * merge record sequence number as per RFC7905
+             */
+            actx->key.counter[1] = actx->nonce[0];
+            actx->key.counter[2] = actx->nonce[1] ^ CHACHA_U8TOU32(aad);
+            actx->key.counter[3] = actx->nonce[2] ^ CHACHA_U8TOU32(aad+4);
+            actx->mac_inited = 0;
+
+            return POLY1305_BLOCK_SIZE;         /* tag length */
+        }
+
+    case EVP_CTRL_AEAD_SET_MAC_KEY:
+        /* no-op */
+        return 1;
+
+    default:
+        return -1;
+    }
+}
+
+static EVP_CIPHER chacha20_poly1305 = {
+    NID_chacha20_poly1305,
+    1,                  /* block_size */
+    CHACHA_KEY_SIZE,    /* key_len */
+    12,                 /* iv_len, 96-bit nonce in the context */
+    EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_CUSTOM_IV |
+    EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT |
+    EVP_CIPH_CUSTOM_COPY | EVP_CIPH_FLAG_CUSTOM_CIPHER,
+    chacha20_poly1305_init_key,
+    chacha20_poly1305_cipher,
+    chacha20_poly1305_cleanup,
+    0,          /* 0 moves context-specific structure allocation to ctrl */
+    NULL,       /* set_asn1_parameters */
+    NULL,       /* get_asn1_parameters */
+    chacha20_poly1305_ctrl,
+    NULL        /* app_data */
+};
+
+const EVP_CIPHER *EVP_chacha20_poly1305(void)
+{
+    return(&chacha20_poly1305);
+}
+# endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_des.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_des.c
new file mode 100644
index 000000000..c13fb3e25
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_des.c
@@ -0,0 +1,242 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#ifndef OPENSSL_NO_DES
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include "internal/evp_int.h"
+# include <openssl/des.h>
+# include <openssl/rand.h>
+
+typedef struct {
+    union {
+        double align;
+        DES_key_schedule ks;
+    } ks;
+    union {
+        void (*cbc) (const void *, void *, size_t,
+                     const DES_key_schedule *, unsigned char *);
+    } stream;
+} EVP_DES_KEY;
+
+# if defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))
+/* ----------^^^ this is not a typo, just a way to detect that
+ * assembler support was in general requested... */
+#  include "sparc_arch.h"
+
+extern unsigned int OPENSSL_sparcv9cap_P[];
+
+#  define SPARC_DES_CAPABLE       (OPENSSL_sparcv9cap_P[1] & CFR_DES)
+
+void des_t4_key_expand(const void *key, DES_key_schedule *ks);
+void des_t4_cbc_encrypt(const void *inp, void *out, size_t len,
+                        const DES_key_schedule *ks, unsigned char iv[8]);
+void des_t4_cbc_decrypt(const void *inp, void *out, size_t len,
+                        const DES_key_schedule *ks, unsigned char iv[8]);
+# endif
+
+static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                        const unsigned char *iv, int enc);
+static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
+
+/*
+ * Because of various casts and different names can't use
+ * IMPLEMENT_BLOCK_CIPHER
+ */
+
+static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, size_t inl)
+{
+    BLOCK_CIPHER_ecb_loop()
+        DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i),
+                        EVP_CIPHER_CTX_get_cipher_data(ctx),
+                        EVP_CIPHER_CTX_encrypting(ctx));
+    return 1;
+}
+
+static int des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, size_t inl)
+{
+    while (inl >= EVP_MAXCHUNK) {
+        int num = EVP_CIPHER_CTX_num(ctx);
+        DES_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK,
+                          EVP_CIPHER_CTX_get_cipher_data(ctx),
+                          (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), &num);
+        EVP_CIPHER_CTX_set_num(ctx, num);
+        inl -= EVP_MAXCHUNK;
+        in += EVP_MAXCHUNK;
+        out += EVP_MAXCHUNK;
+    }
+    if (inl) {
+        int num = EVP_CIPHER_CTX_num(ctx);
+        DES_ofb64_encrypt(in, out, (long)inl,
+                          EVP_CIPHER_CTX_get_cipher_data(ctx),
+                          (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), &num);
+        EVP_CIPHER_CTX_set_num(ctx, num);
+    }
+    return 1;
+}
+
+static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, size_t inl)
+{
+    EVP_DES_KEY *dat = (EVP_DES_KEY *) EVP_CIPHER_CTX_get_cipher_data(ctx);
+
+    if (dat->stream.cbc != NULL) {
+        (*dat->stream.cbc) (in, out, inl, &dat->ks.ks,
+                            EVP_CIPHER_CTX_iv_noconst(ctx));
+        return 1;
+    }
+    while (inl >= EVP_MAXCHUNK) {
+        DES_ncbc_encrypt(in, out, (long)EVP_MAXCHUNK,
+                         EVP_CIPHER_CTX_get_cipher_data(ctx),
+                         (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                         EVP_CIPHER_CTX_encrypting(ctx));
+        inl -= EVP_MAXCHUNK;
+        in += EVP_MAXCHUNK;
+        out += EVP_MAXCHUNK;
+    }
+    if (inl)
+        DES_ncbc_encrypt(in, out, (long)inl,
+                         EVP_CIPHER_CTX_get_cipher_data(ctx),
+                         (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                         EVP_CIPHER_CTX_encrypting(ctx));
+    return 1;
+}
+
+static int des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                            const unsigned char *in, size_t inl)
+{
+    while (inl >= EVP_MAXCHUNK) {
+        int num = EVP_CIPHER_CTX_num(ctx);
+        DES_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK,
+                          EVP_CIPHER_CTX_get_cipher_data(ctx),
+                          (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), &num,
+                          EVP_CIPHER_CTX_encrypting(ctx));
+        EVP_CIPHER_CTX_set_num(ctx, num);
+        inl -= EVP_MAXCHUNK;
+        in += EVP_MAXCHUNK;
+        out += EVP_MAXCHUNK;
+    }
+    if (inl) {
+        int num = EVP_CIPHER_CTX_num(ctx);
+        DES_cfb64_encrypt(in, out, (long)inl,
+                          EVP_CIPHER_CTX_get_cipher_data(ctx),
+                          (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), &num,
+                          EVP_CIPHER_CTX_encrypting(ctx));
+        EVP_CIPHER_CTX_set_num(ctx, num);
+    }
+    return 1;
+}
+
+/*
+ * Although we have a CFB-r implementation for DES, it doesn't pack the right
+ * way, so wrap it here
+ */
+static int des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                           const unsigned char *in, size_t inl)
+{
+    size_t n, chunk = EVP_MAXCHUNK / 8;
+    unsigned char c[1], d[1];
+
+    if (inl < chunk)
+        chunk = inl;
+
+    while (inl && inl >= chunk) {
+        for (n = 0; n < chunk * 8; ++n) {
+            c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
+            DES_cfb_encrypt(c, d, 1, 1, EVP_CIPHER_CTX_get_cipher_data(ctx),
+                            (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                            EVP_CIPHER_CTX_encrypting(ctx));
+            out[n / 8] =
+                (out[n / 8] & ~(0x80 >> (unsigned int)(n % 8))) |
+                ((d[0] & 0x80) >> (unsigned int)(n % 8));
+        }
+        inl -= chunk;
+        in += chunk;
+        out += chunk;
+        if (inl < chunk)
+            chunk = inl;
+    }
+
+    return 1;
+}
+
+static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                           const unsigned char *in, size_t inl)
+{
+    while (inl >= EVP_MAXCHUNK) {
+        DES_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK,
+                        EVP_CIPHER_CTX_get_cipher_data(ctx),
+                        (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                        EVP_CIPHER_CTX_encrypting(ctx));
+        inl -= EVP_MAXCHUNK;
+        in += EVP_MAXCHUNK;
+        out += EVP_MAXCHUNK;
+    }
+    if (inl)
+        DES_cfb_encrypt(in, out, 8, (long)inl,
+                        EVP_CIPHER_CTX_get_cipher_data(ctx),
+                        (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                        EVP_CIPHER_CTX_encrypting(ctx));
+    return 1;
+}
+
+BLOCK_CIPHER_defs(des, EVP_DES_KEY, NID_des, 8, 8, 8, 64,
+                  EVP_CIPH_RAND_KEY, des_init_key, NULL,
+                  EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
+
+    BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 1,
+                     EVP_CIPH_RAND_KEY, des_init_key, NULL,
+                     EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
+
+    BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 8,
+                     EVP_CIPH_RAND_KEY, des_init_key, NULL,
+                     EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
+
+static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                        const unsigned char *iv, int enc)
+{
+    DES_cblock *deskey = (DES_cblock *)key;
+    EVP_DES_KEY *dat = (EVP_DES_KEY *) EVP_CIPHER_CTX_get_cipher_data(ctx);
+
+    dat->stream.cbc = NULL;
+# if defined(SPARC_DES_CAPABLE)
+    if (SPARC_DES_CAPABLE) {
+        int mode = EVP_CIPHER_CTX_mode(ctx);
+
+        if (mode == EVP_CIPH_CBC_MODE) {
+            des_t4_key_expand(key, &dat->ks.ks);
+            dat->stream.cbc = enc ? des_t4_cbc_encrypt : des_t4_cbc_decrypt;
+            return 1;
+        }
+    }
+# endif
+    DES_set_key_unchecked(deskey, EVP_CIPHER_CTX_get_cipher_data(ctx));
+    return 1;
+}
+
+static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+{
+
+    switch (type) {
+    case EVP_CTRL_RAND_KEY:
+        if (RAND_priv_bytes(ptr, 8) <= 0)
+            return 0;
+        DES_set_odd_parity((DES_cblock *)ptr);
+        return 1;
+
+    default:
+        return -1;
+    }
+}
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_des3.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_des3.c
new file mode 100644
index 000000000..6b492ce47
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_des3.c
@@ -0,0 +1,424 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#ifndef OPENSSL_NO_DES
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include "internal/evp_int.h"
+# include <openssl/des.h>
+# include <openssl/rand.h>
+# include "evp_locl.h"
+
+typedef struct {
+    union {
+        double align;
+        DES_key_schedule ks[3];
+    } ks;
+    union {
+        void (*cbc) (const void *, void *, size_t,
+                     const DES_key_schedule *, unsigned char *);
+    } stream;
+} DES_EDE_KEY;
+# define ks1 ks.ks[0]
+# define ks2 ks.ks[1]
+# define ks3 ks.ks[2]
+
+# if defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))
+/* ---------^^^ this is not a typo, just a way to detect that
+ * assembler support was in general requested... */
+#  include "sparc_arch.h"
+
+extern unsigned int OPENSSL_sparcv9cap_P[];
+
+#  define SPARC_DES_CAPABLE       (OPENSSL_sparcv9cap_P[1] & CFR_DES)
+
+void des_t4_key_expand(const void *key, DES_key_schedule *ks);
+void des_t4_ede3_cbc_encrypt(const void *inp, void *out, size_t len,
+                             const DES_key_schedule ks[3], unsigned char iv[8]);
+void des_t4_ede3_cbc_decrypt(const void *inp, void *out, size_t len,
+                             const DES_key_schedule ks[3], unsigned char iv[8]);
+# endif
+
+static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                            const unsigned char *iv, int enc);
+
+static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc);
+
+static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
+
+# define data(ctx) EVP_C_DATA(DES_EDE_KEY,ctx)
+
+/*
+ * Because of various casts and different args can't use
+ * IMPLEMENT_BLOCK_CIPHER
+ */
+
+static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, size_t inl)
+{
+    BLOCK_CIPHER_ecb_loop()
+        DES_ecb3_encrypt((const_DES_cblock *)(in + i),
+                         (DES_cblock *)(out + i),
+                         &data(ctx)->ks1, &data(ctx)->ks2,
+                         &data(ctx)->ks3, EVP_CIPHER_CTX_encrypting(ctx));
+    return 1;
+}
+
+static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, size_t inl)
+{
+    while (inl >= EVP_MAXCHUNK) {
+        int num = EVP_CIPHER_CTX_num(ctx);
+        DES_ede3_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK,
+                               &data(ctx)->ks1, &data(ctx)->ks2,
+                               &data(ctx)->ks3,
+                               (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                               &num);
+        EVP_CIPHER_CTX_set_num(ctx, num);
+        inl -= EVP_MAXCHUNK;
+        in += EVP_MAXCHUNK;
+        out += EVP_MAXCHUNK;
+    }
+    if (inl) {
+        int num = EVP_CIPHER_CTX_num(ctx);
+        DES_ede3_ofb64_encrypt(in, out, (long)inl,
+                               &data(ctx)->ks1, &data(ctx)->ks2,
+                               &data(ctx)->ks3,
+                               (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                               &num);
+        EVP_CIPHER_CTX_set_num(ctx, num);
+    }
+    return 1;
+}
+
+static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, size_t inl)
+{
+    DES_EDE_KEY *dat = data(ctx);
+
+    if (dat->stream.cbc != NULL) {
+        (*dat->stream.cbc) (in, out, inl, dat->ks.ks,
+                            EVP_CIPHER_CTX_iv_noconst(ctx));
+        return 1;
+    }
+
+    while (inl >= EVP_MAXCHUNK) {
+        DES_ede3_cbc_encrypt(in, out, (long)EVP_MAXCHUNK,
+                             &dat->ks1, &dat->ks2, &dat->ks3,
+                             (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                             EVP_CIPHER_CTX_encrypting(ctx));
+        inl -= EVP_MAXCHUNK;
+        in += EVP_MAXCHUNK;
+        out += EVP_MAXCHUNK;
+    }
+    if (inl)
+        DES_ede3_cbc_encrypt(in, out, (long)inl,
+                             &dat->ks1, &dat->ks2, &dat->ks3,
+                             (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                             EVP_CIPHER_CTX_encrypting(ctx));
+    return 1;
+}
+
+static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t inl)
+{
+    while (inl >= EVP_MAXCHUNK) {
+        int num = EVP_CIPHER_CTX_num(ctx);
+        DES_ede3_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK,
+                               &data(ctx)->ks1, &data(ctx)->ks2,
+                               &data(ctx)->ks3,
+                               (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                               &num, EVP_CIPHER_CTX_encrypting(ctx));
+        EVP_CIPHER_CTX_set_num(ctx, num);
+        inl -= EVP_MAXCHUNK;
+        in += EVP_MAXCHUNK;
+        out += EVP_MAXCHUNK;
+    }
+    if (inl) {
+        int num = EVP_CIPHER_CTX_num(ctx);
+        DES_ede3_cfb64_encrypt(in, out, (long)inl,
+                               &data(ctx)->ks1, &data(ctx)->ks2,
+                               &data(ctx)->ks3,
+                               (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                               &num, EVP_CIPHER_CTX_encrypting(ctx));
+        EVP_CIPHER_CTX_set_num(ctx, num);
+    }
+    return 1;
+}
+
+/*
+ * Although we have a CFB-r implementation for 3-DES, it doesn't pack the
+ * right way, so wrap it here
+ */
+static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t inl)
+{
+    size_t n;
+    unsigned char c[1], d[1];
+
+    if (!EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
+            inl *= 8;
+    for (n = 0; n < inl; ++n) {
+        c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
+        DES_ede3_cfb_encrypt(c, d, 1, 1,
+                             &data(ctx)->ks1, &data(ctx)->ks2,
+                             &data(ctx)->ks3,
+                             (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                             EVP_CIPHER_CTX_encrypting(ctx));
+        out[n / 8] = (out[n / 8] & ~(0x80 >> (unsigned int)(n % 8)))
+            | ((d[0] & 0x80) >> (unsigned int)(n % 8));
+    }
+
+    return 1;
+}
+
+static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t inl)
+{
+    while (inl >= EVP_MAXCHUNK) {
+        DES_ede3_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK,
+                             &data(ctx)->ks1, &data(ctx)->ks2,
+                             &data(ctx)->ks3,
+                             (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                             EVP_CIPHER_CTX_encrypting(ctx));
+        inl -= EVP_MAXCHUNK;
+        in += EVP_MAXCHUNK;
+        out += EVP_MAXCHUNK;
+    }
+    if (inl)
+        DES_ede3_cfb_encrypt(in, out, 8, (long)inl,
+                             &data(ctx)->ks1, &data(ctx)->ks2,
+                             &data(ctx)->ks3,
+                             (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                             EVP_CIPHER_CTX_encrypting(ctx));
+    return 1;
+}
+
+BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
+                  EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
+                  des_ede_init_key, NULL, NULL, NULL, des3_ctrl)
+# define des_ede3_cfb64_cipher des_ede_cfb64_cipher
+# define des_ede3_ofb_cipher des_ede_ofb_cipher
+# define des_ede3_cbc_cipher des_ede_cbc_cipher
+# define des_ede3_ecb_cipher des_ede_ecb_cipher
+    BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
+                  EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
+                  des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
+
+    BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 1,
+                     EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
+                     des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
+
+    BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 8,
+                     EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
+                     des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
+
+static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                            const unsigned char *iv, int enc)
+{
+    DES_cblock *deskey = (DES_cblock *)key;
+    DES_EDE_KEY *dat = data(ctx);
+
+    dat->stream.cbc = NULL;
+# if defined(SPARC_DES_CAPABLE)
+    if (SPARC_DES_CAPABLE) {
+        int mode = EVP_CIPHER_CTX_mode(ctx);
+
+        if (mode == EVP_CIPH_CBC_MODE) {
+            des_t4_key_expand(&deskey[0], &dat->ks1);
+            des_t4_key_expand(&deskey[1], &dat->ks2);
+            memcpy(&dat->ks3, &dat->ks1, sizeof(dat->ks1));
+            dat->stream.cbc = enc ? des_t4_ede3_cbc_encrypt :
+                des_t4_ede3_cbc_decrypt;
+            return 1;
+        }
+    }
+# endif
+    DES_set_key_unchecked(&deskey[0], &dat->ks1);
+    DES_set_key_unchecked(&deskey[1], &dat->ks2);
+    memcpy(&dat->ks3, &dat->ks1, sizeof(dat->ks1));
+    return 1;
+}
+
+static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc)
+{
+    DES_cblock *deskey = (DES_cblock *)key;
+    DES_EDE_KEY *dat = data(ctx);
+
+    dat->stream.cbc = NULL;
+# if defined(SPARC_DES_CAPABLE)
+    if (SPARC_DES_CAPABLE) {
+        int mode = EVP_CIPHER_CTX_mode(ctx);
+
+        if (mode == EVP_CIPH_CBC_MODE) {
+            des_t4_key_expand(&deskey[0], &dat->ks1);
+            des_t4_key_expand(&deskey[1], &dat->ks2);
+            des_t4_key_expand(&deskey[2], &dat->ks3);
+            dat->stream.cbc = enc ? des_t4_ede3_cbc_encrypt :
+                des_t4_ede3_cbc_decrypt;
+            return 1;
+        }
+    }
+# endif
+    DES_set_key_unchecked(&deskey[0], &dat->ks1);
+    DES_set_key_unchecked(&deskey[1], &dat->ks2);
+    DES_set_key_unchecked(&deskey[2], &dat->ks3);
+    return 1;
+}
+
+static int des3_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
+{
+
+    DES_cblock *deskey = ptr;
+
+    switch (type) {
+    case EVP_CTRL_RAND_KEY:
+        if (RAND_priv_bytes(ptr, EVP_CIPHER_CTX_key_length(ctx)) <= 0)
+            return 0;
+        DES_set_odd_parity(deskey);
+        if (EVP_CIPHER_CTX_key_length(ctx) >= 16)
+            DES_set_odd_parity(deskey + 1);
+        if (EVP_CIPHER_CTX_key_length(ctx) >= 24)
+            DES_set_odd_parity(deskey + 2);
+        return 1;
+
+    default:
+        return -1;
+    }
+}
+
+const EVP_CIPHER *EVP_des_ede(void)
+{
+    return &des_ede_ecb;
+}
+
+const EVP_CIPHER *EVP_des_ede3(void)
+{
+    return &des_ede3_ecb;
+}
+
+
+# include <openssl/sha.h>
+
+static const unsigned char wrap_iv[8] =
+    { 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05 };
+
+static int des_ede3_unwrap(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                           const unsigned char *in, size_t inl)
+{
+    unsigned char icv[8], iv[8], sha1tmp[SHA_DIGEST_LENGTH];
+    int rv = -1;
+    if (inl < 24)
+        return -1;
+    if (out == NULL)
+        return inl - 16;
+    memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), wrap_iv, 8);
+    /* Decrypt first block which will end up as icv */
+    des_ede_cbc_cipher(ctx, icv, in, 8);
+    /* Decrypt central blocks */
+    /*
+     * If decrypting in place move whole output along a block so the next
+     * des_ede_cbc_cipher is in place.
+     */
+    if (out == in) {
+        memmove(out, out + 8, inl - 8);
+        in -= 8;
+    }
+    des_ede_cbc_cipher(ctx, out, in + 8, inl - 16);
+    /* Decrypt final block which will be IV */
+    des_ede_cbc_cipher(ctx, iv, in + inl - 8, 8);
+    /* Reverse order of everything */
+    BUF_reverse(icv, NULL, 8);
+    BUF_reverse(out, NULL, inl - 16);
+    BUF_reverse(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 8);
+    /* Decrypt again using new IV */
+    des_ede_cbc_cipher(ctx, out, out, inl - 16);
+    des_ede_cbc_cipher(ctx, icv, icv, 8);
+    /* Work out SHA1 hash of first portion */
+    SHA1(out, inl - 16, sha1tmp);
+
+    if (!CRYPTO_memcmp(sha1tmp, icv, 8))
+        rv = inl - 16;
+    OPENSSL_cleanse(icv, 8);
+    OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH);
+    OPENSSL_cleanse(iv, 8);
+    OPENSSL_cleanse(EVP_CIPHER_CTX_iv_noconst(ctx), 8);
+    if (rv == -1)
+        OPENSSL_cleanse(out, inl - 16);
+
+    return rv;
+}
+
+static int des_ede3_wrap(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                         const unsigned char *in, size_t inl)
+{
+    unsigned char sha1tmp[SHA_DIGEST_LENGTH];
+    if (out == NULL)
+        return inl + 16;
+    /* Copy input to output buffer + 8 so we have space for IV */
+    memmove(out + 8, in, inl);
+    /* Work out ICV */
+    SHA1(in, inl, sha1tmp);
+    memcpy(out + inl + 8, sha1tmp, 8);
+    OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH);
+    /* Generate random IV */
+    if (RAND_bytes(EVP_CIPHER_CTX_iv_noconst(ctx), 8) <= 0)
+        return -1;
+    memcpy(out, EVP_CIPHER_CTX_iv_noconst(ctx), 8);
+    /* Encrypt everything after IV in place */
+    des_ede_cbc_cipher(ctx, out + 8, out + 8, inl + 8);
+    BUF_reverse(out, NULL, inl + 16);
+    memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), wrap_iv, 8);
+    des_ede_cbc_cipher(ctx, out, out, inl + 16);
+    return inl + 16;
+}
+
+static int des_ede3_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t inl)
+{
+    /*
+     * Sanity check input length: we typically only wrap keys so EVP_MAXCHUNK
+     * is more than will ever be needed. Also input length must be a multiple
+     * of 8 bits.
+     */
+    if (inl >= EVP_MAXCHUNK || inl % 8)
+        return -1;
+
+    if (is_partially_overlapping(out, in, inl)) {
+        EVPerr(EVP_F_DES_EDE3_WRAP_CIPHER, EVP_R_PARTIALLY_OVERLAPPING);
+        return 0;
+    }
+
+    if (EVP_CIPHER_CTX_encrypting(ctx))
+        return des_ede3_wrap(ctx, out, in, inl);
+    else
+        return des_ede3_unwrap(ctx, out, in, inl);
+}
+
+static const EVP_CIPHER des3_wrap = {
+    NID_id_smime_alg_CMS3DESwrap,
+    8, 24, 0,
+    EVP_CIPH_WRAP_MODE | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER
+        | EVP_CIPH_FLAG_DEFAULT_ASN1,
+    des_ede3_init_key, des_ede3_wrap_cipher,
+    NULL,
+    sizeof(DES_EDE_KEY),
+    NULL, NULL, NULL, NULL
+};
+
+const EVP_CIPHER *EVP_des_ede3_wrap(void)
+{
+    return &des3_wrap;
+}
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_idea.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_idea.c
new file mode 100644
index 000000000..93f6a4131
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_idea.c
@@ -0,0 +1,70 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_IDEA
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include "internal/evp_int.h"
+# include <openssl/idea.h>
+
+/* Can't use IMPLEMENT_BLOCK_CIPHER because IDEA_ecb_encrypt is different */
+
+typedef struct {
+    IDEA_KEY_SCHEDULE ks;
+} EVP_IDEA_KEY;
+
+static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                         const unsigned char *iv, int enc);
+
+/*
+ * NB IDEA_ecb_encrypt doesn't take an 'encrypt' argument so we treat it as a
+ * special case
+ */
+
+static int idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                           const unsigned char *in, size_t inl)
+{
+    BLOCK_CIPHER_ecb_loop()
+        IDEA_ecb_encrypt(in + i, out + i, &EVP_C_DATA(EVP_IDEA_KEY,ctx)->ks);
+    return 1;
+}
+
+BLOCK_CIPHER_func_cbc(idea, IDEA, EVP_IDEA_KEY, ks)
+BLOCK_CIPHER_func_ofb(idea, IDEA, 64, EVP_IDEA_KEY, ks)
+BLOCK_CIPHER_func_cfb(idea, IDEA, 64, EVP_IDEA_KEY, ks)
+
+BLOCK_CIPHER_defs(idea, IDEA_KEY_SCHEDULE, NID_idea, 8, 16, 8, 64,
+                  0, idea_init_key, NULL,
+                  EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
+
+static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                         const unsigned char *iv, int enc)
+{
+    if (!enc) {
+        if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE)
+            enc = 1;
+        else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB_MODE)
+            enc = 1;
+    }
+    if (enc)
+        IDEA_set_encrypt_key(key, &EVP_C_DATA(EVP_IDEA_KEY,ctx)->ks);
+    else {
+        IDEA_KEY_SCHEDULE tmp;
+
+        IDEA_set_encrypt_key(key, &tmp);
+        IDEA_set_decrypt_key(&tmp, &EVP_C_DATA(EVP_IDEA_KEY,ctx)->ks);
+        OPENSSL_cleanse((unsigned char *)&tmp, sizeof(IDEA_KEY_SCHEDULE));
+    }
+    return 1;
+}
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_null.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_null.c
new file mode 100644
index 000000000..18a846821
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_null.c
@@ -0,0 +1,50 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include "internal/evp_int.h"
+
+static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                         const unsigned char *iv, int enc);
+static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                       const unsigned char *in, size_t inl);
+static const EVP_CIPHER n_cipher = {
+    NID_undef,
+    1, 0, 0, 0,
+    null_init_key,
+    null_cipher,
+    NULL,
+    0,
+    NULL,
+    NULL,
+    NULL,
+    NULL
+};
+
+const EVP_CIPHER *EVP_enc_null(void)
+{
+    return &n_cipher;
+}
+
+static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                         const unsigned char *iv, int enc)
+{
+    return 1;
+}
+
+static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                       const unsigned char *in, size_t inl)
+{
+    if (in != out)
+        memcpy(out, in, inl);
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_old.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_old.c
new file mode 100644
index 000000000..927908f87
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_old.c
@@ -0,0 +1,113 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#if OPENSSL_API_COMPAT >= 0x00908000L
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <openssl/evp.h>
+
+/*
+ * Define some deprecated functions, so older programs don't crash and burn
+ * too quickly.  On Windows and VMS, these will never be used, since
+ * functions and variables in shared libraries are selected by entry point
+ * location, not by name.
+ */
+
+# ifndef OPENSSL_NO_BF
+#  undef EVP_bf_cfb
+const EVP_CIPHER *EVP_bf_cfb(void);
+const EVP_CIPHER *EVP_bf_cfb(void)
+{
+    return EVP_bf_cfb64();
+}
+# endif
+
+# ifndef OPENSSL_NO_DES
+#  undef EVP_des_cfb
+const EVP_CIPHER *EVP_des_cfb(void);
+const EVP_CIPHER *EVP_des_cfb(void)
+{
+    return EVP_des_cfb64();
+}
+
+#  undef EVP_des_ede3_cfb
+const EVP_CIPHER *EVP_des_ede3_cfb(void);
+const EVP_CIPHER *EVP_des_ede3_cfb(void)
+{
+    return EVP_des_ede3_cfb64();
+}
+
+#  undef EVP_des_ede_cfb
+const EVP_CIPHER *EVP_des_ede_cfb(void);
+const EVP_CIPHER *EVP_des_ede_cfb(void)
+{
+    return EVP_des_ede_cfb64();
+}
+# endif
+
+# ifndef OPENSSL_NO_IDEA
+#  undef EVP_idea_cfb
+const EVP_CIPHER *EVP_idea_cfb(void);
+const EVP_CIPHER *EVP_idea_cfb(void)
+{
+    return EVP_idea_cfb64();
+}
+# endif
+
+# ifndef OPENSSL_NO_RC2
+#  undef EVP_rc2_cfb
+const EVP_CIPHER *EVP_rc2_cfb(void);
+const EVP_CIPHER *EVP_rc2_cfb(void)
+{
+    return EVP_rc2_cfb64();
+}
+# endif
+
+# ifndef OPENSSL_NO_CAST
+#  undef EVP_cast5_cfb
+const EVP_CIPHER *EVP_cast5_cfb(void);
+const EVP_CIPHER *EVP_cast5_cfb(void)
+{
+    return EVP_cast5_cfb64();
+}
+# endif
+
+# ifndef OPENSSL_NO_RC5
+#  undef EVP_rc5_32_12_16_cfb
+const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void);
+const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void)
+{
+    return EVP_rc5_32_12_16_cfb64();
+}
+# endif
+
+# undef EVP_aes_128_cfb
+const EVP_CIPHER *EVP_aes_128_cfb(void);
+const EVP_CIPHER *EVP_aes_128_cfb(void)
+{
+    return EVP_aes_128_cfb128();
+}
+
+# undef EVP_aes_192_cfb
+const EVP_CIPHER *EVP_aes_192_cfb(void);
+const EVP_CIPHER *EVP_aes_192_cfb(void)
+{
+    return EVP_aes_192_cfb128();
+}
+
+# undef EVP_aes_256_cfb
+const EVP_CIPHER *EVP_aes_256_cfb(void);
+const EVP_CIPHER *EVP_aes_256_cfb(void)
+{
+    return EVP_aes_256_cfb128();
+}
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_rc2.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_rc2.c
new file mode 100644
index 000000000..aa0d14018
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_rc2.c
@@ -0,0 +1,191 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_RC2
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include "internal/evp_int.h"
+# include <openssl/rc2.h>
+
+static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                        const unsigned char *iv, int enc);
+static int rc2_meth_to_magic(EVP_CIPHER_CTX *ctx);
+static int rc2_magic_to_meth(int i);
+static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
+
+typedef struct {
+    int key_bits;               /* effective key bits */
+    RC2_KEY ks;                 /* key schedule */
+} EVP_RC2_KEY;
+
+# define data(ctx)       EVP_C_DATA(EVP_RC2_KEY,ctx)
+
+IMPLEMENT_BLOCK_CIPHER(rc2, ks, RC2, EVP_RC2_KEY, NID_rc2,
+                       8,
+                       RC2_KEY_LENGTH, 8, 64,
+                       EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
+                       rc2_init_key, NULL,
+                       rc2_set_asn1_type_and_iv, rc2_get_asn1_type_and_iv,
+                       rc2_ctrl)
+# define RC2_40_MAGIC    0xa0
+# define RC2_64_MAGIC    0x78
+# define RC2_128_MAGIC   0x3a
+static const EVP_CIPHER r2_64_cbc_cipher = {
+    NID_rc2_64_cbc,
+    8, 8 /* 64 bit */ , 8,
+    EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
+    rc2_init_key,
+    rc2_cbc_cipher,
+    NULL,
+    sizeof(EVP_RC2_KEY),
+    rc2_set_asn1_type_and_iv,
+    rc2_get_asn1_type_and_iv,
+    rc2_ctrl,
+    NULL
+};
+
+static const EVP_CIPHER r2_40_cbc_cipher = {
+    NID_rc2_40_cbc,
+    8, 5 /* 40 bit */ , 8,
+    EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
+    rc2_init_key,
+    rc2_cbc_cipher,
+    NULL,
+    sizeof(EVP_RC2_KEY),
+    rc2_set_asn1_type_and_iv,
+    rc2_get_asn1_type_and_iv,
+    rc2_ctrl,
+    NULL
+};
+
+const EVP_CIPHER *EVP_rc2_64_cbc(void)
+{
+    return &r2_64_cbc_cipher;
+}
+
+const EVP_CIPHER *EVP_rc2_40_cbc(void)
+{
+    return &r2_40_cbc_cipher;
+}
+
+static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                        const unsigned char *iv, int enc)
+{
+    RC2_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx),
+                key, data(ctx)->key_bits);
+    return 1;
+}
+
+static int rc2_meth_to_magic(EVP_CIPHER_CTX *e)
+{
+    int i;
+
+    if (EVP_CIPHER_CTX_ctrl(e, EVP_CTRL_GET_RC2_KEY_BITS, 0, &i) <= 0)
+        return 0;
+    if (i == 128)
+        return RC2_128_MAGIC;
+    else if (i == 64)
+        return RC2_64_MAGIC;
+    else if (i == 40)
+        return RC2_40_MAGIC;
+    else
+        return 0;
+}
+
+static int rc2_magic_to_meth(int i)
+{
+    if (i == RC2_128_MAGIC)
+        return 128;
+    else if (i == RC2_64_MAGIC)
+        return 64;
+    else if (i == RC2_40_MAGIC)
+        return 40;
+    else {
+        EVPerr(EVP_F_RC2_MAGIC_TO_METH, EVP_R_UNSUPPORTED_KEY_SIZE);
+        return 0;
+    }
+}
+
+static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
+{
+    long num = 0;
+    int i = 0;
+    int key_bits;
+    unsigned int l;
+    unsigned char iv[EVP_MAX_IV_LENGTH];
+
+    if (type != NULL) {
+        l = EVP_CIPHER_CTX_iv_length(c);
+        OPENSSL_assert(l <= sizeof(iv));
+        i = ASN1_TYPE_get_int_octetstring(type, &num, iv, l);
+        if (i != (int)l)
+            return -1;
+        key_bits = rc2_magic_to_meth((int)num);
+        if (!key_bits)
+            return -1;
+        if (i > 0 && !EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1))
+            return -1;
+        if (EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits,
+                                NULL) <= 0
+                || EVP_CIPHER_CTX_set_key_length(c, key_bits / 8) <= 0)
+            return -1;
+    }
+    return i;
+}
+
+static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
+{
+    long num;
+    int i = 0, j;
+
+    if (type != NULL) {
+        num = rc2_meth_to_magic(c);
+        j = EVP_CIPHER_CTX_iv_length(c);
+        i = ASN1_TYPE_set_int_octetstring(type, num,
+                                          (unsigned char *)EVP_CIPHER_CTX_original_iv(c),
+                                          j);
+    }
+    return i;
+}
+
+static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+{
+    switch (type) {
+    case EVP_CTRL_INIT:
+        data(c)->key_bits = EVP_CIPHER_CTX_key_length(c) * 8;
+        return 1;
+
+    case EVP_CTRL_GET_RC2_KEY_BITS:
+        *(int *)ptr = data(c)->key_bits;
+        return 1;
+
+    case EVP_CTRL_SET_RC2_KEY_BITS:
+        if (arg > 0) {
+            data(c)->key_bits = arg;
+            return 1;
+        }
+        return 0;
+# ifdef PBE_PRF_TEST
+    case EVP_CTRL_PBE_PRF_NID:
+        *(int *)ptr = NID_hmacWithMD5;
+        return 1;
+# endif
+
+    default:
+        return -1;
+    }
+}
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_rc4.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_rc4.c
new file mode 100644
index 000000000..d16abdd0d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_rc4.c
@@ -0,0 +1,82 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_RC4
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include <openssl/rc4.h>
+
+# include "internal/evp_int.h"
+
+typedef struct {
+    RC4_KEY ks;                 /* working key */
+} EVP_RC4_KEY;
+
+# define data(ctx) ((EVP_RC4_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx))
+
+static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                        const unsigned char *iv, int enc);
+static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                      const unsigned char *in, size_t inl);
+static const EVP_CIPHER r4_cipher = {
+    NID_rc4,
+    1, EVP_RC4_KEY_SIZE, 0,
+    EVP_CIPH_VARIABLE_LENGTH,
+    rc4_init_key,
+    rc4_cipher,
+    NULL,
+    sizeof(EVP_RC4_KEY),
+    NULL,
+    NULL,
+    NULL,
+    NULL
+};
+
+static const EVP_CIPHER r4_40_cipher = {
+    NID_rc4_40,
+    1, 5 /* 40 bit */ , 0,
+    EVP_CIPH_VARIABLE_LENGTH,
+    rc4_init_key,
+    rc4_cipher,
+    NULL,
+    sizeof(EVP_RC4_KEY),
+    NULL,
+    NULL,
+    NULL,
+    NULL
+};
+
+const EVP_CIPHER *EVP_rc4(void)
+{
+    return &r4_cipher;
+}
+
+const EVP_CIPHER *EVP_rc4_40(void)
+{
+    return &r4_40_cipher;
+}
+
+static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                        const unsigned char *iv, int enc)
+{
+    RC4_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), key);
+    return 1;
+}
+
+static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                      const unsigned char *in, size_t inl)
+{
+    RC4(&data(ctx)->ks, inl, in, out);
+    return 1;
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_rc4_hmac_md5.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_rc4_hmac_md5.c
new file mode 100644
index 000000000..b1e8ccd6d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_rc4_hmac_md5.c
@@ -0,0 +1,262 @@
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+
+#include <stdio.h>
+#include <string.h>
+
+#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_MD5)
+
+# include <openssl/crypto.h>
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include <openssl/rc4.h>
+# include <openssl/md5.h>
+# include "internal/evp_int.h"
+
+typedef struct {
+    RC4_KEY ks;
+    MD5_CTX head, tail, md;
+    size_t payload_length;
+} EVP_RC4_HMAC_MD5;
+
+# define NO_PAYLOAD_LENGTH       ((size_t)-1)
+
+void rc4_md5_enc(RC4_KEY *key, const void *in0, void *out,
+                 MD5_CTX *ctx, const void *inp, size_t blocks);
+
+# define data(ctx) ((EVP_RC4_HMAC_MD5 *)EVP_CIPHER_CTX_get_cipher_data(ctx))
+
+static int rc4_hmac_md5_init_key(EVP_CIPHER_CTX *ctx,
+                                 const unsigned char *inkey,
+                                 const unsigned char *iv, int enc)
+{
+    EVP_RC4_HMAC_MD5 *key = data(ctx);
+
+    RC4_set_key(&key->ks, EVP_CIPHER_CTX_key_length(ctx), inkey);
+
+    MD5_Init(&key->head);       /* handy when benchmarking */
+    key->tail = key->head;
+    key->md = key->head;
+
+    key->payload_length = NO_PAYLOAD_LENGTH;
+
+    return 1;
+}
+
+# if     defined(RC4_ASM) && defined(MD5_ASM) &&     (	   \
+        defined(__x86_64)       || defined(__x86_64__)  || \
+        defined(_M_AMD64)       || defined(_M_X64)      )
+#  define STITCHED_CALL
+# endif
+
+# if !defined(STITCHED_CALL)
+#  define rc4_off 0
+#  define md5_off 0
+# endif
+
+static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                               const unsigned char *in, size_t len)
+{
+    EVP_RC4_HMAC_MD5 *key = data(ctx);
+# if defined(STITCHED_CALL)
+    size_t rc4_off = 32 - 1 - (key->ks.x & (32 - 1)), /* 32 is $MOD from
+                                                       * rc4_md5-x86_64.pl */
+        md5_off = MD5_CBLOCK - key->md.num, blocks;
+    unsigned int l;
+    extern unsigned int OPENSSL_ia32cap_P[];
+# endif
+    size_t plen = key->payload_length;
+
+    if (plen != NO_PAYLOAD_LENGTH && len != (plen + MD5_DIGEST_LENGTH))
+        return 0;
+
+    if (EVP_CIPHER_CTX_encrypting(ctx)) {
+        if (plen == NO_PAYLOAD_LENGTH)
+            plen = len;
+# if defined(STITCHED_CALL)
+        /* cipher has to "fall behind" */
+        if (rc4_off > md5_off)
+            md5_off += MD5_CBLOCK;
+
+        if (plen > md5_off && (blocks = (plen - md5_off) / MD5_CBLOCK) &&
+            (OPENSSL_ia32cap_P[0] & (1 << 20)) == 0) {
+            MD5_Update(&key->md, in, md5_off);
+            RC4(&key->ks, rc4_off, in, out);
+
+            rc4_md5_enc(&key->ks, in + rc4_off, out + rc4_off,
+                        &key->md, in + md5_off, blocks);
+            blocks *= MD5_CBLOCK;
+            rc4_off += blocks;
+            md5_off += blocks;
+            key->md.Nh += blocks >> 29;
+            key->md.Nl += blocks <<= 3;
+            if (key->md.Nl < (unsigned int)blocks)
+                key->md.Nh++;
+        } else {
+            rc4_off = 0;
+            md5_off = 0;
+        }
+# endif
+        MD5_Update(&key->md, in + md5_off, plen - md5_off);
+
+        if (plen != len) {      /* "TLS" mode of operation */
+            if (in != out)
+                memcpy(out + rc4_off, in + rc4_off, plen - rc4_off);
+
+            /* calculate HMAC and append it to payload */
+            MD5_Final(out + plen, &key->md);
+            key->md = key->tail;
+            MD5_Update(&key->md, out + plen, MD5_DIGEST_LENGTH);
+            MD5_Final(out + plen, &key->md);
+            /* encrypt HMAC at once */
+            RC4(&key->ks, len - rc4_off, out + rc4_off, out + rc4_off);
+        } else {
+            RC4(&key->ks, len - rc4_off, in + rc4_off, out + rc4_off);
+        }
+    } else {
+        unsigned char mac[MD5_DIGEST_LENGTH];
+# if defined(STITCHED_CALL)
+        /* digest has to "fall behind" */
+        if (md5_off > rc4_off)
+            rc4_off += 2 * MD5_CBLOCK;
+        else
+            rc4_off += MD5_CBLOCK;
+
+        if (len > rc4_off && (blocks = (len - rc4_off) / MD5_CBLOCK) &&
+            (OPENSSL_ia32cap_P[0] & (1 << 20)) == 0) {
+            RC4(&key->ks, rc4_off, in, out);
+            MD5_Update(&key->md, out, md5_off);
+
+            rc4_md5_enc(&key->ks, in + rc4_off, out + rc4_off,
+                        &key->md, out + md5_off, blocks);
+            blocks *= MD5_CBLOCK;
+            rc4_off += blocks;
+            md5_off += blocks;
+            l = (key->md.Nl + (blocks << 3)) & 0xffffffffU;
+            if (l < key->md.Nl)
+                key->md.Nh++;
+            key->md.Nl = l;
+            key->md.Nh += blocks >> 29;
+        } else {
+            md5_off = 0;
+            rc4_off = 0;
+        }
+# endif
+        /* decrypt HMAC at once */
+        RC4(&key->ks, len - rc4_off, in + rc4_off, out + rc4_off);
+        if (plen != NO_PAYLOAD_LENGTH) { /* "TLS" mode of operation */
+            MD5_Update(&key->md, out + md5_off, plen - md5_off);
+
+            /* calculate HMAC and verify it */
+            MD5_Final(mac, &key->md);
+            key->md = key->tail;
+            MD5_Update(&key->md, mac, MD5_DIGEST_LENGTH);
+            MD5_Final(mac, &key->md);
+
+            if (CRYPTO_memcmp(out + plen, mac, MD5_DIGEST_LENGTH))
+                return 0;
+        } else {
+            MD5_Update(&key->md, out + md5_off, len - md5_off);
+        }
+    }
+
+    key->payload_length = NO_PAYLOAD_LENGTH;
+
+    return 1;
+}
+
+static int rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+                             void *ptr)
+{
+    EVP_RC4_HMAC_MD5 *key = data(ctx);
+
+    switch (type) {
+    case EVP_CTRL_AEAD_SET_MAC_KEY:
+        {
+            unsigned int i;
+            unsigned char hmac_key[64];
+
+            memset(hmac_key, 0, sizeof(hmac_key));
+
+            if (arg > (int)sizeof(hmac_key)) {
+                MD5_Init(&key->head);
+                MD5_Update(&key->head, ptr, arg);
+                MD5_Final(hmac_key, &key->head);
+            } else {
+                memcpy(hmac_key, ptr, arg);
+            }
+
+            for (i = 0; i < sizeof(hmac_key); i++)
+                hmac_key[i] ^= 0x36; /* ipad */
+            MD5_Init(&key->head);
+            MD5_Update(&key->head, hmac_key, sizeof(hmac_key));
+
+            for (i = 0; i < sizeof(hmac_key); i++)
+                hmac_key[i] ^= 0x36 ^ 0x5c; /* opad */
+            MD5_Init(&key->tail);
+            MD5_Update(&key->tail, hmac_key, sizeof(hmac_key));
+
+            OPENSSL_cleanse(hmac_key, sizeof(hmac_key));
+
+            return 1;
+        }
+    case EVP_CTRL_AEAD_TLS1_AAD:
+        {
+            unsigned char *p = ptr;
+            unsigned int len;
+
+            if (arg != EVP_AEAD_TLS1_AAD_LEN)
+                return -1;
+
+            len = p[arg - 2] << 8 | p[arg - 1];
+
+            if (!EVP_CIPHER_CTX_encrypting(ctx)) {
+                if (len < MD5_DIGEST_LENGTH)
+                    return -1;
+                len -= MD5_DIGEST_LENGTH;
+                p[arg - 2] = len >> 8;
+                p[arg - 1] = len;
+            }
+            key->payload_length = len;
+            key->md = key->head;
+            MD5_Update(&key->md, p, arg);
+
+            return MD5_DIGEST_LENGTH;
+        }
+    default:
+        return -1;
+    }
+}
+
+static EVP_CIPHER r4_hmac_md5_cipher = {
+# ifdef NID_rc4_hmac_md5
+    NID_rc4_hmac_md5,
+# else
+    NID_undef,
+# endif
+    1, EVP_RC4_KEY_SIZE, 0,
+    EVP_CIPH_STREAM_CIPHER | EVP_CIPH_VARIABLE_LENGTH |
+        EVP_CIPH_FLAG_AEAD_CIPHER,
+    rc4_hmac_md5_init_key,
+    rc4_hmac_md5_cipher,
+    NULL,
+    sizeof(EVP_RC4_HMAC_MD5),
+    NULL,
+    NULL,
+    rc4_hmac_md5_ctrl,
+    NULL
+};
+
+const EVP_CIPHER *EVP_rc4_hmac_md5(void)
+{
+    return &r4_hmac_md5_cipher;
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_rc5.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_rc5.c
new file mode 100644
index 000000000..a2f26d8c5
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_rc5.c
@@ -0,0 +1,74 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_RC5
+
+# include <openssl/evp.h>
+# include "internal/evp_int.h"
+# include <openssl/objects.h>
+# include "evp_locl.h"
+# include <openssl/rc5.h>
+
+static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                               const unsigned char *iv, int enc);
+static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
+
+typedef struct {
+    int rounds;                 /* number of rounds */
+    RC5_32_KEY ks;              /* key schedule */
+} EVP_RC5_KEY;
+
+# define data(ctx)       EVP_C_DATA(EVP_RC5_KEY,ctx)
+
+IMPLEMENT_BLOCK_CIPHER(rc5_32_12_16, ks, RC5_32, EVP_RC5_KEY, NID_rc5,
+                       8, RC5_32_KEY_LENGTH, 8, 64,
+                       EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
+                       r_32_12_16_init_key, NULL, NULL, NULL, rc5_ctrl)
+
+static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+{
+    switch (type) {
+    case EVP_CTRL_INIT:
+        data(c)->rounds = RC5_12_ROUNDS;
+        return 1;
+
+    case EVP_CTRL_GET_RC5_ROUNDS:
+        *(int *)ptr = data(c)->rounds;
+        return 1;
+
+    case EVP_CTRL_SET_RC5_ROUNDS:
+        switch (arg) {
+        case RC5_8_ROUNDS:
+        case RC5_12_ROUNDS:
+        case RC5_16_ROUNDS:
+            data(c)->rounds = arg;
+            return 1;
+
+        default:
+            EVPerr(EVP_F_RC5_CTRL, EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS);
+            return 0;
+        }
+
+    default:
+        return -1;
+    }
+}
+
+static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                               const unsigned char *iv, int enc)
+{
+    RC5_32_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx),
+                   key, data(ctx)->rounds);
+    return 1;
+}
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_seed.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_seed.c
new file mode 100644
index 000000000..40aec5fc6
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_seed.c
@@ -0,0 +1,39 @@
+/*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_SEED
+NON_EMPTY_TRANSLATION_UNIT
+#else
+# include <openssl/evp.h>
+# include <openssl/err.h>
+# include <string.h>
+# include <assert.h>
+# include <openssl/seed.h>
+# include "internal/evp_int.h"
+
+static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                         const unsigned char *iv, int enc);
+
+typedef struct {
+    SEED_KEY_SCHEDULE ks;
+} EVP_SEED_KEY;
+
+IMPLEMENT_BLOCK_CIPHER(seed, ks, SEED, EVP_SEED_KEY, NID_seed,
+                       16, 16, 16, 128, EVP_CIPH_FLAG_DEFAULT_ASN1,
+                       seed_init_key, 0, 0, 0, 0)
+
+static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                         const unsigned char *iv, int enc)
+{
+    SEED_set_key(key, &EVP_C_DATA(EVP_SEED_KEY,ctx)->ks);
+    return 1;
+}
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_sm4.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_sm4.c
new file mode 100644
index 000000000..79deb6563
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_sm4.c
@@ -0,0 +1,100 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ * Ported from Ribose contributions from Botan.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#ifndef OPENSSL_NO_SM4
+# include <openssl/evp.h>
+# include <openssl/modes.h>
+# include "internal/sm4.h"
+# include "internal/evp_int.h"
+
+typedef struct {
+    SM4_KEY ks;
+} EVP_SM4_KEY;
+
+static int sm4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                        const unsigned char *iv, int enc)
+{
+    SM4_set_key(key, EVP_CIPHER_CTX_get_cipher_data(ctx));
+    return 1;
+}
+
+static void sm4_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                            size_t len, const SM4_KEY *key,
+                            unsigned char *ivec, const int enc)
+{
+    if (enc)
+        CRYPTO_cbc128_encrypt(in, out, len, key, ivec,
+                              (block128_f)SM4_encrypt);
+    else
+        CRYPTO_cbc128_decrypt(in, out, len, key, ivec,
+                              (block128_f)SM4_decrypt);
+}
+
+static void sm4_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+                               size_t length, const SM4_KEY *key,
+                               unsigned char *ivec, int *num, const int enc)
+{
+    CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc,
+                          (block128_f)SM4_encrypt);
+}
+
+static void sm4_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                            const SM4_KEY *key, const int enc)
+{
+    if (enc)
+        SM4_encrypt(in, out, key);
+    else
+        SM4_decrypt(in, out, key);
+}
+
+static void sm4_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+                               size_t length, const SM4_KEY *key,
+                               unsigned char *ivec, int *num)
+{
+    CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num,
+                          (block128_f)SM4_encrypt);
+}
+
+IMPLEMENT_BLOCK_CIPHER(sm4, ks, sm4, EVP_SM4_KEY, NID_sm4,
+                       16, 16, 16, 128, EVP_CIPH_FLAG_DEFAULT_ASN1,
+                       sm4_init_key, 0, 0, 0, 0)
+
+static int sm4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, size_t len)
+{
+    unsigned int num = EVP_CIPHER_CTX_num(ctx);
+    EVP_SM4_KEY *dat = EVP_C_DATA(EVP_SM4_KEY, ctx);
+
+    CRYPTO_ctr128_encrypt(in, out, len, &dat->ks,
+                          EVP_CIPHER_CTX_iv_noconst(ctx),
+                          EVP_CIPHER_CTX_buf_noconst(ctx), &num,
+                          (block128_f)SM4_encrypt);
+    EVP_CIPHER_CTX_set_num(ctx, num);
+    return 1;
+}
+
+static const EVP_CIPHER sm4_ctr_mode = {
+    NID_sm4_ctr, 1, 16, 16,
+    EVP_CIPH_CTR_MODE,
+    sm4_init_key,
+    sm4_ctr_cipher,
+    NULL,
+    sizeof(EVP_SM4_KEY),
+    NULL, NULL, NULL, NULL
+};
+
+const EVP_CIPHER *EVP_sm4_ctr(void)
+{
+    return &sm4_ctr_mode;
+}
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_xcbc_d.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_xcbc_d.c
new file mode 100644
index 000000000..57ce813da
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_xcbc_d.c
@@ -0,0 +1,83 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_DES
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include "internal/evp_int.h"
+# include <openssl/des.h>
+
+static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc);
+static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                           const unsigned char *in, size_t inl);
+
+typedef struct {
+    DES_key_schedule ks;        /* key schedule */
+    DES_cblock inw;
+    DES_cblock outw;
+} DESX_CBC_KEY;
+
+# define data(ctx) EVP_C_DATA(DESX_CBC_KEY,ctx)
+
+static const EVP_CIPHER d_xcbc_cipher = {
+    NID_desx_cbc,
+    8, 24, 8,
+    EVP_CIPH_CBC_MODE,
+    desx_cbc_init_key,
+    desx_cbc_cipher,
+    NULL,
+    sizeof(DESX_CBC_KEY),
+    EVP_CIPHER_set_asn1_iv,
+    EVP_CIPHER_get_asn1_iv,
+    NULL,
+    NULL
+};
+
+const EVP_CIPHER *EVP_desx_cbc(void)
+{
+    return &d_xcbc_cipher;
+}
+
+static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc)
+{
+    DES_cblock *deskey = (DES_cblock *)key;
+
+    DES_set_key_unchecked(deskey, &data(ctx)->ks);
+    memcpy(&data(ctx)->inw[0], &key[8], 8);
+    memcpy(&data(ctx)->outw[0], &key[16], 8);
+
+    return 1;
+}
+
+static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                           const unsigned char *in, size_t inl)
+{
+    while (inl >= EVP_MAXCHUNK) {
+        DES_xcbc_encrypt(in, out, (long)EVP_MAXCHUNK, &data(ctx)->ks,
+                         (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                         &data(ctx)->inw, &data(ctx)->outw,
+                         EVP_CIPHER_CTX_encrypting(ctx));
+        inl -= EVP_MAXCHUNK;
+        in += EVP_MAXCHUNK;
+        out += EVP_MAXCHUNK;
+    }
+    if (inl)
+        DES_xcbc_encrypt(in, out, (long)inl, &data(ctx)->ks,
+                         (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                         &data(ctx)->inw, &data(ctx)->outw,
+                         EVP_CIPHER_CTX_encrypting(ctx));
+    return 1;
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/encode.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/encode.c
new file mode 100644
index 000000000..da32d4fd1
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/encode.c
@@ -0,0 +1,478 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <limits.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include "evp_locl.h"
+#include "internal/evp_int.h"
+
+static unsigned char conv_ascii2bin(unsigned char a,
+                                    const unsigned char *table);
+static int evp_encodeblock_int(EVP_ENCODE_CTX *ctx, unsigned char *t,
+                               const unsigned char *f, int dlen);
+static int evp_decodeblock_int(EVP_ENCODE_CTX *ctx, unsigned char *t,
+                               const unsigned char *f, int n);
+
+#ifndef CHARSET_EBCDIC
+# define conv_bin2ascii(a, table)       ((table)[(a)&0x3f])
+#else
+/*
+ * We assume that PEM encoded files are EBCDIC files (i.e., printable text
+ * files). Convert them here while decoding. When encoding, output is EBCDIC
+ * (text) format again. (No need for conversion in the conv_bin2ascii macro,
+ * as the underlying textstring data_bin2ascii[] is already EBCDIC)
+ */
+# define conv_bin2ascii(a, table)       ((table)[(a)&0x3f])
+#endif
+
+/*-
+ * 64 char lines
+ * pad input with 0
+ * left over chars are set to =
+ * 1 byte  => xx==
+ * 2 bytes => xxx=
+ * 3 bytes => xxxx
+ */
+#define BIN_PER_LINE    (64/4*3)
+#define CHUNKS_PER_LINE (64/4)
+#define CHAR_PER_LINE   (64+1)
+
+static const unsigned char data_bin2ascii[65] =
+    "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+
+/* SRP uses a different base64 alphabet */
+static const unsigned char srpdata_bin2ascii[65] =
+    "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./";
+
+
+/*-
+ * 0xF0 is a EOLN
+ * 0xF1 is ignore but next needs to be 0xF0 (for \r\n processing).
+ * 0xF2 is EOF
+ * 0xE0 is ignore at start of line.
+ * 0xFF is error
+ */
+
+#define B64_EOLN                0xF0
+#define B64_CR                  0xF1
+#define B64_EOF                 0xF2
+#define B64_WS                  0xE0
+#define B64_ERROR               0xFF
+#define B64_NOT_BASE64(a)       (((a)|0x13) == 0xF3)
+#define B64_BASE64(a)           (!B64_NOT_BASE64(a))
+
+static const unsigned char data_ascii2bin[128] = {
+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xFF, 0xE0, 0xF0, 0xFF, 0xFF, 0xF1, 0xFF, 0xFF,
+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xE0, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xFF, 0xFF, 0xFF, 0x3E, 0xFF, 0xF2, 0xFF, 0x3F,
+    0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B,
+    0x3C, 0x3D, 0xFF, 0xFF, 0xFF, 0x00, 0xFF, 0xFF,
+    0xFF, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
+    0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E,
+    0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16,
+    0x17, 0x18, 0x19, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xFF, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20,
+    0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28,
+    0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30,
+    0x31, 0x32, 0x33, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+};
+
+static const unsigned char srpdata_ascii2bin[128] = {
+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xFF, 0xE0, 0xF0, 0xFF, 0xFF, 0xF1, 0xFF, 0xFF,
+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xE0, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xF2, 0x3E, 0x3F,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x08, 0x09, 0xFF, 0xFF, 0xFF, 0x00, 0xFF, 0xFF,
+    0xFF, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10,
+    0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
+    0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20,
+    0x21, 0x22, 0x23, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xFF, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A,
+    0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32,
+    0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A,
+    0x3B, 0x3C, 0x3D, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+};
+
+#ifndef CHARSET_EBCDIC
+static unsigned char conv_ascii2bin(unsigned char a, const unsigned char *table)
+{
+    if (a & 0x80)
+        return B64_ERROR;
+    return table[a];
+}
+#else
+static unsigned char conv_ascii2bin(unsigned char a, const unsigned char *table)
+{
+    a = os_toascii[a];
+    if (a & 0x80)
+        return B64_ERROR;
+    return table[a];
+}
+#endif
+
+EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void)
+{
+    return OPENSSL_zalloc(sizeof(EVP_ENCODE_CTX));
+}
+
+void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx)
+{
+    OPENSSL_free(ctx);
+}
+
+int EVP_ENCODE_CTX_copy(EVP_ENCODE_CTX *dctx, EVP_ENCODE_CTX *sctx)
+{
+    memcpy(dctx, sctx, sizeof(EVP_ENCODE_CTX));
+
+    return 1;
+}
+
+int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx)
+{
+    return ctx->num;
+}
+
+void evp_encode_ctx_set_flags(EVP_ENCODE_CTX *ctx, unsigned int flags)
+{
+    ctx->flags = flags;
+}
+
+void EVP_EncodeInit(EVP_ENCODE_CTX *ctx)
+{
+    ctx->length = 48;
+    ctx->num = 0;
+    ctx->line_num = 0;
+    ctx->flags = 0;
+}
+
+int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
+                      const unsigned char *in, int inl)
+{
+    int i, j;
+    size_t total = 0;
+
+    *outl = 0;
+    if (inl <= 0)
+        return 0;
+    OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data));
+    if (ctx->length - ctx->num > inl) {
+        memcpy(&(ctx->enc_data[ctx->num]), in, inl);
+        ctx->num += inl;
+        return 1;
+    }
+    if (ctx->num != 0) {
+        i = ctx->length - ctx->num;
+        memcpy(&(ctx->enc_data[ctx->num]), in, i);
+        in += i;
+        inl -= i;
+        j = evp_encodeblock_int(ctx, out, ctx->enc_data, ctx->length);
+        ctx->num = 0;
+        out += j;
+        total = j;
+        if ((ctx->flags & EVP_ENCODE_CTX_NO_NEWLINES) == 0) {
+            *(out++) = '\n';
+            total++;
+        }
+        *out = '\0';
+    }
+    while (inl >= ctx->length && total <= INT_MAX) {
+        j = evp_encodeblock_int(ctx, out, in, ctx->length);
+        in += ctx->length;
+        inl -= ctx->length;
+        out += j;
+        total += j;
+        if ((ctx->flags & EVP_ENCODE_CTX_NO_NEWLINES) == 0) {
+            *(out++) = '\n';
+            total++;
+        }
+        *out = '\0';
+    }
+    if (total > INT_MAX) {
+        /* Too much output data! */
+        *outl = 0;
+        return 0;
+    }
+    if (inl != 0)
+        memcpy(&(ctx->enc_data[0]), in, inl);
+    ctx->num = inl;
+    *outl = total;
+
+    return 1;
+}
+
+void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl)
+{
+    unsigned int ret = 0;
+
+    if (ctx->num != 0) {
+        ret = evp_encodeblock_int(ctx, out, ctx->enc_data, ctx->num);
+        if ((ctx->flags & EVP_ENCODE_CTX_NO_NEWLINES) == 0)
+            out[ret++] = '\n';
+        out[ret] = '\0';
+        ctx->num = 0;
+    }
+    *outl = ret;
+}
+
+static int evp_encodeblock_int(EVP_ENCODE_CTX *ctx, unsigned char *t,
+                               const unsigned char *f, int dlen)
+{
+    int i, ret = 0;
+    unsigned long l;
+    const unsigned char *table;
+
+    if (ctx != NULL && (ctx->flags & EVP_ENCODE_CTX_USE_SRP_ALPHABET) != 0)
+        table = srpdata_bin2ascii;
+    else
+        table = data_bin2ascii;
+
+    for (i = dlen; i > 0; i -= 3) {
+        if (i >= 3) {
+            l = (((unsigned long)f[0]) << 16L) |
+                (((unsigned long)f[1]) << 8L) | f[2];
+            *(t++) = conv_bin2ascii(l >> 18L, table);
+            *(t++) = conv_bin2ascii(l >> 12L, table);
+            *(t++) = conv_bin2ascii(l >> 6L, table);
+            *(t++) = conv_bin2ascii(l, table);
+        } else {
+            l = ((unsigned long)f[0]) << 16L;
+            if (i == 2)
+                l |= ((unsigned long)f[1] << 8L);
+
+            *(t++) = conv_bin2ascii(l >> 18L, table);
+            *(t++) = conv_bin2ascii(l >> 12L, table);
+            *(t++) = (i == 1) ? '=' : conv_bin2ascii(l >> 6L, table);
+            *(t++) = '=';
+        }
+        ret += 4;
+        f += 3;
+    }
+
+    *t = '\0';
+    return ret;
+}
+
+int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int dlen)
+{
+    return evp_encodeblock_int(NULL, t, f, dlen);
+}
+
+void EVP_DecodeInit(EVP_ENCODE_CTX *ctx)
+{
+    /* Only ctx->num and ctx->flags are used during decoding. */
+    ctx->num = 0;
+    ctx->length = 0;
+    ctx->line_num = 0;
+    ctx->flags = 0;
+}
+
+/*-
+ * -1 for error
+ *  0 for last line
+ *  1 for full line
+ *
+ * Note: even though EVP_DecodeUpdate attempts to detect and report end of
+ * content, the context doesn't currently remember it and will accept more data
+ * in the next call. Therefore, the caller is responsible for checking and
+ * rejecting a 0 return value in the middle of content.
+ *
+ * Note: even though EVP_DecodeUpdate has historically tried to detect end of
+ * content based on line length, this has never worked properly. Therefore,
+ * we now return 0 when one of the following is true:
+ *   - Padding or B64_EOF was detected and the last block is complete.
+ *   - Input has zero-length.
+ * -1 is returned if:
+ *   - Invalid characters are detected.
+ *   - There is extra trailing padding, or data after padding.
+ *   - B64_EOF is detected after an incomplete base64 block.
+ */
+int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
+                     const unsigned char *in, int inl)
+{
+    int seof = 0, eof = 0, rv = -1, ret = 0, i, v, tmp, n, decoded_len;
+    unsigned char *d;
+    const unsigned char *table;
+
+    n = ctx->num;
+    d = ctx->enc_data;
+
+    if (n > 0 && d[n - 1] == '=') {
+        eof++;
+        if (n > 1 && d[n - 2] == '=')
+            eof++;
+    }
+
+     /* Legacy behaviour: an empty input chunk signals end of input. */
+    if (inl == 0) {
+        rv = 0;
+        goto end;
+    }
+
+    if ((ctx->flags & EVP_ENCODE_CTX_USE_SRP_ALPHABET) != 0)
+        table = srpdata_ascii2bin;
+    else
+        table = data_ascii2bin;
+
+    for (i = 0; i < inl; i++) {
+        tmp = *(in++);
+        v = conv_ascii2bin(tmp, table);
+        if (v == B64_ERROR) {
+            rv = -1;
+            goto end;
+        }
+
+        if (tmp == '=') {
+            eof++;
+        } else if (eof > 0 && B64_BASE64(v)) {
+            /* More data after padding. */
+            rv = -1;
+            goto end;
+        }
+
+        if (eof > 2) {
+            rv = -1;
+            goto end;
+        }
+
+        if (v == B64_EOF) {
+            seof = 1;
+            goto tail;
+        }
+
+        /* Only save valid base64 characters. */
+        if (B64_BASE64(v)) {
+            if (n >= 64) {
+                /*
+                 * We increment n once per loop, and empty the buffer as soon as
+                 * we reach 64 characters, so this can only happen if someone's
+                 * manually messed with the ctx. Refuse to write any more data.
+                 */
+                rv = -1;
+                goto end;
+            }
+            OPENSSL_assert(n < (int)sizeof(ctx->enc_data));
+            d[n++] = tmp;
+        }
+
+        if (n == 64) {
+            decoded_len = evp_decodeblock_int(ctx, out, d, n);
+            n = 0;
+            if (decoded_len < 0 || eof > decoded_len) {
+                rv = -1;
+                goto end;
+            }
+            ret += decoded_len - eof;
+            out += decoded_len - eof;
+        }
+    }
+
+    /*
+     * Legacy behaviour: if the current line is a full base64-block (i.e., has
+     * 0 mod 4 base64 characters), it is processed immediately. We keep this
+     * behaviour as applications may not be calling EVP_DecodeFinal properly.
+     */
+tail:
+    if (n > 0) {
+        if ((n & 3) == 0) {
+            decoded_len = evp_decodeblock_int(ctx, out, d, n);
+            n = 0;
+            if (decoded_len < 0 || eof > decoded_len) {
+                rv = -1;
+                goto end;
+            }
+            ret += (decoded_len - eof);
+        } else if (seof) {
+            /* EOF in the middle of a base64 block. */
+            rv = -1;
+            goto end;
+        }
+    }
+
+    rv = seof || (n == 0 && eof) ? 0 : 1;
+end:
+    /* Legacy behaviour. This should probably rather be zeroed on error. */
+    *outl = ret;
+    ctx->num = n;
+    return rv;
+}
+
+static int evp_decodeblock_int(EVP_ENCODE_CTX *ctx, unsigned char *t,
+                               const unsigned char *f, int n)
+{
+    int i, ret = 0, a, b, c, d;
+    unsigned long l;
+    const unsigned char *table;
+
+    if (ctx != NULL && (ctx->flags & EVP_ENCODE_CTX_USE_SRP_ALPHABET) != 0)
+        table = srpdata_ascii2bin;
+    else
+        table = data_ascii2bin;
+
+    /* trim white space from the start of the line. */
+    while ((conv_ascii2bin(*f, table) == B64_WS) && (n > 0)) {
+        f++;
+        n--;
+    }
+
+    /*
+     * strip off stuff at the end of the line ascii2bin values B64_WS,
+     * B64_EOLN, B64_EOLN and B64_EOF
+     */
+    while ((n > 3) && (B64_NOT_BASE64(conv_ascii2bin(f[n - 1], table))))
+        n--;
+
+    if (n % 4 != 0)
+        return -1;
+
+    for (i = 0; i < n; i += 4) {
+        a = conv_ascii2bin(*(f++), table);
+        b = conv_ascii2bin(*(f++), table);
+        c = conv_ascii2bin(*(f++), table);
+        d = conv_ascii2bin(*(f++), table);
+        if ((a & 0x80) || (b & 0x80) || (c & 0x80) || (d & 0x80))
+            return -1;
+        l = ((((unsigned long)a) << 18L) |
+             (((unsigned long)b) << 12L) |
+             (((unsigned long)c) << 6L) | (((unsigned long)d)));
+        *(t++) = (unsigned char)(l >> 16L) & 0xff;
+        *(t++) = (unsigned char)(l >> 8L) & 0xff;
+        *(t++) = (unsigned char)(l) & 0xff;
+        ret += 3;
+    }
+    return ret;
+}
+
+int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n)
+{
+    return evp_decodeblock_int(NULL, t, f, n);
+}
+
+int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl)
+{
+    int i;
+
+    *outl = 0;
+    if (ctx->num != 0) {
+        i = evp_decodeblock_int(ctx, out, ctx->enc_data, ctx->num);
+        if (i < 0)
+            return -1;
+        ctx->num = 0;
+        *outl = i;
+        return 1;
+    } else
+        return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/evp_cnf.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/evp_cnf.c
new file mode 100644
index 000000000..8df2c06e1
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/evp_cnf.c
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2012-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+/* Algorithm configuration module. */
+
+static int alg_module_init(CONF_IMODULE *md, const CONF *cnf)
+{
+    int i;
+    const char *oid_section;
+    STACK_OF(CONF_VALUE) *sktmp;
+    CONF_VALUE *oval;
+
+    oid_section = CONF_imodule_get_value(md);
+    if ((sktmp = NCONF_get_section(cnf, oid_section)) == NULL) {
+        EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_ERROR_LOADING_SECTION);
+        return 0;
+    }
+    for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
+        oval = sk_CONF_VALUE_value(sktmp, i);
+        if (strcmp(oval->name, "fips_mode") == 0) {
+            int m;
+            if (!X509V3_get_value_bool(oval, &m)) {
+                EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_INVALID_FIPS_MODE);
+                return 0;
+            }
+            if (m > 0) {
+                EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_FIPS_MODE_NOT_SUPPORTED);
+                return 0;
+            }
+        } else {
+            EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_UNKNOWN_OPTION);
+            ERR_add_error_data(4, "name=", oval->name,
+                               ", value=", oval->value);
+        }
+
+    }
+    return 1;
+}
+
+void EVP_add_alg_module(void)
+{
+    CONF_module_add("alg_section", alg_module_init, 0);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/evp_enc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/evp_enc.c
new file mode 100644
index 000000000..05dd791b6
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/evp_enc.c
@@ -0,0 +1,677 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <assert.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#include <openssl/rand_drbg.h>
+#include <openssl/engine.h>
+#include "internal/evp_int.h"
+#include "evp_locl.h"
+
+int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c)
+{
+    if (c == NULL)
+        return 1;
+    if (c->cipher != NULL) {
+        if (c->cipher->cleanup && !c->cipher->cleanup(c))
+            return 0;
+        /* Cleanse cipher context data */
+        if (c->cipher_data && c->cipher->ctx_size)
+            OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
+    }
+    OPENSSL_free(c->cipher_data);
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_finish(c->engine);
+#endif
+    memset(c, 0, sizeof(*c));
+    return 1;
+}
+
+EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
+{
+    return OPENSSL_zalloc(sizeof(EVP_CIPHER_CTX));
+}
+
+void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
+{
+    EVP_CIPHER_CTX_reset(ctx);
+    OPENSSL_free(ctx);
+}
+
+int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+                   const unsigned char *key, const unsigned char *iv, int enc)
+{
+    if (cipher != NULL)
+        EVP_CIPHER_CTX_reset(ctx);
+    return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc);
+}
+
+int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+                      ENGINE *impl, const unsigned char *key,
+                      const unsigned char *iv, int enc)
+{
+    if (enc == -1)
+        enc = ctx->encrypt;
+    else {
+        if (enc)
+            enc = 1;
+        ctx->encrypt = enc;
+    }
+#ifndef OPENSSL_NO_ENGINE
+    /*
+     * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so
+     * this context may already have an ENGINE! Try to avoid releasing the
+     * previous handle, re-querying for an ENGINE, and having a
+     * reinitialisation, when it may all be unnecessary.
+     */
+    if (ctx->engine && ctx->cipher
+        && (cipher == NULL || cipher->nid == ctx->cipher->nid))
+        goto skip_to_init;
+#endif
+    if (cipher) {
+        /*
+         * Ensure a context left lying around from last time is cleared (the
+         * previous check attempted to avoid this if the same ENGINE and
+         * EVP_CIPHER could be used).
+         */
+        if (ctx->cipher) {
+            unsigned long flags = ctx->flags;
+            EVP_CIPHER_CTX_reset(ctx);
+            /* Restore encrypt and flags */
+            ctx->encrypt = enc;
+            ctx->flags = flags;
+        }
+#ifndef OPENSSL_NO_ENGINE
+        if (impl) {
+            if (!ENGINE_init(impl)) {
+                EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
+                return 0;
+            }
+        } else
+            /* Ask if an ENGINE is reserved for this job */
+            impl = ENGINE_get_cipher_engine(cipher->nid);
+        if (impl) {
+            /* There's an ENGINE for this job ... (apparently) */
+            const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid);
+            if (!c) {
+                /*
+                 * One positive side-effect of US's export control history,
+                 * is that we should at least be able to avoid using US
+                 * misspellings of "initialisation"?
+                 */
+                EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
+                return 0;
+            }
+            /* We'll use the ENGINE's private cipher definition */
+            cipher = c;
+            /*
+             * Store the ENGINE functional reference so we know 'cipher' came
+             * from an ENGINE and we need to release it when done.
+             */
+            ctx->engine = impl;
+        } else
+            ctx->engine = NULL;
+#endif
+
+        ctx->cipher = cipher;
+        if (ctx->cipher->ctx_size) {
+            ctx->cipher_data = OPENSSL_zalloc(ctx->cipher->ctx_size);
+            if (ctx->cipher_data == NULL) {
+                ctx->cipher = NULL;
+                EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+        } else {
+            ctx->cipher_data = NULL;
+        }
+        ctx->key_len = cipher->key_len;
+        /* Preserve wrap enable flag, zero everything else */
+        ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW;
+        if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) {
+            if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) {
+                ctx->cipher = NULL;
+                EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
+                return 0;
+            }
+        }
+    } else if (!ctx->cipher) {
+        EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET);
+        return 0;
+    }
+#ifndef OPENSSL_NO_ENGINE
+ skip_to_init:
+#endif
+    /* we assume block size is a power of 2 in *cryptUpdate */
+    OPENSSL_assert(ctx->cipher->block_size == 1
+                   || ctx->cipher->block_size == 8
+                   || ctx->cipher->block_size == 16);
+
+    if (!(ctx->flags & EVP_CIPHER_CTX_FLAG_WRAP_ALLOW)
+        && EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_WRAP_MODE) {
+        EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_WRAP_MODE_NOT_ALLOWED);
+        return 0;
+    }
+
+    if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_CUSTOM_IV)) {
+        switch (EVP_CIPHER_CTX_mode(ctx)) {
+
+        case EVP_CIPH_STREAM_CIPHER:
+        case EVP_CIPH_ECB_MODE:
+            break;
+
+        case EVP_CIPH_CFB_MODE:
+        case EVP_CIPH_OFB_MODE:
+
+            ctx->num = 0;
+            /* fall-through */
+
+        case EVP_CIPH_CBC_MODE:
+
+            OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <=
+                           (int)sizeof(ctx->iv));
+            if (iv)
+                memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
+            memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
+            break;
+
+        case EVP_CIPH_CTR_MODE:
+            ctx->num = 0;
+            /* Don't reuse IV for CTR mode */
+            if (iv)
+                memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx));
+            break;
+
+        default:
+            return 0;
+        }
+    }
+
+    if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
+        if (!ctx->cipher->init(ctx, key, iv, enc))
+            return 0;
+    }
+    ctx->buf_len = 0;
+    ctx->final_used = 0;
+    ctx->block_mask = ctx->cipher->block_size - 1;
+    return 1;
+}
+
+int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
+                     const unsigned char *in, int inl)
+{
+    if (ctx->encrypt)
+        return EVP_EncryptUpdate(ctx, out, outl, in, inl);
+    else
+        return EVP_DecryptUpdate(ctx, out, outl, in, inl);
+}
+
+int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+{
+    if (ctx->encrypt)
+        return EVP_EncryptFinal_ex(ctx, out, outl);
+    else
+        return EVP_DecryptFinal_ex(ctx, out, outl);
+}
+
+int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+{
+    if (ctx->encrypt)
+        return EVP_EncryptFinal(ctx, out, outl);
+    else
+        return EVP_DecryptFinal(ctx, out, outl);
+}
+
+int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+                    const unsigned char *key, const unsigned char *iv)
+{
+    return EVP_CipherInit(ctx, cipher, key, iv, 1);
+}
+
+int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+                       ENGINE *impl, const unsigned char *key,
+                       const unsigned char *iv)
+{
+    return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1);
+}
+
+int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+                    const unsigned char *key, const unsigned char *iv)
+{
+    return EVP_CipherInit(ctx, cipher, key, iv, 0);
+}
+
+int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+                       ENGINE *impl, const unsigned char *key,
+                       const unsigned char *iv)
+{
+    return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0);
+}
+
+/*
+ * According to the letter of standard difference between pointers
+ * is specified to be valid only within same object. This makes
+ * it formally challenging to determine if input and output buffers
+ * are not partially overlapping with standard pointer arithmetic.
+ */
+#ifdef PTRDIFF_T
+# undef PTRDIFF_T
+#endif
+#if defined(OPENSSL_SYS_VMS) && __INITIAL_POINTER_SIZE==64
+/*
+ * Then we have VMS that distinguishes itself by adhering to
+ * sizeof(size_t)==4 even in 64-bit builds, which means that
+ * difference between two pointers might be truncated to 32 bits.
+ * In the context one can even wonder how comparison for
+ * equality is implemented. To be on the safe side we adhere to
+ * PTRDIFF_T even for comparison for equality.
+ */
+# define PTRDIFF_T uint64_t
+#else
+# define PTRDIFF_T size_t
+#endif
+
+int is_partially_overlapping(const void *ptr1, const void *ptr2, int len)
+{
+    PTRDIFF_T diff = (PTRDIFF_T)ptr1-(PTRDIFF_T)ptr2;
+    /*
+     * Check for partially overlapping buffers. [Binary logical
+     * operations are used instead of boolean to minimize number
+     * of conditional branches.]
+     */
+    int overlapped = (len > 0) & (diff != 0) & ((diff < (PTRDIFF_T)len) |
+                                                (diff > (0 - (PTRDIFF_T)len)));
+
+    return overlapped;
+}
+
+static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx,
+                                    unsigned char *out, int *outl,
+                                    const unsigned char *in, int inl)
+{
+    int i, j, bl, cmpl = inl;
+
+    if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
+        cmpl = (cmpl + 7) / 8;
+
+    bl = ctx->cipher->block_size;
+
+    if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
+        /* If block size > 1 then the cipher will have to do this check */
+        if (bl == 1 && is_partially_overlapping(out, in, cmpl)) {
+            EVPerr(EVP_F_EVP_ENCRYPTDECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
+            return 0;
+        }
+
+        i = ctx->cipher->do_cipher(ctx, out, in, inl);
+        if (i < 0)
+            return 0;
+        else
+            *outl = i;
+        return 1;
+    }
+
+    if (inl <= 0) {
+        *outl = 0;
+        return inl == 0;
+    }
+    if (is_partially_overlapping(out + ctx->buf_len, in, cmpl)) {
+        EVPerr(EVP_F_EVP_ENCRYPTDECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
+        return 0;
+    }
+
+    if (ctx->buf_len == 0 && (inl & (ctx->block_mask)) == 0) {
+        if (ctx->cipher->do_cipher(ctx, out, in, inl)) {
+            *outl = inl;
+            return 1;
+        } else {
+            *outl = 0;
+            return 0;
+        }
+    }
+    i = ctx->buf_len;
+    OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
+    if (i != 0) {
+        if (bl - i > inl) {
+            memcpy(&(ctx->buf[i]), in, inl);
+            ctx->buf_len += inl;
+            *outl = 0;
+            return 1;
+        } else {
+            j = bl - i;
+            memcpy(&(ctx->buf[i]), in, j);
+            inl -= j;
+            in += j;
+            if (!ctx->cipher->do_cipher(ctx, out, ctx->buf, bl))
+                return 0;
+            out += bl;
+            *outl = bl;
+        }
+    } else
+        *outl = 0;
+    i = inl & (bl - 1);
+    inl -= i;
+    if (inl > 0) {
+        if (!ctx->cipher->do_cipher(ctx, out, in, inl))
+            return 0;
+        *outl += inl;
+    }
+
+    if (i != 0)
+        memcpy(ctx->buf, &(in[inl]), i);
+    ctx->buf_len = i;
+    return 1;
+}
+
+
+int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
+                      const unsigned char *in, int inl)
+{
+    /* Prevent accidental use of decryption context when encrypting */
+    if (!ctx->encrypt) {
+        EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_INVALID_OPERATION);
+        return 0;
+    }
+
+    return evp_EncryptDecryptUpdate(ctx, out, outl, in, inl);
+}
+
+int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+{
+    int ret;
+    ret = EVP_EncryptFinal_ex(ctx, out, outl);
+    return ret;
+}
+
+int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+{
+    int n, ret;
+    unsigned int i, b, bl;
+
+    /* Prevent accidental use of decryption context when encrypting */
+    if (!ctx->encrypt) {
+        EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX, EVP_R_INVALID_OPERATION);
+        return 0;
+    }
+
+    if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
+        ret = ctx->cipher->do_cipher(ctx, out, NULL, 0);
+        if (ret < 0)
+            return 0;
+        else
+            *outl = ret;
+        return 1;
+    }
+
+    b = ctx->cipher->block_size;
+    OPENSSL_assert(b <= sizeof(ctx->buf));
+    if (b == 1) {
+        *outl = 0;
+        return 1;
+    }
+    bl = ctx->buf_len;
+    if (ctx->flags & EVP_CIPH_NO_PADDING) {
+        if (bl) {
+            EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,
+                   EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
+            return 0;
+        }
+        *outl = 0;
+        return 1;
+    }
+
+    n = b - bl;
+    for (i = bl; i < b; i++)
+        ctx->buf[i] = n;
+    ret = ctx->cipher->do_cipher(ctx, out, ctx->buf, b);
+
+    if (ret)
+        *outl = b;
+
+    return ret;
+}
+
+int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
+                      const unsigned char *in, int inl)
+{
+    int fix_len, cmpl = inl;
+    unsigned int b;
+
+    /* Prevent accidental use of encryption context when decrypting */
+    if (ctx->encrypt) {
+        EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_INVALID_OPERATION);
+        return 0;
+    }
+
+    b = ctx->cipher->block_size;
+
+    if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
+        cmpl = (cmpl + 7) / 8;
+
+    if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
+        if (b == 1 && is_partially_overlapping(out, in, cmpl)) {
+            EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
+            return 0;
+        }
+
+        fix_len = ctx->cipher->do_cipher(ctx, out, in, inl);
+        if (fix_len < 0) {
+            *outl = 0;
+            return 0;
+        } else
+            *outl = fix_len;
+        return 1;
+    }
+
+    if (inl <= 0) {
+        *outl = 0;
+        return inl == 0;
+    }
+
+    if (ctx->flags & EVP_CIPH_NO_PADDING)
+        return evp_EncryptDecryptUpdate(ctx, out, outl, in, inl);
+
+    OPENSSL_assert(b <= sizeof(ctx->final));
+
+    if (ctx->final_used) {
+        /* see comment about PTRDIFF_T comparison above */
+        if (((PTRDIFF_T)out == (PTRDIFF_T)in)
+            || is_partially_overlapping(out, in, b)) {
+            EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
+            return 0;
+        }
+        memcpy(out, ctx->final, b);
+        out += b;
+        fix_len = 1;
+    } else
+        fix_len = 0;
+
+    if (!evp_EncryptDecryptUpdate(ctx, out, outl, in, inl))
+        return 0;
+
+    /*
+     * if we have 'decrypted' a multiple of block size, make sure we have a
+     * copy of this last block
+     */
+    if (b > 1 && !ctx->buf_len) {
+        *outl -= b;
+        ctx->final_used = 1;
+        memcpy(ctx->final, &out[*outl], b);
+    } else
+        ctx->final_used = 0;
+
+    if (fix_len)
+        *outl += b;
+
+    return 1;
+}
+
+int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+{
+    int ret;
+    ret = EVP_DecryptFinal_ex(ctx, out, outl);
+    return ret;
+}
+
+int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+{
+    int i, n;
+    unsigned int b;
+
+    /* Prevent accidental use of encryption context when decrypting */
+    if (ctx->encrypt) {
+        EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_INVALID_OPERATION);
+        return 0;
+    }
+
+    *outl = 0;
+
+    if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
+        i = ctx->cipher->do_cipher(ctx, out, NULL, 0);
+        if (i < 0)
+            return 0;
+        else
+            *outl = i;
+        return 1;
+    }
+
+    b = ctx->cipher->block_size;
+    if (ctx->flags & EVP_CIPH_NO_PADDING) {
+        if (ctx->buf_len) {
+            EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,
+                   EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
+            return 0;
+        }
+        *outl = 0;
+        return 1;
+    }
+    if (b > 1) {
+        if (ctx->buf_len || !ctx->final_used) {
+            EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_WRONG_FINAL_BLOCK_LENGTH);
+            return 0;
+        }
+        OPENSSL_assert(b <= sizeof(ctx->final));
+
+        /*
+         * The following assumes that the ciphertext has been authenticated.
+         * Otherwise it provides a padding oracle.
+         */
+        n = ctx->final[b - 1];
+        if (n == 0 || n > (int)b) {
+            EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
+            return 0;
+        }
+        for (i = 0; i < n; i++) {
+            if (ctx->final[--b] != n) {
+                EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
+                return 0;
+            }
+        }
+        n = ctx->cipher->block_size - n;
+        for (i = 0; i < n; i++)
+            out[i] = ctx->final[i];
+        *outl = n;
+    } else
+        *outl = 0;
+    return 1;
+}
+
+int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
+{
+    if (c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH)
+        return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, keylen, NULL);
+    if (c->key_len == keylen)
+        return 1;
+    if ((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) {
+        c->key_len = keylen;
+        return 1;
+    }
+    EVPerr(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH, EVP_R_INVALID_KEY_LENGTH);
+    return 0;
+}
+
+int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
+{
+    if (pad)
+        ctx->flags &= ~EVP_CIPH_NO_PADDING;
+    else
+        ctx->flags |= EVP_CIPH_NO_PADDING;
+    return 1;
+}
+
+int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
+{
+    int ret;
+
+    if (!ctx->cipher) {
+        EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET);
+        return 0;
+    }
+
+    if (!ctx->cipher->ctrl) {
+        EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED);
+        return 0;
+    }
+
+    ret = ctx->cipher->ctrl(ctx, type, arg, ptr);
+    if (ret == -1) {
+        EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL,
+               EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
+        return 0;
+    }
+    return ret;
+}
+
+int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
+{
+    if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
+        return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key);
+    if (RAND_priv_bytes(key, ctx->key_len) <= 0)
+        return 0;
+    return 1;
+}
+
+int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
+{
+    if ((in == NULL) || (in->cipher == NULL)) {
+        EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, EVP_R_INPUT_NOT_INITIALIZED);
+        return 0;
+    }
+#ifndef OPENSSL_NO_ENGINE
+    /* Make sure it's safe to copy a cipher context using an ENGINE */
+    if (in->engine && !ENGINE_init(in->engine)) {
+        EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_ENGINE_LIB);
+        return 0;
+    }
+#endif
+
+    EVP_CIPHER_CTX_reset(out);
+    memcpy(out, in, sizeof(*out));
+
+    if (in->cipher_data && in->cipher->ctx_size) {
+        out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size);
+        if (out->cipher_data == NULL) {
+            out->cipher = NULL;
+            EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size);
+    }
+
+    if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY)
+        if (!in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out)) {
+            out->cipher = NULL;
+            EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, EVP_R_INITIALIZATION_ERROR);
+            return 0;
+        }
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/evp_err.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/evp_err.c
new file mode 100644
index 000000000..60df27cbc
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/evp_err.c
@@ -0,0 +1,283 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/evperr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA EVP_str_functs[] = {
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_AESNI_INIT_KEY, 0), "aesni_init_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_GCM_CTRL, 0), "aes_gcm_ctrl"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_INIT_KEY, 0), "aes_init_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_OCB_CIPHER, 0), "aes_ocb_cipher"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_T4_INIT_KEY, 0), "aes_t4_init_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_WRAP_CIPHER, 0), "aes_wrap_cipher"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_ALG_MODULE_INIT, 0), "alg_module_init"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_ARIA_CCM_INIT_KEY, 0), "aria_ccm_init_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_ARIA_GCM_CTRL, 0), "aria_gcm_ctrl"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_ARIA_GCM_INIT_KEY, 0), "aria_gcm_init_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_ARIA_INIT_KEY, 0), "aria_init_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_B64_NEW, 0), "b64_new"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_CAMELLIA_INIT_KEY, 0), "camellia_init_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_CHACHA20_POLY1305_CTRL, 0),
+     "chacha20_poly1305_ctrl"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_CMLL_T4_INIT_KEY, 0), "cmll_t4_init_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_DES_EDE3_WRAP_CIPHER, 0),
+     "des_ede3_wrap_cipher"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_DO_SIGVER_INIT, 0), "do_sigver_init"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_ENC_NEW, 0), "enc_new"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHERINIT_EX, 0), "EVP_CipherInit_ex"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_ASN1_TO_PARAM, 0),
+     "EVP_CIPHER_asn1_to_param"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_CTX_COPY, 0),
+     "EVP_CIPHER_CTX_copy"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_CTX_CTRL, 0),
+     "EVP_CIPHER_CTX_ctrl"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH, 0),
+     "EVP_CIPHER_CTX_set_key_length"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_PARAM_TO_ASN1, 0),
+     "EVP_CIPHER_param_to_asn1"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DECRYPTFINAL_EX, 0),
+     "EVP_DecryptFinal_ex"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DECRYPTUPDATE, 0), "EVP_DecryptUpdate"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DIGESTFINALXOF, 0), "EVP_DigestFinalXOF"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DIGESTINIT_EX, 0), "EVP_DigestInit_ex"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTDECRYPTUPDATE, 0),
+     "evp_EncryptDecryptUpdate"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTFINAL_EX, 0),
+     "EVP_EncryptFinal_ex"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTUPDATE, 0), "EVP_EncryptUpdate"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MD_CTX_COPY_EX, 0), "EVP_MD_CTX_copy_ex"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MD_SIZE, 0), "EVP_MD_size"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_OPENINIT, 0), "EVP_OpenInit"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PBE_ALG_ADD, 0), "EVP_PBE_alg_add"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PBE_ALG_ADD_TYPE, 0),
+     "EVP_PBE_alg_add_type"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PBE_CIPHERINIT, 0), "EVP_PBE_CipherInit"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PBE_SCRYPT, 0), "EVP_PBE_scrypt"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKCS82PKEY, 0), "EVP_PKCS82PKEY"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY2PKCS8, 0), "EVP_PKEY2PKCS8"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_ASN1_ADD0, 0), "EVP_PKEY_asn1_add0"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_CHECK, 0), "EVP_PKEY_check"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_COPY_PARAMETERS, 0),
+     "EVP_PKEY_copy_parameters"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_CTX_CTRL, 0), "EVP_PKEY_CTX_ctrl"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_CTX_CTRL_STR, 0),
+     "EVP_PKEY_CTX_ctrl_str"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_CTX_DUP, 0), "EVP_PKEY_CTX_dup"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_CTX_MD, 0), "EVP_PKEY_CTX_md"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_DECRYPT, 0), "EVP_PKEY_decrypt"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_DECRYPT_INIT, 0),
+     "EVP_PKEY_decrypt_init"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_DECRYPT_OLD, 0),
+     "EVP_PKEY_decrypt_old"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_DERIVE, 0), "EVP_PKEY_derive"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_DERIVE_INIT, 0),
+     "EVP_PKEY_derive_init"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_DERIVE_SET_PEER, 0),
+     "EVP_PKEY_derive_set_peer"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_ENCRYPT, 0), "EVP_PKEY_encrypt"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_ENCRYPT_INIT, 0),
+     "EVP_PKEY_encrypt_init"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_ENCRYPT_OLD, 0),
+     "EVP_PKEY_encrypt_old"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET0_DH, 0), "EVP_PKEY_get0_DH"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET0_DSA, 0), "EVP_PKEY_get0_DSA"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET0_EC_KEY, 0),
+     "EVP_PKEY_get0_EC_KEY"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET0_HMAC, 0), "EVP_PKEY_get0_hmac"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET0_POLY1305, 0),
+     "EVP_PKEY_get0_poly1305"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET0_RSA, 0), "EVP_PKEY_get0_RSA"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET0_SIPHASH, 0),
+     "EVP_PKEY_get0_siphash"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET_RAW_PRIVATE_KEY, 0),
+     "EVP_PKEY_get_raw_private_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET_RAW_PUBLIC_KEY, 0),
+     "EVP_PKEY_get_raw_public_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_KEYGEN, 0), "EVP_PKEY_keygen"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_KEYGEN_INIT, 0),
+     "EVP_PKEY_keygen_init"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_METH_ADD0, 0), "EVP_PKEY_meth_add0"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_METH_NEW, 0), "EVP_PKEY_meth_new"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_NEW, 0), "EVP_PKEY_new"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_NEW_CMAC_KEY, 0),
+     "EVP_PKEY_new_CMAC_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY, 0),
+     "EVP_PKEY_new_raw_private_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_NEW_RAW_PUBLIC_KEY, 0),
+     "EVP_PKEY_new_raw_public_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_PARAMGEN, 0), "EVP_PKEY_paramgen"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_PARAMGEN_INIT, 0),
+     "EVP_PKEY_paramgen_init"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_PARAM_CHECK, 0),
+     "EVP_PKEY_param_check"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_PUBLIC_CHECK, 0),
+     "EVP_PKEY_public_check"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_SET1_ENGINE, 0),
+     "EVP_PKEY_set1_engine"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_SET_ALIAS_TYPE, 0),
+     "EVP_PKEY_set_alias_type"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_SIGN, 0), "EVP_PKEY_sign"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_SIGN_INIT, 0), "EVP_PKEY_sign_init"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_VERIFY, 0), "EVP_PKEY_verify"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_VERIFY_INIT, 0),
+     "EVP_PKEY_verify_init"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_VERIFY_RECOVER, 0),
+     "EVP_PKEY_verify_recover"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT, 0),
+     "EVP_PKEY_verify_recover_init"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_SIGNFINAL, 0), "EVP_SignFinal"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_VERIFYFINAL, 0), "EVP_VerifyFinal"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_INT_CTX_NEW, 0), "int_ctx_new"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_OK_NEW, 0), "ok_new"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_PKCS5_PBE_KEYIVGEN, 0), "PKCS5_PBE_keyivgen"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_PKCS5_V2_PBE_KEYIVGEN, 0),
+     "PKCS5_v2_PBE_keyivgen"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, 0),
+     "PKCS5_v2_PBKDF2_keyivgen"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN, 0),
+     "PKCS5_v2_scrypt_keyivgen"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_PKEY_SET_TYPE, 0), "pkey_set_type"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_RC2_MAGIC_TO_METH, 0), "rc2_magic_to_meth"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_RC5_CTRL, 0), "rc5_ctrl"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_S390X_AES_GCM_CTRL, 0), "s390x_aes_gcm_ctrl"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_UPDATE, 0), "update"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA EVP_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_AES_KEY_SETUP_FAILED),
+    "aes key setup failed"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ARIA_KEY_SETUP_FAILED),
+    "aria key setup failed"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_BAD_DECRYPT), "bad decrypt"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_BUFFER_TOO_SMALL), "buffer too small"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CAMELLIA_KEY_SETUP_FAILED),
+    "camellia key setup failed"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CIPHER_PARAMETER_ERROR),
+    "cipher parameter error"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_COMMAND_NOT_SUPPORTED),
+    "command not supported"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_COPY_ERROR), "copy error"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CTRL_NOT_IMPLEMENTED),
+    "ctrl not implemented"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED),
+    "ctrl operation not implemented"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH),
+    "data not multiple of block length"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DECODE_ERROR), "decode error"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DIFFERENT_KEY_TYPES),
+    "different key types"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DIFFERENT_PARAMETERS),
+    "different parameters"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ERROR_LOADING_SECTION),
+    "error loading section"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ERROR_SETTING_FIPS_MODE),
+    "error setting fips mode"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_AN_HMAC_KEY),
+    "expecting an hmac key"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_AN_RSA_KEY),
+    "expecting an rsa key"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_A_DH_KEY), "expecting a dh key"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_A_DSA_KEY),
+    "expecting a dsa key"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_A_EC_KEY), "expecting a ec key"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_A_POLY1305_KEY),
+    "expecting a poly1305 key"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_A_SIPHASH_KEY),
+    "expecting a siphash key"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_FIPS_MODE_NOT_SUPPORTED),
+    "fips mode not supported"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_GET_RAW_KEY_FAILED), "get raw key failed"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ILLEGAL_SCRYPT_PARAMETERS),
+    "illegal scrypt parameters"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INITIALIZATION_ERROR),
+    "initialization error"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INPUT_NOT_INITIALIZED),
+    "input not initialized"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_DIGEST), "invalid digest"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_FIPS_MODE), "invalid fips mode"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_KEY), "invalid key"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_KEY_LENGTH), "invalid key length"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_OPERATION), "invalid operation"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_KEYGEN_FAILURE), "keygen failure"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_KEY_SETUP_FAILED), "key setup failed"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_MEMORY_LIMIT_EXCEEDED),
+    "memory limit exceeded"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_MESSAGE_DIGEST_IS_NULL),
+    "message digest is null"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_METHOD_NOT_SUPPORTED),
+    "method not supported"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_MISSING_PARAMETERS), "missing parameters"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NOT_XOF_OR_INVALID_LENGTH),
+    "not XOF or invalid length"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_CIPHER_SET), "no cipher set"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_DEFAULT_DIGEST), "no default digest"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_DIGEST_SET), "no digest set"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_KEY_SET), "no key set"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_OPERATION_SET), "no operation set"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ONLY_ONESHOT_SUPPORTED),
+    "only oneshot supported"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),
+    "operation not supported for this keytype"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATON_NOT_INITIALIZED),
+    "operaton not initialized"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARTIALLY_OVERLAPPING),
+    "partially overlapping buffers"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PBKDF2_ERROR), "pbkdf2 error"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED),
+    "pkey application asn1 method already registered"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PRIVATE_KEY_DECODE_ERROR),
+    "private key decode error"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PRIVATE_KEY_ENCODE_ERROR),
+    "private key encode error"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_CIPHER), "unknown cipher"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_DIGEST), "unknown digest"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_OPTION), "unknown option"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_PBE_ALGORITHM),
+    "unknown pbe algorithm"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_ALGORITHM),
+    "unsupported algorithm"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_CIPHER), "unsupported cipher"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_KEYLENGTH),
+    "unsupported keylength"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION),
+    "unsupported key derivation function"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_KEY_SIZE),
+    "unsupported key size"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS),
+    "unsupported number of rounds"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_PRF), "unsupported prf"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM),
+    "unsupported private key algorithm"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_SALT_TYPE),
+    "unsupported salt type"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_WRAP_MODE_NOT_ALLOWED),
+    "wrap mode not allowed"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_WRONG_FINAL_BLOCK_LENGTH),
+    "wrong final block length"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_EVP_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(EVP_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(EVP_str_functs);
+        ERR_load_strings_const(EVP_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/evp_key.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/evp_key.c
new file mode 100644
index 000000000..e5ac107c3
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/evp_key.c
@@ -0,0 +1,150 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/ui.h>
+
+/* should be init to zeros. */
+static char prompt_string[80];
+
+void EVP_set_pw_prompt(const char *prompt)
+{
+    if (prompt == NULL)
+        prompt_string[0] = '\0';
+    else {
+        strncpy(prompt_string, prompt, 79);
+        prompt_string[79] = '\0';
+    }
+}
+
+char *EVP_get_pw_prompt(void)
+{
+    if (prompt_string[0] == '\0')
+        return NULL;
+    else
+        return prompt_string;
+}
+
+/*
+ * For historical reasons, the standard function for reading passwords is in
+ * the DES library -- if someone ever wants to disable DES, this function
+ * will fail
+ */
+int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify)
+{
+    return EVP_read_pw_string_min(buf, 0, len, prompt, verify);
+}
+
+int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt,
+                           int verify)
+{
+    int ret = -1;
+    char buff[BUFSIZ];
+    UI *ui;
+
+    if ((prompt == NULL) && (prompt_string[0] != '\0'))
+        prompt = prompt_string;
+    ui = UI_new();
+    if (ui == NULL)
+        return ret;
+    if (UI_add_input_string(ui, prompt, 0, buf, min,
+                            (len >= BUFSIZ) ? BUFSIZ - 1 : len) < 0
+        || (verify
+            && UI_add_verify_string(ui, prompt, 0, buff, min,
+                                    (len >= BUFSIZ) ? BUFSIZ - 1 : len,
+                                    buf) < 0))
+        goto end;
+    ret = UI_process(ui);
+    OPENSSL_cleanse(buff, BUFSIZ);
+ end:
+    UI_free(ui);
+    return ret;
+}
+
+int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
+                   const unsigned char *salt, const unsigned char *data,
+                   int datal, int count, unsigned char *key,
+                   unsigned char *iv)
+{
+    EVP_MD_CTX *c;
+    unsigned char md_buf[EVP_MAX_MD_SIZE];
+    int niv, nkey, addmd = 0;
+    unsigned int mds = 0, i;
+    int rv = 0;
+    nkey = EVP_CIPHER_key_length(type);
+    niv = EVP_CIPHER_iv_length(type);
+    OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH);
+    OPENSSL_assert(niv <= EVP_MAX_IV_LENGTH);
+
+    if (data == NULL)
+        return nkey;
+
+    c = EVP_MD_CTX_new();
+    if (c == NULL)
+        goto err;
+    for (;;) {
+        if (!EVP_DigestInit_ex(c, md, NULL))
+            goto err;
+        if (addmd++)
+            if (!EVP_DigestUpdate(c, &(md_buf[0]), mds))
+                goto err;
+        if (!EVP_DigestUpdate(c, data, datal))
+            goto err;
+        if (salt != NULL)
+            if (!EVP_DigestUpdate(c, salt, PKCS5_SALT_LEN))
+                goto err;
+        if (!EVP_DigestFinal_ex(c, &(md_buf[0]), &mds))
+            goto err;
+
+        for (i = 1; i < (unsigned int)count; i++) {
+            if (!EVP_DigestInit_ex(c, md, NULL))
+                goto err;
+            if (!EVP_DigestUpdate(c, &(md_buf[0]), mds))
+                goto err;
+            if (!EVP_DigestFinal_ex(c, &(md_buf[0]), &mds))
+                goto err;
+        }
+        i = 0;
+        if (nkey) {
+            for (;;) {
+                if (nkey == 0)
+                    break;
+                if (i == mds)
+                    break;
+                if (key != NULL)
+                    *(key++) = md_buf[i];
+                nkey--;
+                i++;
+            }
+        }
+        if (niv && (i != mds)) {
+            for (;;) {
+                if (niv == 0)
+                    break;
+                if (i == mds)
+                    break;
+                if (iv != NULL)
+                    *(iv++) = md_buf[i];
+                niv--;
+                i++;
+            }
+        }
+        if ((nkey == 0) && (niv == 0))
+            break;
+    }
+    rv = EVP_CIPHER_key_length(type);
+ err:
+    EVP_MD_CTX_free(c);
+    OPENSSL_cleanse(md_buf, sizeof(md_buf));
+    return rv;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/evp_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/evp_lib.c
new file mode 100644
index 000000000..1b3c9840c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/evp_lib.c
@@ -0,0 +1,528 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include "internal/evp_int.h"
+#include "evp_locl.h"
+
+int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
+{
+    int ret;
+
+    if (c->cipher->set_asn1_parameters != NULL)
+        ret = c->cipher->set_asn1_parameters(c, type);
+    else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) {
+        switch (EVP_CIPHER_CTX_mode(c)) {
+        case EVP_CIPH_WRAP_MODE:
+            if (EVP_CIPHER_CTX_nid(c) == NID_id_smime_alg_CMS3DESwrap)
+                ASN1_TYPE_set(type, V_ASN1_NULL, NULL);
+            ret = 1;
+            break;
+
+        case EVP_CIPH_GCM_MODE:
+        case EVP_CIPH_CCM_MODE:
+        case EVP_CIPH_XTS_MODE:
+        case EVP_CIPH_OCB_MODE:
+            ret = -2;
+            break;
+
+        default:
+            ret = EVP_CIPHER_set_asn1_iv(c, type);
+        }
+    } else
+        ret = -1;
+    if (ret <= 0)
+        EVPerr(EVP_F_EVP_CIPHER_PARAM_TO_ASN1, ret == -2 ?
+               ASN1_R_UNSUPPORTED_CIPHER :
+               EVP_R_CIPHER_PARAMETER_ERROR);
+    if (ret < -1)
+        ret = -1;
+    return ret;
+}
+
+int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
+{
+    int ret;
+
+    if (c->cipher->get_asn1_parameters != NULL)
+        ret = c->cipher->get_asn1_parameters(c, type);
+    else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) {
+        switch (EVP_CIPHER_CTX_mode(c)) {
+
+        case EVP_CIPH_WRAP_MODE:
+            ret = 1;
+            break;
+
+        case EVP_CIPH_GCM_MODE:
+        case EVP_CIPH_CCM_MODE:
+        case EVP_CIPH_XTS_MODE:
+        case EVP_CIPH_OCB_MODE:
+            ret = -2;
+            break;
+
+        default:
+            ret = EVP_CIPHER_get_asn1_iv(c, type);
+            break;
+        }
+    } else
+        ret = -1;
+    if (ret <= 0)
+        EVPerr(EVP_F_EVP_CIPHER_ASN1_TO_PARAM, ret == -2 ?
+               EVP_R_UNSUPPORTED_CIPHER :
+               EVP_R_CIPHER_PARAMETER_ERROR);
+    if (ret < -1)
+        ret = -1;
+    return ret;
+}
+
+int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
+{
+    int i = 0;
+    unsigned int l;
+
+    if (type != NULL) {
+        l = EVP_CIPHER_CTX_iv_length(c);
+        OPENSSL_assert(l <= sizeof(c->iv));
+        i = ASN1_TYPE_get_octetstring(type, c->oiv, l);
+        if (i != (int)l)
+            return -1;
+        else if (i > 0)
+            memcpy(c->iv, c->oiv, l);
+    }
+    return i;
+}
+
+int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
+{
+    int i = 0;
+    unsigned int j;
+
+    if (type != NULL) {
+        j = EVP_CIPHER_CTX_iv_length(c);
+        OPENSSL_assert(j <= sizeof(c->iv));
+        i = ASN1_TYPE_set_octetstring(type, c->oiv, j);
+    }
+    return i;
+}
+
+/* Convert the various cipher NIDs and dummies to a proper OID NID */
+int EVP_CIPHER_type(const EVP_CIPHER *ctx)
+{
+    int nid;
+    ASN1_OBJECT *otmp;
+    nid = EVP_CIPHER_nid(ctx);
+
+    switch (nid) {
+
+    case NID_rc2_cbc:
+    case NID_rc2_64_cbc:
+    case NID_rc2_40_cbc:
+
+        return NID_rc2_cbc;
+
+    case NID_rc4:
+    case NID_rc4_40:
+
+        return NID_rc4;
+
+    case NID_aes_128_cfb128:
+    case NID_aes_128_cfb8:
+    case NID_aes_128_cfb1:
+
+        return NID_aes_128_cfb128;
+
+    case NID_aes_192_cfb128:
+    case NID_aes_192_cfb8:
+    case NID_aes_192_cfb1:
+
+        return NID_aes_192_cfb128;
+
+    case NID_aes_256_cfb128:
+    case NID_aes_256_cfb8:
+    case NID_aes_256_cfb1:
+
+        return NID_aes_256_cfb128;
+
+    case NID_des_cfb64:
+    case NID_des_cfb8:
+    case NID_des_cfb1:
+
+        return NID_des_cfb64;
+
+    case NID_des_ede3_cfb64:
+    case NID_des_ede3_cfb8:
+    case NID_des_ede3_cfb1:
+
+        return NID_des_cfb64;
+
+    default:
+        /* Check it has an OID and it is valid */
+        otmp = OBJ_nid2obj(nid);
+        if (OBJ_get0_data(otmp) == NULL)
+            nid = NID_undef;
+        ASN1_OBJECT_free(otmp);
+        return nid;
+    }
+}
+
+int EVP_CIPHER_block_size(const EVP_CIPHER *e)
+{
+    return e->block_size;
+}
+
+int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx)
+{
+    return ctx->cipher->block_size;
+}
+
+int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *e)
+{
+    return e->ctx_size;
+}
+
+int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+               const unsigned char *in, unsigned int inl)
+{
+    return ctx->cipher->do_cipher(ctx, out, in, inl);
+}
+
+const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx)
+{
+    return ctx->cipher;
+}
+
+int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx)
+{
+    return ctx->encrypt;
+}
+
+unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher)
+{
+    return cipher->flags;
+}
+
+void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx)
+{
+    return ctx->app_data;
+}
+
+void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data)
+{
+    ctx->app_data = data;
+}
+
+void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx)
+{
+    return ctx->cipher_data;
+}
+
+void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data)
+{
+    void *old_cipher_data;
+
+    old_cipher_data = ctx->cipher_data;
+    ctx->cipher_data = cipher_data;
+
+    return old_cipher_data;
+}
+
+int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher)
+{
+    return cipher->iv_len;
+}
+
+int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx)
+{
+    return ctx->cipher->iv_len;
+}
+
+const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx)
+{
+    return ctx->oiv;
+}
+
+const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx)
+{
+    return ctx->iv;
+}
+
+unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx)
+{
+    return ctx->iv;
+}
+
+unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx)
+{
+    return ctx->buf;
+}
+
+int EVP_CIPHER_CTX_num(const EVP_CIPHER_CTX *ctx)
+{
+    return ctx->num;
+}
+
+void EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num)
+{
+    ctx->num = num;
+}
+
+int EVP_CIPHER_key_length(const EVP_CIPHER *cipher)
+{
+    return cipher->key_len;
+}
+
+int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx)
+{
+    return ctx->key_len;
+}
+
+int EVP_CIPHER_nid(const EVP_CIPHER *cipher)
+{
+    return cipher->nid;
+}
+
+int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx)
+{
+    return ctx->cipher->nid;
+}
+
+int EVP_MD_block_size(const EVP_MD *md)
+{
+    return md->block_size;
+}
+
+int EVP_MD_type(const EVP_MD *md)
+{
+    return md->type;
+}
+
+int EVP_MD_pkey_type(const EVP_MD *md)
+{
+    return md->pkey_type;
+}
+
+int EVP_MD_size(const EVP_MD *md)
+{
+    if (!md) {
+        EVPerr(EVP_F_EVP_MD_SIZE, EVP_R_MESSAGE_DIGEST_IS_NULL);
+        return -1;
+    }
+    return md->md_size;
+}
+
+unsigned long EVP_MD_flags(const EVP_MD *md)
+{
+    return md->flags;
+}
+
+EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type)
+{
+    EVP_MD *md = OPENSSL_zalloc(sizeof(*md));
+
+    if (md != NULL) {
+        md->type = md_type;
+        md->pkey_type = pkey_type;
+    }
+    return md;
+}
+EVP_MD *EVP_MD_meth_dup(const EVP_MD *md)
+{
+    EVP_MD *to = EVP_MD_meth_new(md->type, md->pkey_type);
+
+    if (to != NULL)
+        memcpy(to, md, sizeof(*to));
+    return to;
+}
+void EVP_MD_meth_free(EVP_MD *md)
+{
+    OPENSSL_free(md);
+}
+int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize)
+{
+    md->block_size = blocksize;
+    return 1;
+}
+int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize)
+{
+    md->md_size = resultsize;
+    return 1;
+}
+int EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize)
+{
+    md->ctx_size = datasize;
+    return 1;
+}
+int EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags)
+{
+    md->flags = flags;
+    return 1;
+}
+int EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx))
+{
+    md->init = init;
+    return 1;
+}
+int EVP_MD_meth_set_update(EVP_MD *md, int (*update)(EVP_MD_CTX *ctx,
+                                                     const void *data,
+                                                     size_t count))
+{
+    md->update = update;
+    return 1;
+}
+int EVP_MD_meth_set_final(EVP_MD *md, int (*final)(EVP_MD_CTX *ctx,
+                                                   unsigned char *md))
+{
+    md->final = final;
+    return 1;
+}
+int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to,
+                                                 const EVP_MD_CTX *from))
+{
+    md->copy = copy;
+    return 1;
+}
+int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx))
+{
+    md->cleanup = cleanup;
+    return 1;
+}
+int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd,
+                                                 int p1, void *p2))
+{
+    md->md_ctrl = ctrl;
+    return 1;
+}
+
+int EVP_MD_meth_get_input_blocksize(const EVP_MD *md)
+{
+    return md->block_size;
+}
+int EVP_MD_meth_get_result_size(const EVP_MD *md)
+{
+    return md->md_size;
+}
+int EVP_MD_meth_get_app_datasize(const EVP_MD *md)
+{
+    return md->ctx_size;
+}
+unsigned long EVP_MD_meth_get_flags(const EVP_MD *md)
+{
+    return md->flags;
+}
+int (*EVP_MD_meth_get_init(const EVP_MD *md))(EVP_MD_CTX *ctx)
+{
+    return md->init;
+}
+int (*EVP_MD_meth_get_update(const EVP_MD *md))(EVP_MD_CTX *ctx,
+                                                const void *data,
+                                                size_t count)
+{
+    return md->update;
+}
+int (*EVP_MD_meth_get_final(const EVP_MD *md))(EVP_MD_CTX *ctx,
+                                               unsigned char *md)
+{
+    return md->final;
+}
+int (*EVP_MD_meth_get_copy(const EVP_MD *md))(EVP_MD_CTX *to,
+                                              const EVP_MD_CTX *from)
+{
+    return md->copy;
+}
+int (*EVP_MD_meth_get_cleanup(const EVP_MD *md))(EVP_MD_CTX *ctx)
+{
+    return md->cleanup;
+}
+int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
+                                              int p1, void *p2)
+{
+    return md->md_ctrl;
+}
+
+const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx)
+{
+    if (!ctx)
+        return NULL;
+    return ctx->digest;
+}
+
+EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx)
+{
+    return ctx->pctx;
+}
+
+void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx)
+{
+    /*
+     * it's reasonable to set NULL pctx (a.k.a clear the ctx->pctx), so
+     * we have to deal with the cleanup job here.
+     */
+    if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX))
+        EVP_PKEY_CTX_free(ctx->pctx);
+
+    ctx->pctx = pctx;
+
+    if (pctx != NULL) {
+        /* make sure pctx is not freed when destroying EVP_MD_CTX */
+        EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX);
+    } else {
+        EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX);
+    }
+}
+
+void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx)
+{
+    return ctx->md_data;
+}
+
+int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx,
+                                             const void *data, size_t count)
+{
+    return ctx->update;
+}
+
+void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx,
+                              int (*update) (EVP_MD_CTX *ctx,
+                                             const void *data, size_t count))
+{
+    ctx->update = update;
+}
+
+void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags)
+{
+    ctx->flags |= flags;
+}
+
+void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags)
+{
+    ctx->flags &= ~flags;
+}
+
+int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags)
+{
+    return (ctx->flags & flags);
+}
+
+void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags)
+{
+    ctx->flags |= flags;
+}
+
+void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags)
+{
+    ctx->flags &= ~flags;
+}
+
+int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags)
+{
+    return (ctx->flags & flags);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/evp_locl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/evp_locl.h
new file mode 100644
index 000000000..f1589d682
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/evp_locl.h
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* EVP_MD_CTX related stuff */
+
+struct evp_md_ctx_st {
+    const EVP_MD *digest;
+    ENGINE *engine;             /* functional reference if 'digest' is
+                                 * ENGINE-provided */
+    unsigned long flags;
+    void *md_data;
+    /* Public key context for sign/verify */
+    EVP_PKEY_CTX *pctx;
+    /* Update function: usually copied from EVP_MD */
+    int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count);
+} /* EVP_MD_CTX */ ;
+
+struct evp_cipher_ctx_st {
+    const EVP_CIPHER *cipher;
+    ENGINE *engine;             /* functional reference if 'cipher' is
+                                 * ENGINE-provided */
+    int encrypt;                /* encrypt or decrypt */
+    int buf_len;                /* number we have left */
+    unsigned char oiv[EVP_MAX_IV_LENGTH]; /* original iv */
+    unsigned char iv[EVP_MAX_IV_LENGTH]; /* working iv */
+    unsigned char buf[EVP_MAX_BLOCK_LENGTH]; /* saved partial block */
+    int num;                    /* used by cfb/ofb/ctr mode */
+    /* FIXME: Should this even exist? It appears unused */
+    void *app_data;             /* application stuff */
+    int key_len;                /* May change for variable length cipher */
+    unsigned long flags;        /* Various flags */
+    void *cipher_data;          /* per EVP data */
+    int final_used;
+    int block_mask;
+    unsigned char final[EVP_MAX_BLOCK_LENGTH]; /* possible final block */
+} /* EVP_CIPHER_CTX */ ;
+
+int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass,
+                             int passlen, ASN1_TYPE *param,
+                             const EVP_CIPHER *c, const EVP_MD *md,
+                             int en_de);
+
+struct evp_Encode_Ctx_st {
+    /* number saved in a partial encode/decode */
+    int num;
+    /*
+     * The length is either the output line length (in input bytes) or the
+     * shortest input line length that is ok.  Once decoding begins, the
+     * length is adjusted up each time a longer line is decoded
+     */
+    int length;
+    /* data to encode */
+    unsigned char enc_data[80];
+    /* number read on current line */
+    int line_num;
+    unsigned int flags;
+};
+
+typedef struct evp_pbe_st EVP_PBE_CTL;
+DEFINE_STACK_OF(EVP_PBE_CTL)
+
+int is_partially_overlapping(const void *ptr1, const void *ptr2, int len);
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/evp_pbe.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/evp_pbe.c
new file mode 100644
index 000000000..5a88817b4
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/evp_pbe.c
@@ -0,0 +1,262 @@
+/*
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/pkcs12.h>
+#include <openssl/x509.h>
+#include "evp_locl.h"
+
+/* Password based encryption (PBE) functions */
+
+/* Setup a cipher context from a PBE algorithm */
+
+struct evp_pbe_st {
+    int pbe_type;
+    int pbe_nid;
+    int cipher_nid;
+    int md_nid;
+    EVP_PBE_KEYGEN *keygen;
+};
+
+static STACK_OF(EVP_PBE_CTL) *pbe_algs;
+
+static const EVP_PBE_CTL builtin_pbe[] = {
+    {EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndDES_CBC,
+     NID_des_cbc, NID_md2, PKCS5_PBE_keyivgen},
+    {EVP_PBE_TYPE_OUTER, NID_pbeWithMD5AndDES_CBC,
+     NID_des_cbc, NID_md5, PKCS5_PBE_keyivgen},
+    {EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndRC2_CBC,
+     NID_rc2_64_cbc, NID_sha1, PKCS5_PBE_keyivgen},
+
+    {EVP_PBE_TYPE_OUTER, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen},
+
+    {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC4,
+     NID_rc4, NID_sha1, PKCS12_PBE_keyivgen},
+    {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And40BitRC4,
+     NID_rc4_40, NID_sha1, PKCS12_PBE_keyivgen},
+    {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
+     NID_des_ede3_cbc, NID_sha1, PKCS12_PBE_keyivgen},
+    {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And2_Key_TripleDES_CBC,
+     NID_des_ede_cbc, NID_sha1, PKCS12_PBE_keyivgen},
+    {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC2_CBC,
+     NID_rc2_cbc, NID_sha1, PKCS12_PBE_keyivgen},
+    {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And40BitRC2_CBC,
+     NID_rc2_40_cbc, NID_sha1, PKCS12_PBE_keyivgen},
+
+    {EVP_PBE_TYPE_OUTER, NID_pbes2, -1, -1, PKCS5_v2_PBE_keyivgen},
+
+    {EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndRC2_CBC,
+     NID_rc2_64_cbc, NID_md2, PKCS5_PBE_keyivgen},
+    {EVP_PBE_TYPE_OUTER, NID_pbeWithMD5AndRC2_CBC,
+     NID_rc2_64_cbc, NID_md5, PKCS5_PBE_keyivgen},
+    {EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndDES_CBC,
+     NID_des_cbc, NID_sha1, PKCS5_PBE_keyivgen},
+
+    {EVP_PBE_TYPE_PRF, NID_hmacWithSHA1, -1, NID_sha1, 0},
+    {EVP_PBE_TYPE_PRF, NID_hmac_md5, -1, NID_md5, 0},
+    {EVP_PBE_TYPE_PRF, NID_hmac_sha1, -1, NID_sha1, 0},
+    {EVP_PBE_TYPE_PRF, NID_hmacWithMD5, -1, NID_md5, 0},
+    {EVP_PBE_TYPE_PRF, NID_hmacWithSHA224, -1, NID_sha224, 0},
+    {EVP_PBE_TYPE_PRF, NID_hmacWithSHA256, -1, NID_sha256, 0},
+    {EVP_PBE_TYPE_PRF, NID_hmacWithSHA384, -1, NID_sha384, 0},
+    {EVP_PBE_TYPE_PRF, NID_hmacWithSHA512, -1, NID_sha512, 0},
+    {EVP_PBE_TYPE_PRF, NID_id_HMACGostR3411_94, -1, NID_id_GostR3411_94, 0},
+    {EVP_PBE_TYPE_PRF, NID_id_tc26_hmac_gost_3411_2012_256, -1,
+     NID_id_GostR3411_2012_256, 0},
+    {EVP_PBE_TYPE_PRF, NID_id_tc26_hmac_gost_3411_2012_512, -1,
+     NID_id_GostR3411_2012_512, 0},
+    {EVP_PBE_TYPE_PRF, NID_hmacWithSHA512_224, -1, NID_sha512_224, 0},
+    {EVP_PBE_TYPE_PRF, NID_hmacWithSHA512_256, -1, NID_sha512_256, 0},
+    {EVP_PBE_TYPE_KDF, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen},
+#ifndef OPENSSL_NO_SCRYPT
+    {EVP_PBE_TYPE_KDF, NID_id_scrypt, -1, -1, PKCS5_v2_scrypt_keyivgen}
+#endif
+};
+
+int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
+                       ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de)
+{
+    const EVP_CIPHER *cipher;
+    const EVP_MD *md;
+    int cipher_nid, md_nid;
+    EVP_PBE_KEYGEN *keygen;
+
+    if (!EVP_PBE_find(EVP_PBE_TYPE_OUTER, OBJ_obj2nid(pbe_obj),
+                      &cipher_nid, &md_nid, &keygen)) {
+        char obj_tmp[80];
+        EVPerr(EVP_F_EVP_PBE_CIPHERINIT, EVP_R_UNKNOWN_PBE_ALGORITHM);
+        if (!pbe_obj)
+            OPENSSL_strlcpy(obj_tmp, "NULL", sizeof(obj_tmp));
+        else
+            i2t_ASN1_OBJECT(obj_tmp, sizeof(obj_tmp), pbe_obj);
+        ERR_add_error_data(2, "TYPE=", obj_tmp);
+        return 0;
+    }
+
+    if (!pass)
+        passlen = 0;
+    else if (passlen == -1)
+        passlen = strlen(pass);
+
+    if (cipher_nid == -1)
+        cipher = NULL;
+    else {
+        cipher = EVP_get_cipherbynid(cipher_nid);
+        if (!cipher) {
+            EVPerr(EVP_F_EVP_PBE_CIPHERINIT, EVP_R_UNKNOWN_CIPHER);
+            return 0;
+        }
+    }
+
+    if (md_nid == -1)
+        md = NULL;
+    else {
+        md = EVP_get_digestbynid(md_nid);
+        if (!md) {
+            EVPerr(EVP_F_EVP_PBE_CIPHERINIT, EVP_R_UNKNOWN_DIGEST);
+            return 0;
+        }
+    }
+
+    if (!keygen(ctx, pass, passlen, param, cipher, md, en_de)) {
+        EVPerr(EVP_F_EVP_PBE_CIPHERINIT, EVP_R_KEYGEN_FAILURE);
+        return 0;
+    }
+    return 1;
+}
+
+DECLARE_OBJ_BSEARCH_CMP_FN(EVP_PBE_CTL, EVP_PBE_CTL, pbe2);
+
+static int pbe2_cmp(const EVP_PBE_CTL *pbe1, const EVP_PBE_CTL *pbe2)
+{
+    int ret = pbe1->pbe_type - pbe2->pbe_type;
+    if (ret)
+        return ret;
+    else
+        return pbe1->pbe_nid - pbe2->pbe_nid;
+}
+
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(EVP_PBE_CTL, EVP_PBE_CTL, pbe2);
+
+static int pbe_cmp(const EVP_PBE_CTL *const *a, const EVP_PBE_CTL *const *b)
+{
+    int ret = (*a)->pbe_type - (*b)->pbe_type;
+    if (ret)
+        return ret;
+    else
+        return (*a)->pbe_nid - (*b)->pbe_nid;
+}
+
+/* Add a PBE algorithm */
+
+int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid,
+                         int md_nid, EVP_PBE_KEYGEN *keygen)
+{
+    EVP_PBE_CTL *pbe_tmp;
+
+    if (pbe_algs == NULL) {
+        pbe_algs = sk_EVP_PBE_CTL_new(pbe_cmp);
+        if (pbe_algs == NULL)
+            goto err;
+    }
+
+    if ((pbe_tmp = OPENSSL_malloc(sizeof(*pbe_tmp))) == NULL)
+        goto err;
+
+    pbe_tmp->pbe_type = pbe_type;
+    pbe_tmp->pbe_nid = pbe_nid;
+    pbe_tmp->cipher_nid = cipher_nid;
+    pbe_tmp->md_nid = md_nid;
+    pbe_tmp->keygen = keygen;
+
+    if (!sk_EVP_PBE_CTL_push(pbe_algs, pbe_tmp)) {
+        OPENSSL_free(pbe_tmp);
+        goto err;
+    }
+    return 1;
+
+ err:
+    EVPerr(EVP_F_EVP_PBE_ALG_ADD_TYPE, ERR_R_MALLOC_FAILURE);
+    return 0;
+}
+
+int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,
+                    EVP_PBE_KEYGEN *keygen)
+{
+    int cipher_nid, md_nid;
+
+    if (cipher)
+        cipher_nid = EVP_CIPHER_nid(cipher);
+    else
+        cipher_nid = -1;
+    if (md)
+        md_nid = EVP_MD_type(md);
+    else
+        md_nid = -1;
+
+    return EVP_PBE_alg_add_type(EVP_PBE_TYPE_OUTER, nid,
+                                cipher_nid, md_nid, keygen);
+}
+
+int EVP_PBE_find(int type, int pbe_nid,
+                 int *pcnid, int *pmnid, EVP_PBE_KEYGEN **pkeygen)
+{
+    EVP_PBE_CTL *pbetmp = NULL, pbelu;
+    int i;
+    if (pbe_nid == NID_undef)
+        return 0;
+
+    pbelu.pbe_type = type;
+    pbelu.pbe_nid = pbe_nid;
+
+    if (pbe_algs != NULL) {
+        i = sk_EVP_PBE_CTL_find(pbe_algs, &pbelu);
+        pbetmp = sk_EVP_PBE_CTL_value(pbe_algs, i);
+    }
+    if (pbetmp == NULL) {
+        pbetmp = OBJ_bsearch_pbe2(&pbelu, builtin_pbe, OSSL_NELEM(builtin_pbe));
+    }
+    if (pbetmp == NULL)
+        return 0;
+    if (pcnid)
+        *pcnid = pbetmp->cipher_nid;
+    if (pmnid)
+        *pmnid = pbetmp->md_nid;
+    if (pkeygen)
+        *pkeygen = pbetmp->keygen;
+    return 1;
+}
+
+static void free_evp_pbe_ctl(EVP_PBE_CTL *pbe)
+{
+    OPENSSL_free(pbe);
+}
+
+void EVP_PBE_cleanup(void)
+{
+    sk_EVP_PBE_CTL_pop_free(pbe_algs, free_evp_pbe_ctl);
+    pbe_algs = NULL;
+}
+
+int EVP_PBE_get(int *ptype, int *ppbe_nid, size_t num)
+{
+    const EVP_PBE_CTL *tpbe;
+
+    if (num >= OSSL_NELEM(builtin_pbe))
+        return 0;
+
+    tpbe = builtin_pbe + num;
+    if (ptype)
+        *ptype = tpbe->pbe_type;
+    if (ppbe_nid)
+        *ppbe_nid = tpbe->pbe_nid;
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/evp_pkey.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/evp_pkey.c
new file mode 100644
index 000000000..e61a8761a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/evp_pkey.c
@@ -0,0 +1,149 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/rand.h>
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
+#include "internal/x509_int.h"
+
+/* Extract a private key from a PKCS8 structure */
+
+EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8)
+{
+    EVP_PKEY *pkey = NULL;
+    const ASN1_OBJECT *algoid;
+    char obj_tmp[80];
+
+    if (!PKCS8_pkey_get0(&algoid, NULL, NULL, NULL, p8))
+        return NULL;
+
+    if ((pkey = EVP_PKEY_new()) == NULL) {
+        EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if (!EVP_PKEY_set_type(pkey, OBJ_obj2nid(algoid))) {
+        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
+        i2t_ASN1_OBJECT(obj_tmp, 80, algoid);
+        ERR_add_error_data(2, "TYPE=", obj_tmp);
+        goto error;
+    }
+
+    if (pkey->ameth->priv_decode) {
+        if (!pkey->ameth->priv_decode(pkey, p8)) {
+            EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_PRIVATE_KEY_DECODE_ERROR);
+            goto error;
+        }
+    } else {
+        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_METHOD_NOT_SUPPORTED);
+        goto error;
+    }
+
+    return pkey;
+
+ error:
+    EVP_PKEY_free(pkey);
+    return NULL;
+}
+
+/* Turn a private key into a PKCS8 structure */
+
+PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey)
+{
+    PKCS8_PRIV_KEY_INFO *p8 = PKCS8_PRIV_KEY_INFO_new();
+    if (p8  == NULL) {
+        EVPerr(EVP_F_EVP_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if (pkey->ameth) {
+        if (pkey->ameth->priv_encode) {
+            if (!pkey->ameth->priv_encode(p8, pkey)) {
+                EVPerr(EVP_F_EVP_PKEY2PKCS8, EVP_R_PRIVATE_KEY_ENCODE_ERROR);
+                goto error;
+            }
+        } else {
+            EVPerr(EVP_F_EVP_PKEY2PKCS8, EVP_R_METHOD_NOT_SUPPORTED);
+            goto error;
+        }
+    } else {
+        EVPerr(EVP_F_EVP_PKEY2PKCS8, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
+        goto error;
+    }
+    return p8;
+ error:
+    PKCS8_PRIV_KEY_INFO_free(p8);
+    return NULL;
+}
+
+/* EVP_PKEY attribute functions */
+
+int EVP_PKEY_get_attr_count(const EVP_PKEY *key)
+{
+    return X509at_get_attr_count(key->attributes);
+}
+
+int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, int lastpos)
+{
+    return X509at_get_attr_by_NID(key->attributes, nid, lastpos);
+}
+
+int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, const ASN1_OBJECT *obj,
+                             int lastpos)
+{
+    return X509at_get_attr_by_OBJ(key->attributes, obj, lastpos);
+}
+
+X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc)
+{
+    return X509at_get_attr(key->attributes, loc);
+}
+
+X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc)
+{
+    return X509at_delete_attr(key->attributes, loc);
+}
+
+int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr)
+{
+    if (X509at_add1_attr(&key->attributes, attr))
+        return 1;
+    return 0;
+}
+
+int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key,
+                              const ASN1_OBJECT *obj, int type,
+                              const unsigned char *bytes, int len)
+{
+    if (X509at_add1_attr_by_OBJ(&key->attributes, obj, type, bytes, len))
+        return 1;
+    return 0;
+}
+
+int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key,
+                              int nid, int type,
+                              const unsigned char *bytes, int len)
+{
+    if (X509at_add1_attr_by_NID(&key->attributes, nid, type, bytes, len))
+        return 1;
+    return 0;
+}
+
+int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key,
+                              const char *attrname, int type,
+                              const unsigned char *bytes, int len)
+{
+    if (X509at_add1_attr_by_txt(&key->attributes, attrname, type, bytes, len))
+        return 1;
+    return 0;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_md2.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_md2.c
new file mode 100644
index 000000000..c4e28ae17
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_md2.c
@@ -0,0 +1,56 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_MD2
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include <openssl/x509.h>
+# include <openssl/md2.h>
+# include <openssl/rsa.h>
+
+#include "internal/evp_int.h"
+
+static int init(EVP_MD_CTX *ctx)
+{
+    return MD2_Init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return MD2_Update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return MD2_Final(md, EVP_MD_CTX_md_data(ctx));
+}
+
+static const EVP_MD md2_md = {
+    NID_md2,
+    NID_md2WithRSAEncryption,
+    MD2_DIGEST_LENGTH,
+    0,
+    init,
+    update,
+    final,
+    NULL,
+    NULL,
+    MD2_BLOCK,
+    sizeof(EVP_MD *) + sizeof(MD2_CTX),
+};
+
+const EVP_MD *EVP_md2(void)
+{
+    return &md2_md;
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_md4.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_md4.c
new file mode 100644
index 000000000..0efc586db
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_md4.c
@@ -0,0 +1,55 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_MD4
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include <openssl/x509.h>
+# include <openssl/md4.h>
+# include <openssl/rsa.h>
+# include "internal/evp_int.h"
+
+static int init(EVP_MD_CTX *ctx)
+{
+    return MD4_Init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return MD4_Update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return MD4_Final(md, EVP_MD_CTX_md_data(ctx));
+}
+
+static const EVP_MD md4_md = {
+    NID_md4,
+    NID_md4WithRSAEncryption,
+    MD4_DIGEST_LENGTH,
+    0,
+    init,
+    update,
+    final,
+    NULL,
+    NULL,
+    MD4_CBLOCK,
+    sizeof(EVP_MD *) + sizeof(MD4_CTX),
+};
+
+const EVP_MD *EVP_md4(void)
+{
+    return &md4_md;
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_md5.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_md5.c
new file mode 100644
index 000000000..3d96ae93b
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_md5.c
@@ -0,0 +1,55 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_MD5
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include <openssl/x509.h>
+# include <openssl/md5.h>
+# include <openssl/rsa.h>
+# include "internal/evp_int.h"
+
+static int init(EVP_MD_CTX *ctx)
+{
+    return MD5_Init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return MD5_Update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return MD5_Final(md, EVP_MD_CTX_md_data(ctx));
+}
+
+static const EVP_MD md5_md = {
+    NID_md5,
+    NID_md5WithRSAEncryption,
+    MD5_DIGEST_LENGTH,
+    0,
+    init,
+    update,
+    final,
+    NULL,
+    NULL,
+    MD5_CBLOCK,
+    sizeof(EVP_MD *) + sizeof(MD5_CTX),
+};
+
+const EVP_MD *EVP_md5(void)
+{
+    return &md5_md;
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_md5_sha1.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_md5_sha1.c
new file mode 100644
index 000000000..2d98886ba
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_md5_sha1.c
@@ -0,0 +1,142 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#if !defined(OPENSSL_NO_MD5)
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include <openssl/x509.h>
+# include <openssl/md5.h>
+# include <openssl/sha.h>
+# include "internal/cryptlib.h"
+# include "internal/evp_int.h"
+# include <openssl/rsa.h>
+
+struct md5_sha1_ctx {
+    MD5_CTX md5;
+    SHA_CTX sha1;
+};
+
+static int init(EVP_MD_CTX *ctx)
+{
+    struct md5_sha1_ctx *mctx = EVP_MD_CTX_md_data(ctx);
+    if (!MD5_Init(&mctx->md5))
+        return 0;
+    return SHA1_Init(&mctx->sha1);
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    struct md5_sha1_ctx *mctx = EVP_MD_CTX_md_data(ctx);
+    if (!MD5_Update(&mctx->md5, data, count))
+        return 0;
+    return SHA1_Update(&mctx->sha1, data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    struct md5_sha1_ctx *mctx = EVP_MD_CTX_md_data(ctx);
+    if (!MD5_Final(md, &mctx->md5))
+        return 0;
+    return SHA1_Final(md + MD5_DIGEST_LENGTH, &mctx->sha1);
+}
+
+static int ctrl(EVP_MD_CTX *ctx, int cmd, int mslen, void *ms)
+{
+    unsigned char padtmp[48];
+    unsigned char md5tmp[MD5_DIGEST_LENGTH];
+    unsigned char sha1tmp[SHA_DIGEST_LENGTH];
+    struct md5_sha1_ctx *mctx;
+
+    if (cmd != EVP_CTRL_SSL3_MASTER_SECRET)
+        return -2;
+
+    if (ctx == NULL)
+        return 0;
+
+    mctx = EVP_MD_CTX_md_data(ctx);
+
+    /* SSLv3 client auth handling: see RFC-6101 5.6.8 */
+    if (mslen != 48)
+        return 0;
+
+    /* At this point hash contains all handshake messages, update
+     * with master secret and pad_1.
+     */
+
+    if (update(ctx, ms, mslen) <= 0)
+        return 0;
+
+    /* Set padtmp to pad_1 value */
+    memset(padtmp, 0x36, sizeof(padtmp));
+
+    if (!MD5_Update(&mctx->md5, padtmp, sizeof(padtmp)))
+        return 0;
+
+    if (!MD5_Final(md5tmp, &mctx->md5))
+        return 0;
+
+    if (!SHA1_Update(&mctx->sha1, padtmp, 40))
+        return 0;
+
+    if (!SHA1_Final(sha1tmp, &mctx->sha1))
+        return 0;
+
+    /* Reinitialise context */
+
+    if (!init(ctx))
+        return 0;
+
+    if (update(ctx, ms, mslen) <= 0)
+        return 0;
+
+    /* Set padtmp to pad_2 value */
+    memset(padtmp, 0x5c, sizeof(padtmp));
+
+    if (!MD5_Update(&mctx->md5, padtmp, sizeof(padtmp)))
+        return 0;
+
+    if (!MD5_Update(&mctx->md5, md5tmp, sizeof(md5tmp)))
+        return 0;
+
+    if (!SHA1_Update(&mctx->sha1, padtmp, 40))
+        return 0;
+
+    if (!SHA1_Update(&mctx->sha1, sha1tmp, sizeof(sha1tmp)))
+        return 0;
+
+    /* Now when ctx is finalised it will return the SSL v3 hash value */
+
+    OPENSSL_cleanse(md5tmp, sizeof(md5tmp));
+    OPENSSL_cleanse(sha1tmp, sizeof(sha1tmp));
+
+    return 1;
+
+}
+
+static const EVP_MD md5_sha1_md = {
+    NID_md5_sha1,
+    NID_md5_sha1,
+    MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
+    0,
+    init,
+    update,
+    final,
+    NULL,
+    NULL,
+    MD5_CBLOCK,
+    sizeof(EVP_MD *) + sizeof(struct md5_sha1_ctx),
+    ctrl
+};
+
+const EVP_MD *EVP_md5_sha1(void)
+{
+    return &md5_sha1_md;
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_mdc2.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_mdc2.c
new file mode 100644
index 000000000..1051a9070
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_mdc2.c
@@ -0,0 +1,55 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_MDC2
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include <openssl/x509.h>
+# include <openssl/mdc2.h>
+# include <openssl/rsa.h>
+# include "internal/evp_int.h"
+
+static int init(EVP_MD_CTX *ctx)
+{
+    return MDC2_Init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return MDC2_Update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return MDC2_Final(md, EVP_MD_CTX_md_data(ctx));
+}
+
+static const EVP_MD mdc2_md = {
+    NID_mdc2,
+    NID_mdc2WithRSA,
+    MDC2_DIGEST_LENGTH,
+    0,
+    init,
+    update,
+    final,
+    NULL,
+    NULL,
+    MDC2_BLOCK,
+    sizeof(EVP_MD *) + sizeof(MDC2_CTX),
+};
+
+const EVP_MD *EVP_mdc2(void)
+{
+    return &mdc2_md;
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_null.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_null.c
new file mode 100644
index 000000000..5dce1d510
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_null.c
@@ -0,0 +1,49 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include "internal/evp_int.h"
+
+static int init(EVP_MD_CTX *ctx)
+{
+    return 1;
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return 1;
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return 1;
+}
+
+static const EVP_MD null_md = {
+    NID_undef,
+    NID_undef,
+    0,
+    0,
+    init,
+    update,
+    final,
+    NULL,
+    NULL,
+    0,
+    sizeof(EVP_MD *),
+};
+
+const EVP_MD *EVP_md_null(void)
+{
+    return &null_md;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_ripemd.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_ripemd.c
new file mode 100644
index 000000000..7ab320843
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_ripemd.c
@@ -0,0 +1,55 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_RMD160
+
+# include <openssl/ripemd.h>
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include <openssl/x509.h>
+# include <openssl/rsa.h>
+# include "internal/evp_int.h"
+
+static int init(EVP_MD_CTX *ctx)
+{
+    return RIPEMD160_Init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return RIPEMD160_Update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return RIPEMD160_Final(md, EVP_MD_CTX_md_data(ctx));
+}
+
+static const EVP_MD ripemd160_md = {
+    NID_ripemd160,
+    NID_ripemd160WithRSA,
+    RIPEMD160_DIGEST_LENGTH,
+    0,
+    init,
+    update,
+    final,
+    NULL,
+    NULL,
+    RIPEMD160_CBLOCK,
+    sizeof(EVP_MD *) + sizeof(RIPEMD160_CTX),
+};
+
+const EVP_MD *EVP_ripemd160(void)
+{
+    return &ripemd160_md;
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_sha1.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_sha1.c
new file mode 100644
index 000000000..ac5241785
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_sha1.c
@@ -0,0 +1,297 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/sha.h>
+#include <openssl/rsa.h>
+#include "internal/evp_int.h"
+#include "internal/sha.h"
+
+static int init(EVP_MD_CTX *ctx)
+{
+    return SHA1_Init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return SHA1_Update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return SHA1_Final(md, EVP_MD_CTX_md_data(ctx));
+}
+
+static int ctrl(EVP_MD_CTX *ctx, int cmd, int mslen, void *ms)
+{
+    unsigned char padtmp[40];
+    unsigned char sha1tmp[SHA_DIGEST_LENGTH];
+
+    SHA_CTX *sha1;
+
+    if (cmd != EVP_CTRL_SSL3_MASTER_SECRET)
+        return -2;
+
+    if (ctx == NULL)
+        return 0;
+
+    sha1 = EVP_MD_CTX_md_data(ctx);
+
+    /* SSLv3 client auth handling: see RFC-6101 5.6.8 */
+    if (mslen != 48)
+        return 0;
+
+    /* At this point hash contains all handshake messages, update
+     * with master secret and pad_1.
+     */
+
+    if (SHA1_Update(sha1, ms, mslen) <= 0)
+        return 0;
+
+    /* Set padtmp to pad_1 value */
+    memset(padtmp, 0x36, sizeof(padtmp));
+
+    if (!SHA1_Update(sha1, padtmp, sizeof(padtmp)))
+        return 0;
+
+    if (!SHA1_Final(sha1tmp, sha1))
+        return 0;
+
+    /* Reinitialise context */
+
+    if (!SHA1_Init(sha1))
+        return 0;
+
+    if (SHA1_Update(sha1, ms, mslen) <= 0)
+        return 0;
+
+    /* Set padtmp to pad_2 value */
+    memset(padtmp, 0x5c, sizeof(padtmp));
+
+    if (!SHA1_Update(sha1, padtmp, sizeof(padtmp)))
+        return 0;
+
+    if (!SHA1_Update(sha1, sha1tmp, sizeof(sha1tmp)))
+        return 0;
+
+    /* Now when ctx is finalised it will return the SSL v3 hash value */
+    OPENSSL_cleanse(sha1tmp, sizeof(sha1tmp));
+
+    return 1;
+
+}
+
+static const EVP_MD sha1_md = {
+    NID_sha1,
+    NID_sha1WithRSAEncryption,
+    SHA_DIGEST_LENGTH,
+    EVP_MD_FLAG_DIGALGID_ABSENT,
+    init,
+    update,
+    final,
+    NULL,
+    NULL,
+    SHA_CBLOCK,
+    sizeof(EVP_MD *) + sizeof(SHA_CTX),
+    ctrl
+};
+
+const EVP_MD *EVP_sha1(void)
+{
+    return &sha1_md;
+}
+
+static int init224(EVP_MD_CTX *ctx)
+{
+    return SHA224_Init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int update224(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return SHA224_Update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int final224(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return SHA224_Final(md, EVP_MD_CTX_md_data(ctx));
+}
+
+static int init256(EVP_MD_CTX *ctx)
+{
+    return SHA256_Init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int update256(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return SHA256_Update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int final256(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return SHA256_Final(md, EVP_MD_CTX_md_data(ctx));
+}
+
+static const EVP_MD sha224_md = {
+    NID_sha224,
+    NID_sha224WithRSAEncryption,
+    SHA224_DIGEST_LENGTH,
+    EVP_MD_FLAG_DIGALGID_ABSENT,
+    init224,
+    update224,
+    final224,
+    NULL,
+    NULL,
+    SHA256_CBLOCK,
+    sizeof(EVP_MD *) + sizeof(SHA256_CTX),
+};
+
+const EVP_MD *EVP_sha224(void)
+{
+    return &sha224_md;
+}
+
+static const EVP_MD sha256_md = {
+    NID_sha256,
+    NID_sha256WithRSAEncryption,
+    SHA256_DIGEST_LENGTH,
+    EVP_MD_FLAG_DIGALGID_ABSENT,
+    init256,
+    update256,
+    final256,
+    NULL,
+    NULL,
+    SHA256_CBLOCK,
+    sizeof(EVP_MD *) + sizeof(SHA256_CTX),
+};
+
+const EVP_MD *EVP_sha256(void)
+{
+    return &sha256_md;
+}
+
+static int init512_224(EVP_MD_CTX *ctx)
+{
+    return sha512_224_init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int init512_256(EVP_MD_CTX *ctx)
+{
+    return sha512_256_init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int init384(EVP_MD_CTX *ctx)
+{
+    return SHA384_Init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int update384(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return SHA384_Update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int final384(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return SHA384_Final(md, EVP_MD_CTX_md_data(ctx));
+}
+
+static int init512(EVP_MD_CTX *ctx)
+{
+    return SHA512_Init(EVP_MD_CTX_md_data(ctx));
+}
+
+/* See comment in SHA224/256 section */
+static int update512(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return SHA512_Update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int final512(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return SHA512_Final(md, EVP_MD_CTX_md_data(ctx));
+}
+
+static const EVP_MD sha512_224_md = {
+    NID_sha512_224,
+    NID_sha512_224WithRSAEncryption,
+    SHA224_DIGEST_LENGTH,
+    EVP_MD_FLAG_DIGALGID_ABSENT,
+    init512_224,
+    update512,
+    final512,
+    NULL,
+    NULL,
+    SHA512_CBLOCK,
+    sizeof(EVP_MD *) + sizeof(SHA512_CTX),
+};
+
+const EVP_MD *EVP_sha512_224(void)
+{
+    return &sha512_224_md;
+}
+
+static const EVP_MD sha512_256_md = {
+    NID_sha512_256,
+    NID_sha512_256WithRSAEncryption,
+    SHA256_DIGEST_LENGTH,
+    EVP_MD_FLAG_DIGALGID_ABSENT,
+    init512_256,
+    update512,
+    final512,
+    NULL,
+    NULL,
+    SHA512_CBLOCK,
+    sizeof(EVP_MD *) + sizeof(SHA512_CTX),
+};
+
+const EVP_MD *EVP_sha512_256(void)
+{
+    return &sha512_256_md;
+}
+
+static const EVP_MD sha384_md = {
+    NID_sha384,
+    NID_sha384WithRSAEncryption,
+    SHA384_DIGEST_LENGTH,
+    EVP_MD_FLAG_DIGALGID_ABSENT,
+    init384,
+    update384,
+    final384,
+    NULL,
+    NULL,
+    SHA512_CBLOCK,
+    sizeof(EVP_MD *) + sizeof(SHA512_CTX),
+};
+
+const EVP_MD *EVP_sha384(void)
+{
+    return &sha384_md;
+}
+
+static const EVP_MD sha512_md = {
+    NID_sha512,
+    NID_sha512WithRSAEncryption,
+    SHA512_DIGEST_LENGTH,
+    EVP_MD_FLAG_DIGALGID_ABSENT,
+    init512,
+    update512,
+    final512,
+    NULL,
+    NULL,
+    SHA512_CBLOCK,
+    sizeof(EVP_MD *) + sizeof(SHA512_CTX),
+};
+
+const EVP_MD *EVP_sha512(void)
+{
+    return &sha512_md;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_sha3.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_sha3.c
new file mode 100644
index 000000000..31379c0f6
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_sha3.c
@@ -0,0 +1,406 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include "internal/evp_int.h"
+#include "evp_locl.h"
+
+size_t SHA3_absorb(uint64_t A[5][5], const unsigned char *inp, size_t len,
+                   size_t r);
+void SHA3_squeeze(uint64_t A[5][5], unsigned char *out, size_t len, size_t r);
+
+#define KECCAK1600_WIDTH 1600
+
+typedef struct {
+    uint64_t A[5][5];
+    size_t block_size;          /* cached ctx->digest->block_size */
+    size_t md_size;             /* output length, variable in XOF */
+    size_t num;                 /* used bytes in below buffer */
+    unsigned char buf[KECCAK1600_WIDTH / 8 - 32];
+    unsigned char pad;
+} KECCAK1600_CTX;
+
+static int init(EVP_MD_CTX *evp_ctx, unsigned char pad)
+{
+    KECCAK1600_CTX *ctx = evp_ctx->md_data;
+    size_t bsz = evp_ctx->digest->block_size;
+
+    if (bsz <= sizeof(ctx->buf)) {
+        memset(ctx->A, 0, sizeof(ctx->A));
+
+        ctx->num = 0;
+        ctx->block_size = bsz;
+        ctx->md_size = evp_ctx->digest->md_size;
+        ctx->pad = pad;
+
+        return 1;
+    }
+
+    return 0;
+}
+
+static int sha3_init(EVP_MD_CTX *evp_ctx)
+{
+    return init(evp_ctx, '\x06');
+}
+
+static int shake_init(EVP_MD_CTX *evp_ctx)
+{
+    return init(evp_ctx, '\x1f');
+}
+
+static int sha3_update(EVP_MD_CTX *evp_ctx, const void *_inp, size_t len)
+{
+    KECCAK1600_CTX *ctx = evp_ctx->md_data;
+    const unsigned char *inp = _inp;
+    size_t bsz = ctx->block_size;
+    size_t num, rem;
+
+    if (len == 0)
+        return 1;
+
+    if ((num = ctx->num) != 0) {      /* process intermediate buffer? */
+        rem = bsz - num;
+
+        if (len < rem) {
+            memcpy(ctx->buf + num, inp, len);
+            ctx->num += len;
+            return 1;
+        }
+        /*
+         * We have enough data to fill or overflow the intermediate
+         * buffer. So we append |rem| bytes and process the block,
+         * leaving the rest for later processing...
+         */
+        memcpy(ctx->buf + num, inp, rem);
+        inp += rem, len -= rem;
+        (void)SHA3_absorb(ctx->A, ctx->buf, bsz, bsz);
+        ctx->num = 0;
+        /* ctx->buf is processed, ctx->num is guaranteed to be zero */
+    }
+
+    if (len >= bsz)
+        rem = SHA3_absorb(ctx->A, inp, len, bsz);
+    else
+        rem = len;
+
+    if (rem) {
+        memcpy(ctx->buf, inp + len - rem, rem);
+        ctx->num = rem;
+    }
+
+    return 1;
+}
+
+static int sha3_final(EVP_MD_CTX *evp_ctx, unsigned char *md)
+{
+    KECCAK1600_CTX *ctx = evp_ctx->md_data;
+    size_t bsz = ctx->block_size;
+    size_t num = ctx->num;
+
+    /*
+     * Pad the data with 10*1. Note that |num| can be |bsz - 1|
+     * in which case both byte operations below are performed on
+     * same byte...
+     */
+    memset(ctx->buf + num, 0, bsz - num);
+    ctx->buf[num] = ctx->pad;
+    ctx->buf[bsz - 1] |= 0x80;
+
+    (void)SHA3_absorb(ctx->A, ctx->buf, bsz, bsz);
+
+    SHA3_squeeze(ctx->A, md, ctx->md_size, bsz);
+
+    return 1;
+}
+
+static int shake_ctrl(EVP_MD_CTX *evp_ctx, int cmd, int p1, void *p2)
+{
+    KECCAK1600_CTX *ctx = evp_ctx->md_data;
+
+    switch (cmd) {
+    case EVP_MD_CTRL_XOF_LEN:
+        ctx->md_size = p1;
+        return 1;
+    default:
+        return 0;
+    }
+}
+
+#if defined(OPENSSL_CPUID_OBJ) && defined(__s390__) && defined(KECCAK1600_ASM)
+/*
+ * IBM S390X support
+ */
+# include "s390x_arch.h"
+
+# define S390X_SHA3_FC(ctx)     ((ctx)->pad)
+
+# define S390X_sha3_224_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] &      \
+                                  S390X_CAPBIT(S390X_SHA3_224)) &&  \
+                                 (OPENSSL_s390xcap_P.klmd[0] &      \
+                                  S390X_CAPBIT(S390X_SHA3_224)))
+# define S390X_sha3_256_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] &      \
+                                  S390X_CAPBIT(S390X_SHA3_256)) &&  \
+                                 (OPENSSL_s390xcap_P.klmd[0] &      \
+                                  S390X_CAPBIT(S390X_SHA3_256)))
+# define S390X_sha3_384_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] &      \
+                                  S390X_CAPBIT(S390X_SHA3_384)) &&  \
+                                 (OPENSSL_s390xcap_P.klmd[0] &      \
+                                  S390X_CAPBIT(S390X_SHA3_384)))
+# define S390X_sha3_512_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] &      \
+                                  S390X_CAPBIT(S390X_SHA3_512)) &&  \
+                                 (OPENSSL_s390xcap_P.klmd[0] &      \
+                                  S390X_CAPBIT(S390X_SHA3_512)))
+# define S390X_shake128_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] &      \
+                                  S390X_CAPBIT(S390X_SHAKE_128)) && \
+                                 (OPENSSL_s390xcap_P.klmd[0] &      \
+                                  S390X_CAPBIT(S390X_SHAKE_128)))
+# define S390X_shake256_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] &      \
+                                  S390X_CAPBIT(S390X_SHAKE_256)) && \
+                                 (OPENSSL_s390xcap_P.klmd[0] &      \
+                                  S390X_CAPBIT(S390X_SHAKE_256)))
+
+/* Convert md-size to block-size. */
+# define S390X_KECCAK1600_BSZ(n) ((KECCAK1600_WIDTH - ((n) << 1)) >> 3)
+
+static int s390x_sha3_init(EVP_MD_CTX *evp_ctx)
+{
+    KECCAK1600_CTX *ctx = evp_ctx->md_data;
+    const size_t bsz = evp_ctx->digest->block_size;
+
+    /*-
+     * KECCAK1600_CTX structure's pad field is used to store the KIMD/KLMD
+     * function code.
+     */
+    switch (bsz) {
+    case S390X_KECCAK1600_BSZ(224):
+        ctx->pad = S390X_SHA3_224;
+        break;
+    case S390X_KECCAK1600_BSZ(256):
+        ctx->pad = S390X_SHA3_256;
+        break;
+    case S390X_KECCAK1600_BSZ(384):
+        ctx->pad = S390X_SHA3_384;
+        break;
+    case S390X_KECCAK1600_BSZ(512):
+        ctx->pad = S390X_SHA3_512;
+        break;
+    default:
+        return 0;
+    }
+
+    memset(ctx->A, 0, sizeof(ctx->A));
+    ctx->num = 0;
+    ctx->block_size = bsz;
+    ctx->md_size = evp_ctx->digest->md_size;
+    return 1;
+}
+
+static int s390x_shake_init(EVP_MD_CTX *evp_ctx)
+{
+    KECCAK1600_CTX *ctx = evp_ctx->md_data;
+    const size_t bsz = evp_ctx->digest->block_size;
+
+    /*-
+     * KECCAK1600_CTX structure's pad field is used to store the KIMD/KLMD
+     * function code.
+     */
+    switch (bsz) {
+    case S390X_KECCAK1600_BSZ(128):
+        ctx->pad = S390X_SHAKE_128;
+        break;
+    case S390X_KECCAK1600_BSZ(256):
+        ctx->pad = S390X_SHAKE_256;
+        break;
+    default:
+        return 0;
+    }
+
+    memset(ctx->A, 0, sizeof(ctx->A));
+    ctx->num = 0;
+    ctx->block_size = bsz;
+    ctx->md_size = evp_ctx->digest->md_size;
+    return 1;
+}
+
+static int s390x_sha3_update(EVP_MD_CTX *evp_ctx, const void *_inp, size_t len)
+{
+    KECCAK1600_CTX *ctx = evp_ctx->md_data;
+    const unsigned char *inp = _inp;
+    const size_t bsz = ctx->block_size;
+    size_t num, rem;
+
+    if (len == 0)
+        return 1;
+
+    if ((num = ctx->num) != 0) {
+        rem = bsz - num;
+
+        if (len < rem) {
+            memcpy(ctx->buf + num, inp, len);
+            ctx->num += len;
+            return 1;
+        }
+        memcpy(ctx->buf + num, inp, rem);
+        inp += rem;
+        len -= rem;
+        s390x_kimd(ctx->buf, bsz, ctx->pad, ctx->A);
+        ctx->num = 0;
+    }
+    rem = len % bsz;
+
+    s390x_kimd(inp, len - rem, ctx->pad, ctx->A);
+
+    if (rem) {
+        memcpy(ctx->buf, inp + len - rem, rem);
+        ctx->num = rem;
+    }
+    return 1;
+}
+
+static int s390x_sha3_final(EVP_MD_CTX *evp_ctx, unsigned char *md)
+{
+    KECCAK1600_CTX *ctx = evp_ctx->md_data;
+
+    s390x_klmd(ctx->buf, ctx->num, NULL, 0, ctx->pad, ctx->A);
+    memcpy(md, ctx->A, ctx->md_size);
+    return 1;
+}
+
+static int s390x_shake_final(EVP_MD_CTX *evp_ctx, unsigned char *md)
+{
+    KECCAK1600_CTX *ctx = evp_ctx->md_data;
+
+    s390x_klmd(ctx->buf, ctx->num, md, ctx->md_size, ctx->pad, ctx->A);
+    return 1;
+}
+
+# define EVP_MD_SHA3(bitlen)                         \
+const EVP_MD *EVP_sha3_##bitlen(void)                \
+{                                                    \
+    static const EVP_MD s390x_sha3_##bitlen##_md = { \
+        NID_sha3_##bitlen,                           \
+        NID_RSA_SHA3_##bitlen,                       \
+        bitlen / 8,                                  \
+        EVP_MD_FLAG_DIGALGID_ABSENT,                 \
+        s390x_sha3_init,                             \
+        s390x_sha3_update,                           \
+        s390x_sha3_final,                            \
+        NULL,                                        \
+        NULL,                                        \
+        (KECCAK1600_WIDTH - bitlen * 2) / 8,         \
+        sizeof(KECCAK1600_CTX),                      \
+    };                                               \
+    static const EVP_MD sha3_##bitlen##_md = {       \
+        NID_sha3_##bitlen,                           \
+        NID_RSA_SHA3_##bitlen,                       \
+        bitlen / 8,                                  \
+        EVP_MD_FLAG_DIGALGID_ABSENT,                 \
+        sha3_init,                                   \
+        sha3_update,                                 \
+        sha3_final,                                  \
+        NULL,                                        \
+        NULL,                                        \
+        (KECCAK1600_WIDTH - bitlen * 2) / 8,         \
+        sizeof(KECCAK1600_CTX),                      \
+    };                                               \
+    return S390X_sha3_##bitlen##_CAPABLE ?           \
+           &s390x_sha3_##bitlen##_md :               \
+           &sha3_##bitlen##_md;                      \
+}
+
+# define EVP_MD_SHAKE(bitlen)                        \
+const EVP_MD *EVP_shake##bitlen(void)                \
+{                                                    \
+    static const EVP_MD s390x_shake##bitlen##_md = { \
+        NID_shake##bitlen,                           \
+        0,                                           \
+        bitlen / 8,                                  \
+        EVP_MD_FLAG_XOF,                             \
+        s390x_shake_init,                            \
+        s390x_sha3_update,                           \
+        s390x_shake_final,                           \
+        NULL,                                        \
+        NULL,                                        \
+        (KECCAK1600_WIDTH - bitlen * 2) / 8,         \
+        sizeof(KECCAK1600_CTX),                      \
+        shake_ctrl                                   \
+    };                                               \
+    static const EVP_MD shake##bitlen##_md = {       \
+        NID_shake##bitlen,                           \
+        0,                                           \
+        bitlen / 8,                                  \
+        EVP_MD_FLAG_XOF,                             \
+        shake_init,                                  \
+        sha3_update,                                 \
+        sha3_final,                                  \
+        NULL,                                        \
+        NULL,                                        \
+        (KECCAK1600_WIDTH - bitlen * 2) / 8,         \
+        sizeof(KECCAK1600_CTX),                      \
+        shake_ctrl                                   \
+    };                                               \
+    return S390X_shake##bitlen##_CAPABLE ?           \
+           &s390x_shake##bitlen##_md :               \
+           &shake##bitlen##_md;                      \
+}
+
+#else
+
+# define EVP_MD_SHA3(bitlen)                    \
+const EVP_MD *EVP_sha3_##bitlen(void)           \
+{                                               \
+    static const EVP_MD sha3_##bitlen##_md = {  \
+        NID_sha3_##bitlen,                      \
+        NID_RSA_SHA3_##bitlen,                  \
+        bitlen / 8,                             \
+        EVP_MD_FLAG_DIGALGID_ABSENT,            \
+        sha3_init,                              \
+        sha3_update,                            \
+        sha3_final,                             \
+        NULL,                                   \
+        NULL,                                   \
+        (KECCAK1600_WIDTH - bitlen * 2) / 8,    \
+        sizeof(KECCAK1600_CTX),                 \
+    };                                          \
+    return &sha3_##bitlen##_md;                 \
+}
+
+# define EVP_MD_SHAKE(bitlen)                   \
+const EVP_MD *EVP_shake##bitlen(void)           \
+{                                               \
+    static const EVP_MD shake##bitlen##_md = {  \
+        NID_shake##bitlen,                      \
+        0,                                      \
+        bitlen / 8,                             \
+        EVP_MD_FLAG_XOF,                        \
+        shake_init,                             \
+        sha3_update,                            \
+        sha3_final,                             \
+        NULL,                                   \
+        NULL,                                   \
+        (KECCAK1600_WIDTH - bitlen * 2) / 8,    \
+        sizeof(KECCAK1600_CTX),                 \
+        shake_ctrl                              \
+    };                                          \
+    return &shake##bitlen##_md;                 \
+}
+#endif
+
+EVP_MD_SHA3(224)
+EVP_MD_SHA3(256)
+EVP_MD_SHA3(384)
+EVP_MD_SHA3(512)
+
+EVP_MD_SHAKE(128)
+EVP_MD_SHAKE(256)
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_sigver.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_sigver.c
new file mode 100644
index 000000000..94e37f02b
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_sigver.c
@@ -0,0 +1,218 @@
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include "internal/evp_int.h"
+#include "evp_locl.h"
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen)
+{
+    EVPerr(EVP_F_UPDATE, EVP_R_ONLY_ONESHOT_SUPPORTED);
+    return 0;
+}
+
+static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                          const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey,
+                          int ver)
+{
+    if (ctx->pctx == NULL)
+        ctx->pctx = EVP_PKEY_CTX_new(pkey, e);
+    if (ctx->pctx == NULL)
+        return 0;
+
+    if (!(ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM)) {
+
+        if (type == NULL) {
+            int def_nid;
+            if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0)
+                type = EVP_get_digestbynid(def_nid);
+        }
+
+        if (type == NULL) {
+            EVPerr(EVP_F_DO_SIGVER_INIT, EVP_R_NO_DEFAULT_DIGEST);
+            return 0;
+        }
+    }
+
+    if (ver) {
+        if (ctx->pctx->pmeth->verifyctx_init) {
+            if (ctx->pctx->pmeth->verifyctx_init(ctx->pctx, ctx) <= 0)
+                return 0;
+            ctx->pctx->operation = EVP_PKEY_OP_VERIFYCTX;
+        } else if (ctx->pctx->pmeth->digestverify != 0) {
+            ctx->pctx->operation = EVP_PKEY_OP_VERIFY;
+            ctx->update = update;
+        } else if (EVP_PKEY_verify_init(ctx->pctx) <= 0) {
+            return 0;
+        }
+    } else {
+        if (ctx->pctx->pmeth->signctx_init) {
+            if (ctx->pctx->pmeth->signctx_init(ctx->pctx, ctx) <= 0)
+                return 0;
+            ctx->pctx->operation = EVP_PKEY_OP_SIGNCTX;
+        } else if (ctx->pctx->pmeth->digestsign != 0) {
+            ctx->pctx->operation = EVP_PKEY_OP_SIGN;
+            ctx->update = update;
+        } else if (EVP_PKEY_sign_init(ctx->pctx) <= 0) {
+            return 0;
+        }
+    }
+    if (EVP_PKEY_CTX_set_signature_md(ctx->pctx, type) <= 0)
+        return 0;
+    if (pctx)
+        *pctx = ctx->pctx;
+    if (ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM)
+        return 1;
+    if (!EVP_DigestInit_ex(ctx, type, e))
+        return 0;
+    /*
+     * This indicates the current algorithm requires
+     * special treatment before hashing the tbs-message.
+     */
+    if (ctx->pctx->pmeth->digest_custom != NULL)
+        return ctx->pctx->pmeth->digest_custom(ctx->pctx, ctx);
+
+    return 1;
+}
+
+int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                       const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey)
+{
+    return do_sigver_init(ctx, pctx, type, e, pkey, 0);
+}
+
+int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                         const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey)
+{
+    return do_sigver_init(ctx, pctx, type, e, pkey, 1);
+}
+
+int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
+                        size_t *siglen)
+{
+    int sctx = 0, r = 0;
+    EVP_PKEY_CTX *pctx = ctx->pctx;
+    if (pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM) {
+        if (!sigret)
+            return pctx->pmeth->signctx(pctx, sigret, siglen, ctx);
+        if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE)
+            r = pctx->pmeth->signctx(pctx, sigret, siglen, ctx);
+        else {
+            EVP_PKEY_CTX *dctx = EVP_PKEY_CTX_dup(ctx->pctx);
+            if (!dctx)
+                return 0;
+            r = dctx->pmeth->signctx(dctx, sigret, siglen, ctx);
+            EVP_PKEY_CTX_free(dctx);
+        }
+        return r;
+    }
+    if (pctx->pmeth->signctx)
+        sctx = 1;
+    else
+        sctx = 0;
+    if (sigret) {
+        unsigned char md[EVP_MAX_MD_SIZE];
+        unsigned int mdlen = 0;
+        if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) {
+            if (sctx)
+                r = ctx->pctx->pmeth->signctx(ctx->pctx, sigret, siglen, ctx);
+            else
+                r = EVP_DigestFinal_ex(ctx, md, &mdlen);
+        } else {
+            EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new();
+            if (tmp_ctx == NULL)
+                return 0;
+            if (!EVP_MD_CTX_copy_ex(tmp_ctx, ctx)) {
+                EVP_MD_CTX_free(tmp_ctx);
+                return 0;
+            }
+            if (sctx)
+                r = tmp_ctx->pctx->pmeth->signctx(tmp_ctx->pctx,
+                                                  sigret, siglen, tmp_ctx);
+            else
+                r = EVP_DigestFinal_ex(tmp_ctx, md, &mdlen);
+            EVP_MD_CTX_free(tmp_ctx);
+        }
+        if (sctx || !r)
+            return r;
+        if (EVP_PKEY_sign(ctx->pctx, sigret, siglen, md, mdlen) <= 0)
+            return 0;
+    } else {
+        if (sctx) {
+            if (pctx->pmeth->signctx(pctx, sigret, siglen, ctx) <= 0)
+                return 0;
+        } else {
+            int s = EVP_MD_size(ctx->digest);
+            if (s < 0 || EVP_PKEY_sign(pctx, sigret, siglen, NULL, s) <= 0)
+                return 0;
+        }
+    }
+    return 1;
+}
+
+int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen,
+                   const unsigned char *tbs, size_t tbslen)
+{
+    if (ctx->pctx->pmeth->digestsign != NULL)
+        return ctx->pctx->pmeth->digestsign(ctx, sigret, siglen, tbs, tbslen);
+    if (sigret != NULL && EVP_DigestSignUpdate(ctx, tbs, tbslen) <= 0)
+        return 0;
+    return EVP_DigestSignFinal(ctx, sigret, siglen);
+}
+
+int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
+                          size_t siglen)
+{
+    unsigned char md[EVP_MAX_MD_SIZE];
+    int r = 0;
+    unsigned int mdlen = 0;
+    int vctx = 0;
+
+    if (ctx->pctx->pmeth->verifyctx)
+        vctx = 1;
+    else
+        vctx = 0;
+    if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) {
+        if (vctx)
+            r = ctx->pctx->pmeth->verifyctx(ctx->pctx, sig, siglen, ctx);
+        else
+            r = EVP_DigestFinal_ex(ctx, md, &mdlen);
+    } else {
+        EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new();
+        if (tmp_ctx == NULL)
+            return -1;
+        if (!EVP_MD_CTX_copy_ex(tmp_ctx, ctx)) {
+            EVP_MD_CTX_free(tmp_ctx);
+            return -1;
+        }
+        if (vctx)
+            r = tmp_ctx->pctx->pmeth->verifyctx(tmp_ctx->pctx,
+                                                sig, siglen, tmp_ctx);
+        else
+            r = EVP_DigestFinal_ex(tmp_ctx, md, &mdlen);
+        EVP_MD_CTX_free(tmp_ctx);
+    }
+    if (vctx || !r)
+        return r;
+    return EVP_PKEY_verify(ctx->pctx, sig, siglen, md, mdlen);
+}
+
+int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
+                     size_t siglen, const unsigned char *tbs, size_t tbslen)
+{
+    if (ctx->pctx->pmeth->digestverify != NULL)
+        return ctx->pctx->pmeth->digestverify(ctx, sigret, siglen, tbs, tbslen);
+    if (EVP_DigestVerifyUpdate(ctx, tbs, tbslen) <= 0)
+        return -1;
+    return EVP_DigestVerifyFinal(ctx, sigret, siglen);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_wp.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_wp.c
new file mode 100644
index 000000000..27e2b3c5c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_wp.c
@@ -0,0 +1,54 @@
+/*
+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_WHIRLPOOL
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include <openssl/x509.h>
+# include <openssl/whrlpool.h>
+# include "internal/evp_int.h"
+
+static int init(EVP_MD_CTX *ctx)
+{
+    return WHIRLPOOL_Init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return WHIRLPOOL_Update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return WHIRLPOOL_Final(md, EVP_MD_CTX_md_data(ctx));
+}
+
+static const EVP_MD whirlpool_md = {
+    NID_whirlpool,
+    0,
+    WHIRLPOOL_DIGEST_LENGTH,
+    0,
+    init,
+    update,
+    final,
+    NULL,
+    NULL,
+    WHIRLPOOL_BBLOCK / 8,
+    sizeof(EVP_MD *) + sizeof(WHIRLPOOL_CTX),
+};
+
+const EVP_MD *EVP_whirlpool(void)
+{
+    return &whirlpool_md;
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/names.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/names.c
new file mode 100644
index 000000000..077c2a6c4
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/names.c
@@ -0,0 +1,180 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include "internal/objects.h"
+#include <openssl/x509.h>
+#include "internal/evp_int.h"
+
+int EVP_add_cipher(const EVP_CIPHER *c)
+{
+    int r;
+
+    if (c == NULL)
+        return 0;
+
+    r = OBJ_NAME_add(OBJ_nid2sn(c->nid), OBJ_NAME_TYPE_CIPHER_METH,
+                     (const char *)c);
+    if (r == 0)
+        return 0;
+    r = OBJ_NAME_add(OBJ_nid2ln(c->nid), OBJ_NAME_TYPE_CIPHER_METH,
+                     (const char *)c);
+    return r;
+}
+
+int EVP_add_digest(const EVP_MD *md)
+{
+    int r;
+    const char *name;
+
+    name = OBJ_nid2sn(md->type);
+    r = OBJ_NAME_add(name, OBJ_NAME_TYPE_MD_METH, (const char *)md);
+    if (r == 0)
+        return 0;
+    r = OBJ_NAME_add(OBJ_nid2ln(md->type), OBJ_NAME_TYPE_MD_METH,
+                     (const char *)md);
+    if (r == 0)
+        return 0;
+
+    if (md->pkey_type && md->type != md->pkey_type) {
+        r = OBJ_NAME_add(OBJ_nid2sn(md->pkey_type),
+                         OBJ_NAME_TYPE_MD_METH | OBJ_NAME_ALIAS, name);
+        if (r == 0)
+            return 0;
+        r = OBJ_NAME_add(OBJ_nid2ln(md->pkey_type),
+                         OBJ_NAME_TYPE_MD_METH | OBJ_NAME_ALIAS, name);
+    }
+    return r;
+}
+
+const EVP_CIPHER *EVP_get_cipherbyname(const char *name)
+{
+    const EVP_CIPHER *cp;
+
+    if (!OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL))
+        return NULL;
+
+    cp = (const EVP_CIPHER *)OBJ_NAME_get(name, OBJ_NAME_TYPE_CIPHER_METH);
+    return cp;
+}
+
+const EVP_MD *EVP_get_digestbyname(const char *name)
+{
+    const EVP_MD *cp;
+
+    if (!OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL))
+        return NULL;
+
+    cp = (const EVP_MD *)OBJ_NAME_get(name, OBJ_NAME_TYPE_MD_METH);
+    return cp;
+}
+
+void evp_cleanup_int(void)
+{
+    OBJ_NAME_cleanup(OBJ_NAME_TYPE_CIPHER_METH);
+    OBJ_NAME_cleanup(OBJ_NAME_TYPE_MD_METH);
+    /*
+     * The above calls will only clean out the contents of the name hash
+     * table, but not the hash table itself.  The following line does that
+     * part.  -- Richard Levitte
+     */
+    OBJ_NAME_cleanup(-1);
+
+    EVP_PBE_cleanup();
+    OBJ_sigid_free();
+
+    evp_app_cleanup_int();
+}
+
+struct doall_cipher {
+    void *arg;
+    void (*fn) (const EVP_CIPHER *ciph,
+                const char *from, const char *to, void *arg);
+};
+
+static void do_all_cipher_fn(const OBJ_NAME *nm, void *arg)
+{
+    struct doall_cipher *dc = arg;
+    if (nm->alias)
+        dc->fn(NULL, nm->name, nm->data, dc->arg);
+    else
+        dc->fn((const EVP_CIPHER *)nm->data, nm->name, NULL, dc->arg);
+}
+
+void EVP_CIPHER_do_all(void (*fn) (const EVP_CIPHER *ciph,
+                                   const char *from, const char *to, void *x),
+                       void *arg)
+{
+    struct doall_cipher dc;
+
+    /* Ignore errors */
+    OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL);
+
+    dc.fn = fn;
+    dc.arg = arg;
+    OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH, do_all_cipher_fn, &dc);
+}
+
+void EVP_CIPHER_do_all_sorted(void (*fn) (const EVP_CIPHER *ciph,
+                                          const char *from, const char *to,
+                                          void *x), void *arg)
+{
+    struct doall_cipher dc;
+
+    /* Ignore errors */
+    OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL);
+
+    dc.fn = fn;
+    dc.arg = arg;
+    OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, do_all_cipher_fn, &dc);
+}
+
+struct doall_md {
+    void *arg;
+    void (*fn) (const EVP_MD *ciph,
+                const char *from, const char *to, void *arg);
+};
+
+static void do_all_md_fn(const OBJ_NAME *nm, void *arg)
+{
+    struct doall_md *dc = arg;
+    if (nm->alias)
+        dc->fn(NULL, nm->name, nm->data, dc->arg);
+    else
+        dc->fn((const EVP_MD *)nm->data, nm->name, NULL, dc->arg);
+}
+
+void EVP_MD_do_all(void (*fn) (const EVP_MD *md,
+                               const char *from, const char *to, void *x),
+                   void *arg)
+{
+    struct doall_md dc;
+
+    /* Ignore errors */
+    OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
+
+    dc.fn = fn;
+    dc.arg = arg;
+    OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, do_all_md_fn, &dc);
+}
+
+void EVP_MD_do_all_sorted(void (*fn) (const EVP_MD *md,
+                                      const char *from, const char *to,
+                                      void *x), void *arg)
+{
+    struct doall_md dc;
+
+    OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
+
+    dc.fn = fn;
+    dc.arg = arg;
+    OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_MD_METH, do_all_md_fn, &dc);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/p5_crpt.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/p5_crpt.c
new file mode 100644
index 000000000..7e55d0bfb
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/p5_crpt.c
@@ -0,0 +1,103 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/evp.h>
+
+/*
+ * Doesn't do anything now: Builtin PBE algorithms in static table.
+ */
+
+void PKCS5_PBE_add(void)
+{
+}
+
+int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
+                       ASN1_TYPE *param, const EVP_CIPHER *cipher,
+                       const EVP_MD *md, int en_de)
+{
+    EVP_MD_CTX *ctx;
+    unsigned char md_tmp[EVP_MAX_MD_SIZE];
+    unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
+    int i;
+    PBEPARAM *pbe;
+    int saltlen, iter;
+    unsigned char *salt;
+    int mdsize;
+    int rv = 0;
+
+    /* Extract useful info from parameter */
+    if (param == NULL || param->type != V_ASN1_SEQUENCE ||
+        param->value.sequence == NULL) {
+        EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_DECODE_ERROR);
+        return 0;
+    }
+
+    pbe = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBEPARAM), param);
+    if (pbe == NULL) {
+        EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_DECODE_ERROR);
+        return 0;
+    }
+
+    if (!pbe->iter)
+        iter = 1;
+    else
+        iter = ASN1_INTEGER_get(pbe->iter);
+    salt = pbe->salt->data;
+    saltlen = pbe->salt->length;
+
+    if (!pass)
+        passlen = 0;
+    else if (passlen == -1)
+        passlen = strlen(pass);
+
+    ctx = EVP_MD_CTX_new();
+    if (ctx == NULL) {
+        EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (!EVP_DigestInit_ex(ctx, md, NULL))
+        goto err;
+    if (!EVP_DigestUpdate(ctx, pass, passlen))
+        goto err;
+    if (!EVP_DigestUpdate(ctx, salt, saltlen))
+        goto err;
+    PBEPARAM_free(pbe);
+    if (!EVP_DigestFinal_ex(ctx, md_tmp, NULL))
+        goto err;
+    mdsize = EVP_MD_size(md);
+    if (mdsize < 0)
+        return 0;
+    for (i = 1; i < iter; i++) {
+        if (!EVP_DigestInit_ex(ctx, md, NULL))
+            goto err;
+        if (!EVP_DigestUpdate(ctx, md_tmp, mdsize))
+            goto err;
+        if (!EVP_DigestFinal_ex(ctx, md_tmp, NULL))
+            goto err;
+    }
+    OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp));
+    memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher));
+    OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16);
+    memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
+           EVP_CIPHER_iv_length(cipher));
+    if (!EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de))
+        goto err;
+    OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE);
+    OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
+    OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
+    rv = 1;
+ err:
+    EVP_MD_CTX_free(ctx);
+    return rv;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/p5_crpt2.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/p5_crpt2.c
new file mode 100644
index 000000000..e819eb9b4
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/p5_crpt2.c
@@ -0,0 +1,265 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include "internal/cryptlib.h"
+# include <openssl/x509.h>
+# include <openssl/evp.h>
+# include <openssl/hmac.h>
+# include "evp_locl.h"
+
+/* set this to print out info about the keygen algorithm */
+/* #define OPENSSL_DEBUG_PKCS5V2 */
+
+# ifdef OPENSSL_DEBUG_PKCS5V2
+static void h__dump(const unsigned char *p, int len);
+# endif
+
+/*
+ * This is an implementation of PKCS#5 v2.0 password based encryption key
+ * derivation function PBKDF2. SHA1 version verified against test vectors
+ * posted by Peter Gutmann to the PKCS-TNG mailing list.
+ */
+
+int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
+                      const unsigned char *salt, int saltlen, int iter,
+                      const EVP_MD *digest, int keylen, unsigned char *out)
+{
+    const char *empty = "";
+    unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4];
+    int cplen, j, k, tkeylen, mdlen;
+    unsigned long i = 1;
+    HMAC_CTX *hctx_tpl = NULL, *hctx = NULL;
+
+    mdlen = EVP_MD_size(digest);
+    if (mdlen < 0)
+        return 0;
+
+    hctx_tpl = HMAC_CTX_new();
+    if (hctx_tpl == NULL)
+        return 0;
+    p = out;
+    tkeylen = keylen;
+    if (pass == NULL) {
+        pass = empty;
+        passlen = 0;
+    } else if (passlen == -1) {
+        passlen = strlen(pass);
+    }
+    if (!HMAC_Init_ex(hctx_tpl, pass, passlen, digest, NULL)) {
+        HMAC_CTX_free(hctx_tpl);
+        return 0;
+    }
+    hctx = HMAC_CTX_new();
+    if (hctx == NULL) {
+        HMAC_CTX_free(hctx_tpl);
+        return 0;
+    }
+    while (tkeylen) {
+        if (tkeylen > mdlen)
+            cplen = mdlen;
+        else
+            cplen = tkeylen;
+        /*
+         * We are unlikely to ever use more than 256 blocks (5120 bits!) but
+         * just in case...
+         */
+        itmp[0] = (unsigned char)((i >> 24) & 0xff);
+        itmp[1] = (unsigned char)((i >> 16) & 0xff);
+        itmp[2] = (unsigned char)((i >> 8) & 0xff);
+        itmp[3] = (unsigned char)(i & 0xff);
+        if (!HMAC_CTX_copy(hctx, hctx_tpl)) {
+            HMAC_CTX_free(hctx);
+            HMAC_CTX_free(hctx_tpl);
+            return 0;
+        }
+        if (!HMAC_Update(hctx, salt, saltlen)
+            || !HMAC_Update(hctx, itmp, 4)
+            || !HMAC_Final(hctx, digtmp, NULL)) {
+            HMAC_CTX_free(hctx);
+            HMAC_CTX_free(hctx_tpl);
+            return 0;
+        }
+        memcpy(p, digtmp, cplen);
+        for (j = 1; j < iter; j++) {
+            if (!HMAC_CTX_copy(hctx, hctx_tpl)) {
+                HMAC_CTX_free(hctx);
+                HMAC_CTX_free(hctx_tpl);
+                return 0;
+            }
+            if (!HMAC_Update(hctx, digtmp, mdlen)
+                || !HMAC_Final(hctx, digtmp, NULL)) {
+                HMAC_CTX_free(hctx);
+                HMAC_CTX_free(hctx_tpl);
+                return 0;
+            }
+            for (k = 0; k < cplen; k++)
+                p[k] ^= digtmp[k];
+        }
+        tkeylen -= cplen;
+        i++;
+        p += cplen;
+    }
+    HMAC_CTX_free(hctx);
+    HMAC_CTX_free(hctx_tpl);
+# ifdef OPENSSL_DEBUG_PKCS5V2
+    fprintf(stderr, "Password:\n");
+    h__dump(pass, passlen);
+    fprintf(stderr, "Salt:\n");
+    h__dump(salt, saltlen);
+    fprintf(stderr, "Iteration count %d\n", iter);
+    fprintf(stderr, "Key:\n");
+    h__dump(out, keylen);
+# endif
+    return 1;
+}
+
+int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
+                           const unsigned char *salt, int saltlen, int iter,
+                           int keylen, unsigned char *out)
+{
+    return PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, EVP_sha1(),
+                             keylen, out);
+}
+
+/*
+ * Now the key derivation function itself. This is a bit evil because it has
+ * to check the ASN1 parameters are valid: and there are quite a few of
+ * them...
+ */
+
+int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+                          ASN1_TYPE *param, const EVP_CIPHER *c,
+                          const EVP_MD *md, int en_de)
+{
+    PBE2PARAM *pbe2 = NULL;
+    const EVP_CIPHER *cipher;
+    EVP_PBE_KEYGEN *kdf;
+
+    int rv = 0;
+
+    pbe2 = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBE2PARAM), param);
+    if (pbe2 == NULL) {
+        EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_DECODE_ERROR);
+        goto err;
+    }
+
+    /* See if we recognise the key derivation function */
+    if (!EVP_PBE_find(EVP_PBE_TYPE_KDF, OBJ_obj2nid(pbe2->keyfunc->algorithm),
+                        NULL, NULL, &kdf)) {
+        EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
+               EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION);
+        goto err;
+    }
+
+    /*
+     * lets see if we recognise the encryption algorithm.
+     */
+
+    cipher = EVP_get_cipherbyobj(pbe2->encryption->algorithm);
+
+    if (!cipher) {
+        EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_CIPHER);
+        goto err;
+    }
+
+    /* Fixup cipher based on AlgorithmIdentifier */
+    if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de))
+        goto err;
+    if (EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) {
+        EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_CIPHER_PARAMETER_ERROR);
+        goto err;
+    }
+    rv = kdf(ctx, pass, passlen, pbe2->keyfunc->parameter, NULL, NULL, en_de);
+ err:
+    PBE2PARAM_free(pbe2);
+    return rv;
+}
+
+int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass,
+                             int passlen, ASN1_TYPE *param,
+                             const EVP_CIPHER *c, const EVP_MD *md, int en_de)
+{
+    unsigned char *salt, key[EVP_MAX_KEY_LENGTH];
+    int saltlen, iter;
+    int rv = 0;
+    unsigned int keylen = 0;
+    int prf_nid, hmac_md_nid;
+    PBKDF2PARAM *kdf = NULL;
+    const EVP_MD *prfmd;
+
+    if (EVP_CIPHER_CTX_cipher(ctx) == NULL) {
+        EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_NO_CIPHER_SET);
+        goto err;
+    }
+    keylen = EVP_CIPHER_CTX_key_length(ctx);
+    OPENSSL_assert(keylen <= sizeof(key));
+
+    /* Decode parameter */
+
+    kdf = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBKDF2PARAM), param);
+
+    if (kdf == NULL) {
+        EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_DECODE_ERROR);
+        goto err;
+    }
+
+    keylen = EVP_CIPHER_CTX_key_length(ctx);
+
+    /* Now check the parameters of the kdf */
+
+    if (kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)) {
+        EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_UNSUPPORTED_KEYLENGTH);
+        goto err;
+    }
+
+    if (kdf->prf)
+        prf_nid = OBJ_obj2nid(kdf->prf->algorithm);
+    else
+        prf_nid = NID_hmacWithSHA1;
+
+    if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, prf_nid, NULL, &hmac_md_nid, 0)) {
+        EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_UNSUPPORTED_PRF);
+        goto err;
+    }
+
+    prfmd = EVP_get_digestbynid(hmac_md_nid);
+    if (prfmd == NULL) {
+        EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_UNSUPPORTED_PRF);
+        goto err;
+    }
+
+    if (kdf->salt->type != V_ASN1_OCTET_STRING) {
+        EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_UNSUPPORTED_SALT_TYPE);
+        goto err;
+    }
+
+    /* it seems that its all OK */
+    salt = kdf->salt->value.octet_string->data;
+    saltlen = kdf->salt->value.octet_string->length;
+    iter = ASN1_INTEGER_get(kdf->iter);
+    if (!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, prfmd,
+                           keylen, key))
+        goto err;
+    rv = EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);
+ err:
+    OPENSSL_cleanse(key, keylen);
+    PBKDF2PARAM_free(kdf);
+    return rv;
+}
+
+# ifdef OPENSSL_DEBUG_PKCS5V2
+static void h__dump(const unsigned char *p, int len)
+{
+    for (; len--; p++)
+        fprintf(stderr, "%02X ", *p);
+    fprintf(stderr, "\n");
+}
+# endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/p_dec.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/p_dec.c
new file mode 100644
index 000000000..a150a26e0
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/p_dec.c
@@ -0,0 +1,36 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+int EVP_PKEY_decrypt_old(unsigned char *key, const unsigned char *ek, int ekl,
+                         EVP_PKEY *priv)
+{
+    int ret = -1;
+
+#ifndef OPENSSL_NO_RSA
+    if (EVP_PKEY_id(priv) != EVP_PKEY_RSA) {
+#endif
+        EVPerr(EVP_F_EVP_PKEY_DECRYPT_OLD, EVP_R_PUBLIC_KEY_NOT_RSA);
+#ifndef OPENSSL_NO_RSA
+        goto err;
+    }
+
+    ret =
+        RSA_private_decrypt(ekl, ek, key, EVP_PKEY_get0_RSA(priv),
+                            RSA_PKCS1_PADDING);
+ err:
+#endif
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/p_enc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/p_enc.c
new file mode 100644
index 000000000..04d67cb50
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/p_enc.c
@@ -0,0 +1,35 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+int EVP_PKEY_encrypt_old(unsigned char *ek, const unsigned char *key,
+                         int key_len, EVP_PKEY *pubk)
+{
+    int ret = 0;
+
+#ifndef OPENSSL_NO_RSA
+    if (EVP_PKEY_id(pubk) != EVP_PKEY_RSA) {
+#endif
+        EVPerr(EVP_F_EVP_PKEY_ENCRYPT_OLD, EVP_R_PUBLIC_KEY_NOT_RSA);
+#ifndef OPENSSL_NO_RSA
+        goto err;
+    }
+    ret =
+        RSA_public_encrypt(key_len, key, ek, EVP_PKEY_get0_RSA(pubk),
+                           RSA_PKCS1_PADDING);
+ err:
+#endif
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/p_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/p_lib.c
new file mode 100644
index 000000000..148df90f8
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/p_lib.c
@@ -0,0 +1,686 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "internal/refcount.h"
+#include <openssl/bn.h>
+#include <openssl/err.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/dh.h>
+#include <openssl/cmac.h>
+#include <openssl/engine.h>
+
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
+
+static void EVP_PKEY_free_it(EVP_PKEY *x);
+
+int EVP_PKEY_bits(const EVP_PKEY *pkey)
+{
+    if (pkey && pkey->ameth && pkey->ameth->pkey_bits)
+        return pkey->ameth->pkey_bits(pkey);
+    return 0;
+}
+
+int EVP_PKEY_security_bits(const EVP_PKEY *pkey)
+{
+    if (pkey == NULL)
+        return 0;
+    if (!pkey->ameth || !pkey->ameth->pkey_security_bits)
+        return -2;
+    return pkey->ameth->pkey_security_bits(pkey);
+}
+
+int EVP_PKEY_size(const EVP_PKEY *pkey)
+{
+    if (pkey && pkey->ameth && pkey->ameth->pkey_size)
+        return pkey->ameth->pkey_size(pkey);
+    return 0;
+}
+
+int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode)
+{
+#ifndef OPENSSL_NO_DSA
+    if (pkey->type == EVP_PKEY_DSA) {
+        int ret = pkey->save_parameters;
+
+        if (mode >= 0)
+            pkey->save_parameters = mode;
+        return ret;
+    }
+#endif
+#ifndef OPENSSL_NO_EC
+    if (pkey->type == EVP_PKEY_EC) {
+        int ret = pkey->save_parameters;
+
+        if (mode >= 0)
+            pkey->save_parameters = mode;
+        return ret;
+    }
+#endif
+    return 0;
+}
+
+int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
+{
+    if (to->type == EVP_PKEY_NONE) {
+        if (EVP_PKEY_set_type(to, from->type) == 0)
+            return 0;
+    } else if (to->type != from->type) {
+        EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_DIFFERENT_KEY_TYPES);
+        goto err;
+    }
+
+    if (EVP_PKEY_missing_parameters(from)) {
+        EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_MISSING_PARAMETERS);
+        goto err;
+    }
+
+    if (!EVP_PKEY_missing_parameters(to)) {
+        if (EVP_PKEY_cmp_parameters(to, from) == 1)
+            return 1;
+        EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_DIFFERENT_PARAMETERS);
+        return 0;
+    }
+
+    if (from->ameth && from->ameth->param_copy)
+        return from->ameth->param_copy(to, from);
+ err:
+    return 0;
+}
+
+int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey)
+{
+    if (pkey->ameth && pkey->ameth->param_missing)
+        return pkey->ameth->param_missing(pkey);
+    return 0;
+}
+
+int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+    if (a->type != b->type)
+        return -1;
+    if (a->ameth && a->ameth->param_cmp)
+        return a->ameth->param_cmp(a, b);
+    return -2;
+}
+
+int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+    if (a->type != b->type)
+        return -1;
+
+    if (a->ameth) {
+        int ret;
+        /* Compare parameters if the algorithm has them */
+        if (a->ameth->param_cmp) {
+            ret = a->ameth->param_cmp(a, b);
+            if (ret <= 0)
+                return ret;
+        }
+
+        if (a->ameth->pub_cmp)
+            return a->ameth->pub_cmp(a, b);
+    }
+
+    return -2;
+}
+
+EVP_PKEY *EVP_PKEY_new(void)
+{
+    EVP_PKEY *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    ret->type = EVP_PKEY_NONE;
+    ret->save_type = EVP_PKEY_NONE;
+    ret->references = 1;
+    ret->save_parameters = 1;
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_NEW, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+int EVP_PKEY_up_ref(EVP_PKEY *pkey)
+{
+    int i;
+
+    if (CRYPTO_UP_REF(&pkey->references, &i, pkey->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("EVP_PKEY", pkey);
+    REF_ASSERT_ISNT(i < 2);
+    return ((i > 1) ? 1 : 0);
+}
+
+/*
+ * Setup a public key ASN1 method and ENGINE from a NID or a string. If pkey
+ * is NULL just return 1 or 0 if the algorithm exists.
+ */
+
+static int pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str,
+                         int len)
+{
+    const EVP_PKEY_ASN1_METHOD *ameth;
+    ENGINE **eptr = (e == NULL) ? &e :  NULL;
+
+    if (pkey) {
+        if (pkey->pkey.ptr)
+            EVP_PKEY_free_it(pkey);
+        /*
+         * If key type matches and a method exists then this lookup has
+         * succeeded once so just indicate success.
+         */
+        if ((type == pkey->save_type) && pkey->ameth)
+            return 1;
+#ifndef OPENSSL_NO_ENGINE
+        /* If we have ENGINEs release them */
+        ENGINE_finish(pkey->engine);
+        pkey->engine = NULL;
+        ENGINE_finish(pkey->pmeth_engine);
+        pkey->pmeth_engine = NULL;
+#endif
+    }
+    if (str)
+        ameth = EVP_PKEY_asn1_find_str(eptr, str, len);
+    else
+        ameth = EVP_PKEY_asn1_find(eptr, type);
+#ifndef OPENSSL_NO_ENGINE
+    if (pkey == NULL && eptr != NULL)
+        ENGINE_finish(e);
+#endif
+    if (ameth == NULL) {
+        EVPerr(EVP_F_PKEY_SET_TYPE, EVP_R_UNSUPPORTED_ALGORITHM);
+        return 0;
+    }
+    if (pkey) {
+        pkey->ameth = ameth;
+        pkey->engine = e;
+
+        pkey->type = pkey->ameth->pkey_id;
+        pkey->save_type = type;
+    }
+    return 1;
+}
+
+EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e,
+                                       const unsigned char *priv,
+                                       size_t len)
+{
+    EVP_PKEY *ret = EVP_PKEY_new();
+
+    if (ret == NULL
+            || !pkey_set_type(ret, e, type, NULL, -1)) {
+        /* EVPerr already called */
+        goto err;
+    }
+
+    if (ret->ameth->set_priv_key == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        goto err;
+    }
+
+    if (!ret->ameth->set_priv_key(ret, priv, len)) {
+        EVPerr(EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY, EVP_R_KEY_SETUP_FAILED);
+        goto err;
+    }
+
+    return ret;
+
+ err:
+    EVP_PKEY_free(ret);
+    return NULL;
+}
+
+EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e,
+                                      const unsigned char *pub,
+                                      size_t len)
+{
+    EVP_PKEY *ret = EVP_PKEY_new();
+
+    if (ret == NULL
+            || !pkey_set_type(ret, e, type, NULL, -1)) {
+        /* EVPerr already called */
+        goto err;
+    }
+
+    if (ret->ameth->set_pub_key == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_NEW_RAW_PUBLIC_KEY,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        goto err;
+    }
+
+    if (!ret->ameth->set_pub_key(ret, pub, len)) {
+        EVPerr(EVP_F_EVP_PKEY_NEW_RAW_PUBLIC_KEY, EVP_R_KEY_SETUP_FAILED);
+        goto err;
+    }
+
+    return ret;
+
+ err:
+    EVP_PKEY_free(ret);
+    return NULL;
+}
+
+int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey, unsigned char *priv,
+                                 size_t *len)
+{
+     if (pkey->ameth->get_priv_key == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_GET_RAW_PRIVATE_KEY,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return 0;
+    }
+
+    if (!pkey->ameth->get_priv_key(pkey, priv, len)) {
+        EVPerr(EVP_F_EVP_PKEY_GET_RAW_PRIVATE_KEY, EVP_R_GET_RAW_KEY_FAILED);
+        return 0;
+    }
+
+    return 1;
+}
+
+int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, unsigned char *pub,
+                                size_t *len)
+{
+     if (pkey->ameth->get_pub_key == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_GET_RAW_PUBLIC_KEY,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return 0;
+    }
+
+    if (!pkey->ameth->get_pub_key(pkey, pub, len)) {
+        EVPerr(EVP_F_EVP_PKEY_GET_RAW_PUBLIC_KEY, EVP_R_GET_RAW_KEY_FAILED);
+        return 0;
+    }
+
+    return 1;
+}
+
+EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv,
+                                size_t len, const EVP_CIPHER *cipher)
+{
+#ifndef OPENSSL_NO_CMAC
+    EVP_PKEY *ret = EVP_PKEY_new();
+    CMAC_CTX *cmctx = CMAC_CTX_new();
+
+    if (ret == NULL
+            || cmctx == NULL
+            || !pkey_set_type(ret, e, EVP_PKEY_CMAC, NULL, -1)) {
+        /* EVPerr already called */
+        goto err;
+    }
+
+    if (!CMAC_Init(cmctx, priv, len, cipher, e)) {
+        EVPerr(EVP_F_EVP_PKEY_NEW_CMAC_KEY, EVP_R_KEY_SETUP_FAILED);
+        goto err;
+    }
+
+    ret->pkey.ptr = cmctx;
+    return ret;
+
+ err:
+    EVP_PKEY_free(ret);
+    CMAC_CTX_free(cmctx);
+    return NULL;
+#else
+    EVPerr(EVP_F_EVP_PKEY_NEW_CMAC_KEY,
+           EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+    return NULL;
+#endif
+}
+
+int EVP_PKEY_set_type(EVP_PKEY *pkey, int type)
+{
+    return pkey_set_type(pkey, NULL, type, NULL, -1);
+}
+
+int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len)
+{
+    return pkey_set_type(pkey, NULL, EVP_PKEY_NONE, str, len);
+}
+
+int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type)
+{
+    if (pkey->type == type) {
+        return 1; /* it already is that type */
+    }
+
+    /*
+     * The application is requesting to alias this to a different pkey type,
+     * but not one that resolves to the base type.
+     */
+    if (EVP_PKEY_type(type) != EVP_PKEY_base_id(pkey)) {
+        EVPerr(EVP_F_EVP_PKEY_SET_ALIAS_TYPE, EVP_R_UNSUPPORTED_ALGORITHM);
+        return 0;
+    }
+
+    pkey->type = type;
+    return 1;
+}
+
+#ifndef OPENSSL_NO_ENGINE
+int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *e)
+{
+    if (e != NULL) {
+        if (!ENGINE_init(e)) {
+            EVPerr(EVP_F_EVP_PKEY_SET1_ENGINE, ERR_R_ENGINE_LIB);
+            return 0;
+        }
+        if (ENGINE_get_pkey_meth(e, pkey->type) == NULL) {
+            ENGINE_finish(e);
+            EVPerr(EVP_F_EVP_PKEY_SET1_ENGINE, EVP_R_UNSUPPORTED_ALGORITHM);
+            return 0;
+        }
+    }
+    ENGINE_finish(pkey->pmeth_engine);
+    pkey->pmeth_engine = e;
+    return 1;
+}
+#endif
+int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key)
+{
+    if (pkey == NULL || !EVP_PKEY_set_type(pkey, type))
+        return 0;
+    pkey->pkey.ptr = key;
+    return (key != NULL);
+}
+
+void *EVP_PKEY_get0(const EVP_PKEY *pkey)
+{
+    return pkey->pkey.ptr;
+}
+
+const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len)
+{
+    ASN1_OCTET_STRING *os = NULL;
+    if (pkey->type != EVP_PKEY_HMAC) {
+        EVPerr(EVP_F_EVP_PKEY_GET0_HMAC, EVP_R_EXPECTING_AN_HMAC_KEY);
+        return NULL;
+    }
+    os = EVP_PKEY_get0(pkey);
+    *len = os->length;
+    return os->data;
+}
+
+#ifndef OPENSSL_NO_POLY1305
+const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len)
+{
+    ASN1_OCTET_STRING *os = NULL;
+    if (pkey->type != EVP_PKEY_POLY1305) {
+        EVPerr(EVP_F_EVP_PKEY_GET0_POLY1305, EVP_R_EXPECTING_A_POLY1305_KEY);
+        return NULL;
+    }
+    os = EVP_PKEY_get0(pkey);
+    *len = os->length;
+    return os->data;
+}
+#endif
+
+#ifndef OPENSSL_NO_SIPHASH
+const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len)
+{
+    ASN1_OCTET_STRING *os = NULL;
+
+    if (pkey->type != EVP_PKEY_SIPHASH) {
+        EVPerr(EVP_F_EVP_PKEY_GET0_SIPHASH, EVP_R_EXPECTING_A_SIPHASH_KEY);
+        return NULL;
+    }
+    os = EVP_PKEY_get0(pkey);
+    *len = os->length;
+    return os->data;
+}
+#endif
+
+#ifndef OPENSSL_NO_RSA
+int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key)
+{
+    int ret = EVP_PKEY_assign_RSA(pkey, key);
+    if (ret)
+        RSA_up_ref(key);
+    return ret;
+}
+
+RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
+{
+    if (pkey->type != EVP_PKEY_RSA) {
+        EVPerr(EVP_F_EVP_PKEY_GET0_RSA, EVP_R_EXPECTING_AN_RSA_KEY);
+        return NULL;
+    }
+    return pkey->pkey.rsa;
+}
+
+RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey)
+{
+    RSA *ret = EVP_PKEY_get0_RSA(pkey);
+    if (ret != NULL)
+        RSA_up_ref(ret);
+    return ret;
+}
+#endif
+
+#ifndef OPENSSL_NO_DSA
+int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key)
+{
+    int ret = EVP_PKEY_assign_DSA(pkey, key);
+    if (ret)
+        DSA_up_ref(key);
+    return ret;
+}
+
+DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey)
+{
+    if (pkey->type != EVP_PKEY_DSA) {
+        EVPerr(EVP_F_EVP_PKEY_GET0_DSA, EVP_R_EXPECTING_A_DSA_KEY);
+        return NULL;
+    }
+    return pkey->pkey.dsa;
+}
+
+DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey)
+{
+    DSA *ret = EVP_PKEY_get0_DSA(pkey);
+    if (ret != NULL)
+        DSA_up_ref(ret);
+    return ret;
+}
+#endif
+
+#ifndef OPENSSL_NO_EC
+
+int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key)
+{
+    int ret = EVP_PKEY_assign_EC_KEY(pkey, key);
+    if (ret)
+        EC_KEY_up_ref(key);
+    return ret;
+}
+
+EC_KEY *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey)
+{
+    if (pkey->type != EVP_PKEY_EC) {
+        EVPerr(EVP_F_EVP_PKEY_GET0_EC_KEY, EVP_R_EXPECTING_A_EC_KEY);
+        return NULL;
+    }
+    return pkey->pkey.ec;
+}
+
+EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey)
+{
+    EC_KEY *ret = EVP_PKEY_get0_EC_KEY(pkey);
+    if (ret != NULL)
+        EC_KEY_up_ref(ret);
+    return ret;
+}
+#endif
+
+#ifndef OPENSSL_NO_DH
+
+int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
+{
+    int ret = EVP_PKEY_assign_DH(pkey, key);
+    if (ret)
+        DH_up_ref(key);
+    return ret;
+}
+
+DH *EVP_PKEY_get0_DH(EVP_PKEY *pkey)
+{
+    if (pkey->type != EVP_PKEY_DH && pkey->type != EVP_PKEY_DHX) {
+        EVPerr(EVP_F_EVP_PKEY_GET0_DH, EVP_R_EXPECTING_A_DH_KEY);
+        return NULL;
+    }
+    return pkey->pkey.dh;
+}
+
+DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey)
+{
+    DH *ret = EVP_PKEY_get0_DH(pkey);
+    if (ret != NULL)
+        DH_up_ref(ret);
+    return ret;
+}
+#endif
+
+int EVP_PKEY_type(int type)
+{
+    int ret;
+    const EVP_PKEY_ASN1_METHOD *ameth;
+    ENGINE *e;
+    ameth = EVP_PKEY_asn1_find(&e, type);
+    if (ameth)
+        ret = ameth->pkey_id;
+    else
+        ret = NID_undef;
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_finish(e);
+#endif
+    return ret;
+}
+
+int EVP_PKEY_id(const EVP_PKEY *pkey)
+{
+    return pkey->type;
+}
+
+int EVP_PKEY_base_id(const EVP_PKEY *pkey)
+{
+    return EVP_PKEY_type(pkey->type);
+}
+
+void EVP_PKEY_free(EVP_PKEY *x)
+{
+    int i;
+
+    if (x == NULL)
+        return;
+
+    CRYPTO_DOWN_REF(&x->references, &i, x->lock);
+    REF_PRINT_COUNT("EVP_PKEY", x);
+    if (i > 0)
+        return;
+    REF_ASSERT_ISNT(i < 0);
+    EVP_PKEY_free_it(x);
+    CRYPTO_THREAD_lock_free(x->lock);
+    sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free);
+    OPENSSL_free(x);
+}
+
+static void EVP_PKEY_free_it(EVP_PKEY *x)
+{
+    /* internal function; x is never NULL */
+    if (x->ameth && x->ameth->pkey_free) {
+        x->ameth->pkey_free(x);
+        x->pkey.ptr = NULL;
+    }
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_finish(x->engine);
+    x->engine = NULL;
+    ENGINE_finish(x->pmeth_engine);
+    x->pmeth_engine = NULL;
+#endif
+}
+
+static int unsup_alg(BIO *out, const EVP_PKEY *pkey, int indent,
+                     const char *kstr)
+{
+    BIO_indent(out, indent, 128);
+    BIO_printf(out, "%s algorithm \"%s\" unsupported\n",
+               kstr, OBJ_nid2ln(pkey->type));
+    return 1;
+}
+
+int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey,
+                          int indent, ASN1_PCTX *pctx)
+{
+    if (pkey->ameth && pkey->ameth->pub_print)
+        return pkey->ameth->pub_print(out, pkey, indent, pctx);
+
+    return unsup_alg(out, pkey, indent, "Public Key");
+}
+
+int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey,
+                           int indent, ASN1_PCTX *pctx)
+{
+    if (pkey->ameth && pkey->ameth->priv_print)
+        return pkey->ameth->priv_print(out, pkey, indent, pctx);
+
+    return unsup_alg(out, pkey, indent, "Private Key");
+}
+
+int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey,
+                          int indent, ASN1_PCTX *pctx)
+{
+    if (pkey->ameth && pkey->ameth->param_print)
+        return pkey->ameth->param_print(out, pkey, indent, pctx);
+    return unsup_alg(out, pkey, indent, "Parameters");
+}
+
+static int evp_pkey_asn1_ctrl(EVP_PKEY *pkey, int op, int arg1, void *arg2)
+{
+    if (pkey->ameth == NULL || pkey->ameth->pkey_ctrl == NULL)
+        return -2;
+    return pkey->ameth->pkey_ctrl(pkey, op, arg1, arg2);
+}
+
+int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid)
+{
+    return evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_DEFAULT_MD_NID, 0, pnid);
+}
+
+int EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY *pkey,
+                               const unsigned char *pt, size_t ptlen)
+{
+    if (ptlen > INT_MAX)
+        return 0;
+    if (evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_SET1_TLS_ENCPT, ptlen,
+                           (void *)pt) <= 0)
+        return 0;
+    return 1;
+}
+
+size_t EVP_PKEY_get1_tls_encodedpoint(EVP_PKEY *pkey, unsigned char **ppt)
+{
+    int rv;
+    rv = evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_GET1_TLS_ENCPT, 0, ppt);
+    if (rv <= 0)
+        return 0;
+    return rv;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/p_open.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/p_open.c
new file mode 100644
index 000000000..f2976f8a9
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/p_open.c
@@ -0,0 +1,73 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#ifdef OPENSSL_NO_RSA
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <stdio.h>
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include <openssl/x509.h>
+# include <openssl/rsa.h>
+
+int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+                 const unsigned char *ek, int ekl, const unsigned char *iv,
+                 EVP_PKEY *priv)
+{
+    unsigned char *key = NULL;
+    int i, size = 0, ret = 0;
+
+    if (type) {
+        EVP_CIPHER_CTX_reset(ctx);
+        if (!EVP_DecryptInit_ex(ctx, type, NULL, NULL, NULL))
+            return 0;
+    }
+
+    if (!priv)
+        return 1;
+
+    if (EVP_PKEY_id(priv) != EVP_PKEY_RSA) {
+        EVPerr(EVP_F_EVP_OPENINIT, EVP_R_PUBLIC_KEY_NOT_RSA);
+        goto err;
+    }
+
+    size = EVP_PKEY_size(priv);
+    key = OPENSSL_malloc(size + 2);
+    if (key == NULL) {
+        /* ERROR */
+        EVPerr(EVP_F_EVP_OPENINIT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    i = EVP_PKEY_decrypt_old(key, ek, ekl, priv);
+    if ((i <= 0) || !EVP_CIPHER_CTX_set_key_length(ctx, i)) {
+        /* ERROR */
+        goto err;
+    }
+    if (!EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv))
+        goto err;
+
+    ret = 1;
+ err:
+    OPENSSL_clear_free(key, size);
+    return ret;
+}
+
+int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+{
+    int i;
+
+    i = EVP_DecryptFinal_ex(ctx, out, outl);
+    if (i)
+        i = EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, NULL);
+    return i;
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/p_seal.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/p_seal.c
new file mode 100644
index 000000000..e851d7ab8
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/p_seal.c
@@ -0,0 +1,65 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/rand.h>
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+                 unsigned char **ek, int *ekl, unsigned char *iv,
+                 EVP_PKEY **pubk, int npubk)
+{
+    unsigned char key[EVP_MAX_KEY_LENGTH];
+    int i;
+    int rv = 0;
+
+    if (type) {
+        EVP_CIPHER_CTX_reset(ctx);
+        if (!EVP_EncryptInit_ex(ctx, type, NULL, NULL, NULL))
+            return 0;
+    }
+    if ((npubk <= 0) || !pubk)
+        return 1;
+    if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
+        return 0;
+
+    if (EVP_CIPHER_CTX_iv_length(ctx)
+            && RAND_bytes(iv, EVP_CIPHER_CTX_iv_length(ctx)) <= 0)
+        goto err;
+
+    if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
+        goto err;
+
+    for (i = 0; i < npubk; i++) {
+        ekl[i] =
+            EVP_PKEY_encrypt_old(ek[i], key, EVP_CIPHER_CTX_key_length(ctx),
+                                 pubk[i]);
+        if (ekl[i] <= 0) {
+            rv = -1;
+            goto err;
+        }
+    }
+    rv = npubk;
+err:
+    OPENSSL_cleanse(key, sizeof(key));
+    return rv;
+}
+
+int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+{
+    int i;
+    i = EVP_EncryptFinal_ex(ctx, out, outl);
+    if (i)
+        i = EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL);
+    return i;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/p_sign.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/p_sign.c
new file mode 100644
index 000000000..6cb442e4f
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/p_sign.c
@@ -0,0 +1,61 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include "internal/evp_int.h"
+
+int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
+                  unsigned int *siglen, EVP_PKEY *pkey)
+{
+    unsigned char m[EVP_MAX_MD_SIZE];
+    unsigned int m_len = 0;
+    int i = 0;
+    size_t sltmp;
+    EVP_PKEY_CTX *pkctx = NULL;
+
+    *siglen = 0;
+    if (EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_FINALISE)) {
+        if (!EVP_DigestFinal_ex(ctx, m, &m_len))
+            goto err;
+    } else {
+        int rv = 0;
+        EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new();
+        if (tmp_ctx == NULL) {
+            EVPerr(EVP_F_EVP_SIGNFINAL, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        rv = EVP_MD_CTX_copy_ex(tmp_ctx, ctx);
+        if (rv)
+            rv = EVP_DigestFinal_ex(tmp_ctx, m, &m_len);
+        EVP_MD_CTX_free(tmp_ctx);
+        if (!rv)
+            return 0;
+    }
+
+    sltmp = (size_t)EVP_PKEY_size(pkey);
+    i = 0;
+    pkctx = EVP_PKEY_CTX_new(pkey, NULL);
+    if (pkctx == NULL)
+        goto err;
+    if (EVP_PKEY_sign_init(pkctx) <= 0)
+        goto err;
+    if (EVP_PKEY_CTX_set_signature_md(pkctx, EVP_MD_CTX_md(ctx)) <= 0)
+        goto err;
+    if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0)
+        goto err;
+    *siglen = sltmp;
+    i = 1;
+ err:
+    EVP_PKEY_CTX_free(pkctx);
+    return i;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/p_verify.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/p_verify.c
new file mode 100644
index 000000000..6e8c565df
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/p_verify.c
@@ -0,0 +1,55 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include "internal/evp_int.h"
+
+int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
+                    unsigned int siglen, EVP_PKEY *pkey)
+{
+    unsigned char m[EVP_MAX_MD_SIZE];
+    unsigned int m_len = 0;
+    int i = 0;
+    EVP_PKEY_CTX *pkctx = NULL;
+
+    if (EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_FINALISE)) {
+        if (!EVP_DigestFinal_ex(ctx, m, &m_len))
+            goto err;
+    } else {
+        int rv = 0;
+        EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new();
+        if (tmp_ctx == NULL) {
+            EVPerr(EVP_F_EVP_VERIFYFINAL, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        rv = EVP_MD_CTX_copy_ex(tmp_ctx, ctx);
+        if (rv)
+            rv = EVP_DigestFinal_ex(tmp_ctx, m, &m_len);
+        EVP_MD_CTX_free(tmp_ctx);
+        if (!rv)
+            return 0;
+    }
+
+    i = -1;
+    pkctx = EVP_PKEY_CTX_new(pkey, NULL);
+    if (pkctx == NULL)
+        goto err;
+    if (EVP_PKEY_verify_init(pkctx) <= 0)
+        goto err;
+    if (EVP_PKEY_CTX_set_signature_md(pkctx, EVP_MD_CTX_md(ctx)) <= 0)
+        goto err;
+    i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len);
+ err:
+    EVP_PKEY_CTX_free(pkctx);
+    return i;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/pbe_scrypt.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/pbe_scrypt.c
new file mode 100644
index 000000000..57da82f3f
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/pbe_scrypt.c
@@ -0,0 +1,266 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stddef.h>
+#include <stdio.h>
+#include <string.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include "internal/numbers.h"
+
+#ifndef OPENSSL_NO_SCRYPT
+
+#define R(a,b) (((a) << (b)) | ((a) >> (32 - (b))))
+static void salsa208_word_specification(uint32_t inout[16])
+{
+    int i;
+    uint32_t x[16];
+    memcpy(x, inout, sizeof(x));
+    for (i = 8; i > 0; i -= 2) {
+        x[4] ^= R(x[0] + x[12], 7);
+        x[8] ^= R(x[4] + x[0], 9);
+        x[12] ^= R(x[8] + x[4], 13);
+        x[0] ^= R(x[12] + x[8], 18);
+        x[9] ^= R(x[5] + x[1], 7);
+        x[13] ^= R(x[9] + x[5], 9);
+        x[1] ^= R(x[13] + x[9], 13);
+        x[5] ^= R(x[1] + x[13], 18);
+        x[14] ^= R(x[10] + x[6], 7);
+        x[2] ^= R(x[14] + x[10], 9);
+        x[6] ^= R(x[2] + x[14], 13);
+        x[10] ^= R(x[6] + x[2], 18);
+        x[3] ^= R(x[15] + x[11], 7);
+        x[7] ^= R(x[3] + x[15], 9);
+        x[11] ^= R(x[7] + x[3], 13);
+        x[15] ^= R(x[11] + x[7], 18);
+        x[1] ^= R(x[0] + x[3], 7);
+        x[2] ^= R(x[1] + x[0], 9);
+        x[3] ^= R(x[2] + x[1], 13);
+        x[0] ^= R(x[3] + x[2], 18);
+        x[6] ^= R(x[5] + x[4], 7);
+        x[7] ^= R(x[6] + x[5], 9);
+        x[4] ^= R(x[7] + x[6], 13);
+        x[5] ^= R(x[4] + x[7], 18);
+        x[11] ^= R(x[10] + x[9], 7);
+        x[8] ^= R(x[11] + x[10], 9);
+        x[9] ^= R(x[8] + x[11], 13);
+        x[10] ^= R(x[9] + x[8], 18);
+        x[12] ^= R(x[15] + x[14], 7);
+        x[13] ^= R(x[12] + x[15], 9);
+        x[14] ^= R(x[13] + x[12], 13);
+        x[15] ^= R(x[14] + x[13], 18);
+    }
+    for (i = 0; i < 16; ++i)
+        inout[i] += x[i];
+    OPENSSL_cleanse(x, sizeof(x));
+}
+
+static void scryptBlockMix(uint32_t *B_, uint32_t *B, uint64_t r)
+{
+    uint64_t i, j;
+    uint32_t X[16], *pB;
+
+    memcpy(X, B + (r * 2 - 1) * 16, sizeof(X));
+    pB = B;
+    for (i = 0; i < r * 2; i++) {
+        for (j = 0; j < 16; j++)
+            X[j] ^= *pB++;
+        salsa208_word_specification(X);
+        memcpy(B_ + (i / 2 + (i & 1) * r) * 16, X, sizeof(X));
+    }
+    OPENSSL_cleanse(X, sizeof(X));
+}
+
+static void scryptROMix(unsigned char *B, uint64_t r, uint64_t N,
+                        uint32_t *X, uint32_t *T, uint32_t *V)
+{
+    unsigned char *pB;
+    uint32_t *pV;
+    uint64_t i, k;
+
+    /* Convert from little endian input */
+    for (pV = V, i = 0, pB = B; i < 32 * r; i++, pV++) {
+        *pV = *pB++;
+        *pV |= *pB++ << 8;
+        *pV |= *pB++ << 16;
+        *pV |= (uint32_t)*pB++ << 24;
+    }
+
+    for (i = 1; i < N; i++, pV += 32 * r)
+        scryptBlockMix(pV, pV - 32 * r, r);
+
+    scryptBlockMix(X, V + (N - 1) * 32 * r, r);
+
+    for (i = 0; i < N; i++) {
+        uint32_t j;
+        j = X[16 * (2 * r - 1)] % N;
+        pV = V + 32 * r * j;
+        for (k = 0; k < 32 * r; k++)
+            T[k] = X[k] ^ *pV++;
+        scryptBlockMix(X, T, r);
+    }
+    /* Convert output to little endian */
+    for (i = 0, pB = B; i < 32 * r; i++) {
+        uint32_t xtmp = X[i];
+        *pB++ = xtmp & 0xff;
+        *pB++ = (xtmp >> 8) & 0xff;
+        *pB++ = (xtmp >> 16) & 0xff;
+        *pB++ = (xtmp >> 24) & 0xff;
+    }
+}
+
+#ifndef SIZE_MAX
+# define SIZE_MAX    ((size_t)-1)
+#endif
+
+/*
+ * Maximum power of two that will fit in uint64_t: this should work on
+ * most (all?) platforms.
+ */
+
+#define LOG2_UINT64_MAX         (sizeof(uint64_t) * 8 - 1)
+
+/*
+ * Maximum value of p * r:
+ * p <= ((2^32-1) * hLen) / MFLen =>
+ * p <= ((2^32-1) * 32) / (128 * r) =>
+ * p * r <= (2^30-1)
+ *
+ */
+
+#define SCRYPT_PR_MAX   ((1 << 30) - 1)
+
+/*
+ * Maximum permitted memory allow this to be overridden with Configuration
+ * option: e.g. -DSCRYPT_MAX_MEM=0 for maximum possible.
+ */
+
+#ifdef SCRYPT_MAX_MEM
+# if SCRYPT_MAX_MEM == 0
+#  undef SCRYPT_MAX_MEM
+/*
+ * Although we could theoretically allocate SIZE_MAX memory that would leave
+ * no memory available for anything else so set limit as half that.
+ */
+#  define SCRYPT_MAX_MEM (SIZE_MAX/2)
+# endif
+#else
+/* Default memory limit: 32 MB */
+# define SCRYPT_MAX_MEM  (1024 * 1024 * 32)
+#endif
+
+int EVP_PBE_scrypt(const char *pass, size_t passlen,
+                   const unsigned char *salt, size_t saltlen,
+                   uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem,
+                   unsigned char *key, size_t keylen)
+{
+    int rv = 0;
+    unsigned char *B;
+    uint32_t *X, *V, *T;
+    uint64_t i, Blen, Vlen;
+
+    /* Sanity check parameters */
+    /* initial check, r,p must be non zero, N >= 2 and a power of 2 */
+    if (r == 0 || p == 0 || N < 2 || (N & (N - 1)))
+        return 0;
+    /* Check p * r < SCRYPT_PR_MAX avoiding overflow */
+    if (p > SCRYPT_PR_MAX / r) {
+        EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);
+        return 0;
+    }
+
+    /*
+     * Need to check N: if 2^(128 * r / 8) overflows limit this is
+     * automatically satisfied since N <= UINT64_MAX.
+     */
+
+    if (16 * r <= LOG2_UINT64_MAX) {
+        if (N >= (((uint64_t)1) << (16 * r))) {
+            EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);
+            return 0;
+        }
+    }
+
+    /* Memory checks: check total allocated buffer size fits in uint64_t */
+
+    /*
+     * B size in section 5 step 1.S
+     * Note: we know p * 128 * r < UINT64_MAX because we already checked
+     * p * r < SCRYPT_PR_MAX
+     */
+    Blen = p * 128 * r;
+    /*
+     * Yet we pass it as integer to PKCS5_PBKDF2_HMAC... [This would
+     * have to be revised when/if PKCS5_PBKDF2_HMAC accepts size_t.]
+     */
+    if (Blen > INT_MAX) {
+        EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);
+        return 0;
+    }
+
+    /*
+     * Check 32 * r * (N + 2) * sizeof(uint32_t) fits in uint64_t
+     * This is combined size V, X and T (section 4)
+     */
+    i = UINT64_MAX / (32 * sizeof(uint32_t));
+    if (N + 2 > i / r) {
+        EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);
+        return 0;
+    }
+    Vlen = 32 * r * (N + 2) * sizeof(uint32_t);
+
+    /* check total allocated size fits in uint64_t */
+    if (Blen > UINT64_MAX - Vlen) {
+        EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);
+        return 0;
+    }
+
+    if (maxmem == 0)
+        maxmem = SCRYPT_MAX_MEM;
+
+    /* Check that the maximum memory doesn't exceed a size_t limits */
+    if (maxmem > SIZE_MAX)
+        maxmem = SIZE_MAX;
+
+    if (Blen + Vlen > maxmem) {
+        EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);
+        return 0;
+    }
+
+    /* If no key return to indicate parameters are OK */
+    if (key == NULL)
+        return 1;
+
+    B = OPENSSL_malloc((size_t)(Blen + Vlen));
+    if (B == NULL) {
+        EVPerr(EVP_F_EVP_PBE_SCRYPT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    X = (uint32_t *)(B + Blen);
+    T = X + 32 * r;
+    V = T + 32 * r;
+    if (PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, 1, EVP_sha256(),
+                          (int)Blen, B) == 0)
+        goto err;
+
+    for (i = 0; i < p; i++)
+        scryptROMix(B + 128 * r * i, r, N, X, T, V);
+
+    if (PKCS5_PBKDF2_HMAC(pass, passlen, B, (int)Blen, 1, EVP_sha256(),
+                          keylen, key) == 0)
+        goto err;
+    rv = 1;
+ err:
+    if (rv == 0)
+        EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_PBKDF2_ERROR);
+
+    OPENSSL_clear_free(B, (size_t)(Blen + Vlen));
+    return rv;
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/pmeth_fn.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/pmeth_fn.c
new file mode 100644
index 000000000..de1c07e17
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/pmeth_fn.c
@@ -0,0 +1,297 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include "internal/evp_int.h"
+
+#define M_check_autoarg(ctx, arg, arglen, err) \
+    if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) {           \
+        size_t pksize = (size_t)EVP_PKEY_size(ctx->pkey);         \
+                                                                  \
+        if (pksize == 0) {                                        \
+            EVPerr(err, EVP_R_INVALID_KEY); /*ckerr_ignore*/      \
+            return 0;                                             \
+        }                                                         \
+        if (!arg) {                                               \
+            *arglen = pksize;                                     \
+            return 1;                                             \
+        }                                                         \
+        if (*arglen < pksize) {                                   \
+            EVPerr(err, EVP_R_BUFFER_TOO_SMALL); /*ckerr_ignore*/ \
+            return 0;                                             \
+        }                                                         \
+    }
+
+int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx)
+{
+    int ret;
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->sign) {
+        EVPerr(EVP_F_EVP_PKEY_SIGN_INIT,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+    ctx->operation = EVP_PKEY_OP_SIGN;
+    if (!ctx->pmeth->sign_init)
+        return 1;
+    ret = ctx->pmeth->sign_init(ctx);
+    if (ret <= 0)
+        ctx->operation = EVP_PKEY_OP_UNDEFINED;
+    return ret;
+}
+
+int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
+                  unsigned char *sig, size_t *siglen,
+                  const unsigned char *tbs, size_t tbslen)
+{
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->sign) {
+        EVPerr(EVP_F_EVP_PKEY_SIGN,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+    if (ctx->operation != EVP_PKEY_OP_SIGN) {
+        EVPerr(EVP_F_EVP_PKEY_SIGN, EVP_R_OPERATON_NOT_INITIALIZED);
+        return -1;
+    }
+    M_check_autoarg(ctx, sig, siglen, EVP_F_EVP_PKEY_SIGN)
+        return ctx->pmeth->sign(ctx, sig, siglen, tbs, tbslen);
+}
+
+int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx)
+{
+    int ret;
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->verify) {
+        EVPerr(EVP_F_EVP_PKEY_VERIFY_INIT,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+    ctx->operation = EVP_PKEY_OP_VERIFY;
+    if (!ctx->pmeth->verify_init)
+        return 1;
+    ret = ctx->pmeth->verify_init(ctx);
+    if (ret <= 0)
+        ctx->operation = EVP_PKEY_OP_UNDEFINED;
+    return ret;
+}
+
+int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
+                    const unsigned char *sig, size_t siglen,
+                    const unsigned char *tbs, size_t tbslen)
+{
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->verify) {
+        EVPerr(EVP_F_EVP_PKEY_VERIFY,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+    if (ctx->operation != EVP_PKEY_OP_VERIFY) {
+        EVPerr(EVP_F_EVP_PKEY_VERIFY, EVP_R_OPERATON_NOT_INITIALIZED);
+        return -1;
+    }
+    return ctx->pmeth->verify(ctx, sig, siglen, tbs, tbslen);
+}
+
+int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx)
+{
+    int ret;
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->verify_recover) {
+        EVPerr(EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+    ctx->operation = EVP_PKEY_OP_VERIFYRECOVER;
+    if (!ctx->pmeth->verify_recover_init)
+        return 1;
+    ret = ctx->pmeth->verify_recover_init(ctx);
+    if (ret <= 0)
+        ctx->operation = EVP_PKEY_OP_UNDEFINED;
+    return ret;
+}
+
+int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
+                            unsigned char *rout, size_t *routlen,
+                            const unsigned char *sig, size_t siglen)
+{
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->verify_recover) {
+        EVPerr(EVP_F_EVP_PKEY_VERIFY_RECOVER,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+    if (ctx->operation != EVP_PKEY_OP_VERIFYRECOVER) {
+        EVPerr(EVP_F_EVP_PKEY_VERIFY_RECOVER, EVP_R_OPERATON_NOT_INITIALIZED);
+        return -1;
+    }
+    M_check_autoarg(ctx, rout, routlen, EVP_F_EVP_PKEY_VERIFY_RECOVER)
+        return ctx->pmeth->verify_recover(ctx, rout, routlen, sig, siglen);
+}
+
+int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx)
+{
+    int ret;
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->encrypt) {
+        EVPerr(EVP_F_EVP_PKEY_ENCRYPT_INIT,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+    ctx->operation = EVP_PKEY_OP_ENCRYPT;
+    if (!ctx->pmeth->encrypt_init)
+        return 1;
+    ret = ctx->pmeth->encrypt_init(ctx);
+    if (ret <= 0)
+        ctx->operation = EVP_PKEY_OP_UNDEFINED;
+    return ret;
+}
+
+int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx,
+                     unsigned char *out, size_t *outlen,
+                     const unsigned char *in, size_t inlen)
+{
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->encrypt) {
+        EVPerr(EVP_F_EVP_PKEY_ENCRYPT,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+    if (ctx->operation != EVP_PKEY_OP_ENCRYPT) {
+        EVPerr(EVP_F_EVP_PKEY_ENCRYPT, EVP_R_OPERATON_NOT_INITIALIZED);
+        return -1;
+    }
+    M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_ENCRYPT)
+        return ctx->pmeth->encrypt(ctx, out, outlen, in, inlen);
+}
+
+int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx)
+{
+    int ret;
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->decrypt) {
+        EVPerr(EVP_F_EVP_PKEY_DECRYPT_INIT,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+    ctx->operation = EVP_PKEY_OP_DECRYPT;
+    if (!ctx->pmeth->decrypt_init)
+        return 1;
+    ret = ctx->pmeth->decrypt_init(ctx);
+    if (ret <= 0)
+        ctx->operation = EVP_PKEY_OP_UNDEFINED;
+    return ret;
+}
+
+int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
+                     unsigned char *out, size_t *outlen,
+                     const unsigned char *in, size_t inlen)
+{
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->decrypt) {
+        EVPerr(EVP_F_EVP_PKEY_DECRYPT,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+    if (ctx->operation != EVP_PKEY_OP_DECRYPT) {
+        EVPerr(EVP_F_EVP_PKEY_DECRYPT, EVP_R_OPERATON_NOT_INITIALIZED);
+        return -1;
+    }
+    M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_DECRYPT)
+        return ctx->pmeth->decrypt(ctx, out, outlen, in, inlen);
+}
+
+int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx)
+{
+    int ret;
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->derive) {
+        EVPerr(EVP_F_EVP_PKEY_DERIVE_INIT,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+    ctx->operation = EVP_PKEY_OP_DERIVE;
+    if (!ctx->pmeth->derive_init)
+        return 1;
+    ret = ctx->pmeth->derive_init(ctx);
+    if (ret <= 0)
+        ctx->operation = EVP_PKEY_OP_UNDEFINED;
+    return ret;
+}
+
+int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer)
+{
+    int ret;
+    if (!ctx || !ctx->pmeth
+        || !(ctx->pmeth->derive || ctx->pmeth->encrypt || ctx->pmeth->decrypt)
+        || !ctx->pmeth->ctrl) {
+        EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+    if (ctx->operation != EVP_PKEY_OP_DERIVE
+        && ctx->operation != EVP_PKEY_OP_ENCRYPT
+        && ctx->operation != EVP_PKEY_OP_DECRYPT) {
+        EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
+               EVP_R_OPERATON_NOT_INITIALIZED);
+        return -1;
+    }
+
+    ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 0, peer);
+
+    if (ret <= 0)
+        return ret;
+
+    if (ret == 2)
+        return 1;
+
+    if (!ctx->pkey) {
+        EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_NO_KEY_SET);
+        return -1;
+    }
+
+    if (ctx->pkey->type != peer->type) {
+        EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_DIFFERENT_KEY_TYPES);
+        return -1;
+    }
+
+    /*
+     * For clarity.  The error is if parameters in peer are
+     * present (!missing) but don't match.  EVP_PKEY_cmp_parameters may return
+     * 1 (match), 0 (don't match) and -2 (comparison is not defined).  -1
+     * (different key types) is impossible here because it is checked earlier.
+     * -2 is OK for us here, as well as 1, so we can check for 0 only.
+     */
+    if (!EVP_PKEY_missing_parameters(peer) &&
+        !EVP_PKEY_cmp_parameters(ctx->pkey, peer)) {
+        EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_DIFFERENT_PARAMETERS);
+        return -1;
+    }
+
+    EVP_PKEY_free(ctx->peerkey);
+    ctx->peerkey = peer;
+
+    ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 1, peer);
+
+    if (ret <= 0) {
+        ctx->peerkey = NULL;
+        return ret;
+    }
+
+    EVP_PKEY_up_ref(peer);
+    return 1;
+}
+
+int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *pkeylen)
+{
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->derive) {
+        EVPerr(EVP_F_EVP_PKEY_DERIVE,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+    if (ctx->operation != EVP_PKEY_OP_DERIVE) {
+        EVPerr(EVP_F_EVP_PKEY_DERIVE, EVP_R_OPERATON_NOT_INITIALIZED);
+        return -1;
+    }
+    M_check_autoarg(ctx, key, pkeylen, EVP_F_EVP_PKEY_DERIVE)
+        return ctx->pmeth->derive(ctx, key, pkeylen);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/pmeth_gn.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/pmeth_gn.c
new file mode 100644
index 000000000..e14965f33
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/pmeth_gn.c
@@ -0,0 +1,239 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include "internal/bn_int.h"
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
+
+int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx)
+{
+    int ret;
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->paramgen) {
+        EVPerr(EVP_F_EVP_PKEY_PARAMGEN_INIT,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+    ctx->operation = EVP_PKEY_OP_PARAMGEN;
+    if (!ctx->pmeth->paramgen_init)
+        return 1;
+    ret = ctx->pmeth->paramgen_init(ctx);
+    if (ret <= 0)
+        ctx->operation = EVP_PKEY_OP_UNDEFINED;
+    return ret;
+}
+
+int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
+{
+    int ret;
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->paramgen) {
+        EVPerr(EVP_F_EVP_PKEY_PARAMGEN,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+
+    if (ctx->operation != EVP_PKEY_OP_PARAMGEN) {
+        EVPerr(EVP_F_EVP_PKEY_PARAMGEN, EVP_R_OPERATON_NOT_INITIALIZED);
+        return -1;
+    }
+
+    if (ppkey == NULL)
+        return -1;
+
+    if (*ppkey == NULL)
+        *ppkey = EVP_PKEY_new();
+
+    if (*ppkey == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_PARAMGEN, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+
+    ret = ctx->pmeth->paramgen(ctx, *ppkey);
+    if (ret <= 0) {
+        EVP_PKEY_free(*ppkey);
+        *ppkey = NULL;
+    }
+    return ret;
+}
+
+int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx)
+{
+    int ret;
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->keygen) {
+        EVPerr(EVP_F_EVP_PKEY_KEYGEN_INIT,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+    ctx->operation = EVP_PKEY_OP_KEYGEN;
+    if (!ctx->pmeth->keygen_init)
+        return 1;
+    ret = ctx->pmeth->keygen_init(ctx);
+    if (ret <= 0)
+        ctx->operation = EVP_PKEY_OP_UNDEFINED;
+    return ret;
+}
+
+int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
+{
+    int ret;
+
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->keygen) {
+        EVPerr(EVP_F_EVP_PKEY_KEYGEN,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+    if (ctx->operation != EVP_PKEY_OP_KEYGEN) {
+        EVPerr(EVP_F_EVP_PKEY_KEYGEN, EVP_R_OPERATON_NOT_INITIALIZED);
+        return -1;
+    }
+
+    if (ppkey == NULL)
+        return -1;
+
+    if (*ppkey == NULL)
+        *ppkey = EVP_PKEY_new();
+    if (*ppkey == NULL)
+        return -1;
+
+    ret = ctx->pmeth->keygen(ctx, *ppkey);
+    if (ret <= 0) {
+        EVP_PKEY_free(*ppkey);
+        *ppkey = NULL;
+    }
+    return ret;
+}
+
+void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb)
+{
+    ctx->pkey_gencb = cb;
+}
+
+EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx)
+{
+    return ctx->pkey_gencb;
+}
+
+/*
+ * "translation callback" to call EVP_PKEY_CTX callbacks using BN_GENCB style
+ * callbacks.
+ */
+
+static int trans_cb(int a, int b, BN_GENCB *gcb)
+{
+    EVP_PKEY_CTX *ctx = BN_GENCB_get_arg(gcb);
+    ctx->keygen_info[0] = a;
+    ctx->keygen_info[1] = b;
+    return ctx->pkey_gencb(ctx);
+}
+
+void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx)
+{
+    BN_GENCB_set(cb, trans_cb, ctx);
+}
+
+int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx)
+{
+    if (idx == -1)
+        return ctx->keygen_info_count;
+    if (idx < 0 || idx > ctx->keygen_info_count)
+        return 0;
+    return ctx->keygen_info[idx];
+}
+
+EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e,
+                               const unsigned char *key, int keylen)
+{
+    EVP_PKEY_CTX *mac_ctx = NULL;
+    EVP_PKEY *mac_key = NULL;
+    mac_ctx = EVP_PKEY_CTX_new_id(type, e);
+    if (!mac_ctx)
+        return NULL;
+    if (EVP_PKEY_keygen_init(mac_ctx) <= 0)
+        goto merr;
+    if (EVP_PKEY_CTX_set_mac_key(mac_ctx, key, keylen) <= 0)
+        goto merr;
+    if (EVP_PKEY_keygen(mac_ctx, &mac_key) <= 0)
+        goto merr;
+ merr:
+    EVP_PKEY_CTX_free(mac_ctx);
+    return mac_key;
+}
+
+int EVP_PKEY_check(EVP_PKEY_CTX *ctx)
+{
+    EVP_PKEY *pkey = ctx->pkey;
+
+    if (pkey == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_CHECK, EVP_R_NO_KEY_SET);
+        return 0;
+    }
+
+    /* call customized check function first */
+    if (ctx->pmeth->check != NULL)
+        return ctx->pmeth->check(pkey);
+
+    /* use default check function in ameth */
+    if (pkey->ameth == NULL || pkey->ameth->pkey_check == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_CHECK,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+
+    return pkey->ameth->pkey_check(pkey);
+}
+
+int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx)
+{
+    EVP_PKEY *pkey = ctx->pkey;
+
+    if (pkey == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_PUBLIC_CHECK, EVP_R_NO_KEY_SET);
+        return 0;
+    }
+
+    /* call customized public key check function first */
+    if (ctx->pmeth->public_check != NULL)
+        return ctx->pmeth->public_check(pkey);
+
+    /* use default public key check function in ameth */
+    if (pkey->ameth == NULL || pkey->ameth->pkey_public_check == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_PUBLIC_CHECK,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+
+    return pkey->ameth->pkey_public_check(pkey);
+}
+
+int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx)
+{
+    EVP_PKEY *pkey = ctx->pkey;
+
+    if (pkey == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_PARAM_CHECK, EVP_R_NO_KEY_SET);
+        return 0;
+    }
+
+    /* call customized param check function first */
+    if (ctx->pmeth->param_check != NULL)
+        return ctx->pmeth->param_check(pkey);
+
+    /* use default param check function in ameth */
+    if (pkey->ameth == NULL || pkey->ameth->pkey_param_check == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_PARAM_CHECK,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+
+    return pkey->ameth->pkey_param_check(pkey);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/pmeth_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/pmeth_lib.c
new file mode 100644
index 000000000..7fbf895e0
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/pmeth_lib.c
@@ -0,0 +1,864 @@
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include "internal/cryptlib.h"
+#include <openssl/engine.h>
+#include <openssl/evp.h>
+#include <openssl/x509v3.h>
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
+#include "internal/numbers.h"
+
+typedef int sk_cmp_fn_type(const char *const *a, const char *const *b);
+
+static STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL;
+
+/* This array needs to be in order of NIDs */
+static const EVP_PKEY_METHOD *standard_methods[] = {
+#ifndef OPENSSL_NO_RSA
+    &rsa_pkey_meth,
+#endif
+#ifndef OPENSSL_NO_DH
+    &dh_pkey_meth,
+#endif
+#ifndef OPENSSL_NO_DSA
+    &dsa_pkey_meth,
+#endif
+#ifndef OPENSSL_NO_EC
+    &ec_pkey_meth,
+#endif
+    &hmac_pkey_meth,
+#ifndef OPENSSL_NO_CMAC
+    &cmac_pkey_meth,
+#endif
+#ifndef OPENSSL_NO_RSA
+    &rsa_pss_pkey_meth,
+#endif
+#ifndef OPENSSL_NO_DH
+    &dhx_pkey_meth,
+#endif
+#ifndef OPENSSL_NO_SCRYPT
+    &scrypt_pkey_meth,
+#endif
+    &tls1_prf_pkey_meth,
+#ifndef OPENSSL_NO_EC
+    &ecx25519_pkey_meth,
+    &ecx448_pkey_meth,
+#endif
+    &hkdf_pkey_meth,
+#ifndef OPENSSL_NO_POLY1305
+    &poly1305_pkey_meth,
+#endif
+#ifndef OPENSSL_NO_SIPHASH
+    &siphash_pkey_meth,
+#endif
+#ifndef OPENSSL_NO_EC
+    &ed25519_pkey_meth,
+    &ed448_pkey_meth,
+#endif
+#ifndef OPENSSL_NO_SM2
+    &sm2_pkey_meth,
+#endif
+};
+
+DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *,
+                           pmeth);
+
+static int pmeth_cmp(const EVP_PKEY_METHOD *const *a,
+                     const EVP_PKEY_METHOD *const *b)
+{
+    return ((*a)->pkey_id - (*b)->pkey_id);
+}
+
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *,
+                             pmeth);
+
+const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type)
+{
+    EVP_PKEY_METHOD tmp;
+    const EVP_PKEY_METHOD *t = &tmp, **ret;
+    tmp.pkey_id = type;
+    if (app_pkey_methods) {
+        int idx;
+        idx = sk_EVP_PKEY_METHOD_find(app_pkey_methods, &tmp);
+        if (idx >= 0)
+            return sk_EVP_PKEY_METHOD_value(app_pkey_methods, idx);
+    }
+    ret = OBJ_bsearch_pmeth(&t, standard_methods,
+                            sizeof(standard_methods) /
+                            sizeof(EVP_PKEY_METHOD *));
+    if (!ret || !*ret)
+        return NULL;
+    return *ret;
+}
+
+static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id)
+{
+    EVP_PKEY_CTX *ret;
+    const EVP_PKEY_METHOD *pmeth;
+
+    if (id == -1) {
+        if (pkey == NULL)
+            return 0;
+        id = pkey->type;
+    }
+#ifndef OPENSSL_NO_ENGINE
+    if (e == NULL && pkey != NULL)
+        e = pkey->pmeth_engine != NULL ? pkey->pmeth_engine : pkey->engine;
+    /* Try to find an ENGINE which implements this method */
+    if (e) {
+        if (!ENGINE_init(e)) {
+            EVPerr(EVP_F_INT_CTX_NEW, ERR_R_ENGINE_LIB);
+            return NULL;
+        }
+    } else {
+        e = ENGINE_get_pkey_meth_engine(id);
+    }
+
+    /*
+     * If an ENGINE handled this method look it up. Otherwise use internal
+     * tables.
+     */
+    if (e)
+        pmeth = ENGINE_get_pkey_meth(e, id);
+    else
+#endif
+        pmeth = EVP_PKEY_meth_find(id);
+
+    if (pmeth == NULL) {
+#ifndef OPENSSL_NO_ENGINE
+        ENGINE_finish(e);
+#endif
+        EVPerr(EVP_F_INT_CTX_NEW, EVP_R_UNSUPPORTED_ALGORITHM);
+        return NULL;
+    }
+
+    ret = OPENSSL_zalloc(sizeof(*ret));
+    if (ret == NULL) {
+#ifndef OPENSSL_NO_ENGINE
+        ENGINE_finish(e);
+#endif
+        EVPerr(EVP_F_INT_CTX_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    ret->engine = e;
+    ret->pmeth = pmeth;
+    ret->operation = EVP_PKEY_OP_UNDEFINED;
+    ret->pkey = pkey;
+    if (pkey != NULL)
+        EVP_PKEY_up_ref(pkey);
+
+    if (pmeth->init) {
+        if (pmeth->init(ret) <= 0) {
+            ret->pmeth = NULL;
+            EVP_PKEY_CTX_free(ret);
+            return NULL;
+        }
+    }
+
+    return ret;
+}
+
+EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags)
+{
+    EVP_PKEY_METHOD *pmeth;
+
+    pmeth = OPENSSL_zalloc(sizeof(*pmeth));
+    if (pmeth == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_METH_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    pmeth->pkey_id = id;
+    pmeth->flags = flags | EVP_PKEY_FLAG_DYNAMIC;
+    return pmeth;
+}
+
+void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags,
+                             const EVP_PKEY_METHOD *meth)
+{
+    if (ppkey_id)
+        *ppkey_id = meth->pkey_id;
+    if (pflags)
+        *pflags = meth->flags;
+}
+
+void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src)
+{
+
+    dst->init = src->init;
+    dst->copy = src->copy;
+    dst->cleanup = src->cleanup;
+
+    dst->paramgen_init = src->paramgen_init;
+    dst->paramgen = src->paramgen;
+
+    dst->keygen_init = src->keygen_init;
+    dst->keygen = src->keygen;
+
+    dst->sign_init = src->sign_init;
+    dst->sign = src->sign;
+
+    dst->verify_init = src->verify_init;
+    dst->verify = src->verify;
+
+    dst->verify_recover_init = src->verify_recover_init;
+    dst->verify_recover = src->verify_recover;
+
+    dst->signctx_init = src->signctx_init;
+    dst->signctx = src->signctx;
+
+    dst->verifyctx_init = src->verifyctx_init;
+    dst->verifyctx = src->verifyctx;
+
+    dst->encrypt_init = src->encrypt_init;
+    dst->encrypt = src->encrypt;
+
+    dst->decrypt_init = src->decrypt_init;
+    dst->decrypt = src->decrypt;
+
+    dst->derive_init = src->derive_init;
+    dst->derive = src->derive;
+
+    dst->ctrl = src->ctrl;
+    dst->ctrl_str = src->ctrl_str;
+
+    dst->check = src->check;
+}
+
+void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth)
+{
+    if (pmeth && (pmeth->flags & EVP_PKEY_FLAG_DYNAMIC))
+        OPENSSL_free(pmeth);
+}
+
+EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e)
+{
+    return int_ctx_new(pkey, e, -1);
+}
+
+EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e)
+{
+    return int_ctx_new(NULL, e, id);
+}
+
+EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx)
+{
+    EVP_PKEY_CTX *rctx;
+    if (!pctx->pmeth || !pctx->pmeth->copy)
+        return NULL;
+#ifndef OPENSSL_NO_ENGINE
+    /* Make sure it's safe to copy a pkey context using an ENGINE */
+    if (pctx->engine && !ENGINE_init(pctx->engine)) {
+        EVPerr(EVP_F_EVP_PKEY_CTX_DUP, ERR_R_ENGINE_LIB);
+        return 0;
+    }
+#endif
+    rctx = OPENSSL_malloc(sizeof(*rctx));
+    if (rctx == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_CTX_DUP, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    rctx->pmeth = pctx->pmeth;
+#ifndef OPENSSL_NO_ENGINE
+    rctx->engine = pctx->engine;
+#endif
+
+    if (pctx->pkey)
+        EVP_PKEY_up_ref(pctx->pkey);
+
+    rctx->pkey = pctx->pkey;
+
+    if (pctx->peerkey)
+        EVP_PKEY_up_ref(pctx->peerkey);
+
+    rctx->peerkey = pctx->peerkey;
+
+    rctx->data = NULL;
+    rctx->app_data = NULL;
+    rctx->operation = pctx->operation;
+
+    if (pctx->pmeth->copy(rctx, pctx) > 0)
+        return rctx;
+
+    rctx->pmeth = NULL;
+    EVP_PKEY_CTX_free(rctx);
+    return NULL;
+
+}
+
+int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth)
+{
+    if (app_pkey_methods == NULL) {
+        app_pkey_methods = sk_EVP_PKEY_METHOD_new(pmeth_cmp);
+        if (app_pkey_methods == NULL){
+            EVPerr(EVP_F_EVP_PKEY_METH_ADD0, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+    }
+    if (!sk_EVP_PKEY_METHOD_push(app_pkey_methods, pmeth)) {
+        EVPerr(EVP_F_EVP_PKEY_METH_ADD0, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    sk_EVP_PKEY_METHOD_sort(app_pkey_methods);
+    return 1;
+}
+
+void evp_app_cleanup_int(void)
+{
+    if (app_pkey_methods != NULL)
+        sk_EVP_PKEY_METHOD_pop_free(app_pkey_methods, EVP_PKEY_meth_free);
+}
+
+int EVP_PKEY_meth_remove(const EVP_PKEY_METHOD *pmeth)
+{
+    const EVP_PKEY_METHOD *ret;
+
+    ret = sk_EVP_PKEY_METHOD_delete_ptr(app_pkey_methods, pmeth);
+
+    return ret == NULL ? 0 : 1;
+}
+
+size_t EVP_PKEY_meth_get_count(void)
+{
+    size_t rv = OSSL_NELEM(standard_methods);
+
+    if (app_pkey_methods)
+        rv += sk_EVP_PKEY_METHOD_num(app_pkey_methods);
+    return rv;
+}
+
+const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx)
+{
+    if (idx < OSSL_NELEM(standard_methods))
+        return standard_methods[idx];
+    if (app_pkey_methods == NULL)
+        return NULL;
+    idx -= OSSL_NELEM(standard_methods);
+    if (idx >= (size_t)sk_EVP_PKEY_METHOD_num(app_pkey_methods))
+        return NULL;
+    return sk_EVP_PKEY_METHOD_value(app_pkey_methods, idx);
+}
+
+void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx)
+{
+    if (ctx == NULL)
+        return;
+    if (ctx->pmeth && ctx->pmeth->cleanup)
+        ctx->pmeth->cleanup(ctx);
+    EVP_PKEY_free(ctx->pkey);
+    EVP_PKEY_free(ctx->peerkey);
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_finish(ctx->engine);
+#endif
+    OPENSSL_free(ctx);
+}
+
+int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
+                      int cmd, int p1, void *p2)
+{
+    int ret;
+
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl) {
+        EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_COMMAND_NOT_SUPPORTED);
+        return -2;
+    }
+    if ((keytype != -1) && (ctx->pmeth->pkey_id != keytype))
+        return -1;
+
+    /* Skip the operation checks since this is called in a very early stage */
+    if (ctx->pmeth->digest_custom != NULL)
+        goto doit;
+
+    if (ctx->operation == EVP_PKEY_OP_UNDEFINED) {
+        EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_NO_OPERATION_SET);
+        return -1;
+    }
+
+    if ((optype != -1) && !(ctx->operation & optype)) {
+        EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_INVALID_OPERATION);
+        return -1;
+    }
+
+ doit:
+    ret = ctx->pmeth->ctrl(ctx, cmd, p1, p2);
+
+    if (ret == -2)
+        EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_COMMAND_NOT_SUPPORTED);
+
+    return ret;
+}
+
+int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype,
+                             int cmd, uint64_t value)
+{
+    return EVP_PKEY_CTX_ctrl(ctx, keytype, optype, cmd, 0, &value);
+}
+
+int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx,
+                          const char *name, const char *value)
+{
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl_str) {
+        EVPerr(EVP_F_EVP_PKEY_CTX_CTRL_STR, EVP_R_COMMAND_NOT_SUPPORTED);
+        return -2;
+    }
+    if (strcmp(name, "digest") == 0)
+        return EVP_PKEY_CTX_md(ctx, EVP_PKEY_OP_TYPE_SIG, EVP_PKEY_CTRL_MD,
+                               value);
+    return ctx->pmeth->ctrl_str(ctx, name, value);
+}
+
+/* Utility functions to send a string of hex string to a ctrl */
+
+int EVP_PKEY_CTX_str2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *str)
+{
+    size_t len;
+
+    len = strlen(str);
+    if (len > INT_MAX)
+        return -1;
+    return ctx->pmeth->ctrl(ctx, cmd, len, (void *)str);
+}
+
+int EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *hex)
+{
+    unsigned char *bin;
+    long binlen;
+    int rv = -1;
+
+    bin = OPENSSL_hexstr2buf(hex, &binlen);
+    if (bin == NULL)
+        return 0;
+    if (binlen <= INT_MAX)
+        rv = ctx->pmeth->ctrl(ctx, cmd, binlen, bin);
+    OPENSSL_free(bin);
+    return rv;
+}
+
+/* Pass a message digest to a ctrl */
+int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md)
+{
+    const EVP_MD *m;
+
+    if (md == NULL || (m = EVP_get_digestbyname(md)) == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_CTX_MD, EVP_R_INVALID_DIGEST);
+        return 0;
+    }
+    return EVP_PKEY_CTX_ctrl(ctx, -1, optype, cmd, 0, (void *)m);
+}
+
+int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx)
+{
+    return ctx->operation;
+}
+
+void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen)
+{
+    ctx->keygen_info = dat;
+    ctx->keygen_info_count = datlen;
+}
+
+void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data)
+{
+    ctx->data = data;
+}
+
+void *EVP_PKEY_CTX_get_data(EVP_PKEY_CTX *ctx)
+{
+    return ctx->data;
+}
+
+EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx)
+{
+    return ctx->pkey;
+}
+
+EVP_PKEY *EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx)
+{
+    return ctx->peerkey;
+}
+
+void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data)
+{
+    ctx->app_data = data;
+}
+
+void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx)
+{
+    return ctx->app_data;
+}
+
+void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth,
+                            int (*init) (EVP_PKEY_CTX *ctx))
+{
+    pmeth->init = init;
+}
+
+void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth,
+                            int (*copy) (EVP_PKEY_CTX *dst,
+                                         EVP_PKEY_CTX *src))
+{
+    pmeth->copy = copy;
+}
+
+void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth,
+                               void (*cleanup) (EVP_PKEY_CTX *ctx))
+{
+    pmeth->cleanup = cleanup;
+}
+
+void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth,
+                                int (*paramgen_init) (EVP_PKEY_CTX *ctx),
+                                int (*paramgen) (EVP_PKEY_CTX *ctx,
+                                                 EVP_PKEY *pkey))
+{
+    pmeth->paramgen_init = paramgen_init;
+    pmeth->paramgen = paramgen;
+}
+
+void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth,
+                              int (*keygen_init) (EVP_PKEY_CTX *ctx),
+                              int (*keygen) (EVP_PKEY_CTX *ctx,
+                                             EVP_PKEY *pkey))
+{
+    pmeth->keygen_init = keygen_init;
+    pmeth->keygen = keygen;
+}
+
+void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth,
+                            int (*sign_init) (EVP_PKEY_CTX *ctx),
+                            int (*sign) (EVP_PKEY_CTX *ctx,
+                                         unsigned char *sig, size_t *siglen,
+                                         const unsigned char *tbs,
+                                         size_t tbslen))
+{
+    pmeth->sign_init = sign_init;
+    pmeth->sign = sign;
+}
+
+void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth,
+                              int (*verify_init) (EVP_PKEY_CTX *ctx),
+                              int (*verify) (EVP_PKEY_CTX *ctx,
+                                             const unsigned char *sig,
+                                             size_t siglen,
+                                             const unsigned char *tbs,
+                                             size_t tbslen))
+{
+    pmeth->verify_init = verify_init;
+    pmeth->verify = verify;
+}
+
+void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth,
+                                      int (*verify_recover_init) (EVP_PKEY_CTX
+                                                                  *ctx),
+                                      int (*verify_recover) (EVP_PKEY_CTX
+                                                             *ctx,
+                                                             unsigned char
+                                                             *sig,
+                                                             size_t *siglen,
+                                                             const unsigned
+                                                             char *tbs,
+                                                             size_t tbslen))
+{
+    pmeth->verify_recover_init = verify_recover_init;
+    pmeth->verify_recover = verify_recover;
+}
+
+void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth,
+                               int (*signctx_init) (EVP_PKEY_CTX *ctx,
+                                                    EVP_MD_CTX *mctx),
+                               int (*signctx) (EVP_PKEY_CTX *ctx,
+                                               unsigned char *sig,
+                                               size_t *siglen,
+                                               EVP_MD_CTX *mctx))
+{
+    pmeth->signctx_init = signctx_init;
+    pmeth->signctx = signctx;
+}
+
+void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth,
+                                 int (*verifyctx_init) (EVP_PKEY_CTX *ctx,
+                                                        EVP_MD_CTX *mctx),
+                                 int (*verifyctx) (EVP_PKEY_CTX *ctx,
+                                                   const unsigned char *sig,
+                                                   int siglen,
+                                                   EVP_MD_CTX *mctx))
+{
+    pmeth->verifyctx_init = verifyctx_init;
+    pmeth->verifyctx = verifyctx;
+}
+
+void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth,
+                               int (*encrypt_init) (EVP_PKEY_CTX *ctx),
+                               int (*encryptfn) (EVP_PKEY_CTX *ctx,
+                                                 unsigned char *out,
+                                                 size_t *outlen,
+                                                 const unsigned char *in,
+                                                 size_t inlen))
+{
+    pmeth->encrypt_init = encrypt_init;
+    pmeth->encrypt = encryptfn;
+}
+
+void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth,
+                               int (*decrypt_init) (EVP_PKEY_CTX *ctx),
+                               int (*decrypt) (EVP_PKEY_CTX *ctx,
+                                               unsigned char *out,
+                                               size_t *outlen,
+                                               const unsigned char *in,
+                                               size_t inlen))
+{
+    pmeth->decrypt_init = decrypt_init;
+    pmeth->decrypt = decrypt;
+}
+
+void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth,
+                              int (*derive_init) (EVP_PKEY_CTX *ctx),
+                              int (*derive) (EVP_PKEY_CTX *ctx,
+                                             unsigned char *key,
+                                             size_t *keylen))
+{
+    pmeth->derive_init = derive_init;
+    pmeth->derive = derive;
+}
+
+void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
+                            int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1,
+                                         void *p2),
+                            int (*ctrl_str) (EVP_PKEY_CTX *ctx,
+                                             const char *type,
+                                             const char *value))
+{
+    pmeth->ctrl = ctrl;
+    pmeth->ctrl_str = ctrl_str;
+}
+
+void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth,
+                             int (*check) (EVP_PKEY *pkey))
+{
+    pmeth->check = check;
+}
+
+void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth,
+                                    int (*check) (EVP_PKEY *pkey))
+{
+    pmeth->public_check = check;
+}
+
+void EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth,
+                                   int (*check) (EVP_PKEY *pkey))
+{
+    pmeth->param_check = check;
+}
+
+void EVP_PKEY_meth_set_digest_custom(EVP_PKEY_METHOD *pmeth,
+                                     int (*digest_custom) (EVP_PKEY_CTX *ctx,
+                                                           EVP_MD_CTX *mctx))
+{
+    pmeth->digest_custom = digest_custom;
+}
+
+void EVP_PKEY_meth_get_init(const EVP_PKEY_METHOD *pmeth,
+                            int (**pinit) (EVP_PKEY_CTX *ctx))
+{
+    *pinit = pmeth->init;
+}
+
+void EVP_PKEY_meth_get_copy(const EVP_PKEY_METHOD *pmeth,
+                            int (**pcopy) (EVP_PKEY_CTX *dst,
+                                           EVP_PKEY_CTX *src))
+{
+    *pcopy = pmeth->copy;
+}
+
+void EVP_PKEY_meth_get_cleanup(const EVP_PKEY_METHOD *pmeth,
+                               void (**pcleanup) (EVP_PKEY_CTX *ctx))
+{
+    *pcleanup = pmeth->cleanup;
+}
+
+void EVP_PKEY_meth_get_paramgen(const EVP_PKEY_METHOD *pmeth,
+                                int (**pparamgen_init) (EVP_PKEY_CTX *ctx),
+                                int (**pparamgen) (EVP_PKEY_CTX *ctx,
+                                                   EVP_PKEY *pkey))
+{
+    if (pparamgen_init)
+        *pparamgen_init = pmeth->paramgen_init;
+    if (pparamgen)
+        *pparamgen = pmeth->paramgen;
+}
+
+void EVP_PKEY_meth_get_keygen(const EVP_PKEY_METHOD *pmeth,
+                              int (**pkeygen_init) (EVP_PKEY_CTX *ctx),
+                              int (**pkeygen) (EVP_PKEY_CTX *ctx,
+                                               EVP_PKEY *pkey))
+{
+    if (pkeygen_init)
+        *pkeygen_init = pmeth->keygen_init;
+    if (pkeygen)
+        *pkeygen = pmeth->keygen;
+}
+
+void EVP_PKEY_meth_get_sign(const EVP_PKEY_METHOD *pmeth,
+                            int (**psign_init) (EVP_PKEY_CTX *ctx),
+                            int (**psign) (EVP_PKEY_CTX *ctx,
+                                           unsigned char *sig, size_t *siglen,
+                                           const unsigned char *tbs,
+                                           size_t tbslen))
+{
+    if (psign_init)
+        *psign_init = pmeth->sign_init;
+    if (psign)
+        *psign = pmeth->sign;
+}
+
+void EVP_PKEY_meth_get_verify(const EVP_PKEY_METHOD *pmeth,
+                              int (**pverify_init) (EVP_PKEY_CTX *ctx),
+                              int (**pverify) (EVP_PKEY_CTX *ctx,
+                                               const unsigned char *sig,
+                                               size_t siglen,
+                                               const unsigned char *tbs,
+                                               size_t tbslen))
+{
+    if (pverify_init)
+        *pverify_init = pmeth->verify_init;
+    if (pverify)
+        *pverify = pmeth->verify;
+}
+
+void EVP_PKEY_meth_get_verify_recover(const EVP_PKEY_METHOD *pmeth,
+                                      int (**pverify_recover_init) (EVP_PKEY_CTX
+                                                                    *ctx),
+                                      int (**pverify_recover) (EVP_PKEY_CTX
+                                                               *ctx,
+                                                               unsigned char
+                                                               *sig,
+                                                               size_t *siglen,
+                                                               const unsigned
+                                                               char *tbs,
+                                                               size_t tbslen))
+{
+    if (pverify_recover_init)
+        *pverify_recover_init = pmeth->verify_recover_init;
+    if (pverify_recover)
+        *pverify_recover = pmeth->verify_recover;
+}
+
+void EVP_PKEY_meth_get_signctx(const EVP_PKEY_METHOD *pmeth,
+                               int (**psignctx_init) (EVP_PKEY_CTX *ctx,
+                                                      EVP_MD_CTX *mctx),
+                               int (**psignctx) (EVP_PKEY_CTX *ctx,
+                                                 unsigned char *sig,
+                                                 size_t *siglen,
+                                                 EVP_MD_CTX *mctx))
+{
+    if (psignctx_init)
+        *psignctx_init = pmeth->signctx_init;
+    if (psignctx)
+        *psignctx = pmeth->signctx;
+}
+
+void EVP_PKEY_meth_get_verifyctx(const EVP_PKEY_METHOD *pmeth,
+                                 int (**pverifyctx_init) (EVP_PKEY_CTX *ctx,
+                                                          EVP_MD_CTX *mctx),
+                                 int (**pverifyctx) (EVP_PKEY_CTX *ctx,
+                                                     const unsigned char *sig,
+                                                     int siglen,
+                                                     EVP_MD_CTX *mctx))
+{
+    if (pverifyctx_init)
+        *pverifyctx_init = pmeth->verifyctx_init;
+    if (pverifyctx)
+        *pverifyctx = pmeth->verifyctx;
+}
+
+void EVP_PKEY_meth_get_encrypt(const EVP_PKEY_METHOD *pmeth,
+                               int (**pencrypt_init) (EVP_PKEY_CTX *ctx),
+                               int (**pencryptfn) (EVP_PKEY_CTX *ctx,
+                                                   unsigned char *out,
+                                                   size_t *outlen,
+                                                   const unsigned char *in,
+                                                   size_t inlen))
+{
+    if (pencrypt_init)
+        *pencrypt_init = pmeth->encrypt_init;
+    if (pencryptfn)
+        *pencryptfn = pmeth->encrypt;
+}
+
+void EVP_PKEY_meth_get_decrypt(const EVP_PKEY_METHOD *pmeth,
+                               int (**pdecrypt_init) (EVP_PKEY_CTX *ctx),
+                               int (**pdecrypt) (EVP_PKEY_CTX *ctx,
+                                                 unsigned char *out,
+                                                 size_t *outlen,
+                                                 const unsigned char *in,
+                                                 size_t inlen))
+{
+    if (pdecrypt_init)
+        *pdecrypt_init = pmeth->decrypt_init;
+    if (pdecrypt)
+        *pdecrypt = pmeth->decrypt;
+}
+
+void EVP_PKEY_meth_get_derive(const EVP_PKEY_METHOD *pmeth,
+                              int (**pderive_init) (EVP_PKEY_CTX *ctx),
+                              int (**pderive) (EVP_PKEY_CTX *ctx,
+                                               unsigned char *key,
+                                               size_t *keylen))
+{
+    if (pderive_init)
+        *pderive_init = pmeth->derive_init;
+    if (pderive)
+        *pderive = pmeth->derive;
+}
+
+void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth,
+                            int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1,
+                                           void *p2),
+                            int (**pctrl_str) (EVP_PKEY_CTX *ctx,
+                                               const char *type,
+                                               const char *value))
+{
+    if (pctrl)
+        *pctrl = pmeth->ctrl;
+    if (pctrl_str)
+        *pctrl_str = pmeth->ctrl_str;
+}
+
+void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth,
+                             int (**pcheck) (EVP_PKEY *pkey))
+{
+    if (pcheck != NULL)
+        *pcheck = pmeth->check;
+}
+
+void EVP_PKEY_meth_get_public_check(const EVP_PKEY_METHOD *pmeth,
+                                    int (**pcheck) (EVP_PKEY *pkey))
+{
+    if (pcheck != NULL)
+        *pcheck = pmeth->public_check;
+}
+
+void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD *pmeth,
+                                   int (**pcheck) (EVP_PKEY *pkey))
+{
+    if (pcheck != NULL)
+        *pcheck = pmeth->param_check;
+}
+
+void EVP_PKEY_meth_get_digest_custom(EVP_PKEY_METHOD *pmeth,
+                                     int (**pdigest_custom) (EVP_PKEY_CTX *ctx,
+                                                             EVP_MD_CTX *mctx))
+{
+    if (pdigest_custom != NULL)
+        *pdigest_custom = pmeth->digest_custom;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ex_data.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ex_data.c
new file mode 100644
index 000000000..08dc7c407
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ex_data.c
@@ -0,0 +1,399 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib_int.h"
+#include "internal/thread_once.h"
+
+/*
+ * Each structure type (sometimes called a class), that supports
+ * exdata has a stack of callbacks for each instance.
+ */
+struct ex_callback_st {
+    long argl;                  /* Arbitrary long */
+    void *argp;                 /* Arbitrary void * */
+    CRYPTO_EX_new *new_func;
+    CRYPTO_EX_free *free_func;
+    CRYPTO_EX_dup *dup_func;
+};
+
+/*
+ * The state for each class.  This could just be a typedef, but
+ * a structure allows future changes.
+ */
+typedef struct ex_callbacks_st {
+    STACK_OF(EX_CALLBACK) *meth;
+} EX_CALLBACKS;
+
+static EX_CALLBACKS ex_data[CRYPTO_EX_INDEX__COUNT];
+
+static CRYPTO_RWLOCK *ex_data_lock = NULL;
+static CRYPTO_ONCE ex_data_init = CRYPTO_ONCE_STATIC_INIT;
+
+DEFINE_RUN_ONCE_STATIC(do_ex_data_init)
+{
+    if (!OPENSSL_init_crypto(0, NULL))
+        return 0;
+    ex_data_lock = CRYPTO_THREAD_lock_new();
+    return ex_data_lock != NULL;
+}
+
+/*
+ * Return the EX_CALLBACKS from the |ex_data| array that corresponds to
+ * a given class.  On success, *holds the lock.*
+ */
+static EX_CALLBACKS *get_and_lock(int class_index)
+{
+    EX_CALLBACKS *ip;
+
+    if (class_index < 0 || class_index >= CRYPTO_EX_INDEX__COUNT) {
+        CRYPTOerr(CRYPTO_F_GET_AND_LOCK, ERR_R_PASSED_INVALID_ARGUMENT);
+        return NULL;
+    }
+
+    if (!RUN_ONCE(&ex_data_init, do_ex_data_init)) {
+        CRYPTOerr(CRYPTO_F_GET_AND_LOCK, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if (ex_data_lock == NULL) {
+        /*
+         * This can happen in normal operation when using CRYPTO_mem_leaks().
+         * The CRYPTO_mem_leaks() function calls OPENSSL_cleanup() which cleans
+         * up the locks. Subsequently the BIO that CRYPTO_mem_leaks() uses gets
+         * freed, which also attempts to free the ex_data. However
+         * CRYPTO_mem_leaks() ensures that the ex_data is freed early (i.e.
+         * before OPENSSL_cleanup() is called), so if we get here we can safely
+         * ignore this operation. We just treat it as an error.
+         */
+         return NULL;
+    }
+
+    ip = &ex_data[class_index];
+    CRYPTO_THREAD_write_lock(ex_data_lock);
+    return ip;
+}
+
+static void cleanup_cb(EX_CALLBACK *funcs)
+{
+    OPENSSL_free(funcs);
+}
+
+/*
+ * Release all "ex_data" state to prevent memory leaks. This can't be made
+ * thread-safe without overhauling a lot of stuff, and shouldn't really be
+ * called under potential race-conditions anyway (it's for program shutdown
+ * after all).
+ */
+void crypto_cleanup_all_ex_data_int(void)
+{
+    int i;
+
+    for (i = 0; i < CRYPTO_EX_INDEX__COUNT; ++i) {
+        EX_CALLBACKS *ip = &ex_data[i];
+
+        sk_EX_CALLBACK_pop_free(ip->meth, cleanup_cb);
+        ip->meth = NULL;
+    }
+
+    CRYPTO_THREAD_lock_free(ex_data_lock);
+    ex_data_lock = NULL;
+}
+
+
+/*
+ * Unregister a new index by replacing the callbacks with no-ops.
+ * Any in-use instances are leaked.
+ */
+static void dummy_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx,
+                     long argl, void *argp)
+{
+}
+
+static void dummy_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx,
+                       long argl, void *argp)
+{
+}
+
+static int dummy_dup(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
+                     void *from_d, int idx,
+                     long argl, void *argp)
+{
+    return 1;
+}
+
+int CRYPTO_free_ex_index(int class_index, int idx)
+{
+    EX_CALLBACKS *ip = get_and_lock(class_index);
+    EX_CALLBACK *a;
+    int toret = 0;
+
+    if (ip == NULL)
+        return 0;
+    if (idx < 0 || idx >= sk_EX_CALLBACK_num(ip->meth))
+        goto err;
+    a = sk_EX_CALLBACK_value(ip->meth, idx);
+    if (a == NULL)
+        goto err;
+    a->new_func = dummy_new;
+    a->dup_func = dummy_dup;
+    a->free_func = dummy_free;
+    toret = 1;
+err:
+    CRYPTO_THREAD_unlock(ex_data_lock);
+    return toret;
+}
+
+/*
+ * Register a new index.
+ */
+int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,
+                            CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
+                            CRYPTO_EX_free *free_func)
+{
+    int toret = -1;
+    EX_CALLBACK *a;
+    EX_CALLBACKS *ip = get_and_lock(class_index);
+
+    if (ip == NULL)
+        return -1;
+
+    if (ip->meth == NULL) {
+        ip->meth = sk_EX_CALLBACK_new_null();
+        /* We push an initial value on the stack because the SSL
+         * "app_data" routines use ex_data index zero.  See RT 3710. */
+        if (ip->meth == NULL
+            || !sk_EX_CALLBACK_push(ip->meth, NULL)) {
+            CRYPTOerr(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+
+    a = (EX_CALLBACK *)OPENSSL_malloc(sizeof(*a));
+    if (a == NULL) {
+        CRYPTOerr(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    a->argl = argl;
+    a->argp = argp;
+    a->new_func = new_func;
+    a->dup_func = dup_func;
+    a->free_func = free_func;
+
+    if (!sk_EX_CALLBACK_push(ip->meth, NULL)) {
+        CRYPTOerr(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(a);
+        goto err;
+    }
+    toret = sk_EX_CALLBACK_num(ip->meth) - 1;
+    (void)sk_EX_CALLBACK_set(ip->meth, toret, a);
+
+ err:
+    CRYPTO_THREAD_unlock(ex_data_lock);
+    return toret;
+}
+
+/*
+ * Initialise a new CRYPTO_EX_DATA for use in a particular class - including
+ * calling new() callbacks for each index in the class used by this variable
+ * Thread-safe by copying a class's array of "EX_CALLBACK" entries
+ * in the lock, then using them outside the lock. Note this only applies
+ * to the global "ex_data" state (ie. class definitions), not 'ad' itself.
+ */
+int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
+{
+    int mx, i;
+    void *ptr;
+    EX_CALLBACK **storage = NULL;
+    EX_CALLBACK *stack[10];
+    EX_CALLBACKS *ip = get_and_lock(class_index);
+
+    if (ip == NULL)
+        return 0;
+
+    ad->sk = NULL;
+
+    mx = sk_EX_CALLBACK_num(ip->meth);
+    if (mx > 0) {
+        if (mx < (int)OSSL_NELEM(stack))
+            storage = stack;
+        else
+            storage = OPENSSL_malloc(sizeof(*storage) * mx);
+        if (storage != NULL)
+            for (i = 0; i < mx; i++)
+                storage[i] = sk_EX_CALLBACK_value(ip->meth, i);
+    }
+    CRYPTO_THREAD_unlock(ex_data_lock);
+
+    if (mx > 0 && storage == NULL) {
+        CRYPTOerr(CRYPTO_F_CRYPTO_NEW_EX_DATA, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    for (i = 0; i < mx; i++) {
+        if (storage[i] && storage[i]->new_func) {
+            ptr = CRYPTO_get_ex_data(ad, i);
+            storage[i]->new_func(obj, ptr, ad, i,
+                                 storage[i]->argl, storage[i]->argp);
+        }
+    }
+    if (storage != stack)
+        OPENSSL_free(storage);
+    return 1;
+}
+
+/*
+ * Duplicate a CRYPTO_EX_DATA variable - including calling dup() callbacks
+ * for each index in the class used by this variable
+ */
+int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
+                       const CRYPTO_EX_DATA *from)
+{
+    int mx, j, i;
+    void *ptr;
+    EX_CALLBACK *stack[10];
+    EX_CALLBACK **storage = NULL;
+    EX_CALLBACKS *ip;
+    int toret = 0;
+
+    if (from->sk == NULL)
+        /* Nothing to copy over */
+        return 1;
+    if ((ip = get_and_lock(class_index)) == NULL)
+        return 0;
+
+    mx = sk_EX_CALLBACK_num(ip->meth);
+    j = sk_void_num(from->sk);
+    if (j < mx)
+        mx = j;
+    if (mx > 0) {
+        if (mx < (int)OSSL_NELEM(stack))
+            storage = stack;
+        else
+            storage = OPENSSL_malloc(sizeof(*storage) * mx);
+        if (storage != NULL)
+            for (i = 0; i < mx; i++)
+                storage[i] = sk_EX_CALLBACK_value(ip->meth, i);
+    }
+    CRYPTO_THREAD_unlock(ex_data_lock);
+
+    if (mx == 0)
+        return 1;
+    if (storage == NULL) {
+        CRYPTOerr(CRYPTO_F_CRYPTO_DUP_EX_DATA, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    /*
+     * Make sure the ex_data stack is at least |mx| elements long to avoid
+     * issues in the for loop that follows; so go get the |mx|'th element
+     * (if it does not exist CRYPTO_get_ex_data() returns NULL), and assign
+     * to itself. This is normally a no-op; but ensures the stack is the
+     * proper size
+     */
+    if (!CRYPTO_set_ex_data(to, mx - 1, CRYPTO_get_ex_data(to, mx - 1)))
+        goto err;
+
+    for (i = 0; i < mx; i++) {
+        ptr = CRYPTO_get_ex_data(from, i);
+        if (storage[i] && storage[i]->dup_func)
+            if (!storage[i]->dup_func(to, from, &ptr, i,
+                                      storage[i]->argl, storage[i]->argp))
+                goto err;
+        CRYPTO_set_ex_data(to, i, ptr);
+    }
+    toret = 1;
+ err:
+    if (storage != stack)
+        OPENSSL_free(storage);
+    return toret;
+}
+
+
+/*
+ * Cleanup a CRYPTO_EX_DATA variable - including calling free() callbacks for
+ * each index in the class used by this variable
+ */
+void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
+{
+    int mx, i;
+    EX_CALLBACKS *ip;
+    void *ptr;
+    EX_CALLBACK *f;
+    EX_CALLBACK *stack[10];
+    EX_CALLBACK **storage = NULL;
+
+    if ((ip = get_and_lock(class_index)) == NULL)
+        goto err;
+
+    mx = sk_EX_CALLBACK_num(ip->meth);
+    if (mx > 0) {
+        if (mx < (int)OSSL_NELEM(stack))
+            storage = stack;
+        else
+            storage = OPENSSL_malloc(sizeof(*storage) * mx);
+        if (storage != NULL)
+            for (i = 0; i < mx; i++)
+                storage[i] = sk_EX_CALLBACK_value(ip->meth, i);
+    }
+    CRYPTO_THREAD_unlock(ex_data_lock);
+
+    for (i = 0; i < mx; i++) {
+        if (storage != NULL)
+            f = storage[i];
+        else {
+            CRYPTO_THREAD_write_lock(ex_data_lock);
+            f = sk_EX_CALLBACK_value(ip->meth, i);
+            CRYPTO_THREAD_unlock(ex_data_lock);
+        }
+        if (f != NULL && f->free_func != NULL) {
+            ptr = CRYPTO_get_ex_data(ad, i);
+            f->free_func(obj, ptr, ad, i, f->argl, f->argp);
+        }
+    }
+
+    if (storage != stack)
+        OPENSSL_free(storage);
+ err:
+    sk_void_free(ad->sk);
+    ad->sk = NULL;
+}
+
+/*
+ * For a given CRYPTO_EX_DATA variable, set the value corresponding to a
+ * particular index in the class used by this variable
+ */
+int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val)
+{
+    int i;
+
+    if (ad->sk == NULL) {
+        if ((ad->sk = sk_void_new_null()) == NULL) {
+            CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+    }
+
+    for (i = sk_void_num(ad->sk); i <= idx; ++i) {
+        if (!sk_void_push(ad->sk, NULL)) {
+            CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+    }
+    sk_void_set(ad->sk, idx, val);
+    return 1;
+}
+
+/*
+ * For a given CRYPTO_EX_DATA_ variable, get the value corresponding to a
+ * particular index in the class used by this variable
+ */
+void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx)
+{
+    if (ad->sk == NULL || idx >= sk_void_num(ad->sk))
+        return NULL;
+    return sk_void_value(ad->sk, idx);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/getenv.c b/trunk/3rdparty/openssl-1.1-fit/crypto/getenv.c
new file mode 100644
index 000000000..7e98b645b
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/getenv.c
@@ -0,0 +1,31 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef _GNU_SOURCE
+# define _GNU_SOURCE
+#endif
+
+#include <stdlib.h>
+#include "internal/cryptlib.h"
+
+char *ossl_safe_getenv(const char *name)
+{
+#if defined(__GLIBC__) && defined(__GLIBC_PREREQ)
+# if __GLIBC_PREREQ(2, 17)
+#  define SECURE_GETENV
+    return secure_getenv(name);
+# endif
+#endif
+
+#ifndef SECURE_GETENV
+    if (OPENSSL_issetugid())
+        return NULL;
+    return getenv(name);
+#endif
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/hmac/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/hmac/build.info
new file mode 100644
index 000000000..09f67c2a0
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/hmac/build.info
@@ -0,0 +1,3 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        hmac.c hm_ameth.c hm_pmeth.c
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/hmac/hm_ameth.c b/trunk/3rdparty/openssl-1.1-fit/crypto/hmac/hm_ameth.c
new file mode 100644
index 000000000..fa204e906
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/hmac/hm_ameth.c
@@ -0,0 +1,127 @@
+/*
+ * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
+
+/*
+ * HMAC "ASN1" method. This is just here to indicate the maximum HMAC output
+ * length and to free up an HMAC key.
+ */
+
+static int hmac_size(const EVP_PKEY *pkey)
+{
+    return EVP_MAX_MD_SIZE;
+}
+
+static void hmac_key_free(EVP_PKEY *pkey)
+{
+    ASN1_OCTET_STRING *os = EVP_PKEY_get0(pkey);
+    if (os) {
+        if (os->data)
+            OPENSSL_cleanse(os->data, os->length);
+        ASN1_OCTET_STRING_free(os);
+    }
+}
+
+static int hmac_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+{
+    switch (op) {
+    case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
+        *(int *)arg2 = NID_sha256;
+        return 1;
+
+    default:
+        return -2;
+    }
+}
+
+static int hmac_pkey_public_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+    return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b));
+}
+
+static int hmac_set_priv_key(EVP_PKEY *pkey, const unsigned char *priv,
+                             size_t len)
+{
+    ASN1_OCTET_STRING *os;
+
+    if (pkey->pkey.ptr != NULL)
+        return 0;
+
+    os = ASN1_OCTET_STRING_new();
+    if (os == NULL)
+        return 0;
+
+
+    if (!ASN1_OCTET_STRING_set(os, priv, len)) {
+        ASN1_OCTET_STRING_free(os);
+        return 0;
+    }
+
+    pkey->pkey.ptr = os;
+    return 1;
+}
+
+static int hmac_get_priv_key(const EVP_PKEY *pkey, unsigned char *priv,
+                             size_t *len)
+{
+    ASN1_OCTET_STRING *os = (ASN1_OCTET_STRING *)pkey->pkey.ptr;
+
+    if (priv == NULL) {
+        *len = ASN1_STRING_length(os);
+        return 1;
+    }
+
+    if (os == NULL || *len < (size_t)ASN1_STRING_length(os))
+        return 0;
+
+    *len = ASN1_STRING_length(os);
+    memcpy(priv, ASN1_STRING_get0_data(os), *len);
+
+    return 1;
+}
+
+const EVP_PKEY_ASN1_METHOD hmac_asn1_meth = {
+    EVP_PKEY_HMAC,
+    EVP_PKEY_HMAC,
+    0,
+
+    "HMAC",
+    "OpenSSL HMAC method",
+
+    0, 0, hmac_pkey_public_cmp, 0,
+
+    0, 0, 0,
+
+    hmac_size,
+    0, 0,
+    0, 0, 0, 0, 0, 0, 0,
+
+    hmac_key_free,
+    hmac_pkey_ctrl,
+    NULL,
+    NULL,
+
+    NULL,
+    NULL,
+    NULL,
+
+    NULL,
+    NULL,
+    NULL,
+
+    hmac_set_priv_key,
+    NULL,
+    hmac_get_priv_key,
+    NULL,
+};
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/hmac/hm_pmeth.c b/trunk/3rdparty/openssl-1.1-fit/crypto/hmac/hm_pmeth.c
new file mode 100644
index 000000000..55dd27d63
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/hmac/hm_pmeth.c
@@ -0,0 +1,212 @@
+/*
+ * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/err.h>
+#include "internal/evp_int.h"
+
+/* HMAC pkey context structure */
+
+typedef struct {
+    const EVP_MD *md;           /* MD for HMAC use */
+    ASN1_OCTET_STRING ktmp;     /* Temp storage for key */
+    HMAC_CTX *ctx;
+} HMAC_PKEY_CTX;
+
+static int pkey_hmac_init(EVP_PKEY_CTX *ctx)
+{
+    HMAC_PKEY_CTX *hctx;
+
+    if ((hctx = OPENSSL_zalloc(sizeof(*hctx))) == NULL) {
+        CRYPTOerr(CRYPTO_F_PKEY_HMAC_INIT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    hctx->ktmp.type = V_ASN1_OCTET_STRING;
+    hctx->ctx = HMAC_CTX_new();
+    if (hctx->ctx == NULL) {
+        OPENSSL_free(hctx);
+        return 0;
+    }
+
+    ctx->data = hctx;
+    ctx->keygen_info_count = 0;
+
+    return 1;
+}
+
+static void pkey_hmac_cleanup(EVP_PKEY_CTX *ctx);
+
+static int pkey_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
+{
+    HMAC_PKEY_CTX *sctx, *dctx;
+
+    /* allocate memory for dst->data and a new HMAC_CTX in dst->data->ctx */
+    if (!pkey_hmac_init(dst))
+        return 0;
+    sctx = EVP_PKEY_CTX_get_data(src);
+    dctx = EVP_PKEY_CTX_get_data(dst);
+    dctx->md = sctx->md;
+    if (!HMAC_CTX_copy(dctx->ctx, sctx->ctx))
+        goto err;
+    if (sctx->ktmp.data) {
+        if (!ASN1_OCTET_STRING_set(&dctx->ktmp,
+                                   sctx->ktmp.data, sctx->ktmp.length))
+            goto err;
+    }
+    return 1;
+err:
+    /* release HMAC_CTX in dst->data->ctx and memory allocated for dst->data */
+    pkey_hmac_cleanup (dst);
+    return 0;
+}
+
+static void pkey_hmac_cleanup(EVP_PKEY_CTX *ctx)
+{
+    HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
+
+    if (hctx != NULL) {
+        HMAC_CTX_free(hctx->ctx);
+        OPENSSL_clear_free(hctx->ktmp.data, hctx->ktmp.length);
+        OPENSSL_free(hctx);
+        EVP_PKEY_CTX_set_data(ctx, NULL);
+    }
+}
+
+static int pkey_hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+    ASN1_OCTET_STRING *hkey = NULL;
+    HMAC_PKEY_CTX *hctx = ctx->data;
+    if (!hctx->ktmp.data)
+        return 0;
+    hkey = ASN1_OCTET_STRING_dup(&hctx->ktmp);
+    if (!hkey)
+        return 0;
+    EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, hkey);
+
+    return 1;
+}
+
+static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    HMAC_PKEY_CTX *hctx = EVP_MD_CTX_pkey_ctx(ctx)->data;
+    if (!HMAC_Update(hctx->ctx, data, count))
+        return 0;
+    return 1;
+}
+
+static int hmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
+{
+    HMAC_PKEY_CTX *hctx = ctx->data;
+    HMAC_CTX_set_flags(hctx->ctx,
+                       EVP_MD_CTX_test_flags(mctx, ~EVP_MD_CTX_FLAG_NO_INIT));
+    EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT);
+    EVP_MD_CTX_set_update_fn(mctx, int_update);
+    return 1;
+}
+
+static int hmac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                        EVP_MD_CTX *mctx)
+{
+    unsigned int hlen;
+    HMAC_PKEY_CTX *hctx = ctx->data;
+    int l = EVP_MD_CTX_size(mctx);
+
+    if (l < 0)
+        return 0;
+    *siglen = l;
+    if (!sig)
+        return 1;
+
+    if (!HMAC_Final(hctx->ctx, sig, &hlen))
+        return 0;
+    *siglen = (size_t)hlen;
+    return 1;
+}
+
+static int pkey_hmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    HMAC_PKEY_CTX *hctx = ctx->data;
+    ASN1_OCTET_STRING *key;
+    switch (type) {
+
+    case EVP_PKEY_CTRL_SET_MAC_KEY:
+        if ((!p2 && p1 > 0) || (p1 < -1))
+            return 0;
+        if (!ASN1_OCTET_STRING_set(&hctx->ktmp, p2, p1))
+            return 0;
+        break;
+
+    case EVP_PKEY_CTRL_MD:
+        hctx->md = p2;
+        break;
+
+    case EVP_PKEY_CTRL_DIGESTINIT:
+        key = (ASN1_OCTET_STRING *)ctx->pkey->pkey.ptr;
+        if (!HMAC_Init_ex(hctx->ctx, key->data, key->length, hctx->md,
+                          ctx->engine))
+            return 0;
+        break;
+
+    default:
+        return -2;
+
+    }
+    return 1;
+}
+
+static int pkey_hmac_ctrl_str(EVP_PKEY_CTX *ctx,
+                              const char *type, const char *value)
+{
+    if (!value) {
+        return 0;
+    }
+    if (strcmp(type, "key") == 0)
+        return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value);
+    if (strcmp(type, "hexkey") == 0)
+        return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value);
+    return -2;
+}
+
+const EVP_PKEY_METHOD hmac_pkey_meth = {
+    EVP_PKEY_HMAC,
+    0,
+    pkey_hmac_init,
+    pkey_hmac_copy,
+    pkey_hmac_cleanup,
+
+    0, 0,
+
+    0,
+    pkey_hmac_keygen,
+
+    0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    hmac_signctx_init,
+    hmac_signctx,
+
+    0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    pkey_hmac_ctrl,
+    pkey_hmac_ctrl_str
+};
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/hmac/hmac.c b/trunk/3rdparty/openssl-1.1-fit/crypto/hmac/hmac.c
new file mode 100644
index 000000000..e4031b44a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/hmac/hmac.c
@@ -0,0 +1,247 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "internal/cryptlib.h"
+#include <openssl/hmac.h>
+#include <openssl/opensslconf.h>
+#include "hmac_lcl.h"
+
+int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
+                 const EVP_MD *md, ENGINE *impl)
+{
+    int rv = 0;
+    int i, j, reset = 0;
+    unsigned char pad[HMAC_MAX_MD_CBLOCK_SIZE];
+
+    /* If we are changing MD then we must have a key */
+    if (md != NULL && md != ctx->md && (key == NULL || len < 0))
+        return 0;
+
+    if (md != NULL) {
+        reset = 1;
+        ctx->md = md;
+    } else if (ctx->md) {
+        md = ctx->md;
+    } else {
+        return 0;
+    }
+
+    if (key != NULL) {
+        reset = 1;
+        j = EVP_MD_block_size(md);
+        if (!ossl_assert(j <= (int)sizeof(ctx->key)))
+            return 0;
+        if (j < len) {
+            if (!EVP_DigestInit_ex(ctx->md_ctx, md, impl)
+                    || !EVP_DigestUpdate(ctx->md_ctx, key, len)
+                    || !EVP_DigestFinal_ex(ctx->md_ctx, ctx->key,
+                                           &ctx->key_length))
+                return 0;
+        } else {
+            if (len < 0 || len > (int)sizeof(ctx->key))
+                return 0;
+            memcpy(ctx->key, key, len);
+            ctx->key_length = len;
+        }
+        if (ctx->key_length != HMAC_MAX_MD_CBLOCK_SIZE)
+            memset(&ctx->key[ctx->key_length], 0,
+                   HMAC_MAX_MD_CBLOCK_SIZE - ctx->key_length);
+    }
+
+    if (reset) {
+        for (i = 0; i < HMAC_MAX_MD_CBLOCK_SIZE; i++)
+            pad[i] = 0x36 ^ ctx->key[i];
+        if (!EVP_DigestInit_ex(ctx->i_ctx, md, impl)
+                || !EVP_DigestUpdate(ctx->i_ctx, pad, EVP_MD_block_size(md)))
+            goto err;
+
+        for (i = 0; i < HMAC_MAX_MD_CBLOCK_SIZE; i++)
+            pad[i] = 0x5c ^ ctx->key[i];
+        if (!EVP_DigestInit_ex(ctx->o_ctx, md, impl)
+                || !EVP_DigestUpdate(ctx->o_ctx, pad, EVP_MD_block_size(md)))
+            goto err;
+    }
+    if (!EVP_MD_CTX_copy_ex(ctx->md_ctx, ctx->i_ctx))
+        goto err;
+    rv = 1;
+ err:
+    if (reset)
+        OPENSSL_cleanse(pad, sizeof(pad));
+    return rv;
+}
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md)
+{
+    if (key && md)
+        HMAC_CTX_reset(ctx);
+    return HMAC_Init_ex(ctx, key, len, md, NULL);
+}
+#endif
+
+int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
+{
+    if (!ctx->md)
+        return 0;
+    return EVP_DigestUpdate(ctx->md_ctx, data, len);
+}
+
+int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
+{
+    unsigned int i;
+    unsigned char buf[EVP_MAX_MD_SIZE];
+
+    if (!ctx->md)
+        goto err;
+
+    if (!EVP_DigestFinal_ex(ctx->md_ctx, buf, &i))
+        goto err;
+    if (!EVP_MD_CTX_copy_ex(ctx->md_ctx, ctx->o_ctx))
+        goto err;
+    if (!EVP_DigestUpdate(ctx->md_ctx, buf, i))
+        goto err;
+    if (!EVP_DigestFinal_ex(ctx->md_ctx, md, len))
+        goto err;
+    return 1;
+ err:
+    return 0;
+}
+
+size_t HMAC_size(const HMAC_CTX *ctx)
+{
+    int size = EVP_MD_size((ctx)->md);
+
+    return (size < 0) ? 0 : size;
+}
+
+HMAC_CTX *HMAC_CTX_new(void)
+{
+    HMAC_CTX *ctx = OPENSSL_zalloc(sizeof(HMAC_CTX));
+
+    if (ctx != NULL) {
+        if (!HMAC_CTX_reset(ctx)) {
+            HMAC_CTX_free(ctx);
+            return NULL;
+        }
+    }
+    return ctx;
+}
+
+static void hmac_ctx_cleanup(HMAC_CTX *ctx)
+{
+    EVP_MD_CTX_reset(ctx->i_ctx);
+    EVP_MD_CTX_reset(ctx->o_ctx);
+    EVP_MD_CTX_reset(ctx->md_ctx);
+    ctx->md = NULL;
+    ctx->key_length = 0;
+    OPENSSL_cleanse(ctx->key, sizeof(ctx->key));
+}
+
+void HMAC_CTX_free(HMAC_CTX *ctx)
+{
+    if (ctx != NULL) {
+        hmac_ctx_cleanup(ctx);
+        EVP_MD_CTX_free(ctx->i_ctx);
+        EVP_MD_CTX_free(ctx->o_ctx);
+        EVP_MD_CTX_free(ctx->md_ctx);
+        OPENSSL_free(ctx);
+    }
+}
+
+static int hmac_ctx_alloc_mds(HMAC_CTX *ctx)
+{
+    if (ctx->i_ctx == NULL)
+        ctx->i_ctx = EVP_MD_CTX_new();
+    if (ctx->i_ctx == NULL)
+        return 0;
+    if (ctx->o_ctx == NULL)
+        ctx->o_ctx = EVP_MD_CTX_new();
+    if (ctx->o_ctx == NULL)
+        return 0;
+    if (ctx->md_ctx == NULL)
+        ctx->md_ctx = EVP_MD_CTX_new();
+    if (ctx->md_ctx == NULL)
+        return 0;
+    return 1;
+}
+
+int HMAC_CTX_reset(HMAC_CTX *ctx)
+{
+    hmac_ctx_cleanup(ctx);
+    if (!hmac_ctx_alloc_mds(ctx)) {
+        hmac_ctx_cleanup(ctx);
+        return 0;
+    }
+    return 1;
+}
+
+int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx)
+{
+    if (!hmac_ctx_alloc_mds(dctx))
+        goto err;
+    if (!EVP_MD_CTX_copy_ex(dctx->i_ctx, sctx->i_ctx))
+        goto err;
+    if (!EVP_MD_CTX_copy_ex(dctx->o_ctx, sctx->o_ctx))
+        goto err;
+    if (!EVP_MD_CTX_copy_ex(dctx->md_ctx, sctx->md_ctx))
+        goto err;
+    memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK_SIZE);
+    dctx->key_length = sctx->key_length;
+    dctx->md = sctx->md;
+    return 1;
+ err:
+    hmac_ctx_cleanup(dctx);
+    return 0;
+}
+
+unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
+                    const unsigned char *d, size_t n, unsigned char *md,
+                    unsigned int *md_len)
+{
+    HMAC_CTX *c = NULL;
+    static unsigned char m[EVP_MAX_MD_SIZE];
+    static const unsigned char dummy_key[1] = {'\0'};
+
+    if (md == NULL)
+        md = m;
+    if ((c = HMAC_CTX_new()) == NULL)
+        goto err;
+
+    /* For HMAC_Init_ex, NULL key signals reuse. */
+    if (key == NULL && key_len == 0) {
+        key = dummy_key;
+    }
+
+    if (!HMAC_Init_ex(c, key, key_len, evp_md, NULL))
+        goto err;
+    if (!HMAC_Update(c, d, n))
+        goto err;
+    if (!HMAC_Final(c, md, md_len))
+        goto err;
+    HMAC_CTX_free(c);
+    return md;
+ err:
+    HMAC_CTX_free(c);
+    return NULL;
+}
+
+void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)
+{
+    EVP_MD_CTX_set_flags(ctx->i_ctx, flags);
+    EVP_MD_CTX_set_flags(ctx->o_ctx, flags);
+    EVP_MD_CTX_set_flags(ctx->md_ctx, flags);
+}
+
+const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx)
+{
+    return ctx->md;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/hmac/hmac_lcl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/hmac/hmac_lcl.h
new file mode 100644
index 000000000..8fd834569
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/hmac/hmac_lcl.h
@@ -0,0 +1,25 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_HMAC_LCL_H
+# define HEADER_HMAC_LCL_H
+
+/* The current largest case is for SHA3-224 */
+#define HMAC_MAX_MD_CBLOCK_SIZE     144
+
+struct hmac_ctx_st {
+    const EVP_MD *md;
+    EVP_MD_CTX *md_ctx;
+    EVP_MD_CTX *i_ctx;
+    EVP_MD_CTX *o_ctx;
+    unsigned int key_length;
+    unsigned char key[HMAC_MAX_MD_CBLOCK_SIZE];
+};
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ia64cpuid.S b/trunk/3rdparty/openssl-1.1-fit/crypto/ia64cpuid.S
new file mode 100644
index 000000000..92c55124b
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ia64cpuid.S
@@ -0,0 +1,297 @@
+// Copyright 2004-2017 The OpenSSL Project Authors. All Rights Reserved.
+//
+// Licensed under the OpenSSL license (the "License").  You may not use
+// this file except in compliance with the License.  You can obtain a copy
+// in the file LICENSE in the source distribution or at
+// https://www.openssl.org/source/license.html
+// Works on all IA-64 platforms: Linux, HP-UX, Win64i...
+// On Win64i compile with ias.exe.
+.text
+
+#if defined(_HPUX_SOURCE) && !defined(_LP64)
+#define	ADDP	addp4
+#else
+#define	ADDP	add
+#endif
+
+.global	OPENSSL_cpuid_setup#
+.proc	OPENSSL_cpuid_setup#
+OPENSSL_cpuid_setup:
+{ .mib;	br.ret.sptk.many	b0		};;
+.endp	OPENSSL_cpuid_setup#
+
+.global	OPENSSL_rdtsc#
+.proc	OPENSSL_rdtsc#
+OPENSSL_rdtsc:
+{ .mib;	mov			r8=ar.itc
+	br.ret.sptk.many	b0		};;
+.endp   OPENSSL_rdtsc#
+
+.global	OPENSSL_atomic_add#
+.proc	OPENSSL_atomic_add#
+.align	32
+OPENSSL_atomic_add:
+{ .mii;	ld4		r2=[r32]
+	nop.i		0
+	nop.i		0		};;
+.Lspin:
+{ .mii;	mov		ar.ccv=r2
+	add		r8=r2,r33
+	mov		r3=r2		};;
+{ .mmi;	mf;;
+	cmpxchg4.acq	r2=[r32],r8,ar.ccv
+	nop.i		0		};;
+{ .mib;	cmp.ne		p6,p0=r2,r3
+	nop.i		0
+(p6)	br.dpnt		.Lspin		};;
+{ .mib;	nop.m		0
+	sxt4		r8=r8
+	br.ret.sptk.many	b0	};;
+.endp	OPENSSL_atomic_add#
+
+// Returns a structure comprising pointer to the top of stack of
+// the caller and pointer beyond backing storage for the current
+// register frame. The latter is required, because it might be
+// insufficient to wipe backing storage for the current frame
+// (as this procedure does), one might have to go further, toward
+// higher addresses to reach for whole "retroactively" saved
+// context...
+.global	OPENSSL_wipe_cpu#
+.proc	OPENSSL_wipe_cpu#
+.align	32
+OPENSSL_wipe_cpu:
+	.prologue
+	.fframe	0
+	.save	ar.pfs,r2
+	.save	ar.lc,r3
+{ .mib;	alloc		r2=ar.pfs,0,96,0,96
+	mov		r3=ar.lc
+	brp.loop.imp	.L_wipe_top,.L_wipe_end-16
+					};;
+{ .mii;	mov		r9=ar.bsp
+	mov		r8=pr
+	mov		ar.lc=96	};;
+	.body
+{ .mii;	add		r9=96*8-8,r9
+	mov		ar.ec=1		};;
+
+// One can sweep double as fast, but then we can't guarantee
+// that backing storage is wiped...
+.L_wipe_top:
+{ .mfi;	st8		[r9]=r0,-8
+	mov		f127=f0
+	mov		r127=r0		}
+{ .mfb;	nop.m		0
+	nop.f		0
+	br.ctop.sptk	.L_wipe_top	};;
+.L_wipe_end:
+
+{ .mfi;	mov		r11=r0
+	mov		f6=f0
+	mov		r14=r0		}
+{ .mfi;	mov		r15=r0
+	mov		f7=f0
+	mov		r16=r0		}
+{ .mfi;	mov		r17=r0
+	mov		f8=f0
+	mov		r18=r0		}
+{ .mfi;	mov		r19=r0
+	mov		f9=f0
+	mov		r20=r0		}
+{ .mfi;	mov		r21=r0
+	mov		f10=f0
+	mov		r22=r0		}
+{ .mfi;	mov		r23=r0
+	mov		f11=f0
+	mov		r24=r0		}
+{ .mfi;	mov		r25=r0
+	mov		f12=f0
+	mov		r26=r0		}
+{ .mfi;	mov		r27=r0
+	mov		f13=f0
+	mov		r28=r0		}
+{ .mfi;	mov		r29=r0
+	mov		f14=f0
+	mov		r30=r0		}
+{ .mfi;	mov		r31=r0
+	mov		f15=f0
+	nop.i		0		}
+{ .mfi;	mov		f16=f0		}
+{ .mfi;	mov		f17=f0		}
+{ .mfi;	mov		f18=f0		}
+{ .mfi;	mov		f19=f0		}
+{ .mfi;	mov		f20=f0		}
+{ .mfi;	mov		f21=f0		}
+{ .mfi;	mov		f22=f0		}
+{ .mfi;	mov		f23=f0		}
+{ .mfi;	mov		f24=f0		}
+{ .mfi;	mov		f25=f0		}
+{ .mfi;	mov		f26=f0		}
+{ .mfi;	mov		f27=f0		}
+{ .mfi;	mov		f28=f0		}
+{ .mfi;	mov		f29=f0		}
+{ .mfi;	mov		f30=f0		}
+{ .mfi;	add		r9=96*8+8,r9
+	mov		f31=f0
+	mov		pr=r8,0x1ffff	}
+{ .mib;	mov		r8=sp
+	mov		ar.lc=r3
+	br.ret.sptk	b0		};;
+.endp	OPENSSL_wipe_cpu#
+
+.global	OPENSSL_cleanse#
+.proc	OPENSSL_cleanse#
+OPENSSL_cleanse:
+{ .mib;	cmp.eq		p6,p0=0,r33	    // len==0
+	ADDP		r32=0,r32
+(p6)	br.ret.spnt	b0		};;
+{ .mib;	and		r2=7,r32
+	cmp.leu		p6,p0=15,r33	    // len>=15
+(p6)	br.cond.dptk	.Lot		};;
+
+.Little:
+{ .mib;	st1		[r32]=r0,1
+	cmp.ltu		p6,p7=1,r33	}  // len>1
+{ .mbb;	add		r33=-1,r33	   // len--
+(p6)	br.cond.dptk	.Little
+(p7)	br.ret.sptk.many	b0	};;
+
+.Lot:
+{ .mib;	cmp.eq		p6,p0=0,r2
+(p6)	br.cond.dptk	.Laligned	};;
+{ .mmi;	st1		[r32]=r0,1;;
+	and		r2=7,r32	}
+{ .mib;	add		r33=-1,r33
+	br		.Lot		};;
+
+.Laligned:
+{ .mmi;	st8		[r32]=r0,8
+	and		r2=-8,r33	    // len&~7
+	add		r33=-8,r33	};; // len-=8
+{ .mib;	cmp.ltu		p6,p0=8,r2	    // ((len+8)&~7)>8
+(p6)	br.cond.dptk	.Laligned	};;
+
+{ .mbb;	cmp.eq		p6,p7=r0,r33
+(p7)	br.cond.dpnt	.Little
+(p6)	br.ret.sptk.many	b0	};;
+.endp	OPENSSL_cleanse#
+
+.global	CRYPTO_memcmp#
+.proc	CRYPTO_memcmp#
+.align	32
+.skip	16
+CRYPTO_memcmp:
+	.prologue
+{ .mib;	mov		r8=0
+	cmp.eq		p6,p0=0,r34	    // len==0?
+(p6)	br.ret.spnt	b0		};;
+	.save		ar.pfs,r2
+{ .mib;	alloc		r2=ar.pfs,3,5,0,8
+	.save		ar.lc,r3
+	mov		r3=ar.lc
+	brp.loop.imp	.Loop_cmp_ctop,.Loop_cmp_cend-16
+					}
+{ .mib;	sub		r10=r34,r0,1
+	.save		pr,r9
+	mov		r9=pr		};;
+{ .mii;	ADDP		r16=0,r32
+	mov		ar.lc=r10
+	mov		ar.ec=4		}
+{ .mib;	ADDP		r17=0,r33
+	mov		pr.rot=1<<16	};;
+
+.Loop_cmp_ctop:
+{ .mib;	(p16)	ld1	r32=[r16],1
+	(p18)	xor	r34=r34,r38	}
+{ .mib;	(p16)	ld1	r36=[r17],1
+	(p19)	or	r8=r8,r35
+	br.ctop.sptk	.Loop_cmp_ctop	};;
+.Loop_cmp_cend:
+
+{ .mib;	cmp.ne		p6,p0=0,r8
+	mov		ar.lc=r3	};;
+{ .mib;
+(p6)	mov		r8=1
+	mov		pr=r9,0x1ffff
+	br.ret.sptk.many	b0	};;
+.endp	CRYPTO_memcmp#
+
+.global	OPENSSL_instrument_bus#
+.proc	OPENSSL_instrument_bus#
+OPENSSL_instrument_bus:
+{ .mmi;	mov		r2=r33
+	ADDP		r32=0,r32	}
+{ .mmi;	mov		r8=ar.itc;;
+	mov		r10=r0
+	mov		r9=r8		};;
+
+{ .mmi;	fc		r32;;
+	ld4		r8=[r32]	};;
+{ .mmi;	mf
+	mov		ar.ccv=r8
+	add		r8=r8,r10	};;
+{ .mmi;	cmpxchg4.acq	r3=[r32],r8,ar.ccv
+					};;
+.Loop:
+{ .mmi;	mov		r8=ar.itc;;
+	sub		r10=r8,r9		// diff=tick-lasttick
+	mov		r9=r8		};;	// lasttick=tick
+{ .mmi;	fc		r32;;
+	ld4		r8=[r32]	};;
+{ .mmi;	mf
+	mov		ar.ccv=r8
+	add		r8=r8,r10	};;
+{ .mmi;	cmpxchg4.acq	r3=[r32],r8,ar.ccv
+	add		r33=-1,r33
+	add		r32=4,r32	};;
+{ .mib;	cmp4.ne		p6,p0=0,r33
+(p6)	br.cond.dptk	.Loop		};;
+
+{ .mib;	sub		r8=r2,r33
+	br.ret.sptk.many	b0	};;
+.endp	OPENSSL_instrument_bus#
+
+.global	OPENSSL_instrument_bus2#
+.proc	OPENSSL_instrument_bus2#
+OPENSSL_instrument_bus2:
+{ .mmi;	mov		r2=r33			// put aside cnt
+	ADDP		r32=0,r32	}
+{ .mmi;	mov		r8=ar.itc;;
+	mov		r10=r0
+	mov		r9=r8		};;
+
+{ .mmi;	fc		r32;;
+	ld4		r8=[r32]	};;
+{ .mmi;	mf
+	mov		ar.ccv=r8
+	add		r8=r8,r10	};;
+{ .mmi;	cmpxchg4.acq	r3=[r32],r8,ar.ccv
+					};;
+
+{ .mmi;	mov		r8=ar.itc;;
+	sub		r10=r8,r9
+	mov		r9=r8		};;
+.Loop2:
+{ .mmi;	mov		r11=r10			// lastdiff=diff
+	add		r34=-1,r34	};;	// --max
+{ .mmi;	fc		r32;;
+	ld4		r8=[r32]
+	cmp4.eq		p6,p0=0,r34	};;
+{ .mmi;	mf
+	mov		ar.ccv=r8
+	add		r8=r8,r10	};;
+{ .mmb;	cmpxchg4.acq	r3=[r32],r8,ar.ccv
+(p6)	br.cond.spnt	.Ldone2		};;
+
+{ .mmi;	mov		r8=ar.itc;;
+	sub		r10=r8,r9		// diff=tick-lasttick
+	mov		r9=r8		};;	// lasttick=tick
+{ .mmi;	cmp.ne		p6,p0=r10,r11;;		// diff!=lastdiff
+(p6)	add		r33=-1,r33	};;	// conditional --cnt
+{ .mib;	cmp4.ne		p7,p0=0,r33
+(p6)	add		r32=4,r32		// conditional ++out
+(p7)	br.cond.dptk	.Loop2		};;
+.Ldone2:
+{ .mib;	sub		r8=r2,r33
+	br.ret.sptk.many	b0	};;
+.endp	OPENSSL_instrument_bus2#
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/idea/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/idea/build.info
new file mode 100644
index 000000000..232612379
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/idea/build.info
@@ -0,0 +1,3 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c i_skey.c
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/idea/i_cbc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/idea/i_cbc.c
new file mode 100644
index 000000000..a70a8682a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/idea/i_cbc.c
@@ -0,0 +1,122 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/idea.h>
+#include "idea_lcl.h"
+
+void IDEA_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                      long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,
+                      int encrypt)
+{
+    register unsigned long tin0, tin1;
+    register unsigned long tout0, tout1, xor0, xor1;
+    register long l = length;
+    unsigned long tin[2];
+
+    if (encrypt) {
+        n2l(iv, tout0);
+        n2l(iv, tout1);
+        iv -= 8;
+        for (l -= 8; l >= 0; l -= 8) {
+            n2l(in, tin0);
+            n2l(in, tin1);
+            tin0 ^= tout0;
+            tin1 ^= tout1;
+            tin[0] = tin0;
+            tin[1] = tin1;
+            IDEA_encrypt(tin, ks);
+            tout0 = tin[0];
+            l2n(tout0, out);
+            tout1 = tin[1];
+            l2n(tout1, out);
+        }
+        if (l != -8) {
+            n2ln(in, tin0, tin1, l + 8);
+            tin0 ^= tout0;
+            tin1 ^= tout1;
+            tin[0] = tin0;
+            tin[1] = tin1;
+            IDEA_encrypt(tin, ks);
+            tout0 = tin[0];
+            l2n(tout0, out);
+            tout1 = tin[1];
+            l2n(tout1, out);
+        }
+        l2n(tout0, iv);
+        l2n(tout1, iv);
+    } else {
+        n2l(iv, xor0);
+        n2l(iv, xor1);
+        iv -= 8;
+        for (l -= 8; l >= 0; l -= 8) {
+            n2l(in, tin0);
+            tin[0] = tin0;
+            n2l(in, tin1);
+            tin[1] = tin1;
+            IDEA_encrypt(tin, ks);
+            tout0 = tin[0] ^ xor0;
+            tout1 = tin[1] ^ xor1;
+            l2n(tout0, out);
+            l2n(tout1, out);
+            xor0 = tin0;
+            xor1 = tin1;
+        }
+        if (l != -8) {
+            n2l(in, tin0);
+            tin[0] = tin0;
+            n2l(in, tin1);
+            tin[1] = tin1;
+            IDEA_encrypt(tin, ks);
+            tout0 = tin[0] ^ xor0;
+            tout1 = tin[1] ^ xor1;
+            l2nn(tout0, tout1, out, l + 8);
+            xor0 = tin0;
+            xor1 = tin1;
+        }
+        l2n(xor0, iv);
+        l2n(xor1, iv);
+    }
+    tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
+    tin[0] = tin[1] = 0;
+}
+
+void IDEA_encrypt(unsigned long *d, IDEA_KEY_SCHEDULE *key)
+{
+    register IDEA_INT *p;
+    register unsigned long x1, x2, x3, x4, t0, t1, ul;
+
+    x2 = d[0];
+    x1 = (x2 >> 16);
+    x4 = d[1];
+    x3 = (x4 >> 16);
+
+    p = &(key->data[0][0]);
+
+    E_IDEA(0);
+    E_IDEA(1);
+    E_IDEA(2);
+    E_IDEA(3);
+    E_IDEA(4);
+    E_IDEA(5);
+    E_IDEA(6);
+    E_IDEA(7);
+
+    x1 &= 0xffff;
+    idea_mul(x1, x1, *p, ul);
+    p++;
+
+    t0 = x3 + *(p++);
+    t1 = x2 + *(p++);
+
+    x4 &= 0xffff;
+    idea_mul(x4, x4, *p, ul);
+
+    d[0] = (t0 & 0xffff) | ((x1 & 0xffff) << 16);
+    d[1] = (x4 & 0xffff) | ((t1 & 0xffff) << 16);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/idea/i_cfb64.c b/trunk/3rdparty/openssl-1.1-fit/crypto/idea/i_cfb64.c
new file mode 100644
index 000000000..daf467eb5
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/idea/i_cfb64.c
@@ -0,0 +1,74 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/idea.h>
+#include "idea_lcl.h"
+
+/*
+ * The input and output encrypted as though 64bit cfb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+
+void IDEA_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                        long length, IDEA_KEY_SCHEDULE *schedule,
+                        unsigned char *ivec, int *num, int encrypt)
+{
+    register unsigned long v0, v1, t;
+    register int n = *num;
+    register long l = length;
+    unsigned long ti[2];
+    unsigned char *iv, c, cc;
+
+    iv = (unsigned char *)ivec;
+    if (encrypt) {
+        while (l--) {
+            if (n == 0) {
+                n2l(iv, v0);
+                ti[0] = v0;
+                n2l(iv, v1);
+                ti[1] = v1;
+                IDEA_encrypt((unsigned long *)ti, schedule);
+                iv = (unsigned char *)ivec;
+                t = ti[0];
+                l2n(t, iv);
+                t = ti[1];
+                l2n(t, iv);
+                iv = (unsigned char *)ivec;
+            }
+            c = *(in++) ^ iv[n];
+            *(out++) = c;
+            iv[n] = c;
+            n = (n + 1) & 0x07;
+        }
+    } else {
+        while (l--) {
+            if (n == 0) {
+                n2l(iv, v0);
+                ti[0] = v0;
+                n2l(iv, v1);
+                ti[1] = v1;
+                IDEA_encrypt((unsigned long *)ti, schedule);
+                iv = (unsigned char *)ivec;
+                t = ti[0];
+                l2n(t, iv);
+                t = ti[1];
+                l2n(t, iv);
+                iv = (unsigned char *)ivec;
+            }
+            cc = *(in++);
+            c = iv[n];
+            iv[n] = cc;
+            *(out++) = c ^ cc;
+            n = (n + 1) & 0x07;
+        }
+    }
+    v0 = v1 = ti[0] = ti[1] = t = c = cc = 0;
+    *num = n;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/idea/i_ecb.c b/trunk/3rdparty/openssl-1.1-fit/crypto/idea/i_ecb.c
new file mode 100644
index 000000000..058d0c14c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/idea/i_ecb.c
@@ -0,0 +1,34 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/idea.h>
+#include "idea_lcl.h"
+#include <openssl/opensslv.h>
+
+const char *IDEA_options(void)
+{
+    return "idea(int)";
+}
+
+void IDEA_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                      IDEA_KEY_SCHEDULE *ks)
+{
+    unsigned long l0, l1, d[2];
+
+    n2l(in, l0);
+    d[0] = l0;
+    n2l(in, l1);
+    d[1] = l1;
+    IDEA_encrypt(d, ks);
+    l0 = d[0];
+    l2n(l0, out);
+    l1 = d[1];
+    l2n(l1, out);
+    l0 = l1 = d[0] = d[1] = 0;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/idea/i_ofb64.c b/trunk/3rdparty/openssl-1.1-fit/crypto/idea/i_ofb64.c
new file mode 100644
index 000000000..997a7b88e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/idea/i_ofb64.c
@@ -0,0 +1,61 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/idea.h>
+#include "idea_lcl.h"
+
+/*
+ * The input and output encrypted as though 64bit ofb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+void IDEA_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                        long length, IDEA_KEY_SCHEDULE *schedule,
+                        unsigned char *ivec, int *num)
+{
+    register unsigned long v0, v1, t;
+    register int n = *num;
+    register long l = length;
+    unsigned char d[8];
+    register char *dp;
+    unsigned long ti[2];
+    unsigned char *iv;
+    int save = 0;
+
+    iv = (unsigned char *)ivec;
+    n2l(iv, v0);
+    n2l(iv, v1);
+    ti[0] = v0;
+    ti[1] = v1;
+    dp = (char *)d;
+    l2n(v0, dp);
+    l2n(v1, dp);
+    while (l--) {
+        if (n == 0) {
+            IDEA_encrypt((unsigned long *)ti, schedule);
+            dp = (char *)d;
+            t = ti[0];
+            l2n(t, dp);
+            t = ti[1];
+            l2n(t, dp);
+            save++;
+        }
+        *(out++) = *(in++) ^ d[n];
+        n = (n + 1) & 0x07;
+    }
+    if (save) {
+        v0 = ti[0];
+        v1 = ti[1];
+        iv = (unsigned char *)ivec;
+        l2n(v0, iv);
+        l2n(v1, iv);
+    }
+    t = v0 = v1 = ti[0] = ti[1] = 0;
+    *num = n;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/idea/i_skey.c b/trunk/3rdparty/openssl-1.1-fit/crypto/idea/i_skey.c
new file mode 100644
index 000000000..9d9145580
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/idea/i_skey.c
@@ -0,0 +1,112 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/idea.h>
+#include "idea_lcl.h"
+
+static IDEA_INT inverse(unsigned int xin);
+void IDEA_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks)
+{
+    int i;
+    register IDEA_INT *kt, *kf, r0, r1, r2;
+
+    kt = &(ks->data[0][0]);
+    n2s(key, kt[0]);
+    n2s(key, kt[1]);
+    n2s(key, kt[2]);
+    n2s(key, kt[3]);
+    n2s(key, kt[4]);
+    n2s(key, kt[5]);
+    n2s(key, kt[6]);
+    n2s(key, kt[7]);
+
+    kf = kt;
+    kt += 8;
+    for (i = 0; i < 6; i++) {
+        r2 = kf[1];
+        r1 = kf[2];
+        *(kt++) = ((r2 << 9) | (r1 >> 7)) & 0xffff;
+        r0 = kf[3];
+        *(kt++) = ((r1 << 9) | (r0 >> 7)) & 0xffff;
+        r1 = kf[4];
+        *(kt++) = ((r0 << 9) | (r1 >> 7)) & 0xffff;
+        r0 = kf[5];
+        *(kt++) = ((r1 << 9) | (r0 >> 7)) & 0xffff;
+        r1 = kf[6];
+        *(kt++) = ((r0 << 9) | (r1 >> 7)) & 0xffff;
+        r0 = kf[7];
+        *(kt++) = ((r1 << 9) | (r0 >> 7)) & 0xffff;
+        r1 = kf[0];
+        if (i >= 5)
+            break;
+        *(kt++) = ((r0 << 9) | (r1 >> 7)) & 0xffff;
+        *(kt++) = ((r1 << 9) | (r2 >> 7)) & 0xffff;
+        kf += 8;
+    }
+}
+
+void IDEA_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk)
+{
+    int r;
+    register IDEA_INT *fp, *tp, t;
+
+    tp = &(dk->data[0][0]);
+    fp = &(ek->data[8][0]);
+    for (r = 0; r < 9; r++) {
+        *(tp++) = inverse(fp[0]);
+        *(tp++) = ((int)(0x10000L - fp[2]) & 0xffff);
+        *(tp++) = ((int)(0x10000L - fp[1]) & 0xffff);
+        *(tp++) = inverse(fp[3]);
+        if (r == 8)
+            break;
+        fp -= 6;
+        *(tp++) = fp[4];
+        *(tp++) = fp[5];
+    }
+
+    tp = &(dk->data[0][0]);
+    t = tp[1];
+    tp[1] = tp[2];
+    tp[2] = t;
+
+    t = tp[49];
+    tp[49] = tp[50];
+    tp[50] = t;
+}
+
+/* taken directly from the 'paper' I'll have a look at it later */
+static IDEA_INT inverse(unsigned int xin)
+{
+    long n1, n2, q, r, b1, b2, t;
+
+    if (xin == 0)
+        b2 = 0;
+    else {
+        n1 = 0x10001;
+        n2 = xin;
+        b2 = 1;
+        b1 = 0;
+
+        do {
+            r = (n1 % n2);
+            q = (n1 - r) / n2;
+            if (r == 0) {
+                if (b2 < 0)
+                    b2 = 0x10001 + b2;
+            } else {
+                n1 = n2;
+                n2 = r;
+                t = b2;
+                b2 = b1 - q * b2;
+                b1 = t;
+            }
+        } while (r != 0);
+    }
+    return (IDEA_INT)b2;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/idea/idea_lcl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/idea/idea_lcl.h
new file mode 100644
index 000000000..50f81dfd8
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/idea/idea_lcl.h
@@ -0,0 +1,102 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#define idea_mul(r,a,b,ul) \
+ul=(unsigned long)a*b; \
+if (ul != 0) \
+        { \
+        r=(ul&0xffff)-(ul>>16); \
+        r-=((r)>>16); \
+        } \
+else \
+        r=(-(int)a-b+1);        /* assuming a or b is 0 and in range */
+
+/* NOTE - c is not incremented as per n2l */
+#define n2ln(c,l1,l2,n) { \
+                        c+=n; \
+                        l1=l2=0; \
+                        switch (n) { \
+                        case 8: l2 =((unsigned long)(*(--(c))))    ; \
+                        /* fall thru */                              \
+                        case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
+                        /* fall thru */                              \
+                        case 6: l2|=((unsigned long)(*(--(c))))<<16; \
+                        /* fall thru */                              \
+                        case 5: l2|=((unsigned long)(*(--(c))))<<24; \
+                        /* fall thru */                              \
+                        case 4: l1 =((unsigned long)(*(--(c))))    ; \
+                        /* fall thru */                              \
+                        case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
+                        /* fall thru */                              \
+                        case 2: l1|=((unsigned long)(*(--(c))))<<16; \
+                        /* fall thru */                              \
+                        case 1: l1|=((unsigned long)(*(--(c))))<<24; \
+                                } \
+                        }
+
+/* NOTE - c is not incremented as per l2n */
+#define l2nn(l1,l2,c,n) { \
+                        c+=n; \
+                        switch (n) { \
+                        case 8: *(--(c))=(unsigned char)(((l2)    )&0xff); \
+                        /* fall thru */                                    \
+                        case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
+                        /* fall thru */                                    \
+                        case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
+                        /* fall thru */                                    \
+                        case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
+                        /* fall thru */                                    \
+                        case 4: *(--(c))=(unsigned char)(((l1)    )&0xff); \
+                        /* fall thru */                                    \
+                        case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
+                        /* fall thru */                                    \
+                        case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
+                        /* fall thru */                                    \
+                        case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
+                                } \
+                        }
+
+#undef n2l
+#define n2l(c,l)        (l =((unsigned long)(*((c)++)))<<24L, \
+                         l|=((unsigned long)(*((c)++)))<<16L, \
+                         l|=((unsigned long)(*((c)++)))<< 8L, \
+                         l|=((unsigned long)(*((c)++))))
+
+#undef l2n
+#define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)     )&0xff))
+
+#undef s2n
+#define s2n(l,c)        (*((c)++)=(unsigned char)(((l)     )&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff))
+
+#undef n2s
+#define n2s(c,l)        (l =((IDEA_INT)(*((c)++)))<< 8L, \
+                         l|=((IDEA_INT)(*((c)++)))      )
+
+
+#define E_IDEA(num) \
+        x1&=0xffff; \
+        idea_mul(x1,x1,*p,ul); p++; \
+        x2+= *(p++); \
+        x3+= *(p++); \
+        x4&=0xffff; \
+        idea_mul(x4,x4,*p,ul); p++; \
+        t0=(x1^x3)&0xffff; \
+        idea_mul(t0,t0,*p,ul); p++; \
+        t1=(t0+(x2^x4))&0xffff; \
+        idea_mul(t1,t1,*p,ul); p++; \
+        t0+=t1; \
+        x1^=t1; \
+        x4^=t0; \
+        ul=x2^t0; /* do the swap to x3 */ \
+        x2=x3^t1; \
+        x3=ul;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/__DECC_INCLUDE_EPILOGUE.H b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/__DECC_INCLUDE_EPILOGUE.H
new file mode 100644
index 000000000..c350018ad
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/__DECC_INCLUDE_EPILOGUE.H
@@ -0,0 +1,16 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This file is only used by HP C on VMS, and is included automatically
+ * after each header file from this directory
+ */
+
+/* restore state.  Must correspond to the save in __decc_include_prologue.h */
+#pragma names restore
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/__DECC_INCLUDE_PROLOGUE.H b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/__DECC_INCLUDE_PROLOGUE.H
new file mode 100644
index 000000000..9a9c777f9
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/__DECC_INCLUDE_PROLOGUE.H
@@ -0,0 +1,20 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This file is only used by HP C on VMS, and is included automatically
+ * after each header file from this directory
+ */
+
+/* save state */
+#pragma names save
+/* have the compiler shorten symbols larger than 31 chars to 23 chars
+ * followed by a 8 hex char CRC
+ */
+#pragma names as_is,shortened
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/aria.h b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/aria.h
new file mode 100644
index 000000000..355abe539
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/aria.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2017, Oracle and/or its affiliates.  All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+ /* Copyright (c) 2017 National Security Research Institute.  All rights reserved. */
+
+#ifndef HEADER_ARIA_H
+# define HEADER_ARIA_H
+
+# include <openssl/opensslconf.h>
+
+# ifdef OPENSSL_NO_ARIA
+#  error ARIA is disabled.
+# endif
+
+# define ARIA_ENCRYPT     1
+# define ARIA_DECRYPT     0
+
+# define ARIA_BLOCK_SIZE    16  /* Size of each encryption/decryption block */
+# define ARIA_MAX_KEYS      17  /* Number of keys needed in the worst case  */
+
+typedef union {
+    unsigned char c[ARIA_BLOCK_SIZE];
+    unsigned int u[ARIA_BLOCK_SIZE / sizeof(unsigned int)];
+} ARIA_u128;
+
+typedef unsigned char ARIA_c128[ARIA_BLOCK_SIZE];
+
+struct aria_key_st {
+    ARIA_u128 rd_key[ARIA_MAX_KEYS];
+    unsigned int rounds;
+};
+typedef struct aria_key_st ARIA_KEY;
+
+
+int aria_set_encrypt_key(const unsigned char *userKey, const int bits,
+                         ARIA_KEY *key);
+int aria_set_decrypt_key(const unsigned char *userKey, const int bits,
+                         ARIA_KEY *key);
+
+void aria_encrypt(const unsigned char *in, unsigned char *out,
+                  const ARIA_KEY *key);
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/asn1_int.h b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/asn1_int.h
new file mode 100644
index 000000000..9c9b4d897
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/asn1_int.h
@@ -0,0 +1,113 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Internal ASN1 structures and functions: not for application use */
+
+/* ASN1 public key method structure */
+
+struct evp_pkey_asn1_method_st {
+    int pkey_id;
+    int pkey_base_id;
+    unsigned long pkey_flags;
+    char *pem_str;
+    char *info;
+    int (*pub_decode) (EVP_PKEY *pk, X509_PUBKEY *pub);
+    int (*pub_encode) (X509_PUBKEY *pub, const EVP_PKEY *pk);
+    int (*pub_cmp) (const EVP_PKEY *a, const EVP_PKEY *b);
+    int (*pub_print) (BIO *out, const EVP_PKEY *pkey, int indent,
+                      ASN1_PCTX *pctx);
+    int (*priv_decode) (EVP_PKEY *pk, const PKCS8_PRIV_KEY_INFO *p8inf);
+    int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk);
+    int (*priv_print) (BIO *out, const EVP_PKEY *pkey, int indent,
+                       ASN1_PCTX *pctx);
+    int (*pkey_size) (const EVP_PKEY *pk);
+    int (*pkey_bits) (const EVP_PKEY *pk);
+    int (*pkey_security_bits) (const EVP_PKEY *pk);
+    int (*param_decode) (EVP_PKEY *pkey,
+                         const unsigned char **pder, int derlen);
+    int (*param_encode) (const EVP_PKEY *pkey, unsigned char **pder);
+    int (*param_missing) (const EVP_PKEY *pk);
+    int (*param_copy) (EVP_PKEY *to, const EVP_PKEY *from);
+    int (*param_cmp) (const EVP_PKEY *a, const EVP_PKEY *b);
+    int (*param_print) (BIO *out, const EVP_PKEY *pkey, int indent,
+                        ASN1_PCTX *pctx);
+    int (*sig_print) (BIO *out,
+                      const X509_ALGOR *sigalg, const ASN1_STRING *sig,
+                      int indent, ASN1_PCTX *pctx);
+    void (*pkey_free) (EVP_PKEY *pkey);
+    int (*pkey_ctrl) (EVP_PKEY *pkey, int op, long arg1, void *arg2);
+    /* Legacy functions for old PEM */
+    int (*old_priv_decode) (EVP_PKEY *pkey,
+                            const unsigned char **pder, int derlen);
+    int (*old_priv_encode) (const EVP_PKEY *pkey, unsigned char **pder);
+    /* Custom ASN1 signature verification */
+    int (*item_verify) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+                        X509_ALGOR *a, ASN1_BIT_STRING *sig, EVP_PKEY *pkey);
+    int (*item_sign) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+                      X509_ALGOR *alg1, X509_ALGOR *alg2,
+                      ASN1_BIT_STRING *sig);
+    int (*siginf_set) (X509_SIG_INFO *siginf, const X509_ALGOR *alg,
+                       const ASN1_STRING *sig);
+    /* Check */
+    int (*pkey_check) (const EVP_PKEY *pk);
+    int (*pkey_public_check) (const EVP_PKEY *pk);
+    int (*pkey_param_check) (const EVP_PKEY *pk);
+    /* Get/set raw private/public key data */
+    int (*set_priv_key) (EVP_PKEY *pk, const unsigned char *priv, size_t len);
+    int (*set_pub_key) (EVP_PKEY *pk, const unsigned char *pub, size_t len);
+    int (*get_priv_key) (const EVP_PKEY *pk, unsigned char *priv, size_t *len);
+    int (*get_pub_key) (const EVP_PKEY *pk, unsigned char *pub, size_t *len);
+} /* EVP_PKEY_ASN1_METHOD */ ;
+
+DEFINE_STACK_OF_CONST(EVP_PKEY_ASN1_METHOD)
+
+extern const EVP_PKEY_ASN1_METHOD cmac_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD dhx_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[5];
+extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD ecx25519_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD ecx448_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD ed448_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD sm2_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD poly1305_asn1_meth;
+
+extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[2];
+extern const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD siphash_asn1_meth;
+
+/*
+ * These are used internally in the ASN1_OBJECT to keep track of whether the
+ * names and data need to be free()ed
+ */
+# define ASN1_OBJECT_FLAG_DYNAMIC         0x01/* internal use */
+# define ASN1_OBJECT_FLAG_CRITICAL        0x02/* critical x509v3 object id */
+# define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04/* internal use */
+# define ASN1_OBJECT_FLAG_DYNAMIC_DATA    0x08/* internal use */
+struct asn1_object_st {
+    const char *sn, *ln;
+    int nid;
+    int length;
+    const unsigned char *data;  /* data remains const after init */
+    int flags;                  /* Should we free this one */
+};
+
+/* ASN1 print context structure */
+
+struct asn1_pctx_st {
+    unsigned long flags;
+    unsigned long nm_flags;
+    unsigned long cert_flags;
+    unsigned long oid_flags;
+    unsigned long str_flags;
+} /* ASN1_PCTX */ ;
+
+int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb);
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/async.h b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/async.h
new file mode 100644
index 000000000..dc8e937b0
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/async.h
@@ -0,0 +1,15 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/async.h>
+
+int async_init(void);
+void async_deinit(void);
+void async_delete_thread_state(void);
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/bn_conf.h.in b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/bn_conf.h.in
new file mode 100644
index 000000000..ec6e4f6c1
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/bn_conf.h.in
@@ -0,0 +1,27 @@
+{- join("\n",map { "/* $_ */" } @autowarntext) -}
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_BN_CONF_H
+# define HEADER_BN_CONF_H
+
+/*
+ * The contents of this file are not used in the UEFI build, as
+ * both 32-bit and 64-bit builds are supported from a single run
+ * of the Configure script.
+ */
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+{- $config{b64l} ? "#define" : "#undef" -} SIXTY_FOUR_BIT_LONG
+{- $config{b64}  ? "#define" : "#undef" -} SIXTY_FOUR_BIT
+{- $config{b32}  ? "#define" : "#undef" -} THIRTY_TWO_BIT
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/bn_dh.h b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/bn_dh.h
new file mode 100644
index 000000000..70ebca287
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/bn_dh.h
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#define declare_dh_bn(x) \
+    extern const BIGNUM _bignum_dh##x##_p;              \
+    extern const BIGNUM _bignum_dh##x##_g;              \
+    extern const BIGNUM _bignum_dh##x##_q;
+
+declare_dh_bn(1024_160)
+declare_dh_bn(2048_224)
+declare_dh_bn(2048_256)
+
+extern const BIGNUM _bignum_ffdhe2048_p;
+extern const BIGNUM _bignum_ffdhe3072_p;
+extern const BIGNUM _bignum_ffdhe4096_p;
+extern const BIGNUM _bignum_ffdhe6144_p;
+extern const BIGNUM _bignum_ffdhe8192_p;
+extern const BIGNUM _bignum_const_2;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/bn_int.h b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/bn_int.h
new file mode 100644
index 000000000..30be7efe1
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/bn_int.h
@@ -0,0 +1,90 @@
+/*
+ * Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_BN_INT_H
+# define HEADER_BN_INT_H
+
+# include <openssl/bn.h>
+# include <limits.h>
+
+BIGNUM *bn_wexpand(BIGNUM *a, int words);
+BIGNUM *bn_expand2(BIGNUM *a, int words);
+
+void bn_correct_top(BIGNUM *a);
+
+/*
+ * Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'.
+ * This is an array r[] of values that are either zero or odd with an
+ * absolute value less than 2^w satisfying scalar = \sum_j r[j]*2^j where at
+ * most one of any w+1 consecutive digits is non-zero with the exception that
+ * the most significant digit may be only w-1 zeros away from that next
+ * non-zero digit.
+ */
+signed char *bn_compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len);
+
+int bn_get_top(const BIGNUM *a);
+
+int bn_get_dmax(const BIGNUM *a);
+
+/* Set all words to zero */
+void bn_set_all_zero(BIGNUM *a);
+
+/*
+ * Copy the internal BIGNUM words into out which holds size elements (and size
+ * must be bigger than top)
+ */
+int bn_copy_words(BN_ULONG *out, const BIGNUM *in, int size);
+
+BN_ULONG *bn_get_words(const BIGNUM *a);
+
+/*
+ * Set the internal data words in a to point to words which contains size
+ * elements. The BN_FLG_STATIC_DATA flag is set
+ */
+void bn_set_static_words(BIGNUM *a, const BN_ULONG *words, int size);
+
+/*
+ * Copy words into the BIGNUM |a|, reallocating space as necessary.
+ * The negative flag of |a| is not modified.
+ * Returns 1 on success and 0 on failure.
+ */
+/*
+ * |num_words| is int because bn_expand2 takes an int. This is an internal
+ * function so we simply trust callers not to pass negative values.
+ */
+int bn_set_words(BIGNUM *a, const BN_ULONG *words, int num_words);
+
+/*
+ * Some BIGNUM functions assume most significant limb to be non-zero, which
+ * is customarily arranged by bn_correct_top. Output from below functions
+ * is not processed with bn_correct_top, and for this reason it may not be
+ * returned out of public API. It may only be passed internally into other
+ * functions known to support non-minimal or zero-padded BIGNUMs. Even
+ * though the goal is to facilitate constant-time-ness, not each subroutine
+ * is constant-time by itself. They all have pre-conditions, consult source
+ * code...
+ */
+int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                          BN_MONT_CTX *mont, BN_CTX *ctx);
+int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
+                         BN_CTX *ctx);
+int bn_from_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
+                           BN_CTX *ctx);
+int bn_mod_add_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                         const BIGNUM *m);
+int bn_mod_sub_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                         const BIGNUM *m);
+int bn_mul_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+int bn_sqr_fixed_top(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx);
+int bn_lshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n);
+int bn_rshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n);
+int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
+                     const BIGNUM *d, BN_CTX *ctx);
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/bn_srp.h b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/bn_srp.h
new file mode 100644
index 000000000..d4b282a6b
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/bn_srp.h
@@ -0,0 +1,32 @@
+/*
+ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_NO_SRP
+
+extern const BIGNUM bn_group_1024;
+
+extern const BIGNUM bn_group_1536;
+
+extern const BIGNUM bn_group_2048;
+
+extern const BIGNUM bn_group_3072;
+
+extern const BIGNUM bn_group_4096;
+
+extern const BIGNUM bn_group_6144;
+
+extern const BIGNUM bn_group_8192;
+
+extern const BIGNUM bn_generator_19;
+
+extern const BIGNUM bn_generator_5;
+
+extern const BIGNUM bn_generator_2;
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/chacha.h b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/chacha.h
new file mode 100644
index 000000000..67243f222
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/chacha.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CHACHA_H
+#define HEADER_CHACHA_H
+
+#include <stddef.h>
+
+/*
+ * ChaCha20_ctr32 encrypts |len| bytes from |inp| with the given key and
+ * nonce and writes the result to |out|, which may be equal to |inp|.
+ * The |key| is not 32 bytes of verbatim key material though, but the
+ * said material collected into 8 32-bit elements array in host byte
+ * order. Same approach applies to nonce: the |counter| argument is
+ * pointer to concatenated nonce and counter values collected into 4
+ * 32-bit elements. This, passing crypto material collected into 32-bit
+ * elements as opposite to passing verbatim byte vectors, is chosen for
+ * efficiency in multi-call scenarios.
+ */
+void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp,
+                    size_t len, const unsigned int key[8],
+                    const unsigned int counter[4]);
+/*
+ * You can notice that there is no key setup procedure. Because it's
+ * as trivial as collecting bytes into 32-bit elements, it's reckoned
+ * that below macro is sufficient.
+ */
+#define CHACHA_U8TOU32(p)  ( \
+                ((unsigned int)(p)[0])     | ((unsigned int)(p)[1]<<8) | \
+                ((unsigned int)(p)[2]<<16) | ((unsigned int)(p)[3]<<24)  )
+
+#define CHACHA_KEY_SIZE		32
+#define CHACHA_CTR_SIZE		16
+#define CHACHA_BLK_SIZE		64
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/cryptlib_int.h b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/cryptlib_int.h
new file mode 100644
index 000000000..38b5dac9a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/cryptlib_int.h
@@ -0,0 +1,35 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+
+/* This file is not scanned by mkdef.pl, whereas cryptlib.h is */
+
+struct thread_local_inits_st {
+    int async;
+    int err_state;
+    int rand;
+};
+
+int ossl_init_thread_start(uint64_t opts);
+
+/*
+ * OPENSSL_INIT flags. The primary list of these is in crypto.h. Flags below
+ * are those omitted from crypto.h because they are "reserved for internal
+ * use".
+ */
+# define OPENSSL_INIT_ZLIB                   0x00010000L
+# define OPENSSL_INIT_BASE_ONLY              0x00040000L
+
+/* OPENSSL_INIT_THREAD flags */
+# define OPENSSL_INIT_THREAD_ASYNC           0x01
+# define OPENSSL_INIT_THREAD_ERR_STATE       0x02
+# define OPENSSL_INIT_THREAD_RAND            0x04
+
+void ossl_malloc_setup_failures(void);
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/ctype.h b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/ctype.h
new file mode 100644
index 000000000..a35b12bfb
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/ctype.h
@@ -0,0 +1,80 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This version of ctype.h provides a standardised and platform
+ * independent implementation that supports seven bit ASCII characters.
+ * The specific intent is to not pass extended ASCII characters (> 127)
+ * even if the host operating system would.
+ *
+ * There is EBCDIC support included for machines which use this.  However,
+ * there are a number of concerns about how well EBCDIC is supported
+ * throughout the rest of the source code.  Refer to issue #4154 for
+ * details.
+ */
+#ifndef INTERNAL_CTYPE_H
+# define INTERNAL_CTYPE_H
+
+# define CTYPE_MASK_lower       0x1
+# define CTYPE_MASK_upper       0x2
+# define CTYPE_MASK_digit       0x4
+# define CTYPE_MASK_space       0x8
+# define CTYPE_MASK_xdigit      0x10
+# define CTYPE_MASK_blank       0x20
+# define CTYPE_MASK_cntrl       0x40
+# define CTYPE_MASK_graph       0x80
+# define CTYPE_MASK_print       0x100
+# define CTYPE_MASK_punct       0x200
+# define CTYPE_MASK_base64      0x400
+# define CTYPE_MASK_asn1print   0x800
+
+# define CTYPE_MASK_alpha   (CTYPE_MASK_lower | CTYPE_MASK_upper)
+# define CTYPE_MASK_alnum   (CTYPE_MASK_alpha | CTYPE_MASK_digit)
+
+/*
+ * The ascii mask assumes that any other classification implies that
+ * the character is ASCII and that there are no ASCII characters
+ * that aren't in any of the classifications.
+ *
+ * This assumption holds at the moment, but it might not in the future.
+ */
+# define CTYPE_MASK_ascii   (~0)
+
+# ifdef CHARSET_EBCDIC
+int ossl_toascii(int c);
+int ossl_fromascii(int c);
+# else
+#  define ossl_toascii(c)       (c)
+#  define ossl_fromascii(c)     (c)
+# endif
+int ossl_ctype_check(int c, unsigned int mask);
+int ossl_tolower(int c);
+int ossl_toupper(int c);
+
+# define ossl_isalnum(c)        (ossl_ctype_check((c), CTYPE_MASK_alnum))
+# define ossl_isalpha(c)        (ossl_ctype_check((c), CTYPE_MASK_alpha))
+# ifdef CHARSET_EBCDIC
+# define ossl_isascii(c)        (ossl_ctype_check((c), CTYPE_MASK_ascii))
+# else
+# define ossl_isascii(c)        (((c) & ~127) == 0)
+# endif
+# define ossl_isblank(c)        (ossl_ctype_check((c), CTYPE_MASK_blank))
+# define ossl_iscntrl(c)        (ossl_ctype_check((c), CTYPE_MASK_cntrl))
+# define ossl_isdigit(c)        (ossl_ctype_check((c), CTYPE_MASK_digit))
+# define ossl_isgraph(c)        (ossl_ctype_check((c), CTYPE_MASK_graph))
+# define ossl_islower(c)        (ossl_ctype_check((c), CTYPE_MASK_lower))
+# define ossl_isprint(c)        (ossl_ctype_check((c), CTYPE_MASK_print))
+# define ossl_ispunct(c)        (ossl_ctype_check((c), CTYPE_MASK_punct))
+# define ossl_isspace(c)        (ossl_ctype_check((c), CTYPE_MASK_space))
+# define ossl_isupper(c)        (ossl_ctype_check((c), CTYPE_MASK_upper))
+# define ossl_isxdigit(c)       (ossl_ctype_check((c), CTYPE_MASK_xdigit))
+# define ossl_isbase64(c)       (ossl_ctype_check((c), CTYPE_MASK_base64))
+# define ossl_isasn1print(c)    (ossl_ctype_check((c), CTYPE_MASK_asn1print))
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/dso_conf.h.in b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/dso_conf.h.in
new file mode 100644
index 000000000..d6e9d1b1b
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/dso_conf.h.in
@@ -0,0 +1,30 @@
+{- join("\n",map { "/* $_ */" } @autowarntext) -}
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_DSO_CONF_H
+# define HEADER_DSO_CONF_H
+{- output_off() if $disabled{dso} -}
+{-  # The DSO code currently always implements all functions so that no
+    # applications will have to worry about that from a compilation point
+    # of view. However, the "method"s may return zero unless that platform
+    # has support compiled in for them. Currently each method is enabled
+    # by a define "DSO_<name>" ... we translate the "dso_scheme" config
+    # string entry into using the following logic;
+    my $scheme = uc $target{dso_scheme};
+    my @macros = ( "DSO_$scheme" );
+    if ($scheme eq 'DLFCN') {
+        @macros = ( "DSO_DLFCN", "HAVE_DLFCN_H" );
+    } elsif ($scheme eq "DLFCN_NO_H") {
+        @macros = ( "DSO_DLFCN" );
+    }
+    join("\n", map { "# define $_" } @macros); -}
+# define DSO_EXTENSION "{- $target{dso_extension} -}"
+{- output_on() if $disabled{dso} -}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/ec_int.h b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/ec_int.h
new file mode 100644
index 000000000..182c39cc8
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/ec_int.h
@@ -0,0 +1,53 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Internal EC functions for other submodules: not for application use */
+
+#ifndef HEADER_OSSL_EC_INTERNAL_H
+# define HEADER_OSSL_EC_INTERNAL_H
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_EC
+
+#  include <openssl/ec.h>
+
+/*-
+ * Computes the multiplicative inverse of x in the range
+ * [1,EC_GROUP::order), where EC_GROUP::order is the cardinality of the
+ * subgroup generated by the generator G:
+ *
+ *         res := x^(-1) (mod EC_GROUP::order).
+ *
+ * This function expects the following two conditions to hold:
+ *  - the EC_GROUP order is prime, and
+ *  - x is included in the range [1, EC_GROUP::order).
+ *
+ * This function returns 1 on success, 0 on error.
+ *
+ * If the EC_GROUP order is even, this function explicitly returns 0 as
+ * an error.
+ * In case any of the two conditions stated above is not satisfied,
+ * the correctness of its output is not guaranteed, even if the return
+ * value could still be 1 (as primality testing and a conditional modular
+ * reduction round on the input can be omitted by the underlying
+ * implementations for better SCA properties on regular input values).
+ */
+__owur int ec_group_do_inverse_ord(const EC_GROUP *group, BIGNUM *res,
+                                   const BIGNUM *x, BN_CTX *ctx);
+
+/*-
+ * ECDH Key Derivation Function as defined in ANSI X9.63
+ */
+int ecdh_KDF_X9_63(unsigned char *out, size_t outlen,
+                   const unsigned char *Z, size_t Zlen,
+                   const unsigned char *sinfo, size_t sinfolen,
+                   const EVP_MD *md);
+
+# endif /* OPENSSL_NO_EC */
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/engine.h b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/engine.h
new file mode 100644
index 000000000..f80ae3ec3
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/engine.h
@@ -0,0 +1,20 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/engine.h>
+
+void engine_load_openssl_int(void);
+void engine_load_devcrypto_int(void);
+void engine_load_rdrand_int(void);
+void engine_load_dynamic_int(void);
+void engine_load_padlock_int(void);
+void engine_load_capi_int(void);
+void engine_load_dasync_int(void);
+void engine_load_afalg_int(void);
+void engine_cleanup_int(void);
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/err_int.h b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/err_int.h
new file mode 100644
index 000000000..44ac94462
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/err_int.h
@@ -0,0 +1,19 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef INTERNAL_ERR_INT_H
+# define INTERNAL_ERR_INT_H
+
+int err_load_crypto_strings_int(void);
+void err_cleanup(void);
+void err_delete_thread_state(void);
+int err_shelve_state(void **);
+void err_unshelve_state(void *);
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/evp_int.h b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/evp_int.h
new file mode 100644
index 000000000..d86aed36f
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/evp_int.h
@@ -0,0 +1,442 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/evp.h>
+#include "internal/refcount.h"
+
+/*
+ * Don't free up md_ctx->pctx in EVP_MD_CTX_reset, use the reserved flag
+ * values in evp.h
+ */
+#define EVP_MD_CTX_FLAG_KEEP_PKEY_CTX   0x0400
+
+struct evp_pkey_ctx_st {
+    /* Method associated with this operation */
+    const EVP_PKEY_METHOD *pmeth;
+    /* Engine that implements this method or NULL if builtin */
+    ENGINE *engine;
+    /* Key: may be NULL */
+    EVP_PKEY *pkey;
+    /* Peer key for key agreement, may be NULL */
+    EVP_PKEY *peerkey;
+    /* Actual operation */
+    int operation;
+    /* Algorithm specific data */
+    void *data;
+    /* Application specific data */
+    void *app_data;
+    /* Keygen callback */
+    EVP_PKEY_gen_cb *pkey_gencb;
+    /* implementation specific keygen data */
+    int *keygen_info;
+    int keygen_info_count;
+} /* EVP_PKEY_CTX */ ;
+
+#define EVP_PKEY_FLAG_DYNAMIC   1
+
+struct evp_pkey_method_st {
+    int pkey_id;
+    int flags;
+    int (*init) (EVP_PKEY_CTX *ctx);
+    int (*copy) (EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src);
+    void (*cleanup) (EVP_PKEY_CTX *ctx);
+    int (*paramgen_init) (EVP_PKEY_CTX *ctx);
+    int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
+    int (*keygen_init) (EVP_PKEY_CTX *ctx);
+    int (*keygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
+    int (*sign_init) (EVP_PKEY_CTX *ctx);
+    int (*sign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                 const unsigned char *tbs, size_t tbslen);
+    int (*verify_init) (EVP_PKEY_CTX *ctx);
+    int (*verify) (EVP_PKEY_CTX *ctx,
+                   const unsigned char *sig, size_t siglen,
+                   const unsigned char *tbs, size_t tbslen);
+    int (*verify_recover_init) (EVP_PKEY_CTX *ctx);
+    int (*verify_recover) (EVP_PKEY_CTX *ctx,
+                           unsigned char *rout, size_t *routlen,
+                           const unsigned char *sig, size_t siglen);
+    int (*signctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
+    int (*signctx) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                    EVP_MD_CTX *mctx);
+    int (*verifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
+    int (*verifyctx) (EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen,
+                      EVP_MD_CTX *mctx);
+    int (*encrypt_init) (EVP_PKEY_CTX *ctx);
+    int (*encrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
+                    const unsigned char *in, size_t inlen);
+    int (*decrypt_init) (EVP_PKEY_CTX *ctx);
+    int (*decrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
+                    const unsigned char *in, size_t inlen);
+    int (*derive_init) (EVP_PKEY_CTX *ctx);
+    int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
+    int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
+    int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value);
+    int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
+                       const unsigned char *tbs, size_t tbslen);
+    int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig,
+                         size_t siglen, const unsigned char *tbs,
+                         size_t tbslen);
+    int (*check) (EVP_PKEY *pkey);
+    int (*public_check) (EVP_PKEY *pkey);
+    int (*param_check) (EVP_PKEY *pkey);
+
+    int (*digest_custom) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
+} /* EVP_PKEY_METHOD */ ;
+
+DEFINE_STACK_OF_CONST(EVP_PKEY_METHOD)
+
+void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx);
+
+extern const EVP_PKEY_METHOD cmac_pkey_meth;
+extern const EVP_PKEY_METHOD dh_pkey_meth;
+extern const EVP_PKEY_METHOD dhx_pkey_meth;
+extern const EVP_PKEY_METHOD dsa_pkey_meth;
+extern const EVP_PKEY_METHOD ec_pkey_meth;
+extern const EVP_PKEY_METHOD sm2_pkey_meth;
+extern const EVP_PKEY_METHOD ecx25519_pkey_meth;
+extern const EVP_PKEY_METHOD ecx448_pkey_meth;
+extern const EVP_PKEY_METHOD ed25519_pkey_meth;
+extern const EVP_PKEY_METHOD ed448_pkey_meth;
+extern const EVP_PKEY_METHOD hmac_pkey_meth;
+extern const EVP_PKEY_METHOD rsa_pkey_meth;
+extern const EVP_PKEY_METHOD rsa_pss_pkey_meth;
+extern const EVP_PKEY_METHOD scrypt_pkey_meth;
+extern const EVP_PKEY_METHOD tls1_prf_pkey_meth;
+extern const EVP_PKEY_METHOD hkdf_pkey_meth;
+extern const EVP_PKEY_METHOD poly1305_pkey_meth;
+extern const EVP_PKEY_METHOD siphash_pkey_meth;
+
+struct evp_md_st {
+    int type;
+    int pkey_type;
+    int md_size;
+    unsigned long flags;
+    int (*init) (EVP_MD_CTX *ctx);
+    int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count);
+    int (*final) (EVP_MD_CTX *ctx, unsigned char *md);
+    int (*copy) (EVP_MD_CTX *to, const EVP_MD_CTX *from);
+    int (*cleanup) (EVP_MD_CTX *ctx);
+    int block_size;
+    int ctx_size;               /* how big does the ctx->md_data need to be */
+    /* control function */
+    int (*md_ctrl) (EVP_MD_CTX *ctx, int cmd, int p1, void *p2);
+} /* EVP_MD */ ;
+
+struct evp_cipher_st {
+    int nid;
+    int block_size;
+    /* Default value for variable length ciphers */
+    int key_len;
+    int iv_len;
+    /* Various flags */
+    unsigned long flags;
+    /* init key */
+    int (*init) (EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                 const unsigned char *iv, int enc);
+    /* encrypt/decrypt data */
+    int (*do_cipher) (EVP_CIPHER_CTX *ctx, unsigned char *out,
+                      const unsigned char *in, size_t inl);
+    /* cleanup ctx */
+    int (*cleanup) (EVP_CIPHER_CTX *);
+    /* how big ctx->cipher_data needs to be */
+    int ctx_size;
+    /* Populate a ASN1_TYPE with parameters */
+    int (*set_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *);
+    /* Get parameters from a ASN1_TYPE */
+    int (*get_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *);
+    /* Miscellaneous operations */
+    int (*ctrl) (EVP_CIPHER_CTX *, int type, int arg, void *ptr);
+    /* Application data */
+    void *app_data;
+} /* EVP_CIPHER */ ;
+
+/* Macros to code block cipher wrappers */
+
+/* Wrapper functions for each cipher mode */
+
+#define EVP_C_DATA(kstruct, ctx) \
+        ((kstruct *)EVP_CIPHER_CTX_get_cipher_data(ctx))
+
+#define BLOCK_CIPHER_ecb_loop() \
+        size_t i, bl; \
+        bl = EVP_CIPHER_CTX_cipher(ctx)->block_size;    \
+        if (inl < bl) return 1;\
+        inl -= bl; \
+        for (i=0; i <= inl; i+=bl)
+
+#define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \
+static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
+{\
+        BLOCK_CIPHER_ecb_loop() \
+            cprefix##_ecb_encrypt(in + i, out + i, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_encrypting(ctx)); \
+        return 1;\
+}
+
+#define EVP_MAXCHUNK ((size_t)1<<(sizeof(long)*8-2))
+
+#define BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) \
+    static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
+{\
+        while(inl>=EVP_MAXCHUNK) {\
+            int num = EVP_CIPHER_CTX_num(ctx);\
+            cprefix##_ofb##cbits##_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), &num); \
+            EVP_CIPHER_CTX_set_num(ctx, num);\
+            inl-=EVP_MAXCHUNK;\
+            in +=EVP_MAXCHUNK;\
+            out+=EVP_MAXCHUNK;\
+        }\
+        if (inl) {\
+            int num = EVP_CIPHER_CTX_num(ctx);\
+            cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), &num); \
+            EVP_CIPHER_CTX_set_num(ctx, num);\
+        }\
+        return 1;\
+}
+
+#define BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \
+static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
+{\
+        while(inl>=EVP_MAXCHUNK) \
+            {\
+            cprefix##_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), EVP_CIPHER_CTX_encrypting(ctx));\
+            inl-=EVP_MAXCHUNK;\
+            in +=EVP_MAXCHUNK;\
+            out+=EVP_MAXCHUNK;\
+            }\
+        if (inl)\
+            cprefix##_cbc_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), EVP_CIPHER_CTX_encrypting(ctx));\
+        return 1;\
+}
+
+#define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched)  \
+static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
+{\
+    size_t chunk = EVP_MAXCHUNK;\
+    if (cbits == 1)  chunk >>= 3;\
+    if (inl < chunk) chunk = inl;\
+    while (inl && inl >= chunk)\
+    {\
+        int num = EVP_CIPHER_CTX_num(ctx);\
+        cprefix##_cfb##cbits##_encrypt(in, out, (long) \
+            ((cbits == 1) \
+                && !EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS) \
+                ? chunk*8 : chunk), \
+            &EVP_C_DATA(kstruct, ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx),\
+            &num, EVP_CIPHER_CTX_encrypting(ctx));\
+        EVP_CIPHER_CTX_set_num(ctx, num);\
+        inl -= chunk;\
+        in += chunk;\
+        out += chunk;\
+        if (inl < chunk) chunk = inl;\
+    }\
+    return 1;\
+}
+
+#define BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \
+        BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \
+        BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \
+        BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \
+        BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched)
+
+#define BLOCK_CIPHER_def1(cname, nmode, mode, MODE, kstruct, nid, block_size, \
+                          key_len, iv_len, flags, init_key, cleanup, \
+                          set_asn1, get_asn1, ctrl) \
+static const EVP_CIPHER cname##_##mode = { \
+        nid##_##nmode, block_size, key_len, iv_len, \
+        flags | EVP_CIPH_##MODE##_MODE, \
+        init_key, \
+        cname##_##mode##_cipher, \
+        cleanup, \
+        sizeof(kstruct), \
+        set_asn1, get_asn1,\
+        ctrl, \
+        NULL \
+}; \
+const EVP_CIPHER *EVP_##cname##_##mode(void) { return &cname##_##mode; }
+
+#define BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, \
+                             iv_len, flags, init_key, cleanup, set_asn1, \
+                             get_asn1, ctrl) \
+BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid, block_size, key_len, \
+                  iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
+
+#define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, \
+                             iv_len, cbits, flags, init_key, cleanup, \
+                             set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def1(cname, cfb##cbits, cfb##cbits, CFB, kstruct, nid, 1, \
+                  key_len, iv_len, flags, init_key, cleanup, set_asn1, \
+                  get_asn1, ctrl)
+
+#define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, \
+                             iv_len, cbits, flags, init_key, cleanup, \
+                             set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def1(cname, ofb##cbits, ofb, OFB, kstruct, nid, 1, \
+                  key_len, iv_len, flags, init_key, cleanup, set_asn1, \
+                  get_asn1, ctrl)
+
+#define BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, \
+                             flags, init_key, cleanup, set_asn1, \
+                             get_asn1, ctrl) \
+BLOCK_CIPHER_def1(cname, ecb, ecb, ECB, kstruct, nid, block_size, key_len, \
+                  0, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
+
+#define BLOCK_CIPHER_defs(cname, kstruct, \
+                          nid, block_size, key_len, iv_len, cbits, flags, \
+                          init_key, cleanup, set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags, \
+                     init_key, cleanup, set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, iv_len, cbits, \
+                     flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, iv_len, cbits, \
+                     flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, flags, \
+                     init_key, cleanup, set_asn1, get_asn1, ctrl)
+
+/*-
+#define BLOCK_CIPHER_defs(cname, kstruct, \
+                                nid, block_size, key_len, iv_len, flags,\
+                                 init_key, cleanup, set_asn1, get_asn1, ctrl)\
+static const EVP_CIPHER cname##_cbc = {\
+        nid##_cbc, block_size, key_len, iv_len, \
+        flags | EVP_CIPH_CBC_MODE,\
+        init_key,\
+        cname##_cbc_cipher,\
+        cleanup,\
+        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
+                sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
+        set_asn1, get_asn1,\
+        ctrl, \
+        NULL \
+};\
+const EVP_CIPHER *EVP_##cname##_cbc(void) { return &cname##_cbc; }\
+static const EVP_CIPHER cname##_cfb = {\
+        nid##_cfb64, 1, key_len, iv_len, \
+        flags | EVP_CIPH_CFB_MODE,\
+        init_key,\
+        cname##_cfb_cipher,\
+        cleanup,\
+        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
+                sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
+        set_asn1, get_asn1,\
+        ctrl,\
+        NULL \
+};\
+const EVP_CIPHER *EVP_##cname##_cfb(void) { return &cname##_cfb; }\
+static const EVP_CIPHER cname##_ofb = {\
+        nid##_ofb64, 1, key_len, iv_len, \
+        flags | EVP_CIPH_OFB_MODE,\
+        init_key,\
+        cname##_ofb_cipher,\
+        cleanup,\
+        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
+                sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
+        set_asn1, get_asn1,\
+        ctrl,\
+        NULL \
+};\
+const EVP_CIPHER *EVP_##cname##_ofb(void) { return &cname##_ofb; }\
+static const EVP_CIPHER cname##_ecb = {\
+        nid##_ecb, block_size, key_len, iv_len, \
+        flags | EVP_CIPH_ECB_MODE,\
+        init_key,\
+        cname##_ecb_cipher,\
+        cleanup,\
+        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
+                sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
+        set_asn1, get_asn1,\
+        ctrl,\
+        NULL \
+};\
+const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; }
+*/
+
+#define IMPLEMENT_BLOCK_CIPHER(cname, ksched, cprefix, kstruct, nid, \
+                               block_size, key_len, iv_len, cbits, \
+                               flags, init_key, \
+                               cleanup, set_asn1, get_asn1, ctrl) \
+        BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \
+        BLOCK_CIPHER_defs(cname, kstruct, nid, block_size, key_len, iv_len, \
+                          cbits, flags, init_key, cleanup, set_asn1, \
+                          get_asn1, ctrl)
+
+#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len,fl) \
+        BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \
+        BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \
+                             NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \
+                             (fl)|EVP_CIPH_FLAG_DEFAULT_ASN1, \
+                             cipher##_init_key, NULL, NULL, NULL, NULL)
+
+
+# ifndef OPENSSL_NO_EC
+
+#define X25519_KEYLEN        32
+#define X448_KEYLEN          56
+#define ED448_KEYLEN         57
+
+#define MAX_KEYLEN  ED448_KEYLEN
+
+typedef struct {
+    unsigned char pubkey[MAX_KEYLEN];
+    unsigned char *privkey;
+} ECX_KEY;
+
+#endif
+
+/*
+ * Type needs to be a bit field Sub-type needs to be for variations on the
+ * method, as in, can it do arbitrary encryption....
+ */
+struct evp_pkey_st {
+    int type;
+    int save_type;
+    CRYPTO_REF_COUNT references;
+    const EVP_PKEY_ASN1_METHOD *ameth;
+    ENGINE *engine;
+    ENGINE *pmeth_engine; /* If not NULL public key ENGINE to use */
+    union {
+        void *ptr;
+# ifndef OPENSSL_NO_RSA
+        struct rsa_st *rsa;     /* RSA */
+# endif
+# ifndef OPENSSL_NO_DSA
+        struct dsa_st *dsa;     /* DSA */
+# endif
+# ifndef OPENSSL_NO_DH
+        struct dh_st *dh;       /* DH */
+# endif
+# ifndef OPENSSL_NO_EC
+        struct ec_key_st *ec;   /* ECC */
+        ECX_KEY *ecx;           /* X25519, X448, Ed25519, Ed448 */
+# endif
+    } pkey;
+    int save_parameters;
+    STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
+    CRYPTO_RWLOCK *lock;
+} /* EVP_PKEY */ ;
+
+
+void openssl_add_all_ciphers_int(void);
+void openssl_add_all_digests_int(void);
+void evp_cleanup_int(void);
+void evp_app_cleanup_int(void);
+
+/* Pulling defines out of C source files */
+
+#define EVP_RC4_KEY_SIZE 16
+#ifndef TLS1_1_VERSION
+# define TLS1_1_VERSION   0x0302
+#endif
+
+void evp_encode_ctx_set_flags(EVP_ENCODE_CTX *ctx, unsigned int flags);
+
+/* EVP_ENCODE_CTX flags */
+/* Don't generate new lines when encoding */
+#define EVP_ENCODE_CTX_NO_NEWLINES          1
+/* Use the SRP base64 alphabet instead of the standard one */
+#define EVP_ENCODE_CTX_USE_SRP_ALPHABET     2
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/lhash.h b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/lhash.h
new file mode 100644
index 000000000..200ba8685
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/lhash.h
@@ -0,0 +1,15 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef INTERNAL_LHASH_H
+# define INTERNAL_LHASH_H
+
+unsigned long openssl_lh_strcasehash(const char *);
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/md32_common.h b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/md32_common.h
new file mode 100644
index 000000000..1124e9c24
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/md32_common.h
@@ -0,0 +1,256 @@
+/*
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*-
+ * This is a generic 32 bit "collector" for message digest algorithms.
+ * Whenever needed it collects input character stream into chunks of
+ * 32 bit values and invokes a block function that performs actual hash
+ * calculations.
+ *
+ * Porting guide.
+ *
+ * Obligatory macros:
+ *
+ * DATA_ORDER_IS_BIG_ENDIAN or DATA_ORDER_IS_LITTLE_ENDIAN
+ *      this macro defines byte order of input stream.
+ * HASH_CBLOCK
+ *      size of a unit chunk HASH_BLOCK operates on.
+ * HASH_LONG
+ *      has to be at least 32 bit wide.
+ * HASH_CTX
+ *      context structure that at least contains following
+ *      members:
+ *              typedef struct {
+ *                      ...
+ *                      HASH_LONG       Nl,Nh;
+ *                      either {
+ *                      HASH_LONG       data[HASH_LBLOCK];
+ *                      unsigned char   data[HASH_CBLOCK];
+ *                      };
+ *                      unsigned int    num;
+ *                      ...
+ *                      } HASH_CTX;
+ *      data[] vector is expected to be zeroed upon first call to
+ *      HASH_UPDATE.
+ * HASH_UPDATE
+ *      name of "Update" function, implemented here.
+ * HASH_TRANSFORM
+ *      name of "Transform" function, implemented here.
+ * HASH_FINAL
+ *      name of "Final" function, implemented here.
+ * HASH_BLOCK_DATA_ORDER
+ *      name of "block" function capable of treating *unaligned* input
+ *      message in original (data) byte order, implemented externally.
+ * HASH_MAKE_STRING
+ *      macro converting context variables to an ASCII hash string.
+ *
+ * MD5 example:
+ *
+ *      #define DATA_ORDER_IS_LITTLE_ENDIAN
+ *
+ *      #define HASH_LONG               MD5_LONG
+ *      #define HASH_CTX                MD5_CTX
+ *      #define HASH_CBLOCK             MD5_CBLOCK
+ *      #define HASH_UPDATE             MD5_Update
+ *      #define HASH_TRANSFORM          MD5_Transform
+ *      #define HASH_FINAL              MD5_Final
+ *      #define HASH_BLOCK_DATA_ORDER   md5_block_data_order
+ */
+
+#include <openssl/crypto.h>
+
+#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+# error "DATA_ORDER must be defined!"
+#endif
+
+#ifndef HASH_CBLOCK
+# error "HASH_CBLOCK must be defined!"
+#endif
+#ifndef HASH_LONG
+# error "HASH_LONG must be defined!"
+#endif
+#ifndef HASH_CTX
+# error "HASH_CTX must be defined!"
+#endif
+
+#ifndef HASH_UPDATE
+# error "HASH_UPDATE must be defined!"
+#endif
+#ifndef HASH_TRANSFORM
+# error "HASH_TRANSFORM must be defined!"
+#endif
+#ifndef HASH_FINAL
+# error "HASH_FINAL must be defined!"
+#endif
+
+#ifndef HASH_BLOCK_DATA_ORDER
+# error "HASH_BLOCK_DATA_ORDER must be defined!"
+#endif
+
+#define ROTATE(a,n)     (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
+
+#if defined(DATA_ORDER_IS_BIG_ENDIAN)
+
+# define HOST_c2l(c,l)  (l =(((unsigned long)(*((c)++)))<<24),          \
+                         l|=(((unsigned long)(*((c)++)))<<16),          \
+                         l|=(((unsigned long)(*((c)++)))<< 8),          \
+                         l|=(((unsigned long)(*((c)++)))    )           )
+# define HOST_l2c(l,c)  (*((c)++)=(unsigned char)(((l)>>24)&0xff),      \
+                         *((c)++)=(unsigned char)(((l)>>16)&0xff),      \
+                         *((c)++)=(unsigned char)(((l)>> 8)&0xff),      \
+                         *((c)++)=(unsigned char)(((l)    )&0xff),      \
+                         l)
+
+#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+
+# define HOST_c2l(c,l)  (l =(((unsigned long)(*((c)++)))    ),          \
+                         l|=(((unsigned long)(*((c)++)))<< 8),          \
+                         l|=(((unsigned long)(*((c)++)))<<16),          \
+                         l|=(((unsigned long)(*((c)++)))<<24)           )
+# define HOST_l2c(l,c)  (*((c)++)=(unsigned char)(((l)    )&0xff),      \
+                         *((c)++)=(unsigned char)(((l)>> 8)&0xff),      \
+                         *((c)++)=(unsigned char)(((l)>>16)&0xff),      \
+                         *((c)++)=(unsigned char)(((l)>>24)&0xff),      \
+                         l)
+
+#endif
+
+/*
+ * Time for some action :-)
+ */
+
+int HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len)
+{
+    const unsigned char *data = data_;
+    unsigned char *p;
+    HASH_LONG l;
+    size_t n;
+
+    if (len == 0)
+        return 1;
+
+    l = (c->Nl + (((HASH_LONG) len) << 3)) & 0xffffffffUL;
+    if (l < c->Nl)              /* overflow */
+        c->Nh++;
+    c->Nh += (HASH_LONG) (len >> 29); /* might cause compiler warning on
+                                       * 16-bit */
+    c->Nl = l;
+
+    n = c->num;
+    if (n != 0) {
+        p = (unsigned char *)c->data;
+
+        if (len >= HASH_CBLOCK || len + n >= HASH_CBLOCK) {
+            memcpy(p + n, data, HASH_CBLOCK - n);
+            HASH_BLOCK_DATA_ORDER(c, p, 1);
+            n = HASH_CBLOCK - n;
+            data += n;
+            len -= n;
+            c->num = 0;
+            /*
+             * We use memset rather than OPENSSL_cleanse() here deliberately.
+             * Using OPENSSL_cleanse() here could be a performance issue. It
+             * will get properly cleansed on finalisation so this isn't a
+             * security problem.
+             */
+            memset(p, 0, HASH_CBLOCK); /* keep it zeroed */
+        } else {
+            memcpy(p + n, data, len);
+            c->num += (unsigned int)len;
+            return 1;
+        }
+    }
+
+    n = len / HASH_CBLOCK;
+    if (n > 0) {
+        HASH_BLOCK_DATA_ORDER(c, data, n);
+        n *= HASH_CBLOCK;
+        data += n;
+        len -= n;
+    }
+
+    if (len != 0) {
+        p = (unsigned char *)c->data;
+        c->num = (unsigned int)len;
+        memcpy(p, data, len);
+    }
+    return 1;
+}
+
+void HASH_TRANSFORM(HASH_CTX *c, const unsigned char *data)
+{
+    HASH_BLOCK_DATA_ORDER(c, data, 1);
+}
+
+int HASH_FINAL(unsigned char *md, HASH_CTX *c)
+{
+    unsigned char *p = (unsigned char *)c->data;
+    size_t n = c->num;
+
+    p[n] = 0x80;                /* there is always room for one */
+    n++;
+
+    if (n > (HASH_CBLOCK - 8)) {
+        memset(p + n, 0, HASH_CBLOCK - n);
+        n = 0;
+        HASH_BLOCK_DATA_ORDER(c, p, 1);
+    }
+    memset(p + n, 0, HASH_CBLOCK - 8 - n);
+
+    p += HASH_CBLOCK - 8;
+#if   defined(DATA_ORDER_IS_BIG_ENDIAN)
+    (void)HOST_l2c(c->Nh, p);
+    (void)HOST_l2c(c->Nl, p);
+#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+    (void)HOST_l2c(c->Nl, p);
+    (void)HOST_l2c(c->Nh, p);
+#endif
+    p -= HASH_CBLOCK;
+    HASH_BLOCK_DATA_ORDER(c, p, 1);
+    c->num = 0;
+    OPENSSL_cleanse(p, HASH_CBLOCK);
+
+#ifndef HASH_MAKE_STRING
+# error "HASH_MAKE_STRING must be defined!"
+#else
+    HASH_MAKE_STRING(c, md);
+#endif
+
+    return 1;
+}
+
+#ifndef MD32_REG_T
+# if defined(__alpha) || defined(__sparcv9) || defined(__mips)
+#  define MD32_REG_T long
+/*
+ * This comment was originally written for MD5, which is why it
+ * discusses A-D. But it basically applies to all 32-bit digests,
+ * which is why it was moved to common header file.
+ *
+ * In case you wonder why A-D are declared as long and not
+ * as MD5_LONG. Doing so results in slight performance
+ * boost on LP64 architectures. The catch is we don't
+ * really care if 32 MSBs of a 64-bit register get polluted
+ * with eventual overflows as we *save* only 32 LSBs in
+ * *either* case. Now declaring 'em long excuses the compiler
+ * from keeping 32 MSBs zeroed resulting in 13% performance
+ * improvement under SPARC Solaris7/64 and 5% under AlphaLinux.
+ * Well, to be honest it should say that this *prevents*
+ * performance degradation.
+ */
+# else
+/*
+ * Above is not absolute and there are LP64 compilers that
+ * generate better code if MD32_REG_T is defined int. The above
+ * pre-processor condition reflects the circumstances under which
+ * the conclusion was made and is subject to further extension.
+ */
+#  define MD32_REG_T int
+# endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/objects.h b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/objects.h
new file mode 100644
index 000000000..76e1b4d98
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/objects.h
@@ -0,0 +1,12 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/objects.h>
+
+void obj_cleanup_int(void);
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/poly1305.h b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/poly1305.h
new file mode 100644
index 000000000..5fef239d0
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/poly1305.h
@@ -0,0 +1,21 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stddef.h>
+
+#define POLY1305_BLOCK_SIZE  16
+#define POLY1305_DIGEST_SIZE 16
+#define POLY1305_KEY_SIZE    32
+
+typedef struct poly1305_context POLY1305;
+
+size_t Poly1305_ctx_size(void);
+void Poly1305_Init(POLY1305 *ctx, const unsigned char key[32]);
+void Poly1305_Update(POLY1305 *ctx, const unsigned char *inp, size_t len);
+void Poly1305_Final(POLY1305 *ctx, unsigned char mac[16]);
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/rand_int.h b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/rand_int.h
new file mode 100644
index 000000000..888cab1b8
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/rand_int.h
@@ -0,0 +1,134 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+#ifndef HEADER_RAND_INT_H
+# define HEADER_RAND_INT_H
+
+# include <openssl/rand.h>
+
+/* forward declaration */
+typedef struct rand_pool_st RAND_POOL;
+
+void rand_cleanup_int(void);
+void rand_drbg_cleanup_int(void);
+void drbg_delete_thread_state(void);
+void rand_fork(void);
+
+/* Hardware-based seeding functions. */
+size_t rand_acquire_entropy_from_tsc(RAND_POOL *pool);
+size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool);
+
+/* DRBG entropy callbacks. */
+size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
+                             unsigned char **pout,
+                             int entropy, size_t min_len, size_t max_len,
+                             int prediction_resistance);
+void rand_drbg_cleanup_entropy(RAND_DRBG *drbg,
+                               unsigned char *out, size_t outlen);
+size_t rand_drbg_get_nonce(RAND_DRBG *drbg,
+                           unsigned char **pout,
+                           int entropy, size_t min_len, size_t max_len);
+void rand_drbg_cleanup_nonce(RAND_DRBG *drbg,
+                             unsigned char *out, size_t outlen);
+
+size_t rand_drbg_get_additional_data(RAND_POOL *pool, unsigned char **pout);
+
+void rand_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out);
+
+/*
+ * RAND_POOL functions
+ */
+RAND_POOL *rand_pool_new(int entropy_requested, size_t min_len, size_t max_len);
+RAND_POOL *rand_pool_attach(const unsigned char *buffer, size_t len,
+                            size_t entropy);
+void rand_pool_free(RAND_POOL *pool);
+
+const unsigned char *rand_pool_buffer(RAND_POOL *pool);
+unsigned char *rand_pool_detach(RAND_POOL *pool);
+void rand_pool_reattach(RAND_POOL *pool, unsigned char *buffer);
+
+size_t rand_pool_entropy(RAND_POOL *pool);
+size_t rand_pool_length(RAND_POOL *pool);
+
+size_t rand_pool_entropy_available(RAND_POOL *pool);
+size_t rand_pool_entropy_needed(RAND_POOL *pool);
+/* |entropy_factor| expresses how many bits of data contain 1 bit of entropy */
+size_t rand_pool_bytes_needed(RAND_POOL *pool, unsigned int entropy_factor);
+size_t rand_pool_bytes_remaining(RAND_POOL *pool);
+
+int rand_pool_add(RAND_POOL *pool,
+                  const unsigned char *buffer, size_t len, size_t entropy);
+unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len);
+int rand_pool_add_end(RAND_POOL *pool, size_t len, size_t entropy);
+
+
+/*
+ * Add random bytes to the pool to acquire requested amount of entropy
+ *
+ * This function is platform specific and tries to acquire the requested
+ * amount of entropy by polling platform specific entropy sources.
+ *
+ * If the function succeeds in acquiring at least |entropy_requested| bits
+ * of entropy, the total entropy count is returned. If it fails, it returns
+ * an entropy count of 0.
+ */
+size_t rand_pool_acquire_entropy(RAND_POOL *pool);
+
+/*
+ * Add some application specific nonce data
+ *
+ * This function is platform specific and adds some application specific
+ * data to the nonce used for instantiating the drbg.
+ *
+ * This data currently consists of the process and thread id, and a high
+ * resolution timestamp. The data does not include an atomic counter,
+ * because that is added by the calling function rand_drbg_get_nonce().
+ *
+ * Returns 1 on success and 0 on failure.
+ */
+int rand_pool_add_nonce_data(RAND_POOL *pool);
+
+
+/*
+ * Add some platform specific additional data
+ *
+ * This function is platform specific and adds some random noise to the
+ * additional data used for generating random bytes and for reseeding
+ * the drbg.
+ *
+ * Returns 1 on success and 0 on failure.
+ */
+int rand_pool_add_additional_data(RAND_POOL *pool);
+
+/*
+ * Initialise the random pool reseeding sources.
+ *
+ * Returns 1 on success and 0 on failure.
+ */
+int rand_pool_init(void);
+
+/*
+ * Finalise the random pool reseeding sources.
+ */
+void rand_pool_cleanup(void);
+
+/*
+ * Control the random pool use of open file descriptors.
+ */
+void rand_pool_keep_random_devices_open(int keep);
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/sha.h b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/sha.h
new file mode 100644
index 000000000..458a75e89
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/sha.h
@@ -0,0 +1,19 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2018, Oracle and/or its affiliates.  All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_INTERNAL_SHA_H
+# define HEADER_INTERNAL_SHA_H
+
+# include <openssl/opensslconf.h>
+
+int sha512_224_init(SHA512_CTX *);
+int sha512_256_init(SHA512_CTX *);
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/siphash.h b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/siphash.h
new file mode 100644
index 000000000..9573680f0
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/siphash.h
@@ -0,0 +1,25 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stddef.h>
+
+#define SIPHASH_BLOCK_SIZE        8
+#define SIPHASH_KEY_SIZE         16
+#define SIPHASH_MIN_DIGEST_SIZE   8
+#define SIPHASH_MAX_DIGEST_SIZE  16
+
+typedef struct siphash_st SIPHASH;
+
+size_t SipHash_ctx_size(void);
+size_t SipHash_hash_size(SIPHASH *ctx);
+int SipHash_set_hash_size(SIPHASH *ctx, size_t hash_size);
+int SipHash_Init(SIPHASH *ctx, const unsigned char *k,
+                 int crounds, int drounds);
+void SipHash_Update(SIPHASH *ctx, const unsigned char *in, size_t inlen);
+int SipHash_Final(SIPHASH *ctx, unsigned char *out, size_t outlen);
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/sm2.h b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/sm2.h
new file mode 100644
index 000000000..5c5cd4b4f
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/sm2.h
@@ -0,0 +1,78 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ * Ported from Ribose contributions from Botan.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_SM2_H
+# define HEADER_SM2_H
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_SM2
+
+#  include <openssl/ec.h>
+
+/* The default user id as specified in GM/T 0009-2012 */
+#  define SM2_DEFAULT_USERID "1234567812345678"
+
+int sm2_compute_z_digest(uint8_t *out,
+                         const EVP_MD *digest,
+                         const uint8_t *id,
+                         const size_t id_len,
+                         const EC_KEY *key);
+
+/*
+ * SM2 signature operation. Computes Z and then signs H(Z || msg) using SM2
+ */
+ECDSA_SIG *sm2_do_sign(const EC_KEY *key,
+                       const EVP_MD *digest,
+                       const uint8_t *id,
+                       const size_t id_len,
+                       const uint8_t *msg, size_t msg_len);
+
+int sm2_do_verify(const EC_KEY *key,
+                  const EVP_MD *digest,
+                  const ECDSA_SIG *signature,
+                  const uint8_t *id,
+                  const size_t id_len,
+                  const uint8_t *msg, size_t msg_len);
+
+/*
+ * SM2 signature generation.
+ */
+int sm2_sign(const unsigned char *dgst, int dgstlen,
+             unsigned char *sig, unsigned int *siglen, EC_KEY *eckey);
+
+/*
+ * SM2 signature verification.
+ */
+int sm2_verify(const unsigned char *dgst, int dgstlen,
+               const unsigned char *sig, int siglen, EC_KEY *eckey);
+
+/*
+ * SM2 encryption
+ */
+int sm2_ciphertext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len,
+                        size_t *ct_size);
+
+int sm2_plaintext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len,
+                       size_t *pt_size);
+
+int sm2_encrypt(const EC_KEY *key,
+                const EVP_MD *digest,
+                const uint8_t *msg,
+                size_t msg_len,
+                uint8_t *ciphertext_buf, size_t *ciphertext_len);
+
+int sm2_decrypt(const EC_KEY *key,
+                const EVP_MD *digest,
+                const uint8_t *ciphertext,
+                size_t ciphertext_len, uint8_t *ptext_buf, size_t *ptext_len);
+
+# endif /* OPENSSL_NO_SM2 */
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/sm2err.h b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/sm2err.h
new file mode 100644
index 000000000..a4db1b73d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/sm2err.h
@@ -0,0 +1,61 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_SM2ERR_H
+# define HEADER_SM2ERR_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_SM2
+
+#  ifdef  __cplusplus
+extern "C"
+#  endif
+int ERR_load_SM2_strings(void);
+
+/*
+ * SM2 function codes.
+ */
+#  define SM2_F_PKEY_SM2_COPY                              115
+#  define SM2_F_PKEY_SM2_CTRL                              109
+#  define SM2_F_PKEY_SM2_CTRL_STR                          110
+#  define SM2_F_PKEY_SM2_DIGEST_CUSTOM                     114
+#  define SM2_F_PKEY_SM2_INIT                              111
+#  define SM2_F_PKEY_SM2_SIGN                              112
+#  define SM2_F_SM2_COMPUTE_MSG_HASH                       100
+#  define SM2_F_SM2_COMPUTE_USERID_DIGEST                  101
+#  define SM2_F_SM2_COMPUTE_Z_DIGEST                       113
+#  define SM2_F_SM2_DECRYPT                                102
+#  define SM2_F_SM2_ENCRYPT                                103
+#  define SM2_F_SM2_PLAINTEXT_SIZE                         104
+#  define SM2_F_SM2_SIGN                                   105
+#  define SM2_F_SM2_SIG_GEN                                106
+#  define SM2_F_SM2_SIG_VERIFY                             107
+#  define SM2_F_SM2_VERIFY                                 108
+
+/*
+ * SM2 reason codes.
+ */
+#  define SM2_R_ASN1_ERROR                                 100
+#  define SM2_R_BAD_SIGNATURE                              101
+#  define SM2_R_BUFFER_TOO_SMALL                           107
+#  define SM2_R_DIST_ID_TOO_LARGE                          110
+#  define SM2_R_ID_NOT_SET                                 112
+#  define SM2_R_ID_TOO_LARGE                               111
+#  define SM2_R_INVALID_CURVE                              108
+#  define SM2_R_INVALID_DIGEST                             102
+#  define SM2_R_INVALID_DIGEST_TYPE                        103
+#  define SM2_R_INVALID_ENCODING                           104
+#  define SM2_R_INVALID_FIELD                              105
+#  define SM2_R_NO_PARAMETERS_SET                          109
+#  define SM2_R_USER_ID_TOO_LARGE                          106
+
+# endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/sm3.h b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/sm3.h
new file mode 100644
index 000000000..27eb471c2
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/sm3.h
@@ -0,0 +1,39 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_SM3_H
+# define HEADER_SM3_H
+
+# include <openssl/opensslconf.h>
+
+# ifdef OPENSSL_NO_SM3
+#  error SM3 is disabled.
+# endif
+
+# define SM3_DIGEST_LENGTH 32
+# define SM3_WORD unsigned int
+
+# define SM3_CBLOCK      64
+# define SM3_LBLOCK      (SM3_CBLOCK/4)
+
+typedef struct SM3state_st {
+   SM3_WORD A, B, C, D, E, F, G, H;
+   SM3_WORD Nl, Nh;
+   SM3_WORD data[SM3_LBLOCK];
+   unsigned int num;
+} SM3_CTX;
+
+int sm3_init(SM3_CTX *c);
+int sm3_update(SM3_CTX *c, const void *data, size_t len);
+int sm3_final(unsigned char *md, SM3_CTX *c);
+
+void sm3_block_data_order(SM3_CTX *c, const void *p, size_t num);
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/sm4.h b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/sm4.h
new file mode 100644
index 000000000..f1f157ef5
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/sm4.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_SM4_H
+# define HEADER_SM4_H
+
+# include <openssl/opensslconf.h>
+# include <openssl/e_os2.h>
+
+# ifdef OPENSSL_NO_SM4
+#  error SM4 is disabled.
+# endif
+
+# define SM4_ENCRYPT     1
+# define SM4_DECRYPT     0
+
+# define SM4_BLOCK_SIZE    16
+# define SM4_KEY_SCHEDULE  32
+
+typedef struct SM4_KEY_st {
+    uint32_t rk[SM4_KEY_SCHEDULE];
+} SM4_KEY;
+
+int SM4_set_key(const uint8_t *key, SM4_KEY *ks);
+
+void SM4_encrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks);
+
+void SM4_decrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks);
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/store.h b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/store.h
new file mode 100644
index 000000000..f5013dc36
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/store.h
@@ -0,0 +1,10 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+void ossl_store_cleanup_int(void);
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/store_int.h b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/store_int.h
new file mode 100644
index 000000000..6f31e019e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/store_int.h
@@ -0,0 +1,26 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_STORE_INT_H
+# define HEADER_STORE_INT_H
+
+# include <openssl/bio.h>
+# include <openssl/store.h>
+# include <openssl/ui.h>
+
+/*
+ * Two functions to read PEM data off an already opened BIO.  To be used
+ * instead of OSSLSTORE_open() and OSSLSTORE_close().  Everything is done
+ * as usual with OSSLSTORE_load() and OSSLSTORE_eof().
+ */
+OSSL_STORE_CTX *ossl_store_attach_pem_bio(BIO *bp, const UI_METHOD *ui_method,
+                                          void *ui_data);
+int ossl_store_detach_pem_bio(OSSL_STORE_CTX *ctx);
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/x509_int.h b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/x509_int.h
new file mode 100644
index 000000000..b53c2b03c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/x509_int.h
@@ -0,0 +1,286 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/refcount.h"
+
+/* Internal X509 structures and functions: not for application use */
+
+/* Note: unless otherwise stated a field pointer is mandatory and should
+ * never be set to NULL: the ASN.1 code and accessors rely on mandatory
+ * fields never being NULL.
+ */
+
+/*
+ * name entry structure, equivalent to AttributeTypeAndValue defined
+ * in RFC5280 et al.
+ */
+struct X509_name_entry_st {
+    ASN1_OBJECT *object;        /* AttributeType */
+    ASN1_STRING *value;         /* AttributeValue */
+    int set;                    /* index of RDNSequence for this entry */
+    int size;                   /* temp variable */
+};
+
+/* Name from RFC 5280. */
+struct X509_name_st {
+    STACK_OF(X509_NAME_ENTRY) *entries; /* DN components */
+    int modified;               /* true if 'bytes' needs to be built */
+    BUF_MEM *bytes;             /* cached encoding: cannot be NULL */
+    /* canonical encoding used for rapid Name comparison */
+    unsigned char *canon_enc;
+    int canon_enclen;
+} /* X509_NAME */ ;
+
+/* Signature info structure */
+
+struct x509_sig_info_st {
+    /* NID of message digest */
+    int mdnid;
+    /* NID of public key algorithm */
+    int pknid;
+    /* Security bits */
+    int secbits;
+    /* Various flags */
+    uint32_t flags;
+};
+
+/* PKCS#10 certificate request */
+
+struct X509_req_info_st {
+    ASN1_ENCODING enc;          /* cached encoding of signed part */
+    ASN1_INTEGER *version;      /* version, defaults to v1(0) so can be NULL */
+    X509_NAME *subject;         /* certificate request DN */
+    X509_PUBKEY *pubkey;        /* public key of request */
+    /*
+     * Zero or more attributes.
+     * NB: although attributes is a mandatory field some broken
+     * encodings omit it so this may be NULL in that case.
+     */
+    STACK_OF(X509_ATTRIBUTE) *attributes;
+};
+
+struct X509_req_st {
+    X509_REQ_INFO req_info;     /* signed certificate request data */
+    X509_ALGOR sig_alg;         /* signature algorithm */
+    ASN1_BIT_STRING *signature; /* signature */
+    CRYPTO_REF_COUNT references;
+    CRYPTO_RWLOCK *lock;
+};
+
+struct X509_crl_info_st {
+    ASN1_INTEGER *version;      /* version: defaults to v1(0) so may be NULL */
+    X509_ALGOR sig_alg;         /* signature algorithm */
+    X509_NAME *issuer;          /* CRL issuer name */
+    ASN1_TIME *lastUpdate;      /* lastUpdate field */
+    ASN1_TIME *nextUpdate;      /* nextUpdate field: optional */
+    STACK_OF(X509_REVOKED) *revoked;        /* revoked entries: optional */
+    STACK_OF(X509_EXTENSION) *extensions;   /* extensions: optional */
+    ASN1_ENCODING enc;                      /* encoding of signed portion of CRL */
+};
+
+struct X509_crl_st {
+    X509_CRL_INFO crl;          /* signed CRL data */
+    X509_ALGOR sig_alg;         /* CRL signature algorithm */
+    ASN1_BIT_STRING signature;  /* CRL signature */
+    CRYPTO_REF_COUNT references;
+    int flags;
+    /*
+     * Cached copies of decoded extension values, since extensions
+     * are optional any of these can be NULL.
+     */
+    AUTHORITY_KEYID *akid;
+    ISSUING_DIST_POINT *idp;
+    /* Convenient breakdown of IDP */
+    int idp_flags;
+    int idp_reasons;
+    /* CRL and base CRL numbers for delta processing */
+    ASN1_INTEGER *crl_number;
+    ASN1_INTEGER *base_crl_number;
+    STACK_OF(GENERAL_NAMES) *issuers;
+    /* hash of CRL */
+    unsigned char sha1_hash[SHA_DIGEST_LENGTH];
+    /* alternative method to handle this CRL */
+    const X509_CRL_METHOD *meth;
+    void *meth_data;
+    CRYPTO_RWLOCK *lock;
+};
+
+struct x509_revoked_st {
+    ASN1_INTEGER serialNumber; /* revoked entry serial number */
+    ASN1_TIME *revocationDate;  /* revocation date */
+    STACK_OF(X509_EXTENSION) *extensions;   /* CRL entry extensions: optional */
+    /* decoded value of CRLissuer extension: set if indirect CRL */
+    STACK_OF(GENERAL_NAME) *issuer;
+    /* revocation reason: set to CRL_REASON_NONE if reason extension absent */
+    int reason;
+    /*
+     * CRL entries are reordered for faster lookup of serial numbers. This
+     * field contains the original load sequence for this entry.
+     */
+    int sequence;
+};
+
+/*
+ * This stuff is certificate "auxiliary info": it contains details which are
+ * useful in certificate stores and databases. When used this is tagged onto
+ * the end of the certificate itself. OpenSSL specific structure not defined
+ * in any RFC.
+ */
+
+struct x509_cert_aux_st {
+    STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */
+    STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */
+    ASN1_UTF8STRING *alias;     /* "friendly name" */
+    ASN1_OCTET_STRING *keyid;   /* key id of private key */
+    STACK_OF(X509_ALGOR) *other; /* other unspecified info */
+};
+
+struct x509_cinf_st {
+    ASN1_INTEGER *version;      /* [ 0 ] default of v1 */
+    ASN1_INTEGER serialNumber;
+    X509_ALGOR signature;
+    X509_NAME *issuer;
+    X509_VAL validity;
+    X509_NAME *subject;
+    X509_PUBKEY *key;
+    ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */
+    ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */
+    STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */
+    ASN1_ENCODING enc;
+};
+
+struct x509_st {
+    X509_CINF cert_info;
+    X509_ALGOR sig_alg;
+    ASN1_BIT_STRING signature;
+    X509_SIG_INFO siginf;
+    CRYPTO_REF_COUNT references;
+    CRYPTO_EX_DATA ex_data;
+    /* These contain copies of various extension values */
+    long ex_pathlen;
+    long ex_pcpathlen;
+    uint32_t ex_flags;
+    uint32_t ex_kusage;
+    uint32_t ex_xkusage;
+    uint32_t ex_nscert;
+    ASN1_OCTET_STRING *skid;
+    AUTHORITY_KEYID *akid;
+    X509_POLICY_CACHE *policy_cache;
+    STACK_OF(DIST_POINT) *crldp;
+    STACK_OF(GENERAL_NAME) *altname;
+    NAME_CONSTRAINTS *nc;
+#ifndef OPENSSL_NO_RFC3779
+    STACK_OF(IPAddressFamily) *rfc3779_addr;
+    struct ASIdentifiers_st *rfc3779_asid;
+# endif
+    unsigned char sha1_hash[SHA_DIGEST_LENGTH];
+    X509_CERT_AUX *aux;
+    CRYPTO_RWLOCK *lock;
+    volatile int ex_cached;
+} /* X509 */ ;
+
+/*
+ * This is a used when verifying cert chains.  Since the gathering of the
+ * cert chain can take some time (and have to be 'retried', this needs to be
+ * kept and passed around.
+ */
+struct x509_store_ctx_st {      /* X509_STORE_CTX */
+    X509_STORE *ctx;
+    /* The following are set by the caller */
+    /* The cert to check */
+    X509 *cert;
+    /* chain of X509s - untrusted - passed in */
+    STACK_OF(X509) *untrusted;
+    /* set of CRLs passed in */
+    STACK_OF(X509_CRL) *crls;
+    X509_VERIFY_PARAM *param;
+    /* Other info for use with get_issuer() */
+    void *other_ctx;
+    /* Callbacks for various operations */
+    /* called to verify a certificate */
+    int (*verify) (X509_STORE_CTX *ctx);
+    /* error callback */
+    int (*verify_cb) (int ok, X509_STORE_CTX *ctx);
+    /* get issuers cert from ctx */
+    int (*get_issuer) (X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
+    /* check issued */
+    int (*check_issued) (X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
+    /* Check revocation status of chain */
+    int (*check_revocation) (X509_STORE_CTX *ctx);
+    /* retrieve CRL */
+    int (*get_crl) (X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x);
+    /* Check CRL validity */
+    int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl);
+    /* Check certificate against CRL */
+    int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x);
+    /* Check policy status of the chain */
+    int (*check_policy) (X509_STORE_CTX *ctx);
+    STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm);
+    STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm);
+    int (*cleanup) (X509_STORE_CTX *ctx);
+    /* The following is built up */
+    /* if 0, rebuild chain */
+    int valid;
+    /* number of untrusted certs */
+    int num_untrusted;
+    /* chain of X509s - built up and trusted */
+    STACK_OF(X509) *chain;
+    /* Valid policy tree */
+    X509_POLICY_TREE *tree;
+    /* Require explicit policy value */
+    int explicit_policy;
+    /* When something goes wrong, this is why */
+    int error_depth;
+    int error;
+    X509 *current_cert;
+    /* cert currently being tested as valid issuer */
+    X509 *current_issuer;
+    /* current CRL */
+    X509_CRL *current_crl;
+    /* score of current CRL */
+    int current_crl_score;
+    /* Reason mask */
+    unsigned int current_reasons;
+    /* For CRL path validation: parent context */
+    X509_STORE_CTX *parent;
+    CRYPTO_EX_DATA ex_data;
+    SSL_DANE *dane;
+    /* signed via bare TA public key, rather than CA certificate */
+    int bare_ta_signed;
+};
+
+/* PKCS#8 private key info structure */
+
+struct pkcs8_priv_key_info_st {
+    ASN1_INTEGER *version;
+    X509_ALGOR *pkeyalg;
+    ASN1_OCTET_STRING *pkey;
+    STACK_OF(X509_ATTRIBUTE) *attributes;
+};
+
+struct X509_sig_st {
+    X509_ALGOR *algor;
+    ASN1_OCTET_STRING *digest;
+};
+
+struct x509_object_st {
+    /* one of the above types */
+    X509_LOOKUP_TYPE type;
+    union {
+        char *ptr;
+        X509 *x509;
+        X509_CRL *crl;
+        EVP_PKEY *pkey;
+    } data;
+};
+
+int a2i_ipadd(unsigned char *ipout, const char *ipasc);
+int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm);
+
+void x509_init_sig_info(X509 *x);
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/init.c b/trunk/3rdparty/openssl-1.1-fit/crypto/init.c
new file mode 100644
index 000000000..b9a7334a7
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/init.c
@@ -0,0 +1,854 @@
+/*
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include "internal/cryptlib_int.h"
+#include <openssl/err.h>
+#include "internal/rand_int.h"
+#include "internal/bio.h"
+#include <openssl/evp.h>
+#include "internal/evp_int.h"
+#include "internal/conf.h"
+#include "internal/async.h"
+#include "internal/engine.h"
+#include "internal/comp.h"
+#include "internal/err.h"
+#include "internal/err_int.h"
+#include "internal/objects.h"
+#include <stdlib.h>
+#include <assert.h>
+#include "internal/thread_once.h"
+#include "internal/dso_conf.h"
+#include "internal/dso.h"
+#include "internal/store.h"
+
+static int stopped = 0;
+
+/*
+ * Since per-thread-specific-data destructors are not universally
+ * available, i.e. not on Windows, only below CRYPTO_THREAD_LOCAL key
+ * is assumed to have destructor associated. And then an effort is made
+ * to call this single destructor on non-pthread platform[s].
+ *
+ * Initial value is "impossible". It is used as guard value to shortcut
+ * destructor for threads terminating before libcrypto is initialized or
+ * after it's de-initialized. Access to the key doesn't have to be
+ * serialized for the said threads, because they didn't use libcrypto
+ * and it doesn't matter if they pick "impossible" or derefernce real
+ * key value and pull NULL past initialization in the first thread that
+ * intends to use libcrypto.
+ */
+static union {
+    long sane;
+    CRYPTO_THREAD_LOCAL value;
+} destructor_key = { -1 };
+
+static void ossl_init_thread_stop(struct thread_local_inits_st *locals);
+
+static void ossl_init_thread_destructor(void *local)
+{
+    ossl_init_thread_stop((struct thread_local_inits_st *)local);
+}
+
+static struct thread_local_inits_st *ossl_init_get_thread_local(int alloc)
+{
+    struct thread_local_inits_st *local =
+        CRYPTO_THREAD_get_local(&destructor_key.value);
+
+    if (alloc) {
+        if (local == NULL
+            && (local = OPENSSL_zalloc(sizeof(*local))) != NULL
+            && !CRYPTO_THREAD_set_local(&destructor_key.value, local)) {
+            OPENSSL_free(local);
+            return NULL;
+        }
+    } else {
+        CRYPTO_THREAD_set_local(&destructor_key.value, NULL);
+    }
+
+    return local;
+}
+
+typedef struct ossl_init_stop_st OPENSSL_INIT_STOP;
+struct ossl_init_stop_st {
+    void (*handler)(void);
+    OPENSSL_INIT_STOP *next;
+};
+
+static OPENSSL_INIT_STOP *stop_handlers = NULL;
+static CRYPTO_RWLOCK *init_lock = NULL;
+
+static CRYPTO_ONCE base = CRYPTO_ONCE_STATIC_INIT;
+static int base_inited = 0;
+DEFINE_RUN_ONCE_STATIC(ossl_init_base)
+{
+    CRYPTO_THREAD_LOCAL key;
+
+#ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_base: Setting up stop handlers\n");
+#endif
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    ossl_malloc_setup_failures();
+#endif
+    if (!CRYPTO_THREAD_init_local(&key, ossl_init_thread_destructor))
+        return 0;
+    if ((init_lock = CRYPTO_THREAD_lock_new()) == NULL)
+        goto err;
+    OPENSSL_cpuid_setup();
+
+    destructor_key.value = key;
+    base_inited = 1;
+    return 1;
+
+err:
+#ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_base not ok!\n");
+#endif
+    CRYPTO_THREAD_lock_free(init_lock);
+    init_lock = NULL;
+
+    CRYPTO_THREAD_cleanup_local(&key);
+    return 0;
+}
+
+static CRYPTO_ONCE register_atexit = CRYPTO_ONCE_STATIC_INIT;
+#if !defined(OPENSSL_SYS_UEFI) && defined(_WIN32)
+static int win32atexit(void)
+{
+    OPENSSL_cleanup();
+    return 0;
+}
+#endif
+
+DEFINE_RUN_ONCE_STATIC(ossl_init_register_atexit)
+{
+#ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_register_atexit()\n");
+#endif
+#ifndef OPENSSL_SYS_UEFI
+# ifdef _WIN32
+    /* We use _onexit() in preference because it gets called on DLL unload */
+    if (_onexit(win32atexit) == NULL)
+        return 0;
+# else
+    if (atexit(OPENSSL_cleanup) != 0)
+        return 0;
+# endif
+#endif
+
+    return 1;
+}
+
+DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_register_atexit,
+                           ossl_init_register_atexit)
+{
+#ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_no_register_atexit ok!\n");
+#endif
+    /* Do nothing in this case */
+    return 1;
+}
+
+static CRYPTO_ONCE load_crypto_nodelete = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_nodelete)
+{
+#ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_load_crypto_nodelete()\n");
+#endif
+#if !defined(OPENSSL_NO_DSO) \
+    && !defined(OPENSSL_USE_NODELETE) \
+    && !defined(OPENSSL_NO_PINSHARED)
+# ifdef DSO_WIN32
+    {
+        HMODULE handle = NULL;
+        BOOL ret;
+
+        /* We don't use the DSO route for WIN32 because there is a better way */
+        ret = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS
+                                | GET_MODULE_HANDLE_EX_FLAG_PIN,
+                                (void *)&base_inited, &handle);
+
+#  ifdef OPENSSL_INIT_DEBUG
+        fprintf(stderr, "OPENSSL_INIT: obtained DSO reference? %s\n",
+                (ret == TRUE ? "No!" : "Yes."));
+#  endif
+        return (ret == TRUE) ? 1 : 0;
+    }
+# else
+    /*
+     * Deliberately leak a reference to ourselves. This will force the library
+     * to remain loaded until the atexit() handler is run at process exit.
+     */
+    {
+        DSO *dso;
+        void *err;
+
+        if (!err_shelve_state(&err))
+            return 0;
+
+        dso = DSO_dsobyaddr(&base_inited, DSO_FLAG_NO_UNLOAD_ON_FREE);
+#  ifdef OPENSSL_INIT_DEBUG
+        fprintf(stderr, "OPENSSL_INIT: obtained DSO reference? %s\n",
+                (dso == NULL ? "No!" : "Yes."));
+        /*
+         * In case of No!, it is uncertain our exit()-handlers can still be
+         * called. After dlclose() the whole library might have been unloaded
+         * already.
+         */
+#  endif
+        DSO_free(dso);
+        err_unshelve_state(err);
+    }
+# endif
+#endif
+
+    return 1;
+}
+
+static CRYPTO_ONCE load_crypto_strings = CRYPTO_ONCE_STATIC_INIT;
+static int load_crypto_strings_inited = 0;
+DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_strings)
+{
+    int ret = 1;
+    /*
+     * OPENSSL_NO_AUTOERRINIT is provided here to prevent at compile time
+     * pulling in all the error strings during static linking
+     */
+#if !defined(OPENSSL_NO_ERR) && !defined(OPENSSL_NO_AUTOERRINIT)
+# ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_load_crypto_strings: "
+                    "err_load_crypto_strings_int()\n");
+# endif
+    ret = err_load_crypto_strings_int();
+    load_crypto_strings_inited = 1;
+#endif
+    return ret;
+}
+
+DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_load_crypto_strings,
+                           ossl_init_load_crypto_strings)
+{
+    /* Do nothing in this case */
+    return 1;
+}
+
+static CRYPTO_ONCE add_all_ciphers = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_ciphers)
+{
+    /*
+     * OPENSSL_NO_AUTOALGINIT is provided here to prevent at compile time
+     * pulling in all the ciphers during static linking
+     */
+#ifndef OPENSSL_NO_AUTOALGINIT
+# ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_add_all_ciphers: "
+                    "openssl_add_all_ciphers_int()\n");
+# endif
+    openssl_add_all_ciphers_int();
+#endif
+    return 1;
+}
+
+DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_add_all_ciphers,
+                           ossl_init_add_all_ciphers)
+{
+    /* Do nothing */
+    return 1;
+}
+
+static CRYPTO_ONCE add_all_digests = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_digests)
+{
+    /*
+     * OPENSSL_NO_AUTOALGINIT is provided here to prevent at compile time
+     * pulling in all the ciphers during static linking
+     */
+#ifndef OPENSSL_NO_AUTOALGINIT
+# ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_add_all_digests: "
+                    "openssl_add_all_digests()\n");
+# endif
+    openssl_add_all_digests_int();
+#endif
+    return 1;
+}
+
+DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_add_all_digests,
+                           ossl_init_add_all_digests)
+{
+    /* Do nothing */
+    return 1;
+}
+
+static CRYPTO_ONCE config = CRYPTO_ONCE_STATIC_INIT;
+static int config_inited = 0;
+static const OPENSSL_INIT_SETTINGS *conf_settings = NULL;
+DEFINE_RUN_ONCE_STATIC(ossl_init_config)
+{
+    int ret = openssl_config_int(conf_settings);
+    config_inited = 1;
+    return ret;
+}
+DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_config, ossl_init_config)
+{
+#ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr,
+            "OPENSSL_INIT: ossl_init_config: openssl_no_config_int()\n");
+#endif
+    openssl_no_config_int();
+    config_inited = 1;
+    return 1;
+}
+
+static CRYPTO_ONCE async = CRYPTO_ONCE_STATIC_INIT;
+static int async_inited = 0;
+DEFINE_RUN_ONCE_STATIC(ossl_init_async)
+{
+#ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_async: async_init()\n");
+#endif
+    if (!async_init())
+        return 0;
+    async_inited = 1;
+    return 1;
+}
+
+#ifndef OPENSSL_NO_ENGINE
+static CRYPTO_ONCE engine_openssl = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(ossl_init_engine_openssl)
+{
+# ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_openssl: "
+                    "engine_load_openssl_int()\n");
+# endif
+    engine_load_openssl_int();
+    return 1;
+}
+# ifndef OPENSSL_NO_DEVCRYPTOENG
+static CRYPTO_ONCE engine_devcrypto = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(ossl_init_engine_devcrypto)
+{
+#  ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_devcrypto: "
+                    "engine_load_devcrypto_int()\n");
+#  endif
+    engine_load_devcrypto_int();
+    return 1;
+}
+# endif
+
+# ifndef OPENSSL_NO_RDRAND
+static CRYPTO_ONCE engine_rdrand = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(ossl_init_engine_rdrand)
+{
+#  ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_rdrand: "
+                    "engine_load_rdrand_int()\n");
+#  endif
+    engine_load_rdrand_int();
+    return 1;
+}
+# endif
+static CRYPTO_ONCE engine_dynamic = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(ossl_init_engine_dynamic)
+{
+# ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_dynamic: "
+                    "engine_load_dynamic_int()\n");
+# endif
+    engine_load_dynamic_int();
+    return 1;
+}
+# ifndef OPENSSL_NO_STATIC_ENGINE
+#  if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
+static CRYPTO_ONCE engine_padlock = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(ossl_init_engine_padlock)
+{
+#   ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_padlock: "
+                    "engine_load_padlock_int()\n");
+#   endif
+    engine_load_padlock_int();
+    return 1;
+}
+#  endif
+#  if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
+static CRYPTO_ONCE engine_capi = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(ossl_init_engine_capi)
+{
+#   ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_capi: "
+                    "engine_load_capi_int()\n");
+#   endif
+    engine_load_capi_int();
+    return 1;
+}
+#  endif
+#  if !defined(OPENSSL_NO_AFALGENG)
+static CRYPTO_ONCE engine_afalg = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(ossl_init_engine_afalg)
+{
+#   ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_afalg: "
+                    "engine_load_afalg_int()\n");
+#   endif
+    engine_load_afalg_int();
+    return 1;
+}
+#  endif
+# endif
+#endif
+
+#ifndef OPENSSL_NO_COMP
+static CRYPTO_ONCE zlib = CRYPTO_ONCE_STATIC_INIT;
+
+static int zlib_inited = 0;
+DEFINE_RUN_ONCE_STATIC(ossl_init_zlib)
+{
+    /* Do nothing - we need to know about this for the later cleanup */
+    zlib_inited = 1;
+    return 1;
+}
+#endif
+
+static void ossl_init_thread_stop(struct thread_local_inits_st *locals)
+{
+    /* Can't do much about this */
+    if (locals == NULL)
+        return;
+
+    if (locals->async) {
+#ifdef OPENSSL_INIT_DEBUG
+        fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: "
+                        "async_delete_thread_state()\n");
+#endif
+        async_delete_thread_state();
+    }
+
+    if (locals->err_state) {
+#ifdef OPENSSL_INIT_DEBUG
+        fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: "
+                        "err_delete_thread_state()\n");
+#endif
+        err_delete_thread_state();
+    }
+
+    if (locals->rand) {
+#ifdef OPENSSL_INIT_DEBUG
+        fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: "
+                        "drbg_delete_thread_state()\n");
+#endif
+        drbg_delete_thread_state();
+    }
+
+    OPENSSL_free(locals);
+}
+
+void OPENSSL_thread_stop(void)
+{
+    if (destructor_key.sane != -1)
+        ossl_init_thread_stop(ossl_init_get_thread_local(0));
+}
+
+int ossl_init_thread_start(uint64_t opts)
+{
+    struct thread_local_inits_st *locals;
+
+    if (!OPENSSL_init_crypto(0, NULL))
+        return 0;
+
+    locals = ossl_init_get_thread_local(1);
+
+    if (locals == NULL)
+        return 0;
+
+    if (opts & OPENSSL_INIT_THREAD_ASYNC) {
+#ifdef OPENSSL_INIT_DEBUG
+        fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_start: "
+                        "marking thread for async\n");
+#endif
+        locals->async = 1;
+    }
+
+    if (opts & OPENSSL_INIT_THREAD_ERR_STATE) {
+#ifdef OPENSSL_INIT_DEBUG
+        fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_start: "
+                        "marking thread for err_state\n");
+#endif
+        locals->err_state = 1;
+    }
+
+    if (opts & OPENSSL_INIT_THREAD_RAND) {
+#ifdef OPENSSL_INIT_DEBUG
+        fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_start: "
+                        "marking thread for rand\n");
+#endif
+        locals->rand = 1;
+    }
+
+    return 1;
+}
+
+void OPENSSL_cleanup(void)
+{
+    OPENSSL_INIT_STOP *currhandler, *lasthandler;
+    CRYPTO_THREAD_LOCAL key;
+
+    /* If we've not been inited then no need to deinit */
+    if (!base_inited)
+        return;
+
+    /* Might be explicitly called and also by atexit */
+    if (stopped)
+        return;
+    stopped = 1;
+
+    /*
+     * Thread stop may not get automatically called by the thread library for
+     * the very last thread in some situations, so call it directly.
+     */
+    ossl_init_thread_stop(ossl_init_get_thread_local(0));
+
+    currhandler = stop_handlers;
+    while (currhandler != NULL) {
+        currhandler->handler();
+        lasthandler = currhandler;
+        currhandler = currhandler->next;
+        OPENSSL_free(lasthandler);
+    }
+    stop_handlers = NULL;
+
+    CRYPTO_THREAD_lock_free(init_lock);
+    init_lock = NULL;
+
+    /*
+     * We assume we are single-threaded for this function, i.e. no race
+     * conditions for the various "*_inited" vars below.
+     */
+
+#ifndef OPENSSL_NO_COMP
+    if (zlib_inited) {
+#ifdef OPENSSL_INIT_DEBUG
+        fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
+                        "comp_zlib_cleanup_int()\n");
+#endif
+        comp_zlib_cleanup_int();
+    }
+#endif
+
+    if (async_inited) {
+# ifdef OPENSSL_INIT_DEBUG
+        fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
+                        "async_deinit()\n");
+# endif
+        async_deinit();
+    }
+
+    if (load_crypto_strings_inited) {
+#ifdef OPENSSL_INIT_DEBUG
+        fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
+                        "err_free_strings_int()\n");
+#endif
+        err_free_strings_int();
+    }
+
+    key = destructor_key.value;
+    destructor_key.sane = -1;
+    CRYPTO_THREAD_cleanup_local(&key);
+
+#ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
+                    "rand_cleanup_int()\n");
+    fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
+                    "conf_modules_free_int()\n");
+#ifndef OPENSSL_NO_ENGINE
+    fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
+                    "engine_cleanup_int()\n");
+#endif
+    fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
+                    "crypto_cleanup_all_ex_data_int()\n");
+    fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
+                    "bio_sock_cleanup_int()\n");
+    fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
+                    "bio_cleanup()\n");
+    fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
+                    "evp_cleanup_int()\n");
+    fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
+                    "obj_cleanup_int()\n");
+    fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
+                    "err_cleanup()\n");
+#endif
+    /*
+     * Note that cleanup order is important:
+     * - rand_cleanup_int could call an ENGINE's RAND cleanup function so
+     * must be called before engine_cleanup_int()
+     * - ENGINEs use CRYPTO_EX_DATA and therefore, must be cleaned up
+     * before the ex data handlers are wiped in CRYPTO_cleanup_all_ex_data().
+     * - conf_modules_free_int() can end up in ENGINE code so must be called
+     * before engine_cleanup_int()
+     * - ENGINEs and additional EVP algorithms might use added OIDs names so
+     * obj_cleanup_int() must be called last
+     */
+    rand_cleanup_int();
+    rand_drbg_cleanup_int();
+    conf_modules_free_int();
+#ifndef OPENSSL_NO_ENGINE
+    engine_cleanup_int();
+#endif
+    ossl_store_cleanup_int();
+    crypto_cleanup_all_ex_data_int();
+    bio_cleanup();
+    evp_cleanup_int();
+    obj_cleanup_int();
+    err_cleanup();
+
+    CRYPTO_secure_malloc_done();
+
+    base_inited = 0;
+}
+
+/*
+ * If this function is called with a non NULL settings value then it must be
+ * called prior to any threads making calls to any OpenSSL functions,
+ * i.e. passing a non-null settings value is assumed to be single-threaded.
+ */
+int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
+{
+    if (stopped) {
+        if (!(opts & OPENSSL_INIT_BASE_ONLY))
+            CRYPTOerr(CRYPTO_F_OPENSSL_INIT_CRYPTO, ERR_R_INIT_FAIL);
+        return 0;
+    }
+
+    /*
+     * When the caller specifies OPENSSL_INIT_BASE_ONLY, that should be the
+     * *only* option specified.  With that option we return immediately after
+     * doing the requested limited initialization.  Note that
+     * err_shelve_state() called by us via ossl_init_load_crypto_nodelete()
+     * re-enters OPENSSL_init_crypto() with OPENSSL_INIT_BASE_ONLY, but with
+     * base already initialized this is a harmless NOOP.
+     *
+     * If we remain the only caller of err_shelve_state() the recursion should
+     * perhaps be removed, but if in doubt, it can be left in place.
+     */
+    if (!RUN_ONCE(&base, ossl_init_base))
+        return 0;
+    if (opts & OPENSSL_INIT_BASE_ONLY)
+        return 1;
+
+    /*
+     * Now we don't always set up exit handlers, the INIT_BASE_ONLY calls
+     * should not have the side-effect of setting up exit handlers, and
+     * therefore, this code block is below the INIT_BASE_ONLY-conditioned early
+     * return above.
+     */
+    if ((opts & OPENSSL_INIT_NO_ATEXIT) != 0) {
+        if (!RUN_ONCE_ALT(&register_atexit, ossl_init_no_register_atexit,
+                          ossl_init_register_atexit))
+            return 0;
+    } else if (!RUN_ONCE(&register_atexit, ossl_init_register_atexit)) {
+        return 0;
+    }
+
+    if (!RUN_ONCE(&load_crypto_nodelete, ossl_init_load_crypto_nodelete))
+        return 0;
+
+    if ((opts & OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS)
+            && !RUN_ONCE_ALT(&load_crypto_strings,
+                             ossl_init_no_load_crypto_strings,
+                             ossl_init_load_crypto_strings))
+        return 0;
+
+    if ((opts & OPENSSL_INIT_LOAD_CRYPTO_STRINGS)
+            && !RUN_ONCE(&load_crypto_strings, ossl_init_load_crypto_strings))
+        return 0;
+
+    if ((opts & OPENSSL_INIT_NO_ADD_ALL_CIPHERS)
+            && !RUN_ONCE_ALT(&add_all_ciphers, ossl_init_no_add_all_ciphers,
+                             ossl_init_add_all_ciphers))
+        return 0;
+
+    if ((opts & OPENSSL_INIT_ADD_ALL_CIPHERS)
+            && !RUN_ONCE(&add_all_ciphers, ossl_init_add_all_ciphers))
+        return 0;
+
+    if ((opts & OPENSSL_INIT_NO_ADD_ALL_DIGESTS)
+            && !RUN_ONCE_ALT(&add_all_digests, ossl_init_no_add_all_digests,
+                             ossl_init_add_all_digests))
+        return 0;
+
+    if ((opts & OPENSSL_INIT_ADD_ALL_DIGESTS)
+            && !RUN_ONCE(&add_all_digests, ossl_init_add_all_digests))
+        return 0;
+
+    if ((opts & OPENSSL_INIT_ATFORK)
+            && !openssl_init_fork_handlers())
+        return 0;
+
+    if ((opts & OPENSSL_INIT_NO_LOAD_CONFIG)
+            && !RUN_ONCE_ALT(&config, ossl_init_no_config, ossl_init_config))
+        return 0;
+
+    if (opts & OPENSSL_INIT_LOAD_CONFIG) {
+        int ret;
+        CRYPTO_THREAD_write_lock(init_lock);
+        conf_settings = settings;
+        ret = RUN_ONCE(&config, ossl_init_config);
+        conf_settings = NULL;
+        CRYPTO_THREAD_unlock(init_lock);
+        if (!ret)
+            return 0;
+    }
+
+    if ((opts & OPENSSL_INIT_ASYNC)
+            && !RUN_ONCE(&async, ossl_init_async))
+        return 0;
+
+#ifndef OPENSSL_NO_ENGINE
+    if ((opts & OPENSSL_INIT_ENGINE_OPENSSL)
+            && !RUN_ONCE(&engine_openssl, ossl_init_engine_openssl))
+        return 0;
+# if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_DEVCRYPTOENG)
+    if ((opts & OPENSSL_INIT_ENGINE_CRYPTODEV)
+            && !RUN_ONCE(&engine_devcrypto, ossl_init_engine_devcrypto))
+        return 0;
+# endif
+# ifndef OPENSSL_NO_RDRAND
+    if ((opts & OPENSSL_INIT_ENGINE_RDRAND)
+            && !RUN_ONCE(&engine_rdrand, ossl_init_engine_rdrand))
+        return 0;
+# endif
+    if ((opts & OPENSSL_INIT_ENGINE_DYNAMIC)
+            && !RUN_ONCE(&engine_dynamic, ossl_init_engine_dynamic))
+        return 0;
+# ifndef OPENSSL_NO_STATIC_ENGINE
+#  if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
+    if ((opts & OPENSSL_INIT_ENGINE_PADLOCK)
+            && !RUN_ONCE(&engine_padlock, ossl_init_engine_padlock))
+        return 0;
+#  endif
+#  if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
+    if ((opts & OPENSSL_INIT_ENGINE_CAPI)
+            && !RUN_ONCE(&engine_capi, ossl_init_engine_capi))
+        return 0;
+#  endif
+#  if !defined(OPENSSL_NO_AFALGENG)
+    if ((opts & OPENSSL_INIT_ENGINE_AFALG)
+            && !RUN_ONCE(&engine_afalg, ossl_init_engine_afalg))
+        return 0;
+#  endif
+# endif
+    if (opts & (OPENSSL_INIT_ENGINE_ALL_BUILTIN
+                | OPENSSL_INIT_ENGINE_OPENSSL
+                | OPENSSL_INIT_ENGINE_AFALG)) {
+        ENGINE_register_all_complete();
+    }
+#endif
+
+#ifndef OPENSSL_NO_COMP
+    if ((opts & OPENSSL_INIT_ZLIB)
+            && !RUN_ONCE(&zlib, ossl_init_zlib))
+        return 0;
+#endif
+
+    return 1;
+}
+
+int OPENSSL_atexit(void (*handler)(void))
+{
+    OPENSSL_INIT_STOP *newhand;
+
+#if !defined(OPENSSL_NO_DSO) \
+    && !defined(OPENSSL_USE_NODELETE)\
+    && !defined(OPENSSL_NO_PINSHARED)
+    {
+        union {
+            void *sym;
+            void (*func)(void);
+        } handlersym;
+
+        handlersym.func = handler;
+# ifdef DSO_WIN32
+        {
+            HMODULE handle = NULL;
+            BOOL ret;
+
+            /*
+             * We don't use the DSO route for WIN32 because there is a better
+             * way
+             */
+            ret = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS
+                                    | GET_MODULE_HANDLE_EX_FLAG_PIN,
+                                    handlersym.sym, &handle);
+
+            if (!ret)
+                return 0;
+        }
+# else
+        /*
+         * Deliberately leak a reference to the handler. This will force the
+         * library/code containing the handler to remain loaded until we run the
+         * atexit handler. If -znodelete has been used then this is
+         * unnecessary.
+         */
+        {
+            DSO *dso = NULL;
+
+            ERR_set_mark();
+            dso = DSO_dsobyaddr(handlersym.sym, DSO_FLAG_NO_UNLOAD_ON_FREE);
+#  ifdef OPENSSL_INIT_DEBUG
+            fprintf(stderr,
+                    "OPENSSL_INIT: OPENSSL_atexit: obtained DSO reference? %s\n",
+                    (dso == NULL ? "No!" : "Yes."));
+            /* See same code above in ossl_init_base() for an explanation. */
+#  endif
+            DSO_free(dso);
+            ERR_pop_to_mark();
+        }
+# endif
+    }
+#endif
+
+    if ((newhand = OPENSSL_malloc(sizeof(*newhand))) == NULL) {
+        CRYPTOerr(CRYPTO_F_OPENSSL_ATEXIT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    newhand->handler = handler;
+    newhand->next = stop_handlers;
+    stop_handlers = newhand;
+
+    return 1;
+}
+
+#ifdef OPENSSL_SYS_UNIX
+/*
+ * The following three functions are for OpenSSL developers.  This is
+ * where we set/reset state across fork (called via pthread_atfork when
+ * it exists, or manually by the application when it doesn't).
+ *
+ * WARNING!  If you put code in either OPENSSL_fork_parent or
+ * OPENSSL_fork_child, you MUST MAKE SURE that they are async-signal-
+ * safe.  See this link, for example:
+ *      http://man7.org/linux/man-pages/man7/signal-safety.7.html
+ */
+
+void OPENSSL_fork_prepare(void)
+{
+}
+
+void OPENSSL_fork_parent(void)
+{
+}
+
+void OPENSSL_fork_child(void)
+{
+    rand_fork();
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/kdf/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/kdf/build.info
new file mode 100644
index 000000000..c166399d0
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/kdf/build.info
@@ -0,0 +1,3 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        tls1_prf.c kdf_err.c hkdf.c scrypt.c
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/kdf/hkdf.c b/trunk/3rdparty/openssl-1.1-fit/crypto/kdf/hkdf.c
new file mode 100644
index 000000000..ae46fad60
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/kdf/hkdf.c
@@ -0,0 +1,352 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/hmac.h>
+#include <openssl/kdf.h>
+#include <openssl/evp.h>
+#include "internal/cryptlib.h"
+#include "internal/evp_int.h"
+
+#define HKDF_MAXBUF 1024
+
+static unsigned char *HKDF(const EVP_MD *evp_md,
+                           const unsigned char *salt, size_t salt_len,
+                           const unsigned char *key, size_t key_len,
+                           const unsigned char *info, size_t info_len,
+                           unsigned char *okm, size_t okm_len);
+
+static unsigned char *HKDF_Extract(const EVP_MD *evp_md,
+                                   const unsigned char *salt, size_t salt_len,
+                                   const unsigned char *key, size_t key_len,
+                                   unsigned char *prk, size_t *prk_len);
+
+static unsigned char *HKDF_Expand(const EVP_MD *evp_md,
+                                  const unsigned char *prk, size_t prk_len,
+                                  const unsigned char *info, size_t info_len,
+                                  unsigned char *okm, size_t okm_len);
+
+typedef struct {
+    int mode;
+    const EVP_MD *md;
+    unsigned char *salt;
+    size_t salt_len;
+    unsigned char *key;
+    size_t key_len;
+    unsigned char info[HKDF_MAXBUF];
+    size_t info_len;
+} HKDF_PKEY_CTX;
+
+static int pkey_hkdf_init(EVP_PKEY_CTX *ctx)
+{
+    HKDF_PKEY_CTX *kctx;
+
+    if ((kctx = OPENSSL_zalloc(sizeof(*kctx))) == NULL) {
+        KDFerr(KDF_F_PKEY_HKDF_INIT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    ctx->data = kctx;
+
+    return 1;
+}
+
+static void pkey_hkdf_cleanup(EVP_PKEY_CTX *ctx)
+{
+    HKDF_PKEY_CTX *kctx = ctx->data;
+    OPENSSL_clear_free(kctx->salt, kctx->salt_len);
+    OPENSSL_clear_free(kctx->key, kctx->key_len);
+    OPENSSL_cleanse(kctx->info, kctx->info_len);
+    OPENSSL_free(kctx);
+}
+
+static int pkey_hkdf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    HKDF_PKEY_CTX *kctx = ctx->data;
+
+    switch (type) {
+    case EVP_PKEY_CTRL_HKDF_MD:
+        if (p2 == NULL)
+            return 0;
+
+        kctx->md = p2;
+        return 1;
+
+    case EVP_PKEY_CTRL_HKDF_MODE:
+        kctx->mode = p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_HKDF_SALT:
+        if (p1 == 0 || p2 == NULL)
+            return 1;
+
+        if (p1 < 0)
+            return 0;
+
+        if (kctx->salt != NULL)
+            OPENSSL_clear_free(kctx->salt, kctx->salt_len);
+
+        kctx->salt = OPENSSL_memdup(p2, p1);
+        if (kctx->salt == NULL)
+            return 0;
+
+        kctx->salt_len = p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_HKDF_KEY:
+        if (p1 < 0)
+            return 0;
+
+        if (kctx->key != NULL)
+            OPENSSL_clear_free(kctx->key, kctx->key_len);
+
+        kctx->key = OPENSSL_memdup(p2, p1);
+        if (kctx->key == NULL)
+            return 0;
+
+        kctx->key_len  = p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_HKDF_INFO:
+        if (p1 == 0 || p2 == NULL)
+            return 1;
+
+        if (p1 < 0 || p1 > (int)(HKDF_MAXBUF - kctx->info_len))
+            return 0;
+
+        memcpy(kctx->info + kctx->info_len, p2, p1);
+        kctx->info_len += p1;
+        return 1;
+
+    default:
+        return -2;
+
+    }
+}
+
+static int pkey_hkdf_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
+                              const char *value)
+{
+    if (strcmp(type, "mode") == 0) {
+        int mode;
+
+        if (strcmp(value, "EXTRACT_AND_EXPAND") == 0)
+            mode = EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND;
+        else if (strcmp(value, "EXTRACT_ONLY") == 0)
+            mode = EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY;
+        else if (strcmp(value, "EXPAND_ONLY") == 0)
+            mode = EVP_PKEY_HKDEF_MODE_EXPAND_ONLY;
+        else
+            return 0;
+
+        return EVP_PKEY_CTX_hkdf_mode(ctx, mode);
+    }
+
+    if (strcmp(type, "md") == 0)
+        return EVP_PKEY_CTX_md(ctx, EVP_PKEY_OP_DERIVE,
+                               EVP_PKEY_CTRL_HKDF_MD, value);
+
+    if (strcmp(type, "salt") == 0)
+        return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_HKDF_SALT, value);
+
+    if (strcmp(type, "hexsalt") == 0)
+        return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_HKDF_SALT, value);
+
+    if (strcmp(type, "key") == 0)
+        return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_HKDF_KEY, value);
+
+    if (strcmp(type, "hexkey") == 0)
+        return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_HKDF_KEY, value);
+
+    if (strcmp(type, "info") == 0)
+        return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_HKDF_INFO, value);
+
+    if (strcmp(type, "hexinfo") == 0)
+        return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_HKDF_INFO, value);
+
+    KDFerr(KDF_F_PKEY_HKDF_CTRL_STR, KDF_R_UNKNOWN_PARAMETER_TYPE);
+    return -2;
+}
+
+static int pkey_hkdf_derive_init(EVP_PKEY_CTX *ctx)
+{
+    HKDF_PKEY_CTX *kctx = ctx->data;
+
+    OPENSSL_clear_free(kctx->key, kctx->key_len);
+    OPENSSL_clear_free(kctx->salt, kctx->salt_len);
+    OPENSSL_cleanse(kctx->info, kctx->info_len);
+    memset(kctx, 0, sizeof(*kctx));
+
+    return 1;
+}
+
+static int pkey_hkdf_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
+                            size_t *keylen)
+{
+    HKDF_PKEY_CTX *kctx = ctx->data;
+
+    if (kctx->md == NULL) {
+        KDFerr(KDF_F_PKEY_HKDF_DERIVE, KDF_R_MISSING_MESSAGE_DIGEST);
+        return 0;
+    }
+    if (kctx->key == NULL) {
+        KDFerr(KDF_F_PKEY_HKDF_DERIVE, KDF_R_MISSING_KEY);
+        return 0;
+    }
+
+    switch (kctx->mode) {
+    case EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND:
+        return HKDF(kctx->md, kctx->salt, kctx->salt_len, kctx->key,
+                    kctx->key_len, kctx->info, kctx->info_len, key,
+                    *keylen) != NULL;
+
+    case EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY:
+        if (key == NULL) {
+            *keylen = EVP_MD_size(kctx->md);
+            return 1;
+        }
+        return HKDF_Extract(kctx->md, kctx->salt, kctx->salt_len, kctx->key,
+                            kctx->key_len, key, keylen) != NULL;
+
+    case EVP_PKEY_HKDEF_MODE_EXPAND_ONLY:
+        return HKDF_Expand(kctx->md, kctx->key, kctx->key_len, kctx->info,
+                           kctx->info_len, key, *keylen) != NULL;
+
+    default:
+        return 0;
+    }
+}
+
+const EVP_PKEY_METHOD hkdf_pkey_meth = {
+    EVP_PKEY_HKDF,
+    0,
+    pkey_hkdf_init,
+    0,
+    pkey_hkdf_cleanup,
+
+    0, 0,
+    0, 0,
+
+    0,
+    0,
+
+    0,
+    0,
+
+    0, 0,
+
+    0, 0, 0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    pkey_hkdf_derive_init,
+    pkey_hkdf_derive,
+    pkey_hkdf_ctrl,
+    pkey_hkdf_ctrl_str
+};
+
+static unsigned char *HKDF(const EVP_MD *evp_md,
+                           const unsigned char *salt, size_t salt_len,
+                           const unsigned char *key, size_t key_len,
+                           const unsigned char *info, size_t info_len,
+                           unsigned char *okm, size_t okm_len)
+{
+    unsigned char prk[EVP_MAX_MD_SIZE];
+    unsigned char *ret;
+    size_t prk_len;
+
+    if (!HKDF_Extract(evp_md, salt, salt_len, key, key_len, prk, &prk_len))
+        return NULL;
+
+    ret = HKDF_Expand(evp_md, prk, prk_len, info, info_len, okm, okm_len);
+    OPENSSL_cleanse(prk, sizeof(prk));
+
+    return ret;
+}
+
+static unsigned char *HKDF_Extract(const EVP_MD *evp_md,
+                                   const unsigned char *salt, size_t salt_len,
+                                   const unsigned char *key, size_t key_len,
+                                   unsigned char *prk, size_t *prk_len)
+{
+    unsigned int tmp_len;
+
+    if (!HMAC(evp_md, salt, salt_len, key, key_len, prk, &tmp_len))
+        return NULL;
+
+    *prk_len = tmp_len;
+    return prk;
+}
+
+static unsigned char *HKDF_Expand(const EVP_MD *evp_md,
+                                  const unsigned char *prk, size_t prk_len,
+                                  const unsigned char *info, size_t info_len,
+                                  unsigned char *okm, size_t okm_len)
+{
+    HMAC_CTX *hmac;
+    unsigned char *ret = NULL;
+
+    unsigned int i;
+
+    unsigned char prev[EVP_MAX_MD_SIZE];
+
+    size_t done_len = 0, dig_len = EVP_MD_size(evp_md);
+
+    size_t n = okm_len / dig_len;
+    if (okm_len % dig_len)
+        n++;
+
+    if (n > 255 || okm == NULL)
+        return NULL;
+
+    if ((hmac = HMAC_CTX_new()) == NULL)
+        return NULL;
+
+    if (!HMAC_Init_ex(hmac, prk, prk_len, evp_md, NULL))
+        goto err;
+
+    for (i = 1; i <= n; i++) {
+        size_t copy_len;
+        const unsigned char ctr = i;
+
+        if (i > 1) {
+            if (!HMAC_Init_ex(hmac, NULL, 0, NULL, NULL))
+                goto err;
+
+            if (!HMAC_Update(hmac, prev, dig_len))
+                goto err;
+        }
+
+        if (!HMAC_Update(hmac, info, info_len))
+            goto err;
+
+        if (!HMAC_Update(hmac, &ctr, 1))
+            goto err;
+
+        if (!HMAC_Final(hmac, prev, NULL))
+            goto err;
+
+        copy_len = (done_len + dig_len > okm_len) ?
+                       okm_len - done_len :
+                       dig_len;
+
+        memcpy(okm + done_len, prev, copy_len);
+
+        done_len += copy_len;
+    }
+    ret = okm;
+
+ err:
+    OPENSSL_cleanse(prev, sizeof(prev));
+    HMAC_CTX_free(hmac);
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/kdf/kdf_err.c b/trunk/3rdparty/openssl-1.1-fit/crypto/kdf/kdf_err.c
new file mode 100644
index 000000000..1627c0a39
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/kdf/kdf_err.c
@@ -0,0 +1,67 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/kdferr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA KDF_str_functs[] = {
+    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_HKDF_CTRL_STR, 0), "pkey_hkdf_ctrl_str"},
+    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_HKDF_DERIVE, 0), "pkey_hkdf_derive"},
+    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_HKDF_INIT, 0), "pkey_hkdf_init"},
+    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_SCRYPT_CTRL_STR, 0),
+     "pkey_scrypt_ctrl_str"},
+    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_SCRYPT_CTRL_UINT64, 0),
+     "pkey_scrypt_ctrl_uint64"},
+    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_SCRYPT_DERIVE, 0), "pkey_scrypt_derive"},
+    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_SCRYPT_INIT, 0), "pkey_scrypt_init"},
+    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_SCRYPT_SET_MEMBUF, 0),
+     "pkey_scrypt_set_membuf"},
+    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_TLS1_PRF_CTRL_STR, 0),
+     "pkey_tls1_prf_ctrl_str"},
+    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_TLS1_PRF_DERIVE, 0),
+     "pkey_tls1_prf_derive"},
+    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_TLS1_PRF_INIT, 0), "pkey_tls1_prf_init"},
+    {ERR_PACK(ERR_LIB_KDF, KDF_F_TLS1_PRF_ALG, 0), "tls1_prf_alg"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA KDF_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_INVALID_DIGEST), "invalid digest"},
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_ITERATION_COUNT),
+    "missing iteration count"},
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_KEY), "missing key"},
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_MESSAGE_DIGEST),
+    "missing message digest"},
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_PARAMETER), "missing parameter"},
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_PASS), "missing pass"},
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_SALT), "missing salt"},
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_SECRET), "missing secret"},
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_SEED), "missing seed"},
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_UNKNOWN_PARAMETER_TYPE),
+    "unknown parameter type"},
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_VALUE_ERROR), "value error"},
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_VALUE_MISSING), "value missing"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_KDF_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(KDF_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(KDF_str_functs);
+        ERR_load_strings_const(KDF_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/kdf/scrypt.c b/trunk/3rdparty/openssl-1.1-fit/crypto/kdf/scrypt.c
new file mode 100644
index 000000000..61fd390e9
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/kdf/scrypt.c
@@ -0,0 +1,266 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/hmac.h>
+#include <openssl/kdf.h>
+#include <openssl/evp.h>
+#include "internal/cryptlib.h"
+#include "internal/evp_int.h"
+
+#ifndef OPENSSL_NO_SCRYPT
+
+static int atou64(const char *nptr, uint64_t *result);
+
+typedef struct {
+    unsigned char *pass;
+    size_t pass_len;
+    unsigned char *salt;
+    size_t salt_len;
+    uint64_t N, r, p;
+    uint64_t maxmem_bytes;
+} SCRYPT_PKEY_CTX;
+
+/* Custom uint64_t parser since we do not have strtoull */
+static int atou64(const char *nptr, uint64_t *result)
+{
+    uint64_t value = 0;
+
+    while (*nptr) {
+        unsigned int digit;
+        uint64_t new_value;
+
+        if ((*nptr < '0') || (*nptr > '9')) {
+            return 0;
+        }
+        digit = (unsigned int)(*nptr - '0');
+        new_value = (value * 10) + digit;
+        if ((new_value < digit) || ((new_value - digit) / 10 != value)) {
+            /* Overflow */
+            return 0;
+        }
+        value = new_value;
+        nptr++;
+    }
+    *result = value;
+    return 1;
+}
+
+static int pkey_scrypt_init(EVP_PKEY_CTX *ctx)
+{
+    SCRYPT_PKEY_CTX *kctx;
+
+    kctx = OPENSSL_zalloc(sizeof(*kctx));
+    if (kctx == NULL) {
+        KDFerr(KDF_F_PKEY_SCRYPT_INIT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    /* Default values are the most conservative recommendation given in the
+     * original paper of C. Percival. Derivation uses roughly 1 GiB of memory
+     * for this parameter choice (approx. 128 * r * (N + p) bytes).
+     */
+    kctx->N = 1 << 20;
+    kctx->r = 8;
+    kctx->p = 1;
+    kctx->maxmem_bytes = 1025 * 1024 * 1024;
+
+    ctx->data = kctx;
+
+    return 1;
+}
+
+static void pkey_scrypt_cleanup(EVP_PKEY_CTX *ctx)
+{
+    SCRYPT_PKEY_CTX *kctx = ctx->data;
+
+    OPENSSL_clear_free(kctx->salt, kctx->salt_len);
+    OPENSSL_clear_free(kctx->pass, kctx->pass_len);
+    OPENSSL_free(kctx);
+}
+
+static int pkey_scrypt_set_membuf(unsigned char **buffer, size_t *buflen,
+                                  const unsigned char *new_buffer,
+                                  const int new_buflen)
+{
+    if (new_buffer == NULL)
+        return 1;
+
+    if (new_buflen < 0)
+        return 0;
+
+    if (*buffer != NULL)
+        OPENSSL_clear_free(*buffer, *buflen);
+
+    if (new_buflen > 0) {
+        *buffer = OPENSSL_memdup(new_buffer, new_buflen);
+    } else {
+        *buffer = OPENSSL_malloc(1);
+    }
+    if (*buffer == NULL) {
+        KDFerr(KDF_F_PKEY_SCRYPT_SET_MEMBUF, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    *buflen = new_buflen;
+    return 1;
+}
+
+static int is_power_of_two(uint64_t value)
+{
+    return (value != 0) && ((value & (value - 1)) == 0);
+}
+
+static int pkey_scrypt_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    SCRYPT_PKEY_CTX *kctx = ctx->data;
+    uint64_t u64_value;
+
+    switch (type) {
+    case EVP_PKEY_CTRL_PASS:
+        return pkey_scrypt_set_membuf(&kctx->pass, &kctx->pass_len, p2, p1);
+
+    case EVP_PKEY_CTRL_SCRYPT_SALT:
+        return pkey_scrypt_set_membuf(&kctx->salt, &kctx->salt_len, p2, p1);
+
+    case EVP_PKEY_CTRL_SCRYPT_N:
+        u64_value = *((uint64_t *)p2);
+        if ((u64_value <= 1) || !is_power_of_two(u64_value))
+            return 0;
+        kctx->N = u64_value;
+        return 1;
+
+    case EVP_PKEY_CTRL_SCRYPT_R:
+        u64_value = *((uint64_t *)p2);
+        if (u64_value < 1)
+            return 0;
+        kctx->r = u64_value;
+        return 1;
+
+    case EVP_PKEY_CTRL_SCRYPT_P:
+        u64_value = *((uint64_t *)p2);
+        if (u64_value < 1)
+            return 0;
+        kctx->p = u64_value;
+        return 1;
+
+    case EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES:
+        u64_value = *((uint64_t *)p2);
+        if (u64_value < 1)
+            return 0;
+        kctx->maxmem_bytes = u64_value;
+        return 1;
+
+    default:
+        return -2;
+
+    }
+}
+
+static int pkey_scrypt_ctrl_uint64(EVP_PKEY_CTX *ctx, int type,
+                                   const char *value)
+{
+    uint64_t int_value;
+
+    if (!atou64(value, &int_value)) {
+        KDFerr(KDF_F_PKEY_SCRYPT_CTRL_UINT64, KDF_R_VALUE_ERROR);
+        return 0;
+    }
+    return pkey_scrypt_ctrl(ctx, type, 0, &int_value);
+}
+
+static int pkey_scrypt_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
+                                const char *value)
+{
+    if (value == NULL) {
+        KDFerr(KDF_F_PKEY_SCRYPT_CTRL_STR, KDF_R_VALUE_MISSING);
+        return 0;
+    }
+
+    if (strcmp(type, "pass") == 0)
+        return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_PASS, value);
+
+    if (strcmp(type, "hexpass") == 0)
+        return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_PASS, value);
+
+    if (strcmp(type, "salt") == 0)
+        return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_SCRYPT_SALT, value);
+
+    if (strcmp(type, "hexsalt") == 0)
+        return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_SCRYPT_SALT, value);
+
+    if (strcmp(type, "N") == 0)
+        return pkey_scrypt_ctrl_uint64(ctx, EVP_PKEY_CTRL_SCRYPT_N, value);
+
+    if (strcmp(type, "r") == 0)
+        return pkey_scrypt_ctrl_uint64(ctx, EVP_PKEY_CTRL_SCRYPT_R, value);
+
+    if (strcmp(type, "p") == 0)
+        return pkey_scrypt_ctrl_uint64(ctx, EVP_PKEY_CTRL_SCRYPT_P, value);
+
+    if (strcmp(type, "maxmem_bytes") == 0)
+        return pkey_scrypt_ctrl_uint64(ctx, EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES,
+                                       value);
+
+    KDFerr(KDF_F_PKEY_SCRYPT_CTRL_STR, KDF_R_UNKNOWN_PARAMETER_TYPE);
+    return -2;
+}
+
+static int pkey_scrypt_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
+                              size_t *keylen)
+{
+    SCRYPT_PKEY_CTX *kctx = ctx->data;
+
+    if (kctx->pass == NULL) {
+        KDFerr(KDF_F_PKEY_SCRYPT_DERIVE, KDF_R_MISSING_PASS);
+        return 0;
+    }
+
+    if (kctx->salt == NULL) {
+        KDFerr(KDF_F_PKEY_SCRYPT_DERIVE, KDF_R_MISSING_SALT);
+        return 0;
+    }
+
+    return EVP_PBE_scrypt((char *)kctx->pass, kctx->pass_len, kctx->salt,
+                          kctx->salt_len, kctx->N, kctx->r, kctx->p,
+                          kctx->maxmem_bytes, key, *keylen);
+}
+
+const EVP_PKEY_METHOD scrypt_pkey_meth = {
+    EVP_PKEY_SCRYPT,
+    0,
+    pkey_scrypt_init,
+    0,
+    pkey_scrypt_cleanup,
+
+    0, 0,
+    0, 0,
+
+    0,
+    0,
+
+    0,
+    0,
+
+    0, 0,
+
+    0, 0, 0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    0,
+    pkey_scrypt_derive,
+    pkey_scrypt_ctrl,
+    pkey_scrypt_ctrl_str
+};
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/kdf/tls1_prf.c b/trunk/3rdparty/openssl-1.1-fit/crypto/kdf/tls1_prf.c
new file mode 100644
index 000000000..49f7ecced
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/kdf/tls1_prf.c
@@ -0,0 +1,278 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/kdf.h>
+#include <openssl/evp.h>
+#include "internal/evp_int.h"
+
+static int tls1_prf_alg(const EVP_MD *md,
+                        const unsigned char *sec, size_t slen,
+                        const unsigned char *seed, size_t seed_len,
+                        unsigned char *out, size_t olen);
+
+#define TLS1_PRF_MAXBUF 1024
+
+/* TLS KDF pkey context structure */
+
+typedef struct {
+    /* Digest to use for PRF */
+    const EVP_MD *md;
+    /* Secret value to use for PRF */
+    unsigned char *sec;
+    size_t seclen;
+    /* Buffer of concatenated seed data */
+    unsigned char seed[TLS1_PRF_MAXBUF];
+    size_t seedlen;
+} TLS1_PRF_PKEY_CTX;
+
+static int pkey_tls1_prf_init(EVP_PKEY_CTX *ctx)
+{
+    TLS1_PRF_PKEY_CTX *kctx;
+
+    if ((kctx = OPENSSL_zalloc(sizeof(*kctx))) == NULL) {
+        KDFerr(KDF_F_PKEY_TLS1_PRF_INIT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ctx->data = kctx;
+
+    return 1;
+}
+
+static void pkey_tls1_prf_cleanup(EVP_PKEY_CTX *ctx)
+{
+    TLS1_PRF_PKEY_CTX *kctx = ctx->data;
+    OPENSSL_clear_free(kctx->sec, kctx->seclen);
+    OPENSSL_cleanse(kctx->seed, kctx->seedlen);
+    OPENSSL_free(kctx);
+}
+
+static int pkey_tls1_prf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    TLS1_PRF_PKEY_CTX *kctx = ctx->data;
+    switch (type) {
+    case EVP_PKEY_CTRL_TLS_MD:
+        kctx->md = p2;
+        return 1;
+
+    case EVP_PKEY_CTRL_TLS_SECRET:
+        if (p1 < 0)
+            return 0;
+        if (kctx->sec != NULL)
+            OPENSSL_clear_free(kctx->sec, kctx->seclen);
+        OPENSSL_cleanse(kctx->seed, kctx->seedlen);
+        kctx->seedlen = 0;
+        kctx->sec = OPENSSL_memdup(p2, p1);
+        if (kctx->sec == NULL)
+            return 0;
+        kctx->seclen  = p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_TLS_SEED:
+        if (p1 == 0 || p2 == NULL)
+            return 1;
+        if (p1 < 0 || p1 > (int)(TLS1_PRF_MAXBUF - kctx->seedlen))
+            return 0;
+        memcpy(kctx->seed + kctx->seedlen, p2, p1);
+        kctx->seedlen += p1;
+        return 1;
+
+    default:
+        return -2;
+
+    }
+}
+
+static int pkey_tls1_prf_ctrl_str(EVP_PKEY_CTX *ctx,
+                                  const char *type, const char *value)
+{
+    if (value == NULL) {
+        KDFerr(KDF_F_PKEY_TLS1_PRF_CTRL_STR, KDF_R_VALUE_MISSING);
+        return 0;
+    }
+    if (strcmp(type, "md") == 0) {
+        TLS1_PRF_PKEY_CTX *kctx = ctx->data;
+
+        const EVP_MD *md = EVP_get_digestbyname(value);
+        if (md == NULL) {
+            KDFerr(KDF_F_PKEY_TLS1_PRF_CTRL_STR, KDF_R_INVALID_DIGEST);
+            return 0;
+        }
+        kctx->md = md;
+        return 1;
+    }
+    if (strcmp(type, "secret") == 0)
+        return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_TLS_SECRET, value);
+    if (strcmp(type, "hexsecret") == 0)
+        return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_TLS_SECRET, value);
+    if (strcmp(type, "seed") == 0)
+        return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_TLS_SEED, value);
+    if (strcmp(type, "hexseed") == 0)
+        return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_TLS_SEED, value);
+
+    KDFerr(KDF_F_PKEY_TLS1_PRF_CTRL_STR, KDF_R_UNKNOWN_PARAMETER_TYPE);
+    return -2;
+}
+
+static int pkey_tls1_prf_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
+                                size_t *keylen)
+{
+    TLS1_PRF_PKEY_CTX *kctx = ctx->data;
+    if (kctx->md == NULL) {
+        KDFerr(KDF_F_PKEY_TLS1_PRF_DERIVE, KDF_R_MISSING_MESSAGE_DIGEST);
+        return 0;
+    }
+    if (kctx->sec == NULL) {
+        KDFerr(KDF_F_PKEY_TLS1_PRF_DERIVE, KDF_R_MISSING_SECRET);
+        return 0;
+    }
+    if (kctx->seedlen == 0) {
+        KDFerr(KDF_F_PKEY_TLS1_PRF_DERIVE, KDF_R_MISSING_SEED);
+        return 0;
+    }
+    return tls1_prf_alg(kctx->md, kctx->sec, kctx->seclen,
+                        kctx->seed, kctx->seedlen,
+                        key, *keylen);
+}
+
+const EVP_PKEY_METHOD tls1_prf_pkey_meth = {
+    EVP_PKEY_TLS1_PRF,
+    0,
+    pkey_tls1_prf_init,
+    0,
+    pkey_tls1_prf_cleanup,
+
+    0, 0,
+    0, 0,
+
+    0,
+    0,
+
+    0,
+    0,
+
+    0, 0,
+
+    0, 0, 0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    0,
+    pkey_tls1_prf_derive,
+    pkey_tls1_prf_ctrl,
+    pkey_tls1_prf_ctrl_str
+};
+
+static int tls1_prf_P_hash(const EVP_MD *md,
+                           const unsigned char *sec, size_t sec_len,
+                           const unsigned char *seed, size_t seed_len,
+                           unsigned char *out, size_t olen)
+{
+    int chunk;
+    EVP_MD_CTX *ctx = NULL, *ctx_tmp = NULL, *ctx_init = NULL;
+    EVP_PKEY *mac_key = NULL;
+    unsigned char A1[EVP_MAX_MD_SIZE];
+    size_t A1_len;
+    int ret = 0;
+
+    chunk = EVP_MD_size(md);
+    if (!ossl_assert(chunk > 0))
+        goto err;
+
+    ctx = EVP_MD_CTX_new();
+    ctx_tmp = EVP_MD_CTX_new();
+    ctx_init = EVP_MD_CTX_new();
+    if (ctx == NULL || ctx_tmp == NULL || ctx_init == NULL)
+        goto err;
+    EVP_MD_CTX_set_flags(ctx_init, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+    mac_key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, sec, sec_len);
+    if (mac_key == NULL)
+        goto err;
+    if (!EVP_DigestSignInit(ctx_init, NULL, md, NULL, mac_key))
+        goto err;
+    if (!EVP_MD_CTX_copy_ex(ctx, ctx_init))
+        goto err;
+    if (seed != NULL && !EVP_DigestSignUpdate(ctx, seed, seed_len))
+        goto err;
+    if (!EVP_DigestSignFinal(ctx, A1, &A1_len))
+        goto err;
+
+    for (;;) {
+        /* Reinit mac contexts */
+        if (!EVP_MD_CTX_copy_ex(ctx, ctx_init))
+            goto err;
+        if (!EVP_DigestSignUpdate(ctx, A1, A1_len))
+            goto err;
+        if (olen > (size_t)chunk && !EVP_MD_CTX_copy_ex(ctx_tmp, ctx))
+            goto err;
+        if (seed && !EVP_DigestSignUpdate(ctx, seed, seed_len))
+            goto err;
+
+        if (olen > (size_t)chunk) {
+            size_t mac_len;
+            if (!EVP_DigestSignFinal(ctx, out, &mac_len))
+                goto err;
+            out += mac_len;
+            olen -= mac_len;
+            /* calc the next A1 value */
+            if (!EVP_DigestSignFinal(ctx_tmp, A1, &A1_len))
+                goto err;
+        } else {                /* last one */
+
+            if (!EVP_DigestSignFinal(ctx, A1, &A1_len))
+                goto err;
+            memcpy(out, A1, olen);
+            break;
+        }
+    }
+    ret = 1;
+ err:
+    EVP_PKEY_free(mac_key);
+    EVP_MD_CTX_free(ctx);
+    EVP_MD_CTX_free(ctx_tmp);
+    EVP_MD_CTX_free(ctx_init);
+    OPENSSL_cleanse(A1, sizeof(A1));
+    return ret;
+}
+
+static int tls1_prf_alg(const EVP_MD *md,
+                        const unsigned char *sec, size_t slen,
+                        const unsigned char *seed, size_t seed_len,
+                        unsigned char *out, size_t olen)
+{
+
+    if (EVP_MD_type(md) == NID_md5_sha1) {
+        size_t i;
+        unsigned char *tmp;
+        if (!tls1_prf_P_hash(EVP_md5(), sec, slen/2 + (slen & 1),
+                         seed, seed_len, out, olen))
+            return 0;
+
+        if ((tmp = OPENSSL_malloc(olen)) == NULL) {
+            KDFerr(KDF_F_TLS1_PRF_ALG, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        if (!tls1_prf_P_hash(EVP_sha1(), sec + slen/2, slen/2 + (slen & 1),
+                         seed, seed_len, tmp, olen)) {
+            OPENSSL_clear_free(tmp, olen);
+            return 0;
+        }
+        for (i = 0; i < olen; i++)
+            out[i] ^= tmp[i];
+        OPENSSL_clear_free(tmp, olen);
+        return 1;
+    }
+    if (!tls1_prf_P_hash(md, sec, slen, seed, seed_len, out, olen))
+        return 0;
+
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/lhash/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/lhash/build.info
new file mode 100644
index 000000000..30797f2ca
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/lhash/build.info
@@ -0,0 +1,3 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        lhash.c lh_stats.c
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/lhash/lh_stats.c b/trunk/3rdparty/openssl-1.1-fit/crypto/lhash/lh_stats.c
new file mode 100644
index 000000000..65b91e1ef
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/lhash/lh_stats.c
@@ -0,0 +1,117 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+/*
+ * If you wish to build this outside of OpenSSL, remove the following lines
+ * and things should work as expected
+ */
+#include "internal/cryptlib.h"
+
+#include <openssl/bio.h>
+#include <openssl/lhash.h>
+#include "lhash_lcl.h"
+
+# ifndef OPENSSL_NO_STDIO
+void OPENSSL_LH_stats(const OPENSSL_LHASH *lh, FILE *fp)
+{
+    BIO *bp;
+
+    bp = BIO_new(BIO_s_file());
+    if (bp == NULL)
+        return;
+    BIO_set_fp(bp, fp, BIO_NOCLOSE);
+    OPENSSL_LH_stats_bio(lh, bp);
+    BIO_free(bp);
+}
+
+void OPENSSL_LH_node_stats(const OPENSSL_LHASH *lh, FILE *fp)
+{
+    BIO *bp;
+
+    bp = BIO_new(BIO_s_file());
+    if (bp == NULL)
+        return;
+    BIO_set_fp(bp, fp, BIO_NOCLOSE);
+    OPENSSL_LH_node_stats_bio(lh, bp);
+    BIO_free(bp);
+}
+
+void OPENSSL_LH_node_usage_stats(const OPENSSL_LHASH *lh, FILE *fp)
+{
+    BIO *bp;
+
+    bp = BIO_new(BIO_s_file());
+    if (bp == NULL)
+        return;
+    BIO_set_fp(bp, fp, BIO_NOCLOSE);
+    OPENSSL_LH_node_usage_stats_bio(lh, bp);
+    BIO_free(bp);
+}
+
+# endif
+
+void OPENSSL_LH_stats_bio(const OPENSSL_LHASH *lh, BIO *out)
+{
+    BIO_printf(out, "num_items             = %lu\n", lh->num_items);
+    BIO_printf(out, "num_nodes             = %u\n",  lh->num_nodes);
+    BIO_printf(out, "num_alloc_nodes       = %u\n",  lh->num_alloc_nodes);
+    BIO_printf(out, "num_expands           = %lu\n", lh->num_expands);
+    BIO_printf(out, "num_expand_reallocs   = %lu\n", lh->num_expand_reallocs);
+    BIO_printf(out, "num_contracts         = %lu\n", lh->num_contracts);
+    BIO_printf(out, "num_contract_reallocs = %lu\n", lh->num_contract_reallocs);
+    BIO_printf(out, "num_hash_calls        = %lu\n", lh->num_hash_calls);
+    BIO_printf(out, "num_comp_calls        = %lu\n", lh->num_comp_calls);
+    BIO_printf(out, "num_insert            = %lu\n", lh->num_insert);
+    BIO_printf(out, "num_replace           = %lu\n", lh->num_replace);
+    BIO_printf(out, "num_delete            = %lu\n", lh->num_delete);
+    BIO_printf(out, "num_no_delete         = %lu\n", lh->num_no_delete);
+    BIO_printf(out, "num_retrieve          = %lu\n", lh->num_retrieve);
+    BIO_printf(out, "num_retrieve_miss     = %lu\n", lh->num_retrieve_miss);
+    BIO_printf(out, "num_hash_comps        = %lu\n", lh->num_hash_comps);
+}
+
+void OPENSSL_LH_node_stats_bio(const OPENSSL_LHASH *lh, BIO *out)
+{
+    OPENSSL_LH_NODE *n;
+    unsigned int i, num;
+
+    for (i = 0; i < lh->num_nodes; i++) {
+        for (n = lh->b[i], num = 0; n != NULL; n = n->next)
+            num++;
+        BIO_printf(out, "node %6u -> %3u\n", i, num);
+    }
+}
+
+void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out)
+{
+    OPENSSL_LH_NODE *n;
+    unsigned long num;
+    unsigned int i;
+    unsigned long total = 0, n_used = 0;
+
+    for (i = 0; i < lh->num_nodes; i++) {
+        for (n = lh->b[i], num = 0; n != NULL; n = n->next)
+            num++;
+        if (num != 0) {
+            n_used++;
+            total += num;
+        }
+    }
+    BIO_printf(out, "%lu nodes used out of %u\n", n_used, lh->num_nodes);
+    BIO_printf(out, "%lu items\n", total);
+    if (n_used == 0)
+        return;
+    BIO_printf(out, "load %d.%02d  actual load %d.%02d\n",
+               (int)(total / lh->num_nodes),
+               (int)((total % lh->num_nodes) * 100 / lh->num_nodes),
+               (int)(total / n_used), (int)((total % n_used) * 100 / n_used));
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/lhash/lhash.c b/trunk/3rdparty/openssl-1.1-fit/crypto/lhash/lhash.c
new file mode 100644
index 000000000..8d9f933df
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/lhash/lhash.c
@@ -0,0 +1,393 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <openssl/crypto.h>
+#include <openssl/lhash.h>
+#include <openssl/err.h>
+#include "internal/ctype.h"
+#include "internal/lhash.h"
+#include "lhash_lcl.h"
+
+/*
+ * A hashing implementation that appears to be based on the linear hashing
+ * alogrithm:
+ * https://en.wikipedia.org/wiki/Linear_hashing
+ *
+ * Litwin, Witold (1980), "Linear hashing: A new tool for file and table
+ * addressing", Proc. 6th Conference on Very Large Databases: 212-223
+ * http://hackthology.com/pdfs/Litwin-1980-Linear_Hashing.pdf
+ *
+ * From the wikipedia article "Linear hashing is used in the BDB Berkeley
+ * database system, which in turn is used by many software systems such as
+ * OpenLDAP, using a C implementation derived from the CACM article and first
+ * published on the Usenet in 1988 by Esmond Pitt."
+ *
+ * The CACM paper is available here:
+ * https://pdfs.semanticscholar.org/ff4d/1c5deca6269cc316bfd952172284dbf610ee.pdf
+ */
+
+#undef MIN_NODES
+#define MIN_NODES       16
+#define UP_LOAD         (2*LH_LOAD_MULT) /* load times 256 (default 2) */
+#define DOWN_LOAD       (LH_LOAD_MULT) /* load times 256 (default 1) */
+
+static int expand(OPENSSL_LHASH *lh);
+static void contract(OPENSSL_LHASH *lh);
+static OPENSSL_LH_NODE **getrn(OPENSSL_LHASH *lh, const void *data, unsigned long *rhash);
+
+OPENSSL_LHASH *OPENSSL_LH_new(OPENSSL_LH_HASHFUNC h, OPENSSL_LH_COMPFUNC c)
+{
+    OPENSSL_LHASH *ret;
+
+    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) {
+        /*
+         * Do not set the error code, because the ERR code uses LHASH
+         * and we want to avoid possible endless error loop.
+         * CRYPTOerr(CRYPTO_F_OPENSSL_LH_NEW, ERR_R_MALLOC_FAILURE);
+         */
+        return NULL;
+    }
+    if ((ret->b = OPENSSL_zalloc(sizeof(*ret->b) * MIN_NODES)) == NULL)
+        goto err;
+    ret->comp = ((c == NULL) ? (OPENSSL_LH_COMPFUNC)strcmp : c);
+    ret->hash = ((h == NULL) ? (OPENSSL_LH_HASHFUNC)OPENSSL_LH_strhash : h);
+    ret->num_nodes = MIN_NODES / 2;
+    ret->num_alloc_nodes = MIN_NODES;
+    ret->pmax = MIN_NODES / 2;
+    ret->up_load = UP_LOAD;
+    ret->down_load = DOWN_LOAD;
+    return ret;
+
+err:
+    OPENSSL_free(ret->b);
+    OPENSSL_free(ret);
+    return NULL;
+}
+
+void OPENSSL_LH_free(OPENSSL_LHASH *lh)
+{
+    unsigned int i;
+    OPENSSL_LH_NODE *n, *nn;
+
+    if (lh == NULL)
+        return;
+
+    for (i = 0; i < lh->num_nodes; i++) {
+        n = lh->b[i];
+        while (n != NULL) {
+            nn = n->next;
+            OPENSSL_free(n);
+            n = nn;
+        }
+    }
+    OPENSSL_free(lh->b);
+    OPENSSL_free(lh);
+}
+
+void *OPENSSL_LH_insert(OPENSSL_LHASH *lh, void *data)
+{
+    unsigned long hash;
+    OPENSSL_LH_NODE *nn, **rn;
+    void *ret;
+
+    lh->error = 0;
+    if ((lh->up_load <= (lh->num_items * LH_LOAD_MULT / lh->num_nodes)) && !expand(lh))
+        return NULL;        /* 'lh->error++' already done in 'expand' */
+
+    rn = getrn(lh, data, &hash);
+
+    if (*rn == NULL) {
+        if ((nn = OPENSSL_malloc(sizeof(*nn))) == NULL) {
+            lh->error++;
+            return NULL;
+        }
+        nn->data = data;
+        nn->next = NULL;
+        nn->hash = hash;
+        *rn = nn;
+        ret = NULL;
+        lh->num_insert++;
+        lh->num_items++;
+    } else {                    /* replace same key */
+        ret = (*rn)->data;
+        (*rn)->data = data;
+        lh->num_replace++;
+    }
+    return ret;
+}
+
+void *OPENSSL_LH_delete(OPENSSL_LHASH *lh, const void *data)
+{
+    unsigned long hash;
+    OPENSSL_LH_NODE *nn, **rn;
+    void *ret;
+
+    lh->error = 0;
+    rn = getrn(lh, data, &hash);
+
+    if (*rn == NULL) {
+        lh->num_no_delete++;
+        return NULL;
+    } else {
+        nn = *rn;
+        *rn = nn->next;
+        ret = nn->data;
+        OPENSSL_free(nn);
+        lh->num_delete++;
+    }
+
+    lh->num_items--;
+    if ((lh->num_nodes > MIN_NODES) &&
+        (lh->down_load >= (lh->num_items * LH_LOAD_MULT / lh->num_nodes)))
+        contract(lh);
+
+    return ret;
+}
+
+void *OPENSSL_LH_retrieve(OPENSSL_LHASH *lh, const void *data)
+{
+    unsigned long hash;
+    OPENSSL_LH_NODE **rn;
+    void *ret;
+
+    tsan_store((TSAN_QUALIFIER int *)&lh->error, 0);
+
+    rn = getrn(lh, data, &hash);
+
+    if (*rn == NULL) {
+        tsan_counter(&lh->num_retrieve_miss);
+        return NULL;
+    } else {
+        ret = (*rn)->data;
+        tsan_counter(&lh->num_retrieve);
+    }
+
+    return ret;
+}
+
+static void doall_util_fn(OPENSSL_LHASH *lh, int use_arg,
+                          OPENSSL_LH_DOALL_FUNC func,
+                          OPENSSL_LH_DOALL_FUNCARG func_arg, void *arg)
+{
+    int i;
+    OPENSSL_LH_NODE *a, *n;
+
+    if (lh == NULL)
+        return;
+
+    /*
+     * reverse the order so we search from 'top to bottom' We were having
+     * memory leaks otherwise
+     */
+    for (i = lh->num_nodes - 1; i >= 0; i--) {
+        a = lh->b[i];
+        while (a != NULL) {
+            n = a->next;
+            if (use_arg)
+                func_arg(a->data, arg);
+            else
+                func(a->data);
+            a = n;
+        }
+    }
+}
+
+void OPENSSL_LH_doall(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNC func)
+{
+    doall_util_fn(lh, 0, func, (OPENSSL_LH_DOALL_FUNCARG)0, NULL);
+}
+
+void OPENSSL_LH_doall_arg(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNCARG func, void *arg)
+{
+    doall_util_fn(lh, 1, (OPENSSL_LH_DOALL_FUNC)0, func, arg);
+}
+
+static int expand(OPENSSL_LHASH *lh)
+{
+    OPENSSL_LH_NODE **n, **n1, **n2, *np;
+    unsigned int p, pmax, nni, j;
+    unsigned long hash;
+
+    nni = lh->num_alloc_nodes;
+    p = lh->p;
+    pmax = lh->pmax;
+    if (p + 1 >= pmax) {
+        j = nni * 2;
+        n = OPENSSL_realloc(lh->b, sizeof(OPENSSL_LH_NODE *) * j);
+        if (n == NULL) {
+            lh->error++;
+            return 0;
+        }
+        lh->b = n;
+        memset(n + nni, 0, sizeof(*n) * (j - nni));
+        lh->pmax = nni;
+        lh->num_alloc_nodes = j;
+        lh->num_expand_reallocs++;
+        lh->p = 0;
+    } else {
+        lh->p++;
+    }
+
+    lh->num_nodes++;
+    lh->num_expands++;
+    n1 = &(lh->b[p]);
+    n2 = &(lh->b[p + pmax]);
+    *n2 = NULL;
+
+    for (np = *n1; np != NULL;) {
+        hash = np->hash;
+        if ((hash % nni) != p) { /* move it */
+            *n1 = (*n1)->next;
+            np->next = *n2;
+            *n2 = np;
+        } else
+            n1 = &((*n1)->next);
+        np = *n1;
+    }
+
+    return 1;
+}
+
+static void contract(OPENSSL_LHASH *lh)
+{
+    OPENSSL_LH_NODE **n, *n1, *np;
+
+    np = lh->b[lh->p + lh->pmax - 1];
+    lh->b[lh->p + lh->pmax - 1] = NULL; /* 24/07-92 - eay - weird but :-( */
+    if (lh->p == 0) {
+        n = OPENSSL_realloc(lh->b,
+                            (unsigned int)(sizeof(OPENSSL_LH_NODE *) * lh->pmax));
+        if (n == NULL) {
+            /* fputs("realloc error in lhash",stderr); */
+            lh->error++;
+            return;
+        }
+        lh->num_contract_reallocs++;
+        lh->num_alloc_nodes /= 2;
+        lh->pmax /= 2;
+        lh->p = lh->pmax - 1;
+        lh->b = n;
+    } else
+        lh->p--;
+
+    lh->num_nodes--;
+    lh->num_contracts++;
+
+    n1 = lh->b[(int)lh->p];
+    if (n1 == NULL)
+        lh->b[(int)lh->p] = np;
+    else {
+        while (n1->next != NULL)
+            n1 = n1->next;
+        n1->next = np;
+    }
+}
+
+static OPENSSL_LH_NODE **getrn(OPENSSL_LHASH *lh,
+                               const void *data, unsigned long *rhash)
+{
+    OPENSSL_LH_NODE **ret, *n1;
+    unsigned long hash, nn;
+    OPENSSL_LH_COMPFUNC cf;
+
+    hash = (*(lh->hash)) (data);
+    tsan_counter(&lh->num_hash_calls);
+    *rhash = hash;
+
+    nn = hash % lh->pmax;
+    if (nn < lh->p)
+        nn = hash % lh->num_alloc_nodes;
+
+    cf = lh->comp;
+    ret = &(lh->b[(int)nn]);
+    for (n1 = *ret; n1 != NULL; n1 = n1->next) {
+        tsan_counter(&lh->num_hash_comps);
+        if (n1->hash != hash) {
+            ret = &(n1->next);
+            continue;
+        }
+        tsan_counter(&lh->num_comp_calls);
+        if (cf(n1->data, data) == 0)
+            break;
+        ret = &(n1->next);
+    }
+    return ret;
+}
+
+/*
+ * The following hash seems to work very well on normal text strings no
+ * collisions on /usr/dict/words and it distributes on %2^n quite well, not
+ * as good as MD5, but still good.
+ */
+unsigned long OPENSSL_LH_strhash(const char *c)
+{
+    unsigned long ret = 0;
+    long n;
+    unsigned long v;
+    int r;
+
+    if ((c == NULL) || (*c == '\0'))
+        return ret;
+
+    n = 0x100;
+    while (*c) {
+        v = n | (*c);
+        n += 0x100;
+        r = (int)((v >> 2) ^ v) & 0x0f;
+        ret = (ret << r) | (ret >> (32 - r));
+        ret &= 0xFFFFFFFFL;
+        ret ^= v * v;
+        c++;
+    }
+    return (ret >> 16) ^ ret;
+}
+
+unsigned long openssl_lh_strcasehash(const char *c)
+{
+    unsigned long ret = 0;
+    long n;
+    unsigned long v;
+    int r;
+
+    if (c == NULL || *c == '\0')
+        return ret;
+
+    for (n = 0x100; *c != '\0'; n += 0x100) {
+        v = n | ossl_tolower(*c);
+        r = (int)((v >> 2) ^ v) & 0x0f;
+        ret = (ret << r) | (ret >> (32 - r));
+        ret &= 0xFFFFFFFFL;
+        ret ^= v * v;
+        c++;
+    }
+    return (ret >> 16) ^ ret;
+}
+
+unsigned long OPENSSL_LH_num_items(const OPENSSL_LHASH *lh)
+{
+    return lh ? lh->num_items : 0;
+}
+
+unsigned long OPENSSL_LH_get_down_load(const OPENSSL_LHASH *lh)
+{
+    return lh->down_load;
+}
+
+void OPENSSL_LH_set_down_load(OPENSSL_LHASH *lh, unsigned long down_load)
+{
+    lh->down_load = down_load;
+}
+
+int OPENSSL_LH_error(OPENSSL_LHASH *lh)
+{
+    return lh->error;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/lhash/lhash_lcl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/lhash/lhash_lcl.h
new file mode 100644
index 000000000..678224acd
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/lhash/lhash_lcl.h
@@ -0,0 +1,44 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+#include <openssl/crypto.h>
+
+#include "internal/tsan_assist.h"
+
+struct lhash_node_st {
+    void *data;
+    struct lhash_node_st *next;
+    unsigned long hash;
+};
+
+struct lhash_st {
+    OPENSSL_LH_NODE **b;
+    OPENSSL_LH_COMPFUNC comp;
+    OPENSSL_LH_HASHFUNC hash;
+    unsigned int num_nodes;
+    unsigned int num_alloc_nodes;
+    unsigned int p;
+    unsigned int pmax;
+    unsigned long up_load;      /* load times 256 */
+    unsigned long down_load;    /* load times 256 */
+    unsigned long num_items;
+    unsigned long num_expands;
+    unsigned long num_expand_reallocs;
+    unsigned long num_contracts;
+    unsigned long num_contract_reallocs;
+    TSAN_QUALIFIER unsigned long num_hash_calls;
+    TSAN_QUALIFIER unsigned long num_comp_calls;
+    unsigned long num_insert;
+    unsigned long num_replace;
+    unsigned long num_delete;
+    unsigned long num_no_delete;
+    TSAN_QUALIFIER unsigned long num_retrieve;
+    TSAN_QUALIFIER unsigned long num_retrieve_miss;
+    TSAN_QUALIFIER unsigned long num_hash_comps;
+    int error;
+};
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/md2/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/md2/build.info
new file mode 100644
index 000000000..e31948c23
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/md2/build.info
@@ -0,0 +1,3 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        md2_dgst.c md2_one.c
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/md2/md2_dgst.c b/trunk/3rdparty/openssl-1.1-fit/crypto/md2/md2_dgst.c
new file mode 100644
index 000000000..faa9393f2
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/md2/md2_dgst.c
@@ -0,0 +1,173 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/md2.h>
+#include <openssl/opensslv.h>
+#include <openssl/crypto.h>
+
+/*
+ * Implemented from RFC1319 The MD2 Message-Digest Algorithm
+ */
+
+#define UCHAR   unsigned char
+
+static void md2_block(MD2_CTX *c, const unsigned char *d);
+/*
+ * The magic S table - I have converted it to hex since it is basically just
+ * a random byte string.
+ */
+static const MD2_INT S[256] = {
+    0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01,
+    0x3D, 0x36, 0x54, 0xA1, 0xEC, 0xF0, 0x06, 0x13,
+    0x62, 0xA7, 0x05, 0xF3, 0xC0, 0xC7, 0x73, 0x8C,
+    0x98, 0x93, 0x2B, 0xD9, 0xBC, 0x4C, 0x82, 0xCA,
+    0x1E, 0x9B, 0x57, 0x3C, 0xFD, 0xD4, 0xE0, 0x16,
+    0x67, 0x42, 0x6F, 0x18, 0x8A, 0x17, 0xE5, 0x12,
+    0xBE, 0x4E, 0xC4, 0xD6, 0xDA, 0x9E, 0xDE, 0x49,
+    0xA0, 0xFB, 0xF5, 0x8E, 0xBB, 0x2F, 0xEE, 0x7A,
+    0xA9, 0x68, 0x79, 0x91, 0x15, 0xB2, 0x07, 0x3F,
+    0x94, 0xC2, 0x10, 0x89, 0x0B, 0x22, 0x5F, 0x21,
+    0x80, 0x7F, 0x5D, 0x9A, 0x5A, 0x90, 0x32, 0x27,
+    0x35, 0x3E, 0xCC, 0xE7, 0xBF, 0xF7, 0x97, 0x03,
+    0xFF, 0x19, 0x30, 0xB3, 0x48, 0xA5, 0xB5, 0xD1,
+    0xD7, 0x5E, 0x92, 0x2A, 0xAC, 0x56, 0xAA, 0xC6,
+    0x4F, 0xB8, 0x38, 0xD2, 0x96, 0xA4, 0x7D, 0xB6,
+    0x76, 0xFC, 0x6B, 0xE2, 0x9C, 0x74, 0x04, 0xF1,
+    0x45, 0x9D, 0x70, 0x59, 0x64, 0x71, 0x87, 0x20,
+    0x86, 0x5B, 0xCF, 0x65, 0xE6, 0x2D, 0xA8, 0x02,
+    0x1B, 0x60, 0x25, 0xAD, 0xAE, 0xB0, 0xB9, 0xF6,
+    0x1C, 0x46, 0x61, 0x69, 0x34, 0x40, 0x7E, 0x0F,
+    0x55, 0x47, 0xA3, 0x23, 0xDD, 0x51, 0xAF, 0x3A,
+    0xC3, 0x5C, 0xF9, 0xCE, 0xBA, 0xC5, 0xEA, 0x26,
+    0x2C, 0x53, 0x0D, 0x6E, 0x85, 0x28, 0x84, 0x09,
+    0xD3, 0xDF, 0xCD, 0xF4, 0x41, 0x81, 0x4D, 0x52,
+    0x6A, 0xDC, 0x37, 0xC8, 0x6C, 0xC1, 0xAB, 0xFA,
+    0x24, 0xE1, 0x7B, 0x08, 0x0C, 0xBD, 0xB1, 0x4A,
+    0x78, 0x88, 0x95, 0x8B, 0xE3, 0x63, 0xE8, 0x6D,
+    0xE9, 0xCB, 0xD5, 0xFE, 0x3B, 0x00, 0x1D, 0x39,
+    0xF2, 0xEF, 0xB7, 0x0E, 0x66, 0x58, 0xD0, 0xE4,
+    0xA6, 0x77, 0x72, 0xF8, 0xEB, 0x75, 0x4B, 0x0A,
+    0x31, 0x44, 0x50, 0xB4, 0x8F, 0xED, 0x1F, 0x1A,
+    0xDB, 0x99, 0x8D, 0x33, 0x9F, 0x11, 0x83, 0x14,
+};
+
+const char *MD2_options(void)
+{
+    if (sizeof(MD2_INT) == 1)
+        return "md2(char)";
+    else
+        return "md2(int)";
+}
+
+int MD2_Init(MD2_CTX *c)
+{
+    c->num = 0;
+    memset(c->state, 0, sizeof(c->state));
+    memset(c->cksm, 0, sizeof(c->cksm));
+    memset(c->data, 0, sizeof(c->data));
+    return 1;
+}
+
+int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len)
+{
+    register UCHAR *p;
+
+    if (len == 0)
+        return 1;
+
+    p = c->data;
+    if (c->num != 0) {
+        if ((c->num + len) >= MD2_BLOCK) {
+            memcpy(&(p[c->num]), data, MD2_BLOCK - c->num);
+            md2_block(c, c->data);
+            data += (MD2_BLOCK - c->num);
+            len -= (MD2_BLOCK - c->num);
+            c->num = 0;
+            /* drop through and do the rest */
+        } else {
+            memcpy(&(p[c->num]), data, len);
+            /* data+=len; */
+            c->num += (int)len;
+            return 1;
+        }
+    }
+    /*
+     * we now can process the input data in blocks of MD2_BLOCK chars and
+     * save the leftovers to c->data.
+     */
+    while (len >= MD2_BLOCK) {
+        md2_block(c, data);
+        data += MD2_BLOCK;
+        len -= MD2_BLOCK;
+    }
+    memcpy(p, data, len);
+    c->num = (int)len;
+    return 1;
+}
+
+static void md2_block(MD2_CTX *c, const unsigned char *d)
+{
+    register MD2_INT t, *sp1, *sp2;
+    register int i, j;
+    MD2_INT state[48];
+
+    sp1 = c->state;
+    sp2 = c->cksm;
+    j = sp2[MD2_BLOCK - 1];
+    for (i = 0; i < 16; i++) {
+        state[i] = sp1[i];
+        state[i + 16] = t = d[i];
+        state[i + 32] = (t ^ sp1[i]);
+        j = sp2[i] ^= S[t ^ j];
+    }
+    t = 0;
+    for (i = 0; i < 18; i++) {
+        for (j = 0; j < 48; j += 8) {
+            t = state[j + 0] ^= S[t];
+            t = state[j + 1] ^= S[t];
+            t = state[j + 2] ^= S[t];
+            t = state[j + 3] ^= S[t];
+            t = state[j + 4] ^= S[t];
+            t = state[j + 5] ^= S[t];
+            t = state[j + 6] ^= S[t];
+            t = state[j + 7] ^= S[t];
+        }
+        t = (t + i) & 0xff;
+    }
+    memcpy(sp1, state, 16 * sizeof(MD2_INT));
+    OPENSSL_cleanse(state, 48 * sizeof(MD2_INT));
+}
+
+int MD2_Final(unsigned char *md, MD2_CTX *c)
+{
+    int i, v;
+    register UCHAR *cp;
+    register MD2_INT *p1, *p2;
+
+    cp = c->data;
+    p1 = c->state;
+    p2 = c->cksm;
+    v = MD2_BLOCK - c->num;
+    for (i = c->num; i < MD2_BLOCK; i++)
+        cp[i] = (UCHAR) v;
+
+    md2_block(c, cp);
+
+    for (i = 0; i < MD2_BLOCK; i++)
+        cp[i] = (UCHAR) p2[i];
+    md2_block(c, cp);
+
+    for (i = 0; i < 16; i++)
+        md[i] = (UCHAR) (p1[i] & 0xff);
+    OPENSSL_cleanse(c, sizeof(*c));
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/md2/md2_one.c b/trunk/3rdparty/openssl-1.1-fit/crypto/md2/md2_one.c
new file mode 100644
index 000000000..5502b2169
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/md2/md2_one.c
@@ -0,0 +1,47 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/md2.h>
+
+/*
+ * This is a separate file so that #defines in cryptlib.h can map my MD
+ * functions to different names
+ */
+
+unsigned char *MD2(const unsigned char *d, size_t n, unsigned char *md)
+{
+    MD2_CTX c;
+    static unsigned char m[MD2_DIGEST_LENGTH];
+
+    if (md == NULL)
+        md = m;
+    if (!MD2_Init(&c))
+        return NULL;
+#ifndef CHARSET_EBCDIC
+    MD2_Update(&c, d, n);
+#else
+    {
+        char temp[1024];
+        unsigned long chunk;
+
+        while (n > 0) {
+            chunk = (n > sizeof(temp)) ? sizeof(temp) : n;
+            ebcdic2ascii(temp, d, chunk);
+            MD2_Update(&c, temp, chunk);
+            n -= chunk;
+            d += chunk;
+        }
+    }
+#endif
+    MD2_Final(md, &c);
+    OPENSSL_cleanse(&c, sizeof(c)); /* Security consideration */
+    return md;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/md4/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/md4/build.info
new file mode 100644
index 000000000..20846e0dc
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/md4/build.info
@@ -0,0 +1,3 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        md4_dgst.c md4_one.c
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/md4/md4_dgst.c b/trunk/3rdparty/openssl-1.1-fit/crypto/md4/md4_dgst.c
new file mode 100644
index 000000000..531961861
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/md4/md4_dgst.c
@@ -0,0 +1,147 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/opensslv.h>
+#include "md4_locl.h"
+
+/*
+ * Implemented from RFC1186 The MD4 Message-Digest Algorithm
+ */
+
+#define INIT_DATA_A (unsigned long)0x67452301L
+#define INIT_DATA_B (unsigned long)0xefcdab89L
+#define INIT_DATA_C (unsigned long)0x98badcfeL
+#define INIT_DATA_D (unsigned long)0x10325476L
+
+int MD4_Init(MD4_CTX *c)
+{
+    memset(c, 0, sizeof(*c));
+    c->A = INIT_DATA_A;
+    c->B = INIT_DATA_B;
+    c->C = INIT_DATA_C;
+    c->D = INIT_DATA_D;
+    return 1;
+}
+
+#ifndef md4_block_data_order
+# ifdef X
+#  undef X
+# endif
+void md4_block_data_order(MD4_CTX *c, const void *data_, size_t num)
+{
+    const unsigned char *data = data_;
+    register unsigned MD32_REG_T A, B, C, D, l;
+# ifndef MD32_XARRAY
+    /* See comment in crypto/sha/sha_locl.h for details. */
+    unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
+        XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15;
+#  define X(i)   XX##i
+# else
+    MD4_LONG XX[MD4_LBLOCK];
+#  define X(i)   XX[i]
+# endif
+
+    A = c->A;
+    B = c->B;
+    C = c->C;
+    D = c->D;
+
+    for (; num--;) {
+        (void)HOST_c2l(data, l);
+        X(0) = l;
+        (void)HOST_c2l(data, l);
+        X(1) = l;
+        /* Round 0 */
+        R0(A, B, C, D, X(0), 3, 0);
+        (void)HOST_c2l(data, l);
+        X(2) = l;
+        R0(D, A, B, C, X(1), 7, 0);
+        (void)HOST_c2l(data, l);
+        X(3) = l;
+        R0(C, D, A, B, X(2), 11, 0);
+        (void)HOST_c2l(data, l);
+        X(4) = l;
+        R0(B, C, D, A, X(3), 19, 0);
+        (void)HOST_c2l(data, l);
+        X(5) = l;
+        R0(A, B, C, D, X(4), 3, 0);
+        (void)HOST_c2l(data, l);
+        X(6) = l;
+        R0(D, A, B, C, X(5), 7, 0);
+        (void)HOST_c2l(data, l);
+        X(7) = l;
+        R0(C, D, A, B, X(6), 11, 0);
+        (void)HOST_c2l(data, l);
+        X(8) = l;
+        R0(B, C, D, A, X(7), 19, 0);
+        (void)HOST_c2l(data, l);
+        X(9) = l;
+        R0(A, B, C, D, X(8), 3, 0);
+        (void)HOST_c2l(data, l);
+        X(10) = l;
+        R0(D, A, B, C, X(9), 7, 0);
+        (void)HOST_c2l(data, l);
+        X(11) = l;
+        R0(C, D, A, B, X(10), 11, 0);
+        (void)HOST_c2l(data, l);
+        X(12) = l;
+        R0(B, C, D, A, X(11), 19, 0);
+        (void)HOST_c2l(data, l);
+        X(13) = l;
+        R0(A, B, C, D, X(12), 3, 0);
+        (void)HOST_c2l(data, l);
+        X(14) = l;
+        R0(D, A, B, C, X(13), 7, 0);
+        (void)HOST_c2l(data, l);
+        X(15) = l;
+        R0(C, D, A, B, X(14), 11, 0);
+        R0(B, C, D, A, X(15), 19, 0);
+        /* Round 1 */
+        R1(A, B, C, D, X(0), 3, 0x5A827999L);
+        R1(D, A, B, C, X(4), 5, 0x5A827999L);
+        R1(C, D, A, B, X(8), 9, 0x5A827999L);
+        R1(B, C, D, A, X(12), 13, 0x5A827999L);
+        R1(A, B, C, D, X(1), 3, 0x5A827999L);
+        R1(D, A, B, C, X(5), 5, 0x5A827999L);
+        R1(C, D, A, B, X(9), 9, 0x5A827999L);
+        R1(B, C, D, A, X(13), 13, 0x5A827999L);
+        R1(A, B, C, D, X(2), 3, 0x5A827999L);
+        R1(D, A, B, C, X(6), 5, 0x5A827999L);
+        R1(C, D, A, B, X(10), 9, 0x5A827999L);
+        R1(B, C, D, A, X(14), 13, 0x5A827999L);
+        R1(A, B, C, D, X(3), 3, 0x5A827999L);
+        R1(D, A, B, C, X(7), 5, 0x5A827999L);
+        R1(C, D, A, B, X(11), 9, 0x5A827999L);
+        R1(B, C, D, A, X(15), 13, 0x5A827999L);
+        /* Round 2 */
+        R2(A, B, C, D, X(0), 3, 0x6ED9EBA1L);
+        R2(D, A, B, C, X(8), 9, 0x6ED9EBA1L);
+        R2(C, D, A, B, X(4), 11, 0x6ED9EBA1L);
+        R2(B, C, D, A, X(12), 15, 0x6ED9EBA1L);
+        R2(A, B, C, D, X(2), 3, 0x6ED9EBA1L);
+        R2(D, A, B, C, X(10), 9, 0x6ED9EBA1L);
+        R2(C, D, A, B, X(6), 11, 0x6ED9EBA1L);
+        R2(B, C, D, A, X(14), 15, 0x6ED9EBA1L);
+        R2(A, B, C, D, X(1), 3, 0x6ED9EBA1L);
+        R2(D, A, B, C, X(9), 9, 0x6ED9EBA1L);
+        R2(C, D, A, B, X(5), 11, 0x6ED9EBA1L);
+        R2(B, C, D, A, X(13), 15, 0x6ED9EBA1L);
+        R2(A, B, C, D, X(3), 3, 0x6ED9EBA1L);
+        R2(D, A, B, C, X(11), 9, 0x6ED9EBA1L);
+        R2(C, D, A, B, X(7), 11, 0x6ED9EBA1L);
+        R2(B, C, D, A, X(15), 15, 0x6ED9EBA1L);
+
+        A = c->A += A;
+        B = c->B += B;
+        C = c->C += C;
+        D = c->D += D;
+    }
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/md4/md4_locl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/md4/md4_locl.h
new file mode 100644
index 000000000..a6c4003fd
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/md4/md4_locl.h
@@ -0,0 +1,60 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/opensslconf.h>
+#include <openssl/md4.h>
+
+void md4_block_data_order(MD4_CTX *c, const void *p, size_t num);
+
+#define DATA_ORDER_IS_LITTLE_ENDIAN
+
+#define HASH_LONG               MD4_LONG
+#define HASH_CTX                MD4_CTX
+#define HASH_CBLOCK             MD4_CBLOCK
+#define HASH_UPDATE             MD4_Update
+#define HASH_TRANSFORM          MD4_Transform
+#define HASH_FINAL              MD4_Final
+#define HASH_MAKE_STRING(c,s)   do {    \
+        unsigned long ll;               \
+        ll=(c)->A; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->B; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->C; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->D; (void)HOST_l2c(ll,(s));      \
+        } while (0)
+#define HASH_BLOCK_DATA_ORDER   md4_block_data_order
+
+#include "internal/md32_common.h"
+
+/*-
+#define F(x,y,z)        (((x) & (y))  |  ((~(x)) & (z)))
+#define G(x,y,z)        (((x) & (y))  |  ((x) & ((z))) | ((y) & ((z))))
+*/
+
+/*
+ * As pointed out by Wei Dai, the above can be simplified to the code
+ * below.  Wei attributes these optimizations to Peter Gutmann's SHS code,
+ * and he attributes it to Rich Schroeppel.
+ */
+#define F(b,c,d)        ((((c) ^ (d)) & (b)) ^ (d))
+#define G(b,c,d)        (((b) & (c)) | ((b) & (d)) | ((c) & (d)))
+#define H(b,c,d)        ((b) ^ (c) ^ (d))
+
+#define R0(a,b,c,d,k,s,t) { \
+        a+=((k)+(t)+F((b),(c),(d))); \
+        a=ROTATE(a,s); };
+
+#define R1(a,b,c,d,k,s,t) { \
+        a+=((k)+(t)+G((b),(c),(d))); \
+        a=ROTATE(a,s); };\
+
+#define R2(a,b,c,d,k,s,t) { \
+        a+=((k)+(t)+H((b),(c),(d))); \
+        a=ROTATE(a,s); };
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/md4/md4_one.c b/trunk/3rdparty/openssl-1.1-fit/crypto/md4/md4_one.c
new file mode 100644
index 000000000..9e52303c2
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/md4/md4_one.c
@@ -0,0 +1,47 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/md4.h>
+#include <openssl/crypto.h>
+
+#ifdef CHARSET_EBCDIC
+# include <openssl/ebcdic.h>
+#endif
+
+unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md)
+{
+    MD4_CTX c;
+    static unsigned char m[MD4_DIGEST_LENGTH];
+
+    if (md == NULL)
+        md = m;
+    if (!MD4_Init(&c))
+        return NULL;
+#ifndef CHARSET_EBCDIC
+    MD4_Update(&c, d, n);
+#else
+    {
+        char temp[1024];
+        unsigned long chunk;
+
+        while (n > 0) {
+            chunk = (n > sizeof(temp)) ? sizeof(temp) : n;
+            ebcdic2ascii(temp, d, chunk);
+            MD4_Update(&c, temp, chunk);
+            n -= chunk;
+            d += chunk;
+        }
+    }
+#endif
+    MD4_Final(md, &c);
+    OPENSSL_cleanse(&c, sizeof(c)); /* security consideration */
+    return md;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/md5/asm/md5-586.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/md5/asm/md5-586.pl
new file mode 100644
index 000000000..15e14864d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/md5/asm/md5-586.pl
@@ -0,0 +1,318 @@
+#! /usr/bin/env perl
+# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# Normal is the
+# md5_block_x86(MD5_CTX *c, ULONG *X);
+# version, non-normal is the
+# md5_block_x86(MD5_CTX *c, ULONG *X,int blocks);
+
+$normal=0;
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+
+$output=pop;
+open STDOUT,">$output";
+
+&asm_init($ARGV[0]);
+
+$A="eax";
+$B="ebx";
+$C="ecx";
+$D="edx";
+$tmp1="edi";
+$tmp2="ebp";
+$X="esi";
+
+# What we need to load into $tmp for the next round
+%Ltmp1=("R0",&Np($C), "R1",&Np($C), "R2",&Np($C), "R3",&Np($D));
+@xo=(
+ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,	# R0
+ 1, 6, 11, 0, 5, 10, 15, 4, 9, 14, 3, 8, 13, 2, 7, 12,	# R1
+ 5, 8, 11, 14, 1, 4, 7, 10, 13, 0, 3, 6, 9, 12, 15, 2,	# R2
+ 0, 7, 14, 5, 12, 3, 10, 1, 8, 15, 6, 13, 4, 11, 2, 9,	# R3
+ );
+
+&md5_block("md5_block_asm_data_order");
+&asm_finish();
+
+close STDOUT;
+
+sub Np
+	{
+	local($p)=@_;
+	local(%n)=($A,$D,$B,$A,$C,$B,$D,$C);
+	return($n{$p});
+	}
+
+sub R0
+	{
+	local($pos,$a,$b,$c,$d,$K,$ki,$s,$t)=@_;
+
+	&mov($tmp1,$C)  if $pos < 0;
+	&mov($tmp2,&DWP($xo[$ki]*4,$K,"",0)) if $pos < 0; # very first one
+
+	# body proper
+
+	&comment("R0 $ki");
+	&xor($tmp1,$d); # F function - part 2
+
+	&and($tmp1,$b); # F function - part 3
+	&lea($a,&DWP($t,$a,$tmp2,1));
+
+	&xor($tmp1,$d); # F function - part 4
+	&mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0)) if ($pos != 2);
+
+	&add($a,$tmp1);
+
+	&rotl($a,$s);
+
+	&mov($tmp1,&Np($c)) if $pos < 1;	# next tmp1 for R0
+	&mov($tmp1,&Np($c)) if $pos == 1;	# next tmp1 for R1
+
+	&add($a,$b);
+	}
+
+sub R1
+	{
+	local($pos,$a,$b,$c,$d,$K,$ki,$s,$t)=@_;
+
+	&comment("R1 $ki");
+
+	&xor($tmp1,$b); # G function - part 2
+	&and($tmp1,$d); # G function - part 3
+	&lea($a,&DWP($t,$a,$tmp2,1));
+
+	&xor($tmp1,$c);			# G function - part 4
+	&mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0)) if ($pos != 2);
+
+	&add($a,$tmp1);
+	&mov($tmp1,&Np($c)) if $pos < 1;	# G function - part 1
+	&mov($tmp1,&Np($c)) if $pos == 1;	# G function - part 1
+
+	&rotl($a,$s);
+
+	&add($a,$b);
+	}
+
+sub R2
+	{
+	local($n,$pos,$a,$b,$c,$d,$K,$ki,$s,$t)=@_;
+	# This one is different, only 3 logical operations
+
+if (($n & 1) == 0)
+	{
+	&comment("R2 $ki");
+	# make sure to do 'D' first, not 'B', else we clash with
+	# the last add from the previous round.
+
+	&xor($tmp1,$d); # H function - part 2
+
+	&xor($tmp1,$b); # H function - part 3
+	&lea($a,&DWP($t,$a,$tmp2,1));
+
+	&add($a,$tmp1);
+	&mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0));
+
+	&rotl($a,$s);
+
+	&mov($tmp1,&Np($c));
+	}
+else
+	{
+	&comment("R2 $ki");
+	# make sure to do 'D' first, not 'B', else we clash with
+	# the last add from the previous round.
+
+	&add($b,$c);			# MOVED FORWARD
+	&xor($tmp1,$d); # H function - part 2
+
+	&lea($a,&DWP($t,$a,$tmp2,1));
+
+	&xor($tmp1,$b); # H function - part 3
+	&mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0)) if ($pos != 2);
+
+	&add($a,$tmp1);
+	&mov($tmp1,&Np($c)) if $pos < 1;	# H function - part 1
+	&mov($tmp1,-1) if $pos == 1;		# I function - part 1
+
+	&rotl($a,$s);
+
+	&add($a,$b);
+	}
+	}
+
+sub R3
+	{
+	local($pos,$a,$b,$c,$d,$K,$ki,$s,$t)=@_;
+
+	&comment("R3 $ki");
+
+	# &not($tmp1)
+	&xor($tmp1,$d) if $pos < 0; 	# I function - part 2
+
+	&or($tmp1,$b);				# I function - part 3
+	&lea($a,&DWP($t,$a,$tmp2,1));
+
+	&xor($tmp1,$c); 			# I function - part 4
+	&mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0))	if $pos != 2; # load X/k value
+	&mov($tmp2,&wparam(0)) if $pos == 2;
+
+	&add($a,$tmp1);
+	&mov($tmp1,-1) if $pos < 1;	# H function - part 1
+	&add($K,64) if $pos >=1 && !$normal;
+
+	&rotl($a,$s);
+
+	&xor($tmp1,&Np($d)) if $pos <= 0; 	# I function - part = first time
+	&mov($tmp1,&DWP( 0,$tmp2,"",0)) if $pos > 0;
+	&add($a,$b);
+	}
+
+
+sub md5_block
+	{
+	local($name)=@_;
+
+	&function_begin_B($name,"",3);
+
+	# parameter 1 is the MD5_CTX structure.
+	# A	0
+	# B	4
+	# C	8
+	# D 	12
+
+	&push("esi");
+	 &push("edi");
+	&mov($tmp1,	&wparam(0)); # edi
+	 &mov($X,	&wparam(1)); # esi
+	&mov($C,	&wparam(2));
+	 &push("ebp");
+	&shl($C,	6);
+	&push("ebx");
+	 &add($C,	$X); # offset we end at
+	&sub($C,	64);
+	 &mov($A,	&DWP( 0,$tmp1,"",0));
+	&push($C);	# Put on the TOS
+	 &mov($B,	&DWP( 4,$tmp1,"",0));
+	&mov($C,	&DWP( 8,$tmp1,"",0));
+	 &mov($D,	&DWP(12,$tmp1,"",0));
+
+	&set_label("start") unless $normal;
+	&comment("");
+	&comment("R0 section");
+
+	&R0(-2,$A,$B,$C,$D,$X, 0, 7,0xd76aa478);
+	&R0( 0,$D,$A,$B,$C,$X, 1,12,0xe8c7b756);
+	&R0( 0,$C,$D,$A,$B,$X, 2,17,0x242070db);
+	&R0( 0,$B,$C,$D,$A,$X, 3,22,0xc1bdceee);
+	&R0( 0,$A,$B,$C,$D,$X, 4, 7,0xf57c0faf);
+	&R0( 0,$D,$A,$B,$C,$X, 5,12,0x4787c62a);
+	&R0( 0,$C,$D,$A,$B,$X, 6,17,0xa8304613);
+	&R0( 0,$B,$C,$D,$A,$X, 7,22,0xfd469501);
+	&R0( 0,$A,$B,$C,$D,$X, 8, 7,0x698098d8);
+	&R0( 0,$D,$A,$B,$C,$X, 9,12,0x8b44f7af);
+	&R0( 0,$C,$D,$A,$B,$X,10,17,0xffff5bb1);
+	&R0( 0,$B,$C,$D,$A,$X,11,22,0x895cd7be);
+	&R0( 0,$A,$B,$C,$D,$X,12, 7,0x6b901122);
+	&R0( 0,$D,$A,$B,$C,$X,13,12,0xfd987193);
+	&R0( 0,$C,$D,$A,$B,$X,14,17,0xa679438e);
+	&R0( 1,$B,$C,$D,$A,$X,15,22,0x49b40821);
+
+	&comment("");
+	&comment("R1 section");
+	&R1(-1,$A,$B,$C,$D,$X,16, 5,0xf61e2562);
+	&R1( 0,$D,$A,$B,$C,$X,17, 9,0xc040b340);
+	&R1( 0,$C,$D,$A,$B,$X,18,14,0x265e5a51);
+	&R1( 0,$B,$C,$D,$A,$X,19,20,0xe9b6c7aa);
+	&R1( 0,$A,$B,$C,$D,$X,20, 5,0xd62f105d);
+	&R1( 0,$D,$A,$B,$C,$X,21, 9,0x02441453);
+	&R1( 0,$C,$D,$A,$B,$X,22,14,0xd8a1e681);
+	&R1( 0,$B,$C,$D,$A,$X,23,20,0xe7d3fbc8);
+	&R1( 0,$A,$B,$C,$D,$X,24, 5,0x21e1cde6);
+	&R1( 0,$D,$A,$B,$C,$X,25, 9,0xc33707d6);
+	&R1( 0,$C,$D,$A,$B,$X,26,14,0xf4d50d87);
+	&R1( 0,$B,$C,$D,$A,$X,27,20,0x455a14ed);
+	&R1( 0,$A,$B,$C,$D,$X,28, 5,0xa9e3e905);
+	&R1( 0,$D,$A,$B,$C,$X,29, 9,0xfcefa3f8);
+	&R1( 0,$C,$D,$A,$B,$X,30,14,0x676f02d9);
+	&R1( 1,$B,$C,$D,$A,$X,31,20,0x8d2a4c8a);
+
+	&comment("");
+	&comment("R2 section");
+	&R2( 0,-1,$A,$B,$C,$D,$X,32, 4,0xfffa3942);
+	&R2( 1, 0,$D,$A,$B,$C,$X,33,11,0x8771f681);
+	&R2( 2, 0,$C,$D,$A,$B,$X,34,16,0x6d9d6122);
+	&R2( 3, 0,$B,$C,$D,$A,$X,35,23,0xfde5380c);
+	&R2( 4, 0,$A,$B,$C,$D,$X,36, 4,0xa4beea44);
+	&R2( 5, 0,$D,$A,$B,$C,$X,37,11,0x4bdecfa9);
+	&R2( 6, 0,$C,$D,$A,$B,$X,38,16,0xf6bb4b60);
+	&R2( 7, 0,$B,$C,$D,$A,$X,39,23,0xbebfbc70);
+	&R2( 8, 0,$A,$B,$C,$D,$X,40, 4,0x289b7ec6);
+	&R2( 9, 0,$D,$A,$B,$C,$X,41,11,0xeaa127fa);
+	&R2(10, 0,$C,$D,$A,$B,$X,42,16,0xd4ef3085);
+	&R2(11, 0,$B,$C,$D,$A,$X,43,23,0x04881d05);
+	&R2(12, 0,$A,$B,$C,$D,$X,44, 4,0xd9d4d039);
+	&R2(13, 0,$D,$A,$B,$C,$X,45,11,0xe6db99e5);
+	&R2(14, 0,$C,$D,$A,$B,$X,46,16,0x1fa27cf8);
+	&R2(15, 1,$B,$C,$D,$A,$X,47,23,0xc4ac5665);
+
+	&comment("");
+	&comment("R3 section");
+	&R3(-1,$A,$B,$C,$D,$X,48, 6,0xf4292244);
+	&R3( 0,$D,$A,$B,$C,$X,49,10,0x432aff97);
+	&R3( 0,$C,$D,$A,$B,$X,50,15,0xab9423a7);
+	&R3( 0,$B,$C,$D,$A,$X,51,21,0xfc93a039);
+	&R3( 0,$A,$B,$C,$D,$X,52, 6,0x655b59c3);
+	&R3( 0,$D,$A,$B,$C,$X,53,10,0x8f0ccc92);
+	&R3( 0,$C,$D,$A,$B,$X,54,15,0xffeff47d);
+	&R3( 0,$B,$C,$D,$A,$X,55,21,0x85845dd1);
+	&R3( 0,$A,$B,$C,$D,$X,56, 6,0x6fa87e4f);
+	&R3( 0,$D,$A,$B,$C,$X,57,10,0xfe2ce6e0);
+	&R3( 0,$C,$D,$A,$B,$X,58,15,0xa3014314);
+	&R3( 0,$B,$C,$D,$A,$X,59,21,0x4e0811a1);
+	&R3( 0,$A,$B,$C,$D,$X,60, 6,0xf7537e82);
+	&R3( 0,$D,$A,$B,$C,$X,61,10,0xbd3af235);
+	&R3( 0,$C,$D,$A,$B,$X,62,15,0x2ad7d2bb);
+	&R3( 2,$B,$C,$D,$A,$X,63,21,0xeb86d391);
+
+	# &mov($tmp2,&wparam(0));	# done in the last R3
+	# &mov($tmp1,	&DWP( 0,$tmp2,"",0)); # done is the last R3
+
+	&add($A,$tmp1);
+	 &mov($tmp1,	&DWP( 4,$tmp2,"",0));
+
+	&add($B,$tmp1);
+	&mov($tmp1,	&DWP( 8,$tmp2,"",0));
+
+	&add($C,$tmp1);
+	&mov($tmp1,	&DWP(12,$tmp2,"",0));
+
+	&add($D,$tmp1);
+	&mov(&DWP( 0,$tmp2,"",0),$A);
+
+	&mov(&DWP( 4,$tmp2,"",0),$B);
+	&mov($tmp1,&swtmp(0)) unless $normal;
+
+	&mov(&DWP( 8,$tmp2,"",0),$C);
+	 &mov(&DWP(12,$tmp2,"",0),$D);
+
+	&cmp($tmp1,$X) unless $normal;			# check count
+	 &jae(&label("start")) unless $normal;
+
+	&pop("eax"); # pop the temp variable off the stack
+	 &pop("ebx");
+	&pop("ebp");
+	 &pop("edi");
+	&pop("esi");
+	 &ret();
+	&function_end_B($name);
+	}
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/md5/asm/md5-sparcv9.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/md5/asm/md5-sparcv9.pl
new file mode 100644
index 000000000..6a62c6253
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/md5/asm/md5-sparcv9.pl
@@ -0,0 +1,437 @@
+#! /usr/bin/env perl
+# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+#
+# Hardware SPARC T4 support by David S. Miller.
+# ====================================================================
+
+# MD5 for SPARCv9, 6.9 cycles per byte on UltraSPARC, >40% faster than
+# code generated by Sun C 5.2.
+
+# SPARC T4 MD5 hardware achieves 3.20 cycles per byte, which is 2.1x
+# faster than software. Multi-process benchmark saturates at 12x
+# single-process result on 8-core processor, or ~11GBps per 2.85GHz
+# socket.
+
+$output=pop;
+open STDOUT,">$output";
+
+use integer;
+
+($ctx,$inp,$len)=("%i0","%i1","%i2");	# input arguments
+
+# 64-bit values
+@X=("%o0","%o1","%o2","%o3","%o4","%o5","%o7","%g1","%g2");
+$tx="%g3";
+($AB,$CD)=("%g4","%g5");
+
+# 32-bit values
+@V=($A,$B,$C,$D)=map("%l$_",(0..3));
+($t1,$t2,$t3,$saved_asi)=map("%l$_",(4..7));
+($shr,$shl1,$shl2)=("%i3","%i4","%i5");
+
+my @K=(	0xd76aa478,0xe8c7b756,0x242070db,0xc1bdceee,
+	0xf57c0faf,0x4787c62a,0xa8304613,0xfd469501,
+	0x698098d8,0x8b44f7af,0xffff5bb1,0x895cd7be,
+	0x6b901122,0xfd987193,0xa679438e,0x49b40821,
+
+	0xf61e2562,0xc040b340,0x265e5a51,0xe9b6c7aa,
+	0xd62f105d,0x02441453,0xd8a1e681,0xe7d3fbc8,
+	0x21e1cde6,0xc33707d6,0xf4d50d87,0x455a14ed,
+	0xa9e3e905,0xfcefa3f8,0x676f02d9,0x8d2a4c8a,
+
+	0xfffa3942,0x8771f681,0x6d9d6122,0xfde5380c,
+	0xa4beea44,0x4bdecfa9,0xf6bb4b60,0xbebfbc70,
+	0x289b7ec6,0xeaa127fa,0xd4ef3085,0x04881d05,
+	0xd9d4d039,0xe6db99e5,0x1fa27cf8,0xc4ac5665,
+
+	0xf4292244,0x432aff97,0xab9423a7,0xfc93a039,
+	0x655b59c3,0x8f0ccc92,0xffeff47d,0x85845dd1,
+	0x6fa87e4f,0xfe2ce6e0,0xa3014314,0x4e0811a1,
+	0xf7537e82,0xbd3af235,0x2ad7d2bb,0xeb86d391, 0	);
+
+sub R0 {
+  my ($i,$a,$b,$c,$d) = @_;
+  my $rot = (7,12,17,22)[$i%4];
+  my $j   = ($i+1)/2;
+
+  if ($i&1) {
+    $code.=<<___;
+	 srlx	@X[$j],$shr,@X[$j]	! align X[`$i+1`]
+	and	$b,$t1,$t1		! round $i
+	 sllx	@X[$j+1],$shl1,$tx
+	add	$t2,$a,$a
+	 sllx	$tx,$shl2,$tx
+	xor	$d,$t1,$t1
+	 or	$tx,@X[$j],@X[$j]
+	 sethi	%hi(@K[$i+1]),$t2
+	add	$t1,$a,$a
+	 or	$t2,%lo(@K[$i+1]),$t2
+	sll	$a,$rot,$t3
+	 add	@X[$j],$t2,$t2		! X[`$i+1`]+K[`$i+1`]
+	srl	$a,32-$rot,$a
+	add	$b,$t3,$t3
+	 xor	 $b,$c,$t1
+	add	$t3,$a,$a
+___
+  } else {
+    $code.=<<___;
+	 srlx	@X[$j],32,$tx		! extract X[`2*$j+1`]
+	and	$b,$t1,$t1		! round $i
+	add	$t2,$a,$a
+	xor	$d,$t1,$t1
+	 sethi	%hi(@K[$i+1]),$t2
+	add	$t1,$a,$a
+	 or	$t2,%lo(@K[$i+1]),$t2
+	sll	$a,$rot,$t3
+	 add	$tx,$t2,$t2		! X[`2*$j+1`]+K[`$i+1`]
+	srl	$a,32-$rot,$a
+	add	$b,$t3,$t3
+	 xor	 $b,$c,$t1
+	add	$t3,$a,$a
+___
+  }
+}
+
+sub R0_1 {
+  my ($i,$a,$b,$c,$d) = @_;
+  my $rot = (7,12,17,22)[$i%4];
+
+$code.=<<___;
+	 srlx	@X[0],32,$tx		! extract X[1]
+	and	$b,$t1,$t1		! round $i
+	add	$t2,$a,$a
+	xor	$d,$t1,$t1
+	 sethi	%hi(@K[$i+1]),$t2
+	add	$t1,$a,$a
+	 or	$t2,%lo(@K[$i+1]),$t2
+	sll	$a,$rot,$t3
+	 add	$tx,$t2,$t2		! X[1]+K[`$i+1`]
+	srl	$a,32-$rot,$a
+	add	$b,$t3,$t3
+	 andn	 $b,$c,$t1
+	add	$t3,$a,$a
+___
+}
+
+sub R1 {
+  my ($i,$a,$b,$c,$d) = @_;
+  my $rot = (5,9,14,20)[$i%4];
+  my $j   = $i<31 ? (1+5*($i+1))%16 : (5+3*($i+1))%16;
+  my $xi  = @X[$j/2];
+
+$code.=<<___ if ($j&1 && ($xi=$tx));
+	 srlx	@X[$j/2],32,$xi		! extract X[$j]
+___
+$code.=<<___;
+	and	$b,$d,$t3		! round $i
+	add	$t2,$a,$a
+	or	$t3,$t1,$t1
+	 sethi	%hi(@K[$i+1]),$t2
+	add	$t1,$a,$a
+	 or	$t2,%lo(@K[$i+1]),$t2
+	sll	$a,$rot,$t3
+	 add	$xi,$t2,$t2		! X[$j]+K[`$i+1`]
+	srl	$a,32-$rot,$a
+	add	$b,$t3,$t3
+	 `$i<31?"andn":"xor"`	 $b,$c,$t1
+	add	$t3,$a,$a
+___
+}
+
+sub R2 {
+  my ($i,$a,$b,$c,$d) = @_;
+  my $rot = (4,11,16,23)[$i%4];
+  my $j   = $i<47 ? (5+3*($i+1))%16 : (0+7*($i+1))%16;
+  my $xi  = @X[$j/2];
+
+$code.=<<___ if ($j&1 && ($xi=$tx));
+	 srlx	@X[$j/2],32,$xi		! extract X[$j]
+___
+$code.=<<___;
+	add	$t2,$a,$a		! round $i
+	xor	$b,$t1,$t1
+	 sethi	%hi(@K[$i+1]),$t2
+	add	$t1,$a,$a
+	 or	$t2,%lo(@K[$i+1]),$t2
+	sll	$a,$rot,$t3
+	 add	$xi,$t2,$t2		! X[$j]+K[`$i+1`]
+	srl	$a,32-$rot,$a
+	add	$b,$t3,$t3
+	 xor	 $b,$c,$t1
+	add	$t3,$a,$a
+___
+}
+
+sub R3 {
+  my ($i,$a,$b,$c,$d) = @_;
+  my $rot = (6,10,15,21)[$i%4];
+  my $j   = (0+7*($i+1))%16;
+  my $xi  = @X[$j/2];
+
+$code.=<<___;
+	add	$t2,$a,$a		! round $i
+___
+$code.=<<___ if ($j&1 && ($xi=$tx));
+	 srlx	@X[$j/2],32,$xi		! extract X[$j]
+___
+$code.=<<___;
+	orn	$b,$d,$t1
+	 sethi	%hi(@K[$i+1]),$t2
+	xor	$c,$t1,$t1
+	 or	$t2,%lo(@K[$i+1]),$t2
+	add	$t1,$a,$a
+	sll	$a,$rot,$t3
+	 add	$xi,$t2,$t2		! X[$j]+K[`$i+1`]
+	srl	$a,32-$rot,$a
+	add	$b,$t3,$t3
+	add	$t3,$a,$a
+___
+}
+
+$code.=<<___;
+#include "sparc_arch.h"
+
+#ifdef __arch64__
+.register	%g2,#scratch
+.register	%g3,#scratch
+#endif
+
+.section	".text",#alloc,#execinstr
+
+#ifdef __PIC__
+SPARC_PIC_THUNK(%g1)
+#endif
+
+.globl	md5_block_asm_data_order
+.align	32
+md5_block_asm_data_order:
+	SPARC_LOAD_ADDRESS_LEAF(OPENSSL_sparcv9cap_P,%g1,%g5)
+	ld	[%g1+4],%g1		! OPENSSL_sparcv9cap_P[1]
+
+	andcc	%g1, CFR_MD5, %g0
+	be	.Lsoftware
+	nop
+
+	mov	4, %g1
+	andcc	%o1, 0x7, %g0
+	lda	[%o0 + %g0]0x88, %f0		! load context
+	lda	[%o0 + %g1]0x88, %f1
+	add	%o0, 8, %o0
+	lda	[%o0 + %g0]0x88, %f2
+	lda	[%o0 + %g1]0x88, %f3
+	bne,pn	%icc, .Lhwunaligned
+	sub	%o0, 8, %o0
+
+.Lhw_loop:
+	ldd	[%o1 + 0x00], %f8
+	ldd	[%o1 + 0x08], %f10
+	ldd	[%o1 + 0x10], %f12
+	ldd	[%o1 + 0x18], %f14
+	ldd	[%o1 + 0x20], %f16
+	ldd	[%o1 + 0x28], %f18
+	ldd	[%o1 + 0x30], %f20
+	subcc	%o2, 1, %o2		! done yet?
+	ldd	[%o1 + 0x38], %f22
+	add	%o1, 0x40, %o1
+	prefetch [%o1 + 63], 20
+
+	.word	0x81b02800		! MD5
+
+	bne,pt	SIZE_T_CC, .Lhw_loop
+	nop
+
+.Lhwfinish:
+	sta	%f0, [%o0 + %g0]0x88	! store context
+	sta	%f1, [%o0 + %g1]0x88
+	add	%o0, 8, %o0
+	sta	%f2, [%o0 + %g0]0x88
+	sta	%f3, [%o0 + %g1]0x88
+	retl
+	nop
+
+.align	8
+.Lhwunaligned:
+	alignaddr %o1, %g0, %o1
+
+	ldd	[%o1 + 0x00], %f10
+.Lhwunaligned_loop:
+	ldd	[%o1 + 0x08], %f12
+	ldd	[%o1 + 0x10], %f14
+	ldd	[%o1 + 0x18], %f16
+	ldd	[%o1 + 0x20], %f18
+	ldd	[%o1 + 0x28], %f20
+	ldd	[%o1 + 0x30], %f22
+	ldd	[%o1 + 0x38], %f24
+	subcc	%o2, 1, %o2		! done yet?
+	ldd	[%o1 + 0x40], %f26
+	add	%o1, 0x40, %o1
+	prefetch [%o1 + 63], 20
+
+	faligndata %f10, %f12, %f8
+	faligndata %f12, %f14, %f10
+	faligndata %f14, %f16, %f12
+	faligndata %f16, %f18, %f14
+	faligndata %f18, %f20, %f16
+	faligndata %f20, %f22, %f18
+	faligndata %f22, %f24, %f20
+	faligndata %f24, %f26, %f22
+
+	.word	0x81b02800		! MD5
+
+	bne,pt	SIZE_T_CC, .Lhwunaligned_loop
+	for	%f26, %f26, %f10	! %f10=%f26
+
+	ba	.Lhwfinish
+	nop
+
+.align	16
+.Lsoftware:
+	save	%sp,-STACK_FRAME,%sp
+
+	rd	%asi,$saved_asi
+	wr	%g0,0x88,%asi		! ASI_PRIMARY_LITTLE
+	and	$inp,7,$shr
+	andn	$inp,7,$inp
+
+	sll	$shr,3,$shr		! *=8
+	mov	56,$shl2
+	ld	[$ctx+0],$A
+	sub	$shl2,$shr,$shl2
+	ld	[$ctx+4],$B
+	and	$shl2,32,$shl1
+	add	$shl2,8,$shl2
+	ld	[$ctx+8],$C
+	sub	$shl2,$shl1,$shl2	! shr+shl1+shl2==64
+	ld	[$ctx+12],$D
+	nop
+
+.Loop:
+	 cmp	$shr,0			! was inp aligned?
+	ldxa	[$inp+0]%asi,@X[0]	! load little-endian input
+	ldxa	[$inp+8]%asi,@X[1]
+	ldxa	[$inp+16]%asi,@X[2]
+	ldxa	[$inp+24]%asi,@X[3]
+	ldxa	[$inp+32]%asi,@X[4]
+	 sllx	$A,32,$AB		! pack A,B
+	ldxa	[$inp+40]%asi,@X[5]
+	 sllx	$C,32,$CD		! pack C,D
+	ldxa	[$inp+48]%asi,@X[6]
+	 or	$B,$AB,$AB
+	ldxa	[$inp+56]%asi,@X[7]
+	 or	$D,$CD,$CD
+	bnz,a,pn	%icc,.+8
+	ldxa	[$inp+64]%asi,@X[8]
+
+	srlx	@X[0],$shr,@X[0]	! align X[0]
+	sllx	@X[1],$shl1,$tx
+	 sethi	%hi(@K[0]),$t2
+	sllx	$tx,$shl2,$tx
+	 or	$t2,%lo(@K[0]),$t2
+	or	$tx,@X[0],@X[0]
+	 xor	$C,$D,$t1
+	 add	@X[0],$t2,$t2		! X[0]+K[0]
+___
+	for ($i=0;$i<15;$i++)	{ &R0($i,@V);	unshift(@V,pop(@V)); }
+	for (;$i<16;$i++)	{ &R0_1($i,@V);	unshift(@V,pop(@V)); }
+	for (;$i<32;$i++)	{ &R1($i,@V);	unshift(@V,pop(@V)); }
+	for (;$i<48;$i++)	{ &R2($i,@V);	unshift(@V,pop(@V)); }
+	for (;$i<64;$i++)	{ &R3($i,@V);	unshift(@V,pop(@V)); }
+$code.=<<___;
+	srlx	$AB,32,$t1		! unpack A,B,C,D and accumulate
+	add	$inp,64,$inp		! advance inp
+	srlx	$CD,32,$t2
+	add	$t1,$A,$A
+	subcc	$len,1,$len		! done yet?
+	add	$AB,$B,$B
+	add	$t2,$C,$C
+	add	$CD,$D,$D
+	srl	$B,0,$B			! clruw	$B
+	bne	SIZE_T_CC,.Loop
+	srl	$D,0,$D			! clruw	$D
+
+	st	$A,[$ctx+0]		! write out ctx
+	st	$B,[$ctx+4]
+	st	$C,[$ctx+8]
+	st	$D,[$ctx+12]
+
+	wr	%g0,$saved_asi,%asi
+	ret
+	restore
+.type	md5_block_asm_data_order,#function
+.size	md5_block_asm_data_order,(.-md5_block_asm_data_order)
+
+.asciz	"MD5 block transform for SPARCv9, CRYPTOGAMS by <appro\@openssl.org>"
+.align	4
+___
+
+# Purpose of these subroutines is to explicitly encode VIS instructions,
+# so that one can compile the module without having to specify VIS
+# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
+# Idea is to reserve for option to produce "universal" binary and let
+# programmer detect if current CPU is VIS capable at run-time.
+sub unvis {
+my ($mnemonic,$rs1,$rs2,$rd)=@_;
+my $ref,$opf;
+my %visopf = (	"faligndata"	=> 0x048,
+		"for"		=> 0x07c	);
+
+    $ref = "$mnemonic\t$rs1,$rs2,$rd";
+
+    if ($opf=$visopf{$mnemonic}) {
+	foreach ($rs1,$rs2,$rd) {
+	    return $ref if (!/%f([0-9]{1,2})/);
+	    $_=$1;
+	    if ($1>=32) {
+		return $ref if ($1&1);
+		# re-encode for upper double register addressing
+		$_=($1|$1>>5)&31;
+	    }
+	}
+
+	return	sprintf ".word\t0x%08x !%s",
+			0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2,
+			$ref;
+    } else {
+	return $ref;
+    }
+}
+sub unalignaddr {
+my ($mnemonic,$rs1,$rs2,$rd)=@_;
+my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24 );
+my $ref="$mnemonic\t$rs1,$rs2,$rd";
+
+    foreach ($rs1,$rs2,$rd) {
+	if (/%([goli])([0-7])/)	{ $_=$bias{$1}+$2; }
+	else			{ return $ref; }
+    }
+    return  sprintf ".word\t0x%08x !%s",
+		    0x81b00300|$rd<<25|$rs1<<14|$rs2,
+		    $ref;
+}
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/ge;
+
+	s/\b(f[^\s]*)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*(%f[0-9]{1,2})/
+		&unvis($1,$2,$3,$4)
+	 /ge;
+	s/\b(alignaddr)\s+(%[goli][0-7]),\s*(%[goli][0-7]),\s*(%[goli][0-7])/
+		&unalignaddr($1,$2,$3,$4)
+	 /ge;
+
+	print $_,"\n";
+}
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/md5/asm/md5-x86_64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/md5/asm/md5-x86_64.pl
new file mode 100755
index 000000000..386d8048e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/md5/asm/md5-x86_64.pl
@@ -0,0 +1,393 @@
+#! /usr/bin/env perl
+# Author: Marc Bevand <bevand_m (at) epita.fr>
+# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# MD5 optimized for AMD64.
+
+use strict;
+
+my $code;
+
+# round1_step() does:
+#   dst = x + ((dst + F(x,y,z) + X[k] + T_i) <<< s)
+#   %r10d = X[k_next]
+#   %r11d = z' (copy of z for the next step)
+# Each round1_step() takes about 5.3 clocks (9 instructions, 1.7 IPC)
+sub round1_step
+{
+    my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_;
+    $code .= " mov	0*4(%rsi),	%r10d		/* (NEXT STEP) X[0] */\n" if ($pos == -1);
+    $code .= " mov	%edx,		%r11d		/* (NEXT STEP) z' = %edx */\n" if ($pos == -1);
+    $code .= <<EOF;
+	xor	$y,		%r11d		/* y ^ ... */
+	lea	$T_i($dst,%r10d),$dst		/* Const + dst + ... */
+	and	$x,		%r11d		/* x & ... */
+	mov	$k_next*4(%rsi),%r10d		/* (NEXT STEP) X[$k_next] */
+	xor	$z,		%r11d		/* z ^ ... */
+	add	%r11d,		$dst		/* dst += ... */
+	rol	\$$s,		$dst		/* dst <<< s */
+	mov	$y,		%r11d		/* (NEXT STEP) z' = $y */
+	add	$x,		$dst		/* dst += x */
+EOF
+}
+
+# round2_step() does:
+#   dst = x + ((dst + G(x,y,z) + X[k] + T_i) <<< s)
+#   %r10d = X[k_next]
+#   %r11d = z' (copy of z for the next step)
+#   %r12d = z' (copy of z for the next step)
+# Each round2_step() takes about 5.4 clocks (11 instructions, 2.0 IPC)
+sub round2_step
+{
+    my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_;
+    $code .= " mov	%edx,		%r11d		/* (NEXT STEP) z' = %edx */\n" if ($pos == -1);
+    $code .= " mov	%edx,		%r12d		/* (NEXT STEP) z' = %edx */\n" if ($pos == -1);
+    $code .= <<EOF;
+	not	%r11d				/* not z */
+	and	$x,		%r12d		/* x & z */
+	lea	$T_i($dst,%r10d),$dst		/* Const + dst + ... */
+	and	$y,		%r11d		/* y & (not z) */
+	mov	$k_next*4(%rsi),%r10d		/* (NEXT STEP) X[$k_next] */
+	or	%r11d,		%r12d		/* (y & (not z)) | (x & z) */
+	mov	$y,		%r11d		/* (NEXT STEP) z' = $y */
+	add	%r12d,		$dst		/* dst += ... */
+	mov	$y,		%r12d		/* (NEXT STEP) z' = $y */
+	rol	\$$s,		$dst		/* dst <<< s */
+	add	$x,		$dst		/* dst += x */
+EOF
+}
+
+# round3_step() does:
+#   dst = x + ((dst + H(x,y,z) + X[k] + T_i) <<< s)
+#   %r10d = X[k_next]
+#   %r11d = y' (copy of y for the next step)
+# Each round3_step() takes about 4.2 clocks (8 instructions, 1.9 IPC)
+{ my $round3_alter=0;
+sub round3_step
+{
+    my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_;
+    $code .= " mov	%ecx,		%r11d		/* (NEXT STEP) y' = %ecx */\n" if ($pos == -1);
+    $code .= <<EOF;
+	lea	$T_i($dst,%r10d),$dst		/* Const + dst + ... */
+	xor	$z,		%r11d		/* z ^ ... */
+	mov	$k_next*4(%rsi),%r10d		/* (NEXT STEP) X[$k_next] */
+	xor	$x,		%r11d		/* x ^ ... */
+	add	%r11d,		$dst		/* dst += ... */
+EOF
+    $code .= <<EOF if ($round3_alter);
+	rol	\$$s,		$dst		/* dst <<< s */
+	mov	$x,		%r11d		/* (NEXT STEP) y' = $x */
+EOF
+    $code .= <<EOF if (!$round3_alter);
+	mov	$x,		%r11d		/* (NEXT STEP) y' = $x */
+	rol	\$$s,		$dst		/* dst <<< s */
+EOF
+    $code .= <<EOF;
+	add	$x,		$dst		/* dst += x */
+EOF
+    $round3_alter^=1;
+}
+}
+
+# round4_step() does:
+#   dst = x + ((dst + I(x,y,z) + X[k] + T_i) <<< s)
+#   %r10d = X[k_next]
+#   %r11d = not z' (copy of not z for the next step)
+# Each round4_step() takes about 5.2 clocks (9 instructions, 1.7 IPC)
+sub round4_step
+{
+    my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_;
+    $code .= " mov	\$0xffffffff,	%r11d\n" if ($pos == -1);
+    $code .= " xor	%edx,		%r11d		/* (NEXT STEP) not z' = not %edx*/\n"
+    if ($pos == -1);
+    $code .= <<EOF;
+	lea	$T_i($dst,%r10d),$dst		/* Const + dst + ... */
+	or	$x,		%r11d		/* x | ... */
+	mov	$k_next*4(%rsi),%r10d		/* (NEXT STEP) X[$k_next] */
+	xor	$y,		%r11d		/* y ^ ... */
+	add	%r11d,		$dst		/* dst += ... */
+	mov	\$0xffffffff,	%r11d
+	rol	\$$s,		$dst		/* dst <<< s */
+	xor	$y,		%r11d		/* (NEXT STEP) not z' = not $y */
+	add	$x,		$dst		/* dst += x */
+EOF
+}
+
+no warnings qw(uninitialized);
+my $flavour = shift;
+my $output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+my $win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; my $dir=$1; my $xlate;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+$code .= <<EOF;
+.text
+.align 16
+
+.globl md5_block_asm_data_order
+.type md5_block_asm_data_order,\@function,3
+md5_block_asm_data_order:
+.cfi_startproc
+	push	%rbp
+.cfi_push	%rbp
+	push	%rbx
+.cfi_push	%rbx
+	push	%r12
+.cfi_push	%r12
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+.Lprologue:
+
+	# rdi = arg #1 (ctx, MD5_CTX pointer)
+	# rsi = arg #2 (ptr, data pointer)
+	# rdx = arg #3 (nbr, number of 16-word blocks to process)
+	mov	%rdi,		%rbp	# rbp = ctx
+	shl	\$6,		%rdx	# rdx = nbr in bytes
+	lea	(%rsi,%rdx),	%rdi	# rdi = end
+	mov	0*4(%rbp),	%eax	# eax = ctx->A
+	mov	1*4(%rbp),	%ebx	# ebx = ctx->B
+	mov	2*4(%rbp),	%ecx	# ecx = ctx->C
+	mov	3*4(%rbp),	%edx	# edx = ctx->D
+	# end is 'rdi'
+	# ptr is 'rsi'
+	# A is 'eax'
+	# B is 'ebx'
+	# C is 'ecx'
+	# D is 'edx'
+
+	cmp	%rdi,		%rsi		# cmp end with ptr
+	je	.Lend				# jmp if ptr == end
+
+	# BEGIN of loop over 16-word blocks
+.Lloop:	# save old values of A, B, C, D
+	mov	%eax,		%r8d
+	mov	%ebx,		%r9d
+	mov	%ecx,		%r14d
+	mov	%edx,		%r15d
+EOF
+round1_step(-1,'%eax','%ebx','%ecx','%edx', '1','0xd76aa478', '7');
+round1_step( 0,'%edx','%eax','%ebx','%ecx', '2','0xe8c7b756','12');
+round1_step( 0,'%ecx','%edx','%eax','%ebx', '3','0x242070db','17');
+round1_step( 0,'%ebx','%ecx','%edx','%eax', '4','0xc1bdceee','22');
+round1_step( 0,'%eax','%ebx','%ecx','%edx', '5','0xf57c0faf', '7');
+round1_step( 0,'%edx','%eax','%ebx','%ecx', '6','0x4787c62a','12');
+round1_step( 0,'%ecx','%edx','%eax','%ebx', '7','0xa8304613','17');
+round1_step( 0,'%ebx','%ecx','%edx','%eax', '8','0xfd469501','22');
+round1_step( 0,'%eax','%ebx','%ecx','%edx', '9','0x698098d8', '7');
+round1_step( 0,'%edx','%eax','%ebx','%ecx','10','0x8b44f7af','12');
+round1_step( 0,'%ecx','%edx','%eax','%ebx','11','0xffff5bb1','17');
+round1_step( 0,'%ebx','%ecx','%edx','%eax','12','0x895cd7be','22');
+round1_step( 0,'%eax','%ebx','%ecx','%edx','13','0x6b901122', '7');
+round1_step( 0,'%edx','%eax','%ebx','%ecx','14','0xfd987193','12');
+round1_step( 0,'%ecx','%edx','%eax','%ebx','15','0xa679438e','17');
+round1_step( 1,'%ebx','%ecx','%edx','%eax', '1','0x49b40821','22');
+
+round2_step(-1,'%eax','%ebx','%ecx','%edx', '6','0xf61e2562', '5');
+round2_step( 0,'%edx','%eax','%ebx','%ecx','11','0xc040b340', '9');
+round2_step( 0,'%ecx','%edx','%eax','%ebx', '0','0x265e5a51','14');
+round2_step( 0,'%ebx','%ecx','%edx','%eax', '5','0xe9b6c7aa','20');
+round2_step( 0,'%eax','%ebx','%ecx','%edx','10','0xd62f105d', '5');
+round2_step( 0,'%edx','%eax','%ebx','%ecx','15', '0x2441453', '9');
+round2_step( 0,'%ecx','%edx','%eax','%ebx', '4','0xd8a1e681','14');
+round2_step( 0,'%ebx','%ecx','%edx','%eax', '9','0xe7d3fbc8','20');
+round2_step( 0,'%eax','%ebx','%ecx','%edx','14','0x21e1cde6', '5');
+round2_step( 0,'%edx','%eax','%ebx','%ecx', '3','0xc33707d6', '9');
+round2_step( 0,'%ecx','%edx','%eax','%ebx', '8','0xf4d50d87','14');
+round2_step( 0,'%ebx','%ecx','%edx','%eax','13','0x455a14ed','20');
+round2_step( 0,'%eax','%ebx','%ecx','%edx', '2','0xa9e3e905', '5');
+round2_step( 0,'%edx','%eax','%ebx','%ecx', '7','0xfcefa3f8', '9');
+round2_step( 0,'%ecx','%edx','%eax','%ebx','12','0x676f02d9','14');
+round2_step( 1,'%ebx','%ecx','%edx','%eax', '5','0x8d2a4c8a','20');
+
+round3_step(-1,'%eax','%ebx','%ecx','%edx', '8','0xfffa3942', '4');
+round3_step( 0,'%edx','%eax','%ebx','%ecx','11','0x8771f681','11');
+round3_step( 0,'%ecx','%edx','%eax','%ebx','14','0x6d9d6122','16');
+round3_step( 0,'%ebx','%ecx','%edx','%eax', '1','0xfde5380c','23');
+round3_step( 0,'%eax','%ebx','%ecx','%edx', '4','0xa4beea44', '4');
+round3_step( 0,'%edx','%eax','%ebx','%ecx', '7','0x4bdecfa9','11');
+round3_step( 0,'%ecx','%edx','%eax','%ebx','10','0xf6bb4b60','16');
+round3_step( 0,'%ebx','%ecx','%edx','%eax','13','0xbebfbc70','23');
+round3_step( 0,'%eax','%ebx','%ecx','%edx', '0','0x289b7ec6', '4');
+round3_step( 0,'%edx','%eax','%ebx','%ecx', '3','0xeaa127fa','11');
+round3_step( 0,'%ecx','%edx','%eax','%ebx', '6','0xd4ef3085','16');
+round3_step( 0,'%ebx','%ecx','%edx','%eax', '9', '0x4881d05','23');
+round3_step( 0,'%eax','%ebx','%ecx','%edx','12','0xd9d4d039', '4');
+round3_step( 0,'%edx','%eax','%ebx','%ecx','15','0xe6db99e5','11');
+round3_step( 0,'%ecx','%edx','%eax','%ebx', '2','0x1fa27cf8','16');
+round3_step( 1,'%ebx','%ecx','%edx','%eax', '0','0xc4ac5665','23');
+
+round4_step(-1,'%eax','%ebx','%ecx','%edx', '7','0xf4292244', '6');
+round4_step( 0,'%edx','%eax','%ebx','%ecx','14','0x432aff97','10');
+round4_step( 0,'%ecx','%edx','%eax','%ebx', '5','0xab9423a7','15');
+round4_step( 0,'%ebx','%ecx','%edx','%eax','12','0xfc93a039','21');
+round4_step( 0,'%eax','%ebx','%ecx','%edx', '3','0x655b59c3', '6');
+round4_step( 0,'%edx','%eax','%ebx','%ecx','10','0x8f0ccc92','10');
+round4_step( 0,'%ecx','%edx','%eax','%ebx', '1','0xffeff47d','15');
+round4_step( 0,'%ebx','%ecx','%edx','%eax', '8','0x85845dd1','21');
+round4_step( 0,'%eax','%ebx','%ecx','%edx','15','0x6fa87e4f', '6');
+round4_step( 0,'%edx','%eax','%ebx','%ecx', '6','0xfe2ce6e0','10');
+round4_step( 0,'%ecx','%edx','%eax','%ebx','13','0xa3014314','15');
+round4_step( 0,'%ebx','%ecx','%edx','%eax', '4','0x4e0811a1','21');
+round4_step( 0,'%eax','%ebx','%ecx','%edx','11','0xf7537e82', '6');
+round4_step( 0,'%edx','%eax','%ebx','%ecx', '2','0xbd3af235','10');
+round4_step( 0,'%ecx','%edx','%eax','%ebx', '9','0x2ad7d2bb','15');
+round4_step( 1,'%ebx','%ecx','%edx','%eax', '0','0xeb86d391','21');
+$code .= <<EOF;
+	# add old values of A, B, C, D
+	add	%r8d,	%eax
+	add	%r9d,	%ebx
+	add	%r14d,	%ecx
+	add	%r15d,	%edx
+
+	# loop control
+	add	\$64,		%rsi		# ptr += 64
+	cmp	%rdi,		%rsi		# cmp end with ptr
+	jb	.Lloop				# jmp if ptr < end
+	# END of loop over 16-word blocks
+
+.Lend:
+	mov	%eax,		0*4(%rbp)	# ctx->A = A
+	mov	%ebx,		1*4(%rbp)	# ctx->B = B
+	mov	%ecx,		2*4(%rbp)	# ctx->C = C
+	mov	%edx,		3*4(%rbp)	# ctx->D = D
+
+	mov	(%rsp),%r15
+.cfi_restore	%r15
+	mov	8(%rsp),%r14
+.cfi_restore	%r14
+	mov	16(%rsp),%r12
+.cfi_restore	%r12
+	mov	24(%rsp),%rbx
+.cfi_restore	%rbx
+	mov	32(%rsp),%rbp
+.cfi_restore	%rbp
+	add	\$40,%rsp
+.cfi_adjust_cfa_offset	-40
+.Lepilogue:
+	ret
+.cfi_endproc
+.size md5_block_asm_data_order,.-md5_block_asm_data_order
+EOF
+
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+my $rec="%rcx";
+my $frame="%rdx";
+my $context="%r8";
+my $disp="%r9";
+
+$code.=<<___;
+.extern	__imp_RtlVirtualUnwind
+.type	se_handler,\@abi-omnipotent
+.align	16
+se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	lea	.Lprologue(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip<.Lprologue
+	jb	.Lin_prologue
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	lea	.Lepilogue(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip>=.Lepilogue
+	jae	.Lin_prologue
+
+	lea	40(%rax),%rax
+
+	mov	-8(%rax),%rbp
+	mov	-16(%rax),%rbx
+	mov	-24(%rax),%r12
+	mov	-32(%rax),%r14
+	mov	-40(%rax),%r15
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r14,232($context)	# restore context->R14
+	mov	%r15,240($context)	# restore context->R15
+
+.Lin_prologue:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$154,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	se_handler,.-se_handler
+
+.section	.pdata
+.align	4
+	.rva	.LSEH_begin_md5_block_asm_data_order
+	.rva	.LSEH_end_md5_block_asm_data_order
+	.rva	.LSEH_info_md5_block_asm_data_order
+
+.section	.xdata
+.align	8
+.LSEH_info_md5_block_asm_data_order:
+	.byte	9,0,0,0
+	.rva	se_handler
+___
+}
+
+print $code;
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/md5/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/md5/build.info
new file mode 100644
index 000000000..e641fecd0
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/md5/build.info
@@ -0,0 +1,11 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        md5_dgst.c md5_one.c {- $target{md5_asm_src} -}
+
+GENERATE[md5-586.s]=asm/md5-586.pl \
+        $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS)
+
+GENERATE[md5-x86_64.s]=asm/md5-x86_64.pl $(PERLASM_SCHEME)
+
+GENERATE[md5-sparcv9.S]=asm/md5-sparcv9.pl $(PERLASM_SCHEME)
+INCLUDE[md5-sparcv9.o]=..
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/md5/md5_dgst.c b/trunk/3rdparty/openssl-1.1-fit/crypto/md5/md5_dgst.c
new file mode 100644
index 000000000..fbede6742
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/md5/md5_dgst.c
@@ -0,0 +1,164 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "md5_locl.h"
+#include <openssl/opensslv.h>
+
+/*
+ * Implemented from RFC1321 The MD5 Message-Digest Algorithm
+ */
+
+#define INIT_DATA_A (unsigned long)0x67452301L
+#define INIT_DATA_B (unsigned long)0xefcdab89L
+#define INIT_DATA_C (unsigned long)0x98badcfeL
+#define INIT_DATA_D (unsigned long)0x10325476L
+
+int MD5_Init(MD5_CTX *c)
+{
+    memset(c, 0, sizeof(*c));
+    c->A = INIT_DATA_A;
+    c->B = INIT_DATA_B;
+    c->C = INIT_DATA_C;
+    c->D = INIT_DATA_D;
+    return 1;
+}
+
+#ifndef md5_block_data_order
+# ifdef X
+#  undef X
+# endif
+void md5_block_data_order(MD5_CTX *c, const void *data_, size_t num)
+{
+    const unsigned char *data = data_;
+    register unsigned MD32_REG_T A, B, C, D, l;
+# ifndef MD32_XARRAY
+    /* See comment in crypto/sha/sha_locl.h for details. */
+    unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
+        XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15;
+#  define X(i)   XX##i
+# else
+    MD5_LONG XX[MD5_LBLOCK];
+#  define X(i)   XX[i]
+# endif
+
+    A = c->A;
+    B = c->B;
+    C = c->C;
+    D = c->D;
+
+    for (; num--;) {
+        (void)HOST_c2l(data, l);
+        X(0) = l;
+        (void)HOST_c2l(data, l);
+        X(1) = l;
+        /* Round 0 */
+        R0(A, B, C, D, X(0), 7, 0xd76aa478L);
+        (void)HOST_c2l(data, l);
+        X(2) = l;
+        R0(D, A, B, C, X(1), 12, 0xe8c7b756L);
+        (void)HOST_c2l(data, l);
+        X(3) = l;
+        R0(C, D, A, B, X(2), 17, 0x242070dbL);
+        (void)HOST_c2l(data, l);
+        X(4) = l;
+        R0(B, C, D, A, X(3), 22, 0xc1bdceeeL);
+        (void)HOST_c2l(data, l);
+        X(5) = l;
+        R0(A, B, C, D, X(4), 7, 0xf57c0fafL);
+        (void)HOST_c2l(data, l);
+        X(6) = l;
+        R0(D, A, B, C, X(5), 12, 0x4787c62aL);
+        (void)HOST_c2l(data, l);
+        X(7) = l;
+        R0(C, D, A, B, X(6), 17, 0xa8304613L);
+        (void)HOST_c2l(data, l);
+        X(8) = l;
+        R0(B, C, D, A, X(7), 22, 0xfd469501L);
+        (void)HOST_c2l(data, l);
+        X(9) = l;
+        R0(A, B, C, D, X(8), 7, 0x698098d8L);
+        (void)HOST_c2l(data, l);
+        X(10) = l;
+        R0(D, A, B, C, X(9), 12, 0x8b44f7afL);
+        (void)HOST_c2l(data, l);
+        X(11) = l;
+        R0(C, D, A, B, X(10), 17, 0xffff5bb1L);
+        (void)HOST_c2l(data, l);
+        X(12) = l;
+        R0(B, C, D, A, X(11), 22, 0x895cd7beL);
+        (void)HOST_c2l(data, l);
+        X(13) = l;
+        R0(A, B, C, D, X(12), 7, 0x6b901122L);
+        (void)HOST_c2l(data, l);
+        X(14) = l;
+        R0(D, A, B, C, X(13), 12, 0xfd987193L);
+        (void)HOST_c2l(data, l);
+        X(15) = l;
+        R0(C, D, A, B, X(14), 17, 0xa679438eL);
+        R0(B, C, D, A, X(15), 22, 0x49b40821L);
+        /* Round 1 */
+        R1(A, B, C, D, X(1), 5, 0xf61e2562L);
+        R1(D, A, B, C, X(6), 9, 0xc040b340L);
+        R1(C, D, A, B, X(11), 14, 0x265e5a51L);
+        R1(B, C, D, A, X(0), 20, 0xe9b6c7aaL);
+        R1(A, B, C, D, X(5), 5, 0xd62f105dL);
+        R1(D, A, B, C, X(10), 9, 0x02441453L);
+        R1(C, D, A, B, X(15), 14, 0xd8a1e681L);
+        R1(B, C, D, A, X(4), 20, 0xe7d3fbc8L);
+        R1(A, B, C, D, X(9), 5, 0x21e1cde6L);
+        R1(D, A, B, C, X(14), 9, 0xc33707d6L);
+        R1(C, D, A, B, X(3), 14, 0xf4d50d87L);
+        R1(B, C, D, A, X(8), 20, 0x455a14edL);
+        R1(A, B, C, D, X(13), 5, 0xa9e3e905L);
+        R1(D, A, B, C, X(2), 9, 0xfcefa3f8L);
+        R1(C, D, A, B, X(7), 14, 0x676f02d9L);
+        R1(B, C, D, A, X(12), 20, 0x8d2a4c8aL);
+        /* Round 2 */
+        R2(A, B, C, D, X(5), 4, 0xfffa3942L);
+        R2(D, A, B, C, X(8), 11, 0x8771f681L);
+        R2(C, D, A, B, X(11), 16, 0x6d9d6122L);
+        R2(B, C, D, A, X(14), 23, 0xfde5380cL);
+        R2(A, B, C, D, X(1), 4, 0xa4beea44L);
+        R2(D, A, B, C, X(4), 11, 0x4bdecfa9L);
+        R2(C, D, A, B, X(7), 16, 0xf6bb4b60L);
+        R2(B, C, D, A, X(10), 23, 0xbebfbc70L);
+        R2(A, B, C, D, X(13), 4, 0x289b7ec6L);
+        R2(D, A, B, C, X(0), 11, 0xeaa127faL);
+        R2(C, D, A, B, X(3), 16, 0xd4ef3085L);
+        R2(B, C, D, A, X(6), 23, 0x04881d05L);
+        R2(A, B, C, D, X(9), 4, 0xd9d4d039L);
+        R2(D, A, B, C, X(12), 11, 0xe6db99e5L);
+        R2(C, D, A, B, X(15), 16, 0x1fa27cf8L);
+        R2(B, C, D, A, X(2), 23, 0xc4ac5665L);
+        /* Round 3 */
+        R3(A, B, C, D, X(0), 6, 0xf4292244L);
+        R3(D, A, B, C, X(7), 10, 0x432aff97L);
+        R3(C, D, A, B, X(14), 15, 0xab9423a7L);
+        R3(B, C, D, A, X(5), 21, 0xfc93a039L);
+        R3(A, B, C, D, X(12), 6, 0x655b59c3L);
+        R3(D, A, B, C, X(3), 10, 0x8f0ccc92L);
+        R3(C, D, A, B, X(10), 15, 0xffeff47dL);
+        R3(B, C, D, A, X(1), 21, 0x85845dd1L);
+        R3(A, B, C, D, X(8), 6, 0x6fa87e4fL);
+        R3(D, A, B, C, X(15), 10, 0xfe2ce6e0L);
+        R3(C, D, A, B, X(6), 15, 0xa3014314L);
+        R3(B, C, D, A, X(13), 21, 0x4e0811a1L);
+        R3(A, B, C, D, X(4), 6, 0xf7537e82L);
+        R3(D, A, B, C, X(11), 10, 0xbd3af235L);
+        R3(C, D, A, B, X(2), 15, 0x2ad7d2bbL);
+        R3(B, C, D, A, X(9), 21, 0xeb86d391L);
+
+        A = c->A += A;
+        B = c->B += B;
+        C = c->C += C;
+        D = c->D += D;
+    }
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/md5/md5_locl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/md5/md5_locl.h
new file mode 100644
index 000000000..4eb7e50ef
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/md5/md5_locl.h
@@ -0,0 +1,80 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/e_os2.h>
+#include <openssl/md5.h>
+
+#ifdef MD5_ASM
+# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
+     defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)
+#  define md5_block_data_order md5_block_asm_data_order
+# elif defined(__ia64) || defined(__ia64__) || defined(_M_IA64)
+#  define md5_block_data_order md5_block_asm_data_order
+# elif defined(__sparc) || defined(__sparc__)
+#  define md5_block_data_order md5_block_asm_data_order
+# endif
+#endif
+
+void md5_block_data_order(MD5_CTX *c, const void *p, size_t num);
+
+#define DATA_ORDER_IS_LITTLE_ENDIAN
+
+#define HASH_LONG               MD5_LONG
+#define HASH_CTX                MD5_CTX
+#define HASH_CBLOCK             MD5_CBLOCK
+#define HASH_UPDATE             MD5_Update
+#define HASH_TRANSFORM          MD5_Transform
+#define HASH_FINAL              MD5_Final
+#define HASH_MAKE_STRING(c,s)   do {    \
+        unsigned long ll;               \
+        ll=(c)->A; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->B; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->C; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->D; (void)HOST_l2c(ll,(s));      \
+        } while (0)
+#define HASH_BLOCK_DATA_ORDER   md5_block_data_order
+
+#include "internal/md32_common.h"
+
+/*-
+#define F(x,y,z)        (((x) & (y))  |  ((~(x)) & (z)))
+#define G(x,y,z)        (((x) & (z))  |  ((y) & (~(z))))
+*/
+
+/*
+ * As pointed out by Wei Dai, the above can be simplified to the code
+ * below.  Wei attributes these optimizations to Peter Gutmann's
+ * SHS code, and he attributes it to Rich Schroeppel.
+ */
+#define F(b,c,d)        ((((c) ^ (d)) & (b)) ^ (d))
+#define G(b,c,d)        ((((b) ^ (c)) & (d)) ^ (c))
+#define H(b,c,d)        ((b) ^ (c) ^ (d))
+#define I(b,c,d)        (((~(d)) | (b)) ^ (c))
+
+#define R0(a,b,c,d,k,s,t) { \
+        a+=((k)+(t)+F((b),(c),(d))); \
+        a=ROTATE(a,s); \
+        a+=b; };\
+
+#define R1(a,b,c,d,k,s,t) { \
+        a+=((k)+(t)+G((b),(c),(d))); \
+        a=ROTATE(a,s); \
+        a+=b; };
+
+#define R2(a,b,c,d,k,s,t) { \
+        a+=((k)+(t)+H((b),(c),(d))); \
+        a=ROTATE(a,s); \
+        a+=b; };
+
+#define R3(a,b,c,d,k,s,t) { \
+        a+=((k)+(t)+I((b),(c),(d))); \
+        a=ROTATE(a,s); \
+        a+=b; };
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/md5/md5_one.c b/trunk/3rdparty/openssl-1.1-fit/crypto/md5/md5_one.c
new file mode 100644
index 000000000..c3bf2f88f
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/md5/md5_one.c
@@ -0,0 +1,47 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/md5.h>
+#include <openssl/crypto.h>
+
+#ifdef CHARSET_EBCDIC
+# include <openssl/ebcdic.h>
+#endif
+
+unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md)
+{
+    MD5_CTX c;
+    static unsigned char m[MD5_DIGEST_LENGTH];
+
+    if (md == NULL)
+        md = m;
+    if (!MD5_Init(&c))
+        return NULL;
+#ifndef CHARSET_EBCDIC
+    MD5_Update(&c, d, n);
+#else
+    {
+        char temp[1024];
+        unsigned long chunk;
+
+        while (n > 0) {
+            chunk = (n > sizeof(temp)) ? sizeof(temp) : n;
+            ebcdic2ascii(temp, d, chunk);
+            MD5_Update(&c, temp, chunk);
+            n -= chunk;
+            d += chunk;
+        }
+    }
+#endif
+    MD5_Final(md, &c);
+    OPENSSL_cleanse(&c, sizeof(c)); /* security consideration */
+    return md;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/mdc2/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/mdc2/build.info
new file mode 100644
index 000000000..8fe6878d6
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/mdc2/build.info
@@ -0,0 +1,3 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        mdc2dgst.c mdc2_one.c
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/mdc2/mdc2_one.c b/trunk/3rdparty/openssl-1.1-fit/crypto/mdc2/mdc2_one.c
new file mode 100644
index 000000000..58e1e0fdf
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/mdc2/mdc2_one.c
@@ -0,0 +1,27 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/mdc2.h>
+
+unsigned char *MDC2(const unsigned char *d, size_t n, unsigned char *md)
+{
+    MDC2_CTX c;
+    static unsigned char m[MDC2_DIGEST_LENGTH];
+
+    if (md == NULL)
+        md = m;
+    if (!MDC2_Init(&c))
+        return NULL;
+    MDC2_Update(&c, d, n);
+    MDC2_Final(md, &c);
+    OPENSSL_cleanse(&c, sizeof(c)); /* security consideration */
+    return md;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/mdc2/mdc2dgst.c b/trunk/3rdparty/openssl-1.1-fit/crypto/mdc2/mdc2dgst.c
new file mode 100644
index 000000000..14233b9ab
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/mdc2/mdc2dgst.c
@@ -0,0 +1,126 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/des.h>
+#include <openssl/mdc2.h>
+
+#undef c2l
+#define c2l(c,l)        (l =((DES_LONG)(*((c)++)))    , \
+                         l|=((DES_LONG)(*((c)++)))<< 8L, \
+                         l|=((DES_LONG)(*((c)++)))<<16L, \
+                         l|=((DES_LONG)(*((c)++)))<<24L)
+
+#undef l2c
+#define l2c(l,c)        (*((c)++)=(unsigned char)(((l)     )&0xff), \
+                        *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                        *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                        *((c)++)=(unsigned char)(((l)>>24L)&0xff))
+
+static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len);
+int MDC2_Init(MDC2_CTX *c)
+{
+    c->num = 0;
+    c->pad_type = 1;
+    memset(&(c->h[0]), 0x52, MDC2_BLOCK);
+    memset(&(c->hh[0]), 0x25, MDC2_BLOCK);
+    return 1;
+}
+
+int MDC2_Update(MDC2_CTX *c, const unsigned char *in, size_t len)
+{
+    size_t i, j;
+
+    i = c->num;
+    if (i != 0) {
+        if (len < MDC2_BLOCK - i) {
+            /* partial block */
+            memcpy(&(c->data[i]), in, len);
+            c->num += (int)len;
+            return 1;
+        } else {
+            /* filled one */
+            j = MDC2_BLOCK - i;
+            memcpy(&(c->data[i]), in, j);
+            len -= j;
+            in += j;
+            c->num = 0;
+            mdc2_body(c, &(c->data[0]), MDC2_BLOCK);
+        }
+    }
+    i = len & ~((size_t)MDC2_BLOCK - 1);
+    if (i > 0)
+        mdc2_body(c, in, i);
+    j = len - i;
+    if (j > 0) {
+        memcpy(&(c->data[0]), &(in[i]), j);
+        c->num = (int)j;
+    }
+    return 1;
+}
+
+static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len)
+{
+    register DES_LONG tin0, tin1;
+    register DES_LONG ttin0, ttin1;
+    DES_LONG d[2], dd[2];
+    DES_key_schedule k;
+    unsigned char *p;
+    size_t i;
+
+    for (i = 0; i < len; i += 8) {
+        c2l(in, tin0);
+        d[0] = dd[0] = tin0;
+        c2l(in, tin1);
+        d[1] = dd[1] = tin1;
+        c->h[0] = (c->h[0] & 0x9f) | 0x40;
+        c->hh[0] = (c->hh[0] & 0x9f) | 0x20;
+
+        DES_set_odd_parity(&c->h);
+        DES_set_key_unchecked(&c->h, &k);
+        DES_encrypt1(d, &k, 1);
+
+        DES_set_odd_parity(&c->hh);
+        DES_set_key_unchecked(&c->hh, &k);
+        DES_encrypt1(dd, &k, 1);
+
+        ttin0 = tin0 ^ dd[0];
+        ttin1 = tin1 ^ dd[1];
+        tin0 ^= d[0];
+        tin1 ^= d[1];
+
+        p = c->h;
+        l2c(tin0, p);
+        l2c(ttin1, p);
+        p = c->hh;
+        l2c(ttin0, p);
+        l2c(tin1, p);
+    }
+}
+
+int MDC2_Final(unsigned char *md, MDC2_CTX *c)
+{
+    unsigned int i;
+    int j;
+
+    i = c->num;
+    j = c->pad_type;
+    if ((i > 0) || (j == 2)) {
+        if (j == 2)
+            c->data[i++] = 0x80;
+        memset(&(c->data[i]), 0, MDC2_BLOCK - i);
+        mdc2_body(c, c->data, MDC2_BLOCK);
+    }
+    memcpy(md, (char *)c->h, MDC2_BLOCK);
+    memcpy(&(md[MDC2_BLOCK]), (char *)c->hh, MDC2_BLOCK);
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/mem.c b/trunk/3rdparty/openssl-1.1-fit/crypto/mem.c
new file mode 100644
index 000000000..780053ffe
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/mem.c
@@ -0,0 +1,323 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include "internal/cryptlib.h"
+#include "internal/cryptlib_int.h"
+#include <stdio.h>
+#include <stdlib.h>
+#include <limits.h>
+#include <openssl/crypto.h>
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+# include <execinfo.h>
+#endif
+
+/*
+ * the following pointers may be changed as long as 'allow_customize' is set
+ */
+static int allow_customize = 1;
+
+static void *(*malloc_impl)(size_t, const char *, int)
+    = CRYPTO_malloc;
+static void *(*realloc_impl)(void *, size_t, const char *, int)
+    = CRYPTO_realloc;
+static void (*free_impl)(void *, const char *, int)
+    = CRYPTO_free;
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+# include "internal/tsan_assist.h"
+
+static TSAN_QUALIFIER int malloc_count;
+static TSAN_QUALIFIER int realloc_count;
+static TSAN_QUALIFIER int free_count;
+
+# define INCREMENT(x) tsan_counter(&(x))
+
+static char *md_failstring;
+static long md_count;
+static int md_fail_percent = 0;
+static int md_tracefd = -1;
+static int call_malloc_debug = 1;
+
+static void parseit(void);
+static int shouldfail(void);
+
+# define FAILTEST() if (shouldfail()) return NULL
+
+#else
+static int call_malloc_debug = 0;
+
+# define INCREMENT(x) /* empty */
+# define FAILTEST() /* empty */
+#endif
+
+int CRYPTO_set_mem_functions(
+        void *(*m)(size_t, const char *, int),
+        void *(*r)(void *, size_t, const char *, int),
+        void (*f)(void *, const char *, int))
+{
+    if (!allow_customize)
+        return 0;
+    if (m)
+        malloc_impl = m;
+    if (r)
+        realloc_impl = r;
+    if (f)
+        free_impl = f;
+    return 1;
+}
+
+int CRYPTO_set_mem_debug(int flag)
+{
+    if (!allow_customize)
+        return 0;
+    call_malloc_debug = flag;
+    return 1;
+}
+
+void CRYPTO_get_mem_functions(
+        void *(**m)(size_t, const char *, int),
+        void *(**r)(void *, size_t, const char *, int),
+        void (**f)(void *, const char *, int))
+{
+    if (m != NULL)
+        *m = malloc_impl;
+    if (r != NULL)
+        *r = realloc_impl;
+    if (f != NULL)
+        *f = free_impl;
+}
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+void CRYPTO_get_alloc_counts(int *mcount, int *rcount, int *fcount)
+{
+    if (mcount != NULL)
+        *mcount = tsan_load(&malloc_count);
+    if (rcount != NULL)
+        *rcount = tsan_load(&realloc_count);
+    if (fcount != NULL)
+        *fcount = tsan_load(&free_count);
+}
+
+/*
+ * Parse a "malloc failure spec" string.  This likes like a set of fields
+ * separated by semicolons.  Each field has a count and an optional failure
+ * percentage.  For example:
+ *          100@0;100@25;0@0
+ *    or    100;100@25;0
+ * This means 100 mallocs succeed, then next 100 fail 25% of the time, and
+ * all remaining (count is zero) succeed.
+ */
+static void parseit(void)
+{
+    char *semi = strchr(md_failstring, ';');
+    char *atsign;
+
+    if (semi != NULL)
+        *semi++ = '\0';
+
+    /* Get the count (atol will stop at the @ if there), and percentage */
+    md_count = atol(md_failstring);
+    atsign = strchr(md_failstring, '@');
+    md_fail_percent = atsign == NULL ? 0 : atoi(atsign + 1);
+
+    if (semi != NULL)
+        md_failstring = semi;
+}
+
+/*
+ * Windows doesn't have random(), but it has rand()
+ * Some rand() implementations aren't good, but we're not
+ * dealing with secure randomness here.
+ */
+# ifdef _WIN32
+#  define random() rand()
+# endif
+/*
+ * See if the current malloc should fail.
+ */
+static int shouldfail(void)
+{
+    int roll = (int)(random() % 100);
+    int shoulditfail = roll < md_fail_percent;
+# ifndef _WIN32
+/* suppressed on Windows as POSIX-like file descriptors are non-inheritable */
+    int len;
+    char buff[80];
+
+    if (md_tracefd > 0) {
+        BIO_snprintf(buff, sizeof(buff),
+                     "%c C%ld %%%d R%d\n",
+                     shoulditfail ? '-' : '+', md_count, md_fail_percent, roll);
+        len = strlen(buff);
+        if (write(md_tracefd, buff, len) != len)
+            perror("shouldfail write failed");
+#  ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+        if (shoulditfail) {
+            void *addrs[30];
+            int num = backtrace(addrs, OSSL_NELEM(addrs));
+
+            backtrace_symbols_fd(addrs, num, md_tracefd);
+        }
+#  endif
+    }
+# endif
+
+    if (md_count) {
+        /* If we used up this one, go to the next. */
+        if (--md_count == 0)
+            parseit();
+    }
+
+    return shoulditfail;
+}
+
+void ossl_malloc_setup_failures(void)
+{
+    const char *cp = getenv("OPENSSL_MALLOC_FAILURES");
+
+    if (cp != NULL && (md_failstring = strdup(cp)) != NULL)
+        parseit();
+    if ((cp = getenv("OPENSSL_MALLOC_FD")) != NULL)
+        md_tracefd = atoi(cp);
+}
+#endif
+
+void *CRYPTO_malloc(size_t num, const char *file, int line)
+{
+    void *ret = NULL;
+
+    INCREMENT(malloc_count);
+    if (malloc_impl != NULL && malloc_impl != CRYPTO_malloc)
+        return malloc_impl(num, file, line);
+
+    if (num == 0)
+        return NULL;
+
+    FAILTEST();
+    if (allow_customize) {
+        /*
+         * Disallow customization after the first allocation. We only set this
+         * if necessary to avoid a store to the same cache line on every
+         * allocation.
+         */
+        allow_customize = 0;
+    }
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    if (call_malloc_debug) {
+        CRYPTO_mem_debug_malloc(NULL, num, 0, file, line);
+        ret = malloc(num);
+        CRYPTO_mem_debug_malloc(ret, num, 1, file, line);
+    } else {
+        ret = malloc(num);
+    }
+#else
+    (void)(file); (void)(line);
+    ret = malloc(num);
+#endif
+
+    return ret;
+}
+
+void *CRYPTO_zalloc(size_t num, const char *file, int line)
+{
+    void *ret = CRYPTO_malloc(num, file, line);
+
+    FAILTEST();
+    if (ret != NULL)
+        memset(ret, 0, num);
+    return ret;
+}
+
+void *CRYPTO_realloc(void *str, size_t num, const char *file, int line)
+{
+    INCREMENT(realloc_count);
+    if (realloc_impl != NULL && realloc_impl != &CRYPTO_realloc)
+        return realloc_impl(str, num, file, line);
+
+    FAILTEST();
+    if (str == NULL)
+        return CRYPTO_malloc(num, file, line);
+
+    if (num == 0) {
+        CRYPTO_free(str, file, line);
+        return NULL;
+    }
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    if (call_malloc_debug) {
+        void *ret;
+        CRYPTO_mem_debug_realloc(str, NULL, num, 0, file, line);
+        ret = realloc(str, num);
+        CRYPTO_mem_debug_realloc(str, ret, num, 1, file, line);
+        return ret;
+    }
+#else
+    (void)(file); (void)(line);
+#endif
+    return realloc(str, num);
+
+}
+
+void *CRYPTO_clear_realloc(void *str, size_t old_len, size_t num,
+                           const char *file, int line)
+{
+    void *ret = NULL;
+
+    if (str == NULL)
+        return CRYPTO_malloc(num, file, line);
+
+    if (num == 0) {
+        CRYPTO_clear_free(str, old_len, file, line);
+        return NULL;
+    }
+
+    /* Can't shrink the buffer since memcpy below copies |old_len| bytes. */
+    if (num < old_len) {
+        OPENSSL_cleanse((char*)str + num, old_len - num);
+        return str;
+    }
+
+    ret = CRYPTO_malloc(num, file, line);
+    if (ret != NULL) {
+        memcpy(ret, str, old_len);
+        CRYPTO_clear_free(str, old_len, file, line);
+    }
+    return ret;
+}
+
+void CRYPTO_free(void *str, const char *file, int line)
+{
+    INCREMENT(free_count);
+    if (free_impl != NULL && free_impl != &CRYPTO_free) {
+        free_impl(str, file, line);
+        return;
+    }
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    if (call_malloc_debug) {
+        CRYPTO_mem_debug_free(str, 0, file, line);
+        free(str);
+        CRYPTO_mem_debug_free(str, 1, file, line);
+    } else {
+        free(str);
+    }
+#else
+    free(str);
+#endif
+}
+
+void CRYPTO_clear_free(void *str, size_t num, const char *file, int line)
+{
+    if (str == NULL)
+        return;
+    if (num)
+        OPENSSL_cleanse(str, num);
+    CRYPTO_free(str, file, line);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/mem_clr.c b/trunk/3rdparty/openssl-1.1-fit/crypto/mem_clr.c
new file mode 100644
index 000000000..35bfb74ea
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/mem_clr.c
@@ -0,0 +1,25 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include <openssl/crypto.h>
+
+/*
+ * Pointer to memset is volatile so that compiler must de-reference
+ * the pointer and can't assume that it points to any function in
+ * particular (such as memset, which it then might further "optimize")
+ */
+typedef void *(*memset_t)(void *, int, size_t);
+
+static volatile memset_t memset_func = memset;
+
+void OPENSSL_cleanse(void *ptr, size_t len)
+{
+    memset_func(ptr, 0, len);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/mem_dbg.c b/trunk/3rdparty/openssl-1.1-fit/crypto/mem_dbg.c
new file mode 100644
index 000000000..0489e97ad
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/mem_dbg.c
@@ -0,0 +1,670 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+#include "internal/cryptlib.h"
+#include "internal/thread_once.h"
+#include <openssl/crypto.h>
+#include <openssl/buffer.h>
+#include "internal/bio.h"
+#include <openssl/lhash.h>
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+# include <execinfo.h>
+#endif
+
+/*
+ * The state changes to CRYPTO_MEM_CHECK_ON | CRYPTO_MEM_CHECK_ENABLE when
+ * the application asks for it (usually after library initialisation for
+ * which no book-keeping is desired). State CRYPTO_MEM_CHECK_ON exists only
+ * temporarily when the library thinks that certain allocations should not be
+ * checked (e.g. the data structures used for memory checking).  It is not
+ * suitable as an initial state: the library will unexpectedly enable memory
+ * checking when it executes one of those sections that want to disable
+ * checking temporarily. State CRYPTO_MEM_CHECK_ENABLE without ..._ON makes
+ * no sense whatsoever.
+ */
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+static int mh_mode = CRYPTO_MEM_CHECK_OFF;
+#endif
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+static unsigned long order = 0; /* number of memory requests */
+
+/*-
+ * For application-defined information (static C-string `info')
+ * to be displayed in memory leak list.
+ * Each thread has its own stack.  For applications, there is
+ *   OPENSSL_mem_debug_push("...")     to push an entry,
+ *   OPENSSL_mem_debug_pop()     to pop an entry,
+ */
+struct app_mem_info_st {
+    CRYPTO_THREAD_ID threadid;
+    const char *file;
+    int line;
+    const char *info;
+    struct app_mem_info_st *next; /* tail of thread's stack */
+    int references;
+};
+
+static CRYPTO_ONCE memdbg_init = CRYPTO_ONCE_STATIC_INIT;
+CRYPTO_RWLOCK *memdbg_lock;
+static CRYPTO_RWLOCK *long_memdbg_lock;
+static CRYPTO_THREAD_LOCAL appinfokey;
+
+/* memory-block description */
+struct mem_st {
+    void *addr;
+    int num;
+    const char *file;
+    int line;
+    CRYPTO_THREAD_ID threadid;
+    unsigned long order;
+    time_t time;
+    APP_INFO *app_info;
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+    void *array[30];
+    size_t array_siz;
+#endif
+};
+
+/*
+ * hash-table of memory requests (address as * key); access requires
+ * long_memdbg_lock lock
+ */
+static LHASH_OF(MEM) *mh = NULL;
+
+/* num_disable > 0 iff mh_mode == CRYPTO_MEM_CHECK_ON (w/o ..._ENABLE) */
+static unsigned int num_disable = 0;
+
+/*
+ * Valid iff num_disable > 0.  long_memdbg_lock is locked exactly in this
+ * case (by the thread named in disabling_thread).
+ */
+static CRYPTO_THREAD_ID disabling_threadid;
+
+DEFINE_RUN_ONCE_STATIC(do_memdbg_init)
+{
+    memdbg_lock = CRYPTO_THREAD_lock_new();
+    long_memdbg_lock = CRYPTO_THREAD_lock_new();
+    if (memdbg_lock == NULL || long_memdbg_lock == NULL
+        || !CRYPTO_THREAD_init_local(&appinfokey, NULL)) {
+        CRYPTO_THREAD_lock_free(memdbg_lock);
+        memdbg_lock = NULL;
+        CRYPTO_THREAD_lock_free(long_memdbg_lock);
+        long_memdbg_lock = NULL;
+        return 0;
+    }
+    return 1;
+}
+
+static void app_info_free(APP_INFO *inf)
+{
+    if (inf == NULL)
+        return;
+    if (--(inf->references) <= 0) {
+        app_info_free(inf->next);
+        OPENSSL_free(inf);
+    }
+}
+#endif
+
+int CRYPTO_mem_ctrl(int mode)
+{
+#ifdef OPENSSL_NO_CRYPTO_MDEBUG
+    return mode - mode;
+#else
+    int ret = mh_mode;
+
+    if (!RUN_ONCE(&memdbg_init, do_memdbg_init))
+        return -1;
+
+    CRYPTO_THREAD_write_lock(memdbg_lock);
+    switch (mode) {
+    default:
+        break;
+
+    case CRYPTO_MEM_CHECK_ON:
+        mh_mode = CRYPTO_MEM_CHECK_ON | CRYPTO_MEM_CHECK_ENABLE;
+        num_disable = 0;
+        break;
+
+    case CRYPTO_MEM_CHECK_OFF:
+        mh_mode = 0;
+        num_disable = 0;
+        break;
+
+    /* switch off temporarily (for library-internal use): */
+    case CRYPTO_MEM_CHECK_DISABLE:
+        if (mh_mode & CRYPTO_MEM_CHECK_ON) {
+            CRYPTO_THREAD_ID cur = CRYPTO_THREAD_get_current_id();
+            /* see if we don't have long_memdbg_lock already */
+            if (!num_disable
+                || !CRYPTO_THREAD_compare_id(disabling_threadid, cur)) {
+                /*
+                 * Long-time lock long_memdbg_lock must not be claimed
+                 * while we're holding memdbg_lock, or we'll deadlock
+                 * if somebody else holds long_memdbg_lock (and cannot
+                 * release it because we block entry to this function). Give
+                 * them a chance, first, and then claim the locks in
+                 * appropriate order (long-time lock first).
+                 */
+                CRYPTO_THREAD_unlock(memdbg_lock);
+                /*
+                 * Note that after we have waited for long_memdbg_lock and
+                 * memdbg_lock, we'll still be in the right "case" and
+                 * "if" branch because MemCheck_start and MemCheck_stop may
+                 * never be used while there are multiple OpenSSL threads.
+                 */
+                CRYPTO_THREAD_write_lock(long_memdbg_lock);
+                CRYPTO_THREAD_write_lock(memdbg_lock);
+                mh_mode &= ~CRYPTO_MEM_CHECK_ENABLE;
+                disabling_threadid = cur;
+            }
+            num_disable++;
+        }
+        break;
+
+    case CRYPTO_MEM_CHECK_ENABLE:
+        if (mh_mode & CRYPTO_MEM_CHECK_ON) {
+            if (num_disable) {  /* always true, or something is going wrong */
+                num_disable--;
+                if (num_disable == 0) {
+                    mh_mode |= CRYPTO_MEM_CHECK_ENABLE;
+                    CRYPTO_THREAD_unlock(long_memdbg_lock);
+                }
+            }
+        }
+        break;
+    }
+    CRYPTO_THREAD_unlock(memdbg_lock);
+    return ret;
+#endif
+}
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+
+static int mem_check_on(void)
+{
+    int ret = 0;
+    CRYPTO_THREAD_ID cur;
+
+    if (mh_mode & CRYPTO_MEM_CHECK_ON) {
+        if (!RUN_ONCE(&memdbg_init, do_memdbg_init))
+            return 0;
+
+        cur = CRYPTO_THREAD_get_current_id();
+        CRYPTO_THREAD_read_lock(memdbg_lock);
+
+        ret = (mh_mode & CRYPTO_MEM_CHECK_ENABLE)
+            || !CRYPTO_THREAD_compare_id(disabling_threadid, cur);
+
+        CRYPTO_THREAD_unlock(memdbg_lock);
+    }
+    return ret;
+}
+
+static int mem_cmp(const MEM *a, const MEM *b)
+{
+#ifdef _WIN64
+    const char *ap = (const char *)a->addr, *bp = (const char *)b->addr;
+    if (ap == bp)
+        return 0;
+    else if (ap > bp)
+        return 1;
+    else
+        return -1;
+#else
+    return (const char *)a->addr - (const char *)b->addr;
+#endif
+}
+
+static unsigned long mem_hash(const MEM *a)
+{
+    size_t ret;
+
+    ret = (size_t)a->addr;
+
+    ret = ret * 17851 + (ret >> 14) * 7 + (ret >> 4) * 251;
+    return ret;
+}
+
+/* returns 1 if there was an info to pop, 0 if the stack was empty. */
+static int pop_info(void)
+{
+    APP_INFO *current = NULL;
+
+    if (!RUN_ONCE(&memdbg_init, do_memdbg_init))
+        return 0;
+
+    current = (APP_INFO *)CRYPTO_THREAD_get_local(&appinfokey);
+    if (current != NULL) {
+        APP_INFO *next = current->next;
+
+        if (next != NULL) {
+            next->references++;
+            CRYPTO_THREAD_set_local(&appinfokey, next);
+        } else {
+            CRYPTO_THREAD_set_local(&appinfokey, NULL);
+        }
+        if (--(current->references) <= 0) {
+            current->next = NULL;
+            if (next != NULL)
+                next->references--;
+            OPENSSL_free(current);
+        }
+        return 1;
+    }
+    return 0;
+}
+
+int CRYPTO_mem_debug_push(const char *info, const char *file, int line)
+{
+    APP_INFO *ami, *amim;
+    int ret = 0;
+
+    if (mem_check_on()) {
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+
+        if (!RUN_ONCE(&memdbg_init, do_memdbg_init)
+            || (ami = OPENSSL_malloc(sizeof(*ami))) == NULL)
+            goto err;
+
+        ami->threadid = CRYPTO_THREAD_get_current_id();
+        ami->file = file;
+        ami->line = line;
+        ami->info = info;
+        ami->references = 1;
+        ami->next = NULL;
+
+        amim = (APP_INFO *)CRYPTO_THREAD_get_local(&appinfokey);
+        CRYPTO_THREAD_set_local(&appinfokey, ami);
+
+        if (amim != NULL)
+            ami->next = amim;
+        ret = 1;
+ err:
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+    }
+
+    return ret;
+}
+
+int CRYPTO_mem_debug_pop(void)
+{
+    int ret = 0;
+
+    if (mem_check_on()) {
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+        ret = pop_info();
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+    }
+    return ret;
+}
+
+static unsigned long break_order_num = 0;
+
+void CRYPTO_mem_debug_malloc(void *addr, size_t num, int before_p,
+                             const char *file, int line)
+{
+    MEM *m, *mm;
+    APP_INFO *amim;
+
+    switch (before_p & 127) {
+    case 0:
+        break;
+    case 1:
+        if (addr == NULL)
+            break;
+
+        if (mem_check_on()) {
+            CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+
+            if (!RUN_ONCE(&memdbg_init, do_memdbg_init)
+                || (m = OPENSSL_malloc(sizeof(*m))) == NULL) {
+                OPENSSL_free(addr);
+                CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+                return;
+            }
+            if (mh == NULL) {
+                if ((mh = lh_MEM_new(mem_hash, mem_cmp)) == NULL) {
+                    OPENSSL_free(addr);
+                    OPENSSL_free(m);
+                    addr = NULL;
+                    goto err;
+                }
+            }
+
+            m->addr = addr;
+            m->file = file;
+            m->line = line;
+            m->num = num;
+            m->threadid = CRYPTO_THREAD_get_current_id();
+
+            if (order == break_order_num) {
+                /* BREAK HERE */
+                m->order = order;
+            }
+            m->order = order++;
+# ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+            m->array_siz = backtrace(m->array, OSSL_NELEM(m->array));
+# endif
+            m->time = time(NULL);
+
+            amim = (APP_INFO *)CRYPTO_THREAD_get_local(&appinfokey);
+            m->app_info = amim;
+            if (amim != NULL)
+                amim->references++;
+
+            if ((mm = lh_MEM_insert(mh, m)) != NULL) {
+                /* Not good, but don't sweat it */
+                if (mm->app_info != NULL) {
+                    mm->app_info->references--;
+                }
+                OPENSSL_free(mm);
+            }
+ err:
+            CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+        }
+        break;
+    }
+    return;
+}
+
+void CRYPTO_mem_debug_free(void *addr, int before_p,
+        const char *file, int line)
+{
+    MEM m, *mp;
+
+    switch (before_p) {
+    case 0:
+        if (addr == NULL)
+            break;
+
+        if (mem_check_on() && (mh != NULL)) {
+            CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+
+            m.addr = addr;
+            mp = lh_MEM_delete(mh, &m);
+            if (mp != NULL) {
+                app_info_free(mp->app_info);
+                OPENSSL_free(mp);
+            }
+
+            CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+        }
+        break;
+    case 1:
+        break;
+    }
+}
+
+void CRYPTO_mem_debug_realloc(void *addr1, void *addr2, size_t num,
+                              int before_p, const char *file, int line)
+{
+    MEM m, *mp;
+
+    switch (before_p) {
+    case 0:
+        break;
+    case 1:
+        if (addr2 == NULL)
+            break;
+
+        if (addr1 == NULL) {
+            CRYPTO_mem_debug_malloc(addr2, num, 128 | before_p, file, line);
+            break;
+        }
+
+        if (mem_check_on()) {
+            CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+
+            m.addr = addr1;
+            mp = lh_MEM_delete(mh, &m);
+            if (mp != NULL) {
+                mp->addr = addr2;
+                mp->num = num;
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+                mp->array_siz = backtrace(mp->array, OSSL_NELEM(mp->array));
+#endif
+                (void)lh_MEM_insert(mh, mp);
+            }
+
+            CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+        }
+        break;
+    }
+    return;
+}
+
+typedef struct mem_leak_st {
+    int (*print_cb) (const char *str, size_t len, void *u);
+    void *print_cb_arg;
+    int chunks;
+    long bytes;
+} MEM_LEAK;
+
+static void print_leak(const MEM *m, MEM_LEAK *l)
+{
+    char buf[1024];
+    char *bufp = buf;
+    size_t len = sizeof(buf), ami_cnt;
+    APP_INFO *amip;
+    int n;
+    struct tm *lcl = NULL;
+    /*
+     * Convert between CRYPTO_THREAD_ID (which could be anything at all) and
+     * a long. This may not be meaningful depending on what CRYPTO_THREAD_ID is
+     * but hopefully should give something sensible on most platforms
+     */
+    union {
+        CRYPTO_THREAD_ID tid;
+        unsigned long ltid;
+    } tid;
+    CRYPTO_THREAD_ID ti;
+
+    lcl = localtime(&m->time);
+    n = BIO_snprintf(bufp, len, "[%02d:%02d:%02d] ",
+                     lcl->tm_hour, lcl->tm_min, lcl->tm_sec);
+    if (n <= 0) {
+        bufp[0] = '\0';
+        return;
+    }
+    bufp += n;
+    len -= n;
+
+    n = BIO_snprintf(bufp, len, "%5lu file=%s, line=%d, ",
+                     m->order, m->file, m->line);
+    if (n <= 0)
+        return;
+    bufp += n;
+    len -= n;
+
+    tid.ltid = 0;
+    tid.tid = m->threadid;
+    n = BIO_snprintf(bufp, len, "thread=%lu, ", tid.ltid);
+    if (n <= 0)
+        return;
+    bufp += n;
+    len -= n;
+
+    n = BIO_snprintf(bufp, len, "number=%d, address=%p\n", m->num, m->addr);
+    if (n <= 0)
+        return;
+    bufp += n;
+    len -= n;
+
+    l->print_cb(buf, (size_t)(bufp - buf), l->print_cb_arg);
+
+    l->chunks++;
+    l->bytes += m->num;
+
+    amip = m->app_info;
+    ami_cnt = 0;
+
+    if (amip) {
+        ti = amip->threadid;
+
+        do {
+            int buf_len;
+            int info_len;
+
+            ami_cnt++;
+            if (ami_cnt >= sizeof(buf) - 1)
+                break;
+            memset(buf, '>', ami_cnt);
+            buf[ami_cnt] = '\0';
+            tid.ltid = 0;
+            tid.tid = amip->threadid;
+            n = BIO_snprintf(buf + ami_cnt, sizeof(buf) - ami_cnt,
+                             " thread=%lu, file=%s, line=%d, info=\"",
+                             tid.ltid, amip->file, amip->line);
+            if (n <= 0)
+                break;
+            buf_len = ami_cnt + n;
+            info_len = strlen(amip->info);
+            if (128 - buf_len - 3 < info_len) {
+                memcpy(buf + buf_len, amip->info, 128 - buf_len - 3);
+                buf_len = 128 - 3;
+            } else {
+                n = BIO_snprintf(buf + buf_len, sizeof(buf) - buf_len, "%s",
+                                 amip->info);
+                if (n < 0)
+                    break;
+                buf_len += n;
+            }
+            n = BIO_snprintf(buf + buf_len, sizeof(buf) - buf_len, "\"\n");
+            if (n <= 0)
+                break;
+
+            l->print_cb(buf, buf_len + n, l->print_cb_arg);
+
+            amip = amip->next;
+        }
+        while (amip && CRYPTO_THREAD_compare_id(amip->threadid, ti));
+    }
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+    {
+        size_t i;
+        char **strings = backtrace_symbols(m->array, m->array_siz);
+
+        for (i = 0; i < m->array_siz; i++)
+            fprintf(stderr, "##> %s\n", strings[i]);
+        free(strings);
+    }
+#endif
+}
+
+IMPLEMENT_LHASH_DOALL_ARG_CONST(MEM, MEM_LEAK);
+
+int CRYPTO_mem_leaks_cb(int (*cb) (const char *str, size_t len, void *u),
+                        void *u)
+{
+    MEM_LEAK ml;
+
+    /* Ensure all resources are released */
+    OPENSSL_cleanup();
+
+    if (!RUN_ONCE(&memdbg_init, do_memdbg_init))
+        return -1;
+
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+
+    ml.print_cb = cb;
+    ml.print_cb_arg = u;
+    ml.bytes = 0;
+    ml.chunks = 0;
+    if (mh != NULL)
+        lh_MEM_doall_MEM_LEAK(mh, print_leak, &ml);
+
+    if (ml.chunks != 0) {
+        char buf[256];
+
+        BIO_snprintf(buf, sizeof(buf), "%ld bytes leaked in %d chunks\n",
+                     ml.bytes, ml.chunks);
+        cb(buf, strlen(buf), u);
+    } else {
+        /*
+         * Make sure that, if we found no leaks, memory-leak debugging itself
+         * does not introduce memory leaks (which might irritate external
+         * debugging tools). (When someone enables leak checking, but does not
+         * call this function, we declare it to be their fault.)
+         */
+        int old_mh_mode;
+
+        CRYPTO_THREAD_write_lock(memdbg_lock);
+
+        /*
+         * avoid deadlock when lh_free() uses CRYPTO_mem_debug_free(), which uses
+         * mem_check_on
+         */
+        old_mh_mode = mh_mode;
+        mh_mode = CRYPTO_MEM_CHECK_OFF;
+
+        lh_MEM_free(mh);
+        mh = NULL;
+
+        mh_mode = old_mh_mode;
+        CRYPTO_THREAD_unlock(memdbg_lock);
+    }
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF);
+
+    /* Clean up locks etc */
+    CRYPTO_THREAD_cleanup_local(&appinfokey);
+    CRYPTO_THREAD_lock_free(memdbg_lock);
+    CRYPTO_THREAD_lock_free(long_memdbg_lock);
+    memdbg_lock = NULL;
+    long_memdbg_lock = NULL;
+
+    return ml.chunks == 0 ? 1 : 0;
+}
+
+static int print_bio(const char *str, size_t len, void *b)
+{
+    return BIO_write((BIO *)b, str, len);
+}
+
+int CRYPTO_mem_leaks(BIO *b)
+{
+    /*
+     * OPENSSL_cleanup() will free the ex_data locks so we can't have any
+     * ex_data hanging around
+     */
+    bio_free_ex_data(b);
+
+    return CRYPTO_mem_leaks_cb(print_bio, b);
+}
+
+# ifndef OPENSSL_NO_STDIO
+int CRYPTO_mem_leaks_fp(FILE *fp)
+{
+    BIO *b;
+    int ret;
+
+    /*
+     * Need to turn off memory checking when allocated BIOs ... especially as
+     * we're creating them at a time when we're trying to check we've not
+     * left anything un-free()'d!!
+     */
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+    b = BIO_new(BIO_s_file());
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+    if (b == NULL)
+        return -1;
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = CRYPTO_mem_leaks_cb(print_bio, b);
+    BIO_free(b);
+    return ret;
+}
+# endif
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/mem_sec.c b/trunk/3rdparty/openssl-1.1-fit/crypto/mem_sec.c
new file mode 100644
index 000000000..9e0f6702f
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/mem_sec.c
@@ -0,0 +1,646 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2004-2014, Akamai Technologies. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This file is in two halves. The first half implements the public API
+ * to be used by external consumers, and to be used by OpenSSL to store
+ * data in a "secure arena." The second half implements the secure arena.
+ * For details on that implementation, see below (look for uppercase
+ * "SECURE HEAP IMPLEMENTATION").
+ */
+#include "e_os.h"
+#include <openssl/crypto.h>
+
+#include <string.h>
+
+/* e_os.h defines OPENSSL_SECURE_MEMORY if secure memory can be implemented */
+#ifdef OPENSSL_SECURE_MEMORY
+# include <stdlib.h>
+# include <assert.h>
+# include <unistd.h>
+# include <sys/types.h>
+# include <sys/mman.h>
+# if defined(OPENSSL_SYS_LINUX)
+#  include <sys/syscall.h>
+#  if defined(SYS_mlock2)
+#   include <linux/mman.h>
+#   include <errno.h>
+#  endif
+# endif
+# include <sys/param.h>
+# include <sys/stat.h>
+# include <fcntl.h>
+#endif
+
+#define CLEAR(p, s) OPENSSL_cleanse(p, s)
+#ifndef PAGE_SIZE
+# define PAGE_SIZE    4096
+#endif
+#if !defined(MAP_ANON) && defined(MAP_ANONYMOUS)
+# define MAP_ANON MAP_ANONYMOUS
+#endif
+
+#ifdef OPENSSL_SECURE_MEMORY
+static size_t secure_mem_used;
+
+static int secure_mem_initialized;
+
+static CRYPTO_RWLOCK *sec_malloc_lock = NULL;
+
+/*
+ * These are the functions that must be implemented by a secure heap (sh).
+ */
+static int sh_init(size_t size, int minsize);
+static void *sh_malloc(size_t size);
+static void sh_free(void *ptr);
+static void sh_done(void);
+static size_t sh_actual_size(char *ptr);
+static int sh_allocated(const char *ptr);
+#endif
+
+int CRYPTO_secure_malloc_init(size_t size, int minsize)
+{
+#ifdef OPENSSL_SECURE_MEMORY
+    int ret = 0;
+
+    if (!secure_mem_initialized) {
+        sec_malloc_lock = CRYPTO_THREAD_lock_new();
+        if (sec_malloc_lock == NULL)
+            return 0;
+        if ((ret = sh_init(size, minsize)) != 0) {
+            secure_mem_initialized = 1;
+        } else {
+            CRYPTO_THREAD_lock_free(sec_malloc_lock);
+            sec_malloc_lock = NULL;
+        }
+    }
+
+    return ret;
+#else
+    return 0;
+#endif /* OPENSSL_SECURE_MEMORY */
+}
+
+int CRYPTO_secure_malloc_done(void)
+{
+#ifdef OPENSSL_SECURE_MEMORY
+    if (secure_mem_used == 0) {
+        sh_done();
+        secure_mem_initialized = 0;
+        CRYPTO_THREAD_lock_free(sec_malloc_lock);
+        sec_malloc_lock = NULL;
+        return 1;
+    }
+#endif /* OPENSSL_SECURE_MEMORY */
+    return 0;
+}
+
+int CRYPTO_secure_malloc_initialized(void)
+{
+#ifdef OPENSSL_SECURE_MEMORY
+    return secure_mem_initialized;
+#else
+    return 0;
+#endif /* OPENSSL_SECURE_MEMORY */
+}
+
+void *CRYPTO_secure_malloc(size_t num, const char *file, int line)
+{
+#ifdef OPENSSL_SECURE_MEMORY
+    void *ret;
+    size_t actual_size;
+
+    if (!secure_mem_initialized) {
+        return CRYPTO_malloc(num, file, line);
+    }
+    CRYPTO_THREAD_write_lock(sec_malloc_lock);
+    ret = sh_malloc(num);
+    actual_size = ret ? sh_actual_size(ret) : 0;
+    secure_mem_used += actual_size;
+    CRYPTO_THREAD_unlock(sec_malloc_lock);
+    return ret;
+#else
+    return CRYPTO_malloc(num, file, line);
+#endif /* OPENSSL_SECURE_MEMORY */
+}
+
+void *CRYPTO_secure_zalloc(size_t num, const char *file, int line)
+{
+#ifdef OPENSSL_SECURE_MEMORY
+    if (secure_mem_initialized)
+        /* CRYPTO_secure_malloc() zeroes allocations when it is implemented */
+        return CRYPTO_secure_malloc(num, file, line);
+#endif
+    return CRYPTO_zalloc(num, file, line);
+}
+
+void CRYPTO_secure_free(void *ptr, const char *file, int line)
+{
+#ifdef OPENSSL_SECURE_MEMORY
+    size_t actual_size;
+
+    if (ptr == NULL)
+        return;
+    if (!CRYPTO_secure_allocated(ptr)) {
+        CRYPTO_free(ptr, file, line);
+        return;
+    }
+    CRYPTO_THREAD_write_lock(sec_malloc_lock);
+    actual_size = sh_actual_size(ptr);
+    CLEAR(ptr, actual_size);
+    secure_mem_used -= actual_size;
+    sh_free(ptr);
+    CRYPTO_THREAD_unlock(sec_malloc_lock);
+#else
+    CRYPTO_free(ptr, file, line);
+#endif /* OPENSSL_SECURE_MEMORY */
+}
+
+void CRYPTO_secure_clear_free(void *ptr, size_t num,
+                              const char *file, int line)
+{
+#ifdef OPENSSL_SECURE_MEMORY
+    size_t actual_size;
+
+    if (ptr == NULL)
+        return;
+    if (!CRYPTO_secure_allocated(ptr)) {
+        OPENSSL_cleanse(ptr, num);
+        CRYPTO_free(ptr, file, line);
+        return;
+    }
+    CRYPTO_THREAD_write_lock(sec_malloc_lock);
+    actual_size = sh_actual_size(ptr);
+    CLEAR(ptr, actual_size);
+    secure_mem_used -= actual_size;
+    sh_free(ptr);
+    CRYPTO_THREAD_unlock(sec_malloc_lock);
+#else
+    if (ptr == NULL)
+        return;
+    OPENSSL_cleanse(ptr, num);
+    CRYPTO_free(ptr, file, line);
+#endif /* OPENSSL_SECURE_MEMORY */
+}
+
+int CRYPTO_secure_allocated(const void *ptr)
+{
+#ifdef OPENSSL_SECURE_MEMORY
+    int ret;
+
+    if (!secure_mem_initialized)
+        return 0;
+    CRYPTO_THREAD_write_lock(sec_malloc_lock);
+    ret = sh_allocated(ptr);
+    CRYPTO_THREAD_unlock(sec_malloc_lock);
+    return ret;
+#else
+    return 0;
+#endif /* OPENSSL_SECURE_MEMORY */
+}
+
+size_t CRYPTO_secure_used(void)
+{
+#ifdef OPENSSL_SECURE_MEMORY
+    return secure_mem_used;
+#else
+    return 0;
+#endif /* OPENSSL_SECURE_MEMORY */
+}
+
+size_t CRYPTO_secure_actual_size(void *ptr)
+{
+#ifdef OPENSSL_SECURE_MEMORY
+    size_t actual_size;
+
+    CRYPTO_THREAD_write_lock(sec_malloc_lock);
+    actual_size = sh_actual_size(ptr);
+    CRYPTO_THREAD_unlock(sec_malloc_lock);
+    return actual_size;
+#else
+    return 0;
+#endif
+}
+/* END OF PAGE ...
+
+   ... START OF PAGE */
+
+/*
+ * SECURE HEAP IMPLEMENTATION
+ */
+#ifdef OPENSSL_SECURE_MEMORY
+
+
+/*
+ * The implementation provided here uses a fixed-sized mmap() heap,
+ * which is locked into memory, not written to core files, and protected
+ * on either side by an unmapped page, which will catch pointer overruns
+ * (or underruns) and an attempt to read data out of the secure heap.
+ * Free'd memory is zero'd or otherwise cleansed.
+ *
+ * This is a pretty standard buddy allocator.  We keep areas in a multiple
+ * of "sh.minsize" units.  The freelist and bitmaps are kept separately,
+ * so all (and only) data is kept in the mmap'd heap.
+ *
+ * This code assumes eight-bit bytes.  The numbers 3 and 7 are all over the
+ * place.
+ */
+
+#define ONE ((size_t)1)
+
+# define TESTBIT(t, b)  (t[(b) >> 3] &  (ONE << ((b) & 7)))
+# define SETBIT(t, b)   (t[(b) >> 3] |= (ONE << ((b) & 7)))
+# define CLEARBIT(t, b) (t[(b) >> 3] &= (0xFF & ~(ONE << ((b) & 7))))
+
+#define WITHIN_ARENA(p) \
+    ((char*)(p) >= sh.arena && (char*)(p) < &sh.arena[sh.arena_size])
+#define WITHIN_FREELIST(p) \
+    ((char*)(p) >= (char*)sh.freelist && (char*)(p) < (char*)&sh.freelist[sh.freelist_size])
+
+
+typedef struct sh_list_st
+{
+    struct sh_list_st *next;
+    struct sh_list_st **p_next;
+} SH_LIST;
+
+typedef struct sh_st
+{
+    char* map_result;
+    size_t map_size;
+    char *arena;
+    size_t arena_size;
+    char **freelist;
+    ossl_ssize_t freelist_size;
+    size_t minsize;
+    unsigned char *bittable;
+    unsigned char *bitmalloc;
+    size_t bittable_size; /* size in bits */
+} SH;
+
+static SH sh;
+
+static size_t sh_getlist(char *ptr)
+{
+    ossl_ssize_t list = sh.freelist_size - 1;
+    size_t bit = (sh.arena_size + ptr - sh.arena) / sh.minsize;
+
+    for (; bit; bit >>= 1, list--) {
+        if (TESTBIT(sh.bittable, bit))
+            break;
+        OPENSSL_assert((bit & 1) == 0);
+    }
+
+    return list;
+}
+
+
+static int sh_testbit(char *ptr, int list, unsigned char *table)
+{
+    size_t bit;
+
+    OPENSSL_assert(list >= 0 && list < sh.freelist_size);
+    OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
+    bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
+    OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
+    return TESTBIT(table, bit);
+}
+
+static void sh_clearbit(char *ptr, int list, unsigned char *table)
+{
+    size_t bit;
+
+    OPENSSL_assert(list >= 0 && list < sh.freelist_size);
+    OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
+    bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
+    OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
+    OPENSSL_assert(TESTBIT(table, bit));
+    CLEARBIT(table, bit);
+}
+
+static void sh_setbit(char *ptr, int list, unsigned char *table)
+{
+    size_t bit;
+
+    OPENSSL_assert(list >= 0 && list < sh.freelist_size);
+    OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
+    bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
+    OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
+    OPENSSL_assert(!TESTBIT(table, bit));
+    SETBIT(table, bit);
+}
+
+static void sh_add_to_list(char **list, char *ptr)
+{
+    SH_LIST *temp;
+
+    OPENSSL_assert(WITHIN_FREELIST(list));
+    OPENSSL_assert(WITHIN_ARENA(ptr));
+
+    temp = (SH_LIST *)ptr;
+    temp->next = *(SH_LIST **)list;
+    OPENSSL_assert(temp->next == NULL || WITHIN_ARENA(temp->next));
+    temp->p_next = (SH_LIST **)list;
+
+    if (temp->next != NULL) {
+        OPENSSL_assert((char **)temp->next->p_next == list);
+        temp->next->p_next = &(temp->next);
+    }
+
+    *list = ptr;
+}
+
+static void sh_remove_from_list(char *ptr)
+{
+    SH_LIST *temp, *temp2;
+
+    temp = (SH_LIST *)ptr;
+    if (temp->next != NULL)
+        temp->next->p_next = temp->p_next;
+    *temp->p_next = temp->next;
+    if (temp->next == NULL)
+        return;
+
+    temp2 = temp->next;
+    OPENSSL_assert(WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next));
+}
+
+
+static int sh_init(size_t size, int minsize)
+{
+    int ret;
+    size_t i;
+    size_t pgsize;
+    size_t aligned;
+
+    memset(&sh, 0, sizeof(sh));
+
+    /* make sure size and minsize are powers of 2 */
+    OPENSSL_assert(size > 0);
+    OPENSSL_assert((size & (size - 1)) == 0);
+    OPENSSL_assert(minsize > 0);
+    OPENSSL_assert((minsize & (minsize - 1)) == 0);
+    if (size <= 0 || (size & (size - 1)) != 0)
+        goto err;
+    if (minsize <= 0 || (minsize & (minsize - 1)) != 0)
+        goto err;
+
+    while (minsize < (int)sizeof(SH_LIST))
+        minsize *= 2;
+
+    sh.arena_size = size;
+    sh.minsize = minsize;
+    sh.bittable_size = (sh.arena_size / sh.minsize) * 2;
+
+    /* Prevent allocations of size 0 later on */
+    if (sh.bittable_size >> 3 == 0)
+        goto err;
+
+    sh.freelist_size = -1;
+    for (i = sh.bittable_size; i; i >>= 1)
+        sh.freelist_size++;
+
+    sh.freelist = OPENSSL_zalloc(sh.freelist_size * sizeof(char *));
+    OPENSSL_assert(sh.freelist != NULL);
+    if (sh.freelist == NULL)
+        goto err;
+
+    sh.bittable = OPENSSL_zalloc(sh.bittable_size >> 3);
+    OPENSSL_assert(sh.bittable != NULL);
+    if (sh.bittable == NULL)
+        goto err;
+
+    sh.bitmalloc = OPENSSL_zalloc(sh.bittable_size >> 3);
+    OPENSSL_assert(sh.bitmalloc != NULL);
+    if (sh.bitmalloc == NULL)
+        goto err;
+
+    /* Allocate space for heap, and two extra pages as guards */
+#if defined(_SC_PAGE_SIZE) || defined (_SC_PAGESIZE)
+    {
+# if defined(_SC_PAGE_SIZE)
+        long tmppgsize = sysconf(_SC_PAGE_SIZE);
+# else
+        long tmppgsize = sysconf(_SC_PAGESIZE);
+# endif
+        if (tmppgsize < 1)
+            pgsize = PAGE_SIZE;
+        else
+            pgsize = (size_t)tmppgsize;
+    }
+#else
+    pgsize = PAGE_SIZE;
+#endif
+    sh.map_size = pgsize + sh.arena_size + pgsize;
+    if (1) {
+#ifdef MAP_ANON
+        sh.map_result = mmap(NULL, sh.map_size,
+                             PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE, -1, 0);
+    } else {
+#endif
+        int fd;
+
+        sh.map_result = MAP_FAILED;
+        if ((fd = open("/dev/zero", O_RDWR)) >= 0) {
+            sh.map_result = mmap(NULL, sh.map_size,
+                                 PROT_READ|PROT_WRITE, MAP_PRIVATE, fd, 0);
+            close(fd);
+        }
+    }
+    if (sh.map_result == MAP_FAILED)
+        goto err;
+    sh.arena = (char *)(sh.map_result + pgsize);
+    sh_setbit(sh.arena, 0, sh.bittable);
+    sh_add_to_list(&sh.freelist[0], sh.arena);
+
+    /* Now try to add guard pages and lock into memory. */
+    ret = 1;
+
+    /* Starting guard is already aligned from mmap. */
+    if (mprotect(sh.map_result, pgsize, PROT_NONE) < 0)
+        ret = 2;
+
+    /* Ending guard page - need to round up to page boundary */
+    aligned = (pgsize + sh.arena_size + (pgsize - 1)) & ~(pgsize - 1);
+    if (mprotect(sh.map_result + aligned, pgsize, PROT_NONE) < 0)
+        ret = 2;
+
+#if defined(OPENSSL_SYS_LINUX) && defined(MLOCK_ONFAULT) && defined(SYS_mlock2)
+    if (syscall(SYS_mlock2, sh.arena, sh.arena_size, MLOCK_ONFAULT) < 0) {
+        if (errno == ENOSYS) {
+            if (mlock(sh.arena, sh.arena_size) < 0)
+                ret = 2;
+        } else {
+            ret = 2;
+        }
+    }
+#else
+    if (mlock(sh.arena, sh.arena_size) < 0)
+        ret = 2;
+#endif
+#ifdef MADV_DONTDUMP
+    if (madvise(sh.arena, sh.arena_size, MADV_DONTDUMP) < 0)
+        ret = 2;
+#endif
+
+    return ret;
+
+ err:
+    sh_done();
+    return 0;
+}
+
+static void sh_done(void)
+{
+    OPENSSL_free(sh.freelist);
+    OPENSSL_free(sh.bittable);
+    OPENSSL_free(sh.bitmalloc);
+    if (sh.map_result != NULL && sh.map_size)
+        munmap(sh.map_result, sh.map_size);
+    memset(&sh, 0, sizeof(sh));
+}
+
+static int sh_allocated(const char *ptr)
+{
+    return WITHIN_ARENA(ptr) ? 1 : 0;
+}
+
+static char *sh_find_my_buddy(char *ptr, int list)
+{
+    size_t bit;
+    char *chunk = NULL;
+
+    bit = (ONE << list) + (ptr - sh.arena) / (sh.arena_size >> list);
+    bit ^= 1;
+
+    if (TESTBIT(sh.bittable, bit) && !TESTBIT(sh.bitmalloc, bit))
+        chunk = sh.arena + ((bit & ((ONE << list) - 1)) * (sh.arena_size >> list));
+
+    return chunk;
+}
+
+static void *sh_malloc(size_t size)
+{
+    ossl_ssize_t list, slist;
+    size_t i;
+    char *chunk;
+
+    if (size > sh.arena_size)
+        return NULL;
+
+    list = sh.freelist_size - 1;
+    for (i = sh.minsize; i < size; i <<= 1)
+        list--;
+    if (list < 0)
+        return NULL;
+
+    /* try to find a larger entry to split */
+    for (slist = list; slist >= 0; slist--)
+        if (sh.freelist[slist] != NULL)
+            break;
+    if (slist < 0)
+        return NULL;
+
+    /* split larger entry */
+    while (slist != list) {
+        char *temp = sh.freelist[slist];
+
+        /* remove from bigger list */
+        OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
+        sh_clearbit(temp, slist, sh.bittable);
+        sh_remove_from_list(temp);
+        OPENSSL_assert(temp != sh.freelist[slist]);
+
+        /* done with bigger list */
+        slist++;
+
+        /* add to smaller list */
+        OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
+        sh_setbit(temp, slist, sh.bittable);
+        sh_add_to_list(&sh.freelist[slist], temp);
+        OPENSSL_assert(sh.freelist[slist] == temp);
+
+        /* split in 2 */
+        temp += sh.arena_size >> slist;
+        OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
+        sh_setbit(temp, slist, sh.bittable);
+        sh_add_to_list(&sh.freelist[slist], temp);
+        OPENSSL_assert(sh.freelist[slist] == temp);
+
+        OPENSSL_assert(temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist));
+    }
+
+    /* peel off memory to hand back */
+    chunk = sh.freelist[list];
+    OPENSSL_assert(sh_testbit(chunk, list, sh.bittable));
+    sh_setbit(chunk, list, sh.bitmalloc);
+    sh_remove_from_list(chunk);
+
+    OPENSSL_assert(WITHIN_ARENA(chunk));
+
+    /* zero the free list header as a precaution against information leakage */
+    memset(chunk, 0, sizeof(SH_LIST));
+
+    return chunk;
+}
+
+static void sh_free(void *ptr)
+{
+    size_t list;
+    void *buddy;
+
+    if (ptr == NULL)
+        return;
+    OPENSSL_assert(WITHIN_ARENA(ptr));
+    if (!WITHIN_ARENA(ptr))
+        return;
+
+    list = sh_getlist(ptr);
+    OPENSSL_assert(sh_testbit(ptr, list, sh.bittable));
+    sh_clearbit(ptr, list, sh.bitmalloc);
+    sh_add_to_list(&sh.freelist[list], ptr);
+
+    /* Try to coalesce two adjacent free areas. */
+    while ((buddy = sh_find_my_buddy(ptr, list)) != NULL) {
+        OPENSSL_assert(ptr == sh_find_my_buddy(buddy, list));
+        OPENSSL_assert(ptr != NULL);
+        OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
+        sh_clearbit(ptr, list, sh.bittable);
+        sh_remove_from_list(ptr);
+        OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
+        sh_clearbit(buddy, list, sh.bittable);
+        sh_remove_from_list(buddy);
+
+        list--;
+
+        /* Zero the higher addressed block's free list pointers */
+        memset(ptr > buddy ? ptr : buddy, 0, sizeof(SH_LIST));
+        if (ptr > buddy)
+            ptr = buddy;
+
+        OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
+        sh_setbit(ptr, list, sh.bittable);
+        sh_add_to_list(&sh.freelist[list], ptr);
+        OPENSSL_assert(sh.freelist[list] == ptr);
+    }
+}
+
+static size_t sh_actual_size(char *ptr)
+{
+    int list;
+
+    OPENSSL_assert(WITHIN_ARENA(ptr));
+    if (!WITHIN_ARENA(ptr))
+        return 0;
+    list = sh_getlist(ptr);
+    OPENSSL_assert(sh_testbit(ptr, list, sh.bittable));
+    return sh.arena_size / (ONE << list);
+}
+#endif /* OPENSSL_SECURE_MEMORY */
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/mips_arch.h b/trunk/3rdparty/openssl-1.1-fit/crypto/mips_arch.h
new file mode 100644
index 000000000..75043e79d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/mips_arch.h
@@ -0,0 +1,40 @@
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef __MIPS_ARCH_H__
+# define __MIPS_ARCH_H__
+
+# if (defined(__mips_smartmips) || defined(_MIPS_ARCH_MIPS32R3) || \
+      defined(_MIPS_ARCH_MIPS32R5) || defined(_MIPS_ARCH_MIPS32R6))
+      && !defined(_MIPS_ARCH_MIPS32R2)
+#  define _MIPS_ARCH_MIPS32R2
+# endif
+
+# if (defined(_MIPS_ARCH_MIPS64R3) || defined(_MIPS_ARCH_MIPS64R5) || \
+      defined(_MIPS_ARCH_MIPS64R6)) \
+      && !defined(_MIPS_ARCH_MIPS64R2)
+#  define _MIPS_ARCH_MIPS64R2
+# endif
+
+# if defined(_MIPS_ARCH_MIPS64R6)
+#  define dmultu(rs,rt)
+#  define mflo(rd,rs,rt)	dmulu	rd,rs,rt
+#  define mfhi(rd,rs,rt)	dmuhu	rd,rs,rt
+# elif defined(_MIPS_ARCH_MIPS32R6)
+#  define multu(rs,rt)
+#  define mflo(rd,rs,rt)	mulu	rd,rs,rt
+#  define mfhi(rd,rs,rt)	muhu	rd,rs,rt
+# else
+#  define dmultu(rs,rt)		dmultu	rs,rt
+#  define multu(rs,rt)		multu	rs,rt
+#  define mflo(rd,rs,rt)	mflo	rd
+#  define mfhi(rd,rs,rt)	mfhi	rd
+# endif
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/aesni-gcm-x86_64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/aesni-gcm-x86_64.pl
new file mode 100644
index 000000000..b42016101
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/aesni-gcm-x86_64.pl
@@ -0,0 +1,1099 @@
+#! /usr/bin/env perl
+# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+#
+# AES-NI-CTR+GHASH stitch.
+#
+# February 2013
+#
+# OpenSSL GCM implementation is organized in such way that its
+# performance is rather close to the sum of its streamed components,
+# in the context parallelized AES-NI CTR and modulo-scheduled
+# PCLMULQDQ-enabled GHASH. Unfortunately, as no stitch implementation
+# was observed to perform significantly better than the sum of the
+# components on contemporary CPUs, the effort was deemed impossible to
+# justify. This module is based on combination of Intel submissions,
+# [1] and [2], with MOVBE twist suggested by Ilya Albrekht and Max
+# Locktyukhin of Intel Corp. who verified that it reduces shuffles
+# pressure with notable relative improvement, achieving 1.0 cycle per
+# byte processed with 128-bit key on Haswell processor, 0.74 - on
+# Broadwell, 0.63 - on Skylake... [Mentioned results are raw profiled
+# measurements for favourable packet size, one divisible by 96.
+# Applications using the EVP interface will observe a few percent
+# worse performance.]
+#
+# Knights Landing processes 1 byte in 1.25 cycles (measured with EVP).
+#
+# [1] http://rt.openssl.org/Ticket/Display.html?id=2900&user=guest&pass=guest
+# [2] http://www.intel.com/content/dam/www/public/us/en/documents/software-support/enabling-high-performance-gcm.pdf
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+		=~ /GNU assembler version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.20) + ($1>=2.22);
+}
+
+if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
+	    `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.09) + ($1>=2.10);
+}
+
+if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
+	    `ml64 2>&1` =~ /Version ([0-9]+)\./) {
+	$avx = ($1>=10) + ($1>=11);
+}
+
+if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) {
+	$avx = ($2>=3.0) + ($2>3.0);
+}
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+if ($avx>1) {{{
+
+($inp,$out,$len,$key,$ivp,$Xip)=("%rdi","%rsi","%rdx","%rcx","%r8","%r9");
+
+($Ii,$T1,$T2,$Hkey,
+ $Z0,$Z1,$Z2,$Z3,$Xi) = map("%xmm$_",(0..8));
+
+($inout0,$inout1,$inout2,$inout3,$inout4,$inout5,$rndkey) = map("%xmm$_",(9..15));
+
+($counter,$rounds,$ret,$const,$in0,$end0)=("%ebx","%ebp","%r10","%r11","%r14","%r15");
+
+$code=<<___;
+.text
+
+.type	_aesni_ctr32_ghash_6x,\@abi-omnipotent
+.align	32
+_aesni_ctr32_ghash_6x:
+	vmovdqu		0x20($const),$T2	# borrow $T2, .Lone_msb
+	sub		\$6,$len
+	vpxor		$Z0,$Z0,$Z0		# $Z0   = 0
+	vmovdqu		0x00-0x80($key),$rndkey
+	vpaddb		$T2,$T1,$inout1
+	vpaddb		$T2,$inout1,$inout2
+	vpaddb		$T2,$inout2,$inout3
+	vpaddb		$T2,$inout3,$inout4
+	vpaddb		$T2,$inout4,$inout5
+	vpxor		$rndkey,$T1,$inout0
+	vmovdqu		$Z0,16+8(%rsp)		# "$Z3" = 0
+	jmp		.Loop6x
+
+.align	32
+.Loop6x:
+	add		\$`6<<24`,$counter
+	jc		.Lhandle_ctr32		# discard $inout[1-5]?
+	vmovdqu		0x00-0x20($Xip),$Hkey	# $Hkey^1
+	  vpaddb	$T2,$inout5,$T1		# next counter value
+	  vpxor		$rndkey,$inout1,$inout1
+	  vpxor		$rndkey,$inout2,$inout2
+
+.Lresume_ctr32:
+	vmovdqu		$T1,($ivp)		# save next counter value
+	vpclmulqdq	\$0x10,$Hkey,$Z3,$Z1
+	  vpxor		$rndkey,$inout3,$inout3
+	  vmovups	0x10-0x80($key),$T2	# borrow $T2 for $rndkey
+	vpclmulqdq	\$0x01,$Hkey,$Z3,$Z2
+	xor		%r12,%r12
+	cmp		$in0,$end0
+
+	  vaesenc	$T2,$inout0,$inout0
+	vmovdqu		0x30+8(%rsp),$Ii	# I[4]
+	  vpxor		$rndkey,$inout4,$inout4
+	vpclmulqdq	\$0x00,$Hkey,$Z3,$T1
+	  vaesenc	$T2,$inout1,$inout1
+	  vpxor		$rndkey,$inout5,$inout5
+	setnc		%r12b
+	vpclmulqdq	\$0x11,$Hkey,$Z3,$Z3
+	  vaesenc	$T2,$inout2,$inout2
+	vmovdqu		0x10-0x20($Xip),$Hkey	# $Hkey^2
+	neg		%r12
+	  vaesenc	$T2,$inout3,$inout3
+	 vpxor		$Z1,$Z2,$Z2
+	vpclmulqdq	\$0x00,$Hkey,$Ii,$Z1
+	 vpxor		$Z0,$Xi,$Xi		# modulo-scheduled
+	  vaesenc	$T2,$inout4,$inout4
+	 vpxor		$Z1,$T1,$Z0
+	and		\$0x60,%r12
+	  vmovups	0x20-0x80($key),$rndkey
+	vpclmulqdq	\$0x10,$Hkey,$Ii,$T1
+	  vaesenc	$T2,$inout5,$inout5
+
+	vpclmulqdq	\$0x01,$Hkey,$Ii,$T2
+	lea		($in0,%r12),$in0
+	  vaesenc	$rndkey,$inout0,$inout0
+	 vpxor		16+8(%rsp),$Xi,$Xi	# modulo-scheduled [vpxor $Z3,$Xi,$Xi]
+	vpclmulqdq	\$0x11,$Hkey,$Ii,$Hkey
+	 vmovdqu	0x40+8(%rsp),$Ii	# I[3]
+	  vaesenc	$rndkey,$inout1,$inout1
+	movbe		0x58($in0),%r13
+	  vaesenc	$rndkey,$inout2,$inout2
+	movbe		0x50($in0),%r12
+	  vaesenc	$rndkey,$inout3,$inout3
+	mov		%r13,0x20+8(%rsp)
+	  vaesenc	$rndkey,$inout4,$inout4
+	mov		%r12,0x28+8(%rsp)
+	vmovdqu		0x30-0x20($Xip),$Z1	# borrow $Z1 for $Hkey^3
+	  vaesenc	$rndkey,$inout5,$inout5
+
+	  vmovups	0x30-0x80($key),$rndkey
+	 vpxor		$T1,$Z2,$Z2
+	vpclmulqdq	\$0x00,$Z1,$Ii,$T1
+	  vaesenc	$rndkey,$inout0,$inout0
+	 vpxor		$T2,$Z2,$Z2
+	vpclmulqdq	\$0x10,$Z1,$Ii,$T2
+	  vaesenc	$rndkey,$inout1,$inout1
+	 vpxor		$Hkey,$Z3,$Z3
+	vpclmulqdq	\$0x01,$Z1,$Ii,$Hkey
+	  vaesenc	$rndkey,$inout2,$inout2
+	vpclmulqdq	\$0x11,$Z1,$Ii,$Z1
+	 vmovdqu	0x50+8(%rsp),$Ii	# I[2]
+	  vaesenc	$rndkey,$inout3,$inout3
+	  vaesenc	$rndkey,$inout4,$inout4
+	 vpxor		$T1,$Z0,$Z0
+	vmovdqu		0x40-0x20($Xip),$T1	# borrow $T1 for $Hkey^4
+	  vaesenc	$rndkey,$inout5,$inout5
+
+	  vmovups	0x40-0x80($key),$rndkey
+	 vpxor		$T2,$Z2,$Z2
+	vpclmulqdq	\$0x00,$T1,$Ii,$T2
+	  vaesenc	$rndkey,$inout0,$inout0
+	 vpxor		$Hkey,$Z2,$Z2
+	vpclmulqdq	\$0x10,$T1,$Ii,$Hkey
+	  vaesenc	$rndkey,$inout1,$inout1
+	movbe		0x48($in0),%r13
+	 vpxor		$Z1,$Z3,$Z3
+	vpclmulqdq	\$0x01,$T1,$Ii,$Z1
+	  vaesenc	$rndkey,$inout2,$inout2
+	movbe		0x40($in0),%r12
+	vpclmulqdq	\$0x11,$T1,$Ii,$T1
+	 vmovdqu	0x60+8(%rsp),$Ii	# I[1]
+	  vaesenc	$rndkey,$inout3,$inout3
+	mov		%r13,0x30+8(%rsp)
+	  vaesenc	$rndkey,$inout4,$inout4
+	mov		%r12,0x38+8(%rsp)
+	 vpxor		$T2,$Z0,$Z0
+	vmovdqu		0x60-0x20($Xip),$T2	# borrow $T2 for $Hkey^5
+	  vaesenc	$rndkey,$inout5,$inout5
+
+	  vmovups	0x50-0x80($key),$rndkey
+	 vpxor		$Hkey,$Z2,$Z2
+	vpclmulqdq	\$0x00,$T2,$Ii,$Hkey
+	  vaesenc	$rndkey,$inout0,$inout0
+	 vpxor		$Z1,$Z2,$Z2
+	vpclmulqdq	\$0x10,$T2,$Ii,$Z1
+	  vaesenc	$rndkey,$inout1,$inout1
+	movbe		0x38($in0),%r13
+	 vpxor		$T1,$Z3,$Z3
+	vpclmulqdq	\$0x01,$T2,$Ii,$T1
+	 vpxor		0x70+8(%rsp),$Xi,$Xi	# accumulate I[0]
+	  vaesenc	$rndkey,$inout2,$inout2
+	movbe		0x30($in0),%r12
+	vpclmulqdq	\$0x11,$T2,$Ii,$T2
+	  vaesenc	$rndkey,$inout3,$inout3
+	mov		%r13,0x40+8(%rsp)
+	  vaesenc	$rndkey,$inout4,$inout4
+	mov		%r12,0x48+8(%rsp)
+	 vpxor		$Hkey,$Z0,$Z0
+	 vmovdqu	0x70-0x20($Xip),$Hkey	# $Hkey^6
+	  vaesenc	$rndkey,$inout5,$inout5
+
+	  vmovups	0x60-0x80($key),$rndkey
+	 vpxor		$Z1,$Z2,$Z2
+	vpclmulqdq	\$0x10,$Hkey,$Xi,$Z1
+	  vaesenc	$rndkey,$inout0,$inout0
+	 vpxor		$T1,$Z2,$Z2
+	vpclmulqdq	\$0x01,$Hkey,$Xi,$T1
+	  vaesenc	$rndkey,$inout1,$inout1
+	movbe		0x28($in0),%r13
+	 vpxor		$T2,$Z3,$Z3
+	vpclmulqdq	\$0x00,$Hkey,$Xi,$T2
+	  vaesenc	$rndkey,$inout2,$inout2
+	movbe		0x20($in0),%r12
+	vpclmulqdq	\$0x11,$Hkey,$Xi,$Xi
+	  vaesenc	$rndkey,$inout3,$inout3
+	mov		%r13,0x50+8(%rsp)
+	  vaesenc	$rndkey,$inout4,$inout4
+	mov		%r12,0x58+8(%rsp)
+	vpxor		$Z1,$Z2,$Z2
+	  vaesenc	$rndkey,$inout5,$inout5
+	vpxor		$T1,$Z2,$Z2
+
+	  vmovups	0x70-0x80($key),$rndkey
+	vpslldq		\$8,$Z2,$Z1
+	vpxor		$T2,$Z0,$Z0
+	vmovdqu		0x10($const),$Hkey	# .Lpoly
+
+	  vaesenc	$rndkey,$inout0,$inout0
+	vpxor		$Xi,$Z3,$Z3
+	  vaesenc	$rndkey,$inout1,$inout1
+	vpxor		$Z1,$Z0,$Z0
+	movbe		0x18($in0),%r13
+	  vaesenc	$rndkey,$inout2,$inout2
+	movbe		0x10($in0),%r12
+	vpalignr	\$8,$Z0,$Z0,$Ii		# 1st phase
+	vpclmulqdq	\$0x10,$Hkey,$Z0,$Z0
+	mov		%r13,0x60+8(%rsp)
+	  vaesenc	$rndkey,$inout3,$inout3
+	mov		%r12,0x68+8(%rsp)
+	  vaesenc	$rndkey,$inout4,$inout4
+	  vmovups	0x80-0x80($key),$T1	# borrow $T1 for $rndkey
+	  vaesenc	$rndkey,$inout5,$inout5
+
+	  vaesenc	$T1,$inout0,$inout0
+	  vmovups	0x90-0x80($key),$rndkey
+	  vaesenc	$T1,$inout1,$inout1
+	vpsrldq		\$8,$Z2,$Z2
+	  vaesenc	$T1,$inout2,$inout2
+	vpxor		$Z2,$Z3,$Z3
+	  vaesenc	$T1,$inout3,$inout3
+	vpxor		$Ii,$Z0,$Z0
+	movbe		0x08($in0),%r13
+	  vaesenc	$T1,$inout4,$inout4
+	movbe		0x00($in0),%r12
+	  vaesenc	$T1,$inout5,$inout5
+	  vmovups	0xa0-0x80($key),$T1
+	  cmp		\$11,$rounds
+	  jb		.Lenc_tail		# 128-bit key
+
+	  vaesenc	$rndkey,$inout0,$inout0
+	  vaesenc	$rndkey,$inout1,$inout1
+	  vaesenc	$rndkey,$inout2,$inout2
+	  vaesenc	$rndkey,$inout3,$inout3
+	  vaesenc	$rndkey,$inout4,$inout4
+	  vaesenc	$rndkey,$inout5,$inout5
+
+	  vaesenc	$T1,$inout0,$inout0
+	  vaesenc	$T1,$inout1,$inout1
+	  vaesenc	$T1,$inout2,$inout2
+	  vaesenc	$T1,$inout3,$inout3
+	  vaesenc	$T1,$inout4,$inout4
+	  vmovups	0xb0-0x80($key),$rndkey
+	  vaesenc	$T1,$inout5,$inout5
+	  vmovups	0xc0-0x80($key),$T1
+	  je		.Lenc_tail		# 192-bit key
+
+	  vaesenc	$rndkey,$inout0,$inout0
+	  vaesenc	$rndkey,$inout1,$inout1
+	  vaesenc	$rndkey,$inout2,$inout2
+	  vaesenc	$rndkey,$inout3,$inout3
+	  vaesenc	$rndkey,$inout4,$inout4
+	  vaesenc	$rndkey,$inout5,$inout5
+
+	  vaesenc	$T1,$inout0,$inout0
+	  vaesenc	$T1,$inout1,$inout1
+	  vaesenc	$T1,$inout2,$inout2
+	  vaesenc	$T1,$inout3,$inout3
+	  vaesenc	$T1,$inout4,$inout4
+	  vmovups	0xd0-0x80($key),$rndkey
+	  vaesenc	$T1,$inout5,$inout5
+	  vmovups	0xe0-0x80($key),$T1
+	  jmp		.Lenc_tail		# 256-bit key
+
+.align	32
+.Lhandle_ctr32:
+	vmovdqu		($const),$Ii		# borrow $Ii for .Lbswap_mask
+	  vpshufb	$Ii,$T1,$Z2		# byte-swap counter
+	  vmovdqu	0x30($const),$Z1	# borrow $Z1, .Ltwo_lsb
+	  vpaddd	0x40($const),$Z2,$inout1	# .Lone_lsb
+	  vpaddd	$Z1,$Z2,$inout2
+	vmovdqu		0x00-0x20($Xip),$Hkey	# $Hkey^1
+	  vpaddd	$Z1,$inout1,$inout3
+	  vpshufb	$Ii,$inout1,$inout1
+	  vpaddd	$Z1,$inout2,$inout4
+	  vpshufb	$Ii,$inout2,$inout2
+	  vpxor		$rndkey,$inout1,$inout1
+	  vpaddd	$Z1,$inout3,$inout5
+	  vpshufb	$Ii,$inout3,$inout3
+	  vpxor		$rndkey,$inout2,$inout2
+	  vpaddd	$Z1,$inout4,$T1		# byte-swapped next counter value
+	  vpshufb	$Ii,$inout4,$inout4
+	  vpshufb	$Ii,$inout5,$inout5
+	  vpshufb	$Ii,$T1,$T1		# next counter value
+	jmp		.Lresume_ctr32
+
+.align	32
+.Lenc_tail:
+	  vaesenc	$rndkey,$inout0,$inout0
+	vmovdqu		$Z3,16+8(%rsp)		# postpone vpxor $Z3,$Xi,$Xi
+	vpalignr	\$8,$Z0,$Z0,$Xi		# 2nd phase
+	  vaesenc	$rndkey,$inout1,$inout1
+	vpclmulqdq	\$0x10,$Hkey,$Z0,$Z0
+	  vpxor		0x00($inp),$T1,$T2
+	  vaesenc	$rndkey,$inout2,$inout2
+	  vpxor		0x10($inp),$T1,$Ii
+	  vaesenc	$rndkey,$inout3,$inout3
+	  vpxor		0x20($inp),$T1,$Z1
+	  vaesenc	$rndkey,$inout4,$inout4
+	  vpxor		0x30($inp),$T1,$Z2
+	  vaesenc	$rndkey,$inout5,$inout5
+	  vpxor		0x40($inp),$T1,$Z3
+	  vpxor		0x50($inp),$T1,$Hkey
+	  vmovdqu	($ivp),$T1		# load next counter value
+
+	  vaesenclast	$T2,$inout0,$inout0
+	  vmovdqu	0x20($const),$T2	# borrow $T2, .Lone_msb
+	  vaesenclast	$Ii,$inout1,$inout1
+	 vpaddb		$T2,$T1,$Ii
+	mov		%r13,0x70+8(%rsp)
+	lea		0x60($inp),$inp
+	  vaesenclast	$Z1,$inout2,$inout2
+	 vpaddb		$T2,$Ii,$Z1
+	mov		%r12,0x78+8(%rsp)
+	lea		0x60($out),$out
+	  vmovdqu	0x00-0x80($key),$rndkey
+	  vaesenclast	$Z2,$inout3,$inout3
+	 vpaddb		$T2,$Z1,$Z2
+	  vaesenclast	$Z3, $inout4,$inout4
+	 vpaddb		$T2,$Z2,$Z3
+	  vaesenclast	$Hkey,$inout5,$inout5
+	 vpaddb		$T2,$Z3,$Hkey
+
+	add		\$0x60,$ret
+	sub		\$0x6,$len
+	jc		.L6x_done
+
+	  vmovups	$inout0,-0x60($out)	# save output
+	 vpxor		$rndkey,$T1,$inout0
+	  vmovups	$inout1,-0x50($out)
+	 vmovdqa	$Ii,$inout1		# 0 latency
+	  vmovups	$inout2,-0x40($out)
+	 vmovdqa	$Z1,$inout2		# 0 latency
+	  vmovups	$inout3,-0x30($out)
+	 vmovdqa	$Z2,$inout3		# 0 latency
+	  vmovups	$inout4,-0x20($out)
+	 vmovdqa	$Z3,$inout4		# 0 latency
+	  vmovups	$inout5,-0x10($out)
+	 vmovdqa	$Hkey,$inout5		# 0 latency
+	vmovdqu		0x20+8(%rsp),$Z3	# I[5]
+	jmp		.Loop6x
+
+.L6x_done:
+	vpxor		16+8(%rsp),$Xi,$Xi	# modulo-scheduled
+	vpxor		$Z0,$Xi,$Xi		# modulo-scheduled
+
+	ret
+.size	_aesni_ctr32_ghash_6x,.-_aesni_ctr32_ghash_6x
+___
+######################################################################
+#
+# size_t aesni_gcm_[en|de]crypt(const void *inp, void *out, size_t len,
+#		const AES_KEY *key, unsigned char iv[16],
+#		struct { u128 Xi,H,Htbl[9]; } *Xip);
+$code.=<<___;
+.globl	aesni_gcm_decrypt
+.type	aesni_gcm_decrypt,\@function,6
+.align	32
+aesni_gcm_decrypt:
+.cfi_startproc
+	xor	$ret,$ret
+	cmp	\$0x60,$len			# minimal accepted length
+	jb	.Lgcm_dec_abort
+
+	lea	(%rsp),%rax			# save stack pointer
+.cfi_def_cfa_register	%rax
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+___
+$code.=<<___ if ($win64);
+	lea	-0xa8(%rsp),%rsp
+	movaps	%xmm6,-0xd8(%rax)
+	movaps	%xmm7,-0xc8(%rax)
+	movaps	%xmm8,-0xb8(%rax)
+	movaps	%xmm9,-0xa8(%rax)
+	movaps	%xmm10,-0x98(%rax)
+	movaps	%xmm11,-0x88(%rax)
+	movaps	%xmm12,-0x78(%rax)
+	movaps	%xmm13,-0x68(%rax)
+	movaps	%xmm14,-0x58(%rax)
+	movaps	%xmm15,-0x48(%rax)
+.Lgcm_dec_body:
+___
+$code.=<<___;
+	vzeroupper
+
+	vmovdqu		($ivp),$T1		# input counter value
+	add		\$-128,%rsp
+	mov		12($ivp),$counter
+	lea		.Lbswap_mask(%rip),$const
+	lea		-0x80($key),$in0	# borrow $in0
+	mov		\$0xf80,$end0		# borrow $end0
+	vmovdqu		($Xip),$Xi		# load Xi
+	and		\$-128,%rsp		# ensure stack alignment
+	vmovdqu		($const),$Ii		# borrow $Ii for .Lbswap_mask
+	lea		0x80($key),$key		# size optimization
+	lea		0x20+0x20($Xip),$Xip	# size optimization
+	mov		0xf0-0x80($key),$rounds
+	vpshufb		$Ii,$Xi,$Xi
+
+	and		$end0,$in0
+	and		%rsp,$end0
+	sub		$in0,$end0
+	jc		.Ldec_no_key_aliasing
+	cmp		\$768,$end0
+	jnc		.Ldec_no_key_aliasing
+	sub		$end0,%rsp		# avoid aliasing with key
+.Ldec_no_key_aliasing:
+
+	vmovdqu		0x50($inp),$Z3		# I[5]
+	lea		($inp),$in0
+	vmovdqu		0x40($inp),$Z0
+	lea		-0xc0($inp,$len),$end0
+	vmovdqu		0x30($inp),$Z1
+	shr		\$4,$len
+	xor		$ret,$ret
+	vmovdqu		0x20($inp),$Z2
+	 vpshufb	$Ii,$Z3,$Z3		# passed to _aesni_ctr32_ghash_6x
+	vmovdqu		0x10($inp),$T2
+	 vpshufb	$Ii,$Z0,$Z0
+	vmovdqu		($inp),$Hkey
+	 vpshufb	$Ii,$Z1,$Z1
+	vmovdqu		$Z0,0x30(%rsp)
+	 vpshufb	$Ii,$Z2,$Z2
+	vmovdqu		$Z1,0x40(%rsp)
+	 vpshufb	$Ii,$T2,$T2
+	vmovdqu		$Z2,0x50(%rsp)
+	 vpshufb	$Ii,$Hkey,$Hkey
+	vmovdqu		$T2,0x60(%rsp)
+	vmovdqu		$Hkey,0x70(%rsp)
+
+	call		_aesni_ctr32_ghash_6x
+
+	vmovups		$inout0,-0x60($out)	# save output
+	vmovups		$inout1,-0x50($out)
+	vmovups		$inout2,-0x40($out)
+	vmovups		$inout3,-0x30($out)
+	vmovups		$inout4,-0x20($out)
+	vmovups		$inout5,-0x10($out)
+
+	vpshufb		($const),$Xi,$Xi	# .Lbswap_mask
+	vmovdqu		$Xi,-0x40($Xip)		# output Xi
+
+	vzeroupper
+___
+$code.=<<___ if ($win64);
+	movaps	-0xd8(%rax),%xmm6
+	movaps	-0xc8(%rax),%xmm7
+	movaps	-0xb8(%rax),%xmm8
+	movaps	-0xa8(%rax),%xmm9
+	movaps	-0x98(%rax),%xmm10
+	movaps	-0x88(%rax),%xmm11
+	movaps	-0x78(%rax),%xmm12
+	movaps	-0x68(%rax),%xmm13
+	movaps	-0x58(%rax),%xmm14
+	movaps	-0x48(%rax),%xmm15
+___
+$code.=<<___;
+	mov	-48(%rax),%r15
+.cfi_restore	%r15
+	mov	-40(%rax),%r14
+.cfi_restore	%r14
+	mov	-32(%rax),%r13
+.cfi_restore	%r13
+	mov	-24(%rax),%r12
+.cfi_restore	%r12
+	mov	-16(%rax),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rax),%rbx
+.cfi_restore	%rbx
+	lea	(%rax),%rsp		# restore %rsp
+.cfi_def_cfa_register	%rsp
+.Lgcm_dec_abort:
+	mov	$ret,%rax		# return value
+	ret
+.cfi_endproc
+.size	aesni_gcm_decrypt,.-aesni_gcm_decrypt
+___
+
+$code.=<<___;
+.type	_aesni_ctr32_6x,\@abi-omnipotent
+.align	32
+_aesni_ctr32_6x:
+	vmovdqu		0x00-0x80($key),$Z0	# borrow $Z0 for $rndkey
+	vmovdqu		0x20($const),$T2	# borrow $T2, .Lone_msb
+	lea		-1($rounds),%r13
+	vmovups		0x10-0x80($key),$rndkey
+	lea		0x20-0x80($key),%r12
+	vpxor		$Z0,$T1,$inout0
+	add		\$`6<<24`,$counter
+	jc		.Lhandle_ctr32_2
+	vpaddb		$T2,$T1,$inout1
+	vpaddb		$T2,$inout1,$inout2
+	vpxor		$Z0,$inout1,$inout1
+	vpaddb		$T2,$inout2,$inout3
+	vpxor		$Z0,$inout2,$inout2
+	vpaddb		$T2,$inout3,$inout4
+	vpxor		$Z0,$inout3,$inout3
+	vpaddb		$T2,$inout4,$inout5
+	vpxor		$Z0,$inout4,$inout4
+	vpaddb		$T2,$inout5,$T1
+	vpxor		$Z0,$inout5,$inout5
+	jmp		.Loop_ctr32
+
+.align	16
+.Loop_ctr32:
+	vaesenc		$rndkey,$inout0,$inout0
+	vaesenc		$rndkey,$inout1,$inout1
+	vaesenc		$rndkey,$inout2,$inout2
+	vaesenc		$rndkey,$inout3,$inout3
+	vaesenc		$rndkey,$inout4,$inout4
+	vaesenc		$rndkey,$inout5,$inout5
+	vmovups		(%r12),$rndkey
+	lea		0x10(%r12),%r12
+	dec		%r13d
+	jnz		.Loop_ctr32
+
+	vmovdqu		(%r12),$Hkey		# last round key
+	vaesenc		$rndkey,$inout0,$inout0
+	vpxor		0x00($inp),$Hkey,$Z0
+	vaesenc		$rndkey,$inout1,$inout1
+	vpxor		0x10($inp),$Hkey,$Z1
+	vaesenc		$rndkey,$inout2,$inout2
+	vpxor		0x20($inp),$Hkey,$Z2
+	vaesenc		$rndkey,$inout3,$inout3
+	vpxor		0x30($inp),$Hkey,$Xi
+	vaesenc		$rndkey,$inout4,$inout4
+	vpxor		0x40($inp),$Hkey,$T2
+	vaesenc		$rndkey,$inout5,$inout5
+	vpxor		0x50($inp),$Hkey,$Hkey
+	lea		0x60($inp),$inp
+
+	vaesenclast	$Z0,$inout0,$inout0
+	vaesenclast	$Z1,$inout1,$inout1
+	vaesenclast	$Z2,$inout2,$inout2
+	vaesenclast	$Xi,$inout3,$inout3
+	vaesenclast	$T2,$inout4,$inout4
+	vaesenclast	$Hkey,$inout5,$inout5
+	vmovups		$inout0,0x00($out)
+	vmovups		$inout1,0x10($out)
+	vmovups		$inout2,0x20($out)
+	vmovups		$inout3,0x30($out)
+	vmovups		$inout4,0x40($out)
+	vmovups		$inout5,0x50($out)
+	lea		0x60($out),$out
+
+	ret
+.align	32
+.Lhandle_ctr32_2:
+	vpshufb		$Ii,$T1,$Z2		# byte-swap counter
+	vmovdqu		0x30($const),$Z1	# borrow $Z1, .Ltwo_lsb
+	vpaddd		0x40($const),$Z2,$inout1	# .Lone_lsb
+	vpaddd		$Z1,$Z2,$inout2
+	vpaddd		$Z1,$inout1,$inout3
+	vpshufb		$Ii,$inout1,$inout1
+	vpaddd		$Z1,$inout2,$inout4
+	vpshufb		$Ii,$inout2,$inout2
+	vpxor		$Z0,$inout1,$inout1
+	vpaddd		$Z1,$inout3,$inout5
+	vpshufb		$Ii,$inout3,$inout3
+	vpxor		$Z0,$inout2,$inout2
+	vpaddd		$Z1,$inout4,$T1		# byte-swapped next counter value
+	vpshufb		$Ii,$inout4,$inout4
+	vpxor		$Z0,$inout3,$inout3
+	vpshufb		$Ii,$inout5,$inout5
+	vpxor		$Z0,$inout4,$inout4
+	vpshufb		$Ii,$T1,$T1		# next counter value
+	vpxor		$Z0,$inout5,$inout5
+	jmp	.Loop_ctr32
+.size	_aesni_ctr32_6x,.-_aesni_ctr32_6x
+
+.globl	aesni_gcm_encrypt
+.type	aesni_gcm_encrypt,\@function,6
+.align	32
+aesni_gcm_encrypt:
+.cfi_startproc
+	xor	$ret,$ret
+	cmp	\$0x60*3,$len			# minimal accepted length
+	jb	.Lgcm_enc_abort
+
+	lea	(%rsp),%rax			# save stack pointer
+.cfi_def_cfa_register	%rax
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+___
+$code.=<<___ if ($win64);
+	lea	-0xa8(%rsp),%rsp
+	movaps	%xmm6,-0xd8(%rax)
+	movaps	%xmm7,-0xc8(%rax)
+	movaps	%xmm8,-0xb8(%rax)
+	movaps	%xmm9,-0xa8(%rax)
+	movaps	%xmm10,-0x98(%rax)
+	movaps	%xmm11,-0x88(%rax)
+	movaps	%xmm12,-0x78(%rax)
+	movaps	%xmm13,-0x68(%rax)
+	movaps	%xmm14,-0x58(%rax)
+	movaps	%xmm15,-0x48(%rax)
+.Lgcm_enc_body:
+___
+$code.=<<___;
+	vzeroupper
+
+	vmovdqu		($ivp),$T1		# input counter value
+	add		\$-128,%rsp
+	mov		12($ivp),$counter
+	lea		.Lbswap_mask(%rip),$const
+	lea		-0x80($key),$in0	# borrow $in0
+	mov		\$0xf80,$end0		# borrow $end0
+	lea		0x80($key),$key		# size optimization
+	vmovdqu		($const),$Ii		# borrow $Ii for .Lbswap_mask
+	and		\$-128,%rsp		# ensure stack alignment
+	mov		0xf0-0x80($key),$rounds
+
+	and		$end0,$in0
+	and		%rsp,$end0
+	sub		$in0,$end0
+	jc		.Lenc_no_key_aliasing
+	cmp		\$768,$end0
+	jnc		.Lenc_no_key_aliasing
+	sub		$end0,%rsp		# avoid aliasing with key
+.Lenc_no_key_aliasing:
+
+	lea		($out),$in0
+	lea		-0xc0($out,$len),$end0
+	shr		\$4,$len
+
+	call		_aesni_ctr32_6x
+	vpshufb		$Ii,$inout0,$Xi		# save bswapped output on stack
+	vpshufb		$Ii,$inout1,$T2
+	vmovdqu		$Xi,0x70(%rsp)
+	vpshufb		$Ii,$inout2,$Z0
+	vmovdqu		$T2,0x60(%rsp)
+	vpshufb		$Ii,$inout3,$Z1
+	vmovdqu		$Z0,0x50(%rsp)
+	vpshufb		$Ii,$inout4,$Z2
+	vmovdqu		$Z1,0x40(%rsp)
+	vpshufb		$Ii,$inout5,$Z3		# passed to _aesni_ctr32_ghash_6x
+	vmovdqu		$Z2,0x30(%rsp)
+
+	call		_aesni_ctr32_6x
+
+	vmovdqu		($Xip),$Xi		# load Xi
+	lea		0x20+0x20($Xip),$Xip	# size optimization
+	sub		\$12,$len
+	mov		\$0x60*2,$ret
+	vpshufb		$Ii,$Xi,$Xi
+
+	call		_aesni_ctr32_ghash_6x
+	vmovdqu		0x20(%rsp),$Z3		# I[5]
+	 vmovdqu	($const),$Ii		# borrow $Ii for .Lbswap_mask
+	vmovdqu		0x00-0x20($Xip),$Hkey	# $Hkey^1
+	vpunpckhqdq	$Z3,$Z3,$T1
+	vmovdqu		0x20-0x20($Xip),$rndkey	# borrow $rndkey for $HK
+	 vmovups	$inout0,-0x60($out)	# save output
+	 vpshufb	$Ii,$inout0,$inout0	# but keep bswapped copy
+	vpxor		$Z3,$T1,$T1
+	 vmovups	$inout1,-0x50($out)
+	 vpshufb	$Ii,$inout1,$inout1
+	 vmovups	$inout2,-0x40($out)
+	 vpshufb	$Ii,$inout2,$inout2
+	 vmovups	$inout3,-0x30($out)
+	 vpshufb	$Ii,$inout3,$inout3
+	 vmovups	$inout4,-0x20($out)
+	 vpshufb	$Ii,$inout4,$inout4
+	 vmovups	$inout5,-0x10($out)
+	 vpshufb	$Ii,$inout5,$inout5
+	 vmovdqu	$inout0,0x10(%rsp)	# free $inout0
+___
+{ my ($HK,$T3)=($rndkey,$inout0);
+
+$code.=<<___;
+	 vmovdqu	0x30(%rsp),$Z2		# I[4]
+	 vmovdqu	0x10-0x20($Xip),$Ii	# borrow $Ii for $Hkey^2
+	 vpunpckhqdq	$Z2,$Z2,$T2
+	vpclmulqdq	\$0x00,$Hkey,$Z3,$Z1
+	 vpxor		$Z2,$T2,$T2
+	vpclmulqdq	\$0x11,$Hkey,$Z3,$Z3
+	vpclmulqdq	\$0x00,$HK,$T1,$T1
+
+	 vmovdqu	0x40(%rsp),$T3		# I[3]
+	vpclmulqdq	\$0x00,$Ii,$Z2,$Z0
+	 vmovdqu	0x30-0x20($Xip),$Hkey	# $Hkey^3
+	vpxor		$Z1,$Z0,$Z0
+	 vpunpckhqdq	$T3,$T3,$Z1
+	vpclmulqdq	\$0x11,$Ii,$Z2,$Z2
+	 vpxor		$T3,$Z1,$Z1
+	vpxor		$Z3,$Z2,$Z2
+	vpclmulqdq	\$0x10,$HK,$T2,$T2
+	 vmovdqu	0x50-0x20($Xip),$HK
+	vpxor		$T1,$T2,$T2
+
+	 vmovdqu	0x50(%rsp),$T1		# I[2]
+	vpclmulqdq	\$0x00,$Hkey,$T3,$Z3
+	 vmovdqu	0x40-0x20($Xip),$Ii	# borrow $Ii for $Hkey^4
+	vpxor		$Z0,$Z3,$Z3
+	 vpunpckhqdq	$T1,$T1,$Z0
+	vpclmulqdq	\$0x11,$Hkey,$T3,$T3
+	 vpxor		$T1,$Z0,$Z0
+	vpxor		$Z2,$T3,$T3
+	vpclmulqdq	\$0x00,$HK,$Z1,$Z1
+	vpxor		$T2,$Z1,$Z1
+
+	 vmovdqu	0x60(%rsp),$T2		# I[1]
+	vpclmulqdq	\$0x00,$Ii,$T1,$Z2
+	 vmovdqu	0x60-0x20($Xip),$Hkey	# $Hkey^5
+	vpxor		$Z3,$Z2,$Z2
+	 vpunpckhqdq	$T2,$T2,$Z3
+	vpclmulqdq	\$0x11,$Ii,$T1,$T1
+	 vpxor		$T2,$Z3,$Z3
+	vpxor		$T3,$T1,$T1
+	vpclmulqdq	\$0x10,$HK,$Z0,$Z0
+	 vmovdqu	0x80-0x20($Xip),$HK
+	vpxor		$Z1,$Z0,$Z0
+
+	 vpxor		0x70(%rsp),$Xi,$Xi	# accumulate I[0]
+	vpclmulqdq	\$0x00,$Hkey,$T2,$Z1
+	 vmovdqu	0x70-0x20($Xip),$Ii	# borrow $Ii for $Hkey^6
+	 vpunpckhqdq	$Xi,$Xi,$T3
+	vpxor		$Z2,$Z1,$Z1
+	vpclmulqdq	\$0x11,$Hkey,$T2,$T2
+	 vpxor		$Xi,$T3,$T3
+	vpxor		$T1,$T2,$T2
+	vpclmulqdq	\$0x00,$HK,$Z3,$Z3
+	vpxor		$Z0,$Z3,$Z0
+
+	vpclmulqdq	\$0x00,$Ii,$Xi,$Z2
+	 vmovdqu	0x00-0x20($Xip),$Hkey	# $Hkey^1
+	 vpunpckhqdq	$inout5,$inout5,$T1
+	vpclmulqdq	\$0x11,$Ii,$Xi,$Xi
+	 vpxor		$inout5,$T1,$T1
+	vpxor		$Z1,$Z2,$Z1
+	vpclmulqdq	\$0x10,$HK,$T3,$T3
+	 vmovdqu	0x20-0x20($Xip),$HK
+	vpxor		$T2,$Xi,$Z3
+	vpxor		$Z0,$T3,$Z2
+
+	 vmovdqu	0x10-0x20($Xip),$Ii	# borrow $Ii for $Hkey^2
+	  vpxor		$Z1,$Z3,$T3		# aggregated Karatsuba post-processing
+	vpclmulqdq	\$0x00,$Hkey,$inout5,$Z0
+	  vpxor		$T3,$Z2,$Z2
+	 vpunpckhqdq	$inout4,$inout4,$T2
+	vpclmulqdq	\$0x11,$Hkey,$inout5,$inout5
+	 vpxor		$inout4,$T2,$T2
+	  vpslldq	\$8,$Z2,$T3
+	vpclmulqdq	\$0x00,$HK,$T1,$T1
+	  vpxor		$T3,$Z1,$Xi
+	  vpsrldq	\$8,$Z2,$Z2
+	  vpxor		$Z2,$Z3,$Z3
+
+	vpclmulqdq	\$0x00,$Ii,$inout4,$Z1
+	 vmovdqu	0x30-0x20($Xip),$Hkey	# $Hkey^3
+	vpxor		$Z0,$Z1,$Z1
+	 vpunpckhqdq	$inout3,$inout3,$T3
+	vpclmulqdq	\$0x11,$Ii,$inout4,$inout4
+	 vpxor		$inout3,$T3,$T3
+	vpxor		$inout5,$inout4,$inout4
+	  vpalignr	\$8,$Xi,$Xi,$inout5	# 1st phase
+	vpclmulqdq	\$0x10,$HK,$T2,$T2
+	 vmovdqu	0x50-0x20($Xip),$HK
+	vpxor		$T1,$T2,$T2
+
+	vpclmulqdq	\$0x00,$Hkey,$inout3,$Z0
+	 vmovdqu	0x40-0x20($Xip),$Ii	# borrow $Ii for $Hkey^4
+	vpxor		$Z1,$Z0,$Z0
+	 vpunpckhqdq	$inout2,$inout2,$T1
+	vpclmulqdq	\$0x11,$Hkey,$inout3,$inout3
+	 vpxor		$inout2,$T1,$T1
+	vpxor		$inout4,$inout3,$inout3
+	  vxorps	0x10(%rsp),$Z3,$Z3	# accumulate $inout0
+	vpclmulqdq	\$0x00,$HK,$T3,$T3
+	vpxor		$T2,$T3,$T3
+
+	  vpclmulqdq	\$0x10,0x10($const),$Xi,$Xi
+	  vxorps	$inout5,$Xi,$Xi
+
+	vpclmulqdq	\$0x00,$Ii,$inout2,$Z1
+	 vmovdqu	0x60-0x20($Xip),$Hkey	# $Hkey^5
+	vpxor		$Z0,$Z1,$Z1
+	 vpunpckhqdq	$inout1,$inout1,$T2
+	vpclmulqdq	\$0x11,$Ii,$inout2,$inout2
+	 vpxor		$inout1,$T2,$T2
+	  vpalignr	\$8,$Xi,$Xi,$inout5	# 2nd phase
+	vpxor		$inout3,$inout2,$inout2
+	vpclmulqdq	\$0x10,$HK,$T1,$T1
+	 vmovdqu	0x80-0x20($Xip),$HK
+	vpxor		$T3,$T1,$T1
+
+	  vxorps	$Z3,$inout5,$inout5
+	  vpclmulqdq	\$0x10,0x10($const),$Xi,$Xi
+	  vxorps	$inout5,$Xi,$Xi
+
+	vpclmulqdq	\$0x00,$Hkey,$inout1,$Z0
+	 vmovdqu	0x70-0x20($Xip),$Ii	# borrow $Ii for $Hkey^6
+	vpxor		$Z1,$Z0,$Z0
+	 vpunpckhqdq	$Xi,$Xi,$T3
+	vpclmulqdq	\$0x11,$Hkey,$inout1,$inout1
+	 vpxor		$Xi,$T3,$T3
+	vpxor		$inout2,$inout1,$inout1
+	vpclmulqdq	\$0x00,$HK,$T2,$T2
+	vpxor		$T1,$T2,$T2
+
+	vpclmulqdq	\$0x00,$Ii,$Xi,$Z1
+	vpclmulqdq	\$0x11,$Ii,$Xi,$Z3
+	vpxor		$Z0,$Z1,$Z1
+	vpclmulqdq	\$0x10,$HK,$T3,$Z2
+	vpxor		$inout1,$Z3,$Z3
+	vpxor		$T2,$Z2,$Z2
+
+	vpxor		$Z1,$Z3,$Z0		# aggregated Karatsuba post-processing
+	vpxor		$Z0,$Z2,$Z2
+	vpslldq		\$8,$Z2,$T1
+	vmovdqu		0x10($const),$Hkey	# .Lpoly
+	vpsrldq		\$8,$Z2,$Z2
+	vpxor		$T1,$Z1,$Xi
+	vpxor		$Z2,$Z3,$Z3
+
+	vpalignr	\$8,$Xi,$Xi,$T2		# 1st phase
+	vpclmulqdq	\$0x10,$Hkey,$Xi,$Xi
+	vpxor		$T2,$Xi,$Xi
+
+	vpalignr	\$8,$Xi,$Xi,$T2		# 2nd phase
+	vpclmulqdq	\$0x10,$Hkey,$Xi,$Xi
+	vpxor		$Z3,$T2,$T2
+	vpxor		$T2,$Xi,$Xi
+___
+}
+$code.=<<___;
+	vpshufb		($const),$Xi,$Xi	# .Lbswap_mask
+	vmovdqu		$Xi,-0x40($Xip)		# output Xi
+
+	vzeroupper
+___
+$code.=<<___ if ($win64);
+	movaps	-0xd8(%rax),%xmm6
+	movaps	-0xc8(%rax),%xmm7
+	movaps	-0xb8(%rax),%xmm8
+	movaps	-0xa8(%rax),%xmm9
+	movaps	-0x98(%rax),%xmm10
+	movaps	-0x88(%rax),%xmm11
+	movaps	-0x78(%rax),%xmm12
+	movaps	-0x68(%rax),%xmm13
+	movaps	-0x58(%rax),%xmm14
+	movaps	-0x48(%rax),%xmm15
+___
+$code.=<<___;
+	mov	-48(%rax),%r15
+.cfi_restore	%r15
+	mov	-40(%rax),%r14
+.cfi_restore	%r14
+	mov	-32(%rax),%r13
+.cfi_restore	%r13
+	mov	-24(%rax),%r12
+.cfi_restore	%r12
+	mov	-16(%rax),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rax),%rbx
+.cfi_restore	%rbx
+	lea	(%rax),%rsp		# restore %rsp
+.cfi_def_cfa_register	%rsp
+.Lgcm_enc_abort:
+	mov	$ret,%rax		# return value
+	ret
+.cfi_endproc
+.size	aesni_gcm_encrypt,.-aesni_gcm_encrypt
+___
+
+$code.=<<___;
+.align	64
+.Lbswap_mask:
+	.byte	15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0
+.Lpoly:
+	.byte	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0xc2
+.Lone_msb:
+	.byte	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1
+.Ltwo_lsb:
+	.byte	2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
+.Lone_lsb:
+	.byte	1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
+.asciz	"AES-NI GCM module for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+.align	64
+___
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___
+.extern	__imp_RtlVirtualUnwind
+.type	gcm_se_handler,\@abi-omnipotent
+.align	16
+gcm_se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# prologue label
+	cmp	%r10,%rbx		# context->Rip<prologue label
+	jb	.Lcommon_seh_tail
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lcommon_seh_tail
+
+	mov	120($context),%rax	# pull context->Rax
+
+	mov	-48(%rax),%r15
+	mov	-40(%rax),%r14
+	mov	-32(%rax),%r13
+	mov	-24(%rax),%r12
+	mov	-16(%rax),%rbp
+	mov	-8(%rax),%rbx
+	mov	%r15,240($context)
+	mov	%r14,232($context)
+	mov	%r13,224($context)
+	mov	%r12,216($context)
+	mov	%rbp,160($context)
+	mov	%rbx,144($context)
+
+	lea	-0xd8(%rax),%rsi	# %xmm save area
+	lea	512($context),%rdi	# & context.Xmm6
+	mov	\$20,%ecx		# 10*sizeof(%xmm0)/sizeof(%rax)
+	.long	0xa548f3fc		# cld; rep movsq
+
+.Lcommon_seh_tail:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$154,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	gcm_se_handler,.-gcm_se_handler
+
+.section	.pdata
+.align	4
+	.rva	.LSEH_begin_aesni_gcm_decrypt
+	.rva	.LSEH_end_aesni_gcm_decrypt
+	.rva	.LSEH_gcm_dec_info
+
+	.rva	.LSEH_begin_aesni_gcm_encrypt
+	.rva	.LSEH_end_aesni_gcm_encrypt
+	.rva	.LSEH_gcm_enc_info
+.section	.xdata
+.align	8
+.LSEH_gcm_dec_info:
+	.byte	9,0,0,0
+	.rva	gcm_se_handler
+	.rva	.Lgcm_dec_body,.Lgcm_dec_abort
+.LSEH_gcm_enc_info:
+	.byte	9,0,0,0
+	.rva	gcm_se_handler
+	.rva	.Lgcm_enc_body,.Lgcm_enc_abort
+___
+}
+}}} else {{{
+$code=<<___;	# assembler is too old
+.text
+
+.globl	aesni_gcm_encrypt
+.type	aesni_gcm_encrypt,\@abi-omnipotent
+aesni_gcm_encrypt:
+	xor	%eax,%eax
+	ret
+.size	aesni_gcm_encrypt,.-aesni_gcm_encrypt
+
+.globl	aesni_gcm_decrypt
+.type	aesni_gcm_decrypt,\@abi-omnipotent
+aesni_gcm_decrypt:
+	xor	%eax,%eax
+	ret
+.size	aesni_gcm_decrypt,.-aesni_gcm_decrypt
+___
+}}}
+
+$code =~ s/\`([^\`]*)\`/eval($1)/gem;
+
+print $code;
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-alpha.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-alpha.pl
new file mode 100644
index 000000000..ccf6b2bd6
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-alpha.pl
@@ -0,0 +1,467 @@
+#! /usr/bin/env perl
+# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# March 2010
+#
+# The module implements "4-bit" GCM GHASH function and underlying
+# single multiplication operation in GF(2^128). "4-bit" means that it
+# uses 256 bytes per-key table [+128 bytes shared table]. Even though
+# loops are aggressively modulo-scheduled in respect to references to
+# Htbl and Z.hi updates for 8 cycles per byte, measured performance is
+# ~12 cycles per processed byte on 21264 CPU. It seems to be a dynamic
+# scheduling "glitch," because uprofile(1) indicates uniform sample
+# distribution, as if all instruction bundles execute in 1.5 cycles.
+# Meaning that it could have been even faster, yet 12 cycles is ~60%
+# better than gcc-generated code and ~80% than code generated by vendor
+# compiler.
+
+$cnt="v0";	# $0
+$t0="t0";
+$t1="t1";
+$t2="t2";
+$Thi0="t3";	# $4
+$Tlo0="t4";
+$Thi1="t5";
+$Tlo1="t6";
+$rem="t7";	# $8
+#################
+$Xi="a0";	# $16, input argument block
+$Htbl="a1";
+$inp="a2";
+$len="a3";
+$nlo="a4";	# $20
+$nhi="a5";
+$Zhi="t8";
+$Zlo="t9";
+$Xhi="t10";	# $24
+$Xlo="t11";
+$remp="t12";
+$rem_4bit="AT";	# $28
+
+{ my $N;
+  sub loop() {
+
+	$N++;
+$code.=<<___;
+.align	4
+	extbl	$Xlo,7,$nlo
+	and	$nlo,0xf0,$nhi
+	sll	$nlo,4,$nlo
+	and	$nlo,0xf0,$nlo
+
+	addq	$nlo,$Htbl,$nlo
+	ldq	$Zlo,8($nlo)
+	addq	$nhi,$Htbl,$nhi
+	ldq	$Zhi,0($nlo)
+
+	and	$Zlo,0x0f,$remp
+	sll	$Zhi,60,$t0
+	lda	$cnt,6(zero)
+	extbl	$Xlo,6,$nlo
+
+	ldq	$Tlo1,8($nhi)
+	s8addq	$remp,$rem_4bit,$remp
+	ldq	$Thi1,0($nhi)
+	srl	$Zlo,4,$Zlo
+
+	ldq	$rem,0($remp)
+	srl	$Zhi,4,$Zhi
+	xor	$t0,$Zlo,$Zlo
+	and	$nlo,0xf0,$nhi
+
+	xor	$Tlo1,$Zlo,$Zlo
+	sll	$nlo,4,$nlo
+	xor	$Thi1,$Zhi,$Zhi
+	and	$nlo,0xf0,$nlo
+
+	addq	$nlo,$Htbl,$nlo
+	ldq	$Tlo0,8($nlo)
+	addq	$nhi,$Htbl,$nhi
+	ldq	$Thi0,0($nlo)
+
+.Looplo$N:
+	and	$Zlo,0x0f,$remp
+	sll	$Zhi,60,$t0
+	subq	$cnt,1,$cnt
+	srl	$Zlo,4,$Zlo
+
+	ldq	$Tlo1,8($nhi)
+	xor	$rem,$Zhi,$Zhi
+	ldq	$Thi1,0($nhi)
+	s8addq	$remp,$rem_4bit,$remp
+
+	ldq	$rem,0($remp)
+	srl	$Zhi,4,$Zhi
+	xor	$t0,$Zlo,$Zlo
+	extbl	$Xlo,$cnt,$nlo
+
+	and	$nlo,0xf0,$nhi
+	xor	$Thi0,$Zhi,$Zhi
+	xor	$Tlo0,$Zlo,$Zlo
+	sll	$nlo,4,$nlo
+
+
+	and	$Zlo,0x0f,$remp
+	sll	$Zhi,60,$t0
+	and	$nlo,0xf0,$nlo
+	srl	$Zlo,4,$Zlo
+
+	s8addq	$remp,$rem_4bit,$remp
+	xor	$rem,$Zhi,$Zhi
+	addq	$nlo,$Htbl,$nlo
+	addq	$nhi,$Htbl,$nhi
+
+	ldq	$rem,0($remp)
+	srl	$Zhi,4,$Zhi
+	ldq	$Tlo0,8($nlo)
+	xor	$t0,$Zlo,$Zlo
+
+	xor	$Tlo1,$Zlo,$Zlo
+	xor	$Thi1,$Zhi,$Zhi
+	ldq	$Thi0,0($nlo)
+	bne	$cnt,.Looplo$N
+
+
+	and	$Zlo,0x0f,$remp
+	sll	$Zhi,60,$t0
+	lda	$cnt,7(zero)
+	srl	$Zlo,4,$Zlo
+
+	ldq	$Tlo1,8($nhi)
+	xor	$rem,$Zhi,$Zhi
+	ldq	$Thi1,0($nhi)
+	s8addq	$remp,$rem_4bit,$remp
+
+	ldq	$rem,0($remp)
+	srl	$Zhi,4,$Zhi
+	xor	$t0,$Zlo,$Zlo
+	extbl	$Xhi,$cnt,$nlo
+
+	and	$nlo,0xf0,$nhi
+	xor	$Thi0,$Zhi,$Zhi
+	xor	$Tlo0,$Zlo,$Zlo
+	sll	$nlo,4,$nlo
+
+	and	$Zlo,0x0f,$remp
+	sll	$Zhi,60,$t0
+	and	$nlo,0xf0,$nlo
+	srl	$Zlo,4,$Zlo
+
+	s8addq	$remp,$rem_4bit,$remp
+	xor	$rem,$Zhi,$Zhi
+	addq	$nlo,$Htbl,$nlo
+	addq	$nhi,$Htbl,$nhi
+
+	ldq	$rem,0($remp)
+	srl	$Zhi,4,$Zhi
+	ldq	$Tlo0,8($nlo)
+	xor	$t0,$Zlo,$Zlo
+
+	xor	$Tlo1,$Zlo,$Zlo
+	xor	$Thi1,$Zhi,$Zhi
+	ldq	$Thi0,0($nlo)
+	unop
+
+
+.Loophi$N:
+	and	$Zlo,0x0f,$remp
+	sll	$Zhi,60,$t0
+	subq	$cnt,1,$cnt
+	srl	$Zlo,4,$Zlo
+
+	ldq	$Tlo1,8($nhi)
+	xor	$rem,$Zhi,$Zhi
+	ldq	$Thi1,0($nhi)
+	s8addq	$remp,$rem_4bit,$remp
+
+	ldq	$rem,0($remp)
+	srl	$Zhi,4,$Zhi
+	xor	$t0,$Zlo,$Zlo
+	extbl	$Xhi,$cnt,$nlo
+
+	and	$nlo,0xf0,$nhi
+	xor	$Thi0,$Zhi,$Zhi
+	xor	$Tlo0,$Zlo,$Zlo
+	sll	$nlo,4,$nlo
+
+
+	and	$Zlo,0x0f,$remp
+	sll	$Zhi,60,$t0
+	and	$nlo,0xf0,$nlo
+	srl	$Zlo,4,$Zlo
+
+	s8addq	$remp,$rem_4bit,$remp
+	xor	$rem,$Zhi,$Zhi
+	addq	$nlo,$Htbl,$nlo
+	addq	$nhi,$Htbl,$nhi
+
+	ldq	$rem,0($remp)
+	srl	$Zhi,4,$Zhi
+	ldq	$Tlo0,8($nlo)
+	xor	$t0,$Zlo,$Zlo
+
+	xor	$Tlo1,$Zlo,$Zlo
+	xor	$Thi1,$Zhi,$Zhi
+	ldq	$Thi0,0($nlo)
+	bne	$cnt,.Loophi$N
+
+
+	and	$Zlo,0x0f,$remp
+	sll	$Zhi,60,$t0
+	srl	$Zlo,4,$Zlo
+
+	ldq	$Tlo1,8($nhi)
+	xor	$rem,$Zhi,$Zhi
+	ldq	$Thi1,0($nhi)
+	s8addq	$remp,$rem_4bit,$remp
+
+	ldq	$rem,0($remp)
+	srl	$Zhi,4,$Zhi
+	xor	$t0,$Zlo,$Zlo
+
+	xor	$Tlo0,$Zlo,$Zlo
+	xor	$Thi0,$Zhi,$Zhi
+
+	and	$Zlo,0x0f,$remp
+	sll	$Zhi,60,$t0
+	srl	$Zlo,4,$Zlo
+
+	s8addq	$remp,$rem_4bit,$remp
+	xor	$rem,$Zhi,$Zhi
+
+	ldq	$rem,0($remp)
+	srl	$Zhi,4,$Zhi
+	xor	$Tlo1,$Zlo,$Zlo
+	xor	$Thi1,$Zhi,$Zhi
+	xor	$t0,$Zlo,$Zlo
+	xor	$rem,$Zhi,$Zhi
+___
+}}
+
+$code=<<___;
+#ifdef __linux__
+#include <asm/regdef.h>
+#else
+#include <asm.h>
+#include <regdef.h>
+#endif
+
+.text
+
+.set	noat
+.set	noreorder
+.globl	gcm_gmult_4bit
+.align	4
+.ent	gcm_gmult_4bit
+gcm_gmult_4bit:
+	.frame	sp,0,ra
+	.prologue 0
+
+	ldq	$Xlo,8($Xi)
+	ldq	$Xhi,0($Xi)
+
+	bsr	$t0,picmeup
+	nop
+___
+
+	&loop();
+
+$code.=<<___;
+	srl	$Zlo,24,$t0	# byte swap
+	srl	$Zlo,8,$t1
+
+	sll	$Zlo,8,$t2
+	sll	$Zlo,24,$Zlo
+	zapnot	$t0,0x11,$t0
+	zapnot	$t1,0x22,$t1
+
+	zapnot	$Zlo,0x88,$Zlo
+	or	$t0,$t1,$t0
+	zapnot	$t2,0x44,$t2
+
+	or	$Zlo,$t0,$Zlo
+	srl	$Zhi,24,$t0
+	srl	$Zhi,8,$t1
+
+	or	$Zlo,$t2,$Zlo
+	sll	$Zhi,8,$t2
+	sll	$Zhi,24,$Zhi
+
+	srl	$Zlo,32,$Xlo
+	sll	$Zlo,32,$Zlo
+
+	zapnot	$t0,0x11,$t0
+	zapnot	$t1,0x22,$t1
+	or	$Zlo,$Xlo,$Xlo
+
+	zapnot	$Zhi,0x88,$Zhi
+	or	$t0,$t1,$t0
+	zapnot	$t2,0x44,$t2
+
+	or	$Zhi,$t0,$Zhi
+	or	$Zhi,$t2,$Zhi
+
+	srl	$Zhi,32,$Xhi
+	sll	$Zhi,32,$Zhi
+
+	or	$Zhi,$Xhi,$Xhi
+	stq	$Xlo,8($Xi)
+	stq	$Xhi,0($Xi)
+
+	ret	(ra)
+.end	gcm_gmult_4bit
+___
+
+$inhi="s0";
+$inlo="s1";
+
+$code.=<<___;
+.globl	gcm_ghash_4bit
+.align	4
+.ent	gcm_ghash_4bit
+gcm_ghash_4bit:
+	lda	sp,-32(sp)
+	stq	ra,0(sp)
+	stq	s0,8(sp)
+	stq	s1,16(sp)
+	.mask	0x04000600,-32
+	.frame	sp,32,ra
+	.prologue 0
+
+	ldq_u	$inhi,0($inp)
+	ldq_u	$Thi0,7($inp)
+	ldq_u	$inlo,8($inp)
+	ldq_u	$Tlo0,15($inp)
+	ldq	$Xhi,0($Xi)
+	ldq	$Xlo,8($Xi)
+
+	bsr	$t0,picmeup
+	nop
+
+.Louter:
+	extql	$inhi,$inp,$inhi
+	extqh	$Thi0,$inp,$Thi0
+	or	$inhi,$Thi0,$inhi
+	lda	$inp,16($inp)
+
+	extql	$inlo,$inp,$inlo
+	extqh	$Tlo0,$inp,$Tlo0
+	or	$inlo,$Tlo0,$inlo
+	subq	$len,16,$len
+
+	xor	$Xlo,$inlo,$Xlo
+	xor	$Xhi,$inhi,$Xhi
+___
+
+	&loop();
+
+$code.=<<___;
+	srl	$Zlo,24,$t0	# byte swap
+	srl	$Zlo,8,$t1
+
+	sll	$Zlo,8,$t2
+	sll	$Zlo,24,$Zlo
+	zapnot	$t0,0x11,$t0
+	zapnot	$t1,0x22,$t1
+
+	zapnot	$Zlo,0x88,$Zlo
+	or	$t0,$t1,$t0
+	zapnot	$t2,0x44,$t2
+
+	or	$Zlo,$t0,$Zlo
+	srl	$Zhi,24,$t0
+	srl	$Zhi,8,$t1
+
+	or	$Zlo,$t2,$Zlo
+	sll	$Zhi,8,$t2
+	sll	$Zhi,24,$Zhi
+
+	srl	$Zlo,32,$Xlo
+	sll	$Zlo,32,$Zlo
+	beq	$len,.Ldone
+
+	zapnot	$t0,0x11,$t0
+	zapnot	$t1,0x22,$t1
+	or	$Zlo,$Xlo,$Xlo
+	ldq_u	$inhi,0($inp)
+
+	zapnot	$Zhi,0x88,$Zhi
+	or	$t0,$t1,$t0
+	zapnot	$t2,0x44,$t2
+	ldq_u	$Thi0,7($inp)
+
+	or	$Zhi,$t0,$Zhi
+	or	$Zhi,$t2,$Zhi
+	ldq_u	$inlo,8($inp)
+	ldq_u	$Tlo0,15($inp)
+
+	srl	$Zhi,32,$Xhi
+	sll	$Zhi,32,$Zhi
+
+	or	$Zhi,$Xhi,$Xhi
+	br	zero,.Louter
+
+.Ldone:
+	zapnot	$t0,0x11,$t0
+	zapnot	$t1,0x22,$t1
+	or	$Zlo,$Xlo,$Xlo
+
+	zapnot	$Zhi,0x88,$Zhi
+	or	$t0,$t1,$t0
+	zapnot	$t2,0x44,$t2
+
+	or	$Zhi,$t0,$Zhi
+	or	$Zhi,$t2,$Zhi
+
+	srl	$Zhi,32,$Xhi
+	sll	$Zhi,32,$Zhi
+
+	or	$Zhi,$Xhi,$Xhi
+
+	stq	$Xlo,8($Xi)
+	stq	$Xhi,0($Xi)
+
+	.set	noreorder
+	/*ldq	ra,0(sp)*/
+	ldq	s0,8(sp)
+	ldq	s1,16(sp)
+	lda	sp,32(sp)
+	ret	(ra)
+.end	gcm_ghash_4bit
+
+.align	4
+.ent	picmeup
+picmeup:
+	.frame	sp,0,$t0
+	.prologue 0
+	br	$rem_4bit,.Lpic
+.Lpic:	lda	$rem_4bit,12($rem_4bit)
+	ret	($t0)
+.end	picmeup
+	nop
+rem_4bit:
+	.long	0,0x0000<<16, 0,0x1C20<<16, 0,0x3840<<16, 0,0x2460<<16
+	.long	0,0x7080<<16, 0,0x6CA0<<16, 0,0x48C0<<16, 0,0x54E0<<16
+	.long	0,0xE100<<16, 0,0xFD20<<16, 0,0xD940<<16, 0,0xC560<<16
+	.long	0,0x9180<<16, 0,0x8DA0<<16, 0,0xA9C0<<16, 0,0xB5E0<<16
+.ascii	"GHASH for Alpha, CRYPTOGAMS by <appro\@openssl.org>"
+.align	4
+
+___
+$output=pop and open STDOUT,">$output";
+print $code;
+close STDOUT;
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-armv4.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-armv4.pl
new file mode 100644
index 000000000..dcc23f7d7
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-armv4.pl
@@ -0,0 +1,551 @@
+#! /usr/bin/env perl
+# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# April 2010
+#
+# The module implements "4-bit" GCM GHASH function and underlying
+# single multiplication operation in GF(2^128). "4-bit" means that it
+# uses 256 bytes per-key table [+32 bytes shared table]. There is no
+# experimental performance data available yet. The only approximation
+# that can be made at this point is based on code size. Inner loop is
+# 32 instructions long and on single-issue core should execute in <40
+# cycles. Having verified that gcc 3.4 didn't unroll corresponding
+# loop, this assembler loop body was found to be ~3x smaller than
+# compiler-generated one...
+#
+# July 2010
+#
+# Rescheduling for dual-issue pipeline resulted in 8.5% improvement on
+# Cortex A8 core and ~25 cycles per processed byte (which was observed
+# to be ~3 times faster than gcc-generated code:-)
+#
+# February 2011
+#
+# Profiler-assisted and platform-specific optimization resulted in 7%
+# improvement on Cortex A8 core and ~23.5 cycles per byte.
+#
+# March 2011
+#
+# Add NEON implementation featuring polynomial multiplication, i.e. no
+# lookup tables involved. On Cortex A8 it was measured to process one
+# byte in 15 cycles or 55% faster than integer-only code.
+#
+# April 2014
+#
+# Switch to multiplication algorithm suggested in paper referred
+# below and combine it with reduction algorithm from x86 module.
+# Performance improvement over previous version varies from 65% on
+# Snapdragon S4 to 110% on Cortex A9. In absolute terms Cortex A8
+# processes one byte in 8.45 cycles, A9 - in 10.2, A15 - in 7.63,
+# Snapdragon S4 - in 9.33.
+#
+# Câmara, D.; Gouvêa, C. P. L.; López, J. & Dahab, R.: Fast Software
+# Polynomial Multiplication on ARM Processors using the NEON Engine.
+#
+# http://conradoplg.cryptoland.net/files/2010/12/mocrysen13.pdf
+
+# ====================================================================
+# Note about "528B" variant. In ARM case it makes lesser sense to
+# implement it for following reasons:
+#
+# - performance improvement won't be anywhere near 50%, because 128-
+#   bit shift operation is neatly fused with 128-bit xor here, and
+#   "538B" variant would eliminate only 4-5 instructions out of 32
+#   in the inner loop (meaning that estimated improvement is ~15%);
+# - ARM-based systems are often embedded ones and extra memory
+#   consumption might be unappreciated (for so little improvement);
+#
+# Byte order [in]dependence. =========================================
+#
+# Caller is expected to maintain specific *dword* order in Htable,
+# namely with *least* significant dword of 128-bit value at *lower*
+# address. This differs completely from C code and has everything to
+# do with ldm instruction and order in which dwords are "consumed" by
+# algorithm. *Byte* order within these dwords in turn is whatever
+# *native* byte order on current platform. See gcm128.c for working
+# example...
+
+$flavour = shift;
+if ($flavour=~/\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; }
+else { while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} }
+
+if ($flavour && $flavour ne "void") {
+    $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+    ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
+    ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
+    die "can't locate arm-xlate.pl";
+
+    open STDOUT,"| \"$^X\" $xlate $flavour $output";
+} else {
+    open STDOUT,">$output";
+}
+
+$Xi="r0";	# argument block
+$Htbl="r1";
+$inp="r2";
+$len="r3";
+
+$Zll="r4";	# variables
+$Zlh="r5";
+$Zhl="r6";
+$Zhh="r7";
+$Tll="r8";
+$Tlh="r9";
+$Thl="r10";
+$Thh="r11";
+$nlo="r12";
+################# r13 is stack pointer
+$nhi="r14";
+################# r15 is program counter
+
+$rem_4bit=$inp;	# used in gcm_gmult_4bit
+$cnt=$len;
+
+sub Zsmash() {
+  my $i=12;
+  my @args=@_;
+  for ($Zll,$Zlh,$Zhl,$Zhh) {
+    $code.=<<___;
+#if __ARM_ARCH__>=7 && defined(__ARMEL__)
+	rev	$_,$_
+	str	$_,[$Xi,#$i]
+#elif defined(__ARMEB__)
+	str	$_,[$Xi,#$i]
+#else
+	mov	$Tlh,$_,lsr#8
+	strb	$_,[$Xi,#$i+3]
+	mov	$Thl,$_,lsr#16
+	strb	$Tlh,[$Xi,#$i+2]
+	mov	$Thh,$_,lsr#24
+	strb	$Thl,[$Xi,#$i+1]
+	strb	$Thh,[$Xi,#$i]
+#endif
+___
+    $code.="\t".shift(@args)."\n";
+    $i-=4;
+  }
+}
+
+$code=<<___;
+#include "arm_arch.h"
+
+.text
+#if defined(__thumb2__) || defined(__clang__)
+.syntax	unified
+#define ldrplb  ldrbpl
+#define ldrneb  ldrbne
+#endif
+#if defined(__thumb2__)
+.thumb
+#else
+.code	32
+#endif
+
+.type	rem_4bit,%object
+.align	5
+rem_4bit:
+.short	0x0000,0x1C20,0x3840,0x2460
+.short	0x7080,0x6CA0,0x48C0,0x54E0
+.short	0xE100,0xFD20,0xD940,0xC560
+.short	0x9180,0x8DA0,0xA9C0,0xB5E0
+.size	rem_4bit,.-rem_4bit
+
+.type	rem_4bit_get,%function
+rem_4bit_get:
+#if defined(__thumb2__)
+	adr	$rem_4bit,rem_4bit
+#else
+	sub	$rem_4bit,pc,#8+32	@ &rem_4bit
+#endif
+	b	.Lrem_4bit_got
+	nop
+	nop
+.size	rem_4bit_get,.-rem_4bit_get
+
+.global	gcm_ghash_4bit
+.type	gcm_ghash_4bit,%function
+.align	4
+gcm_ghash_4bit:
+#if defined(__thumb2__)
+	adr	r12,rem_4bit
+#else
+	sub	r12,pc,#8+48		@ &rem_4bit
+#endif
+	add	$len,$inp,$len		@ $len to point at the end
+	stmdb	sp!,{r3-r11,lr}		@ save $len/end too
+
+	ldmia	r12,{r4-r11}		@ copy rem_4bit ...
+	stmdb	sp!,{r4-r11}		@ ... to stack
+
+	ldrb	$nlo,[$inp,#15]
+	ldrb	$nhi,[$Xi,#15]
+.Louter:
+	eor	$nlo,$nlo,$nhi
+	and	$nhi,$nlo,#0xf0
+	and	$nlo,$nlo,#0x0f
+	mov	$cnt,#14
+
+	add	$Zhh,$Htbl,$nlo,lsl#4
+	ldmia	$Zhh,{$Zll-$Zhh}	@ load Htbl[nlo]
+	add	$Thh,$Htbl,$nhi
+	ldrb	$nlo,[$inp,#14]
+
+	and	$nhi,$Zll,#0xf		@ rem
+	ldmia	$Thh,{$Tll-$Thh}	@ load Htbl[nhi]
+	add	$nhi,$nhi,$nhi
+	eor	$Zll,$Tll,$Zll,lsr#4
+	ldrh	$Tll,[sp,$nhi]		@ rem_4bit[rem]
+	eor	$Zll,$Zll,$Zlh,lsl#28
+	ldrb	$nhi,[$Xi,#14]
+	eor	$Zlh,$Tlh,$Zlh,lsr#4
+	eor	$Zlh,$Zlh,$Zhl,lsl#28
+	eor	$Zhl,$Thl,$Zhl,lsr#4
+	eor	$Zhl,$Zhl,$Zhh,lsl#28
+	eor	$Zhh,$Thh,$Zhh,lsr#4
+	eor	$nlo,$nlo,$nhi
+	and	$nhi,$nlo,#0xf0
+	and	$nlo,$nlo,#0x0f
+	eor	$Zhh,$Zhh,$Tll,lsl#16
+
+.Linner:
+	add	$Thh,$Htbl,$nlo,lsl#4
+	and	$nlo,$Zll,#0xf		@ rem
+	subs	$cnt,$cnt,#1
+	add	$nlo,$nlo,$nlo
+	ldmia	$Thh,{$Tll-$Thh}	@ load Htbl[nlo]
+	eor	$Zll,$Tll,$Zll,lsr#4
+	eor	$Zll,$Zll,$Zlh,lsl#28
+	eor	$Zlh,$Tlh,$Zlh,lsr#4
+	eor	$Zlh,$Zlh,$Zhl,lsl#28
+	ldrh	$Tll,[sp,$nlo]		@ rem_4bit[rem]
+	eor	$Zhl,$Thl,$Zhl,lsr#4
+#ifdef	__thumb2__
+	it	pl
+#endif
+	ldrplb	$nlo,[$inp,$cnt]
+	eor	$Zhl,$Zhl,$Zhh,lsl#28
+	eor	$Zhh,$Thh,$Zhh,lsr#4
+
+	add	$Thh,$Htbl,$nhi
+	and	$nhi,$Zll,#0xf		@ rem
+	eor	$Zhh,$Zhh,$Tll,lsl#16	@ ^= rem_4bit[rem]
+	add	$nhi,$nhi,$nhi
+	ldmia	$Thh,{$Tll-$Thh}	@ load Htbl[nhi]
+	eor	$Zll,$Tll,$Zll,lsr#4
+#ifdef	__thumb2__
+	it	pl
+#endif
+	ldrplb	$Tll,[$Xi,$cnt]
+	eor	$Zll,$Zll,$Zlh,lsl#28
+	eor	$Zlh,$Tlh,$Zlh,lsr#4
+	ldrh	$Tlh,[sp,$nhi]
+	eor	$Zlh,$Zlh,$Zhl,lsl#28
+	eor	$Zhl,$Thl,$Zhl,lsr#4
+	eor	$Zhl,$Zhl,$Zhh,lsl#28
+#ifdef	__thumb2__
+	it	pl
+#endif
+	eorpl	$nlo,$nlo,$Tll
+	eor	$Zhh,$Thh,$Zhh,lsr#4
+#ifdef	__thumb2__
+	itt	pl
+#endif
+	andpl	$nhi,$nlo,#0xf0
+	andpl	$nlo,$nlo,#0x0f
+	eor	$Zhh,$Zhh,$Tlh,lsl#16	@ ^= rem_4bit[rem]
+	bpl	.Linner
+
+	ldr	$len,[sp,#32]		@ re-load $len/end
+	add	$inp,$inp,#16
+	mov	$nhi,$Zll
+___
+	&Zsmash("cmp\t$inp,$len","\n".
+				 "#ifdef __thumb2__\n".
+				 "	it	ne\n".
+				 "#endif\n".
+				 "	ldrneb	$nlo,[$inp,#15]");
+$code.=<<___;
+	bne	.Louter
+
+	add	sp,sp,#36
+#if __ARM_ARCH__>=5
+	ldmia	sp!,{r4-r11,pc}
+#else
+	ldmia	sp!,{r4-r11,lr}
+	tst	lr,#1
+	moveq	pc,lr			@ be binary compatible with V4, yet
+	bx	lr			@ interoperable with Thumb ISA:-)
+#endif
+.size	gcm_ghash_4bit,.-gcm_ghash_4bit
+
+.global	gcm_gmult_4bit
+.type	gcm_gmult_4bit,%function
+gcm_gmult_4bit:
+	stmdb	sp!,{r4-r11,lr}
+	ldrb	$nlo,[$Xi,#15]
+	b	rem_4bit_get
+.Lrem_4bit_got:
+	and	$nhi,$nlo,#0xf0
+	and	$nlo,$nlo,#0x0f
+	mov	$cnt,#14
+
+	add	$Zhh,$Htbl,$nlo,lsl#4
+	ldmia	$Zhh,{$Zll-$Zhh}	@ load Htbl[nlo]
+	ldrb	$nlo,[$Xi,#14]
+
+	add	$Thh,$Htbl,$nhi
+	and	$nhi,$Zll,#0xf		@ rem
+	ldmia	$Thh,{$Tll-$Thh}	@ load Htbl[nhi]
+	add	$nhi,$nhi,$nhi
+	eor	$Zll,$Tll,$Zll,lsr#4
+	ldrh	$Tll,[$rem_4bit,$nhi]	@ rem_4bit[rem]
+	eor	$Zll,$Zll,$Zlh,lsl#28
+	eor	$Zlh,$Tlh,$Zlh,lsr#4
+	eor	$Zlh,$Zlh,$Zhl,lsl#28
+	eor	$Zhl,$Thl,$Zhl,lsr#4
+	eor	$Zhl,$Zhl,$Zhh,lsl#28
+	eor	$Zhh,$Thh,$Zhh,lsr#4
+	and	$nhi,$nlo,#0xf0
+	eor	$Zhh,$Zhh,$Tll,lsl#16
+	and	$nlo,$nlo,#0x0f
+
+.Loop:
+	add	$Thh,$Htbl,$nlo,lsl#4
+	and	$nlo,$Zll,#0xf		@ rem
+	subs	$cnt,$cnt,#1
+	add	$nlo,$nlo,$nlo
+	ldmia	$Thh,{$Tll-$Thh}	@ load Htbl[nlo]
+	eor	$Zll,$Tll,$Zll,lsr#4
+	eor	$Zll,$Zll,$Zlh,lsl#28
+	eor	$Zlh,$Tlh,$Zlh,lsr#4
+	eor	$Zlh,$Zlh,$Zhl,lsl#28
+	ldrh	$Tll,[$rem_4bit,$nlo]	@ rem_4bit[rem]
+	eor	$Zhl,$Thl,$Zhl,lsr#4
+#ifdef	__thumb2__
+	it	pl
+#endif
+	ldrplb	$nlo,[$Xi,$cnt]
+	eor	$Zhl,$Zhl,$Zhh,lsl#28
+	eor	$Zhh,$Thh,$Zhh,lsr#4
+
+	add	$Thh,$Htbl,$nhi
+	and	$nhi,$Zll,#0xf		@ rem
+	eor	$Zhh,$Zhh,$Tll,lsl#16	@ ^= rem_4bit[rem]
+	add	$nhi,$nhi,$nhi
+	ldmia	$Thh,{$Tll-$Thh}	@ load Htbl[nhi]
+	eor	$Zll,$Tll,$Zll,lsr#4
+	eor	$Zll,$Zll,$Zlh,lsl#28
+	eor	$Zlh,$Tlh,$Zlh,lsr#4
+	ldrh	$Tll,[$rem_4bit,$nhi]	@ rem_4bit[rem]
+	eor	$Zlh,$Zlh,$Zhl,lsl#28
+	eor	$Zhl,$Thl,$Zhl,lsr#4
+	eor	$Zhl,$Zhl,$Zhh,lsl#28
+	eor	$Zhh,$Thh,$Zhh,lsr#4
+#ifdef	__thumb2__
+	itt	pl
+#endif
+	andpl	$nhi,$nlo,#0xf0
+	andpl	$nlo,$nlo,#0x0f
+	eor	$Zhh,$Zhh,$Tll,lsl#16	@ ^= rem_4bit[rem]
+	bpl	.Loop
+___
+	&Zsmash();
+$code.=<<___;
+#if __ARM_ARCH__>=5
+	ldmia	sp!,{r4-r11,pc}
+#else
+	ldmia	sp!,{r4-r11,lr}
+	tst	lr,#1
+	moveq	pc,lr			@ be binary compatible with V4, yet
+	bx	lr			@ interoperable with Thumb ISA:-)
+#endif
+.size	gcm_gmult_4bit,.-gcm_gmult_4bit
+___
+{
+my ($Xl,$Xm,$Xh,$IN)=map("q$_",(0..3));
+my ($t0,$t1,$t2,$t3)=map("q$_",(8..12));
+my ($Hlo,$Hhi,$Hhl,$k48,$k32,$k16)=map("d$_",(26..31));
+
+sub clmul64x64 {
+my ($r,$a,$b)=@_;
+$code.=<<___;
+	vext.8		$t0#lo, $a, $a, #1	@ A1
+	vmull.p8	$t0, $t0#lo, $b		@ F = A1*B
+	vext.8		$r#lo, $b, $b, #1	@ B1
+	vmull.p8	$r, $a, $r#lo		@ E = A*B1
+	vext.8		$t1#lo, $a, $a, #2	@ A2
+	vmull.p8	$t1, $t1#lo, $b		@ H = A2*B
+	vext.8		$t3#lo, $b, $b, #2	@ B2
+	vmull.p8	$t3, $a, $t3#lo		@ G = A*B2
+	vext.8		$t2#lo, $a, $a, #3	@ A3
+	veor		$t0, $t0, $r		@ L = E + F
+	vmull.p8	$t2, $t2#lo, $b		@ J = A3*B
+	vext.8		$r#lo, $b, $b, #3	@ B3
+	veor		$t1, $t1, $t3		@ M = G + H
+	vmull.p8	$r, $a, $r#lo		@ I = A*B3
+	veor		$t0#lo, $t0#lo, $t0#hi	@ t0 = (L) (P0 + P1) << 8
+	vand		$t0#hi, $t0#hi, $k48
+	vext.8		$t3#lo, $b, $b, #4	@ B4
+	veor		$t1#lo, $t1#lo, $t1#hi	@ t1 = (M) (P2 + P3) << 16
+	vand		$t1#hi, $t1#hi, $k32
+	vmull.p8	$t3, $a, $t3#lo		@ K = A*B4
+	veor		$t2, $t2, $r		@ N = I + J
+	veor		$t0#lo, $t0#lo, $t0#hi
+	veor		$t1#lo, $t1#lo, $t1#hi
+	veor		$t2#lo, $t2#lo, $t2#hi	@ t2 = (N) (P4 + P5) << 24
+	vand		$t2#hi, $t2#hi, $k16
+	vext.8		$t0, $t0, $t0, #15
+	veor		$t3#lo, $t3#lo, $t3#hi	@ t3 = (K) (P6 + P7) << 32
+	vmov.i64	$t3#hi, #0
+	vext.8		$t1, $t1, $t1, #14
+	veor		$t2#lo, $t2#lo, $t2#hi
+	vmull.p8	$r, $a, $b		@ D = A*B
+	vext.8		$t3, $t3, $t3, #12
+	vext.8		$t2, $t2, $t2, #13
+	veor		$t0, $t0, $t1
+	veor		$t2, $t2, $t3
+	veor		$r, $r, $t0
+	veor		$r, $r, $t2
+___
+}
+
+$code.=<<___;
+#if __ARM_MAX_ARCH__>=7
+.arch	armv7-a
+.fpu	neon
+
+.global	gcm_init_neon
+.type	gcm_init_neon,%function
+.align	4
+gcm_init_neon:
+	vld1.64		$IN#hi,[r1]!		@ load H
+	vmov.i8		$t0,#0xe1
+	vld1.64		$IN#lo,[r1]
+	vshl.i64	$t0#hi,#57
+	vshr.u64	$t0#lo,#63		@ t0=0xc2....01
+	vdup.8		$t1,$IN#hi[7]
+	vshr.u64	$Hlo,$IN#lo,#63
+	vshr.s8		$t1,#7			@ broadcast carry bit
+	vshl.i64	$IN,$IN,#1
+	vand		$t0,$t0,$t1
+	vorr		$IN#hi,$Hlo		@ H<<<=1
+	veor		$IN,$IN,$t0		@ twisted H
+	vstmia		r0,{$IN}
+
+	ret					@ bx lr
+.size	gcm_init_neon,.-gcm_init_neon
+
+.global	gcm_gmult_neon
+.type	gcm_gmult_neon,%function
+.align	4
+gcm_gmult_neon:
+	vld1.64		$IN#hi,[$Xi]!		@ load Xi
+	vld1.64		$IN#lo,[$Xi]!
+	vmov.i64	$k48,#0x0000ffffffffffff
+	vldmia		$Htbl,{$Hlo-$Hhi}	@ load twisted H
+	vmov.i64	$k32,#0x00000000ffffffff
+#ifdef __ARMEL__
+	vrev64.8	$IN,$IN
+#endif
+	vmov.i64	$k16,#0x000000000000ffff
+	veor		$Hhl,$Hlo,$Hhi		@ Karatsuba pre-processing
+	mov		$len,#16
+	b		.Lgmult_neon
+.size	gcm_gmult_neon,.-gcm_gmult_neon
+
+.global	gcm_ghash_neon
+.type	gcm_ghash_neon,%function
+.align	4
+gcm_ghash_neon:
+	vld1.64		$Xl#hi,[$Xi]!		@ load Xi
+	vld1.64		$Xl#lo,[$Xi]!
+	vmov.i64	$k48,#0x0000ffffffffffff
+	vldmia		$Htbl,{$Hlo-$Hhi}	@ load twisted H
+	vmov.i64	$k32,#0x00000000ffffffff
+#ifdef __ARMEL__
+	vrev64.8	$Xl,$Xl
+#endif
+	vmov.i64	$k16,#0x000000000000ffff
+	veor		$Hhl,$Hlo,$Hhi		@ Karatsuba pre-processing
+
+.Loop_neon:
+	vld1.64		$IN#hi,[$inp]!		@ load inp
+	vld1.64		$IN#lo,[$inp]!
+#ifdef __ARMEL__
+	vrev64.8	$IN,$IN
+#endif
+	veor		$IN,$Xl			@ inp^=Xi
+.Lgmult_neon:
+___
+	&clmul64x64	($Xl,$Hlo,"$IN#lo");	# H.lo·Xi.lo
+$code.=<<___;
+	veor		$IN#lo,$IN#lo,$IN#hi	@ Karatsuba pre-processing
+___
+	&clmul64x64	($Xm,$Hhl,"$IN#lo");	# (H.lo+H.hi)·(Xi.lo+Xi.hi)
+	&clmul64x64	($Xh,$Hhi,"$IN#hi");	# H.hi·Xi.hi
+$code.=<<___;
+	veor		$Xm,$Xm,$Xl		@ Karatsuba post-processing
+	veor		$Xm,$Xm,$Xh
+	veor		$Xl#hi,$Xl#hi,$Xm#lo
+	veor		$Xh#lo,$Xh#lo,$Xm#hi	@ Xh|Xl - 256-bit result
+
+	@ equivalent of reduction_avx from ghash-x86_64.pl
+	vshl.i64	$t1,$Xl,#57		@ 1st phase
+	vshl.i64	$t2,$Xl,#62
+	veor		$t2,$t2,$t1		@
+	vshl.i64	$t1,$Xl,#63
+	veor		$t2, $t2, $t1		@
+ 	veor		$Xl#hi,$Xl#hi,$t2#lo	@
+	veor		$Xh#lo,$Xh#lo,$t2#hi
+
+	vshr.u64	$t2,$Xl,#1		@ 2nd phase
+	veor		$Xh,$Xh,$Xl
+	veor		$Xl,$Xl,$t2		@
+	vshr.u64	$t2,$t2,#6
+	vshr.u64	$Xl,$Xl,#1		@
+	veor		$Xl,$Xl,$Xh		@
+	veor		$Xl,$Xl,$t2		@
+
+	subs		$len,#16
+	bne		.Loop_neon
+
+#ifdef __ARMEL__
+	vrev64.8	$Xl,$Xl
+#endif
+	sub		$Xi,#16
+	vst1.64		$Xl#hi,[$Xi]!		@ write out Xi
+	vst1.64		$Xl#lo,[$Xi]
+
+	ret					@ bx lr
+.size	gcm_ghash_neon,.-gcm_ghash_neon
+#endif
+___
+}
+$code.=<<___;
+.asciz  "GHASH for ARMv4/NEON, CRYPTOGAMS by <appro\@openssl.org>"
+.align  2
+___
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/geo;
+
+	s/\bq([0-9]+)#(lo|hi)/sprintf "d%d",2*$1+($2 eq "hi")/geo	or
+	s/\bret\b/bx	lr/go		or
+	s/\bbx\s+lr\b/.word\t0xe12fff1e/go;    # make it possible to compile with -march=armv4
+
+	print $_,"\n";
+}
+close STDOUT; # enforce flush
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-c64xplus.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-c64xplus.pl
new file mode 100644
index 000000000..3cadda399
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-c64xplus.pl
@@ -0,0 +1,247 @@
+#! /usr/bin/env perl
+# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# December 2011
+#
+# The module implements GCM GHASH function and underlying single
+# multiplication operation in GF(2^128). Even though subroutines
+# have _4bit suffix, they are not using any tables, but rely on
+# hardware Galois Field Multiply support. Streamed GHASH processes
+# byte in ~7 cycles, which is >6x faster than "4-bit" table-driven
+# code compiled with TI's cl6x 6.0 with -mv6400+ -o2 flags. We are
+# comparing apples vs. oranges, but compiler surely could have done
+# better, because theoretical [though not necessarily achievable]
+# estimate for "4-bit" table-driven implementation is ~12 cycles.
+
+while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+open STDOUT,">$output";
+
+($Xip,$Htable,$inp,$len)=("A4","B4","A6","B6");	# arguments
+
+($Z0,$Z1,$Z2,$Z3,	$H0, $H1, $H2, $H3,
+			$H0x,$H1x,$H2x,$H3x)=map("A$_",(16..27));
+($H01u,$H01y,$H2u,$H3u,	$H0y,$H1y,$H2y,$H3y,
+			$H0z,$H1z,$H2z,$H3z)=map("B$_",(16..27));
+($FF000000,$E10000)=("B30","B31");
+($xip,$x0,$x1,$xib)=map("B$_",(6..9));	# $xip zaps $len
+ $xia="A9";
+($rem,$res)=("B4","B5");		# $rem zaps $Htable
+
+$code.=<<___;
+	.text
+
+	.if	.ASSEMBLER_VERSION<7000000
+	.asg	0,__TI_EABI__
+	.endif
+	.if	__TI_EABI__
+	.asg	gcm_gmult_1bit,_gcm_gmult_1bit
+	.asg	gcm_gmult_4bit,_gcm_gmult_4bit
+	.asg	gcm_ghash_4bit,_gcm_ghash_4bit
+	.endif
+
+	.asg	B3,RA
+
+	.if	0
+	.global	_gcm_gmult_1bit
+_gcm_gmult_1bit:
+	ADDAD	$Htable,2,$Htable
+	.endif
+	.global	_gcm_gmult_4bit
+_gcm_gmult_4bit:
+	.asmfunc
+	LDDW	*${Htable}[-1],$H1:$H0	; H.lo
+	LDDW	*${Htable}[-2],$H3:$H2	; H.hi
+||	MV	$Xip,${xip}		; reassign Xi
+||	MVK	15,B1			; SPLOOPD constant
+
+	MVK	0xE1,$E10000
+||	LDBU	*++${xip}[15],$x1	; Xi[15]
+	MVK	0xFF,$FF000000
+||	LDBU	*--${xip},$x0		; Xi[14]
+	SHL	$E10000,16,$E10000	; [pre-shifted] reduction polynomial
+	SHL	$FF000000,24,$FF000000	; upper byte mask
+||	BNOP	ghash_loop?
+||	MVK	1,B0			; take a single spin
+
+	PACKH2	$H0,$H1,$xia		; pack H0' and H1's upper bytes
+	AND	$H2,$FF000000,$H2u	; H2's upper byte
+	AND	$H3,$FF000000,$H3u	; H3's upper byte
+||	SHRU	$H2u,8,$H2u
+	SHRU	$H3u,8,$H3u
+||	ZERO	$Z1:$Z0
+	SHRU2	$xia,8,$H01u
+||	ZERO	$Z3:$Z2
+	.endasmfunc
+
+	.global	_gcm_ghash_4bit
+_gcm_ghash_4bit:
+	.asmfunc
+	LDDW	*${Htable}[-1],$H1:$H0	; H.lo
+||	SHRU	$len,4,B0		; reassign len
+	LDDW	*${Htable}[-2],$H3:$H2	; H.hi
+||	MV	$Xip,${xip}		; reassign Xi
+||	MVK	15,B1			; SPLOOPD constant
+
+	MVK	0xE1,$E10000
+|| [B0]	LDNDW	*${inp}[1],$H1x:$H0x
+	MVK	0xFF,$FF000000
+|| [B0]	LDNDW	*${inp}++[2],$H3x:$H2x
+	SHL	$E10000,16,$E10000	; [pre-shifted] reduction polynomial
+||	LDDW	*${xip}[1],$Z1:$Z0
+	SHL	$FF000000,24,$FF000000	; upper byte mask
+||	LDDW	*${xip}[0],$Z3:$Z2
+
+	PACKH2	$H0,$H1,$xia		; pack H0' and H1's upper bytes
+	AND	$H2,$FF000000,$H2u	; H2's upper byte
+	AND	$H3,$FF000000,$H3u	; H3's upper byte
+||	SHRU	$H2u,8,$H2u
+	SHRU	$H3u,8,$H3u
+	SHRU2	$xia,8,$H01u
+
+|| [B0]	XOR	$H0x,$Z0,$Z0		; Xi^=inp
+|| [B0]	XOR	$H1x,$Z1,$Z1
+	.if	.LITTLE_ENDIAN
+   [B0]	XOR	$H2x,$Z2,$Z2
+|| [B0]	XOR	$H3x,$Z3,$Z3
+|| [B0]	SHRU	$Z1,24,$xia		; Xi[15], avoid cross-path stall
+	STDW	$Z1:$Z0,*${xip}[1]
+|| [B0]	SHRU	$Z1,16,$x0		; Xi[14]
+|| [B0]	ZERO	$Z1:$Z0
+	.else
+   [B0]	XOR	$H2x,$Z2,$Z2
+|| [B0]	XOR	$H3x,$Z3,$Z3
+|| [B0]	MV	$Z0,$xia		; Xi[15], avoid cross-path stall
+	STDW	$Z1:$Z0,*${xip}[1]
+|| [B0] SHRU	$Z0,8,$x0		; Xi[14]
+|| [B0]	ZERO	$Z1:$Z0
+	.endif
+	STDW	$Z3:$Z2,*${xip}[0]
+|| [B0]	ZERO	$Z3:$Z2
+|| [B0]	MV	$xia,$x1
+   [B0]	ADDK	14,${xip}
+
+ghash_loop?:
+	SPLOOPD	6			; 6*16+7
+||	MVC	B1,ILC
+|| [B0]	SUB	B0,1,B0
+||	ZERO	A0
+||	ADD	$x1,$x1,$xib		; SHL	$x1,1,$xib
+||	SHL	$x1,1,$xia
+___
+
+########____________________________
+#  0    D2.     M1          M2      |
+#  1            M1                  |
+#  2            M1          M2      |
+#  3        D1. M1          M2      |
+#  4        S1. L1                  |
+#  5    S2  S1x L1          D2  L2  |____________________________
+#  6/0          L1  S1      L2  S2x |D2.     M1          M2      |
+#  7/1          L1  S1  D1x S2  M2  |        M1                  |
+#  8/2              S1  L1x S2      |        M1          M2      |
+#  9/3              S1  L1x         |    D1. M1          M2      |
+# 10/4                  D1x         |    S1. L1                  |
+# 11/5                              |S2  S1x L1          D2  L2  |____________
+# 12/6/0                D1x       __|        L1  S1      L2  S2x |D2.     ....
+#    7/1                                     L1  S1  D1x S2  M2  |        ....
+#    8/2                                         S1  L1x S2      |        ....
+#####...                                         ................|............
+$code.=<<___;
+	XORMPY	$H0,$xia,$H0x		; 0	; H·(Xi[i]<<1)
+||	XORMPY	$H01u,$xib,$H01y
+|| [A0]	LDBU	*--${xip},$x0
+	XORMPY	$H1,$xia,$H1x		; 1
+	XORMPY	$H2,$xia,$H2x		; 2
+||	XORMPY	$H2u,$xib,$H2y
+	XORMPY	$H3,$xia,$H3x		; 3
+||	XORMPY	$H3u,$xib,$H3y
+||[!A0]	MVK.D	15,A0				; *--${xip} counter
+	XOR.L	$H0x,$Z0,$Z0		; 4	; Z^=H·(Xi[i]<<1)
+|| [A0]	SUB.S	A0,1,A0
+	XOR.L	$H1x,$Z1,$Z1		; 5
+||	AND.D	$H01y,$FF000000,$H0z
+||	SWAP2.L	$H01y,$H1y		;	; SHL	$H01y,16,$H1y
+||	SHL	$x0,1,$xib
+||	SHL	$x0,1,$xia
+
+	XOR.L	$H2x,$Z2,$Z2		; 6/0	; [0,0] in epilogue
+||	SHL	$Z0,1,$rem		;	; rem=Z<<1
+||	SHRMB.S	$Z1,$Z0,$Z0		;	; Z>>=8
+||	AND.L	$H1y,$FF000000,$H1z
+	XOR.L	$H3x,$Z3,$Z3		; 7/1
+||	SHRMB.S	$Z2,$Z1,$Z1
+||	XOR.D	$H0z,$Z0,$Z0			; merge upper byte products
+||	AND.S	$H2y,$FF000000,$H2z
+||	XORMPY	$E10000,$rem,$res	;	; implicit rem&0x1FE
+	XOR.L	$H1z,$Z1,$Z1		; 8/2
+||	SHRMB.S	$Z3,$Z2,$Z2
+||	AND.S	$H3y,$FF000000,$H3z
+	XOR.L	$H2z,$Z2,$Z2		; 9/3
+||	SHRU	$Z3,8,$Z3
+	XOR.D	$H3z,$Z3,$Z3		; 10/4
+	NOP				; 11/5
+
+	SPKERNEL 0,2
+||	XOR.D	$res,$Z3,$Z3		; 12/6/0; Z^=res
+
+	; input pre-fetch is possible where D1 slot is available...
+   [B0]	LDNDW	*${inp}[1],$H1x:$H0x	; 8/-
+   [B0]	LDNDW	*${inp}++[2],$H3x:$H2x	; 9/-
+	NOP				; 10/-
+	.if	.LITTLE_ENDIAN
+	SWAP2	$Z0,$Z1			; 11/-
+||	SWAP4	$Z1,$Z0
+	SWAP4	$Z1,$Z1			; 12/-
+||	SWAP2	$Z0,$Z0
+	SWAP2	$Z2,$Z3
+||	SWAP4	$Z3,$Z2
+||[!B0]	BNOP	RA
+	SWAP4	$Z3,$Z3
+||	SWAP2	$Z2,$Z2
+|| [B0]	BNOP	ghash_loop?
+   [B0]	XOR	$H0x,$Z0,$Z0		; Xi^=inp
+|| [B0]	XOR	$H1x,$Z1,$Z1
+   [B0]	XOR	$H2x,$Z2,$Z2
+|| [B0]	XOR	$H3x,$Z3,$Z3
+|| [B0]	SHRU	$Z1,24,$xia		; Xi[15], avoid cross-path stall
+	STDW	$Z1:$Z0,*${xip}[1]
+|| [B0]	SHRU	$Z1,16,$x0		; Xi[14]
+|| [B0]	ZERO	$Z1:$Z0
+	.else
+  [!B0]	BNOP	RA			; 11/-
+   [B0]	BNOP	ghash_loop?		; 12/-
+   [B0]	XOR	$H0x,$Z0,$Z0		; Xi^=inp
+|| [B0]	XOR	$H1x,$Z1,$Z1
+   [B0]	XOR	$H2x,$Z2,$Z2
+|| [B0]	XOR	$H3x,$Z3,$Z3
+|| [B0]	MV	$Z0,$xia		; Xi[15], avoid cross-path stall
+	STDW	$Z1:$Z0,*${xip}[1]
+|| [B0] SHRU	$Z0,8,$x0		; Xi[14]
+|| [B0]	ZERO	$Z1:$Z0
+	.endif
+	STDW	$Z3:$Z2,*${xip}[0]
+|| [B0]	ZERO	$Z3:$Z2
+|| [B0]	MV	$xia,$x1
+   [B0]	ADDK	14,${xip}
+	.endasmfunc
+
+	.sect	.const
+	.cstring "GHASH for C64x+, CRYPTOGAMS by <appro\@openssl.org>"
+	.align	4
+___
+
+print $code;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-ia64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-ia64.pl
new file mode 100755
index 000000000..eb9ded91e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-ia64.pl
@@ -0,0 +1,470 @@
+#! /usr/bin/env perl
+# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# March 2010
+#
+# The module implements "4-bit" GCM GHASH function and underlying
+# single multiplication operation in GF(2^128). "4-bit" means that it
+# uses 256 bytes per-key table [+128 bytes shared table]. Streamed
+# GHASH performance was measured to be 6.67 cycles per processed byte
+# on Itanium 2, which is >90% better than Microsoft compiler generated
+# code. To anchor to something else sha1-ia64.pl module processes one
+# byte in 5.7 cycles. On Itanium GHASH should run at ~8.5 cycles per
+# byte.
+
+# September 2010
+#
+# It was originally thought that it makes lesser sense to implement
+# "528B" variant on Itanium 2 for following reason. Because number of
+# functional units is naturally limited, it appeared impossible to
+# implement "528B" loop in 4 cycles, only in 5. This would mean that
+# theoretically performance improvement couldn't be more than 20%.
+# But occasionally you prove yourself wrong:-) I figured out a way to
+# fold couple of instructions and having freed yet another instruction
+# slot by unrolling the loop... Resulting performance is 4.45 cycles
+# per processed byte and 50% better than "256B" version. On original
+# Itanium performance should remain the same as the "256B" version,
+# i.e. ~8.5 cycles.
+
+$output=pop and (open STDOUT,">$output" or die "can't open $output: $!");
+
+if ($^O eq "hpux") {
+    $ADDP="addp4";
+    for (@ARGV) { $ADDP="add" if (/[\+DD|\-mlp]64/); }
+} else { $ADDP="add"; }
+for (@ARGV)  {  $big_endian=1 if (/\-DB_ENDIAN/);
+                $big_endian=0 if (/\-DL_ENDIAN/);  }
+if (!defined($big_endian))
+             {  $big_endian=(unpack('L',pack('N',1))==1);  }
+
+sub loop() {
+my $label=shift;
+my ($p16,$p17)=(shift)?("p63","p63"):("p16","p17"); # mask references to inp
+
+# Loop is scheduled for 6 ticks on Itanium 2 and 8 on Itanium, i.e.
+# in scalable manner;-) Naturally assuming data in L1 cache...
+# Special note about 'dep' instruction, which is used to construct
+# &rem_4bit[Zlo&0xf]. It works, because rem_4bit is aligned at 128
+# bytes boundary and lower 7 bits of its address are guaranteed to
+# be zero.
+$code.=<<___;
+$label:
+{ .mfi;	(p18)	ld8	Hlo=[Hi[1]],-8
+	(p19)	dep	rem=Zlo,rem_4bitp,3,4	}
+{ .mfi;	(p19)	xor	Zhi=Zhi,Hhi
+	($p17)	xor	xi[1]=xi[1],in[1]	};;
+{ .mfi;	(p18)	ld8	Hhi=[Hi[1]]
+	(p19)	shrp	Zlo=Zhi,Zlo,4		}
+{ .mfi;	(p19)	ld8	rem=[rem]
+	(p18)	and	Hi[1]=mask0xf0,xi[2]	};;
+{ .mmi;	($p16)	ld1	in[0]=[inp],-1
+	(p18)	xor	Zlo=Zlo,Hlo
+	(p19)	shr.u	Zhi=Zhi,4		}
+{ .mib;	(p19)	xor	Hhi=Hhi,rem
+	(p18)	add	Hi[1]=Htbl,Hi[1]	};;
+
+{ .mfi;	(p18)	ld8	Hlo=[Hi[1]],-8
+	(p18)	dep	rem=Zlo,rem_4bitp,3,4	}
+{ .mfi;	(p17)	shladd	Hi[0]=xi[1],4,r0
+	(p18)	xor	Zhi=Zhi,Hhi		};;
+{ .mfi;	(p18)	ld8	Hhi=[Hi[1]]
+	(p18)	shrp	Zlo=Zhi,Zlo,4		}
+{ .mfi;	(p18)	ld8	rem=[rem]
+	(p17)	and	Hi[0]=mask0xf0,Hi[0]	};;
+{ .mmi;	(p16)	ld1	xi[0]=[Xi],-1
+	(p18)	xor	Zlo=Zlo,Hlo
+	(p18)	shr.u	Zhi=Zhi,4		}
+{ .mib;	(p18)	xor	Hhi=Hhi,rem
+	(p17)	add	Hi[0]=Htbl,Hi[0]
+	br.ctop.sptk	$label			};;
+___
+}
+
+$code=<<___;
+.explicit
+.text
+
+prevfs=r2;	prevlc=r3;	prevpr=r8;
+mask0xf0=r21;
+rem=r22;	rem_4bitp=r23;
+Xi=r24;		Htbl=r25;
+inp=r26;	end=r27;
+Hhi=r28;	Hlo=r29;
+Zhi=r30;	Zlo=r31;
+
+.align	128
+.skip	16					// aligns loop body
+.global	gcm_gmult_4bit#
+.proc	gcm_gmult_4bit#
+gcm_gmult_4bit:
+	.prologue
+{ .mmi;	.save	ar.pfs,prevfs
+	alloc	prevfs=ar.pfs,2,6,0,8
+	$ADDP	Xi=15,in0			// &Xi[15]
+	mov	rem_4bitp=ip		}
+{ .mii;	$ADDP	Htbl=8,in1			// &Htbl[0].lo
+	.save	ar.lc,prevlc
+	mov	prevlc=ar.lc
+	.save	pr,prevpr
+	mov	prevpr=pr		};;
+
+	.body
+	.rotr	in[3],xi[3],Hi[2]
+
+{ .mib;	ld1	xi[2]=[Xi],-1			// Xi[15]
+	mov	mask0xf0=0xf0
+	brp.loop.imp	.Loop1,.Lend1-16};;
+{ .mmi;	ld1	xi[1]=[Xi],-1			// Xi[14]
+					};;
+{ .mii;	shladd	Hi[1]=xi[2],4,r0
+	mov	pr.rot=0x7<<16
+	mov	ar.lc=13		};;
+{ .mii;	and	Hi[1]=mask0xf0,Hi[1]
+	mov	ar.ec=3
+	xor	Zlo=Zlo,Zlo		};;
+{ .mii;	add	Hi[1]=Htbl,Hi[1]		// &Htbl[nlo].lo
+	add	rem_4bitp=rem_4bit#-gcm_gmult_4bit#,rem_4bitp
+	xor	Zhi=Zhi,Zhi		};;
+___
+	&loop	(".Loop1",1);
+$code.=<<___;
+.Lend1:
+{ .mib;	xor	Zhi=Zhi,Hhi		};;	// modulo-scheduling artefact
+{ .mib;	mux1	Zlo=Zlo,\@rev		};;
+{ .mib;	mux1	Zhi=Zhi,\@rev		};;
+{ .mmi;	add	Hlo=9,Xi;;			// ;; is here to prevent
+	add	Hhi=1,Xi		};;	// pipeline flush on Itanium
+{ .mib;	st8	[Hlo]=Zlo
+	mov	pr=prevpr,0x1ffff	};;
+{ .mib;	st8	[Hhi]=Zhi
+	mov	ar.lc=prevlc
+	br.ret.sptk.many	b0	};;
+.endp	gcm_gmult_4bit#
+___
+
+######################################################################
+# "528B" (well, "512B" actually) streamed GHASH
+#
+$Xip="in0";
+$Htbl="in1";
+$inp="in2";
+$len="in3";
+$rem_8bit="loc0";
+$mask0xff="loc1";
+($sum,$rum) = $big_endian ? ("nop.m","nop.m") : ("sum","rum");
+
+sub load_htable() {
+    for (my $i=0;$i<8;$i++) {
+	$code.=<<___;
+{ .mmi;	ld8	r`16+2*$i+1`=[r8],16		// Htable[$i].hi
+	ld8	r`16+2*$i`=[r9],16	}	// Htable[$i].lo
+{ .mmi;	ldf8	f`32+2*$i+1`=[r10],16		// Htable[`8+$i`].hi
+	ldf8	f`32+2*$i`=[r11],16		// Htable[`8+$i`].lo
+___
+	$code.=shift	if (($i+$#_)==7);
+	$code.="\t};;\n"
+    }
+}
+
+$code.=<<___;
+prevsp=r3;
+
+.align	32
+.skip	16					// aligns loop body
+.global	gcm_ghash_4bit#
+.proc	gcm_ghash_4bit#
+gcm_ghash_4bit:
+	.prologue
+{ .mmi;	.save	ar.pfs,prevfs
+	alloc	prevfs=ar.pfs,4,2,0,0
+	.vframe	prevsp
+	mov	prevsp=sp
+	mov	$rem_8bit=ip		};;
+	.body
+{ .mfi;	$ADDP	r8=0+0,$Htbl
+	$ADDP	r9=0+8,$Htbl		}
+{ .mfi;	$ADDP	r10=128+0,$Htbl
+	$ADDP	r11=128+8,$Htbl		};;
+___
+	&load_htable(
+	"	$ADDP	$Xip=15,$Xip",		# &Xi[15]
+	"	$ADDP	$len=$len,$inp",	# &inp[len]
+	"	$ADDP	$inp=15,$inp",		# &inp[15]
+	"	mov	$mask0xff=0xff",
+	"	add	sp=-512,sp",
+	"	andcm	sp=sp,$mask0xff",	# align stack frame
+	"	add	r14=0,sp",
+	"	add	r15=8,sp");
+$code.=<<___;
+{ .mmi;	$sum	1<<1				// go big-endian
+	add	r8=256+0,sp
+	add	r9=256+8,sp		}
+{ .mmi;	add	r10=256+128+0,sp
+	add	r11=256+128+8,sp
+	add	$len=-17,$len		};;
+___
+for($i=0;$i<8;$i++) {	# generate first half of Hshr4[]
+my ($rlo,$rhi)=("r".eval(16+2*$i),"r".eval(16+2*$i+1));
+$code.=<<___;
+{ .mmi;	st8	[r8]=$rlo,16			// Htable[$i].lo
+	st8	[r9]=$rhi,16			// Htable[$i].hi
+	shrp	$rlo=$rhi,$rlo,4	}//;;
+{ .mmi;	stf8	[r10]=f`32+2*$i`,16		// Htable[`8+$i`].lo
+	stf8	[r11]=f`32+2*$i+1`,16		// Htable[`8+$i`].hi
+	shr.u	$rhi=$rhi,4		};;
+{ .mmi;	st8	[r14]=$rlo,16			// Htable[$i].lo>>4
+	st8	[r15]=$rhi,16		}//;;	// Htable[$i].hi>>4
+___
+}
+$code.=<<___;
+{ .mmi;	ld8	r16=[r8],16			// Htable[8].lo
+	ld8	r17=[r9],16		};;	// Htable[8].hi
+{ .mmi;	ld8	r18=[r8],16			// Htable[9].lo
+	ld8	r19=[r9],16		}	// Htable[9].hi
+{ .mmi;	rum	1<<5				// clear um.mfh
+	shrp	r16=r17,r16,4		};;
+___
+for($i=0;$i<6;$i++) {	# generate second half of Hshr4[]
+$code.=<<___;
+{ .mmi;	ld8	r`20+2*$i`=[r8],16		// Htable[`10+$i`].lo
+	ld8	r`20+2*$i+1`=[r9],16		// Htable[`10+$i`].hi
+	shr.u	r`16+2*$i+1`=r`16+2*$i+1`,4	};;
+{ .mmi;	st8	[r14]=r`16+2*$i`,16		// Htable[`8+$i`].lo>>4
+	st8	[r15]=r`16+2*$i+1`,16		// Htable[`8+$i`].hi>>4
+	shrp	r`18+2*$i`=r`18+2*$i+1`,r`18+2*$i`,4	}
+___
+}
+$code.=<<___;
+{ .mmi;	shr.u	r`16+2*$i+1`=r`16+2*$i+1`,4	};;
+{ .mmi;	st8	[r14]=r`16+2*$i`,16		// Htable[`8+$i`].lo>>4
+	st8	[r15]=r`16+2*$i+1`,16		// Htable[`8+$i`].hi>>4
+	shrp	r`18+2*$i`=r`18+2*$i+1`,r`18+2*$i`,4	}
+{ .mmi;	add	$Htbl=256,sp			// &Htable[0]
+	add	$rem_8bit=rem_8bit#-gcm_ghash_4bit#,$rem_8bit
+	shr.u	r`18+2*$i+1`=r`18+2*$i+1`,4	};;
+{ .mmi;	st8	[r14]=r`18+2*$i`		// Htable[`8+$i`].lo>>4
+	st8	[r15]=r`18+2*$i+1`	}	// Htable[`8+$i`].hi>>4
+___
+
+$in="r15";
+@xi=("r16","r17");
+@rem=("r18","r19");
+($Alo,$Ahi,$Blo,$Bhi,$Zlo,$Zhi)=("r20","r21","r22","r23","r24","r25");
+($Atbl,$Btbl)=("r26","r27");
+
+$code.=<<___;	# (p16)
+{ .mmi;	ld1	$in=[$inp],-1			//(p16) *inp--
+	ld1	$xi[0]=[$Xip],-1		//(p16) *Xi--
+	cmp.eq	p0,p6=r0,r0		};;	//	clear p6
+___
+push (@xi,shift(@xi)); push (@rem,shift(@rem));	# "rotate" registers
+
+$code.=<<___;	# (p16),(p17)
+{ .mmi;	ld1	$xi[0]=[$Xip],-1		//(p16) *Xi--
+	xor	$xi[1]=$xi[1],$in	};;	//(p17) xi=$xi[i]^inp[i]
+{ .mii;	ld1	$in=[$inp],-1			//(p16) *inp--
+	dep	$Atbl=$xi[1],$Htbl,4,4		//(p17) &Htable[nlo].lo
+	and	$xi[1]=-16,$xi[1]	};;	//(p17) nhi=xi&0xf0
+.align	32
+.LOOP:
+{ .mmi;
+(p6)	st8	[$Xip]=$Zhi,13
+	xor	$Zlo=$Zlo,$Zlo
+	add	$Btbl=$xi[1],$Htbl	};;	//(p17) &Htable[nhi].lo
+___
+push (@xi,shift(@xi)); push (@rem,shift(@rem));	# "rotate" registers
+
+$code.=<<___;	# (p16),(p17),(p18)
+{ .mmi;	ld8	$Alo=[$Atbl],8			//(p18) Htable[nlo].lo,&Htable[nlo].hi
+	ld8	$rem[0]=[$Btbl],-256		//(p18) Htable[nhi].lo,&Hshr4[nhi].lo
+	xor	$xi[1]=$xi[1],$in	};;	//(p17) xi=$xi[i]^inp[i]
+{ .mfi;	ld8	$Ahi=[$Atbl]			//(p18) Htable[nlo].hi
+	dep	$Atbl=$xi[1],$Htbl,4,4	}	//(p17) &Htable[nlo].lo
+{ .mfi;	shladd	$rem[0]=$rem[0],4,r0		//(p18) Htable[nhi].lo<<4
+	xor	$Zlo=$Zlo,$Alo		};;	//(p18) Z.lo^=Htable[nlo].lo
+{ .mmi;	ld8	$Blo=[$Btbl],8			//(p18) Hshr4[nhi].lo,&Hshr4[nhi].hi
+	ld1	$in=[$inp],-1		}	//(p16) *inp--
+{ .mmi;	xor	$rem[0]=$rem[0],$Zlo		//(p18) Z.lo^(Htable[nhi].lo<<4)
+	mov	$Zhi=$Ahi			//(p18) Z.hi^=Htable[nlo].hi
+	and	$xi[1]=-16,$xi[1]	};;	//(p17) nhi=xi&0xf0
+{ .mmi;	ld8	$Bhi=[$Btbl]			//(p18) Hshr4[nhi].hi
+	ld1	$xi[0]=[$Xip],-1		//(p16) *Xi--
+	shrp	$Zlo=$Zhi,$Zlo,8	}	//(p18) Z.lo=(Z.hi<<56)|(Z.lo>>8)
+{ .mmi;	and	$rem[0]=$rem[0],$mask0xff	//(p18) rem=($Zlo^(Htable[nhi].lo<<4))&0xff
+	add	$Btbl=$xi[1],$Htbl	};;	//(p17) &Htable[nhi]
+___
+push (@xi,shift(@xi)); push (@rem,shift(@rem));	# "rotate" registers
+
+for ($i=1;$i<14;$i++) {
+# Above and below fragments are derived from this one by removing
+# unsuitable (p??) instructions.
+$code.=<<___;	# (p16),(p17),(p18),(p19)
+{ .mmi;	ld8	$Alo=[$Atbl],8			//(p18) Htable[nlo].lo,&Htable[nlo].hi
+	ld8	$rem[0]=[$Btbl],-256		//(p18) Htable[nhi].lo,&Hshr4[nhi].lo
+	shr.u	$Zhi=$Zhi,8		}	//(p19) Z.hi>>=8
+{ .mmi;	shladd	$rem[1]=$rem[1],1,$rem_8bit	//(p19) &rem_8bit[rem]
+	xor	$Zlo=$Zlo,$Blo			//(p19) Z.lo^=Hshr4[nhi].lo
+	xor	$xi[1]=$xi[1],$in	};;	//(p17) xi=$xi[i]^inp[i]
+{ .mmi;	ld8	$Ahi=[$Atbl]			//(p18) Htable[nlo].hi
+	ld2	$rem[1]=[$rem[1]]		//(p19) rem_8bit[rem]
+	dep	$Atbl=$xi[1],$Htbl,4,4	}	//(p17) &Htable[nlo].lo
+{ .mmi;	shladd	$rem[0]=$rem[0],4,r0		//(p18) Htable[nhi].lo<<4
+	xor	$Zlo=$Zlo,$Alo			//(p18) Z.lo^=Htable[nlo].lo
+	xor	$Zhi=$Zhi,$Bhi		};;	//(p19) Z.hi^=Hshr4[nhi].hi
+{ .mmi;	ld8	$Blo=[$Btbl],8			//(p18) Hshr4[nhi].lo,&Hshr4[nhi].hi
+	ld1	$in=[$inp],-1			//(p16) *inp--
+	shl	$rem[1]=$rem[1],48	}	//(p19) rem_8bit[rem]<<48
+{ .mmi;	xor	$rem[0]=$rem[0],$Zlo		//(p18) Z.lo^(Htable[nhi].lo<<4)
+	xor	$Zhi=$Zhi,$Ahi			//(p18) Z.hi^=Htable[nlo].hi
+	and	$xi[1]=-16,$xi[1]	};;	//(p17) nhi=xi&0xf0
+{ .mmi;	ld8	$Bhi=[$Btbl]			//(p18) Hshr4[nhi].hi
+	ld1	$xi[0]=[$Xip],-1		//(p16) *Xi--
+	shrp	$Zlo=$Zhi,$Zlo,8	}	//(p18) Z.lo=(Z.hi<<56)|(Z.lo>>8)
+{ .mmi;	and	$rem[0]=$rem[0],$mask0xff	//(p18) rem=($Zlo^(Htable[nhi].lo<<4))&0xff
+	xor	$Zhi=$Zhi,$rem[1]		//(p19) Z.hi^=rem_8bit[rem]<<48
+	add	$Btbl=$xi[1],$Htbl	};;	//(p17) &Htable[nhi]
+___
+push (@xi,shift(@xi)); push (@rem,shift(@rem));	# "rotate" registers
+}
+
+$code.=<<___;	# (p17),(p18),(p19)
+{ .mmi;	ld8	$Alo=[$Atbl],8			//(p18) Htable[nlo].lo,&Htable[nlo].hi
+	ld8	$rem[0]=[$Btbl],-256		//(p18) Htable[nhi].lo,&Hshr4[nhi].lo
+	shr.u	$Zhi=$Zhi,8		}	//(p19) Z.hi>>=8
+{ .mmi;	shladd	$rem[1]=$rem[1],1,$rem_8bit	//(p19) &rem_8bit[rem]
+	xor	$Zlo=$Zlo,$Blo			//(p19) Z.lo^=Hshr4[nhi].lo
+	xor	$xi[1]=$xi[1],$in	};;	//(p17) xi=$xi[i]^inp[i]
+{ .mmi;	ld8	$Ahi=[$Atbl]			//(p18) Htable[nlo].hi
+	ld2	$rem[1]=[$rem[1]]		//(p19) rem_8bit[rem]
+	dep	$Atbl=$xi[1],$Htbl,4,4	};;	//(p17) &Htable[nlo].lo
+{ .mmi;	shladd	$rem[0]=$rem[0],4,r0		//(p18) Htable[nhi].lo<<4
+	xor	$Zlo=$Zlo,$Alo			//(p18) Z.lo^=Htable[nlo].lo
+	xor	$Zhi=$Zhi,$Bhi		};;	//(p19) Z.hi^=Hshr4[nhi].hi
+{ .mmi;	ld8	$Blo=[$Btbl],8			//(p18) Hshr4[nhi].lo,&Hshr4[nhi].hi
+	shl	$rem[1]=$rem[1],48	}	//(p19) rem_8bit[rem]<<48
+{ .mmi;	xor	$rem[0]=$rem[0],$Zlo		//(p18) Z.lo^(Htable[nhi].lo<<4)
+	xor	$Zhi=$Zhi,$Ahi			//(p18) Z.hi^=Htable[nlo].hi
+	and	$xi[1]=-16,$xi[1]	};;	//(p17) nhi=xi&0xf0
+{ .mmi;	ld8	$Bhi=[$Btbl]			//(p18) Hshr4[nhi].hi
+	shrp	$Zlo=$Zhi,$Zlo,8	}	//(p18) Z.lo=(Z.hi<<56)|(Z.lo>>8)
+{ .mmi;	and	$rem[0]=$rem[0],$mask0xff	//(p18) rem=($Zlo^(Htable[nhi].lo<<4))&0xff
+	xor	$Zhi=$Zhi,$rem[1]		//(p19) Z.hi^=rem_8bit[rem]<<48
+	add	$Btbl=$xi[1],$Htbl	};;	//(p17) &Htable[nhi]
+___
+push (@xi,shift(@xi)); push (@rem,shift(@rem));	# "rotate" registers
+
+$code.=<<___;	# (p18),(p19)
+{ .mfi;	ld8	$Alo=[$Atbl],8			//(p18) Htable[nlo].lo,&Htable[nlo].hi
+	shr.u	$Zhi=$Zhi,8		}	//(p19) Z.hi>>=8
+{ .mfi;	shladd	$rem[1]=$rem[1],1,$rem_8bit	//(p19) &rem_8bit[rem]
+	xor	$Zlo=$Zlo,$Blo		};;	//(p19) Z.lo^=Hshr4[nhi].lo
+{ .mfi;	ld8	$Ahi=[$Atbl]			//(p18) Htable[nlo].hi
+	xor	$Zlo=$Zlo,$Alo		}	//(p18) Z.lo^=Htable[nlo].lo
+{ .mfi;	ld2	$rem[1]=[$rem[1]]		//(p19) rem_8bit[rem]
+	xor	$Zhi=$Zhi,$Bhi		};;	//(p19) Z.hi^=Hshr4[nhi].hi
+{ .mfi;	ld8	$Blo=[$Btbl],8			//(p18) Htable[nhi].lo,&Htable[nhi].hi
+	shl	$rem[1]=$rem[1],48	}	//(p19) rem_8bit[rem]<<48
+{ .mfi;	shladd	$rem[0]=$Zlo,4,r0		//(p18) Z.lo<<4
+	xor	$Zhi=$Zhi,$Ahi		};;	//(p18) Z.hi^=Htable[nlo].hi
+{ .mfi;	ld8	$Bhi=[$Btbl]			//(p18) Htable[nhi].hi
+	shrp	$Zlo=$Zhi,$Zlo,4	}	//(p18) Z.lo=(Z.hi<<60)|(Z.lo>>4)
+{ .mfi;	and	$rem[0]=$rem[0],$mask0xff	//(p18) rem=($Zlo^(Htable[nhi].lo<<4))&0xff
+	xor	$Zhi=$Zhi,$rem[1]	};;	//(p19) Z.hi^=rem_8bit[rem]<<48
+___
+push (@xi,shift(@xi)); push (@rem,shift(@rem));	# "rotate" registers
+
+$code.=<<___;	# (p19)
+{ .mmi;	cmp.ltu	p6,p0=$inp,$len
+	add	$inp=32,$inp
+	shr.u	$Zhi=$Zhi,4		}	//(p19) Z.hi>>=4
+{ .mmi;	shladd	$rem[1]=$rem[1],1,$rem_8bit	//(p19) &rem_8bit[rem]
+	xor	$Zlo=$Zlo,$Blo			//(p19) Z.lo^=Hshr4[nhi].lo
+	add	$Xip=9,$Xip		};;	//	&Xi.lo
+{ .mmi;	ld2	$rem[1]=[$rem[1]]		//(p19) rem_8bit[rem]
+(p6)	ld1	$in=[$inp],-1			//[p16] *inp--
+(p6)	extr.u	$xi[1]=$Zlo,8,8		}	//[p17] Xi[14]
+{ .mmi;	xor	$Zhi=$Zhi,$Bhi			//(p19) Z.hi^=Hshr4[nhi].hi
+(p6)	and	$xi[0]=$Zlo,$mask0xff	};;	//[p16] Xi[15]
+{ .mmi;	st8	[$Xip]=$Zlo,-8
+(p6)	xor	$xi[0]=$xi[0],$in		//[p17] xi=$xi[i]^inp[i]
+	shl	$rem[1]=$rem[1],48	};;	//(p19) rem_8bit[rem]<<48
+{ .mmi;
+(p6)	ld1	$in=[$inp],-1			//[p16] *inp--
+	xor	$Zhi=$Zhi,$rem[1]		//(p19) Z.hi^=rem_8bit[rem]<<48
+(p6)	dep	$Atbl=$xi[0],$Htbl,4,4	}	//[p17] &Htable[nlo].lo
+{ .mib;
+(p6)	and	$xi[0]=-16,$xi[0]		//[p17] nhi=xi&0xf0
+(p6)	br.cond.dptk.many	.LOOP	};;
+
+{ .mib;	st8	[$Xip]=$Zhi		};;
+{ .mib;	$rum	1<<1				// return to little-endian
+	.restore	sp
+	mov	sp=prevsp
+	br.ret.sptk.many	b0	};;
+.endp	gcm_ghash_4bit#
+___
+$code.=<<___;
+.align	128
+.type	rem_4bit#,\@object
+rem_4bit:
+        data8	0x0000<<48, 0x1C20<<48, 0x3840<<48, 0x2460<<48
+        data8	0x7080<<48, 0x6CA0<<48, 0x48C0<<48, 0x54E0<<48
+        data8	0xE100<<48, 0xFD20<<48, 0xD940<<48, 0xC560<<48
+        data8	0x9180<<48, 0x8DA0<<48, 0xA9C0<<48, 0xB5E0<<48
+.size	rem_4bit#,128
+.type	rem_8bit#,\@object
+rem_8bit:
+	data1	0x00,0x00, 0x01,0xC2, 0x03,0x84, 0x02,0x46, 0x07,0x08, 0x06,0xCA, 0x04,0x8C, 0x05,0x4E
+	data1	0x0E,0x10, 0x0F,0xD2, 0x0D,0x94, 0x0C,0x56, 0x09,0x18, 0x08,0xDA, 0x0A,0x9C, 0x0B,0x5E
+	data1	0x1C,0x20, 0x1D,0xE2, 0x1F,0xA4, 0x1E,0x66, 0x1B,0x28, 0x1A,0xEA, 0x18,0xAC, 0x19,0x6E
+	data1	0x12,0x30, 0x13,0xF2, 0x11,0xB4, 0x10,0x76, 0x15,0x38, 0x14,0xFA, 0x16,0xBC, 0x17,0x7E
+	data1	0x38,0x40, 0x39,0x82, 0x3B,0xC4, 0x3A,0x06, 0x3F,0x48, 0x3E,0x8A, 0x3C,0xCC, 0x3D,0x0E
+	data1	0x36,0x50, 0x37,0x92, 0x35,0xD4, 0x34,0x16, 0x31,0x58, 0x30,0x9A, 0x32,0xDC, 0x33,0x1E
+	data1	0x24,0x60, 0x25,0xA2, 0x27,0xE4, 0x26,0x26, 0x23,0x68, 0x22,0xAA, 0x20,0xEC, 0x21,0x2E
+	data1	0x2A,0x70, 0x2B,0xB2, 0x29,0xF4, 0x28,0x36, 0x2D,0x78, 0x2C,0xBA, 0x2E,0xFC, 0x2F,0x3E
+	data1	0x70,0x80, 0x71,0x42, 0x73,0x04, 0x72,0xC6, 0x77,0x88, 0x76,0x4A, 0x74,0x0C, 0x75,0xCE
+	data1	0x7E,0x90, 0x7F,0x52, 0x7D,0x14, 0x7C,0xD6, 0x79,0x98, 0x78,0x5A, 0x7A,0x1C, 0x7B,0xDE
+	data1	0x6C,0xA0, 0x6D,0x62, 0x6F,0x24, 0x6E,0xE6, 0x6B,0xA8, 0x6A,0x6A, 0x68,0x2C, 0x69,0xEE
+	data1	0x62,0xB0, 0x63,0x72, 0x61,0x34, 0x60,0xF6, 0x65,0xB8, 0x64,0x7A, 0x66,0x3C, 0x67,0xFE
+	data1	0x48,0xC0, 0x49,0x02, 0x4B,0x44, 0x4A,0x86, 0x4F,0xC8, 0x4E,0x0A, 0x4C,0x4C, 0x4D,0x8E
+	data1	0x46,0xD0, 0x47,0x12, 0x45,0x54, 0x44,0x96, 0x41,0xD8, 0x40,0x1A, 0x42,0x5C, 0x43,0x9E
+	data1	0x54,0xE0, 0x55,0x22, 0x57,0x64, 0x56,0xA6, 0x53,0xE8, 0x52,0x2A, 0x50,0x6C, 0x51,0xAE
+	data1	0x5A,0xF0, 0x5B,0x32, 0x59,0x74, 0x58,0xB6, 0x5D,0xF8, 0x5C,0x3A, 0x5E,0x7C, 0x5F,0xBE
+	data1	0xE1,0x00, 0xE0,0xC2, 0xE2,0x84, 0xE3,0x46, 0xE6,0x08, 0xE7,0xCA, 0xE5,0x8C, 0xE4,0x4E
+	data1	0xEF,0x10, 0xEE,0xD2, 0xEC,0x94, 0xED,0x56, 0xE8,0x18, 0xE9,0xDA, 0xEB,0x9C, 0xEA,0x5E
+	data1	0xFD,0x20, 0xFC,0xE2, 0xFE,0xA4, 0xFF,0x66, 0xFA,0x28, 0xFB,0xEA, 0xF9,0xAC, 0xF8,0x6E
+	data1	0xF3,0x30, 0xF2,0xF2, 0xF0,0xB4, 0xF1,0x76, 0xF4,0x38, 0xF5,0xFA, 0xF7,0xBC, 0xF6,0x7E
+	data1	0xD9,0x40, 0xD8,0x82, 0xDA,0xC4, 0xDB,0x06, 0xDE,0x48, 0xDF,0x8A, 0xDD,0xCC, 0xDC,0x0E
+	data1	0xD7,0x50, 0xD6,0x92, 0xD4,0xD4, 0xD5,0x16, 0xD0,0x58, 0xD1,0x9A, 0xD3,0xDC, 0xD2,0x1E
+	data1	0xC5,0x60, 0xC4,0xA2, 0xC6,0xE4, 0xC7,0x26, 0xC2,0x68, 0xC3,0xAA, 0xC1,0xEC, 0xC0,0x2E
+	data1	0xCB,0x70, 0xCA,0xB2, 0xC8,0xF4, 0xC9,0x36, 0xCC,0x78, 0xCD,0xBA, 0xCF,0xFC, 0xCE,0x3E
+	data1	0x91,0x80, 0x90,0x42, 0x92,0x04, 0x93,0xC6, 0x96,0x88, 0x97,0x4A, 0x95,0x0C, 0x94,0xCE
+	data1	0x9F,0x90, 0x9E,0x52, 0x9C,0x14, 0x9D,0xD6, 0x98,0x98, 0x99,0x5A, 0x9B,0x1C, 0x9A,0xDE
+	data1	0x8D,0xA0, 0x8C,0x62, 0x8E,0x24, 0x8F,0xE6, 0x8A,0xA8, 0x8B,0x6A, 0x89,0x2C, 0x88,0xEE
+	data1	0x83,0xB0, 0x82,0x72, 0x80,0x34, 0x81,0xF6, 0x84,0xB8, 0x85,0x7A, 0x87,0x3C, 0x86,0xFE
+	data1	0xA9,0xC0, 0xA8,0x02, 0xAA,0x44, 0xAB,0x86, 0xAE,0xC8, 0xAF,0x0A, 0xAD,0x4C, 0xAC,0x8E
+	data1	0xA7,0xD0, 0xA6,0x12, 0xA4,0x54, 0xA5,0x96, 0xA0,0xD8, 0xA1,0x1A, 0xA3,0x5C, 0xA2,0x9E
+	data1	0xB5,0xE0, 0xB4,0x22, 0xB6,0x64, 0xB7,0xA6, 0xB2,0xE8, 0xB3,0x2A, 0xB1,0x6C, 0xB0,0xAE
+	data1	0xBB,0xF0, 0xBA,0x32, 0xB8,0x74, 0xB9,0xB6, 0xBC,0xF8, 0xBD,0x3A, 0xBF,0x7C, 0xBE,0xBE
+.size	rem_8bit#,512
+stringz	"GHASH for IA64, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+$code =~ s/mux1(\s+)\S+\@rev/nop.i$1 0x0/gm      if ($big_endian);
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+
+print $code;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-parisc.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-parisc.pl
new file mode 100644
index 000000000..a614c99c2
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-parisc.pl
@@ -0,0 +1,748 @@
+#! /usr/bin/env perl
+# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# April 2010
+#
+# The module implements "4-bit" GCM GHASH function and underlying
+# single multiplication operation in GF(2^128). "4-bit" means that it
+# uses 256 bytes per-key table [+128 bytes shared table]. On PA-7100LC
+# it processes one byte in 19.6 cycles, which is more than twice as
+# fast as code generated by gcc 3.2. PA-RISC 2.0 loop is scheduled for
+# 8 cycles, but measured performance on PA-8600 system is ~9 cycles per
+# processed byte. This is ~2.2x faster than 64-bit code generated by
+# vendor compiler (which used to be very hard to beat:-).
+#
+# Special thanks to polarhome.com for providing HP-UX account.
+
+$flavour = shift;
+$output = shift;
+open STDOUT,">$output";
+
+if ($flavour =~ /64/) {
+	$LEVEL		="2.0W";
+	$SIZE_T		=8;
+	$FRAME_MARKER	=80;
+	$SAVED_RP	=16;
+	$PUSH		="std";
+	$PUSHMA		="std,ma";
+	$POP		="ldd";
+	$POPMB		="ldd,mb";
+	$NREGS		=6;
+} else {
+	$LEVEL		="1.0";	#"\n\t.ALLOW\t2.0";
+	$SIZE_T		=4;
+	$FRAME_MARKER	=48;
+	$SAVED_RP	=20;
+	$PUSH		="stw";
+	$PUSHMA		="stwm";
+	$POP		="ldw";
+	$POPMB		="ldwm";
+	$NREGS		=11;
+}
+
+$FRAME=10*$SIZE_T+$FRAME_MARKER;# NREGS saved regs + frame marker
+				#                 [+ argument transfer]
+
+################# volatile registers
+$Xi="%r26";	# argument block
+$Htbl="%r25";
+$inp="%r24";
+$len="%r23";
+$Hhh=$Htbl;	# variables
+$Hll="%r22";
+$Zhh="%r21";
+$Zll="%r20";
+$cnt="%r19";
+$rem_4bit="%r28";
+$rem="%r29";
+$mask0xf0="%r31";
+
+################# preserved registers
+$Thh="%r1";
+$Tll="%r2";
+$nlo="%r3";
+$nhi="%r4";
+$byte="%r5";
+if ($SIZE_T==4) {
+	$Zhl="%r6";
+	$Zlh="%r7";
+	$Hhl="%r8";
+	$Hlh="%r9";
+	$Thl="%r10";
+	$Tlh="%r11";
+}
+$rem2="%r6";	# used in PA-RISC 2.0 code
+
+$code.=<<___;
+	.LEVEL	$LEVEL
+	.SPACE	\$TEXT\$
+	.SUBSPA	\$CODE\$,QUAD=0,ALIGN=8,ACCESS=0x2C,CODE_ONLY
+
+	.EXPORT	gcm_gmult_4bit,ENTRY,ARGW0=GR,ARGW1=GR
+	.ALIGN	64
+gcm_gmult_4bit
+	.PROC
+	.CALLINFO	FRAME=`$FRAME-10*$SIZE_T`,NO_CALLS,SAVE_RP,ENTRY_GR=$NREGS
+	.ENTRY
+	$PUSH	%r2,-$SAVED_RP(%sp)	; standard prologue
+	$PUSHMA	%r3,$FRAME(%sp)
+	$PUSH	%r4,`-$FRAME+1*$SIZE_T`(%sp)
+	$PUSH	%r5,`-$FRAME+2*$SIZE_T`(%sp)
+	$PUSH	%r6,`-$FRAME+3*$SIZE_T`(%sp)
+___
+$code.=<<___ if ($SIZE_T==4);
+	$PUSH	%r7,`-$FRAME+4*$SIZE_T`(%sp)
+	$PUSH	%r8,`-$FRAME+5*$SIZE_T`(%sp)
+	$PUSH	%r9,`-$FRAME+6*$SIZE_T`(%sp)
+	$PUSH	%r10,`-$FRAME+7*$SIZE_T`(%sp)
+	$PUSH	%r11,`-$FRAME+8*$SIZE_T`(%sp)
+___
+$code.=<<___;
+	blr	%r0,$rem_4bit
+	ldi	3,$rem
+L\$pic_gmult
+	andcm	$rem_4bit,$rem,$rem_4bit
+	addl	$inp,$len,$len
+	ldo	L\$rem_4bit-L\$pic_gmult($rem_4bit),$rem_4bit
+	ldi	0xf0,$mask0xf0
+___
+$code.=<<___ if ($SIZE_T==4);
+	ldi	31,$rem
+	mtctl	$rem,%cr11
+	extrd,u,*= $rem,%sar,1,$rem	; executes on PA-RISC 1.0
+	b	L\$parisc1_gmult
+	nop
+___
+
+$code.=<<___;
+	ldb	15($Xi),$nlo
+	ldo	8($Htbl),$Hll
+
+	and	$mask0xf0,$nlo,$nhi
+	depd,z	$nlo,59,4,$nlo
+
+	ldd	$nlo($Hll),$Zll
+	ldd	$nlo($Hhh),$Zhh
+
+	depd,z	$Zll,60,4,$rem
+	shrpd	$Zhh,$Zll,4,$Zll
+	extrd,u	$Zhh,59,60,$Zhh
+	ldb	14($Xi),$nlo
+
+	ldd	$nhi($Hll),$Tll
+	ldd	$nhi($Hhh),$Thh
+	and	$mask0xf0,$nlo,$nhi
+	depd,z	$nlo,59,4,$nlo
+
+	xor	$Tll,$Zll,$Zll
+	xor	$Thh,$Zhh,$Zhh
+	ldd	$rem($rem_4bit),$rem
+	b	L\$oop_gmult_pa2
+	ldi	13,$cnt
+
+	.ALIGN	8
+L\$oop_gmult_pa2
+	xor	$rem,$Zhh,$Zhh		; moved here to work around gas bug
+	depd,z	$Zll,60,4,$rem
+
+	shrpd	$Zhh,$Zll,4,$Zll
+	extrd,u	$Zhh,59,60,$Zhh
+	ldd	$nlo($Hll),$Tll
+	ldd	$nlo($Hhh),$Thh
+
+	xor	$Tll,$Zll,$Zll
+	xor	$Thh,$Zhh,$Zhh
+	ldd	$rem($rem_4bit),$rem
+
+	xor	$rem,$Zhh,$Zhh
+	depd,z	$Zll,60,4,$rem
+	ldbx	$cnt($Xi),$nlo
+
+	shrpd	$Zhh,$Zll,4,$Zll
+	extrd,u	$Zhh,59,60,$Zhh
+	ldd	$nhi($Hll),$Tll
+	ldd	$nhi($Hhh),$Thh
+
+	and	$mask0xf0,$nlo,$nhi
+	depd,z	$nlo,59,4,$nlo
+	ldd	$rem($rem_4bit),$rem
+
+	xor	$Tll,$Zll,$Zll
+	addib,uv -1,$cnt,L\$oop_gmult_pa2
+	xor	$Thh,$Zhh,$Zhh
+
+	xor	$rem,$Zhh,$Zhh
+	depd,z	$Zll,60,4,$rem
+
+	shrpd	$Zhh,$Zll,4,$Zll
+	extrd,u	$Zhh,59,60,$Zhh
+	ldd	$nlo($Hll),$Tll
+	ldd	$nlo($Hhh),$Thh
+
+	xor	$Tll,$Zll,$Zll
+	xor	$Thh,$Zhh,$Zhh
+	ldd	$rem($rem_4bit),$rem
+
+	xor	$rem,$Zhh,$Zhh
+	depd,z	$Zll,60,4,$rem
+
+	shrpd	$Zhh,$Zll,4,$Zll
+	extrd,u	$Zhh,59,60,$Zhh
+	ldd	$nhi($Hll),$Tll
+	ldd	$nhi($Hhh),$Thh
+
+	xor	$Tll,$Zll,$Zll
+	xor	$Thh,$Zhh,$Zhh
+	ldd	$rem($rem_4bit),$rem
+
+	xor	$rem,$Zhh,$Zhh
+	std	$Zll,8($Xi)
+	std	$Zhh,0($Xi)
+___
+
+$code.=<<___ if ($SIZE_T==4);
+	b	L\$done_gmult
+	nop
+
+L\$parisc1_gmult
+	ldb	15($Xi),$nlo
+	ldo	12($Htbl),$Hll
+	ldo	8($Htbl),$Hlh
+	ldo	4($Htbl),$Hhl
+
+	and	$mask0xf0,$nlo,$nhi
+	zdep	$nlo,27,4,$nlo
+
+	ldwx	$nlo($Hll),$Zll
+	ldwx	$nlo($Hlh),$Zlh
+	ldwx	$nlo($Hhl),$Zhl
+	ldwx	$nlo($Hhh),$Zhh
+	zdep	$Zll,28,4,$rem
+	ldb	14($Xi),$nlo
+	ldwx	$rem($rem_4bit),$rem
+	shrpw	$Zlh,$Zll,4,$Zll
+	ldwx	$nhi($Hll),$Tll
+	shrpw	$Zhl,$Zlh,4,$Zlh
+	ldwx	$nhi($Hlh),$Tlh
+	shrpw	$Zhh,$Zhl,4,$Zhl
+	ldwx	$nhi($Hhl),$Thl
+	extru	$Zhh,27,28,$Zhh
+	ldwx	$nhi($Hhh),$Thh
+	xor	$rem,$Zhh,$Zhh
+	and	$mask0xf0,$nlo,$nhi
+	zdep	$nlo,27,4,$nlo
+
+	xor	$Tll,$Zll,$Zll
+	ldwx	$nlo($Hll),$Tll
+	xor	$Tlh,$Zlh,$Zlh
+	ldwx	$nlo($Hlh),$Tlh
+	xor	$Thl,$Zhl,$Zhl
+	b	L\$oop_gmult_pa1
+	ldi	13,$cnt
+
+	.ALIGN	8
+L\$oop_gmult_pa1
+	zdep	$Zll,28,4,$rem
+	ldwx	$nlo($Hhl),$Thl
+	xor	$Thh,$Zhh,$Zhh
+	ldwx	$rem($rem_4bit),$rem
+	shrpw	$Zlh,$Zll,4,$Zll
+	ldwx	$nlo($Hhh),$Thh
+	shrpw	$Zhl,$Zlh,4,$Zlh
+	ldbx	$cnt($Xi),$nlo
+	xor	$Tll,$Zll,$Zll
+	ldwx	$nhi($Hll),$Tll
+	shrpw	$Zhh,$Zhl,4,$Zhl
+	xor	$Tlh,$Zlh,$Zlh
+	ldwx	$nhi($Hlh),$Tlh
+	extru	$Zhh,27,28,$Zhh
+	xor	$Thl,$Zhl,$Zhl
+	ldwx	$nhi($Hhl),$Thl
+	xor	$rem,$Zhh,$Zhh
+	zdep	$Zll,28,4,$rem
+	xor	$Thh,$Zhh,$Zhh
+	ldwx	$nhi($Hhh),$Thh
+	shrpw	$Zlh,$Zll,4,$Zll
+	ldwx	$rem($rem_4bit),$rem
+	shrpw	$Zhl,$Zlh,4,$Zlh
+	shrpw	$Zhh,$Zhl,4,$Zhl
+	and	$mask0xf0,$nlo,$nhi
+	extru	$Zhh,27,28,$Zhh
+	zdep	$nlo,27,4,$nlo
+	xor	$Tll,$Zll,$Zll
+	ldwx	$nlo($Hll),$Tll
+	xor	$Tlh,$Zlh,$Zlh
+	ldwx	$nlo($Hlh),$Tlh
+	xor	$rem,$Zhh,$Zhh
+	addib,uv -1,$cnt,L\$oop_gmult_pa1
+	xor	$Thl,$Zhl,$Zhl
+
+	zdep	$Zll,28,4,$rem
+	ldwx	$nlo($Hhl),$Thl
+	xor	$Thh,$Zhh,$Zhh
+	ldwx	$rem($rem_4bit),$rem
+	shrpw	$Zlh,$Zll,4,$Zll
+	ldwx	$nlo($Hhh),$Thh
+	shrpw	$Zhl,$Zlh,4,$Zlh
+	xor	$Tll,$Zll,$Zll
+	ldwx	$nhi($Hll),$Tll
+	shrpw	$Zhh,$Zhl,4,$Zhl
+	xor	$Tlh,$Zlh,$Zlh
+	ldwx	$nhi($Hlh),$Tlh
+	extru	$Zhh,27,28,$Zhh
+	xor	$rem,$Zhh,$Zhh
+	xor	$Thl,$Zhl,$Zhl
+	ldwx	$nhi($Hhl),$Thl
+	xor	$Thh,$Zhh,$Zhh
+	ldwx	$nhi($Hhh),$Thh
+	zdep	$Zll,28,4,$rem
+	ldwx	$rem($rem_4bit),$rem
+	shrpw	$Zlh,$Zll,4,$Zll
+	shrpw	$Zhl,$Zlh,4,$Zlh
+	shrpw	$Zhh,$Zhl,4,$Zhl
+	extru	$Zhh,27,28,$Zhh
+	xor	$Tll,$Zll,$Zll
+	xor	$Tlh,$Zlh,$Zlh
+	xor	$rem,$Zhh,$Zhh
+	stw	$Zll,12($Xi)
+	xor	$Thl,$Zhl,$Zhl
+	stw	$Zlh,8($Xi)
+	xor	$Thh,$Zhh,$Zhh
+	stw	$Zhl,4($Xi)
+	stw	$Zhh,0($Xi)
+___
+$code.=<<___;
+L\$done_gmult
+	$POP	`-$FRAME-$SAVED_RP`(%sp),%r2		; standard epilogue
+	$POP	`-$FRAME+1*$SIZE_T`(%sp),%r4
+	$POP	`-$FRAME+2*$SIZE_T`(%sp),%r5
+	$POP	`-$FRAME+3*$SIZE_T`(%sp),%r6
+___
+$code.=<<___ if ($SIZE_T==4);
+	$POP	`-$FRAME+4*$SIZE_T`(%sp),%r7
+	$POP	`-$FRAME+5*$SIZE_T`(%sp),%r8
+	$POP	`-$FRAME+6*$SIZE_T`(%sp),%r9
+	$POP	`-$FRAME+7*$SIZE_T`(%sp),%r10
+	$POP	`-$FRAME+8*$SIZE_T`(%sp),%r11
+___
+$code.=<<___;
+	bv	(%r2)
+	.EXIT
+	$POPMB	-$FRAME(%sp),%r3
+	.PROCEND
+
+	.EXPORT	gcm_ghash_4bit,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR
+	.ALIGN	64
+gcm_ghash_4bit
+	.PROC
+	.CALLINFO	FRAME=`$FRAME-10*$SIZE_T`,NO_CALLS,SAVE_RP,ENTRY_GR=11
+	.ENTRY
+	$PUSH	%r2,-$SAVED_RP(%sp)	; standard prologue
+	$PUSHMA	%r3,$FRAME(%sp)
+	$PUSH	%r4,`-$FRAME+1*$SIZE_T`(%sp)
+	$PUSH	%r5,`-$FRAME+2*$SIZE_T`(%sp)
+	$PUSH	%r6,`-$FRAME+3*$SIZE_T`(%sp)
+___
+$code.=<<___ if ($SIZE_T==4);
+	$PUSH	%r7,`-$FRAME+4*$SIZE_T`(%sp)
+	$PUSH	%r8,`-$FRAME+5*$SIZE_T`(%sp)
+	$PUSH	%r9,`-$FRAME+6*$SIZE_T`(%sp)
+	$PUSH	%r10,`-$FRAME+7*$SIZE_T`(%sp)
+	$PUSH	%r11,`-$FRAME+8*$SIZE_T`(%sp)
+___
+$code.=<<___;
+	blr	%r0,$rem_4bit
+	ldi	3,$rem
+L\$pic_ghash
+	andcm	$rem_4bit,$rem,$rem_4bit
+	addl	$inp,$len,$len
+	ldo	L\$rem_4bit-L\$pic_ghash($rem_4bit),$rem_4bit
+	ldi	0xf0,$mask0xf0
+___
+$code.=<<___ if ($SIZE_T==4);
+	ldi	31,$rem
+	mtctl	$rem,%cr11
+	extrd,u,*= $rem,%sar,1,$rem	; executes on PA-RISC 1.0
+	b	L\$parisc1_ghash
+	nop
+___
+
+$code.=<<___;
+	ldb	15($Xi),$nlo
+	ldo	8($Htbl),$Hll
+
+L\$outer_ghash_pa2
+	ldb	15($inp),$nhi
+	xor	$nhi,$nlo,$nlo
+	and	$mask0xf0,$nlo,$nhi
+	depd,z	$nlo,59,4,$nlo
+
+	ldd	$nlo($Hll),$Zll
+	ldd	$nlo($Hhh),$Zhh
+
+	depd,z	$Zll,60,4,$rem
+	shrpd	$Zhh,$Zll,4,$Zll
+	extrd,u	$Zhh,59,60,$Zhh
+	ldb	14($Xi),$nlo
+	ldb	14($inp),$byte
+
+	ldd	$nhi($Hll),$Tll
+	ldd	$nhi($Hhh),$Thh
+	xor	$byte,$nlo,$nlo
+	and	$mask0xf0,$nlo,$nhi
+	depd,z	$nlo,59,4,$nlo
+
+	xor	$Tll,$Zll,$Zll
+	xor	$Thh,$Zhh,$Zhh
+	ldd	$rem($rem_4bit),$rem
+	b	L\$oop_ghash_pa2
+	ldi	13,$cnt
+
+	.ALIGN	8
+L\$oop_ghash_pa2
+	xor	$rem,$Zhh,$Zhh		; moved here to work around gas bug
+	depd,z	$Zll,60,4,$rem2
+
+	shrpd	$Zhh,$Zll,4,$Zll
+	extrd,u	$Zhh,59,60,$Zhh
+	ldd	$nlo($Hll),$Tll
+	ldd	$nlo($Hhh),$Thh
+
+	xor	$Tll,$Zll,$Zll
+	xor	$Thh,$Zhh,$Zhh
+	ldbx	$cnt($Xi),$nlo
+	ldbx	$cnt($inp),$byte
+
+	depd,z	$Zll,60,4,$rem
+	shrpd	$Zhh,$Zll,4,$Zll
+	ldd	$rem2($rem_4bit),$rem2
+
+	xor	$rem2,$Zhh,$Zhh
+	xor	$byte,$nlo,$nlo
+	ldd	$nhi($Hll),$Tll
+	ldd	$nhi($Hhh),$Thh
+
+	and	$mask0xf0,$nlo,$nhi
+	depd,z	$nlo,59,4,$nlo
+
+	extrd,u	$Zhh,59,60,$Zhh
+	xor	$Tll,$Zll,$Zll
+
+	ldd	$rem($rem_4bit),$rem
+	addib,uv -1,$cnt,L\$oop_ghash_pa2
+	xor	$Thh,$Zhh,$Zhh
+
+	xor	$rem,$Zhh,$Zhh
+	depd,z	$Zll,60,4,$rem2
+
+	shrpd	$Zhh,$Zll,4,$Zll
+	extrd,u	$Zhh,59,60,$Zhh
+	ldd	$nlo($Hll),$Tll
+	ldd	$nlo($Hhh),$Thh
+
+	xor	$Tll,$Zll,$Zll
+	xor	$Thh,$Zhh,$Zhh
+
+	depd,z	$Zll,60,4,$rem
+	shrpd	$Zhh,$Zll,4,$Zll
+	ldd	$rem2($rem_4bit),$rem2
+
+	xor	$rem2,$Zhh,$Zhh
+	ldd	$nhi($Hll),$Tll
+	ldd	$nhi($Hhh),$Thh
+
+	extrd,u	$Zhh,59,60,$Zhh
+	xor	$Tll,$Zll,$Zll
+	xor	$Thh,$Zhh,$Zhh
+	ldd	$rem($rem_4bit),$rem
+
+	xor	$rem,$Zhh,$Zhh
+	std	$Zll,8($Xi)
+	ldo	16($inp),$inp
+	std	$Zhh,0($Xi)
+	cmpb,*<> $inp,$len,L\$outer_ghash_pa2
+	copy	$Zll,$nlo
+___
+
+$code.=<<___ if ($SIZE_T==4);
+	b	L\$done_ghash
+	nop
+
+L\$parisc1_ghash
+	ldb	15($Xi),$nlo
+	ldo	12($Htbl),$Hll
+	ldo	8($Htbl),$Hlh
+	ldo	4($Htbl),$Hhl
+
+L\$outer_ghash_pa1
+	ldb	15($inp),$byte
+	xor	$byte,$nlo,$nlo
+	and	$mask0xf0,$nlo,$nhi
+	zdep	$nlo,27,4,$nlo
+
+	ldwx	$nlo($Hll),$Zll
+	ldwx	$nlo($Hlh),$Zlh
+	ldwx	$nlo($Hhl),$Zhl
+	ldwx	$nlo($Hhh),$Zhh
+	zdep	$Zll,28,4,$rem
+	ldb	14($Xi),$nlo
+	ldb	14($inp),$byte
+	ldwx	$rem($rem_4bit),$rem
+	shrpw	$Zlh,$Zll,4,$Zll
+	ldwx	$nhi($Hll),$Tll
+	shrpw	$Zhl,$Zlh,4,$Zlh
+	ldwx	$nhi($Hlh),$Tlh
+	shrpw	$Zhh,$Zhl,4,$Zhl
+	ldwx	$nhi($Hhl),$Thl
+	extru	$Zhh,27,28,$Zhh
+	ldwx	$nhi($Hhh),$Thh
+	xor	$byte,$nlo,$nlo
+	xor	$rem,$Zhh,$Zhh
+	and	$mask0xf0,$nlo,$nhi
+	zdep	$nlo,27,4,$nlo
+
+	xor	$Tll,$Zll,$Zll
+	ldwx	$nlo($Hll),$Tll
+	xor	$Tlh,$Zlh,$Zlh
+	ldwx	$nlo($Hlh),$Tlh
+	xor	$Thl,$Zhl,$Zhl
+	b	L\$oop_ghash_pa1
+	ldi	13,$cnt
+
+	.ALIGN	8
+L\$oop_ghash_pa1
+	zdep	$Zll,28,4,$rem
+	ldwx	$nlo($Hhl),$Thl
+	xor	$Thh,$Zhh,$Zhh
+	ldwx	$rem($rem_4bit),$rem
+	shrpw	$Zlh,$Zll,4,$Zll
+	ldwx	$nlo($Hhh),$Thh
+	shrpw	$Zhl,$Zlh,4,$Zlh
+	ldbx	$cnt($Xi),$nlo
+	xor	$Tll,$Zll,$Zll
+	ldwx	$nhi($Hll),$Tll
+	shrpw	$Zhh,$Zhl,4,$Zhl
+	ldbx	$cnt($inp),$byte
+	xor	$Tlh,$Zlh,$Zlh
+	ldwx	$nhi($Hlh),$Tlh
+	extru	$Zhh,27,28,$Zhh
+	xor	$Thl,$Zhl,$Zhl
+	ldwx	$nhi($Hhl),$Thl
+	xor	$rem,$Zhh,$Zhh
+	zdep	$Zll,28,4,$rem
+	xor	$Thh,$Zhh,$Zhh
+	ldwx	$nhi($Hhh),$Thh
+	shrpw	$Zlh,$Zll,4,$Zll
+	ldwx	$rem($rem_4bit),$rem
+	shrpw	$Zhl,$Zlh,4,$Zlh
+	xor	$byte,$nlo,$nlo
+	shrpw	$Zhh,$Zhl,4,$Zhl
+	and	$mask0xf0,$nlo,$nhi
+	extru	$Zhh,27,28,$Zhh
+	zdep	$nlo,27,4,$nlo
+	xor	$Tll,$Zll,$Zll
+	ldwx	$nlo($Hll),$Tll
+	xor	$Tlh,$Zlh,$Zlh
+	ldwx	$nlo($Hlh),$Tlh
+	xor	$rem,$Zhh,$Zhh
+	addib,uv -1,$cnt,L\$oop_ghash_pa1
+	xor	$Thl,$Zhl,$Zhl
+
+	zdep	$Zll,28,4,$rem
+	ldwx	$nlo($Hhl),$Thl
+	xor	$Thh,$Zhh,$Zhh
+	ldwx	$rem($rem_4bit),$rem
+	shrpw	$Zlh,$Zll,4,$Zll
+	ldwx	$nlo($Hhh),$Thh
+	shrpw	$Zhl,$Zlh,4,$Zlh
+	xor	$Tll,$Zll,$Zll
+	ldwx	$nhi($Hll),$Tll
+	shrpw	$Zhh,$Zhl,4,$Zhl
+	xor	$Tlh,$Zlh,$Zlh
+	ldwx	$nhi($Hlh),$Tlh
+	extru	$Zhh,27,28,$Zhh
+	xor	$rem,$Zhh,$Zhh
+	xor	$Thl,$Zhl,$Zhl
+	ldwx	$nhi($Hhl),$Thl
+	xor	$Thh,$Zhh,$Zhh
+	ldwx	$nhi($Hhh),$Thh
+	zdep	$Zll,28,4,$rem
+	ldwx	$rem($rem_4bit),$rem
+	shrpw	$Zlh,$Zll,4,$Zll
+	shrpw	$Zhl,$Zlh,4,$Zlh
+	shrpw	$Zhh,$Zhl,4,$Zhl
+	extru	$Zhh,27,28,$Zhh
+	xor	$Tll,$Zll,$Zll
+	xor	$Tlh,$Zlh,$Zlh
+	xor	$rem,$Zhh,$Zhh
+	stw	$Zll,12($Xi)
+	xor	$Thl,$Zhl,$Zhl
+	stw	$Zlh,8($Xi)
+	xor	$Thh,$Zhh,$Zhh
+	stw	$Zhl,4($Xi)
+	ldo	16($inp),$inp
+	stw	$Zhh,0($Xi)
+	comb,<>	$inp,$len,L\$outer_ghash_pa1
+	copy	$Zll,$nlo
+___
+$code.=<<___;
+L\$done_ghash
+	$POP	`-$FRAME-$SAVED_RP`(%sp),%r2		; standard epilogue
+	$POP	`-$FRAME+1*$SIZE_T`(%sp),%r4
+	$POP	`-$FRAME+2*$SIZE_T`(%sp),%r5
+	$POP	`-$FRAME+3*$SIZE_T`(%sp),%r6
+___
+$code.=<<___ if ($SIZE_T==4);
+	$POP	`-$FRAME+4*$SIZE_T`(%sp),%r7
+	$POP	`-$FRAME+5*$SIZE_T`(%sp),%r8
+	$POP	`-$FRAME+6*$SIZE_T`(%sp),%r9
+	$POP	`-$FRAME+7*$SIZE_T`(%sp),%r10
+	$POP	`-$FRAME+8*$SIZE_T`(%sp),%r11
+___
+$code.=<<___;
+	bv	(%r2)
+	.EXIT
+	$POPMB	-$FRAME(%sp),%r3
+	.PROCEND
+
+	.ALIGN	64
+L\$rem_4bit
+	.WORD	`0x0000<<16`,0,`0x1C20<<16`,0,`0x3840<<16`,0,`0x2460<<16`,0
+	.WORD	`0x7080<<16`,0,`0x6CA0<<16`,0,`0x48C0<<16`,0,`0x54E0<<16`,0
+	.WORD	`0xE100<<16`,0,`0xFD20<<16`,0,`0xD940<<16`,0,`0xC560<<16`,0
+	.WORD	`0x9180<<16`,0,`0x8DA0<<16`,0,`0xA9C0<<16`,0,`0xB5E0<<16`,0
+	.STRINGZ "GHASH for PA-RISC, GRYPTOGAMS by <appro\@openssl.org>"
+	.ALIGN	64
+___
+
+# Explicitly encode PA-RISC 2.0 instructions used in this module, so
+# that it can be compiled with .LEVEL 1.0. It should be noted that I
+# wouldn't have to do this, if GNU assembler understood .ALLOW 2.0
+# directive...
+
+my $ldd = sub {
+  my ($mod,$args) = @_;
+  my $orig = "ldd$mod\t$args";
+
+    if ($args =~ /%r([0-9]+)\(%r([0-9]+)\),%r([0-9]+)/)		# format 4
+    {	my $opcode=(0x03<<26)|($2<<21)|($1<<16)|(3<<6)|$3;
+	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
+    }
+    elsif ($args =~ /(\-?[0-9]+)\(%r([0-9]+)\),%r([0-9]+)/)	# format 5
+    {	my $opcode=(0x03<<26)|($2<<21)|(1<<12)|(3<<6)|$3;
+	$opcode|=(($1&0xF)<<17)|(($1&0x10)<<12);		# encode offset
+	$opcode|=(1<<5)  if ($mod =~ /^,m/);
+	$opcode|=(1<<13) if ($mod =~ /^,mb/);
+	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
+    }
+    else { "\t".$orig; }
+};
+
+my $std = sub {
+  my ($mod,$args) = @_;
+  my $orig = "std$mod\t$args";
+
+    if ($args =~ /%r([0-9]+),(\-?[0-9]+)\(%r([0-9]+)\)/) # format 3 suffices
+    {	my $opcode=(0x1c<<26)|($3<<21)|($1<<16)|(($2&0x1FF8)<<1)|(($2>>13)&1);
+	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
+    }
+    else { "\t".$orig; }
+};
+
+my $extrd = sub {
+  my ($mod,$args) = @_;
+  my $orig = "extrd$mod\t$args";
+
+    # I only have ",u" completer, it's implicitly encoded...
+    if ($args =~ /%r([0-9]+),([0-9]+),([0-9]+),%r([0-9]+)/)	# format 15
+    {	my $opcode=(0x36<<26)|($1<<21)|($4<<16);
+	my $len=32-$3;
+	$opcode |= (($2&0x20)<<6)|(($2&0x1f)<<5);		# encode pos
+	$opcode |= (($len&0x20)<<7)|($len&0x1f);		# encode len
+	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
+    }
+    elsif ($args =~ /%r([0-9]+),%sar,([0-9]+),%r([0-9]+)/)	# format 12
+    {	my $opcode=(0x34<<26)|($1<<21)|($3<<16)|(2<<11)|(1<<9);
+	my $len=32-$2;
+	$opcode |= (($len&0x20)<<3)|($len&0x1f);		# encode len
+	$opcode |= (1<<13) if ($mod =~ /,\**=/);
+	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
+    }
+    else { "\t".$orig; }
+};
+
+my $shrpd = sub {
+  my ($mod,$args) = @_;
+  my $orig = "shrpd$mod\t$args";
+
+    if ($args =~ /%r([0-9]+),%r([0-9]+),([0-9]+),%r([0-9]+)/)	# format 14
+    {	my $opcode=(0x34<<26)|($2<<21)|($1<<16)|(1<<10)|$4;
+	my $cpos=63-$3;
+	$opcode |= (($cpos&0x20)<<6)|(($cpos&0x1f)<<5);		# encode sa
+	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
+    }
+    elsif ($args =~ /%r([0-9]+),%r([0-9]+),%sar,%r([0-9]+)/)	# format 11
+    {	sprintf "\t.WORD\t0x%08x\t; %s",
+		(0x34<<26)|($2<<21)|($1<<16)|(1<<9)|$3,$orig;
+    }
+    else { "\t".$orig; }
+};
+
+my $depd = sub {
+  my ($mod,$args) = @_;
+  my $orig = "depd$mod\t$args";
+
+    # I only have ",z" completer, it's implicitly encoded...
+    if ($args =~ /%r([0-9]+),([0-9]+),([0-9]+),%r([0-9]+)/)	# format 16
+    {	my $opcode=(0x3c<<26)|($4<<21)|($1<<16);
+    	my $cpos=63-$2;
+	my $len=32-$3;
+	$opcode |= (($cpos&0x20)<<6)|(($cpos&0x1f)<<5);		# encode pos
+	$opcode |= (($len&0x20)<<7)|($len&0x1f);		# encode len
+	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
+    }
+    else { "\t".$orig; }
+};
+
+sub assemble {
+  my ($mnemonic,$mod,$args)=@_;
+  my $opcode = eval("\$$mnemonic");
+
+    ref($opcode) eq 'CODE' ? &$opcode($mod,$args) : "\t$mnemonic$mod\t$args";
+}
+
+if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+	=~ /GNU assembler/) {
+    $gnuas = 1;
+}
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/ge;
+	if ($SIZE_T==4) {
+		s/^\s+([a-z]+)([\S]*)\s+([\S]*)/&assemble($1,$2,$3)/e;
+		s/cmpb,\*/comb,/;
+		s/,\*/,/;
+	}
+
+	s/(\.LEVEL\s+2\.0)W/$1w/	if ($gnuas && $SIZE_T==8);
+	s/\.SPACE\s+\$TEXT\$/.text/	if ($gnuas && $SIZE_T==8);
+	s/\.SUBSPA.*//			if ($gnuas && $SIZE_T==8);
+	s/\bbv\b/bve/			if ($SIZE_T==8);
+
+	print $_,"\n";
+}
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-s390x.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-s390x.pl
new file mode 100644
index 000000000..17dc37505
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-s390x.pl
@@ -0,0 +1,262 @@
+#! /usr/bin/env perl
+# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# September 2010.
+#
+# The module implements "4-bit" GCM GHASH function and underlying
+# single multiplication operation in GF(2^128). "4-bit" means that it
+# uses 256 bytes per-key table [+128 bytes shared table]. Performance
+# was measured to be ~18 cycles per processed byte on z10, which is
+# almost 40% better than gcc-generated code. It should be noted that
+# 18 cycles is worse result than expected: loop is scheduled for 12
+# and the result should be close to 12. In the lack of instruction-
+# level profiling data it's impossible to tell why...
+
+# November 2010.
+#
+# Adapt for -m31 build. If kernel supports what's called "highgprs"
+# feature on Linux [see /proc/cpuinfo], it's possible to use 64-bit
+# instructions and achieve "64-bit" performance even in 31-bit legacy
+# application context. The feature is not specific to any particular
+# processor, as long as it's "z-CPU". Latter implies that the code
+# remains z/Architecture specific. On z990 it was measured to perform
+# 2.8x better than 32-bit code generated by gcc 4.3.
+
+# March 2011.
+#
+# Support for hardware KIMD-GHASH is verified to produce correct
+# result and therefore is engaged. On z196 it was measured to process
+# 8KB buffer ~7 faster than software implementation. It's not as
+# impressive for smaller buffer sizes and for smallest 16-bytes buffer
+# it's actually almost 2 times slower. Which is the reason why
+# KIMD-GHASH is not used in gcm_gmult_4bit.
+
+$flavour = shift;
+
+if ($flavour =~ /3[12]/) {
+	$SIZE_T=4;
+	$g="";
+} else {
+	$SIZE_T=8;
+	$g="g";
+}
+
+while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+open STDOUT,">$output";
+
+$softonly=0;
+
+$Zhi="%r0";
+$Zlo="%r1";
+
+$Xi="%r2";	# argument block
+$Htbl="%r3";
+$inp="%r4";
+$len="%r5";
+
+$rem0="%r6";	# variables
+$rem1="%r7";
+$nlo="%r8";
+$nhi="%r9";
+$xi="%r10";
+$cnt="%r11";
+$tmp="%r12";
+$x78="%r13";
+$rem_4bit="%r14";
+
+$sp="%r15";
+
+$code.=<<___;
+#include "s390x_arch.h"
+
+.text
+
+.globl	gcm_gmult_4bit
+.align	32
+gcm_gmult_4bit:
+___
+$code.=<<___ if(!$softonly && 0);	# hardware is slow for single block...
+	larl	%r1,OPENSSL_s390xcap_P
+	lghi	%r0,0
+	lg	%r1,S390X_KIMD+8(%r1)	# load second word of kimd capabilities
+					#  vector
+	tmhh	%r1,0x4000	# check for function 65
+	jz	.Lsoft_gmult
+	stg	%r0,16($sp)	# arrange 16 bytes of zero input
+	stg	%r0,24($sp)
+	lghi	%r0,S390X_GHASH	# function 65
+	la	%r1,0($Xi)	# H lies right after Xi in gcm128_context
+	la	$inp,16($sp)
+	lghi	$len,16
+	.long	0xb93e0004	# kimd %r0,$inp
+	brc	1,.-4		# pay attention to "partial completion"
+	br	%r14
+.align	32
+.Lsoft_gmult:
+___
+$code.=<<___;
+	stm${g}	%r6,%r14,6*$SIZE_T($sp)
+
+	aghi	$Xi,-1
+	lghi	$len,1
+	lghi	$x78,`0xf<<3`
+	larl	$rem_4bit,rem_4bit
+
+	lg	$Zlo,8+1($Xi)		# Xi
+	j	.Lgmult_shortcut
+.type	gcm_gmult_4bit,\@function
+.size	gcm_gmult_4bit,(.-gcm_gmult_4bit)
+
+.globl	gcm_ghash_4bit
+.align	32
+gcm_ghash_4bit:
+___
+$code.=<<___ if(!$softonly);
+	larl	%r1,OPENSSL_s390xcap_P
+	lg	%r0,S390X_KIMD+8(%r1)	# load second word of kimd capabilities
+					#  vector
+	tmhh	%r0,0x4000	# check for function 65
+	jz	.Lsoft_ghash
+	lghi	%r0,S390X_GHASH	# function 65
+	la	%r1,0($Xi)	# H lies right after Xi in gcm128_context
+	.long	0xb93e0004	# kimd %r0,$inp
+	brc	1,.-4		# pay attention to "partial completion"
+	br	%r14
+.align	32
+.Lsoft_ghash:
+___
+$code.=<<___ if ($flavour =~ /3[12]/);
+	llgfr	$len,$len
+___
+$code.=<<___;
+	stm${g}	%r6,%r14,6*$SIZE_T($sp)
+
+	aghi	$Xi,-1
+	srlg	$len,$len,4
+	lghi	$x78,`0xf<<3`
+	larl	$rem_4bit,rem_4bit
+
+	lg	$Zlo,8+1($Xi)		# Xi
+	lg	$Zhi,0+1($Xi)
+	lghi	$tmp,0
+.Louter:
+	xg	$Zhi,0($inp)		# Xi ^= inp
+	xg	$Zlo,8($inp)
+	xgr	$Zhi,$tmp
+	stg	$Zlo,8+1($Xi)
+	stg	$Zhi,0+1($Xi)
+
+.Lgmult_shortcut:
+	lghi	$tmp,0xf0
+	sllg	$nlo,$Zlo,4
+	srlg	$xi,$Zlo,8		# extract second byte
+	ngr	$nlo,$tmp
+	lgr	$nhi,$Zlo
+	lghi	$cnt,14
+	ngr	$nhi,$tmp
+
+	lg	$Zlo,8($nlo,$Htbl)
+	lg	$Zhi,0($nlo,$Htbl)
+
+	sllg	$nlo,$xi,4
+	sllg	$rem0,$Zlo,3
+	ngr	$nlo,$tmp
+	ngr	$rem0,$x78
+	ngr	$xi,$tmp
+
+	sllg	$tmp,$Zhi,60
+	srlg	$Zlo,$Zlo,4
+	srlg	$Zhi,$Zhi,4
+	xg	$Zlo,8($nhi,$Htbl)
+	xg	$Zhi,0($nhi,$Htbl)
+	lgr	$nhi,$xi
+	sllg	$rem1,$Zlo,3
+	xgr	$Zlo,$tmp
+	ngr	$rem1,$x78
+	sllg	$tmp,$Zhi,60
+	j	.Lghash_inner
+.align	16
+.Lghash_inner:
+	srlg	$Zlo,$Zlo,4
+	srlg	$Zhi,$Zhi,4
+	xg	$Zlo,8($nlo,$Htbl)
+	llgc	$xi,0($cnt,$Xi)
+	xg	$Zhi,0($nlo,$Htbl)
+	sllg	$nlo,$xi,4
+	xg	$Zhi,0($rem0,$rem_4bit)
+	nill	$nlo,0xf0
+	sllg	$rem0,$Zlo,3
+	xgr	$Zlo,$tmp
+	ngr	$rem0,$x78
+	nill	$xi,0xf0
+
+	sllg	$tmp,$Zhi,60
+	srlg	$Zlo,$Zlo,4
+	srlg	$Zhi,$Zhi,4
+	xg	$Zlo,8($nhi,$Htbl)
+	xg	$Zhi,0($nhi,$Htbl)
+	lgr	$nhi,$xi
+	xg	$Zhi,0($rem1,$rem_4bit)
+	sllg	$rem1,$Zlo,3
+	xgr	$Zlo,$tmp
+	ngr	$rem1,$x78
+	sllg	$tmp,$Zhi,60
+	brct	$cnt,.Lghash_inner
+
+	srlg	$Zlo,$Zlo,4
+	srlg	$Zhi,$Zhi,4
+	xg	$Zlo,8($nlo,$Htbl)
+	xg	$Zhi,0($nlo,$Htbl)
+	sllg	$xi,$Zlo,3
+	xg	$Zhi,0($rem0,$rem_4bit)
+	xgr	$Zlo,$tmp
+	ngr	$xi,$x78
+
+	sllg	$tmp,$Zhi,60
+	srlg	$Zlo,$Zlo,4
+	srlg	$Zhi,$Zhi,4
+	xg	$Zlo,8($nhi,$Htbl)
+	xg	$Zhi,0($nhi,$Htbl)
+	xgr	$Zlo,$tmp
+	xg	$Zhi,0($rem1,$rem_4bit)
+
+	lg	$tmp,0($xi,$rem_4bit)
+	la	$inp,16($inp)
+	sllg	$tmp,$tmp,4		# correct last rem_4bit[rem]
+	brctg	$len,.Louter
+
+	xgr	$Zhi,$tmp
+	stg	$Zlo,8+1($Xi)
+	stg	$Zhi,0+1($Xi)
+	lm${g}	%r6,%r14,6*$SIZE_T($sp)
+	br	%r14
+.type	gcm_ghash_4bit,\@function
+.size	gcm_ghash_4bit,(.-gcm_ghash_4bit)
+
+.align	64
+rem_4bit:
+	.long	`0x0000<<12`,0,`0x1C20<<12`,0,`0x3840<<12`,0,`0x2460<<12`,0
+	.long	`0x7080<<12`,0,`0x6CA0<<12`,0,`0x48C0<<12`,0,`0x54E0<<12`,0
+	.long	`0xE100<<12`,0,`0xFD20<<12`,0,`0xD940<<12`,0,`0xC560<<12`,0
+	.long	`0x9180<<12`,0,`0x8DA0<<12`,0,`0xA9C0<<12`,0,`0xB5E0<<12`,0
+.type	rem_4bit,\@object
+.size	rem_4bit,(.-rem_4bit)
+.string	"GHASH for s390x, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-sparcv9.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-sparcv9.pl
new file mode 100644
index 000000000..c4eb3b1f0
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-sparcv9.pl
@@ -0,0 +1,581 @@
+#! /usr/bin/env perl
+# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# March 2010
+#
+# The module implements "4-bit" GCM GHASH function and underlying
+# single multiplication operation in GF(2^128). "4-bit" means that it
+# uses 256 bytes per-key table [+128 bytes shared table]. Performance
+# results are for streamed GHASH subroutine on UltraSPARC pre-Tx CPU
+# and are expressed in cycles per processed byte, less is better:
+#
+#		gcc 3.3.x	cc 5.2		this assembler
+#
+# 32-bit build	81.4		43.3		12.6	(+546%/+244%)
+# 64-bit build	20.2		21.2		12.6	(+60%/+68%)
+#
+# Here is data collected on UltraSPARC T1 system running Linux:
+#
+#		gcc 4.4.1			this assembler
+#
+# 32-bit build	566				50	(+1000%)
+# 64-bit build	56				50	(+12%)
+#
+# I don't quite understand why difference between 32-bit and 64-bit
+# compiler-generated code is so big. Compilers *were* instructed to
+# generate code for UltraSPARC and should have used 64-bit registers
+# for Z vector (see C code) even in 32-bit build... Oh well, it only
+# means more impressive improvement coefficients for this assembler
+# module;-) Loops are aggressively modulo-scheduled in respect to
+# references to input data and Z.hi updates to achieve 12 cycles
+# timing. To anchor to something else, sha1-sparcv9.pl spends 11.6
+# cycles to process one byte on UltraSPARC pre-Tx CPU and ~24 on T1.
+#
+# October 2012
+#
+# Add VIS3 lookup-table-free implementation using polynomial
+# multiplication xmulx[hi] and extended addition addxc[cc]
+# instructions. 4.52/7.63x improvement on T3/T4 or in absolute
+# terms 7.90/2.14 cycles per byte. On T4 multi-process benchmark
+# saturates at ~15.5x single-process result on 8-core processor,
+# or ~20.5GBps per 2.85GHz socket.
+
+$output=pop;
+open STDOUT,">$output";
+
+$frame="STACK_FRAME";
+$bias="STACK_BIAS";
+
+$Zhi="%o0";	# 64-bit values
+$Zlo="%o1";
+$Thi="%o2";
+$Tlo="%o3";
+$rem="%o4";
+$tmp="%o5";
+
+$nhi="%l0";	# small values and pointers
+$nlo="%l1";
+$xi0="%l2";
+$xi1="%l3";
+$rem_4bit="%l4";
+$remi="%l5";
+$Htblo="%l6";
+$cnt="%l7";
+
+$Xi="%i0";	# input argument block
+$Htbl="%i1";
+$inp="%i2";
+$len="%i3";
+
+$code.=<<___;
+#include "sparc_arch.h"
+
+#ifdef  __arch64__
+.register	%g2,#scratch
+.register	%g3,#scratch
+#endif
+
+.section	".text",#alloc,#execinstr
+
+.align	64
+rem_4bit:
+	.long	`0x0000<<16`,0,`0x1C20<<16`,0,`0x3840<<16`,0,`0x2460<<16`,0
+	.long	`0x7080<<16`,0,`0x6CA0<<16`,0,`0x48C0<<16`,0,`0x54E0<<16`,0
+	.long	`0xE100<<16`,0,`0xFD20<<16`,0,`0xD940<<16`,0,`0xC560<<16`,0
+	.long	`0x9180<<16`,0,`0x8DA0<<16`,0,`0xA9C0<<16`,0,`0xB5E0<<16`,0
+.type	rem_4bit,#object
+.size	rem_4bit,(.-rem_4bit)
+
+.globl	gcm_ghash_4bit
+.align	32
+gcm_ghash_4bit:
+	save	%sp,-$frame,%sp
+	ldub	[$inp+15],$nlo
+	ldub	[$Xi+15],$xi0
+	ldub	[$Xi+14],$xi1
+	add	$len,$inp,$len
+	add	$Htbl,8,$Htblo
+
+1:	call	.+8
+	add	%o7,rem_4bit-1b,$rem_4bit
+
+.Louter:
+	xor	$xi0,$nlo,$nlo
+	and	$nlo,0xf0,$nhi
+	and	$nlo,0x0f,$nlo
+	sll	$nlo,4,$nlo
+	ldx	[$Htblo+$nlo],$Zlo
+	ldx	[$Htbl+$nlo],$Zhi
+
+	ldub	[$inp+14],$nlo
+
+	ldx	[$Htblo+$nhi],$Tlo
+	and	$Zlo,0xf,$remi
+	ldx	[$Htbl+$nhi],$Thi
+	sll	$remi,3,$remi
+	ldx	[$rem_4bit+$remi],$rem
+	srlx	$Zlo,4,$Zlo
+	mov	13,$cnt
+	sllx	$Zhi,60,$tmp
+	xor	$Tlo,$Zlo,$Zlo
+	srlx	$Zhi,4,$Zhi
+	xor	$Zlo,$tmp,$Zlo
+
+	xor	$xi1,$nlo,$nlo
+	and	$Zlo,0xf,$remi
+	and	$nlo,0xf0,$nhi
+	and	$nlo,0x0f,$nlo
+	ba	.Lghash_inner
+	sll	$nlo,4,$nlo
+.align	32
+.Lghash_inner:
+	ldx	[$Htblo+$nlo],$Tlo
+	sll	$remi,3,$remi
+	xor	$Thi,$Zhi,$Zhi
+	ldx	[$Htbl+$nlo],$Thi
+	srlx	$Zlo,4,$Zlo
+	xor	$rem,$Zhi,$Zhi
+	ldx	[$rem_4bit+$remi],$rem
+	sllx	$Zhi,60,$tmp
+	xor	$Tlo,$Zlo,$Zlo
+	ldub	[$inp+$cnt],$nlo
+	srlx	$Zhi,4,$Zhi
+	xor	$Zlo,$tmp,$Zlo
+	ldub	[$Xi+$cnt],$xi1
+	xor	$Thi,$Zhi,$Zhi
+	and	$Zlo,0xf,$remi
+
+	ldx	[$Htblo+$nhi],$Tlo
+	sll	$remi,3,$remi
+	xor	$rem,$Zhi,$Zhi
+	ldx	[$Htbl+$nhi],$Thi
+	srlx	$Zlo,4,$Zlo
+	ldx	[$rem_4bit+$remi],$rem
+	sllx	$Zhi,60,$tmp
+	xor	$xi1,$nlo,$nlo
+	srlx	$Zhi,4,$Zhi
+	and	$nlo,0xf0,$nhi
+	addcc	$cnt,-1,$cnt
+	xor	$Zlo,$tmp,$Zlo
+	and	$nlo,0x0f,$nlo
+	xor	$Tlo,$Zlo,$Zlo
+	sll	$nlo,4,$nlo
+	blu	.Lghash_inner
+	and	$Zlo,0xf,$remi
+
+	ldx	[$Htblo+$nlo],$Tlo
+	sll	$remi,3,$remi
+	xor	$Thi,$Zhi,$Zhi
+	ldx	[$Htbl+$nlo],$Thi
+	srlx	$Zlo,4,$Zlo
+	xor	$rem,$Zhi,$Zhi
+	ldx	[$rem_4bit+$remi],$rem
+	sllx	$Zhi,60,$tmp
+	xor	$Tlo,$Zlo,$Zlo
+	srlx	$Zhi,4,$Zhi
+	xor	$Zlo,$tmp,$Zlo
+	xor	$Thi,$Zhi,$Zhi
+
+	add	$inp,16,$inp
+	cmp	$inp,$len
+	be,pn	SIZE_T_CC,.Ldone
+	and	$Zlo,0xf,$remi
+
+	ldx	[$Htblo+$nhi],$Tlo
+	sll	$remi,3,$remi
+	xor	$rem,$Zhi,$Zhi
+	ldx	[$Htbl+$nhi],$Thi
+	srlx	$Zlo,4,$Zlo
+	ldx	[$rem_4bit+$remi],$rem
+	sllx	$Zhi,60,$tmp
+	xor	$Tlo,$Zlo,$Zlo
+	ldub	[$inp+15],$nlo
+	srlx	$Zhi,4,$Zhi
+	xor	$Zlo,$tmp,$Zlo
+	xor	$Thi,$Zhi,$Zhi
+	stx	$Zlo,[$Xi+8]
+	xor	$rem,$Zhi,$Zhi
+	stx	$Zhi,[$Xi]
+	srl	$Zlo,8,$xi1
+	and	$Zlo,0xff,$xi0
+	ba	.Louter
+	and	$xi1,0xff,$xi1
+.align	32
+.Ldone:
+	ldx	[$Htblo+$nhi],$Tlo
+	sll	$remi,3,$remi
+	xor	$rem,$Zhi,$Zhi
+	ldx	[$Htbl+$nhi],$Thi
+	srlx	$Zlo,4,$Zlo
+	ldx	[$rem_4bit+$remi],$rem
+	sllx	$Zhi,60,$tmp
+	xor	$Tlo,$Zlo,$Zlo
+	srlx	$Zhi,4,$Zhi
+	xor	$Zlo,$tmp,$Zlo
+	xor	$Thi,$Zhi,$Zhi
+	stx	$Zlo,[$Xi+8]
+	xor	$rem,$Zhi,$Zhi
+	stx	$Zhi,[$Xi]
+
+	ret
+	restore
+.type	gcm_ghash_4bit,#function
+.size	gcm_ghash_4bit,(.-gcm_ghash_4bit)
+___
+
+undef $inp;
+undef $len;
+
+$code.=<<___;
+.globl	gcm_gmult_4bit
+.align	32
+gcm_gmult_4bit:
+	save	%sp,-$frame,%sp
+	ldub	[$Xi+15],$nlo
+	add	$Htbl,8,$Htblo
+
+1:	call	.+8
+	add	%o7,rem_4bit-1b,$rem_4bit
+
+	and	$nlo,0xf0,$nhi
+	and	$nlo,0x0f,$nlo
+	sll	$nlo,4,$nlo
+	ldx	[$Htblo+$nlo],$Zlo
+	ldx	[$Htbl+$nlo],$Zhi
+
+	ldub	[$Xi+14],$nlo
+
+	ldx	[$Htblo+$nhi],$Tlo
+	and	$Zlo,0xf,$remi
+	ldx	[$Htbl+$nhi],$Thi
+	sll	$remi,3,$remi
+	ldx	[$rem_4bit+$remi],$rem
+	srlx	$Zlo,4,$Zlo
+	mov	13,$cnt
+	sllx	$Zhi,60,$tmp
+	xor	$Tlo,$Zlo,$Zlo
+	srlx	$Zhi,4,$Zhi
+	xor	$Zlo,$tmp,$Zlo
+
+	and	$Zlo,0xf,$remi
+	and	$nlo,0xf0,$nhi
+	and	$nlo,0x0f,$nlo
+	ba	.Lgmult_inner
+	sll	$nlo,4,$nlo
+.align	32
+.Lgmult_inner:
+	ldx	[$Htblo+$nlo],$Tlo
+	sll	$remi,3,$remi
+	xor	$Thi,$Zhi,$Zhi
+	ldx	[$Htbl+$nlo],$Thi
+	srlx	$Zlo,4,$Zlo
+	xor	$rem,$Zhi,$Zhi
+	ldx	[$rem_4bit+$remi],$rem
+	sllx	$Zhi,60,$tmp
+	xor	$Tlo,$Zlo,$Zlo
+	ldub	[$Xi+$cnt],$nlo
+	srlx	$Zhi,4,$Zhi
+	xor	$Zlo,$tmp,$Zlo
+	xor	$Thi,$Zhi,$Zhi
+	and	$Zlo,0xf,$remi
+
+	ldx	[$Htblo+$nhi],$Tlo
+	sll	$remi,3,$remi
+	xor	$rem,$Zhi,$Zhi
+	ldx	[$Htbl+$nhi],$Thi
+	srlx	$Zlo,4,$Zlo
+	ldx	[$rem_4bit+$remi],$rem
+	sllx	$Zhi,60,$tmp
+	srlx	$Zhi,4,$Zhi
+	and	$nlo,0xf0,$nhi
+	addcc	$cnt,-1,$cnt
+	xor	$Zlo,$tmp,$Zlo
+	and	$nlo,0x0f,$nlo
+	xor	$Tlo,$Zlo,$Zlo
+	sll	$nlo,4,$nlo
+	blu	.Lgmult_inner
+	and	$Zlo,0xf,$remi
+
+	ldx	[$Htblo+$nlo],$Tlo
+	sll	$remi,3,$remi
+	xor	$Thi,$Zhi,$Zhi
+	ldx	[$Htbl+$nlo],$Thi
+	srlx	$Zlo,4,$Zlo
+	xor	$rem,$Zhi,$Zhi
+	ldx	[$rem_4bit+$remi],$rem
+	sllx	$Zhi,60,$tmp
+	xor	$Tlo,$Zlo,$Zlo
+	srlx	$Zhi,4,$Zhi
+	xor	$Zlo,$tmp,$Zlo
+	xor	$Thi,$Zhi,$Zhi
+	and	$Zlo,0xf,$remi
+
+	ldx	[$Htblo+$nhi],$Tlo
+	sll	$remi,3,$remi
+	xor	$rem,$Zhi,$Zhi
+	ldx	[$Htbl+$nhi],$Thi
+	srlx	$Zlo,4,$Zlo
+	ldx	[$rem_4bit+$remi],$rem
+	sllx	$Zhi,60,$tmp
+	xor	$Tlo,$Zlo,$Zlo
+	srlx	$Zhi,4,$Zhi
+	xor	$Zlo,$tmp,$Zlo
+	xor	$Thi,$Zhi,$Zhi
+	stx	$Zlo,[$Xi+8]
+	xor	$rem,$Zhi,$Zhi
+	stx	$Zhi,[$Xi]
+
+	ret
+	restore
+.type	gcm_gmult_4bit,#function
+.size	gcm_gmult_4bit,(.-gcm_gmult_4bit)
+___
+
+{{{
+# Straightforward 128x128-bit multiplication using Karatsuba algorithm
+# followed by pair of 64-bit reductions [with a shortcut in first one,
+# which allowed to break dependency between reductions and remove one
+# multiplication from critical path]. While it might be suboptimal
+# with regard to sheer number of multiplications, other methods [such
+# as aggregate reduction] would require more 64-bit registers, which
+# we don't have in 32-bit application context.
+
+($Xip,$Htable,$inp,$len)=map("%i$_",(0..3));
+
+($Hhl,$Hlo,$Hhi,$Xlo,$Xhi,$xE1,$sqr, $C0,$C1,$C2,$C3,$V)=
+	(map("%o$_",(0..5,7)),map("%g$_",(1..5)));
+
+($shl,$shr)=map("%l$_",(0..7));
+
+# For details regarding "twisted H" see ghash-x86.pl.
+$code.=<<___;
+.globl	gcm_init_vis3
+.align	32
+gcm_init_vis3:
+	save	%sp,-$frame,%sp
+
+	ldx	[%i1+0],$Hhi
+	ldx	[%i1+8],$Hlo
+	mov	0xE1,$Xhi
+	mov	1,$Xlo
+	sllx	$Xhi,57,$Xhi
+	srax	$Hhi,63,$C0		! broadcast carry
+	addcc	$Hlo,$Hlo,$Hlo		! H<<=1
+	addxc	$Hhi,$Hhi,$Hhi
+	and	$C0,$Xlo,$Xlo
+	and	$C0,$Xhi,$Xhi
+	xor	$Xlo,$Hlo,$Hlo
+	xor	$Xhi,$Hhi,$Hhi
+	stx	$Hlo,[%i0+8]		! save twisted H
+	stx	$Hhi,[%i0+0]
+
+	sethi	%hi(0xA0406080),$V
+	sethi	%hi(0x20C0E000),%l0
+	or	$V,%lo(0xA0406080),$V
+	or	%l0,%lo(0x20C0E000),%l0
+	sllx	$V,32,$V
+	or	%l0,$V,$V		! (0xE0·i)&0xff=0xA040608020C0E000
+	stx	$V,[%i0+16]
+
+	ret
+	restore
+.type	gcm_init_vis3,#function
+.size	gcm_init_vis3,.-gcm_init_vis3
+
+.globl	gcm_gmult_vis3
+.align	32
+gcm_gmult_vis3:
+	save	%sp,-$frame,%sp
+
+	ldx	[$Xip+8],$Xlo		! load Xi
+	ldx	[$Xip+0],$Xhi
+	ldx	[$Htable+8],$Hlo	! load twisted H
+	ldx	[$Htable+0],$Hhi
+
+	mov	0xE1,%l7
+	sllx	%l7,57,$xE1		! 57 is not a typo
+	ldx	[$Htable+16],$V		! (0xE0·i)&0xff=0xA040608020C0E000
+
+	xor	$Hhi,$Hlo,$Hhl		! Karatsuba pre-processing
+	xmulx	$Xlo,$Hlo,$C0
+	xor	$Xlo,$Xhi,$C2		! Karatsuba pre-processing
+	xmulx	$C2,$Hhl,$C1
+	xmulxhi	$Xlo,$Hlo,$Xlo
+	xmulxhi	$C2,$Hhl,$C2
+	xmulxhi	$Xhi,$Hhi,$C3
+	xmulx	$Xhi,$Hhi,$Xhi
+
+	sll	$C0,3,$sqr
+	srlx	$V,$sqr,$sqr		! ·0xE0 [implicit &(7<<3)]
+	xor	$C0,$sqr,$sqr
+	sllx	$sqr,57,$sqr		! ($C0·0xE1)<<1<<56 [implicit &0x7f]
+
+	xor	$C0,$C1,$C1		! Karatsuba post-processing
+	xor	$Xlo,$C2,$C2
+	 xor	$sqr,$Xlo,$Xlo		! real destination is $C1
+	xor	$C3,$C2,$C2
+	xor	$Xlo,$C1,$C1
+	xor	$Xhi,$C2,$C2
+	xor	$Xhi,$C1,$C1
+
+	xmulxhi	$C0,$xE1,$Xlo		! ·0xE1<<1<<56
+	 xor	$C0,$C2,$C2
+	xmulx	$C1,$xE1,$C0
+	 xor	$C1,$C3,$C3
+	xmulxhi	$C1,$xE1,$C1
+
+	xor	$Xlo,$C2,$C2
+	xor	$C0,$C2,$C2
+	xor	$C1,$C3,$C3
+
+	stx	$C2,[$Xip+8]		! save Xi
+	stx	$C3,[$Xip+0]
+
+	ret
+	restore
+.type	gcm_gmult_vis3,#function
+.size	gcm_gmult_vis3,.-gcm_gmult_vis3
+
+.globl	gcm_ghash_vis3
+.align	32
+gcm_ghash_vis3:
+	save	%sp,-$frame,%sp
+	nop
+	srln	$len,0,$len		! needed on v8+, "nop" on v9
+
+	ldx	[$Xip+8],$C2		! load Xi
+	ldx	[$Xip+0],$C3
+	ldx	[$Htable+8],$Hlo	! load twisted H
+	ldx	[$Htable+0],$Hhi
+
+	mov	0xE1,%l7
+	sllx	%l7,57,$xE1		! 57 is not a typo
+	ldx	[$Htable+16],$V		! (0xE0·i)&0xff=0xA040608020C0E000
+
+	and	$inp,7,$shl
+	andn	$inp,7,$inp
+	sll	$shl,3,$shl
+	prefetch [$inp+63], 20
+	sub	%g0,$shl,$shr
+
+	xor	$Hhi,$Hlo,$Hhl		! Karatsuba pre-processing
+.Loop:
+	ldx	[$inp+8],$Xlo
+	brz,pt	$shl,1f
+	ldx	[$inp+0],$Xhi
+
+	ldx	[$inp+16],$C1		! align data
+	srlx	$Xlo,$shr,$C0
+	sllx	$Xlo,$shl,$Xlo
+	sllx	$Xhi,$shl,$Xhi
+	srlx	$C1,$shr,$C1
+	or	$C0,$Xhi,$Xhi
+	or	$C1,$Xlo,$Xlo
+1:
+	add	$inp,16,$inp
+	sub	$len,16,$len
+	xor	$C2,$Xlo,$Xlo
+	xor	$C3,$Xhi,$Xhi
+	prefetch [$inp+63], 20
+
+	xmulx	$Xlo,$Hlo,$C0
+	xor	$Xlo,$Xhi,$C2		! Karatsuba pre-processing
+	xmulx	$C2,$Hhl,$C1
+	xmulxhi	$Xlo,$Hlo,$Xlo
+	xmulxhi	$C2,$Hhl,$C2
+	xmulxhi	$Xhi,$Hhi,$C3
+	xmulx	$Xhi,$Hhi,$Xhi
+
+	sll	$C0,3,$sqr
+	srlx	$V,$sqr,$sqr		! ·0xE0 [implicit &(7<<3)]
+	xor	$C0,$sqr,$sqr
+	sllx	$sqr,57,$sqr		! ($C0·0xE1)<<1<<56 [implicit &0x7f]
+
+	xor	$C0,$C1,$C1		! Karatsuba post-processing
+	xor	$Xlo,$C2,$C2
+	 xor	$sqr,$Xlo,$Xlo		! real destination is $C1
+	xor	$C3,$C2,$C2
+	xor	$Xlo,$C1,$C1
+	xor	$Xhi,$C2,$C2
+	xor	$Xhi,$C1,$C1
+
+	xmulxhi	$C0,$xE1,$Xlo		! ·0xE1<<1<<56
+	 xor	$C0,$C2,$C2
+	xmulx	$C1,$xE1,$C0
+	 xor	$C1,$C3,$C3
+	xmulxhi	$C1,$xE1,$C1
+
+	xor	$Xlo,$C2,$C2
+	xor	$C0,$C2,$C2
+	brnz,pt	$len,.Loop
+	xor	$C1,$C3,$C3
+
+	stx	$C2,[$Xip+8]		! save Xi
+	stx	$C3,[$Xip+0]
+
+	ret
+	restore
+.type	gcm_ghash_vis3,#function
+.size	gcm_ghash_vis3,.-gcm_ghash_vis3
+___
+}}}
+$code.=<<___;
+.asciz	"GHASH for SPARCv9/VIS3, CRYPTOGAMS by <appro\@openssl.org>"
+.align	4
+___
+
+
+# Purpose of these subroutines is to explicitly encode VIS instructions,
+# so that one can compile the module without having to specify VIS
+# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
+# Idea is to reserve for option to produce "universal" binary and let
+# programmer detect if current CPU is VIS capable at run-time.
+sub unvis3 {
+my ($mnemonic,$rs1,$rs2,$rd)=@_;
+my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24 );
+my ($ref,$opf);
+my %visopf = (	"addxc"		=> 0x011,
+		"addxccc"	=> 0x013,
+		"xmulx"		=> 0x115,
+		"xmulxhi"	=> 0x116	);
+
+    $ref = "$mnemonic\t$rs1,$rs2,$rd";
+
+    if ($opf=$visopf{$mnemonic}) {
+	foreach ($rs1,$rs2,$rd) {
+	    return $ref if (!/%([goli])([0-9])/);
+	    $_=$bias{$1}+$2;
+	}
+
+	return	sprintf ".word\t0x%08x !%s",
+			0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2,
+			$ref;
+    } else {
+	return $ref;
+    }
+}
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/ge;
+
+	s/\b(xmulx[hi]*|addxc[c]{0,2})\s+(%[goli][0-7]),\s*(%[goli][0-7]),\s*(%[goli][0-7])/
+		&unvis3($1,$2,$3,$4)
+	 /ge;
+
+	print $_,"\n";
+}
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-x86.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-x86.pl
new file mode 100644
index 000000000..bcbe6e399
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-x86.pl
@@ -0,0 +1,1404 @@
+#! /usr/bin/env perl
+# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# March, May, June 2010
+#
+# The module implements "4-bit" GCM GHASH function and underlying
+# single multiplication operation in GF(2^128). "4-bit" means that it
+# uses 256 bytes per-key table [+64/128 bytes fixed table]. It has two
+# code paths: vanilla x86 and vanilla SSE. Former will be executed on
+# 486 and Pentium, latter on all others. SSE GHASH features so called
+# "528B" variant of "4-bit" method utilizing additional 256+16 bytes
+# of per-key storage [+512 bytes shared table]. Performance results
+# are for streamed GHASH subroutine and are expressed in cycles per
+# processed byte, less is better:
+#
+#		gcc 2.95.3(*)	SSE assembler	x86 assembler
+#
+# Pentium	105/111(**)	-		50
+# PIII		68 /75		12.2		24
+# P4		125/125		17.8		84(***)
+# Opteron	66 /70		10.1		30
+# Core2		54 /67		8.4		18
+# Atom		105/105		16.8		53
+# VIA Nano	69 /71		13.0		27
+#
+# (*)	gcc 3.4.x was observed to generate few percent slower code,
+#	which is one of reasons why 2.95.3 results were chosen,
+#	another reason is lack of 3.4.x results for older CPUs;
+#	comparison with SSE results is not completely fair, because C
+#	results are for vanilla "256B" implementation, while
+#	assembler results are for "528B";-)
+# (**)	second number is result for code compiled with -fPIC flag,
+#	which is actually more relevant, because assembler code is
+#	position-independent;
+# (***)	see comment in non-MMX routine for further details;
+#
+# To summarize, it's >2-5 times faster than gcc-generated code. To
+# anchor it to something else SHA1 assembler processes one byte in
+# ~7 cycles on contemporary x86 cores. As for choice of MMX/SSE
+# in particular, see comment at the end of the file...
+
+# May 2010
+#
+# Add PCLMULQDQ version performing at 2.10 cycles per processed byte.
+# The question is how close is it to theoretical limit? The pclmulqdq
+# instruction latency appears to be 14 cycles and there can't be more
+# than 2 of them executing at any given time. This means that single
+# Karatsuba multiplication would take 28 cycles *plus* few cycles for
+# pre- and post-processing. Then multiplication has to be followed by
+# modulo-reduction. Given that aggregated reduction method [see
+# "Carry-less Multiplication and Its Usage for Computing the GCM Mode"
+# white paper by Intel] allows you to perform reduction only once in
+# a while we can assume that asymptotic performance can be estimated
+# as (28+Tmod/Naggr)/16, where Tmod is time to perform reduction
+# and Naggr is the aggregation factor.
+#
+# Before we proceed to this implementation let's have closer look at
+# the best-performing code suggested by Intel in their white paper.
+# By tracing inter-register dependencies Tmod is estimated as ~19
+# cycles and Naggr chosen by Intel is 4, resulting in 2.05 cycles per
+# processed byte. As implied, this is quite optimistic estimate,
+# because it does not account for Karatsuba pre- and post-processing,
+# which for a single multiplication is ~5 cycles. Unfortunately Intel
+# does not provide performance data for GHASH alone. But benchmarking
+# AES_GCM_encrypt ripped out of Fig. 15 of the white paper with aadt
+# alone resulted in 2.46 cycles per byte of out 16KB buffer. Note that
+# the result accounts even for pre-computing of degrees of the hash
+# key H, but its portion is negligible at 16KB buffer size.
+#
+# Moving on to the implementation in question. Tmod is estimated as
+# ~13 cycles and Naggr is 2, giving asymptotic performance of ...
+# 2.16. How is it possible that measured performance is better than
+# optimistic theoretical estimate? There is one thing Intel failed
+# to recognize. By serializing GHASH with CTR in same subroutine
+# former's performance is really limited to above (Tmul + Tmod/Naggr)
+# equation. But if GHASH procedure is detached, the modulo-reduction
+# can be interleaved with Naggr-1 multiplications at instruction level
+# and under ideal conditions even disappear from the equation. So that
+# optimistic theoretical estimate for this implementation is ...
+# 28/16=1.75, and not 2.16. Well, it's probably way too optimistic,
+# at least for such small Naggr. I'd argue that (28+Tproc/Naggr),
+# where Tproc is time required for Karatsuba pre- and post-processing,
+# is more realistic estimate. In this case it gives ... 1.91 cycles.
+# Or in other words, depending on how well we can interleave reduction
+# and one of the two multiplications the performance should be between
+# 1.91 and 2.16. As already mentioned, this implementation processes
+# one byte out of 8KB buffer in 2.10 cycles, while x86_64 counterpart
+# - in 2.02. x86_64 performance is better, because larger register
+# bank allows to interleave reduction and multiplication better.
+#
+# Does it make sense to increase Naggr? To start with it's virtually
+# impossible in 32-bit mode, because of limited register bank
+# capacity. Otherwise improvement has to be weighed against slower
+# setup, as well as code size and complexity increase. As even
+# optimistic estimate doesn't promise 30% performance improvement,
+# there are currently no plans to increase Naggr.
+#
+# Special thanks to David Woodhouse for providing access to a
+# Westmere-based system on behalf of Intel Open Source Technology Centre.
+
+# January 2010
+#
+# Tweaked to optimize transitions between integer and FP operations
+# on same XMM register, PCLMULQDQ subroutine was measured to process
+# one byte in 2.07 cycles on Sandy Bridge, and in 2.12 - on Westmere.
+# The minor regression on Westmere is outweighed by ~15% improvement
+# on Sandy Bridge. Strangely enough attempt to modify 64-bit code in
+# similar manner resulted in almost 20% degradation on Sandy Bridge,
+# where original 64-bit code processes one byte in 1.95 cycles.
+
+#####################################################################
+# For reference, AMD Bulldozer processes one byte in 1.98 cycles in
+# 32-bit mode and 1.89 in 64-bit.
+
+# February 2013
+#
+# Overhaul: aggregate Karatsuba post-processing, improve ILP in
+# reduction_alg9. Resulting performance is 1.96 cycles per byte on
+# Westmere, 1.95 - on Sandy/Ivy Bridge, 1.76 - on Bulldozer.
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+
+$output=pop;
+open STDOUT,">$output";
+
+&asm_init($ARGV[0],$x86only = $ARGV[$#ARGV] eq "386");
+
+$sse2=0;
+for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
+
+($Zhh,$Zhl,$Zlh,$Zll) = ("ebp","edx","ecx","ebx");
+$inp  = "edi";
+$Htbl = "esi";
+
+$unroll = 0;	# Affects x86 loop. Folded loop performs ~7% worse
+		# than unrolled, which has to be weighted against
+		# 2.5x x86-specific code size reduction.
+
+sub x86_loop {
+    my $off = shift;
+    my $rem = "eax";
+
+	&mov	($Zhh,&DWP(4,$Htbl,$Zll));
+	&mov	($Zhl,&DWP(0,$Htbl,$Zll));
+	&mov	($Zlh,&DWP(12,$Htbl,$Zll));
+	&mov	($Zll,&DWP(8,$Htbl,$Zll));
+	&xor	($rem,$rem);	# avoid partial register stalls on PIII
+
+	# shrd practically kills P4, 2.5x deterioration, but P4 has
+	# MMX code-path to execute. shrd runs tad faster [than twice
+	# the shifts, move's and or's] on pre-MMX Pentium (as well as
+	# PIII and Core2), *but* minimizes code size, spares register
+	# and thus allows to fold the loop...
+	if (!$unroll) {
+	my $cnt = $inp;
+	&mov	($cnt,15);
+	&jmp	(&label("x86_loop"));
+	&set_label("x86_loop",16);
+	    for($i=1;$i<=2;$i++) {
+		&mov	(&LB($rem),&LB($Zll));
+		&shrd	($Zll,$Zlh,4);
+		&and	(&LB($rem),0xf);
+		&shrd	($Zlh,$Zhl,4);
+		&shrd	($Zhl,$Zhh,4);
+		&shr	($Zhh,4);
+		&xor	($Zhh,&DWP($off+16,"esp",$rem,4));
+
+		&mov	(&LB($rem),&BP($off,"esp",$cnt));
+		if ($i&1) {
+			&and	(&LB($rem),0xf0);
+		} else {
+			&shl	(&LB($rem),4);
+		}
+
+		&xor	($Zll,&DWP(8,$Htbl,$rem));
+		&xor	($Zlh,&DWP(12,$Htbl,$rem));
+		&xor	($Zhl,&DWP(0,$Htbl,$rem));
+		&xor	($Zhh,&DWP(4,$Htbl,$rem));
+
+		if ($i&1) {
+			&dec	($cnt);
+			&js	(&label("x86_break"));
+		} else {
+			&jmp	(&label("x86_loop"));
+		}
+	    }
+	&set_label("x86_break",16);
+	} else {
+	    for($i=1;$i<32;$i++) {
+		&comment($i);
+		&mov	(&LB($rem),&LB($Zll));
+		&shrd	($Zll,$Zlh,4);
+		&and	(&LB($rem),0xf);
+		&shrd	($Zlh,$Zhl,4);
+		&shrd	($Zhl,$Zhh,4);
+		&shr	($Zhh,4);
+		&xor	($Zhh,&DWP($off+16,"esp",$rem,4));
+
+		if ($i&1) {
+			&mov	(&LB($rem),&BP($off+15-($i>>1),"esp"));
+			&and	(&LB($rem),0xf0);
+		} else {
+			&mov	(&LB($rem),&BP($off+15-($i>>1),"esp"));
+			&shl	(&LB($rem),4);
+		}
+
+		&xor	($Zll,&DWP(8,$Htbl,$rem));
+		&xor	($Zlh,&DWP(12,$Htbl,$rem));
+		&xor	($Zhl,&DWP(0,$Htbl,$rem));
+		&xor	($Zhh,&DWP(4,$Htbl,$rem));
+	    }
+	}
+	&bswap	($Zll);
+	&bswap	($Zlh);
+	&bswap	($Zhl);
+	if (!$x86only) {
+		&bswap	($Zhh);
+	} else {
+		&mov	("eax",$Zhh);
+		&bswap	("eax");
+		&mov	($Zhh,"eax");
+	}
+}
+
+if ($unroll) {
+    &function_begin_B("_x86_gmult_4bit_inner");
+	&x86_loop(4);
+	&ret	();
+    &function_end_B("_x86_gmult_4bit_inner");
+}
+
+sub deposit_rem_4bit {
+    my $bias = shift;
+
+	&mov	(&DWP($bias+0, "esp"),0x0000<<16);
+	&mov	(&DWP($bias+4, "esp"),0x1C20<<16);
+	&mov	(&DWP($bias+8, "esp"),0x3840<<16);
+	&mov	(&DWP($bias+12,"esp"),0x2460<<16);
+	&mov	(&DWP($bias+16,"esp"),0x7080<<16);
+	&mov	(&DWP($bias+20,"esp"),0x6CA0<<16);
+	&mov	(&DWP($bias+24,"esp"),0x48C0<<16);
+	&mov	(&DWP($bias+28,"esp"),0x54E0<<16);
+	&mov	(&DWP($bias+32,"esp"),0xE100<<16);
+	&mov	(&DWP($bias+36,"esp"),0xFD20<<16);
+	&mov	(&DWP($bias+40,"esp"),0xD940<<16);
+	&mov	(&DWP($bias+44,"esp"),0xC560<<16);
+	&mov	(&DWP($bias+48,"esp"),0x9180<<16);
+	&mov	(&DWP($bias+52,"esp"),0x8DA0<<16);
+	&mov	(&DWP($bias+56,"esp"),0xA9C0<<16);
+	&mov	(&DWP($bias+60,"esp"),0xB5E0<<16);
+}
+
+$suffix = $x86only ? "" : "_x86";
+
+&function_begin("gcm_gmult_4bit".$suffix);
+	&stack_push(16+4+1);			# +1 for stack alignment
+	&mov	($inp,&wparam(0));		# load Xi
+	&mov	($Htbl,&wparam(1));		# load Htable
+
+	&mov	($Zhh,&DWP(0,$inp));		# load Xi[16]
+	&mov	($Zhl,&DWP(4,$inp));
+	&mov	($Zlh,&DWP(8,$inp));
+	&mov	($Zll,&DWP(12,$inp));
+
+	&deposit_rem_4bit(16);
+
+	&mov	(&DWP(0,"esp"),$Zhh);		# copy Xi[16] on stack
+	&mov	(&DWP(4,"esp"),$Zhl);
+	&mov	(&DWP(8,"esp"),$Zlh);
+	&mov	(&DWP(12,"esp"),$Zll);
+	&shr	($Zll,20);
+	&and	($Zll,0xf0);
+
+	if ($unroll) {
+		&call	("_x86_gmult_4bit_inner");
+	} else {
+		&x86_loop(0);
+		&mov	($inp,&wparam(0));
+	}
+
+	&mov	(&DWP(12,$inp),$Zll);
+	&mov	(&DWP(8,$inp),$Zlh);
+	&mov	(&DWP(4,$inp),$Zhl);
+	&mov	(&DWP(0,$inp),$Zhh);
+	&stack_pop(16+4+1);
+&function_end("gcm_gmult_4bit".$suffix);
+
+&function_begin("gcm_ghash_4bit".$suffix);
+	&stack_push(16+4+1);			# +1 for 64-bit alignment
+	&mov	($Zll,&wparam(0));		# load Xi
+	&mov	($Htbl,&wparam(1));		# load Htable
+	&mov	($inp,&wparam(2));		# load in
+	&mov	("ecx",&wparam(3));		# load len
+	&add	("ecx",$inp);
+	&mov	(&wparam(3),"ecx");
+
+	&mov	($Zhh,&DWP(0,$Zll));		# load Xi[16]
+	&mov	($Zhl,&DWP(4,$Zll));
+	&mov	($Zlh,&DWP(8,$Zll));
+	&mov	($Zll,&DWP(12,$Zll));
+
+	&deposit_rem_4bit(16);
+
+    &set_label("x86_outer_loop",16);
+	&xor	($Zll,&DWP(12,$inp));		# xor with input
+	&xor	($Zlh,&DWP(8,$inp));
+	&xor	($Zhl,&DWP(4,$inp));
+	&xor	($Zhh,&DWP(0,$inp));
+	&mov	(&DWP(12,"esp"),$Zll);		# dump it on stack
+	&mov	(&DWP(8,"esp"),$Zlh);
+	&mov	(&DWP(4,"esp"),$Zhl);
+	&mov	(&DWP(0,"esp"),$Zhh);
+
+	&shr	($Zll,20);
+	&and	($Zll,0xf0);
+
+	if ($unroll) {
+		&call	("_x86_gmult_4bit_inner");
+	} else {
+		&x86_loop(0);
+		&mov	($inp,&wparam(2));
+	}
+	&lea	($inp,&DWP(16,$inp));
+	&cmp	($inp,&wparam(3));
+	&mov	(&wparam(2),$inp)	if (!$unroll);
+	&jb	(&label("x86_outer_loop"));
+
+	&mov	($inp,&wparam(0));	# load Xi
+	&mov	(&DWP(12,$inp),$Zll);
+	&mov	(&DWP(8,$inp),$Zlh);
+	&mov	(&DWP(4,$inp),$Zhl);
+	&mov	(&DWP(0,$inp),$Zhh);
+	&stack_pop(16+4+1);
+&function_end("gcm_ghash_4bit".$suffix);
+
+if (!$x86only) {{{
+
+&static_label("rem_4bit");
+
+if (!$sse2) {{	# pure-MMX "May" version...
+
+$S=12;		# shift factor for rem_4bit
+
+&function_begin_B("_mmx_gmult_4bit_inner");
+# MMX version performs 3.5 times better on P4 (see comment in non-MMX
+# routine for further details), 100% better on Opteron, ~70% better
+# on Core2 and PIII... In other words effort is considered to be well
+# spent... Since initial release the loop was unrolled in order to
+# "liberate" register previously used as loop counter. Instead it's
+# used to optimize critical path in 'Z.hi ^= rem_4bit[Z.lo&0xf]'.
+# The path involves move of Z.lo from MMX to integer register,
+# effective address calculation and finally merge of value to Z.hi.
+# Reference to rem_4bit is scheduled so late that I had to >>4
+# rem_4bit elements. This resulted in 20-45% procent improvement
+# on contemporary µ-archs.
+{
+    my $cnt;
+    my $rem_4bit = "eax";
+    my @rem = ($Zhh,$Zll);
+    my $nhi = $Zhl;
+    my $nlo = $Zlh;
+
+    my ($Zlo,$Zhi) = ("mm0","mm1");
+    my $tmp = "mm2";
+
+	&xor	($nlo,$nlo);	# avoid partial register stalls on PIII
+	&mov	($nhi,$Zll);
+	&mov	(&LB($nlo),&LB($nhi));
+	&shl	(&LB($nlo),4);
+	&and	($nhi,0xf0);
+	&movq	($Zlo,&QWP(8,$Htbl,$nlo));
+	&movq	($Zhi,&QWP(0,$Htbl,$nlo));
+	&movd	($rem[0],$Zlo);
+
+	for ($cnt=28;$cnt>=-2;$cnt--) {
+	    my $odd = $cnt&1;
+	    my $nix = $odd ? $nlo : $nhi;
+
+		&shl	(&LB($nlo),4)			if ($odd);
+		&psrlq	($Zlo,4);
+		&movq	($tmp,$Zhi);
+		&psrlq	($Zhi,4);
+		&pxor	($Zlo,&QWP(8,$Htbl,$nix));
+		&mov	(&LB($nlo),&BP($cnt/2,$inp))	if (!$odd && $cnt>=0);
+		&psllq	($tmp,60);
+		&and	($nhi,0xf0)			if ($odd);
+		&pxor	($Zhi,&QWP(0,$rem_4bit,$rem[1],8)) if ($cnt<28);
+		&and	($rem[0],0xf);
+		&pxor	($Zhi,&QWP(0,$Htbl,$nix));
+		&mov	($nhi,$nlo)			if (!$odd && $cnt>=0);
+		&movd	($rem[1],$Zlo);
+		&pxor	($Zlo,$tmp);
+
+		push	(@rem,shift(@rem));		# "rotate" registers
+	}
+
+	&mov	($inp,&DWP(4,$rem_4bit,$rem[1],8));	# last rem_4bit[rem]
+
+	&psrlq	($Zlo,32);	# lower part of Zlo is already there
+	&movd	($Zhl,$Zhi);
+	&psrlq	($Zhi,32);
+	&movd	($Zlh,$Zlo);
+	&movd	($Zhh,$Zhi);
+	&shl	($inp,4);	# compensate for rem_4bit[i] being >>4
+
+	&bswap	($Zll);
+	&bswap	($Zhl);
+	&bswap	($Zlh);
+	&xor	($Zhh,$inp);
+	&bswap	($Zhh);
+
+	&ret	();
+}
+&function_end_B("_mmx_gmult_4bit_inner");
+
+&function_begin("gcm_gmult_4bit_mmx");
+	&mov	($inp,&wparam(0));	# load Xi
+	&mov	($Htbl,&wparam(1));	# load Htable
+
+	&call	(&label("pic_point"));
+	&set_label("pic_point");
+	&blindpop("eax");
+	&lea	("eax",&DWP(&label("rem_4bit")."-".&label("pic_point"),"eax"));
+
+	&movz	($Zll,&BP(15,$inp));
+
+	&call	("_mmx_gmult_4bit_inner");
+
+	&mov	($inp,&wparam(0));	# load Xi
+	&emms	();
+	&mov	(&DWP(12,$inp),$Zll);
+	&mov	(&DWP(4,$inp),$Zhl);
+	&mov	(&DWP(8,$inp),$Zlh);
+	&mov	(&DWP(0,$inp),$Zhh);
+&function_end("gcm_gmult_4bit_mmx");
+
+# Streamed version performs 20% better on P4, 7% on Opteron,
+# 10% on Core2 and PIII...
+&function_begin("gcm_ghash_4bit_mmx");
+	&mov	($Zhh,&wparam(0));	# load Xi
+	&mov	($Htbl,&wparam(1));	# load Htable
+	&mov	($inp,&wparam(2));	# load in
+	&mov	($Zlh,&wparam(3));	# load len
+
+	&call	(&label("pic_point"));
+	&set_label("pic_point");
+	&blindpop("eax");
+	&lea	("eax",&DWP(&label("rem_4bit")."-".&label("pic_point"),"eax"));
+
+	&add	($Zlh,$inp);
+	&mov	(&wparam(3),$Zlh);	# len to point at the end of input
+	&stack_push(4+1);		# +1 for stack alignment
+
+	&mov	($Zll,&DWP(12,$Zhh));	# load Xi[16]
+	&mov	($Zhl,&DWP(4,$Zhh));
+	&mov	($Zlh,&DWP(8,$Zhh));
+	&mov	($Zhh,&DWP(0,$Zhh));
+	&jmp	(&label("mmx_outer_loop"));
+
+    &set_label("mmx_outer_loop",16);
+	&xor	($Zll,&DWP(12,$inp));
+	&xor	($Zhl,&DWP(4,$inp));
+	&xor	($Zlh,&DWP(8,$inp));
+	&xor	($Zhh,&DWP(0,$inp));
+	&mov	(&wparam(2),$inp);
+	&mov	(&DWP(12,"esp"),$Zll);
+	&mov	(&DWP(4,"esp"),$Zhl);
+	&mov	(&DWP(8,"esp"),$Zlh);
+	&mov	(&DWP(0,"esp"),$Zhh);
+
+	&mov	($inp,"esp");
+	&shr	($Zll,24);
+
+	&call	("_mmx_gmult_4bit_inner");
+
+	&mov	($inp,&wparam(2));
+	&lea	($inp,&DWP(16,$inp));
+	&cmp	($inp,&wparam(3));
+	&jb	(&label("mmx_outer_loop"));
+
+	&mov	($inp,&wparam(0));	# load Xi
+	&emms	();
+	&mov	(&DWP(12,$inp),$Zll);
+	&mov	(&DWP(4,$inp),$Zhl);
+	&mov	(&DWP(8,$inp),$Zlh);
+	&mov	(&DWP(0,$inp),$Zhh);
+
+	&stack_pop(4+1);
+&function_end("gcm_ghash_4bit_mmx");
+
+}} else {{	# "June" MMX version...
+		# ... has slower "April" gcm_gmult_4bit_mmx with folded
+		# loop. This is done to conserve code size...
+$S=16;		# shift factor for rem_4bit
+
+sub mmx_loop() {
+# MMX version performs 2.8 times better on P4 (see comment in non-MMX
+# routine for further details), 40% better on Opteron and Core2, 50%
+# better on PIII... In other words effort is considered to be well
+# spent...
+    my $inp = shift;
+    my $rem_4bit = shift;
+    my $cnt = $Zhh;
+    my $nhi = $Zhl;
+    my $nlo = $Zlh;
+    my $rem = $Zll;
+
+    my ($Zlo,$Zhi) = ("mm0","mm1");
+    my $tmp = "mm2";
+
+	&xor	($nlo,$nlo);	# avoid partial register stalls on PIII
+	&mov	($nhi,$Zll);
+	&mov	(&LB($nlo),&LB($nhi));
+	&mov	($cnt,14);
+	&shl	(&LB($nlo),4);
+	&and	($nhi,0xf0);
+	&movq	($Zlo,&QWP(8,$Htbl,$nlo));
+	&movq	($Zhi,&QWP(0,$Htbl,$nlo));
+	&movd	($rem,$Zlo);
+	&jmp	(&label("mmx_loop"));
+
+    &set_label("mmx_loop",16);
+	&psrlq	($Zlo,4);
+	&and	($rem,0xf);
+	&movq	($tmp,$Zhi);
+	&psrlq	($Zhi,4);
+	&pxor	($Zlo,&QWP(8,$Htbl,$nhi));
+	&mov	(&LB($nlo),&BP(0,$inp,$cnt));
+	&psllq	($tmp,60);
+	&pxor	($Zhi,&QWP(0,$rem_4bit,$rem,8));
+	&dec	($cnt);
+	&movd	($rem,$Zlo);
+	&pxor	($Zhi,&QWP(0,$Htbl,$nhi));
+	&mov	($nhi,$nlo);
+	&pxor	($Zlo,$tmp);
+	&js	(&label("mmx_break"));
+
+	&shl	(&LB($nlo),4);
+	&and	($rem,0xf);
+	&psrlq	($Zlo,4);
+	&and	($nhi,0xf0);
+	&movq	($tmp,$Zhi);
+	&psrlq	($Zhi,4);
+	&pxor	($Zlo,&QWP(8,$Htbl,$nlo));
+	&psllq	($tmp,60);
+	&pxor	($Zhi,&QWP(0,$rem_4bit,$rem,8));
+	&movd	($rem,$Zlo);
+	&pxor	($Zhi,&QWP(0,$Htbl,$nlo));
+	&pxor	($Zlo,$tmp);
+	&jmp	(&label("mmx_loop"));
+
+    &set_label("mmx_break",16);
+	&shl	(&LB($nlo),4);
+	&and	($rem,0xf);
+	&psrlq	($Zlo,4);
+	&and	($nhi,0xf0);
+	&movq	($tmp,$Zhi);
+	&psrlq	($Zhi,4);
+	&pxor	($Zlo,&QWP(8,$Htbl,$nlo));
+	&psllq	($tmp,60);
+	&pxor	($Zhi,&QWP(0,$rem_4bit,$rem,8));
+	&movd	($rem,$Zlo);
+	&pxor	($Zhi,&QWP(0,$Htbl,$nlo));
+	&pxor	($Zlo,$tmp);
+
+	&psrlq	($Zlo,4);
+	&and	($rem,0xf);
+	&movq	($tmp,$Zhi);
+	&psrlq	($Zhi,4);
+	&pxor	($Zlo,&QWP(8,$Htbl,$nhi));
+	&psllq	($tmp,60);
+	&pxor	($Zhi,&QWP(0,$rem_4bit,$rem,8));
+	&movd	($rem,$Zlo);
+	&pxor	($Zhi,&QWP(0,$Htbl,$nhi));
+	&pxor	($Zlo,$tmp);
+
+	&psrlq	($Zlo,32);	# lower part of Zlo is already there
+	&movd	($Zhl,$Zhi);
+	&psrlq	($Zhi,32);
+	&movd	($Zlh,$Zlo);
+	&movd	($Zhh,$Zhi);
+
+	&bswap	($Zll);
+	&bswap	($Zhl);
+	&bswap	($Zlh);
+	&bswap	($Zhh);
+}
+
+&function_begin("gcm_gmult_4bit_mmx");
+	&mov	($inp,&wparam(0));	# load Xi
+	&mov	($Htbl,&wparam(1));	# load Htable
+
+	&call	(&label("pic_point"));
+	&set_label("pic_point");
+	&blindpop("eax");
+	&lea	("eax",&DWP(&label("rem_4bit")."-".&label("pic_point"),"eax"));
+
+	&movz	($Zll,&BP(15,$inp));
+
+	&mmx_loop($inp,"eax");
+
+	&emms	();
+	&mov	(&DWP(12,$inp),$Zll);
+	&mov	(&DWP(4,$inp),$Zhl);
+	&mov	(&DWP(8,$inp),$Zlh);
+	&mov	(&DWP(0,$inp),$Zhh);
+&function_end("gcm_gmult_4bit_mmx");
+
+######################################################################
+# Below subroutine is "528B" variant of "4-bit" GCM GHASH function
+# (see gcm128.c for details). It provides further 20-40% performance
+# improvement over above mentioned "May" version.
+
+&static_label("rem_8bit");
+
+&function_begin("gcm_ghash_4bit_mmx");
+{ my ($Zlo,$Zhi) = ("mm7","mm6");
+  my $rem_8bit = "esi";
+  my $Htbl = "ebx";
+
+    # parameter block
+    &mov	("eax",&wparam(0));		# Xi
+    &mov	("ebx",&wparam(1));		# Htable
+    &mov	("ecx",&wparam(2));		# inp
+    &mov	("edx",&wparam(3));		# len
+    &mov	("ebp","esp");			# original %esp
+    &call	(&label("pic_point"));
+    &set_label	("pic_point");
+    &blindpop	($rem_8bit);
+    &lea	($rem_8bit,&DWP(&label("rem_8bit")."-".&label("pic_point"),$rem_8bit));
+
+    &sub	("esp",512+16+16);		# allocate stack frame...
+    &and	("esp",-64);			# ...and align it
+    &sub	("esp",16);			# place for (u8)(H[]<<4)
+
+    &add	("edx","ecx");			# pointer to the end of input
+    &mov	(&DWP(528+16+0,"esp"),"eax");	# save Xi
+    &mov	(&DWP(528+16+8,"esp"),"edx");	# save inp+len
+    &mov	(&DWP(528+16+12,"esp"),"ebp");	# save original %esp
+
+    { my @lo  = ("mm0","mm1","mm2");
+      my @hi  = ("mm3","mm4","mm5");
+      my @tmp = ("mm6","mm7");
+      my ($off1,$off2,$i) = (0,0,);
+
+      &add	($Htbl,128);			# optimize for size
+      &lea	("edi",&DWP(16+128,"esp"));
+      &lea	("ebp",&DWP(16+256+128,"esp"));
+
+      # decompose Htable (low and high parts are kept separately),
+      # generate Htable[]>>4, (u8)(Htable[]<<4), save to stack...
+      for ($i=0;$i<18;$i++) {
+
+	&mov	("edx",&DWP(16*$i+8-128,$Htbl))		if ($i<16);
+	&movq	($lo[0],&QWP(16*$i+8-128,$Htbl))	if ($i<16);
+	&psllq	($tmp[1],60)				if ($i>1);
+	&movq	($hi[0],&QWP(16*$i+0-128,$Htbl))	if ($i<16);
+	&por	($lo[2],$tmp[1])			if ($i>1);
+	&movq	(&QWP($off1-128,"edi"),$lo[1])		if ($i>0 && $i<17);
+	&psrlq	($lo[1],4)				if ($i>0 && $i<17);
+	&movq	(&QWP($off1,"edi"),$hi[1])		if ($i>0 && $i<17);
+	&movq	($tmp[0],$hi[1])			if ($i>0 && $i<17);
+	&movq	(&QWP($off2-128,"ebp"),$lo[2])		if ($i>1);
+	&psrlq	($hi[1],4)				if ($i>0 && $i<17);
+	&movq	(&QWP($off2,"ebp"),$hi[2])		if ($i>1);
+	&shl	("edx",4)				if ($i<16);
+	&mov	(&BP($i,"esp"),&LB("edx"))		if ($i<16);
+
+	unshift	(@lo,pop(@lo));			# "rotate" registers
+	unshift	(@hi,pop(@hi));
+	unshift	(@tmp,pop(@tmp));
+	$off1 += 8	if ($i>0);
+	$off2 += 8	if ($i>1);
+      }
+    }
+
+    &movq	($Zhi,&QWP(0,"eax"));
+    &mov	("ebx",&DWP(8,"eax"));
+    &mov	("edx",&DWP(12,"eax"));		# load Xi
+
+&set_label("outer",16);
+  { my $nlo = "eax";
+    my $dat = "edx";
+    my @nhi = ("edi","ebp");
+    my @rem = ("ebx","ecx");
+    my @red = ("mm0","mm1","mm2");
+    my $tmp = "mm3";
+
+    &xor	($dat,&DWP(12,"ecx"));		# merge input data
+    &xor	("ebx",&DWP(8,"ecx"));
+    &pxor	($Zhi,&QWP(0,"ecx"));
+    &lea	("ecx",&DWP(16,"ecx"));		# inp+=16
+    #&mov	(&DWP(528+12,"esp"),$dat);	# save inp^Xi
+    &mov	(&DWP(528+8,"esp"),"ebx");
+    &movq	(&QWP(528+0,"esp"),$Zhi);
+    &mov	(&DWP(528+16+4,"esp"),"ecx");	# save inp
+
+    &xor	($nlo,$nlo);
+    &rol	($dat,8);
+    &mov	(&LB($nlo),&LB($dat));
+    &mov	($nhi[1],$nlo);
+    &and	(&LB($nlo),0x0f);
+    &shr	($nhi[1],4);
+    &pxor	($red[0],$red[0]);
+    &rol	($dat,8);			# next byte
+    &pxor	($red[1],$red[1]);
+    &pxor	($red[2],$red[2]);
+
+    # Just like in "May" version modulo-schedule for critical path in
+    # 'Z.hi ^= rem_8bit[Z.lo&0xff^((u8)H[nhi]<<4)]<<48'. Final 'pxor'
+    # is scheduled so late that rem_8bit[] has to be shifted *right*
+    # by 16, which is why last argument to pinsrw is 2, which
+    # corresponds to <<32=<<48>>16...
+    for ($j=11,$i=0;$i<15;$i++) {
+
+      if ($i>0) {
+	&pxor	($Zlo,&QWP(16,"esp",$nlo,8));		# Z^=H[nlo]
+	&rol	($dat,8);				# next byte
+	&pxor	($Zhi,&QWP(16+128,"esp",$nlo,8));
+
+	&pxor	($Zlo,$tmp);
+	&pxor	($Zhi,&QWP(16+256+128,"esp",$nhi[0],8));
+	&xor	(&LB($rem[1]),&BP(0,"esp",$nhi[0]));	# rem^(H[nhi]<<4)
+      } else {
+	&movq	($Zlo,&QWP(16,"esp",$nlo,8));
+	&movq	($Zhi,&QWP(16+128,"esp",$nlo,8));
+      }
+
+	&mov	(&LB($nlo),&LB($dat));
+	&mov	($dat,&DWP(528+$j,"esp"))		if (--$j%4==0);
+
+	&movd	($rem[0],$Zlo);
+	&movz	($rem[1],&LB($rem[1]))			if ($i>0);
+	&psrlq	($Zlo,8);				# Z>>=8
+
+	&movq	($tmp,$Zhi);
+	&mov	($nhi[0],$nlo);
+	&psrlq	($Zhi,8);
+
+	&pxor	($Zlo,&QWP(16+256+0,"esp",$nhi[1],8));	# Z^=H[nhi]>>4
+	&and	(&LB($nlo),0x0f);
+	&psllq	($tmp,56);
+
+	&pxor	($Zhi,$red[1])				if ($i>1);
+	&shr	($nhi[0],4);
+	&pinsrw	($red[0],&WP(0,$rem_8bit,$rem[1],2),2)	if ($i>0);
+
+	unshift	(@red,pop(@red));			# "rotate" registers
+	unshift	(@rem,pop(@rem));
+	unshift	(@nhi,pop(@nhi));
+    }
+
+    &pxor	($Zlo,&QWP(16,"esp",$nlo,8));		# Z^=H[nlo]
+    &pxor	($Zhi,&QWP(16+128,"esp",$nlo,8));
+    &xor	(&LB($rem[1]),&BP(0,"esp",$nhi[0]));	# rem^(H[nhi]<<4)
+
+    &pxor	($Zlo,$tmp);
+    &pxor	($Zhi,&QWP(16+256+128,"esp",$nhi[0],8));
+    &movz	($rem[1],&LB($rem[1]));
+
+    &pxor	($red[2],$red[2]);			# clear 2nd word
+    &psllq	($red[1],4);
+
+    &movd	($rem[0],$Zlo);
+    &psrlq	($Zlo,4);				# Z>>=4
+
+    &movq	($tmp,$Zhi);
+    &psrlq	($Zhi,4);
+    &shl	($rem[0],4);				# rem<<4
+
+    &pxor	($Zlo,&QWP(16,"esp",$nhi[1],8));	# Z^=H[nhi]
+    &psllq	($tmp,60);
+    &movz	($rem[0],&LB($rem[0]));
+
+    &pxor	($Zlo,$tmp);
+    &pxor	($Zhi,&QWP(16+128,"esp",$nhi[1],8));
+
+    &pinsrw	($red[0],&WP(0,$rem_8bit,$rem[1],2),2);
+    &pxor	($Zhi,$red[1]);
+
+    &movd	($dat,$Zlo);
+    &pinsrw	($red[2],&WP(0,$rem_8bit,$rem[0],2),3);	# last is <<48
+
+    &psllq	($red[0],12);				# correct by <<16>>4
+    &pxor	($Zhi,$red[0]);
+    &psrlq	($Zlo,32);
+    &pxor	($Zhi,$red[2]);
+
+    &mov	("ecx",&DWP(528+16+4,"esp"));	# restore inp
+    &movd	("ebx",$Zlo);
+    &movq	($tmp,$Zhi);			# 01234567
+    &psllw	($Zhi,8);			# 1.3.5.7.
+    &psrlw	($tmp,8);			# .0.2.4.6
+    &por	($Zhi,$tmp);			# 10325476
+    &bswap	($dat);
+    &pshufw	($Zhi,$Zhi,0b00011011);		# 76543210
+    &bswap	("ebx");
+
+    &cmp	("ecx",&DWP(528+16+8,"esp"));	# are we done?
+    &jne	(&label("outer"));
+  }
+
+    &mov	("eax",&DWP(528+16+0,"esp"));	# restore Xi
+    &mov	(&DWP(12,"eax"),"edx");
+    &mov	(&DWP(8,"eax"),"ebx");
+    &movq	(&QWP(0,"eax"),$Zhi);
+
+    &mov	("esp",&DWP(528+16+12,"esp"));	# restore original %esp
+    &emms	();
+}
+&function_end("gcm_ghash_4bit_mmx");
+}}
+
+if ($sse2) {{
+######################################################################
+# PCLMULQDQ version.
+
+$Xip="eax";
+$Htbl="edx";
+$const="ecx";
+$inp="esi";
+$len="ebx";
+
+($Xi,$Xhi)=("xmm0","xmm1");	$Hkey="xmm2";
+($T1,$T2,$T3)=("xmm3","xmm4","xmm5");
+($Xn,$Xhn)=("xmm6","xmm7");
+
+&static_label("bswap");
+
+sub clmul64x64_T2 {	# minimal "register" pressure
+my ($Xhi,$Xi,$Hkey,$HK)=@_;
+
+	&movdqa		($Xhi,$Xi);		#
+	&pshufd		($T1,$Xi,0b01001110);
+	&pshufd		($T2,$Hkey,0b01001110)	if (!defined($HK));
+	&pxor		($T1,$Xi);		#
+	&pxor		($T2,$Hkey)		if (!defined($HK));
+			$HK=$T2			if (!defined($HK));
+
+	&pclmulqdq	($Xi,$Hkey,0x00);	#######
+	&pclmulqdq	($Xhi,$Hkey,0x11);	#######
+	&pclmulqdq	($T1,$HK,0x00);		#######
+	&xorps		($T1,$Xi);		#
+	&xorps		($T1,$Xhi);		#
+
+	&movdqa		($T2,$T1);		#
+	&psrldq		($T1,8);
+	&pslldq		($T2,8);		#
+	&pxor		($Xhi,$T1);
+	&pxor		($Xi,$T2);		#
+}
+
+sub clmul64x64_T3 {
+# Even though this subroutine offers visually better ILP, it
+# was empirically found to be a tad slower than above version.
+# At least in gcm_ghash_clmul context. But it's just as well,
+# because loop modulo-scheduling is possible only thanks to
+# minimized "register" pressure...
+my ($Xhi,$Xi,$Hkey)=@_;
+
+	&movdqa		($T1,$Xi);		#
+	&movdqa		($Xhi,$Xi);
+	&pclmulqdq	($Xi,$Hkey,0x00);	#######
+	&pclmulqdq	($Xhi,$Hkey,0x11);	#######
+	&pshufd		($T2,$T1,0b01001110);	#
+	&pshufd		($T3,$Hkey,0b01001110);
+	&pxor		($T2,$T1);		#
+	&pxor		($T3,$Hkey);
+	&pclmulqdq	($T2,$T3,0x00);		#######
+	&pxor		($T2,$Xi);		#
+	&pxor		($T2,$Xhi);		#
+
+	&movdqa		($T3,$T2);		#
+	&psrldq		($T2,8);
+	&pslldq		($T3,8);		#
+	&pxor		($Xhi,$T2);
+	&pxor		($Xi,$T3);		#
+}
+
+if (1) {		# Algorithm 9 with <<1 twist.
+			# Reduction is shorter and uses only two
+			# temporary registers, which makes it better
+			# candidate for interleaving with 64x64
+			# multiplication. Pre-modulo-scheduled loop
+			# was found to be ~20% faster than Algorithm 5
+			# below. Algorithm 9 was therefore chosen for
+			# further optimization...
+
+sub reduction_alg9 {	# 17/11 times faster than Intel version
+my ($Xhi,$Xi) = @_;
+
+	# 1st phase
+	&movdqa		($T2,$Xi);		#
+	&movdqa		($T1,$Xi);
+	&psllq		($Xi,5);
+	&pxor		($T1,$Xi);		#
+	&psllq		($Xi,1);
+	&pxor		($Xi,$T1);		#
+	&psllq		($Xi,57);		#
+	&movdqa		($T1,$Xi);		#
+	&pslldq		($Xi,8);
+	&psrldq		($T1,8);		#
+	&pxor		($Xi,$T2);
+	&pxor		($Xhi,$T1);		#
+
+	# 2nd phase
+	&movdqa		($T2,$Xi);
+	&psrlq		($Xi,1);
+	&pxor		($Xhi,$T2);		#
+	&pxor		($T2,$Xi);
+	&psrlq		($Xi,5);
+	&pxor		($Xi,$T2);		#
+	&psrlq		($Xi,1);		#
+	&pxor		($Xi,$Xhi)		#
+}
+
+&function_begin_B("gcm_init_clmul");
+	&mov		($Htbl,&wparam(0));
+	&mov		($Xip,&wparam(1));
+
+	&call		(&label("pic"));
+&set_label("pic");
+	&blindpop	($const);
+	&lea		($const,&DWP(&label("bswap")."-".&label("pic"),$const));
+
+	&movdqu		($Hkey,&QWP(0,$Xip));
+	&pshufd		($Hkey,$Hkey,0b01001110);# dword swap
+
+	# <<1 twist
+	&pshufd		($T2,$Hkey,0b11111111);	# broadcast uppermost dword
+	&movdqa		($T1,$Hkey);
+	&psllq		($Hkey,1);
+	&pxor		($T3,$T3);		#
+	&psrlq		($T1,63);
+	&pcmpgtd	($T3,$T2);		# broadcast carry bit
+	&pslldq		($T1,8);
+	&por		($Hkey,$T1);		# H<<=1
+
+	# magic reduction
+	&pand		($T3,&QWP(16,$const));	# 0x1c2_polynomial
+	&pxor		($Hkey,$T3);		# if(carry) H^=0x1c2_polynomial
+
+	# calculate H^2
+	&movdqa		($Xi,$Hkey);
+	&clmul64x64_T2	($Xhi,$Xi,$Hkey);
+	&reduction_alg9	($Xhi,$Xi);
+
+	&pshufd		($T1,$Hkey,0b01001110);
+	&pshufd		($T2,$Xi,0b01001110);
+	&pxor		($T1,$Hkey);		# Karatsuba pre-processing
+	&movdqu		(&QWP(0,$Htbl),$Hkey);	# save H
+	&pxor		($T2,$Xi);		# Karatsuba pre-processing
+	&movdqu		(&QWP(16,$Htbl),$Xi);	# save H^2
+	&palignr	($T2,$T1,8);		# low part is H.lo^H.hi
+	&movdqu		(&QWP(32,$Htbl),$T2);	# save Karatsuba "salt"
+
+	&ret		();
+&function_end_B("gcm_init_clmul");
+
+&function_begin_B("gcm_gmult_clmul");
+	&mov		($Xip,&wparam(0));
+	&mov		($Htbl,&wparam(1));
+
+	&call		(&label("pic"));
+&set_label("pic");
+	&blindpop	($const);
+	&lea		($const,&DWP(&label("bswap")."-".&label("pic"),$const));
+
+	&movdqu		($Xi,&QWP(0,$Xip));
+	&movdqa		($T3,&QWP(0,$const));
+	&movups		($Hkey,&QWP(0,$Htbl));
+	&pshufb		($Xi,$T3);
+	&movups		($T2,&QWP(32,$Htbl));
+
+	&clmul64x64_T2	($Xhi,$Xi,$Hkey,$T2);
+	&reduction_alg9	($Xhi,$Xi);
+
+	&pshufb		($Xi,$T3);
+	&movdqu		(&QWP(0,$Xip),$Xi);
+
+	&ret	();
+&function_end_B("gcm_gmult_clmul");
+
+&function_begin("gcm_ghash_clmul");
+	&mov		($Xip,&wparam(0));
+	&mov		($Htbl,&wparam(1));
+	&mov		($inp,&wparam(2));
+	&mov		($len,&wparam(3));
+
+	&call		(&label("pic"));
+&set_label("pic");
+	&blindpop	($const);
+	&lea		($const,&DWP(&label("bswap")."-".&label("pic"),$const));
+
+	&movdqu		($Xi,&QWP(0,$Xip));
+	&movdqa		($T3,&QWP(0,$const));
+	&movdqu		($Hkey,&QWP(0,$Htbl));
+	&pshufb		($Xi,$T3);
+
+	&sub		($len,0x10);
+	&jz		(&label("odd_tail"));
+
+	#######
+	# Xi+2 =[H*(Ii+1 + Xi+1)] mod P =
+	#	[(H*Ii+1) + (H*Xi+1)] mod P =
+	#	[(H*Ii+1) + H^2*(Ii+Xi)] mod P
+	#
+	&movdqu		($T1,&QWP(0,$inp));	# Ii
+	&movdqu		($Xn,&QWP(16,$inp));	# Ii+1
+	&pshufb		($T1,$T3);
+	&pshufb		($Xn,$T3);
+	&movdqu		($T3,&QWP(32,$Htbl));
+	&pxor		($Xi,$T1);		# Ii+Xi
+
+	&pshufd		($T1,$Xn,0b01001110);	# H*Ii+1
+	&movdqa		($Xhn,$Xn);
+	&pxor		($T1,$Xn);		#
+	&lea		($inp,&DWP(32,$inp));	# i+=2
+
+	&pclmulqdq	($Xn,$Hkey,0x00);	#######
+	&pclmulqdq	($Xhn,$Hkey,0x11);	#######
+	&pclmulqdq	($T1,$T3,0x00);		#######
+	&movups		($Hkey,&QWP(16,$Htbl));	# load H^2
+	&nop		();
+
+	&sub		($len,0x20);
+	&jbe		(&label("even_tail"));
+	&jmp		(&label("mod_loop"));
+
+&set_label("mod_loop",32);
+	&pshufd		($T2,$Xi,0b01001110);	# H^2*(Ii+Xi)
+	&movdqa		($Xhi,$Xi);
+	&pxor		($T2,$Xi);		#
+	&nop		();
+
+	&pclmulqdq	($Xi,$Hkey,0x00);	#######
+	&pclmulqdq	($Xhi,$Hkey,0x11);	#######
+	&pclmulqdq	($T2,$T3,0x10);		#######
+	&movups		($Hkey,&QWP(0,$Htbl));	# load H
+
+	&xorps		($Xi,$Xn);		# (H*Ii+1) + H^2*(Ii+Xi)
+	&movdqa		($T3,&QWP(0,$const));
+	&xorps		($Xhi,$Xhn);
+	 &movdqu	($Xhn,&QWP(0,$inp));	# Ii
+	&pxor		($T1,$Xi);		# aggregated Karatsuba post-processing
+	 &movdqu	($Xn,&QWP(16,$inp));	# Ii+1
+	&pxor		($T1,$Xhi);		#
+
+	 &pshufb	($Xhn,$T3);
+	&pxor		($T2,$T1);		#
+
+	&movdqa		($T1,$T2);		#
+	&psrldq		($T2,8);
+	&pslldq		($T1,8);		#
+	&pxor		($Xhi,$T2);
+	&pxor		($Xi,$T1);		#
+	 &pshufb	($Xn,$T3);
+	 &pxor		($Xhi,$Xhn);		# "Ii+Xi", consume early
+
+	&movdqa		($Xhn,$Xn);		#&clmul64x64_TX	($Xhn,$Xn,$Hkey); H*Ii+1
+	  &movdqa	($T2,$Xi);		#&reduction_alg9($Xhi,$Xi); 1st phase
+	  &movdqa	($T1,$Xi);
+	  &psllq	($Xi,5);
+	  &pxor		($T1,$Xi);		#
+	  &psllq	($Xi,1);
+	  &pxor		($Xi,$T1);		#
+	&pclmulqdq	($Xn,$Hkey,0x00);	#######
+	&movups		($T3,&QWP(32,$Htbl));
+	  &psllq	($Xi,57);		#
+	  &movdqa	($T1,$Xi);		#
+	  &pslldq	($Xi,8);
+	  &psrldq	($T1,8);		#
+	  &pxor		($Xi,$T2);
+	  &pxor		($Xhi,$T1);		#
+	&pshufd		($T1,$Xhn,0b01001110);
+	  &movdqa	($T2,$Xi);		# 2nd phase
+	  &psrlq	($Xi,1);
+	&pxor		($T1,$Xhn);
+	  &pxor		($Xhi,$T2);		#
+	&pclmulqdq	($Xhn,$Hkey,0x11);	#######
+	&movups		($Hkey,&QWP(16,$Htbl));	# load H^2
+	  &pxor		($T2,$Xi);
+	  &psrlq	($Xi,5);
+	  &pxor		($Xi,$T2);		#
+	  &psrlq	($Xi,1);		#
+	  &pxor		($Xi,$Xhi)		#
+	&pclmulqdq	($T1,$T3,0x00);		#######
+
+	&lea		($inp,&DWP(32,$inp));
+	&sub		($len,0x20);
+	&ja		(&label("mod_loop"));
+
+&set_label("even_tail");
+	&pshufd		($T2,$Xi,0b01001110);	# H^2*(Ii+Xi)
+	&movdqa		($Xhi,$Xi);
+	&pxor		($T2,$Xi);		#
+
+	&pclmulqdq	($Xi,$Hkey,0x00);	#######
+	&pclmulqdq	($Xhi,$Hkey,0x11);	#######
+	&pclmulqdq	($T2,$T3,0x10);		#######
+	&movdqa		($T3,&QWP(0,$const));
+
+	&xorps		($Xi,$Xn);		# (H*Ii+1) + H^2*(Ii+Xi)
+	&xorps		($Xhi,$Xhn);
+	&pxor		($T1,$Xi);		# aggregated Karatsuba post-processing
+	&pxor		($T1,$Xhi);		#
+
+	&pxor		($T2,$T1);		#
+
+	&movdqa		($T1,$T2);		#
+	&psrldq		($T2,8);
+	&pslldq		($T1,8);		#
+	&pxor		($Xhi,$T2);
+	&pxor		($Xi,$T1);		#
+
+	&reduction_alg9	($Xhi,$Xi);
+
+	&test		($len,$len);
+	&jnz		(&label("done"));
+
+	&movups		($Hkey,&QWP(0,$Htbl));	# load H
+&set_label("odd_tail");
+	&movdqu		($T1,&QWP(0,$inp));	# Ii
+	&pshufb		($T1,$T3);
+	&pxor		($Xi,$T1);		# Ii+Xi
+
+	&clmul64x64_T2	($Xhi,$Xi,$Hkey);	# H*(Ii+Xi)
+	&reduction_alg9	($Xhi,$Xi);
+
+&set_label("done");
+	&pshufb		($Xi,$T3);
+	&movdqu		(&QWP(0,$Xip),$Xi);
+&function_end("gcm_ghash_clmul");
+
+} else {		# Algorithm 5. Kept for reference purposes.
+
+sub reduction_alg5 {	# 19/16 times faster than Intel version
+my ($Xhi,$Xi)=@_;
+
+	# <<1
+	&movdqa		($T1,$Xi);		#
+	&movdqa		($T2,$Xhi);
+	&pslld		($Xi,1);
+	&pslld		($Xhi,1);		#
+	&psrld		($T1,31);
+	&psrld		($T2,31);		#
+	&movdqa		($T3,$T1);
+	&pslldq		($T1,4);
+	&psrldq		($T3,12);		#
+	&pslldq		($T2,4);
+	&por		($Xhi,$T3);		#
+	&por		($Xi,$T1);
+	&por		($Xhi,$T2);		#
+
+	# 1st phase
+	&movdqa		($T1,$Xi);
+	&movdqa		($T2,$Xi);
+	&movdqa		($T3,$Xi);		#
+	&pslld		($T1,31);
+	&pslld		($T2,30);
+	&pslld		($Xi,25);		#
+	&pxor		($T1,$T2);
+	&pxor		($T1,$Xi);		#
+	&movdqa		($T2,$T1);		#
+	&pslldq		($T1,12);
+	&psrldq		($T2,4);		#
+	&pxor		($T3,$T1);
+
+	# 2nd phase
+	&pxor		($Xhi,$T3);		#
+	&movdqa		($Xi,$T3);
+	&movdqa		($T1,$T3);
+	&psrld		($Xi,1);		#
+	&psrld		($T1,2);
+	&psrld		($T3,7);		#
+	&pxor		($Xi,$T1);
+	&pxor		($Xhi,$T2);
+	&pxor		($Xi,$T3);		#
+	&pxor		($Xi,$Xhi);		#
+}
+
+&function_begin_B("gcm_init_clmul");
+	&mov		($Htbl,&wparam(0));
+	&mov		($Xip,&wparam(1));
+
+	&call		(&label("pic"));
+&set_label("pic");
+	&blindpop	($const);
+	&lea		($const,&DWP(&label("bswap")."-".&label("pic"),$const));
+
+	&movdqu		($Hkey,&QWP(0,$Xip));
+	&pshufd		($Hkey,$Hkey,0b01001110);# dword swap
+
+	# calculate H^2
+	&movdqa		($Xi,$Hkey);
+	&clmul64x64_T3	($Xhi,$Xi,$Hkey);
+	&reduction_alg5	($Xhi,$Xi);
+
+	&movdqu		(&QWP(0,$Htbl),$Hkey);	# save H
+	&movdqu		(&QWP(16,$Htbl),$Xi);	# save H^2
+
+	&ret		();
+&function_end_B("gcm_init_clmul");
+
+&function_begin_B("gcm_gmult_clmul");
+	&mov		($Xip,&wparam(0));
+	&mov		($Htbl,&wparam(1));
+
+	&call		(&label("pic"));
+&set_label("pic");
+	&blindpop	($const);
+	&lea		($const,&DWP(&label("bswap")."-".&label("pic"),$const));
+
+	&movdqu		($Xi,&QWP(0,$Xip));
+	&movdqa		($Xn,&QWP(0,$const));
+	&movdqu		($Hkey,&QWP(0,$Htbl));
+	&pshufb		($Xi,$Xn);
+
+	&clmul64x64_T3	($Xhi,$Xi,$Hkey);
+	&reduction_alg5	($Xhi,$Xi);
+
+	&pshufb		($Xi,$Xn);
+	&movdqu		(&QWP(0,$Xip),$Xi);
+
+	&ret	();
+&function_end_B("gcm_gmult_clmul");
+
+&function_begin("gcm_ghash_clmul");
+	&mov		($Xip,&wparam(0));
+	&mov		($Htbl,&wparam(1));
+	&mov		($inp,&wparam(2));
+	&mov		($len,&wparam(3));
+
+	&call		(&label("pic"));
+&set_label("pic");
+	&blindpop	($const);
+	&lea		($const,&DWP(&label("bswap")."-".&label("pic"),$const));
+
+	&movdqu		($Xi,&QWP(0,$Xip));
+	&movdqa		($T3,&QWP(0,$const));
+	&movdqu		($Hkey,&QWP(0,$Htbl));
+	&pshufb		($Xi,$T3);
+
+	&sub		($len,0x10);
+	&jz		(&label("odd_tail"));
+
+	#######
+	# Xi+2 =[H*(Ii+1 + Xi+1)] mod P =
+	#	[(H*Ii+1) + (H*Xi+1)] mod P =
+	#	[(H*Ii+1) + H^2*(Ii+Xi)] mod P
+	#
+	&movdqu		($T1,&QWP(0,$inp));	# Ii
+	&movdqu		($Xn,&QWP(16,$inp));	# Ii+1
+	&pshufb		($T1,$T3);
+	&pshufb		($Xn,$T3);
+	&pxor		($Xi,$T1);		# Ii+Xi
+
+	&clmul64x64_T3	($Xhn,$Xn,$Hkey);	# H*Ii+1
+	&movdqu		($Hkey,&QWP(16,$Htbl));	# load H^2
+
+	&sub		($len,0x20);
+	&lea		($inp,&DWP(32,$inp));	# i+=2
+	&jbe		(&label("even_tail"));
+
+&set_label("mod_loop");
+	&clmul64x64_T3	($Xhi,$Xi,$Hkey);	# H^2*(Ii+Xi)
+	&movdqu		($Hkey,&QWP(0,$Htbl));	# load H
+
+	&pxor		($Xi,$Xn);		# (H*Ii+1) + H^2*(Ii+Xi)
+	&pxor		($Xhi,$Xhn);
+
+	&reduction_alg5	($Xhi,$Xi);
+
+	#######
+	&movdqa		($T3,&QWP(0,$const));
+	&movdqu		($T1,&QWP(0,$inp));	# Ii
+	&movdqu		($Xn,&QWP(16,$inp));	# Ii+1
+	&pshufb		($T1,$T3);
+	&pshufb		($Xn,$T3);
+	&pxor		($Xi,$T1);		# Ii+Xi
+
+	&clmul64x64_T3	($Xhn,$Xn,$Hkey);	# H*Ii+1
+	&movdqu		($Hkey,&QWP(16,$Htbl));	# load H^2
+
+	&sub		($len,0x20);
+	&lea		($inp,&DWP(32,$inp));
+	&ja		(&label("mod_loop"));
+
+&set_label("even_tail");
+	&clmul64x64_T3	($Xhi,$Xi,$Hkey);	# H^2*(Ii+Xi)
+
+	&pxor		($Xi,$Xn);		# (H*Ii+1) + H^2*(Ii+Xi)
+	&pxor		($Xhi,$Xhn);
+
+	&reduction_alg5	($Xhi,$Xi);
+
+	&movdqa		($T3,&QWP(0,$const));
+	&test		($len,$len);
+	&jnz		(&label("done"));
+
+	&movdqu		($Hkey,&QWP(0,$Htbl));	# load H
+&set_label("odd_tail");
+	&movdqu		($T1,&QWP(0,$inp));	# Ii
+	&pshufb		($T1,$T3);
+	&pxor		($Xi,$T1);		# Ii+Xi
+
+	&clmul64x64_T3	($Xhi,$Xi,$Hkey);	# H*(Ii+Xi)
+	&reduction_alg5	($Xhi,$Xi);
+
+	&movdqa		($T3,&QWP(0,$const));
+&set_label("done");
+	&pshufb		($Xi,$T3);
+	&movdqu		(&QWP(0,$Xip),$Xi);
+&function_end("gcm_ghash_clmul");
+
+}
+
+&set_label("bswap",64);
+	&data_byte(15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0);
+	&data_byte(1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0xc2);	# 0x1c2_polynomial
+&set_label("rem_8bit",64);
+	&data_short(0x0000,0x01C2,0x0384,0x0246,0x0708,0x06CA,0x048C,0x054E);
+	&data_short(0x0E10,0x0FD2,0x0D94,0x0C56,0x0918,0x08DA,0x0A9C,0x0B5E);
+	&data_short(0x1C20,0x1DE2,0x1FA4,0x1E66,0x1B28,0x1AEA,0x18AC,0x196E);
+	&data_short(0x1230,0x13F2,0x11B4,0x1076,0x1538,0x14FA,0x16BC,0x177E);
+	&data_short(0x3840,0x3982,0x3BC4,0x3A06,0x3F48,0x3E8A,0x3CCC,0x3D0E);
+	&data_short(0x3650,0x3792,0x35D4,0x3416,0x3158,0x309A,0x32DC,0x331E);
+	&data_short(0x2460,0x25A2,0x27E4,0x2626,0x2368,0x22AA,0x20EC,0x212E);
+	&data_short(0x2A70,0x2BB2,0x29F4,0x2836,0x2D78,0x2CBA,0x2EFC,0x2F3E);
+	&data_short(0x7080,0x7142,0x7304,0x72C6,0x7788,0x764A,0x740C,0x75CE);
+	&data_short(0x7E90,0x7F52,0x7D14,0x7CD6,0x7998,0x785A,0x7A1C,0x7BDE);
+	&data_short(0x6CA0,0x6D62,0x6F24,0x6EE6,0x6BA8,0x6A6A,0x682C,0x69EE);
+	&data_short(0x62B0,0x6372,0x6134,0x60F6,0x65B8,0x647A,0x663C,0x67FE);
+	&data_short(0x48C0,0x4902,0x4B44,0x4A86,0x4FC8,0x4E0A,0x4C4C,0x4D8E);
+	&data_short(0x46D0,0x4712,0x4554,0x4496,0x41D8,0x401A,0x425C,0x439E);
+	&data_short(0x54E0,0x5522,0x5764,0x56A6,0x53E8,0x522A,0x506C,0x51AE);
+	&data_short(0x5AF0,0x5B32,0x5974,0x58B6,0x5DF8,0x5C3A,0x5E7C,0x5FBE);
+	&data_short(0xE100,0xE0C2,0xE284,0xE346,0xE608,0xE7CA,0xE58C,0xE44E);
+	&data_short(0xEF10,0xEED2,0xEC94,0xED56,0xE818,0xE9DA,0xEB9C,0xEA5E);
+	&data_short(0xFD20,0xFCE2,0xFEA4,0xFF66,0xFA28,0xFBEA,0xF9AC,0xF86E);
+	&data_short(0xF330,0xF2F2,0xF0B4,0xF176,0xF438,0xF5FA,0xF7BC,0xF67E);
+	&data_short(0xD940,0xD882,0xDAC4,0xDB06,0xDE48,0xDF8A,0xDDCC,0xDC0E);
+	&data_short(0xD750,0xD692,0xD4D4,0xD516,0xD058,0xD19A,0xD3DC,0xD21E);
+	&data_short(0xC560,0xC4A2,0xC6E4,0xC726,0xC268,0xC3AA,0xC1EC,0xC02E);
+	&data_short(0xCB70,0xCAB2,0xC8F4,0xC936,0xCC78,0xCDBA,0xCFFC,0xCE3E);
+	&data_short(0x9180,0x9042,0x9204,0x93C6,0x9688,0x974A,0x950C,0x94CE);
+	&data_short(0x9F90,0x9E52,0x9C14,0x9DD6,0x9898,0x995A,0x9B1C,0x9ADE);
+	&data_short(0x8DA0,0x8C62,0x8E24,0x8FE6,0x8AA8,0x8B6A,0x892C,0x88EE);
+	&data_short(0x83B0,0x8272,0x8034,0x81F6,0x84B8,0x857A,0x873C,0x86FE);
+	&data_short(0xA9C0,0xA802,0xAA44,0xAB86,0xAEC8,0xAF0A,0xAD4C,0xAC8E);
+	&data_short(0xA7D0,0xA612,0xA454,0xA596,0xA0D8,0xA11A,0xA35C,0xA29E);
+	&data_short(0xB5E0,0xB422,0xB664,0xB7A6,0xB2E8,0xB32A,0xB16C,0xB0AE);
+	&data_short(0xBBF0,0xBA32,0xB874,0xB9B6,0xBCF8,0xBD3A,0xBF7C,0xBEBE);
+}}	# $sse2
+
+&set_label("rem_4bit",64);
+	&data_word(0,0x0000<<$S,0,0x1C20<<$S,0,0x3840<<$S,0,0x2460<<$S);
+	&data_word(0,0x7080<<$S,0,0x6CA0<<$S,0,0x48C0<<$S,0,0x54E0<<$S);
+	&data_word(0,0xE100<<$S,0,0xFD20<<$S,0,0xD940<<$S,0,0xC560<<$S);
+	&data_word(0,0x9180<<$S,0,0x8DA0<<$S,0,0xA9C0<<$S,0,0xB5E0<<$S);
+}}}	# !$x86only
+
+&asciz("GHASH for x86, CRYPTOGAMS by <appro\@openssl.org>");
+&asm_finish();
+
+close STDOUT;
+
+# A question was risen about choice of vanilla MMX. Or rather why wasn't
+# SSE2 chosen instead? In addition to the fact that MMX runs on legacy
+# CPUs such as PIII, "4-bit" MMX version was observed to provide better
+# performance than *corresponding* SSE2 one even on contemporary CPUs.
+# SSE2 results were provided by Peter-Michael Hager. He maintains SSE2
+# implementation featuring full range of lookup-table sizes, but with
+# per-invocation lookup table setup. Latter means that table size is
+# chosen depending on how much data is to be hashed in every given call,
+# more data - larger table. Best reported result for Core2 is ~4 cycles
+# per processed byte out of 64KB block. This number accounts even for
+# 64KB table setup overhead. As discussed in gcm128.c we choose to be
+# more conservative in respect to lookup table sizes, but how do the
+# results compare? Minimalistic "256B" MMX version delivers ~11 cycles
+# on same platform. As also discussed in gcm128.c, next in line "8-bit
+# Shoup's" or "4KB" method should deliver twice the performance of
+# "256B" one, in other words not worse than ~6 cycles per byte. It
+# should be also be noted that in SSE2 case improvement can be "super-
+# linear," i.e. more than twice, mostly because >>8 maps to single
+# instruction on SSE2 register. This is unlike "4-bit" case when >>4
+# maps to same amount of instructions in both MMX and SSE2 cases.
+# Bottom line is that switch to SSE2 is considered to be justifiable
+# only in case we choose to implement "8-bit" method...
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-x86_64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-x86_64.pl
new file mode 100644
index 000000000..30158aa07
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-x86_64.pl
@@ -0,0 +1,1816 @@
+#! /usr/bin/env perl
+# Copyright 2010-2019 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# March, June 2010
+#
+# The module implements "4-bit" GCM GHASH function and underlying
+# single multiplication operation in GF(2^128). "4-bit" means that
+# it uses 256 bytes per-key table [+128 bytes shared table]. GHASH
+# function features so called "528B" variant utilizing additional
+# 256+16 bytes of per-key storage [+512 bytes shared table].
+# Performance results are for this streamed GHASH subroutine and are
+# expressed in cycles per processed byte, less is better:
+#
+#		gcc 3.4.x(*)	assembler
+#
+# P4		28.6		14.0		+100%
+# Opteron	19.3		7.7		+150%
+# Core2		17.8		8.1(**)		+120%
+# Atom		31.6		16.8		+88%
+# VIA Nano	21.8		10.1		+115%
+#
+# (*)	comparison is not completely fair, because C results are
+#	for vanilla "256B" implementation, while assembler results
+#	are for "528B";-)
+# (**)	it's mystery [to me] why Core2 result is not same as for
+#	Opteron;
+
+# May 2010
+#
+# Add PCLMULQDQ version performing at 2.02 cycles per processed byte.
+# See ghash-x86.pl for background information and details about coding
+# techniques.
+#
+# Special thanks to David Woodhouse for providing access to a
+# Westmere-based system on behalf of Intel Open Source Technology Centre.
+
+# December 2012
+#
+# Overhaul: aggregate Karatsuba post-processing, improve ILP in
+# reduction_alg9, increase reduction aggregate factor to 4x. As for
+# the latter. ghash-x86.pl discusses that it makes lesser sense to
+# increase aggregate factor. Then why increase here? Critical path
+# consists of 3 independent pclmulqdq instructions, Karatsuba post-
+# processing and reduction. "On top" of this we lay down aggregated
+# multiplication operations, triplets of independent pclmulqdq's. As
+# issue rate for pclmulqdq is limited, it makes lesser sense to
+# aggregate more multiplications than it takes to perform remaining
+# non-multiplication operations. 2x is near-optimal coefficient for
+# contemporary Intel CPUs (therefore modest improvement coefficient),
+# but not for Bulldozer. Latter is because logical SIMD operations
+# are twice as slow in comparison to Intel, so that critical path is
+# longer. A CPU with higher pclmulqdq issue rate would also benefit
+# from higher aggregate factor...
+#
+# Westmere	1.78(+13%)
+# Sandy Bridge	1.80(+8%)
+# Ivy Bridge	1.80(+7%)
+# Haswell	0.55(+93%) (if system doesn't support AVX)
+# Broadwell	0.45(+110%)(if system doesn't support AVX)
+# Skylake	0.44(+110%)(if system doesn't support AVX)
+# Bulldozer	1.49(+27%)
+# Silvermont	2.88(+13%)
+# Knights L	2.12(-)    (if system doesn't support AVX)
+# Goldmont	1.08(+24%)
+
+# March 2013
+#
+# ... 8x aggregate factor AVX code path is using reduction algorithm
+# suggested by Shay Gueron[1]. Even though contemporary AVX-capable
+# CPUs such as Sandy and Ivy Bridge can execute it, the code performs
+# sub-optimally in comparison to above mentioned version. But thanks
+# to Ilya Albrekht and Max Locktyukhin of Intel Corp. we knew that
+# it performs in 0.41 cycles per byte on Haswell processor, in
+# 0.29 on Broadwell, and in 0.36 on Skylake.
+#
+# Knights Landing achieves 1.09 cpb.
+#
+# [1] http://rt.openssl.org/Ticket/Display.html?id=2900&user=guest&pass=guest
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+		=~ /GNU assembler version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.20) + ($1>=2.22);
+}
+
+if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
+	    `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.09) + ($1>=2.10);
+}
+
+if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
+	    `ml64 2>&1` =~ /Version ([0-9]+)\./) {
+	$avx = ($1>=10) + ($1>=11);
+}
+
+if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) {
+	$avx = ($2>=3.0) + ($2>3.0);
+}
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+$do4xaggr=1;
+
+# common register layout
+$nlo="%rax";
+$nhi="%rbx";
+$Zlo="%r8";
+$Zhi="%r9";
+$tmp="%r10";
+$rem_4bit = "%r11";
+
+$Xi="%rdi";
+$Htbl="%rsi";
+
+# per-function register layout
+$cnt="%rcx";
+$rem="%rdx";
+
+sub LB() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1l/	or
+			$r =~ s/%[er]([sd]i)/%\1l/	or
+			$r =~ s/%[er](bp)/%\1l/		or
+			$r =~ s/%(r[0-9]+)[d]?/%\1b/;   $r; }
+
+sub AUTOLOAD()		# thunk [simplified] 32-bit style perlasm
+{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://;
+  my $arg = pop;
+    $arg = "\$$arg" if ($arg*1 eq $arg);
+    $code .= "\t$opcode\t".join(',',$arg,reverse @_)."\n";
+}
+
+{ my $N;
+  sub loop() {
+  my $inp = shift;
+
+	$N++;
+$code.=<<___;
+	xor	$nlo,$nlo
+	xor	$nhi,$nhi
+	mov	`&LB("$Zlo")`,`&LB("$nlo")`
+	mov	`&LB("$Zlo")`,`&LB("$nhi")`
+	shl	\$4,`&LB("$nlo")`
+	mov	\$14,$cnt
+	mov	8($Htbl,$nlo),$Zlo
+	mov	($Htbl,$nlo),$Zhi
+	and	\$0xf0,`&LB("$nhi")`
+	mov	$Zlo,$rem
+	jmp	.Loop$N
+
+.align	16
+.Loop$N:
+	shr	\$4,$Zlo
+	and	\$0xf,$rem
+	mov	$Zhi,$tmp
+	mov	($inp,$cnt),`&LB("$nlo")`
+	shr	\$4,$Zhi
+	xor	8($Htbl,$nhi),$Zlo
+	shl	\$60,$tmp
+	xor	($Htbl,$nhi),$Zhi
+	mov	`&LB("$nlo")`,`&LB("$nhi")`
+	xor	($rem_4bit,$rem,8),$Zhi
+	mov	$Zlo,$rem
+	shl	\$4,`&LB("$nlo")`
+	xor	$tmp,$Zlo
+	dec	$cnt
+	js	.Lbreak$N
+
+	shr	\$4,$Zlo
+	and	\$0xf,$rem
+	mov	$Zhi,$tmp
+	shr	\$4,$Zhi
+	xor	8($Htbl,$nlo),$Zlo
+	shl	\$60,$tmp
+	xor	($Htbl,$nlo),$Zhi
+	and	\$0xf0,`&LB("$nhi")`
+	xor	($rem_4bit,$rem,8),$Zhi
+	mov	$Zlo,$rem
+	xor	$tmp,$Zlo
+	jmp	.Loop$N
+
+.align	16
+.Lbreak$N:
+	shr	\$4,$Zlo
+	and	\$0xf,$rem
+	mov	$Zhi,$tmp
+	shr	\$4,$Zhi
+	xor	8($Htbl,$nlo),$Zlo
+	shl	\$60,$tmp
+	xor	($Htbl,$nlo),$Zhi
+	and	\$0xf0,`&LB("$nhi")`
+	xor	($rem_4bit,$rem,8),$Zhi
+	mov	$Zlo,$rem
+	xor	$tmp,$Zlo
+
+	shr	\$4,$Zlo
+	and	\$0xf,$rem
+	mov	$Zhi,$tmp
+	shr	\$4,$Zhi
+	xor	8($Htbl,$nhi),$Zlo
+	shl	\$60,$tmp
+	xor	($Htbl,$nhi),$Zhi
+	xor	$tmp,$Zlo
+	xor	($rem_4bit,$rem,8),$Zhi
+
+	bswap	$Zlo
+	bswap	$Zhi
+___
+}}
+
+$code=<<___;
+.text
+.extern	OPENSSL_ia32cap_P
+
+.globl	gcm_gmult_4bit
+.type	gcm_gmult_4bit,\@function,2
+.align	16
+gcm_gmult_4bit:
+.cfi_startproc
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp		# %rbp and others are pushed exclusively in
+.cfi_push	%rbp
+	push	%r12		# order to reuse Win64 exception handler...
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+	sub	\$280,%rsp
+.cfi_adjust_cfa_offset	280
+.Lgmult_prologue:
+
+	movzb	15($Xi),$Zlo
+	lea	.Lrem_4bit(%rip),$rem_4bit
+___
+	&loop	($Xi);
+$code.=<<___;
+	mov	$Zlo,8($Xi)
+	mov	$Zhi,($Xi)
+
+	lea	280+48(%rsp),%rsi
+.cfi_def_cfa	%rsi,8
+	mov	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lgmult_epilogue:
+	ret
+.cfi_endproc
+.size	gcm_gmult_4bit,.-gcm_gmult_4bit
+___
+
+# per-function register layout
+$inp="%rdx";
+$len="%rcx";
+$rem_8bit=$rem_4bit;
+
+$code.=<<___;
+.globl	gcm_ghash_4bit
+.type	gcm_ghash_4bit,\@function,4
+.align	16
+gcm_ghash_4bit:
+.cfi_startproc
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+	sub	\$280,%rsp
+.cfi_adjust_cfa_offset	280
+.Lghash_prologue:
+	mov	$inp,%r14		# reassign couple of args
+	mov	$len,%r15
+___
+{ my $inp="%r14";
+  my $dat="%edx";
+  my $len="%r15";
+  my @nhi=("%ebx","%ecx");
+  my @rem=("%r12","%r13");
+  my $Hshr4="%rbp";
+
+	&sub	($Htbl,-128);		# size optimization
+	&lea	($Hshr4,"16+128(%rsp)");
+	{ my @lo =($nlo,$nhi);
+          my @hi =($Zlo,$Zhi);
+
+	  &xor	($dat,$dat);
+	  for ($i=0,$j=-2;$i<18;$i++,$j++) {
+	    &mov	("$j(%rsp)",&LB($dat))		if ($i>1);
+	    &or		($lo[0],$tmp)			if ($i>1);
+	    &mov	(&LB($dat),&LB($lo[1]))		if ($i>0 && $i<17);
+	    &shr	($lo[1],4)			if ($i>0 && $i<17);
+	    &mov	($tmp,$hi[1])			if ($i>0 && $i<17);
+	    &shr	($hi[1],4)			if ($i>0 && $i<17);
+	    &mov	("8*$j($Hshr4)",$hi[0])		if ($i>1);
+	    &mov	($hi[0],"16*$i+0-128($Htbl)")	if ($i<16);
+	    &shl	(&LB($dat),4)			if ($i>0 && $i<17);
+	    &mov	("8*$j-128($Hshr4)",$lo[0])	if ($i>1);
+	    &mov	($lo[0],"16*$i+8-128($Htbl)")	if ($i<16);
+	    &shl	($tmp,60)			if ($i>0 && $i<17);
+
+	    push	(@lo,shift(@lo));
+	    push	(@hi,shift(@hi));
+	  }
+	}
+	&add	($Htbl,-128);
+	&mov	($Zlo,"8($Xi)");
+	&mov	($Zhi,"0($Xi)");
+	&add	($len,$inp);		# pointer to the end of data
+	&lea	($rem_8bit,".Lrem_8bit(%rip)");
+	&jmp	(".Louter_loop");
+
+$code.=".align	16\n.Louter_loop:\n";
+	&xor	($Zhi,"($inp)");
+	&mov	("%rdx","8($inp)");
+	&lea	($inp,"16($inp)");
+	&xor	("%rdx",$Zlo);
+	&mov	("($Xi)",$Zhi);
+	&mov	("8($Xi)","%rdx");
+	&shr	("%rdx",32);
+
+	&xor	($nlo,$nlo);
+	&rol	($dat,8);
+	&mov	(&LB($nlo),&LB($dat));
+	&movz	($nhi[0],&LB($dat));
+	&shl	(&LB($nlo),4);
+	&shr	($nhi[0],4);
+
+	for ($j=11,$i=0;$i<15;$i++) {
+	    &rol	($dat,8);
+	    &xor	($Zlo,"8($Htbl,$nlo)")			if ($i>0);
+	    &xor	($Zhi,"($Htbl,$nlo)")			if ($i>0);
+	    &mov	($Zlo,"8($Htbl,$nlo)")			if ($i==0);
+	    &mov	($Zhi,"($Htbl,$nlo)")			if ($i==0);
+
+	    &mov	(&LB($nlo),&LB($dat));
+	    &xor	($Zlo,$tmp)				if ($i>0);
+	    &movzw	($rem[1],"($rem_8bit,$rem[1],2)")	if ($i>0);
+
+	    &movz	($nhi[1],&LB($dat));
+	    &shl	(&LB($nlo),4);
+	    &movzb	($rem[0],"(%rsp,$nhi[0])");
+
+	    &shr	($nhi[1],4)				if ($i<14);
+	    &and	($nhi[1],0xf0)				if ($i==14);
+	    &shl	($rem[1],48)				if ($i>0);
+	    &xor	($rem[0],$Zlo);
+
+	    &mov	($tmp,$Zhi);
+	    &xor	($Zhi,$rem[1])				if ($i>0);
+	    &shr	($Zlo,8);
+
+	    &movz	($rem[0],&LB($rem[0]));
+	    &mov	($dat,"$j($Xi)")			if (--$j%4==0);
+	    &shr	($Zhi,8);
+
+	    &xor	($Zlo,"-128($Hshr4,$nhi[0],8)");
+	    &shl	($tmp,56);
+	    &xor	($Zhi,"($Hshr4,$nhi[0],8)");
+
+	    unshift	(@nhi,pop(@nhi));		# "rotate" registers
+	    unshift	(@rem,pop(@rem));
+	}
+	&movzw	($rem[1],"($rem_8bit,$rem[1],2)");
+	&xor	($Zlo,"8($Htbl,$nlo)");
+	&xor	($Zhi,"($Htbl,$nlo)");
+
+	&shl	($rem[1],48);
+	&xor	($Zlo,$tmp);
+
+	&xor	($Zhi,$rem[1]);
+	&movz	($rem[0],&LB($Zlo));
+	&shr	($Zlo,4);
+
+	&mov	($tmp,$Zhi);
+	&shl	(&LB($rem[0]),4);
+	&shr	($Zhi,4);
+
+	&xor	($Zlo,"8($Htbl,$nhi[0])");
+	&movzw	($rem[0],"($rem_8bit,$rem[0],2)");
+	&shl	($tmp,60);
+
+	&xor	($Zhi,"($Htbl,$nhi[0])");
+	&xor	($Zlo,$tmp);
+	&shl	($rem[0],48);
+
+	&bswap	($Zlo);
+	&xor	($Zhi,$rem[0]);
+
+	&bswap	($Zhi);
+	&cmp	($inp,$len);
+	&jb	(".Louter_loop");
+}
+$code.=<<___;
+	mov	$Zlo,8($Xi)
+	mov	$Zhi,($Xi)
+
+	lea	280+48(%rsp),%rsi
+.cfi_def_cfa	%rsi,8
+	mov	-48(%rsi),%r15
+.cfi_restore	%r15
+	mov	-40(%rsi),%r14
+.cfi_restore	%r14
+	mov	-32(%rsi),%r13
+.cfi_restore	%r13
+	mov	-24(%rsi),%r12
+.cfi_restore	%r12
+	mov	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	lea	0(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lghash_epilogue:
+	ret
+.cfi_endproc
+.size	gcm_ghash_4bit,.-gcm_ghash_4bit
+___
+
+######################################################################
+# PCLMULQDQ version.
+
+@_4args=$win64?	("%rcx","%rdx","%r8", "%r9") :	# Win64 order
+		("%rdi","%rsi","%rdx","%rcx");	# Unix order
+
+($Xi,$Xhi)=("%xmm0","%xmm1");	$Hkey="%xmm2";
+($T1,$T2,$T3)=("%xmm3","%xmm4","%xmm5");
+
+sub clmul64x64_T2 {	# minimal register pressure
+my ($Xhi,$Xi,$Hkey,$HK)=@_;
+
+if (!defined($HK)) {	$HK = $T2;
+$code.=<<___;
+	movdqa		$Xi,$Xhi		#
+	pshufd		\$0b01001110,$Xi,$T1
+	pshufd		\$0b01001110,$Hkey,$T2
+	pxor		$Xi,$T1			#
+	pxor		$Hkey,$T2
+___
+} else {
+$code.=<<___;
+	movdqa		$Xi,$Xhi		#
+	pshufd		\$0b01001110,$Xi,$T1
+	pxor		$Xi,$T1			#
+___
+}
+$code.=<<___;
+	pclmulqdq	\$0x00,$Hkey,$Xi	#######
+	pclmulqdq	\$0x11,$Hkey,$Xhi	#######
+	pclmulqdq	\$0x00,$HK,$T1		#######
+	pxor		$Xi,$T1			#
+	pxor		$Xhi,$T1		#
+
+	movdqa		$T1,$T2			#
+	psrldq		\$8,$T1
+	pslldq		\$8,$T2			#
+	pxor		$T1,$Xhi
+	pxor		$T2,$Xi			#
+___
+}
+
+sub reduction_alg9 {	# 17/11 times faster than Intel version
+my ($Xhi,$Xi) = @_;
+
+$code.=<<___;
+	# 1st phase
+	movdqa		$Xi,$T2			#
+	movdqa		$Xi,$T1
+	psllq		\$5,$Xi
+	pxor		$Xi,$T1			#
+	psllq		\$1,$Xi
+	pxor		$T1,$Xi			#
+	psllq		\$57,$Xi		#
+	movdqa		$Xi,$T1			#
+	pslldq		\$8,$Xi
+	psrldq		\$8,$T1			#
+	pxor		$T2,$Xi
+	pxor		$T1,$Xhi		#
+
+	# 2nd phase
+	movdqa		$Xi,$T2
+	psrlq		\$1,$Xi
+	pxor		$T2,$Xhi		#
+	pxor		$Xi,$T2
+	psrlq		\$5,$Xi
+	pxor		$T2,$Xi			#
+	psrlq		\$1,$Xi			#
+	pxor		$Xhi,$Xi		#
+___
+}
+
+{ my ($Htbl,$Xip)=@_4args;
+  my $HK="%xmm6";
+
+$code.=<<___;
+.globl	gcm_init_clmul
+.type	gcm_init_clmul,\@abi-omnipotent
+.align	16
+gcm_init_clmul:
+.cfi_startproc
+.L_init_clmul:
+___
+$code.=<<___ if ($win64);
+.LSEH_begin_gcm_init_clmul:
+	# I can't trust assembler to use specific encoding:-(
+	.byte	0x48,0x83,0xec,0x18		#sub	$0x18,%rsp
+	.byte	0x0f,0x29,0x34,0x24		#movaps	%xmm6,(%rsp)
+___
+$code.=<<___;
+	movdqu		($Xip),$Hkey
+	pshufd		\$0b01001110,$Hkey,$Hkey	# dword swap
+
+	# <<1 twist
+	pshufd		\$0b11111111,$Hkey,$T2	# broadcast uppermost dword
+	movdqa		$Hkey,$T1
+	psllq		\$1,$Hkey
+	pxor		$T3,$T3			#
+	psrlq		\$63,$T1
+	pcmpgtd		$T2,$T3			# broadcast carry bit
+	pslldq		\$8,$T1
+	por		$T1,$Hkey		# H<<=1
+
+	# magic reduction
+	pand		.L0x1c2_polynomial(%rip),$T3
+	pxor		$T3,$Hkey		# if(carry) H^=0x1c2_polynomial
+
+	# calculate H^2
+	pshufd		\$0b01001110,$Hkey,$HK
+	movdqa		$Hkey,$Xi
+	pxor		$Hkey,$HK
+___
+	&clmul64x64_T2	($Xhi,$Xi,$Hkey,$HK);
+	&reduction_alg9	($Xhi,$Xi);
+$code.=<<___;
+	pshufd		\$0b01001110,$Hkey,$T1
+	pshufd		\$0b01001110,$Xi,$T2
+	pxor		$Hkey,$T1		# Karatsuba pre-processing
+	movdqu		$Hkey,0x00($Htbl)	# save H
+	pxor		$Xi,$T2			# Karatsuba pre-processing
+	movdqu		$Xi,0x10($Htbl)		# save H^2
+	palignr		\$8,$T1,$T2		# low part is H.lo^H.hi...
+	movdqu		$T2,0x20($Htbl)		# save Karatsuba "salt"
+___
+if ($do4xaggr) {
+	&clmul64x64_T2	($Xhi,$Xi,$Hkey,$HK);	# H^3
+	&reduction_alg9	($Xhi,$Xi);
+$code.=<<___;
+	movdqa		$Xi,$T3
+___
+	&clmul64x64_T2	($Xhi,$Xi,$Hkey,$HK);	# H^4
+	&reduction_alg9	($Xhi,$Xi);
+$code.=<<___;
+	pshufd		\$0b01001110,$T3,$T1
+	pshufd		\$0b01001110,$Xi,$T2
+	pxor		$T3,$T1			# Karatsuba pre-processing
+	movdqu		$T3,0x30($Htbl)		# save H^3
+	pxor		$Xi,$T2			# Karatsuba pre-processing
+	movdqu		$Xi,0x40($Htbl)		# save H^4
+	palignr		\$8,$T1,$T2		# low part is H^3.lo^H^3.hi...
+	movdqu		$T2,0x50($Htbl)		# save Karatsuba "salt"
+___
+}
+$code.=<<___ if ($win64);
+	movaps	(%rsp),%xmm6
+	lea	0x18(%rsp),%rsp
+.LSEH_end_gcm_init_clmul:
+___
+$code.=<<___;
+	ret
+.cfi_endproc
+.size	gcm_init_clmul,.-gcm_init_clmul
+___
+}
+
+{ my ($Xip,$Htbl)=@_4args;
+
+$code.=<<___;
+.globl	gcm_gmult_clmul
+.type	gcm_gmult_clmul,\@abi-omnipotent
+.align	16
+gcm_gmult_clmul:
+.cfi_startproc
+.L_gmult_clmul:
+	movdqu		($Xip),$Xi
+	movdqa		.Lbswap_mask(%rip),$T3
+	movdqu		($Htbl),$Hkey
+	movdqu		0x20($Htbl),$T2
+	pshufb		$T3,$Xi
+___
+	&clmul64x64_T2	($Xhi,$Xi,$Hkey,$T2);
+$code.=<<___ if (0 || (&reduction_alg9($Xhi,$Xi)&&0));
+	# experimental alternative. special thing about is that there
+	# no dependency between the two multiplications...
+	mov		\$`0xE1<<1`,%eax
+	mov		\$0xA040608020C0E000,%r10	# ((7..0)·0xE0)&0xff
+	mov		\$0x07,%r11d
+	movq		%rax,$T1
+	movq		%r10,$T2
+	movq		%r11,$T3		# borrow $T3
+	pand		$Xi,$T3
+	pshufb		$T3,$T2			# ($Xi&7)·0xE0
+	movq		%rax,$T3
+	pclmulqdq	\$0x00,$Xi,$T1		# ·(0xE1<<1)
+	pxor		$Xi,$T2
+	pslldq		\$15,$T2
+	paddd		$T2,$T2			# <<(64+56+1)
+	pxor		$T2,$Xi
+	pclmulqdq	\$0x01,$T3,$Xi
+	movdqa		.Lbswap_mask(%rip),$T3	# reload $T3
+	psrldq		\$1,$T1
+	pxor		$T1,$Xhi
+	pslldq		\$7,$Xi
+	pxor		$Xhi,$Xi
+___
+$code.=<<___;
+	pshufb		$T3,$Xi
+	movdqu		$Xi,($Xip)
+	ret
+.cfi_endproc
+.size	gcm_gmult_clmul,.-gcm_gmult_clmul
+___
+}
+
+{ my ($Xip,$Htbl,$inp,$len)=@_4args;
+  my ($Xln,$Xmn,$Xhn,$Hkey2,$HK) = map("%xmm$_",(3..7));
+  my ($T1,$T2,$T3)=map("%xmm$_",(8..10));
+
+$code.=<<___;
+.globl	gcm_ghash_clmul
+.type	gcm_ghash_clmul,\@abi-omnipotent
+.align	32
+gcm_ghash_clmul:
+.cfi_startproc
+.L_ghash_clmul:
+___
+$code.=<<___ if ($win64);
+	lea	-0x88(%rsp),%rax
+.LSEH_begin_gcm_ghash_clmul:
+	# I can't trust assembler to use specific encoding:-(
+	.byte	0x48,0x8d,0x60,0xe0		#lea	-0x20(%rax),%rsp
+	.byte	0x0f,0x29,0x70,0xe0		#movaps	%xmm6,-0x20(%rax)
+	.byte	0x0f,0x29,0x78,0xf0		#movaps	%xmm7,-0x10(%rax)
+	.byte	0x44,0x0f,0x29,0x00		#movaps	%xmm8,0(%rax)
+	.byte	0x44,0x0f,0x29,0x48,0x10	#movaps	%xmm9,0x10(%rax)
+	.byte	0x44,0x0f,0x29,0x50,0x20	#movaps	%xmm10,0x20(%rax)
+	.byte	0x44,0x0f,0x29,0x58,0x30	#movaps	%xmm11,0x30(%rax)
+	.byte	0x44,0x0f,0x29,0x60,0x40	#movaps	%xmm12,0x40(%rax)
+	.byte	0x44,0x0f,0x29,0x68,0x50	#movaps	%xmm13,0x50(%rax)
+	.byte	0x44,0x0f,0x29,0x70,0x60	#movaps	%xmm14,0x60(%rax)
+	.byte	0x44,0x0f,0x29,0x78,0x70	#movaps	%xmm15,0x70(%rax)
+___
+$code.=<<___;
+	movdqa		.Lbswap_mask(%rip),$T3
+
+	movdqu		($Xip),$Xi
+	movdqu		($Htbl),$Hkey
+	movdqu		0x20($Htbl),$HK
+	pshufb		$T3,$Xi
+
+	sub		\$0x10,$len
+	jz		.Lodd_tail
+
+	movdqu		0x10($Htbl),$Hkey2
+___
+if ($do4xaggr) {
+my ($Xl,$Xm,$Xh,$Hkey3,$Hkey4)=map("%xmm$_",(11..15));
+
+$code.=<<___;
+	mov		OPENSSL_ia32cap_P+4(%rip),%eax
+	cmp		\$0x30,$len
+	jb		.Lskip4x
+
+	and		\$`1<<26|1<<22`,%eax	# isolate MOVBE+XSAVE
+	cmp		\$`1<<22`,%eax		# check for MOVBE without XSAVE
+	je		.Lskip4x
+
+	sub		\$0x30,$len
+	mov		\$0xA040608020C0E000,%rax	# ((7..0)·0xE0)&0xff
+	movdqu		0x30($Htbl),$Hkey3
+	movdqu		0x40($Htbl),$Hkey4
+
+	#######
+	# Xi+4 =[(H*Ii+3) + (H^2*Ii+2) + (H^3*Ii+1) + H^4*(Ii+Xi)] mod P
+	#
+	movdqu		0x30($inp),$Xln
+	 movdqu		0x20($inp),$Xl
+	pshufb		$T3,$Xln
+	 pshufb		$T3,$Xl
+	movdqa		$Xln,$Xhn
+	pshufd		\$0b01001110,$Xln,$Xmn
+	pxor		$Xln,$Xmn
+	pclmulqdq	\$0x00,$Hkey,$Xln
+	pclmulqdq	\$0x11,$Hkey,$Xhn
+	pclmulqdq	\$0x00,$HK,$Xmn
+
+	movdqa		$Xl,$Xh
+	pshufd		\$0b01001110,$Xl,$Xm
+	pxor		$Xl,$Xm
+	pclmulqdq	\$0x00,$Hkey2,$Xl
+	pclmulqdq	\$0x11,$Hkey2,$Xh
+	pclmulqdq	\$0x10,$HK,$Xm
+	xorps		$Xl,$Xln
+	xorps		$Xh,$Xhn
+	movups		0x50($Htbl),$HK
+	xorps		$Xm,$Xmn
+
+	movdqu		0x10($inp),$Xl
+	 movdqu		0($inp),$T1
+	pshufb		$T3,$Xl
+	 pshufb		$T3,$T1
+	movdqa		$Xl,$Xh
+	pshufd		\$0b01001110,$Xl,$Xm
+	 pxor		$T1,$Xi
+	pxor		$Xl,$Xm
+	pclmulqdq	\$0x00,$Hkey3,$Xl
+	 movdqa		$Xi,$Xhi
+	 pshufd		\$0b01001110,$Xi,$T1
+	 pxor		$Xi,$T1
+	pclmulqdq	\$0x11,$Hkey3,$Xh
+	pclmulqdq	\$0x00,$HK,$Xm
+	xorps		$Xl,$Xln
+	xorps		$Xh,$Xhn
+
+	lea	0x40($inp),$inp
+	sub	\$0x40,$len
+	jc	.Ltail4x
+
+	jmp	.Lmod4_loop
+.align	32
+.Lmod4_loop:
+	pclmulqdq	\$0x00,$Hkey4,$Xi
+	xorps		$Xm,$Xmn
+	 movdqu		0x30($inp),$Xl
+	 pshufb		$T3,$Xl
+	pclmulqdq	\$0x11,$Hkey4,$Xhi
+	xorps		$Xln,$Xi
+	 movdqu		0x20($inp),$Xln
+	 movdqa		$Xl,$Xh
+	pclmulqdq	\$0x10,$HK,$T1
+	 pshufd		\$0b01001110,$Xl,$Xm
+	xorps		$Xhn,$Xhi
+	 pxor		$Xl,$Xm
+	 pshufb		$T3,$Xln
+	movups		0x20($Htbl),$HK
+	xorps		$Xmn,$T1
+	 pclmulqdq	\$0x00,$Hkey,$Xl
+	 pshufd		\$0b01001110,$Xln,$Xmn
+
+	pxor		$Xi,$T1			# aggregated Karatsuba post-processing
+	 movdqa		$Xln,$Xhn
+	pxor		$Xhi,$T1		#
+	 pxor		$Xln,$Xmn
+	movdqa		$T1,$T2			#
+	 pclmulqdq	\$0x11,$Hkey,$Xh
+	pslldq		\$8,$T1
+	psrldq		\$8,$T2			#
+	pxor		$T1,$Xi
+	movdqa		.L7_mask(%rip),$T1
+	pxor		$T2,$Xhi		#
+	movq		%rax,$T2
+
+	pand		$Xi,$T1			# 1st phase
+	pshufb		$T1,$T2			#
+	pxor		$Xi,$T2			#
+	 pclmulqdq	\$0x00,$HK,$Xm
+	psllq		\$57,$T2		#
+	movdqa		$T2,$T1			#
+	pslldq		\$8,$T2
+	 pclmulqdq	\$0x00,$Hkey2,$Xln
+	psrldq		\$8,$T1			#
+	pxor		$T2,$Xi
+	pxor		$T1,$Xhi		#
+	movdqu		0($inp),$T1
+
+	movdqa		$Xi,$T2			# 2nd phase
+	psrlq		\$1,$Xi
+	 pclmulqdq	\$0x11,$Hkey2,$Xhn
+	 xorps		$Xl,$Xln
+	 movdqu		0x10($inp),$Xl
+	 pshufb		$T3,$Xl
+	 pclmulqdq	\$0x10,$HK,$Xmn
+	 xorps		$Xh,$Xhn
+	 movups		0x50($Htbl),$HK
+	pshufb		$T3,$T1
+	pxor		$T2,$Xhi		#
+	pxor		$Xi,$T2
+	psrlq		\$5,$Xi
+
+	 movdqa		$Xl,$Xh
+	 pxor		$Xm,$Xmn
+	 pshufd		\$0b01001110,$Xl,$Xm
+	pxor		$T2,$Xi			#
+	pxor		$T1,$Xhi
+	 pxor		$Xl,$Xm
+	 pclmulqdq	\$0x00,$Hkey3,$Xl
+	psrlq		\$1,$Xi			#
+	pxor		$Xhi,$Xi		#
+	movdqa		$Xi,$Xhi
+	 pclmulqdq	\$0x11,$Hkey3,$Xh
+	 xorps		$Xl,$Xln
+	pshufd		\$0b01001110,$Xi,$T1
+	pxor		$Xi,$T1
+
+	 pclmulqdq	\$0x00,$HK,$Xm
+	 xorps		$Xh,$Xhn
+
+	lea	0x40($inp),$inp
+	sub	\$0x40,$len
+	jnc	.Lmod4_loop
+
+.Ltail4x:
+	pclmulqdq	\$0x00,$Hkey4,$Xi
+	pclmulqdq	\$0x11,$Hkey4,$Xhi
+	pclmulqdq	\$0x10,$HK,$T1
+	xorps		$Xm,$Xmn
+	xorps		$Xln,$Xi
+	xorps		$Xhn,$Xhi
+	pxor		$Xi,$Xhi		# aggregated Karatsuba post-processing
+	pxor		$Xmn,$T1
+
+	pxor		$Xhi,$T1		#
+	pxor		$Xi,$Xhi
+
+	movdqa		$T1,$T2			#
+	psrldq		\$8,$T1
+	pslldq		\$8,$T2			#
+	pxor		$T1,$Xhi
+	pxor		$T2,$Xi			#
+___
+	&reduction_alg9($Xhi,$Xi);
+$code.=<<___;
+	add	\$0x40,$len
+	jz	.Ldone
+	movdqu	0x20($Htbl),$HK
+	sub	\$0x10,$len
+	jz	.Lodd_tail
+.Lskip4x:
+___
+}
+$code.=<<___;
+	#######
+	# Xi+2 =[H*(Ii+1 + Xi+1)] mod P =
+	#	[(H*Ii+1) + (H*Xi+1)] mod P =
+	#	[(H*Ii+1) + H^2*(Ii+Xi)] mod P
+	#
+	movdqu		($inp),$T1		# Ii
+	movdqu		16($inp),$Xln		# Ii+1
+	pshufb		$T3,$T1
+	pshufb		$T3,$Xln
+	pxor		$T1,$Xi			# Ii+Xi
+
+	movdqa		$Xln,$Xhn
+	pshufd		\$0b01001110,$Xln,$Xmn
+	pxor		$Xln,$Xmn
+	pclmulqdq	\$0x00,$Hkey,$Xln
+	pclmulqdq	\$0x11,$Hkey,$Xhn
+	pclmulqdq	\$0x00,$HK,$Xmn
+
+	lea		32($inp),$inp		# i+=2
+	nop
+	sub		\$0x20,$len
+	jbe		.Leven_tail
+	nop
+	jmp		.Lmod_loop
+
+.align	32
+.Lmod_loop:
+	movdqa		$Xi,$Xhi
+	movdqa		$Xmn,$T1
+	pshufd		\$0b01001110,$Xi,$Xmn	#
+	pxor		$Xi,$Xmn		#
+
+	pclmulqdq	\$0x00,$Hkey2,$Xi
+	pclmulqdq	\$0x11,$Hkey2,$Xhi
+	pclmulqdq	\$0x10,$HK,$Xmn
+
+	pxor		$Xln,$Xi		# (H*Ii+1) + H^2*(Ii+Xi)
+	pxor		$Xhn,$Xhi
+	  movdqu	($inp),$T2		# Ii
+	pxor		$Xi,$T1			# aggregated Karatsuba post-processing
+	  pshufb	$T3,$T2
+	  movdqu	16($inp),$Xln		# Ii+1
+
+	pxor		$Xhi,$T1
+	  pxor		$T2,$Xhi		# "Ii+Xi", consume early
+	pxor		$T1,$Xmn
+	 pshufb		$T3,$Xln
+	movdqa		$Xmn,$T1		#
+	psrldq		\$8,$T1
+	pslldq		\$8,$Xmn		#
+	pxor		$T1,$Xhi
+	pxor		$Xmn,$Xi		#
+
+	movdqa		$Xln,$Xhn		#
+
+	  movdqa	$Xi,$T2			# 1st phase
+	  movdqa	$Xi,$T1
+	  psllq		\$5,$Xi
+	  pxor		$Xi,$T1			#
+	pclmulqdq	\$0x00,$Hkey,$Xln	#######
+	  psllq		\$1,$Xi
+	  pxor		$T1,$Xi			#
+	  psllq		\$57,$Xi		#
+	  movdqa	$Xi,$T1			#
+	  pslldq	\$8,$Xi
+	  psrldq	\$8,$T1			#
+	  pxor		$T2,$Xi
+	pshufd		\$0b01001110,$Xhn,$Xmn
+	  pxor		$T1,$Xhi		#
+	pxor		$Xhn,$Xmn		#
+
+	  movdqa	$Xi,$T2			# 2nd phase
+	  psrlq		\$1,$Xi
+	pclmulqdq	\$0x11,$Hkey,$Xhn	#######
+	  pxor		$T2,$Xhi		#
+	  pxor		$Xi,$T2
+	  psrlq		\$5,$Xi
+	  pxor		$T2,$Xi			#
+	lea		32($inp),$inp
+	  psrlq		\$1,$Xi			#
+	pclmulqdq	\$0x00,$HK,$Xmn		#######
+	  pxor		$Xhi,$Xi		#
+
+	sub		\$0x20,$len
+	ja		.Lmod_loop
+
+.Leven_tail:
+	 movdqa		$Xi,$Xhi
+	 movdqa		$Xmn,$T1
+	 pshufd		\$0b01001110,$Xi,$Xmn	#
+	 pxor		$Xi,$Xmn		#
+
+	pclmulqdq	\$0x00,$Hkey2,$Xi
+	pclmulqdq	\$0x11,$Hkey2,$Xhi
+	pclmulqdq	\$0x10,$HK,$Xmn
+
+	pxor		$Xln,$Xi		# (H*Ii+1) + H^2*(Ii+Xi)
+	pxor		$Xhn,$Xhi
+	pxor		$Xi,$T1
+	pxor		$Xhi,$T1
+	pxor		$T1,$Xmn
+	movdqa		$Xmn,$T1		#
+	psrldq		\$8,$T1
+	pslldq		\$8,$Xmn		#
+	pxor		$T1,$Xhi
+	pxor		$Xmn,$Xi		#
+___
+	&reduction_alg9	($Xhi,$Xi);
+$code.=<<___;
+	test		$len,$len
+	jnz		.Ldone
+
+.Lodd_tail:
+	movdqu		($inp),$T1		# Ii
+	pshufb		$T3,$T1
+	pxor		$T1,$Xi			# Ii+Xi
+___
+	&clmul64x64_T2	($Xhi,$Xi,$Hkey,$HK);	# H*(Ii+Xi)
+	&reduction_alg9	($Xhi,$Xi);
+$code.=<<___;
+.Ldone:
+	pshufb		$T3,$Xi
+	movdqu		$Xi,($Xip)
+___
+$code.=<<___ if ($win64);
+	movaps	(%rsp),%xmm6
+	movaps	0x10(%rsp),%xmm7
+	movaps	0x20(%rsp),%xmm8
+	movaps	0x30(%rsp),%xmm9
+	movaps	0x40(%rsp),%xmm10
+	movaps	0x50(%rsp),%xmm11
+	movaps	0x60(%rsp),%xmm12
+	movaps	0x70(%rsp),%xmm13
+	movaps	0x80(%rsp),%xmm14
+	movaps	0x90(%rsp),%xmm15
+	lea	0xa8(%rsp),%rsp
+.LSEH_end_gcm_ghash_clmul:
+___
+$code.=<<___;
+	ret
+.cfi_endproc
+.size	gcm_ghash_clmul,.-gcm_ghash_clmul
+___
+}
+
+$code.=<<___;
+.globl	gcm_init_avx
+.type	gcm_init_avx,\@abi-omnipotent
+.align	32
+gcm_init_avx:
+.cfi_startproc
+___
+if ($avx) {
+my ($Htbl,$Xip)=@_4args;
+my $HK="%xmm6";
+
+$code.=<<___ if ($win64);
+.LSEH_begin_gcm_init_avx:
+	# I can't trust assembler to use specific encoding:-(
+	.byte	0x48,0x83,0xec,0x18		#sub	$0x18,%rsp
+	.byte	0x0f,0x29,0x34,0x24		#movaps	%xmm6,(%rsp)
+___
+$code.=<<___;
+	vzeroupper
+
+	vmovdqu		($Xip),$Hkey
+	vpshufd		\$0b01001110,$Hkey,$Hkey	# dword swap
+
+	# <<1 twist
+	vpshufd		\$0b11111111,$Hkey,$T2	# broadcast uppermost dword
+	vpsrlq		\$63,$Hkey,$T1
+	vpsllq		\$1,$Hkey,$Hkey
+	vpxor		$T3,$T3,$T3		#
+	vpcmpgtd	$T2,$T3,$T3		# broadcast carry bit
+	vpslldq		\$8,$T1,$T1
+	vpor		$T1,$Hkey,$Hkey		# H<<=1
+
+	# magic reduction
+	vpand		.L0x1c2_polynomial(%rip),$T3,$T3
+	vpxor		$T3,$Hkey,$Hkey		# if(carry) H^=0x1c2_polynomial
+
+	vpunpckhqdq	$Hkey,$Hkey,$HK
+	vmovdqa		$Hkey,$Xi
+	vpxor		$Hkey,$HK,$HK
+	mov		\$4,%r10		# up to H^8
+	jmp		.Linit_start_avx
+___
+
+sub clmul64x64_avx {
+my ($Xhi,$Xi,$Hkey,$HK)=@_;
+
+if (!defined($HK)) {	$HK = $T2;
+$code.=<<___;
+	vpunpckhqdq	$Xi,$Xi,$T1
+	vpunpckhqdq	$Hkey,$Hkey,$T2
+	vpxor		$Xi,$T1,$T1		#
+	vpxor		$Hkey,$T2,$T2
+___
+} else {
+$code.=<<___;
+	vpunpckhqdq	$Xi,$Xi,$T1
+	vpxor		$Xi,$T1,$T1		#
+___
+}
+$code.=<<___;
+	vpclmulqdq	\$0x11,$Hkey,$Xi,$Xhi	#######
+	vpclmulqdq	\$0x00,$Hkey,$Xi,$Xi	#######
+	vpclmulqdq	\$0x00,$HK,$T1,$T1	#######
+	vpxor		$Xi,$Xhi,$T2		#
+	vpxor		$T2,$T1,$T1		#
+
+	vpslldq		\$8,$T1,$T2		#
+	vpsrldq		\$8,$T1,$T1
+	vpxor		$T2,$Xi,$Xi		#
+	vpxor		$T1,$Xhi,$Xhi
+___
+}
+
+sub reduction_avx {
+my ($Xhi,$Xi) = @_;
+
+$code.=<<___;
+	vpsllq		\$57,$Xi,$T1		# 1st phase
+	vpsllq		\$62,$Xi,$T2
+	vpxor		$T1,$T2,$T2		#
+	vpsllq		\$63,$Xi,$T1
+	vpxor		$T1,$T2,$T2		#
+	vpslldq		\$8,$T2,$T1		#
+	vpsrldq		\$8,$T2,$T2
+	vpxor		$T1,$Xi,$Xi		#
+	vpxor		$T2,$Xhi,$Xhi
+
+	vpsrlq		\$1,$Xi,$T2		# 2nd phase
+	vpxor		$Xi,$Xhi,$Xhi
+	vpxor		$T2,$Xi,$Xi		#
+	vpsrlq		\$5,$T2,$T2
+	vpxor		$T2,$Xi,$Xi		#
+	vpsrlq		\$1,$Xi,$Xi		#
+	vpxor		$Xhi,$Xi,$Xi		#
+___
+}
+
+$code.=<<___;
+.align	32
+.Linit_loop_avx:
+	vpalignr	\$8,$T1,$T2,$T3		# low part is H.lo^H.hi...
+	vmovdqu		$T3,-0x10($Htbl)	# save Karatsuba "salt"
+___
+	&clmul64x64_avx	($Xhi,$Xi,$Hkey,$HK);	# calculate H^3,5,7
+	&reduction_avx	($Xhi,$Xi);
+$code.=<<___;
+.Linit_start_avx:
+	vmovdqa		$Xi,$T3
+___
+	&clmul64x64_avx	($Xhi,$Xi,$Hkey,$HK);	# calculate H^2,4,6,8
+	&reduction_avx	($Xhi,$Xi);
+$code.=<<___;
+	vpshufd		\$0b01001110,$T3,$T1
+	vpshufd		\$0b01001110,$Xi,$T2
+	vpxor		$T3,$T1,$T1		# Karatsuba pre-processing
+	vmovdqu		$T3,0x00($Htbl)		# save H^1,3,5,7
+	vpxor		$Xi,$T2,$T2		# Karatsuba pre-processing
+	vmovdqu		$Xi,0x10($Htbl)		# save H^2,4,6,8
+	lea		0x30($Htbl),$Htbl
+	sub		\$1,%r10
+	jnz		.Linit_loop_avx
+
+	vpalignr	\$8,$T2,$T1,$T3		# last "salt" is flipped
+	vmovdqu		$T3,-0x10($Htbl)
+
+	vzeroupper
+___
+$code.=<<___ if ($win64);
+	movaps	(%rsp),%xmm6
+	lea	0x18(%rsp),%rsp
+.LSEH_end_gcm_init_avx:
+___
+$code.=<<___;
+	ret
+.cfi_endproc
+.size	gcm_init_avx,.-gcm_init_avx
+___
+} else {
+$code.=<<___;
+	jmp	.L_init_clmul
+.size	gcm_init_avx,.-gcm_init_avx
+___
+}
+
+$code.=<<___;
+.globl	gcm_gmult_avx
+.type	gcm_gmult_avx,\@abi-omnipotent
+.align	32
+gcm_gmult_avx:
+.cfi_startproc
+	jmp	.L_gmult_clmul
+.cfi_endproc
+.size	gcm_gmult_avx,.-gcm_gmult_avx
+___
+
+$code.=<<___;
+.globl	gcm_ghash_avx
+.type	gcm_ghash_avx,\@abi-omnipotent
+.align	32
+gcm_ghash_avx:
+.cfi_startproc
+___
+if ($avx) {
+my ($Xip,$Htbl,$inp,$len)=@_4args;
+my ($Xlo,$Xhi,$Xmi,
+    $Zlo,$Zhi,$Zmi,
+    $Hkey,$HK,$T1,$T2,
+    $Xi,$Xo,$Tred,$bswap,$Ii,$Ij) = map("%xmm$_",(0..15));
+
+$code.=<<___ if ($win64);
+	lea	-0x88(%rsp),%rax
+.LSEH_begin_gcm_ghash_avx:
+	# I can't trust assembler to use specific encoding:-(
+	.byte	0x48,0x8d,0x60,0xe0		#lea	-0x20(%rax),%rsp
+	.byte	0x0f,0x29,0x70,0xe0		#movaps	%xmm6,-0x20(%rax)
+	.byte	0x0f,0x29,0x78,0xf0		#movaps	%xmm7,-0x10(%rax)
+	.byte	0x44,0x0f,0x29,0x00		#movaps	%xmm8,0(%rax)
+	.byte	0x44,0x0f,0x29,0x48,0x10	#movaps	%xmm9,0x10(%rax)
+	.byte	0x44,0x0f,0x29,0x50,0x20	#movaps	%xmm10,0x20(%rax)
+	.byte	0x44,0x0f,0x29,0x58,0x30	#movaps	%xmm11,0x30(%rax)
+	.byte	0x44,0x0f,0x29,0x60,0x40	#movaps	%xmm12,0x40(%rax)
+	.byte	0x44,0x0f,0x29,0x68,0x50	#movaps	%xmm13,0x50(%rax)
+	.byte	0x44,0x0f,0x29,0x70,0x60	#movaps	%xmm14,0x60(%rax)
+	.byte	0x44,0x0f,0x29,0x78,0x70	#movaps	%xmm15,0x70(%rax)
+___
+$code.=<<___;
+	vzeroupper
+
+	vmovdqu		($Xip),$Xi		# load $Xi
+	lea		.L0x1c2_polynomial(%rip),%r10
+	lea		0x40($Htbl),$Htbl	# size optimization
+	vmovdqu		.Lbswap_mask(%rip),$bswap
+	vpshufb		$bswap,$Xi,$Xi
+	cmp		\$0x80,$len
+	jb		.Lshort_avx
+	sub		\$0x80,$len
+
+	vmovdqu		0x70($inp),$Ii		# I[7]
+	vmovdqu		0x00-0x40($Htbl),$Hkey	# $Hkey^1
+	vpshufb		$bswap,$Ii,$Ii
+	vmovdqu		0x20-0x40($Htbl),$HK
+
+	vpunpckhqdq	$Ii,$Ii,$T2
+	 vmovdqu	0x60($inp),$Ij		# I[6]
+	vpclmulqdq	\$0x00,$Hkey,$Ii,$Xlo
+	vpxor		$Ii,$T2,$T2
+	 vpshufb	$bswap,$Ij,$Ij
+	vpclmulqdq	\$0x11,$Hkey,$Ii,$Xhi
+	 vmovdqu	0x10-0x40($Htbl),$Hkey	# $Hkey^2
+	 vpunpckhqdq	$Ij,$Ij,$T1
+	 vmovdqu	0x50($inp),$Ii		# I[5]
+	vpclmulqdq	\$0x00,$HK,$T2,$Xmi
+	 vpxor		$Ij,$T1,$T1
+
+	 vpshufb	$bswap,$Ii,$Ii
+	vpclmulqdq	\$0x00,$Hkey,$Ij,$Zlo
+	 vpunpckhqdq	$Ii,$Ii,$T2
+	vpclmulqdq	\$0x11,$Hkey,$Ij,$Zhi
+	 vmovdqu	0x30-0x40($Htbl),$Hkey	# $Hkey^3
+	 vpxor		$Ii,$T2,$T2
+	 vmovdqu	0x40($inp),$Ij		# I[4]
+	vpclmulqdq	\$0x10,$HK,$T1,$Zmi
+	 vmovdqu	0x50-0x40($Htbl),$HK
+
+	 vpshufb	$bswap,$Ij,$Ij
+	vpxor		$Xlo,$Zlo,$Zlo
+	vpclmulqdq	\$0x00,$Hkey,$Ii,$Xlo
+	vpxor		$Xhi,$Zhi,$Zhi
+	 vpunpckhqdq	$Ij,$Ij,$T1
+	vpclmulqdq	\$0x11,$Hkey,$Ii,$Xhi
+	 vmovdqu	0x40-0x40($Htbl),$Hkey	# $Hkey^4
+	vpxor		$Xmi,$Zmi,$Zmi
+	vpclmulqdq	\$0x00,$HK,$T2,$Xmi
+	 vpxor		$Ij,$T1,$T1
+
+	 vmovdqu	0x30($inp),$Ii		# I[3]
+	vpxor		$Zlo,$Xlo,$Xlo
+	vpclmulqdq	\$0x00,$Hkey,$Ij,$Zlo
+	vpxor		$Zhi,$Xhi,$Xhi
+	 vpshufb	$bswap,$Ii,$Ii
+	vpclmulqdq	\$0x11,$Hkey,$Ij,$Zhi
+	 vmovdqu	0x60-0x40($Htbl),$Hkey	# $Hkey^5
+	vpxor		$Zmi,$Xmi,$Xmi
+	 vpunpckhqdq	$Ii,$Ii,$T2
+	vpclmulqdq	\$0x10,$HK,$T1,$Zmi
+	 vmovdqu	0x80-0x40($Htbl),$HK
+	 vpxor		$Ii,$T2,$T2
+
+	 vmovdqu	0x20($inp),$Ij		# I[2]
+	vpxor		$Xlo,$Zlo,$Zlo
+	vpclmulqdq	\$0x00,$Hkey,$Ii,$Xlo
+	vpxor		$Xhi,$Zhi,$Zhi
+	 vpshufb	$bswap,$Ij,$Ij
+	vpclmulqdq	\$0x11,$Hkey,$Ii,$Xhi
+	 vmovdqu	0x70-0x40($Htbl),$Hkey	# $Hkey^6
+	vpxor		$Xmi,$Zmi,$Zmi
+	 vpunpckhqdq	$Ij,$Ij,$T1
+	vpclmulqdq	\$0x00,$HK,$T2,$Xmi
+	 vpxor		$Ij,$T1,$T1
+
+	 vmovdqu	0x10($inp),$Ii		# I[1]
+	vpxor		$Zlo,$Xlo,$Xlo
+	vpclmulqdq	\$0x00,$Hkey,$Ij,$Zlo
+	vpxor		$Zhi,$Xhi,$Xhi
+	 vpshufb	$bswap,$Ii,$Ii
+	vpclmulqdq	\$0x11,$Hkey,$Ij,$Zhi
+	 vmovdqu	0x90-0x40($Htbl),$Hkey	# $Hkey^7
+	vpxor		$Zmi,$Xmi,$Xmi
+	 vpunpckhqdq	$Ii,$Ii,$T2
+	vpclmulqdq	\$0x10,$HK,$T1,$Zmi
+	 vmovdqu	0xb0-0x40($Htbl),$HK
+	 vpxor		$Ii,$T2,$T2
+
+	 vmovdqu	($inp),$Ij		# I[0]
+	vpxor		$Xlo,$Zlo,$Zlo
+	vpclmulqdq	\$0x00,$Hkey,$Ii,$Xlo
+	vpxor		$Xhi,$Zhi,$Zhi
+	 vpshufb	$bswap,$Ij,$Ij
+	vpclmulqdq	\$0x11,$Hkey,$Ii,$Xhi
+	 vmovdqu	0xa0-0x40($Htbl),$Hkey	# $Hkey^8
+	vpxor		$Xmi,$Zmi,$Zmi
+	vpclmulqdq	\$0x10,$HK,$T2,$Xmi
+
+	lea		0x80($inp),$inp
+	cmp		\$0x80,$len
+	jb		.Ltail_avx
+
+	vpxor		$Xi,$Ij,$Ij		# accumulate $Xi
+	sub		\$0x80,$len
+	jmp		.Loop8x_avx
+
+.align	32
+.Loop8x_avx:
+	vpunpckhqdq	$Ij,$Ij,$T1
+	 vmovdqu	0x70($inp),$Ii		# I[7]
+	vpxor		$Xlo,$Zlo,$Zlo
+	vpxor		$Ij,$T1,$T1
+	vpclmulqdq	\$0x00,$Hkey,$Ij,$Xi
+	 vpshufb	$bswap,$Ii,$Ii
+	vpxor		$Xhi,$Zhi,$Zhi
+	vpclmulqdq	\$0x11,$Hkey,$Ij,$Xo
+	 vmovdqu	0x00-0x40($Htbl),$Hkey	# $Hkey^1
+	 vpunpckhqdq	$Ii,$Ii,$T2
+	vpxor		$Xmi,$Zmi,$Zmi
+	vpclmulqdq	\$0x00,$HK,$T1,$Tred
+	 vmovdqu	0x20-0x40($Htbl),$HK
+	 vpxor		$Ii,$T2,$T2
+
+	  vmovdqu	0x60($inp),$Ij		# I[6]
+	 vpclmulqdq	\$0x00,$Hkey,$Ii,$Xlo
+	vpxor		$Zlo,$Xi,$Xi		# collect result
+	  vpshufb	$bswap,$Ij,$Ij
+	 vpclmulqdq	\$0x11,$Hkey,$Ii,$Xhi
+	vxorps		$Zhi,$Xo,$Xo
+	  vmovdqu	0x10-0x40($Htbl),$Hkey	# $Hkey^2
+	 vpunpckhqdq	$Ij,$Ij,$T1
+	 vpclmulqdq	\$0x00,$HK,  $T2,$Xmi
+	vpxor		$Zmi,$Tred,$Tred
+	 vxorps		$Ij,$T1,$T1
+
+	  vmovdqu	0x50($inp),$Ii		# I[5]
+	vpxor		$Xi,$Tred,$Tred		# aggregated Karatsuba post-processing
+	 vpclmulqdq	\$0x00,$Hkey,$Ij,$Zlo
+	vpxor		$Xo,$Tred,$Tred
+	vpslldq		\$8,$Tred,$T2
+	 vpxor		$Xlo,$Zlo,$Zlo
+	 vpclmulqdq	\$0x11,$Hkey,$Ij,$Zhi
+	vpsrldq		\$8,$Tred,$Tred
+	vpxor		$T2, $Xi, $Xi
+	  vmovdqu	0x30-0x40($Htbl),$Hkey	# $Hkey^3
+	  vpshufb	$bswap,$Ii,$Ii
+	vxorps		$Tred,$Xo, $Xo
+	 vpxor		$Xhi,$Zhi,$Zhi
+	 vpunpckhqdq	$Ii,$Ii,$T2
+	 vpclmulqdq	\$0x10,$HK,  $T1,$Zmi
+	  vmovdqu	0x50-0x40($Htbl),$HK
+	 vpxor		$Ii,$T2,$T2
+	 vpxor		$Xmi,$Zmi,$Zmi
+
+	  vmovdqu	0x40($inp),$Ij		# I[4]
+	vpalignr	\$8,$Xi,$Xi,$Tred	# 1st phase
+	 vpclmulqdq	\$0x00,$Hkey,$Ii,$Xlo
+	  vpshufb	$bswap,$Ij,$Ij
+	 vpxor		$Zlo,$Xlo,$Xlo
+	 vpclmulqdq	\$0x11,$Hkey,$Ii,$Xhi
+	  vmovdqu	0x40-0x40($Htbl),$Hkey	# $Hkey^4
+	 vpunpckhqdq	$Ij,$Ij,$T1
+	 vpxor		$Zhi,$Xhi,$Xhi
+	 vpclmulqdq	\$0x00,$HK,  $T2,$Xmi
+	 vxorps		$Ij,$T1,$T1
+	 vpxor		$Zmi,$Xmi,$Xmi
+
+	  vmovdqu	0x30($inp),$Ii		# I[3]
+	vpclmulqdq	\$0x10,(%r10),$Xi,$Xi
+	 vpclmulqdq	\$0x00,$Hkey,$Ij,$Zlo
+	  vpshufb	$bswap,$Ii,$Ii
+	 vpxor		$Xlo,$Zlo,$Zlo
+	 vpclmulqdq	\$0x11,$Hkey,$Ij,$Zhi
+	  vmovdqu	0x60-0x40($Htbl),$Hkey	# $Hkey^5
+	 vpunpckhqdq	$Ii,$Ii,$T2
+	 vpxor		$Xhi,$Zhi,$Zhi
+	 vpclmulqdq	\$0x10,$HK,  $T1,$Zmi
+	  vmovdqu	0x80-0x40($Htbl),$HK
+	 vpxor		$Ii,$T2,$T2
+	 vpxor		$Xmi,$Zmi,$Zmi
+
+	  vmovdqu	0x20($inp),$Ij		# I[2]
+	 vpclmulqdq	\$0x00,$Hkey,$Ii,$Xlo
+	  vpshufb	$bswap,$Ij,$Ij
+	 vpxor		$Zlo,$Xlo,$Xlo
+	 vpclmulqdq	\$0x11,$Hkey,$Ii,$Xhi
+	  vmovdqu	0x70-0x40($Htbl),$Hkey	# $Hkey^6
+	 vpunpckhqdq	$Ij,$Ij,$T1
+	 vpxor		$Zhi,$Xhi,$Xhi
+	 vpclmulqdq	\$0x00,$HK,  $T2,$Xmi
+	 vpxor		$Ij,$T1,$T1
+	 vpxor		$Zmi,$Xmi,$Xmi
+	vxorps		$Tred,$Xi,$Xi
+
+	  vmovdqu	0x10($inp),$Ii		# I[1]
+	vpalignr	\$8,$Xi,$Xi,$Tred	# 2nd phase
+	 vpclmulqdq	\$0x00,$Hkey,$Ij,$Zlo
+	  vpshufb	$bswap,$Ii,$Ii
+	 vpxor		$Xlo,$Zlo,$Zlo
+	 vpclmulqdq	\$0x11,$Hkey,$Ij,$Zhi
+	  vmovdqu	0x90-0x40($Htbl),$Hkey	# $Hkey^7
+	vpclmulqdq	\$0x10,(%r10),$Xi,$Xi
+	vxorps		$Xo,$Tred,$Tred
+	 vpunpckhqdq	$Ii,$Ii,$T2
+	 vpxor		$Xhi,$Zhi,$Zhi
+	 vpclmulqdq	\$0x10,$HK,  $T1,$Zmi
+	  vmovdqu	0xb0-0x40($Htbl),$HK
+	 vpxor		$Ii,$T2,$T2
+	 vpxor		$Xmi,$Zmi,$Zmi
+
+	  vmovdqu	($inp),$Ij		# I[0]
+	 vpclmulqdq	\$0x00,$Hkey,$Ii,$Xlo
+	  vpshufb	$bswap,$Ij,$Ij
+	 vpclmulqdq	\$0x11,$Hkey,$Ii,$Xhi
+	  vmovdqu	0xa0-0x40($Htbl),$Hkey	# $Hkey^8
+	vpxor		$Tred,$Ij,$Ij
+	 vpclmulqdq	\$0x10,$HK,  $T2,$Xmi
+	vpxor		$Xi,$Ij,$Ij		# accumulate $Xi
+
+	lea		0x80($inp),$inp
+	sub		\$0x80,$len
+	jnc		.Loop8x_avx
+
+	add		\$0x80,$len
+	jmp		.Ltail_no_xor_avx
+
+.align	32
+.Lshort_avx:
+	vmovdqu		-0x10($inp,$len),$Ii	# very last word
+	lea		($inp,$len),$inp
+	vmovdqu		0x00-0x40($Htbl),$Hkey	# $Hkey^1
+	vmovdqu		0x20-0x40($Htbl),$HK
+	vpshufb		$bswap,$Ii,$Ij
+
+	vmovdqa		$Xlo,$Zlo		# subtle way to zero $Zlo,
+	vmovdqa		$Xhi,$Zhi		# $Zhi and
+	vmovdqa		$Xmi,$Zmi		# $Zmi
+	sub		\$0x10,$len
+	jz		.Ltail_avx
+
+	vpunpckhqdq	$Ij,$Ij,$T1
+	vpxor		$Xlo,$Zlo,$Zlo
+	vpclmulqdq	\$0x00,$Hkey,$Ij,$Xlo
+	vpxor		$Ij,$T1,$T1
+	 vmovdqu	-0x20($inp),$Ii
+	vpxor		$Xhi,$Zhi,$Zhi
+	vpclmulqdq	\$0x11,$Hkey,$Ij,$Xhi
+	vmovdqu		0x10-0x40($Htbl),$Hkey	# $Hkey^2
+	 vpshufb	$bswap,$Ii,$Ij
+	vpxor		$Xmi,$Zmi,$Zmi
+	vpclmulqdq	\$0x00,$HK,$T1,$Xmi
+	vpsrldq		\$8,$HK,$HK
+	sub		\$0x10,$len
+	jz		.Ltail_avx
+
+	vpunpckhqdq	$Ij,$Ij,$T1
+	vpxor		$Xlo,$Zlo,$Zlo
+	vpclmulqdq	\$0x00,$Hkey,$Ij,$Xlo
+	vpxor		$Ij,$T1,$T1
+	 vmovdqu	-0x30($inp),$Ii
+	vpxor		$Xhi,$Zhi,$Zhi
+	vpclmulqdq	\$0x11,$Hkey,$Ij,$Xhi
+	vmovdqu		0x30-0x40($Htbl),$Hkey	# $Hkey^3
+	 vpshufb	$bswap,$Ii,$Ij
+	vpxor		$Xmi,$Zmi,$Zmi
+	vpclmulqdq	\$0x00,$HK,$T1,$Xmi
+	vmovdqu		0x50-0x40($Htbl),$HK
+	sub		\$0x10,$len
+	jz		.Ltail_avx
+
+	vpunpckhqdq	$Ij,$Ij,$T1
+	vpxor		$Xlo,$Zlo,$Zlo
+	vpclmulqdq	\$0x00,$Hkey,$Ij,$Xlo
+	vpxor		$Ij,$T1,$T1
+	 vmovdqu	-0x40($inp),$Ii
+	vpxor		$Xhi,$Zhi,$Zhi
+	vpclmulqdq	\$0x11,$Hkey,$Ij,$Xhi
+	vmovdqu		0x40-0x40($Htbl),$Hkey	# $Hkey^4
+	 vpshufb	$bswap,$Ii,$Ij
+	vpxor		$Xmi,$Zmi,$Zmi
+	vpclmulqdq	\$0x00,$HK,$T1,$Xmi
+	vpsrldq		\$8,$HK,$HK
+	sub		\$0x10,$len
+	jz		.Ltail_avx
+
+	vpunpckhqdq	$Ij,$Ij,$T1
+	vpxor		$Xlo,$Zlo,$Zlo
+	vpclmulqdq	\$0x00,$Hkey,$Ij,$Xlo
+	vpxor		$Ij,$T1,$T1
+	 vmovdqu	-0x50($inp),$Ii
+	vpxor		$Xhi,$Zhi,$Zhi
+	vpclmulqdq	\$0x11,$Hkey,$Ij,$Xhi
+	vmovdqu		0x60-0x40($Htbl),$Hkey	# $Hkey^5
+	 vpshufb	$bswap,$Ii,$Ij
+	vpxor		$Xmi,$Zmi,$Zmi
+	vpclmulqdq	\$0x00,$HK,$T1,$Xmi
+	vmovdqu		0x80-0x40($Htbl),$HK
+	sub		\$0x10,$len
+	jz		.Ltail_avx
+
+	vpunpckhqdq	$Ij,$Ij,$T1
+	vpxor		$Xlo,$Zlo,$Zlo
+	vpclmulqdq	\$0x00,$Hkey,$Ij,$Xlo
+	vpxor		$Ij,$T1,$T1
+	 vmovdqu	-0x60($inp),$Ii
+	vpxor		$Xhi,$Zhi,$Zhi
+	vpclmulqdq	\$0x11,$Hkey,$Ij,$Xhi
+	vmovdqu		0x70-0x40($Htbl),$Hkey	# $Hkey^6
+	 vpshufb	$bswap,$Ii,$Ij
+	vpxor		$Xmi,$Zmi,$Zmi
+	vpclmulqdq	\$0x00,$HK,$T1,$Xmi
+	vpsrldq		\$8,$HK,$HK
+	sub		\$0x10,$len
+	jz		.Ltail_avx
+
+	vpunpckhqdq	$Ij,$Ij,$T1
+	vpxor		$Xlo,$Zlo,$Zlo
+	vpclmulqdq	\$0x00,$Hkey,$Ij,$Xlo
+	vpxor		$Ij,$T1,$T1
+	 vmovdqu	-0x70($inp),$Ii
+	vpxor		$Xhi,$Zhi,$Zhi
+	vpclmulqdq	\$0x11,$Hkey,$Ij,$Xhi
+	vmovdqu		0x90-0x40($Htbl),$Hkey	# $Hkey^7
+	 vpshufb	$bswap,$Ii,$Ij
+	vpxor		$Xmi,$Zmi,$Zmi
+	vpclmulqdq	\$0x00,$HK,$T1,$Xmi
+	vmovq		0xb8-0x40($Htbl),$HK
+	sub		\$0x10,$len
+	jmp		.Ltail_avx
+
+.align	32
+.Ltail_avx:
+	vpxor		$Xi,$Ij,$Ij		# accumulate $Xi
+.Ltail_no_xor_avx:
+	vpunpckhqdq	$Ij,$Ij,$T1
+	vpxor		$Xlo,$Zlo,$Zlo
+	vpclmulqdq	\$0x00,$Hkey,$Ij,$Xlo
+	vpxor		$Ij,$T1,$T1
+	vpxor		$Xhi,$Zhi,$Zhi
+	vpclmulqdq	\$0x11,$Hkey,$Ij,$Xhi
+	vpxor		$Xmi,$Zmi,$Zmi
+	vpclmulqdq	\$0x00,$HK,$T1,$Xmi
+
+	vmovdqu		(%r10),$Tred
+
+	vpxor		$Xlo,$Zlo,$Xi
+	vpxor		$Xhi,$Zhi,$Xo
+	vpxor		$Xmi,$Zmi,$Zmi
+
+	vpxor		$Xi, $Zmi,$Zmi		# aggregated Karatsuba post-processing
+	vpxor		$Xo, $Zmi,$Zmi
+	vpslldq		\$8, $Zmi,$T2
+	vpsrldq		\$8, $Zmi,$Zmi
+	vpxor		$T2, $Xi, $Xi
+	vpxor		$Zmi,$Xo, $Xo
+
+	vpclmulqdq	\$0x10,$Tred,$Xi,$T2	# 1st phase
+	vpalignr	\$8,$Xi,$Xi,$Xi
+	vpxor		$T2,$Xi,$Xi
+
+	vpclmulqdq	\$0x10,$Tred,$Xi,$T2	# 2nd phase
+	vpalignr	\$8,$Xi,$Xi,$Xi
+	vpxor		$Xo,$Xi,$Xi
+	vpxor		$T2,$Xi,$Xi
+
+	cmp		\$0,$len
+	jne		.Lshort_avx
+
+	vpshufb		$bswap,$Xi,$Xi
+	vmovdqu		$Xi,($Xip)
+	vzeroupper
+___
+$code.=<<___ if ($win64);
+	movaps	(%rsp),%xmm6
+	movaps	0x10(%rsp),%xmm7
+	movaps	0x20(%rsp),%xmm8
+	movaps	0x30(%rsp),%xmm9
+	movaps	0x40(%rsp),%xmm10
+	movaps	0x50(%rsp),%xmm11
+	movaps	0x60(%rsp),%xmm12
+	movaps	0x70(%rsp),%xmm13
+	movaps	0x80(%rsp),%xmm14
+	movaps	0x90(%rsp),%xmm15
+	lea	0xa8(%rsp),%rsp
+.LSEH_end_gcm_ghash_avx:
+___
+$code.=<<___;
+	ret
+.cfi_endproc
+.size	gcm_ghash_avx,.-gcm_ghash_avx
+___
+} else {
+$code.=<<___;
+	jmp	.L_ghash_clmul
+.size	gcm_ghash_avx,.-gcm_ghash_avx
+___
+}
+
+$code.=<<___;
+.align	64
+.Lbswap_mask:
+	.byte	15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0
+.L0x1c2_polynomial:
+	.byte	1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0xc2
+.L7_mask:
+	.long	7,0,7,0
+.L7_mask_poly:
+	.long	7,0,`0xE1<<1`,0
+.align	64
+.type	.Lrem_4bit,\@object
+.Lrem_4bit:
+	.long	0,`0x0000<<16`,0,`0x1C20<<16`,0,`0x3840<<16`,0,`0x2460<<16`
+	.long	0,`0x7080<<16`,0,`0x6CA0<<16`,0,`0x48C0<<16`,0,`0x54E0<<16`
+	.long	0,`0xE100<<16`,0,`0xFD20<<16`,0,`0xD940<<16`,0,`0xC560<<16`
+	.long	0,`0x9180<<16`,0,`0x8DA0<<16`,0,`0xA9C0<<16`,0,`0xB5E0<<16`
+.type	.Lrem_8bit,\@object
+.Lrem_8bit:
+	.value	0x0000,0x01C2,0x0384,0x0246,0x0708,0x06CA,0x048C,0x054E
+	.value	0x0E10,0x0FD2,0x0D94,0x0C56,0x0918,0x08DA,0x0A9C,0x0B5E
+	.value	0x1C20,0x1DE2,0x1FA4,0x1E66,0x1B28,0x1AEA,0x18AC,0x196E
+	.value	0x1230,0x13F2,0x11B4,0x1076,0x1538,0x14FA,0x16BC,0x177E
+	.value	0x3840,0x3982,0x3BC4,0x3A06,0x3F48,0x3E8A,0x3CCC,0x3D0E
+	.value	0x3650,0x3792,0x35D4,0x3416,0x3158,0x309A,0x32DC,0x331E
+	.value	0x2460,0x25A2,0x27E4,0x2626,0x2368,0x22AA,0x20EC,0x212E
+	.value	0x2A70,0x2BB2,0x29F4,0x2836,0x2D78,0x2CBA,0x2EFC,0x2F3E
+	.value	0x7080,0x7142,0x7304,0x72C6,0x7788,0x764A,0x740C,0x75CE
+	.value	0x7E90,0x7F52,0x7D14,0x7CD6,0x7998,0x785A,0x7A1C,0x7BDE
+	.value	0x6CA0,0x6D62,0x6F24,0x6EE6,0x6BA8,0x6A6A,0x682C,0x69EE
+	.value	0x62B0,0x6372,0x6134,0x60F6,0x65B8,0x647A,0x663C,0x67FE
+	.value	0x48C0,0x4902,0x4B44,0x4A86,0x4FC8,0x4E0A,0x4C4C,0x4D8E
+	.value	0x46D0,0x4712,0x4554,0x4496,0x41D8,0x401A,0x425C,0x439E
+	.value	0x54E0,0x5522,0x5764,0x56A6,0x53E8,0x522A,0x506C,0x51AE
+	.value	0x5AF0,0x5B32,0x5974,0x58B6,0x5DF8,0x5C3A,0x5E7C,0x5FBE
+	.value	0xE100,0xE0C2,0xE284,0xE346,0xE608,0xE7CA,0xE58C,0xE44E
+	.value	0xEF10,0xEED2,0xEC94,0xED56,0xE818,0xE9DA,0xEB9C,0xEA5E
+	.value	0xFD20,0xFCE2,0xFEA4,0xFF66,0xFA28,0xFBEA,0xF9AC,0xF86E
+	.value	0xF330,0xF2F2,0xF0B4,0xF176,0xF438,0xF5FA,0xF7BC,0xF67E
+	.value	0xD940,0xD882,0xDAC4,0xDB06,0xDE48,0xDF8A,0xDDCC,0xDC0E
+	.value	0xD750,0xD692,0xD4D4,0xD516,0xD058,0xD19A,0xD3DC,0xD21E
+	.value	0xC560,0xC4A2,0xC6E4,0xC726,0xC268,0xC3AA,0xC1EC,0xC02E
+	.value	0xCB70,0xCAB2,0xC8F4,0xC936,0xCC78,0xCDBA,0xCFFC,0xCE3E
+	.value	0x9180,0x9042,0x9204,0x93C6,0x9688,0x974A,0x950C,0x94CE
+	.value	0x9F90,0x9E52,0x9C14,0x9DD6,0x9898,0x995A,0x9B1C,0x9ADE
+	.value	0x8DA0,0x8C62,0x8E24,0x8FE6,0x8AA8,0x8B6A,0x892C,0x88EE
+	.value	0x83B0,0x8272,0x8034,0x81F6,0x84B8,0x857A,0x873C,0x86FE
+	.value	0xA9C0,0xA802,0xAA44,0xAB86,0xAEC8,0xAF0A,0xAD4C,0xAC8E
+	.value	0xA7D0,0xA612,0xA454,0xA596,0xA0D8,0xA11A,0xA35C,0xA29E
+	.value	0xB5E0,0xB422,0xB664,0xB7A6,0xB2E8,0xB32A,0xB16C,0xB0AE
+	.value	0xBBF0,0xBA32,0xB874,0xB9B6,0xBCF8,0xBD3A,0xBF7C,0xBEBE
+
+.asciz	"GHASH for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+.align	64
+___
+
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern	__imp_RtlVirtualUnwind
+.type	se_handler,\@abi-omnipotent
+.align	16
+se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# prologue label
+	cmp	%r10,%rbx		# context->Rip<prologue label
+	jb	.Lin_prologue
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lin_prologue
+
+	lea	48+280(%rax),%rax	# adjust "rsp"
+
+	mov	-8(%rax),%rbx
+	mov	-16(%rax),%rbp
+	mov	-24(%rax),%r12
+	mov	-32(%rax),%r13
+	mov	-40(%rax),%r14
+	mov	-48(%rax),%r15
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+	mov	%r14,232($context)	# restore context->R14
+	mov	%r15,240($context)	# restore context->R15
+
+.Lin_prologue:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$`1232/8`,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	se_handler,.-se_handler
+
+.section	.pdata
+.align	4
+	.rva	.LSEH_begin_gcm_gmult_4bit
+	.rva	.LSEH_end_gcm_gmult_4bit
+	.rva	.LSEH_info_gcm_gmult_4bit
+
+	.rva	.LSEH_begin_gcm_ghash_4bit
+	.rva	.LSEH_end_gcm_ghash_4bit
+	.rva	.LSEH_info_gcm_ghash_4bit
+
+	.rva	.LSEH_begin_gcm_init_clmul
+	.rva	.LSEH_end_gcm_init_clmul
+	.rva	.LSEH_info_gcm_init_clmul
+
+	.rva	.LSEH_begin_gcm_ghash_clmul
+	.rva	.LSEH_end_gcm_ghash_clmul
+	.rva	.LSEH_info_gcm_ghash_clmul
+___
+$code.=<<___	if ($avx);
+	.rva	.LSEH_begin_gcm_init_avx
+	.rva	.LSEH_end_gcm_init_avx
+	.rva	.LSEH_info_gcm_init_clmul
+
+	.rva	.LSEH_begin_gcm_ghash_avx
+	.rva	.LSEH_end_gcm_ghash_avx
+	.rva	.LSEH_info_gcm_ghash_clmul
+___
+$code.=<<___;
+.section	.xdata
+.align	8
+.LSEH_info_gcm_gmult_4bit:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lgmult_prologue,.Lgmult_epilogue	# HandlerData
+.LSEH_info_gcm_ghash_4bit:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lghash_prologue,.Lghash_epilogue	# HandlerData
+.LSEH_info_gcm_init_clmul:
+	.byte	0x01,0x08,0x03,0x00
+	.byte	0x08,0x68,0x00,0x00	#movaps	0x00(rsp),xmm6
+	.byte	0x04,0x22,0x00,0x00	#sub	rsp,0x18
+.LSEH_info_gcm_ghash_clmul:
+	.byte	0x01,0x33,0x16,0x00
+	.byte	0x33,0xf8,0x09,0x00	#movaps 0x90(rsp),xmm15
+	.byte	0x2e,0xe8,0x08,0x00	#movaps 0x80(rsp),xmm14
+	.byte	0x29,0xd8,0x07,0x00	#movaps 0x70(rsp),xmm13
+	.byte	0x24,0xc8,0x06,0x00	#movaps 0x60(rsp),xmm12
+	.byte	0x1f,0xb8,0x05,0x00	#movaps 0x50(rsp),xmm11
+	.byte	0x1a,0xa8,0x04,0x00	#movaps 0x40(rsp),xmm10
+	.byte	0x15,0x98,0x03,0x00	#movaps 0x30(rsp),xmm9
+	.byte	0x10,0x88,0x02,0x00	#movaps 0x20(rsp),xmm8
+	.byte	0x0c,0x78,0x01,0x00	#movaps 0x10(rsp),xmm7
+	.byte	0x08,0x68,0x00,0x00	#movaps 0x00(rsp),xmm6
+	.byte	0x04,0x01,0x15,0x00	#sub	rsp,0xa8
+___
+}
+
+$code =~ s/\`([^\`]*)\`/eval($1)/gem;
+
+print $code;
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghashp8-ppc.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghashp8-ppc.pl
new file mode 100755
index 000000000..6a2ac7129
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghashp8-ppc.pl
@@ -0,0 +1,671 @@
+#! /usr/bin/env perl
+# Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# GHASH for for PowerISA v2.07.
+#
+# July 2014
+#
+# Accurate performance measurements are problematic, because it's
+# always virtualized setup with possibly throttled processor.
+# Relative comparison is therefore more informative. This initial
+# version is ~2.1x slower than hardware-assisted AES-128-CTR, ~12x
+# faster than "4-bit" integer-only compiler-generated 64-bit code.
+# "Initial version" means that there is room for further improvement.
+
+# May 2016
+#
+# 2x aggregated reduction improves performance by 50% (resulting
+# performance on POWER8 is 1 cycle per processed byte), and 4x
+# aggregated reduction - by 170% or 2.7x (resulting in 0.55 cpb).
+# POWER9 delivers 0.51 cpb.
+
+$flavour=shift;
+$output =shift;
+
+if ($flavour =~ /64/) {
+	$SIZE_T=8;
+	$LRSAVE=2*$SIZE_T;
+	$STU="stdu";
+	$POP="ld";
+	$PUSH="std";
+	$UCMP="cmpld";
+	$SHRI="srdi";
+} elsif ($flavour =~ /32/) {
+	$SIZE_T=4;
+	$LRSAVE=$SIZE_T;
+	$STU="stwu";
+	$POP="lwz";
+	$PUSH="stw";
+	$UCMP="cmplw";
+	$SHRI="srwi";
+} else { die "nonsense $flavour"; }
+
+$sp="r1";
+$FRAME=6*$SIZE_T+13*16;	# 13*16 is for v20-v31 offload
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
+die "can't locate ppc-xlate.pl";
+
+open STDOUT,"| $^X $xlate $flavour $output" || die "can't call $xlate: $!";
+
+my ($Xip,$Htbl,$inp,$len)=map("r$_",(3..6));	# argument block
+
+my ($Xl,$Xm,$Xh,$IN)=map("v$_",(0..3));
+my ($zero,$t0,$t1,$t2,$xC2,$H,$Hh,$Hl,$lemask)=map("v$_",(4..12));
+my ($Xl1,$Xm1,$Xh1,$IN1,$H2,$H2h,$H2l)=map("v$_",(13..19));
+my $vrsave="r12";
+
+$code=<<___;
+.machine	"any"
+
+.text
+
+.globl	.gcm_init_p8
+.align	5
+.gcm_init_p8:
+	li		r0,-4096
+	li		r8,0x10
+	mfspr		$vrsave,256
+	li		r9,0x20
+	mtspr		256,r0
+	li		r10,0x30
+	lvx_u		$H,0,r4			# load H
+
+	vspltisb	$xC2,-16		# 0xf0
+	vspltisb	$t0,1			# one
+	vaddubm		$xC2,$xC2,$xC2		# 0xe0
+	vxor		$zero,$zero,$zero
+	vor		$xC2,$xC2,$t0		# 0xe1
+	vsldoi		$xC2,$xC2,$zero,15	# 0xe1...
+	vsldoi		$t1,$zero,$t0,1		# ...1
+	vaddubm		$xC2,$xC2,$xC2		# 0xc2...
+	vspltisb	$t2,7
+	vor		$xC2,$xC2,$t1		# 0xc2....01
+	vspltb		$t1,$H,0		# most significant byte
+	vsl		$H,$H,$t0		# H<<=1
+	vsrab		$t1,$t1,$t2		# broadcast carry bit
+	vand		$t1,$t1,$xC2
+	vxor		$IN,$H,$t1		# twisted H
+
+	vsldoi		$H,$IN,$IN,8		# twist even more ...
+	vsldoi		$xC2,$zero,$xC2,8	# 0xc2.0
+	vsldoi		$Hl,$zero,$H,8		# ... and split
+	vsldoi		$Hh,$H,$zero,8
+
+	stvx_u		$xC2,0,r3		# save pre-computed table
+	stvx_u		$Hl,r8,r3
+	li		r8,0x40
+	stvx_u		$H, r9,r3
+	li		r9,0x50
+	stvx_u		$Hh,r10,r3
+	li		r10,0x60
+
+	vpmsumd		$Xl,$IN,$Hl		# H.lo·H.lo
+	vpmsumd		$Xm,$IN,$H		# H.hi·H.lo+H.lo·H.hi
+	vpmsumd		$Xh,$IN,$Hh		# H.hi·H.hi
+
+	vpmsumd		$t2,$Xl,$xC2		# 1st reduction phase
+
+	vsldoi		$t0,$Xm,$zero,8
+	vsldoi		$t1,$zero,$Xm,8
+	vxor		$Xl,$Xl,$t0
+	vxor		$Xh,$Xh,$t1
+
+	vsldoi		$Xl,$Xl,$Xl,8
+	vxor		$Xl,$Xl,$t2
+
+	vsldoi		$t1,$Xl,$Xl,8		# 2nd reduction phase
+	vpmsumd		$Xl,$Xl,$xC2
+	vxor		$t1,$t1,$Xh
+	vxor		$IN1,$Xl,$t1
+
+	vsldoi		$H2,$IN1,$IN1,8
+	vsldoi		$H2l,$zero,$H2,8
+	vsldoi		$H2h,$H2,$zero,8
+
+	stvx_u		$H2l,r8,r3		# save H^2
+	li		r8,0x70
+	stvx_u		$H2,r9,r3
+	li		r9,0x80
+	stvx_u		$H2h,r10,r3
+	li		r10,0x90
+___
+{
+my ($t4,$t5,$t6) = ($Hl,$H,$Hh);
+$code.=<<___;
+	vpmsumd		$Xl,$IN,$H2l		# H.lo·H^2.lo
+	 vpmsumd	$Xl1,$IN1,$H2l		# H^2.lo·H^2.lo
+	vpmsumd		$Xm,$IN,$H2		# H.hi·H^2.lo+H.lo·H^2.hi
+	 vpmsumd	$Xm1,$IN1,$H2		# H^2.hi·H^2.lo+H^2.lo·H^2.hi
+	vpmsumd		$Xh,$IN,$H2h		# H.hi·H^2.hi
+	 vpmsumd	$Xh1,$IN1,$H2h		# H^2.hi·H^2.hi
+
+	vpmsumd		$t2,$Xl,$xC2		# 1st reduction phase
+	 vpmsumd	$t6,$Xl1,$xC2		# 1st reduction phase
+
+	vsldoi		$t0,$Xm,$zero,8
+	vsldoi		$t1,$zero,$Xm,8
+	 vsldoi		$t4,$Xm1,$zero,8
+	 vsldoi		$t5,$zero,$Xm1,8
+	vxor		$Xl,$Xl,$t0
+	vxor		$Xh,$Xh,$t1
+	 vxor		$Xl1,$Xl1,$t4
+	 vxor		$Xh1,$Xh1,$t5
+
+	vsldoi		$Xl,$Xl,$Xl,8
+	 vsldoi		$Xl1,$Xl1,$Xl1,8
+	vxor		$Xl,$Xl,$t2
+	 vxor		$Xl1,$Xl1,$t6
+
+	vsldoi		$t1,$Xl,$Xl,8		# 2nd reduction phase
+	 vsldoi		$t5,$Xl1,$Xl1,8		# 2nd reduction phase
+	vpmsumd		$Xl,$Xl,$xC2
+	 vpmsumd	$Xl1,$Xl1,$xC2
+	vxor		$t1,$t1,$Xh
+	 vxor		$t5,$t5,$Xh1
+	vxor		$Xl,$Xl,$t1
+	 vxor		$Xl1,$Xl1,$t5
+
+	vsldoi		$H,$Xl,$Xl,8
+	 vsldoi		$H2,$Xl1,$Xl1,8
+	vsldoi		$Hl,$zero,$H,8
+	vsldoi		$Hh,$H,$zero,8
+	 vsldoi		$H2l,$zero,$H2,8
+	 vsldoi		$H2h,$H2,$zero,8
+
+	stvx_u		$Hl,r8,r3		# save H^3
+	li		r8,0xa0
+	stvx_u		$H,r9,r3
+	li		r9,0xb0
+	stvx_u		$Hh,r10,r3
+	li		r10,0xc0
+	 stvx_u		$H2l,r8,r3		# save H^4
+	 stvx_u		$H2,r9,r3
+	 stvx_u		$H2h,r10,r3
+
+	mtspr		256,$vrsave
+	blr
+	.long		0
+	.byte		0,12,0x14,0,0,0,2,0
+	.long		0
+.size	.gcm_init_p8,.-.gcm_init_p8
+___
+}
+$code.=<<___;
+.globl	.gcm_gmult_p8
+.align	5
+.gcm_gmult_p8:
+	lis		r0,0xfff8
+	li		r8,0x10
+	mfspr		$vrsave,256
+	li		r9,0x20
+	mtspr		256,r0
+	li		r10,0x30
+	lvx_u		$IN,0,$Xip		# load Xi
+
+	lvx_u		$Hl,r8,$Htbl		# load pre-computed table
+	 le?lvsl	$lemask,r0,r0
+	lvx_u		$H, r9,$Htbl
+	 le?vspltisb	$t0,0x07
+	lvx_u		$Hh,r10,$Htbl
+	 le?vxor	$lemask,$lemask,$t0
+	lvx_u		$xC2,0,$Htbl
+	 le?vperm	$IN,$IN,$IN,$lemask
+	vxor		$zero,$zero,$zero
+
+	vpmsumd		$Xl,$IN,$Hl		# H.lo·Xi.lo
+	vpmsumd		$Xm,$IN,$H		# H.hi·Xi.lo+H.lo·Xi.hi
+	vpmsumd		$Xh,$IN,$Hh		# H.hi·Xi.hi
+
+	vpmsumd		$t2,$Xl,$xC2		# 1st reduction phase
+
+	vsldoi		$t0,$Xm,$zero,8
+	vsldoi		$t1,$zero,$Xm,8
+	vxor		$Xl,$Xl,$t0
+	vxor		$Xh,$Xh,$t1
+
+	vsldoi		$Xl,$Xl,$Xl,8
+	vxor		$Xl,$Xl,$t2
+
+	vsldoi		$t1,$Xl,$Xl,8		# 2nd reduction phase
+	vpmsumd		$Xl,$Xl,$xC2
+	vxor		$t1,$t1,$Xh
+	vxor		$Xl,$Xl,$t1
+
+	le?vperm	$Xl,$Xl,$Xl,$lemask
+	stvx_u		$Xl,0,$Xip		# write out Xi
+
+	mtspr		256,$vrsave
+	blr
+	.long		0
+	.byte		0,12,0x14,0,0,0,2,0
+	.long		0
+.size	.gcm_gmult_p8,.-.gcm_gmult_p8
+
+.globl	.gcm_ghash_p8
+.align	5
+.gcm_ghash_p8:
+	li		r0,-4096
+	li		r8,0x10
+	mfspr		$vrsave,256
+	li		r9,0x20
+	mtspr		256,r0
+	li		r10,0x30
+	lvx_u		$Xl,0,$Xip		# load Xi
+
+	lvx_u		$Hl,r8,$Htbl		# load pre-computed table
+	li		r8,0x40
+	 le?lvsl	$lemask,r0,r0
+	lvx_u		$H, r9,$Htbl
+	li		r9,0x50
+	 le?vspltisb	$t0,0x07
+	lvx_u		$Hh,r10,$Htbl
+	li		r10,0x60
+	 le?vxor	$lemask,$lemask,$t0
+	lvx_u		$xC2,0,$Htbl
+	 le?vperm	$Xl,$Xl,$Xl,$lemask
+	vxor		$zero,$zero,$zero
+
+	${UCMP}i	$len,64
+	bge		Lgcm_ghash_p8_4x
+
+	lvx_u		$IN,0,$inp
+	addi		$inp,$inp,16
+	subic.		$len,$len,16
+	 le?vperm	$IN,$IN,$IN,$lemask
+	vxor		$IN,$IN,$Xl
+	beq		Lshort
+
+	lvx_u		$H2l,r8,$Htbl		# load H^2
+	li		r8,16
+	lvx_u		$H2, r9,$Htbl
+	add		r9,$inp,$len		# end of input
+	lvx_u		$H2h,r10,$Htbl
+	be?b		Loop_2x
+
+.align	5
+Loop_2x:
+	lvx_u		$IN1,0,$inp
+	le?vperm	$IN1,$IN1,$IN1,$lemask
+
+	 subic		$len,$len,32
+	vpmsumd		$Xl,$IN,$H2l		# H^2.lo·Xi.lo
+	 vpmsumd	$Xl1,$IN1,$Hl		# H.lo·Xi+1.lo
+	 subfe		r0,r0,r0		# borrow?-1:0
+	vpmsumd		$Xm,$IN,$H2		# H^2.hi·Xi.lo+H^2.lo·Xi.hi
+	 vpmsumd	$Xm1,$IN1,$H		# H.hi·Xi+1.lo+H.lo·Xi+1.hi
+	 and		r0,r0,$len
+	vpmsumd		$Xh,$IN,$H2h		# H^2.hi·Xi.hi
+	 vpmsumd	$Xh1,$IN1,$Hh		# H.hi·Xi+1.hi
+	 add		$inp,$inp,r0
+
+	vxor		$Xl,$Xl,$Xl1
+	vxor		$Xm,$Xm,$Xm1
+
+	vpmsumd		$t2,$Xl,$xC2		# 1st reduction phase
+
+	vsldoi		$t0,$Xm,$zero,8
+	vsldoi		$t1,$zero,$Xm,8
+	 vxor		$Xh,$Xh,$Xh1
+	vxor		$Xl,$Xl,$t0
+	vxor		$Xh,$Xh,$t1
+
+	vsldoi		$Xl,$Xl,$Xl,8
+	vxor		$Xl,$Xl,$t2
+	 lvx_u		$IN,r8,$inp
+	 addi		$inp,$inp,32
+
+	vsldoi		$t1,$Xl,$Xl,8		# 2nd reduction phase
+	vpmsumd		$Xl,$Xl,$xC2
+	 le?vperm	$IN,$IN,$IN,$lemask
+	vxor		$t1,$t1,$Xh
+	vxor		$IN,$IN,$t1
+	vxor		$IN,$IN,$Xl
+	$UCMP		r9,$inp
+	bgt		Loop_2x			# done yet?
+
+	cmplwi		$len,0
+	bne		Leven
+
+Lshort:
+	vpmsumd		$Xl,$IN,$Hl		# H.lo·Xi.lo
+	vpmsumd		$Xm,$IN,$H		# H.hi·Xi.lo+H.lo·Xi.hi
+	vpmsumd		$Xh,$IN,$Hh		# H.hi·Xi.hi
+
+	vpmsumd		$t2,$Xl,$xC2		# 1st reduction phase
+
+	vsldoi		$t0,$Xm,$zero,8
+	vsldoi		$t1,$zero,$Xm,8
+	vxor		$Xl,$Xl,$t0
+	vxor		$Xh,$Xh,$t1
+
+	vsldoi		$Xl,$Xl,$Xl,8
+	vxor		$Xl,$Xl,$t2
+
+	vsldoi		$t1,$Xl,$Xl,8		# 2nd reduction phase
+	vpmsumd		$Xl,$Xl,$xC2
+	vxor		$t1,$t1,$Xh
+
+Leven:
+	vxor		$Xl,$Xl,$t1
+	le?vperm	$Xl,$Xl,$Xl,$lemask
+	stvx_u		$Xl,0,$Xip		# write out Xi
+
+	mtspr		256,$vrsave
+	blr
+	.long		0
+	.byte		0,12,0x14,0,0,0,4,0
+	.long		0
+___
+{
+my ($Xl3,$Xm2,$IN2,$H3l,$H3,$H3h,
+    $Xh3,$Xm3,$IN3,$H4l,$H4,$H4h) = map("v$_",(20..31));
+my $IN0=$IN;
+my ($H21l,$H21h,$loperm,$hiperm) = ($Hl,$Hh,$H2l,$H2h);
+
+$code.=<<___;
+.align	5
+.gcm_ghash_p8_4x:
+Lgcm_ghash_p8_4x:
+	$STU		$sp,-$FRAME($sp)
+	li		r10,`15+6*$SIZE_T`
+	li		r11,`31+6*$SIZE_T`
+	stvx		v20,r10,$sp
+	addi		r10,r10,32
+	stvx		v21,r11,$sp
+	addi		r11,r11,32
+	stvx		v22,r10,$sp
+	addi		r10,r10,32
+	stvx		v23,r11,$sp
+	addi		r11,r11,32
+	stvx		v24,r10,$sp
+	addi		r10,r10,32
+	stvx		v25,r11,$sp
+	addi		r11,r11,32
+	stvx		v26,r10,$sp
+	addi		r10,r10,32
+	stvx		v27,r11,$sp
+	addi		r11,r11,32
+	stvx		v28,r10,$sp
+	addi		r10,r10,32
+	stvx		v29,r11,$sp
+	addi		r11,r11,32
+	stvx		v30,r10,$sp
+	li		r10,0x60
+	stvx		v31,r11,$sp
+	li		r0,-1
+	stw		$vrsave,`$FRAME-4`($sp)	# save vrsave
+	mtspr		256,r0			# preserve all AltiVec registers
+
+	lvsl		$t0,0,r8		# 0x0001..0e0f
+	#lvx_u		$H2l,r8,$Htbl		# load H^2
+	li		r8,0x70
+	lvx_u		$H2, r9,$Htbl
+	li		r9,0x80
+	vspltisb	$t1,8			# 0x0808..0808
+	#lvx_u		$H2h,r10,$Htbl
+	li		r10,0x90
+	lvx_u		$H3l,r8,$Htbl		# load H^3
+	li		r8,0xa0
+	lvx_u		$H3, r9,$Htbl
+	li		r9,0xb0
+	lvx_u		$H3h,r10,$Htbl
+	li		r10,0xc0
+	lvx_u		$H4l,r8,$Htbl		# load H^4
+	li		r8,0x10
+	lvx_u		$H4, r9,$Htbl
+	li		r9,0x20
+	lvx_u		$H4h,r10,$Htbl
+	li		r10,0x30
+
+	vsldoi		$t2,$zero,$t1,8		# 0x0000..0808
+	vaddubm		$hiperm,$t0,$t2		# 0x0001..1617
+	vaddubm		$loperm,$t1,$hiperm	# 0x0809..1e1f
+
+	$SHRI		$len,$len,4		# this allows to use sign bit
+						# as carry
+	lvx_u		$IN0,0,$inp		# load input
+	lvx_u		$IN1,r8,$inp
+	subic.		$len,$len,8
+	lvx_u		$IN2,r9,$inp
+	lvx_u		$IN3,r10,$inp
+	addi		$inp,$inp,0x40
+	le?vperm	$IN0,$IN0,$IN0,$lemask
+	le?vperm	$IN1,$IN1,$IN1,$lemask
+	le?vperm	$IN2,$IN2,$IN2,$lemask
+	le?vperm	$IN3,$IN3,$IN3,$lemask
+
+	vxor		$Xh,$IN0,$Xl
+
+	 vpmsumd	$Xl1,$IN1,$H3l
+	 vpmsumd	$Xm1,$IN1,$H3
+	 vpmsumd	$Xh1,$IN1,$H3h
+
+	 vperm		$H21l,$H2,$H,$hiperm
+	 vperm		$t0,$IN2,$IN3,$loperm
+	 vperm		$H21h,$H2,$H,$loperm
+	 vperm		$t1,$IN2,$IN3,$hiperm
+	 vpmsumd	$Xm2,$IN2,$H2		# H^2.lo·Xi+2.hi+H^2.hi·Xi+2.lo
+	 vpmsumd	$Xl3,$t0,$H21l		# H^2.lo·Xi+2.lo+H.lo·Xi+3.lo
+	 vpmsumd	$Xm3,$IN3,$H		# H.hi·Xi+3.lo  +H.lo·Xi+3.hi
+	 vpmsumd	$Xh3,$t1,$H21h		# H^2.hi·Xi+2.hi+H.hi·Xi+3.hi
+
+	 vxor		$Xm2,$Xm2,$Xm1
+	 vxor		$Xl3,$Xl3,$Xl1
+	 vxor		$Xm3,$Xm3,$Xm2
+	 vxor		$Xh3,$Xh3,$Xh1
+
+	blt		Ltail_4x
+
+Loop_4x:
+	lvx_u		$IN0,0,$inp
+	lvx_u		$IN1,r8,$inp
+	subic.		$len,$len,4
+	lvx_u		$IN2,r9,$inp
+	lvx_u		$IN3,r10,$inp
+	addi		$inp,$inp,0x40
+	le?vperm	$IN1,$IN1,$IN1,$lemask
+	le?vperm	$IN2,$IN2,$IN2,$lemask
+	le?vperm	$IN3,$IN3,$IN3,$lemask
+	le?vperm	$IN0,$IN0,$IN0,$lemask
+
+	vpmsumd		$Xl,$Xh,$H4l		# H^4.lo·Xi.lo
+	vpmsumd		$Xm,$Xh,$H4		# H^4.hi·Xi.lo+H^4.lo·Xi.hi
+	vpmsumd		$Xh,$Xh,$H4h		# H^4.hi·Xi.hi
+	 vpmsumd	$Xl1,$IN1,$H3l
+	 vpmsumd	$Xm1,$IN1,$H3
+	 vpmsumd	$Xh1,$IN1,$H3h
+
+	vxor		$Xl,$Xl,$Xl3
+	vxor		$Xm,$Xm,$Xm3
+	vxor		$Xh,$Xh,$Xh3
+	 vperm		$t0,$IN2,$IN3,$loperm
+	 vperm		$t1,$IN2,$IN3,$hiperm
+
+	vpmsumd		$t2,$Xl,$xC2		# 1st reduction phase
+	 vpmsumd	$Xl3,$t0,$H21l		# H.lo·Xi+3.lo  +H^2.lo·Xi+2.lo
+	 vpmsumd	$Xh3,$t1,$H21h		# H.hi·Xi+3.hi  +H^2.hi·Xi+2.hi
+
+	vsldoi		$t0,$Xm,$zero,8
+	vsldoi		$t1,$zero,$Xm,8
+	vxor		$Xl,$Xl,$t0
+	vxor		$Xh,$Xh,$t1
+
+	vsldoi		$Xl,$Xl,$Xl,8
+	vxor		$Xl,$Xl,$t2
+
+	vsldoi		$t1,$Xl,$Xl,8		# 2nd reduction phase
+	 vpmsumd	$Xm2,$IN2,$H2		# H^2.hi·Xi+2.lo+H^2.lo·Xi+2.hi
+	 vpmsumd	$Xm3,$IN3,$H		# H.hi·Xi+3.lo  +H.lo·Xi+3.hi
+	vpmsumd		$Xl,$Xl,$xC2
+
+	 vxor		$Xl3,$Xl3,$Xl1
+	 vxor		$Xh3,$Xh3,$Xh1
+	vxor		$Xh,$Xh,$IN0
+	 vxor		$Xm2,$Xm2,$Xm1
+	vxor		$Xh,$Xh,$t1
+	 vxor		$Xm3,$Xm3,$Xm2
+	vxor		$Xh,$Xh,$Xl
+	bge		Loop_4x
+
+Ltail_4x:
+	vpmsumd		$Xl,$Xh,$H4l		# H^4.lo·Xi.lo
+	vpmsumd		$Xm,$Xh,$H4		# H^4.hi·Xi.lo+H^4.lo·Xi.hi
+	vpmsumd		$Xh,$Xh,$H4h		# H^4.hi·Xi.hi
+
+	vxor		$Xl,$Xl,$Xl3
+	vxor		$Xm,$Xm,$Xm3
+
+	vpmsumd		$t2,$Xl,$xC2		# 1st reduction phase
+
+	vsldoi		$t0,$Xm,$zero,8
+	vsldoi		$t1,$zero,$Xm,8
+	 vxor		$Xh,$Xh,$Xh3
+	vxor		$Xl,$Xl,$t0
+	vxor		$Xh,$Xh,$t1
+
+	vsldoi		$Xl,$Xl,$Xl,8
+	vxor		$Xl,$Xl,$t2
+
+	vsldoi		$t1,$Xl,$Xl,8		# 2nd reduction phase
+	vpmsumd		$Xl,$Xl,$xC2
+	vxor		$t1,$t1,$Xh
+	vxor		$Xl,$Xl,$t1
+
+	addic.		$len,$len,4
+	beq		Ldone_4x
+
+	lvx_u		$IN0,0,$inp
+	${UCMP}i	$len,2
+	li		$len,-4
+	blt		Lone
+	lvx_u		$IN1,r8,$inp
+	beq		Ltwo
+
+Lthree:
+	lvx_u		$IN2,r9,$inp
+	le?vperm	$IN0,$IN0,$IN0,$lemask
+	le?vperm	$IN1,$IN1,$IN1,$lemask
+	le?vperm	$IN2,$IN2,$IN2,$lemask
+
+	vxor		$Xh,$IN0,$Xl
+	vmr		$H4l,$H3l
+	vmr		$H4, $H3
+	vmr		$H4h,$H3h
+
+	vperm		$t0,$IN1,$IN2,$loperm
+	vperm		$t1,$IN1,$IN2,$hiperm
+	vpmsumd		$Xm2,$IN1,$H2		# H^2.lo·Xi+1.hi+H^2.hi·Xi+1.lo
+	vpmsumd		$Xm3,$IN2,$H		# H.hi·Xi+2.lo  +H.lo·Xi+2.hi
+	vpmsumd		$Xl3,$t0,$H21l		# H^2.lo·Xi+1.lo+H.lo·Xi+2.lo
+	vpmsumd		$Xh3,$t1,$H21h		# H^2.hi·Xi+1.hi+H.hi·Xi+2.hi
+
+	vxor		$Xm3,$Xm3,$Xm2
+	b		Ltail_4x
+
+.align	4
+Ltwo:
+	le?vperm	$IN0,$IN0,$IN0,$lemask
+	le?vperm	$IN1,$IN1,$IN1,$lemask
+
+	vxor		$Xh,$IN0,$Xl
+	vperm		$t0,$zero,$IN1,$loperm
+	vperm		$t1,$zero,$IN1,$hiperm
+
+	vsldoi		$H4l,$zero,$H2,8
+	vmr		$H4, $H2
+	vsldoi		$H4h,$H2,$zero,8
+
+	vpmsumd		$Xl3,$t0, $H21l		# H.lo·Xi+1.lo
+	vpmsumd		$Xm3,$IN1,$H		# H.hi·Xi+1.lo+H.lo·Xi+2.hi
+	vpmsumd		$Xh3,$t1, $H21h		# H.hi·Xi+1.hi
+
+	b		Ltail_4x
+
+.align	4
+Lone:
+	le?vperm	$IN0,$IN0,$IN0,$lemask
+
+	vsldoi		$H4l,$zero,$H,8
+	vmr		$H4, $H
+	vsldoi		$H4h,$H,$zero,8
+
+	vxor		$Xh,$IN0,$Xl
+	vxor		$Xl3,$Xl3,$Xl3
+	vxor		$Xm3,$Xm3,$Xm3
+	vxor		$Xh3,$Xh3,$Xh3
+
+	b		Ltail_4x
+
+Ldone_4x:
+	le?vperm	$Xl,$Xl,$Xl,$lemask
+	stvx_u		$Xl,0,$Xip		# write out Xi
+
+	li		r10,`15+6*$SIZE_T`
+	li		r11,`31+6*$SIZE_T`
+	mtspr		256,$vrsave
+	lvx		v20,r10,$sp
+	addi		r10,r10,32
+	lvx		v21,r11,$sp
+	addi		r11,r11,32
+	lvx		v22,r10,$sp
+	addi		r10,r10,32
+	lvx		v23,r11,$sp
+	addi		r11,r11,32
+	lvx		v24,r10,$sp
+	addi		r10,r10,32
+	lvx		v25,r11,$sp
+	addi		r11,r11,32
+	lvx		v26,r10,$sp
+	addi		r10,r10,32
+	lvx		v27,r11,$sp
+	addi		r11,r11,32
+	lvx		v28,r10,$sp
+	addi		r10,r10,32
+	lvx		v29,r11,$sp
+	addi		r11,r11,32
+	lvx		v30,r10,$sp
+	lvx		v31,r11,$sp
+	addi		$sp,$sp,$FRAME
+	blr
+	.long		0
+	.byte		0,12,0x04,0,0x80,0,4,0
+	.long		0
+___
+}
+$code.=<<___;
+.size	.gcm_ghash_p8,.-.gcm_ghash_p8
+
+.asciz  "GHASH for PowerISA 2.07, CRYPTOGAMS by <appro\@openssl.org>"
+.align  2
+___
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/geo;
+
+	if ($flavour =~ /le$/o) {	# little-endian
+	    s/le\?//o		or
+	    s/be\?/#be#/o;
+	} else {
+	    s/le\?/#le#/o	or
+	    s/be\?//o;
+	}
+	print $_,"\n";
+}
+
+close STDOUT; # enforce flush
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghashv8-armx.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghashv8-armx.pl
new file mode 100644
index 000000000..47e882008
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghashv8-armx.pl
@@ -0,0 +1,781 @@
+#! /usr/bin/env perl
+# Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# GHASH for ARMv8 Crypto Extension, 64-bit polynomial multiplication.
+#
+# June 2014
+#
+# Initial version was developed in tight cooperation with Ard
+# Biesheuvel of Linaro from bits-n-pieces from other assembly modules.
+# Just like aesv8-armx.pl this module supports both AArch32 and
+# AArch64 execution modes.
+#
+# July 2014
+#
+# Implement 2x aggregated reduction [see ghash-x86.pl for background
+# information].
+#
+# November 2017
+#
+# AArch64 register bank to "accommodate" 4x aggregated reduction and
+# improve performance by 20-70% depending on processor.
+#
+# Current performance in cycles per processed byte:
+#
+#		64-bit PMULL	32-bit PMULL	32-bit NEON(*)
+# Apple A7	0.58		0.92		5.62
+# Cortex-A53	0.85		1.01		8.39
+# Cortex-A57	0.73		1.17		7.61
+# Denver	0.51		0.65		6.02
+# Mongoose	0.65		1.10		8.06
+# Kryo		0.76		1.16		8.00
+#
+# (*)	presented for reference/comparison purposes;
+
+$flavour = shift;
+$output  = shift;
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
+die "can't locate arm-xlate.pl";
+
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
+
+$Xi="x0";	# argument block
+$Htbl="x1";
+$inp="x2";
+$len="x3";
+
+$inc="x12";
+
+{
+my ($Xl,$Xm,$Xh,$IN)=map("q$_",(0..3));
+my ($t0,$t1,$t2,$xC2,$H,$Hhl,$H2)=map("q$_",(8..14));
+
+$code=<<___;
+#include "arm_arch.h"
+
+#if __ARM_MAX_ARCH__>=7
+.text
+___
+$code.=".arch	armv8-a+crypto\n"	if ($flavour =~ /64/);
+$code.=<<___				if ($flavour !~ /64/);
+.fpu	neon
+.code	32
+#undef	__thumb2__
+___
+
+################################################################################
+# void gcm_init_v8(u128 Htable[16],const u64 H[2]);
+#
+# input:	128-bit H - secret parameter E(K,0^128)
+# output:	precomputed table filled with degrees of twisted H;
+#		H is twisted to handle reverse bitness of GHASH;
+#		only few of 16 slots of Htable[16] are used;
+#		data is opaque to outside world (which allows to
+#		optimize the code independently);
+#
+$code.=<<___;
+.global	gcm_init_v8
+.type	gcm_init_v8,%function
+.align	4
+gcm_init_v8:
+	vld1.64		{$t1},[x1]		@ load input H
+	vmov.i8		$xC2,#0xe1
+	vshl.i64	$xC2,$xC2,#57		@ 0xc2.0
+	vext.8		$IN,$t1,$t1,#8
+	vshr.u64	$t2,$xC2,#63
+	vdup.32		$t1,${t1}[1]
+	vext.8		$t0,$t2,$xC2,#8		@ t0=0xc2....01
+	vshr.u64	$t2,$IN,#63
+	vshr.s32	$t1,$t1,#31		@ broadcast carry bit
+	vand		$t2,$t2,$t0
+	vshl.i64	$IN,$IN,#1
+	vext.8		$t2,$t2,$t2,#8
+	vand		$t0,$t0,$t1
+	vorr		$IN,$IN,$t2		@ H<<<=1
+	veor		$H,$IN,$t0		@ twisted H
+	vst1.64		{$H},[x0],#16		@ store Htable[0]
+
+	@ calculate H^2
+	vext.8		$t0,$H,$H,#8		@ Karatsuba pre-processing
+	vpmull.p64	$Xl,$H,$H
+	veor		$t0,$t0,$H
+	vpmull2.p64	$Xh,$H,$H
+	vpmull.p64	$Xm,$t0,$t0
+
+	vext.8		$t1,$Xl,$Xh,#8		@ Karatsuba post-processing
+	veor		$t2,$Xl,$Xh
+	veor		$Xm,$Xm,$t1
+	veor		$Xm,$Xm,$t2
+	vpmull.p64	$t2,$Xl,$xC2		@ 1st phase
+
+	vmov		$Xh#lo,$Xm#hi		@ Xh|Xm - 256-bit result
+	vmov		$Xm#hi,$Xl#lo		@ Xm is rotated Xl
+	veor		$Xl,$Xm,$t2
+
+	vext.8		$t2,$Xl,$Xl,#8		@ 2nd phase
+	vpmull.p64	$Xl,$Xl,$xC2
+	veor		$t2,$t2,$Xh
+	veor		$H2,$Xl,$t2
+
+	vext.8		$t1,$H2,$H2,#8		@ Karatsuba pre-processing
+	veor		$t1,$t1,$H2
+	vext.8		$Hhl,$t0,$t1,#8		@ pack Karatsuba pre-processed
+	vst1.64		{$Hhl-$H2},[x0],#32	@ store Htable[1..2]
+___
+if ($flavour =~ /64/) {
+my ($t3,$Yl,$Ym,$Yh) = map("q$_",(4..7));
+
+$code.=<<___;
+	@ calculate H^3 and H^4
+	vpmull.p64	$Xl,$H, $H2
+	 vpmull.p64	$Yl,$H2,$H2
+	vpmull2.p64	$Xh,$H, $H2
+	 vpmull2.p64	$Yh,$H2,$H2
+	vpmull.p64	$Xm,$t0,$t1
+	 vpmull.p64	$Ym,$t1,$t1
+
+	vext.8		$t0,$Xl,$Xh,#8		@ Karatsuba post-processing
+	 vext.8		$t1,$Yl,$Yh,#8
+	veor		$t2,$Xl,$Xh
+	veor		$Xm,$Xm,$t0
+	 veor		$t3,$Yl,$Yh
+	 veor		$Ym,$Ym,$t1
+	veor		$Xm,$Xm,$t2
+	vpmull.p64	$t2,$Xl,$xC2		@ 1st phase
+	 veor		$Ym,$Ym,$t3
+	 vpmull.p64	$t3,$Yl,$xC2
+
+	vmov		$Xh#lo,$Xm#hi		@ Xh|Xm - 256-bit result
+	 vmov		$Yh#lo,$Ym#hi
+	vmov		$Xm#hi,$Xl#lo		@ Xm is rotated Xl
+	 vmov		$Ym#hi,$Yl#lo
+	veor		$Xl,$Xm,$t2
+	 veor		$Yl,$Ym,$t3
+
+	vext.8		$t2,$Xl,$Xl,#8		@ 2nd phase
+	 vext.8		$t3,$Yl,$Yl,#8
+	vpmull.p64	$Xl,$Xl,$xC2
+	 vpmull.p64	$Yl,$Yl,$xC2
+	veor		$t2,$t2,$Xh
+	 veor		$t3,$t3,$Yh
+	veor		$H, $Xl,$t2		@ H^3
+	 veor		$H2,$Yl,$t3		@ H^4
+
+	vext.8		$t0,$H, $H,#8		@ Karatsuba pre-processing
+	 vext.8		$t1,$H2,$H2,#8
+	veor		$t0,$t0,$H
+	 veor		$t1,$t1,$H2
+	vext.8		$Hhl,$t0,$t1,#8		@ pack Karatsuba pre-processed
+	vst1.64		{$H-$H2},[x0]		@ store Htable[3..5]
+___
+}
+$code.=<<___;
+	ret
+.size	gcm_init_v8,.-gcm_init_v8
+___
+################################################################################
+# void gcm_gmult_v8(u64 Xi[2],const u128 Htable[16]);
+#
+# input:	Xi - current hash value;
+#		Htable - table precomputed in gcm_init_v8;
+# output:	Xi - next hash value Xi;
+#
+$code.=<<___;
+.global	gcm_gmult_v8
+.type	gcm_gmult_v8,%function
+.align	4
+gcm_gmult_v8:
+	vld1.64		{$t1},[$Xi]		@ load Xi
+	vmov.i8		$xC2,#0xe1
+	vld1.64		{$H-$Hhl},[$Htbl]	@ load twisted H, ...
+	vshl.u64	$xC2,$xC2,#57
+#ifndef __ARMEB__
+	vrev64.8	$t1,$t1
+#endif
+	vext.8		$IN,$t1,$t1,#8
+
+	vpmull.p64	$Xl,$H,$IN		@ H.lo·Xi.lo
+	veor		$t1,$t1,$IN		@ Karatsuba pre-processing
+	vpmull2.p64	$Xh,$H,$IN		@ H.hi·Xi.hi
+	vpmull.p64	$Xm,$Hhl,$t1		@ (H.lo+H.hi)·(Xi.lo+Xi.hi)
+
+	vext.8		$t1,$Xl,$Xh,#8		@ Karatsuba post-processing
+	veor		$t2,$Xl,$Xh
+	veor		$Xm,$Xm,$t1
+	veor		$Xm,$Xm,$t2
+	vpmull.p64	$t2,$Xl,$xC2		@ 1st phase of reduction
+
+	vmov		$Xh#lo,$Xm#hi		@ Xh|Xm - 256-bit result
+	vmov		$Xm#hi,$Xl#lo		@ Xm is rotated Xl
+	veor		$Xl,$Xm,$t2
+
+	vext.8		$t2,$Xl,$Xl,#8		@ 2nd phase of reduction
+	vpmull.p64	$Xl,$Xl,$xC2
+	veor		$t2,$t2,$Xh
+	veor		$Xl,$Xl,$t2
+
+#ifndef __ARMEB__
+	vrev64.8	$Xl,$Xl
+#endif
+	vext.8		$Xl,$Xl,$Xl,#8
+	vst1.64		{$Xl},[$Xi]		@ write out Xi
+
+	ret
+.size	gcm_gmult_v8,.-gcm_gmult_v8
+___
+################################################################################
+# void gcm_ghash_v8(u64 Xi[2],const u128 Htable[16],const u8 *inp,size_t len);
+#
+# input:	table precomputed in gcm_init_v8;
+#		current hash value Xi;
+#		pointer to input data;
+#		length of input data in bytes, but divisible by block size;
+# output:	next hash value Xi;
+#
+$code.=<<___;
+.global	gcm_ghash_v8
+.type	gcm_ghash_v8,%function
+.align	4
+gcm_ghash_v8:
+___
+$code.=<<___	if ($flavour =~ /64/);
+	cmp		$len,#64
+	b.hs		.Lgcm_ghash_v8_4x
+___
+$code.=<<___		if ($flavour !~ /64/);
+	vstmdb		sp!,{d8-d15}		@ 32-bit ABI says so
+___
+$code.=<<___;
+	vld1.64		{$Xl},[$Xi]		@ load [rotated] Xi
+						@ "[rotated]" means that
+						@ loaded value would have
+						@ to be rotated in order to
+						@ make it appear as in
+						@ algorithm specification
+	subs		$len,$len,#32		@ see if $len is 32 or larger
+	mov		$inc,#16		@ $inc is used as post-
+						@ increment for input pointer;
+						@ as loop is modulo-scheduled
+						@ $inc is zeroed just in time
+						@ to preclude overstepping
+						@ inp[len], which means that
+						@ last block[s] are actually
+						@ loaded twice, but last
+						@ copy is not processed
+	vld1.64		{$H-$Hhl},[$Htbl],#32	@ load twisted H, ..., H^2
+	vmov.i8		$xC2,#0xe1
+	vld1.64		{$H2},[$Htbl]
+	cclr		$inc,eq			@ is it time to zero $inc?
+	vext.8		$Xl,$Xl,$Xl,#8		@ rotate Xi
+	vld1.64		{$t0},[$inp],#16	@ load [rotated] I[0]
+	vshl.u64	$xC2,$xC2,#57		@ compose 0xc2.0 constant
+#ifndef __ARMEB__
+	vrev64.8	$t0,$t0
+	vrev64.8	$Xl,$Xl
+#endif
+	vext.8		$IN,$t0,$t0,#8		@ rotate I[0]
+	b.lo		.Lodd_tail_v8		@ $len was less than 32
+___
+{ my ($Xln,$Xmn,$Xhn,$In) = map("q$_",(4..7));
+	#######
+	# Xi+2 =[H*(Ii+1 + Xi+1)] mod P =
+	#	[(H*Ii+1) + (H*Xi+1)] mod P =
+	#	[(H*Ii+1) + H^2*(Ii+Xi)] mod P
+	#
+$code.=<<___;
+	vld1.64		{$t1},[$inp],$inc	@ load [rotated] I[1]
+#ifndef __ARMEB__
+	vrev64.8	$t1,$t1
+#endif
+	vext.8		$In,$t1,$t1,#8
+	veor		$IN,$IN,$Xl		@ I[i]^=Xi
+	vpmull.p64	$Xln,$H,$In		@ H·Ii+1
+	veor		$t1,$t1,$In		@ Karatsuba pre-processing
+	vpmull2.p64	$Xhn,$H,$In
+	b		.Loop_mod2x_v8
+
+.align	4
+.Loop_mod2x_v8:
+	vext.8		$t2,$IN,$IN,#8
+	subs		$len,$len,#32		@ is there more data?
+	vpmull.p64	$Xl,$H2,$IN		@ H^2.lo·Xi.lo
+	cclr		$inc,lo			@ is it time to zero $inc?
+
+	 vpmull.p64	$Xmn,$Hhl,$t1
+	veor		$t2,$t2,$IN		@ Karatsuba pre-processing
+	vpmull2.p64	$Xh,$H2,$IN		@ H^2.hi·Xi.hi
+	veor		$Xl,$Xl,$Xln		@ accumulate
+	vpmull2.p64	$Xm,$Hhl,$t2		@ (H^2.lo+H^2.hi)·(Xi.lo+Xi.hi)
+	 vld1.64	{$t0},[$inp],$inc	@ load [rotated] I[i+2]
+
+	veor		$Xh,$Xh,$Xhn
+	 cclr		$inc,eq			@ is it time to zero $inc?
+	veor		$Xm,$Xm,$Xmn
+
+	vext.8		$t1,$Xl,$Xh,#8		@ Karatsuba post-processing
+	veor		$t2,$Xl,$Xh
+	veor		$Xm,$Xm,$t1
+	 vld1.64	{$t1},[$inp],$inc	@ load [rotated] I[i+3]
+#ifndef __ARMEB__
+	 vrev64.8	$t0,$t0
+#endif
+	veor		$Xm,$Xm,$t2
+	vpmull.p64	$t2,$Xl,$xC2		@ 1st phase of reduction
+
+#ifndef __ARMEB__
+	 vrev64.8	$t1,$t1
+#endif
+	vmov		$Xh#lo,$Xm#hi		@ Xh|Xm - 256-bit result
+	vmov		$Xm#hi,$Xl#lo		@ Xm is rotated Xl
+	 vext.8		$In,$t1,$t1,#8
+	 vext.8		$IN,$t0,$t0,#8
+	veor		$Xl,$Xm,$t2
+	 vpmull.p64	$Xln,$H,$In		@ H·Ii+1
+	veor		$IN,$IN,$Xh		@ accumulate $IN early
+
+	vext.8		$t2,$Xl,$Xl,#8		@ 2nd phase of reduction
+	vpmull.p64	$Xl,$Xl,$xC2
+	veor		$IN,$IN,$t2
+	 veor		$t1,$t1,$In		@ Karatsuba pre-processing
+	veor		$IN,$IN,$Xl
+	 vpmull2.p64	$Xhn,$H,$In
+	b.hs		.Loop_mod2x_v8		@ there was at least 32 more bytes
+
+	veor		$Xh,$Xh,$t2
+	vext.8		$IN,$t0,$t0,#8		@ re-construct $IN
+	adds		$len,$len,#32		@ re-construct $len
+	veor		$Xl,$Xl,$Xh		@ re-construct $Xl
+	b.eq		.Ldone_v8		@ is $len zero?
+___
+}
+$code.=<<___;
+.Lodd_tail_v8:
+	vext.8		$t2,$Xl,$Xl,#8
+	veor		$IN,$IN,$Xl		@ inp^=Xi
+	veor		$t1,$t0,$t2		@ $t1 is rotated inp^Xi
+
+	vpmull.p64	$Xl,$H,$IN		@ H.lo·Xi.lo
+	veor		$t1,$t1,$IN		@ Karatsuba pre-processing
+	vpmull2.p64	$Xh,$H,$IN		@ H.hi·Xi.hi
+	vpmull.p64	$Xm,$Hhl,$t1		@ (H.lo+H.hi)·(Xi.lo+Xi.hi)
+
+	vext.8		$t1,$Xl,$Xh,#8		@ Karatsuba post-processing
+	veor		$t2,$Xl,$Xh
+	veor		$Xm,$Xm,$t1
+	veor		$Xm,$Xm,$t2
+	vpmull.p64	$t2,$Xl,$xC2		@ 1st phase of reduction
+
+	vmov		$Xh#lo,$Xm#hi		@ Xh|Xm - 256-bit result
+	vmov		$Xm#hi,$Xl#lo		@ Xm is rotated Xl
+	veor		$Xl,$Xm,$t2
+
+	vext.8		$t2,$Xl,$Xl,#8		@ 2nd phase of reduction
+	vpmull.p64	$Xl,$Xl,$xC2
+	veor		$t2,$t2,$Xh
+	veor		$Xl,$Xl,$t2
+
+.Ldone_v8:
+#ifndef __ARMEB__
+	vrev64.8	$Xl,$Xl
+#endif
+	vext.8		$Xl,$Xl,$Xl,#8
+	vst1.64		{$Xl},[$Xi]		@ write out Xi
+
+___
+$code.=<<___		if ($flavour !~ /64/);
+	vldmia		sp!,{d8-d15}		@ 32-bit ABI says so
+___
+$code.=<<___;
+	ret
+.size	gcm_ghash_v8,.-gcm_ghash_v8
+___
+
+if ($flavour =~ /64/) {				# 4x subroutine
+my ($I0,$j1,$j2,$j3,
+    $I1,$I2,$I3,$H3,$H34,$H4,$Yl,$Ym,$Yh) = map("q$_",(4..7,15..23));
+
+$code.=<<___;
+.type	gcm_ghash_v8_4x,%function
+.align	4
+gcm_ghash_v8_4x:
+.Lgcm_ghash_v8_4x:
+	vld1.64		{$Xl},[$Xi]		@ load [rotated] Xi
+	vld1.64		{$H-$H2},[$Htbl],#48	@ load twisted H, ..., H^2
+	vmov.i8		$xC2,#0xe1
+	vld1.64		{$H3-$H4},[$Htbl]	@ load twisted H^3, ..., H^4
+	vshl.u64	$xC2,$xC2,#57		@ compose 0xc2.0 constant
+
+	vld1.64		{$I0-$j3},[$inp],#64
+#ifndef __ARMEB__
+	vrev64.8	$Xl,$Xl
+	vrev64.8	$j1,$j1
+	vrev64.8	$j2,$j2
+	vrev64.8	$j3,$j3
+	vrev64.8	$I0,$I0
+#endif
+	vext.8		$I3,$j3,$j3,#8
+	vext.8		$I2,$j2,$j2,#8
+	vext.8		$I1,$j1,$j1,#8
+
+	vpmull.p64	$Yl,$H,$I3		@ H·Ii+3
+	veor		$j3,$j3,$I3
+	vpmull2.p64	$Yh,$H,$I3
+	vpmull.p64	$Ym,$Hhl,$j3
+
+	vpmull.p64	$t0,$H2,$I2		@ H^2·Ii+2
+	veor		$j2,$j2,$I2
+	vpmull2.p64	$I2,$H2,$I2
+	vpmull2.p64	$j2,$Hhl,$j2
+
+	veor		$Yl,$Yl,$t0
+	veor		$Yh,$Yh,$I2
+	veor		$Ym,$Ym,$j2
+
+	vpmull.p64	$j3,$H3,$I1		@ H^3·Ii+1
+	veor		$j1,$j1,$I1
+	vpmull2.p64	$I1,$H3,$I1
+	vpmull.p64	$j1,$H34,$j1
+
+	veor		$Yl,$Yl,$j3
+	veor		$Yh,$Yh,$I1
+	veor		$Ym,$Ym,$j1
+
+	subs		$len,$len,#128
+	b.lo		.Ltail4x
+
+	b		.Loop4x
+
+.align	4
+.Loop4x:
+	veor		$t0,$I0,$Xl
+	 vld1.64	{$I0-$j3},[$inp],#64
+	vext.8		$IN,$t0,$t0,#8
+#ifndef __ARMEB__
+	 vrev64.8	$j1,$j1
+	 vrev64.8	$j2,$j2
+	 vrev64.8	$j3,$j3
+	 vrev64.8	$I0,$I0
+#endif
+
+	vpmull.p64	$Xl,$H4,$IN		@ H^4·(Xi+Ii)
+	veor		$t0,$t0,$IN
+	vpmull2.p64	$Xh,$H4,$IN
+	 vext.8		$I3,$j3,$j3,#8
+	vpmull2.p64	$Xm,$H34,$t0
+
+	veor		$Xl,$Xl,$Yl
+	veor		$Xh,$Xh,$Yh
+	 vext.8		$I2,$j2,$j2,#8
+	veor		$Xm,$Xm,$Ym
+	 vext.8		$I1,$j1,$j1,#8
+
+	vext.8		$t1,$Xl,$Xh,#8		@ Karatsuba post-processing
+	veor		$t2,$Xl,$Xh
+	 vpmull.p64	$Yl,$H,$I3		@ H·Ii+3
+	 veor		$j3,$j3,$I3
+	veor		$Xm,$Xm,$t1
+	 vpmull2.p64	$Yh,$H,$I3
+	veor		$Xm,$Xm,$t2
+	 vpmull.p64	$Ym,$Hhl,$j3
+
+	vpmull.p64	$t2,$Xl,$xC2		@ 1st phase of reduction
+	vmov		$Xh#lo,$Xm#hi		@ Xh|Xm - 256-bit result
+	vmov		$Xm#hi,$Xl#lo		@ Xm is rotated Xl
+	 vpmull.p64	$t0,$H2,$I2		@ H^2·Ii+2
+	 veor		$j2,$j2,$I2
+	 vpmull2.p64	$I2,$H2,$I2
+	veor		$Xl,$Xm,$t2
+	 vpmull2.p64	$j2,$Hhl,$j2
+
+	 veor		$Yl,$Yl,$t0
+	 veor		$Yh,$Yh,$I2
+	 veor		$Ym,$Ym,$j2
+
+	vext.8		$t2,$Xl,$Xl,#8		@ 2nd phase of reduction
+	vpmull.p64	$Xl,$Xl,$xC2
+	 vpmull.p64	$j3,$H3,$I1		@ H^3·Ii+1
+	 veor		$j1,$j1,$I1
+	veor		$t2,$t2,$Xh
+	 vpmull2.p64	$I1,$H3,$I1
+	 vpmull.p64	$j1,$H34,$j1
+
+	veor		$Xl,$Xl,$t2
+	 veor		$Yl,$Yl,$j3
+	 veor		$Yh,$Yh,$I1
+	vext.8		$Xl,$Xl,$Xl,#8
+	 veor		$Ym,$Ym,$j1
+
+	subs		$len,$len,#64
+	b.hs		.Loop4x
+
+.Ltail4x:
+	veor		$t0,$I0,$Xl
+	vext.8		$IN,$t0,$t0,#8
+
+	vpmull.p64	$Xl,$H4,$IN		@ H^4·(Xi+Ii)
+	veor		$t0,$t0,$IN
+	vpmull2.p64	$Xh,$H4,$IN
+	vpmull2.p64	$Xm,$H34,$t0
+
+	veor		$Xl,$Xl,$Yl
+	veor		$Xh,$Xh,$Yh
+	veor		$Xm,$Xm,$Ym
+
+	adds		$len,$len,#64
+	b.eq		.Ldone4x
+
+	cmp		$len,#32
+	b.lo		.Lone
+	b.eq		.Ltwo
+.Lthree:
+	vext.8		$t1,$Xl,$Xh,#8		@ Karatsuba post-processing
+	veor		$t2,$Xl,$Xh
+	veor		$Xm,$Xm,$t1
+	 vld1.64	{$I0-$j2},[$inp]
+	veor		$Xm,$Xm,$t2
+#ifndef	__ARMEB__
+	 vrev64.8	$j1,$j1
+	 vrev64.8	$j2,$j2
+	 vrev64.8	$I0,$I0
+#endif
+
+	vpmull.p64	$t2,$Xl,$xC2		@ 1st phase of reduction
+	vmov		$Xh#lo,$Xm#hi		@ Xh|Xm - 256-bit result
+	vmov		$Xm#hi,$Xl#lo		@ Xm is rotated Xl
+	 vext.8		$I2,$j2,$j2,#8
+	 vext.8		$I1,$j1,$j1,#8
+	veor		$Xl,$Xm,$t2
+
+	 vpmull.p64	$Yl,$H,$I2		@ H·Ii+2
+	 veor		$j2,$j2,$I2
+
+	vext.8		$t2,$Xl,$Xl,#8		@ 2nd phase of reduction
+	vpmull.p64	$Xl,$Xl,$xC2
+	veor		$t2,$t2,$Xh
+	 vpmull2.p64	$Yh,$H,$I2
+	 vpmull.p64	$Ym,$Hhl,$j2
+	veor		$Xl,$Xl,$t2
+	 vpmull.p64	$j3,$H2,$I1		@ H^2·Ii+1
+	 veor		$j1,$j1,$I1
+	vext.8		$Xl,$Xl,$Xl,#8
+
+	 vpmull2.p64	$I1,$H2,$I1
+	veor		$t0,$I0,$Xl
+	 vpmull2.p64	$j1,$Hhl,$j1
+	vext.8		$IN,$t0,$t0,#8
+
+	 veor		$Yl,$Yl,$j3
+	 veor		$Yh,$Yh,$I1
+	 veor		$Ym,$Ym,$j1
+
+	vpmull.p64	$Xl,$H3,$IN		@ H^3·(Xi+Ii)
+	veor		$t0,$t0,$IN
+	vpmull2.p64	$Xh,$H3,$IN
+	vpmull.p64	$Xm,$H34,$t0
+
+	veor		$Xl,$Xl,$Yl
+	veor		$Xh,$Xh,$Yh
+	veor		$Xm,$Xm,$Ym
+	b		.Ldone4x
+
+.align	4
+.Ltwo:
+	vext.8		$t1,$Xl,$Xh,#8		@ Karatsuba post-processing
+	veor		$t2,$Xl,$Xh
+	veor		$Xm,$Xm,$t1
+	 vld1.64	{$I0-$j1},[$inp]
+	veor		$Xm,$Xm,$t2
+#ifndef	__ARMEB__
+	 vrev64.8	$j1,$j1
+	 vrev64.8	$I0,$I0
+#endif
+
+	vpmull.p64	$t2,$Xl,$xC2		@ 1st phase of reduction
+	vmov		$Xh#lo,$Xm#hi		@ Xh|Xm - 256-bit result
+	vmov		$Xm#hi,$Xl#lo		@ Xm is rotated Xl
+	 vext.8		$I1,$j1,$j1,#8
+	veor		$Xl,$Xm,$t2
+
+	vext.8		$t2,$Xl,$Xl,#8		@ 2nd phase of reduction
+	vpmull.p64	$Xl,$Xl,$xC2
+	veor		$t2,$t2,$Xh
+	veor		$Xl,$Xl,$t2
+	vext.8		$Xl,$Xl,$Xl,#8
+
+	 vpmull.p64	$Yl,$H,$I1		@ H·Ii+1
+	 veor		$j1,$j1,$I1
+
+	veor		$t0,$I0,$Xl
+	vext.8		$IN,$t0,$t0,#8
+
+	 vpmull2.p64	$Yh,$H,$I1
+	 vpmull.p64	$Ym,$Hhl,$j1
+
+	vpmull.p64	$Xl,$H2,$IN		@ H^2·(Xi+Ii)
+	veor		$t0,$t0,$IN
+	vpmull2.p64	$Xh,$H2,$IN
+	vpmull2.p64	$Xm,$Hhl,$t0
+
+	veor		$Xl,$Xl,$Yl
+	veor		$Xh,$Xh,$Yh
+	veor		$Xm,$Xm,$Ym
+	b		.Ldone4x
+
+.align	4
+.Lone:
+	vext.8		$t1,$Xl,$Xh,#8		@ Karatsuba post-processing
+	veor		$t2,$Xl,$Xh
+	veor		$Xm,$Xm,$t1
+	 vld1.64	{$I0},[$inp]
+	veor		$Xm,$Xm,$t2
+#ifndef	__ARMEB__
+	 vrev64.8	$I0,$I0
+#endif
+
+	vpmull.p64	$t2,$Xl,$xC2		@ 1st phase of reduction
+	vmov		$Xh#lo,$Xm#hi		@ Xh|Xm - 256-bit result
+	vmov		$Xm#hi,$Xl#lo		@ Xm is rotated Xl
+	veor		$Xl,$Xm,$t2
+
+	vext.8		$t2,$Xl,$Xl,#8		@ 2nd phase of reduction
+	vpmull.p64	$Xl,$Xl,$xC2
+	veor		$t2,$t2,$Xh
+	veor		$Xl,$Xl,$t2
+	vext.8		$Xl,$Xl,$Xl,#8
+
+	veor		$t0,$I0,$Xl
+	vext.8		$IN,$t0,$t0,#8
+
+	vpmull.p64	$Xl,$H,$IN
+	veor		$t0,$t0,$IN
+	vpmull2.p64	$Xh,$H,$IN
+	vpmull.p64	$Xm,$Hhl,$t0
+
+.Ldone4x:
+	vext.8		$t1,$Xl,$Xh,#8		@ Karatsuba post-processing
+	veor		$t2,$Xl,$Xh
+	veor		$Xm,$Xm,$t1
+	veor		$Xm,$Xm,$t2
+
+	vpmull.p64	$t2,$Xl,$xC2		@ 1st phase of reduction
+	vmov		$Xh#lo,$Xm#hi		@ Xh|Xm - 256-bit result
+	vmov		$Xm#hi,$Xl#lo		@ Xm is rotated Xl
+	veor		$Xl,$Xm,$t2
+
+	vext.8		$t2,$Xl,$Xl,#8		@ 2nd phase of reduction
+	vpmull.p64	$Xl,$Xl,$xC2
+	veor		$t2,$t2,$Xh
+	veor		$Xl,$Xl,$t2
+	vext.8		$Xl,$Xl,$Xl,#8
+
+#ifndef __ARMEB__
+	vrev64.8	$Xl,$Xl
+#endif
+	vst1.64		{$Xl},[$Xi]		@ write out Xi
+
+	ret
+.size	gcm_ghash_v8_4x,.-gcm_ghash_v8_4x
+___
+
+}
+}
+
+$code.=<<___;
+.asciz  "GHASH for ARMv8, CRYPTOGAMS by <appro\@openssl.org>"
+.align  2
+#endif
+___
+
+if ($flavour =~ /64/) {			######## 64-bit code
+    sub unvmov {
+	my $arg=shift;
+
+	$arg =~ m/q([0-9]+)#(lo|hi),\s*q([0-9]+)#(lo|hi)/o &&
+	sprintf	"ins	v%d.d[%d],v%d.d[%d]",$1<8?$1:$1+8,($2 eq "lo")?0:1,
+					     $3<8?$3:$3+8,($4 eq "lo")?0:1;
+    }
+    foreach(split("\n",$code)) {
+	s/cclr\s+([wx])([^,]+),\s*([a-z]+)/csel	$1$2,$1zr,$1$2,$3/o	or
+	s/vmov\.i8/movi/o		or	# fix up legacy mnemonics
+	s/vmov\s+(.*)/unvmov($1)/geo	or
+	s/vext\.8/ext/o			or
+	s/vshr\.s/sshr\.s/o		or
+	s/vshr/ushr/o			or
+	s/^(\s+)v/$1/o			or	# strip off v prefix
+	s/\bbx\s+lr\b/ret/o;
+
+	s/\bq([0-9]+)\b/"v".($1<8?$1:$1+8).".16b"/geo;	# old->new registers
+	s/@\s/\/\//o;				# old->new style commentary
+
+	# fix up remaining legacy suffixes
+	s/\.[ui]?8(\s)/$1/o;
+	s/\.[uis]?32//o and s/\.16b/\.4s/go;
+	m/\.p64/o and s/\.16b/\.1q/o;		# 1st pmull argument
+	m/l\.p64/o and s/\.16b/\.1d/go;		# 2nd and 3rd pmull arguments
+	s/\.[uisp]?64//o and s/\.16b/\.2d/go;
+	s/\.[42]([sd])\[([0-3])\]/\.$1\[$2\]/o;
+
+	print $_,"\n";
+    }
+} else {				######## 32-bit code
+    sub unvdup32 {
+	my $arg=shift;
+
+	$arg =~ m/q([0-9]+),\s*q([0-9]+)\[([0-3])\]/o &&
+	sprintf	"vdup.32	q%d,d%d[%d]",$1,2*$2+($3>>1),$3&1;
+    }
+    sub unvpmullp64 {
+	my ($mnemonic,$arg)=@_;
+
+	if ($arg =~ m/q([0-9]+),\s*q([0-9]+),\s*q([0-9]+)/o) {
+	    my $word = 0xf2a00e00|(($1&7)<<13)|(($1&8)<<19)
+				 |(($2&7)<<17)|(($2&8)<<4)
+				 |(($3&7)<<1) |(($3&8)<<2);
+	    $word |= 0x00010001	 if ($mnemonic =~ "2");
+	    # since ARMv7 instructions are always encoded little-endian.
+	    # correct solution is to use .inst directive, but older
+	    # assemblers don't implement it:-(
+	    sprintf ".byte\t0x%02x,0x%02x,0x%02x,0x%02x\t@ %s %s",
+			$word&0xff,($word>>8)&0xff,
+			($word>>16)&0xff,($word>>24)&0xff,
+			$mnemonic,$arg;
+	}
+    }
+
+    foreach(split("\n",$code)) {
+	s/\b[wx]([0-9]+)\b/r$1/go;		# new->old registers
+	s/\bv([0-9])\.[12468]+[bsd]\b/q$1/go;	# new->old registers
+	s/\/\/\s?/@ /o;				# new->old style commentary
+
+	# fix up remaining new-style suffixes
+	s/\],#[0-9]+/]!/o;
+
+	s/cclr\s+([^,]+),\s*([a-z]+)/mov$2	$1,#0/o			or
+	s/vdup\.32\s+(.*)/unvdup32($1)/geo				or
+	s/v?(pmull2?)\.p64\s+(.*)/unvpmullp64($1,$2)/geo		or
+	s/\bq([0-9]+)#(lo|hi)/sprintf "d%d",2*$1+($2 eq "hi")/geo	or
+	s/^(\s+)b\./$1b/o						or
+	s/^(\s+)ret/$1bx\tlr/o;
+
+	print $_,"\n";
+    }
+}
+
+close STDOUT; # enforce flush
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/build.info
new file mode 100644
index 000000000..821340eb9
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/build.info
@@ -0,0 +1,30 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        cbc128.c ctr128.c cts128.c cfb128.c ofb128.c gcm128.c \
+        ccm128.c xts128.c wrap128.c ocb128.c \
+        {- $target{modes_asm_src} -}
+
+INCLUDE[gcm128.o]=..
+
+GENERATE[ghash-ia64.s]=asm/ghash-ia64.pl $(LIB_CFLAGS) $(LIB_CPPFLAGS)
+GENERATE[ghash-x86.s]=asm/ghash-x86.pl \
+        $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR)
+GENERATE[ghash-x86_64.s]=asm/ghash-x86_64.pl $(PERLASM_SCHEME)
+GENERATE[aesni-gcm-x86_64.s]=asm/aesni-gcm-x86_64.pl $(PERLASM_SCHEME)
+GENERATE[ghash-sparcv9.S]=asm/ghash-sparcv9.pl $(PERLASM_SCHEME)
+INCLUDE[ghash-sparcv9.o]=..
+GENERATE[ghash-alpha.S]=asm/ghash-alpha.pl $(PERLASM_SCHEME)
+GENERATE[ghash-parisc.s]=asm/ghash-parisc.pl $(PERLASM_SCHEME)
+GENERATE[ghashp8-ppc.s]=asm/ghashp8-ppc.pl $(PERLASM_SCHEME)
+GENERATE[ghash-armv4.S]=asm/ghash-armv4.pl $(PERLASM_SCHEME)
+INCLUDE[ghash-armv4.o]=..
+GENERATE[ghashv8-armx.S]=asm/ghashv8-armx.pl $(PERLASM_SCHEME)
+INCLUDE[ghashv8-armx.o]=..
+GENERATE[ghash-s390x.S]=asm/ghash-s390x.pl $(PERLASM_SCHEME)
+INCLUDE[ghash-s390x.o]=..
+
+BEGINRAW[Makefile]
+# GNU make "catch all"
+{- $builddir -}/ghash-%.S:	{- $sourcedir -}/asm/ghash-%.pl
+	CC="$(CC)" $(PERL) $< $(PERLASM_SCHEME) $@
+ENDRAW[Makefile]
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/cbc128.c b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/cbc128.c
new file mode 100644
index 000000000..4ce5eb2ae
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/cbc128.c
@@ -0,0 +1,161 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include "modes_lcl.h"
+#include <string.h>
+
+#if !defined(STRICT_ALIGNMENT) && !defined(PEDANTIC)
+# define STRICT_ALIGNMENT 0
+#endif
+
+void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const void *key,
+                           unsigned char ivec[16], block128_f block)
+{
+    size_t n;
+    const unsigned char *iv = ivec;
+
+    if (len == 0)
+        return;
+
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+    if (STRICT_ALIGNMENT &&
+        ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) {
+        while (len >= 16) {
+            for (n = 0; n < 16; ++n)
+                out[n] = in[n] ^ iv[n];
+            (*block) (out, out, key);
+            iv = out;
+            len -= 16;
+            in += 16;
+            out += 16;
+        }
+    } else {
+        while (len >= 16) {
+            for (n = 0; n < 16; n += sizeof(size_t))
+                *(size_t *)(out + n) =
+                    *(size_t *)(in + n) ^ *(size_t *)(iv + n);
+            (*block) (out, out, key);
+            iv = out;
+            len -= 16;
+            in += 16;
+            out += 16;
+        }
+    }
+#endif
+    while (len) {
+        for (n = 0; n < 16 && n < len; ++n)
+            out[n] = in[n] ^ iv[n];
+        for (; n < 16; ++n)
+            out[n] = iv[n];
+        (*block) (out, out, key);
+        iv = out;
+        if (len <= 16)
+            break;
+        len -= 16;
+        in += 16;
+        out += 16;
+    }
+    memcpy(ivec, iv, 16);
+}
+
+void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const void *key,
+                           unsigned char ivec[16], block128_f block)
+{
+    size_t n;
+    union {
+        size_t t[16 / sizeof(size_t)];
+        unsigned char c[16];
+    } tmp;
+
+    if (len == 0)
+        return;
+
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+    if (in != out) {
+        const unsigned char *iv = ivec;
+
+        if (STRICT_ALIGNMENT &&
+            ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) {
+            while (len >= 16) {
+                (*block) (in, out, key);
+                for (n = 0; n < 16; ++n)
+                    out[n] ^= iv[n];
+                iv = in;
+                len -= 16;
+                in += 16;
+                out += 16;
+            }
+        } else if (16 % sizeof(size_t) == 0) { /* always true */
+            while (len >= 16) {
+                size_t *out_t = (size_t *)out, *iv_t = (size_t *)iv;
+
+                (*block) (in, out, key);
+                for (n = 0; n < 16 / sizeof(size_t); n++)
+                    out_t[n] ^= iv_t[n];
+                iv = in;
+                len -= 16;
+                in += 16;
+                out += 16;
+            }
+        }
+        memcpy(ivec, iv, 16);
+    } else {
+        if (STRICT_ALIGNMENT &&
+            ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) {
+            unsigned char c;
+            while (len >= 16) {
+                (*block) (in, tmp.c, key);
+                for (n = 0; n < 16; ++n) {
+                    c = in[n];
+                    out[n] = tmp.c[n] ^ ivec[n];
+                    ivec[n] = c;
+                }
+                len -= 16;
+                in += 16;
+                out += 16;
+            }
+        } else if (16 % sizeof(size_t) == 0) { /* always true */
+            while (len >= 16) {
+                size_t c, *out_t = (size_t *)out, *ivec_t = (size_t *)ivec;
+                const size_t *in_t = (const size_t *)in;
+
+                (*block) (in, tmp.c, key);
+                for (n = 0; n < 16 / sizeof(size_t); n++) {
+                    c = in_t[n];
+                    out_t[n] = tmp.t[n] ^ ivec_t[n];
+                    ivec_t[n] = c;
+                }
+                len -= 16;
+                in += 16;
+                out += 16;
+            }
+        }
+    }
+#endif
+    while (len) {
+        unsigned char c;
+        (*block) (in, tmp.c, key);
+        for (n = 0; n < 16 && n < len; ++n) {
+            c = in[n];
+            out[n] = tmp.c[n] ^ ivec[n];
+            ivec[n] = c;
+        }
+        if (len <= 16) {
+            for (; n < 16; ++n)
+                ivec[n] = in[n];
+            break;
+        }
+        len -= 16;
+        in += 16;
+        out += 16;
+    }
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/ccm128.c b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/ccm128.c
new file mode 100644
index 000000000..85ce84f10
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/ccm128.c
@@ -0,0 +1,432 @@
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include "modes_lcl.h"
+#include <string.h>
+
+/*
+ * First you setup M and L parameters and pass the key schedule. This is
+ * called once per session setup...
+ */
+void CRYPTO_ccm128_init(CCM128_CONTEXT *ctx,
+                        unsigned int M, unsigned int L, void *key,
+                        block128_f block)
+{
+    memset(ctx->nonce.c, 0, sizeof(ctx->nonce.c));
+    ctx->nonce.c[0] = ((u8)(L - 1) & 7) | (u8)(((M - 2) / 2) & 7) << 3;
+    ctx->blocks = 0;
+    ctx->block = block;
+    ctx->key = key;
+}
+
+/* !!! Following interfaces are to be called *once* per packet !!! */
+
+/* Then you setup per-message nonce and pass the length of the message */
+int CRYPTO_ccm128_setiv(CCM128_CONTEXT *ctx,
+                        const unsigned char *nonce, size_t nlen, size_t mlen)
+{
+    unsigned int L = ctx->nonce.c[0] & 7; /* the L parameter */
+
+    if (nlen < (14 - L))
+        return -1;              /* nonce is too short */
+
+    if (sizeof(mlen) == 8 && L >= 3) {
+        ctx->nonce.c[8] = (u8)(mlen >> (56 % (sizeof(mlen) * 8)));
+        ctx->nonce.c[9] = (u8)(mlen >> (48 % (sizeof(mlen) * 8)));
+        ctx->nonce.c[10] = (u8)(mlen >> (40 % (sizeof(mlen) * 8)));
+        ctx->nonce.c[11] = (u8)(mlen >> (32 % (sizeof(mlen) * 8)));
+    } else
+        ctx->nonce.u[1] = 0;
+
+    ctx->nonce.c[12] = (u8)(mlen >> 24);
+    ctx->nonce.c[13] = (u8)(mlen >> 16);
+    ctx->nonce.c[14] = (u8)(mlen >> 8);
+    ctx->nonce.c[15] = (u8)mlen;
+
+    ctx->nonce.c[0] &= ~0x40;   /* clear Adata flag */
+    memcpy(&ctx->nonce.c[1], nonce, 14 - L);
+
+    return 0;
+}
+
+/* Then you pass additional authentication data, this is optional */
+void CRYPTO_ccm128_aad(CCM128_CONTEXT *ctx,
+                       const unsigned char *aad, size_t alen)
+{
+    unsigned int i;
+    block128_f block = ctx->block;
+
+    if (alen == 0)
+        return;
+
+    ctx->nonce.c[0] |= 0x40;    /* set Adata flag */
+    (*block) (ctx->nonce.c, ctx->cmac.c, ctx->key), ctx->blocks++;
+
+    if (alen < (0x10000 - 0x100)) {
+        ctx->cmac.c[0] ^= (u8)(alen >> 8);
+        ctx->cmac.c[1] ^= (u8)alen;
+        i = 2;
+    } else if (sizeof(alen) == 8
+               && alen >= (size_t)1 << (32 % (sizeof(alen) * 8))) {
+        ctx->cmac.c[0] ^= 0xFF;
+        ctx->cmac.c[1] ^= 0xFF;
+        ctx->cmac.c[2] ^= (u8)(alen >> (56 % (sizeof(alen) * 8)));
+        ctx->cmac.c[3] ^= (u8)(alen >> (48 % (sizeof(alen) * 8)));
+        ctx->cmac.c[4] ^= (u8)(alen >> (40 % (sizeof(alen) * 8)));
+        ctx->cmac.c[5] ^= (u8)(alen >> (32 % (sizeof(alen) * 8)));
+        ctx->cmac.c[6] ^= (u8)(alen >> 24);
+        ctx->cmac.c[7] ^= (u8)(alen >> 16);
+        ctx->cmac.c[8] ^= (u8)(alen >> 8);
+        ctx->cmac.c[9] ^= (u8)alen;
+        i = 10;
+    } else {
+        ctx->cmac.c[0] ^= 0xFF;
+        ctx->cmac.c[1] ^= 0xFE;
+        ctx->cmac.c[2] ^= (u8)(alen >> 24);
+        ctx->cmac.c[3] ^= (u8)(alen >> 16);
+        ctx->cmac.c[4] ^= (u8)(alen >> 8);
+        ctx->cmac.c[5] ^= (u8)alen;
+        i = 6;
+    }
+
+    do {
+        for (; i < 16 && alen; ++i, ++aad, --alen)
+            ctx->cmac.c[i] ^= *aad;
+        (*block) (ctx->cmac.c, ctx->cmac.c, ctx->key), ctx->blocks++;
+        i = 0;
+    } while (alen);
+}
+
+/* Finally you encrypt or decrypt the message */
+
+/*
+ * counter part of nonce may not be larger than L*8 bits, L is not larger
+ * than 8, therefore 64-bit counter...
+ */
+static void ctr64_inc(unsigned char *counter)
+{
+    unsigned int n = 8;
+    u8 c;
+
+    counter += 8;
+    do {
+        --n;
+        c = counter[n];
+        ++c;
+        counter[n] = c;
+        if (c)
+            return;
+    } while (n);
+}
+
+int CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx,
+                          const unsigned char *inp, unsigned char *out,
+                          size_t len)
+{
+    size_t n;
+    unsigned int i, L;
+    unsigned char flags0 = ctx->nonce.c[0];
+    block128_f block = ctx->block;
+    void *key = ctx->key;
+    union {
+        u64 u[2];
+        u8 c[16];
+    } scratch;
+
+    if (!(flags0 & 0x40))
+        (*block) (ctx->nonce.c, ctx->cmac.c, key), ctx->blocks++;
+
+    ctx->nonce.c[0] = L = flags0 & 7;
+    for (n = 0, i = 15 - L; i < 15; ++i) {
+        n |= ctx->nonce.c[i];
+        ctx->nonce.c[i] = 0;
+        n <<= 8;
+    }
+    n |= ctx->nonce.c[15];      /* reconstructed length */
+    ctx->nonce.c[15] = 1;
+
+    if (n != len)
+        return -1;              /* length mismatch */
+
+    ctx->blocks += ((len + 15) >> 3) | 1;
+    if (ctx->blocks > (U64(1) << 61))
+        return -2;              /* too much data */
+
+    while (len >= 16) {
+#if defined(STRICT_ALIGNMENT)
+        union {
+            u64 u[2];
+            u8 c[16];
+        } temp;
+
+        memcpy(temp.c, inp, 16);
+        ctx->cmac.u[0] ^= temp.u[0];
+        ctx->cmac.u[1] ^= temp.u[1];
+#else
+        ctx->cmac.u[0] ^= ((u64 *)inp)[0];
+        ctx->cmac.u[1] ^= ((u64 *)inp)[1];
+#endif
+        (*block) (ctx->cmac.c, ctx->cmac.c, key);
+        (*block) (ctx->nonce.c, scratch.c, key);
+        ctr64_inc(ctx->nonce.c);
+#if defined(STRICT_ALIGNMENT)
+        temp.u[0] ^= scratch.u[0];
+        temp.u[1] ^= scratch.u[1];
+        memcpy(out, temp.c, 16);
+#else
+        ((u64 *)out)[0] = scratch.u[0] ^ ((u64 *)inp)[0];
+        ((u64 *)out)[1] = scratch.u[1] ^ ((u64 *)inp)[1];
+#endif
+        inp += 16;
+        out += 16;
+        len -= 16;
+    }
+
+    if (len) {
+        for (i = 0; i < len; ++i)
+            ctx->cmac.c[i] ^= inp[i];
+        (*block) (ctx->cmac.c, ctx->cmac.c, key);
+        (*block) (ctx->nonce.c, scratch.c, key);
+        for (i = 0; i < len; ++i)
+            out[i] = scratch.c[i] ^ inp[i];
+    }
+
+    for (i = 15 - L; i < 16; ++i)
+        ctx->nonce.c[i] = 0;
+
+    (*block) (ctx->nonce.c, scratch.c, key);
+    ctx->cmac.u[0] ^= scratch.u[0];
+    ctx->cmac.u[1] ^= scratch.u[1];
+
+    ctx->nonce.c[0] = flags0;
+
+    return 0;
+}
+
+int CRYPTO_ccm128_decrypt(CCM128_CONTEXT *ctx,
+                          const unsigned char *inp, unsigned char *out,
+                          size_t len)
+{
+    size_t n;
+    unsigned int i, L;
+    unsigned char flags0 = ctx->nonce.c[0];
+    block128_f block = ctx->block;
+    void *key = ctx->key;
+    union {
+        u64 u[2];
+        u8 c[16];
+    } scratch;
+
+    if (!(flags0 & 0x40))
+        (*block) (ctx->nonce.c, ctx->cmac.c, key);
+
+    ctx->nonce.c[0] = L = flags0 & 7;
+    for (n = 0, i = 15 - L; i < 15; ++i) {
+        n |= ctx->nonce.c[i];
+        ctx->nonce.c[i] = 0;
+        n <<= 8;
+    }
+    n |= ctx->nonce.c[15];      /* reconstructed length */
+    ctx->nonce.c[15] = 1;
+
+    if (n != len)
+        return -1;
+
+    while (len >= 16) {
+#if defined(STRICT_ALIGNMENT)
+        union {
+            u64 u[2];
+            u8 c[16];
+        } temp;
+#endif
+        (*block) (ctx->nonce.c, scratch.c, key);
+        ctr64_inc(ctx->nonce.c);
+#if defined(STRICT_ALIGNMENT)
+        memcpy(temp.c, inp, 16);
+        ctx->cmac.u[0] ^= (scratch.u[0] ^= temp.u[0]);
+        ctx->cmac.u[1] ^= (scratch.u[1] ^= temp.u[1]);
+        memcpy(out, scratch.c, 16);
+#else
+        ctx->cmac.u[0] ^= (((u64 *)out)[0] = scratch.u[0] ^ ((u64 *)inp)[0]);
+        ctx->cmac.u[1] ^= (((u64 *)out)[1] = scratch.u[1] ^ ((u64 *)inp)[1]);
+#endif
+        (*block) (ctx->cmac.c, ctx->cmac.c, key);
+
+        inp += 16;
+        out += 16;
+        len -= 16;
+    }
+
+    if (len) {
+        (*block) (ctx->nonce.c, scratch.c, key);
+        for (i = 0; i < len; ++i)
+            ctx->cmac.c[i] ^= (out[i] = scratch.c[i] ^ inp[i]);
+        (*block) (ctx->cmac.c, ctx->cmac.c, key);
+    }
+
+    for (i = 15 - L; i < 16; ++i)
+        ctx->nonce.c[i] = 0;
+
+    (*block) (ctx->nonce.c, scratch.c, key);
+    ctx->cmac.u[0] ^= scratch.u[0];
+    ctx->cmac.u[1] ^= scratch.u[1];
+
+    ctx->nonce.c[0] = flags0;
+
+    return 0;
+}
+
+static void ctr64_add(unsigned char *counter, size_t inc)
+{
+    size_t n = 8, val = 0;
+
+    counter += 8;
+    do {
+        --n;
+        val += counter[n] + (inc & 0xff);
+        counter[n] = (unsigned char)val;
+        val >>= 8;              /* carry bit */
+        inc >>= 8;
+    } while (n && (inc || val));
+}
+
+int CRYPTO_ccm128_encrypt_ccm64(CCM128_CONTEXT *ctx,
+                                const unsigned char *inp, unsigned char *out,
+                                size_t len, ccm128_f stream)
+{
+    size_t n;
+    unsigned int i, L;
+    unsigned char flags0 = ctx->nonce.c[0];
+    block128_f block = ctx->block;
+    void *key = ctx->key;
+    union {
+        u64 u[2];
+        u8 c[16];
+    } scratch;
+
+    if (!(flags0 & 0x40))
+        (*block) (ctx->nonce.c, ctx->cmac.c, key), ctx->blocks++;
+
+    ctx->nonce.c[0] = L = flags0 & 7;
+    for (n = 0, i = 15 - L; i < 15; ++i) {
+        n |= ctx->nonce.c[i];
+        ctx->nonce.c[i] = 0;
+        n <<= 8;
+    }
+    n |= ctx->nonce.c[15];      /* reconstructed length */
+    ctx->nonce.c[15] = 1;
+
+    if (n != len)
+        return -1;              /* length mismatch */
+
+    ctx->blocks += ((len + 15) >> 3) | 1;
+    if (ctx->blocks > (U64(1) << 61))
+        return -2;              /* too much data */
+
+    if ((n = len / 16)) {
+        (*stream) (inp, out, n, key, ctx->nonce.c, ctx->cmac.c);
+        n *= 16;
+        inp += n;
+        out += n;
+        len -= n;
+        if (len)
+            ctr64_add(ctx->nonce.c, n / 16);
+    }
+
+    if (len) {
+        for (i = 0; i < len; ++i)
+            ctx->cmac.c[i] ^= inp[i];
+        (*block) (ctx->cmac.c, ctx->cmac.c, key);
+        (*block) (ctx->nonce.c, scratch.c, key);
+        for (i = 0; i < len; ++i)
+            out[i] = scratch.c[i] ^ inp[i];
+    }
+
+    for (i = 15 - L; i < 16; ++i)
+        ctx->nonce.c[i] = 0;
+
+    (*block) (ctx->nonce.c, scratch.c, key);
+    ctx->cmac.u[0] ^= scratch.u[0];
+    ctx->cmac.u[1] ^= scratch.u[1];
+
+    ctx->nonce.c[0] = flags0;
+
+    return 0;
+}
+
+int CRYPTO_ccm128_decrypt_ccm64(CCM128_CONTEXT *ctx,
+                                const unsigned char *inp, unsigned char *out,
+                                size_t len, ccm128_f stream)
+{
+    size_t n;
+    unsigned int i, L;
+    unsigned char flags0 = ctx->nonce.c[0];
+    block128_f block = ctx->block;
+    void *key = ctx->key;
+    union {
+        u64 u[2];
+        u8 c[16];
+    } scratch;
+
+    if (!(flags0 & 0x40))
+        (*block) (ctx->nonce.c, ctx->cmac.c, key);
+
+    ctx->nonce.c[0] = L = flags0 & 7;
+    for (n = 0, i = 15 - L; i < 15; ++i) {
+        n |= ctx->nonce.c[i];
+        ctx->nonce.c[i] = 0;
+        n <<= 8;
+    }
+    n |= ctx->nonce.c[15];      /* reconstructed length */
+    ctx->nonce.c[15] = 1;
+
+    if (n != len)
+        return -1;
+
+    if ((n = len / 16)) {
+        (*stream) (inp, out, n, key, ctx->nonce.c, ctx->cmac.c);
+        n *= 16;
+        inp += n;
+        out += n;
+        len -= n;
+        if (len)
+            ctr64_add(ctx->nonce.c, n / 16);
+    }
+
+    if (len) {
+        (*block) (ctx->nonce.c, scratch.c, key);
+        for (i = 0; i < len; ++i)
+            ctx->cmac.c[i] ^= (out[i] = scratch.c[i] ^ inp[i]);
+        (*block) (ctx->cmac.c, ctx->cmac.c, key);
+    }
+
+    for (i = 15 - L; i < 16; ++i)
+        ctx->nonce.c[i] = 0;
+
+    (*block) (ctx->nonce.c, scratch.c, key);
+    ctx->cmac.u[0] ^= scratch.u[0];
+    ctx->cmac.u[1] ^= scratch.u[1];
+
+    ctx->nonce.c[0] = flags0;
+
+    return 0;
+}
+
+size_t CRYPTO_ccm128_tag(CCM128_CONTEXT *ctx, unsigned char *tag, size_t len)
+{
+    unsigned int M = (ctx->nonce.c[0] >> 3) & 7; /* the M parameter */
+
+    M *= 2;
+    M += 2;
+    if (len < M)
+        return 0;
+    memcpy(tag, ctx->cmac.c, M);
+    return M;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/cfb128.c b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/cfb128.c
new file mode 100644
index 000000000..e439567fe
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/cfb128.c
@@ -0,0 +1,198 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include "modes_lcl.h"
+#include <string.h>
+
+/*
+ * The input and output encrypted as though 128bit cfb mode is being used.
+ * The extra state information to record how much of the 128bit block we have
+ * used is contained in *num;
+ */
+void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const void *key,
+                           unsigned char ivec[16], int *num,
+                           int enc, block128_f block)
+{
+    unsigned int n;
+    size_t l = 0;
+
+    n = *num;
+
+    if (enc) {
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+        if (16 % sizeof(size_t) == 0) { /* always true actually */
+            do {
+                while (n && len) {
+                    *(out++) = ivec[n] ^= *(in++);
+                    --len;
+                    n = (n + 1) % 16;
+                }
+# if defined(STRICT_ALIGNMENT)
+                if (((size_t)in | (size_t)out | (size_t)ivec) %
+                    sizeof(size_t) != 0)
+                    break;
+# endif
+                while (len >= 16) {
+                    (*block) (ivec, ivec, key);
+                    for (; n < 16; n += sizeof(size_t)) {
+                        *(size_t *)(out + n) =
+                            *(size_t *)(ivec + n) ^= *(size_t *)(in + n);
+                    }
+                    len -= 16;
+                    out += 16;
+                    in += 16;
+                    n = 0;
+                }
+                if (len) {
+                    (*block) (ivec, ivec, key);
+                    while (len--) {
+                        out[n] = ivec[n] ^= in[n];
+                        ++n;
+                    }
+                }
+                *num = n;
+                return;
+            } while (0);
+        }
+        /* the rest would be commonly eliminated by x86* compiler */
+#endif
+        while (l < len) {
+            if (n == 0) {
+                (*block) (ivec, ivec, key);
+            }
+            out[l] = ivec[n] ^= in[l];
+            ++l;
+            n = (n + 1) % 16;
+        }
+        *num = n;
+    } else {
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+        if (16 % sizeof(size_t) == 0) { /* always true actually */
+            do {
+                while (n && len) {
+                    unsigned char c;
+                    *(out++) = ivec[n] ^ (c = *(in++));
+                    ivec[n] = c;
+                    --len;
+                    n = (n + 1) % 16;
+                }
+# if defined(STRICT_ALIGNMENT)
+                if (((size_t)in | (size_t)out | (size_t)ivec) %
+                    sizeof(size_t) != 0)
+                    break;
+# endif
+                while (len >= 16) {
+                    (*block) (ivec, ivec, key);
+                    for (; n < 16; n += sizeof(size_t)) {
+                        size_t t = *(size_t *)(in + n);
+                        *(size_t *)(out + n) = *(size_t *)(ivec + n) ^ t;
+                        *(size_t *)(ivec + n) = t;
+                    }
+                    len -= 16;
+                    out += 16;
+                    in += 16;
+                    n = 0;
+                }
+                if (len) {
+                    (*block) (ivec, ivec, key);
+                    while (len--) {
+                        unsigned char c;
+                        out[n] = ivec[n] ^ (c = in[n]);
+                        ivec[n] = c;
+                        ++n;
+                    }
+                }
+                *num = n;
+                return;
+            } while (0);
+        }
+        /* the rest would be commonly eliminated by x86* compiler */
+#endif
+        while (l < len) {
+            unsigned char c;
+            if (n == 0) {
+                (*block) (ivec, ivec, key);
+            }
+            out[l] = ivec[n] ^ (c = in[l]);
+            ivec[n] = c;
+            ++l;
+            n = (n + 1) % 16;
+        }
+        *num = n;
+    }
+}
+
+/*
+ * This expects a single block of size nbits for both in and out. Note that
+ * it corrupts any extra bits in the last byte of out
+ */
+static void cfbr_encrypt_block(const unsigned char *in, unsigned char *out,
+                               int nbits, const void *key,
+                               unsigned char ivec[16], int enc,
+                               block128_f block)
+{
+    int n, rem, num;
+    unsigned char ovec[16 * 2 + 1]; /* +1 because we dereference (but don't
+                                     * use) one byte off the end */
+
+    if (nbits <= 0 || nbits > 128)
+        return;
+
+    /* fill in the first half of the new IV with the current IV */
+    memcpy(ovec, ivec, 16);
+    /* construct the new IV */
+    (*block) (ivec, ivec, key);
+    num = (nbits + 7) / 8;
+    if (enc)                    /* encrypt the input */
+        for (n = 0; n < num; ++n)
+            out[n] = (ovec[16 + n] = in[n] ^ ivec[n]);
+    else                        /* decrypt the input */
+        for (n = 0; n < num; ++n)
+            out[n] = (ovec[16 + n] = in[n]) ^ ivec[n];
+    /* shift ovec left... */
+    rem = nbits % 8;
+    num = nbits / 8;
+    if (rem == 0)
+        memcpy(ivec, ovec + num, 16);
+    else
+        for (n = 0; n < 16; ++n)
+            ivec[n] = ovec[n + num] << rem | ovec[n + num + 1] >> (8 - rem);
+
+    /* it is not necessary to cleanse ovec, since the IV is not secret */
+}
+
+/* N.B. This expects the input to be packed, MS bit first */
+void CRYPTO_cfb128_1_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t bits, const void *key,
+                             unsigned char ivec[16], int *num,
+                             int enc, block128_f block)
+{
+    size_t n;
+    unsigned char c[1], d[1];
+
+    for (n = 0; n < bits; ++n) {
+        c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
+        cfbr_encrypt_block(c, d, 1, key, ivec, enc, block);
+        out[n / 8] = (out[n / 8] & ~(1 << (unsigned int)(7 - n % 8))) |
+            ((d[0] & 0x80) >> (unsigned int)(n % 8));
+    }
+}
+
+void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t length, const void *key,
+                             unsigned char ivec[16], int *num,
+                             int enc, block128_f block)
+{
+    size_t n;
+
+    for (n = 0; n < length; ++n)
+        cfbr_encrypt_block(&in[n], &out[n], 8, key, ivec, enc, block);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/ctr128.c b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/ctr128.c
new file mode 100644
index 000000000..03920b447
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/ctr128.c
@@ -0,0 +1,209 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include "modes_lcl.h"
+#include <string.h>
+
+/*
+ * NOTE: the IV/counter CTR mode is big-endian.  The code itself is
+ * endian-neutral.
+ */
+
+/* increment counter (128-bit int) by 1 */
+static void ctr128_inc(unsigned char *counter)
+{
+    u32 n = 16, c = 1;
+
+    do {
+        --n;
+        c += counter[n];
+        counter[n] = (u8)c;
+        c >>= 8;
+    } while (n);
+}
+
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+static void ctr128_inc_aligned(unsigned char *counter)
+{
+    size_t *data, c, d, n;
+    const union {
+        long one;
+        char little;
+    } is_endian = {
+        1
+    };
+
+    if (is_endian.little || ((size_t)counter % sizeof(size_t)) != 0) {
+        ctr128_inc(counter);
+        return;
+    }
+
+    data = (size_t *)counter;
+    c = 1;
+    n = 16 / sizeof(size_t);
+    do {
+        --n;
+        d = data[n] += c;
+        /* did addition carry? */
+        c = ((d - c) & ~d) >> (sizeof(size_t) * 8 - 1);
+    } while (n);
+}
+#endif
+
+/*
+ * The input encrypted as though 128bit counter mode is being used.  The
+ * extra state information to record how much of the 128bit block we have
+ * used is contained in *num, and the encrypted counter is kept in
+ * ecount_buf.  Both *num and ecount_buf must be initialised with zeros
+ * before the first call to CRYPTO_ctr128_encrypt(). This algorithm assumes
+ * that the counter is in the x lower bits of the IV (ivec), and that the
+ * application has full control over overflow and the rest of the IV.  This
+ * implementation takes NO responsibility for checking that the counter
+ * doesn't overflow into the rest of the IV when incremented.
+ */
+void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const void *key,
+                           unsigned char ivec[16],
+                           unsigned char ecount_buf[16], unsigned int *num,
+                           block128_f block)
+{
+    unsigned int n;
+    size_t l = 0;
+
+    n = *num;
+
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+    if (16 % sizeof(size_t) == 0) { /* always true actually */
+        do {
+            while (n && len) {
+                *(out++) = *(in++) ^ ecount_buf[n];
+                --len;
+                n = (n + 1) % 16;
+            }
+
+# if defined(STRICT_ALIGNMENT)
+            if (((size_t)in | (size_t)out | (size_t)ecount_buf)
+                % sizeof(size_t) != 0)
+                break;
+# endif
+            while (len >= 16) {
+                (*block) (ivec, ecount_buf, key);
+                ctr128_inc_aligned(ivec);
+                for (n = 0; n < 16; n += sizeof(size_t))
+                    *(size_t *)(out + n) =
+                        *(size_t *)(in + n) ^ *(size_t *)(ecount_buf + n);
+                len -= 16;
+                out += 16;
+                in += 16;
+                n = 0;
+            }
+            if (len) {
+                (*block) (ivec, ecount_buf, key);
+                ctr128_inc_aligned(ivec);
+                while (len--) {
+                    out[n] = in[n] ^ ecount_buf[n];
+                    ++n;
+                }
+            }
+            *num = n;
+            return;
+        } while (0);
+    }
+    /* the rest would be commonly eliminated by x86* compiler */
+#endif
+    while (l < len) {
+        if (n == 0) {
+            (*block) (ivec, ecount_buf, key);
+            ctr128_inc(ivec);
+        }
+        out[l] = in[l] ^ ecount_buf[n];
+        ++l;
+        n = (n + 1) % 16;
+    }
+
+    *num = n;
+}
+
+/* increment upper 96 bits of 128-bit counter by 1 */
+static void ctr96_inc(unsigned char *counter)
+{
+    u32 n = 12, c = 1;
+
+    do {
+        --n;
+        c += counter[n];
+        counter[n] = (u8)c;
+        c >>= 8;
+    } while (n);
+}
+
+void CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out,
+                                 size_t len, const void *key,
+                                 unsigned char ivec[16],
+                                 unsigned char ecount_buf[16],
+                                 unsigned int *num, ctr128_f func)
+{
+    unsigned int n, ctr32;
+
+    n = *num;
+
+    while (n && len) {
+        *(out++) = *(in++) ^ ecount_buf[n];
+        --len;
+        n = (n + 1) % 16;
+    }
+
+    ctr32 = GETU32(ivec + 12);
+    while (len >= 16) {
+        size_t blocks = len / 16;
+        /*
+         * 1<<28 is just a not-so-small yet not-so-large number...
+         * Below condition is practically never met, but it has to
+         * be checked for code correctness.
+         */
+        if (sizeof(size_t) > sizeof(unsigned int) && blocks > (1U << 28))
+            blocks = (1U << 28);
+        /*
+         * As (*func) operates on 32-bit counter, caller
+         * has to handle overflow. 'if' below detects the
+         * overflow, which is then handled by limiting the
+         * amount of blocks to the exact overflow point...
+         */
+        ctr32 += (u32)blocks;
+        if (ctr32 < blocks) {
+            blocks -= ctr32;
+            ctr32 = 0;
+        }
+        (*func) (in, out, blocks, key, ivec);
+        /* (*ctr) does not update ivec, caller does: */
+        PUTU32(ivec + 12, ctr32);
+        /* ... overflow was detected, propagate carry. */
+        if (ctr32 == 0)
+            ctr96_inc(ivec);
+        blocks *= 16;
+        len -= blocks;
+        out += blocks;
+        in += blocks;
+    }
+    if (len) {
+        memset(ecount_buf, 0, 16);
+        (*func) (ecount_buf, ecount_buf, 1, key, ivec);
+        ++ctr32;
+        PUTU32(ivec + 12, ctr32);
+        if (ctr32 == 0)
+            ctr96_inc(ivec);
+        while (len--) {
+            out[n] = in[n] ^ ecount_buf[n];
+            ++n;
+        }
+    }
+
+    *num = n;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/cts128.c b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/cts128.c
new file mode 100644
index 000000000..93826a1e2
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/cts128.c
@@ -0,0 +1,330 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include "modes_lcl.h"
+#include <string.h>
+
+/*
+ * Trouble with Ciphertext Stealing, CTS, mode is that there is no
+ * common official specification, but couple of cipher/application
+ * specific ones: RFC2040 and RFC3962. Then there is 'Proposal to
+ * Extend CBC Mode By "Ciphertext Stealing"' at NIST site, which
+ * deviates from mentioned RFCs. Most notably it allows input to be
+ * of block length and it doesn't flip the order of the last two
+ * blocks. CTS is being discussed even in ECB context, but it's not
+ * adopted for any known application. This implementation provides
+ * two interfaces: one compliant with above mentioned RFCs and one
+ * compliant with the NIST proposal, both extending CBC mode.
+ */
+
+size_t CRYPTO_cts128_encrypt_block(const unsigned char *in,
+                                   unsigned char *out, size_t len,
+                                   const void *key, unsigned char ivec[16],
+                                   block128_f block)
+{
+    size_t residue, n;
+
+    if (len <= 16)
+        return 0;
+
+    if ((residue = len % 16) == 0)
+        residue = 16;
+
+    len -= residue;
+
+    CRYPTO_cbc128_encrypt(in, out, len, key, ivec, block);
+
+    in += len;
+    out += len;
+
+    for (n = 0; n < residue; ++n)
+        ivec[n] ^= in[n];
+    (*block) (ivec, ivec, key);
+    memcpy(out, out - 16, residue);
+    memcpy(out - 16, ivec, 16);
+
+    return len + residue;
+}
+
+size_t CRYPTO_nistcts128_encrypt_block(const unsigned char *in,
+                                       unsigned char *out, size_t len,
+                                       const void *key,
+                                       unsigned char ivec[16],
+                                       block128_f block)
+{
+    size_t residue, n;
+
+    if (len < 16)
+        return 0;
+
+    residue = len % 16;
+
+    len -= residue;
+
+    CRYPTO_cbc128_encrypt(in, out, len, key, ivec, block);
+
+    if (residue == 0)
+        return len;
+
+    in += len;
+    out += len;
+
+    for (n = 0; n < residue; ++n)
+        ivec[n] ^= in[n];
+    (*block) (ivec, ivec, key);
+    memcpy(out - 16 + residue, ivec, 16);
+
+    return len + residue;
+}
+
+size_t CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t len, const void *key,
+                             unsigned char ivec[16], cbc128_f cbc)
+{
+    size_t residue;
+    union {
+        size_t align;
+        unsigned char c[16];
+    } tmp;
+
+    if (len <= 16)
+        return 0;
+
+    if ((residue = len % 16) == 0)
+        residue = 16;
+
+    len -= residue;
+
+    (*cbc) (in, out, len, key, ivec, 1);
+
+    in += len;
+    out += len;
+
+#if defined(CBC_HANDLES_TRUNCATED_IO)
+    memcpy(tmp.c, out - 16, 16);
+    (*cbc) (in, out - 16, residue, key, ivec, 1);
+    memcpy(out, tmp.c, residue);
+#else
+    memset(tmp.c, 0, sizeof(tmp));
+    memcpy(tmp.c, in, residue);
+    memcpy(out, out - 16, residue);
+    (*cbc) (tmp.c, out - 16, 16, key, ivec, 1);
+#endif
+    return len + residue;
+}
+
+size_t CRYPTO_nistcts128_encrypt(const unsigned char *in, unsigned char *out,
+                                 size_t len, const void *key,
+                                 unsigned char ivec[16], cbc128_f cbc)
+{
+    size_t residue;
+    union {
+        size_t align;
+        unsigned char c[16];
+    } tmp;
+
+    if (len < 16)
+        return 0;
+
+    residue = len % 16;
+
+    len -= residue;
+
+    (*cbc) (in, out, len, key, ivec, 1);
+
+    if (residue == 0)
+        return len;
+
+    in += len;
+    out += len;
+
+#if defined(CBC_HANDLES_TRUNCATED_IO)
+    (*cbc) (in, out - 16 + residue, residue, key, ivec, 1);
+#else
+    memset(tmp.c, 0, sizeof(tmp));
+    memcpy(tmp.c, in, residue);
+    (*cbc) (tmp.c, out - 16 + residue, 16, key, ivec, 1);
+#endif
+    return len + residue;
+}
+
+size_t CRYPTO_cts128_decrypt_block(const unsigned char *in,
+                                   unsigned char *out, size_t len,
+                                   const void *key, unsigned char ivec[16],
+                                   block128_f block)
+{
+    size_t residue, n;
+    union {
+        size_t align;
+        unsigned char c[32];
+    } tmp;
+
+    if (len <= 16)
+        return 0;
+
+    if ((residue = len % 16) == 0)
+        residue = 16;
+
+    len -= 16 + residue;
+
+    if (len) {
+        CRYPTO_cbc128_decrypt(in, out, len, key, ivec, block);
+        in += len;
+        out += len;
+    }
+
+    (*block) (in, tmp.c + 16, key);
+
+    memcpy(tmp.c, tmp.c + 16, 16);
+    memcpy(tmp.c, in + 16, residue);
+    (*block) (tmp.c, tmp.c, key);
+
+    for (n = 0; n < 16; ++n) {
+        unsigned char c = in[n];
+        out[n] = tmp.c[n] ^ ivec[n];
+        ivec[n] = c;
+    }
+    for (residue += 16; n < residue; ++n)
+        out[n] = tmp.c[n] ^ in[n];
+
+    return 16 + len + residue;
+}
+
+size_t CRYPTO_nistcts128_decrypt_block(const unsigned char *in,
+                                       unsigned char *out, size_t len,
+                                       const void *key,
+                                       unsigned char ivec[16],
+                                       block128_f block)
+{
+    size_t residue, n;
+    union {
+        size_t align;
+        unsigned char c[32];
+    } tmp;
+
+    if (len < 16)
+        return 0;
+
+    residue = len % 16;
+
+    if (residue == 0) {
+        CRYPTO_cbc128_decrypt(in, out, len, key, ivec, block);
+        return len;
+    }
+
+    len -= 16 + residue;
+
+    if (len) {
+        CRYPTO_cbc128_decrypt(in, out, len, key, ivec, block);
+        in += len;
+        out += len;
+    }
+
+    (*block) (in + residue, tmp.c + 16, key);
+
+    memcpy(tmp.c, tmp.c + 16, 16);
+    memcpy(tmp.c, in, residue);
+    (*block) (tmp.c, tmp.c, key);
+
+    for (n = 0; n < 16; ++n) {
+        unsigned char c = in[n];
+        out[n] = tmp.c[n] ^ ivec[n];
+        ivec[n] = in[n + residue];
+        tmp.c[n] = c;
+    }
+    for (residue += 16; n < residue; ++n)
+        out[n] = tmp.c[n] ^ tmp.c[n - 16];
+
+    return 16 + len + residue;
+}
+
+size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out,
+                             size_t len, const void *key,
+                             unsigned char ivec[16], cbc128_f cbc)
+{
+    size_t residue;
+    union {
+        size_t align;
+        unsigned char c[32];
+    } tmp;
+
+    if (len <= 16)
+        return 0;
+
+    if ((residue = len % 16) == 0)
+        residue = 16;
+
+    len -= 16 + residue;
+
+    if (len) {
+        (*cbc) (in, out, len, key, ivec, 0);
+        in += len;
+        out += len;
+    }
+
+    memset(tmp.c, 0, sizeof(tmp));
+    /*
+     * this places in[16] at &tmp.c[16] and decrypted block at &tmp.c[0]
+     */
+    (*cbc) (in, tmp.c, 16, key, tmp.c + 16, 0);
+
+    memcpy(tmp.c, in + 16, residue);
+#if defined(CBC_HANDLES_TRUNCATED_IO)
+    (*cbc) (tmp.c, out, 16 + residue, key, ivec, 0);
+#else
+    (*cbc) (tmp.c, tmp.c, 32, key, ivec, 0);
+    memcpy(out, tmp.c, 16 + residue);
+#endif
+    return 16 + len + residue;
+}
+
+size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out,
+                                 size_t len, const void *key,
+                                 unsigned char ivec[16], cbc128_f cbc)
+{
+    size_t residue;
+    union {
+        size_t align;
+        unsigned char c[32];
+    } tmp;
+
+    if (len < 16)
+        return 0;
+
+    residue = len % 16;
+
+    if (residue == 0) {
+        (*cbc) (in, out, len, key, ivec, 0);
+        return len;
+    }
+
+    len -= 16 + residue;
+
+    if (len) {
+        (*cbc) (in, out, len, key, ivec, 0);
+        in += len;
+        out += len;
+    }
+
+    memset(tmp.c, 0, sizeof(tmp));
+    /*
+     * this places in[16] at &tmp.c[16] and decrypted block at &tmp.c[0]
+     */
+    (*cbc) (in + residue, tmp.c, 16, key, tmp.c + 16, 0);
+
+    memcpy(tmp.c, in, residue);
+#if defined(CBC_HANDLES_TRUNCATED_IO)
+    (*cbc) (tmp.c, out, 16 + residue, key, ivec, 0);
+#else
+    (*cbc) (tmp.c, tmp.c, 32, key, ivec, 0);
+    memcpy(out, tmp.c, 16 + residue);
+#endif
+    return 16 + len + residue;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/gcm128.c b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/gcm128.c
new file mode 100644
index 000000000..15f76e3e8
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/gcm128.c
@@ -0,0 +1,1888 @@
+/*
+ * Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include "modes_lcl.h"
+#include <string.h>
+
+#if defined(BSWAP4) && defined(STRICT_ALIGNMENT)
+/* redefine, because alignment is ensured */
+# undef  GETU32
+# define GETU32(p)       BSWAP4(*(const u32 *)(p))
+# undef  PUTU32
+# define PUTU32(p,v)     *(u32 *)(p) = BSWAP4(v)
+#endif
+
+#define PACK(s)         ((size_t)(s)<<(sizeof(size_t)*8-16))
+#define REDUCE1BIT(V)   do { \
+        if (sizeof(size_t)==8) { \
+                u64 T = U64(0xe100000000000000) & (0-(V.lo&1)); \
+                V.lo  = (V.hi<<63)|(V.lo>>1); \
+                V.hi  = (V.hi>>1 )^T; \
+        } \
+        else { \
+                u32 T = 0xe1000000U & (0-(u32)(V.lo&1)); \
+                V.lo  = (V.hi<<63)|(V.lo>>1); \
+                V.hi  = (V.hi>>1 )^((u64)T<<32); \
+        } \
+} while(0)
+
+/*-
+ * Even though permitted values for TABLE_BITS are 8, 4 and 1, it should
+ * never be set to 8. 8 is effectively reserved for testing purposes.
+ * TABLE_BITS>1 are lookup-table-driven implementations referred to as
+ * "Shoup's" in GCM specification. In other words OpenSSL does not cover
+ * whole spectrum of possible table driven implementations. Why? In
+ * non-"Shoup's" case memory access pattern is segmented in such manner,
+ * that it's trivial to see that cache timing information can reveal
+ * fair portion of intermediate hash value. Given that ciphertext is
+ * always available to attacker, it's possible for him to attempt to
+ * deduce secret parameter H and if successful, tamper with messages
+ * [which is nothing but trivial in CTR mode]. In "Shoup's" case it's
+ * not as trivial, but there is no reason to believe that it's resistant
+ * to cache-timing attack. And the thing about "8-bit" implementation is
+ * that it consumes 16 (sixteen) times more memory, 4KB per individual
+ * key + 1KB shared. Well, on pros side it should be twice as fast as
+ * "4-bit" version. And for gcc-generated x86[_64] code, "8-bit" version
+ * was observed to run ~75% faster, closer to 100% for commercial
+ * compilers... Yet "4-bit" procedure is preferred, because it's
+ * believed to provide better security-performance balance and adequate
+ * all-round performance. "All-round" refers to things like:
+ *
+ * - shorter setup time effectively improves overall timing for
+ *   handling short messages;
+ * - larger table allocation can become unbearable because of VM
+ *   subsystem penalties (for example on Windows large enough free
+ *   results in VM working set trimming, meaning that consequent
+ *   malloc would immediately incur working set expansion);
+ * - larger table has larger cache footprint, which can affect
+ *   performance of other code paths (not necessarily even from same
+ *   thread in Hyper-Threading world);
+ *
+ * Value of 1 is not appropriate for performance reasons.
+ */
+#if     TABLE_BITS==8
+
+static void gcm_init_8bit(u128 Htable[256], u64 H[2])
+{
+    int i, j;
+    u128 V;
+
+    Htable[0].hi = 0;
+    Htable[0].lo = 0;
+    V.hi = H[0];
+    V.lo = H[1];
+
+    for (Htable[128] = V, i = 64; i > 0; i >>= 1) {
+        REDUCE1BIT(V);
+        Htable[i] = V;
+    }
+
+    for (i = 2; i < 256; i <<= 1) {
+        u128 *Hi = Htable + i, H0 = *Hi;
+        for (j = 1; j < i; ++j) {
+            Hi[j].hi = H0.hi ^ Htable[j].hi;
+            Hi[j].lo = H0.lo ^ Htable[j].lo;
+        }
+    }
+}
+
+static void gcm_gmult_8bit(u64 Xi[2], const u128 Htable[256])
+{
+    u128 Z = { 0, 0 };
+    const u8 *xi = (const u8 *)Xi + 15;
+    size_t rem, n = *xi;
+    const union {
+        long one;
+        char little;
+    } is_endian = { 1 };
+    static const size_t rem_8bit[256] = {
+        PACK(0x0000), PACK(0x01C2), PACK(0x0384), PACK(0x0246),
+        PACK(0x0708), PACK(0x06CA), PACK(0x048C), PACK(0x054E),
+        PACK(0x0E10), PACK(0x0FD2), PACK(0x0D94), PACK(0x0C56),
+        PACK(0x0918), PACK(0x08DA), PACK(0x0A9C), PACK(0x0B5E),
+        PACK(0x1C20), PACK(0x1DE2), PACK(0x1FA4), PACK(0x1E66),
+        PACK(0x1B28), PACK(0x1AEA), PACK(0x18AC), PACK(0x196E),
+        PACK(0x1230), PACK(0x13F2), PACK(0x11B4), PACK(0x1076),
+        PACK(0x1538), PACK(0x14FA), PACK(0x16BC), PACK(0x177E),
+        PACK(0x3840), PACK(0x3982), PACK(0x3BC4), PACK(0x3A06),
+        PACK(0x3F48), PACK(0x3E8A), PACK(0x3CCC), PACK(0x3D0E),
+        PACK(0x3650), PACK(0x3792), PACK(0x35D4), PACK(0x3416),
+        PACK(0x3158), PACK(0x309A), PACK(0x32DC), PACK(0x331E),
+        PACK(0x2460), PACK(0x25A2), PACK(0x27E4), PACK(0x2626),
+        PACK(0x2368), PACK(0x22AA), PACK(0x20EC), PACK(0x212E),
+        PACK(0x2A70), PACK(0x2BB2), PACK(0x29F4), PACK(0x2836),
+        PACK(0x2D78), PACK(0x2CBA), PACK(0x2EFC), PACK(0x2F3E),
+        PACK(0x7080), PACK(0x7142), PACK(0x7304), PACK(0x72C6),
+        PACK(0x7788), PACK(0x764A), PACK(0x740C), PACK(0x75CE),
+        PACK(0x7E90), PACK(0x7F52), PACK(0x7D14), PACK(0x7CD6),
+        PACK(0x7998), PACK(0x785A), PACK(0x7A1C), PACK(0x7BDE),
+        PACK(0x6CA0), PACK(0x6D62), PACK(0x6F24), PACK(0x6EE6),
+        PACK(0x6BA8), PACK(0x6A6A), PACK(0x682C), PACK(0x69EE),
+        PACK(0x62B0), PACK(0x6372), PACK(0x6134), PACK(0x60F6),
+        PACK(0x65B8), PACK(0x647A), PACK(0x663C), PACK(0x67FE),
+        PACK(0x48C0), PACK(0x4902), PACK(0x4B44), PACK(0x4A86),
+        PACK(0x4FC8), PACK(0x4E0A), PACK(0x4C4C), PACK(0x4D8E),
+        PACK(0x46D0), PACK(0x4712), PACK(0x4554), PACK(0x4496),
+        PACK(0x41D8), PACK(0x401A), PACK(0x425C), PACK(0x439E),
+        PACK(0x54E0), PACK(0x5522), PACK(0x5764), PACK(0x56A6),
+        PACK(0x53E8), PACK(0x522A), PACK(0x506C), PACK(0x51AE),
+        PACK(0x5AF0), PACK(0x5B32), PACK(0x5974), PACK(0x58B6),
+        PACK(0x5DF8), PACK(0x5C3A), PACK(0x5E7C), PACK(0x5FBE),
+        PACK(0xE100), PACK(0xE0C2), PACK(0xE284), PACK(0xE346),
+        PACK(0xE608), PACK(0xE7CA), PACK(0xE58C), PACK(0xE44E),
+        PACK(0xEF10), PACK(0xEED2), PACK(0xEC94), PACK(0xED56),
+        PACK(0xE818), PACK(0xE9DA), PACK(0xEB9C), PACK(0xEA5E),
+        PACK(0xFD20), PACK(0xFCE2), PACK(0xFEA4), PACK(0xFF66),
+        PACK(0xFA28), PACK(0xFBEA), PACK(0xF9AC), PACK(0xF86E),
+        PACK(0xF330), PACK(0xF2F2), PACK(0xF0B4), PACK(0xF176),
+        PACK(0xF438), PACK(0xF5FA), PACK(0xF7BC), PACK(0xF67E),
+        PACK(0xD940), PACK(0xD882), PACK(0xDAC4), PACK(0xDB06),
+        PACK(0xDE48), PACK(0xDF8A), PACK(0xDDCC), PACK(0xDC0E),
+        PACK(0xD750), PACK(0xD692), PACK(0xD4D4), PACK(0xD516),
+        PACK(0xD058), PACK(0xD19A), PACK(0xD3DC), PACK(0xD21E),
+        PACK(0xC560), PACK(0xC4A2), PACK(0xC6E4), PACK(0xC726),
+        PACK(0xC268), PACK(0xC3AA), PACK(0xC1EC), PACK(0xC02E),
+        PACK(0xCB70), PACK(0xCAB2), PACK(0xC8F4), PACK(0xC936),
+        PACK(0xCC78), PACK(0xCDBA), PACK(0xCFFC), PACK(0xCE3E),
+        PACK(0x9180), PACK(0x9042), PACK(0x9204), PACK(0x93C6),
+        PACK(0x9688), PACK(0x974A), PACK(0x950C), PACK(0x94CE),
+        PACK(0x9F90), PACK(0x9E52), PACK(0x9C14), PACK(0x9DD6),
+        PACK(0x9898), PACK(0x995A), PACK(0x9B1C), PACK(0x9ADE),
+        PACK(0x8DA0), PACK(0x8C62), PACK(0x8E24), PACK(0x8FE6),
+        PACK(0x8AA8), PACK(0x8B6A), PACK(0x892C), PACK(0x88EE),
+        PACK(0x83B0), PACK(0x8272), PACK(0x8034), PACK(0x81F6),
+        PACK(0x84B8), PACK(0x857A), PACK(0x873C), PACK(0x86FE),
+        PACK(0xA9C0), PACK(0xA802), PACK(0xAA44), PACK(0xAB86),
+        PACK(0xAEC8), PACK(0xAF0A), PACK(0xAD4C), PACK(0xAC8E),
+        PACK(0xA7D0), PACK(0xA612), PACK(0xA454), PACK(0xA596),
+        PACK(0xA0D8), PACK(0xA11A), PACK(0xA35C), PACK(0xA29E),
+        PACK(0xB5E0), PACK(0xB422), PACK(0xB664), PACK(0xB7A6),
+        PACK(0xB2E8), PACK(0xB32A), PACK(0xB16C), PACK(0xB0AE),
+        PACK(0xBBF0), PACK(0xBA32), PACK(0xB874), PACK(0xB9B6),
+        PACK(0xBCF8), PACK(0xBD3A), PACK(0xBF7C), PACK(0xBEBE)
+    };
+
+    while (1) {
+        Z.hi ^= Htable[n].hi;
+        Z.lo ^= Htable[n].lo;
+
+        if ((u8 *)Xi == xi)
+            break;
+
+        n = *(--xi);
+
+        rem = (size_t)Z.lo & 0xff;
+        Z.lo = (Z.hi << 56) | (Z.lo >> 8);
+        Z.hi = (Z.hi >> 8);
+        if (sizeof(size_t) == 8)
+            Z.hi ^= rem_8bit[rem];
+        else
+            Z.hi ^= (u64)rem_8bit[rem] << 32;
+    }
+
+    if (is_endian.little) {
+# ifdef BSWAP8
+        Xi[0] = BSWAP8(Z.hi);
+        Xi[1] = BSWAP8(Z.lo);
+# else
+        u8 *p = (u8 *)Xi;
+        u32 v;
+        v = (u32)(Z.hi >> 32);
+        PUTU32(p, v);
+        v = (u32)(Z.hi);
+        PUTU32(p + 4, v);
+        v = (u32)(Z.lo >> 32);
+        PUTU32(p + 8, v);
+        v = (u32)(Z.lo);
+        PUTU32(p + 12, v);
+# endif
+    } else {
+        Xi[0] = Z.hi;
+        Xi[1] = Z.lo;
+    }
+}
+
+# define GCM_MUL(ctx)      gcm_gmult_8bit(ctx->Xi.u,ctx->Htable)
+
+#elif   TABLE_BITS==4
+
+static void gcm_init_4bit(u128 Htable[16], u64 H[2])
+{
+    u128 V;
+# if defined(OPENSSL_SMALL_FOOTPRINT)
+    int i;
+# endif
+
+    Htable[0].hi = 0;
+    Htable[0].lo = 0;
+    V.hi = H[0];
+    V.lo = H[1];
+
+# if defined(OPENSSL_SMALL_FOOTPRINT)
+    for (Htable[8] = V, i = 4; i > 0; i >>= 1) {
+        REDUCE1BIT(V);
+        Htable[i] = V;
+    }
+
+    for (i = 2; i < 16; i <<= 1) {
+        u128 *Hi = Htable + i;
+        int j;
+        for (V = *Hi, j = 1; j < i; ++j) {
+            Hi[j].hi = V.hi ^ Htable[j].hi;
+            Hi[j].lo = V.lo ^ Htable[j].lo;
+        }
+    }
+# else
+    Htable[8] = V;
+    REDUCE1BIT(V);
+    Htable[4] = V;
+    REDUCE1BIT(V);
+    Htable[2] = V;
+    REDUCE1BIT(V);
+    Htable[1] = V;
+    Htable[3].hi = V.hi ^ Htable[2].hi, Htable[3].lo = V.lo ^ Htable[2].lo;
+    V = Htable[4];
+    Htable[5].hi = V.hi ^ Htable[1].hi, Htable[5].lo = V.lo ^ Htable[1].lo;
+    Htable[6].hi = V.hi ^ Htable[2].hi, Htable[6].lo = V.lo ^ Htable[2].lo;
+    Htable[7].hi = V.hi ^ Htable[3].hi, Htable[7].lo = V.lo ^ Htable[3].lo;
+    V = Htable[8];
+    Htable[9].hi = V.hi ^ Htable[1].hi, Htable[9].lo = V.lo ^ Htable[1].lo;
+    Htable[10].hi = V.hi ^ Htable[2].hi, Htable[10].lo = V.lo ^ Htable[2].lo;
+    Htable[11].hi = V.hi ^ Htable[3].hi, Htable[11].lo = V.lo ^ Htable[3].lo;
+    Htable[12].hi = V.hi ^ Htable[4].hi, Htable[12].lo = V.lo ^ Htable[4].lo;
+    Htable[13].hi = V.hi ^ Htable[5].hi, Htable[13].lo = V.lo ^ Htable[5].lo;
+    Htable[14].hi = V.hi ^ Htable[6].hi, Htable[14].lo = V.lo ^ Htable[6].lo;
+    Htable[15].hi = V.hi ^ Htable[7].hi, Htable[15].lo = V.lo ^ Htable[7].lo;
+# endif
+# if defined(GHASH_ASM) && (defined(__arm__) || defined(__arm))
+    /*
+     * ARM assembler expects specific dword order in Htable.
+     */
+    {
+        int j;
+        const union {
+            long one;
+            char little;
+        } is_endian = { 1 };
+
+        if (is_endian.little)
+            for (j = 0; j < 16; ++j) {
+                V = Htable[j];
+                Htable[j].hi = V.lo;
+                Htable[j].lo = V.hi;
+        } else
+            for (j = 0; j < 16; ++j) {
+                V = Htable[j];
+                Htable[j].hi = V.lo << 32 | V.lo >> 32;
+                Htable[j].lo = V.hi << 32 | V.hi >> 32;
+            }
+    }
+# endif
+}
+
+# ifndef GHASH_ASM
+static const size_t rem_4bit[16] = {
+    PACK(0x0000), PACK(0x1C20), PACK(0x3840), PACK(0x2460),
+    PACK(0x7080), PACK(0x6CA0), PACK(0x48C0), PACK(0x54E0),
+    PACK(0xE100), PACK(0xFD20), PACK(0xD940), PACK(0xC560),
+    PACK(0x9180), PACK(0x8DA0), PACK(0xA9C0), PACK(0xB5E0)
+};
+
+static void gcm_gmult_4bit(u64 Xi[2], const u128 Htable[16])
+{
+    u128 Z;
+    int cnt = 15;
+    size_t rem, nlo, nhi;
+    const union {
+        long one;
+        char little;
+    } is_endian = { 1 };
+
+    nlo = ((const u8 *)Xi)[15];
+    nhi = nlo >> 4;
+    nlo &= 0xf;
+
+    Z.hi = Htable[nlo].hi;
+    Z.lo = Htable[nlo].lo;
+
+    while (1) {
+        rem = (size_t)Z.lo & 0xf;
+        Z.lo = (Z.hi << 60) | (Z.lo >> 4);
+        Z.hi = (Z.hi >> 4);
+        if (sizeof(size_t) == 8)
+            Z.hi ^= rem_4bit[rem];
+        else
+            Z.hi ^= (u64)rem_4bit[rem] << 32;
+
+        Z.hi ^= Htable[nhi].hi;
+        Z.lo ^= Htable[nhi].lo;
+
+        if (--cnt < 0)
+            break;
+
+        nlo = ((const u8 *)Xi)[cnt];
+        nhi = nlo >> 4;
+        nlo &= 0xf;
+
+        rem = (size_t)Z.lo & 0xf;
+        Z.lo = (Z.hi << 60) | (Z.lo >> 4);
+        Z.hi = (Z.hi >> 4);
+        if (sizeof(size_t) == 8)
+            Z.hi ^= rem_4bit[rem];
+        else
+            Z.hi ^= (u64)rem_4bit[rem] << 32;
+
+        Z.hi ^= Htable[nlo].hi;
+        Z.lo ^= Htable[nlo].lo;
+    }
+
+    if (is_endian.little) {
+#  ifdef BSWAP8
+        Xi[0] = BSWAP8(Z.hi);
+        Xi[1] = BSWAP8(Z.lo);
+#  else
+        u8 *p = (u8 *)Xi;
+        u32 v;
+        v = (u32)(Z.hi >> 32);
+        PUTU32(p, v);
+        v = (u32)(Z.hi);
+        PUTU32(p + 4, v);
+        v = (u32)(Z.lo >> 32);
+        PUTU32(p + 8, v);
+        v = (u32)(Z.lo);
+        PUTU32(p + 12, v);
+#  endif
+    } else {
+        Xi[0] = Z.hi;
+        Xi[1] = Z.lo;
+    }
+}
+
+#  if !defined(OPENSSL_SMALL_FOOTPRINT)
+/*
+ * Streamed gcm_mult_4bit, see CRYPTO_gcm128_[en|de]crypt for
+ * details... Compiler-generated code doesn't seem to give any
+ * performance improvement, at least not on x86[_64]. It's here
+ * mostly as reference and a placeholder for possible future
+ * non-trivial optimization[s]...
+ */
+static void gcm_ghash_4bit(u64 Xi[2], const u128 Htable[16],
+                           const u8 *inp, size_t len)
+{
+    u128 Z;
+    int cnt;
+    size_t rem, nlo, nhi;
+    const union {
+        long one;
+        char little;
+    } is_endian = { 1 };
+
+#   if 1
+    do {
+        cnt = 15;
+        nlo = ((const u8 *)Xi)[15];
+        nlo ^= inp[15];
+        nhi = nlo >> 4;
+        nlo &= 0xf;
+
+        Z.hi = Htable[nlo].hi;
+        Z.lo = Htable[nlo].lo;
+
+        while (1) {
+            rem = (size_t)Z.lo & 0xf;
+            Z.lo = (Z.hi << 60) | (Z.lo >> 4);
+            Z.hi = (Z.hi >> 4);
+            if (sizeof(size_t) == 8)
+                Z.hi ^= rem_4bit[rem];
+            else
+                Z.hi ^= (u64)rem_4bit[rem] << 32;
+
+            Z.hi ^= Htable[nhi].hi;
+            Z.lo ^= Htable[nhi].lo;
+
+            if (--cnt < 0)
+                break;
+
+            nlo = ((const u8 *)Xi)[cnt];
+            nlo ^= inp[cnt];
+            nhi = nlo >> 4;
+            nlo &= 0xf;
+
+            rem = (size_t)Z.lo & 0xf;
+            Z.lo = (Z.hi << 60) | (Z.lo >> 4);
+            Z.hi = (Z.hi >> 4);
+            if (sizeof(size_t) == 8)
+                Z.hi ^= rem_4bit[rem];
+            else
+                Z.hi ^= (u64)rem_4bit[rem] << 32;
+
+            Z.hi ^= Htable[nlo].hi;
+            Z.lo ^= Htable[nlo].lo;
+        }
+#   else
+    /*
+     * Extra 256+16 bytes per-key plus 512 bytes shared tables
+     * [should] give ~50% improvement... One could have PACK()-ed
+     * the rem_8bit even here, but the priority is to minimize
+     * cache footprint...
+     */
+    u128 Hshr4[16];             /* Htable shifted right by 4 bits */
+    u8 Hshl4[16];               /* Htable shifted left by 4 bits */
+    static const unsigned short rem_8bit[256] = {
+        0x0000, 0x01C2, 0x0384, 0x0246, 0x0708, 0x06CA, 0x048C, 0x054E,
+        0x0E10, 0x0FD2, 0x0D94, 0x0C56, 0x0918, 0x08DA, 0x0A9C, 0x0B5E,
+        0x1C20, 0x1DE2, 0x1FA4, 0x1E66, 0x1B28, 0x1AEA, 0x18AC, 0x196E,
+        0x1230, 0x13F2, 0x11B4, 0x1076, 0x1538, 0x14FA, 0x16BC, 0x177E,
+        0x3840, 0x3982, 0x3BC4, 0x3A06, 0x3F48, 0x3E8A, 0x3CCC, 0x3D0E,
+        0x3650, 0x3792, 0x35D4, 0x3416, 0x3158, 0x309A, 0x32DC, 0x331E,
+        0x2460, 0x25A2, 0x27E4, 0x2626, 0x2368, 0x22AA, 0x20EC, 0x212E,
+        0x2A70, 0x2BB2, 0x29F4, 0x2836, 0x2D78, 0x2CBA, 0x2EFC, 0x2F3E,
+        0x7080, 0x7142, 0x7304, 0x72C6, 0x7788, 0x764A, 0x740C, 0x75CE,
+        0x7E90, 0x7F52, 0x7D14, 0x7CD6, 0x7998, 0x785A, 0x7A1C, 0x7BDE,
+        0x6CA0, 0x6D62, 0x6F24, 0x6EE6, 0x6BA8, 0x6A6A, 0x682C, 0x69EE,
+        0x62B0, 0x6372, 0x6134, 0x60F6, 0x65B8, 0x647A, 0x663C, 0x67FE,
+        0x48C0, 0x4902, 0x4B44, 0x4A86, 0x4FC8, 0x4E0A, 0x4C4C, 0x4D8E,
+        0x46D0, 0x4712, 0x4554, 0x4496, 0x41D8, 0x401A, 0x425C, 0x439E,
+        0x54E0, 0x5522, 0x5764, 0x56A6, 0x53E8, 0x522A, 0x506C, 0x51AE,
+        0x5AF0, 0x5B32, 0x5974, 0x58B6, 0x5DF8, 0x5C3A, 0x5E7C, 0x5FBE,
+        0xE100, 0xE0C2, 0xE284, 0xE346, 0xE608, 0xE7CA, 0xE58C, 0xE44E,
+        0xEF10, 0xEED2, 0xEC94, 0xED56, 0xE818, 0xE9DA, 0xEB9C, 0xEA5E,
+        0xFD20, 0xFCE2, 0xFEA4, 0xFF66, 0xFA28, 0xFBEA, 0xF9AC, 0xF86E,
+        0xF330, 0xF2F2, 0xF0B4, 0xF176, 0xF438, 0xF5FA, 0xF7BC, 0xF67E,
+        0xD940, 0xD882, 0xDAC4, 0xDB06, 0xDE48, 0xDF8A, 0xDDCC, 0xDC0E,
+        0xD750, 0xD692, 0xD4D4, 0xD516, 0xD058, 0xD19A, 0xD3DC, 0xD21E,
+        0xC560, 0xC4A2, 0xC6E4, 0xC726, 0xC268, 0xC3AA, 0xC1EC, 0xC02E,
+        0xCB70, 0xCAB2, 0xC8F4, 0xC936, 0xCC78, 0xCDBA, 0xCFFC, 0xCE3E,
+        0x9180, 0x9042, 0x9204, 0x93C6, 0x9688, 0x974A, 0x950C, 0x94CE,
+        0x9F90, 0x9E52, 0x9C14, 0x9DD6, 0x9898, 0x995A, 0x9B1C, 0x9ADE,
+        0x8DA0, 0x8C62, 0x8E24, 0x8FE6, 0x8AA8, 0x8B6A, 0x892C, 0x88EE,
+        0x83B0, 0x8272, 0x8034, 0x81F6, 0x84B8, 0x857A, 0x873C, 0x86FE,
+        0xA9C0, 0xA802, 0xAA44, 0xAB86, 0xAEC8, 0xAF0A, 0xAD4C, 0xAC8E,
+        0xA7D0, 0xA612, 0xA454, 0xA596, 0xA0D8, 0xA11A, 0xA35C, 0xA29E,
+        0xB5E0, 0xB422, 0xB664, 0xB7A6, 0xB2E8, 0xB32A, 0xB16C, 0xB0AE,
+        0xBBF0, 0xBA32, 0xB874, 0xB9B6, 0xBCF8, 0xBD3A, 0xBF7C, 0xBEBE
+    };
+    /*
+     * This pre-processing phase slows down procedure by approximately
+     * same time as it makes each loop spin faster. In other words
+     * single block performance is approximately same as straightforward
+     * "4-bit" implementation, and then it goes only faster...
+     */
+    for (cnt = 0; cnt < 16; ++cnt) {
+        Z.hi = Htable[cnt].hi;
+        Z.lo = Htable[cnt].lo;
+        Hshr4[cnt].lo = (Z.hi << 60) | (Z.lo >> 4);
+        Hshr4[cnt].hi = (Z.hi >> 4);
+        Hshl4[cnt] = (u8)(Z.lo << 4);
+    }
+
+    do {
+        for (Z.lo = 0, Z.hi = 0, cnt = 15; cnt; --cnt) {
+            nlo = ((const u8 *)Xi)[cnt];
+            nlo ^= inp[cnt];
+            nhi = nlo >> 4;
+            nlo &= 0xf;
+
+            Z.hi ^= Htable[nlo].hi;
+            Z.lo ^= Htable[nlo].lo;
+
+            rem = (size_t)Z.lo & 0xff;
+
+            Z.lo = (Z.hi << 56) | (Z.lo >> 8);
+            Z.hi = (Z.hi >> 8);
+
+            Z.hi ^= Hshr4[nhi].hi;
+            Z.lo ^= Hshr4[nhi].lo;
+            Z.hi ^= (u64)rem_8bit[rem ^ Hshl4[nhi]] << 48;
+        }
+
+        nlo = ((const u8 *)Xi)[0];
+        nlo ^= inp[0];
+        nhi = nlo >> 4;
+        nlo &= 0xf;
+
+        Z.hi ^= Htable[nlo].hi;
+        Z.lo ^= Htable[nlo].lo;
+
+        rem = (size_t)Z.lo & 0xf;
+
+        Z.lo = (Z.hi << 60) | (Z.lo >> 4);
+        Z.hi = (Z.hi >> 4);
+
+        Z.hi ^= Htable[nhi].hi;
+        Z.lo ^= Htable[nhi].lo;
+        Z.hi ^= ((u64)rem_8bit[rem << 4]) << 48;
+#   endif
+
+        if (is_endian.little) {
+#   ifdef BSWAP8
+            Xi[0] = BSWAP8(Z.hi);
+            Xi[1] = BSWAP8(Z.lo);
+#   else
+            u8 *p = (u8 *)Xi;
+            u32 v;
+            v = (u32)(Z.hi >> 32);
+            PUTU32(p, v);
+            v = (u32)(Z.hi);
+            PUTU32(p + 4, v);
+            v = (u32)(Z.lo >> 32);
+            PUTU32(p + 8, v);
+            v = (u32)(Z.lo);
+            PUTU32(p + 12, v);
+#   endif
+        } else {
+            Xi[0] = Z.hi;
+            Xi[1] = Z.lo;
+        }
+    } while (inp += 16, len -= 16);
+}
+#  endif
+# else
+void gcm_gmult_4bit(u64 Xi[2], const u128 Htable[16]);
+void gcm_ghash_4bit(u64 Xi[2], const u128 Htable[16], const u8 *inp,
+                    size_t len);
+# endif
+
+# define GCM_MUL(ctx)      gcm_gmult_4bit(ctx->Xi.u,ctx->Htable)
+# if defined(GHASH_ASM) || !defined(OPENSSL_SMALL_FOOTPRINT)
+#  define GHASH(ctx,in,len) gcm_ghash_4bit((ctx)->Xi.u,(ctx)->Htable,in,len)
+/*
+ * GHASH_CHUNK is "stride parameter" missioned to mitigate cache trashing
+ * effect. In other words idea is to hash data while it's still in L1 cache
+ * after encryption pass...
+ */
+#  define GHASH_CHUNK       (3*1024)
+# endif
+
+#else                           /* TABLE_BITS */
+
+static void gcm_gmult_1bit(u64 Xi[2], const u64 H[2])
+{
+    u128 V, Z = { 0, 0 };
+    long X;
+    int i, j;
+    const long *xi = (const long *)Xi;
+    const union {
+        long one;
+        char little;
+    } is_endian = { 1 };
+
+    V.hi = H[0];                /* H is in host byte order, no byte swapping */
+    V.lo = H[1];
+
+    for (j = 0; j < 16 / sizeof(long); ++j) {
+        if (is_endian.little) {
+            if (sizeof(long) == 8) {
+# ifdef BSWAP8
+                X = (long)(BSWAP8(xi[j]));
+# else
+                const u8 *p = (const u8 *)(xi + j);
+                X = (long)((u64)GETU32(p) << 32 | GETU32(p + 4));
+# endif
+            } else {
+                const u8 *p = (const u8 *)(xi + j);
+                X = (long)GETU32(p);
+            }
+        } else
+            X = xi[j];
+
+        for (i = 0; i < 8 * sizeof(long); ++i, X <<= 1) {
+            u64 M = (u64)(X >> (8 * sizeof(long) - 1));
+            Z.hi ^= V.hi & M;
+            Z.lo ^= V.lo & M;
+
+            REDUCE1BIT(V);
+        }
+    }
+
+    if (is_endian.little) {
+# ifdef BSWAP8
+        Xi[0] = BSWAP8(Z.hi);
+        Xi[1] = BSWAP8(Z.lo);
+# else
+        u8 *p = (u8 *)Xi;
+        u32 v;
+        v = (u32)(Z.hi >> 32);
+        PUTU32(p, v);
+        v = (u32)(Z.hi);
+        PUTU32(p + 4, v);
+        v = (u32)(Z.lo >> 32);
+        PUTU32(p + 8, v);
+        v = (u32)(Z.lo);
+        PUTU32(p + 12, v);
+# endif
+    } else {
+        Xi[0] = Z.hi;
+        Xi[1] = Z.lo;
+    }
+}
+
+# define GCM_MUL(ctx)      gcm_gmult_1bit(ctx->Xi.u,ctx->H.u)
+
+#endif
+
+#if     TABLE_BITS==4 && (defined(GHASH_ASM) || defined(OPENSSL_CPUID_OBJ))
+# if    !defined(I386_ONLY) && \
+        (defined(__i386)        || defined(__i386__)    || \
+         defined(__x86_64)      || defined(__x86_64__)  || \
+         defined(_M_IX86)       || defined(_M_AMD64)    || defined(_M_X64))
+#  define GHASH_ASM_X86_OR_64
+#  define GCM_FUNCREF_4BIT
+extern unsigned int OPENSSL_ia32cap_P[];
+
+void gcm_init_clmul(u128 Htable[16], const u64 Xi[2]);
+void gcm_gmult_clmul(u64 Xi[2], const u128 Htable[16]);
+void gcm_ghash_clmul(u64 Xi[2], const u128 Htable[16], const u8 *inp,
+                     size_t len);
+
+#  if defined(__i386) || defined(__i386__) || defined(_M_IX86)
+#   define gcm_init_avx   gcm_init_clmul
+#   define gcm_gmult_avx  gcm_gmult_clmul
+#   define gcm_ghash_avx  gcm_ghash_clmul
+#  else
+void gcm_init_avx(u128 Htable[16], const u64 Xi[2]);
+void gcm_gmult_avx(u64 Xi[2], const u128 Htable[16]);
+void gcm_ghash_avx(u64 Xi[2], const u128 Htable[16], const u8 *inp,
+                   size_t len);
+#  endif
+
+#  if   defined(__i386) || defined(__i386__) || defined(_M_IX86)
+#   define GHASH_ASM_X86
+void gcm_gmult_4bit_mmx(u64 Xi[2], const u128 Htable[16]);
+void gcm_ghash_4bit_mmx(u64 Xi[2], const u128 Htable[16], const u8 *inp,
+                        size_t len);
+
+void gcm_gmult_4bit_x86(u64 Xi[2], const u128 Htable[16]);
+void gcm_ghash_4bit_x86(u64 Xi[2], const u128 Htable[16], const u8 *inp,
+                        size_t len);
+#  endif
+# elif defined(__arm__) || defined(__arm) || defined(__aarch64__)
+#  include "arm_arch.h"
+#  if __ARM_MAX_ARCH__>=7
+#   define GHASH_ASM_ARM
+#   define GCM_FUNCREF_4BIT
+#   define PMULL_CAPABLE        (OPENSSL_armcap_P & ARMV8_PMULL)
+#   if defined(__arm__) || defined(__arm)
+#    define NEON_CAPABLE        (OPENSSL_armcap_P & ARMV7_NEON)
+#   endif
+void gcm_init_neon(u128 Htable[16], const u64 Xi[2]);
+void gcm_gmult_neon(u64 Xi[2], const u128 Htable[16]);
+void gcm_ghash_neon(u64 Xi[2], const u128 Htable[16], const u8 *inp,
+                    size_t len);
+void gcm_init_v8(u128 Htable[16], const u64 Xi[2]);
+void gcm_gmult_v8(u64 Xi[2], const u128 Htable[16]);
+void gcm_ghash_v8(u64 Xi[2], const u128 Htable[16], const u8 *inp,
+                  size_t len);
+#  endif
+# elif defined(__sparc__) || defined(__sparc)
+#  include "sparc_arch.h"
+#  define GHASH_ASM_SPARC
+#  define GCM_FUNCREF_4BIT
+extern unsigned int OPENSSL_sparcv9cap_P[];
+void gcm_init_vis3(u128 Htable[16], const u64 Xi[2]);
+void gcm_gmult_vis3(u64 Xi[2], const u128 Htable[16]);
+void gcm_ghash_vis3(u64 Xi[2], const u128 Htable[16], const u8 *inp,
+                    size_t len);
+# elif defined(OPENSSL_CPUID_OBJ) && (defined(__powerpc__) || defined(__ppc__) || defined(_ARCH_PPC))
+#  include "ppc_arch.h"
+#  define GHASH_ASM_PPC
+#  define GCM_FUNCREF_4BIT
+void gcm_init_p8(u128 Htable[16], const u64 Xi[2]);
+void gcm_gmult_p8(u64 Xi[2], const u128 Htable[16]);
+void gcm_ghash_p8(u64 Xi[2], const u128 Htable[16], const u8 *inp,
+                  size_t len);
+# endif
+#endif
+
+#ifdef GCM_FUNCREF_4BIT
+# undef  GCM_MUL
+# define GCM_MUL(ctx)           (*gcm_gmult_p)(ctx->Xi.u,ctx->Htable)
+# ifdef GHASH
+#  undef  GHASH
+#  define GHASH(ctx,in,len)     (*gcm_ghash_p)(ctx->Xi.u,ctx->Htable,in,len)
+# endif
+#endif
+
+void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block)
+{
+    const union {
+        long one;
+        char little;
+    } is_endian = { 1 };
+
+    memset(ctx, 0, sizeof(*ctx));
+    ctx->block = block;
+    ctx->key = key;
+
+    (*block) (ctx->H.c, ctx->H.c, key);
+
+    if (is_endian.little) {
+        /* H is stored in host byte order */
+#ifdef BSWAP8
+        ctx->H.u[0] = BSWAP8(ctx->H.u[0]);
+        ctx->H.u[1] = BSWAP8(ctx->H.u[1]);
+#else
+        u8 *p = ctx->H.c;
+        u64 hi, lo;
+        hi = (u64)GETU32(p) << 32 | GETU32(p + 4);
+        lo = (u64)GETU32(p + 8) << 32 | GETU32(p + 12);
+        ctx->H.u[0] = hi;
+        ctx->H.u[1] = lo;
+#endif
+    }
+#if     TABLE_BITS==8
+    gcm_init_8bit(ctx->Htable, ctx->H.u);
+#elif   TABLE_BITS==4
+# if    defined(GHASH)
+#  define CTX__GHASH(f) (ctx->ghash = (f))
+# else
+#  define CTX__GHASH(f) (ctx->ghash = NULL)
+# endif
+# if    defined(GHASH_ASM_X86_OR_64)
+#  if   !defined(GHASH_ASM_X86) || defined(OPENSSL_IA32_SSE2)
+    if (OPENSSL_ia32cap_P[1] & (1 << 1)) { /* check PCLMULQDQ bit */
+        if (((OPENSSL_ia32cap_P[1] >> 22) & 0x41) == 0x41) { /* AVX+MOVBE */
+            gcm_init_avx(ctx->Htable, ctx->H.u);
+            ctx->gmult = gcm_gmult_avx;
+            CTX__GHASH(gcm_ghash_avx);
+        } else {
+            gcm_init_clmul(ctx->Htable, ctx->H.u);
+            ctx->gmult = gcm_gmult_clmul;
+            CTX__GHASH(gcm_ghash_clmul);
+        }
+        return;
+    }
+#  endif
+    gcm_init_4bit(ctx->Htable, ctx->H.u);
+#  if   defined(GHASH_ASM_X86)  /* x86 only */
+#   if  defined(OPENSSL_IA32_SSE2)
+    if (OPENSSL_ia32cap_P[0] & (1 << 25)) { /* check SSE bit */
+#   else
+    if (OPENSSL_ia32cap_P[0] & (1 << 23)) { /* check MMX bit */
+#   endif
+        ctx->gmult = gcm_gmult_4bit_mmx;
+        CTX__GHASH(gcm_ghash_4bit_mmx);
+    } else {
+        ctx->gmult = gcm_gmult_4bit_x86;
+        CTX__GHASH(gcm_ghash_4bit_x86);
+    }
+#  else
+    ctx->gmult = gcm_gmult_4bit;
+    CTX__GHASH(gcm_ghash_4bit);
+#  endif
+# elif  defined(GHASH_ASM_ARM)
+#  ifdef PMULL_CAPABLE
+    if (PMULL_CAPABLE) {
+        gcm_init_v8(ctx->Htable, ctx->H.u);
+        ctx->gmult = gcm_gmult_v8;
+        CTX__GHASH(gcm_ghash_v8);
+    } else
+#  endif
+#  ifdef NEON_CAPABLE
+    if (NEON_CAPABLE) {
+        gcm_init_neon(ctx->Htable, ctx->H.u);
+        ctx->gmult = gcm_gmult_neon;
+        CTX__GHASH(gcm_ghash_neon);
+    } else
+#  endif
+    {
+        gcm_init_4bit(ctx->Htable, ctx->H.u);
+        ctx->gmult = gcm_gmult_4bit;
+        CTX__GHASH(gcm_ghash_4bit);
+    }
+# elif  defined(GHASH_ASM_SPARC)
+    if (OPENSSL_sparcv9cap_P[0] & SPARCV9_VIS3) {
+        gcm_init_vis3(ctx->Htable, ctx->H.u);
+        ctx->gmult = gcm_gmult_vis3;
+        CTX__GHASH(gcm_ghash_vis3);
+    } else {
+        gcm_init_4bit(ctx->Htable, ctx->H.u);
+        ctx->gmult = gcm_gmult_4bit;
+        CTX__GHASH(gcm_ghash_4bit);
+    }
+# elif  defined(GHASH_ASM_PPC)
+    if (OPENSSL_ppccap_P & PPC_CRYPTO207) {
+        gcm_init_p8(ctx->Htable, ctx->H.u);
+        ctx->gmult = gcm_gmult_p8;
+        CTX__GHASH(gcm_ghash_p8);
+    } else {
+        gcm_init_4bit(ctx->Htable, ctx->H.u);
+        ctx->gmult = gcm_gmult_4bit;
+        CTX__GHASH(gcm_ghash_4bit);
+    }
+# else
+    gcm_init_4bit(ctx->Htable, ctx->H.u);
+# endif
+# undef CTX__GHASH
+#endif
+}
+
+void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const unsigned char *iv,
+                         size_t len)
+{
+    const union {
+        long one;
+        char little;
+    } is_endian = { 1 };
+    unsigned int ctr;
+#ifdef GCM_FUNCREF_4BIT
+    void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult;
+#endif
+
+    ctx->len.u[0] = 0;          /* AAD length */
+    ctx->len.u[1] = 0;          /* message length */
+    ctx->ares = 0;
+    ctx->mres = 0;
+
+    if (len == 12) {
+        memcpy(ctx->Yi.c, iv, 12);
+        ctx->Yi.c[12] = 0;
+        ctx->Yi.c[13] = 0;
+        ctx->Yi.c[14] = 0;
+        ctx->Yi.c[15] = 1;
+        ctr = 1;
+    } else {
+        size_t i;
+        u64 len0 = len;
+
+        /* Borrow ctx->Xi to calculate initial Yi */
+        ctx->Xi.u[0] = 0;
+        ctx->Xi.u[1] = 0;
+
+        while (len >= 16) {
+            for (i = 0; i < 16; ++i)
+                ctx->Xi.c[i] ^= iv[i];
+            GCM_MUL(ctx);
+            iv += 16;
+            len -= 16;
+        }
+        if (len) {
+            for (i = 0; i < len; ++i)
+                ctx->Xi.c[i] ^= iv[i];
+            GCM_MUL(ctx);
+        }
+        len0 <<= 3;
+        if (is_endian.little) {
+#ifdef BSWAP8
+            ctx->Xi.u[1] ^= BSWAP8(len0);
+#else
+            ctx->Xi.c[8] ^= (u8)(len0 >> 56);
+            ctx->Xi.c[9] ^= (u8)(len0 >> 48);
+            ctx->Xi.c[10] ^= (u8)(len0 >> 40);
+            ctx->Xi.c[11] ^= (u8)(len0 >> 32);
+            ctx->Xi.c[12] ^= (u8)(len0 >> 24);
+            ctx->Xi.c[13] ^= (u8)(len0 >> 16);
+            ctx->Xi.c[14] ^= (u8)(len0 >> 8);
+            ctx->Xi.c[15] ^= (u8)(len0);
+#endif
+        } else {
+            ctx->Xi.u[1] ^= len0;
+        }
+
+        GCM_MUL(ctx);
+
+        if (is_endian.little)
+#ifdef BSWAP4
+            ctr = BSWAP4(ctx->Xi.d[3]);
+#else
+            ctr = GETU32(ctx->Xi.c + 12);
+#endif
+        else
+            ctr = ctx->Xi.d[3];
+
+        /* Copy borrowed Xi to Yi */
+        ctx->Yi.u[0] = ctx->Xi.u[0];
+        ctx->Yi.u[1] = ctx->Xi.u[1];
+    }
+
+    ctx->Xi.u[0] = 0;
+    ctx->Xi.u[1] = 0;
+
+    (*ctx->block) (ctx->Yi.c, ctx->EK0.c, ctx->key);
+    ++ctr;
+    if (is_endian.little)
+#ifdef BSWAP4
+        ctx->Yi.d[3] = BSWAP4(ctr);
+#else
+        PUTU32(ctx->Yi.c + 12, ctr);
+#endif
+    else
+        ctx->Yi.d[3] = ctr;
+}
+
+int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const unsigned char *aad,
+                      size_t len)
+{
+    size_t i;
+    unsigned int n;
+    u64 alen = ctx->len.u[0];
+#ifdef GCM_FUNCREF_4BIT
+    void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult;
+# ifdef GHASH
+    void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16],
+                         const u8 *inp, size_t len) = ctx->ghash;
+# endif
+#endif
+
+    if (ctx->len.u[1])
+        return -2;
+
+    alen += len;
+    if (alen > (U64(1) << 61) || (sizeof(len) == 8 && alen < len))
+        return -1;
+    ctx->len.u[0] = alen;
+
+    n = ctx->ares;
+    if (n) {
+        while (n && len) {
+            ctx->Xi.c[n] ^= *(aad++);
+            --len;
+            n = (n + 1) % 16;
+        }
+        if (n == 0)
+            GCM_MUL(ctx);
+        else {
+            ctx->ares = n;
+            return 0;
+        }
+    }
+#ifdef GHASH
+    if ((i = (len & (size_t)-16))) {
+        GHASH(ctx, aad, i);
+        aad += i;
+        len -= i;
+    }
+#else
+    while (len >= 16) {
+        for (i = 0; i < 16; ++i)
+            ctx->Xi.c[i] ^= aad[i];
+        GCM_MUL(ctx);
+        aad += 16;
+        len -= 16;
+    }
+#endif
+    if (len) {
+        n = (unsigned int)len;
+        for (i = 0; i < len; ++i)
+            ctx->Xi.c[i] ^= aad[i];
+    }
+
+    ctx->ares = n;
+    return 0;
+}
+
+int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
+                          const unsigned char *in, unsigned char *out,
+                          size_t len)
+{
+    const union {
+        long one;
+        char little;
+    } is_endian = { 1 };
+    unsigned int n, ctr, mres;
+    size_t i;
+    u64 mlen = ctx->len.u[1];
+    block128_f block = ctx->block;
+    void *key = ctx->key;
+#ifdef GCM_FUNCREF_4BIT
+    void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult;
+# if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
+    void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16],
+                         const u8 *inp, size_t len) = ctx->ghash;
+# endif
+#endif
+
+    mlen += len;
+    if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len))
+        return -1;
+    ctx->len.u[1] = mlen;
+
+    mres = ctx->mres;
+
+    if (ctx->ares) {
+        /* First call to encrypt finalizes GHASH(AAD) */
+#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
+        if (len == 0) {
+            GCM_MUL(ctx);
+            ctx->ares = 0;
+            return 0;
+        }
+        memcpy(ctx->Xn, ctx->Xi.c, sizeof(ctx->Xi));
+        ctx->Xi.u[0] = 0;
+        ctx->Xi.u[1] = 0;
+        mres = sizeof(ctx->Xi);
+#else
+        GCM_MUL(ctx);
+#endif
+        ctx->ares = 0;
+    }
+
+    if (is_endian.little)
+#ifdef BSWAP4
+        ctr = BSWAP4(ctx->Yi.d[3]);
+#else
+        ctr = GETU32(ctx->Yi.c + 12);
+#endif
+    else
+        ctr = ctx->Yi.d[3];
+
+    n = mres % 16;
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+    if (16 % sizeof(size_t) == 0) { /* always true actually */
+        do {
+            if (n) {
+# if defined(GHASH)
+                while (n && len) {
+                    ctx->Xn[mres++] = *(out++) = *(in++) ^ ctx->EKi.c[n];
+                    --len;
+                    n = (n + 1) % 16;
+                }
+                if (n == 0) {
+                    GHASH(ctx, ctx->Xn, mres);
+                    mres = 0;
+                } else {
+                    ctx->mres = mres;
+                    return 0;
+                }
+# else
+                while (n && len) {
+                    ctx->Xi.c[n] ^= *(out++) = *(in++) ^ ctx->EKi.c[n];
+                    --len;
+                    n = (n + 1) % 16;
+                }
+                if (n == 0) {
+                    GCM_MUL(ctx);
+                    mres = 0;
+                } else {
+                    ctx->mres = n;
+                    return 0;
+                }
+# endif
+            }
+# if defined(STRICT_ALIGNMENT)
+            if (((size_t)in | (size_t)out) % sizeof(size_t) != 0)
+                break;
+# endif
+# if defined(GHASH)
+            if (len >= 16 && mres) {
+                GHASH(ctx, ctx->Xn, mres);
+                mres = 0;
+            }
+#  if defined(GHASH_CHUNK)
+            while (len >= GHASH_CHUNK) {
+                size_t j = GHASH_CHUNK;
+
+                while (j) {
+                    size_t *out_t = (size_t *)out;
+                    const size_t *in_t = (const size_t *)in;
+
+                    (*block) (ctx->Yi.c, ctx->EKi.c, key);
+                    ++ctr;
+                    if (is_endian.little)
+#   ifdef BSWAP4
+                        ctx->Yi.d[3] = BSWAP4(ctr);
+#   else
+                        PUTU32(ctx->Yi.c + 12, ctr);
+#   endif
+                    else
+                        ctx->Yi.d[3] = ctr;
+                    for (i = 0; i < 16 / sizeof(size_t); ++i)
+                        out_t[i] = in_t[i] ^ ctx->EKi.t[i];
+                    out += 16;
+                    in += 16;
+                    j -= 16;
+                }
+                GHASH(ctx, out - GHASH_CHUNK, GHASH_CHUNK);
+                len -= GHASH_CHUNK;
+            }
+#  endif
+            if ((i = (len & (size_t)-16))) {
+                size_t j = i;
+
+                while (len >= 16) {
+                    size_t *out_t = (size_t *)out;
+                    const size_t *in_t = (const size_t *)in;
+
+                    (*block) (ctx->Yi.c, ctx->EKi.c, key);
+                    ++ctr;
+                    if (is_endian.little)
+#  ifdef BSWAP4
+                        ctx->Yi.d[3] = BSWAP4(ctr);
+#  else
+                        PUTU32(ctx->Yi.c + 12, ctr);
+#  endif
+                    else
+                        ctx->Yi.d[3] = ctr;
+                    for (i = 0; i < 16 / sizeof(size_t); ++i)
+                        out_t[i] = in_t[i] ^ ctx->EKi.t[i];
+                    out += 16;
+                    in += 16;
+                    len -= 16;
+                }
+                GHASH(ctx, out - j, j);
+            }
+# else
+            while (len >= 16) {
+                size_t *out_t = (size_t *)out;
+                const size_t *in_t = (const size_t *)in;
+
+                (*block) (ctx->Yi.c, ctx->EKi.c, key);
+                ++ctr;
+                if (is_endian.little)
+#  ifdef BSWAP4
+                    ctx->Yi.d[3] = BSWAP4(ctr);
+#  else
+                    PUTU32(ctx->Yi.c + 12, ctr);
+#  endif
+                else
+                    ctx->Yi.d[3] = ctr;
+                for (i = 0; i < 16 / sizeof(size_t); ++i)
+                    ctx->Xi.t[i] ^= out_t[i] = in_t[i] ^ ctx->EKi.t[i];
+                GCM_MUL(ctx);
+                out += 16;
+                in += 16;
+                len -= 16;
+            }
+# endif
+            if (len) {
+                (*block) (ctx->Yi.c, ctx->EKi.c, key);
+                ++ctr;
+                if (is_endian.little)
+# ifdef BSWAP4
+                    ctx->Yi.d[3] = BSWAP4(ctr);
+# else
+                    PUTU32(ctx->Yi.c + 12, ctr);
+# endif
+                else
+                    ctx->Yi.d[3] = ctr;
+# if defined(GHASH)
+                while (len--) {
+                    ctx->Xn[mres++] = out[n] = in[n] ^ ctx->EKi.c[n];
+                    ++n;
+                }
+# else
+                while (len--) {
+                    ctx->Xi.c[n] ^= out[n] = in[n] ^ ctx->EKi.c[n];
+                    ++n;
+                }
+                mres = n;
+# endif
+            }
+
+            ctx->mres = mres;
+            return 0;
+        } while (0);
+    }
+#endif
+    for (i = 0; i < len; ++i) {
+        if (n == 0) {
+            (*block) (ctx->Yi.c, ctx->EKi.c, key);
+            ++ctr;
+            if (is_endian.little)
+#ifdef BSWAP4
+                ctx->Yi.d[3] = BSWAP4(ctr);
+#else
+                PUTU32(ctx->Yi.c + 12, ctr);
+#endif
+            else
+                ctx->Yi.d[3] = ctr;
+        }
+#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
+        ctx->Xn[mres++] = out[i] = in[i] ^ ctx->EKi.c[n];
+        n = (n + 1) % 16;
+        if (mres == sizeof(ctx->Xn)) {
+            GHASH(ctx,ctx->Xn,sizeof(ctx->Xn));
+            mres = 0;
+        }
+#else
+        ctx->Xi.c[n] ^= out[i] = in[i] ^ ctx->EKi.c[n];
+        mres = n = (n + 1) % 16;
+        if (n == 0)
+            GCM_MUL(ctx);
+#endif
+    }
+
+    ctx->mres = mres;
+    return 0;
+}
+
+int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
+                          const unsigned char *in, unsigned char *out,
+                          size_t len)
+{
+    const union {
+        long one;
+        char little;
+    } is_endian = { 1 };
+    unsigned int n, ctr, mres;
+    size_t i;
+    u64 mlen = ctx->len.u[1];
+    block128_f block = ctx->block;
+    void *key = ctx->key;
+#ifdef GCM_FUNCREF_4BIT
+    void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult;
+# if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
+    void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16],
+                         const u8 *inp, size_t len) = ctx->ghash;
+# endif
+#endif
+
+    mlen += len;
+    if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len))
+        return -1;
+    ctx->len.u[1] = mlen;
+
+    mres = ctx->mres;
+
+    if (ctx->ares) {
+        /* First call to decrypt finalizes GHASH(AAD) */
+#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
+        if (len == 0) {
+            GCM_MUL(ctx);
+            ctx->ares = 0;
+            return 0;
+        }
+        memcpy(ctx->Xn, ctx->Xi.c, sizeof(ctx->Xi));
+        ctx->Xi.u[0] = 0;
+        ctx->Xi.u[1] = 0;
+        mres = sizeof(ctx->Xi);
+#else
+        GCM_MUL(ctx);
+#endif
+        ctx->ares = 0;
+    }
+
+    if (is_endian.little)
+#ifdef BSWAP4
+        ctr = BSWAP4(ctx->Yi.d[3]);
+#else
+        ctr = GETU32(ctx->Yi.c + 12);
+#endif
+    else
+        ctr = ctx->Yi.d[3];
+
+    n = mres % 16;
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+    if (16 % sizeof(size_t) == 0) { /* always true actually */
+        do {
+            if (n) {
+# if defined(GHASH)
+                while (n && len) {
+                    *(out++) = (ctx->Xn[mres++] = *(in++)) ^ ctx->EKi.c[n];
+                    --len;
+                    n = (n + 1) % 16;
+                }
+                if (n == 0) {
+                    GHASH(ctx, ctx->Xn, mres);
+                    mres = 0;
+                } else {
+                    ctx->mres = mres;
+                    return 0;
+                }
+# else
+                while (n && len) {
+                    u8 c = *(in++);
+                    *(out++) = c ^ ctx->EKi.c[n];
+                    ctx->Xi.c[n] ^= c;
+                    --len;
+                    n = (n + 1) % 16;
+                }
+                if (n == 0) {
+                    GCM_MUL(ctx);
+                    mres = 0;
+                } else {
+                    ctx->mres = n;
+                    return 0;
+                }
+# endif
+            }
+# if defined(STRICT_ALIGNMENT)
+            if (((size_t)in | (size_t)out) % sizeof(size_t) != 0)
+                break;
+# endif
+# if defined(GHASH)
+            if (len >= 16 && mres) {
+                GHASH(ctx, ctx->Xn, mres);
+                mres = 0;
+            }
+#  if defined(GHASH_CHUNK)
+            while (len >= GHASH_CHUNK) {
+                size_t j = GHASH_CHUNK;
+
+                GHASH(ctx, in, GHASH_CHUNK);
+                while (j) {
+                    size_t *out_t = (size_t *)out;
+                    const size_t *in_t = (const size_t *)in;
+
+                    (*block) (ctx->Yi.c, ctx->EKi.c, key);
+                    ++ctr;
+                    if (is_endian.little)
+#   ifdef BSWAP4
+                        ctx->Yi.d[3] = BSWAP4(ctr);
+#   else
+                        PUTU32(ctx->Yi.c + 12, ctr);
+#   endif
+                    else
+                        ctx->Yi.d[3] = ctr;
+                    for (i = 0; i < 16 / sizeof(size_t); ++i)
+                        out_t[i] = in_t[i] ^ ctx->EKi.t[i];
+                    out += 16;
+                    in += 16;
+                    j -= 16;
+                }
+                len -= GHASH_CHUNK;
+            }
+#  endif
+            if ((i = (len & (size_t)-16))) {
+                GHASH(ctx, in, i);
+                while (len >= 16) {
+                    size_t *out_t = (size_t *)out;
+                    const size_t *in_t = (const size_t *)in;
+
+                    (*block) (ctx->Yi.c, ctx->EKi.c, key);
+                    ++ctr;
+                    if (is_endian.little)
+#  ifdef BSWAP4
+                        ctx->Yi.d[3] = BSWAP4(ctr);
+#  else
+                        PUTU32(ctx->Yi.c + 12, ctr);
+#  endif
+                    else
+                        ctx->Yi.d[3] = ctr;
+                    for (i = 0; i < 16 / sizeof(size_t); ++i)
+                        out_t[i] = in_t[i] ^ ctx->EKi.t[i];
+                    out += 16;
+                    in += 16;
+                    len -= 16;
+                }
+            }
+# else
+            while (len >= 16) {
+                size_t *out_t = (size_t *)out;
+                const size_t *in_t = (const size_t *)in;
+
+                (*block) (ctx->Yi.c, ctx->EKi.c, key);
+                ++ctr;
+                if (is_endian.little)
+#  ifdef BSWAP4
+                    ctx->Yi.d[3] = BSWAP4(ctr);
+#  else
+                    PUTU32(ctx->Yi.c + 12, ctr);
+#  endif
+                else
+                    ctx->Yi.d[3] = ctr;
+                for (i = 0; i < 16 / sizeof(size_t); ++i) {
+                    size_t c = in[i];
+                    out[i] = c ^ ctx->EKi.t[i];
+                    ctx->Xi.t[i] ^= c;
+                }
+                GCM_MUL(ctx);
+                out += 16;
+                in += 16;
+                len -= 16;
+            }
+# endif
+            if (len) {
+                (*block) (ctx->Yi.c, ctx->EKi.c, key);
+                ++ctr;
+                if (is_endian.little)
+# ifdef BSWAP4
+                    ctx->Yi.d[3] = BSWAP4(ctr);
+# else
+                    PUTU32(ctx->Yi.c + 12, ctr);
+# endif
+                else
+                    ctx->Yi.d[3] = ctr;
+# if defined(GHASH)
+                while (len--) {
+                    out[n] = (ctx->Xn[mres++] = in[n]) ^ ctx->EKi.c[n];
+                    ++n;
+                }
+# else
+                while (len--) {
+                    u8 c = in[n];
+                    ctx->Xi.c[n] ^= c;
+                    out[n] = c ^ ctx->EKi.c[n];
+                    ++n;
+                }
+                mres = n;
+# endif
+            }
+
+            ctx->mres = mres;
+            return 0;
+        } while (0);
+    }
+#endif
+    for (i = 0; i < len; ++i) {
+        u8 c;
+        if (n == 0) {
+            (*block) (ctx->Yi.c, ctx->EKi.c, key);
+            ++ctr;
+            if (is_endian.little)
+#ifdef BSWAP4
+                ctx->Yi.d[3] = BSWAP4(ctr);
+#else
+                PUTU32(ctx->Yi.c + 12, ctr);
+#endif
+            else
+                ctx->Yi.d[3] = ctr;
+        }
+#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
+        out[i] = (ctx->Xn[mres++] = c = in[i]) ^ ctx->EKi.c[n];
+        n = (n + 1) % 16;
+        if (mres == sizeof(ctx->Xn)) {
+            GHASH(ctx,ctx->Xn,sizeof(ctx->Xn));
+            mres = 0;
+        }
+#else
+        c = in[i];
+        out[i] = c ^ ctx->EKi.c[n];
+        ctx->Xi.c[n] ^= c;
+        mres = n = (n + 1) % 16;
+        if (n == 0)
+            GCM_MUL(ctx);
+#endif
+    }
+
+    ctx->mres = mres;
+    return 0;
+}
+
+int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
+                                const unsigned char *in, unsigned char *out,
+                                size_t len, ctr128_f stream)
+{
+#if defined(OPENSSL_SMALL_FOOTPRINT)
+    return CRYPTO_gcm128_encrypt(ctx, in, out, len);
+#else
+    const union {
+        long one;
+        char little;
+    } is_endian = { 1 };
+    unsigned int n, ctr, mres;
+    size_t i;
+    u64 mlen = ctx->len.u[1];
+    void *key = ctx->key;
+# ifdef GCM_FUNCREF_4BIT
+    void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult;
+#  ifdef GHASH
+    void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16],
+                         const u8 *inp, size_t len) = ctx->ghash;
+#  endif
+# endif
+
+    mlen += len;
+    if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len))
+        return -1;
+    ctx->len.u[1] = mlen;
+
+    mres = ctx->mres;
+
+    if (ctx->ares) {
+        /* First call to encrypt finalizes GHASH(AAD) */
+#if defined(GHASH)
+        if (len == 0) {
+            GCM_MUL(ctx);
+            ctx->ares = 0;
+            return 0;
+        }
+        memcpy(ctx->Xn, ctx->Xi.c, sizeof(ctx->Xi));
+        ctx->Xi.u[0] = 0;
+        ctx->Xi.u[1] = 0;
+        mres = sizeof(ctx->Xi);
+#else
+        GCM_MUL(ctx);
+#endif
+        ctx->ares = 0;
+    }
+
+    if (is_endian.little)
+# ifdef BSWAP4
+        ctr = BSWAP4(ctx->Yi.d[3]);
+# else
+        ctr = GETU32(ctx->Yi.c + 12);
+# endif
+    else
+        ctr = ctx->Yi.d[3];
+
+    n = mres % 16;
+    if (n) {
+# if defined(GHASH)
+        while (n && len) {
+            ctx->Xn[mres++] = *(out++) = *(in++) ^ ctx->EKi.c[n];
+            --len;
+            n = (n + 1) % 16;
+        }
+        if (n == 0) {
+            GHASH(ctx, ctx->Xn, mres);
+            mres = 0;
+        } else {
+            ctx->mres = mres;
+            return 0;
+        }
+# else
+        while (n && len) {
+            ctx->Xi.c[n] ^= *(out++) = *(in++) ^ ctx->EKi.c[n];
+            --len;
+            n = (n + 1) % 16;
+        }
+        if (n == 0) {
+            GCM_MUL(ctx);
+            mres = 0;
+        } else {
+            ctx->mres = n;
+            return 0;
+        }
+# endif
+    }
+# if defined(GHASH)
+        if (len >= 16 && mres) {
+            GHASH(ctx, ctx->Xn, mres);
+            mres = 0;
+        }
+#  if defined(GHASH_CHUNK)
+    while (len >= GHASH_CHUNK) {
+        (*stream) (in, out, GHASH_CHUNK / 16, key, ctx->Yi.c);
+        ctr += GHASH_CHUNK / 16;
+        if (is_endian.little)
+#   ifdef BSWAP4
+            ctx->Yi.d[3] = BSWAP4(ctr);
+#   else
+            PUTU32(ctx->Yi.c + 12, ctr);
+#   endif
+        else
+            ctx->Yi.d[3] = ctr;
+        GHASH(ctx, out, GHASH_CHUNK);
+        out += GHASH_CHUNK;
+        in += GHASH_CHUNK;
+        len -= GHASH_CHUNK;
+    }
+#  endif
+# endif
+    if ((i = (len & (size_t)-16))) {
+        size_t j = i / 16;
+
+        (*stream) (in, out, j, key, ctx->Yi.c);
+        ctr += (unsigned int)j;
+        if (is_endian.little)
+# ifdef BSWAP4
+            ctx->Yi.d[3] = BSWAP4(ctr);
+# else
+            PUTU32(ctx->Yi.c + 12, ctr);
+# endif
+        else
+            ctx->Yi.d[3] = ctr;
+        in += i;
+        len -= i;
+# if defined(GHASH)
+        GHASH(ctx, out, i);
+        out += i;
+# else
+        while (j--) {
+            for (i = 0; i < 16; ++i)
+                ctx->Xi.c[i] ^= out[i];
+            GCM_MUL(ctx);
+            out += 16;
+        }
+# endif
+    }
+    if (len) {
+        (*ctx->block) (ctx->Yi.c, ctx->EKi.c, key);
+        ++ctr;
+        if (is_endian.little)
+# ifdef BSWAP4
+            ctx->Yi.d[3] = BSWAP4(ctr);
+# else
+            PUTU32(ctx->Yi.c + 12, ctr);
+# endif
+        else
+            ctx->Yi.d[3] = ctr;
+        while (len--) {
+# if defined(GHASH)
+            ctx->Xn[mres++] = out[n] = in[n] ^ ctx->EKi.c[n];
+# else
+            ctx->Xi.c[mres++] ^= out[n] = in[n] ^ ctx->EKi.c[n];
+# endif
+            ++n;
+        }
+    }
+
+    ctx->mres = mres;
+    return 0;
+#endif
+}
+
+int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
+                                const unsigned char *in, unsigned char *out,
+                                size_t len, ctr128_f stream)
+{
+#if defined(OPENSSL_SMALL_FOOTPRINT)
+    return CRYPTO_gcm128_decrypt(ctx, in, out, len);
+#else
+    const union {
+        long one;
+        char little;
+    } is_endian = { 1 };
+    unsigned int n, ctr, mres;
+    size_t i;
+    u64 mlen = ctx->len.u[1];
+    void *key = ctx->key;
+# ifdef GCM_FUNCREF_4BIT
+    void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult;
+#  ifdef GHASH
+    void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16],
+                         const u8 *inp, size_t len) = ctx->ghash;
+#  endif
+# endif
+
+    mlen += len;
+    if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len))
+        return -1;
+    ctx->len.u[1] = mlen;
+
+    mres = ctx->mres;
+
+    if (ctx->ares) {
+        /* First call to decrypt finalizes GHASH(AAD) */
+# if defined(GHASH)
+        if (len == 0) {
+            GCM_MUL(ctx);
+            ctx->ares = 0;
+            return 0;
+        }
+        memcpy(ctx->Xn, ctx->Xi.c, sizeof(ctx->Xi));
+        ctx->Xi.u[0] = 0;
+        ctx->Xi.u[1] = 0;
+        mres = sizeof(ctx->Xi);
+# else
+        GCM_MUL(ctx);
+# endif
+        ctx->ares = 0;
+    }
+
+    if (is_endian.little)
+# ifdef BSWAP4
+        ctr = BSWAP4(ctx->Yi.d[3]);
+# else
+        ctr = GETU32(ctx->Yi.c + 12);
+# endif
+    else
+        ctr = ctx->Yi.d[3];
+
+    n = mres % 16;
+    if (n) {
+# if defined(GHASH)
+        while (n && len) {
+            *(out++) = (ctx->Xn[mres++] = *(in++)) ^ ctx->EKi.c[n];
+            --len;
+            n = (n + 1) % 16;
+        }
+        if (n == 0) {
+            GHASH(ctx, ctx->Xn, mres);
+            mres = 0;
+        } else {
+            ctx->mres = mres;
+            return 0;
+        }
+# else
+        while (n && len) {
+            u8 c = *(in++);
+            *(out++) = c ^ ctx->EKi.c[n];
+            ctx->Xi.c[n] ^= c;
+            --len;
+            n = (n + 1) % 16;
+        }
+        if (n == 0) {
+            GCM_MUL(ctx);
+            mres = 0;
+        } else {
+            ctx->mres = n;
+            return 0;
+        }
+# endif
+    }
+# if defined(GHASH)
+    if (len >= 16 && mres) {
+        GHASH(ctx, ctx->Xn, mres);
+        mres = 0;
+    }
+#  if defined(GHASH_CHUNK)
+    while (len >= GHASH_CHUNK) {
+        GHASH(ctx, in, GHASH_CHUNK);
+        (*stream) (in, out, GHASH_CHUNK / 16, key, ctx->Yi.c);
+        ctr += GHASH_CHUNK / 16;
+        if (is_endian.little)
+#   ifdef BSWAP4
+            ctx->Yi.d[3] = BSWAP4(ctr);
+#   else
+            PUTU32(ctx->Yi.c + 12, ctr);
+#   endif
+        else
+            ctx->Yi.d[3] = ctr;
+        out += GHASH_CHUNK;
+        in += GHASH_CHUNK;
+        len -= GHASH_CHUNK;
+    }
+#  endif
+# endif
+    if ((i = (len & (size_t)-16))) {
+        size_t j = i / 16;
+
+# if defined(GHASH)
+        GHASH(ctx, in, i);
+# else
+        while (j--) {
+            size_t k;
+            for (k = 0; k < 16; ++k)
+                ctx->Xi.c[k] ^= in[k];
+            GCM_MUL(ctx);
+            in += 16;
+        }
+        j = i / 16;
+        in -= i;
+# endif
+        (*stream) (in, out, j, key, ctx->Yi.c);
+        ctr += (unsigned int)j;
+        if (is_endian.little)
+# ifdef BSWAP4
+            ctx->Yi.d[3] = BSWAP4(ctr);
+# else
+            PUTU32(ctx->Yi.c + 12, ctr);
+# endif
+        else
+            ctx->Yi.d[3] = ctr;
+        out += i;
+        in += i;
+        len -= i;
+    }
+    if (len) {
+        (*ctx->block) (ctx->Yi.c, ctx->EKi.c, key);
+        ++ctr;
+        if (is_endian.little)
+# ifdef BSWAP4
+            ctx->Yi.d[3] = BSWAP4(ctr);
+# else
+            PUTU32(ctx->Yi.c + 12, ctr);
+# endif
+        else
+            ctx->Yi.d[3] = ctr;
+        while (len--) {
+# if defined(GHASH)
+            out[n] = (ctx->Xn[mres++] = in[n]) ^ ctx->EKi.c[n];
+# else
+            u8 c = in[n];
+            ctx->Xi.c[mres++] ^= c;
+            out[n] = c ^ ctx->EKi.c[n];
+# endif
+            ++n;
+        }
+    }
+
+    ctx->mres = mres;
+    return 0;
+#endif
+}
+
+int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag,
+                         size_t len)
+{
+    const union {
+        long one;
+        char little;
+    } is_endian = { 1 };
+    u64 alen = ctx->len.u[0] << 3;
+    u64 clen = ctx->len.u[1] << 3;
+#ifdef GCM_FUNCREF_4BIT
+    void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult;
+# if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
+    void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16],
+                         const u8 *inp, size_t len) = ctx->ghash;
+# endif
+#endif
+
+#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
+    u128 bitlen;
+    unsigned int mres = ctx->mres;
+
+    if (mres) {
+        unsigned blocks = (mres + 15) & -16;
+
+        memset(ctx->Xn + mres, 0, blocks - mres);
+        mres = blocks;
+        if (mres == sizeof(ctx->Xn)) {
+            GHASH(ctx, ctx->Xn, mres);
+            mres = 0;
+        }
+    } else if (ctx->ares) {
+        GCM_MUL(ctx);
+    }
+#else
+    if (ctx->mres || ctx->ares)
+        GCM_MUL(ctx);
+#endif
+
+    if (is_endian.little) {
+#ifdef BSWAP8
+        alen = BSWAP8(alen);
+        clen = BSWAP8(clen);
+#else
+        u8 *p = ctx->len.c;
+
+        ctx->len.u[0] = alen;
+        ctx->len.u[1] = clen;
+
+        alen = (u64)GETU32(p) << 32 | GETU32(p + 4);
+        clen = (u64)GETU32(p + 8) << 32 | GETU32(p + 12);
+#endif
+    }
+
+#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
+    bitlen.hi = alen;
+    bitlen.lo = clen;
+    memcpy(ctx->Xn + mres, &bitlen, sizeof(bitlen));
+    mres += sizeof(bitlen);
+    GHASH(ctx, ctx->Xn, mres);
+#else
+    ctx->Xi.u[0] ^= alen;
+    ctx->Xi.u[1] ^= clen;
+    GCM_MUL(ctx);
+#endif
+
+    ctx->Xi.u[0] ^= ctx->EK0.u[0];
+    ctx->Xi.u[1] ^= ctx->EK0.u[1];
+
+    if (tag && len <= sizeof(ctx->Xi))
+        return CRYPTO_memcmp(ctx->Xi.c, tag, len);
+    else
+        return -1;
+}
+
+void CRYPTO_gcm128_tag(GCM128_CONTEXT *ctx, unsigned char *tag, size_t len)
+{
+    CRYPTO_gcm128_finish(ctx, NULL, 0);
+    memcpy(tag, ctx->Xi.c,
+           len <= sizeof(ctx->Xi.c) ? len : sizeof(ctx->Xi.c));
+}
+
+GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block)
+{
+    GCM128_CONTEXT *ret;
+
+    if ((ret = OPENSSL_malloc(sizeof(*ret))) != NULL)
+        CRYPTO_gcm128_init(ret, key, block);
+
+    return ret;
+}
+
+void CRYPTO_gcm128_release(GCM128_CONTEXT *ctx)
+{
+    OPENSSL_clear_free(ctx, sizeof(*ctx));
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/modes_lcl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/modes_lcl.h
new file mode 100644
index 000000000..f2ae01d11
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/modes_lcl.h
@@ -0,0 +1,190 @@
+/*
+ * Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/modes.h>
+
+#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
+typedef __int64 i64;
+typedef unsigned __int64 u64;
+# define U64(C) C##UI64
+#elif defined(__arch64__)
+typedef long i64;
+typedef unsigned long u64;
+# define U64(C) C##UL
+#else
+typedef long long i64;
+typedef unsigned long long u64;
+# define U64(C) C##ULL
+#endif
+
+typedef unsigned int u32;
+typedef unsigned char u8;
+
+#define STRICT_ALIGNMENT 1
+#ifndef PEDANTIC
+# if defined(__i386)    || defined(__i386__)    || \
+     defined(__x86_64)  || defined(__x86_64__)  || \
+     defined(_M_IX86)   || defined(_M_AMD64)    || defined(_M_X64) || \
+     defined(__aarch64__)                       || \
+     defined(__s390__)  || defined(__s390x__)
+#  undef STRICT_ALIGNMENT
+# endif
+#endif
+
+#if !defined(PEDANTIC) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+# if defined(__GNUC__) && __GNUC__>=2
+#  if defined(__x86_64) || defined(__x86_64__)
+#   define BSWAP8(x) ({ u64 ret_=(x);                   \
+                        asm ("bswapq %0"                \
+                        : "+r"(ret_));   ret_;          })
+#   define BSWAP4(x) ({ u32 ret_=(x);                   \
+                        asm ("bswapl %0"                \
+                        : "+r"(ret_));   ret_;          })
+#  elif (defined(__i386) || defined(__i386__)) && !defined(I386_ONLY)
+#   define BSWAP8(x) ({ u32 lo_=(u64)(x)>>32,hi_=(x);   \
+                        asm ("bswapl %0; bswapl %1"     \
+                        : "+r"(hi_),"+r"(lo_));         \
+                        (u64)hi_<<32|lo_;               })
+#   define BSWAP4(x) ({ u32 ret_=(x);                   \
+                        asm ("bswapl %0"                \
+                        : "+r"(ret_));   ret_;          })
+#  elif defined(__aarch64__)
+#   define BSWAP8(x) ({ u64 ret_;                       \
+                        asm ("rev %0,%1"                \
+                        : "=r"(ret_) : "r"(x)); ret_;   })
+#   define BSWAP4(x) ({ u32 ret_;                       \
+                        asm ("rev %w0,%w1"              \
+                        : "=r"(ret_) : "r"(x)); ret_;   })
+#  elif (defined(__arm__) || defined(__arm)) && !defined(STRICT_ALIGNMENT)
+#   define BSWAP8(x) ({ u32 lo_=(u64)(x)>>32,hi_=(x);   \
+                        asm ("rev %0,%0; rev %1,%1"     \
+                        : "+r"(hi_),"+r"(lo_));         \
+                        (u64)hi_<<32|lo_;               })
+#   define BSWAP4(x) ({ u32 ret_;                       \
+                        asm ("rev %0,%1"                \
+                        : "=r"(ret_) : "r"((u32)(x)));  \
+                        ret_;                           })
+#  endif
+# elif defined(_MSC_VER)
+#  if _MSC_VER>=1300
+#   include <stdlib.h>
+#   pragma intrinsic(_byteswap_uint64,_byteswap_ulong)
+#   define BSWAP8(x)    _byteswap_uint64((u64)(x))
+#   define BSWAP4(x)    _byteswap_ulong((u32)(x))
+#  elif defined(_M_IX86)
+__inline u32 _bswap4(u32 val)
+{
+_asm mov eax, val _asm bswap eax}
+#   define BSWAP4(x)    _bswap4(x)
+#  endif
+# endif
+#endif
+#if defined(BSWAP4) && !defined(STRICT_ALIGNMENT)
+# define GETU32(p)       BSWAP4(*(const u32 *)(p))
+# define PUTU32(p,v)     *(u32 *)(p) = BSWAP4(v)
+#else
+# define GETU32(p)       ((u32)(p)[0]<<24|(u32)(p)[1]<<16|(u32)(p)[2]<<8|(u32)(p)[3])
+# define PUTU32(p,v)     ((p)[0]=(u8)((v)>>24),(p)[1]=(u8)((v)>>16),(p)[2]=(u8)((v)>>8),(p)[3]=(u8)(v))
+#endif
+/*- GCM definitions */ typedef struct {
+    u64 hi, lo;
+} u128;
+
+#ifdef  TABLE_BITS
+# undef  TABLE_BITS
+#endif
+/*
+ * Even though permitted values for TABLE_BITS are 8, 4 and 1, it should
+ * never be set to 8 [or 1]. For further information see gcm128.c.
+ */
+#define TABLE_BITS 4
+
+struct gcm128_context {
+    /* Following 6 names follow names in GCM specification */
+    union {
+        u64 u[2];
+        u32 d[4];
+        u8 c[16];
+        size_t t[16 / sizeof(size_t)];
+    } Yi, EKi, EK0, len, Xi, H;
+    /*
+     * Relative position of Xi, H and pre-computed Htable is used in some
+     * assembler modules, i.e. don't change the order!
+     */
+#if TABLE_BITS==8
+    u128 Htable[256];
+#else
+    u128 Htable[16];
+    void (*gmult) (u64 Xi[2], const u128 Htable[16]);
+    void (*ghash) (u64 Xi[2], const u128 Htable[16], const u8 *inp,
+                   size_t len);
+#endif
+    unsigned int mres, ares;
+    block128_f block;
+    void *key;
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+    unsigned char Xn[48];
+#endif
+};
+
+struct xts128_context {
+    void *key1, *key2;
+    block128_f block1, block2;
+};
+
+struct ccm128_context {
+    union {
+        u64 u[2];
+        u8 c[16];
+    } nonce, cmac;
+    u64 blocks;
+    block128_f block;
+    void *key;
+};
+
+#ifndef OPENSSL_NO_OCB
+
+typedef union {
+    u64 a[2];
+    unsigned char c[16];
+} OCB_BLOCK;
+# define ocb_block16_xor(in1,in2,out) \
+    ( (out)->a[0]=(in1)->a[0]^(in2)->a[0], \
+      (out)->a[1]=(in1)->a[1]^(in2)->a[1] )
+# if STRICT_ALIGNMENT
+#  define ocb_block16_xor_misaligned(in1,in2,out) \
+    ocb_block_xor((in1)->c,(in2)->c,16,(out)->c)
+# else
+#  define ocb_block16_xor_misaligned ocb_block16_xor
+# endif
+
+struct ocb128_context {
+    /* Need both encrypt and decrypt key schedules for decryption */
+    block128_f encrypt;
+    block128_f decrypt;
+    void *keyenc;
+    void *keydec;
+    ocb128_f stream;    /* direction dependent */
+    /* Key dependent variables. Can be reused if key remains the same */
+    size_t l_index;
+    size_t max_l_index;
+    OCB_BLOCK l_star;
+    OCB_BLOCK l_dollar;
+    OCB_BLOCK *l;
+    /* Must be reset for each session */
+    struct {
+        u64 blocks_hashed;
+        u64 blocks_processed;
+        OCB_BLOCK offset_aad;
+        OCB_BLOCK sum;
+        OCB_BLOCK offset;
+        OCB_BLOCK checksum;
+    } sess;
+};
+#endif                          /* OPENSSL_NO_OCB */
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/ocb128.c b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/ocb128.c
new file mode 100644
index 000000000..713b9aaf1
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/ocb128.c
@@ -0,0 +1,562 @@
+/*
+ * Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include "modes_lcl.h"
+
+#ifndef OPENSSL_NO_OCB
+
+/*
+ * Calculate the number of binary trailing zero's in any given number
+ */
+static u32 ocb_ntz(u64 n)
+{
+    u32 cnt = 0;
+
+    /*
+     * We do a right-to-left simple sequential search. This is surprisingly
+     * efficient as the distribution of trailing zeros is not uniform,
+     * e.g. the number of possible inputs with no trailing zeros is equal to
+     * the number with 1 or more; the number with exactly 1 is equal to the
+     * number with 2 or more, etc. Checking the last two bits covers 75% of
+     * all numbers. Checking the last three covers 87.5%
+     */
+    while (!(n & 1)) {
+        n >>= 1;
+        cnt++;
+    }
+    return cnt;
+}
+
+/*
+ * Shift a block of 16 bytes left by shift bits
+ */
+static void ocb_block_lshift(const unsigned char *in, size_t shift,
+                             unsigned char *out)
+{
+    int i;
+    unsigned char carry = 0, carry_next;
+
+    for (i = 15; i >= 0; i--) {
+        carry_next = in[i] >> (8 - shift);
+        out[i] = (in[i] << shift) | carry;
+        carry = carry_next;
+    }
+}
+
+/*
+ * Perform a "double" operation as per OCB spec
+ */
+static void ocb_double(OCB_BLOCK *in, OCB_BLOCK *out)
+{
+    unsigned char mask;
+
+    /*
+     * Calculate the mask based on the most significant bit. There are more
+     * efficient ways to do this - but this way is constant time
+     */
+    mask = in->c[0] & 0x80;
+    mask >>= 7;
+    mask = (0 - mask) & 0x87;
+
+    ocb_block_lshift(in->c, 1, out->c);
+
+    out->c[15] ^= mask;
+}
+
+/*
+ * Perform an xor on in1 and in2 - each of len bytes. Store result in out
+ */
+static void ocb_block_xor(const unsigned char *in1,
+                          const unsigned char *in2, size_t len,
+                          unsigned char *out)
+{
+    size_t i;
+    for (i = 0; i < len; i++) {
+        out[i] = in1[i] ^ in2[i];
+    }
+}
+
+/*
+ * Lookup L_index in our lookup table. If we haven't already got it we need to
+ * calculate it
+ */
+static OCB_BLOCK *ocb_lookup_l(OCB128_CONTEXT *ctx, size_t idx)
+{
+    size_t l_index = ctx->l_index;
+
+    if (idx <= l_index) {
+        return ctx->l + idx;
+    }
+
+    /* We don't have it - so calculate it */
+    if (idx >= ctx->max_l_index) {
+        void *tmp_ptr;
+        /*
+         * Each additional entry allows to process almost double as
+         * much data, so that in linear world the table will need to
+         * be expanded with smaller and smaller increments. Originally
+         * it was doubling in size, which was a waste. Growing it
+         * linearly is not formally optimal, but is simpler to implement.
+         * We grow table by minimally required 4*n that would accommodate
+         * the index.
+         */
+        ctx->max_l_index += (idx - ctx->max_l_index + 4) & ~3;
+        tmp_ptr = OPENSSL_realloc(ctx->l, ctx->max_l_index * sizeof(OCB_BLOCK));
+        if (tmp_ptr == NULL) /* prevent ctx->l from being clobbered */
+            return NULL;
+        ctx->l = tmp_ptr;
+    }
+    while (l_index < idx) {
+        ocb_double(ctx->l + l_index, ctx->l + l_index + 1);
+        l_index++;
+    }
+    ctx->l_index = l_index;
+
+    return ctx->l + idx;
+}
+
+/*
+ * Create a new OCB128_CONTEXT
+ */
+OCB128_CONTEXT *CRYPTO_ocb128_new(void *keyenc, void *keydec,
+                                  block128_f encrypt, block128_f decrypt,
+                                  ocb128_f stream)
+{
+    OCB128_CONTEXT *octx;
+    int ret;
+
+    if ((octx = OPENSSL_malloc(sizeof(*octx))) != NULL) {
+        ret = CRYPTO_ocb128_init(octx, keyenc, keydec, encrypt, decrypt,
+                                 stream);
+        if (ret)
+            return octx;
+        OPENSSL_free(octx);
+    }
+
+    return NULL;
+}
+
+/*
+ * Initialise an existing OCB128_CONTEXT
+ */
+int CRYPTO_ocb128_init(OCB128_CONTEXT *ctx, void *keyenc, void *keydec,
+                       block128_f encrypt, block128_f decrypt,
+                       ocb128_f stream)
+{
+    memset(ctx, 0, sizeof(*ctx));
+    ctx->l_index = 0;
+    ctx->max_l_index = 5;
+    if ((ctx->l = OPENSSL_malloc(ctx->max_l_index * 16)) == NULL) {
+        CRYPTOerr(CRYPTO_F_CRYPTO_OCB128_INIT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    /*
+     * We set both the encryption and decryption key schedules - decryption
+     * needs both. Don't really need decryption schedule if only doing
+     * encryption - but it simplifies things to take it anyway
+     */
+    ctx->encrypt = encrypt;
+    ctx->decrypt = decrypt;
+    ctx->stream = stream;
+    ctx->keyenc = keyenc;
+    ctx->keydec = keydec;
+
+    /* L_* = ENCIPHER(K, zeros(128)) */
+    ctx->encrypt(ctx->l_star.c, ctx->l_star.c, ctx->keyenc);
+
+    /* L_$ = double(L_*) */
+    ocb_double(&ctx->l_star, &ctx->l_dollar);
+
+    /* L_0 = double(L_$) */
+    ocb_double(&ctx->l_dollar, ctx->l);
+
+    /* L_{i} = double(L_{i-1}) */
+    ocb_double(ctx->l, ctx->l+1);
+    ocb_double(ctx->l+1, ctx->l+2);
+    ocb_double(ctx->l+2, ctx->l+3);
+    ocb_double(ctx->l+3, ctx->l+4);
+    ctx->l_index = 4;   /* enough to process up to 496 bytes */
+
+    return 1;
+}
+
+/*
+ * Copy an OCB128_CONTEXT object
+ */
+int CRYPTO_ocb128_copy_ctx(OCB128_CONTEXT *dest, OCB128_CONTEXT *src,
+                           void *keyenc, void *keydec)
+{
+    memcpy(dest, src, sizeof(OCB128_CONTEXT));
+    if (keyenc)
+        dest->keyenc = keyenc;
+    if (keydec)
+        dest->keydec = keydec;
+    if (src->l) {
+        if ((dest->l = OPENSSL_malloc(src->max_l_index * 16)) == NULL) {
+            CRYPTOerr(CRYPTO_F_CRYPTO_OCB128_COPY_CTX, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        memcpy(dest->l, src->l, (src->l_index + 1) * 16);
+    }
+    return 1;
+}
+
+/*
+ * Set the IV to be used for this operation. Must be 1 - 15 bytes.
+ */
+int CRYPTO_ocb128_setiv(OCB128_CONTEXT *ctx, const unsigned char *iv,
+                        size_t len, size_t taglen)
+{
+    unsigned char ktop[16], tmp[16], mask;
+    unsigned char stretch[24], nonce[16];
+    size_t bottom, shift;
+
+    /*
+     * Spec says IV is 120 bits or fewer - it allows non byte aligned lengths.
+     * We don't support this at this stage
+     */
+    if ((len > 15) || (len < 1) || (taglen > 16) || (taglen < 1)) {
+        return -1;
+    }
+
+    /* Reset nonce-dependent variables */
+    memset(&ctx->sess, 0, sizeof(ctx->sess));
+
+    /* Nonce = num2str(TAGLEN mod 128,7) || zeros(120-bitlen(N)) || 1 || N */
+    nonce[0] = ((taglen * 8) % 128) << 1;
+    memset(nonce + 1, 0, 15);
+    memcpy(nonce + 16 - len, iv, len);
+    nonce[15 - len] |= 1;
+
+    /* Ktop = ENCIPHER(K, Nonce[1..122] || zeros(6)) */
+    memcpy(tmp, nonce, 16);
+    tmp[15] &= 0xc0;
+    ctx->encrypt(tmp, ktop, ctx->keyenc);
+
+    /* Stretch = Ktop || (Ktop[1..64] xor Ktop[9..72]) */
+    memcpy(stretch, ktop, 16);
+    ocb_block_xor(ktop, ktop + 1, 8, stretch + 16);
+
+    /* bottom = str2num(Nonce[123..128]) */
+    bottom = nonce[15] & 0x3f;
+
+    /* Offset_0 = Stretch[1+bottom..128+bottom] */
+    shift = bottom % 8;
+    ocb_block_lshift(stretch + (bottom / 8), shift, ctx->sess.offset.c);
+    mask = 0xff;
+    mask <<= 8 - shift;
+    ctx->sess.offset.c[15] |=
+        (*(stretch + (bottom / 8) + 16) & mask) >> (8 - shift);
+
+    return 1;
+}
+
+/*
+ * Provide any AAD. This can be called multiple times. Only the final time can
+ * have a partial block
+ */
+int CRYPTO_ocb128_aad(OCB128_CONTEXT *ctx, const unsigned char *aad,
+                      size_t len)
+{
+    u64 i, all_num_blocks;
+    size_t num_blocks, last_len;
+    OCB_BLOCK tmp;
+
+    /* Calculate the number of blocks of AAD provided now, and so far */
+    num_blocks = len / 16;
+    all_num_blocks = num_blocks + ctx->sess.blocks_hashed;
+
+    /* Loop through all full blocks of AAD */
+    for (i = ctx->sess.blocks_hashed + 1; i <= all_num_blocks; i++) {
+        OCB_BLOCK *lookup;
+
+        /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */
+        lookup = ocb_lookup_l(ctx, ocb_ntz(i));
+        if (lookup == NULL)
+            return 0;
+        ocb_block16_xor(&ctx->sess.offset_aad, lookup, &ctx->sess.offset_aad);
+
+        memcpy(tmp.c, aad, 16);
+        aad += 16;
+
+        /* Sum_i = Sum_{i-1} xor ENCIPHER(K, A_i xor Offset_i) */
+        ocb_block16_xor(&ctx->sess.offset_aad, &tmp, &tmp);
+        ctx->encrypt(tmp.c, tmp.c, ctx->keyenc);
+        ocb_block16_xor(&tmp, &ctx->sess.sum, &ctx->sess.sum);
+    }
+
+    /*
+     * Check if we have any partial blocks left over. This is only valid in the
+     * last call to this function
+     */
+    last_len = len % 16;
+
+    if (last_len > 0) {
+        /* Offset_* = Offset_m xor L_* */
+        ocb_block16_xor(&ctx->sess.offset_aad, &ctx->l_star,
+                        &ctx->sess.offset_aad);
+
+        /* CipherInput = (A_* || 1 || zeros(127-bitlen(A_*))) xor Offset_* */
+        memset(tmp.c, 0, 16);
+        memcpy(tmp.c, aad, last_len);
+        tmp.c[last_len] = 0x80;
+        ocb_block16_xor(&ctx->sess.offset_aad, &tmp, &tmp);
+
+        /* Sum = Sum_m xor ENCIPHER(K, CipherInput) */
+        ctx->encrypt(tmp.c, tmp.c, ctx->keyenc);
+        ocb_block16_xor(&tmp, &ctx->sess.sum, &ctx->sess.sum);
+    }
+
+    ctx->sess.blocks_hashed = all_num_blocks;
+
+    return 1;
+}
+
+/*
+ * Provide any data to be encrypted. This can be called multiple times. Only
+ * the final time can have a partial block
+ */
+int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx,
+                          const unsigned char *in, unsigned char *out,
+                          size_t len)
+{
+    u64 i, all_num_blocks;
+    size_t num_blocks, last_len;
+
+    /*
+     * Calculate the number of blocks of data to be encrypted provided now, and
+     * so far
+     */
+    num_blocks = len / 16;
+    all_num_blocks = num_blocks + ctx->sess.blocks_processed;
+
+    if (num_blocks && all_num_blocks == (size_t)all_num_blocks
+        && ctx->stream != NULL) {
+        size_t max_idx = 0, top = (size_t)all_num_blocks;
+
+        /*
+         * See how many L_{i} entries we need to process data at hand
+         * and pre-compute missing entries in the table [if any]...
+         */
+        while (top >>= 1)
+            max_idx++;
+        if (ocb_lookup_l(ctx, max_idx) == NULL)
+            return 0;
+
+        ctx->stream(in, out, num_blocks, ctx->keyenc,
+                    (size_t)ctx->sess.blocks_processed + 1, ctx->sess.offset.c,
+                    (const unsigned char (*)[16])ctx->l, ctx->sess.checksum.c);
+    } else {
+        /* Loop through all full blocks to be encrypted */
+        for (i = ctx->sess.blocks_processed + 1; i <= all_num_blocks; i++) {
+            OCB_BLOCK *lookup;
+            OCB_BLOCK tmp;
+
+            /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */
+            lookup = ocb_lookup_l(ctx, ocb_ntz(i));
+            if (lookup == NULL)
+                return 0;
+            ocb_block16_xor(&ctx->sess.offset, lookup, &ctx->sess.offset);
+
+            memcpy(tmp.c, in, 16);
+            in += 16;
+
+            /* Checksum_i = Checksum_{i-1} xor P_i */
+            ocb_block16_xor(&tmp, &ctx->sess.checksum, &ctx->sess.checksum);
+
+            /* C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i) */
+            ocb_block16_xor(&ctx->sess.offset, &tmp, &tmp);
+            ctx->encrypt(tmp.c, tmp.c, ctx->keyenc);
+            ocb_block16_xor(&ctx->sess.offset, &tmp, &tmp);
+
+            memcpy(out, tmp.c, 16);
+            out += 16;
+        }
+    }
+
+    /*
+     * Check if we have any partial blocks left over. This is only valid in the
+     * last call to this function
+     */
+    last_len = len % 16;
+
+    if (last_len > 0) {
+        OCB_BLOCK pad;
+
+        /* Offset_* = Offset_m xor L_* */
+        ocb_block16_xor(&ctx->sess.offset, &ctx->l_star, &ctx->sess.offset);
+
+        /* Pad = ENCIPHER(K, Offset_*) */
+        ctx->encrypt(ctx->sess.offset.c, pad.c, ctx->keyenc);
+
+        /* C_* = P_* xor Pad[1..bitlen(P_*)] */
+        ocb_block_xor(in, pad.c, last_len, out);
+
+        /* Checksum_* = Checksum_m xor (P_* || 1 || zeros(127-bitlen(P_*))) */
+        memset(pad.c, 0, 16);           /* borrow pad */
+        memcpy(pad.c, in, last_len);
+        pad.c[last_len] = 0x80;
+        ocb_block16_xor(&pad, &ctx->sess.checksum, &ctx->sess.checksum);
+    }
+
+    ctx->sess.blocks_processed = all_num_blocks;
+
+    return 1;
+}
+
+/*
+ * Provide any data to be decrypted. This can be called multiple times. Only
+ * the final time can have a partial block
+ */
+int CRYPTO_ocb128_decrypt(OCB128_CONTEXT *ctx,
+                          const unsigned char *in, unsigned char *out,
+                          size_t len)
+{
+    u64 i, all_num_blocks;
+    size_t num_blocks, last_len;
+
+    /*
+     * Calculate the number of blocks of data to be decrypted provided now, and
+     * so far
+     */
+    num_blocks = len / 16;
+    all_num_blocks = num_blocks + ctx->sess.blocks_processed;
+
+    if (num_blocks && all_num_blocks == (size_t)all_num_blocks
+        && ctx->stream != NULL) {
+        size_t max_idx = 0, top = (size_t)all_num_blocks;
+
+        /*
+         * See how many L_{i} entries we need to process data at hand
+         * and pre-compute missing entries in the table [if any]...
+         */
+        while (top >>= 1)
+            max_idx++;
+        if (ocb_lookup_l(ctx, max_idx) == NULL)
+            return 0;
+
+        ctx->stream(in, out, num_blocks, ctx->keydec,
+                    (size_t)ctx->sess.blocks_processed + 1, ctx->sess.offset.c,
+                    (const unsigned char (*)[16])ctx->l, ctx->sess.checksum.c);
+    } else {
+        OCB_BLOCK tmp;
+
+        /* Loop through all full blocks to be decrypted */
+        for (i = ctx->sess.blocks_processed + 1; i <= all_num_blocks; i++) {
+
+            /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */
+            OCB_BLOCK *lookup = ocb_lookup_l(ctx, ocb_ntz(i));
+            if (lookup == NULL)
+                return 0;
+            ocb_block16_xor(&ctx->sess.offset, lookup, &ctx->sess.offset);
+
+            memcpy(tmp.c, in, 16);
+            in += 16;
+
+            /* P_i = Offset_i xor DECIPHER(K, C_i xor Offset_i) */
+            ocb_block16_xor(&ctx->sess.offset, &tmp, &tmp);
+            ctx->decrypt(tmp.c, tmp.c, ctx->keydec);
+            ocb_block16_xor(&ctx->sess.offset, &tmp, &tmp);
+
+            /* Checksum_i = Checksum_{i-1} xor P_i */
+            ocb_block16_xor(&tmp, &ctx->sess.checksum, &ctx->sess.checksum);
+
+            memcpy(out, tmp.c, 16);
+            out += 16;
+        }
+    }
+
+    /*
+     * Check if we have any partial blocks left over. This is only valid in the
+     * last call to this function
+     */
+    last_len = len % 16;
+
+    if (last_len > 0) {
+        OCB_BLOCK pad;
+
+        /* Offset_* = Offset_m xor L_* */
+        ocb_block16_xor(&ctx->sess.offset, &ctx->l_star, &ctx->sess.offset);
+
+        /* Pad = ENCIPHER(K, Offset_*) */
+        ctx->encrypt(ctx->sess.offset.c, pad.c, ctx->keyenc);
+
+        /* P_* = C_* xor Pad[1..bitlen(C_*)] */
+        ocb_block_xor(in, pad.c, last_len, out);
+
+        /* Checksum_* = Checksum_m xor (P_* || 1 || zeros(127-bitlen(P_*))) */
+        memset(pad.c, 0, 16);           /* borrow pad */
+        memcpy(pad.c, out, last_len);
+        pad.c[last_len] = 0x80;
+        ocb_block16_xor(&pad, &ctx->sess.checksum, &ctx->sess.checksum);
+    }
+
+    ctx->sess.blocks_processed = all_num_blocks;
+
+    return 1;
+}
+
+static int ocb_finish(OCB128_CONTEXT *ctx, unsigned char *tag, size_t len,
+                      int write)
+{
+    OCB_BLOCK tmp;
+
+    if (len > 16 || len < 1) {
+        return -1;
+    }
+
+    /*
+     * Tag = ENCIPHER(K, Checksum_* xor Offset_* xor L_$) xor HASH(K,A)
+     */
+    ocb_block16_xor(&ctx->sess.checksum, &ctx->sess.offset, &tmp);
+    ocb_block16_xor(&ctx->l_dollar, &tmp, &tmp);
+    ctx->encrypt(tmp.c, tmp.c, ctx->keyenc);
+    ocb_block16_xor(&tmp, &ctx->sess.sum, &tmp);
+
+    if (write) {
+        memcpy(tag, &tmp, len);
+        return 1;
+    } else {
+        return CRYPTO_memcmp(&tmp, tag, len);
+    }
+}
+
+/*
+ * Calculate the tag and verify it against the supplied tag
+ */
+int CRYPTO_ocb128_finish(OCB128_CONTEXT *ctx, const unsigned char *tag,
+                         size_t len)
+{
+    return ocb_finish(ctx, (unsigned char*)tag, len, 0);
+}
+
+/*
+ * Retrieve the calculated tag
+ */
+int CRYPTO_ocb128_tag(OCB128_CONTEXT *ctx, unsigned char *tag, size_t len)
+{
+    return ocb_finish(ctx, tag, len, 1);
+}
+
+/*
+ * Release all resources
+ */
+void CRYPTO_ocb128_cleanup(OCB128_CONTEXT *ctx)
+{
+    if (ctx) {
+        OPENSSL_clear_free(ctx->l, ctx->max_l_index * 16);
+        OPENSSL_cleanse(ctx, sizeof(*ctx));
+    }
+}
+
+#endif                          /* OPENSSL_NO_OCB */
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/ofb128.c b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/ofb128.c
new file mode 100644
index 000000000..83092564c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/ofb128.c
@@ -0,0 +1,74 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include "modes_lcl.h"
+#include <string.h>
+
+/*
+ * The input and output encrypted as though 128bit ofb mode is being used.
+ * The extra state information to record how much of the 128bit block we have
+ * used is contained in *num;
+ */
+void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const void *key,
+                           unsigned char ivec[16], int *num, block128_f block)
+{
+    unsigned int n;
+    size_t l = 0;
+
+    n = *num;
+
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+    if (16 % sizeof(size_t) == 0) { /* always true actually */
+        do {
+            while (n && len) {
+                *(out++) = *(in++) ^ ivec[n];
+                --len;
+                n = (n + 1) % 16;
+            }
+# if defined(STRICT_ALIGNMENT)
+            if (((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) !=
+                0)
+                break;
+# endif
+            while (len >= 16) {
+                (*block) (ivec, ivec, key);
+                for (; n < 16; n += sizeof(size_t))
+                    *(size_t *)(out + n) =
+                        *(size_t *)(in + n) ^ *(size_t *)(ivec + n);
+                len -= 16;
+                out += 16;
+                in += 16;
+                n = 0;
+            }
+            if (len) {
+                (*block) (ivec, ivec, key);
+                while (len--) {
+                    out[n] = in[n] ^ ivec[n];
+                    ++n;
+                }
+            }
+            *num = n;
+            return;
+        } while (0);
+    }
+    /* the rest would be commonly eliminated by x86* compiler */
+#endif
+    while (l < len) {
+        if (n == 0) {
+            (*block) (ivec, ivec, key);
+        }
+        out[l] = in[l] ^ ivec[n];
+        ++l;
+        n = (n + 1) % 16;
+    }
+
+    *num = n;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/wrap128.c b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/wrap128.c
new file mode 100644
index 000000000..d7e56cc26
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/wrap128.c
@@ -0,0 +1,331 @@
+/*
+ * Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/**  Beware!
+ *
+ *  Following wrapping modes were designed for AES but this implementation
+ *  allows you to use them for any 128 bit block cipher.
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/modes.h>
+
+/** RFC 3394 section 2.2.3.1 Default Initial Value */
+static const unsigned char default_iv[] = {
+    0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6,
+};
+
+/** RFC 5649 section 3 Alternative Initial Value 32-bit constant */
+static const unsigned char default_aiv[] = {
+    0xA6, 0x59, 0x59, 0xA6
+};
+
+/** Input size limit: lower than maximum of standards but far larger than
+ *  anything that will be used in practice.
+ */
+#define CRYPTO128_WRAP_MAX (1UL << 31)
+
+/** Wrapping according to RFC 3394 section 2.2.1.
+ *
+ *  @param[in]  key    Key value.
+ *  @param[in]  iv     IV value. Length = 8 bytes. NULL = use default_iv.
+ *  @param[in]  in     Plaintext as n 64-bit blocks, n >= 2.
+ *  @param[in]  inlen  Length of in.
+ *  @param[out] out    Ciphertext. Minimal buffer length = (inlen + 8) bytes.
+ *                     Input and output buffers can overlap if block function
+ *                     supports that.
+ *  @param[in]  block  Block processing function.
+ *  @return            0 if inlen does not consist of n 64-bit blocks, n >= 2.
+ *                     or if inlen > CRYPTO128_WRAP_MAX.
+ *                     Output length if wrapping succeeded.
+ */
+size_t CRYPTO_128_wrap(void *key, const unsigned char *iv,
+                       unsigned char *out,
+                       const unsigned char *in, size_t inlen,
+                       block128_f block)
+{
+    unsigned char *A, B[16], *R;
+    size_t i, j, t;
+    if ((inlen & 0x7) || (inlen < 16) || (inlen > CRYPTO128_WRAP_MAX))
+        return 0;
+    A = B;
+    t = 1;
+    memmove(out + 8, in, inlen);
+    if (!iv)
+        iv = default_iv;
+
+    memcpy(A, iv, 8);
+
+    for (j = 0; j < 6; j++) {
+        R = out + 8;
+        for (i = 0; i < inlen; i += 8, t++, R += 8) {
+            memcpy(B + 8, R, 8);
+            block(B, B, key);
+            A[7] ^= (unsigned char)(t & 0xff);
+            if (t > 0xff) {
+                A[6] ^= (unsigned char)((t >> 8) & 0xff);
+                A[5] ^= (unsigned char)((t >> 16) & 0xff);
+                A[4] ^= (unsigned char)((t >> 24) & 0xff);
+            }
+            memcpy(R, B + 8, 8);
+        }
+    }
+    memcpy(out, A, 8);
+    return inlen + 8;
+}
+
+/** Unwrapping according to RFC 3394 section 2.2.2 steps 1-2.
+ *  The IV check (step 3) is responsibility of the caller.
+ *
+ *  @param[in]  key    Key value.
+ *  @param[out] iv     Unchecked IV value. Minimal buffer length = 8 bytes.
+ *  @param[out] out    Plaintext without IV.
+ *                     Minimal buffer length = (inlen - 8) bytes.
+ *                     Input and output buffers can overlap if block function
+ *                     supports that.
+ *  @param[in]  in     Ciphertext as n 64-bit blocks.
+ *  @param[in]  inlen  Length of in.
+ *  @param[in]  block  Block processing function.
+ *  @return            0 if inlen is out of range [24, CRYPTO128_WRAP_MAX]
+ *                     or if inlen is not a multiple of 8.
+ *                     Output length otherwise.
+ */
+static size_t crypto_128_unwrap_raw(void *key, unsigned char *iv,
+                                    unsigned char *out,
+                                    const unsigned char *in, size_t inlen,
+                                    block128_f block)
+{
+    unsigned char *A, B[16], *R;
+    size_t i, j, t;
+    inlen -= 8;
+    if ((inlen & 0x7) || (inlen < 16) || (inlen > CRYPTO128_WRAP_MAX))
+        return 0;
+    A = B;
+    t = 6 * (inlen >> 3);
+    memcpy(A, in, 8);
+    memmove(out, in + 8, inlen);
+    for (j = 0; j < 6; j++) {
+        R = out + inlen - 8;
+        for (i = 0; i < inlen; i += 8, t--, R -= 8) {
+            A[7] ^= (unsigned char)(t & 0xff);
+            if (t > 0xff) {
+                A[6] ^= (unsigned char)((t >> 8) & 0xff);
+                A[5] ^= (unsigned char)((t >> 16) & 0xff);
+                A[4] ^= (unsigned char)((t >> 24) & 0xff);
+            }
+            memcpy(B + 8, R, 8);
+            block(B, B, key);
+            memcpy(R, B + 8, 8);
+        }
+    }
+    memcpy(iv, A, 8);
+    return inlen;
+}
+
+/** Unwrapping according to RFC 3394 section 2.2.2, including the IV check.
+ *  The first block of plaintext has to match the supplied IV, otherwise an
+ *  error is returned.
+ *
+ *  @param[in]  key    Key value.
+ *  @param[out] iv     IV value to match against. Length = 8 bytes.
+ *                     NULL = use default_iv.
+ *  @param[out] out    Plaintext without IV.
+ *                     Minimal buffer length = (inlen - 8) bytes.
+ *                     Input and output buffers can overlap if block function
+ *                     supports that.
+ *  @param[in]  in     Ciphertext as n 64-bit blocks.
+ *  @param[in]  inlen  Length of in.
+ *  @param[in]  block  Block processing function.
+ *  @return            0 if inlen is out of range [24, CRYPTO128_WRAP_MAX]
+ *                     or if inlen is not a multiple of 8
+ *                     or if IV doesn't match expected value.
+ *                     Output length otherwise.
+ */
+size_t CRYPTO_128_unwrap(void *key, const unsigned char *iv,
+                         unsigned char *out, const unsigned char *in,
+                         size_t inlen, block128_f block)
+{
+    size_t ret;
+    unsigned char got_iv[8];
+
+    ret = crypto_128_unwrap_raw(key, got_iv, out, in, inlen, block);
+    if (ret == 0)
+        return 0;
+
+    if (!iv)
+        iv = default_iv;
+    if (CRYPTO_memcmp(got_iv, iv, 8)) {
+        OPENSSL_cleanse(out, ret);
+        return 0;
+    }
+    return ret;
+}
+
+/** Wrapping according to RFC 5649 section 4.1.
+ *
+ *  @param[in]  key    Key value.
+ *  @param[in]  icv    (Non-standard) IV, 4 bytes. NULL = use default_aiv.
+ *  @param[out] out    Ciphertext. Minimal buffer length = (inlen + 15) bytes.
+ *                     Input and output buffers can overlap if block function
+ *                     supports that.
+ *  @param[in]  in     Plaintext as n 64-bit blocks, n >= 2.
+ *  @param[in]  inlen  Length of in.
+ *  @param[in]  block  Block processing function.
+ *  @return            0 if inlen is out of range [1, CRYPTO128_WRAP_MAX].
+ *                     Output length if wrapping succeeded.
+ */
+size_t CRYPTO_128_wrap_pad(void *key, const unsigned char *icv,
+                           unsigned char *out,
+                           const unsigned char *in, size_t inlen,
+                           block128_f block)
+{
+    /* n: number of 64-bit blocks in the padded key data
+     *
+     * If length of plain text is not a multiple of 8, pad the plain text octet
+     * string on the right with octets of zeros, where final length is the
+     * smallest multiple of 8 that is greater than length of plain text.
+     * If length of plain text is a multiple of 8, then there is no padding. */
+    const size_t blocks_padded = (inlen + 7) / 8; /* CEILING(m/8) */
+    const size_t padded_len = blocks_padded * 8;
+    const size_t padding_len = padded_len - inlen;
+    /* RFC 5649 section 3: Alternative Initial Value */
+    unsigned char aiv[8];
+    int ret;
+
+    /* Section 1: use 32-bit fixed field for plaintext octet length */
+    if (inlen == 0 || inlen >= CRYPTO128_WRAP_MAX)
+        return 0;
+
+    /* Section 3: Alternative Initial Value */
+    if (!icv)
+        memcpy(aiv, default_aiv, 4);
+    else
+        memcpy(aiv, icv, 4);    /* Standard doesn't mention this. */
+
+    aiv[4] = (inlen >> 24) & 0xFF;
+    aiv[5] = (inlen >> 16) & 0xFF;
+    aiv[6] = (inlen >> 8) & 0xFF;
+    aiv[7] = inlen & 0xFF;
+
+    if (padded_len == 8) {
+        /*
+         * Section 4.1 - special case in step 2: If the padded plaintext
+         * contains exactly eight octets, then prepend the AIV and encrypt
+         * the resulting 128-bit block using AES in ECB mode.
+         */
+        memmove(out + 8, in, inlen);
+        memcpy(out, aiv, 8);
+        memset(out + 8 + inlen, 0, padding_len);
+        block(out, out, key);
+        ret = 16;               /* AIV + padded input */
+    } else {
+        memmove(out, in, inlen);
+        memset(out + inlen, 0, padding_len); /* Section 4.1 step 1 */
+        ret = CRYPTO_128_wrap(key, aiv, out, out, padded_len, block);
+    }
+
+    return ret;
+}
+
+/** Unwrapping according to RFC 5649 section 4.2.
+ *
+ *  @param[in]  key    Key value.
+ *  @param[in]  icv    (Non-standard) IV, 4 bytes. NULL = use default_aiv.
+ *  @param[out] out    Plaintext. Minimal buffer length = (inlen - 8) bytes.
+ *                     Input and output buffers can overlap if block function
+ *                     supports that.
+ *  @param[in]  in     Ciphertext as n 64-bit blocks.
+ *  @param[in]  inlen  Length of in.
+ *  @param[in]  block  Block processing function.
+ *  @return            0 if inlen is out of range [16, CRYPTO128_WRAP_MAX],
+ *                     or if inlen is not a multiple of 8
+ *                     or if IV and message length indicator doesn't match.
+ *                     Output length if unwrapping succeeded and IV matches.
+ */
+size_t CRYPTO_128_unwrap_pad(void *key, const unsigned char *icv,
+                             unsigned char *out,
+                             const unsigned char *in, size_t inlen,
+                             block128_f block)
+{
+    /* n: number of 64-bit blocks in the padded key data */
+    size_t n = inlen / 8 - 1;
+    size_t padded_len;
+    size_t padding_len;
+    size_t ptext_len;
+    /* RFC 5649 section 3: Alternative Initial Value */
+    unsigned char aiv[8];
+    static unsigned char zeros[8] = { 0x0 };
+    size_t ret;
+
+    /* Section 4.2: Ciphertext length has to be (n+1) 64-bit blocks. */
+    if ((inlen & 0x7) != 0 || inlen < 16 || inlen >= CRYPTO128_WRAP_MAX)
+        return 0;
+
+    if (inlen == 16) {
+        /*
+         * Section 4.2 - special case in step 1: When n=1, the ciphertext
+         * contains exactly two 64-bit blocks and they are decrypted as a
+         * single AES block using AES in ECB mode: AIV | P[1] = DEC(K, C[0] |
+         * C[1])
+         */
+        unsigned char buff[16];
+
+        block(in, buff, key);
+        memcpy(aiv, buff, 8);
+        /* Remove AIV */
+        memcpy(out, buff + 8, 8);
+        padded_len = 8;
+        OPENSSL_cleanse(buff, inlen);
+    } else {
+        padded_len = inlen - 8;
+        ret = crypto_128_unwrap_raw(key, aiv, out, in, inlen, block);
+        if (padded_len != ret) {
+            OPENSSL_cleanse(out, inlen);
+            return 0;
+        }
+    }
+
+    /*
+     * Section 3: AIV checks: Check that MSB(32,A) = A65959A6. Optionally a
+     * user-supplied value can be used (even if standard doesn't mention
+     * this).
+     */
+    if ((!icv && CRYPTO_memcmp(aiv, default_aiv, 4))
+        || (icv && CRYPTO_memcmp(aiv, icv, 4))) {
+        OPENSSL_cleanse(out, inlen);
+        return 0;
+    }
+
+    /*
+     * Check that 8*(n-1) < LSB(32,AIV) <= 8*n. If so, let ptext_len =
+     * LSB(32,AIV).
+     */
+
+    ptext_len =   ((unsigned int)aiv[4] << 24)
+                | ((unsigned int)aiv[5] << 16)
+                | ((unsigned int)aiv[6] <<  8)
+                |  (unsigned int)aiv[7];
+    if (8 * (n - 1) >= ptext_len || ptext_len > 8 * n) {
+        OPENSSL_cleanse(out, inlen);
+        return 0;
+    }
+
+    /*
+     * Check that the rightmost padding_len octets of the output data are
+     * zero.
+     */
+    padding_len = padded_len - ptext_len;
+    if (CRYPTO_memcmp(out + ptext_len, zeros, padding_len) != 0) {
+        OPENSSL_cleanse(out, inlen);
+        return 0;
+    }
+
+    /* Section 4.2 step 3: Remove padding */
+    return ptext_len;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/xts128.c b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/xts128.c
new file mode 100644
index 000000000..81b1eacd5
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/xts128.c
@@ -0,0 +1,157 @@
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include "modes_lcl.h"
+#include <string.h>
+
+int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx,
+                          const unsigned char iv[16],
+                          const unsigned char *inp, unsigned char *out,
+                          size_t len, int enc)
+{
+    const union {
+        long one;
+        char little;
+    } is_endian = {
+        1
+    };
+    union {
+        u64 u[2];
+        u32 d[4];
+        u8 c[16];
+    } tweak, scratch;
+    unsigned int i;
+
+    if (len < 16)
+        return -1;
+
+    memcpy(tweak.c, iv, 16);
+
+    (*ctx->block2) (tweak.c, tweak.c, ctx->key2);
+
+    if (!enc && (len % 16))
+        len -= 16;
+
+    while (len >= 16) {
+#if defined(STRICT_ALIGNMENT)
+        memcpy(scratch.c, inp, 16);
+        scratch.u[0] ^= tweak.u[0];
+        scratch.u[1] ^= tweak.u[1];
+#else
+        scratch.u[0] = ((u64 *)inp)[0] ^ tweak.u[0];
+        scratch.u[1] = ((u64 *)inp)[1] ^ tweak.u[1];
+#endif
+        (*ctx->block1) (scratch.c, scratch.c, ctx->key1);
+#if defined(STRICT_ALIGNMENT)
+        scratch.u[0] ^= tweak.u[0];
+        scratch.u[1] ^= tweak.u[1];
+        memcpy(out, scratch.c, 16);
+#else
+        ((u64 *)out)[0] = scratch.u[0] ^= tweak.u[0];
+        ((u64 *)out)[1] = scratch.u[1] ^= tweak.u[1];
+#endif
+        inp += 16;
+        out += 16;
+        len -= 16;
+
+        if (len == 0)
+            return 0;
+
+        if (is_endian.little) {
+            unsigned int carry, res;
+
+            res = 0x87 & (((int)tweak.d[3]) >> 31);
+            carry = (unsigned int)(tweak.u[0] >> 63);
+            tweak.u[0] = (tweak.u[0] << 1) ^ res;
+            tweak.u[1] = (tweak.u[1] << 1) | carry;
+        } else {
+            size_t c;
+
+            for (c = 0, i = 0; i < 16; ++i) {
+                /*
+                 * + substitutes for |, because c is 1 bit
+                 */
+                c += ((size_t)tweak.c[i]) << 1;
+                tweak.c[i] = (u8)c;
+                c = c >> 8;
+            }
+            tweak.c[0] ^= (u8)(0x87 & (0 - c));
+        }
+    }
+    if (enc) {
+        for (i = 0; i < len; ++i) {
+            u8 c = inp[i];
+            out[i] = scratch.c[i];
+            scratch.c[i] = c;
+        }
+        scratch.u[0] ^= tweak.u[0];
+        scratch.u[1] ^= tweak.u[1];
+        (*ctx->block1) (scratch.c, scratch.c, ctx->key1);
+        scratch.u[0] ^= tweak.u[0];
+        scratch.u[1] ^= tweak.u[1];
+        memcpy(out - 16, scratch.c, 16);
+    } else {
+        union {
+            u64 u[2];
+            u8 c[16];
+        } tweak1;
+
+        if (is_endian.little) {
+            unsigned int carry, res;
+
+            res = 0x87 & (((int)tweak.d[3]) >> 31);
+            carry = (unsigned int)(tweak.u[0] >> 63);
+            tweak1.u[0] = (tweak.u[0] << 1) ^ res;
+            tweak1.u[1] = (tweak.u[1] << 1) | carry;
+        } else {
+            size_t c;
+
+            for (c = 0, i = 0; i < 16; ++i) {
+                /*
+                 * + substitutes for |, because c is 1 bit
+                 */
+                c += ((size_t)tweak.c[i]) << 1;
+                tweak1.c[i] = (u8)c;
+                c = c >> 8;
+            }
+            tweak1.c[0] ^= (u8)(0x87 & (0 - c));
+        }
+#if defined(STRICT_ALIGNMENT)
+        memcpy(scratch.c, inp, 16);
+        scratch.u[0] ^= tweak1.u[0];
+        scratch.u[1] ^= tweak1.u[1];
+#else
+        scratch.u[0] = ((u64 *)inp)[0] ^ tweak1.u[0];
+        scratch.u[1] = ((u64 *)inp)[1] ^ tweak1.u[1];
+#endif
+        (*ctx->block1) (scratch.c, scratch.c, ctx->key1);
+        scratch.u[0] ^= tweak1.u[0];
+        scratch.u[1] ^= tweak1.u[1];
+
+        for (i = 0; i < len; ++i) {
+            u8 c = inp[16 + i];
+            out[16 + i] = scratch.c[i];
+            scratch.c[i] = c;
+        }
+        scratch.u[0] ^= tweak.u[0];
+        scratch.u[1] ^= tweak.u[1];
+        (*ctx->block1) (scratch.c, scratch.c, ctx->key1);
+#if defined(STRICT_ALIGNMENT)
+        scratch.u[0] ^= tweak.u[0];
+        scratch.u[1] ^= tweak.u[1];
+        memcpy(out, scratch.c, 16);
+#else
+        ((u64 *)out)[0] = scratch.u[0] ^ tweak.u[0];
+        ((u64 *)out)[1] = scratch.u[1] ^ tweak.u[1];
+#endif
+    }
+
+    return 0;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/o_dir.c b/trunk/3rdparty/openssl-1.1-fit/crypto/o_dir.c
new file mode 100644
index 000000000..fca9c75e0
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/o_dir.c
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include <errno.h>
+
+/*
+ * The routines really come from the Levitte Programming, so to make life
+ * simple, let's just use the raw files and hack the symbols to fit our
+ * namespace.
+ */
+#define LP_DIR_CTX OPENSSL_DIR_CTX
+#define LP_dir_context_st OPENSSL_dir_context_st
+#define LP_find_file OPENSSL_DIR_read
+#define LP_find_file_end OPENSSL_DIR_end
+
+#include "internal/o_dir.h"
+
+#define LPDIR_H
+#if defined OPENSSL_SYS_UNIX || defined DJGPP \
+    || (defined __VMS_VER && __VMS_VER >= 70000000)
+# include "LPdir_unix.c"
+#elif defined OPENSSL_SYS_VMS
+# include "LPdir_vms.c"
+#elif defined OPENSSL_SYS_WIN32
+# include "LPdir_win32.c"
+#elif defined OPENSSL_SYS_WINCE
+# include "LPdir_wince.c"
+#else
+# include "LPdir_nyi.c"
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/o_fips.c b/trunk/3rdparty/openssl-1.1-fit/crypto/o_fips.c
new file mode 100644
index 000000000..050ea9c21
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/o_fips.c
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+
+int FIPS_mode(void)
+{
+    /* This version of the library does not support FIPS mode. */
+    return 0;
+}
+
+int FIPS_mode_set(int r)
+{
+    if (r == 0)
+        return 1;
+    CRYPTOerr(CRYPTO_F_FIPS_MODE_SET, CRYPTO_R_FIPS_MODE_NOT_SUPPORTED);
+    return 0;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/o_fopen.c b/trunk/3rdparty/openssl-1.1-fit/crypto/o_fopen.c
new file mode 100644
index 000000000..7d51ad725
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/o_fopen.c
@@ -0,0 +1,126 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+# if defined(__linux) || defined(__sun) || defined(__hpux)
+/*
+ * Following definition aliases fopen to fopen64 on above mentioned
+ * platforms. This makes it possible to open and sequentially access files
+ * larger than 2GB from 32-bit application. It does not allow to traverse
+ * them beyond 2GB with fseek/ftell, but on the other hand *no* 32-bit
+ * platform permits that, not with fseek/ftell. Not to mention that breaking
+ * 2GB limit for seeking would require surgery to *our* API. But sequential
+ * access suffices for practical cases when you can run into large files,
+ * such as fingerprinting, so we can let API alone. For reference, the list
+ * of 32-bit platforms which allow for sequential access of large files
+ * without extra "magic" comprise *BSD, Darwin, IRIX...
+ */
+#  ifndef _FILE_OFFSET_BITS
+#   define _FILE_OFFSET_BITS 64
+#  endif
+# endif
+
+#include "e_os.h"
+#include "internal/cryptlib.h"
+
+#if !defined(OPENSSL_NO_STDIO)
+
+# include <stdio.h>
+# ifdef __DJGPP__
+#  include <unistd.h>
+# endif
+
+FILE *openssl_fopen(const char *filename, const char *mode)
+{
+    FILE *file = NULL;
+# if defined(_WIN32) && defined(CP_UTF8)
+    int sz, len_0 = (int)strlen(filename) + 1;
+    DWORD flags;
+
+    /*
+     * Basically there are three cases to cover: a) filename is
+     * pure ASCII string; b) actual UTF-8 encoded string and
+     * c) locale-ized string, i.e. one containing 8-bit
+     * characters that are meaningful in current system locale.
+     * If filename is pure ASCII or real UTF-8 encoded string,
+     * MultiByteToWideChar succeeds and _wfopen works. If
+     * filename is locale-ized string, chances are that
+     * MultiByteToWideChar fails reporting
+     * ERROR_NO_UNICODE_TRANSLATION, in which case we fall
+     * back to fopen...
+     */
+    if ((sz = MultiByteToWideChar(CP_UTF8, (flags = MB_ERR_INVALID_CHARS),
+                                  filename, len_0, NULL, 0)) > 0 ||
+        (GetLastError() == ERROR_INVALID_FLAGS &&
+         (sz = MultiByteToWideChar(CP_UTF8, (flags = 0),
+                                   filename, len_0, NULL, 0)) > 0)
+        ) {
+        WCHAR wmode[8];
+        WCHAR *wfilename = _alloca(sz * sizeof(WCHAR));
+
+        if (MultiByteToWideChar(CP_UTF8, flags,
+                                filename, len_0, wfilename, sz) &&
+            MultiByteToWideChar(CP_UTF8, 0, mode, strlen(mode) + 1,
+                                wmode, OSSL_NELEM(wmode)) &&
+            (file = _wfopen(wfilename, wmode)) == NULL &&
+            (errno == ENOENT || errno == EBADF)
+            ) {
+            /*
+             * UTF-8 decode succeeded, but no file, filename
+             * could still have been locale-ized...
+             */
+            file = fopen(filename, mode);
+        }
+    } else if (GetLastError() == ERROR_NO_UNICODE_TRANSLATION) {
+        file = fopen(filename, mode);
+    }
+# elif defined(__DJGPP__)
+    {
+        char *newname = NULL;
+
+        if (pathconf(filename, _PC_NAME_MAX) <= 12) {  /* 8.3 file system? */
+            char *iterator;
+            char lastchar;
+
+            if ((newname = OPENSSL_malloc(strlen(filename) + 1)) == NULL) {
+                CRYPTOerr(CRYPTO_F_OPENSSL_FOPEN, ERR_R_MALLOC_FAILURE);
+                return NULL;
+            }
+
+            for (iterator = newname, lastchar = '\0';
+                *filename; filename++, iterator++) {
+                if (lastchar == '/' && filename[0] == '.'
+                    && filename[1] != '.' && filename[1] != '/') {
+                    /* Leading dots are not permitted in plain DOS. */
+                    *iterator = '_';
+                } else {
+                    *iterator = *filename;
+                }
+                lastchar = *filename;
+            }
+            *iterator = '\0';
+            filename = newname;
+        }
+        file = fopen(filename, mode);
+
+        OPENSSL_free(newname);
+    }
+# else
+    file = fopen(filename, mode);
+# endif
+    return file;
+}
+
+#else
+
+void *openssl_fopen(const char *filename, const char *mode)
+{
+    return NULL;
+}
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/o_init.c b/trunk/3rdparty/openssl-1.1-fit/crypto/o_init.c
new file mode 100644
index 000000000..ed6b1303d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/o_init.c
@@ -0,0 +1,21 @@
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include <openssl/err.h>
+
+/*
+ * Perform any essential OpenSSL initialization operations. Currently does
+ * nothing.
+ */
+
+void OPENSSL_init(void)
+{
+    return;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/o_str.c b/trunk/3rdparty/openssl-1.1-fit/crypto/o_str.c
new file mode 100644
index 000000000..a8357691a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/o_str.c
@@ -0,0 +1,248 @@
+/*
+ * Copyright 2003-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include <limits.h>
+#include <openssl/crypto.h>
+#include "internal/cryptlib.h"
+#include "internal/o_str.h"
+
+int OPENSSL_memcmp(const void *v1, const void *v2, size_t n)
+{
+    const unsigned char *c1 = v1, *c2 = v2;
+    int ret = 0;
+
+    while (n && (ret = *c1 - *c2) == 0)
+        n--, c1++, c2++;
+
+    return ret;
+}
+
+char *CRYPTO_strdup(const char *str, const char* file, int line)
+{
+    char *ret;
+
+    if (str == NULL)
+        return NULL;
+    ret = CRYPTO_malloc(strlen(str) + 1, file, line);
+    if (ret != NULL)
+        strcpy(ret, str);
+    return ret;
+}
+
+char *CRYPTO_strndup(const char *str, size_t s, const char* file, int line)
+{
+    size_t maxlen;
+    char *ret;
+
+    if (str == NULL)
+        return NULL;
+
+    maxlen = OPENSSL_strnlen(str, s);
+
+    ret = CRYPTO_malloc(maxlen + 1, file, line);
+    if (ret) {
+        memcpy(ret, str, maxlen);
+        ret[maxlen] = '\0';
+    }
+    return ret;
+}
+
+void *CRYPTO_memdup(const void *data, size_t siz, const char* file, int line)
+{
+    void *ret;
+
+    if (data == NULL || siz >= INT_MAX)
+        return NULL;
+
+    ret = CRYPTO_malloc(siz, file, line);
+    if (ret == NULL) {
+        CRYPTOerr(CRYPTO_F_CRYPTO_MEMDUP, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    return memcpy(ret, data, siz);
+}
+
+size_t OPENSSL_strnlen(const char *str, size_t maxlen)
+{
+    const char *p;
+
+    for (p = str; maxlen-- != 0 && *p != '\0'; ++p) ;
+
+    return p - str;
+}
+
+size_t OPENSSL_strlcpy(char *dst, const char *src, size_t size)
+{
+    size_t l = 0;
+    for (; size > 1 && *src; size--) {
+        *dst++ = *src++;
+        l++;
+    }
+    if (size)
+        *dst = '\0';
+    return l + strlen(src);
+}
+
+size_t OPENSSL_strlcat(char *dst, const char *src, size_t size)
+{
+    size_t l = 0;
+    for (; size > 0 && *dst; size--, dst++)
+        l++;
+    return l + OPENSSL_strlcpy(dst, src, size);
+}
+
+int OPENSSL_hexchar2int(unsigned char c)
+{
+#ifdef CHARSET_EBCDIC
+    c = os_toebcdic[c];
+#endif
+
+    switch (c) {
+    case '0':
+        return 0;
+    case '1':
+        return 1;
+    case '2':
+        return 2;
+    case '3':
+        return 3;
+    case '4':
+          return 4;
+    case '5':
+          return 5;
+    case '6':
+          return 6;
+    case '7':
+          return 7;
+    case '8':
+          return 8;
+    case '9':
+          return 9;
+    case 'a': case 'A':
+          return 0x0A;
+    case 'b': case 'B':
+          return 0x0B;
+    case 'c': case 'C':
+          return 0x0C;
+    case 'd': case 'D':
+          return 0x0D;
+    case 'e': case 'E':
+          return 0x0E;
+    case 'f': case 'F':
+          return 0x0F;
+    }
+    return -1;
+}
+
+/*
+ * Give a string of hex digits convert to a buffer
+ */
+unsigned char *OPENSSL_hexstr2buf(const char *str, long *len)
+{
+    unsigned char *hexbuf, *q;
+    unsigned char ch, cl;
+    int chi, cli;
+    const unsigned char *p;
+    size_t s;
+
+    s = strlen(str);
+    if ((hexbuf = OPENSSL_malloc(s >> 1)) == NULL) {
+        CRYPTOerr(CRYPTO_F_OPENSSL_HEXSTR2BUF, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    for (p = (const unsigned char *)str, q = hexbuf; *p; ) {
+        ch = *p++;
+        if (ch == ':')
+            continue;
+        cl = *p++;
+        if (!cl) {
+            CRYPTOerr(CRYPTO_F_OPENSSL_HEXSTR2BUF,
+                      CRYPTO_R_ODD_NUMBER_OF_DIGITS);
+            OPENSSL_free(hexbuf);
+            return NULL;
+        }
+        cli = OPENSSL_hexchar2int(cl);
+        chi = OPENSSL_hexchar2int(ch);
+        if (cli < 0 || chi < 0) {
+            OPENSSL_free(hexbuf);
+            CRYPTOerr(CRYPTO_F_OPENSSL_HEXSTR2BUF, CRYPTO_R_ILLEGAL_HEX_DIGIT);
+            return NULL;
+        }
+        *q++ = (unsigned char)((chi << 4) | cli);
+    }
+
+    if (len)
+        *len = q - hexbuf;
+    return hexbuf;
+}
+
+/*
+ * Given a buffer of length 'len' return a OPENSSL_malloc'ed string with its
+ * hex representation @@@ (Contents of buffer are always kept in ASCII, also
+ * on EBCDIC machines)
+ */
+char *OPENSSL_buf2hexstr(const unsigned char *buffer, long len)
+{
+    static const char hexdig[] = "0123456789ABCDEF";
+    char *tmp, *q;
+    const unsigned char *p;
+    int i;
+
+    if (len == 0)
+    {
+        return OPENSSL_zalloc(1);
+    }
+
+    if ((tmp = OPENSSL_malloc(len * 3)) == NULL) {
+        CRYPTOerr(CRYPTO_F_OPENSSL_BUF2HEXSTR, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    q = tmp;
+    for (i = 0, p = buffer; i < len; i++, p++) {
+        *q++ = hexdig[(*p >> 4) & 0xf];
+        *q++ = hexdig[*p & 0xf];
+        *q++ = ':';
+    }
+    q[-1] = 0;
+#ifdef CHARSET_EBCDIC
+    ebcdic2ascii(tmp, tmp, q - tmp - 1);
+#endif
+
+    return tmp;
+}
+
+int openssl_strerror_r(int errnum, char *buf, size_t buflen)
+{
+#if defined(_MSC_VER) && _MSC_VER>=1400
+    return !strerror_s(buf, buflen, errnum);
+#elif defined(_GNU_SOURCE)
+    return strerror_r(errnum, buf, buflen) != NULL;
+#elif (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L) || \
+      (defined(_XOPEN_SOURCE) && _XOPEN_SOURCE >= 600)
+    /*
+     * We can use "real" strerror_r. The OpenSSL version differs in that it
+     * gives 1 on success and 0 on failure for consistency with other OpenSSL
+     * functions. Real strerror_r does it the other way around
+     */
+    return !strerror_r(errnum, buf, buflen);
+#else
+    char *err;
+    /* Fall back to non-thread safe strerror()...its all we can do */
+    if (buflen < 2)
+        return 0;
+    err = strerror(errnum);
+    /* Can this ever happen? */
+    if (err == NULL)
+        return 0;
+    strncpy(buf, err, buflen - 1);
+    buf[buflen - 1] = '\0';
+    return 1;
+#endif
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/o_time.c b/trunk/3rdparty/openssl-1.1-fit/crypto/o_time.c
new file mode 100644
index 000000000..6d764f55e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/o_time.c
@@ -0,0 +1,200 @@
+/*
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/e_os2.h>
+#include <string.h>
+#include <openssl/crypto.h>
+
+struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result)
+{
+    struct tm *ts = NULL;
+
+#if defined(OPENSSL_THREADS) && defined(OPENSSL_SYS_VMS)
+    {
+        /*
+         * On VMS, gmtime_r() takes a 32-bit pointer as second argument.
+         * Since we can't know that |result| is in a space that can easily
+         * translate to a 32-bit pointer, we must store temporarily on stack
+         * and copy the result.  The stack is always reachable with 32-bit
+         * pointers.
+         */
+#if defined(OPENSSL_SYS_VMS) && __INITIAL_POINTER_SIZE
+# pragma pointer_size save
+# pragma pointer_size 32
+#endif
+        struct tm data, *ts2 = &data;
+#if defined OPENSSL_SYS_VMS && __INITIAL_POINTER_SIZE
+# pragma pointer_size restore
+#endif
+        if (gmtime_r(timer, ts2) == NULL)
+            return NULL;
+        memcpy(result, ts2, sizeof(struct tm));
+        ts = result;
+    }
+#elif defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_MACOSX)
+    if (gmtime_r(timer, result) == NULL)
+        return NULL;
+    ts = result;
+#elif defined (OPENSSL_SYS_WINDOWS) && defined(_MSC_VER) && _MSC_VER >= 1400
+    if (gmtime_s(result, timer))
+        return NULL;
+    ts = result;
+#else
+    ts = gmtime(timer);
+    if (ts == NULL)
+        return NULL;
+
+    memcpy(result, ts, sizeof(struct tm));
+    ts = result;
+#endif
+    return ts;
+}
+
+/*
+ * Take a tm structure and add an offset to it. This avoids any OS issues
+ * with restricted date types and overflows which cause the year 2038
+ * problem.
+ */
+
+#define SECS_PER_DAY (24 * 60 * 60)
+
+static long date_to_julian(int y, int m, int d);
+static void julian_to_date(long jd, int *y, int *m, int *d);
+static int julian_adj(const struct tm *tm, int off_day, long offset_sec,
+                      long *pday, int *psec);
+
+int OPENSSL_gmtime_adj(struct tm *tm, int off_day, long offset_sec)
+{
+    int time_sec, time_year, time_month, time_day;
+    long time_jd;
+
+    /* Convert time and offset into Julian day and seconds */
+    if (!julian_adj(tm, off_day, offset_sec, &time_jd, &time_sec))
+        return 0;
+
+    /* Convert Julian day back to date */
+
+    julian_to_date(time_jd, &time_year, &time_month, &time_day);
+
+    if (time_year < 1900 || time_year > 9999)
+        return 0;
+
+    /* Update tm structure */
+
+    tm->tm_year = time_year - 1900;
+    tm->tm_mon = time_month - 1;
+    tm->tm_mday = time_day;
+
+    tm->tm_hour = time_sec / 3600;
+    tm->tm_min = (time_sec / 60) % 60;
+    tm->tm_sec = time_sec % 60;
+
+    return 1;
+
+}
+
+int OPENSSL_gmtime_diff(int *pday, int *psec,
+                        const struct tm *from, const struct tm *to)
+{
+    int from_sec, to_sec, diff_sec;
+    long from_jd, to_jd, diff_day;
+    if (!julian_adj(from, 0, 0, &from_jd, &from_sec))
+        return 0;
+    if (!julian_adj(to, 0, 0, &to_jd, &to_sec))
+        return 0;
+    diff_day = to_jd - from_jd;
+    diff_sec = to_sec - from_sec;
+    /* Adjust differences so both positive or both negative */
+    if (diff_day > 0 && diff_sec < 0) {
+        diff_day--;
+        diff_sec += SECS_PER_DAY;
+    }
+    if (diff_day < 0 && diff_sec > 0) {
+        diff_day++;
+        diff_sec -= SECS_PER_DAY;
+    }
+
+    if (pday)
+        *pday = (int)diff_day;
+    if (psec)
+        *psec = diff_sec;
+
+    return 1;
+
+}
+
+/* Convert tm structure and offset into julian day and seconds */
+static int julian_adj(const struct tm *tm, int off_day, long offset_sec,
+                      long *pday, int *psec)
+{
+    int offset_hms, offset_day;
+    long time_jd;
+    int time_year, time_month, time_day;
+    /* split offset into days and day seconds */
+    offset_day = offset_sec / SECS_PER_DAY;
+    /* Avoid sign issues with % operator */
+    offset_hms = offset_sec - (offset_day * SECS_PER_DAY);
+    offset_day += off_day;
+    /* Add current time seconds to offset */
+    offset_hms += tm->tm_hour * 3600 + tm->tm_min * 60 + tm->tm_sec;
+    /* Adjust day seconds if overflow */
+    if (offset_hms >= SECS_PER_DAY) {
+        offset_day++;
+        offset_hms -= SECS_PER_DAY;
+    } else if (offset_hms < 0) {
+        offset_day--;
+        offset_hms += SECS_PER_DAY;
+    }
+
+    /*
+     * Convert date of time structure into a Julian day number.
+     */
+
+    time_year = tm->tm_year + 1900;
+    time_month = tm->tm_mon + 1;
+    time_day = tm->tm_mday;
+
+    time_jd = date_to_julian(time_year, time_month, time_day);
+
+    /* Work out Julian day of new date */
+    time_jd += offset_day;
+
+    if (time_jd < 0)
+        return 0;
+
+    *pday = time_jd;
+    *psec = offset_hms;
+    return 1;
+}
+
+/*
+ * Convert date to and from julian day Uses Fliegel & Van Flandern algorithm
+ */
+static long date_to_julian(int y, int m, int d)
+{
+    return (1461 * (y + 4800 + (m - 14) / 12)) / 4 +
+        (367 * (m - 2 - 12 * ((m - 14) / 12))) / 12 -
+        (3 * ((y + 4900 + (m - 14) / 12) / 100)) / 4 + d - 32075;
+}
+
+static void julian_to_date(long jd, int *y, int *m, int *d)
+{
+    long L = jd + 68569;
+    long n = (4 * L) / 146097;
+    long i, j;
+
+    L = L - (146097 * n + 3) / 4;
+    i = (4000 * (L + 1)) / 1461001;
+    L = L - (1461 * i) / 4 + 31;
+    j = (80 * L) / 2447;
+    *d = L - (2447 * j) / 80;
+    L = j / 11;
+    *m = j + 2 - (12 * L);
+    *y = 100 * (n - 49) + i + L;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/objects/README b/trunk/3rdparty/openssl-1.1-fit/crypto/objects/README
new file mode 100644
index 000000000..700f9c5e5
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/objects/README
@@ -0,0 +1,44 @@
+objects.txt syntax
+------------------
+
+To cover all the naming hacks that were previously in objects.h needed some
+kind of hacks in objects.txt.
+
+The basic syntax for adding an object is as follows:
+
+	1 2 3 4		: shortName	: Long Name
+
+		If Long Name contains only word characters and hyphen-minus
+		(0x2D) or full stop (0x2E) then Long Name is used as basis
+		for the base name in C. Otherwise, the shortName is used.
+
+		The base name (let's call it 'base') will then be used to
+		create the C macros SN_base, LN_base, NID_base and OBJ_base.
+
+		Note that if the base name contains spaces, dashes or periods,
+		those will be converted to underscore.
+
+Then there are some extra commands:
+
+	!Alias foo 1 2 3 4
+
+		This just makes a name foo for an OID.  The C macro
+		OBJ_foo will be created as a result.
+
+	!Cname foo
+
+		This makes sure that the name foo will be used as base name
+		in C.
+
+	!module foo
+	1 2 3 4		: shortName	: Long Name
+	!global
+
+		The !module command was meant to define a kind of modularity.
+		What it does is to make sure the module name is prepended
+		to the base name.  !global turns this off.  This construction
+		is not recursive.
+
+Lines starting with # are treated as comments, as well as any line starting
+with ! and not matching the commands above.
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/objects/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/objects/build.info
new file mode 100644
index 000000000..38e290756
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/objects/build.info
@@ -0,0 +1,3 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        o_names.c obj_dat.c obj_lib.c obj_err.c obj_xref.c
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/objects/o_names.c b/trunk/3rdparty/openssl-1.1-fit/crypto/objects/o_names.c
new file mode 100644
index 000000000..c4355370c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/objects/o_names.c
@@ -0,0 +1,406 @@
+/*
+ * Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/err.h>
+#include <openssl/lhash.h>
+#include <openssl/objects.h>
+#include <openssl/safestack.h>
+#include <openssl/e_os2.h>
+#include "internal/thread_once.h"
+#include "internal/lhash.h"
+#include "obj_lcl.h"
+#include "e_os.h"
+
+/*
+ * We define this wrapper for two reasons. Firstly, later versions of
+ * DEC C add linkage information to certain functions, which makes it
+ * tricky to use them as values to regular function pointers.
+ * Secondly, in the EDK2 build environment, the strcasecmp function is
+ * actually an external function with the Microsoft ABI, so we can't
+ * transparently assign function pointers to it.
+ */
+#if defined(OPENSSL_SYS_VMS_DECC) || defined(OPENSSL_SYS_UEFI)
+static int obj_strcasecmp(const char *a, const char *b)
+{
+    return strcasecmp(a, b);
+}
+#else
+#define obj_strcasecmp strcasecmp
+#endif
+
+/*
+ * I use the ex_data stuff to manage the identifiers for the obj_name_types
+ * that applications may define.  I only really use the free function field.
+ */
+static LHASH_OF(OBJ_NAME) *names_lh = NULL;
+static int names_type_num = OBJ_NAME_TYPE_NUM;
+static CRYPTO_RWLOCK *obj_lock = NULL;
+
+struct name_funcs_st {
+    unsigned long (*hash_func) (const char *name);
+    int (*cmp_func) (const char *a, const char *b);
+    void (*free_func) (const char *, int, const char *);
+};
+
+static STACK_OF(NAME_FUNCS) *name_funcs_stack;
+
+/*
+ * The LHASH callbacks now use the raw "void *" prototypes and do
+ * per-variable casting in the functions. This prevents function pointer
+ * casting without the need for macro-generated wrapper functions.
+ */
+
+static unsigned long obj_name_hash(const OBJ_NAME *a);
+static int obj_name_cmp(const OBJ_NAME *a, const OBJ_NAME *b);
+
+static CRYPTO_ONCE init = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(o_names_init)
+{
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+    names_lh = lh_OBJ_NAME_new(obj_name_hash, obj_name_cmp);
+    obj_lock = CRYPTO_THREAD_lock_new();
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+    return names_lh != NULL && obj_lock != NULL;
+}
+
+int OBJ_NAME_init(void)
+{
+    return RUN_ONCE(&init, o_names_init);
+}
+
+int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *),
+                       int (*cmp_func) (const char *, const char *),
+                       void (*free_func) (const char *, int, const char *))
+{
+    int ret = 0, i, push;
+    NAME_FUNCS *name_funcs;
+
+    if (!OBJ_NAME_init())
+        return 0;
+
+    CRYPTO_THREAD_write_lock(obj_lock);
+
+    if (name_funcs_stack == NULL) {
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+        name_funcs_stack = sk_NAME_FUNCS_new_null();
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+    }
+    if (name_funcs_stack == NULL) {
+        /* ERROR */
+        goto out;
+    }
+    ret = names_type_num;
+    names_type_num++;
+    for (i = sk_NAME_FUNCS_num(name_funcs_stack); i < names_type_num; i++) {
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+        name_funcs = OPENSSL_zalloc(sizeof(*name_funcs));
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+        if (name_funcs == NULL) {
+            OBJerr(OBJ_F_OBJ_NAME_NEW_INDEX, ERR_R_MALLOC_FAILURE);
+            ret = 0;
+            goto out;
+        }
+        name_funcs->hash_func = openssl_lh_strcasehash;
+        name_funcs->cmp_func = obj_strcasecmp;
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+
+        push = sk_NAME_FUNCS_push(name_funcs_stack, name_funcs);
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+
+        if (!push) {
+            OBJerr(OBJ_F_OBJ_NAME_NEW_INDEX, ERR_R_MALLOC_FAILURE);
+            OPENSSL_free(name_funcs);
+            ret = 0;
+            goto out;
+        }
+    }
+    name_funcs = sk_NAME_FUNCS_value(name_funcs_stack, ret);
+    if (hash_func != NULL)
+        name_funcs->hash_func = hash_func;
+    if (cmp_func != NULL)
+        name_funcs->cmp_func = cmp_func;
+    if (free_func != NULL)
+        name_funcs->free_func = free_func;
+
+out:
+    CRYPTO_THREAD_unlock(obj_lock);
+    return ret;
+}
+
+static int obj_name_cmp(const OBJ_NAME *a, const OBJ_NAME *b)
+{
+    int ret;
+
+    ret = a->type - b->type;
+    if (ret == 0) {
+        if ((name_funcs_stack != NULL)
+            && (sk_NAME_FUNCS_num(name_funcs_stack) > a->type)) {
+            ret = sk_NAME_FUNCS_value(name_funcs_stack,
+                                      a->type)->cmp_func(a->name, b->name);
+        } else
+            ret = strcasecmp(a->name, b->name);
+    }
+    return ret;
+}
+
+static unsigned long obj_name_hash(const OBJ_NAME *a)
+{
+    unsigned long ret;
+
+    if ((name_funcs_stack != NULL)
+        && (sk_NAME_FUNCS_num(name_funcs_stack) > a->type)) {
+        ret =
+            sk_NAME_FUNCS_value(name_funcs_stack,
+                                a->type)->hash_func(a->name);
+    } else {
+        ret = openssl_lh_strcasehash(a->name);
+    }
+    ret ^= a->type;
+    return ret;
+}
+
+const char *OBJ_NAME_get(const char *name, int type)
+{
+    OBJ_NAME on, *ret;
+    int num = 0, alias;
+    const char *value = NULL;
+
+    if (name == NULL)
+        return NULL;
+    if (!OBJ_NAME_init())
+        return NULL;
+    CRYPTO_THREAD_read_lock(obj_lock);
+
+    alias = type & OBJ_NAME_ALIAS;
+    type &= ~OBJ_NAME_ALIAS;
+
+    on.name = name;
+    on.type = type;
+
+    for (;;) {
+        ret = lh_OBJ_NAME_retrieve(names_lh, &on);
+        if (ret == NULL)
+            break;
+        if ((ret->alias) && !alias) {
+            if (++num > 10)
+                break;
+            on.name = ret->data;
+        } else {
+            value = ret->data;
+            break;
+        }
+    }
+
+    CRYPTO_THREAD_unlock(obj_lock);
+    return value;
+}
+
+int OBJ_NAME_add(const char *name, int type, const char *data)
+{
+    OBJ_NAME *onp, *ret;
+    int alias, ok = 0;
+
+    if (!OBJ_NAME_init())
+        return 0;
+
+    alias = type & OBJ_NAME_ALIAS;
+    type &= ~OBJ_NAME_ALIAS;
+
+    onp = OPENSSL_malloc(sizeof(*onp));
+    if (onp == NULL) {
+        /* ERROR */
+        goto unlock;
+    }
+
+    onp->name = name;
+    onp->alias = alias;
+    onp->type = type;
+    onp->data = data;
+
+    CRYPTO_THREAD_write_lock(obj_lock);
+
+    ret = lh_OBJ_NAME_insert(names_lh, onp);
+    if (ret != NULL) {
+        /* free things */
+        if ((name_funcs_stack != NULL)
+            && (sk_NAME_FUNCS_num(name_funcs_stack) > ret->type)) {
+            /*
+             * XXX: I'm not sure I understand why the free function should
+             * get three arguments... -- Richard Levitte
+             */
+            sk_NAME_FUNCS_value(name_funcs_stack,
+                                ret->type)->free_func(ret->name, ret->type,
+                                                      ret->data);
+        }
+        OPENSSL_free(ret);
+    } else {
+        if (lh_OBJ_NAME_error(names_lh)) {
+            /* ERROR */
+            OPENSSL_free(onp);
+            goto unlock;
+        }
+    }
+
+    ok = 1;
+
+unlock:
+    CRYPTO_THREAD_unlock(obj_lock);
+    return ok;
+}
+
+int OBJ_NAME_remove(const char *name, int type)
+{
+    OBJ_NAME on, *ret;
+    int ok = 0;
+
+    if (!OBJ_NAME_init())
+        return 0;
+
+    CRYPTO_THREAD_write_lock(obj_lock);
+
+    type &= ~OBJ_NAME_ALIAS;
+    on.name = name;
+    on.type = type;
+    ret = lh_OBJ_NAME_delete(names_lh, &on);
+    if (ret != NULL) {
+        /* free things */
+        if ((name_funcs_stack != NULL)
+            && (sk_NAME_FUNCS_num(name_funcs_stack) > ret->type)) {
+            /*
+             * XXX: I'm not sure I understand why the free function should
+             * get three arguments... -- Richard Levitte
+             */
+            sk_NAME_FUNCS_value(name_funcs_stack,
+                                ret->type)->free_func(ret->name, ret->type,
+                                                      ret->data);
+        }
+        OPENSSL_free(ret);
+        ok = 1;
+    }
+
+    CRYPTO_THREAD_unlock(obj_lock);
+    return ok;
+}
+
+typedef struct {
+    int type;
+    void (*fn) (const OBJ_NAME *, void *arg);
+    void *arg;
+} OBJ_DOALL;
+
+static void do_all_fn(const OBJ_NAME *name, OBJ_DOALL *d)
+{
+    if (name->type == d->type)
+        d->fn(name, d->arg);
+}
+
+IMPLEMENT_LHASH_DOALL_ARG_CONST(OBJ_NAME, OBJ_DOALL);
+
+void OBJ_NAME_do_all(int type, void (*fn) (const OBJ_NAME *, void *arg),
+                     void *arg)
+{
+    OBJ_DOALL d;
+
+    d.type = type;
+    d.fn = fn;
+    d.arg = arg;
+
+    lh_OBJ_NAME_doall_OBJ_DOALL(names_lh, do_all_fn, &d);
+}
+
+struct doall_sorted {
+    int type;
+    int n;
+    const OBJ_NAME **names;
+};
+
+static void do_all_sorted_fn(const OBJ_NAME *name, void *d_)
+{
+    struct doall_sorted *d = d_;
+
+    if (name->type != d->type)
+        return;
+
+    d->names[d->n++] = name;
+}
+
+static int do_all_sorted_cmp(const void *n1_, const void *n2_)
+{
+    const OBJ_NAME *const *n1 = n1_;
+    const OBJ_NAME *const *n2 = n2_;
+
+    return strcmp((*n1)->name, (*n2)->name);
+}
+
+void OBJ_NAME_do_all_sorted(int type,
+                            void (*fn) (const OBJ_NAME *, void *arg),
+                            void *arg)
+{
+    struct doall_sorted d;
+    int n;
+
+    d.type = type;
+    d.names =
+        OPENSSL_malloc(sizeof(*d.names) * lh_OBJ_NAME_num_items(names_lh));
+    /* Really should return an error if !d.names...but its a void function! */
+    if (d.names != NULL) {
+        d.n = 0;
+        OBJ_NAME_do_all(type, do_all_sorted_fn, &d);
+
+        qsort((void *)d.names, d.n, sizeof(*d.names), do_all_sorted_cmp);
+
+        for (n = 0; n < d.n; ++n)
+            fn(d.names[n], arg);
+
+        OPENSSL_free((void *)d.names);
+    }
+}
+
+static int free_type;
+
+static void names_lh_free_doall(OBJ_NAME *onp)
+{
+    if (onp == NULL)
+        return;
+
+    if (free_type < 0 || free_type == onp->type)
+        OBJ_NAME_remove(onp->name, onp->type);
+}
+
+static void name_funcs_free(NAME_FUNCS *ptr)
+{
+    OPENSSL_free(ptr);
+}
+
+void OBJ_NAME_cleanup(int type)
+{
+    unsigned long down_load;
+
+    if (names_lh == NULL)
+        return;
+
+    free_type = type;
+    down_load = lh_OBJ_NAME_get_down_load(names_lh);
+    lh_OBJ_NAME_set_down_load(names_lh, 0);
+
+    lh_OBJ_NAME_doall(names_lh, names_lh_free_doall);
+    if (type < 0) {
+        lh_OBJ_NAME_free(names_lh);
+        sk_NAME_FUNCS_pop_free(name_funcs_stack, name_funcs_free);
+        CRYPTO_THREAD_lock_free(obj_lock);
+        names_lh = NULL;
+        name_funcs_stack = NULL;
+        obj_lock = NULL;
+    } else
+        lh_OBJ_NAME_set_down_load(names_lh, down_load);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/objects/obj_dat.c b/trunk/3rdparty/openssl-1.1-fit/crypto/objects/obj_dat.c
new file mode 100644
index 000000000..ef2d1e0dd
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/objects/obj_dat.c
@@ -0,0 +1,739 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/ctype.h"
+#include <limits.h>
+#include "internal/cryptlib.h"
+#include <openssl/lhash.h>
+#include <openssl/asn1.h>
+#include "internal/objects.h"
+#include <openssl/bn.h>
+#include "internal/asn1_int.h"
+#include "obj_lcl.h"
+
+/* obj_dat.h is generated from objects.h by obj_dat.pl */
+#include "obj_dat.h"
+
+DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, sn);
+DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, ln);
+DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, obj);
+
+#define ADDED_DATA      0
+#define ADDED_SNAME     1
+#define ADDED_LNAME     2
+#define ADDED_NID       3
+
+struct added_obj_st {
+    int type;
+    ASN1_OBJECT *obj;
+};
+
+static int new_nid = NUM_NID;
+static LHASH_OF(ADDED_OBJ) *added = NULL;
+
+static int sn_cmp(const ASN1_OBJECT *const *a, const unsigned int *b)
+{
+    return strcmp((*a)->sn, nid_objs[*b].sn);
+}
+
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, sn);
+
+static int ln_cmp(const ASN1_OBJECT *const *a, const unsigned int *b)
+{
+    return strcmp((*a)->ln, nid_objs[*b].ln);
+}
+
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, ln);
+
+static unsigned long added_obj_hash(const ADDED_OBJ *ca)
+{
+    const ASN1_OBJECT *a;
+    int i;
+    unsigned long ret = 0;
+    unsigned char *p;
+
+    a = ca->obj;
+    switch (ca->type) {
+    case ADDED_DATA:
+        ret = a->length << 20L;
+        p = (unsigned char *)a->data;
+        for (i = 0; i < a->length; i++)
+            ret ^= p[i] << ((i * 3) % 24);
+        break;
+    case ADDED_SNAME:
+        ret = OPENSSL_LH_strhash(a->sn);
+        break;
+    case ADDED_LNAME:
+        ret = OPENSSL_LH_strhash(a->ln);
+        break;
+    case ADDED_NID:
+        ret = a->nid;
+        break;
+    default:
+        /* abort(); */
+        return 0;
+    }
+    ret &= 0x3fffffffL;
+    ret |= ((unsigned long)ca->type) << 30L;
+    return ret;
+}
+
+static int added_obj_cmp(const ADDED_OBJ *ca, const ADDED_OBJ *cb)
+{
+    ASN1_OBJECT *a, *b;
+    int i;
+
+    i = ca->type - cb->type;
+    if (i)
+        return i;
+    a = ca->obj;
+    b = cb->obj;
+    switch (ca->type) {
+    case ADDED_DATA:
+        i = (a->length - b->length);
+        if (i)
+            return i;
+        return memcmp(a->data, b->data, (size_t)a->length);
+    case ADDED_SNAME:
+        if (a->sn == NULL)
+            return -1;
+        else if (b->sn == NULL)
+            return 1;
+        else
+            return strcmp(a->sn, b->sn);
+    case ADDED_LNAME:
+        if (a->ln == NULL)
+            return -1;
+        else if (b->ln == NULL)
+            return 1;
+        else
+            return strcmp(a->ln, b->ln);
+    case ADDED_NID:
+        return a->nid - b->nid;
+    default:
+        /* abort(); */
+        return 0;
+    }
+}
+
+static int init_added(void)
+{
+    if (added != NULL)
+        return 1;
+    added = lh_ADDED_OBJ_new(added_obj_hash, added_obj_cmp);
+    return added != NULL;
+}
+
+static void cleanup1_doall(ADDED_OBJ *a)
+{
+    a->obj->nid = 0;
+    a->obj->flags |= ASN1_OBJECT_FLAG_DYNAMIC |
+        ASN1_OBJECT_FLAG_DYNAMIC_STRINGS | ASN1_OBJECT_FLAG_DYNAMIC_DATA;
+}
+
+static void cleanup2_doall(ADDED_OBJ *a)
+{
+    a->obj->nid++;
+}
+
+static void cleanup3_doall(ADDED_OBJ *a)
+{
+    if (--a->obj->nid == 0)
+        ASN1_OBJECT_free(a->obj);
+    OPENSSL_free(a);
+}
+
+void obj_cleanup_int(void)
+{
+    if (added == NULL)
+        return;
+    lh_ADDED_OBJ_set_down_load(added, 0);
+    lh_ADDED_OBJ_doall(added, cleanup1_doall); /* zero counters */
+    lh_ADDED_OBJ_doall(added, cleanup2_doall); /* set counters */
+    lh_ADDED_OBJ_doall(added, cleanup3_doall); /* free objects */
+    lh_ADDED_OBJ_free(added);
+    added = NULL;
+}
+
+int OBJ_new_nid(int num)
+{
+    int i;
+
+    i = new_nid;
+    new_nid += num;
+    return i;
+}
+
+int OBJ_add_object(const ASN1_OBJECT *obj)
+{
+    ASN1_OBJECT *o;
+    ADDED_OBJ *ao[4] = { NULL, NULL, NULL, NULL }, *aop;
+    int i;
+
+    if (added == NULL)
+        if (!init_added())
+            return 0;
+    if ((o = OBJ_dup(obj)) == NULL)
+        goto err;
+    if ((ao[ADDED_NID] = OPENSSL_malloc(sizeof(*ao[0]))) == NULL)
+        goto err2;
+    if ((o->length != 0) && (obj->data != NULL))
+        if ((ao[ADDED_DATA] = OPENSSL_malloc(sizeof(*ao[0]))) == NULL)
+            goto err2;
+    if (o->sn != NULL)
+        if ((ao[ADDED_SNAME] = OPENSSL_malloc(sizeof(*ao[0]))) == NULL)
+            goto err2;
+    if (o->ln != NULL)
+        if ((ao[ADDED_LNAME] = OPENSSL_malloc(sizeof(*ao[0]))) == NULL)
+            goto err2;
+
+    for (i = ADDED_DATA; i <= ADDED_NID; i++) {
+        if (ao[i] != NULL) {
+            ao[i]->type = i;
+            ao[i]->obj = o;
+            aop = lh_ADDED_OBJ_insert(added, ao[i]);
+            /* memory leak, but should not normally matter */
+            OPENSSL_free(aop);
+        }
+    }
+    o->flags &=
+        ~(ASN1_OBJECT_FLAG_DYNAMIC | ASN1_OBJECT_FLAG_DYNAMIC_STRINGS |
+          ASN1_OBJECT_FLAG_DYNAMIC_DATA);
+
+    return o->nid;
+ err2:
+    OBJerr(OBJ_F_OBJ_ADD_OBJECT, ERR_R_MALLOC_FAILURE);
+ err:
+    for (i = ADDED_DATA; i <= ADDED_NID; i++)
+        OPENSSL_free(ao[i]);
+    ASN1_OBJECT_free(o);
+    return NID_undef;
+}
+
+ASN1_OBJECT *OBJ_nid2obj(int n)
+{
+    ADDED_OBJ ad, *adp;
+    ASN1_OBJECT ob;
+
+    if ((n >= 0) && (n < NUM_NID)) {
+        if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) {
+            OBJerr(OBJ_F_OBJ_NID2OBJ, OBJ_R_UNKNOWN_NID);
+            return NULL;
+        }
+        return (ASN1_OBJECT *)&(nid_objs[n]);
+    } else if (added == NULL)
+        return NULL;
+    else {
+        ad.type = ADDED_NID;
+        ad.obj = &ob;
+        ob.nid = n;
+        adp = lh_ADDED_OBJ_retrieve(added, &ad);
+        if (adp != NULL)
+            return adp->obj;
+        else {
+            OBJerr(OBJ_F_OBJ_NID2OBJ, OBJ_R_UNKNOWN_NID);
+            return NULL;
+        }
+    }
+}
+
+const char *OBJ_nid2sn(int n)
+{
+    ADDED_OBJ ad, *adp;
+    ASN1_OBJECT ob;
+
+    if ((n >= 0) && (n < NUM_NID)) {
+        if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) {
+            OBJerr(OBJ_F_OBJ_NID2SN, OBJ_R_UNKNOWN_NID);
+            return NULL;
+        }
+        return nid_objs[n].sn;
+    } else if (added == NULL)
+        return NULL;
+    else {
+        ad.type = ADDED_NID;
+        ad.obj = &ob;
+        ob.nid = n;
+        adp = lh_ADDED_OBJ_retrieve(added, &ad);
+        if (adp != NULL)
+            return adp->obj->sn;
+        else {
+            OBJerr(OBJ_F_OBJ_NID2SN, OBJ_R_UNKNOWN_NID);
+            return NULL;
+        }
+    }
+}
+
+const char *OBJ_nid2ln(int n)
+{
+    ADDED_OBJ ad, *adp;
+    ASN1_OBJECT ob;
+
+    if ((n >= 0) && (n < NUM_NID)) {
+        if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) {
+            OBJerr(OBJ_F_OBJ_NID2LN, OBJ_R_UNKNOWN_NID);
+            return NULL;
+        }
+        return nid_objs[n].ln;
+    } else if (added == NULL)
+        return NULL;
+    else {
+        ad.type = ADDED_NID;
+        ad.obj = &ob;
+        ob.nid = n;
+        adp = lh_ADDED_OBJ_retrieve(added, &ad);
+        if (adp != NULL)
+            return adp->obj->ln;
+        else {
+            OBJerr(OBJ_F_OBJ_NID2LN, OBJ_R_UNKNOWN_NID);
+            return NULL;
+        }
+    }
+}
+
+static int obj_cmp(const ASN1_OBJECT *const *ap, const unsigned int *bp)
+{
+    int j;
+    const ASN1_OBJECT *a = *ap;
+    const ASN1_OBJECT *b = &nid_objs[*bp];
+
+    j = (a->length - b->length);
+    if (j)
+        return j;
+    if (a->length == 0)
+        return 0;
+    return memcmp(a->data, b->data, a->length);
+}
+
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, obj);
+
+int OBJ_obj2nid(const ASN1_OBJECT *a)
+{
+    const unsigned int *op;
+    ADDED_OBJ ad, *adp;
+
+    if (a == NULL)
+        return NID_undef;
+    if (a->nid != 0)
+        return a->nid;
+
+    if (a->length == 0)
+        return NID_undef;
+
+    if (added != NULL) {
+        ad.type = ADDED_DATA;
+        ad.obj = (ASN1_OBJECT *)a; /* XXX: ugly but harmless */
+        adp = lh_ADDED_OBJ_retrieve(added, &ad);
+        if (adp != NULL)
+            return adp->obj->nid;
+    }
+    op = OBJ_bsearch_obj(&a, obj_objs, NUM_OBJ);
+    if (op == NULL)
+        return NID_undef;
+    return nid_objs[*op].nid;
+}
+
+/*
+ * Convert an object name into an ASN1_OBJECT if "noname" is not set then
+ * search for short and long names first. This will convert the "dotted" form
+ * into an object: unlike OBJ_txt2nid it can be used with any objects, not
+ * just registered ones.
+ */
+
+ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name)
+{
+    int nid = NID_undef;
+    ASN1_OBJECT *op;
+    unsigned char *buf;
+    unsigned char *p;
+    const unsigned char *cp;
+    int i, j;
+
+    if (!no_name) {
+        if (((nid = OBJ_sn2nid(s)) != NID_undef) ||
+            ((nid = OBJ_ln2nid(s)) != NID_undef))
+            return OBJ_nid2obj(nid);
+    }
+
+    /* Work out size of content octets */
+    i = a2d_ASN1_OBJECT(NULL, 0, s, -1);
+    if (i <= 0) {
+        /* Don't clear the error */
+        /*
+         * ERR_clear_error();
+         */
+        return NULL;
+    }
+    /* Work out total size */
+    j = ASN1_object_size(0, i, V_ASN1_OBJECT);
+    if (j < 0)
+        return NULL;
+
+    if ((buf = OPENSSL_malloc(j)) == NULL) {
+        OBJerr(OBJ_F_OBJ_TXT2OBJ, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    p = buf;
+    /* Write out tag+length */
+    ASN1_put_object(&p, 0, i, V_ASN1_OBJECT, V_ASN1_UNIVERSAL);
+    /* Write out contents */
+    a2d_ASN1_OBJECT(p, i, s, -1);
+
+    cp = buf;
+    op = d2i_ASN1_OBJECT(NULL, &cp, j);
+    OPENSSL_free(buf);
+    return op;
+}
+
+int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
+{
+    int i, n = 0, len, nid, first, use_bn;
+    BIGNUM *bl;
+    unsigned long l;
+    const unsigned char *p;
+    char tbuf[DECIMAL_SIZE(i) + DECIMAL_SIZE(l) + 2];
+
+    /* Ensure that, at every state, |buf| is NUL-terminated. */
+    if (buf && buf_len > 0)
+        buf[0] = '\0';
+
+    if ((a == NULL) || (a->data == NULL))
+        return 0;
+
+    if (!no_name && (nid = OBJ_obj2nid(a)) != NID_undef) {
+        const char *s;
+        s = OBJ_nid2ln(nid);
+        if (s == NULL)
+            s = OBJ_nid2sn(nid);
+        if (s) {
+            if (buf)
+                OPENSSL_strlcpy(buf, s, buf_len);
+            n = strlen(s);
+            return n;
+        }
+    }
+
+    len = a->length;
+    p = a->data;
+
+    first = 1;
+    bl = NULL;
+
+    while (len > 0) {
+        l = 0;
+        use_bn = 0;
+        for (;;) {
+            unsigned char c = *p++;
+            len--;
+            if ((len == 0) && (c & 0x80))
+                goto err;
+            if (use_bn) {
+                if (!BN_add_word(bl, c & 0x7f))
+                    goto err;
+            } else
+                l |= c & 0x7f;
+            if (!(c & 0x80))
+                break;
+            if (!use_bn && (l > (ULONG_MAX >> 7L))) {
+                if (bl == NULL && (bl = BN_new()) == NULL)
+                    goto err;
+                if (!BN_set_word(bl, l))
+                    goto err;
+                use_bn = 1;
+            }
+            if (use_bn) {
+                if (!BN_lshift(bl, bl, 7))
+                    goto err;
+            } else
+                l <<= 7L;
+        }
+
+        if (first) {
+            first = 0;
+            if (l >= 80) {
+                i = 2;
+                if (use_bn) {
+                    if (!BN_sub_word(bl, 80))
+                        goto err;
+                } else
+                    l -= 80;
+            } else {
+                i = (int)(l / 40);
+                l -= (long)(i * 40);
+            }
+            if (buf && (buf_len > 1)) {
+                *buf++ = i + '0';
+                *buf = '\0';
+                buf_len--;
+            }
+            n++;
+        }
+
+        if (use_bn) {
+            char *bndec;
+            bndec = BN_bn2dec(bl);
+            if (!bndec)
+                goto err;
+            i = strlen(bndec);
+            if (buf) {
+                if (buf_len > 1) {
+                    *buf++ = '.';
+                    *buf = '\0';
+                    buf_len--;
+                }
+                OPENSSL_strlcpy(buf, bndec, buf_len);
+                if (i > buf_len) {
+                    buf += buf_len;
+                    buf_len = 0;
+                } else {
+                    buf += i;
+                    buf_len -= i;
+                }
+            }
+            n++;
+            n += i;
+            OPENSSL_free(bndec);
+        } else {
+            BIO_snprintf(tbuf, sizeof(tbuf), ".%lu", l);
+            i = strlen(tbuf);
+            if (buf && (buf_len > 0)) {
+                OPENSSL_strlcpy(buf, tbuf, buf_len);
+                if (i > buf_len) {
+                    buf += buf_len;
+                    buf_len = 0;
+                } else {
+                    buf += i;
+                    buf_len -= i;
+                }
+            }
+            n += i;
+            l = 0;
+        }
+    }
+
+    BN_free(bl);
+    return n;
+
+ err:
+    BN_free(bl);
+    return -1;
+}
+
+int OBJ_txt2nid(const char *s)
+{
+    ASN1_OBJECT *obj;
+    int nid;
+    obj = OBJ_txt2obj(s, 0);
+    nid = OBJ_obj2nid(obj);
+    ASN1_OBJECT_free(obj);
+    return nid;
+}
+
+int OBJ_ln2nid(const char *s)
+{
+    ASN1_OBJECT o;
+    const ASN1_OBJECT *oo = &o;
+    ADDED_OBJ ad, *adp;
+    const unsigned int *op;
+
+    o.ln = s;
+    if (added != NULL) {
+        ad.type = ADDED_LNAME;
+        ad.obj = &o;
+        adp = lh_ADDED_OBJ_retrieve(added, &ad);
+        if (adp != NULL)
+            return adp->obj->nid;
+    }
+    op = OBJ_bsearch_ln(&oo, ln_objs, NUM_LN);
+    if (op == NULL)
+        return NID_undef;
+    return nid_objs[*op].nid;
+}
+
+int OBJ_sn2nid(const char *s)
+{
+    ASN1_OBJECT o;
+    const ASN1_OBJECT *oo = &o;
+    ADDED_OBJ ad, *adp;
+    const unsigned int *op;
+
+    o.sn = s;
+    if (added != NULL) {
+        ad.type = ADDED_SNAME;
+        ad.obj = &o;
+        adp = lh_ADDED_OBJ_retrieve(added, &ad);
+        if (adp != NULL)
+            return adp->obj->nid;
+    }
+    op = OBJ_bsearch_sn(&oo, sn_objs, NUM_SN);
+    if (op == NULL)
+        return NID_undef;
+    return nid_objs[*op].nid;
+}
+
+const void *OBJ_bsearch_(const void *key, const void *base, int num, int size,
+                         int (*cmp) (const void *, const void *))
+{
+    return OBJ_bsearch_ex_(key, base, num, size, cmp, 0);
+}
+
+const void *OBJ_bsearch_ex_(const void *key, const void *base_, int num,
+                            int size,
+                            int (*cmp) (const void *, const void *),
+                            int flags)
+{
+    const char *base = base_;
+    int l, h, i = 0, c = 0;
+    const char *p = NULL;
+
+    if (num == 0)
+        return NULL;
+    l = 0;
+    h = num;
+    while (l < h) {
+        i = (l + h) / 2;
+        p = &(base[i * size]);
+        c = (*cmp) (key, p);
+        if (c < 0)
+            h = i;
+        else if (c > 0)
+            l = i + 1;
+        else
+            break;
+    }
+#ifdef CHARSET_EBCDIC
+    /*
+     * THIS IS A KLUDGE - Because the *_obj is sorted in ASCII order, and I
+     * don't have perl (yet), we revert to a *LINEAR* search when the object
+     * wasn't found in the binary search.
+     */
+    if (c != 0) {
+        for (i = 0; i < num; ++i) {
+            p = &(base[i * size]);
+            c = (*cmp) (key, p);
+            if (c == 0 || (c < 0 && (flags & OBJ_BSEARCH_VALUE_ON_NOMATCH)))
+                return p;
+        }
+    }
+#endif
+    if (c != 0 && !(flags & OBJ_BSEARCH_VALUE_ON_NOMATCH))
+        p = NULL;
+    else if (c == 0 && (flags & OBJ_BSEARCH_FIRST_VALUE_ON_MATCH)) {
+        while (i > 0 && (*cmp) (key, &(base[(i - 1) * size])) == 0)
+            i--;
+        p = &(base[i * size]);
+    }
+    return p;
+}
+
+/*
+ * Parse a BIO sink to create some extra oid's objects.
+ * Line format:<OID:isdigit or '.']><isspace><SN><isspace><LN>
+ */
+int OBJ_create_objects(BIO *in)
+{
+    char buf[512];
+    int i, num = 0;
+    char *o, *s, *l = NULL;
+
+    for (;;) {
+        s = o = NULL;
+        i = BIO_gets(in, buf, 512);
+        if (i <= 0)
+            return num;
+        buf[i - 1] = '\0';
+        if (!ossl_isalnum(buf[0]))
+            return num;
+        o = s = buf;
+        while (ossl_isdigit(*s) || *s == '.')
+            s++;
+        if (*s != '\0') {
+            *(s++) = '\0';
+            while (ossl_isspace(*s))
+                s++;
+            if (*s == '\0') {
+                s = NULL;
+            } else {
+                l = s;
+                while (*l != '\0' && !ossl_isspace(*l))
+                    l++;
+                if (*l != '\0') {
+                    *(l++) = '\0';
+                    while (ossl_isspace(*l))
+                        l++;
+                    if (*l == '\0') {
+                        l = NULL;
+                    }
+                } else {
+                    l = NULL;
+                }
+            }
+        } else {
+            s = NULL;
+        }
+        if (*o == '\0')
+            return num;
+        if (!OBJ_create(o, s, l))
+            return num;
+        num++;
+    }
+}
+
+int OBJ_create(const char *oid, const char *sn, const char *ln)
+{
+    ASN1_OBJECT *tmpoid = NULL;
+    int ok = 0;
+
+    /* Check to see if short or long name already present */
+    if ((sn != NULL && OBJ_sn2nid(sn) != NID_undef)
+            || (ln != NULL && OBJ_ln2nid(ln) != NID_undef)) {
+        OBJerr(OBJ_F_OBJ_CREATE, OBJ_R_OID_EXISTS);
+        return 0;
+    }
+
+    /* Convert numerical OID string to an ASN1_OBJECT structure */
+    tmpoid = OBJ_txt2obj(oid, 1);
+    if (tmpoid == NULL)
+        return 0;
+
+    /* If NID is not NID_undef then object already exists */
+    if (OBJ_obj2nid(tmpoid) != NID_undef) {
+        OBJerr(OBJ_F_OBJ_CREATE, OBJ_R_OID_EXISTS);
+        goto err;
+    }
+
+    tmpoid->nid = OBJ_new_nid(1);
+    tmpoid->sn = (char *)sn;
+    tmpoid->ln = (char *)ln;
+
+    ok = OBJ_add_object(tmpoid);
+
+    tmpoid->sn = NULL;
+    tmpoid->ln = NULL;
+
+ err:
+    ASN1_OBJECT_free(tmpoid);
+    return ok;
+}
+
+size_t OBJ_length(const ASN1_OBJECT *obj)
+{
+    if (obj == NULL)
+        return 0;
+    return obj->length;
+}
+
+const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj)
+{
+    if (obj == NULL)
+        return NULL;
+    return obj->data;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/objects/obj_dat.h b/trunk/3rdparty/openssl-1.1-fit/crypto/objects/obj_dat.h
new file mode 100644
index 000000000..9ab1a14b9
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/objects/obj_dat.h
@@ -0,0 +1,5733 @@
+/*
+ * WARNING: do not edit!
+ * Generated by crypto/objects/obj_dat.pl
+ *
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Serialized OID's */
+static const unsigned char so[7762] = {
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,                 /* [    0] OBJ_rsadsi */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,            /* [    6] OBJ_pkcs */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02,       /* [   13] OBJ_md2 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x05,       /* [   21] OBJ_md5 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x04,       /* [   29] OBJ_rc4 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,  /* [   37] OBJ_rsaEncryption */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x02,  /* [   46] OBJ_md2WithRSAEncryption */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x04,  /* [   55] OBJ_md5WithRSAEncryption */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x01,  /* [   64] OBJ_pbeWithMD2AndDES_CBC */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x03,  /* [   73] OBJ_pbeWithMD5AndDES_CBC */
+    0x55,                                          /* [   82] OBJ_X500 */
+    0x55,0x04,                                     /* [   83] OBJ_X509 */
+    0x55,0x04,0x03,                                /* [   85] OBJ_commonName */
+    0x55,0x04,0x06,                                /* [   88] OBJ_countryName */
+    0x55,0x04,0x07,                                /* [   91] OBJ_localityName */
+    0x55,0x04,0x08,                                /* [   94] OBJ_stateOrProvinceName */
+    0x55,0x04,0x0A,                                /* [   97] OBJ_organizationName */
+    0x55,0x04,0x0B,                                /* [  100] OBJ_organizationalUnitName */
+    0x55,0x08,0x01,0x01,                           /* [  103] OBJ_rsa */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,       /* [  107] OBJ_pkcs7 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x01,  /* [  115] OBJ_pkcs7_data */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x02,  /* [  124] OBJ_pkcs7_signed */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x03,  /* [  133] OBJ_pkcs7_enveloped */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x04,  /* [  142] OBJ_pkcs7_signedAndEnveloped */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x05,  /* [  151] OBJ_pkcs7_digest */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x06,  /* [  160] OBJ_pkcs7_encrypted */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x03,       /* [  169] OBJ_pkcs3 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x03,0x01,  /* [  177] OBJ_dhKeyAgreement */
+    0x2B,0x0E,0x03,0x02,0x06,                      /* [  186] OBJ_des_ecb */
+    0x2B,0x0E,0x03,0x02,0x09,                      /* [  191] OBJ_des_cfb64 */
+    0x2B,0x0E,0x03,0x02,0x07,                      /* [  196] OBJ_des_cbc */
+    0x2B,0x0E,0x03,0x02,0x11,                      /* [  201] OBJ_des_ede_ecb */
+    0x2B,0x06,0x01,0x04,0x01,0x81,0x3C,0x07,0x01,0x01,0x02,  /* [  206] OBJ_idea_cbc */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x02,       /* [  217] OBJ_rc2_cbc */
+    0x2B,0x0E,0x03,0x02,0x12,                      /* [  225] OBJ_sha */
+    0x2B,0x0E,0x03,0x02,0x0F,                      /* [  230] OBJ_shaWithRSAEncryption */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x07,       /* [  235] OBJ_des_ede3_cbc */
+    0x2B,0x0E,0x03,0x02,0x08,                      /* [  243] OBJ_des_ofb64 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,       /* [  248] OBJ_pkcs9 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x01,  /* [  256] OBJ_pkcs9_emailAddress */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x02,  /* [  265] OBJ_pkcs9_unstructuredName */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x03,  /* [  274] OBJ_pkcs9_contentType */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x04,  /* [  283] OBJ_pkcs9_messageDigest */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x05,  /* [  292] OBJ_pkcs9_signingTime */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x06,  /* [  301] OBJ_pkcs9_countersignature */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x07,  /* [  310] OBJ_pkcs9_challengePassword */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x08,  /* [  319] OBJ_pkcs9_unstructuredAddress */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x09,  /* [  328] OBJ_pkcs9_extCertAttributes */
+    0x60,0x86,0x48,0x01,0x86,0xF8,0x42,            /* [  337] OBJ_netscape */
+    0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,       /* [  344] OBJ_netscape_cert_extension */
+    0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02,       /* [  352] OBJ_netscape_data_type */
+    0x2B,0x0E,0x03,0x02,0x1A,                      /* [  360] OBJ_sha1 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,  /* [  365] OBJ_sha1WithRSAEncryption */
+    0x2B,0x0E,0x03,0x02,0x0D,                      /* [  374] OBJ_dsaWithSHA */
+    0x2B,0x0E,0x03,0x02,0x0C,                      /* [  379] OBJ_dsa_2 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0B,  /* [  384] OBJ_pbeWithSHA1AndRC2_CBC */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0C,  /* [  393] OBJ_id_pbkdf2 */
+    0x2B,0x0E,0x03,0x02,0x1B,                      /* [  402] OBJ_dsaWithSHA1_2 */
+    0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x01,  /* [  407] OBJ_netscape_cert_type */
+    0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x02,  /* [  416] OBJ_netscape_base_url */
+    0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x03,  /* [  425] OBJ_netscape_revocation_url */
+    0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x04,  /* [  434] OBJ_netscape_ca_revocation_url */
+    0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x07,  /* [  443] OBJ_netscape_renewal_url */
+    0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x08,  /* [  452] OBJ_netscape_ca_policy_url */
+    0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0C,  /* [  461] OBJ_netscape_ssl_server_name */
+    0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0D,  /* [  470] OBJ_netscape_comment */
+    0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02,0x05,  /* [  479] OBJ_netscape_cert_sequence */
+    0x55,0x1D,                                     /* [  488] OBJ_id_ce */
+    0x55,0x1D,0x0E,                                /* [  490] OBJ_subject_key_identifier */
+    0x55,0x1D,0x0F,                                /* [  493] OBJ_key_usage */
+    0x55,0x1D,0x10,                                /* [  496] OBJ_private_key_usage_period */
+    0x55,0x1D,0x11,                                /* [  499] OBJ_subject_alt_name */
+    0x55,0x1D,0x12,                                /* [  502] OBJ_issuer_alt_name */
+    0x55,0x1D,0x13,                                /* [  505] OBJ_basic_constraints */
+    0x55,0x1D,0x14,                                /* [  508] OBJ_crl_number */
+    0x55,0x1D,0x20,                                /* [  511] OBJ_certificate_policies */
+    0x55,0x1D,0x23,                                /* [  514] OBJ_authority_key_identifier */
+    0x2B,0x06,0x01,0x04,0x01,0x97,0x55,0x01,0x02,  /* [  517] OBJ_bf_cbc */
+    0x55,0x08,0x03,0x65,                           /* [  526] OBJ_mdc2 */
+    0x55,0x08,0x03,0x64,                           /* [  530] OBJ_mdc2WithRSA */
+    0x55,0x04,0x2A,                                /* [  534] OBJ_givenName */
+    0x55,0x04,0x04,                                /* [  537] OBJ_surname */
+    0x55,0x04,0x2B,                                /* [  540] OBJ_initials */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2C,  /* [  543] OBJ_uniqueIdentifier */
+    0x55,0x1D,0x1F,                                /* [  553] OBJ_crl_distribution_points */
+    0x2B,0x0E,0x03,0x02,0x03,                      /* [  556] OBJ_md5WithRSA */
+    0x55,0x04,0x05,                                /* [  561] OBJ_serialNumber */
+    0x55,0x04,0x0C,                                /* [  564] OBJ_title */
+    0x55,0x04,0x0D,                                /* [  567] OBJ_description */
+    0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0A,  /* [  570] OBJ_cast5_cbc */
+    0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0C,  /* [  579] OBJ_pbeWithMD5AndCast5_CBC */
+    0x2A,0x86,0x48,0xCE,0x38,0x04,0x03,            /* [  588] OBJ_dsaWithSHA1 */
+    0x2B,0x0E,0x03,0x02,0x1D,                      /* [  595] OBJ_sha1WithRSA */
+    0x2A,0x86,0x48,0xCE,0x38,0x04,0x01,            /* [  600] OBJ_dsa */
+    0x2B,0x24,0x03,0x02,0x01,                      /* [  607] OBJ_ripemd160 */
+    0x2B,0x24,0x03,0x03,0x01,0x02,                 /* [  612] OBJ_ripemd160WithRSA */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x08,       /* [  618] OBJ_rc5_cbc */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x08,  /* [  626] OBJ_zlib_compression */
+    0x55,0x1D,0x25,                                /* [  637] OBJ_ext_key_usage */
+    0x2B,0x06,0x01,0x05,0x05,0x07,                 /* [  640] OBJ_id_pkix */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,            /* [  646] OBJ_id_kp */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,       /* [  653] OBJ_server_auth */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,       /* [  661] OBJ_client_auth */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03,       /* [  669] OBJ_code_sign */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x04,       /* [  677] OBJ_email_protect */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x08,       /* [  685] OBJ_time_stamp */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x15,  /* [  693] OBJ_ms_code_ind */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x16,  /* [  703] OBJ_ms_code_com */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x01,  /* [  713] OBJ_ms_ctl_sign */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x03,  /* [  723] OBJ_ms_sgc */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x04,  /* [  733] OBJ_ms_efs */
+    0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01,  /* [  743] OBJ_ns_sgc */
+    0x55,0x1D,0x1B,                                /* [  752] OBJ_delta_crl */
+    0x55,0x1D,0x15,                                /* [  755] OBJ_crl_reason */
+    0x55,0x1D,0x18,                                /* [  758] OBJ_invalidity_date */
+    0x2B,0x65,0x01,0x04,0x01,                      /* [  761] OBJ_sxnet */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x01,  /* [  766] OBJ_pbe_WithSHA1And128BitRC4 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x02,  /* [  776] OBJ_pbe_WithSHA1And40BitRC4 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x03,  /* [  786] OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x04,  /* [  796] OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x05,  /* [  806] OBJ_pbe_WithSHA1And128BitRC2_CBC */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x06,  /* [  816] OBJ_pbe_WithSHA1And40BitRC2_CBC */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x01,  /* [  826] OBJ_keyBag */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x02,  /* [  837] OBJ_pkcs8ShroudedKeyBag */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x03,  /* [  848] OBJ_certBag */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x04,  /* [  859] OBJ_crlBag */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x05,  /* [  870] OBJ_secretBag */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x06,  /* [  881] OBJ_safeContentsBag */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x14,  /* [  892] OBJ_friendlyName */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x15,  /* [  901] OBJ_localKeyID */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x01,  /* [  910] OBJ_x509Certificate */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x02,  /* [  920] OBJ_sdsiCertificate */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x17,0x01,  /* [  930] OBJ_x509Crl */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0D,  /* [  940] OBJ_pbes2 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0E,  /* [  949] OBJ_pbmac1 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x07,       /* [  958] OBJ_hmacWithSHA1 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,       /* [  966] OBJ_id_qt_cps */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02,       /* [  974] OBJ_id_qt_unotice */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0F,  /* [  982] OBJ_SMIMECapabilities */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x04,  /* [  991] OBJ_pbeWithMD2AndRC2_CBC */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x06,  /* [ 1000] OBJ_pbeWithMD5AndRC2_CBC */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0A,  /* [ 1009] OBJ_pbeWithSHA1AndDES_CBC */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x0E,  /* [ 1018] OBJ_ms_ext_req */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0E,  /* [ 1028] OBJ_ext_req */
+    0x55,0x04,0x29,                                /* [ 1037] OBJ_name */
+    0x55,0x04,0x2E,                                /* [ 1040] OBJ_dnQualifier */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,            /* [ 1043] OBJ_id_pe */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,            /* [ 1050] OBJ_id_ad */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,       /* [ 1057] OBJ_info_access */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,       /* [ 1065] OBJ_ad_OCSP */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,       /* [ 1073] OBJ_ad_ca_issuers */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x09,       /* [ 1081] OBJ_OCSP_sign */
+    0x2A,                                          /* [ 1089] OBJ_member_body */
+    0x2A,0x86,0x48,                                /* [ 1090] OBJ_ISO_US */
+    0x2A,0x86,0x48,0xCE,0x38,                      /* [ 1093] OBJ_X9_57 */
+    0x2A,0x86,0x48,0xCE,0x38,0x04,                 /* [ 1098] OBJ_X9cm */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,       /* [ 1104] OBJ_pkcs1 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,       /* [ 1112] OBJ_pkcs5 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,  /* [ 1120] OBJ_SMIME */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,  /* [ 1129] OBJ_id_smime_mod */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,  /* [ 1139] OBJ_id_smime_ct */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,  /* [ 1149] OBJ_id_smime_aa */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,  /* [ 1159] OBJ_id_smime_alg */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,  /* [ 1169] OBJ_id_smime_cd */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,  /* [ 1179] OBJ_id_smime_spq */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,  /* [ 1189] OBJ_id_smime_cti */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x01,  /* [ 1199] OBJ_id_smime_mod_cms */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x02,  /* [ 1210] OBJ_id_smime_mod_ess */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x03,  /* [ 1221] OBJ_id_smime_mod_oid */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x04,  /* [ 1232] OBJ_id_smime_mod_msg_v3 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x05,  /* [ 1243] OBJ_id_smime_mod_ets_eSignature_88 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x06,  /* [ 1254] OBJ_id_smime_mod_ets_eSignature_97 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x07,  /* [ 1265] OBJ_id_smime_mod_ets_eSigPolicy_88 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x08,  /* [ 1276] OBJ_id_smime_mod_ets_eSigPolicy_97 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x01,  /* [ 1287] OBJ_id_smime_ct_receipt */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x02,  /* [ 1298] OBJ_id_smime_ct_authData */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x03,  /* [ 1309] OBJ_id_smime_ct_publishCert */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x04,  /* [ 1320] OBJ_id_smime_ct_TSTInfo */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x05,  /* [ 1331] OBJ_id_smime_ct_TDTInfo */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x06,  /* [ 1342] OBJ_id_smime_ct_contentInfo */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x07,  /* [ 1353] OBJ_id_smime_ct_DVCSRequestData */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x08,  /* [ 1364] OBJ_id_smime_ct_DVCSResponseData */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x01,  /* [ 1375] OBJ_id_smime_aa_receiptRequest */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x02,  /* [ 1386] OBJ_id_smime_aa_securityLabel */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x03,  /* [ 1397] OBJ_id_smime_aa_mlExpandHistory */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x04,  /* [ 1408] OBJ_id_smime_aa_contentHint */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x05,  /* [ 1419] OBJ_id_smime_aa_msgSigDigest */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x06,  /* [ 1430] OBJ_id_smime_aa_encapContentType */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x07,  /* [ 1441] OBJ_id_smime_aa_contentIdentifier */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x08,  /* [ 1452] OBJ_id_smime_aa_macValue */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x09,  /* [ 1463] OBJ_id_smime_aa_equivalentLabels */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0A,  /* [ 1474] OBJ_id_smime_aa_contentReference */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0B,  /* [ 1485] OBJ_id_smime_aa_encrypKeyPref */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0C,  /* [ 1496] OBJ_id_smime_aa_signingCertificate */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0D,  /* [ 1507] OBJ_id_smime_aa_smimeEncryptCerts */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0E,  /* [ 1518] OBJ_id_smime_aa_timeStampToken */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0F,  /* [ 1529] OBJ_id_smime_aa_ets_sigPolicyId */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x10,  /* [ 1540] OBJ_id_smime_aa_ets_commitmentType */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x11,  /* [ 1551] OBJ_id_smime_aa_ets_signerLocation */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x12,  /* [ 1562] OBJ_id_smime_aa_ets_signerAttr */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x13,  /* [ 1573] OBJ_id_smime_aa_ets_otherSigCert */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x14,  /* [ 1584] OBJ_id_smime_aa_ets_contentTimestamp */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x15,  /* [ 1595] OBJ_id_smime_aa_ets_CertificateRefs */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x16,  /* [ 1606] OBJ_id_smime_aa_ets_RevocationRefs */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x17,  /* [ 1617] OBJ_id_smime_aa_ets_certValues */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x18,  /* [ 1628] OBJ_id_smime_aa_ets_revocationValues */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x19,  /* [ 1639] OBJ_id_smime_aa_ets_escTimeStamp */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1A,  /* [ 1650] OBJ_id_smime_aa_ets_certCRLTimestamp */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1B,  /* [ 1661] OBJ_id_smime_aa_ets_archiveTimeStamp */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1C,  /* [ 1672] OBJ_id_smime_aa_signatureType */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1D,  /* [ 1683] OBJ_id_smime_aa_dvcs_dvc */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x01,  /* [ 1694] OBJ_id_smime_alg_ESDHwith3DES */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x02,  /* [ 1705] OBJ_id_smime_alg_ESDHwithRC2 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x03,  /* [ 1716] OBJ_id_smime_alg_3DESwrap */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x04,  /* [ 1727] OBJ_id_smime_alg_RC2wrap */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x05,  /* [ 1738] OBJ_id_smime_alg_ESDH */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x06,  /* [ 1749] OBJ_id_smime_alg_CMS3DESwrap */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x07,  /* [ 1760] OBJ_id_smime_alg_CMSRC2wrap */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,0x01,  /* [ 1771] OBJ_id_smime_cd_ldap */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x01,  /* [ 1782] OBJ_id_smime_spq_ets_sqt_uri */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x02,  /* [ 1793] OBJ_id_smime_spq_ets_sqt_unotice */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x01,  /* [ 1804] OBJ_id_smime_cti_ets_proofOfOrigin */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x02,  /* [ 1815] OBJ_id_smime_cti_ets_proofOfReceipt */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x03,  /* [ 1826] OBJ_id_smime_cti_ets_proofOfDelivery */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x04,  /* [ 1837] OBJ_id_smime_cti_ets_proofOfSender */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x05,  /* [ 1848] OBJ_id_smime_cti_ets_proofOfApproval */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x06,  /* [ 1859] OBJ_id_smime_cti_ets_proofOfCreation */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x04,       /* [ 1870] OBJ_md4 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,            /* [ 1878] OBJ_id_pkix_mod */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x02,            /* [ 1885] OBJ_id_qt */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,            /* [ 1892] OBJ_id_it */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x05,            /* [ 1899] OBJ_id_pkip */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x06,            /* [ 1906] OBJ_id_alg */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,            /* [ 1913] OBJ_id_cmc */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x08,            /* [ 1920] OBJ_id_on */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x09,            /* [ 1927] OBJ_id_pda */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,            /* [ 1934] OBJ_id_aca */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,            /* [ 1941] OBJ_id_qcs */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,            /* [ 1948] OBJ_id_cct */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x01,       /* [ 1955] OBJ_id_pkix1_explicit_88 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x02,       /* [ 1963] OBJ_id_pkix1_implicit_88 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x03,       /* [ 1971] OBJ_id_pkix1_explicit_93 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x04,       /* [ 1979] OBJ_id_pkix1_implicit_93 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x05,       /* [ 1987] OBJ_id_mod_crmf */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x06,       /* [ 1995] OBJ_id_mod_cmc */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x07,       /* [ 2003] OBJ_id_mod_kea_profile_88 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x08,       /* [ 2011] OBJ_id_mod_kea_profile_93 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x09,       /* [ 2019] OBJ_id_mod_cmp */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0A,       /* [ 2027] OBJ_id_mod_qualified_cert_88 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0B,       /* [ 2035] OBJ_id_mod_qualified_cert_93 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0C,       /* [ 2043] OBJ_id_mod_attribute_cert */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0D,       /* [ 2051] OBJ_id_mod_timestamp_protocol */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0E,       /* [ 2059] OBJ_id_mod_ocsp */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0F,       /* [ 2067] OBJ_id_mod_dvcs */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x10,       /* [ 2075] OBJ_id_mod_cmp2000 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x02,       /* [ 2083] OBJ_biometricInfo */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x03,       /* [ 2091] OBJ_qcStatements */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x04,       /* [ 2099] OBJ_ac_auditEntity */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x05,       /* [ 2107] OBJ_ac_targeting */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x06,       /* [ 2115] OBJ_aaControls */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x07,       /* [ 2123] OBJ_sbgp_ipAddrBlock */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08,       /* [ 2131] OBJ_sbgp_autonomousSysNum */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09,       /* [ 2139] OBJ_sbgp_routerIdentifier */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x03,       /* [ 2147] OBJ_textNotice */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x05,       /* [ 2155] OBJ_ipsecEndSystem */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x06,       /* [ 2163] OBJ_ipsecTunnel */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x07,       /* [ 2171] OBJ_ipsecUser */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x0A,       /* [ 2179] OBJ_dvcs */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x01,       /* [ 2187] OBJ_id_it_caProtEncCert */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x02,       /* [ 2195] OBJ_id_it_signKeyPairTypes */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x03,       /* [ 2203] OBJ_id_it_encKeyPairTypes */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x04,       /* [ 2211] OBJ_id_it_preferredSymmAlg */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x05,       /* [ 2219] OBJ_id_it_caKeyUpdateInfo */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x06,       /* [ 2227] OBJ_id_it_currentCRL */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x07,       /* [ 2235] OBJ_id_it_unsupportedOIDs */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x08,       /* [ 2243] OBJ_id_it_subscriptionRequest */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x09,       /* [ 2251] OBJ_id_it_subscriptionResponse */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0A,       /* [ 2259] OBJ_id_it_keyPairParamReq */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0B,       /* [ 2267] OBJ_id_it_keyPairParamRep */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0C,       /* [ 2275] OBJ_id_it_revPassphrase */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0D,       /* [ 2283] OBJ_id_it_implicitConfirm */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0E,       /* [ 2291] OBJ_id_it_confirmWaitTime */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0F,       /* [ 2299] OBJ_id_it_origPKIMessage */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,       /* [ 2307] OBJ_id_regCtrl */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,       /* [ 2315] OBJ_id_regInfo */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x01,  /* [ 2323] OBJ_id_regCtrl_regToken */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x02,  /* [ 2332] OBJ_id_regCtrl_authenticator */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x03,  /* [ 2341] OBJ_id_regCtrl_pkiPublicationInfo */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x04,  /* [ 2350] OBJ_id_regCtrl_pkiArchiveOptions */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x05,  /* [ 2359] OBJ_id_regCtrl_oldCertID */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x06,  /* [ 2368] OBJ_id_regCtrl_protocolEncrKey */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x01,  /* [ 2377] OBJ_id_regInfo_utf8Pairs */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x02,  /* [ 2386] OBJ_id_regInfo_certReq */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x01,       /* [ 2395] OBJ_id_alg_des40 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x02,       /* [ 2403] OBJ_id_alg_noSignature */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x03,       /* [ 2411] OBJ_id_alg_dh_sig_hmac_sha1 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x04,       /* [ 2419] OBJ_id_alg_dh_pop */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x01,       /* [ 2427] OBJ_id_cmc_statusInfo */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x02,       /* [ 2435] OBJ_id_cmc_identification */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x03,       /* [ 2443] OBJ_id_cmc_identityProof */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x04,       /* [ 2451] OBJ_id_cmc_dataReturn */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x05,       /* [ 2459] OBJ_id_cmc_transactionId */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x06,       /* [ 2467] OBJ_id_cmc_senderNonce */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x07,       /* [ 2475] OBJ_id_cmc_recipientNonce */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x08,       /* [ 2483] OBJ_id_cmc_addExtensions */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x09,       /* [ 2491] OBJ_id_cmc_encryptedPOP */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0A,       /* [ 2499] OBJ_id_cmc_decryptedPOP */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0B,       /* [ 2507] OBJ_id_cmc_lraPOPWitness */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0F,       /* [ 2515] OBJ_id_cmc_getCert */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x10,       /* [ 2523] OBJ_id_cmc_getCRL */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x11,       /* [ 2531] OBJ_id_cmc_revokeRequest */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x12,       /* [ 2539] OBJ_id_cmc_regInfo */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x13,       /* [ 2547] OBJ_id_cmc_responseInfo */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x15,       /* [ 2555] OBJ_id_cmc_queryPending */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x16,       /* [ 2563] OBJ_id_cmc_popLinkRandom */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x17,       /* [ 2571] OBJ_id_cmc_popLinkWitness */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x18,       /* [ 2579] OBJ_id_cmc_confirmCertAcceptance */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x01,       /* [ 2587] OBJ_id_on_personalData */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x01,       /* [ 2595] OBJ_id_pda_dateOfBirth */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x02,       /* [ 2603] OBJ_id_pda_placeOfBirth */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x03,       /* [ 2611] OBJ_id_pda_gender */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x04,       /* [ 2619] OBJ_id_pda_countryOfCitizenship */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x05,       /* [ 2627] OBJ_id_pda_countryOfResidence */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x01,       /* [ 2635] OBJ_id_aca_authenticationInfo */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x02,       /* [ 2643] OBJ_id_aca_accessIdentity */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x03,       /* [ 2651] OBJ_id_aca_chargingIdentity */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x04,       /* [ 2659] OBJ_id_aca_group */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x05,       /* [ 2667] OBJ_id_aca_role */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,0x01,       /* [ 2675] OBJ_id_qcs_pkixQCSyntax_v1 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x01,       /* [ 2683] OBJ_id_cct_crs */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x02,       /* [ 2691] OBJ_id_cct_PKIData */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x03,       /* [ 2699] OBJ_id_cct_PKIResponse */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x03,       /* [ 2707] OBJ_ad_timeStamping */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x04,       /* [ 2715] OBJ_ad_dvcs */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x01,  /* [ 2723] OBJ_id_pkix_OCSP_basic */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x02,  /* [ 2732] OBJ_id_pkix_OCSP_Nonce */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x03,  /* [ 2741] OBJ_id_pkix_OCSP_CrlID */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x04,  /* [ 2750] OBJ_id_pkix_OCSP_acceptableResponses */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05,  /* [ 2759] OBJ_id_pkix_OCSP_noCheck */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x06,  /* [ 2768] OBJ_id_pkix_OCSP_archiveCutoff */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x07,  /* [ 2777] OBJ_id_pkix_OCSP_serviceLocator */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x08,  /* [ 2786] OBJ_id_pkix_OCSP_extendedStatus */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x09,  /* [ 2795] OBJ_id_pkix_OCSP_valid */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0A,  /* [ 2804] OBJ_id_pkix_OCSP_path */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0B,  /* [ 2813] OBJ_id_pkix_OCSP_trustRoot */
+    0x2B,0x0E,0x03,0x02,                           /* [ 2822] OBJ_algorithm */
+    0x2B,0x0E,0x03,0x02,0x0B,                      /* [ 2826] OBJ_rsaSignature */
+    0x55,0x08,                                     /* [ 2831] OBJ_X500algorithms */
+    0x2B,                                          /* [ 2833] OBJ_org */
+    0x2B,0x06,                                     /* [ 2834] OBJ_dod */
+    0x2B,0x06,0x01,                                /* [ 2836] OBJ_iana */
+    0x2B,0x06,0x01,0x01,                           /* [ 2839] OBJ_Directory */
+    0x2B,0x06,0x01,0x02,                           /* [ 2843] OBJ_Management */
+    0x2B,0x06,0x01,0x03,                           /* [ 2847] OBJ_Experimental */
+    0x2B,0x06,0x01,0x04,                           /* [ 2851] OBJ_Private */
+    0x2B,0x06,0x01,0x05,                           /* [ 2855] OBJ_Security */
+    0x2B,0x06,0x01,0x06,                           /* [ 2859] OBJ_SNMPv2 */
+    0x2B,0x06,0x01,0x07,                           /* [ 2863] OBJ_Mail */
+    0x2B,0x06,0x01,0x04,0x01,                      /* [ 2867] OBJ_Enterprises */
+    0x2B,0x06,0x01,0x04,0x01,0x8B,0x3A,0x82,0x58,  /* [ 2872] OBJ_dcObject */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,  /* [ 2881] OBJ_domainComponent */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D,  /* [ 2891] OBJ_Domain */
+    0x55,0x01,0x05,                                /* [ 2901] OBJ_selected_attribute_types */
+    0x55,0x01,0x05,0x37,                           /* [ 2904] OBJ_clearance */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x03,  /* [ 2908] OBJ_md4WithRSAEncryption */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0A,       /* [ 2917] OBJ_ac_proxying */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0B,       /* [ 2925] OBJ_sinfo_access */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x06,       /* [ 2933] OBJ_id_aca_encAttrs */
+    0x55,0x04,0x48,                                /* [ 2941] OBJ_role */
+    0x55,0x1D,0x24,                                /* [ 2944] OBJ_policy_constraints */
+    0x55,0x1D,0x37,                                /* [ 2947] OBJ_target_information */
+    0x55,0x1D,0x38,                                /* [ 2950] OBJ_no_rev_avail */
+    0x2A,0x86,0x48,0xCE,0x3D,                      /* [ 2953] OBJ_ansi_X9_62 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x01,0x01,            /* [ 2958] OBJ_X9_62_prime_field */
+    0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,            /* [ 2965] OBJ_X9_62_characteristic_two_field */
+    0x2A,0x86,0x48,0xCE,0x3D,0x02,0x01,            /* [ 2972] OBJ_X9_62_id_ecPublicKey */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x01,       /* [ 2979] OBJ_X9_62_prime192v1 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x02,       /* [ 2987] OBJ_X9_62_prime192v2 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x03,       /* [ 2995] OBJ_X9_62_prime192v3 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x04,       /* [ 3003] OBJ_X9_62_prime239v1 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x05,       /* [ 3011] OBJ_X9_62_prime239v2 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x06,       /* [ 3019] OBJ_X9_62_prime239v3 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07,       /* [ 3027] OBJ_X9_62_prime256v1 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x04,0x01,            /* [ 3035] OBJ_ecdsa_with_SHA1 */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x01,  /* [ 3042] OBJ_ms_csp_name */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x01,  /* [ 3051] OBJ_aes_128_ecb */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x02,  /* [ 3060] OBJ_aes_128_cbc */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x03,  /* [ 3069] OBJ_aes_128_ofb128 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x04,  /* [ 3078] OBJ_aes_128_cfb128 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x15,  /* [ 3087] OBJ_aes_192_ecb */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x16,  /* [ 3096] OBJ_aes_192_cbc */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x17,  /* [ 3105] OBJ_aes_192_ofb128 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x18,  /* [ 3114] OBJ_aes_192_cfb128 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x29,  /* [ 3123] OBJ_aes_256_ecb */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2A,  /* [ 3132] OBJ_aes_256_cbc */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2B,  /* [ 3141] OBJ_aes_256_ofb128 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2C,  /* [ 3150] OBJ_aes_256_cfb128 */
+    0x55,0x1D,0x17,                                /* [ 3159] OBJ_hold_instruction_code */
+    0x2A,0x86,0x48,0xCE,0x38,0x02,0x01,            /* [ 3162] OBJ_hold_instruction_none */
+    0x2A,0x86,0x48,0xCE,0x38,0x02,0x02,            /* [ 3169] OBJ_hold_instruction_call_issuer */
+    0x2A,0x86,0x48,0xCE,0x38,0x02,0x03,            /* [ 3176] OBJ_hold_instruction_reject */
+    0x09,                                          /* [ 3183] OBJ_data */
+    0x09,0x92,0x26,                                /* [ 3184] OBJ_pss */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,            /* [ 3187] OBJ_ucl */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,       /* [ 3194] OBJ_pilot */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,  /* [ 3202] OBJ_pilotAttributeType */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,  /* [ 3211] OBJ_pilotAttributeSyntax */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,  /* [ 3220] OBJ_pilotObjectClass */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x0A,  /* [ 3229] OBJ_pilotGroups */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x04,  /* [ 3238] OBJ_iA5StringSyntax */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x05,  /* [ 3248] OBJ_caseIgnoreIA5StringSyntax */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x03,  /* [ 3258] OBJ_pilotObject */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x04,  /* [ 3268] OBJ_pilotPerson */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x05,  /* [ 3278] OBJ_account */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x06,  /* [ 3288] OBJ_document */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x07,  /* [ 3298] OBJ_room */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x09,  /* [ 3308] OBJ_documentSeries */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0E,  /* [ 3318] OBJ_rFC822localPart */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0F,  /* [ 3328] OBJ_dNSDomain */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x11,  /* [ 3338] OBJ_domainRelatedObject */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x12,  /* [ 3348] OBJ_friendlyCountry */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x13,  /* [ 3358] OBJ_simpleSecurityObject */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x14,  /* [ 3368] OBJ_pilotOrganization */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x15,  /* [ 3378] OBJ_pilotDSA */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x16,  /* [ 3388] OBJ_qualityLabelledData */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x01,  /* [ 3398] OBJ_userId */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x02,  /* [ 3408] OBJ_textEncodedORAddress */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x03,  /* [ 3418] OBJ_rfc822Mailbox */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x04,  /* [ 3428] OBJ_info */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x05,  /* [ 3438] OBJ_favouriteDrink */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x06,  /* [ 3448] OBJ_roomNumber */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x07,  /* [ 3458] OBJ_photo */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x08,  /* [ 3468] OBJ_userClass */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x09,  /* [ 3478] OBJ_host */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0A,  /* [ 3488] OBJ_manager */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0B,  /* [ 3498] OBJ_documentIdentifier */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0C,  /* [ 3508] OBJ_documentTitle */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0D,  /* [ 3518] OBJ_documentVersion */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0E,  /* [ 3528] OBJ_documentAuthor */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0F,  /* [ 3538] OBJ_documentLocation */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x14,  /* [ 3548] OBJ_homeTelephoneNumber */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x15,  /* [ 3558] OBJ_secretary */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x16,  /* [ 3568] OBJ_otherMailbox */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x17,  /* [ 3578] OBJ_lastModifiedTime */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x18,  /* [ 3588] OBJ_lastModifiedBy */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1A,  /* [ 3598] OBJ_aRecord */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1B,  /* [ 3608] OBJ_pilotAttributeType27 */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1C,  /* [ 3618] OBJ_mXRecord */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1D,  /* [ 3628] OBJ_nSRecord */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1E,  /* [ 3638] OBJ_sOARecord */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1F,  /* [ 3648] OBJ_cNAMERecord */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x25,  /* [ 3658] OBJ_associatedDomain */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x26,  /* [ 3668] OBJ_associatedName */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x27,  /* [ 3678] OBJ_homePostalAddress */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x28,  /* [ 3688] OBJ_personalTitle */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x29,  /* [ 3698] OBJ_mobileTelephoneNumber */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2A,  /* [ 3708] OBJ_pagerTelephoneNumber */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2B,  /* [ 3718] OBJ_friendlyCountryName */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2D,  /* [ 3728] OBJ_organizationalStatus */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2E,  /* [ 3738] OBJ_janetMailbox */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2F,  /* [ 3748] OBJ_mailPreferenceOption */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x30,  /* [ 3758] OBJ_buildingName */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x31,  /* [ 3768] OBJ_dSAQuality */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x32,  /* [ 3778] OBJ_singleLevelQuality */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x33,  /* [ 3788] OBJ_subtreeMinimumQuality */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x34,  /* [ 3798] OBJ_subtreeMaximumQuality */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x35,  /* [ 3808] OBJ_personalSignature */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x36,  /* [ 3818] OBJ_dITRedirect */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x37,  /* [ 3828] OBJ_audio */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x38,  /* [ 3838] OBJ_documentPublisher */
+    0x55,0x04,0x2D,                                /* [ 3848] OBJ_x500UniqueIdentifier */
+    0x2B,0x06,0x01,0x07,0x01,                      /* [ 3851] OBJ_mime_mhs */
+    0x2B,0x06,0x01,0x07,0x01,0x01,                 /* [ 3856] OBJ_mime_mhs_headings */
+    0x2B,0x06,0x01,0x07,0x01,0x02,                 /* [ 3862] OBJ_mime_mhs_bodies */
+    0x2B,0x06,0x01,0x07,0x01,0x01,0x01,            /* [ 3868] OBJ_id_hex_partial_message */
+    0x2B,0x06,0x01,0x07,0x01,0x01,0x02,            /* [ 3875] OBJ_id_hex_multipart_message */
+    0x55,0x04,0x2C,                                /* [ 3882] OBJ_generationQualifier */
+    0x55,0x04,0x41,                                /* [ 3885] OBJ_pseudonym */
+    0x67,0x2A,                                     /* [ 3888] OBJ_id_set */
+    0x67,0x2A,0x00,                                /* [ 3890] OBJ_set_ctype */
+    0x67,0x2A,0x01,                                /* [ 3893] OBJ_set_msgExt */
+    0x67,0x2A,0x03,                                /* [ 3896] OBJ_set_attr */
+    0x67,0x2A,0x05,                                /* [ 3899] OBJ_set_policy */
+    0x67,0x2A,0x07,                                /* [ 3902] OBJ_set_certExt */
+    0x67,0x2A,0x08,                                /* [ 3905] OBJ_set_brand */
+    0x67,0x2A,0x00,0x00,                           /* [ 3908] OBJ_setct_PANData */
+    0x67,0x2A,0x00,0x01,                           /* [ 3912] OBJ_setct_PANToken */
+    0x67,0x2A,0x00,0x02,                           /* [ 3916] OBJ_setct_PANOnly */
+    0x67,0x2A,0x00,0x03,                           /* [ 3920] OBJ_setct_OIData */
+    0x67,0x2A,0x00,0x04,                           /* [ 3924] OBJ_setct_PI */
+    0x67,0x2A,0x00,0x05,                           /* [ 3928] OBJ_setct_PIData */
+    0x67,0x2A,0x00,0x06,                           /* [ 3932] OBJ_setct_PIDataUnsigned */
+    0x67,0x2A,0x00,0x07,                           /* [ 3936] OBJ_setct_HODInput */
+    0x67,0x2A,0x00,0x08,                           /* [ 3940] OBJ_setct_AuthResBaggage */
+    0x67,0x2A,0x00,0x09,                           /* [ 3944] OBJ_setct_AuthRevReqBaggage */
+    0x67,0x2A,0x00,0x0A,                           /* [ 3948] OBJ_setct_AuthRevResBaggage */
+    0x67,0x2A,0x00,0x0B,                           /* [ 3952] OBJ_setct_CapTokenSeq */
+    0x67,0x2A,0x00,0x0C,                           /* [ 3956] OBJ_setct_PInitResData */
+    0x67,0x2A,0x00,0x0D,                           /* [ 3960] OBJ_setct_PI_TBS */
+    0x67,0x2A,0x00,0x0E,                           /* [ 3964] OBJ_setct_PResData */
+    0x67,0x2A,0x00,0x10,                           /* [ 3968] OBJ_setct_AuthReqTBS */
+    0x67,0x2A,0x00,0x11,                           /* [ 3972] OBJ_setct_AuthResTBS */
+    0x67,0x2A,0x00,0x12,                           /* [ 3976] OBJ_setct_AuthResTBSX */
+    0x67,0x2A,0x00,0x13,                           /* [ 3980] OBJ_setct_AuthTokenTBS */
+    0x67,0x2A,0x00,0x14,                           /* [ 3984] OBJ_setct_CapTokenData */
+    0x67,0x2A,0x00,0x15,                           /* [ 3988] OBJ_setct_CapTokenTBS */
+    0x67,0x2A,0x00,0x16,                           /* [ 3992] OBJ_setct_AcqCardCodeMsg */
+    0x67,0x2A,0x00,0x17,                           /* [ 3996] OBJ_setct_AuthRevReqTBS */
+    0x67,0x2A,0x00,0x18,                           /* [ 4000] OBJ_setct_AuthRevResData */
+    0x67,0x2A,0x00,0x19,                           /* [ 4004] OBJ_setct_AuthRevResTBS */
+    0x67,0x2A,0x00,0x1A,                           /* [ 4008] OBJ_setct_CapReqTBS */
+    0x67,0x2A,0x00,0x1B,                           /* [ 4012] OBJ_setct_CapReqTBSX */
+    0x67,0x2A,0x00,0x1C,                           /* [ 4016] OBJ_setct_CapResData */
+    0x67,0x2A,0x00,0x1D,                           /* [ 4020] OBJ_setct_CapRevReqTBS */
+    0x67,0x2A,0x00,0x1E,                           /* [ 4024] OBJ_setct_CapRevReqTBSX */
+    0x67,0x2A,0x00,0x1F,                           /* [ 4028] OBJ_setct_CapRevResData */
+    0x67,0x2A,0x00,0x20,                           /* [ 4032] OBJ_setct_CredReqTBS */
+    0x67,0x2A,0x00,0x21,                           /* [ 4036] OBJ_setct_CredReqTBSX */
+    0x67,0x2A,0x00,0x22,                           /* [ 4040] OBJ_setct_CredResData */
+    0x67,0x2A,0x00,0x23,                           /* [ 4044] OBJ_setct_CredRevReqTBS */
+    0x67,0x2A,0x00,0x24,                           /* [ 4048] OBJ_setct_CredRevReqTBSX */
+    0x67,0x2A,0x00,0x25,                           /* [ 4052] OBJ_setct_CredRevResData */
+    0x67,0x2A,0x00,0x26,                           /* [ 4056] OBJ_setct_PCertReqData */
+    0x67,0x2A,0x00,0x27,                           /* [ 4060] OBJ_setct_PCertResTBS */
+    0x67,0x2A,0x00,0x28,                           /* [ 4064] OBJ_setct_BatchAdminReqData */
+    0x67,0x2A,0x00,0x29,                           /* [ 4068] OBJ_setct_BatchAdminResData */
+    0x67,0x2A,0x00,0x2A,                           /* [ 4072] OBJ_setct_CardCInitResTBS */
+    0x67,0x2A,0x00,0x2B,                           /* [ 4076] OBJ_setct_MeAqCInitResTBS */
+    0x67,0x2A,0x00,0x2C,                           /* [ 4080] OBJ_setct_RegFormResTBS */
+    0x67,0x2A,0x00,0x2D,                           /* [ 4084] OBJ_setct_CertReqData */
+    0x67,0x2A,0x00,0x2E,                           /* [ 4088] OBJ_setct_CertReqTBS */
+    0x67,0x2A,0x00,0x2F,                           /* [ 4092] OBJ_setct_CertResData */
+    0x67,0x2A,0x00,0x30,                           /* [ 4096] OBJ_setct_CertInqReqTBS */
+    0x67,0x2A,0x00,0x31,                           /* [ 4100] OBJ_setct_ErrorTBS */
+    0x67,0x2A,0x00,0x32,                           /* [ 4104] OBJ_setct_PIDualSignedTBE */
+    0x67,0x2A,0x00,0x33,                           /* [ 4108] OBJ_setct_PIUnsignedTBE */
+    0x67,0x2A,0x00,0x34,                           /* [ 4112] OBJ_setct_AuthReqTBE */
+    0x67,0x2A,0x00,0x35,                           /* [ 4116] OBJ_setct_AuthResTBE */
+    0x67,0x2A,0x00,0x36,                           /* [ 4120] OBJ_setct_AuthResTBEX */
+    0x67,0x2A,0x00,0x37,                           /* [ 4124] OBJ_setct_AuthTokenTBE */
+    0x67,0x2A,0x00,0x38,                           /* [ 4128] OBJ_setct_CapTokenTBE */
+    0x67,0x2A,0x00,0x39,                           /* [ 4132] OBJ_setct_CapTokenTBEX */
+    0x67,0x2A,0x00,0x3A,                           /* [ 4136] OBJ_setct_AcqCardCodeMsgTBE */
+    0x67,0x2A,0x00,0x3B,                           /* [ 4140] OBJ_setct_AuthRevReqTBE */
+    0x67,0x2A,0x00,0x3C,                           /* [ 4144] OBJ_setct_AuthRevResTBE */
+    0x67,0x2A,0x00,0x3D,                           /* [ 4148] OBJ_setct_AuthRevResTBEB */
+    0x67,0x2A,0x00,0x3E,                           /* [ 4152] OBJ_setct_CapReqTBE */
+    0x67,0x2A,0x00,0x3F,                           /* [ 4156] OBJ_setct_CapReqTBEX */
+    0x67,0x2A,0x00,0x40,                           /* [ 4160] OBJ_setct_CapResTBE */
+    0x67,0x2A,0x00,0x41,                           /* [ 4164] OBJ_setct_CapRevReqTBE */
+    0x67,0x2A,0x00,0x42,                           /* [ 4168] OBJ_setct_CapRevReqTBEX */
+    0x67,0x2A,0x00,0x43,                           /* [ 4172] OBJ_setct_CapRevResTBE */
+    0x67,0x2A,0x00,0x44,                           /* [ 4176] OBJ_setct_CredReqTBE */
+    0x67,0x2A,0x00,0x45,                           /* [ 4180] OBJ_setct_CredReqTBEX */
+    0x67,0x2A,0x00,0x46,                           /* [ 4184] OBJ_setct_CredResTBE */
+    0x67,0x2A,0x00,0x47,                           /* [ 4188] OBJ_setct_CredRevReqTBE */
+    0x67,0x2A,0x00,0x48,                           /* [ 4192] OBJ_setct_CredRevReqTBEX */
+    0x67,0x2A,0x00,0x49,                           /* [ 4196] OBJ_setct_CredRevResTBE */
+    0x67,0x2A,0x00,0x4A,                           /* [ 4200] OBJ_setct_BatchAdminReqTBE */
+    0x67,0x2A,0x00,0x4B,                           /* [ 4204] OBJ_setct_BatchAdminResTBE */
+    0x67,0x2A,0x00,0x4C,                           /* [ 4208] OBJ_setct_RegFormReqTBE */
+    0x67,0x2A,0x00,0x4D,                           /* [ 4212] OBJ_setct_CertReqTBE */
+    0x67,0x2A,0x00,0x4E,                           /* [ 4216] OBJ_setct_CertReqTBEX */
+    0x67,0x2A,0x00,0x4F,                           /* [ 4220] OBJ_setct_CertResTBE */
+    0x67,0x2A,0x00,0x50,                           /* [ 4224] OBJ_setct_CRLNotificationTBS */
+    0x67,0x2A,0x00,0x51,                           /* [ 4228] OBJ_setct_CRLNotificationResTBS */
+    0x67,0x2A,0x00,0x52,                           /* [ 4232] OBJ_setct_BCIDistributionTBS */
+    0x67,0x2A,0x01,0x01,                           /* [ 4236] OBJ_setext_genCrypt */
+    0x67,0x2A,0x01,0x03,                           /* [ 4240] OBJ_setext_miAuth */
+    0x67,0x2A,0x01,0x04,                           /* [ 4244] OBJ_setext_pinSecure */
+    0x67,0x2A,0x01,0x05,                           /* [ 4248] OBJ_setext_pinAny */
+    0x67,0x2A,0x01,0x07,                           /* [ 4252] OBJ_setext_track2 */
+    0x67,0x2A,0x01,0x08,                           /* [ 4256] OBJ_setext_cv */
+    0x67,0x2A,0x05,0x00,                           /* [ 4260] OBJ_set_policy_root */
+    0x67,0x2A,0x07,0x00,                           /* [ 4264] OBJ_setCext_hashedRoot */
+    0x67,0x2A,0x07,0x01,                           /* [ 4268] OBJ_setCext_certType */
+    0x67,0x2A,0x07,0x02,                           /* [ 4272] OBJ_setCext_merchData */
+    0x67,0x2A,0x07,0x03,                           /* [ 4276] OBJ_setCext_cCertRequired */
+    0x67,0x2A,0x07,0x04,                           /* [ 4280] OBJ_setCext_tunneling */
+    0x67,0x2A,0x07,0x05,                           /* [ 4284] OBJ_setCext_setExt */
+    0x67,0x2A,0x07,0x06,                           /* [ 4288] OBJ_setCext_setQualf */
+    0x67,0x2A,0x07,0x07,                           /* [ 4292] OBJ_setCext_PGWYcapabilities */
+    0x67,0x2A,0x07,0x08,                           /* [ 4296] OBJ_setCext_TokenIdentifier */
+    0x67,0x2A,0x07,0x09,                           /* [ 4300] OBJ_setCext_Track2Data */
+    0x67,0x2A,0x07,0x0A,                           /* [ 4304] OBJ_setCext_TokenType */
+    0x67,0x2A,0x07,0x0B,                           /* [ 4308] OBJ_setCext_IssuerCapabilities */
+    0x67,0x2A,0x03,0x00,                           /* [ 4312] OBJ_setAttr_Cert */
+    0x67,0x2A,0x03,0x01,                           /* [ 4316] OBJ_setAttr_PGWYcap */
+    0x67,0x2A,0x03,0x02,                           /* [ 4320] OBJ_setAttr_TokenType */
+    0x67,0x2A,0x03,0x03,                           /* [ 4324] OBJ_setAttr_IssCap */
+    0x67,0x2A,0x03,0x00,0x00,                      /* [ 4328] OBJ_set_rootKeyThumb */
+    0x67,0x2A,0x03,0x00,0x01,                      /* [ 4333] OBJ_set_addPolicy */
+    0x67,0x2A,0x03,0x02,0x01,                      /* [ 4338] OBJ_setAttr_Token_EMV */
+    0x67,0x2A,0x03,0x02,0x02,                      /* [ 4343] OBJ_setAttr_Token_B0Prime */
+    0x67,0x2A,0x03,0x03,0x03,                      /* [ 4348] OBJ_setAttr_IssCap_CVM */
+    0x67,0x2A,0x03,0x03,0x04,                      /* [ 4353] OBJ_setAttr_IssCap_T2 */
+    0x67,0x2A,0x03,0x03,0x05,                      /* [ 4358] OBJ_setAttr_IssCap_Sig */
+    0x67,0x2A,0x03,0x03,0x03,0x01,                 /* [ 4363] OBJ_setAttr_GenCryptgrm */
+    0x67,0x2A,0x03,0x03,0x04,0x01,                 /* [ 4369] OBJ_setAttr_T2Enc */
+    0x67,0x2A,0x03,0x03,0x04,0x02,                 /* [ 4375] OBJ_setAttr_T2cleartxt */
+    0x67,0x2A,0x03,0x03,0x05,0x01,                 /* [ 4381] OBJ_setAttr_TokICCsig */
+    0x67,0x2A,0x03,0x03,0x05,0x02,                 /* [ 4387] OBJ_setAttr_SecDevSig */
+    0x67,0x2A,0x08,0x01,                           /* [ 4393] OBJ_set_brand_IATA_ATA */
+    0x67,0x2A,0x08,0x1E,                           /* [ 4397] OBJ_set_brand_Diners */
+    0x67,0x2A,0x08,0x22,                           /* [ 4401] OBJ_set_brand_AmericanExpress */
+    0x67,0x2A,0x08,0x23,                           /* [ 4405] OBJ_set_brand_JCB */
+    0x67,0x2A,0x08,0x04,                           /* [ 4409] OBJ_set_brand_Visa */
+    0x67,0x2A,0x08,0x05,                           /* [ 4413] OBJ_set_brand_MasterCard */
+    0x67,0x2A,0x08,0xAE,0x7B,                      /* [ 4417] OBJ_set_brand_Novus */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x0A,       /* [ 4422] OBJ_des_cdmf */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x06,  /* [ 4430] OBJ_rsaOAEPEncryptionSET */
+    0x67,                                          /* [ 4439] OBJ_international_organizations */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02,  /* [ 4440] OBJ_ms_smartcard_login */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03,  /* [ 4450] OBJ_ms_upn */
+    0x55,0x04,0x09,                                /* [ 4460] OBJ_streetAddress */
+    0x55,0x04,0x11,                                /* [ 4463] OBJ_postalCode */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x15,            /* [ 4466] OBJ_id_ppl */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0E,       /* [ 4473] OBJ_proxyCertInfo */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x00,       /* [ 4481] OBJ_id_ppl_anyLanguage */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x01,       /* [ 4489] OBJ_id_ppl_inheritAll */
+    0x55,0x1D,0x1E,                                /* [ 4497] OBJ_name_constraints */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x02,       /* [ 4500] OBJ_Independent */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,  /* [ 4508] OBJ_sha256WithRSAEncryption */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0C,  /* [ 4517] OBJ_sha384WithRSAEncryption */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0D,  /* [ 4526] OBJ_sha512WithRSAEncryption */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0E,  /* [ 4535] OBJ_sha224WithRSAEncryption */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,  /* [ 4544] OBJ_sha256 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,  /* [ 4553] OBJ_sha384 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,  /* [ 4562] OBJ_sha512 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x04,  /* [ 4571] OBJ_sha224 */
+    0x2B,                                          /* [ 4580] OBJ_identified_organization */
+    0x2B,0x81,0x04,                                /* [ 4581] OBJ_certicom_arc */
+    0x67,0x2B,                                     /* [ 4584] OBJ_wap */
+    0x67,0x2B,0x01,                                /* [ 4586] OBJ_wap_wsg */
+    0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,       /* [ 4589] OBJ_X9_62_id_characteristic_two_basis */
+    0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x01,  /* [ 4597] OBJ_X9_62_onBasis */
+    0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x02,  /* [ 4606] OBJ_X9_62_tpBasis */
+    0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x03,  /* [ 4615] OBJ_X9_62_ppBasis */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x01,       /* [ 4624] OBJ_X9_62_c2pnb163v1 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x02,       /* [ 4632] OBJ_X9_62_c2pnb163v2 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x03,       /* [ 4640] OBJ_X9_62_c2pnb163v3 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x04,       /* [ 4648] OBJ_X9_62_c2pnb176v1 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x05,       /* [ 4656] OBJ_X9_62_c2tnb191v1 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x06,       /* [ 4664] OBJ_X9_62_c2tnb191v2 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x07,       /* [ 4672] OBJ_X9_62_c2tnb191v3 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x08,       /* [ 4680] OBJ_X9_62_c2onb191v4 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x09,       /* [ 4688] OBJ_X9_62_c2onb191v5 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0A,       /* [ 4696] OBJ_X9_62_c2pnb208w1 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0B,       /* [ 4704] OBJ_X9_62_c2tnb239v1 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0C,       /* [ 4712] OBJ_X9_62_c2tnb239v2 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0D,       /* [ 4720] OBJ_X9_62_c2tnb239v3 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0E,       /* [ 4728] OBJ_X9_62_c2onb239v4 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0F,       /* [ 4736] OBJ_X9_62_c2onb239v5 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x10,       /* [ 4744] OBJ_X9_62_c2pnb272w1 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x11,       /* [ 4752] OBJ_X9_62_c2pnb304w1 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x12,       /* [ 4760] OBJ_X9_62_c2tnb359v1 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x13,       /* [ 4768] OBJ_X9_62_c2pnb368w1 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x14,       /* [ 4776] OBJ_X9_62_c2tnb431r1 */
+    0x2B,0x81,0x04,0x00,0x06,                      /* [ 4784] OBJ_secp112r1 */
+    0x2B,0x81,0x04,0x00,0x07,                      /* [ 4789] OBJ_secp112r2 */
+    0x2B,0x81,0x04,0x00,0x1C,                      /* [ 4794] OBJ_secp128r1 */
+    0x2B,0x81,0x04,0x00,0x1D,                      /* [ 4799] OBJ_secp128r2 */
+    0x2B,0x81,0x04,0x00,0x09,                      /* [ 4804] OBJ_secp160k1 */
+    0x2B,0x81,0x04,0x00,0x08,                      /* [ 4809] OBJ_secp160r1 */
+    0x2B,0x81,0x04,0x00,0x1E,                      /* [ 4814] OBJ_secp160r2 */
+    0x2B,0x81,0x04,0x00,0x1F,                      /* [ 4819] OBJ_secp192k1 */
+    0x2B,0x81,0x04,0x00,0x20,                      /* [ 4824] OBJ_secp224k1 */
+    0x2B,0x81,0x04,0x00,0x21,                      /* [ 4829] OBJ_secp224r1 */
+    0x2B,0x81,0x04,0x00,0x0A,                      /* [ 4834] OBJ_secp256k1 */
+    0x2B,0x81,0x04,0x00,0x22,                      /* [ 4839] OBJ_secp384r1 */
+    0x2B,0x81,0x04,0x00,0x23,                      /* [ 4844] OBJ_secp521r1 */
+    0x2B,0x81,0x04,0x00,0x04,                      /* [ 4849] OBJ_sect113r1 */
+    0x2B,0x81,0x04,0x00,0x05,                      /* [ 4854] OBJ_sect113r2 */
+    0x2B,0x81,0x04,0x00,0x16,                      /* [ 4859] OBJ_sect131r1 */
+    0x2B,0x81,0x04,0x00,0x17,                      /* [ 4864] OBJ_sect131r2 */
+    0x2B,0x81,0x04,0x00,0x01,                      /* [ 4869] OBJ_sect163k1 */
+    0x2B,0x81,0x04,0x00,0x02,                      /* [ 4874] OBJ_sect163r1 */
+    0x2B,0x81,0x04,0x00,0x0F,                      /* [ 4879] OBJ_sect163r2 */
+    0x2B,0x81,0x04,0x00,0x18,                      /* [ 4884] OBJ_sect193r1 */
+    0x2B,0x81,0x04,0x00,0x19,                      /* [ 4889] OBJ_sect193r2 */
+    0x2B,0x81,0x04,0x00,0x1A,                      /* [ 4894] OBJ_sect233k1 */
+    0x2B,0x81,0x04,0x00,0x1B,                      /* [ 4899] OBJ_sect233r1 */
+    0x2B,0x81,0x04,0x00,0x03,                      /* [ 4904] OBJ_sect239k1 */
+    0x2B,0x81,0x04,0x00,0x10,                      /* [ 4909] OBJ_sect283k1 */
+    0x2B,0x81,0x04,0x00,0x11,                      /* [ 4914] OBJ_sect283r1 */
+    0x2B,0x81,0x04,0x00,0x24,                      /* [ 4919] OBJ_sect409k1 */
+    0x2B,0x81,0x04,0x00,0x25,                      /* [ 4924] OBJ_sect409r1 */
+    0x2B,0x81,0x04,0x00,0x26,                      /* [ 4929] OBJ_sect571k1 */
+    0x2B,0x81,0x04,0x00,0x27,                      /* [ 4934] OBJ_sect571r1 */
+    0x67,0x2B,0x01,0x04,0x01,                      /* [ 4939] OBJ_wap_wsg_idm_ecid_wtls1 */
+    0x67,0x2B,0x01,0x04,0x03,                      /* [ 4944] OBJ_wap_wsg_idm_ecid_wtls3 */
+    0x67,0x2B,0x01,0x04,0x04,                      /* [ 4949] OBJ_wap_wsg_idm_ecid_wtls4 */
+    0x67,0x2B,0x01,0x04,0x05,                      /* [ 4954] OBJ_wap_wsg_idm_ecid_wtls5 */
+    0x67,0x2B,0x01,0x04,0x06,                      /* [ 4959] OBJ_wap_wsg_idm_ecid_wtls6 */
+    0x67,0x2B,0x01,0x04,0x07,                      /* [ 4964] OBJ_wap_wsg_idm_ecid_wtls7 */
+    0x67,0x2B,0x01,0x04,0x08,                      /* [ 4969] OBJ_wap_wsg_idm_ecid_wtls8 */
+    0x67,0x2B,0x01,0x04,0x09,                      /* [ 4974] OBJ_wap_wsg_idm_ecid_wtls9 */
+    0x67,0x2B,0x01,0x04,0x0A,                      /* [ 4979] OBJ_wap_wsg_idm_ecid_wtls10 */
+    0x67,0x2B,0x01,0x04,0x0B,                      /* [ 4984] OBJ_wap_wsg_idm_ecid_wtls11 */
+    0x67,0x2B,0x01,0x04,0x0C,                      /* [ 4989] OBJ_wap_wsg_idm_ecid_wtls12 */
+    0x55,0x1D,0x20,0x00,                           /* [ 4994] OBJ_any_policy */
+    0x55,0x1D,0x21,                                /* [ 4998] OBJ_policy_mappings */
+    0x55,0x1D,0x36,                                /* [ 5001] OBJ_inhibit_any_policy */
+    0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x02,  /* [ 5004] OBJ_camellia_128_cbc */
+    0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x03,  /* [ 5015] OBJ_camellia_192_cbc */
+    0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x04,  /* [ 5026] OBJ_camellia_256_cbc */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x01,       /* [ 5037] OBJ_camellia_128_ecb */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x15,       /* [ 5045] OBJ_camellia_192_ecb */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x29,       /* [ 5053] OBJ_camellia_256_ecb */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x04,       /* [ 5061] OBJ_camellia_128_cfb128 */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x18,       /* [ 5069] OBJ_camellia_192_cfb128 */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2C,       /* [ 5077] OBJ_camellia_256_cfb128 */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x03,       /* [ 5085] OBJ_camellia_128_ofb128 */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x17,       /* [ 5093] OBJ_camellia_192_ofb128 */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2B,       /* [ 5101] OBJ_camellia_256_ofb128 */
+    0x55,0x1D,0x09,                                /* [ 5109] OBJ_subject_directory_attributes */
+    0x55,0x1D,0x1C,                                /* [ 5112] OBJ_issuing_distribution_point */
+    0x55,0x1D,0x1D,                                /* [ 5115] OBJ_certificate_issuer */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x44,                 /* [ 5118] OBJ_kisa */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x03,       /* [ 5124] OBJ_seed_ecb */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x04,       /* [ 5132] OBJ_seed_cbc */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x06,       /* [ 5140] OBJ_seed_ofb128 */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x05,       /* [ 5148] OBJ_seed_cfb128 */
+    0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x01,       /* [ 5156] OBJ_hmac_md5 */
+    0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x02,       /* [ 5164] OBJ_hmac_sha1 */
+    0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0D,  /* [ 5172] OBJ_id_PasswordBasedMAC */
+    0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x1E,  /* [ 5181] OBJ_id_DHBasedMac */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x10,       /* [ 5190] OBJ_id_it_suppLangTags */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x05,       /* [ 5198] OBJ_caRepository */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x09,  /* [ 5206] OBJ_id_smime_ct_compressedData */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x1B,  /* [ 5217] OBJ_id_ct_asciiTextWithCRLF */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x05,  /* [ 5228] OBJ_id_aes128_wrap */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x19,  /* [ 5237] OBJ_id_aes192_wrap */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2D,  /* [ 5246] OBJ_id_aes256_wrap */
+    0x2A,0x86,0x48,0xCE,0x3D,0x04,0x02,            /* [ 5255] OBJ_ecdsa_with_Recommended */
+    0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,            /* [ 5262] OBJ_ecdsa_with_Specified */
+    0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x01,       /* [ 5269] OBJ_ecdsa_with_SHA224 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x02,       /* [ 5277] OBJ_ecdsa_with_SHA256 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x03,       /* [ 5285] OBJ_ecdsa_with_SHA384 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x04,       /* [ 5293] OBJ_ecdsa_with_SHA512 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x06,       /* [ 5301] OBJ_hmacWithMD5 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x08,       /* [ 5309] OBJ_hmacWithSHA224 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x09,       /* [ 5317] OBJ_hmacWithSHA256 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0A,       /* [ 5325] OBJ_hmacWithSHA384 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0B,       /* [ 5333] OBJ_hmacWithSHA512 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x01,  /* [ 5341] OBJ_dsa_with_SHA224 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x02,  /* [ 5350] OBJ_dsa_with_SHA256 */
+    0x28,0xCF,0x06,0x03,0x00,0x37,                 /* [ 5359] OBJ_whirlpool */
+    0x2A,0x85,0x03,0x02,0x02,                      /* [ 5365] OBJ_cryptopro */
+    0x2A,0x85,0x03,0x02,0x09,                      /* [ 5370] OBJ_cryptocom */
+    0x2A,0x85,0x03,0x02,0x02,0x03,                 /* [ 5375] OBJ_id_GostR3411_94_with_GostR3410_2001 */
+    0x2A,0x85,0x03,0x02,0x02,0x04,                 /* [ 5381] OBJ_id_GostR3411_94_with_GostR3410_94 */
+    0x2A,0x85,0x03,0x02,0x02,0x09,                 /* [ 5387] OBJ_id_GostR3411_94 */
+    0x2A,0x85,0x03,0x02,0x02,0x0A,                 /* [ 5393] OBJ_id_HMACGostR3411_94 */
+    0x2A,0x85,0x03,0x02,0x02,0x13,                 /* [ 5399] OBJ_id_GostR3410_2001 */
+    0x2A,0x85,0x03,0x02,0x02,0x14,                 /* [ 5405] OBJ_id_GostR3410_94 */
+    0x2A,0x85,0x03,0x02,0x02,0x15,                 /* [ 5411] OBJ_id_Gost28147_89 */
+    0x2A,0x85,0x03,0x02,0x02,0x16,                 /* [ 5417] OBJ_id_Gost28147_89_MAC */
+    0x2A,0x85,0x03,0x02,0x02,0x17,                 /* [ 5423] OBJ_id_GostR3411_94_prf */
+    0x2A,0x85,0x03,0x02,0x02,0x62,                 /* [ 5429] OBJ_id_GostR3410_2001DH */
+    0x2A,0x85,0x03,0x02,0x02,0x63,                 /* [ 5435] OBJ_id_GostR3410_94DH */
+    0x2A,0x85,0x03,0x02,0x02,0x0E,0x01,            /* [ 5441] OBJ_id_Gost28147_89_CryptoPro_KeyMeshing */
+    0x2A,0x85,0x03,0x02,0x02,0x0E,0x00,            /* [ 5448] OBJ_id_Gost28147_89_None_KeyMeshing */
+    0x2A,0x85,0x03,0x02,0x02,0x1E,0x00,            /* [ 5455] OBJ_id_GostR3411_94_TestParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x1E,0x01,            /* [ 5462] OBJ_id_GostR3411_94_CryptoProParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x1F,0x00,            /* [ 5469] OBJ_id_Gost28147_89_TestParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x1F,0x01,            /* [ 5476] OBJ_id_Gost28147_89_CryptoPro_A_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x1F,0x02,            /* [ 5483] OBJ_id_Gost28147_89_CryptoPro_B_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x1F,0x03,            /* [ 5490] OBJ_id_Gost28147_89_CryptoPro_C_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x1F,0x04,            /* [ 5497] OBJ_id_Gost28147_89_CryptoPro_D_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x1F,0x05,            /* [ 5504] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x1F,0x06,            /* [ 5511] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x1F,0x07,            /* [ 5518] OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x20,0x00,            /* [ 5525] OBJ_id_GostR3410_94_TestParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x20,0x02,            /* [ 5532] OBJ_id_GostR3410_94_CryptoPro_A_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x20,0x03,            /* [ 5539] OBJ_id_GostR3410_94_CryptoPro_B_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x20,0x04,            /* [ 5546] OBJ_id_GostR3410_94_CryptoPro_C_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x20,0x05,            /* [ 5553] OBJ_id_GostR3410_94_CryptoPro_D_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x21,0x01,            /* [ 5560] OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x21,0x02,            /* [ 5567] OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x21,0x03,            /* [ 5574] OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x23,0x00,            /* [ 5581] OBJ_id_GostR3410_2001_TestParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x23,0x01,            /* [ 5588] OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x23,0x02,            /* [ 5595] OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x23,0x03,            /* [ 5602] OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x24,0x00,            /* [ 5609] OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x24,0x01,            /* [ 5616] OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x14,0x01,            /* [ 5623] OBJ_id_GostR3410_94_a */
+    0x2A,0x85,0x03,0x02,0x02,0x14,0x02,            /* [ 5630] OBJ_id_GostR3410_94_aBis */
+    0x2A,0x85,0x03,0x02,0x02,0x14,0x03,            /* [ 5637] OBJ_id_GostR3410_94_b */
+    0x2A,0x85,0x03,0x02,0x02,0x14,0x04,            /* [ 5644] OBJ_id_GostR3410_94_bBis */
+    0x2A,0x85,0x03,0x02,0x09,0x01,0x06,0x01,       /* [ 5651] OBJ_id_Gost28147_89_cc */
+    0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x03,       /* [ 5659] OBJ_id_GostR3410_94_cc */
+    0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x04,       /* [ 5667] OBJ_id_GostR3410_2001_cc */
+    0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x03,       /* [ 5675] OBJ_id_GostR3411_94_with_GostR3410_94_cc */
+    0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x04,       /* [ 5683] OBJ_id_GostR3411_94_with_GostR3410_2001_cc */
+    0x2A,0x85,0x03,0x02,0x09,0x01,0x08,0x01,       /* [ 5691] OBJ_id_GostR3410_2001_ParamSet_cc */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x02,  /* [ 5699] OBJ_LocalKeySet */
+    0x55,0x1D,0x2E,                                /* [ 5708] OBJ_freshest_crl */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x03,       /* [ 5711] OBJ_id_on_permanentIdentifier */
+    0x55,0x04,0x0E,                                /* [ 5719] OBJ_searchGuide */
+    0x55,0x04,0x0F,                                /* [ 5722] OBJ_businessCategory */
+    0x55,0x04,0x10,                                /* [ 5725] OBJ_postalAddress */
+    0x55,0x04,0x12,                                /* [ 5728] OBJ_postOfficeBox */
+    0x55,0x04,0x13,                                /* [ 5731] OBJ_physicalDeliveryOfficeName */
+    0x55,0x04,0x14,                                /* [ 5734] OBJ_telephoneNumber */
+    0x55,0x04,0x15,                                /* [ 5737] OBJ_telexNumber */
+    0x55,0x04,0x16,                                /* [ 5740] OBJ_teletexTerminalIdentifier */
+    0x55,0x04,0x17,                                /* [ 5743] OBJ_facsimileTelephoneNumber */
+    0x55,0x04,0x18,                                /* [ 5746] OBJ_x121Address */
+    0x55,0x04,0x19,                                /* [ 5749] OBJ_internationaliSDNNumber */
+    0x55,0x04,0x1A,                                /* [ 5752] OBJ_registeredAddress */
+    0x55,0x04,0x1B,                                /* [ 5755] OBJ_destinationIndicator */
+    0x55,0x04,0x1C,                                /* [ 5758] OBJ_preferredDeliveryMethod */
+    0x55,0x04,0x1D,                                /* [ 5761] OBJ_presentationAddress */
+    0x55,0x04,0x1E,                                /* [ 5764] OBJ_supportedApplicationContext */
+    0x55,0x04,0x1F,                                /* [ 5767] OBJ_member */
+    0x55,0x04,0x20,                                /* [ 5770] OBJ_owner */
+    0x55,0x04,0x21,                                /* [ 5773] OBJ_roleOccupant */
+    0x55,0x04,0x22,                                /* [ 5776] OBJ_seeAlso */
+    0x55,0x04,0x23,                                /* [ 5779] OBJ_userPassword */
+    0x55,0x04,0x24,                                /* [ 5782] OBJ_userCertificate */
+    0x55,0x04,0x25,                                /* [ 5785] OBJ_cACertificate */
+    0x55,0x04,0x26,                                /* [ 5788] OBJ_authorityRevocationList */
+    0x55,0x04,0x27,                                /* [ 5791] OBJ_certificateRevocationList */
+    0x55,0x04,0x28,                                /* [ 5794] OBJ_crossCertificatePair */
+    0x55,0x04,0x2F,                                /* [ 5797] OBJ_enhancedSearchGuide */
+    0x55,0x04,0x30,                                /* [ 5800] OBJ_protocolInformation */
+    0x55,0x04,0x31,                                /* [ 5803] OBJ_distinguishedName */
+    0x55,0x04,0x32,                                /* [ 5806] OBJ_uniqueMember */
+    0x55,0x04,0x33,                                /* [ 5809] OBJ_houseIdentifier */
+    0x55,0x04,0x34,                                /* [ 5812] OBJ_supportedAlgorithms */
+    0x55,0x04,0x35,                                /* [ 5815] OBJ_deltaRevocationList */
+    0x55,0x04,0x36,                                /* [ 5818] OBJ_dmdName */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x09,  /* [ 5821] OBJ_id_alg_PWRI_KEK */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x06,  /* [ 5832] OBJ_aes_128_gcm */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x07,  /* [ 5841] OBJ_aes_128_ccm */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x08,  /* [ 5850] OBJ_id_aes128_wrap_pad */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1A,  /* [ 5859] OBJ_aes_192_gcm */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1B,  /* [ 5868] OBJ_aes_192_ccm */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1C,  /* [ 5877] OBJ_id_aes192_wrap_pad */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2E,  /* [ 5886] OBJ_aes_256_gcm */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2F,  /* [ 5895] OBJ_aes_256_ccm */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x30,  /* [ 5904] OBJ_id_aes256_wrap_pad */
+    0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x02,  /* [ 5913] OBJ_id_camellia128_wrap */
+    0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x03,  /* [ 5924] OBJ_id_camellia192_wrap */
+    0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x04,  /* [ 5935] OBJ_id_camellia256_wrap */
+    0x55,0x1D,0x25,0x00,                           /* [ 5946] OBJ_anyExtendedKeyUsage */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x08,  /* [ 5950] OBJ_mgf1 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0A,  /* [ 5959] OBJ_rsassaPss */
+    0x2B,0x6F,0x02,0x8C,0x53,0x00,0x01,0x01,       /* [ 5968] OBJ_aes_128_xts */
+    0x2B,0x6F,0x02,0x8C,0x53,0x00,0x01,0x02,       /* [ 5976] OBJ_aes_256_xts */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x07,  /* [ 5984] OBJ_rsaesOaep */
+    0x2A,0x86,0x48,0xCE,0x3E,0x02,0x01,            /* [ 5993] OBJ_dhpublicnumber */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x01,  /* [ 6000] OBJ_brainpoolP160r1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x02,  /* [ 6009] OBJ_brainpoolP160t1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x03,  /* [ 6018] OBJ_brainpoolP192r1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x04,  /* [ 6027] OBJ_brainpoolP192t1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x05,  /* [ 6036] OBJ_brainpoolP224r1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x06,  /* [ 6045] OBJ_brainpoolP224t1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07,  /* [ 6054] OBJ_brainpoolP256r1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x08,  /* [ 6063] OBJ_brainpoolP256t1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x09,  /* [ 6072] OBJ_brainpoolP320r1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0A,  /* [ 6081] OBJ_brainpoolP320t1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0B,  /* [ 6090] OBJ_brainpoolP384r1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0C,  /* [ 6099] OBJ_brainpoolP384t1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0D,  /* [ 6108] OBJ_brainpoolP512r1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0E,  /* [ 6117] OBJ_brainpoolP512t1 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x09,  /* [ 6126] OBJ_pSpecified */
+    0x2B,0x81,0x05,0x10,0x86,0x48,0x3F,0x00,0x02,  /* [ 6135] OBJ_dhSinglePass_stdDH_sha1kdf_scheme */
+    0x2B,0x81,0x04,0x01,0x0B,0x00,                 /* [ 6144] OBJ_dhSinglePass_stdDH_sha224kdf_scheme */
+    0x2B,0x81,0x04,0x01,0x0B,0x01,                 /* [ 6150] OBJ_dhSinglePass_stdDH_sha256kdf_scheme */
+    0x2B,0x81,0x04,0x01,0x0B,0x02,                 /* [ 6156] OBJ_dhSinglePass_stdDH_sha384kdf_scheme */
+    0x2B,0x81,0x04,0x01,0x0B,0x03,                 /* [ 6162] OBJ_dhSinglePass_stdDH_sha512kdf_scheme */
+    0x2B,0x81,0x05,0x10,0x86,0x48,0x3F,0x00,0x03,  /* [ 6168] OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme */
+    0x2B,0x81,0x04,0x01,0x0E,0x00,                 /* [ 6177] OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme */
+    0x2B,0x81,0x04,0x01,0x0E,0x01,                 /* [ 6183] OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme */
+    0x2B,0x81,0x04,0x01,0x0E,0x02,                 /* [ 6189] OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme */
+    0x2B,0x81,0x04,0x01,0x0E,0x03,                 /* [ 6195] OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme */
+    0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x02,  /* [ 6201] OBJ_ct_precert_scts */
+    0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x03,  /* [ 6211] OBJ_ct_precert_poison */
+    0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x04,  /* [ 6221] OBJ_ct_precert_signer */
+    0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x05,  /* [ 6231] OBJ_ct_cert_scts */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x01,  /* [ 6241] OBJ_jurisdictionLocalityName */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x02,  /* [ 6252] OBJ_jurisdictionStateOrProvinceName */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x03,  /* [ 6263] OBJ_jurisdictionCountryName */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x06,       /* [ 6274] OBJ_camellia_128_gcm */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x07,       /* [ 6282] OBJ_camellia_128_ccm */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x09,       /* [ 6290] OBJ_camellia_128_ctr */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x0A,       /* [ 6298] OBJ_camellia_128_cmac */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1A,       /* [ 6306] OBJ_camellia_192_gcm */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1B,       /* [ 6314] OBJ_camellia_192_ccm */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1D,       /* [ 6322] OBJ_camellia_192_ctr */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1E,       /* [ 6330] OBJ_camellia_192_cmac */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2E,       /* [ 6338] OBJ_camellia_256_gcm */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2F,       /* [ 6346] OBJ_camellia_256_ccm */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x31,       /* [ 6354] OBJ_camellia_256_ctr */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x32,       /* [ 6362] OBJ_camellia_256_cmac */
+    0x2B,0x06,0x01,0x04,0x01,0xDA,0x47,0x04,0x0B,  /* [ 6370] OBJ_id_scrypt */
+    0x2A,0x85,0x03,0x07,0x01,                      /* [ 6379] OBJ_id_tc26 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,                 /* [ 6384] OBJ_id_tc26_algorithms */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x01,            /* [ 6390] OBJ_id_tc26_sign */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x01,0x01,       /* [ 6397] OBJ_id_GostR3410_2012_256 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x01,0x02,       /* [ 6405] OBJ_id_GostR3410_2012_512 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x02,            /* [ 6413] OBJ_id_tc26_digest */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x02,0x02,       /* [ 6420] OBJ_id_GostR3411_2012_256 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x02,0x03,       /* [ 6428] OBJ_id_GostR3411_2012_512 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x03,            /* [ 6436] OBJ_id_tc26_signwithdigest */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x03,0x02,       /* [ 6443] OBJ_id_tc26_signwithdigest_gost3410_2012_256 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x03,0x03,       /* [ 6451] OBJ_id_tc26_signwithdigest_gost3410_2012_512 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x04,            /* [ 6459] OBJ_id_tc26_mac */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x04,0x01,       /* [ 6466] OBJ_id_tc26_hmac_gost_3411_2012_256 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x04,0x02,       /* [ 6474] OBJ_id_tc26_hmac_gost_3411_2012_512 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x05,            /* [ 6482] OBJ_id_tc26_cipher */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x06,            /* [ 6489] OBJ_id_tc26_agreement */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x06,0x01,       /* [ 6496] OBJ_id_tc26_agreement_gost_3410_2012_256 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x06,0x02,       /* [ 6504] OBJ_id_tc26_agreement_gost_3410_2012_512 */
+    0x2A,0x85,0x03,0x07,0x01,0x02,                 /* [ 6512] OBJ_id_tc26_constants */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,            /* [ 6518] OBJ_id_tc26_sign_constants */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,       /* [ 6525] OBJ_id_tc26_gost_3410_2012_512_constants */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x00,  /* [ 6533] OBJ_id_tc26_gost_3410_2012_512_paramSetTest */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x01,  /* [ 6542] OBJ_id_tc26_gost_3410_2012_512_paramSetA */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x02,  /* [ 6551] OBJ_id_tc26_gost_3410_2012_512_paramSetB */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x02,            /* [ 6560] OBJ_id_tc26_digest_constants */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x05,            /* [ 6567] OBJ_id_tc26_cipher_constants */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x05,0x01,       /* [ 6574] OBJ_id_tc26_gost_28147_constants */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x05,0x01,0x01,  /* [ 6582] OBJ_id_tc26_gost_28147_param_Z */
+    0x2A,0x85,0x03,0x03,0x81,0x03,0x01,0x01,       /* [ 6591] OBJ_INN */
+    0x2A,0x85,0x03,0x64,0x01,                      /* [ 6599] OBJ_OGRN */
+    0x2A,0x85,0x03,0x64,0x03,                      /* [ 6604] OBJ_SNILS */
+    0x2A,0x85,0x03,0x64,0x6F,                      /* [ 6609] OBJ_subjectSignTool */
+    0x2A,0x85,0x03,0x64,0x70,                      /* [ 6614] OBJ_issuerSignTool */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x18,       /* [ 6619] OBJ_tlsfeature */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x11,       /* [ 6627] OBJ_ipsec_IKE */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x12,       /* [ 6635] OBJ_capwapAC */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x13,       /* [ 6643] OBJ_capwapWTP */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x15,       /* [ 6651] OBJ_sshClient */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x16,       /* [ 6659] OBJ_sshServer */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x17,       /* [ 6667] OBJ_sendRouter */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x18,       /* [ 6675] OBJ_sendProxiedRouter */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x19,       /* [ 6683] OBJ_sendOwner */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x1A,       /* [ 6691] OBJ_sendProxiedOwner */
+    0x2B,0x06,0x01,0x05,0x02,0x03,                 /* [ 6699] OBJ_id_pkinit */
+    0x2B,0x06,0x01,0x05,0x02,0x03,0x04,            /* [ 6705] OBJ_pkInitClientAuth */
+    0x2B,0x06,0x01,0x05,0x02,0x03,0x05,            /* [ 6712] OBJ_pkInitKDC */
+    0x2B,0x65,0x6E,                                /* [ 6719] OBJ_X25519 */
+    0x2B,0x65,0x6F,                                /* [ 6722] OBJ_X448 */
+    0x2B,0x06,0x01,0x04,0x01,0x8D,0x3A,0x0C,0x02,0x01,0x10,  /* [ 6725] OBJ_blake2b512 */
+    0x2B,0x06,0x01,0x04,0x01,0x8D,0x3A,0x0C,0x02,0x02,0x08,  /* [ 6736] OBJ_blake2s256 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x13,  /* [ 6747] OBJ_id_smime_ct_contentCollection */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x17,  /* [ 6758] OBJ_id_smime_ct_authEnvelopedData */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x1C,  /* [ 6769] OBJ_id_ct_xml */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x01,  /* [ 6780] OBJ_aria_128_ecb */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x02,  /* [ 6789] OBJ_aria_128_cbc */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x03,  /* [ 6798] OBJ_aria_128_cfb128 */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x04,  /* [ 6807] OBJ_aria_128_ofb128 */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x05,  /* [ 6816] OBJ_aria_128_ctr */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x06,  /* [ 6825] OBJ_aria_192_ecb */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x07,  /* [ 6834] OBJ_aria_192_cbc */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x08,  /* [ 6843] OBJ_aria_192_cfb128 */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x09,  /* [ 6852] OBJ_aria_192_ofb128 */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x0A,  /* [ 6861] OBJ_aria_192_ctr */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x0B,  /* [ 6870] OBJ_aria_256_ecb */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x0C,  /* [ 6879] OBJ_aria_256_cbc */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x0D,  /* [ 6888] OBJ_aria_256_cfb128 */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x0E,  /* [ 6897] OBJ_aria_256_ofb128 */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x0F,  /* [ 6906] OBJ_aria_256_ctr */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x2F,  /* [ 6915] OBJ_id_smime_aa_signingCertificateV2 */
+    0x2B,0x65,0x70,                                /* [ 6926] OBJ_ED25519 */
+    0x2B,0x65,0x71,                                /* [ 6929] OBJ_ED448 */
+    0x55,0x04,0x61,                                /* [ 6932] OBJ_organizationIdentifier */
+    0x55,0x04,0x62,                                /* [ 6935] OBJ_countryCode3c */
+    0x55,0x04,0x63,                                /* [ 6938] OBJ_countryCode3n */
+    0x55,0x04,0x64,                                /* [ 6941] OBJ_dnsName */
+    0x2B,0x24,0x08,0x03,0x03,                      /* [ 6944] OBJ_x509ExtAdmission */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x05,  /* [ 6949] OBJ_sha512_224 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x06,  /* [ 6958] OBJ_sha512_256 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x07,  /* [ 6967] OBJ_sha3_224 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x08,  /* [ 6976] OBJ_sha3_256 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x09,  /* [ 6985] OBJ_sha3_384 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x0A,  /* [ 6994] OBJ_sha3_512 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x0B,  /* [ 7003] OBJ_shake128 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x0C,  /* [ 7012] OBJ_shake256 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x0D,  /* [ 7021] OBJ_hmac_sha3_224 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x0E,  /* [ 7030] OBJ_hmac_sha3_256 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x0F,  /* [ 7039] OBJ_hmac_sha3_384 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x10,  /* [ 7048] OBJ_hmac_sha3_512 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x03,  /* [ 7057] OBJ_dsa_with_SHA384 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x04,  /* [ 7066] OBJ_dsa_with_SHA512 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x05,  /* [ 7075] OBJ_dsa_with_SHA3_224 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x06,  /* [ 7084] OBJ_dsa_with_SHA3_256 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x07,  /* [ 7093] OBJ_dsa_with_SHA3_384 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x08,  /* [ 7102] OBJ_dsa_with_SHA3_512 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x09,  /* [ 7111] OBJ_ecdsa_with_SHA3_224 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x0A,  /* [ 7120] OBJ_ecdsa_with_SHA3_256 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x0B,  /* [ 7129] OBJ_ecdsa_with_SHA3_384 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x0C,  /* [ 7138] OBJ_ecdsa_with_SHA3_512 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x0D,  /* [ 7147] OBJ_RSA_SHA3_224 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x0E,  /* [ 7156] OBJ_RSA_SHA3_256 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x0F,  /* [ 7165] OBJ_RSA_SHA3_384 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x10,  /* [ 7174] OBJ_RSA_SHA3_512 */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x25,  /* [ 7183] OBJ_aria_128_ccm */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x26,  /* [ 7192] OBJ_aria_192_ccm */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x27,  /* [ 7201] OBJ_aria_256_ccm */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x22,  /* [ 7210] OBJ_aria_128_gcm */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x23,  /* [ 7219] OBJ_aria_192_gcm */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x24,  /* [ 7228] OBJ_aria_256_gcm */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x1B,       /* [ 7237] OBJ_cmcCA */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x1C,       /* [ 7245] OBJ_cmcRA */
+    0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x01,       /* [ 7253] OBJ_sm4_ecb */
+    0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x02,       /* [ 7261] OBJ_sm4_cbc */
+    0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x03,       /* [ 7269] OBJ_sm4_ofb128 */
+    0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x05,       /* [ 7277] OBJ_sm4_cfb1 */
+    0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x04,       /* [ 7285] OBJ_sm4_cfb128 */
+    0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x06,       /* [ 7293] OBJ_sm4_cfb8 */
+    0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x07,       /* [ 7301] OBJ_sm4_ctr */
+    0x2A,0x81,0x1C,                                /* [ 7309] OBJ_ISO_CN */
+    0x2A,0x81,0x1C,0xCF,0x55,                      /* [ 7312] OBJ_oscca */
+    0x2A,0x81,0x1C,0xCF,0x55,0x01,                 /* [ 7317] OBJ_sm_scheme */
+    0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x11,       /* [ 7323] OBJ_sm3 */
+    0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x78,       /* [ 7331] OBJ_sm3WithRSAEncryption */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0F,  /* [ 7339] OBJ_sha512_224WithRSAEncryption */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x10,  /* [ 7348] OBJ_sha512_256WithRSAEncryption */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,       /* [ 7357] OBJ_id_tc26_gost_3410_2012_256_constants */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x01,  /* [ 7365] OBJ_id_tc26_gost_3410_2012_256_paramSetA */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x03,  /* [ 7374] OBJ_id_tc26_gost_3410_2012_512_paramSetC */
+    0x2A,0x86,0x24,                                /* [ 7383] OBJ_ISO_UA */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,            /* [ 7386] OBJ_ua_pki */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x01,0x01,  /* [ 7393] OBJ_dstu28147 */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x01,0x01,0x02,  /* [ 7403] OBJ_dstu28147_ofb */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x01,0x01,0x03,  /* [ 7414] OBJ_dstu28147_cfb */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x01,0x01,0x05,  /* [ 7425] OBJ_dstu28147_wrap */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x01,0x02,  /* [ 7436] OBJ_hmacWithDstu34311 */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x02,0x01,  /* [ 7446] OBJ_dstu34311 */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,  /* [ 7456] OBJ_dstu4145le */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x01,0x01,  /* [ 7467] OBJ_dstu4145be */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x00,  /* [ 7480] OBJ_uacurve0 */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x01,  /* [ 7493] OBJ_uacurve1 */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x02,  /* [ 7506] OBJ_uacurve2 */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x03,  /* [ 7519] OBJ_uacurve3 */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x04,  /* [ 7532] OBJ_uacurve4 */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x05,  /* [ 7545] OBJ_uacurve5 */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x06,  /* [ 7558] OBJ_uacurve6 */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x07,  /* [ 7571] OBJ_uacurve7 */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x08,  /* [ 7584] OBJ_uacurve8 */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x09,  /* [ 7597] OBJ_uacurve9 */
+    0x2B,0x6F,                                     /* [ 7610] OBJ_ieee */
+    0x2B,0x6F,0x02,0x8C,0x53,                      /* [ 7612] OBJ_ieee_siswg */
+    0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D,       /* [ 7617] OBJ_sm2 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x01,       /* [ 7625] OBJ_id_tc26_cipher_gostr3412_2015_magma */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x01,0x01,  /* [ 7633] OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x01,0x02,  /* [ 7642] OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x02,       /* [ 7651] OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x02,0x01,  /* [ 7659] OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x02,0x02,  /* [ 7668] OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x07,            /* [ 7677] OBJ_id_tc26_wrap */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x01,       /* [ 7684] OBJ_id_tc26_wrap_gostr3412_2015_magma */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x01,0x01,  /* [ 7692] OBJ_id_tc26_wrap_gostr3412_2015_magma_kexp15 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x02,       /* [ 7701] OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x01,0x01,  /* [ 7709] OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x02,  /* [ 7718] OBJ_id_tc26_gost_3410_2012_256_paramSetB */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x03,  /* [ 7727] OBJ_id_tc26_gost_3410_2012_256_paramSetC */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x04,  /* [ 7736] OBJ_id_tc26_gost_3410_2012_256_paramSetD */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0C,       /* [ 7745] OBJ_hmacWithSHA512_224 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0D,       /* [ 7753] OBJ_hmacWithSHA512_256 */
+};
+
+#define NUM_NID 1195
+static const ASN1_OBJECT nid_objs[NUM_NID] = {
+    {"UNDEF", "undefined", NID_undef},
+    {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]},
+    {"pkcs", "RSA Data Security, Inc. PKCS", NID_pkcs, 7, &so[6]},
+    {"MD2", "md2", NID_md2, 8, &so[13]},
+    {"MD5", "md5", NID_md5, 8, &so[21]},
+    {"RC4", "rc4", NID_rc4, 8, &so[29]},
+    {"rsaEncryption", "rsaEncryption", NID_rsaEncryption, 9, &so[37]},
+    {"RSA-MD2", "md2WithRSAEncryption", NID_md2WithRSAEncryption, 9, &so[46]},
+    {"RSA-MD5", "md5WithRSAEncryption", NID_md5WithRSAEncryption, 9, &so[55]},
+    {"PBE-MD2-DES", "pbeWithMD2AndDES-CBC", NID_pbeWithMD2AndDES_CBC, 9, &so[64]},
+    {"PBE-MD5-DES", "pbeWithMD5AndDES-CBC", NID_pbeWithMD5AndDES_CBC, 9, &so[73]},
+    {"X500", "directory services (X.500)", NID_X500, 1, &so[82]},
+    {"X509", "X509", NID_X509, 2, &so[83]},
+    {"CN", "commonName", NID_commonName, 3, &so[85]},
+    {"C", "countryName", NID_countryName, 3, &so[88]},
+    {"L", "localityName", NID_localityName, 3, &so[91]},
+    {"ST", "stateOrProvinceName", NID_stateOrProvinceName, 3, &so[94]},
+    {"O", "organizationName", NID_organizationName, 3, &so[97]},
+    {"OU", "organizationalUnitName", NID_organizationalUnitName, 3, &so[100]},
+    {"RSA", "rsa", NID_rsa, 4, &so[103]},
+    {"pkcs7", "pkcs7", NID_pkcs7, 8, &so[107]},
+    {"pkcs7-data", "pkcs7-data", NID_pkcs7_data, 9, &so[115]},
+    {"pkcs7-signedData", "pkcs7-signedData", NID_pkcs7_signed, 9, &so[124]},
+    {"pkcs7-envelopedData", "pkcs7-envelopedData", NID_pkcs7_enveloped, 9, &so[133]},
+    {"pkcs7-signedAndEnvelopedData", "pkcs7-signedAndEnvelopedData", NID_pkcs7_signedAndEnveloped, 9, &so[142]},
+    {"pkcs7-digestData", "pkcs7-digestData", NID_pkcs7_digest, 9, &so[151]},
+    {"pkcs7-encryptedData", "pkcs7-encryptedData", NID_pkcs7_encrypted, 9, &so[160]},
+    {"pkcs3", "pkcs3", NID_pkcs3, 8, &so[169]},
+    {"dhKeyAgreement", "dhKeyAgreement", NID_dhKeyAgreement, 9, &so[177]},
+    {"DES-ECB", "des-ecb", NID_des_ecb, 5, &so[186]},
+    {"DES-CFB", "des-cfb", NID_des_cfb64, 5, &so[191]},
+    {"DES-CBC", "des-cbc", NID_des_cbc, 5, &so[196]},
+    {"DES-EDE", "des-ede", NID_des_ede_ecb, 5, &so[201]},
+    {"DES-EDE3", "des-ede3", NID_des_ede3_ecb},
+    {"IDEA-CBC", "idea-cbc", NID_idea_cbc, 11, &so[206]},
+    {"IDEA-CFB", "idea-cfb", NID_idea_cfb64},
+    {"IDEA-ECB", "idea-ecb", NID_idea_ecb},
+    {"RC2-CBC", "rc2-cbc", NID_rc2_cbc, 8, &so[217]},
+    {"RC2-ECB", "rc2-ecb", NID_rc2_ecb},
+    {"RC2-CFB", "rc2-cfb", NID_rc2_cfb64},
+    {"RC2-OFB", "rc2-ofb", NID_rc2_ofb64},
+    {"SHA", "sha", NID_sha, 5, &so[225]},
+    {"RSA-SHA", "shaWithRSAEncryption", NID_shaWithRSAEncryption, 5, &so[230]},
+    {"DES-EDE-CBC", "des-ede-cbc", NID_des_ede_cbc},
+    {"DES-EDE3-CBC", "des-ede3-cbc", NID_des_ede3_cbc, 8, &so[235]},
+    {"DES-OFB", "des-ofb", NID_des_ofb64, 5, &so[243]},
+    {"IDEA-OFB", "idea-ofb", NID_idea_ofb64},
+    {"pkcs9", "pkcs9", NID_pkcs9, 8, &so[248]},
+    {"emailAddress", "emailAddress", NID_pkcs9_emailAddress, 9, &so[256]},
+    {"unstructuredName", "unstructuredName", NID_pkcs9_unstructuredName, 9, &so[265]},
+    {"contentType", "contentType", NID_pkcs9_contentType, 9, &so[274]},
+    {"messageDigest", "messageDigest", NID_pkcs9_messageDigest, 9, &so[283]},
+    {"signingTime", "signingTime", NID_pkcs9_signingTime, 9, &so[292]},
+    {"countersignature", "countersignature", NID_pkcs9_countersignature, 9, &so[301]},
+    {"challengePassword", "challengePassword", NID_pkcs9_challengePassword, 9, &so[310]},
+    {"unstructuredAddress", "unstructuredAddress", NID_pkcs9_unstructuredAddress, 9, &so[319]},
+    {"extendedCertificateAttributes", "extendedCertificateAttributes", NID_pkcs9_extCertAttributes, 9, &so[328]},
+    {"Netscape", "Netscape Communications Corp.", NID_netscape, 7, &so[337]},
+    {"nsCertExt", "Netscape Certificate Extension", NID_netscape_cert_extension, 8, &so[344]},
+    {"nsDataType", "Netscape Data Type", NID_netscape_data_type, 8, &so[352]},
+    {"DES-EDE-CFB", "des-ede-cfb", NID_des_ede_cfb64},
+    {"DES-EDE3-CFB", "des-ede3-cfb", NID_des_ede3_cfb64},
+    {"DES-EDE-OFB", "des-ede-ofb", NID_des_ede_ofb64},
+    {"DES-EDE3-OFB", "des-ede3-ofb", NID_des_ede3_ofb64},
+    {"SHA1", "sha1", NID_sha1, 5, &so[360]},
+    {"RSA-SHA1", "sha1WithRSAEncryption", NID_sha1WithRSAEncryption, 9, &so[365]},
+    {"DSA-SHA", "dsaWithSHA", NID_dsaWithSHA, 5, &so[374]},
+    {"DSA-old", "dsaEncryption-old", NID_dsa_2, 5, &so[379]},
+    {"PBE-SHA1-RC2-64", "pbeWithSHA1AndRC2-CBC", NID_pbeWithSHA1AndRC2_CBC, 9, &so[384]},
+    {"PBKDF2", "PBKDF2", NID_id_pbkdf2, 9, &so[393]},
+    {"DSA-SHA1-old", "dsaWithSHA1-old", NID_dsaWithSHA1_2, 5, &so[402]},
+    {"nsCertType", "Netscape Cert Type", NID_netscape_cert_type, 9, &so[407]},
+    {"nsBaseUrl", "Netscape Base Url", NID_netscape_base_url, 9, &so[416]},
+    {"nsRevocationUrl", "Netscape Revocation Url", NID_netscape_revocation_url, 9, &so[425]},
+    {"nsCaRevocationUrl", "Netscape CA Revocation Url", NID_netscape_ca_revocation_url, 9, &so[434]},
+    {"nsRenewalUrl", "Netscape Renewal Url", NID_netscape_renewal_url, 9, &so[443]},
+    {"nsCaPolicyUrl", "Netscape CA Policy Url", NID_netscape_ca_policy_url, 9, &so[452]},
+    {"nsSslServerName", "Netscape SSL Server Name", NID_netscape_ssl_server_name, 9, &so[461]},
+    {"nsComment", "Netscape Comment", NID_netscape_comment, 9, &so[470]},
+    {"nsCertSequence", "Netscape Certificate Sequence", NID_netscape_cert_sequence, 9, &so[479]},
+    {"DESX-CBC", "desx-cbc", NID_desx_cbc},
+    {"id-ce", "id-ce", NID_id_ce, 2, &so[488]},
+    {"subjectKeyIdentifier", "X509v3 Subject Key Identifier", NID_subject_key_identifier, 3, &so[490]},
+    {"keyUsage", "X509v3 Key Usage", NID_key_usage, 3, &so[493]},
+    {"privateKeyUsagePeriod", "X509v3 Private Key Usage Period", NID_private_key_usage_period, 3, &so[496]},
+    {"subjectAltName", "X509v3 Subject Alternative Name", NID_subject_alt_name, 3, &so[499]},
+    {"issuerAltName", "X509v3 Issuer Alternative Name", NID_issuer_alt_name, 3, &so[502]},
+    {"basicConstraints", "X509v3 Basic Constraints", NID_basic_constraints, 3, &so[505]},
+    {"crlNumber", "X509v3 CRL Number", NID_crl_number, 3, &so[508]},
+    {"certificatePolicies", "X509v3 Certificate Policies", NID_certificate_policies, 3, &so[511]},
+    {"authorityKeyIdentifier", "X509v3 Authority Key Identifier", NID_authority_key_identifier, 3, &so[514]},
+    {"BF-CBC", "bf-cbc", NID_bf_cbc, 9, &so[517]},
+    {"BF-ECB", "bf-ecb", NID_bf_ecb},
+    {"BF-CFB", "bf-cfb", NID_bf_cfb64},
+    {"BF-OFB", "bf-ofb", NID_bf_ofb64},
+    {"MDC2", "mdc2", NID_mdc2, 4, &so[526]},
+    {"RSA-MDC2", "mdc2WithRSA", NID_mdc2WithRSA, 4, &so[530]},
+    {"RC4-40", "rc4-40", NID_rc4_40},
+    {"RC2-40-CBC", "rc2-40-cbc", NID_rc2_40_cbc},
+    {"GN", "givenName", NID_givenName, 3, &so[534]},
+    {"SN", "surname", NID_surname, 3, &so[537]},
+    {"initials", "initials", NID_initials, 3, &so[540]},
+    {"uid", "uniqueIdentifier", NID_uniqueIdentifier, 10, &so[543]},
+    {"crlDistributionPoints", "X509v3 CRL Distribution Points", NID_crl_distribution_points, 3, &so[553]},
+    {"RSA-NP-MD5", "md5WithRSA", NID_md5WithRSA, 5, &so[556]},
+    {"serialNumber", "serialNumber", NID_serialNumber, 3, &so[561]},
+    {"title", "title", NID_title, 3, &so[564]},
+    {"description", "description", NID_description, 3, &so[567]},
+    {"CAST5-CBC", "cast5-cbc", NID_cast5_cbc, 9, &so[570]},
+    {"CAST5-ECB", "cast5-ecb", NID_cast5_ecb},
+    {"CAST5-CFB", "cast5-cfb", NID_cast5_cfb64},
+    {"CAST5-OFB", "cast5-ofb", NID_cast5_ofb64},
+    {"pbeWithMD5AndCast5CBC", "pbeWithMD5AndCast5CBC", NID_pbeWithMD5AndCast5_CBC, 9, &so[579]},
+    {"DSA-SHA1", "dsaWithSHA1", NID_dsaWithSHA1, 7, &so[588]},
+    {"MD5-SHA1", "md5-sha1", NID_md5_sha1},
+    {"RSA-SHA1-2", "sha1WithRSA", NID_sha1WithRSA, 5, &so[595]},
+    {"DSA", "dsaEncryption", NID_dsa, 7, &so[600]},
+    {"RIPEMD160", "ripemd160", NID_ripemd160, 5, &so[607]},
+    { NULL, NULL, NID_undef },
+    {"RSA-RIPEMD160", "ripemd160WithRSA", NID_ripemd160WithRSA, 6, &so[612]},
+    {"RC5-CBC", "rc5-cbc", NID_rc5_cbc, 8, &so[618]},
+    {"RC5-ECB", "rc5-ecb", NID_rc5_ecb},
+    {"RC5-CFB", "rc5-cfb", NID_rc5_cfb64},
+    {"RC5-OFB", "rc5-ofb", NID_rc5_ofb64},
+    { NULL, NULL, NID_undef },
+    {"ZLIB", "zlib compression", NID_zlib_compression, 11, &so[626]},
+    {"extendedKeyUsage", "X509v3 Extended Key Usage", NID_ext_key_usage, 3, &so[637]},
+    {"PKIX", "PKIX", NID_id_pkix, 6, &so[640]},
+    {"id-kp", "id-kp", NID_id_kp, 7, &so[646]},
+    {"serverAuth", "TLS Web Server Authentication", NID_server_auth, 8, &so[653]},
+    {"clientAuth", "TLS Web Client Authentication", NID_client_auth, 8, &so[661]},
+    {"codeSigning", "Code Signing", NID_code_sign, 8, &so[669]},
+    {"emailProtection", "E-mail Protection", NID_email_protect, 8, &so[677]},
+    {"timeStamping", "Time Stamping", NID_time_stamp, 8, &so[685]},
+    {"msCodeInd", "Microsoft Individual Code Signing", NID_ms_code_ind, 10, &so[693]},
+    {"msCodeCom", "Microsoft Commercial Code Signing", NID_ms_code_com, 10, &so[703]},
+    {"msCTLSign", "Microsoft Trust List Signing", NID_ms_ctl_sign, 10, &so[713]},
+    {"msSGC", "Microsoft Server Gated Crypto", NID_ms_sgc, 10, &so[723]},
+    {"msEFS", "Microsoft Encrypted File System", NID_ms_efs, 10, &so[733]},
+    {"nsSGC", "Netscape Server Gated Crypto", NID_ns_sgc, 9, &so[743]},
+    {"deltaCRL", "X509v3 Delta CRL Indicator", NID_delta_crl, 3, &so[752]},
+    {"CRLReason", "X509v3 CRL Reason Code", NID_crl_reason, 3, &so[755]},
+    {"invalidityDate", "Invalidity Date", NID_invalidity_date, 3, &so[758]},
+    {"SXNetID", "Strong Extranet ID", NID_sxnet, 5, &so[761]},
+    {"PBE-SHA1-RC4-128", "pbeWithSHA1And128BitRC4", NID_pbe_WithSHA1And128BitRC4, 10, &so[766]},
+    {"PBE-SHA1-RC4-40", "pbeWithSHA1And40BitRC4", NID_pbe_WithSHA1And40BitRC4, 10, &so[776]},
+    {"PBE-SHA1-3DES", "pbeWithSHA1And3-KeyTripleDES-CBC", NID_pbe_WithSHA1And3_Key_TripleDES_CBC, 10, &so[786]},
+    {"PBE-SHA1-2DES", "pbeWithSHA1And2-KeyTripleDES-CBC", NID_pbe_WithSHA1And2_Key_TripleDES_CBC, 10, &so[796]},
+    {"PBE-SHA1-RC2-128", "pbeWithSHA1And128BitRC2-CBC", NID_pbe_WithSHA1And128BitRC2_CBC, 10, &so[806]},
+    {"PBE-SHA1-RC2-40", "pbeWithSHA1And40BitRC2-CBC", NID_pbe_WithSHA1And40BitRC2_CBC, 10, &so[816]},
+    {"keyBag", "keyBag", NID_keyBag, 11, &so[826]},
+    {"pkcs8ShroudedKeyBag", "pkcs8ShroudedKeyBag", NID_pkcs8ShroudedKeyBag, 11, &so[837]},
+    {"certBag", "certBag", NID_certBag, 11, &so[848]},
+    {"crlBag", "crlBag", NID_crlBag, 11, &so[859]},
+    {"secretBag", "secretBag", NID_secretBag, 11, &so[870]},
+    {"safeContentsBag", "safeContentsBag", NID_safeContentsBag, 11, &so[881]},
+    {"friendlyName", "friendlyName", NID_friendlyName, 9, &so[892]},
+    {"localKeyID", "localKeyID", NID_localKeyID, 9, &so[901]},
+    {"x509Certificate", "x509Certificate", NID_x509Certificate, 10, &so[910]},
+    {"sdsiCertificate", "sdsiCertificate", NID_sdsiCertificate, 10, &so[920]},
+    {"x509Crl", "x509Crl", NID_x509Crl, 10, &so[930]},
+    {"PBES2", "PBES2", NID_pbes2, 9, &so[940]},
+    {"PBMAC1", "PBMAC1", NID_pbmac1, 9, &so[949]},
+    {"hmacWithSHA1", "hmacWithSHA1", NID_hmacWithSHA1, 8, &so[958]},
+    {"id-qt-cps", "Policy Qualifier CPS", NID_id_qt_cps, 8, &so[966]},
+    {"id-qt-unotice", "Policy Qualifier User Notice", NID_id_qt_unotice, 8, &so[974]},
+    {"RC2-64-CBC", "rc2-64-cbc", NID_rc2_64_cbc},
+    {"SMIME-CAPS", "S/MIME Capabilities", NID_SMIMECapabilities, 9, &so[982]},
+    {"PBE-MD2-RC2-64", "pbeWithMD2AndRC2-CBC", NID_pbeWithMD2AndRC2_CBC, 9, &so[991]},
+    {"PBE-MD5-RC2-64", "pbeWithMD5AndRC2-CBC", NID_pbeWithMD5AndRC2_CBC, 9, &so[1000]},
+    {"PBE-SHA1-DES", "pbeWithSHA1AndDES-CBC", NID_pbeWithSHA1AndDES_CBC, 9, &so[1009]},
+    {"msExtReq", "Microsoft Extension Request", NID_ms_ext_req, 10, &so[1018]},
+    {"extReq", "Extension Request", NID_ext_req, 9, &so[1028]},
+    {"name", "name", NID_name, 3, &so[1037]},
+    {"dnQualifier", "dnQualifier", NID_dnQualifier, 3, &so[1040]},
+    {"id-pe", "id-pe", NID_id_pe, 7, &so[1043]},
+    {"id-ad", "id-ad", NID_id_ad, 7, &so[1050]},
+    {"authorityInfoAccess", "Authority Information Access", NID_info_access, 8, &so[1057]},
+    {"OCSP", "OCSP", NID_ad_OCSP, 8, &so[1065]},
+    {"caIssuers", "CA Issuers", NID_ad_ca_issuers, 8, &so[1073]},
+    {"OCSPSigning", "OCSP Signing", NID_OCSP_sign, 8, &so[1081]},
+    {"ISO", "iso", NID_iso},
+    {"member-body", "ISO Member Body", NID_member_body, 1, &so[1089]},
+    {"ISO-US", "ISO US Member Body", NID_ISO_US, 3, &so[1090]},
+    {"X9-57", "X9.57", NID_X9_57, 5, &so[1093]},
+    {"X9cm", "X9.57 CM ?", NID_X9cm, 6, &so[1098]},
+    {"pkcs1", "pkcs1", NID_pkcs1, 8, &so[1104]},
+    {"pkcs5", "pkcs5", NID_pkcs5, 8, &so[1112]},
+    {"SMIME", "S/MIME", NID_SMIME, 9, &so[1120]},
+    {"id-smime-mod", "id-smime-mod", NID_id_smime_mod, 10, &so[1129]},
+    {"id-smime-ct", "id-smime-ct", NID_id_smime_ct, 10, &so[1139]},
+    {"id-smime-aa", "id-smime-aa", NID_id_smime_aa, 10, &so[1149]},
+    {"id-smime-alg", "id-smime-alg", NID_id_smime_alg, 10, &so[1159]},
+    {"id-smime-cd", "id-smime-cd", NID_id_smime_cd, 10, &so[1169]},
+    {"id-smime-spq", "id-smime-spq", NID_id_smime_spq, 10, &so[1179]},
+    {"id-smime-cti", "id-smime-cti", NID_id_smime_cti, 10, &so[1189]},
+    {"id-smime-mod-cms", "id-smime-mod-cms", NID_id_smime_mod_cms, 11, &so[1199]},
+    {"id-smime-mod-ess", "id-smime-mod-ess", NID_id_smime_mod_ess, 11, &so[1210]},
+    {"id-smime-mod-oid", "id-smime-mod-oid", NID_id_smime_mod_oid, 11, &so[1221]},
+    {"id-smime-mod-msg-v3", "id-smime-mod-msg-v3", NID_id_smime_mod_msg_v3, 11, &so[1232]},
+    {"id-smime-mod-ets-eSignature-88", "id-smime-mod-ets-eSignature-88", NID_id_smime_mod_ets_eSignature_88, 11, &so[1243]},
+    {"id-smime-mod-ets-eSignature-97", "id-smime-mod-ets-eSignature-97", NID_id_smime_mod_ets_eSignature_97, 11, &so[1254]},
+    {"id-smime-mod-ets-eSigPolicy-88", "id-smime-mod-ets-eSigPolicy-88", NID_id_smime_mod_ets_eSigPolicy_88, 11, &so[1265]},
+    {"id-smime-mod-ets-eSigPolicy-97", "id-smime-mod-ets-eSigPolicy-97", NID_id_smime_mod_ets_eSigPolicy_97, 11, &so[1276]},
+    {"id-smime-ct-receipt", "id-smime-ct-receipt", NID_id_smime_ct_receipt, 11, &so[1287]},
+    {"id-smime-ct-authData", "id-smime-ct-authData", NID_id_smime_ct_authData, 11, &so[1298]},
+    {"id-smime-ct-publishCert", "id-smime-ct-publishCert", NID_id_smime_ct_publishCert, 11, &so[1309]},
+    {"id-smime-ct-TSTInfo", "id-smime-ct-TSTInfo", NID_id_smime_ct_TSTInfo, 11, &so[1320]},
+    {"id-smime-ct-TDTInfo", "id-smime-ct-TDTInfo", NID_id_smime_ct_TDTInfo, 11, &so[1331]},
+    {"id-smime-ct-contentInfo", "id-smime-ct-contentInfo", NID_id_smime_ct_contentInfo, 11, &so[1342]},
+    {"id-smime-ct-DVCSRequestData", "id-smime-ct-DVCSRequestData", NID_id_smime_ct_DVCSRequestData, 11, &so[1353]},
+    {"id-smime-ct-DVCSResponseData", "id-smime-ct-DVCSResponseData", NID_id_smime_ct_DVCSResponseData, 11, &so[1364]},
+    {"id-smime-aa-receiptRequest", "id-smime-aa-receiptRequest", NID_id_smime_aa_receiptRequest, 11, &so[1375]},
+    {"id-smime-aa-securityLabel", "id-smime-aa-securityLabel", NID_id_smime_aa_securityLabel, 11, &so[1386]},
+    {"id-smime-aa-mlExpandHistory", "id-smime-aa-mlExpandHistory", NID_id_smime_aa_mlExpandHistory, 11, &so[1397]},
+    {"id-smime-aa-contentHint", "id-smime-aa-contentHint", NID_id_smime_aa_contentHint, 11, &so[1408]},
+    {"id-smime-aa-msgSigDigest", "id-smime-aa-msgSigDigest", NID_id_smime_aa_msgSigDigest, 11, &so[1419]},
+    {"id-smime-aa-encapContentType", "id-smime-aa-encapContentType", NID_id_smime_aa_encapContentType, 11, &so[1430]},
+    {"id-smime-aa-contentIdentifier", "id-smime-aa-contentIdentifier", NID_id_smime_aa_contentIdentifier, 11, &so[1441]},
+    {"id-smime-aa-macValue", "id-smime-aa-macValue", NID_id_smime_aa_macValue, 11, &so[1452]},
+    {"id-smime-aa-equivalentLabels", "id-smime-aa-equivalentLabels", NID_id_smime_aa_equivalentLabels, 11, &so[1463]},
+    {"id-smime-aa-contentReference", "id-smime-aa-contentReference", NID_id_smime_aa_contentReference, 11, &so[1474]},
+    {"id-smime-aa-encrypKeyPref", "id-smime-aa-encrypKeyPref", NID_id_smime_aa_encrypKeyPref, 11, &so[1485]},
+    {"id-smime-aa-signingCertificate", "id-smime-aa-signingCertificate", NID_id_smime_aa_signingCertificate, 11, &so[1496]},
+    {"id-smime-aa-smimeEncryptCerts", "id-smime-aa-smimeEncryptCerts", NID_id_smime_aa_smimeEncryptCerts, 11, &so[1507]},
+    {"id-smime-aa-timeStampToken", "id-smime-aa-timeStampToken", NID_id_smime_aa_timeStampToken, 11, &so[1518]},
+    {"id-smime-aa-ets-sigPolicyId", "id-smime-aa-ets-sigPolicyId", NID_id_smime_aa_ets_sigPolicyId, 11, &so[1529]},
+    {"id-smime-aa-ets-commitmentType", "id-smime-aa-ets-commitmentType", NID_id_smime_aa_ets_commitmentType, 11, &so[1540]},
+    {"id-smime-aa-ets-signerLocation", "id-smime-aa-ets-signerLocation", NID_id_smime_aa_ets_signerLocation, 11, &so[1551]},
+    {"id-smime-aa-ets-signerAttr", "id-smime-aa-ets-signerAttr", NID_id_smime_aa_ets_signerAttr, 11, &so[1562]},
+    {"id-smime-aa-ets-otherSigCert", "id-smime-aa-ets-otherSigCert", NID_id_smime_aa_ets_otherSigCert, 11, &so[1573]},
+    {"id-smime-aa-ets-contentTimestamp", "id-smime-aa-ets-contentTimestamp", NID_id_smime_aa_ets_contentTimestamp, 11, &so[1584]},
+    {"id-smime-aa-ets-CertificateRefs", "id-smime-aa-ets-CertificateRefs", NID_id_smime_aa_ets_CertificateRefs, 11, &so[1595]},
+    {"id-smime-aa-ets-RevocationRefs", "id-smime-aa-ets-RevocationRefs", NID_id_smime_aa_ets_RevocationRefs, 11, &so[1606]},
+    {"id-smime-aa-ets-certValues", "id-smime-aa-ets-certValues", NID_id_smime_aa_ets_certValues, 11, &so[1617]},
+    {"id-smime-aa-ets-revocationValues", "id-smime-aa-ets-revocationValues", NID_id_smime_aa_ets_revocationValues, 11, &so[1628]},
+    {"id-smime-aa-ets-escTimeStamp", "id-smime-aa-ets-escTimeStamp", NID_id_smime_aa_ets_escTimeStamp, 11, &so[1639]},
+    {"id-smime-aa-ets-certCRLTimestamp", "id-smime-aa-ets-certCRLTimestamp", NID_id_smime_aa_ets_certCRLTimestamp, 11, &so[1650]},
+    {"id-smime-aa-ets-archiveTimeStamp", "id-smime-aa-ets-archiveTimeStamp", NID_id_smime_aa_ets_archiveTimeStamp, 11, &so[1661]},
+    {"id-smime-aa-signatureType", "id-smime-aa-signatureType", NID_id_smime_aa_signatureType, 11, &so[1672]},
+    {"id-smime-aa-dvcs-dvc", "id-smime-aa-dvcs-dvc", NID_id_smime_aa_dvcs_dvc, 11, &so[1683]},
+    {"id-smime-alg-ESDHwith3DES", "id-smime-alg-ESDHwith3DES", NID_id_smime_alg_ESDHwith3DES, 11, &so[1694]},
+    {"id-smime-alg-ESDHwithRC2", "id-smime-alg-ESDHwithRC2", NID_id_smime_alg_ESDHwithRC2, 11, &so[1705]},
+    {"id-smime-alg-3DESwrap", "id-smime-alg-3DESwrap", NID_id_smime_alg_3DESwrap, 11, &so[1716]},
+    {"id-smime-alg-RC2wrap", "id-smime-alg-RC2wrap", NID_id_smime_alg_RC2wrap, 11, &so[1727]},
+    {"id-smime-alg-ESDH", "id-smime-alg-ESDH", NID_id_smime_alg_ESDH, 11, &so[1738]},
+    {"id-smime-alg-CMS3DESwrap", "id-smime-alg-CMS3DESwrap", NID_id_smime_alg_CMS3DESwrap, 11, &so[1749]},
+    {"id-smime-alg-CMSRC2wrap", "id-smime-alg-CMSRC2wrap", NID_id_smime_alg_CMSRC2wrap, 11, &so[1760]},
+    {"id-smime-cd-ldap", "id-smime-cd-ldap", NID_id_smime_cd_ldap, 11, &so[1771]},
+    {"id-smime-spq-ets-sqt-uri", "id-smime-spq-ets-sqt-uri", NID_id_smime_spq_ets_sqt_uri, 11, &so[1782]},
+    {"id-smime-spq-ets-sqt-unotice", "id-smime-spq-ets-sqt-unotice", NID_id_smime_spq_ets_sqt_unotice, 11, &so[1793]},
+    {"id-smime-cti-ets-proofOfOrigin", "id-smime-cti-ets-proofOfOrigin", NID_id_smime_cti_ets_proofOfOrigin, 11, &so[1804]},
+    {"id-smime-cti-ets-proofOfReceipt", "id-smime-cti-ets-proofOfReceipt", NID_id_smime_cti_ets_proofOfReceipt, 11, &so[1815]},
+    {"id-smime-cti-ets-proofOfDelivery", "id-smime-cti-ets-proofOfDelivery", NID_id_smime_cti_ets_proofOfDelivery, 11, &so[1826]},
+    {"id-smime-cti-ets-proofOfSender", "id-smime-cti-ets-proofOfSender", NID_id_smime_cti_ets_proofOfSender, 11, &so[1837]},
+    {"id-smime-cti-ets-proofOfApproval", "id-smime-cti-ets-proofOfApproval", NID_id_smime_cti_ets_proofOfApproval, 11, &so[1848]},
+    {"id-smime-cti-ets-proofOfCreation", "id-smime-cti-ets-proofOfCreation", NID_id_smime_cti_ets_proofOfCreation, 11, &so[1859]},
+    {"MD4", "md4", NID_md4, 8, &so[1870]},
+    {"id-pkix-mod", "id-pkix-mod", NID_id_pkix_mod, 7, &so[1878]},
+    {"id-qt", "id-qt", NID_id_qt, 7, &so[1885]},
+    {"id-it", "id-it", NID_id_it, 7, &so[1892]},
+    {"id-pkip", "id-pkip", NID_id_pkip, 7, &so[1899]},
+    {"id-alg", "id-alg", NID_id_alg, 7, &so[1906]},
+    {"id-cmc", "id-cmc", NID_id_cmc, 7, &so[1913]},
+    {"id-on", "id-on", NID_id_on, 7, &so[1920]},
+    {"id-pda", "id-pda", NID_id_pda, 7, &so[1927]},
+    {"id-aca", "id-aca", NID_id_aca, 7, &so[1934]},
+    {"id-qcs", "id-qcs", NID_id_qcs, 7, &so[1941]},
+    {"id-cct", "id-cct", NID_id_cct, 7, &so[1948]},
+    {"id-pkix1-explicit-88", "id-pkix1-explicit-88", NID_id_pkix1_explicit_88, 8, &so[1955]},
+    {"id-pkix1-implicit-88", "id-pkix1-implicit-88", NID_id_pkix1_implicit_88, 8, &so[1963]},
+    {"id-pkix1-explicit-93", "id-pkix1-explicit-93", NID_id_pkix1_explicit_93, 8, &so[1971]},
+    {"id-pkix1-implicit-93", "id-pkix1-implicit-93", NID_id_pkix1_implicit_93, 8, &so[1979]},
+    {"id-mod-crmf", "id-mod-crmf", NID_id_mod_crmf, 8, &so[1987]},
+    {"id-mod-cmc", "id-mod-cmc", NID_id_mod_cmc, 8, &so[1995]},
+    {"id-mod-kea-profile-88", "id-mod-kea-profile-88", NID_id_mod_kea_profile_88, 8, &so[2003]},
+    {"id-mod-kea-profile-93", "id-mod-kea-profile-93", NID_id_mod_kea_profile_93, 8, &so[2011]},
+    {"id-mod-cmp", "id-mod-cmp", NID_id_mod_cmp, 8, &so[2019]},
+    {"id-mod-qualified-cert-88", "id-mod-qualified-cert-88", NID_id_mod_qualified_cert_88, 8, &so[2027]},
+    {"id-mod-qualified-cert-93", "id-mod-qualified-cert-93", NID_id_mod_qualified_cert_93, 8, &so[2035]},
+    {"id-mod-attribute-cert", "id-mod-attribute-cert", NID_id_mod_attribute_cert, 8, &so[2043]},
+    {"id-mod-timestamp-protocol", "id-mod-timestamp-protocol", NID_id_mod_timestamp_protocol, 8, &so[2051]},
+    {"id-mod-ocsp", "id-mod-ocsp", NID_id_mod_ocsp, 8, &so[2059]},
+    {"id-mod-dvcs", "id-mod-dvcs", NID_id_mod_dvcs, 8, &so[2067]},
+    {"id-mod-cmp2000", "id-mod-cmp2000", NID_id_mod_cmp2000, 8, &so[2075]},
+    {"biometricInfo", "Biometric Info", NID_biometricInfo, 8, &so[2083]},
+    {"qcStatements", "qcStatements", NID_qcStatements, 8, &so[2091]},
+    {"ac-auditEntity", "ac-auditEntity", NID_ac_auditEntity, 8, &so[2099]},
+    {"ac-targeting", "ac-targeting", NID_ac_targeting, 8, &so[2107]},
+    {"aaControls", "aaControls", NID_aaControls, 8, &so[2115]},
+    {"sbgp-ipAddrBlock", "sbgp-ipAddrBlock", NID_sbgp_ipAddrBlock, 8, &so[2123]},
+    {"sbgp-autonomousSysNum", "sbgp-autonomousSysNum", NID_sbgp_autonomousSysNum, 8, &so[2131]},
+    {"sbgp-routerIdentifier", "sbgp-routerIdentifier", NID_sbgp_routerIdentifier, 8, &so[2139]},
+    {"textNotice", "textNotice", NID_textNotice, 8, &so[2147]},
+    {"ipsecEndSystem", "IPSec End System", NID_ipsecEndSystem, 8, &so[2155]},
+    {"ipsecTunnel", "IPSec Tunnel", NID_ipsecTunnel, 8, &so[2163]},
+    {"ipsecUser", "IPSec User", NID_ipsecUser, 8, &so[2171]},
+    {"DVCS", "dvcs", NID_dvcs, 8, &so[2179]},
+    {"id-it-caProtEncCert", "id-it-caProtEncCert", NID_id_it_caProtEncCert, 8, &so[2187]},
+    {"id-it-signKeyPairTypes", "id-it-signKeyPairTypes", NID_id_it_signKeyPairTypes, 8, &so[2195]},
+    {"id-it-encKeyPairTypes", "id-it-encKeyPairTypes", NID_id_it_encKeyPairTypes, 8, &so[2203]},
+    {"id-it-preferredSymmAlg", "id-it-preferredSymmAlg", NID_id_it_preferredSymmAlg, 8, &so[2211]},
+    {"id-it-caKeyUpdateInfo", "id-it-caKeyUpdateInfo", NID_id_it_caKeyUpdateInfo, 8, &so[2219]},
+    {"id-it-currentCRL", "id-it-currentCRL", NID_id_it_currentCRL, 8, &so[2227]},
+    {"id-it-unsupportedOIDs", "id-it-unsupportedOIDs", NID_id_it_unsupportedOIDs, 8, &so[2235]},
+    {"id-it-subscriptionRequest", "id-it-subscriptionRequest", NID_id_it_subscriptionRequest, 8, &so[2243]},
+    {"id-it-subscriptionResponse", "id-it-subscriptionResponse", NID_id_it_subscriptionResponse, 8, &so[2251]},
+    {"id-it-keyPairParamReq", "id-it-keyPairParamReq", NID_id_it_keyPairParamReq, 8, &so[2259]},
+    {"id-it-keyPairParamRep", "id-it-keyPairParamRep", NID_id_it_keyPairParamRep, 8, &so[2267]},
+    {"id-it-revPassphrase", "id-it-revPassphrase", NID_id_it_revPassphrase, 8, &so[2275]},
+    {"id-it-implicitConfirm", "id-it-implicitConfirm", NID_id_it_implicitConfirm, 8, &so[2283]},
+    {"id-it-confirmWaitTime", "id-it-confirmWaitTime", NID_id_it_confirmWaitTime, 8, &so[2291]},
+    {"id-it-origPKIMessage", "id-it-origPKIMessage", NID_id_it_origPKIMessage, 8, &so[2299]},
+    {"id-regCtrl", "id-regCtrl", NID_id_regCtrl, 8, &so[2307]},
+    {"id-regInfo", "id-regInfo", NID_id_regInfo, 8, &so[2315]},
+    {"id-regCtrl-regToken", "id-regCtrl-regToken", NID_id_regCtrl_regToken, 9, &so[2323]},
+    {"id-regCtrl-authenticator", "id-regCtrl-authenticator", NID_id_regCtrl_authenticator, 9, &so[2332]},
+    {"id-regCtrl-pkiPublicationInfo", "id-regCtrl-pkiPublicationInfo", NID_id_regCtrl_pkiPublicationInfo, 9, &so[2341]},
+    {"id-regCtrl-pkiArchiveOptions", "id-regCtrl-pkiArchiveOptions", NID_id_regCtrl_pkiArchiveOptions, 9, &so[2350]},
+    {"id-regCtrl-oldCertID", "id-regCtrl-oldCertID", NID_id_regCtrl_oldCertID, 9, &so[2359]},
+    {"id-regCtrl-protocolEncrKey", "id-regCtrl-protocolEncrKey", NID_id_regCtrl_protocolEncrKey, 9, &so[2368]},
+    {"id-regInfo-utf8Pairs", "id-regInfo-utf8Pairs", NID_id_regInfo_utf8Pairs, 9, &so[2377]},
+    {"id-regInfo-certReq", "id-regInfo-certReq", NID_id_regInfo_certReq, 9, &so[2386]},
+    {"id-alg-des40", "id-alg-des40", NID_id_alg_des40, 8, &so[2395]},
+    {"id-alg-noSignature", "id-alg-noSignature", NID_id_alg_noSignature, 8, &so[2403]},
+    {"id-alg-dh-sig-hmac-sha1", "id-alg-dh-sig-hmac-sha1", NID_id_alg_dh_sig_hmac_sha1, 8, &so[2411]},
+    {"id-alg-dh-pop", "id-alg-dh-pop", NID_id_alg_dh_pop, 8, &so[2419]},
+    {"id-cmc-statusInfo", "id-cmc-statusInfo", NID_id_cmc_statusInfo, 8, &so[2427]},
+    {"id-cmc-identification", "id-cmc-identification", NID_id_cmc_identification, 8, &so[2435]},
+    {"id-cmc-identityProof", "id-cmc-identityProof", NID_id_cmc_identityProof, 8, &so[2443]},
+    {"id-cmc-dataReturn", "id-cmc-dataReturn", NID_id_cmc_dataReturn, 8, &so[2451]},
+    {"id-cmc-transactionId", "id-cmc-transactionId", NID_id_cmc_transactionId, 8, &so[2459]},
+    {"id-cmc-senderNonce", "id-cmc-senderNonce", NID_id_cmc_senderNonce, 8, &so[2467]},
+    {"id-cmc-recipientNonce", "id-cmc-recipientNonce", NID_id_cmc_recipientNonce, 8, &so[2475]},
+    {"id-cmc-addExtensions", "id-cmc-addExtensions", NID_id_cmc_addExtensions, 8, &so[2483]},
+    {"id-cmc-encryptedPOP", "id-cmc-encryptedPOP", NID_id_cmc_encryptedPOP, 8, &so[2491]},
+    {"id-cmc-decryptedPOP", "id-cmc-decryptedPOP", NID_id_cmc_decryptedPOP, 8, &so[2499]},
+    {"id-cmc-lraPOPWitness", "id-cmc-lraPOPWitness", NID_id_cmc_lraPOPWitness, 8, &so[2507]},
+    {"id-cmc-getCert", "id-cmc-getCert", NID_id_cmc_getCert, 8, &so[2515]},
+    {"id-cmc-getCRL", "id-cmc-getCRL", NID_id_cmc_getCRL, 8, &so[2523]},
+    {"id-cmc-revokeRequest", "id-cmc-revokeRequest", NID_id_cmc_revokeRequest, 8, &so[2531]},
+    {"id-cmc-regInfo", "id-cmc-regInfo", NID_id_cmc_regInfo, 8, &so[2539]},
+    {"id-cmc-responseInfo", "id-cmc-responseInfo", NID_id_cmc_responseInfo, 8, &so[2547]},
+    {"id-cmc-queryPending", "id-cmc-queryPending", NID_id_cmc_queryPending, 8, &so[2555]},
+    {"id-cmc-popLinkRandom", "id-cmc-popLinkRandom", NID_id_cmc_popLinkRandom, 8, &so[2563]},
+    {"id-cmc-popLinkWitness", "id-cmc-popLinkWitness", NID_id_cmc_popLinkWitness, 8, &so[2571]},
+    {"id-cmc-confirmCertAcceptance", "id-cmc-confirmCertAcceptance", NID_id_cmc_confirmCertAcceptance, 8, &so[2579]},
+    {"id-on-personalData", "id-on-personalData", NID_id_on_personalData, 8, &so[2587]},
+    {"id-pda-dateOfBirth", "id-pda-dateOfBirth", NID_id_pda_dateOfBirth, 8, &so[2595]},
+    {"id-pda-placeOfBirth", "id-pda-placeOfBirth", NID_id_pda_placeOfBirth, 8, &so[2603]},
+    { NULL, NULL, NID_undef },
+    {"id-pda-gender", "id-pda-gender", NID_id_pda_gender, 8, &so[2611]},
+    {"id-pda-countryOfCitizenship", "id-pda-countryOfCitizenship", NID_id_pda_countryOfCitizenship, 8, &so[2619]},
+    {"id-pda-countryOfResidence", "id-pda-countryOfResidence", NID_id_pda_countryOfResidence, 8, &so[2627]},
+    {"id-aca-authenticationInfo", "id-aca-authenticationInfo", NID_id_aca_authenticationInfo, 8, &so[2635]},
+    {"id-aca-accessIdentity", "id-aca-accessIdentity", NID_id_aca_accessIdentity, 8, &so[2643]},
+    {"id-aca-chargingIdentity", "id-aca-chargingIdentity", NID_id_aca_chargingIdentity, 8, &so[2651]},
+    {"id-aca-group", "id-aca-group", NID_id_aca_group, 8, &so[2659]},
+    {"id-aca-role", "id-aca-role", NID_id_aca_role, 8, &so[2667]},
+    {"id-qcs-pkixQCSyntax-v1", "id-qcs-pkixQCSyntax-v1", NID_id_qcs_pkixQCSyntax_v1, 8, &so[2675]},
+    {"id-cct-crs", "id-cct-crs", NID_id_cct_crs, 8, &so[2683]},
+    {"id-cct-PKIData", "id-cct-PKIData", NID_id_cct_PKIData, 8, &so[2691]},
+    {"id-cct-PKIResponse", "id-cct-PKIResponse", NID_id_cct_PKIResponse, 8, &so[2699]},
+    {"ad_timestamping", "AD Time Stamping", NID_ad_timeStamping, 8, &so[2707]},
+    {"AD_DVCS", "ad dvcs", NID_ad_dvcs, 8, &so[2715]},
+    {"basicOCSPResponse", "Basic OCSP Response", NID_id_pkix_OCSP_basic, 9, &so[2723]},
+    {"Nonce", "OCSP Nonce", NID_id_pkix_OCSP_Nonce, 9, &so[2732]},
+    {"CrlID", "OCSP CRL ID", NID_id_pkix_OCSP_CrlID, 9, &so[2741]},
+    {"acceptableResponses", "Acceptable OCSP Responses", NID_id_pkix_OCSP_acceptableResponses, 9, &so[2750]},
+    {"noCheck", "OCSP No Check", NID_id_pkix_OCSP_noCheck, 9, &so[2759]},
+    {"archiveCutoff", "OCSP Archive Cutoff", NID_id_pkix_OCSP_archiveCutoff, 9, &so[2768]},
+    {"serviceLocator", "OCSP Service Locator", NID_id_pkix_OCSP_serviceLocator, 9, &so[2777]},
+    {"extendedStatus", "Extended OCSP Status", NID_id_pkix_OCSP_extendedStatus, 9, &so[2786]},
+    {"valid", "valid", NID_id_pkix_OCSP_valid, 9, &so[2795]},
+    {"path", "path", NID_id_pkix_OCSP_path, 9, &so[2804]},
+    {"trustRoot", "Trust Root", NID_id_pkix_OCSP_trustRoot, 9, &so[2813]},
+    {"algorithm", "algorithm", NID_algorithm, 4, &so[2822]},
+    {"rsaSignature", "rsaSignature", NID_rsaSignature, 5, &so[2826]},
+    {"X500algorithms", "directory services - algorithms", NID_X500algorithms, 2, &so[2831]},
+    {"ORG", "org", NID_org, 1, &so[2833]},
+    {"DOD", "dod", NID_dod, 2, &so[2834]},
+    {"IANA", "iana", NID_iana, 3, &so[2836]},
+    {"directory", "Directory", NID_Directory, 4, &so[2839]},
+    {"mgmt", "Management", NID_Management, 4, &so[2843]},
+    {"experimental", "Experimental", NID_Experimental, 4, &so[2847]},
+    {"private", "Private", NID_Private, 4, &so[2851]},
+    {"security", "Security", NID_Security, 4, &so[2855]},
+    {"snmpv2", "SNMPv2", NID_SNMPv2, 4, &so[2859]},
+    {"Mail", "Mail", NID_Mail, 4, &so[2863]},
+    {"enterprises", "Enterprises", NID_Enterprises, 5, &so[2867]},
+    {"dcobject", "dcObject", NID_dcObject, 9, &so[2872]},
+    {"DC", "domainComponent", NID_domainComponent, 10, &so[2881]},
+    {"domain", "Domain", NID_Domain, 10, &so[2891]},
+    {"NULL", "NULL", NID_joint_iso_ccitt},
+    {"selected-attribute-types", "Selected Attribute Types", NID_selected_attribute_types, 3, &so[2901]},
+    {"clearance", "clearance", NID_clearance, 4, &so[2904]},
+    {"RSA-MD4", "md4WithRSAEncryption", NID_md4WithRSAEncryption, 9, &so[2908]},
+    {"ac-proxying", "ac-proxying", NID_ac_proxying, 8, &so[2917]},
+    {"subjectInfoAccess", "Subject Information Access", NID_sinfo_access, 8, &so[2925]},
+    {"id-aca-encAttrs", "id-aca-encAttrs", NID_id_aca_encAttrs, 8, &so[2933]},
+    {"role", "role", NID_role, 3, &so[2941]},
+    {"policyConstraints", "X509v3 Policy Constraints", NID_policy_constraints, 3, &so[2944]},
+    {"targetInformation", "X509v3 AC Targeting", NID_target_information, 3, &so[2947]},
+    {"noRevAvail", "X509v3 No Revocation Available", NID_no_rev_avail, 3, &so[2950]},
+    {"NULL", "NULL", NID_ccitt},
+    {"ansi-X9-62", "ANSI X9.62", NID_ansi_X9_62, 5, &so[2953]},
+    {"prime-field", "prime-field", NID_X9_62_prime_field, 7, &so[2958]},
+    {"characteristic-two-field", "characteristic-two-field", NID_X9_62_characteristic_two_field, 7, &so[2965]},
+    {"id-ecPublicKey", "id-ecPublicKey", NID_X9_62_id_ecPublicKey, 7, &so[2972]},
+    {"prime192v1", "prime192v1", NID_X9_62_prime192v1, 8, &so[2979]},
+    {"prime192v2", "prime192v2", NID_X9_62_prime192v2, 8, &so[2987]},
+    {"prime192v3", "prime192v3", NID_X9_62_prime192v3, 8, &so[2995]},
+    {"prime239v1", "prime239v1", NID_X9_62_prime239v1, 8, &so[3003]},
+    {"prime239v2", "prime239v2", NID_X9_62_prime239v2, 8, &so[3011]},
+    {"prime239v3", "prime239v3", NID_X9_62_prime239v3, 8, &so[3019]},
+    {"prime256v1", "prime256v1", NID_X9_62_prime256v1, 8, &so[3027]},
+    {"ecdsa-with-SHA1", "ecdsa-with-SHA1", NID_ecdsa_with_SHA1, 7, &so[3035]},
+    {"CSPName", "Microsoft CSP Name", NID_ms_csp_name, 9, &so[3042]},
+    {"AES-128-ECB", "aes-128-ecb", NID_aes_128_ecb, 9, &so[3051]},
+    {"AES-128-CBC", "aes-128-cbc", NID_aes_128_cbc, 9, &so[3060]},
+    {"AES-128-OFB", "aes-128-ofb", NID_aes_128_ofb128, 9, &so[3069]},
+    {"AES-128-CFB", "aes-128-cfb", NID_aes_128_cfb128, 9, &so[3078]},
+    {"AES-192-ECB", "aes-192-ecb", NID_aes_192_ecb, 9, &so[3087]},
+    {"AES-192-CBC", "aes-192-cbc", NID_aes_192_cbc, 9, &so[3096]},
+    {"AES-192-OFB", "aes-192-ofb", NID_aes_192_ofb128, 9, &so[3105]},
+    {"AES-192-CFB", "aes-192-cfb", NID_aes_192_cfb128, 9, &so[3114]},
+    {"AES-256-ECB", "aes-256-ecb", NID_aes_256_ecb, 9, &so[3123]},
+    {"AES-256-CBC", "aes-256-cbc", NID_aes_256_cbc, 9, &so[3132]},
+    {"AES-256-OFB", "aes-256-ofb", NID_aes_256_ofb128, 9, &so[3141]},
+    {"AES-256-CFB", "aes-256-cfb", NID_aes_256_cfb128, 9, &so[3150]},
+    {"holdInstructionCode", "Hold Instruction Code", NID_hold_instruction_code, 3, &so[3159]},
+    {"holdInstructionNone", "Hold Instruction None", NID_hold_instruction_none, 7, &so[3162]},
+    {"holdInstructionCallIssuer", "Hold Instruction Call Issuer", NID_hold_instruction_call_issuer, 7, &so[3169]},
+    {"holdInstructionReject", "Hold Instruction Reject", NID_hold_instruction_reject, 7, &so[3176]},
+    {"data", "data", NID_data, 1, &so[3183]},
+    {"pss", "pss", NID_pss, 3, &so[3184]},
+    {"ucl", "ucl", NID_ucl, 7, &so[3187]},
+    {"pilot", "pilot", NID_pilot, 8, &so[3194]},
+    {"pilotAttributeType", "pilotAttributeType", NID_pilotAttributeType, 9, &so[3202]},
+    {"pilotAttributeSyntax", "pilotAttributeSyntax", NID_pilotAttributeSyntax, 9, &so[3211]},
+    {"pilotObjectClass", "pilotObjectClass", NID_pilotObjectClass, 9, &so[3220]},
+    {"pilotGroups", "pilotGroups", NID_pilotGroups, 9, &so[3229]},
+    {"iA5StringSyntax", "iA5StringSyntax", NID_iA5StringSyntax, 10, &so[3238]},
+    {"caseIgnoreIA5StringSyntax", "caseIgnoreIA5StringSyntax", NID_caseIgnoreIA5StringSyntax, 10, &so[3248]},
+    {"pilotObject", "pilotObject", NID_pilotObject, 10, &so[3258]},
+    {"pilotPerson", "pilotPerson", NID_pilotPerson, 10, &so[3268]},
+    {"account", "account", NID_account, 10, &so[3278]},
+    {"document", "document", NID_document, 10, &so[3288]},
+    {"room", "room", NID_room, 10, &so[3298]},
+    {"documentSeries", "documentSeries", NID_documentSeries, 10, &so[3308]},
+    {"rFC822localPart", "rFC822localPart", NID_rFC822localPart, 10, &so[3318]},
+    {"dNSDomain", "dNSDomain", NID_dNSDomain, 10, &so[3328]},
+    {"domainRelatedObject", "domainRelatedObject", NID_domainRelatedObject, 10, &so[3338]},
+    {"friendlyCountry", "friendlyCountry", NID_friendlyCountry, 10, &so[3348]},
+    {"simpleSecurityObject", "simpleSecurityObject", NID_simpleSecurityObject, 10, &so[3358]},
+    {"pilotOrganization", "pilotOrganization", NID_pilotOrganization, 10, &so[3368]},
+    {"pilotDSA", "pilotDSA", NID_pilotDSA, 10, &so[3378]},
+    {"qualityLabelledData", "qualityLabelledData", NID_qualityLabelledData, 10, &so[3388]},
+    {"UID", "userId", NID_userId, 10, &so[3398]},
+    {"textEncodedORAddress", "textEncodedORAddress", NID_textEncodedORAddress, 10, &so[3408]},
+    {"mail", "rfc822Mailbox", NID_rfc822Mailbox, 10, &so[3418]},
+    {"info", "info", NID_info, 10, &so[3428]},
+    {"favouriteDrink", "favouriteDrink", NID_favouriteDrink, 10, &so[3438]},
+    {"roomNumber", "roomNumber", NID_roomNumber, 10, &so[3448]},
+    {"photo", "photo", NID_photo, 10, &so[3458]},
+    {"userClass", "userClass", NID_userClass, 10, &so[3468]},
+    {"host", "host", NID_host, 10, &so[3478]},
+    {"manager", "manager", NID_manager, 10, &so[3488]},
+    {"documentIdentifier", "documentIdentifier", NID_documentIdentifier, 10, &so[3498]},
+    {"documentTitle", "documentTitle", NID_documentTitle, 10, &so[3508]},
+    {"documentVersion", "documentVersion", NID_documentVersion, 10, &so[3518]},
+    {"documentAuthor", "documentAuthor", NID_documentAuthor, 10, &so[3528]},
+    {"documentLocation", "documentLocation", NID_documentLocation, 10, &so[3538]},
+    {"homeTelephoneNumber", "homeTelephoneNumber", NID_homeTelephoneNumber, 10, &so[3548]},
+    {"secretary", "secretary", NID_secretary, 10, &so[3558]},
+    {"otherMailbox", "otherMailbox", NID_otherMailbox, 10, &so[3568]},
+    {"lastModifiedTime", "lastModifiedTime", NID_lastModifiedTime, 10, &so[3578]},
+    {"lastModifiedBy", "lastModifiedBy", NID_lastModifiedBy, 10, &so[3588]},
+    {"aRecord", "aRecord", NID_aRecord, 10, &so[3598]},
+    {"pilotAttributeType27", "pilotAttributeType27", NID_pilotAttributeType27, 10, &so[3608]},
+    {"mXRecord", "mXRecord", NID_mXRecord, 10, &so[3618]},
+    {"nSRecord", "nSRecord", NID_nSRecord, 10, &so[3628]},
+    {"sOARecord", "sOARecord", NID_sOARecord, 10, &so[3638]},
+    {"cNAMERecord", "cNAMERecord", NID_cNAMERecord, 10, &so[3648]},
+    {"associatedDomain", "associatedDomain", NID_associatedDomain, 10, &so[3658]},
+    {"associatedName", "associatedName", NID_associatedName, 10, &so[3668]},
+    {"homePostalAddress", "homePostalAddress", NID_homePostalAddress, 10, &so[3678]},
+    {"personalTitle", "personalTitle", NID_personalTitle, 10, &so[3688]},
+    {"mobileTelephoneNumber", "mobileTelephoneNumber", NID_mobileTelephoneNumber, 10, &so[3698]},
+    {"pagerTelephoneNumber", "pagerTelephoneNumber", NID_pagerTelephoneNumber, 10, &so[3708]},
+    {"friendlyCountryName", "friendlyCountryName", NID_friendlyCountryName, 10, &so[3718]},
+    {"organizationalStatus", "organizationalStatus", NID_organizationalStatus, 10, &so[3728]},
+    {"janetMailbox", "janetMailbox", NID_janetMailbox, 10, &so[3738]},
+    {"mailPreferenceOption", "mailPreferenceOption", NID_mailPreferenceOption, 10, &so[3748]},
+    {"buildingName", "buildingName", NID_buildingName, 10, &so[3758]},
+    {"dSAQuality", "dSAQuality", NID_dSAQuality, 10, &so[3768]},
+    {"singleLevelQuality", "singleLevelQuality", NID_singleLevelQuality, 10, &so[3778]},
+    {"subtreeMinimumQuality", "subtreeMinimumQuality", NID_subtreeMinimumQuality, 10, &so[3788]},
+    {"subtreeMaximumQuality", "subtreeMaximumQuality", NID_subtreeMaximumQuality, 10, &so[3798]},
+    {"personalSignature", "personalSignature", NID_personalSignature, 10, &so[3808]},
+    {"dITRedirect", "dITRedirect", NID_dITRedirect, 10, &so[3818]},
+    {"audio", "audio", NID_audio, 10, &so[3828]},
+    {"documentPublisher", "documentPublisher", NID_documentPublisher, 10, &so[3838]},
+    {"x500UniqueIdentifier", "x500UniqueIdentifier", NID_x500UniqueIdentifier, 3, &so[3848]},
+    {"mime-mhs", "MIME MHS", NID_mime_mhs, 5, &so[3851]},
+    {"mime-mhs-headings", "mime-mhs-headings", NID_mime_mhs_headings, 6, &so[3856]},
+    {"mime-mhs-bodies", "mime-mhs-bodies", NID_mime_mhs_bodies, 6, &so[3862]},
+    {"id-hex-partial-message", "id-hex-partial-message", NID_id_hex_partial_message, 7, &so[3868]},
+    {"id-hex-multipart-message", "id-hex-multipart-message", NID_id_hex_multipart_message, 7, &so[3875]},
+    {"generationQualifier", "generationQualifier", NID_generationQualifier, 3, &so[3882]},
+    {"pseudonym", "pseudonym", NID_pseudonym, 3, &so[3885]},
+    { NULL, NULL, NID_undef },
+    {"id-set", "Secure Electronic Transactions", NID_id_set, 2, &so[3888]},
+    {"set-ctype", "content types", NID_set_ctype, 3, &so[3890]},
+    {"set-msgExt", "message extensions", NID_set_msgExt, 3, &so[3893]},
+    {"set-attr", "set-attr", NID_set_attr, 3, &so[3896]},
+    {"set-policy", "set-policy", NID_set_policy, 3, &so[3899]},
+    {"set-certExt", "certificate extensions", NID_set_certExt, 3, &so[3902]},
+    {"set-brand", "set-brand", NID_set_brand, 3, &so[3905]},
+    {"setct-PANData", "setct-PANData", NID_setct_PANData, 4, &so[3908]},
+    {"setct-PANToken", "setct-PANToken", NID_setct_PANToken, 4, &so[3912]},
+    {"setct-PANOnly", "setct-PANOnly", NID_setct_PANOnly, 4, &so[3916]},
+    {"setct-OIData", "setct-OIData", NID_setct_OIData, 4, &so[3920]},
+    {"setct-PI", "setct-PI", NID_setct_PI, 4, &so[3924]},
+    {"setct-PIData", "setct-PIData", NID_setct_PIData, 4, &so[3928]},
+    {"setct-PIDataUnsigned", "setct-PIDataUnsigned", NID_setct_PIDataUnsigned, 4, &so[3932]},
+    {"setct-HODInput", "setct-HODInput", NID_setct_HODInput, 4, &so[3936]},
+    {"setct-AuthResBaggage", "setct-AuthResBaggage", NID_setct_AuthResBaggage, 4, &so[3940]},
+    {"setct-AuthRevReqBaggage", "setct-AuthRevReqBaggage", NID_setct_AuthRevReqBaggage, 4, &so[3944]},
+    {"setct-AuthRevResBaggage", "setct-AuthRevResBaggage", NID_setct_AuthRevResBaggage, 4, &so[3948]},
+    {"setct-CapTokenSeq", "setct-CapTokenSeq", NID_setct_CapTokenSeq, 4, &so[3952]},
+    {"setct-PInitResData", "setct-PInitResData", NID_setct_PInitResData, 4, &so[3956]},
+    {"setct-PI-TBS", "setct-PI-TBS", NID_setct_PI_TBS, 4, &so[3960]},
+    {"setct-PResData", "setct-PResData", NID_setct_PResData, 4, &so[3964]},
+    {"setct-AuthReqTBS", "setct-AuthReqTBS", NID_setct_AuthReqTBS, 4, &so[3968]},
+    {"setct-AuthResTBS", "setct-AuthResTBS", NID_setct_AuthResTBS, 4, &so[3972]},
+    {"setct-AuthResTBSX", "setct-AuthResTBSX", NID_setct_AuthResTBSX, 4, &so[3976]},
+    {"setct-AuthTokenTBS", "setct-AuthTokenTBS", NID_setct_AuthTokenTBS, 4, &so[3980]},
+    {"setct-CapTokenData", "setct-CapTokenData", NID_setct_CapTokenData, 4, &so[3984]},
+    {"setct-CapTokenTBS", "setct-CapTokenTBS", NID_setct_CapTokenTBS, 4, &so[3988]},
+    {"setct-AcqCardCodeMsg", "setct-AcqCardCodeMsg", NID_setct_AcqCardCodeMsg, 4, &so[3992]},
+    {"setct-AuthRevReqTBS", "setct-AuthRevReqTBS", NID_setct_AuthRevReqTBS, 4, &so[3996]},
+    {"setct-AuthRevResData", "setct-AuthRevResData", NID_setct_AuthRevResData, 4, &so[4000]},
+    {"setct-AuthRevResTBS", "setct-AuthRevResTBS", NID_setct_AuthRevResTBS, 4, &so[4004]},
+    {"setct-CapReqTBS", "setct-CapReqTBS", NID_setct_CapReqTBS, 4, &so[4008]},
+    {"setct-CapReqTBSX", "setct-CapReqTBSX", NID_setct_CapReqTBSX, 4, &so[4012]},
+    {"setct-CapResData", "setct-CapResData", NID_setct_CapResData, 4, &so[4016]},
+    {"setct-CapRevReqTBS", "setct-CapRevReqTBS", NID_setct_CapRevReqTBS, 4, &so[4020]},
+    {"setct-CapRevReqTBSX", "setct-CapRevReqTBSX", NID_setct_CapRevReqTBSX, 4, &so[4024]},
+    {"setct-CapRevResData", "setct-CapRevResData", NID_setct_CapRevResData, 4, &so[4028]},
+    {"setct-CredReqTBS", "setct-CredReqTBS", NID_setct_CredReqTBS, 4, &so[4032]},
+    {"setct-CredReqTBSX", "setct-CredReqTBSX", NID_setct_CredReqTBSX, 4, &so[4036]},
+    {"setct-CredResData", "setct-CredResData", NID_setct_CredResData, 4, &so[4040]},
+    {"setct-CredRevReqTBS", "setct-CredRevReqTBS", NID_setct_CredRevReqTBS, 4, &so[4044]},
+    {"setct-CredRevReqTBSX", "setct-CredRevReqTBSX", NID_setct_CredRevReqTBSX, 4, &so[4048]},
+    {"setct-CredRevResData", "setct-CredRevResData", NID_setct_CredRevResData, 4, &so[4052]},
+    {"setct-PCertReqData", "setct-PCertReqData", NID_setct_PCertReqData, 4, &so[4056]},
+    {"setct-PCertResTBS", "setct-PCertResTBS", NID_setct_PCertResTBS, 4, &so[4060]},
+    {"setct-BatchAdminReqData", "setct-BatchAdminReqData", NID_setct_BatchAdminReqData, 4, &so[4064]},
+    {"setct-BatchAdminResData", "setct-BatchAdminResData", NID_setct_BatchAdminResData, 4, &so[4068]},
+    {"setct-CardCInitResTBS", "setct-CardCInitResTBS", NID_setct_CardCInitResTBS, 4, &so[4072]},
+    {"setct-MeAqCInitResTBS", "setct-MeAqCInitResTBS", NID_setct_MeAqCInitResTBS, 4, &so[4076]},
+    {"setct-RegFormResTBS", "setct-RegFormResTBS", NID_setct_RegFormResTBS, 4, &so[4080]},
+    {"setct-CertReqData", "setct-CertReqData", NID_setct_CertReqData, 4, &so[4084]},
+    {"setct-CertReqTBS", "setct-CertReqTBS", NID_setct_CertReqTBS, 4, &so[4088]},
+    {"setct-CertResData", "setct-CertResData", NID_setct_CertResData, 4, &so[4092]},
+    {"setct-CertInqReqTBS", "setct-CertInqReqTBS", NID_setct_CertInqReqTBS, 4, &so[4096]},
+    {"setct-ErrorTBS", "setct-ErrorTBS", NID_setct_ErrorTBS, 4, &so[4100]},
+    {"setct-PIDualSignedTBE", "setct-PIDualSignedTBE", NID_setct_PIDualSignedTBE, 4, &so[4104]},
+    {"setct-PIUnsignedTBE", "setct-PIUnsignedTBE", NID_setct_PIUnsignedTBE, 4, &so[4108]},
+    {"setct-AuthReqTBE", "setct-AuthReqTBE", NID_setct_AuthReqTBE, 4, &so[4112]},
+    {"setct-AuthResTBE", "setct-AuthResTBE", NID_setct_AuthResTBE, 4, &so[4116]},
+    {"setct-AuthResTBEX", "setct-AuthResTBEX", NID_setct_AuthResTBEX, 4, &so[4120]},
+    {"setct-AuthTokenTBE", "setct-AuthTokenTBE", NID_setct_AuthTokenTBE, 4, &so[4124]},
+    {"setct-CapTokenTBE", "setct-CapTokenTBE", NID_setct_CapTokenTBE, 4, &so[4128]},
+    {"setct-CapTokenTBEX", "setct-CapTokenTBEX", NID_setct_CapTokenTBEX, 4, &so[4132]},
+    {"setct-AcqCardCodeMsgTBE", "setct-AcqCardCodeMsgTBE", NID_setct_AcqCardCodeMsgTBE, 4, &so[4136]},
+    {"setct-AuthRevReqTBE", "setct-AuthRevReqTBE", NID_setct_AuthRevReqTBE, 4, &so[4140]},
+    {"setct-AuthRevResTBE", "setct-AuthRevResTBE", NID_setct_AuthRevResTBE, 4, &so[4144]},
+    {"setct-AuthRevResTBEB", "setct-AuthRevResTBEB", NID_setct_AuthRevResTBEB, 4, &so[4148]},
+    {"setct-CapReqTBE", "setct-CapReqTBE", NID_setct_CapReqTBE, 4, &so[4152]},
+    {"setct-CapReqTBEX", "setct-CapReqTBEX", NID_setct_CapReqTBEX, 4, &so[4156]},
+    {"setct-CapResTBE", "setct-CapResTBE", NID_setct_CapResTBE, 4, &so[4160]},
+    {"setct-CapRevReqTBE", "setct-CapRevReqTBE", NID_setct_CapRevReqTBE, 4, &so[4164]},
+    {"setct-CapRevReqTBEX", "setct-CapRevReqTBEX", NID_setct_CapRevReqTBEX, 4, &so[4168]},
+    {"setct-CapRevResTBE", "setct-CapRevResTBE", NID_setct_CapRevResTBE, 4, &so[4172]},
+    {"setct-CredReqTBE", "setct-CredReqTBE", NID_setct_CredReqTBE, 4, &so[4176]},
+    {"setct-CredReqTBEX", "setct-CredReqTBEX", NID_setct_CredReqTBEX, 4, &so[4180]},
+    {"setct-CredResTBE", "setct-CredResTBE", NID_setct_CredResTBE, 4, &so[4184]},
+    {"setct-CredRevReqTBE", "setct-CredRevReqTBE", NID_setct_CredRevReqTBE, 4, &so[4188]},
+    {"setct-CredRevReqTBEX", "setct-CredRevReqTBEX", NID_setct_CredRevReqTBEX, 4, &so[4192]},
+    {"setct-CredRevResTBE", "setct-CredRevResTBE", NID_setct_CredRevResTBE, 4, &so[4196]},
+    {"setct-BatchAdminReqTBE", "setct-BatchAdminReqTBE", NID_setct_BatchAdminReqTBE, 4, &so[4200]},
+    {"setct-BatchAdminResTBE", "setct-BatchAdminResTBE", NID_setct_BatchAdminResTBE, 4, &so[4204]},
+    {"setct-RegFormReqTBE", "setct-RegFormReqTBE", NID_setct_RegFormReqTBE, 4, &so[4208]},
+    {"setct-CertReqTBE", "setct-CertReqTBE", NID_setct_CertReqTBE, 4, &so[4212]},
+    {"setct-CertReqTBEX", "setct-CertReqTBEX", NID_setct_CertReqTBEX, 4, &so[4216]},
+    {"setct-CertResTBE", "setct-CertResTBE", NID_setct_CertResTBE, 4, &so[4220]},
+    {"setct-CRLNotificationTBS", "setct-CRLNotificationTBS", NID_setct_CRLNotificationTBS, 4, &so[4224]},
+    {"setct-CRLNotificationResTBS", "setct-CRLNotificationResTBS", NID_setct_CRLNotificationResTBS, 4, &so[4228]},
+    {"setct-BCIDistributionTBS", "setct-BCIDistributionTBS", NID_setct_BCIDistributionTBS, 4, &so[4232]},
+    {"setext-genCrypt", "generic cryptogram", NID_setext_genCrypt, 4, &so[4236]},
+    {"setext-miAuth", "merchant initiated auth", NID_setext_miAuth, 4, &so[4240]},
+    {"setext-pinSecure", "setext-pinSecure", NID_setext_pinSecure, 4, &so[4244]},
+    {"setext-pinAny", "setext-pinAny", NID_setext_pinAny, 4, &so[4248]},
+    {"setext-track2", "setext-track2", NID_setext_track2, 4, &so[4252]},
+    {"setext-cv", "additional verification", NID_setext_cv, 4, &so[4256]},
+    {"set-policy-root", "set-policy-root", NID_set_policy_root, 4, &so[4260]},
+    {"setCext-hashedRoot", "setCext-hashedRoot", NID_setCext_hashedRoot, 4, &so[4264]},
+    {"setCext-certType", "setCext-certType", NID_setCext_certType, 4, &so[4268]},
+    {"setCext-merchData", "setCext-merchData", NID_setCext_merchData, 4, &so[4272]},
+    {"setCext-cCertRequired", "setCext-cCertRequired", NID_setCext_cCertRequired, 4, &so[4276]},
+    {"setCext-tunneling", "setCext-tunneling", NID_setCext_tunneling, 4, &so[4280]},
+    {"setCext-setExt", "setCext-setExt", NID_setCext_setExt, 4, &so[4284]},
+    {"setCext-setQualf", "setCext-setQualf", NID_setCext_setQualf, 4, &so[4288]},
+    {"setCext-PGWYcapabilities", "setCext-PGWYcapabilities", NID_setCext_PGWYcapabilities, 4, &so[4292]},
+    {"setCext-TokenIdentifier", "setCext-TokenIdentifier", NID_setCext_TokenIdentifier, 4, &so[4296]},
+    {"setCext-Track2Data", "setCext-Track2Data", NID_setCext_Track2Data, 4, &so[4300]},
+    {"setCext-TokenType", "setCext-TokenType", NID_setCext_TokenType, 4, &so[4304]},
+    {"setCext-IssuerCapabilities", "setCext-IssuerCapabilities", NID_setCext_IssuerCapabilities, 4, &so[4308]},
+    {"setAttr-Cert", "setAttr-Cert", NID_setAttr_Cert, 4, &so[4312]},
+    {"setAttr-PGWYcap", "payment gateway capabilities", NID_setAttr_PGWYcap, 4, &so[4316]},
+    {"setAttr-TokenType", "setAttr-TokenType", NID_setAttr_TokenType, 4, &so[4320]},
+    {"setAttr-IssCap", "issuer capabilities", NID_setAttr_IssCap, 4, &so[4324]},
+    {"set-rootKeyThumb", "set-rootKeyThumb", NID_set_rootKeyThumb, 5, &so[4328]},
+    {"set-addPolicy", "set-addPolicy", NID_set_addPolicy, 5, &so[4333]},
+    {"setAttr-Token-EMV", "setAttr-Token-EMV", NID_setAttr_Token_EMV, 5, &so[4338]},
+    {"setAttr-Token-B0Prime", "setAttr-Token-B0Prime", NID_setAttr_Token_B0Prime, 5, &so[4343]},
+    {"setAttr-IssCap-CVM", "setAttr-IssCap-CVM", NID_setAttr_IssCap_CVM, 5, &so[4348]},
+    {"setAttr-IssCap-T2", "setAttr-IssCap-T2", NID_setAttr_IssCap_T2, 5, &so[4353]},
+    {"setAttr-IssCap-Sig", "setAttr-IssCap-Sig", NID_setAttr_IssCap_Sig, 5, &so[4358]},
+    {"setAttr-GenCryptgrm", "generate cryptogram", NID_setAttr_GenCryptgrm, 6, &so[4363]},
+    {"setAttr-T2Enc", "encrypted track 2", NID_setAttr_T2Enc, 6, &so[4369]},
+    {"setAttr-T2cleartxt", "cleartext track 2", NID_setAttr_T2cleartxt, 6, &so[4375]},
+    {"setAttr-TokICCsig", "ICC or token signature", NID_setAttr_TokICCsig, 6, &so[4381]},
+    {"setAttr-SecDevSig", "secure device signature", NID_setAttr_SecDevSig, 6, &so[4387]},
+    {"set-brand-IATA-ATA", "set-brand-IATA-ATA", NID_set_brand_IATA_ATA, 4, &so[4393]},
+    {"set-brand-Diners", "set-brand-Diners", NID_set_brand_Diners, 4, &so[4397]},
+    {"set-brand-AmericanExpress", "set-brand-AmericanExpress", NID_set_brand_AmericanExpress, 4, &so[4401]},
+    {"set-brand-JCB", "set-brand-JCB", NID_set_brand_JCB, 4, &so[4405]},
+    {"set-brand-Visa", "set-brand-Visa", NID_set_brand_Visa, 4, &so[4409]},
+    {"set-brand-MasterCard", "set-brand-MasterCard", NID_set_brand_MasterCard, 4, &so[4413]},
+    {"set-brand-Novus", "set-brand-Novus", NID_set_brand_Novus, 5, &so[4417]},
+    {"DES-CDMF", "des-cdmf", NID_des_cdmf, 8, &so[4422]},
+    {"rsaOAEPEncryptionSET", "rsaOAEPEncryptionSET", NID_rsaOAEPEncryptionSET, 9, &so[4430]},
+    {"ITU-T", "itu-t", NID_itu_t},
+    {"JOINT-ISO-ITU-T", "joint-iso-itu-t", NID_joint_iso_itu_t},
+    {"international-organizations", "International Organizations", NID_international_organizations, 1, &so[4439]},
+    {"msSmartcardLogin", "Microsoft Smartcardlogin", NID_ms_smartcard_login, 10, &so[4440]},
+    {"msUPN", "Microsoft Universal Principal Name", NID_ms_upn, 10, &so[4450]},
+    {"AES-128-CFB1", "aes-128-cfb1", NID_aes_128_cfb1},
+    {"AES-192-CFB1", "aes-192-cfb1", NID_aes_192_cfb1},
+    {"AES-256-CFB1", "aes-256-cfb1", NID_aes_256_cfb1},
+    {"AES-128-CFB8", "aes-128-cfb8", NID_aes_128_cfb8},
+    {"AES-192-CFB8", "aes-192-cfb8", NID_aes_192_cfb8},
+    {"AES-256-CFB8", "aes-256-cfb8", NID_aes_256_cfb8},
+    {"DES-CFB1", "des-cfb1", NID_des_cfb1},
+    {"DES-CFB8", "des-cfb8", NID_des_cfb8},
+    {"DES-EDE3-CFB1", "des-ede3-cfb1", NID_des_ede3_cfb1},
+    {"DES-EDE3-CFB8", "des-ede3-cfb8", NID_des_ede3_cfb8},
+    {"street", "streetAddress", NID_streetAddress, 3, &so[4460]},
+    {"postalCode", "postalCode", NID_postalCode, 3, &so[4463]},
+    {"id-ppl", "id-ppl", NID_id_ppl, 7, &so[4466]},
+    {"proxyCertInfo", "Proxy Certificate Information", NID_proxyCertInfo, 8, &so[4473]},
+    {"id-ppl-anyLanguage", "Any language", NID_id_ppl_anyLanguage, 8, &so[4481]},
+    {"id-ppl-inheritAll", "Inherit all", NID_id_ppl_inheritAll, 8, &so[4489]},
+    {"nameConstraints", "X509v3 Name Constraints", NID_name_constraints, 3, &so[4497]},
+    {"id-ppl-independent", "Independent", NID_Independent, 8, &so[4500]},
+    {"RSA-SHA256", "sha256WithRSAEncryption", NID_sha256WithRSAEncryption, 9, &so[4508]},
+    {"RSA-SHA384", "sha384WithRSAEncryption", NID_sha384WithRSAEncryption, 9, &so[4517]},
+    {"RSA-SHA512", "sha512WithRSAEncryption", NID_sha512WithRSAEncryption, 9, &so[4526]},
+    {"RSA-SHA224", "sha224WithRSAEncryption", NID_sha224WithRSAEncryption, 9, &so[4535]},
+    {"SHA256", "sha256", NID_sha256, 9, &so[4544]},
+    {"SHA384", "sha384", NID_sha384, 9, &so[4553]},
+    {"SHA512", "sha512", NID_sha512, 9, &so[4562]},
+    {"SHA224", "sha224", NID_sha224, 9, &so[4571]},
+    {"identified-organization", "identified-organization", NID_identified_organization, 1, &so[4580]},
+    {"certicom-arc", "certicom-arc", NID_certicom_arc, 3, &so[4581]},
+    {"wap", "wap", NID_wap, 2, &so[4584]},
+    {"wap-wsg", "wap-wsg", NID_wap_wsg, 3, &so[4586]},
+    {"id-characteristic-two-basis", "id-characteristic-two-basis", NID_X9_62_id_characteristic_two_basis, 8, &so[4589]},
+    {"onBasis", "onBasis", NID_X9_62_onBasis, 9, &so[4597]},
+    {"tpBasis", "tpBasis", NID_X9_62_tpBasis, 9, &so[4606]},
+    {"ppBasis", "ppBasis", NID_X9_62_ppBasis, 9, &so[4615]},
+    {"c2pnb163v1", "c2pnb163v1", NID_X9_62_c2pnb163v1, 8, &so[4624]},
+    {"c2pnb163v2", "c2pnb163v2", NID_X9_62_c2pnb163v2, 8, &so[4632]},
+    {"c2pnb163v3", "c2pnb163v3", NID_X9_62_c2pnb163v3, 8, &so[4640]},
+    {"c2pnb176v1", "c2pnb176v1", NID_X9_62_c2pnb176v1, 8, &so[4648]},
+    {"c2tnb191v1", "c2tnb191v1", NID_X9_62_c2tnb191v1, 8, &so[4656]},
+    {"c2tnb191v2", "c2tnb191v2", NID_X9_62_c2tnb191v2, 8, &so[4664]},
+    {"c2tnb191v3", "c2tnb191v3", NID_X9_62_c2tnb191v3, 8, &so[4672]},
+    {"c2onb191v4", "c2onb191v4", NID_X9_62_c2onb191v4, 8, &so[4680]},
+    {"c2onb191v5", "c2onb191v5", NID_X9_62_c2onb191v5, 8, &so[4688]},
+    {"c2pnb208w1", "c2pnb208w1", NID_X9_62_c2pnb208w1, 8, &so[4696]},
+    {"c2tnb239v1", "c2tnb239v1", NID_X9_62_c2tnb239v1, 8, &so[4704]},
+    {"c2tnb239v2", "c2tnb239v2", NID_X9_62_c2tnb239v2, 8, &so[4712]},
+    {"c2tnb239v3", "c2tnb239v3", NID_X9_62_c2tnb239v3, 8, &so[4720]},
+    {"c2onb239v4", "c2onb239v4", NID_X9_62_c2onb239v4, 8, &so[4728]},
+    {"c2onb239v5", "c2onb239v5", NID_X9_62_c2onb239v5, 8, &so[4736]},
+    {"c2pnb272w1", "c2pnb272w1", NID_X9_62_c2pnb272w1, 8, &so[4744]},
+    {"c2pnb304w1", "c2pnb304w1", NID_X9_62_c2pnb304w1, 8, &so[4752]},
+    {"c2tnb359v1", "c2tnb359v1", NID_X9_62_c2tnb359v1, 8, &so[4760]},
+    {"c2pnb368w1", "c2pnb368w1", NID_X9_62_c2pnb368w1, 8, &so[4768]},
+    {"c2tnb431r1", "c2tnb431r1", NID_X9_62_c2tnb431r1, 8, &so[4776]},
+    {"secp112r1", "secp112r1", NID_secp112r1, 5, &so[4784]},
+    {"secp112r2", "secp112r2", NID_secp112r2, 5, &so[4789]},
+    {"secp128r1", "secp128r1", NID_secp128r1, 5, &so[4794]},
+    {"secp128r2", "secp128r2", NID_secp128r2, 5, &so[4799]},
+    {"secp160k1", "secp160k1", NID_secp160k1, 5, &so[4804]},
+    {"secp160r1", "secp160r1", NID_secp160r1, 5, &so[4809]},
+    {"secp160r2", "secp160r2", NID_secp160r2, 5, &so[4814]},
+    {"secp192k1", "secp192k1", NID_secp192k1, 5, &so[4819]},
+    {"secp224k1", "secp224k1", NID_secp224k1, 5, &so[4824]},
+    {"secp224r1", "secp224r1", NID_secp224r1, 5, &so[4829]},
+    {"secp256k1", "secp256k1", NID_secp256k1, 5, &so[4834]},
+    {"secp384r1", "secp384r1", NID_secp384r1, 5, &so[4839]},
+    {"secp521r1", "secp521r1", NID_secp521r1, 5, &so[4844]},
+    {"sect113r1", "sect113r1", NID_sect113r1, 5, &so[4849]},
+    {"sect113r2", "sect113r2", NID_sect113r2, 5, &so[4854]},
+    {"sect131r1", "sect131r1", NID_sect131r1, 5, &so[4859]},
+    {"sect131r2", "sect131r2", NID_sect131r2, 5, &so[4864]},
+    {"sect163k1", "sect163k1", NID_sect163k1, 5, &so[4869]},
+    {"sect163r1", "sect163r1", NID_sect163r1, 5, &so[4874]},
+    {"sect163r2", "sect163r2", NID_sect163r2, 5, &so[4879]},
+    {"sect193r1", "sect193r1", NID_sect193r1, 5, &so[4884]},
+    {"sect193r2", "sect193r2", NID_sect193r2, 5, &so[4889]},
+    {"sect233k1", "sect233k1", NID_sect233k1, 5, &so[4894]},
+    {"sect233r1", "sect233r1", NID_sect233r1, 5, &so[4899]},
+    {"sect239k1", "sect239k1", NID_sect239k1, 5, &so[4904]},
+    {"sect283k1", "sect283k1", NID_sect283k1, 5, &so[4909]},
+    {"sect283r1", "sect283r1", NID_sect283r1, 5, &so[4914]},
+    {"sect409k1", "sect409k1", NID_sect409k1, 5, &so[4919]},
+    {"sect409r1", "sect409r1", NID_sect409r1, 5, &so[4924]},
+    {"sect571k1", "sect571k1", NID_sect571k1, 5, &so[4929]},
+    {"sect571r1", "sect571r1", NID_sect571r1, 5, &so[4934]},
+    {"wap-wsg-idm-ecid-wtls1", "wap-wsg-idm-ecid-wtls1", NID_wap_wsg_idm_ecid_wtls1, 5, &so[4939]},
+    {"wap-wsg-idm-ecid-wtls3", "wap-wsg-idm-ecid-wtls3", NID_wap_wsg_idm_ecid_wtls3, 5, &so[4944]},
+    {"wap-wsg-idm-ecid-wtls4", "wap-wsg-idm-ecid-wtls4", NID_wap_wsg_idm_ecid_wtls4, 5, &so[4949]},
+    {"wap-wsg-idm-ecid-wtls5", "wap-wsg-idm-ecid-wtls5", NID_wap_wsg_idm_ecid_wtls5, 5, &so[4954]},
+    {"wap-wsg-idm-ecid-wtls6", "wap-wsg-idm-ecid-wtls6", NID_wap_wsg_idm_ecid_wtls6, 5, &so[4959]},
+    {"wap-wsg-idm-ecid-wtls7", "wap-wsg-idm-ecid-wtls7", NID_wap_wsg_idm_ecid_wtls7, 5, &so[4964]},
+    {"wap-wsg-idm-ecid-wtls8", "wap-wsg-idm-ecid-wtls8", NID_wap_wsg_idm_ecid_wtls8, 5, &so[4969]},
+    {"wap-wsg-idm-ecid-wtls9", "wap-wsg-idm-ecid-wtls9", NID_wap_wsg_idm_ecid_wtls9, 5, &so[4974]},
+    {"wap-wsg-idm-ecid-wtls10", "wap-wsg-idm-ecid-wtls10", NID_wap_wsg_idm_ecid_wtls10, 5, &so[4979]},
+    {"wap-wsg-idm-ecid-wtls11", "wap-wsg-idm-ecid-wtls11", NID_wap_wsg_idm_ecid_wtls11, 5, &so[4984]},
+    {"wap-wsg-idm-ecid-wtls12", "wap-wsg-idm-ecid-wtls12", NID_wap_wsg_idm_ecid_wtls12, 5, &so[4989]},
+    {"anyPolicy", "X509v3 Any Policy", NID_any_policy, 4, &so[4994]},
+    {"policyMappings", "X509v3 Policy Mappings", NID_policy_mappings, 3, &so[4998]},
+    {"inhibitAnyPolicy", "X509v3 Inhibit Any Policy", NID_inhibit_any_policy, 3, &so[5001]},
+    {"Oakley-EC2N-3", "ipsec3", NID_ipsec3},
+    {"Oakley-EC2N-4", "ipsec4", NID_ipsec4},
+    {"CAMELLIA-128-CBC", "camellia-128-cbc", NID_camellia_128_cbc, 11, &so[5004]},
+    {"CAMELLIA-192-CBC", "camellia-192-cbc", NID_camellia_192_cbc, 11, &so[5015]},
+    {"CAMELLIA-256-CBC", "camellia-256-cbc", NID_camellia_256_cbc, 11, &so[5026]},
+    {"CAMELLIA-128-ECB", "camellia-128-ecb", NID_camellia_128_ecb, 8, &so[5037]},
+    {"CAMELLIA-192-ECB", "camellia-192-ecb", NID_camellia_192_ecb, 8, &so[5045]},
+    {"CAMELLIA-256-ECB", "camellia-256-ecb", NID_camellia_256_ecb, 8, &so[5053]},
+    {"CAMELLIA-128-CFB", "camellia-128-cfb", NID_camellia_128_cfb128, 8, &so[5061]},
+    {"CAMELLIA-192-CFB", "camellia-192-cfb", NID_camellia_192_cfb128, 8, &so[5069]},
+    {"CAMELLIA-256-CFB", "camellia-256-cfb", NID_camellia_256_cfb128, 8, &so[5077]},
+    {"CAMELLIA-128-CFB1", "camellia-128-cfb1", NID_camellia_128_cfb1},
+    {"CAMELLIA-192-CFB1", "camellia-192-cfb1", NID_camellia_192_cfb1},
+    {"CAMELLIA-256-CFB1", "camellia-256-cfb1", NID_camellia_256_cfb1},
+    {"CAMELLIA-128-CFB8", "camellia-128-cfb8", NID_camellia_128_cfb8},
+    {"CAMELLIA-192-CFB8", "camellia-192-cfb8", NID_camellia_192_cfb8},
+    {"CAMELLIA-256-CFB8", "camellia-256-cfb8", NID_camellia_256_cfb8},
+    {"CAMELLIA-128-OFB", "camellia-128-ofb", NID_camellia_128_ofb128, 8, &so[5085]},
+    {"CAMELLIA-192-OFB", "camellia-192-ofb", NID_camellia_192_ofb128, 8, &so[5093]},
+    {"CAMELLIA-256-OFB", "camellia-256-ofb", NID_camellia_256_ofb128, 8, &so[5101]},
+    {"subjectDirectoryAttributes", "X509v3 Subject Directory Attributes", NID_subject_directory_attributes, 3, &so[5109]},
+    {"issuingDistributionPoint", "X509v3 Issuing Distribution Point", NID_issuing_distribution_point, 3, &so[5112]},
+    {"certificateIssuer", "X509v3 Certificate Issuer", NID_certificate_issuer, 3, &so[5115]},
+    { NULL, NULL, NID_undef },
+    {"KISA", "kisa", NID_kisa, 6, &so[5118]},
+    { NULL, NULL, NID_undef },
+    { NULL, NULL, NID_undef },
+    {"SEED-ECB", "seed-ecb", NID_seed_ecb, 8, &so[5124]},
+    {"SEED-CBC", "seed-cbc", NID_seed_cbc, 8, &so[5132]},
+    {"SEED-OFB", "seed-ofb", NID_seed_ofb128, 8, &so[5140]},
+    {"SEED-CFB", "seed-cfb", NID_seed_cfb128, 8, &so[5148]},
+    {"HMAC-MD5", "hmac-md5", NID_hmac_md5, 8, &so[5156]},
+    {"HMAC-SHA1", "hmac-sha1", NID_hmac_sha1, 8, &so[5164]},
+    {"id-PasswordBasedMAC", "password based MAC", NID_id_PasswordBasedMAC, 9, &so[5172]},
+    {"id-DHBasedMac", "Diffie-Hellman based MAC", NID_id_DHBasedMac, 9, &so[5181]},
+    {"id-it-suppLangTags", "id-it-suppLangTags", NID_id_it_suppLangTags, 8, &so[5190]},
+    {"caRepository", "CA Repository", NID_caRepository, 8, &so[5198]},
+    {"id-smime-ct-compressedData", "id-smime-ct-compressedData", NID_id_smime_ct_compressedData, 11, &so[5206]},
+    {"id-ct-asciiTextWithCRLF", "id-ct-asciiTextWithCRLF", NID_id_ct_asciiTextWithCRLF, 11, &so[5217]},
+    {"id-aes128-wrap", "id-aes128-wrap", NID_id_aes128_wrap, 9, &so[5228]},
+    {"id-aes192-wrap", "id-aes192-wrap", NID_id_aes192_wrap, 9, &so[5237]},
+    {"id-aes256-wrap", "id-aes256-wrap", NID_id_aes256_wrap, 9, &so[5246]},
+    {"ecdsa-with-Recommended", "ecdsa-with-Recommended", NID_ecdsa_with_Recommended, 7, &so[5255]},
+    {"ecdsa-with-Specified", "ecdsa-with-Specified", NID_ecdsa_with_Specified, 7, &so[5262]},
+    {"ecdsa-with-SHA224", "ecdsa-with-SHA224", NID_ecdsa_with_SHA224, 8, &so[5269]},
+    {"ecdsa-with-SHA256", "ecdsa-with-SHA256", NID_ecdsa_with_SHA256, 8, &so[5277]},
+    {"ecdsa-with-SHA384", "ecdsa-with-SHA384", NID_ecdsa_with_SHA384, 8, &so[5285]},
+    {"ecdsa-with-SHA512", "ecdsa-with-SHA512", NID_ecdsa_with_SHA512, 8, &so[5293]},
+    {"hmacWithMD5", "hmacWithMD5", NID_hmacWithMD5, 8, &so[5301]},
+    {"hmacWithSHA224", "hmacWithSHA224", NID_hmacWithSHA224, 8, &so[5309]},
+    {"hmacWithSHA256", "hmacWithSHA256", NID_hmacWithSHA256, 8, &so[5317]},
+    {"hmacWithSHA384", "hmacWithSHA384", NID_hmacWithSHA384, 8, &so[5325]},
+    {"hmacWithSHA512", "hmacWithSHA512", NID_hmacWithSHA512, 8, &so[5333]},
+    {"dsa_with_SHA224", "dsa_with_SHA224", NID_dsa_with_SHA224, 9, &so[5341]},
+    {"dsa_with_SHA256", "dsa_with_SHA256", NID_dsa_with_SHA256, 9, &so[5350]},
+    {"whirlpool", "whirlpool", NID_whirlpool, 6, &so[5359]},
+    {"cryptopro", "cryptopro", NID_cryptopro, 5, &so[5365]},
+    {"cryptocom", "cryptocom", NID_cryptocom, 5, &so[5370]},
+    {"id-GostR3411-94-with-GostR3410-2001", "GOST R 34.11-94 with GOST R 34.10-2001", NID_id_GostR3411_94_with_GostR3410_2001, 6, &so[5375]},
+    {"id-GostR3411-94-with-GostR3410-94", "GOST R 34.11-94 with GOST R 34.10-94", NID_id_GostR3411_94_with_GostR3410_94, 6, &so[5381]},
+    {"md_gost94", "GOST R 34.11-94", NID_id_GostR3411_94, 6, &so[5387]},
+    {"id-HMACGostR3411-94", "HMAC GOST 34.11-94", NID_id_HMACGostR3411_94, 6, &so[5393]},
+    {"gost2001", "GOST R 34.10-2001", NID_id_GostR3410_2001, 6, &so[5399]},
+    {"gost94", "GOST R 34.10-94", NID_id_GostR3410_94, 6, &so[5405]},
+    {"gost89", "GOST 28147-89", NID_id_Gost28147_89, 6, &so[5411]},
+    {"gost89-cnt", "gost89-cnt", NID_gost89_cnt},
+    {"gost-mac", "GOST 28147-89 MAC", NID_id_Gost28147_89_MAC, 6, &so[5417]},
+    {"prf-gostr3411-94", "GOST R 34.11-94 PRF", NID_id_GostR3411_94_prf, 6, &so[5423]},
+    {"id-GostR3410-2001DH", "GOST R 34.10-2001 DH", NID_id_GostR3410_2001DH, 6, &so[5429]},
+    {"id-GostR3410-94DH", "GOST R 34.10-94 DH", NID_id_GostR3410_94DH, 6, &so[5435]},
+    {"id-Gost28147-89-CryptoPro-KeyMeshing", "id-Gost28147-89-CryptoPro-KeyMeshing", NID_id_Gost28147_89_CryptoPro_KeyMeshing, 7, &so[5441]},
+    {"id-Gost28147-89-None-KeyMeshing", "id-Gost28147-89-None-KeyMeshing", NID_id_Gost28147_89_None_KeyMeshing, 7, &so[5448]},
+    {"id-GostR3411-94-TestParamSet", "id-GostR3411-94-TestParamSet", NID_id_GostR3411_94_TestParamSet, 7, &so[5455]},
+    {"id-GostR3411-94-CryptoProParamSet", "id-GostR3411-94-CryptoProParamSet", NID_id_GostR3411_94_CryptoProParamSet, 7, &so[5462]},
+    {"id-Gost28147-89-TestParamSet", "id-Gost28147-89-TestParamSet", NID_id_Gost28147_89_TestParamSet, 7, &so[5469]},
+    {"id-Gost28147-89-CryptoPro-A-ParamSet", "id-Gost28147-89-CryptoPro-A-ParamSet", NID_id_Gost28147_89_CryptoPro_A_ParamSet, 7, &so[5476]},
+    {"id-Gost28147-89-CryptoPro-B-ParamSet", "id-Gost28147-89-CryptoPro-B-ParamSet", NID_id_Gost28147_89_CryptoPro_B_ParamSet, 7, &so[5483]},
+    {"id-Gost28147-89-CryptoPro-C-ParamSet", "id-Gost28147-89-CryptoPro-C-ParamSet", NID_id_Gost28147_89_CryptoPro_C_ParamSet, 7, &so[5490]},
+    {"id-Gost28147-89-CryptoPro-D-ParamSet", "id-Gost28147-89-CryptoPro-D-ParamSet", NID_id_Gost28147_89_CryptoPro_D_ParamSet, 7, &so[5497]},
+    {"id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet", "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet", NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet, 7, &so[5504]},
+    {"id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet", "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet", NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet, 7, &so[5511]},
+    {"id-Gost28147-89-CryptoPro-RIC-1-ParamSet", "id-Gost28147-89-CryptoPro-RIC-1-ParamSet", NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet, 7, &so[5518]},
+    {"id-GostR3410-94-TestParamSet", "id-GostR3410-94-TestParamSet", NID_id_GostR3410_94_TestParamSet, 7, &so[5525]},
+    {"id-GostR3410-94-CryptoPro-A-ParamSet", "id-GostR3410-94-CryptoPro-A-ParamSet", NID_id_GostR3410_94_CryptoPro_A_ParamSet, 7, &so[5532]},
+    {"id-GostR3410-94-CryptoPro-B-ParamSet", "id-GostR3410-94-CryptoPro-B-ParamSet", NID_id_GostR3410_94_CryptoPro_B_ParamSet, 7, &so[5539]},
+    {"id-GostR3410-94-CryptoPro-C-ParamSet", "id-GostR3410-94-CryptoPro-C-ParamSet", NID_id_GostR3410_94_CryptoPro_C_ParamSet, 7, &so[5546]},
+    {"id-GostR3410-94-CryptoPro-D-ParamSet", "id-GostR3410-94-CryptoPro-D-ParamSet", NID_id_GostR3410_94_CryptoPro_D_ParamSet, 7, &so[5553]},
+    {"id-GostR3410-94-CryptoPro-XchA-ParamSet", "id-GostR3410-94-CryptoPro-XchA-ParamSet", NID_id_GostR3410_94_CryptoPro_XchA_ParamSet, 7, &so[5560]},
+    {"id-GostR3410-94-CryptoPro-XchB-ParamSet", "id-GostR3410-94-CryptoPro-XchB-ParamSet", NID_id_GostR3410_94_CryptoPro_XchB_ParamSet, 7, &so[5567]},
+    {"id-GostR3410-94-CryptoPro-XchC-ParamSet", "id-GostR3410-94-CryptoPro-XchC-ParamSet", NID_id_GostR3410_94_CryptoPro_XchC_ParamSet, 7, &so[5574]},
+    {"id-GostR3410-2001-TestParamSet", "id-GostR3410-2001-TestParamSet", NID_id_GostR3410_2001_TestParamSet, 7, &so[5581]},
+    {"id-GostR3410-2001-CryptoPro-A-ParamSet", "id-GostR3410-2001-CryptoPro-A-ParamSet", NID_id_GostR3410_2001_CryptoPro_A_ParamSet, 7, &so[5588]},
+    {"id-GostR3410-2001-CryptoPro-B-ParamSet", "id-GostR3410-2001-CryptoPro-B-ParamSet", NID_id_GostR3410_2001_CryptoPro_B_ParamSet, 7, &so[5595]},
+    {"id-GostR3410-2001-CryptoPro-C-ParamSet", "id-GostR3410-2001-CryptoPro-C-ParamSet", NID_id_GostR3410_2001_CryptoPro_C_ParamSet, 7, &so[5602]},
+    {"id-GostR3410-2001-CryptoPro-XchA-ParamSet", "id-GostR3410-2001-CryptoPro-XchA-ParamSet", NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet, 7, &so[5609]},
+    {"id-GostR3410-2001-CryptoPro-XchB-ParamSet", "id-GostR3410-2001-CryptoPro-XchB-ParamSet", NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet, 7, &so[5616]},
+    {"id-GostR3410-94-a", "id-GostR3410-94-a", NID_id_GostR3410_94_a, 7, &so[5623]},
+    {"id-GostR3410-94-aBis", "id-GostR3410-94-aBis", NID_id_GostR3410_94_aBis, 7, &so[5630]},
+    {"id-GostR3410-94-b", "id-GostR3410-94-b", NID_id_GostR3410_94_b, 7, &so[5637]},
+    {"id-GostR3410-94-bBis", "id-GostR3410-94-bBis", NID_id_GostR3410_94_bBis, 7, &so[5644]},
+    {"id-Gost28147-89-cc", "GOST 28147-89 Cryptocom ParamSet", NID_id_Gost28147_89_cc, 8, &so[5651]},
+    {"gost94cc", "GOST 34.10-94 Cryptocom", NID_id_GostR3410_94_cc, 8, &so[5659]},
+    {"gost2001cc", "GOST 34.10-2001 Cryptocom", NID_id_GostR3410_2001_cc, 8, &so[5667]},
+    {"id-GostR3411-94-with-GostR3410-94-cc", "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom", NID_id_GostR3411_94_with_GostR3410_94_cc, 8, &so[5675]},
+    {"id-GostR3411-94-with-GostR3410-2001-cc", "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom", NID_id_GostR3411_94_with_GostR3410_2001_cc, 8, &so[5683]},
+    {"id-GostR3410-2001-ParamSet-cc", "GOST R 3410-2001 Parameter Set Cryptocom", NID_id_GostR3410_2001_ParamSet_cc, 8, &so[5691]},
+    {"HMAC", "hmac", NID_hmac},
+    {"LocalKeySet", "Microsoft Local Key set", NID_LocalKeySet, 9, &so[5699]},
+    {"freshestCRL", "X509v3 Freshest CRL", NID_freshest_crl, 3, &so[5708]},
+    {"id-on-permanentIdentifier", "Permanent Identifier", NID_id_on_permanentIdentifier, 8, &so[5711]},
+    {"searchGuide", "searchGuide", NID_searchGuide, 3, &so[5719]},
+    {"businessCategory", "businessCategory", NID_businessCategory, 3, &so[5722]},
+    {"postalAddress", "postalAddress", NID_postalAddress, 3, &so[5725]},
+    {"postOfficeBox", "postOfficeBox", NID_postOfficeBox, 3, &so[5728]},
+    {"physicalDeliveryOfficeName", "physicalDeliveryOfficeName", NID_physicalDeliveryOfficeName, 3, &so[5731]},
+    {"telephoneNumber", "telephoneNumber", NID_telephoneNumber, 3, &so[5734]},
+    {"telexNumber", "telexNumber", NID_telexNumber, 3, &so[5737]},
+    {"teletexTerminalIdentifier", "teletexTerminalIdentifier", NID_teletexTerminalIdentifier, 3, &so[5740]},
+    {"facsimileTelephoneNumber", "facsimileTelephoneNumber", NID_facsimileTelephoneNumber, 3, &so[5743]},
+    {"x121Address", "x121Address", NID_x121Address, 3, &so[5746]},
+    {"internationaliSDNNumber", "internationaliSDNNumber", NID_internationaliSDNNumber, 3, &so[5749]},
+    {"registeredAddress", "registeredAddress", NID_registeredAddress, 3, &so[5752]},
+    {"destinationIndicator", "destinationIndicator", NID_destinationIndicator, 3, &so[5755]},
+    {"preferredDeliveryMethod", "preferredDeliveryMethod", NID_preferredDeliveryMethod, 3, &so[5758]},
+    {"presentationAddress", "presentationAddress", NID_presentationAddress, 3, &so[5761]},
+    {"supportedApplicationContext", "supportedApplicationContext", NID_supportedApplicationContext, 3, &so[5764]},
+    {"member", "member", NID_member, 3, &so[5767]},
+    {"owner", "owner", NID_owner, 3, &so[5770]},
+    {"roleOccupant", "roleOccupant", NID_roleOccupant, 3, &so[5773]},
+    {"seeAlso", "seeAlso", NID_seeAlso, 3, &so[5776]},
+    {"userPassword", "userPassword", NID_userPassword, 3, &so[5779]},
+    {"userCertificate", "userCertificate", NID_userCertificate, 3, &so[5782]},
+    {"cACertificate", "cACertificate", NID_cACertificate, 3, &so[5785]},
+    {"authorityRevocationList", "authorityRevocationList", NID_authorityRevocationList, 3, &so[5788]},
+    {"certificateRevocationList", "certificateRevocationList", NID_certificateRevocationList, 3, &so[5791]},
+    {"crossCertificatePair", "crossCertificatePair", NID_crossCertificatePair, 3, &so[5794]},
+    {"enhancedSearchGuide", "enhancedSearchGuide", NID_enhancedSearchGuide, 3, &so[5797]},
+    {"protocolInformation", "protocolInformation", NID_protocolInformation, 3, &so[5800]},
+    {"distinguishedName", "distinguishedName", NID_distinguishedName, 3, &so[5803]},
+    {"uniqueMember", "uniqueMember", NID_uniqueMember, 3, &so[5806]},
+    {"houseIdentifier", "houseIdentifier", NID_houseIdentifier, 3, &so[5809]},
+    {"supportedAlgorithms", "supportedAlgorithms", NID_supportedAlgorithms, 3, &so[5812]},
+    {"deltaRevocationList", "deltaRevocationList", NID_deltaRevocationList, 3, &so[5815]},
+    {"dmdName", "dmdName", NID_dmdName, 3, &so[5818]},
+    {"id-alg-PWRI-KEK", "id-alg-PWRI-KEK", NID_id_alg_PWRI_KEK, 11, &so[5821]},
+    {"CMAC", "cmac", NID_cmac},
+    {"id-aes128-GCM", "aes-128-gcm", NID_aes_128_gcm, 9, &so[5832]},
+    {"id-aes128-CCM", "aes-128-ccm", NID_aes_128_ccm, 9, &so[5841]},
+    {"id-aes128-wrap-pad", "id-aes128-wrap-pad", NID_id_aes128_wrap_pad, 9, &so[5850]},
+    {"id-aes192-GCM", "aes-192-gcm", NID_aes_192_gcm, 9, &so[5859]},
+    {"id-aes192-CCM", "aes-192-ccm", NID_aes_192_ccm, 9, &so[5868]},
+    {"id-aes192-wrap-pad", "id-aes192-wrap-pad", NID_id_aes192_wrap_pad, 9, &so[5877]},
+    {"id-aes256-GCM", "aes-256-gcm", NID_aes_256_gcm, 9, &so[5886]},
+    {"id-aes256-CCM", "aes-256-ccm", NID_aes_256_ccm, 9, &so[5895]},
+    {"id-aes256-wrap-pad", "id-aes256-wrap-pad", NID_id_aes256_wrap_pad, 9, &so[5904]},
+    {"AES-128-CTR", "aes-128-ctr", NID_aes_128_ctr},
+    {"AES-192-CTR", "aes-192-ctr", NID_aes_192_ctr},
+    {"AES-256-CTR", "aes-256-ctr", NID_aes_256_ctr},
+    {"id-camellia128-wrap", "id-camellia128-wrap", NID_id_camellia128_wrap, 11, &so[5913]},
+    {"id-camellia192-wrap", "id-camellia192-wrap", NID_id_camellia192_wrap, 11, &so[5924]},
+    {"id-camellia256-wrap", "id-camellia256-wrap", NID_id_camellia256_wrap, 11, &so[5935]},
+    {"anyExtendedKeyUsage", "Any Extended Key Usage", NID_anyExtendedKeyUsage, 4, &so[5946]},
+    {"MGF1", "mgf1", NID_mgf1, 9, &so[5950]},
+    {"RSASSA-PSS", "rsassaPss", NID_rsassaPss, 9, &so[5959]},
+    {"AES-128-XTS", "aes-128-xts", NID_aes_128_xts, 8, &so[5968]},
+    {"AES-256-XTS", "aes-256-xts", NID_aes_256_xts, 8, &so[5976]},
+    {"RC4-HMAC-MD5", "rc4-hmac-md5", NID_rc4_hmac_md5},
+    {"AES-128-CBC-HMAC-SHA1", "aes-128-cbc-hmac-sha1", NID_aes_128_cbc_hmac_sha1},
+    {"AES-192-CBC-HMAC-SHA1", "aes-192-cbc-hmac-sha1", NID_aes_192_cbc_hmac_sha1},
+    {"AES-256-CBC-HMAC-SHA1", "aes-256-cbc-hmac-sha1", NID_aes_256_cbc_hmac_sha1},
+    {"RSAES-OAEP", "rsaesOaep", NID_rsaesOaep, 9, &so[5984]},
+    {"dhpublicnumber", "X9.42 DH", NID_dhpublicnumber, 7, &so[5993]},
+    {"brainpoolP160r1", "brainpoolP160r1", NID_brainpoolP160r1, 9, &so[6000]},
+    {"brainpoolP160t1", "brainpoolP160t1", NID_brainpoolP160t1, 9, &so[6009]},
+    {"brainpoolP192r1", "brainpoolP192r1", NID_brainpoolP192r1, 9, &so[6018]},
+    {"brainpoolP192t1", "brainpoolP192t1", NID_brainpoolP192t1, 9, &so[6027]},
+    {"brainpoolP224r1", "brainpoolP224r1", NID_brainpoolP224r1, 9, &so[6036]},
+    {"brainpoolP224t1", "brainpoolP224t1", NID_brainpoolP224t1, 9, &so[6045]},
+    {"brainpoolP256r1", "brainpoolP256r1", NID_brainpoolP256r1, 9, &so[6054]},
+    {"brainpoolP256t1", "brainpoolP256t1", NID_brainpoolP256t1, 9, &so[6063]},
+    {"brainpoolP320r1", "brainpoolP320r1", NID_brainpoolP320r1, 9, &so[6072]},
+    {"brainpoolP320t1", "brainpoolP320t1", NID_brainpoolP320t1, 9, &so[6081]},
+    {"brainpoolP384r1", "brainpoolP384r1", NID_brainpoolP384r1, 9, &so[6090]},
+    {"brainpoolP384t1", "brainpoolP384t1", NID_brainpoolP384t1, 9, &so[6099]},
+    {"brainpoolP512r1", "brainpoolP512r1", NID_brainpoolP512r1, 9, &so[6108]},
+    {"brainpoolP512t1", "brainpoolP512t1", NID_brainpoolP512t1, 9, &so[6117]},
+    {"PSPECIFIED", "pSpecified", NID_pSpecified, 9, &so[6126]},
+    {"dhSinglePass-stdDH-sha1kdf-scheme", "dhSinglePass-stdDH-sha1kdf-scheme", NID_dhSinglePass_stdDH_sha1kdf_scheme, 9, &so[6135]},
+    {"dhSinglePass-stdDH-sha224kdf-scheme", "dhSinglePass-stdDH-sha224kdf-scheme", NID_dhSinglePass_stdDH_sha224kdf_scheme, 6, &so[6144]},
+    {"dhSinglePass-stdDH-sha256kdf-scheme", "dhSinglePass-stdDH-sha256kdf-scheme", NID_dhSinglePass_stdDH_sha256kdf_scheme, 6, &so[6150]},
+    {"dhSinglePass-stdDH-sha384kdf-scheme", "dhSinglePass-stdDH-sha384kdf-scheme", NID_dhSinglePass_stdDH_sha384kdf_scheme, 6, &so[6156]},
+    {"dhSinglePass-stdDH-sha512kdf-scheme", "dhSinglePass-stdDH-sha512kdf-scheme", NID_dhSinglePass_stdDH_sha512kdf_scheme, 6, &so[6162]},
+    {"dhSinglePass-cofactorDH-sha1kdf-scheme", "dhSinglePass-cofactorDH-sha1kdf-scheme", NID_dhSinglePass_cofactorDH_sha1kdf_scheme, 9, &so[6168]},
+    {"dhSinglePass-cofactorDH-sha224kdf-scheme", "dhSinglePass-cofactorDH-sha224kdf-scheme", NID_dhSinglePass_cofactorDH_sha224kdf_scheme, 6, &so[6177]},
+    {"dhSinglePass-cofactorDH-sha256kdf-scheme", "dhSinglePass-cofactorDH-sha256kdf-scheme", NID_dhSinglePass_cofactorDH_sha256kdf_scheme, 6, &so[6183]},
+    {"dhSinglePass-cofactorDH-sha384kdf-scheme", "dhSinglePass-cofactorDH-sha384kdf-scheme", NID_dhSinglePass_cofactorDH_sha384kdf_scheme, 6, &so[6189]},
+    {"dhSinglePass-cofactorDH-sha512kdf-scheme", "dhSinglePass-cofactorDH-sha512kdf-scheme", NID_dhSinglePass_cofactorDH_sha512kdf_scheme, 6, &so[6195]},
+    {"dh-std-kdf", "dh-std-kdf", NID_dh_std_kdf},
+    {"dh-cofactor-kdf", "dh-cofactor-kdf", NID_dh_cofactor_kdf},
+    {"AES-128-CBC-HMAC-SHA256", "aes-128-cbc-hmac-sha256", NID_aes_128_cbc_hmac_sha256},
+    {"AES-192-CBC-HMAC-SHA256", "aes-192-cbc-hmac-sha256", NID_aes_192_cbc_hmac_sha256},
+    {"AES-256-CBC-HMAC-SHA256", "aes-256-cbc-hmac-sha256", NID_aes_256_cbc_hmac_sha256},
+    {"ct_precert_scts", "CT Precertificate SCTs", NID_ct_precert_scts, 10, &so[6201]},
+    {"ct_precert_poison", "CT Precertificate Poison", NID_ct_precert_poison, 10, &so[6211]},
+    {"ct_precert_signer", "CT Precertificate Signer", NID_ct_precert_signer, 10, &so[6221]},
+    {"ct_cert_scts", "CT Certificate SCTs", NID_ct_cert_scts, 10, &so[6231]},
+    {"jurisdictionL", "jurisdictionLocalityName", NID_jurisdictionLocalityName, 11, &so[6241]},
+    {"jurisdictionST", "jurisdictionStateOrProvinceName", NID_jurisdictionStateOrProvinceName, 11, &so[6252]},
+    {"jurisdictionC", "jurisdictionCountryName", NID_jurisdictionCountryName, 11, &so[6263]},
+    {"AES-128-OCB", "aes-128-ocb", NID_aes_128_ocb},
+    {"AES-192-OCB", "aes-192-ocb", NID_aes_192_ocb},
+    {"AES-256-OCB", "aes-256-ocb", NID_aes_256_ocb},
+    {"CAMELLIA-128-GCM", "camellia-128-gcm", NID_camellia_128_gcm, 8, &so[6274]},
+    {"CAMELLIA-128-CCM", "camellia-128-ccm", NID_camellia_128_ccm, 8, &so[6282]},
+    {"CAMELLIA-128-CTR", "camellia-128-ctr", NID_camellia_128_ctr, 8, &so[6290]},
+    {"CAMELLIA-128-CMAC", "camellia-128-cmac", NID_camellia_128_cmac, 8, &so[6298]},
+    {"CAMELLIA-192-GCM", "camellia-192-gcm", NID_camellia_192_gcm, 8, &so[6306]},
+    {"CAMELLIA-192-CCM", "camellia-192-ccm", NID_camellia_192_ccm, 8, &so[6314]},
+    {"CAMELLIA-192-CTR", "camellia-192-ctr", NID_camellia_192_ctr, 8, &so[6322]},
+    {"CAMELLIA-192-CMAC", "camellia-192-cmac", NID_camellia_192_cmac, 8, &so[6330]},
+    {"CAMELLIA-256-GCM", "camellia-256-gcm", NID_camellia_256_gcm, 8, &so[6338]},
+    {"CAMELLIA-256-CCM", "camellia-256-ccm", NID_camellia_256_ccm, 8, &so[6346]},
+    {"CAMELLIA-256-CTR", "camellia-256-ctr", NID_camellia_256_ctr, 8, &so[6354]},
+    {"CAMELLIA-256-CMAC", "camellia-256-cmac", NID_camellia_256_cmac, 8, &so[6362]},
+    {"id-scrypt", "scrypt", NID_id_scrypt, 9, &so[6370]},
+    {"id-tc26", "id-tc26", NID_id_tc26, 5, &so[6379]},
+    {"gost89-cnt-12", "gost89-cnt-12", NID_gost89_cnt_12},
+    {"gost-mac-12", "gost-mac-12", NID_gost_mac_12},
+    {"id-tc26-algorithms", "id-tc26-algorithms", NID_id_tc26_algorithms, 6, &so[6384]},
+    {"id-tc26-sign", "id-tc26-sign", NID_id_tc26_sign, 7, &so[6390]},
+    {"gost2012_256", "GOST R 34.10-2012 with 256 bit modulus", NID_id_GostR3410_2012_256, 8, &so[6397]},
+    {"gost2012_512", "GOST R 34.10-2012 with 512 bit modulus", NID_id_GostR3410_2012_512, 8, &so[6405]},
+    {"id-tc26-digest", "id-tc26-digest", NID_id_tc26_digest, 7, &so[6413]},
+    {"md_gost12_256", "GOST R 34.11-2012 with 256 bit hash", NID_id_GostR3411_2012_256, 8, &so[6420]},
+    {"md_gost12_512", "GOST R 34.11-2012 with 512 bit hash", NID_id_GostR3411_2012_512, 8, &so[6428]},
+    {"id-tc26-signwithdigest", "id-tc26-signwithdigest", NID_id_tc26_signwithdigest, 7, &so[6436]},
+    {"id-tc26-signwithdigest-gost3410-2012-256", "GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)", NID_id_tc26_signwithdigest_gost3410_2012_256, 8, &so[6443]},
+    {"id-tc26-signwithdigest-gost3410-2012-512", "GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)", NID_id_tc26_signwithdigest_gost3410_2012_512, 8, &so[6451]},
+    {"id-tc26-mac", "id-tc26-mac", NID_id_tc26_mac, 7, &so[6459]},
+    {"id-tc26-hmac-gost-3411-2012-256", "HMAC GOST 34.11-2012 256 bit", NID_id_tc26_hmac_gost_3411_2012_256, 8, &so[6466]},
+    {"id-tc26-hmac-gost-3411-2012-512", "HMAC GOST 34.11-2012 512 bit", NID_id_tc26_hmac_gost_3411_2012_512, 8, &so[6474]},
+    {"id-tc26-cipher", "id-tc26-cipher", NID_id_tc26_cipher, 7, &so[6482]},
+    {"id-tc26-agreement", "id-tc26-agreement", NID_id_tc26_agreement, 7, &so[6489]},
+    {"id-tc26-agreement-gost-3410-2012-256", "id-tc26-agreement-gost-3410-2012-256", NID_id_tc26_agreement_gost_3410_2012_256, 8, &so[6496]},
+    {"id-tc26-agreement-gost-3410-2012-512", "id-tc26-agreement-gost-3410-2012-512", NID_id_tc26_agreement_gost_3410_2012_512, 8, &so[6504]},
+    {"id-tc26-constants", "id-tc26-constants", NID_id_tc26_constants, 6, &so[6512]},
+    {"id-tc26-sign-constants", "id-tc26-sign-constants", NID_id_tc26_sign_constants, 7, &so[6518]},
+    {"id-tc26-gost-3410-2012-512-constants", "id-tc26-gost-3410-2012-512-constants", NID_id_tc26_gost_3410_2012_512_constants, 8, &so[6525]},
+    {"id-tc26-gost-3410-2012-512-paramSetTest", "GOST R 34.10-2012 (512 bit) testing parameter set", NID_id_tc26_gost_3410_2012_512_paramSetTest, 9, &so[6533]},
+    {"id-tc26-gost-3410-2012-512-paramSetA", "GOST R 34.10-2012 (512 bit) ParamSet A", NID_id_tc26_gost_3410_2012_512_paramSetA, 9, &so[6542]},
+    {"id-tc26-gost-3410-2012-512-paramSetB", "GOST R 34.10-2012 (512 bit) ParamSet B", NID_id_tc26_gost_3410_2012_512_paramSetB, 9, &so[6551]},
+    {"id-tc26-digest-constants", "id-tc26-digest-constants", NID_id_tc26_digest_constants, 7, &so[6560]},
+    {"id-tc26-cipher-constants", "id-tc26-cipher-constants", NID_id_tc26_cipher_constants, 7, &so[6567]},
+    {"id-tc26-gost-28147-constants", "id-tc26-gost-28147-constants", NID_id_tc26_gost_28147_constants, 8, &so[6574]},
+    {"id-tc26-gost-28147-param-Z", "GOST 28147-89 TC26 parameter set", NID_id_tc26_gost_28147_param_Z, 9, &so[6582]},
+    {"INN", "INN", NID_INN, 8, &so[6591]},
+    {"OGRN", "OGRN", NID_OGRN, 5, &so[6599]},
+    {"SNILS", "SNILS", NID_SNILS, 5, &so[6604]},
+    {"subjectSignTool", "Signing Tool of Subject", NID_subjectSignTool, 5, &so[6609]},
+    {"issuerSignTool", "Signing Tool of Issuer", NID_issuerSignTool, 5, &so[6614]},
+    {"gost89-cbc", "gost89-cbc", NID_gost89_cbc},
+    {"gost89-ecb", "gost89-ecb", NID_gost89_ecb},
+    {"gost89-ctr", "gost89-ctr", NID_gost89_ctr},
+    {"grasshopper-ecb", "grasshopper-ecb", NID_grasshopper_ecb},
+    {"grasshopper-ctr", "grasshopper-ctr", NID_grasshopper_ctr},
+    {"grasshopper-ofb", "grasshopper-ofb", NID_grasshopper_ofb},
+    {"grasshopper-cbc", "grasshopper-cbc", NID_grasshopper_cbc},
+    {"grasshopper-cfb", "grasshopper-cfb", NID_grasshopper_cfb},
+    {"grasshopper-mac", "grasshopper-mac", NID_grasshopper_mac},
+    {"ChaCha20-Poly1305", "chacha20-poly1305", NID_chacha20_poly1305},
+    {"ChaCha20", "chacha20", NID_chacha20},
+    {"tlsfeature", "TLS Feature", NID_tlsfeature, 8, &so[6619]},
+    {"TLS1-PRF", "tls1-prf", NID_tls1_prf},
+    {"ipsecIKE", "ipsec Internet Key Exchange", NID_ipsec_IKE, 8, &so[6627]},
+    {"capwapAC", "Ctrl/provision WAP Access", NID_capwapAC, 8, &so[6635]},
+    {"capwapWTP", "Ctrl/Provision WAP Termination", NID_capwapWTP, 8, &so[6643]},
+    {"secureShellClient", "SSH Client", NID_sshClient, 8, &so[6651]},
+    {"secureShellServer", "SSH Server", NID_sshServer, 8, &so[6659]},
+    {"sendRouter", "Send Router", NID_sendRouter, 8, &so[6667]},
+    {"sendProxiedRouter", "Send Proxied Router", NID_sendProxiedRouter, 8, &so[6675]},
+    {"sendOwner", "Send Owner", NID_sendOwner, 8, &so[6683]},
+    {"sendProxiedOwner", "Send Proxied Owner", NID_sendProxiedOwner, 8, &so[6691]},
+    {"id-pkinit", "id-pkinit", NID_id_pkinit, 6, &so[6699]},
+    {"pkInitClientAuth", "PKINIT Client Auth", NID_pkInitClientAuth, 7, &so[6705]},
+    {"pkInitKDC", "Signing KDC Response", NID_pkInitKDC, 7, &so[6712]},
+    {"X25519", "X25519", NID_X25519, 3, &so[6719]},
+    {"X448", "X448", NID_X448, 3, &so[6722]},
+    {"HKDF", "hkdf", NID_hkdf},
+    {"KxRSA", "kx-rsa", NID_kx_rsa},
+    {"KxECDHE", "kx-ecdhe", NID_kx_ecdhe},
+    {"KxDHE", "kx-dhe", NID_kx_dhe},
+    {"KxECDHE-PSK", "kx-ecdhe-psk", NID_kx_ecdhe_psk},
+    {"KxDHE-PSK", "kx-dhe-psk", NID_kx_dhe_psk},
+    {"KxRSA_PSK", "kx-rsa-psk", NID_kx_rsa_psk},
+    {"KxPSK", "kx-psk", NID_kx_psk},
+    {"KxSRP", "kx-srp", NID_kx_srp},
+    {"KxGOST", "kx-gost", NID_kx_gost},
+    {"AuthRSA", "auth-rsa", NID_auth_rsa},
+    {"AuthECDSA", "auth-ecdsa", NID_auth_ecdsa},
+    {"AuthPSK", "auth-psk", NID_auth_psk},
+    {"AuthDSS", "auth-dss", NID_auth_dss},
+    {"AuthGOST01", "auth-gost01", NID_auth_gost01},
+    {"AuthGOST12", "auth-gost12", NID_auth_gost12},
+    {"AuthSRP", "auth-srp", NID_auth_srp},
+    {"AuthNULL", "auth-null", NID_auth_null},
+    { NULL, NULL, NID_undef },
+    { NULL, NULL, NID_undef },
+    {"BLAKE2b512", "blake2b512", NID_blake2b512, 11, &so[6725]},
+    {"BLAKE2s256", "blake2s256", NID_blake2s256, 11, &so[6736]},
+    {"id-smime-ct-contentCollection", "id-smime-ct-contentCollection", NID_id_smime_ct_contentCollection, 11, &so[6747]},
+    {"id-smime-ct-authEnvelopedData", "id-smime-ct-authEnvelopedData", NID_id_smime_ct_authEnvelopedData, 11, &so[6758]},
+    {"id-ct-xml", "id-ct-xml", NID_id_ct_xml, 11, &so[6769]},
+    {"Poly1305", "poly1305", NID_poly1305},
+    {"SipHash", "siphash", NID_siphash},
+    {"KxANY", "kx-any", NID_kx_any},
+    {"AuthANY", "auth-any", NID_auth_any},
+    {"ARIA-128-ECB", "aria-128-ecb", NID_aria_128_ecb, 9, &so[6780]},
+    {"ARIA-128-CBC", "aria-128-cbc", NID_aria_128_cbc, 9, &so[6789]},
+    {"ARIA-128-CFB", "aria-128-cfb", NID_aria_128_cfb128, 9, &so[6798]},
+    {"ARIA-128-OFB", "aria-128-ofb", NID_aria_128_ofb128, 9, &so[6807]},
+    {"ARIA-128-CTR", "aria-128-ctr", NID_aria_128_ctr, 9, &so[6816]},
+    {"ARIA-192-ECB", "aria-192-ecb", NID_aria_192_ecb, 9, &so[6825]},
+    {"ARIA-192-CBC", "aria-192-cbc", NID_aria_192_cbc, 9, &so[6834]},
+    {"ARIA-192-CFB", "aria-192-cfb", NID_aria_192_cfb128, 9, &so[6843]},
+    {"ARIA-192-OFB", "aria-192-ofb", NID_aria_192_ofb128, 9, &so[6852]},
+    {"ARIA-192-CTR", "aria-192-ctr", NID_aria_192_ctr, 9, &so[6861]},
+    {"ARIA-256-ECB", "aria-256-ecb", NID_aria_256_ecb, 9, &so[6870]},
+    {"ARIA-256-CBC", "aria-256-cbc", NID_aria_256_cbc, 9, &so[6879]},
+    {"ARIA-256-CFB", "aria-256-cfb", NID_aria_256_cfb128, 9, &so[6888]},
+    {"ARIA-256-OFB", "aria-256-ofb", NID_aria_256_ofb128, 9, &so[6897]},
+    {"ARIA-256-CTR", "aria-256-ctr", NID_aria_256_ctr, 9, &so[6906]},
+    {"ARIA-128-CFB1", "aria-128-cfb1", NID_aria_128_cfb1},
+    {"ARIA-192-CFB1", "aria-192-cfb1", NID_aria_192_cfb1},
+    {"ARIA-256-CFB1", "aria-256-cfb1", NID_aria_256_cfb1},
+    {"ARIA-128-CFB8", "aria-128-cfb8", NID_aria_128_cfb8},
+    {"ARIA-192-CFB8", "aria-192-cfb8", NID_aria_192_cfb8},
+    {"ARIA-256-CFB8", "aria-256-cfb8", NID_aria_256_cfb8},
+    {"id-smime-aa-signingCertificateV2", "id-smime-aa-signingCertificateV2", NID_id_smime_aa_signingCertificateV2, 11, &so[6915]},
+    {"ED25519", "ED25519", NID_ED25519, 3, &so[6926]},
+    {"ED448", "ED448", NID_ED448, 3, &so[6929]},
+    {"organizationIdentifier", "organizationIdentifier", NID_organizationIdentifier, 3, &so[6932]},
+    {"c3", "countryCode3c", NID_countryCode3c, 3, &so[6935]},
+    {"n3", "countryCode3n", NID_countryCode3n, 3, &so[6938]},
+    {"dnsName", "dnsName", NID_dnsName, 3, &so[6941]},
+    {"x509ExtAdmission", "Professional Information or basis for Admission", NID_x509ExtAdmission, 5, &so[6944]},
+    {"SHA512-224", "sha512-224", NID_sha512_224, 9, &so[6949]},
+    {"SHA512-256", "sha512-256", NID_sha512_256, 9, &so[6958]},
+    {"SHA3-224", "sha3-224", NID_sha3_224, 9, &so[6967]},
+    {"SHA3-256", "sha3-256", NID_sha3_256, 9, &so[6976]},
+    {"SHA3-384", "sha3-384", NID_sha3_384, 9, &so[6985]},
+    {"SHA3-512", "sha3-512", NID_sha3_512, 9, &so[6994]},
+    {"SHAKE128", "shake128", NID_shake128, 9, &so[7003]},
+    {"SHAKE256", "shake256", NID_shake256, 9, &so[7012]},
+    {"id-hmacWithSHA3-224", "hmac-sha3-224", NID_hmac_sha3_224, 9, &so[7021]},
+    {"id-hmacWithSHA3-256", "hmac-sha3-256", NID_hmac_sha3_256, 9, &so[7030]},
+    {"id-hmacWithSHA3-384", "hmac-sha3-384", NID_hmac_sha3_384, 9, &so[7039]},
+    {"id-hmacWithSHA3-512", "hmac-sha3-512", NID_hmac_sha3_512, 9, &so[7048]},
+    {"id-dsa-with-sha384", "dsa_with_SHA384", NID_dsa_with_SHA384, 9, &so[7057]},
+    {"id-dsa-with-sha512", "dsa_with_SHA512", NID_dsa_with_SHA512, 9, &so[7066]},
+    {"id-dsa-with-sha3-224", "dsa_with_SHA3-224", NID_dsa_with_SHA3_224, 9, &so[7075]},
+    {"id-dsa-with-sha3-256", "dsa_with_SHA3-256", NID_dsa_with_SHA3_256, 9, &so[7084]},
+    {"id-dsa-with-sha3-384", "dsa_with_SHA3-384", NID_dsa_with_SHA3_384, 9, &so[7093]},
+    {"id-dsa-with-sha3-512", "dsa_with_SHA3-512", NID_dsa_with_SHA3_512, 9, &so[7102]},
+    {"id-ecdsa-with-sha3-224", "ecdsa_with_SHA3-224", NID_ecdsa_with_SHA3_224, 9, &so[7111]},
+    {"id-ecdsa-with-sha3-256", "ecdsa_with_SHA3-256", NID_ecdsa_with_SHA3_256, 9, &so[7120]},
+    {"id-ecdsa-with-sha3-384", "ecdsa_with_SHA3-384", NID_ecdsa_with_SHA3_384, 9, &so[7129]},
+    {"id-ecdsa-with-sha3-512", "ecdsa_with_SHA3-512", NID_ecdsa_with_SHA3_512, 9, &so[7138]},
+    {"id-rsassa-pkcs1-v1_5-with-sha3-224", "RSA-SHA3-224", NID_RSA_SHA3_224, 9, &so[7147]},
+    {"id-rsassa-pkcs1-v1_5-with-sha3-256", "RSA-SHA3-256", NID_RSA_SHA3_256, 9, &so[7156]},
+    {"id-rsassa-pkcs1-v1_5-with-sha3-384", "RSA-SHA3-384", NID_RSA_SHA3_384, 9, &so[7165]},
+    {"id-rsassa-pkcs1-v1_5-with-sha3-512", "RSA-SHA3-512", NID_RSA_SHA3_512, 9, &so[7174]},
+    {"ARIA-128-CCM", "aria-128-ccm", NID_aria_128_ccm, 9, &so[7183]},
+    {"ARIA-192-CCM", "aria-192-ccm", NID_aria_192_ccm, 9, &so[7192]},
+    {"ARIA-256-CCM", "aria-256-ccm", NID_aria_256_ccm, 9, &so[7201]},
+    {"ARIA-128-GCM", "aria-128-gcm", NID_aria_128_gcm, 9, &so[7210]},
+    {"ARIA-192-GCM", "aria-192-gcm", NID_aria_192_gcm, 9, &so[7219]},
+    {"ARIA-256-GCM", "aria-256-gcm", NID_aria_256_gcm, 9, &so[7228]},
+    {"ffdhe2048", "ffdhe2048", NID_ffdhe2048},
+    {"ffdhe3072", "ffdhe3072", NID_ffdhe3072},
+    {"ffdhe4096", "ffdhe4096", NID_ffdhe4096},
+    {"ffdhe6144", "ffdhe6144", NID_ffdhe6144},
+    {"ffdhe8192", "ffdhe8192", NID_ffdhe8192},
+    {"cmcCA", "CMC Certificate Authority", NID_cmcCA, 8, &so[7237]},
+    {"cmcRA", "CMC Registration Authority", NID_cmcRA, 8, &so[7245]},
+    {"SM4-ECB", "sm4-ecb", NID_sm4_ecb, 8, &so[7253]},
+    {"SM4-CBC", "sm4-cbc", NID_sm4_cbc, 8, &so[7261]},
+    {"SM4-OFB", "sm4-ofb", NID_sm4_ofb128, 8, &so[7269]},
+    {"SM4-CFB1", "sm4-cfb1", NID_sm4_cfb1, 8, &so[7277]},
+    {"SM4-CFB", "sm4-cfb", NID_sm4_cfb128, 8, &so[7285]},
+    {"SM4-CFB8", "sm4-cfb8", NID_sm4_cfb8, 8, &so[7293]},
+    {"SM4-CTR", "sm4-ctr", NID_sm4_ctr, 8, &so[7301]},
+    {"ISO-CN", "ISO CN Member Body", NID_ISO_CN, 3, &so[7309]},
+    {"oscca", "oscca", NID_oscca, 5, &so[7312]},
+    {"sm-scheme", "sm-scheme", NID_sm_scheme, 6, &so[7317]},
+    {"SM3", "sm3", NID_sm3, 8, &so[7323]},
+    {"RSA-SM3", "sm3WithRSAEncryption", NID_sm3WithRSAEncryption, 8, &so[7331]},
+    {"RSA-SHA512/224", "sha512-224WithRSAEncryption", NID_sha512_224WithRSAEncryption, 9, &so[7339]},
+    {"RSA-SHA512/256", "sha512-256WithRSAEncryption", NID_sha512_256WithRSAEncryption, 9, &so[7348]},
+    {"id-tc26-gost-3410-2012-256-constants", "id-tc26-gost-3410-2012-256-constants", NID_id_tc26_gost_3410_2012_256_constants, 8, &so[7357]},
+    {"id-tc26-gost-3410-2012-256-paramSetA", "GOST R 34.10-2012 (256 bit) ParamSet A", NID_id_tc26_gost_3410_2012_256_paramSetA, 9, &so[7365]},
+    {"id-tc26-gost-3410-2012-512-paramSetC", "GOST R 34.10-2012 (512 bit) ParamSet C", NID_id_tc26_gost_3410_2012_512_paramSetC, 9, &so[7374]},
+    {"ISO-UA", "ISO-UA", NID_ISO_UA, 3, &so[7383]},
+    {"ua-pki", "ua-pki", NID_ua_pki, 7, &so[7386]},
+    {"dstu28147", "DSTU Gost 28147-2009", NID_dstu28147, 10, &so[7393]},
+    {"dstu28147-ofb", "DSTU Gost 28147-2009 OFB mode", NID_dstu28147_ofb, 11, &so[7403]},
+    {"dstu28147-cfb", "DSTU Gost 28147-2009 CFB mode", NID_dstu28147_cfb, 11, &so[7414]},
+    {"dstu28147-wrap", "DSTU Gost 28147-2009 key wrap", NID_dstu28147_wrap, 11, &so[7425]},
+    {"hmacWithDstu34311", "HMAC DSTU Gost 34311-95", NID_hmacWithDstu34311, 10, &so[7436]},
+    {"dstu34311", "DSTU Gost 34311-95", NID_dstu34311, 10, &so[7446]},
+    {"dstu4145le", "DSTU 4145-2002 little endian", NID_dstu4145le, 11, &so[7456]},
+    {"dstu4145be", "DSTU 4145-2002 big endian", NID_dstu4145be, 13, &so[7467]},
+    {"uacurve0", "DSTU curve 0", NID_uacurve0, 13, &so[7480]},
+    {"uacurve1", "DSTU curve 1", NID_uacurve1, 13, &so[7493]},
+    {"uacurve2", "DSTU curve 2", NID_uacurve2, 13, &so[7506]},
+    {"uacurve3", "DSTU curve 3", NID_uacurve3, 13, &so[7519]},
+    {"uacurve4", "DSTU curve 4", NID_uacurve4, 13, &so[7532]},
+    {"uacurve5", "DSTU curve 5", NID_uacurve5, 13, &so[7545]},
+    {"uacurve6", "DSTU curve 6", NID_uacurve6, 13, &so[7558]},
+    {"uacurve7", "DSTU curve 7", NID_uacurve7, 13, &so[7571]},
+    {"uacurve8", "DSTU curve 8", NID_uacurve8, 13, &so[7584]},
+    {"uacurve9", "DSTU curve 9", NID_uacurve9, 13, &so[7597]},
+    {"ieee", "ieee", NID_ieee, 2, &so[7610]},
+    {"ieee-siswg", "IEEE Security in Storage Working Group", NID_ieee_siswg, 5, &so[7612]},
+    {"SM2", "sm2", NID_sm2, 8, &so[7617]},
+    {"id-tc26-cipher-gostr3412-2015-magma", "id-tc26-cipher-gostr3412-2015-magma", NID_id_tc26_cipher_gostr3412_2015_magma, 8, &so[7625]},
+    {"id-tc26-cipher-gostr3412-2015-magma-ctracpkm", "id-tc26-cipher-gostr3412-2015-magma-ctracpkm", NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm, 9, &so[7633]},
+    {"id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac", "id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac", NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac, 9, &so[7642]},
+    {"id-tc26-cipher-gostr3412-2015-kuznyechik", "id-tc26-cipher-gostr3412-2015-kuznyechik", NID_id_tc26_cipher_gostr3412_2015_kuznyechik, 8, &so[7651]},
+    {"id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm", "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm", NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm, 9, &so[7659]},
+    {"id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac", "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac", NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac, 9, &so[7668]},
+    {"id-tc26-wrap", "id-tc26-wrap", NID_id_tc26_wrap, 7, &so[7677]},
+    {"id-tc26-wrap-gostr3412-2015-magma", "id-tc26-wrap-gostr3412-2015-magma", NID_id_tc26_wrap_gostr3412_2015_magma, 8, &so[7684]},
+    {"id-tc26-wrap-gostr3412-2015-magma-kexp15", "id-tc26-wrap-gostr3412-2015-magma-kexp15", NID_id_tc26_wrap_gostr3412_2015_magma_kexp15, 9, &so[7692]},
+    {"id-tc26-wrap-gostr3412-2015-kuznyechik", "id-tc26-wrap-gostr3412-2015-kuznyechik", NID_id_tc26_wrap_gostr3412_2015_kuznyechik, 8, &so[7701]},
+    {"id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15", "id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15", NID_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15, 9, &so[7709]},
+    {"id-tc26-gost-3410-2012-256-paramSetB", "GOST R 34.10-2012 (256 bit) ParamSet B", NID_id_tc26_gost_3410_2012_256_paramSetB, 9, &so[7718]},
+    {"id-tc26-gost-3410-2012-256-paramSetC", "GOST R 34.10-2012 (256 bit) ParamSet C", NID_id_tc26_gost_3410_2012_256_paramSetC, 9, &so[7727]},
+    {"id-tc26-gost-3410-2012-256-paramSetD", "GOST R 34.10-2012 (256 bit) ParamSet D", NID_id_tc26_gost_3410_2012_256_paramSetD, 9, &so[7736]},
+    {"magma-ecb", "magma-ecb", NID_magma_ecb},
+    {"magma-ctr", "magma-ctr", NID_magma_ctr},
+    {"magma-ofb", "magma-ofb", NID_magma_ofb},
+    {"magma-cbc", "magma-cbc", NID_magma_cbc},
+    {"magma-cfb", "magma-cfb", NID_magma_cfb},
+    {"magma-mac", "magma-mac", NID_magma_mac},
+    {"hmacWithSHA512-224", "hmacWithSHA512-224", NID_hmacWithSHA512_224, 8, &so[7745]},
+    {"hmacWithSHA512-256", "hmacWithSHA512-256", NID_hmacWithSHA512_256, 8, &so[7753]},
+};
+
+#define NUM_SN 1186
+static const unsigned int sn_objs[NUM_SN] = {
+     364,    /* "AD_DVCS" */
+     419,    /* "AES-128-CBC" */
+     916,    /* "AES-128-CBC-HMAC-SHA1" */
+     948,    /* "AES-128-CBC-HMAC-SHA256" */
+     421,    /* "AES-128-CFB" */
+     650,    /* "AES-128-CFB1" */
+     653,    /* "AES-128-CFB8" */
+     904,    /* "AES-128-CTR" */
+     418,    /* "AES-128-ECB" */
+     958,    /* "AES-128-OCB" */
+     420,    /* "AES-128-OFB" */
+     913,    /* "AES-128-XTS" */
+     423,    /* "AES-192-CBC" */
+     917,    /* "AES-192-CBC-HMAC-SHA1" */
+     949,    /* "AES-192-CBC-HMAC-SHA256" */
+     425,    /* "AES-192-CFB" */
+     651,    /* "AES-192-CFB1" */
+     654,    /* "AES-192-CFB8" */
+     905,    /* "AES-192-CTR" */
+     422,    /* "AES-192-ECB" */
+     959,    /* "AES-192-OCB" */
+     424,    /* "AES-192-OFB" */
+     427,    /* "AES-256-CBC" */
+     918,    /* "AES-256-CBC-HMAC-SHA1" */
+     950,    /* "AES-256-CBC-HMAC-SHA256" */
+     429,    /* "AES-256-CFB" */
+     652,    /* "AES-256-CFB1" */
+     655,    /* "AES-256-CFB8" */
+     906,    /* "AES-256-CTR" */
+     426,    /* "AES-256-ECB" */
+     960,    /* "AES-256-OCB" */
+     428,    /* "AES-256-OFB" */
+     914,    /* "AES-256-XTS" */
+    1066,    /* "ARIA-128-CBC" */
+    1120,    /* "ARIA-128-CCM" */
+    1067,    /* "ARIA-128-CFB" */
+    1080,    /* "ARIA-128-CFB1" */
+    1083,    /* "ARIA-128-CFB8" */
+    1069,    /* "ARIA-128-CTR" */
+    1065,    /* "ARIA-128-ECB" */
+    1123,    /* "ARIA-128-GCM" */
+    1068,    /* "ARIA-128-OFB" */
+    1071,    /* "ARIA-192-CBC" */
+    1121,    /* "ARIA-192-CCM" */
+    1072,    /* "ARIA-192-CFB" */
+    1081,    /* "ARIA-192-CFB1" */
+    1084,    /* "ARIA-192-CFB8" */
+    1074,    /* "ARIA-192-CTR" */
+    1070,    /* "ARIA-192-ECB" */
+    1124,    /* "ARIA-192-GCM" */
+    1073,    /* "ARIA-192-OFB" */
+    1076,    /* "ARIA-256-CBC" */
+    1122,    /* "ARIA-256-CCM" */
+    1077,    /* "ARIA-256-CFB" */
+    1082,    /* "ARIA-256-CFB1" */
+    1085,    /* "ARIA-256-CFB8" */
+    1079,    /* "ARIA-256-CTR" */
+    1075,    /* "ARIA-256-ECB" */
+    1125,    /* "ARIA-256-GCM" */
+    1078,    /* "ARIA-256-OFB" */
+    1064,    /* "AuthANY" */
+    1049,    /* "AuthDSS" */
+    1047,    /* "AuthECDSA" */
+    1050,    /* "AuthGOST01" */
+    1051,    /* "AuthGOST12" */
+    1053,    /* "AuthNULL" */
+    1048,    /* "AuthPSK" */
+    1046,    /* "AuthRSA" */
+    1052,    /* "AuthSRP" */
+      91,    /* "BF-CBC" */
+      93,    /* "BF-CFB" */
+      92,    /* "BF-ECB" */
+      94,    /* "BF-OFB" */
+    1056,    /* "BLAKE2b512" */
+    1057,    /* "BLAKE2s256" */
+      14,    /* "C" */
+     751,    /* "CAMELLIA-128-CBC" */
+     962,    /* "CAMELLIA-128-CCM" */
+     757,    /* "CAMELLIA-128-CFB" */
+     760,    /* "CAMELLIA-128-CFB1" */
+     763,    /* "CAMELLIA-128-CFB8" */
+     964,    /* "CAMELLIA-128-CMAC" */
+     963,    /* "CAMELLIA-128-CTR" */
+     754,    /* "CAMELLIA-128-ECB" */
+     961,    /* "CAMELLIA-128-GCM" */
+     766,    /* "CAMELLIA-128-OFB" */
+     752,    /* "CAMELLIA-192-CBC" */
+     966,    /* "CAMELLIA-192-CCM" */
+     758,    /* "CAMELLIA-192-CFB" */
+     761,    /* "CAMELLIA-192-CFB1" */
+     764,    /* "CAMELLIA-192-CFB8" */
+     968,    /* "CAMELLIA-192-CMAC" */
+     967,    /* "CAMELLIA-192-CTR" */
+     755,    /* "CAMELLIA-192-ECB" */
+     965,    /* "CAMELLIA-192-GCM" */
+     767,    /* "CAMELLIA-192-OFB" */
+     753,    /* "CAMELLIA-256-CBC" */
+     970,    /* "CAMELLIA-256-CCM" */
+     759,    /* "CAMELLIA-256-CFB" */
+     762,    /* "CAMELLIA-256-CFB1" */
+     765,    /* "CAMELLIA-256-CFB8" */
+     972,    /* "CAMELLIA-256-CMAC" */
+     971,    /* "CAMELLIA-256-CTR" */
+     756,    /* "CAMELLIA-256-ECB" */
+     969,    /* "CAMELLIA-256-GCM" */
+     768,    /* "CAMELLIA-256-OFB" */
+     108,    /* "CAST5-CBC" */
+     110,    /* "CAST5-CFB" */
+     109,    /* "CAST5-ECB" */
+     111,    /* "CAST5-OFB" */
+     894,    /* "CMAC" */
+      13,    /* "CN" */
+     141,    /* "CRLReason" */
+     417,    /* "CSPName" */
+    1019,    /* "ChaCha20" */
+    1018,    /* "ChaCha20-Poly1305" */
+     367,    /* "CrlID" */
+     391,    /* "DC" */
+      31,    /* "DES-CBC" */
+     643,    /* "DES-CDMF" */
+      30,    /* "DES-CFB" */
+     656,    /* "DES-CFB1" */
+     657,    /* "DES-CFB8" */
+      29,    /* "DES-ECB" */
+      32,    /* "DES-EDE" */
+      43,    /* "DES-EDE-CBC" */
+      60,    /* "DES-EDE-CFB" */
+      62,    /* "DES-EDE-OFB" */
+      33,    /* "DES-EDE3" */
+      44,    /* "DES-EDE3-CBC" */
+      61,    /* "DES-EDE3-CFB" */
+     658,    /* "DES-EDE3-CFB1" */
+     659,    /* "DES-EDE3-CFB8" */
+      63,    /* "DES-EDE3-OFB" */
+      45,    /* "DES-OFB" */
+      80,    /* "DESX-CBC" */
+     380,    /* "DOD" */
+     116,    /* "DSA" */
+      66,    /* "DSA-SHA" */
+     113,    /* "DSA-SHA1" */
+      70,    /* "DSA-SHA1-old" */
+      67,    /* "DSA-old" */
+     297,    /* "DVCS" */
+    1087,    /* "ED25519" */
+    1088,    /* "ED448" */
+      99,    /* "GN" */
+    1036,    /* "HKDF" */
+     855,    /* "HMAC" */
+     780,    /* "HMAC-MD5" */
+     781,    /* "HMAC-SHA1" */
+     381,    /* "IANA" */
+      34,    /* "IDEA-CBC" */
+      35,    /* "IDEA-CFB" */
+      36,    /* "IDEA-ECB" */
+      46,    /* "IDEA-OFB" */
+    1004,    /* "INN" */
+     181,    /* "ISO" */
+    1140,    /* "ISO-CN" */
+    1150,    /* "ISO-UA" */
+     183,    /* "ISO-US" */
+     645,    /* "ITU-T" */
+     646,    /* "JOINT-ISO-ITU-T" */
+     773,    /* "KISA" */
+    1063,    /* "KxANY" */
+    1039,    /* "KxDHE" */
+    1041,    /* "KxDHE-PSK" */
+    1038,    /* "KxECDHE" */
+    1040,    /* "KxECDHE-PSK" */
+    1045,    /* "KxGOST" */
+    1043,    /* "KxPSK" */
+    1037,    /* "KxRSA" */
+    1042,    /* "KxRSA_PSK" */
+    1044,    /* "KxSRP" */
+      15,    /* "L" */
+     856,    /* "LocalKeySet" */
+       3,    /* "MD2" */
+     257,    /* "MD4" */
+       4,    /* "MD5" */
+     114,    /* "MD5-SHA1" */
+      95,    /* "MDC2" */
+     911,    /* "MGF1" */
+     388,    /* "Mail" */
+     393,    /* "NULL" */
+     404,    /* "NULL" */
+      57,    /* "Netscape" */
+     366,    /* "Nonce" */
+      17,    /* "O" */
+     178,    /* "OCSP" */
+     180,    /* "OCSPSigning" */
+    1005,    /* "OGRN" */
+     379,    /* "ORG" */
+      18,    /* "OU" */
+     749,    /* "Oakley-EC2N-3" */
+     750,    /* "Oakley-EC2N-4" */
+       9,    /* "PBE-MD2-DES" */
+     168,    /* "PBE-MD2-RC2-64" */
+      10,    /* "PBE-MD5-DES" */
+     169,    /* "PBE-MD5-RC2-64" */
+     147,    /* "PBE-SHA1-2DES" */
+     146,    /* "PBE-SHA1-3DES" */
+     170,    /* "PBE-SHA1-DES" */
+     148,    /* "PBE-SHA1-RC2-128" */
+     149,    /* "PBE-SHA1-RC2-40" */
+      68,    /* "PBE-SHA1-RC2-64" */
+     144,    /* "PBE-SHA1-RC4-128" */
+     145,    /* "PBE-SHA1-RC4-40" */
+     161,    /* "PBES2" */
+      69,    /* "PBKDF2" */
+     162,    /* "PBMAC1" */
+     127,    /* "PKIX" */
+     935,    /* "PSPECIFIED" */
+    1061,    /* "Poly1305" */
+      98,    /* "RC2-40-CBC" */
+     166,    /* "RC2-64-CBC" */
+      37,    /* "RC2-CBC" */
+      39,    /* "RC2-CFB" */
+      38,    /* "RC2-ECB" */
+      40,    /* "RC2-OFB" */
+       5,    /* "RC4" */
+      97,    /* "RC4-40" */
+     915,    /* "RC4-HMAC-MD5" */
+     120,    /* "RC5-CBC" */
+     122,    /* "RC5-CFB" */
+     121,    /* "RC5-ECB" */
+     123,    /* "RC5-OFB" */
+     117,    /* "RIPEMD160" */
+      19,    /* "RSA" */
+       7,    /* "RSA-MD2" */
+     396,    /* "RSA-MD4" */
+       8,    /* "RSA-MD5" */
+      96,    /* "RSA-MDC2" */
+     104,    /* "RSA-NP-MD5" */
+     119,    /* "RSA-RIPEMD160" */
+      42,    /* "RSA-SHA" */
+      65,    /* "RSA-SHA1" */
+     115,    /* "RSA-SHA1-2" */
+     671,    /* "RSA-SHA224" */
+     668,    /* "RSA-SHA256" */
+     669,    /* "RSA-SHA384" */
+     670,    /* "RSA-SHA512" */
+    1145,    /* "RSA-SHA512/224" */
+    1146,    /* "RSA-SHA512/256" */
+    1144,    /* "RSA-SM3" */
+     919,    /* "RSAES-OAEP" */
+     912,    /* "RSASSA-PSS" */
+     777,    /* "SEED-CBC" */
+     779,    /* "SEED-CFB" */
+     776,    /* "SEED-ECB" */
+     778,    /* "SEED-OFB" */
+      41,    /* "SHA" */
+      64,    /* "SHA1" */
+     675,    /* "SHA224" */
+     672,    /* "SHA256" */
+    1096,    /* "SHA3-224" */
+    1097,    /* "SHA3-256" */
+    1098,    /* "SHA3-384" */
+    1099,    /* "SHA3-512" */
+     673,    /* "SHA384" */
+     674,    /* "SHA512" */
+    1094,    /* "SHA512-224" */
+    1095,    /* "SHA512-256" */
+    1100,    /* "SHAKE128" */
+    1101,    /* "SHAKE256" */
+    1172,    /* "SM2" */
+    1143,    /* "SM3" */
+    1134,    /* "SM4-CBC" */
+    1137,    /* "SM4-CFB" */
+    1136,    /* "SM4-CFB1" */
+    1138,    /* "SM4-CFB8" */
+    1139,    /* "SM4-CTR" */
+    1133,    /* "SM4-ECB" */
+    1135,    /* "SM4-OFB" */
+     188,    /* "SMIME" */
+     167,    /* "SMIME-CAPS" */
+     100,    /* "SN" */
+    1006,    /* "SNILS" */
+      16,    /* "ST" */
+     143,    /* "SXNetID" */
+    1062,    /* "SipHash" */
+    1021,    /* "TLS1-PRF" */
+     458,    /* "UID" */
+       0,    /* "UNDEF" */
+    1034,    /* "X25519" */
+    1035,    /* "X448" */
+      11,    /* "X500" */
+     378,    /* "X500algorithms" */
+      12,    /* "X509" */
+     184,    /* "X9-57" */
+     185,    /* "X9cm" */
+     125,    /* "ZLIB" */
+     478,    /* "aRecord" */
+     289,    /* "aaControls" */
+     287,    /* "ac-auditEntity" */
+     397,    /* "ac-proxying" */
+     288,    /* "ac-targeting" */
+     368,    /* "acceptableResponses" */
+     446,    /* "account" */
+     363,    /* "ad_timestamping" */
+     376,    /* "algorithm" */
+     405,    /* "ansi-X9-62" */
+     910,    /* "anyExtendedKeyUsage" */
+     746,    /* "anyPolicy" */
+     370,    /* "archiveCutoff" */
+     484,    /* "associatedDomain" */
+     485,    /* "associatedName" */
+     501,    /* "audio" */
+     177,    /* "authorityInfoAccess" */
+      90,    /* "authorityKeyIdentifier" */
+     882,    /* "authorityRevocationList" */
+      87,    /* "basicConstraints" */
+     365,    /* "basicOCSPResponse" */
+     285,    /* "biometricInfo" */
+     921,    /* "brainpoolP160r1" */
+     922,    /* "brainpoolP160t1" */
+     923,    /* "brainpoolP192r1" */
+     924,    /* "brainpoolP192t1" */
+     925,    /* "brainpoolP224r1" */
+     926,    /* "brainpoolP224t1" */
+     927,    /* "brainpoolP256r1" */
+     928,    /* "brainpoolP256t1" */
+     929,    /* "brainpoolP320r1" */
+     930,    /* "brainpoolP320t1" */
+     931,    /* "brainpoolP384r1" */
+     932,    /* "brainpoolP384t1" */
+     933,    /* "brainpoolP512r1" */
+     934,    /* "brainpoolP512t1" */
+     494,    /* "buildingName" */
+     860,    /* "businessCategory" */
+     691,    /* "c2onb191v4" */
+     692,    /* "c2onb191v5" */
+     697,    /* "c2onb239v4" */
+     698,    /* "c2onb239v5" */
+     684,    /* "c2pnb163v1" */
+     685,    /* "c2pnb163v2" */
+     686,    /* "c2pnb163v3" */
+     687,    /* "c2pnb176v1" */
+     693,    /* "c2pnb208w1" */
+     699,    /* "c2pnb272w1" */
+     700,    /* "c2pnb304w1" */
+     702,    /* "c2pnb368w1" */
+     688,    /* "c2tnb191v1" */
+     689,    /* "c2tnb191v2" */
+     690,    /* "c2tnb191v3" */
+     694,    /* "c2tnb239v1" */
+     695,    /* "c2tnb239v2" */
+     696,    /* "c2tnb239v3" */
+     701,    /* "c2tnb359v1" */
+     703,    /* "c2tnb431r1" */
+    1090,    /* "c3" */
+     881,    /* "cACertificate" */
+     483,    /* "cNAMERecord" */
+     179,    /* "caIssuers" */
+     785,    /* "caRepository" */
+    1023,    /* "capwapAC" */
+    1024,    /* "capwapWTP" */
+     443,    /* "caseIgnoreIA5StringSyntax" */
+     152,    /* "certBag" */
+     677,    /* "certicom-arc" */
+     771,    /* "certificateIssuer" */
+      89,    /* "certificatePolicies" */
+     883,    /* "certificateRevocationList" */
+      54,    /* "challengePassword" */
+     407,    /* "characteristic-two-field" */
+     395,    /* "clearance" */
+     130,    /* "clientAuth" */
+    1131,    /* "cmcCA" */
+    1132,    /* "cmcRA" */
+     131,    /* "codeSigning" */
+      50,    /* "contentType" */
+      53,    /* "countersignature" */
+     153,    /* "crlBag" */
+     103,    /* "crlDistributionPoints" */
+      88,    /* "crlNumber" */
+     884,    /* "crossCertificatePair" */
+     806,    /* "cryptocom" */
+     805,    /* "cryptopro" */
+     954,    /* "ct_cert_scts" */
+     952,    /* "ct_precert_poison" */
+     951,    /* "ct_precert_scts" */
+     953,    /* "ct_precert_signer" */
+     500,    /* "dITRedirect" */
+     451,    /* "dNSDomain" */
+     495,    /* "dSAQuality" */
+     434,    /* "data" */
+     390,    /* "dcobject" */
+     140,    /* "deltaCRL" */
+     891,    /* "deltaRevocationList" */
+     107,    /* "description" */
+     871,    /* "destinationIndicator" */
+     947,    /* "dh-cofactor-kdf" */
+     946,    /* "dh-std-kdf" */
+      28,    /* "dhKeyAgreement" */
+     941,    /* "dhSinglePass-cofactorDH-sha1kdf-scheme" */
+     942,    /* "dhSinglePass-cofactorDH-sha224kdf-scheme" */
+     943,    /* "dhSinglePass-cofactorDH-sha256kdf-scheme" */
+     944,    /* "dhSinglePass-cofactorDH-sha384kdf-scheme" */
+     945,    /* "dhSinglePass-cofactorDH-sha512kdf-scheme" */
+     936,    /* "dhSinglePass-stdDH-sha1kdf-scheme" */
+     937,    /* "dhSinglePass-stdDH-sha224kdf-scheme" */
+     938,    /* "dhSinglePass-stdDH-sha256kdf-scheme" */
+     939,    /* "dhSinglePass-stdDH-sha384kdf-scheme" */
+     940,    /* "dhSinglePass-stdDH-sha512kdf-scheme" */
+     920,    /* "dhpublicnumber" */
+     382,    /* "directory" */
+     887,    /* "distinguishedName" */
+     892,    /* "dmdName" */
+     174,    /* "dnQualifier" */
+    1092,    /* "dnsName" */
+     447,    /* "document" */
+     471,    /* "documentAuthor" */
+     468,    /* "documentIdentifier" */
+     472,    /* "documentLocation" */
+     502,    /* "documentPublisher" */
+     449,    /* "documentSeries" */
+     469,    /* "documentTitle" */
+     470,    /* "documentVersion" */
+     392,    /* "domain" */
+     452,    /* "domainRelatedObject" */
+     802,    /* "dsa_with_SHA224" */
+     803,    /* "dsa_with_SHA256" */
+    1152,    /* "dstu28147" */
+    1154,    /* "dstu28147-cfb" */
+    1153,    /* "dstu28147-ofb" */
+    1155,    /* "dstu28147-wrap" */
+    1157,    /* "dstu34311" */
+    1159,    /* "dstu4145be" */
+    1158,    /* "dstu4145le" */
+     791,    /* "ecdsa-with-Recommended" */
+     416,    /* "ecdsa-with-SHA1" */
+     793,    /* "ecdsa-with-SHA224" */
+     794,    /* "ecdsa-with-SHA256" */
+     795,    /* "ecdsa-with-SHA384" */
+     796,    /* "ecdsa-with-SHA512" */
+     792,    /* "ecdsa-with-Specified" */
+      48,    /* "emailAddress" */
+     132,    /* "emailProtection" */
+     885,    /* "enhancedSearchGuide" */
+     389,    /* "enterprises" */
+     384,    /* "experimental" */
+     172,    /* "extReq" */
+      56,    /* "extendedCertificateAttributes" */
+     126,    /* "extendedKeyUsage" */
+     372,    /* "extendedStatus" */
+     867,    /* "facsimileTelephoneNumber" */
+     462,    /* "favouriteDrink" */
+    1126,    /* "ffdhe2048" */
+    1127,    /* "ffdhe3072" */
+    1128,    /* "ffdhe4096" */
+    1129,    /* "ffdhe6144" */
+    1130,    /* "ffdhe8192" */
+     857,    /* "freshestCRL" */
+     453,    /* "friendlyCountry" */
+     490,    /* "friendlyCountryName" */
+     156,    /* "friendlyName" */
+     509,    /* "generationQualifier" */
+     815,    /* "gost-mac" */
+     976,    /* "gost-mac-12" */
+     811,    /* "gost2001" */
+     851,    /* "gost2001cc" */
+     979,    /* "gost2012_256" */
+     980,    /* "gost2012_512" */
+     813,    /* "gost89" */
+    1009,    /* "gost89-cbc" */
+     814,    /* "gost89-cnt" */
+     975,    /* "gost89-cnt-12" */
+    1011,    /* "gost89-ctr" */
+    1010,    /* "gost89-ecb" */
+     812,    /* "gost94" */
+     850,    /* "gost94cc" */
+    1015,    /* "grasshopper-cbc" */
+    1016,    /* "grasshopper-cfb" */
+    1013,    /* "grasshopper-ctr" */
+    1012,    /* "grasshopper-ecb" */
+    1017,    /* "grasshopper-mac" */
+    1014,    /* "grasshopper-ofb" */
+    1156,    /* "hmacWithDstu34311" */
+     797,    /* "hmacWithMD5" */
+     163,    /* "hmacWithSHA1" */
+     798,    /* "hmacWithSHA224" */
+     799,    /* "hmacWithSHA256" */
+     800,    /* "hmacWithSHA384" */
+     801,    /* "hmacWithSHA512" */
+    1193,    /* "hmacWithSHA512-224" */
+    1194,    /* "hmacWithSHA512-256" */
+     432,    /* "holdInstructionCallIssuer" */
+     430,    /* "holdInstructionCode" */
+     431,    /* "holdInstructionNone" */
+     433,    /* "holdInstructionReject" */
+     486,    /* "homePostalAddress" */
+     473,    /* "homeTelephoneNumber" */
+     466,    /* "host" */
+     889,    /* "houseIdentifier" */
+     442,    /* "iA5StringSyntax" */
+     783,    /* "id-DHBasedMac" */
+     824,    /* "id-Gost28147-89-CryptoPro-A-ParamSet" */
+     825,    /* "id-Gost28147-89-CryptoPro-B-ParamSet" */
+     826,    /* "id-Gost28147-89-CryptoPro-C-ParamSet" */
+     827,    /* "id-Gost28147-89-CryptoPro-D-ParamSet" */
+     819,    /* "id-Gost28147-89-CryptoPro-KeyMeshing" */
+     829,    /* "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" */
+     828,    /* "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" */
+     830,    /* "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" */
+     820,    /* "id-Gost28147-89-None-KeyMeshing" */
+     823,    /* "id-Gost28147-89-TestParamSet" */
+     849,    /* "id-Gost28147-89-cc" */
+     840,    /* "id-GostR3410-2001-CryptoPro-A-ParamSet" */
+     841,    /* "id-GostR3410-2001-CryptoPro-B-ParamSet" */
+     842,    /* "id-GostR3410-2001-CryptoPro-C-ParamSet" */
+     843,    /* "id-GostR3410-2001-CryptoPro-XchA-ParamSet" */
+     844,    /* "id-GostR3410-2001-CryptoPro-XchB-ParamSet" */
+     854,    /* "id-GostR3410-2001-ParamSet-cc" */
+     839,    /* "id-GostR3410-2001-TestParamSet" */
+     817,    /* "id-GostR3410-2001DH" */
+     832,    /* "id-GostR3410-94-CryptoPro-A-ParamSet" */
+     833,    /* "id-GostR3410-94-CryptoPro-B-ParamSet" */
+     834,    /* "id-GostR3410-94-CryptoPro-C-ParamSet" */
+     835,    /* "id-GostR3410-94-CryptoPro-D-ParamSet" */
+     836,    /* "id-GostR3410-94-CryptoPro-XchA-ParamSet" */
+     837,    /* "id-GostR3410-94-CryptoPro-XchB-ParamSet" */
+     838,    /* "id-GostR3410-94-CryptoPro-XchC-ParamSet" */
+     831,    /* "id-GostR3410-94-TestParamSet" */
+     845,    /* "id-GostR3410-94-a" */
+     846,    /* "id-GostR3410-94-aBis" */
+     847,    /* "id-GostR3410-94-b" */
+     848,    /* "id-GostR3410-94-bBis" */
+     818,    /* "id-GostR3410-94DH" */
+     822,    /* "id-GostR3411-94-CryptoProParamSet" */
+     821,    /* "id-GostR3411-94-TestParamSet" */
+     807,    /* "id-GostR3411-94-with-GostR3410-2001" */
+     853,    /* "id-GostR3411-94-with-GostR3410-2001-cc" */
+     808,    /* "id-GostR3411-94-with-GostR3410-94" */
+     852,    /* "id-GostR3411-94-with-GostR3410-94-cc" */
+     810,    /* "id-HMACGostR3411-94" */
+     782,    /* "id-PasswordBasedMAC" */
+     266,    /* "id-aca" */
+     355,    /* "id-aca-accessIdentity" */
+     354,    /* "id-aca-authenticationInfo" */
+     356,    /* "id-aca-chargingIdentity" */
+     399,    /* "id-aca-encAttrs" */
+     357,    /* "id-aca-group" */
+     358,    /* "id-aca-role" */
+     176,    /* "id-ad" */
+     896,    /* "id-aes128-CCM" */
+     895,    /* "id-aes128-GCM" */
+     788,    /* "id-aes128-wrap" */
+     897,    /* "id-aes128-wrap-pad" */
+     899,    /* "id-aes192-CCM" */
+     898,    /* "id-aes192-GCM" */
+     789,    /* "id-aes192-wrap" */
+     900,    /* "id-aes192-wrap-pad" */
+     902,    /* "id-aes256-CCM" */
+     901,    /* "id-aes256-GCM" */
+     790,    /* "id-aes256-wrap" */
+     903,    /* "id-aes256-wrap-pad" */
+     262,    /* "id-alg" */
+     893,    /* "id-alg-PWRI-KEK" */
+     323,    /* "id-alg-des40" */
+     326,    /* "id-alg-dh-pop" */
+     325,    /* "id-alg-dh-sig-hmac-sha1" */
+     324,    /* "id-alg-noSignature" */
+     907,    /* "id-camellia128-wrap" */
+     908,    /* "id-camellia192-wrap" */
+     909,    /* "id-camellia256-wrap" */
+     268,    /* "id-cct" */
+     361,    /* "id-cct-PKIData" */
+     362,    /* "id-cct-PKIResponse" */
+     360,    /* "id-cct-crs" */
+      81,    /* "id-ce" */
+     680,    /* "id-characteristic-two-basis" */
+     263,    /* "id-cmc" */
+     334,    /* "id-cmc-addExtensions" */
+     346,    /* "id-cmc-confirmCertAcceptance" */
+     330,    /* "id-cmc-dataReturn" */
+     336,    /* "id-cmc-decryptedPOP" */
+     335,    /* "id-cmc-encryptedPOP" */
+     339,    /* "id-cmc-getCRL" */
+     338,    /* "id-cmc-getCert" */
+     328,    /* "id-cmc-identification" */
+     329,    /* "id-cmc-identityProof" */
+     337,    /* "id-cmc-lraPOPWitness" */
+     344,    /* "id-cmc-popLinkRandom" */
+     345,    /* "id-cmc-popLinkWitness" */
+     343,    /* "id-cmc-queryPending" */
+     333,    /* "id-cmc-recipientNonce" */
+     341,    /* "id-cmc-regInfo" */
+     342,    /* "id-cmc-responseInfo" */
+     340,    /* "id-cmc-revokeRequest" */
+     332,    /* "id-cmc-senderNonce" */
+     327,    /* "id-cmc-statusInfo" */
+     331,    /* "id-cmc-transactionId" */
+     787,    /* "id-ct-asciiTextWithCRLF" */
+    1060,    /* "id-ct-xml" */
+    1108,    /* "id-dsa-with-sha3-224" */
+    1109,    /* "id-dsa-with-sha3-256" */
+    1110,    /* "id-dsa-with-sha3-384" */
+    1111,    /* "id-dsa-with-sha3-512" */
+    1106,    /* "id-dsa-with-sha384" */
+    1107,    /* "id-dsa-with-sha512" */
+     408,    /* "id-ecPublicKey" */
+    1112,    /* "id-ecdsa-with-sha3-224" */
+    1113,    /* "id-ecdsa-with-sha3-256" */
+    1114,    /* "id-ecdsa-with-sha3-384" */
+    1115,    /* "id-ecdsa-with-sha3-512" */
+     508,    /* "id-hex-multipart-message" */
+     507,    /* "id-hex-partial-message" */
+    1102,    /* "id-hmacWithSHA3-224" */
+    1103,    /* "id-hmacWithSHA3-256" */
+    1104,    /* "id-hmacWithSHA3-384" */
+    1105,    /* "id-hmacWithSHA3-512" */
+     260,    /* "id-it" */
+     302,    /* "id-it-caKeyUpdateInfo" */
+     298,    /* "id-it-caProtEncCert" */
+     311,    /* "id-it-confirmWaitTime" */
+     303,    /* "id-it-currentCRL" */
+     300,    /* "id-it-encKeyPairTypes" */
+     310,    /* "id-it-implicitConfirm" */
+     308,    /* "id-it-keyPairParamRep" */
+     307,    /* "id-it-keyPairParamReq" */
+     312,    /* "id-it-origPKIMessage" */
+     301,    /* "id-it-preferredSymmAlg" */
+     309,    /* "id-it-revPassphrase" */
+     299,    /* "id-it-signKeyPairTypes" */
+     305,    /* "id-it-subscriptionRequest" */
+     306,    /* "id-it-subscriptionResponse" */
+     784,    /* "id-it-suppLangTags" */
+     304,    /* "id-it-unsupportedOIDs" */
+     128,    /* "id-kp" */
+     280,    /* "id-mod-attribute-cert" */
+     274,    /* "id-mod-cmc" */
+     277,    /* "id-mod-cmp" */
+     284,    /* "id-mod-cmp2000" */
+     273,    /* "id-mod-crmf" */
+     283,    /* "id-mod-dvcs" */
+     275,    /* "id-mod-kea-profile-88" */
+     276,    /* "id-mod-kea-profile-93" */
+     282,    /* "id-mod-ocsp" */
+     278,    /* "id-mod-qualified-cert-88" */
+     279,    /* "id-mod-qualified-cert-93" */
+     281,    /* "id-mod-timestamp-protocol" */
+     264,    /* "id-on" */
+     858,    /* "id-on-permanentIdentifier" */
+     347,    /* "id-on-personalData" */
+     265,    /* "id-pda" */
+     352,    /* "id-pda-countryOfCitizenship" */
+     353,    /* "id-pda-countryOfResidence" */
+     348,    /* "id-pda-dateOfBirth" */
+     351,    /* "id-pda-gender" */
+     349,    /* "id-pda-placeOfBirth" */
+     175,    /* "id-pe" */
+    1031,    /* "id-pkinit" */
+     261,    /* "id-pkip" */
+     258,    /* "id-pkix-mod" */
+     269,    /* "id-pkix1-explicit-88" */
+     271,    /* "id-pkix1-explicit-93" */
+     270,    /* "id-pkix1-implicit-88" */
+     272,    /* "id-pkix1-implicit-93" */
+     662,    /* "id-ppl" */
+     664,    /* "id-ppl-anyLanguage" */
+     667,    /* "id-ppl-independent" */
+     665,    /* "id-ppl-inheritAll" */
+     267,    /* "id-qcs" */
+     359,    /* "id-qcs-pkixQCSyntax-v1" */
+     259,    /* "id-qt" */
+     164,    /* "id-qt-cps" */
+     165,    /* "id-qt-unotice" */
+     313,    /* "id-regCtrl" */
+     316,    /* "id-regCtrl-authenticator" */
+     319,    /* "id-regCtrl-oldCertID" */
+     318,    /* "id-regCtrl-pkiArchiveOptions" */
+     317,    /* "id-regCtrl-pkiPublicationInfo" */
+     320,    /* "id-regCtrl-protocolEncrKey" */
+     315,    /* "id-regCtrl-regToken" */
+     314,    /* "id-regInfo" */
+     322,    /* "id-regInfo-certReq" */
+     321,    /* "id-regInfo-utf8Pairs" */
+    1116,    /* "id-rsassa-pkcs1-v1_5-with-sha3-224" */
+    1117,    /* "id-rsassa-pkcs1-v1_5-with-sha3-256" */
+    1118,    /* "id-rsassa-pkcs1-v1_5-with-sha3-384" */
+    1119,    /* "id-rsassa-pkcs1-v1_5-with-sha3-512" */
+     973,    /* "id-scrypt" */
+     512,    /* "id-set" */
+     191,    /* "id-smime-aa" */
+     215,    /* "id-smime-aa-contentHint" */
+     218,    /* "id-smime-aa-contentIdentifier" */
+     221,    /* "id-smime-aa-contentReference" */
+     240,    /* "id-smime-aa-dvcs-dvc" */
+     217,    /* "id-smime-aa-encapContentType" */
+     222,    /* "id-smime-aa-encrypKeyPref" */
+     220,    /* "id-smime-aa-equivalentLabels" */
+     232,    /* "id-smime-aa-ets-CertificateRefs" */
+     233,    /* "id-smime-aa-ets-RevocationRefs" */
+     238,    /* "id-smime-aa-ets-archiveTimeStamp" */
+     237,    /* "id-smime-aa-ets-certCRLTimestamp" */
+     234,    /* "id-smime-aa-ets-certValues" */
+     227,    /* "id-smime-aa-ets-commitmentType" */
+     231,    /* "id-smime-aa-ets-contentTimestamp" */
+     236,    /* "id-smime-aa-ets-escTimeStamp" */
+     230,    /* "id-smime-aa-ets-otherSigCert" */
+     235,    /* "id-smime-aa-ets-revocationValues" */
+     226,    /* "id-smime-aa-ets-sigPolicyId" */
+     229,    /* "id-smime-aa-ets-signerAttr" */
+     228,    /* "id-smime-aa-ets-signerLocation" */
+     219,    /* "id-smime-aa-macValue" */
+     214,    /* "id-smime-aa-mlExpandHistory" */
+     216,    /* "id-smime-aa-msgSigDigest" */
+     212,    /* "id-smime-aa-receiptRequest" */
+     213,    /* "id-smime-aa-securityLabel" */
+     239,    /* "id-smime-aa-signatureType" */
+     223,    /* "id-smime-aa-signingCertificate" */
+    1086,    /* "id-smime-aa-signingCertificateV2" */
+     224,    /* "id-smime-aa-smimeEncryptCerts" */
+     225,    /* "id-smime-aa-timeStampToken" */
+     192,    /* "id-smime-alg" */
+     243,    /* "id-smime-alg-3DESwrap" */
+     246,    /* "id-smime-alg-CMS3DESwrap" */
+     247,    /* "id-smime-alg-CMSRC2wrap" */
+     245,    /* "id-smime-alg-ESDH" */
+     241,    /* "id-smime-alg-ESDHwith3DES" */
+     242,    /* "id-smime-alg-ESDHwithRC2" */
+     244,    /* "id-smime-alg-RC2wrap" */
+     193,    /* "id-smime-cd" */
+     248,    /* "id-smime-cd-ldap" */
+     190,    /* "id-smime-ct" */
+     210,    /* "id-smime-ct-DVCSRequestData" */
+     211,    /* "id-smime-ct-DVCSResponseData" */
+     208,    /* "id-smime-ct-TDTInfo" */
+     207,    /* "id-smime-ct-TSTInfo" */
+     205,    /* "id-smime-ct-authData" */
+    1059,    /* "id-smime-ct-authEnvelopedData" */
+     786,    /* "id-smime-ct-compressedData" */
+    1058,    /* "id-smime-ct-contentCollection" */
+     209,    /* "id-smime-ct-contentInfo" */
+     206,    /* "id-smime-ct-publishCert" */
+     204,    /* "id-smime-ct-receipt" */
+     195,    /* "id-smime-cti" */
+     255,    /* "id-smime-cti-ets-proofOfApproval" */
+     256,    /* "id-smime-cti-ets-proofOfCreation" */
+     253,    /* "id-smime-cti-ets-proofOfDelivery" */
+     251,    /* "id-smime-cti-ets-proofOfOrigin" */
+     252,    /* "id-smime-cti-ets-proofOfReceipt" */
+     254,    /* "id-smime-cti-ets-proofOfSender" */
+     189,    /* "id-smime-mod" */
+     196,    /* "id-smime-mod-cms" */
+     197,    /* "id-smime-mod-ess" */
+     202,    /* "id-smime-mod-ets-eSigPolicy-88" */
+     203,    /* "id-smime-mod-ets-eSigPolicy-97" */
+     200,    /* "id-smime-mod-ets-eSignature-88" */
+     201,    /* "id-smime-mod-ets-eSignature-97" */
+     199,    /* "id-smime-mod-msg-v3" */
+     198,    /* "id-smime-mod-oid" */
+     194,    /* "id-smime-spq" */
+     250,    /* "id-smime-spq-ets-sqt-unotice" */
+     249,    /* "id-smime-spq-ets-sqt-uri" */
+     974,    /* "id-tc26" */
+     991,    /* "id-tc26-agreement" */
+     992,    /* "id-tc26-agreement-gost-3410-2012-256" */
+     993,    /* "id-tc26-agreement-gost-3410-2012-512" */
+     977,    /* "id-tc26-algorithms" */
+     990,    /* "id-tc26-cipher" */
+    1001,    /* "id-tc26-cipher-constants" */
+    1176,    /* "id-tc26-cipher-gostr3412-2015-kuznyechik" */
+    1177,    /* "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm" */
+    1178,    /* "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac" */
+    1173,    /* "id-tc26-cipher-gostr3412-2015-magma" */
+    1174,    /* "id-tc26-cipher-gostr3412-2015-magma-ctracpkm" */
+    1175,    /* "id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac" */
+     994,    /* "id-tc26-constants" */
+     981,    /* "id-tc26-digest" */
+    1000,    /* "id-tc26-digest-constants" */
+    1002,    /* "id-tc26-gost-28147-constants" */
+    1003,    /* "id-tc26-gost-28147-param-Z" */
+    1147,    /* "id-tc26-gost-3410-2012-256-constants" */
+    1148,    /* "id-tc26-gost-3410-2012-256-paramSetA" */
+    1184,    /* "id-tc26-gost-3410-2012-256-paramSetB" */
+    1185,    /* "id-tc26-gost-3410-2012-256-paramSetC" */
+    1186,    /* "id-tc26-gost-3410-2012-256-paramSetD" */
+     996,    /* "id-tc26-gost-3410-2012-512-constants" */
+     998,    /* "id-tc26-gost-3410-2012-512-paramSetA" */
+     999,    /* "id-tc26-gost-3410-2012-512-paramSetB" */
+    1149,    /* "id-tc26-gost-3410-2012-512-paramSetC" */
+     997,    /* "id-tc26-gost-3410-2012-512-paramSetTest" */
+     988,    /* "id-tc26-hmac-gost-3411-2012-256" */
+     989,    /* "id-tc26-hmac-gost-3411-2012-512" */
+     987,    /* "id-tc26-mac" */
+     978,    /* "id-tc26-sign" */
+     995,    /* "id-tc26-sign-constants" */
+     984,    /* "id-tc26-signwithdigest" */
+     985,    /* "id-tc26-signwithdigest-gost3410-2012-256" */
+     986,    /* "id-tc26-signwithdigest-gost3410-2012-512" */
+    1179,    /* "id-tc26-wrap" */
+    1182,    /* "id-tc26-wrap-gostr3412-2015-kuznyechik" */
+    1183,    /* "id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15" */
+    1180,    /* "id-tc26-wrap-gostr3412-2015-magma" */
+    1181,    /* "id-tc26-wrap-gostr3412-2015-magma-kexp15" */
+     676,    /* "identified-organization" */
+    1170,    /* "ieee" */
+    1171,    /* "ieee-siswg" */
+     461,    /* "info" */
+     748,    /* "inhibitAnyPolicy" */
+     101,    /* "initials" */
+     647,    /* "international-organizations" */
+     869,    /* "internationaliSDNNumber" */
+     142,    /* "invalidityDate" */
+     294,    /* "ipsecEndSystem" */
+    1022,    /* "ipsecIKE" */
+     295,    /* "ipsecTunnel" */
+     296,    /* "ipsecUser" */
+      86,    /* "issuerAltName" */
+    1008,    /* "issuerSignTool" */
+     770,    /* "issuingDistributionPoint" */
+     492,    /* "janetMailbox" */
+     957,    /* "jurisdictionC" */
+     955,    /* "jurisdictionL" */
+     956,    /* "jurisdictionST" */
+     150,    /* "keyBag" */
+      83,    /* "keyUsage" */
+     477,    /* "lastModifiedBy" */
+     476,    /* "lastModifiedTime" */
+     157,    /* "localKeyID" */
+     480,    /* "mXRecord" */
+    1190,    /* "magma-cbc" */
+    1191,    /* "magma-cfb" */
+    1188,    /* "magma-ctr" */
+    1187,    /* "magma-ecb" */
+    1192,    /* "magma-mac" */
+    1189,    /* "magma-ofb" */
+     460,    /* "mail" */
+     493,    /* "mailPreferenceOption" */
+     467,    /* "manager" */
+     982,    /* "md_gost12_256" */
+     983,    /* "md_gost12_512" */
+     809,    /* "md_gost94" */
+     875,    /* "member" */
+     182,    /* "member-body" */
+      51,    /* "messageDigest" */
+     383,    /* "mgmt" */
+     504,    /* "mime-mhs" */
+     506,    /* "mime-mhs-bodies" */
+     505,    /* "mime-mhs-headings" */
+     488,    /* "mobileTelephoneNumber" */
+     136,    /* "msCTLSign" */
+     135,    /* "msCodeCom" */
+     134,    /* "msCodeInd" */
+     138,    /* "msEFS" */
+     171,    /* "msExtReq" */
+     137,    /* "msSGC" */
+     648,    /* "msSmartcardLogin" */
+     649,    /* "msUPN" */
+    1091,    /* "n3" */
+     481,    /* "nSRecord" */
+     173,    /* "name" */
+     666,    /* "nameConstraints" */
+     369,    /* "noCheck" */
+     403,    /* "noRevAvail" */
+      72,    /* "nsBaseUrl" */
+      76,    /* "nsCaPolicyUrl" */
+      74,    /* "nsCaRevocationUrl" */
+      58,    /* "nsCertExt" */
+      79,    /* "nsCertSequence" */
+      71,    /* "nsCertType" */
+      78,    /* "nsComment" */
+      59,    /* "nsDataType" */
+      75,    /* "nsRenewalUrl" */
+      73,    /* "nsRevocationUrl" */
+     139,    /* "nsSGC" */
+      77,    /* "nsSslServerName" */
+     681,    /* "onBasis" */
+    1089,    /* "organizationIdentifier" */
+     491,    /* "organizationalStatus" */
+    1141,    /* "oscca" */
+     475,    /* "otherMailbox" */
+     876,    /* "owner" */
+     489,    /* "pagerTelephoneNumber" */
+     374,    /* "path" */
+     112,    /* "pbeWithMD5AndCast5CBC" */
+     499,    /* "personalSignature" */
+     487,    /* "personalTitle" */
+     464,    /* "photo" */
+     863,    /* "physicalDeliveryOfficeName" */
+     437,    /* "pilot" */
+     439,    /* "pilotAttributeSyntax" */
+     438,    /* "pilotAttributeType" */
+     479,    /* "pilotAttributeType27" */
+     456,    /* "pilotDSA" */
+     441,    /* "pilotGroups" */
+     444,    /* "pilotObject" */
+     440,    /* "pilotObjectClass" */
+     455,    /* "pilotOrganization" */
+     445,    /* "pilotPerson" */
+    1032,    /* "pkInitClientAuth" */
+    1033,    /* "pkInitKDC" */
+       2,    /* "pkcs" */
+     186,    /* "pkcs1" */
+      27,    /* "pkcs3" */
+     187,    /* "pkcs5" */
+      20,    /* "pkcs7" */
+      21,    /* "pkcs7-data" */
+      25,    /* "pkcs7-digestData" */
+      26,    /* "pkcs7-encryptedData" */
+      23,    /* "pkcs7-envelopedData" */
+      24,    /* "pkcs7-signedAndEnvelopedData" */
+      22,    /* "pkcs7-signedData" */
+     151,    /* "pkcs8ShroudedKeyBag" */
+      47,    /* "pkcs9" */
+     401,    /* "policyConstraints" */
+     747,    /* "policyMappings" */
+     862,    /* "postOfficeBox" */
+     861,    /* "postalAddress" */
+     661,    /* "postalCode" */
+     683,    /* "ppBasis" */
+     872,    /* "preferredDeliveryMethod" */
+     873,    /* "presentationAddress" */
+     816,    /* "prf-gostr3411-94" */
+     406,    /* "prime-field" */
+     409,    /* "prime192v1" */
+     410,    /* "prime192v2" */
+     411,    /* "prime192v3" */
+     412,    /* "prime239v1" */
+     413,    /* "prime239v2" */
+     414,    /* "prime239v3" */
+     415,    /* "prime256v1" */
+     385,    /* "private" */
+      84,    /* "privateKeyUsagePeriod" */
+     886,    /* "protocolInformation" */
+     663,    /* "proxyCertInfo" */
+     510,    /* "pseudonym" */
+     435,    /* "pss" */
+     286,    /* "qcStatements" */
+     457,    /* "qualityLabelledData" */
+     450,    /* "rFC822localPart" */
+     870,    /* "registeredAddress" */
+     400,    /* "role" */
+     877,    /* "roleOccupant" */
+     448,    /* "room" */
+     463,    /* "roomNumber" */
+       6,    /* "rsaEncryption" */
+     644,    /* "rsaOAEPEncryptionSET" */
+     377,    /* "rsaSignature" */
+       1,    /* "rsadsi" */
+     482,    /* "sOARecord" */
+     155,    /* "safeContentsBag" */
+     291,    /* "sbgp-autonomousSysNum" */
+     290,    /* "sbgp-ipAddrBlock" */
+     292,    /* "sbgp-routerIdentifier" */
+     159,    /* "sdsiCertificate" */
+     859,    /* "searchGuide" */
+     704,    /* "secp112r1" */
+     705,    /* "secp112r2" */
+     706,    /* "secp128r1" */
+     707,    /* "secp128r2" */
+     708,    /* "secp160k1" */
+     709,    /* "secp160r1" */
+     710,    /* "secp160r2" */
+     711,    /* "secp192k1" */
+     712,    /* "secp224k1" */
+     713,    /* "secp224r1" */
+     714,    /* "secp256k1" */
+     715,    /* "secp384r1" */
+     716,    /* "secp521r1" */
+     154,    /* "secretBag" */
+     474,    /* "secretary" */
+     717,    /* "sect113r1" */
+     718,    /* "sect113r2" */
+     719,    /* "sect131r1" */
+     720,    /* "sect131r2" */
+     721,    /* "sect163k1" */
+     722,    /* "sect163r1" */
+     723,    /* "sect163r2" */
+     724,    /* "sect193r1" */
+     725,    /* "sect193r2" */
+     726,    /* "sect233k1" */
+     727,    /* "sect233r1" */
+     728,    /* "sect239k1" */
+     729,    /* "sect283k1" */
+     730,    /* "sect283r1" */
+     731,    /* "sect409k1" */
+     732,    /* "sect409r1" */
+     733,    /* "sect571k1" */
+     734,    /* "sect571r1" */
+    1025,    /* "secureShellClient" */
+    1026,    /* "secureShellServer" */
+     386,    /* "security" */
+     878,    /* "seeAlso" */
+     394,    /* "selected-attribute-types" */
+    1029,    /* "sendOwner" */
+    1030,    /* "sendProxiedOwner" */
+    1028,    /* "sendProxiedRouter" */
+    1027,    /* "sendRouter" */
+     105,    /* "serialNumber" */
+     129,    /* "serverAuth" */
+     371,    /* "serviceLocator" */
+     625,    /* "set-addPolicy" */
+     515,    /* "set-attr" */
+     518,    /* "set-brand" */
+     638,    /* "set-brand-AmericanExpress" */
+     637,    /* "set-brand-Diners" */
+     636,    /* "set-brand-IATA-ATA" */
+     639,    /* "set-brand-JCB" */
+     641,    /* "set-brand-MasterCard" */
+     642,    /* "set-brand-Novus" */
+     640,    /* "set-brand-Visa" */
+     517,    /* "set-certExt" */
+     513,    /* "set-ctype" */
+     514,    /* "set-msgExt" */
+     516,    /* "set-policy" */
+     607,    /* "set-policy-root" */
+     624,    /* "set-rootKeyThumb" */
+     620,    /* "setAttr-Cert" */
+     631,    /* "setAttr-GenCryptgrm" */
+     623,    /* "setAttr-IssCap" */
+     628,    /* "setAttr-IssCap-CVM" */
+     630,    /* "setAttr-IssCap-Sig" */
+     629,    /* "setAttr-IssCap-T2" */
+     621,    /* "setAttr-PGWYcap" */
+     635,    /* "setAttr-SecDevSig" */
+     632,    /* "setAttr-T2Enc" */
+     633,    /* "setAttr-T2cleartxt" */
+     634,    /* "setAttr-TokICCsig" */
+     627,    /* "setAttr-Token-B0Prime" */
+     626,    /* "setAttr-Token-EMV" */
+     622,    /* "setAttr-TokenType" */
+     619,    /* "setCext-IssuerCapabilities" */
+     615,    /* "setCext-PGWYcapabilities" */
+     616,    /* "setCext-TokenIdentifier" */
+     618,    /* "setCext-TokenType" */
+     617,    /* "setCext-Track2Data" */
+     611,    /* "setCext-cCertRequired" */
+     609,    /* "setCext-certType" */
+     608,    /* "setCext-hashedRoot" */
+     610,    /* "setCext-merchData" */
+     613,    /* "setCext-setExt" */
+     614,    /* "setCext-setQualf" */
+     612,    /* "setCext-tunneling" */
+     540,    /* "setct-AcqCardCodeMsg" */
+     576,    /* "setct-AcqCardCodeMsgTBE" */
+     570,    /* "setct-AuthReqTBE" */
+     534,    /* "setct-AuthReqTBS" */
+     527,    /* "setct-AuthResBaggage" */
+     571,    /* "setct-AuthResTBE" */
+     572,    /* "setct-AuthResTBEX" */
+     535,    /* "setct-AuthResTBS" */
+     536,    /* "setct-AuthResTBSX" */
+     528,    /* "setct-AuthRevReqBaggage" */
+     577,    /* "setct-AuthRevReqTBE" */
+     541,    /* "setct-AuthRevReqTBS" */
+     529,    /* "setct-AuthRevResBaggage" */
+     542,    /* "setct-AuthRevResData" */
+     578,    /* "setct-AuthRevResTBE" */
+     579,    /* "setct-AuthRevResTBEB" */
+     543,    /* "setct-AuthRevResTBS" */
+     573,    /* "setct-AuthTokenTBE" */
+     537,    /* "setct-AuthTokenTBS" */
+     600,    /* "setct-BCIDistributionTBS" */
+     558,    /* "setct-BatchAdminReqData" */
+     592,    /* "setct-BatchAdminReqTBE" */
+     559,    /* "setct-BatchAdminResData" */
+     593,    /* "setct-BatchAdminResTBE" */
+     599,    /* "setct-CRLNotificationResTBS" */
+     598,    /* "setct-CRLNotificationTBS" */
+     580,    /* "setct-CapReqTBE" */
+     581,    /* "setct-CapReqTBEX" */
+     544,    /* "setct-CapReqTBS" */
+     545,    /* "setct-CapReqTBSX" */
+     546,    /* "setct-CapResData" */
+     582,    /* "setct-CapResTBE" */
+     583,    /* "setct-CapRevReqTBE" */
+     584,    /* "setct-CapRevReqTBEX" */
+     547,    /* "setct-CapRevReqTBS" */
+     548,    /* "setct-CapRevReqTBSX" */
+     549,    /* "setct-CapRevResData" */
+     585,    /* "setct-CapRevResTBE" */
+     538,    /* "setct-CapTokenData" */
+     530,    /* "setct-CapTokenSeq" */
+     574,    /* "setct-CapTokenTBE" */
+     575,    /* "setct-CapTokenTBEX" */
+     539,    /* "setct-CapTokenTBS" */
+     560,    /* "setct-CardCInitResTBS" */
+     566,    /* "setct-CertInqReqTBS" */
+     563,    /* "setct-CertReqData" */
+     595,    /* "setct-CertReqTBE" */
+     596,    /* "setct-CertReqTBEX" */
+     564,    /* "setct-CertReqTBS" */
+     565,    /* "setct-CertResData" */
+     597,    /* "setct-CertResTBE" */
+     586,    /* "setct-CredReqTBE" */
+     587,    /* "setct-CredReqTBEX" */
+     550,    /* "setct-CredReqTBS" */
+     551,    /* "setct-CredReqTBSX" */
+     552,    /* "setct-CredResData" */
+     588,    /* "setct-CredResTBE" */
+     589,    /* "setct-CredRevReqTBE" */
+     590,    /* "setct-CredRevReqTBEX" */
+     553,    /* "setct-CredRevReqTBS" */
+     554,    /* "setct-CredRevReqTBSX" */
+     555,    /* "setct-CredRevResData" */
+     591,    /* "setct-CredRevResTBE" */
+     567,    /* "setct-ErrorTBS" */
+     526,    /* "setct-HODInput" */
+     561,    /* "setct-MeAqCInitResTBS" */
+     522,    /* "setct-OIData" */
+     519,    /* "setct-PANData" */
+     521,    /* "setct-PANOnly" */
+     520,    /* "setct-PANToken" */
+     556,    /* "setct-PCertReqData" */
+     557,    /* "setct-PCertResTBS" */
+     523,    /* "setct-PI" */
+     532,    /* "setct-PI-TBS" */
+     524,    /* "setct-PIData" */
+     525,    /* "setct-PIDataUnsigned" */
+     568,    /* "setct-PIDualSignedTBE" */
+     569,    /* "setct-PIUnsignedTBE" */
+     531,    /* "setct-PInitResData" */
+     533,    /* "setct-PResData" */
+     594,    /* "setct-RegFormReqTBE" */
+     562,    /* "setct-RegFormResTBS" */
+     606,    /* "setext-cv" */
+     601,    /* "setext-genCrypt" */
+     602,    /* "setext-miAuth" */
+     604,    /* "setext-pinAny" */
+     603,    /* "setext-pinSecure" */
+     605,    /* "setext-track2" */
+      52,    /* "signingTime" */
+     454,    /* "simpleSecurityObject" */
+     496,    /* "singleLevelQuality" */
+    1142,    /* "sm-scheme" */
+     387,    /* "snmpv2" */
+     660,    /* "street" */
+      85,    /* "subjectAltName" */
+     769,    /* "subjectDirectoryAttributes" */
+     398,    /* "subjectInfoAccess" */
+      82,    /* "subjectKeyIdentifier" */
+    1007,    /* "subjectSignTool" */
+     498,    /* "subtreeMaximumQuality" */
+     497,    /* "subtreeMinimumQuality" */
+     890,    /* "supportedAlgorithms" */
+     874,    /* "supportedApplicationContext" */
+     402,    /* "targetInformation" */
+     864,    /* "telephoneNumber" */
+     866,    /* "teletexTerminalIdentifier" */
+     865,    /* "telexNumber" */
+     459,    /* "textEncodedORAddress" */
+     293,    /* "textNotice" */
+     133,    /* "timeStamping" */
+     106,    /* "title" */
+    1020,    /* "tlsfeature" */
+     682,    /* "tpBasis" */
+     375,    /* "trustRoot" */
+    1151,    /* "ua-pki" */
+    1160,    /* "uacurve0" */
+    1161,    /* "uacurve1" */
+    1162,    /* "uacurve2" */
+    1163,    /* "uacurve3" */
+    1164,    /* "uacurve4" */
+    1165,    /* "uacurve5" */
+    1166,    /* "uacurve6" */
+    1167,    /* "uacurve7" */
+    1168,    /* "uacurve8" */
+    1169,    /* "uacurve9" */
+     436,    /* "ucl" */
+     102,    /* "uid" */
+     888,    /* "uniqueMember" */
+      55,    /* "unstructuredAddress" */
+      49,    /* "unstructuredName" */
+     880,    /* "userCertificate" */
+     465,    /* "userClass" */
+     879,    /* "userPassword" */
+     373,    /* "valid" */
+     678,    /* "wap" */
+     679,    /* "wap-wsg" */
+     735,    /* "wap-wsg-idm-ecid-wtls1" */
+     743,    /* "wap-wsg-idm-ecid-wtls10" */
+     744,    /* "wap-wsg-idm-ecid-wtls11" */
+     745,    /* "wap-wsg-idm-ecid-wtls12" */
+     736,    /* "wap-wsg-idm-ecid-wtls3" */
+     737,    /* "wap-wsg-idm-ecid-wtls4" */
+     738,    /* "wap-wsg-idm-ecid-wtls5" */
+     739,    /* "wap-wsg-idm-ecid-wtls6" */
+     740,    /* "wap-wsg-idm-ecid-wtls7" */
+     741,    /* "wap-wsg-idm-ecid-wtls8" */
+     742,    /* "wap-wsg-idm-ecid-wtls9" */
+     804,    /* "whirlpool" */
+     868,    /* "x121Address" */
+     503,    /* "x500UniqueIdentifier" */
+     158,    /* "x509Certificate" */
+     160,    /* "x509Crl" */
+    1093,    /* "x509ExtAdmission" */
+};
+
+#define NUM_LN 1186
+static const unsigned int ln_objs[NUM_LN] = {
+     363,    /* "AD Time Stamping" */
+     405,    /* "ANSI X9.62" */
+     368,    /* "Acceptable OCSP Responses" */
+     910,    /* "Any Extended Key Usage" */
+     664,    /* "Any language" */
+     177,    /* "Authority Information Access" */
+     365,    /* "Basic OCSP Response" */
+     285,    /* "Biometric Info" */
+     179,    /* "CA Issuers" */
+     785,    /* "CA Repository" */
+    1131,    /* "CMC Certificate Authority" */
+    1132,    /* "CMC Registration Authority" */
+     954,    /* "CT Certificate SCTs" */
+     952,    /* "CT Precertificate Poison" */
+     951,    /* "CT Precertificate SCTs" */
+     953,    /* "CT Precertificate Signer" */
+     131,    /* "Code Signing" */
+    1024,    /* "Ctrl/Provision WAP Termination" */
+    1023,    /* "Ctrl/provision WAP Access" */
+    1159,    /* "DSTU 4145-2002 big endian" */
+    1158,    /* "DSTU 4145-2002 little endian" */
+    1152,    /* "DSTU Gost 28147-2009" */
+    1154,    /* "DSTU Gost 28147-2009 CFB mode" */
+    1153,    /* "DSTU Gost 28147-2009 OFB mode" */
+    1155,    /* "DSTU Gost 28147-2009 key wrap" */
+    1157,    /* "DSTU Gost 34311-95" */
+    1160,    /* "DSTU curve 0" */
+    1161,    /* "DSTU curve 1" */
+    1162,    /* "DSTU curve 2" */
+    1163,    /* "DSTU curve 3" */
+    1164,    /* "DSTU curve 4" */
+    1165,    /* "DSTU curve 5" */
+    1166,    /* "DSTU curve 6" */
+    1167,    /* "DSTU curve 7" */
+    1168,    /* "DSTU curve 8" */
+    1169,    /* "DSTU curve 9" */
+     783,    /* "Diffie-Hellman based MAC" */
+     382,    /* "Directory" */
+     392,    /* "Domain" */
+     132,    /* "E-mail Protection" */
+    1087,    /* "ED25519" */
+    1088,    /* "ED448" */
+     389,    /* "Enterprises" */
+     384,    /* "Experimental" */
+     372,    /* "Extended OCSP Status" */
+     172,    /* "Extension Request" */
+     813,    /* "GOST 28147-89" */
+     849,    /* "GOST 28147-89 Cryptocom ParamSet" */
+     815,    /* "GOST 28147-89 MAC" */
+    1003,    /* "GOST 28147-89 TC26 parameter set" */
+     851,    /* "GOST 34.10-2001 Cryptocom" */
+     850,    /* "GOST 34.10-94 Cryptocom" */
+     811,    /* "GOST R 34.10-2001" */
+     817,    /* "GOST R 34.10-2001 DH" */
+    1148,    /* "GOST R 34.10-2012 (256 bit) ParamSet A" */
+    1184,    /* "GOST R 34.10-2012 (256 bit) ParamSet B" */
+    1185,    /* "GOST R 34.10-2012 (256 bit) ParamSet C" */
+    1186,    /* "GOST R 34.10-2012 (256 bit) ParamSet D" */
+     998,    /* "GOST R 34.10-2012 (512 bit) ParamSet A" */
+     999,    /* "GOST R 34.10-2012 (512 bit) ParamSet B" */
+    1149,    /* "GOST R 34.10-2012 (512 bit) ParamSet C" */
+     997,    /* "GOST R 34.10-2012 (512 bit) testing parameter set" */
+     979,    /* "GOST R 34.10-2012 with 256 bit modulus" */
+     980,    /* "GOST R 34.10-2012 with 512 bit modulus" */
+     985,    /* "GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)" */
+     986,    /* "GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)" */
+     812,    /* "GOST R 34.10-94" */
+     818,    /* "GOST R 34.10-94 DH" */
+     982,    /* "GOST R 34.11-2012 with 256 bit hash" */
+     983,    /* "GOST R 34.11-2012 with 512 bit hash" */
+     809,    /* "GOST R 34.11-94" */
+     816,    /* "GOST R 34.11-94 PRF" */
+     807,    /* "GOST R 34.11-94 with GOST R 34.10-2001" */
+     853,    /* "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom" */
+     808,    /* "GOST R 34.11-94 with GOST R 34.10-94" */
+     852,    /* "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom" */
+     854,    /* "GOST R 3410-2001 Parameter Set Cryptocom" */
+    1156,    /* "HMAC DSTU Gost 34311-95" */
+     988,    /* "HMAC GOST 34.11-2012 256 bit" */
+     989,    /* "HMAC GOST 34.11-2012 512 bit" */
+     810,    /* "HMAC GOST 34.11-94" */
+     432,    /* "Hold Instruction Call Issuer" */
+     430,    /* "Hold Instruction Code" */
+     431,    /* "Hold Instruction None" */
+     433,    /* "Hold Instruction Reject" */
+     634,    /* "ICC or token signature" */
+    1171,    /* "IEEE Security in Storage Working Group" */
+    1004,    /* "INN" */
+     294,    /* "IPSec End System" */
+     295,    /* "IPSec Tunnel" */
+     296,    /* "IPSec User" */
+    1140,    /* "ISO CN Member Body" */
+     182,    /* "ISO Member Body" */
+     183,    /* "ISO US Member Body" */
+    1150,    /* "ISO-UA" */
+     667,    /* "Independent" */
+     665,    /* "Inherit all" */
+     647,    /* "International Organizations" */
+     142,    /* "Invalidity Date" */
+     504,    /* "MIME MHS" */
+     388,    /* "Mail" */
+     383,    /* "Management" */
+     417,    /* "Microsoft CSP Name" */
+     135,    /* "Microsoft Commercial Code Signing" */
+     138,    /* "Microsoft Encrypted File System" */
+     171,    /* "Microsoft Extension Request" */
+     134,    /* "Microsoft Individual Code Signing" */
+     856,    /* "Microsoft Local Key set" */
+     137,    /* "Microsoft Server Gated Crypto" */
+     648,    /* "Microsoft Smartcardlogin" */
+     136,    /* "Microsoft Trust List Signing" */
+     649,    /* "Microsoft Universal Principal Name" */
+     393,    /* "NULL" */
+     404,    /* "NULL" */
+      72,    /* "Netscape Base Url" */
+      76,    /* "Netscape CA Policy Url" */
+      74,    /* "Netscape CA Revocation Url" */
+      71,    /* "Netscape Cert Type" */
+      58,    /* "Netscape Certificate Extension" */
+      79,    /* "Netscape Certificate Sequence" */
+      78,    /* "Netscape Comment" */
+      57,    /* "Netscape Communications Corp." */
+      59,    /* "Netscape Data Type" */
+      75,    /* "Netscape Renewal Url" */
+      73,    /* "Netscape Revocation Url" */
+      77,    /* "Netscape SSL Server Name" */
+     139,    /* "Netscape Server Gated Crypto" */
+     178,    /* "OCSP" */
+     370,    /* "OCSP Archive Cutoff" */
+     367,    /* "OCSP CRL ID" */
+     369,    /* "OCSP No Check" */
+     366,    /* "OCSP Nonce" */
+     371,    /* "OCSP Service Locator" */
+     180,    /* "OCSP Signing" */
+    1005,    /* "OGRN" */
+     161,    /* "PBES2" */
+      69,    /* "PBKDF2" */
+     162,    /* "PBMAC1" */
+    1032,    /* "PKINIT Client Auth" */
+     127,    /* "PKIX" */
+     858,    /* "Permanent Identifier" */
+     164,    /* "Policy Qualifier CPS" */
+     165,    /* "Policy Qualifier User Notice" */
+     385,    /* "Private" */
+    1093,    /* "Professional Information or basis for Admission" */
+     663,    /* "Proxy Certificate Information" */
+       1,    /* "RSA Data Security, Inc." */
+       2,    /* "RSA Data Security, Inc. PKCS" */
+    1116,    /* "RSA-SHA3-224" */
+    1117,    /* "RSA-SHA3-256" */
+    1118,    /* "RSA-SHA3-384" */
+    1119,    /* "RSA-SHA3-512" */
+     188,    /* "S/MIME" */
+     167,    /* "S/MIME Capabilities" */
+    1006,    /* "SNILS" */
+     387,    /* "SNMPv2" */
+    1025,    /* "SSH Client" */
+    1026,    /* "SSH Server" */
+     512,    /* "Secure Electronic Transactions" */
+     386,    /* "Security" */
+     394,    /* "Selected Attribute Types" */
+    1029,    /* "Send Owner" */
+    1030,    /* "Send Proxied Owner" */
+    1028,    /* "Send Proxied Router" */
+    1027,    /* "Send Router" */
+    1033,    /* "Signing KDC Response" */
+    1008,    /* "Signing Tool of Issuer" */
+    1007,    /* "Signing Tool of Subject" */
+     143,    /* "Strong Extranet ID" */
+     398,    /* "Subject Information Access" */
+    1020,    /* "TLS Feature" */
+     130,    /* "TLS Web Client Authentication" */
+     129,    /* "TLS Web Server Authentication" */
+     133,    /* "Time Stamping" */
+     375,    /* "Trust Root" */
+    1034,    /* "X25519" */
+    1035,    /* "X448" */
+      12,    /* "X509" */
+     402,    /* "X509v3 AC Targeting" */
+     746,    /* "X509v3 Any Policy" */
+      90,    /* "X509v3 Authority Key Identifier" */
+      87,    /* "X509v3 Basic Constraints" */
+     103,    /* "X509v3 CRL Distribution Points" */
+      88,    /* "X509v3 CRL Number" */
+     141,    /* "X509v3 CRL Reason Code" */
+     771,    /* "X509v3 Certificate Issuer" */
+      89,    /* "X509v3 Certificate Policies" */
+     140,    /* "X509v3 Delta CRL Indicator" */
+     126,    /* "X509v3 Extended Key Usage" */
+     857,    /* "X509v3 Freshest CRL" */
+     748,    /* "X509v3 Inhibit Any Policy" */
+      86,    /* "X509v3 Issuer Alternative Name" */
+     770,    /* "X509v3 Issuing Distribution Point" */
+      83,    /* "X509v3 Key Usage" */
+     666,    /* "X509v3 Name Constraints" */
+     403,    /* "X509v3 No Revocation Available" */
+     401,    /* "X509v3 Policy Constraints" */
+     747,    /* "X509v3 Policy Mappings" */
+      84,    /* "X509v3 Private Key Usage Period" */
+      85,    /* "X509v3 Subject Alternative Name" */
+     769,    /* "X509v3 Subject Directory Attributes" */
+      82,    /* "X509v3 Subject Key Identifier" */
+     920,    /* "X9.42 DH" */
+     184,    /* "X9.57" */
+     185,    /* "X9.57 CM ?" */
+     478,    /* "aRecord" */
+     289,    /* "aaControls" */
+     287,    /* "ac-auditEntity" */
+     397,    /* "ac-proxying" */
+     288,    /* "ac-targeting" */
+     446,    /* "account" */
+     364,    /* "ad dvcs" */
+     606,    /* "additional verification" */
+     419,    /* "aes-128-cbc" */
+     916,    /* "aes-128-cbc-hmac-sha1" */
+     948,    /* "aes-128-cbc-hmac-sha256" */
+     896,    /* "aes-128-ccm" */
+     421,    /* "aes-128-cfb" */
+     650,    /* "aes-128-cfb1" */
+     653,    /* "aes-128-cfb8" */
+     904,    /* "aes-128-ctr" */
+     418,    /* "aes-128-ecb" */
+     895,    /* "aes-128-gcm" */
+     958,    /* "aes-128-ocb" */
+     420,    /* "aes-128-ofb" */
+     913,    /* "aes-128-xts" */
+     423,    /* "aes-192-cbc" */
+     917,    /* "aes-192-cbc-hmac-sha1" */
+     949,    /* "aes-192-cbc-hmac-sha256" */
+     899,    /* "aes-192-ccm" */
+     425,    /* "aes-192-cfb" */
+     651,    /* "aes-192-cfb1" */
+     654,    /* "aes-192-cfb8" */
+     905,    /* "aes-192-ctr" */
+     422,    /* "aes-192-ecb" */
+     898,    /* "aes-192-gcm" */
+     959,    /* "aes-192-ocb" */
+     424,    /* "aes-192-ofb" */
+     427,    /* "aes-256-cbc" */
+     918,    /* "aes-256-cbc-hmac-sha1" */
+     950,    /* "aes-256-cbc-hmac-sha256" */
+     902,    /* "aes-256-ccm" */
+     429,    /* "aes-256-cfb" */
+     652,    /* "aes-256-cfb1" */
+     655,    /* "aes-256-cfb8" */
+     906,    /* "aes-256-ctr" */
+     426,    /* "aes-256-ecb" */
+     901,    /* "aes-256-gcm" */
+     960,    /* "aes-256-ocb" */
+     428,    /* "aes-256-ofb" */
+     914,    /* "aes-256-xts" */
+     376,    /* "algorithm" */
+    1066,    /* "aria-128-cbc" */
+    1120,    /* "aria-128-ccm" */
+    1067,    /* "aria-128-cfb" */
+    1080,    /* "aria-128-cfb1" */
+    1083,    /* "aria-128-cfb8" */
+    1069,    /* "aria-128-ctr" */
+    1065,    /* "aria-128-ecb" */
+    1123,    /* "aria-128-gcm" */
+    1068,    /* "aria-128-ofb" */
+    1071,    /* "aria-192-cbc" */
+    1121,    /* "aria-192-ccm" */
+    1072,    /* "aria-192-cfb" */
+    1081,    /* "aria-192-cfb1" */
+    1084,    /* "aria-192-cfb8" */
+    1074,    /* "aria-192-ctr" */
+    1070,    /* "aria-192-ecb" */
+    1124,    /* "aria-192-gcm" */
+    1073,    /* "aria-192-ofb" */
+    1076,    /* "aria-256-cbc" */
+    1122,    /* "aria-256-ccm" */
+    1077,    /* "aria-256-cfb" */
+    1082,    /* "aria-256-cfb1" */
+    1085,    /* "aria-256-cfb8" */
+    1079,    /* "aria-256-ctr" */
+    1075,    /* "aria-256-ecb" */
+    1125,    /* "aria-256-gcm" */
+    1078,    /* "aria-256-ofb" */
+     484,    /* "associatedDomain" */
+     485,    /* "associatedName" */
+     501,    /* "audio" */
+    1064,    /* "auth-any" */
+    1049,    /* "auth-dss" */
+    1047,    /* "auth-ecdsa" */
+    1050,    /* "auth-gost01" */
+    1051,    /* "auth-gost12" */
+    1053,    /* "auth-null" */
+    1048,    /* "auth-psk" */
+    1046,    /* "auth-rsa" */
+    1052,    /* "auth-srp" */
+     882,    /* "authorityRevocationList" */
+      91,    /* "bf-cbc" */
+      93,    /* "bf-cfb" */
+      92,    /* "bf-ecb" */
+      94,    /* "bf-ofb" */
+    1056,    /* "blake2b512" */
+    1057,    /* "blake2s256" */
+     921,    /* "brainpoolP160r1" */
+     922,    /* "brainpoolP160t1" */
+     923,    /* "brainpoolP192r1" */
+     924,    /* "brainpoolP192t1" */
+     925,    /* "brainpoolP224r1" */
+     926,    /* "brainpoolP224t1" */
+     927,    /* "brainpoolP256r1" */
+     928,    /* "brainpoolP256t1" */
+     929,    /* "brainpoolP320r1" */
+     930,    /* "brainpoolP320t1" */
+     931,    /* "brainpoolP384r1" */
+     932,    /* "brainpoolP384t1" */
+     933,    /* "brainpoolP512r1" */
+     934,    /* "brainpoolP512t1" */
+     494,    /* "buildingName" */
+     860,    /* "businessCategory" */
+     691,    /* "c2onb191v4" */
+     692,    /* "c2onb191v5" */
+     697,    /* "c2onb239v4" */
+     698,    /* "c2onb239v5" */
+     684,    /* "c2pnb163v1" */
+     685,    /* "c2pnb163v2" */
+     686,    /* "c2pnb163v3" */
+     687,    /* "c2pnb176v1" */
+     693,    /* "c2pnb208w1" */
+     699,    /* "c2pnb272w1" */
+     700,    /* "c2pnb304w1" */
+     702,    /* "c2pnb368w1" */
+     688,    /* "c2tnb191v1" */
+     689,    /* "c2tnb191v2" */
+     690,    /* "c2tnb191v3" */
+     694,    /* "c2tnb239v1" */
+     695,    /* "c2tnb239v2" */
+     696,    /* "c2tnb239v3" */
+     701,    /* "c2tnb359v1" */
+     703,    /* "c2tnb431r1" */
+     881,    /* "cACertificate" */
+     483,    /* "cNAMERecord" */
+     751,    /* "camellia-128-cbc" */
+     962,    /* "camellia-128-ccm" */
+     757,    /* "camellia-128-cfb" */
+     760,    /* "camellia-128-cfb1" */
+     763,    /* "camellia-128-cfb8" */
+     964,    /* "camellia-128-cmac" */
+     963,    /* "camellia-128-ctr" */
+     754,    /* "camellia-128-ecb" */
+     961,    /* "camellia-128-gcm" */
+     766,    /* "camellia-128-ofb" */
+     752,    /* "camellia-192-cbc" */
+     966,    /* "camellia-192-ccm" */
+     758,    /* "camellia-192-cfb" */
+     761,    /* "camellia-192-cfb1" */
+     764,    /* "camellia-192-cfb8" */
+     968,    /* "camellia-192-cmac" */
+     967,    /* "camellia-192-ctr" */
+     755,    /* "camellia-192-ecb" */
+     965,    /* "camellia-192-gcm" */
+     767,    /* "camellia-192-ofb" */
+     753,    /* "camellia-256-cbc" */
+     970,    /* "camellia-256-ccm" */
+     759,    /* "camellia-256-cfb" */
+     762,    /* "camellia-256-cfb1" */
+     765,    /* "camellia-256-cfb8" */
+     972,    /* "camellia-256-cmac" */
+     971,    /* "camellia-256-ctr" */
+     756,    /* "camellia-256-ecb" */
+     969,    /* "camellia-256-gcm" */
+     768,    /* "camellia-256-ofb" */
+     443,    /* "caseIgnoreIA5StringSyntax" */
+     108,    /* "cast5-cbc" */
+     110,    /* "cast5-cfb" */
+     109,    /* "cast5-ecb" */
+     111,    /* "cast5-ofb" */
+     152,    /* "certBag" */
+     677,    /* "certicom-arc" */
+     517,    /* "certificate extensions" */
+     883,    /* "certificateRevocationList" */
+    1019,    /* "chacha20" */
+    1018,    /* "chacha20-poly1305" */
+      54,    /* "challengePassword" */
+     407,    /* "characteristic-two-field" */
+     395,    /* "clearance" */
+     633,    /* "cleartext track 2" */
+     894,    /* "cmac" */
+      13,    /* "commonName" */
+     513,    /* "content types" */
+      50,    /* "contentType" */
+      53,    /* "countersignature" */
+    1090,    /* "countryCode3c" */
+    1091,    /* "countryCode3n" */
+      14,    /* "countryName" */
+     153,    /* "crlBag" */
+     884,    /* "crossCertificatePair" */
+     806,    /* "cryptocom" */
+     805,    /* "cryptopro" */
+     500,    /* "dITRedirect" */
+     451,    /* "dNSDomain" */
+     495,    /* "dSAQuality" */
+     434,    /* "data" */
+     390,    /* "dcObject" */
+     891,    /* "deltaRevocationList" */
+      31,    /* "des-cbc" */
+     643,    /* "des-cdmf" */
+      30,    /* "des-cfb" */
+     656,    /* "des-cfb1" */
+     657,    /* "des-cfb8" */
+      29,    /* "des-ecb" */
+      32,    /* "des-ede" */
+      43,    /* "des-ede-cbc" */
+      60,    /* "des-ede-cfb" */
+      62,    /* "des-ede-ofb" */
+      33,    /* "des-ede3" */
+      44,    /* "des-ede3-cbc" */
+      61,    /* "des-ede3-cfb" */
+     658,    /* "des-ede3-cfb1" */
+     659,    /* "des-ede3-cfb8" */
+      63,    /* "des-ede3-ofb" */
+      45,    /* "des-ofb" */
+     107,    /* "description" */
+     871,    /* "destinationIndicator" */
+      80,    /* "desx-cbc" */
+     947,    /* "dh-cofactor-kdf" */
+     946,    /* "dh-std-kdf" */
+      28,    /* "dhKeyAgreement" */
+     941,    /* "dhSinglePass-cofactorDH-sha1kdf-scheme" */
+     942,    /* "dhSinglePass-cofactorDH-sha224kdf-scheme" */
+     943,    /* "dhSinglePass-cofactorDH-sha256kdf-scheme" */
+     944,    /* "dhSinglePass-cofactorDH-sha384kdf-scheme" */
+     945,    /* "dhSinglePass-cofactorDH-sha512kdf-scheme" */
+     936,    /* "dhSinglePass-stdDH-sha1kdf-scheme" */
+     937,    /* "dhSinglePass-stdDH-sha224kdf-scheme" */
+     938,    /* "dhSinglePass-stdDH-sha256kdf-scheme" */
+     939,    /* "dhSinglePass-stdDH-sha384kdf-scheme" */
+     940,    /* "dhSinglePass-stdDH-sha512kdf-scheme" */
+      11,    /* "directory services (X.500)" */
+     378,    /* "directory services - algorithms" */
+     887,    /* "distinguishedName" */
+     892,    /* "dmdName" */
+     174,    /* "dnQualifier" */
+    1092,    /* "dnsName" */
+     447,    /* "document" */
+     471,    /* "documentAuthor" */
+     468,    /* "documentIdentifier" */
+     472,    /* "documentLocation" */
+     502,    /* "documentPublisher" */
+     449,    /* "documentSeries" */
+     469,    /* "documentTitle" */
+     470,    /* "documentVersion" */
+     380,    /* "dod" */
+     391,    /* "domainComponent" */
+     452,    /* "domainRelatedObject" */
+     116,    /* "dsaEncryption" */
+      67,    /* "dsaEncryption-old" */
+      66,    /* "dsaWithSHA" */
+     113,    /* "dsaWithSHA1" */
+      70,    /* "dsaWithSHA1-old" */
+     802,    /* "dsa_with_SHA224" */
+     803,    /* "dsa_with_SHA256" */
+    1108,    /* "dsa_with_SHA3-224" */
+    1109,    /* "dsa_with_SHA3-256" */
+    1110,    /* "dsa_with_SHA3-384" */
+    1111,    /* "dsa_with_SHA3-512" */
+    1106,    /* "dsa_with_SHA384" */
+    1107,    /* "dsa_with_SHA512" */
+     297,    /* "dvcs" */
+     791,    /* "ecdsa-with-Recommended" */
+     416,    /* "ecdsa-with-SHA1" */
+     793,    /* "ecdsa-with-SHA224" */
+     794,    /* "ecdsa-with-SHA256" */
+     795,    /* "ecdsa-with-SHA384" */
+     796,    /* "ecdsa-with-SHA512" */
+     792,    /* "ecdsa-with-Specified" */
+    1112,    /* "ecdsa_with_SHA3-224" */
+    1113,    /* "ecdsa_with_SHA3-256" */
+    1114,    /* "ecdsa_with_SHA3-384" */
+    1115,    /* "ecdsa_with_SHA3-512" */
+      48,    /* "emailAddress" */
+     632,    /* "encrypted track 2" */
+     885,    /* "enhancedSearchGuide" */
+      56,    /* "extendedCertificateAttributes" */
+     867,    /* "facsimileTelephoneNumber" */
+     462,    /* "favouriteDrink" */
+    1126,    /* "ffdhe2048" */
+    1127,    /* "ffdhe3072" */
+    1128,    /* "ffdhe4096" */
+    1129,    /* "ffdhe6144" */
+    1130,    /* "ffdhe8192" */
+     453,    /* "friendlyCountry" */
+     490,    /* "friendlyCountryName" */
+     156,    /* "friendlyName" */
+     631,    /* "generate cryptogram" */
+     509,    /* "generationQualifier" */
+     601,    /* "generic cryptogram" */
+      99,    /* "givenName" */
+     976,    /* "gost-mac-12" */
+    1009,    /* "gost89-cbc" */
+     814,    /* "gost89-cnt" */
+     975,    /* "gost89-cnt-12" */
+    1011,    /* "gost89-ctr" */
+    1010,    /* "gost89-ecb" */
+    1015,    /* "grasshopper-cbc" */
+    1016,    /* "grasshopper-cfb" */
+    1013,    /* "grasshopper-ctr" */
+    1012,    /* "grasshopper-ecb" */
+    1017,    /* "grasshopper-mac" */
+    1014,    /* "grasshopper-ofb" */
+    1036,    /* "hkdf" */
+     855,    /* "hmac" */
+     780,    /* "hmac-md5" */
+     781,    /* "hmac-sha1" */
+    1102,    /* "hmac-sha3-224" */
+    1103,    /* "hmac-sha3-256" */
+    1104,    /* "hmac-sha3-384" */
+    1105,    /* "hmac-sha3-512" */
+     797,    /* "hmacWithMD5" */
+     163,    /* "hmacWithSHA1" */
+     798,    /* "hmacWithSHA224" */
+     799,    /* "hmacWithSHA256" */
+     800,    /* "hmacWithSHA384" */
+     801,    /* "hmacWithSHA512" */
+    1193,    /* "hmacWithSHA512-224" */
+    1194,    /* "hmacWithSHA512-256" */
+     486,    /* "homePostalAddress" */
+     473,    /* "homeTelephoneNumber" */
+     466,    /* "host" */
+     889,    /* "houseIdentifier" */
+     442,    /* "iA5StringSyntax" */
+     381,    /* "iana" */
+     824,    /* "id-Gost28147-89-CryptoPro-A-ParamSet" */
+     825,    /* "id-Gost28147-89-CryptoPro-B-ParamSet" */
+     826,    /* "id-Gost28147-89-CryptoPro-C-ParamSet" */
+     827,    /* "id-Gost28147-89-CryptoPro-D-ParamSet" */
+     819,    /* "id-Gost28147-89-CryptoPro-KeyMeshing" */
+     829,    /* "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" */
+     828,    /* "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" */
+     830,    /* "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" */
+     820,    /* "id-Gost28147-89-None-KeyMeshing" */
+     823,    /* "id-Gost28147-89-TestParamSet" */
+     840,    /* "id-GostR3410-2001-CryptoPro-A-ParamSet" */
+     841,    /* "id-GostR3410-2001-CryptoPro-B-ParamSet" */
+     842,    /* "id-GostR3410-2001-CryptoPro-C-ParamSet" */
+     843,    /* "id-GostR3410-2001-CryptoPro-XchA-ParamSet" */
+     844,    /* "id-GostR3410-2001-CryptoPro-XchB-ParamSet" */
+     839,    /* "id-GostR3410-2001-TestParamSet" */
+     832,    /* "id-GostR3410-94-CryptoPro-A-ParamSet" */
+     833,    /* "id-GostR3410-94-CryptoPro-B-ParamSet" */
+     834,    /* "id-GostR3410-94-CryptoPro-C-ParamSet" */
+     835,    /* "id-GostR3410-94-CryptoPro-D-ParamSet" */
+     836,    /* "id-GostR3410-94-CryptoPro-XchA-ParamSet" */
+     837,    /* "id-GostR3410-94-CryptoPro-XchB-ParamSet" */
+     838,    /* "id-GostR3410-94-CryptoPro-XchC-ParamSet" */
+     831,    /* "id-GostR3410-94-TestParamSet" */
+     845,    /* "id-GostR3410-94-a" */
+     846,    /* "id-GostR3410-94-aBis" */
+     847,    /* "id-GostR3410-94-b" */
+     848,    /* "id-GostR3410-94-bBis" */
+     822,    /* "id-GostR3411-94-CryptoProParamSet" */
+     821,    /* "id-GostR3411-94-TestParamSet" */
+     266,    /* "id-aca" */
+     355,    /* "id-aca-accessIdentity" */
+     354,    /* "id-aca-authenticationInfo" */
+     356,    /* "id-aca-chargingIdentity" */
+     399,    /* "id-aca-encAttrs" */
+     357,    /* "id-aca-group" */
+     358,    /* "id-aca-role" */
+     176,    /* "id-ad" */
+     788,    /* "id-aes128-wrap" */
+     897,    /* "id-aes128-wrap-pad" */
+     789,    /* "id-aes192-wrap" */
+     900,    /* "id-aes192-wrap-pad" */
+     790,    /* "id-aes256-wrap" */
+     903,    /* "id-aes256-wrap-pad" */
+     262,    /* "id-alg" */
+     893,    /* "id-alg-PWRI-KEK" */
+     323,    /* "id-alg-des40" */
+     326,    /* "id-alg-dh-pop" */
+     325,    /* "id-alg-dh-sig-hmac-sha1" */
+     324,    /* "id-alg-noSignature" */
+     907,    /* "id-camellia128-wrap" */
+     908,    /* "id-camellia192-wrap" */
+     909,    /* "id-camellia256-wrap" */
+     268,    /* "id-cct" */
+     361,    /* "id-cct-PKIData" */
+     362,    /* "id-cct-PKIResponse" */
+     360,    /* "id-cct-crs" */
+      81,    /* "id-ce" */
+     680,    /* "id-characteristic-two-basis" */
+     263,    /* "id-cmc" */
+     334,    /* "id-cmc-addExtensions" */
+     346,    /* "id-cmc-confirmCertAcceptance" */
+     330,    /* "id-cmc-dataReturn" */
+     336,    /* "id-cmc-decryptedPOP" */
+     335,    /* "id-cmc-encryptedPOP" */
+     339,    /* "id-cmc-getCRL" */
+     338,    /* "id-cmc-getCert" */
+     328,    /* "id-cmc-identification" */
+     329,    /* "id-cmc-identityProof" */
+     337,    /* "id-cmc-lraPOPWitness" */
+     344,    /* "id-cmc-popLinkRandom" */
+     345,    /* "id-cmc-popLinkWitness" */
+     343,    /* "id-cmc-queryPending" */
+     333,    /* "id-cmc-recipientNonce" */
+     341,    /* "id-cmc-regInfo" */
+     342,    /* "id-cmc-responseInfo" */
+     340,    /* "id-cmc-revokeRequest" */
+     332,    /* "id-cmc-senderNonce" */
+     327,    /* "id-cmc-statusInfo" */
+     331,    /* "id-cmc-transactionId" */
+     787,    /* "id-ct-asciiTextWithCRLF" */
+    1060,    /* "id-ct-xml" */
+     408,    /* "id-ecPublicKey" */
+     508,    /* "id-hex-multipart-message" */
+     507,    /* "id-hex-partial-message" */
+     260,    /* "id-it" */
+     302,    /* "id-it-caKeyUpdateInfo" */
+     298,    /* "id-it-caProtEncCert" */
+     311,    /* "id-it-confirmWaitTime" */
+     303,    /* "id-it-currentCRL" */
+     300,    /* "id-it-encKeyPairTypes" */
+     310,    /* "id-it-implicitConfirm" */
+     308,    /* "id-it-keyPairParamRep" */
+     307,    /* "id-it-keyPairParamReq" */
+     312,    /* "id-it-origPKIMessage" */
+     301,    /* "id-it-preferredSymmAlg" */
+     309,    /* "id-it-revPassphrase" */
+     299,    /* "id-it-signKeyPairTypes" */
+     305,    /* "id-it-subscriptionRequest" */
+     306,    /* "id-it-subscriptionResponse" */
+     784,    /* "id-it-suppLangTags" */
+     304,    /* "id-it-unsupportedOIDs" */
+     128,    /* "id-kp" */
+     280,    /* "id-mod-attribute-cert" */
+     274,    /* "id-mod-cmc" */
+     277,    /* "id-mod-cmp" */
+     284,    /* "id-mod-cmp2000" */
+     273,    /* "id-mod-crmf" */
+     283,    /* "id-mod-dvcs" */
+     275,    /* "id-mod-kea-profile-88" */
+     276,    /* "id-mod-kea-profile-93" */
+     282,    /* "id-mod-ocsp" */
+     278,    /* "id-mod-qualified-cert-88" */
+     279,    /* "id-mod-qualified-cert-93" */
+     281,    /* "id-mod-timestamp-protocol" */
+     264,    /* "id-on" */
+     347,    /* "id-on-personalData" */
+     265,    /* "id-pda" */
+     352,    /* "id-pda-countryOfCitizenship" */
+     353,    /* "id-pda-countryOfResidence" */
+     348,    /* "id-pda-dateOfBirth" */
+     351,    /* "id-pda-gender" */
+     349,    /* "id-pda-placeOfBirth" */
+     175,    /* "id-pe" */
+    1031,    /* "id-pkinit" */
+     261,    /* "id-pkip" */
+     258,    /* "id-pkix-mod" */
+     269,    /* "id-pkix1-explicit-88" */
+     271,    /* "id-pkix1-explicit-93" */
+     270,    /* "id-pkix1-implicit-88" */
+     272,    /* "id-pkix1-implicit-93" */
+     662,    /* "id-ppl" */
+     267,    /* "id-qcs" */
+     359,    /* "id-qcs-pkixQCSyntax-v1" */
+     259,    /* "id-qt" */
+     313,    /* "id-regCtrl" */
+     316,    /* "id-regCtrl-authenticator" */
+     319,    /* "id-regCtrl-oldCertID" */
+     318,    /* "id-regCtrl-pkiArchiveOptions" */
+     317,    /* "id-regCtrl-pkiPublicationInfo" */
+     320,    /* "id-regCtrl-protocolEncrKey" */
+     315,    /* "id-regCtrl-regToken" */
+     314,    /* "id-regInfo" */
+     322,    /* "id-regInfo-certReq" */
+     321,    /* "id-regInfo-utf8Pairs" */
+     191,    /* "id-smime-aa" */
+     215,    /* "id-smime-aa-contentHint" */
+     218,    /* "id-smime-aa-contentIdentifier" */
+     221,    /* "id-smime-aa-contentReference" */
+     240,    /* "id-smime-aa-dvcs-dvc" */
+     217,    /* "id-smime-aa-encapContentType" */
+     222,    /* "id-smime-aa-encrypKeyPref" */
+     220,    /* "id-smime-aa-equivalentLabels" */
+     232,    /* "id-smime-aa-ets-CertificateRefs" */
+     233,    /* "id-smime-aa-ets-RevocationRefs" */
+     238,    /* "id-smime-aa-ets-archiveTimeStamp" */
+     237,    /* "id-smime-aa-ets-certCRLTimestamp" */
+     234,    /* "id-smime-aa-ets-certValues" */
+     227,    /* "id-smime-aa-ets-commitmentType" */
+     231,    /* "id-smime-aa-ets-contentTimestamp" */
+     236,    /* "id-smime-aa-ets-escTimeStamp" */
+     230,    /* "id-smime-aa-ets-otherSigCert" */
+     235,    /* "id-smime-aa-ets-revocationValues" */
+     226,    /* "id-smime-aa-ets-sigPolicyId" */
+     229,    /* "id-smime-aa-ets-signerAttr" */
+     228,    /* "id-smime-aa-ets-signerLocation" */
+     219,    /* "id-smime-aa-macValue" */
+     214,    /* "id-smime-aa-mlExpandHistory" */
+     216,    /* "id-smime-aa-msgSigDigest" */
+     212,    /* "id-smime-aa-receiptRequest" */
+     213,    /* "id-smime-aa-securityLabel" */
+     239,    /* "id-smime-aa-signatureType" */
+     223,    /* "id-smime-aa-signingCertificate" */
+    1086,    /* "id-smime-aa-signingCertificateV2" */
+     224,    /* "id-smime-aa-smimeEncryptCerts" */
+     225,    /* "id-smime-aa-timeStampToken" */
+     192,    /* "id-smime-alg" */
+     243,    /* "id-smime-alg-3DESwrap" */
+     246,    /* "id-smime-alg-CMS3DESwrap" */
+     247,    /* "id-smime-alg-CMSRC2wrap" */
+     245,    /* "id-smime-alg-ESDH" */
+     241,    /* "id-smime-alg-ESDHwith3DES" */
+     242,    /* "id-smime-alg-ESDHwithRC2" */
+     244,    /* "id-smime-alg-RC2wrap" */
+     193,    /* "id-smime-cd" */
+     248,    /* "id-smime-cd-ldap" */
+     190,    /* "id-smime-ct" */
+     210,    /* "id-smime-ct-DVCSRequestData" */
+     211,    /* "id-smime-ct-DVCSResponseData" */
+     208,    /* "id-smime-ct-TDTInfo" */
+     207,    /* "id-smime-ct-TSTInfo" */
+     205,    /* "id-smime-ct-authData" */
+    1059,    /* "id-smime-ct-authEnvelopedData" */
+     786,    /* "id-smime-ct-compressedData" */
+    1058,    /* "id-smime-ct-contentCollection" */
+     209,    /* "id-smime-ct-contentInfo" */
+     206,    /* "id-smime-ct-publishCert" */
+     204,    /* "id-smime-ct-receipt" */
+     195,    /* "id-smime-cti" */
+     255,    /* "id-smime-cti-ets-proofOfApproval" */
+     256,    /* "id-smime-cti-ets-proofOfCreation" */
+     253,    /* "id-smime-cti-ets-proofOfDelivery" */
+     251,    /* "id-smime-cti-ets-proofOfOrigin" */
+     252,    /* "id-smime-cti-ets-proofOfReceipt" */
+     254,    /* "id-smime-cti-ets-proofOfSender" */
+     189,    /* "id-smime-mod" */
+     196,    /* "id-smime-mod-cms" */
+     197,    /* "id-smime-mod-ess" */
+     202,    /* "id-smime-mod-ets-eSigPolicy-88" */
+     203,    /* "id-smime-mod-ets-eSigPolicy-97" */
+     200,    /* "id-smime-mod-ets-eSignature-88" */
+     201,    /* "id-smime-mod-ets-eSignature-97" */
+     199,    /* "id-smime-mod-msg-v3" */
+     198,    /* "id-smime-mod-oid" */
+     194,    /* "id-smime-spq" */
+     250,    /* "id-smime-spq-ets-sqt-unotice" */
+     249,    /* "id-smime-spq-ets-sqt-uri" */
+     974,    /* "id-tc26" */
+     991,    /* "id-tc26-agreement" */
+     992,    /* "id-tc26-agreement-gost-3410-2012-256" */
+     993,    /* "id-tc26-agreement-gost-3410-2012-512" */
+     977,    /* "id-tc26-algorithms" */
+     990,    /* "id-tc26-cipher" */
+    1001,    /* "id-tc26-cipher-constants" */
+    1176,    /* "id-tc26-cipher-gostr3412-2015-kuznyechik" */
+    1177,    /* "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm" */
+    1178,    /* "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac" */
+    1173,    /* "id-tc26-cipher-gostr3412-2015-magma" */
+    1174,    /* "id-tc26-cipher-gostr3412-2015-magma-ctracpkm" */
+    1175,    /* "id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac" */
+     994,    /* "id-tc26-constants" */
+     981,    /* "id-tc26-digest" */
+    1000,    /* "id-tc26-digest-constants" */
+    1002,    /* "id-tc26-gost-28147-constants" */
+    1147,    /* "id-tc26-gost-3410-2012-256-constants" */
+     996,    /* "id-tc26-gost-3410-2012-512-constants" */
+     987,    /* "id-tc26-mac" */
+     978,    /* "id-tc26-sign" */
+     995,    /* "id-tc26-sign-constants" */
+     984,    /* "id-tc26-signwithdigest" */
+    1179,    /* "id-tc26-wrap" */
+    1182,    /* "id-tc26-wrap-gostr3412-2015-kuznyechik" */
+    1183,    /* "id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15" */
+    1180,    /* "id-tc26-wrap-gostr3412-2015-magma" */
+    1181,    /* "id-tc26-wrap-gostr3412-2015-magma-kexp15" */
+      34,    /* "idea-cbc" */
+      35,    /* "idea-cfb" */
+      36,    /* "idea-ecb" */
+      46,    /* "idea-ofb" */
+     676,    /* "identified-organization" */
+    1170,    /* "ieee" */
+     461,    /* "info" */
+     101,    /* "initials" */
+     869,    /* "internationaliSDNNumber" */
+    1022,    /* "ipsec Internet Key Exchange" */
+     749,    /* "ipsec3" */
+     750,    /* "ipsec4" */
+     181,    /* "iso" */
+     623,    /* "issuer capabilities" */
+     645,    /* "itu-t" */
+     492,    /* "janetMailbox" */
+     646,    /* "joint-iso-itu-t" */
+     957,    /* "jurisdictionCountryName" */
+     955,    /* "jurisdictionLocalityName" */
+     956,    /* "jurisdictionStateOrProvinceName" */
+     150,    /* "keyBag" */
+     773,    /* "kisa" */
+    1063,    /* "kx-any" */
+    1039,    /* "kx-dhe" */
+    1041,    /* "kx-dhe-psk" */
+    1038,    /* "kx-ecdhe" */
+    1040,    /* "kx-ecdhe-psk" */
+    1045,    /* "kx-gost" */
+    1043,    /* "kx-psk" */
+    1037,    /* "kx-rsa" */
+    1042,    /* "kx-rsa-psk" */
+    1044,    /* "kx-srp" */
+     477,    /* "lastModifiedBy" */
+     476,    /* "lastModifiedTime" */
+     157,    /* "localKeyID" */
+      15,    /* "localityName" */
+     480,    /* "mXRecord" */
+    1190,    /* "magma-cbc" */
+    1191,    /* "magma-cfb" */
+    1188,    /* "magma-ctr" */
+    1187,    /* "magma-ecb" */
+    1192,    /* "magma-mac" */
+    1189,    /* "magma-ofb" */
+     493,    /* "mailPreferenceOption" */
+     467,    /* "manager" */
+       3,    /* "md2" */
+       7,    /* "md2WithRSAEncryption" */
+     257,    /* "md4" */
+     396,    /* "md4WithRSAEncryption" */
+       4,    /* "md5" */
+     114,    /* "md5-sha1" */
+     104,    /* "md5WithRSA" */
+       8,    /* "md5WithRSAEncryption" */
+      95,    /* "mdc2" */
+      96,    /* "mdc2WithRSA" */
+     875,    /* "member" */
+     602,    /* "merchant initiated auth" */
+     514,    /* "message extensions" */
+      51,    /* "messageDigest" */
+     911,    /* "mgf1" */
+     506,    /* "mime-mhs-bodies" */
+     505,    /* "mime-mhs-headings" */
+     488,    /* "mobileTelephoneNumber" */
+     481,    /* "nSRecord" */
+     173,    /* "name" */
+     681,    /* "onBasis" */
+     379,    /* "org" */
+    1089,    /* "organizationIdentifier" */
+      17,    /* "organizationName" */
+     491,    /* "organizationalStatus" */
+      18,    /* "organizationalUnitName" */
+    1141,    /* "oscca" */
+     475,    /* "otherMailbox" */
+     876,    /* "owner" */
+     935,    /* "pSpecified" */
+     489,    /* "pagerTelephoneNumber" */
+     782,    /* "password based MAC" */
+     374,    /* "path" */
+     621,    /* "payment gateway capabilities" */
+       9,    /* "pbeWithMD2AndDES-CBC" */
+     168,    /* "pbeWithMD2AndRC2-CBC" */
+     112,    /* "pbeWithMD5AndCast5CBC" */
+      10,    /* "pbeWithMD5AndDES-CBC" */
+     169,    /* "pbeWithMD5AndRC2-CBC" */
+     148,    /* "pbeWithSHA1And128BitRC2-CBC" */
+     144,    /* "pbeWithSHA1And128BitRC4" */
+     147,    /* "pbeWithSHA1And2-KeyTripleDES-CBC" */
+     146,    /* "pbeWithSHA1And3-KeyTripleDES-CBC" */
+     149,    /* "pbeWithSHA1And40BitRC2-CBC" */
+     145,    /* "pbeWithSHA1And40BitRC4" */
+     170,    /* "pbeWithSHA1AndDES-CBC" */
+      68,    /* "pbeWithSHA1AndRC2-CBC" */
+     499,    /* "personalSignature" */
+     487,    /* "personalTitle" */
+     464,    /* "photo" */
+     863,    /* "physicalDeliveryOfficeName" */
+     437,    /* "pilot" */
+     439,    /* "pilotAttributeSyntax" */
+     438,    /* "pilotAttributeType" */
+     479,    /* "pilotAttributeType27" */
+     456,    /* "pilotDSA" */
+     441,    /* "pilotGroups" */
+     444,    /* "pilotObject" */
+     440,    /* "pilotObjectClass" */
+     455,    /* "pilotOrganization" */
+     445,    /* "pilotPerson" */
+     186,    /* "pkcs1" */
+      27,    /* "pkcs3" */
+     187,    /* "pkcs5" */
+      20,    /* "pkcs7" */
+      21,    /* "pkcs7-data" */
+      25,    /* "pkcs7-digestData" */
+      26,    /* "pkcs7-encryptedData" */
+      23,    /* "pkcs7-envelopedData" */
+      24,    /* "pkcs7-signedAndEnvelopedData" */
+      22,    /* "pkcs7-signedData" */
+     151,    /* "pkcs8ShroudedKeyBag" */
+      47,    /* "pkcs9" */
+    1061,    /* "poly1305" */
+     862,    /* "postOfficeBox" */
+     861,    /* "postalAddress" */
+     661,    /* "postalCode" */
+     683,    /* "ppBasis" */
+     872,    /* "preferredDeliveryMethod" */
+     873,    /* "presentationAddress" */
+     406,    /* "prime-field" */
+     409,    /* "prime192v1" */
+     410,    /* "prime192v2" */
+     411,    /* "prime192v3" */
+     412,    /* "prime239v1" */
+     413,    /* "prime239v2" */
+     414,    /* "prime239v3" */
+     415,    /* "prime256v1" */
+     886,    /* "protocolInformation" */
+     510,    /* "pseudonym" */
+     435,    /* "pss" */
+     286,    /* "qcStatements" */
+     457,    /* "qualityLabelledData" */
+     450,    /* "rFC822localPart" */
+      98,    /* "rc2-40-cbc" */
+     166,    /* "rc2-64-cbc" */
+      37,    /* "rc2-cbc" */
+      39,    /* "rc2-cfb" */
+      38,    /* "rc2-ecb" */
+      40,    /* "rc2-ofb" */
+       5,    /* "rc4" */
+      97,    /* "rc4-40" */
+     915,    /* "rc4-hmac-md5" */
+     120,    /* "rc5-cbc" */
+     122,    /* "rc5-cfb" */
+     121,    /* "rc5-ecb" */
+     123,    /* "rc5-ofb" */
+     870,    /* "registeredAddress" */
+     460,    /* "rfc822Mailbox" */
+     117,    /* "ripemd160" */
+     119,    /* "ripemd160WithRSA" */
+     400,    /* "role" */
+     877,    /* "roleOccupant" */
+     448,    /* "room" */
+     463,    /* "roomNumber" */
+      19,    /* "rsa" */
+       6,    /* "rsaEncryption" */
+     644,    /* "rsaOAEPEncryptionSET" */
+     377,    /* "rsaSignature" */
+     919,    /* "rsaesOaep" */
+     912,    /* "rsassaPss" */
+     482,    /* "sOARecord" */
+     155,    /* "safeContentsBag" */
+     291,    /* "sbgp-autonomousSysNum" */
+     290,    /* "sbgp-ipAddrBlock" */
+     292,    /* "sbgp-routerIdentifier" */
+     973,    /* "scrypt" */
+     159,    /* "sdsiCertificate" */
+     859,    /* "searchGuide" */
+     704,    /* "secp112r1" */
+     705,    /* "secp112r2" */
+     706,    /* "secp128r1" */
+     707,    /* "secp128r2" */
+     708,    /* "secp160k1" */
+     709,    /* "secp160r1" */
+     710,    /* "secp160r2" */
+     711,    /* "secp192k1" */
+     712,    /* "secp224k1" */
+     713,    /* "secp224r1" */
+     714,    /* "secp256k1" */
+     715,    /* "secp384r1" */
+     716,    /* "secp521r1" */
+     154,    /* "secretBag" */
+     474,    /* "secretary" */
+     717,    /* "sect113r1" */
+     718,    /* "sect113r2" */
+     719,    /* "sect131r1" */
+     720,    /* "sect131r2" */
+     721,    /* "sect163k1" */
+     722,    /* "sect163r1" */
+     723,    /* "sect163r2" */
+     724,    /* "sect193r1" */
+     725,    /* "sect193r2" */
+     726,    /* "sect233k1" */
+     727,    /* "sect233r1" */
+     728,    /* "sect239k1" */
+     729,    /* "sect283k1" */
+     730,    /* "sect283r1" */
+     731,    /* "sect409k1" */
+     732,    /* "sect409r1" */
+     733,    /* "sect571k1" */
+     734,    /* "sect571r1" */
+     635,    /* "secure device signature" */
+     878,    /* "seeAlso" */
+     777,    /* "seed-cbc" */
+     779,    /* "seed-cfb" */
+     776,    /* "seed-ecb" */
+     778,    /* "seed-ofb" */
+     105,    /* "serialNumber" */
+     625,    /* "set-addPolicy" */
+     515,    /* "set-attr" */
+     518,    /* "set-brand" */
+     638,    /* "set-brand-AmericanExpress" */
+     637,    /* "set-brand-Diners" */
+     636,    /* "set-brand-IATA-ATA" */
+     639,    /* "set-brand-JCB" */
+     641,    /* "set-brand-MasterCard" */
+     642,    /* "set-brand-Novus" */
+     640,    /* "set-brand-Visa" */
+     516,    /* "set-policy" */
+     607,    /* "set-policy-root" */
+     624,    /* "set-rootKeyThumb" */
+     620,    /* "setAttr-Cert" */
+     628,    /* "setAttr-IssCap-CVM" */
+     630,    /* "setAttr-IssCap-Sig" */
+     629,    /* "setAttr-IssCap-T2" */
+     627,    /* "setAttr-Token-B0Prime" */
+     626,    /* "setAttr-Token-EMV" */
+     622,    /* "setAttr-TokenType" */
+     619,    /* "setCext-IssuerCapabilities" */
+     615,    /* "setCext-PGWYcapabilities" */
+     616,    /* "setCext-TokenIdentifier" */
+     618,    /* "setCext-TokenType" */
+     617,    /* "setCext-Track2Data" */
+     611,    /* "setCext-cCertRequired" */
+     609,    /* "setCext-certType" */
+     608,    /* "setCext-hashedRoot" */
+     610,    /* "setCext-merchData" */
+     613,    /* "setCext-setExt" */
+     614,    /* "setCext-setQualf" */
+     612,    /* "setCext-tunneling" */
+     540,    /* "setct-AcqCardCodeMsg" */
+     576,    /* "setct-AcqCardCodeMsgTBE" */
+     570,    /* "setct-AuthReqTBE" */
+     534,    /* "setct-AuthReqTBS" */
+     527,    /* "setct-AuthResBaggage" */
+     571,    /* "setct-AuthResTBE" */
+     572,    /* "setct-AuthResTBEX" */
+     535,    /* "setct-AuthResTBS" */
+     536,    /* "setct-AuthResTBSX" */
+     528,    /* "setct-AuthRevReqBaggage" */
+     577,    /* "setct-AuthRevReqTBE" */
+     541,    /* "setct-AuthRevReqTBS" */
+     529,    /* "setct-AuthRevResBaggage" */
+     542,    /* "setct-AuthRevResData" */
+     578,    /* "setct-AuthRevResTBE" */
+     579,    /* "setct-AuthRevResTBEB" */
+     543,    /* "setct-AuthRevResTBS" */
+     573,    /* "setct-AuthTokenTBE" */
+     537,    /* "setct-AuthTokenTBS" */
+     600,    /* "setct-BCIDistributionTBS" */
+     558,    /* "setct-BatchAdminReqData" */
+     592,    /* "setct-BatchAdminReqTBE" */
+     559,    /* "setct-BatchAdminResData" */
+     593,    /* "setct-BatchAdminResTBE" */
+     599,    /* "setct-CRLNotificationResTBS" */
+     598,    /* "setct-CRLNotificationTBS" */
+     580,    /* "setct-CapReqTBE" */
+     581,    /* "setct-CapReqTBEX" */
+     544,    /* "setct-CapReqTBS" */
+     545,    /* "setct-CapReqTBSX" */
+     546,    /* "setct-CapResData" */
+     582,    /* "setct-CapResTBE" */
+     583,    /* "setct-CapRevReqTBE" */
+     584,    /* "setct-CapRevReqTBEX" */
+     547,    /* "setct-CapRevReqTBS" */
+     548,    /* "setct-CapRevReqTBSX" */
+     549,    /* "setct-CapRevResData" */
+     585,    /* "setct-CapRevResTBE" */
+     538,    /* "setct-CapTokenData" */
+     530,    /* "setct-CapTokenSeq" */
+     574,    /* "setct-CapTokenTBE" */
+     575,    /* "setct-CapTokenTBEX" */
+     539,    /* "setct-CapTokenTBS" */
+     560,    /* "setct-CardCInitResTBS" */
+     566,    /* "setct-CertInqReqTBS" */
+     563,    /* "setct-CertReqData" */
+     595,    /* "setct-CertReqTBE" */
+     596,    /* "setct-CertReqTBEX" */
+     564,    /* "setct-CertReqTBS" */
+     565,    /* "setct-CertResData" */
+     597,    /* "setct-CertResTBE" */
+     586,    /* "setct-CredReqTBE" */
+     587,    /* "setct-CredReqTBEX" */
+     550,    /* "setct-CredReqTBS" */
+     551,    /* "setct-CredReqTBSX" */
+     552,    /* "setct-CredResData" */
+     588,    /* "setct-CredResTBE" */
+     589,    /* "setct-CredRevReqTBE" */
+     590,    /* "setct-CredRevReqTBEX" */
+     553,    /* "setct-CredRevReqTBS" */
+     554,    /* "setct-CredRevReqTBSX" */
+     555,    /* "setct-CredRevResData" */
+     591,    /* "setct-CredRevResTBE" */
+     567,    /* "setct-ErrorTBS" */
+     526,    /* "setct-HODInput" */
+     561,    /* "setct-MeAqCInitResTBS" */
+     522,    /* "setct-OIData" */
+     519,    /* "setct-PANData" */
+     521,    /* "setct-PANOnly" */
+     520,    /* "setct-PANToken" */
+     556,    /* "setct-PCertReqData" */
+     557,    /* "setct-PCertResTBS" */
+     523,    /* "setct-PI" */
+     532,    /* "setct-PI-TBS" */
+     524,    /* "setct-PIData" */
+     525,    /* "setct-PIDataUnsigned" */
+     568,    /* "setct-PIDualSignedTBE" */
+     569,    /* "setct-PIUnsignedTBE" */
+     531,    /* "setct-PInitResData" */
+     533,    /* "setct-PResData" */
+     594,    /* "setct-RegFormReqTBE" */
+     562,    /* "setct-RegFormResTBS" */
+     604,    /* "setext-pinAny" */
+     603,    /* "setext-pinSecure" */
+     605,    /* "setext-track2" */
+      41,    /* "sha" */
+      64,    /* "sha1" */
+     115,    /* "sha1WithRSA" */
+      65,    /* "sha1WithRSAEncryption" */
+     675,    /* "sha224" */
+     671,    /* "sha224WithRSAEncryption" */
+     672,    /* "sha256" */
+     668,    /* "sha256WithRSAEncryption" */
+    1096,    /* "sha3-224" */
+    1097,    /* "sha3-256" */
+    1098,    /* "sha3-384" */
+    1099,    /* "sha3-512" */
+     673,    /* "sha384" */
+     669,    /* "sha384WithRSAEncryption" */
+     674,    /* "sha512" */
+    1094,    /* "sha512-224" */
+    1145,    /* "sha512-224WithRSAEncryption" */
+    1095,    /* "sha512-256" */
+    1146,    /* "sha512-256WithRSAEncryption" */
+     670,    /* "sha512WithRSAEncryption" */
+      42,    /* "shaWithRSAEncryption" */
+    1100,    /* "shake128" */
+    1101,    /* "shake256" */
+      52,    /* "signingTime" */
+     454,    /* "simpleSecurityObject" */
+     496,    /* "singleLevelQuality" */
+    1062,    /* "siphash" */
+    1142,    /* "sm-scheme" */
+    1172,    /* "sm2" */
+    1143,    /* "sm3" */
+    1144,    /* "sm3WithRSAEncryption" */
+    1134,    /* "sm4-cbc" */
+    1137,    /* "sm4-cfb" */
+    1136,    /* "sm4-cfb1" */
+    1138,    /* "sm4-cfb8" */
+    1139,    /* "sm4-ctr" */
+    1133,    /* "sm4-ecb" */
+    1135,    /* "sm4-ofb" */
+      16,    /* "stateOrProvinceName" */
+     660,    /* "streetAddress" */
+     498,    /* "subtreeMaximumQuality" */
+     497,    /* "subtreeMinimumQuality" */
+     890,    /* "supportedAlgorithms" */
+     874,    /* "supportedApplicationContext" */
+     100,    /* "surname" */
+     864,    /* "telephoneNumber" */
+     866,    /* "teletexTerminalIdentifier" */
+     865,    /* "telexNumber" */
+     459,    /* "textEncodedORAddress" */
+     293,    /* "textNotice" */
+     106,    /* "title" */
+    1021,    /* "tls1-prf" */
+     682,    /* "tpBasis" */
+    1151,    /* "ua-pki" */
+     436,    /* "ucl" */
+       0,    /* "undefined" */
+     102,    /* "uniqueIdentifier" */
+     888,    /* "uniqueMember" */
+      55,    /* "unstructuredAddress" */
+      49,    /* "unstructuredName" */
+     880,    /* "userCertificate" */
+     465,    /* "userClass" */
+     458,    /* "userId" */
+     879,    /* "userPassword" */
+     373,    /* "valid" */
+     678,    /* "wap" */
+     679,    /* "wap-wsg" */
+     735,    /* "wap-wsg-idm-ecid-wtls1" */
+     743,    /* "wap-wsg-idm-ecid-wtls10" */
+     744,    /* "wap-wsg-idm-ecid-wtls11" */
+     745,    /* "wap-wsg-idm-ecid-wtls12" */
+     736,    /* "wap-wsg-idm-ecid-wtls3" */
+     737,    /* "wap-wsg-idm-ecid-wtls4" */
+     738,    /* "wap-wsg-idm-ecid-wtls5" */
+     739,    /* "wap-wsg-idm-ecid-wtls6" */
+     740,    /* "wap-wsg-idm-ecid-wtls7" */
+     741,    /* "wap-wsg-idm-ecid-wtls8" */
+     742,    /* "wap-wsg-idm-ecid-wtls9" */
+     804,    /* "whirlpool" */
+     868,    /* "x121Address" */
+     503,    /* "x500UniqueIdentifier" */
+     158,    /* "x509Certificate" */
+     160,    /* "x509Crl" */
+     125,    /* "zlib compression" */
+};
+
+#define NUM_OBJ 1071
+static const unsigned int obj_objs[NUM_OBJ] = {
+       0,    /* OBJ_undef                        0 */
+     181,    /* OBJ_iso                          1 */
+     393,    /* OBJ_joint_iso_ccitt              OBJ_joint_iso_itu_t */
+     404,    /* OBJ_ccitt                        OBJ_itu_t */
+     645,    /* OBJ_itu_t                        0 */
+     646,    /* OBJ_joint_iso_itu_t              2 */
+     434,    /* OBJ_data                         0 9 */
+     182,    /* OBJ_member_body                  1 2 */
+     379,    /* OBJ_org                          1 3 */
+     676,    /* OBJ_identified_organization      1 3 */
+      11,    /* OBJ_X500                         2 5 */
+     647,    /* OBJ_international_organizations  2 23 */
+     380,    /* OBJ_dod                          1 3 6 */
+    1170,    /* OBJ_ieee                         1 3 111 */
+      12,    /* OBJ_X509                         2 5 4 */
+     378,    /* OBJ_X500algorithms               2 5 8 */
+      81,    /* OBJ_id_ce                        2 5 29 */
+     512,    /* OBJ_id_set                       2 23 42 */
+     678,    /* OBJ_wap                          2 23 43 */
+     435,    /* OBJ_pss                          0 9 2342 */
+    1140,    /* OBJ_ISO_CN                       1 2 156 */
+    1150,    /* OBJ_ISO_UA                       1 2 804 */
+     183,    /* OBJ_ISO_US                       1 2 840 */
+     381,    /* OBJ_iana                         1 3 6 1 */
+    1034,    /* OBJ_X25519                       1 3 101 110 */
+    1035,    /* OBJ_X448                         1 3 101 111 */
+    1087,    /* OBJ_ED25519                      1 3 101 112 */
+    1088,    /* OBJ_ED448                        1 3 101 113 */
+     677,    /* OBJ_certicom_arc                 1 3 132 */
+     394,    /* OBJ_selected_attribute_types     2 5 1 5 */
+      13,    /* OBJ_commonName                   2 5 4 3 */
+     100,    /* OBJ_surname                      2 5 4 4 */
+     105,    /* OBJ_serialNumber                 2 5 4 5 */
+      14,    /* OBJ_countryName                  2 5 4 6 */
+      15,    /* OBJ_localityName                 2 5 4 7 */
+      16,    /* OBJ_stateOrProvinceName          2 5 4 8 */
+     660,    /* OBJ_streetAddress                2 5 4 9 */
+      17,    /* OBJ_organizationName             2 5 4 10 */
+      18,    /* OBJ_organizationalUnitName       2 5 4 11 */
+     106,    /* OBJ_title                        2 5 4 12 */
+     107,    /* OBJ_description                  2 5 4 13 */
+     859,    /* OBJ_searchGuide                  2 5 4 14 */
+     860,    /* OBJ_businessCategory             2 5 4 15 */
+     861,    /* OBJ_postalAddress                2 5 4 16 */
+     661,    /* OBJ_postalCode                   2 5 4 17 */
+     862,    /* OBJ_postOfficeBox                2 5 4 18 */
+     863,    /* OBJ_physicalDeliveryOfficeName   2 5 4 19 */
+     864,    /* OBJ_telephoneNumber              2 5 4 20 */
+     865,    /* OBJ_telexNumber                  2 5 4 21 */
+     866,    /* OBJ_teletexTerminalIdentifier    2 5 4 22 */
+     867,    /* OBJ_facsimileTelephoneNumber     2 5 4 23 */
+     868,    /* OBJ_x121Address                  2 5 4 24 */
+     869,    /* OBJ_internationaliSDNNumber      2 5 4 25 */
+     870,    /* OBJ_registeredAddress            2 5 4 26 */
+     871,    /* OBJ_destinationIndicator         2 5 4 27 */
+     872,    /* OBJ_preferredDeliveryMethod      2 5 4 28 */
+     873,    /* OBJ_presentationAddress          2 5 4 29 */
+     874,    /* OBJ_supportedApplicationContext  2 5 4 30 */
+     875,    /* OBJ_member                       2 5 4 31 */
+     876,    /* OBJ_owner                        2 5 4 32 */
+     877,    /* OBJ_roleOccupant                 2 5 4 33 */
+     878,    /* OBJ_seeAlso                      2 5 4 34 */
+     879,    /* OBJ_userPassword                 2 5 4 35 */
+     880,    /* OBJ_userCertificate              2 5 4 36 */
+     881,    /* OBJ_cACertificate                2 5 4 37 */
+     882,    /* OBJ_authorityRevocationList      2 5 4 38 */
+     883,    /* OBJ_certificateRevocationList    2 5 4 39 */
+     884,    /* OBJ_crossCertificatePair         2 5 4 40 */
+     173,    /* OBJ_name                         2 5 4 41 */
+      99,    /* OBJ_givenName                    2 5 4 42 */
+     101,    /* OBJ_initials                     2 5 4 43 */
+     509,    /* OBJ_generationQualifier          2 5 4 44 */
+     503,    /* OBJ_x500UniqueIdentifier         2 5 4 45 */
+     174,    /* OBJ_dnQualifier                  2 5 4 46 */
+     885,    /* OBJ_enhancedSearchGuide          2 5 4 47 */
+     886,    /* OBJ_protocolInformation          2 5 4 48 */
+     887,    /* OBJ_distinguishedName            2 5 4 49 */
+     888,    /* OBJ_uniqueMember                 2 5 4 50 */
+     889,    /* OBJ_houseIdentifier              2 5 4 51 */
+     890,    /* OBJ_supportedAlgorithms          2 5 4 52 */
+     891,    /* OBJ_deltaRevocationList          2 5 4 53 */
+     892,    /* OBJ_dmdName                      2 5 4 54 */
+     510,    /* OBJ_pseudonym                    2 5 4 65 */
+     400,    /* OBJ_role                         2 5 4 72 */
+    1089,    /* OBJ_organizationIdentifier       2 5 4 97 */
+    1090,    /* OBJ_countryCode3c                2 5 4 98 */
+    1091,    /* OBJ_countryCode3n                2 5 4 99 */
+    1092,    /* OBJ_dnsName                      2 5 4 100 */
+     769,    /* OBJ_subject_directory_attributes 2 5 29 9 */
+      82,    /* OBJ_subject_key_identifier       2 5 29 14 */
+      83,    /* OBJ_key_usage                    2 5 29 15 */
+      84,    /* OBJ_private_key_usage_period     2 5 29 16 */
+      85,    /* OBJ_subject_alt_name             2 5 29 17 */
+      86,    /* OBJ_issuer_alt_name              2 5 29 18 */
+      87,    /* OBJ_basic_constraints            2 5 29 19 */
+      88,    /* OBJ_crl_number                   2 5 29 20 */
+     141,    /* OBJ_crl_reason                   2 5 29 21 */
+     430,    /* OBJ_hold_instruction_code        2 5 29 23 */
+     142,    /* OBJ_invalidity_date              2 5 29 24 */
+     140,    /* OBJ_delta_crl                    2 5 29 27 */
+     770,    /* OBJ_issuing_distribution_point   2 5 29 28 */
+     771,    /* OBJ_certificate_issuer           2 5 29 29 */
+     666,    /* OBJ_name_constraints             2 5 29 30 */
+     103,    /* OBJ_crl_distribution_points      2 5 29 31 */
+      89,    /* OBJ_certificate_policies         2 5 29 32 */
+     747,    /* OBJ_policy_mappings              2 5 29 33 */
+      90,    /* OBJ_authority_key_identifier     2 5 29 35 */
+     401,    /* OBJ_policy_constraints           2 5 29 36 */
+     126,    /* OBJ_ext_key_usage                2 5 29 37 */
+     857,    /* OBJ_freshest_crl                 2 5 29 46 */
+     748,    /* OBJ_inhibit_any_policy           2 5 29 54 */
+     402,    /* OBJ_target_information           2 5 29 55 */
+     403,    /* OBJ_no_rev_avail                 2 5 29 56 */
+     513,    /* OBJ_set_ctype                    2 23 42 0 */
+     514,    /* OBJ_set_msgExt                   2 23 42 1 */
+     515,    /* OBJ_set_attr                     2 23 42 3 */
+     516,    /* OBJ_set_policy                   2 23 42 5 */
+     517,    /* OBJ_set_certExt                  2 23 42 7 */
+     518,    /* OBJ_set_brand                    2 23 42 8 */
+     679,    /* OBJ_wap_wsg                      2 23 43 1 */
+     382,    /* OBJ_Directory                    1 3 6 1 1 */
+     383,    /* OBJ_Management                   1 3 6 1 2 */
+     384,    /* OBJ_Experimental                 1 3 6 1 3 */
+     385,    /* OBJ_Private                      1 3 6 1 4 */
+     386,    /* OBJ_Security                     1 3 6 1 5 */
+     387,    /* OBJ_SNMPv2                       1 3 6 1 6 */
+     388,    /* OBJ_Mail                         1 3 6 1 7 */
+     376,    /* OBJ_algorithm                    1 3 14 3 2 */
+     395,    /* OBJ_clearance                    2 5 1 5 55 */
+      19,    /* OBJ_rsa                          2 5 8 1 1 */
+      96,    /* OBJ_mdc2WithRSA                  2 5 8 3 100 */
+      95,    /* OBJ_mdc2                         2 5 8 3 101 */
+     746,    /* OBJ_any_policy                   2 5 29 32 0 */
+     910,    /* OBJ_anyExtendedKeyUsage          2 5 29 37 0 */
+     519,    /* OBJ_setct_PANData                2 23 42 0 0 */
+     520,    /* OBJ_setct_PANToken               2 23 42 0 1 */
+     521,    /* OBJ_setct_PANOnly                2 23 42 0 2 */
+     522,    /* OBJ_setct_OIData                 2 23 42 0 3 */
+     523,    /* OBJ_setct_PI                     2 23 42 0 4 */
+     524,    /* OBJ_setct_PIData                 2 23 42 0 5 */
+     525,    /* OBJ_setct_PIDataUnsigned         2 23 42 0 6 */
+     526,    /* OBJ_setct_HODInput               2 23 42 0 7 */
+     527,    /* OBJ_setct_AuthResBaggage         2 23 42 0 8 */
+     528,    /* OBJ_setct_AuthRevReqBaggage      2 23 42 0 9 */
+     529,    /* OBJ_setct_AuthRevResBaggage      2 23 42 0 10 */
+     530,    /* OBJ_setct_CapTokenSeq            2 23 42 0 11 */
+     531,    /* OBJ_setct_PInitResData           2 23 42 0 12 */
+     532,    /* OBJ_setct_PI_TBS                 2 23 42 0 13 */
+     533,    /* OBJ_setct_PResData               2 23 42 0 14 */
+     534,    /* OBJ_setct_AuthReqTBS             2 23 42 0 16 */
+     535,    /* OBJ_setct_AuthResTBS             2 23 42 0 17 */
+     536,    /* OBJ_setct_AuthResTBSX            2 23 42 0 18 */
+     537,    /* OBJ_setct_AuthTokenTBS           2 23 42 0 19 */
+     538,    /* OBJ_setct_CapTokenData           2 23 42 0 20 */
+     539,    /* OBJ_setct_CapTokenTBS            2 23 42 0 21 */
+     540,    /* OBJ_setct_AcqCardCodeMsg         2 23 42 0 22 */
+     541,    /* OBJ_setct_AuthRevReqTBS          2 23 42 0 23 */
+     542,    /* OBJ_setct_AuthRevResData         2 23 42 0 24 */
+     543,    /* OBJ_setct_AuthRevResTBS          2 23 42 0 25 */
+     544,    /* OBJ_setct_CapReqTBS              2 23 42 0 26 */
+     545,    /* OBJ_setct_CapReqTBSX             2 23 42 0 27 */
+     546,    /* OBJ_setct_CapResData             2 23 42 0 28 */
+     547,    /* OBJ_setct_CapRevReqTBS           2 23 42 0 29 */
+     548,    /* OBJ_setct_CapRevReqTBSX          2 23 42 0 30 */
+     549,    /* OBJ_setct_CapRevResData          2 23 42 0 31 */
+     550,    /* OBJ_setct_CredReqTBS             2 23 42 0 32 */
+     551,    /* OBJ_setct_CredReqTBSX            2 23 42 0 33 */
+     552,    /* OBJ_setct_CredResData            2 23 42 0 34 */
+     553,    /* OBJ_setct_CredRevReqTBS          2 23 42 0 35 */
+     554,    /* OBJ_setct_CredRevReqTBSX         2 23 42 0 36 */
+     555,    /* OBJ_setct_CredRevResData         2 23 42 0 37 */
+     556,    /* OBJ_setct_PCertReqData           2 23 42 0 38 */
+     557,    /* OBJ_setct_PCertResTBS            2 23 42 0 39 */
+     558,    /* OBJ_setct_BatchAdminReqData      2 23 42 0 40 */
+     559,    /* OBJ_setct_BatchAdminResData      2 23 42 0 41 */
+     560,    /* OBJ_setct_CardCInitResTBS        2 23 42 0 42 */
+     561,    /* OBJ_setct_MeAqCInitResTBS        2 23 42 0 43 */
+     562,    /* OBJ_setct_RegFormResTBS          2 23 42 0 44 */
+     563,    /* OBJ_setct_CertReqData            2 23 42 0 45 */
+     564,    /* OBJ_setct_CertReqTBS             2 23 42 0 46 */
+     565,    /* OBJ_setct_CertResData            2 23 42 0 47 */
+     566,    /* OBJ_setct_CertInqReqTBS          2 23 42 0 48 */
+     567,    /* OBJ_setct_ErrorTBS               2 23 42 0 49 */
+     568,    /* OBJ_setct_PIDualSignedTBE        2 23 42 0 50 */
+     569,    /* OBJ_setct_PIUnsignedTBE          2 23 42 0 51 */
+     570,    /* OBJ_setct_AuthReqTBE             2 23 42 0 52 */
+     571,    /* OBJ_setct_AuthResTBE             2 23 42 0 53 */
+     572,    /* OBJ_setct_AuthResTBEX            2 23 42 0 54 */
+     573,    /* OBJ_setct_AuthTokenTBE           2 23 42 0 55 */
+     574,    /* OBJ_setct_CapTokenTBE            2 23 42 0 56 */
+     575,    /* OBJ_setct_CapTokenTBEX           2 23 42 0 57 */
+     576,    /* OBJ_setct_AcqCardCodeMsgTBE      2 23 42 0 58 */
+     577,    /* OBJ_setct_AuthRevReqTBE          2 23 42 0 59 */
+     578,    /* OBJ_setct_AuthRevResTBE          2 23 42 0 60 */
+     579,    /* OBJ_setct_AuthRevResTBEB         2 23 42 0 61 */
+     580,    /* OBJ_setct_CapReqTBE              2 23 42 0 62 */
+     581,    /* OBJ_setct_CapReqTBEX             2 23 42 0 63 */
+     582,    /* OBJ_setct_CapResTBE              2 23 42 0 64 */
+     583,    /* OBJ_setct_CapRevReqTBE           2 23 42 0 65 */
+     584,    /* OBJ_setct_CapRevReqTBEX          2 23 42 0 66 */
+     585,    /* OBJ_setct_CapRevResTBE           2 23 42 0 67 */
+     586,    /* OBJ_setct_CredReqTBE             2 23 42 0 68 */
+     587,    /* OBJ_setct_CredReqTBEX            2 23 42 0 69 */
+     588,    /* OBJ_setct_CredResTBE             2 23 42 0 70 */
+     589,    /* OBJ_setct_CredRevReqTBE          2 23 42 0 71 */
+     590,    /* OBJ_setct_CredRevReqTBEX         2 23 42 0 72 */
+     591,    /* OBJ_setct_CredRevResTBE          2 23 42 0 73 */
+     592,    /* OBJ_setct_BatchAdminReqTBE       2 23 42 0 74 */
+     593,    /* OBJ_setct_BatchAdminResTBE       2 23 42 0 75 */
+     594,    /* OBJ_setct_RegFormReqTBE          2 23 42 0 76 */
+     595,    /* OBJ_setct_CertReqTBE             2 23 42 0 77 */
+     596,    /* OBJ_setct_CertReqTBEX            2 23 42 0 78 */
+     597,    /* OBJ_setct_CertResTBE             2 23 42 0 79 */
+     598,    /* OBJ_setct_CRLNotificationTBS     2 23 42 0 80 */
+     599,    /* OBJ_setct_CRLNotificationResTBS  2 23 42 0 81 */
+     600,    /* OBJ_setct_BCIDistributionTBS     2 23 42 0 82 */
+     601,    /* OBJ_setext_genCrypt              2 23 42 1 1 */
+     602,    /* OBJ_setext_miAuth                2 23 42 1 3 */
+     603,    /* OBJ_setext_pinSecure             2 23 42 1 4 */
+     604,    /* OBJ_setext_pinAny                2 23 42 1 5 */
+     605,    /* OBJ_setext_track2                2 23 42 1 7 */
+     606,    /* OBJ_setext_cv                    2 23 42 1 8 */
+     620,    /* OBJ_setAttr_Cert                 2 23 42 3 0 */
+     621,    /* OBJ_setAttr_PGWYcap              2 23 42 3 1 */
+     622,    /* OBJ_setAttr_TokenType            2 23 42 3 2 */
+     623,    /* OBJ_setAttr_IssCap               2 23 42 3 3 */
+     607,    /* OBJ_set_policy_root              2 23 42 5 0 */
+     608,    /* OBJ_setCext_hashedRoot           2 23 42 7 0 */
+     609,    /* OBJ_setCext_certType             2 23 42 7 1 */
+     610,    /* OBJ_setCext_merchData            2 23 42 7 2 */
+     611,    /* OBJ_setCext_cCertRequired        2 23 42 7 3 */
+     612,    /* OBJ_setCext_tunneling            2 23 42 7 4 */
+     613,    /* OBJ_setCext_setExt               2 23 42 7 5 */
+     614,    /* OBJ_setCext_setQualf             2 23 42 7 6 */
+     615,    /* OBJ_setCext_PGWYcapabilities     2 23 42 7 7 */
+     616,    /* OBJ_setCext_TokenIdentifier      2 23 42 7 8 */
+     617,    /* OBJ_setCext_Track2Data           2 23 42 7 9 */
+     618,    /* OBJ_setCext_TokenType            2 23 42 7 10 */
+     619,    /* OBJ_setCext_IssuerCapabilities   2 23 42 7 11 */
+     636,    /* OBJ_set_brand_IATA_ATA           2 23 42 8 1 */
+     640,    /* OBJ_set_brand_Visa               2 23 42 8 4 */
+     641,    /* OBJ_set_brand_MasterCard         2 23 42 8 5 */
+     637,    /* OBJ_set_brand_Diners             2 23 42 8 30 */
+     638,    /* OBJ_set_brand_AmericanExpress    2 23 42 8 34 */
+     639,    /* OBJ_set_brand_JCB                2 23 42 8 35 */
+    1141,    /* OBJ_oscca                        1 2 156 10197 */
+     805,    /* OBJ_cryptopro                    1 2 643 2 2 */
+     806,    /* OBJ_cryptocom                    1 2 643 2 9 */
+     974,    /* OBJ_id_tc26                      1 2 643 7 1 */
+    1005,    /* OBJ_OGRN                         1 2 643 100 1 */
+    1006,    /* OBJ_SNILS                        1 2 643 100 3 */
+    1007,    /* OBJ_subjectSignTool              1 2 643 100 111 */
+    1008,    /* OBJ_issuerSignTool               1 2 643 100 112 */
+     184,    /* OBJ_X9_57                        1 2 840 10040 */
+     405,    /* OBJ_ansi_X9_62                   1 2 840 10045 */
+     389,    /* OBJ_Enterprises                  1 3 6 1 4 1 */
+     504,    /* OBJ_mime_mhs                     1 3 6 1 7 1 */
+     104,    /* OBJ_md5WithRSA                   1 3 14 3 2 3 */
+      29,    /* OBJ_des_ecb                      1 3 14 3 2 6 */
+      31,    /* OBJ_des_cbc                      1 3 14 3 2 7 */
+      45,    /* OBJ_des_ofb64                    1 3 14 3 2 8 */
+      30,    /* OBJ_des_cfb64                    1 3 14 3 2 9 */
+     377,    /* OBJ_rsaSignature                 1 3 14 3 2 11 */
+      67,    /* OBJ_dsa_2                        1 3 14 3 2 12 */
+      66,    /* OBJ_dsaWithSHA                   1 3 14 3 2 13 */
+      42,    /* OBJ_shaWithRSAEncryption         1 3 14 3 2 15 */
+      32,    /* OBJ_des_ede_ecb                  1 3 14 3 2 17 */
+      41,    /* OBJ_sha                          1 3 14 3 2 18 */
+      64,    /* OBJ_sha1                         1 3 14 3 2 26 */
+      70,    /* OBJ_dsaWithSHA1_2                1 3 14 3 2 27 */
+     115,    /* OBJ_sha1WithRSA                  1 3 14 3 2 29 */
+     117,    /* OBJ_ripemd160                    1 3 36 3 2 1 */
+    1093,    /* OBJ_x509ExtAdmission             1 3 36 8 3 3 */
+     143,    /* OBJ_sxnet                        1 3 101 1 4 1 */
+    1171,    /* OBJ_ieee_siswg                   1 3 111 2 1619 */
+     721,    /* OBJ_sect163k1                    1 3 132 0 1 */
+     722,    /* OBJ_sect163r1                    1 3 132 0 2 */
+     728,    /* OBJ_sect239k1                    1 3 132 0 3 */
+     717,    /* OBJ_sect113r1                    1 3 132 0 4 */
+     718,    /* OBJ_sect113r2                    1 3 132 0 5 */
+     704,    /* OBJ_secp112r1                    1 3 132 0 6 */
+     705,    /* OBJ_secp112r2                    1 3 132 0 7 */
+     709,    /* OBJ_secp160r1                    1 3 132 0 8 */
+     708,    /* OBJ_secp160k1                    1 3 132 0 9 */
+     714,    /* OBJ_secp256k1                    1 3 132 0 10 */
+     723,    /* OBJ_sect163r2                    1 3 132 0 15 */
+     729,    /* OBJ_sect283k1                    1 3 132 0 16 */
+     730,    /* OBJ_sect283r1                    1 3 132 0 17 */
+     719,    /* OBJ_sect131r1                    1 3 132 0 22 */
+     720,    /* OBJ_sect131r2                    1 3 132 0 23 */
+     724,    /* OBJ_sect193r1                    1 3 132 0 24 */
+     725,    /* OBJ_sect193r2                    1 3 132 0 25 */
+     726,    /* OBJ_sect233k1                    1 3 132 0 26 */
+     727,    /* OBJ_sect233r1                    1 3 132 0 27 */
+     706,    /* OBJ_secp128r1                    1 3 132 0 28 */
+     707,    /* OBJ_secp128r2                    1 3 132 0 29 */
+     710,    /* OBJ_secp160r2                    1 3 132 0 30 */
+     711,    /* OBJ_secp192k1                    1 3 132 0 31 */
+     712,    /* OBJ_secp224k1                    1 3 132 0 32 */
+     713,    /* OBJ_secp224r1                    1 3 132 0 33 */
+     715,    /* OBJ_secp384r1                    1 3 132 0 34 */
+     716,    /* OBJ_secp521r1                    1 3 132 0 35 */
+     731,    /* OBJ_sect409k1                    1 3 132 0 36 */
+     732,    /* OBJ_sect409r1                    1 3 132 0 37 */
+     733,    /* OBJ_sect571k1                    1 3 132 0 38 */
+     734,    /* OBJ_sect571r1                    1 3 132 0 39 */
+     624,    /* OBJ_set_rootKeyThumb             2 23 42 3 0 0 */
+     625,    /* OBJ_set_addPolicy                2 23 42 3 0 1 */
+     626,    /* OBJ_setAttr_Token_EMV            2 23 42 3 2 1 */
+     627,    /* OBJ_setAttr_Token_B0Prime        2 23 42 3 2 2 */
+     628,    /* OBJ_setAttr_IssCap_CVM           2 23 42 3 3 3 */
+     629,    /* OBJ_setAttr_IssCap_T2            2 23 42 3 3 4 */
+     630,    /* OBJ_setAttr_IssCap_Sig           2 23 42 3 3 5 */
+     642,    /* OBJ_set_brand_Novus              2 23 42 8 6011 */
+     735,    /* OBJ_wap_wsg_idm_ecid_wtls1       2 23 43 1 4 1 */
+     736,    /* OBJ_wap_wsg_idm_ecid_wtls3       2 23 43 1 4 3 */
+     737,    /* OBJ_wap_wsg_idm_ecid_wtls4       2 23 43 1 4 4 */
+     738,    /* OBJ_wap_wsg_idm_ecid_wtls5       2 23 43 1 4 5 */
+     739,    /* OBJ_wap_wsg_idm_ecid_wtls6       2 23 43 1 4 6 */
+     740,    /* OBJ_wap_wsg_idm_ecid_wtls7       2 23 43 1 4 7 */
+     741,    /* OBJ_wap_wsg_idm_ecid_wtls8       2 23 43 1 4 8 */
+     742,    /* OBJ_wap_wsg_idm_ecid_wtls9       2 23 43 1 4 9 */
+     743,    /* OBJ_wap_wsg_idm_ecid_wtls10      2 23 43 1 4 10 */
+     744,    /* OBJ_wap_wsg_idm_ecid_wtls11      2 23 43 1 4 11 */
+     745,    /* OBJ_wap_wsg_idm_ecid_wtls12      2 23 43 1 4 12 */
+     804,    /* OBJ_whirlpool                    1 0 10118 3 0 55 */
+    1142,    /* OBJ_sm_scheme                    1 2 156 10197 1 */
+     773,    /* OBJ_kisa                         1 2 410 200004 */
+     807,    /* OBJ_id_GostR3411_94_with_GostR3410_2001 1 2 643 2 2 3 */
+     808,    /* OBJ_id_GostR3411_94_with_GostR3410_94 1 2 643 2 2 4 */
+     809,    /* OBJ_id_GostR3411_94              1 2 643 2 2 9 */
+     810,    /* OBJ_id_HMACGostR3411_94          1 2 643 2 2 10 */
+     811,    /* OBJ_id_GostR3410_2001            1 2 643 2 2 19 */
+     812,    /* OBJ_id_GostR3410_94              1 2 643 2 2 20 */
+     813,    /* OBJ_id_Gost28147_89              1 2 643 2 2 21 */
+     815,    /* OBJ_id_Gost28147_89_MAC          1 2 643 2 2 22 */
+     816,    /* OBJ_id_GostR3411_94_prf          1 2 643 2 2 23 */
+     817,    /* OBJ_id_GostR3410_2001DH          1 2 643 2 2 98 */
+     818,    /* OBJ_id_GostR3410_94DH            1 2 643 2 2 99 */
+     977,    /* OBJ_id_tc26_algorithms           1 2 643 7 1 1 */
+     994,    /* OBJ_id_tc26_constants            1 2 643 7 1 2 */
+       1,    /* OBJ_rsadsi                       1 2 840 113549 */
+     185,    /* OBJ_X9cm                         1 2 840 10040 4 */
+    1031,    /* OBJ_id_pkinit                    1 3 6 1 5 2 3 */
+     127,    /* OBJ_id_pkix                      1 3 6 1 5 5 7 */
+     505,    /* OBJ_mime_mhs_headings            1 3 6 1 7 1 1 */
+     506,    /* OBJ_mime_mhs_bodies              1 3 6 1 7 1 2 */
+     119,    /* OBJ_ripemd160WithRSA             1 3 36 3 3 1 2 */
+     937,    /* OBJ_dhSinglePass_stdDH_sha224kdf_scheme 1 3 132 1 11 0 */
+     938,    /* OBJ_dhSinglePass_stdDH_sha256kdf_scheme 1 3 132 1 11 1 */
+     939,    /* OBJ_dhSinglePass_stdDH_sha384kdf_scheme 1 3 132 1 11 2 */
+     940,    /* OBJ_dhSinglePass_stdDH_sha512kdf_scheme 1 3 132 1 11 3 */
+     942,    /* OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme 1 3 132 1 14 0 */
+     943,    /* OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme 1 3 132 1 14 1 */
+     944,    /* OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme 1 3 132 1 14 2 */
+     945,    /* OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme 1 3 132 1 14 3 */
+     631,    /* OBJ_setAttr_GenCryptgrm          2 23 42 3 3 3 1 */
+     632,    /* OBJ_setAttr_T2Enc                2 23 42 3 3 4 1 */
+     633,    /* OBJ_setAttr_T2cleartxt           2 23 42 3 3 4 2 */
+     634,    /* OBJ_setAttr_TokICCsig            2 23 42 3 3 5 1 */
+     635,    /* OBJ_setAttr_SecDevSig            2 23 42 3 3 5 2 */
+     436,    /* OBJ_ucl                          0 9 2342 19200300 */
+     820,    /* OBJ_id_Gost28147_89_None_KeyMeshing 1 2 643 2 2 14 0 */
+     819,    /* OBJ_id_Gost28147_89_CryptoPro_KeyMeshing 1 2 643 2 2 14 1 */
+     845,    /* OBJ_id_GostR3410_94_a            1 2 643 2 2 20 1 */
+     846,    /* OBJ_id_GostR3410_94_aBis         1 2 643 2 2 20 2 */
+     847,    /* OBJ_id_GostR3410_94_b            1 2 643 2 2 20 3 */
+     848,    /* OBJ_id_GostR3410_94_bBis         1 2 643 2 2 20 4 */
+     821,    /* OBJ_id_GostR3411_94_TestParamSet 1 2 643 2 2 30 0 */
+     822,    /* OBJ_id_GostR3411_94_CryptoProParamSet 1 2 643 2 2 30 1 */
+     823,    /* OBJ_id_Gost28147_89_TestParamSet 1 2 643 2 2 31 0 */
+     824,    /* OBJ_id_Gost28147_89_CryptoPro_A_ParamSet 1 2 643 2 2 31 1 */
+     825,    /* OBJ_id_Gost28147_89_CryptoPro_B_ParamSet 1 2 643 2 2 31 2 */
+     826,    /* OBJ_id_Gost28147_89_CryptoPro_C_ParamSet 1 2 643 2 2 31 3 */
+     827,    /* OBJ_id_Gost28147_89_CryptoPro_D_ParamSet 1 2 643 2 2 31 4 */
+     828,    /* OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet 1 2 643 2 2 31 5 */
+     829,    /* OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet 1 2 643 2 2 31 6 */
+     830,    /* OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet 1 2 643 2 2 31 7 */
+     831,    /* OBJ_id_GostR3410_94_TestParamSet 1 2 643 2 2 32 0 */
+     832,    /* OBJ_id_GostR3410_94_CryptoPro_A_ParamSet 1 2 643 2 2 32 2 */
+     833,    /* OBJ_id_GostR3410_94_CryptoPro_B_ParamSet 1 2 643 2 2 32 3 */
+     834,    /* OBJ_id_GostR3410_94_CryptoPro_C_ParamSet 1 2 643 2 2 32 4 */
+     835,    /* OBJ_id_GostR3410_94_CryptoPro_D_ParamSet 1 2 643 2 2 32 5 */
+     836,    /* OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet 1 2 643 2 2 33 1 */
+     837,    /* OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet 1 2 643 2 2 33 2 */
+     838,    /* OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet 1 2 643 2 2 33 3 */
+     839,    /* OBJ_id_GostR3410_2001_TestParamSet 1 2 643 2 2 35 0 */
+     840,    /* OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet 1 2 643 2 2 35 1 */
+     841,    /* OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet 1 2 643 2 2 35 2 */
+     842,    /* OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet 1 2 643 2 2 35 3 */
+     843,    /* OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet 1 2 643 2 2 36 0 */
+     844,    /* OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet 1 2 643 2 2 36 1 */
+     978,    /* OBJ_id_tc26_sign                 1 2 643 7 1 1 1 */
+     981,    /* OBJ_id_tc26_digest               1 2 643 7 1 1 2 */
+     984,    /* OBJ_id_tc26_signwithdigest       1 2 643 7 1 1 3 */
+     987,    /* OBJ_id_tc26_mac                  1 2 643 7 1 1 4 */
+     990,    /* OBJ_id_tc26_cipher               1 2 643 7 1 1 5 */
+     991,    /* OBJ_id_tc26_agreement            1 2 643 7 1 1 6 */
+    1179,    /* OBJ_id_tc26_wrap                 1 2 643 7 1 1 7 */
+     995,    /* OBJ_id_tc26_sign_constants       1 2 643 7 1 2 1 */
+    1000,    /* OBJ_id_tc26_digest_constants     1 2 643 7 1 2 2 */
+    1001,    /* OBJ_id_tc26_cipher_constants     1 2 643 7 1 2 5 */
+    1151,    /* OBJ_ua_pki                       1 2 804 2 1 1 1 */
+       2,    /* OBJ_pkcs                         1 2 840 113549 1 */
+     431,    /* OBJ_hold_instruction_none        1 2 840 10040 2 1 */
+     432,    /* OBJ_hold_instruction_call_issuer 1 2 840 10040 2 2 */
+     433,    /* OBJ_hold_instruction_reject      1 2 840 10040 2 3 */
+     116,    /* OBJ_dsa                          1 2 840 10040 4 1 */
+     113,    /* OBJ_dsaWithSHA1                  1 2 840 10040 4 3 */
+     406,    /* OBJ_X9_62_prime_field            1 2 840 10045 1 1 */
+     407,    /* OBJ_X9_62_characteristic_two_field 1 2 840 10045 1 2 */
+     408,    /* OBJ_X9_62_id_ecPublicKey         1 2 840 10045 2 1 */
+     416,    /* OBJ_ecdsa_with_SHA1              1 2 840 10045 4 1 */
+     791,    /* OBJ_ecdsa_with_Recommended       1 2 840 10045 4 2 */
+     792,    /* OBJ_ecdsa_with_Specified         1 2 840 10045 4 3 */
+     920,    /* OBJ_dhpublicnumber               1 2 840 10046 2 1 */
+    1032,    /* OBJ_pkInitClientAuth             1 3 6 1 5 2 3 4 */
+    1033,    /* OBJ_pkInitKDC                    1 3 6 1 5 2 3 5 */
+     258,    /* OBJ_id_pkix_mod                  1 3 6 1 5 5 7 0 */
+     175,    /* OBJ_id_pe                        1 3 6 1 5 5 7 1 */
+     259,    /* OBJ_id_qt                        1 3 6 1 5 5 7 2 */
+     128,    /* OBJ_id_kp                        1 3 6 1 5 5 7 3 */
+     260,    /* OBJ_id_it                        1 3 6 1 5 5 7 4 */
+     261,    /* OBJ_id_pkip                      1 3 6 1 5 5 7 5 */
+     262,    /* OBJ_id_alg                       1 3 6 1 5 5 7 6 */
+     263,    /* OBJ_id_cmc                       1 3 6 1 5 5 7 7 */
+     264,    /* OBJ_id_on                        1 3 6 1 5 5 7 8 */
+     265,    /* OBJ_id_pda                       1 3 6 1 5 5 7 9 */
+     266,    /* OBJ_id_aca                       1 3 6 1 5 5 7 10 */
+     267,    /* OBJ_id_qcs                       1 3 6 1 5 5 7 11 */
+     268,    /* OBJ_id_cct                       1 3 6 1 5 5 7 12 */
+     662,    /* OBJ_id_ppl                       1 3 6 1 5 5 7 21 */
+     176,    /* OBJ_id_ad                        1 3 6 1 5 5 7 48 */
+     507,    /* OBJ_id_hex_partial_message       1 3 6 1 7 1 1 1 */
+     508,    /* OBJ_id_hex_multipart_message     1 3 6 1 7 1 1 2 */
+      57,    /* OBJ_netscape                     2 16 840 1 113730 */
+     754,    /* OBJ_camellia_128_ecb             0 3 4401 5 3 1 9 1 */
+     766,    /* OBJ_camellia_128_ofb128          0 3 4401 5 3 1 9 3 */
+     757,    /* OBJ_camellia_128_cfb128          0 3 4401 5 3 1 9 4 */
+     961,    /* OBJ_camellia_128_gcm             0 3 4401 5 3 1 9 6 */
+     962,    /* OBJ_camellia_128_ccm             0 3 4401 5 3 1 9 7 */
+     963,    /* OBJ_camellia_128_ctr             0 3 4401 5 3 1 9 9 */
+     964,    /* OBJ_camellia_128_cmac            0 3 4401 5 3 1 9 10 */
+     755,    /* OBJ_camellia_192_ecb             0 3 4401 5 3 1 9 21 */
+     767,    /* OBJ_camellia_192_ofb128          0 3 4401 5 3 1 9 23 */
+     758,    /* OBJ_camellia_192_cfb128          0 3 4401 5 3 1 9 24 */
+     965,    /* OBJ_camellia_192_gcm             0 3 4401 5 3 1 9 26 */
+     966,    /* OBJ_camellia_192_ccm             0 3 4401 5 3 1 9 27 */
+     967,    /* OBJ_camellia_192_ctr             0 3 4401 5 3 1 9 29 */
+     968,    /* OBJ_camellia_192_cmac            0 3 4401 5 3 1 9 30 */
+     756,    /* OBJ_camellia_256_ecb             0 3 4401 5 3 1 9 41 */
+     768,    /* OBJ_camellia_256_ofb128          0 3 4401 5 3 1 9 43 */
+     759,    /* OBJ_camellia_256_cfb128          0 3 4401 5 3 1 9 44 */
+     969,    /* OBJ_camellia_256_gcm             0 3 4401 5 3 1 9 46 */
+     970,    /* OBJ_camellia_256_ccm             0 3 4401 5 3 1 9 47 */
+     971,    /* OBJ_camellia_256_ctr             0 3 4401 5 3 1 9 49 */
+     972,    /* OBJ_camellia_256_cmac            0 3 4401 5 3 1 9 50 */
+     437,    /* OBJ_pilot                        0 9 2342 19200300 100 */
+    1133,    /* OBJ_sm4_ecb                      1 2 156 10197 1 104 1 */
+    1134,    /* OBJ_sm4_cbc                      1 2 156 10197 1 104 2 */
+    1135,    /* OBJ_sm4_ofb128                   1 2 156 10197 1 104 3 */
+    1137,    /* OBJ_sm4_cfb128                   1 2 156 10197 1 104 4 */
+    1136,    /* OBJ_sm4_cfb1                     1 2 156 10197 1 104 5 */
+    1138,    /* OBJ_sm4_cfb8                     1 2 156 10197 1 104 6 */
+    1139,    /* OBJ_sm4_ctr                      1 2 156 10197 1 104 7 */
+    1172,    /* OBJ_sm2                          1 2 156 10197 1 301 */
+    1143,    /* OBJ_sm3                          1 2 156 10197 1 401 */
+    1144,    /* OBJ_sm3WithRSAEncryption         1 2 156 10197 1 504 */
+     776,    /* OBJ_seed_ecb                     1 2 410 200004 1 3 */
+     777,    /* OBJ_seed_cbc                     1 2 410 200004 1 4 */
+     779,    /* OBJ_seed_cfb128                  1 2 410 200004 1 5 */
+     778,    /* OBJ_seed_ofb128                  1 2 410 200004 1 6 */
+     852,    /* OBJ_id_GostR3411_94_with_GostR3410_94_cc 1 2 643 2 9 1 3 3 */
+     853,    /* OBJ_id_GostR3411_94_with_GostR3410_2001_cc 1 2 643 2 9 1 3 4 */
+     850,    /* OBJ_id_GostR3410_94_cc           1 2 643 2 9 1 5 3 */
+     851,    /* OBJ_id_GostR3410_2001_cc         1 2 643 2 9 1 5 4 */
+     849,    /* OBJ_id_Gost28147_89_cc           1 2 643 2 9 1 6 1 */
+     854,    /* OBJ_id_GostR3410_2001_ParamSet_cc 1 2 643 2 9 1 8 1 */
+    1004,    /* OBJ_INN                          1 2 643 3 131 1 1 */
+     979,    /* OBJ_id_GostR3410_2012_256        1 2 643 7 1 1 1 1 */
+     980,    /* OBJ_id_GostR3410_2012_512        1 2 643 7 1 1 1 2 */
+     982,    /* OBJ_id_GostR3411_2012_256        1 2 643 7 1 1 2 2 */
+     983,    /* OBJ_id_GostR3411_2012_512        1 2 643 7 1 1 2 3 */
+     985,    /* OBJ_id_tc26_signwithdigest_gost3410_2012_256 1 2 643 7 1 1 3 2 */
+     986,    /* OBJ_id_tc26_signwithdigest_gost3410_2012_512 1 2 643 7 1 1 3 3 */
+     988,    /* OBJ_id_tc26_hmac_gost_3411_2012_256 1 2 643 7 1 1 4 1 */
+     989,    /* OBJ_id_tc26_hmac_gost_3411_2012_512 1 2 643 7 1 1 4 2 */
+    1173,    /* OBJ_id_tc26_cipher_gostr3412_2015_magma 1 2 643 7 1 1 5 1 */
+    1176,    /* OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik 1 2 643 7 1 1 5 2 */
+     992,    /* OBJ_id_tc26_agreement_gost_3410_2012_256 1 2 643 7 1 1 6 1 */
+     993,    /* OBJ_id_tc26_agreement_gost_3410_2012_512 1 2 643 7 1 1 6 2 */
+    1180,    /* OBJ_id_tc26_wrap_gostr3412_2015_magma 1 2 643 7 1 1 7 1 */
+    1182,    /* OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik 1 2 643 7 1 1 7 2 */
+    1147,    /* OBJ_id_tc26_gost_3410_2012_256_constants 1 2 643 7 1 2 1 1 */
+     996,    /* OBJ_id_tc26_gost_3410_2012_512_constants 1 2 643 7 1 2 1 2 */
+    1002,    /* OBJ_id_tc26_gost_28147_constants 1 2 643 7 1 2 5 1 */
+     186,    /* OBJ_pkcs1                        1 2 840 113549 1 1 */
+      27,    /* OBJ_pkcs3                        1 2 840 113549 1 3 */
+     187,    /* OBJ_pkcs5                        1 2 840 113549 1 5 */
+      20,    /* OBJ_pkcs7                        1 2 840 113549 1 7 */
+      47,    /* OBJ_pkcs9                        1 2 840 113549 1 9 */
+       3,    /* OBJ_md2                          1 2 840 113549 2 2 */
+     257,    /* OBJ_md4                          1 2 840 113549 2 4 */
+       4,    /* OBJ_md5                          1 2 840 113549 2 5 */
+     797,    /* OBJ_hmacWithMD5                  1 2 840 113549 2 6 */
+     163,    /* OBJ_hmacWithSHA1                 1 2 840 113549 2 7 */
+     798,    /* OBJ_hmacWithSHA224               1 2 840 113549 2 8 */
+     799,    /* OBJ_hmacWithSHA256               1 2 840 113549 2 9 */
+     800,    /* OBJ_hmacWithSHA384               1 2 840 113549 2 10 */
+     801,    /* OBJ_hmacWithSHA512               1 2 840 113549 2 11 */
+    1193,    /* OBJ_hmacWithSHA512_224           1 2 840 113549 2 12 */
+    1194,    /* OBJ_hmacWithSHA512_256           1 2 840 113549 2 13 */
+      37,    /* OBJ_rc2_cbc                      1 2 840 113549 3 2 */
+       5,    /* OBJ_rc4                          1 2 840 113549 3 4 */
+      44,    /* OBJ_des_ede3_cbc                 1 2 840 113549 3 7 */
+     120,    /* OBJ_rc5_cbc                      1 2 840 113549 3 8 */
+     643,    /* OBJ_des_cdmf                     1 2 840 113549 3 10 */
+     680,    /* OBJ_X9_62_id_characteristic_two_basis 1 2 840 10045 1 2 3 */
+     684,    /* OBJ_X9_62_c2pnb163v1             1 2 840 10045 3 0 1 */
+     685,    /* OBJ_X9_62_c2pnb163v2             1 2 840 10045 3 0 2 */
+     686,    /* OBJ_X9_62_c2pnb163v3             1 2 840 10045 3 0 3 */
+     687,    /* OBJ_X9_62_c2pnb176v1             1 2 840 10045 3 0 4 */
+     688,    /* OBJ_X9_62_c2tnb191v1             1 2 840 10045 3 0 5 */
+     689,    /* OBJ_X9_62_c2tnb191v2             1 2 840 10045 3 0 6 */
+     690,    /* OBJ_X9_62_c2tnb191v3             1 2 840 10045 3 0 7 */
+     691,    /* OBJ_X9_62_c2onb191v4             1 2 840 10045 3 0 8 */
+     692,    /* OBJ_X9_62_c2onb191v5             1 2 840 10045 3 0 9 */
+     693,    /* OBJ_X9_62_c2pnb208w1             1 2 840 10045 3 0 10 */
+     694,    /* OBJ_X9_62_c2tnb239v1             1 2 840 10045 3 0 11 */
+     695,    /* OBJ_X9_62_c2tnb239v2             1 2 840 10045 3 0 12 */
+     696,    /* OBJ_X9_62_c2tnb239v3             1 2 840 10045 3 0 13 */
+     697,    /* OBJ_X9_62_c2onb239v4             1 2 840 10045 3 0 14 */
+     698,    /* OBJ_X9_62_c2onb239v5             1 2 840 10045 3 0 15 */
+     699,    /* OBJ_X9_62_c2pnb272w1             1 2 840 10045 3 0 16 */
+     700,    /* OBJ_X9_62_c2pnb304w1             1 2 840 10045 3 0 17 */
+     701,    /* OBJ_X9_62_c2tnb359v1             1 2 840 10045 3 0 18 */
+     702,    /* OBJ_X9_62_c2pnb368w1             1 2 840 10045 3 0 19 */
+     703,    /* OBJ_X9_62_c2tnb431r1             1 2 840 10045 3 0 20 */
+     409,    /* OBJ_X9_62_prime192v1             1 2 840 10045 3 1 1 */
+     410,    /* OBJ_X9_62_prime192v2             1 2 840 10045 3 1 2 */
+     411,    /* OBJ_X9_62_prime192v3             1 2 840 10045 3 1 3 */
+     412,    /* OBJ_X9_62_prime239v1             1 2 840 10045 3 1 4 */
+     413,    /* OBJ_X9_62_prime239v2             1 2 840 10045 3 1 5 */
+     414,    /* OBJ_X9_62_prime239v3             1 2 840 10045 3 1 6 */
+     415,    /* OBJ_X9_62_prime256v1             1 2 840 10045 3 1 7 */
+     793,    /* OBJ_ecdsa_with_SHA224            1 2 840 10045 4 3 1 */
+     794,    /* OBJ_ecdsa_with_SHA256            1 2 840 10045 4 3 2 */
+     795,    /* OBJ_ecdsa_with_SHA384            1 2 840 10045 4 3 3 */
+     796,    /* OBJ_ecdsa_with_SHA512            1 2 840 10045 4 3 4 */
+     269,    /* OBJ_id_pkix1_explicit_88         1 3 6 1 5 5 7 0 1 */
+     270,    /* OBJ_id_pkix1_implicit_88         1 3 6 1 5 5 7 0 2 */
+     271,    /* OBJ_id_pkix1_explicit_93         1 3 6 1 5 5 7 0 3 */
+     272,    /* OBJ_id_pkix1_implicit_93         1 3 6 1 5 5 7 0 4 */
+     273,    /* OBJ_id_mod_crmf                  1 3 6 1 5 5 7 0 5 */
+     274,    /* OBJ_id_mod_cmc                   1 3 6 1 5 5 7 0 6 */
+     275,    /* OBJ_id_mod_kea_profile_88        1 3 6 1 5 5 7 0 7 */
+     276,    /* OBJ_id_mod_kea_profile_93        1 3 6 1 5 5 7 0 8 */
+     277,    /* OBJ_id_mod_cmp                   1 3 6 1 5 5 7 0 9 */
+     278,    /* OBJ_id_mod_qualified_cert_88     1 3 6 1 5 5 7 0 10 */
+     279,    /* OBJ_id_mod_qualified_cert_93     1 3 6 1 5 5 7 0 11 */
+     280,    /* OBJ_id_mod_attribute_cert        1 3 6 1 5 5 7 0 12 */
+     281,    /* OBJ_id_mod_timestamp_protocol    1 3 6 1 5 5 7 0 13 */
+     282,    /* OBJ_id_mod_ocsp                  1 3 6 1 5 5 7 0 14 */
+     283,    /* OBJ_id_mod_dvcs                  1 3 6 1 5 5 7 0 15 */
+     284,    /* OBJ_id_mod_cmp2000               1 3 6 1 5 5 7 0 16 */
+     177,    /* OBJ_info_access                  1 3 6 1 5 5 7 1 1 */
+     285,    /* OBJ_biometricInfo                1 3 6 1 5 5 7 1 2 */
+     286,    /* OBJ_qcStatements                 1 3 6 1 5 5 7 1 3 */
+     287,    /* OBJ_ac_auditEntity               1 3 6 1 5 5 7 1 4 */
+     288,    /* OBJ_ac_targeting                 1 3 6 1 5 5 7 1 5 */
+     289,    /* OBJ_aaControls                   1 3 6 1 5 5 7 1 6 */
+     290,    /* OBJ_sbgp_ipAddrBlock             1 3 6 1 5 5 7 1 7 */
+     291,    /* OBJ_sbgp_autonomousSysNum        1 3 6 1 5 5 7 1 8 */
+     292,    /* OBJ_sbgp_routerIdentifier        1 3 6 1 5 5 7 1 9 */
+     397,    /* OBJ_ac_proxying                  1 3 6 1 5 5 7 1 10 */
+     398,    /* OBJ_sinfo_access                 1 3 6 1 5 5 7 1 11 */
+     663,    /* OBJ_proxyCertInfo                1 3 6 1 5 5 7 1 14 */
+    1020,    /* OBJ_tlsfeature                   1 3 6 1 5 5 7 1 24 */
+     164,    /* OBJ_id_qt_cps                    1 3 6 1 5 5 7 2 1 */
+     165,    /* OBJ_id_qt_unotice                1 3 6 1 5 5 7 2 2 */
+     293,    /* OBJ_textNotice                   1 3 6 1 5 5 7 2 3 */
+     129,    /* OBJ_server_auth                  1 3 6 1 5 5 7 3 1 */
+     130,    /* OBJ_client_auth                  1 3 6 1 5 5 7 3 2 */
+     131,    /* OBJ_code_sign                    1 3 6 1 5 5 7 3 3 */
+     132,    /* OBJ_email_protect                1 3 6 1 5 5 7 3 4 */
+     294,    /* OBJ_ipsecEndSystem               1 3 6 1 5 5 7 3 5 */
+     295,    /* OBJ_ipsecTunnel                  1 3 6 1 5 5 7 3 6 */
+     296,    /* OBJ_ipsecUser                    1 3 6 1 5 5 7 3 7 */
+     133,    /* OBJ_time_stamp                   1 3 6 1 5 5 7 3 8 */
+     180,    /* OBJ_OCSP_sign                    1 3 6 1 5 5 7 3 9 */
+     297,    /* OBJ_dvcs                         1 3 6 1 5 5 7 3 10 */
+    1022,    /* OBJ_ipsec_IKE                    1 3 6 1 5 5 7 3 17 */
+    1023,    /* OBJ_capwapAC                     1 3 6 1 5 5 7 3 18 */
+    1024,    /* OBJ_capwapWTP                    1 3 6 1 5 5 7 3 19 */
+    1025,    /* OBJ_sshClient                    1 3 6 1 5 5 7 3 21 */
+    1026,    /* OBJ_sshServer                    1 3 6 1 5 5 7 3 22 */
+    1027,    /* OBJ_sendRouter                   1 3 6 1 5 5 7 3 23 */
+    1028,    /* OBJ_sendProxiedRouter            1 3 6 1 5 5 7 3 24 */
+    1029,    /* OBJ_sendOwner                    1 3 6 1 5 5 7 3 25 */
+    1030,    /* OBJ_sendProxiedOwner             1 3 6 1 5 5 7 3 26 */
+    1131,    /* OBJ_cmcCA                        1 3 6 1 5 5 7 3 27 */
+    1132,    /* OBJ_cmcRA                        1 3 6 1 5 5 7 3 28 */
+     298,    /* OBJ_id_it_caProtEncCert          1 3 6 1 5 5 7 4 1 */
+     299,    /* OBJ_id_it_signKeyPairTypes       1 3 6 1 5 5 7 4 2 */
+     300,    /* OBJ_id_it_encKeyPairTypes        1 3 6 1 5 5 7 4 3 */
+     301,    /* OBJ_id_it_preferredSymmAlg       1 3 6 1 5 5 7 4 4 */
+     302,    /* OBJ_id_it_caKeyUpdateInfo        1 3 6 1 5 5 7 4 5 */
+     303,    /* OBJ_id_it_currentCRL             1 3 6 1 5 5 7 4 6 */
+     304,    /* OBJ_id_it_unsupportedOIDs        1 3 6 1 5 5 7 4 7 */
+     305,    /* OBJ_id_it_subscriptionRequest    1 3 6 1 5 5 7 4 8 */
+     306,    /* OBJ_id_it_subscriptionResponse   1 3 6 1 5 5 7 4 9 */
+     307,    /* OBJ_id_it_keyPairParamReq        1 3 6 1 5 5 7 4 10 */
+     308,    /* OBJ_id_it_keyPairParamRep        1 3 6 1 5 5 7 4 11 */
+     309,    /* OBJ_id_it_revPassphrase          1 3 6 1 5 5 7 4 12 */
+     310,    /* OBJ_id_it_implicitConfirm        1 3 6 1 5 5 7 4 13 */
+     311,    /* OBJ_id_it_confirmWaitTime        1 3 6 1 5 5 7 4 14 */
+     312,    /* OBJ_id_it_origPKIMessage         1 3 6 1 5 5 7 4 15 */
+     784,    /* OBJ_id_it_suppLangTags           1 3 6 1 5 5 7 4 16 */
+     313,    /* OBJ_id_regCtrl                   1 3 6 1 5 5 7 5 1 */
+     314,    /* OBJ_id_regInfo                   1 3 6 1 5 5 7 5 2 */
+     323,    /* OBJ_id_alg_des40                 1 3 6 1 5 5 7 6 1 */
+     324,    /* OBJ_id_alg_noSignature           1 3 6 1 5 5 7 6 2 */
+     325,    /* OBJ_id_alg_dh_sig_hmac_sha1      1 3 6 1 5 5 7 6 3 */
+     326,    /* OBJ_id_alg_dh_pop                1 3 6 1 5 5 7 6 4 */
+     327,    /* OBJ_id_cmc_statusInfo            1 3 6 1 5 5 7 7 1 */
+     328,    /* OBJ_id_cmc_identification        1 3 6 1 5 5 7 7 2 */
+     329,    /* OBJ_id_cmc_identityProof         1 3 6 1 5 5 7 7 3 */
+     330,    /* OBJ_id_cmc_dataReturn            1 3 6 1 5 5 7 7 4 */
+     331,    /* OBJ_id_cmc_transactionId         1 3 6 1 5 5 7 7 5 */
+     332,    /* OBJ_id_cmc_senderNonce           1 3 6 1 5 5 7 7 6 */
+     333,    /* OBJ_id_cmc_recipientNonce        1 3 6 1 5 5 7 7 7 */
+     334,    /* OBJ_id_cmc_addExtensions         1 3 6 1 5 5 7 7 8 */
+     335,    /* OBJ_id_cmc_encryptedPOP          1 3 6 1 5 5 7 7 9 */
+     336,    /* OBJ_id_cmc_decryptedPOP          1 3 6 1 5 5 7 7 10 */
+     337,    /* OBJ_id_cmc_lraPOPWitness         1 3 6 1 5 5 7 7 11 */
+     338,    /* OBJ_id_cmc_getCert               1 3 6 1 5 5 7 7 15 */
+     339,    /* OBJ_id_cmc_getCRL                1 3 6 1 5 5 7 7 16 */
+     340,    /* OBJ_id_cmc_revokeRequest         1 3 6 1 5 5 7 7 17 */
+     341,    /* OBJ_id_cmc_regInfo               1 3 6 1 5 5 7 7 18 */
+     342,    /* OBJ_id_cmc_responseInfo          1 3 6 1 5 5 7 7 19 */
+     343,    /* OBJ_id_cmc_queryPending          1 3 6 1 5 5 7 7 21 */
+     344,    /* OBJ_id_cmc_popLinkRandom         1 3 6 1 5 5 7 7 22 */
+     345,    /* OBJ_id_cmc_popLinkWitness        1 3 6 1 5 5 7 7 23 */
+     346,    /* OBJ_id_cmc_confirmCertAcceptance 1 3 6 1 5 5 7 7 24 */
+     347,    /* OBJ_id_on_personalData           1 3 6 1 5 5 7 8 1 */
+     858,    /* OBJ_id_on_permanentIdentifier    1 3 6 1 5 5 7 8 3 */
+     348,    /* OBJ_id_pda_dateOfBirth           1 3 6 1 5 5 7 9 1 */
+     349,    /* OBJ_id_pda_placeOfBirth          1 3 6 1 5 5 7 9 2 */
+     351,    /* OBJ_id_pda_gender                1 3 6 1 5 5 7 9 3 */
+     352,    /* OBJ_id_pda_countryOfCitizenship  1 3 6 1 5 5 7 9 4 */
+     353,    /* OBJ_id_pda_countryOfResidence    1 3 6 1 5 5 7 9 5 */
+     354,    /* OBJ_id_aca_authenticationInfo    1 3 6 1 5 5 7 10 1 */
+     355,    /* OBJ_id_aca_accessIdentity        1 3 6 1 5 5 7 10 2 */
+     356,    /* OBJ_id_aca_chargingIdentity      1 3 6 1 5 5 7 10 3 */
+     357,    /* OBJ_id_aca_group                 1 3 6 1 5 5 7 10 4 */
+     358,    /* OBJ_id_aca_role                  1 3 6 1 5 5 7 10 5 */
+     399,    /* OBJ_id_aca_encAttrs              1 3 6 1 5 5 7 10 6 */
+     359,    /* OBJ_id_qcs_pkixQCSyntax_v1       1 3 6 1 5 5 7 11 1 */
+     360,    /* OBJ_id_cct_crs                   1 3 6 1 5 5 7 12 1 */
+     361,    /* OBJ_id_cct_PKIData               1 3 6 1 5 5 7 12 2 */
+     362,    /* OBJ_id_cct_PKIResponse           1 3 6 1 5 5 7 12 3 */
+     664,    /* OBJ_id_ppl_anyLanguage           1 3 6 1 5 5 7 21 0 */
+     665,    /* OBJ_id_ppl_inheritAll            1 3 6 1 5 5 7 21 1 */
+     667,    /* OBJ_Independent                  1 3 6 1 5 5 7 21 2 */
+     178,    /* OBJ_ad_OCSP                      1 3 6 1 5 5 7 48 1 */
+     179,    /* OBJ_ad_ca_issuers                1 3 6 1 5 5 7 48 2 */
+     363,    /* OBJ_ad_timeStamping              1 3 6 1 5 5 7 48 3 */
+     364,    /* OBJ_ad_dvcs                      1 3 6 1 5 5 7 48 4 */
+     785,    /* OBJ_caRepository                 1 3 6 1 5 5 7 48 5 */
+     780,    /* OBJ_hmac_md5                     1 3 6 1 5 5 8 1 1 */
+     781,    /* OBJ_hmac_sha1                    1 3 6 1 5 5 8 1 2 */
+     913,    /* OBJ_aes_128_xts                  1 3 111 2 1619 0 1 1 */
+     914,    /* OBJ_aes_256_xts                  1 3 111 2 1619 0 1 2 */
+      58,    /* OBJ_netscape_cert_extension      2 16 840 1 113730 1 */
+      59,    /* OBJ_netscape_data_type           2 16 840 1 113730 2 */
+     438,    /* OBJ_pilotAttributeType           0 9 2342 19200300 100 1 */
+     439,    /* OBJ_pilotAttributeSyntax         0 9 2342 19200300 100 3 */
+     440,    /* OBJ_pilotObjectClass             0 9 2342 19200300 100 4 */
+     441,    /* OBJ_pilotGroups                  0 9 2342 19200300 100 10 */
+    1065,    /* OBJ_aria_128_ecb                 1 2 410 200046 1 1 1 */
+    1066,    /* OBJ_aria_128_cbc                 1 2 410 200046 1 1 2 */
+    1067,    /* OBJ_aria_128_cfb128              1 2 410 200046 1 1 3 */
+    1068,    /* OBJ_aria_128_ofb128              1 2 410 200046 1 1 4 */
+    1069,    /* OBJ_aria_128_ctr                 1 2 410 200046 1 1 5 */
+    1070,    /* OBJ_aria_192_ecb                 1 2 410 200046 1 1 6 */
+    1071,    /* OBJ_aria_192_cbc                 1 2 410 200046 1 1 7 */
+    1072,    /* OBJ_aria_192_cfb128              1 2 410 200046 1 1 8 */
+    1073,    /* OBJ_aria_192_ofb128              1 2 410 200046 1 1 9 */
+    1074,    /* OBJ_aria_192_ctr                 1 2 410 200046 1 1 10 */
+    1075,    /* OBJ_aria_256_ecb                 1 2 410 200046 1 1 11 */
+    1076,    /* OBJ_aria_256_cbc                 1 2 410 200046 1 1 12 */
+    1077,    /* OBJ_aria_256_cfb128              1 2 410 200046 1 1 13 */
+    1078,    /* OBJ_aria_256_ofb128              1 2 410 200046 1 1 14 */
+    1079,    /* OBJ_aria_256_ctr                 1 2 410 200046 1 1 15 */
+    1123,    /* OBJ_aria_128_gcm                 1 2 410 200046 1 1 34 */
+    1124,    /* OBJ_aria_192_gcm                 1 2 410 200046 1 1 35 */
+    1125,    /* OBJ_aria_256_gcm                 1 2 410 200046 1 1 36 */
+    1120,    /* OBJ_aria_128_ccm                 1 2 410 200046 1 1 37 */
+    1121,    /* OBJ_aria_192_ccm                 1 2 410 200046 1 1 38 */
+    1122,    /* OBJ_aria_256_ccm                 1 2 410 200046 1 1 39 */
+    1174,    /* OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm 1 2 643 7 1 1 5 1 1 */
+    1175,    /* OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac 1 2 643 7 1 1 5 1 2 */
+    1177,    /* OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm 1 2 643 7 1 1 5 2 1 */
+    1178,    /* OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac 1 2 643 7 1 1 5 2 2 */
+    1181,    /* OBJ_id_tc26_wrap_gostr3412_2015_magma_kexp15 1 2 643 7 1 1 7 1 1 */
+    1183,    /* OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 1 2 643 7 1 1 7 1 1 */
+    1148,    /* OBJ_id_tc26_gost_3410_2012_256_paramSetA 1 2 643 7 1 2 1 1 1 */
+    1184,    /* OBJ_id_tc26_gost_3410_2012_256_paramSetB 1 2 643 7 1 2 1 1 2 */
+    1185,    /* OBJ_id_tc26_gost_3410_2012_256_paramSetC 1 2 643 7 1 2 1 1 3 */
+    1186,    /* OBJ_id_tc26_gost_3410_2012_256_paramSetD 1 2 643 7 1 2 1 1 4 */
+     997,    /* OBJ_id_tc26_gost_3410_2012_512_paramSetTest 1 2 643 7 1 2 1 2 0 */
+     998,    /* OBJ_id_tc26_gost_3410_2012_512_paramSetA 1 2 643 7 1 2 1 2 1 */
+     999,    /* OBJ_id_tc26_gost_3410_2012_512_paramSetB 1 2 643 7 1 2 1 2 2 */
+    1149,    /* OBJ_id_tc26_gost_3410_2012_512_paramSetC 1 2 643 7 1 2 1 2 3 */
+    1003,    /* OBJ_id_tc26_gost_28147_param_Z   1 2 643 7 1 2 5 1 1 */
+     108,    /* OBJ_cast5_cbc                    1 2 840 113533 7 66 10 */
+     112,    /* OBJ_pbeWithMD5AndCast5_CBC       1 2 840 113533 7 66 12 */
+     782,    /* OBJ_id_PasswordBasedMAC          1 2 840 113533 7 66 13 */
+     783,    /* OBJ_id_DHBasedMac                1 2 840 113533 7 66 30 */
+       6,    /* OBJ_rsaEncryption                1 2 840 113549 1 1 1 */
+       7,    /* OBJ_md2WithRSAEncryption         1 2 840 113549 1 1 2 */
+     396,    /* OBJ_md4WithRSAEncryption         1 2 840 113549 1 1 3 */
+       8,    /* OBJ_md5WithRSAEncryption         1 2 840 113549 1 1 4 */
+      65,    /* OBJ_sha1WithRSAEncryption        1 2 840 113549 1 1 5 */
+     644,    /* OBJ_rsaOAEPEncryptionSET         1 2 840 113549 1 1 6 */
+     919,    /* OBJ_rsaesOaep                    1 2 840 113549 1 1 7 */
+     911,    /* OBJ_mgf1                         1 2 840 113549 1 1 8 */
+     935,    /* OBJ_pSpecified                   1 2 840 113549 1 1 9 */
+     912,    /* OBJ_rsassaPss                    1 2 840 113549 1 1 10 */
+     668,    /* OBJ_sha256WithRSAEncryption      1 2 840 113549 1 1 11 */
+     669,    /* OBJ_sha384WithRSAEncryption      1 2 840 113549 1 1 12 */
+     670,    /* OBJ_sha512WithRSAEncryption      1 2 840 113549 1 1 13 */
+     671,    /* OBJ_sha224WithRSAEncryption      1 2 840 113549 1 1 14 */
+    1145,    /* OBJ_sha512_224WithRSAEncryption  1 2 840 113549 1 1 15 */
+    1146,    /* OBJ_sha512_256WithRSAEncryption  1 2 840 113549 1 1 16 */
+      28,    /* OBJ_dhKeyAgreement               1 2 840 113549 1 3 1 */
+       9,    /* OBJ_pbeWithMD2AndDES_CBC         1 2 840 113549 1 5 1 */
+      10,    /* OBJ_pbeWithMD5AndDES_CBC         1 2 840 113549 1 5 3 */
+     168,    /* OBJ_pbeWithMD2AndRC2_CBC         1 2 840 113549 1 5 4 */
+     169,    /* OBJ_pbeWithMD5AndRC2_CBC         1 2 840 113549 1 5 6 */
+     170,    /* OBJ_pbeWithSHA1AndDES_CBC        1 2 840 113549 1 5 10 */
+      68,    /* OBJ_pbeWithSHA1AndRC2_CBC        1 2 840 113549 1 5 11 */
+      69,    /* OBJ_id_pbkdf2                    1 2 840 113549 1 5 12 */
+     161,    /* OBJ_pbes2                        1 2 840 113549 1 5 13 */
+     162,    /* OBJ_pbmac1                       1 2 840 113549 1 5 14 */
+      21,    /* OBJ_pkcs7_data                   1 2 840 113549 1 7 1 */
+      22,    /* OBJ_pkcs7_signed                 1 2 840 113549 1 7 2 */
+      23,    /* OBJ_pkcs7_enveloped              1 2 840 113549 1 7 3 */
+      24,    /* OBJ_pkcs7_signedAndEnveloped     1 2 840 113549 1 7 4 */
+      25,    /* OBJ_pkcs7_digest                 1 2 840 113549 1 7 5 */
+      26,    /* OBJ_pkcs7_encrypted              1 2 840 113549 1 7 6 */
+      48,    /* OBJ_pkcs9_emailAddress           1 2 840 113549 1 9 1 */
+      49,    /* OBJ_pkcs9_unstructuredName       1 2 840 113549 1 9 2 */
+      50,    /* OBJ_pkcs9_contentType            1 2 840 113549 1 9 3 */
+      51,    /* OBJ_pkcs9_messageDigest          1 2 840 113549 1 9 4 */
+      52,    /* OBJ_pkcs9_signingTime            1 2 840 113549 1 9 5 */
+      53,    /* OBJ_pkcs9_countersignature       1 2 840 113549 1 9 6 */
+      54,    /* OBJ_pkcs9_challengePassword      1 2 840 113549 1 9 7 */
+      55,    /* OBJ_pkcs9_unstructuredAddress    1 2 840 113549 1 9 8 */
+      56,    /* OBJ_pkcs9_extCertAttributes      1 2 840 113549 1 9 9 */
+     172,    /* OBJ_ext_req                      1 2 840 113549 1 9 14 */
+     167,    /* OBJ_SMIMECapabilities            1 2 840 113549 1 9 15 */
+     188,    /* OBJ_SMIME                        1 2 840 113549 1 9 16 */
+     156,    /* OBJ_friendlyName                 1 2 840 113549 1 9 20 */
+     157,    /* OBJ_localKeyID                   1 2 840 113549 1 9 21 */
+     681,    /* OBJ_X9_62_onBasis                1 2 840 10045 1 2 3 1 */
+     682,    /* OBJ_X9_62_tpBasis                1 2 840 10045 1 2 3 2 */
+     683,    /* OBJ_X9_62_ppBasis                1 2 840 10045 1 2 3 3 */
+     417,    /* OBJ_ms_csp_name                  1 3 6 1 4 1 311 17 1 */
+     856,    /* OBJ_LocalKeySet                  1 3 6 1 4 1 311 17 2 */
+     390,    /* OBJ_dcObject                     1 3 6 1 4 1 1466 344 */
+      91,    /* OBJ_bf_cbc                       1 3 6 1 4 1 3029 1 2 */
+     973,    /* OBJ_id_scrypt                    1 3 6 1 4 1 11591 4 11 */
+     315,    /* OBJ_id_regCtrl_regToken          1 3 6 1 5 5 7 5 1 1 */
+     316,    /* OBJ_id_regCtrl_authenticator     1 3 6 1 5 5 7 5 1 2 */
+     317,    /* OBJ_id_regCtrl_pkiPublicationInfo 1 3 6 1 5 5 7 5 1 3 */
+     318,    /* OBJ_id_regCtrl_pkiArchiveOptions 1 3 6 1 5 5 7 5 1 4 */
+     319,    /* OBJ_id_regCtrl_oldCertID         1 3 6 1 5 5 7 5 1 5 */
+     320,    /* OBJ_id_regCtrl_protocolEncrKey   1 3 6 1 5 5 7 5 1 6 */
+     321,    /* OBJ_id_regInfo_utf8Pairs         1 3 6 1 5 5 7 5 2 1 */
+     322,    /* OBJ_id_regInfo_certReq           1 3 6 1 5 5 7 5 2 2 */
+     365,    /* OBJ_id_pkix_OCSP_basic           1 3 6 1 5 5 7 48 1 1 */
+     366,    /* OBJ_id_pkix_OCSP_Nonce           1 3 6 1 5 5 7 48 1 2 */
+     367,    /* OBJ_id_pkix_OCSP_CrlID           1 3 6 1 5 5 7 48 1 3 */
+     368,    /* OBJ_id_pkix_OCSP_acceptableResponses 1 3 6 1 5 5 7 48 1 4 */
+     369,    /* OBJ_id_pkix_OCSP_noCheck         1 3 6 1 5 5 7 48 1 5 */
+     370,    /* OBJ_id_pkix_OCSP_archiveCutoff   1 3 6 1 5 5 7 48 1 6 */
+     371,    /* OBJ_id_pkix_OCSP_serviceLocator  1 3 6 1 5 5 7 48 1 7 */
+     372,    /* OBJ_id_pkix_OCSP_extendedStatus  1 3 6 1 5 5 7 48 1 8 */
+     373,    /* OBJ_id_pkix_OCSP_valid           1 3 6 1 5 5 7 48 1 9 */
+     374,    /* OBJ_id_pkix_OCSP_path            1 3 6 1 5 5 7 48 1 10 */
+     375,    /* OBJ_id_pkix_OCSP_trustRoot       1 3 6 1 5 5 7 48 1 11 */
+     921,    /* OBJ_brainpoolP160r1              1 3 36 3 3 2 8 1 1 1 */
+     922,    /* OBJ_brainpoolP160t1              1 3 36 3 3 2 8 1 1 2 */
+     923,    /* OBJ_brainpoolP192r1              1 3 36 3 3 2 8 1 1 3 */
+     924,    /* OBJ_brainpoolP192t1              1 3 36 3 3 2 8 1 1 4 */
+     925,    /* OBJ_brainpoolP224r1              1 3 36 3 3 2 8 1 1 5 */
+     926,    /* OBJ_brainpoolP224t1              1 3 36 3 3 2 8 1 1 6 */
+     927,    /* OBJ_brainpoolP256r1              1 3 36 3 3 2 8 1 1 7 */
+     928,    /* OBJ_brainpoolP256t1              1 3 36 3 3 2 8 1 1 8 */
+     929,    /* OBJ_brainpoolP320r1              1 3 36 3 3 2 8 1 1 9 */
+     930,    /* OBJ_brainpoolP320t1              1 3 36 3 3 2 8 1 1 10 */
+     931,    /* OBJ_brainpoolP384r1              1 3 36 3 3 2 8 1 1 11 */
+     932,    /* OBJ_brainpoolP384t1              1 3 36 3 3 2 8 1 1 12 */
+     933,    /* OBJ_brainpoolP512r1              1 3 36 3 3 2 8 1 1 13 */
+     934,    /* OBJ_brainpoolP512t1              1 3 36 3 3 2 8 1 1 14 */
+     936,    /* OBJ_dhSinglePass_stdDH_sha1kdf_scheme 1 3 133 16 840 63 0 2 */
+     941,    /* OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme 1 3 133 16 840 63 0 3 */
+     418,    /* OBJ_aes_128_ecb                  2 16 840 1 101 3 4 1 1 */
+     419,    /* OBJ_aes_128_cbc                  2 16 840 1 101 3 4 1 2 */
+     420,    /* OBJ_aes_128_ofb128               2 16 840 1 101 3 4 1 3 */
+     421,    /* OBJ_aes_128_cfb128               2 16 840 1 101 3 4 1 4 */
+     788,    /* OBJ_id_aes128_wrap               2 16 840 1 101 3 4 1 5 */
+     895,    /* OBJ_aes_128_gcm                  2 16 840 1 101 3 4 1 6 */
+     896,    /* OBJ_aes_128_ccm                  2 16 840 1 101 3 4 1 7 */
+     897,    /* OBJ_id_aes128_wrap_pad           2 16 840 1 101 3 4 1 8 */
+     422,    /* OBJ_aes_192_ecb                  2 16 840 1 101 3 4 1 21 */
+     423,    /* OBJ_aes_192_cbc                  2 16 840 1 101 3 4 1 22 */
+     424,    /* OBJ_aes_192_ofb128               2 16 840 1 101 3 4 1 23 */
+     425,    /* OBJ_aes_192_cfb128               2 16 840 1 101 3 4 1 24 */
+     789,    /* OBJ_id_aes192_wrap               2 16 840 1 101 3 4 1 25 */
+     898,    /* OBJ_aes_192_gcm                  2 16 840 1 101 3 4 1 26 */
+     899,    /* OBJ_aes_192_ccm                  2 16 840 1 101 3 4 1 27 */
+     900,    /* OBJ_id_aes192_wrap_pad           2 16 840 1 101 3 4 1 28 */
+     426,    /* OBJ_aes_256_ecb                  2 16 840 1 101 3 4 1 41 */
+     427,    /* OBJ_aes_256_cbc                  2 16 840 1 101 3 4 1 42 */
+     428,    /* OBJ_aes_256_ofb128               2 16 840 1 101 3 4 1 43 */
+     429,    /* OBJ_aes_256_cfb128               2 16 840 1 101 3 4 1 44 */
+     790,    /* OBJ_id_aes256_wrap               2 16 840 1 101 3 4 1 45 */
+     901,    /* OBJ_aes_256_gcm                  2 16 840 1 101 3 4 1 46 */
+     902,    /* OBJ_aes_256_ccm                  2 16 840 1 101 3 4 1 47 */
+     903,    /* OBJ_id_aes256_wrap_pad           2 16 840 1 101 3 4 1 48 */
+     672,    /* OBJ_sha256                       2 16 840 1 101 3 4 2 1 */
+     673,    /* OBJ_sha384                       2 16 840 1 101 3 4 2 2 */
+     674,    /* OBJ_sha512                       2 16 840 1 101 3 4 2 3 */
+     675,    /* OBJ_sha224                       2 16 840 1 101 3 4 2 4 */
+    1094,    /* OBJ_sha512_224                   2 16 840 1 101 3 4 2 5 */
+    1095,    /* OBJ_sha512_256                   2 16 840 1 101 3 4 2 6 */
+    1096,    /* OBJ_sha3_224                     2 16 840 1 101 3 4 2 7 */
+    1097,    /* OBJ_sha3_256                     2 16 840 1 101 3 4 2 8 */
+    1098,    /* OBJ_sha3_384                     2 16 840 1 101 3 4 2 9 */
+    1099,    /* OBJ_sha3_512                     2 16 840 1 101 3 4 2 10 */
+    1100,    /* OBJ_shake128                     2 16 840 1 101 3 4 2 11 */
+    1101,    /* OBJ_shake256                     2 16 840 1 101 3 4 2 12 */
+    1102,    /* OBJ_hmac_sha3_224                2 16 840 1 101 3 4 2 13 */
+    1103,    /* OBJ_hmac_sha3_256                2 16 840 1 101 3 4 2 14 */
+    1104,    /* OBJ_hmac_sha3_384                2 16 840 1 101 3 4 2 15 */
+    1105,    /* OBJ_hmac_sha3_512                2 16 840 1 101 3 4 2 16 */
+     802,    /* OBJ_dsa_with_SHA224              2 16 840 1 101 3 4 3 1 */
+     803,    /* OBJ_dsa_with_SHA256              2 16 840 1 101 3 4 3 2 */
+    1106,    /* OBJ_dsa_with_SHA384              2 16 840 1 101 3 4 3 3 */
+    1107,    /* OBJ_dsa_with_SHA512              2 16 840 1 101 3 4 3 4 */
+    1108,    /* OBJ_dsa_with_SHA3_224            2 16 840 1 101 3 4 3 5 */
+    1109,    /* OBJ_dsa_with_SHA3_256            2 16 840 1 101 3 4 3 6 */
+    1110,    /* OBJ_dsa_with_SHA3_384            2 16 840 1 101 3 4 3 7 */
+    1111,    /* OBJ_dsa_with_SHA3_512            2 16 840 1 101 3 4 3 8 */
+    1112,    /* OBJ_ecdsa_with_SHA3_224          2 16 840 1 101 3 4 3 9 */
+    1113,    /* OBJ_ecdsa_with_SHA3_256          2 16 840 1 101 3 4 3 10 */
+    1114,    /* OBJ_ecdsa_with_SHA3_384          2 16 840 1 101 3 4 3 11 */
+    1115,    /* OBJ_ecdsa_with_SHA3_512          2 16 840 1 101 3 4 3 12 */
+    1116,    /* OBJ_RSA_SHA3_224                 2 16 840 1 101 3 4 3 13 */
+    1117,    /* OBJ_RSA_SHA3_256                 2 16 840 1 101 3 4 3 14 */
+    1118,    /* OBJ_RSA_SHA3_384                 2 16 840 1 101 3 4 3 15 */
+    1119,    /* OBJ_RSA_SHA3_512                 2 16 840 1 101 3 4 3 16 */
+      71,    /* OBJ_netscape_cert_type           2 16 840 1 113730 1 1 */
+      72,    /* OBJ_netscape_base_url            2 16 840 1 113730 1 2 */
+      73,    /* OBJ_netscape_revocation_url      2 16 840 1 113730 1 3 */
+      74,    /* OBJ_netscape_ca_revocation_url   2 16 840 1 113730 1 4 */
+      75,    /* OBJ_netscape_renewal_url         2 16 840 1 113730 1 7 */
+      76,    /* OBJ_netscape_ca_policy_url       2 16 840 1 113730 1 8 */
+      77,    /* OBJ_netscape_ssl_server_name     2 16 840 1 113730 1 12 */
+      78,    /* OBJ_netscape_comment             2 16 840 1 113730 1 13 */
+      79,    /* OBJ_netscape_cert_sequence       2 16 840 1 113730 2 5 */
+     139,    /* OBJ_ns_sgc                       2 16 840 1 113730 4 1 */
+     458,    /* OBJ_userId                       0 9 2342 19200300 100 1 1 */
+     459,    /* OBJ_textEncodedORAddress         0 9 2342 19200300 100 1 2 */
+     460,    /* OBJ_rfc822Mailbox                0 9 2342 19200300 100 1 3 */
+     461,    /* OBJ_info                         0 9 2342 19200300 100 1 4 */
+     462,    /* OBJ_favouriteDrink               0 9 2342 19200300 100 1 5 */
+     463,    /* OBJ_roomNumber                   0 9 2342 19200300 100 1 6 */
+     464,    /* OBJ_photo                        0 9 2342 19200300 100 1 7 */
+     465,    /* OBJ_userClass                    0 9 2342 19200300 100 1 8 */
+     466,    /* OBJ_host                         0 9 2342 19200300 100 1 9 */
+     467,    /* OBJ_manager                      0 9 2342 19200300 100 1 10 */
+     468,    /* OBJ_documentIdentifier           0 9 2342 19200300 100 1 11 */
+     469,    /* OBJ_documentTitle                0 9 2342 19200300 100 1 12 */
+     470,    /* OBJ_documentVersion              0 9 2342 19200300 100 1 13 */
+     471,    /* OBJ_documentAuthor               0 9 2342 19200300 100 1 14 */
+     472,    /* OBJ_documentLocation             0 9 2342 19200300 100 1 15 */
+     473,    /* OBJ_homeTelephoneNumber          0 9 2342 19200300 100 1 20 */
+     474,    /* OBJ_secretary                    0 9 2342 19200300 100 1 21 */
+     475,    /* OBJ_otherMailbox                 0 9 2342 19200300 100 1 22 */
+     476,    /* OBJ_lastModifiedTime             0 9 2342 19200300 100 1 23 */
+     477,    /* OBJ_lastModifiedBy               0 9 2342 19200300 100 1 24 */
+     391,    /* OBJ_domainComponent              0 9 2342 19200300 100 1 25 */
+     478,    /* OBJ_aRecord                      0 9 2342 19200300 100 1 26 */
+     479,    /* OBJ_pilotAttributeType27         0 9 2342 19200300 100 1 27 */
+     480,    /* OBJ_mXRecord                     0 9 2342 19200300 100 1 28 */
+     481,    /* OBJ_nSRecord                     0 9 2342 19200300 100 1 29 */
+     482,    /* OBJ_sOARecord                    0 9 2342 19200300 100 1 30 */
+     483,    /* OBJ_cNAMERecord                  0 9 2342 19200300 100 1 31 */
+     484,    /* OBJ_associatedDomain             0 9 2342 19200300 100 1 37 */
+     485,    /* OBJ_associatedName               0 9 2342 19200300 100 1 38 */
+     486,    /* OBJ_homePostalAddress            0 9 2342 19200300 100 1 39 */
+     487,    /* OBJ_personalTitle                0 9 2342 19200300 100 1 40 */
+     488,    /* OBJ_mobileTelephoneNumber        0 9 2342 19200300 100 1 41 */
+     489,    /* OBJ_pagerTelephoneNumber         0 9 2342 19200300 100 1 42 */
+     490,    /* OBJ_friendlyCountryName          0 9 2342 19200300 100 1 43 */
+     102,    /* OBJ_uniqueIdentifier             0 9 2342 19200300 100 1 44 */
+     491,    /* OBJ_organizationalStatus         0 9 2342 19200300 100 1 45 */
+     492,    /* OBJ_janetMailbox                 0 9 2342 19200300 100 1 46 */
+     493,    /* OBJ_mailPreferenceOption         0 9 2342 19200300 100 1 47 */
+     494,    /* OBJ_buildingName                 0 9 2342 19200300 100 1 48 */
+     495,    /* OBJ_dSAQuality                   0 9 2342 19200300 100 1 49 */
+     496,    /* OBJ_singleLevelQuality           0 9 2342 19200300 100 1 50 */
+     497,    /* OBJ_subtreeMinimumQuality        0 9 2342 19200300 100 1 51 */
+     498,    /* OBJ_subtreeMaximumQuality        0 9 2342 19200300 100 1 52 */
+     499,    /* OBJ_personalSignature            0 9 2342 19200300 100 1 53 */
+     500,    /* OBJ_dITRedirect                  0 9 2342 19200300 100 1 54 */
+     501,    /* OBJ_audio                        0 9 2342 19200300 100 1 55 */
+     502,    /* OBJ_documentPublisher            0 9 2342 19200300 100 1 56 */
+     442,    /* OBJ_iA5StringSyntax              0 9 2342 19200300 100 3 4 */
+     443,    /* OBJ_caseIgnoreIA5StringSyntax    0 9 2342 19200300 100 3 5 */
+     444,    /* OBJ_pilotObject                  0 9 2342 19200300 100 4 3 */
+     445,    /* OBJ_pilotPerson                  0 9 2342 19200300 100 4 4 */
+     446,    /* OBJ_account                      0 9 2342 19200300 100 4 5 */
+     447,    /* OBJ_document                     0 9 2342 19200300 100 4 6 */
+     448,    /* OBJ_room                         0 9 2342 19200300 100 4 7 */
+     449,    /* OBJ_documentSeries               0 9 2342 19200300 100 4 9 */
+     392,    /* OBJ_Domain                       0 9 2342 19200300 100 4 13 */
+     450,    /* OBJ_rFC822localPart              0 9 2342 19200300 100 4 14 */
+     451,    /* OBJ_dNSDomain                    0 9 2342 19200300 100 4 15 */
+     452,    /* OBJ_domainRelatedObject          0 9 2342 19200300 100 4 17 */
+     453,    /* OBJ_friendlyCountry              0 9 2342 19200300 100 4 18 */
+     454,    /* OBJ_simpleSecurityObject         0 9 2342 19200300 100 4 19 */
+     455,    /* OBJ_pilotOrganization            0 9 2342 19200300 100 4 20 */
+     456,    /* OBJ_pilotDSA                     0 9 2342 19200300 100 4 21 */
+     457,    /* OBJ_qualityLabelledData          0 9 2342 19200300 100 4 22 */
+    1152,    /* OBJ_dstu28147                    1 2 804 2 1 1 1 1 1 1 */
+    1156,    /* OBJ_hmacWithDstu34311            1 2 804 2 1 1 1 1 1 2 */
+    1157,    /* OBJ_dstu34311                    1 2 804 2 1 1 1 1 2 1 */
+     189,    /* OBJ_id_smime_mod                 1 2 840 113549 1 9 16 0 */
+     190,    /* OBJ_id_smime_ct                  1 2 840 113549 1 9 16 1 */
+     191,    /* OBJ_id_smime_aa                  1 2 840 113549 1 9 16 2 */
+     192,    /* OBJ_id_smime_alg                 1 2 840 113549 1 9 16 3 */
+     193,    /* OBJ_id_smime_cd                  1 2 840 113549 1 9 16 4 */
+     194,    /* OBJ_id_smime_spq                 1 2 840 113549 1 9 16 5 */
+     195,    /* OBJ_id_smime_cti                 1 2 840 113549 1 9 16 6 */
+     158,    /* OBJ_x509Certificate              1 2 840 113549 1 9 22 1 */
+     159,    /* OBJ_sdsiCertificate              1 2 840 113549 1 9 22 2 */
+     160,    /* OBJ_x509Crl                      1 2 840 113549 1 9 23 1 */
+     144,    /* OBJ_pbe_WithSHA1And128BitRC4     1 2 840 113549 1 12 1 1 */
+     145,    /* OBJ_pbe_WithSHA1And40BitRC4      1 2 840 113549 1 12 1 2 */
+     146,    /* OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC 1 2 840 113549 1 12 1 3 */
+     147,    /* OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC 1 2 840 113549 1 12 1 4 */
+     148,    /* OBJ_pbe_WithSHA1And128BitRC2_CBC 1 2 840 113549 1 12 1 5 */
+     149,    /* OBJ_pbe_WithSHA1And40BitRC2_CBC  1 2 840 113549 1 12 1 6 */
+     171,    /* OBJ_ms_ext_req                   1 3 6 1 4 1 311 2 1 14 */
+     134,    /* OBJ_ms_code_ind                  1 3 6 1 4 1 311 2 1 21 */
+     135,    /* OBJ_ms_code_com                  1 3 6 1 4 1 311 2 1 22 */
+     136,    /* OBJ_ms_ctl_sign                  1 3 6 1 4 1 311 10 3 1 */
+     137,    /* OBJ_ms_sgc                       1 3 6 1 4 1 311 10 3 3 */
+     138,    /* OBJ_ms_efs                       1 3 6 1 4 1 311 10 3 4 */
+     648,    /* OBJ_ms_smartcard_login           1 3 6 1 4 1 311 20 2 2 */
+     649,    /* OBJ_ms_upn                       1 3 6 1 4 1 311 20 2 3 */
+     951,    /* OBJ_ct_precert_scts              1 3 6 1 4 1 11129 2 4 2 */
+     952,    /* OBJ_ct_precert_poison            1 3 6 1 4 1 11129 2 4 3 */
+     953,    /* OBJ_ct_precert_signer            1 3 6 1 4 1 11129 2 4 4 */
+     954,    /* OBJ_ct_cert_scts                 1 3 6 1 4 1 11129 2 4 5 */
+     751,    /* OBJ_camellia_128_cbc             1 2 392 200011 61 1 1 1 2 */
+     752,    /* OBJ_camellia_192_cbc             1 2 392 200011 61 1 1 1 3 */
+     753,    /* OBJ_camellia_256_cbc             1 2 392 200011 61 1 1 1 4 */
+     907,    /* OBJ_id_camellia128_wrap          1 2 392 200011 61 1 1 3 2 */
+     908,    /* OBJ_id_camellia192_wrap          1 2 392 200011 61 1 1 3 3 */
+     909,    /* OBJ_id_camellia256_wrap          1 2 392 200011 61 1 1 3 4 */
+    1153,    /* OBJ_dstu28147_ofb                1 2 804 2 1 1 1 1 1 1 2 */
+    1154,    /* OBJ_dstu28147_cfb                1 2 804 2 1 1 1 1 1 1 3 */
+    1155,    /* OBJ_dstu28147_wrap               1 2 804 2 1 1 1 1 1 1 5 */
+    1158,    /* OBJ_dstu4145le                   1 2 804 2 1 1 1 1 3 1 1 */
+     196,    /* OBJ_id_smime_mod_cms             1 2 840 113549 1 9 16 0 1 */
+     197,    /* OBJ_id_smime_mod_ess             1 2 840 113549 1 9 16 0 2 */
+     198,    /* OBJ_id_smime_mod_oid             1 2 840 113549 1 9 16 0 3 */
+     199,    /* OBJ_id_smime_mod_msg_v3          1 2 840 113549 1 9 16 0 4 */
+     200,    /* OBJ_id_smime_mod_ets_eSignature_88 1 2 840 113549 1 9 16 0 5 */
+     201,    /* OBJ_id_smime_mod_ets_eSignature_97 1 2 840 113549 1 9 16 0 6 */
+     202,    /* OBJ_id_smime_mod_ets_eSigPolicy_88 1 2 840 113549 1 9 16 0 7 */
+     203,    /* OBJ_id_smime_mod_ets_eSigPolicy_97 1 2 840 113549 1 9 16 0 8 */
+     204,    /* OBJ_id_smime_ct_receipt          1 2 840 113549 1 9 16 1 1 */
+     205,    /* OBJ_id_smime_ct_authData         1 2 840 113549 1 9 16 1 2 */
+     206,    /* OBJ_id_smime_ct_publishCert      1 2 840 113549 1 9 16 1 3 */
+     207,    /* OBJ_id_smime_ct_TSTInfo          1 2 840 113549 1 9 16 1 4 */
+     208,    /* OBJ_id_smime_ct_TDTInfo          1 2 840 113549 1 9 16 1 5 */
+     209,    /* OBJ_id_smime_ct_contentInfo      1 2 840 113549 1 9 16 1 6 */
+     210,    /* OBJ_id_smime_ct_DVCSRequestData  1 2 840 113549 1 9 16 1 7 */
+     211,    /* OBJ_id_smime_ct_DVCSResponseData 1 2 840 113549 1 9 16 1 8 */
+     786,    /* OBJ_id_smime_ct_compressedData   1 2 840 113549 1 9 16 1 9 */
+    1058,    /* OBJ_id_smime_ct_contentCollection 1 2 840 113549 1 9 16 1 19 */
+    1059,    /* OBJ_id_smime_ct_authEnvelopedData 1 2 840 113549 1 9 16 1 23 */
+     787,    /* OBJ_id_ct_asciiTextWithCRLF      1 2 840 113549 1 9 16 1 27 */
+    1060,    /* OBJ_id_ct_xml                    1 2 840 113549 1 9 16 1 28 */
+     212,    /* OBJ_id_smime_aa_receiptRequest   1 2 840 113549 1 9 16 2 1 */
+     213,    /* OBJ_id_smime_aa_securityLabel    1 2 840 113549 1 9 16 2 2 */
+     214,    /* OBJ_id_smime_aa_mlExpandHistory  1 2 840 113549 1 9 16 2 3 */
+     215,    /* OBJ_id_smime_aa_contentHint      1 2 840 113549 1 9 16 2 4 */
+     216,    /* OBJ_id_smime_aa_msgSigDigest     1 2 840 113549 1 9 16 2 5 */
+     217,    /* OBJ_id_smime_aa_encapContentType 1 2 840 113549 1 9 16 2 6 */
+     218,    /* OBJ_id_smime_aa_contentIdentifier 1 2 840 113549 1 9 16 2 7 */
+     219,    /* OBJ_id_smime_aa_macValue         1 2 840 113549 1 9 16 2 8 */
+     220,    /* OBJ_id_smime_aa_equivalentLabels 1 2 840 113549 1 9 16 2 9 */
+     221,    /* OBJ_id_smime_aa_contentReference 1 2 840 113549 1 9 16 2 10 */
+     222,    /* OBJ_id_smime_aa_encrypKeyPref    1 2 840 113549 1 9 16 2 11 */
+     223,    /* OBJ_id_smime_aa_signingCertificate 1 2 840 113549 1 9 16 2 12 */
+     224,    /* OBJ_id_smime_aa_smimeEncryptCerts 1 2 840 113549 1 9 16 2 13 */
+     225,    /* OBJ_id_smime_aa_timeStampToken   1 2 840 113549 1 9 16 2 14 */
+     226,    /* OBJ_id_smime_aa_ets_sigPolicyId  1 2 840 113549 1 9 16 2 15 */
+     227,    /* OBJ_id_smime_aa_ets_commitmentType 1 2 840 113549 1 9 16 2 16 */
+     228,    /* OBJ_id_smime_aa_ets_signerLocation 1 2 840 113549 1 9 16 2 17 */
+     229,    /* OBJ_id_smime_aa_ets_signerAttr   1 2 840 113549 1 9 16 2 18 */
+     230,    /* OBJ_id_smime_aa_ets_otherSigCert 1 2 840 113549 1 9 16 2 19 */
+     231,    /* OBJ_id_smime_aa_ets_contentTimestamp 1 2 840 113549 1 9 16 2 20 */
+     232,    /* OBJ_id_smime_aa_ets_CertificateRefs 1 2 840 113549 1 9 16 2 21 */
+     233,    /* OBJ_id_smime_aa_ets_RevocationRefs 1 2 840 113549 1 9 16 2 22 */
+     234,    /* OBJ_id_smime_aa_ets_certValues   1 2 840 113549 1 9 16 2 23 */
+     235,    /* OBJ_id_smime_aa_ets_revocationValues 1 2 840 113549 1 9 16 2 24 */
+     236,    /* OBJ_id_smime_aa_ets_escTimeStamp 1 2 840 113549 1 9 16 2 25 */
+     237,    /* OBJ_id_smime_aa_ets_certCRLTimestamp 1 2 840 113549 1 9 16 2 26 */
+     238,    /* OBJ_id_smime_aa_ets_archiveTimeStamp 1 2 840 113549 1 9 16 2 27 */
+     239,    /* OBJ_id_smime_aa_signatureType    1 2 840 113549 1 9 16 2 28 */
+     240,    /* OBJ_id_smime_aa_dvcs_dvc         1 2 840 113549 1 9 16 2 29 */
+    1086,    /* OBJ_id_smime_aa_signingCertificateV2 1 2 840 113549 1 9 16 2 47 */
+     241,    /* OBJ_id_smime_alg_ESDHwith3DES    1 2 840 113549 1 9 16 3 1 */
+     242,    /* OBJ_id_smime_alg_ESDHwithRC2     1 2 840 113549 1 9 16 3 2 */
+     243,    /* OBJ_id_smime_alg_3DESwrap        1 2 840 113549 1 9 16 3 3 */
+     244,    /* OBJ_id_smime_alg_RC2wrap         1 2 840 113549 1 9 16 3 4 */
+     245,    /* OBJ_id_smime_alg_ESDH            1 2 840 113549 1 9 16 3 5 */
+     246,    /* OBJ_id_smime_alg_CMS3DESwrap     1 2 840 113549 1 9 16 3 6 */
+     247,    /* OBJ_id_smime_alg_CMSRC2wrap      1 2 840 113549 1 9 16 3 7 */
+     125,    /* OBJ_zlib_compression             1 2 840 113549 1 9 16 3 8 */
+     893,    /* OBJ_id_alg_PWRI_KEK              1 2 840 113549 1 9 16 3 9 */
+     248,    /* OBJ_id_smime_cd_ldap             1 2 840 113549 1 9 16 4 1 */
+     249,    /* OBJ_id_smime_spq_ets_sqt_uri     1 2 840 113549 1 9 16 5 1 */
+     250,    /* OBJ_id_smime_spq_ets_sqt_unotice 1 2 840 113549 1 9 16 5 2 */
+     251,    /* OBJ_id_smime_cti_ets_proofOfOrigin 1 2 840 113549 1 9 16 6 1 */
+     252,    /* OBJ_id_smime_cti_ets_proofOfReceipt 1 2 840 113549 1 9 16 6 2 */
+     253,    /* OBJ_id_smime_cti_ets_proofOfDelivery 1 2 840 113549 1 9 16 6 3 */
+     254,    /* OBJ_id_smime_cti_ets_proofOfSender 1 2 840 113549 1 9 16 6 4 */
+     255,    /* OBJ_id_smime_cti_ets_proofOfApproval 1 2 840 113549 1 9 16 6 5 */
+     256,    /* OBJ_id_smime_cti_ets_proofOfCreation 1 2 840 113549 1 9 16 6 6 */
+     150,    /* OBJ_keyBag                       1 2 840 113549 1 12 10 1 1 */
+     151,    /* OBJ_pkcs8ShroudedKeyBag          1 2 840 113549 1 12 10 1 2 */
+     152,    /* OBJ_certBag                      1 2 840 113549 1 12 10 1 3 */
+     153,    /* OBJ_crlBag                       1 2 840 113549 1 12 10 1 4 */
+     154,    /* OBJ_secretBag                    1 2 840 113549 1 12 10 1 5 */
+     155,    /* OBJ_safeContentsBag              1 2 840 113549 1 12 10 1 6 */
+      34,    /* OBJ_idea_cbc                     1 3 6 1 4 1 188 7 1 1 2 */
+     955,    /* OBJ_jurisdictionLocalityName     1 3 6 1 4 1 311 60 2 1 1 */
+     956,    /* OBJ_jurisdictionStateOrProvinceName 1 3 6 1 4 1 311 60 2 1 2 */
+     957,    /* OBJ_jurisdictionCountryName      1 3 6 1 4 1 311 60 2 1 3 */
+    1056,    /* OBJ_blake2b512                   1 3 6 1 4 1 1722 12 2 1 16 */
+    1057,    /* OBJ_blake2s256                   1 3 6 1 4 1 1722 12 2 2 8 */
+    1159,    /* OBJ_dstu4145be                   1 2 804 2 1 1 1 1 3 1 1 1 1 */
+    1160,    /* OBJ_uacurve0                     1 2 804 2 1 1 1 1 3 1 1 2 0 */
+    1161,    /* OBJ_uacurve1                     1 2 804 2 1 1 1 1 3 1 1 2 1 */
+    1162,    /* OBJ_uacurve2                     1 2 804 2 1 1 1 1 3 1 1 2 2 */
+    1163,    /* OBJ_uacurve3                     1 2 804 2 1 1 1 1 3 1 1 2 3 */
+    1164,    /* OBJ_uacurve4                     1 2 804 2 1 1 1 1 3 1 1 2 4 */
+    1165,    /* OBJ_uacurve5                     1 2 804 2 1 1 1 1 3 1 1 2 5 */
+    1166,    /* OBJ_uacurve6                     1 2 804 2 1 1 1 1 3 1 1 2 6 */
+    1167,    /* OBJ_uacurve7                     1 2 804 2 1 1 1 1 3 1 1 2 7 */
+    1168,    /* OBJ_uacurve8                     1 2 804 2 1 1 1 1 3 1 1 2 8 */
+    1169,    /* OBJ_uacurve9                     1 2 804 2 1 1 1 1 3 1 1 2 9 */
+};
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/objects/obj_dat.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/objects/obj_dat.pl
new file mode 100644
index 000000000..e5d38147e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/objects/obj_dat.pl
@@ -0,0 +1,228 @@
+#! /usr/bin/env perl
+# Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use integer;
+use strict;
+use warnings;
+
+# Generate the DER encoding for the given OID.
+sub der_it
+{
+    # Prologue
+    my ($v) = @_;
+    my @a = split(/\s+/, $v);
+    my $ret = pack("C*", $a[0] * 40 + $a[1]);
+    shift @a;
+    shift @a;
+
+    # Loop over rest of bytes; or in 0x80 for multi-byte numbers.
+    my $t;
+    foreach (@a) {
+        my @r = ();
+        $t = 0;
+        while ($_ >= 128) {
+            my $x = $_ % 128;
+            $_ /= 128;
+            push(@r, ($t++ ? 0x80 : 0) | $x);
+        }
+        push(@r, ($t++ ? 0x80 : 0) | $_);
+        $ret .= pack("C*", reverse(@r));
+    }
+    return $ret;
+}
+
+# Output year depends on the year of the script and the input file.
+my $YEAR = [localtime([stat($0)]->[9])]->[5] + 1900;
+my $iYEAR = [localtime([stat($ARGV[0])]->[9])]->[5] + 1900;
+$YEAR = $iYEAR if $iYEAR > $YEAR;
+
+# Read input, parse all #define's into OID name and value.
+# Populate %ln and %sn with long and short names (%dupln and %dupsn)
+# are used to watch for duplicates.  Also %nid and %obj get the
+# NID and OBJ entries.
+my %ln;
+my %sn;
+my %dupln;
+my %dupsn;
+my %nid;
+my %obj;
+my %objd;
+open(IN, "$ARGV[0]") || die "Can't open input file $ARGV[0], $!";
+while (<IN>) {
+    next unless /^\#define\s+(\S+)\s+(.*)$/;
+    my $v = $1;
+    my $d = $2;
+    $d =~ s/^\"//;
+    $d =~ s/\"$//;
+    if ($v =~ /^SN_(.*)$/) {
+        if (defined $dupsn{$d}) {
+            print "WARNING: Duplicate short name \"$d\"\n";
+        } else {
+            $dupsn{$d} = 1;
+        }
+        $sn{$1} = $d;
+    }
+    elsif ($v =~ /^LN_(.*)$/) {
+        if (defined $dupln{$d}) {
+            print "WARNING: Duplicate long name \"$d\"\n";
+        } else {
+            $dupln{$d} = 1;
+        }
+        $ln{$1} = $d;
+    }
+    elsif ($v =~ /^NID_(.*)$/) {
+        $nid{$d} = $1;
+    }
+    elsif ($v =~ /^OBJ_(.*)$/) {
+        $obj{$1} = $v;
+        $objd{$v} = $d;
+    }
+}
+close IN;
+
+# For every value in %obj, recursively expand OBJ_xxx values.  That is:
+#     #define OBJ_iso 1L
+#     #define OBJ_identified_organization OBJ_iso,3L
+# Modify %objd values in-place.  Create an %objn array that has
+my $changed;
+do {
+    $changed = 0;
+    foreach my $k (keys %objd) {
+        $changed = 1 if $objd{$k} =~ s/(OBJ_[^,]+),/$objd{$1},/;
+    }
+} while ($changed);
+
+my @a = sort { $a <=> $b } keys %nid;
+my $n = $a[$#a] + 1;
+my @lvalues = ();
+my $lvalues = 0;
+
+# Scan all defined objects, building up the @out array.
+# %obj_der holds the DER encoding as an array of bytes, and %obj_len
+# holds the length in bytes.
+my @out;
+my %obj_der;
+my %obj_len;
+for (my $i = 0; $i < $n; $i++) {
+    if (!defined $nid{$i}) {
+        push(@out, "    { NULL, NULL, NID_undef },\n");
+        next;
+    }
+
+    my $sn = defined $sn{$nid{$i}} ? "$sn{$nid{$i}}" : "NULL";
+    my $ln = defined $ln{$nid{$i}} ? "$ln{$nid{$i}}" : "NULL";
+    if ($sn eq "NULL") {
+        $sn = $ln;
+        $sn{$nid{$i}} = $ln;
+    }
+    if ($ln eq "NULL") {
+        $ln = $sn;
+        $ln{$nid{$i}} = $sn;
+    }
+
+    my $out = "    {\"$sn\", \"$ln\", NID_$nid{$i}";
+    if (defined $obj{$nid{$i}} && $objd{$obj{$nid{$i}}} =~ /,/) {
+        my $v = $objd{$obj{$nid{$i}}};
+        $v =~ s/L//g;
+        $v =~ s/,/ /g;
+        my $r = &der_it($v);
+        my $z = "";
+        my $length = 0;
+        # Format using fixed-with because we use strcmp later.
+        foreach (unpack("C*",$r)) {
+            $z .= sprintf("0x%02X,", $_);
+            $length++;
+        }
+        $obj_der{$obj{$nid{$i}}} = $z;
+        $obj_len{$obj{$nid{$i}}} = $length;
+
+        push(@lvalues,
+            sprintf("    %-45s  /* [%5d] %s */\n",
+                $z, $lvalues, $obj{$nid{$i}}));
+        $out .= ", $length, &so[$lvalues]";
+        $lvalues += $length;
+    }
+    $out .= "},\n";
+    push(@out, $out);
+}
+
+# Finally ready to generate the output.
+print <<"EOF";
+/*
+ * WARNING: do not edit!
+ * Generated by crypto/objects/obj_dat.pl
+ *
+ * Copyright 1995-$YEAR The OpenSSL Project Authors. All Rights Reserved.
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+EOF
+
+print "/* Serialized OID's */\n";
+printf "static const unsigned char so[%d] = {\n", $lvalues + 1;
+print @lvalues;
+print "};\n\n";
+
+printf "#define NUM_NID %d\n", $n;
+printf "static const ASN1_OBJECT nid_objs[NUM_NID] = {\n";
+print @out;
+print  "};\n\n";
+
+{
+    no warnings "uninitialized";
+    @a = grep(defined $sn{$nid{$_}}, 0 .. $n);
+}
+printf "#define NUM_SN %d\n", $#a + 1;
+printf "static const unsigned int sn_objs[NUM_SN] = {\n";
+foreach (sort { $sn{$nid{$a}} cmp $sn{$nid{$b}} } @a) {
+    printf "    %4d,    /* \"$sn{$nid{$_}}\" */\n", $_;
+}
+print  "};\n\n";
+
+{
+    no warnings "uninitialized";
+    @a = grep(defined $ln{$nid{$_}}, 0 .. $n);
+}
+printf "#define NUM_LN %d\n", $#a + 1;
+printf "static const unsigned int ln_objs[NUM_LN] = {\n";
+foreach (sort { $ln{$nid{$a}} cmp $ln{$nid{$b}} } @a) {
+    printf "    %4d,    /* \"$ln{$nid{$_}}\" */\n", $_;
+}
+print  "};\n\n";
+
+{
+    no warnings "uninitialized";
+    @a = grep(defined $obj{$nid{$_}}, 0 .. $n);
+}
+printf "#define NUM_OBJ %d\n", $#a + 1;
+printf "static const unsigned int obj_objs[NUM_OBJ] = {\n";
+
+# Compare DER; prefer shorter; if some length, use the "smaller" encoding.
+sub obj_cmp
+{
+    no warnings "uninitialized";
+    my $A = $obj_len{$obj{$nid{$a}}};
+    my $B = $obj_len{$obj{$nid{$b}}};
+    my $r = $A - $B;
+    return $r if $r != 0;
+
+    $A = $obj_der{$obj{$nid{$a}}};
+    $B = $obj_der{$obj{$nid{$b}}};
+    return $A cmp $B;
+}
+foreach (sort obj_cmp @a) {
+    my $m = $obj{$nid{$_}};
+    my $v = $objd{$m};
+    $v =~ s/L//g;
+    $v =~ s/,/ /g;
+    printf "    %4d,    /* %-32s %s */\n", $_, $m, $v;
+}
+print  "};\n";
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/objects/obj_err.c b/trunk/3rdparty/openssl-1.1-fit/crypto/objects/obj_err.c
new file mode 100644
index 000000000..be4f11ca2
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/objects/obj_err.c
@@ -0,0 +1,46 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/objectserr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA OBJ_str_functs[] = {
+    {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_ADD_OBJECT, 0), "OBJ_add_object"},
+    {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_ADD_SIGID, 0), "OBJ_add_sigid"},
+    {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_CREATE, 0), "OBJ_create"},
+    {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_DUP, 0), "OBJ_dup"},
+    {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_NAME_NEW_INDEX, 0), "OBJ_NAME_new_index"},
+    {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_NID2LN, 0), "OBJ_nid2ln"},
+    {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_NID2OBJ, 0), "OBJ_nid2obj"},
+    {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_NID2SN, 0), "OBJ_nid2sn"},
+    {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_TXT2OBJ, 0), "OBJ_txt2obj"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA OBJ_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_OBJ, 0, OBJ_R_OID_EXISTS), "oid exists"},
+    {ERR_PACK(ERR_LIB_OBJ, 0, OBJ_R_UNKNOWN_NID), "unknown nid"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_OBJ_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(OBJ_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(OBJ_str_functs);
+        ERR_load_strings_const(OBJ_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/objects/obj_lcl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/objects/obj_lcl.h
new file mode 100644
index 000000000..a417f7c46
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/objects/obj_lcl.h
@@ -0,0 +1,14 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+typedef struct name_funcs_st NAME_FUNCS;
+DEFINE_STACK_OF(NAME_FUNCS)
+DEFINE_LHASH_OF(OBJ_NAME);
+typedef struct added_obj_st ADDED_OBJ;
+DEFINE_LHASH_OF(ADDED_OBJ);
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/objects/obj_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/objects/obj_lib.c
new file mode 100644
index 000000000..acbdeec2c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/objects/obj_lib.c
@@ -0,0 +1,65 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include "internal/asn1_int.h"
+
+ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o)
+{
+    ASN1_OBJECT *r;
+
+    if (o == NULL)
+        return NULL;
+    /* If object isn't dynamic it's an internal OID which is never freed */
+    if (!(o->flags & ASN1_OBJECT_FLAG_DYNAMIC))
+        return (ASN1_OBJECT *)o;
+
+    r = ASN1_OBJECT_new();
+    if (r == NULL) {
+        OBJerr(OBJ_F_OBJ_DUP, ERR_R_ASN1_LIB);
+        return NULL;
+    }
+
+    /* Set dynamic flags so everything gets freed up on error */
+
+    r->flags = o->flags | (ASN1_OBJECT_FLAG_DYNAMIC |
+                           ASN1_OBJECT_FLAG_DYNAMIC_STRINGS |
+                           ASN1_OBJECT_FLAG_DYNAMIC_DATA);
+
+    if (o->length > 0 && (r->data = OPENSSL_memdup(o->data, o->length)) == NULL)
+        goto err;
+
+    r->length = o->length;
+    r->nid = o->nid;
+
+    if (o->ln != NULL && (r->ln = OPENSSL_strdup(o->ln)) == NULL)
+        goto err;
+
+    if (o->sn != NULL && (r->sn = OPENSSL_strdup(o->sn)) == NULL)
+        goto err;
+
+    return r;
+ err:
+    ASN1_OBJECT_free(r);
+    OBJerr(OBJ_F_OBJ_DUP, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b)
+{
+    int ret;
+
+    ret = (a->length - b->length);
+    if (ret)
+        return ret;
+    return memcmp(a->data, b->data, a->length);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/objects/obj_mac.num b/trunk/3rdparty/openssl-1.1-fit/crypto/objects/obj_mac.num
new file mode 100644
index 000000000..1b6a9c61a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/objects/obj_mac.num
@@ -0,0 +1,1194 @@
+undef		0
+rsadsi		1
+pkcs		2
+md2		3
+md5		4
+rc4		5
+rsaEncryption		6
+md2WithRSAEncryption		7
+md5WithRSAEncryption		8
+pbeWithMD2AndDES_CBC		9
+pbeWithMD5AndDES_CBC		10
+X500		11
+X509		12
+commonName		13
+countryName		14
+localityName		15
+stateOrProvinceName		16
+organizationName		17
+organizationalUnitName		18
+rsa		19
+pkcs7		20
+pkcs7_data		21
+pkcs7_signed		22
+pkcs7_enveloped		23
+pkcs7_signedAndEnveloped		24
+pkcs7_digest		25
+pkcs7_encrypted		26
+pkcs3		27
+dhKeyAgreement		28
+des_ecb		29
+des_cfb64		30
+des_cbc		31
+des_ede_ecb		32
+des_ede3_ecb		33
+idea_cbc		34
+idea_cfb64		35
+idea_ecb		36
+rc2_cbc		37
+rc2_ecb		38
+rc2_cfb64		39
+rc2_ofb64		40
+sha		41
+shaWithRSAEncryption		42
+des_ede_cbc		43
+des_ede3_cbc		44
+des_ofb64		45
+idea_ofb64		46
+pkcs9		47
+pkcs9_emailAddress		48
+pkcs9_unstructuredName		49
+pkcs9_contentType		50
+pkcs9_messageDigest		51
+pkcs9_signingTime		52
+pkcs9_countersignature		53
+pkcs9_challengePassword		54
+pkcs9_unstructuredAddress		55
+pkcs9_extCertAttributes		56
+netscape		57
+netscape_cert_extension		58
+netscape_data_type		59
+des_ede_cfb64		60
+des_ede3_cfb64		61
+des_ede_ofb64		62
+des_ede3_ofb64		63
+sha1		64
+sha1WithRSAEncryption		65
+dsaWithSHA		66
+dsa_2		67
+pbeWithSHA1AndRC2_CBC		68
+id_pbkdf2		69
+dsaWithSHA1_2		70
+netscape_cert_type		71
+netscape_base_url		72
+netscape_revocation_url		73
+netscape_ca_revocation_url		74
+netscape_renewal_url		75
+netscape_ca_policy_url		76
+netscape_ssl_server_name		77
+netscape_comment		78
+netscape_cert_sequence		79
+desx_cbc		80
+id_ce		81
+subject_key_identifier		82
+key_usage		83
+private_key_usage_period		84
+subject_alt_name		85
+issuer_alt_name		86
+basic_constraints		87
+crl_number		88
+certificate_policies		89
+authority_key_identifier		90
+bf_cbc		91
+bf_ecb		92
+bf_cfb64		93
+bf_ofb64		94
+mdc2		95
+mdc2WithRSA		96
+rc4_40		97
+rc2_40_cbc		98
+givenName		99
+surname		100
+initials		101
+uniqueIdentifier		102
+crl_distribution_points		103
+md5WithRSA		104
+serialNumber		105
+title		106
+description		107
+cast5_cbc		108
+cast5_ecb		109
+cast5_cfb64		110
+cast5_ofb64		111
+pbeWithMD5AndCast5_CBC		112
+dsaWithSHA1		113
+md5_sha1		114
+sha1WithRSA		115
+dsa		116
+ripemd160		117
+ripemd160WithRSA		119
+rc5_cbc		120
+rc5_ecb		121
+rc5_cfb64		122
+rc5_ofb64		123
+rle_compression		124
+zlib_compression		125
+ext_key_usage		126
+id_pkix		127
+id_kp		128
+server_auth		129
+client_auth		130
+code_sign		131
+email_protect		132
+time_stamp		133
+ms_code_ind		134
+ms_code_com		135
+ms_ctl_sign		136
+ms_sgc		137
+ms_efs		138
+ns_sgc		139
+delta_crl		140
+crl_reason		141
+invalidity_date		142
+sxnet		143
+pbe_WithSHA1And128BitRC4		144
+pbe_WithSHA1And40BitRC4		145
+pbe_WithSHA1And3_Key_TripleDES_CBC		146
+pbe_WithSHA1And2_Key_TripleDES_CBC		147
+pbe_WithSHA1And128BitRC2_CBC		148
+pbe_WithSHA1And40BitRC2_CBC		149
+keyBag		150
+pkcs8ShroudedKeyBag		151
+certBag		152
+crlBag		153
+secretBag		154
+safeContentsBag		155
+friendlyName		156
+localKeyID		157
+x509Certificate		158
+sdsiCertificate		159
+x509Crl		160
+pbes2		161
+pbmac1		162
+hmacWithSHA1		163
+id_qt_cps		164
+id_qt_unotice		165
+rc2_64_cbc		166
+SMIMECapabilities		167
+pbeWithMD2AndRC2_CBC		168
+pbeWithMD5AndRC2_CBC		169
+pbeWithSHA1AndDES_CBC		170
+ms_ext_req		171
+ext_req		172
+name		173
+dnQualifier		174
+id_pe		175
+id_ad		176
+info_access		177
+ad_OCSP		178
+ad_ca_issuers		179
+OCSP_sign		180
+iso		181
+member_body		182
+ISO_US		183
+X9_57		184
+X9cm		185
+pkcs1		186
+pkcs5		187
+SMIME		188
+id_smime_mod		189
+id_smime_ct		190
+id_smime_aa		191
+id_smime_alg		192
+id_smime_cd		193
+id_smime_spq		194
+id_smime_cti		195
+id_smime_mod_cms		196
+id_smime_mod_ess		197
+id_smime_mod_oid		198
+id_smime_mod_msg_v3		199
+id_smime_mod_ets_eSignature_88		200
+id_smime_mod_ets_eSignature_97		201
+id_smime_mod_ets_eSigPolicy_88		202
+id_smime_mod_ets_eSigPolicy_97		203
+id_smime_ct_receipt		204
+id_smime_ct_authData		205
+id_smime_ct_publishCert		206
+id_smime_ct_TSTInfo		207
+id_smime_ct_TDTInfo		208
+id_smime_ct_contentInfo		209
+id_smime_ct_DVCSRequestData		210
+id_smime_ct_DVCSResponseData		211
+id_smime_aa_receiptRequest		212
+id_smime_aa_securityLabel		213
+id_smime_aa_mlExpandHistory		214
+id_smime_aa_contentHint		215
+id_smime_aa_msgSigDigest		216
+id_smime_aa_encapContentType		217
+id_smime_aa_contentIdentifier		218
+id_smime_aa_macValue		219
+id_smime_aa_equivalentLabels		220
+id_smime_aa_contentReference		221
+id_smime_aa_encrypKeyPref		222
+id_smime_aa_signingCertificate		223
+id_smime_aa_smimeEncryptCerts		224
+id_smime_aa_timeStampToken		225
+id_smime_aa_ets_sigPolicyId		226
+id_smime_aa_ets_commitmentType		227
+id_smime_aa_ets_signerLocation		228
+id_smime_aa_ets_signerAttr		229
+id_smime_aa_ets_otherSigCert		230
+id_smime_aa_ets_contentTimestamp		231
+id_smime_aa_ets_CertificateRefs		232
+id_smime_aa_ets_RevocationRefs		233
+id_smime_aa_ets_certValues		234
+id_smime_aa_ets_revocationValues		235
+id_smime_aa_ets_escTimeStamp		236
+id_smime_aa_ets_certCRLTimestamp		237
+id_smime_aa_ets_archiveTimeStamp		238
+id_smime_aa_signatureType		239
+id_smime_aa_dvcs_dvc		240
+id_smime_alg_ESDHwith3DES		241
+id_smime_alg_ESDHwithRC2		242
+id_smime_alg_3DESwrap		243
+id_smime_alg_RC2wrap		244
+id_smime_alg_ESDH		245
+id_smime_alg_CMS3DESwrap		246
+id_smime_alg_CMSRC2wrap		247
+id_smime_cd_ldap		248
+id_smime_spq_ets_sqt_uri		249
+id_smime_spq_ets_sqt_unotice		250
+id_smime_cti_ets_proofOfOrigin		251
+id_smime_cti_ets_proofOfReceipt		252
+id_smime_cti_ets_proofOfDelivery		253
+id_smime_cti_ets_proofOfSender		254
+id_smime_cti_ets_proofOfApproval		255
+id_smime_cti_ets_proofOfCreation		256
+md4		257
+id_pkix_mod		258
+id_qt		259
+id_it		260
+id_pkip		261
+id_alg		262
+id_cmc		263
+id_on		264
+id_pda		265
+id_aca		266
+id_qcs		267
+id_cct		268
+id_pkix1_explicit_88		269
+id_pkix1_implicit_88		270
+id_pkix1_explicit_93		271
+id_pkix1_implicit_93		272
+id_mod_crmf		273
+id_mod_cmc		274
+id_mod_kea_profile_88		275
+id_mod_kea_profile_93		276
+id_mod_cmp		277
+id_mod_qualified_cert_88		278
+id_mod_qualified_cert_93		279
+id_mod_attribute_cert		280
+id_mod_timestamp_protocol		281
+id_mod_ocsp		282
+id_mod_dvcs		283
+id_mod_cmp2000		284
+biometricInfo		285
+qcStatements		286
+ac_auditEntity		287
+ac_targeting		288
+aaControls		289
+sbgp_ipAddrBlock		290
+sbgp_autonomousSysNum		291
+sbgp_routerIdentifier		292
+textNotice		293
+ipsecEndSystem		294
+ipsecTunnel		295
+ipsecUser		296
+dvcs		297
+id_it_caProtEncCert		298
+id_it_signKeyPairTypes		299
+id_it_encKeyPairTypes		300
+id_it_preferredSymmAlg		301
+id_it_caKeyUpdateInfo		302
+id_it_currentCRL		303
+id_it_unsupportedOIDs		304
+id_it_subscriptionRequest		305
+id_it_subscriptionResponse		306
+id_it_keyPairParamReq		307
+id_it_keyPairParamRep		308
+id_it_revPassphrase		309
+id_it_implicitConfirm		310
+id_it_confirmWaitTime		311
+id_it_origPKIMessage		312
+id_regCtrl		313
+id_regInfo		314
+id_regCtrl_regToken		315
+id_regCtrl_authenticator		316
+id_regCtrl_pkiPublicationInfo		317
+id_regCtrl_pkiArchiveOptions		318
+id_regCtrl_oldCertID		319
+id_regCtrl_protocolEncrKey		320
+id_regInfo_utf8Pairs		321
+id_regInfo_certReq		322
+id_alg_des40		323
+id_alg_noSignature		324
+id_alg_dh_sig_hmac_sha1		325
+id_alg_dh_pop		326
+id_cmc_statusInfo		327
+id_cmc_identification		328
+id_cmc_identityProof		329
+id_cmc_dataReturn		330
+id_cmc_transactionId		331
+id_cmc_senderNonce		332
+id_cmc_recipientNonce		333
+id_cmc_addExtensions		334
+id_cmc_encryptedPOP		335
+id_cmc_decryptedPOP		336
+id_cmc_lraPOPWitness		337
+id_cmc_getCert		338
+id_cmc_getCRL		339
+id_cmc_revokeRequest		340
+id_cmc_regInfo		341
+id_cmc_responseInfo		342
+id_cmc_queryPending		343
+id_cmc_popLinkRandom		344
+id_cmc_popLinkWitness		345
+id_cmc_confirmCertAcceptance		346
+id_on_personalData		347
+id_pda_dateOfBirth		348
+id_pda_placeOfBirth		349
+id_pda_pseudonym		350
+id_pda_gender		351
+id_pda_countryOfCitizenship		352
+id_pda_countryOfResidence		353
+id_aca_authenticationInfo		354
+id_aca_accessIdentity		355
+id_aca_chargingIdentity		356
+id_aca_group		357
+id_aca_role		358
+id_qcs_pkixQCSyntax_v1		359
+id_cct_crs		360
+id_cct_PKIData		361
+id_cct_PKIResponse		362
+ad_timeStamping		363
+ad_dvcs		364
+id_pkix_OCSP_basic		365
+id_pkix_OCSP_Nonce		366
+id_pkix_OCSP_CrlID		367
+id_pkix_OCSP_acceptableResponses		368
+id_pkix_OCSP_noCheck		369
+id_pkix_OCSP_archiveCutoff		370
+id_pkix_OCSP_serviceLocator		371
+id_pkix_OCSP_extendedStatus		372
+id_pkix_OCSP_valid		373
+id_pkix_OCSP_path		374
+id_pkix_OCSP_trustRoot		375
+algorithm		376
+rsaSignature		377
+X500algorithms		378
+org		379
+dod		380
+iana		381
+Directory		382
+Management		383
+Experimental		384
+Private		385
+Security		386
+SNMPv2		387
+Mail		388
+Enterprises		389
+dcObject		390
+domainComponent		391
+Domain		392
+joint_iso_ccitt		393
+selected_attribute_types		394
+clearance		395
+md4WithRSAEncryption		396
+ac_proxying		397
+sinfo_access		398
+id_aca_encAttrs		399
+role		400
+policy_constraints		401
+target_information		402
+no_rev_avail		403
+ccitt		404
+ansi_X9_62		405
+X9_62_prime_field		406
+X9_62_characteristic_two_field		407
+X9_62_id_ecPublicKey		408
+X9_62_prime192v1		409
+X9_62_prime192v2		410
+X9_62_prime192v3		411
+X9_62_prime239v1		412
+X9_62_prime239v2		413
+X9_62_prime239v3		414
+X9_62_prime256v1		415
+ecdsa_with_SHA1		416
+ms_csp_name		417
+aes_128_ecb		418
+aes_128_cbc		419
+aes_128_ofb128		420
+aes_128_cfb128		421
+aes_192_ecb		422
+aes_192_cbc		423
+aes_192_ofb128		424
+aes_192_cfb128		425
+aes_256_ecb		426
+aes_256_cbc		427
+aes_256_ofb128		428
+aes_256_cfb128		429
+hold_instruction_code		430
+hold_instruction_none		431
+hold_instruction_call_issuer		432
+hold_instruction_reject		433
+data		434
+pss		435
+ucl		436
+pilot		437
+pilotAttributeType		438
+pilotAttributeSyntax		439
+pilotObjectClass		440
+pilotGroups		441
+iA5StringSyntax		442
+caseIgnoreIA5StringSyntax		443
+pilotObject		444
+pilotPerson		445
+account		446
+document		447
+room		448
+documentSeries		449
+rFC822localPart		450
+dNSDomain		451
+domainRelatedObject		452
+friendlyCountry		453
+simpleSecurityObject		454
+pilotOrganization		455
+pilotDSA		456
+qualityLabelledData		457
+userId		458
+textEncodedORAddress		459
+rfc822Mailbox		460
+info		461
+favouriteDrink		462
+roomNumber		463
+photo		464
+userClass		465
+host		466
+manager		467
+documentIdentifier		468
+documentTitle		469
+documentVersion		470
+documentAuthor		471
+documentLocation		472
+homeTelephoneNumber		473
+secretary		474
+otherMailbox		475
+lastModifiedTime		476
+lastModifiedBy		477
+aRecord		478
+pilotAttributeType27		479
+mXRecord		480
+nSRecord		481
+sOARecord		482
+cNAMERecord		483
+associatedDomain		484
+associatedName		485
+homePostalAddress		486
+personalTitle		487
+mobileTelephoneNumber		488
+pagerTelephoneNumber		489
+friendlyCountryName		490
+organizationalStatus		491
+janetMailbox		492
+mailPreferenceOption		493
+buildingName		494
+dSAQuality		495
+singleLevelQuality		496
+subtreeMinimumQuality		497
+subtreeMaximumQuality		498
+personalSignature		499
+dITRedirect		500
+audio		501
+documentPublisher		502
+x500UniqueIdentifier		503
+mime_mhs		504
+mime_mhs_headings		505
+mime_mhs_bodies		506
+id_hex_partial_message		507
+id_hex_multipart_message		508
+generationQualifier		509
+pseudonym		510
+InternationalRA		511
+id_set		512
+set_ctype		513
+set_msgExt		514
+set_attr		515
+set_policy		516
+set_certExt		517
+set_brand		518
+setct_PANData		519
+setct_PANToken		520
+setct_PANOnly		521
+setct_OIData		522
+setct_PI		523
+setct_PIData		524
+setct_PIDataUnsigned		525
+setct_HODInput		526
+setct_AuthResBaggage		527
+setct_AuthRevReqBaggage		528
+setct_AuthRevResBaggage		529
+setct_CapTokenSeq		530
+setct_PInitResData		531
+setct_PI_TBS		532
+setct_PResData		533
+setct_AuthReqTBS		534
+setct_AuthResTBS		535
+setct_AuthResTBSX		536
+setct_AuthTokenTBS		537
+setct_CapTokenData		538
+setct_CapTokenTBS		539
+setct_AcqCardCodeMsg		540
+setct_AuthRevReqTBS		541
+setct_AuthRevResData		542
+setct_AuthRevResTBS		543
+setct_CapReqTBS		544
+setct_CapReqTBSX		545
+setct_CapResData		546
+setct_CapRevReqTBS		547
+setct_CapRevReqTBSX		548
+setct_CapRevResData		549
+setct_CredReqTBS		550
+setct_CredReqTBSX		551
+setct_CredResData		552
+setct_CredRevReqTBS		553
+setct_CredRevReqTBSX		554
+setct_CredRevResData		555
+setct_PCertReqData		556
+setct_PCertResTBS		557
+setct_BatchAdminReqData		558
+setct_BatchAdminResData		559
+setct_CardCInitResTBS		560
+setct_MeAqCInitResTBS		561
+setct_RegFormResTBS		562
+setct_CertReqData		563
+setct_CertReqTBS		564
+setct_CertResData		565
+setct_CertInqReqTBS		566
+setct_ErrorTBS		567
+setct_PIDualSignedTBE		568
+setct_PIUnsignedTBE		569
+setct_AuthReqTBE		570
+setct_AuthResTBE		571
+setct_AuthResTBEX		572
+setct_AuthTokenTBE		573
+setct_CapTokenTBE		574
+setct_CapTokenTBEX		575
+setct_AcqCardCodeMsgTBE		576
+setct_AuthRevReqTBE		577
+setct_AuthRevResTBE		578
+setct_AuthRevResTBEB		579
+setct_CapReqTBE		580
+setct_CapReqTBEX		581
+setct_CapResTBE		582
+setct_CapRevReqTBE		583
+setct_CapRevReqTBEX		584
+setct_CapRevResTBE		585
+setct_CredReqTBE		586
+setct_CredReqTBEX		587
+setct_CredResTBE		588
+setct_CredRevReqTBE		589
+setct_CredRevReqTBEX		590
+setct_CredRevResTBE		591
+setct_BatchAdminReqTBE		592
+setct_BatchAdminResTBE		593
+setct_RegFormReqTBE		594
+setct_CertReqTBE		595
+setct_CertReqTBEX		596
+setct_CertResTBE		597
+setct_CRLNotificationTBS		598
+setct_CRLNotificationResTBS		599
+setct_BCIDistributionTBS		600
+setext_genCrypt		601
+setext_miAuth		602
+setext_pinSecure		603
+setext_pinAny		604
+setext_track2		605
+setext_cv		606
+set_policy_root		607
+setCext_hashedRoot		608
+setCext_certType		609
+setCext_merchData		610
+setCext_cCertRequired		611
+setCext_tunneling		612
+setCext_setExt		613
+setCext_setQualf		614
+setCext_PGWYcapabilities		615
+setCext_TokenIdentifier		616
+setCext_Track2Data		617
+setCext_TokenType		618
+setCext_IssuerCapabilities		619
+setAttr_Cert		620
+setAttr_PGWYcap		621
+setAttr_TokenType		622
+setAttr_IssCap		623
+set_rootKeyThumb		624
+set_addPolicy		625
+setAttr_Token_EMV		626
+setAttr_Token_B0Prime		627
+setAttr_IssCap_CVM		628
+setAttr_IssCap_T2		629
+setAttr_IssCap_Sig		630
+setAttr_GenCryptgrm		631
+setAttr_T2Enc		632
+setAttr_T2cleartxt		633
+setAttr_TokICCsig		634
+setAttr_SecDevSig		635
+set_brand_IATA_ATA		636
+set_brand_Diners		637
+set_brand_AmericanExpress		638
+set_brand_JCB		639
+set_brand_Visa		640
+set_brand_MasterCard		641
+set_brand_Novus		642
+des_cdmf		643
+rsaOAEPEncryptionSET		644
+itu_t		645
+joint_iso_itu_t		646
+international_organizations		647
+ms_smartcard_login		648
+ms_upn		649
+aes_128_cfb1		650
+aes_192_cfb1		651
+aes_256_cfb1		652
+aes_128_cfb8		653
+aes_192_cfb8		654
+aes_256_cfb8		655
+des_cfb1		656
+des_cfb8		657
+des_ede3_cfb1		658
+des_ede3_cfb8		659
+streetAddress		660
+postalCode		661
+id_ppl		662
+proxyCertInfo		663
+id_ppl_anyLanguage		664
+id_ppl_inheritAll		665
+name_constraints		666
+Independent		667
+sha256WithRSAEncryption		668
+sha384WithRSAEncryption		669
+sha512WithRSAEncryption		670
+sha224WithRSAEncryption		671
+sha256		672
+sha384		673
+sha512		674
+sha224		675
+identified_organization		676
+certicom_arc		677
+wap		678
+wap_wsg		679
+X9_62_id_characteristic_two_basis		680
+X9_62_onBasis		681
+X9_62_tpBasis		682
+X9_62_ppBasis		683
+X9_62_c2pnb163v1		684
+X9_62_c2pnb163v2		685
+X9_62_c2pnb163v3		686
+X9_62_c2pnb176v1		687
+X9_62_c2tnb191v1		688
+X9_62_c2tnb191v2		689
+X9_62_c2tnb191v3		690
+X9_62_c2onb191v4		691
+X9_62_c2onb191v5		692
+X9_62_c2pnb208w1		693
+X9_62_c2tnb239v1		694
+X9_62_c2tnb239v2		695
+X9_62_c2tnb239v3		696
+X9_62_c2onb239v4		697
+X9_62_c2onb239v5		698
+X9_62_c2pnb272w1		699
+X9_62_c2pnb304w1		700
+X9_62_c2tnb359v1		701
+X9_62_c2pnb368w1		702
+X9_62_c2tnb431r1		703
+secp112r1		704
+secp112r2		705
+secp128r1		706
+secp128r2		707
+secp160k1		708
+secp160r1		709
+secp160r2		710
+secp192k1		711
+secp224k1		712
+secp224r1		713
+secp256k1		714
+secp384r1		715
+secp521r1		716
+sect113r1		717
+sect113r2		718
+sect131r1		719
+sect131r2		720
+sect163k1		721
+sect163r1		722
+sect163r2		723
+sect193r1		724
+sect193r2		725
+sect233k1		726
+sect233r1		727
+sect239k1		728
+sect283k1		729
+sect283r1		730
+sect409k1		731
+sect409r1		732
+sect571k1		733
+sect571r1		734
+wap_wsg_idm_ecid_wtls1		735
+wap_wsg_idm_ecid_wtls3		736
+wap_wsg_idm_ecid_wtls4		737
+wap_wsg_idm_ecid_wtls5		738
+wap_wsg_idm_ecid_wtls6		739
+wap_wsg_idm_ecid_wtls7		740
+wap_wsg_idm_ecid_wtls8		741
+wap_wsg_idm_ecid_wtls9		742
+wap_wsg_idm_ecid_wtls10		743
+wap_wsg_idm_ecid_wtls11		744
+wap_wsg_idm_ecid_wtls12		745
+any_policy		746
+policy_mappings		747
+inhibit_any_policy		748
+ipsec3		749
+ipsec4		750
+camellia_128_cbc		751
+camellia_192_cbc		752
+camellia_256_cbc		753
+camellia_128_ecb		754
+camellia_192_ecb		755
+camellia_256_ecb		756
+camellia_128_cfb128		757
+camellia_192_cfb128		758
+camellia_256_cfb128		759
+camellia_128_cfb1		760
+camellia_192_cfb1		761
+camellia_256_cfb1		762
+camellia_128_cfb8		763
+camellia_192_cfb8		764
+camellia_256_cfb8		765
+camellia_128_ofb128		766
+camellia_192_ofb128		767
+camellia_256_ofb128		768
+subject_directory_attributes		769
+issuing_distribution_point		770
+certificate_issuer		771
+korea		772
+kisa		773
+kftc		774
+npki_alg		775
+seed_ecb		776
+seed_cbc		777
+seed_ofb128		778
+seed_cfb128		779
+hmac_md5		780
+hmac_sha1		781
+id_PasswordBasedMAC		782
+id_DHBasedMac		783
+id_it_suppLangTags		784
+caRepository		785
+id_smime_ct_compressedData		786
+id_ct_asciiTextWithCRLF		787
+id_aes128_wrap		788
+id_aes192_wrap		789
+id_aes256_wrap		790
+ecdsa_with_Recommended		791
+ecdsa_with_Specified		792
+ecdsa_with_SHA224		793
+ecdsa_with_SHA256		794
+ecdsa_with_SHA384		795
+ecdsa_with_SHA512		796
+hmacWithMD5		797
+hmacWithSHA224		798
+hmacWithSHA256		799
+hmacWithSHA384		800
+hmacWithSHA512		801
+dsa_with_SHA224		802
+dsa_with_SHA256		803
+whirlpool		804
+cryptopro		805
+cryptocom		806
+id_GostR3411_94_with_GostR3410_2001		807
+id_GostR3411_94_with_GostR3410_94		808
+id_GostR3411_94		809
+id_HMACGostR3411_94		810
+id_GostR3410_2001		811
+id_GostR3410_94		812
+id_Gost28147_89		813
+gost89_cnt		814
+id_Gost28147_89_MAC		815
+id_GostR3411_94_prf		816
+id_GostR3410_2001DH		817
+id_GostR3410_94DH		818
+id_Gost28147_89_CryptoPro_KeyMeshing		819
+id_Gost28147_89_None_KeyMeshing		820
+id_GostR3411_94_TestParamSet		821
+id_GostR3411_94_CryptoProParamSet		822
+id_Gost28147_89_TestParamSet		823
+id_Gost28147_89_CryptoPro_A_ParamSet		824
+id_Gost28147_89_CryptoPro_B_ParamSet		825
+id_Gost28147_89_CryptoPro_C_ParamSet		826
+id_Gost28147_89_CryptoPro_D_ParamSet		827
+id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet		828
+id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet		829
+id_Gost28147_89_CryptoPro_RIC_1_ParamSet		830
+id_GostR3410_94_TestParamSet		831
+id_GostR3410_94_CryptoPro_A_ParamSet		832
+id_GostR3410_94_CryptoPro_B_ParamSet		833
+id_GostR3410_94_CryptoPro_C_ParamSet		834
+id_GostR3410_94_CryptoPro_D_ParamSet		835
+id_GostR3410_94_CryptoPro_XchA_ParamSet		836
+id_GostR3410_94_CryptoPro_XchB_ParamSet		837
+id_GostR3410_94_CryptoPro_XchC_ParamSet		838
+id_GostR3410_2001_TestParamSet		839
+id_GostR3410_2001_CryptoPro_A_ParamSet		840
+id_GostR3410_2001_CryptoPro_B_ParamSet		841
+id_GostR3410_2001_CryptoPro_C_ParamSet		842
+id_GostR3410_2001_CryptoPro_XchA_ParamSet		843
+id_GostR3410_2001_CryptoPro_XchB_ParamSet		844
+id_GostR3410_94_a		845
+id_GostR3410_94_aBis		846
+id_GostR3410_94_b		847
+id_GostR3410_94_bBis		848
+id_Gost28147_89_cc		849
+id_GostR3410_94_cc		850
+id_GostR3410_2001_cc		851
+id_GostR3411_94_with_GostR3410_94_cc		852
+id_GostR3411_94_with_GostR3410_2001_cc		853
+id_GostR3410_2001_ParamSet_cc		854
+hmac		855
+LocalKeySet		856
+freshest_crl		857
+id_on_permanentIdentifier		858
+searchGuide		859
+businessCategory		860
+postalAddress		861
+postOfficeBox		862
+physicalDeliveryOfficeName		863
+telephoneNumber		864
+telexNumber		865
+teletexTerminalIdentifier		866
+facsimileTelephoneNumber		867
+x121Address		868
+internationaliSDNNumber		869
+registeredAddress		870
+destinationIndicator		871
+preferredDeliveryMethod		872
+presentationAddress		873
+supportedApplicationContext		874
+member		875
+owner		876
+roleOccupant		877
+seeAlso		878
+userPassword		879
+userCertificate		880
+cACertificate		881
+authorityRevocationList		882
+certificateRevocationList		883
+crossCertificatePair		884
+enhancedSearchGuide		885
+protocolInformation		886
+distinguishedName		887
+uniqueMember		888
+houseIdentifier		889
+supportedAlgorithms		890
+deltaRevocationList		891
+dmdName		892
+id_alg_PWRI_KEK		893
+cmac		894
+aes_128_gcm		895
+aes_128_ccm		896
+id_aes128_wrap_pad		897
+aes_192_gcm		898
+aes_192_ccm		899
+id_aes192_wrap_pad		900
+aes_256_gcm		901
+aes_256_ccm		902
+id_aes256_wrap_pad		903
+aes_128_ctr		904
+aes_192_ctr		905
+aes_256_ctr		906
+id_camellia128_wrap		907
+id_camellia192_wrap		908
+id_camellia256_wrap		909
+anyExtendedKeyUsage		910
+mgf1		911
+rsassaPss		912
+aes_128_xts		913
+aes_256_xts		914
+rc4_hmac_md5		915
+aes_128_cbc_hmac_sha1		916
+aes_192_cbc_hmac_sha1		917
+aes_256_cbc_hmac_sha1		918
+rsaesOaep		919
+dhpublicnumber		920
+brainpoolP160r1		921
+brainpoolP160t1		922
+brainpoolP192r1		923
+brainpoolP192t1		924
+brainpoolP224r1		925
+brainpoolP224t1		926
+brainpoolP256r1		927
+brainpoolP256t1		928
+brainpoolP320r1		929
+brainpoolP320t1		930
+brainpoolP384r1		931
+brainpoolP384t1		932
+brainpoolP512r1		933
+brainpoolP512t1		934
+pSpecified		935
+dhSinglePass_stdDH_sha1kdf_scheme		936
+dhSinglePass_stdDH_sha224kdf_scheme		937
+dhSinglePass_stdDH_sha256kdf_scheme		938
+dhSinglePass_stdDH_sha384kdf_scheme		939
+dhSinglePass_stdDH_sha512kdf_scheme		940
+dhSinglePass_cofactorDH_sha1kdf_scheme		941
+dhSinglePass_cofactorDH_sha224kdf_scheme		942
+dhSinglePass_cofactorDH_sha256kdf_scheme		943
+dhSinglePass_cofactorDH_sha384kdf_scheme		944
+dhSinglePass_cofactorDH_sha512kdf_scheme		945
+dh_std_kdf		946
+dh_cofactor_kdf		947
+aes_128_cbc_hmac_sha256		948
+aes_192_cbc_hmac_sha256		949
+aes_256_cbc_hmac_sha256		950
+ct_precert_scts		951
+ct_precert_poison		952
+ct_precert_signer		953
+ct_cert_scts		954
+jurisdictionLocalityName		955
+jurisdictionStateOrProvinceName		956
+jurisdictionCountryName		957
+aes_128_ocb		958
+aes_192_ocb		959
+aes_256_ocb		960
+camellia_128_gcm		961
+camellia_128_ccm		962
+camellia_128_ctr		963
+camellia_128_cmac		964
+camellia_192_gcm		965
+camellia_192_ccm		966
+camellia_192_ctr		967
+camellia_192_cmac		968
+camellia_256_gcm		969
+camellia_256_ccm		970
+camellia_256_ctr		971
+camellia_256_cmac		972
+id_scrypt		973
+id_tc26		974
+gost89_cnt_12		975
+gost_mac_12		976
+id_tc26_algorithms		977
+id_tc26_sign		978
+id_GostR3410_2012_256		979
+id_GostR3410_2012_512		980
+id_tc26_digest		981
+id_GostR3411_2012_256		982
+id_GostR3411_2012_512		983
+id_tc26_signwithdigest		984
+id_tc26_signwithdigest_gost3410_2012_256		985
+id_tc26_signwithdigest_gost3410_2012_512		986
+id_tc26_mac		987
+id_tc26_hmac_gost_3411_2012_256		988
+id_tc26_hmac_gost_3411_2012_512		989
+id_tc26_cipher		990
+id_tc26_agreement		991
+id_tc26_agreement_gost_3410_2012_256		992
+id_tc26_agreement_gost_3410_2012_512		993
+id_tc26_constants		994
+id_tc26_sign_constants		995
+id_tc26_gost_3410_2012_512_constants		996
+id_tc26_gost_3410_2012_512_paramSetTest		997
+id_tc26_gost_3410_2012_512_paramSetA		998
+id_tc26_gost_3410_2012_512_paramSetB		999
+id_tc26_digest_constants		1000
+id_tc26_cipher_constants		1001
+id_tc26_gost_28147_constants		1002
+id_tc26_gost_28147_param_Z		1003
+INN		1004
+OGRN		1005
+SNILS		1006
+subjectSignTool		1007
+issuerSignTool		1008
+gost89_cbc		1009
+gost89_ecb		1010
+gost89_ctr		1011
+grasshopper_ecb		1012
+grasshopper_ctr		1013
+grasshopper_ofb		1014
+grasshopper_cbc		1015
+grasshopper_cfb		1016
+grasshopper_mac		1017
+chacha20_poly1305		1018
+chacha20		1019
+tlsfeature		1020
+tls1_prf		1021
+ipsec_IKE		1022
+capwapAC		1023
+capwapWTP		1024
+sshClient		1025
+sshServer		1026
+sendRouter		1027
+sendProxiedRouter		1028
+sendOwner		1029
+sendProxiedOwner		1030
+id_pkinit		1031
+pkInitClientAuth		1032
+pkInitKDC		1033
+X25519		1034
+X448		1035
+hkdf		1036
+kx_rsa		1037
+kx_ecdhe		1038
+kx_dhe		1039
+kx_ecdhe_psk		1040
+kx_dhe_psk		1041
+kx_rsa_psk		1042
+kx_psk		1043
+kx_srp		1044
+kx_gost		1045
+auth_rsa		1046
+auth_ecdsa		1047
+auth_psk		1048
+auth_dss		1049
+auth_gost01		1050
+auth_gost12		1051
+auth_srp		1052
+auth_null		1053
+fips_none		1054
+fips_140_2		1055
+blake2b512		1056
+blake2s256		1057
+id_smime_ct_contentCollection		1058
+id_smime_ct_authEnvelopedData		1059
+id_ct_xml		1060
+poly1305		1061
+siphash		1062
+kx_any		1063
+auth_any		1064
+aria_128_ecb		1065
+aria_128_cbc		1066
+aria_128_cfb128		1067
+aria_128_ofb128		1068
+aria_128_ctr		1069
+aria_192_ecb		1070
+aria_192_cbc		1071
+aria_192_cfb128		1072
+aria_192_ofb128		1073
+aria_192_ctr		1074
+aria_256_ecb		1075
+aria_256_cbc		1076
+aria_256_cfb128		1077
+aria_256_ofb128		1078
+aria_256_ctr		1079
+aria_128_cfb1		1080
+aria_192_cfb1		1081
+aria_256_cfb1		1082
+aria_128_cfb8		1083
+aria_192_cfb8		1084
+aria_256_cfb8		1085
+id_smime_aa_signingCertificateV2		1086
+ED25519		1087
+ED448		1088
+organizationIdentifier		1089
+countryCode3c		1090
+countryCode3n		1091
+dnsName		1092
+x509ExtAdmission		1093
+sha512_224		1094
+sha512_256		1095
+sha3_224		1096
+sha3_256		1097
+sha3_384		1098
+sha3_512		1099
+shake128		1100
+shake256		1101
+hmac_sha3_224		1102
+hmac_sha3_256		1103
+hmac_sha3_384		1104
+hmac_sha3_512		1105
+dsa_with_SHA384		1106
+dsa_with_SHA512		1107
+dsa_with_SHA3_224		1108
+dsa_with_SHA3_256		1109
+dsa_with_SHA3_384		1110
+dsa_with_SHA3_512		1111
+ecdsa_with_SHA3_224		1112
+ecdsa_with_SHA3_256		1113
+ecdsa_with_SHA3_384		1114
+ecdsa_with_SHA3_512		1115
+RSA_SHA3_224		1116
+RSA_SHA3_256		1117
+RSA_SHA3_384		1118
+RSA_SHA3_512		1119
+aria_128_ccm		1120
+aria_192_ccm		1121
+aria_256_ccm		1122
+aria_128_gcm		1123
+aria_192_gcm		1124
+aria_256_gcm		1125
+ffdhe2048		1126
+ffdhe3072		1127
+ffdhe4096		1128
+ffdhe6144		1129
+ffdhe8192		1130
+cmcCA		1131
+cmcRA		1132
+sm4_ecb		1133
+sm4_cbc		1134
+sm4_ofb128		1135
+sm4_cfb1		1136
+sm4_cfb128		1137
+sm4_cfb8		1138
+sm4_ctr		1139
+ISO_CN		1140
+oscca		1141
+sm_scheme		1142
+sm3		1143
+sm3WithRSAEncryption		1144
+sha512_224WithRSAEncryption		1145
+sha512_256WithRSAEncryption		1146
+id_tc26_gost_3410_2012_256_constants		1147
+id_tc26_gost_3410_2012_256_paramSetA		1148
+id_tc26_gost_3410_2012_512_paramSetC		1149
+ISO_UA		1150
+ua_pki		1151
+dstu28147		1152
+dstu28147_ofb		1153
+dstu28147_cfb		1154
+dstu28147_wrap		1155
+hmacWithDstu34311		1156
+dstu34311		1157
+dstu4145le		1158
+dstu4145be		1159
+uacurve0		1160
+uacurve1		1161
+uacurve2		1162
+uacurve3		1163
+uacurve4		1164
+uacurve5		1165
+uacurve6		1166
+uacurve7		1167
+uacurve8		1168
+uacurve9		1169
+ieee		1170
+ieee_siswg		1171
+sm2		1172
+id_tc26_cipher_gostr3412_2015_magma		1173
+id_tc26_cipher_gostr3412_2015_magma_ctracpkm		1174
+id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac		1175
+id_tc26_cipher_gostr3412_2015_kuznyechik		1176
+id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm		1177
+id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac		1178
+id_tc26_wrap		1179
+id_tc26_wrap_gostr3412_2015_magma		1180
+id_tc26_wrap_gostr3412_2015_magma_kexp15		1181
+id_tc26_wrap_gostr3412_2015_kuznyechik		1182
+id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15		1183
+id_tc26_gost_3410_2012_256_paramSetB		1184
+id_tc26_gost_3410_2012_256_paramSetC		1185
+id_tc26_gost_3410_2012_256_paramSetD		1186
+magma_ecb		1187
+magma_ctr		1188
+magma_ofb		1189
+magma_cbc		1190
+magma_cfb		1191
+magma_mac		1192
+hmacWithSHA512_224		1193
+hmacWithSHA512_256		1194
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/objects/obj_xref.c b/trunk/3rdparty/openssl-1.1-fit/crypto/objects/obj_xref.c
new file mode 100644
index 000000000..faf59eb20
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/objects/obj_xref.c
@@ -0,0 +1,139 @@
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/objects.h>
+#include "obj_xref.h"
+#include "internal/nelem.h"
+#include <openssl/err.h>
+
+static STACK_OF(nid_triple) *sig_app, *sigx_app;
+
+static int sig_cmp(const nid_triple *a, const nid_triple *b)
+{
+    return a->sign_id - b->sign_id;
+}
+
+DECLARE_OBJ_BSEARCH_CMP_FN(nid_triple, nid_triple, sig);
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(nid_triple, nid_triple, sig);
+
+static int sig_sk_cmp(const nid_triple *const *a, const nid_triple *const *b)
+{
+    return (*a)->sign_id - (*b)->sign_id;
+}
+
+DECLARE_OBJ_BSEARCH_CMP_FN(const nid_triple *, const nid_triple *, sigx);
+
+static int sigx_cmp(const nid_triple *const *a, const nid_triple *const *b)
+{
+    int ret;
+    ret = (*a)->hash_id - (*b)->hash_id;
+    if (ret)
+        return ret;
+    return (*a)->pkey_id - (*b)->pkey_id;
+}
+
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const nid_triple *, const nid_triple *, sigx);
+
+int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid)
+{
+    nid_triple tmp;
+    const nid_triple *rv = NULL;
+    tmp.sign_id = signid;
+
+    if (sig_app != NULL) {
+        int idx = sk_nid_triple_find(sig_app, &tmp);
+        rv = sk_nid_triple_value(sig_app, idx);
+    }
+#ifndef OBJ_XREF_TEST2
+    if (rv == NULL) {
+        rv = OBJ_bsearch_sig(&tmp, sigoid_srt, OSSL_NELEM(sigoid_srt));
+    }
+#endif
+    if (rv == NULL)
+        return 0;
+    if (pdig_nid)
+        *pdig_nid = rv->hash_id;
+    if (ppkey_nid)
+        *ppkey_nid = rv->pkey_id;
+    return 1;
+}
+
+int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid)
+{
+    nid_triple tmp;
+    const nid_triple *t = &tmp;
+    const nid_triple **rv = NULL;
+
+    tmp.hash_id = dig_nid;
+    tmp.pkey_id = pkey_nid;
+
+    if (sigx_app) {
+        int idx = sk_nid_triple_find(sigx_app, &tmp);
+        if (idx >= 0) {
+            t = sk_nid_triple_value(sigx_app, idx);
+            rv = &t;
+        }
+    }
+#ifndef OBJ_XREF_TEST2
+    if (rv == NULL) {
+        rv = OBJ_bsearch_sigx(&t, sigoid_srt_xref, OSSL_NELEM(sigoid_srt_xref));
+    }
+#endif
+    if (rv == NULL)
+        return 0;
+    if (psignid)
+        *psignid = (*rv)->sign_id;
+    return 1;
+}
+
+int OBJ_add_sigid(int signid, int dig_id, int pkey_id)
+{
+    nid_triple *ntr;
+    if (sig_app == NULL)
+        sig_app = sk_nid_triple_new(sig_sk_cmp);
+    if (sig_app == NULL)
+        return 0;
+    if (sigx_app == NULL)
+        sigx_app = sk_nid_triple_new(sigx_cmp);
+    if (sigx_app == NULL)
+        return 0;
+    if ((ntr = OPENSSL_malloc(sizeof(*ntr))) == NULL) {
+        OBJerr(OBJ_F_OBJ_ADD_SIGID, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ntr->sign_id = signid;
+    ntr->hash_id = dig_id;
+    ntr->pkey_id = pkey_id;
+
+    if (!sk_nid_triple_push(sig_app, ntr)) {
+        OPENSSL_free(ntr);
+        return 0;
+    }
+
+    if (!sk_nid_triple_push(sigx_app, ntr))
+        return 0;
+
+    sk_nid_triple_sort(sig_app);
+    sk_nid_triple_sort(sigx_app);
+
+    return 1;
+}
+
+static void sid_free(nid_triple *tt)
+{
+    OPENSSL_free(tt);
+}
+
+void OBJ_sigid_free(void)
+{
+    sk_nid_triple_pop_free(sig_app, sid_free);
+    sig_app = NULL;
+    sk_nid_triple_free(sigx_app);
+    sigx_app = NULL;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/objects/obj_xref.h b/trunk/3rdparty/openssl-1.1-fit/crypto/objects/obj_xref.h
new file mode 100644
index 000000000..9144d569d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/objects/obj_xref.h
@@ -0,0 +1,128 @@
+/*
+ * WARNING: do not edit!
+ * Generated by objxref.pl
+ *
+ * Copyright 1998-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+
+typedef struct {
+    int sign_id;
+    int hash_id;
+    int pkey_id;
+} nid_triple;
+
+DEFINE_STACK_OF(nid_triple)
+
+static const nid_triple sigoid_srt[] = {
+    {NID_md2WithRSAEncryption, NID_md2, NID_rsaEncryption},
+    {NID_md5WithRSAEncryption, NID_md5, NID_rsaEncryption},
+    {NID_shaWithRSAEncryption, NID_sha, NID_rsaEncryption},
+    {NID_sha1WithRSAEncryption, NID_sha1, NID_rsaEncryption},
+    {NID_dsaWithSHA, NID_sha, NID_dsa},
+    {NID_dsaWithSHA1_2, NID_sha1, NID_dsa_2},
+    {NID_mdc2WithRSA, NID_mdc2, NID_rsaEncryption},
+    {NID_md5WithRSA, NID_md5, NID_rsa},
+    {NID_dsaWithSHA1, NID_sha1, NID_dsa},
+    {NID_sha1WithRSA, NID_sha1, NID_rsa},
+    {NID_ripemd160WithRSA, NID_ripemd160, NID_rsaEncryption},
+    {NID_md4WithRSAEncryption, NID_md4, NID_rsaEncryption},
+    {NID_ecdsa_with_SHA1, NID_sha1, NID_X9_62_id_ecPublicKey},
+    {NID_sha256WithRSAEncryption, NID_sha256, NID_rsaEncryption},
+    {NID_sha384WithRSAEncryption, NID_sha384, NID_rsaEncryption},
+    {NID_sha512WithRSAEncryption, NID_sha512, NID_rsaEncryption},
+    {NID_sha224WithRSAEncryption, NID_sha224, NID_rsaEncryption},
+    {NID_ecdsa_with_Recommended, NID_undef, NID_X9_62_id_ecPublicKey},
+    {NID_ecdsa_with_Specified, NID_undef, NID_X9_62_id_ecPublicKey},
+    {NID_ecdsa_with_SHA224, NID_sha224, NID_X9_62_id_ecPublicKey},
+    {NID_ecdsa_with_SHA256, NID_sha256, NID_X9_62_id_ecPublicKey},
+    {NID_ecdsa_with_SHA384, NID_sha384, NID_X9_62_id_ecPublicKey},
+    {NID_ecdsa_with_SHA512, NID_sha512, NID_X9_62_id_ecPublicKey},
+    {NID_dsa_with_SHA224, NID_sha224, NID_dsa},
+    {NID_dsa_with_SHA256, NID_sha256, NID_dsa},
+    {NID_id_GostR3411_94_with_GostR3410_2001, NID_id_GostR3411_94,
+     NID_id_GostR3410_2001},
+    {NID_id_GostR3411_94_with_GostR3410_94, NID_id_GostR3411_94,
+     NID_id_GostR3410_94},
+    {NID_id_GostR3411_94_with_GostR3410_94_cc, NID_id_GostR3411_94,
+     NID_id_GostR3410_94_cc},
+    {NID_id_GostR3411_94_with_GostR3410_2001_cc, NID_id_GostR3411_94,
+     NID_id_GostR3410_2001_cc},
+    {NID_rsassaPss, NID_undef, NID_rsaEncryption},
+    {NID_dhSinglePass_stdDH_sha1kdf_scheme, NID_sha1, NID_dh_std_kdf},
+    {NID_dhSinglePass_stdDH_sha224kdf_scheme, NID_sha224, NID_dh_std_kdf},
+    {NID_dhSinglePass_stdDH_sha256kdf_scheme, NID_sha256, NID_dh_std_kdf},
+    {NID_dhSinglePass_stdDH_sha384kdf_scheme, NID_sha384, NID_dh_std_kdf},
+    {NID_dhSinglePass_stdDH_sha512kdf_scheme, NID_sha512, NID_dh_std_kdf},
+    {NID_dhSinglePass_cofactorDH_sha1kdf_scheme, NID_sha1,
+     NID_dh_cofactor_kdf},
+    {NID_dhSinglePass_cofactorDH_sha224kdf_scheme, NID_sha224,
+     NID_dh_cofactor_kdf},
+    {NID_dhSinglePass_cofactorDH_sha256kdf_scheme, NID_sha256,
+     NID_dh_cofactor_kdf},
+    {NID_dhSinglePass_cofactorDH_sha384kdf_scheme, NID_sha384,
+     NID_dh_cofactor_kdf},
+    {NID_dhSinglePass_cofactorDH_sha512kdf_scheme, NID_sha512,
+     NID_dh_cofactor_kdf},
+    {NID_id_tc26_signwithdigest_gost3410_2012_256, NID_id_GostR3411_2012_256,
+     NID_id_GostR3410_2012_256},
+    {NID_id_tc26_signwithdigest_gost3410_2012_512, NID_id_GostR3411_2012_512,
+     NID_id_GostR3410_2012_512},
+    {NID_ED25519, NID_undef, NID_ED25519},
+    {NID_ED448, NID_undef, NID_ED448},
+    {NID_RSA_SHA3_224, NID_sha3_224, NID_rsaEncryption},
+    {NID_RSA_SHA3_256, NID_sha3_256, NID_rsaEncryption},
+    {NID_RSA_SHA3_384, NID_sha3_384, NID_rsaEncryption},
+    {NID_RSA_SHA3_512, NID_sha3_512, NID_rsaEncryption},
+};
+
+static const nid_triple *const sigoid_srt_xref[] = {
+    &sigoid_srt[0],
+    &sigoid_srt[1],
+    &sigoid_srt[7],
+    &sigoid_srt[2],
+    &sigoid_srt[4],
+    &sigoid_srt[3],
+    &sigoid_srt[9],
+    &sigoid_srt[5],
+    &sigoid_srt[8],
+    &sigoid_srt[12],
+    &sigoid_srt[30],
+    &sigoid_srt[35],
+    &sigoid_srt[6],
+    &sigoid_srt[10],
+    &sigoid_srt[11],
+    &sigoid_srt[13],
+    &sigoid_srt[24],
+    &sigoid_srt[20],
+    &sigoid_srt[32],
+    &sigoid_srt[37],
+    &sigoid_srt[14],
+    &sigoid_srt[21],
+    &sigoid_srt[33],
+    &sigoid_srt[38],
+    &sigoid_srt[15],
+    &sigoid_srt[22],
+    &sigoid_srt[34],
+    &sigoid_srt[39],
+    &sigoid_srt[16],
+    &sigoid_srt[23],
+    &sigoid_srt[19],
+    &sigoid_srt[31],
+    &sigoid_srt[36],
+    &sigoid_srt[25],
+    &sigoid_srt[26],
+    &sigoid_srt[27],
+    &sigoid_srt[28],
+    &sigoid_srt[40],
+    &sigoid_srt[41],
+    &sigoid_srt[44],
+    &sigoid_srt[45],
+    &sigoid_srt[46],
+    &sigoid_srt[47],
+};
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/objects/obj_xref.txt b/trunk/3rdparty/openssl-1.1-fit/crypto/objects/obj_xref.txt
new file mode 100644
index 000000000..ca3e74461
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/objects/obj_xref.txt
@@ -0,0 +1,66 @@
+# OID cross reference table.
+# Links signatures OIDs to their corresponding public key algorithms
+# and digests.
+
+md2WithRSAEncryption	md2	rsaEncryption
+md5WithRSAEncryption	md5	rsaEncryption
+shaWithRSAEncryption	sha	rsaEncryption
+sha1WithRSAEncryption	sha1	rsaEncryption
+md4WithRSAEncryption	md4	rsaEncryption
+sha256WithRSAEncryption sha256	rsaEncryption
+sha384WithRSAEncryption	sha384	rsaEncryption
+sha512WithRSAEncryption	sha512	rsaEncryption
+sha224WithRSAEncryption	sha224	rsaEncryption
+mdc2WithRSA		mdc2	rsaEncryption
+ripemd160WithRSA	ripemd160 rsaEncryption
+RSA_SHA3_224		sha3_224 rsaEncryption
+RSA_SHA3_256		sha3_256 rsaEncryption
+RSA_SHA3_384		sha3_384 rsaEncryption
+RSA_SHA3_512		sha3_512 rsaEncryption
+# For PSS the digest algorithm can vary and depends on the included
+# AlgorithmIdentifier. The digest "undef" indicates the public key
+# method should handle this explicitly.
+rsassaPss		undef	rsaEncryption
+ED25519		    undef	ED25519
+ED448		    undef	ED448
+
+# Alternative deprecated OIDs. By using the older "rsa" OID this
+# type will be recognized by not normally used.
+
+md5WithRSA		md5	rsa
+sha1WithRSA		sha1	rsa
+
+dsaWithSHA		sha	dsa
+dsaWithSHA1		sha1	dsa
+
+dsaWithSHA1_2		sha1	dsa_2
+
+ecdsa_with_SHA1		sha1	X9_62_id_ecPublicKey
+ecdsa_with_SHA224	sha224	X9_62_id_ecPublicKey
+ecdsa_with_SHA256	sha256	X9_62_id_ecPublicKey
+ecdsa_with_SHA384	sha384	X9_62_id_ecPublicKey
+ecdsa_with_SHA512	sha512	X9_62_id_ecPublicKey
+ecdsa_with_Recommended	undef	X9_62_id_ecPublicKey
+ecdsa_with_Specified	undef	X9_62_id_ecPublicKey
+
+dsa_with_SHA224		sha224	dsa
+dsa_with_SHA256		sha256	dsa
+
+id_GostR3411_94_with_GostR3410_2001	id_GostR3411_94 id_GostR3410_2001
+id_GostR3411_94_with_GostR3410_94	id_GostR3411_94 id_GostR3410_94
+id_GostR3411_94_with_GostR3410_94_cc	id_GostR3411_94 id_GostR3410_94_cc
+id_GostR3411_94_with_GostR3410_2001_cc	id_GostR3411_94 id_GostR3410_2001_cc
+id_tc26_signwithdigest_gost3410_2012_256 id_GostR3411_2012_256 id_GostR3410_2012_256
+id_tc26_signwithdigest_gost3410_2012_512 id_GostR3411_2012_512 id_GostR3410_2012_512
+# ECDH KDFs and their corresponding message digests and schemes
+dhSinglePass_stdDH_sha1kdf_scheme		sha1	dh_std_kdf
+dhSinglePass_stdDH_sha224kdf_scheme		sha224	dh_std_kdf
+dhSinglePass_stdDH_sha256kdf_scheme		sha256	dh_std_kdf
+dhSinglePass_stdDH_sha384kdf_scheme		sha384	dh_std_kdf
+dhSinglePass_stdDH_sha512kdf_scheme		sha512	dh_std_kdf
+
+dhSinglePass_cofactorDH_sha1kdf_scheme		sha1	dh_cofactor_kdf
+dhSinglePass_cofactorDH_sha224kdf_scheme	sha224	dh_cofactor_kdf
+dhSinglePass_cofactorDH_sha256kdf_scheme	sha256	dh_cofactor_kdf
+dhSinglePass_cofactorDH_sha384kdf_scheme	sha384	dh_cofactor_kdf
+dhSinglePass_cofactorDH_sha512kdf_scheme	sha512	dh_cofactor_kdf
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/objects/objects.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/objects/objects.pl
new file mode 100644
index 000000000..d7d1962c9
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/objects/objects.pl
@@ -0,0 +1,203 @@
+#! /usr/bin/env perl
+# Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use Getopt::Std;
+
+our($opt_n);
+getopts('n');
+
+# Output year depends on the year of the script and the input file.
+my $YEAR = [localtime([stat($0)]->[9])]->[5] + 1900;
+my $iYEAR = [localtime([stat($ARGV[0])]->[9])]->[5] + 1900;
+$YEAR = $iYEAR if $iYEAR > $YEAR;
+$iYEAR = [localtime([stat($ARGV[1])]->[9])]->[5] + 1900;
+$YEAR = $iYEAR if $iYEAR > $YEAR;
+
+open (NUMIN,"$ARGV[1]") || die "Can't open number file $ARGV[1]";
+$max_nid=0;
+$o=0;
+while(<NUMIN>)
+	{
+	s|\R$||;
+	$o++;
+	s/#.*$//;
+	next if /^\s*$/;
+	$_ = 'X'.$_;
+	($Cname,$mynum) = split;
+	$Cname =~ s/^X//;
+	if (defined($nidn{$mynum}))
+		{ die "$ARGV[1]:$o:There's already an object with NID ",$mynum," on line ",$order{$mynum},"\n"; }
+	if (defined($nid{$Cname}))
+		{ die "$ARGV[1]:$o:There's already an object with name ",$Cname," on line ",$order{$nid{$Cname}},"\n"; }
+	$nid{$Cname} = $mynum;
+	$nidn{$mynum} = $Cname;
+	$order{$mynum} = $o;
+	$max_nid = $mynum if $mynum > $max_nid;
+	}
+close NUMIN;
+
+open (IN,"$ARGV[0]") || die "Can't open input file $ARGV[0]";
+$Cname="";
+$o=0;
+while (<IN>)
+	{
+	s|\R$||;
+	$o++;
+        if (/^!module\s+(.*)$/)
+		{
+		$module = $1."-";
+		$module =~ s/\./_/g;
+		$module =~ s/-/_/g;
+		}
+        if (/^!global$/)
+		{ $module = ""; }
+	if (/^!Cname\s+(.*)$/)
+		{ $Cname = $1; }
+	if (/^!Alias\s+(.+?)\s+(.*)$/)
+		{
+		$Cname = $module.$1;
+		$myoid = $2;
+		$myoid = &process_oid($myoid);
+		$Cname =~ s/-/_/g;
+		$ordern{$o} = $Cname;
+		$order{$Cname} = $o;
+		$obj{$Cname} = $myoid;
+		$_ = "";
+		$Cname = "";
+		}
+	s/!.*$//;
+	s/#.*$//;
+	next if /^\s*$/;
+	($myoid,$mysn,$myln) = split ':';
+	$mysn =~ s/^\s*//;
+	$mysn =~ s/\s*$//;
+	$myln =~ s/^\s*//;
+	$myln =~ s/\s*$//;
+	$myoid =~ s/^\s*//;
+	$myoid =~ s/\s*$//;
+	if ($myoid ne "")
+		{
+		$myoid = &process_oid($myoid);
+		}
+
+	if ($Cname eq "" && ($myln =~ /^[_A-Za-z][\w.-]*$/ ))
+		{
+		$Cname = $myln;
+		$Cname =~ s/\./_/g;
+		$Cname =~ s/-/_/g;
+		if ($Cname ne "" && defined($ln{$module.$Cname}))
+			{ die "objects.txt:$o:There's already an object with long name ",$ln{$module.$Cname}," on line ",$order{$module.$Cname},"\n"; }
+		}
+	if ($Cname eq "")
+		{
+		$Cname = $mysn;
+		$Cname =~ s/-/_/g;
+		if ($Cname ne "" && defined($sn{$module.$Cname}))
+			{ die "objects.txt:$o:There's already an object with short name ",$sn{$module.$Cname}," on line ",$order{$module.$Cname},"\n"; }
+		}
+	if ($Cname eq "")
+		{
+		$Cname = $myln;
+		$Cname =~ s/-/_/g;
+		$Cname =~ s/\./_/g;
+		$Cname =~ s/ /_/g;
+		if ($Cname ne "" && defined($ln{$module.$Cname}))
+			{ die "objects.txt:$o:There's already an object with long name ",$ln{$module.$Cname}," on line ",$order{$module.$Cname},"\n"; }
+		}
+	$Cname =~ s/\./_/g;
+	$Cname =~ s/-/_/g;
+	$Cname = $module.$Cname;
+	$ordern{$o} = $Cname;
+	$order{$Cname} = $o;
+	$sn{$Cname} = $mysn;
+	$ln{$Cname} = $myln;
+	$obj{$Cname} = $myoid;
+	if (!defined($nid{$Cname}))
+		{
+		$max_nid++;
+		$nid{$Cname} = $max_nid;
+		$nidn{$max_nid} = $Cname;
+print STDERR "Added OID $Cname\n";
+		}
+	$Cname="";
+	}
+close IN;
+
+if ( $opt_n ) {
+    foreach (sort { $a <=> $b } keys %nidn)
+            {
+            print $nidn{$_},"\t\t",$_,"\n";
+            }
+    exit;
+}
+
+print <<"EOF";
+/*
+ * WARNING: do not edit!
+ * Generated by crypto/objects/objects.pl
+ *
+ * Copyright 2000-$YEAR The OpenSSL Project Authors. All Rights Reserved.
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#define SN_undef                        "UNDEF"
+#define LN_undef                        "undefined"
+#define NID_undef                       0
+#define OBJ_undef                       0L
+EOF
+
+sub expand
+	{
+	my $string = shift;
+
+	1 while $string =~ s/\t+/' ' x (length($&) * 8 - length($`) % 8)/e;
+
+	return $string;
+	}
+
+foreach (sort { $a <=> $b } keys %ordern)
+	{
+	$Cname=$ordern{$_};
+	print "\n";
+	print expand("#define SN_$Cname\t\t\"$sn{$Cname}\"\n") if $sn{$Cname} ne "";
+	print expand("#define LN_$Cname\t\t\"$ln{$Cname}\"\n") if $ln{$Cname} ne "";
+	print expand("#define NID_$Cname\t\t$nid{$Cname}\n") if $nid{$Cname} ne "";
+	print expand("#define OBJ_$Cname\t\t$obj{$Cname}\n") if $obj{$Cname} ne "";
+	}
+
+sub process_oid
+	{
+	local($oid)=@_;
+	local(@a,$oid_pref);
+
+	@a = split(/\s+/,$myoid);
+	$pref_oid = "";
+	$pref_sep = "";
+	if (!($a[0] =~ /^[0-9]+$/))
+		{
+		$a[0] =~ s/-/_/g;
+		if (!defined($obj{$a[0]}))
+			{ die "$ARGV[0]:$o:Undefined identifier ",$a[0],"\n"; }
+		$pref_oid = "OBJ_" . $a[0];
+		$pref_sep = ",";
+		shift @a;
+		}
+	$oids = join('L,',@a) . "L";
+	if ($oids ne "L")
+		{
+		$oids = $pref_oid . $pref_sep . $oids;
+		}
+	else
+		{
+		$oids = $pref_oid;
+		}
+	return($oids);
+	}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/objects/objects.txt b/trunk/3rdparty/openssl-1.1-fit/crypto/objects/objects.txt
new file mode 100644
index 000000000..6dbc41ce3
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/objects/objects.txt
@@ -0,0 +1,1677 @@
+# CCITT was renamed to ITU-T quite some time ago
+0			: ITU-T			: itu-t
+!Alias ccitt itu-t
+
+1			: ISO			: iso
+
+2			: JOINT-ISO-ITU-T	: joint-iso-itu-t
+!Alias joint-iso-ccitt joint-iso-itu-t
+
+iso 2			: member-body		: ISO Member Body
+
+iso 3			: identified-organization
+
+# HMAC OIDs
+identified-organization 6 1 5 5 8 1 1	: HMAC-MD5	: hmac-md5
+identified-organization 6 1 5 5 8 1 2	: HMAC-SHA1	: hmac-sha1
+
+# "1.3.36.8.3.3"
+identified-organization 36 8 3 3	: x509ExtAdmission	: Professional Information or basis for Admission
+
+identified-organization 132	: certicom-arc
+
+identified-organization 111     : ieee
+ieee 2 1619                     : ieee-siswg    : IEEE Security in Storage Working Group
+
+joint-iso-itu-t 23	: international-organizations	: International Organizations
+
+international-organizations 43	: wap
+wap 1			: wap-wsg
+
+joint-iso-itu-t 5 1 5	: selected-attribute-types	: Selected Attribute Types
+
+selected-attribute-types 55	: clearance
+
+member-body 840		: ISO-US		: ISO US Member Body
+ISO-US 10040		: X9-57			: X9.57
+X9-57 4			: X9cm			: X9.57 CM ?
+
+member-body 156         : ISO-CN        : ISO CN Member Body
+ISO-CN 10197            : oscca
+oscca 1                 : sm-scheme
+
+!Cname dsa
+X9cm 1			: DSA			: dsaEncryption
+X9cm 3			: DSA-SHA1		: dsaWithSHA1
+
+
+ISO-US 10045		: ansi-X9-62		: ANSI X9.62
+!module X9-62
+!Alias id-fieldType ansi-X9-62 1
+X9-62_id-fieldType 1		: prime-field
+X9-62_id-fieldType 2		: characteristic-two-field
+X9-62_characteristic-two-field 3 : id-characteristic-two-basis
+X9-62_id-characteristic-two-basis 1 : onBasis
+X9-62_id-characteristic-two-basis 2 : tpBasis
+X9-62_id-characteristic-two-basis 3 : ppBasis
+!Alias id-publicKeyType ansi-X9-62 2
+X9-62_id-publicKeyType 1	: id-ecPublicKey
+!Alias ellipticCurve ansi-X9-62 3
+!Alias c-TwoCurve X9-62_ellipticCurve 0
+X9-62_c-TwoCurve 1		: c2pnb163v1
+X9-62_c-TwoCurve 2		: c2pnb163v2
+X9-62_c-TwoCurve 3		: c2pnb163v3
+X9-62_c-TwoCurve 4		: c2pnb176v1
+X9-62_c-TwoCurve 5		: c2tnb191v1
+X9-62_c-TwoCurve 6		: c2tnb191v2
+X9-62_c-TwoCurve 7		: c2tnb191v3
+X9-62_c-TwoCurve 8		: c2onb191v4
+X9-62_c-TwoCurve 9		: c2onb191v5
+X9-62_c-TwoCurve 10		: c2pnb208w1
+X9-62_c-TwoCurve 11		: c2tnb239v1
+X9-62_c-TwoCurve 12		: c2tnb239v2
+X9-62_c-TwoCurve 13		: c2tnb239v3
+X9-62_c-TwoCurve 14		: c2onb239v4
+X9-62_c-TwoCurve 15		: c2onb239v5
+X9-62_c-TwoCurve 16		: c2pnb272w1
+X9-62_c-TwoCurve 17		: c2pnb304w1
+X9-62_c-TwoCurve 18		: c2tnb359v1
+X9-62_c-TwoCurve 19		: c2pnb368w1
+X9-62_c-TwoCurve 20		: c2tnb431r1
+!Alias primeCurve X9-62_ellipticCurve 1
+X9-62_primeCurve 1	 	: prime192v1
+X9-62_primeCurve 2	 	: prime192v2
+X9-62_primeCurve 3	 	: prime192v3
+X9-62_primeCurve 4	 	: prime239v1
+X9-62_primeCurve 5	 	: prime239v2
+X9-62_primeCurve 6	 	: prime239v3
+X9-62_primeCurve 7	 	: prime256v1
+!Alias id-ecSigType ansi-X9-62 4
+!global
+X9-62_id-ecSigType 1		: ecdsa-with-SHA1
+X9-62_id-ecSigType 2		: ecdsa-with-Recommended
+X9-62_id-ecSigType 3		: ecdsa-with-Specified
+ecdsa-with-Specified 1		: ecdsa-with-SHA224
+ecdsa-with-Specified 2		: ecdsa-with-SHA256
+ecdsa-with-Specified 3		: ecdsa-with-SHA384
+ecdsa-with-Specified 4		: ecdsa-with-SHA512
+
+# SECG curve OIDs from "SEC 2: Recommended Elliptic Curve Domain Parameters"
+# (http://www.secg.org/)
+!Alias secg_ellipticCurve certicom-arc 0
+# SECG prime curves OIDs
+secg-ellipticCurve 6		: secp112r1
+secg-ellipticCurve 7		: secp112r2
+secg-ellipticCurve 28		: secp128r1
+secg-ellipticCurve 29		: secp128r2
+secg-ellipticCurve 9		: secp160k1
+secg-ellipticCurve 8		: secp160r1
+secg-ellipticCurve 30		: secp160r2
+secg-ellipticCurve 31		: secp192k1
+# NOTE: the curve secp192r1 is the same as prime192v1 defined above
+#       and is therefore omitted
+secg-ellipticCurve 32		: secp224k1
+secg-ellipticCurve 33		: secp224r1
+secg-ellipticCurve 10		: secp256k1
+# NOTE: the curve secp256r1 is the same as prime256v1 defined above
+#       and is therefore omitted
+secg-ellipticCurve 34		: secp384r1
+secg-ellipticCurve 35		: secp521r1
+# SECG characteristic two curves OIDs
+secg-ellipticCurve 4		: sect113r1
+secg-ellipticCurve 5		: sect113r2
+secg-ellipticCurve 22		: sect131r1
+secg-ellipticCurve 23		: sect131r2
+secg-ellipticCurve 1		: sect163k1
+secg-ellipticCurve 2		: sect163r1
+secg-ellipticCurve 15		: sect163r2
+secg-ellipticCurve 24		: sect193r1
+secg-ellipticCurve 25		: sect193r2
+secg-ellipticCurve 26		: sect233k1
+secg-ellipticCurve 27		: sect233r1
+secg-ellipticCurve 3		: sect239k1
+secg-ellipticCurve 16		: sect283k1
+secg-ellipticCurve 17		: sect283r1
+secg-ellipticCurve 36		: sect409k1
+secg-ellipticCurve 37		: sect409r1
+secg-ellipticCurve 38		: sect571k1
+secg-ellipticCurve 39		: sect571r1
+
+# WAP/TLS curve OIDs (http://www.wapforum.org/)
+!Alias wap-wsg-idm-ecid wap-wsg 4
+wap-wsg-idm-ecid 1	: wap-wsg-idm-ecid-wtls1
+wap-wsg-idm-ecid 3	: wap-wsg-idm-ecid-wtls3
+wap-wsg-idm-ecid 4	: wap-wsg-idm-ecid-wtls4
+wap-wsg-idm-ecid 5	: wap-wsg-idm-ecid-wtls5
+wap-wsg-idm-ecid 6	: wap-wsg-idm-ecid-wtls6
+wap-wsg-idm-ecid 7	: wap-wsg-idm-ecid-wtls7
+wap-wsg-idm-ecid 8	: wap-wsg-idm-ecid-wtls8
+wap-wsg-idm-ecid 9	: wap-wsg-idm-ecid-wtls9
+wap-wsg-idm-ecid 10	: wap-wsg-idm-ecid-wtls10
+wap-wsg-idm-ecid 11	: wap-wsg-idm-ecid-wtls11
+wap-wsg-idm-ecid 12	: wap-wsg-idm-ecid-wtls12
+
+
+ISO-US 113533 7 66 10	: CAST5-CBC		: cast5-cbc
+			: CAST5-ECB		: cast5-ecb
+!Cname cast5-cfb64
+			: CAST5-CFB		: cast5-cfb
+!Cname cast5-ofb64
+			: CAST5-OFB		: cast5-ofb
+!Cname pbeWithMD5AndCast5-CBC
+ISO-US 113533 7 66 12	:			: pbeWithMD5AndCast5CBC
+
+# Macs for CMP and CRMF
+ISO-US 113533 7 66 13	: id-PasswordBasedMAC	: password based MAC
+ISO-US 113533 7 66 30	: id-DHBasedMac		: Diffie-Hellman based MAC
+
+ISO-US 113549		: rsadsi		: RSA Data Security, Inc.
+
+rsadsi 1		: pkcs			: RSA Data Security, Inc. PKCS
+
+pkcs 1			: pkcs1
+pkcs1 1			:			: rsaEncryption
+pkcs1 2			: RSA-MD2		: md2WithRSAEncryption
+pkcs1 3			: RSA-MD4		: md4WithRSAEncryption
+pkcs1 4			: RSA-MD5		: md5WithRSAEncryption
+pkcs1 5			: RSA-SHA1		: sha1WithRSAEncryption
+# According to PKCS #1 version 2.1
+pkcs1 7			: RSAES-OAEP		: rsaesOaep
+pkcs1 8			: MGF1			: mgf1
+pkcs1 9			: PSPECIFIED		: pSpecified
+pkcs1 10		: RSASSA-PSS		: rsassaPss
+
+pkcs1 11		: RSA-SHA256		: sha256WithRSAEncryption
+pkcs1 12		: RSA-SHA384		: sha384WithRSAEncryption
+pkcs1 13		: RSA-SHA512		: sha512WithRSAEncryption
+pkcs1 14		: RSA-SHA224		: sha224WithRSAEncryption
+pkcs1 15		: RSA-SHA512/224	: sha512-224WithRSAEncryption
+pkcs1 16		: RSA-SHA512/256	: sha512-256WithRSAEncryption
+
+pkcs 3			: pkcs3
+pkcs3 1			:			: dhKeyAgreement
+
+pkcs 5			: pkcs5
+pkcs5 1			: PBE-MD2-DES		: pbeWithMD2AndDES-CBC
+pkcs5 3			: PBE-MD5-DES		: pbeWithMD5AndDES-CBC
+pkcs5 4			: PBE-MD2-RC2-64	: pbeWithMD2AndRC2-CBC
+pkcs5 6			: PBE-MD5-RC2-64	: pbeWithMD5AndRC2-CBC
+pkcs5 10		: PBE-SHA1-DES		: pbeWithSHA1AndDES-CBC
+pkcs5 11		: PBE-SHA1-RC2-64	: pbeWithSHA1AndRC2-CBC
+!Cname id_pbkdf2
+pkcs5 12		:			: PBKDF2
+!Cname pbes2
+pkcs5 13		:			: PBES2
+!Cname pbmac1
+pkcs5 14		:			: PBMAC1
+
+pkcs 7			: pkcs7
+pkcs7 1			:			: pkcs7-data
+!Cname pkcs7-signed
+pkcs7 2			:			: pkcs7-signedData
+!Cname pkcs7-enveloped
+pkcs7 3			:			: pkcs7-envelopedData
+!Cname pkcs7-signedAndEnveloped
+pkcs7 4			:			: pkcs7-signedAndEnvelopedData
+!Cname pkcs7-digest
+pkcs7 5			:			: pkcs7-digestData
+!Cname pkcs7-encrypted
+pkcs7 6			:			: pkcs7-encryptedData
+
+pkcs 9			: pkcs9
+!module pkcs9
+pkcs9 1			: 			: emailAddress
+pkcs9 2			:			: unstructuredName
+pkcs9 3			:			: contentType
+pkcs9 4			:			: messageDigest
+pkcs9 5			:			: signingTime
+pkcs9 6			:			: countersignature
+pkcs9 7			:			: challengePassword
+pkcs9 8			:			: unstructuredAddress
+!Cname extCertAttributes
+pkcs9 9			:			: extendedCertificateAttributes
+!global
+
+!Cname ext-req
+pkcs9 14		: extReq		: Extension Request
+
+!Cname SMIMECapabilities
+pkcs9 15		: SMIME-CAPS		: S/MIME Capabilities
+
+# S/MIME
+!Cname SMIME
+pkcs9 16		: SMIME			: S/MIME
+SMIME 0			: id-smime-mod
+SMIME 1			: id-smime-ct
+SMIME 2			: id-smime-aa
+SMIME 3			: id-smime-alg
+SMIME 4			: id-smime-cd
+SMIME 5			: id-smime-spq
+SMIME 6			: id-smime-cti
+
+# S/MIME Modules
+id-smime-mod 1		: id-smime-mod-cms
+id-smime-mod 2		: id-smime-mod-ess
+id-smime-mod 3		: id-smime-mod-oid
+id-smime-mod 4		: id-smime-mod-msg-v3
+id-smime-mod 5		: id-smime-mod-ets-eSignature-88
+id-smime-mod 6		: id-smime-mod-ets-eSignature-97
+id-smime-mod 7		: id-smime-mod-ets-eSigPolicy-88
+id-smime-mod 8		: id-smime-mod-ets-eSigPolicy-97
+
+# S/MIME Content Types
+id-smime-ct 1		: id-smime-ct-receipt
+id-smime-ct 2		: id-smime-ct-authData
+id-smime-ct 3		: id-smime-ct-publishCert
+id-smime-ct 4		: id-smime-ct-TSTInfo
+id-smime-ct 5		: id-smime-ct-TDTInfo
+id-smime-ct 6		: id-smime-ct-contentInfo
+id-smime-ct 7		: id-smime-ct-DVCSRequestData
+id-smime-ct 8		: id-smime-ct-DVCSResponseData
+id-smime-ct 9		: id-smime-ct-compressedData
+id-smime-ct 19		: id-smime-ct-contentCollection
+id-smime-ct 23		: id-smime-ct-authEnvelopedData
+id-smime-ct 27		: id-ct-asciiTextWithCRLF
+id-smime-ct 28		: id-ct-xml
+
+# S/MIME Attributes
+id-smime-aa 1		: id-smime-aa-receiptRequest
+id-smime-aa 2		: id-smime-aa-securityLabel
+id-smime-aa 3		: id-smime-aa-mlExpandHistory
+id-smime-aa 4		: id-smime-aa-contentHint
+id-smime-aa 5		: id-smime-aa-msgSigDigest
+# obsolete
+id-smime-aa 6		: id-smime-aa-encapContentType
+id-smime-aa 7		: id-smime-aa-contentIdentifier
+# obsolete
+id-smime-aa 8		: id-smime-aa-macValue
+id-smime-aa 9		: id-smime-aa-equivalentLabels
+id-smime-aa 10		: id-smime-aa-contentReference
+id-smime-aa 11		: id-smime-aa-encrypKeyPref
+id-smime-aa 12		: id-smime-aa-signingCertificate
+id-smime-aa 13		: id-smime-aa-smimeEncryptCerts
+id-smime-aa 14		: id-smime-aa-timeStampToken
+id-smime-aa 15		: id-smime-aa-ets-sigPolicyId
+id-smime-aa 16		: id-smime-aa-ets-commitmentType
+id-smime-aa 17		: id-smime-aa-ets-signerLocation
+id-smime-aa 18		: id-smime-aa-ets-signerAttr
+id-smime-aa 19		: id-smime-aa-ets-otherSigCert
+id-smime-aa 20		: id-smime-aa-ets-contentTimestamp
+id-smime-aa 21		: id-smime-aa-ets-CertificateRefs
+id-smime-aa 22		: id-smime-aa-ets-RevocationRefs
+id-smime-aa 23		: id-smime-aa-ets-certValues
+id-smime-aa 24		: id-smime-aa-ets-revocationValues
+id-smime-aa 25		: id-smime-aa-ets-escTimeStamp
+id-smime-aa 26		: id-smime-aa-ets-certCRLTimestamp
+id-smime-aa 27		: id-smime-aa-ets-archiveTimeStamp
+id-smime-aa 28		: id-smime-aa-signatureType
+id-smime-aa 29		: id-smime-aa-dvcs-dvc
+id-smime-aa 47		: id-smime-aa-signingCertificateV2
+
+# S/MIME Algorithm Identifiers
+# obsolete
+id-smime-alg 1		: id-smime-alg-ESDHwith3DES
+# obsolete
+id-smime-alg 2		: id-smime-alg-ESDHwithRC2
+# obsolete
+id-smime-alg 3		: id-smime-alg-3DESwrap
+# obsolete
+id-smime-alg 4		: id-smime-alg-RC2wrap
+id-smime-alg 5		: id-smime-alg-ESDH
+id-smime-alg 6		: id-smime-alg-CMS3DESwrap
+id-smime-alg 7		: id-smime-alg-CMSRC2wrap
+id-smime-alg 9		: id-alg-PWRI-KEK
+
+# S/MIME Certificate Distribution
+id-smime-cd 1		: id-smime-cd-ldap
+
+# S/MIME Signature Policy Qualifier
+id-smime-spq 1		: id-smime-spq-ets-sqt-uri
+id-smime-spq 2		: id-smime-spq-ets-sqt-unotice
+
+# S/MIME Commitment Type Identifier
+id-smime-cti 1		: id-smime-cti-ets-proofOfOrigin
+id-smime-cti 2		: id-smime-cti-ets-proofOfReceipt
+id-smime-cti 3		: id-smime-cti-ets-proofOfDelivery
+id-smime-cti 4		: id-smime-cti-ets-proofOfSender
+id-smime-cti 5		: id-smime-cti-ets-proofOfApproval
+id-smime-cti 6		: id-smime-cti-ets-proofOfCreation
+
+pkcs9 20		:			: friendlyName
+pkcs9 21		:			: localKeyID
+!Cname ms-csp-name
+1 3 6 1 4 1 311 17 1	: CSPName		: Microsoft CSP Name
+1 3 6 1 4 1 311 17 2	: LocalKeySet		: Microsoft Local Key set
+!Alias certTypes pkcs9 22
+certTypes 1		:			: x509Certificate
+certTypes 2		:			: sdsiCertificate
+!Alias crlTypes pkcs9 23
+crlTypes 1		:			: x509Crl
+
+!Alias pkcs12 pkcs 12
+!Alias pkcs12-pbeids pkcs12 1
+
+!Cname pbe-WithSHA1And128BitRC4
+pkcs12-pbeids 1		: PBE-SHA1-RC4-128	: pbeWithSHA1And128BitRC4
+!Cname pbe-WithSHA1And40BitRC4
+pkcs12-pbeids 2		: PBE-SHA1-RC4-40	: pbeWithSHA1And40BitRC4
+!Cname pbe-WithSHA1And3_Key_TripleDES-CBC
+pkcs12-pbeids 3		: PBE-SHA1-3DES		: pbeWithSHA1And3-KeyTripleDES-CBC
+!Cname pbe-WithSHA1And2_Key_TripleDES-CBC
+pkcs12-pbeids 4		: PBE-SHA1-2DES		: pbeWithSHA1And2-KeyTripleDES-CBC
+!Cname pbe-WithSHA1And128BitRC2-CBC
+pkcs12-pbeids 5		: PBE-SHA1-RC2-128	: pbeWithSHA1And128BitRC2-CBC
+!Cname pbe-WithSHA1And40BitRC2-CBC
+pkcs12-pbeids 6		: PBE-SHA1-RC2-40	: pbeWithSHA1And40BitRC2-CBC
+
+!Alias pkcs12-Version1 pkcs12 10
+!Alias pkcs12-BagIds pkcs12-Version1 1
+pkcs12-BagIds 1		:			: keyBag
+pkcs12-BagIds 2		:			: pkcs8ShroudedKeyBag
+pkcs12-BagIds 3		:			: certBag
+pkcs12-BagIds 4		:			: crlBag
+pkcs12-BagIds 5		:			: secretBag
+pkcs12-BagIds 6		:			: safeContentsBag
+
+rsadsi 2 2		: MD2			: md2
+rsadsi 2 4		: MD4			: md4
+rsadsi 2 5		: MD5			: md5
+			: MD5-SHA1		: md5-sha1
+rsadsi 2 6		:			: hmacWithMD5
+rsadsi 2 7		:			: hmacWithSHA1
+
+sm-scheme 301           : SM2                   : sm2
+
+sm-scheme 401           : SM3                   : sm3
+sm-scheme 504           : RSA-SM3		: sm3WithRSAEncryption
+
+# From RFC4231
+rsadsi 2 8		:			: hmacWithSHA224
+rsadsi 2 9		:			: hmacWithSHA256
+rsadsi 2 10		:			: hmacWithSHA384
+rsadsi 2 11		:			: hmacWithSHA512
+
+# From RFC8018
+rsadsi 2 12             :                       : hmacWithSHA512-224
+rsadsi 2 13             :                       : hmacWithSHA512-256
+
+rsadsi 3 2		: RC2-CBC		: rc2-cbc
+			: RC2-ECB		: rc2-ecb
+!Cname rc2-cfb64
+			: RC2-CFB		: rc2-cfb
+!Cname rc2-ofb64
+			: RC2-OFB		: rc2-ofb
+			: RC2-40-CBC		: rc2-40-cbc
+			: RC2-64-CBC		: rc2-64-cbc
+rsadsi 3 4		: RC4			: rc4
+			: RC4-40		: rc4-40
+rsadsi 3 7		: DES-EDE3-CBC		: des-ede3-cbc
+rsadsi 3 8		: RC5-CBC		: rc5-cbc
+			: RC5-ECB		: rc5-ecb
+!Cname rc5-cfb64
+			: RC5-CFB		: rc5-cfb
+!Cname rc5-ofb64
+			: RC5-OFB		: rc5-ofb
+
+!Cname ms-ext-req
+1 3 6 1 4 1 311 2 1 14	: msExtReq		: Microsoft Extension Request
+!Cname ms-code-ind
+1 3 6 1 4 1 311 2 1 21	: msCodeInd		: Microsoft Individual Code Signing
+!Cname ms-code-com
+1 3 6 1 4 1 311 2 1 22	: msCodeCom		: Microsoft Commercial Code Signing
+!Cname ms-ctl-sign
+1 3 6 1 4 1 311 10 3 1	: msCTLSign		: Microsoft Trust List Signing
+!Cname ms-sgc
+1 3 6 1 4 1 311 10 3 3	: msSGC			: Microsoft Server Gated Crypto
+!Cname ms-efs
+1 3 6 1 4 1 311 10 3 4	: msEFS			: Microsoft Encrypted File System
+!Cname ms-smartcard-login
+1 3 6 1 4 1 311 20 2 2	: msSmartcardLogin	: Microsoft Smartcardlogin
+!Cname ms-upn
+1 3 6 1 4 1 311 20 2 3	: msUPN			: Microsoft Universal Principal Name
+
+1 3 6 1 4 1 188 7 1 1 2	: IDEA-CBC		: idea-cbc
+			: IDEA-ECB		: idea-ecb
+!Cname idea-cfb64
+			: IDEA-CFB		: idea-cfb
+!Cname idea-ofb64
+			: IDEA-OFB		: idea-ofb
+
+1 3 6 1 4 1 3029 1 2	: BF-CBC		: bf-cbc
+			: BF-ECB		: bf-ecb
+!Cname bf-cfb64
+			: BF-CFB		: bf-cfb
+!Cname bf-ofb64
+			: BF-OFB		: bf-ofb
+
+!Cname id-pkix
+1 3 6 1 5 5 7		: PKIX
+
+# PKIX Arcs
+id-pkix 0		: id-pkix-mod
+id-pkix 1		: id-pe
+id-pkix 2		: id-qt
+id-pkix 3		: id-kp
+id-pkix 4		: id-it
+id-pkix 5		: id-pkip
+id-pkix 6		: id-alg
+id-pkix 7		: id-cmc
+id-pkix 8		: id-on
+id-pkix 9		: id-pda
+id-pkix 10		: id-aca
+id-pkix 11		: id-qcs
+id-pkix 12		: id-cct
+id-pkix 21		: id-ppl
+id-pkix 48		: id-ad
+
+# PKIX Modules
+id-pkix-mod 1		: id-pkix1-explicit-88
+id-pkix-mod 2		: id-pkix1-implicit-88
+id-pkix-mod 3		: id-pkix1-explicit-93
+id-pkix-mod 4		: id-pkix1-implicit-93
+id-pkix-mod 5		: id-mod-crmf
+id-pkix-mod 6		: id-mod-cmc
+id-pkix-mod 7		: id-mod-kea-profile-88
+id-pkix-mod 8		: id-mod-kea-profile-93
+id-pkix-mod 9		: id-mod-cmp
+id-pkix-mod 10		: id-mod-qualified-cert-88
+id-pkix-mod 11		: id-mod-qualified-cert-93
+id-pkix-mod 12		: id-mod-attribute-cert
+id-pkix-mod 13		: id-mod-timestamp-protocol
+id-pkix-mod 14		: id-mod-ocsp
+id-pkix-mod 15		: id-mod-dvcs
+id-pkix-mod 16		: id-mod-cmp2000
+
+# PKIX Private Extensions
+!Cname info-access
+id-pe 1			: authorityInfoAccess	: Authority Information Access
+id-pe 2			: biometricInfo		: Biometric Info
+id-pe 3			: qcStatements
+id-pe 4			: ac-auditEntity
+id-pe 5			: ac-targeting
+id-pe 6			: aaControls
+id-pe 7			: sbgp-ipAddrBlock
+id-pe 8			: sbgp-autonomousSysNum
+id-pe 9			: sbgp-routerIdentifier
+id-pe 10		: ac-proxying
+!Cname sinfo-access
+id-pe 11		: subjectInfoAccess	: Subject Information Access
+id-pe 14		: proxyCertInfo		: Proxy Certificate Information
+id-pe 24		: tlsfeature		: TLS Feature
+
+# PKIX policyQualifiers for Internet policy qualifiers
+id-qt 1			: id-qt-cps		: Policy Qualifier CPS
+id-qt 2			: id-qt-unotice		: Policy Qualifier User Notice
+id-qt 3			: textNotice
+
+# PKIX key purpose identifiers
+!Cname server-auth
+id-kp 1			: serverAuth		: TLS Web Server Authentication
+!Cname client-auth
+id-kp 2			: clientAuth		: TLS Web Client Authentication
+!Cname code-sign
+id-kp 3			: codeSigning		: Code Signing
+!Cname email-protect
+id-kp 4			: emailProtection	: E-mail Protection
+id-kp 5			: ipsecEndSystem	: IPSec End System
+id-kp 6			: ipsecTunnel		: IPSec Tunnel
+id-kp 7			: ipsecUser		: IPSec User
+!Cname time-stamp
+id-kp 8			: timeStamping		: Time Stamping
+# From OCSP spec RFC2560
+!Cname OCSP-sign
+id-kp 9			: OCSPSigning		: OCSP Signing
+id-kp 10		: DVCS			: dvcs
+!Cname ipsec-IKE
+id-kp 17                : ipsecIKE              : ipsec Internet Key Exchange
+id-kp 18                : capwapAC              : Ctrl/provision WAP Access
+id-kp 19                : capwapWTP             : Ctrl/Provision WAP Termination
+!Cname sshClient
+id-kp 21                : secureShellClient     : SSH Client
+!Cname sshServer
+id-kp 22                : secureShellServer     : SSH Server
+id-kp 23                : sendRouter            : Send Router
+id-kp 24                : sendProxiedRouter     : Send Proxied Router
+id-kp 25                : sendOwner             : Send Owner
+id-kp 26                : sendProxiedOwner      : Send Proxied Owner
+id-kp 27                : cmcCA                 : CMC Certificate Authority
+id-kp 28                : cmcRA                 : CMC Registration Authority
+
+# CMP information types
+id-it 1			: id-it-caProtEncCert
+id-it 2			: id-it-signKeyPairTypes
+id-it 3			: id-it-encKeyPairTypes
+id-it 4			: id-it-preferredSymmAlg
+id-it 5			: id-it-caKeyUpdateInfo
+id-it 6			: id-it-currentCRL
+id-it 7			: id-it-unsupportedOIDs
+# obsolete
+id-it 8			: id-it-subscriptionRequest
+# obsolete
+id-it 9			: id-it-subscriptionResponse
+id-it 10		: id-it-keyPairParamReq
+id-it 11		: id-it-keyPairParamRep
+id-it 12		: id-it-revPassphrase
+id-it 13		: id-it-implicitConfirm
+id-it 14		: id-it-confirmWaitTime
+id-it 15		: id-it-origPKIMessage
+id-it 16		: id-it-suppLangTags
+
+# CRMF registration
+id-pkip 1		: id-regCtrl
+id-pkip 2		: id-regInfo
+
+# CRMF registration controls
+id-regCtrl 1		: id-regCtrl-regToken
+id-regCtrl 2		: id-regCtrl-authenticator
+id-regCtrl 3		: id-regCtrl-pkiPublicationInfo
+id-regCtrl 4		: id-regCtrl-pkiArchiveOptions
+id-regCtrl 5		: id-regCtrl-oldCertID
+id-regCtrl 6		: id-regCtrl-protocolEncrKey
+
+# CRMF registration information
+id-regInfo 1		: id-regInfo-utf8Pairs
+id-regInfo 2		: id-regInfo-certReq
+
+# algorithms
+id-alg 1		: id-alg-des40
+id-alg 2		: id-alg-noSignature
+id-alg 3		: id-alg-dh-sig-hmac-sha1
+id-alg 4		: id-alg-dh-pop
+
+# CMC controls
+id-cmc 1		: id-cmc-statusInfo
+id-cmc 2		: id-cmc-identification
+id-cmc 3		: id-cmc-identityProof
+id-cmc 4		: id-cmc-dataReturn
+id-cmc 5		: id-cmc-transactionId
+id-cmc 6		: id-cmc-senderNonce
+id-cmc 7		: id-cmc-recipientNonce
+id-cmc 8		: id-cmc-addExtensions
+id-cmc 9		: id-cmc-encryptedPOP
+id-cmc 10		: id-cmc-decryptedPOP
+id-cmc 11		: id-cmc-lraPOPWitness
+id-cmc 15		: id-cmc-getCert
+id-cmc 16		: id-cmc-getCRL
+id-cmc 17		: id-cmc-revokeRequest
+id-cmc 18		: id-cmc-regInfo
+id-cmc 19		: id-cmc-responseInfo
+id-cmc 21		: id-cmc-queryPending
+id-cmc 22		: id-cmc-popLinkRandom
+id-cmc 23		: id-cmc-popLinkWitness
+id-cmc 24		: id-cmc-confirmCertAcceptance
+
+# other names
+id-on 1			: id-on-personalData
+id-on 3			: id-on-permanentIdentifier : Permanent Identifier
+
+# personal data attributes
+id-pda 1		: id-pda-dateOfBirth
+id-pda 2		: id-pda-placeOfBirth
+id-pda 3		: id-pda-gender
+id-pda 4		: id-pda-countryOfCitizenship
+id-pda 5		: id-pda-countryOfResidence
+
+# attribute certificate attributes
+id-aca 1		: id-aca-authenticationInfo
+id-aca 2		: id-aca-accessIdentity
+id-aca 3		: id-aca-chargingIdentity
+id-aca 4		: id-aca-group
+# attention : the following seems to be obsolete, replace by 'role'
+id-aca 5		: id-aca-role
+id-aca 6		: id-aca-encAttrs
+
+# qualified certificate statements
+id-qcs 1		: id-qcs-pkixQCSyntax-v1
+
+# CMC content types
+id-cct 1		: id-cct-crs
+id-cct 2		: id-cct-PKIData
+id-cct 3		: id-cct-PKIResponse
+
+# Predefined Proxy Certificate policy languages
+id-ppl 0		: id-ppl-anyLanguage	: Any language
+id-ppl 1		: id-ppl-inheritAll	: Inherit all
+id-ppl 2		: id-ppl-independent	: Independent
+
+# access descriptors for authority info access extension
+!Cname ad-OCSP
+id-ad 1			: OCSP			: OCSP
+!Cname ad-ca-issuers
+id-ad 2			: caIssuers		: CA Issuers
+!Cname ad-timeStamping
+id-ad 3			: ad_timestamping	: AD Time Stamping
+!Cname ad-dvcs
+id-ad 4			: AD_DVCS		: ad dvcs
+id-ad 5			: caRepository		: CA Repository
+
+
+!Alias id-pkix-OCSP ad-OCSP
+!module id-pkix-OCSP
+!Cname basic
+id-pkix-OCSP 1		: basicOCSPResponse	: Basic OCSP Response
+id-pkix-OCSP 2		: Nonce			: OCSP Nonce
+id-pkix-OCSP 3		: CrlID			: OCSP CRL ID
+id-pkix-OCSP 4		: acceptableResponses	: Acceptable OCSP Responses
+id-pkix-OCSP 5		: noCheck		: OCSP No Check
+id-pkix-OCSP 6		: archiveCutoff		: OCSP Archive Cutoff
+id-pkix-OCSP 7		: serviceLocator	: OCSP Service Locator
+id-pkix-OCSP 8		: extendedStatus	: Extended OCSP Status
+id-pkix-OCSP 9		: valid
+id-pkix-OCSP 10		: path
+id-pkix-OCSP 11		: trustRoot		: Trust Root
+!global
+
+1 3 14 3 2		: algorithm		: algorithm
+algorithm 3		: RSA-NP-MD5		: md5WithRSA
+algorithm 6		: DES-ECB		: des-ecb
+algorithm 7		: DES-CBC		: des-cbc
+!Cname des-ofb64
+algorithm 8		: DES-OFB		: des-ofb
+!Cname des-cfb64
+algorithm 9		: DES-CFB		: des-cfb
+algorithm 11		: rsaSignature
+!Cname dsa-2
+algorithm 12		: DSA-old		: dsaEncryption-old
+algorithm 13		: DSA-SHA		: dsaWithSHA
+algorithm 15		: RSA-SHA		: shaWithRSAEncryption
+!Cname des-ede-ecb
+algorithm 17		: DES-EDE		: des-ede
+!Cname des-ede3-ecb
+			: DES-EDE3		: des-ede3
+			: DES-EDE-CBC		: des-ede-cbc
+!Cname des-ede-cfb64
+			: DES-EDE-CFB		: des-ede-cfb
+!Cname des-ede3-cfb64
+			: DES-EDE3-CFB		: des-ede3-cfb
+!Cname des-ede-ofb64
+			: DES-EDE-OFB		: des-ede-ofb
+!Cname des-ede3-ofb64
+			: DES-EDE3-OFB		: des-ede3-ofb
+			: DESX-CBC		: desx-cbc
+algorithm 18		: SHA			: sha
+algorithm 26		: SHA1			: sha1
+!Cname dsaWithSHA1-2
+algorithm 27		: DSA-SHA1-old		: dsaWithSHA1-old
+algorithm 29		: RSA-SHA1-2		: sha1WithRSA
+
+1 3 36 3 2 1		: RIPEMD160		: ripemd160
+1 3 36 3 3 1 2		: RSA-RIPEMD160		: ripemd160WithRSA
+
+1 3 6 1 4 1 1722 12 2 1 16 : BLAKE2b512        : blake2b512
+1 3 6 1 4 1 1722 12 2 2 8  : BLAKE2s256        : blake2s256
+
+!Cname sxnet
+1 3 101 1 4 1		: SXNetID		: Strong Extranet ID
+
+2 5			: X500			: directory services (X.500)
+
+X500 4			: X509
+X509 3			: CN			: commonName
+X509 4			: SN			: surname
+X509 5			: 			: serialNumber
+X509 6			: C			: countryName
+X509 7			: L			: localityName
+X509 8			: ST			: stateOrProvinceName
+X509 9			: street		: streetAddress
+X509 10			: O			: organizationName
+X509 11			: OU			: organizationalUnitName
+X509 12			: title			: title
+X509 13			: 			: description
+X509 14			: 			: searchGuide
+X509 15			: 			: businessCategory
+X509 16			: 			: postalAddress
+X509 17			: 			: postalCode
+X509 18			: 			: postOfficeBox
+X509 19			: 			: physicalDeliveryOfficeName
+X509 20			: 			: telephoneNumber
+X509 21			: 			: telexNumber
+X509 22			: 			: teletexTerminalIdentifier
+X509 23			: 			: facsimileTelephoneNumber
+X509 24			: 			: x121Address
+X509 25			: 			: internationaliSDNNumber
+X509 26			: 			: registeredAddress
+X509 27			: 			: destinationIndicator
+X509 28			: 			: preferredDeliveryMethod
+X509 29			: 			: presentationAddress
+X509 30			: 			: supportedApplicationContext
+X509 31			: member		:
+X509 32			: owner			:
+X509 33			: 			: roleOccupant
+X509 34			: seeAlso		:
+X509 35			: 			: userPassword
+X509 36			: 			: userCertificate
+X509 37			: 			: cACertificate
+X509 38			: 			: authorityRevocationList
+X509 39			: 			: certificateRevocationList
+X509 40			: 			: crossCertificatePair
+X509 41			: name			: name
+X509 42			: GN			: givenName
+X509 43			: initials		: initials
+X509 44			: 			: generationQualifier
+X509 45			: 			: x500UniqueIdentifier
+X509 46			: dnQualifier		: dnQualifier
+X509 47			: 			: enhancedSearchGuide
+X509 48			: 			: protocolInformation
+X509 49			: 			: distinguishedName
+X509 50			: 			: uniqueMember
+X509 51			: 			: houseIdentifier
+X509 52			: 			: supportedAlgorithms
+X509 53			: 			: deltaRevocationList
+X509 54			: dmdName		:
+X509 65			:			: pseudonym
+X509 72			: role			: role
+X509 97                 :			: organizationIdentifier
+X509 98			: c3			: countryCode3c
+X509 99			: n3			: countryCode3n
+X509 100		:			: dnsName
+
+
+X500 8			: X500algorithms	: directory services - algorithms
+X500algorithms 1 1	: RSA			: rsa
+X500algorithms 3 100	: RSA-MDC2		: mdc2WithRSA
+X500algorithms 3 101	: MDC2			: mdc2
+
+X500 29			: id-ce
+!Cname subject-directory-attributes
+id-ce 9			: subjectDirectoryAttributes : X509v3 Subject Directory Attributes
+!Cname subject-key-identifier
+id-ce 14		: subjectKeyIdentifier	: X509v3 Subject Key Identifier
+!Cname key-usage
+id-ce 15		: keyUsage		: X509v3 Key Usage
+!Cname private-key-usage-period
+id-ce 16		: privateKeyUsagePeriod	: X509v3 Private Key Usage Period
+!Cname subject-alt-name
+id-ce 17		: subjectAltName	: X509v3 Subject Alternative Name
+!Cname issuer-alt-name
+id-ce 18		: issuerAltName		: X509v3 Issuer Alternative Name
+!Cname basic-constraints
+id-ce 19		: basicConstraints	: X509v3 Basic Constraints
+!Cname crl-number
+id-ce 20		: crlNumber		: X509v3 CRL Number
+!Cname crl-reason
+id-ce 21		: CRLReason		: X509v3 CRL Reason Code
+!Cname invalidity-date
+id-ce 24		: invalidityDate	: Invalidity Date
+!Cname delta-crl
+id-ce 27		: deltaCRL		: X509v3 Delta CRL Indicator
+!Cname issuing-distribution-point
+id-ce 28		: issuingDistributionPoint : X509v3 Issuing Distribution Point
+!Cname certificate-issuer
+id-ce 29		: certificateIssuer	: X509v3 Certificate Issuer
+!Cname name-constraints
+id-ce 30		: nameConstraints	: X509v3 Name Constraints
+!Cname crl-distribution-points
+id-ce 31		: crlDistributionPoints	: X509v3 CRL Distribution Points
+!Cname certificate-policies
+id-ce 32		: certificatePolicies	: X509v3 Certificate Policies
+!Cname any-policy
+certificate-policies 0	: anyPolicy		: X509v3 Any Policy
+!Cname policy-mappings
+id-ce 33		: policyMappings	: X509v3 Policy Mappings
+!Cname authority-key-identifier
+id-ce 35		: authorityKeyIdentifier : X509v3 Authority Key Identifier
+!Cname policy-constraints
+id-ce 36		: policyConstraints	: X509v3 Policy Constraints
+!Cname ext-key-usage
+id-ce 37		: extendedKeyUsage	: X509v3 Extended Key Usage
+!Cname freshest-crl
+id-ce 46		: freshestCRL		: X509v3 Freshest CRL
+!Cname inhibit-any-policy
+id-ce 54		: inhibitAnyPolicy	: X509v3 Inhibit Any Policy
+!Cname target-information
+id-ce 55		: targetInformation	: X509v3 AC Targeting
+!Cname no-rev-avail
+id-ce 56		: noRevAvail		: X509v3 No Revocation Available
+
+# From RFC5280
+ext-key-usage 0		: anyExtendedKeyUsage	: Any Extended Key Usage
+
+
+!Cname netscape
+2 16 840 1 113730	: Netscape		: Netscape Communications Corp.
+!Cname netscape-cert-extension
+netscape 1		: nsCertExt		: Netscape Certificate Extension
+!Cname netscape-data-type
+netscape 2		: nsDataType		: Netscape Data Type
+!Cname netscape-cert-type
+netscape-cert-extension 1 : nsCertType		: Netscape Cert Type
+!Cname netscape-base-url
+netscape-cert-extension 2 : nsBaseUrl		: Netscape Base Url
+!Cname netscape-revocation-url
+netscape-cert-extension 3 : nsRevocationUrl	: Netscape Revocation Url
+!Cname netscape-ca-revocation-url
+netscape-cert-extension 4 : nsCaRevocationUrl	: Netscape CA Revocation Url
+!Cname netscape-renewal-url
+netscape-cert-extension 7 : nsRenewalUrl	: Netscape Renewal Url
+!Cname netscape-ca-policy-url
+netscape-cert-extension 8 : nsCaPolicyUrl	: Netscape CA Policy Url
+!Cname netscape-ssl-server-name
+netscape-cert-extension 12 : nsSslServerName	: Netscape SSL Server Name
+!Cname netscape-comment
+netscape-cert-extension 13 : nsComment		: Netscape Comment
+!Cname netscape-cert-sequence
+netscape-data-type 5	: nsCertSequence	: Netscape Certificate Sequence
+!Cname ns-sgc
+netscape 4 1		: nsSGC			: Netscape Server Gated Crypto
+
+# iso(1)
+iso 3			: ORG			: org
+org 6			: DOD			: dod
+dod 1			: IANA			: iana
+!Alias internet iana
+
+internet 1		: directory		: Directory
+internet 2		: mgmt			: Management
+internet 3		: experimental		: Experimental
+internet 4		: private		: Private
+internet 5		: security		: Security
+internet 6		: snmpv2		: SNMPv2
+# Documents refer to "internet 7" as "mail". This however leads to ambiguities
+# with RFC2798, Section 9.1.3, where "mail" is defined as the short name for
+# rfc822Mailbox. The short name is therefore here left out for a reason.
+# Subclasses of "mail", e.g. "MIME MHS" don't constitute a problem, as
+# references are realized via long name "Mail" (with capital M).
+internet 7		:			: Mail
+
+Private 1		: enterprises		: Enterprises
+
+# RFC 2247
+Enterprises 1466 344	: dcobject		: dcObject
+
+# RFC 1495
+Mail 1			: mime-mhs		: MIME MHS
+mime-mhs 1		: mime-mhs-headings	: mime-mhs-headings
+mime-mhs 2		: mime-mhs-bodies	: mime-mhs-bodies
+mime-mhs-headings 1	: id-hex-partial-message : id-hex-partial-message
+mime-mhs-headings 2	: id-hex-multipart-message : id-hex-multipart-message
+
+# RFC 3274
+!Cname zlib-compression
+id-smime-alg 8		: ZLIB			: zlib compression
+
+# AES aka Rijndael
+
+!Alias csor 2 16 840 1 101 3
+!Alias nistAlgorithms csor 4
+!Alias aes nistAlgorithms 1
+
+aes 1			: AES-128-ECB		: aes-128-ecb
+aes 2			: AES-128-CBC		: aes-128-cbc
+!Cname aes-128-ofb128
+aes 3			: AES-128-OFB		: aes-128-ofb
+!Cname aes-128-cfb128
+aes 4			: AES-128-CFB		: aes-128-cfb
+aes 5			: id-aes128-wrap
+aes 6			: id-aes128-GCM		: aes-128-gcm
+aes 7			: id-aes128-CCM		: aes-128-ccm
+aes 8			: id-aes128-wrap-pad
+
+aes 21			: AES-192-ECB		: aes-192-ecb
+aes 22			: AES-192-CBC		: aes-192-cbc
+!Cname aes-192-ofb128
+aes 23			: AES-192-OFB		: aes-192-ofb
+!Cname aes-192-cfb128
+aes 24			: AES-192-CFB		: aes-192-cfb
+aes 25			: id-aes192-wrap
+aes 26			: id-aes192-GCM		: aes-192-gcm
+aes 27			: id-aes192-CCM		: aes-192-ccm
+aes 28			: id-aes192-wrap-pad
+
+aes 41			: AES-256-ECB		: aes-256-ecb
+aes 42			: AES-256-CBC		: aes-256-cbc
+!Cname aes-256-ofb128
+aes 43			: AES-256-OFB		: aes-256-ofb
+!Cname aes-256-cfb128
+aes 44			: AES-256-CFB		: aes-256-cfb
+aes 45			: id-aes256-wrap
+aes 46			: id-aes256-GCM		: aes-256-gcm
+aes 47			: id-aes256-CCM		: aes-256-ccm
+aes 48			: id-aes256-wrap-pad
+
+ieee-siswg 0 1 1        : AES-128-XTS		: aes-128-xts
+ieee-siswg 0 1 2        : AES-256-XTS		: aes-256-xts
+
+# There are no OIDs for these modes...
+
+			: AES-128-CFB1		: aes-128-cfb1
+			: AES-192-CFB1		: aes-192-cfb1
+			: AES-256-CFB1		: aes-256-cfb1
+			: AES-128-CFB8		: aes-128-cfb8
+			: AES-192-CFB8		: aes-192-cfb8
+			: AES-256-CFB8		: aes-256-cfb8
+			: AES-128-CTR		: aes-128-ctr
+			: AES-192-CTR		: aes-192-ctr
+			: AES-256-CTR		: aes-256-ctr
+			: AES-128-OCB		: aes-128-ocb
+			: AES-192-OCB		: aes-192-ocb
+			: AES-256-OCB		: aes-256-ocb
+			: DES-CFB1		: des-cfb1
+			: DES-CFB8		: des-cfb8
+			: DES-EDE3-CFB1		: des-ede3-cfb1
+			: DES-EDE3-CFB8		: des-ede3-cfb8
+
+# OIDs for SHA224, SHA256, SHA385 and SHA512, according to x9.84 and
+# http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html
+# "Middle" names are specified to be id-sha256, id-sha384, etc., but
+# we adhere to unprefixed capitals for backward compatibility...
+!Alias nist_hashalgs nistAlgorithms 2
+nist_hashalgs 1		: SHA256		: sha256
+nist_hashalgs 2		: SHA384		: sha384
+nist_hashalgs 3		: SHA512		: sha512
+nist_hashalgs 4		: SHA224		: sha224
+nist_hashalgs 5		: SHA512-224		: sha512-224
+nist_hashalgs 6		: SHA512-256		: sha512-256
+nist_hashalgs 7		: SHA3-224		: sha3-224
+nist_hashalgs 8		: SHA3-256		: sha3-256
+nist_hashalgs 9		: SHA3-384		: sha3-384
+nist_hashalgs 10	: SHA3-512		: sha3-512
+nist_hashalgs 11	: SHAKE128		: shake128
+nist_hashalgs 12	: SHAKE256		: shake256
+nist_hashalgs 13	: id-hmacWithSHA3-224	: hmac-sha3-224
+nist_hashalgs 14	: id-hmacWithSHA3-256	: hmac-sha3-256
+nist_hashalgs 15	: id-hmacWithSHA3-384	: hmac-sha3-384
+nist_hashalgs 16	: id-hmacWithSHA3-512	: hmac-sha3-512
+# Below two are incomplete OIDs, to be uncommented when we figure out
+# how to handle them...
+# nist_hashalgs 17	: id-shake128-len	: shake128-len
+# nist_hashalgs 18	: id-shake256-len	: shake256-len
+
+# OIDs for dsa-with-sha224 and dsa-with-sha256
+!Alias dsa_with_sha2 nistAlgorithms 3
+dsa_with_sha2 1		: dsa_with_SHA224
+dsa_with_sha2 2		: dsa_with_SHA256
+# Above two belong below, but kept as they are for backward compatibility
+!Alias sigAlgs nistAlgorithms 3
+sigAlgs 3	: id-dsa-with-sha384	: dsa_with_SHA384
+sigAlgs 4	: id-dsa-with-sha512	: dsa_with_SHA512
+sigAlgs 5	: id-dsa-with-sha3-224	: dsa_with_SHA3-224
+sigAlgs 6	: id-dsa-with-sha3-256	: dsa_with_SHA3-256
+sigAlgs 7	: id-dsa-with-sha3-384	: dsa_with_SHA3-384
+sigAlgs 8	: id-dsa-with-sha3-512	: dsa_with_SHA3-512
+sigAlgs 9	: id-ecdsa-with-sha3-224	: ecdsa_with_SHA3-224
+sigAlgs 10	: id-ecdsa-with-sha3-256	: ecdsa_with_SHA3-256
+sigAlgs 11	: id-ecdsa-with-sha3-384	: ecdsa_with_SHA3-384
+sigAlgs 12	: id-ecdsa-with-sha3-512	: ecdsa_with_SHA3-512
+sigAlgs 13	: id-rsassa-pkcs1-v1_5-with-sha3-224	: RSA-SHA3-224
+sigAlgs 14	: id-rsassa-pkcs1-v1_5-with-sha3-256	: RSA-SHA3-256
+sigAlgs 15	: id-rsassa-pkcs1-v1_5-with-sha3-384	: RSA-SHA3-384
+sigAlgs 16	: id-rsassa-pkcs1-v1_5-with-sha3-512	: RSA-SHA3-512
+
+# Hold instruction CRL entry extension
+!Cname hold-instruction-code
+id-ce 23		: holdInstructionCode	: Hold Instruction Code
+!Alias holdInstruction	X9-57 2
+!Cname hold-instruction-none
+holdInstruction 1	: holdInstructionNone	: Hold Instruction None
+!Cname hold-instruction-call-issuer
+holdInstruction 2	: holdInstructionCallIssuer : Hold Instruction Call Issuer
+!Cname hold-instruction-reject
+holdInstruction 3	: holdInstructionReject	: Hold Instruction Reject
+
+# OID's from ITU-T.  Most of this is defined in RFC 1274.  A couple of
+# them are also mentioned in RFC 2247
+itu-t 9			: data
+data 2342		: pss
+pss 19200300		: ucl
+ucl 100			: pilot
+pilot 1			:			: pilotAttributeType
+pilot 3			:			: pilotAttributeSyntax
+pilot 4			:			: pilotObjectClass
+pilot 10		:			: pilotGroups
+pilotAttributeSyntax 4	:			: iA5StringSyntax
+pilotAttributeSyntax 5	:			: caseIgnoreIA5StringSyntax
+pilotObjectClass 3	:			: pilotObject
+pilotObjectClass 4	:			: pilotPerson
+pilotObjectClass 5	: account
+pilotObjectClass 6	: document
+pilotObjectClass 7	: room
+pilotObjectClass 9	:			: documentSeries
+pilotObjectClass 13	: domain		: Domain
+pilotObjectClass 14	:			: rFC822localPart
+pilotObjectClass 15	:			: dNSDomain
+pilotObjectClass 17	:			: domainRelatedObject
+pilotObjectClass 18	:			: friendlyCountry
+pilotObjectClass 19	:			: simpleSecurityObject
+pilotObjectClass 20	:			: pilotOrganization
+pilotObjectClass 21	:			: pilotDSA
+pilotObjectClass 22	:			: qualityLabelledData
+pilotAttributeType 1	: UID			: userId
+pilotAttributeType 2	:			: textEncodedORAddress
+pilotAttributeType 3	: mail			: rfc822Mailbox
+pilotAttributeType 4	: info
+pilotAttributeType 5	:			: favouriteDrink
+pilotAttributeType 6	:			: roomNumber
+pilotAttributeType 7	: photo
+pilotAttributeType 8	:			: userClass
+pilotAttributeType 9	: host
+pilotAttributeType 10	: manager
+pilotAttributeType 11	:			: documentIdentifier
+pilotAttributeType 12	:			: documentTitle
+pilotAttributeType 13	:			: documentVersion
+pilotAttributeType 14	:			: documentAuthor
+pilotAttributeType 15	:			: documentLocation
+pilotAttributeType 20	:			: homeTelephoneNumber
+pilotAttributeType 21	: secretary
+pilotAttributeType 22	:			: otherMailbox
+pilotAttributeType 23	:			: lastModifiedTime
+pilotAttributeType 24	:			: lastModifiedBy
+pilotAttributeType 25	: DC			: domainComponent
+pilotAttributeType 26	:			: aRecord
+pilotAttributeType 27	:			: pilotAttributeType27
+pilotAttributeType 28	:			: mXRecord
+pilotAttributeType 29	:			: nSRecord
+pilotAttributeType 30	:			: sOARecord
+pilotAttributeType 31	:			: cNAMERecord
+pilotAttributeType 37	:			: associatedDomain
+pilotAttributeType 38	:			: associatedName
+pilotAttributeType 39	:			: homePostalAddress
+pilotAttributeType 40	:			: personalTitle
+pilotAttributeType 41	:			: mobileTelephoneNumber
+pilotAttributeType 42	:			: pagerTelephoneNumber
+pilotAttributeType 43	:			: friendlyCountryName
+pilotAttributeType 44	: uid			: uniqueIdentifier
+pilotAttributeType 45	:			: organizationalStatus
+pilotAttributeType 46	:			: janetMailbox
+pilotAttributeType 47	:			: mailPreferenceOption
+pilotAttributeType 48	:			: buildingName
+pilotAttributeType 49	:			: dSAQuality
+pilotAttributeType 50	:			: singleLevelQuality
+pilotAttributeType 51	:			: subtreeMinimumQuality
+pilotAttributeType 52	:			: subtreeMaximumQuality
+pilotAttributeType 53	:			: personalSignature
+pilotAttributeType 54	:			: dITRedirect
+pilotAttributeType 55	: audio
+pilotAttributeType 56	:			: documentPublisher
+
+international-organizations 42	: id-set	: Secure Electronic Transactions
+
+id-set 0		: set-ctype		: content types
+id-set 1		: set-msgExt		: message extensions
+id-set 3		: set-attr
+id-set 5		: set-policy
+id-set 7		: set-certExt		: certificate extensions
+id-set 8		: set-brand
+
+set-ctype 0		: setct-PANData
+set-ctype 1		: setct-PANToken
+set-ctype 2		: setct-PANOnly
+set-ctype 3		: setct-OIData
+set-ctype 4		: setct-PI
+set-ctype 5		: setct-PIData
+set-ctype 6		: setct-PIDataUnsigned
+set-ctype 7		: setct-HODInput
+set-ctype 8		: setct-AuthResBaggage
+set-ctype 9		: setct-AuthRevReqBaggage
+set-ctype 10		: setct-AuthRevResBaggage
+set-ctype 11		: setct-CapTokenSeq
+set-ctype 12		: setct-PInitResData
+set-ctype 13		: setct-PI-TBS
+set-ctype 14		: setct-PResData
+set-ctype 16		: setct-AuthReqTBS
+set-ctype 17		: setct-AuthResTBS
+set-ctype 18		: setct-AuthResTBSX
+set-ctype 19		: setct-AuthTokenTBS
+set-ctype 20		: setct-CapTokenData
+set-ctype 21		: setct-CapTokenTBS
+set-ctype 22		: setct-AcqCardCodeMsg
+set-ctype 23		: setct-AuthRevReqTBS
+set-ctype 24		: setct-AuthRevResData
+set-ctype 25		: setct-AuthRevResTBS
+set-ctype 26		: setct-CapReqTBS
+set-ctype 27		: setct-CapReqTBSX
+set-ctype 28		: setct-CapResData
+set-ctype 29		: setct-CapRevReqTBS
+set-ctype 30		: setct-CapRevReqTBSX
+set-ctype 31		: setct-CapRevResData
+set-ctype 32		: setct-CredReqTBS
+set-ctype 33		: setct-CredReqTBSX
+set-ctype 34		: setct-CredResData
+set-ctype 35		: setct-CredRevReqTBS
+set-ctype 36		: setct-CredRevReqTBSX
+set-ctype 37		: setct-CredRevResData
+set-ctype 38		: setct-PCertReqData
+set-ctype 39		: setct-PCertResTBS
+set-ctype 40		: setct-BatchAdminReqData
+set-ctype 41		: setct-BatchAdminResData
+set-ctype 42		: setct-CardCInitResTBS
+set-ctype 43		: setct-MeAqCInitResTBS
+set-ctype 44		: setct-RegFormResTBS
+set-ctype 45		: setct-CertReqData
+set-ctype 46		: setct-CertReqTBS
+set-ctype 47		: setct-CertResData
+set-ctype 48		: setct-CertInqReqTBS
+set-ctype 49		: setct-ErrorTBS
+set-ctype 50		: setct-PIDualSignedTBE
+set-ctype 51		: setct-PIUnsignedTBE
+set-ctype 52		: setct-AuthReqTBE
+set-ctype 53		: setct-AuthResTBE
+set-ctype 54		: setct-AuthResTBEX
+set-ctype 55		: setct-AuthTokenTBE
+set-ctype 56		: setct-CapTokenTBE
+set-ctype 57		: setct-CapTokenTBEX
+set-ctype 58		: setct-AcqCardCodeMsgTBE
+set-ctype 59		: setct-AuthRevReqTBE
+set-ctype 60		: setct-AuthRevResTBE
+set-ctype 61		: setct-AuthRevResTBEB
+set-ctype 62		: setct-CapReqTBE
+set-ctype 63		: setct-CapReqTBEX
+set-ctype 64		: setct-CapResTBE
+set-ctype 65		: setct-CapRevReqTBE
+set-ctype 66		: setct-CapRevReqTBEX
+set-ctype 67		: setct-CapRevResTBE
+set-ctype 68		: setct-CredReqTBE
+set-ctype 69		: setct-CredReqTBEX
+set-ctype 70		: setct-CredResTBE
+set-ctype 71		: setct-CredRevReqTBE
+set-ctype 72		: setct-CredRevReqTBEX
+set-ctype 73		: setct-CredRevResTBE
+set-ctype 74		: setct-BatchAdminReqTBE
+set-ctype 75		: setct-BatchAdminResTBE
+set-ctype 76		: setct-RegFormReqTBE
+set-ctype 77		: setct-CertReqTBE
+set-ctype 78		: setct-CertReqTBEX
+set-ctype 79		: setct-CertResTBE
+set-ctype 80		: setct-CRLNotificationTBS
+set-ctype 81		: setct-CRLNotificationResTBS
+set-ctype 82		: setct-BCIDistributionTBS
+
+set-msgExt 1		: setext-genCrypt	: generic cryptogram
+set-msgExt 3		: setext-miAuth		: merchant initiated auth
+set-msgExt 4		: setext-pinSecure
+set-msgExt 5		: setext-pinAny
+set-msgExt 7		: setext-track2
+set-msgExt 8		: setext-cv		: additional verification
+
+set-policy 0		: set-policy-root
+
+set-certExt 0		: setCext-hashedRoot
+set-certExt 1		: setCext-certType
+set-certExt 2		: setCext-merchData
+set-certExt 3		: setCext-cCertRequired
+set-certExt 4		: setCext-tunneling
+set-certExt 5		: setCext-setExt
+set-certExt 6		: setCext-setQualf
+set-certExt 7		: setCext-PGWYcapabilities
+set-certExt 8		: setCext-TokenIdentifier
+set-certExt 9		: setCext-Track2Data
+set-certExt 10		: setCext-TokenType
+set-certExt 11		: setCext-IssuerCapabilities
+
+set-attr 0		: setAttr-Cert
+set-attr 1		: setAttr-PGWYcap	: payment gateway capabilities
+set-attr 2		: setAttr-TokenType
+set-attr 3		: setAttr-IssCap	: issuer capabilities
+
+setAttr-Cert 0		: set-rootKeyThumb
+setAttr-Cert 1		: set-addPolicy
+
+setAttr-TokenType 1	: setAttr-Token-EMV
+setAttr-TokenType 2	: setAttr-Token-B0Prime
+
+setAttr-IssCap 3	: setAttr-IssCap-CVM
+setAttr-IssCap 4	: setAttr-IssCap-T2
+setAttr-IssCap 5	: setAttr-IssCap-Sig
+
+setAttr-IssCap-CVM 1	: setAttr-GenCryptgrm	: generate cryptogram
+setAttr-IssCap-T2 1	: setAttr-T2Enc		: encrypted track 2
+setAttr-IssCap-T2 2	: setAttr-T2cleartxt	: cleartext track 2
+
+setAttr-IssCap-Sig 1	: setAttr-TokICCsig	: ICC or token signature
+setAttr-IssCap-Sig 2	: setAttr-SecDevSig	: secure device signature
+
+set-brand 1		: set-brand-IATA-ATA
+set-brand 30		: set-brand-Diners
+set-brand 34		: set-brand-AmericanExpress
+set-brand 35		: set-brand-JCB
+set-brand 4		: set-brand-Visa
+set-brand 5		: set-brand-MasterCard
+set-brand 6011		: set-brand-Novus
+
+rsadsi 3 10		: DES-CDMF		: des-cdmf
+rsadsi 1 1 6		: rsaOAEPEncryptionSET
+
+			: Oakley-EC2N-3		: ipsec3
+			: Oakley-EC2N-4		: ipsec4
+
+iso 0 10118 3 0 55	: whirlpool
+
+# GOST OIDs
+
+member-body 643 2 2	: cryptopro
+member-body 643 2 9	: cryptocom
+member-body 643 7 1	: id-tc26
+
+cryptopro 3		: id-GostR3411-94-with-GostR3410-2001 : GOST R 34.11-94 with GOST R 34.10-2001
+cryptopro 4		: id-GostR3411-94-with-GostR3410-94 : GOST R 34.11-94 with GOST R 34.10-94
+!Cname id-GostR3411-94
+cryptopro 9		: md_gost94		: GOST R 34.11-94
+cryptopro 10		: id-HMACGostR3411-94	: HMAC GOST 34.11-94
+!Cname id-GostR3410-2001
+cryptopro 19		: gost2001	: GOST R 34.10-2001
+!Cname id-GostR3410-94
+cryptopro 20		: gost94	: GOST R 34.10-94
+!Cname id-Gost28147-89
+cryptopro 21		: gost89 		: GOST 28147-89
+			: gost89-cnt
+			: gost89-cnt-12
+			: gost89-cbc
+			: gost89-ecb
+			: gost89-ctr
+!Cname id-Gost28147-89-MAC
+cryptopro 22		: gost-mac	: GOST 28147-89 MAC
+			: gost-mac-12
+!Cname id-GostR3411-94-prf
+cryptopro 23		: prf-gostr3411-94	: GOST R 34.11-94 PRF
+cryptopro 98		: id-GostR3410-2001DH	: GOST R 34.10-2001 DH
+cryptopro 99		: id-GostR3410-94DH	: GOST R 34.10-94 DH
+
+cryptopro 14 1		: id-Gost28147-89-CryptoPro-KeyMeshing
+cryptopro 14 0		: id-Gost28147-89-None-KeyMeshing
+
+# GOST parameter set OIDs
+
+cryptopro 30 0		: id-GostR3411-94-TestParamSet
+cryptopro 30 1		: id-GostR3411-94-CryptoProParamSet
+
+cryptopro 31 0		: id-Gost28147-89-TestParamSet
+cryptopro 31 1		: id-Gost28147-89-CryptoPro-A-ParamSet
+cryptopro 31 2		: id-Gost28147-89-CryptoPro-B-ParamSet
+cryptopro 31 3		: id-Gost28147-89-CryptoPro-C-ParamSet
+cryptopro 31 4		: id-Gost28147-89-CryptoPro-D-ParamSet
+cryptopro 31 5		: id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet
+cryptopro 31 6		: id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet
+cryptopro 31 7		: id-Gost28147-89-CryptoPro-RIC-1-ParamSet
+
+cryptopro 32 0		: id-GostR3410-94-TestParamSet
+cryptopro 32 2		: id-GostR3410-94-CryptoPro-A-ParamSet
+cryptopro 32 3		: id-GostR3410-94-CryptoPro-B-ParamSet
+cryptopro 32 4		: id-GostR3410-94-CryptoPro-C-ParamSet
+cryptopro 32 5		: id-GostR3410-94-CryptoPro-D-ParamSet
+
+cryptopro 33 1		: id-GostR3410-94-CryptoPro-XchA-ParamSet
+cryptopro 33 2		: id-GostR3410-94-CryptoPro-XchB-ParamSet
+cryptopro 33 3		: id-GostR3410-94-CryptoPro-XchC-ParamSet
+
+cryptopro 35 0		: id-GostR3410-2001-TestParamSet
+cryptopro 35 1		: id-GostR3410-2001-CryptoPro-A-ParamSet
+cryptopro 35 2		: id-GostR3410-2001-CryptoPro-B-ParamSet
+cryptopro 35 3		: id-GostR3410-2001-CryptoPro-C-ParamSet
+
+cryptopro 36 0		: id-GostR3410-2001-CryptoPro-XchA-ParamSet
+cryptopro 36 1		: id-GostR3410-2001-CryptoPro-XchB-ParamSet
+
+id-GostR3410-94 1	: id-GostR3410-94-a
+id-GostR3410-94 2	: id-GostR3410-94-aBis
+id-GostR3410-94 3	: id-GostR3410-94-b
+id-GostR3410-94 4	: id-GostR3410-94-bBis
+
+# Cryptocom LTD GOST OIDs
+
+cryptocom 1 6 1		: id-Gost28147-89-cc	: GOST 28147-89 Cryptocom ParamSet
+!Cname id-GostR3410-94-cc
+cryptocom 1 5 3		: gost94cc	: GOST 34.10-94 Cryptocom
+!Cname id-GostR3410-2001-cc
+cryptocom 1 5 4		: gost2001cc	: GOST 34.10-2001 Cryptocom
+
+cryptocom 1 3 3		: id-GostR3411-94-with-GostR3410-94-cc : GOST R 34.11-94 with GOST R 34.10-94 Cryptocom
+cryptocom 1 3 4		: id-GostR3411-94-with-GostR3410-2001-cc : GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom
+
+cryptocom 1 8 1		: id-GostR3410-2001-ParamSet-cc : GOST R 3410-2001 Parameter Set Cryptocom
+
+# TC26 GOST OIDs
+
+id-tc26 1 		: id-tc26-algorithms
+id-tc26-algorithms 1	: id-tc26-sign
+!Cname id-GostR3410-2012-256
+id-tc26-sign 1		: gost2012_256: GOST R 34.10-2012 with 256 bit modulus
+!Cname id-GostR3410-2012-512
+id-tc26-sign 2		: gost2012_512: GOST R 34.10-2012 with 512 bit modulus
+
+id-tc26-algorithms 2	: id-tc26-digest
+!Cname id-GostR3411-2012-256
+id-tc26-digest 2	: md_gost12_256: GOST R 34.11-2012 with 256 bit hash
+!Cname id-GostR3411-2012-512
+id-tc26-digest 3	: md_gost12_512: GOST R 34.11-2012 with 512 bit hash
+
+id-tc26-algorithms 3	: id-tc26-signwithdigest
+id-tc26-signwithdigest 2: id-tc26-signwithdigest-gost3410-2012-256: GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)
+id-tc26-signwithdigest 3: id-tc26-signwithdigest-gost3410-2012-512: GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)
+
+id-tc26-algorithms 4	: id-tc26-mac
+id-tc26-mac 1		: id-tc26-hmac-gost-3411-2012-256 : HMAC GOST 34.11-2012 256 bit
+id-tc26-mac 2		: id-tc26-hmac-gost-3411-2012-512 : HMAC GOST 34.11-2012 512 bit
+
+id-tc26-algorithms 5	: id-tc26-cipher
+id-tc26-cipher 1	:  id-tc26-cipher-gostr3412-2015-magma
+id-tc26-cipher-gostr3412-2015-magma 1	: id-tc26-cipher-gostr3412-2015-magma-ctracpkm
+id-tc26-cipher-gostr3412-2015-magma 2	: id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac
+id-tc26-cipher 2	:  id-tc26-cipher-gostr3412-2015-kuznyechik
+id-tc26-cipher-gostr3412-2015-kuznyechik 1	: id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm
+id-tc26-cipher-gostr3412-2015-kuznyechik 2	: id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac
+
+id-tc26-algorithms 6	: id-tc26-agreement
+id-tc26-agreement 1	: id-tc26-agreement-gost-3410-2012-256
+id-tc26-agreement 2	: id-tc26-agreement-gost-3410-2012-512
+
+id-tc26-algorithms 7	:	id-tc26-wrap
+id-tc26-wrap 1	: id-tc26-wrap-gostr3412-2015-magma
+id-tc26-wrap-gostr3412-2015-magma 1	: id-tc26-wrap-gostr3412-2015-magma-kexp15
+id-tc26-wrap 2	: id-tc26-wrap-gostr3412-2015-kuznyechik
+id-tc26-wrap-gostr3412-2015-magma 1	: id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15
+
+id-tc26 2 		: id-tc26-constants
+
+id-tc26-constants 1	: id-tc26-sign-constants
+id-tc26-sign-constants 1: id-tc26-gost-3410-2012-256-constants
+id-tc26-gost-3410-2012-256-constants 1	: id-tc26-gost-3410-2012-256-paramSetA: GOST R 34.10-2012 (256 bit) ParamSet A
+id-tc26-gost-3410-2012-256-constants 2	: id-tc26-gost-3410-2012-256-paramSetB: GOST R 34.10-2012 (256 bit) ParamSet B
+id-tc26-gost-3410-2012-256-constants 3	: id-tc26-gost-3410-2012-256-paramSetC: GOST R 34.10-2012 (256 bit) ParamSet C
+id-tc26-gost-3410-2012-256-constants 4	: id-tc26-gost-3410-2012-256-paramSetD: GOST R 34.10-2012 (256 bit) ParamSet D
+id-tc26-sign-constants 2: id-tc26-gost-3410-2012-512-constants
+id-tc26-gost-3410-2012-512-constants 0	: id-tc26-gost-3410-2012-512-paramSetTest: GOST R 34.10-2012 (512 bit) testing parameter set
+id-tc26-gost-3410-2012-512-constants 1	: id-tc26-gost-3410-2012-512-paramSetA: GOST R 34.10-2012 (512 bit) ParamSet A
+id-tc26-gost-3410-2012-512-constants 2	: id-tc26-gost-3410-2012-512-paramSetB: GOST R 34.10-2012 (512 bit) ParamSet B
+id-tc26-gost-3410-2012-512-constants 3	: id-tc26-gost-3410-2012-512-paramSetC: GOST R 34.10-2012 (512 bit) ParamSet C
+
+id-tc26-constants 2     : id-tc26-digest-constants
+id-tc26-constants 5     : id-tc26-cipher-constants
+id-tc26-cipher-constants 1	: id-tc26-gost-28147-constants
+id-tc26-gost-28147-constants 1	: id-tc26-gost-28147-param-Z : GOST 28147-89 TC26 parameter set
+
+member-body 643 3 131 1 1	: INN	: INN
+member-body 643 100 1		: OGRN	: OGRN
+member-body 643 100 3		: SNILS	: SNILS
+member-body 643 100 111	: subjectSignTool	: Signing Tool of Subject
+member-body 643 100 112	: issuerSignTool	: Signing Tool of Issuer
+
+#GOST R34.13-2015 Grasshopper "Kuznechik"
+			: grasshopper-ecb
+			: grasshopper-ctr
+			: grasshopper-ofb
+			: grasshopper-cbc
+			: grasshopper-cfb
+			: grasshopper-mac
+
+#GOST R34.13-2015 Magma
+			: magma-ecb
+			: magma-ctr
+			: magma-ofb
+			: magma-cbc
+			: magma-cfb
+			: magma-mac
+
+# Definitions for Camellia cipher - CBC MODE
+
+1 2 392 200011 61 1 1 1 2 : CAMELLIA-128-CBC		: camellia-128-cbc
+1 2 392 200011 61 1 1 1 3 : CAMELLIA-192-CBC		: camellia-192-cbc
+1 2 392 200011 61 1 1 1 4 : CAMELLIA-256-CBC		: camellia-256-cbc
+1 2 392 200011 61 1 1 3 2 : id-camellia128-wrap
+1 2 392 200011 61 1 1 3 3 : id-camellia192-wrap
+1 2 392 200011 61 1 1 3 4 : id-camellia256-wrap
+
+# Definitions for Camellia cipher - ECB, CFB, OFB MODE
+
+!Alias ntt-ds 0 3 4401 5
+!Alias camellia ntt-ds 3 1 9
+
+camellia 1		: CAMELLIA-128-ECB		: camellia-128-ecb
+!Cname camellia-128-ofb128
+camellia 3		: CAMELLIA-128-OFB		: camellia-128-ofb
+!Cname camellia-128-cfb128
+camellia 4		: CAMELLIA-128-CFB		: camellia-128-cfb
+camellia 6		: CAMELLIA-128-GCM		: camellia-128-gcm
+camellia 7		: CAMELLIA-128-CCM		: camellia-128-ccm
+camellia 9		: CAMELLIA-128-CTR		: camellia-128-ctr
+camellia 10		: CAMELLIA-128-CMAC		: camellia-128-cmac
+
+camellia 21		: CAMELLIA-192-ECB		: camellia-192-ecb
+!Cname camellia-192-ofb128
+camellia 23		: CAMELLIA-192-OFB		: camellia-192-ofb
+!Cname camellia-192-cfb128
+camellia 24		: CAMELLIA-192-CFB		: camellia-192-cfb
+camellia 26		: CAMELLIA-192-GCM		: camellia-192-gcm
+camellia 27		: CAMELLIA-192-CCM		: camellia-192-ccm
+camellia 29		: CAMELLIA-192-CTR		: camellia-192-ctr
+camellia 30		: CAMELLIA-192-CMAC		: camellia-192-cmac
+
+camellia 41		: CAMELLIA-256-ECB		: camellia-256-ecb
+!Cname camellia-256-ofb128
+camellia 43		: CAMELLIA-256-OFB		: camellia-256-ofb
+!Cname camellia-256-cfb128
+camellia 44		: CAMELLIA-256-CFB		: camellia-256-cfb
+camellia 46		: CAMELLIA-256-GCM		: camellia-256-gcm
+camellia 47		: CAMELLIA-256-CCM		: camellia-256-ccm
+camellia 49		: CAMELLIA-256-CTR		: camellia-256-ctr
+camellia 50		: CAMELLIA-256-CMAC		: camellia-256-cmac
+
+# There are no OIDs for these modes...
+
+			: CAMELLIA-128-CFB1		: camellia-128-cfb1
+			: CAMELLIA-192-CFB1		: camellia-192-cfb1
+			: CAMELLIA-256-CFB1		: camellia-256-cfb1
+			: CAMELLIA-128-CFB8		: camellia-128-cfb8
+			: CAMELLIA-192-CFB8		: camellia-192-cfb8
+			: CAMELLIA-256-CFB8		: camellia-256-cfb8
+
+# Definitions for ARIA cipher
+
+!Alias aria 1 2 410 200046 1 1
+aria 1                  : ARIA-128-ECB                  : aria-128-ecb
+aria 2                  : ARIA-128-CBC                  : aria-128-cbc
+!Cname aria-128-cfb128
+aria 3                  : ARIA-128-CFB                  : aria-128-cfb
+!Cname aria-128-ofb128
+aria 4                  : ARIA-128-OFB                  : aria-128-ofb
+aria 5			: ARIA-128-CTR                  : aria-128-ctr
+
+aria 6                  : ARIA-192-ECB                  : aria-192-ecb
+aria 7                  : ARIA-192-CBC                  : aria-192-cbc
+!Cname aria-192-cfb128
+aria 8                  : ARIA-192-CFB                  : aria-192-cfb
+!Cname aria-192-ofb128
+aria 9                  : ARIA-192-OFB                  : aria-192-ofb
+aria 10                 : ARIA-192-CTR                  : aria-192-ctr
+
+aria 11                 : ARIA-256-ECB                  : aria-256-ecb
+aria 12                 : ARIA-256-CBC                  : aria-256-cbc
+!Cname aria-256-cfb128
+aria 13                 : ARIA-256-CFB                  : aria-256-cfb
+!Cname aria-256-ofb128
+aria 14                 : ARIA-256-OFB                  : aria-256-ofb
+aria 15                 : ARIA-256-CTR                  : aria-256-ctr
+
+# There are no OIDs for these ARIA modes...
+                        : ARIA-128-CFB1                 : aria-128-cfb1
+                        : ARIA-192-CFB1                 : aria-192-cfb1
+                        : ARIA-256-CFB1                 : aria-256-cfb1
+                        : ARIA-128-CFB8                 : aria-128-cfb8
+                        : ARIA-192-CFB8                 : aria-192-cfb8
+                        : ARIA-256-CFB8                 : aria-256-cfb8
+
+aria 37                 : ARIA-128-CCM                  : aria-128-ccm
+aria 38                 : ARIA-192-CCM                  : aria-192-ccm
+aria 39                 : ARIA-256-CCM                  : aria-256-ccm
+aria 34                 : ARIA-128-GCM                  : aria-128-gcm
+aria 35                 : ARIA-192-GCM                  : aria-192-gcm
+aria 36                 : ARIA-256-GCM                  : aria-256-gcm
+
+# Definitions for SEED cipher - ECB, CBC, OFB mode
+
+member-body 410 200004  : KISA          : kisa
+kisa 1 3                : SEED-ECB      : seed-ecb
+kisa 1 4                : SEED-CBC      : seed-cbc
+!Cname seed-cfb128
+kisa 1 5                : SEED-CFB      : seed-cfb
+!Cname seed-ofb128
+kisa 1 6                : SEED-OFB      : seed-ofb
+
+
+# Definitions for SM4 cipher
+
+sm-scheme 104 1         : SM4-ECB             : sm4-ecb
+sm-scheme 104 2         : SM4-CBC             : sm4-cbc
+!Cname sm4-ofb128
+sm-scheme 104 3         : SM4-OFB             : sm4-ofb
+!Cname sm4-cfb128
+sm-scheme 104 4         : SM4-CFB             : sm4-cfb
+sm-scheme 104 5         : SM4-CFB1            : sm4-cfb1
+sm-scheme 104 6         : SM4-CFB8            : sm4-cfb8
+sm-scheme 104 7         : SM4-CTR             : sm4-ctr
+
+# There is no OID that just denotes "HMAC" oddly enough...
+
+			: HMAC				: hmac
+# Nor CMAC either
+			: CMAC				: cmac
+
+# Synthetic composite ciphersuites
+			: RC4-HMAC-MD5			: rc4-hmac-md5
+			: AES-128-CBC-HMAC-SHA1		: aes-128-cbc-hmac-sha1
+			: AES-192-CBC-HMAC-SHA1		: aes-192-cbc-hmac-sha1
+			: AES-256-CBC-HMAC-SHA1		: aes-256-cbc-hmac-sha1
+			: AES-128-CBC-HMAC-SHA256	: aes-128-cbc-hmac-sha256
+			: AES-192-CBC-HMAC-SHA256	: aes-192-cbc-hmac-sha256
+			: AES-256-CBC-HMAC-SHA256	: aes-256-cbc-hmac-sha256
+			: ChaCha20-Poly1305		: chacha20-poly1305
+			: ChaCha20			: chacha20
+
+ISO-US 10046 2 1	: dhpublicnumber		: X9.42 DH
+
+# RFC 5639 curve OIDs (see http://www.ietf.org/rfc/rfc5639.txt)
+# versionOne OBJECT IDENTIFIER ::= {
+# iso(1) identified-organization(3) teletrust(36) algorithm(3)
+# signature-algorithm(3) ecSign(2) ecStdCurvesAndGeneration(8)
+# ellipticCurve(1) 1 }
+1 3 36 3 3 2 8 1 1 1 : brainpoolP160r1
+1 3 36 3 3 2 8 1 1 2 : brainpoolP160t1
+1 3 36 3 3 2 8 1 1 3 : brainpoolP192r1
+1 3 36 3 3 2 8 1 1 4 : brainpoolP192t1
+1 3 36 3 3 2 8 1 1 5 : brainpoolP224r1
+1 3 36 3 3 2 8 1 1 6 : brainpoolP224t1
+1 3 36 3 3 2 8 1 1 7 : brainpoolP256r1
+1 3 36 3 3 2 8 1 1 8 : brainpoolP256t1
+1 3 36 3 3 2 8 1 1 9 : brainpoolP320r1
+1 3 36 3 3 2 8 1 1 10 : brainpoolP320t1
+1 3 36 3 3 2 8 1 1 11 : brainpoolP384r1
+1 3 36 3 3 2 8 1 1 12 : brainpoolP384t1
+1 3 36 3 3 2 8 1 1 13 : brainpoolP512r1
+1 3 36 3 3 2 8 1 1 14 : brainpoolP512t1
+
+# ECDH schemes from RFC5753
+!Alias x9-63-scheme 1 3 133 16 840 63 0
+!Alias secg-scheme certicom-arc 1
+
+x9-63-scheme 2   : dhSinglePass-stdDH-sha1kdf-scheme
+secg-scheme 11 0 : dhSinglePass-stdDH-sha224kdf-scheme
+secg-scheme 11 1 : dhSinglePass-stdDH-sha256kdf-scheme
+secg-scheme 11 2 : dhSinglePass-stdDH-sha384kdf-scheme
+secg-scheme 11 3 : dhSinglePass-stdDH-sha512kdf-scheme
+
+x9-63-scheme 3   : dhSinglePass-cofactorDH-sha1kdf-scheme
+secg-scheme 14 0 : dhSinglePass-cofactorDH-sha224kdf-scheme
+secg-scheme 14 1 : dhSinglePass-cofactorDH-sha256kdf-scheme
+secg-scheme 14 2 : dhSinglePass-cofactorDH-sha384kdf-scheme
+secg-scheme 14 3 : dhSinglePass-cofactorDH-sha512kdf-scheme
+# NIDs for use with lookup tables.
+                 : dh-std-kdf
+                 : dh-cofactor-kdf
+
+# RFC 6962 Extension OIDs (see http://www.ietf.org/rfc/rfc6962.txt)
+1 3 6 1 4 1 11129 2 4 2	: ct_precert_scts		: CT Precertificate SCTs
+1 3 6 1 4 1 11129 2 4 3	: ct_precert_poison		: CT Precertificate Poison
+1 3 6 1 4 1 11129 2 4 4	: ct_precert_signer		: CT Precertificate Signer
+1 3 6 1 4 1 11129 2 4 5	: ct_cert_scts			: CT Certificate SCTs
+
+# CABForum EV SSL Certificate Guidelines
+# (see https://cabforum.org/extended-validation/)
+# OIDs for Subject Jurisdiction of Incorporation or Registration
+1 3 6 1 4 1 311 60 2 1 1	: jurisdictionL		: jurisdictionLocalityName
+1 3 6 1 4 1 311 60 2 1 2	: jurisdictionST	: jurisdictionStateOrProvinceName
+1 3 6 1 4 1 311 60 2 1 3	: jurisdictionC		: jurisdictionCountryName
+
+# SCRYPT algorithm
+!Cname id-scrypt
+1 3 6 1 4 1 11591 4 11		: id-scrypt         : scrypt
+
+# NID for TLS1 PRF
+                            : TLS1-PRF          : tls1-prf
+
+# NID for HKDF
+                            : HKDF              : hkdf
+
+# RFC 4556
+1 3 6 1 5 2 3 : id-pkinit
+id-pkinit 4                     : pkInitClientAuth      : PKINIT Client Auth
+id-pkinit 5                     : pkInitKDC             : Signing KDC Response
+
+# From RFC8410
+1 3 101 110 : X25519
+1 3 101 111 : X448
+1 3 101 112 : ED25519
+1 3 101 113 : ED448
+
+
+# NIDs for cipher key exchange
+                            : KxRSA        : kx-rsa
+                            : KxECDHE      : kx-ecdhe
+                            : KxDHE        : kx-dhe
+                            : KxECDHE-PSK  : kx-ecdhe-psk
+                            : KxDHE-PSK    : kx-dhe-psk
+                            : KxRSA_PSK    : kx-rsa-psk
+                            : KxPSK        : kx-psk
+                            : KxSRP        : kx-srp
+                            : KxGOST       : kx-gost
+                            : KxANY        : kx-any
+
+# NIDs for cipher authentication
+                            : AuthRSA      : auth-rsa
+                            : AuthECDSA    : auth-ecdsa
+                            : AuthPSK      : auth-psk
+                            : AuthDSS      : auth-dss
+                            : AuthGOST01   : auth-gost01
+                            : AuthGOST12   : auth-gost12
+                            : AuthSRP      : auth-srp
+                            : AuthNULL     : auth-null
+                            : AuthANY      : auth-any
+# NID for Poly1305
+                            : Poly1305     : poly1305
+# NID for SipHash
+                            : SipHash      : siphash
+
+# NIDs for RFC7919 DH parameters
+                            : ffdhe2048
+                            : ffdhe3072
+                            : ffdhe4096
+                            : ffdhe6144
+                            : ffdhe8192
+
+# OIDs for DSTU-4145/DSTU-7564 (http://zakon2.rada.gov.ua/laws/show/z0423-17)
+
+# DSTU OIDs
+member-body 804   : ISO-UA
+ISO-UA 2 1 1 1    : ua-pki
+ua-pki 1 1 1      : dstu28147         : DSTU Gost 28147-2009
+dstu28147 2       : dstu28147-ofb     : DSTU Gost 28147-2009 OFB mode
+dstu28147 3       : dstu28147-cfb     : DSTU Gost 28147-2009 CFB mode
+dstu28147 5       : dstu28147-wrap    : DSTU Gost 28147-2009 key wrap
+
+ua-pki 1 1 2      : hmacWithDstu34311 : HMAC DSTU Gost 34311-95
+ua-pki 1 2 1      : dstu34311         : DSTU Gost 34311-95
+
+ua-pki 1 3 1 1    : dstu4145le        : DSTU 4145-2002 little endian
+dstu4145le 1 1    : dstu4145be        : DSTU 4145-2002 big endian
+
+# 1.2.804. 2.1.1.1 1.3.1.1  .2.6
+#     UA    ua-pki  4145 le
+# DSTU named curves
+dstu4145le 2 0 : uacurve0 : DSTU curve 0
+dstu4145le 2 1 : uacurve1 : DSTU curve 1
+dstu4145le 2 2 : uacurve2 : DSTU curve 2
+dstu4145le 2 3 : uacurve3 : DSTU curve 3
+dstu4145le 2 4 : uacurve4 : DSTU curve 4
+dstu4145le 2 5 : uacurve5 : DSTU curve 5
+dstu4145le 2 6 : uacurve6 : DSTU curve 6
+dstu4145le 2 7 : uacurve7 : DSTU curve 7
+dstu4145le 2 8 : uacurve8 : DSTU curve 8
+dstu4145le 2 9 : uacurve9 : DSTU curve 9
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/objects/objxref.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/objects/objxref.pl
new file mode 100644
index 000000000..ce76cadae
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/objects/objxref.pl
@@ -0,0 +1,142 @@
+#! /usr/bin/env perl
+# Copyright 1998-2019 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use strict;
+
+my %xref_tbl;
+my %oid_tbl;
+
+my ($mac_file, $xref_file) = @ARGV;
+
+# Output year depends on the year of the script and the input file.
+my $YEAR = [localtime([stat($0)]->[9])]->[5] + 1900;
+my $iYEAR = [localtime([stat($mac_file)]->[9])]->[5] + 1900;
+$YEAR = $iYEAR if $iYEAR > $YEAR;
+$iYEAR = [localtime([stat($xref_file)]->[9])]->[5] + 1900;
+$YEAR = $iYEAR if $iYEAR > $YEAR;
+
+open(IN, $mac_file) || die "Can't open $mac_file, $!\n";
+
+# Read in OID nid values for a lookup table.
+
+while (<IN>)
+	{
+	s|\R$||;                # Better chomp
+	my ($name, $num) = /^(\S+)\s+(\S+)$/;
+	$oid_tbl{$name} = $num;
+	}
+close IN;
+
+open(IN, $xref_file) || die "Can't open $xref_file, $!\n";
+
+my $ln = 1;
+
+while (<IN>)
+	{
+	s|\R$||;                # Better chomp
+	s/#.*$//;
+	next if (/^\S*$/);
+	my ($xr, $p1, $p2) = /^(\S+)\s+(\S+)\s+(\S+)/;
+	check_oid($xr);
+	check_oid($p1);
+	check_oid($p2);
+	$xref_tbl{$xr} = [$p1, $p2, $ln];
+	}
+
+my @xrkeys = keys %xref_tbl;
+
+my @srt1 = sort { $oid_tbl{$a} <=> $oid_tbl{$b}} @xrkeys;
+
+my $i;
+for($i = 0; $i <= $#srt1; $i++)
+	{
+	$xref_tbl{$srt1[$i]}[2] = $i;
+	}
+
+my @srt2 = sort
+	{
+	my$ap1 = $oid_tbl{$xref_tbl{$a}[0]};
+	my$bp1 = $oid_tbl{$xref_tbl{$b}[0]};
+	return $ap1 - $bp1 if ($ap1 != $bp1);
+	my$ap2 = $oid_tbl{$xref_tbl{$a}[1]};
+	my$bp2 = $oid_tbl{$xref_tbl{$b}[1]};
+
+	return $ap2 - $bp2;
+	} @xrkeys;
+
+my $pname = $0;
+$pname =~ s|.*/||;
+
+print <<EOF;
+/*
+ * WARNING: do not edit!
+ * Generated by $pname
+ *
+ * Copyright 1998-$YEAR The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+
+typedef struct {
+    int sign_id;
+    int hash_id;
+    int pkey_id;
+} nid_triple;
+
+DEFINE_STACK_OF(nid_triple)
+
+static const nid_triple sigoid_srt[] = {
+EOF
+
+foreach (@srt1)
+	{
+	my $xr = $_;
+	my ($p1, $p2) = @{$xref_tbl{$_}};
+	my $o1 = "    {NID_$xr, NID_$p1,";
+	my $o2 = "NID_$p2},";
+        if (length("$o1 $o2") < 78)
+		{
+		print "$o1 $o2\n";
+		}
+	else
+		{
+		print "$o1\n     $o2\n";
+		}
+        }
+
+print "};";
+print <<EOF;
+
+
+static const nid_triple *const sigoid_srt_xref[] = {
+EOF
+
+foreach (@srt2)
+	{
+	my ($p1, $p2, $x) = @{$xref_tbl{$_}};
+	# If digest or signature algorithm is "undef" then the algorithm
+	# needs special handling and is excluded from the cross reference table.
+	next if $p1 eq "undef" || $p2 eq "undef";
+	print "    \&sigoid_srt\[$x\],\n";
+	}
+
+print "};\n";
+
+sub check_oid
+	{
+	my ($chk) = @_;
+	if (!exists $oid_tbl{$chk})
+		{
+		die "Can't find \"$chk\"\n";
+		}
+	}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/build.info
new file mode 100644
index 000000000..0902caae3
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/build.info
@@ -0,0 +1,4 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        ocsp_asn.c ocsp_ext.c ocsp_ht.c ocsp_lib.c ocsp_cl.c \
+        ocsp_srv.c ocsp_prn.c ocsp_vfy.c ocsp_err.c v3_ocsp.c
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_asn.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_asn.c
new file mode 100644
index 000000000..1e0b82797
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_asn.c
@@ -0,0 +1,135 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/ocsp.h>
+#include "ocsp_lcl.h"
+
+ASN1_SEQUENCE(OCSP_SIGNATURE) = {
+        ASN1_EMBED(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR),
+        ASN1_SIMPLE(OCSP_SIGNATURE, signature, ASN1_BIT_STRING),
+        ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SIGNATURE, certs, X509, 0)
+} ASN1_SEQUENCE_END(OCSP_SIGNATURE)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_SIGNATURE)
+
+ASN1_SEQUENCE(OCSP_CERTID) = {
+        ASN1_EMBED(OCSP_CERTID, hashAlgorithm, X509_ALGOR),
+        ASN1_EMBED(OCSP_CERTID, issuerNameHash, ASN1_OCTET_STRING),
+        ASN1_EMBED(OCSP_CERTID, issuerKeyHash, ASN1_OCTET_STRING),
+        ASN1_EMBED(OCSP_CERTID, serialNumber, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(OCSP_CERTID)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_CERTID)
+
+ASN1_SEQUENCE(OCSP_ONEREQ) = {
+        ASN1_SIMPLE(OCSP_ONEREQ, reqCert, OCSP_CERTID),
+        ASN1_EXP_SEQUENCE_OF_OPT(OCSP_ONEREQ, singleRequestExtensions, X509_EXTENSION, 0)
+} ASN1_SEQUENCE_END(OCSP_ONEREQ)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_ONEREQ)
+
+ASN1_SEQUENCE(OCSP_REQINFO) = {
+        ASN1_EXP_OPT(OCSP_REQINFO, version, ASN1_INTEGER, 0),
+        ASN1_EXP_OPT(OCSP_REQINFO, requestorName, GENERAL_NAME, 1),
+        ASN1_SEQUENCE_OF(OCSP_REQINFO, requestList, OCSP_ONEREQ),
+        ASN1_EXP_SEQUENCE_OF_OPT(OCSP_REQINFO, requestExtensions, X509_EXTENSION, 2)
+} ASN1_SEQUENCE_END(OCSP_REQINFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_REQINFO)
+
+ASN1_SEQUENCE(OCSP_REQUEST) = {
+        ASN1_EMBED(OCSP_REQUEST, tbsRequest, OCSP_REQINFO),
+        ASN1_EXP_OPT(OCSP_REQUEST, optionalSignature, OCSP_SIGNATURE, 0)
+} ASN1_SEQUENCE_END(OCSP_REQUEST)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_REQUEST)
+
+/* OCSP_RESPONSE templates */
+
+ASN1_SEQUENCE(OCSP_RESPBYTES) = {
+            ASN1_SIMPLE(OCSP_RESPBYTES, responseType, ASN1_OBJECT),
+            ASN1_SIMPLE(OCSP_RESPBYTES, response, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(OCSP_RESPBYTES)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPBYTES)
+
+ASN1_SEQUENCE(OCSP_RESPONSE) = {
+        ASN1_SIMPLE(OCSP_RESPONSE, responseStatus, ASN1_ENUMERATED),
+        ASN1_EXP_OPT(OCSP_RESPONSE, responseBytes, OCSP_RESPBYTES, 0)
+} ASN1_SEQUENCE_END(OCSP_RESPONSE)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPONSE)
+
+ASN1_CHOICE(OCSP_RESPID) = {
+           ASN1_EXP(OCSP_RESPID, value.byName, X509_NAME, 1),
+           ASN1_EXP(OCSP_RESPID, value.byKey, ASN1_OCTET_STRING, 2)
+} ASN1_CHOICE_END(OCSP_RESPID)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPID)
+
+ASN1_SEQUENCE(OCSP_REVOKEDINFO) = {
+        ASN1_SIMPLE(OCSP_REVOKEDINFO, revocationTime, ASN1_GENERALIZEDTIME),
+        ASN1_EXP_OPT(OCSP_REVOKEDINFO, revocationReason, ASN1_ENUMERATED, 0)
+} ASN1_SEQUENCE_END(OCSP_REVOKEDINFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_REVOKEDINFO)
+
+ASN1_CHOICE(OCSP_CERTSTATUS) = {
+        ASN1_IMP(OCSP_CERTSTATUS, value.good, ASN1_NULL, 0),
+        ASN1_IMP(OCSP_CERTSTATUS, value.revoked, OCSP_REVOKEDINFO, 1),
+        ASN1_IMP(OCSP_CERTSTATUS, value.unknown, ASN1_NULL, 2)
+} ASN1_CHOICE_END(OCSP_CERTSTATUS)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_CERTSTATUS)
+
+ASN1_SEQUENCE(OCSP_SINGLERESP) = {
+           ASN1_SIMPLE(OCSP_SINGLERESP, certId, OCSP_CERTID),
+           ASN1_SIMPLE(OCSP_SINGLERESP, certStatus, OCSP_CERTSTATUS),
+           ASN1_SIMPLE(OCSP_SINGLERESP, thisUpdate, ASN1_GENERALIZEDTIME),
+           ASN1_EXP_OPT(OCSP_SINGLERESP, nextUpdate, ASN1_GENERALIZEDTIME, 0),
+           ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SINGLERESP, singleExtensions, X509_EXTENSION, 1)
+} ASN1_SEQUENCE_END(OCSP_SINGLERESP)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_SINGLERESP)
+
+ASN1_SEQUENCE(OCSP_RESPDATA) = {
+           ASN1_EXP_OPT(OCSP_RESPDATA, version, ASN1_INTEGER, 0),
+           ASN1_EMBED(OCSP_RESPDATA, responderId, OCSP_RESPID),
+           ASN1_SIMPLE(OCSP_RESPDATA, producedAt, ASN1_GENERALIZEDTIME),
+           ASN1_SEQUENCE_OF(OCSP_RESPDATA, responses, OCSP_SINGLERESP),
+           ASN1_EXP_SEQUENCE_OF_OPT(OCSP_RESPDATA, responseExtensions, X509_EXTENSION, 1)
+} ASN1_SEQUENCE_END(OCSP_RESPDATA)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPDATA)
+
+ASN1_SEQUENCE(OCSP_BASICRESP) = {
+           ASN1_EMBED(OCSP_BASICRESP, tbsResponseData, OCSP_RESPDATA),
+           ASN1_EMBED(OCSP_BASICRESP, signatureAlgorithm, X509_ALGOR),
+           ASN1_SIMPLE(OCSP_BASICRESP, signature, ASN1_BIT_STRING),
+           ASN1_EXP_SEQUENCE_OF_OPT(OCSP_BASICRESP, certs, X509, 0)
+} ASN1_SEQUENCE_END(OCSP_BASICRESP)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_BASICRESP)
+
+ASN1_SEQUENCE(OCSP_CRLID) = {
+           ASN1_EXP_OPT(OCSP_CRLID, crlUrl, ASN1_IA5STRING, 0),
+           ASN1_EXP_OPT(OCSP_CRLID, crlNum, ASN1_INTEGER, 1),
+           ASN1_EXP_OPT(OCSP_CRLID, crlTime, ASN1_GENERALIZEDTIME, 2)
+} ASN1_SEQUENCE_END(OCSP_CRLID)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_CRLID)
+
+ASN1_SEQUENCE(OCSP_SERVICELOC) = {
+        ASN1_SIMPLE(OCSP_SERVICELOC, issuer, X509_NAME),
+        ASN1_SEQUENCE_OF_OPT(OCSP_SERVICELOC, locator, ACCESS_DESCRIPTION)
+} ASN1_SEQUENCE_END(OCSP_SERVICELOC)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_SERVICELOC)
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_cl.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_cl.c
new file mode 100644
index 000000000..739ac0180
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_cl.c
@@ -0,0 +1,396 @@
+/*
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/ocsp.h>
+#include "ocsp_lcl.h"
+
+/*
+ * Utility functions related to sending OCSP requests and extracting relevant
+ * information from the response.
+ */
+
+/*
+ * Add an OCSP_CERTID to an OCSP request. Return new OCSP_ONEREQ pointer:
+ * useful if we want to add extensions.
+ */
+
+OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid)
+{
+    OCSP_ONEREQ *one = NULL;
+
+    if ((one = OCSP_ONEREQ_new()) == NULL)
+        return NULL;
+    OCSP_CERTID_free(one->reqCert);
+    one->reqCert = cid;
+    if (req && !sk_OCSP_ONEREQ_push(req->tbsRequest.requestList, one)) {
+        one->reqCert = NULL; /* do not free on error */
+        goto err;
+    }
+    return one;
+ err:
+    OCSP_ONEREQ_free(one);
+    return NULL;
+}
+
+/* Set requestorName from an X509_NAME structure */
+
+int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm)
+{
+    GENERAL_NAME *gen;
+
+    gen = GENERAL_NAME_new();
+    if (gen == NULL)
+        return 0;
+    if (!X509_NAME_set(&gen->d.directoryName, nm)) {
+        GENERAL_NAME_free(gen);
+        return 0;
+    }
+    gen->type = GEN_DIRNAME;
+    GENERAL_NAME_free(req->tbsRequest.requestorName);
+    req->tbsRequest.requestorName = gen;
+    return 1;
+}
+
+/* Add a certificate to an OCSP request */
+
+int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert)
+{
+    OCSP_SIGNATURE *sig;
+    if (req->optionalSignature == NULL)
+        req->optionalSignature = OCSP_SIGNATURE_new();
+    sig = req->optionalSignature;
+    if (sig == NULL)
+        return 0;
+    if (cert == NULL)
+        return 1;
+    if (sig->certs == NULL
+        && (sig->certs = sk_X509_new_null()) == NULL)
+        return 0;
+
+    if (!sk_X509_push(sig->certs, cert))
+        return 0;
+    X509_up_ref(cert);
+    return 1;
+}
+
+/*
+ * Sign an OCSP request set the requestorName to the subject name of an
+ * optional signers certificate and include one or more optional certificates
+ * in the request. Behaves like PKCS7_sign().
+ */
+
+int OCSP_request_sign(OCSP_REQUEST *req,
+                      X509 *signer,
+                      EVP_PKEY *key,
+                      const EVP_MD *dgst,
+                      STACK_OF(X509) *certs, unsigned long flags)
+{
+    int i;
+    X509 *x;
+
+    if (!OCSP_request_set1_name(req, X509_get_subject_name(signer)))
+        goto err;
+
+    if ((req->optionalSignature = OCSP_SIGNATURE_new()) == NULL)
+        goto err;
+    if (key) {
+        if (!X509_check_private_key(signer, key)) {
+            OCSPerr(OCSP_F_OCSP_REQUEST_SIGN,
+                    OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+            goto err;
+        }
+        if (!OCSP_REQUEST_sign(req, key, dgst))
+            goto err;
+    }
+
+    if (!(flags & OCSP_NOCERTS)) {
+        if (!OCSP_request_add1_cert(req, signer))
+            goto err;
+        for (i = 0; i < sk_X509_num(certs); i++) {
+            x = sk_X509_value(certs, i);
+            if (!OCSP_request_add1_cert(req, x))
+                goto err;
+        }
+    }
+
+    return 1;
+ err:
+    OCSP_SIGNATURE_free(req->optionalSignature);
+    req->optionalSignature = NULL;
+    return 0;
+}
+
+/* Get response status */
+
+int OCSP_response_status(OCSP_RESPONSE *resp)
+{
+    return ASN1_ENUMERATED_get(resp->responseStatus);
+}
+
+/*
+ * Extract basic response from OCSP_RESPONSE or NULL if no basic response
+ * present.
+ */
+
+OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp)
+{
+    OCSP_RESPBYTES *rb;
+    rb = resp->responseBytes;
+    if (!rb) {
+        OCSPerr(OCSP_F_OCSP_RESPONSE_GET1_BASIC, OCSP_R_NO_RESPONSE_DATA);
+        return NULL;
+    }
+    if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) {
+        OCSPerr(OCSP_F_OCSP_RESPONSE_GET1_BASIC, OCSP_R_NOT_BASIC_RESPONSE);
+        return NULL;
+    }
+
+    return ASN1_item_unpack(rb->response, ASN1_ITEM_rptr(OCSP_BASICRESP));
+}
+
+const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs)
+{
+    return bs->signature;
+}
+
+const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs)
+{
+    return &bs->signatureAlgorithm;
+}
+
+const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs)
+{
+    return &bs->tbsResponseData;
+}
+
+/*
+ * Return number of OCSP_SINGLERESP responses present in a basic response.
+ */
+
+int OCSP_resp_count(OCSP_BASICRESP *bs)
+{
+    if (!bs)
+        return -1;
+    return sk_OCSP_SINGLERESP_num(bs->tbsResponseData.responses);
+}
+
+/* Extract an OCSP_SINGLERESP response with a given index */
+
+OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx)
+{
+    if (!bs)
+        return NULL;
+    return sk_OCSP_SINGLERESP_value(bs->tbsResponseData.responses, idx);
+}
+
+const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(const OCSP_BASICRESP* bs)
+{
+    return bs->tbsResponseData.producedAt;
+}
+
+const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs)
+{
+    return bs->certs;
+}
+
+int OCSP_resp_get0_id(const OCSP_BASICRESP *bs,
+                      const ASN1_OCTET_STRING **pid,
+                      const X509_NAME **pname)
+{
+    const OCSP_RESPID *rid = &bs->tbsResponseData.responderId;
+
+    if (rid->type == V_OCSP_RESPID_NAME) {
+        *pname = rid->value.byName;
+        *pid = NULL;
+    } else if (rid->type == V_OCSP_RESPID_KEY) {
+        *pid = rid->value.byKey;
+        *pname = NULL;
+    } else {
+        return 0;
+    }
+    return 1;
+}
+
+int OCSP_resp_get1_id(const OCSP_BASICRESP *bs,
+                      ASN1_OCTET_STRING **pid,
+                      X509_NAME **pname)
+{
+    const OCSP_RESPID *rid = &bs->tbsResponseData.responderId;
+
+    if (rid->type == V_OCSP_RESPID_NAME) {
+        *pname = X509_NAME_dup(rid->value.byName);
+        *pid = NULL;
+    } else if (rid->type == V_OCSP_RESPID_KEY) {
+        *pid = ASN1_OCTET_STRING_dup(rid->value.byKey);
+        *pname = NULL;
+    } else {
+        return 0;
+    }
+    if (*pname == NULL && *pid == NULL)
+        return 0;
+    return 1;
+}
+
+/* Look single response matching a given certificate ID */
+
+int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last)
+{
+    int i;
+    STACK_OF(OCSP_SINGLERESP) *sresp;
+    OCSP_SINGLERESP *single;
+    if (!bs)
+        return -1;
+    if (last < 0)
+        last = 0;
+    else
+        last++;
+    sresp = bs->tbsResponseData.responses;
+    for (i = last; i < sk_OCSP_SINGLERESP_num(sresp); i++) {
+        single = sk_OCSP_SINGLERESP_value(sresp, i);
+        if (!OCSP_id_cmp(id, single->certId))
+            return i;
+    }
+    return -1;
+}
+
+/*
+ * Extract status information from an OCSP_SINGLERESP structure. Note: the
+ * revtime and reason values are only set if the certificate status is
+ * revoked. Returns numerical value of status.
+ */
+
+int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,
+                            ASN1_GENERALIZEDTIME **revtime,
+                            ASN1_GENERALIZEDTIME **thisupd,
+                            ASN1_GENERALIZEDTIME **nextupd)
+{
+    int ret;
+    OCSP_CERTSTATUS *cst;
+    if (!single)
+        return -1;
+    cst = single->certStatus;
+    ret = cst->type;
+    if (ret == V_OCSP_CERTSTATUS_REVOKED) {
+        OCSP_REVOKEDINFO *rev = cst->value.revoked;
+        if (revtime)
+            *revtime = rev->revocationTime;
+        if (reason) {
+            if (rev->revocationReason)
+                *reason = ASN1_ENUMERATED_get(rev->revocationReason);
+            else
+                *reason = -1;
+        }
+    }
+    if (thisupd)
+        *thisupd = single->thisUpdate;
+    if (nextupd)
+        *nextupd = single->nextUpdate;
+    return ret;
+}
+
+/*
+ * This function combines the previous ones: look up a certificate ID and if
+ * found extract status information. Return 0 is successful.
+ */
+
+int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status,
+                          int *reason,
+                          ASN1_GENERALIZEDTIME **revtime,
+                          ASN1_GENERALIZEDTIME **thisupd,
+                          ASN1_GENERALIZEDTIME **nextupd)
+{
+    int i;
+    OCSP_SINGLERESP *single;
+    i = OCSP_resp_find(bs, id, -1);
+    /* Maybe check for multiple responses and give an error? */
+    if (i < 0)
+        return 0;
+    single = OCSP_resp_get0(bs, i);
+    i = OCSP_single_get0_status(single, reason, revtime, thisupd, nextupd);
+    if (status)
+        *status = i;
+    return 1;
+}
+
+/*
+ * Check validity of thisUpdate and nextUpdate fields. It is possible that
+ * the request will take a few seconds to process and/or the time won't be
+ * totally accurate. Therefore to avoid rejecting otherwise valid time we
+ * allow the times to be within 'nsec' of the current time. Also to avoid
+ * accepting very old responses without a nextUpdate field an optional maxage
+ * parameter specifies the maximum age the thisUpdate field can be.
+ */
+
+int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
+                        ASN1_GENERALIZEDTIME *nextupd, long nsec, long maxsec)
+{
+    int ret = 1;
+    time_t t_now, t_tmp;
+    time(&t_now);
+    /* Check thisUpdate is valid and not more than nsec in the future */
+    if (!ASN1_GENERALIZEDTIME_check(thisupd)) {
+        OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_ERROR_IN_THISUPDATE_FIELD);
+        ret = 0;
+    } else {
+        t_tmp = t_now + nsec;
+        if (X509_cmp_time(thisupd, &t_tmp) > 0) {
+            OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_NOT_YET_VALID);
+            ret = 0;
+        }
+
+        /*
+         * If maxsec specified check thisUpdate is not more than maxsec in
+         * the past
+         */
+        if (maxsec >= 0) {
+            t_tmp = t_now - maxsec;
+            if (X509_cmp_time(thisupd, &t_tmp) < 0) {
+                OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_TOO_OLD);
+                ret = 0;
+            }
+        }
+    }
+
+    if (!nextupd)
+        return ret;
+
+    /* Check nextUpdate is valid and not more than nsec in the past */
+    if (!ASN1_GENERALIZEDTIME_check(nextupd)) {
+        OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_ERROR_IN_NEXTUPDATE_FIELD);
+        ret = 0;
+    } else {
+        t_tmp = t_now - nsec;
+        if (X509_cmp_time(nextupd, &t_tmp) < 0) {
+            OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_EXPIRED);
+            ret = 0;
+        }
+    }
+
+    /* Also don't allow nextUpdate to precede thisUpdate */
+    if (ASN1_STRING_cmp(nextupd, thisupd) < 0) {
+        OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY,
+                OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE);
+        ret = 0;
+    }
+
+    return ret;
+}
+
+const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *single)
+{
+    return single->certId;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_err.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_err.c
new file mode 100644
index 000000000..660e19366
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_err.c
@@ -0,0 +1,101 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/ocsperr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA OCSP_str_functs[] = {
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_D2I_OCSP_NONCE, 0), "d2i_ocsp_nonce"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_BASIC_ADD1_STATUS, 0),
+     "OCSP_basic_add1_status"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_BASIC_SIGN, 0), "OCSP_basic_sign"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_BASIC_SIGN_CTX, 0),
+     "OCSP_basic_sign_ctx"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_BASIC_VERIFY, 0), "OCSP_basic_verify"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_CERT_ID_NEW, 0), "OCSP_cert_id_new"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_CHECK_DELEGATED, 0),
+     "ocsp_check_delegated"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_CHECK_IDS, 0), "ocsp_check_ids"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_CHECK_ISSUER, 0), "ocsp_check_issuer"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_CHECK_VALIDITY, 0),
+     "OCSP_check_validity"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_MATCH_ISSUERID, 0),
+     "ocsp_match_issuerid"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_PARSE_URL, 0), "OCSP_parse_url"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_REQUEST_SIGN, 0), "OCSP_request_sign"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_REQUEST_VERIFY, 0),
+     "OCSP_request_verify"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_RESPONSE_GET1_BASIC, 0),
+     "OCSP_response_get1_basic"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_PARSE_HTTP_LINE1, 0), "parse_http_line1"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA OCSP_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_CERTIFICATE_VERIFY_ERROR),
+    "certificate verify error"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_DIGEST_ERR), "digest err"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_ERROR_IN_NEXTUPDATE_FIELD),
+    "error in nextupdate field"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_ERROR_IN_THISUPDATE_FIELD),
+    "error in thisupdate field"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_ERROR_PARSING_URL), "error parsing url"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_MISSING_OCSPSIGNING_USAGE),
+    "missing ocspsigning usage"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE),
+    "nextupdate before thisupdate"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_NOT_BASIC_RESPONSE),
+    "not basic response"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_NO_CERTIFICATES_IN_CHAIN),
+    "no certificates in chain"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_NO_RESPONSE_DATA), "no response data"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_NO_REVOKED_TIME), "no revoked time"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_NO_SIGNER_KEY), "no signer key"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),
+    "private key does not match certificate"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_REQUEST_NOT_SIGNED),
+    "request not signed"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA),
+    "response contains no revocation data"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_ROOT_CA_NOT_TRUSTED),
+    "root ca not trusted"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_SERVER_RESPONSE_ERROR),
+    "server response error"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_SERVER_RESPONSE_PARSE_ERROR),
+    "server response parse error"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_SIGNATURE_FAILURE), "signature failure"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND),
+    "signer certificate not found"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_STATUS_EXPIRED), "status expired"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_STATUS_NOT_YET_VALID),
+    "status not yet valid"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_STATUS_TOO_OLD), "status too old"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_UNKNOWN_MESSAGE_DIGEST),
+    "unknown message digest"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_UNKNOWN_NID), "unknown nid"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE),
+    "unsupported requestorname type"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_OCSP_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(OCSP_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(OCSP_str_functs);
+        ERR_load_strings_const(OCSP_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_ext.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_ext.c
new file mode 100644
index 000000000..27ee21245
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_ext.c
@@ -0,0 +1,472 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/ocsp.h>
+#include "ocsp_lcl.h"
+#include <openssl/rand.h>
+#include <openssl/x509v3.h>
+
+/* Standard wrapper functions for extensions */
+
+/* OCSP request extensions */
+
+int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x)
+{
+    return X509v3_get_ext_count(x->tbsRequest.requestExtensions);
+}
+
+int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos)
+{
+    return (X509v3_get_ext_by_NID
+            (x->tbsRequest.requestExtensions, nid, lastpos));
+}
+
+int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, const ASN1_OBJECT *obj,
+                                int lastpos)
+{
+    return (X509v3_get_ext_by_OBJ
+            (x->tbsRequest.requestExtensions, obj, lastpos));
+}
+
+int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos)
+{
+    return (X509v3_get_ext_by_critical
+            (x->tbsRequest.requestExtensions, crit, lastpos));
+}
+
+X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc)
+{
+    return X509v3_get_ext(x->tbsRequest.requestExtensions, loc);
+}
+
+X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc)
+{
+    return X509v3_delete_ext(x->tbsRequest.requestExtensions, loc);
+}
+
+void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx)
+{
+    return X509V3_get_d2i(x->tbsRequest.requestExtensions, nid, crit, idx);
+}
+
+int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit,
+                              unsigned long flags)
+{
+    return X509V3_add1_i2d(&x->tbsRequest.requestExtensions, nid, value,
+                           crit, flags);
+}
+
+int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc)
+{
+    return (X509v3_add_ext(&(x->tbsRequest.requestExtensions), ex, loc) !=
+            NULL);
+}
+
+/* Single extensions */
+
+int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x)
+{
+    return X509v3_get_ext_count(x->singleRequestExtensions);
+}
+
+int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos)
+{
+    return X509v3_get_ext_by_NID(x->singleRequestExtensions, nid, lastpos);
+}
+
+int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, const ASN1_OBJECT *obj,
+                               int lastpos)
+{
+    return X509v3_get_ext_by_OBJ(x->singleRequestExtensions, obj, lastpos);
+}
+
+int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos)
+{
+    return (X509v3_get_ext_by_critical
+            (x->singleRequestExtensions, crit, lastpos));
+}
+
+X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc)
+{
+    return X509v3_get_ext(x->singleRequestExtensions, loc);
+}
+
+X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc)
+{
+    return X509v3_delete_ext(x->singleRequestExtensions, loc);
+}
+
+void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx)
+{
+    return X509V3_get_d2i(x->singleRequestExtensions, nid, crit, idx);
+}
+
+int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit,
+                             unsigned long flags)
+{
+    return X509V3_add1_i2d(&x->singleRequestExtensions, nid, value, crit,
+                           flags);
+}
+
+int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc)
+{
+    return (X509v3_add_ext(&(x->singleRequestExtensions), ex, loc) != NULL);
+}
+
+/* OCSP Basic response */
+
+int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x)
+{
+    return X509v3_get_ext_count(x->tbsResponseData.responseExtensions);
+}
+
+int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos)
+{
+    return (X509v3_get_ext_by_NID
+            (x->tbsResponseData.responseExtensions, nid, lastpos));
+}
+
+int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, const ASN1_OBJECT *obj,
+                                  int lastpos)
+{
+    return (X509v3_get_ext_by_OBJ
+            (x->tbsResponseData.responseExtensions, obj, lastpos));
+}
+
+int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit,
+                                       int lastpos)
+{
+    return (X509v3_get_ext_by_critical
+            (x->tbsResponseData.responseExtensions, crit, lastpos));
+}
+
+X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc)
+{
+    return X509v3_get_ext(x->tbsResponseData.responseExtensions, loc);
+}
+
+X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc)
+{
+    return X509v3_delete_ext(x->tbsResponseData.responseExtensions, loc);
+}
+
+void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit,
+                                  int *idx)
+{
+    return X509V3_get_d2i(x->tbsResponseData.responseExtensions, nid, crit,
+                          idx);
+}
+
+int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value,
+                                int crit, unsigned long flags)
+{
+    return X509V3_add1_i2d(&x->tbsResponseData.responseExtensions, nid,
+                           value, crit, flags);
+}
+
+int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc)
+{
+    return (X509v3_add_ext(&(x->tbsResponseData.responseExtensions), ex, loc)
+            != NULL);
+}
+
+/* OCSP single response extensions */
+
+int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x)
+{
+    return X509v3_get_ext_count(x->singleExtensions);
+}
+
+int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos)
+{
+    return X509v3_get_ext_by_NID(x->singleExtensions, nid, lastpos);
+}
+
+int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, const ASN1_OBJECT *obj,
+                                   int lastpos)
+{
+    return X509v3_get_ext_by_OBJ(x->singleExtensions, obj, lastpos);
+}
+
+int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit,
+                                        int lastpos)
+{
+    return X509v3_get_ext_by_critical(x->singleExtensions, crit, lastpos);
+}
+
+X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc)
+{
+    return X509v3_get_ext(x->singleExtensions, loc);
+}
+
+X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc)
+{
+    return X509v3_delete_ext(x->singleExtensions, loc);
+}
+
+void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit,
+                                   int *idx)
+{
+    return X509V3_get_d2i(x->singleExtensions, nid, crit, idx);
+}
+
+int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value,
+                                 int crit, unsigned long flags)
+{
+    return X509V3_add1_i2d(&x->singleExtensions, nid, value, crit, flags);
+}
+
+int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc)
+{
+    return (X509v3_add_ext(&(x->singleExtensions), ex, loc) != NULL);
+}
+
+/* also CRL Entry Extensions */
+
+/* Nonce handling functions */
+
+/*
+ * Add a nonce to an extension stack. A nonce can be specified or if NULL a
+ * random nonce will be generated. Note: OpenSSL 0.9.7d and later create an
+ * OCTET STRING containing the nonce, previous versions used the raw nonce.
+ */
+
+static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts,
+                           unsigned char *val, int len)
+{
+    unsigned char *tmpval;
+    ASN1_OCTET_STRING os;
+    int ret = 0;
+    if (len <= 0)
+        len = OCSP_DEFAULT_NONCE_LENGTH;
+    /*
+     * Create the OCTET STRING manually by writing out the header and
+     * appending the content octets. This avoids an extra memory allocation
+     * operation in some cases. Applications should *NOT* do this because it
+     * relies on library internals.
+     */
+    os.length = ASN1_object_size(0, len, V_ASN1_OCTET_STRING);
+    if (os.length < 0)
+        return 0;
+
+    os.data = OPENSSL_malloc(os.length);
+    if (os.data == NULL)
+        goto err;
+    tmpval = os.data;
+    ASN1_put_object(&tmpval, 0, len, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL);
+    if (val)
+        memcpy(tmpval, val, len);
+    else if (RAND_bytes(tmpval, len) <= 0)
+        goto err;
+    if (!X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce,
+                         &os, 0, X509V3_ADD_REPLACE))
+        goto err;
+    ret = 1;
+ err:
+    OPENSSL_free(os.data);
+    return ret;
+}
+
+/* Add nonce to an OCSP request */
+
+int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len)
+{
+    return ocsp_add1_nonce(&req->tbsRequest.requestExtensions, val, len);
+}
+
+/* Same as above but for a response */
+
+int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len)
+{
+    return ocsp_add1_nonce(&resp->tbsResponseData.responseExtensions, val,
+                           len);
+}
+
+/*-
+ * Check nonce validity in a request and response.
+ * Return value reflects result:
+ *  1: nonces present and equal.
+ *  2: nonces both absent.
+ *  3: nonce present in response only.
+ *  0: nonces both present and not equal.
+ * -1: nonce in request only.
+ *
+ *  For most responders clients can check return > 0.
+ *  If responder doesn't handle nonces return != 0 may be
+ *  necessary. return == 0 is always an error.
+ */
+
+int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs)
+{
+    /*
+     * Since we are only interested in the presence or absence of
+     * the nonce and comparing its value there is no need to use
+     * the X509V3 routines: this way we can avoid them allocating an
+     * ASN1_OCTET_STRING structure for the value which would be
+     * freed immediately anyway.
+     */
+
+    int req_idx, resp_idx;
+    X509_EXTENSION *req_ext, *resp_ext;
+    req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1);
+    resp_idx = OCSP_BASICRESP_get_ext_by_NID(bs, NID_id_pkix_OCSP_Nonce, -1);
+    /* Check both absent */
+    if ((req_idx < 0) && (resp_idx < 0))
+        return 2;
+    /* Check in request only */
+    if ((req_idx >= 0) && (resp_idx < 0))
+        return -1;
+    /* Check in response but not request */
+    if ((req_idx < 0) && (resp_idx >= 0))
+        return 3;
+    /*
+     * Otherwise nonce in request and response so retrieve the extensions
+     */
+    req_ext = OCSP_REQUEST_get_ext(req, req_idx);
+    resp_ext = OCSP_BASICRESP_get_ext(bs, resp_idx);
+    if (ASN1_OCTET_STRING_cmp(X509_EXTENSION_get_data(req_ext),
+                              X509_EXTENSION_get_data(resp_ext)))
+        return 0;
+    return 1;
+}
+
+/*
+ * Copy the nonce value (if any) from an OCSP request to a response.
+ */
+
+int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req)
+{
+    X509_EXTENSION *req_ext;
+    int req_idx;
+    /* Check for nonce in request */
+    req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1);
+    /* If no nonce that's OK */
+    if (req_idx < 0)
+        return 2;
+    req_ext = OCSP_REQUEST_get_ext(req, req_idx);
+    return OCSP_BASICRESP_add_ext(resp, req_ext, -1);
+}
+
+X509_EXTENSION *OCSP_crlID_new(const char *url, long *n, char *tim)
+{
+    X509_EXTENSION *x = NULL;
+    OCSP_CRLID *cid = NULL;
+
+    if ((cid = OCSP_CRLID_new()) == NULL)
+        goto err;
+    if (url) {
+        if ((cid->crlUrl = ASN1_IA5STRING_new()) == NULL)
+            goto err;
+        if (!(ASN1_STRING_set(cid->crlUrl, url, -1)))
+            goto err;
+    }
+    if (n) {
+        if ((cid->crlNum = ASN1_INTEGER_new()) == NULL)
+            goto err;
+        if (!(ASN1_INTEGER_set(cid->crlNum, *n)))
+            goto err;
+    }
+    if (tim) {
+        if ((cid->crlTime = ASN1_GENERALIZEDTIME_new()) == NULL)
+            goto err;
+        if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim)))
+            goto err;
+    }
+    x = X509V3_EXT_i2d(NID_id_pkix_OCSP_CrlID, 0, cid);
+ err:
+    OCSP_CRLID_free(cid);
+    return x;
+}
+
+/*   AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER */
+X509_EXTENSION *OCSP_accept_responses_new(char **oids)
+{
+    int nid;
+    STACK_OF(ASN1_OBJECT) *sk = NULL;
+    ASN1_OBJECT *o = NULL;
+    X509_EXTENSION *x = NULL;
+
+    if ((sk = sk_ASN1_OBJECT_new_null()) == NULL)
+        goto err;
+    while (oids && *oids) {
+        if ((nid = OBJ_txt2nid(*oids)) != NID_undef && (o = OBJ_nid2obj(nid)))
+            sk_ASN1_OBJECT_push(sk, o);
+        oids++;
+    }
+    x = X509V3_EXT_i2d(NID_id_pkix_OCSP_acceptableResponses, 0, sk);
+ err:
+    sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
+    return x;
+}
+
+/*  ArchiveCutoff ::= GeneralizedTime */
+X509_EXTENSION *OCSP_archive_cutoff_new(char *tim)
+{
+    X509_EXTENSION *x = NULL;
+    ASN1_GENERALIZEDTIME *gt = NULL;
+
+    if ((gt = ASN1_GENERALIZEDTIME_new()) == NULL)
+        goto err;
+    if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim)))
+        goto err;
+    x = X509V3_EXT_i2d(NID_id_pkix_OCSP_archiveCutoff, 0, gt);
+ err:
+    ASN1_GENERALIZEDTIME_free(gt);
+    return x;
+}
+
+/*
+ * per ACCESS_DESCRIPTION parameter are oids, of which there are currently
+ * two--NID_ad_ocsp, NID_id_ad_caIssuers--and GeneralName value.  This method
+ * forces NID_ad_ocsp and uniformResourceLocator [6] IA5String.
+ */
+X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, const char **urls)
+{
+    X509_EXTENSION *x = NULL;
+    ASN1_IA5STRING *ia5 = NULL;
+    OCSP_SERVICELOC *sloc = NULL;
+    ACCESS_DESCRIPTION *ad = NULL;
+
+    if ((sloc = OCSP_SERVICELOC_new()) == NULL)
+        goto err;
+    if ((sloc->issuer = X509_NAME_dup(issuer)) == NULL)
+        goto err;
+    if (urls && *urls
+        && (sloc->locator = sk_ACCESS_DESCRIPTION_new_null()) == NULL)
+        goto err;
+    while (urls && *urls) {
+        if ((ad = ACCESS_DESCRIPTION_new()) == NULL)
+            goto err;
+        if ((ad->method = OBJ_nid2obj(NID_ad_OCSP)) == NULL)
+            goto err;
+        if ((ad->location = GENERAL_NAME_new()) == NULL)
+            goto err;
+        if ((ia5 = ASN1_IA5STRING_new()) == NULL)
+            goto err;
+        if (!ASN1_STRING_set((ASN1_STRING *)ia5, *urls, -1))
+            goto err;
+        ad->location->type = GEN_URI;
+        ad->location->d.ia5 = ia5;
+        ia5 = NULL;
+        if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad))
+            goto err;
+        ad = NULL;
+        urls++;
+    }
+    x = X509V3_EXT_i2d(NID_id_pkix_OCSP_serviceLocator, 0, sloc);
+ err:
+    ASN1_IA5STRING_free(ia5);
+    ACCESS_DESCRIPTION_free(ad);
+    OCSP_SERVICELOC_free(sloc);
+    return x;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_ht.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_ht.c
new file mode 100644
index 000000000..42c368643
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_ht.c
@@ -0,0 +1,502 @@
+/*
+ * Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include <stdio.h>
+#include <stdlib.h>
+#include "internal/ctype.h"
+#include <string.h>
+#include <openssl/asn1.h>
+#include <openssl/ocsp.h>
+#include <openssl/err.h>
+#include <openssl/buffer.h>
+
+/* Stateful OCSP request code, supporting non-blocking I/O */
+
+/* Opaque OCSP request status structure */
+
+struct ocsp_req_ctx_st {
+    int state;                  /* Current I/O state */
+    unsigned char *iobuf;       /* Line buffer */
+    int iobuflen;               /* Line buffer length */
+    BIO *io;                    /* BIO to perform I/O with */
+    BIO *mem;                   /* Memory BIO response is built into */
+    unsigned long asn1_len;     /* ASN1 length of response */
+    unsigned long max_resp_len; /* Maximum length of response */
+};
+
+#define OCSP_MAX_RESP_LENGTH    (100 * 1024)
+#define OCSP_MAX_LINE_LEN       4096;
+
+/* OCSP states */
+
+/* If set no reading should be performed */
+#define OHS_NOREAD              0x1000
+/* Error condition */
+#define OHS_ERROR               (0 | OHS_NOREAD)
+/* First line being read */
+#define OHS_FIRSTLINE           1
+/* MIME headers being read */
+#define OHS_HEADERS             2
+/* OCSP initial header (tag + length) being read */
+#define OHS_ASN1_HEADER         3
+/* OCSP content octets being read */
+#define OHS_ASN1_CONTENT        4
+/* First call: ready to start I/O */
+#define OHS_ASN1_WRITE_INIT     (5 | OHS_NOREAD)
+/* Request being sent */
+#define OHS_ASN1_WRITE          (6 | OHS_NOREAD)
+/* Request being flushed */
+#define OHS_ASN1_FLUSH          (7 | OHS_NOREAD)
+/* Completed */
+#define OHS_DONE                (8 | OHS_NOREAD)
+/* Headers set, no final \r\n included */
+#define OHS_HTTP_HEADER         (9 | OHS_NOREAD)
+
+static int parse_http_line1(char *line);
+
+OCSP_REQ_CTX *OCSP_REQ_CTX_new(BIO *io, int maxline)
+{
+    OCSP_REQ_CTX *rctx = OPENSSL_zalloc(sizeof(*rctx));
+
+    if (rctx == NULL)
+        return NULL;
+    rctx->state = OHS_ERROR;
+    rctx->max_resp_len = OCSP_MAX_RESP_LENGTH;
+    rctx->mem = BIO_new(BIO_s_mem());
+    rctx->io = io;
+    if (maxline > 0)
+        rctx->iobuflen = maxline;
+    else
+        rctx->iobuflen = OCSP_MAX_LINE_LEN;
+    rctx->iobuf = OPENSSL_malloc(rctx->iobuflen);
+    if (rctx->iobuf == NULL || rctx->mem == NULL) {
+        OCSP_REQ_CTX_free(rctx);
+        return NULL;
+    }
+    return rctx;
+}
+
+void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx)
+{
+    if (!rctx)
+        return;
+    BIO_free(rctx->mem);
+    OPENSSL_free(rctx->iobuf);
+    OPENSSL_free(rctx);
+}
+
+BIO *OCSP_REQ_CTX_get0_mem_bio(OCSP_REQ_CTX *rctx)
+{
+    return rctx->mem;
+}
+
+void OCSP_set_max_response_length(OCSP_REQ_CTX *rctx, unsigned long len)
+{
+    if (len == 0)
+        rctx->max_resp_len = OCSP_MAX_RESP_LENGTH;
+    else
+        rctx->max_resp_len = len;
+}
+
+int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const ASN1_ITEM *it, ASN1_VALUE *val)
+{
+    static const char req_hdr[] =
+        "Content-Type: application/ocsp-request\r\n"
+        "Content-Length: %d\r\n\r\n";
+    int reqlen = ASN1_item_i2d(val, NULL, it);
+    if (BIO_printf(rctx->mem, req_hdr, reqlen) <= 0)
+        return 0;
+    if (ASN1_item_i2d_bio(it, rctx->mem, val) <= 0)
+        return 0;
+    rctx->state = OHS_ASN1_WRITE_INIT;
+    return 1;
+}
+
+int OCSP_REQ_CTX_nbio_d2i(OCSP_REQ_CTX *rctx,
+                          ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    int rv, len;
+    const unsigned char *p;
+
+    rv = OCSP_REQ_CTX_nbio(rctx);
+    if (rv != 1)
+        return rv;
+
+    len = BIO_get_mem_data(rctx->mem, &p);
+    *pval = ASN1_item_d2i(NULL, &p, len, it);
+    if (*pval == NULL) {
+        rctx->state = OHS_ERROR;
+        return 0;
+    }
+    return 1;
+}
+
+int OCSP_REQ_CTX_http(OCSP_REQ_CTX *rctx, const char *op, const char *path)
+{
+    static const char http_hdr[] = "%s %s HTTP/1.0\r\n";
+
+    if (!path)
+        path = "/";
+
+    if (BIO_printf(rctx->mem, http_hdr, op, path) <= 0)
+        return 0;
+    rctx->state = OHS_HTTP_HEADER;
+    return 1;
+}
+
+int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req)
+{
+    return OCSP_REQ_CTX_i2d(rctx, ASN1_ITEM_rptr(OCSP_REQUEST),
+                            (ASN1_VALUE *)req);
+}
+
+int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx,
+                             const char *name, const char *value)
+{
+    if (!name)
+        return 0;
+    if (BIO_puts(rctx->mem, name) <= 0)
+        return 0;
+    if (value) {
+        if (BIO_write(rctx->mem, ": ", 2) != 2)
+            return 0;
+        if (BIO_puts(rctx->mem, value) <= 0)
+            return 0;
+    }
+    if (BIO_write(rctx->mem, "\r\n", 2) != 2)
+        return 0;
+    rctx->state = OHS_HTTP_HEADER;
+    return 1;
+}
+
+OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req,
+                               int maxline)
+{
+
+    OCSP_REQ_CTX *rctx = NULL;
+    rctx = OCSP_REQ_CTX_new(io, maxline);
+    if (rctx == NULL)
+        return NULL;
+
+    if (!OCSP_REQ_CTX_http(rctx, "POST", path))
+        goto err;
+
+    if (req && !OCSP_REQ_CTX_set1_req(rctx, req))
+        goto err;
+
+    return rctx;
+
+ err:
+    OCSP_REQ_CTX_free(rctx);
+    return NULL;
+}
+
+/*
+ * Parse the HTTP response. This will look like this: "HTTP/1.0 200 OK". We
+ * need to obtain the numeric code and (optional) informational message.
+ */
+
+static int parse_http_line1(char *line)
+{
+    int retcode;
+    char *p, *q, *r;
+    /* Skip to first white space (passed protocol info) */
+
+    for (p = line; *p && !ossl_isspace(*p); p++)
+        continue;
+    if (!*p) {
+        OCSPerr(OCSP_F_PARSE_HTTP_LINE1, OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
+        return 0;
+    }
+
+    /* Skip past white space to start of response code */
+    while (*p && ossl_isspace(*p))
+        p++;
+
+    if (!*p) {
+        OCSPerr(OCSP_F_PARSE_HTTP_LINE1, OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
+        return 0;
+    }
+
+    /* Find end of response code: first whitespace after start of code */
+    for (q = p; *q && !ossl_isspace(*q); q++)
+        continue;
+
+    if (!*q) {
+        OCSPerr(OCSP_F_PARSE_HTTP_LINE1, OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
+        return 0;
+    }
+
+    /* Set end of response code and start of message */
+    *q++ = 0;
+
+    /* Attempt to parse numeric code */
+    retcode = strtoul(p, &r, 10);
+
+    if (*r)
+        return 0;
+
+    /* Skip over any leading white space in message */
+    while (*q && ossl_isspace(*q))
+        q++;
+
+    if (*q) {
+        /*
+         * Finally zap any trailing white space in message (include CRLF)
+         */
+
+        /* We know q has a non white space character so this is OK */
+        for (r = q + strlen(q) - 1; ossl_isspace(*r); r--)
+            *r = 0;
+    }
+    if (retcode != 200) {
+        OCSPerr(OCSP_F_PARSE_HTTP_LINE1, OCSP_R_SERVER_RESPONSE_ERROR);
+        if (!*q)
+            ERR_add_error_data(2, "Code=", p);
+        else
+            ERR_add_error_data(4, "Code=", p, ",Reason=", q);
+        return 0;
+    }
+
+    return 1;
+
+}
+
+int OCSP_REQ_CTX_nbio(OCSP_REQ_CTX *rctx)
+{
+    int i, n;
+    const unsigned char *p;
+ next_io:
+    if (!(rctx->state & OHS_NOREAD)) {
+        n = BIO_read(rctx->io, rctx->iobuf, rctx->iobuflen);
+
+        if (n <= 0) {
+            if (BIO_should_retry(rctx->io))
+                return -1;
+            return 0;
+        }
+
+        /* Write data to memory BIO */
+
+        if (BIO_write(rctx->mem, rctx->iobuf, n) != n)
+            return 0;
+    }
+
+    switch (rctx->state) {
+    case OHS_HTTP_HEADER:
+        /* Last operation was adding headers: need a final \r\n */
+        if (BIO_write(rctx->mem, "\r\n", 2) != 2) {
+            rctx->state = OHS_ERROR;
+            return 0;
+        }
+        rctx->state = OHS_ASN1_WRITE_INIT;
+
+        /* fall thru */
+    case OHS_ASN1_WRITE_INIT:
+        rctx->asn1_len = BIO_get_mem_data(rctx->mem, NULL);
+        rctx->state = OHS_ASN1_WRITE;
+
+        /* fall thru */
+    case OHS_ASN1_WRITE:
+        n = BIO_get_mem_data(rctx->mem, &p);
+
+        i = BIO_write(rctx->io, p + (n - rctx->asn1_len), rctx->asn1_len);
+
+        if (i <= 0) {
+            if (BIO_should_retry(rctx->io))
+                return -1;
+            rctx->state = OHS_ERROR;
+            return 0;
+        }
+
+        rctx->asn1_len -= i;
+
+        if (rctx->asn1_len > 0)
+            goto next_io;
+
+        rctx->state = OHS_ASN1_FLUSH;
+
+        (void)BIO_reset(rctx->mem);
+
+        /* fall thru */
+    case OHS_ASN1_FLUSH:
+
+        i = BIO_flush(rctx->io);
+
+        if (i > 0) {
+            rctx->state = OHS_FIRSTLINE;
+            goto next_io;
+        }
+
+        if (BIO_should_retry(rctx->io))
+            return -1;
+
+        rctx->state = OHS_ERROR;
+        return 0;
+
+    case OHS_ERROR:
+        return 0;
+
+    case OHS_FIRSTLINE:
+    case OHS_HEADERS:
+
+        /* Attempt to read a line in */
+
+ next_line:
+        /*
+         * Due to &%^*$" memory BIO behaviour with BIO_gets we have to check
+         * there's a complete line in there before calling BIO_gets or we'll
+         * just get a partial read.
+         */
+        n = BIO_get_mem_data(rctx->mem, &p);
+        if ((n <= 0) || !memchr(p, '\n', n)) {
+            if (n >= rctx->iobuflen) {
+                rctx->state = OHS_ERROR;
+                return 0;
+            }
+            goto next_io;
+        }
+        n = BIO_gets(rctx->mem, (char *)rctx->iobuf, rctx->iobuflen);
+
+        if (n <= 0) {
+            if (BIO_should_retry(rctx->mem))
+                goto next_io;
+            rctx->state = OHS_ERROR;
+            return 0;
+        }
+
+        /* Don't allow excessive lines */
+        if (n == rctx->iobuflen) {
+            rctx->state = OHS_ERROR;
+            return 0;
+        }
+
+        /* First line */
+        if (rctx->state == OHS_FIRSTLINE) {
+            if (parse_http_line1((char *)rctx->iobuf)) {
+                rctx->state = OHS_HEADERS;
+                goto next_line;
+            } else {
+                rctx->state = OHS_ERROR;
+                return 0;
+            }
+        } else {
+            /* Look for blank line: end of headers */
+            for (p = rctx->iobuf; *p; p++) {
+                if ((*p != '\r') && (*p != '\n'))
+                    break;
+            }
+            if (*p)
+                goto next_line;
+
+            rctx->state = OHS_ASN1_HEADER;
+
+        }
+
+        /* Fall thru */
+
+    case OHS_ASN1_HEADER:
+        /*
+         * Now reading ASN1 header: can read at least 2 bytes which is enough
+         * for ASN1 SEQUENCE header and either length field or at least the
+         * length of the length field.
+         */
+        n = BIO_get_mem_data(rctx->mem, &p);
+        if (n < 2)
+            goto next_io;
+
+        /* Check it is an ASN1 SEQUENCE */
+        if (*p++ != (V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED)) {
+            rctx->state = OHS_ERROR;
+            return 0;
+        }
+
+        /* Check out length field */
+        if (*p & 0x80) {
+            /*
+             * If MSB set on initial length octet we can now always read 6
+             * octets: make sure we have them.
+             */
+            if (n < 6)
+                goto next_io;
+            n = *p & 0x7F;
+            /* Not NDEF or excessive length */
+            if (!n || (n > 4)) {
+                rctx->state = OHS_ERROR;
+                return 0;
+            }
+            p++;
+            rctx->asn1_len = 0;
+            for (i = 0; i < n; i++) {
+                rctx->asn1_len <<= 8;
+                rctx->asn1_len |= *p++;
+            }
+
+            if (rctx->asn1_len > rctx->max_resp_len) {
+                rctx->state = OHS_ERROR;
+                return 0;
+            }
+
+            rctx->asn1_len += n + 2;
+        } else
+            rctx->asn1_len = *p + 2;
+
+        rctx->state = OHS_ASN1_CONTENT;
+
+        /* Fall thru */
+
+    case OHS_ASN1_CONTENT:
+        n = BIO_get_mem_data(rctx->mem, NULL);
+        if (n < (int)rctx->asn1_len)
+            goto next_io;
+
+        rctx->state = OHS_DONE;
+        return 1;
+
+    case OHS_DONE:
+        return 1;
+
+    }
+
+    return 0;
+
+}
+
+int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx)
+{
+    return OCSP_REQ_CTX_nbio_d2i(rctx,
+                                 (ASN1_VALUE **)presp,
+                                 ASN1_ITEM_rptr(OCSP_RESPONSE));
+}
+
+/* Blocking OCSP request handler: now a special case of non-blocking I/O */
+
+OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req)
+{
+    OCSP_RESPONSE *resp = NULL;
+    OCSP_REQ_CTX *ctx;
+    int rv;
+
+    ctx = OCSP_sendreq_new(b, path, req, -1);
+
+    if (ctx == NULL)
+        return NULL;
+
+    do {
+        rv = OCSP_sendreq_nbio(&resp, ctx);
+    } while ((rv == -1) && BIO_should_retry(b));
+
+    OCSP_REQ_CTX_free(ctx);
+
+    if (rv)
+        return resp;
+
+    return NULL;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_lcl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_lcl.h
new file mode 100644
index 000000000..36646fdfc
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_lcl.h
@@ -0,0 +1,236 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*-  CertID ::= SEQUENCE {
+ *       hashAlgorithm            AlgorithmIdentifier,
+ *       issuerNameHash     OCTET STRING, -- Hash of Issuer's DN
+ *       issuerKeyHash      OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields)
+ *       serialNumber       CertificateSerialNumber }
+ */
+struct ocsp_cert_id_st {
+    X509_ALGOR hashAlgorithm;
+    ASN1_OCTET_STRING issuerNameHash;
+    ASN1_OCTET_STRING issuerKeyHash;
+    ASN1_INTEGER serialNumber;
+};
+
+/*-  Request ::=     SEQUENCE {
+ *       reqCert                    CertID,
+ *       singleRequestExtensions    [0] EXPLICIT Extensions OPTIONAL }
+ */
+struct ocsp_one_request_st {
+    OCSP_CERTID *reqCert;
+    STACK_OF(X509_EXTENSION) *singleRequestExtensions;
+};
+
+/*-  TBSRequest      ::=     SEQUENCE {
+ *       version             [0] EXPLICIT Version DEFAULT v1,
+ *       requestorName       [1] EXPLICIT GeneralName OPTIONAL,
+ *       requestList             SEQUENCE OF Request,
+ *       requestExtensions   [2] EXPLICIT Extensions OPTIONAL }
+ */
+struct ocsp_req_info_st {
+    ASN1_INTEGER *version;
+    GENERAL_NAME *requestorName;
+    STACK_OF(OCSP_ONEREQ) *requestList;
+    STACK_OF(X509_EXTENSION) *requestExtensions;
+};
+
+/*-  Signature       ::=     SEQUENCE {
+ *       signatureAlgorithm   AlgorithmIdentifier,
+ *       signature            BIT STRING,
+ *       certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
+ */
+struct ocsp_signature_st {
+    X509_ALGOR signatureAlgorithm;
+    ASN1_BIT_STRING *signature;
+    STACK_OF(X509) *certs;
+};
+
+/*-  OCSPRequest     ::=     SEQUENCE {
+ *       tbsRequest                  TBSRequest,
+ *       optionalSignature   [0]     EXPLICIT Signature OPTIONAL }
+ */
+struct ocsp_request_st {
+    OCSP_REQINFO tbsRequest;
+    OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */
+};
+
+/*-  OCSPResponseStatus ::= ENUMERATED {
+ *       successful            (0),      --Response has valid confirmations
+ *       malformedRequest      (1),      --Illegal confirmation request
+ *       internalError         (2),      --Internal error in issuer
+ *       tryLater              (3),      --Try again later
+ *                                       --(4) is not used
+ *       sigRequired           (5),      --Must sign the request
+ *       unauthorized          (6)       --Request unauthorized
+ *   }
+ */
+
+/*-  ResponseBytes ::=       SEQUENCE {
+ *       responseType   OBJECT IDENTIFIER,
+ *       response       OCTET STRING }
+ */
+struct ocsp_resp_bytes_st {
+    ASN1_OBJECT *responseType;
+    ASN1_OCTET_STRING *response;
+};
+
+/*-  OCSPResponse ::= SEQUENCE {
+ *      responseStatus         OCSPResponseStatus,
+ *      responseBytes          [0] EXPLICIT ResponseBytes OPTIONAL }
+ */
+struct ocsp_response_st {
+    ASN1_ENUMERATED *responseStatus;
+    OCSP_RESPBYTES *responseBytes;
+};
+
+/*-  ResponderID ::= CHOICE {
+ *      byName   [1] Name,
+ *      byKey    [2] KeyHash }
+ */
+struct ocsp_responder_id_st {
+    int type;
+    union {
+        X509_NAME *byName;
+        ASN1_OCTET_STRING *byKey;
+    } value;
+};
+
+/*-  KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
+ *                            --(excluding the tag and length fields)
+ */
+
+/*-  RevokedInfo ::= SEQUENCE {
+ *       revocationTime              GeneralizedTime,
+ *       revocationReason    [0]     EXPLICIT CRLReason OPTIONAL }
+ */
+struct ocsp_revoked_info_st {
+    ASN1_GENERALIZEDTIME *revocationTime;
+    ASN1_ENUMERATED *revocationReason;
+};
+
+/*-  CertStatus ::= CHOICE {
+ *       good                [0]     IMPLICIT NULL,
+ *       revoked             [1]     IMPLICIT RevokedInfo,
+ *       unknown             [2]     IMPLICIT UnknownInfo }
+ */
+struct ocsp_cert_status_st {
+    int type;
+    union {
+        ASN1_NULL *good;
+        OCSP_REVOKEDINFO *revoked;
+        ASN1_NULL *unknown;
+    } value;
+};
+
+/*-  SingleResponse ::= SEQUENCE {
+ *      certID                       CertID,
+ *      certStatus                   CertStatus,
+ *      thisUpdate                   GeneralizedTime,
+ *      nextUpdate           [0]     EXPLICIT GeneralizedTime OPTIONAL,
+ *      singleExtensions     [1]     EXPLICIT Extensions OPTIONAL }
+ */
+struct ocsp_single_response_st {
+    OCSP_CERTID *certId;
+    OCSP_CERTSTATUS *certStatus;
+    ASN1_GENERALIZEDTIME *thisUpdate;
+    ASN1_GENERALIZEDTIME *nextUpdate;
+    STACK_OF(X509_EXTENSION) *singleExtensions;
+};
+
+/*-  ResponseData ::= SEQUENCE {
+ *      version              [0] EXPLICIT Version DEFAULT v1,
+ *      responderID              ResponderID,
+ *      producedAt               GeneralizedTime,
+ *      responses                SEQUENCE OF SingleResponse,
+ *      responseExtensions   [1] EXPLICIT Extensions OPTIONAL }
+ */
+struct ocsp_response_data_st {
+    ASN1_INTEGER *version;
+    OCSP_RESPID responderId;
+    ASN1_GENERALIZEDTIME *producedAt;
+    STACK_OF(OCSP_SINGLERESP) *responses;
+    STACK_OF(X509_EXTENSION) *responseExtensions;
+};
+
+/*-  BasicOCSPResponse       ::= SEQUENCE {
+ *      tbsResponseData      ResponseData,
+ *      signatureAlgorithm   AlgorithmIdentifier,
+ *      signature            BIT STRING,
+ *      certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
+ */
+  /*
+   * Note 1: The value for "signature" is specified in the OCSP rfc2560 as
+   * follows: "The value for the signature SHALL be computed on the hash of
+   * the DER encoding ResponseData." This means that you must hash the
+   * DER-encoded tbsResponseData, and then run it through a crypto-signing
+   * function, which will (at least w/RSA) do a hash-'n'-private-encrypt
+   * operation.  This seems a bit odd, but that's the spec.  Also note that
+   * the data structures do not leave anywhere to independently specify the
+   * algorithm used for the initial hash. So, we look at the
+   * signature-specification algorithm, and try to do something intelligent.
+   * -- Kathy Weinhold, CertCo
+   */
+  /*
+   * Note 2: It seems that the mentioned passage from RFC 2560 (section
+   * 4.2.1) is open for interpretation.  I've done tests against another
+   * responder, and found that it doesn't do the double hashing that the RFC
+   * seems to say one should.  Therefore, all relevant functions take a flag
+   * saying which variant should be used.  -- Richard Levitte, OpenSSL team
+   * and CeloCom
+   */
+struct ocsp_basic_response_st {
+    OCSP_RESPDATA tbsResponseData;
+    X509_ALGOR signatureAlgorithm;
+    ASN1_BIT_STRING *signature;
+    STACK_OF(X509) *certs;
+};
+
+/*-
+ * CrlID ::= SEQUENCE {
+ *     crlUrl               [0]     EXPLICIT IA5String OPTIONAL,
+ *     crlNum               [1]     EXPLICIT INTEGER OPTIONAL,
+ *     crlTime              [2]     EXPLICIT GeneralizedTime OPTIONAL }
+ */
+struct ocsp_crl_id_st {
+    ASN1_IA5STRING *crlUrl;
+    ASN1_INTEGER *crlNum;
+    ASN1_GENERALIZEDTIME *crlTime;
+};
+
+/*-
+ * ServiceLocator ::= SEQUENCE {
+ *      issuer    Name,
+ *      locator   AuthorityInfoAccessSyntax OPTIONAL }
+ */
+struct ocsp_service_locator_st {
+    X509_NAME *issuer;
+    STACK_OF(ACCESS_DESCRIPTION) *locator;
+};
+
+#  define OCSP_REQUEST_sign(o,pkey,md) \
+        ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\
+                &(o)->optionalSignature->signatureAlgorithm,NULL,\
+                (o)->optionalSignature->signature,&(o)->tbsRequest,pkey,md)
+
+#  define OCSP_BASICRESP_sign(o,pkey,md,d) \
+        ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),&(o)->signatureAlgorithm,\
+                NULL,(o)->signature,&(o)->tbsResponseData,pkey,md)
+
+#  define OCSP_BASICRESP_sign_ctx(o,ctx,d) \
+        ASN1_item_sign_ctx(ASN1_ITEM_rptr(OCSP_RESPDATA),&(o)->signatureAlgorithm,\
+                NULL,(o)->signature,&(o)->tbsResponseData,ctx)
+
+#  define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\
+        &(a)->optionalSignature->signatureAlgorithm,\
+        (a)->optionalSignature->signature,&(a)->tbsRequest,r)
+
+#  define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\
+        &(a)->signatureAlgorithm,(a)->signature,&(a)->tbsResponseData,r)
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_lib.c
new file mode 100644
index 000000000..8edd70ac8
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_lib.c
@@ -0,0 +1,222 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/ocsp.h>
+#include "ocsp_lcl.h"
+#include <openssl/asn1t.h>
+
+/* Convert a certificate and its issuer to an OCSP_CERTID */
+
+OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject,
+                             const X509 *issuer)
+{
+    X509_NAME *iname;
+    const ASN1_INTEGER *serial;
+    ASN1_BIT_STRING *ikey;
+    if (!dgst)
+        dgst = EVP_sha1();
+    if (subject) {
+        iname = X509_get_issuer_name(subject);
+        serial = X509_get0_serialNumber(subject);
+    } else {
+        iname = X509_get_subject_name(issuer);
+        serial = NULL;
+    }
+    ikey = X509_get0_pubkey_bitstr(issuer);
+    return OCSP_cert_id_new(dgst, iname, ikey, serial);
+}
+
+OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
+                              const X509_NAME *issuerName,
+                              const ASN1_BIT_STRING *issuerKey,
+                              const ASN1_INTEGER *serialNumber)
+{
+    int nid;
+    unsigned int i;
+    X509_ALGOR *alg;
+    OCSP_CERTID *cid = NULL;
+    unsigned char md[EVP_MAX_MD_SIZE];
+
+    if ((cid = OCSP_CERTID_new()) == NULL)
+        goto err;
+
+    alg = &cid->hashAlgorithm;
+    ASN1_OBJECT_free(alg->algorithm);
+    if ((nid = EVP_MD_type(dgst)) == NID_undef) {
+        OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_UNKNOWN_NID);
+        goto err;
+    }
+    if ((alg->algorithm = OBJ_nid2obj(nid)) == NULL)
+        goto err;
+    if ((alg->parameter = ASN1_TYPE_new()) == NULL)
+        goto err;
+    alg->parameter->type = V_ASN1_NULL;
+
+    if (!X509_NAME_digest(issuerName, dgst, md, &i))
+        goto digerr;
+    if (!(ASN1_OCTET_STRING_set(&cid->issuerNameHash, md, i)))
+        goto err;
+
+    /* Calculate the issuerKey hash, excluding tag and length */
+    if (!EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL))
+        goto err;
+
+    if (!(ASN1_OCTET_STRING_set(&cid->issuerKeyHash, md, i)))
+        goto err;
+
+    if (serialNumber) {
+        if (ASN1_STRING_copy(&cid->serialNumber, serialNumber) == 0)
+            goto err;
+    }
+    return cid;
+ digerr:
+    OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_DIGEST_ERR);
+ err:
+    OCSP_CERTID_free(cid);
+    return NULL;
+}
+
+int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b)
+{
+    int ret;
+    ret = OBJ_cmp(a->hashAlgorithm.algorithm, b->hashAlgorithm.algorithm);
+    if (ret)
+        return ret;
+    ret = ASN1_OCTET_STRING_cmp(&a->issuerNameHash, &b->issuerNameHash);
+    if (ret)
+        return ret;
+    return ASN1_OCTET_STRING_cmp(&a->issuerKeyHash, &b->issuerKeyHash);
+}
+
+int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b)
+{
+    int ret;
+    ret = OCSP_id_issuer_cmp(a, b);
+    if (ret)
+        return ret;
+    return ASN1_INTEGER_cmp(&a->serialNumber, &b->serialNumber);
+}
+
+/*
+ * Parse a URL and split it up into host, port and path components and
+ * whether it is SSL.
+ */
+
+int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath,
+                   int *pssl)
+{
+    char *p, *buf;
+
+    char *host, *port;
+
+    *phost = NULL;
+    *pport = NULL;
+    *ppath = NULL;
+
+    /* dup the buffer since we are going to mess with it */
+    buf = OPENSSL_strdup(url);
+    if (!buf)
+        goto mem_err;
+
+    /* Check for initial colon */
+    p = strchr(buf, ':');
+
+    if (!p)
+        goto parse_err;
+
+    *(p++) = '\0';
+
+    if (strcmp(buf, "http") == 0) {
+        *pssl = 0;
+        port = "80";
+    } else if (strcmp(buf, "https") == 0) {
+        *pssl = 1;
+        port = "443";
+    } else
+        goto parse_err;
+
+    /* Check for double slash */
+    if ((p[0] != '/') || (p[1] != '/'))
+        goto parse_err;
+
+    p += 2;
+
+    host = p;
+
+    /* Check for trailing part of path */
+
+    p = strchr(p, '/');
+
+    if (!p)
+        *ppath = OPENSSL_strdup("/");
+    else {
+        *ppath = OPENSSL_strdup(p);
+        /* Set start of path to 0 so hostname is valid */
+        *p = '\0';
+    }
+
+    if (!*ppath)
+        goto mem_err;
+
+    p = host;
+    if (host[0] == '[') {
+        /* ipv6 literal */
+        host++;
+        p = strchr(host, ']');
+        if (!p)
+            goto parse_err;
+        *p = '\0';
+        p++;
+    }
+
+    /* Look for optional ':' for port number */
+    if ((p = strchr(p, ':'))) {
+        *p = 0;
+        port = p + 1;
+    }
+
+    *pport = OPENSSL_strdup(port);
+    if (!*pport)
+        goto mem_err;
+
+    *phost = OPENSSL_strdup(host);
+
+    if (!*phost)
+        goto mem_err;
+
+    OPENSSL_free(buf);
+
+    return 1;
+
+ mem_err:
+    OCSPerr(OCSP_F_OCSP_PARSE_URL, ERR_R_MALLOC_FAILURE);
+    goto err;
+
+ parse_err:
+    OCSPerr(OCSP_F_OCSP_PARSE_URL, OCSP_R_ERROR_PARSING_URL);
+
+ err:
+    OPENSSL_free(buf);
+    OPENSSL_free(*ppath);
+    *ppath = NULL;
+    OPENSSL_free(*pport);
+    *pport = NULL;
+    OPENSSL_free(*phost);
+    *phost = NULL;
+    return 0;
+
+}
+
+IMPLEMENT_ASN1_DUP_FUNCTION(OCSP_CERTID)
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_prn.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_prn.c
new file mode 100644
index 000000000..5605812ef
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_prn.c
@@ -0,0 +1,246 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/ocsp.h>
+#include "ocsp_lcl.h"
+#include "internal/cryptlib.h"
+#include <openssl/pem.h>
+
+static int ocsp_certid_print(BIO *bp, OCSP_CERTID *a, int indent)
+{
+    BIO_printf(bp, "%*sCertificate ID:\n", indent, "");
+    indent += 2;
+    BIO_printf(bp, "%*sHash Algorithm: ", indent, "");
+    i2a_ASN1_OBJECT(bp, a->hashAlgorithm.algorithm);
+    BIO_printf(bp, "\n%*sIssuer Name Hash: ", indent, "");
+    i2a_ASN1_STRING(bp, &a->issuerNameHash, 0);
+    BIO_printf(bp, "\n%*sIssuer Key Hash: ", indent, "");
+    i2a_ASN1_STRING(bp, &a->issuerKeyHash, 0);
+    BIO_printf(bp, "\n%*sSerial Number: ", indent, "");
+    i2a_ASN1_INTEGER(bp, &a->serialNumber);
+    BIO_printf(bp, "\n");
+    return 1;
+}
+
+typedef struct {
+    long t;
+    const char *m;
+} OCSP_TBLSTR;
+
+static const char *do_table2string(long s, const OCSP_TBLSTR *ts, size_t len)
+{
+    size_t i;
+    for (i = 0; i < len; i++, ts++)
+        if (ts->t == s)
+            return ts->m;
+    return "(UNKNOWN)";
+}
+
+#define table2string(s, tbl) do_table2string(s, tbl, OSSL_NELEM(tbl))
+
+const char *OCSP_response_status_str(long s)
+{
+    static const OCSP_TBLSTR rstat_tbl[] = {
+        {OCSP_RESPONSE_STATUS_SUCCESSFUL, "successful"},
+        {OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, "malformedrequest"},
+        {OCSP_RESPONSE_STATUS_INTERNALERROR, "internalerror"},
+        {OCSP_RESPONSE_STATUS_TRYLATER, "trylater"},
+        {OCSP_RESPONSE_STATUS_SIGREQUIRED, "sigrequired"},
+        {OCSP_RESPONSE_STATUS_UNAUTHORIZED, "unauthorized"}
+    };
+    return table2string(s, rstat_tbl);
+}
+
+const char *OCSP_cert_status_str(long s)
+{
+    static const OCSP_TBLSTR cstat_tbl[] = {
+        {V_OCSP_CERTSTATUS_GOOD, "good"},
+        {V_OCSP_CERTSTATUS_REVOKED, "revoked"},
+        {V_OCSP_CERTSTATUS_UNKNOWN, "unknown"}
+    };
+    return table2string(s, cstat_tbl);
+}
+
+const char *OCSP_crl_reason_str(long s)
+{
+    static const OCSP_TBLSTR reason_tbl[] = {
+        {OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified"},
+        {OCSP_REVOKED_STATUS_KEYCOMPROMISE, "keyCompromise"},
+        {OCSP_REVOKED_STATUS_CACOMPROMISE, "cACompromise"},
+        {OCSP_REVOKED_STATUS_AFFILIATIONCHANGED, "affiliationChanged"},
+        {OCSP_REVOKED_STATUS_SUPERSEDED, "superseded"},
+        {OCSP_REVOKED_STATUS_CESSATIONOFOPERATION, "cessationOfOperation"},
+        {OCSP_REVOKED_STATUS_CERTIFICATEHOLD, "certificateHold"},
+        {OCSP_REVOKED_STATUS_REMOVEFROMCRL, "removeFromCRL"}
+    };
+    return table2string(s, reason_tbl);
+}
+
+int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *o, unsigned long flags)
+{
+    int i;
+    long l;
+    OCSP_CERTID *cid = NULL;
+    OCSP_ONEREQ *one = NULL;
+    OCSP_REQINFO *inf = &o->tbsRequest;
+    OCSP_SIGNATURE *sig = o->optionalSignature;
+
+    if (BIO_write(bp, "OCSP Request Data:\n", 19) <= 0)
+        goto err;
+    l = ASN1_INTEGER_get(inf->version);
+    if (BIO_printf(bp, "    Version: %lu (0x%lx)", l + 1, l) <= 0)
+        goto err;
+    if (inf->requestorName != NULL) {
+        if (BIO_write(bp, "\n    Requestor Name: ", 21) <= 0)
+            goto err;
+        GENERAL_NAME_print(bp, inf->requestorName);
+    }
+    if (BIO_write(bp, "\n    Requestor List:\n", 21) <= 0)
+        goto err;
+    for (i = 0; i < sk_OCSP_ONEREQ_num(inf->requestList); i++) {
+        one = sk_OCSP_ONEREQ_value(inf->requestList, i);
+        cid = one->reqCert;
+        ocsp_certid_print(bp, cid, 8);
+        if (!X509V3_extensions_print(bp,
+                                     "Request Single Extensions",
+                                     one->singleRequestExtensions, flags, 8))
+            goto err;
+    }
+    if (!X509V3_extensions_print(bp, "Request Extensions",
+                                 inf->requestExtensions, flags, 4))
+        goto err;
+    if (sig) {
+        X509_signature_print(bp, &sig->signatureAlgorithm, sig->signature);
+        for (i = 0; i < sk_X509_num(sig->certs); i++) {
+            X509_print(bp, sk_X509_value(sig->certs, i));
+            PEM_write_bio_X509(bp, sk_X509_value(sig->certs, i));
+        }
+    }
+    return 1;
+ err:
+    return 0;
+}
+
+int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags)
+{
+    int i, ret = 0;
+    long l;
+    OCSP_CERTID *cid = NULL;
+    OCSP_BASICRESP *br = NULL;
+    OCSP_RESPID *rid = NULL;
+    OCSP_RESPDATA *rd = NULL;
+    OCSP_CERTSTATUS *cst = NULL;
+    OCSP_REVOKEDINFO *rev = NULL;
+    OCSP_SINGLERESP *single = NULL;
+    OCSP_RESPBYTES *rb = o->responseBytes;
+
+    if (BIO_puts(bp, "OCSP Response Data:\n") <= 0)
+        goto err;
+    l = ASN1_ENUMERATED_get(o->responseStatus);
+    if (BIO_printf(bp, "    OCSP Response Status: %s (0x%lx)\n",
+                   OCSP_response_status_str(l), l) <= 0)
+        goto err;
+    if (rb == NULL)
+        return 1;
+    if (BIO_puts(bp, "    Response Type: ") <= 0)
+        goto err;
+    if (i2a_ASN1_OBJECT(bp, rb->responseType) <= 0)
+        goto err;
+    if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) {
+        BIO_puts(bp, " (unknown response type)\n");
+        return 1;
+    }
+
+    if ((br = OCSP_response_get1_basic(o)) == NULL)
+        goto err;
+    rd = &br->tbsResponseData;
+    l = ASN1_INTEGER_get(rd->version);
+    if (BIO_printf(bp, "\n    Version: %lu (0x%lx)\n", l + 1, l) <= 0)
+        goto err;
+    if (BIO_puts(bp, "    Responder Id: ") <= 0)
+        goto err;
+
+    rid = &rd->responderId;
+    switch (rid->type) {
+    case V_OCSP_RESPID_NAME:
+        X509_NAME_print_ex(bp, rid->value.byName, 0, XN_FLAG_ONELINE);
+        break;
+    case V_OCSP_RESPID_KEY:
+        i2a_ASN1_STRING(bp, rid->value.byKey, 0);
+        break;
+    }
+
+    if (BIO_printf(bp, "\n    Produced At: ") <= 0)
+        goto err;
+    if (!ASN1_GENERALIZEDTIME_print(bp, rd->producedAt))
+        goto err;
+    if (BIO_printf(bp, "\n    Responses:\n") <= 0)
+        goto err;
+    for (i = 0; i < sk_OCSP_SINGLERESP_num(rd->responses); i++) {
+        if (!sk_OCSP_SINGLERESP_value(rd->responses, i))
+            continue;
+        single = sk_OCSP_SINGLERESP_value(rd->responses, i);
+        cid = single->certId;
+        if (ocsp_certid_print(bp, cid, 4) <= 0)
+            goto err;
+        cst = single->certStatus;
+        if (BIO_printf(bp, "    Cert Status: %s",
+                       OCSP_cert_status_str(cst->type)) <= 0)
+            goto err;
+        if (cst->type == V_OCSP_CERTSTATUS_REVOKED) {
+            rev = cst->value.revoked;
+            if (BIO_printf(bp, "\n    Revocation Time: ") <= 0)
+                goto err;
+            if (!ASN1_GENERALIZEDTIME_print(bp, rev->revocationTime))
+                goto err;
+            if (rev->revocationReason) {
+                l = ASN1_ENUMERATED_get(rev->revocationReason);
+                if (BIO_printf(bp,
+                               "\n    Revocation Reason: %s (0x%lx)",
+                               OCSP_crl_reason_str(l), l) <= 0)
+                    goto err;
+            }
+        }
+        if (BIO_printf(bp, "\n    This Update: ") <= 0)
+            goto err;
+        if (!ASN1_GENERALIZEDTIME_print(bp, single->thisUpdate))
+            goto err;
+        if (single->nextUpdate) {
+            if (BIO_printf(bp, "\n    Next Update: ") <= 0)
+                goto err;
+            if (!ASN1_GENERALIZEDTIME_print(bp, single->nextUpdate))
+                goto err;
+        }
+        if (BIO_write(bp, "\n", 1) <= 0)
+            goto err;
+        if (!X509V3_extensions_print(bp,
+                                     "Response Single Extensions",
+                                     single->singleExtensions, flags, 8))
+            goto err;
+        if (BIO_write(bp, "\n", 1) <= 0)
+            goto err;
+    }
+    if (!X509V3_extensions_print(bp, "Response Extensions",
+                                 rd->responseExtensions, flags, 4))
+        goto err;
+    if (X509_signature_print(bp, &br->signatureAlgorithm, br->signature) <= 0)
+        goto err;
+
+    for (i = 0; i < sk_X509_num(br->certs); i++) {
+        X509_print(bp, sk_X509_value(br->certs, i));
+        PEM_write_bio_X509(bp, sk_X509_value(br->certs, i));
+    }
+
+    ret = 1;
+ err:
+    OCSP_BASICRESP_free(br);
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_srv.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_srv.c
new file mode 100644
index 000000000..6bd6f7b6d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_srv.c
@@ -0,0 +1,310 @@
+/*
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/ocsp.h>
+#include "ocsp_lcl.h"
+
+/*
+ * Utility functions related to sending OCSP responses and extracting
+ * relevant information from the request.
+ */
+
+int OCSP_request_onereq_count(OCSP_REQUEST *req)
+{
+    return sk_OCSP_ONEREQ_num(req->tbsRequest.requestList);
+}
+
+OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i)
+{
+    return sk_OCSP_ONEREQ_value(req->tbsRequest.requestList, i);
+}
+
+OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one)
+{
+    return one->reqCert;
+}
+
+int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,
+                      ASN1_OCTET_STRING **pikeyHash,
+                      ASN1_INTEGER **pserial, OCSP_CERTID *cid)
+{
+    if (!cid)
+        return 0;
+    if (pmd)
+        *pmd = cid->hashAlgorithm.algorithm;
+    if (piNameHash)
+        *piNameHash = &cid->issuerNameHash;
+    if (pikeyHash)
+        *pikeyHash = &cid->issuerKeyHash;
+    if (pserial)
+        *pserial = &cid->serialNumber;
+    return 1;
+}
+
+int OCSP_request_is_signed(OCSP_REQUEST *req)
+{
+    if (req->optionalSignature)
+        return 1;
+    return 0;
+}
+
+/* Create an OCSP response and encode an optional basic response */
+OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs)
+{
+    OCSP_RESPONSE *rsp = NULL;
+
+    if ((rsp = OCSP_RESPONSE_new()) == NULL)
+        goto err;
+    if (!(ASN1_ENUMERATED_set(rsp->responseStatus, status)))
+        goto err;
+    if (!bs)
+        return rsp;
+    if ((rsp->responseBytes = OCSP_RESPBYTES_new()) == NULL)
+        goto err;
+    rsp->responseBytes->responseType = OBJ_nid2obj(NID_id_pkix_OCSP_basic);
+    if (!ASN1_item_pack
+        (bs, ASN1_ITEM_rptr(OCSP_BASICRESP), &rsp->responseBytes->response))
+         goto err;
+    return rsp;
+ err:
+    OCSP_RESPONSE_free(rsp);
+    return NULL;
+}
+
+OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp,
+                                        OCSP_CERTID *cid,
+                                        int status, int reason,
+                                        ASN1_TIME *revtime,
+                                        ASN1_TIME *thisupd,
+                                        ASN1_TIME *nextupd)
+{
+    OCSP_SINGLERESP *single = NULL;
+    OCSP_CERTSTATUS *cs;
+    OCSP_REVOKEDINFO *ri;
+
+    if (rsp->tbsResponseData.responses == NULL
+        && (rsp->tbsResponseData.responses
+                = sk_OCSP_SINGLERESP_new_null()) == NULL)
+        goto err;
+
+    if ((single = OCSP_SINGLERESP_new()) == NULL)
+        goto err;
+
+    if (!ASN1_TIME_to_generalizedtime(thisupd, &single->thisUpdate))
+        goto err;
+    if (nextupd &&
+        !ASN1_TIME_to_generalizedtime(nextupd, &single->nextUpdate))
+        goto err;
+
+    OCSP_CERTID_free(single->certId);
+
+    if ((single->certId = OCSP_CERTID_dup(cid)) == NULL)
+        goto err;
+
+    cs = single->certStatus;
+    switch (cs->type = status) {
+    case V_OCSP_CERTSTATUS_REVOKED:
+        if (!revtime) {
+            OCSPerr(OCSP_F_OCSP_BASIC_ADD1_STATUS, OCSP_R_NO_REVOKED_TIME);
+            goto err;
+        }
+        if ((cs->value.revoked = ri = OCSP_REVOKEDINFO_new()) == NULL)
+            goto err;
+        if (!ASN1_TIME_to_generalizedtime(revtime, &ri->revocationTime))
+            goto err;
+        if (reason != OCSP_REVOKED_STATUS_NOSTATUS) {
+            if ((ri->revocationReason = ASN1_ENUMERATED_new()) == NULL)
+                goto err;
+            if (!(ASN1_ENUMERATED_set(ri->revocationReason, reason)))
+                goto err;
+        }
+        break;
+
+    case V_OCSP_CERTSTATUS_GOOD:
+        if ((cs->value.good = ASN1_NULL_new()) == NULL)
+            goto err;
+        break;
+
+    case V_OCSP_CERTSTATUS_UNKNOWN:
+        if ((cs->value.unknown = ASN1_NULL_new()) == NULL)
+            goto err;
+        break;
+
+    default:
+        goto err;
+
+    }
+    if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData.responses, single)))
+        goto err;
+    return single;
+ err:
+    OCSP_SINGLERESP_free(single);
+    return NULL;
+}
+
+/* Add a certificate to an OCSP request */
+
+int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert)
+{
+    if (resp->certs == NULL
+        && (resp->certs = sk_X509_new_null()) == NULL)
+        return 0;
+
+    if (!sk_X509_push(resp->certs, cert))
+        return 0;
+    X509_up_ref(cert);
+    return 1;
+}
+
+/*
+ * Sign an OCSP response using the parameters contained in the digest context,
+ * set the responderID to the subject name in the signer's certificate, and
+ * include one or more optional certificates in the response.
+ */
+
+int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp,
+                    X509 *signer, EVP_MD_CTX *ctx,
+                    STACK_OF(X509) *certs, unsigned long flags)
+{
+    int i;
+    OCSP_RESPID *rid;
+    EVP_PKEY *pkey;
+
+    if (ctx == NULL || EVP_MD_CTX_pkey_ctx(ctx) == NULL) {
+        OCSPerr(OCSP_F_OCSP_BASIC_SIGN_CTX, OCSP_R_NO_SIGNER_KEY);
+        goto err;
+    }
+
+    pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx));
+    if (pkey == NULL || !X509_check_private_key(signer, pkey)) {
+        OCSPerr(OCSP_F_OCSP_BASIC_SIGN_CTX,
+                OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+        goto err;
+    }
+
+    if (!(flags & OCSP_NOCERTS)) {
+        if (!OCSP_basic_add1_cert(brsp, signer))
+            goto err;
+        for (i = 0; i < sk_X509_num(certs); i++) {
+            X509 *tmpcert = sk_X509_value(certs, i);
+            if (!OCSP_basic_add1_cert(brsp, tmpcert))
+                goto err;
+        }
+    }
+
+    rid = &brsp->tbsResponseData.responderId;
+    if (flags & OCSP_RESPID_KEY) {
+        if (!OCSP_RESPID_set_by_key(rid, signer))
+            goto err;
+    } else if (!OCSP_RESPID_set_by_name(rid, signer)) {
+        goto err;
+    }
+
+    if (!(flags & OCSP_NOTIME) &&
+        !X509_gmtime_adj(brsp->tbsResponseData.producedAt, 0))
+        goto err;
+
+    /*
+     * Right now, I think that not doing double hashing is the right thing.
+     * -- Richard Levitte
+     */
+
+    if (!OCSP_BASICRESP_sign_ctx(brsp, ctx, 0))
+        goto err;
+
+    return 1;
+ err:
+    return 0;
+}
+
+int OCSP_basic_sign(OCSP_BASICRESP *brsp,
+                    X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
+                    STACK_OF(X509) *certs, unsigned long flags)
+{
+    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+    EVP_PKEY_CTX *pkctx = NULL;
+    int i;
+
+    if (ctx == NULL)
+        return 0;
+
+    if (!EVP_DigestSignInit(ctx, &pkctx, dgst, NULL, key)) {
+        EVP_MD_CTX_free(ctx);
+        return 0;
+    }
+    i = OCSP_basic_sign_ctx(brsp, signer, ctx, certs, flags);
+    EVP_MD_CTX_free(ctx);
+    return i;
+}
+
+int OCSP_RESPID_set_by_name(OCSP_RESPID *respid, X509 *cert)
+{
+    if (!X509_NAME_set(&respid->value.byName, X509_get_subject_name(cert)))
+        return 0;
+
+    respid->type = V_OCSP_RESPID_NAME;
+
+    return 1;
+}
+
+int OCSP_RESPID_set_by_key(OCSP_RESPID *respid, X509 *cert)
+{
+    ASN1_OCTET_STRING *byKey = NULL;
+    unsigned char md[SHA_DIGEST_LENGTH];
+
+    /* RFC2560 requires SHA1 */
+    if (!X509_pubkey_digest(cert, EVP_sha1(), md, NULL))
+        return 0;
+
+    byKey = ASN1_OCTET_STRING_new();
+    if (byKey == NULL)
+        return 0;
+
+    if (!(ASN1_OCTET_STRING_set(byKey, md, SHA_DIGEST_LENGTH))) {
+        ASN1_OCTET_STRING_free(byKey);
+        return 0;
+    }
+
+    respid->type = V_OCSP_RESPID_KEY;
+    respid->value.byKey = byKey;
+
+    return 1;
+}
+
+int OCSP_RESPID_match(OCSP_RESPID *respid, X509 *cert)
+{
+    if (respid->type == V_OCSP_RESPID_KEY) {
+        unsigned char md[SHA_DIGEST_LENGTH];
+
+        if (respid->value.byKey == NULL)
+            return 0;
+
+        /* RFC2560 requires SHA1 */
+        if (!X509_pubkey_digest(cert, EVP_sha1(), md, NULL))
+            return 0;
+
+        return (ASN1_STRING_length(respid->value.byKey) == SHA_DIGEST_LENGTH)
+            && (memcmp(ASN1_STRING_get0_data(respid->value.byKey), md,
+                       SHA_DIGEST_LENGTH) == 0);
+    } else if (respid->type == V_OCSP_RESPID_NAME) {
+        if (respid->value.byName == NULL)
+            return 0;
+
+        return X509_NAME_cmp(respid->value.byName,
+                             X509_get_subject_name(cert)) == 0;
+    }
+
+    return 0;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_vfy.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_vfy.c
new file mode 100644
index 000000000..9a8d34386
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_vfy.c
@@ -0,0 +1,435 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/ocsp.h>
+#include "ocsp_lcl.h"
+#include <openssl/err.h>
+#include <string.h>
+
+static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs,
+                            STACK_OF(X509) *certs, unsigned long flags);
+static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id);
+static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain);
+static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp,
+                          OCSP_CERTID **ret);
+static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
+                               STACK_OF(OCSP_SINGLERESP) *sresp);
+static int ocsp_check_delegated(X509 *x);
+static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req,
+                                X509_NAME *nm, STACK_OF(X509) *certs,
+                                unsigned long flags);
+
+/* Verify a basic response message */
+
+int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
+                      X509_STORE *st, unsigned long flags)
+{
+    X509 *signer, *x;
+    STACK_OF(X509) *chain = NULL;
+    STACK_OF(X509) *untrusted = NULL;
+    X509_STORE_CTX *ctx = NULL;
+    int i, ret = ocsp_find_signer(&signer, bs, certs, flags);
+
+    if (!ret) {
+        OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
+                OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
+        goto end;
+    }
+    ctx = X509_STORE_CTX_new();
+    if (ctx == NULL) {
+        OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto f_err;
+    }
+    if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
+        flags |= OCSP_NOVERIFY;
+    if (!(flags & OCSP_NOSIGS)) {
+        EVP_PKEY *skey;
+        skey = X509_get0_pubkey(signer);
+        if (skey == NULL) {
+            OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_NO_SIGNER_KEY);
+            goto err;
+        }
+        ret = OCSP_BASICRESP_verify(bs, skey, 0);
+        if (ret <= 0) {
+            OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE);
+            goto end;
+        }
+    }
+    if (!(flags & OCSP_NOVERIFY)) {
+        int init_res;
+        if (flags & OCSP_NOCHAIN) {
+            untrusted = NULL;
+        } else if (bs->certs && certs) {
+            untrusted = sk_X509_dup(bs->certs);
+            for (i = 0; i < sk_X509_num(certs); i++) {
+                if (!sk_X509_push(untrusted, sk_X509_value(certs, i))) {
+                    OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_MALLOC_FAILURE);
+                    goto f_err;
+                }
+            }
+        } else if (certs != NULL) {
+            untrusted = certs;
+        } else {
+            untrusted = bs->certs;
+        }
+        init_res = X509_STORE_CTX_init(ctx, st, signer, untrusted);
+        if (!init_res) {
+            OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_X509_LIB);
+            goto f_err;
+        }
+
+        X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_OCSP_HELPER);
+        ret = X509_verify_cert(ctx);
+        chain = X509_STORE_CTX_get1_chain(ctx);
+        if (ret <= 0) {
+            i = X509_STORE_CTX_get_error(ctx);
+            OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
+                    OCSP_R_CERTIFICATE_VERIFY_ERROR);
+            ERR_add_error_data(2, "Verify error:",
+                               X509_verify_cert_error_string(i));
+            goto end;
+        }
+        if (flags & OCSP_NOCHECKS) {
+            ret = 1;
+            goto end;
+        }
+        /*
+         * At this point we have a valid certificate chain need to verify it
+         * against the OCSP issuer criteria.
+         */
+        ret = ocsp_check_issuer(bs, chain);
+
+        /* If fatal error or valid match then finish */
+        if (ret != 0)
+            goto end;
+
+        /*
+         * Easy case: explicitly trusted. Get root CA and check for explicit
+         * trust
+         */
+        if (flags & OCSP_NOEXPLICIT)
+            goto end;
+
+        x = sk_X509_value(chain, sk_X509_num(chain) - 1);
+        if (X509_check_trust(x, NID_OCSP_sign, 0) != X509_TRUST_TRUSTED) {
+            OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_ROOT_CA_NOT_TRUSTED);
+            goto err;
+        }
+        ret = 1;
+    }
+ end:
+    X509_STORE_CTX_free(ctx);
+    sk_X509_pop_free(chain, X509_free);
+    if (bs->certs && certs)
+        sk_X509_free(untrusted);
+    return ret;
+
+ err:
+    ret = 0;
+    goto end;
+ f_err:
+    ret = -1;
+    goto end;
+}
+
+int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer,
+                          STACK_OF(X509) *extra_certs)
+{
+    int ret;
+
+    ret = ocsp_find_signer(signer, bs, extra_certs, 0);
+    return (ret > 0) ? 1 : 0;
+}
+
+static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs,
+                            STACK_OF(X509) *certs, unsigned long flags)
+{
+    X509 *signer;
+    OCSP_RESPID *rid = &bs->tbsResponseData.responderId;
+    if ((signer = ocsp_find_signer_sk(certs, rid))) {
+        *psigner = signer;
+        return 2;
+    }
+    if (!(flags & OCSP_NOINTERN) &&
+        (signer = ocsp_find_signer_sk(bs->certs, rid))) {
+        *psigner = signer;
+        return 1;
+    }
+    /* Maybe lookup from store if by subject name */
+
+    *psigner = NULL;
+    return 0;
+}
+
+static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id)
+{
+    int i;
+    unsigned char tmphash[SHA_DIGEST_LENGTH], *keyhash;
+    X509 *x;
+
+    /* Easy if lookup by name */
+    if (id->type == V_OCSP_RESPID_NAME)
+        return X509_find_by_subject(certs, id->value.byName);
+
+    /* Lookup by key hash */
+
+    /* If key hash isn't SHA1 length then forget it */
+    if (id->value.byKey->length != SHA_DIGEST_LENGTH)
+        return NULL;
+    keyhash = id->value.byKey->data;
+    /* Calculate hash of each key and compare */
+    for (i = 0; i < sk_X509_num(certs); i++) {
+        x = sk_X509_value(certs, i);
+        X509_pubkey_digest(x, EVP_sha1(), tmphash, NULL);
+        if (!memcmp(keyhash, tmphash, SHA_DIGEST_LENGTH))
+            return x;
+    }
+    return NULL;
+}
+
+static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain)
+{
+    STACK_OF(OCSP_SINGLERESP) *sresp;
+    X509 *signer, *sca;
+    OCSP_CERTID *caid = NULL;
+    int i;
+    sresp = bs->tbsResponseData.responses;
+
+    if (sk_X509_num(chain) <= 0) {
+        OCSPerr(OCSP_F_OCSP_CHECK_ISSUER, OCSP_R_NO_CERTIFICATES_IN_CHAIN);
+        return -1;
+    }
+
+    /* See if the issuer IDs match. */
+    i = ocsp_check_ids(sresp, &caid);
+
+    /* If ID mismatch or other error then return */
+    if (i <= 0)
+        return i;
+
+    signer = sk_X509_value(chain, 0);
+    /* Check to see if OCSP responder CA matches request CA */
+    if (sk_X509_num(chain) > 1) {
+        sca = sk_X509_value(chain, 1);
+        i = ocsp_match_issuerid(sca, caid, sresp);
+        if (i < 0)
+            return i;
+        if (i) {
+            /* We have a match, if extensions OK then success */
+            if (ocsp_check_delegated(signer))
+                return 1;
+            return 0;
+        }
+    }
+
+    /* Otherwise check if OCSP request signed directly by request CA */
+    return ocsp_match_issuerid(signer, caid, sresp);
+}
+
+/*
+ * Check the issuer certificate IDs for equality. If there is a mismatch with
+ * the same algorithm then there's no point trying to match any certificates
+ * against the issuer. If the issuer IDs all match then we just need to check
+ * equality against one of them.
+ */
+
+static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret)
+{
+    OCSP_CERTID *tmpid, *cid;
+    int i, idcount;
+
+    idcount = sk_OCSP_SINGLERESP_num(sresp);
+    if (idcount <= 0) {
+        OCSPerr(OCSP_F_OCSP_CHECK_IDS,
+                OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA);
+        return -1;
+    }
+
+    cid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId;
+
+    *ret = NULL;
+
+    for (i = 1; i < idcount; i++) {
+        tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
+        /* Check to see if IDs match */
+        if (OCSP_id_issuer_cmp(cid, tmpid)) {
+            /* If algorithm mismatch let caller deal with it */
+            if (OBJ_cmp(tmpid->hashAlgorithm.algorithm,
+                        cid->hashAlgorithm.algorithm))
+                return 2;
+            /* Else mismatch */
+            return 0;
+        }
+    }
+
+    /* All IDs match: only need to check one ID */
+    *ret = cid;
+    return 1;
+}
+
+static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
+                               STACK_OF(OCSP_SINGLERESP) *sresp)
+{
+    /* If only one ID to match then do it */
+    if (cid) {
+        const EVP_MD *dgst;
+        X509_NAME *iname;
+        int mdlen;
+        unsigned char md[EVP_MAX_MD_SIZE];
+        if ((dgst = EVP_get_digestbyobj(cid->hashAlgorithm.algorithm))
+                == NULL) {
+            OCSPerr(OCSP_F_OCSP_MATCH_ISSUERID,
+                    OCSP_R_UNKNOWN_MESSAGE_DIGEST);
+            return -1;
+        }
+
+        mdlen = EVP_MD_size(dgst);
+        if (mdlen < 0)
+            return -1;
+        if ((cid->issuerNameHash.length != mdlen) ||
+            (cid->issuerKeyHash.length != mdlen))
+            return 0;
+        iname = X509_get_subject_name(cert);
+        if (!X509_NAME_digest(iname, dgst, md, NULL))
+            return -1;
+        if (memcmp(md, cid->issuerNameHash.data, mdlen))
+            return 0;
+        X509_pubkey_digest(cert, dgst, md, NULL);
+        if (memcmp(md, cid->issuerKeyHash.data, mdlen))
+            return 0;
+
+        return 1;
+
+    } else {
+        /* We have to match the whole lot */
+        int i, ret;
+        OCSP_CERTID *tmpid;
+        for (i = 0; i < sk_OCSP_SINGLERESP_num(sresp); i++) {
+            tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
+            ret = ocsp_match_issuerid(cert, tmpid, NULL);
+            if (ret <= 0)
+                return ret;
+        }
+        return 1;
+    }
+
+}
+
+static int ocsp_check_delegated(X509 *x)
+{
+    if ((X509_get_extension_flags(x) & EXFLAG_XKUSAGE)
+        && (X509_get_extended_key_usage(x) & XKU_OCSP_SIGN))
+        return 1;
+    OCSPerr(OCSP_F_OCSP_CHECK_DELEGATED, OCSP_R_MISSING_OCSPSIGNING_USAGE);
+    return 0;
+}
+
+/*
+ * Verify an OCSP request. This is fortunately much easier than OCSP response
+ * verify. Just find the signers certificate and verify it against a given
+ * trust value.
+ */
+
+int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs,
+                        X509_STORE *store, unsigned long flags)
+{
+    X509 *signer;
+    X509_NAME *nm;
+    GENERAL_NAME *gen;
+    int ret = 0;
+    X509_STORE_CTX *ctx = X509_STORE_CTX_new();
+
+    if (ctx == NULL) {
+        OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (!req->optionalSignature) {
+        OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_REQUEST_NOT_SIGNED);
+        goto err;
+    }
+    gen = req->tbsRequest.requestorName;
+    if (!gen || gen->type != GEN_DIRNAME) {
+        OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
+                OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE);
+        goto err;
+    }
+    nm = gen->d.directoryName;
+    ret = ocsp_req_find_signer(&signer, req, nm, certs, flags);
+    if (ret <= 0) {
+        OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
+                OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
+        goto err;
+    }
+    if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
+        flags |= OCSP_NOVERIFY;
+    if (!(flags & OCSP_NOSIGS)) {
+        EVP_PKEY *skey;
+        skey = X509_get0_pubkey(signer);
+        ret = OCSP_REQUEST_verify(req, skey);
+        if (ret <= 0) {
+            OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_SIGNATURE_FAILURE);
+            goto err;
+        }
+    }
+    if (!(flags & OCSP_NOVERIFY)) {
+        int init_res;
+        if (flags & OCSP_NOCHAIN)
+            init_res = X509_STORE_CTX_init(ctx, store, signer, NULL);
+        else
+            init_res = X509_STORE_CTX_init(ctx, store, signer,
+                                           req->optionalSignature->certs);
+        if (!init_res) {
+            OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, ERR_R_X509_LIB);
+            goto err;
+        }
+
+        X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_OCSP_HELPER);
+        X509_STORE_CTX_set_trust(ctx, X509_TRUST_OCSP_REQUEST);
+        ret = X509_verify_cert(ctx);
+        if (ret <= 0) {
+            ret = X509_STORE_CTX_get_error(ctx);
+            OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
+                    OCSP_R_CERTIFICATE_VERIFY_ERROR);
+            ERR_add_error_data(2, "Verify error:",
+                               X509_verify_cert_error_string(ret));
+            goto err;
+        }
+    }
+    ret = 1;
+    goto end;
+
+err:
+    ret = 0;
+end:
+    X509_STORE_CTX_free(ctx);
+    return ret;
+
+}
+
+static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req,
+                                X509_NAME *nm, STACK_OF(X509) *certs,
+                                unsigned long flags)
+{
+    X509 *signer;
+    if (!(flags & OCSP_NOINTERN)) {
+        signer = X509_find_by_subject(req->optionalSignature->certs, nm);
+        if (signer) {
+            *psigner = signer;
+            return 1;
+        }
+    }
+
+    signer = X509_find_by_subject(certs, nm);
+    if (signer) {
+        *psigner = signer;
+        return 2;
+    }
+    return 0;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/v3_ocsp.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/v3_ocsp.c
new file mode 100644
index 000000000..2d425a895
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/v3_ocsp.c
@@ -0,0 +1,264 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+# include <stdio.h>
+# include "internal/cryptlib.h"
+# include <openssl/conf.h>
+# include <openssl/asn1.h>
+# include <openssl/ocsp.h>
+# include "ocsp_lcl.h"
+# include <openssl/x509v3.h>
+# include "../x509v3/ext_dat.h"
+
+/*
+ * OCSP extensions and a couple of CRL entry extensions
+ */
+
+static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *nonce,
+                          BIO *out, int indent);
+static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *nonce,
+                            BIO *out, int indent);
+static int i2r_object(const X509V3_EXT_METHOD *method, void *obj, BIO *out,
+                      int indent);
+
+static void *ocsp_nonce_new(void);
+static int i2d_ocsp_nonce(void *a, unsigned char **pp);
+static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length);
+static void ocsp_nonce_free(void *a);
+static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce,
+                          BIO *out, int indent);
+
+static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method,
+                            void *nocheck, BIO *out, int indent);
+static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method,
+                              X509V3_CTX *ctx, const char *str);
+static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in,
+                               BIO *bp, int ind);
+
+const X509V3_EXT_METHOD v3_ocsp_crlid = {
+    NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID),
+    0, 0, 0, 0,
+    0, 0,
+    0, 0,
+    i2r_ocsp_crlid, 0,
+    NULL
+};
+
+const X509V3_EXT_METHOD v3_ocsp_acutoff = {
+    NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
+    0, 0, 0, 0,
+    0, 0,
+    0, 0,
+    i2r_ocsp_acutoff, 0,
+    NULL
+};
+
+const X509V3_EXT_METHOD v3_crl_invdate = {
+    NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
+    0, 0, 0, 0,
+    0, 0,
+    0, 0,
+    i2r_ocsp_acutoff, 0,
+    NULL
+};
+
+const X509V3_EXT_METHOD v3_crl_hold = {
+    NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT),
+    0, 0, 0, 0,
+    0, 0,
+    0, 0,
+    i2r_object, 0,
+    NULL
+};
+
+const X509V3_EXT_METHOD v3_ocsp_nonce = {
+    NID_id_pkix_OCSP_Nonce, 0, NULL,
+    ocsp_nonce_new,
+    ocsp_nonce_free,
+    d2i_ocsp_nonce,
+    i2d_ocsp_nonce,
+    0, 0,
+    0, 0,
+    i2r_ocsp_nonce, 0,
+    NULL
+};
+
+const X509V3_EXT_METHOD v3_ocsp_nocheck = {
+    NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL),
+    0, 0, 0, 0,
+    0, s2i_ocsp_nocheck,
+    0, 0,
+    i2r_ocsp_nocheck, 0,
+    NULL
+};
+
+const X509V3_EXT_METHOD v3_ocsp_serviceloc = {
+    NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC),
+    0, 0, 0, 0,
+    0, 0,
+    0, 0,
+    i2r_ocsp_serviceloc, 0,
+    NULL
+};
+
+static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *in, BIO *bp,
+                          int ind)
+{
+    OCSP_CRLID *a = in;
+    if (a->crlUrl) {
+        if (BIO_printf(bp, "%*scrlUrl: ", ind, "") <= 0)
+            goto err;
+        if (!ASN1_STRING_print(bp, (ASN1_STRING *)a->crlUrl))
+            goto err;
+        if (BIO_write(bp, "\n", 1) <= 0)
+            goto err;
+    }
+    if (a->crlNum) {
+        if (BIO_printf(bp, "%*scrlNum: ", ind, "") <= 0)
+            goto err;
+        if (i2a_ASN1_INTEGER(bp, a->crlNum) <= 0)
+            goto err;
+        if (BIO_write(bp, "\n", 1) <= 0)
+            goto err;
+    }
+    if (a->crlTime) {
+        if (BIO_printf(bp, "%*scrlTime: ", ind, "") <= 0)
+            goto err;
+        if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime))
+            goto err;
+        if (BIO_write(bp, "\n", 1) <= 0)
+            goto err;
+    }
+    return 1;
+ err:
+    return 0;
+}
+
+static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *cutoff,
+                            BIO *bp, int ind)
+{
+    if (BIO_printf(bp, "%*s", ind, "") <= 0)
+        return 0;
+    if (!ASN1_GENERALIZEDTIME_print(bp, cutoff))
+        return 0;
+    return 1;
+}
+
+static int i2r_object(const X509V3_EXT_METHOD *method, void *oid, BIO *bp,
+                      int ind)
+{
+    if (BIO_printf(bp, "%*s", ind, "") <= 0)
+        return 0;
+    if (i2a_ASN1_OBJECT(bp, oid) <= 0)
+        return 0;
+    return 1;
+}
+
+/*
+ * OCSP nonce. This is needs special treatment because it doesn't have an
+ * ASN1 encoding at all: it just contains arbitrary data.
+ */
+
+static void *ocsp_nonce_new(void)
+{
+    return ASN1_OCTET_STRING_new();
+}
+
+static int i2d_ocsp_nonce(void *a, unsigned char **pp)
+{
+    ASN1_OCTET_STRING *os = a;
+    if (pp) {
+        memcpy(*pp, os->data, os->length);
+        *pp += os->length;
+    }
+    return os->length;
+}
+
+static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length)
+{
+    ASN1_OCTET_STRING *os, **pos;
+    pos = a;
+    if (pos == NULL || *pos == NULL) {
+        os = ASN1_OCTET_STRING_new();
+        if (os == NULL)
+            goto err;
+    } else {
+        os = *pos;
+    }
+    if (!ASN1_OCTET_STRING_set(os, *pp, length))
+        goto err;
+
+    *pp += length;
+
+    if (pos)
+        *pos = os;
+    return os;
+
+ err:
+    if ((pos == NULL) || (*pos != os))
+        ASN1_OCTET_STRING_free(os);
+    OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+static void ocsp_nonce_free(void *a)
+{
+    ASN1_OCTET_STRING_free(a);
+}
+
+static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce,
+                          BIO *out, int indent)
+{
+    if (BIO_printf(out, "%*s", indent, "") <= 0)
+        return 0;
+    if (i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0)
+        return 0;
+    return 1;
+}
+
+/* Nocheck is just a single NULL. Don't print anything and always set it */
+
+static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, void *nocheck,
+                            BIO *out, int indent)
+{
+    return 1;
+}
+
+static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method,
+                              X509V3_CTX *ctx, const char *str)
+{
+    return ASN1_NULL_new();
+}
+
+static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in,
+                               BIO *bp, int ind)
+{
+    int i;
+    OCSP_SERVICELOC *a = in;
+    ACCESS_DESCRIPTION *ad;
+
+    if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0)
+        goto err;
+    if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0)
+        goto err;
+    for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++) {
+        ad = sk_ACCESS_DESCRIPTION_value(a->locator, i);
+        if (BIO_printf(bp, "\n%*s", (2 * ind), "") <= 0)
+            goto err;
+        if (i2a_ASN1_OBJECT(bp, ad->method) <= 0)
+            goto err;
+        if (BIO_puts(bp, " - ") <= 0)
+            goto err;
+        if (GENERAL_NAME_print(bp, ad->location) <= 0)
+            goto err;
+    }
+    return 1;
+ err:
+    return 0;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pariscid.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/pariscid.pl
new file mode 100644
index 000000000..5a231c49f
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pariscid.pl
@@ -0,0 +1,276 @@
+#! /usr/bin/env perl
+# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+$flavour = shift;
+$output = shift;
+open STDOUT,">$output";
+
+if ($flavour =~ /64/) {
+	$LEVEL		="2.0W";
+	$SIZE_T		=8;
+	$ST		="std";
+} else {
+	$LEVEL		="1.1";
+	$SIZE_T		=4;
+	$ST		="stw";
+}
+
+$rp="%r2";
+$sp="%r30";
+$rv="%r28";
+
+$code=<<___;
+	.LEVEL	$LEVEL
+	.SPACE	\$TEXT\$
+	.SUBSPA	\$CODE\$,QUAD=0,ALIGN=8,ACCESS=0x2C,CODE_ONLY
+
+	.EXPORT	OPENSSL_cpuid_setup,ENTRY
+	.ALIGN	8
+OPENSSL_cpuid_setup
+	.PROC
+	.CALLINFO	NO_CALLS
+	.ENTRY
+	bv	($rp)
+	.EXIT
+	nop
+	.PROCEND
+
+	.EXPORT	OPENSSL_rdtsc,ENTRY
+	.ALIGN	8
+OPENSSL_rdtsc
+	.PROC
+	.CALLINFO	NO_CALLS
+	.ENTRY
+	mfctl	%cr16,$rv
+	bv	($rp)
+	.EXIT
+	nop
+	.PROCEND
+
+	.EXPORT	OPENSSL_wipe_cpu,ENTRY
+	.ALIGN	8
+OPENSSL_wipe_cpu
+	.PROC
+	.CALLINFO	NO_CALLS
+	.ENTRY
+	xor		%r0,%r0,%r1
+	fcpy,dbl	%fr0,%fr4
+	xor		%r0,%r0,%r19
+	fcpy,dbl	%fr0,%fr5
+	xor		%r0,%r0,%r20
+	fcpy,dbl	%fr0,%fr6
+	xor		%r0,%r0,%r21
+	fcpy,dbl	%fr0,%fr7
+	xor		%r0,%r0,%r22
+	fcpy,dbl	%fr0,%fr8
+	xor		%r0,%r0,%r23
+	fcpy,dbl	%fr0,%fr9
+	xor		%r0,%r0,%r24
+	fcpy,dbl	%fr0,%fr10
+	xor		%r0,%r0,%r25
+	fcpy,dbl	%fr0,%fr11
+	xor		%r0,%r0,%r26
+	fcpy,dbl	%fr0,%fr22
+	xor		%r0,%r0,%r29
+	fcpy,dbl	%fr0,%fr23
+	xor		%r0,%r0,%r31
+	fcpy,dbl	%fr0,%fr24
+	fcpy,dbl	%fr0,%fr25
+	fcpy,dbl	%fr0,%fr26
+	fcpy,dbl	%fr0,%fr27
+	fcpy,dbl	%fr0,%fr28
+	fcpy,dbl	%fr0,%fr29
+	fcpy,dbl	%fr0,%fr30
+	fcpy,dbl	%fr0,%fr31
+	bv		($rp)
+	.EXIT
+	ldo		0($sp),$rv
+	.PROCEND
+___
+{
+my $inp="%r26";
+my $len="%r25";
+
+$code.=<<___;
+	.EXPORT	OPENSSL_cleanse,ENTRY,ARGW0=GR,ARGW1=GR
+	.ALIGN	8
+OPENSSL_cleanse
+	.PROC
+	.CALLINFO	NO_CALLS
+	.ENTRY
+	cmpib,*=	0,$len,L\$done
+	nop
+	cmpib,*>>=	15,$len,L\$ittle
+	ldi		$SIZE_T-1,%r1
+
+L\$align
+	and,*<>		$inp,%r1,%r28
+	b,n		L\$aligned
+	stb		%r0,0($inp)
+	ldo		-1($len),$len
+	b		L\$align
+	ldo		1($inp),$inp
+
+L\$aligned
+	andcm		$len,%r1,%r28
+L\$ot
+	$ST		%r0,0($inp)
+	addib,*<>	-$SIZE_T,%r28,L\$ot
+	ldo		$SIZE_T($inp),$inp
+
+	and,*<>		$len,%r1,$len
+	b,n		L\$done
+L\$ittle
+	stb		%r0,0($inp)
+	addib,*<>	-1,$len,L\$ittle
+	ldo		1($inp),$inp
+L\$done
+	bv		($rp)
+	.EXIT
+	nop
+	.PROCEND
+___
+}
+{
+my ($in1,$in2,$len)=("%r26","%r25","%r24");
+
+$code.=<<___;
+	.EXPORT	CRYPTO_memcmp,ENTRY,ARGW0=GR,ARGW1=GR,ARGW1=GR
+	.ALIGN	8
+CRYPTO_memcmp
+	.PROC
+	.CALLINFO	NO_CALLS
+	.ENTRY
+	cmpib,*=	0,$len,L\$no_data
+	xor		$rv,$rv,$rv
+
+L\$oop_cmp
+	ldb		0($in1),%r19
+	ldb		0($in2),%r20
+	ldo		1($in1),$in1
+	ldo		1($in2),$in2
+	xor		%r19,%r20,%r29
+	addib,*<>	-1,$len,L\$oop_cmp
+	or		%r29,$rv,$rv
+
+	sub		%r0,$rv,%r29
+	extru		%r29,0,1,$rv
+L\$no_data
+	bv		($rp)
+	.EXIT
+	nop
+	.PROCEND
+___
+}
+{
+my ($out,$cnt,$max)=("%r26","%r25","%r24");
+my ($tick,$lasttick)=("%r23","%r22");
+my ($diff,$lastdiff)=("%r21","%r20");
+
+$code.=<<___;
+	.EXPORT	OPENSSL_instrument_bus,ENTRY,ARGW0=GR,ARGW1=GR
+	.ALIGN	8
+OPENSSL_instrument_bus
+	.PROC
+	.CALLINFO	NO_CALLS
+	.ENTRY
+	copy		$cnt,$rv
+	mfctl		%cr16,$tick
+	copy		$tick,$lasttick
+	ldi		0,$diff
+
+	fdc		0($out)
+	ldw		0($out),$tick
+	add		$diff,$tick,$tick
+	stw		$tick,0($out)
+L\$oop
+	mfctl		%cr16,$tick
+	sub		$tick,$lasttick,$diff
+	copy		$tick,$lasttick
+
+	fdc		0($out)
+	ldw		0($out),$tick
+	add		$diff,$tick,$tick
+	stw		$tick,0($out)
+
+	addib,<>	-1,$cnt,L\$oop
+	addi		4,$out,$out
+
+	bv		($rp)
+	.EXIT
+	sub		$rv,$cnt,$rv
+	.PROCEND
+
+	.EXPORT	OPENSSL_instrument_bus2,ENTRY,ARGW0=GR,ARGW1=GR
+	.ALIGN	8
+OPENSSL_instrument_bus2
+	.PROC
+	.CALLINFO	NO_CALLS
+	.ENTRY
+	copy		$cnt,$rv
+	sub		%r0,$cnt,$cnt
+
+	mfctl		%cr16,$tick
+	copy		$tick,$lasttick
+	ldi		0,$diff
+
+	fdc		0($out)
+	ldw		0($out),$tick
+	add		$diff,$tick,$tick
+	stw		$tick,0($out)
+
+	mfctl		%cr16,$tick
+	sub		$tick,$lasttick,$diff
+	copy		$tick,$lasttick
+L\$oop2
+	copy		$diff,$lastdiff
+	fdc		0($out)
+	ldw		0($out),$tick
+	add		$diff,$tick,$tick
+	stw		$tick,0($out)
+
+	addib,=		-1,$max,L\$done2
+	nop
+
+	mfctl		%cr16,$tick
+	sub		$tick,$lasttick,$diff
+	copy		$tick,$lasttick
+	cmpclr,<>	$lastdiff,$diff,$tick
+	ldi		1,$tick
+
+	ldi		1,%r1
+	xor		%r1,$tick,$tick
+	addb,<>		$tick,$cnt,L\$oop2
+	shladd,l	$tick,2,$out,$out
+L\$done2
+	bv		($rp)
+	.EXIT
+	add		$rv,$cnt,$rv
+	.PROCEND
+___
+}
+
+if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+	=~ /GNU assembler/) {
+    $gnuas = 1;
+}
+
+foreach(split("\n",$code)) {
+
+	s/(\.LEVEL\s+2\.0)W/$1w/	if ($gnuas && $SIZE_T==8);
+	s/\.SPACE\s+\$TEXT\$/.text/	if ($gnuas && $SIZE_T==8);
+	s/\.SUBSPA.*//			if ($gnuas && $SIZE_T==8);
+	s/cmpib,\*/comib,/		if ($SIZE_T==4);
+	s/,\*/,/			if ($SIZE_T==4);
+	s/\bbv\b/bve/			if ($SIZE_T==8);
+
+	print $_,"\n";
+}
+close STDOUT;
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pem/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/pem/build.info
new file mode 100644
index 000000000..357b32833
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pem/build.info
@@ -0,0 +1,4 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        pem_sign.c pem_info.c pem_lib.c pem_all.c pem_err.c \
+        pem_x509.c pem_xaux.c pem_oth.c pem_pk8.c pem_pkey.c pvkfmt.c
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pem_all.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pem_all.c
new file mode 100644
index 000000000..0e7181311
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pem_all.c
@@ -0,0 +1,181 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pem.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/dh.h>
+
+#ifndef OPENSSL_NO_RSA
+static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa);
+#endif
+#ifndef OPENSSL_NO_DSA
+static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa);
+#endif
+
+#ifndef OPENSSL_NO_EC
+static EC_KEY *pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey);
+#endif
+
+IMPLEMENT_PEM_rw(X509_REQ, X509_REQ, PEM_STRING_X509_REQ, X509_REQ)
+
+IMPLEMENT_PEM_write(X509_REQ_NEW, X509_REQ, PEM_STRING_X509_REQ_OLD, X509_REQ)
+IMPLEMENT_PEM_rw(X509_CRL, X509_CRL, PEM_STRING_X509_CRL, X509_CRL)
+IMPLEMENT_PEM_rw(PKCS7, PKCS7, PEM_STRING_PKCS7, PKCS7)
+
+IMPLEMENT_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE,
+                 PEM_STRING_X509, NETSCAPE_CERT_SEQUENCE)
+#ifndef OPENSSL_NO_RSA
+/*
+ * We treat RSA or DSA private keys as a special case. For private keys we
+ * read in an EVP_PKEY structure with PEM_read_bio_PrivateKey() and extract
+ * the relevant private key: this means can handle "traditional" and PKCS#8
+ * formats transparently.
+ */
+static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa)
+{
+    RSA *rtmp;
+    if (!key)
+        return NULL;
+    rtmp = EVP_PKEY_get1_RSA(key);
+    EVP_PKEY_free(key);
+    if (!rtmp)
+        return NULL;
+    if (rsa) {
+        RSA_free(*rsa);
+        *rsa = rtmp;
+    }
+    return rtmp;
+}
+
+RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **rsa, pem_password_cb *cb,
+                                void *u)
+{
+    EVP_PKEY *pktmp;
+    pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
+    return pkey_get_rsa(pktmp, rsa);
+}
+
+# ifndef OPENSSL_NO_STDIO
+
+RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb, void *u)
+{
+    EVP_PKEY *pktmp;
+    pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
+    return pkey_get_rsa(pktmp, rsa);
+}
+
+# endif
+
+IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA,
+                             RSAPrivateKey)
+
+
+IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC,
+                       RSAPublicKey) IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA,
+                                                      PEM_STRING_PUBLIC,
+                                                      RSA_PUBKEY)
+#endif
+#ifndef OPENSSL_NO_DSA
+static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa)
+{
+    DSA *dtmp;
+    if (!key)
+        return NULL;
+    dtmp = EVP_PKEY_get1_DSA(key);
+    EVP_PKEY_free(key);
+    if (!dtmp)
+        return NULL;
+    if (dsa) {
+        DSA_free(*dsa);
+        *dsa = dtmp;
+    }
+    return dtmp;
+}
+
+DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb,
+                                void *u)
+{
+    EVP_PKEY *pktmp;
+    pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
+    return pkey_get_dsa(pktmp, dsa); /* will free pktmp */
+}
+
+IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA,
+                             DSAPrivateKey)
+    IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY)
+# ifndef OPENSSL_NO_STDIO
+DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb, void *u)
+{
+    EVP_PKEY *pktmp;
+    pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
+    return pkey_get_dsa(pktmp, dsa); /* will free pktmp */
+}
+
+# endif
+
+IMPLEMENT_PEM_rw_const(DSAparams, DSA, PEM_STRING_DSAPARAMS, DSAparams)
+#endif
+#ifndef OPENSSL_NO_EC
+static EC_KEY *pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey)
+{
+    EC_KEY *dtmp;
+    if (!key)
+        return NULL;
+    dtmp = EVP_PKEY_get1_EC_KEY(key);
+    EVP_PKEY_free(key);
+    if (!dtmp)
+        return NULL;
+    if (eckey) {
+        EC_KEY_free(*eckey);
+        *eckey = dtmp;
+    }
+    return dtmp;
+}
+
+EC_KEY *PEM_read_bio_ECPrivateKey(BIO *bp, EC_KEY **key, pem_password_cb *cb,
+                                  void *u)
+{
+    EVP_PKEY *pktmp;
+    pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
+    return pkey_get_eckey(pktmp, key); /* will free pktmp */
+}
+
+IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS,
+                       ECPKParameters)
+
+
+IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY,
+                       ECPrivateKey)
+IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY)
+# ifndef OPENSSL_NO_STDIO
+EC_KEY *PEM_read_ECPrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb,
+                              void *u)
+{
+    EVP_PKEY *pktmp;
+    pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
+    return pkey_get_eckey(pktmp, eckey); /* will free pktmp */
+}
+
+# endif
+
+#endif
+
+#ifndef OPENSSL_NO_DH
+
+IMPLEMENT_PEM_write_const(DHparams, DH, PEM_STRING_DHPARAMS, DHparams)
+    IMPLEMENT_PEM_write_const(DHxparams, DH, PEM_STRING_DHXPARAMS, DHxparams)
+#endif
+IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY)
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pem_err.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pem_err.c
new file mode 100644
index 000000000..f642030aa
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pem_err.c
@@ -0,0 +1,126 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/pemerr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA PEM_str_functs[] = {
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_B2I_DSS, 0), "b2i_dss"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_B2I_PVK_BIO, 0), "b2i_PVK_bio"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_B2I_RSA, 0), "b2i_rsa"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_CHECK_BITLEN_DSA, 0), "check_bitlen_dsa"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_CHECK_BITLEN_RSA, 0), "check_bitlen_rsa"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_D2I_PKCS8PRIVATEKEY_BIO, 0),
+     "d2i_PKCS8PrivateKey_bio"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_D2I_PKCS8PRIVATEKEY_FP, 0),
+     "d2i_PKCS8PrivateKey_fp"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_B2I, 0), "do_b2i"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_B2I_BIO, 0), "do_b2i_bio"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_BLOB_HEADER, 0), "do_blob_header"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_I2B, 0), "do_i2b"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_PK8PKEY, 0), "do_pk8pkey"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_PK8PKEY_FP, 0), "do_pk8pkey_fp"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_PVK_BODY, 0), "do_PVK_body"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_PVK_HEADER, 0), "do_PVK_header"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_GET_HEADER_AND_DATA, 0),
+     "get_header_and_data"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_GET_NAME, 0), "get_name"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_I2B_PVK, 0), "i2b_PVK"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_I2B_PVK_BIO, 0), "i2b_PVK_bio"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_LOAD_IV, 0), "load_iv"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_ASN1_READ, 0), "PEM_ASN1_read"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_ASN1_READ_BIO, 0), "PEM_ASN1_read_bio"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_ASN1_WRITE, 0), "PEM_ASN1_write"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_ASN1_WRITE_BIO, 0), "PEM_ASN1_write_bio"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_DEF_CALLBACK, 0), "PEM_def_callback"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_DO_HEADER, 0), "PEM_do_header"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_GET_EVP_CIPHER_INFO, 0),
+     "PEM_get_EVP_CIPHER_INFO"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ, 0), "PEM_read"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_BIO, 0), "PEM_read_bio"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_BIO_DHPARAMS, 0),
+     "PEM_read_bio_DHparams"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_BIO_EX, 0), "PEM_read_bio_ex"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_BIO_PARAMETERS, 0),
+     "PEM_read_bio_Parameters"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_BIO_PRIVATEKEY, 0),
+     "PEM_read_bio_PrivateKey"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_DHPARAMS, 0), "PEM_read_DHparams"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_PRIVATEKEY, 0),
+     "PEM_read_PrivateKey"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_SIGNFINAL, 0), "PEM_SignFinal"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_WRITE, 0), "PEM_write"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_WRITE_BIO, 0), "PEM_write_bio"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_WRITE_PRIVATEKEY, 0),
+     "PEM_write_PrivateKey"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_X509_INFO_READ, 0), "PEM_X509_INFO_read"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_X509_INFO_READ_BIO, 0),
+     "PEM_X509_INFO_read_bio"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_X509_INFO_WRITE_BIO, 0),
+     "PEM_X509_INFO_write_bio"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA PEM_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_BASE64_DECODE), "bad base64 decode"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_DECRYPT), "bad decrypt"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_END_LINE), "bad end line"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_IV_CHARS), "bad iv chars"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_MAGIC_NUMBER), "bad magic number"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_PASSWORD_READ), "bad password read"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_VERSION_NUMBER), "bad version number"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BIO_WRITE_FAILURE), "bio write failure"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_CIPHER_IS_NULL), "cipher is null"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_ERROR_CONVERTING_PRIVATE_KEY),
+    "error converting private key"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_EXPECTING_PRIVATE_KEY_BLOB),
+    "expecting private key blob"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_EXPECTING_PUBLIC_KEY_BLOB),
+    "expecting public key blob"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_HEADER_TOO_LONG), "header too long"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_INCONSISTENT_HEADER),
+    "inconsistent header"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_KEYBLOB_HEADER_PARSE_ERROR),
+    "keyblob header parse error"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_KEYBLOB_TOO_SHORT), "keyblob too short"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_MISSING_DEK_IV), "missing dek iv"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_NOT_DEK_INFO), "not dek info"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_NOT_ENCRYPTED), "not encrypted"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_NOT_PROC_TYPE), "not proc type"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_NO_START_LINE), "no start line"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_PROBLEMS_GETTING_PASSWORD),
+    "problems getting password"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_PVK_DATA_TOO_SHORT), "pvk data too short"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_PVK_TOO_SHORT), "pvk too short"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_READ_KEY), "read key"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_SHORT_HEADER), "short header"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_UNEXPECTED_DEK_IV), "unexpected dek iv"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_UNSUPPORTED_CIPHER), "unsupported cipher"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_UNSUPPORTED_ENCRYPTION),
+    "unsupported encryption"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_UNSUPPORTED_KEY_COMPONENTS),
+    "unsupported key components"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_PEM_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(PEM_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(PEM_str_functs);
+        ERR_load_strings_const(PEM_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pem_info.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pem_info.c
new file mode 100644
index 000000000..f90cb4465
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pem_info.c
@@ -0,0 +1,337 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+
+#ifndef OPENSSL_NO_STDIO
+STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
+                                        pem_password_cb *cb, void *u)
+{
+    BIO *b;
+    STACK_OF(X509_INFO) *ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        PEMerr(PEM_F_PEM_X509_INFO_READ, ERR_R_BUF_LIB);
+        return 0;
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = PEM_X509_INFO_read_bio(b, sk, cb, u);
+    BIO_free(b);
+    return ret;
+}
+#endif
+
+STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk,
+                                            pem_password_cb *cb, void *u)
+{
+    X509_INFO *xi = NULL;
+    char *name = NULL, *header = NULL;
+    void *pp;
+    unsigned char *data = NULL;
+    const unsigned char *p;
+    long len, error = 0;
+    int ok = 0;
+    STACK_OF(X509_INFO) *ret = NULL;
+    unsigned int i, raw, ptype;
+    d2i_of_void *d2i = 0;
+
+    if (sk == NULL) {
+        if ((ret = sk_X509_INFO_new_null()) == NULL) {
+            PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    } else
+        ret = sk;
+
+    if ((xi = X509_INFO_new()) == NULL)
+        goto err;
+    for (;;) {
+        raw = 0;
+        ptype = 0;
+        i = PEM_read_bio(bp, &name, &header, &data, &len);
+        if (i == 0) {
+            error = ERR_GET_REASON(ERR_peek_last_error());
+            if (error == PEM_R_NO_START_LINE) {
+                ERR_clear_error();
+                break;
+            }
+            goto err;
+        }
+ start:
+        if ((strcmp(name, PEM_STRING_X509) == 0) ||
+            (strcmp(name, PEM_STRING_X509_OLD) == 0)) {
+            d2i = (D2I_OF(void)) d2i_X509;
+            if (xi->x509 != NULL) {
+                if (!sk_X509_INFO_push(ret, xi))
+                    goto err;
+                if ((xi = X509_INFO_new()) == NULL)
+                    goto err;
+                goto start;
+            }
+            pp = &(xi->x509);
+        } else if ((strcmp(name, PEM_STRING_X509_TRUSTED) == 0)) {
+            d2i = (D2I_OF(void)) d2i_X509_AUX;
+            if (xi->x509 != NULL) {
+                if (!sk_X509_INFO_push(ret, xi))
+                    goto err;
+                if ((xi = X509_INFO_new()) == NULL)
+                    goto err;
+                goto start;
+            }
+            pp = &(xi->x509);
+        } else if (strcmp(name, PEM_STRING_X509_CRL) == 0) {
+            d2i = (D2I_OF(void)) d2i_X509_CRL;
+            if (xi->crl != NULL) {
+                if (!sk_X509_INFO_push(ret, xi))
+                    goto err;
+                if ((xi = X509_INFO_new()) == NULL)
+                    goto err;
+                goto start;
+            }
+            pp = &(xi->crl);
+        } else
+#ifndef OPENSSL_NO_RSA
+        if (strcmp(name, PEM_STRING_RSA) == 0) {
+            d2i = (D2I_OF(void)) d2i_RSAPrivateKey;
+            if (xi->x_pkey != NULL) {
+                if (!sk_X509_INFO_push(ret, xi))
+                    goto err;
+                if ((xi = X509_INFO_new()) == NULL)
+                    goto err;
+                goto start;
+            }
+
+            xi->enc_data = NULL;
+            xi->enc_len = 0;
+
+            xi->x_pkey = X509_PKEY_new();
+            if (xi->x_pkey == NULL)
+                goto err;
+            ptype = EVP_PKEY_RSA;
+            pp = &xi->x_pkey->dec_pkey;
+            if ((int)strlen(header) > 10) /* assume encrypted */
+                raw = 1;
+        } else
+#endif
+#ifndef OPENSSL_NO_DSA
+        if (strcmp(name, PEM_STRING_DSA) == 0) {
+            d2i = (D2I_OF(void)) d2i_DSAPrivateKey;
+            if (xi->x_pkey != NULL) {
+                if (!sk_X509_INFO_push(ret, xi))
+                    goto err;
+                if ((xi = X509_INFO_new()) == NULL)
+                    goto err;
+                goto start;
+            }
+
+            xi->enc_data = NULL;
+            xi->enc_len = 0;
+
+            xi->x_pkey = X509_PKEY_new();
+            if (xi->x_pkey == NULL)
+                goto err;
+            ptype = EVP_PKEY_DSA;
+            pp = &xi->x_pkey->dec_pkey;
+            if ((int)strlen(header) > 10) /* assume encrypted */
+                raw = 1;
+        } else
+#endif
+#ifndef OPENSSL_NO_EC
+        if (strcmp(name, PEM_STRING_ECPRIVATEKEY) == 0) {
+            d2i = (D2I_OF(void)) d2i_ECPrivateKey;
+            if (xi->x_pkey != NULL) {
+                if (!sk_X509_INFO_push(ret, xi))
+                    goto err;
+                if ((xi = X509_INFO_new()) == NULL)
+                    goto err;
+                goto start;
+            }
+
+            xi->enc_data = NULL;
+            xi->enc_len = 0;
+
+            xi->x_pkey = X509_PKEY_new();
+            if (xi->x_pkey == NULL)
+                goto err;
+            ptype = EVP_PKEY_EC;
+            pp = &xi->x_pkey->dec_pkey;
+            if ((int)strlen(header) > 10) /* assume encrypted */
+                raw = 1;
+        } else
+#endif
+        {
+            d2i = NULL;
+            pp = NULL;
+        }
+
+        if (d2i != NULL) {
+            if (!raw) {
+                EVP_CIPHER_INFO cipher;
+
+                if (!PEM_get_EVP_CIPHER_INFO(header, &cipher))
+                    goto err;
+                if (!PEM_do_header(&cipher, data, &len, cb, u))
+                    goto err;
+                p = data;
+                if (ptype) {
+                    if (!d2i_PrivateKey(ptype, pp, &p, len)) {
+                        PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, ERR_R_ASN1_LIB);
+                        goto err;
+                    }
+                } else if (d2i(pp, &p, len) == NULL) {
+                    PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, ERR_R_ASN1_LIB);
+                    goto err;
+                }
+            } else {            /* encrypted RSA data */
+                if (!PEM_get_EVP_CIPHER_INFO(header, &xi->enc_cipher))
+                    goto err;
+                xi->enc_data = (char *)data;
+                xi->enc_len = (int)len;
+                data = NULL;
+            }
+        } else {
+            /* unknown */
+        }
+        OPENSSL_free(name);
+        name = NULL;
+        OPENSSL_free(header);
+        header = NULL;
+        OPENSSL_free(data);
+        data = NULL;
+    }
+
+    /*
+     * if the last one hasn't been pushed yet and there is anything in it
+     * then add it to the stack ...
+     */
+    if ((xi->x509 != NULL) || (xi->crl != NULL) ||
+        (xi->x_pkey != NULL) || (xi->enc_data != NULL)) {
+        if (!sk_X509_INFO_push(ret, xi))
+            goto err;
+        xi = NULL;
+    }
+    ok = 1;
+ err:
+    X509_INFO_free(xi);
+    if (!ok) {
+        for (i = 0; ((int)i) < sk_X509_INFO_num(ret); i++) {
+            xi = sk_X509_INFO_value(ret, i);
+            X509_INFO_free(xi);
+        }
+        if (ret != sk)
+            sk_X509_INFO_free(ret);
+        ret = NULL;
+    }
+
+    OPENSSL_free(name);
+    OPENSSL_free(header);
+    OPENSSL_free(data);
+    return ret;
+}
+
+/* A TJH addition */
+int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
+                            unsigned char *kstr, int klen,
+                            pem_password_cb *cb, void *u)
+{
+    int i, ret = 0;
+    unsigned char *data = NULL;
+    const char *objstr = NULL;
+    char buf[PEM_BUFSIZE];
+    unsigned char *iv = NULL;
+
+    if (enc != NULL) {
+        objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
+        if (objstr == NULL
+                   /*
+                    * Check "Proc-Type: 4,Encrypted\nDEK-Info: objstr,hex-iv\n"
+                    * fits into buf
+                    */
+                || (strlen(objstr) + 23 + 2 * EVP_CIPHER_iv_length(enc) + 13)
+                   > sizeof(buf)) {
+            PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER);
+            goto err;
+        }
+    }
+
+    /*
+     * now for the fun part ... if we have a private key then we have to be
+     * able to handle a not-yet-decrypted key being written out correctly ...
+     * if it is decrypted or it is non-encrypted then we use the base code
+     */
+    if (xi->x_pkey != NULL) {
+        if ((xi->enc_data != NULL) && (xi->enc_len > 0)) {
+            if (enc == NULL) {
+                PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO, PEM_R_CIPHER_IS_NULL);
+                goto err;
+            }
+
+            /* copy from weirdo names into more normal things */
+            iv = xi->enc_cipher.iv;
+            data = (unsigned char *)xi->enc_data;
+            i = xi->enc_len;
+
+            /*
+             * we take the encryption data from the internal stuff rather
+             * than what the user has passed us ... as we have to match
+             * exactly for some strange reason
+             */
+            objstr = OBJ_nid2sn(EVP_CIPHER_nid(xi->enc_cipher.cipher));
+            if (objstr == NULL) {
+                PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,
+                       PEM_R_UNSUPPORTED_CIPHER);
+                goto err;
+            }
+
+            /* Create the right magic header stuff */
+            buf[0] = '\0';
+            PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);
+            PEM_dek_info(buf, objstr, EVP_CIPHER_iv_length(enc),
+                         (char *)iv);
+
+            /* use the normal code to write things out */
+            i = PEM_write_bio(bp, PEM_STRING_RSA, buf, data, i);
+            if (i <= 0)
+                goto err;
+        } else {
+            /* Add DSA/DH */
+#ifndef OPENSSL_NO_RSA
+            /* normal optionally encrypted stuff */
+            if (PEM_write_bio_RSAPrivateKey(bp,
+                                            EVP_PKEY_get0_RSA(xi->x_pkey->dec_pkey),
+                                            enc, kstr, klen, cb, u) <= 0)
+                goto err;
+#endif
+        }
+    }
+
+    /* if we have a certificate then write it out now */
+    if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp, xi->x509) <= 0))
+        goto err;
+
+    /*
+     * we are ignoring anything else that is loaded into the X509_INFO
+     * structure for the moment ... as I don't need it so I'm not coding it
+     * here and Eric can do it when this makes it into the base library --tjh
+     */
+
+    ret = 1;
+
+ err:
+    OPENSSL_cleanse(buf, PEM_BUFSIZE);
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pem_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pem_lib.c
new file mode 100644
index 000000000..4bb86463f
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pem_lib.c
@@ -0,0 +1,988 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/ctype.h"
+#include <string.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/pkcs12.h>
+#include "internal/asn1_int.h"
+#include <openssl/des.h>
+#include <openssl/engine.h>
+
+#define MIN_LENGTH      4
+
+static int load_iv(char **fromp, unsigned char *to, int num);
+static int check_pem(const char *nm, const char *name);
+int pem_check_suffix(const char *pem_str, const char *suffix);
+
+int PEM_def_callback(char *buf, int num, int rwflag, void *userdata)
+{
+    int i, min_len;
+    const char *prompt;
+
+    /* We assume that the user passes a default password as userdata */
+    if (userdata) {
+        i = strlen(userdata);
+        i = (i > num) ? num : i;
+        memcpy(buf, userdata, i);
+        return i;
+    }
+
+    prompt = EVP_get_pw_prompt();
+    if (prompt == NULL)
+        prompt = "Enter PEM pass phrase:";
+
+    /*
+     * rwflag == 0 means decryption
+     * rwflag == 1 means encryption
+     *
+     * We assume that for encryption, we want a minimum length, while for
+     * decryption, we cannot know any minimum length, so we assume zero.
+     */
+    min_len = rwflag ? MIN_LENGTH : 0;
+
+    i = EVP_read_pw_string_min(buf, min_len, num, prompt, rwflag);
+    if (i != 0) {
+        PEMerr(PEM_F_PEM_DEF_CALLBACK, PEM_R_PROBLEMS_GETTING_PASSWORD);
+        memset(buf, 0, (unsigned int)num);
+        return -1;
+    }
+    return strlen(buf);
+}
+
+void PEM_proc_type(char *buf, int type)
+{
+    const char *str;
+    char *p = buf + strlen(buf);
+
+    if (type == PEM_TYPE_ENCRYPTED)
+        str = "ENCRYPTED";
+    else if (type == PEM_TYPE_MIC_CLEAR)
+        str = "MIC-CLEAR";
+    else if (type == PEM_TYPE_MIC_ONLY)
+        str = "MIC-ONLY";
+    else
+        str = "BAD-TYPE";
+
+    BIO_snprintf(p, PEM_BUFSIZE - (size_t)(p - buf), "Proc-Type: 4,%s\n", str);
+}
+
+void PEM_dek_info(char *buf, const char *type, int len, char *str)
+{
+    long i;
+    char *p = buf + strlen(buf);
+    int j = PEM_BUFSIZE - (size_t)(p - buf), n;
+
+    n = BIO_snprintf(p, j, "DEK-Info: %s,", type);
+    if (n > 0) {
+        j -= n;
+        p += n;
+        for (i = 0; i < len; i++) {
+            n = BIO_snprintf(p, j, "%02X", 0xff & str[i]);
+            if (n <= 0)
+                return;
+            j -= n;
+            p += n;
+        }
+        if (j > 1)
+            strcpy(p, "\n");
+    }
+}
+
+#ifndef OPENSSL_NO_STDIO
+void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,
+                    pem_password_cb *cb, void *u)
+{
+    BIO *b;
+    void *ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        PEMerr(PEM_F_PEM_ASN1_READ, ERR_R_BUF_LIB);
+        return 0;
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = PEM_ASN1_read_bio(d2i, name, b, x, cb, u);
+    BIO_free(b);
+    return ret;
+}
+#endif
+
+static int check_pem(const char *nm, const char *name)
+{
+    /* Normal matching nm and name */
+    if (strcmp(nm, name) == 0)
+        return 1;
+
+    /* Make PEM_STRING_EVP_PKEY match any private key */
+
+    if (strcmp(name, PEM_STRING_EVP_PKEY) == 0) {
+        int slen;
+        const EVP_PKEY_ASN1_METHOD *ameth;
+        if (strcmp(nm, PEM_STRING_PKCS8) == 0)
+            return 1;
+        if (strcmp(nm, PEM_STRING_PKCS8INF) == 0)
+            return 1;
+        slen = pem_check_suffix(nm, "PRIVATE KEY");
+        if (slen > 0) {
+            /*
+             * NB: ENGINE implementations won't contain a deprecated old
+             * private key decode function so don't look for them.
+             */
+            ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen);
+            if (ameth && ameth->old_priv_decode)
+                return 1;
+        }
+        return 0;
+    }
+
+    if (strcmp(name, PEM_STRING_PARAMETERS) == 0) {
+        int slen;
+        const EVP_PKEY_ASN1_METHOD *ameth;
+        slen = pem_check_suffix(nm, "PARAMETERS");
+        if (slen > 0) {
+            ENGINE *e;
+            ameth = EVP_PKEY_asn1_find_str(&e, nm, slen);
+            if (ameth) {
+                int r;
+                if (ameth->param_decode)
+                    r = 1;
+                else
+                    r = 0;
+#ifndef OPENSSL_NO_ENGINE
+                ENGINE_finish(e);
+#endif
+                return r;
+            }
+        }
+        return 0;
+    }
+    /* If reading DH parameters handle X9.42 DH format too */
+    if (strcmp(nm, PEM_STRING_DHXPARAMS) == 0
+        && strcmp(name, PEM_STRING_DHPARAMS) == 0)
+        return 1;
+
+    /* Permit older strings */
+
+    if (strcmp(nm, PEM_STRING_X509_OLD) == 0
+        && strcmp(name, PEM_STRING_X509) == 0)
+        return 1;
+
+    if (strcmp(nm, PEM_STRING_X509_REQ_OLD) == 0
+        && strcmp(name, PEM_STRING_X509_REQ) == 0)
+        return 1;
+
+    /* Allow normal certs to be read as trusted certs */
+    if (strcmp(nm, PEM_STRING_X509) == 0
+        && strcmp(name, PEM_STRING_X509_TRUSTED) == 0)
+        return 1;
+
+    if (strcmp(nm, PEM_STRING_X509_OLD) == 0
+        && strcmp(name, PEM_STRING_X509_TRUSTED) == 0)
+        return 1;
+
+    /* Some CAs use PKCS#7 with CERTIFICATE headers */
+    if (strcmp(nm, PEM_STRING_X509) == 0
+        && strcmp(name, PEM_STRING_PKCS7) == 0)
+        return 1;
+
+    if (strcmp(nm, PEM_STRING_PKCS7_SIGNED) == 0
+        && strcmp(name, PEM_STRING_PKCS7) == 0)
+        return 1;
+
+#ifndef OPENSSL_NO_CMS
+    if (strcmp(nm, PEM_STRING_X509) == 0
+        && strcmp(name, PEM_STRING_CMS) == 0)
+        return 1;
+    /* Allow CMS to be read from PKCS#7 headers */
+    if (strcmp(nm, PEM_STRING_PKCS7) == 0
+        && strcmp(name, PEM_STRING_CMS) == 0)
+        return 1;
+#endif
+
+    return 0;
+}
+
+static void pem_free(void *p, unsigned int flags, size_t num)
+{
+    if (flags & PEM_FLAG_SECURE)
+        OPENSSL_secure_clear_free(p, num);
+    else
+        OPENSSL_free(p);
+}
+
+static void *pem_malloc(int num, unsigned int flags)
+{
+    return (flags & PEM_FLAG_SECURE) ? OPENSSL_secure_malloc(num)
+                                     : OPENSSL_malloc(num);
+}
+
+static int pem_bytes_read_bio_flags(unsigned char **pdata, long *plen,
+                                    char **pnm, const char *name, BIO *bp,
+                                    pem_password_cb *cb, void *u,
+                                    unsigned int flags)
+{
+    EVP_CIPHER_INFO cipher;
+    char *nm = NULL, *header = NULL;
+    unsigned char *data = NULL;
+    long len = 0;
+    int ret = 0;
+
+    do {
+        pem_free(nm, flags, 0);
+        pem_free(header, flags, 0);
+        pem_free(data, flags, len);
+        if (!PEM_read_bio_ex(bp, &nm, &header, &data, &len, flags)) {
+            if (ERR_GET_REASON(ERR_peek_error()) == PEM_R_NO_START_LINE)
+                ERR_add_error_data(2, "Expecting: ", name);
+            return 0;
+        }
+    } while (!check_pem(nm, name));
+    if (!PEM_get_EVP_CIPHER_INFO(header, &cipher))
+        goto err;
+    if (!PEM_do_header(&cipher, data, &len, cb, u))
+        goto err;
+
+    *pdata = data;
+    *plen = len;
+
+    if (pnm != NULL)
+        *pnm = nm;
+
+    ret = 1;
+
+ err:
+    if (!ret || pnm == NULL)
+        pem_free(nm, flags, 0);
+    pem_free(header, flags, 0);
+    if (!ret)
+        pem_free(data, flags, len);
+    return ret;
+}
+
+int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm,
+                       const char *name, BIO *bp, pem_password_cb *cb,
+                       void *u) {
+    return pem_bytes_read_bio_flags(pdata, plen, pnm, name, bp, cb, u,
+                                    PEM_FLAG_EAY_COMPATIBLE);
+}
+
+int PEM_bytes_read_bio_secmem(unsigned char **pdata, long *plen, char **pnm,
+                              const char *name, BIO *bp, pem_password_cb *cb,
+                              void *u) {
+    return pem_bytes_read_bio_flags(pdata, plen, pnm, name, bp, cb, u,
+                                    PEM_FLAG_SECURE | PEM_FLAG_EAY_COMPATIBLE);
+}
+
+#ifndef OPENSSL_NO_STDIO
+int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
+                   void *x, const EVP_CIPHER *enc, unsigned char *kstr,
+                   int klen, pem_password_cb *callback, void *u)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        PEMerr(PEM_F_PEM_ASN1_WRITE, ERR_R_BUF_LIB);
+        return 0;
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = PEM_ASN1_write_bio(i2d, name, b, x, enc, kstr, klen, callback, u);
+    BIO_free(b);
+    return ret;
+}
+#endif
+
+int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
+                       void *x, const EVP_CIPHER *enc, unsigned char *kstr,
+                       int klen, pem_password_cb *callback, void *u)
+{
+    EVP_CIPHER_CTX *ctx = NULL;
+    int dsize = 0, i = 0, j = 0, ret = 0;
+    unsigned char *p, *data = NULL;
+    const char *objstr = NULL;
+    char buf[PEM_BUFSIZE];
+    unsigned char key[EVP_MAX_KEY_LENGTH];
+    unsigned char iv[EVP_MAX_IV_LENGTH];
+
+    if (enc != NULL) {
+        objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
+        if (objstr == NULL || EVP_CIPHER_iv_length(enc) == 0
+                || EVP_CIPHER_iv_length(enc) > (int)sizeof(iv)
+                   /*
+                    * Check "Proc-Type: 4,Encrypted\nDEK-Info: objstr,hex-iv\n"
+                    * fits into buf
+                    */
+                || (strlen(objstr) + 23 + 2 * EVP_CIPHER_iv_length(enc) + 13)
+                   > sizeof(buf)) {
+            PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER);
+            goto err;
+        }
+    }
+
+    if ((dsize = i2d(x, NULL)) < 0) {
+        PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, ERR_R_ASN1_LIB);
+        dsize = 0;
+        goto err;
+    }
+    /* dsize + 8 bytes are needed */
+    /* actually it needs the cipher block size extra... */
+    data = OPENSSL_malloc((unsigned int)dsize + 20);
+    if (data == NULL) {
+        PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    p = data;
+    i = i2d(x, &p);
+
+    if (enc != NULL) {
+        if (kstr == NULL) {
+            if (callback == NULL)
+                klen = PEM_def_callback(buf, PEM_BUFSIZE, 1, u);
+            else
+                klen = (*callback) (buf, PEM_BUFSIZE, 1, u);
+            if (klen <= 0) {
+                PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, PEM_R_READ_KEY);
+                goto err;
+            }
+#ifdef CHARSET_EBCDIC
+            /* Convert the pass phrase from EBCDIC */
+            ebcdic2ascii(buf, buf, klen);
+#endif
+            kstr = (unsigned char *)buf;
+        }
+        if (RAND_bytes(iv, EVP_CIPHER_iv_length(enc)) <= 0) /* Generate a salt */
+            goto err;
+        /*
+         * The 'iv' is used as the iv and as a salt.  It is NOT taken from
+         * the BytesToKey function
+         */
+        if (!EVP_BytesToKey(enc, EVP_md5(), iv, kstr, klen, 1, key, NULL))
+            goto err;
+
+        if (kstr == (unsigned char *)buf)
+            OPENSSL_cleanse(buf, PEM_BUFSIZE);
+
+        buf[0] = '\0';
+        PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);
+        PEM_dek_info(buf, objstr, EVP_CIPHER_iv_length(enc), (char *)iv);
+        /* k=strlen(buf); */
+
+        ret = 1;
+        if ((ctx = EVP_CIPHER_CTX_new()) == NULL
+            || !EVP_EncryptInit_ex(ctx, enc, NULL, key, iv)
+            || !EVP_EncryptUpdate(ctx, data, &j, data, i)
+            || !EVP_EncryptFinal_ex(ctx, &(data[j]), &i))
+            ret = 0;
+        if (ret == 0)
+            goto err;
+        i += j;
+    } else {
+        ret = 1;
+        buf[0] = '\0';
+    }
+    i = PEM_write_bio(bp, name, buf, data, i);
+    if (i <= 0)
+        ret = 0;
+ err:
+    OPENSSL_cleanse(key, sizeof(key));
+    OPENSSL_cleanse(iv, sizeof(iv));
+    EVP_CIPHER_CTX_free(ctx);
+    OPENSSL_cleanse(buf, PEM_BUFSIZE);
+    OPENSSL_clear_free(data, (unsigned int)dsize);
+    return ret;
+}
+
+int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
+                  pem_password_cb *callback, void *u)
+{
+    int ok;
+    int keylen;
+    long len = *plen;
+    int ilen = (int) len;       /* EVP_DecryptUpdate etc. take int lengths */
+    EVP_CIPHER_CTX *ctx;
+    unsigned char key[EVP_MAX_KEY_LENGTH];
+    char buf[PEM_BUFSIZE];
+
+#if LONG_MAX > INT_MAX
+    /* Check that we did not truncate the length */
+    if (len > INT_MAX) {
+        PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_HEADER_TOO_LONG);
+        return 0;
+    }
+#endif
+
+    if (cipher->cipher == NULL)
+        return 1;
+    if (callback == NULL)
+        keylen = PEM_def_callback(buf, PEM_BUFSIZE, 0, u);
+    else
+        keylen = callback(buf, PEM_BUFSIZE, 0, u);
+    if (keylen < 0) {
+        PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_PASSWORD_READ);
+        return 0;
+    }
+#ifdef CHARSET_EBCDIC
+    /* Convert the pass phrase from EBCDIC */
+    ebcdic2ascii(buf, buf, keylen);
+#endif
+
+    if (!EVP_BytesToKey(cipher->cipher, EVP_md5(), &(cipher->iv[0]),
+                        (unsigned char *)buf, keylen, 1, key, NULL))
+        return 0;
+
+    ctx = EVP_CIPHER_CTX_new();
+    if (ctx == NULL)
+        return 0;
+
+    ok = EVP_DecryptInit_ex(ctx, cipher->cipher, NULL, key, &(cipher->iv[0]));
+    if (ok)
+        ok = EVP_DecryptUpdate(ctx, data, &ilen, data, ilen);
+    if (ok) {
+        /* Squirrel away the length of data decrypted so far. */
+        *plen = ilen;
+        ok = EVP_DecryptFinal_ex(ctx, &(data[ilen]), &ilen);
+    }
+    if (ok)
+        *plen += ilen;
+    else
+        PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_DECRYPT);
+
+    EVP_CIPHER_CTX_free(ctx);
+    OPENSSL_cleanse((char *)buf, sizeof(buf));
+    OPENSSL_cleanse((char *)key, sizeof(key));
+    return ok;
+}
+
+/*
+ * This implements a very limited PEM header parser that does not support the
+ * full grammar of rfc1421.  In particular, folded headers are not supported,
+ * nor is additional whitespace.
+ *
+ * A robust implementation would make use of a library that turns the headers
+ * into a BIO from which one folded line is read at a time, and is then split
+ * into a header label and content.  We would then parse the content of the
+ * headers we care about.  This is overkill for just this limited use-case, but
+ * presumably we also parse rfc822-style headers for S/MIME, so a common
+ * abstraction might well be more generally useful.
+ */
+int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
+{
+    static const char ProcType[] = "Proc-Type:";
+    static const char ENCRYPTED[] = "ENCRYPTED";
+    static const char DEKInfo[] = "DEK-Info:";
+    const EVP_CIPHER *enc = NULL;
+    int ivlen;
+    char *dekinfostart, c;
+
+    cipher->cipher = NULL;
+    memset(cipher->iv, 0, sizeof(cipher->iv));
+    if ((header == NULL) || (*header == '\0') || (*header == '\n'))
+        return 1;
+
+    if (strncmp(header, ProcType, sizeof(ProcType)-1) != 0) {
+        PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_PROC_TYPE);
+        return 0;
+    }
+    header += sizeof(ProcType)-1;
+    header += strspn(header, " \t");
+
+    if (*header++ != '4' || *header++ != ',')
+        return 0;
+    header += strspn(header, " \t");
+
+    /* We expect "ENCRYPTED" followed by optional white-space + line break */
+    if (strncmp(header, ENCRYPTED, sizeof(ENCRYPTED)-1) != 0 ||
+        strspn(header+sizeof(ENCRYPTED)-1, " \t\r\n") == 0) {
+        PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_ENCRYPTED);
+        return 0;
+    }
+    header += sizeof(ENCRYPTED)-1;
+    header += strspn(header, " \t\r");
+    if (*header++ != '\n') {
+        PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_SHORT_HEADER);
+        return 0;
+    }
+
+    /*-
+     * https://tools.ietf.org/html/rfc1421#section-4.6.1.3
+     * We expect "DEK-Info: algo[,hex-parameters]"
+     */
+    if (strncmp(header, DEKInfo, sizeof(DEKInfo)-1) != 0) {
+        PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_DEK_INFO);
+        return 0;
+    }
+    header += sizeof(DEKInfo)-1;
+    header += strspn(header, " \t");
+
+    /*
+     * DEK-INFO is a comma-separated combination of algorithm name and optional
+     * parameters.
+     */
+    dekinfostart = header;
+    header += strcspn(header, " \t,");
+    c = *header;
+    *header = '\0';
+    cipher->cipher = enc = EVP_get_cipherbyname(dekinfostart);
+    *header = c;
+    header += strspn(header, " \t");
+
+    if (enc == NULL) {
+        PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_UNSUPPORTED_ENCRYPTION);
+        return 0;
+    }
+    ivlen = EVP_CIPHER_iv_length(enc);
+    if (ivlen > 0 && *header++ != ',') {
+        PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_MISSING_DEK_IV);
+        return 0;
+    } else if (ivlen == 0 && *header == ',') {
+        PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_UNEXPECTED_DEK_IV);
+        return 0;
+    }
+
+    if (!load_iv(&header, cipher->iv, EVP_CIPHER_iv_length(enc)))
+        return 0;
+
+    return 1;
+}
+
+static int load_iv(char **fromp, unsigned char *to, int num)
+{
+    int v, i;
+    char *from;
+
+    from = *fromp;
+    for (i = 0; i < num; i++)
+        to[i] = 0;
+    num *= 2;
+    for (i = 0; i < num; i++) {
+        v = OPENSSL_hexchar2int(*from);
+        if (v < 0) {
+            PEMerr(PEM_F_LOAD_IV, PEM_R_BAD_IV_CHARS);
+            return 0;
+        }
+        from++;
+        to[i / 2] |= v << (long)((!(i & 1)) * 4);
+    }
+
+    *fromp = from;
+    return 1;
+}
+
+#ifndef OPENSSL_NO_STDIO
+int PEM_write(FILE *fp, const char *name, const char *header,
+              const unsigned char *data, long len)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        PEMerr(PEM_F_PEM_WRITE, ERR_R_BUF_LIB);
+        return 0;
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = PEM_write_bio(b, name, header, data, len);
+    BIO_free(b);
+    return ret;
+}
+#endif
+
+int PEM_write_bio(BIO *bp, const char *name, const char *header,
+                  const unsigned char *data, long len)
+{
+    int nlen, n, i, j, outl;
+    unsigned char *buf = NULL;
+    EVP_ENCODE_CTX *ctx = EVP_ENCODE_CTX_new();
+    int reason = ERR_R_BUF_LIB;
+    int retval = 0;
+
+    if (ctx == NULL) {
+        reason = ERR_R_MALLOC_FAILURE;
+        goto err;
+    }
+
+    EVP_EncodeInit(ctx);
+    nlen = strlen(name);
+
+    if ((BIO_write(bp, "-----BEGIN ", 11) != 11) ||
+        (BIO_write(bp, name, nlen) != nlen) ||
+        (BIO_write(bp, "-----\n", 6) != 6))
+        goto err;
+
+    i = strlen(header);
+    if (i > 0) {
+        if ((BIO_write(bp, header, i) != i) || (BIO_write(bp, "\n", 1) != 1))
+            goto err;
+    }
+
+    buf = OPENSSL_malloc(PEM_BUFSIZE * 8);
+    if (buf == NULL) {
+        reason = ERR_R_MALLOC_FAILURE;
+        goto err;
+    }
+
+    i = j = 0;
+    while (len > 0) {
+        n = (int)((len > (PEM_BUFSIZE * 5)) ? (PEM_BUFSIZE * 5) : len);
+        if (!EVP_EncodeUpdate(ctx, buf, &outl, &(data[j]), n))
+            goto err;
+        if ((outl) && (BIO_write(bp, (char *)buf, outl) != outl))
+            goto err;
+        i += outl;
+        len -= n;
+        j += n;
+    }
+    EVP_EncodeFinal(ctx, buf, &outl);
+    if ((outl > 0) && (BIO_write(bp, (char *)buf, outl) != outl))
+        goto err;
+    if ((BIO_write(bp, "-----END ", 9) != 9) ||
+        (BIO_write(bp, name, nlen) != nlen) ||
+        (BIO_write(bp, "-----\n", 6) != 6))
+        goto err;
+    retval = i + outl;
+
+ err:
+    if (retval == 0)
+        PEMerr(PEM_F_PEM_WRITE_BIO, reason);
+    EVP_ENCODE_CTX_free(ctx);
+    OPENSSL_clear_free(buf, PEM_BUFSIZE * 8);
+    return retval;
+}
+
+#ifndef OPENSSL_NO_STDIO
+int PEM_read(FILE *fp, char **name, char **header, unsigned char **data,
+             long *len)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        PEMerr(PEM_F_PEM_READ, ERR_R_BUF_LIB);
+        return 0;
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = PEM_read_bio(b, name, header, data, len);
+    BIO_free(b);
+    return ret;
+}
+#endif
+
+/* Some helpers for PEM_read_bio_ex(). */
+static int sanitize_line(char *linebuf, int len, unsigned int flags)
+{
+    int i;
+
+    if (flags & PEM_FLAG_EAY_COMPATIBLE) {
+        /* Strip trailing whitespace */
+        while ((len >= 0) && (linebuf[len] <= ' '))
+            len--;
+        /* Go back to whitespace before applying uniform line ending. */
+        len++;
+    } else if (flags & PEM_FLAG_ONLY_B64) {
+        for (i = 0; i < len; ++i) {
+            if (!ossl_isbase64(linebuf[i]) || linebuf[i] == '\n'
+                || linebuf[i] == '\r')
+                break;
+        }
+        len = i;
+    } else {
+        /* EVP_DecodeBlock strips leading and trailing whitespace, so just strip
+         * control characters in-place and let everything through. */
+        for (i = 0; i < len; ++i) {
+            if (linebuf[i] == '\n' || linebuf[i] == '\r')
+                break;
+            if (ossl_iscntrl(linebuf[i]))
+                linebuf[i] = ' ';
+        }
+        len = i;
+    }
+    /* The caller allocated LINESIZE+1, so this is safe. */
+    linebuf[len++] = '\n';
+    linebuf[len] = '\0';
+    return len;
+}
+
+#define LINESIZE 255
+/* Note trailing spaces for begin and end. */
+static const char beginstr[] = "-----BEGIN ";
+static const char endstr[] = "-----END ";
+static const char tailstr[] = "-----\n";
+#define BEGINLEN ((int)(sizeof(beginstr) - 1))
+#define ENDLEN ((int)(sizeof(endstr) - 1))
+#define TAILLEN ((int)(sizeof(tailstr) - 1))
+static int get_name(BIO *bp, char **name, unsigned int flags)
+{
+    char *linebuf;
+    int ret = 0;
+    int len;
+
+    /*
+     * Need to hold trailing NUL (accounted for by BIO_gets() and the newline
+     * that will be added by sanitize_line() (the extra '1').
+     */
+    linebuf = pem_malloc(LINESIZE + 1, flags);
+    if (linebuf == NULL) {
+        PEMerr(PEM_F_GET_NAME, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    do {
+        len = BIO_gets(bp, linebuf, LINESIZE);
+
+        if (len <= 0) {
+            PEMerr(PEM_F_GET_NAME, PEM_R_NO_START_LINE);
+            goto err;
+        }
+
+        /* Strip trailing garbage and standardize ending. */
+        len = sanitize_line(linebuf, len, flags & ~PEM_FLAG_ONLY_B64);
+
+        /* Allow leading empty or non-matching lines. */
+    } while (strncmp(linebuf, beginstr, BEGINLEN) != 0
+             || len < TAILLEN
+             || strncmp(linebuf + len - TAILLEN, tailstr, TAILLEN) != 0);
+    linebuf[len - TAILLEN] = '\0';
+    len = len - BEGINLEN - TAILLEN + 1;
+    *name = pem_malloc(len, flags);
+    if (*name == NULL) {
+        PEMerr(PEM_F_GET_NAME, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    memcpy(*name, linebuf + BEGINLEN, len);
+    ret = 1;
+
+err:
+    pem_free(linebuf, flags, LINESIZE + 1);
+    return ret;
+}
+
+/* Keep track of how much of a header we've seen. */
+enum header_status {
+    MAYBE_HEADER,
+    IN_HEADER,
+    POST_HEADER
+};
+
+/**
+ * Extract the optional PEM header, with details on the type of content and
+ * any encryption used on the contents, and the bulk of the data from the bio.
+ * The end of the header is marked by a blank line; if the end-of-input marker
+ * is reached prior to a blank line, there is no header.
+ *
+ * The header and data arguments are BIO** since we may have to swap them
+ * if there is no header, for efficiency.
+ *
+ * We need the name of the PEM-encoded type to verify the end string.
+ */
+static int get_header_and_data(BIO *bp, BIO **header, BIO **data, char *name,
+                               unsigned int flags)
+{
+    BIO *tmp = *header;
+    char *linebuf, *p;
+    int len, line, ret = 0, end = 0;
+    /* 0 if not seen (yet), 1 if reading header, 2 if finished header */
+    enum header_status got_header = MAYBE_HEADER;
+    unsigned int flags_mask;
+    size_t namelen;
+
+    /* Need to hold trailing NUL (accounted for by BIO_gets() and the newline
+     * that will be added by sanitize_line() (the extra '1'). */
+    linebuf = pem_malloc(LINESIZE + 1, flags);
+    if (linebuf == NULL) {
+        PEMerr(PEM_F_GET_HEADER_AND_DATA, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    for (line = 0; ; line++) {
+        flags_mask = ~0u;
+        len = BIO_gets(bp, linebuf, LINESIZE);
+        if (len <= 0) {
+            PEMerr(PEM_F_GET_HEADER_AND_DATA, PEM_R_SHORT_HEADER);
+            goto err;
+        }
+
+        if (got_header == MAYBE_HEADER) {
+            if (memchr(linebuf, ':', len) != NULL)
+                got_header = IN_HEADER;
+        }
+        if (!strncmp(linebuf, endstr, ENDLEN) || got_header == IN_HEADER)
+            flags_mask &= ~PEM_FLAG_ONLY_B64;
+        len = sanitize_line(linebuf, len, flags & flags_mask);
+
+        /* Check for end of header. */
+        if (linebuf[0] == '\n') {
+            if (got_header == POST_HEADER) {
+                /* Another blank line is an error. */
+                PEMerr(PEM_F_GET_HEADER_AND_DATA, PEM_R_BAD_END_LINE);
+                goto err;
+            }
+            got_header = POST_HEADER;
+            tmp = *data;
+            continue;
+        }
+
+        /* Check for end of stream (which means there is no header). */
+        if (strncmp(linebuf, endstr, ENDLEN) == 0) {
+            p = linebuf + ENDLEN;
+            namelen = strlen(name);
+            if (strncmp(p, name, namelen) != 0 ||
+                strncmp(p + namelen, tailstr, TAILLEN) != 0) {
+                PEMerr(PEM_F_GET_HEADER_AND_DATA, PEM_R_BAD_END_LINE);
+                goto err;
+            }
+            if (got_header == MAYBE_HEADER) {
+                *header = *data;
+                *data = tmp;
+            }
+            break;
+        } else if (end) {
+            /* Malformed input; short line not at end of data. */
+            PEMerr(PEM_F_GET_HEADER_AND_DATA, PEM_R_BAD_END_LINE);
+            goto err;
+        }
+        /*
+         * Else, a line of text -- could be header or data; we don't
+         * know yet.  Just pass it through.
+         */
+        if (BIO_puts(tmp, linebuf) < 0)
+            goto err;
+        /*
+         * Only encrypted files need the line length check applied.
+         */
+        if (got_header == POST_HEADER) {
+            /* 65 includes the trailing newline */
+            if (len > 65)
+                goto err;
+            if (len < 65)
+                end = 1;
+        }
+    }
+
+    ret = 1;
+err:
+    pem_free(linebuf, flags, LINESIZE + 1);
+    return ret;
+}
+
+/**
+ * Read in PEM-formatted data from the given BIO.
+ *
+ * By nature of the PEM format, all content must be printable ASCII (except
+ * for line endings).  Other characters are malformed input and will be rejected.
+ */
+int PEM_read_bio_ex(BIO *bp, char **name_out, char **header,
+                    unsigned char **data, long *len_out, unsigned int flags)
+{
+    EVP_ENCODE_CTX *ctx = EVP_ENCODE_CTX_new();
+    const BIO_METHOD *bmeth;
+    BIO *headerB = NULL, *dataB = NULL;
+    char *name = NULL;
+    int len, taillen, headerlen, ret = 0;
+    BUF_MEM * buf_mem;
+
+    if (ctx == NULL) {
+        PEMerr(PEM_F_PEM_READ_BIO_EX, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    *len_out = 0;
+    *name_out = *header = NULL;
+    *data = NULL;
+    if ((flags & PEM_FLAG_EAY_COMPATIBLE) && (flags & PEM_FLAG_ONLY_B64)) {
+        /* These two are mutually incompatible; bail out. */
+        PEMerr(PEM_F_PEM_READ_BIO_EX, ERR_R_PASSED_INVALID_ARGUMENT);
+        goto end;
+    }
+    bmeth = (flags & PEM_FLAG_SECURE) ? BIO_s_secmem() : BIO_s_mem();
+
+    headerB = BIO_new(bmeth);
+    dataB = BIO_new(bmeth);
+    if (headerB == NULL || dataB == NULL) {
+        PEMerr(PEM_F_PEM_READ_BIO_EX, ERR_R_MALLOC_FAILURE);
+        goto end;
+    }
+
+    if (!get_name(bp, &name, flags))
+        goto end;
+    if (!get_header_and_data(bp, &headerB, &dataB, name, flags))
+        goto end;
+
+    EVP_DecodeInit(ctx);
+    BIO_get_mem_ptr(dataB, &buf_mem);
+    len = buf_mem->length;
+    if (EVP_DecodeUpdate(ctx, (unsigned char*)buf_mem->data, &len,
+                         (unsigned char*)buf_mem->data, len) < 0
+            || EVP_DecodeFinal(ctx, (unsigned char*)&(buf_mem->data[len]),
+                               &taillen) < 0) {
+        PEMerr(PEM_F_PEM_READ_BIO_EX, PEM_R_BAD_BASE64_DECODE);
+        goto end;
+    }
+    len += taillen;
+    buf_mem->length = len;
+
+    /* There was no data in the PEM file; avoid malloc(0). */
+    if (len == 0)
+        goto end;
+    headerlen = BIO_get_mem_data(headerB, NULL);
+    *header = pem_malloc(headerlen + 1, flags);
+    *data = pem_malloc(len, flags);
+    if (*header == NULL || *data == NULL) {
+        pem_free(*header, flags, 0);
+        pem_free(*data, flags, 0);
+        goto end;
+    }
+    BIO_read(headerB, *header, headerlen);
+    (*header)[headerlen] = '\0';
+    BIO_read(dataB, *data, len);
+    *len_out = len;
+    *name_out = name;
+    name = NULL;
+    ret = 1;
+
+end:
+    EVP_ENCODE_CTX_free(ctx);
+    pem_free(name, flags, 0);
+    BIO_free(headerB);
+    BIO_free(dataB);
+    return ret;
+}
+
+int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
+                 long *len)
+{
+    return PEM_read_bio_ex(bp, name, header, data, len, PEM_FLAG_EAY_COMPATIBLE);
+}
+
+/*
+ * Check pem string and return prefix length. If for example the pem_str ==
+ * "RSA PRIVATE KEY" and suffix = "PRIVATE KEY" the return value is 3 for the
+ * string "RSA".
+ */
+
+int pem_check_suffix(const char *pem_str, const char *suffix)
+{
+    int pem_len = strlen(pem_str);
+    int suffix_len = strlen(suffix);
+    const char *p;
+    if (suffix_len + 1 >= pem_len)
+        return 0;
+    p = pem_str + pem_len - suffix_len;
+    if (strcmp(p, suffix))
+        return 0;
+    p--;
+    if (*p != ' ')
+        return 0;
+    return p - pem_str;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pem_oth.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pem_oth.c
new file mode 100644
index 000000000..566205331
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pem_oth.c
@@ -0,0 +1,36 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+
+/* Handle 'other' PEMs: not private keys */
+
+void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x,
+                        pem_password_cb *cb, void *u)
+{
+    const unsigned char *p = NULL;
+    unsigned char *data = NULL;
+    long len;
+    char *ret = NULL;
+
+    if (!PEM_bytes_read_bio(&data, &len, NULL, name, bp, cb, u))
+        return NULL;
+    p = data;
+    ret = d2i(x, &p, len);
+    if (ret == NULL)
+        PEMerr(PEM_F_PEM_ASN1_READ_BIO, ERR_R_ASN1_LIB);
+    OPENSSL_free(data);
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pem_pk8.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pem_pk8.c
new file mode 100644
index 000000000..ab6c4c6bd
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pem_pk8.c
@@ -0,0 +1,214 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs12.h>
+#include <openssl/pem.h>
+
+static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder,
+                      int nid, const EVP_CIPHER *enc,
+                      char *kstr, int klen, pem_password_cb *cb, void *u);
+
+#ifndef OPENSSL_NO_STDIO
+static int do_pk8pkey_fp(FILE *bp, EVP_PKEY *x, int isder,
+                         int nid, const EVP_CIPHER *enc,
+                         char *kstr, int klen, pem_password_cb *cb, void *u);
+#endif
+/*
+ * These functions write a private key in PKCS#8 format: it is a "drop in"
+ * replacement for PEM_write_bio_PrivateKey() and friends. As usual if 'enc'
+ * is NULL then it uses the unencrypted private key form. The 'nid' versions
+ * uses PKCS#5 v1.5 PBE algorithms whereas the others use PKCS#5 v2.0.
+ */
+
+int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
+                                      char *kstr, int klen,
+                                      pem_password_cb *cb, void *u)
+{
+    return do_pk8pkey(bp, x, 0, nid, NULL, kstr, klen, cb, u);
+}
+
+int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                                  char *kstr, int klen,
+                                  pem_password_cb *cb, void *u)
+{
+    return do_pk8pkey(bp, x, 0, -1, enc, kstr, klen, cb, u);
+}
+
+int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                            char *kstr, int klen,
+                            pem_password_cb *cb, void *u)
+{
+    return do_pk8pkey(bp, x, 1, -1, enc, kstr, klen, cb, u);
+}
+
+int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
+                                char *kstr, int klen,
+                                pem_password_cb *cb, void *u)
+{
+    return do_pk8pkey(bp, x, 1, nid, NULL, kstr, klen, cb, u);
+}
+
+static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid,
+                      const EVP_CIPHER *enc, char *kstr, int klen,
+                      pem_password_cb *cb, void *u)
+{
+    X509_SIG *p8;
+    PKCS8_PRIV_KEY_INFO *p8inf;
+    char buf[PEM_BUFSIZE];
+    int ret;
+
+    if ((p8inf = EVP_PKEY2PKCS8(x)) == NULL) {
+        PEMerr(PEM_F_DO_PK8PKEY, PEM_R_ERROR_CONVERTING_PRIVATE_KEY);
+        return 0;
+    }
+    if (enc || (nid != -1)) {
+        if (!kstr) {
+            if (!cb)
+                klen = PEM_def_callback(buf, PEM_BUFSIZE, 1, u);
+            else
+                klen = cb(buf, PEM_BUFSIZE, 1, u);
+            if (klen <= 0) {
+                PEMerr(PEM_F_DO_PK8PKEY, PEM_R_READ_KEY);
+                PKCS8_PRIV_KEY_INFO_free(p8inf);
+                return 0;
+            }
+
+            kstr = buf;
+        }
+        p8 = PKCS8_encrypt(nid, enc, kstr, klen, NULL, 0, 0, p8inf);
+        if (kstr == buf)
+            OPENSSL_cleanse(buf, klen);
+        PKCS8_PRIV_KEY_INFO_free(p8inf);
+        if (p8 == NULL)
+            return 0;
+        if (isder)
+            ret = i2d_PKCS8_bio(bp, p8);
+        else
+            ret = PEM_write_bio_PKCS8(bp, p8);
+        X509_SIG_free(p8);
+        return ret;
+    } else {
+        if (isder)
+            ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
+        else
+            ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(bp, p8inf);
+        PKCS8_PRIV_KEY_INFO_free(p8inf);
+        return ret;
+    }
+}
+
+EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
+                                  void *u)
+{
+    PKCS8_PRIV_KEY_INFO *p8inf = NULL;
+    X509_SIG *p8 = NULL;
+    int klen;
+    EVP_PKEY *ret;
+    char psbuf[PEM_BUFSIZE];
+    p8 = d2i_PKCS8_bio(bp, NULL);
+    if (!p8)
+        return NULL;
+    if (cb)
+        klen = cb(psbuf, PEM_BUFSIZE, 0, u);
+    else
+        klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
+    if (klen < 0) {
+        PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ);
+        X509_SIG_free(p8);
+        return NULL;
+    }
+    p8inf = PKCS8_decrypt(p8, psbuf, klen);
+    X509_SIG_free(p8);
+    OPENSSL_cleanse(psbuf, klen);
+    if (!p8inf)
+        return NULL;
+    ret = EVP_PKCS82PKEY(p8inf);
+    PKCS8_PRIV_KEY_INFO_free(p8inf);
+    if (!ret)
+        return NULL;
+    if (x) {
+        EVP_PKEY_free(*x);
+        *x = ret;
+    }
+    return ret;
+}
+
+#ifndef OPENSSL_NO_STDIO
+
+int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                           char *kstr, int klen, pem_password_cb *cb, void *u)
+{
+    return do_pk8pkey_fp(fp, x, 1, -1, enc, kstr, klen, cb, u);
+}
+
+int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid,
+                               char *kstr, int klen,
+                               pem_password_cb *cb, void *u)
+{
+    return do_pk8pkey_fp(fp, x, 1, nid, NULL, kstr, klen, cb, u);
+}
+
+int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid,
+                                  char *kstr, int klen,
+                                  pem_password_cb *cb, void *u)
+{
+    return do_pk8pkey_fp(fp, x, 0, nid, NULL, kstr, klen, cb, u);
+}
+
+int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                              char *kstr, int klen, pem_password_cb *cb,
+                              void *u)
+{
+    return do_pk8pkey_fp(fp, x, 0, -1, enc, kstr, klen, cb, u);
+}
+
+static int do_pk8pkey_fp(FILE *fp, EVP_PKEY *x, int isder, int nid,
+                         const EVP_CIPHER *enc, char *kstr, int klen,
+                         pem_password_cb *cb, void *u)
+{
+    BIO *bp;
+    int ret;
+
+    if ((bp = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) {
+        PEMerr(PEM_F_DO_PK8PKEY_FP, ERR_R_BUF_LIB);
+        return 0;
+    }
+    ret = do_pk8pkey(bp, x, isder, nid, enc, kstr, klen, cb, u);
+    BIO_free(bp);
+    return ret;
+}
+
+EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb,
+                                 void *u)
+{
+    BIO *bp;
+    EVP_PKEY *ret;
+
+    if ((bp = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) {
+        PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_FP, ERR_R_BUF_LIB);
+        return NULL;
+    }
+    ret = d2i_PKCS8PrivateKey_bio(bp, x, cb, u);
+    BIO_free(bp);
+    return ret;
+}
+
+#endif
+
+IMPLEMENT_PEM_rw(PKCS8, X509_SIG, PEM_STRING_PKCS8, X509_SIG)
+
+
+IMPLEMENT_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO, PEM_STRING_PKCS8INF,
+             PKCS8_PRIV_KEY_INFO)
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pem_pkey.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pem_pkey.c
new file mode 100644
index 000000000..aa032d2b1
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pem_pkey.c
@@ -0,0 +1,245 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs12.h>
+#include <openssl/pem.h>
+#include <openssl/engine.h>
+#include <openssl/dh.h>
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
+
+int pem_check_suffix(const char *pem_str, const char *suffix);
+
+EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
+                                  void *u)
+{
+    char *nm = NULL;
+    const unsigned char *p = NULL;
+    unsigned char *data = NULL;
+    long len;
+    int slen;
+    EVP_PKEY *ret = NULL;
+
+    if (!PEM_bytes_read_bio_secmem(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp,
+                                   cb, u))
+        return NULL;
+    p = data;
+
+    if (strcmp(nm, PEM_STRING_PKCS8INF) == 0) {
+        PKCS8_PRIV_KEY_INFO *p8inf;
+        p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len);
+        if (!p8inf)
+            goto p8err;
+        ret = EVP_PKCS82PKEY(p8inf);
+        if (x) {
+            EVP_PKEY_free((EVP_PKEY *)*x);
+            *x = ret;
+        }
+        PKCS8_PRIV_KEY_INFO_free(p8inf);
+    } else if (strcmp(nm, PEM_STRING_PKCS8) == 0) {
+        PKCS8_PRIV_KEY_INFO *p8inf;
+        X509_SIG *p8;
+        int klen;
+        char psbuf[PEM_BUFSIZE];
+        p8 = d2i_X509_SIG(NULL, &p, len);
+        if (!p8)
+            goto p8err;
+        if (cb)
+            klen = cb(psbuf, PEM_BUFSIZE, 0, u);
+        else
+            klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
+        if (klen < 0) {
+            PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, PEM_R_BAD_PASSWORD_READ);
+            X509_SIG_free(p8);
+            goto err;
+        }
+        p8inf = PKCS8_decrypt(p8, psbuf, klen);
+        X509_SIG_free(p8);
+        OPENSSL_cleanse(psbuf, klen);
+        if (!p8inf)
+            goto p8err;
+        ret = EVP_PKCS82PKEY(p8inf);
+        if (x) {
+            EVP_PKEY_free((EVP_PKEY *)*x);
+            *x = ret;
+        }
+        PKCS8_PRIV_KEY_INFO_free(p8inf);
+    } else if ((slen = pem_check_suffix(nm, "PRIVATE KEY")) > 0) {
+        const EVP_PKEY_ASN1_METHOD *ameth;
+        ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen);
+        if (!ameth || !ameth->old_priv_decode)
+            goto p8err;
+        ret = d2i_PrivateKey(ameth->pkey_id, x, &p, len);
+    }
+ p8err:
+    if (ret == NULL)
+        PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, ERR_R_ASN1_LIB);
+ err:
+    OPENSSL_secure_free(nm);
+    OPENSSL_secure_clear_free(data, len);
+    return ret;
+}
+
+int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                             unsigned char *kstr, int klen,
+                             pem_password_cb *cb, void *u)
+{
+    if (x->ameth == NULL || x->ameth->priv_encode != NULL)
+        return PEM_write_bio_PKCS8PrivateKey(bp, x, enc,
+                                             (char *)kstr, klen, cb, u);
+    return PEM_write_bio_PrivateKey_traditional(bp, x, enc, kstr, klen, cb, u);
+}
+
+int PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x,
+                                         const EVP_CIPHER *enc,
+                                         unsigned char *kstr, int klen,
+                                         pem_password_cb *cb, void *u)
+{
+    char pem_str[80];
+    BIO_snprintf(pem_str, 80, "%s PRIVATE KEY", x->ameth->pem_str);
+    return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey,
+                              pem_str, bp, x, enc, kstr, klen, cb, u);
+}
+
+EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x)
+{
+    char *nm = NULL;
+    const unsigned char *p = NULL;
+    unsigned char *data = NULL;
+    long len;
+    int slen;
+    EVP_PKEY *ret = NULL;
+
+    if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_PARAMETERS,
+                            bp, 0, NULL))
+        return NULL;
+    p = data;
+
+    if ((slen = pem_check_suffix(nm, "PARAMETERS")) > 0) {
+        ret = EVP_PKEY_new();
+        if (ret == NULL)
+            goto err;
+        if (!EVP_PKEY_set_type_str(ret, nm, slen)
+            || !ret->ameth->param_decode
+            || !ret->ameth->param_decode(ret, &p, len)) {
+            EVP_PKEY_free(ret);
+            ret = NULL;
+            goto err;
+        }
+        if (x) {
+            EVP_PKEY_free((EVP_PKEY *)*x);
+            *x = ret;
+        }
+    }
+ err:
+    if (ret == NULL)
+        PEMerr(PEM_F_PEM_READ_BIO_PARAMETERS, ERR_R_ASN1_LIB);
+    OPENSSL_free(nm);
+    OPENSSL_free(data);
+    return ret;
+}
+
+int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x)
+{
+    char pem_str[80];
+    if (!x->ameth || !x->ameth->param_encode)
+        return 0;
+
+    BIO_snprintf(pem_str, 80, "%s PARAMETERS", x->ameth->pem_str);
+    return PEM_ASN1_write_bio((i2d_of_void *)x->ameth->param_encode,
+                              pem_str, bp, x, NULL, NULL, 0, 0, NULL);
+}
+
+#ifndef OPENSSL_NO_STDIO
+EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb,
+                              void *u)
+{
+    BIO *b;
+    EVP_PKEY *ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        PEMerr(PEM_F_PEM_READ_PRIVATEKEY, ERR_R_BUF_LIB);
+        return 0;
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = PEM_read_bio_PrivateKey(b, x, cb, u);
+    BIO_free(b);
+    return ret;
+}
+
+int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                         unsigned char *kstr, int klen,
+                         pem_password_cb *cb, void *u)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) {
+        PEMerr(PEM_F_PEM_WRITE_PRIVATEKEY, ERR_R_BUF_LIB);
+        return 0;
+    }
+    ret = PEM_write_bio_PrivateKey(b, x, enc, kstr, klen, cb, u);
+    BIO_free(b);
+    return ret;
+}
+
+#endif
+
+#ifndef OPENSSL_NO_DH
+
+/* Transparently read in PKCS#3 or X9.42 DH parameters */
+
+DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u)
+{
+    char *nm = NULL;
+    const unsigned char *p = NULL;
+    unsigned char *data = NULL;
+    long len;
+    DH *ret = NULL;
+
+    if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_DHPARAMS, bp, cb, u))
+        return NULL;
+    p = data;
+
+    if (strcmp(nm, PEM_STRING_DHXPARAMS) == 0)
+        ret = d2i_DHxparams(x, &p, len);
+    else
+        ret = d2i_DHparams(x, &p, len);
+
+    if (ret == NULL)
+        PEMerr(PEM_F_PEM_READ_BIO_DHPARAMS, ERR_R_ASN1_LIB);
+    OPENSSL_free(nm);
+    OPENSSL_free(data);
+    return ret;
+}
+
+# ifndef OPENSSL_NO_STDIO
+DH *PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u)
+{
+    BIO *b;
+    DH *ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        PEMerr(PEM_F_PEM_READ_DHPARAMS, ERR_R_BUF_LIB);
+        return 0;
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = PEM_read_bio_DHparams(b, x, cb, u);
+    BIO_free(b);
+    return ret;
+}
+# endif
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pem_sign.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pem_sign.c
new file mode 100644
index 000000000..9662eb14d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pem_sign.c
@@ -0,0 +1,50 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+
+int PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type)
+{
+    return EVP_DigestInit_ex(ctx, type, NULL);
+}
+
+int PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data, unsigned int count)
+{
+    return EVP_DigestUpdate(ctx, data, count);
+}
+
+int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
+                  unsigned int *siglen, EVP_PKEY *pkey)
+{
+    unsigned char *m;
+    int i, ret = 0;
+    unsigned int m_len;
+
+    m = OPENSSL_malloc(EVP_PKEY_size(pkey) + 2);
+    if (m == NULL) {
+        PEMerr(PEM_F_PEM_SIGNFINAL, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (EVP_SignFinal(ctx, m, &m_len, pkey) <= 0)
+        goto err;
+
+    i = EVP_EncodeBlock(sigret, m, m_len);
+    *siglen = i;
+    ret = 1;
+ err:
+    /* ctx has been zeroed by EVP_SignFinal() */
+    OPENSSL_free(m);
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pem_x509.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pem_x509.c
new file mode 100644
index 000000000..3a997564a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pem_x509.c
@@ -0,0 +1,18 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pem.h>
+
+IMPLEMENT_PEM_rw(X509, X509, PEM_STRING_X509, X509)
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pem_xaux.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pem_xaux.c
new file mode 100644
index 000000000..6d7e1db21
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pem_xaux.c
@@ -0,0 +1,18 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pem.h>
+
+IMPLEMENT_PEM_rw(X509_AUX, X509, PEM_STRING_X509_TRUSTED, X509_AUX)
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pvkfmt.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pvkfmt.c
new file mode 100644
index 000000000..e39c24381
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pvkfmt.c
@@ -0,0 +1,883 @@
+/*
+ * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Support for PVK format keys and related structures (such a PUBLICKEYBLOB
+ * and PRIVATEKEYBLOB).
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/pem.h>
+#include <openssl/rand.h>
+#include <openssl/bn.h>
+#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
+# include <openssl/dsa.h>
+# include <openssl/rsa.h>
+
+/*
+ * Utility function: read a DWORD (4 byte unsigned integer) in little endian
+ * format
+ */
+
+static unsigned int read_ledword(const unsigned char **in)
+{
+    const unsigned char *p = *in;
+    unsigned int ret;
+    ret = *p++;
+    ret |= (*p++ << 8);
+    ret |= (*p++ << 16);
+    ret |= (*p++ << 24);
+    *in = p;
+    return ret;
+}
+
+/*
+ * Read a BIGNUM in little endian format. The docs say that this should take
+ * up bitlen/8 bytes.
+ */
+
+static int read_lebn(const unsigned char **in, unsigned int nbyte, BIGNUM **r)
+{
+    *r = BN_lebin2bn(*in, nbyte, NULL);
+    if (*r == NULL)
+        return 0;
+    *in += nbyte;
+    return 1;
+}
+
+/* Convert private key blob to EVP_PKEY: RSA and DSA keys supported */
+
+# define MS_PUBLICKEYBLOB        0x6
+# define MS_PRIVATEKEYBLOB       0x7
+# define MS_RSA1MAGIC            0x31415352L
+# define MS_RSA2MAGIC            0x32415352L
+# define MS_DSS1MAGIC            0x31535344L
+# define MS_DSS2MAGIC            0x32535344L
+
+# define MS_KEYALG_RSA_KEYX      0xa400
+# define MS_KEYALG_DSS_SIGN      0x2200
+
+# define MS_KEYTYPE_KEYX         0x1
+# define MS_KEYTYPE_SIGN         0x2
+
+/* Maximum length of a blob after header */
+# define BLOB_MAX_LENGTH          102400
+
+/* The PVK file magic number: seems to spell out "bobsfile", who is Bob? */
+# define MS_PVKMAGIC             0xb0b5f11eL
+/* Salt length for PVK files */
+# define PVK_SALTLEN             0x10
+/* Maximum length in PVK header */
+# define PVK_MAX_KEYLEN          102400
+/* Maximum salt length */
+# define PVK_MAX_SALTLEN         10240
+
+static EVP_PKEY *b2i_rsa(const unsigned char **in,
+                         unsigned int bitlen, int ispub);
+static EVP_PKEY *b2i_dss(const unsigned char **in,
+                         unsigned int bitlen, int ispub);
+
+static int do_blob_header(const unsigned char **in, unsigned int length,
+                          unsigned int *pmagic, unsigned int *pbitlen,
+                          int *pisdss, int *pispub)
+{
+    const unsigned char *p = *in;
+    if (length < 16)
+        return 0;
+    /* bType */
+    if (*p == MS_PUBLICKEYBLOB) {
+        if (*pispub == 0) {
+            PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_EXPECTING_PRIVATE_KEY_BLOB);
+            return 0;
+        }
+        *pispub = 1;
+    } else if (*p == MS_PRIVATEKEYBLOB) {
+        if (*pispub == 1) {
+            PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_EXPECTING_PUBLIC_KEY_BLOB);
+            return 0;
+        }
+        *pispub = 0;
+    } else
+        return 0;
+    p++;
+    /* Version */
+    if (*p++ != 0x2) {
+        PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_BAD_VERSION_NUMBER);
+        return 0;
+    }
+    /* Ignore reserved, aiKeyAlg */
+    p += 6;
+    *pmagic = read_ledword(&p);
+    *pbitlen = read_ledword(&p);
+    *pisdss = 0;
+    switch (*pmagic) {
+
+    case MS_DSS1MAGIC:
+        *pisdss = 1;
+        /* fall thru */
+    case MS_RSA1MAGIC:
+        if (*pispub == 0) {
+            PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_EXPECTING_PRIVATE_KEY_BLOB);
+            return 0;
+        }
+        break;
+
+    case MS_DSS2MAGIC:
+        *pisdss = 1;
+        /* fall thru */
+    case MS_RSA2MAGIC:
+        if (*pispub == 1) {
+            PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_EXPECTING_PUBLIC_KEY_BLOB);
+            return 0;
+        }
+        break;
+
+    default:
+        PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_BAD_MAGIC_NUMBER);
+        return -1;
+    }
+    *in = p;
+    return 1;
+}
+
+static unsigned int blob_length(unsigned bitlen, int isdss, int ispub)
+{
+    unsigned int nbyte, hnbyte;
+    nbyte = (bitlen + 7) >> 3;
+    hnbyte = (bitlen + 15) >> 4;
+    if (isdss) {
+
+        /*
+         * Expected length: 20 for q + 3 components bitlen each + 24 for seed
+         * structure.
+         */
+        if (ispub)
+            return 44 + 3 * nbyte;
+        /*
+         * Expected length: 20 for q, priv, 2 bitlen components + 24 for seed
+         * structure.
+         */
+        else
+            return 64 + 2 * nbyte;
+    } else {
+        /* Expected length: 4 for 'e' + 'n' */
+        if (ispub)
+            return 4 + nbyte;
+        else
+            /*
+             * Expected length: 4 for 'e' and 7 other components. 2
+             * components are bitlen size, 5 are bitlen/2
+             */
+            return 4 + 2 * nbyte + 5 * hnbyte;
+    }
+
+}
+
+static EVP_PKEY *do_b2i(const unsigned char **in, unsigned int length,
+                        int ispub)
+{
+    const unsigned char *p = *in;
+    unsigned int bitlen, magic;
+    int isdss;
+    if (do_blob_header(&p, length, &magic, &bitlen, &isdss, &ispub) <= 0) {
+        PEMerr(PEM_F_DO_B2I, PEM_R_KEYBLOB_HEADER_PARSE_ERROR);
+        return NULL;
+    }
+    length -= 16;
+    if (length < blob_length(bitlen, isdss, ispub)) {
+        PEMerr(PEM_F_DO_B2I, PEM_R_KEYBLOB_TOO_SHORT);
+        return NULL;
+    }
+    if (isdss)
+        return b2i_dss(&p, bitlen, ispub);
+    else
+        return b2i_rsa(&p, bitlen, ispub);
+}
+
+static EVP_PKEY *do_b2i_bio(BIO *in, int ispub)
+{
+    const unsigned char *p;
+    unsigned char hdr_buf[16], *buf = NULL;
+    unsigned int bitlen, magic, length;
+    int isdss;
+    EVP_PKEY *ret = NULL;
+    if (BIO_read(in, hdr_buf, 16) != 16) {
+        PEMerr(PEM_F_DO_B2I_BIO, PEM_R_KEYBLOB_TOO_SHORT);
+        return NULL;
+    }
+    p = hdr_buf;
+    if (do_blob_header(&p, 16, &magic, &bitlen, &isdss, &ispub) <= 0)
+        return NULL;
+
+    length = blob_length(bitlen, isdss, ispub);
+    if (length > BLOB_MAX_LENGTH) {
+        PEMerr(PEM_F_DO_B2I_BIO, PEM_R_HEADER_TOO_LONG);
+        return NULL;
+    }
+    buf = OPENSSL_malloc(length);
+    if (buf == NULL) {
+        PEMerr(PEM_F_DO_B2I_BIO, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    p = buf;
+    if (BIO_read(in, buf, length) != (int)length) {
+        PEMerr(PEM_F_DO_B2I_BIO, PEM_R_KEYBLOB_TOO_SHORT);
+        goto err;
+    }
+
+    if (isdss)
+        ret = b2i_dss(&p, bitlen, ispub);
+    else
+        ret = b2i_rsa(&p, bitlen, ispub);
+
+ err:
+    OPENSSL_free(buf);
+    return ret;
+}
+
+static EVP_PKEY *b2i_dss(const unsigned char **in,
+                         unsigned int bitlen, int ispub)
+{
+    const unsigned char *p = *in;
+    EVP_PKEY *ret = NULL;
+    DSA *dsa = NULL;
+    BN_CTX *ctx = NULL;
+    unsigned int nbyte;
+    BIGNUM *pbn = NULL, *qbn = NULL, *gbn = NULL, *priv_key = NULL;
+    BIGNUM *pub_key = NULL;
+
+    nbyte = (bitlen + 7) >> 3;
+
+    dsa = DSA_new();
+    ret = EVP_PKEY_new();
+    if (dsa == NULL || ret == NULL)
+        goto memerr;
+    if (!read_lebn(&p, nbyte, &pbn))
+        goto memerr;
+
+    if (!read_lebn(&p, 20, &qbn))
+        goto memerr;
+
+    if (!read_lebn(&p, nbyte, &gbn))
+        goto memerr;
+
+    if (ispub) {
+        if (!read_lebn(&p, nbyte, &pub_key))
+            goto memerr;
+    } else {
+        if (!read_lebn(&p, 20, &priv_key))
+            goto memerr;
+
+        /* Calculate public key */
+        pub_key = BN_new();
+        if (pub_key == NULL)
+            goto memerr;
+        if ((ctx = BN_CTX_new()) == NULL)
+            goto memerr;
+
+        if (!BN_mod_exp(pub_key, gbn, priv_key, pbn, ctx))
+            goto memerr;
+
+        BN_CTX_free(ctx);
+        ctx = NULL;
+    }
+    if (!DSA_set0_pqg(dsa, pbn, qbn, gbn))
+        goto memerr;
+    pbn = qbn = gbn = NULL;
+    if (!DSA_set0_key(dsa, pub_key, priv_key))
+        goto memerr;
+    pub_key = priv_key = NULL;
+
+    if (!EVP_PKEY_set1_DSA(ret, dsa))
+        goto memerr;
+    DSA_free(dsa);
+    *in = p;
+    return ret;
+
+ memerr:
+    PEMerr(PEM_F_B2I_DSS, ERR_R_MALLOC_FAILURE);
+    DSA_free(dsa);
+    BN_free(pbn);
+    BN_free(qbn);
+    BN_free(gbn);
+    BN_free(pub_key);
+    BN_free(priv_key);
+    EVP_PKEY_free(ret);
+    BN_CTX_free(ctx);
+    return NULL;
+}
+
+static EVP_PKEY *b2i_rsa(const unsigned char **in,
+                         unsigned int bitlen, int ispub)
+{
+    const unsigned char *pin = *in;
+    EVP_PKEY *ret = NULL;
+    BIGNUM *e = NULL, *n = NULL, *d = NULL;
+    BIGNUM *p = NULL, *q = NULL, *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL;
+    RSA *rsa = NULL;
+    unsigned int nbyte, hnbyte;
+    nbyte = (bitlen + 7) >> 3;
+    hnbyte = (bitlen + 15) >> 4;
+    rsa = RSA_new();
+    ret = EVP_PKEY_new();
+    if (rsa == NULL || ret == NULL)
+        goto memerr;
+    e = BN_new();
+    if (e == NULL)
+        goto memerr;
+    if (!BN_set_word(e, read_ledword(&pin)))
+        goto memerr;
+    if (!read_lebn(&pin, nbyte, &n))
+        goto memerr;
+    if (!ispub) {
+        if (!read_lebn(&pin, hnbyte, &p))
+            goto memerr;
+        if (!read_lebn(&pin, hnbyte, &q))
+            goto memerr;
+        if (!read_lebn(&pin, hnbyte, &dmp1))
+            goto memerr;
+        if (!read_lebn(&pin, hnbyte, &dmq1))
+            goto memerr;
+        if (!read_lebn(&pin, hnbyte, &iqmp))
+            goto memerr;
+        if (!read_lebn(&pin, nbyte, &d))
+            goto memerr;
+        if (!RSA_set0_factors(rsa, p, q))
+            goto memerr;
+        p = q = NULL;
+        if (!RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp))
+            goto memerr;
+        dmp1 = dmq1 = iqmp = NULL;
+    }
+    if (!RSA_set0_key(rsa, n, e, d))
+        goto memerr;
+    n = e = d = NULL;
+
+    if (!EVP_PKEY_set1_RSA(ret, rsa))
+        goto memerr;
+    RSA_free(rsa);
+    *in = pin;
+    return ret;
+ memerr:
+    PEMerr(PEM_F_B2I_RSA, ERR_R_MALLOC_FAILURE);
+    BN_free(e);
+    BN_free(n);
+    BN_free(p);
+    BN_free(q);
+    BN_free(dmp1);
+    BN_free(dmq1);
+    BN_free(iqmp);
+    BN_free(d);
+    RSA_free(rsa);
+    EVP_PKEY_free(ret);
+    return NULL;
+}
+
+EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length)
+{
+    return do_b2i(in, length, 0);
+}
+
+EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length)
+{
+    return do_b2i(in, length, 1);
+}
+
+EVP_PKEY *b2i_PrivateKey_bio(BIO *in)
+{
+    return do_b2i_bio(in, 0);
+}
+
+EVP_PKEY *b2i_PublicKey_bio(BIO *in)
+{
+    return do_b2i_bio(in, 1);
+}
+
+static void write_ledword(unsigned char **out, unsigned int dw)
+{
+    unsigned char *p = *out;
+    *p++ = dw & 0xff;
+    *p++ = (dw >> 8) & 0xff;
+    *p++ = (dw >> 16) & 0xff;
+    *p++ = (dw >> 24) & 0xff;
+    *out = p;
+}
+
+static void write_lebn(unsigned char **out, const BIGNUM *bn, int len)
+{
+    BN_bn2lebinpad(bn, *out, len);
+    *out += len;
+}
+
+static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *magic);
+static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *magic);
+
+static void write_rsa(unsigned char **out, RSA *rsa, int ispub);
+static void write_dsa(unsigned char **out, DSA *dsa, int ispub);
+
+static int do_i2b(unsigned char **out, EVP_PKEY *pk, int ispub)
+{
+    unsigned char *p;
+    unsigned int bitlen, magic = 0, keyalg;
+    int outlen, noinc = 0;
+    int pktype = EVP_PKEY_id(pk);
+    if (pktype == EVP_PKEY_DSA) {
+        bitlen = check_bitlen_dsa(EVP_PKEY_get0_DSA(pk), ispub, &magic);
+        keyalg = MS_KEYALG_DSS_SIGN;
+    } else if (pktype == EVP_PKEY_RSA) {
+        bitlen = check_bitlen_rsa(EVP_PKEY_get0_RSA(pk), ispub, &magic);
+        keyalg = MS_KEYALG_RSA_KEYX;
+    } else
+        return -1;
+    if (bitlen == 0)
+        return -1;
+    outlen = 16 + blob_length(bitlen,
+                              keyalg == MS_KEYALG_DSS_SIGN ? 1 : 0, ispub);
+    if (out == NULL)
+        return outlen;
+    if (*out)
+        p = *out;
+    else {
+        if ((p = OPENSSL_malloc(outlen)) == NULL) {
+            PEMerr(PEM_F_DO_I2B, ERR_R_MALLOC_FAILURE);
+            return -1;
+        }
+        *out = p;
+        noinc = 1;
+    }
+    if (ispub)
+        *p++ = MS_PUBLICKEYBLOB;
+    else
+        *p++ = MS_PRIVATEKEYBLOB;
+    *p++ = 0x2;
+    *p++ = 0;
+    *p++ = 0;
+    write_ledword(&p, keyalg);
+    write_ledword(&p, magic);
+    write_ledword(&p, bitlen);
+    if (keyalg == MS_KEYALG_DSS_SIGN)
+        write_dsa(&p, EVP_PKEY_get0_DSA(pk), ispub);
+    else
+        write_rsa(&p, EVP_PKEY_get0_RSA(pk), ispub);
+    if (!noinc)
+        *out += outlen;
+    return outlen;
+}
+
+static int do_i2b_bio(BIO *out, EVP_PKEY *pk, int ispub)
+{
+    unsigned char *tmp = NULL;
+    int outlen, wrlen;
+    outlen = do_i2b(&tmp, pk, ispub);
+    if (outlen < 0)
+        return -1;
+    wrlen = BIO_write(out, tmp, outlen);
+    OPENSSL_free(tmp);
+    if (wrlen == outlen)
+        return outlen;
+    return -1;
+}
+
+static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *pmagic)
+{
+    int bitlen;
+    const BIGNUM *p = NULL, *q = NULL, *g = NULL;
+    const BIGNUM *pub_key = NULL, *priv_key = NULL;
+
+    DSA_get0_pqg(dsa, &p, &q, &g);
+    DSA_get0_key(dsa, &pub_key, &priv_key);
+    bitlen = BN_num_bits(p);
+    if ((bitlen & 7) || (BN_num_bits(q) != 160)
+        || (BN_num_bits(g) > bitlen))
+        goto badkey;
+    if (ispub) {
+        if (BN_num_bits(pub_key) > bitlen)
+            goto badkey;
+        *pmagic = MS_DSS1MAGIC;
+    } else {
+        if (BN_num_bits(priv_key) > 160)
+            goto badkey;
+        *pmagic = MS_DSS2MAGIC;
+    }
+
+    return bitlen;
+ badkey:
+    PEMerr(PEM_F_CHECK_BITLEN_DSA, PEM_R_UNSUPPORTED_KEY_COMPONENTS);
+    return 0;
+}
+
+static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *pmagic)
+{
+    int nbyte, hnbyte, bitlen;
+    const BIGNUM *e;
+
+    RSA_get0_key(rsa, NULL, &e, NULL);
+    if (BN_num_bits(e) > 32)
+        goto badkey;
+    bitlen = RSA_bits(rsa);
+    nbyte = RSA_size(rsa);
+    hnbyte = (bitlen + 15) >> 4;
+    if (ispub) {
+        *pmagic = MS_RSA1MAGIC;
+        return bitlen;
+    } else {
+        const BIGNUM *d, *p, *q, *iqmp, *dmp1, *dmq1;
+
+        *pmagic = MS_RSA2MAGIC;
+
+        /*
+         * For private key each component must fit within nbyte or hnbyte.
+         */
+        RSA_get0_key(rsa, NULL, NULL, &d);
+        if (BN_num_bytes(d) > nbyte)
+            goto badkey;
+        RSA_get0_factors(rsa, &p, &q);
+        RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
+        if ((BN_num_bytes(iqmp) > hnbyte)
+            || (BN_num_bytes(p) > hnbyte)
+            || (BN_num_bytes(q) > hnbyte)
+            || (BN_num_bytes(dmp1) > hnbyte)
+            || (BN_num_bytes(dmq1) > hnbyte))
+            goto badkey;
+    }
+    return bitlen;
+ badkey:
+    PEMerr(PEM_F_CHECK_BITLEN_RSA, PEM_R_UNSUPPORTED_KEY_COMPONENTS);
+    return 0;
+}
+
+static void write_rsa(unsigned char **out, RSA *rsa, int ispub)
+{
+    int nbyte, hnbyte;
+    const BIGNUM *n, *d, *e, *p, *q, *iqmp, *dmp1, *dmq1;
+
+    nbyte = RSA_size(rsa);
+    hnbyte = (RSA_bits(rsa) + 15) >> 4;
+    RSA_get0_key(rsa, &n, &e, &d);
+    write_lebn(out, e, 4);
+    write_lebn(out, n, nbyte);
+    if (ispub)
+        return;
+    RSA_get0_factors(rsa, &p, &q);
+    RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
+    write_lebn(out, p, hnbyte);
+    write_lebn(out, q, hnbyte);
+    write_lebn(out, dmp1, hnbyte);
+    write_lebn(out, dmq1, hnbyte);
+    write_lebn(out, iqmp, hnbyte);
+    write_lebn(out, d, nbyte);
+}
+
+static void write_dsa(unsigned char **out, DSA *dsa, int ispub)
+{
+    int nbyte;
+    const BIGNUM *p = NULL, *q = NULL, *g = NULL;
+    const BIGNUM *pub_key = NULL, *priv_key = NULL;
+
+    DSA_get0_pqg(dsa, &p, &q, &g);
+    DSA_get0_key(dsa, &pub_key, &priv_key);
+    nbyte = BN_num_bytes(p);
+    write_lebn(out, p, nbyte);
+    write_lebn(out, q, 20);
+    write_lebn(out, g, nbyte);
+    if (ispub)
+        write_lebn(out, pub_key, nbyte);
+    else
+        write_lebn(out, priv_key, 20);
+    /* Set "invalid" for seed structure values */
+    memset(*out, 0xff, 24);
+    *out += 24;
+    return;
+}
+
+int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk)
+{
+    return do_i2b_bio(out, pk, 0);
+}
+
+int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk)
+{
+    return do_i2b_bio(out, pk, 1);
+}
+
+# ifndef OPENSSL_NO_RC4
+
+static int do_PVK_header(const unsigned char **in, unsigned int length,
+                         int skip_magic,
+                         unsigned int *psaltlen, unsigned int *pkeylen)
+{
+    const unsigned char *p = *in;
+    unsigned int pvk_magic, is_encrypted;
+    if (skip_magic) {
+        if (length < 20) {
+            PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT);
+            return 0;
+        }
+    } else {
+        if (length < 24) {
+            PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT);
+            return 0;
+        }
+        pvk_magic = read_ledword(&p);
+        if (pvk_magic != MS_PVKMAGIC) {
+            PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_BAD_MAGIC_NUMBER);
+            return 0;
+        }
+    }
+    /* Skip reserved */
+    p += 4;
+    /*
+     * keytype =
+     */ read_ledword(&p);
+    is_encrypted = read_ledword(&p);
+    *psaltlen = read_ledword(&p);
+    *pkeylen = read_ledword(&p);
+
+    if (*pkeylen > PVK_MAX_KEYLEN || *psaltlen > PVK_MAX_SALTLEN)
+        return 0;
+
+    if (is_encrypted && !*psaltlen) {
+        PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_INCONSISTENT_HEADER);
+        return 0;
+    }
+
+    *in = p;
+    return 1;
+}
+
+static int derive_pvk_key(unsigned char *key,
+                          const unsigned char *salt, unsigned int saltlen,
+                          const unsigned char *pass, int passlen)
+{
+    EVP_MD_CTX *mctx = EVP_MD_CTX_new();
+    int rv = 1;
+    if (mctx == NULL
+        || !EVP_DigestInit_ex(mctx, EVP_sha1(), NULL)
+        || !EVP_DigestUpdate(mctx, salt, saltlen)
+        || !EVP_DigestUpdate(mctx, pass, passlen)
+        || !EVP_DigestFinal_ex(mctx, key, NULL))
+        rv = 0;
+
+    EVP_MD_CTX_free(mctx);
+    return rv;
+}
+
+static EVP_PKEY *do_PVK_body(const unsigned char **in,
+                             unsigned int saltlen, unsigned int keylen,
+                             pem_password_cb *cb, void *u)
+{
+    EVP_PKEY *ret = NULL;
+    const unsigned char *p = *in;
+    unsigned int magic;
+    unsigned char *enctmp = NULL, *q;
+    unsigned char keybuf[20];
+
+    EVP_CIPHER_CTX *cctx = EVP_CIPHER_CTX_new();
+    if (saltlen) {
+        char psbuf[PEM_BUFSIZE];
+        int enctmplen, inlen;
+        if (cb)
+            inlen = cb(psbuf, PEM_BUFSIZE, 0, u);
+        else
+            inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
+        if (inlen < 0) {
+            PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_PASSWORD_READ);
+            goto err;
+        }
+        enctmp = OPENSSL_malloc(keylen + 8);
+        if (enctmp == NULL) {
+            PEMerr(PEM_F_DO_PVK_BODY, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (!derive_pvk_key(keybuf, p, saltlen,
+                            (unsigned char *)psbuf, inlen))
+            goto err;
+        p += saltlen;
+        /* Copy BLOBHEADER across, decrypt rest */
+        memcpy(enctmp, p, 8);
+        p += 8;
+        if (keylen < 8) {
+            PEMerr(PEM_F_DO_PVK_BODY, PEM_R_PVK_TOO_SHORT);
+            goto err;
+        }
+        inlen = keylen - 8;
+        q = enctmp + 8;
+        if (!EVP_DecryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL))
+            goto err;
+        if (!EVP_DecryptUpdate(cctx, q, &enctmplen, p, inlen))
+            goto err;
+        if (!EVP_DecryptFinal_ex(cctx, q + enctmplen, &enctmplen))
+            goto err;
+        magic = read_ledword((const unsigned char **)&q);
+        if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) {
+            q = enctmp + 8;
+            memset(keybuf + 5, 0, 11);
+            if (!EVP_DecryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL))
+                goto err;
+            if (!EVP_DecryptUpdate(cctx, q, &enctmplen, p, inlen))
+                goto err;
+            if (!EVP_DecryptFinal_ex(cctx, q + enctmplen, &enctmplen))
+                goto err;
+            magic = read_ledword((const unsigned char **)&q);
+            if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) {
+                PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_DECRYPT);
+                goto err;
+            }
+        }
+        p = enctmp;
+    }
+
+    ret = b2i_PrivateKey(&p, keylen);
+ err:
+    EVP_CIPHER_CTX_free(cctx);
+    if (enctmp != NULL) {
+        OPENSSL_cleanse(keybuf, sizeof(keybuf));
+        OPENSSL_free(enctmp);
+    }
+    return ret;
+}
+
+EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u)
+{
+    unsigned char pvk_hdr[24], *buf = NULL;
+    const unsigned char *p;
+    int buflen;
+    EVP_PKEY *ret = NULL;
+    unsigned int saltlen, keylen;
+    if (BIO_read(in, pvk_hdr, 24) != 24) {
+        PEMerr(PEM_F_B2I_PVK_BIO, PEM_R_PVK_DATA_TOO_SHORT);
+        return NULL;
+    }
+    p = pvk_hdr;
+
+    if (!do_PVK_header(&p, 24, 0, &saltlen, &keylen))
+        return 0;
+    buflen = (int)keylen + saltlen;
+    buf = OPENSSL_malloc(buflen);
+    if (buf == NULL) {
+        PEMerr(PEM_F_B2I_PVK_BIO, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    p = buf;
+    if (BIO_read(in, buf, buflen) != buflen) {
+        PEMerr(PEM_F_B2I_PVK_BIO, PEM_R_PVK_DATA_TOO_SHORT);
+        goto err;
+    }
+    ret = do_PVK_body(&p, saltlen, keylen, cb, u);
+
+ err:
+    OPENSSL_clear_free(buf, buflen);
+    return ret;
+}
+
+static int i2b_PVK(unsigned char **out, EVP_PKEY *pk, int enclevel,
+                   pem_password_cb *cb, void *u)
+{
+    int outlen = 24, pklen;
+    unsigned char *p = NULL, *start = NULL, *salt = NULL;
+    EVP_CIPHER_CTX *cctx = NULL;
+    if (enclevel)
+        outlen += PVK_SALTLEN;
+    pklen = do_i2b(NULL, pk, 0);
+    if (pklen < 0)
+        return -1;
+    outlen += pklen;
+    if (out == NULL)
+        return outlen;
+    if (*out != NULL) {
+        p = *out;
+    } else {
+        start = p = OPENSSL_malloc(outlen);
+        if (p == NULL) {
+            PEMerr(PEM_F_I2B_PVK, ERR_R_MALLOC_FAILURE);
+            return -1;
+        }
+    }
+
+    cctx = EVP_CIPHER_CTX_new();
+    if (cctx == NULL)
+        goto error;
+
+    write_ledword(&p, MS_PVKMAGIC);
+    write_ledword(&p, 0);
+    if (EVP_PKEY_id(pk) == EVP_PKEY_DSA)
+        write_ledword(&p, MS_KEYTYPE_SIGN);
+    else
+        write_ledword(&p, MS_KEYTYPE_KEYX);
+    write_ledword(&p, enclevel ? 1 : 0);
+    write_ledword(&p, enclevel ? PVK_SALTLEN : 0);
+    write_ledword(&p, pklen);
+    if (enclevel) {
+        if (RAND_bytes(p, PVK_SALTLEN) <= 0)
+            goto error;
+        salt = p;
+        p += PVK_SALTLEN;
+    }
+    do_i2b(&p, pk, 0);
+    if (enclevel != 0) {
+        char psbuf[PEM_BUFSIZE];
+        unsigned char keybuf[20];
+        int enctmplen, inlen;
+        if (cb)
+            inlen = cb(psbuf, PEM_BUFSIZE, 1, u);
+        else
+            inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 1, u);
+        if (inlen <= 0) {
+            PEMerr(PEM_F_I2B_PVK, PEM_R_BAD_PASSWORD_READ);
+            goto error;
+        }
+        if (!derive_pvk_key(keybuf, salt, PVK_SALTLEN,
+                            (unsigned char *)psbuf, inlen))
+            goto error;
+        if (enclevel == 1)
+            memset(keybuf + 5, 0, 11);
+        p = salt + PVK_SALTLEN + 8;
+        if (!EVP_EncryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL))
+            goto error;
+        OPENSSL_cleanse(keybuf, 20);
+        if (!EVP_DecryptUpdate(cctx, p, &enctmplen, p, pklen - 8))
+            goto error;
+        if (!EVP_DecryptFinal_ex(cctx, p + enctmplen, &enctmplen))
+            goto error;
+    }
+
+    EVP_CIPHER_CTX_free(cctx);
+
+    if (*out == NULL)
+        *out = start;
+
+    return outlen;
+
+ error:
+    EVP_CIPHER_CTX_free(cctx);
+    if (*out == NULL)
+        OPENSSL_free(start);
+    return -1;
+}
+
+int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel,
+                pem_password_cb *cb, void *u)
+{
+    unsigned char *tmp = NULL;
+    int outlen, wrlen;
+    outlen = i2b_PVK(&tmp, pk, enclevel, cb, u);
+    if (outlen < 0)
+        return -1;
+    wrlen = BIO_write(out, tmp, outlen);
+    OPENSSL_free(tmp);
+    if (wrlen == outlen) {
+        PEMerr(PEM_F_I2B_PVK_BIO, PEM_R_BIO_WRITE_FAILURE);
+        return outlen;
+    }
+    return -1;
+}
+
+# endif
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/perlasm/README b/trunk/3rdparty/openssl-1.1-fit/crypto/perlasm/README
new file mode 100644
index 000000000..3177c3716
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/perlasm/README
@@ -0,0 +1,124 @@
+The perl scripts in this directory are my 'hack' to generate
+multiple different assembler formats via the one original script.
+
+The way to use this library is to start with adding the path to this directory
+and then include it.
+
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+
+The first thing we do is setup the file and type of assembler
+
+&asm_init($ARGV[0]);
+
+The first argument is the 'type'.  Currently
+'cpp', 'sol', 'a.out', 'elf' or 'win32'.
+Argument 2 is the file name.
+
+The reciprocal function is
+&asm_finish() which should be called at the end.
+
+There are 2 main 'packages'. x86ms.pl, which is the Microsoft assembler,
+and x86unix.pl which is the unix (gas) version.
+
+Functions of interest are:
+&external_label("des_SPtrans");	declare and external variable
+&LB(reg);			Low byte for a register
+&HB(reg);			High byte for a register
+&BP(off,base,index,scale)	Byte pointer addressing
+&DWP(off,base,index,scale)	Word pointer addressing
+&stack_push(num)		Basically a 'sub esp, num*4' with extra
+&stack_pop(num)			inverse of stack_push
+&function_begin(name,extra)	Start a function with pushing of
+				edi, esi, ebx and ebp.  extra is extra win32
+				external info that may be required.
+&function_begin_B(name,extra)	Same as normal function_begin but no pushing.
+&function_end(name)		Call at end of function.
+&function_end_A(name)		Standard pop and ret, for use inside functions
+&function_end_B(name)		Call at end but with poping or 'ret'.
+&swtmp(num)			Address on stack temp word.
+&wparam(num)			Parameter number num, that was push
+				in C convention.  This all works over pushes
+				and pops.
+&comment("hello there")		Put in a comment.
+&label("loop")			Refer to a label, normally a jmp target.
+&set_label("loop")		Set a label at this point.
+&data_word(word)		Put in a word of data.
+
+So how does this all hold together?  Given
+
+int calc(int len, int *data)
+	{
+	int i,j=0;
+
+	for (i=0; i<len; i++)
+		{
+		j+=other(data[i]);
+		}
+	}
+
+So a very simple version of this function could be coded as
+
+	push(@INC,"perlasm","../../perlasm");
+	require "x86asm.pl";
+	
+	&asm_init($ARGV[0]);
+
+	&external_label("other");
+
+	$tmp1=	"eax";
+	$j=	"edi";
+	$data=	"esi";
+	$i=	"ebp";
+
+	&comment("a simple function");
+	&function_begin("calc");
+	&mov(	$data,		&wparam(1)); # data
+	&xor(	$j,		$j);
+	&xor(	$i,		$i);
+
+	&set_label("loop");
+	&cmp(	$i,		&wparam(0));
+	&jge(	&label("end"));
+
+	&mov(	$tmp1,		&DWP(0,$data,$i,4));
+	&push(	$tmp1);
+	&call(	"other");
+	&add(	$j,		"eax");
+	&pop(	$tmp1);
+	&inc(	$i);
+	&jmp(	&label("loop"));
+
+	&set_label("end");
+	&mov(	"eax",		$j);
+
+	&function_end("calc");
+
+	&asm_finish();
+
+The above example is very very unoptimised but gives an idea of how
+things work.
+
+There is also a cbc mode function generator in cbc.pl
+
+&cbc(	$name,
+	$encrypt_function_name,
+	$decrypt_function_name,
+	$true_if_byte_swap_needed,
+	$parameter_number_for_iv,
+	$parameter_number_for_encrypt_flag,
+	$first_parameter_to_pass,
+	$second_parameter_to_pass,
+	$third_parameter_to_pass);
+
+So for example, given
+void BF_encrypt(BF_LONG *data,BF_KEY *key);
+void BF_decrypt(BF_LONG *data,BF_KEY *key);
+void BF_cbc_encrypt(unsigned char *in, unsigned char *out, long length,
+        BF_KEY *ks, unsigned char *iv, int enc);
+
+&cbc("BF_cbc_encrypt","BF_encrypt","BF_encrypt",1,4,5,3,-1,-1);
+
+&cbc("des_ncbc_encrypt","des_encrypt","des_encrypt",0,4,5,3,5,-1);
+&cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3",0,6,7,3,4,5);
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/perlasm/arm-xlate.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/perlasm/arm-xlate.pl
new file mode 100755
index 000000000..ca2f8b990
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/perlasm/arm-xlate.pl
@@ -0,0 +1,177 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+
+my $flavour = shift;
+my $output = shift;
+open STDOUT,">$output" || die "can't open $output: $!";
+
+$flavour = "linux32" if (!$flavour or $flavour eq "void");
+
+my %GLOBALS;
+my $dotinlocallabels=($flavour=~/linux/)?1:0;
+
+################################################################
+# directives which need special treatment on different platforms
+################################################################
+my $arch = sub {
+    if ($flavour =~ /linux/)	{ ".arch\t".join(',',@_); }
+    else			{ ""; }
+};
+my $fpu = sub {
+    if ($flavour =~ /linux/)	{ ".fpu\t".join(',',@_); }
+    else			{ ""; }
+};
+my $hidden = sub {
+    if ($flavour =~ /ios/)	{ ".private_extern\t".join(',',@_); }
+    else			{ ".hidden\t".join(',',@_); }
+};
+my $comm = sub {
+    my @args = split(/,\s*/,shift);
+    my $name = @args[0];
+    my $global = \$GLOBALS{$name};
+    my $ret;
+
+    if ($flavour =~ /ios32/)	{
+	$ret = ".comm\t_$name,@args[1]\n";
+	$ret .= ".non_lazy_symbol_pointer\n";
+	$ret .= "$name:\n";
+	$ret .= ".indirect_symbol\t_$name\n";
+	$ret .= ".long\t0";
+	$name = "_$name";
+    } else			{ $ret = ".comm\t".join(',',@args); }
+
+    $$global = $name;
+    $ret;
+};
+my $globl = sub {
+    my $name = shift;
+    my $global = \$GLOBALS{$name};
+    my $ret;
+
+    SWITCH: for ($flavour) {
+	/ios/		&& do { $name = "_$name";
+				last;
+			      };
+    }
+
+    $ret = ".globl	$name" if (!$ret);
+    $$global = $name;
+    $ret;
+};
+my $global = $globl;
+my $extern = sub {
+    &$globl(@_);
+    return;	# return nothing
+};
+my $type = sub {
+    if ($flavour =~ /linux/)	{ ".type\t".join(',',@_); }
+    elsif ($flavour =~ /ios32/)	{ if (join(',',@_) =~ /(\w+),%function/) {
+					"#ifdef __thumb2__\n".
+					".thumb_func	$1\n".
+					"#endif";
+				  }
+			        }
+    else			{ ""; }
+};
+my $size = sub {
+    if ($flavour =~ /linux/)	{ ".size\t".join(',',@_); }
+    else			{ ""; }
+};
+my $inst = sub {
+    if ($flavour =~ /linux/)    { ".inst\t".join(',',@_); }
+    else                        { ".long\t".join(',',@_); }
+};
+my $asciz = sub {
+    my $line = join(",",@_);
+    if ($line =~ /^"(.*)"$/)
+    {	".byte	" . join(",",unpack("C*",$1),0) . "\n.align	2";	}
+    else
+    {	"";	}
+};
+
+sub range {
+  my ($r,$sfx,$start,$end) = @_;
+
+    join(",",map("$r$_$sfx",($start..$end)));
+}
+
+sub expand_line {
+  my $line = shift;
+  my @ret = ();
+
+    pos($line)=0;
+
+    while ($line =~ m/\G[^@\/\{\"]*/g) {
+	if ($line =~ m/\G(@|\/\/|$)/gc) {
+	    last;
+	}
+	elsif ($line =~ m/\G\{/gc) {
+	    my $saved_pos = pos($line);
+	    $line =~ s/\G([rdqv])([0-9]+)([^\-]*)\-\1([0-9]+)\3/range($1,$3,$2,$4)/e;
+	    pos($line) = $saved_pos;
+	    $line =~ m/\G[^\}]*\}/g;
+	}
+	elsif ($line =~ m/\G\"/gc) {
+	    $line =~ m/\G[^\"]*\"/g;
+	}
+    }
+
+    $line =~ s/\b(\w+)/$GLOBALS{$1} or $1/ge;
+
+    return $line;
+}
+
+while(my $line=<>) {
+
+    if ($line =~ m/^\s*(#|@|\/\/)/)	{ print $line; next; }
+
+    $line =~ s|/\*.*\*/||;	# get rid of C-style comments...
+    $line =~ s|^\s+||;		# ... and skip white spaces in beginning...
+    $line =~ s|\s+$||;		# ... and at the end
+
+    {
+	$line =~ s|[\b\.]L(\w{2,})|L$1|g;	# common denominator for Locallabel
+	$line =~ s|\bL(\w{2,})|\.L$1|g	if ($dotinlocallabels);
+    }
+
+    {
+	$line =~ s|(^[\.\w]+)\:\s*||;
+	my $label = $1;
+	if ($label) {
+	    printf "%s:",($GLOBALS{$label} or $label);
+	}
+    }
+
+    if ($line !~ m/^[#@]/) {
+	$line =~ s|^\s*(\.?)(\S+)\s*||;
+	my $c = $1; $c = "\t" if ($c eq "");
+	my $mnemonic = $2;
+	my $opcode;
+	if ($mnemonic =~ m/([^\.]+)\.([^\.]+)/) {
+	    $opcode = eval("\$$1_$2");
+	} else {
+	    $opcode = eval("\$$mnemonic");
+	}
+
+	my $arg=expand_line($line);
+
+	if (ref($opcode) eq 'CODE') {
+		$line = &$opcode($arg);
+	} elsif ($mnemonic)         {
+		$line = $c.$mnemonic;
+		$line.= "\t$arg" if ($arg ne "");
+	}
+    }
+
+    print $line if ($line);
+    print "\n";
+}
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/perlasm/cbc.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/perlasm/cbc.pl
new file mode 100644
index 000000000..01bafe457
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/perlasm/cbc.pl
@@ -0,0 +1,356 @@
+#! /usr/bin/env perl
+# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# void des_ncbc_encrypt(input, output, length, schedule, ivec, enc)
+# des_cblock (*input);
+# des_cblock (*output);
+# long length;
+# des_key_schedule schedule;
+# des_cblock (*ivec);
+# int enc;
+#
+# calls
+# des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
+#
+
+#&cbc("des_ncbc_encrypt","des_encrypt",0);
+#&cbc("BF_cbc_encrypt","BF_encrypt","BF_encrypt",
+#	1,4,5,3,5,-1);
+#&cbc("des_ncbc_encrypt","des_encrypt","des_encrypt",
+#	0,4,5,3,5,-1);
+#&cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3",
+#	0,6,7,3,4,5);
+#
+# When doing a cipher that needs bigendian order,
+# for encrypt, the iv is kept in bigendian form,
+# while for decrypt, it is kept in little endian.
+sub cbc
+	{
+	local($name,$enc_func,$dec_func,$swap,$iv_off,$enc_off,$p1,$p2,$p3)=@_;
+	# name is the function name
+	# enc_func and dec_func and the functions to call for encrypt/decrypt
+	# swap is true if byte order needs to be reversed
+	# iv_off is parameter number for the iv
+	# enc_off is parameter number for the encrypt/decrypt flag
+	# p1,p2,p3 are the offsets for parameters to be passed to the
+	# underlying calls.
+
+	&function_begin_B($name,"");
+	&comment("");
+
+	$in="esi";
+	$out="edi";
+	$count="ebp";
+
+	&push("ebp");
+	&push("ebx");
+	&push("esi");
+	&push("edi");
+
+	$data_off=4;
+	$data_off+=4 if ($p1 > 0);
+	$data_off+=4 if ($p2 > 0);
+	$data_off+=4 if ($p3 > 0);
+
+	&mov($count,	&wparam(2));	# length
+
+	&comment("getting iv ptr from parameter $iv_off");
+	&mov("ebx",	&wparam($iv_off));	# Get iv ptr
+
+	&mov($in,	&DWP(0,"ebx","",0));#	iv[0]
+	&mov($out,	&DWP(4,"ebx","",0));#	iv[1]
+
+	&push($out);
+	&push($in);
+	&push($out);	# used in decrypt for iv[1]
+	&push($in);	# used in decrypt for iv[0]
+
+	&mov("ebx",	"esp");		# This is the address of tin[2]
+
+	&mov($in,	&wparam(0));	# in
+	&mov($out,	&wparam(1));	# out
+
+	# We have loaded them all, how lets push things
+	&comment("getting encrypt flag from parameter $enc_off");
+	&mov("ecx",	&wparam($enc_off));	# Get enc flag
+	if ($p3 > 0)
+		{
+		&comment("get and push parameter $p3");
+		if ($enc_off != $p3)
+			{ &mov("eax",	&wparam($p3)); &push("eax"); }
+		else	{ &push("ecx"); }
+		}
+	if ($p2 > 0)
+		{
+		&comment("get and push parameter $p2");
+		if ($enc_off != $p2)
+			{ &mov("eax",	&wparam($p2)); &push("eax"); }
+		else	{ &push("ecx"); }
+		}
+	if ($p1 > 0)
+		{
+		&comment("get and push parameter $p1");
+		if ($enc_off != $p1)
+			{ &mov("eax",	&wparam($p1)); &push("eax"); }
+		else	{ &push("ecx"); }
+		}
+	&push("ebx");		# push data/iv
+
+	&cmp("ecx",0);
+	&jz(&label("decrypt"));
+
+	&and($count,0xfffffff8);
+	&mov("eax",	&DWP($data_off,"esp","",0));	# load iv[0]
+	&mov("ebx",	&DWP($data_off+4,"esp","",0));	# load iv[1]
+
+	&jz(&label("encrypt_finish"));
+
+	#############################################################
+
+	&set_label("encrypt_loop");
+	# encrypt start
+	# "eax" and "ebx" hold iv (or the last cipher text)
+
+	&mov("ecx",	&DWP(0,$in,"",0));	# load first 4 bytes
+	&mov("edx",	&DWP(4,$in,"",0));	# second 4 bytes
+
+	&xor("eax",	"ecx");
+	&xor("ebx",	"edx");
+
+	&bswap("eax")	if $swap;
+	&bswap("ebx")	if $swap;
+
+	&mov(&DWP($data_off,"esp","",0),	"eax");	# put in array for call
+	&mov(&DWP($data_off+4,"esp","",0),	"ebx");	#
+
+	&call($enc_func);
+
+	&mov("eax",	&DWP($data_off,"esp","",0));
+	&mov("ebx",	&DWP($data_off+4,"esp","",0));
+
+	&bswap("eax")	if $swap;
+	&bswap("ebx")	if $swap;
+
+	&mov(&DWP(0,$out,"",0),"eax");
+	&mov(&DWP(4,$out,"",0),"ebx");
+
+	# eax and ebx are the next iv.
+
+	&add($in,	8);
+	&add($out,	8);
+
+	&sub($count,	8);
+	&jnz(&label("encrypt_loop"));
+
+###################################################################3
+	&set_label("encrypt_finish");
+	&mov($count,	&wparam(2));	# length
+	&and($count,	7);
+	&jz(&label("finish"));
+	&call(&label("PIC_point"));
+&set_label("PIC_point");
+	&blindpop("edx");
+	&lea("ecx",&DWP(&label("cbc_enc_jmp_table")."-".&label("PIC_point"),"edx"));
+	&mov($count,&DWP(0,"ecx",$count,4));
+	&add($count,"edx");
+	&xor("ecx","ecx");
+	&xor("edx","edx");
+	#&mov($count,&DWP(&label("cbc_enc_jmp_table"),"",$count,4));
+	&jmp_ptr($count);
+
+&set_label("ej7");
+	&movb(&HB("edx"),	&BP(6,$in,"",0));
+	&shl("edx",8);
+&set_label("ej6");
+	&movb(&HB("edx"),	&BP(5,$in,"",0));
+&set_label("ej5");
+	&movb(&LB("edx"),	&BP(4,$in,"",0));
+&set_label("ej4");
+	&mov("ecx",		&DWP(0,$in,"",0));
+	&jmp(&label("ejend"));
+&set_label("ej3");
+	&movb(&HB("ecx"),	&BP(2,$in,"",0));
+	&shl("ecx",8);
+&set_label("ej2");
+	&movb(&HB("ecx"),	&BP(1,$in,"",0));
+&set_label("ej1");
+	&movb(&LB("ecx"),	&BP(0,$in,"",0));
+&set_label("ejend");
+
+	&xor("eax",	"ecx");
+	&xor("ebx",	"edx");
+
+	&bswap("eax")	if $swap;
+	&bswap("ebx")	if $swap;
+
+	&mov(&DWP($data_off,"esp","",0),	"eax");	# put in array for call
+	&mov(&DWP($data_off+4,"esp","",0),	"ebx");	#
+
+	&call($enc_func);
+
+	&mov("eax",	&DWP($data_off,"esp","",0));
+	&mov("ebx",	&DWP($data_off+4,"esp","",0));
+
+	&bswap("eax")	if $swap;
+	&bswap("ebx")	if $swap;
+
+	&mov(&DWP(0,$out,"",0),"eax");
+	&mov(&DWP(4,$out,"",0),"ebx");
+
+	&jmp(&label("finish"));
+
+	#############################################################
+	#############################################################
+	&set_label("decrypt",1);
+	# decrypt start
+	&and($count,0xfffffff8);
+	# The next 2 instructions are only for if the jz is taken
+	&mov("eax",	&DWP($data_off+8,"esp","",0));	# get iv[0]
+	&mov("ebx",	&DWP($data_off+12,"esp","",0));	# get iv[1]
+	&jz(&label("decrypt_finish"));
+
+	&set_label("decrypt_loop");
+	&mov("eax",	&DWP(0,$in,"",0));	# load first 4 bytes
+	&mov("ebx",	&DWP(4,$in,"",0));	# second 4 bytes
+
+	&bswap("eax")	if $swap;
+	&bswap("ebx")	if $swap;
+
+	&mov(&DWP($data_off,"esp","",0),	"eax");	# put back
+	&mov(&DWP($data_off+4,"esp","",0),	"ebx");	#
+
+	&call($dec_func);
+
+	&mov("eax",	&DWP($data_off,"esp","",0));	# get return
+	&mov("ebx",	&DWP($data_off+4,"esp","",0));	#
+
+	&bswap("eax")	if $swap;
+	&bswap("ebx")	if $swap;
+
+	&mov("ecx",	&DWP($data_off+8,"esp","",0));	# get iv[0]
+	&mov("edx",	&DWP($data_off+12,"esp","",0));	# get iv[1]
+
+	&xor("ecx",	"eax");
+	&xor("edx",	"ebx");
+
+	&mov("eax",	&DWP(0,$in,"",0));	# get old cipher text,
+	&mov("ebx",	&DWP(4,$in,"",0));	# next iv actually
+
+	&mov(&DWP(0,$out,"",0),"ecx");
+	&mov(&DWP(4,$out,"",0),"edx");
+
+	&mov(&DWP($data_off+8,"esp","",0),	"eax");	# save iv
+	&mov(&DWP($data_off+12,"esp","",0),	"ebx");	#
+
+	&add($in,	8);
+	&add($out,	8);
+
+	&sub($count,	8);
+	&jnz(&label("decrypt_loop"));
+############################ ENDIT #######################3
+	&set_label("decrypt_finish");
+	&mov($count,	&wparam(2));	# length
+	&and($count,	7);
+	&jz(&label("finish"));
+
+	&mov("eax",	&DWP(0,$in,"",0));	# load first 4 bytes
+	&mov("ebx",	&DWP(4,$in,"",0));	# second 4 bytes
+
+	&bswap("eax")	if $swap;
+	&bswap("ebx")	if $swap;
+
+	&mov(&DWP($data_off,"esp","",0),	"eax");	# put back
+	&mov(&DWP($data_off+4,"esp","",0),	"ebx");	#
+
+	&call($dec_func);
+
+	&mov("eax",	&DWP($data_off,"esp","",0));	# get return
+	&mov("ebx",	&DWP($data_off+4,"esp","",0));	#
+
+	&bswap("eax")	if $swap;
+	&bswap("ebx")	if $swap;
+
+	&mov("ecx",	&DWP($data_off+8,"esp","",0));	# get iv[0]
+	&mov("edx",	&DWP($data_off+12,"esp","",0));	# get iv[1]
+
+	&xor("ecx",	"eax");
+	&xor("edx",	"ebx");
+
+	# this is for when we exit
+	&mov("eax",	&DWP(0,$in,"",0));	# get old cipher text,
+	&mov("ebx",	&DWP(4,$in,"",0));	# next iv actually
+
+&set_label("dj7");
+	&rotr("edx",	16);
+	&movb(&BP(6,$out,"",0),	&LB("edx"));
+	&shr("edx",16);
+&set_label("dj6");
+	&movb(&BP(5,$out,"",0),	&HB("edx"));
+&set_label("dj5");
+	&movb(&BP(4,$out,"",0),	&LB("edx"));
+&set_label("dj4");
+	&mov(&DWP(0,$out,"",0),	"ecx");
+	&jmp(&label("djend"));
+&set_label("dj3");
+	&rotr("ecx",	16);
+	&movb(&BP(2,$out,"",0),	&LB("ecx"));
+	&shl("ecx",16);
+&set_label("dj2");
+	&movb(&BP(1,$in,"",0),	&HB("ecx"));
+&set_label("dj1");
+	&movb(&BP(0,$in,"",0),	&LB("ecx"));
+&set_label("djend");
+
+	# final iv is still in eax:ebx
+	&jmp(&label("finish"));
+
+
+############################ FINISH #######################3
+	&set_label("finish",1);
+	&mov("ecx",	&wparam($iv_off));	# Get iv ptr
+
+	#################################################
+	$total=16+4;
+	$total+=4 if ($p1 > 0);
+	$total+=4 if ($p2 > 0);
+	$total+=4 if ($p3 > 0);
+	&add("esp",$total);
+
+	&mov(&DWP(0,"ecx","",0),	"eax");	# save iv
+	&mov(&DWP(4,"ecx","",0),	"ebx");	# save iv
+
+	&function_end_A($name);
+
+	&align(64);
+	&set_label("cbc_enc_jmp_table");
+	&data_word("0");
+	&data_word(&label("ej1")."-".&label("PIC_point"));
+	&data_word(&label("ej2")."-".&label("PIC_point"));
+	&data_word(&label("ej3")."-".&label("PIC_point"));
+	&data_word(&label("ej4")."-".&label("PIC_point"));
+	&data_word(&label("ej5")."-".&label("PIC_point"));
+	&data_word(&label("ej6")."-".&label("PIC_point"));
+	&data_word(&label("ej7")."-".&label("PIC_point"));
+	# not used
+	#&set_label("cbc_dec_jmp_table",1);
+	#&data_word("0");
+	#&data_word(&label("dj1")."-".&label("PIC_point"));
+	#&data_word(&label("dj2")."-".&label("PIC_point"));
+	#&data_word(&label("dj3")."-".&label("PIC_point"));
+	#&data_word(&label("dj4")."-".&label("PIC_point"));
+	#&data_word(&label("dj5")."-".&label("PIC_point"));
+	#&data_word(&label("dj6")."-".&label("PIC_point"));
+	#&data_word(&label("dj7")."-".&label("PIC_point"));
+	&align(64);
+
+	&function_end_B($name);
+
+	}
+
+1;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/perlasm/ppc-xlate.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/perlasm/ppc-xlate.pl
new file mode 100755
index 000000000..d220c6245
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/perlasm/ppc-xlate.pl
@@ -0,0 +1,344 @@
+#! /usr/bin/env perl
+# Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+my $flavour = shift;
+my $output = shift;
+open STDOUT,">$output" || die "can't open $output: $!";
+
+my %GLOBALS;
+my %TYPES;
+my $dotinlocallabels=($flavour=~/linux/)?1:0;
+
+################################################################
+# directives which need special treatment on different platforms
+################################################################
+my $type = sub {
+    my ($dir,$name,$type) = @_;
+
+    $TYPES{$name} = $type;
+    if ($flavour =~ /linux/) {
+	$name =~ s|^\.||;
+	".type	$name,$type";
+    } else {
+	"";
+    }
+};
+my $globl = sub {
+    my $junk = shift;
+    my $name = shift;
+    my $global = \$GLOBALS{$name};
+    my $type = \$TYPES{$name};
+    my $ret;
+
+    $name =~ s|^\.||;
+
+    SWITCH: for ($flavour) {
+	/aix/		&& do { if (!$$type) {
+				    $$type = "\@function";
+				}
+				if ($$type =~ /function/) {
+				    $name = ".$name";
+				}
+				last;
+			      };
+	/osx/		&& do { $name = "_$name";
+				last;
+			      };
+	/linux.*(32|64le)/
+			&& do {	$ret .= ".globl	$name";
+				if (!$$type) {
+				    $ret .= "\n.type	$name,\@function";
+				    $$type = "\@function";
+				}
+				last;
+			      };
+	/linux.*64/	&& do {	$ret .= ".globl	$name";
+				if (!$$type) {
+				    $ret .= "\n.type	$name,\@function";
+				    $$type = "\@function";
+				}
+				if ($$type =~ /function/) {
+				    $ret .= "\n.section	\".opd\",\"aw\"";
+				    $ret .= "\n.align	3";
+				    $ret .= "\n$name:";
+				    $ret .= "\n.quad	.$name,.TOC.\@tocbase,0";
+				    $ret .= "\n.previous";
+				    $name = ".$name";
+				}
+				last;
+			      };
+    }
+
+    $ret = ".globl	$name" if (!$ret);
+    $$global = $name;
+    $ret;
+};
+my $text = sub {
+    my $ret = ($flavour =~ /aix/) ? ".csect\t.text[PR],7" : ".text";
+    $ret = ".abiversion	2\n".$ret	if ($flavour =~ /linux.*64le/);
+    $ret;
+};
+my $machine = sub {
+    my $junk = shift;
+    my $arch = shift;
+    if ($flavour =~ /osx/)
+    {	$arch =~ s/\"//g;
+	$arch = ($flavour=~/64/) ? "ppc970-64" : "ppc970" if ($arch eq "any");
+    }
+    ".machine	$arch";
+};
+my $size = sub {
+    if ($flavour =~ /linux/)
+    {	shift;
+	my $name = shift;
+	my $real = $GLOBALS{$name} ? \$GLOBALS{$name} : \$name;
+	my $ret  = ".size	$$real,.-$$real";
+	$name =~ s|^\.||;
+	if ($$real ne $name) {
+	    $ret .= "\n.size	$name,.-$$real";
+	}
+	$ret;
+    }
+    else
+    {	"";	}
+};
+my $asciz = sub {
+    shift;
+    my $line = join(",",@_);
+    if ($line =~ /^"(.*)"$/)
+    {	".byte	" . join(",",unpack("C*",$1),0) . "\n.align	2";	}
+    else
+    {	"";	}
+};
+my $quad = sub {
+    shift;
+    my @ret;
+    my ($hi,$lo);
+    for (@_) {
+	if (/^0x([0-9a-f]*?)([0-9a-f]{1,8})$/io)
+	{  $hi=$1?"0x$1":"0"; $lo="0x$2";  }
+	elsif (/^([0-9]+)$/o)
+	{  $hi=$1>>32; $lo=$1&0xffffffff;  } # error-prone with 32-bit perl
+	else
+	{  $hi=undef; $lo=$_; }
+
+	if (defined($hi))
+	{  push(@ret,$flavour=~/le$/o?".long\t$lo,$hi":".long\t$hi,$lo");  }
+	else
+	{  push(@ret,".quad	$lo");  }
+    }
+    join("\n",@ret);
+};
+
+################################################################
+# simplified mnemonics not handled by at least one assembler
+################################################################
+my $cmplw = sub {
+    my $f = shift;
+    my $cr = 0; $cr = shift if ($#_>1);
+    # Some out-of-date 32-bit GNU assembler just can't handle cmplw...
+    ($flavour =~ /linux.*32/) ?
+	"	.long	".sprintf "0x%x",31<<26|$cr<<23|$_[0]<<16|$_[1]<<11|64 :
+	"	cmplw	".join(',',$cr,@_);
+};
+my $bdnz = sub {
+    my $f = shift;
+    my $bo = $f=~/[\+\-]/ ? 16+9 : 16;	# optional "to be taken" hint
+    "	bc	$bo,0,".shift;
+} if ($flavour!~/linux/);
+my $bltlr = sub {
+    my $f = shift;
+    my $bo = $f=~/\-/ ? 12+2 : 12;	# optional "not to be taken" hint
+    ($flavour =~ /linux/) ?		# GNU as doesn't allow most recent hints
+	"	.long	".sprintf "0x%x",19<<26|$bo<<21|16<<1 :
+	"	bclr	$bo,0";
+};
+my $bnelr = sub {
+    my $f = shift;
+    my $bo = $f=~/\-/ ? 4+2 : 4;	# optional "not to be taken" hint
+    ($flavour =~ /linux/) ?		# GNU as doesn't allow most recent hints
+	"	.long	".sprintf "0x%x",19<<26|$bo<<21|2<<16|16<<1 :
+	"	bclr	$bo,2";
+};
+my $beqlr = sub {
+    my $f = shift;
+    my $bo = $f=~/-/ ? 12+2 : 12;	# optional "not to be taken" hint
+    ($flavour =~ /linux/) ?		# GNU as doesn't allow most recent hints
+	"	.long	".sprintf "0x%X",19<<26|$bo<<21|2<<16|16<<1 :
+	"	bclr	$bo,2";
+};
+# GNU assembler can't handle extrdi rA,rS,16,48, or when sum of last two
+# arguments is 64, with "operand out of range" error.
+my $extrdi = sub {
+    my ($f,$ra,$rs,$n,$b) = @_;
+    $b = ($b+$n)&63; $n = 64-$n;
+    "	rldicl	$ra,$rs,$b,$n";
+};
+my $vmr = sub {
+    my ($f,$vx,$vy) = @_;
+    "	vor	$vx,$vy,$vy";
+};
+
+# Some ABIs specify vrsave, special-purpose register #256, as reserved
+# for system use.
+my $no_vrsave = ($flavour =~ /aix|linux64le/);
+my $mtspr = sub {
+    my ($f,$idx,$ra) = @_;
+    if ($idx == 256 && $no_vrsave) {
+	"	or	$ra,$ra,$ra";
+    } else {
+	"	mtspr	$idx,$ra";
+    }
+};
+my $mfspr = sub {
+    my ($f,$rd,$idx) = @_;
+    if ($idx == 256 && $no_vrsave) {
+	"	li	$rd,-1";
+    } else {
+	"	mfspr	$rd,$idx";
+    }
+};
+
+# PowerISA 2.06 stuff
+sub vsxmem_op {
+    my ($f, $vrt, $ra, $rb, $op) = @_;
+    "	.long	".sprintf "0x%X",(31<<26)|($vrt<<21)|($ra<<16)|($rb<<11)|($op*2+1);
+}
+# made-up unaligned memory reference AltiVec/VMX instructions
+my $lvx_u	= sub {	vsxmem_op(@_, 844); };	# lxvd2x
+my $stvx_u	= sub {	vsxmem_op(@_, 972); };	# stxvd2x
+my $lvdx_u	= sub {	vsxmem_op(@_, 588); };	# lxsdx
+my $stvdx_u	= sub {	vsxmem_op(@_, 716); };	# stxsdx
+my $lvx_4w	= sub { vsxmem_op(@_, 780); };	# lxvw4x
+my $stvx_4w	= sub { vsxmem_op(@_, 908); };	# stxvw4x
+my $lvx_splt	= sub { vsxmem_op(@_, 332); };	# lxvdsx
+# VSX instruction[s] masqueraded as made-up AltiVec/VMX
+my $vpermdi	= sub {				# xxpermdi
+    my ($f, $vrt, $vra, $vrb, $dm) = @_;
+    $dm = oct($dm) if ($dm =~ /^0/);
+    "	.long	".sprintf "0x%X",(60<<26)|($vrt<<21)|($vra<<16)|($vrb<<11)|($dm<<8)|(10<<3)|7;
+};
+
+# PowerISA 2.07 stuff
+sub vcrypto_op {
+    my ($f, $vrt, $vra, $vrb, $op) = @_;
+    "	.long	".sprintf "0x%X",(4<<26)|($vrt<<21)|($vra<<16)|($vrb<<11)|$op;
+}
+sub vfour {
+    my ($f, $vrt, $vra, $vrb, $vrc, $op) = @_;
+    "	.long	".sprintf "0x%X",(4<<26)|($vrt<<21)|($vra<<16)|($vrb<<11)|($vrc<<6)|$op;
+};
+my $vcipher	= sub { vcrypto_op(@_, 1288); };
+my $vcipherlast	= sub { vcrypto_op(@_, 1289); };
+my $vncipher	= sub { vcrypto_op(@_, 1352); };
+my $vncipherlast= sub { vcrypto_op(@_, 1353); };
+my $vsbox	= sub { vcrypto_op(@_, 0, 1480); };
+my $vshasigmad	= sub { my ($st,$six)=splice(@_,-2); vcrypto_op(@_, $st<<4|$six, 1730); };
+my $vshasigmaw	= sub { my ($st,$six)=splice(@_,-2); vcrypto_op(@_, $st<<4|$six, 1666); };
+my $vpmsumb	= sub { vcrypto_op(@_, 1032); };
+my $vpmsumd	= sub { vcrypto_op(@_, 1224); };
+my $vpmsubh	= sub { vcrypto_op(@_, 1096); };
+my $vpmsumw	= sub { vcrypto_op(@_, 1160); };
+# These are not really crypto, but vcrypto_op template works
+my $vaddudm	= sub { vcrypto_op(@_, 192);  };
+my $vadduqm	= sub { vcrypto_op(@_, 256);  };
+my $vmuleuw	= sub { vcrypto_op(@_, 648);  };
+my $vmulouw	= sub { vcrypto_op(@_, 136);  };
+my $vrld	= sub { vcrypto_op(@_, 196);  };
+my $vsld	= sub { vcrypto_op(@_, 1476); };
+my $vsrd	= sub { vcrypto_op(@_, 1732); };
+my $vsubudm	= sub { vcrypto_op(@_, 1216); };
+my $vaddcuq	= sub { vcrypto_op(@_, 320);  };
+my $vaddeuqm	= sub { vfour(@_,60); };
+my $vaddecuq	= sub { vfour(@_,61); };
+my $vmrgew	= sub { vfour(@_,0,1932); };
+my $vmrgow	= sub { vfour(@_,0,1676); };
+
+my $mtsle	= sub {
+    my ($f, $arg) = @_;
+    "	.long	".sprintf "0x%X",(31<<26)|($arg<<21)|(147*2);
+};
+
+# VSX instructions masqueraded as AltiVec/VMX
+my $mtvrd	= sub {
+    my ($f, $vrt, $ra) = @_;
+    "	.long	".sprintf "0x%X",(31<<26)|($vrt<<21)|($ra<<16)|(179<<1)|1;
+};
+my $mtvrwz	= sub {
+    my ($f, $vrt, $ra) = @_;
+    "	.long	".sprintf "0x%X",(31<<26)|($vrt<<21)|($ra<<16)|(243<<1)|1;
+};
+
+# PowerISA 3.0 stuff
+my $maddhdu	= sub { vfour(@_,49); };
+my $maddld	= sub { vfour(@_,51); };
+my $darn = sub {
+    my ($f, $rt, $l) = @_;
+    "	.long	".sprintf "0x%X",(31<<26)|($rt<<21)|($l<<16)|(755<<1);
+};
+my $iseleq = sub {
+    my ($f, $rt, $ra, $rb) = @_;
+    "	.long	".sprintf "0x%X",(31<<26)|($rt<<21)|($ra<<16)|($rb<<11)|(2<<6)|30;
+};
+# VSX instruction[s] masqueraded as made-up AltiVec/VMX
+my $vspltib	= sub {				# xxspltib
+    my ($f, $vrt, $imm8) = @_;
+    $imm8 = oct($imm8) if ($imm8 =~ /^0/);
+    $imm8 &= 0xff;
+    "	.long	".sprintf "0x%X",(60<<26)|($vrt<<21)|($imm8<<11)|(360<<1)|1;
+};
+
+# PowerISA 3.0B stuff
+my $addex = sub {
+    my ($f, $rt, $ra, $rb, $cy) = @_;	# only cy==0 is specified in 3.0B
+    "	.long	".sprintf "0x%X",(31<<26)|($rt<<21)|($ra<<16)|($rb<<11)|($cy<<9)|(170<<1);
+};
+my $vmsumudm	= sub { vfour(@_,35); };
+
+while($line=<>) {
+
+    $line =~ s|[#!;].*$||;	# get rid of asm-style comments...
+    $line =~ s|/\*.*\*/||;	# ... and C-style comments...
+    $line =~ s|^\s+||;		# ... and skip white spaces in beginning...
+    $line =~ s|\s+$||;		# ... and at the end
+
+    {
+	$line =~ s|\.L(\w+)|L$1|g;	# common denominator for Locallabel
+	$line =~ s|\bL(\w+)|\.L$1|g	if ($dotinlocallabels);
+    }
+
+    {
+	$line =~ s|(^[\.\w]+)\:\s*||;
+	my $label = $1;
+	if ($label) {
+	    my $xlated = ($GLOBALS{$label} or $label);
+	    print "$xlated:";
+	    if ($flavour =~ /linux.*64le/) {
+		if ($TYPES{$label} =~ /function/) {
+		    printf "\n.localentry	%s,0\n",$xlated;
+		}
+	    }
+	}
+    }
+
+    {
+	$line =~ s|^\s*(\.?)(\w+)([\.\+\-]?)\s*||;
+	my $c = $1; $c = "\t" if ($c eq "");
+	my $mnemonic = $2;
+	my $f = $3;
+	my $opcode = eval("\$$mnemonic");
+	$line =~ s/\b(c?[rf]|v|vs)([0-9]+)\b/$2/g if ($c ne "." and $flavour !~ /osx/);
+	if (ref($opcode) eq 'CODE') { $line = &$opcode($f,split(/,\s*/,$line)); }
+	elsif ($mnemonic)           { $line = $c.$mnemonic.$f."\t".$line; }
+    }
+
+    print $line if ($line);
+    print "\n";
+}
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/perlasm/sparcv9_modes.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/perlasm/sparcv9_modes.pl
new file mode 100644
index 000000000..b9922e031
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/perlasm/sparcv9_modes.pl
@@ -0,0 +1,1702 @@
+#! /usr/bin/env perl
+# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# Specific modes implementations for SPARC Architecture 2011. There
+# is T4 dependency though, an ASI value that is not specified in the
+# Architecture Manual. But as SPARC universe is rather monocultural,
+# we imply that processor capable of executing crypto instructions
+# can handle the ASI in question as well. This means that we ought to
+# keep eyes open when new processors emerge...
+#
+# As for above mentioned ASI. It's so called "block initializing
+# store" which cancels "read" in "read-update-write" on cache lines.
+# This is "cooperative" optimization, as it reduces overall pressure
+# on memory interface. Benefits can't be observed/quantified with
+# usual benchmarks, on the contrary you can notice that single-thread
+# performance for parallelizable modes is ~1.5% worse for largest
+# block sizes [though few percent better for not so long ones]. All
+# this based on suggestions from David Miller.
+
+$::bias="STACK_BIAS";
+$::frame="STACK_FRAME";
+$::size_t_cc="SIZE_T_CC";
+
+sub asm_init {		# to be called with @ARGV as argument
+    for (@_)		{ $::abibits=64 if (/\-m64/ || /\-xarch\=v9/); }
+    if ($::abibits==64)	{ $::bias=2047; $::frame=192; $::size_t_cc="%xcc"; }
+    else		{ $::bias=0;    $::frame=112; $::size_t_cc="%icc"; }
+}
+
+# unified interface
+my ($inp,$out,$len,$key,$ivec)=map("%i$_",(0..5));
+# local variables
+my ($ileft,$iright,$ooff,$omask,$ivoff,$blk_init)=map("%l$_",(0..7));
+
+sub alg_cbc_encrypt_implement {
+my ($alg,$bits) = @_;
+
+$::code.=<<___;
+.globl	${alg}${bits}_t4_cbc_encrypt
+.align	32
+${alg}${bits}_t4_cbc_encrypt:
+	save		%sp, -$::frame, %sp
+	cmp		$len, 0
+	be,pn		$::size_t_cc, .L${bits}_cbc_enc_abort
+	srln		$len, 0, $len		! needed on v8+, "nop" on v9
+	sub		$inp, $out, $blk_init	! $inp!=$out
+___
+$::code.=<<___ if (!$::evp);
+	andcc		$ivec, 7, $ivoff
+	alignaddr	$ivec, %g0, $ivec
+
+	ldd		[$ivec + 0], %f0	! load ivec
+	bz,pt		%icc, 1f
+	ldd		[$ivec + 8], %f2
+	ldd		[$ivec + 16], %f4
+	faligndata	%f0, %f2, %f0
+	faligndata	%f2, %f4, %f2
+1:
+___
+$::code.=<<___ if ($::evp);
+	ld		[$ivec + 0], %f0
+	ld		[$ivec + 4], %f1
+	ld		[$ivec + 8], %f2
+	ld		[$ivec + 12], %f3
+___
+$::code.=<<___;
+	prefetch	[$inp], 20
+	prefetch	[$inp + 63], 20
+	call		_${alg}${bits}_load_enckey
+	and		$inp, 7, $ileft
+	andn		$inp, 7, $inp
+	sll		$ileft, 3, $ileft
+	mov		64, $iright
+	mov		0xff, $omask
+	sub		$iright, $ileft, $iright
+	and		$out, 7, $ooff
+	cmp		$len, 127
+	movrnz		$ooff, 0, $blk_init		! if (	$out&7 ||
+	movleu		$::size_t_cc, 0, $blk_init	!	$len<128 ||
+	brnz,pn		$blk_init, .L${bits}cbc_enc_blk	!	$inp==$out)
+	srl		$omask, $ooff, $omask
+
+	alignaddrl	$out, %g0, $out
+	srlx		$len, 4, $len
+	prefetch	[$out], 22
+
+.L${bits}_cbc_enc_loop:
+	ldx		[$inp + 0], %o0
+	brz,pt		$ileft, 4f
+	ldx		[$inp + 8], %o1
+
+	ldx		[$inp + 16], %o2
+	sllx		%o0, $ileft, %o0
+	srlx		%o1, $iright, %g1
+	sllx		%o1, $ileft, %o1
+	or		%g1, %o0, %o0
+	srlx		%o2, $iright, %o2
+	or		%o2, %o1, %o1
+4:
+	xor		%g4, %o0, %o0		! ^= rk[0]
+	xor		%g5, %o1, %o1
+	movxtod		%o0, %f12
+	movxtod		%o1, %f14
+
+	fxor		%f12, %f0, %f0		! ^= ivec
+	fxor		%f14, %f2, %f2
+	prefetch	[$out + 63], 22
+	prefetch	[$inp + 16+63], 20
+	call		_${alg}${bits}_encrypt_1x
+	add		$inp, 16, $inp
+
+	brnz,pn		$ooff, 2f
+	sub		$len, 1, $len
+
+	std		%f0, [$out + 0]
+	std		%f2, [$out + 8]
+	brnz,pt		$len, .L${bits}_cbc_enc_loop
+	add		$out, 16, $out
+___
+$::code.=<<___ if ($::evp);
+	st		%f0, [$ivec + 0]
+	st		%f1, [$ivec + 4]
+	st		%f2, [$ivec + 8]
+	st		%f3, [$ivec + 12]
+___
+$::code.=<<___ if (!$::evp);
+	brnz,pn		$ivoff, 3f
+	nop
+
+	std		%f0, [$ivec + 0]	! write out ivec
+	std		%f2, [$ivec + 8]
+___
+$::code.=<<___;
+.L${bits}_cbc_enc_abort:
+	ret
+	restore
+
+.align	16
+2:	ldxa		[$inp]0x82, %o0		! avoid read-after-write hazard
+						! and ~3x deterioration
+						! in inp==out case
+	faligndata	%f0, %f0, %f4		! handle unaligned output
+	faligndata	%f0, %f2, %f6
+	faligndata	%f2, %f2, %f8
+
+	stda		%f4, [$out + $omask]0xc0	! partial store
+	std		%f6, [$out + 8]
+	add		$out, 16, $out
+	orn		%g0, $omask, $omask
+	stda		%f8, [$out + $omask]0xc0	! partial store
+
+	brnz,pt		$len, .L${bits}_cbc_enc_loop+4
+	orn		%g0, $omask, $omask
+___
+$::code.=<<___ if ($::evp);
+	st		%f0, [$ivec + 0]
+	st		%f1, [$ivec + 4]
+	st		%f2, [$ivec + 8]
+	st		%f3, [$ivec + 12]
+___
+$::code.=<<___ if (!$::evp);
+	brnz,pn		$ivoff, 3f
+	nop
+
+	std		%f0, [$ivec + 0]	! write out ivec
+	std		%f2, [$ivec + 8]
+	ret
+	restore
+
+.align	16
+3:	alignaddrl	$ivec, $ivoff, %g0	! handle unaligned ivec
+	mov		0xff, $omask
+	srl		$omask, $ivoff, $omask
+	faligndata	%f0, %f0, %f4
+	faligndata	%f0, %f2, %f6
+	faligndata	%f2, %f2, %f8
+	stda		%f4, [$ivec + $omask]0xc0
+	std		%f6, [$ivec + 8]
+	add		$ivec, 16, $ivec
+	orn		%g0, $omask, $omask
+	stda		%f8, [$ivec + $omask]0xc0
+___
+$::code.=<<___;
+	ret
+	restore
+
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+.align	32
+.L${bits}cbc_enc_blk:
+	add	$out, $len, $blk_init
+	and	$blk_init, 63, $blk_init	! tail
+	sub	$len, $blk_init, $len
+	add	$blk_init, 15, $blk_init	! round up to 16n
+	srlx	$len, 4, $len
+	srl	$blk_init, 4, $blk_init
+
+.L${bits}_cbc_enc_blk_loop:
+	ldx		[$inp + 0], %o0
+	brz,pt		$ileft, 5f
+	ldx		[$inp + 8], %o1
+
+	ldx		[$inp + 16], %o2
+	sllx		%o0, $ileft, %o0
+	srlx		%o1, $iright, %g1
+	sllx		%o1, $ileft, %o1
+	or		%g1, %o0, %o0
+	srlx		%o2, $iright, %o2
+	or		%o2, %o1, %o1
+5:
+	xor		%g4, %o0, %o0		! ^= rk[0]
+	xor		%g5, %o1, %o1
+	movxtod		%o0, %f12
+	movxtod		%o1, %f14
+
+	fxor		%f12, %f0, %f0		! ^= ivec
+	fxor		%f14, %f2, %f2
+	prefetch	[$inp + 16+63], 20
+	call		_${alg}${bits}_encrypt_1x
+	add		$inp, 16, $inp
+	sub		$len, 1, $len
+
+	stda		%f0, [$out]0xe2		! ASI_BLK_INIT, T4-specific
+	add		$out, 8, $out
+	stda		%f2, [$out]0xe2		! ASI_BLK_INIT, T4-specific
+	brnz,pt		$len, .L${bits}_cbc_enc_blk_loop
+	add		$out, 8, $out
+
+	membar		#StoreLoad|#StoreStore
+	brnz,pt		$blk_init, .L${bits}_cbc_enc_loop
+	mov		$blk_init, $len
+___
+$::code.=<<___ if ($::evp);
+	st		%f0, [$ivec + 0]
+	st		%f1, [$ivec + 4]
+	st		%f2, [$ivec + 8]
+	st		%f3, [$ivec + 12]
+___
+$::code.=<<___ if (!$::evp);
+	brnz,pn		$ivoff, 3b
+	nop
+
+	std		%f0, [$ivec + 0]	! write out ivec
+	std		%f2, [$ivec + 8]
+___
+$::code.=<<___;
+	ret
+	restore
+.type	${alg}${bits}_t4_cbc_encrypt,#function
+.size	${alg}${bits}_t4_cbc_encrypt,.-${alg}${bits}_t4_cbc_encrypt
+___
+}
+
+sub alg_cbc_decrypt_implement {
+my ($alg,$bits) = @_;
+
+$::code.=<<___;
+.globl	${alg}${bits}_t4_cbc_decrypt
+.align	32
+${alg}${bits}_t4_cbc_decrypt:
+	save		%sp, -$::frame, %sp
+	cmp		$len, 0
+	be,pn		$::size_t_cc, .L${bits}_cbc_dec_abort
+	srln		$len, 0, $len		! needed on v8+, "nop" on v9
+	sub		$inp, $out, $blk_init	! $inp!=$out
+___
+$::code.=<<___ if (!$::evp);
+	andcc		$ivec, 7, $ivoff
+	alignaddr	$ivec, %g0, $ivec
+
+	ldd		[$ivec + 0], %f12	! load ivec
+	bz,pt		%icc, 1f
+	ldd		[$ivec + 8], %f14
+	ldd		[$ivec + 16], %f0
+	faligndata	%f12, %f14, %f12
+	faligndata	%f14, %f0, %f14
+1:
+___
+$::code.=<<___ if ($::evp);
+	ld		[$ivec + 0], %f12	! load ivec
+	ld		[$ivec + 4], %f13
+	ld		[$ivec + 8], %f14
+	ld		[$ivec + 12], %f15
+___
+$::code.=<<___;
+	prefetch	[$inp], 20
+	prefetch	[$inp + 63], 20
+	call		_${alg}${bits}_load_deckey
+	and		$inp, 7, $ileft
+	andn		$inp, 7, $inp
+	sll		$ileft, 3, $ileft
+	mov		64, $iright
+	mov		0xff, $omask
+	sub		$iright, $ileft, $iright
+	and		$out, 7, $ooff
+	cmp		$len, 255
+	movrnz		$ooff, 0, $blk_init		! if (	$out&7 ||
+	movleu		$::size_t_cc, 0, $blk_init	!	$len<256 ||
+	brnz,pn		$blk_init, .L${bits}cbc_dec_blk	!	$inp==$out)
+	srl		$omask, $ooff, $omask
+
+	andcc		$len, 16, %g0		! is number of blocks even?
+	srlx		$len, 4, $len
+	alignaddrl	$out, %g0, $out
+	bz		%icc, .L${bits}_cbc_dec_loop2x
+	prefetch	[$out], 22
+.L${bits}_cbc_dec_loop:
+	ldx		[$inp + 0], %o0
+	brz,pt		$ileft, 4f
+	ldx		[$inp + 8], %o1
+
+	ldx		[$inp + 16], %o2
+	sllx		%o0, $ileft, %o0
+	srlx		%o1, $iright, %g1
+	sllx		%o1, $ileft, %o1
+	or		%g1, %o0, %o0
+	srlx		%o2, $iright, %o2
+	or		%o2, %o1, %o1
+4:
+	xor		%g4, %o0, %o2		! ^= rk[0]
+	xor		%g5, %o1, %o3
+	movxtod		%o2, %f0
+	movxtod		%o3, %f2
+
+	prefetch	[$out + 63], 22
+	prefetch	[$inp + 16+63], 20
+	call		_${alg}${bits}_decrypt_1x
+	add		$inp, 16, $inp
+
+	fxor		%f12, %f0, %f0		! ^= ivec
+	fxor		%f14, %f2, %f2
+	movxtod		%o0, %f12
+	movxtod		%o1, %f14
+
+	brnz,pn		$ooff, 2f
+	sub		$len, 1, $len
+
+	std		%f0, [$out + 0]
+	std		%f2, [$out + 8]
+	brnz,pt		$len, .L${bits}_cbc_dec_loop2x
+	add		$out, 16, $out
+___
+$::code.=<<___ if ($::evp);
+	st		%f12, [$ivec + 0]
+	st		%f13, [$ivec + 4]
+	st		%f14, [$ivec + 8]
+	st		%f15, [$ivec + 12]
+___
+$::code.=<<___ if (!$::evp);
+	brnz,pn		$ivoff, .L${bits}_cbc_dec_unaligned_ivec
+	nop
+
+	std		%f12, [$ivec + 0]	! write out ivec
+	std		%f14, [$ivec + 8]
+___
+$::code.=<<___;
+.L${bits}_cbc_dec_abort:
+	ret
+	restore
+
+.align	16
+2:	ldxa		[$inp]0x82, %o0		! avoid read-after-write hazard
+						! and ~3x deterioration
+						! in inp==out case
+	faligndata	%f0, %f0, %f4		! handle unaligned output
+	faligndata	%f0, %f2, %f6
+	faligndata	%f2, %f2, %f8
+
+	stda		%f4, [$out + $omask]0xc0	! partial store
+	std		%f6, [$out + 8]
+	add		$out, 16, $out
+	orn		%g0, $omask, $omask
+	stda		%f8, [$out + $omask]0xc0	! partial store
+
+	brnz,pt		$len, .L${bits}_cbc_dec_loop2x+4
+	orn		%g0, $omask, $omask
+___
+$::code.=<<___ if ($::evp);
+	st		%f12, [$ivec + 0]
+	st		%f13, [$ivec + 4]
+	st		%f14, [$ivec + 8]
+	st		%f15, [$ivec + 12]
+___
+$::code.=<<___ if (!$::evp);
+	brnz,pn		$ivoff, .L${bits}_cbc_dec_unaligned_ivec
+	nop
+
+	std		%f12, [$ivec + 0]	! write out ivec
+	std		%f14, [$ivec + 8]
+___
+$::code.=<<___;
+	ret
+	restore
+
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+.align	32
+.L${bits}_cbc_dec_loop2x:
+	ldx		[$inp + 0], %o0
+	ldx		[$inp + 8], %o1
+	ldx		[$inp + 16], %o2
+	brz,pt		$ileft, 4f
+	ldx		[$inp + 24], %o3
+
+	ldx		[$inp + 32], %o4
+	sllx		%o0, $ileft, %o0
+	srlx		%o1, $iright, %g1
+	or		%g1, %o0, %o0
+	sllx		%o1, $ileft, %o1
+	srlx		%o2, $iright, %g1
+	or		%g1, %o1, %o1
+	sllx		%o2, $ileft, %o2
+	srlx		%o3, $iright, %g1
+	or		%g1, %o2, %o2
+	sllx		%o3, $ileft, %o3
+	srlx		%o4, $iright, %o4
+	or		%o4, %o3, %o3
+4:
+	xor		%g4, %o0, %o4		! ^= rk[0]
+	xor		%g5, %o1, %o5
+	movxtod		%o4, %f0
+	movxtod		%o5, %f2
+	xor		%g4, %o2, %o4
+	xor		%g5, %o3, %o5
+	movxtod		%o4, %f4
+	movxtod		%o5, %f6
+
+	prefetch	[$out + 63], 22
+	prefetch	[$inp + 32+63], 20
+	call		_${alg}${bits}_decrypt_2x
+	add		$inp, 32, $inp
+
+	movxtod		%o0, %f8
+	movxtod		%o1, %f10
+	fxor		%f12, %f0, %f0		! ^= ivec
+	fxor		%f14, %f2, %f2
+	movxtod		%o2, %f12
+	movxtod		%o3, %f14
+	fxor		%f8, %f4, %f4
+	fxor		%f10, %f6, %f6
+
+	brnz,pn		$ooff, 2f
+	sub		$len, 2, $len
+
+	std		%f0, [$out + 0]
+	std		%f2, [$out + 8]
+	std		%f4, [$out + 16]
+	std		%f6, [$out + 24]
+	brnz,pt		$len, .L${bits}_cbc_dec_loop2x
+	add		$out, 32, $out
+___
+$::code.=<<___ if ($::evp);
+	st		%f12, [$ivec + 0]
+	st		%f13, [$ivec + 4]
+	st		%f14, [$ivec + 8]
+	st		%f15, [$ivec + 12]
+___
+$::code.=<<___ if (!$::evp);
+	brnz,pn		$ivoff, .L${bits}_cbc_dec_unaligned_ivec
+	nop
+
+	std		%f12, [$ivec + 0]	! write out ivec
+	std		%f14, [$ivec + 8]
+___
+$::code.=<<___;
+	ret
+	restore
+
+.align	16
+2:	ldxa		[$inp]0x82, %o0		! avoid read-after-write hazard
+						! and ~3x deterioration
+						! in inp==out case
+	faligndata	%f0, %f0, %f8		! handle unaligned output
+	faligndata	%f0, %f2, %f0
+	faligndata	%f2, %f4, %f2
+	faligndata	%f4, %f6, %f4
+	faligndata	%f6, %f6, %f6
+	stda		%f8, [$out + $omask]0xc0	! partial store
+	std		%f0, [$out + 8]
+	std		%f2, [$out + 16]
+	std		%f4, [$out + 24]
+	add		$out, 32, $out
+	orn		%g0, $omask, $omask
+	stda		%f6, [$out + $omask]0xc0	! partial store
+
+	brnz,pt		$len, .L${bits}_cbc_dec_loop2x+4
+	orn		%g0, $omask, $omask
+___
+$::code.=<<___ if ($::evp);
+	st		%f12, [$ivec + 0]
+	st		%f13, [$ivec + 4]
+	st		%f14, [$ivec + 8]
+	st		%f15, [$ivec + 12]
+___
+$::code.=<<___ if (!$::evp);
+	brnz,pn		$ivoff, .L${bits}_cbc_dec_unaligned_ivec
+	nop
+
+	std		%f12, [$ivec + 0]	! write out ivec
+	std		%f14, [$ivec + 8]
+	ret
+	restore
+
+.align	16
+.L${bits}_cbc_dec_unaligned_ivec:
+	alignaddrl	$ivec, $ivoff, %g0	! handle unaligned ivec
+	mov		0xff, $omask
+	srl		$omask, $ivoff, $omask
+	faligndata	%f12, %f12, %f0
+	faligndata	%f12, %f14, %f2
+	faligndata	%f14, %f14, %f4
+	stda		%f0, [$ivec + $omask]0xc0
+	std		%f2, [$ivec + 8]
+	add		$ivec, 16, $ivec
+	orn		%g0, $omask, $omask
+	stda		%f4, [$ivec + $omask]0xc0
+___
+$::code.=<<___;
+	ret
+	restore
+
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+.align	32
+.L${bits}cbc_dec_blk:
+	add	$out, $len, $blk_init
+	and	$blk_init, 63, $blk_init	! tail
+	sub	$len, $blk_init, $len
+	add	$blk_init, 15, $blk_init	! round up to 16n
+	srlx	$len, 4, $len
+	srl	$blk_init, 4, $blk_init
+	sub	$len, 1, $len
+	add	$blk_init, 1, $blk_init
+
+.L${bits}_cbc_dec_blk_loop2x:
+	ldx		[$inp + 0], %o0
+	ldx		[$inp + 8], %o1
+	ldx		[$inp + 16], %o2
+	brz,pt		$ileft, 5f
+	ldx		[$inp + 24], %o3
+
+	ldx		[$inp + 32], %o4
+	sllx		%o0, $ileft, %o0
+	srlx		%o1, $iright, %g1
+	or		%g1, %o0, %o0
+	sllx		%o1, $ileft, %o1
+	srlx		%o2, $iright, %g1
+	or		%g1, %o1, %o1
+	sllx		%o2, $ileft, %o2
+	srlx		%o3, $iright, %g1
+	or		%g1, %o2, %o2
+	sllx		%o3, $ileft, %o3
+	srlx		%o4, $iright, %o4
+	or		%o4, %o3, %o3
+5:
+	xor		%g4, %o0, %o4		! ^= rk[0]
+	xor		%g5, %o1, %o5
+	movxtod		%o4, %f0
+	movxtod		%o5, %f2
+	xor		%g4, %o2, %o4
+	xor		%g5, %o3, %o5
+	movxtod		%o4, %f4
+	movxtod		%o5, %f6
+
+	prefetch	[$inp + 32+63], 20
+	call		_${alg}${bits}_decrypt_2x
+	add		$inp, 32, $inp
+	subcc		$len, 2, $len
+
+	movxtod		%o0, %f8
+	movxtod		%o1, %f10
+	fxor		%f12, %f0, %f0		! ^= ivec
+	fxor		%f14, %f2, %f2
+	movxtod		%o2, %f12
+	movxtod		%o3, %f14
+	fxor		%f8, %f4, %f4
+	fxor		%f10, %f6, %f6
+
+	stda		%f0, [$out]0xe2		! ASI_BLK_INIT, T4-specific
+	add		$out, 8, $out
+	stda		%f2, [$out]0xe2		! ASI_BLK_INIT, T4-specific
+	add		$out, 8, $out
+	stda		%f4, [$out]0xe2		! ASI_BLK_INIT, T4-specific
+	add		$out, 8, $out
+	stda		%f6, [$out]0xe2		! ASI_BLK_INIT, T4-specific
+	bgu,pt		$::size_t_cc, .L${bits}_cbc_dec_blk_loop2x
+	add		$out, 8, $out
+
+	add		$blk_init, $len, $len
+	andcc		$len, 1, %g0		! is number of blocks even?
+	membar		#StoreLoad|#StoreStore
+	bnz,pt		%icc, .L${bits}_cbc_dec_loop
+	srl		$len, 0, $len
+	brnz,pn		$len, .L${bits}_cbc_dec_loop2x
+	nop
+___
+$::code.=<<___ if ($::evp);
+	st		%f12, [$ivec + 0]	! write out ivec
+	st		%f13, [$ivec + 4]
+	st		%f14, [$ivec + 8]
+	st		%f15, [$ivec + 12]
+___
+$::code.=<<___ if (!$::evp);
+	brnz,pn		$ivoff, 3b
+	nop
+
+	std		%f12, [$ivec + 0]	! write out ivec
+	std		%f14, [$ivec + 8]
+___
+$::code.=<<___;
+	ret
+	restore
+.type	${alg}${bits}_t4_cbc_decrypt,#function
+.size	${alg}${bits}_t4_cbc_decrypt,.-${alg}${bits}_t4_cbc_decrypt
+___
+}
+
+sub alg_ctr32_implement {
+my ($alg,$bits) = @_;
+
+$::code.=<<___;
+.globl	${alg}${bits}_t4_ctr32_encrypt
+.align	32
+${alg}${bits}_t4_ctr32_encrypt:
+	save		%sp, -$::frame, %sp
+	srln		$len, 0, $len		! needed on v8+, "nop" on v9
+
+	prefetch	[$inp], 20
+	prefetch	[$inp + 63], 20
+	call		_${alg}${bits}_load_enckey
+	sllx		$len, 4, $len
+
+	ld		[$ivec + 0], %l4	! counter
+	ld		[$ivec + 4], %l5
+	ld		[$ivec + 8], %l6
+	ld		[$ivec + 12], %l7
+
+	sllx		%l4, 32, %o5
+	or		%l5, %o5, %o5
+	sllx		%l6, 32, %g1
+	xor		%o5, %g4, %g4		! ^= rk[0]
+	xor		%g1, %g5, %g5
+	movxtod		%g4, %f14		! most significant 64 bits
+
+	sub		$inp, $out, $blk_init	! $inp!=$out
+	and		$inp, 7, $ileft
+	andn		$inp, 7, $inp
+	sll		$ileft, 3, $ileft
+	mov		64, $iright
+	mov		0xff, $omask
+	sub		$iright, $ileft, $iright
+	and		$out, 7, $ooff
+	cmp		$len, 255
+	movrnz		$ooff, 0, $blk_init		! if (	$out&7 ||
+	movleu		$::size_t_cc, 0, $blk_init	!	$len<256 ||
+	brnz,pn		$blk_init, .L${bits}_ctr32_blk	!	$inp==$out)
+	srl		$omask, $ooff, $omask
+
+	andcc		$len, 16, %g0		! is number of blocks even?
+	alignaddrl	$out, %g0, $out
+	bz		%icc, .L${bits}_ctr32_loop2x
+	srlx		$len, 4, $len
+.L${bits}_ctr32_loop:
+	ldx		[$inp + 0], %o0
+	brz,pt		$ileft, 4f
+	ldx		[$inp + 8], %o1
+
+	ldx		[$inp + 16], %o2
+	sllx		%o0, $ileft, %o0
+	srlx		%o1, $iright, %g1
+	sllx		%o1, $ileft, %o1
+	or		%g1, %o0, %o0
+	srlx		%o2, $iright, %o2
+	or		%o2, %o1, %o1
+4:
+	xor		%g5, %l7, %g1		! ^= rk[0]
+	add		%l7, 1, %l7
+	movxtod		%g1, %f2
+	srl		%l7, 0, %l7		! clruw
+	prefetch	[$out + 63], 22
+	prefetch	[$inp + 16+63], 20
+___
+$::code.=<<___ if ($alg eq "aes");
+	aes_eround01	%f16, %f14, %f2, %f4
+	aes_eround23	%f18, %f14, %f2, %f2
+___
+$::code.=<<___ if ($alg eq "cmll");
+	camellia_f	%f16, %f2, %f14, %f2
+	camellia_f	%f18, %f14, %f2, %f0
+___
+$::code.=<<___;
+	call		_${alg}${bits}_encrypt_1x+8
+	add		$inp, 16, $inp
+
+	movxtod		%o0, %f10
+	movxtod		%o1, %f12
+	fxor		%f10, %f0, %f0		! ^= inp
+	fxor		%f12, %f2, %f2
+
+	brnz,pn		$ooff, 2f
+	sub		$len, 1, $len
+
+	std		%f0, [$out + 0]
+	std		%f2, [$out + 8]
+	brnz,pt		$len, .L${bits}_ctr32_loop2x
+	add		$out, 16, $out
+
+	ret
+	restore
+
+.align	16
+2:	ldxa		[$inp]0x82, %o0		! avoid read-after-write hazard
+						! and ~3x deterioration
+						! in inp==out case
+	faligndata	%f0, %f0, %f4		! handle unaligned output
+	faligndata	%f0, %f2, %f6
+	faligndata	%f2, %f2, %f8
+	stda		%f4, [$out + $omask]0xc0	! partial store
+	std		%f6, [$out + 8]
+	add		$out, 16, $out
+	orn		%g0, $omask, $omask
+	stda		%f8, [$out + $omask]0xc0	! partial store
+
+	brnz,pt		$len, .L${bits}_ctr32_loop2x+4
+	orn		%g0, $omask, $omask
+
+	ret
+	restore
+
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+.align	32
+.L${bits}_ctr32_loop2x:
+	ldx		[$inp + 0], %o0
+	ldx		[$inp + 8], %o1
+	ldx		[$inp + 16], %o2
+	brz,pt		$ileft, 4f
+	ldx		[$inp + 24], %o3
+
+	ldx		[$inp + 32], %o4
+	sllx		%o0, $ileft, %o0
+	srlx		%o1, $iright, %g1
+	or		%g1, %o0, %o0
+	sllx		%o1, $ileft, %o1
+	srlx		%o2, $iright, %g1
+	or		%g1, %o1, %o1
+	sllx		%o2, $ileft, %o2
+	srlx		%o3, $iright, %g1
+	or		%g1, %o2, %o2
+	sllx		%o3, $ileft, %o3
+	srlx		%o4, $iright, %o4
+	or		%o4, %o3, %o3
+4:
+	xor		%g5, %l7, %g1		! ^= rk[0]
+	add		%l7, 1, %l7
+	movxtod		%g1, %f2
+	srl		%l7, 0, %l7		! clruw
+	xor		%g5, %l7, %g1
+	add		%l7, 1, %l7
+	movxtod		%g1, %f6
+	srl		%l7, 0, %l7		! clruw
+	prefetch	[$out + 63], 22
+	prefetch	[$inp + 32+63], 20
+___
+$::code.=<<___ if ($alg eq "aes");
+	aes_eround01	%f16, %f14, %f2, %f8
+	aes_eround23	%f18, %f14, %f2, %f2
+	aes_eround01	%f16, %f14, %f6, %f10
+	aes_eround23	%f18, %f14, %f6, %f6
+___
+$::code.=<<___ if ($alg eq "cmll");
+	camellia_f	%f16, %f2, %f14, %f2
+	camellia_f	%f16, %f6, %f14, %f6
+	camellia_f	%f18, %f14, %f2, %f0
+	camellia_f	%f18, %f14, %f6, %f4
+___
+$::code.=<<___;
+	call		_${alg}${bits}_encrypt_2x+16
+	add		$inp, 32, $inp
+
+	movxtod		%o0, %f8
+	movxtod		%o1, %f10
+	movxtod		%o2, %f12
+	fxor		%f8, %f0, %f0		! ^= inp
+	movxtod		%o3, %f8
+	fxor		%f10, %f2, %f2
+	fxor		%f12, %f4, %f4
+	fxor		%f8, %f6, %f6
+
+	brnz,pn		$ooff, 2f
+	sub		$len, 2, $len
+
+	std		%f0, [$out + 0]
+	std		%f2, [$out + 8]
+	std		%f4, [$out + 16]
+	std		%f6, [$out + 24]
+	brnz,pt		$len, .L${bits}_ctr32_loop2x
+	add		$out, 32, $out
+
+	ret
+	restore
+
+.align	16
+2:	ldxa		[$inp]0x82, %o0		! avoid read-after-write hazard
+						! and ~3x deterioration
+						! in inp==out case
+	faligndata	%f0, %f0, %f8		! handle unaligned output
+	faligndata	%f0, %f2, %f0
+	faligndata	%f2, %f4, %f2
+	faligndata	%f4, %f6, %f4
+	faligndata	%f6, %f6, %f6
+
+	stda		%f8, [$out + $omask]0xc0	! partial store
+	std		%f0, [$out + 8]
+	std		%f2, [$out + 16]
+	std		%f4, [$out + 24]
+	add		$out, 32, $out
+	orn		%g0, $omask, $omask
+	stda		%f6, [$out + $omask]0xc0	! partial store
+
+	brnz,pt		$len, .L${bits}_ctr32_loop2x+4
+	orn		%g0, $omask, $omask
+
+	ret
+	restore
+
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+.align	32
+.L${bits}_ctr32_blk:
+	add	$out, $len, $blk_init
+	and	$blk_init, 63, $blk_init	! tail
+	sub	$len, $blk_init, $len
+	add	$blk_init, 15, $blk_init	! round up to 16n
+	srlx	$len, 4, $len
+	srl	$blk_init, 4, $blk_init
+	sub	$len, 1, $len
+	add	$blk_init, 1, $blk_init
+
+.L${bits}_ctr32_blk_loop2x:
+	ldx		[$inp + 0], %o0
+	ldx		[$inp + 8], %o1
+	ldx		[$inp + 16], %o2
+	brz,pt		$ileft, 5f
+	ldx		[$inp + 24], %o3
+
+	ldx		[$inp + 32], %o4
+	sllx		%o0, $ileft, %o0
+	srlx		%o1, $iright, %g1
+	or		%g1, %o0, %o0
+	sllx		%o1, $ileft, %o1
+	srlx		%o2, $iright, %g1
+	or		%g1, %o1, %o1
+	sllx		%o2, $ileft, %o2
+	srlx		%o3, $iright, %g1
+	or		%g1, %o2, %o2
+	sllx		%o3, $ileft, %o3
+	srlx		%o4, $iright, %o4
+	or		%o4, %o3, %o3
+5:
+	xor		%g5, %l7, %g1		! ^= rk[0]
+	add		%l7, 1, %l7
+	movxtod		%g1, %f2
+	srl		%l7, 0, %l7		! clruw
+	xor		%g5, %l7, %g1
+	add		%l7, 1, %l7
+	movxtod		%g1, %f6
+	srl		%l7, 0, %l7		! clruw
+	prefetch	[$inp + 32+63], 20
+___
+$::code.=<<___ if ($alg eq "aes");
+	aes_eround01	%f16, %f14, %f2, %f8
+	aes_eround23	%f18, %f14, %f2, %f2
+	aes_eround01	%f16, %f14, %f6, %f10
+	aes_eround23	%f18, %f14, %f6, %f6
+___
+$::code.=<<___ if ($alg eq "cmll");
+	camellia_f	%f16, %f2, %f14, %f2
+	camellia_f	%f16, %f6, %f14, %f6
+	camellia_f	%f18, %f14, %f2, %f0
+	camellia_f	%f18, %f14, %f6, %f4
+___
+$::code.=<<___;
+	call		_${alg}${bits}_encrypt_2x+16
+	add		$inp, 32, $inp
+	subcc		$len, 2, $len
+
+	movxtod		%o0, %f8
+	movxtod		%o1, %f10
+	movxtod		%o2, %f12
+	fxor		%f8, %f0, %f0		! ^= inp
+	movxtod		%o3, %f8
+	fxor		%f10, %f2, %f2
+	fxor		%f12, %f4, %f4
+	fxor		%f8, %f6, %f6
+
+	stda		%f0, [$out]0xe2		! ASI_BLK_INIT, T4-specific
+	add		$out, 8, $out
+	stda		%f2, [$out]0xe2		! ASI_BLK_INIT, T4-specific
+	add		$out, 8, $out
+	stda		%f4, [$out]0xe2		! ASI_BLK_INIT, T4-specific
+	add		$out, 8, $out
+	stda		%f6, [$out]0xe2		! ASI_BLK_INIT, T4-specific
+	bgu,pt		$::size_t_cc, .L${bits}_ctr32_blk_loop2x
+	add		$out, 8, $out
+
+	add		$blk_init, $len, $len
+	andcc		$len, 1, %g0		! is number of blocks even?
+	membar		#StoreLoad|#StoreStore
+	bnz,pt		%icc, .L${bits}_ctr32_loop
+	srl		$len, 0, $len
+	brnz,pn		$len, .L${bits}_ctr32_loop2x
+	nop
+
+	ret
+	restore
+.type	${alg}${bits}_t4_ctr32_encrypt,#function
+.size	${alg}${bits}_t4_ctr32_encrypt,.-${alg}${bits}_t4_ctr32_encrypt
+___
+}
+
+sub alg_xts_implement {
+my ($alg,$bits,$dir) = @_;
+my ($inp,$out,$len,$key1,$key2,$ivec)=map("%i$_",(0..5));
+my $rem=$ivec;
+
+$::code.=<<___;
+.globl	${alg}${bits}_t4_xts_${dir}crypt
+.align	32
+${alg}${bits}_t4_xts_${dir}crypt:
+	save		%sp, -$::frame-16, %sp
+	srln		$len, 0, $len		! needed on v8+, "nop" on v9
+
+	mov		$ivec, %o0
+	add		%fp, $::bias-16, %o1
+	call		${alg}_t4_encrypt
+	mov		$key2, %o2
+
+	add		%fp, $::bias-16, %l7
+	ldxa		[%l7]0x88, %g2
+	add		%fp, $::bias-8, %l7
+	ldxa		[%l7]0x88, %g3		! %g3:%g2 is tweak
+
+	sethi		%hi(0x76543210), %l7
+	or		%l7, %lo(0x76543210), %l7
+	bmask		%l7, %g0, %g0		! byte swap mask
+
+	prefetch	[$inp], 20
+	prefetch	[$inp + 63], 20
+	call		_${alg}${bits}_load_${dir}ckey
+	and		$len, 15,  $rem
+	and		$len, -16, $len
+___
+$code.=<<___ if ($dir eq "de");
+	mov		0, %l7
+	movrnz		$rem, 16,  %l7
+	sub		$len, %l7, $len
+___
+$code.=<<___;
+
+	sub		$inp, $out, $blk_init	! $inp!=$out
+	and		$inp, 7, $ileft
+	andn		$inp, 7, $inp
+	sll		$ileft, 3, $ileft
+	mov		64, $iright
+	mov		0xff, $omask
+	sub		$iright, $ileft, $iright
+	and		$out, 7, $ooff
+	cmp		$len, 255
+	movrnz		$ooff, 0, $blk_init		! if (	$out&7 ||
+	movleu		$::size_t_cc, 0, $blk_init	!	$len<256 ||
+	brnz,pn		$blk_init, .L${bits}_xts_${dir}blk !	$inp==$out)
+	srl		$omask, $ooff, $omask
+
+	andcc		$len, 16, %g0		! is number of blocks even?
+___
+$code.=<<___ if ($dir eq "de");
+	brz,pn		$len, .L${bits}_xts_${dir}steal
+___
+$code.=<<___;
+	alignaddrl	$out, %g0, $out
+	bz		%icc, .L${bits}_xts_${dir}loop2x
+	srlx		$len, 4, $len
+.L${bits}_xts_${dir}loop:
+	ldx		[$inp + 0], %o0
+	brz,pt		$ileft, 4f
+	ldx		[$inp + 8], %o1
+
+	ldx		[$inp + 16], %o2
+	sllx		%o0, $ileft, %o0
+	srlx		%o1, $iright, %g1
+	sllx		%o1, $ileft, %o1
+	or		%g1, %o0, %o0
+	srlx		%o2, $iright, %o2
+	or		%o2, %o1, %o1
+4:
+	movxtod		%g2, %f12
+	movxtod		%g3, %f14
+	bshuffle	%f12, %f12, %f12
+	bshuffle	%f14, %f14, %f14
+
+	xor		%g4, %o0, %o0		! ^= rk[0]
+	xor		%g5, %o1, %o1
+	movxtod		%o0, %f0
+	movxtod		%o1, %f2
+
+	fxor		%f12, %f0, %f0		! ^= tweak[0]
+	fxor		%f14, %f2, %f2
+
+	prefetch	[$out + 63], 22
+	prefetch	[$inp + 16+63], 20
+	call		_${alg}${bits}_${dir}crypt_1x
+	add		$inp, 16, $inp
+
+	fxor		%f12, %f0, %f0		! ^= tweak[0]
+	fxor		%f14, %f2, %f2
+
+	srax		%g3, 63, %l7		! next tweak value
+	addcc		%g2, %g2, %g2
+	and		%l7, 0x87, %l7
+	addxc		%g3, %g3, %g3
+	xor		%l7, %g2, %g2
+
+	brnz,pn		$ooff, 2f
+	sub		$len, 1, $len
+
+	std		%f0, [$out + 0]
+	std		%f2, [$out + 8]
+	brnz,pt		$len, .L${bits}_xts_${dir}loop2x
+	add		$out, 16, $out
+
+	brnz,pn		$rem, .L${bits}_xts_${dir}steal
+	nop
+
+	ret
+	restore
+
+.align	16
+2:	ldxa		[$inp]0x82, %o0		! avoid read-after-write hazard
+						! and ~3x deterioration
+						! in inp==out case
+	faligndata	%f0, %f0, %f4		! handle unaligned output
+	faligndata	%f0, %f2, %f6
+	faligndata	%f2, %f2, %f8
+	stda		%f4, [$out + $omask]0xc0	! partial store
+	std		%f6, [$out + 8]
+	add		$out, 16, $out
+	orn		%g0, $omask, $omask
+	stda		%f8, [$out + $omask]0xc0	! partial store
+
+	brnz,pt		$len, .L${bits}_xts_${dir}loop2x+4
+	orn		%g0, $omask, $omask
+
+	brnz,pn		$rem, .L${bits}_xts_${dir}steal
+	nop
+
+	ret
+	restore
+
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+.align	32
+.L${bits}_xts_${dir}loop2x:
+	ldx		[$inp + 0], %o0
+	ldx		[$inp + 8], %o1
+	ldx		[$inp + 16], %o2
+	brz,pt		$ileft, 4f
+	ldx		[$inp + 24], %o3
+
+	ldx		[$inp + 32], %o4
+	sllx		%o0, $ileft, %o0
+	srlx		%o1, $iright, %g1
+	or		%g1, %o0, %o0
+	sllx		%o1, $ileft, %o1
+	srlx		%o2, $iright, %g1
+	or		%g1, %o1, %o1
+	sllx		%o2, $ileft, %o2
+	srlx		%o3, $iright, %g1
+	or		%g1, %o2, %o2
+	sllx		%o3, $ileft, %o3
+	srlx		%o4, $iright, %o4
+	or		%o4, %o3, %o3
+4:
+	movxtod		%g2, %f12
+	movxtod		%g3, %f14
+	bshuffle	%f12, %f12, %f12
+	bshuffle	%f14, %f14, %f14
+
+	srax		%g3, 63, %l7		! next tweak value
+	addcc		%g2, %g2, %g2
+	and		%l7, 0x87, %l7
+	addxc		%g3, %g3, %g3
+	xor		%l7, %g2, %g2
+
+	movxtod		%g2, %f8
+	movxtod		%g3, %f10
+	bshuffle	%f8,  %f8,  %f8
+	bshuffle	%f10, %f10, %f10
+
+	xor		%g4, %o0, %o0		! ^= rk[0]
+	xor		%g5, %o1, %o1
+	xor		%g4, %o2, %o2		! ^= rk[0]
+	xor		%g5, %o3, %o3
+	movxtod		%o0, %f0
+	movxtod		%o1, %f2
+	movxtod		%o2, %f4
+	movxtod		%o3, %f6
+
+	fxor		%f12, %f0, %f0		! ^= tweak[0]
+	fxor		%f14, %f2, %f2
+	fxor		%f8,  %f4, %f4		! ^= tweak[0]
+	fxor		%f10, %f6, %f6
+
+	prefetch	[$out + 63], 22
+	prefetch	[$inp + 32+63], 20
+	call		_${alg}${bits}_${dir}crypt_2x
+	add		$inp, 32, $inp
+
+	movxtod		%g2, %f8
+	movxtod		%g3, %f10
+
+	srax		%g3, 63, %l7		! next tweak value
+	addcc		%g2, %g2, %g2
+	and		%l7, 0x87, %l7
+	addxc		%g3, %g3, %g3
+	xor		%l7, %g2, %g2
+
+	bshuffle	%f8,  %f8,  %f8
+	bshuffle	%f10, %f10, %f10
+
+	fxor		%f12, %f0, %f0		! ^= tweak[0]
+	fxor		%f14, %f2, %f2
+	fxor		%f8,  %f4, %f4
+	fxor		%f10, %f6, %f6
+
+	brnz,pn		$ooff, 2f
+	sub		$len, 2, $len
+
+	std		%f0, [$out + 0]
+	std		%f2, [$out + 8]
+	std		%f4, [$out + 16]
+	std		%f6, [$out + 24]
+	brnz,pt		$len, .L${bits}_xts_${dir}loop2x
+	add		$out, 32, $out
+
+	fsrc2		%f4, %f0
+	fsrc2		%f6, %f2
+	brnz,pn		$rem, .L${bits}_xts_${dir}steal
+	nop
+
+	ret
+	restore
+
+.align	16
+2:	ldxa		[$inp]0x82, %o0		! avoid read-after-write hazard
+						! and ~3x deterioration
+						! in inp==out case
+	faligndata	%f0, %f0, %f8		! handle unaligned output
+	faligndata	%f0, %f2, %f10
+	faligndata	%f2, %f4, %f12
+	faligndata	%f4, %f6, %f14
+	faligndata	%f6, %f6, %f0
+
+	stda		%f8, [$out + $omask]0xc0	! partial store
+	std		%f10, [$out + 8]
+	std		%f12, [$out + 16]
+	std		%f14, [$out + 24]
+	add		$out, 32, $out
+	orn		%g0, $omask, $omask
+	stda		%f0, [$out + $omask]0xc0	! partial store
+
+	brnz,pt		$len, .L${bits}_xts_${dir}loop2x+4
+	orn		%g0, $omask, $omask
+
+	fsrc2		%f4, %f0
+	fsrc2		%f6, %f2
+	brnz,pn		$rem, .L${bits}_xts_${dir}steal
+	nop
+
+	ret
+	restore
+
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+.align	32
+.L${bits}_xts_${dir}blk:
+	add	$out, $len, $blk_init
+	and	$blk_init, 63, $blk_init	! tail
+	sub	$len, $blk_init, $len
+	add	$blk_init, 15, $blk_init	! round up to 16n
+	srlx	$len, 4, $len
+	srl	$blk_init, 4, $blk_init
+	sub	$len, 1, $len
+	add	$blk_init, 1, $blk_init
+
+.L${bits}_xts_${dir}blk2x:
+	ldx		[$inp + 0], %o0
+	ldx		[$inp + 8], %o1
+	ldx		[$inp + 16], %o2
+	brz,pt		$ileft, 5f
+	ldx		[$inp + 24], %o3
+
+	ldx		[$inp + 32], %o4
+	sllx		%o0, $ileft, %o0
+	srlx		%o1, $iright, %g1
+	or		%g1, %o0, %o0
+	sllx		%o1, $ileft, %o1
+	srlx		%o2, $iright, %g1
+	or		%g1, %o1, %o1
+	sllx		%o2, $ileft, %o2
+	srlx		%o3, $iright, %g1
+	or		%g1, %o2, %o2
+	sllx		%o3, $ileft, %o3
+	srlx		%o4, $iright, %o4
+	or		%o4, %o3, %o3
+5:
+	movxtod		%g2, %f12
+	movxtod		%g3, %f14
+	bshuffle	%f12, %f12, %f12
+	bshuffle	%f14, %f14, %f14
+
+	srax		%g3, 63, %l7		! next tweak value
+	addcc		%g2, %g2, %g2
+	and		%l7, 0x87, %l7
+	addxc		%g3, %g3, %g3
+	xor		%l7, %g2, %g2
+
+	movxtod		%g2, %f8
+	movxtod		%g3, %f10
+	bshuffle	%f8,  %f8,  %f8
+	bshuffle	%f10, %f10, %f10
+
+	xor		%g4, %o0, %o0		! ^= rk[0]
+	xor		%g5, %o1, %o1
+	xor		%g4, %o2, %o2		! ^= rk[0]
+	xor		%g5, %o3, %o3
+	movxtod		%o0, %f0
+	movxtod		%o1, %f2
+	movxtod		%o2, %f4
+	movxtod		%o3, %f6
+
+	fxor		%f12, %f0, %f0		! ^= tweak[0]
+	fxor		%f14, %f2, %f2
+	fxor		%f8,  %f4, %f4		! ^= tweak[0]
+	fxor		%f10, %f6, %f6
+
+	prefetch	[$inp + 32+63], 20
+	call		_${alg}${bits}_${dir}crypt_2x
+	add		$inp, 32, $inp
+
+	movxtod		%g2, %f8
+	movxtod		%g3, %f10
+
+	srax		%g3, 63, %l7		! next tweak value
+	addcc		%g2, %g2, %g2
+	and		%l7, 0x87, %l7
+	addxc		%g3, %g3, %g3
+	xor		%l7, %g2, %g2
+
+	bshuffle	%f8,  %f8,  %f8
+	bshuffle	%f10, %f10, %f10
+
+	fxor		%f12, %f0, %f0		! ^= tweak[0]
+	fxor		%f14, %f2, %f2
+	fxor		%f8,  %f4, %f4
+	fxor		%f10, %f6, %f6
+
+	subcc		$len, 2, $len
+	stda		%f0, [$out]0xe2		! ASI_BLK_INIT, T4-specific
+	add		$out, 8, $out
+	stda		%f2, [$out]0xe2		! ASI_BLK_INIT, T4-specific
+	add		$out, 8, $out
+	stda		%f4, [$out]0xe2		! ASI_BLK_INIT, T4-specific
+	add		$out, 8, $out
+	stda		%f6, [$out]0xe2		! ASI_BLK_INIT, T4-specific
+	bgu,pt		$::size_t_cc, .L${bits}_xts_${dir}blk2x
+	add		$out, 8, $out
+
+	add		$blk_init, $len, $len
+	andcc		$len, 1, %g0		! is number of blocks even?
+	membar		#StoreLoad|#StoreStore
+	bnz,pt		%icc, .L${bits}_xts_${dir}loop
+	srl		$len, 0, $len
+	brnz,pn		$len, .L${bits}_xts_${dir}loop2x
+	nop
+
+	fsrc2		%f4, %f0
+	fsrc2		%f6, %f2
+	brnz,pn		$rem, .L${bits}_xts_${dir}steal
+	nop
+
+	ret
+	restore
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+___
+$code.=<<___ if ($dir eq "en");
+.align	32
+.L${bits}_xts_${dir}steal:
+	std		%f0, [%fp + $::bias-16]	! copy of output
+	std		%f2, [%fp + $::bias-8]
+
+	srl		$ileft, 3, $ileft
+	add		%fp, $::bias-16, %l7
+	add		$inp, $ileft, $inp	! original $inp+$len&-15
+	add		$out, $ooff, $out	! original $out+$len&-15
+	mov		0, $ileft
+	nop					! align
+
+.L${bits}_xts_${dir}stealing:
+	ldub		[$inp + $ileft], %o0
+	ldub		[%l7  + $ileft], %o1
+	dec		$rem
+	stb		%o0, [%l7  + $ileft]
+	stb		%o1, [$out + $ileft]
+	brnz		$rem, .L${bits}_xts_${dir}stealing
+	inc		$ileft
+
+	mov		%l7, $inp
+	sub		$out, 16, $out
+	mov		0, $ileft
+	sub		$out, $ooff, $out
+	ba		.L${bits}_xts_${dir}loop	! one more time
+	mov		1, $len				! $rem is 0
+___
+$code.=<<___ if ($dir eq "de");
+.align	32
+.L${bits}_xts_${dir}steal:
+	ldx		[$inp + 0], %o0
+	brz,pt		$ileft, 8f
+	ldx		[$inp + 8], %o1
+
+	ldx		[$inp + 16], %o2
+	sllx		%o0, $ileft, %o0
+	srlx		%o1, $iright, %g1
+	sllx		%o1, $ileft, %o1
+	or		%g1, %o0, %o0
+	srlx		%o2, $iright, %o2
+	or		%o2, %o1, %o1
+8:
+	srax		%g3, 63, %l7		! next tweak value
+	addcc		%g2, %g2, %o2
+	and		%l7, 0x87, %l7
+	addxc		%g3, %g3, %o3
+	xor		%l7, %o2, %o2
+
+	movxtod		%o2, %f12
+	movxtod		%o3, %f14
+	bshuffle	%f12, %f12, %f12
+	bshuffle	%f14, %f14, %f14
+
+	xor		%g4, %o0, %o0		! ^= rk[0]
+	xor		%g5, %o1, %o1
+	movxtod		%o0, %f0
+	movxtod		%o1, %f2
+
+	fxor		%f12, %f0, %f0		! ^= tweak[0]
+	fxor		%f14, %f2, %f2
+
+	call		_${alg}${bits}_${dir}crypt_1x
+	add		$inp, 16, $inp
+
+	fxor		%f12, %f0, %f0		! ^= tweak[0]
+	fxor		%f14, %f2, %f2
+
+	std		%f0, [%fp + $::bias-16]
+	std		%f2, [%fp + $::bias-8]
+
+	srl		$ileft, 3, $ileft
+	add		%fp, $::bias-16, %l7
+	add		$inp, $ileft, $inp	! original $inp+$len&-15
+	add		$out, $ooff, $out	! original $out+$len&-15
+	mov		0, $ileft
+	add		$out, 16, $out
+	nop					! align
+
+.L${bits}_xts_${dir}stealing:
+	ldub		[$inp + $ileft], %o0
+	ldub		[%l7  + $ileft], %o1
+	dec		$rem
+	stb		%o0, [%l7  + $ileft]
+	stb		%o1, [$out + $ileft]
+	brnz		$rem, .L${bits}_xts_${dir}stealing
+	inc		$ileft
+
+	mov		%l7, $inp
+	sub		$out, 16, $out
+	mov		0, $ileft
+	sub		$out, $ooff, $out
+	ba		.L${bits}_xts_${dir}loop	! one more time
+	mov		1, $len				! $rem is 0
+___
+$code.=<<___;
+	ret
+	restore
+.type	${alg}${bits}_t4_xts_${dir}crypt,#function
+.size	${alg}${bits}_t4_xts_${dir}crypt,.-${alg}${bits}_t4_xts_${dir}crypt
+___
+}
+
+# Purpose of these subroutines is to explicitly encode VIS instructions,
+# so that one can compile the module without having to specify VIS
+# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
+# Idea is to reserve for option to produce "universal" binary and let
+# programmer detect if current CPU is VIS capable at run-time.
+sub unvis {
+my ($mnemonic,$rs1,$rs2,$rd)=@_;
+my ($ref,$opf);
+my %visopf = (	"faligndata"	=> 0x048,
+		"bshuffle"	=> 0x04c,
+		"fnot2"		=> 0x066,
+		"fxor"		=> 0x06c,
+		"fsrc2"		=> 0x078	);
+
+    $ref = "$mnemonic\t$rs1,$rs2,$rd";
+
+    if ($opf=$visopf{$mnemonic}) {
+	foreach ($rs1,$rs2,$rd) {
+	    return $ref if (!/%f([0-9]{1,2})/);
+	    $_=$1;
+	    if ($1>=32) {
+		return $ref if ($1&1);
+		# re-encode for upper double register addressing
+		$_=($1|$1>>5)&31;
+	    }
+	}
+
+	return	sprintf ".word\t0x%08x !%s",
+			0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2,
+			$ref;
+    } else {
+	return $ref;
+    }
+}
+
+sub unvis3 {
+my ($mnemonic,$rs1,$rs2,$rd)=@_;
+my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24 );
+my ($ref,$opf);
+my %visopf = (	"addxc"		=> 0x011,
+		"addxccc"	=> 0x013,
+		"umulxhi"	=> 0x016,
+		"alignaddr"	=> 0x018,
+		"bmask"		=> 0x019,
+		"alignaddrl"	=> 0x01a	);
+
+    $ref = "$mnemonic\t$rs1,$rs2,$rd";
+
+    if ($opf=$visopf{$mnemonic}) {
+	foreach ($rs1,$rs2,$rd) {
+	    return $ref if (!/%([goli])([0-9])/);
+	    $_=$bias{$1}+$2;
+	}
+
+	return	sprintf ".word\t0x%08x !%s",
+			0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2,
+			$ref;
+    } else {
+	return $ref;
+    }
+}
+
+sub unaes_round {	# 4-argument instructions
+my ($mnemonic,$rs1,$rs2,$rs3,$rd)=@_;
+my ($ref,$opf);
+my %aesopf = (	"aes_eround01"	=> 0,
+		"aes_eround23"	=> 1,
+		"aes_dround01"	=> 2,
+		"aes_dround23"	=> 3,
+		"aes_eround01_l"=> 4,
+		"aes_eround23_l"=> 5,
+		"aes_dround01_l"=> 6,
+		"aes_dround23_l"=> 7,
+		"aes_kexpand1"	=> 8	);
+
+    $ref = "$mnemonic\t$rs1,$rs2,$rs3,$rd";
+
+    if (defined($opf=$aesopf{$mnemonic})) {
+	$rs3 = ($rs3 =~ /%f([0-6]*[02468])/) ? (($1|$1>>5)&31) : $rs3;
+	foreach ($rs1,$rs2,$rd) {
+	    return $ref if (!/%f([0-9]{1,2})/);
+	    $_=$1;
+	    if ($1>=32) {
+		return $ref if ($1&1);
+		# re-encode for upper double register addressing
+		$_=($1|$1>>5)&31;
+	    }
+	}
+
+	return	sprintf ".word\t0x%08x !%s",
+			2<<30|$rd<<25|0x19<<19|$rs1<<14|$rs3<<9|$opf<<5|$rs2,
+			$ref;
+    } else {
+	return $ref;
+    }
+}
+
+sub unaes_kexpand {	# 3-argument instructions
+my ($mnemonic,$rs1,$rs2,$rd)=@_;
+my ($ref,$opf);
+my %aesopf = (	"aes_kexpand0"	=> 0x130,
+		"aes_kexpand2"	=> 0x131	);
+
+    $ref = "$mnemonic\t$rs1,$rs2,$rd";
+
+    if (defined($opf=$aesopf{$mnemonic})) {
+	foreach ($rs1,$rs2,$rd) {
+	    return $ref if (!/%f([0-9]{1,2})/);
+	    $_=$1;
+	    if ($1>=32) {
+		return $ref if ($1&1);
+		# re-encode for upper double register addressing
+		$_=($1|$1>>5)&31;
+	    }
+	}
+
+	return	sprintf ".word\t0x%08x !%s",
+			2<<30|$rd<<25|0x36<<19|$rs1<<14|$opf<<5|$rs2,
+			$ref;
+    } else {
+	return $ref;
+    }
+}
+
+sub uncamellia_f {	# 4-argument instructions
+my ($mnemonic,$rs1,$rs2,$rs3,$rd)=@_;
+my ($ref,$opf);
+
+    $ref = "$mnemonic\t$rs1,$rs2,$rs3,$rd";
+
+    if (1) {
+	$rs3 = ($rs3 =~ /%f([0-6]*[02468])/) ? (($1|$1>>5)&31) : $rs3;
+	foreach ($rs1,$rs2,$rd) {
+	    return $ref if (!/%f([0-9]{1,2})/);
+	    $_=$1;
+	    if ($1>=32) {
+		return $ref if ($1&1);
+		# re-encode for upper double register addressing
+		$_=($1|$1>>5)&31;
+	    }
+	}
+
+	return	sprintf ".word\t0x%08x !%s",
+			2<<30|$rd<<25|0x19<<19|$rs1<<14|$rs3<<9|0xc<<5|$rs2,
+			$ref;
+    } else {
+	return $ref;
+    }
+}
+
+sub uncamellia3 {	# 3-argument instructions
+my ($mnemonic,$rs1,$rs2,$rd)=@_;
+my ($ref,$opf);
+my %cmllopf = (	"camellia_fl"	=> 0x13c,
+		"camellia_fli"	=> 0x13d	);
+
+    $ref = "$mnemonic\t$rs1,$rs2,$rd";
+
+    if (defined($opf=$cmllopf{$mnemonic})) {
+	foreach ($rs1,$rs2,$rd) {
+	    return $ref if (!/%f([0-9]{1,2})/);
+	    $_=$1;
+	    if ($1>=32) {
+		return $ref if ($1&1);
+		# re-encode for upper double register addressing
+		$_=($1|$1>>5)&31;
+	    }
+	}
+
+	return	sprintf ".word\t0x%08x !%s",
+			2<<30|$rd<<25|0x36<<19|$rs1<<14|$opf<<5|$rs2,
+			$ref;
+    } else {
+	return $ref;
+    }
+}
+
+sub unmovxtox {		# 2-argument instructions
+my ($mnemonic,$rs,$rd)=@_;
+my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24, "f" => 0 );
+my ($ref,$opf);
+my %movxopf = (	"movdtox"	=> 0x110,
+		"movstouw"	=> 0x111,
+		"movstosw"	=> 0x113,
+		"movxtod"	=> 0x118,
+		"movwtos"	=> 0x119	);
+
+    $ref = "$mnemonic\t$rs,$rd";
+
+    if (defined($opf=$movxopf{$mnemonic})) {
+	foreach ($rs,$rd) {
+	    return $ref if (!/%([fgoli])([0-9]{1,2})/);
+	    $_=$bias{$1}+$2;
+	    if ($2>=32) {
+		return $ref if ($2&1);
+		# re-encode for upper double register addressing
+		$_=($2|$2>>5)&31;
+	    }
+	}
+
+	return	sprintf ".word\t0x%08x !%s",
+			2<<30|$rd<<25|0x36<<19|$opf<<5|$rs,
+			$ref;
+    } else {
+	return $ref;
+    }
+}
+
+sub undes {
+my ($mnemonic)=shift;
+my @args=@_;
+my ($ref,$opf);
+my %desopf = (	"des_round"	=> 0b1001,
+		"des_ip"	=> 0b100110100,
+		"des_iip"	=> 0b100110101,
+		"des_kexpand"	=> 0b100110110	);
+
+    $ref = "$mnemonic\t".join(",",@_);
+
+    if (defined($opf=$desopf{$mnemonic})) {	# 4-arg
+	if ($mnemonic eq "des_round") {
+	    foreach (@args[0..3]) {
+		return $ref if (!/%f([0-9]{1,2})/);
+		$_=$1;
+		if ($1>=32) {
+		    return $ref if ($1&1);
+		    # re-encode for upper double register addressing
+		    $_=($1|$1>>5)&31;
+		}
+	    }
+	    return  sprintf ".word\t0x%08x !%s",
+			    2<<30|0b011001<<19|$opf<<5|$args[0]<<14|$args[1]|$args[2]<<9|$args[3]<<25,
+			    $ref;
+	} elsif ($mnemonic eq "des_kexpand") {	# 3-arg
+	    foreach (@args[0..2]) {
+		return $ref if (!/(%f)?([0-9]{1,2})/);
+		$_=$2;
+		if ($2>=32) {
+		    return $ref if ($2&1);
+		    # re-encode for upper double register addressing
+		    $_=($2|$2>>5)&31;
+		}
+	    }
+	    return  sprintf ".word\t0x%08x !%s",
+			    2<<30|0b110110<<19|$opf<<5|$args[0]<<14|$args[1]|$args[2]<<25,
+			    $ref;
+	} else {				# 2-arg
+	    foreach (@args[0..1]) {
+		return $ref if (!/%f([0-9]{1,2})/);
+		$_=$1;
+		if ($1>=32) {
+		    return $ref if ($2&1);
+		    # re-encode for upper double register addressing
+		    $_=($1|$1>>5)&31;
+		}
+	    }
+	    return  sprintf ".word\t0x%08x !%s",
+			    2<<30|0b110110<<19|$opf<<5|$args[0]<<14|$args[1]<<25,
+			    $ref;
+	}
+    } else {
+	return $ref;
+    }
+}
+
+sub emit_assembler {
+    foreach (split("\n",$::code)) {
+	s/\`([^\`]*)\`/eval $1/ge;
+
+	s/\b(f[a-z]+2[sd]*)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2})\s*$/$1\t%f0,$2,$3/go;
+
+	s/\b(aes_[edk][^\s]*)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*([%fx0-9]+),\s*(%f[0-9]{1,2})/
+		&unaes_round($1,$2,$3,$4,$5)
+	 /geo or
+	s/\b(aes_kexpand[02])\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*(%f[0-9]{1,2})/
+		&unaes_kexpand($1,$2,$3,$4)
+	 /geo or
+	s/\b(camellia_f)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*([%fx0-9]+),\s*(%f[0-9]{1,2})/
+		&uncamellia_f($1,$2,$3,$4,$5)
+	 /geo or
+	s/\b(camellia_[^s]+)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*(%f[0-9]{1,2})/
+		&uncamellia3($1,$2,$3,$4)
+	 /geo or
+	s/\b(des_\w+)\s+(%f[0-9]{1,2}),\s*([%fx0-9]+)(?:,\s*(%f[0-9]{1,2})(?:,\s*(%f[0-9]{1,2}))?)?/
+		&undes($1,$2,$3,$4,$5)
+	 /geo or
+	s/\b(mov[ds]to\w+)\s+(%f[0-9]{1,2}),\s*(%[goli][0-7])/
+		&unmovxtox($1,$2,$3)
+	 /geo or
+	s/\b(mov[xw]to[ds])\s+(%[goli][0-7]),\s*(%f[0-9]{1,2})/
+		&unmovxtox($1,$2,$3)
+	 /geo or
+	s/\b([fb][^\s]*)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*(%f[0-9]{1,2})/
+		&unvis($1,$2,$3,$4)
+	 /geo or
+	s/\b(umulxhi|bmask|addxc[c]{0,2}|alignaddr[l]*)\s+(%[goli][0-7]),\s*(%[goli][0-7]),\s*(%[goli][0-7])/
+		&unvis3($1,$2,$3,$4)
+	 /geo;
+
+	print $_,"\n";
+    }
+}
+
+1;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/perlasm/x86_64-xlate.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/perlasm/x86_64-xlate.pl
new file mode 100755
index 000000000..29a0eacfd
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/perlasm/x86_64-xlate.pl
@@ -0,0 +1,1447 @@
+#! /usr/bin/env perl
+# Copyright 2005-2019 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# Ascetic x86_64 AT&T to MASM/NASM assembler translator by <appro>.
+#
+# Why AT&T to MASM and not vice versa? Several reasons. Because AT&T
+# format is way easier to parse. Because it's simpler to "gear" from
+# Unix ABI to Windows one [see cross-reference "card" at the end of
+# file]. Because Linux targets were available first...
+#
+# In addition the script also "distills" code suitable for GNU
+# assembler, so that it can be compiled with more rigid assemblers,
+# such as Solaris /usr/ccs/bin/as.
+#
+# This translator is not designed to convert *arbitrary* assembler
+# code from AT&T format to MASM one. It's designed to convert just
+# enough to provide for dual-ABI OpenSSL modules development...
+# There *are* limitations and you might have to modify your assembler
+# code or this script to achieve the desired result...
+#
+# Currently recognized limitations:
+#
+# - can't use multiple ops per line;
+#
+# Dual-ABI styling rules.
+#
+# 1. Adhere to Unix register and stack layout [see cross-reference
+#    ABI "card" at the end for explanation].
+# 2. Forget about "red zone," stick to more traditional blended
+#    stack frame allocation. If volatile storage is actually required
+#    that is. If not, just leave the stack as is.
+# 3. Functions tagged with ".type name,@function" get crafted with
+#    unified Win64 prologue and epilogue automatically. If you want
+#    to take care of ABI differences yourself, tag functions as
+#    ".type name,@abi-omnipotent" instead.
+# 4. To optimize the Win64 prologue you can specify number of input
+#    arguments as ".type name,@function,N." Keep in mind that if N is
+#    larger than 6, then you *have to* write "abi-omnipotent" code,
+#    because >6 cases can't be addressed with unified prologue.
+# 5. Name local labels as .L*, do *not* use dynamic labels such as 1:
+#    (sorry about latter).
+# 6. Don't use [or hand-code with .byte] "rep ret." "ret" mnemonic is
+#    required to identify the spots, where to inject Win64 epilogue!
+#    But on the pros, it's then prefixed with rep automatically:-)
+# 7. Stick to explicit ip-relative addressing. If you have to use
+#    GOTPCREL addressing, stick to mov symbol@GOTPCREL(%rip),%r??.
+#    Both are recognized and translated to proper Win64 addressing
+#    modes.
+#
+# 8. In order to provide for structured exception handling unified
+#    Win64 prologue copies %rsp value to %rax. For further details
+#    see SEH paragraph at the end.
+# 9. .init segment is allowed to contain calls to functions only.
+# a. If function accepts more than 4 arguments *and* >4th argument
+#    is declared as non 64-bit value, do clear its upper part.
+
+
+use strict;
+
+my $flavour = shift;
+my $output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+open STDOUT,">$output" || die "can't open $output: $!"
+	if (defined($output));
+
+my $gas=1;	$gas=0 if ($output =~ /\.asm$/);
+my $elf=1;	$elf=0 if (!$gas);
+my $win64=0;
+my $prefix="";
+my $decor=".L";
+
+my $masmref=8 + 50727*2**-32;	# 8.00.50727 shipped with VS2005
+my $masm=0;
+my $PTR=" PTR";
+
+my $nasmref=2.03;
+my $nasm=0;
+
+if    ($flavour eq "mingw64")	{ $gas=1; $elf=0; $win64=1;
+				  $prefix=`echo __USER_LABEL_PREFIX__ | $ENV{CC} -E -P -`;
+				  $prefix =~ s|\R$||; # Better chomp
+				}
+elsif ($flavour eq "macosx")	{ $gas=1; $elf=0; $prefix="_"; $decor="L\$"; }
+elsif ($flavour eq "masm")	{ $gas=0; $elf=0; $masm=$masmref; $win64=1; $decor="\$L\$"; }
+elsif ($flavour eq "nasm")	{ $gas=0; $elf=0; $nasm=$nasmref; $win64=1; $decor="\$L\$"; $PTR=""; }
+elsif (!$gas)
+{   if ($ENV{ASM} =~ m/nasm/ && `nasm -v` =~ m/version ([0-9]+)\.([0-9]+)/i)
+    {	$nasm = $1 + $2*0.01; $PTR="";  }
+    elsif (`ml64 2>&1` =~ m/Version ([0-9]+)\.([0-9]+)(\.([0-9]+))?/)
+    {	$masm = $1 + $2*2**-16 + $4*2**-32;   }
+    die "no assembler found on %PATH%" if (!($nasm || $masm));
+    $win64=1;
+    $elf=0;
+    $decor="\$L\$";
+}
+
+my $current_segment;
+my $current_function;
+my %globals;
+
+{ package opcode;	# pick up opcodes
+    sub re {
+	my	($class, $line) = @_;
+	my	$self = {};
+	my	$ret;
+
+	if ($$line =~ /^([a-z][a-z0-9]*)/i) {
+	    bless $self,$class;
+	    $self->{op} = $1;
+	    $ret = $self;
+	    $$line = substr($$line,@+[0]); $$line =~ s/^\s+//;
+
+	    undef $self->{sz};
+	    if ($self->{op} =~ /^(movz)x?([bw]).*/) {	# movz is pain...
+		$self->{op} = $1;
+		$self->{sz} = $2;
+	    } elsif ($self->{op} =~ /call|jmp/) {
+		$self->{sz} = "";
+	    } elsif ($self->{op} =~ /^p/ && $' !~ /^(ush|op|insrw)/) { # SSEn
+		$self->{sz} = "";
+	    } elsif ($self->{op} =~ /^[vk]/) { # VEX or k* such as kmov
+		$self->{sz} = "";
+	    } elsif ($self->{op} =~ /mov[dq]/ && $$line =~ /%xmm/) {
+		$self->{sz} = "";
+	    } elsif ($self->{op} =~ /([a-z]{3,})([qlwb])$/) {
+		$self->{op} = $1;
+		$self->{sz} = $2;
+	    }
+	}
+	$ret;
+    }
+    sub size {
+	my ($self, $sz) = @_;
+	$self->{sz} = $sz if (defined($sz) && !defined($self->{sz}));
+	$self->{sz};
+    }
+    sub out {
+	my $self = shift;
+	if ($gas) {
+	    if ($self->{op} eq "movz") {	# movz is pain...
+		sprintf "%s%s%s",$self->{op},$self->{sz},shift;
+	    } elsif ($self->{op} =~ /^set/) {
+		"$self->{op}";
+	    } elsif ($self->{op} eq "ret") {
+		my $epilogue = "";
+		if ($win64 && $current_function->{abi} eq "svr4") {
+		    $epilogue = "movq	8(%rsp),%rdi\n\t" .
+				"movq	16(%rsp),%rsi\n\t";
+		}
+	    	$epilogue . ".byte	0xf3,0xc3";
+	    } elsif ($self->{op} eq "call" && !$elf && $current_segment eq ".init") {
+		".p2align\t3\n\t.quad";
+	    } else {
+		"$self->{op}$self->{sz}";
+	    }
+	} else {
+	    $self->{op} =~ s/^movz/movzx/;
+	    if ($self->{op} eq "ret") {
+		$self->{op} = "";
+		if ($win64 && $current_function->{abi} eq "svr4") {
+		    $self->{op} = "mov	rdi,QWORD$PTR\[8+rsp\]\t;WIN64 epilogue\n\t".
+				  "mov	rsi,QWORD$PTR\[16+rsp\]\n\t";
+	    	}
+		$self->{op} .= "DB\t0F3h,0C3h\t\t;repret";
+	    } elsif ($self->{op} =~ /^(pop|push)f/) {
+		$self->{op} .= $self->{sz};
+	    } elsif ($self->{op} eq "call" && $current_segment eq ".CRT\$XCU") {
+		$self->{op} = "\tDQ";
+	    }
+	    $self->{op};
+	}
+    }
+    sub mnemonic {
+	my ($self, $op) = @_;
+	$self->{op}=$op if (defined($op));
+	$self->{op};
+    }
+}
+{ package const;	# pick up constants, which start with $
+    sub re {
+	my	($class, $line) = @_;
+	my	$self = {};
+	my	$ret;
+
+	if ($$line =~ /^\$([^,]+)/) {
+	    bless $self, $class;
+	    $self->{value} = $1;
+	    $ret = $self;
+	    $$line = substr($$line,@+[0]); $$line =~ s/^\s+//;
+	}
+	$ret;
+    }
+    sub out {
+    	my $self = shift;
+
+	$self->{value} =~ s/\b(0b[0-1]+)/oct($1)/eig;
+	if ($gas) {
+	    # Solaris /usr/ccs/bin/as can't handle multiplications
+	    # in $self->{value}
+	    my $value = $self->{value};
+	    no warnings;    # oct might complain about overflow, ignore here...
+	    $value =~ s/(?<![\w\$\.])(0x?[0-9a-f]+)/oct($1)/egi;
+	    if ($value =~ s/([0-9]+\s*[\*\/\%]\s*[0-9]+)/eval($1)/eg) {
+		$self->{value} = $value;
+	    }
+	    sprintf "\$%s",$self->{value};
+	} else {
+	    my $value = $self->{value};
+	    $value =~ s/0x([0-9a-f]+)/0$1h/ig if ($masm);
+	    sprintf "%s",$value;
+	}
+    }
+}
+{ package ea;		# pick up effective addresses: expr(%reg,%reg,scale)
+
+    my %szmap = (	b=>"BYTE$PTR",    w=>"WORD$PTR",
+			l=>"DWORD$PTR",   d=>"DWORD$PTR",
+			q=>"QWORD$PTR",   o=>"OWORD$PTR",
+			x=>"XMMWORD$PTR", y=>"YMMWORD$PTR",
+			z=>"ZMMWORD$PTR" ) if (!$gas);
+
+    sub re {
+	my	($class, $line, $opcode) = @_;
+	my	$self = {};
+	my	$ret;
+
+	# optional * ----vvv--- appears in indirect jmp/call
+	if ($$line =~ /^(\*?)([^\(,]*)\(([%\w,]+)\)((?:{[^}]+})*)/) {
+	    bless $self, $class;
+	    $self->{asterisk} = $1;
+	    $self->{label} = $2;
+	    ($self->{base},$self->{index},$self->{scale})=split(/,/,$3);
+	    $self->{scale} = 1 if (!defined($self->{scale}));
+	    $self->{opmask} = $4;
+	    $ret = $self;
+	    $$line = substr($$line,@+[0]); $$line =~ s/^\s+//;
+
+	    if ($win64 && $self->{label} =~ s/\@GOTPCREL//) {
+		die if ($opcode->mnemonic() ne "mov");
+		$opcode->mnemonic("lea");
+	    }
+	    $self->{base}  =~ s/^%//;
+	    $self->{index} =~ s/^%// if (defined($self->{index}));
+	    $self->{opcode} = $opcode;
+	}
+	$ret;
+    }
+    sub size {}
+    sub out {
+	my ($self, $sz) = @_;
+
+	$self->{label} =~ s/([_a-z][_a-z0-9]*)/$globals{$1} or $1/gei;
+	$self->{label} =~ s/\.L/$decor/g;
+
+	# Silently convert all EAs to 64-bit. This is required for
+	# elder GNU assembler and results in more compact code,
+	# *but* most importantly AES module depends on this feature!
+	$self->{index} =~ s/^[er](.?[0-9xpi])[d]?$/r\1/;
+	$self->{base}  =~ s/^[er](.?[0-9xpi])[d]?$/r\1/;
+
+	# Solaris /usr/ccs/bin/as can't handle multiplications
+	# in $self->{label}...
+	use integer;
+	$self->{label} =~ s/(?<![\w\$\.])(0x?[0-9a-f]+)/oct($1)/egi;
+	$self->{label} =~ s/\b([0-9]+\s*[\*\/\%]\s*[0-9]+)\b/eval($1)/eg;
+
+	# Some assemblers insist on signed presentation of 32-bit
+	# offsets, but sign extension is a tricky business in perl...
+	if ((1<<31)<<1) {
+	    $self->{label} =~ s/\b([0-9]+)\b/$1<<32>>32/eg;
+	} else {
+	    $self->{label} =~ s/\b([0-9]+)\b/$1>>0/eg;
+	}
+
+	# if base register is %rbp or %r13, see if it's possible to
+	# flip base and index registers [for better performance]
+	if (!$self->{label} && $self->{index} && $self->{scale}==1 &&
+	    $self->{base} =~ /(rbp|r13)/) {
+		$self->{base} = $self->{index}; $self->{index} = $1;
+	}
+
+	if ($gas) {
+	    $self->{label} =~ s/^___imp_/__imp__/   if ($flavour eq "mingw64");
+
+	    if (defined($self->{index})) {
+		sprintf "%s%s(%s,%%%s,%d)%s",
+					$self->{asterisk},$self->{label},
+					$self->{base}?"%$self->{base}":"",
+					$self->{index},$self->{scale},
+					$self->{opmask};
+	    } else {
+		sprintf "%s%s(%%%s)%s",	$self->{asterisk},$self->{label},
+					$self->{base},$self->{opmask};
+	    }
+	} else {
+	    $self->{label} =~ s/\./\$/g;
+	    $self->{label} =~ s/(?<![\w\$\.])0x([0-9a-f]+)/0$1h/ig;
+	    $self->{label} = "($self->{label})" if ($self->{label} =~ /[\*\+\-\/]/);
+
+	    my $mnemonic = $self->{opcode}->mnemonic();
+	    ($self->{asterisk})				&& ($sz="q") ||
+	    ($mnemonic =~ /^v?mov([qd])$/)		&& ($sz=$1)  ||
+	    ($mnemonic =~ /^v?pinsr([qdwb])$/)		&& ($sz=$1)  ||
+	    ($mnemonic =~ /^vpbroadcast([qdwb])$/)	&& ($sz=$1)  ||
+	    ($mnemonic =~ /^v(?!perm)[a-z]+[fi]128$/)	&& ($sz="x");
+
+	    $self->{opmask}  =~ s/%(k[0-7])/$1/;
+
+	    if (defined($self->{index})) {
+		sprintf "%s[%s%s*%d%s]%s",$szmap{$sz},
+					$self->{label}?"$self->{label}+":"",
+					$self->{index},$self->{scale},
+					$self->{base}?"+$self->{base}":"",
+					$self->{opmask};
+	    } elsif ($self->{base} eq "rip") {
+		sprintf "%s[%s]",$szmap{$sz},$self->{label};
+	    } else {
+		sprintf "%s[%s%s]%s",	$szmap{$sz},
+					$self->{label}?"$self->{label}+":"",
+					$self->{base},$self->{opmask};
+	    }
+	}
+    }
+}
+{ package register;	# pick up registers, which start with %.
+    sub re {
+	my	($class, $line, $opcode) = @_;
+	my	$self = {};
+	my	$ret;
+
+	# optional * ----vvv--- appears in indirect jmp/call
+	if ($$line =~ /^(\*?)%(\w+)((?:{[^}]+})*)/) {
+	    bless $self,$class;
+	    $self->{asterisk} = $1;
+	    $self->{value} = $2;
+	    $self->{opmask} = $3;
+	    $opcode->size($self->size());
+	    $ret = $self;
+	    $$line = substr($$line,@+[0]); $$line =~ s/^\s+//;
+	}
+	$ret;
+    }
+    sub size {
+	my	$self = shift;
+	my	$ret;
+
+	if    ($self->{value} =~ /^r[\d]+b$/i)	{ $ret="b"; }
+	elsif ($self->{value} =~ /^r[\d]+w$/i)	{ $ret="w"; }
+	elsif ($self->{value} =~ /^r[\d]+d$/i)	{ $ret="l"; }
+	elsif ($self->{value} =~ /^r[\w]+$/i)	{ $ret="q"; }
+	elsif ($self->{value} =~ /^[a-d][hl]$/i){ $ret="b"; }
+	elsif ($self->{value} =~ /^[\w]{2}l$/i)	{ $ret="b"; }
+	elsif ($self->{value} =~ /^[\w]{2}$/i)	{ $ret="w"; }
+	elsif ($self->{value} =~ /^e[a-z]{2}$/i){ $ret="l"; }
+
+	$ret;
+    }
+    sub out {
+    	my $self = shift;
+	if ($gas)	{ sprintf "%s%%%s%s",	$self->{asterisk},
+						$self->{value},
+						$self->{opmask}; }
+	else		{ $self->{opmask} =~ s/%(k[0-7])/$1/;
+			  $self->{value}.$self->{opmask}; }
+    }
+}
+{ package label;	# pick up labels, which end with :
+    sub re {
+	my	($class, $line) = @_;
+	my	$self = {};
+	my	$ret;
+
+	if ($$line =~ /(^[\.\w]+)\:/) {
+	    bless $self,$class;
+	    $self->{value} = $1;
+	    $ret = $self;
+	    $$line = substr($$line,@+[0]); $$line =~ s/^\s+//;
+
+	    $self->{value} =~ s/^\.L/$decor/;
+	}
+	$ret;
+    }
+    sub out {
+	my $self = shift;
+
+	if ($gas) {
+	    my $func = ($globals{$self->{value}} or $self->{value}) . ":";
+	    if ($win64	&& $current_function->{name} eq $self->{value}
+			&& $current_function->{abi} eq "svr4") {
+		$func .= "\n";
+		$func .= "	movq	%rdi,8(%rsp)\n";
+		$func .= "	movq	%rsi,16(%rsp)\n";
+		$func .= "	movq	%rsp,%rax\n";
+		$func .= "${decor}SEH_begin_$current_function->{name}:\n";
+		my $narg = $current_function->{narg};
+		$narg=6 if (!defined($narg));
+		$func .= "	movq	%rcx,%rdi\n" if ($narg>0);
+		$func .= "	movq	%rdx,%rsi\n" if ($narg>1);
+		$func .= "	movq	%r8,%rdx\n"  if ($narg>2);
+		$func .= "	movq	%r9,%rcx\n"  if ($narg>3);
+		$func .= "	movq	40(%rsp),%r8\n" if ($narg>4);
+		$func .= "	movq	48(%rsp),%r9\n" if ($narg>5);
+	    }
+	    $func;
+	} elsif ($self->{value} ne "$current_function->{name}") {
+	    # Make all labels in masm global.
+	    $self->{value} .= ":" if ($masm);
+	    $self->{value} . ":";
+	} elsif ($win64 && $current_function->{abi} eq "svr4") {
+	    my $func =	"$current_function->{name}" .
+			($nasm ? ":" : "\tPROC $current_function->{scope}") .
+			"\n";
+	    $func .= "	mov	QWORD$PTR\[8+rsp\],rdi\t;WIN64 prologue\n";
+	    $func .= "	mov	QWORD$PTR\[16+rsp\],rsi\n";
+	    $func .= "	mov	rax,rsp\n";
+	    $func .= "${decor}SEH_begin_$current_function->{name}:";
+	    $func .= ":" if ($masm);
+	    $func .= "\n";
+	    my $narg = $current_function->{narg};
+	    $narg=6 if (!defined($narg));
+	    $func .= "	mov	rdi,rcx\n" if ($narg>0);
+	    $func .= "	mov	rsi,rdx\n" if ($narg>1);
+	    $func .= "	mov	rdx,r8\n"  if ($narg>2);
+	    $func .= "	mov	rcx,r9\n"  if ($narg>3);
+	    $func .= "	mov	r8,QWORD$PTR\[40+rsp\]\n" if ($narg>4);
+	    $func .= "	mov	r9,QWORD$PTR\[48+rsp\]\n" if ($narg>5);
+	    $func .= "\n";
+	} else {
+	   "$current_function->{name}".
+			($nasm ? ":" : "\tPROC $current_function->{scope}");
+	}
+    }
+}
+{ package expr;		# pick up expressions
+    sub re {
+	my	($class, $line, $opcode) = @_;
+	my	$self = {};
+	my	$ret;
+
+	if ($$line =~ /(^[^,]+)/) {
+	    bless $self,$class;
+	    $self->{value} = $1;
+	    $ret = $self;
+	    $$line = substr($$line,@+[0]); $$line =~ s/^\s+//;
+
+	    $self->{value} =~ s/\@PLT// if (!$elf);
+	    $self->{value} =~ s/([_a-z][_a-z0-9]*)/$globals{$1} or $1/gei;
+	    $self->{value} =~ s/\.L/$decor/g;
+	    $self->{opcode} = $opcode;
+	}
+	$ret;
+    }
+    sub out {
+	my $self = shift;
+	if ($nasm && $self->{opcode}->mnemonic()=~m/^j(?![re]cxz)/) {
+	    "NEAR ".$self->{value};
+	} else {
+	    $self->{value};
+	}
+    }
+}
+{ package cfi_directive;
+    # CFI directives annotate instructions that are significant for
+    # stack unwinding procedure compliant with DWARF specification,
+    # see http://dwarfstd.org/. Besides naturally expected for this
+    # script platform-specific filtering function, this module adds
+    # three auxiliary synthetic directives not recognized by [GNU]
+    # assembler:
+    #
+    # - .cfi_push to annotate push instructions in prologue, which
+    #   translates to .cfi_adjust_cfa_offset (if needed) and
+    #   .cfi_offset;
+    # - .cfi_pop to annotate pop instructions in epilogue, which
+    #   translates to .cfi_adjust_cfa_offset (if needed) and
+    #   .cfi_restore;
+    # - [and most notably] .cfi_cfa_expression which encodes
+    #   DW_CFA_def_cfa_expression and passes it to .cfi_escape as
+    #   byte vector;
+    #
+    # CFA expressions were introduced in DWARF specification version
+    # 3 and describe how to deduce CFA, Canonical Frame Address. This
+    # becomes handy if your stack frame is variable and you can't
+    # spare register for [previous] frame pointer. Suggested directive
+    # syntax is made-up mix of DWARF operator suffixes [subset of]
+    # and references to registers with optional bias. Following example
+    # describes offloaded *original* stack pointer at specific offset
+    # from *current* stack pointer:
+    #
+    #   .cfi_cfa_expression     %rsp+40,deref,+8
+    #
+    # Final +8 has everything to do with the fact that CFA is defined
+    # as reference to top of caller's stack, and on x86_64 call to
+    # subroutine pushes 8-byte return address. In other words original
+    # stack pointer upon entry to a subroutine is 8 bytes off from CFA.
+
+    # Below constants are taken from "DWARF Expressions" section of the
+    # DWARF specification, section is numbered 7.7 in versions 3 and 4.
+    my %DW_OP_simple = (	# no-arg operators, mapped directly
+	deref	=> 0x06,	dup	=> 0x12,
+	drop	=> 0x13,	over	=> 0x14,
+	pick	=> 0x15,	swap	=> 0x16,
+	rot	=> 0x17,	xderef	=> 0x18,
+
+	abs	=> 0x19,	and	=> 0x1a,
+	div	=> 0x1b,	minus	=> 0x1c,
+	mod	=> 0x1d,	mul	=> 0x1e,
+	neg	=> 0x1f,	not	=> 0x20,
+	or	=> 0x21,	plus	=> 0x22,
+	shl	=> 0x24,	shr	=> 0x25,
+	shra	=> 0x26,	xor	=> 0x27,
+	);
+
+    my %DW_OP_complex = (	# used in specific subroutines
+	constu		=> 0x10,	# uleb128
+	consts		=> 0x11,	# sleb128
+	plus_uconst	=> 0x23,	# uleb128
+	lit0 		=> 0x30,	# add 0-31 to opcode
+	reg0		=> 0x50,	# add 0-31 to opcode
+	breg0		=> 0x70,	# add 0-31 to opcole, sleb128
+	regx		=> 0x90,	# uleb28
+	fbreg		=> 0x91,	# sleb128
+	bregx		=> 0x92,	# uleb128, sleb128
+	piece		=> 0x93,	# uleb128
+	);
+
+    # Following constants are defined in x86_64 ABI supplement, for
+    # example available at https://www.uclibc.org/docs/psABI-x86_64.pdf,
+    # see section 3.7 "Stack Unwind Algorithm".
+    my %DW_reg_idx = (
+	"%rax"=>0,  "%rdx"=>1,  "%rcx"=>2,  "%rbx"=>3,
+	"%rsi"=>4,  "%rdi"=>5,  "%rbp"=>6,  "%rsp"=>7,
+	"%r8" =>8,  "%r9" =>9,  "%r10"=>10, "%r11"=>11,
+	"%r12"=>12, "%r13"=>13, "%r14"=>14, "%r15"=>15
+	);
+
+    my ($cfa_reg, $cfa_rsp);
+    my @cfa_stack;
+
+    # [us]leb128 format is variable-length integer representation base
+    # 2^128, with most significant bit of each byte being 0 denoting
+    # *last* most significant digit. See "Variable Length Data" in the
+    # DWARF specification, numbered 7.6 at least in versions 3 and 4.
+    sub sleb128 {
+	use integer;	# get right shift extend sign
+
+	my $val = shift;
+	my $sign = ($val < 0) ? -1 : 0;
+	my @ret = ();
+
+	while(1) {
+	    push @ret, $val&0x7f;
+
+	    # see if remaining bits are same and equal to most
+	    # significant bit of the current digit, if so, it's
+	    # last digit...
+	    last if (($val>>6) == $sign);
+
+	    @ret[-1] |= 0x80;
+	    $val >>= 7;
+	}
+
+	return @ret;
+    }
+    sub uleb128 {
+	my $val = shift;
+	my @ret = ();
+
+	while(1) {
+	    push @ret, $val&0x7f;
+
+	    # see if it's last significant digit...
+	    last if (($val >>= 7) == 0);
+
+	    @ret[-1] |= 0x80;
+	}
+
+	return @ret;
+    }
+    sub const {
+	my $val = shift;
+
+	if ($val >= 0 && $val < 32) {
+            return ($DW_OP_complex{lit0}+$val);
+	}
+	return ($DW_OP_complex{consts}, sleb128($val));
+    }
+    sub reg {
+	my $val = shift;
+
+	return if ($val !~ m/^(%r\w+)(?:([\+\-])((?:0x)?[0-9a-f]+))?/);
+
+	my $reg = $DW_reg_idx{$1};
+	my $off = eval ("0 $2 $3");
+
+	return (($DW_OP_complex{breg0} + $reg), sleb128($off));
+	# Yes, we use DW_OP_bregX+0 to push register value and not
+	# DW_OP_regX, because latter would require even DW_OP_piece,
+	# which would be a waste under the circumstances. If you have
+	# to use DWP_OP_reg, use "regx:N"...
+    }
+    sub cfa_expression {
+	my $line = shift;
+	my @ret;
+
+	foreach my $token (split(/,\s*/,$line)) {
+	    if ($token =~ /^%r/) {
+		push @ret,reg($token);
+	    } elsif ($token =~ /((?:0x)?[0-9a-f]+)\((%r\w+)\)/) {
+		push @ret,reg("$2+$1");
+	    } elsif ($token =~ /(\w+):(\-?(?:0x)?[0-9a-f]+)(U?)/i) {
+		my $i = 1*eval($2);
+		push @ret,$DW_OP_complex{$1}, ($3 ? uleb128($i) : sleb128($i));
+	    } elsif (my $i = 1*eval($token) or $token eq "0") {
+		if ($token =~ /^\+/) {
+		    push @ret,$DW_OP_complex{plus_uconst},uleb128($i);
+		} else {
+		    push @ret,const($i);
+		}
+	    } else {
+		push @ret,$DW_OP_simple{$token};
+	    }
+	}
+
+	# Finally we return DW_CFA_def_cfa_expression, 15, followed by
+	# length of the expression and of course the expression itself.
+	return (15,scalar(@ret),@ret);
+    }
+    sub re {
+	my	($class, $line) = @_;
+	my	$self = {};
+	my	$ret;
+
+	if ($$line =~ s/^\s*\.cfi_(\w+)\s*//) {
+	    bless $self,$class;
+	    $ret = $self;
+	    undef $self->{value};
+	    my $dir = $1;
+
+	    SWITCH: for ($dir) {
+	    # What is $cfa_rsp? Effectively it's difference between %rsp
+	    # value and current CFA, Canonical Frame Address, which is
+	    # why it starts with -8. Recall that CFA is top of caller's
+	    # stack...
+	    /startproc/	&& do {	($cfa_reg, $cfa_rsp) = ("%rsp", -8); last; };
+	    /endproc/	&& do {	($cfa_reg, $cfa_rsp) = ("%rsp",  0);
+				# .cfi_remember_state directives that are not
+				# matched with .cfi_restore_state are
+				# unnecessary.
+				die "unpaired .cfi_remember_state" if (@cfa_stack);
+				last;
+			      };
+	    /def_cfa_register/
+			&& do {	$cfa_reg = $$line; last; };
+	    /def_cfa_offset/
+			&& do {	$cfa_rsp = -1*eval($$line) if ($cfa_reg eq "%rsp");
+				last;
+			      };
+	    /adjust_cfa_offset/
+			&& do {	$cfa_rsp -= 1*eval($$line) if ($cfa_reg eq "%rsp");
+				last;
+			      };
+	    /def_cfa/	&& do {	if ($$line =~ /(%r\w+)\s*,\s*(.+)/) {
+				    $cfa_reg = $1;
+				    $cfa_rsp = -1*eval($2) if ($cfa_reg eq "%rsp");
+				}
+				last;
+			      };
+	    /push/	&& do {	$dir = undef;
+				$cfa_rsp -= 8;
+				if ($cfa_reg eq "%rsp") {
+				    $self->{value} = ".cfi_adjust_cfa_offset\t8\n";
+				}
+				$self->{value} .= ".cfi_offset\t$$line,$cfa_rsp";
+				last;
+			      };
+	    /pop/	&& do {	$dir = undef;
+				$cfa_rsp += 8;
+				if ($cfa_reg eq "%rsp") {
+				    $self->{value} = ".cfi_adjust_cfa_offset\t-8\n";
+				}
+				$self->{value} .= ".cfi_restore\t$$line";
+				last;
+			      };
+	    /cfa_expression/
+			&& do {	$dir = undef;
+				$self->{value} = ".cfi_escape\t" .
+					join(",", map(sprintf("0x%02x", $_),
+						      cfa_expression($$line)));
+				last;
+			      };
+	    /remember_state/
+			&& do {	push @cfa_stack, [$cfa_reg, $cfa_rsp];
+				last;
+			      };
+	    /restore_state/
+			&& do {	($cfa_reg, $cfa_rsp) = @{pop @cfa_stack};
+				last;
+			      };
+	    }
+
+	    $self->{value} = ".cfi_$dir\t$$line" if ($dir);
+
+	    $$line = "";
+	}
+
+	return $ret;
+    }
+    sub out {
+	my $self = shift;
+	return ($elf ? $self->{value} : undef);
+    }
+}
+{ package directive;	# pick up directives, which start with .
+    sub re {
+	my	($class, $line) = @_;
+	my	$self = {};
+	my	$ret;
+	my	$dir;
+
+	# chain-call to cfi_directive
+	$ret = cfi_directive->re($line) and return $ret;
+
+	if ($$line =~ /^\s*(\.\w+)/) {
+	    bless $self,$class;
+	    $dir = $1;
+	    $ret = $self;
+	    undef $self->{value};
+	    $$line = substr($$line,@+[0]); $$line =~ s/^\s+//;
+
+	    SWITCH: for ($dir) {
+		/\.global|\.globl|\.extern/
+			    && do { $globals{$$line} = $prefix . $$line;
+				    $$line = $globals{$$line} if ($prefix);
+				    last;
+				  };
+		/\.type/    && do { my ($sym,$type,$narg) = split(',',$$line);
+				    if ($type eq "\@function") {
+					undef $current_function;
+					$current_function->{name} = $sym;
+					$current_function->{abi}  = "svr4";
+					$current_function->{narg} = $narg;
+					$current_function->{scope} = defined($globals{$sym})?"PUBLIC":"PRIVATE";
+				    } elsif ($type eq "\@abi-omnipotent") {
+					undef $current_function;
+					$current_function->{name} = $sym;
+					$current_function->{scope} = defined($globals{$sym})?"PUBLIC":"PRIVATE";
+				    }
+				    $$line =~ s/\@abi\-omnipotent/\@function/;
+				    $$line =~ s/\@function.*/\@function/;
+				    last;
+				  };
+		/\.asciz/   && do { if ($$line =~ /^"(.*)"$/) {
+					$dir  = ".byte";
+					$$line = join(",",unpack("C*",$1),0);
+				    }
+				    last;
+				  };
+		/\.rva|\.long|\.quad/
+			    && do { $$line =~ s/([_a-z][_a-z0-9]*)/$globals{$1} or $1/gei;
+				    $$line =~ s/\.L/$decor/g;
+				    last;
+				  };
+	    }
+
+	    if ($gas) {
+		$self->{value} = $dir . "\t" . $$line;
+
+		if ($dir =~ /\.extern/) {
+		    $self->{value} = ""; # swallow extern
+		} elsif (!$elf && $dir =~ /\.type/) {
+		    $self->{value} = "";
+		    $self->{value} = ".def\t" . ($globals{$1} or $1) . ";\t" .
+				(defined($globals{$1})?".scl 2;":".scl 3;") .
+				"\t.type 32;\t.endef"
+				if ($win64 && $$line =~ /([^,]+),\@function/);
+		} elsif (!$elf && $dir =~ /\.size/) {
+		    $self->{value} = "";
+		    if (defined($current_function)) {
+			$self->{value} .= "${decor}SEH_end_$current_function->{name}:"
+				if ($win64 && $current_function->{abi} eq "svr4");
+			undef $current_function;
+		    }
+		} elsif (!$elf && $dir =~ /\.align/) {
+		    $self->{value} = ".p2align\t" . (log($$line)/log(2));
+		} elsif ($dir eq ".section") {
+		    $current_segment=$$line;
+		    if (!$elf && $current_segment eq ".init") {
+			if	($flavour eq "macosx")	{ $self->{value} = ".mod_init_func"; }
+			elsif	($flavour eq "mingw64")	{ $self->{value} = ".section\t.ctors"; }
+		    }
+		} elsif ($dir =~ /\.(text|data)/) {
+		    $current_segment=".$1";
+		} elsif ($dir =~ /\.hidden/) {
+		    if    ($flavour eq "macosx")  { $self->{value} = ".private_extern\t$prefix$$line"; }
+		    elsif ($flavour eq "mingw64") { $self->{value} = ""; }
+		} elsif ($dir =~ /\.comm/) {
+		    $self->{value} = "$dir\t$prefix$$line";
+		    $self->{value} =~ s|,([0-9]+),([0-9]+)$|",$1,".log($2)/log(2)|e if ($flavour eq "macosx");
+		}
+		$$line = "";
+		return $self;
+	    }
+
+	    # non-gas case or nasm/masm
+	    SWITCH: for ($dir) {
+		/\.text/    && do { my $v=undef;
+				    if ($nasm) {
+					$v="section	.text code align=64\n";
+				    } else {
+					$v="$current_segment\tENDS\n" if ($current_segment);
+					$current_segment = ".text\$";
+					$v.="$current_segment\tSEGMENT ";
+					$v.=$masm>=$masmref ? "ALIGN(256)" : "PAGE";
+					$v.=" 'CODE'";
+				    }
+				    $self->{value} = $v;
+				    last;
+				  };
+		/\.data/    && do { my $v=undef;
+				    if ($nasm) {
+					$v="section	.data data align=8\n";
+				    } else {
+					$v="$current_segment\tENDS\n" if ($current_segment);
+					$current_segment = "_DATA";
+					$v.="$current_segment\tSEGMENT";
+				    }
+				    $self->{value} = $v;
+				    last;
+				  };
+		/\.section/ && do { my $v=undef;
+				    $$line =~ s/([^,]*).*/$1/;
+				    $$line = ".CRT\$XCU" if ($$line eq ".init");
+				    if ($nasm) {
+					$v="section	$$line";
+					if ($$line=~/\.([px])data/) {
+					    $v.=" rdata align=";
+					    $v.=$1 eq "p"? 4 : 8;
+					} elsif ($$line=~/\.CRT\$/i) {
+					    $v.=" rdata align=8";
+					}
+				    } else {
+					$v="$current_segment\tENDS\n" if ($current_segment);
+					$v.="$$line\tSEGMENT";
+					if ($$line=~/\.([px])data/) {
+					    $v.=" READONLY";
+					    $v.=" ALIGN(".($1 eq "p" ? 4 : 8).")" if ($masm>=$masmref);
+					} elsif ($$line=~/\.CRT\$/i) {
+					    $v.=" READONLY ";
+					    $v.=$masm>=$masmref ? "ALIGN(8)" : "DWORD";
+					}
+				    }
+				    $current_segment = $$line;
+				    $self->{value} = $v;
+				    last;
+				  };
+		/\.extern/  && do { $self->{value}  = "EXTERN\t".$$line;
+				    $self->{value} .= ":NEAR" if ($masm);
+				    last;
+				  };
+		/\.globl|.global/
+			    && do { $self->{value}  = $masm?"PUBLIC":"global";
+				    $self->{value} .= "\t".$$line;
+				    last;
+				  };
+		/\.size/    && do { if (defined($current_function)) {
+					undef $self->{value};
+					if ($current_function->{abi} eq "svr4") {
+					    $self->{value}="${decor}SEH_end_$current_function->{name}:";
+					    $self->{value}.=":\n" if($masm);
+					}
+					$self->{value}.="$current_function->{name}\tENDP" if($masm && $current_function->{name});
+					undef $current_function;
+				    }
+				    last;
+				  };
+		/\.align/   && do { my $max = ($masm && $masm>=$masmref) ? 256 : 4096;
+				    $self->{value} = "ALIGN\t".($$line>$max?$max:$$line);
+				    last;
+				  };
+		/\.(value|long|rva|quad)/
+			    && do { my $sz  = substr($1,0,1);
+				    my @arr = split(/,\s*/,$$line);
+				    my $last = pop(@arr);
+				    my $conv = sub  {	my $var=shift;
+							$var=~s/^(0b[0-1]+)/oct($1)/eig;
+							$var=~s/^0x([0-9a-f]+)/0$1h/ig if ($masm);
+							if ($sz eq "D" && ($current_segment=~/.[px]data/ || $dir eq ".rva"))
+							{ $var=~s/^([_a-z\$\@][_a-z0-9\$\@]*)/$nasm?"$1 wrt ..imagebase":"imagerel $1"/egi; }
+							$var;
+						    };
+
+				    $sz =~ tr/bvlrq/BWDDQ/;
+				    $self->{value} = "\tD$sz\t";
+				    for (@arr) { $self->{value} .= &$conv($_).","; }
+				    $self->{value} .= &$conv($last);
+				    last;
+				  };
+		/\.byte/    && do { my @str=split(/,\s*/,$$line);
+				    map(s/(0b[0-1]+)/oct($1)/eig,@str);
+				    map(s/0x([0-9a-f]+)/0$1h/ig,@str) if ($masm);
+				    while ($#str>15) {
+					$self->{value}.="DB\t"
+						.join(",",@str[0..15])."\n";
+					foreach (0..15) { shift @str; }
+				    }
+				    $self->{value}.="DB\t"
+						.join(",",@str) if (@str);
+				    last;
+				  };
+		/\.comm/    && do { my @str=split(/,\s*/,$$line);
+				    my $v=undef;
+				    if ($nasm) {
+					$v.="common	$prefix@str[0] @str[1]";
+				    } else {
+					$v="$current_segment\tENDS\n" if ($current_segment);
+					$current_segment = "_DATA";
+					$v.="$current_segment\tSEGMENT\n";
+					$v.="COMM	@str[0]:DWORD:".@str[1]/4;
+				    }
+				    $self->{value} = $v;
+				    last;
+				  };
+	    }
+	    $$line = "";
+	}
+
+	$ret;
+    }
+    sub out {
+	my $self = shift;
+	$self->{value};
+    }
+}
+
+# Upon initial x86_64 introduction SSE>2 extensions were not introduced
+# yet. In order not to be bothered by tracing exact assembler versions,
+# but at the same time to provide a bare security minimum of AES-NI, we
+# hard-code some instructions. Extensions past AES-NI on the other hand
+# are traced by examining assembler version in individual perlasm
+# modules...
+
+my %regrm = (	"%eax"=>0, "%ecx"=>1, "%edx"=>2, "%ebx"=>3,
+		"%esp"=>4, "%ebp"=>5, "%esi"=>6, "%edi"=>7	);
+
+sub rex {
+ my $opcode=shift;
+ my ($dst,$src,$rex)=@_;
+
+   $rex|=0x04 if($dst>=8);
+   $rex|=0x01 if($src>=8);
+   push @$opcode,($rex|0x40) if ($rex);
+}
+
+my $movq = sub {	# elderly gas can't handle inter-register movq
+  my $arg = shift;
+  my @opcode=(0x66);
+    if ($arg =~ /%xmm([0-9]+),\s*%r(\w+)/) {
+	my ($src,$dst)=($1,$2);
+	if ($dst !~ /[0-9]+/)	{ $dst = $regrm{"%e$dst"}; }
+	rex(\@opcode,$src,$dst,0x8);
+	push @opcode,0x0f,0x7e;
+	push @opcode,0xc0|(($src&7)<<3)|($dst&7);	# ModR/M
+	@opcode;
+    } elsif ($arg =~ /%r(\w+),\s*%xmm([0-9]+)/) {
+	my ($src,$dst)=($2,$1);
+	if ($dst !~ /[0-9]+/)	{ $dst = $regrm{"%e$dst"}; }
+	rex(\@opcode,$src,$dst,0x8);
+	push @opcode,0x0f,0x6e;
+	push @opcode,0xc0|(($src&7)<<3)|($dst&7);	# ModR/M
+	@opcode;
+    } else {
+	();
+    }
+};
+
+my $pextrd = sub {
+    if (shift =~ /\$([0-9]+),\s*%xmm([0-9]+),\s*(%\w+)/) {
+      my @opcode=(0x66);
+	my $imm=$1;
+	my $src=$2;
+	my $dst=$3;
+	if ($dst =~ /%r([0-9]+)d/)	{ $dst = $1; }
+	elsif ($dst =~ /%e/)		{ $dst = $regrm{$dst}; }
+	rex(\@opcode,$src,$dst);
+	push @opcode,0x0f,0x3a,0x16;
+	push @opcode,0xc0|(($src&7)<<3)|($dst&7);	# ModR/M
+	push @opcode,$imm;
+	@opcode;
+    } else {
+	();
+    }
+};
+
+my $pinsrd = sub {
+    if (shift =~ /\$([0-9]+),\s*(%\w+),\s*%xmm([0-9]+)/) {
+      my @opcode=(0x66);
+	my $imm=$1;
+	my $src=$2;
+	my $dst=$3;
+	if ($src =~ /%r([0-9]+)/)	{ $src = $1; }
+	elsif ($src =~ /%e/)		{ $src = $regrm{$src}; }
+	rex(\@opcode,$dst,$src);
+	push @opcode,0x0f,0x3a,0x22;
+	push @opcode,0xc0|(($dst&7)<<3)|($src&7);	# ModR/M
+	push @opcode,$imm;
+	@opcode;
+    } else {
+	();
+    }
+};
+
+my $pshufb = sub {
+    if (shift =~ /%xmm([0-9]+),\s*%xmm([0-9]+)/) {
+      my @opcode=(0x66);
+	rex(\@opcode,$2,$1);
+	push @opcode,0x0f,0x38,0x00;
+	push @opcode,0xc0|($1&7)|(($2&7)<<3);		# ModR/M
+	@opcode;
+    } else {
+	();
+    }
+};
+
+my $palignr = sub {
+    if (shift =~ /\$([0-9]+),\s*%xmm([0-9]+),\s*%xmm([0-9]+)/) {
+      my @opcode=(0x66);
+	rex(\@opcode,$3,$2);
+	push @opcode,0x0f,0x3a,0x0f;
+	push @opcode,0xc0|($2&7)|(($3&7)<<3);		# ModR/M
+	push @opcode,$1;
+	@opcode;
+    } else {
+	();
+    }
+};
+
+my $pclmulqdq = sub {
+    if (shift =~ /\$([x0-9a-f]+),\s*%xmm([0-9]+),\s*%xmm([0-9]+)/) {
+      my @opcode=(0x66);
+	rex(\@opcode,$3,$2);
+	push @opcode,0x0f,0x3a,0x44;
+	push @opcode,0xc0|($2&7)|(($3&7)<<3);		# ModR/M
+	my $c=$1;
+	push @opcode,$c=~/^0/?oct($c):$c;
+	@opcode;
+    } else {
+	();
+    }
+};
+
+my $rdrand = sub {
+    if (shift =~ /%[er](\w+)/) {
+      my @opcode=();
+      my $dst=$1;
+	if ($dst !~ /[0-9]+/) { $dst = $regrm{"%e$dst"}; }
+	rex(\@opcode,0,$dst,8);
+	push @opcode,0x0f,0xc7,0xf0|($dst&7);
+	@opcode;
+    } else {
+	();
+    }
+};
+
+my $rdseed = sub {
+    if (shift =~ /%[er](\w+)/) {
+      my @opcode=();
+      my $dst=$1;
+	if ($dst !~ /[0-9]+/) { $dst = $regrm{"%e$dst"}; }
+	rex(\@opcode,0,$dst,8);
+	push @opcode,0x0f,0xc7,0xf8|($dst&7);
+	@opcode;
+    } else {
+	();
+    }
+};
+
+# Not all AVX-capable assemblers recognize AMD XOP extension. Since we
+# are using only two instructions hand-code them in order to be excused
+# from chasing assembler versions...
+
+sub rxb {
+ my $opcode=shift;
+ my ($dst,$src1,$src2,$rxb)=@_;
+
+   $rxb|=0x7<<5;
+   $rxb&=~(0x04<<5) if($dst>=8);
+   $rxb&=~(0x01<<5) if($src1>=8);
+   $rxb&=~(0x02<<5) if($src2>=8);
+   push @$opcode,$rxb;
+}
+
+my $vprotd = sub {
+    if (shift =~ /\$([x0-9a-f]+),\s*%xmm([0-9]+),\s*%xmm([0-9]+)/) {
+      my @opcode=(0x8f);
+	rxb(\@opcode,$3,$2,-1,0x08);
+	push @opcode,0x78,0xc2;
+	push @opcode,0xc0|($2&7)|(($3&7)<<3);		# ModR/M
+	my $c=$1;
+	push @opcode,$c=~/^0/?oct($c):$c;
+	@opcode;
+    } else {
+	();
+    }
+};
+
+my $vprotq = sub {
+    if (shift =~ /\$([x0-9a-f]+),\s*%xmm([0-9]+),\s*%xmm([0-9]+)/) {
+      my @opcode=(0x8f);
+	rxb(\@opcode,$3,$2,-1,0x08);
+	push @opcode,0x78,0xc3;
+	push @opcode,0xc0|($2&7)|(($3&7)<<3);		# ModR/M
+	my $c=$1;
+	push @opcode,$c=~/^0/?oct($c):$c;
+	@opcode;
+    } else {
+	();
+    }
+};
+
+# Intel Control-flow Enforcement Technology extension. All functions and
+# indirect branch targets will have to start with this instruction...
+
+my $endbranch = sub {
+    (0xf3,0x0f,0x1e,0xfa);
+};
+
+########################################################################
+
+if ($nasm) {
+    print <<___;
+default	rel
+%define XMMWORD
+%define YMMWORD
+%define ZMMWORD
+___
+} elsif ($masm) {
+    print <<___;
+OPTION	DOTNAME
+___
+}
+while(defined(my $line=<>)) {
+
+    $line =~ s|\R$||;           # Better chomp
+
+    $line =~ s|[#!].*$||;	# get rid of asm-style comments...
+    $line =~ s|/\*.*\*/||;	# ... and C-style comments...
+    $line =~ s|^\s+||;		# ... and skip white spaces in beginning
+    $line =~ s|\s+$||;		# ... and at the end
+
+    if (my $label=label->re(\$line))	{ print $label->out(); }
+
+    if (my $directive=directive->re(\$line)) {
+	printf "%s",$directive->out();
+    } elsif (my $opcode=opcode->re(\$line)) {
+	my $asm = eval("\$".$opcode->mnemonic());
+
+	if ((ref($asm) eq 'CODE') && scalar(my @bytes=&$asm($line))) {
+	    print $gas?".byte\t":"DB\t",join(',',@bytes),"\n";
+	    next;
+	}
+
+	my @args;
+	ARGUMENT: while (1) {
+	    my $arg;
+
+	    ($arg=register->re(\$line, $opcode))||
+	    ($arg=const->re(\$line))		||
+	    ($arg=ea->re(\$line, $opcode))	||
+	    ($arg=expr->re(\$line, $opcode))	||
+	    last ARGUMENT;
+
+	    push @args,$arg;
+
+	    last ARGUMENT if ($line !~ /^,/);
+
+	    $line =~ s/^,\s*//;
+	} # ARGUMENT:
+
+	if ($#args>=0) {
+	    my $insn;
+	    my $sz=$opcode->size();
+
+	    if ($gas) {
+		$insn = $opcode->out($#args>=1?$args[$#args]->size():$sz);
+		@args = map($_->out($sz),@args);
+		printf "\t%s\t%s",$insn,join(",",@args);
+	    } else {
+		$insn = $opcode->out();
+		foreach (@args) {
+		    my $arg = $_->out();
+		    # $insn.=$sz compensates for movq, pinsrw, ...
+		    if ($arg =~ /^xmm[0-9]+$/) { $insn.=$sz; $sz="x" if(!$sz); last; }
+		    if ($arg =~ /^ymm[0-9]+$/) { $insn.=$sz; $sz="y" if(!$sz); last; }
+		    if ($arg =~ /^zmm[0-9]+$/) { $insn.=$sz; $sz="z" if(!$sz); last; }
+		    if ($arg =~ /^mm[0-9]+$/)  { $insn.=$sz; $sz="q" if(!$sz); last; }
+		}
+		@args = reverse(@args);
+		undef $sz if ($nasm && $opcode->mnemonic() eq "lea");
+		printf "\t%s\t%s",$insn,join(",",map($_->out($sz),@args));
+	    }
+	} else {
+	    printf "\t%s",$opcode->out();
+	}
+    }
+
+    print $line,"\n";
+}
+
+print "\n$current_segment\tENDS\n"	if ($current_segment && $masm);
+print "END\n"				if ($masm);
+
+close STDOUT;
+
+#################################################
+# Cross-reference x86_64 ABI "card"
+#
+# 		Unix		Win64
+# %rax		*		*
+# %rbx		-		-
+# %rcx		#4		#1
+# %rdx		#3		#2
+# %rsi		#2		-
+# %rdi		#1		-
+# %rbp		-		-
+# %rsp		-		-
+# %r8		#5		#3
+# %r9		#6		#4
+# %r10		*		*
+# %r11		*		*
+# %r12		-		-
+# %r13		-		-
+# %r14		-		-
+# %r15		-		-
+#
+# (*)	volatile register
+# (-)	preserved by callee
+# (#)	Nth argument, volatile
+#
+# In Unix terms top of stack is argument transfer area for arguments
+# which could not be accommodated in registers. Or in other words 7th
+# [integer] argument resides at 8(%rsp) upon function entry point.
+# 128 bytes above %rsp constitute a "red zone" which is not touched
+# by signal handlers and can be used as temporal storage without
+# allocating a frame.
+#
+# In Win64 terms N*8 bytes on top of stack is argument transfer area,
+# which belongs to/can be overwritten by callee. N is the number of
+# arguments passed to callee, *but* not less than 4! This means that
+# upon function entry point 5th argument resides at 40(%rsp), as well
+# as that 32 bytes from 8(%rsp) can always be used as temporal
+# storage [without allocating a frame]. One can actually argue that
+# one can assume a "red zone" above stack pointer under Win64 as well.
+# Point is that at apparently no occasion Windows kernel would alter
+# the area above user stack pointer in true asynchronous manner...
+#
+# All the above means that if assembler programmer adheres to Unix
+# register and stack layout, but disregards the "red zone" existence,
+# it's possible to use following prologue and epilogue to "gear" from
+# Unix to Win64 ABI in leaf functions with not more than 6 arguments.
+#
+# omnipotent_function:
+# ifdef WIN64
+#	movq	%rdi,8(%rsp)
+#	movq	%rsi,16(%rsp)
+#	movq	%rcx,%rdi	; if 1st argument is actually present
+#	movq	%rdx,%rsi	; if 2nd argument is actually ...
+#	movq	%r8,%rdx	; if 3rd argument is ...
+#	movq	%r9,%rcx	; if 4th argument ...
+#	movq	40(%rsp),%r8	; if 5th ...
+#	movq	48(%rsp),%r9	; if 6th ...
+# endif
+#	...
+# ifdef WIN64
+#	movq	8(%rsp),%rdi
+#	movq	16(%rsp),%rsi
+# endif
+#	ret
+#
+#################################################
+# Win64 SEH, Structured Exception Handling.
+#
+# Unlike on Unix systems(*) lack of Win64 stack unwinding information
+# has undesired side-effect at run-time: if an exception is raised in
+# assembler subroutine such as those in question (basically we're
+# referring to segmentation violations caused by malformed input
+# parameters), the application is briskly terminated without invoking
+# any exception handlers, most notably without generating memory dump
+# or any user notification whatsoever. This poses a problem. It's
+# possible to address it by registering custom language-specific
+# handler that would restore processor context to the state at
+# subroutine entry point and return "exception is not handled, keep
+# unwinding" code. Writing such handler can be a challenge... But it's
+# doable, though requires certain coding convention. Consider following
+# snippet:
+#
+# .type	function,@function
+# function:
+#	movq	%rsp,%rax	# copy rsp to volatile register
+#	pushq	%r15		# save non-volatile registers
+#	pushq	%rbx
+#	pushq	%rbp
+#	movq	%rsp,%r11
+#	subq	%rdi,%r11	# prepare [variable] stack frame
+#	andq	$-64,%r11
+#	movq	%rax,0(%r11)	# check for exceptions
+#	movq	%r11,%rsp	# allocate [variable] stack frame
+#	movq	%rax,0(%rsp)	# save original rsp value
+# magic_point:
+#	...
+#	movq	0(%rsp),%rcx	# pull original rsp value
+#	movq	-24(%rcx),%rbp	# restore non-volatile registers
+#	movq	-16(%rcx),%rbx
+#	movq	-8(%rcx),%r15
+#	movq	%rcx,%rsp	# restore original rsp
+# magic_epilogue:
+#	ret
+# .size function,.-function
+#
+# The key is that up to magic_point copy of original rsp value remains
+# in chosen volatile register and no non-volatile register, except for
+# rsp, is modified. While past magic_point rsp remains constant till
+# the very end of the function. In this case custom language-specific
+# exception handler would look like this:
+#
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
+# {	ULONG64 *rsp = (ULONG64 *)context->Rax;
+#	ULONG64  rip = context->Rip;
+#
+#	if (rip >= magic_point)
+#	{   rsp = (ULONG64 *)context->Rsp;
+#	    if (rip < magic_epilogue)
+#	    {	rsp = (ULONG64 *)rsp[0];
+#		context->Rbp = rsp[-3];
+#		context->Rbx = rsp[-2];
+#		context->R15 = rsp[-1];
+#	    }
+#	}
+#	context->Rsp = (ULONG64)rsp;
+#	context->Rdi = rsp[1];
+#	context->Rsi = rsp[2];
+#
+#	memcpy (disp->ContextRecord,context,sizeof(CONTEXT));
+#	RtlVirtualUnwind(UNW_FLAG_NHANDLER,disp->ImageBase,
+#		dips->ControlPc,disp->FunctionEntry,disp->ContextRecord,
+#		&disp->HandlerData,&disp->EstablisherFrame,NULL);
+#	return ExceptionContinueSearch;
+# }
+#
+# It's appropriate to implement this handler in assembler, directly in
+# function's module. In order to do that one has to know members'
+# offsets in CONTEXT and DISPATCHER_CONTEXT structures and some constant
+# values. Here they are:
+#
+#	CONTEXT.Rax				120
+#	CONTEXT.Rcx				128
+#	CONTEXT.Rdx				136
+#	CONTEXT.Rbx				144
+#	CONTEXT.Rsp				152
+#	CONTEXT.Rbp				160
+#	CONTEXT.Rsi				168
+#	CONTEXT.Rdi				176
+#	CONTEXT.R8				184
+#	CONTEXT.R9				192
+#	CONTEXT.R10				200
+#	CONTEXT.R11				208
+#	CONTEXT.R12				216
+#	CONTEXT.R13				224
+#	CONTEXT.R14				232
+#	CONTEXT.R15				240
+#	CONTEXT.Rip				248
+#	CONTEXT.Xmm6				512
+#	sizeof(CONTEXT)				1232
+#	DISPATCHER_CONTEXT.ControlPc		0
+#	DISPATCHER_CONTEXT.ImageBase		8
+#	DISPATCHER_CONTEXT.FunctionEntry	16
+#	DISPATCHER_CONTEXT.EstablisherFrame	24
+#	DISPATCHER_CONTEXT.TargetIp		32
+#	DISPATCHER_CONTEXT.ContextRecord	40
+#	DISPATCHER_CONTEXT.LanguageHandler	48
+#	DISPATCHER_CONTEXT.HandlerData		56
+#	UNW_FLAG_NHANDLER			0
+#	ExceptionContinueSearch			1
+#
+# In order to tie the handler to the function one has to compose
+# couple of structures: one for .xdata segment and one for .pdata.
+#
+# UNWIND_INFO structure for .xdata segment would be
+#
+# function_unwind_info:
+#	.byte	9,0,0,0
+#	.rva	handler
+#
+# This structure designates exception handler for a function with
+# zero-length prologue, no stack frame or frame register.
+#
+# To facilitate composing of .pdata structures, auto-generated "gear"
+# prologue copies rsp value to rax and denotes next instruction with
+# .LSEH_begin_{function_name} label. This essentially defines the SEH
+# styling rule mentioned in the beginning. Position of this label is
+# chosen in such manner that possible exceptions raised in the "gear"
+# prologue would be accounted to caller and unwound from latter's frame.
+# End of function is marked with respective .LSEH_end_{function_name}
+# label. To summarize, .pdata segment would contain
+#
+#	.rva	.LSEH_begin_function
+#	.rva	.LSEH_end_function
+#	.rva	function_unwind_info
+#
+# Reference to function_unwind_info from .xdata segment is the anchor.
+# In case you wonder why references are 32-bit .rvas and not 64-bit
+# .quads. References put into these two segments are required to be
+# *relative* to the base address of the current binary module, a.k.a.
+# image base. No Win64 module, be it .exe or .dll, can be larger than
+# 2GB and thus such relative references can be and are accommodated in
+# 32 bits.
+#
+# Having reviewed the example function code, one can argue that "movq
+# %rsp,%rax" above is redundant. It is not! Keep in mind that on Unix
+# rax would contain an undefined value. If this "offends" you, use
+# another register and refrain from modifying rax till magic_point is
+# reached, i.e. as if it was a non-volatile register. If more registers
+# are required prior [variable] frame setup is completed, note that
+# nobody says that you can have only one "magic point." You can
+# "liberate" non-volatile registers by denoting last stack off-load
+# instruction and reflecting it in finer grade unwind logic in handler.
+# After all, isn't it why it's called *language-specific* handler...
+#
+# SE handlers are also involved in unwinding stack when executable is
+# profiled or debugged. Profiling implies additional limitations that
+# are too subtle to discuss here. For now it's sufficient to say that
+# in order to simplify handlers one should either a) offload original
+# %rsp to stack (like discussed above); or b) if you have a register to
+# spare for frame pointer, choose volatile one.
+#
+# (*)	Note that we're talking about run-time, not debug-time. Lack of
+#	unwind information makes debugging hard on both Windows and
+#	Unix. "Unlike" refers to the fact that on Unix signal handler
+#	will always be invoked, core dumped and appropriate exit code
+#	returned to parent (for user notification).
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/perlasm/x86asm.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/perlasm/x86asm.pl
new file mode 100644
index 000000000..29dc1a2cf
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/perlasm/x86asm.pl
@@ -0,0 +1,303 @@
+#! /usr/bin/env perl
+# Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# require 'x86asm.pl';
+# &asm_init(<flavor>[,$i386only]);
+# &function_begin("foo");
+# ...
+# &function_end("foo");
+# &asm_finish
+
+$out=();
+$i386=0;
+
+# AUTOLOAD is this context has quite unpleasant side effect, namely
+# that typos in function calls effectively go to assembler output,
+# but on the pros side we don't have to implement one subroutine per
+# each opcode...
+sub ::AUTOLOAD
+{ my $opcode = $AUTOLOAD;
+
+    die "more than 4 arguments passed to $opcode" if ($#_>3);
+
+    $opcode =~ s/.*:://;
+    if    ($opcode =~ /^push/) { $stack+=4; }
+    elsif ($opcode =~ /^pop/)  { $stack-=4; }
+
+    &generic($opcode,@_) or die "undefined subroutine \&$AUTOLOAD";
+}
+
+sub ::emit
+{ my $opcode=shift;
+
+    if ($#_==-1)    { push(@out,"\t$opcode\n");				}
+    else            { push(@out,"\t$opcode\t".join(',',@_)."\n");	}
+}
+
+sub ::LB
+{   $_[0] =~ m/^e?([a-d])x$/o or die "$_[0] does not have a 'low byte'";
+  $1."l";
+}
+sub ::HB
+{   $_[0] =~ m/^e?([a-d])x$/o or die "$_[0] does not have a 'high byte'";
+  $1."h";
+}
+sub ::stack_push{ my $num=$_[0]*4; $stack+=$num; &sub("esp",$num);	}
+sub ::stack_pop	{ my $num=$_[0]*4; $stack-=$num; &add("esp",$num);	}
+sub ::blindpop	{ &pop($_[0]); $stack+=4;				}
+sub ::wparam	{ &DWP($stack+4*$_[0],"esp");				}
+sub ::swtmp	{ &DWP(4*$_[0],"esp");					}
+
+sub ::bswap
+{   if ($i386)	# emulate bswap for i386
+    {	&comment("bswap @_");
+	&xchg(&HB(@_),&LB(@_));
+	&ror (@_,16);
+	&xchg(&HB(@_),&LB(@_));
+    }
+    else
+    {	&generic("bswap",@_);	}
+}
+# These are made-up opcodes introduced over the years essentially
+# by ignorance, just alias them to real ones...
+sub ::movb	{ &mov(@_);	}
+sub ::xorb	{ &xor(@_);	}
+sub ::rotl	{ &rol(@_);	}
+sub ::rotr	{ &ror(@_);	}
+sub ::exch	{ &xchg(@_);	}
+sub ::halt	{ &hlt;		}
+sub ::movz	{ &movzx(@_);	}
+sub ::pushf	{ &pushfd;	}
+sub ::popf	{ &popfd;	}
+
+# 3 argument instructions
+sub ::movq
+{ my($p1,$p2,$optimize)=@_;
+
+    if ($optimize && $p1=~/^mm[0-7]$/ && $p2=~/^mm[0-7]$/)
+    # movq between mmx registers can sink Intel CPUs
+    {	&::pshufw($p1,$p2,0xe4);		}
+    else
+    {	&::generic("movq",@_);			}
+}
+
+# SSE>2 instructions
+my %regrm = (	"eax"=>0, "ecx"=>1, "edx"=>2, "ebx"=>3,
+		"esp"=>4, "ebp"=>5, "esi"=>6, "edi"=>7	);
+sub ::pextrd
+{ my($dst,$src,$imm)=@_;
+    if ("$dst:$src" =~ /(e[a-dsd][ixp]):xmm([0-7])/)
+    {	&::data_byte(0x66,0x0f,0x3a,0x16,0xc0|($2<<3)|$regrm{$1},$imm);	}
+    else
+    {	&::generic("pextrd",@_);		}
+}
+
+sub ::pinsrd
+{ my($dst,$src,$imm)=@_;
+    if ("$dst:$src" =~ /xmm([0-7]):(e[a-dsd][ixp])/)
+    {	&::data_byte(0x66,0x0f,0x3a,0x22,0xc0|($1<<3)|$regrm{$2},$imm);	}
+    else
+    {	&::generic("pinsrd",@_);		}
+}
+
+sub ::pshufb
+{ my($dst,$src)=@_;
+    if ("$dst:$src" =~ /xmm([0-7]):xmm([0-7])/)
+    {	&data_byte(0x66,0x0f,0x38,0x00,0xc0|($1<<3)|$2);	}
+    else
+    {	&::generic("pshufb",@_);		}
+}
+
+sub ::palignr
+{ my($dst,$src,$imm)=@_;
+    if ("$dst:$src" =~ /xmm([0-7]):xmm([0-7])/)
+    {	&::data_byte(0x66,0x0f,0x3a,0x0f,0xc0|($1<<3)|$2,$imm);	}
+    else
+    {	&::generic("palignr",@_);		}
+}
+
+sub ::pclmulqdq
+{ my($dst,$src,$imm)=@_;
+    if ("$dst:$src" =~ /xmm([0-7]):xmm([0-7])/)
+    {	&::data_byte(0x66,0x0f,0x3a,0x44,0xc0|($1<<3)|$2,$imm);	}
+    else
+    {	&::generic("pclmulqdq",@_);		}
+}
+
+sub ::rdrand
+{ my ($dst)=@_;
+    if ($dst =~ /(e[a-dsd][ixp])/)
+    {	&::data_byte(0x0f,0xc7,0xf0|$regrm{$dst});	}
+    else
+    {	&::generic("rdrand",@_);	}
+}
+
+sub ::rdseed
+{ my ($dst)=@_;
+    if ($dst =~ /(e[a-dsd][ixp])/)
+    {	&::data_byte(0x0f,0xc7,0xf8|$regrm{$dst});	}
+    else
+    {	&::generic("rdrand",@_);	}
+}
+
+sub rxb {
+ local *opcode=shift;
+ my ($dst,$src1,$src2,$rxb)=@_;
+
+   $rxb|=0x7<<5;
+   $rxb&=~(0x04<<5) if($dst>=8);
+   $rxb&=~(0x01<<5) if($src1>=8);
+   $rxb&=~(0x02<<5) if($src2>=8);
+   push @opcode,$rxb;
+}
+
+sub ::vprotd
+{ my $args=join(',',@_);
+    if ($args =~ /xmm([0-7]),xmm([0-7]),([x0-9a-f]+)/)
+    { my @opcode=(0x8f);
+	rxb(\@opcode,$1,$2,-1,0x08);
+	push @opcode,0x78,0xc2;
+	push @opcode,0xc0|($2&7)|(($1&7)<<3);		# ModR/M
+	my $c=$3;
+	push @opcode,$c=~/^0/?oct($c):$c;
+	&::data_byte(@opcode);
+    }
+    else
+    {	&::generic("vprotd",@_);	}
+}
+
+sub ::endbranch
+{
+    &::data_byte(0xf3,0x0f,0x1e,0xfb);
+}
+
+# label management
+$lbdecor="L";		# local label decoration, set by package
+$label="000";
+
+sub ::islabel		# see is argument is a known label
+{ my $i;
+    foreach $i (values %label) { return $i if ($i eq $_[0]); }
+  $label{$_[0]};	# can be undef
+}
+
+sub ::label		# instantiate a function-scope label
+{   if (!defined($label{$_[0]}))
+    {	$label{$_[0]}="${lbdecor}${label}${_[0]}"; $label++;   }
+  $label{$_[0]};
+}
+
+sub ::LABEL		# instantiate a file-scope label
+{   $label{$_[0]}=$_[1] if (!defined($label{$_[0]}));
+  $label{$_[0]};
+}
+
+sub ::static_label	{ &::LABEL($_[0],$lbdecor.$_[0]); }
+
+sub ::set_label_B	{ push(@out,"@_:\n"); }
+sub ::set_label
+{ my $label=&::label($_[0]);
+    &::align($_[1]) if ($_[1]>1);
+    &::set_label_B($label);
+  $label;
+}
+
+sub ::wipe_labels	# wipes function-scope labels
+{   foreach $i (keys %label)
+    {	delete $label{$i} if ($label{$i} =~ /^\Q${lbdecor}\E[0-9]{3}/);	}
+}
+
+# subroutine management
+sub ::function_begin
+{   &function_begin_B(@_);
+    $stack=4;
+    &push("ebp");
+    &push("ebx");
+    &push("esi");
+    &push("edi");
+}
+
+sub ::function_end
+{   &pop("edi");
+    &pop("esi");
+    &pop("ebx");
+    &pop("ebp");
+    &ret();
+    &function_end_B(@_);
+    $stack=0;
+    &wipe_labels();
+}
+
+sub ::function_end_A
+{   &pop("edi");
+    &pop("esi");
+    &pop("ebx");
+    &pop("ebp");
+    &ret();
+    $stack+=16;	# readjust esp as if we didn't pop anything
+}
+
+sub ::asciz
+{ my @str=unpack("C*",shift);
+    push @str,0;
+    while ($#str>15) {
+	&data_byte(@str[0..15]);
+	foreach (0..15) { shift @str; }
+    }
+    &data_byte(@str) if (@str);
+}
+
+sub ::asm_finish
+{   &file_end();
+    print @out;
+}
+
+sub ::asm_init
+{ my ($type,$cpu)=@_;
+
+    $i386=$cpu;
+
+    $elf=$cpp=$coff=$aout=$macosx=$win32=$mwerks=$android=0;
+    if    (($type eq "elf"))
+    {	$elf=1;			require "x86gas.pl";	}
+    elsif (($type eq "elf-1"))
+    {	$elf=-1;		require "x86gas.pl";	}
+    elsif (($type eq "a\.out"))
+    {	$aout=1;		require "x86gas.pl";	}
+    elsif (($type eq "coff" or $type eq "gaswin"))
+    {	$coff=1;		require "x86gas.pl";	}
+    elsif (($type eq "win32n"))
+    {	$win32=1;		require "x86nasm.pl";	}
+    elsif (($type eq "win32"))
+    {	$win32=1;		require "x86masm.pl";	}
+    elsif (($type eq "macosx"))
+    {	$aout=1; $macosx=1;	require "x86gas.pl";	}
+    elsif (($type eq "android"))
+    {	$elf=1; $android=1;	require "x86gas.pl";	}
+    else
+    {	print STDERR <<"EOF";
+Pick one target type from
+	elf	- Linux, FreeBSD, Solaris x86, etc.
+	a.out	- DJGPP, elder OpenBSD, etc.
+	coff	- GAS/COFF such as Win32 targets
+	win32n	- Windows 95/Windows NT NASM format
+	macosx	- Mac OS X
+EOF
+	exit(1);
+    }
+
+    $pic=0;
+    for (@ARGV) { $pic=1 if (/\-[fK]PIC/i); }
+
+    &file();
+}
+
+sub ::hidden {}
+
+1;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/perlasm/x86gas.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/perlasm/x86gas.pl
new file mode 100644
index 000000000..5c7ea3880
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/perlasm/x86gas.pl
@@ -0,0 +1,265 @@
+#! /usr/bin/env perl
+# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+package x86gas;
+
+*out=\@::out;
+
+$::lbdecor=$::aout?"L":".L";		# local label decoration
+$nmdecor=($::aout or $::coff)?"_":"";	# external name decoration
+
+$initseg="";
+
+$align=16;
+$align=log($align)/log(2) if ($::aout);
+$com_start="#" if ($::aout or $::coff);
+
+sub opsize()
+{ my $reg=shift;
+    if    ($reg =~ m/^%e/o)		{ "l"; }
+    elsif ($reg =~ m/^%[a-d][hl]$/o)	{ "b"; }
+    elsif ($reg =~ m/^%[yxm]/o)		{ undef; }
+    else				{ "w"; }
+}
+
+# swap arguments;
+# expand opcode with size suffix;
+# prefix numeric constants with $;
+sub ::generic
+{ my($opcode,@arg)=@_;
+  my($suffix,$dst,$src);
+
+    @arg=reverse(@arg);
+
+    for (@arg)
+    {	s/^(\*?)(e?[a-dsixphl]{2})$/$1%$2/o;	# gp registers
+	s/^([xy]?mm[0-7])$/%$1/o;		# xmm/mmx registers
+	s/^(\-?[0-9]+)$/\$$1/o;			# constants
+	s/^(\-?0x[0-9a-f]+)$/\$$1/o;		# constants
+    }
+
+    $dst = $arg[$#arg]		if ($#arg>=0);
+    $src = $arg[$#arg-1]	if ($#arg>=1);
+    if    ($dst =~ m/^%/o)	{ $suffix=&opsize($dst); }
+    elsif ($src =~ m/^%/o)	{ $suffix=&opsize($src); }
+    else			{ $suffix="l";           }
+    undef $suffix if ($dst =~ m/^%[xm]/o || $src =~ m/^%[xm]/o);
+
+    if ($#_==0)				{ &::emit($opcode);		}
+    elsif ($#_==1 && $opcode =~ m/^(call|clflush|j|loop|set)/o)
+					{ &::emit($opcode,@arg);	}
+    else				{ &::emit($opcode.$suffix,@arg);}
+
+  1;
+}
+#
+# opcodes not covered by ::generic above, mostly inconsistent namings...
+#
+sub ::movzx	{ &::movzb(@_);			}
+sub ::pushfd	{ &::pushfl;			}
+sub ::popfd	{ &::popfl;			}
+sub ::cpuid	{ &::emit(".byte\t0x0f,0xa2");	}
+sub ::rdtsc	{ &::emit(".byte\t0x0f,0x31");	}
+
+sub ::call	{ &::emit("call",(&::islabel($_[0]) or "$nmdecor$_[0]")); }
+sub ::call_ptr	{ &::generic("call","*$_[0]");	}
+sub ::jmp_ptr	{ &::generic("jmp","*$_[0]");	}
+
+*::bswap = sub	{ &::emit("bswap","%$_[0]");	} if (!$::i386);
+
+sub ::DWP
+{ my($addr,$reg1,$reg2,$idx)=@_;
+  my $ret="";
+
+    if (!defined($idx) && 1*$reg2) { $idx=$reg2; $reg2=$reg1; undef $reg1; }
+
+    $addr =~ s/^\s+//;
+    # prepend global references with optional underscore
+    $addr =~ s/^([^\+\-0-9][^\+\-]*)/&::islabel($1) or "$nmdecor$1"/ige;
+
+    $reg1 = "%$reg1" if ($reg1);
+    $reg2 = "%$reg2" if ($reg2);
+
+    $ret .= $addr if (($addr ne "") && ($addr ne 0));
+
+    if ($reg2)
+    {	$idx!= 0 or $idx=1;
+	$ret .= "($reg1,$reg2,$idx)";
+    }
+    elsif ($reg1)
+    {	$ret .= "($reg1)";	}
+
+  $ret;
+}
+sub ::QWP	{ &::DWP(@_);	}
+sub ::BP	{ &::DWP(@_);	}
+sub ::WP	{ &::DWP(@_);	}
+sub ::BC	{ @_;		}
+sub ::DWC	{ @_;		}
+
+sub ::file
+{   push(@out,".text\n");	}
+
+sub ::function_begin_B
+{ my $func=shift;
+  my $global=($func !~ /^_/);
+  my $begin="${::lbdecor}_${func}_begin";
+
+    &::LABEL($func,$global?"$begin":"$nmdecor$func");
+    $func=$nmdecor.$func;
+
+    push(@out,".globl\t$func\n")	if ($global);
+    if ($::coff)
+    {	push(@out,".def\t$func;\t.scl\t".(3-$global).";\t.type\t32;\t.endef\n"); }
+    elsif (($::aout and !$::pic) or $::macosx)
+    { }
+    else
+    {	push(@out,".type	$func,\@function\n"); }
+    push(@out,".align\t$align\n");
+    push(@out,"$func:\n");
+    push(@out,"$begin:\n")		if ($global);
+    $::stack=4;
+}
+
+sub ::function_end_B
+{ my $func=shift;
+    push(@out,".size\t$nmdecor$func,.-".&::LABEL($func)."\n") if ($::elf);
+    $::stack=0;
+    &::wipe_labels();
+}
+
+sub ::comment
+	{
+	if (!defined($com_start) or $::elf)
+		{	# Regarding $::elf above...
+			# GNU and SVR4 as'es use different comment delimiters,
+		push(@out,"\n");	# so we just skip ELF comments...
+		return;
+		}
+	foreach (@_)
+		{
+		if (/^\s*$/)
+			{ push(@out,"\n"); }
+		else
+			{ push(@out,"\t$com_start $_ $com_end\n"); }
+		}
+	}
+
+sub ::external_label
+{   foreach(@_) { &::LABEL($_,$nmdecor.$_); }   }
+
+sub ::public_label
+{   push(@out,".globl\t".&::LABEL($_[0],$nmdecor.$_[0])."\n");   }
+
+sub ::file_end
+{   if ($::macosx)
+    {	if (%non_lazy_ptr)
+    	{   push(@out,".section __IMPORT,__pointers,non_lazy_symbol_pointers\n");
+	    foreach $i (keys %non_lazy_ptr)
+	    {	push(@out,"$non_lazy_ptr{$i}:\n.indirect_symbol\t$i\n.long\t0\n");   }
+	}
+    }
+    if (grep {/\b${nmdecor}OPENSSL_ia32cap_P\b/i} @out) {
+	my $tmp=".comm\t${nmdecor}OPENSSL_ia32cap_P,16";
+	if ($::macosx)	{ push (@out,"$tmp,2\n"); }
+	elsif ($::elf)	{ push (@out,"$tmp,4\n"); }
+	else		{ push (@out,"$tmp\n"); }
+    }
+    push(@out,$initseg) if ($initseg);
+}
+
+sub ::data_byte	{   push(@out,".byte\t".join(',',@_)."\n");   }
+sub ::data_short{   push(@out,".value\t".join(',',@_)."\n");  }
+sub ::data_word {   push(@out,".long\t".join(',',@_)."\n");   }
+
+sub ::align
+{ my $val=$_[0];
+    if ($::aout)
+    {	$val=int(log($val)/log(2));
+	$val.=",0x90";
+    }
+    push(@out,".align\t$val\n");
+}
+
+sub ::picmeup
+{ my($dst,$sym,$base,$reflabel)=@_;
+
+    if (($::pic && ($::elf || $::aout)) || $::macosx)
+    {	if (!defined($base))
+	{   &::call(&::label("PIC_me_up"));
+	    &::set_label("PIC_me_up");
+	    &::blindpop($dst);
+	    $base=$dst;
+	    $reflabel=&::label("PIC_me_up");
+	}
+	if ($::macosx)
+	{   my $indirect=&::static_label("$nmdecor$sym\$non_lazy_ptr");
+	    &::mov($dst,&::DWP("$indirect-$reflabel",$base));
+	    $non_lazy_ptr{"$nmdecor$sym"}=$indirect;
+	}
+	elsif ($sym eq "OPENSSL_ia32cap_P" && $::elf>0)
+	{   &::lea($dst,&::DWP("$sym-$reflabel",$base));   }
+	else
+	{   &::lea($dst,&::DWP("_GLOBAL_OFFSET_TABLE_+[.-$reflabel]",
+			    $base));
+	    &::mov($dst,&::DWP("$sym\@GOT",$dst));
+	}
+    }
+    else
+    {	&::lea($dst,&::DWP($sym));	}
+}
+
+sub ::initseg
+{ my $f=$nmdecor.shift;
+
+    if ($::android)
+    {	$initseg.=<<___;
+.section	.init_array
+.align	4
+.long	$f
+___
+    }
+    elsif ($::elf)
+    {	$initseg.=<<___;
+.section	.init
+	call	$f
+___
+    }
+    elsif ($::coff)
+    {   $initseg.=<<___;	# applies to both Cygwin and Mingw
+.section	.ctors
+.long	$f
+___
+    }
+    elsif ($::macosx)
+    {	$initseg.=<<___;
+.mod_init_func
+.align 2
+.long   $f
+___
+    }
+    elsif ($::aout)
+    {	my $ctor="${nmdecor}_GLOBAL_\$I\$$f";
+	$initseg.=".text\n";
+	$initseg.=".type	$ctor,\@function\n" if ($::pic);
+	$initseg.=<<___;	# OpenBSD way...
+.globl	$ctor
+.align	2
+$ctor:
+	jmp	$f
+___
+    }
+}
+
+sub ::dataseg
+{   push(@out,".data\n");   }
+
+*::hidden = sub { push(@out,".hidden\t$nmdecor$_[0]\n"); } if ($::elf);
+
+1;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/perlasm/x86masm.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/perlasm/x86masm.pl
new file mode 100644
index 000000000..dffee7621
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/perlasm/x86masm.pl
@@ -0,0 +1,206 @@
+#! /usr/bin/env perl
+# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+package x86masm;
+
+*out=\@::out;
+
+$::lbdecor="\$L";	# local label decoration
+$nmdecor="_";		# external name decoration
+
+$initseg="";
+$segment="";
+
+sub ::generic
+{ my ($opcode,@arg)=@_;
+
+    # fix hexadecimal constants
+    for (@arg) { s/(?<![\w\$\.])0x([0-9a-f]+)/0$1h/oi; }
+
+    if ($opcode =~ /lea/ && @arg[1] =~ s/.*PTR\s+(\(.*\))$/OFFSET $1/)	# no []
+    {	$opcode="mov";	}
+    elsif ($opcode !~ /mov[dq]$/)
+    {	# fix xmm references
+	$arg[0] =~ s/\b[A-Z]+WORD\s+PTR/XMMWORD PTR/i if ($arg[-1]=~/\bxmm[0-7]\b/i);
+	$arg[-1] =~ s/\b[A-Z]+WORD\s+PTR/XMMWORD PTR/i if ($arg[0]=~/\bxmm[0-7]\b/i);
+    }
+
+    &::emit($opcode,@arg);
+  1;
+}
+#
+# opcodes not covered by ::generic above, mostly inconsistent namings...
+#
+sub ::call	{ &::emit("call",(&::islabel($_[0]) or "$nmdecor$_[0]")); }
+sub ::call_ptr	{ &::emit("call",@_);	}
+sub ::jmp_ptr	{ &::emit("jmp",@_);	}
+sub ::lock	{ &::data_byte(0xf0);	}
+
+sub get_mem
+{ my($size,$addr,$reg1,$reg2,$idx)=@_;
+  my($post,$ret);
+
+    if (!defined($idx) && 1*$reg2) { $idx=$reg2; $reg2=$reg1; undef $reg1; }
+
+    $ret .= "$size PTR " if ($size ne "");
+
+    $addr =~ s/^\s+//;
+    # prepend global references with optional underscore
+    $addr =~ s/^([^\+\-0-9][^\+\-]*)/&::islabel($1) or "$nmdecor$1"/ige;
+    # put address arithmetic expression in parenthesis
+    $addr="($addr)" if ($addr =~ /^.+[\-\+].+$/);
+
+    if (($addr ne "") && ($addr ne 0))
+    {	if ($addr !~ /^-/)	{ $ret .= "$addr";  }
+	else			{ $post=$addr;      }
+    }
+    $ret .= "[";
+
+    if ($reg2 ne "")
+    {	$idx!=0 or $idx=1;
+	$ret .= "$reg2*$idx";
+	$ret .= "+$reg1" if ($reg1 ne "");
+    }
+    else
+    {	$ret .= "$reg1";   }
+
+    $ret .= "$post]";
+    $ret =~ s/\+\]/]/; # in case $addr was the only argument
+    $ret =~ s/\[\s*\]//;
+
+  $ret;
+}
+sub ::BP	{ &get_mem("BYTE",@_);  }
+sub ::WP	{ &get_mem("WORD",@_);	}
+sub ::DWP	{ &get_mem("DWORD",@_); }
+sub ::QWP	{ &get_mem("QWORD",@_); }
+sub ::BC	{ "@_";  }
+sub ::DWC	{ "@_"; }
+
+sub ::file
+{ my $tmp=<<___;
+IF \@Version LT 800
+ECHO MASM version 8.00 or later is strongly recommended.
+ENDIF
+.686
+.MODEL	FLAT
+OPTION	DOTNAME
+IF \@Version LT 800
+.text\$	SEGMENT PAGE 'CODE'
+ELSE
+.text\$	SEGMENT ALIGN(64) 'CODE'
+ENDIF
+___
+    push(@out,$tmp);
+    $segment = ".text\$";
+}
+
+sub ::function_begin_B
+{ my $func=shift;
+  my $global=($func !~ /^_/);
+  my $begin="${::lbdecor}_${func}_begin";
+
+    &::LABEL($func,$global?"$begin":"$nmdecor$func");
+    $func="ALIGN\t16\n".$nmdecor.$func."\tPROC";
+
+    if ($global)    { $func.=" PUBLIC\n${begin}::\n"; }
+    else	    { $func.=" PRIVATE\n";            }
+    push(@out,$func);
+    $::stack=4;
+}
+sub ::function_end_B
+{ my $func=shift;
+
+    push(@out,"$nmdecor$func ENDP\n");
+    $::stack=0;
+    &::wipe_labels();
+}
+
+sub ::file_end
+{ my $xmmheader=<<___;
+.686
+.XMM
+IF \@Version LT 800
+XMMWORD STRUCT 16
+DQ	2 dup (?)
+XMMWORD	ENDS
+ENDIF
+___
+    if (grep {/\b[x]?mm[0-7]\b/i} @out) {
+	grep {s/\.[3-7]86/$xmmheader/} @out;
+    }
+
+    push(@out,"$segment	ENDS\n");
+
+    if (grep {/\b${nmdecor}OPENSSL_ia32cap_P\b/i} @out)
+    {	my $comm=<<___;
+.bss	SEGMENT 'BSS'
+COMM	${nmdecor}OPENSSL_ia32cap_P:DWORD:4
+.bss	ENDS
+___
+	# comment out OPENSSL_ia32cap_P declarations
+	grep {s/(^EXTERN\s+${nmdecor}OPENSSL_ia32cap_P)/\;$1/} @out;
+	push (@out,$comm);
+    }
+    push (@out,$initseg) if ($initseg);
+    push (@out,"END\n");
+}
+
+sub ::comment {   foreach (@_) { push(@out,"\t; $_\n"); }   }
+
+*::set_label_B = sub
+{ my $l=shift; push(@out,$l.($l=~/^\Q${::lbdecor}\E[0-9]{3}/?":\n":"::\n")); };
+
+sub ::external_label
+{   foreach(@_)
+    {	push(@out, "EXTERN\t".&::LABEL($_,$nmdecor.$_).":NEAR\n");   }
+}
+
+sub ::public_label
+{   push(@out,"PUBLIC\t".&::LABEL($_[0],$nmdecor.$_[0])."\n");   }
+
+sub ::data_byte
+{   push(@out,("DB\t").join(',',splice(@_,0,16))."\n") while(@_);	}
+
+sub ::data_short
+{   push(@out,("DW\t").join(',',splice(@_,0,8))."\n") while(@_);	}
+
+sub ::data_word
+{   push(@out,("DD\t").join(',',splice(@_,0,4))."\n") while(@_);	}
+
+sub ::align
+{   push(@out,"ALIGN\t$_[0]\n");	}
+
+sub ::picmeup
+{ my($dst,$sym)=@_;
+    &::lea($dst,&::DWP($sym));
+}
+
+sub ::initseg
+{ my $f=$nmdecor.shift;
+
+    $initseg.=<<___;
+.CRT\$XCU	SEGMENT DWORD PUBLIC 'DATA'
+EXTERN	$f:NEAR
+DD	$f
+.CRT\$XCU	ENDS
+___
+}
+
+sub ::dataseg
+{   push(@out,"$segment\tENDS\n_DATA\tSEGMENT\n"); $segment="_DATA";   }
+
+sub ::safeseh
+{ my $nm=shift;
+    push(@out,"IF \@Version GE 710\n");
+    push(@out,".SAFESEH	".&::LABEL($nm,$nmdecor.$nm)."\n");
+    push(@out,"ENDIF\n");
+}
+
+1;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/perlasm/x86nasm.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/perlasm/x86nasm.pl
new file mode 100644
index 000000000..4e64dad92
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/perlasm/x86nasm.pl
@@ -0,0 +1,186 @@
+#! /usr/bin/env perl
+# Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+package x86nasm;
+
+*out=\@::out;
+
+$::lbdecor="L\$";		# local label decoration
+$nmdecor="_";			# external name decoration
+$drdecor=$::mwerks?".":"";	# directive decoration
+
+$initseg="";
+
+sub ::generic
+{ my $opcode=shift;
+  my $tmp;
+
+    if (!$::mwerks)
+    {   if    ($opcode =~ m/^j/o && $#_==0) # optimize jumps
+	{   $_[0] = "NEAR $_[0]";   	}
+	elsif ($opcode eq "lea" && $#_==1)  # wipe storage qualifier from lea
+	{   $_[1] =~ s/^[^\[]*\[/\[/o;	}
+	elsif ($opcode eq "clflush" && $#_==0)
+	{   $_[0] =~ s/^[^\[]*\[/\[/o;	}
+    }
+    &::emit($opcode,@_);
+  1;
+}
+#
+# opcodes not covered by ::generic above, mostly inconsistent namings...
+#
+sub ::call	{ &::emit("call",(&::islabel($_[0]) or "$nmdecor$_[0]")); }
+sub ::call_ptr	{ &::emit("call",@_);	}
+sub ::jmp_ptr	{ &::emit("jmp",@_);	}
+
+sub get_mem
+{ my($size,$addr,$reg1,$reg2,$idx)=@_;
+  my($post,$ret);
+
+    if (!defined($idx) && 1*$reg2) { $idx=$reg2; $reg2=$reg1; undef $reg1; }
+
+    if ($size ne "")
+    {	$ret .= "$size";
+	$ret .= " PTR" if ($::mwerks);
+	$ret .= " ";
+    }
+    $ret .= "[";
+
+    $addr =~ s/^\s+//;
+    # prepend global references with optional underscore
+    $addr =~ s/^([^\+\-0-9][^\+\-]*)/::islabel($1) or "$nmdecor$1"/ige;
+    # put address arithmetic expression in parenthesis
+    $addr="($addr)" if ($addr =~ /^.+[\-\+].+$/);
+
+    if (($addr ne "") && ($addr ne 0))
+    {	if ($addr !~ /^-/)	{ $ret .= "$addr+"; }
+	else			{ $post=$addr;      }
+    }
+
+    if ($reg2 ne "")
+    {	$idx!=0 or $idx=1;
+	$ret .= "$reg2*$idx";
+	$ret .= "+$reg1" if ($reg1 ne "");
+    }
+    else
+    {	$ret .= "$reg1";   }
+
+    $ret .= "$post]";
+    $ret =~ s/\+\]/]/; # in case $addr was the only argument
+
+  $ret;
+}
+sub ::BP	{ &get_mem("BYTE",@_);  }
+sub ::DWP	{ &get_mem("DWORD",@_); }
+sub ::WP	{ &get_mem("WORD",@_);	}
+sub ::QWP	{ &get_mem("",@_);      }
+sub ::BC	{ (($::mwerks)?"":"BYTE ")."@_";  }
+sub ::DWC	{ (($::mwerks)?"":"DWORD ")."@_"; }
+
+sub ::file
+{   if ($::mwerks)	{ push(@out,".section\t.text,64\n"); }
+    else
+    { my $tmp=<<___;
+%ifidn __OUTPUT_FORMAT__,obj
+section	code	use32 class=code align=64
+%elifidn __OUTPUT_FORMAT__,win32
+\$\@feat.00 equ 1
+section	.text	code align=64
+%else
+section	.text	code
+%endif
+___
+	push(@out,$tmp);
+    }
+}
+
+sub ::function_begin_B
+{ my $func=shift;
+  my $global=($func !~ /^_/);
+  my $begin="${::lbdecor}_${func}_begin";
+
+    $begin =~ s/^\@/./ if ($::mwerks);	# the torture never stops
+
+    &::LABEL($func,$global?"$begin":"$nmdecor$func");
+    $func=$nmdecor.$func;
+
+    push(@out,"${drdecor}global	$func\n")	if ($global);
+    push(@out,"${drdecor}align	16\n");
+    push(@out,"$func:\n");
+    push(@out,"$begin:\n")			if ($global);
+    $::stack=4;
+}
+
+sub ::function_end_B
+{   $::stack=0;
+    &::wipe_labels();
+}
+
+sub ::file_end
+{   if (grep {/\b${nmdecor}OPENSSL_ia32cap_P\b/i} @out)
+    {	my $comm=<<___;
+${drdecor}segment	.bss
+${drdecor}common	${nmdecor}OPENSSL_ia32cap_P 16
+___
+	# comment out OPENSSL_ia32cap_P declarations
+	grep {s/(^extern\s+${nmdecor}OPENSSL_ia32cap_P)/\;$1/} @out;
+	push (@out,$comm)
+    }
+    push (@out,$initseg) if ($initseg);
+}
+
+sub ::comment {   foreach (@_) { push(@out,"\t; $_\n"); }   }
+
+sub ::external_label
+{   foreach(@_)
+    {	push(@out,"${drdecor}extern\t".&::LABEL($_,$nmdecor.$_)."\n");   }
+}
+
+sub ::public_label
+{   push(@out,"${drdecor}global\t".&::LABEL($_[0],$nmdecor.$_[0])."\n");  }
+
+sub ::data_byte
+{   push(@out,(($::mwerks)?".byte\t":"db\t").join(',',@_)."\n");	}
+sub ::data_short
+{   push(@out,(($::mwerks)?".word\t":"dw\t").join(',',@_)."\n");	}
+sub ::data_word
+{   push(@out,(($::mwerks)?".long\t":"dd\t").join(',',@_)."\n");	}
+
+sub ::align
+{   push(@out,"${drdecor}align\t$_[0]\n");	}
+
+sub ::picmeup
+{ my($dst,$sym)=@_;
+    &::lea($dst,&::DWP($sym));
+}
+
+sub ::initseg
+{ my $f=$nmdecor.shift;
+    if ($::win32)
+    {	$initseg=<<___;
+segment	.CRT\$XCU data align=4
+extern	$f
+dd	$f
+___
+    }
+}
+
+sub ::dataseg
+{   if ($mwerks)	{ push(@out,".section\t.data,4\n");   }
+    else		{ push(@out,"section\t.data align=4\n"); }
+}
+
+sub ::safeseh
+{ my $nm=shift;
+    push(@out,"%if	__NASM_VERSION_ID__ >= 0x02030000\n");
+    push(@out,"safeseh	".&::LABEL($nm,$nmdecor.$nm)."\n");
+    push(@out,"%endif\n");
+}
+
+1;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/build.info
new file mode 100644
index 000000000..b87299e6c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/build.info
@@ -0,0 +1,5 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        p12_add.c p12_asn.c p12_attr.c p12_crpt.c p12_crt.c p12_decr.c \
+        p12_init.c p12_key.c p12_kiss.c p12_mutl.c p12_sbag.c \
+        p12_utl.c p12_npas.c pk12err.c p12_p8d.c p12_p8e.c
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_add.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_add.c
new file mode 100644
index 000000000..193ed8097
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_add.c
@@ -0,0 +1,164 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/pkcs12.h>
+#include "p12_lcl.h"
+
+/* Pack an object into an OCTET STRING and turn into a safebag */
+
+PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it,
+                                         int nid1, int nid2)
+{
+    PKCS12_BAGS *bag;
+    PKCS12_SAFEBAG *safebag;
+
+    if ((bag = PKCS12_BAGS_new()) == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    bag->type = OBJ_nid2obj(nid1);
+    if (!ASN1_item_pack(obj, it, &bag->value.octet)) {
+        PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if ((safebag = PKCS12_SAFEBAG_new()) == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    safebag->value.bag = bag;
+    safebag->type = OBJ_nid2obj(nid2);
+    return safebag;
+
+ err:
+    PKCS12_BAGS_free(bag);
+    return NULL;
+}
+
+/* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */
+PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)
+{
+    PKCS7 *p7;
+
+    if ((p7 = PKCS7_new()) == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    p7->type = OBJ_nid2obj(NID_pkcs7_data);
+    if ((p7->d.data = ASN1_OCTET_STRING_new()) == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (!ASN1_item_pack(sk, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), &p7->d.data)) {
+        PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE);
+        goto err;
+    }
+    return p7;
+
+ err:
+    PKCS7_free(p7);
+    return NULL;
+}
+
+/* Unpack SAFEBAGS from PKCS#7 data ContentInfo */
+STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7)
+{
+    if (!PKCS7_type_is_data(p7)) {
+        PKCS12err(PKCS12_F_PKCS12_UNPACK_P7DATA,
+                  PKCS12_R_CONTENT_TYPE_NOT_DATA);
+        return NULL;
+    }
+    return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS));
+}
+
+/* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */
+
+PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
+                             unsigned char *salt, int saltlen, int iter,
+                             STACK_OF(PKCS12_SAFEBAG) *bags)
+{
+    PKCS7 *p7;
+    X509_ALGOR *pbe;
+    const EVP_CIPHER *pbe_ciph;
+
+    if ((p7 = PKCS7_new()) == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    if (!PKCS7_set_type(p7, NID_pkcs7_encrypted)) {
+        PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA,
+                  PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);
+        goto err;
+    }
+
+    pbe_ciph = EVP_get_cipherbynid(pbe_nid);
+
+    if (pbe_ciph)
+        pbe = PKCS5_pbe2_set(pbe_ciph, iter, salt, saltlen);
+    else
+        pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
+
+    if (!pbe) {
+        PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm);
+    p7->d.encrypted->enc_data->algorithm = pbe;
+    ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data);
+    if (!(p7->d.encrypted->enc_data->enc_data =
+          PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass,
+                                  passlen, bags, 1))) {
+        PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12_R_ENCRYPT_ERROR);
+        goto err;
+    }
+
+    return p7;
+
+ err:
+    PKCS7_free(p7);
+    return NULL;
+}
+
+STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass,
+                                                  int passlen)
+{
+    if (!PKCS7_type_is_encrypted(p7))
+        return NULL;
+    return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm,
+                                   ASN1_ITEM_rptr(PKCS12_SAFEBAGS),
+                                   pass, passlen,
+                                   p7->d.encrypted->enc_data->enc_data, 1);
+}
+
+PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag,
+                                         const char *pass, int passlen)
+{
+    return PKCS8_decrypt(bag->value.shkeybag, pass, passlen);
+}
+
+int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes)
+{
+    if (ASN1_item_pack(safes, ASN1_ITEM_rptr(PKCS12_AUTHSAFES),
+                       &p12->authsafes->d.data))
+        return 1;
+    return 0;
+}
+
+STACK_OF(PKCS7) *PKCS12_unpack_authsafes(const PKCS12 *p12)
+{
+    if (!PKCS7_type_is_data(p12->authsafes)) {
+        PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES,
+                  PKCS12_R_CONTENT_TYPE_NOT_DATA);
+        return NULL;
+    }
+    return ASN1_item_unpack(p12->authsafes->d.data,
+                            ASN1_ITEM_rptr(PKCS12_AUTHSAFES));
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_asn.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_asn.c
new file mode 100644
index 000000000..422dfc398
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_asn.c
@@ -0,0 +1,76 @@
+/*
+ * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pkcs12.h>
+#include "p12_lcl.h"
+
+/* PKCS#12 ASN1 module */
+
+ASN1_SEQUENCE(PKCS12) = {
+        ASN1_SIMPLE(PKCS12, version, ASN1_INTEGER),
+        ASN1_SIMPLE(PKCS12, authsafes, PKCS7),
+        ASN1_OPT(PKCS12, mac, PKCS12_MAC_DATA)
+} ASN1_SEQUENCE_END(PKCS12)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS12)
+
+ASN1_SEQUENCE(PKCS12_MAC_DATA) = {
+        ASN1_SIMPLE(PKCS12_MAC_DATA, dinfo, X509_SIG),
+        ASN1_SIMPLE(PKCS12_MAC_DATA, salt, ASN1_OCTET_STRING),
+        ASN1_OPT(PKCS12_MAC_DATA, iter, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(PKCS12_MAC_DATA)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS12_MAC_DATA)
+
+ASN1_ADB_TEMPLATE(bag_default) = ASN1_EXP(PKCS12_BAGS, value.other, ASN1_ANY, 0);
+
+ASN1_ADB(PKCS12_BAGS) = {
+        ADB_ENTRY(NID_x509Certificate, ASN1_EXP(PKCS12_BAGS, value.x509cert, ASN1_OCTET_STRING, 0)),
+        ADB_ENTRY(NID_x509Crl, ASN1_EXP(PKCS12_BAGS, value.x509crl, ASN1_OCTET_STRING, 0)),
+        ADB_ENTRY(NID_sdsiCertificate, ASN1_EXP(PKCS12_BAGS, value.sdsicert, ASN1_IA5STRING, 0)),
+} ASN1_ADB_END(PKCS12_BAGS, 0, type, 0, &bag_default_tt, NULL);
+
+ASN1_SEQUENCE(PKCS12_BAGS) = {
+        ASN1_SIMPLE(PKCS12_BAGS, type, ASN1_OBJECT),
+        ASN1_ADB_OBJECT(PKCS12_BAGS),
+} ASN1_SEQUENCE_END(PKCS12_BAGS)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS12_BAGS)
+
+ASN1_ADB_TEMPLATE(safebag_default) = ASN1_EXP(PKCS12_SAFEBAG, value.other, ASN1_ANY, 0);
+
+ASN1_ADB(PKCS12_SAFEBAG) = {
+        ADB_ENTRY(NID_keyBag, ASN1_EXP(PKCS12_SAFEBAG, value.keybag, PKCS8_PRIV_KEY_INFO, 0)),
+        ADB_ENTRY(NID_pkcs8ShroudedKeyBag, ASN1_EXP(PKCS12_SAFEBAG, value.shkeybag, X509_SIG, 0)),
+        ADB_ENTRY(NID_safeContentsBag, ASN1_EXP_SEQUENCE_OF(PKCS12_SAFEBAG, value.safes, PKCS12_SAFEBAG, 0)),
+        ADB_ENTRY(NID_certBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)),
+        ADB_ENTRY(NID_crlBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)),
+        ADB_ENTRY(NID_secretBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0))
+} ASN1_ADB_END(PKCS12_SAFEBAG, 0, type, 0, &safebag_default_tt, NULL);
+
+ASN1_SEQUENCE(PKCS12_SAFEBAG) = {
+        ASN1_SIMPLE(PKCS12_SAFEBAG, type, ASN1_OBJECT),
+        ASN1_ADB_OBJECT(PKCS12_SAFEBAG),
+        ASN1_SET_OF_OPT(PKCS12_SAFEBAG, attrib, X509_ATTRIBUTE)
+} ASN1_SEQUENCE_END(PKCS12_SAFEBAG)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS12_SAFEBAG)
+
+/* SEQUENCE OF SafeBag */
+ASN1_ITEM_TEMPLATE(PKCS12_SAFEBAGS) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, PKCS12_SAFEBAGS, PKCS12_SAFEBAG)
+ASN1_ITEM_TEMPLATE_END(PKCS12_SAFEBAGS)
+
+/* Authsafes: SEQUENCE OF PKCS7 */
+ASN1_ITEM_TEMPLATE(PKCS12_AUTHSAFES) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, PKCS12_AUTHSAFES, PKCS7)
+ASN1_ITEM_TEMPLATE_END(PKCS12_AUTHSAFES)
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_attr.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_attr.c
new file mode 100644
index 000000000..c324f5051
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_attr.c
@@ -0,0 +1,103 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/pkcs12.h>
+#include "p12_lcl.h"
+
+/* Add a local keyid to a safebag */
+
+int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name,
+                          int namelen)
+{
+    if (X509at_add1_attr_by_NID(&bag->attrib, NID_localKeyID,
+                                V_ASN1_OCTET_STRING, name, namelen))
+        return 1;
+    else
+        return 0;
+}
+
+/* Add key usage to PKCS#8 structure */
+
+int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage)
+{
+    unsigned char us_val = (unsigned char)usage;
+    return PKCS8_pkey_add1_attr_by_NID(p8, NID_key_usage,
+                                       V_ASN1_BIT_STRING, &us_val, 1);
+}
+
+/* Add a friendlyname to a safebag */
+
+int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,
+                                int namelen)
+{
+    if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName,
+                                MBSTRING_ASC, (unsigned char *)name, namelen))
+        return 1;
+    else
+        return 0;
+}
+
+int PKCS12_add_friendlyname_utf8(PKCS12_SAFEBAG *bag, const char *name,
+                                int namelen)
+{
+    if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName,
+                                MBSTRING_UTF8, (unsigned char *)name, namelen))
+        return 1;
+    else
+        return 0;
+}
+
+int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag,
+                                const unsigned char *name, int namelen)
+{
+    if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName,
+                                MBSTRING_BMP, name, namelen))
+        return 1;
+    else
+        return 0;
+}
+
+int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, int namelen)
+{
+    if (X509at_add1_attr_by_NID(&bag->attrib, NID_ms_csp_name,
+                                MBSTRING_ASC, (unsigned char *)name, namelen))
+        return 1;
+    else
+        return 0;
+}
+
+ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs,
+                               int attr_nid)
+{
+    X509_ATTRIBUTE *attrib;
+    int i;
+    i = X509at_get_attr_by_NID(attrs, attr_nid, -1);
+    attrib = X509at_get_attr(attrs, i);
+    return X509_ATTRIBUTE_get0_type(attrib, 0);
+}
+
+char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag)
+{
+    const ASN1_TYPE *atype;
+
+    if ((atype = PKCS12_SAFEBAG_get0_attr(bag, NID_friendlyName)) == NULL)
+        return NULL;
+    if (atype->type != V_ASN1_BMPSTRING)
+        return NULL;
+    return OPENSSL_uni2utf8(atype->value.bmpstring->data,
+                            atype->value.bmpstring->length);
+}
+
+const STACK_OF(X509_ATTRIBUTE) *
+PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag)
+{
+    return bag->attrib;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_crpt.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_crpt.c
new file mode 100644
index 000000000..feef9d1fc
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_crpt.c
@@ -0,0 +1,70 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/pkcs12.h>
+
+/* PKCS#12 PBE algorithms now in static table */
+
+void PKCS12_PBE_add(void)
+{
+}
+
+int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+                        ASN1_TYPE *param, const EVP_CIPHER *cipher,
+                        const EVP_MD *md, int en_de)
+{
+    PBEPARAM *pbe;
+    int saltlen, iter, ret;
+    unsigned char *salt;
+    unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
+    int (*pkcs12_key_gen)(const char *pass, int passlen,
+                          unsigned char *salt, int slen,
+                          int id, int iter, int n,
+                          unsigned char *out,
+                          const EVP_MD *md_type);
+
+    pkcs12_key_gen = PKCS12_key_gen_utf8;
+
+    if (cipher == NULL)
+        return 0;
+
+    /* Extract useful info from parameter */
+
+    pbe = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBEPARAM), param);
+    if (pbe == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_DECODE_ERROR);
+        return 0;
+    }
+
+    if (!pbe->iter)
+        iter = 1;
+    else
+        iter = ASN1_INTEGER_get(pbe->iter);
+    salt = pbe->salt->data;
+    saltlen = pbe->salt->length;
+    if (!(*pkcs12_key_gen)(pass, passlen, salt, saltlen, PKCS12_KEY_ID,
+                           iter, EVP_CIPHER_key_length(cipher), key, md)) {
+        PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_KEY_GEN_ERROR);
+        PBEPARAM_free(pbe);
+        return 0;
+    }
+    if (!(*pkcs12_key_gen)(pass, passlen, salt, saltlen, PKCS12_IV_ID,
+                           iter, EVP_CIPHER_iv_length(cipher), iv, md)) {
+        PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_IV_GEN_ERROR);
+        PBEPARAM_free(pbe);
+        return 0;
+    }
+    PBEPARAM_free(pbe);
+    ret = EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de);
+    OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
+    OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_crt.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_crt.c
new file mode 100644
index 000000000..10cf8dd58
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_crt.c
@@ -0,0 +1,291 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/pkcs12.h>
+#include "p12_lcl.h"
+
+static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags,
+                          PKCS12_SAFEBAG *bag);
+
+static int copy_bag_attr(PKCS12_SAFEBAG *bag, EVP_PKEY *pkey, int nid)
+{
+    int idx;
+    X509_ATTRIBUTE *attr;
+    idx = EVP_PKEY_get_attr_by_NID(pkey, nid, -1);
+    if (idx < 0)
+        return 1;
+    attr = EVP_PKEY_get_attr(pkey, idx);
+    if (!X509at_add1_attr(&bag->attrib, attr))
+        return 0;
+    return 1;
+}
+
+PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, X509 *cert,
+                      STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter,
+                      int mac_iter, int keytype)
+{
+    PKCS12 *p12 = NULL;
+    STACK_OF(PKCS7) *safes = NULL;
+    STACK_OF(PKCS12_SAFEBAG) *bags = NULL;
+    PKCS12_SAFEBAG *bag = NULL;
+    int i;
+    unsigned char keyid[EVP_MAX_MD_SIZE];
+    unsigned int keyidlen = 0;
+
+    /* Set defaults */
+    if (!nid_cert)
+#ifdef OPENSSL_NO_RC2
+        nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+#else
+        nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
+#endif
+    if (!nid_key)
+        nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+    if (!iter)
+        iter = PKCS12_DEFAULT_ITER;
+    if (!mac_iter)
+        mac_iter = 1;
+
+    if (!pkey && !cert && !ca) {
+        PKCS12err(PKCS12_F_PKCS12_CREATE, PKCS12_R_INVALID_NULL_ARGUMENT);
+        return NULL;
+    }
+
+    if (pkey && cert) {
+        if (!X509_check_private_key(cert, pkey))
+            return NULL;
+        X509_digest(cert, EVP_sha1(), keyid, &keyidlen);
+    }
+
+    if (cert) {
+        bag = PKCS12_add_cert(&bags, cert);
+        if (name && !PKCS12_add_friendlyname(bag, name, -1))
+            goto err;
+        if (keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
+            goto err;
+    }
+
+    /* Add all other certificates */
+    for (i = 0; i < sk_X509_num(ca); i++) {
+        if (!PKCS12_add_cert(&bags, sk_X509_value(ca, i)))
+            goto err;
+    }
+
+    if (bags && !PKCS12_add_safe(&safes, bags, nid_cert, iter, pass))
+        goto err;
+
+    sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+    bags = NULL;
+
+    if (pkey) {
+        bag = PKCS12_add_key(&bags, pkey, keytype, iter, nid_key, pass);
+
+        if (!bag)
+            goto err;
+
+        if (!copy_bag_attr(bag, pkey, NID_ms_csp_name))
+            goto err;
+        if (!copy_bag_attr(bag, pkey, NID_LocalKeySet))
+            goto err;
+
+        if (name && !PKCS12_add_friendlyname(bag, name, -1))
+            goto err;
+        if (keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
+            goto err;
+    }
+
+    if (bags && !PKCS12_add_safe(&safes, bags, -1, 0, NULL))
+        goto err;
+
+    sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+    bags = NULL;
+
+    p12 = PKCS12_add_safes(safes, 0);
+
+    if (!p12)
+        goto err;
+
+    sk_PKCS7_pop_free(safes, PKCS7_free);
+
+    safes = NULL;
+
+    if ((mac_iter != -1) &&
+        !PKCS12_set_mac(p12, pass, -1, NULL, 0, mac_iter, NULL))
+        goto err;
+
+    return p12;
+
+ err:
+    PKCS12_free(p12);
+    sk_PKCS7_pop_free(safes, PKCS7_free);
+    sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+    return NULL;
+
+}
+
+PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert)
+{
+    PKCS12_SAFEBAG *bag = NULL;
+    char *name;
+    int namelen = -1;
+    unsigned char *keyid;
+    int keyidlen = -1;
+
+    /* Add user certificate */
+    if ((bag = PKCS12_SAFEBAG_create_cert(cert)) == NULL)
+        goto err;
+
+    /*
+     * Use friendlyName and localKeyID in certificate. (if present)
+     */
+
+    name = (char *)X509_alias_get0(cert, &namelen);
+
+    if (name && !PKCS12_add_friendlyname(bag, name, namelen))
+        goto err;
+
+    keyid = X509_keyid_get0(cert, &keyidlen);
+
+    if (keyid && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
+        goto err;
+
+    if (!pkcs12_add_bag(pbags, bag))
+        goto err;
+
+    return bag;
+
+ err:
+    PKCS12_SAFEBAG_free(bag);
+    return NULL;
+
+}
+
+PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
+                               EVP_PKEY *key, int key_usage, int iter,
+                               int nid_key, const char *pass)
+{
+
+    PKCS12_SAFEBAG *bag = NULL;
+    PKCS8_PRIV_KEY_INFO *p8 = NULL;
+
+    /* Make a PKCS#8 structure */
+    if ((p8 = EVP_PKEY2PKCS8(key)) == NULL)
+        goto err;
+    if (key_usage && !PKCS8_add_keyusage(p8, key_usage))
+        goto err;
+    if (nid_key != -1) {
+        bag = PKCS12_SAFEBAG_create_pkcs8_encrypt(nid_key, pass, -1, NULL, 0,
+                                                  iter, p8);
+        PKCS8_PRIV_KEY_INFO_free(p8);
+    } else
+        bag = PKCS12_SAFEBAG_create0_p8inf(p8);
+
+    if (!bag)
+        goto err;
+
+    if (!pkcs12_add_bag(pbags, bag))
+        goto err;
+
+    return bag;
+
+ err:
+    PKCS12_SAFEBAG_free(bag);
+    return NULL;
+
+}
+
+int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
+                    int nid_safe, int iter, const char *pass)
+{
+    PKCS7 *p7 = NULL;
+    int free_safes = 0;
+
+    if (!*psafes) {
+        *psafes = sk_PKCS7_new_null();
+        if (!*psafes)
+            return 0;
+        free_safes = 1;
+    } else
+        free_safes = 0;
+
+    if (nid_safe == 0)
+#ifdef OPENSSL_NO_RC2
+        nid_safe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+#else
+        nid_safe = NID_pbe_WithSHA1And40BitRC2_CBC;
+#endif
+
+    if (nid_safe == -1)
+        p7 = PKCS12_pack_p7data(bags);
+    else
+        p7 = PKCS12_pack_p7encdata(nid_safe, pass, -1, NULL, 0, iter, bags);
+    if (!p7)
+        goto err;
+
+    if (!sk_PKCS7_push(*psafes, p7))
+        goto err;
+
+    return 1;
+
+ err:
+    if (free_safes) {
+        sk_PKCS7_free(*psafes);
+        *psafes = NULL;
+    }
+    PKCS7_free(p7);
+    return 0;
+
+}
+
+static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags,
+                          PKCS12_SAFEBAG *bag)
+{
+    int free_bags;
+    if (!pbags)
+        return 1;
+    if (!*pbags) {
+        *pbags = sk_PKCS12_SAFEBAG_new_null();
+        if (!*pbags)
+            return 0;
+        free_bags = 1;
+    } else
+        free_bags = 0;
+
+    if (!sk_PKCS12_SAFEBAG_push(*pbags, bag)) {
+        if (free_bags) {
+            sk_PKCS12_SAFEBAG_free(*pbags);
+            *pbags = NULL;
+        }
+        return 0;
+    }
+
+    return 1;
+
+}
+
+PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int nid_p7)
+{
+    PKCS12 *p12;
+    if (nid_p7 <= 0)
+        nid_p7 = NID_pkcs7_data;
+    p12 = PKCS12_init(nid_p7);
+
+    if (!p12)
+        return NULL;
+
+    if (!PKCS12_pack_authsafes(p12, safes)) {
+        PKCS12_free(p12);
+        return NULL;
+    }
+
+    return p12;
+
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_decr.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_decr.c
new file mode 100644
index 000000000..3c860584e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_decr.c
@@ -0,0 +1,155 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/pkcs12.h>
+
+/* Define this to dump decrypted output to files called DERnnn */
+/*
+ * #define OPENSSL_DEBUG_DECRYPT
+ */
+
+/*
+ * Encrypt/Decrypt a buffer based on password and algor, result in a
+ * OPENSSL_malloc'ed buffer
+ */
+unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
+                                const char *pass, int passlen,
+                                const unsigned char *in, int inlen,
+                                unsigned char **data, int *datalen, int en_de)
+{
+    unsigned char *out = NULL;
+    int outlen, i;
+    EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
+
+    if (ctx == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* Decrypt data */
+    if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen,
+                            algor->parameter, ctx, en_de)) {
+        PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,
+                  PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR);
+        goto err;
+    }
+
+    if ((out = OPENSSL_malloc(inlen + EVP_CIPHER_CTX_block_size(ctx)))
+            == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (!EVP_CipherUpdate(ctx, out, &i, in, inlen)) {
+        OPENSSL_free(out);
+        out = NULL;
+        PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_EVP_LIB);
+        goto err;
+    }
+
+    outlen = i;
+    if (!EVP_CipherFinal_ex(ctx, out + i, &i)) {
+        OPENSSL_free(out);
+        out = NULL;
+        PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,
+                  PKCS12_R_PKCS12_CIPHERFINAL_ERROR);
+        goto err;
+    }
+    outlen += i;
+    if (datalen)
+        *datalen = outlen;
+    if (data)
+        *data = out;
+ err:
+    EVP_CIPHER_CTX_free(ctx);
+    return out;
+
+}
+
+/*
+ * Decrypt an OCTET STRING and decode ASN1 structure if zbuf set zero buffer
+ * after use.
+ */
+
+void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it,
+                              const char *pass, int passlen,
+                              const ASN1_OCTET_STRING *oct, int zbuf)
+{
+    unsigned char *out;
+    const unsigned char *p;
+    void *ret;
+    int outlen;
+
+    if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length,
+                          &out, &outlen, 0)) {
+        PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,
+                  PKCS12_R_PKCS12_PBE_CRYPT_ERROR);
+        return NULL;
+    }
+    p = out;
+#ifdef OPENSSL_DEBUG_DECRYPT
+    {
+        FILE *op;
+
+        char fname[30];
+        static int fnm = 1;
+        sprintf(fname, "DER%d", fnm++);
+        op = fopen(fname, "wb");
+        fwrite(p, 1, outlen, op);
+        fclose(op);
+    }
+#endif
+    ret = ASN1_item_d2i(NULL, &p, outlen, it);
+    if (zbuf)
+        OPENSSL_cleanse(out, outlen);
+    if (!ret)
+        PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I, PKCS12_R_DECODE_ERROR);
+    OPENSSL_free(out);
+    return ret;
+}
+
+/*
+ * Encode ASN1 structure and encrypt, return OCTET STRING if zbuf set zero
+ * encoding.
+ */
+
+ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor,
+                                           const ASN1_ITEM *it,
+                                           const char *pass, int passlen,
+                                           void *obj, int zbuf)
+{
+    ASN1_OCTET_STRING *oct = NULL;
+    unsigned char *in = NULL;
+    int inlen;
+
+    if ((oct = ASN1_OCTET_STRING_new()) == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    inlen = ASN1_item_i2d(obj, &in, it);
+    if (!in) {
+        PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, PKCS12_R_ENCODE_ERROR);
+        goto err;
+    }
+    if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data,
+                          &oct->length, 1)) {
+        PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, PKCS12_R_ENCRYPT_ERROR);
+        OPENSSL_free(in);
+        goto err;
+    }
+    if (zbuf)
+        OPENSSL_cleanse(in, inlen);
+    OPENSSL_free(in);
+    return oct;
+ err:
+    ASN1_OCTET_STRING_free(oct);
+    return NULL;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_init.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_init.c
new file mode 100644
index 000000000..88db0f2dc
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_init.c
@@ -0,0 +1,44 @@
+/*
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/pkcs12.h>
+#include "p12_lcl.h"
+
+/* Initialise a PKCS12 structure to take data */
+
+PKCS12 *PKCS12_init(int mode)
+{
+    PKCS12 *pkcs12;
+
+    if ((pkcs12 = PKCS12_new()) == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_INIT, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    if (!ASN1_INTEGER_set(pkcs12->version, 3))
+        goto err;
+    pkcs12->authsafes->type = OBJ_nid2obj(mode);
+    switch (mode) {
+    case NID_pkcs7_data:
+        if ((pkcs12->authsafes->d.data = ASN1_OCTET_STRING_new()) == NULL) {
+            PKCS12err(PKCS12_F_PKCS12_INIT, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        break;
+    default:
+        PKCS12err(PKCS12_F_PKCS12_INIT, PKCS12_R_UNSUPPORTED_PKCS12_MODE);
+        goto err;
+    }
+    return pkcs12;
+
+ err:
+    PKCS12_free(pkcs12);
+    return NULL;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_key.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_key.c
new file mode 100644
index 000000000..ab31a6129
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_key.c
@@ -0,0 +1,183 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/pkcs12.h>
+#include <openssl/bn.h>
+
+/* Uncomment out this line to get debugging info about key generation */
+/*
+ * #define OPENSSL_DEBUG_KEYGEN
+ */
+#ifdef OPENSSL_DEBUG_KEYGEN
+# include <openssl/bio.h>
+extern BIO *bio_err;
+void h__dump(unsigned char *p, int len);
+#endif
+
+/* PKCS12 compatible key/IV generation */
+#ifndef min
+# define min(a,b) ((a) < (b) ? (a) : (b))
+#endif
+
+int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
+                       int saltlen, int id, int iter, int n,
+                       unsigned char *out, const EVP_MD *md_type)
+{
+    int ret;
+    unsigned char *unipass;
+    int uniplen;
+
+    if (!pass) {
+        unipass = NULL;
+        uniplen = 0;
+    } else if (!OPENSSL_asc2uni(pass, passlen, &unipass, &uniplen)) {
+        PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
+                             id, iter, n, out, md_type);
+    if (ret <= 0)
+        return 0;
+    OPENSSL_clear_free(unipass, uniplen);
+    return ret;
+}
+
+int PKCS12_key_gen_utf8(const char *pass, int passlen, unsigned char *salt,
+                        int saltlen, int id, int iter, int n,
+                        unsigned char *out, const EVP_MD *md_type)
+{
+    int ret;
+    unsigned char *unipass;
+    int uniplen;
+
+    if (!pass) {
+        unipass = NULL;
+        uniplen = 0;
+    } else if (!OPENSSL_utf82uni(pass, passlen, &unipass, &uniplen)) {
+        PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UTF8, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
+                             id, iter, n, out, md_type);
+    if (ret <= 0)
+        return 0;
+    OPENSSL_clear_free(unipass, uniplen);
+    return ret;
+}
+
+int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
+                       int saltlen, int id, int iter, int n,
+                       unsigned char *out, const EVP_MD *md_type)
+{
+    unsigned char *B = NULL, *D = NULL, *I = NULL, *p = NULL, *Ai = NULL;
+    int Slen, Plen, Ilen;
+    int i, j, u, v;
+    int ret = 0;
+    EVP_MD_CTX *ctx = NULL;
+#ifdef  OPENSSL_DEBUG_KEYGEN
+    unsigned char *tmpout = out;
+    int tmpn = n;
+#endif
+
+    ctx = EVP_MD_CTX_new();
+    if (ctx == NULL)
+        goto err;
+
+#ifdef  OPENSSL_DEBUG_KEYGEN
+    fprintf(stderr, "KEYGEN DEBUG\n");
+    fprintf(stderr, "ID %d, ITER %d\n", id, iter);
+    fprintf(stderr, "Password (length %d):\n", passlen);
+    h__dump(pass, passlen);
+    fprintf(stderr, "Salt (length %d):\n", saltlen);
+    h__dump(salt, saltlen);
+#endif
+    v = EVP_MD_block_size(md_type);
+    u = EVP_MD_size(md_type);
+    if (u < 0 || v <= 0)
+        goto err;
+    D = OPENSSL_malloc(v);
+    Ai = OPENSSL_malloc(u);
+    B = OPENSSL_malloc(v + 1);
+    Slen = v * ((saltlen + v - 1) / v);
+    if (passlen)
+        Plen = v * ((passlen + v - 1) / v);
+    else
+        Plen = 0;
+    Ilen = Slen + Plen;
+    I = OPENSSL_malloc(Ilen);
+    if (D == NULL || Ai == NULL || B == NULL || I == NULL)
+        goto err;
+    for (i = 0; i < v; i++)
+        D[i] = id;
+    p = I;
+    for (i = 0; i < Slen; i++)
+        *p++ = salt[i % saltlen];
+    for (i = 0; i < Plen; i++)
+        *p++ = pass[i % passlen];
+    for (;;) {
+        if (!EVP_DigestInit_ex(ctx, md_type, NULL)
+            || !EVP_DigestUpdate(ctx, D, v)
+            || !EVP_DigestUpdate(ctx, I, Ilen)
+            || !EVP_DigestFinal_ex(ctx, Ai, NULL))
+            goto err;
+        for (j = 1; j < iter; j++) {
+            if (!EVP_DigestInit_ex(ctx, md_type, NULL)
+                || !EVP_DigestUpdate(ctx, Ai, u)
+                || !EVP_DigestFinal_ex(ctx, Ai, NULL))
+                goto err;
+        }
+        memcpy(out, Ai, min(n, u));
+        if (u >= n) {
+#ifdef OPENSSL_DEBUG_KEYGEN
+            fprintf(stderr, "Output KEY (length %d)\n", tmpn);
+            h__dump(tmpout, tmpn);
+#endif
+            ret = 1;
+            goto end;
+        }
+        n -= u;
+        out += u;
+        for (j = 0; j < v; j++)
+            B[j] = Ai[j % u];
+        for (j = 0; j < Ilen; j += v) {
+            int k;
+            unsigned char *Ij = I + j;
+            uint16_t c = 1;
+
+            /* Work out Ij = Ij + B + 1 */
+            for (k = v - 1; k >= 0; k--) {
+                c += Ij[k] + B[k];
+                Ij[k] = (unsigned char)c;
+                c >>= 8;
+            }
+        }
+    }
+
+ err:
+    PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI, ERR_R_MALLOC_FAILURE);
+
+ end:
+    OPENSSL_free(Ai);
+    OPENSSL_free(B);
+    OPENSSL_free(D);
+    OPENSSL_free(I);
+    EVP_MD_CTX_free(ctx);
+    return ret;
+}
+
+#ifdef OPENSSL_DEBUG_KEYGEN
+void h__dump(unsigned char *p, int len)
+{
+    for (; len--; p++)
+        fprintf(stderr, "%02X", *p);
+    fprintf(stderr, "\n");
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_kiss.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_kiss.c
new file mode 100644
index 000000000..7ab98385a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_kiss.c
@@ -0,0 +1,250 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/pkcs12.h>
+
+/* Simplified PKCS#12 routines */
+
+static int parse_pk12(PKCS12 *p12, const char *pass, int passlen,
+                      EVP_PKEY **pkey, STACK_OF(X509) *ocerts);
+
+static int parse_bags(const STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
+                      int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts);
+
+static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
+                     EVP_PKEY **pkey, STACK_OF(X509) *ocerts);
+
+/*
+ * Parse and decrypt a PKCS#12 structure returning user key, user cert and
+ * other (CA) certs. Note either ca should be NULL, *ca should be NULL, or it
+ * should point to a valid STACK structure. pkey and cert can be passed
+ * uninitialised.
+ */
+
+int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
+                 STACK_OF(X509) **ca)
+{
+    STACK_OF(X509) *ocerts = NULL;
+    X509 *x = NULL;
+
+    if (pkey)
+        *pkey = NULL;
+    if (cert)
+        *cert = NULL;
+
+    /* Check for NULL PKCS12 structure */
+
+    if (!p12) {
+        PKCS12err(PKCS12_F_PKCS12_PARSE,
+                  PKCS12_R_INVALID_NULL_PKCS12_POINTER);
+        return 0;
+    }
+
+    /* Check the mac */
+
+    /*
+     * If password is zero length or NULL then try verifying both cases to
+     * determine which password is correct. The reason for this is that under
+     * PKCS#12 password based encryption no password and a zero length
+     * password are two different things...
+     */
+
+    if (!pass || !*pass) {
+        if (PKCS12_verify_mac(p12, NULL, 0))
+            pass = NULL;
+        else if (PKCS12_verify_mac(p12, "", 0))
+            pass = "";
+        else {
+            PKCS12err(PKCS12_F_PKCS12_PARSE, PKCS12_R_MAC_VERIFY_FAILURE);
+            goto err;
+        }
+    } else if (!PKCS12_verify_mac(p12, pass, -1)) {
+        PKCS12err(PKCS12_F_PKCS12_PARSE, PKCS12_R_MAC_VERIFY_FAILURE);
+        goto err;
+    }
+
+    /* Allocate stack for other certificates */
+    ocerts = sk_X509_new_null();
+
+    if (!ocerts) {
+        PKCS12err(PKCS12_F_PKCS12_PARSE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (!parse_pk12(p12, pass, -1, pkey, ocerts)) {
+        PKCS12err(PKCS12_F_PKCS12_PARSE, PKCS12_R_PARSE_ERROR);
+        goto err;
+    }
+
+    while ((x = sk_X509_pop(ocerts))) {
+        if (pkey && *pkey && cert && !*cert) {
+            ERR_set_mark();
+            if (X509_check_private_key(x, *pkey)) {
+                *cert = x;
+                x = NULL;
+            }
+            ERR_pop_to_mark();
+        }
+
+        if (ca && x) {
+            if (!*ca)
+                *ca = sk_X509_new_null();
+            if (!*ca)
+                goto err;
+            if (!sk_X509_push(*ca, x))
+                goto err;
+            x = NULL;
+        }
+        X509_free(x);
+    }
+
+    sk_X509_pop_free(ocerts, X509_free);
+
+    return 1;
+
+ err:
+
+    if (pkey) {
+        EVP_PKEY_free(*pkey);
+        *pkey = NULL;
+    }
+    if (cert) {
+        X509_free(*cert);
+        *cert = NULL;
+    }
+    X509_free(x);
+    sk_X509_pop_free(ocerts, X509_free);
+    return 0;
+
+}
+
+/* Parse the outer PKCS#12 structure */
+
+static int parse_pk12(PKCS12 *p12, const char *pass, int passlen,
+                      EVP_PKEY **pkey, STACK_OF(X509) *ocerts)
+{
+    STACK_OF(PKCS7) *asafes;
+    STACK_OF(PKCS12_SAFEBAG) *bags;
+    int i, bagnid;
+    PKCS7 *p7;
+
+    if ((asafes = PKCS12_unpack_authsafes(p12)) == NULL)
+        return 0;
+    for (i = 0; i < sk_PKCS7_num(asafes); i++) {
+        p7 = sk_PKCS7_value(asafes, i);
+        bagnid = OBJ_obj2nid(p7->type);
+        if (bagnid == NID_pkcs7_data) {
+            bags = PKCS12_unpack_p7data(p7);
+        } else if (bagnid == NID_pkcs7_encrypted) {
+            bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
+        } else
+            continue;
+        if (!bags) {
+            sk_PKCS7_pop_free(asafes, PKCS7_free);
+            return 0;
+        }
+        if (!parse_bags(bags, pass, passlen, pkey, ocerts)) {
+            sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+            sk_PKCS7_pop_free(asafes, PKCS7_free);
+            return 0;
+        }
+        sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+    }
+    sk_PKCS7_pop_free(asafes, PKCS7_free);
+    return 1;
+}
+
+static int parse_bags(const STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
+                      int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts)
+{
+    int i;
+    for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
+        if (!parse_bag(sk_PKCS12_SAFEBAG_value(bags, i),
+                       pass, passlen, pkey, ocerts))
+            return 0;
+    }
+    return 1;
+}
+
+static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
+                     EVP_PKEY **pkey, STACK_OF(X509) *ocerts)
+{
+    PKCS8_PRIV_KEY_INFO *p8;
+    X509 *x509;
+    const ASN1_TYPE *attrib;
+    ASN1_BMPSTRING *fname = NULL;
+    ASN1_OCTET_STRING *lkid = NULL;
+
+    if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_friendlyName)))
+        fname = attrib->value.bmpstring;
+
+    if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_localKeyID)))
+        lkid = attrib->value.octet_string;
+
+    switch (PKCS12_SAFEBAG_get_nid(bag)) {
+    case NID_keyBag:
+        if (!pkey || *pkey)
+            return 1;
+        *pkey = EVP_PKCS82PKEY(PKCS12_SAFEBAG_get0_p8inf(bag));
+        if (*pkey == NULL)
+            return 0;
+        break;
+
+    case NID_pkcs8ShroudedKeyBag:
+        if (!pkey || *pkey)
+            return 1;
+        if ((p8 = PKCS12_decrypt_skey(bag, pass, passlen)) == NULL)
+            return 0;
+        *pkey = EVP_PKCS82PKEY(p8);
+        PKCS8_PRIV_KEY_INFO_free(p8);
+        if (!(*pkey))
+            return 0;
+        break;
+
+    case NID_certBag:
+        if (PKCS12_SAFEBAG_get_bag_nid(bag) != NID_x509Certificate)
+            return 1;
+        if ((x509 = PKCS12_SAFEBAG_get1_cert(bag)) == NULL)
+            return 0;
+        if (lkid && !X509_keyid_set1(x509, lkid->data, lkid->length)) {
+            X509_free(x509);
+            return 0;
+        }
+        if (fname) {
+            int len, r;
+            unsigned char *data;
+            len = ASN1_STRING_to_UTF8(&data, fname);
+            if (len >= 0) {
+                r = X509_alias_set1(x509, data, len);
+                OPENSSL_free(data);
+                if (!r) {
+                    X509_free(x509);
+                    return 0;
+                }
+            }
+        }
+
+        if (!sk_X509_push(ocerts, x509)) {
+            X509_free(x509);
+            return 0;
+        }
+
+        break;
+
+    case NID_safeContentsBag:
+        return parse_bags(PKCS12_SAFEBAG_get0_safes(bag), pass, passlen, pkey,
+                          ocerts);
+
+    default:
+        return 1;
+    }
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_lcl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_lcl.h
new file mode 100644
index 000000000..0b52f1e1f
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_lcl.h
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+struct PKCS12_MAC_DATA_st {
+    X509_SIG *dinfo;
+    ASN1_OCTET_STRING *salt;
+    ASN1_INTEGER *iter;         /* defaults to 1 */
+};
+
+struct PKCS12_st {
+    ASN1_INTEGER *version;
+    PKCS12_MAC_DATA *mac;
+    PKCS7 *authsafes;
+};
+
+struct PKCS12_SAFEBAG_st {
+    ASN1_OBJECT *type;
+    union {
+        struct pkcs12_bag_st *bag; /* secret, crl and certbag */
+        struct pkcs8_priv_key_info_st *keybag; /* keybag */
+        X509_SIG *shkeybag;     /* shrouded key bag */
+        STACK_OF(PKCS12_SAFEBAG) *safes;
+        ASN1_TYPE *other;
+    } value;
+    STACK_OF(X509_ATTRIBUTE) *attrib;
+};
+
+struct pkcs12_bag_st {
+    ASN1_OBJECT *type;
+    union {
+        ASN1_OCTET_STRING *x509cert;
+        ASN1_OCTET_STRING *x509crl;
+        ASN1_OCTET_STRING *octet;
+        ASN1_IA5STRING *sdsicert;
+        ASN1_TYPE *other;       /* Secret or other bag */
+    } value;
+};
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_mutl.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_mutl.c
new file mode 100644
index 000000000..0cbbed364
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_mutl.c
@@ -0,0 +1,246 @@
+/*
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/crypto.h>
+#include <openssl/hmac.h>
+#include <openssl/rand.h>
+#include <openssl/pkcs12.h>
+#include "p12_lcl.h"
+
+int PKCS12_mac_present(const PKCS12 *p12)
+{
+    return p12->mac ? 1 : 0;
+}
+
+void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac,
+                     const X509_ALGOR **pmacalg,
+                     const ASN1_OCTET_STRING **psalt,
+                     const ASN1_INTEGER **piter,
+                     const PKCS12 *p12)
+{
+    if (p12->mac) {
+        X509_SIG_get0(p12->mac->dinfo, pmacalg, pmac);
+        if (psalt)
+            *psalt = p12->mac->salt;
+        if (piter)
+            *piter = p12->mac->iter;
+    } else {
+        if (pmac)
+            *pmac = NULL;
+        if (pmacalg)
+            *pmacalg = NULL;
+        if (psalt)
+            *psalt = NULL;
+        if (piter)
+            *piter = NULL;
+    }
+}
+
+#define TK26_MAC_KEY_LEN 32
+
+static int pkcs12_gen_gost_mac_key(const char *pass, int passlen,
+                                   const unsigned char *salt, int saltlen,
+                                   int iter, int keylen, unsigned char *key,
+                                   const EVP_MD *digest)
+{
+    unsigned char out[96];
+
+    if (keylen != TK26_MAC_KEY_LEN) {
+        return 0;
+    }
+
+    if (!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter,
+                           digest, sizeof(out), out)) {
+        return 0;
+    }
+    memcpy(key, out + sizeof(out) - TK26_MAC_KEY_LEN, TK26_MAC_KEY_LEN);
+    OPENSSL_cleanse(out, sizeof(out));
+    return 1;
+}
+
+/* Generate a MAC */
+static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
+                          unsigned char *mac, unsigned int *maclen,
+                          int (*pkcs12_key_gen)(const char *pass, int passlen,
+                                                unsigned char *salt, int slen,
+                                                int id, int iter, int n,
+                                                unsigned char *out,
+                                                const EVP_MD *md_type))
+{
+    int ret = 0;
+    const EVP_MD *md_type;
+    HMAC_CTX *hmac = NULL;
+    unsigned char key[EVP_MAX_MD_SIZE], *salt;
+    int saltlen, iter;
+    int md_size = 0;
+    int md_type_nid;
+    const X509_ALGOR *macalg;
+    const ASN1_OBJECT *macoid;
+
+    if (pkcs12_key_gen == NULL)
+        pkcs12_key_gen = PKCS12_key_gen_utf8;
+
+    if (!PKCS7_type_is_data(p12->authsafes)) {
+        PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_CONTENT_TYPE_NOT_DATA);
+        return 0;
+    }
+
+    salt = p12->mac->salt->data;
+    saltlen = p12->mac->salt->length;
+    if (!p12->mac->iter)
+        iter = 1;
+    else
+        iter = ASN1_INTEGER_get(p12->mac->iter);
+    X509_SIG_get0(p12->mac->dinfo, &macalg, NULL);
+    X509_ALGOR_get0(&macoid, NULL, NULL, macalg);
+    if ((md_type = EVP_get_digestbyobj(macoid)) == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM);
+        return 0;
+    }
+    md_size = EVP_MD_size(md_type);
+    md_type_nid = EVP_MD_type(md_type);
+    if (md_size < 0)
+        return 0;
+    if ((md_type_nid == NID_id_GostR3411_94
+         || md_type_nid == NID_id_GostR3411_2012_256
+         || md_type_nid == NID_id_GostR3411_2012_512)
+        && ossl_safe_getenv("LEGACY_GOST_PKCS12") == NULL) {
+        md_size = TK26_MAC_KEY_LEN;
+        if (!pkcs12_gen_gost_mac_key(pass, passlen, salt, saltlen, iter,
+                                     md_size, key, md_type)) {
+            PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR);
+            goto err;
+        }
+    } else
+        if (!(*pkcs12_key_gen)(pass, passlen, salt, saltlen, PKCS12_MAC_ID,
+                               iter, md_size, key, md_type)) {
+        PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR);
+        goto err;
+    }
+    if ((hmac = HMAC_CTX_new()) == NULL
+        || !HMAC_Init_ex(hmac, key, md_size, md_type, NULL)
+        || !HMAC_Update(hmac, p12->authsafes->d.data->data,
+                        p12->authsafes->d.data->length)
+        || !HMAC_Final(hmac, mac, maclen)) {
+        goto err;
+    }
+    ret = 1;
+
+err:
+    OPENSSL_cleanse(key, sizeof(key));
+    HMAC_CTX_free(hmac);
+    return ret;
+}
+
+int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
+                   unsigned char *mac, unsigned int *maclen)
+{
+    return pkcs12_gen_mac(p12, pass, passlen, mac, maclen, NULL);
+}
+
+/* Verify the mac */
+int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen)
+{
+    unsigned char mac[EVP_MAX_MD_SIZE];
+    unsigned int maclen;
+    const ASN1_OCTET_STRING *macoct;
+
+    if (p12->mac == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_ABSENT);
+        return 0;
+    }
+    if (!pkcs12_gen_mac(p12, pass, passlen, mac, &maclen,
+                        PKCS12_key_gen_utf8)) {
+        PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_GENERATION_ERROR);
+        return 0;
+    }
+    X509_SIG_get0(p12->mac->dinfo, NULL, &macoct);
+    if ((maclen != (unsigned int)ASN1_STRING_length(macoct))
+        || CRYPTO_memcmp(mac, ASN1_STRING_get0_data(macoct), maclen) != 0)
+        return 0;
+
+    return 1;
+}
+
+/* Set a mac */
+
+int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
+                   unsigned char *salt, int saltlen, int iter,
+                   const EVP_MD *md_type)
+{
+    unsigned char mac[EVP_MAX_MD_SIZE];
+    unsigned int maclen;
+    ASN1_OCTET_STRING *macoct;
+
+    if (!md_type)
+        md_type = EVP_sha1();
+    if (PKCS12_setup_mac(p12, iter, salt, saltlen, md_type) == PKCS12_ERROR) {
+        PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_SETUP_ERROR);
+        return 0;
+    }
+    /*
+     * Note that output mac is forced to UTF-8...
+     */
+    if (!pkcs12_gen_mac(p12, pass, passlen, mac, &maclen,
+                        PKCS12_key_gen_utf8)) {
+        PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_GENERATION_ERROR);
+        return 0;
+    }
+    X509_SIG_getm(p12->mac->dinfo, NULL, &macoct);
+    if (!ASN1_OCTET_STRING_set(macoct, mac, maclen)) {
+        PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_STRING_SET_ERROR);
+        return 0;
+    }
+    return 1;
+}
+
+/* Set up a mac structure */
+int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
+                     const EVP_MD *md_type)
+{
+    X509_ALGOR *macalg;
+
+    PKCS12_MAC_DATA_free(p12->mac);
+    p12->mac = NULL;
+
+    if ((p12->mac = PKCS12_MAC_DATA_new()) == NULL)
+        return PKCS12_ERROR;
+    if (iter > 1) {
+        if ((p12->mac->iter = ASN1_INTEGER_new()) == NULL) {
+            PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        if (!ASN1_INTEGER_set(p12->mac->iter, iter)) {
+            PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+    }
+    if (!saltlen)
+        saltlen = PKCS12_SALT_LEN;
+    if ((p12->mac->salt->data = OPENSSL_malloc(saltlen)) == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    p12->mac->salt->length = saltlen;
+    if (!salt) {
+        if (RAND_bytes(p12->mac->salt->data, saltlen) <= 0)
+            return 0;
+    } else
+        memcpy(p12->mac->salt->data, salt, saltlen);
+    X509_SIG_getm(p12->mac->dinfo, &macalg, NULL);
+    if (!X509_ALGOR_set0(macalg, OBJ_nid2obj(EVP_MD_type(md_type)),
+                         V_ASN1_NULL, NULL)) {
+        PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_npas.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_npas.c
new file mode 100644
index 000000000..0ce75ed33
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_npas.c
@@ -0,0 +1,184 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/pkcs12.h>
+#include "p12_lcl.h"
+
+/* PKCS#12 password change routine */
+
+static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass);
+static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *oldpass,
+                        const char *newpass);
+static int newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass,
+                        const char *newpass);
+static int alg_get(const X509_ALGOR *alg, int *pnid, int *piter,
+                   int *psaltlen);
+
+/*
+ * Change the password on a PKCS#12 structure.
+ */
+
+int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass)
+{
+    /* Check for NULL PKCS12 structure */
+
+    if (!p12) {
+        PKCS12err(PKCS12_F_PKCS12_NEWPASS,
+                  PKCS12_R_INVALID_NULL_PKCS12_POINTER);
+        return 0;
+    }
+
+    /* Check the mac */
+
+    if (!PKCS12_verify_mac(p12, oldpass, -1)) {
+        PKCS12err(PKCS12_F_PKCS12_NEWPASS, PKCS12_R_MAC_VERIFY_FAILURE);
+        return 0;
+    }
+
+    if (!newpass_p12(p12, oldpass, newpass)) {
+        PKCS12err(PKCS12_F_PKCS12_NEWPASS, PKCS12_R_PARSE_ERROR);
+        return 0;
+    }
+
+    return 1;
+}
+
+/* Parse the outer PKCS#12 structure */
+
+static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass)
+{
+    STACK_OF(PKCS7) *asafes = NULL, *newsafes = NULL;
+    STACK_OF(PKCS12_SAFEBAG) *bags = NULL;
+    int i, bagnid, pbe_nid = 0, pbe_iter = 0, pbe_saltlen = 0;
+    PKCS7 *p7, *p7new;
+    ASN1_OCTET_STRING *p12_data_tmp = NULL, *macoct = NULL;
+    unsigned char mac[EVP_MAX_MD_SIZE];
+    unsigned int maclen;
+    int rv = 0;
+
+    if ((asafes = PKCS12_unpack_authsafes(p12)) == NULL)
+        goto err;
+    if ((newsafes = sk_PKCS7_new_null()) == NULL)
+        goto err;
+    for (i = 0; i < sk_PKCS7_num(asafes); i++) {
+        p7 = sk_PKCS7_value(asafes, i);
+        bagnid = OBJ_obj2nid(p7->type);
+        if (bagnid == NID_pkcs7_data) {
+            bags = PKCS12_unpack_p7data(p7);
+        } else if (bagnid == NID_pkcs7_encrypted) {
+            bags = PKCS12_unpack_p7encdata(p7, oldpass, -1);
+            if (!alg_get(p7->d.encrypted->enc_data->algorithm,
+                         &pbe_nid, &pbe_iter, &pbe_saltlen))
+                goto err;
+        } else {
+            continue;
+        }
+        if (bags == NULL)
+            goto err;
+        if (!newpass_bags(bags, oldpass, newpass))
+            goto err;
+        /* Repack bag in same form with new password */
+        if (bagnid == NID_pkcs7_data)
+            p7new = PKCS12_pack_p7data(bags);
+        else
+            p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, NULL,
+                                          pbe_saltlen, pbe_iter, bags);
+        if (!p7new || !sk_PKCS7_push(newsafes, p7new))
+            goto err;
+        sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+        bags = NULL;
+    }
+
+    /* Repack safe: save old safe in case of error */
+
+    p12_data_tmp = p12->authsafes->d.data;
+    if ((p12->authsafes->d.data = ASN1_OCTET_STRING_new()) == NULL)
+        goto err;
+    if (!PKCS12_pack_authsafes(p12, newsafes))
+        goto err;
+
+    if (!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen))
+        goto err;
+    X509_SIG_getm(p12->mac->dinfo, NULL, &macoct);
+    if (!ASN1_OCTET_STRING_set(macoct, mac, maclen))
+        goto err;
+
+    rv = 1;
+
+err:
+    /* Restore old safe if necessary */
+    if (rv == 1) {
+        ASN1_OCTET_STRING_free(p12_data_tmp);
+    } else if (p12_data_tmp != NULL) {
+        ASN1_OCTET_STRING_free(p12->authsafes->d.data);
+        p12->authsafes->d.data = p12_data_tmp;
+    }
+    sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+    sk_PKCS7_pop_free(asafes, PKCS7_free);
+    sk_PKCS7_pop_free(newsafes, PKCS7_free);
+    return rv;
+}
+
+static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *oldpass,
+                        const char *newpass)
+{
+    int i;
+    for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
+        if (!newpass_bag(sk_PKCS12_SAFEBAG_value(bags, i), oldpass, newpass))
+            return 0;
+    }
+    return 1;
+}
+
+/* Change password of safebag: only needs handle shrouded keybags */
+
+static int newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass,
+                       const char *newpass)
+{
+    PKCS8_PRIV_KEY_INFO *p8;
+    X509_SIG *p8new;
+    int p8_nid, p8_saltlen, p8_iter;
+    const X509_ALGOR *shalg;
+
+    if (PKCS12_SAFEBAG_get_nid(bag) != NID_pkcs8ShroudedKeyBag)
+        return 1;
+
+    if ((p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1)) == NULL)
+        return 0;
+    X509_SIG_get0(bag->value.shkeybag, &shalg, NULL);
+    if (!alg_get(shalg, &p8_nid, &p8_iter, &p8_saltlen))
+        return 0;
+    p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen,
+                          p8_iter, p8);
+    PKCS8_PRIV_KEY_INFO_free(p8);
+    if (p8new == NULL)
+        return 0;
+    X509_SIG_free(bag->value.shkeybag);
+    bag->value.shkeybag = p8new;
+    return 1;
+}
+
+static int alg_get(const X509_ALGOR *alg, int *pnid, int *piter,
+                   int *psaltlen)
+{
+    PBEPARAM *pbe;
+    pbe = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBEPARAM), alg->parameter);
+    if (!pbe)
+        return 0;
+    *pnid = OBJ_obj2nid(alg->algorithm);
+    *piter = ASN1_INTEGER_get(pbe->iter);
+    *psaltlen = pbe->salt->length;
+    PBEPARAM_free(pbe);
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_p8d.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_p8d.c
new file mode 100644
index 000000000..d926a77df
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_p8d.c
@@ -0,0 +1,23 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/pkcs12.h>
+
+PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(const X509_SIG *p8, const char *pass,
+                                   int passlen)
+{
+    const X509_ALGOR *dalg;
+    const ASN1_OCTET_STRING *doct;
+    X509_SIG_get0(p8, &dalg, &doct);
+    return PKCS12_item_decrypt_d2i(dalg,
+                                   ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), pass,
+                                   passlen, doct, 1);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_p8e.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_p8e.c
new file mode 100644
index 000000000..86a07e133
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_p8e.c
@@ -0,0 +1,69 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/pkcs12.h>
+#include "internal/x509_int.h"
+
+X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
+                        const char *pass, int passlen,
+                        unsigned char *salt, int saltlen, int iter,
+                        PKCS8_PRIV_KEY_INFO *p8inf)
+{
+    X509_SIG *p8 = NULL;
+    X509_ALGOR *pbe;
+
+    if (pbe_nid == -1)
+        pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen);
+    else if (EVP_PBE_find(EVP_PBE_TYPE_PRF, pbe_nid, NULL, NULL, 0))
+        pbe = PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, pbe_nid);
+    else {
+        ERR_clear_error();
+        pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
+    }
+    if (!pbe) {
+        PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_ASN1_LIB);
+        return NULL;
+    }
+    p8 = PKCS8_set0_pbe(pass, passlen, p8inf, pbe);
+    if (p8 == NULL) {
+        X509_ALGOR_free(pbe);
+        return NULL;
+    }
+
+    return p8;
+}
+
+X509_SIG *PKCS8_set0_pbe(const char *pass, int passlen,
+                         PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe)
+{
+    X509_SIG *p8;
+    ASN1_OCTET_STRING *enckey;
+
+    enckey =
+        PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO),
+                                pass, passlen, p8inf, 1);
+    if (!enckey) {
+        PKCS12err(PKCS12_F_PKCS8_SET0_PBE, PKCS12_R_ENCRYPT_ERROR);
+        return NULL;
+    }
+
+    p8 = OPENSSL_zalloc(sizeof(*p8));
+
+    if (p8 == NULL) {
+        PKCS12err(PKCS12_F_PKCS8_SET0_PBE, ERR_R_MALLOC_FAILURE);
+        ASN1_OCTET_STRING_free(enckey);
+        return NULL;
+    }
+    p8->algor = pbe;
+    p8->digest = enckey;
+
+    return p8;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_sbag.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_sbag.c
new file mode 100644
index 000000000..a09c5b931
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_sbag.c
@@ -0,0 +1,162 @@
+/*
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/pkcs12.h>
+#include "p12_lcl.h"
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+ASN1_TYPE *PKCS12_get_attr(const PKCS12_SAFEBAG *bag, int attr_nid)
+{
+    return PKCS12_get_attr_gen(bag->attrib, attr_nid);
+}
+#endif
+
+const ASN1_TYPE *PKCS12_SAFEBAG_get0_attr(const PKCS12_SAFEBAG *bag,
+                                          int attr_nid)
+{
+    return PKCS12_get_attr_gen(bag->attrib, attr_nid);
+}
+
+ASN1_TYPE *PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid)
+{
+    return PKCS12_get_attr_gen(PKCS8_pkey_get0_attrs(p8), attr_nid);
+}
+
+const PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(const PKCS12_SAFEBAG *bag)
+{
+    if (PKCS12_SAFEBAG_get_nid(bag) != NID_keyBag)
+        return NULL;
+    return bag->value.keybag;
+}
+
+const X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(const PKCS12_SAFEBAG *bag)
+{
+    if (OBJ_obj2nid(bag->type) != NID_pkcs8ShroudedKeyBag)
+        return NULL;
+    return bag->value.shkeybag;
+}
+
+const STACK_OF(PKCS12_SAFEBAG) *
+PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag)
+{
+    if (OBJ_obj2nid(bag->type) != NID_safeContentsBag)
+        return NULL;
+    return bag->value.safes;
+}
+
+const ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG *bag)
+{
+    return bag->type;
+}
+
+int PKCS12_SAFEBAG_get_nid(const PKCS12_SAFEBAG *bag)
+{
+    return OBJ_obj2nid(bag->type);
+}
+
+int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag)
+{
+    int btype = PKCS12_SAFEBAG_get_nid(bag);
+
+    if (btype != NID_certBag && btype != NID_crlBag && btype != NID_secretBag)
+        return -1;
+    return OBJ_obj2nid(bag->value.bag->type);
+}
+
+X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag)
+{
+    if (PKCS12_SAFEBAG_get_nid(bag) != NID_certBag)
+        return NULL;
+    if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Certificate)
+        return NULL;
+    return ASN1_item_unpack(bag->value.bag->value.octet,
+                            ASN1_ITEM_rptr(X509));
+}
+
+X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag)
+{
+    if (PKCS12_SAFEBAG_get_nid(bag) != NID_crlBag)
+        return NULL;
+    if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Crl)
+        return NULL;
+    return ASN1_item_unpack(bag->value.bag->value.octet,
+                            ASN1_ITEM_rptr(X509_CRL));
+}
+
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_cert(X509 *x509)
+{
+    return PKCS12_item_pack_safebag(x509, ASN1_ITEM_rptr(X509),
+                                    NID_x509Certificate, NID_certBag);
+}
+
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl)
+{
+    return PKCS12_item_pack_safebag(crl, ASN1_ITEM_rptr(X509_CRL),
+                                    NID_x509Crl, NID_crlBag);
+}
+
+/* Turn PKCS8 object into a keybag */
+
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8)
+{
+    PKCS12_SAFEBAG *bag = PKCS12_SAFEBAG_new();
+
+    if (bag == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    bag->type = OBJ_nid2obj(NID_keyBag);
+    bag->value.keybag = p8;
+    return bag;
+}
+
+/* Turn PKCS8 object into a shrouded keybag */
+
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8)
+{
+    PKCS12_SAFEBAG *bag = PKCS12_SAFEBAG_new();
+
+    /* Set up the safe bag */
+    if (bag == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
+    bag->value.shkeybag = p8;
+    return bag;
+}
+
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid,
+                                                    const char *pass,
+                                                    int passlen,
+                                                    unsigned char *salt,
+                                                    int saltlen, int iter,
+                                                    PKCS8_PRIV_KEY_INFO *p8inf)
+{
+    PKCS12_SAFEBAG *bag;
+    const EVP_CIPHER *pbe_ciph;
+    X509_SIG *p8;
+
+    pbe_ciph = EVP_get_cipherbynid(pbe_nid);
+    if (pbe_ciph)
+        pbe_nid = -1;
+
+    p8 = PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter,
+                       p8inf);
+    if (p8 == NULL)
+        return NULL;
+
+    bag = PKCS12_SAFEBAG_create0_pkcs8(p8);
+    if (bag == NULL)
+        X509_SIG_free(p8);
+
+    return bag;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_utl.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_utl.c
new file mode 100644
index 000000000..43b9e3a59
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_utl.c
@@ -0,0 +1,244 @@
+/*
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/pkcs12.h>
+
+/* Cheap and nasty Unicode stuff */
+
+unsigned char *OPENSSL_asc2uni(const char *asc, int asclen,
+                               unsigned char **uni, int *unilen)
+{
+    int ulen, i;
+    unsigned char *unitmp;
+
+    if (asclen == -1)
+        asclen = strlen(asc);
+    ulen = asclen * 2 + 2;
+    if ((unitmp = OPENSSL_malloc(ulen)) == NULL) {
+        PKCS12err(PKCS12_F_OPENSSL_ASC2UNI, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    for (i = 0; i < ulen - 2; i += 2) {
+        unitmp[i] = 0;
+        unitmp[i + 1] = asc[i >> 1];
+    }
+    /* Make result double null terminated */
+    unitmp[ulen - 2] = 0;
+    unitmp[ulen - 1] = 0;
+    if (unilen)
+        *unilen = ulen;
+    if (uni)
+        *uni = unitmp;
+    return unitmp;
+}
+
+char *OPENSSL_uni2asc(const unsigned char *uni, int unilen)
+{
+    int asclen, i;
+    char *asctmp;
+    /* string must contain an even number of bytes */
+    if (unilen & 1)
+        return NULL;
+    asclen = unilen / 2;
+    /* If no terminating zero allow for one */
+    if (!unilen || uni[unilen - 1])
+        asclen++;
+    uni++;
+    if ((asctmp = OPENSSL_malloc(asclen)) == NULL) {
+        PKCS12err(PKCS12_F_OPENSSL_UNI2ASC, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    for (i = 0; i < unilen; i += 2)
+        asctmp[i >> 1] = uni[i];
+    asctmp[asclen - 1] = 0;
+    return asctmp;
+}
+
+/*
+ * OPENSSL_{utf82uni|uni2utf8} perform conversion between UTF-8 and
+ * PKCS#12 BMPString format, which is specified as big-endian UTF-16.
+ * One should keep in mind that even though BMPString is passed as
+ * unsigned char *, it's not the kind of string you can exercise e.g.
+ * strlen on. Caller also has to keep in mind that its length is
+ * expressed not in number of UTF-16 characters, but in number of
+ * bytes the string occupies, and treat it, the length, accordingly.
+ */
+unsigned char *OPENSSL_utf82uni(const char *asc, int asclen,
+                                unsigned char **uni, int *unilen)
+{
+    int ulen, i, j;
+    unsigned char *unitmp, *ret;
+    unsigned long utf32chr = 0;
+
+    if (asclen == -1)
+        asclen = strlen(asc);
+
+    for (ulen = 0, i = 0; i < asclen; i += j) {
+        j = UTF8_getc((const unsigned char *)asc+i, asclen-i, &utf32chr);
+
+        /*
+         * Following condition is somewhat opportunistic is sense that
+         * decoding failure is used as *indirect* indication that input
+         * string might in fact be extended ASCII/ANSI/ISO-8859-X. The
+         * fallback is taken in hope that it would allow to process
+         * files created with previous OpenSSL version, which used the
+         * naive OPENSSL_asc2uni all along. It might be worth noting
+         * that probability of false positive depends on language. In
+         * cases covered by ISO Latin 1 probability is very low, because
+         * any printable non-ASCII alphabet letter followed by another
+         * or any ASCII character will trigger failure and fallback.
+         * In other cases situation can be intensified by the fact that
+         * English letters are not part of alternative keyboard layout,
+         * but even then there should be plenty of pairs that trigger
+         * decoding failure...
+         */
+        if (j < 0)
+            return OPENSSL_asc2uni(asc, asclen, uni, unilen);
+
+        if (utf32chr > 0x10FFFF)        /* UTF-16 cap */
+            return NULL;
+
+        if (utf32chr >= 0x10000)        /* pair of UTF-16 characters */
+            ulen += 2*2;
+        else                            /* or just one */
+            ulen += 2;
+    }
+
+    ulen += 2;  /* for trailing UTF16 zero */
+
+    if ((ret = OPENSSL_malloc(ulen)) == NULL) {
+        PKCS12err(PKCS12_F_OPENSSL_UTF82UNI, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    /* re-run the loop writing down UTF-16 characters in big-endian order */
+    for (unitmp = ret, i = 0; i < asclen; i += j) {
+        j = UTF8_getc((const unsigned char *)asc+i, asclen-i, &utf32chr);
+        if (utf32chr >= 0x10000) {      /* pair if UTF-16 characters */
+            unsigned int hi, lo;
+
+            utf32chr -= 0x10000;
+            hi = 0xD800 + (utf32chr>>10);
+            lo = 0xDC00 + (utf32chr&0x3ff);
+            *unitmp++ = (unsigned char)(hi>>8);
+            *unitmp++ = (unsigned char)(hi);
+            *unitmp++ = (unsigned char)(lo>>8);
+            *unitmp++ = (unsigned char)(lo);
+        } else {                        /* or just one */
+            *unitmp++ = (unsigned char)(utf32chr>>8);
+            *unitmp++ = (unsigned char)(utf32chr);
+        }
+    }
+    /* Make result double null terminated */
+    *unitmp++ = 0;
+    *unitmp++ = 0;
+    if (unilen)
+        *unilen = ulen;
+    if (uni)
+        *uni = ret;
+    return ret;
+}
+
+static int bmp_to_utf8(char *str, const unsigned char *utf16, int len)
+{
+    unsigned long utf32chr;
+
+    if (len == 0) return 0;
+
+    if (len < 2) return -1;
+
+    /* pull UTF-16 character in big-endian order */
+    utf32chr = (utf16[0]<<8) | utf16[1];
+
+    if (utf32chr >= 0xD800 && utf32chr < 0xE000) {   /* two chars */
+        unsigned int lo;
+
+        if (len < 4) return -1;
+
+        utf32chr -= 0xD800;
+        utf32chr <<= 10;
+        lo = (utf16[2]<<8) | utf16[3];
+        if (lo < 0xDC00 || lo >= 0xE000) return -1;
+        utf32chr |= lo-0xDC00;
+        utf32chr += 0x10000;
+    }
+
+    return UTF8_putc((unsigned char *)str, len > 4 ? 4 : len, utf32chr);
+}
+
+char *OPENSSL_uni2utf8(const unsigned char *uni, int unilen)
+{
+    int asclen, i, j;
+    char *asctmp;
+
+    /* string must contain an even number of bytes */
+    if (unilen & 1)
+        return NULL;
+
+    for (asclen = 0, i = 0; i < unilen; ) {
+        j = bmp_to_utf8(NULL, uni+i, unilen-i);
+        /*
+         * falling back to OPENSSL_uni2asc makes lesser sense [than
+         * falling back to OPENSSL_asc2uni in OPENSSL_utf82uni above],
+         * it's done rather to maintain symmetry...
+         */
+        if (j < 0) return OPENSSL_uni2asc(uni, unilen);
+        if (j == 4) i += 4;
+        else        i += 2;
+        asclen += j;
+    }
+
+    /* If no terminating zero allow for one */
+    if (!unilen || (uni[unilen-2]||uni[unilen - 1]))
+        asclen++;
+
+    if ((asctmp = OPENSSL_malloc(asclen)) == NULL) {
+        PKCS12err(PKCS12_F_OPENSSL_UNI2UTF8, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    /* re-run the loop emitting UTF-8 string */
+    for (asclen = 0, i = 0; i < unilen; ) {
+        j = bmp_to_utf8(asctmp+asclen, uni+i, unilen-i);
+        if (j == 4) i += 4;
+        else        i += 2;
+        asclen += j;
+    }
+
+    /* If no terminating zero write one */
+    if (!unilen || (uni[unilen-2]||uni[unilen - 1]))
+        asctmp[asclen] = '\0';
+
+    return asctmp;
+}
+
+int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12)
+{
+    return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS12), bp, p12);
+}
+
+#ifndef OPENSSL_NO_STDIO
+int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12)
+{
+    return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS12), fp, p12);
+}
+#endif
+
+PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12)
+{
+    return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS12), bp, p12);
+}
+
+#ifndef OPENSSL_NO_STDIO
+PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12)
+{
+    return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS12), fp, p12);
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/pk12err.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/pk12err.c
new file mode 100644
index 000000000..38ce5197e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/pk12err.c
@@ -0,0 +1,117 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/pkcs12err.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA PKCS12_str_functs[] = {
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_OPENSSL_ASC2UNI, 0), "OPENSSL_asc2uni"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_OPENSSL_UNI2ASC, 0), "OPENSSL_uni2asc"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_OPENSSL_UNI2UTF8, 0),
+     "OPENSSL_uni2utf8"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_OPENSSL_UTF82UNI, 0),
+     "OPENSSL_utf82uni"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_CREATE, 0), "PKCS12_create"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_GEN_MAC, 0), "PKCS12_gen_mac"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_INIT, 0), "PKCS12_init"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_ITEM_DECRYPT_D2I, 0),
+     "PKCS12_item_decrypt_d2i"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, 0),
+     "PKCS12_item_i2d_encrypt"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, 0),
+     "PKCS12_item_pack_safebag"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_KEY_GEN_ASC, 0),
+     "PKCS12_key_gen_asc"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_KEY_GEN_UNI, 0),
+     "PKCS12_key_gen_uni"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_KEY_GEN_UTF8, 0),
+     "PKCS12_key_gen_utf8"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_NEWPASS, 0), "PKCS12_newpass"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_PACK_P7DATA, 0),
+     "PKCS12_pack_p7data"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_PACK_P7ENCDATA, 0),
+     "PKCS12_pack_p7encdata"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_PARSE, 0), "PKCS12_parse"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_PBE_CRYPT, 0),
+     "PKCS12_pbe_crypt"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_PBE_KEYIVGEN, 0),
+     "PKCS12_PBE_keyivgen"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF, 0),
+     "PKCS12_SAFEBAG_create0_p8inf"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8, 0),
+     "PKCS12_SAFEBAG_create0_pkcs8"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT, 0),
+     "PKCS12_SAFEBAG_create_pkcs8_encrypt"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_SETUP_MAC, 0),
+     "PKCS12_setup_mac"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_SET_MAC, 0), "PKCS12_set_mac"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_UNPACK_AUTHSAFES, 0),
+     "PKCS12_unpack_authsafes"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_UNPACK_P7DATA, 0),
+     "PKCS12_unpack_p7data"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_VERIFY_MAC, 0),
+     "PKCS12_verify_mac"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS8_ENCRYPT, 0), "PKCS8_encrypt"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS8_SET0_PBE, 0), "PKCS8_set0_pbe"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA PKCS12_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_CANT_PACK_STRUCTURE),
+    "cant pack structure"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_CONTENT_TYPE_NOT_DATA),
+    "content type not data"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_DECODE_ERROR), "decode error"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_ENCODE_ERROR), "encode error"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_ENCRYPT_ERROR), "encrypt error"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE),
+    "error setting encrypted data type"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_INVALID_NULL_ARGUMENT),
+    "invalid null argument"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_INVALID_NULL_PKCS12_POINTER),
+    "invalid null pkcs12 pointer"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_IV_GEN_ERROR), "iv gen error"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_KEY_GEN_ERROR), "key gen error"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_MAC_ABSENT), "mac absent"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_MAC_GENERATION_ERROR),
+    "mac generation error"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_MAC_SETUP_ERROR), "mac setup error"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_MAC_STRING_SET_ERROR),
+    "mac string set error"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_MAC_VERIFY_FAILURE),
+    "mac verify failure"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_PARSE_ERROR), "parse error"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR),
+    "pkcs12 algor cipherinit error"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_PKCS12_CIPHERFINAL_ERROR),
+    "pkcs12 cipherfinal error"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_PKCS12_PBE_CRYPT_ERROR),
+    "pkcs12 pbe crypt error"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM),
+    "unknown digest algorithm"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_UNSUPPORTED_PKCS12_MODE),
+    "unsupported pkcs12 mode"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_PKCS12_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(PKCS12_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(PKCS12_str_functs);
+        ERR_load_strings_const(PKCS12_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs7/bio_pk7.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs7/bio_pk7.c
new file mode 100644
index 000000000..29feaa354
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs7/bio_pk7.c
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/asn1.h>
+#include <openssl/pkcs7.h>
+#include <openssl/bio.h>
+
+#if !defined(OPENSSL_SYS_VXWORKS)
+# include <memory.h>
+#endif
+#include <stdio.h>
+
+/* Streaming encode support for PKCS#7 */
+
+BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7)
+{
+    return BIO_new_NDEF(out, (ASN1_VALUE *)p7, ASN1_ITEM_rptr(PKCS7));
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs7/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs7/build.info
new file mode 100644
index 000000000..2029d538f
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs7/build.info
@@ -0,0 +1,4 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        pk7_asn1.c pk7_lib.c pkcs7err.c pk7_doit.c pk7_smime.c pk7_attr.c \
+        pk7_mime.c bio_pk7.c
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs7/pk7_asn1.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs7/pk7_asn1.c
new file mode 100644
index 000000000..cd9fb4f50
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs7/pk7_asn1.c
@@ -0,0 +1,202 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pkcs7.h>
+#include <openssl/x509.h>
+
+/* PKCS#7 ASN1 module */
+
+/* This is the ANY DEFINED BY table for the top level PKCS#7 structure */
+
+ASN1_ADB_TEMPLATE(p7default) = ASN1_EXP_OPT(PKCS7, d.other, ASN1_ANY, 0);
+
+ASN1_ADB(PKCS7) = {
+        ADB_ENTRY(NID_pkcs7_data, ASN1_NDEF_EXP_OPT(PKCS7, d.data, ASN1_OCTET_STRING_NDEF, 0)),
+        ADB_ENTRY(NID_pkcs7_signed, ASN1_NDEF_EXP_OPT(PKCS7, d.sign, PKCS7_SIGNED, 0)),
+        ADB_ENTRY(NID_pkcs7_enveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.enveloped, PKCS7_ENVELOPE, 0)),
+        ADB_ENTRY(NID_pkcs7_signedAndEnveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.signed_and_enveloped, PKCS7_SIGN_ENVELOPE, 0)),
+        ADB_ENTRY(NID_pkcs7_digest, ASN1_NDEF_EXP_OPT(PKCS7, d.digest, PKCS7_DIGEST, 0)),
+        ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP_OPT(PKCS7, d.encrypted, PKCS7_ENCRYPT, 0))
+} ASN1_ADB_END(PKCS7, 0, type, 0, &p7default_tt, NULL);
+
+/* PKCS#7 streaming support */
+static int pk7_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                  void *exarg)
+{
+    ASN1_STREAM_ARG *sarg = exarg;
+    PKCS7 **pp7 = (PKCS7 **)pval;
+
+    switch (operation) {
+
+    case ASN1_OP_STREAM_PRE:
+        if (PKCS7_stream(&sarg->boundary, *pp7) <= 0)
+            return 0;
+        /* fall thru */
+    case ASN1_OP_DETACHED_PRE:
+        sarg->ndef_bio = PKCS7_dataInit(*pp7, sarg->out);
+        if (!sarg->ndef_bio)
+            return 0;
+        break;
+
+    case ASN1_OP_STREAM_POST:
+    case ASN1_OP_DETACHED_POST:
+        if (PKCS7_dataFinal(*pp7, sarg->ndef_bio) <= 0)
+            return 0;
+        break;
+
+    }
+    return 1;
+}
+
+ASN1_NDEF_SEQUENCE_cb(PKCS7, pk7_cb) = {
+        ASN1_SIMPLE(PKCS7, type, ASN1_OBJECT),
+        ASN1_ADB_OBJECT(PKCS7)
+}ASN1_NDEF_SEQUENCE_END_cb(PKCS7, PKCS7)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7)
+
+IMPLEMENT_ASN1_NDEF_FUNCTION(PKCS7)
+
+IMPLEMENT_ASN1_DUP_FUNCTION(PKCS7)
+
+ASN1_NDEF_SEQUENCE(PKCS7_SIGNED) = {
+        ASN1_SIMPLE(PKCS7_SIGNED, version, ASN1_INTEGER),
+        ASN1_SET_OF(PKCS7_SIGNED, md_algs, X509_ALGOR),
+        ASN1_SIMPLE(PKCS7_SIGNED, contents, PKCS7),
+        ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNED, cert, X509, 0),
+        ASN1_IMP_SET_OF_OPT(PKCS7_SIGNED, crl, X509_CRL, 1),
+        ASN1_SET_OF(PKCS7_SIGNED, signer_info, PKCS7_SIGNER_INFO)
+} ASN1_NDEF_SEQUENCE_END(PKCS7_SIGNED)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNED)
+
+/* Minor tweak to operation: free up EVP_PKEY */
+static int si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                 void *exarg)
+{
+    if (operation == ASN1_OP_FREE_POST) {
+        PKCS7_SIGNER_INFO *si = (PKCS7_SIGNER_INFO *)*pval;
+        EVP_PKEY_free(si->pkey);
+    }
+    return 1;
+}
+
+ASN1_SEQUENCE_cb(PKCS7_SIGNER_INFO, si_cb) = {
+        ASN1_SIMPLE(PKCS7_SIGNER_INFO, version, ASN1_INTEGER),
+        ASN1_SIMPLE(PKCS7_SIGNER_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL),
+        ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_alg, X509_ALGOR),
+        /* NB this should be a SET OF but we use a SEQUENCE OF so the
+         * original order * is retained when the structure is reencoded.
+         * Since the attributes are implicitly tagged this will not affect
+         * the encoding.
+         */
+        ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNER_INFO, auth_attr, X509_ATTRIBUTE, 0),
+        ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_enc_alg, X509_ALGOR),
+        ASN1_SIMPLE(PKCS7_SIGNER_INFO, enc_digest, ASN1_OCTET_STRING),
+        ASN1_IMP_SET_OF_OPT(PKCS7_SIGNER_INFO, unauth_attr, X509_ATTRIBUTE, 1)
+} ASN1_SEQUENCE_END_cb(PKCS7_SIGNER_INFO, PKCS7_SIGNER_INFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO)
+
+ASN1_SEQUENCE(PKCS7_ISSUER_AND_SERIAL) = {
+        ASN1_SIMPLE(PKCS7_ISSUER_AND_SERIAL, issuer, X509_NAME),
+        ASN1_SIMPLE(PKCS7_ISSUER_AND_SERIAL, serial, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(PKCS7_ISSUER_AND_SERIAL)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL)
+
+ASN1_NDEF_SEQUENCE(PKCS7_ENVELOPE) = {
+        ASN1_SIMPLE(PKCS7_ENVELOPE, version, ASN1_INTEGER),
+        ASN1_SET_OF(PKCS7_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO),
+        ASN1_SIMPLE(PKCS7_ENVELOPE, enc_data, PKCS7_ENC_CONTENT)
+} ASN1_NDEF_SEQUENCE_END(PKCS7_ENVELOPE)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENVELOPE)
+
+/* Minor tweak to operation: free up X509 */
+static int ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                 void *exarg)
+{
+    if (operation == ASN1_OP_FREE_POST) {
+        PKCS7_RECIP_INFO *ri = (PKCS7_RECIP_INFO *)*pval;
+        X509_free(ri->cert);
+    }
+    return 1;
+}
+
+ASN1_SEQUENCE_cb(PKCS7_RECIP_INFO, ri_cb) = {
+        ASN1_SIMPLE(PKCS7_RECIP_INFO, version, ASN1_INTEGER),
+        ASN1_SIMPLE(PKCS7_RECIP_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL),
+        ASN1_SIMPLE(PKCS7_RECIP_INFO, key_enc_algor, X509_ALGOR),
+        ASN1_SIMPLE(PKCS7_RECIP_INFO, enc_key, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END_cb(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_RECIP_INFO)
+
+ASN1_NDEF_SEQUENCE(PKCS7_ENC_CONTENT) = {
+        ASN1_SIMPLE(PKCS7_ENC_CONTENT, content_type, ASN1_OBJECT),
+        ASN1_SIMPLE(PKCS7_ENC_CONTENT, algorithm, X509_ALGOR),
+        ASN1_IMP_OPT(PKCS7_ENC_CONTENT, enc_data, ASN1_OCTET_STRING_NDEF, 0)
+} ASN1_NDEF_SEQUENCE_END(PKCS7_ENC_CONTENT)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT)
+
+ASN1_NDEF_SEQUENCE(PKCS7_SIGN_ENVELOPE) = {
+        ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, version, ASN1_INTEGER),
+        ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO),
+        ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, md_algs, X509_ALGOR),
+        ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, enc_data, PKCS7_ENC_CONTENT),
+        ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, cert, X509, 0),
+        ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, crl, X509_CRL, 1),
+        ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, signer_info, PKCS7_SIGNER_INFO)
+} ASN1_NDEF_SEQUENCE_END(PKCS7_SIGN_ENVELOPE)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE)
+
+ASN1_NDEF_SEQUENCE(PKCS7_ENCRYPT) = {
+        ASN1_SIMPLE(PKCS7_ENCRYPT, version, ASN1_INTEGER),
+        ASN1_SIMPLE(PKCS7_ENCRYPT, enc_data, PKCS7_ENC_CONTENT)
+} ASN1_NDEF_SEQUENCE_END(PKCS7_ENCRYPT)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENCRYPT)
+
+ASN1_NDEF_SEQUENCE(PKCS7_DIGEST) = {
+        ASN1_SIMPLE(PKCS7_DIGEST, version, ASN1_INTEGER),
+        ASN1_SIMPLE(PKCS7_DIGEST, md, X509_ALGOR),
+        ASN1_SIMPLE(PKCS7_DIGEST, contents, PKCS7),
+        ASN1_SIMPLE(PKCS7_DIGEST, digest, ASN1_OCTET_STRING)
+} ASN1_NDEF_SEQUENCE_END(PKCS7_DIGEST)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_DIGEST)
+
+/* Specials for authenticated attributes */
+
+/*
+ * When signing attributes we want to reorder them to match the sorted
+ * encoding.
+ */
+
+ASN1_ITEM_TEMPLATE(PKCS7_ATTR_SIGN) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, PKCS7_ATTRIBUTES, X509_ATTRIBUTE)
+ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_SIGN)
+
+/*
+ * When verifying attributes we need to use the received order. So we use
+ * SEQUENCE OF and tag it to SET OF
+ */
+
+ASN1_ITEM_TEMPLATE(PKCS7_ATTR_VERIFY) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL,
+                                V_ASN1_SET, PKCS7_ATTRIBUTES, X509_ATTRIBUTE)
+ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_VERIFY)
+
+IMPLEMENT_ASN1_PRINT_FUNCTION(PKCS7)
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs7/pk7_attr.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs7/pk7_attr.c
new file mode 100644
index 000000000..e90bf03c5
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs7/pk7_attr.c
@@ -0,0 +1,121 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/bio.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/pkcs7.h>
+#include <openssl/x509.h>
+#include <openssl/err.h>
+
+int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si,
+                              STACK_OF(X509_ALGOR) *cap)
+{
+    ASN1_STRING *seq;
+
+    if ((seq = ASN1_STRING_new()) == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    seq->length = ASN1_item_i2d((ASN1_VALUE *)cap, &seq->data,
+                                ASN1_ITEM_rptr(X509_ALGORS));
+    return PKCS7_add_signed_attribute(si, NID_SMIMECapabilities,
+                                      V_ASN1_SEQUENCE, seq);
+}
+
+STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si)
+{
+    ASN1_TYPE *cap;
+    const unsigned char *p;
+
+    cap = PKCS7_get_signed_attribute(si, NID_SMIMECapabilities);
+    if (cap == NULL || (cap->type != V_ASN1_SEQUENCE))
+        return NULL;
+    p = cap->value.sequence->data;
+    return (STACK_OF(X509_ALGOR) *)
+        ASN1_item_d2i(NULL, &p, cap->value.sequence->length,
+                      ASN1_ITEM_rptr(X509_ALGORS));
+}
+
+/* Basic smime-capabilities OID and optional integer arg */
+int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
+{
+    ASN1_INTEGER *nbit = NULL;
+    X509_ALGOR *alg;
+
+    if ((alg = X509_ALGOR_new()) == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ASN1_OBJECT_free(alg->algorithm);
+    alg->algorithm = OBJ_nid2obj(nid);
+    if (arg > 0) {
+        if ((alg->parameter = ASN1_TYPE_new()) == NULL) {
+            goto err;
+        }
+        if ((nbit = ASN1_INTEGER_new()) == NULL) {
+            goto err;
+        }
+        if (!ASN1_INTEGER_set(nbit, arg)) {
+            goto err;
+        }
+        alg->parameter->value.integer = nbit;
+        alg->parameter->type = V_ASN1_INTEGER;
+        nbit = NULL;
+    }
+    if (!sk_X509_ALGOR_push(sk, alg)) {
+        goto err;
+    }
+    return 1;
+err:
+    PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE);
+    ASN1_INTEGER_free(nbit);
+    X509_ALGOR_free(alg);
+    return 0;
+}
+
+int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid)
+{
+    if (PKCS7_get_signed_attribute(si, NID_pkcs9_contentType))
+        return 0;
+    if (!coid)
+        coid = OBJ_nid2obj(NID_pkcs7_data);
+    return PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,
+                                      V_ASN1_OBJECT, coid);
+}
+
+int PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t)
+{
+    if (t == NULL && (t = X509_gmtime_adj(NULL, 0)) == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME,
+                 ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    return PKCS7_add_signed_attribute(si, NID_pkcs9_signingTime,
+                                      V_ASN1_UTCTIME, t);
+}
+
+int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si,
+                             const unsigned char *md, int mdlen)
+{
+    ASN1_OCTET_STRING *os;
+    os = ASN1_OCTET_STRING_new();
+    if (os == NULL)
+        return 0;
+    if (!ASN1_STRING_set(os, md, mdlen)
+        || !PKCS7_add_signed_attribute(si, NID_pkcs9_messageDigest,
+                                       V_ASN1_OCTET_STRING, os)) {
+        ASN1_OCTET_STRING_free(os);
+        return 0;
+    }
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs7/pk7_doit.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs7/pk7_doit.c
new file mode 100644
index 000000000..ee08e602a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs7/pk7_doit.c
@@ -0,0 +1,1180 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+
+static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
+                         void *value);
+static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid);
+
+static int PKCS7_type_is_other(PKCS7 *p7)
+{
+    int isOther = 1;
+
+    int nid = OBJ_obj2nid(p7->type);
+
+    switch (nid) {
+    case NID_pkcs7_data:
+    case NID_pkcs7_signed:
+    case NID_pkcs7_enveloped:
+    case NID_pkcs7_signedAndEnveloped:
+    case NID_pkcs7_digest:
+    case NID_pkcs7_encrypted:
+        isOther = 0;
+        break;
+    default:
+        isOther = 1;
+    }
+
+    return isOther;
+
+}
+
+static ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7)
+{
+    if (PKCS7_type_is_data(p7))
+        return p7->d.data;
+    if (PKCS7_type_is_other(p7) && p7->d.other
+        && (p7->d.other->type == V_ASN1_OCTET_STRING))
+        return p7->d.other->value.octet_string;
+    return NULL;
+}
+
+static int PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg)
+{
+    BIO *btmp;
+    const EVP_MD *md;
+    if ((btmp = BIO_new(BIO_f_md())) == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, ERR_R_BIO_LIB);
+        goto err;
+    }
+
+    md = EVP_get_digestbyobj(alg->algorithm);
+    if (md == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, PKCS7_R_UNKNOWN_DIGEST_TYPE);
+        goto err;
+    }
+
+    BIO_set_md(btmp, md);
+    if (*pbio == NULL)
+        *pbio = btmp;
+    else if (!BIO_push(*pbio, btmp)) {
+        PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, ERR_R_BIO_LIB);
+        goto err;
+    }
+    btmp = NULL;
+
+    return 1;
+
+ err:
+    BIO_free(btmp);
+    return 0;
+
+}
+
+static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri,
+                              unsigned char *key, int keylen)
+{
+    EVP_PKEY_CTX *pctx = NULL;
+    EVP_PKEY *pkey = NULL;
+    unsigned char *ek = NULL;
+    int ret = 0;
+    size_t eklen;
+
+    pkey = X509_get0_pubkey(ri->cert);
+
+    if (!pkey)
+        return 0;
+
+    pctx = EVP_PKEY_CTX_new(pkey, NULL);
+    if (!pctx)
+        return 0;
+
+    if (EVP_PKEY_encrypt_init(pctx) <= 0)
+        goto err;
+
+    if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT,
+                          EVP_PKEY_CTRL_PKCS7_ENCRYPT, 0, ri) <= 0) {
+        PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, PKCS7_R_CTRL_ERROR);
+        goto err;
+    }
+
+    if (EVP_PKEY_encrypt(pctx, NULL, &eklen, key, keylen) <= 0)
+        goto err;
+
+    ek = OPENSSL_malloc(eklen);
+
+    if (ek == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (EVP_PKEY_encrypt(pctx, ek, &eklen, key, keylen) <= 0)
+        goto err;
+
+    ASN1_STRING_set0(ri->enc_key, ek, eklen);
+    ek = NULL;
+
+    ret = 1;
+
+ err:
+    EVP_PKEY_CTX_free(pctx);
+    OPENSSL_free(ek);
+    return ret;
+
+}
+
+static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen,
+                               PKCS7_RECIP_INFO *ri, EVP_PKEY *pkey)
+{
+    EVP_PKEY_CTX *pctx = NULL;
+    unsigned char *ek = NULL;
+    size_t eklen;
+
+    int ret = -1;
+
+    pctx = EVP_PKEY_CTX_new(pkey, NULL);
+    if (!pctx)
+        return -1;
+
+    if (EVP_PKEY_decrypt_init(pctx) <= 0)
+        goto err;
+
+    if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT,
+                          EVP_PKEY_CTRL_PKCS7_DECRYPT, 0, ri) <= 0) {
+        PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, PKCS7_R_CTRL_ERROR);
+        goto err;
+    }
+
+    if (EVP_PKEY_decrypt(pctx, NULL, &eklen,
+                         ri->enc_key->data, ri->enc_key->length) <= 0)
+        goto err;
+
+    ek = OPENSSL_malloc(eklen);
+
+    if (ek == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (EVP_PKEY_decrypt(pctx, ek, &eklen,
+                         ri->enc_key->data, ri->enc_key->length) <= 0) {
+        ret = 0;
+        PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_EVP_LIB);
+        goto err;
+    }
+
+    ret = 1;
+
+    OPENSSL_clear_free(*pek, *peklen);
+    *pek = ek;
+    *peklen = eklen;
+
+ err:
+    EVP_PKEY_CTX_free(pctx);
+    if (!ret)
+        OPENSSL_free(ek);
+
+    return ret;
+}
+
+BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
+{
+    int i;
+    BIO *out = NULL, *btmp = NULL;
+    X509_ALGOR *xa = NULL;
+    const EVP_CIPHER *evp_cipher = NULL;
+    STACK_OF(X509_ALGOR) *md_sk = NULL;
+    STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL;
+    X509_ALGOR *xalg = NULL;
+    PKCS7_RECIP_INFO *ri = NULL;
+    ASN1_OCTET_STRING *os = NULL;
+
+    if (p7 == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER);
+        return NULL;
+    }
+    /*
+     * The content field in the PKCS7 ContentInfo is optional, but that really
+     * only applies to inner content (precisely, detached signatures).
+     *
+     * When reading content, missing outer content is therefore treated as an
+     * error.
+     *
+     * When creating content, PKCS7_content_new() must be called before
+     * calling this method, so a NULL p7->d is always an error.
+     */
+    if (p7->d.ptr == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT);
+        return NULL;
+    }
+
+    i = OBJ_obj2nid(p7->type);
+    p7->state = PKCS7_S_HEADER;
+
+    switch (i) {
+    case NID_pkcs7_signed:
+        md_sk = p7->d.sign->md_algs;
+        os = PKCS7_get_octet_string(p7->d.sign->contents);
+        break;
+    case NID_pkcs7_signedAndEnveloped:
+        rsk = p7->d.signed_and_enveloped->recipientinfo;
+        md_sk = p7->d.signed_and_enveloped->md_algs;
+        xalg = p7->d.signed_and_enveloped->enc_data->algorithm;
+        evp_cipher = p7->d.signed_and_enveloped->enc_data->cipher;
+        if (evp_cipher == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_CIPHER_NOT_INITIALIZED);
+            goto err;
+        }
+        break;
+    case NID_pkcs7_enveloped:
+        rsk = p7->d.enveloped->recipientinfo;
+        xalg = p7->d.enveloped->enc_data->algorithm;
+        evp_cipher = p7->d.enveloped->enc_data->cipher;
+        if (evp_cipher == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_CIPHER_NOT_INITIALIZED);
+            goto err;
+        }
+        break;
+    case NID_pkcs7_digest:
+        xa = p7->d.digest->md;
+        os = PKCS7_get_octet_string(p7->d.digest->contents);
+        break;
+    case NID_pkcs7_data:
+        break;
+    default:
+        PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+        goto err;
+    }
+
+    for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++)
+        if (!PKCS7_bio_add_digest(&out, sk_X509_ALGOR_value(md_sk, i)))
+            goto err;
+
+    if (xa && !PKCS7_bio_add_digest(&out, xa))
+        goto err;
+
+    if (evp_cipher != NULL) {
+        unsigned char key[EVP_MAX_KEY_LENGTH];
+        unsigned char iv[EVP_MAX_IV_LENGTH];
+        int keylen, ivlen;
+        EVP_CIPHER_CTX *ctx;
+
+        if ((btmp = BIO_new(BIO_f_cipher())) == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_DATAINIT, ERR_R_BIO_LIB);
+            goto err;
+        }
+        BIO_get_cipher_ctx(btmp, &ctx);
+        keylen = EVP_CIPHER_key_length(evp_cipher);
+        ivlen = EVP_CIPHER_iv_length(evp_cipher);
+        xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
+        if (ivlen > 0)
+            if (RAND_bytes(iv, ivlen) <= 0)
+                goto err;
+        if (EVP_CipherInit_ex(ctx, evp_cipher, NULL, NULL, NULL, 1) <= 0)
+            goto err;
+        if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
+            goto err;
+        if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 1) <= 0)
+            goto err;
+
+        if (ivlen > 0) {
+            if (xalg->parameter == NULL) {
+                xalg->parameter = ASN1_TYPE_new();
+                if (xalg->parameter == NULL)
+                    goto err;
+            }
+            if (EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0)
+                goto err;
+        }
+
+        /* Lets do the pub key stuff :-) */
+        for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
+            ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
+            if (pkcs7_encode_rinfo(ri, key, keylen) <= 0)
+                goto err;
+        }
+        OPENSSL_cleanse(key, keylen);
+
+        if (out == NULL)
+            out = btmp;
+        else
+            BIO_push(out, btmp);
+        btmp = NULL;
+    }
+
+    if (bio == NULL) {
+        if (PKCS7_is_detached(p7)) {
+            bio = BIO_new(BIO_s_null());
+        } else if (os && os->length > 0) {
+            bio = BIO_new_mem_buf(os->data, os->length);
+        } else {
+            bio = BIO_new(BIO_s_mem());
+            if (bio == NULL)
+                goto err;
+            BIO_set_mem_eof_return(bio, 0);
+        }
+        if (bio == NULL)
+            goto err;
+    }
+    if (out)
+        BIO_push(out, bio);
+    else
+        out = bio;
+    return out;
+
+ err:
+    BIO_free_all(out);
+    BIO_free_all(btmp);
+    return NULL;
+}
+
+static int pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert)
+{
+    int ret;
+    ret = X509_NAME_cmp(ri->issuer_and_serial->issuer,
+                        X509_get_issuer_name(pcert));
+    if (ret)
+        return ret;
+    return ASN1_INTEGER_cmp(X509_get_serialNumber(pcert),
+                            ri->issuer_and_serial->serial);
+}
+
+/* int */
+BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
+{
+    int i, j;
+    BIO *out = NULL, *btmp = NULL, *etmp = NULL, *bio = NULL;
+    X509_ALGOR *xa;
+    ASN1_OCTET_STRING *data_body = NULL;
+    const EVP_MD *evp_md;
+    const EVP_CIPHER *evp_cipher = NULL;
+    EVP_CIPHER_CTX *evp_ctx = NULL;
+    X509_ALGOR *enc_alg = NULL;
+    STACK_OF(X509_ALGOR) *md_sk = NULL;
+    STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL;
+    PKCS7_RECIP_INFO *ri = NULL;
+    unsigned char *ek = NULL, *tkey = NULL;
+    int eklen = 0, tkeylen = 0;
+
+    if (p7 == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_INVALID_NULL_POINTER);
+        return NULL;
+    }
+
+    if (p7->d.ptr == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
+        return NULL;
+    }
+
+    i = OBJ_obj2nid(p7->type);
+    p7->state = PKCS7_S_HEADER;
+
+    switch (i) {
+    case NID_pkcs7_signed:
+        /*
+         * p7->d.sign->contents is a PKCS7 structure consisting of a contentType
+         * field and optional content.
+         * data_body is NULL if that structure has no (=detached) content
+         * or if the contentType is wrong (i.e., not "data").
+         */
+        data_body = PKCS7_get_octet_string(p7->d.sign->contents);
+        if (!PKCS7_is_detached(p7) && data_body == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+                     PKCS7_R_INVALID_SIGNED_DATA_TYPE);
+            goto err;
+        }
+        md_sk = p7->d.sign->md_algs;
+        break;
+    case NID_pkcs7_signedAndEnveloped:
+        rsk = p7->d.signed_and_enveloped->recipientinfo;
+        md_sk = p7->d.signed_and_enveloped->md_algs;
+        /* data_body is NULL if the optional EncryptedContent is missing. */
+        data_body = p7->d.signed_and_enveloped->enc_data->enc_data;
+        enc_alg = p7->d.signed_and_enveloped->enc_data->algorithm;
+        evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm);
+        if (evp_cipher == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+                     PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
+            goto err;
+        }
+        break;
+    case NID_pkcs7_enveloped:
+        rsk = p7->d.enveloped->recipientinfo;
+        enc_alg = p7->d.enveloped->enc_data->algorithm;
+        /* data_body is NULL if the optional EncryptedContent is missing. */
+        data_body = p7->d.enveloped->enc_data->enc_data;
+        evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm);
+        if (evp_cipher == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+                     PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
+            goto err;
+        }
+        break;
+    default:
+        PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+        goto err;
+    }
+
+    /* Detached content must be supplied via in_bio instead. */
+    if (data_body == NULL && in_bio == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
+        goto err;
+    }
+
+    /* We will be checking the signature */
+    if (md_sk != NULL) {
+        for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) {
+            xa = sk_X509_ALGOR_value(md_sk, i);
+            if ((btmp = BIO_new(BIO_f_md())) == NULL) {
+                PKCS7err(PKCS7_F_PKCS7_DATADECODE, ERR_R_BIO_LIB);
+                goto err;
+            }
+
+            j = OBJ_obj2nid(xa->algorithm);
+            evp_md = EVP_get_digestbynid(j);
+            if (evp_md == NULL) {
+                PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+                         PKCS7_R_UNKNOWN_DIGEST_TYPE);
+                goto err;
+            }
+
+            BIO_set_md(btmp, evp_md);
+            if (out == NULL)
+                out = btmp;
+            else
+                BIO_push(out, btmp);
+            btmp = NULL;
+        }
+    }
+
+    if (evp_cipher != NULL) {
+        if ((etmp = BIO_new(BIO_f_cipher())) == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_DATADECODE, ERR_R_BIO_LIB);
+            goto err;
+        }
+
+        /*
+         * It was encrypted, we need to decrypt the secret key with the
+         * private key
+         */
+
+        /*
+         * Find the recipientInfo which matches the passed certificate (if
+         * any)
+         */
+
+        if (pcert) {
+            for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
+                ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
+                if (!pkcs7_cmp_ri(ri, pcert))
+                    break;
+                ri = NULL;
+            }
+            if (ri == NULL) {
+                PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+                         PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE);
+                goto err;
+            }
+        }
+
+        /* If we haven't got a certificate try each ri in turn */
+        if (pcert == NULL) {
+            /*
+             * Always attempt to decrypt all rinfo even after success as a
+             * defence against MMA timing attacks.
+             */
+            for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
+                ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
+
+                if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) < 0)
+                    goto err;
+                ERR_clear_error();
+            }
+        } else {
+            /* Only exit on fatal errors, not decrypt failure */
+            if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) < 0)
+                goto err;
+            ERR_clear_error();
+        }
+
+        evp_ctx = NULL;
+        BIO_get_cipher_ctx(etmp, &evp_ctx);
+        if (EVP_CipherInit_ex(evp_ctx, evp_cipher, NULL, NULL, NULL, 0) <= 0)
+            goto err;
+        if (EVP_CIPHER_asn1_to_param(evp_ctx, enc_alg->parameter) < 0)
+            goto err;
+        /* Generate random key as MMA defence */
+        tkeylen = EVP_CIPHER_CTX_key_length(evp_ctx);
+        tkey = OPENSSL_malloc(tkeylen);
+        if (tkey == NULL)
+            goto err;
+        if (EVP_CIPHER_CTX_rand_key(evp_ctx, tkey) <= 0)
+            goto err;
+        if (ek == NULL) {
+            ek = tkey;
+            eklen = tkeylen;
+            tkey = NULL;
+        }
+
+        if (eklen != EVP_CIPHER_CTX_key_length(evp_ctx)) {
+            /*
+             * Some S/MIME clients don't use the same key and effective key
+             * length. The key length is determined by the size of the
+             * decrypted RSA key.
+             */
+            if (!EVP_CIPHER_CTX_set_key_length(evp_ctx, eklen)) {
+                /* Use random key as MMA defence */
+                OPENSSL_clear_free(ek, eklen);
+                ek = tkey;
+                eklen = tkeylen;
+                tkey = NULL;
+            }
+        }
+        /* Clear errors so we don't leak information useful in MMA */
+        ERR_clear_error();
+        if (EVP_CipherInit_ex(evp_ctx, NULL, NULL, ek, NULL, 0) <= 0)
+            goto err;
+
+        OPENSSL_clear_free(ek, eklen);
+        ek = NULL;
+        OPENSSL_clear_free(tkey, tkeylen);
+        tkey = NULL;
+
+        if (out == NULL)
+            out = etmp;
+        else
+            BIO_push(out, etmp);
+        etmp = NULL;
+    }
+    if (in_bio != NULL) {
+        bio = in_bio;
+    } else {
+        if (data_body->length > 0)
+            bio = BIO_new_mem_buf(data_body->data, data_body->length);
+        else {
+            bio = BIO_new(BIO_s_mem());
+            if (bio == NULL)
+                goto err;
+            BIO_set_mem_eof_return(bio, 0);
+        }
+        if (bio == NULL)
+            goto err;
+    }
+    BIO_push(out, bio);
+    bio = NULL;
+    return out;
+
+ err:
+    OPENSSL_clear_free(ek, eklen);
+    OPENSSL_clear_free(tkey, tkeylen);
+    BIO_free_all(out);
+    BIO_free_all(btmp);
+    BIO_free_all(etmp);
+    BIO_free_all(bio);
+    return NULL;
+}
+
+static BIO *PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid)
+{
+    for (;;) {
+        bio = BIO_find_type(bio, BIO_TYPE_MD);
+        if (bio == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,
+                     PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
+            return NULL;
+        }
+        BIO_get_md_ctx(bio, pmd);
+        if (*pmd == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST, ERR_R_INTERNAL_ERROR);
+            return NULL;
+        }
+        if (EVP_MD_CTX_type(*pmd) == nid)
+            return bio;
+        bio = BIO_next(bio);
+    }
+    return NULL;
+}
+
+static int do_pkcs7_signed_attrib(PKCS7_SIGNER_INFO *si, EVP_MD_CTX *mctx)
+{
+    unsigned char md_data[EVP_MAX_MD_SIZE];
+    unsigned int md_len;
+
+    /* Add signing time if not already present */
+    if (!PKCS7_get_signed_attribute(si, NID_pkcs9_signingTime)) {
+        if (!PKCS7_add0_attrib_signing_time(si, NULL)) {
+            PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+    }
+
+    /* Add digest */
+    if (!EVP_DigestFinal_ex(mctx, md_data, &md_len)) {
+        PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_EVP_LIB);
+        return 0;
+    }
+    if (!PKCS7_add1_attrib_digest(si, md_data, md_len)) {
+        PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    /* Now sign the attributes */
+    if (!PKCS7_SIGNER_INFO_sign(si))
+        return 0;
+
+    return 1;
+}
+
+int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
+{
+    int ret = 0;
+    int i, j;
+    BIO *btmp;
+    PKCS7_SIGNER_INFO *si;
+    EVP_MD_CTX *mdc, *ctx_tmp;
+    STACK_OF(X509_ATTRIBUTE) *sk;
+    STACK_OF(PKCS7_SIGNER_INFO) *si_sk = NULL;
+    ASN1_OCTET_STRING *os = NULL;
+
+    if (p7 == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_INVALID_NULL_POINTER);
+        return 0;
+    }
+
+    if (p7->d.ptr == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT);
+        return 0;
+    }
+
+    ctx_tmp = EVP_MD_CTX_new();
+    if (ctx_tmp == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    i = OBJ_obj2nid(p7->type);
+    p7->state = PKCS7_S_HEADER;
+
+    switch (i) {
+    case NID_pkcs7_data:
+        os = p7->d.data;
+        break;
+    case NID_pkcs7_signedAndEnveloped:
+        /* XXXXXXXXXXXXXXXX */
+        si_sk = p7->d.signed_and_enveloped->signer_info;
+        os = p7->d.signed_and_enveloped->enc_data->enc_data;
+        if (os == NULL) {
+            os = ASN1_OCTET_STRING_new();
+            if (os == NULL) {
+                PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            p7->d.signed_and_enveloped->enc_data->enc_data = os;
+        }
+        break;
+    case NID_pkcs7_enveloped:
+        /* XXXXXXXXXXXXXXXX */
+        os = p7->d.enveloped->enc_data->enc_data;
+        if (os == NULL) {
+            os = ASN1_OCTET_STRING_new();
+            if (os == NULL) {
+                PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            p7->d.enveloped->enc_data->enc_data = os;
+        }
+        break;
+    case NID_pkcs7_signed:
+        si_sk = p7->d.sign->signer_info;
+        os = PKCS7_get_octet_string(p7->d.sign->contents);
+        /* If detached data then the content is excluded */
+        if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
+            ASN1_OCTET_STRING_free(os);
+            os = NULL;
+            p7->d.sign->contents->d.data = NULL;
+        }
+        break;
+
+    case NID_pkcs7_digest:
+        os = PKCS7_get_octet_string(p7->d.digest->contents);
+        /* If detached data then the content is excluded */
+        if (PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) {
+            ASN1_OCTET_STRING_free(os);
+            os = NULL;
+            p7->d.digest->contents->d.data = NULL;
+        }
+        break;
+
+    default:
+        PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+        goto err;
+    }
+
+    if (si_sk != NULL) {
+        for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(si_sk); i++) {
+            si = sk_PKCS7_SIGNER_INFO_value(si_sk, i);
+            if (si->pkey == NULL)
+                continue;
+
+            j = OBJ_obj2nid(si->digest_alg->algorithm);
+
+            btmp = bio;
+
+            btmp = PKCS7_find_digest(&mdc, btmp, j);
+
+            if (btmp == NULL)
+                goto err;
+
+            /*
+             * We now have the EVP_MD_CTX, lets do the signing.
+             */
+            if (!EVP_MD_CTX_copy_ex(ctx_tmp, mdc))
+                goto err;
+
+            sk = si->auth_attr;
+
+            /*
+             * If there are attributes, we add the digest attribute and only
+             * sign the attributes
+             */
+            if (sk_X509_ATTRIBUTE_num(sk) > 0) {
+                if (!do_pkcs7_signed_attrib(si, ctx_tmp))
+                    goto err;
+            } else {
+                unsigned char *abuf = NULL;
+                unsigned int abuflen;
+                abuflen = EVP_PKEY_size(si->pkey);
+                abuf = OPENSSL_malloc(abuflen);
+                if (abuf == NULL)
+                    goto err;
+
+                if (!EVP_SignFinal(ctx_tmp, abuf, &abuflen, si->pkey)) {
+                    OPENSSL_free(abuf);
+                    PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_EVP_LIB);
+                    goto err;
+                }
+                ASN1_STRING_set0(si->enc_digest, abuf, abuflen);
+            }
+        }
+    } else if (i == NID_pkcs7_digest) {
+        unsigned char md_data[EVP_MAX_MD_SIZE];
+        unsigned int md_len;
+        if (!PKCS7_find_digest(&mdc, bio,
+                               OBJ_obj2nid(p7->d.digest->md->algorithm)))
+            goto err;
+        if (!EVP_DigestFinal_ex(mdc, md_data, &md_len))
+            goto err;
+        if (!ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len))
+            goto err;
+    }
+
+    if (!PKCS7_is_detached(p7)) {
+        /*
+         * NOTE(emilia): I think we only reach os == NULL here because detached
+         * digested data support is broken.
+         */
+        if (os == NULL)
+            goto err;
+        if (!(os->flags & ASN1_STRING_FLAG_NDEF)) {
+            char *cont;
+            long contlen;
+            btmp = BIO_find_type(bio, BIO_TYPE_MEM);
+            if (btmp == NULL) {
+                PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
+                goto err;
+            }
+            contlen = BIO_get_mem_data(btmp, &cont);
+            /*
+             * Mark the BIO read only then we can use its copy of the data
+             * instead of making an extra copy.
+             */
+            BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
+            BIO_set_mem_eof_return(btmp, 0);
+            ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
+        }
+    }
+    ret = 1;
+ err:
+    EVP_MD_CTX_free(ctx_tmp);
+    return ret;
+}
+
+int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
+{
+    EVP_MD_CTX *mctx;
+    EVP_PKEY_CTX *pctx = NULL;
+    unsigned char *abuf = NULL;
+    int alen;
+    size_t siglen;
+    const EVP_MD *md = NULL;
+
+    md = EVP_get_digestbyobj(si->digest_alg->algorithm);
+    if (md == NULL)
+        return 0;
+
+    mctx = EVP_MD_CTX_new();
+    if (mctx == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (EVP_DigestSignInit(mctx, &pctx, md, NULL, si->pkey) <= 0)
+        goto err;
+
+    if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
+                          EVP_PKEY_CTRL_PKCS7_SIGN, 0, si) <= 0) {
+        PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR);
+        goto err;
+    }
+
+    alen = ASN1_item_i2d((ASN1_VALUE *)si->auth_attr, &abuf,
+                         ASN1_ITEM_rptr(PKCS7_ATTR_SIGN));
+    if (!abuf)
+        goto err;
+    if (EVP_DigestSignUpdate(mctx, abuf, alen) <= 0)
+        goto err;
+    OPENSSL_free(abuf);
+    abuf = NULL;
+    if (EVP_DigestSignFinal(mctx, NULL, &siglen) <= 0)
+        goto err;
+    abuf = OPENSSL_malloc(siglen);
+    if (abuf == NULL)
+        goto err;
+    if (EVP_DigestSignFinal(mctx, abuf, &siglen) <= 0)
+        goto err;
+
+    if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
+                          EVP_PKEY_CTRL_PKCS7_SIGN, 1, si) <= 0) {
+        PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR);
+        goto err;
+    }
+
+    EVP_MD_CTX_free(mctx);
+
+    ASN1_STRING_set0(si->enc_digest, abuf, siglen);
+
+    return 1;
+
+ err:
+    OPENSSL_free(abuf);
+    EVP_MD_CTX_free(mctx);
+    return 0;
+
+}
+
+int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio,
+                     PKCS7 *p7, PKCS7_SIGNER_INFO *si)
+{
+    PKCS7_ISSUER_AND_SERIAL *ias;
+    int ret = 0, i;
+    STACK_OF(X509) *cert;
+    X509 *x509;
+
+    if (p7 == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_INVALID_NULL_POINTER);
+        return 0;
+    }
+
+    if (p7->d.ptr == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT);
+        return 0;
+    }
+
+    if (PKCS7_type_is_signed(p7)) {
+        cert = p7->d.sign->cert;
+    } else if (PKCS7_type_is_signedAndEnveloped(p7)) {
+        cert = p7->d.signed_and_enveloped->cert;
+    } else {
+        PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_WRONG_PKCS7_TYPE);
+        goto err;
+    }
+    /* XXXXXXXXXXXXXXXXXXXXXXX */
+    ias = si->issuer_and_serial;
+
+    x509 = X509_find_by_issuer_and_serial(cert, ias->issuer, ias->serial);
+
+    /* were we able to find the cert in passed to us */
+    if (x509 == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,
+                 PKCS7_R_UNABLE_TO_FIND_CERTIFICATE);
+        goto err;
+    }
+
+    /* Lets verify */
+    if (!X509_STORE_CTX_init(ctx, cert_store, x509, cert)) {
+        PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, ERR_R_X509_LIB);
+        goto err;
+    }
+    X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN);
+    i = X509_verify_cert(ctx);
+    if (i <= 0) {
+        PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, ERR_R_X509_LIB);
+        X509_STORE_CTX_cleanup(ctx);
+        goto err;
+    }
+    X509_STORE_CTX_cleanup(ctx);
+
+    return PKCS7_signatureVerify(bio, p7, si, x509);
+ err:
+    return ret;
+}
+
+int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
+                          X509 *x509)
+{
+    ASN1_OCTET_STRING *os;
+    EVP_MD_CTX *mdc_tmp, *mdc;
+    int ret = 0, i;
+    int md_type;
+    STACK_OF(X509_ATTRIBUTE) *sk;
+    BIO *btmp;
+    EVP_PKEY *pkey;
+
+    mdc_tmp = EVP_MD_CTX_new();
+    if (mdc_tmp == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (!PKCS7_type_is_signed(p7) && !PKCS7_type_is_signedAndEnveloped(p7)) {
+        PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_WRONG_PKCS7_TYPE);
+        goto err;
+    }
+
+    md_type = OBJ_obj2nid(si->digest_alg->algorithm);
+
+    btmp = bio;
+    for (;;) {
+        if ((btmp == NULL) ||
+            ((btmp = BIO_find_type(btmp, BIO_TYPE_MD)) == NULL)) {
+            PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
+                     PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
+            goto err;
+        }
+        BIO_get_md_ctx(btmp, &mdc);
+        if (mdc == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        if (EVP_MD_CTX_type(mdc) == md_type)
+            break;
+        /*
+         * Workaround for some broken clients that put the signature OID
+         * instead of the digest OID in digest_alg->algorithm
+         */
+        if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type)
+            break;
+        btmp = BIO_next(btmp);
+    }
+
+    /*
+     * mdc is the digest ctx that we want, unless there are attributes, in
+     * which case the digest is the signed attributes
+     */
+    if (!EVP_MD_CTX_copy_ex(mdc_tmp, mdc))
+        goto err;
+
+    sk = si->auth_attr;
+    if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) {
+        unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL;
+        unsigned int md_len;
+        int alen;
+        ASN1_OCTET_STRING *message_digest;
+
+        if (!EVP_DigestFinal_ex(mdc_tmp, md_dat, &md_len))
+            goto err;
+        message_digest = PKCS7_digest_from_attributes(sk);
+        if (!message_digest) {
+            PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
+                     PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
+            goto err;
+        }
+        if ((message_digest->length != (int)md_len) ||
+            (memcmp(message_digest->data, md_dat, md_len))) {
+            PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_DIGEST_FAILURE);
+            ret = -1;
+            goto err;
+        }
+
+        if (!EVP_VerifyInit_ex(mdc_tmp, EVP_get_digestbynid(md_type), NULL))
+            goto err;
+
+        alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf,
+                             ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY));
+        if (alen <= 0) {
+            PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, ERR_R_ASN1_LIB);
+            ret = -1;
+            goto err;
+        }
+        if (!EVP_VerifyUpdate(mdc_tmp, abuf, alen))
+            goto err;
+
+        OPENSSL_free(abuf);
+    }
+
+    os = si->enc_digest;
+    pkey = X509_get0_pubkey(x509);
+    if (!pkey) {
+        ret = -1;
+        goto err;
+    }
+
+    i = EVP_VerifyFinal(mdc_tmp, os->data, os->length, pkey);
+    if (i <= 0) {
+        PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_SIGNATURE_FAILURE);
+        ret = -1;
+        goto err;
+    }
+    ret = 1;
+ err:
+    EVP_MD_CTX_free(mdc_tmp);
+    return ret;
+}
+
+PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx)
+{
+    STACK_OF(PKCS7_RECIP_INFO) *rsk;
+    PKCS7_RECIP_INFO *ri;
+    int i;
+
+    i = OBJ_obj2nid(p7->type);
+    if (i != NID_pkcs7_signedAndEnveloped)
+        return NULL;
+    if (p7->d.signed_and_enveloped == NULL)
+        return NULL;
+    rsk = p7->d.signed_and_enveloped->recipientinfo;
+    if (rsk == NULL)
+        return NULL;
+    if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx)
+        return NULL;
+    ri = sk_PKCS7_RECIP_INFO_value(rsk, idx);
+    return ri->issuer_and_serial;
+}
+
+ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid)
+{
+    return get_attribute(si->auth_attr, nid);
+}
+
+ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid)
+{
+    return get_attribute(si->unauth_attr, nid);
+}
+
+static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid)
+{
+    int idx;
+    X509_ATTRIBUTE *xa;
+    idx = X509at_get_attr_by_NID(sk, nid, -1);
+    xa = X509at_get_attr(sk, idx);
+    return X509_ATTRIBUTE_get0_type(xa, 0);
+}
+
+ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk)
+{
+    ASN1_TYPE *astype;
+    if ((astype = get_attribute(sk, NID_pkcs9_messageDigest)) == NULL)
+        return NULL;
+    return astype->value.octet_string;
+}
+
+int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
+                                STACK_OF(X509_ATTRIBUTE) *sk)
+{
+    int i;
+
+    sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr, X509_ATTRIBUTE_free);
+    p7si->auth_attr = sk_X509_ATTRIBUTE_dup(sk);
+    if (p7si->auth_attr == NULL)
+        return 0;
+    for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
+        if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr, i,
+                                   X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value
+                                                      (sk, i))))
+            == NULL)
+            return 0;
+    }
+    return 1;
+}
+
+int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,
+                         STACK_OF(X509_ATTRIBUTE) *sk)
+{
+    int i;
+
+    sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr, X509_ATTRIBUTE_free);
+    p7si->unauth_attr = sk_X509_ATTRIBUTE_dup(sk);
+    if (p7si->unauth_attr == NULL)
+        return 0;
+    for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
+        if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr, i,
+                                   X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value
+                                                      (sk, i))))
+            == NULL)
+            return 0;
+    }
+    return 1;
+}
+
+int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
+                               void *value)
+{
+    return add_attribute(&(p7si->auth_attr), nid, atrtype, value);
+}
+
+int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
+                        void *value)
+{
+    return add_attribute(&(p7si->unauth_attr), nid, atrtype, value);
+}
+
+static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
+                         void *value)
+{
+    X509_ATTRIBUTE *attr = NULL;
+
+    if (*sk == NULL) {
+        if ((*sk = sk_X509_ATTRIBUTE_new_null()) == NULL)
+            return 0;
+ new_attrib:
+        if ((attr = X509_ATTRIBUTE_create(nid, atrtype, value)) == NULL)
+            return 0;
+        if (!sk_X509_ATTRIBUTE_push(*sk, attr)) {
+            X509_ATTRIBUTE_free(attr);
+            return 0;
+        }
+    } else {
+        int i;
+
+        for (i = 0; i < sk_X509_ATTRIBUTE_num(*sk); i++) {
+            attr = sk_X509_ATTRIBUTE_value(*sk, i);
+            if (OBJ_obj2nid(X509_ATTRIBUTE_get0_object(attr)) == nid) {
+                X509_ATTRIBUTE_free(attr);
+                attr = X509_ATTRIBUTE_create(nid, atrtype, value);
+                if (attr == NULL)
+                    return 0;
+                if (!sk_X509_ATTRIBUTE_set(*sk, i, attr)) {
+                    X509_ATTRIBUTE_free(attr);
+                    return 0;
+                }
+                goto end;
+            }
+        }
+        goto new_attrib;
+    }
+ end:
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs7/pk7_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs7/pk7_lib.c
new file mode 100644
index 000000000..16b76431d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs7/pk7_lib.c
@@ -0,0 +1,588 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
+
+long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
+{
+    int nid;
+    long ret;
+
+    nid = OBJ_obj2nid(p7->type);
+
+    switch (cmd) {
+    /* NOTE(emilia): does not support detached digested data. */
+    case PKCS7_OP_SET_DETACHED_SIGNATURE:
+        if (nid == NID_pkcs7_signed) {
+            ret = p7->detached = (int)larg;
+            if (ret && PKCS7_type_is_data(p7->d.sign->contents)) {
+                ASN1_OCTET_STRING *os;
+                os = p7->d.sign->contents->d.data;
+                ASN1_OCTET_STRING_free(os);
+                p7->d.sign->contents->d.data = NULL;
+            }
+        } else {
+            PKCS7err(PKCS7_F_PKCS7_CTRL,
+                     PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
+            ret = 0;
+        }
+        break;
+    case PKCS7_OP_GET_DETACHED_SIGNATURE:
+        if (nid == NID_pkcs7_signed) {
+            if (!p7->d.sign || !p7->d.sign->contents->d.ptr)
+                ret = 1;
+            else
+                ret = 0;
+
+            p7->detached = ret;
+        } else {
+            PKCS7err(PKCS7_F_PKCS7_CTRL,
+                     PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
+            ret = 0;
+        }
+
+        break;
+    default:
+        PKCS7err(PKCS7_F_PKCS7_CTRL, PKCS7_R_UNKNOWN_OPERATION);
+        ret = 0;
+    }
+    return ret;
+}
+
+int PKCS7_content_new(PKCS7 *p7, int type)
+{
+    PKCS7 *ret = NULL;
+
+    if ((ret = PKCS7_new()) == NULL)
+        goto err;
+    if (!PKCS7_set_type(ret, type))
+        goto err;
+    if (!PKCS7_set_content(p7, ret))
+        goto err;
+
+    return 1;
+ err:
+    PKCS7_free(ret);
+    return 0;
+}
+
+int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data)
+{
+    int i;
+
+    i = OBJ_obj2nid(p7->type);
+    switch (i) {
+    case NID_pkcs7_signed:
+        PKCS7_free(p7->d.sign->contents);
+        p7->d.sign->contents = p7_data;
+        break;
+    case NID_pkcs7_digest:
+        PKCS7_free(p7->d.digest->contents);
+        p7->d.digest->contents = p7_data;
+        break;
+    case NID_pkcs7_data:
+    case NID_pkcs7_enveloped:
+    case NID_pkcs7_signedAndEnveloped:
+    case NID_pkcs7_encrypted:
+    default:
+        PKCS7err(PKCS7_F_PKCS7_SET_CONTENT, PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+        goto err;
+    }
+    return 1;
+ err:
+    return 0;
+}
+
+int PKCS7_set_type(PKCS7 *p7, int type)
+{
+    ASN1_OBJECT *obj;
+
+    /*
+     * PKCS7_content_free(p7);
+     */
+    obj = OBJ_nid2obj(type);    /* will not fail */
+
+    switch (type) {
+    case NID_pkcs7_signed:
+        p7->type = obj;
+        if ((p7->d.sign = PKCS7_SIGNED_new()) == NULL)
+            goto err;
+        if (!ASN1_INTEGER_set(p7->d.sign->version, 1)) {
+            PKCS7_SIGNED_free(p7->d.sign);
+            p7->d.sign = NULL;
+            goto err;
+        }
+        break;
+    case NID_pkcs7_data:
+        p7->type = obj;
+        if ((p7->d.data = ASN1_OCTET_STRING_new()) == NULL)
+            goto err;
+        break;
+    case NID_pkcs7_signedAndEnveloped:
+        p7->type = obj;
+        if ((p7->d.signed_and_enveloped = PKCS7_SIGN_ENVELOPE_new())
+            == NULL)
+            goto err;
+        if (!ASN1_INTEGER_set(p7->d.signed_and_enveloped->version, 1))
+            goto err;
+        p7->d.signed_and_enveloped->enc_data->content_type
+            = OBJ_nid2obj(NID_pkcs7_data);
+        break;
+    case NID_pkcs7_enveloped:
+        p7->type = obj;
+        if ((p7->d.enveloped = PKCS7_ENVELOPE_new())
+            == NULL)
+            goto err;
+        if (!ASN1_INTEGER_set(p7->d.enveloped->version, 0))
+            goto err;
+        p7->d.enveloped->enc_data->content_type = OBJ_nid2obj(NID_pkcs7_data);
+        break;
+    case NID_pkcs7_encrypted:
+        p7->type = obj;
+        if ((p7->d.encrypted = PKCS7_ENCRYPT_new())
+            == NULL)
+            goto err;
+        if (!ASN1_INTEGER_set(p7->d.encrypted->version, 0))
+            goto err;
+        p7->d.encrypted->enc_data->content_type = OBJ_nid2obj(NID_pkcs7_data);
+        break;
+
+    case NID_pkcs7_digest:
+        p7->type = obj;
+        if ((p7->d.digest = PKCS7_DIGEST_new())
+            == NULL)
+            goto err;
+        if (!ASN1_INTEGER_set(p7->d.digest->version, 0))
+            goto err;
+        break;
+    default:
+        PKCS7err(PKCS7_F_PKCS7_SET_TYPE, PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+        goto err;
+    }
+    return 1;
+ err:
+    return 0;
+}
+
+int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other)
+{
+    p7->type = OBJ_nid2obj(type);
+    p7->d.other = other;
+    return 1;
+}
+
+int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi)
+{
+    int i, j, nid;
+    X509_ALGOR *alg;
+    STACK_OF(PKCS7_SIGNER_INFO) *signer_sk;
+    STACK_OF(X509_ALGOR) *md_sk;
+
+    i = OBJ_obj2nid(p7->type);
+    switch (i) {
+    case NID_pkcs7_signed:
+        signer_sk = p7->d.sign->signer_info;
+        md_sk = p7->d.sign->md_algs;
+        break;
+    case NID_pkcs7_signedAndEnveloped:
+        signer_sk = p7->d.signed_and_enveloped->signer_info;
+        md_sk = p7->d.signed_and_enveloped->md_algs;
+        break;
+    default:
+        PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER, PKCS7_R_WRONG_CONTENT_TYPE);
+        return 0;
+    }
+
+    nid = OBJ_obj2nid(psi->digest_alg->algorithm);
+
+    /* If the digest is not currently listed, add it */
+    j = 0;
+    for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) {
+        alg = sk_X509_ALGOR_value(md_sk, i);
+        if (OBJ_obj2nid(alg->algorithm) == nid) {
+            j = 1;
+            break;
+        }
+    }
+    if (!j) {                   /* we need to add another algorithm */
+        if ((alg = X509_ALGOR_new()) == NULL
+            || (alg->parameter = ASN1_TYPE_new()) == NULL) {
+            X509_ALGOR_free(alg);
+            PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        alg->algorithm = OBJ_nid2obj(nid);
+        alg->parameter->type = V_ASN1_NULL;
+        if (!sk_X509_ALGOR_push(md_sk, alg)) {
+            X509_ALGOR_free(alg);
+            return 0;
+        }
+    }
+
+    if (!sk_PKCS7_SIGNER_INFO_push(signer_sk, psi))
+        return 0;
+    return 1;
+}
+
+int PKCS7_add_certificate(PKCS7 *p7, X509 *x509)
+{
+    int i;
+    STACK_OF(X509) **sk;
+
+    i = OBJ_obj2nid(p7->type);
+    switch (i) {
+    case NID_pkcs7_signed:
+        sk = &(p7->d.sign->cert);
+        break;
+    case NID_pkcs7_signedAndEnveloped:
+        sk = &(p7->d.signed_and_enveloped->cert);
+        break;
+    default:
+        PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE, PKCS7_R_WRONG_CONTENT_TYPE);
+        return 0;
+    }
+
+    if (*sk == NULL)
+        *sk = sk_X509_new_null();
+    if (*sk == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    X509_up_ref(x509);
+    if (!sk_X509_push(*sk, x509)) {
+        X509_free(x509);
+        return 0;
+    }
+    return 1;
+}
+
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl)
+{
+    int i;
+    STACK_OF(X509_CRL) **sk;
+
+    i = OBJ_obj2nid(p7->type);
+    switch (i) {
+    case NID_pkcs7_signed:
+        sk = &(p7->d.sign->crl);
+        break;
+    case NID_pkcs7_signedAndEnveloped:
+        sk = &(p7->d.signed_and_enveloped->crl);
+        break;
+    default:
+        PKCS7err(PKCS7_F_PKCS7_ADD_CRL, PKCS7_R_WRONG_CONTENT_TYPE);
+        return 0;
+    }
+
+    if (*sk == NULL)
+        *sk = sk_X509_CRL_new_null();
+    if (*sk == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_ADD_CRL, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    X509_CRL_up_ref(crl);
+    if (!sk_X509_CRL_push(*sk, crl)) {
+        X509_CRL_free(crl);
+        return 0;
+    }
+    return 1;
+}
+
+int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
+                          const EVP_MD *dgst)
+{
+    int ret;
+
+    /* We now need to add another PKCS7_SIGNER_INFO entry */
+    if (!ASN1_INTEGER_set(p7i->version, 1))
+        goto err;
+    if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
+                       X509_get_issuer_name(x509)))
+        goto err;
+
+    /*
+     * because ASN1_INTEGER_set is used to set a 'long' we will do things the
+     * ugly way.
+     */
+    ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
+    if (!(p7i->issuer_and_serial->serial =
+          ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
+        goto err;
+
+    /* lets keep the pkey around for a while */
+    EVP_PKEY_up_ref(pkey);
+    p7i->pkey = pkey;
+
+    /* Set the algorithms */
+
+    X509_ALGOR_set0(p7i->digest_alg, OBJ_nid2obj(EVP_MD_type(dgst)),
+                    V_ASN1_NULL, NULL);
+
+    if (pkey->ameth && pkey->ameth->pkey_ctrl) {
+        ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_SIGN, 0, p7i);
+        if (ret > 0)
+            return 1;
+        if (ret != -2) {
+            PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET,
+                     PKCS7_R_SIGNING_CTRL_FAILURE);
+            return 0;
+        }
+    }
+    PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET,
+             PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+ err:
+    return 0;
+}
+
+PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey,
+                                       const EVP_MD *dgst)
+{
+    PKCS7_SIGNER_INFO *si = NULL;
+
+    if (dgst == NULL) {
+        int def_nid;
+        if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0)
+            goto err;
+        dgst = EVP_get_digestbynid(def_nid);
+        if (dgst == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_ADD_SIGNATURE, PKCS7_R_NO_DEFAULT_DIGEST);
+            goto err;
+        }
+    }
+
+    if ((si = PKCS7_SIGNER_INFO_new()) == NULL)
+        goto err;
+    if (!PKCS7_SIGNER_INFO_set(si, x509, pkey, dgst))
+        goto err;
+    if (!PKCS7_add_signer(p7, si))
+        goto err;
+    return si;
+ err:
+    PKCS7_SIGNER_INFO_free(si);
+    return NULL;
+}
+
+int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md)
+{
+    if (PKCS7_type_is_digest(p7)) {
+        if ((p7->d.digest->md->parameter = ASN1_TYPE_new()) == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_SET_DIGEST, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        p7->d.digest->md->parameter->type = V_ASN1_NULL;
+        p7->d.digest->md->algorithm = OBJ_nid2obj(EVP_MD_nid(md));
+        return 1;
+    }
+
+    PKCS7err(PKCS7_F_PKCS7_SET_DIGEST, PKCS7_R_WRONG_CONTENT_TYPE);
+    return 1;
+}
+
+STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
+{
+    if (p7 == NULL || p7->d.ptr == NULL)
+        return NULL;
+    if (PKCS7_type_is_signed(p7)) {
+        return p7->d.sign->signer_info;
+    } else if (PKCS7_type_is_signedAndEnveloped(p7)) {
+        return p7->d.signed_and_enveloped->signer_info;
+    } else
+        return NULL;
+}
+
+void PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk,
+                                 X509_ALGOR **pdig, X509_ALGOR **psig)
+{
+    if (pk)
+        *pk = si->pkey;
+    if (pdig)
+        *pdig = si->digest_alg;
+    if (psig)
+        *psig = si->digest_enc_alg;
+}
+
+void PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc)
+{
+    if (penc)
+        *penc = ri->key_enc_algor;
+}
+
+PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509)
+{
+    PKCS7_RECIP_INFO *ri;
+
+    if ((ri = PKCS7_RECIP_INFO_new()) == NULL)
+        goto err;
+    if (!PKCS7_RECIP_INFO_set(ri, x509))
+        goto err;
+    if (!PKCS7_add_recipient_info(p7, ri))
+        goto err;
+    return ri;
+ err:
+    PKCS7_RECIP_INFO_free(ri);
+    return NULL;
+}
+
+int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri)
+{
+    int i;
+    STACK_OF(PKCS7_RECIP_INFO) *sk;
+
+    i = OBJ_obj2nid(p7->type);
+    switch (i) {
+    case NID_pkcs7_signedAndEnveloped:
+        sk = p7->d.signed_and_enveloped->recipientinfo;
+        break;
+    case NID_pkcs7_enveloped:
+        sk = p7->d.enveloped->recipientinfo;
+        break;
+    default:
+        PKCS7err(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,
+                 PKCS7_R_WRONG_CONTENT_TYPE);
+        return 0;
+    }
+
+    if (!sk_PKCS7_RECIP_INFO_push(sk, ri))
+        return 0;
+    return 1;
+}
+
+int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
+{
+    int ret;
+    EVP_PKEY *pkey = NULL;
+    if (!ASN1_INTEGER_set(p7i->version, 0))
+        return 0;
+    if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
+                       X509_get_issuer_name(x509)))
+        return 0;
+
+    ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
+    if (!(p7i->issuer_and_serial->serial =
+          ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
+        return 0;
+
+    pkey = X509_get0_pubkey(x509);
+
+    if (!pkey || !pkey->ameth || !pkey->ameth->pkey_ctrl) {
+        PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
+                 PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+        goto err;
+    }
+
+    ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_ENCRYPT, 0, p7i);
+    if (ret == -2) {
+        PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
+                 PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+        goto err;
+    }
+    if (ret <= 0) {
+        PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
+                 PKCS7_R_ENCRYPTION_CTRL_FAILURE);
+        goto err;
+    }
+
+    X509_up_ref(x509);
+    p7i->cert = x509;
+
+    return 1;
+
+ err:
+    return 0;
+}
+
+X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
+{
+    if (PKCS7_type_is_signed(p7))
+        return (X509_find_by_issuer_and_serial(p7->d.sign->cert,
+                                               si->issuer_and_serial->issuer,
+                                               si->
+                                               issuer_and_serial->serial));
+    else
+        return NULL;
+}
+
+int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher)
+{
+    int i;
+    PKCS7_ENC_CONTENT *ec;
+
+    i = OBJ_obj2nid(p7->type);
+    switch (i) {
+    case NID_pkcs7_signedAndEnveloped:
+        ec = p7->d.signed_and_enveloped->enc_data;
+        break;
+    case NID_pkcs7_enveloped:
+        ec = p7->d.enveloped->enc_data;
+        break;
+    default:
+        PKCS7err(PKCS7_F_PKCS7_SET_CIPHER, PKCS7_R_WRONG_CONTENT_TYPE);
+        return 0;
+    }
+
+    /* Check cipher OID exists and has data in it */
+    i = EVP_CIPHER_type(cipher);
+    if (i == NID_undef) {
+        PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,
+                 PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
+        return 0;
+    }
+
+    ec->cipher = cipher;
+    return 1;
+}
+
+int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7)
+{
+    ASN1_OCTET_STRING *os = NULL;
+
+    switch (OBJ_obj2nid(p7->type)) {
+    case NID_pkcs7_data:
+        os = p7->d.data;
+        break;
+
+    case NID_pkcs7_signedAndEnveloped:
+        os = p7->d.signed_and_enveloped->enc_data->enc_data;
+        if (os == NULL) {
+            os = ASN1_OCTET_STRING_new();
+            p7->d.signed_and_enveloped->enc_data->enc_data = os;
+        }
+        break;
+
+    case NID_pkcs7_enveloped:
+        os = p7->d.enveloped->enc_data->enc_data;
+        if (os == NULL) {
+            os = ASN1_OCTET_STRING_new();
+            p7->d.enveloped->enc_data->enc_data = os;
+        }
+        break;
+
+    case NID_pkcs7_signed:
+        os = p7->d.sign->contents->d.data;
+        break;
+
+    default:
+        os = NULL;
+        break;
+    }
+
+    if (os == NULL)
+        return 0;
+
+    os->flags |= ASN1_STRING_FLAG_NDEF;
+    *boundary = &os->data;
+
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs7/pk7_mime.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs7/pk7_mime.c
new file mode 100644
index 000000000..19e686814
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs7/pk7_mime.c
@@ -0,0 +1,48 @@
+/*
+ * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+
+/* PKCS#7 wrappers round generalised stream and MIME routines */
+
+int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags)
+{
+    return i2d_ASN1_bio_stream(out, (ASN1_VALUE *)p7, in, flags,
+                               ASN1_ITEM_rptr(PKCS7));
+}
+
+int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags)
+{
+    return PEM_write_bio_ASN1_stream(out, (ASN1_VALUE *)p7, in, flags,
+                                     "PKCS7", ASN1_ITEM_rptr(PKCS7));
+}
+
+int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
+{
+    STACK_OF(X509_ALGOR) *mdalgs;
+    int ctype_nid = OBJ_obj2nid(p7->type);
+    if (ctype_nid == NID_pkcs7_signed)
+        mdalgs = p7->d.sign->md_algs;
+    else
+        mdalgs = NULL;
+
+    flags ^= SMIME_OLDMIME;
+
+    return SMIME_write_ASN1(bio, (ASN1_VALUE *)p7, data, flags,
+                            ctype_nid, NID_undef, mdalgs,
+                            ASN1_ITEM_rptr(PKCS7));
+}
+
+PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont)
+{
+    return (PKCS7 *)SMIME_read_ASN1(bio, bcont, ASN1_ITEM_rptr(PKCS7));
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs7/pk7_smime.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs7/pk7_smime.c
new file mode 100644
index 000000000..44187230e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs7/pk7_smime.c
@@ -0,0 +1,549 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Simple PKCS#7 processing functions */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+
+#define BUFFERSIZE 4096
+
+static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si);
+
+PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
+                  BIO *data, int flags)
+{
+    PKCS7 *p7;
+    int i;
+
+    if ((p7 = PKCS7_new()) == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_SIGN, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if (!PKCS7_set_type(p7, NID_pkcs7_signed))
+        goto err;
+
+    if (!PKCS7_content_new(p7, NID_pkcs7_data))
+        goto err;
+
+    if (pkey && !PKCS7_sign_add_signer(p7, signcert, pkey, NULL, flags)) {
+        PKCS7err(PKCS7_F_PKCS7_SIGN, PKCS7_R_PKCS7_ADD_SIGNER_ERROR);
+        goto err;
+    }
+
+    if (!(flags & PKCS7_NOCERTS)) {
+        for (i = 0; i < sk_X509_num(certs); i++) {
+            if (!PKCS7_add_certificate(p7, sk_X509_value(certs, i)))
+                goto err;
+        }
+    }
+
+    if (flags & PKCS7_DETACHED)
+        PKCS7_set_detached(p7, 1);
+
+    if (flags & (PKCS7_STREAM | PKCS7_PARTIAL))
+        return p7;
+
+    if (PKCS7_final(p7, data, flags))
+        return p7;
+
+ err:
+    PKCS7_free(p7);
+    return NULL;
+}
+
+int PKCS7_final(PKCS7 *p7, BIO *data, int flags)
+{
+    BIO *p7bio;
+    int ret = 0;
+
+    if ((p7bio = PKCS7_dataInit(p7, NULL)) == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_FINAL, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    SMIME_crlf_copy(data, p7bio, flags);
+
+    (void)BIO_flush(p7bio);
+
+    if (!PKCS7_dataFinal(p7, p7bio)) {
+        PKCS7err(PKCS7_F_PKCS7_FINAL, PKCS7_R_PKCS7_DATASIGN);
+        goto err;
+    }
+
+    ret = 1;
+
+ err:
+    BIO_free_all(p7bio);
+
+    return ret;
+
+}
+
+/* Check to see if a cipher exists and if so add S/MIME capabilities */
+
+static int add_cipher_smcap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
+{
+    if (EVP_get_cipherbynid(nid))
+        return PKCS7_simple_smimecap(sk, nid, arg);
+    return 1;
+}
+
+static int add_digest_smcap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
+{
+    if (EVP_get_digestbynid(nid))
+        return PKCS7_simple_smimecap(sk, nid, arg);
+    return 1;
+}
+
+PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert,
+                                         EVP_PKEY *pkey, const EVP_MD *md,
+                                         int flags)
+{
+    PKCS7_SIGNER_INFO *si = NULL;
+    STACK_OF(X509_ALGOR) *smcap = NULL;
+    if (!X509_check_private_key(signcert, pkey)) {
+        PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER,
+                 PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+        return NULL;
+    }
+
+    if ((si = PKCS7_add_signature(p7, signcert, pkey, md)) == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER,
+                 PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
+        return NULL;
+    }
+
+    if (!(flags & PKCS7_NOCERTS)) {
+        if (!PKCS7_add_certificate(p7, signcert))
+            goto err;
+    }
+
+    if (!(flags & PKCS7_NOATTR)) {
+        if (!PKCS7_add_attrib_content_type(si, NULL))
+            goto err;
+        /* Add SMIMECapabilities */
+        if (!(flags & PKCS7_NOSMIMECAP)) {
+            if ((smcap = sk_X509_ALGOR_new_null()) == NULL) {
+                PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            if (!add_cipher_smcap(smcap, NID_aes_256_cbc, -1)
+                || !add_digest_smcap(smcap, NID_id_GostR3411_2012_256, -1)
+                || !add_digest_smcap(smcap, NID_id_GostR3411_2012_512, -1)
+                || !add_digest_smcap(smcap, NID_id_GostR3411_94, -1)
+                || !add_cipher_smcap(smcap, NID_id_Gost28147_89, -1)
+                || !add_cipher_smcap(smcap, NID_aes_192_cbc, -1)
+                || !add_cipher_smcap(smcap, NID_aes_128_cbc, -1)
+                || !add_cipher_smcap(smcap, NID_des_ede3_cbc, -1)
+                || !add_cipher_smcap(smcap, NID_rc2_cbc, 128)
+                || !add_cipher_smcap(smcap, NID_rc2_cbc, 64)
+                || !add_cipher_smcap(smcap, NID_des_cbc, -1)
+                || !add_cipher_smcap(smcap, NID_rc2_cbc, 40)
+                || !PKCS7_add_attrib_smimecap(si, smcap))
+                goto err;
+            sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
+            smcap = NULL;
+        }
+        if (flags & PKCS7_REUSE_DIGEST) {
+            if (!pkcs7_copy_existing_digest(p7, si))
+                goto err;
+            if (!(flags & PKCS7_PARTIAL) && !PKCS7_SIGNER_INFO_sign(si))
+                goto err;
+        }
+    }
+    return si;
+ err:
+    sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
+    return NULL;
+}
+
+/*
+ * Search for a digest matching SignerInfo digest type and if found copy
+ * across.
+ */
+
+static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
+{
+    int i;
+    STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
+    PKCS7_SIGNER_INFO *sitmp;
+    ASN1_OCTET_STRING *osdig = NULL;
+    sinfos = PKCS7_get_signer_info(p7);
+    for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) {
+        sitmp = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
+        if (si == sitmp)
+            break;
+        if (sk_X509_ATTRIBUTE_num(sitmp->auth_attr) <= 0)
+            continue;
+        if (!OBJ_cmp(si->digest_alg->algorithm, sitmp->digest_alg->algorithm)) {
+            osdig = PKCS7_digest_from_attributes(sitmp->auth_attr);
+            break;
+        }
+
+    }
+
+    if (osdig)
+        return PKCS7_add1_attrib_digest(si, osdig->data, osdig->length);
+
+    PKCS7err(PKCS7_F_PKCS7_COPY_EXISTING_DIGEST,
+             PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND);
+    return 0;
+}
+
+int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
+                 BIO *indata, BIO *out, int flags)
+{
+    STACK_OF(X509) *signers;
+    X509 *signer;
+    STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
+    PKCS7_SIGNER_INFO *si;
+    X509_STORE_CTX *cert_ctx = NULL;
+    char *buf = NULL;
+    int i, j = 0, k, ret = 0;
+    BIO *p7bio = NULL;
+    BIO *tmpin = NULL, *tmpout = NULL;
+
+    if (!p7) {
+        PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_INVALID_NULL_POINTER);
+        return 0;
+    }
+
+    if (!PKCS7_type_is_signed(p7)) {
+        PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_WRONG_CONTENT_TYPE);
+        return 0;
+    }
+
+    /* Check for no data and no content: no data to verify signature */
+    if (PKCS7_get_detached(p7) && !indata) {
+        PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_CONTENT);
+        return 0;
+    }
+
+    if (flags & PKCS7_NO_DUAL_CONTENT) {
+        /*
+         * This was originally "#if 0" because we thought that only old broken
+         * Netscape did this.  It turns out that Authenticode uses this kind
+         * of "extended" PKCS7 format, and things like UEFI secure boot and
+         * tools like osslsigncode need it.  In Authenticode the verification
+         * process is different, but the existing PKCs7 verification works.
+         */
+        if (!PKCS7_get_detached(p7) && indata) {
+            PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CONTENT_AND_DATA_PRESENT);
+            return 0;
+        }
+    }
+
+    sinfos = PKCS7_get_signer_info(p7);
+
+    if (!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) {
+        PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_SIGNATURES_ON_DATA);
+        return 0;
+    }
+
+    signers = PKCS7_get0_signers(p7, certs, flags);
+    if (!signers)
+        return 0;
+
+    /* Now verify the certificates */
+
+    cert_ctx = X509_STORE_CTX_new();
+    if (cert_ctx == NULL)
+        goto err;
+    if (!(flags & PKCS7_NOVERIFY))
+        for (k = 0; k < sk_X509_num(signers); k++) {
+            signer = sk_X509_value(signers, k);
+            if (!(flags & PKCS7_NOCHAIN)) {
+                if (!X509_STORE_CTX_init(cert_ctx, store, signer,
+                                         p7->d.sign->cert)) {
+                    PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_X509_LIB);
+                    goto err;
+                }
+                X509_STORE_CTX_set_default(cert_ctx, "smime_sign");
+            } else if (!X509_STORE_CTX_init(cert_ctx, store, signer, NULL)) {
+                PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_X509_LIB);
+                goto err;
+            }
+            if (!(flags & PKCS7_NOCRL))
+                X509_STORE_CTX_set0_crls(cert_ctx, p7->d.sign->crl);
+            i = X509_verify_cert(cert_ctx);
+            if (i <= 0)
+                j = X509_STORE_CTX_get_error(cert_ctx);
+            X509_STORE_CTX_cleanup(cert_ctx);
+            if (i <= 0) {
+                PKCS7err(PKCS7_F_PKCS7_VERIFY,
+                         PKCS7_R_CERTIFICATE_VERIFY_ERROR);
+                ERR_add_error_data(2, "Verify error:",
+                                   X509_verify_cert_error_string(j));
+                goto err;
+            }
+            /* Check for revocation status here */
+        }
+
+    /*
+     * Performance optimization: if the content is a memory BIO then store
+     * its contents in a temporary read only memory BIO. This avoids
+     * potentially large numbers of slow copies of data which will occur when
+     * reading from a read write memory BIO when signatures are calculated.
+     */
+
+    if (indata && (BIO_method_type(indata) == BIO_TYPE_MEM)) {
+        char *ptr;
+        long len;
+        len = BIO_get_mem_data(indata, &ptr);
+        tmpin = BIO_new_mem_buf(ptr, len);
+        if (tmpin == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    } else
+        tmpin = indata;
+
+    if ((p7bio = PKCS7_dataInit(p7, tmpin)) == NULL)
+        goto err;
+
+    if (flags & PKCS7_TEXT) {
+        if ((tmpout = BIO_new(BIO_s_mem())) == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        BIO_set_mem_eof_return(tmpout, 0);
+    } else
+        tmpout = out;
+
+    /* We now have to 'read' from p7bio to calculate digests etc. */
+    if ((buf = OPENSSL_malloc(BUFFERSIZE)) == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    for (;;) {
+        i = BIO_read(p7bio, buf, BUFFERSIZE);
+        if (i <= 0)
+            break;
+        if (tmpout)
+            BIO_write(tmpout, buf, i);
+    }
+
+    if (flags & PKCS7_TEXT) {
+        if (!SMIME_text(tmpout, out)) {
+            PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_SMIME_TEXT_ERROR);
+            BIO_free(tmpout);
+            goto err;
+        }
+        BIO_free(tmpout);
+    }
+
+    /* Now Verify All Signatures */
+    if (!(flags & PKCS7_NOSIGS))
+        for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) {
+            si = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
+            signer = sk_X509_value(signers, i);
+            j = PKCS7_signatureVerify(p7bio, p7, si, signer);
+            if (j <= 0) {
+                PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_SIGNATURE_FAILURE);
+                goto err;
+            }
+        }
+
+    ret = 1;
+
+ err:
+    X509_STORE_CTX_free(cert_ctx);
+    OPENSSL_free(buf);
+    if (tmpin == indata) {
+        if (indata)
+            BIO_pop(p7bio);
+    }
+    BIO_free_all(p7bio);
+    sk_X509_free(signers);
+    return ret;
+}
+
+STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs,
+                                   int flags)
+{
+    STACK_OF(X509) *signers;
+    STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
+    PKCS7_SIGNER_INFO *si;
+    PKCS7_ISSUER_AND_SERIAL *ias;
+    X509 *signer;
+    int i;
+
+    if (!p7) {
+        PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, PKCS7_R_INVALID_NULL_POINTER);
+        return NULL;
+    }
+
+    if (!PKCS7_type_is_signed(p7)) {
+        PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, PKCS7_R_WRONG_CONTENT_TYPE);
+        return NULL;
+    }
+
+    /* Collect all the signers together */
+
+    sinfos = PKCS7_get_signer_info(p7);
+
+    if (sk_PKCS7_SIGNER_INFO_num(sinfos) <= 0) {
+        PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, PKCS7_R_NO_SIGNERS);
+        return 0;
+    }
+
+    if ((signers = sk_X509_new_null()) == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) {
+        si = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
+        ias = si->issuer_and_serial;
+        signer = NULL;
+        /* If any certificates passed they take priority */
+        if (certs)
+            signer = X509_find_by_issuer_and_serial(certs,
+                                                    ias->issuer, ias->serial);
+        if (!signer && !(flags & PKCS7_NOINTERN)
+            && p7->d.sign->cert)
+            signer =
+                X509_find_by_issuer_and_serial(p7->d.sign->cert,
+                                               ias->issuer, ias->serial);
+        if (!signer) {
+            PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,
+                     PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND);
+            sk_X509_free(signers);
+            return 0;
+        }
+
+        if (!sk_X509_push(signers, signer)) {
+            sk_X509_free(signers);
+            return NULL;
+        }
+    }
+    return signers;
+}
+
+/* Build a complete PKCS#7 enveloped data */
+
+PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
+                     int flags)
+{
+    PKCS7 *p7;
+    BIO *p7bio = NULL;
+    int i;
+    X509 *x509;
+    if ((p7 = PKCS7_new()) == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_ENCRYPT, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if (!PKCS7_set_type(p7, NID_pkcs7_enveloped))
+        goto err;
+    if (!PKCS7_set_cipher(p7, cipher)) {
+        PKCS7err(PKCS7_F_PKCS7_ENCRYPT, PKCS7_R_ERROR_SETTING_CIPHER);
+        goto err;
+    }
+
+    for (i = 0; i < sk_X509_num(certs); i++) {
+        x509 = sk_X509_value(certs, i);
+        if (!PKCS7_add_recipient(p7, x509)) {
+            PKCS7err(PKCS7_F_PKCS7_ENCRYPT, PKCS7_R_ERROR_ADDING_RECIPIENT);
+            goto err;
+        }
+    }
+
+    if (flags & PKCS7_STREAM)
+        return p7;
+
+    if (PKCS7_final(p7, in, flags))
+        return p7;
+
+ err:
+
+    BIO_free_all(p7bio);
+    PKCS7_free(p7);
+    return NULL;
+
+}
+
+int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
+{
+    BIO *tmpmem;
+    int ret = 0, i;
+    char *buf = NULL;
+
+    if (!p7) {
+        PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_INVALID_NULL_POINTER);
+        return 0;
+    }
+
+    if (!PKCS7_type_is_enveloped(p7)) {
+        PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_WRONG_CONTENT_TYPE);
+        return 0;
+    }
+
+    if (cert && !X509_check_private_key(cert, pkey)) {
+        PKCS7err(PKCS7_F_PKCS7_DECRYPT,
+                 PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+        return 0;
+    }
+
+    if ((tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert)) == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_DECRYPT_ERROR);
+        return 0;
+    }
+
+    if (flags & PKCS7_TEXT) {
+        BIO *tmpbuf, *bread;
+        /* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */
+        if ((tmpbuf = BIO_new(BIO_f_buffer())) == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
+            BIO_free_all(tmpmem);
+            return 0;
+        }
+        if ((bread = BIO_push(tmpbuf, tmpmem)) == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
+            BIO_free_all(tmpbuf);
+            BIO_free_all(tmpmem);
+            return 0;
+        }
+        ret = SMIME_text(bread, data);
+        if (ret > 0 && BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) {
+            if (!BIO_get_cipher_status(tmpmem))
+                ret = 0;
+        }
+        BIO_free_all(bread);
+        return ret;
+    }
+    if ((buf = OPENSSL_malloc(BUFFERSIZE)) == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    for (;;) {
+        i = BIO_read(tmpmem, buf, BUFFERSIZE);
+        if (i <= 0) {
+            ret = 1;
+            if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) {
+                if (!BIO_get_cipher_status(tmpmem))
+                    ret = 0;
+            }
+
+            break;
+        }
+        if (BIO_write(data, buf, i) != i) {
+            break;
+        }
+    }
+err:
+    OPENSSL_free(buf);
+    BIO_free_all(tmpmem);
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs7/pkcs7err.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs7/pkcs7err.c
new file mode 100644
index 000000000..07490c1a5
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs7/pkcs7err.c
@@ -0,0 +1,156 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/pkcs7err.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA PKCS7_str_functs[] = {
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, 0),
+     "do_pkcs7_signed_attrib"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME, 0),
+     "PKCS7_add0_attrib_signing_time"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP, 0),
+     "PKCS7_add_attrib_smimecap"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ADD_CERTIFICATE, 0),
+     "PKCS7_add_certificate"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ADD_CRL, 0), "PKCS7_add_crl"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ADD_RECIPIENT_INFO, 0),
+     "PKCS7_add_recipient_info"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ADD_SIGNATURE, 0),
+     "PKCS7_add_signature"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ADD_SIGNER, 0), "PKCS7_add_signer"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_BIO_ADD_DIGEST, 0),
+     "PKCS7_bio_add_digest"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_COPY_EXISTING_DIGEST, 0),
+     "pkcs7_copy_existing_digest"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_CTRL, 0), "PKCS7_ctrl"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_DATADECODE, 0), "PKCS7_dataDecode"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_DATAFINAL, 0), "PKCS7_dataFinal"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_DATAINIT, 0), "PKCS7_dataInit"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_DATAVERIFY, 0), "PKCS7_dataVerify"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_DECRYPT, 0), "PKCS7_decrypt"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_DECRYPT_RINFO, 0),
+     "pkcs7_decrypt_rinfo"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ENCODE_RINFO, 0),
+     "pkcs7_encode_rinfo"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ENCRYPT, 0), "PKCS7_encrypt"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_FINAL, 0), "PKCS7_final"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_FIND_DIGEST, 0),
+     "PKCS7_find_digest"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_GET0_SIGNERS, 0),
+     "PKCS7_get0_signers"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_RECIP_INFO_SET, 0),
+     "PKCS7_RECIP_INFO_set"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SET_CIPHER, 0), "PKCS7_set_cipher"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SET_CONTENT, 0),
+     "PKCS7_set_content"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SET_DIGEST, 0), "PKCS7_set_digest"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SET_TYPE, 0), "PKCS7_set_type"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SIGN, 0), "PKCS7_sign"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SIGNATUREVERIFY, 0),
+     "PKCS7_signatureVerify"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SIGNER_INFO_SET, 0),
+     "PKCS7_SIGNER_INFO_set"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SIGNER_INFO_SIGN, 0),
+     "PKCS7_SIGNER_INFO_sign"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SIGN_ADD_SIGNER, 0),
+     "PKCS7_sign_add_signer"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SIMPLE_SMIMECAP, 0),
+     "PKCS7_simple_smimecap"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_VERIFY, 0), "PKCS7_verify"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA PKCS7_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_CERTIFICATE_VERIFY_ERROR),
+    "certificate verify error"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),
+    "cipher has no object identifier"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_CIPHER_NOT_INITIALIZED),
+    "cipher not initialized"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_CONTENT_AND_DATA_PRESENT),
+    "content and data present"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_CTRL_ERROR), "ctrl error"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_DECRYPT_ERROR), "decrypt error"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_DIGEST_FAILURE), "digest failure"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_ENCRYPTION_CTRL_FAILURE),
+    "encryption ctrl failure"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),
+    "encryption not supported for this key type"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_ERROR_ADDING_RECIPIENT),
+    "error adding recipient"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_ERROR_SETTING_CIPHER),
+    "error setting cipher"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_INVALID_NULL_POINTER),
+    "invalid null pointer"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_INVALID_SIGNED_DATA_TYPE),
+    "invalid signed data type"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_NO_CONTENT), "no content"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_NO_DEFAULT_DIGEST),
+    "no default digest"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND),
+    "no matching digest type found"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE),
+    "no recipient matches certificate"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_NO_SIGNATURES_ON_DATA),
+    "no signatures on data"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_NO_SIGNERS), "no signers"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE),
+    "operation not supported on this type"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR),
+    "pkcs7 add signature error"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_PKCS7_ADD_SIGNER_ERROR),
+    "pkcs7 add signer error"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_PKCS7_DATASIGN), "pkcs7 datasign"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),
+    "private key does not match certificate"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_SIGNATURE_FAILURE),
+    "signature failure"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND),
+    "signer certificate not found"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_SIGNING_CTRL_FAILURE),
+    "signing ctrl failure"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),
+    "signing not supported for this key type"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_SMIME_TEXT_ERROR), "smime text error"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNABLE_TO_FIND_CERTIFICATE),
+    "unable to find certificate"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNABLE_TO_FIND_MEM_BIO),
+    "unable to find mem bio"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST),
+    "unable to find message digest"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNKNOWN_DIGEST_TYPE),
+    "unknown digest type"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNKNOWN_OPERATION),
+    "unknown operation"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNSUPPORTED_CIPHER_TYPE),
+    "unsupported cipher type"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNSUPPORTED_CONTENT_TYPE),
+    "unsupported content type"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_WRONG_CONTENT_TYPE),
+    "wrong content type"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_WRONG_PKCS7_TYPE), "wrong pkcs7 type"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_PKCS7_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(PKCS7_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(PKCS7_str_functs);
+        ERR_load_strings_const(PKCS7_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-armv4.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-armv4.pl
new file mode 100755
index 000000000..5cdb6be05
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-armv4.pl
@@ -0,0 +1,1253 @@
+#! /usr/bin/env perl
+# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+#			IALU(*)/gcc-4.4		NEON
+#
+# ARM11xx(ARMv6)	7.78/+100%		-
+# Cortex-A5		6.35/+130%		3.00
+# Cortex-A8		6.25/+115%		2.36
+# Cortex-A9		5.10/+95%		2.55
+# Cortex-A15		3.85/+85%		1.25(**)
+# Snapdragon S4		5.70/+100%		1.48(**)
+#
+# (*)	this is for -march=armv6, i.e. with bunch of ldrb loading data;
+# (**)	these are trade-off results, they can be improved by ~8% but at
+#	the cost of 15/12% regression on Cortex-A5/A7, it's even possible
+#	to improve Cortex-A9 result, but then A5/A7 loose more than 20%;
+
+$flavour = shift;
+if ($flavour=~/\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; }
+else { while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} }
+
+if ($flavour && $flavour ne "void") {
+    $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+    ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
+    ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
+    die "can't locate arm-xlate.pl";
+
+    open STDOUT,"| \"$^X\" $xlate $flavour $output";
+} else {
+    open STDOUT,">$output";
+}
+
+($ctx,$inp,$len,$padbit)=map("r$_",(0..3));
+
+$code.=<<___;
+#include "arm_arch.h"
+
+.text
+#if defined(__thumb2__)
+.syntax	unified
+.thumb
+#else
+.code	32
+#endif
+
+.globl	poly1305_emit
+.globl	poly1305_blocks
+.globl	poly1305_init
+.type	poly1305_init,%function
+.align	5
+poly1305_init:
+.Lpoly1305_init:
+	stmdb	sp!,{r4-r11}
+
+	eor	r3,r3,r3
+	cmp	$inp,#0
+	str	r3,[$ctx,#0]		@ zero hash value
+	str	r3,[$ctx,#4]
+	str	r3,[$ctx,#8]
+	str	r3,[$ctx,#12]
+	str	r3,[$ctx,#16]
+	str	r3,[$ctx,#36]		@ is_base2_26
+	add	$ctx,$ctx,#20
+
+#ifdef	__thumb2__
+	it	eq
+#endif
+	moveq	r0,#0
+	beq	.Lno_key
+
+#if	__ARM_MAX_ARCH__>=7
+	adr	r11,.Lpoly1305_init
+	ldr	r12,.LOPENSSL_armcap
+#endif
+	ldrb	r4,[$inp,#0]
+	mov	r10,#0x0fffffff
+	ldrb	r5,[$inp,#1]
+	and	r3,r10,#-4		@ 0x0ffffffc
+	ldrb	r6,[$inp,#2]
+	ldrb	r7,[$inp,#3]
+	orr	r4,r4,r5,lsl#8
+	ldrb	r5,[$inp,#4]
+	orr	r4,r4,r6,lsl#16
+	ldrb	r6,[$inp,#5]
+	orr	r4,r4,r7,lsl#24
+	ldrb	r7,[$inp,#6]
+	and	r4,r4,r10
+
+#if	__ARM_MAX_ARCH__>=7
+	ldr	r12,[r11,r12]		@ OPENSSL_armcap_P
+# ifdef	__APPLE__
+	ldr	r12,[r12]
+# endif
+#endif
+	ldrb	r8,[$inp,#7]
+	orr	r5,r5,r6,lsl#8
+	ldrb	r6,[$inp,#8]
+	orr	r5,r5,r7,lsl#16
+	ldrb	r7,[$inp,#9]
+	orr	r5,r5,r8,lsl#24
+	ldrb	r8,[$inp,#10]
+	and	r5,r5,r3
+
+#if	__ARM_MAX_ARCH__>=7
+	tst	r12,#ARMV7_NEON		@ check for NEON
+# ifdef	__APPLE__
+	adr	r9,poly1305_blocks_neon
+	adr	r11,poly1305_blocks
+#  ifdef __thumb2__
+	it	ne
+#  endif
+	movne	r11,r9
+	adr	r12,poly1305_emit
+	adr	r10,poly1305_emit_neon
+#  ifdef __thumb2__
+	it	ne
+#  endif
+	movne	r12,r10
+# else
+#  ifdef __thumb2__
+	itete	eq
+#  endif
+	addeq	r12,r11,#(poly1305_emit-.Lpoly1305_init)
+	addne	r12,r11,#(poly1305_emit_neon-.Lpoly1305_init)
+	addeq	r11,r11,#(poly1305_blocks-.Lpoly1305_init)
+	addne	r11,r11,#(poly1305_blocks_neon-.Lpoly1305_init)
+# endif
+# ifdef	__thumb2__
+	orr	r12,r12,#1	@ thumb-ify address
+	orr	r11,r11,#1
+# endif
+#endif
+	ldrb	r9,[$inp,#11]
+	orr	r6,r6,r7,lsl#8
+	ldrb	r7,[$inp,#12]
+	orr	r6,r6,r8,lsl#16
+	ldrb	r8,[$inp,#13]
+	orr	r6,r6,r9,lsl#24
+	ldrb	r9,[$inp,#14]
+	and	r6,r6,r3
+
+	ldrb	r10,[$inp,#15]
+	orr	r7,r7,r8,lsl#8
+	str	r4,[$ctx,#0]
+	orr	r7,r7,r9,lsl#16
+	str	r5,[$ctx,#4]
+	orr	r7,r7,r10,lsl#24
+	str	r6,[$ctx,#8]
+	and	r7,r7,r3
+	str	r7,[$ctx,#12]
+#if	__ARM_MAX_ARCH__>=7
+	stmia	r2,{r11,r12}		@ fill functions table
+	mov	r0,#1
+#else
+	mov	r0,#0
+#endif
+.Lno_key:
+	ldmia	sp!,{r4-r11}
+#if	__ARM_ARCH__>=5
+	ret				@ bx	lr
+#else
+	tst	lr,#1
+	moveq	pc,lr			@ be binary compatible with V4, yet
+	bx	lr			@ interoperable with Thumb ISA:-)
+#endif
+.size	poly1305_init,.-poly1305_init
+___
+{
+my ($h0,$h1,$h2,$h3,$h4,$r0,$r1,$r2,$r3)=map("r$_",(4..12));
+my ($s1,$s2,$s3)=($r1,$r2,$r3);
+
+$code.=<<___;
+.type	poly1305_blocks,%function
+.align	5
+poly1305_blocks:
+.Lpoly1305_blocks:
+	stmdb	sp!,{r3-r11,lr}
+
+	ands	$len,$len,#-16
+	beq	.Lno_data
+
+	cmp	$padbit,#0
+	add	$len,$len,$inp		@ end pointer
+	sub	sp,sp,#32
+
+	ldmia	$ctx,{$h0-$r3}		@ load context
+
+	str	$ctx,[sp,#12]		@ offload stuff
+	mov	lr,$inp
+	str	$len,[sp,#16]
+	str	$r1,[sp,#20]
+	str	$r2,[sp,#24]
+	str	$r3,[sp,#28]
+	b	.Loop
+
+.Loop:
+#if __ARM_ARCH__<7
+	ldrb	r0,[lr],#16		@ load input
+# ifdef	__thumb2__
+	it	hi
+# endif
+	addhi	$h4,$h4,#1		@ 1<<128
+	ldrb	r1,[lr,#-15]
+	ldrb	r2,[lr,#-14]
+	ldrb	r3,[lr,#-13]
+	orr	r1,r0,r1,lsl#8
+	ldrb	r0,[lr,#-12]
+	orr	r2,r1,r2,lsl#16
+	ldrb	r1,[lr,#-11]
+	orr	r3,r2,r3,lsl#24
+	ldrb	r2,[lr,#-10]
+	adds	$h0,$h0,r3		@ accumulate input
+
+	ldrb	r3,[lr,#-9]
+	orr	r1,r0,r1,lsl#8
+	ldrb	r0,[lr,#-8]
+	orr	r2,r1,r2,lsl#16
+	ldrb	r1,[lr,#-7]
+	orr	r3,r2,r3,lsl#24
+	ldrb	r2,[lr,#-6]
+	adcs	$h1,$h1,r3
+
+	ldrb	r3,[lr,#-5]
+	orr	r1,r0,r1,lsl#8
+	ldrb	r0,[lr,#-4]
+	orr	r2,r1,r2,lsl#16
+	ldrb	r1,[lr,#-3]
+	orr	r3,r2,r3,lsl#24
+	ldrb	r2,[lr,#-2]
+	adcs	$h2,$h2,r3
+
+	ldrb	r3,[lr,#-1]
+	orr	r1,r0,r1,lsl#8
+	str	lr,[sp,#8]		@ offload input pointer
+	orr	r2,r1,r2,lsl#16
+	add	$s1,$r1,$r1,lsr#2
+	orr	r3,r2,r3,lsl#24
+#else
+	ldr	r0,[lr],#16		@ load input
+# ifdef	__thumb2__
+	it	hi
+# endif
+	addhi	$h4,$h4,#1		@ padbit
+	ldr	r1,[lr,#-12]
+	ldr	r2,[lr,#-8]
+	ldr	r3,[lr,#-4]
+# ifdef	__ARMEB__
+	rev	r0,r0
+	rev	r1,r1
+	rev	r2,r2
+	rev	r3,r3
+# endif
+	adds	$h0,$h0,r0		@ accumulate input
+	str	lr,[sp,#8]		@ offload input pointer
+	adcs	$h1,$h1,r1
+	add	$s1,$r1,$r1,lsr#2
+	adcs	$h2,$h2,r2
+#endif
+	add	$s2,$r2,$r2,lsr#2
+	adcs	$h3,$h3,r3
+	add	$s3,$r3,$r3,lsr#2
+
+	umull	r2,r3,$h1,$r0
+	 adc	$h4,$h4,#0
+	umull	r0,r1,$h0,$r0
+	umlal	r2,r3,$h4,$s1
+	umlal	r0,r1,$h3,$s1
+	ldr	$r1,[sp,#20]		@ reload $r1
+	umlal	r2,r3,$h2,$s3
+	umlal	r0,r1,$h1,$s3
+	umlal	r2,r3,$h3,$s2
+	umlal	r0,r1,$h2,$s2
+	umlal	r2,r3,$h0,$r1
+	str	r0,[sp,#0]		@ future $h0
+	 mul	r0,$s2,$h4
+	ldr	$r2,[sp,#24]		@ reload $r2
+	adds	r2,r2,r1		@ d1+=d0>>32
+	 eor	r1,r1,r1
+	adc	lr,r3,#0		@ future $h2
+	str	r2,[sp,#4]		@ future $h1
+
+	mul	r2,$s3,$h4
+	eor	r3,r3,r3
+	umlal	r0,r1,$h3,$s3
+	ldr	$r3,[sp,#28]		@ reload $r3
+	umlal	r2,r3,$h3,$r0
+	umlal	r0,r1,$h2,$r0
+	umlal	r2,r3,$h2,$r1
+	umlal	r0,r1,$h1,$r1
+	umlal	r2,r3,$h1,$r2
+	umlal	r0,r1,$h0,$r2
+	umlal	r2,r3,$h0,$r3
+	ldr	$h0,[sp,#0]
+	mul	$h4,$r0,$h4
+	ldr	$h1,[sp,#4]
+
+	adds	$h2,lr,r0		@ d2+=d1>>32
+	ldr	lr,[sp,#8]		@ reload input pointer
+	adc	r1,r1,#0
+	adds	$h3,r2,r1		@ d3+=d2>>32
+	ldr	r0,[sp,#16]		@ reload end pointer
+	adc	r3,r3,#0
+	add	$h4,$h4,r3		@ h4+=d3>>32
+
+	and	r1,$h4,#-4
+	and	$h4,$h4,#3
+	add	r1,r1,r1,lsr#2		@ *=5
+	adds	$h0,$h0,r1
+	adcs	$h1,$h1,#0
+	adcs	$h2,$h2,#0
+	adcs	$h3,$h3,#0
+	adc	$h4,$h4,#0
+
+	cmp	r0,lr			@ done yet?
+	bhi	.Loop
+
+	ldr	$ctx,[sp,#12]
+	add	sp,sp,#32
+	stmia	$ctx,{$h0-$h4}		@ store the result
+
+.Lno_data:
+#if	__ARM_ARCH__>=5
+	ldmia	sp!,{r3-r11,pc}
+#else
+	ldmia	sp!,{r3-r11,lr}
+	tst	lr,#1
+	moveq	pc,lr			@ be binary compatible with V4, yet
+	bx	lr			@ interoperable with Thumb ISA:-)
+#endif
+.size	poly1305_blocks,.-poly1305_blocks
+___
+}
+{
+my ($ctx,$mac,$nonce)=map("r$_",(0..2));
+my ($h0,$h1,$h2,$h3,$h4,$g0,$g1,$g2,$g3)=map("r$_",(3..11));
+my $g4=$h4;
+
+$code.=<<___;
+.type	poly1305_emit,%function
+.align	5
+poly1305_emit:
+	stmdb	sp!,{r4-r11}
+.Lpoly1305_emit_enter:
+
+	ldmia	$ctx,{$h0-$h4}
+	adds	$g0,$h0,#5		@ compare to modulus
+	adcs	$g1,$h1,#0
+	adcs	$g2,$h2,#0
+	adcs	$g3,$h3,#0
+	adc	$g4,$h4,#0
+	tst	$g4,#4			@ did it carry/borrow?
+
+#ifdef	__thumb2__
+	it	ne
+#endif
+	movne	$h0,$g0
+	ldr	$g0,[$nonce,#0]
+#ifdef	__thumb2__
+	it	ne
+#endif
+	movne	$h1,$g1
+	ldr	$g1,[$nonce,#4]
+#ifdef	__thumb2__
+	it	ne
+#endif
+	movne	$h2,$g2
+	ldr	$g2,[$nonce,#8]
+#ifdef	__thumb2__
+	it	ne
+#endif
+	movne	$h3,$g3
+	ldr	$g3,[$nonce,#12]
+
+	adds	$h0,$h0,$g0
+	adcs	$h1,$h1,$g1
+	adcs	$h2,$h2,$g2
+	adc	$h3,$h3,$g3
+
+#if __ARM_ARCH__>=7
+# ifdef __ARMEB__
+	rev	$h0,$h0
+	rev	$h1,$h1
+	rev	$h2,$h2
+	rev	$h3,$h3
+# endif
+	str	$h0,[$mac,#0]
+	str	$h1,[$mac,#4]
+	str	$h2,[$mac,#8]
+	str	$h3,[$mac,#12]
+#else
+	strb	$h0,[$mac,#0]
+	mov	$h0,$h0,lsr#8
+	strb	$h1,[$mac,#4]
+	mov	$h1,$h1,lsr#8
+	strb	$h2,[$mac,#8]
+	mov	$h2,$h2,lsr#8
+	strb	$h3,[$mac,#12]
+	mov	$h3,$h3,lsr#8
+
+	strb	$h0,[$mac,#1]
+	mov	$h0,$h0,lsr#8
+	strb	$h1,[$mac,#5]
+	mov	$h1,$h1,lsr#8
+	strb	$h2,[$mac,#9]
+	mov	$h2,$h2,lsr#8
+	strb	$h3,[$mac,#13]
+	mov	$h3,$h3,lsr#8
+
+	strb	$h0,[$mac,#2]
+	mov	$h0,$h0,lsr#8
+	strb	$h1,[$mac,#6]
+	mov	$h1,$h1,lsr#8
+	strb	$h2,[$mac,#10]
+	mov	$h2,$h2,lsr#8
+	strb	$h3,[$mac,#14]
+	mov	$h3,$h3,lsr#8
+
+	strb	$h0,[$mac,#3]
+	strb	$h1,[$mac,#7]
+	strb	$h2,[$mac,#11]
+	strb	$h3,[$mac,#15]
+#endif
+	ldmia	sp!,{r4-r11}
+#if	__ARM_ARCH__>=5
+	ret				@ bx	lr
+#else
+	tst	lr,#1
+	moveq	pc,lr			@ be binary compatible with V4, yet
+	bx	lr			@ interoperable with Thumb ISA:-)
+#endif
+.size	poly1305_emit,.-poly1305_emit
+___
+{
+my ($R0,$R1,$S1,$R2,$S2,$R3,$S3,$R4,$S4) = map("d$_",(0..9));
+my ($D0,$D1,$D2,$D3,$D4, $H0,$H1,$H2,$H3,$H4) = map("q$_",(5..14));
+my ($T0,$T1,$MASK) = map("q$_",(15,4,0));
+
+my ($in2,$zeros,$tbl0,$tbl1) = map("r$_",(4..7));
+
+$code.=<<___;
+#if	__ARM_MAX_ARCH__>=7
+.fpu	neon
+
+.type	poly1305_init_neon,%function
+.align	5
+poly1305_init_neon:
+	ldr	r4,[$ctx,#20]		@ load key base 2^32
+	ldr	r5,[$ctx,#24]
+	ldr	r6,[$ctx,#28]
+	ldr	r7,[$ctx,#32]
+
+	and	r2,r4,#0x03ffffff	@ base 2^32 -> base 2^26
+	mov	r3,r4,lsr#26
+	mov	r4,r5,lsr#20
+	orr	r3,r3,r5,lsl#6
+	mov	r5,r6,lsr#14
+	orr	r4,r4,r6,lsl#12
+	mov	r6,r7,lsr#8
+	orr	r5,r5,r7,lsl#18
+	and	r3,r3,#0x03ffffff
+	and	r4,r4,#0x03ffffff
+	and	r5,r5,#0x03ffffff
+
+	vdup.32	$R0,r2			@ r^1 in both lanes
+	add	r2,r3,r3,lsl#2		@ *5
+	vdup.32	$R1,r3
+	add	r3,r4,r4,lsl#2
+	vdup.32	$S1,r2
+	vdup.32	$R2,r4
+	add	r4,r5,r5,lsl#2
+	vdup.32	$S2,r3
+	vdup.32	$R3,r5
+	add	r5,r6,r6,lsl#2
+	vdup.32	$S3,r4
+	vdup.32	$R4,r6
+	vdup.32	$S4,r5
+
+	mov	$zeros,#2		@ counter
+
+.Lsquare_neon:
+	@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+	@ d0 = h0*r0 + h4*5*r1 + h3*5*r2 + h2*5*r3 + h1*5*r4
+	@ d1 = h1*r0 + h0*r1   + h4*5*r2 + h3*5*r3 + h2*5*r4
+	@ d2 = h2*r0 + h1*r1   + h0*r2   + h4*5*r3 + h3*5*r4
+	@ d3 = h3*r0 + h2*r1   + h1*r2   + h0*r3   + h4*5*r4
+	@ d4 = h4*r0 + h3*r1   + h2*r2   + h1*r3   + h0*r4
+
+	vmull.u32	$D0,$R0,${R0}[1]
+	vmull.u32	$D1,$R1,${R0}[1]
+	vmull.u32	$D2,$R2,${R0}[1]
+	vmull.u32	$D3,$R3,${R0}[1]
+	vmull.u32	$D4,$R4,${R0}[1]
+
+	vmlal.u32	$D0,$R4,${S1}[1]
+	vmlal.u32	$D1,$R0,${R1}[1]
+	vmlal.u32	$D2,$R1,${R1}[1]
+	vmlal.u32	$D3,$R2,${R1}[1]
+	vmlal.u32	$D4,$R3,${R1}[1]
+
+	vmlal.u32	$D0,$R3,${S2}[1]
+	vmlal.u32	$D1,$R4,${S2}[1]
+	vmlal.u32	$D3,$R1,${R2}[1]
+	vmlal.u32	$D2,$R0,${R2}[1]
+	vmlal.u32	$D4,$R2,${R2}[1]
+
+	vmlal.u32	$D0,$R2,${S3}[1]
+	vmlal.u32	$D3,$R0,${R3}[1]
+	vmlal.u32	$D1,$R3,${S3}[1]
+	vmlal.u32	$D2,$R4,${S3}[1]
+	vmlal.u32	$D4,$R1,${R3}[1]
+
+	vmlal.u32	$D3,$R4,${S4}[1]
+	vmlal.u32	$D0,$R1,${S4}[1]
+	vmlal.u32	$D1,$R2,${S4}[1]
+	vmlal.u32	$D2,$R3,${S4}[1]
+	vmlal.u32	$D4,$R0,${R4}[1]
+
+	@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+	@ lazy reduction as discussed in "NEON crypto" by D.J. Bernstein
+	@ and P. Schwabe
+	@
+	@ H0>>+H1>>+H2>>+H3>>+H4
+	@ H3>>+H4>>*5+H0>>+H1
+	@
+	@ Trivia.
+	@
+	@ Result of multiplication of n-bit number by m-bit number is
+	@ n+m bits wide. However! Even though 2^n is a n+1-bit number,
+	@ m-bit number multiplied by 2^n is still n+m bits wide.
+	@
+	@ Sum of two n-bit numbers is n+1 bits wide, sum of three - n+2,
+	@ and so is sum of four. Sum of 2^m n-m-bit numbers and n-bit
+	@ one is n+1 bits wide.
+	@
+	@ >>+ denotes Hnext += Hn>>26, Hn &= 0x3ffffff. This means that
+	@ H0, H2, H3 are guaranteed to be 26 bits wide, while H1 and H4
+	@ can be 27. However! In cases when their width exceeds 26 bits
+	@ they are limited by 2^26+2^6. This in turn means that *sum*
+	@ of the products with these values can still be viewed as sum
+	@ of 52-bit numbers as long as the amount of addends is not a
+	@ power of 2. For example,
+	@
+	@ H4 = H4*R0 + H3*R1 + H2*R2 + H1*R3 + H0 * R4,
+	@
+	@ which can't be larger than 5 * (2^26 + 2^6) * (2^26 + 2^6), or
+	@ 5 * (2^52 + 2*2^32 + 2^12), which in turn is smaller than
+	@ 8 * (2^52) or 2^55. However, the value is then multiplied by
+	@ by 5, so we should be looking at 5 * 5 * (2^52 + 2^33 + 2^12),
+	@ which is less than 32 * (2^52) or 2^57. And when processing
+	@ data we are looking at triple as many addends...
+	@
+	@ In key setup procedure pre-reduced H0 is limited by 5*4+1 and
+	@ 5*H4 - by 5*5 52-bit addends, or 57 bits. But when hashing the
+	@ input H0 is limited by (5*4+1)*3 addends, or 58 bits, while
+	@ 5*H4 by 5*5*3, or 59[!] bits. How is this relevant? vmlal.u32
+	@ instruction accepts 2x32-bit input and writes 2x64-bit result.
+	@ This means that result of reduction have to be compressed upon
+	@ loop wrap-around. This can be done in the process of reduction
+	@ to minimize amount of instructions [as well as amount of
+	@ 128-bit instructions, which benefits low-end processors], but
+	@ one has to watch for H2 (which is narrower than H0) and 5*H4
+	@ not being wider than 58 bits, so that result of right shift
+	@ by 26 bits fits in 32 bits. This is also useful on x86,
+	@ because it allows to use paddd in place for paddq, which
+	@ benefits Atom, where paddq is ridiculously slow.
+
+	vshr.u64	$T0,$D3,#26
+	vmovn.i64	$D3#lo,$D3
+	 vshr.u64	$T1,$D0,#26
+	 vmovn.i64	$D0#lo,$D0
+	vadd.i64	$D4,$D4,$T0		@ h3 -> h4
+	vbic.i32	$D3#lo,#0xfc000000	@ &=0x03ffffff
+	 vadd.i64	$D1,$D1,$T1		@ h0 -> h1
+	 vbic.i32	$D0#lo,#0xfc000000
+
+	vshrn.u64	$T0#lo,$D4,#26
+	vmovn.i64	$D4#lo,$D4
+	 vshr.u64	$T1,$D1,#26
+	 vmovn.i64	$D1#lo,$D1
+	 vadd.i64	$D2,$D2,$T1		@ h1 -> h2
+	vbic.i32	$D4#lo,#0xfc000000
+	 vbic.i32	$D1#lo,#0xfc000000
+
+	vadd.i32	$D0#lo,$D0#lo,$T0#lo
+	vshl.u32	$T0#lo,$T0#lo,#2
+	 vshrn.u64	$T1#lo,$D2,#26
+	 vmovn.i64	$D2#lo,$D2
+	vadd.i32	$D0#lo,$D0#lo,$T0#lo	@ h4 -> h0
+	 vadd.i32	$D3#lo,$D3#lo,$T1#lo	@ h2 -> h3
+	 vbic.i32	$D2#lo,#0xfc000000
+
+	vshr.u32	$T0#lo,$D0#lo,#26
+	vbic.i32	$D0#lo,#0xfc000000
+	 vshr.u32	$T1#lo,$D3#lo,#26
+	 vbic.i32	$D3#lo,#0xfc000000
+	vadd.i32	$D1#lo,$D1#lo,$T0#lo	@ h0 -> h1
+	 vadd.i32	$D4#lo,$D4#lo,$T1#lo	@ h3 -> h4
+
+	subs		$zeros,$zeros,#1
+	beq		.Lsquare_break_neon
+
+	add		$tbl0,$ctx,#(48+0*9*4)
+	add		$tbl1,$ctx,#(48+1*9*4)
+
+	vtrn.32		$R0,$D0#lo		@ r^2:r^1
+	vtrn.32		$R2,$D2#lo
+	vtrn.32		$R3,$D3#lo
+	vtrn.32		$R1,$D1#lo
+	vtrn.32		$R4,$D4#lo
+
+	vshl.u32	$S2,$R2,#2		@ *5
+	vshl.u32	$S3,$R3,#2
+	vshl.u32	$S1,$R1,#2
+	vshl.u32	$S4,$R4,#2
+	vadd.i32	$S2,$S2,$R2
+	vadd.i32	$S1,$S1,$R1
+	vadd.i32	$S3,$S3,$R3
+	vadd.i32	$S4,$S4,$R4
+
+	vst4.32		{${R0}[0],${R1}[0],${S1}[0],${R2}[0]},[$tbl0]!
+	vst4.32		{${R0}[1],${R1}[1],${S1}[1],${R2}[1]},[$tbl1]!
+	vst4.32		{${S2}[0],${R3}[0],${S3}[0],${R4}[0]},[$tbl0]!
+	vst4.32		{${S2}[1],${R3}[1],${S3}[1],${R4}[1]},[$tbl1]!
+	vst1.32		{${S4}[0]},[$tbl0,:32]
+	vst1.32		{${S4}[1]},[$tbl1,:32]
+
+	b		.Lsquare_neon
+
+.align	4
+.Lsquare_break_neon:
+	add		$tbl0,$ctx,#(48+2*4*9)
+	add		$tbl1,$ctx,#(48+3*4*9)
+
+	vmov		$R0,$D0#lo		@ r^4:r^3
+	vshl.u32	$S1,$D1#lo,#2		@ *5
+	vmov		$R1,$D1#lo
+	vshl.u32	$S2,$D2#lo,#2
+	vmov		$R2,$D2#lo
+	vshl.u32	$S3,$D3#lo,#2
+	vmov		$R3,$D3#lo
+	vshl.u32	$S4,$D4#lo,#2
+	vmov		$R4,$D4#lo
+	vadd.i32	$S1,$S1,$D1#lo
+	vadd.i32	$S2,$S2,$D2#lo
+	vadd.i32	$S3,$S3,$D3#lo
+	vadd.i32	$S4,$S4,$D4#lo
+
+	vst4.32		{${R0}[0],${R1}[0],${S1}[0],${R2}[0]},[$tbl0]!
+	vst4.32		{${R0}[1],${R1}[1],${S1}[1],${R2}[1]},[$tbl1]!
+	vst4.32		{${S2}[0],${R3}[0],${S3}[0],${R4}[0]},[$tbl0]!
+	vst4.32		{${S2}[1],${R3}[1],${S3}[1],${R4}[1]},[$tbl1]!
+	vst1.32		{${S4}[0]},[$tbl0]
+	vst1.32		{${S4}[1]},[$tbl1]
+
+	ret				@ bx	lr
+.size	poly1305_init_neon,.-poly1305_init_neon
+
+.type	poly1305_blocks_neon,%function
+.align	5
+poly1305_blocks_neon:
+	ldr	ip,[$ctx,#36]		@ is_base2_26
+	ands	$len,$len,#-16
+	beq	.Lno_data_neon
+
+	cmp	$len,#64
+	bhs	.Lenter_neon
+	tst	ip,ip			@ is_base2_26?
+	beq	.Lpoly1305_blocks
+
+.Lenter_neon:
+	stmdb	sp!,{r4-r7}
+	vstmdb	sp!,{d8-d15}		@ ABI specification says so
+
+	tst	ip,ip			@ is_base2_26?
+	bne	.Lbase2_26_neon
+
+	stmdb	sp!,{r1-r3,lr}
+	bl	poly1305_init_neon
+
+	ldr	r4,[$ctx,#0]		@ load hash value base 2^32
+	ldr	r5,[$ctx,#4]
+	ldr	r6,[$ctx,#8]
+	ldr	r7,[$ctx,#12]
+	ldr	ip,[$ctx,#16]
+
+	and	r2,r4,#0x03ffffff	@ base 2^32 -> base 2^26
+	mov	r3,r4,lsr#26
+	 veor	$D0#lo,$D0#lo,$D0#lo
+	mov	r4,r5,lsr#20
+	orr	r3,r3,r5,lsl#6
+	 veor	$D1#lo,$D1#lo,$D1#lo
+	mov	r5,r6,lsr#14
+	orr	r4,r4,r6,lsl#12
+	 veor	$D2#lo,$D2#lo,$D2#lo
+	mov	r6,r7,lsr#8
+	orr	r5,r5,r7,lsl#18
+	 veor	$D3#lo,$D3#lo,$D3#lo
+	and	r3,r3,#0x03ffffff
+	orr	r6,r6,ip,lsl#24
+	 veor	$D4#lo,$D4#lo,$D4#lo
+	and	r4,r4,#0x03ffffff
+	mov	r1,#1
+	and	r5,r5,#0x03ffffff
+	str	r1,[$ctx,#36]		@ is_base2_26
+
+	vmov.32	$D0#lo[0],r2
+	vmov.32	$D1#lo[0],r3
+	vmov.32	$D2#lo[0],r4
+	vmov.32	$D3#lo[0],r5
+	vmov.32	$D4#lo[0],r6
+	adr	$zeros,.Lzeros
+
+	ldmia	sp!,{r1-r3,lr}
+	b	.Lbase2_32_neon
+
+.align	4
+.Lbase2_26_neon:
+	@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+	@ load hash value
+
+	veor		$D0#lo,$D0#lo,$D0#lo
+	veor		$D1#lo,$D1#lo,$D1#lo
+	veor		$D2#lo,$D2#lo,$D2#lo
+	veor		$D3#lo,$D3#lo,$D3#lo
+	veor		$D4#lo,$D4#lo,$D4#lo
+	vld4.32		{$D0#lo[0],$D1#lo[0],$D2#lo[0],$D3#lo[0]},[$ctx]!
+	adr		$zeros,.Lzeros
+	vld1.32		{$D4#lo[0]},[$ctx]
+	sub		$ctx,$ctx,#16		@ rewind
+
+.Lbase2_32_neon:
+	add		$in2,$inp,#32
+	mov		$padbit,$padbit,lsl#24
+	tst		$len,#31
+	beq		.Leven
+
+	vld4.32		{$H0#lo[0],$H1#lo[0],$H2#lo[0],$H3#lo[0]},[$inp]!
+	vmov.32		$H4#lo[0],$padbit
+	sub		$len,$len,#16
+	add		$in2,$inp,#32
+
+# ifdef	__ARMEB__
+	vrev32.8	$H0,$H0
+	vrev32.8	$H3,$H3
+	vrev32.8	$H1,$H1
+	vrev32.8	$H2,$H2
+# endif
+	vsri.u32	$H4#lo,$H3#lo,#8	@ base 2^32 -> base 2^26
+	vshl.u32	$H3#lo,$H3#lo,#18
+
+	vsri.u32	$H3#lo,$H2#lo,#14
+	vshl.u32	$H2#lo,$H2#lo,#12
+	vadd.i32	$H4#hi,$H4#lo,$D4#lo	@ add hash value and move to #hi
+
+	vbic.i32	$H3#lo,#0xfc000000
+	vsri.u32	$H2#lo,$H1#lo,#20
+	vshl.u32	$H1#lo,$H1#lo,#6
+
+	vbic.i32	$H2#lo,#0xfc000000
+	vsri.u32	$H1#lo,$H0#lo,#26
+	vadd.i32	$H3#hi,$H3#lo,$D3#lo
+
+	vbic.i32	$H0#lo,#0xfc000000
+	vbic.i32	$H1#lo,#0xfc000000
+	vadd.i32	$H2#hi,$H2#lo,$D2#lo
+
+	vadd.i32	$H0#hi,$H0#lo,$D0#lo
+	vadd.i32	$H1#hi,$H1#lo,$D1#lo
+
+	mov		$tbl1,$zeros
+	add		$tbl0,$ctx,#48
+
+	cmp		$len,$len
+	b		.Long_tail
+
+.align	4
+.Leven:
+	subs		$len,$len,#64
+	it		lo
+	movlo		$in2,$zeros
+
+	vmov.i32	$H4,#1<<24		@ padbit, yes, always
+	vld4.32		{$H0#lo,$H1#lo,$H2#lo,$H3#lo},[$inp]	@ inp[0:1]
+	add		$inp,$inp,#64
+	vld4.32		{$H0#hi,$H1#hi,$H2#hi,$H3#hi},[$in2]	@ inp[2:3] (or 0)
+	add		$in2,$in2,#64
+	itt		hi
+	addhi		$tbl1,$ctx,#(48+1*9*4)
+	addhi		$tbl0,$ctx,#(48+3*9*4)
+
+# ifdef	__ARMEB__
+	vrev32.8	$H0,$H0
+	vrev32.8	$H3,$H3
+	vrev32.8	$H1,$H1
+	vrev32.8	$H2,$H2
+# endif
+	vsri.u32	$H4,$H3,#8		@ base 2^32 -> base 2^26
+	vshl.u32	$H3,$H3,#18
+
+	vsri.u32	$H3,$H2,#14
+	vshl.u32	$H2,$H2,#12
+
+	vbic.i32	$H3,#0xfc000000
+	vsri.u32	$H2,$H1,#20
+	vshl.u32	$H1,$H1,#6
+
+	vbic.i32	$H2,#0xfc000000
+	vsri.u32	$H1,$H0,#26
+
+	vbic.i32	$H0,#0xfc000000
+	vbic.i32	$H1,#0xfc000000
+
+	bls		.Lskip_loop
+
+	vld4.32		{${R0}[1],${R1}[1],${S1}[1],${R2}[1]},[$tbl1]!	@ load r^2
+	vld4.32		{${R0}[0],${R1}[0],${S1}[0],${R2}[0]},[$tbl0]!	@ load r^4
+	vld4.32		{${S2}[1],${R3}[1],${S3}[1],${R4}[1]},[$tbl1]!
+	vld4.32		{${S2}[0],${R3}[0],${S3}[0],${R4}[0]},[$tbl0]!
+	b		.Loop_neon
+
+.align	5
+.Loop_neon:
+	@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+	@ ((inp[0]*r^4+inp[2]*r^2+inp[4])*r^4+inp[6]*r^2
+	@ ((inp[1]*r^4+inp[3]*r^2+inp[5])*r^3+inp[7]*r
+	@   \___________________/
+	@ ((inp[0]*r^4+inp[2]*r^2+inp[4])*r^4+inp[6]*r^2+inp[8])*r^2
+	@ ((inp[1]*r^4+inp[3]*r^2+inp[5])*r^4+inp[7]*r^2+inp[9])*r
+	@   \___________________/ \____________________/
+	@
+	@ Note that we start with inp[2:3]*r^2. This is because it
+	@ doesn't depend on reduction in previous iteration.
+	@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+	@ d4 = h4*r0 + h3*r1   + h2*r2   + h1*r3   + h0*r4
+	@ d3 = h3*r0 + h2*r1   + h1*r2   + h0*r3   + h4*5*r4
+	@ d2 = h2*r0 + h1*r1   + h0*r2   + h4*5*r3 + h3*5*r4
+	@ d1 = h1*r0 + h0*r1   + h4*5*r2 + h3*5*r3 + h2*5*r4
+	@ d0 = h0*r0 + h4*5*r1 + h3*5*r2 + h2*5*r3 + h1*5*r4
+
+	@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+	@ inp[2:3]*r^2
+
+	vadd.i32	$H2#lo,$H2#lo,$D2#lo	@ accumulate inp[0:1]
+	vmull.u32	$D2,$H2#hi,${R0}[1]
+	vadd.i32	$H0#lo,$H0#lo,$D0#lo
+	vmull.u32	$D0,$H0#hi,${R0}[1]
+	vadd.i32	$H3#lo,$H3#lo,$D3#lo
+	vmull.u32	$D3,$H3#hi,${R0}[1]
+	vmlal.u32	$D2,$H1#hi,${R1}[1]
+	vadd.i32	$H1#lo,$H1#lo,$D1#lo
+	vmull.u32	$D1,$H1#hi,${R0}[1]
+
+	vadd.i32	$H4#lo,$H4#lo,$D4#lo
+	vmull.u32	$D4,$H4#hi,${R0}[1]
+	subs		$len,$len,#64
+	vmlal.u32	$D0,$H4#hi,${S1}[1]
+	it		lo
+	movlo		$in2,$zeros
+	vmlal.u32	$D3,$H2#hi,${R1}[1]
+	vld1.32		${S4}[1],[$tbl1,:32]
+	vmlal.u32	$D1,$H0#hi,${R1}[1]
+	vmlal.u32	$D4,$H3#hi,${R1}[1]
+
+	vmlal.u32	$D0,$H3#hi,${S2}[1]
+	vmlal.u32	$D3,$H1#hi,${R2}[1]
+	vmlal.u32	$D4,$H2#hi,${R2}[1]
+	vmlal.u32	$D1,$H4#hi,${S2}[1]
+	vmlal.u32	$D2,$H0#hi,${R2}[1]
+
+	vmlal.u32	$D3,$H0#hi,${R3}[1]
+	vmlal.u32	$D0,$H2#hi,${S3}[1]
+	vmlal.u32	$D4,$H1#hi,${R3}[1]
+	vmlal.u32	$D1,$H3#hi,${S3}[1]
+	vmlal.u32	$D2,$H4#hi,${S3}[1]
+
+	vmlal.u32	$D3,$H4#hi,${S4}[1]
+	vmlal.u32	$D0,$H1#hi,${S4}[1]
+	vmlal.u32	$D4,$H0#hi,${R4}[1]
+	vmlal.u32	$D1,$H2#hi,${S4}[1]
+	vmlal.u32	$D2,$H3#hi,${S4}[1]
+
+	vld4.32		{$H0#hi,$H1#hi,$H2#hi,$H3#hi},[$in2]	@ inp[2:3] (or 0)
+	add		$in2,$in2,#64
+
+	@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+	@ (hash+inp[0:1])*r^4 and accumulate
+
+	vmlal.u32	$D3,$H3#lo,${R0}[0]
+	vmlal.u32	$D0,$H0#lo,${R0}[0]
+	vmlal.u32	$D4,$H4#lo,${R0}[0]
+	vmlal.u32	$D1,$H1#lo,${R0}[0]
+	vmlal.u32	$D2,$H2#lo,${R0}[0]
+	vld1.32		${S4}[0],[$tbl0,:32]
+
+	vmlal.u32	$D3,$H2#lo,${R1}[0]
+	vmlal.u32	$D0,$H4#lo,${S1}[0]
+	vmlal.u32	$D4,$H3#lo,${R1}[0]
+	vmlal.u32	$D1,$H0#lo,${R1}[0]
+	vmlal.u32	$D2,$H1#lo,${R1}[0]
+
+	vmlal.u32	$D3,$H1#lo,${R2}[0]
+	vmlal.u32	$D0,$H3#lo,${S2}[0]
+	vmlal.u32	$D4,$H2#lo,${R2}[0]
+	vmlal.u32	$D1,$H4#lo,${S2}[0]
+	vmlal.u32	$D2,$H0#lo,${R2}[0]
+
+	vmlal.u32	$D3,$H0#lo,${R3}[0]
+	vmlal.u32	$D0,$H2#lo,${S3}[0]
+	vmlal.u32	$D4,$H1#lo,${R3}[0]
+	vmlal.u32	$D1,$H3#lo,${S3}[0]
+	vmlal.u32	$D3,$H4#lo,${S4}[0]
+
+	vmlal.u32	$D2,$H4#lo,${S3}[0]
+	vmlal.u32	$D0,$H1#lo,${S4}[0]
+	vmlal.u32	$D4,$H0#lo,${R4}[0]
+	vmov.i32	$H4,#1<<24		@ padbit, yes, always
+	vmlal.u32	$D1,$H2#lo,${S4}[0]
+	vmlal.u32	$D2,$H3#lo,${S4}[0]
+
+	vld4.32		{$H0#lo,$H1#lo,$H2#lo,$H3#lo},[$inp]	@ inp[0:1]
+	add		$inp,$inp,#64
+# ifdef	__ARMEB__
+	vrev32.8	$H0,$H0
+	vrev32.8	$H1,$H1
+	vrev32.8	$H2,$H2
+	vrev32.8	$H3,$H3
+# endif
+
+	@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+	@ lazy reduction interleaved with base 2^32 -> base 2^26 of
+	@ inp[0:3] previously loaded to $H0-$H3 and smashed to $H0-$H4.
+
+	vshr.u64	$T0,$D3,#26
+	vmovn.i64	$D3#lo,$D3
+	 vshr.u64	$T1,$D0,#26
+	 vmovn.i64	$D0#lo,$D0
+	vadd.i64	$D4,$D4,$T0		@ h3 -> h4
+	vbic.i32	$D3#lo,#0xfc000000
+	  vsri.u32	$H4,$H3,#8		@ base 2^32 -> base 2^26
+	 vadd.i64	$D1,$D1,$T1		@ h0 -> h1
+	  vshl.u32	$H3,$H3,#18
+	 vbic.i32	$D0#lo,#0xfc000000
+
+	vshrn.u64	$T0#lo,$D4,#26
+	vmovn.i64	$D4#lo,$D4
+	 vshr.u64	$T1,$D1,#26
+	 vmovn.i64	$D1#lo,$D1
+	 vadd.i64	$D2,$D2,$T1		@ h1 -> h2
+	  vsri.u32	$H3,$H2,#14
+	vbic.i32	$D4#lo,#0xfc000000
+	  vshl.u32	$H2,$H2,#12
+	 vbic.i32	$D1#lo,#0xfc000000
+
+	vadd.i32	$D0#lo,$D0#lo,$T0#lo
+	vshl.u32	$T0#lo,$T0#lo,#2
+	  vbic.i32	$H3,#0xfc000000
+	 vshrn.u64	$T1#lo,$D2,#26
+	 vmovn.i64	$D2#lo,$D2
+	vaddl.u32	$D0,$D0#lo,$T0#lo	@ h4 -> h0 [widen for a sec]
+	  vsri.u32	$H2,$H1,#20
+	 vadd.i32	$D3#lo,$D3#lo,$T1#lo	@ h2 -> h3
+	  vshl.u32	$H1,$H1,#6
+	 vbic.i32	$D2#lo,#0xfc000000
+	  vbic.i32	$H2,#0xfc000000
+
+	vshrn.u64	$T0#lo,$D0,#26		@ re-narrow
+	vmovn.i64	$D0#lo,$D0
+	  vsri.u32	$H1,$H0,#26
+	  vbic.i32	$H0,#0xfc000000
+	 vshr.u32	$T1#lo,$D3#lo,#26
+	 vbic.i32	$D3#lo,#0xfc000000
+	vbic.i32	$D0#lo,#0xfc000000
+	vadd.i32	$D1#lo,$D1#lo,$T0#lo	@ h0 -> h1
+	 vadd.i32	$D4#lo,$D4#lo,$T1#lo	@ h3 -> h4
+	  vbic.i32	$H1,#0xfc000000
+
+	bhi		.Loop_neon
+
+.Lskip_loop:
+	@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+	@ multiply (inp[0:1]+hash) or inp[2:3] by r^2:r^1
+
+	add		$tbl1,$ctx,#(48+0*9*4)
+	add		$tbl0,$ctx,#(48+1*9*4)
+	adds		$len,$len,#32
+	it		ne
+	movne		$len,#0
+	bne		.Long_tail
+
+	vadd.i32	$H2#hi,$H2#lo,$D2#lo	@ add hash value and move to #hi
+	vadd.i32	$H0#hi,$H0#lo,$D0#lo
+	vadd.i32	$H3#hi,$H3#lo,$D3#lo
+	vadd.i32	$H1#hi,$H1#lo,$D1#lo
+	vadd.i32	$H4#hi,$H4#lo,$D4#lo
+
+.Long_tail:
+	vld4.32		{${R0}[1],${R1}[1],${S1}[1],${R2}[1]},[$tbl1]!	@ load r^1
+	vld4.32		{${R0}[0],${R1}[0],${S1}[0],${R2}[0]},[$tbl0]!	@ load r^2
+
+	vadd.i32	$H2#lo,$H2#lo,$D2#lo	@ can be redundant
+	vmull.u32	$D2,$H2#hi,$R0
+	vadd.i32	$H0#lo,$H0#lo,$D0#lo
+	vmull.u32	$D0,$H0#hi,$R0
+	vadd.i32	$H3#lo,$H3#lo,$D3#lo
+	vmull.u32	$D3,$H3#hi,$R0
+	vadd.i32	$H1#lo,$H1#lo,$D1#lo
+	vmull.u32	$D1,$H1#hi,$R0
+	vadd.i32	$H4#lo,$H4#lo,$D4#lo
+	vmull.u32	$D4,$H4#hi,$R0
+
+	vmlal.u32	$D0,$H4#hi,$S1
+	vld4.32		{${S2}[1],${R3}[1],${S3}[1],${R4}[1]},[$tbl1]!
+	vmlal.u32	$D3,$H2#hi,$R1
+	vld4.32		{${S2}[0],${R3}[0],${S3}[0],${R4}[0]},[$tbl0]!
+	vmlal.u32	$D1,$H0#hi,$R1
+	vmlal.u32	$D4,$H3#hi,$R1
+	vmlal.u32	$D2,$H1#hi,$R1
+
+	vmlal.u32	$D3,$H1#hi,$R2
+	vld1.32		${S4}[1],[$tbl1,:32]
+	vmlal.u32	$D0,$H3#hi,$S2
+	vld1.32		${S4}[0],[$tbl0,:32]
+	vmlal.u32	$D4,$H2#hi,$R2
+	vmlal.u32	$D1,$H4#hi,$S2
+	vmlal.u32	$D2,$H0#hi,$R2
+
+	vmlal.u32	$D3,$H0#hi,$R3
+	 it		ne
+	 addne		$tbl1,$ctx,#(48+2*9*4)
+	vmlal.u32	$D0,$H2#hi,$S3
+	 it		ne
+	 addne		$tbl0,$ctx,#(48+3*9*4)
+	vmlal.u32	$D4,$H1#hi,$R3
+	vmlal.u32	$D1,$H3#hi,$S3
+	vmlal.u32	$D2,$H4#hi,$S3
+
+	vmlal.u32	$D3,$H4#hi,$S4
+	 vorn		$MASK,$MASK,$MASK	@ all-ones, can be redundant
+	vmlal.u32	$D0,$H1#hi,$S4
+	 vshr.u64	$MASK,$MASK,#38
+	vmlal.u32	$D4,$H0#hi,$R4
+	vmlal.u32	$D1,$H2#hi,$S4
+	vmlal.u32	$D2,$H3#hi,$S4
+
+	beq		.Lshort_tail
+
+	@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+	@ (hash+inp[0:1])*r^4:r^3 and accumulate
+
+	vld4.32		{${R0}[1],${R1}[1],${S1}[1],${R2}[1]},[$tbl1]!	@ load r^3
+	vld4.32		{${R0}[0],${R1}[0],${S1}[0],${R2}[0]},[$tbl0]!	@ load r^4
+
+	vmlal.u32	$D2,$H2#lo,$R0
+	vmlal.u32	$D0,$H0#lo,$R0
+	vmlal.u32	$D3,$H3#lo,$R0
+	vmlal.u32	$D1,$H1#lo,$R0
+	vmlal.u32	$D4,$H4#lo,$R0
+
+	vmlal.u32	$D0,$H4#lo,$S1
+	vld4.32		{${S2}[1],${R3}[1],${S3}[1],${R4}[1]},[$tbl1]!
+	vmlal.u32	$D3,$H2#lo,$R1
+	vld4.32		{${S2}[0],${R3}[0],${S3}[0],${R4}[0]},[$tbl0]!
+	vmlal.u32	$D1,$H0#lo,$R1
+	vmlal.u32	$D4,$H3#lo,$R1
+	vmlal.u32	$D2,$H1#lo,$R1
+
+	vmlal.u32	$D3,$H1#lo,$R2
+	vld1.32		${S4}[1],[$tbl1,:32]
+	vmlal.u32	$D0,$H3#lo,$S2
+	vld1.32		${S4}[0],[$tbl0,:32]
+	vmlal.u32	$D4,$H2#lo,$R2
+	vmlal.u32	$D1,$H4#lo,$S2
+	vmlal.u32	$D2,$H0#lo,$R2
+
+	vmlal.u32	$D3,$H0#lo,$R3
+	vmlal.u32	$D0,$H2#lo,$S3
+	vmlal.u32	$D4,$H1#lo,$R3
+	vmlal.u32	$D1,$H3#lo,$S3
+	vmlal.u32	$D2,$H4#lo,$S3
+
+	vmlal.u32	$D3,$H4#lo,$S4
+	 vorn		$MASK,$MASK,$MASK	@ all-ones
+	vmlal.u32	$D0,$H1#lo,$S4
+	 vshr.u64	$MASK,$MASK,#38
+	vmlal.u32	$D4,$H0#lo,$R4
+	vmlal.u32	$D1,$H2#lo,$S4
+	vmlal.u32	$D2,$H3#lo,$S4
+
+.Lshort_tail:
+	@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+	@ horizontal addition
+
+	vadd.i64	$D3#lo,$D3#lo,$D3#hi
+	vadd.i64	$D0#lo,$D0#lo,$D0#hi
+	vadd.i64	$D4#lo,$D4#lo,$D4#hi
+	vadd.i64	$D1#lo,$D1#lo,$D1#hi
+	vadd.i64	$D2#lo,$D2#lo,$D2#hi
+
+	@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+	@ lazy reduction, but without narrowing
+
+	vshr.u64	$T0,$D3,#26
+	vand.i64	$D3,$D3,$MASK
+	 vshr.u64	$T1,$D0,#26
+	 vand.i64	$D0,$D0,$MASK
+	vadd.i64	$D4,$D4,$T0		@ h3 -> h4
+	 vadd.i64	$D1,$D1,$T1		@ h0 -> h1
+
+	vshr.u64	$T0,$D4,#26
+	vand.i64	$D4,$D4,$MASK
+	 vshr.u64	$T1,$D1,#26
+	 vand.i64	$D1,$D1,$MASK
+	 vadd.i64	$D2,$D2,$T1		@ h1 -> h2
+
+	vadd.i64	$D0,$D0,$T0
+	vshl.u64	$T0,$T0,#2
+	 vshr.u64	$T1,$D2,#26
+	 vand.i64	$D2,$D2,$MASK
+	vadd.i64	$D0,$D0,$T0		@ h4 -> h0
+	 vadd.i64	$D3,$D3,$T1		@ h2 -> h3
+
+	vshr.u64	$T0,$D0,#26
+	vand.i64	$D0,$D0,$MASK
+	 vshr.u64	$T1,$D3,#26
+	 vand.i64	$D3,$D3,$MASK
+	vadd.i64	$D1,$D1,$T0		@ h0 -> h1
+	 vadd.i64	$D4,$D4,$T1		@ h3 -> h4
+
+	cmp		$len,#0
+	bne		.Leven
+
+	@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+	@ store hash value
+
+	vst4.32		{$D0#lo[0],$D1#lo[0],$D2#lo[0],$D3#lo[0]},[$ctx]!
+	vst1.32		{$D4#lo[0]},[$ctx]
+
+	vldmia	sp!,{d8-d15}			@ epilogue
+	ldmia	sp!,{r4-r7}
+.Lno_data_neon:
+	ret					@ bx	lr
+.size	poly1305_blocks_neon,.-poly1305_blocks_neon
+
+.type	poly1305_emit_neon,%function
+.align	5
+poly1305_emit_neon:
+	ldr	ip,[$ctx,#36]		@ is_base2_26
+
+	stmdb	sp!,{r4-r11}
+
+	tst	ip,ip
+	beq	.Lpoly1305_emit_enter
+
+	ldmia	$ctx,{$h0-$h4}
+	eor	$g0,$g0,$g0
+
+	adds	$h0,$h0,$h1,lsl#26	@ base 2^26 -> base 2^32
+	mov	$h1,$h1,lsr#6
+	adcs	$h1,$h1,$h2,lsl#20
+	mov	$h2,$h2,lsr#12
+	adcs	$h2,$h2,$h3,lsl#14
+	mov	$h3,$h3,lsr#18
+	adcs	$h3,$h3,$h4,lsl#8
+	adc	$h4,$g0,$h4,lsr#24	@ can be partially reduced ...
+
+	and	$g0,$h4,#-4		@ ... so reduce
+	and	$h4,$h3,#3
+	add	$g0,$g0,$g0,lsr#2	@ *= 5
+	adds	$h0,$h0,$g0
+	adcs	$h1,$h1,#0
+	adcs	$h2,$h2,#0
+	adcs	$h3,$h3,#0
+	adc	$h4,$h4,#0
+
+	adds	$g0,$h0,#5		@ compare to modulus
+	adcs	$g1,$h1,#0
+	adcs	$g2,$h2,#0
+	adcs	$g3,$h3,#0
+	adc	$g4,$h4,#0
+	tst	$g4,#4			@ did it carry/borrow?
+
+	it	ne
+	movne	$h0,$g0
+	ldr	$g0,[$nonce,#0]
+	it	ne
+	movne	$h1,$g1
+	ldr	$g1,[$nonce,#4]
+	it	ne
+	movne	$h2,$g2
+	ldr	$g2,[$nonce,#8]
+	it	ne
+	movne	$h3,$g3
+	ldr	$g3,[$nonce,#12]
+
+	adds	$h0,$h0,$g0		@ accumulate nonce
+	adcs	$h1,$h1,$g1
+	adcs	$h2,$h2,$g2
+	adc	$h3,$h3,$g3
+
+# ifdef __ARMEB__
+	rev	$h0,$h0
+	rev	$h1,$h1
+	rev	$h2,$h2
+	rev	$h3,$h3
+# endif
+	str	$h0,[$mac,#0]		@ store the result
+	str	$h1,[$mac,#4]
+	str	$h2,[$mac,#8]
+	str	$h3,[$mac,#12]
+
+	ldmia	sp!,{r4-r11}
+	ret				@ bx	lr
+.size	poly1305_emit_neon,.-poly1305_emit_neon
+
+.align	5
+.Lzeros:
+.long	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
+.LOPENSSL_armcap:
+.word	OPENSSL_armcap_P-.Lpoly1305_init
+#endif
+___
+}	}
+$code.=<<___;
+.asciz	"Poly1305 for ARMv4/NEON, CRYPTOGAMS by <appro\@openssl.org>"
+.align	2
+#if	__ARM_MAX_ARCH__>=7
+.comm   OPENSSL_armcap_P,4,4
+#endif
+___
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/geo;
+
+	s/\bq([0-9]+)#(lo|hi)/sprintf "d%d",2*$1+($2 eq "hi")/geo	or
+	s/\bret\b/bx	lr/go						or
+	s/\bbx\s+lr\b/.word\t0xe12fff1e/go;	# make it possible to compile with -march=armv4
+
+	print $_,"\n";
+}
+close STDOUT; # enforce flush
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-armv8.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-armv8.pl
new file mode 100755
index 000000000..6c6c9bb05
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-armv8.pl
@@ -0,0 +1,946 @@
+#! /usr/bin/env perl
+# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# This module implements Poly1305 hash for ARMv8.
+#
+# June 2015
+#
+# Numbers are cycles per processed byte with poly1305_blocks alone.
+#
+#		IALU/gcc-4.9	NEON
+#
+# Apple A7	1.86/+5%	0.72
+# Cortex-A53	2.69/+58%	1.47
+# Cortex-A57	2.70/+7%	1.14
+# Denver	1.64/+50%	1.18(*)
+# X-Gene	2.13/+68%	2.27
+# Mongoose	1.77/+75%	1.12
+# Kryo		2.70/+55%	1.13
+#
+# (*)	estimate based on resources availability is less than 1.0,
+#	i.e. measured result is worse than expected, presumably binary
+#	translator is not almighty;
+
+$flavour=shift;
+$output=shift;
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
+die "can't locate arm-xlate.pl";
+
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
+
+my ($ctx,$inp,$len,$padbit) = map("x$_",(0..3));
+my ($mac,$nonce)=($inp,$len);
+
+my ($h0,$h1,$h2,$r0,$r1,$s1,$t0,$t1,$d0,$d1,$d2) = map("x$_",(4..14));
+
+$code.=<<___;
+#include "arm_arch.h"
+
+.text
+
+// forward "declarations" are required for Apple
+.extern	OPENSSL_armcap_P
+.globl	poly1305_blocks
+.globl	poly1305_emit
+
+.globl	poly1305_init
+.type	poly1305_init,%function
+.align	5
+poly1305_init:
+	cmp	$inp,xzr
+	stp	xzr,xzr,[$ctx]		// zero hash value
+	stp	xzr,xzr,[$ctx,#16]	// [along with is_base2_26]
+
+	csel	x0,xzr,x0,eq
+	b.eq	.Lno_key
+
+#ifdef	__ILP32__
+	ldrsw	$t1,.LOPENSSL_armcap_P
+#else
+	ldr	$t1,.LOPENSSL_armcap_P
+#endif
+	adr	$t0,.LOPENSSL_armcap_P
+
+	ldp	$r0,$r1,[$inp]		// load key
+	mov	$s1,#0xfffffffc0fffffff
+	movk	$s1,#0x0fff,lsl#48
+	ldr	w17,[$t0,$t1]
+#ifdef	__ARMEB__
+	rev	$r0,$r0			// flip bytes
+	rev	$r1,$r1
+#endif
+	and	$r0,$r0,$s1		// &=0ffffffc0fffffff
+	and	$s1,$s1,#-4
+	and	$r1,$r1,$s1		// &=0ffffffc0ffffffc
+	stp	$r0,$r1,[$ctx,#32]	// save key value
+
+	tst	w17,#ARMV7_NEON
+
+	adr	$d0,poly1305_blocks
+	adr	$r0,poly1305_blocks_neon
+	adr	$d1,poly1305_emit
+	adr	$r1,poly1305_emit_neon
+
+	csel	$d0,$d0,$r0,eq
+	csel	$d1,$d1,$r1,eq
+
+#ifdef	__ILP32__
+	stp	w12,w13,[$len]
+#else
+	stp	$d0,$d1,[$len]
+#endif
+
+	mov	x0,#1
+.Lno_key:
+	ret
+.size	poly1305_init,.-poly1305_init
+
+.type	poly1305_blocks,%function
+.align	5
+poly1305_blocks:
+	ands	$len,$len,#-16
+	b.eq	.Lno_data
+
+	ldp	$h0,$h1,[$ctx]		// load hash value
+	ldp	$r0,$r1,[$ctx,#32]	// load key value
+	ldr	$h2,[$ctx,#16]
+	add	$s1,$r1,$r1,lsr#2	// s1 = r1 + (r1 >> 2)
+	b	.Loop
+
+.align	5
+.Loop:
+	ldp	$t0,$t1,[$inp],#16	// load input
+	sub	$len,$len,#16
+#ifdef	__ARMEB__
+	rev	$t0,$t0
+	rev	$t1,$t1
+#endif
+	adds	$h0,$h0,$t0		// accumulate input
+	adcs	$h1,$h1,$t1
+
+	mul	$d0,$h0,$r0		// h0*r0
+	adc	$h2,$h2,$padbit
+	umulh	$d1,$h0,$r0
+
+	mul	$t0,$h1,$s1		// h1*5*r1
+	umulh	$t1,$h1,$s1
+
+	adds	$d0,$d0,$t0
+	mul	$t0,$h0,$r1		// h0*r1
+	adc	$d1,$d1,$t1
+	umulh	$d2,$h0,$r1
+
+	adds	$d1,$d1,$t0
+	mul	$t0,$h1,$r0		// h1*r0
+	adc	$d2,$d2,xzr
+	umulh	$t1,$h1,$r0
+
+	adds	$d1,$d1,$t0
+	mul	$t0,$h2,$s1		// h2*5*r1
+	adc	$d2,$d2,$t1
+	mul	$t1,$h2,$r0		// h2*r0
+
+	adds	$d1,$d1,$t0
+	adc	$d2,$d2,$t1
+
+	and	$t0,$d2,#-4		// final reduction
+	and	$h2,$d2,#3
+	add	$t0,$t0,$d2,lsr#2
+	adds	$h0,$d0,$t0
+	adcs	$h1,$d1,xzr
+	adc	$h2,$h2,xzr
+
+	cbnz	$len,.Loop
+
+	stp	$h0,$h1,[$ctx]		// store hash value
+	str	$h2,[$ctx,#16]
+
+.Lno_data:
+	ret
+.size	poly1305_blocks,.-poly1305_blocks
+
+.type	poly1305_emit,%function
+.align	5
+poly1305_emit:
+	ldp	$h0,$h1,[$ctx]		// load hash base 2^64
+	ldr	$h2,[$ctx,#16]
+	ldp	$t0,$t1,[$nonce]	// load nonce
+
+	adds	$d0,$h0,#5		// compare to modulus
+	adcs	$d1,$h1,xzr
+	adc	$d2,$h2,xzr
+
+	tst	$d2,#-4			// see if it's carried/borrowed
+
+	csel	$h0,$h0,$d0,eq
+	csel	$h1,$h1,$d1,eq
+
+#ifdef	__ARMEB__
+	ror	$t0,$t0,#32		// flip nonce words
+	ror	$t1,$t1,#32
+#endif
+	adds	$h0,$h0,$t0		// accumulate nonce
+	adc	$h1,$h1,$t1
+#ifdef	__ARMEB__
+	rev	$h0,$h0			// flip output bytes
+	rev	$h1,$h1
+#endif
+	stp	$h0,$h1,[$mac]		// write result
+
+	ret
+.size	poly1305_emit,.-poly1305_emit
+___
+my ($R0,$R1,$S1,$R2,$S2,$R3,$S3,$R4,$S4) = map("v$_.4s",(0..8));
+my ($IN01_0,$IN01_1,$IN01_2,$IN01_3,$IN01_4) = map("v$_.2s",(9..13));
+my ($IN23_0,$IN23_1,$IN23_2,$IN23_3,$IN23_4) = map("v$_.2s",(14..18));
+my ($ACC0,$ACC1,$ACC2,$ACC3,$ACC4) = map("v$_.2d",(19..23));
+my ($H0,$H1,$H2,$H3,$H4) = map("v$_.2s",(24..28));
+my ($T0,$T1,$MASK) = map("v$_",(29..31));
+
+my ($in2,$zeros)=("x16","x17");
+my $is_base2_26 = $zeros;		# borrow
+
+$code.=<<___;
+.type	poly1305_mult,%function
+.align	5
+poly1305_mult:
+	mul	$d0,$h0,$r0		// h0*r0
+	umulh	$d1,$h0,$r0
+
+	mul	$t0,$h1,$s1		// h1*5*r1
+	umulh	$t1,$h1,$s1
+
+	adds	$d0,$d0,$t0
+	mul	$t0,$h0,$r1		// h0*r1
+	adc	$d1,$d1,$t1
+	umulh	$d2,$h0,$r1
+
+	adds	$d1,$d1,$t0
+	mul	$t0,$h1,$r0		// h1*r0
+	adc	$d2,$d2,xzr
+	umulh	$t1,$h1,$r0
+
+	adds	$d1,$d1,$t0
+	mul	$t0,$h2,$s1		// h2*5*r1
+	adc	$d2,$d2,$t1
+	mul	$t1,$h2,$r0		// h2*r0
+
+	adds	$d1,$d1,$t0
+	adc	$d2,$d2,$t1
+
+	and	$t0,$d2,#-4		// final reduction
+	and	$h2,$d2,#3
+	add	$t0,$t0,$d2,lsr#2
+	adds	$h0,$d0,$t0
+	adcs	$h1,$d1,xzr
+	adc	$h2,$h2,xzr
+
+	ret
+.size	poly1305_mult,.-poly1305_mult
+
+.type	poly1305_splat,%function
+.align	5
+poly1305_splat:
+	and	x12,$h0,#0x03ffffff	// base 2^64 -> base 2^26
+	ubfx	x13,$h0,#26,#26
+	extr	x14,$h1,$h0,#52
+	and	x14,x14,#0x03ffffff
+	ubfx	x15,$h1,#14,#26
+	extr	x16,$h2,$h1,#40
+
+	str	w12,[$ctx,#16*0]	// r0
+	add	w12,w13,w13,lsl#2	// r1*5
+	str	w13,[$ctx,#16*1]	// r1
+	add	w13,w14,w14,lsl#2	// r2*5
+	str	w12,[$ctx,#16*2]	// s1
+	str	w14,[$ctx,#16*3]	// r2
+	add	w14,w15,w15,lsl#2	// r3*5
+	str	w13,[$ctx,#16*4]	// s2
+	str	w15,[$ctx,#16*5]	// r3
+	add	w15,w16,w16,lsl#2	// r4*5
+	str	w14,[$ctx,#16*6]	// s3
+	str	w16,[$ctx,#16*7]	// r4
+	str	w15,[$ctx,#16*8]	// s4
+
+	ret
+.size	poly1305_splat,.-poly1305_splat
+
+.type	poly1305_blocks_neon,%function
+.align	5
+poly1305_blocks_neon:
+	ldr	$is_base2_26,[$ctx,#24]
+	cmp	$len,#128
+	b.hs	.Lblocks_neon
+	cbz	$is_base2_26,poly1305_blocks
+
+.Lblocks_neon:
+	.inst	0xd503233f		// paciasp
+	stp	x29,x30,[sp,#-80]!
+	add	x29,sp,#0
+
+	ands	$len,$len,#-16
+	b.eq	.Lno_data_neon
+
+	cbz	$is_base2_26,.Lbase2_64_neon
+
+	ldp	w10,w11,[$ctx]		// load hash value base 2^26
+	ldp	w12,w13,[$ctx,#8]
+	ldr	w14,[$ctx,#16]
+
+	tst	$len,#31
+	b.eq	.Leven_neon
+
+	ldp	$r0,$r1,[$ctx,#32]	// load key value
+
+	add	$h0,x10,x11,lsl#26	// base 2^26 -> base 2^64
+	lsr	$h1,x12,#12
+	adds	$h0,$h0,x12,lsl#52
+	add	$h1,$h1,x13,lsl#14
+	adc	$h1,$h1,xzr
+	lsr	$h2,x14,#24
+	adds	$h1,$h1,x14,lsl#40
+	adc	$d2,$h2,xzr		// can be partially reduced...
+
+	ldp	$d0,$d1,[$inp],#16	// load input
+	sub	$len,$len,#16
+	add	$s1,$r1,$r1,lsr#2	// s1 = r1 + (r1 >> 2)
+
+	and	$t0,$d2,#-4		// ... so reduce
+	and	$h2,$d2,#3
+	add	$t0,$t0,$d2,lsr#2
+	adds	$h0,$h0,$t0
+	adcs	$h1,$h1,xzr
+	adc	$h2,$h2,xzr
+
+#ifdef	__ARMEB__
+	rev	$d0,$d0
+	rev	$d1,$d1
+#endif
+	adds	$h0,$h0,$d0		// accumulate input
+	adcs	$h1,$h1,$d1
+	adc	$h2,$h2,$padbit
+
+	bl	poly1305_mult
+	ldr	x30,[sp,#8]
+
+	cbz	$padbit,.Lstore_base2_64_neon
+
+	and	x10,$h0,#0x03ffffff	// base 2^64 -> base 2^26
+	ubfx	x11,$h0,#26,#26
+	extr	x12,$h1,$h0,#52
+	and	x12,x12,#0x03ffffff
+	ubfx	x13,$h1,#14,#26
+	extr	x14,$h2,$h1,#40
+
+	cbnz	$len,.Leven_neon
+
+	stp	w10,w11,[$ctx]		// store hash value base 2^26
+	stp	w12,w13,[$ctx,#8]
+	str	w14,[$ctx,#16]
+	b	.Lno_data_neon
+
+.align	4
+.Lstore_base2_64_neon:
+	stp	$h0,$h1,[$ctx]		// store hash value base 2^64
+	stp	$h2,xzr,[$ctx,#16]	// note that is_base2_26 is zeroed
+	b	.Lno_data_neon
+
+.align	4
+.Lbase2_64_neon:
+	ldp	$r0,$r1,[$ctx,#32]	// load key value
+
+	ldp	$h0,$h1,[$ctx]		// load hash value base 2^64
+	ldr	$h2,[$ctx,#16]
+
+	tst	$len,#31
+	b.eq	.Linit_neon
+
+	ldp	$d0,$d1,[$inp],#16	// load input
+	sub	$len,$len,#16
+	add	$s1,$r1,$r1,lsr#2	// s1 = r1 + (r1 >> 2)
+#ifdef	__ARMEB__
+	rev	$d0,$d0
+	rev	$d1,$d1
+#endif
+	adds	$h0,$h0,$d0		// accumulate input
+	adcs	$h1,$h1,$d1
+	adc	$h2,$h2,$padbit
+
+	bl	poly1305_mult
+
+.Linit_neon:
+	and	x10,$h0,#0x03ffffff	// base 2^64 -> base 2^26
+	ubfx	x11,$h0,#26,#26
+	extr	x12,$h1,$h0,#52
+	and	x12,x12,#0x03ffffff
+	ubfx	x13,$h1,#14,#26
+	extr	x14,$h2,$h1,#40
+
+	stp	d8,d9,[sp,#16]		// meet ABI requirements
+	stp	d10,d11,[sp,#32]
+	stp	d12,d13,[sp,#48]
+	stp	d14,d15,[sp,#64]
+
+	fmov	${H0},x10
+	fmov	${H1},x11
+	fmov	${H2},x12
+	fmov	${H3},x13
+	fmov	${H4},x14
+
+	////////////////////////////////// initialize r^n table
+	mov	$h0,$r0			// r^1
+	add	$s1,$r1,$r1,lsr#2	// s1 = r1 + (r1 >> 2)
+	mov	$h1,$r1
+	mov	$h2,xzr
+	add	$ctx,$ctx,#48+12
+	bl	poly1305_splat
+
+	bl	poly1305_mult		// r^2
+	sub	$ctx,$ctx,#4
+	bl	poly1305_splat
+
+	bl	poly1305_mult		// r^3
+	sub	$ctx,$ctx,#4
+	bl	poly1305_splat
+
+	bl	poly1305_mult		// r^4
+	sub	$ctx,$ctx,#4
+	bl	poly1305_splat
+	ldr	x30,[sp,#8]
+
+	add	$in2,$inp,#32
+	adr	$zeros,.Lzeros
+	subs	$len,$len,#64
+	csel	$in2,$zeros,$in2,lo
+
+	mov	x4,#1
+	str	x4,[$ctx,#-24]		// set is_base2_26
+	sub	$ctx,$ctx,#48		// restore original $ctx
+	b	.Ldo_neon
+
+.align	4
+.Leven_neon:
+	add	$in2,$inp,#32
+	adr	$zeros,.Lzeros
+	subs	$len,$len,#64
+	csel	$in2,$zeros,$in2,lo
+
+	stp	d8,d9,[sp,#16]		// meet ABI requirements
+	stp	d10,d11,[sp,#32]
+	stp	d12,d13,[sp,#48]
+	stp	d14,d15,[sp,#64]
+
+	fmov	${H0},x10
+	fmov	${H1},x11
+	fmov	${H2},x12
+	fmov	${H3},x13
+	fmov	${H4},x14
+
+.Ldo_neon:
+	ldp	x8,x12,[$in2],#16	// inp[2:3] (or zero)
+	ldp	x9,x13,[$in2],#48
+
+	lsl	$padbit,$padbit,#24
+	add	x15,$ctx,#48
+
+#ifdef	__ARMEB__
+	rev	x8,x8
+	rev	x12,x12
+	rev	x9,x9
+	rev	x13,x13
+#endif
+	and	x4,x8,#0x03ffffff	// base 2^64 -> base 2^26
+	and	x5,x9,#0x03ffffff
+	ubfx	x6,x8,#26,#26
+	ubfx	x7,x9,#26,#26
+	add	x4,x4,x5,lsl#32		// bfi	x4,x5,#32,#32
+	extr	x8,x12,x8,#52
+	extr	x9,x13,x9,#52
+	add	x6,x6,x7,lsl#32		// bfi	x6,x7,#32,#32
+	fmov	$IN23_0,x4
+	and	x8,x8,#0x03ffffff
+	and	x9,x9,#0x03ffffff
+	ubfx	x10,x12,#14,#26
+	ubfx	x11,x13,#14,#26
+	add	x12,$padbit,x12,lsr#40
+	add	x13,$padbit,x13,lsr#40
+	add	x8,x8,x9,lsl#32		// bfi	x8,x9,#32,#32
+	fmov	$IN23_1,x6
+	add	x10,x10,x11,lsl#32	// bfi	x10,x11,#32,#32
+	add	x12,x12,x13,lsl#32	// bfi	x12,x13,#32,#32
+	fmov	$IN23_2,x8
+	fmov	$IN23_3,x10
+	fmov	$IN23_4,x12
+
+	ldp	x8,x12,[$inp],#16	// inp[0:1]
+	ldp	x9,x13,[$inp],#48
+
+	ld1	{$R0,$R1,$S1,$R2},[x15],#64
+	ld1	{$S2,$R3,$S3,$R4},[x15],#64
+	ld1	{$S4},[x15]
+
+#ifdef	__ARMEB__
+	rev	x8,x8
+	rev	x12,x12
+	rev	x9,x9
+	rev	x13,x13
+#endif
+	and	x4,x8,#0x03ffffff	// base 2^64 -> base 2^26
+	and	x5,x9,#0x03ffffff
+	ubfx	x6,x8,#26,#26
+	ubfx	x7,x9,#26,#26
+	add	x4,x4,x5,lsl#32		// bfi	x4,x5,#32,#32
+	extr	x8,x12,x8,#52
+	extr	x9,x13,x9,#52
+	add	x6,x6,x7,lsl#32		// bfi	x6,x7,#32,#32
+	fmov	$IN01_0,x4
+	and	x8,x8,#0x03ffffff
+	and	x9,x9,#0x03ffffff
+	ubfx	x10,x12,#14,#26
+	ubfx	x11,x13,#14,#26
+	add	x12,$padbit,x12,lsr#40
+	add	x13,$padbit,x13,lsr#40
+	add	x8,x8,x9,lsl#32		// bfi	x8,x9,#32,#32
+	fmov	$IN01_1,x6
+	add	x10,x10,x11,lsl#32	// bfi	x10,x11,#32,#32
+	add	x12,x12,x13,lsl#32	// bfi	x12,x13,#32,#32
+	movi	$MASK.2d,#-1
+	fmov	$IN01_2,x8
+	fmov	$IN01_3,x10
+	fmov	$IN01_4,x12
+	ushr	$MASK.2d,$MASK.2d,#38
+
+	b.ls	.Lskip_loop
+
+.align	4
+.Loop_neon:
+	////////////////////////////////////////////////////////////////
+	// ((inp[0]*r^4+inp[2]*r^2+inp[4])*r^4+inp[6]*r^2
+	// ((inp[1]*r^4+inp[3]*r^2+inp[5])*r^3+inp[7]*r
+	//   \___________________/
+	// ((inp[0]*r^4+inp[2]*r^2+inp[4])*r^4+inp[6]*r^2+inp[8])*r^2
+	// ((inp[1]*r^4+inp[3]*r^2+inp[5])*r^4+inp[7]*r^2+inp[9])*r
+	//   \___________________/ \____________________/
+	//
+	// Note that we start with inp[2:3]*r^2. This is because it
+	// doesn't depend on reduction in previous iteration.
+	////////////////////////////////////////////////////////////////
+	// d4 = h0*r4 + h1*r3   + h2*r2   + h3*r1   + h4*r0
+	// d3 = h0*r3 + h1*r2   + h2*r1   + h3*r0   + h4*5*r4
+	// d2 = h0*r2 + h1*r1   + h2*r0   + h3*5*r4 + h4*5*r3
+	// d1 = h0*r1 + h1*r0   + h2*5*r4 + h3*5*r3 + h4*5*r2
+	// d0 = h0*r0 + h1*5*r4 + h2*5*r3 + h3*5*r2 + h4*5*r1
+
+	subs	$len,$len,#64
+	umull	$ACC4,$IN23_0,${R4}[2]
+	csel	$in2,$zeros,$in2,lo
+	umull	$ACC3,$IN23_0,${R3}[2]
+	umull	$ACC2,$IN23_0,${R2}[2]
+	 ldp	x8,x12,[$in2],#16	// inp[2:3] (or zero)
+	umull	$ACC1,$IN23_0,${R1}[2]
+	 ldp	x9,x13,[$in2],#48
+	umull	$ACC0,$IN23_0,${R0}[2]
+#ifdef	__ARMEB__
+	 rev	x8,x8
+	 rev	x12,x12
+	 rev	x9,x9
+	 rev	x13,x13
+#endif
+
+	umlal	$ACC4,$IN23_1,${R3}[2]
+	 and	x4,x8,#0x03ffffff	// base 2^64 -> base 2^26
+	umlal	$ACC3,$IN23_1,${R2}[2]
+	 and	x5,x9,#0x03ffffff
+	umlal	$ACC2,$IN23_1,${R1}[2]
+	 ubfx	x6,x8,#26,#26
+	umlal	$ACC1,$IN23_1,${R0}[2]
+	 ubfx	x7,x9,#26,#26
+	umlal	$ACC0,$IN23_1,${S4}[2]
+	 add	x4,x4,x5,lsl#32		// bfi	x4,x5,#32,#32
+
+	umlal	$ACC4,$IN23_2,${R2}[2]
+	 extr	x8,x12,x8,#52
+	umlal	$ACC3,$IN23_2,${R1}[2]
+	 extr	x9,x13,x9,#52
+	umlal	$ACC2,$IN23_2,${R0}[2]
+	 add	x6,x6,x7,lsl#32		// bfi	x6,x7,#32,#32
+	umlal	$ACC1,$IN23_2,${S4}[2]
+	 fmov	$IN23_0,x4
+	umlal	$ACC0,$IN23_2,${S3}[2]
+	 and	x8,x8,#0x03ffffff
+
+	umlal	$ACC4,$IN23_3,${R1}[2]
+	 and	x9,x9,#0x03ffffff
+	umlal	$ACC3,$IN23_3,${R0}[2]
+	 ubfx	x10,x12,#14,#26
+	umlal	$ACC2,$IN23_3,${S4}[2]
+	 ubfx	x11,x13,#14,#26
+	umlal	$ACC1,$IN23_3,${S3}[2]
+	 add	x8,x8,x9,lsl#32		// bfi	x8,x9,#32,#32
+	umlal	$ACC0,$IN23_3,${S2}[2]
+	 fmov	$IN23_1,x6
+
+	add	$IN01_2,$IN01_2,$H2
+	 add	x12,$padbit,x12,lsr#40
+	umlal	$ACC4,$IN23_4,${R0}[2]
+	 add	x13,$padbit,x13,lsr#40
+	umlal	$ACC3,$IN23_4,${S4}[2]
+	 add	x10,x10,x11,lsl#32	// bfi	x10,x11,#32,#32
+	umlal	$ACC2,$IN23_4,${S3}[2]
+	 add	x12,x12,x13,lsl#32	// bfi	x12,x13,#32,#32
+	umlal	$ACC1,$IN23_4,${S2}[2]
+	 fmov	$IN23_2,x8
+	umlal	$ACC0,$IN23_4,${S1}[2]
+	 fmov	$IN23_3,x10
+
+	////////////////////////////////////////////////////////////////
+	// (hash+inp[0:1])*r^4 and accumulate
+
+	add	$IN01_0,$IN01_0,$H0
+	 fmov	$IN23_4,x12
+	umlal	$ACC3,$IN01_2,${R1}[0]
+	 ldp	x8,x12,[$inp],#16	// inp[0:1]
+	umlal	$ACC0,$IN01_2,${S3}[0]
+	 ldp	x9,x13,[$inp],#48
+	umlal	$ACC4,$IN01_2,${R2}[0]
+	umlal	$ACC1,$IN01_2,${S4}[0]
+	umlal	$ACC2,$IN01_2,${R0}[0]
+#ifdef	__ARMEB__
+	 rev	x8,x8
+	 rev	x12,x12
+	 rev	x9,x9
+	 rev	x13,x13
+#endif
+
+	add	$IN01_1,$IN01_1,$H1
+	umlal	$ACC3,$IN01_0,${R3}[0]
+	umlal	$ACC4,$IN01_0,${R4}[0]
+	 and	x4,x8,#0x03ffffff	// base 2^64 -> base 2^26
+	umlal	$ACC2,$IN01_0,${R2}[0]
+	 and	x5,x9,#0x03ffffff
+	umlal	$ACC0,$IN01_0,${R0}[0]
+	 ubfx	x6,x8,#26,#26
+	umlal	$ACC1,$IN01_0,${R1}[0]
+	 ubfx	x7,x9,#26,#26
+
+	add	$IN01_3,$IN01_3,$H3
+	 add	x4,x4,x5,lsl#32		// bfi	x4,x5,#32,#32
+	umlal	$ACC3,$IN01_1,${R2}[0]
+	 extr	x8,x12,x8,#52
+	umlal	$ACC4,$IN01_1,${R3}[0]
+	 extr	x9,x13,x9,#52
+	umlal	$ACC0,$IN01_1,${S4}[0]
+	 add	x6,x6,x7,lsl#32		// bfi	x6,x7,#32,#32
+	umlal	$ACC2,$IN01_1,${R1}[0]
+	 fmov	$IN01_0,x4
+	umlal	$ACC1,$IN01_1,${R0}[0]
+	 and	x8,x8,#0x03ffffff
+
+	add	$IN01_4,$IN01_4,$H4
+	 and	x9,x9,#0x03ffffff
+	umlal	$ACC3,$IN01_3,${R0}[0]
+	 ubfx	x10,x12,#14,#26
+	umlal	$ACC0,$IN01_3,${S2}[0]
+	 ubfx	x11,x13,#14,#26
+	umlal	$ACC4,$IN01_3,${R1}[0]
+	 add	x8,x8,x9,lsl#32		// bfi	x8,x9,#32,#32
+	umlal	$ACC1,$IN01_3,${S3}[0]
+	 fmov	$IN01_1,x6
+	umlal	$ACC2,$IN01_3,${S4}[0]
+	 add	x12,$padbit,x12,lsr#40
+
+	umlal	$ACC3,$IN01_4,${S4}[0]
+	 add	x13,$padbit,x13,lsr#40
+	umlal	$ACC0,$IN01_4,${S1}[0]
+	 add	x10,x10,x11,lsl#32	// bfi	x10,x11,#32,#32
+	umlal	$ACC4,$IN01_4,${R0}[0]
+	 add	x12,x12,x13,lsl#32	// bfi	x12,x13,#32,#32
+	umlal	$ACC1,$IN01_4,${S2}[0]
+	 fmov	$IN01_2,x8
+	umlal	$ACC2,$IN01_4,${S3}[0]
+	 fmov	$IN01_3,x10
+	 fmov	$IN01_4,x12
+
+	/////////////////////////////////////////////////////////////////
+	// lazy reduction as discussed in "NEON crypto" by D.J. Bernstein
+	// and P. Schwabe
+	//
+	// [see discussion in poly1305-armv4 module]
+
+	ushr	$T0.2d,$ACC3,#26
+	xtn	$H3,$ACC3
+	 ushr	$T1.2d,$ACC0,#26
+	 and	$ACC0,$ACC0,$MASK.2d
+	add	$ACC4,$ACC4,$T0.2d	// h3 -> h4
+	bic	$H3,#0xfc,lsl#24	// &=0x03ffffff
+	 add	$ACC1,$ACC1,$T1.2d	// h0 -> h1
+
+	ushr	$T0.2d,$ACC4,#26
+	xtn	$H4,$ACC4
+	 ushr	$T1.2d,$ACC1,#26
+	 xtn	$H1,$ACC1
+	bic	$H4,#0xfc,lsl#24
+	 add	$ACC2,$ACC2,$T1.2d	// h1 -> h2
+
+	add	$ACC0,$ACC0,$T0.2d
+	shl	$T0.2d,$T0.2d,#2
+	 shrn	$T1.2s,$ACC2,#26
+	 xtn	$H2,$ACC2
+	add	$ACC0,$ACC0,$T0.2d	// h4 -> h0
+	 bic	$H1,#0xfc,lsl#24
+	 add	$H3,$H3,$T1.2s		// h2 -> h3
+	 bic	$H2,#0xfc,lsl#24
+
+	shrn	$T0.2s,$ACC0,#26
+	xtn	$H0,$ACC0
+	 ushr	$T1.2s,$H3,#26
+	 bic	$H3,#0xfc,lsl#24
+	 bic	$H0,#0xfc,lsl#24
+	add	$H1,$H1,$T0.2s		// h0 -> h1
+	 add	$H4,$H4,$T1.2s		// h3 -> h4
+
+	b.hi	.Loop_neon
+
+.Lskip_loop:
+	dup	$IN23_2,${IN23_2}[0]
+	add	$IN01_2,$IN01_2,$H2
+
+	////////////////////////////////////////////////////////////////
+	// multiply (inp[0:1]+hash) or inp[2:3] by r^2:r^1
+
+	adds	$len,$len,#32
+	b.ne	.Long_tail
+
+	dup	$IN23_2,${IN01_2}[0]
+	add	$IN23_0,$IN01_0,$H0
+	add	$IN23_3,$IN01_3,$H3
+	add	$IN23_1,$IN01_1,$H1
+	add	$IN23_4,$IN01_4,$H4
+
+.Long_tail:
+	dup	$IN23_0,${IN23_0}[0]
+	umull2	$ACC0,$IN23_2,${S3}
+	umull2	$ACC3,$IN23_2,${R1}
+	umull2	$ACC4,$IN23_2,${R2}
+	umull2	$ACC2,$IN23_2,${R0}
+	umull2	$ACC1,$IN23_2,${S4}
+
+	dup	$IN23_1,${IN23_1}[0]
+	umlal2	$ACC0,$IN23_0,${R0}
+	umlal2	$ACC2,$IN23_0,${R2}
+	umlal2	$ACC3,$IN23_0,${R3}
+	umlal2	$ACC4,$IN23_0,${R4}
+	umlal2	$ACC1,$IN23_0,${R1}
+
+	dup	$IN23_3,${IN23_3}[0]
+	umlal2	$ACC0,$IN23_1,${S4}
+	umlal2	$ACC3,$IN23_1,${R2}
+	umlal2	$ACC2,$IN23_1,${R1}
+	umlal2	$ACC4,$IN23_1,${R3}
+	umlal2	$ACC1,$IN23_1,${R0}
+
+	dup	$IN23_4,${IN23_4}[0]
+	umlal2	$ACC3,$IN23_3,${R0}
+	umlal2	$ACC4,$IN23_3,${R1}
+	umlal2	$ACC0,$IN23_3,${S2}
+	umlal2	$ACC1,$IN23_3,${S3}
+	umlal2	$ACC2,$IN23_3,${S4}
+
+	umlal2	$ACC3,$IN23_4,${S4}
+	umlal2	$ACC0,$IN23_4,${S1}
+	umlal2	$ACC4,$IN23_4,${R0}
+	umlal2	$ACC1,$IN23_4,${S2}
+	umlal2	$ACC2,$IN23_4,${S3}
+
+	b.eq	.Lshort_tail
+
+	////////////////////////////////////////////////////////////////
+	// (hash+inp[0:1])*r^4:r^3 and accumulate
+
+	add	$IN01_0,$IN01_0,$H0
+	umlal	$ACC3,$IN01_2,${R1}
+	umlal	$ACC0,$IN01_2,${S3}
+	umlal	$ACC4,$IN01_2,${R2}
+	umlal	$ACC1,$IN01_2,${S4}
+	umlal	$ACC2,$IN01_2,${R0}
+
+	add	$IN01_1,$IN01_1,$H1
+	umlal	$ACC3,$IN01_0,${R3}
+	umlal	$ACC0,$IN01_0,${R0}
+	umlal	$ACC4,$IN01_0,${R4}
+	umlal	$ACC1,$IN01_0,${R1}
+	umlal	$ACC2,$IN01_0,${R2}
+
+	add	$IN01_3,$IN01_3,$H3
+	umlal	$ACC3,$IN01_1,${R2}
+	umlal	$ACC0,$IN01_1,${S4}
+	umlal	$ACC4,$IN01_1,${R3}
+	umlal	$ACC1,$IN01_1,${R0}
+	umlal	$ACC2,$IN01_1,${R1}
+
+	add	$IN01_4,$IN01_4,$H4
+	umlal	$ACC3,$IN01_3,${R0}
+	umlal	$ACC0,$IN01_3,${S2}
+	umlal	$ACC4,$IN01_3,${R1}
+	umlal	$ACC1,$IN01_3,${S3}
+	umlal	$ACC2,$IN01_3,${S4}
+
+	umlal	$ACC3,$IN01_4,${S4}
+	umlal	$ACC0,$IN01_4,${S1}
+	umlal	$ACC4,$IN01_4,${R0}
+	umlal	$ACC1,$IN01_4,${S2}
+	umlal	$ACC2,$IN01_4,${S3}
+
+.Lshort_tail:
+	////////////////////////////////////////////////////////////////
+	// horizontal add
+
+	addp	$ACC3,$ACC3,$ACC3
+	 ldp	d8,d9,[sp,#16]		// meet ABI requirements
+	addp	$ACC0,$ACC0,$ACC0
+	 ldp	d10,d11,[sp,#32]
+	addp	$ACC4,$ACC4,$ACC4
+	 ldp	d12,d13,[sp,#48]
+	addp	$ACC1,$ACC1,$ACC1
+	 ldp	d14,d15,[sp,#64]
+	addp	$ACC2,$ACC2,$ACC2
+
+	////////////////////////////////////////////////////////////////
+	// lazy reduction, but without narrowing
+
+	ushr	$T0.2d,$ACC3,#26
+	and	$ACC3,$ACC3,$MASK.2d
+	 ushr	$T1.2d,$ACC0,#26
+	 and	$ACC0,$ACC0,$MASK.2d
+
+	add	$ACC4,$ACC4,$T0.2d	// h3 -> h4
+	 add	$ACC1,$ACC1,$T1.2d	// h0 -> h1
+
+	ushr	$T0.2d,$ACC4,#26
+	and	$ACC4,$ACC4,$MASK.2d
+	 ushr	$T1.2d,$ACC1,#26
+	 and	$ACC1,$ACC1,$MASK.2d
+	 add	$ACC2,$ACC2,$T1.2d	// h1 -> h2
+
+	add	$ACC0,$ACC0,$T0.2d
+	shl	$T0.2d,$T0.2d,#2
+	 ushr	$T1.2d,$ACC2,#26
+	 and	$ACC2,$ACC2,$MASK.2d
+	add	$ACC0,$ACC0,$T0.2d	// h4 -> h0
+	 add	$ACC3,$ACC3,$T1.2d	// h2 -> h3
+
+	ushr	$T0.2d,$ACC0,#26
+	and	$ACC0,$ACC0,$MASK.2d
+	 ushr	$T1.2d,$ACC3,#26
+	 and	$ACC3,$ACC3,$MASK.2d
+	add	$ACC1,$ACC1,$T0.2d	// h0 -> h1
+	 add	$ACC4,$ACC4,$T1.2d	// h3 -> h4
+
+	////////////////////////////////////////////////////////////////
+	// write the result, can be partially reduced
+
+	st4	{$ACC0,$ACC1,$ACC2,$ACC3}[0],[$ctx],#16
+	st1	{$ACC4}[0],[$ctx]
+
+.Lno_data_neon:
+	.inst	0xd50323bf		// autiasp
+	ldr	x29,[sp],#80
+	ret
+.size	poly1305_blocks_neon,.-poly1305_blocks_neon
+
+.type	poly1305_emit_neon,%function
+.align	5
+poly1305_emit_neon:
+	ldr	$is_base2_26,[$ctx,#24]
+	cbz	$is_base2_26,poly1305_emit
+
+	ldp	w10,w11,[$ctx]		// load hash value base 2^26
+	ldp	w12,w13,[$ctx,#8]
+	ldr	w14,[$ctx,#16]
+
+	add	$h0,x10,x11,lsl#26	// base 2^26 -> base 2^64
+	lsr	$h1,x12,#12
+	adds	$h0,$h0,x12,lsl#52
+	add	$h1,$h1,x13,lsl#14
+	adc	$h1,$h1,xzr
+	lsr	$h2,x14,#24
+	adds	$h1,$h1,x14,lsl#40
+	adc	$h2,$h2,xzr		// can be partially reduced...
+
+	ldp	$t0,$t1,[$nonce]	// load nonce
+
+	and	$d0,$h2,#-4		// ... so reduce
+	add	$d0,$d0,$h2,lsr#2
+	and	$h2,$h2,#3
+	adds	$h0,$h0,$d0
+	adcs	$h1,$h1,xzr
+	adc	$h2,$h2,xzr
+
+	adds	$d0,$h0,#5		// compare to modulus
+	adcs	$d1,$h1,xzr
+	adc	$d2,$h2,xzr
+
+	tst	$d2,#-4			// see if it's carried/borrowed
+
+	csel	$h0,$h0,$d0,eq
+	csel	$h1,$h1,$d1,eq
+
+#ifdef	__ARMEB__
+	ror	$t0,$t0,#32		// flip nonce words
+	ror	$t1,$t1,#32
+#endif
+	adds	$h0,$h0,$t0		// accumulate nonce
+	adc	$h1,$h1,$t1
+#ifdef	__ARMEB__
+	rev	$h0,$h0			// flip output bytes
+	rev	$h1,$h1
+#endif
+	stp	$h0,$h1,[$mac]		// write result
+
+	ret
+.size	poly1305_emit_neon,.-poly1305_emit_neon
+
+.align	5
+.Lzeros:
+.long	0,0,0,0,0,0,0,0
+.LOPENSSL_armcap_P:
+#ifdef	__ILP32__
+.long	OPENSSL_armcap_P-.
+#else
+.quad	OPENSSL_armcap_P-.
+#endif
+.asciz	"Poly1305 for ARMv8, CRYPTOGAMS by <appro\@openssl.org>"
+.align	2
+___
+
+foreach (split("\n",$code)) {
+	s/\b(shrn\s+v[0-9]+)\.[24]d/$1.2s/			or
+	s/\b(fmov\s+)v([0-9]+)[^,]*,\s*x([0-9]+)/$1d$2,x$3/	or
+	(m/\bdup\b/ and (s/\.[24]s/.2d/g or 1))			or
+	(m/\b(eor|and)/ and (s/\.[248][sdh]/.16b/g or 1))	or
+	(m/\bum(ul|la)l\b/ and (s/\.4s/.2s/g or 1))		or
+	(m/\bum(ul|la)l2\b/ and (s/\.2s/.4s/g or 1))		or
+	(m/\bst[1-4]\s+{[^}]+}\[/ and (s/\.[24]d/.s/g or 1));
+
+	s/\.[124]([sd])\[/.$1\[/;
+
+	print $_,"\n";
+}
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-c64xplus.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-c64xplus.pl
new file mode 100755
index 000000000..93fef37e6
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-c64xplus.pl
@@ -0,0 +1,331 @@
+#! /usr/bin/env perl
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# Poly1305 hash for C64x+.
+#
+# October 2015
+#
+# Performance is [incredible for a 32-bit processor] 1.82 cycles per
+# processed byte. Comparison to compiler-generated code is problematic,
+# because results were observed to vary from 2.1 to 7.6 cpb depending
+# on compiler's ability to inline small functions. Compiler also
+# disables interrupts for some reason, thus making interrupt response
+# time dependent on input length. This module on the other hand is free
+# from such limitation.
+
+$output=pop;
+open STDOUT,">$output";
+
+($CTXA,$INPB,$LEN,$PADBIT)=("A4","B4","A6","B6");
+($H0,$H1,$H2,$H3,$H4,$H4a)=("A8","B8","A10","B10","B2",$LEN);
+($D0,$D1,$D2,$D3)=         ("A9","B9","A11","B11");
+($R0,$R1,$R2,$R3,$S1,$S2,$S3,$S3b)=("A0","B0","A1","B1","A12","B12","A13","B13");
+($THREE,$R0b,$S2a)=("B7","B5","A5");
+
+$code.=<<___;
+	.text
+
+	.if	.ASSEMBLER_VERSION<7000000
+	.asg	0,__TI_EABI__
+	.endif
+	.if	__TI_EABI__
+	.asg	poly1305_init,_poly1305_init
+	.asg	poly1305_blocks,_poly1305_blocks
+	.asg	poly1305_emit,_poly1305_emit
+	.endif
+
+	.asg	B3,RA
+	.asg	A15,FP
+	.asg	B15,SP
+
+	.if	.LITTLE_ENDIAN
+	.asg	MV,SWAP2
+	.asg	MV.L,SWAP4
+	.endif
+
+	.global	_poly1305_init
+_poly1305_init:
+	.asmfunc
+	LDNDW	*${INPB}[0],B17:B16	; load key material
+	LDNDW	*${INPB}[1],A17:A16
+
+||	ZERO	B9:B8
+||	MVK	-1,B0
+	STDW	B9:B8,*${CTXA}[0]	; initialize h1:h0
+||	SHRU	B0,4,B0			; 0x0fffffff
+||	MVK	-4,B1
+	STDW	B9:B8,*${CTXA}[1]	; initialize h3:h2
+||	AND	B0,B1,B1		; 0x0ffffffc
+	STW	B8,*${CTXA}[4]		; initialize h4
+
+	.if	.BIG_ENDIAN
+	SWAP2	B16,B17
+||	SWAP2	B17,B16
+	SWAP2	A16,A17
+||	SWAP2	A17,A16
+	SWAP4	B16,B16
+||	SWAP4	A16,A16
+	SWAP4	B17,B17
+||	SWAP4	A17,A17
+	.endif
+
+	AND	B16,B0,B20		; r0 = key[0] & 0x0fffffff
+||	AND	B17,B1,B22		; r1 = key[1] & 0x0ffffffc
+||	EXTU	B17,4,6,B16		; r1>>2
+	AND	A16,B1,B21		; r2 = key[2] & 0x0ffffffc
+||	AND	A17,B1,A23		; r3 = key[3] & 0x0ffffffc
+||	BNOP	RA
+	SHRU	B21,2,B18
+||	ADD	B22,B16,B16		; s1 = r1 + r1>>2
+
+	STDW	B21:B20,*${CTXA}[3]	; save r2:r0
+||	ADD	B21,B18,B18		; s2 = r2 + r2>>2
+||	SHRU	A23,2,B17
+||	MV	A23,B23
+	STDW	B23:B22,*${CTXA}[4]	; save r3:r1
+||	ADD	B23,B17,B19		; s3 = r3 + r3>>2
+||	ADD	B23,B17,B17		; s3 = r3 + r3>>2
+	STDW	B17:B16,*${CTXA}[5]	; save s3:s1
+	STDW	B19:B18,*${CTXA}[6]	; save s3:s2
+||	ZERO	A4			; return 0
+	.endasmfunc
+
+	.global	_poly1305_blocks
+	.align	32
+_poly1305_blocks:
+	.asmfunc	stack_usage(40)
+	SHRU	$LEN,4,A2		; A2 is loop counter, number of blocks
+  [!A2]	BNOP	RA			; no data
+|| [A2]	STW	FP,*SP--(40)		; save frame pointer and alloca(40)
+|| [A2]	MV	SP,FP
+   [A2]	STDW	B13:B12,*SP[4]		; ABI says so
+|| [A2]	MV	$CTXA,$S3b		; borrow $S3b
+   [A2]	STDW	B11:B10,*SP[3]
+|| [A2]	STDW	A13:A12,*FP[-3]
+   [A2]	STDW	A11:A10,*FP[-4]
+
+|| [A2]	LDDW	*${S3b}[0],B25:B24	; load h1:h0
+   [A2]	LDNW	*${INPB}++[4],$D0	; load inp[0]
+   [A2]	LDNW	*${INPB}[-3],$D1	; load inp[1]
+
+	LDDW	*${CTXA}[1],B29:B28	; load h3:h2, B28 is h2
+	LDNW	*${INPB}[-2],$D2	; load inp[2]
+	LDNW	*${INPB}[-1],$D3	; load inp[3]
+
+	LDDW	*${CTXA}[3],$R2:$R0	; load r2:r0
+||	LDDW	*${S3b}[4],$R3:$R1	; load r3:r1
+||	SWAP2	$D0,$D0
+
+	LDDW	*${CTXA}[5],$S3:$S1	; load s3:s1
+||	LDDW	*${S3b}[6],$S3b:$S2	; load s3:s2
+||	SWAP4	$D0,$D0
+||	SWAP2	$D1,$D1
+
+	ADDU	$D0,B24,$D0:$H0		; h0+=inp[0]
+||	ADD	$D0,B24,B27		; B-copy of h0+inp[0]
+||	SWAP4	$D1,$D1
+	ADDU	$D1,B25,$D1:$H1		; h1+=inp[1]
+||	MVK	3,$THREE
+||	SWAP2	$D2,$D2
+	LDW	*${CTXA}[4],$H4		; load h4
+||	SWAP4	$D2,$D2
+||	MV	B29,B30			; B30 is h3
+	MV	$R0,$R0b
+
+loop?:
+	MPY32U	$H0,$R0,A17:A16
+||	MPY32U	B27,$R1,B17:B16		; MPY32U	$H0,$R1,B17:B16
+||	ADDU	$D0,$D1:$H1,B25:B24	; ADDU		$D0,$D1:$H1,$D1:$H1
+||	ADDU	$D2,B28,$D2:$H2		; h2+=inp[2]
+||	SWAP2	$D3,$D3
+	MPY32U	$H0,$R2,A19:A18
+||	MPY32U	B27,$R3,B19:B18		; MPY32U	$H0,$R3,B19:B18
+||	ADD	$D0,$H1,A24		; A-copy of B24
+||	SWAP4	$D3,$D3
+|| [A2]	SUB	A2,1,A2			; decrement loop counter
+
+	MPY32U	A24,$S3,A21:A20		; MPY32U	$H1,$S3,A21:A20
+||	MPY32U	B24,$R0b,B21:B20	; MPY32U	$H1,$R0,B21:B20
+||	ADDU	B25,$D2:$H2,$D2:$H2	; ADDU		$D1,$D2:$H2,$D2:$H2
+||	ADDU	$D3,B30,$D3:$H3		; h3+=inp[3]
+||	ADD	B25,$H2,B25		; B-copy of $H2
+	MPY32U	A24,$R1,A23:A22		; MPY32U	$H1,$R1,A23:A22
+||	MPY32U	B24,$R2,B23:B22		; MPY32U	$H1,$R2,B23:B22
+
+	MPY32U	$H2,$S2,A25:A24
+||	MPY32U	B25,$S3b,B25:B24	; MPY32U	$H2,$S3,B25:B24
+||	ADDU	$D2,$D3:$H3,$D3:$H3
+||	ADD	$PADBIT,$H4,$H4		; h4+=padbit
+	MPY32U	$H2,$R0,A27:A26
+||	MPY32U	$H2,$R1,B27:B26
+||	ADD	$D3,$H4,$H4
+||	MV	$S2,$S2a
+
+	MPY32U	$H3,$S1,A29:A28
+||	MPY32U	$H3,$S2,B29:B28
+||	ADD	A21,A17,A21		; start accumulating "d3:d0"
+||	ADD	B21,B17,B21
+||	ADDU	A20,A16,A17:A16
+||	ADDU	B20,B16,B17:B16
+|| [A2]	LDNW	*${INPB}++[4],$D0	; load inp[0]
+	MPY32U	$H3,$S3,A31:A30
+||	MPY32U	$H3,$R0b,B31:B30
+||	ADD	A23,A19,A23
+||	ADD	B23,B19,B23
+||	ADDU	A22,A18,A19:A18
+||	ADDU	B22,B18,B19:B18
+|| [A2]	LDNW	*${INPB}[-3],$D1	; load inp[1]
+
+	MPY32	$H4,$S1,B20
+||	MPY32	$H4,$S2a,A20
+||	ADD	A25,A21,A21
+||	ADD	B25,B21,B21
+||	ADDU	A24,A17:A16,A17:A16
+||	ADDU	B24,B17:B16,B17:B16
+|| [A2]	LDNW	*${INPB}[-2],$D2	; load inp[2]
+	MPY32	$H4,$S3b,B22
+||	ADD	A27,A23,A23
+||	ADD	B27,B23,B23
+||	ADDU	A26,A19:A18,A19:A18
+||	ADDU	B26,B19:B18,B19:B18
+|| [A2]	LDNW	*${INPB}[-1],$D3	; load inp[3]
+
+	MPY32	$H4,$R0b,$H4
+||	ADD	A29,A21,A21		; final hi("d0")
+||	ADD	B29,B21,B21		; final hi("d1")
+||	ADDU	A28,A17:A16,A17:A16	; final lo("d0")
+||	ADDU	B28,B17:B16,B17:B16
+	ADD	A31,A23,A23		; final hi("d2")
+||	ADD	B31,B23,B23		; final hi("d3")
+||	ADDU	A30,A19:A18,A19:A18
+||	ADDU	B30,B19:B18,B19:B18
+	ADDU	B20,B17:B16,B17:B16	; final lo("d1")
+||	ADDU	A20,A19:A18,A19:A18	; final lo("d2")
+	ADDU	B22,B19:B18,B19:B18	; final lo("d3")
+
+||	ADD	A17,A21,A21		; "flatten" "d3:d0"
+	MV	A19,B29			; move to avoid cross-path stalls
+	ADDU	A21,B17:B16,B27:B26	; B26 is h1
+	ADD	B21,B27,B27
+||	DMV	B29,A18,B29:B28		; move to avoid cross-path stalls
+	ADDU	B27,B29:B28,B29:B28	; B28 is h2
+|| [A2]	SWAP2	$D0,$D0
+	ADD	A23,B29,B29
+|| [A2]	SWAP4	$D0,$D0
+	ADDU	B29,B19:B18,B31:B30	; B30 is h3
+	ADD	B23,B31,B31
+||	MV	A16,B24			; B24 is h0
+|| [A2]	SWAP2	$D1,$D1
+	ADD	B31,$H4,$H4
+|| [A2]	SWAP4	$D1,$D1
+
+	SHRU	$H4,2,B16		; last reduction step
+||	AND	$H4,$THREE,$H4
+	ADDAW	B16,B16,B16		; 5*(h4>>2)
+|| [A2]	BNOP	loop?
+
+	ADDU	B24,B16,B25:B24		; B24 is h0
+|| [A2]	SWAP2	$D2,$D2
+	ADDU	B26,B25,B27:B26		; B26 is h1
+|| [A2]	SWAP4	$D2,$D2
+	ADDU	B28,B27,B29:B28		; B28 is h2
+|| [A2]	ADDU	$D0,B24,$D0:$H0		; h0+=inp[0]
+|| [A2]	ADD	$D0,B24,B27		; B-copy of h0+inp[0]
+	ADDU	B30,B29,B31:B30		; B30 is h3
+	ADD	B31,$H4,$H4
+|| [A2]	ADDU	$D1,B26,$D1:$H1		; h1+=inp[1]
+;;===== branch to loop? is taken here
+
+	LDDW	*FP[-4],A11:A10		; ABI says so
+	LDDW	*FP[-3],A13:A12
+||	LDDW	*SP[3],B11:B10
+	LDDW	*SP[4],B13:B12
+||	MV	B26,B25
+||	BNOP	RA
+	LDW	*++SP(40),FP		; restore frame pointer
+||	MV	B30,B29
+	STDW	B25:B24,*${CTXA}[0]	; save h1:h0
+	STDW	B29:B28,*${CTXA}[1]	; save h3:h2
+	STW	$H4,*${CTXA}[4]		; save h4
+	NOP	1
+	.endasmfunc
+___
+{
+my ($MAC,$NONCEA,$NONCEB)=($INPB,$LEN,$PADBIT);
+
+$code.=<<___;
+	.global	_poly1305_emit
+	.align	32
+_poly1305_emit:
+	.asmfunc
+	LDDW	*${CTXA}[0],A17:A16	; load h1:h0
+	LDDW	*${CTXA}[1],A19:A18	; load h3:h2
+	LDW	*${CTXA}[4],A20		; load h4
+	MV	$NONCEA,$NONCEB
+
+	MVK	5,A22			; compare to modulus
+	ADDU	A16,A22,A23:A22
+||	LDW	*${NONCEA}[0],A8
+||	LDW	*${NONCEB}[1],B8
+	ADDU	A17,A23,A25:A24
+||	LDW	*${NONCEA}[2],A9
+||	LDW	*${NONCEB}[3],B9
+	ADDU	A19,A25,A27:A26
+	ADDU	A19,A27,A29:A28
+	ADD	A20,A29,A29
+
+	SHRU	A29,2,A2		; check for overflow in 130-th bit
+
+   [A2]	MV	A22,A16			; select
+|| [A2]	MV	A24,A17
+   [A2]	MV	A26,A18
+|| [A2]	MV	A28,A19
+
+||	ADDU	A8,A16,A23:A22		; accumulate nonce
+	ADDU	B8,A17,A25:A24
+||	SWAP2	A22,A22
+	ADDU	A23,A25:A24,A25:A24
+	ADDU	A9,A18,A27:A26
+||	SWAP2	A24,A24
+	ADDU	A25,A27:A26,A27:A26
+||	ADD	B9,A19,A28
+	ADD	A27,A28,A28
+||	SWAP2	A26,A26
+
+	.if	.BIG_ENDIAN
+	SWAP2	A28,A28
+||	SWAP4	A22,A22
+||	SWAP4	A24,B24
+	SWAP4	A26,A26
+	SWAP4	A28,A28
+||	MV	B24,A24
+	.endif
+
+	BNOP	RA,1
+	STNW	A22,*${MAC}[0]		; write the result
+	STNW	A24,*${MAC}[1]
+	STNW	A26,*${MAC}[2]
+	STNW	A28,*${MAC}[3]
+	.endasmfunc
+___
+}
+$code.=<<___;
+	.sect	.const
+	.cstring "Poly1305 for C64x+, CRYPTOGAMS by <appro\@openssl.org>"
+	.align	4
+___
+
+print $code;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-mips.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-mips.pl
new file mode 100755
index 000000000..28b6772ee
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-mips.pl
@@ -0,0 +1,437 @@
+#! /usr/bin/env perl
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# Poly1305 hash for MIPS64.
+#
+# May 2016
+#
+# Numbers are cycles per processed byte with poly1305_blocks alone.
+#
+#		IALU/gcc
+# R1x000	5.64/+120%	(big-endian)
+# Octeon II	3.80/+280%	(little-endian)
+
+######################################################################
+# There is a number of MIPS ABI in use, O32 and N32/64 are most
+# widely used. Then there is a new contender: NUBI. It appears that if
+# one picks the latter, it's possible to arrange code in ABI neutral
+# manner. Therefore let's stick to NUBI register layout:
+#
+($zero,$at,$t0,$t1,$t2)=map("\$$_",(0..2,24,25));
+($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11));
+($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7,$s8,$s9,$s10,$s11)=map("\$$_",(12..23));
+($gp,$tp,$sp,$fp,$ra)=map("\$$_",(3,28..31));
+#
+# The return value is placed in $a0. Following coding rules facilitate
+# interoperability:
+#
+# - never ever touch $tp, "thread pointer", former $gp [o32 can be
+#   excluded from the rule, because it's specified volatile];
+# - copy return value to $t0, former $v0 [or to $a0 if you're adapting
+#   old code];
+# - on O32 populate $a4-$a7 with 'lw $aN,4*N($sp)' if necessary;
+#
+# For reference here is register layout for N32/64 MIPS ABIs:
+#
+# ($zero,$at,$v0,$v1)=map("\$$_",(0..3));
+# ($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11));
+# ($t0,$t1,$t2,$t3,$t8,$t9)=map("\$$_",(12..15,24,25));
+# ($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7)=map("\$$_",(16..23));
+# ($gp,$sp,$fp,$ra)=map("\$$_",(28..31));
+#
+# <appro@openssl.org>
+#
+######################################################################
+
+$flavour = shift || "o32"; # supported flavours are o32,n32,64,nubi32,nubi64
+
+die "MIPS64 only" unless ($flavour =~ /64|n32/i);
+
+$v0 = ($flavour =~ /nubi/i) ? $a0 : $t0;
+$SAVED_REGS_MASK = ($flavour =~ /nubi/i) ? "0x0003f000" : "0x00030000";
+
+($ctx,$inp,$len,$padbit) = ($a0,$a1,$a2,$a3);
+($in0,$in1,$tmp0,$tmp1,$tmp2,$tmp3,$tmp4) = ($a4,$a5,$a6,$a7,$at,$t0,$t1);
+
+$code.=<<___;
+#include "mips_arch.h"
+
+#ifdef MIPSEB
+# define MSB 0
+# define LSB 7
+#else
+# define MSB 7
+# define LSB 0
+#endif
+
+.text
+.set	noat
+.set	noreorder
+
+.align	5
+.globl	poly1305_init
+.ent	poly1305_init
+poly1305_init:
+	.frame	$sp,0,$ra
+	.set	reorder
+
+	sd	$zero,0($ctx)
+	sd	$zero,8($ctx)
+	sd	$zero,16($ctx)
+
+	beqz	$inp,.Lno_key
+
+#if defined(_MIPS_ARCH_MIPS64R6)
+	ld	$in0,0($inp)
+	ld	$in1,8($inp)
+#else
+	ldl	$in0,0+MSB($inp)
+	ldl	$in1,8+MSB($inp)
+	ldr	$in0,0+LSB($inp)
+	ldr	$in1,8+LSB($inp)
+#endif
+#ifdef	MIPSEB
+# if defined(_MIPS_ARCH_MIPS64R2)
+	dsbh	$in0,$in0		# byte swap
+	 dsbh	$in1,$in1
+	dshd	$in0,$in0
+	 dshd	$in1,$in1
+# else
+	ori	$tmp0,$zero,0xFF
+	dsll	$tmp2,$tmp0,32
+	or	$tmp0,$tmp2		# 0x000000FF000000FF
+
+	and	$tmp1,$in0,$tmp0	# byte swap
+	 and	$tmp3,$in1,$tmp0
+	dsrl	$tmp2,$in0,24
+	 dsrl	$tmp4,$in1,24
+	dsll	$tmp1,24
+	 dsll	$tmp3,24
+	and	$tmp2,$tmp0
+	 and	$tmp4,$tmp0
+	dsll	$tmp0,8			# 0x0000FF000000FF00
+	or	$tmp1,$tmp2
+	 or	$tmp3,$tmp4
+	and	$tmp2,$in0,$tmp0
+	 and	$tmp4,$in1,$tmp0
+	dsrl	$in0,8
+	 dsrl	$in1,8
+	dsll	$tmp2,8
+	 dsll	$tmp4,8
+	and	$in0,$tmp0
+	 and	$in1,$tmp0
+	or	$tmp1,$tmp2
+	 or	$tmp3,$tmp4
+	or	$in0,$tmp1
+	 or	$in1,$tmp3
+	dsrl	$tmp1,$in0,32
+	 dsrl	$tmp3,$in1,32
+	dsll	$in0,32
+	 dsll	$in1,32
+	or	$in0,$tmp1
+	 or	$in1,$tmp3
+# endif
+#endif
+	li	$tmp0,1
+	dsll	$tmp0,32
+	daddiu	$tmp0,-63
+	dsll	$tmp0,28
+	daddiu	$tmp0,-1		# 0ffffffc0fffffff
+
+	and	$in0,$tmp0
+	daddiu	$tmp0,-3		# 0ffffffc0ffffffc
+	and	$in1,$tmp0
+
+	sd	$in0,24($ctx)
+	dsrl	$tmp0,$in1,2
+	sd	$in1,32($ctx)
+	daddu	$tmp0,$in1		# s1 = r1 + (r1 >> 2)
+	sd	$tmp0,40($ctx)
+
+.Lno_key:
+	li	$v0,0			# return 0
+	jr	$ra
+.end	poly1305_init
+___
+{
+my ($h0,$h1,$h2,$r0,$r1,$s1,$d0,$d1,$d2) =
+   ($s0,$s1,$s2,$s3,$s4,$s5,$in0,$in1,$t2);
+
+$code.=<<___;
+.align	5
+.globl	poly1305_blocks
+.ent	poly1305_blocks
+poly1305_blocks:
+	.set	noreorder
+	dsrl	$len,4			# number of complete blocks
+	bnez	$len,poly1305_blocks_internal
+	nop
+	jr	$ra
+	nop
+.end	poly1305_blocks
+
+.align	5
+.ent	poly1305_blocks_internal
+poly1305_blocks_internal:
+	.frame	$sp,6*8,$ra
+	.mask	$SAVED_REGS_MASK,-8
+	.set	noreorder
+	dsubu	$sp,6*8
+	sd	$s5,40($sp)
+	sd	$s4,32($sp)
+___
+$code.=<<___ if ($flavour =~ /nubi/i);	# optimize non-nubi prologue
+	sd	$s3,24($sp)
+	sd	$s2,16($sp)
+	sd	$s1,8($sp)
+	sd	$s0,0($sp)
+___
+$code.=<<___;
+	.set	reorder
+
+	ld	$h0,0($ctx)		# load hash value
+	ld	$h1,8($ctx)
+	ld	$h2,16($ctx)
+
+	ld	$r0,24($ctx)		# load key
+	ld	$r1,32($ctx)
+	ld	$s1,40($ctx)
+
+.Loop:
+#if defined(_MIPS_ARCH_MIPS64R6)
+	ld	$in0,0($inp)		# load input
+	ld	$in1,8($inp)
+#else
+	ldl	$in0,0+MSB($inp)	# load input
+	ldl	$in1,8+MSB($inp)
+	ldr	$in0,0+LSB($inp)
+	ldr	$in1,8+LSB($inp)
+#endif
+	daddiu	$len,-1
+	daddiu	$inp,16
+#ifdef	MIPSEB
+# if defined(_MIPS_ARCH_MIPS64R2)
+	dsbh	$in0,$in0		# byte swap
+	 dsbh	$in1,$in1
+	dshd	$in0,$in0
+	 dshd	$in1,$in1
+# else
+	ori	$tmp0,$zero,0xFF
+	dsll	$tmp2,$tmp0,32
+	or	$tmp0,$tmp2		# 0x000000FF000000FF
+
+	and	$tmp1,$in0,$tmp0	# byte swap
+	 and	$tmp3,$in1,$tmp0
+	dsrl	$tmp2,$in0,24
+	 dsrl	$tmp4,$in1,24
+	dsll	$tmp1,24
+	 dsll	$tmp3,24
+	and	$tmp2,$tmp0
+	 and	$tmp4,$tmp0
+	dsll	$tmp0,8			# 0x0000FF000000FF00
+	or	$tmp1,$tmp2
+	 or	$tmp3,$tmp4
+	and	$tmp2,$in0,$tmp0
+	 and	$tmp4,$in1,$tmp0
+	dsrl	$in0,8
+	 dsrl	$in1,8
+	dsll	$tmp2,8
+	 dsll	$tmp4,8
+	and	$in0,$tmp0
+	 and	$in1,$tmp0
+	or	$tmp1,$tmp2
+	 or	$tmp3,$tmp4
+	or	$in0,$tmp1
+	 or	$in1,$tmp3
+	dsrl	$tmp1,$in0,32
+	 dsrl	$tmp3,$in1,32
+	dsll	$in0,32
+	 dsll	$in1,32
+	or	$in0,$tmp1
+	 or	$in1,$tmp3
+# endif
+#endif
+	daddu	$h0,$in0		# accumulate input
+	daddu	$h1,$in1
+	sltu	$tmp0,$h0,$in0
+	sltu	$tmp1,$h1,$in1
+	daddu	$h1,$tmp0
+
+	dmultu	($r0,$h0)		# h0*r0
+	 daddu	$h2,$padbit
+	 sltu	$tmp0,$h1,$tmp0
+	mflo	($d0,$r0,$h0)
+	mfhi	($d1,$r0,$h0)
+
+	dmultu	($s1,$h1)		# h1*5*r1
+	 daddu	$tmp0,$tmp1
+	 daddu	$h2,$tmp0
+	mflo	($tmp0,$s1,$h1)
+	mfhi	($tmp1,$s1,$h1)
+
+	dmultu	($r1,$h0)		# h0*r1
+	 daddu	$d0,$tmp0
+	 daddu	$d1,$tmp1
+	mflo	($tmp2,$r1,$h0)
+	mfhi	($d2,$r1,$h0)
+	 sltu	$tmp0,$d0,$tmp0
+	 daddu	$d1,$tmp0
+
+	dmultu	($r0,$h1)		# h1*r0
+	 daddu	$d1,$tmp2
+	 sltu	$tmp2,$d1,$tmp2
+	mflo	($tmp0,$r0,$h1)
+	mfhi	($tmp1,$r0,$h1)
+	 daddu	$d2,$tmp2
+
+	dmultu	($s1,$h2)		# h2*5*r1
+	 daddu	$d1,$tmp0
+	 daddu	$d2,$tmp1
+	mflo	($tmp2,$s1,$h2)
+
+	dmultu	($r0,$h2)		# h2*r0
+	 sltu	$tmp0,$d1,$tmp0
+	 daddu	$d2,$tmp0
+	mflo	($tmp3,$r0,$h2)
+
+	daddu	$d1,$tmp2
+	daddu	$d2,$tmp3
+	sltu	$tmp2,$d1,$tmp2
+	daddu	$d2,$tmp2
+
+	li	$tmp0,-4		# final reduction
+	and	$tmp0,$d2
+	dsrl	$tmp1,$d2,2
+	andi	$h2,$d2,3
+	daddu	$tmp0,$tmp1
+	daddu	$h0,$d0,$tmp0
+	sltu	$tmp0,$h0,$tmp0
+	daddu	$h1,$d1,$tmp0
+	sltu	$tmp0,$h1,$tmp0
+	daddu	$h2,$h2,$tmp0
+
+	bnez	$len,.Loop
+
+	sd	$h0,0($ctx)		# store hash value
+	sd	$h1,8($ctx)
+	sd	$h2,16($ctx)
+
+	.set	noreorder
+	ld	$s5,40($sp)		# epilogue
+	ld	$s4,32($sp)
+___
+$code.=<<___ if ($flavour =~ /nubi/i);	# optimize non-nubi epilogue
+	ld	$s3,24($sp)
+	ld	$s2,16($sp)
+	ld	$s1,8($sp)
+	ld	$s0,0($sp)
+___
+$code.=<<___;
+	jr	$ra
+	daddu	$sp,6*8
+.end	poly1305_blocks_internal
+___
+}
+{
+my ($ctx,$mac,$nonce) = ($a0,$a1,$a2);
+
+$code.=<<___;
+.align	5
+.globl	poly1305_emit
+.ent	poly1305_emit
+poly1305_emit:
+	.frame	$sp,0,$ra
+	.set	reorder
+
+	ld	$tmp0,0($ctx)
+	ld	$tmp1,8($ctx)
+	ld	$tmp2,16($ctx)
+
+	daddiu	$in0,$tmp0,5		# compare to modulus
+	sltiu	$tmp3,$in0,5
+	daddu	$in1,$tmp1,$tmp3
+	sltu	$tmp3,$in1,$tmp3
+	daddu	$tmp2,$tmp2,$tmp3
+
+	dsrl	$tmp2,2			# see if it carried/borrowed
+	dsubu	$tmp2,$zero,$tmp2
+	nor	$tmp3,$zero,$tmp2
+
+	and	$in0,$tmp2
+	and	$tmp0,$tmp3
+	and	$in1,$tmp2
+	and	$tmp1,$tmp3
+	or	$in0,$tmp0
+	or	$in1,$tmp1
+
+	lwu	$tmp0,0($nonce)		# load nonce
+	lwu	$tmp1,4($nonce)
+	lwu	$tmp2,8($nonce)
+	lwu	$tmp3,12($nonce)
+	dsll	$tmp1,32
+	dsll	$tmp3,32
+	or	$tmp0,$tmp1
+	or	$tmp2,$tmp3
+
+	daddu	$in0,$tmp0		# accumulate nonce
+	daddu	$in1,$tmp2
+	sltu	$tmp0,$in0,$tmp0
+	daddu	$in1,$tmp0
+
+	dsrl	$tmp0,$in0,8		# write mac value
+	dsrl	$tmp1,$in0,16
+	dsrl	$tmp2,$in0,24
+	sb	$in0,0($mac)
+	dsrl	$tmp3,$in0,32
+	sb	$tmp0,1($mac)
+	dsrl	$tmp0,$in0,40
+	sb	$tmp1,2($mac)
+	dsrl	$tmp1,$in0,48
+	sb	$tmp2,3($mac)
+	dsrl	$tmp2,$in0,56
+	sb	$tmp3,4($mac)
+	dsrl	$tmp3,$in1,8
+	sb	$tmp0,5($mac)
+	dsrl	$tmp0,$in1,16
+	sb	$tmp1,6($mac)
+	dsrl	$tmp1,$in1,24
+	sb	$tmp2,7($mac)
+
+	sb	$in1,8($mac)
+	dsrl	$tmp2,$in1,32
+	sb	$tmp3,9($mac)
+	dsrl	$tmp3,$in1,40
+	sb	$tmp0,10($mac)
+	dsrl	$tmp0,$in1,48
+	sb	$tmp1,11($mac)
+	dsrl	$tmp1,$in1,56
+	sb	$tmp2,12($mac)
+	sb	$tmp3,13($mac)
+	sb	$tmp0,14($mac)
+	sb	$tmp1,15($mac)
+
+	jr	$ra
+.end	poly1305_emit
+.rdata
+.asciiz	"Poly1305 for MIPS64, CRYPTOGAMS by <appro\@openssl.org>"
+.align	2
+___
+}
+
+$output=pop and open STDOUT,">$output";
+print $code;
+close STDOUT;
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-ppc.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-ppc.pl
new file mode 100755
index 000000000..0c6d015d5
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-ppc.pl
@@ -0,0 +1,645 @@
+#! /usr/bin/env perl
+# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# This module implements Poly1305 hash for PowerPC.
+#
+# June 2015
+#
+# Numbers are cycles per processed byte with poly1305_blocks alone,
+# and improvement coefficients relative to gcc-generated code.
+#
+#			-m32		-m64
+#
+# Freescale e300	14.8/+80%	-
+# PPC74x0		7.60/+60%	-
+# PPC970		7.00/+114%	3.51/+205%
+# POWER7		3.75/+260%	1.93/+100%
+# POWER8		-		2.03/+200%
+# POWER9		-		2.00/+150%
+#
+# Do we need floating-point implementation for PPC? Results presented
+# in poly1305_ieee754.c are tricky to compare to, because they are for
+# compiler-generated code. On the other hand it's known that floating-
+# point performance can be dominated by FPU latency, which means that
+# there is limit even for ideally optimized (and even vectorized) code.
+# And this limit is estimated to be higher than above -m64 results. Or
+# in other words floating-point implementation can be meaningful to
+# consider only in 32-bit application context. We probably have to
+# recognize that 32-bit builds are getting less popular on high-end
+# systems and therefore tend to target embedded ones, which might not
+# even have FPU...
+#
+# On side note, Power ISA 2.07 enables vector base 2^26 implementation,
+# and POWER8 might have capacity to break 1.0 cycle per byte barrier...
+
+$flavour = shift;
+
+if ($flavour =~ /64/) {
+	$SIZE_T	=8;
+	$LRSAVE	=2*$SIZE_T;
+	$UCMP	="cmpld";
+	$STU	="stdu";
+	$POP	="ld";
+	$PUSH	="std";
+} elsif ($flavour =~ /32/) {
+	$SIZE_T	=4;
+	$LRSAVE	=$SIZE_T;
+	$UCMP	="cmplw";
+	$STU	="stwu";
+	$POP	="lwz";
+	$PUSH	="stw";
+} else { die "nonsense $flavour"; }
+
+# Define endianness based on flavour
+# i.e.: linux64le
+$LITTLE_ENDIAN = ($flavour=~/le$/) ? $SIZE_T : 0;
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
+die "can't locate ppc-xlate.pl";
+
+open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!";
+
+$FRAME=24*$SIZE_T;
+
+$sp="r1";
+my ($ctx,$inp,$len,$padbit) = map("r$_",(3..6));
+my ($mac,$nonce)=($inp,$len);
+my $mask = "r0";
+
+$code=<<___;
+.machine	"any"
+.text
+___
+							if ($flavour =~ /64/) {
+###############################################################################
+# base 2^64 implementation
+
+my ($h0,$h1,$h2,$d0,$d1,$d2, $r0,$r1,$s1, $t0,$t1) = map("r$_",(7..12,27..31));
+
+$code.=<<___;
+.globl	.poly1305_init_int
+.align	4
+.poly1305_init_int:
+	xor	r0,r0,r0
+	std	r0,0($ctx)		# zero hash value
+	std	r0,8($ctx)
+	std	r0,16($ctx)
+
+	$UCMP	$inp,r0
+	beq-	Lno_key
+___
+$code.=<<___	if ($LITTLE_ENDIAN);
+	ld	$d0,0($inp)		# load key material
+	ld	$d1,8($inp)
+___
+$code.=<<___	if (!$LITTLE_ENDIAN);
+	li	$h0,4
+	lwbrx	$d0,0,$inp		# load key material
+	li	$d1,8
+	lwbrx	$h0,$h0,$inp
+	li	$h1,12
+	lwbrx	$d1,$d1,$inp
+	lwbrx	$h1,$h1,$inp
+	insrdi	$d0,$h0,32,0
+	insrdi	$d1,$h1,32,0
+___
+$code.=<<___;
+	lis	$h1,0xfff		# 0x0fff0000
+	ori	$h1,$h1,0xfffc		# 0x0ffffffc
+	insrdi	$h1,$h1,32,0		# 0x0ffffffc0ffffffc
+	ori	$h0,$h1,3		# 0x0ffffffc0fffffff
+
+	and	$d0,$d0,$h0
+	and	$d1,$d1,$h1
+
+	std	$d0,32($ctx)		# store key
+	std	$d1,40($ctx)
+
+Lno_key:
+	xor	r3,r3,r3
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,2,0
+.size	.poly1305_init_int,.-.poly1305_init_int
+
+.globl	.poly1305_blocks
+.align	4
+.poly1305_blocks:
+	srdi.	$len,$len,4
+	beq-	Labort
+
+	$STU	$sp,-$FRAME($sp)
+	mflr	r0
+	$PUSH	r27,`$FRAME-$SIZE_T*5`($sp)
+	$PUSH	r28,`$FRAME-$SIZE_T*4`($sp)
+	$PUSH	r29,`$FRAME-$SIZE_T*3`($sp)
+	$PUSH	r30,`$FRAME-$SIZE_T*2`($sp)
+	$PUSH	r31,`$FRAME-$SIZE_T*1`($sp)
+	$PUSH	r0,`$FRAME+$LRSAVE`($sp)
+
+	ld	$r0,32($ctx)		# load key
+	ld	$r1,40($ctx)
+
+	ld	$h0,0($ctx)		# load hash value
+	ld	$h1,8($ctx)
+	ld	$h2,16($ctx)
+
+	srdi	$s1,$r1,2
+	mtctr	$len
+	add	$s1,$s1,$r1		# s1 = r1 + r1>>2
+	li	$mask,3
+	b	Loop
+
+.align	4
+Loop:
+___
+$code.=<<___	if ($LITTLE_ENDIAN);
+	ld	$t0,0($inp)		# load input
+	ld	$t1,8($inp)
+___
+$code.=<<___	if (!$LITTLE_ENDIAN);
+	li	$d0,4
+	lwbrx	$t0,0,$inp		# load input
+	li	$t1,8
+	lwbrx	$d0,$d0,$inp
+	li	$d1,12
+	lwbrx	$t1,$t1,$inp
+	lwbrx	$d1,$d1,$inp
+	insrdi	$t0,$d0,32,0
+	insrdi	$t1,$d1,32,0
+___
+$code.=<<___;
+	addi	$inp,$inp,16
+
+	addc	$h0,$h0,$t0		# accumulate input
+	adde	$h1,$h1,$t1
+
+	mulld	$d0,$h0,$r0		# h0*r0
+	mulhdu	$d1,$h0,$r0
+	adde	$h2,$h2,$padbit
+
+	mulld	$t0,$h1,$s1		# h1*5*r1
+	mulhdu	$t1,$h1,$s1
+	addc	$d0,$d0,$t0
+	adde	$d1,$d1,$t1
+
+	mulld	$t0,$h0,$r1		# h0*r1
+	mulhdu	$d2,$h0,$r1
+	addc	$d1,$d1,$t0
+	addze	$d2,$d2
+
+	mulld	$t0,$h1,$r0		# h1*r0
+	mulhdu	$t1,$h1,$r0
+	addc	$d1,$d1,$t0
+	adde	$d2,$d2,$t1
+
+	mulld	$t0,$h2,$s1		# h2*5*r1
+	mulld	$t1,$h2,$r0		# h2*r0
+	addc	$d1,$d1,$t0
+	adde	$d2,$d2,$t1
+
+	andc	$t0,$d2,$mask		# final reduction step
+	and	$h2,$d2,$mask
+	srdi	$t1,$t0,2
+	add	$t0,$t0,$t1
+	addc	$h0,$d0,$t0
+	addze	$h1,$d1
+	addze	$h2,$h2
+
+	bdnz	Loop
+
+	std	$h0,0($ctx)		# store hash value
+	std	$h1,8($ctx)
+	std	$h2,16($ctx)
+
+	$POP	r27,`$FRAME-$SIZE_T*5`($sp)
+	$POP	r28,`$FRAME-$SIZE_T*4`($sp)
+	$POP	r29,`$FRAME-$SIZE_T*3`($sp)
+	$POP	r30,`$FRAME-$SIZE_T*2`($sp)
+	$POP	r31,`$FRAME-$SIZE_T*1`($sp)
+	addi	$sp,$sp,$FRAME
+Labort:
+	blr
+	.long	0
+	.byte	0,12,4,1,0x80,5,4,0
+.size	.poly1305_blocks,.-.poly1305_blocks
+
+.globl	.poly1305_emit
+.align	4
+.poly1305_emit:
+	ld	$h0,0($ctx)		# load hash
+	ld	$h1,8($ctx)
+	ld	$h2,16($ctx)
+	ld	$padbit,0($nonce)	# load nonce
+	ld	$nonce,8($nonce)
+
+	addic	$d0,$h0,5		# compare to modulus
+	addze	$d1,$h1
+	addze	$d2,$h2
+
+	srdi	$mask,$d2,2		# did it carry/borrow?
+	neg	$mask,$mask
+
+	andc	$h0,$h0,$mask
+	and	$d0,$d0,$mask
+	andc	$h1,$h1,$mask
+	and	$d1,$d1,$mask
+	or	$h0,$h0,$d0
+	or	$h1,$h1,$d1
+___
+$code.=<<___	if (!$LITTLE_ENDIAN);
+	rotldi	$padbit,$padbit,32	# flip nonce words
+	rotldi	$nonce,$nonce,32
+___
+$code.=<<___;
+	addc	$h0,$h0,$padbit		# accumulate nonce
+	adde	$h1,$h1,$nonce
+___
+$code.=<<___	if ($LITTLE_ENDIAN);
+	std	$h0,0($mac)		# write result
+	std	$h1,8($mac)
+___
+$code.=<<___	if (!$LITTLE_ENDIAN);
+	extrdi	r0,$h0,32,0
+	li	$d0,4
+	stwbrx	$h0,0,$mac		# write result
+	extrdi	$h0,$h1,32,0
+	li	$d1,8
+	stwbrx	r0,$d0,$mac
+	li	$d2,12
+	stwbrx	$h1,$d1,$mac
+	stwbrx	$h0,$d2,$mac
+___
+$code.=<<___;
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,3,0
+.size	.poly1305_emit,.-.poly1305_emit
+___
+							} else {
+###############################################################################
+# base 2^32 implementation
+
+my ($h0,$h1,$h2,$h3,$h4, $r0,$r1,$r2,$r3, $s1,$s2,$s3,
+    $t0,$t1,$t2,$t3, $D0,$D1,$D2,$D3, $d0,$d1,$d2,$d3
+   ) = map("r$_",(7..12,14..31));
+
+$code.=<<___;
+.globl	.poly1305_init_int
+.align	4
+.poly1305_init_int:
+	xor	r0,r0,r0
+	stw	r0,0($ctx)		# zero hash value
+	stw	r0,4($ctx)
+	stw	r0,8($ctx)
+	stw	r0,12($ctx)
+	stw	r0,16($ctx)
+
+	$UCMP	$inp,r0
+	beq-	Lno_key
+___
+$code.=<<___	if ($LITTLE_ENDIAN);
+	lw	$h0,0($inp)		# load key material
+	lw	$h1,4($inp)
+	lw	$h2,8($inp)
+	lw	$h3,12($inp)
+___
+$code.=<<___	if (!$LITTLE_ENDIAN);
+	li	$h1,4
+	lwbrx	$h0,0,$inp		# load key material
+	li	$h2,8
+	lwbrx	$h1,$h1,$inp
+	li	$h3,12
+	lwbrx	$h2,$h2,$inp
+	lwbrx	$h3,$h3,$inp
+___
+$code.=<<___;
+	lis	$mask,0xf000		# 0xf0000000
+	li	$r0,-4
+	andc	$r0,$r0,$mask		# 0x0ffffffc
+
+	andc	$h0,$h0,$mask
+	and	$h1,$h1,$r0
+	and	$h2,$h2,$r0
+	and	$h3,$h3,$r0
+
+	stw	$h0,32($ctx)		# store key
+	stw	$h1,36($ctx)
+	stw	$h2,40($ctx)
+	stw	$h3,44($ctx)
+
+Lno_key:
+	xor	r3,r3,r3
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,2,0
+.size	.poly1305_init_int,.-.poly1305_init_int
+
+.globl	.poly1305_blocks
+.align	4
+.poly1305_blocks:
+	srwi.	$len,$len,4
+	beq-	Labort
+
+	$STU	$sp,-$FRAME($sp)
+	mflr	r0
+	$PUSH	r14,`$FRAME-$SIZE_T*18`($sp)
+	$PUSH	r15,`$FRAME-$SIZE_T*17`($sp)
+	$PUSH	r16,`$FRAME-$SIZE_T*16`($sp)
+	$PUSH	r17,`$FRAME-$SIZE_T*15`($sp)
+	$PUSH	r18,`$FRAME-$SIZE_T*14`($sp)
+	$PUSH	r19,`$FRAME-$SIZE_T*13`($sp)
+	$PUSH	r20,`$FRAME-$SIZE_T*12`($sp)
+	$PUSH	r21,`$FRAME-$SIZE_T*11`($sp)
+	$PUSH	r22,`$FRAME-$SIZE_T*10`($sp)
+	$PUSH	r23,`$FRAME-$SIZE_T*9`($sp)
+	$PUSH	r24,`$FRAME-$SIZE_T*8`($sp)
+	$PUSH	r25,`$FRAME-$SIZE_T*7`($sp)
+	$PUSH	r26,`$FRAME-$SIZE_T*6`($sp)
+	$PUSH	r27,`$FRAME-$SIZE_T*5`($sp)
+	$PUSH	r28,`$FRAME-$SIZE_T*4`($sp)
+	$PUSH	r29,`$FRAME-$SIZE_T*3`($sp)
+	$PUSH	r30,`$FRAME-$SIZE_T*2`($sp)
+	$PUSH	r31,`$FRAME-$SIZE_T*1`($sp)
+	$PUSH	r0,`$FRAME+$LRSAVE`($sp)
+
+	lwz	$r0,32($ctx)		# load key
+	lwz	$r1,36($ctx)
+	lwz	$r2,40($ctx)
+	lwz	$r3,44($ctx)
+
+	lwz	$h0,0($ctx)		# load hash value
+	lwz	$h1,4($ctx)
+	lwz	$h2,8($ctx)
+	lwz	$h3,12($ctx)
+	lwz	$h4,16($ctx)
+
+	srwi	$s1,$r1,2
+	srwi	$s2,$r2,2
+	srwi	$s3,$r3,2
+	add	$s1,$s1,$r1		# si = ri + ri>>2
+	add	$s2,$s2,$r2
+	add	$s3,$s3,$r3
+	mtctr	$len
+	li	$mask,3
+	b	Loop
+
+.align	4
+Loop:
+___
+$code.=<<___	if ($LITTLE_ENDIAN);
+	lwz	$d0,0($inp)		# load input
+	lwz	$d1,4($inp)
+	lwz	$d2,8($inp)
+	lwz	$d3,12($inp)
+___
+$code.=<<___	if (!$LITTLE_ENDIAN);
+	li	$d1,4
+	lwbrx	$d0,0,$inp		# load input
+	li	$d2,8
+	lwbrx	$d1,$d1,$inp
+	li	$d3,12
+	lwbrx	$d2,$d2,$inp
+	lwbrx	$d3,$d3,$inp
+___
+$code.=<<___;
+	addi	$inp,$inp,16
+
+	addc	$h0,$h0,$d0		# accumulate input
+	adde	$h1,$h1,$d1
+	adde	$h2,$h2,$d2
+
+	mullw	$d0,$h0,$r0		# h0*r0
+	mulhwu	$D0,$h0,$r0
+
+	mullw	$d1,$h0,$r1		# h0*r1
+	mulhwu	$D1,$h0,$r1
+
+	mullw	$d2,$h0,$r2		# h0*r2
+	mulhwu	$D2,$h0,$r2
+
+	 adde	$h3,$h3,$d3
+	 adde	$h4,$h4,$padbit
+
+	mullw	$d3,$h0,$r3		# h0*r3
+	mulhwu	$D3,$h0,$r3
+
+	mullw	$t0,$h1,$s3		# h1*s3
+	mulhwu	$t1,$h1,$s3
+
+	mullw	$t2,$h1,$r0		# h1*r0
+	mulhwu	$t3,$h1,$r0
+	 addc	$d0,$d0,$t0
+	 adde	$D0,$D0,$t1
+
+	mullw	$t0,$h1,$r1		# h1*r1
+	mulhwu	$t1,$h1,$r1
+	 addc	$d1,$d1,$t2
+	 adde	$D1,$D1,$t3
+
+	mullw	$t2,$h1,$r2		# h1*r2
+	mulhwu	$t3,$h1,$r2
+	 addc	$d2,$d2,$t0
+	 adde	$D2,$D2,$t1
+
+	mullw	$t0,$h2,$s2		# h2*s2
+	mulhwu	$t1,$h2,$s2
+	 addc	$d3,$d3,$t2
+	 adde	$D3,$D3,$t3
+
+	mullw	$t2,$h2,$s3		# h2*s3
+	mulhwu	$t3,$h2,$s3
+	 addc	$d0,$d0,$t0
+	 adde	$D0,$D0,$t1
+
+	mullw	$t0,$h2,$r0		# h2*r0
+	mulhwu	$t1,$h2,$r0
+	 addc	$d1,$d1,$t2
+	 adde	$D1,$D1,$t3
+
+	mullw	$t2,$h2,$r1		# h2*r1
+	mulhwu	$t3,$h2,$r1
+	 addc	$d2,$d2,$t0
+	 adde	$D2,$D2,$t1
+
+	mullw	$t0,$h3,$s1		# h3*s1
+	mulhwu	$t1,$h3,$s1
+	 addc	$d3,$d3,$t2
+	 adde	$D3,$D3,$t3
+
+	mullw	$t2,$h3,$s2		# h3*s2
+	mulhwu	$t3,$h3,$s2
+	 addc	$d0,$d0,$t0
+	 adde	$D0,$D0,$t1
+
+	mullw	$t0,$h3,$s3		# h3*s3
+	mulhwu	$t1,$h3,$s3
+	 addc	$d1,$d1,$t2
+	 adde	$D1,$D1,$t3
+
+	mullw	$t2,$h3,$r0		# h3*r0
+	mulhwu	$t3,$h3,$r0
+	 addc	$d2,$d2,$t0
+	 adde	$D2,$D2,$t1
+
+	mullw	$t0,$h4,$s1		# h4*s1
+	 addc	$d3,$d3,$t2
+	 adde	$D3,$D3,$t3
+	addc	$d1,$d1,$t0
+
+	mullw	$t1,$h4,$s2		# h4*s2
+	 addze	$D1,$D1
+	addc	$d2,$d2,$t1
+	addze	$D2,$D2
+
+	mullw	$t2,$h4,$s3		# h4*s3
+	addc	$d3,$d3,$t2
+	addze	$D3,$D3
+
+	mullw	$h4,$h4,$r0		# h4*r0
+
+	addc	$h1,$d1,$D0
+	adde	$h2,$d2,$D1
+	adde	$h3,$d3,$D2
+	adde	$h4,$h4,$D3
+
+	andc	$D0,$h4,$mask		# final reduction step
+	and	$h4,$h4,$mask
+	srwi	$D1,$D0,2
+	add	$D0,$D0,$D1
+	addc	$h0,$d0,$D0
+	addze	$h1,$h1
+	addze	$h2,$h2
+	addze	$h3,$h3
+	addze	$h4,$h4
+
+	bdnz	Loop
+
+	stw	$h0,0($ctx)		# store hash value
+	stw	$h1,4($ctx)
+	stw	$h2,8($ctx)
+	stw	$h3,12($ctx)
+	stw	$h4,16($ctx)
+
+	$POP	r14,`$FRAME-$SIZE_T*18`($sp)
+	$POP	r15,`$FRAME-$SIZE_T*17`($sp)
+	$POP	r16,`$FRAME-$SIZE_T*16`($sp)
+	$POP	r17,`$FRAME-$SIZE_T*15`($sp)
+	$POP	r18,`$FRAME-$SIZE_T*14`($sp)
+	$POP	r19,`$FRAME-$SIZE_T*13`($sp)
+	$POP	r20,`$FRAME-$SIZE_T*12`($sp)
+	$POP	r21,`$FRAME-$SIZE_T*11`($sp)
+	$POP	r22,`$FRAME-$SIZE_T*10`($sp)
+	$POP	r23,`$FRAME-$SIZE_T*9`($sp)
+	$POP	r24,`$FRAME-$SIZE_T*8`($sp)
+	$POP	r25,`$FRAME-$SIZE_T*7`($sp)
+	$POP	r26,`$FRAME-$SIZE_T*6`($sp)
+	$POP	r27,`$FRAME-$SIZE_T*5`($sp)
+	$POP	r28,`$FRAME-$SIZE_T*4`($sp)
+	$POP	r29,`$FRAME-$SIZE_T*3`($sp)
+	$POP	r30,`$FRAME-$SIZE_T*2`($sp)
+	$POP	r31,`$FRAME-$SIZE_T*1`($sp)
+	addi	$sp,$sp,$FRAME
+Labort:
+	blr
+	.long	0
+	.byte	0,12,4,1,0x80,18,4,0
+.size	.poly1305_blocks,.-.poly1305_blocks
+
+.globl	.poly1305_emit
+.align	4
+.poly1305_emit:
+	$STU	$sp,-$FRAME($sp)
+	mflr	r0
+	$PUSH	r28,`$FRAME-$SIZE_T*4`($sp)
+	$PUSH	r29,`$FRAME-$SIZE_T*3`($sp)
+	$PUSH	r30,`$FRAME-$SIZE_T*2`($sp)
+	$PUSH	r31,`$FRAME-$SIZE_T*1`($sp)
+	$PUSH	r0,`$FRAME+$LRSAVE`($sp)
+
+	lwz	$h0,0($ctx)		# load hash
+	lwz	$h1,4($ctx)
+	lwz	$h2,8($ctx)
+	lwz	$h3,12($ctx)
+	lwz	$h4,16($ctx)
+
+	addic	$d0,$h0,5		# compare to modulus
+	addze	$d1,$h1
+	addze	$d2,$h2
+	addze	$d3,$h3
+	addze	$mask,$h4
+
+	srwi	$mask,$mask,2		# did it carry/borrow?
+	neg	$mask,$mask
+
+	andc	$h0,$h0,$mask
+	and	$d0,$d0,$mask
+	andc	$h1,$h1,$mask
+	and	$d1,$d1,$mask
+	or	$h0,$h0,$d0
+	lwz	$d0,0($nonce)		# load nonce
+	andc	$h2,$h2,$mask
+	and	$d2,$d2,$mask
+	or	$h1,$h1,$d1
+	lwz	$d1,4($nonce)
+	andc	$h3,$h3,$mask
+	and	$d3,$d3,$mask
+	or	$h2,$h2,$d2
+	lwz	$d2,8($nonce)
+	or	$h3,$h3,$d3
+	lwz	$d3,12($nonce)
+
+	addc	$h0,$h0,$d0		# accumulate nonce
+	adde	$h1,$h1,$d1
+	adde	$h2,$h2,$d2
+	adde	$h3,$h3,$d3
+___
+$code.=<<___	if ($LITTLE_ENDIAN);
+	stw	$h0,0($mac)		# write result
+	stw	$h1,4($mac)
+	stw	$h2,8($mac)
+	stw	$h3,12($mac)
+___
+$code.=<<___	if (!$LITTLE_ENDIAN);
+	li	$d1,4
+	stwbrx	$h0,0,$mac		# write result
+	li	$d2,8
+	stwbrx	$h1,$d1,$mac
+	li	$d3,12
+	stwbrx	$h2,$d2,$mac
+	stwbrx	$h3,$d3,$mac
+___
+$code.=<<___;
+	$POP	r28,`$FRAME-$SIZE_T*4`($sp)
+	$POP	r29,`$FRAME-$SIZE_T*3`($sp)
+	$POP	r30,`$FRAME-$SIZE_T*2`($sp)
+	$POP	r31,`$FRAME-$SIZE_T*1`($sp)
+	addi	$sp,$sp,$FRAME
+	blr
+	.long	0
+	.byte	0,12,4,1,0x80,4,3,0
+.size	.poly1305_emit,.-.poly1305_emit
+___
+							}
+$code.=<<___;
+.asciz	"Poly1305 for PPC, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-ppcfp.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-ppcfp.pl
new file mode 100755
index 000000000..09f818584
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-ppcfp.pl
@@ -0,0 +1,739 @@
+#! /usr/bin/env perl
+# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# This module implements Poly1305 hash for PowerPC FPU.
+#
+# June 2015
+#
+# Numbers are cycles per processed byte with poly1305_blocks alone,
+# and improvement coefficients relative to gcc-generated code.
+#
+# Freescale e300	9.78/+30%
+# PPC74x0		6.92/+50%
+# PPC970		6.03/+80%
+# POWER7		3.50/+30%
+# POWER8		3.75/+10%
+
+$flavour = shift;
+
+if ($flavour =~ /64/) {
+	$SIZE_T	=8;
+	$LRSAVE	=2*$SIZE_T;
+	$UCMP	="cmpld";
+	$STU	="stdu";
+	$POP	="ld";
+	$PUSH	="std";
+} elsif ($flavour =~ /32/) {
+	$SIZE_T	=4;
+	$LRSAVE	=$SIZE_T;
+	$UCMP	="cmplw";
+	$STU	="stwu";
+	$POP	="lwz";
+	$PUSH	="stw";
+} else { die "nonsense $flavour"; }
+
+$LITTLE_ENDIAN = ($flavour=~/le$/) ? 4 : 0;
+
+$LWXLE = $LITTLE_ENDIAN ? "lwzx" : "lwbrx";
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
+die "can't locate ppc-xlate.pl";
+
+open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!";
+
+$LOCALS=6*$SIZE_T;
+$FRAME=$LOCALS+6*8+18*8;
+
+my $sp="r1";
+
+my ($ctx,$inp,$len,$padbit) = map("r$_",(3..6));
+my ($in0,$in1,$in2,$in3,$i1,$i2,$i3) = map("r$_",(7..12,6));
+
+my ($h0lo,$h0hi,$h1lo,$h1hi,$h2lo,$h2hi,$h3lo,$h3hi,
+    $two0,$two32,$two64,$two96,$two130,$five_two130,
+    $r0lo,$r0hi,$r1lo,$r1hi,$r2lo,$r2hi,
+    $s2lo,$s2hi,$s3lo,$s3hi,
+    $c0lo,$c0hi,$c1lo,$c1hi,$c2lo,$c2hi,$c3lo,$c3hi) = map("f$_",(0..31));
+# borrowings
+my ($r3lo,$r3hi,$s1lo,$s1hi) = ($c0lo,$c0hi,$c1lo,$c1hi);
+my ($x0,$x1,$x2,$x3) = ($c2lo,$c2hi,$c3lo,$c3hi);
+my ($y0,$y1,$y2,$y3) = ($c3lo,$c3hi,$c1lo,$c1hi);
+
+$code.=<<___;
+.machine	"any"
+.text
+
+.globl	.poly1305_init_fpu
+.align	6
+.poly1305_init_fpu:
+	$STU	$sp,-$LOCALS($sp)		# minimal frame
+	mflr	$padbit
+	$PUSH	$padbit,`$LOCALS+$LRSAVE`($sp)
+
+	bl	LPICmeup
+
+	xor	r0,r0,r0
+	mtlr	$padbit				# restore lr
+
+	lfd	$two0,8*0($len)			# load constants
+	lfd	$two32,8*1($len)
+	lfd	$two64,8*2($len)
+	lfd	$two96,8*3($len)
+	lfd	$two130,8*4($len)
+	lfd	$five_two130,8*5($len)
+
+	stfd	$two0,8*0($ctx)			# initial hash value, biased 0
+	stfd	$two32,8*1($ctx)
+	stfd	$two64,8*2($ctx)
+	stfd	$two96,8*3($ctx)
+
+	$UCMP	$inp,r0
+	beq-	Lno_key
+
+	lfd	$h3lo,8*13($len)		# new fpscr
+	mffs	$h3hi				# old fpscr
+
+	stfd	$two0,8*4($ctx)			# key "template"
+	stfd	$two32,8*5($ctx)
+	stfd	$two64,8*6($ctx)
+	stfd	$two96,8*7($ctx)
+
+	li	$in1,4
+	li	$in2,8
+	li	$in3,12
+	$LWXLE	$in0,0,$inp			# load key
+	$LWXLE	$in1,$in1,$inp
+	$LWXLE	$in2,$in2,$inp
+	$LWXLE	$in3,$in3,$inp
+
+	lis	$i1,0xf000			#   0xf0000000
+	ori	$i2,$i1,3			#   0xf0000003
+	andc	$in0,$in0,$i1			# &=0x0fffffff
+	andc	$in1,$in1,$i2			# &=0x0ffffffc
+	andc	$in2,$in2,$i2
+	andc	$in3,$in3,$i2
+
+	stw	$in0,`8*4+(4^$LITTLE_ENDIAN)`($ctx)	# fill "template"
+	stw	$in1,`8*5+(4^$LITTLE_ENDIAN)`($ctx)
+	stw	$in2,`8*6+(4^$LITTLE_ENDIAN)`($ctx)
+	stw	$in3,`8*7+(4^$LITTLE_ENDIAN)`($ctx)
+
+	mtfsf	255,$h3lo			# fpscr
+	stfd	$two0,8*18($ctx)		# copy constants to context
+	stfd	$two32,8*19($ctx)
+	stfd	$two64,8*20($ctx)
+	stfd	$two96,8*21($ctx)
+	stfd	$two130,8*22($ctx)
+	stfd	$five_two130,8*23($ctx)
+
+	lfd	$h0lo,8*4($ctx)			# load [biased] key
+	lfd	$h1lo,8*5($ctx)
+	lfd	$h2lo,8*6($ctx)
+	lfd	$h3lo,8*7($ctx)
+
+	fsub	$h0lo,$h0lo,$two0		# r0
+	fsub	$h1lo,$h1lo,$two32		# r1
+	fsub	$h2lo,$h2lo,$two64		# r2
+	fsub	$h3lo,$h3lo,$two96		# r3
+
+	lfd	$two0,8*6($len)			# more constants
+	lfd	$two32,8*7($len)
+	lfd	$two64,8*8($len)
+	lfd	$two96,8*9($len)
+
+	fmul	$h1hi,$h1lo,$five_two130	# s1
+	fmul	$h2hi,$h2lo,$five_two130	# s2
+	 stfd	$h3hi,8*15($ctx)		# borrow slot for original fpscr
+	fmul	$h3hi,$h3lo,$five_two130	# s3
+
+	fadd	$h0hi,$h0lo,$two0
+	 stfd	$h1hi,8*12($ctx)		# put aside for now
+	fadd	$h1hi,$h1lo,$two32
+	 stfd	$h2hi,8*13($ctx)
+	fadd	$h2hi,$h2lo,$two64
+	 stfd	$h3hi,8*14($ctx)
+	fadd	$h3hi,$h3lo,$two96
+
+	fsub	$h0hi,$h0hi,$two0
+	fsub	$h1hi,$h1hi,$two32
+	fsub	$h2hi,$h2hi,$two64
+	fsub	$h3hi,$h3hi,$two96
+
+	lfd	$two0,8*10($len)		# more constants
+	lfd	$two32,8*11($len)
+	lfd	$two64,8*12($len)
+
+	fsub	$h0lo,$h0lo,$h0hi
+	fsub	$h1lo,$h1lo,$h1hi
+	fsub	$h2lo,$h2lo,$h2hi
+	fsub	$h3lo,$h3lo,$h3hi
+
+	stfd	$h0hi,8*5($ctx)			# r0hi
+	stfd	$h1hi,8*7($ctx)			# r1hi
+	stfd	$h2hi,8*9($ctx)			# r2hi
+	stfd	$h3hi,8*11($ctx)		# r3hi
+
+	stfd	$h0lo,8*4($ctx)			# r0lo
+	stfd	$h1lo,8*6($ctx)			# r1lo
+	stfd	$h2lo,8*8($ctx)			# r2lo
+	stfd	$h3lo,8*10($ctx)		# r3lo
+
+	lfd	$h1lo,8*12($ctx)		# s1
+	lfd	$h2lo,8*13($ctx)		# s2
+	lfd	$h3lo,8*14($ctx)		# s3
+	lfd	$h0lo,8*15($ctx)		# pull original fpscr
+
+	fadd	$h1hi,$h1lo,$two0
+	fadd	$h2hi,$h2lo,$two32
+	fadd	$h3hi,$h3lo,$two64
+
+	fsub	$h1hi,$h1hi,$two0
+	fsub	$h2hi,$h2hi,$two32
+	fsub	$h3hi,$h3hi,$two64
+
+	fsub	$h1lo,$h1lo,$h1hi
+	fsub	$h2lo,$h2lo,$h2hi
+	fsub	$h3lo,$h3lo,$h3hi
+
+	stfd	$h1hi,8*13($ctx)		# s1hi
+	stfd	$h2hi,8*15($ctx)		# s2hi
+	stfd	$h3hi,8*17($ctx)		# s3hi
+
+	stfd	$h1lo,8*12($ctx)		# s1lo
+	stfd	$h2lo,8*14($ctx)		# s2lo
+	stfd	$h3lo,8*16($ctx)		# s3lo
+
+	mtfsf	255,$h0lo			# restore fpscr
+Lno_key:
+	xor	r3,r3,r3
+	addi	$sp,$sp,$LOCALS
+	blr
+	.long	0
+	.byte	0,12,4,1,0x80,0,2,0
+.size	.poly1305_init_fpu,.-.poly1305_init_fpu
+
+.globl	.poly1305_blocks_fpu
+.align	4
+.poly1305_blocks_fpu:
+	srwi.	$len,$len,4
+	beq-	Labort
+
+	$STU	$sp,-$FRAME($sp)
+	mflr	r0
+	stfd	f14,`$FRAME-8*18`($sp)
+	stfd	f15,`$FRAME-8*17`($sp)
+	stfd	f16,`$FRAME-8*16`($sp)
+	stfd	f17,`$FRAME-8*15`($sp)
+	stfd	f18,`$FRAME-8*14`($sp)
+	stfd	f19,`$FRAME-8*13`($sp)
+	stfd	f20,`$FRAME-8*12`($sp)
+	stfd	f21,`$FRAME-8*11`($sp)
+	stfd	f22,`$FRAME-8*10`($sp)
+	stfd	f23,`$FRAME-8*9`($sp)
+	stfd	f24,`$FRAME-8*8`($sp)
+	stfd	f25,`$FRAME-8*7`($sp)
+	stfd	f26,`$FRAME-8*6`($sp)
+	stfd	f27,`$FRAME-8*5`($sp)
+	stfd	f28,`$FRAME-8*4`($sp)
+	stfd	f29,`$FRAME-8*3`($sp)
+	stfd	f30,`$FRAME-8*2`($sp)
+	stfd	f31,`$FRAME-8*1`($sp)
+	$PUSH	r0,`$FRAME+$LRSAVE`($sp)
+
+	xor	r0,r0,r0
+	li	$in3,1
+	mtctr	$len
+	neg	$len,$len
+	stw	r0,`$LOCALS+8*4+(0^$LITTLE_ENDIAN)`($sp)
+	stw	$in3,`$LOCALS+8*4+(4^$LITTLE_ENDIAN)`($sp)
+
+	lfd	$two0,8*18($ctx)		# load constants
+	lfd	$two32,8*19($ctx)
+	lfd	$two64,8*20($ctx)
+	lfd	$two96,8*21($ctx)
+	lfd	$two130,8*22($ctx)
+	lfd	$five_two130,8*23($ctx)
+
+	lfd	$h0lo,8*0($ctx)			# load [biased] hash value
+	lfd	$h1lo,8*1($ctx)
+	lfd	$h2lo,8*2($ctx)
+	lfd	$h3lo,8*3($ctx)
+
+	stfd	$two0,`$LOCALS+8*0`($sp)	# input "template"
+	oris	$in3,$padbit,`(1023+52+96)<<4`
+	stfd	$two32,`$LOCALS+8*1`($sp)
+	stfd	$two64,`$LOCALS+8*2`($sp)
+	stw	$in3,`$LOCALS+8*3+(0^$LITTLE_ENDIAN)`($sp)
+
+	li	$i1,4
+	li	$i2,8
+	li	$i3,12
+	$LWXLE	$in0,0,$inp			# load input
+	$LWXLE	$in1,$i1,$inp
+	$LWXLE	$in2,$i2,$inp
+	$LWXLE	$in3,$i3,$inp
+	addi	$inp,$inp,16
+
+	stw	$in0,`$LOCALS+8*0+(4^$LITTLE_ENDIAN)`($sp)	# fill "template"
+	stw	$in1,`$LOCALS+8*1+(4^$LITTLE_ENDIAN)`($sp)
+	stw	$in2,`$LOCALS+8*2+(4^$LITTLE_ENDIAN)`($sp)
+	stw	$in3,`$LOCALS+8*3+(4^$LITTLE_ENDIAN)`($sp)
+
+	mffs	$x0				# original fpscr
+	lfd	$x1,`$LOCALS+8*4`($sp)		# new fpscr
+	lfd	$r0lo,8*4($ctx)			# load key
+	lfd	$r0hi,8*5($ctx)
+	lfd	$r1lo,8*6($ctx)
+	lfd	$r1hi,8*7($ctx)
+	lfd	$r2lo,8*8($ctx)
+	lfd	$r2hi,8*9($ctx)
+	lfd	$r3lo,8*10($ctx)
+	lfd	$r3hi,8*11($ctx)
+	lfd	$s1lo,8*12($ctx)
+	lfd	$s1hi,8*13($ctx)
+	lfd	$s2lo,8*14($ctx)
+	lfd	$s2hi,8*15($ctx)
+	lfd	$s3lo,8*16($ctx)
+	lfd	$s3hi,8*17($ctx)
+
+	stfd	$x0,`$LOCALS+8*4`($sp)		# save original fpscr
+	mtfsf	255,$x1
+
+	addic	$len,$len,1
+	addze	r0,r0
+	slwi.	r0,r0,4
+	sub	$inp,$inp,r0			# conditional rewind
+
+	lfd	$x0,`$LOCALS+8*0`($sp)
+	lfd	$x1,`$LOCALS+8*1`($sp)
+	lfd	$x2,`$LOCALS+8*2`($sp)
+	lfd	$x3,`$LOCALS+8*3`($sp)
+
+	fsub	$h0lo,$h0lo,$two0		# de-bias hash value
+	 $LWXLE	$in0,0,$inp			# modulo-scheduled input load
+	fsub	$h1lo,$h1lo,$two32
+	 $LWXLE	$in1,$i1,$inp
+	fsub	$h2lo,$h2lo,$two64
+	 $LWXLE	$in2,$i2,$inp
+	fsub	$h3lo,$h3lo,$two96
+	 $LWXLE	$in3,$i3,$inp
+
+	fsub	$x0,$x0,$two0			# de-bias input
+	 addi	$inp,$inp,16
+	fsub	$x1,$x1,$two32
+	fsub	$x2,$x2,$two64
+	fsub	$x3,$x3,$two96
+
+	fadd	$x0,$x0,$h0lo			# accumulate input
+	 stw	$in0,`$LOCALS+8*0+(4^$LITTLE_ENDIAN)`($sp)
+	fadd	$x1,$x1,$h1lo
+	 stw	$in1,`$LOCALS+8*1+(4^$LITTLE_ENDIAN)`($sp)
+	fadd	$x2,$x2,$h2lo
+	 stw	$in2,`$LOCALS+8*2+(4^$LITTLE_ENDIAN)`($sp)
+	fadd	$x3,$x3,$h3lo
+	 stw	$in3,`$LOCALS+8*3+(4^$LITTLE_ENDIAN)`($sp)
+
+	b	Lentry
+
+.align	4
+Loop:
+	fsub	$y0,$y0,$two0			# de-bias input
+	 addic	$len,$len,1
+	fsub	$y1,$y1,$two32
+	 addze	r0,r0
+	fsub	$y2,$y2,$two64
+	 slwi.	r0,r0,4
+	fsub	$y3,$y3,$two96
+	 sub	$inp,$inp,r0			# conditional rewind
+
+	fadd	$h0lo,$h0lo,$y0			# accumulate input
+	fadd	$h0hi,$h0hi,$y1
+	fadd	$h2lo,$h2lo,$y2
+	fadd	$h2hi,$h2hi,$y3
+
+	######################################### base 2^48 -> base 2^32
+	fadd	$c1lo,$h1lo,$two64
+	 $LWXLE	$in0,0,$inp			# modulo-scheduled input load
+	fadd	$c1hi,$h1hi,$two64
+	 $LWXLE	$in1,$i1,$inp
+	fadd	$c3lo,$h3lo,$two130
+	 $LWXLE	$in2,$i2,$inp
+	fadd	$c3hi,$h3hi,$two130
+	 $LWXLE	$in3,$i3,$inp
+	fadd	$c0lo,$h0lo,$two32
+	 addi	$inp,$inp,16
+	fadd	$c0hi,$h0hi,$two32
+	fadd	$c2lo,$h2lo,$two96
+	fadd	$c2hi,$h2hi,$two96
+
+	fsub	$c1lo,$c1lo,$two64
+	 stw	$in0,`$LOCALS+8*0+(4^$LITTLE_ENDIAN)`($sp)	# fill "template"
+	fsub	$c1hi,$c1hi,$two64
+	 stw	$in1,`$LOCALS+8*1+(4^$LITTLE_ENDIAN)`($sp)
+	fsub	$c3lo,$c3lo,$two130
+	 stw	$in2,`$LOCALS+8*2+(4^$LITTLE_ENDIAN)`($sp)
+	fsub	$c3hi,$c3hi,$two130
+	 stw	$in3,`$LOCALS+8*3+(4^$LITTLE_ENDIAN)`($sp)
+	fsub	$c0lo,$c0lo,$two32
+	fsub	$c0hi,$c0hi,$two32
+	fsub	$c2lo,$c2lo,$two96
+	fsub	$c2hi,$c2hi,$two96
+
+	fsub	$h1lo,$h1lo,$c1lo
+	fsub	$h1hi,$h1hi,$c1hi
+	fsub	$h3lo,$h3lo,$c3lo
+	fsub	$h3hi,$h3hi,$c3hi
+	fsub	$h2lo,$h2lo,$c2lo
+	fsub	$h2hi,$h2hi,$c2hi
+	fsub	$h0lo,$h0lo,$c0lo
+	fsub	$h0hi,$h0hi,$c0hi
+
+	fadd	$h1lo,$h1lo,$c0lo
+	fadd	$h1hi,$h1hi,$c0hi
+	fadd	$h3lo,$h3lo,$c2lo
+	fadd	$h3hi,$h3hi,$c2hi
+	fadd	$h2lo,$h2lo,$c1lo
+	fadd	$h2hi,$h2hi,$c1hi
+	fmadd	$h0lo,$c3lo,$five_two130,$h0lo
+	fmadd	$h0hi,$c3hi,$five_two130,$h0hi
+
+	fadd	$x1,$h1lo,$h1hi
+	 lfd	$s1lo,8*12($ctx)		# reload constants
+	fadd	$x3,$h3lo,$h3hi
+	 lfd	$s1hi,8*13($ctx)
+	fadd	$x2,$h2lo,$h2hi
+	 lfd	$r3lo,8*10($ctx)
+	fadd	$x0,$h0lo,$h0hi
+	 lfd	$r3hi,8*11($ctx)
+Lentry:
+	fmul	$h0lo,$s3lo,$x1
+	fmul	$h0hi,$s3hi,$x1
+	fmul	$h2lo,$r1lo,$x1
+	fmul	$h2hi,$r1hi,$x1
+	fmul	$h1lo,$r0lo,$x1
+	fmul	$h1hi,$r0hi,$x1
+	fmul	$h3lo,$r2lo,$x1
+	fmul	$h3hi,$r2hi,$x1
+
+	fmadd	$h0lo,$s1lo,$x3,$h0lo
+	fmadd	$h0hi,$s1hi,$x3,$h0hi
+	fmadd	$h2lo,$s3lo,$x3,$h2lo
+	fmadd	$h2hi,$s3hi,$x3,$h2hi
+	fmadd	$h1lo,$s2lo,$x3,$h1lo
+	fmadd	$h1hi,$s2hi,$x3,$h1hi
+	fmadd	$h3lo,$r0lo,$x3,$h3lo
+	fmadd	$h3hi,$r0hi,$x3,$h3hi
+
+	fmadd	$h0lo,$s2lo,$x2,$h0lo
+	fmadd	$h0hi,$s2hi,$x2,$h0hi
+	fmadd	$h2lo,$r0lo,$x2,$h2lo
+	fmadd	$h2hi,$r0hi,$x2,$h2hi
+	fmadd	$h1lo,$s3lo,$x2,$h1lo
+	fmadd	$h1hi,$s3hi,$x2,$h1hi
+	fmadd	$h3lo,$r1lo,$x2,$h3lo
+	fmadd	$h3hi,$r1hi,$x2,$h3hi
+
+	fmadd	$h0lo,$r0lo,$x0,$h0lo
+	 lfd	$y0,`$LOCALS+8*0`($sp)		# load [biased] input
+	fmadd	$h0hi,$r0hi,$x0,$h0hi
+	 lfd	$y1,`$LOCALS+8*1`($sp)
+	fmadd	$h2lo,$r2lo,$x0,$h2lo
+	 lfd	$y2,`$LOCALS+8*2`($sp)
+	fmadd	$h2hi,$r2hi,$x0,$h2hi
+	 lfd	$y3,`$LOCALS+8*3`($sp)
+	fmadd	$h1lo,$r1lo,$x0,$h1lo
+	fmadd	$h1hi,$r1hi,$x0,$h1hi
+	fmadd	$h3lo,$r3lo,$x0,$h3lo
+	fmadd	$h3hi,$r3hi,$x0,$h3hi
+
+	bdnz	Loop
+
+	######################################### base 2^48 -> base 2^32
+	fadd	$c0lo,$h0lo,$two32
+	fadd	$c0hi,$h0hi,$two32
+	fadd	$c2lo,$h2lo,$two96
+	fadd	$c2hi,$h2hi,$two96
+	fadd	$c1lo,$h1lo,$two64
+	fadd	$c1hi,$h1hi,$two64
+	fadd	$c3lo,$h3lo,$two130
+	fadd	$c3hi,$h3hi,$two130
+
+	fsub	$c0lo,$c0lo,$two32
+	fsub	$c0hi,$c0hi,$two32
+	fsub	$c2lo,$c2lo,$two96
+	fsub	$c2hi,$c2hi,$two96
+	fsub	$c1lo,$c1lo,$two64
+	fsub	$c1hi,$c1hi,$two64
+	fsub	$c3lo,$c3lo,$two130
+	fsub	$c3hi,$c3hi,$two130
+
+	fsub	$h1lo,$h1lo,$c1lo
+	fsub	$h1hi,$h1hi,$c1hi
+	fsub	$h3lo,$h3lo,$c3lo
+	fsub	$h3hi,$h3hi,$c3hi
+	fsub	$h2lo,$h2lo,$c2lo
+	fsub	$h2hi,$h2hi,$c2hi
+	fsub	$h0lo,$h0lo,$c0lo
+	fsub	$h0hi,$h0hi,$c0hi
+
+	fadd	$h1lo,$h1lo,$c0lo
+	fadd	$h1hi,$h1hi,$c0hi
+	fadd	$h3lo,$h3lo,$c2lo
+	fadd	$h3hi,$h3hi,$c2hi
+	fadd	$h2lo,$h2lo,$c1lo
+	fadd	$h2hi,$h2hi,$c1hi
+	fmadd	$h0lo,$c3lo,$five_two130,$h0lo
+	fmadd	$h0hi,$c3hi,$five_two130,$h0hi
+
+	fadd	$x1,$h1lo,$h1hi
+	fadd	$x3,$h3lo,$h3hi
+	fadd	$x2,$h2lo,$h2hi
+	fadd	$x0,$h0lo,$h0hi
+
+	lfd	$h0lo,`$LOCALS+8*4`($sp)	# pull saved fpscr
+	fadd	$x1,$x1,$two32			# bias
+	fadd	$x3,$x3,$two96
+	fadd	$x2,$x2,$two64
+	fadd	$x0,$x0,$two0
+
+	stfd	$x1,8*1($ctx)			# store [biased] hash value
+	stfd	$x3,8*3($ctx)
+	stfd	$x2,8*2($ctx)
+	stfd	$x0,8*0($ctx)
+
+	mtfsf	255,$h0lo			# restore original fpscr
+	lfd	f14,`$FRAME-8*18`($sp)
+	lfd	f15,`$FRAME-8*17`($sp)
+	lfd	f16,`$FRAME-8*16`($sp)
+	lfd	f17,`$FRAME-8*15`($sp)
+	lfd	f18,`$FRAME-8*14`($sp)
+	lfd	f19,`$FRAME-8*13`($sp)
+	lfd	f20,`$FRAME-8*12`($sp)
+	lfd	f21,`$FRAME-8*11`($sp)
+	lfd	f22,`$FRAME-8*10`($sp)
+	lfd	f23,`$FRAME-8*9`($sp)
+	lfd	f24,`$FRAME-8*8`($sp)
+	lfd	f25,`$FRAME-8*7`($sp)
+	lfd	f26,`$FRAME-8*6`($sp)
+	lfd	f27,`$FRAME-8*5`($sp)
+	lfd	f28,`$FRAME-8*4`($sp)
+	lfd	f29,`$FRAME-8*3`($sp)
+	lfd	f30,`$FRAME-8*2`($sp)
+	lfd	f31,`$FRAME-8*1`($sp)
+	addi	$sp,$sp,$FRAME
+Labort:
+	blr
+	.long	0
+	.byte	0,12,4,1,0x80,0,4,0
+.size	.poly1305_blocks_fpu,.-.poly1305_blocks_fpu
+___
+{
+my ($mac,$nonce)=($inp,$len);
+
+my ($h0,$h1,$h2,$h3,$h4, $d0,$d1,$d2,$d3
+   ) = map("r$_",(7..11,28..31));
+my $mask = "r0";
+my $FRAME = (6+4)*$SIZE_T;
+
+$code.=<<___;
+.globl	.poly1305_emit_fpu
+.align	4
+.poly1305_emit_fpu:
+	$STU	$sp,-$FRAME($sp)
+	mflr	r0
+	$PUSH	r28,`$FRAME-$SIZE_T*4`($sp)
+	$PUSH	r29,`$FRAME-$SIZE_T*3`($sp)
+	$PUSH	r30,`$FRAME-$SIZE_T*2`($sp)
+	$PUSH	r31,`$FRAME-$SIZE_T*1`($sp)
+	$PUSH	r0,`$FRAME+$LRSAVE`($sp)
+
+	lwz	$d0,`8*0+(0^$LITTLE_ENDIAN)`($ctx)	# load hash
+	lwz	$h0,`8*0+(4^$LITTLE_ENDIAN)`($ctx)
+	lwz	$d1,`8*1+(0^$LITTLE_ENDIAN)`($ctx)
+	lwz	$h1,`8*1+(4^$LITTLE_ENDIAN)`($ctx)
+	lwz	$d2,`8*2+(0^$LITTLE_ENDIAN)`($ctx)
+	lwz	$h2,`8*2+(4^$LITTLE_ENDIAN)`($ctx)
+	lwz	$d3,`8*3+(0^$LITTLE_ENDIAN)`($ctx)
+	lwz	$h3,`8*3+(4^$LITTLE_ENDIAN)`($ctx)
+
+	lis	$mask,0xfff0
+	andc	$d0,$d0,$mask			# mask exponent
+	andc	$d1,$d1,$mask
+	andc	$d2,$d2,$mask
+	andc	$d3,$d3,$mask			# can be partially reduced...
+	li	$mask,3
+
+	srwi	$padbit,$d3,2			# ... so reduce
+	and	$h4,$d3,$mask
+	andc	$d3,$d3,$mask
+	add	$d3,$d3,$padbit
+___
+						if ($SIZE_T==4) {
+$code.=<<___;
+	addc	$h0,$h0,$d3
+	adde	$h1,$h1,$d0
+	adde	$h2,$h2,$d1
+	adde	$h3,$h3,$d2
+	addze	$h4,$h4
+
+	addic	$d0,$h0,5			# compare to modulus
+	addze	$d1,$h1
+	addze	$d2,$h2
+	addze	$d3,$h3
+	addze	$mask,$h4
+
+	srwi	$mask,$mask,2			# did it carry/borrow?
+	neg	$mask,$mask
+	srawi	$mask,$mask,31			# mask
+
+	andc	$h0,$h0,$mask
+	and	$d0,$d0,$mask
+	andc	$h1,$h1,$mask
+	and	$d1,$d1,$mask
+	or	$h0,$h0,$d0
+	lwz	$d0,0($nonce)			# load nonce
+	andc	$h2,$h2,$mask
+	and	$d2,$d2,$mask
+	or	$h1,$h1,$d1
+	lwz	$d1,4($nonce)
+	andc	$h3,$h3,$mask
+	and	$d3,$d3,$mask
+	or	$h2,$h2,$d2
+	lwz	$d2,8($nonce)
+	or	$h3,$h3,$d3
+	lwz	$d3,12($nonce)
+
+	addc	$h0,$h0,$d0			# accumulate nonce
+	adde	$h1,$h1,$d1
+	adde	$h2,$h2,$d2
+	adde	$h3,$h3,$d3
+___
+						} else {
+$code.=<<___;
+	add	$h0,$h0,$d3
+	add	$h1,$h1,$d0
+	add	$h2,$h2,$d1
+	add	$h3,$h3,$d2
+
+	srdi	$d0,$h0,32
+	add	$h1,$h1,$d0
+	srdi	$d1,$h1,32
+	add	$h2,$h2,$d1
+	srdi	$d2,$h2,32
+	add	$h3,$h3,$d2
+	srdi	$d3,$h3,32
+	add	$h4,$h4,$d3
+
+	insrdi	$h0,$h1,32,0
+	insrdi	$h2,$h3,32,0
+
+	addic	$d0,$h0,5			# compare to modulus
+	addze	$d1,$h2
+	addze	$d2,$h4
+
+	srdi	$mask,$d2,2			# did it carry/borrow?
+	neg	$mask,$mask
+	sradi	$mask,$mask,63			# mask
+	ld	$d2,0($nonce)			# load nonce
+	ld	$d3,8($nonce)
+
+	andc	$h0,$h0,$mask
+	and	$d0,$d0,$mask
+	andc	$h2,$h2,$mask
+	and	$d1,$d1,$mask
+	or	$h0,$h0,$d0
+	or	$h2,$h2,$d1
+___
+$code.=<<___	if (!$LITTLE_ENDIAN);
+	rotldi	$d2,$d2,32			# flip nonce words
+	rotldi	$d3,$d3,32
+___
+$code.=<<___;
+	addc	$h0,$h0,$d2			# accumulate nonce
+	adde	$h2,$h2,$d3
+
+	srdi	$h1,$h0,32
+	srdi	$h3,$h2,32
+___
+						}
+$code.=<<___	if ($LITTLE_ENDIAN);
+	stw	$h0,0($mac)			# write result
+	stw	$h1,4($mac)
+	stw	$h2,8($mac)
+	stw	$h3,12($mac)
+___
+$code.=<<___	if (!$LITTLE_ENDIAN);
+	li	$d1,4
+	stwbrx	$h0,0,$mac			# write result
+	li	$d2,8
+	stwbrx	$h1,$d1,$mac
+	li	$d3,12
+	stwbrx	$h2,$d2,$mac
+	stwbrx	$h3,$d3,$mac
+___
+$code.=<<___;
+	$POP	r28,`$FRAME-$SIZE_T*4`($sp)
+	$POP	r29,`$FRAME-$SIZE_T*3`($sp)
+	$POP	r30,`$FRAME-$SIZE_T*2`($sp)
+	$POP	r31,`$FRAME-$SIZE_T*1`($sp)
+	addi	$sp,$sp,$FRAME
+	blr
+	.long	0
+	.byte	0,12,4,1,0x80,4,3,0
+.size	.poly1305_emit_fpu,.-.poly1305_emit_fpu
+___
+}
+# Ugly hack here, because PPC assembler syntax seem to vary too
+# much from platforms to platform...
+$code.=<<___;
+.align	6
+LPICmeup:
+	mflr	r0
+	bcl	20,31,\$+4
+	mflr	$len	# vvvvvv "distance" between . and 1st data entry
+	addi	$len,$len,`64-8`	# borrow $len
+	mtlr	r0
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+	.space	`64-9*4`
+
+.quad	0x4330000000000000		# 2^(52+0)
+.quad	0x4530000000000000		# 2^(52+32)
+.quad	0x4730000000000000		# 2^(52+64)
+.quad	0x4930000000000000		# 2^(52+96)
+.quad	0x4b50000000000000		# 2^(52+130)
+
+.quad	0x37f4000000000000		# 5/2^130
+
+.quad	0x4430000000000000		# 2^(52+16+0)
+.quad	0x4630000000000000		# 2^(52+16+32)
+.quad	0x4830000000000000		# 2^(52+16+64)
+.quad	0x4a30000000000000		# 2^(52+16+96)
+.quad	0x3e30000000000000		# 2^(52+16+0-96)
+.quad	0x4030000000000000		# 2^(52+16+32-96)
+.quad	0x4230000000000000		# 2^(52+16+64-96)
+
+.quad	0x0000000000000001		# fpscr: truncate, no exceptions
+.asciz	"Poly1305 for PPC FPU, CRYPTOGAMS by <appro\@openssl.org>"
+.align	4
+___
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-s390x.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-s390x.pl
new file mode 100755
index 000000000..82d757d9a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-s390x.pl
@@ -0,0 +1,227 @@
+#! /usr/bin/env perl
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# This module implements Poly1305 hash for s390x.
+#
+# June 2015
+#
+# ~6.6/2.3 cpb on z10/z196+, >2x improvement over compiler-generated
+# code. For older compiler improvement coefficient is >3x, because
+# then base 2^64 and base 2^32 implementations are compared.
+#
+# On side note, z13 enables vector base 2^26 implementation...
+
+$flavour = shift;
+
+if ($flavour =~ /3[12]/) {
+	$SIZE_T=4;
+	$g="";
+} else {
+	$SIZE_T=8;
+	$g="g";
+}
+
+while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+open STDOUT,">$output";
+
+$sp="%r15";
+
+my ($ctx,$inp,$len,$padbit) = map("%r$_",(2..5));
+
+$code.=<<___;
+.text
+
+.globl	poly1305_init
+.type	poly1305_init,\@function
+.align	16
+poly1305_init:
+	lghi	%r0,0
+	lghi	%r1,-1
+	stg	%r0,0($ctx)		# zero hash value
+	stg	%r0,8($ctx)
+	stg	%r0,16($ctx)
+
+	cl${g}r	$inp,%r0
+	je	.Lno_key
+
+	lrvg	%r4,0($inp)		# load little-endian key
+	lrvg	%r5,8($inp)
+
+	nihl	%r1,0xffc0		# 0xffffffc0ffffffff
+	srlg	%r0,%r1,4		# 0x0ffffffc0fffffff
+	srlg	%r1,%r1,4
+	nill	%r1,0xfffc		# 0x0ffffffc0ffffffc
+
+	ngr	%r4,%r0
+	ngr	%r5,%r1
+
+	stg	%r4,32($ctx)
+	stg	%r5,40($ctx)
+
+.Lno_key:
+	lghi	%r2,0
+	br	%r14
+.size	poly1305_init,.-poly1305_init
+___
+{
+my ($d0hi,$d0lo,$d1hi,$d1lo,$t0,$h0,$t1,$h1,$h2) = map("%r$_",(6..14));
+my ($r0,$r1,$s1) = map("%r$_",(0..2));
+
+$code.=<<___;
+.globl	poly1305_blocks
+.type	poly1305_blocks,\@function
+.align	16
+poly1305_blocks:
+	srl${g}	$len,4			# fixed-up in 64-bit build
+	lghi	%r0,0
+	cl${g}r	$len,%r0
+	je	.Lno_data
+
+	stm${g}	%r6,%r14,`6*$SIZE_T`($sp)
+
+	llgfr   $padbit,$padbit		# clear upper half, much needed with
+					# non-64-bit ABI
+	lg	$r0,32($ctx)		# load key
+	lg	$r1,40($ctx)
+
+	lg	$h0,0($ctx)		# load hash value
+	lg	$h1,8($ctx)
+	lg	$h2,16($ctx)
+
+	st$g	$ctx,`2*$SIZE_T`($sp)	# off-load $ctx
+	srlg	$s1,$r1,2
+	algr	$s1,$r1			# s1 = r1 + r1>>2
+	j	.Loop
+
+.align	16
+.Loop:
+	lrvg	$d0lo,0($inp)		# load little-endian input
+	lrvg	$d1lo,8($inp)
+	la	$inp,16($inp)
+
+	algr	$d0lo,$h0		# accumulate input
+	alcgr	$d1lo,$h1
+
+	lgr	$h0,$d0lo
+	mlgr	$d0hi,$r0		# h0*r0	  -> $d0hi:$d0lo
+	lgr	$h1,$d1lo
+	mlgr	$d1hi,$s1		# h1*5*r1 -> $d1hi:$d1lo
+
+	mlgr	$t0,$r1			# h0*r1   -> $t0:$h0
+	mlgr	$t1,$r0			# h1*r0   -> $t1:$h1
+	alcgr	$h2,$padbit
+
+	algr	$d0lo,$d1lo
+	lgr	$d1lo,$h2
+	alcgr	$d0hi,$d1hi
+	lghi	$d1hi,0
+
+	algr	$h1,$h0
+	alcgr	$t1,$t0
+
+	msgr	$d1lo,$s1		# h2*s1
+	msgr	$h2,$r0			# h2*r0
+
+	algr	$h1,$d1lo
+	alcgr	$t1,$d1hi		# $d1hi is zero
+
+	algr	$h1,$d0hi
+	alcgr	$h2,$t1
+
+	lghi	$h0,-4			# final reduction step
+	ngr	$h0,$h2
+	srlg	$t0,$h2,2
+	algr	$h0,$t0
+	lghi	$t1,3
+	ngr	$h2,$t1
+
+	algr	$h0,$d0lo
+	alcgr	$h1,$d1hi		# $d1hi is still zero
+	alcgr	$h2,$d1hi		# $d1hi is still zero
+
+	brct$g	$len,.Loop
+
+	l$g	$ctx,`2*$SIZE_T`($sp)	# restore $ctx
+
+	stg	$h0,0($ctx)		# store hash value
+	stg	$h1,8($ctx)
+	stg	$h2,16($ctx)
+
+	lm${g}	%r6,%r14,`6*$SIZE_T`($sp)
+.Lno_data:
+	br	%r14
+.size	poly1305_blocks,.-poly1305_blocks
+___
+}
+{
+my ($mac,$nonce)=($inp,$len);
+my ($h0,$h1,$h2,$d0,$d1)=map("%r$_",(5..9));
+
+$code.=<<___;
+.globl	poly1305_emit
+.type	poly1305_emit,\@function
+.align	16
+poly1305_emit:
+	stm${g}	%r6,%r9,`6*$SIZE_T`($sp)
+
+	lg	$h0,0($ctx)
+	lg	$h1,8($ctx)
+	lg	$h2,16($ctx)
+
+	lghi	%r0,5
+	lghi	%r1,0
+	lgr	$d0,$h0
+	lgr	$d1,$h1
+
+	algr	$h0,%r0			# compare to modulus
+	alcgr	$h1,%r1
+	alcgr	$h2,%r1
+
+	srlg	$h2,$h2,2		# did it borrow/carry?
+	slgr	%r1,$h2			# 0-$h2>>2
+	lg	$h2,0($nonce)		# load nonce
+	lghi	%r0,-1
+	lg	$ctx,8($nonce)
+	xgr	%r0,%r1			# ~%r1
+
+	ngr	$h0,%r1
+	ngr	$d0,%r0
+	ngr	$h1,%r1
+	ngr	$d1,%r0
+	ogr	$h0,$d0
+	rllg	$d0,$h2,32		# flip nonce words
+	ogr	$h1,$d1
+	rllg	$d1,$ctx,32
+
+	algr	$h0,$d0			# accumulate nonce
+	alcgr	$h1,$d1
+
+	strvg	$h0,0($mac)		# write little-endian result
+	strvg	$h1,8($mac)
+
+	lm${g}	%r6,%r9,`6*$SIZE_T`($sp)
+	br	%r14
+.size	poly1305_emit,.-poly1305_emit
+
+.string	"Poly1305 for s390x, CRYPTOGAMS by <appro\@openssl.org>"
+___
+}
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+$code =~ s/\b(srlg\s+)(%r[0-9]+\s*,)\s*([0-9]+)/$1$2$2$3/gm;
+
+print $code;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-sparcv9.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-sparcv9.pl
new file mode 100755
index 000000000..0bdd04892
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-sparcv9.pl
@@ -0,0 +1,1120 @@
+#! /usr/bin/env perl
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# This module implements Poly1305 hash for SPARCv9, vanilla, as well
+# as VIS3 and FMA extensions.
+#
+# May, August 2015
+#
+# Numbers are cycles per processed byte with poly1305_blocks alone.
+#
+#			IALU(*)		FMA
+#
+# UltraSPARC III	12.3(**)
+# SPARC T3		7.92
+# SPARC T4		1.70(***)	6.55
+# SPARC64 X		5.60		3.64
+#
+# (*)	Comparison to compiler-generated code is really problematic,
+#	because latter's performance varies too much depending on too
+#	many variables. For example, one can measure from 5x to 15x
+#	improvement on T4 for gcc-4.6. Well, in T4 case it's a bit
+#	unfair comparison, because compiler doesn't use VIS3, but
+#	given same initial conditions coefficient varies from 3x to 9x.
+# (**)	Pre-III performance should be even worse; floating-point
+#	performance for UltraSPARC I-IV on the other hand is reported
+#	to be 4.25 for hand-coded assembly, but they are just too old
+#	to care about.
+# (***)	Multi-process benchmark saturates at ~12.5x single-process
+#	result on 8-core processor, or ~21GBps per 2.85GHz socket.
+
+my $output = pop;
+open STDOUT,">$output";
+
+my ($ctx,$inp,$len,$padbit,$shl,$shr)	= map("%i$_",(0..5));
+my ($r0,$r1,$r2,$r3,$s1,$s2,$s3,$h4)	= map("%l$_",(0..7));
+my ($h0,$h1,$h2,$h3, $t0,$t1,$t2)	= map("%o$_",(0..5,7));
+my ($d0,$d1,$d2,$d3)			= map("%g$_",(1..4));
+
+my $output = pop;
+open STDOUT,">$stdout";
+
+$code.=<<___;
+#include "sparc_arch.h"
+
+#ifdef	__arch64__
+.register	%g2,#scratch
+.register	%g3,#scratch
+# define	STPTR	stx
+# define	SIZE_T	8
+#else
+# define	STPTR	st
+# define	SIZE_T	4
+#endif
+#define	LOCALS	(STACK_BIAS+STACK_FRAME)
+
+.section	".text",#alloc,#execinstr
+
+#ifdef __PIC__
+SPARC_PIC_THUNK(%g1)
+#endif
+
+.globl	poly1305_init
+.align	32
+poly1305_init:
+	save	%sp,-STACK_FRAME-16,%sp
+	nop
+
+	SPARC_LOAD_ADDRESS(OPENSSL_sparcv9cap_P,%g1)
+	ld	[%g1],%g1
+
+	and	%g1,SPARCV9_FMADD|SPARCV9_VIS3,%g1
+	cmp	%g1,SPARCV9_FMADD
+	be	.Lpoly1305_init_fma
+	nop
+
+	stx	%g0,[$ctx+0]
+	stx	%g0,[$ctx+8]		! zero hash value
+	brz,pn	$inp,.Lno_key
+	stx	%g0,[$ctx+16]
+
+	and	$inp,7,$shr		! alignment factor
+	andn	$inp,7,$inp
+	sll	$shr,3,$shr		! *8
+	neg	$shr,$shl
+
+	sethi	%hi(0x0ffffffc),$t0
+	set	8,$h1
+	or	$t0,%lo(0x0ffffffc),$t0
+	set	16,$h2
+	sllx	$t0,32,$t1
+	or	$t0,$t1,$t1		! 0x0ffffffc0ffffffc
+	or	$t1,3,$t0		! 0x0ffffffc0fffffff
+
+	ldxa	[$inp+%g0]0x88,$h0	! load little-endian key
+	brz,pt	$shr,.Lkey_aligned
+	ldxa	[$inp+$h1]0x88,$h1
+
+	ldxa	[$inp+$h2]0x88,$h2
+	srlx	$h0,$shr,$h0
+	sllx	$h1,$shl,$t2
+	srlx	$h1,$shr,$h1
+	or	$t2,$h0,$h0
+	sllx	$h2,$shl,$h2
+	or	$h2,$h1,$h1
+
+.Lkey_aligned:
+	and	$t0,$h0,$h0
+	and	$t1,$h1,$h1
+	stx	$h0,[$ctx+32+0]		! store key
+	stx	$h1,[$ctx+32+8]
+
+	andcc	%g1,SPARCV9_VIS3,%g0
+	be	.Lno_key
+	nop
+
+1:	call	.+8
+	add	%o7,poly1305_blocks_vis3-1b,%o7
+
+	add	%o7,poly1305_emit-poly1305_blocks_vis3,%o5
+	STPTR	%o7,[%i2]
+	STPTR	%o5,[%i2+SIZE_T]
+
+	ret
+	restore	%g0,1,%o0		! return 1
+
+.Lno_key:
+	ret
+	restore	%g0,%g0,%o0		! return 0
+.type	poly1305_init,#function
+.size	poly1305_init,.-poly1305_init
+
+.globl	poly1305_blocks
+.align	32
+poly1305_blocks:
+	save	%sp,-STACK_FRAME,%sp
+	srln	$len,4,$len
+
+	brz,pn	$len,.Lno_data
+	nop
+
+	ld	[$ctx+32+0],$r1		! load key
+	ld	[$ctx+32+4],$r0
+	ld	[$ctx+32+8],$r3
+	ld	[$ctx+32+12],$r2
+
+	ld	[$ctx+0],$h1		! load hash value
+	ld	[$ctx+4],$h0
+	ld	[$ctx+8],$h3
+	ld	[$ctx+12],$h2
+	ld	[$ctx+16],$h4
+
+	and	$inp,7,$shr		! alignment factor
+	andn	$inp,7,$inp
+	set	8,$d1
+	sll	$shr,3,$shr		! *8
+	set	16,$d2
+	neg	$shr,$shl
+
+	srl	$r1,2,$s1
+	srl	$r2,2,$s2
+	add	$r1,$s1,$s1
+	srl	$r3,2,$s3
+	add	$r2,$s2,$s2
+	add	$r3,$s3,$s3
+
+.Loop:
+	ldxa	[$inp+%g0]0x88,$d0	! load little-endian input
+	brz,pt	$shr,.Linp_aligned
+	ldxa	[$inp+$d1]0x88,$d1
+
+	ldxa	[$inp+$d2]0x88,$d2
+	srlx	$d0,$shr,$d0
+	sllx	$d1,$shl,$t1
+	srlx	$d1,$shr,$d1
+	or	$t1,$d0,$d0
+	sllx	$d2,$shl,$d2
+	or	$d2,$d1,$d1
+
+.Linp_aligned:
+	srlx	$d0,32,$t0
+	addcc	$d0,$h0,$h0		! accumulate input
+	srlx	$d1,32,$t1
+	addccc	$t0,$h1,$h1
+	addccc	$d1,$h2,$h2
+	addccc	$t1,$h3,$h3
+	addc	$padbit,$h4,$h4
+
+	umul	$r0,$h0,$d0
+	umul	$r1,$h0,$d1
+	umul	$r2,$h0,$d2
+	umul	$r3,$h0,$d3
+	 sub	$len,1,$len
+	 add	$inp,16,$inp
+
+	umul	$s3,$h1,$t0
+	umul	$r0,$h1,$t1
+	umul	$r1,$h1,$t2
+	add	$t0,$d0,$d0
+	add	$t1,$d1,$d1
+	umul	$r2,$h1,$t0
+	add	$t2,$d2,$d2
+	add	$t0,$d3,$d3
+
+	umul	$s2,$h2,$t1
+	umul	$s3,$h2,$t2
+	umul	$r0,$h2,$t0
+	add	$t1,$d0,$d0
+	add	$t2,$d1,$d1
+	umul	$r1,$h2,$t1
+	add	$t0,$d2,$d2
+	add	$t1,$d3,$d3
+
+	umul	$s1,$h3,$t2
+	umul	$s2,$h3,$t0
+	umul	$s3,$h3,$t1
+	add	$t2,$d0,$d0
+	add	$t0,$d1,$d1
+	umul	$r0,$h3,$t2
+	add	$t1,$d2,$d2
+	add	$t2,$d3,$d3
+
+	umul	$s1,$h4,$t0
+	umul	$s2,$h4,$t1
+	umul	$s3,$h4,$t2
+	umul	$r0,$h4,$h4
+	add	$t0,$d1,$d1
+	add	$t1,$d2,$d2
+	srlx	$d0,32,$h1
+	add	$t2,$d3,$d3
+	srlx	$d1,32,$h2
+
+	addcc	$d1,$h1,$h1
+	srlx	$d2,32,$h3
+	 set	8,$d1
+	addccc	$d2,$h2,$h2
+	srlx	$d3,32,$t0
+	 set	16,$d2
+	addccc	$d3,$h3,$h3
+	addc	$t0,$h4,$h4
+
+	srl	$h4,2,$t0		! final reduction step
+	andn	$h4,3,$t1
+	and	$h4,3,$h4
+	add	$t1,$t0,$t0
+
+	addcc	$t0,$d0,$h0
+	addccc	%g0,$h1,$h1
+	addccc	%g0,$h2,$h2
+	addccc	%g0,$h3,$h3
+	brnz,pt	$len,.Loop
+	addc	%g0,$h4,$h4
+
+	st	$h1,[$ctx+0]		! store hash value
+	st	$h0,[$ctx+4]
+	st	$h3,[$ctx+8]
+	st	$h2,[$ctx+12]
+	st	$h4,[$ctx+16]
+
+.Lno_data:
+	ret
+	restore
+.type	poly1305_blocks,#function
+.size	poly1305_blocks,.-poly1305_blocks
+___
+########################################################################
+# VIS3 has umulxhi and addxc...
+{
+my ($H0,$H1,$H2,$R0,$R1,$S1,$T1) = map("%o$_",(0..5,7));
+my ($D0,$D1,$D2,$T0) = map("%g$_",(1..4));
+
+$code.=<<___;
+.align	32
+poly1305_blocks_vis3:
+	save	%sp,-STACK_FRAME,%sp
+	srln	$len,4,$len
+
+	brz,pn	$len,.Lno_data
+	nop
+
+	ldx	[$ctx+32+0],$R0		! load key
+	ldx	[$ctx+32+8],$R1
+
+	ldx	[$ctx+0],$H0		! load hash value
+	ldx	[$ctx+8],$H1
+	ld	[$ctx+16],$H2
+
+	and	$inp,7,$shr		! alignment factor
+	andn	$inp,7,$inp
+	set	8,$r1
+	sll	$shr,3,$shr		! *8
+	set	16,$r2
+	neg	$shr,$shl
+
+	srlx	$R1,2,$S1
+	b	.Loop_vis3
+	add	$R1,$S1,$S1
+
+.Loop_vis3:
+	ldxa	[$inp+%g0]0x88,$D0	! load little-endian input
+	brz,pt	$shr,.Linp_aligned_vis3
+	ldxa	[$inp+$r1]0x88,$D1
+
+	ldxa	[$inp+$r2]0x88,$D2
+	srlx	$D0,$shr,$D0
+	sllx	$D1,$shl,$T1
+	srlx	$D1,$shr,$D1
+	or	$T1,$D0,$D0
+	sllx	$D2,$shl,$D2
+	or	$D2,$D1,$D1
+
+.Linp_aligned_vis3:
+	addcc	$D0,$H0,$H0		! accumulate input
+	 sub	$len,1,$len
+	addxccc	$D1,$H1,$H1
+	 add	$inp,16,$inp
+
+	mulx	$R0,$H0,$D0		! r0*h0
+	addxc	$padbit,$H2,$H2
+	umulxhi	$R0,$H0,$D1
+	mulx	$S1,$H1,$T0		! s1*h1
+	umulxhi	$S1,$H1,$T1
+	addcc	$T0,$D0,$D0
+	mulx	$R1,$H0,$T0		! r1*h0
+	addxc	$T1,$D1,$D1
+	umulxhi	$R1,$H0,$D2
+	addcc	$T0,$D1,$D1
+	mulx	$R0,$H1,$T0		! r0*h1
+	addxc	%g0,$D2,$D2
+	umulxhi	$R0,$H1,$T1
+	addcc	$T0,$D1,$D1
+	mulx	$S1,$H2,$T0		! s1*h2
+	addxc	$T1,$D2,$D2
+	mulx	$R0,$H2,$T1		! r0*h2
+	addcc	$T0,$D1,$D1
+	addxc	$T1,$D2,$D2
+
+	srlx	$D2,2,$T0		! final reduction step
+	andn	$D2,3,$T1
+	and	$D2,3,$H2
+	add	$T1,$T0,$T0
+
+	addcc	$T0,$D0,$H0
+	addxccc	%g0,$D1,$H1
+	brnz,pt	$len,.Loop_vis3
+	addxc	%g0,$H2,$H2
+
+	stx	$H0,[$ctx+0]		! store hash value
+	stx	$H1,[$ctx+8]
+	st	$H2,[$ctx+16]
+
+	ret
+	restore
+.type	poly1305_blocks_vis3,#function
+.size	poly1305_blocks_vis3,.-poly1305_blocks_vis3
+___
+}
+my ($mac,$nonce) = ($inp,$len);
+
+$code.=<<___;
+.globl	poly1305_emit
+.align	32
+poly1305_emit:
+	save	%sp,-STACK_FRAME,%sp
+
+	ld	[$ctx+0],$h1		! load hash value
+	ld	[$ctx+4],$h0
+	ld	[$ctx+8],$h3
+	ld	[$ctx+12],$h2
+	ld	[$ctx+16],$h4
+
+	addcc	$h0,5,$r0		! compare to modulus
+	addccc	$h1,0,$r1
+	addccc	$h2,0,$r2
+	addccc	$h3,0,$r3
+	addc	$h4,0,$h4
+	andcc	$h4,4,%g0		! did it carry/borrow?
+
+	movnz	%icc,$r0,$h0
+	ld	[$nonce+0],$r0		! load nonce
+	movnz	%icc,$r1,$h1
+	ld	[$nonce+4],$r1
+	movnz	%icc,$r2,$h2
+	ld	[$nonce+8],$r2
+	movnz	%icc,$r3,$h3
+	ld	[$nonce+12],$r3
+
+	addcc	$r0,$h0,$h0		! accumulate nonce
+	addccc	$r1,$h1,$h1
+	addccc	$r2,$h2,$h2
+	addc	$r3,$h3,$h3
+
+	srl	$h0,8,$r0
+	stb	$h0,[$mac+0]		! store little-endian result
+	srl	$h0,16,$r1
+	stb	$r0,[$mac+1]
+	srl	$h0,24,$r2
+	stb	$r1,[$mac+2]
+	stb	$r2,[$mac+3]
+
+	srl	$h1,8,$r0
+	stb	$h1,[$mac+4]
+	srl	$h1,16,$r1
+	stb	$r0,[$mac+5]
+	srl	$h1,24,$r2
+	stb	$r1,[$mac+6]
+	stb	$r2,[$mac+7]
+
+	srl	$h2,8,$r0
+	stb	$h2,[$mac+8]
+	srl	$h2,16,$r1
+	stb	$r0,[$mac+9]
+	srl	$h2,24,$r2
+	stb	$r1,[$mac+10]
+	stb	$r2,[$mac+11]
+
+	srl	$h3,8,$r0
+	stb	$h3,[$mac+12]
+	srl	$h3,16,$r1
+	stb	$r0,[$mac+13]
+	srl	$h3,24,$r2
+	stb	$r1,[$mac+14]
+	stb	$r2,[$mac+15]
+
+	ret
+	restore
+.type	poly1305_emit,#function
+.size	poly1305_emit,.-poly1305_emit
+___
+
+{
+my ($ctx,$inp,$len,$padbit) = map("%i$_",(0..3));
+my ($in0,$in1,$in2,$in3,$in4) = map("%o$_",(0..4));
+my ($i1,$step,$shr,$shl) = map("%l$_",(0..7));
+my $i2=$step;
+
+my ($h0lo,$h0hi,$h1lo,$h1hi,$h2lo,$h2hi,$h3lo,$h3hi,
+    $two0,$two32,$two64,$two96,$two130,$five_two130,
+    $r0lo,$r0hi,$r1lo,$r1hi,$r2lo,$r2hi,
+    $s2lo,$s2hi,$s3lo,$s3hi,
+    $c0lo,$c0hi,$c1lo,$c1hi,$c2lo,$c2hi,$c3lo,$c3hi) = map("%f".2*$_,(0..31));
+# borrowings
+my ($r3lo,$r3hi,$s1lo,$s1hi) = ($c0lo,$c0hi,$c1lo,$c1hi);
+my ($x0,$x1,$x2,$x3) = ($c2lo,$c2hi,$c3lo,$c3hi);
+my ($y0,$y1,$y2,$y3) = ($c1lo,$c1hi,$c3hi,$c3lo);
+
+$code.=<<___;
+.align	32
+poly1305_init_fma:
+	save	%sp,-STACK_FRAME-16,%sp
+	nop
+
+.Lpoly1305_init_fma:
+1:	call	.+8
+	add	%o7,.Lconsts_fma-1b,%o7
+
+	ldd	[%o7+8*0],$two0			! load constants
+	ldd	[%o7+8*1],$two32
+	ldd	[%o7+8*2],$two64
+	ldd	[%o7+8*3],$two96
+	ldd	[%o7+8*5],$five_two130
+
+	std	$two0,[$ctx+8*0]		! initial hash value, biased 0
+	std	$two32,[$ctx+8*1]
+	std	$two64,[$ctx+8*2]
+	std	$two96,[$ctx+8*3]
+
+	brz,pn	$inp,.Lno_key_fma
+	nop
+
+	stx	%fsr,[%sp+LOCALS]		! save original %fsr
+	ldx	[%o7+8*6],%fsr			! load new %fsr
+
+	std	$two0,[$ctx+8*4] 		! key "template"
+	std	$two32,[$ctx+8*5]
+	std	$two64,[$ctx+8*6]
+	std	$two96,[$ctx+8*7]
+
+	and	$inp,7,$shr
+	andn	$inp,7,$inp			! align pointer
+	mov	8,$i1
+	sll	$shr,3,$shr
+	mov	16,$i2
+	neg	$shr,$shl
+
+	ldxa	[$inp+%g0]0x88,$in0		! load little-endian key
+	ldxa	[$inp+$i1]0x88,$in2
+
+	brz	$shr,.Lkey_aligned_fma
+	sethi	%hi(0xf0000000),$i1		!   0xf0000000
+
+	ldxa	[$inp+$i2]0x88,$in4
+
+	srlx	$in0,$shr,$in0			! align data
+	sllx	$in2,$shl,$in1
+	srlx	$in2,$shr,$in2
+	or	$in1,$in0,$in0
+	sllx	$in4,$shl,$in3
+	or	$in3,$in2,$in2
+
+.Lkey_aligned_fma:
+	or	$i1,3,$i2			!   0xf0000003
+	srlx	$in0,32,$in1
+	andn	$in0,$i1,$in0			! &=0x0fffffff
+	andn	$in1,$i2,$in1			! &=0x0ffffffc
+	srlx	$in2,32,$in3
+	andn	$in2,$i2,$in2
+	andn	$in3,$i2,$in3
+
+	st	$in0,[$ctx+`8*4+4`]		! fill "template"
+	st	$in1,[$ctx+`8*5+4`]
+	st	$in2,[$ctx+`8*6+4`]
+	st	$in3,[$ctx+`8*7+4`]
+
+	ldd	[$ctx+8*4],$h0lo 		! load [biased] key
+	ldd	[$ctx+8*5],$h1lo
+	ldd	[$ctx+8*6],$h2lo
+	ldd	[$ctx+8*7],$h3lo
+
+	fsubd	$h0lo,$two0, $h0lo		! r0
+	 ldd	[%o7+8*7],$two0 		! more constants
+	fsubd	$h1lo,$two32,$h1lo		! r1
+	 ldd	[%o7+8*8],$two32
+	fsubd	$h2lo,$two64,$h2lo		! r2
+	 ldd	[%o7+8*9],$two64
+	fsubd	$h3lo,$two96,$h3lo		! r3
+	 ldd	[%o7+8*10],$two96
+
+	fmuld	$five_two130,$h1lo,$s1lo	! s1
+	fmuld	$five_two130,$h2lo,$s2lo	! s2
+	fmuld	$five_two130,$h3lo,$s3lo	! s3
+
+	faddd	$h0lo,$two0, $h0hi
+	faddd	$h1lo,$two32,$h1hi
+	faddd	$h2lo,$two64,$h2hi
+	faddd	$h3lo,$two96,$h3hi
+
+	fsubd	$h0hi,$two0, $h0hi
+	 ldd	[%o7+8*11],$two0		! more constants
+	fsubd	$h1hi,$two32,$h1hi
+	 ldd	[%o7+8*12],$two32
+	fsubd	$h2hi,$two64,$h2hi
+	 ldd	[%o7+8*13],$two64
+	fsubd	$h3hi,$two96,$h3hi
+
+	fsubd	$h0lo,$h0hi,$h0lo
+	 std	$h0hi,[$ctx+8*5] 		! r0hi
+	fsubd	$h1lo,$h1hi,$h1lo
+	 std	$h1hi,[$ctx+8*7] 		! r1hi
+	fsubd	$h2lo,$h2hi,$h2lo
+	 std	$h2hi,[$ctx+8*9] 		! r2hi
+	fsubd	$h3lo,$h3hi,$h3lo
+	 std	$h3hi,[$ctx+8*11]		! r3hi
+
+	faddd	$s1lo,$two0, $s1hi
+	faddd	$s2lo,$two32,$s2hi
+	faddd	$s3lo,$two64,$s3hi
+
+	fsubd	$s1hi,$two0, $s1hi
+	fsubd	$s2hi,$two32,$s2hi
+	fsubd	$s3hi,$two64,$s3hi
+
+	fsubd	$s1lo,$s1hi,$s1lo
+	fsubd	$s2lo,$s2hi,$s2lo
+	fsubd	$s3lo,$s3hi,$s3lo
+
+	ldx	[%sp+LOCALS],%fsr		! restore %fsr
+
+	std	$h0lo,[$ctx+8*4] 		! r0lo
+	std	$h1lo,[$ctx+8*6] 		! r1lo
+	std	$h2lo,[$ctx+8*8] 		! r2lo
+	std	$h3lo,[$ctx+8*10]		! r3lo
+
+	std	$s1hi,[$ctx+8*13]
+	std	$s2hi,[$ctx+8*15]
+	std	$s3hi,[$ctx+8*17]
+
+	std	$s1lo,[$ctx+8*12]
+	std	$s2lo,[$ctx+8*14]
+	std	$s3lo,[$ctx+8*16]
+
+	add	%o7,poly1305_blocks_fma-.Lconsts_fma,%o0
+	add	%o7,poly1305_emit_fma-.Lconsts_fma,%o1
+	STPTR	%o0,[%i2]
+	STPTR	%o1,[%i2+SIZE_T]
+
+	ret
+	restore	%g0,1,%o0			! return 1
+
+.Lno_key_fma:
+	ret
+	restore	%g0,%g0,%o0			! return 0
+.type	poly1305_init_fma,#function
+.size	poly1305_init_fma,.-poly1305_init_fma
+
+.align	32
+poly1305_blocks_fma:
+	save	%sp,-STACK_FRAME-48,%sp
+	srln	$len,4,$len
+
+	brz,pn	$len,.Labort
+	sub	$len,1,$len
+
+1:	call	.+8
+	add	%o7,.Lconsts_fma-1b,%o7
+
+	ldd	[%o7+8*0],$two0			! load constants
+	ldd	[%o7+8*1],$two32
+	ldd	[%o7+8*2],$two64
+	ldd	[%o7+8*3],$two96
+	ldd	[%o7+8*4],$two130
+	ldd	[%o7+8*5],$five_two130
+
+	ldd	[$ctx+8*0],$h0lo 		! load [biased] hash value
+	ldd	[$ctx+8*1],$h1lo
+	ldd	[$ctx+8*2],$h2lo
+	ldd	[$ctx+8*3],$h3lo
+
+	std	$two0,[%sp+LOCALS+8*0]		! input "template"
+	sethi	%hi((1023+52+96)<<20),$in3
+	std	$two32,[%sp+LOCALS+8*1]
+	or	$padbit,$in3,$in3
+	std	$two64,[%sp+LOCALS+8*2]
+	st	$in3,[%sp+LOCALS+8*3]
+
+	and	$inp,7,$shr
+	andn	$inp,7,$inp			! align pointer
+	mov	8,$i1
+	sll	$shr,3,$shr
+	mov	16,$step
+	neg	$shr,$shl
+
+	ldxa	[$inp+%g0]0x88,$in0		! load little-endian input
+	brz	$shr,.Linp_aligned_fma
+	ldxa	[$inp+$i1]0x88,$in2
+
+	ldxa	[$inp+$step]0x88,$in4
+	add	$inp,8,$inp
+
+	srlx	$in0,$shr,$in0			! align data
+	sllx	$in2,$shl,$in1
+	srlx	$in2,$shr,$in2
+	or	$in1,$in0,$in0
+	sllx	$in4,$shl,$in3
+	srlx	$in4,$shr,$in4			! pre-shift
+	or	$in3,$in2,$in2
+
+.Linp_aligned_fma:
+	srlx	$in0,32,$in1
+	movrz	$len,0,$step
+	srlx	$in2,32,$in3
+	add	$step,$inp,$inp			! conditional advance
+
+	st	$in0,[%sp+LOCALS+8*0+4]		! fill "template"
+	st	$in1,[%sp+LOCALS+8*1+4]
+	st	$in2,[%sp+LOCALS+8*2+4]
+	st	$in3,[%sp+LOCALS+8*3+4]
+
+	ldd	[$ctx+8*4],$r0lo 		! load key
+	ldd	[$ctx+8*5],$r0hi
+	ldd	[$ctx+8*6],$r1lo
+	ldd	[$ctx+8*7],$r1hi
+	ldd	[$ctx+8*8],$r2lo
+	ldd	[$ctx+8*9],$r2hi
+	ldd	[$ctx+8*10],$r3lo
+	ldd	[$ctx+8*11],$r3hi
+	ldd	[$ctx+8*12],$s1lo
+	ldd	[$ctx+8*13],$s1hi
+	ldd	[$ctx+8*14],$s2lo
+	ldd	[$ctx+8*15],$s2hi
+	ldd	[$ctx+8*16],$s3lo
+	ldd	[$ctx+8*17],$s3hi
+
+	stx	%fsr,[%sp+LOCALS+8*4]		! save original %fsr
+	ldx	[%o7+8*6],%fsr			! load new %fsr
+
+	subcc	$len,1,$len
+	movrz	$len,0,$step
+
+	ldd	[%sp+LOCALS+8*0],$x0		! load biased input
+	ldd	[%sp+LOCALS+8*1],$x1
+	ldd	[%sp+LOCALS+8*2],$x2
+	ldd	[%sp+LOCALS+8*3],$x3
+
+	fsubd	$h0lo,$two0, $h0lo		! de-bias hash value
+	fsubd	$h1lo,$two32,$h1lo
+	 ldxa	[$inp+%g0]0x88,$in0		! modulo-scheduled input load
+	fsubd	$h2lo,$two64,$h2lo
+	fsubd	$h3lo,$two96,$h3lo
+	 ldxa	[$inp+$i1]0x88,$in2
+
+	fsubd	$x0,$two0, $x0  		! de-bias input
+	fsubd	$x1,$two32,$x1
+	fsubd	$x2,$two64,$x2
+	fsubd	$x3,$two96,$x3
+
+	brz	$shr,.Linp_aligned_fma2
+	add	$step,$inp,$inp			! conditional advance
+
+	sllx	$in0,$shl,$in1			! align data
+	srlx	$in0,$shr,$in3
+	or	$in1,$in4,$in0
+	sllx	$in2,$shl,$in1
+	srlx	$in2,$shr,$in4			! pre-shift
+	or	$in3,$in1,$in2
+.Linp_aligned_fma2:
+	srlx	$in0,32,$in1
+	srlx	$in2,32,$in3
+
+	faddd	$h0lo,$x0,$x0			! accumulate input
+	 stw	$in0,[%sp+LOCALS+8*0+4]
+	faddd	$h1lo,$x1,$x1
+	 stw	$in1,[%sp+LOCALS+8*1+4]
+	faddd	$h2lo,$x2,$x2
+	 stw	$in2,[%sp+LOCALS+8*2+4]
+	faddd	$h3lo,$x3,$x3
+	 stw	$in3,[%sp+LOCALS+8*3+4]
+
+	b	.Lentry_fma
+	nop
+
+.align	16
+.Loop_fma:
+	ldxa	[$inp+%g0]0x88,$in0		! modulo-scheduled input load
+	ldxa	[$inp+$i1]0x88,$in2
+	movrz	$len,0,$step
+
+	faddd	$y0,$h0lo,$h0lo 		! accumulate input
+	faddd	$y1,$h0hi,$h0hi
+	faddd	$y2,$h2lo,$h2lo
+	faddd	$y3,$h2hi,$h2hi
+
+	brz,pn	$shr,.Linp_aligned_fma3
+	add	$step,$inp,$inp			! conditional advance
+
+	sllx	$in0,$shl,$in1			! align data
+	srlx	$in0,$shr,$in3
+	or	$in1,$in4,$in0
+	sllx	$in2,$shl,$in1
+	srlx	$in2,$shr,$in4			! pre-shift
+	or	$in3,$in1,$in2
+
+.Linp_aligned_fma3:
+	!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! base 2^48 -> base 2^32
+	faddd	$two64,$h1lo,$c1lo
+	 srlx	$in0,32,$in1
+	faddd	$two64,$h1hi,$c1hi
+	 srlx	$in2,32,$in3
+	faddd	$two130,$h3lo,$c3lo
+	 st	$in0,[%sp+LOCALS+8*0+4]		! fill "template"
+	faddd	$two130,$h3hi,$c3hi
+	 st	$in1,[%sp+LOCALS+8*1+4]
+	faddd	$two32,$h0lo,$c0lo
+	 st	$in2,[%sp+LOCALS+8*2+4]
+	faddd	$two32,$h0hi,$c0hi
+	 st	$in3,[%sp+LOCALS+8*3+4]
+	faddd	$two96,$h2lo,$c2lo
+	faddd	$two96,$h2hi,$c2hi
+
+	fsubd	$c1lo,$two64,$c1lo
+	fsubd	$c1hi,$two64,$c1hi
+	fsubd	$c3lo,$two130,$c3lo
+	fsubd	$c3hi,$two130,$c3hi
+	fsubd	$c0lo,$two32,$c0lo
+	fsubd	$c0hi,$two32,$c0hi
+	fsubd	$c2lo,$two96,$c2lo
+	fsubd	$c2hi,$two96,$c2hi
+
+	fsubd	$h1lo,$c1lo,$h1lo
+	fsubd	$h1hi,$c1hi,$h1hi
+	fsubd	$h3lo,$c3lo,$h3lo
+	fsubd	$h3hi,$c3hi,$h3hi
+	fsubd	$h2lo,$c2lo,$h2lo
+	fsubd	$h2hi,$c2hi,$h2hi
+	fsubd	$h0lo,$c0lo,$h0lo
+	fsubd	$h0hi,$c0hi,$h0hi
+
+	faddd	$h1lo,$c0lo,$h1lo
+	faddd	$h1hi,$c0hi,$h1hi
+	faddd	$h3lo,$c2lo,$h3lo
+	faddd	$h3hi,$c2hi,$h3hi
+	faddd	$h2lo,$c1lo,$h2lo
+	faddd	$h2hi,$c1hi,$h2hi
+	fmaddd	$five_two130,$c3lo,$h0lo,$h0lo
+	fmaddd	$five_two130,$c3hi,$h0hi,$h0hi
+
+	faddd	$h1lo,$h1hi,$x1
+	 ldd	[$ctx+8*12],$s1lo		! reload constants
+	faddd	$h3lo,$h3hi,$x3
+	 ldd	[$ctx+8*13],$s1hi
+	faddd	$h2lo,$h2hi,$x2
+	 ldd	[$ctx+8*10],$r3lo
+	faddd	$h0lo,$h0hi,$x0
+	 ldd	[$ctx+8*11],$r3hi
+
+.Lentry_fma:
+	fmuld	$x1,$s3lo,$h0lo
+	fmuld	$x1,$s3hi,$h0hi
+	fmuld	$x1,$r1lo,$h2lo
+	fmuld	$x1,$r1hi,$h2hi
+	fmuld	$x1,$r0lo,$h1lo
+	fmuld	$x1,$r0hi,$h1hi
+	fmuld	$x1,$r2lo,$h3lo
+	fmuld	$x1,$r2hi,$h3hi
+
+	fmaddd	$x3,$s1lo,$h0lo,$h0lo
+	fmaddd	$x3,$s1hi,$h0hi,$h0hi
+	fmaddd	$x3,$s3lo,$h2lo,$h2lo
+	fmaddd	$x3,$s3hi,$h2hi,$h2hi
+	fmaddd	$x3,$s2lo,$h1lo,$h1lo
+	fmaddd	$x3,$s2hi,$h1hi,$h1hi
+	fmaddd	$x3,$r0lo,$h3lo,$h3lo
+	fmaddd	$x3,$r0hi,$h3hi,$h3hi
+
+	fmaddd	$x2,$s2lo,$h0lo,$h0lo
+	fmaddd	$x2,$s2hi,$h0hi,$h0hi
+	fmaddd	$x2,$r0lo,$h2lo,$h2lo
+	fmaddd	$x2,$r0hi,$h2hi,$h2hi
+	fmaddd	$x2,$s3lo,$h1lo,$h1lo
+	 ldd	[%sp+LOCALS+8*0],$y0		! load [biased] input
+	fmaddd	$x2,$s3hi,$h1hi,$h1hi
+	 ldd	[%sp+LOCALS+8*1],$y1
+	fmaddd	$x2,$r1lo,$h3lo,$h3lo
+	 ldd	[%sp+LOCALS+8*2],$y2
+	fmaddd	$x2,$r1hi,$h3hi,$h3hi
+	 ldd	[%sp+LOCALS+8*3],$y3
+
+	fmaddd	$x0,$r0lo,$h0lo,$h0lo
+	 fsubd	$y0,$two0, $y0  		! de-bias input
+	fmaddd	$x0,$r0hi,$h0hi,$h0hi
+	 fsubd	$y1,$two32,$y1
+	fmaddd	$x0,$r2lo,$h2lo,$h2lo
+	 fsubd	$y2,$two64,$y2
+	fmaddd	$x0,$r2hi,$h2hi,$h2hi
+	 fsubd	$y3,$two96,$y3
+	fmaddd	$x0,$r1lo,$h1lo,$h1lo
+	fmaddd	$x0,$r1hi,$h1hi,$h1hi
+	fmaddd	$x0,$r3lo,$h3lo,$h3lo
+	fmaddd	$x0,$r3hi,$h3hi,$h3hi
+
+	bcc	SIZE_T_CC,.Loop_fma
+	subcc	$len,1,$len
+
+	!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! base 2^48 -> base 2^32
+	faddd	$h0lo,$two32,$c0lo
+	faddd	$h0hi,$two32,$c0hi
+	faddd	$h2lo,$two96,$c2lo
+	faddd	$h2hi,$two96,$c2hi
+	faddd	$h1lo,$two64,$c1lo
+	faddd	$h1hi,$two64,$c1hi
+	faddd	$h3lo,$two130,$c3lo
+	faddd	$h3hi,$two130,$c3hi
+
+	fsubd	$c0lo,$two32,$c0lo
+	fsubd	$c0hi,$two32,$c0hi
+	fsubd	$c2lo,$two96,$c2lo
+	fsubd	$c2hi,$two96,$c2hi
+	fsubd	$c1lo,$two64,$c1lo
+	fsubd	$c1hi,$two64,$c1hi
+	fsubd	$c3lo,$two130,$c3lo
+	fsubd	$c3hi,$two130,$c3hi
+
+	fsubd	$h1lo,$c1lo,$h1lo
+	fsubd	$h1hi,$c1hi,$h1hi
+	fsubd	$h3lo,$c3lo,$h3lo
+	fsubd	$h3hi,$c3hi,$h3hi
+	fsubd	$h2lo,$c2lo,$h2lo
+	fsubd	$h2hi,$c2hi,$h2hi
+	fsubd	$h0lo,$c0lo,$h0lo
+	fsubd	$h0hi,$c0hi,$h0hi
+
+	faddd	$h1lo,$c0lo,$h1lo
+	faddd	$h1hi,$c0hi,$h1hi
+	faddd	$h3lo,$c2lo,$h3lo
+	faddd	$h3hi,$c2hi,$h3hi
+	faddd	$h2lo,$c1lo,$h2lo
+	faddd	$h2hi,$c1hi,$h2hi
+	fmaddd	$five_two130,$c3lo,$h0lo,$h0lo
+	fmaddd	$five_two130,$c3hi,$h0hi,$h0hi
+
+	faddd	$h1lo,$h1hi,$x1
+	faddd	$h3lo,$h3hi,$x3
+	faddd	$h2lo,$h2hi,$x2
+	faddd	$h0lo,$h0hi,$x0
+
+	faddd	$x1,$two32,$x1  		! bias
+	faddd	$x3,$two96,$x3
+	faddd	$x2,$two64,$x2
+	faddd	$x0,$two0, $x0
+
+	ldx	[%sp+LOCALS+8*4],%fsr		! restore saved %fsr
+
+	std	$x1,[$ctx+8*1]			! store [biased] hash value
+	std	$x3,[$ctx+8*3]
+	std	$x2,[$ctx+8*2]
+	std	$x0,[$ctx+8*0]
+
+.Labort:
+	ret
+	restore
+.type	poly1305_blocks_fma,#function
+.size	poly1305_blocks_fma,.-poly1305_blocks_fma
+___
+{
+my ($mac,$nonce)=($inp,$len);
+
+my ($h0,$h1,$h2,$h3,$h4, $d0,$d1,$d2,$d3, $mask
+   ) = (map("%l$_",(0..5)),map("%o$_",(0..4)));
+
+$code.=<<___;
+.align	32
+poly1305_emit_fma:
+	save	%sp,-STACK_FRAME,%sp
+
+	ld	[$ctx+8*0+0],$d0		! load hash
+	ld	[$ctx+8*0+4],$h0
+	ld	[$ctx+8*1+0],$d1
+	ld	[$ctx+8*1+4],$h1
+	ld	[$ctx+8*2+0],$d2
+	ld	[$ctx+8*2+4],$h2
+	ld	[$ctx+8*3+0],$d3
+	ld	[$ctx+8*3+4],$h3
+
+	sethi	%hi(0xfff00000),$mask
+	andn	$d0,$mask,$d0			! mask exponent
+	andn	$d1,$mask,$d1
+	andn	$d2,$mask,$d2
+	andn	$d3,$mask,$d3			! can be partially reduced...
+	mov	3,$mask
+
+	srl	$d3,2,$padbit			! ... so reduce
+	and	$d3,$mask,$h4
+	andn	$d3,$mask,$d3
+	add	$padbit,$d3,$d3
+
+	addcc	$d3,$h0,$h0
+	addccc	$d0,$h1,$h1
+	addccc	$d1,$h2,$h2
+	addccc	$d2,$h3,$h3
+	addc	%g0,$h4,$h4
+
+	addcc	$h0,5,$d0			! compare to modulus
+	addccc	$h1,0,$d1
+	addccc	$h2,0,$d2
+	addccc	$h3,0,$d3
+	addc	$h4,0,$mask
+
+	srl	$mask,2,$mask			! did it carry/borrow?
+	neg	$mask,$mask
+	sra	$mask,31,$mask			! mask
+
+	andn	$h0,$mask,$h0
+	and	$d0,$mask,$d0
+	andn	$h1,$mask,$h1
+	and	$d1,$mask,$d1
+	or	$d0,$h0,$h0
+	ld	[$nonce+0],$d0			! load nonce
+	andn	$h2,$mask,$h2
+	and	$d2,$mask,$d2
+	or	$d1,$h1,$h1
+	ld	[$nonce+4],$d1
+	andn	$h3,$mask,$h3
+	and	$d3,$mask,$d3
+	or	$d2,$h2,$h2
+	ld	[$nonce+8],$d2
+	or	$d3,$h3,$h3
+	ld	[$nonce+12],$d3
+
+	addcc	$d0,$h0,$h0			! accumulate nonce
+	addccc	$d1,$h1,$h1
+	addccc	$d2,$h2,$h2
+	addc	$d3,$h3,$h3
+
+	stb	$h0,[$mac+0]			! write little-endian result
+	srl	$h0,8,$h0
+	stb	$h1,[$mac+4]
+	srl	$h1,8,$h1
+	stb	$h2,[$mac+8]
+	srl	$h2,8,$h2
+	stb	$h3,[$mac+12]
+	srl	$h3,8,$h3
+
+	stb	$h0,[$mac+1]
+	srl	$h0,8,$h0
+	stb	$h1,[$mac+5]
+	srl	$h1,8,$h1
+	stb	$h2,[$mac+9]
+	srl	$h2,8,$h2
+	stb	$h3,[$mac+13]
+	srl	$h3,8,$h3
+
+	stb	$h0,[$mac+2]
+	srl	$h0,8,$h0
+	stb	$h1,[$mac+6]
+	srl	$h1,8,$h1
+	stb	$h2,[$mac+10]
+	srl	$h2,8,$h2
+	stb	$h3,[$mac+14]
+	srl	$h3,8,$h3
+
+	stb	$h0,[$mac+3]
+	stb	$h1,[$mac+7]
+	stb	$h2,[$mac+11]
+	stb	$h3,[$mac+15]
+
+	ret
+	restore
+.type	poly1305_emit_fma,#function
+.size	poly1305_emit_fma,.-poly1305_emit_fma
+___
+}
+
+$code.=<<___;
+.align	64
+.Lconsts_fma:
+.word	0x43300000,0x00000000		! 2^(52+0)
+.word	0x45300000,0x00000000		! 2^(52+32)
+.word	0x47300000,0x00000000		! 2^(52+64)
+.word	0x49300000,0x00000000		! 2^(52+96)
+.word	0x4b500000,0x00000000		! 2^(52+130)
+
+.word	0x37f40000,0x00000000		! 5/2^130
+.word	0,1<<30				! fsr: truncate, no exceptions
+
+.word	0x44300000,0x00000000		! 2^(52+16+0)
+.word	0x46300000,0x00000000		! 2^(52+16+32)
+.word	0x48300000,0x00000000		! 2^(52+16+64)
+.word	0x4a300000,0x00000000		! 2^(52+16+96)
+.word	0x3e300000,0x00000000		! 2^(52+16+0-96)
+.word	0x40300000,0x00000000		! 2^(52+16+32-96)
+.word	0x42300000,0x00000000		! 2^(52+16+64-96)
+.asciz	"Poly1305 for SPARCv9/VIS3/FMA, CRYPTOGAMS by <appro\@openssl.org>"
+.align	4
+___
+}
+
+# Purpose of these subroutines is to explicitly encode VIS instructions,
+# so that one can compile the module without having to specify VIS
+# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
+# Idea is to reserve for option to produce "universal" binary and let
+# programmer detect if current CPU is VIS capable at run-time.
+sub unvis3 {
+my ($mnemonic,$rs1,$rs2,$rd)=@_;
+my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24 );
+my ($ref,$opf);
+my %visopf = (	"addxc"		=> 0x011,
+		"addxccc"	=> 0x013,
+		"umulxhi"	=> 0x016	);
+
+    $ref = "$mnemonic\t$rs1,$rs2,$rd";
+
+    if ($opf=$visopf{$mnemonic}) {
+	foreach ($rs1,$rs2,$rd) {
+	    return $ref if (!/%([goli])([0-9])/);
+	    $_=$bias{$1}+$2;
+	}
+
+	return	sprintf ".word\t0x%08x !%s",
+			0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2,
+			$ref;
+    } else {
+	return $ref;
+    }
+}
+
+sub unfma {
+my ($mnemonic,$rs1,$rs2,$rs3,$rd)=@_;
+my ($ref,$opf);
+my %fmaopf = (	"fmadds"	=> 0x1,
+		"fmaddd"	=> 0x2,
+		"fmsubs"	=> 0x5,
+		"fmsubd"	=> 0x6		);
+
+    $ref = "$mnemonic\t$rs1,$rs2,$rs3,$rd";
+
+    if ($opf=$fmaopf{$mnemonic}) {
+	foreach ($rs1,$rs2,$rs3,$rd) {
+	    return $ref if (!/%f([0-9]{1,2})/);
+	    $_=$1;
+	    if ($1>=32) {
+		return $ref if ($1&1);
+		# re-encode for upper double register addressing
+		$_=($1|$1>>5)&31;
+	    }
+	}
+
+	return	sprintf ".word\t0x%08x !%s",
+			0x81b80000|$rd<<25|$rs1<<14|$rs3<<9|$opf<<5|$rs2,
+			$ref;
+    } else {
+	return $ref;
+    }
+}
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/ge;
+
+	s/\b(umulxhi|addxc[c]{0,2})\s+(%[goli][0-7]),\s*(%[goli][0-7]),\s*(%[goli][0-7])/
+		&unvis3($1,$2,$3,$4)
+	 /ge	or
+	s/\b(fmadd[sd])\s+(%f[0-9]+),\s*(%f[0-9]+),\s*(%f[0-9]+),\s*(%f[0-9]+)/
+		&unfma($1,$2,$3,$4,$5)
+	 /ge;
+
+	print $_,"\n";
+}
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-x86.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-x86.pl
new file mode 100755
index 000000000..1e09ddcc1
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-x86.pl
@@ -0,0 +1,1815 @@
+#! /usr/bin/env perl
+# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# This module implements Poly1305 hash for x86.
+#
+# April 2015
+#
+# Numbers are cycles per processed byte with poly1305_blocks alone,
+# measured with rdtsc at fixed clock frequency.
+#
+#		IALU/gcc-3.4(*)	SSE2(**)	AVX2
+# Pentium	15.7/+80%	-
+# PIII		6.21/+90%	-
+# P4		19.8/+40%	3.24
+# Core 2	4.85/+90%	1.80
+# Westmere	4.58/+100%	1.43
+# Sandy Bridge	3.90/+100%	1.36
+# Haswell	3.88/+70%	1.18		0.72
+# Skylake	3.10/+60%	1.14		0.62
+# Silvermont	11.0/+40%	4.80
+# Goldmont	4.10/+200%	2.10
+# VIA Nano	6.71/+90%	2.47
+# Sledgehammer	3.51/+180%	4.27
+# Bulldozer	4.53/+140%	1.31
+#
+# (*)	gcc 4.8 for some reason generated worse code;
+# (**)	besides SSE2 there are floating-point and AVX options; FP
+#	is deemed unnecessary, because pre-SSE2 processor are too
+#	old to care about, while it's not the fastest option on
+#	SSE2-capable ones; AVX is omitted, because it doesn't give
+#	a lot of improvement, 5-10% depending on processor;
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+
+$output=pop;
+open STDOUT,">$output";
+
+&asm_init($ARGV[0],$ARGV[$#ARGV] eq "386");
+
+$sse2=$avx=0;
+for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
+
+if ($sse2) {
+	&static_label("const_sse2");
+	&static_label("enter_blocks");
+	&static_label("enter_emit");
+	&external_label("OPENSSL_ia32cap_P");
+
+	if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+			=~ /GNU assembler version ([2-9]\.[0-9]+)/) {
+		$avx = ($1>=2.19) + ($1>=2.22);
+	}
+
+	if (!$avx && $ARGV[0] eq "win32n" &&
+	   `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.09) + ($1>=2.10);
+	}
+
+	if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) {
+		$avx = ($2>=3.0) + ($2>3.0);
+	}
+}
+
+########################################################################
+# Layout of opaque area is following.
+#
+#	unsigned __int32 h[5];		# current hash value base 2^32
+#	unsigned __int32 pad;		# is_base2_26 in vector context
+#	unsigned __int32 r[4];		# key value base 2^32
+
+&align(64);
+&function_begin("poly1305_init");
+	&mov	("edi",&wparam(0));		# context
+	&mov	("esi",&wparam(1));		# key
+	&mov	("ebp",&wparam(2));		# function table
+
+	&xor	("eax","eax");
+	&mov	(&DWP(4*0,"edi"),"eax");	# zero hash value
+	&mov	(&DWP(4*1,"edi"),"eax");
+	&mov	(&DWP(4*2,"edi"),"eax");
+	&mov	(&DWP(4*3,"edi"),"eax");
+	&mov	(&DWP(4*4,"edi"),"eax");
+	&mov	(&DWP(4*5,"edi"),"eax");	# is_base2_26
+
+	&cmp	("esi",0);
+	&je	(&label("nokey"));
+
+    if ($sse2) {
+	&call	(&label("pic_point"));
+    &set_label("pic_point");
+	&blindpop("ebx");
+
+	&lea	("eax",&DWP("poly1305_blocks-".&label("pic_point"),"ebx"));
+	&lea	("edx",&DWP("poly1305_emit-".&label("pic_point"),"ebx"));
+
+	&picmeup("edi","OPENSSL_ia32cap_P","ebx",&label("pic_point"));
+	&mov	("ecx",&DWP(0,"edi"));
+	&and	("ecx",1<<26|1<<24);
+	&cmp	("ecx",1<<26|1<<24);		# SSE2 and XMM?
+	&jne	(&label("no_sse2"));
+
+	&lea	("eax",&DWP("_poly1305_blocks_sse2-".&label("pic_point"),"ebx"));
+	&lea	("edx",&DWP("_poly1305_emit_sse2-".&label("pic_point"),"ebx"));
+
+      if ($avx>1) {
+	&mov	("ecx",&DWP(8,"edi"));
+	&test	("ecx",1<<5);			# AVX2?
+	&jz	(&label("no_sse2"));
+
+	&lea	("eax",&DWP("_poly1305_blocks_avx2-".&label("pic_point"),"ebx"));
+      }
+    &set_label("no_sse2");
+	&mov	("edi",&wparam(0));		# reload context
+	&mov	(&DWP(0,"ebp"),"eax");		# fill function table
+	&mov	(&DWP(4,"ebp"),"edx");
+    }
+
+	&mov	("eax",&DWP(4*0,"esi"));	# load input key
+	&mov	("ebx",&DWP(4*1,"esi"));
+	&mov	("ecx",&DWP(4*2,"esi"));
+	&mov	("edx",&DWP(4*3,"esi"));
+	&and	("eax",0x0fffffff);
+	&and	("ebx",0x0ffffffc);
+	&and	("ecx",0x0ffffffc);
+	&and	("edx",0x0ffffffc);
+	&mov	(&DWP(4*6,"edi"),"eax");
+	&mov	(&DWP(4*7,"edi"),"ebx");
+	&mov	(&DWP(4*8,"edi"),"ecx");
+	&mov	(&DWP(4*9,"edi"),"edx");
+
+	&mov	("eax",$sse2);
+&set_label("nokey");
+&function_end("poly1305_init");
+
+($h0,$h1,$h2,$h3,$h4,
+ $d0,$d1,$d2,$d3,
+ $r0,$r1,$r2,$r3,
+     $s1,$s2,$s3)=map(4*$_,(0..15));
+
+&function_begin("poly1305_blocks");
+	&mov	("edi",&wparam(0));		# ctx
+	&mov	("esi",&wparam(1));		# inp
+	&mov	("ecx",&wparam(2));		# len
+&set_label("enter_blocks");
+	&and	("ecx",-15);
+	&jz	(&label("nodata"));
+
+	&stack_push(16);
+	&mov	("eax",&DWP(4*6,"edi"));	# r0
+	&mov	("ebx",&DWP(4*7,"edi"));	# r1
+	 &lea	("ebp",&DWP(0,"esi","ecx"));	# end of input
+	&mov	("ecx",&DWP(4*8,"edi"));	# r2
+	&mov	("edx",&DWP(4*9,"edi"));	# r3
+
+	&mov	(&wparam(2),"ebp");
+	&mov	("ebp","esi");
+
+	&mov	(&DWP($r0,"esp"),"eax");	# r0
+	&mov	("eax","ebx");
+	&shr	("eax",2);
+	&mov	(&DWP($r1,"esp"),"ebx");	# r1
+	&add	("eax","ebx");			# s1
+	&mov	("ebx","ecx");
+	&shr	("ebx",2);
+	&mov	(&DWP($r2,"esp"),"ecx");	# r2
+	&add	("ebx","ecx");			# s2
+	&mov	("ecx","edx");
+	&shr	("ecx",2);
+	&mov	(&DWP($r3,"esp"),"edx");	# r3
+	&add	("ecx","edx");			# s3
+	&mov	(&DWP($s1,"esp"),"eax");	# s1
+	&mov	(&DWP($s2,"esp"),"ebx");	# s2
+	&mov	(&DWP($s3,"esp"),"ecx");	# s3
+
+	&mov	("eax",&DWP(4*0,"edi"));	# load hash value
+	&mov	("ebx",&DWP(4*1,"edi"));
+	&mov	("ecx",&DWP(4*2,"edi"));
+	&mov	("esi",&DWP(4*3,"edi"));
+	&mov	("edi",&DWP(4*4,"edi"));
+	&jmp	(&label("loop"));
+
+&set_label("loop",32);
+	&add	("eax",&DWP(4*0,"ebp"));	# accumulate input
+	&adc	("ebx",&DWP(4*1,"ebp"));
+	&adc	("ecx",&DWP(4*2,"ebp"));
+	&adc	("esi",&DWP(4*3,"ebp"));
+	&lea	("ebp",&DWP(4*4,"ebp"));
+	&adc	("edi",&wparam(3));		# padbit
+
+	&mov	(&DWP($h0,"esp"),"eax");	# put aside hash[+inp]
+	&mov	(&DWP($h3,"esp"),"esi");
+
+	&mul	(&DWP($r0,"esp"));		# h0*r0
+	 &mov	(&DWP($h4,"esp"),"edi");
+	&mov	("edi","eax");
+	&mov	("eax","ebx");			# h1
+	&mov	("esi","edx");
+	&mul	(&DWP($s3,"esp"));		# h1*s3
+	&add	("edi","eax");
+	&mov	("eax","ecx");			# h2
+	&adc	("esi","edx");
+	&mul	(&DWP($s2,"esp"));		# h2*s2
+	&add	("edi","eax");
+	&mov	("eax",&DWP($h3,"esp"));
+	&adc	("esi","edx");
+	&mul	(&DWP($s1,"esp"));		# h3*s1
+	&add	("edi","eax");
+	 &mov	("eax",&DWP($h0,"esp"));
+	&adc	("esi","edx");
+
+	&mul	(&DWP($r1,"esp"));		# h0*r1
+	 &mov	(&DWP($d0,"esp"),"edi");
+	&xor	("edi","edi");
+	&add	("esi","eax");
+	&mov	("eax","ebx");			# h1
+	&adc	("edi","edx");
+	&mul	(&DWP($r0,"esp"));		# h1*r0
+	&add	("esi","eax");
+	&mov	("eax","ecx");			# h2
+	&adc	("edi","edx");
+	&mul	(&DWP($s3,"esp"));		# h2*s3
+	&add	("esi","eax");
+	&mov	("eax",&DWP($h3,"esp"));
+	&adc	("edi","edx");
+	&mul	(&DWP($s2,"esp"));		# h3*s2
+	&add	("esi","eax");
+	&mov	("eax",&DWP($h4,"esp"));
+	&adc	("edi","edx");
+	&imul	("eax",&DWP($s1,"esp"));	# h4*s1
+	&add	("esi","eax");
+	 &mov	("eax",&DWP($h0,"esp"));
+	&adc	("edi",0);
+
+	&mul	(&DWP($r2,"esp"));		# h0*r2
+	 &mov	(&DWP($d1,"esp"),"esi");
+	&xor	("esi","esi");
+	&add	("edi","eax");
+	&mov	("eax","ebx");			# h1
+	&adc	("esi","edx");
+	&mul	(&DWP($r1,"esp"));		# h1*r1
+	&add	("edi","eax");
+	&mov	("eax","ecx");			# h2
+	&adc	("esi","edx");
+	&mul	(&DWP($r0,"esp"));		# h2*r0
+	&add	("edi","eax");
+	&mov	("eax",&DWP($h3,"esp"));
+	&adc	("esi","edx");
+	&mul	(&DWP($s3,"esp"));		# h3*s3
+	&add	("edi","eax");
+	&mov	("eax",&DWP($h4,"esp"));
+	&adc	("esi","edx");
+	&imul	("eax",&DWP($s2,"esp"));	# h4*s2
+	&add	("edi","eax");
+	 &mov	("eax",&DWP($h0,"esp"));
+	&adc	("esi",0);
+
+	&mul	(&DWP($r3,"esp"));		# h0*r3
+	 &mov	(&DWP($d2,"esp"),"edi");
+	&xor	("edi","edi");
+	&add	("esi","eax");
+	&mov	("eax","ebx");			# h1
+	&adc	("edi","edx");
+	&mul	(&DWP($r2,"esp"));		# h1*r2
+	&add	("esi","eax");
+	&mov	("eax","ecx");			# h2
+	&adc	("edi","edx");
+	&mul	(&DWP($r1,"esp"));		# h2*r1
+	&add	("esi","eax");
+	&mov	("eax",&DWP($h3,"esp"));
+	&adc	("edi","edx");
+	&mul	(&DWP($r0,"esp"));		# h3*r0
+	&add	("esi","eax");
+	 &mov	("ecx",&DWP($h4,"esp"));
+	&adc	("edi","edx");
+
+	&mov	("edx","ecx");
+	&imul	("ecx",&DWP($s3,"esp"));	# h4*s3
+	&add	("esi","ecx");
+	 &mov	("eax",&DWP($d0,"esp"));
+	&adc	("edi",0);
+
+	&imul	("edx",&DWP($r0,"esp"));	# h4*r0
+	&add	("edx","edi");
+
+	&mov	("ebx",&DWP($d1,"esp"));
+	&mov	("ecx",&DWP($d2,"esp"));
+
+	&mov	("edi","edx");			# last reduction step
+	&shr	("edx",2);
+	&and	("edi",3);
+	&lea	("edx",&DWP(0,"edx","edx",4));	# *5
+	&add	("eax","edx");
+	&adc	("ebx",0);
+	&adc	("ecx",0);
+	&adc	("esi",0);
+	&adc	("edi",0);
+
+	&cmp	("ebp",&wparam(2));		# done yet?
+	&jne	(&label("loop"));
+
+	&mov	("edx",&wparam(0));		# ctx
+	&stack_pop(16);
+	&mov	(&DWP(4*0,"edx"),"eax");	# store hash value
+	&mov	(&DWP(4*1,"edx"),"ebx");
+	&mov	(&DWP(4*2,"edx"),"ecx");
+	&mov	(&DWP(4*3,"edx"),"esi");
+	&mov	(&DWP(4*4,"edx"),"edi");
+&set_label("nodata");
+&function_end("poly1305_blocks");
+
+&function_begin("poly1305_emit");
+	&mov	("ebp",&wparam(0));		# context
+&set_label("enter_emit");
+	&mov	("edi",&wparam(1));		# output
+	&mov	("eax",&DWP(4*0,"ebp"));	# load hash value
+	&mov	("ebx",&DWP(4*1,"ebp"));
+	&mov	("ecx",&DWP(4*2,"ebp"));
+	&mov	("edx",&DWP(4*3,"ebp"));
+	&mov	("esi",&DWP(4*4,"ebp"));
+
+	&add	("eax",5);			# compare to modulus
+	&adc	("ebx",0);
+	&adc	("ecx",0);
+	&adc	("edx",0);
+	&adc	("esi",0);
+	&shr	("esi",2);			# did it carry/borrow?
+	&neg	("esi");			# do we choose hash-modulus?
+
+	&and	("eax","esi");
+	&and	("ebx","esi");
+	&and	("ecx","esi");
+	&and	("edx","esi");
+	&mov	(&DWP(4*0,"edi"),"eax");
+	&mov	(&DWP(4*1,"edi"),"ebx");
+	&mov	(&DWP(4*2,"edi"),"ecx");
+	&mov	(&DWP(4*3,"edi"),"edx");
+
+	&not	("esi");			# or original hash value?
+	&mov	("eax",&DWP(4*0,"ebp"));
+	&mov	("ebx",&DWP(4*1,"ebp"));
+	&mov	("ecx",&DWP(4*2,"ebp"));
+	&mov	("edx",&DWP(4*3,"ebp"));
+	&mov	("ebp",&wparam(2));
+	&and	("eax","esi");
+	&and	("ebx","esi");
+	&and	("ecx","esi");
+	&and	("edx","esi");
+	&or	("eax",&DWP(4*0,"edi"));
+	&or	("ebx",&DWP(4*1,"edi"));
+	&or	("ecx",&DWP(4*2,"edi"));
+	&or	("edx",&DWP(4*3,"edi"));
+
+	&add	("eax",&DWP(4*0,"ebp"));	# accumulate key
+	&adc	("ebx",&DWP(4*1,"ebp"));
+	&adc	("ecx",&DWP(4*2,"ebp"));
+	&adc	("edx",&DWP(4*3,"ebp"));
+
+	&mov	(&DWP(4*0,"edi"),"eax");
+	&mov	(&DWP(4*1,"edi"),"ebx");
+	&mov	(&DWP(4*2,"edi"),"ecx");
+	&mov	(&DWP(4*3,"edi"),"edx");
+&function_end("poly1305_emit");
+
+if ($sse2) {
+########################################################################
+# Layout of opaque area is following.
+#
+#	unsigned __int32 h[5];		# current hash value base 2^26
+#	unsigned __int32 is_base2_26;
+#	unsigned __int32 r[4];		# key value base 2^32
+#	unsigned __int32 pad[2];
+#	struct { unsigned __int32 r^4, r^3, r^2, r^1; } r[9];
+#
+# where r^n are base 2^26 digits of degrees of multiplier key. There are
+# 5 digits, but last four are interleaved with multiples of 5, totalling
+# in 9 elements: r0, r1, 5*r1, r2, 5*r2, r3, 5*r3, r4, 5*r4.
+
+my ($D0,$D1,$D2,$D3,$D4,$T0,$T1,$T2)=map("xmm$_",(0..7));
+my $MASK=$T2;	# borrow and keep in mind
+
+&align	(32);
+&function_begin_B("_poly1305_init_sse2");
+	&movdqu		($D4,&QWP(4*6,"edi"));		# key base 2^32
+	&lea		("edi",&DWP(16*3,"edi"));	# size optimization
+	&mov		("ebp","esp");
+	&sub		("esp",16*(9+5));
+	&and		("esp",-16);
+
+	#&pand		($D4,&QWP(96,"ebx"));		# magic mask
+	&movq		($MASK,&QWP(64,"ebx"));
+
+	&movdqa		($D0,$D4);
+	&movdqa		($D1,$D4);
+	&movdqa		($D2,$D4);
+
+	&pand		($D0,$MASK);			# -> base 2^26
+	&psrlq		($D1,26);
+	&psrldq		($D2,6);
+	&pand		($D1,$MASK);
+	&movdqa		($D3,$D2);
+	&psrlq		($D2,4)
+	&psrlq		($D3,30);
+	&pand		($D2,$MASK);
+	&pand		($D3,$MASK);
+	&psrldq		($D4,13);
+
+	&lea		("edx",&DWP(16*9,"esp"));	# size optimization
+	&mov		("ecx",2);
+&set_label("square");
+	&movdqa		(&QWP(16*0,"esp"),$D0);
+	&movdqa		(&QWP(16*1,"esp"),$D1);
+	&movdqa		(&QWP(16*2,"esp"),$D2);
+	&movdqa		(&QWP(16*3,"esp"),$D3);
+	&movdqa		(&QWP(16*4,"esp"),$D4);
+
+	&movdqa		($T1,$D1);
+	&movdqa		($T0,$D2);
+	&pslld		($T1,2);
+	&pslld		($T0,2);
+	&paddd		($T1,$D1);			# *5
+	&paddd		($T0,$D2);			# *5
+	&movdqa		(&QWP(16*5,"esp"),$T1);
+	&movdqa		(&QWP(16*6,"esp"),$T0);
+	&movdqa		($T1,$D3);
+	&movdqa		($T0,$D4);
+	&pslld		($T1,2);
+	&pslld		($T0,2);
+	&paddd		($T1,$D3);			# *5
+	&paddd		($T0,$D4);			# *5
+	&movdqa		(&QWP(16*7,"esp"),$T1);
+	&movdqa		(&QWP(16*8,"esp"),$T0);
+
+	&pshufd		($T1,$D0,0b01000100);
+	&movdqa		($T0,$D1);
+	&pshufd		($D1,$D1,0b01000100);
+	&pshufd		($D2,$D2,0b01000100);
+	&pshufd		($D3,$D3,0b01000100);
+	&pshufd		($D4,$D4,0b01000100);
+	&movdqa		(&QWP(16*0,"edx"),$T1);
+	&movdqa		(&QWP(16*1,"edx"),$D1);
+	&movdqa		(&QWP(16*2,"edx"),$D2);
+	&movdqa		(&QWP(16*3,"edx"),$D3);
+	&movdqa		(&QWP(16*4,"edx"),$D4);
+
+	################################################################
+	# d4 = h4*r0 + h3*r1   + h2*r2   + h1*r3   + h0*r4
+	# d3 = h3*r0 + h2*r1   + h1*r2   + h0*r3   + h4*5*r4
+	# d2 = h2*r0 + h1*r1   + h0*r2   + h4*5*r3 + h3*5*r4
+	# d1 = h1*r0 + h0*r1   + h4*5*r2 + h3*5*r3 + h2*5*r4
+	# d0 = h0*r0 + h4*5*r1 + h3*5*r2 + h2*5*r3 + h1*5*r4
+
+	&pmuludq	($D4,$D0);			# h4*r0
+	&pmuludq	($D3,$D0);			# h3*r0
+	&pmuludq	($D2,$D0);			# h2*r0
+	&pmuludq	($D1,$D0);			# h1*r0
+	&pmuludq	($D0,$T1);			# h0*r0
+
+sub pmuladd {
+my $load = shift;
+my $base = shift; $base = "esp" if (!defined($base));
+
+	################################################################
+	# As for choice to "rotate" $T0-$T2 in order to move paddq
+	# past next multiplication. While it makes code harder to read
+	# and doesn't have significant effect on most processors, it
+	# makes a lot of difference on Atom, up to 30% improvement.
+
+	&movdqa		($T1,$T0);
+	&pmuludq	($T0,&QWP(16*3,$base));		# r1*h3
+	&movdqa		($T2,$T1);
+	&pmuludq	($T1,&QWP(16*2,$base));		# r1*h2
+	&paddq		($D4,$T0);
+	&movdqa		($T0,$T2);
+	&pmuludq	($T2,&QWP(16*1,$base));		# r1*h1
+	&paddq		($D3,$T1);
+	&$load		($T1,5);			# s1
+	&pmuludq	($T0,&QWP(16*0,$base));		# r1*h0
+	&paddq		($D2,$T2);
+	&pmuludq	($T1,&QWP(16*4,$base));		# s1*h4
+	 &$load		($T2,2);			# r2^n
+	&paddq		($D1,$T0);
+
+	&movdqa		($T0,$T2);
+	&pmuludq	($T2,&QWP(16*2,$base));		# r2*h2
+	 &paddq		($D0,$T1);
+	&movdqa		($T1,$T0);
+	&pmuludq	($T0,&QWP(16*1,$base));		# r2*h1
+	&paddq		($D4,$T2);
+	&$load		($T2,6);			# s2^n
+	&pmuludq	($T1,&QWP(16*0,$base));		# r2*h0
+	&paddq		($D3,$T0);
+	&movdqa		($T0,$T2);
+	&pmuludq	($T2,&QWP(16*4,$base));		# s2*h4
+	&paddq		($D2,$T1);
+	&pmuludq	($T0,&QWP(16*3,$base));		# s2*h3
+	 &$load		($T1,3);			# r3^n
+	&paddq		($D1,$T2);
+
+	&movdqa		($T2,$T1);
+	&pmuludq	($T1,&QWP(16*1,$base));		# r3*h1
+	 &paddq		($D0,$T0);
+	&$load		($T0,7);			# s3^n
+	&pmuludq	($T2,&QWP(16*0,$base));		# r3*h0
+	&paddq		($D4,$T1);
+	&movdqa		($T1,$T0);
+	&pmuludq	($T0,&QWP(16*4,$base));		# s3*h4
+	&paddq		($D3,$T2);
+	&movdqa		($T2,$T1);
+	&pmuludq	($T1,&QWP(16*3,$base));		# s3*h3
+	&paddq		($D2,$T0);
+	&pmuludq	($T2,&QWP(16*2,$base));		# s3*h2
+	 &$load		($T0,4);			# r4^n
+	&paddq		($D1,$T1);
+
+	&$load		($T1,8);			# s4^n
+	&pmuludq	($T0,&QWP(16*0,$base));		# r4*h0
+	 &paddq		($D0,$T2);
+	&movdqa		($T2,$T1);
+	&pmuludq	($T1,&QWP(16*4,$base));		# s4*h4
+	&paddq		($D4,$T0);
+	&movdqa		($T0,$T2);
+	&pmuludq	($T2,&QWP(16*1,$base));		# s4*h1
+	&paddq		($D3,$T1);
+	&movdqa		($T1,$T0);
+	&pmuludq	($T0,&QWP(16*2,$base));		# s4*h2
+	&paddq		($D0,$T2);
+	&pmuludq	($T1,&QWP(16*3,$base));		# s4*h3
+	 &movdqa	($MASK,&QWP(64,"ebx"));
+	&paddq		($D1,$T0);
+	&paddq		($D2,$T1);
+}
+	&pmuladd	(sub {	my ($reg,$i)=@_;
+				&movdqa ($reg,&QWP(16*$i,"esp"));
+			     },"edx");
+
+sub lazy_reduction {
+my $extra = shift;
+
+	################################################################
+	# lazy reduction as discussed in "NEON crypto" by D.J. Bernstein
+	# and P. Schwabe
+	#
+	# [(*) see discussion in poly1305-armv4 module]
+
+	 &movdqa	($T0,$D3);
+	 &pand		($D3,$MASK);
+	 &psrlq		($T0,26);
+	 &$extra	()				if (defined($extra));
+	 &paddq		($T0,$D4);			# h3 -> h4
+	&movdqa		($T1,$D0);
+	&pand		($D0,$MASK);
+	&psrlq		($T1,26);
+	 &movdqa	($D4,$T0);
+	&paddq		($T1,$D1);			# h0 -> h1
+	 &psrlq		($T0,26);
+	 &pand		($D4,$MASK);
+	&movdqa		($D1,$T1);
+	&psrlq		($T1,26);
+	 &paddd		($D0,$T0);			# favour paddd when
+							# possible, because
+							# paddq is "broken"
+							# on Atom
+	 &psllq		($T0,2);
+	&paddq		($T1,$D2);			# h1 -> h2
+	 &paddq		($T0,$D0);			# h4 -> h0 (*)
+	&pand		($D1,$MASK);
+	&movdqa		($D2,$T1);
+	&psrlq		($T1,26);
+	&pand		($D2,$MASK);
+	&paddd		($T1,$D3);			# h2 -> h3
+	 &movdqa	($D0,$T0);
+	 &psrlq		($T0,26);
+	&movdqa		($D3,$T1);
+	&psrlq		($T1,26);
+	 &pand		($D0,$MASK);
+	 &paddd		($D1,$T0);			# h0 -> h1
+	&pand		($D3,$MASK);
+	&paddd		($D4,$T1);			# h3 -> h4
+}
+	&lazy_reduction	();
+
+	&dec		("ecx");
+	&jz		(&label("square_break"));
+
+	&punpcklqdq	($D0,&QWP(16*0,"esp"));		# 0:r^1:0:r^2
+	&punpcklqdq	($D1,&QWP(16*1,"esp"));
+	&punpcklqdq	($D2,&QWP(16*2,"esp"));
+	&punpcklqdq	($D3,&QWP(16*3,"esp"));
+	&punpcklqdq	($D4,&QWP(16*4,"esp"));
+	&jmp		(&label("square"));
+
+&set_label("square_break");
+	&psllq		($D0,32);			# -> r^3:0:r^4:0
+	&psllq		($D1,32);
+	&psllq		($D2,32);
+	&psllq		($D3,32);
+	&psllq		($D4,32);
+	&por		($D0,&QWP(16*0,"esp"));		# r^3:r^1:r^4:r^2
+	&por		($D1,&QWP(16*1,"esp"));
+	&por		($D2,&QWP(16*2,"esp"));
+	&por		($D3,&QWP(16*3,"esp"));
+	&por		($D4,&QWP(16*4,"esp"));
+
+	&pshufd		($D0,$D0,0b10001101);		# -> r^1:r^2:r^3:r^4
+	&pshufd		($D1,$D1,0b10001101);
+	&pshufd		($D2,$D2,0b10001101);
+	&pshufd		($D3,$D3,0b10001101);
+	&pshufd		($D4,$D4,0b10001101);
+
+	&movdqu		(&QWP(16*0,"edi"),$D0);		# save the table
+	&movdqu		(&QWP(16*1,"edi"),$D1);
+	&movdqu		(&QWP(16*2,"edi"),$D2);
+	&movdqu		(&QWP(16*3,"edi"),$D3);
+	&movdqu		(&QWP(16*4,"edi"),$D4);
+
+	&movdqa		($T1,$D1);
+	&movdqa		($T0,$D2);
+	&pslld		($T1,2);
+	&pslld		($T0,2);
+	&paddd		($T1,$D1);			# *5
+	&paddd		($T0,$D2);			# *5
+	&movdqu		(&QWP(16*5,"edi"),$T1);
+	&movdqu		(&QWP(16*6,"edi"),$T0);
+	&movdqa		($T1,$D3);
+	&movdqa		($T0,$D4);
+	&pslld		($T1,2);
+	&pslld		($T0,2);
+	&paddd		($T1,$D3);			# *5
+	&paddd		($T0,$D4);			# *5
+	&movdqu		(&QWP(16*7,"edi"),$T1);
+	&movdqu		(&QWP(16*8,"edi"),$T0);
+
+	&mov		("esp","ebp");
+	&lea		("edi",&DWP(-16*3,"edi"));	# size de-optimization
+	&ret		();
+&function_end_B("_poly1305_init_sse2");
+
+&align	(32);
+&function_begin("_poly1305_blocks_sse2");
+	&mov	("edi",&wparam(0));			# ctx
+	&mov	("esi",&wparam(1));			# inp
+	&mov	("ecx",&wparam(2));			# len
+
+	&mov	("eax",&DWP(4*5,"edi"));		# is_base2_26
+	&and	("ecx",-16);
+	&jz	(&label("nodata"));
+	&cmp	("ecx",64);
+	&jae	(&label("enter_sse2"));
+	&test	("eax","eax");				# is_base2_26?
+	&jz	(&label("enter_blocks"));
+
+&set_label("enter_sse2",16);
+	&call	(&label("pic_point"));
+&set_label("pic_point");
+	&blindpop("ebx");
+	&lea	("ebx",&DWP(&label("const_sse2")."-".&label("pic_point"),"ebx"));
+
+	&test	("eax","eax");				# is_base2_26?
+	&jnz	(&label("base2_26"));
+
+	&call	("_poly1305_init_sse2");
+
+	################################################# base 2^32 -> base 2^26
+	&mov	("eax",&DWP(0,"edi"));
+	&mov	("ecx",&DWP(3,"edi"));
+	&mov	("edx",&DWP(6,"edi"));
+	&mov	("esi",&DWP(9,"edi"));
+	&mov	("ebp",&DWP(13,"edi"));
+	&mov	(&DWP(4*5,"edi"),1);			# is_base2_26
+
+	&shr	("ecx",2);
+	&and	("eax",0x3ffffff);
+	&shr	("edx",4);
+	&and	("ecx",0x3ffffff);
+	&shr	("esi",6);
+	&and	("edx",0x3ffffff);
+
+	&movd	($D0,"eax");
+	&movd	($D1,"ecx");
+	&movd	($D2,"edx");
+	&movd	($D3,"esi");
+	&movd	($D4,"ebp");
+
+	&mov	("esi",&wparam(1));			# [reload] inp
+	&mov	("ecx",&wparam(2));			# [reload] len
+	&jmp	(&label("base2_32"));
+
+&set_label("base2_26",16);
+	&movd	($D0,&DWP(4*0,"edi"));			# load hash value
+	&movd	($D1,&DWP(4*1,"edi"));
+	&movd	($D2,&DWP(4*2,"edi"));
+	&movd	($D3,&DWP(4*3,"edi"));
+	&movd	($D4,&DWP(4*4,"edi"));
+	&movdqa	($MASK,&QWP(64,"ebx"));
+
+&set_label("base2_32");
+	&mov	("eax",&wparam(3));			# padbit
+	&mov	("ebp","esp");
+
+	&sub	("esp",16*(5+5+5+9+9));
+	&and	("esp",-16);
+
+	&lea	("edi",&DWP(16*3,"edi"));		# size optimization
+	&shl	("eax",24);				# padbit
+
+	&test	("ecx",31);
+	&jz	(&label("even"));
+
+	################################################################
+	# process single block, with SSE2, because it's still faster
+	# even though half of result is discarded
+
+	&movdqu		($T1,&QWP(0,"esi"));		# input
+	&lea		("esi",&DWP(16,"esi"));
+
+	&movdqa		($T0,$T1);			# -> base 2^26 ...
+	&pand		($T1,$MASK);
+	&paddd		($D0,$T1);			# ... and accumulate
+
+	&movdqa		($T1,$T0);
+	&psrlq		($T0,26);
+	&psrldq		($T1,6);
+	&pand		($T0,$MASK);
+	&paddd		($D1,$T0);
+
+	&movdqa		($T0,$T1);
+	&psrlq		($T1,4);
+	&pand		($T1,$MASK);
+	&paddd		($D2,$T1);
+
+	&movdqa		($T1,$T0);
+	&psrlq		($T0,30);
+	&pand		($T0,$MASK);
+	&psrldq		($T1,7);
+	&paddd		($D3,$T0);
+
+	&movd		($T0,"eax");			# padbit
+	&paddd		($D4,$T1);
+	 &movd		($T1,&DWP(16*0+12,"edi"));	# r0
+	&paddd		($D4,$T0);
+
+	&movdqa		(&QWP(16*0,"esp"),$D0);
+	&movdqa		(&QWP(16*1,"esp"),$D1);
+	&movdqa		(&QWP(16*2,"esp"),$D2);
+	&movdqa		(&QWP(16*3,"esp"),$D3);
+	&movdqa		(&QWP(16*4,"esp"),$D4);
+
+	################################################################
+	# d4 = h4*r0 + h3*r1   + h2*r2   + h1*r3   + h0*r4
+	# d3 = h3*r0 + h2*r1   + h1*r2   + h0*r3   + h4*5*r4
+	# d2 = h2*r0 + h1*r1   + h0*r2   + h4*5*r3 + h3*5*r4
+	# d1 = h1*r0 + h0*r1   + h4*5*r2 + h3*5*r3 + h2*5*r4
+	# d0 = h0*r0 + h4*5*r1 + h3*5*r2 + h2*5*r3 + h1*5*r4
+
+	&pmuludq	($D0,$T1);			# h4*r0
+	&pmuludq	($D1,$T1);			# h3*r0
+	&pmuludq	($D2,$T1);			# h2*r0
+	 &movd		($T0,&DWP(16*1+12,"edi"));	# r1
+	&pmuludq	($D3,$T1);			# h1*r0
+	&pmuludq	($D4,$T1);			# h0*r0
+
+	&pmuladd	(sub {	my ($reg,$i)=@_;
+				&movd ($reg,&DWP(16*$i+12,"edi"));
+			     });
+
+	&lazy_reduction	();
+
+	&sub		("ecx",16);
+	&jz		(&label("done"));
+
+&set_label("even");
+	&lea		("edx",&DWP(16*(5+5+5+9),"esp"));# size optimization
+	&lea		("eax",&DWP(-16*2,"esi"));
+	&sub		("ecx",64);
+
+	################################################################
+	# expand and copy pre-calculated table to stack
+
+	&movdqu		($T0,&QWP(16*0,"edi"));		# r^1:r^2:r^3:r^4
+	&pshufd		($T1,$T0,0b01000100);		# duplicate r^3:r^4
+	&cmovb		("esi","eax");
+	&pshufd		($T0,$T0,0b11101110);		# duplicate r^1:r^2
+	&movdqa		(&QWP(16*0,"edx"),$T1);
+	&lea		("eax",&DWP(16*10,"esp"));
+	&movdqu		($T1,&QWP(16*1,"edi"));
+	&movdqa		(&QWP(16*(0-9),"edx"),$T0);
+	&pshufd		($T0,$T1,0b01000100);
+	&pshufd		($T1,$T1,0b11101110);
+	&movdqa		(&QWP(16*1,"edx"),$T0);
+	&movdqu		($T0,&QWP(16*2,"edi"));
+	&movdqa		(&QWP(16*(1-9),"edx"),$T1);
+	&pshufd		($T1,$T0,0b01000100);
+	&pshufd		($T0,$T0,0b11101110);
+	&movdqa		(&QWP(16*2,"edx"),$T1);
+	&movdqu		($T1,&QWP(16*3,"edi"));
+	&movdqa		(&QWP(16*(2-9),"edx"),$T0);
+	&pshufd		($T0,$T1,0b01000100);
+	&pshufd		($T1,$T1,0b11101110);
+	&movdqa		(&QWP(16*3,"edx"),$T0);
+	&movdqu		($T0,&QWP(16*4,"edi"));
+	&movdqa		(&QWP(16*(3-9),"edx"),$T1);
+	&pshufd		($T1,$T0,0b01000100);
+	&pshufd		($T0,$T0,0b11101110);
+	&movdqa		(&QWP(16*4,"edx"),$T1);
+	&movdqu		($T1,&QWP(16*5,"edi"));
+	&movdqa		(&QWP(16*(4-9),"edx"),$T0);
+	&pshufd		($T0,$T1,0b01000100);
+	&pshufd		($T1,$T1,0b11101110);
+	&movdqa		(&QWP(16*5,"edx"),$T0);
+	&movdqu		($T0,&QWP(16*6,"edi"));
+	&movdqa		(&QWP(16*(5-9),"edx"),$T1);
+	&pshufd		($T1,$T0,0b01000100);
+	&pshufd		($T0,$T0,0b11101110);
+	&movdqa		(&QWP(16*6,"edx"),$T1);
+	&movdqu		($T1,&QWP(16*7,"edi"));
+	&movdqa		(&QWP(16*(6-9),"edx"),$T0);
+	&pshufd		($T0,$T1,0b01000100);
+	&pshufd		($T1,$T1,0b11101110);
+	&movdqa		(&QWP(16*7,"edx"),$T0);
+	&movdqu		($T0,&QWP(16*8,"edi"));
+	&movdqa		(&QWP(16*(7-9),"edx"),$T1);
+	&pshufd		($T1,$T0,0b01000100);
+	&pshufd		($T0,$T0,0b11101110);
+	&movdqa		(&QWP(16*8,"edx"),$T1);
+	&movdqa		(&QWP(16*(8-9),"edx"),$T0);
+
+sub load_input {
+my ($inpbase,$offbase)=@_;
+
+	&movdqu		($T0,&QWP($inpbase+0,"esi"));	# load input
+	&movdqu		($T1,&QWP($inpbase+16,"esi"));
+	&lea		("esi",&DWP(16*2,"esi"));
+
+	&movdqa		(&QWP($offbase+16*2,"esp"),$D2);
+	&movdqa		(&QWP($offbase+16*3,"esp"),$D3);
+	&movdqa		(&QWP($offbase+16*4,"esp"),$D4);
+
+	&movdqa		($D2,$T0);			# splat input
+	&movdqa		($D3,$T1);
+	&psrldq		($D2,6);
+	&psrldq		($D3,6);
+	&movdqa		($D4,$T0);
+	&punpcklqdq	($D2,$D3);			# 2:3
+	&punpckhqdq	($D4,$T1);			# 4
+	&punpcklqdq	($T0,$T1);			# 0:1
+
+	&movdqa		($D3,$D2);
+	&psrlq		($D2,4);
+	&psrlq		($D3,30);
+	&movdqa		($T1,$T0);
+	&psrlq		($D4,40);			# 4
+	&psrlq		($T1,26);
+	&pand		($T0,$MASK);			# 0
+	&pand		($T1,$MASK);			# 1
+	&pand		($D2,$MASK);			# 2
+	&pand		($D3,$MASK);			# 3
+	&por		($D4,&QWP(0,"ebx"));		# padbit, yes, always
+
+	&movdqa		(&QWP($offbase+16*0,"esp"),$D0)	if ($offbase);
+	&movdqa		(&QWP($offbase+16*1,"esp"),$D1)	if ($offbase);
+}
+	&load_input	(16*2,16*5);
+
+	&jbe		(&label("skip_loop"));
+	&jmp		(&label("loop"));
+
+&set_label("loop",32);
+	################################################################
+	# ((inp[0]*r^4+inp[2]*r^2+inp[4])*r^4+inp[6]*r^2
+	# ((inp[1]*r^4+inp[3]*r^2+inp[5])*r^3+inp[7]*r
+	#   \___________________/
+	# ((inp[0]*r^4+inp[2]*r^2+inp[4])*r^4+inp[6]*r^2+inp[8])*r^2
+	# ((inp[1]*r^4+inp[3]*r^2+inp[5])*r^4+inp[7]*r^2+inp[9])*r
+	#   \___________________/ \____________________/
+	################################################################
+
+	&movdqa		($T2,&QWP(16*(0-9),"edx"));	# r0^2
+	&movdqa		(&QWP(16*1,"eax"),$T1);
+	&movdqa		(&QWP(16*2,"eax"),$D2);
+	&movdqa		(&QWP(16*3,"eax"),$D3);
+	&movdqa		(&QWP(16*4,"eax"),$D4);
+
+	################################################################
+	# d4 = h4*r0 + h0*r4   + h1*r3   + h2*r2   + h3*r1
+	# d3 = h3*r0 + h0*r3   + h1*r2   + h2*r1   + h4*5*r4
+	# d2 = h2*r0 + h0*r2   + h1*r1   + h3*5*r4 + h4*5*r3
+	# d1 = h1*r0 + h0*r1   + h2*5*r4 + h3*5*r3 + h4*5*r2
+	# d0 = h0*r0 + h1*5*r4 + h2*5*r3 + h3*5*r2 + h4*5*r1
+
+	&movdqa		($D1,$T0);
+	&pmuludq	($T0,$T2);			# h0*r0
+	&movdqa		($D0,$T1);
+	&pmuludq	($T1,$T2);			# h1*r0
+	&pmuludq	($D2,$T2);			# h2*r0
+	&pmuludq	($D3,$T2);			# h3*r0
+	&pmuludq	($D4,$T2);			# h4*r0
+
+sub pmuladd_alt {
+my $addr = shift;
+
+	&pmuludq	($D0,&$addr(8));		# h1*s4
+	&movdqa		($T2,$D1);
+	&pmuludq	($D1,&$addr(1));		# h0*r1
+	&paddq		($D0,$T0);
+	&movdqa		($T0,$T2);
+	&pmuludq	($T2,&$addr(2));		# h0*r2
+	&paddq		($D1,$T1);
+	&movdqa		($T1,$T0);
+	&pmuludq	($T0,&$addr(3));		# h0*r3
+	&paddq		($D2,$T2);
+	 &movdqa	($T2,&QWP(16*1,"eax"));		# pull h1
+	&pmuludq	($T1,&$addr(4));		# h0*r4
+	&paddq		($D3,$T0);
+
+	&movdqa		($T0,$T2);
+	&pmuludq	($T2,&$addr(1));		# h1*r1
+	 &paddq		($D4,$T1);
+	&movdqa		($T1,$T0);
+	&pmuludq	($T0,&$addr(2));		# h1*r2
+	&paddq		($D2,$T2);
+	&movdqa		($T2,&QWP(16*2,"eax"));		# pull h2
+	&pmuludq	($T1,&$addr(3));		# h1*r3
+	&paddq		($D3,$T0);
+	&movdqa		($T0,$T2);
+	&pmuludq	($T2,&$addr(7));		# h2*s3
+	&paddq		($D4,$T1);
+	&movdqa		($T1,$T0);
+	&pmuludq	($T0,&$addr(8));		# h2*s4
+	&paddq		($D0,$T2);
+
+	&movdqa		($T2,$T1);
+	&pmuludq	($T1,&$addr(1));		# h2*r1
+	 &paddq		($D1,$T0);
+	&movdqa		($T0,&QWP(16*3,"eax"));		# pull h3
+	&pmuludq	($T2,&$addr(2));		# h2*r2
+	&paddq		($D3,$T1);
+	&movdqa		($T1,$T0);
+	&pmuludq	($T0,&$addr(6));		# h3*s2
+	&paddq		($D4,$T2);
+	&movdqa		($T2,$T1);
+	&pmuludq	($T1,&$addr(7));		# h3*s3
+	&paddq		($D0,$T0);
+	&movdqa		($T0,$T2);
+	&pmuludq	($T2,&$addr(8));		# h3*s4
+	&paddq		($D1,$T1);
+
+	&movdqa		($T1,&QWP(16*4,"eax"));		# pull h4
+	&pmuludq	($T0,&$addr(1));		# h3*r1
+	 &paddq		($D2,$T2);
+	&movdqa		($T2,$T1);
+	&pmuludq	($T1,&$addr(8));		# h4*s4
+	&paddq		($D4,$T0);
+	&movdqa		($T0,$T2);
+	&pmuludq	($T2,&$addr(5));		# h4*s1
+	&paddq		($D3,$T1);
+	&movdqa		($T1,$T0);
+	&pmuludq	($T0,&$addr(6));		# h4*s2
+	&paddq		($D0,$T2);
+	 &movdqa	($MASK,&QWP(64,"ebx"));
+	&pmuludq	($T1,&$addr(7));		# h4*s3
+	&paddq		($D1,$T0);
+	&paddq		($D2,$T1);
+}
+	&pmuladd_alt	(sub {	my $i=shift; &QWP(16*($i-9),"edx");	});
+
+	&load_input	(-16*2,0);
+	&lea		("eax",&DWP(-16*2,"esi"));
+	&sub		("ecx",64);
+
+	&paddd		($T0,&QWP(16*(5+0),"esp"));	# add hash value
+	&paddd		($T1,&QWP(16*(5+1),"esp"));
+	&paddd		($D2,&QWP(16*(5+2),"esp"));
+	&paddd		($D3,&QWP(16*(5+3),"esp"));
+	&paddd		($D4,&QWP(16*(5+4),"esp"));
+
+	&cmovb		("esi","eax");
+	&lea		("eax",&DWP(16*10,"esp"));
+
+	&movdqa		($T2,&QWP(16*0,"edx"));		# r0^4
+	&movdqa		(&QWP(16*1,"esp"),$D1);
+	&movdqa		(&QWP(16*1,"eax"),$T1);
+	&movdqa		(&QWP(16*2,"eax"),$D2);
+	&movdqa		(&QWP(16*3,"eax"),$D3);
+	&movdqa		(&QWP(16*4,"eax"),$D4);
+
+	################################################################
+	# d4 += h4*r0 + h0*r4   + h1*r3   + h2*r2   + h3*r1
+	# d3 += h3*r0 + h0*r3   + h1*r2   + h2*r1   + h4*5*r4
+	# d2 += h2*r0 + h0*r2   + h1*r1   + h3*5*r4 + h4*5*r3
+	# d1 += h1*r0 + h0*r1   + h2*5*r4 + h3*5*r3 + h4*5*r2
+	# d0 += h0*r0 + h1*5*r4 + h2*5*r3 + h3*5*r2 + h4*5*r1
+
+	&movdqa		($D1,$T0);
+	&pmuludq	($T0,$T2);			# h0*r0
+	&paddq		($T0,$D0);
+	&movdqa		($D0,$T1);
+	&pmuludq	($T1,$T2);			# h1*r0
+	&pmuludq	($D2,$T2);			# h2*r0
+	&pmuludq	($D3,$T2);			# h3*r0
+	&pmuludq	($D4,$T2);			# h4*r0
+
+	&paddq		($T1,&QWP(16*1,"esp"));
+	&paddq		($D2,&QWP(16*2,"esp"));
+	&paddq		($D3,&QWP(16*3,"esp"));
+	&paddq		($D4,&QWP(16*4,"esp"));
+
+	&pmuladd_alt	(sub {	my $i=shift; &QWP(16*$i,"edx");	});
+
+	&lazy_reduction	();
+
+	&load_input	(16*2,16*5);
+
+	&ja		(&label("loop"));
+
+&set_label("skip_loop");
+	################################################################
+	# multiply (inp[0:1]+hash) or inp[2:3] by r^2:r^1
+
+	 &pshufd	($T2,&QWP(16*(0-9),"edx"),0x10);# r0^n
+	&add		("ecx",32);
+	&jnz		(&label("long_tail"));
+
+	&paddd		($T0,$D0);			# add hash value
+	&paddd		($T1,$D1);
+	&paddd		($D2,&QWP(16*7,"esp"));
+	&paddd		($D3,&QWP(16*8,"esp"));
+	&paddd		($D4,&QWP(16*9,"esp"));
+
+&set_label("long_tail");
+
+	&movdqa		(&QWP(16*0,"eax"),$T0);
+	&movdqa		(&QWP(16*1,"eax"),$T1);
+	&movdqa		(&QWP(16*2,"eax"),$D2);
+	&movdqa		(&QWP(16*3,"eax"),$D3);
+	&movdqa		(&QWP(16*4,"eax"),$D4);
+
+	################################################################
+	# d4 = h4*r0 + h3*r1   + h2*r2   + h1*r3   + h0*r4
+	# d3 = h3*r0 + h2*r1   + h1*r2   + h0*r3   + h4*5*r4
+	# d2 = h2*r0 + h1*r1   + h0*r2   + h4*5*r3 + h3*5*r4
+	# d1 = h1*r0 + h0*r1   + h4*5*r2 + h3*5*r3 + h2*5*r4
+	# d0 = h0*r0 + h4*5*r1 + h3*5*r2 + h2*5*r3 + h1*5*r4
+
+	&pmuludq	($T0,$T2);			# h0*r0
+	&pmuludq	($T1,$T2);			# h1*r0
+	&pmuludq	($D2,$T2);			# h2*r0
+	&movdqa		($D0,$T0);
+	 &pshufd	($T0,&QWP(16*(1-9),"edx"),0x10);# r1^n
+	&pmuludq	($D3,$T2);			# h3*r0
+	&movdqa		($D1,$T1);
+	&pmuludq	($D4,$T2);			# h4*r0
+
+	&pmuladd	(sub {	my ($reg,$i)=@_;
+				&pshufd ($reg,&QWP(16*($i-9),"edx"),0x10);
+			     },"eax");
+
+	&jz		(&label("short_tail"));
+
+	&load_input	(-16*2,0);
+
+	 &pshufd	($T2,&QWP(16*0,"edx"),0x10);	# r0^n
+	&paddd		($T0,&QWP(16*5,"esp"));		# add hash value
+	&paddd		($T1,&QWP(16*6,"esp"));
+	&paddd		($D2,&QWP(16*7,"esp"));
+	&paddd		($D3,&QWP(16*8,"esp"));
+	&paddd		($D4,&QWP(16*9,"esp"));
+
+	################################################################
+	# multiply inp[0:1] by r^4:r^3 and accumulate
+
+	&movdqa		(&QWP(16*0,"esp"),$T0);
+	&pmuludq	($T0,$T2);			# h0*r0
+	&movdqa		(&QWP(16*1,"esp"),$T1);
+	&pmuludq	($T1,$T2);			# h1*r0
+	&paddq		($D0,$T0);
+	&movdqa		($T0,$D2);
+	&pmuludq	($D2,$T2);			# h2*r0
+	&paddq		($D1,$T1);
+	&movdqa		($T1,$D3);
+	&pmuludq	($D3,$T2);			# h3*r0
+	&paddq		($D2,&QWP(16*2,"esp"));
+	&movdqa		(&QWP(16*2,"esp"),$T0);
+	 &pshufd	($T0,&QWP(16*1,"edx"),0x10);	# r1^n
+	&paddq		($D3,&QWP(16*3,"esp"));
+	&movdqa		(&QWP(16*3,"esp"),$T1);
+	&movdqa		($T1,$D4);
+	&pmuludq	($D4,$T2);			# h4*r0
+	&paddq		($D4,&QWP(16*4,"esp"));
+	&movdqa		(&QWP(16*4,"esp"),$T1);
+
+	&pmuladd	(sub {	my ($reg,$i)=@_;
+				&pshufd ($reg,&QWP(16*$i,"edx"),0x10);
+			     });
+
+&set_label("short_tail");
+
+	################################################################
+	# horizontal addition
+
+	&pshufd		($T1,$D4,0b01001110);
+	&pshufd		($T0,$D3,0b01001110);
+	&paddq		($D4,$T1);
+	&paddq		($D3,$T0);
+	&pshufd		($T1,$D0,0b01001110);
+	&pshufd		($T0,$D1,0b01001110);
+	&paddq		($D0,$T1);
+	&paddq		($D1,$T0);
+	&pshufd		($T1,$D2,0b01001110);
+	#&paddq		($D2,$T1);
+
+	&lazy_reduction	(sub { &paddq ($D2,$T1) });
+
+&set_label("done");
+	&movd		(&DWP(-16*3+4*0,"edi"),$D0);	# store hash value
+	&movd		(&DWP(-16*3+4*1,"edi"),$D1);
+	&movd		(&DWP(-16*3+4*2,"edi"),$D2);
+	&movd		(&DWP(-16*3+4*3,"edi"),$D3);
+	&movd		(&DWP(-16*3+4*4,"edi"),$D4);
+	&mov	("esp","ebp");
+&set_label("nodata");
+&function_end("_poly1305_blocks_sse2");
+
+&align	(32);
+&function_begin("_poly1305_emit_sse2");
+	&mov	("ebp",&wparam(0));		# context
+
+	&cmp	(&DWP(4*5,"ebp"),0);		# is_base2_26?
+	&je	(&label("enter_emit"));
+
+	&mov	("eax",&DWP(4*0,"ebp"));	# load hash value
+	&mov	("edi",&DWP(4*1,"ebp"));
+	&mov	("ecx",&DWP(4*2,"ebp"));
+	&mov	("edx",&DWP(4*3,"ebp"));
+	&mov	("esi",&DWP(4*4,"ebp"));
+
+	&mov	("ebx","edi");			# base 2^26 -> base 2^32
+	&shl	("edi",26);
+	&shr	("ebx",6);
+	&add	("eax","edi");
+	&mov	("edi","ecx");
+	&adc	("ebx",0);
+
+	&shl	("edi",20);
+	&shr	("ecx",12);
+	&add	("ebx","edi");
+	&mov	("edi","edx");
+	&adc	("ecx",0);
+
+	&shl	("edi",14);
+	&shr	("edx",18);
+	&add	("ecx","edi");
+	&mov	("edi","esi");
+	&adc	("edx",0);
+
+	&shl	("edi",8);
+	&shr	("esi",24);
+	&add	("edx","edi");
+	&adc	("esi",0);			# can be partially reduced
+
+	&mov	("edi","esi");			# final reduction
+	&and	("esi",3);
+	&shr	("edi",2);
+	&lea	("ebp",&DWP(0,"edi","edi",4));	# *5
+	 &mov	("edi",&wparam(1));		# output
+	&add	("eax","ebp");
+	 &mov	("ebp",&wparam(2));		# key
+	&adc	("ebx",0);
+	&adc	("ecx",0);
+	&adc	("edx",0);
+	&adc	("esi",0);
+
+	&movd	($D0,"eax");			# offload original hash value
+	&add	("eax",5);			# compare to modulus
+	&movd	($D1,"ebx");
+	&adc	("ebx",0);
+	&movd	($D2,"ecx");
+	&adc	("ecx",0);
+	&movd	($D3,"edx");
+	&adc	("edx",0);
+	&adc	("esi",0);
+	&shr	("esi",2);			# did it carry/borrow?
+
+	&neg	("esi");			# do we choose (hash-modulus) ...
+	&and	("eax","esi");
+	&and	("ebx","esi");
+	&and	("ecx","esi");
+	&and	("edx","esi");
+	&mov	(&DWP(4*0,"edi"),"eax");
+	&movd	("eax",$D0);
+	&mov	(&DWP(4*1,"edi"),"ebx");
+	&movd	("ebx",$D1);
+	&mov	(&DWP(4*2,"edi"),"ecx");
+	&movd	("ecx",$D2);
+	&mov	(&DWP(4*3,"edi"),"edx");
+	&movd	("edx",$D3);
+
+	&not	("esi");			# ... or original hash value?
+	&and	("eax","esi");
+	&and	("ebx","esi");
+	&or	("eax",&DWP(4*0,"edi"));
+	&and	("ecx","esi");
+	&or	("ebx",&DWP(4*1,"edi"));
+	&and	("edx","esi");
+	&or	("ecx",&DWP(4*2,"edi"));
+	&or	("edx",&DWP(4*3,"edi"));
+
+	&add	("eax",&DWP(4*0,"ebp"));	# accumulate key
+	&adc	("ebx",&DWP(4*1,"ebp"));
+	&mov	(&DWP(4*0,"edi"),"eax");
+	&adc	("ecx",&DWP(4*2,"ebp"));
+	&mov	(&DWP(4*1,"edi"),"ebx");
+	&adc	("edx",&DWP(4*3,"ebp"));
+	&mov	(&DWP(4*2,"edi"),"ecx");
+	&mov	(&DWP(4*3,"edi"),"edx");
+&function_end("_poly1305_emit_sse2");
+
+if ($avx>1) {
+########################################################################
+# Note that poly1305_init_avx2 operates on %xmm, I could have used
+# poly1305_init_sse2...
+
+&align	(32);
+&function_begin_B("_poly1305_init_avx2");
+	&vmovdqu	($D4,&QWP(4*6,"edi"));		# key base 2^32
+	&lea		("edi",&DWP(16*3,"edi"));	# size optimization
+	&mov		("ebp","esp");
+	&sub		("esp",16*(9+5));
+	&and		("esp",-16);
+
+	#&vpand		($D4,$D4,&QWP(96,"ebx"));	# magic mask
+	&vmovdqa	($MASK,&QWP(64,"ebx"));
+
+	&vpand		($D0,$D4,$MASK);		# -> base 2^26
+	&vpsrlq		($D1,$D4,26);
+	&vpsrldq	($D3,$D4,6);
+	&vpand		($D1,$D1,$MASK);
+	&vpsrlq		($D2,$D3,4)
+	&vpsrlq		($D3,$D3,30);
+	&vpand		($D2,$D2,$MASK);
+	&vpand		($D3,$D3,$MASK);
+	&vpsrldq	($D4,$D4,13);
+
+	&lea		("edx",&DWP(16*9,"esp"));	# size optimization
+	&mov		("ecx",2);
+&set_label("square");
+	&vmovdqa	(&QWP(16*0,"esp"),$D0);
+	&vmovdqa	(&QWP(16*1,"esp"),$D1);
+	&vmovdqa	(&QWP(16*2,"esp"),$D2);
+	&vmovdqa	(&QWP(16*3,"esp"),$D3);
+	&vmovdqa	(&QWP(16*4,"esp"),$D4);
+
+	&vpslld		($T1,$D1,2);
+	&vpslld		($T0,$D2,2);
+	&vpaddd		($T1,$T1,$D1);			# *5
+	&vpaddd		($T0,$T0,$D2);			# *5
+	&vmovdqa	(&QWP(16*5,"esp"),$T1);
+	&vmovdqa	(&QWP(16*6,"esp"),$T0);
+	&vpslld		($T1,$D3,2);
+	&vpslld		($T0,$D4,2);
+	&vpaddd		($T1,$T1,$D3);			# *5
+	&vpaddd		($T0,$T0,$D4);			# *5
+	&vmovdqa	(&QWP(16*7,"esp"),$T1);
+	&vmovdqa	(&QWP(16*8,"esp"),$T0);
+
+	&vpshufd	($T0,$D0,0b01000100);
+	&vmovdqa	($T1,$D1);
+	&vpshufd	($D1,$D1,0b01000100);
+	&vpshufd	($D2,$D2,0b01000100);
+	&vpshufd	($D3,$D3,0b01000100);
+	&vpshufd	($D4,$D4,0b01000100);
+	&vmovdqa	(&QWP(16*0,"edx"),$T0);
+	&vmovdqa	(&QWP(16*1,"edx"),$D1);
+	&vmovdqa	(&QWP(16*2,"edx"),$D2);
+	&vmovdqa	(&QWP(16*3,"edx"),$D3);
+	&vmovdqa	(&QWP(16*4,"edx"),$D4);
+
+	################################################################
+	# d4 = h4*r0 + h3*r1   + h2*r2   + h1*r3   + h0*r4
+	# d3 = h3*r0 + h2*r1   + h1*r2   + h0*r3   + h4*5*r4
+	# d2 = h2*r0 + h1*r1   + h0*r2   + h4*5*r3 + h3*5*r4
+	# d1 = h1*r0 + h0*r1   + h4*5*r2 + h3*5*r3 + h2*5*r4
+	# d0 = h0*r0 + h4*5*r1 + h3*5*r2 + h2*5*r3 + h1*5*r4
+
+	&vpmuludq	($D4,$D4,$D0);			# h4*r0
+	&vpmuludq	($D3,$D3,$D0);			# h3*r0
+	&vpmuludq	($D2,$D2,$D0);			# h2*r0
+	&vpmuludq	($D1,$D1,$D0);			# h1*r0
+	&vpmuludq	($D0,$T0,$D0);			# h0*r0
+
+	&vpmuludq	($T0,$T1,&QWP(16*3,"edx"));	# r1*h3
+	&vpaddq		($D4,$D4,$T0);
+	&vpmuludq	($T2,$T1,&QWP(16*2,"edx"));	# r1*h2
+	&vpaddq		($D3,$D3,$T2);
+	&vpmuludq	($T0,$T1,&QWP(16*1,"edx"));	# r1*h1
+	&vpaddq		($D2,$D2,$T0);
+	&vmovdqa	($T2,&QWP(16*5,"esp"));		# s1
+	&vpmuludq	($T1,$T1,&QWP(16*0,"edx"));	# r1*h0
+	&vpaddq		($D1,$D1,$T1);
+	 &vmovdqa	($T0,&QWP(16*2,"esp"));		# r2
+	&vpmuludq	($T2,$T2,&QWP(16*4,"edx"));	# s1*h4
+	&vpaddq		($D0,$D0,$T2);
+
+	&vpmuludq	($T1,$T0,&QWP(16*2,"edx"));	# r2*h2
+	&vpaddq		($D4,$D4,$T1);
+	&vpmuludq	($T2,$T0,&QWP(16*1,"edx"));	# r2*h1
+	&vpaddq		($D3,$D3,$T2);
+	&vmovdqa	($T1,&QWP(16*6,"esp"));		# s2
+	&vpmuludq	($T0,$T0,&QWP(16*0,"edx"));	# r2*h0
+	&vpaddq		($D2,$D2,$T0);
+	&vpmuludq	($T2,$T1,&QWP(16*4,"edx"));	# s2*h4
+	&vpaddq		($D1,$D1,$T2);
+	 &vmovdqa	($T0,&QWP(16*3,"esp"));		# r3
+	&vpmuludq	($T1,$T1,&QWP(16*3,"edx"));	# s2*h3
+	&vpaddq		($D0,$D0,$T1);
+
+	&vpmuludq	($T2,$T0,&QWP(16*1,"edx"));	# r3*h1
+	&vpaddq		($D4,$D4,$T2);
+	&vmovdqa	($T1,&QWP(16*7,"esp"));		# s3
+	&vpmuludq	($T0,$T0,&QWP(16*0,"edx"));	# r3*h0
+	&vpaddq		($D3,$D3,$T0);
+	&vpmuludq	($T2,$T1,&QWP(16*4,"edx"));	# s3*h4
+	&vpaddq		($D2,$D2,$T2);
+	&vpmuludq	($T0,$T1,&QWP(16*3,"edx"));	# s3*h3
+	&vpaddq		($D1,$D1,$T0);
+	 &vmovdqa	($T2,&QWP(16*4,"esp"));		# r4
+	&vpmuludq	($T1,$T1,&QWP(16*2,"edx"));	# s3*h2
+	&vpaddq		($D0,$D0,$T1);
+
+	&vmovdqa	($T0,&QWP(16*8,"esp"));		# s4
+	&vpmuludq	($T2,$T2,&QWP(16*0,"edx"));	# r4*h0
+	&vpaddq		($D4,$D4,$T2);
+	&vpmuludq	($T1,$T0,&QWP(16*4,"edx"));	# s4*h4
+	&vpaddq		($D3,$D3,$T1);
+	&vpmuludq	($T2,$T0,&QWP(16*1,"edx"));	# s4*h1
+	&vpaddq		($D0,$D0,$T2);
+	&vpmuludq	($T1,$T0,&QWP(16*2,"edx"));	# s4*h2
+	&vpaddq		($D1,$D1,$T1);
+	 &vmovdqa	($MASK,&QWP(64,"ebx"));
+	&vpmuludq	($T0,$T0,&QWP(16*3,"edx"));	# s4*h3
+	&vpaddq		($D2,$D2,$T0);
+
+	################################################################
+	# lazy reduction
+	 &vpsrlq	($T0,$D3,26);
+	 &vpand		($D3,$D3,$MASK);
+	&vpsrlq		($T1,$D0,26);
+	&vpand		($D0,$D0,$MASK);
+	 &vpaddq	($D4,$D4,$T0);			# h3 -> h4
+	&vpaddq		($D1,$D1,$T1);			# h0 -> h1
+	 &vpsrlq	($T0,$D4,26);
+	 &vpand		($D4,$D4,$MASK);
+	&vpsrlq		($T1,$D1,26);
+	&vpand		($D1,$D1,$MASK);
+	&vpaddq		($D2,$D2,$T1);			# h1 -> h2
+	 &vpaddd	($D0,$D0,$T0);
+	 &vpsllq	($T0,$T0,2);
+	&vpsrlq		($T1,$D2,26);
+	&vpand		($D2,$D2,$MASK);
+	 &vpaddd	($D0,$D0,$T0);			# h4 -> h0
+	&vpaddd		($D3,$D3,$T1);			# h2 -> h3
+	&vpsrlq		($T1,$D3,26);
+	 &vpsrlq	($T0,$D0,26);
+	 &vpand		($D0,$D0,$MASK);
+	&vpand		($D3,$D3,$MASK);
+	 &vpaddd	($D1,$D1,$T0);			# h0 -> h1
+	&vpaddd		($D4,$D4,$T1);			# h3 -> h4
+
+	&dec		("ecx");
+	&jz		(&label("square_break"));
+
+	&vpunpcklqdq	($D0,$D0,&QWP(16*0,"esp"));	# 0:r^1:0:r^2
+	&vpunpcklqdq	($D1,$D1,&QWP(16*1,"esp"));
+	&vpunpcklqdq	($D2,$D2,&QWP(16*2,"esp"));
+	&vpunpcklqdq	($D3,$D3,&QWP(16*3,"esp"));
+	&vpunpcklqdq	($D4,$D4,&QWP(16*4,"esp"));
+	&jmp		(&label("square"));
+
+&set_label("square_break");
+	&vpsllq		($D0,$D0,32);			# -> r^3:0:r^4:0
+	&vpsllq		($D1,$D1,32);
+	&vpsllq		($D2,$D2,32);
+	&vpsllq		($D3,$D3,32);
+	&vpsllq		($D4,$D4,32);
+	&vpor		($D0,$D0,&QWP(16*0,"esp"));	# r^3:r^1:r^4:r^2
+	&vpor		($D1,$D1,&QWP(16*1,"esp"));
+	&vpor		($D2,$D2,&QWP(16*2,"esp"));
+	&vpor		($D3,$D3,&QWP(16*3,"esp"));
+	&vpor		($D4,$D4,&QWP(16*4,"esp"));
+
+	&vpshufd	($D0,$D0,0b10001101);		# -> r^1:r^2:r^3:r^4
+	&vpshufd	($D1,$D1,0b10001101);
+	&vpshufd	($D2,$D2,0b10001101);
+	&vpshufd	($D3,$D3,0b10001101);
+	&vpshufd	($D4,$D4,0b10001101);
+
+	&vmovdqu	(&QWP(16*0,"edi"),$D0);		# save the table
+	&vmovdqu	(&QWP(16*1,"edi"),$D1);
+	&vmovdqu	(&QWP(16*2,"edi"),$D2);
+	&vmovdqu	(&QWP(16*3,"edi"),$D3);
+	&vmovdqu	(&QWP(16*4,"edi"),$D4);
+
+	&vpslld		($T1,$D1,2);
+	&vpslld		($T0,$D2,2);
+	&vpaddd		($T1,$T1,$D1);			# *5
+	&vpaddd		($T0,$T0,$D2);			# *5
+	&vmovdqu	(&QWP(16*5,"edi"),$T1);
+	&vmovdqu	(&QWP(16*6,"edi"),$T0);
+	&vpslld		($T1,$D3,2);
+	&vpslld		($T0,$D4,2);
+	&vpaddd		($T1,$T1,$D3);			# *5
+	&vpaddd		($T0,$T0,$D4);			# *5
+	&vmovdqu	(&QWP(16*7,"edi"),$T1);
+	&vmovdqu	(&QWP(16*8,"edi"),$T0);
+
+	&mov		("esp","ebp");
+	&lea		("edi",&DWP(-16*3,"edi"));	# size de-optimization
+	&ret		();
+&function_end_B("_poly1305_init_avx2");
+
+########################################################################
+# now it's time to switch to %ymm
+
+my ($D0,$D1,$D2,$D3,$D4,$T0,$T1,$T2)=map("ymm$_",(0..7));
+my $MASK=$T2;
+
+sub X { my $reg=shift; $reg=~s/^ymm/xmm/; $reg; }
+
+&align	(32);
+&function_begin("_poly1305_blocks_avx2");
+	&mov	("edi",&wparam(0));			# ctx
+	&mov	("esi",&wparam(1));			# inp
+	&mov	("ecx",&wparam(2));			# len
+
+	&mov	("eax",&DWP(4*5,"edi"));		# is_base2_26
+	&and	("ecx",-16);
+	&jz	(&label("nodata"));
+	&cmp	("ecx",64);
+	&jae	(&label("enter_avx2"));
+	&test	("eax","eax");				# is_base2_26?
+	&jz	(&label("enter_blocks"));
+
+&set_label("enter_avx2");
+	&vzeroupper	();
+
+	&call	(&label("pic_point"));
+&set_label("pic_point");
+	&blindpop("ebx");
+	&lea	("ebx",&DWP(&label("const_sse2")."-".&label("pic_point"),"ebx"));
+
+	&test	("eax","eax");				# is_base2_26?
+	&jnz	(&label("base2_26"));
+
+	&call	("_poly1305_init_avx2");
+
+	################################################# base 2^32 -> base 2^26
+	&mov	("eax",&DWP(0,"edi"));
+	&mov	("ecx",&DWP(3,"edi"));
+	&mov	("edx",&DWP(6,"edi"));
+	&mov	("esi",&DWP(9,"edi"));
+	&mov	("ebp",&DWP(13,"edi"));
+
+	&shr	("ecx",2);
+	&and	("eax",0x3ffffff);
+	&shr	("edx",4);
+	&and	("ecx",0x3ffffff);
+	&shr	("esi",6);
+	&and	("edx",0x3ffffff);
+
+	&mov	(&DWP(4*0,"edi"),"eax");
+	&mov	(&DWP(4*1,"edi"),"ecx");
+	&mov	(&DWP(4*2,"edi"),"edx");
+	&mov	(&DWP(4*3,"edi"),"esi");
+	&mov	(&DWP(4*4,"edi"),"ebp");
+	&mov	(&DWP(4*5,"edi"),1);			# is_base2_26
+
+	&mov	("esi",&wparam(1));			# [reload] inp
+	&mov	("ecx",&wparam(2));			# [reload] len
+
+&set_label("base2_26");
+	&mov	("eax",&wparam(3));			# padbit
+	&mov	("ebp","esp");
+
+	&sub	("esp",32*(5+9));
+	&and	("esp",-512);				# ensure that frame
+							# doesn't cross page
+							# boundary, which is
+							# essential for
+							# misaligned 32-byte
+							# loads
+
+	################################################################
+        # expand and copy pre-calculated table to stack
+
+	&vmovdqu	(&X($D0),&QWP(16*(3+0),"edi"));
+	&lea		("edx",&DWP(32*5+128,"esp"));	# +128 size optimization
+	&vmovdqu	(&X($D1),&QWP(16*(3+1),"edi"));
+	&vmovdqu	(&X($D2),&QWP(16*(3+2),"edi"));
+	&vmovdqu	(&X($D3),&QWP(16*(3+3),"edi"));
+	&vmovdqu	(&X($D4),&QWP(16*(3+4),"edi"));
+	&lea		("edi",&DWP(16*3,"edi"));	# size optimization
+	&vpermq		($D0,$D0,0b01000000);		# 00001234 -> 12343434
+	&vpermq		($D1,$D1,0b01000000);
+	&vpermq		($D2,$D2,0b01000000);
+	&vpermq		($D3,$D3,0b01000000);
+	&vpermq		($D4,$D4,0b01000000);
+	&vpshufd	($D0,$D0,0b11001000);		# 12343434 -> 14243444
+	&vpshufd	($D1,$D1,0b11001000);
+	&vpshufd	($D2,$D2,0b11001000);
+	&vpshufd	($D3,$D3,0b11001000);
+	&vpshufd	($D4,$D4,0b11001000);
+	&vmovdqa	(&QWP(32*0-128,"edx"),$D0);
+	&vmovdqu	(&X($D0),&QWP(16*5,"edi"));
+	&vmovdqa	(&QWP(32*1-128,"edx"),$D1);
+	&vmovdqu	(&X($D1),&QWP(16*6,"edi"));
+	&vmovdqa	(&QWP(32*2-128,"edx"),$D2);
+	&vmovdqu	(&X($D2),&QWP(16*7,"edi"));
+	&vmovdqa	(&QWP(32*3-128,"edx"),$D3);
+	&vmovdqu	(&X($D3),&QWP(16*8,"edi"));
+	&vmovdqa	(&QWP(32*4-128,"edx"),$D4);
+	&vpermq		($D0,$D0,0b01000000);
+	&vpermq		($D1,$D1,0b01000000);
+	&vpermq		($D2,$D2,0b01000000);
+	&vpermq		($D3,$D3,0b01000000);
+	&vpshufd	($D0,$D0,0b11001000);
+	&vpshufd	($D1,$D1,0b11001000);
+	&vpshufd	($D2,$D2,0b11001000);
+	&vpshufd	($D3,$D3,0b11001000);
+	&vmovdqa	(&QWP(32*5-128,"edx"),$D0);
+	&vmovd		(&X($D0),&DWP(-16*3+4*0,"edi"));# load hash value
+	&vmovdqa	(&QWP(32*6-128,"edx"),$D1);
+	&vmovd		(&X($D1),&DWP(-16*3+4*1,"edi"));
+	&vmovdqa	(&QWP(32*7-128,"edx"),$D2);
+	&vmovd		(&X($D2),&DWP(-16*3+4*2,"edi"));
+	&vmovdqa	(&QWP(32*8-128,"edx"),$D3);
+	&vmovd		(&X($D3),&DWP(-16*3+4*3,"edi"));
+	&vmovd		(&X($D4),&DWP(-16*3+4*4,"edi"));
+	&vmovdqa	($MASK,&QWP(64,"ebx"));
+	&neg		("eax");			# padbit
+
+	&test		("ecx",63);
+	&jz		(&label("even"));
+
+	&mov		("edx","ecx");
+	&and		("ecx",-64);
+	&and		("edx",63);
+
+	&vmovdqu	(&X($T0),&QWP(16*0,"esi"));
+	&cmp		("edx",32);
+	&jb		(&label("one"));
+
+	&vmovdqu	(&X($T1),&QWP(16*1,"esi"));
+	&je		(&label("two"));
+
+	&vinserti128	($T0,$T0,&QWP(16*2,"esi"),1);
+	&lea		("esi",&DWP(16*3,"esi"));
+	&lea		("ebx",&DWP(8,"ebx"));		# three padbits
+	&lea		("edx",&DWP(32*5+128+8,"esp"));	# --:r^1:r^2:r^3 (*)
+	&jmp		(&label("tail"));
+
+&set_label("two");
+	&lea		("esi",&DWP(16*2,"esi"));
+	&lea		("ebx",&DWP(16,"ebx"));		# two padbits
+	&lea		("edx",&DWP(32*5+128+16,"esp"));# --:--:r^1:r^2 (*)
+	&jmp		(&label("tail"));
+
+&set_label("one");
+	&lea		("esi",&DWP(16*1,"esi"));
+	&vpxor		($T1,$T1,$T1);
+	&lea		("ebx",&DWP(32,"ebx","eax",8));	# one or no padbits
+	&lea		("edx",&DWP(32*5+128+24,"esp"));# --:--:--:r^1 (*)
+	&jmp		(&label("tail"));
+
+# (*)	spots marked with '--' are data from next table entry, but they
+#	are multiplied by 0 and therefore rendered insignificant
+
+&set_label("even",32);
+	&vmovdqu	(&X($T0),&QWP(16*0,"esi"));	# load input
+	&vmovdqu	(&X($T1),&QWP(16*1,"esi"));
+	&vinserti128	($T0,$T0,&QWP(16*2,"esi"),1);
+	&vinserti128	($T1,$T1,&QWP(16*3,"esi"),1);
+	&lea		("esi",&DWP(16*4,"esi"));
+	&sub		("ecx",64);
+	&jz		(&label("tail"));
+
+&set_label("loop");
+	################################################################
+	# ((inp[0]*r^4+r[4])*r^4+r[8])*r^4
+	# ((inp[1]*r^4+r[5])*r^4+r[9])*r^3
+	# ((inp[2]*r^4+r[6])*r^4+r[10])*r^2
+	# ((inp[3]*r^4+r[7])*r^4+r[11])*r^1
+	#   \________/ \_______/
+	################################################################
+
+sub vsplat_input {
+	&vmovdqa	(&QWP(32*2,"esp"),$D2);
+	&vpsrldq	($D2,$T0,6);			# splat input
+	&vmovdqa	(&QWP(32*0,"esp"),$D0);
+	&vpsrldq	($D0,$T1,6);
+	&vmovdqa	(&QWP(32*1,"esp"),$D1);
+	&vpunpckhqdq	($D1,$T0,$T1);			# 4
+	&vpunpcklqdq	($T0,$T0,$T1);			# 0:1
+	&vpunpcklqdq	($D2,$D2,$D0);			# 2:3
+
+	&vpsrlq		($D0,$D2,30);
+	&vpsrlq		($D2,$D2,4);
+	&vpsrlq		($T1,$T0,26);
+	&vpsrlq		($D1,$D1,40);			# 4
+	&vpand		($D2,$D2,$MASK);		# 2
+	&vpand		($T0,$T0,$MASK);		# 0
+	&vpand		($T1,$T1,$MASK);		# 1
+	&vpand		($D0,$D0,$MASK);		# 3 (*)
+	&vpor		($D1,$D1,&QWP(0,"ebx"));	# padbit, yes, always
+
+	# (*)	note that output is counterintuitive, inp[3:4] is
+	#	returned in $D1-2, while $D3-4 are preserved;
+}
+	&vsplat_input	();
+
+sub vpmuladd {
+my $addr = shift;
+
+	&vpaddq		($D2,$D2,&QWP(32*2,"esp"));	# add hash value
+	&vpaddq		($T0,$T0,&QWP(32*0,"esp"));
+	&vpaddq		($T1,$T1,&QWP(32*1,"esp"));
+	&vpaddq		($D0,$D0,$D3);
+	&vpaddq		($D1,$D1,$D4);
+
+	################################################################
+	# d3 = h2*r1   + h0*r3 + h1*r2   + h3*r0   + h4*5*r4
+	# d4 = h2*r2   + h0*r4 + h1*r3   + h3*r1   + h4*r0
+	# d0 = h2*5*r3 + h0*r0 + h1*5*r4 + h3*5*r2 + h4*5*r1
+	# d1 = h2*5*r4 + h0*r1 + h1*r0   + h3*5*r3 + h4*5*r2
+	# d2 = h2*r0   + h0*r2 + h1*r1   + h3*5*r4 + h4*5*r3
+
+	&vpmuludq	($D3,$D2,&$addr(1));		# d3 = h2*r1
+	 &vmovdqa	(QWP(32*1,"esp"),$T1);
+	&vpmuludq	($D4,$D2,&$addr(2));		# d4 = h2*r2
+	 &vmovdqa	(QWP(32*3,"esp"),$D0);
+	&vpmuludq	($D0,$D2,&$addr(7));		# d0 = h2*s3
+	 &vmovdqa	(QWP(32*4,"esp"),$D1);
+	&vpmuludq	($D1,$D2,&$addr(8));		# d1 = h2*s4
+	&vpmuludq	($D2,$D2,&$addr(0));		# d2 = h2*r0
+
+	&vpmuludq	($T2,$T0,&$addr(3));		# h0*r3
+	&vpaddq		($D3,$D3,$T2);			# d3 += h0*r3
+	&vpmuludq	($T1,$T0,&$addr(4));		# h0*r4
+	&vpaddq		($D4,$D4,$T1);			# d4 + h0*r4
+	&vpmuludq	($T2,$T0,&$addr(0));		# h0*r0
+	&vpaddq		($D0,$D0,$T2);			# d0 + h0*r0
+	 &vmovdqa	($T2,&QWP(32*1,"esp"));		# h1
+	&vpmuludq	($T1,$T0,&$addr(1));		# h0*r1
+	&vpaddq		($D1,$D1,$T1);			# d1 += h0*r1
+	&vpmuludq	($T0,$T0,&$addr(2));		# h0*r2
+	&vpaddq		($D2,$D2,$T0);			# d2 += h0*r2
+
+	&vpmuludq	($T1,$T2,&$addr(2));		# h1*r2
+	&vpaddq		($D3,$D3,$T1);			# d3 += h1*r2
+	&vpmuludq	($T0,$T2,&$addr(3));		# h1*r3
+	&vpaddq		($D4,$D4,$T0);			# d4 += h1*r3
+	&vpmuludq	($T1,$T2,&$addr(8));		# h1*s4
+	&vpaddq		($D0,$D0,$T1);			# d0 += h1*s4
+	 &vmovdqa	($T1,&QWP(32*3,"esp"));		# h3
+	&vpmuludq	($T0,$T2,&$addr(0));		# h1*r0
+	&vpaddq		($D1,$D1,$T0);			# d1 += h1*r0
+	&vpmuludq	($T2,$T2,&$addr(1));		# h1*r1
+	&vpaddq		($D2,$D2,$T2);			# d2 += h1*r1
+
+	&vpmuludq	($T0,$T1,&$addr(0));		# h3*r0
+	&vpaddq		($D3,$D3,$T0);			# d3 += h3*r0
+	&vpmuludq	($T2,$T1,&$addr(1));		# h3*r1
+	&vpaddq		($D4,$D4,$T2);			# d4 += h3*r1
+	&vpmuludq	($T0,$T1,&$addr(6));		# h3*s2
+	&vpaddq		($D0,$D0,$T0);			# d0 += h3*s2
+	 &vmovdqa	($T0,&QWP(32*4,"esp"));		# h4
+	&vpmuludq	($T2,$T1,&$addr(7));		# h3*s3
+	&vpaddq		($D1,$D1,$T2);			# d1+= h3*s3
+	&vpmuludq	($T1,$T1,&$addr(8));		# h3*s4
+	&vpaddq		($D2,$D2,$T1);			# d2 += h3*s4
+
+	&vpmuludq	($T2,$T0,&$addr(8));		# h4*s4
+	&vpaddq		($D3,$D3,$T2);			# d3 += h4*s4
+	&vpmuludq	($T1,$T0,&$addr(5));		# h4*s1
+	&vpaddq		($D0,$D0,$T1);			# d0 += h4*s1
+	&vpmuludq	($T2,$T0,&$addr(0));		# h4*r0
+	&vpaddq		($D4,$D4,$T2);			# d4 += h4*r0
+	 &vmovdqa	($MASK,&QWP(64,"ebx"));
+	&vpmuludq	($T1,$T0,&$addr(6));		# h4*s2
+	&vpaddq		($D1,$D1,$T1);			# d1 += h4*s2
+	&vpmuludq	($T0,$T0,&$addr(7));		# h4*s3
+	&vpaddq		($D2,$D2,$T0);			# d2 += h4*s3
+}
+	&vpmuladd	(sub {	my $i=shift; &QWP(32*$i-128,"edx");	});
+
+sub vlazy_reduction {
+	################################################################
+	# lazy reduction
+
+	 &vpsrlq	($T0,$D3,26);
+	 &vpand		($D3,$D3,$MASK);
+	&vpsrlq		($T1,$D0,26);
+	&vpand		($D0,$D0,$MASK);
+	 &vpaddq	($D4,$D4,$T0);			# h3 -> h4
+	&vpaddq		($D1,$D1,$T1);			# h0 -> h1
+	 &vpsrlq	($T0,$D4,26);
+	 &vpand		($D4,$D4,$MASK);
+	&vpsrlq		($T1,$D1,26);
+	&vpand		($D1,$D1,$MASK);
+	&vpaddq		($D2,$D2,$T1);			# h1 -> h2
+	 &vpaddq	($D0,$D0,$T0);
+	 &vpsllq	($T0,$T0,2);
+	&vpsrlq		($T1,$D2,26);
+	&vpand		($D2,$D2,$MASK);
+	 &vpaddq	($D0,$D0,$T0);			# h4 -> h0
+	&vpaddq		($D3,$D3,$T1);			# h2 -> h3
+	&vpsrlq		($T1,$D3,26);
+	 &vpsrlq	($T0,$D0,26);
+	 &vpand		($D0,$D0,$MASK);
+	&vpand		($D3,$D3,$MASK);
+	 &vpaddq	($D1,$D1,$T0);			# h0 -> h1
+	&vpaddq		($D4,$D4,$T1);			# h3 -> h4
+}
+	&vlazy_reduction();
+
+	&vmovdqu	(&X($T0),&QWP(16*0,"esi"));	# load input
+	&vmovdqu	(&X($T1),&QWP(16*1,"esi"));
+	&vinserti128	($T0,$T0,&QWP(16*2,"esi"),1);
+	&vinserti128	($T1,$T1,&QWP(16*3,"esi"),1);
+	&lea		("esi",&DWP(16*4,"esi"));
+	&sub		("ecx",64);
+	&jnz		(&label("loop"));
+
+&set_label("tail");
+	&vsplat_input	();
+	&and		("ebx",-64);			# restore pointer
+
+	&vpmuladd	(sub {	my $i=shift; &QWP(4+32*$i-128,"edx");	});
+
+	################################################################
+	# horizontal addition
+
+	&vpsrldq	($T0,$D4,8);
+	&vpsrldq	($T1,$D3,8);
+	&vpaddq		($D4,$D4,$T0);
+	&vpsrldq	($T0,$D0,8);
+	&vpaddq		($D3,$D3,$T1);
+	&vpsrldq	($T1,$D1,8);
+	&vpaddq		($D0,$D0,$T0);
+	&vpsrldq	($T0,$D2,8);
+	&vpaddq		($D1,$D1,$T1);
+	&vpermq		($T1,$D4,2);			# keep folding
+	&vpaddq		($D2,$D2,$T0);
+	&vpermq		($T0,$D3,2);
+	&vpaddq		($D4,$D4,$T1);
+	&vpermq		($T1,$D0,2);
+	&vpaddq		($D3,$D3,$T0);
+	&vpermq		($T0,$D1,2);
+	&vpaddq		($D0,$D0,$T1);
+	&vpermq		($T1,$D2,2);
+	&vpaddq		($D1,$D1,$T0);
+	&vpaddq		($D2,$D2,$T1);
+
+	&vlazy_reduction();
+
+	&cmp		("ecx",0);
+	&je		(&label("done"));
+
+	################################################################
+	# clear all but single word
+
+	&vpshufd	(&X($D0),&X($D0),0b11111100);
+	&lea		("edx",&DWP(32*5+128,"esp"));	# restore pointer
+	&vpshufd	(&X($D1),&X($D1),0b11111100);
+	&vpshufd	(&X($D2),&X($D2),0b11111100);
+	&vpshufd	(&X($D3),&X($D3),0b11111100);
+	&vpshufd	(&X($D4),&X($D4),0b11111100);
+	&jmp		(&label("even"));
+
+&set_label("done",16);
+	&vmovd		(&DWP(-16*3+4*0,"edi"),&X($D0));# store hash value
+	&vmovd		(&DWP(-16*3+4*1,"edi"),&X($D1));
+	&vmovd		(&DWP(-16*3+4*2,"edi"),&X($D2));
+	&vmovd		(&DWP(-16*3+4*3,"edi"),&X($D3));
+	&vmovd		(&DWP(-16*3+4*4,"edi"),&X($D4));
+	&vzeroupper	();
+	&mov	("esp","ebp");
+&set_label("nodata");
+&function_end("_poly1305_blocks_avx2");
+}
+&set_label("const_sse2",64);
+	&data_word(1<<24,0,	1<<24,0,	1<<24,0,	1<<24,0);
+	&data_word(0,0,		0,0,		0,0,		0,0);
+	&data_word(0x03ffffff,0,0x03ffffff,0,	0x03ffffff,0,	0x03ffffff,0);
+	&data_word(0x0fffffff,0x0ffffffc,0x0ffffffc,0x0ffffffc);
+}
+&asciz	("Poly1305 for x86, CRYPTOGAMS by <appro\@openssl.org>");
+&align	(4);
+
+&asm_finish();
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-x86_64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-x86_64.pl
new file mode 100755
index 000000000..342ad7f18
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-x86_64.pl
@@ -0,0 +1,4159 @@
+#! /usr/bin/env perl
+# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# This module implements Poly1305 hash for x86_64.
+#
+# March 2015
+#
+# Initial release.
+#
+# December 2016
+#
+# Add AVX512F+VL+BW code path.
+#
+# November 2017
+#
+# Convert AVX512F+VL+BW code path to pure AVX512F, so that it can be
+# executed even on Knights Landing. Trigger for modification was
+# observation that AVX512 code paths can negatively affect overall
+# Skylake-X system performance. Since we are likely to suppress
+# AVX512F capability flag [at least on Skylake-X], conversion serves
+# as kind of "investment protection". Note that next *lake processor,
+# Cannolake, has AVX512IFMA code path to execute...
+#
+# Numbers are cycles per processed byte with poly1305_blocks alone,
+# measured with rdtsc at fixed clock frequency.
+#
+#		IALU/gcc-4.8(*)	AVX(**)		AVX2	AVX-512
+# P4		4.46/+120%	-
+# Core 2	2.41/+90%	-
+# Westmere	1.88/+120%	-
+# Sandy Bridge	1.39/+140%	1.10
+# Haswell	1.14/+175%	1.11		0.65
+# Skylake[-X]	1.13/+120%	0.96		0.51	[0.35]
+# Silvermont	2.83/+95%	-
+# Knights L	3.60/?		1.65		1.10	0.41(***)
+# Goldmont	1.70/+180%	-
+# VIA Nano	1.82/+150%	-
+# Sledgehammer	1.38/+160%	-
+# Bulldozer	2.30/+130%	0.97
+# Ryzen		1.15/+200%	1.08		1.18
+#
+# (*)	improvement coefficients relative to clang are more modest and
+#	are ~50% on most processors, in both cases we are comparing to
+#	__int128 code;
+# (**)	SSE2 implementation was attempted, but among non-AVX processors
+#	it was faster than integer-only code only on older Intel P4 and
+#	Core processors, 50-30%, less newer processor is, but slower on
+#	contemporary ones, for example almost 2x slower on Atom, and as
+#	former are naturally disappearing, SSE2 is deemed unnecessary;
+# (***)	strangely enough performance seems to vary from core to core,
+#	listed result is best case;
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+		=~ /GNU assembler version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.19) + ($1>=2.22) + ($1>=2.25) + ($1>=2.26);
+}
+
+if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
+	   `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)(?:\.([0-9]+))?/) {
+	$avx = ($1>=2.09) + ($1>=2.10) + 2 * ($1>=2.12);
+	$avx += 2 if ($1==2.11 && $2>=8);
+}
+
+if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
+	   `ml64 2>&1` =~ /Version ([0-9]+)\./) {
+	$avx = ($1>=10) + ($1>=12);
+}
+
+if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) {
+	$avx = ($2>=3.0) + ($2>3.0);
+}
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+my ($ctx,$inp,$len,$padbit)=("%rdi","%rsi","%rdx","%rcx");
+my ($mac,$nonce)=($inp,$len);	# *_emit arguments
+my ($d1,$d2,$d3, $r0,$r1,$s1)=map("%r$_",(8..13));
+my ($h0,$h1,$h2)=("%r14","%rbx","%rbp");
+
+sub poly1305_iteration {
+# input:	copy of $r1 in %rax, $h0-$h2, $r0-$r1
+# output:	$h0-$h2 *= $r0-$r1
+$code.=<<___;
+	mulq	$h0			# h0*r1
+	mov	%rax,$d2
+	 mov	$r0,%rax
+	mov	%rdx,$d3
+
+	mulq	$h0			# h0*r0
+	mov	%rax,$h0		# future $h0
+	 mov	$r0,%rax
+	mov	%rdx,$d1
+
+	mulq	$h1			# h1*r0
+	add	%rax,$d2
+	 mov	$s1,%rax
+	adc	%rdx,$d3
+
+	mulq	$h1			# h1*s1
+	 mov	$h2,$h1			# borrow $h1
+	add	%rax,$h0
+	adc	%rdx,$d1
+
+	imulq	$s1,$h1			# h2*s1
+	add	$h1,$d2
+	 mov	$d1,$h1
+	adc	\$0,$d3
+
+	imulq	$r0,$h2			# h2*r0
+	add	$d2,$h1
+	mov	\$-4,%rax		# mask value
+	adc	$h2,$d3
+
+	and	$d3,%rax		# last reduction step
+	mov	$d3,$h2
+	shr	\$2,$d3
+	and	\$3,$h2
+	add	$d3,%rax
+	add	%rax,$h0
+	adc	\$0,$h1
+	adc	\$0,$h2
+___
+}
+
+########################################################################
+# Layout of opaque area is following.
+#
+#	unsigned __int64 h[3];		# current hash value base 2^64
+#	unsigned __int64 r[2];		# key value base 2^64
+
+$code.=<<___;
+.text
+
+.extern	OPENSSL_ia32cap_P
+
+.globl	poly1305_init
+.hidden	poly1305_init
+.globl	poly1305_blocks
+.hidden	poly1305_blocks
+.globl	poly1305_emit
+.hidden	poly1305_emit
+
+.type	poly1305_init,\@function,3
+.align	32
+poly1305_init:
+	xor	%rax,%rax
+	mov	%rax,0($ctx)		# initialize hash value
+	mov	%rax,8($ctx)
+	mov	%rax,16($ctx)
+
+	cmp	\$0,$inp
+	je	.Lno_key
+
+	lea	poly1305_blocks(%rip),%r10
+	lea	poly1305_emit(%rip),%r11
+___
+$code.=<<___	if ($avx);
+	mov	OPENSSL_ia32cap_P+4(%rip),%r9
+	lea	poly1305_blocks_avx(%rip),%rax
+	lea	poly1305_emit_avx(%rip),%rcx
+	bt	\$`60-32`,%r9		# AVX?
+	cmovc	%rax,%r10
+	cmovc	%rcx,%r11
+___
+$code.=<<___	if ($avx>1);
+	lea	poly1305_blocks_avx2(%rip),%rax
+	bt	\$`5+32`,%r9		# AVX2?
+	cmovc	%rax,%r10
+___
+$code.=<<___	if ($avx>3);
+	mov	\$`(1<<31|1<<21|1<<16)`,%rax
+	shr	\$32,%r9
+	and	%rax,%r9
+	cmp	%rax,%r9
+	je	.Linit_base2_44
+___
+$code.=<<___;
+	mov	\$0x0ffffffc0fffffff,%rax
+	mov	\$0x0ffffffc0ffffffc,%rcx
+	and	0($inp),%rax
+	and	8($inp),%rcx
+	mov	%rax,24($ctx)
+	mov	%rcx,32($ctx)
+___
+$code.=<<___	if ($flavour !~ /elf32/);
+	mov	%r10,0(%rdx)
+	mov	%r11,8(%rdx)
+___
+$code.=<<___	if ($flavour =~ /elf32/);
+	mov	%r10d,0(%rdx)
+	mov	%r11d,4(%rdx)
+___
+$code.=<<___;
+	mov	\$1,%eax
+.Lno_key:
+	ret
+.size	poly1305_init,.-poly1305_init
+
+.type	poly1305_blocks,\@function,4
+.align	32
+poly1305_blocks:
+.cfi_startproc
+.Lblocks:
+	shr	\$4,$len
+	jz	.Lno_data		# too short
+
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+.Lblocks_body:
+
+	mov	$len,%r15		# reassign $len
+
+	mov	24($ctx),$r0		# load r
+	mov	32($ctx),$s1
+
+	mov	0($ctx),$h0		# load hash value
+	mov	8($ctx),$h1
+	mov	16($ctx),$h2
+
+	mov	$s1,$r1
+	shr	\$2,$s1
+	mov	$r1,%rax
+	add	$r1,$s1			# s1 = r1 + (r1 >> 2)
+	jmp	.Loop
+
+.align	32
+.Loop:
+	add	0($inp),$h0		# accumulate input
+	adc	8($inp),$h1
+	lea	16($inp),$inp
+	adc	$padbit,$h2
+___
+	&poly1305_iteration();
+$code.=<<___;
+	mov	$r1,%rax
+	dec	%r15			# len-=16
+	jnz	.Loop
+
+	mov	$h0,0($ctx)		# store hash value
+	mov	$h1,8($ctx)
+	mov	$h2,16($ctx)
+
+	mov	0(%rsp),%r15
+.cfi_restore	%r15
+	mov	8(%rsp),%r14
+.cfi_restore	%r14
+	mov	16(%rsp),%r13
+.cfi_restore	%r13
+	mov	24(%rsp),%r12
+.cfi_restore	%r12
+	mov	32(%rsp),%rbp
+.cfi_restore	%rbp
+	mov	40(%rsp),%rbx
+.cfi_restore	%rbx
+	lea	48(%rsp),%rsp
+.cfi_adjust_cfa_offset	-48
+.Lno_data:
+.Lblocks_epilogue:
+	ret
+.cfi_endproc
+.size	poly1305_blocks,.-poly1305_blocks
+
+.type	poly1305_emit,\@function,3
+.align	32
+poly1305_emit:
+.Lemit:
+	mov	0($ctx),%r8	# load hash value
+	mov	8($ctx),%r9
+	mov	16($ctx),%r10
+
+	mov	%r8,%rax
+	add	\$5,%r8		# compare to modulus
+	mov	%r9,%rcx
+	adc	\$0,%r9
+	adc	\$0,%r10
+	shr	\$2,%r10	# did 130-bit value overflow?
+	cmovnz	%r8,%rax
+	cmovnz	%r9,%rcx
+
+	add	0($nonce),%rax	# accumulate nonce
+	adc	8($nonce),%rcx
+	mov	%rax,0($mac)	# write result
+	mov	%rcx,8($mac)
+
+	ret
+.size	poly1305_emit,.-poly1305_emit
+___
+if ($avx) {
+
+########################################################################
+# Layout of opaque area is following.
+#
+#	unsigned __int32 h[5];		# current hash value base 2^26
+#	unsigned __int32 is_base2_26;
+#	unsigned __int64 r[2];		# key value base 2^64
+#	unsigned __int64 pad;
+#	struct { unsigned __int32 r^2, r^1, r^4, r^3; } r[9];
+#
+# where r^n are base 2^26 digits of degrees of multiplier key. There are
+# 5 digits, but last four are interleaved with multiples of 5, totalling
+# in 9 elements: r0, r1, 5*r1, r2, 5*r2, r3, 5*r3, r4, 5*r4.
+
+my ($H0,$H1,$H2,$H3,$H4, $T0,$T1,$T2,$T3,$T4, $D0,$D1,$D2,$D3,$D4, $MASK) =
+    map("%xmm$_",(0..15));
+
+$code.=<<___;
+.type	__poly1305_block,\@abi-omnipotent
+.align	32
+__poly1305_block:
+___
+	&poly1305_iteration();
+$code.=<<___;
+	ret
+.size	__poly1305_block,.-__poly1305_block
+
+.type	__poly1305_init_avx,\@abi-omnipotent
+.align	32
+__poly1305_init_avx:
+	mov	$r0,$h0
+	mov	$r1,$h1
+	xor	$h2,$h2
+
+	lea	48+64($ctx),$ctx	# size optimization
+
+	mov	$r1,%rax
+	call	__poly1305_block	# r^2
+
+	mov	\$0x3ffffff,%eax	# save interleaved r^2 and r base 2^26
+	mov	\$0x3ffffff,%edx
+	mov	$h0,$d1
+	and	$h0#d,%eax
+	mov	$r0,$d2
+	and	$r0#d,%edx
+	mov	%eax,`16*0+0-64`($ctx)
+	shr	\$26,$d1
+	mov	%edx,`16*0+4-64`($ctx)
+	shr	\$26,$d2
+
+	mov	\$0x3ffffff,%eax
+	mov	\$0x3ffffff,%edx
+	and	$d1#d,%eax
+	and	$d2#d,%edx
+	mov	%eax,`16*1+0-64`($ctx)
+	lea	(%rax,%rax,4),%eax	# *5
+	mov	%edx,`16*1+4-64`($ctx)
+	lea	(%rdx,%rdx,4),%edx	# *5
+	mov	%eax,`16*2+0-64`($ctx)
+	shr	\$26,$d1
+	mov	%edx,`16*2+4-64`($ctx)
+	shr	\$26,$d2
+
+	mov	$h1,%rax
+	mov	$r1,%rdx
+	shl	\$12,%rax
+	shl	\$12,%rdx
+	or	$d1,%rax
+	or	$d2,%rdx
+	and	\$0x3ffffff,%eax
+	and	\$0x3ffffff,%edx
+	mov	%eax,`16*3+0-64`($ctx)
+	lea	(%rax,%rax,4),%eax	# *5
+	mov	%edx,`16*3+4-64`($ctx)
+	lea	(%rdx,%rdx,4),%edx	# *5
+	mov	%eax,`16*4+0-64`($ctx)
+	mov	$h1,$d1
+	mov	%edx,`16*4+4-64`($ctx)
+	mov	$r1,$d2
+
+	mov	\$0x3ffffff,%eax
+	mov	\$0x3ffffff,%edx
+	shr	\$14,$d1
+	shr	\$14,$d2
+	and	$d1#d,%eax
+	and	$d2#d,%edx
+	mov	%eax,`16*5+0-64`($ctx)
+	lea	(%rax,%rax,4),%eax	# *5
+	mov	%edx,`16*5+4-64`($ctx)
+	lea	(%rdx,%rdx,4),%edx	# *5
+	mov	%eax,`16*6+0-64`($ctx)
+	shr	\$26,$d1
+	mov	%edx,`16*6+4-64`($ctx)
+	shr	\$26,$d2
+
+	mov	$h2,%rax
+	shl	\$24,%rax
+	or	%rax,$d1
+	mov	$d1#d,`16*7+0-64`($ctx)
+	lea	($d1,$d1,4),$d1		# *5
+	mov	$d2#d,`16*7+4-64`($ctx)
+	lea	($d2,$d2,4),$d2		# *5
+	mov	$d1#d,`16*8+0-64`($ctx)
+	mov	$d2#d,`16*8+4-64`($ctx)
+
+	mov	$r1,%rax
+	call	__poly1305_block	# r^3
+
+	mov	\$0x3ffffff,%eax	# save r^3 base 2^26
+	mov	$h0,$d1
+	and	$h0#d,%eax
+	shr	\$26,$d1
+	mov	%eax,`16*0+12-64`($ctx)
+
+	mov	\$0x3ffffff,%edx
+	and	$d1#d,%edx
+	mov	%edx,`16*1+12-64`($ctx)
+	lea	(%rdx,%rdx,4),%edx	# *5
+	shr	\$26,$d1
+	mov	%edx,`16*2+12-64`($ctx)
+
+	mov	$h1,%rax
+	shl	\$12,%rax
+	or	$d1,%rax
+	and	\$0x3ffffff,%eax
+	mov	%eax,`16*3+12-64`($ctx)
+	lea	(%rax,%rax,4),%eax	# *5
+	mov	$h1,$d1
+	mov	%eax,`16*4+12-64`($ctx)
+
+	mov	\$0x3ffffff,%edx
+	shr	\$14,$d1
+	and	$d1#d,%edx
+	mov	%edx,`16*5+12-64`($ctx)
+	lea	(%rdx,%rdx,4),%edx	# *5
+	shr	\$26,$d1
+	mov	%edx,`16*6+12-64`($ctx)
+
+	mov	$h2,%rax
+	shl	\$24,%rax
+	or	%rax,$d1
+	mov	$d1#d,`16*7+12-64`($ctx)
+	lea	($d1,$d1,4),$d1		# *5
+	mov	$d1#d,`16*8+12-64`($ctx)
+
+	mov	$r1,%rax
+	call	__poly1305_block	# r^4
+
+	mov	\$0x3ffffff,%eax	# save r^4 base 2^26
+	mov	$h0,$d1
+	and	$h0#d,%eax
+	shr	\$26,$d1
+	mov	%eax,`16*0+8-64`($ctx)
+
+	mov	\$0x3ffffff,%edx
+	and	$d1#d,%edx
+	mov	%edx,`16*1+8-64`($ctx)
+	lea	(%rdx,%rdx,4),%edx	# *5
+	shr	\$26,$d1
+	mov	%edx,`16*2+8-64`($ctx)
+
+	mov	$h1,%rax
+	shl	\$12,%rax
+	or	$d1,%rax
+	and	\$0x3ffffff,%eax
+	mov	%eax,`16*3+8-64`($ctx)
+	lea	(%rax,%rax,4),%eax	# *5
+	mov	$h1,$d1
+	mov	%eax,`16*4+8-64`($ctx)
+
+	mov	\$0x3ffffff,%edx
+	shr	\$14,$d1
+	and	$d1#d,%edx
+	mov	%edx,`16*5+8-64`($ctx)
+	lea	(%rdx,%rdx,4),%edx	# *5
+	shr	\$26,$d1
+	mov	%edx,`16*6+8-64`($ctx)
+
+	mov	$h2,%rax
+	shl	\$24,%rax
+	or	%rax,$d1
+	mov	$d1#d,`16*7+8-64`($ctx)
+	lea	($d1,$d1,4),$d1		# *5
+	mov	$d1#d,`16*8+8-64`($ctx)
+
+	lea	-48-64($ctx),$ctx	# size [de-]optimization
+	ret
+.size	__poly1305_init_avx,.-__poly1305_init_avx
+
+.type	poly1305_blocks_avx,\@function,4
+.align	32
+poly1305_blocks_avx:
+.cfi_startproc
+	mov	20($ctx),%r8d		# is_base2_26
+	cmp	\$128,$len
+	jae	.Lblocks_avx
+	test	%r8d,%r8d
+	jz	.Lblocks
+
+.Lblocks_avx:
+	and	\$-16,$len
+	jz	.Lno_data_avx
+
+	vzeroupper
+
+	test	%r8d,%r8d
+	jz	.Lbase2_64_avx
+
+	test	\$31,$len
+	jz	.Leven_avx
+
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+.Lblocks_avx_body:
+
+	mov	$len,%r15		# reassign $len
+
+	mov	0($ctx),$d1		# load hash value
+	mov	8($ctx),$d2
+	mov	16($ctx),$h2#d
+
+	mov	24($ctx),$r0		# load r
+	mov	32($ctx),$s1
+
+	################################# base 2^26 -> base 2^64
+	mov	$d1#d,$h0#d
+	and	\$`-1*(1<<31)`,$d1
+	mov	$d2,$r1			# borrow $r1
+	mov	$d2#d,$h1#d
+	and	\$`-1*(1<<31)`,$d2
+
+	shr	\$6,$d1
+	shl	\$52,$r1
+	add	$d1,$h0
+	shr	\$12,$h1
+	shr	\$18,$d2
+	add	$r1,$h0
+	adc	$d2,$h1
+
+	mov	$h2,$d1
+	shl	\$40,$d1
+	shr	\$24,$h2
+	add	$d1,$h1
+	adc	\$0,$h2			# can be partially reduced...
+
+	mov	\$-4,$d2		# ... so reduce
+	mov	$h2,$d1
+	and	$h2,$d2
+	shr	\$2,$d1
+	and	\$3,$h2
+	add	$d2,$d1			# =*5
+	add	$d1,$h0
+	adc	\$0,$h1
+	adc	\$0,$h2
+
+	mov	$s1,$r1
+	mov	$s1,%rax
+	shr	\$2,$s1
+	add	$r1,$s1			# s1 = r1 + (r1 >> 2)
+
+	add	0($inp),$h0		# accumulate input
+	adc	8($inp),$h1
+	lea	16($inp),$inp
+	adc	$padbit,$h2
+
+	call	__poly1305_block
+
+	test	$padbit,$padbit		# if $padbit is zero,
+	jz	.Lstore_base2_64_avx	# store hash in base 2^64 format
+
+	################################# base 2^64 -> base 2^26
+	mov	$h0,%rax
+	mov	$h0,%rdx
+	shr	\$52,$h0
+	mov	$h1,$r0
+	mov	$h1,$r1
+	shr	\$26,%rdx
+	and	\$0x3ffffff,%rax	# h[0]
+	shl	\$12,$r0
+	and	\$0x3ffffff,%rdx	# h[1]
+	shr	\$14,$h1
+	or	$r0,$h0
+	shl	\$24,$h2
+	and	\$0x3ffffff,$h0		# h[2]
+	shr	\$40,$r1
+	and	\$0x3ffffff,$h1		# h[3]
+	or	$r1,$h2			# h[4]
+
+	sub	\$16,%r15
+	jz	.Lstore_base2_26_avx
+
+	vmovd	%rax#d,$H0
+	vmovd	%rdx#d,$H1
+	vmovd	$h0#d,$H2
+	vmovd	$h1#d,$H3
+	vmovd	$h2#d,$H4
+	jmp	.Lproceed_avx
+
+.align	32
+.Lstore_base2_64_avx:
+	mov	$h0,0($ctx)
+	mov	$h1,8($ctx)
+	mov	$h2,16($ctx)		# note that is_base2_26 is zeroed
+	jmp	.Ldone_avx
+
+.align	16
+.Lstore_base2_26_avx:
+	mov	%rax#d,0($ctx)		# store hash value base 2^26
+	mov	%rdx#d,4($ctx)
+	mov	$h0#d,8($ctx)
+	mov	$h1#d,12($ctx)
+	mov	$h2#d,16($ctx)
+.align	16
+.Ldone_avx:
+	mov	0(%rsp),%r15
+.cfi_restore	%r15
+	mov	8(%rsp),%r14
+.cfi_restore	%r14
+	mov	16(%rsp),%r13
+.cfi_restore	%r13
+	mov	24(%rsp),%r12
+.cfi_restore	%r12
+	mov	32(%rsp),%rbp
+.cfi_restore	%rbp
+	mov	40(%rsp),%rbx
+.cfi_restore	%rbx
+	lea	48(%rsp),%rsp
+.cfi_adjust_cfa_offset	-48
+.Lno_data_avx:
+.Lblocks_avx_epilogue:
+	ret
+.cfi_endproc
+
+.align	32
+.Lbase2_64_avx:
+.cfi_startproc
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+.Lbase2_64_avx_body:
+
+	mov	$len,%r15		# reassign $len
+
+	mov	24($ctx),$r0		# load r
+	mov	32($ctx),$s1
+
+	mov	0($ctx),$h0		# load hash value
+	mov	8($ctx),$h1
+	mov	16($ctx),$h2#d
+
+	mov	$s1,$r1
+	mov	$s1,%rax
+	shr	\$2,$s1
+	add	$r1,$s1			# s1 = r1 + (r1 >> 2)
+
+	test	\$31,$len
+	jz	.Linit_avx
+
+	add	0($inp),$h0		# accumulate input
+	adc	8($inp),$h1
+	lea	16($inp),$inp
+	adc	$padbit,$h2
+	sub	\$16,%r15
+
+	call	__poly1305_block
+
+.Linit_avx:
+	################################# base 2^64 -> base 2^26
+	mov	$h0,%rax
+	mov	$h0,%rdx
+	shr	\$52,$h0
+	mov	$h1,$d1
+	mov	$h1,$d2
+	shr	\$26,%rdx
+	and	\$0x3ffffff,%rax	# h[0]
+	shl	\$12,$d1
+	and	\$0x3ffffff,%rdx	# h[1]
+	shr	\$14,$h1
+	or	$d1,$h0
+	shl	\$24,$h2
+	and	\$0x3ffffff,$h0		# h[2]
+	shr	\$40,$d2
+	and	\$0x3ffffff,$h1		# h[3]
+	or	$d2,$h2			# h[4]
+
+	vmovd	%rax#d,$H0
+	vmovd	%rdx#d,$H1
+	vmovd	$h0#d,$H2
+	vmovd	$h1#d,$H3
+	vmovd	$h2#d,$H4
+	movl	\$1,20($ctx)		# set is_base2_26
+
+	call	__poly1305_init_avx
+
+.Lproceed_avx:
+	mov	%r15,$len
+
+	mov	0(%rsp),%r15
+.cfi_restore	%r15
+	mov	8(%rsp),%r14
+.cfi_restore	%r14
+	mov	16(%rsp),%r13
+.cfi_restore	%r13
+	mov	24(%rsp),%r12
+.cfi_restore	%r12
+	mov	32(%rsp),%rbp
+.cfi_restore	%rbp
+	mov	40(%rsp),%rbx
+.cfi_restore	%rbx
+	lea	48(%rsp),%rax
+	lea	48(%rsp),%rsp
+.cfi_adjust_cfa_offset	-48
+.Lbase2_64_avx_epilogue:
+	jmp	.Ldo_avx
+.cfi_endproc
+
+.align	32
+.Leven_avx:
+.cfi_startproc
+	vmovd		4*0($ctx),$H0		# load hash value
+	vmovd		4*1($ctx),$H1
+	vmovd		4*2($ctx),$H2
+	vmovd		4*3($ctx),$H3
+	vmovd		4*4($ctx),$H4
+
+.Ldo_avx:
+___
+$code.=<<___	if (!$win64);
+	lea		-0x58(%rsp),%r11
+.cfi_def_cfa		%r11,0x60
+	sub		\$0x178,%rsp
+___
+$code.=<<___	if ($win64);
+	lea		-0xf8(%rsp),%r11
+	sub		\$0x218,%rsp
+	vmovdqa		%xmm6,0x50(%r11)
+	vmovdqa		%xmm7,0x60(%r11)
+	vmovdqa		%xmm8,0x70(%r11)
+	vmovdqa		%xmm9,0x80(%r11)
+	vmovdqa		%xmm10,0x90(%r11)
+	vmovdqa		%xmm11,0xa0(%r11)
+	vmovdqa		%xmm12,0xb0(%r11)
+	vmovdqa		%xmm13,0xc0(%r11)
+	vmovdqa		%xmm14,0xd0(%r11)
+	vmovdqa		%xmm15,0xe0(%r11)
+.Ldo_avx_body:
+___
+$code.=<<___;
+	sub		\$64,$len
+	lea		-32($inp),%rax
+	cmovc		%rax,$inp
+
+	vmovdqu		`16*3`($ctx),$D4	# preload r0^2
+	lea		`16*3+64`($ctx),$ctx	# size optimization
+	lea		.Lconst(%rip),%rcx
+
+	################################################################
+	# load input
+	vmovdqu		16*2($inp),$T0
+	vmovdqu		16*3($inp),$T1
+	vmovdqa		64(%rcx),$MASK		# .Lmask26
+
+	vpsrldq		\$6,$T0,$T2		# splat input
+	vpsrldq		\$6,$T1,$T3
+	vpunpckhqdq	$T1,$T0,$T4		# 4
+	vpunpcklqdq	$T1,$T0,$T0		# 0:1
+	vpunpcklqdq	$T3,$T2,$T3		# 2:3
+
+	vpsrlq		\$40,$T4,$T4		# 4
+	vpsrlq		\$26,$T0,$T1
+	vpand		$MASK,$T0,$T0		# 0
+	vpsrlq		\$4,$T3,$T2
+	vpand		$MASK,$T1,$T1		# 1
+	vpsrlq		\$30,$T3,$T3
+	vpand		$MASK,$T2,$T2		# 2
+	vpand		$MASK,$T3,$T3		# 3
+	vpor		32(%rcx),$T4,$T4	# padbit, yes, always
+
+	jbe		.Lskip_loop_avx
+
+	# expand and copy pre-calculated table to stack
+	vmovdqu		`16*1-64`($ctx),$D1
+	vmovdqu		`16*2-64`($ctx),$D2
+	vpshufd		\$0xEE,$D4,$D3		# 34xx -> 3434
+	vpshufd		\$0x44,$D4,$D0		# xx12 -> 1212
+	vmovdqa		$D3,-0x90(%r11)
+	vmovdqa		$D0,0x00(%rsp)
+	vpshufd		\$0xEE,$D1,$D4
+	vmovdqu		`16*3-64`($ctx),$D0
+	vpshufd		\$0x44,$D1,$D1
+	vmovdqa		$D4,-0x80(%r11)
+	vmovdqa		$D1,0x10(%rsp)
+	vpshufd		\$0xEE,$D2,$D3
+	vmovdqu		`16*4-64`($ctx),$D1
+	vpshufd		\$0x44,$D2,$D2
+	vmovdqa		$D3,-0x70(%r11)
+	vmovdqa		$D2,0x20(%rsp)
+	vpshufd		\$0xEE,$D0,$D4
+	vmovdqu		`16*5-64`($ctx),$D2
+	vpshufd		\$0x44,$D0,$D0
+	vmovdqa		$D4,-0x60(%r11)
+	vmovdqa		$D0,0x30(%rsp)
+	vpshufd		\$0xEE,$D1,$D3
+	vmovdqu		`16*6-64`($ctx),$D0
+	vpshufd		\$0x44,$D1,$D1
+	vmovdqa		$D3,-0x50(%r11)
+	vmovdqa		$D1,0x40(%rsp)
+	vpshufd		\$0xEE,$D2,$D4
+	vmovdqu		`16*7-64`($ctx),$D1
+	vpshufd		\$0x44,$D2,$D2
+	vmovdqa		$D4,-0x40(%r11)
+	vmovdqa		$D2,0x50(%rsp)
+	vpshufd		\$0xEE,$D0,$D3
+	vmovdqu		`16*8-64`($ctx),$D2
+	vpshufd		\$0x44,$D0,$D0
+	vmovdqa		$D3,-0x30(%r11)
+	vmovdqa		$D0,0x60(%rsp)
+	vpshufd		\$0xEE,$D1,$D4
+	vpshufd		\$0x44,$D1,$D1
+	vmovdqa		$D4,-0x20(%r11)
+	vmovdqa		$D1,0x70(%rsp)
+	vpshufd		\$0xEE,$D2,$D3
+	 vmovdqa	0x00(%rsp),$D4		# preload r0^2
+	vpshufd		\$0x44,$D2,$D2
+	vmovdqa		$D3,-0x10(%r11)
+	vmovdqa		$D2,0x80(%rsp)
+
+	jmp		.Loop_avx
+
+.align	32
+.Loop_avx:
+	################################################################
+	# ((inp[0]*r^4+inp[2]*r^2+inp[4])*r^4+inp[6]*r^2
+	# ((inp[1]*r^4+inp[3]*r^2+inp[5])*r^3+inp[7]*r
+	#   \___________________/
+	# ((inp[0]*r^4+inp[2]*r^2+inp[4])*r^4+inp[6]*r^2+inp[8])*r^2
+	# ((inp[1]*r^4+inp[3]*r^2+inp[5])*r^4+inp[7]*r^2+inp[9])*r
+	#   \___________________/ \____________________/
+	#
+	# Note that we start with inp[2:3]*r^2. This is because it
+	# doesn't depend on reduction in previous iteration.
+	################################################################
+	# d4 = h4*r0 + h3*r1   + h2*r2   + h1*r3   + h0*r4
+	# d3 = h3*r0 + h2*r1   + h1*r2   + h0*r3   + h4*5*r4
+	# d2 = h2*r0 + h1*r1   + h0*r2   + h4*5*r3 + h3*5*r4
+	# d1 = h1*r0 + h0*r1   + h4*5*r2 + h3*5*r3 + h2*5*r4
+	# d0 = h0*r0 + h4*5*r1 + h3*5*r2 + h2*5*r3 + h1*5*r4
+	#
+	# though note that $Tx and $Hx are "reversed" in this section,
+	# and $D4 is preloaded with r0^2...
+
+	vpmuludq	$T0,$D4,$D0		# d0 = h0*r0
+	vpmuludq	$T1,$D4,$D1		# d1 = h1*r0
+	  vmovdqa	$H2,0x20(%r11)				# offload hash
+	vpmuludq	$T2,$D4,$D2		# d3 = h2*r0
+	 vmovdqa	0x10(%rsp),$H2		# r1^2
+	vpmuludq	$T3,$D4,$D3		# d3 = h3*r0
+	vpmuludq	$T4,$D4,$D4		# d4 = h4*r0
+
+	  vmovdqa	$H0,0x00(%r11)				#
+	vpmuludq	0x20(%rsp),$T4,$H0	# h4*s1
+	  vmovdqa	$H1,0x10(%r11)				#
+	vpmuludq	$T3,$H2,$H1		# h3*r1
+	vpaddq		$H0,$D0,$D0		# d0 += h4*s1
+	vpaddq		$H1,$D4,$D4		# d4 += h3*r1
+	  vmovdqa	$H3,0x30(%r11)				#
+	vpmuludq	$T2,$H2,$H0		# h2*r1
+	vpmuludq	$T1,$H2,$H1		# h1*r1
+	vpaddq		$H0,$D3,$D3		# d3 += h2*r1
+	 vmovdqa	0x30(%rsp),$H3		# r2^2
+	vpaddq		$H1,$D2,$D2		# d2 += h1*r1
+	  vmovdqa	$H4,0x40(%r11)				#
+	vpmuludq	$T0,$H2,$H2		# h0*r1
+	 vpmuludq	$T2,$H3,$H0		# h2*r2
+	vpaddq		$H2,$D1,$D1		# d1 += h0*r1
+
+	 vmovdqa	0x40(%rsp),$H4		# s2^2
+	vpaddq		$H0,$D4,$D4		# d4 += h2*r2
+	vpmuludq	$T1,$H3,$H1		# h1*r2
+	vpmuludq	$T0,$H3,$H3		# h0*r2
+	vpaddq		$H1,$D3,$D3		# d3 += h1*r2
+	 vmovdqa	0x50(%rsp),$H2		# r3^2
+	vpaddq		$H3,$D2,$D2		# d2 += h0*r2
+	vpmuludq	$T4,$H4,$H0		# h4*s2
+	vpmuludq	$T3,$H4,$H4		# h3*s2
+	vpaddq		$H0,$D1,$D1		# d1 += h4*s2
+	 vmovdqa	0x60(%rsp),$H3		# s3^2
+	vpaddq		$H4,$D0,$D0		# d0 += h3*s2
+
+	 vmovdqa	0x80(%rsp),$H4		# s4^2
+	vpmuludq	$T1,$H2,$H1		# h1*r3
+	vpmuludq	$T0,$H2,$H2		# h0*r3
+	vpaddq		$H1,$D4,$D4		# d4 += h1*r3
+	vpaddq		$H2,$D3,$D3		# d3 += h0*r3
+	vpmuludq	$T4,$H3,$H0		# h4*s3
+	vpmuludq	$T3,$H3,$H1		# h3*s3
+	vpaddq		$H0,$D2,$D2		# d2 += h4*s3
+	 vmovdqu	16*0($inp),$H0				# load input
+	vpaddq		$H1,$D1,$D1		# d1 += h3*s3
+	vpmuludq	$T2,$H3,$H3		# h2*s3
+	 vpmuludq	$T2,$H4,$T2		# h2*s4
+	vpaddq		$H3,$D0,$D0		# d0 += h2*s3
+
+	 vmovdqu	16*1($inp),$H1				#
+	vpaddq		$T2,$D1,$D1		# d1 += h2*s4
+	vpmuludq	$T3,$H4,$T3		# h3*s4
+	vpmuludq	$T4,$H4,$T4		# h4*s4
+	 vpsrldq	\$6,$H0,$H2				# splat input
+	vpaddq		$T3,$D2,$D2		# d2 += h3*s4
+	vpaddq		$T4,$D3,$D3		# d3 += h4*s4
+	 vpsrldq	\$6,$H1,$H3				#
+	vpmuludq	0x70(%rsp),$T0,$T4	# h0*r4
+	vpmuludq	$T1,$H4,$T0		# h1*s4
+	 vpunpckhqdq	$H1,$H0,$H4		# 4
+	vpaddq		$T4,$D4,$D4		# d4 += h0*r4
+	 vmovdqa	-0x90(%r11),$T4		# r0^4
+	vpaddq		$T0,$D0,$D0		# d0 += h1*s4
+
+	vpunpcklqdq	$H1,$H0,$H0		# 0:1
+	vpunpcklqdq	$H3,$H2,$H3		# 2:3
+
+	#vpsrlq		\$40,$H4,$H4		# 4
+	vpsrldq		\$`40/8`,$H4,$H4	# 4
+	vpsrlq		\$26,$H0,$H1
+	vpand		$MASK,$H0,$H0		# 0
+	vpsrlq		\$4,$H3,$H2
+	vpand		$MASK,$H1,$H1		# 1
+	vpand		0(%rcx),$H4,$H4		# .Lmask24
+	vpsrlq		\$30,$H3,$H3
+	vpand		$MASK,$H2,$H2		# 2
+	vpand		$MASK,$H3,$H3		# 3
+	vpor		32(%rcx),$H4,$H4	# padbit, yes, always
+
+	vpaddq		0x00(%r11),$H0,$H0	# add hash value
+	vpaddq		0x10(%r11),$H1,$H1
+	vpaddq		0x20(%r11),$H2,$H2
+	vpaddq		0x30(%r11),$H3,$H3
+	vpaddq		0x40(%r11),$H4,$H4
+
+	lea		16*2($inp),%rax
+	lea		16*4($inp),$inp
+	sub		\$64,$len
+	cmovc		%rax,$inp
+
+	################################################################
+	# Now we accumulate (inp[0:1]+hash)*r^4
+	################################################################
+	# d4 = h4*r0 + h3*r1   + h2*r2   + h1*r3   + h0*r4
+	# d3 = h3*r0 + h2*r1   + h1*r2   + h0*r3   + h4*5*r4
+	# d2 = h2*r0 + h1*r1   + h0*r2   + h4*5*r3 + h3*5*r4
+	# d1 = h1*r0 + h0*r1   + h4*5*r2 + h3*5*r3 + h2*5*r4
+	# d0 = h0*r0 + h4*5*r1 + h3*5*r2 + h2*5*r3 + h1*5*r4
+
+	vpmuludq	$H0,$T4,$T0		# h0*r0
+	vpmuludq	$H1,$T4,$T1		# h1*r0
+	vpaddq		$T0,$D0,$D0
+	vpaddq		$T1,$D1,$D1
+	 vmovdqa	-0x80(%r11),$T2		# r1^4
+	vpmuludq	$H2,$T4,$T0		# h2*r0
+	vpmuludq	$H3,$T4,$T1		# h3*r0
+	vpaddq		$T0,$D2,$D2
+	vpaddq		$T1,$D3,$D3
+	vpmuludq	$H4,$T4,$T4		# h4*r0
+	 vpmuludq	-0x70(%r11),$H4,$T0	# h4*s1
+	vpaddq		$T4,$D4,$D4
+
+	vpaddq		$T0,$D0,$D0		# d0 += h4*s1
+	vpmuludq	$H2,$T2,$T1		# h2*r1
+	vpmuludq	$H3,$T2,$T0		# h3*r1
+	vpaddq		$T1,$D3,$D3		# d3 += h2*r1
+	 vmovdqa	-0x60(%r11),$T3		# r2^4
+	vpaddq		$T0,$D4,$D4		# d4 += h3*r1
+	vpmuludq	$H1,$T2,$T1		# h1*r1
+	vpmuludq	$H0,$T2,$T2		# h0*r1
+	vpaddq		$T1,$D2,$D2		# d2 += h1*r1
+	vpaddq		$T2,$D1,$D1		# d1 += h0*r1
+
+	 vmovdqa	-0x50(%r11),$T4		# s2^4
+	vpmuludq	$H2,$T3,$T0		# h2*r2
+	vpmuludq	$H1,$T3,$T1		# h1*r2
+	vpaddq		$T0,$D4,$D4		# d4 += h2*r2
+	vpaddq		$T1,$D3,$D3		# d3 += h1*r2
+	 vmovdqa	-0x40(%r11),$T2		# r3^4
+	vpmuludq	$H0,$T3,$T3		# h0*r2
+	vpmuludq	$H4,$T4,$T0		# h4*s2
+	vpaddq		$T3,$D2,$D2		# d2 += h0*r2
+	vpaddq		$T0,$D1,$D1		# d1 += h4*s2
+	 vmovdqa	-0x30(%r11),$T3		# s3^4
+	vpmuludq	$H3,$T4,$T4		# h3*s2
+	 vpmuludq	$H1,$T2,$T1		# h1*r3
+	vpaddq		$T4,$D0,$D0		# d0 += h3*s2
+
+	 vmovdqa	-0x10(%r11),$T4		# s4^4
+	vpaddq		$T1,$D4,$D4		# d4 += h1*r3
+	vpmuludq	$H0,$T2,$T2		# h0*r3
+	vpmuludq	$H4,$T3,$T0		# h4*s3
+	vpaddq		$T2,$D3,$D3		# d3 += h0*r3
+	vpaddq		$T0,$D2,$D2		# d2 += h4*s3
+	 vmovdqu	16*2($inp),$T0				# load input
+	vpmuludq	$H3,$T3,$T2		# h3*s3
+	vpmuludq	$H2,$T3,$T3		# h2*s3
+	vpaddq		$T2,$D1,$D1		# d1 += h3*s3
+	 vmovdqu	16*3($inp),$T1				#
+	vpaddq		$T3,$D0,$D0		# d0 += h2*s3
+
+	vpmuludq	$H2,$T4,$H2		# h2*s4
+	vpmuludq	$H3,$T4,$H3		# h3*s4
+	 vpsrldq	\$6,$T0,$T2				# splat input
+	vpaddq		$H2,$D1,$D1		# d1 += h2*s4
+	vpmuludq	$H4,$T4,$H4		# h4*s4
+	 vpsrldq	\$6,$T1,$T3				#
+	vpaddq		$H3,$D2,$H2		# h2 = d2 + h3*s4
+	vpaddq		$H4,$D3,$H3		# h3 = d3 + h4*s4
+	vpmuludq	-0x20(%r11),$H0,$H4	# h0*r4
+	vpmuludq	$H1,$T4,$H0
+	 vpunpckhqdq	$T1,$T0,$T4		# 4
+	vpaddq		$H4,$D4,$H4		# h4 = d4 + h0*r4
+	vpaddq		$H0,$D0,$H0		# h0 = d0 + h1*s4
+
+	vpunpcklqdq	$T1,$T0,$T0		# 0:1
+	vpunpcklqdq	$T3,$T2,$T3		# 2:3
+
+	#vpsrlq		\$40,$T4,$T4		# 4
+	vpsrldq		\$`40/8`,$T4,$T4	# 4
+	vpsrlq		\$26,$T0,$T1
+	 vmovdqa	0x00(%rsp),$D4		# preload r0^2
+	vpand		$MASK,$T0,$T0		# 0
+	vpsrlq		\$4,$T3,$T2
+	vpand		$MASK,$T1,$T1		# 1
+	vpand		0(%rcx),$T4,$T4		# .Lmask24
+	vpsrlq		\$30,$T3,$T3
+	vpand		$MASK,$T2,$T2		# 2
+	vpand		$MASK,$T3,$T3		# 3
+	vpor		32(%rcx),$T4,$T4	# padbit, yes, always
+
+	################################################################
+	# lazy reduction as discussed in "NEON crypto" by D.J. Bernstein
+	# and P. Schwabe
+
+	vpsrlq		\$26,$H3,$D3
+	vpand		$MASK,$H3,$H3
+	vpaddq		$D3,$H4,$H4		# h3 -> h4
+
+	vpsrlq		\$26,$H0,$D0
+	vpand		$MASK,$H0,$H0
+	vpaddq		$D0,$D1,$H1		# h0 -> h1
+
+	vpsrlq		\$26,$H4,$D0
+	vpand		$MASK,$H4,$H4
+
+	vpsrlq		\$26,$H1,$D1
+	vpand		$MASK,$H1,$H1
+	vpaddq		$D1,$H2,$H2		# h1 -> h2
+
+	vpaddq		$D0,$H0,$H0
+	vpsllq		\$2,$D0,$D0
+	vpaddq		$D0,$H0,$H0		# h4 -> h0
+
+	vpsrlq		\$26,$H2,$D2
+	vpand		$MASK,$H2,$H2
+	vpaddq		$D2,$H3,$H3		# h2 -> h3
+
+	vpsrlq		\$26,$H0,$D0
+	vpand		$MASK,$H0,$H0
+	vpaddq		$D0,$H1,$H1		# h0 -> h1
+
+	vpsrlq		\$26,$H3,$D3
+	vpand		$MASK,$H3,$H3
+	vpaddq		$D3,$H4,$H4		# h3 -> h4
+
+	ja		.Loop_avx
+
+.Lskip_loop_avx:
+	################################################################
+	# multiply (inp[0:1]+hash) or inp[2:3] by r^2:r^1
+
+	vpshufd		\$0x10,$D4,$D4		# r0^n, xx12 -> x1x2
+	add		\$32,$len
+	jnz		.Long_tail_avx
+
+	vpaddq		$H2,$T2,$T2
+	vpaddq		$H0,$T0,$T0
+	vpaddq		$H1,$T1,$T1
+	vpaddq		$H3,$T3,$T3
+	vpaddq		$H4,$T4,$T4
+
+.Long_tail_avx:
+	vmovdqa		$H2,0x20(%r11)
+	vmovdqa		$H0,0x00(%r11)
+	vmovdqa		$H1,0x10(%r11)
+	vmovdqa		$H3,0x30(%r11)
+	vmovdqa		$H4,0x40(%r11)
+
+	# d4 = h4*r0 + h3*r1   + h2*r2   + h1*r3   + h0*r4
+	# d3 = h3*r0 + h2*r1   + h1*r2   + h0*r3   + h4*5*r4
+	# d2 = h2*r0 + h1*r1   + h0*r2   + h4*5*r3 + h3*5*r4
+	# d1 = h1*r0 + h0*r1   + h4*5*r2 + h3*5*r3 + h2*5*r4
+	# d0 = h0*r0 + h4*5*r1 + h3*5*r2 + h2*5*r3 + h1*5*r4
+
+	vpmuludq	$T2,$D4,$D2		# d2 = h2*r0
+	vpmuludq	$T0,$D4,$D0		# d0 = h0*r0
+	 vpshufd	\$0x10,`16*1-64`($ctx),$H2		# r1^n
+	vpmuludq	$T1,$D4,$D1		# d1 = h1*r0
+	vpmuludq	$T3,$D4,$D3		# d3 = h3*r0
+	vpmuludq	$T4,$D4,$D4		# d4 = h4*r0
+
+	vpmuludq	$T3,$H2,$H0		# h3*r1
+	vpaddq		$H0,$D4,$D4		# d4 += h3*r1
+	 vpshufd	\$0x10,`16*2-64`($ctx),$H3		# s1^n
+	vpmuludq	$T2,$H2,$H1		# h2*r1
+	vpaddq		$H1,$D3,$D3		# d3 += h2*r1
+	 vpshufd	\$0x10,`16*3-64`($ctx),$H4		# r2^n
+	vpmuludq	$T1,$H2,$H0		# h1*r1
+	vpaddq		$H0,$D2,$D2		# d2 += h1*r1
+	vpmuludq	$T0,$H2,$H2		# h0*r1
+	vpaddq		$H2,$D1,$D1		# d1 += h0*r1
+	vpmuludq	$T4,$H3,$H3		# h4*s1
+	vpaddq		$H3,$D0,$D0		# d0 += h4*s1
+
+	 vpshufd	\$0x10,`16*4-64`($ctx),$H2		# s2^n
+	vpmuludq	$T2,$H4,$H1		# h2*r2
+	vpaddq		$H1,$D4,$D4		# d4 += h2*r2
+	vpmuludq	$T1,$H4,$H0		# h1*r2
+	vpaddq		$H0,$D3,$D3		# d3 += h1*r2
+	 vpshufd	\$0x10,`16*5-64`($ctx),$H3		# r3^n
+	vpmuludq	$T0,$H4,$H4		# h0*r2
+	vpaddq		$H4,$D2,$D2		# d2 += h0*r2
+	vpmuludq	$T4,$H2,$H1		# h4*s2
+	vpaddq		$H1,$D1,$D1		# d1 += h4*s2
+	 vpshufd	\$0x10,`16*6-64`($ctx),$H4		# s3^n
+	vpmuludq	$T3,$H2,$H2		# h3*s2
+	vpaddq		$H2,$D0,$D0		# d0 += h3*s2
+
+	vpmuludq	$T1,$H3,$H0		# h1*r3
+	vpaddq		$H0,$D4,$D4		# d4 += h1*r3
+	vpmuludq	$T0,$H3,$H3		# h0*r3
+	vpaddq		$H3,$D3,$D3		# d3 += h0*r3
+	 vpshufd	\$0x10,`16*7-64`($ctx),$H2		# r4^n
+	vpmuludq	$T4,$H4,$H1		# h4*s3
+	vpaddq		$H1,$D2,$D2		# d2 += h4*s3
+	 vpshufd	\$0x10,`16*8-64`($ctx),$H3		# s4^n
+	vpmuludq	$T3,$H4,$H0		# h3*s3
+	vpaddq		$H0,$D1,$D1		# d1 += h3*s3
+	vpmuludq	$T2,$H4,$H4		# h2*s3
+	vpaddq		$H4,$D0,$D0		# d0 += h2*s3
+
+	vpmuludq	$T0,$H2,$H2		# h0*r4
+	vpaddq		$H2,$D4,$D4		# h4 = d4 + h0*r4
+	vpmuludq	$T4,$H3,$H1		# h4*s4
+	vpaddq		$H1,$D3,$D3		# h3 = d3 + h4*s4
+	vpmuludq	$T3,$H3,$H0		# h3*s4
+	vpaddq		$H0,$D2,$D2		# h2 = d2 + h3*s4
+	vpmuludq	$T2,$H3,$H1		# h2*s4
+	vpaddq		$H1,$D1,$D1		# h1 = d1 + h2*s4
+	vpmuludq	$T1,$H3,$H3		# h1*s4
+	vpaddq		$H3,$D0,$D0		# h0 = d0 + h1*s4
+
+	jz		.Lshort_tail_avx
+
+	vmovdqu		16*0($inp),$H0		# load input
+	vmovdqu		16*1($inp),$H1
+
+	vpsrldq		\$6,$H0,$H2		# splat input
+	vpsrldq		\$6,$H1,$H3
+	vpunpckhqdq	$H1,$H0,$H4		# 4
+	vpunpcklqdq	$H1,$H0,$H0		# 0:1
+	vpunpcklqdq	$H3,$H2,$H3		# 2:3
+
+	vpsrlq		\$40,$H4,$H4		# 4
+	vpsrlq		\$26,$H0,$H1
+	vpand		$MASK,$H0,$H0		# 0
+	vpsrlq		\$4,$H3,$H2
+	vpand		$MASK,$H1,$H1		# 1
+	vpsrlq		\$30,$H3,$H3
+	vpand		$MASK,$H2,$H2		# 2
+	vpand		$MASK,$H3,$H3		# 3
+	vpor		32(%rcx),$H4,$H4	# padbit, yes, always
+
+	vpshufd		\$0x32,`16*0-64`($ctx),$T4	# r0^n, 34xx -> x3x4
+	vpaddq		0x00(%r11),$H0,$H0
+	vpaddq		0x10(%r11),$H1,$H1
+	vpaddq		0x20(%r11),$H2,$H2
+	vpaddq		0x30(%r11),$H3,$H3
+	vpaddq		0x40(%r11),$H4,$H4
+
+	################################################################
+	# multiply (inp[0:1]+hash) by r^4:r^3 and accumulate
+
+	vpmuludq	$H0,$T4,$T0		# h0*r0
+	vpaddq		$T0,$D0,$D0		# d0 += h0*r0
+	vpmuludq	$H1,$T4,$T1		# h1*r0
+	vpaddq		$T1,$D1,$D1		# d1 += h1*r0
+	vpmuludq	$H2,$T4,$T0		# h2*r0
+	vpaddq		$T0,$D2,$D2		# d2 += h2*r0
+	 vpshufd	\$0x32,`16*1-64`($ctx),$T2		# r1^n
+	vpmuludq	$H3,$T4,$T1		# h3*r0
+	vpaddq		$T1,$D3,$D3		# d3 += h3*r0
+	vpmuludq	$H4,$T4,$T4		# h4*r0
+	vpaddq		$T4,$D4,$D4		# d4 += h4*r0
+
+	vpmuludq	$H3,$T2,$T0		# h3*r1
+	vpaddq		$T0,$D4,$D4		# d4 += h3*r1
+	 vpshufd	\$0x32,`16*2-64`($ctx),$T3		# s1
+	vpmuludq	$H2,$T2,$T1		# h2*r1
+	vpaddq		$T1,$D3,$D3		# d3 += h2*r1
+	 vpshufd	\$0x32,`16*3-64`($ctx),$T4		# r2
+	vpmuludq	$H1,$T2,$T0		# h1*r1
+	vpaddq		$T0,$D2,$D2		# d2 += h1*r1
+	vpmuludq	$H0,$T2,$T2		# h0*r1
+	vpaddq		$T2,$D1,$D1		# d1 += h0*r1
+	vpmuludq	$H4,$T3,$T3		# h4*s1
+	vpaddq		$T3,$D0,$D0		# d0 += h4*s1
+
+	 vpshufd	\$0x32,`16*4-64`($ctx),$T2		# s2
+	vpmuludq	$H2,$T4,$T1		# h2*r2
+	vpaddq		$T1,$D4,$D4		# d4 += h2*r2
+	vpmuludq	$H1,$T4,$T0		# h1*r2
+	vpaddq		$T0,$D3,$D3		# d3 += h1*r2
+	 vpshufd	\$0x32,`16*5-64`($ctx),$T3		# r3
+	vpmuludq	$H0,$T4,$T4		# h0*r2
+	vpaddq		$T4,$D2,$D2		# d2 += h0*r2
+	vpmuludq	$H4,$T2,$T1		# h4*s2
+	vpaddq		$T1,$D1,$D1		# d1 += h4*s2
+	 vpshufd	\$0x32,`16*6-64`($ctx),$T4		# s3
+	vpmuludq	$H3,$T2,$T2		# h3*s2
+	vpaddq		$T2,$D0,$D0		# d0 += h3*s2
+
+	vpmuludq	$H1,$T3,$T0		# h1*r3
+	vpaddq		$T0,$D4,$D4		# d4 += h1*r3
+	vpmuludq	$H0,$T3,$T3		# h0*r3
+	vpaddq		$T3,$D3,$D3		# d3 += h0*r3
+	 vpshufd	\$0x32,`16*7-64`($ctx),$T2		# r4
+	vpmuludq	$H4,$T4,$T1		# h4*s3
+	vpaddq		$T1,$D2,$D2		# d2 += h4*s3
+	 vpshufd	\$0x32,`16*8-64`($ctx),$T3		# s4
+	vpmuludq	$H3,$T4,$T0		# h3*s3
+	vpaddq		$T0,$D1,$D1		# d1 += h3*s3
+	vpmuludq	$H2,$T4,$T4		# h2*s3
+	vpaddq		$T4,$D0,$D0		# d0 += h2*s3
+
+	vpmuludq	$H0,$T2,$T2		# h0*r4
+	vpaddq		$T2,$D4,$D4		# d4 += h0*r4
+	vpmuludq	$H4,$T3,$T1		# h4*s4
+	vpaddq		$T1,$D3,$D3		# d3 += h4*s4
+	vpmuludq	$H3,$T3,$T0		# h3*s4
+	vpaddq		$T0,$D2,$D2		# d2 += h3*s4
+	vpmuludq	$H2,$T3,$T1		# h2*s4
+	vpaddq		$T1,$D1,$D1		# d1 += h2*s4
+	vpmuludq	$H1,$T3,$T3		# h1*s4
+	vpaddq		$T3,$D0,$D0		# d0 += h1*s4
+
+.Lshort_tail_avx:
+	################################################################
+	# horizontal addition
+
+	vpsrldq		\$8,$D4,$T4
+	vpsrldq		\$8,$D3,$T3
+	vpsrldq		\$8,$D1,$T1
+	vpsrldq		\$8,$D0,$T0
+	vpsrldq		\$8,$D2,$T2
+	vpaddq		$T3,$D3,$D3
+	vpaddq		$T4,$D4,$D4
+	vpaddq		$T0,$D0,$D0
+	vpaddq		$T1,$D1,$D1
+	vpaddq		$T2,$D2,$D2
+
+	################################################################
+	# lazy reduction
+
+	vpsrlq		\$26,$D3,$H3
+	vpand		$MASK,$D3,$D3
+	vpaddq		$H3,$D4,$D4		# h3 -> h4
+
+	vpsrlq		\$26,$D0,$H0
+	vpand		$MASK,$D0,$D0
+	vpaddq		$H0,$D1,$D1		# h0 -> h1
+
+	vpsrlq		\$26,$D4,$H4
+	vpand		$MASK,$D4,$D4
+
+	vpsrlq		\$26,$D1,$H1
+	vpand		$MASK,$D1,$D1
+	vpaddq		$H1,$D2,$D2		# h1 -> h2
+
+	vpaddq		$H4,$D0,$D0
+	vpsllq		\$2,$H4,$H4
+	vpaddq		$H4,$D0,$D0		# h4 -> h0
+
+	vpsrlq		\$26,$D2,$H2
+	vpand		$MASK,$D2,$D2
+	vpaddq		$H2,$D3,$D3		# h2 -> h3
+
+	vpsrlq		\$26,$D0,$H0
+	vpand		$MASK,$D0,$D0
+	vpaddq		$H0,$D1,$D1		# h0 -> h1
+
+	vpsrlq		\$26,$D3,$H3
+	vpand		$MASK,$D3,$D3
+	vpaddq		$H3,$D4,$D4		# h3 -> h4
+
+	vmovd		$D0,`4*0-48-64`($ctx)	# save partially reduced
+	vmovd		$D1,`4*1-48-64`($ctx)
+	vmovd		$D2,`4*2-48-64`($ctx)
+	vmovd		$D3,`4*3-48-64`($ctx)
+	vmovd		$D4,`4*4-48-64`($ctx)
+___
+$code.=<<___	if ($win64);
+	vmovdqa		0x50(%r11),%xmm6
+	vmovdqa		0x60(%r11),%xmm7
+	vmovdqa		0x70(%r11),%xmm8
+	vmovdqa		0x80(%r11),%xmm9
+	vmovdqa		0x90(%r11),%xmm10
+	vmovdqa		0xa0(%r11),%xmm11
+	vmovdqa		0xb0(%r11),%xmm12
+	vmovdqa		0xc0(%r11),%xmm13
+	vmovdqa		0xd0(%r11),%xmm14
+	vmovdqa		0xe0(%r11),%xmm15
+	lea		0xf8(%r11),%rsp
+.Ldo_avx_epilogue:
+___
+$code.=<<___	if (!$win64);
+	lea		0x58(%r11),%rsp
+.cfi_def_cfa		%rsp,8
+___
+$code.=<<___;
+	vzeroupper
+	ret
+.cfi_endproc
+.size	poly1305_blocks_avx,.-poly1305_blocks_avx
+
+.type	poly1305_emit_avx,\@function,3
+.align	32
+poly1305_emit_avx:
+	cmpl	\$0,20($ctx)	# is_base2_26?
+	je	.Lemit
+
+	mov	0($ctx),%eax	# load hash value base 2^26
+	mov	4($ctx),%ecx
+	mov	8($ctx),%r8d
+	mov	12($ctx),%r11d
+	mov	16($ctx),%r10d
+
+	shl	\$26,%rcx	# base 2^26 -> base 2^64
+	mov	%r8,%r9
+	shl	\$52,%r8
+	add	%rcx,%rax
+	shr	\$12,%r9
+	add	%rax,%r8	# h0
+	adc	\$0,%r9
+
+	shl	\$14,%r11
+	mov	%r10,%rax
+	shr	\$24,%r10
+	add	%r11,%r9
+	shl	\$40,%rax
+	add	%rax,%r9	# h1
+	adc	\$0,%r10	# h2
+
+	mov	%r10,%rax	# could be partially reduced, so reduce
+	mov	%r10,%rcx
+	and	\$3,%r10
+	shr	\$2,%rax
+	and	\$-4,%rcx
+	add	%rcx,%rax
+	add	%rax,%r8
+	adc	\$0,%r9
+	adc	\$0,%r10
+
+	mov	%r8,%rax
+	add	\$5,%r8		# compare to modulus
+	mov	%r9,%rcx
+	adc	\$0,%r9
+	adc	\$0,%r10
+	shr	\$2,%r10	# did 130-bit value overflow?
+	cmovnz	%r8,%rax
+	cmovnz	%r9,%rcx
+
+	add	0($nonce),%rax	# accumulate nonce
+	adc	8($nonce),%rcx
+	mov	%rax,0($mac)	# write result
+	mov	%rcx,8($mac)
+
+	ret
+.size	poly1305_emit_avx,.-poly1305_emit_avx
+___
+
+if ($avx>1) {
+my ($H0,$H1,$H2,$H3,$H4, $MASK, $T4,$T0,$T1,$T2,$T3, $D0,$D1,$D2,$D3,$D4) =
+    map("%ymm$_",(0..15));
+my $S4=$MASK;
+
+$code.=<<___;
+.type	poly1305_blocks_avx2,\@function,4
+.align	32
+poly1305_blocks_avx2:
+.cfi_startproc
+	mov	20($ctx),%r8d		# is_base2_26
+	cmp	\$128,$len
+	jae	.Lblocks_avx2
+	test	%r8d,%r8d
+	jz	.Lblocks
+
+.Lblocks_avx2:
+	and	\$-16,$len
+	jz	.Lno_data_avx2
+
+	vzeroupper
+
+	test	%r8d,%r8d
+	jz	.Lbase2_64_avx2
+
+	test	\$63,$len
+	jz	.Leven_avx2
+
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+.Lblocks_avx2_body:
+
+	mov	$len,%r15		# reassign $len
+
+	mov	0($ctx),$d1		# load hash value
+	mov	8($ctx),$d2
+	mov	16($ctx),$h2#d
+
+	mov	24($ctx),$r0		# load r
+	mov	32($ctx),$s1
+
+	################################# base 2^26 -> base 2^64
+	mov	$d1#d,$h0#d
+	and	\$`-1*(1<<31)`,$d1
+	mov	$d2,$r1			# borrow $r1
+	mov	$d2#d,$h1#d
+	and	\$`-1*(1<<31)`,$d2
+
+	shr	\$6,$d1
+	shl	\$52,$r1
+	add	$d1,$h0
+	shr	\$12,$h1
+	shr	\$18,$d2
+	add	$r1,$h0
+	adc	$d2,$h1
+
+	mov	$h2,$d1
+	shl	\$40,$d1
+	shr	\$24,$h2
+	add	$d1,$h1
+	adc	\$0,$h2			# can be partially reduced...
+
+	mov	\$-4,$d2		# ... so reduce
+	mov	$h2,$d1
+	and	$h2,$d2
+	shr	\$2,$d1
+	and	\$3,$h2
+	add	$d2,$d1			# =*5
+	add	$d1,$h0
+	adc	\$0,$h1
+	adc	\$0,$h2
+
+	mov	$s1,$r1
+	mov	$s1,%rax
+	shr	\$2,$s1
+	add	$r1,$s1			# s1 = r1 + (r1 >> 2)
+
+.Lbase2_26_pre_avx2:
+	add	0($inp),$h0		# accumulate input
+	adc	8($inp),$h1
+	lea	16($inp),$inp
+	adc	$padbit,$h2
+	sub	\$16,%r15
+
+	call	__poly1305_block
+	mov	$r1,%rax
+
+	test	\$63,%r15
+	jnz	.Lbase2_26_pre_avx2
+
+	test	$padbit,$padbit		# if $padbit is zero,
+	jz	.Lstore_base2_64_avx2	# store hash in base 2^64 format
+
+	################################# base 2^64 -> base 2^26
+	mov	$h0,%rax
+	mov	$h0,%rdx
+	shr	\$52,$h0
+	mov	$h1,$r0
+	mov	$h1,$r1
+	shr	\$26,%rdx
+	and	\$0x3ffffff,%rax	# h[0]
+	shl	\$12,$r0
+	and	\$0x3ffffff,%rdx	# h[1]
+	shr	\$14,$h1
+	or	$r0,$h0
+	shl	\$24,$h2
+	and	\$0x3ffffff,$h0		# h[2]
+	shr	\$40,$r1
+	and	\$0x3ffffff,$h1		# h[3]
+	or	$r1,$h2			# h[4]
+
+	test	%r15,%r15
+	jz	.Lstore_base2_26_avx2
+
+	vmovd	%rax#d,%x#$H0
+	vmovd	%rdx#d,%x#$H1
+	vmovd	$h0#d,%x#$H2
+	vmovd	$h1#d,%x#$H3
+	vmovd	$h2#d,%x#$H4
+	jmp	.Lproceed_avx2
+
+.align	32
+.Lstore_base2_64_avx2:
+	mov	$h0,0($ctx)
+	mov	$h1,8($ctx)
+	mov	$h2,16($ctx)		# note that is_base2_26 is zeroed
+	jmp	.Ldone_avx2
+
+.align	16
+.Lstore_base2_26_avx2:
+	mov	%rax#d,0($ctx)		# store hash value base 2^26
+	mov	%rdx#d,4($ctx)
+	mov	$h0#d,8($ctx)
+	mov	$h1#d,12($ctx)
+	mov	$h2#d,16($ctx)
+.align	16
+.Ldone_avx2:
+	mov	0(%rsp),%r15
+.cfi_restore	%r15
+	mov	8(%rsp),%r14
+.cfi_restore	%r14
+	mov	16(%rsp),%r13
+.cfi_restore	%r13
+	mov	24(%rsp),%r12
+.cfi_restore	%r12
+	mov	32(%rsp),%rbp
+.cfi_restore	%rbp
+	mov	40(%rsp),%rbx
+.cfi_restore	%rbx
+	lea	48(%rsp),%rsp
+.cfi_adjust_cfa_offset	-48
+.Lno_data_avx2:
+.Lblocks_avx2_epilogue:
+	ret
+.cfi_endproc
+
+.align	32
+.Lbase2_64_avx2:
+.cfi_startproc
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+.Lbase2_64_avx2_body:
+
+	mov	$len,%r15		# reassign $len
+
+	mov	24($ctx),$r0		# load r
+	mov	32($ctx),$s1
+
+	mov	0($ctx),$h0		# load hash value
+	mov	8($ctx),$h1
+	mov	16($ctx),$h2#d
+
+	mov	$s1,$r1
+	mov	$s1,%rax
+	shr	\$2,$s1
+	add	$r1,$s1			# s1 = r1 + (r1 >> 2)
+
+	test	\$63,$len
+	jz	.Linit_avx2
+
+.Lbase2_64_pre_avx2:
+	add	0($inp),$h0		# accumulate input
+	adc	8($inp),$h1
+	lea	16($inp),$inp
+	adc	$padbit,$h2
+	sub	\$16,%r15
+
+	call	__poly1305_block
+	mov	$r1,%rax
+
+	test	\$63,%r15
+	jnz	.Lbase2_64_pre_avx2
+
+.Linit_avx2:
+	################################# base 2^64 -> base 2^26
+	mov	$h0,%rax
+	mov	$h0,%rdx
+	shr	\$52,$h0
+	mov	$h1,$d1
+	mov	$h1,$d2
+	shr	\$26,%rdx
+	and	\$0x3ffffff,%rax	# h[0]
+	shl	\$12,$d1
+	and	\$0x3ffffff,%rdx	# h[1]
+	shr	\$14,$h1
+	or	$d1,$h0
+	shl	\$24,$h2
+	and	\$0x3ffffff,$h0		# h[2]
+	shr	\$40,$d2
+	and	\$0x3ffffff,$h1		# h[3]
+	or	$d2,$h2			# h[4]
+
+	vmovd	%rax#d,%x#$H0
+	vmovd	%rdx#d,%x#$H1
+	vmovd	$h0#d,%x#$H2
+	vmovd	$h1#d,%x#$H3
+	vmovd	$h2#d,%x#$H4
+	movl	\$1,20($ctx)		# set is_base2_26
+
+	call	__poly1305_init_avx
+
+.Lproceed_avx2:
+	mov	%r15,$len			# restore $len
+	mov	OPENSSL_ia32cap_P+8(%rip),%r10d
+	mov	\$`(1<<31|1<<30|1<<16)`,%r11d
+
+	mov	0(%rsp),%r15
+.cfi_restore	%r15
+	mov	8(%rsp),%r14
+.cfi_restore	%r14
+	mov	16(%rsp),%r13
+.cfi_restore	%r13
+	mov	24(%rsp),%r12
+.cfi_restore	%r12
+	mov	32(%rsp),%rbp
+.cfi_restore	%rbp
+	mov	40(%rsp),%rbx
+.cfi_restore	%rbx
+	lea	48(%rsp),%rax
+	lea	48(%rsp),%rsp
+.cfi_adjust_cfa_offset	-48
+.Lbase2_64_avx2_epilogue:
+	jmp	.Ldo_avx2
+.cfi_endproc
+
+.align	32
+.Leven_avx2:
+.cfi_startproc
+	mov		OPENSSL_ia32cap_P+8(%rip),%r10d
+	vmovd		4*0($ctx),%x#$H0	# load hash value base 2^26
+	vmovd		4*1($ctx),%x#$H1
+	vmovd		4*2($ctx),%x#$H2
+	vmovd		4*3($ctx),%x#$H3
+	vmovd		4*4($ctx),%x#$H4
+
+.Ldo_avx2:
+___
+$code.=<<___		if ($avx>2);
+	cmp		\$512,$len
+	jb		.Lskip_avx512
+	and		%r11d,%r10d
+	test		\$`1<<16`,%r10d		# check for AVX512F
+	jnz		.Lblocks_avx512
+.Lskip_avx512:
+___
+$code.=<<___	if (!$win64);
+	lea		-8(%rsp),%r11
+.cfi_def_cfa		%r11,16
+	sub		\$0x128,%rsp
+___
+$code.=<<___	if ($win64);
+	lea		-0xf8(%rsp),%r11
+	sub		\$0x1c8,%rsp
+	vmovdqa		%xmm6,0x50(%r11)
+	vmovdqa		%xmm7,0x60(%r11)
+	vmovdqa		%xmm8,0x70(%r11)
+	vmovdqa		%xmm9,0x80(%r11)
+	vmovdqa		%xmm10,0x90(%r11)
+	vmovdqa		%xmm11,0xa0(%r11)
+	vmovdqa		%xmm12,0xb0(%r11)
+	vmovdqa		%xmm13,0xc0(%r11)
+	vmovdqa		%xmm14,0xd0(%r11)
+	vmovdqa		%xmm15,0xe0(%r11)
+.Ldo_avx2_body:
+___
+$code.=<<___;
+	lea		.Lconst(%rip),%rcx
+	lea		48+64($ctx),$ctx	# size optimization
+	vmovdqa		96(%rcx),$T0		# .Lpermd_avx2
+
+	# expand and copy pre-calculated table to stack
+	vmovdqu		`16*0-64`($ctx),%x#$T2
+	and		\$-512,%rsp
+	vmovdqu		`16*1-64`($ctx),%x#$T3
+	vmovdqu		`16*2-64`($ctx),%x#$T4
+	vmovdqu		`16*3-64`($ctx),%x#$D0
+	vmovdqu		`16*4-64`($ctx),%x#$D1
+	vmovdqu		`16*5-64`($ctx),%x#$D2
+	lea		0x90(%rsp),%rax		# size optimization
+	vmovdqu		`16*6-64`($ctx),%x#$D3
+	vpermd		$T2,$T0,$T2		# 00003412 -> 14243444
+	vmovdqu		`16*7-64`($ctx),%x#$D4
+	vpermd		$T3,$T0,$T3
+	vmovdqu		`16*8-64`($ctx),%x#$MASK
+	vpermd		$T4,$T0,$T4
+	vmovdqa		$T2,0x00(%rsp)
+	vpermd		$D0,$T0,$D0
+	vmovdqa		$T3,0x20-0x90(%rax)
+	vpermd		$D1,$T0,$D1
+	vmovdqa		$T4,0x40-0x90(%rax)
+	vpermd		$D2,$T0,$D2
+	vmovdqa		$D0,0x60-0x90(%rax)
+	vpermd		$D3,$T0,$D3
+	vmovdqa		$D1,0x80-0x90(%rax)
+	vpermd		$D4,$T0,$D4
+	vmovdqa		$D2,0xa0-0x90(%rax)
+	vpermd		$MASK,$T0,$MASK
+	vmovdqa		$D3,0xc0-0x90(%rax)
+	vmovdqa		$D4,0xe0-0x90(%rax)
+	vmovdqa		$MASK,0x100-0x90(%rax)
+	vmovdqa		64(%rcx),$MASK		# .Lmask26
+
+	################################################################
+	# load input
+	vmovdqu		16*0($inp),%x#$T0
+	vmovdqu		16*1($inp),%x#$T1
+	vinserti128	\$1,16*2($inp),$T0,$T0
+	vinserti128	\$1,16*3($inp),$T1,$T1
+	lea		16*4($inp),$inp
+
+	vpsrldq		\$6,$T0,$T2		# splat input
+	vpsrldq		\$6,$T1,$T3
+	vpunpckhqdq	$T1,$T0,$T4		# 4
+	vpunpcklqdq	$T3,$T2,$T2		# 2:3
+	vpunpcklqdq	$T1,$T0,$T0		# 0:1
+
+	vpsrlq		\$30,$T2,$T3
+	vpsrlq		\$4,$T2,$T2
+	vpsrlq		\$26,$T0,$T1
+	vpsrlq		\$40,$T4,$T4		# 4
+	vpand		$MASK,$T2,$T2		# 2
+	vpand		$MASK,$T0,$T0		# 0
+	vpand		$MASK,$T1,$T1		# 1
+	vpand		$MASK,$T3,$T3		# 3
+	vpor		32(%rcx),$T4,$T4	# padbit, yes, always
+
+	vpaddq		$H2,$T2,$H2		# accumulate input
+	sub		\$64,$len
+	jz		.Ltail_avx2
+	jmp		.Loop_avx2
+
+.align	32
+.Loop_avx2:
+	################################################################
+	# ((inp[0]*r^4+inp[4])*r^4+inp[ 8])*r^4
+	# ((inp[1]*r^4+inp[5])*r^4+inp[ 9])*r^3
+	# ((inp[2]*r^4+inp[6])*r^4+inp[10])*r^2
+	# ((inp[3]*r^4+inp[7])*r^4+inp[11])*r^1
+	#   \________/\__________/
+	################################################################
+	#vpaddq		$H2,$T2,$H2		# accumulate input
+	vpaddq		$H0,$T0,$H0
+	vmovdqa		`32*0`(%rsp),$T0	# r0^4
+	vpaddq		$H1,$T1,$H1
+	vmovdqa		`32*1`(%rsp),$T1	# r1^4
+	vpaddq		$H3,$T3,$H3
+	vmovdqa		`32*3`(%rsp),$T2	# r2^4
+	vpaddq		$H4,$T4,$H4
+	vmovdqa		`32*6-0x90`(%rax),$T3	# s3^4
+	vmovdqa		`32*8-0x90`(%rax),$S4	# s4^4
+
+	# d4 = h4*r0 + h3*r1   + h2*r2   + h1*r3   + h0*r4
+	# d3 = h3*r0 + h2*r1   + h1*r2   + h0*r3   + h4*5*r4
+	# d2 = h2*r0 + h1*r1   + h0*r2   + h4*5*r3 + h3*5*r4
+	# d1 = h1*r0 + h0*r1   + h4*5*r2 + h3*5*r3 + h2*5*r4
+	# d0 = h0*r0 + h4*5*r1 + h3*5*r2 + h2*5*r3 + h1*5*r4
+	#
+	# however, as h2 is "chronologically" first one available pull
+	# corresponding operations up, so it's
+	#
+	# d4 = h2*r2   + h4*r0 + h3*r1             + h1*r3   + h0*r4
+	# d3 = h2*r1   + h3*r0           + h1*r2   + h0*r3   + h4*5*r4
+	# d2 = h2*r0           + h1*r1   + h0*r2   + h4*5*r3 + h3*5*r4
+	# d1 = h2*5*r4 + h1*r0 + h0*r1   + h4*5*r2 + h3*5*r3
+	# d0 = h2*5*r3 + h0*r0 + h4*5*r1 + h3*5*r2           + h1*5*r4
+
+	vpmuludq	$H2,$T0,$D2		# d2 = h2*r0
+	vpmuludq	$H2,$T1,$D3		# d3 = h2*r1
+	vpmuludq	$H2,$T2,$D4		# d4 = h2*r2
+	vpmuludq	$H2,$T3,$D0		# d0 = h2*s3
+	vpmuludq	$H2,$S4,$D1		# d1 = h2*s4
+
+	vpmuludq	$H0,$T1,$T4		# h0*r1
+	vpmuludq	$H1,$T1,$H2		# h1*r1, borrow $H2 as temp
+	vpaddq		$T4,$D1,$D1		# d1 += h0*r1
+	vpaddq		$H2,$D2,$D2		# d2 += h1*r1
+	vpmuludq	$H3,$T1,$T4		# h3*r1
+	vpmuludq	`32*2`(%rsp),$H4,$H2	# h4*s1
+	vpaddq		$T4,$D4,$D4		# d4 += h3*r1
+	vpaddq		$H2,$D0,$D0		# d0 += h4*s1
+	 vmovdqa	`32*4-0x90`(%rax),$T1	# s2
+
+	vpmuludq	$H0,$T0,$T4		# h0*r0
+	vpmuludq	$H1,$T0,$H2		# h1*r0
+	vpaddq		$T4,$D0,$D0		# d0 += h0*r0
+	vpaddq		$H2,$D1,$D1		# d1 += h1*r0
+	vpmuludq	$H3,$T0,$T4		# h3*r0
+	vpmuludq	$H4,$T0,$H2		# h4*r0
+	 vmovdqu	16*0($inp),%x#$T0	# load input
+	vpaddq		$T4,$D3,$D3		# d3 += h3*r0
+	vpaddq		$H2,$D4,$D4		# d4 += h4*r0
+	 vinserti128	\$1,16*2($inp),$T0,$T0
+
+	vpmuludq	$H3,$T1,$T4		# h3*s2
+	vpmuludq	$H4,$T1,$H2		# h4*s2
+	 vmovdqu	16*1($inp),%x#$T1
+	vpaddq		$T4,$D0,$D0		# d0 += h3*s2
+	vpaddq		$H2,$D1,$D1		# d1 += h4*s2
+	 vmovdqa	`32*5-0x90`(%rax),$H2	# r3
+	vpmuludq	$H1,$T2,$T4		# h1*r2
+	vpmuludq	$H0,$T2,$T2		# h0*r2
+	vpaddq		$T4,$D3,$D3		# d3 += h1*r2
+	vpaddq		$T2,$D2,$D2		# d2 += h0*r2
+	 vinserti128	\$1,16*3($inp),$T1,$T1
+	 lea		16*4($inp),$inp
+
+	vpmuludq	$H1,$H2,$T4		# h1*r3
+	vpmuludq	$H0,$H2,$H2		# h0*r3
+	 vpsrldq	\$6,$T0,$T2		# splat input
+	vpaddq		$T4,$D4,$D4		# d4 += h1*r3
+	vpaddq		$H2,$D3,$D3		# d3 += h0*r3
+	vpmuludq	$H3,$T3,$T4		# h3*s3
+	vpmuludq	$H4,$T3,$H2		# h4*s3
+	 vpsrldq	\$6,$T1,$T3
+	vpaddq		$T4,$D1,$D1		# d1 += h3*s3
+	vpaddq		$H2,$D2,$D2		# d2 += h4*s3
+	 vpunpckhqdq	$T1,$T0,$T4		# 4
+
+	vpmuludq	$H3,$S4,$H3		# h3*s4
+	vpmuludq	$H4,$S4,$H4		# h4*s4
+	 vpunpcklqdq	$T1,$T0,$T0		# 0:1
+	vpaddq		$H3,$D2,$H2		# h2 = d2 + h3*r4
+	vpaddq		$H4,$D3,$H3		# h3 = d3 + h4*r4
+	 vpunpcklqdq	$T3,$T2,$T3		# 2:3
+	vpmuludq	`32*7-0x90`(%rax),$H0,$H4	# h0*r4
+	vpmuludq	$H1,$S4,$H0		# h1*s4
+	vmovdqa		64(%rcx),$MASK		# .Lmask26
+	vpaddq		$H4,$D4,$H4		# h4 = d4 + h0*r4
+	vpaddq		$H0,$D0,$H0		# h0 = d0 + h1*s4
+
+	################################################################
+	# lazy reduction (interleaved with tail of input splat)
+
+	vpsrlq		\$26,$H3,$D3
+	vpand		$MASK,$H3,$H3
+	vpaddq		$D3,$H4,$H4		# h3 -> h4
+
+	vpsrlq		\$26,$H0,$D0
+	vpand		$MASK,$H0,$H0
+	vpaddq		$D0,$D1,$H1		# h0 -> h1
+
+	vpsrlq		\$26,$H4,$D4
+	vpand		$MASK,$H4,$H4
+
+	 vpsrlq		\$4,$T3,$T2
+
+	vpsrlq		\$26,$H1,$D1
+	vpand		$MASK,$H1,$H1
+	vpaddq		$D1,$H2,$H2		# h1 -> h2
+
+	vpaddq		$D4,$H0,$H0
+	vpsllq		\$2,$D4,$D4
+	vpaddq		$D4,$H0,$H0		# h4 -> h0
+
+	 vpand		$MASK,$T2,$T2		# 2
+	 vpsrlq		\$26,$T0,$T1
+
+	vpsrlq		\$26,$H2,$D2
+	vpand		$MASK,$H2,$H2
+	vpaddq		$D2,$H3,$H3		# h2 -> h3
+
+	 vpaddq		$T2,$H2,$H2		# modulo-scheduled
+	 vpsrlq		\$30,$T3,$T3
+
+	vpsrlq		\$26,$H0,$D0
+	vpand		$MASK,$H0,$H0
+	vpaddq		$D0,$H1,$H1		# h0 -> h1
+
+	 vpsrlq		\$40,$T4,$T4		# 4
+
+	vpsrlq		\$26,$H3,$D3
+	vpand		$MASK,$H3,$H3
+	vpaddq		$D3,$H4,$H4		# h3 -> h4
+
+	 vpand		$MASK,$T0,$T0		# 0
+	 vpand		$MASK,$T1,$T1		# 1
+	 vpand		$MASK,$T3,$T3		# 3
+	 vpor		32(%rcx),$T4,$T4	# padbit, yes, always
+
+	sub		\$64,$len
+	jnz		.Loop_avx2
+
+	.byte		0x66,0x90
+.Ltail_avx2:
+	################################################################
+	# while above multiplications were by r^4 in all lanes, in last
+	# iteration we multiply least significant lane by r^4 and most
+	# significant one by r, so copy of above except that references
+	# to the precomputed table are displaced by 4...
+
+	#vpaddq		$H2,$T2,$H2		# accumulate input
+	vpaddq		$H0,$T0,$H0
+	vmovdqu		`32*0+4`(%rsp),$T0	# r0^4
+	vpaddq		$H1,$T1,$H1
+	vmovdqu		`32*1+4`(%rsp),$T1	# r1^4
+	vpaddq		$H3,$T3,$H3
+	vmovdqu		`32*3+4`(%rsp),$T2	# r2^4
+	vpaddq		$H4,$T4,$H4
+	vmovdqu		`32*6+4-0x90`(%rax),$T3	# s3^4
+	vmovdqu		`32*8+4-0x90`(%rax),$S4	# s4^4
+
+	vpmuludq	$H2,$T0,$D2		# d2 = h2*r0
+	vpmuludq	$H2,$T1,$D3		# d3 = h2*r1
+	vpmuludq	$H2,$T2,$D4		# d4 = h2*r2
+	vpmuludq	$H2,$T3,$D0		# d0 = h2*s3
+	vpmuludq	$H2,$S4,$D1		# d1 = h2*s4
+
+	vpmuludq	$H0,$T1,$T4		# h0*r1
+	vpmuludq	$H1,$T1,$H2		# h1*r1
+	vpaddq		$T4,$D1,$D1		# d1 += h0*r1
+	vpaddq		$H2,$D2,$D2		# d2 += h1*r1
+	vpmuludq	$H3,$T1,$T4		# h3*r1
+	vpmuludq	`32*2+4`(%rsp),$H4,$H2	# h4*s1
+	vpaddq		$T4,$D4,$D4		# d4 += h3*r1
+	vpaddq		$H2,$D0,$D0		# d0 += h4*s1
+
+	vpmuludq	$H0,$T0,$T4		# h0*r0
+	vpmuludq	$H1,$T0,$H2		# h1*r0
+	vpaddq		$T4,$D0,$D0		# d0 += h0*r0
+	 vmovdqu	`32*4+4-0x90`(%rax),$T1	# s2
+	vpaddq		$H2,$D1,$D1		# d1 += h1*r0
+	vpmuludq	$H3,$T0,$T4		# h3*r0
+	vpmuludq	$H4,$T0,$H2		# h4*r0
+	vpaddq		$T4,$D3,$D3		# d3 += h3*r0
+	vpaddq		$H2,$D4,$D4		# d4 += h4*r0
+
+	vpmuludq	$H3,$T1,$T4		# h3*s2
+	vpmuludq	$H4,$T1,$H2		# h4*s2
+	vpaddq		$T4,$D0,$D0		# d0 += h3*s2
+	vpaddq		$H2,$D1,$D1		# d1 += h4*s2
+	 vmovdqu	`32*5+4-0x90`(%rax),$H2	# r3
+	vpmuludq	$H1,$T2,$T4		# h1*r2
+	vpmuludq	$H0,$T2,$T2		# h0*r2
+	vpaddq		$T4,$D3,$D3		# d3 += h1*r2
+	vpaddq		$T2,$D2,$D2		# d2 += h0*r2
+
+	vpmuludq	$H1,$H2,$T4		# h1*r3
+	vpmuludq	$H0,$H2,$H2		# h0*r3
+	vpaddq		$T4,$D4,$D4		# d4 += h1*r3
+	vpaddq		$H2,$D3,$D3		# d3 += h0*r3
+	vpmuludq	$H3,$T3,$T4		# h3*s3
+	vpmuludq	$H4,$T3,$H2		# h4*s3
+	vpaddq		$T4,$D1,$D1		# d1 += h3*s3
+	vpaddq		$H2,$D2,$D2		# d2 += h4*s3
+
+	vpmuludq	$H3,$S4,$H3		# h3*s4
+	vpmuludq	$H4,$S4,$H4		# h4*s4
+	vpaddq		$H3,$D2,$H2		# h2 = d2 + h3*r4
+	vpaddq		$H4,$D3,$H3		# h3 = d3 + h4*r4
+	vpmuludq	`32*7+4-0x90`(%rax),$H0,$H4		# h0*r4
+	vpmuludq	$H1,$S4,$H0		# h1*s4
+	vmovdqa		64(%rcx),$MASK		# .Lmask26
+	vpaddq		$H4,$D4,$H4		# h4 = d4 + h0*r4
+	vpaddq		$H0,$D0,$H0		# h0 = d0 + h1*s4
+
+	################################################################
+	# horizontal addition
+
+	vpsrldq		\$8,$D1,$T1
+	vpsrldq		\$8,$H2,$T2
+	vpsrldq		\$8,$H3,$T3
+	vpsrldq		\$8,$H4,$T4
+	vpsrldq		\$8,$H0,$T0
+	vpaddq		$T1,$D1,$D1
+	vpaddq		$T2,$H2,$H2
+	vpaddq		$T3,$H3,$H3
+	vpaddq		$T4,$H4,$H4
+	vpaddq		$T0,$H0,$H0
+
+	vpermq		\$0x2,$H3,$T3
+	vpermq		\$0x2,$H4,$T4
+	vpermq		\$0x2,$H0,$T0
+	vpermq		\$0x2,$D1,$T1
+	vpermq		\$0x2,$H2,$T2
+	vpaddq		$T3,$H3,$H3
+	vpaddq		$T4,$H4,$H4
+	vpaddq		$T0,$H0,$H0
+	vpaddq		$T1,$D1,$D1
+	vpaddq		$T2,$H2,$H2
+
+	################################################################
+	# lazy reduction
+
+	vpsrlq		\$26,$H3,$D3
+	vpand		$MASK,$H3,$H3
+	vpaddq		$D3,$H4,$H4		# h3 -> h4
+
+	vpsrlq		\$26,$H0,$D0
+	vpand		$MASK,$H0,$H0
+	vpaddq		$D0,$D1,$H1		# h0 -> h1
+
+	vpsrlq		\$26,$H4,$D4
+	vpand		$MASK,$H4,$H4
+
+	vpsrlq		\$26,$H1,$D1
+	vpand		$MASK,$H1,$H1
+	vpaddq		$D1,$H2,$H2		# h1 -> h2
+
+	vpaddq		$D4,$H0,$H0
+	vpsllq		\$2,$D4,$D4
+	vpaddq		$D4,$H0,$H0		# h4 -> h0
+
+	vpsrlq		\$26,$H2,$D2
+	vpand		$MASK,$H2,$H2
+	vpaddq		$D2,$H3,$H3		# h2 -> h3
+
+	vpsrlq		\$26,$H0,$D0
+	vpand		$MASK,$H0,$H0
+	vpaddq		$D0,$H1,$H1		# h0 -> h1
+
+	vpsrlq		\$26,$H3,$D3
+	vpand		$MASK,$H3,$H3
+	vpaddq		$D3,$H4,$H4		# h3 -> h4
+
+	vmovd		%x#$H0,`4*0-48-64`($ctx)# save partially reduced
+	vmovd		%x#$H1,`4*1-48-64`($ctx)
+	vmovd		%x#$H2,`4*2-48-64`($ctx)
+	vmovd		%x#$H3,`4*3-48-64`($ctx)
+	vmovd		%x#$H4,`4*4-48-64`($ctx)
+___
+$code.=<<___	if ($win64);
+	vmovdqa		0x50(%r11),%xmm6
+	vmovdqa		0x60(%r11),%xmm7
+	vmovdqa		0x70(%r11),%xmm8
+	vmovdqa		0x80(%r11),%xmm9
+	vmovdqa		0x90(%r11),%xmm10
+	vmovdqa		0xa0(%r11),%xmm11
+	vmovdqa		0xb0(%r11),%xmm12
+	vmovdqa		0xc0(%r11),%xmm13
+	vmovdqa		0xd0(%r11),%xmm14
+	vmovdqa		0xe0(%r11),%xmm15
+	lea		0xf8(%r11),%rsp
+.Ldo_avx2_epilogue:
+___
+$code.=<<___	if (!$win64);
+	lea		8(%r11),%rsp
+.cfi_def_cfa		%rsp,8
+___
+$code.=<<___;
+	vzeroupper
+	ret
+.cfi_endproc
+.size	poly1305_blocks_avx2,.-poly1305_blocks_avx2
+___
+#######################################################################
+if ($avx>2) {
+# On entry we have input length divisible by 64. But since inner loop
+# processes 128 bytes per iteration, cases when length is not divisible
+# by 128 are handled by passing tail 64 bytes to .Ltail_avx2. For this
+# reason stack layout is kept identical to poly1305_blocks_avx2. If not
+# for this tail, we wouldn't have to even allocate stack frame...
+
+my ($R0,$R1,$R2,$R3,$R4, $S1,$S2,$S3,$S4) = map("%zmm$_",(16..24));
+my ($M0,$M1,$M2,$M3,$M4) = map("%zmm$_",(25..29));
+my $PADBIT="%zmm30";
+
+map(s/%y/%z/,($T4,$T0,$T1,$T2,$T3));		# switch to %zmm domain
+map(s/%y/%z/,($D0,$D1,$D2,$D3,$D4));
+map(s/%y/%z/,($H0,$H1,$H2,$H3,$H4));
+map(s/%y/%z/,($MASK));
+
+$code.=<<___;
+.type	poly1305_blocks_avx512,\@function,4
+.align	32
+poly1305_blocks_avx512:
+.cfi_startproc
+.Lblocks_avx512:
+	mov		\$15,%eax
+	kmovw		%eax,%k2
+___
+$code.=<<___	if (!$win64);
+	lea		-8(%rsp),%r11
+.cfi_def_cfa		%r11,16
+	sub		\$0x128,%rsp
+___
+$code.=<<___	if ($win64);
+	lea		-0xf8(%rsp),%r11
+	sub		\$0x1c8,%rsp
+	vmovdqa		%xmm6,0x50(%r11)
+	vmovdqa		%xmm7,0x60(%r11)
+	vmovdqa		%xmm8,0x70(%r11)
+	vmovdqa		%xmm9,0x80(%r11)
+	vmovdqa		%xmm10,0x90(%r11)
+	vmovdqa		%xmm11,0xa0(%r11)
+	vmovdqa		%xmm12,0xb0(%r11)
+	vmovdqa		%xmm13,0xc0(%r11)
+	vmovdqa		%xmm14,0xd0(%r11)
+	vmovdqa		%xmm15,0xe0(%r11)
+.Ldo_avx512_body:
+___
+$code.=<<___;
+	lea		.Lconst(%rip),%rcx
+	lea		48+64($ctx),$ctx	# size optimization
+	vmovdqa		96(%rcx),%y#$T2		# .Lpermd_avx2
+
+	# expand pre-calculated table
+	vmovdqu		`16*0-64`($ctx),%x#$D0	# will become expanded ${R0}
+	and		\$-512,%rsp
+	vmovdqu		`16*1-64`($ctx),%x#$D1	# will become ... ${R1}
+	mov		\$0x20,%rax
+	vmovdqu		`16*2-64`($ctx),%x#$T0	# ... ${S1}
+	vmovdqu		`16*3-64`($ctx),%x#$D2	# ... ${R2}
+	vmovdqu		`16*4-64`($ctx),%x#$T1	# ... ${S2}
+	vmovdqu		`16*5-64`($ctx),%x#$D3	# ... ${R3}
+	vmovdqu		`16*6-64`($ctx),%x#$T3	# ... ${S3}
+	vmovdqu		`16*7-64`($ctx),%x#$D4	# ... ${R4}
+	vmovdqu		`16*8-64`($ctx),%x#$T4	# ... ${S4}
+	vpermd		$D0,$T2,$R0		# 00003412 -> 14243444
+	vpbroadcastq	64(%rcx),$MASK		# .Lmask26
+	vpermd		$D1,$T2,$R1
+	vpermd		$T0,$T2,$S1
+	vpermd		$D2,$T2,$R2
+	vmovdqa64	$R0,0x00(%rsp){%k2}	# save in case $len%128 != 0
+	 vpsrlq		\$32,$R0,$T0		# 14243444 -> 01020304
+	vpermd		$T1,$T2,$S2
+	vmovdqu64	$R1,0x00(%rsp,%rax){%k2}
+	 vpsrlq		\$32,$R1,$T1
+	vpermd		$D3,$T2,$R3
+	vmovdqa64	$S1,0x40(%rsp){%k2}
+	vpermd		$T3,$T2,$S3
+	vpermd		$D4,$T2,$R4
+	vmovdqu64	$R2,0x40(%rsp,%rax){%k2}
+	vpermd		$T4,$T2,$S4
+	vmovdqa64	$S2,0x80(%rsp){%k2}
+	vmovdqu64	$R3,0x80(%rsp,%rax){%k2}
+	vmovdqa64	$S3,0xc0(%rsp){%k2}
+	vmovdqu64	$R4,0xc0(%rsp,%rax){%k2}
+	vmovdqa64	$S4,0x100(%rsp){%k2}
+
+	################################################################
+	# calculate 5th through 8th powers of the key
+	#
+	# d0 = r0'*r0 + r1'*5*r4 + r2'*5*r3 + r3'*5*r2 + r4'*5*r1
+	# d1 = r0'*r1 + r1'*r0   + r2'*5*r4 + r3'*5*r3 + r4'*5*r2
+	# d2 = r0'*r2 + r1'*r1   + r2'*r0   + r3'*5*r4 + r4'*5*r3
+	# d3 = r0'*r3 + r1'*r2   + r2'*r1   + r3'*r0   + r4'*5*r4
+	# d4 = r0'*r4 + r1'*r3   + r2'*r2   + r3'*r1   + r4'*r0
+
+	vpmuludq	$T0,$R0,$D0		# d0 = r0'*r0
+	vpmuludq	$T0,$R1,$D1		# d1 = r0'*r1
+	vpmuludq	$T0,$R2,$D2		# d2 = r0'*r2
+	vpmuludq	$T0,$R3,$D3		# d3 = r0'*r3
+	vpmuludq	$T0,$R4,$D4		# d4 = r0'*r4
+	 vpsrlq		\$32,$R2,$T2
+
+	vpmuludq	$T1,$S4,$M0
+	vpmuludq	$T1,$R0,$M1
+	vpmuludq	$T1,$R1,$M2
+	vpmuludq	$T1,$R2,$M3
+	vpmuludq	$T1,$R3,$M4
+	 vpsrlq		\$32,$R3,$T3
+	vpaddq		$M0,$D0,$D0		# d0 += r1'*5*r4
+	vpaddq		$M1,$D1,$D1		# d1 += r1'*r0
+	vpaddq		$M2,$D2,$D2		# d2 += r1'*r1
+	vpaddq		$M3,$D3,$D3		# d3 += r1'*r2
+	vpaddq		$M4,$D4,$D4		# d4 += r1'*r3
+
+	vpmuludq	$T2,$S3,$M0
+	vpmuludq	$T2,$S4,$M1
+	vpmuludq	$T2,$R1,$M3
+	vpmuludq	$T2,$R2,$M4
+	vpmuludq	$T2,$R0,$M2
+	 vpsrlq		\$32,$R4,$T4
+	vpaddq		$M0,$D0,$D0		# d0 += r2'*5*r3
+	vpaddq		$M1,$D1,$D1		# d1 += r2'*5*r4
+	vpaddq		$M3,$D3,$D3		# d3 += r2'*r1
+	vpaddq		$M4,$D4,$D4		# d4 += r2'*r2
+	vpaddq		$M2,$D2,$D2		# d2 += r2'*r0
+
+	vpmuludq	$T3,$S2,$M0
+	vpmuludq	$T3,$R0,$M3
+	vpmuludq	$T3,$R1,$M4
+	vpmuludq	$T3,$S3,$M1
+	vpmuludq	$T3,$S4,$M2
+	vpaddq		$M0,$D0,$D0		# d0 += r3'*5*r2
+	vpaddq		$M3,$D3,$D3		# d3 += r3'*r0
+	vpaddq		$M4,$D4,$D4		# d4 += r3'*r1
+	vpaddq		$M1,$D1,$D1		# d1 += r3'*5*r3
+	vpaddq		$M2,$D2,$D2		# d2 += r3'*5*r4
+
+	vpmuludq	$T4,$S4,$M3
+	vpmuludq	$T4,$R0,$M4
+	vpmuludq	$T4,$S1,$M0
+	vpmuludq	$T4,$S2,$M1
+	vpmuludq	$T4,$S3,$M2
+	vpaddq		$M3,$D3,$D3		# d3 += r2'*5*r4
+	vpaddq		$M4,$D4,$D4		# d4 += r2'*r0
+	vpaddq		$M0,$D0,$D0		# d0 += r2'*5*r1
+	vpaddq		$M1,$D1,$D1		# d1 += r2'*5*r2
+	vpaddq		$M2,$D2,$D2		# d2 += r2'*5*r3
+
+	################################################################
+	# load input
+	vmovdqu64	16*0($inp),%z#$T3
+	vmovdqu64	16*4($inp),%z#$T4
+	lea		16*8($inp),$inp
+
+	################################################################
+	# lazy reduction
+
+	vpsrlq		\$26,$D3,$M3
+	vpandq		$MASK,$D3,$D3
+	vpaddq		$M3,$D4,$D4		# d3 -> d4
+
+	vpsrlq		\$26,$D0,$M0
+	vpandq		$MASK,$D0,$D0
+	vpaddq		$M0,$D1,$D1		# d0 -> d1
+
+	vpsrlq		\$26,$D4,$M4
+	vpandq		$MASK,$D4,$D4
+
+	vpsrlq		\$26,$D1,$M1
+	vpandq		$MASK,$D1,$D1
+	vpaddq		$M1,$D2,$D2		# d1 -> d2
+
+	vpaddq		$M4,$D0,$D0
+	vpsllq		\$2,$M4,$M4
+	vpaddq		$M4,$D0,$D0		# d4 -> d0
+
+	vpsrlq		\$26,$D2,$M2
+	vpandq		$MASK,$D2,$D2
+	vpaddq		$M2,$D3,$D3		# d2 -> d3
+
+	vpsrlq		\$26,$D0,$M0
+	vpandq		$MASK,$D0,$D0
+	vpaddq		$M0,$D1,$D1		# d0 -> d1
+
+	vpsrlq		\$26,$D3,$M3
+	vpandq		$MASK,$D3,$D3
+	vpaddq		$M3,$D4,$D4		# d3 -> d4
+
+	################################################################
+	# at this point we have 14243444 in $R0-$S4 and 05060708 in
+	# $D0-$D4, ...
+
+	vpunpcklqdq	$T4,$T3,$T0	# transpose input
+	vpunpckhqdq	$T4,$T3,$T4
+
+	# ... since input 64-bit lanes are ordered as 73625140, we could
+	# "vperm" it to 76543210 (here and in each loop iteration), *or*
+	# we could just flow along, hence the goal for $R0-$S4 is
+	# 1858286838784888 ...
+
+	vmovdqa32	128(%rcx),$M0		# .Lpermd_avx512:
+	mov		\$0x7777,%eax
+	kmovw		%eax,%k1
+
+	vpermd		$R0,$M0,$R0		# 14243444 -> 1---2---3---4---
+	vpermd		$R1,$M0,$R1
+	vpermd		$R2,$M0,$R2
+	vpermd		$R3,$M0,$R3
+	vpermd		$R4,$M0,$R4
+
+	vpermd		$D0,$M0,${R0}{%k1}	# 05060708 -> 1858286838784888
+	vpermd		$D1,$M0,${R1}{%k1}
+	vpermd		$D2,$M0,${R2}{%k1}
+	vpermd		$D3,$M0,${R3}{%k1}
+	vpermd		$D4,$M0,${R4}{%k1}
+
+	vpslld		\$2,$R1,$S1		# *5
+	vpslld		\$2,$R2,$S2
+	vpslld		\$2,$R3,$S3
+	vpslld		\$2,$R4,$S4
+	vpaddd		$R1,$S1,$S1
+	vpaddd		$R2,$S2,$S2
+	vpaddd		$R3,$S3,$S3
+	vpaddd		$R4,$S4,$S4
+
+	vpbroadcastq	32(%rcx),$PADBIT	# .L129
+
+	vpsrlq		\$52,$T0,$T2		# splat input
+	vpsllq		\$12,$T4,$T3
+	vporq		$T3,$T2,$T2
+	vpsrlq		\$26,$T0,$T1
+	vpsrlq		\$14,$T4,$T3
+	vpsrlq		\$40,$T4,$T4		# 4
+	vpandq		$MASK,$T2,$T2		# 2
+	vpandq		$MASK,$T0,$T0		# 0
+	#vpandq		$MASK,$T1,$T1		# 1
+	#vpandq		$MASK,$T3,$T3		# 3
+	#vporq		$PADBIT,$T4,$T4		# padbit, yes, always
+
+	vpaddq		$H2,$T2,$H2		# accumulate input
+	sub		\$192,$len
+	jbe		.Ltail_avx512
+	jmp		.Loop_avx512
+
+.align	32
+.Loop_avx512:
+	################################################################
+	# ((inp[0]*r^8+inp[ 8])*r^8+inp[16])*r^8
+	# ((inp[1]*r^8+inp[ 9])*r^8+inp[17])*r^7
+	# ((inp[2]*r^8+inp[10])*r^8+inp[18])*r^6
+	# ((inp[3]*r^8+inp[11])*r^8+inp[19])*r^5
+	# ((inp[4]*r^8+inp[12])*r^8+inp[20])*r^4
+	# ((inp[5]*r^8+inp[13])*r^8+inp[21])*r^3
+	# ((inp[6]*r^8+inp[14])*r^8+inp[22])*r^2
+	# ((inp[7]*r^8+inp[15])*r^8+inp[23])*r^1
+	#   \________/\___________/
+	################################################################
+	#vpaddq		$H2,$T2,$H2		# accumulate input
+
+	# d4 = h4*r0 + h3*r1   + h2*r2   + h1*r3   + h0*r4
+	# d3 = h3*r0 + h2*r1   + h1*r2   + h0*r3   + h4*5*r4
+	# d2 = h2*r0 + h1*r1   + h0*r2   + h4*5*r3 + h3*5*r4
+	# d1 = h1*r0 + h0*r1   + h4*5*r2 + h3*5*r3 + h2*5*r4
+	# d0 = h0*r0 + h4*5*r1 + h3*5*r2 + h2*5*r3 + h1*5*r4
+	#
+	# however, as h2 is "chronologically" first one available pull
+	# corresponding operations up, so it's
+	#
+	# d3 = h2*r1   + h0*r3 + h1*r2   + h3*r0 + h4*5*r4
+	# d4 = h2*r2   + h0*r4 + h1*r3   + h3*r1 + h4*r0
+	# d0 = h2*5*r3 + h0*r0 + h1*5*r4         + h3*5*r2 + h4*5*r1
+	# d1 = h2*5*r4 + h0*r1           + h1*r0 + h3*5*r3 + h4*5*r2
+	# d2 = h2*r0           + h0*r2   + h1*r1 + h3*5*r4 + h4*5*r3
+
+	vpmuludq	$H2,$R1,$D3		# d3 = h2*r1
+	 vpaddq		$H0,$T0,$H0
+	vpmuludq	$H2,$R2,$D4		# d4 = h2*r2
+	 vpandq		$MASK,$T1,$T1		# 1
+	vpmuludq	$H2,$S3,$D0		# d0 = h2*s3
+	 vpandq		$MASK,$T3,$T3		# 3
+	vpmuludq	$H2,$S4,$D1		# d1 = h2*s4
+	 vporq		$PADBIT,$T4,$T4		# padbit, yes, always
+	vpmuludq	$H2,$R0,$D2		# d2 = h2*r0
+	 vpaddq		$H1,$T1,$H1		# accumulate input
+	 vpaddq		$H3,$T3,$H3
+	 vpaddq		$H4,$T4,$H4
+
+	  vmovdqu64	16*0($inp),$T3		# load input
+	  vmovdqu64	16*4($inp),$T4
+	  lea		16*8($inp),$inp
+	vpmuludq	$H0,$R3,$M3
+	vpmuludq	$H0,$R4,$M4
+	vpmuludq	$H0,$R0,$M0
+	vpmuludq	$H0,$R1,$M1
+	vpaddq		$M3,$D3,$D3		# d3 += h0*r3
+	vpaddq		$M4,$D4,$D4		# d4 += h0*r4
+	vpaddq		$M0,$D0,$D0		# d0 += h0*r0
+	vpaddq		$M1,$D1,$D1		# d1 += h0*r1
+
+	vpmuludq	$H1,$R2,$M3
+	vpmuludq	$H1,$R3,$M4
+	vpmuludq	$H1,$S4,$M0
+	vpmuludq	$H0,$R2,$M2
+	vpaddq		$M3,$D3,$D3		# d3 += h1*r2
+	vpaddq		$M4,$D4,$D4		# d4 += h1*r3
+	vpaddq		$M0,$D0,$D0		# d0 += h1*s4
+	vpaddq		$M2,$D2,$D2		# d2 += h0*r2
+
+	  vpunpcklqdq	$T4,$T3,$T0		# transpose input
+	  vpunpckhqdq	$T4,$T3,$T4
+
+	vpmuludq	$H3,$R0,$M3
+	vpmuludq	$H3,$R1,$M4
+	vpmuludq	$H1,$R0,$M1
+	vpmuludq	$H1,$R1,$M2
+	vpaddq		$M3,$D3,$D3		# d3 += h3*r0
+	vpaddq		$M4,$D4,$D4		# d4 += h3*r1
+	vpaddq		$M1,$D1,$D1		# d1 += h1*r0
+	vpaddq		$M2,$D2,$D2		# d2 += h1*r1
+
+	vpmuludq	$H4,$S4,$M3
+	vpmuludq	$H4,$R0,$M4
+	vpmuludq	$H3,$S2,$M0
+	vpmuludq	$H3,$S3,$M1
+	vpaddq		$M3,$D3,$D3		# d3 += h4*s4
+	vpmuludq	$H3,$S4,$M2
+	vpaddq		$M4,$D4,$D4		# d4 += h4*r0
+	vpaddq		$M0,$D0,$D0		# d0 += h3*s2
+	vpaddq		$M1,$D1,$D1		# d1 += h3*s3
+	vpaddq		$M2,$D2,$D2		# d2 += h3*s4
+
+	vpmuludq	$H4,$S1,$M0
+	vpmuludq	$H4,$S2,$M1
+	vpmuludq	$H4,$S3,$M2
+	vpaddq		$M0,$D0,$H0		# h0 = d0 + h4*s1
+	vpaddq		$M1,$D1,$H1		# h1 = d2 + h4*s2
+	vpaddq		$M2,$D2,$H2		# h2 = d3 + h4*s3
+
+	################################################################
+	# lazy reduction (interleaved with input splat)
+
+	 vpsrlq		\$52,$T0,$T2		# splat input
+	 vpsllq		\$12,$T4,$T3
+
+	vpsrlq		\$26,$D3,$H3
+	vpandq		$MASK,$D3,$D3
+	vpaddq		$H3,$D4,$H4		# h3 -> h4
+
+	 vporq		$T3,$T2,$T2
+
+	vpsrlq		\$26,$H0,$D0
+	vpandq		$MASK,$H0,$H0
+	vpaddq		$D0,$H1,$H1		# h0 -> h1
+
+	 vpandq		$MASK,$T2,$T2		# 2
+
+	vpsrlq		\$26,$H4,$D4
+	vpandq		$MASK,$H4,$H4
+
+	vpsrlq		\$26,$H1,$D1
+	vpandq		$MASK,$H1,$H1
+	vpaddq		$D1,$H2,$H2		# h1 -> h2
+
+	vpaddq		$D4,$H0,$H0
+	vpsllq		\$2,$D4,$D4
+	vpaddq		$D4,$H0,$H0		# h4 -> h0
+
+	 vpaddq		$T2,$H2,$H2		# modulo-scheduled
+	 vpsrlq		\$26,$T0,$T1
+
+	vpsrlq		\$26,$H2,$D2
+	vpandq		$MASK,$H2,$H2
+	vpaddq		$D2,$D3,$H3		# h2 -> h3
+
+	 vpsrlq		\$14,$T4,$T3
+
+	vpsrlq		\$26,$H0,$D0
+	vpandq		$MASK,$H0,$H0
+	vpaddq		$D0,$H1,$H1		# h0 -> h1
+
+	 vpsrlq		\$40,$T4,$T4		# 4
+
+	vpsrlq		\$26,$H3,$D3
+	vpandq		$MASK,$H3,$H3
+	vpaddq		$D3,$H4,$H4		# h3 -> h4
+
+	 vpandq		$MASK,$T0,$T0		# 0
+	 #vpandq	$MASK,$T1,$T1		# 1
+	 #vpandq	$MASK,$T3,$T3		# 3
+	 #vporq		$PADBIT,$T4,$T4		# padbit, yes, always
+
+	sub		\$128,$len
+	ja		.Loop_avx512
+
+.Ltail_avx512:
+	################################################################
+	# while above multiplications were by r^8 in all lanes, in last
+	# iteration we multiply least significant lane by r^8 and most
+	# significant one by r, that's why table gets shifted...
+
+	vpsrlq		\$32,$R0,$R0		# 0105020603070408
+	vpsrlq		\$32,$R1,$R1
+	vpsrlq		\$32,$R2,$R2
+	vpsrlq		\$32,$S3,$S3
+	vpsrlq		\$32,$S4,$S4
+	vpsrlq		\$32,$R3,$R3
+	vpsrlq		\$32,$R4,$R4
+	vpsrlq		\$32,$S1,$S1
+	vpsrlq		\$32,$S2,$S2
+
+	################################################################
+	# load either next or last 64 byte of input
+	lea		($inp,$len),$inp
+
+	#vpaddq		$H2,$T2,$H2		# accumulate input
+	vpaddq		$H0,$T0,$H0
+
+	vpmuludq	$H2,$R1,$D3		# d3 = h2*r1
+	vpmuludq	$H2,$R2,$D4		# d4 = h2*r2
+	vpmuludq	$H2,$S3,$D0		# d0 = h2*s3
+	 vpandq		$MASK,$T1,$T1		# 1
+	vpmuludq	$H2,$S4,$D1		# d1 = h2*s4
+	 vpandq		$MASK,$T3,$T3		# 3
+	vpmuludq	$H2,$R0,$D2		# d2 = h2*r0
+	 vporq		$PADBIT,$T4,$T4		# padbit, yes, always
+	 vpaddq		$H1,$T1,$H1		# accumulate input
+	 vpaddq		$H3,$T3,$H3
+	 vpaddq		$H4,$T4,$H4
+
+	  vmovdqu	16*0($inp),%x#$T0
+	vpmuludq	$H0,$R3,$M3
+	vpmuludq	$H0,$R4,$M4
+	vpmuludq	$H0,$R0,$M0
+	vpmuludq	$H0,$R1,$M1
+	vpaddq		$M3,$D3,$D3		# d3 += h0*r3
+	vpaddq		$M4,$D4,$D4		# d4 += h0*r4
+	vpaddq		$M0,$D0,$D0		# d0 += h0*r0
+	vpaddq		$M1,$D1,$D1		# d1 += h0*r1
+
+	  vmovdqu	16*1($inp),%x#$T1
+	vpmuludq	$H1,$R2,$M3
+	vpmuludq	$H1,$R3,$M4
+	vpmuludq	$H1,$S4,$M0
+	vpmuludq	$H0,$R2,$M2
+	vpaddq		$M3,$D3,$D3		# d3 += h1*r2
+	vpaddq		$M4,$D4,$D4		# d4 += h1*r3
+	vpaddq		$M0,$D0,$D0		# d0 += h1*s4
+	vpaddq		$M2,$D2,$D2		# d2 += h0*r2
+
+	  vinserti128	\$1,16*2($inp),%y#$T0,%y#$T0
+	vpmuludq	$H3,$R0,$M3
+	vpmuludq	$H3,$R1,$M4
+	vpmuludq	$H1,$R0,$M1
+	vpmuludq	$H1,$R1,$M2
+	vpaddq		$M3,$D3,$D3		# d3 += h3*r0
+	vpaddq		$M4,$D4,$D4		# d4 += h3*r1
+	vpaddq		$M1,$D1,$D1		# d1 += h1*r0
+	vpaddq		$M2,$D2,$D2		# d2 += h1*r1
+
+	  vinserti128	\$1,16*3($inp),%y#$T1,%y#$T1
+	vpmuludq	$H4,$S4,$M3
+	vpmuludq	$H4,$R0,$M4
+	vpmuludq	$H3,$S2,$M0
+	vpmuludq	$H3,$S3,$M1
+	vpmuludq	$H3,$S4,$M2
+	vpaddq		$M3,$D3,$H3		# h3 = d3 + h4*s4
+	vpaddq		$M4,$D4,$D4		# d4 += h4*r0
+	vpaddq		$M0,$D0,$D0		# d0 += h3*s2
+	vpaddq		$M1,$D1,$D1		# d1 += h3*s3
+	vpaddq		$M2,$D2,$D2		# d2 += h3*s4
+
+	vpmuludq	$H4,$S1,$M0
+	vpmuludq	$H4,$S2,$M1
+	vpmuludq	$H4,$S3,$M2
+	vpaddq		$M0,$D0,$H0		# h0 = d0 + h4*s1
+	vpaddq		$M1,$D1,$H1		# h1 = d2 + h4*s2
+	vpaddq		$M2,$D2,$H2		# h2 = d3 + h4*s3
+
+	################################################################
+	# horizontal addition
+
+	mov		\$1,%eax
+	vpermq		\$0xb1,$H3,$D3
+	vpermq		\$0xb1,$D4,$H4
+	vpermq		\$0xb1,$H0,$D0
+	vpermq		\$0xb1,$H1,$D1
+	vpermq		\$0xb1,$H2,$D2
+	vpaddq		$D3,$H3,$H3
+	vpaddq		$D4,$H4,$H4
+	vpaddq		$D0,$H0,$H0
+	vpaddq		$D1,$H1,$H1
+	vpaddq		$D2,$H2,$H2
+
+	kmovw		%eax,%k3
+	vpermq		\$0x2,$H3,$D3
+	vpermq		\$0x2,$H4,$D4
+	vpermq		\$0x2,$H0,$D0
+	vpermq		\$0x2,$H1,$D1
+	vpermq		\$0x2,$H2,$D2
+	vpaddq		$D3,$H3,$H3
+	vpaddq		$D4,$H4,$H4
+	vpaddq		$D0,$H0,$H0
+	vpaddq		$D1,$H1,$H1
+	vpaddq		$D2,$H2,$H2
+
+	vextracti64x4	\$0x1,$H3,%y#$D3
+	vextracti64x4	\$0x1,$H4,%y#$D4
+	vextracti64x4	\$0x1,$H0,%y#$D0
+	vextracti64x4	\$0x1,$H1,%y#$D1
+	vextracti64x4	\$0x1,$H2,%y#$D2
+	vpaddq		$D3,$H3,${H3}{%k3}{z}	# keep single qword in case
+	vpaddq		$D4,$H4,${H4}{%k3}{z}	# it's passed to .Ltail_avx2
+	vpaddq		$D0,$H0,${H0}{%k3}{z}
+	vpaddq		$D1,$H1,${H1}{%k3}{z}
+	vpaddq		$D2,$H2,${H2}{%k3}{z}
+___
+map(s/%z/%y/,($T0,$T1,$T2,$T3,$T4, $PADBIT));
+map(s/%z/%y/,($H0,$H1,$H2,$H3,$H4, $D0,$D1,$D2,$D3,$D4, $MASK));
+$code.=<<___;
+	################################################################
+	# lazy reduction (interleaved with input splat)
+
+	vpsrlq		\$26,$H3,$D3
+	vpand		$MASK,$H3,$H3
+	 vpsrldq	\$6,$T0,$T2		# splat input
+	 vpsrldq	\$6,$T1,$T3
+	 vpunpckhqdq	$T1,$T0,$T4		# 4
+	vpaddq		$D3,$H4,$H4		# h3 -> h4
+
+	vpsrlq		\$26,$H0,$D0
+	vpand		$MASK,$H0,$H0
+	 vpunpcklqdq	$T3,$T2,$T2		# 2:3
+	 vpunpcklqdq	$T1,$T0,$T0		# 0:1
+	vpaddq		$D0,$H1,$H1		# h0 -> h1
+
+	vpsrlq		\$26,$H4,$D4
+	vpand		$MASK,$H4,$H4
+
+	vpsrlq		\$26,$H1,$D1
+	vpand		$MASK,$H1,$H1
+	 vpsrlq		\$30,$T2,$T3
+	 vpsrlq		\$4,$T2,$T2
+	vpaddq		$D1,$H2,$H2		# h1 -> h2
+
+	vpaddq		$D4,$H0,$H0
+	vpsllq		\$2,$D4,$D4
+	 vpsrlq		\$26,$T0,$T1
+	 vpsrlq		\$40,$T4,$T4		# 4
+	vpaddq		$D4,$H0,$H0		# h4 -> h0
+
+	vpsrlq		\$26,$H2,$D2
+	vpand		$MASK,$H2,$H2
+	 vpand		$MASK,$T2,$T2		# 2
+	 vpand		$MASK,$T0,$T0		# 0
+	vpaddq		$D2,$H3,$H3		# h2 -> h3
+
+	vpsrlq		\$26,$H0,$D0
+	vpand		$MASK,$H0,$H0
+	 vpaddq		$H2,$T2,$H2		# accumulate input for .Ltail_avx2
+	 vpand		$MASK,$T1,$T1		# 1
+	vpaddq		$D0,$H1,$H1		# h0 -> h1
+
+	vpsrlq		\$26,$H3,$D3
+	vpand		$MASK,$H3,$H3
+	 vpand		$MASK,$T3,$T3		# 3
+	 vpor		32(%rcx),$T4,$T4	# padbit, yes, always
+	vpaddq		$D3,$H4,$H4		# h3 -> h4
+
+	lea		0x90(%rsp),%rax		# size optimization for .Ltail_avx2
+	add		\$64,$len
+	jnz		.Ltail_avx2
+
+	vpsubq		$T2,$H2,$H2		# undo input accumulation
+	vmovd		%x#$H0,`4*0-48-64`($ctx)# save partially reduced
+	vmovd		%x#$H1,`4*1-48-64`($ctx)
+	vmovd		%x#$H2,`4*2-48-64`($ctx)
+	vmovd		%x#$H3,`4*3-48-64`($ctx)
+	vmovd		%x#$H4,`4*4-48-64`($ctx)
+	vzeroall
+___
+$code.=<<___	if ($win64);
+	movdqa		0x50(%r11),%xmm6
+	movdqa		0x60(%r11),%xmm7
+	movdqa		0x70(%r11),%xmm8
+	movdqa		0x80(%r11),%xmm9
+	movdqa		0x90(%r11),%xmm10
+	movdqa		0xa0(%r11),%xmm11
+	movdqa		0xb0(%r11),%xmm12
+	movdqa		0xc0(%r11),%xmm13
+	movdqa		0xd0(%r11),%xmm14
+	movdqa		0xe0(%r11),%xmm15
+	lea		0xf8(%r11),%rsp
+.Ldo_avx512_epilogue:
+___
+$code.=<<___	if (!$win64);
+	lea		8(%r11),%rsp
+.cfi_def_cfa		%rsp,8
+___
+$code.=<<___;
+	ret
+.cfi_endproc
+.size	poly1305_blocks_avx512,.-poly1305_blocks_avx512
+___
+if ($avx>3) {
+########################################################################
+# VPMADD52 version using 2^44 radix.
+#
+# One can argue that base 2^52 would be more natural. Well, even though
+# some operations would be more natural, one has to recognize couple of
+# things. Base 2^52 doesn't provide advantage over base 2^44 if you look
+# at amount of multiply-n-accumulate operations. Secondly, it makes it
+# impossible to pre-compute multiples of 5 [referred to as s[]/sN in
+# reference implementations], which means that more such operations
+# would have to be performed in inner loop, which in turn makes critical
+# path longer. In other words, even though base 2^44 reduction might
+# look less elegant, overall critical path is actually shorter...
+
+########################################################################
+# Layout of opaque area is following.
+#
+#	unsigned __int64 h[3];		# current hash value base 2^44
+#	unsigned __int64 s[2];		# key value*20 base 2^44
+#	unsigned __int64 r[3];		# key value base 2^44
+#	struct { unsigned __int64 r^1, r^3, r^2, r^4; } R[4];
+#					# r^n positions reflect
+#					# placement in register, not
+#					# memory, R[3] is R[1]*20
+
+$code.=<<___;
+.type	poly1305_init_base2_44,\@function,3
+.align	32
+poly1305_init_base2_44:
+	xor	%rax,%rax
+	mov	%rax,0($ctx)		# initialize hash value
+	mov	%rax,8($ctx)
+	mov	%rax,16($ctx)
+
+.Linit_base2_44:
+	lea	poly1305_blocks_vpmadd52(%rip),%r10
+	lea	poly1305_emit_base2_44(%rip),%r11
+
+	mov	\$0x0ffffffc0fffffff,%rax
+	mov	\$0x0ffffffc0ffffffc,%rcx
+	and	0($inp),%rax
+	mov	\$0x00000fffffffffff,%r8
+	and	8($inp),%rcx
+	mov	\$0x00000fffffffffff,%r9
+	and	%rax,%r8
+	shrd	\$44,%rcx,%rax
+	mov	%r8,40($ctx)		# r0
+	and	%r9,%rax
+	shr	\$24,%rcx
+	mov	%rax,48($ctx)		# r1
+	lea	(%rax,%rax,4),%rax	# *5
+	mov	%rcx,56($ctx)		# r2
+	shl	\$2,%rax		# magic <<2
+	lea	(%rcx,%rcx,4),%rcx	# *5
+	shl	\$2,%rcx		# magic <<2
+	mov	%rax,24($ctx)		# s1
+	mov	%rcx,32($ctx)		# s2
+	movq	\$-1,64($ctx)		# write impossible value
+___
+$code.=<<___	if ($flavour !~ /elf32/);
+	mov	%r10,0(%rdx)
+	mov	%r11,8(%rdx)
+___
+$code.=<<___	if ($flavour =~ /elf32/);
+	mov	%r10d,0(%rdx)
+	mov	%r11d,4(%rdx)
+___
+$code.=<<___;
+	mov	\$1,%eax
+	ret
+.size	poly1305_init_base2_44,.-poly1305_init_base2_44
+___
+{
+my ($H0,$H1,$H2,$r2r1r0,$r1r0s2,$r0s2s1,$Dlo,$Dhi) = map("%ymm$_",(0..5,16,17));
+my ($T0,$inp_permd,$inp_shift,$PAD) = map("%ymm$_",(18..21));
+my ($reduc_mask,$reduc_rght,$reduc_left) = map("%ymm$_",(22..25));
+
+$code.=<<___;
+.type	poly1305_blocks_vpmadd52,\@function,4
+.align	32
+poly1305_blocks_vpmadd52:
+	shr	\$4,$len
+	jz	.Lno_data_vpmadd52		# too short
+
+	shl	\$40,$padbit
+	mov	64($ctx),%r8			# peek on power of the key
+
+	# if powers of the key are not calculated yet, process up to 3
+	# blocks with this single-block subroutine, otherwise ensure that
+	# length is divisible by 2 blocks and pass the rest down to next
+	# subroutine...
+
+	mov	\$3,%rax
+	mov	\$1,%r10
+	cmp	\$4,$len			# is input long
+	cmovae	%r10,%rax
+	test	%r8,%r8				# is power value impossible?
+	cmovns	%r10,%rax
+
+	and	$len,%rax			# is input of favourable length?
+	jz	.Lblocks_vpmadd52_4x
+
+	sub		%rax,$len
+	mov		\$7,%r10d
+	mov		\$1,%r11d
+	kmovw		%r10d,%k7
+	lea		.L2_44_inp_permd(%rip),%r10
+	kmovw		%r11d,%k1
+
+	vmovq		$padbit,%x#$PAD
+	vmovdqa64	0(%r10),$inp_permd	# .L2_44_inp_permd
+	vmovdqa64	32(%r10),$inp_shift	# .L2_44_inp_shift
+	vpermq		\$0xcf,$PAD,$PAD
+	vmovdqa64	64(%r10),$reduc_mask	# .L2_44_mask
+
+	vmovdqu64	0($ctx),${Dlo}{%k7}{z}		# load hash value
+	vmovdqu64	40($ctx),${r2r1r0}{%k7}{z}	# load keys
+	vmovdqu64	32($ctx),${r1r0s2}{%k7}{z}
+	vmovdqu64	24($ctx),${r0s2s1}{%k7}{z}
+
+	vmovdqa64	96(%r10),$reduc_rght	# .L2_44_shift_rgt
+	vmovdqa64	128(%r10),$reduc_left	# .L2_44_shift_lft
+
+	jmp		.Loop_vpmadd52
+
+.align	32
+.Loop_vpmadd52:
+	vmovdqu32	0($inp),%x#$T0		# load input as ----3210
+	lea		16($inp),$inp
+
+	vpermd		$T0,$inp_permd,$T0	# ----3210 -> --322110
+	vpsrlvq		$inp_shift,$T0,$T0
+	vpandq		$reduc_mask,$T0,$T0
+	vporq		$PAD,$T0,$T0
+
+	vpaddq		$T0,$Dlo,$Dlo		# accumulate input
+
+	vpermq		\$0,$Dlo,${H0}{%k7}{z}	# smash hash value
+	vpermq		\$0b01010101,$Dlo,${H1}{%k7}{z}
+	vpermq		\$0b10101010,$Dlo,${H2}{%k7}{z}
+
+	vpxord		$Dlo,$Dlo,$Dlo
+	vpxord		$Dhi,$Dhi,$Dhi
+
+	vpmadd52luq	$r2r1r0,$H0,$Dlo
+	vpmadd52huq	$r2r1r0,$H0,$Dhi
+
+	vpmadd52luq	$r1r0s2,$H1,$Dlo
+	vpmadd52huq	$r1r0s2,$H1,$Dhi
+
+	vpmadd52luq	$r0s2s1,$H2,$Dlo
+	vpmadd52huq	$r0s2s1,$H2,$Dhi
+
+	vpsrlvq		$reduc_rght,$Dlo,$T0	# 0 in topmost qword
+	vpsllvq		$reduc_left,$Dhi,$Dhi	# 0 in topmost qword
+	vpandq		$reduc_mask,$Dlo,$Dlo
+
+	vpaddq		$T0,$Dhi,$Dhi
+
+	vpermq		\$0b10010011,$Dhi,$Dhi	# 0 in lowest qword
+
+	vpaddq		$Dhi,$Dlo,$Dlo		# note topmost qword :-)
+
+	vpsrlvq		$reduc_rght,$Dlo,$T0	# 0 in topmost word
+	vpandq		$reduc_mask,$Dlo,$Dlo
+
+	vpermq		\$0b10010011,$T0,$T0
+
+	vpaddq		$T0,$Dlo,$Dlo
+
+	vpermq		\$0b10010011,$Dlo,${T0}{%k1}{z}
+
+	vpaddq		$T0,$Dlo,$Dlo
+	vpsllq		\$2,$T0,$T0
+
+	vpaddq		$T0,$Dlo,$Dlo
+
+	dec		%rax			# len-=16
+	jnz		.Loop_vpmadd52
+
+	vmovdqu64	$Dlo,0($ctx){%k7}	# store hash value
+
+	test		$len,$len
+	jnz		.Lblocks_vpmadd52_4x
+
+.Lno_data_vpmadd52:
+	ret
+.size	poly1305_blocks_vpmadd52,.-poly1305_blocks_vpmadd52
+___
+}
+{
+########################################################################
+# As implied by its name 4x subroutine processes 4 blocks in parallel
+# (but handles even 4*n+2 blocks lengths). It takes up to 4th key power
+# and is handled in 256-bit %ymm registers.
+
+my ($H0,$H1,$H2,$R0,$R1,$R2,$S1,$S2) = map("%ymm$_",(0..5,16,17));
+my ($D0lo,$D0hi,$D1lo,$D1hi,$D2lo,$D2hi) = map("%ymm$_",(18..23));
+my ($T0,$T1,$T2,$T3,$mask44,$mask42,$tmp,$PAD) = map("%ymm$_",(24..31));
+
+$code.=<<___;
+.type	poly1305_blocks_vpmadd52_4x,\@function,4
+.align	32
+poly1305_blocks_vpmadd52_4x:
+	shr	\$4,$len
+	jz	.Lno_data_vpmadd52_4x		# too short
+
+	shl	\$40,$padbit
+	mov	64($ctx),%r8			# peek on power of the key
+
+.Lblocks_vpmadd52_4x:
+	vpbroadcastq	$padbit,$PAD
+
+	vmovdqa64	.Lx_mask44(%rip),$mask44
+	mov		\$5,%eax
+	vmovdqa64	.Lx_mask42(%rip),$mask42
+	kmovw		%eax,%k1		# used in 2x path
+
+	test		%r8,%r8			# is power value impossible?
+	js		.Linit_vpmadd52		# if it is, then init R[4]
+
+	vmovq		0($ctx),%x#$H0		# load current hash value
+	vmovq		8($ctx),%x#$H1
+	vmovq		16($ctx),%x#$H2
+
+	test		\$3,$len		# is length 4*n+2?
+	jnz		.Lblocks_vpmadd52_2x_do
+
+.Lblocks_vpmadd52_4x_do:
+	vpbroadcastq	64($ctx),$R0		# load 4th power of the key
+	vpbroadcastq	96($ctx),$R1
+	vpbroadcastq	128($ctx),$R2
+	vpbroadcastq	160($ctx),$S1
+
+.Lblocks_vpmadd52_4x_key_loaded:
+	vpsllq		\$2,$R2,$S2		# S2 = R2*5*4
+	vpaddq		$R2,$S2,$S2
+	vpsllq		\$2,$S2,$S2
+
+	test		\$7,$len		# is len 8*n?
+	jz		.Lblocks_vpmadd52_8x
+
+	vmovdqu64	16*0($inp),$T2		# load data
+	vmovdqu64	16*2($inp),$T3
+	lea		16*4($inp),$inp
+
+	vpunpcklqdq	$T3,$T2,$T1		# transpose data
+	vpunpckhqdq	$T3,$T2,$T3
+
+	# at this point 64-bit lanes are ordered as 3-1-2-0
+
+	vpsrlq		\$24,$T3,$T2		# splat the data
+	vporq		$PAD,$T2,$T2
+	 vpaddq		$T2,$H2,$H2		# accumulate input
+	vpandq		$mask44,$T1,$T0
+	vpsrlq		\$44,$T1,$T1
+	vpsllq		\$20,$T3,$T3
+	vporq		$T3,$T1,$T1
+	vpandq		$mask44,$T1,$T1
+
+	sub		\$4,$len
+	jz		.Ltail_vpmadd52_4x
+	jmp		.Loop_vpmadd52_4x
+	ud2
+
+.align	32
+.Linit_vpmadd52:
+	vmovq		24($ctx),%x#$S1		# load key
+	vmovq		56($ctx),%x#$H2
+	vmovq		32($ctx),%x#$S2
+	vmovq		40($ctx),%x#$R0
+	vmovq		48($ctx),%x#$R1
+
+	vmovdqa		$R0,$H0
+	vmovdqa		$R1,$H1
+	vmovdqa		$H2,$R2
+
+	mov		\$2,%eax
+
+.Lmul_init_vpmadd52:
+	vpxorq		$D0lo,$D0lo,$D0lo
+	vpmadd52luq	$H2,$S1,$D0lo
+	vpxorq		$D0hi,$D0hi,$D0hi
+	vpmadd52huq	$H2,$S1,$D0hi
+	vpxorq		$D1lo,$D1lo,$D1lo
+	vpmadd52luq	$H2,$S2,$D1lo
+	vpxorq		$D1hi,$D1hi,$D1hi
+	vpmadd52huq	$H2,$S2,$D1hi
+	vpxorq		$D2lo,$D2lo,$D2lo
+	vpmadd52luq	$H2,$R0,$D2lo
+	vpxorq		$D2hi,$D2hi,$D2hi
+	vpmadd52huq	$H2,$R0,$D2hi
+
+	vpmadd52luq	$H0,$R0,$D0lo
+	vpmadd52huq	$H0,$R0,$D0hi
+	vpmadd52luq	$H0,$R1,$D1lo
+	vpmadd52huq	$H0,$R1,$D1hi
+	vpmadd52luq	$H0,$R2,$D2lo
+	vpmadd52huq	$H0,$R2,$D2hi
+
+	vpmadd52luq	$H1,$S2,$D0lo
+	vpmadd52huq	$H1,$S2,$D0hi
+	vpmadd52luq	$H1,$R0,$D1lo
+	vpmadd52huq	$H1,$R0,$D1hi
+	vpmadd52luq	$H1,$R1,$D2lo
+	vpmadd52huq	$H1,$R1,$D2hi
+
+	################################################################
+	# partial reduction
+	vpsrlq		\$44,$D0lo,$tmp
+	vpsllq		\$8,$D0hi,$D0hi
+	vpandq		$mask44,$D0lo,$H0
+	vpaddq		$tmp,$D0hi,$D0hi
+
+	vpaddq		$D0hi,$D1lo,$D1lo
+
+	vpsrlq		\$44,$D1lo,$tmp
+	vpsllq		\$8,$D1hi,$D1hi
+	vpandq		$mask44,$D1lo,$H1
+	vpaddq		$tmp,$D1hi,$D1hi
+
+	vpaddq		$D1hi,$D2lo,$D2lo
+
+	vpsrlq		\$42,$D2lo,$tmp
+	vpsllq		\$10,$D2hi,$D2hi
+	vpandq		$mask42,$D2lo,$H2
+	vpaddq		$tmp,$D2hi,$D2hi
+
+	vpaddq		$D2hi,$H0,$H0
+	vpsllq		\$2,$D2hi,$D2hi
+
+	vpaddq		$D2hi,$H0,$H0
+
+	vpsrlq		\$44,$H0,$tmp		# additional step
+	vpandq		$mask44,$H0,$H0
+
+	vpaddq		$tmp,$H1,$H1
+
+	dec		%eax
+	jz		.Ldone_init_vpmadd52
+
+	vpunpcklqdq	$R1,$H1,$R1		# 1,2
+	vpbroadcastq	%x#$H1,%x#$H1		# 2,2
+	vpunpcklqdq	$R2,$H2,$R2
+	vpbroadcastq	%x#$H2,%x#$H2
+	vpunpcklqdq	$R0,$H0,$R0
+	vpbroadcastq	%x#$H0,%x#$H0
+
+	vpsllq		\$2,$R1,$S1		# S1 = R1*5*4
+	vpsllq		\$2,$R2,$S2		# S2 = R2*5*4
+	vpaddq		$R1,$S1,$S1
+	vpaddq		$R2,$S2,$S2
+	vpsllq		\$2,$S1,$S1
+	vpsllq		\$2,$S2,$S2
+
+	jmp		.Lmul_init_vpmadd52
+	ud2
+
+.align	32
+.Ldone_init_vpmadd52:
+	vinserti128	\$1,%x#$R1,$H1,$R1	# 1,2,3,4
+	vinserti128	\$1,%x#$R2,$H2,$R2
+	vinserti128	\$1,%x#$R0,$H0,$R0
+
+	vpermq		\$0b11011000,$R1,$R1	# 1,3,2,4
+	vpermq		\$0b11011000,$R2,$R2
+	vpermq		\$0b11011000,$R0,$R0
+
+	vpsllq		\$2,$R1,$S1		# S1 = R1*5*4
+	vpaddq		$R1,$S1,$S1
+	vpsllq		\$2,$S1,$S1
+
+	vmovq		0($ctx),%x#$H0		# load current hash value
+	vmovq		8($ctx),%x#$H1
+	vmovq		16($ctx),%x#$H2
+
+	test		\$3,$len		# is length 4*n+2?
+	jnz		.Ldone_init_vpmadd52_2x
+
+	vmovdqu64	$R0,64($ctx)		# save key powers
+	vpbroadcastq	%x#$R0,$R0		# broadcast 4th power
+	vmovdqu64	$R1,96($ctx)
+	vpbroadcastq	%x#$R1,$R1
+	vmovdqu64	$R2,128($ctx)
+	vpbroadcastq	%x#$R2,$R2
+	vmovdqu64	$S1,160($ctx)
+	vpbroadcastq	%x#$S1,$S1
+
+	jmp		.Lblocks_vpmadd52_4x_key_loaded
+	ud2
+
+.align	32
+.Ldone_init_vpmadd52_2x:
+	vmovdqu64	$R0,64($ctx)		# save key powers
+	vpsrldq		\$8,$R0,$R0		# 0-1-0-2
+	vmovdqu64	$R1,96($ctx)
+	vpsrldq		\$8,$R1,$R1
+	vmovdqu64	$R2,128($ctx)
+	vpsrldq		\$8,$R2,$R2
+	vmovdqu64	$S1,160($ctx)
+	vpsrldq		\$8,$S1,$S1
+	jmp		.Lblocks_vpmadd52_2x_key_loaded
+	ud2
+
+.align	32
+.Lblocks_vpmadd52_2x_do:
+	vmovdqu64	128+8($ctx),${R2}{%k1}{z}# load 2nd and 1st key powers
+	vmovdqu64	160+8($ctx),${S1}{%k1}{z}
+	vmovdqu64	64+8($ctx),${R0}{%k1}{z}
+	vmovdqu64	96+8($ctx),${R1}{%k1}{z}
+
+.Lblocks_vpmadd52_2x_key_loaded:
+	vmovdqu64	16*0($inp),$T2		# load data
+	vpxorq		$T3,$T3,$T3
+	lea		16*2($inp),$inp
+
+	vpunpcklqdq	$T3,$T2,$T1		# transpose data
+	vpunpckhqdq	$T3,$T2,$T3
+
+	# at this point 64-bit lanes are ordered as x-1-x-0
+
+	vpsrlq		\$24,$T3,$T2		# splat the data
+	vporq		$PAD,$T2,$T2
+	 vpaddq		$T2,$H2,$H2		# accumulate input
+	vpandq		$mask44,$T1,$T0
+	vpsrlq		\$44,$T1,$T1
+	vpsllq		\$20,$T3,$T3
+	vporq		$T3,$T1,$T1
+	vpandq		$mask44,$T1,$T1
+
+	jmp		.Ltail_vpmadd52_2x
+	ud2
+
+.align	32
+.Loop_vpmadd52_4x:
+	#vpaddq		$T2,$H2,$H2		# accumulate input
+	vpaddq		$T0,$H0,$H0
+	vpaddq		$T1,$H1,$H1
+
+	vpxorq		$D0lo,$D0lo,$D0lo
+	vpmadd52luq	$H2,$S1,$D0lo
+	vpxorq		$D0hi,$D0hi,$D0hi
+	vpmadd52huq	$H2,$S1,$D0hi
+	vpxorq		$D1lo,$D1lo,$D1lo
+	vpmadd52luq	$H2,$S2,$D1lo
+	vpxorq		$D1hi,$D1hi,$D1hi
+	vpmadd52huq	$H2,$S2,$D1hi
+	vpxorq		$D2lo,$D2lo,$D2lo
+	vpmadd52luq	$H2,$R0,$D2lo
+	vpxorq		$D2hi,$D2hi,$D2hi
+	vpmadd52huq	$H2,$R0,$D2hi
+
+	 vmovdqu64	16*0($inp),$T2		# load data
+	 vmovdqu64	16*2($inp),$T3
+	 lea		16*4($inp),$inp
+	vpmadd52luq	$H0,$R0,$D0lo
+	vpmadd52huq	$H0,$R0,$D0hi
+	vpmadd52luq	$H0,$R1,$D1lo
+	vpmadd52huq	$H0,$R1,$D1hi
+	vpmadd52luq	$H0,$R2,$D2lo
+	vpmadd52huq	$H0,$R2,$D2hi
+
+	 vpunpcklqdq	$T3,$T2,$T1		# transpose data
+	 vpunpckhqdq	$T3,$T2,$T3
+	vpmadd52luq	$H1,$S2,$D0lo
+	vpmadd52huq	$H1,$S2,$D0hi
+	vpmadd52luq	$H1,$R0,$D1lo
+	vpmadd52huq	$H1,$R0,$D1hi
+	vpmadd52luq	$H1,$R1,$D2lo
+	vpmadd52huq	$H1,$R1,$D2hi
+
+	################################################################
+	# partial reduction (interleaved with data splat)
+	vpsrlq		\$44,$D0lo,$tmp
+	vpsllq		\$8,$D0hi,$D0hi
+	vpandq		$mask44,$D0lo,$H0
+	vpaddq		$tmp,$D0hi,$D0hi
+
+	 vpsrlq		\$24,$T3,$T2
+	 vporq		$PAD,$T2,$T2
+	vpaddq		$D0hi,$D1lo,$D1lo
+
+	vpsrlq		\$44,$D1lo,$tmp
+	vpsllq		\$8,$D1hi,$D1hi
+	vpandq		$mask44,$D1lo,$H1
+	vpaddq		$tmp,$D1hi,$D1hi
+
+	 vpandq		$mask44,$T1,$T0
+	 vpsrlq		\$44,$T1,$T1
+	 vpsllq		\$20,$T3,$T3
+	vpaddq		$D1hi,$D2lo,$D2lo
+
+	vpsrlq		\$42,$D2lo,$tmp
+	vpsllq		\$10,$D2hi,$D2hi
+	vpandq		$mask42,$D2lo,$H2
+	vpaddq		$tmp,$D2hi,$D2hi
+
+	  vpaddq	$T2,$H2,$H2		# accumulate input
+	vpaddq		$D2hi,$H0,$H0
+	vpsllq		\$2,$D2hi,$D2hi
+
+	vpaddq		$D2hi,$H0,$H0
+	 vporq		$T3,$T1,$T1
+	 vpandq		$mask44,$T1,$T1
+
+	vpsrlq		\$44,$H0,$tmp		# additional step
+	vpandq		$mask44,$H0,$H0
+
+	vpaddq		$tmp,$H1,$H1
+
+	sub		\$4,$len		# len-=64
+	jnz		.Loop_vpmadd52_4x
+
+.Ltail_vpmadd52_4x:
+	vmovdqu64	128($ctx),$R2		# load all key powers
+	vmovdqu64	160($ctx),$S1
+	vmovdqu64	64($ctx),$R0
+	vmovdqu64	96($ctx),$R1
+
+.Ltail_vpmadd52_2x:
+	vpsllq		\$2,$R2,$S2		# S2 = R2*5*4
+	vpaddq		$R2,$S2,$S2
+	vpsllq		\$2,$S2,$S2
+
+	#vpaddq		$T2,$H2,$H2		# accumulate input
+	vpaddq		$T0,$H0,$H0
+	vpaddq		$T1,$H1,$H1
+
+	vpxorq		$D0lo,$D0lo,$D0lo
+	vpmadd52luq	$H2,$S1,$D0lo
+	vpxorq		$D0hi,$D0hi,$D0hi
+	vpmadd52huq	$H2,$S1,$D0hi
+	vpxorq		$D1lo,$D1lo,$D1lo
+	vpmadd52luq	$H2,$S2,$D1lo
+	vpxorq		$D1hi,$D1hi,$D1hi
+	vpmadd52huq	$H2,$S2,$D1hi
+	vpxorq		$D2lo,$D2lo,$D2lo
+	vpmadd52luq	$H2,$R0,$D2lo
+	vpxorq		$D2hi,$D2hi,$D2hi
+	vpmadd52huq	$H2,$R0,$D2hi
+
+	vpmadd52luq	$H0,$R0,$D0lo
+	vpmadd52huq	$H0,$R0,$D0hi
+	vpmadd52luq	$H0,$R1,$D1lo
+	vpmadd52huq	$H0,$R1,$D1hi
+	vpmadd52luq	$H0,$R2,$D2lo
+	vpmadd52huq	$H0,$R2,$D2hi
+
+	vpmadd52luq	$H1,$S2,$D0lo
+	vpmadd52huq	$H1,$S2,$D0hi
+	vpmadd52luq	$H1,$R0,$D1lo
+	vpmadd52huq	$H1,$R0,$D1hi
+	vpmadd52luq	$H1,$R1,$D2lo
+	vpmadd52huq	$H1,$R1,$D2hi
+
+	################################################################
+	# horizontal addition
+
+	mov		\$1,%eax
+	kmovw		%eax,%k1
+	vpsrldq		\$8,$D0lo,$T0
+	vpsrldq		\$8,$D0hi,$H0
+	vpsrldq		\$8,$D1lo,$T1
+	vpsrldq		\$8,$D1hi,$H1
+	vpaddq		$T0,$D0lo,$D0lo
+	vpaddq		$H0,$D0hi,$D0hi
+	vpsrldq		\$8,$D2lo,$T2
+	vpsrldq		\$8,$D2hi,$H2
+	vpaddq		$T1,$D1lo,$D1lo
+	vpaddq		$H1,$D1hi,$D1hi
+	 vpermq		\$0x2,$D0lo,$T0
+	 vpermq		\$0x2,$D0hi,$H0
+	vpaddq		$T2,$D2lo,$D2lo
+	vpaddq		$H2,$D2hi,$D2hi
+
+	vpermq		\$0x2,$D1lo,$T1
+	vpermq		\$0x2,$D1hi,$H1
+	vpaddq		$T0,$D0lo,${D0lo}{%k1}{z}
+	vpaddq		$H0,$D0hi,${D0hi}{%k1}{z}
+	vpermq		\$0x2,$D2lo,$T2
+	vpermq		\$0x2,$D2hi,$H2
+	vpaddq		$T1,$D1lo,${D1lo}{%k1}{z}
+	vpaddq		$H1,$D1hi,${D1hi}{%k1}{z}
+	vpaddq		$T2,$D2lo,${D2lo}{%k1}{z}
+	vpaddq		$H2,$D2hi,${D2hi}{%k1}{z}
+
+	################################################################
+	# partial reduction
+	vpsrlq		\$44,$D0lo,$tmp
+	vpsllq		\$8,$D0hi,$D0hi
+	vpandq		$mask44,$D0lo,$H0
+	vpaddq		$tmp,$D0hi,$D0hi
+
+	vpaddq		$D0hi,$D1lo,$D1lo
+
+	vpsrlq		\$44,$D1lo,$tmp
+	vpsllq		\$8,$D1hi,$D1hi
+	vpandq		$mask44,$D1lo,$H1
+	vpaddq		$tmp,$D1hi,$D1hi
+
+	vpaddq		$D1hi,$D2lo,$D2lo
+
+	vpsrlq		\$42,$D2lo,$tmp
+	vpsllq		\$10,$D2hi,$D2hi
+	vpandq		$mask42,$D2lo,$H2
+	vpaddq		$tmp,$D2hi,$D2hi
+
+	vpaddq		$D2hi,$H0,$H0
+	vpsllq		\$2,$D2hi,$D2hi
+
+	vpaddq		$D2hi,$H0,$H0
+
+	vpsrlq		\$44,$H0,$tmp		# additional step
+	vpandq		$mask44,$H0,$H0
+
+	vpaddq		$tmp,$H1,$H1
+						# at this point $len is
+						# either 4*n+2 or 0...
+	sub		\$2,$len		# len-=32
+	ja		.Lblocks_vpmadd52_4x_do
+
+	vmovq		%x#$H0,0($ctx)
+	vmovq		%x#$H1,8($ctx)
+	vmovq		%x#$H2,16($ctx)
+	vzeroall
+
+.Lno_data_vpmadd52_4x:
+	ret
+.size	poly1305_blocks_vpmadd52_4x,.-poly1305_blocks_vpmadd52_4x
+___
+}
+{
+########################################################################
+# As implied by its name 8x subroutine processes 8 blocks in parallel...
+# This is intermediate version, as it's used only in cases when input
+# length is either 8*n, 8*n+1 or 8*n+2...
+
+my ($H0,$H1,$H2,$R0,$R1,$R2,$S1,$S2) = map("%ymm$_",(0..5,16,17));
+my ($D0lo,$D0hi,$D1lo,$D1hi,$D2lo,$D2hi) = map("%ymm$_",(18..23));
+my ($T0,$T1,$T2,$T3,$mask44,$mask42,$tmp,$PAD) = map("%ymm$_",(24..31));
+my ($RR0,$RR1,$RR2,$SS1,$SS2) = map("%ymm$_",(6..10));
+
+$code.=<<___;
+.type	poly1305_blocks_vpmadd52_8x,\@function,4
+.align	32
+poly1305_blocks_vpmadd52_8x:
+	shr	\$4,$len
+	jz	.Lno_data_vpmadd52_8x		# too short
+
+	shl	\$40,$padbit
+	mov	64($ctx),%r8			# peek on power of the key
+
+	vmovdqa64	.Lx_mask44(%rip),$mask44
+	vmovdqa64	.Lx_mask42(%rip),$mask42
+
+	test	%r8,%r8				# is power value impossible?
+	js	.Linit_vpmadd52			# if it is, then init R[4]
+
+	vmovq	0($ctx),%x#$H0			# load current hash value
+	vmovq	8($ctx),%x#$H1
+	vmovq	16($ctx),%x#$H2
+
+.Lblocks_vpmadd52_8x:
+	################################################################
+	# fist we calculate more key powers
+
+	vmovdqu64	128($ctx),$R2		# load 1-3-2-4 powers
+	vmovdqu64	160($ctx),$S1
+	vmovdqu64	64($ctx),$R0
+	vmovdqu64	96($ctx),$R1
+
+	vpsllq		\$2,$R2,$S2		# S2 = R2*5*4
+	vpaddq		$R2,$S2,$S2
+	vpsllq		\$2,$S2,$S2
+
+	vpbroadcastq	%x#$R2,$RR2		# broadcast 4th power
+	vpbroadcastq	%x#$R0,$RR0
+	vpbroadcastq	%x#$R1,$RR1
+
+	vpxorq		$D0lo,$D0lo,$D0lo
+	vpmadd52luq	$RR2,$S1,$D0lo
+	vpxorq		$D0hi,$D0hi,$D0hi
+	vpmadd52huq	$RR2,$S1,$D0hi
+	vpxorq		$D1lo,$D1lo,$D1lo
+	vpmadd52luq	$RR2,$S2,$D1lo
+	vpxorq		$D1hi,$D1hi,$D1hi
+	vpmadd52huq	$RR2,$S2,$D1hi
+	vpxorq		$D2lo,$D2lo,$D2lo
+	vpmadd52luq	$RR2,$R0,$D2lo
+	vpxorq		$D2hi,$D2hi,$D2hi
+	vpmadd52huq	$RR2,$R0,$D2hi
+
+	vpmadd52luq	$RR0,$R0,$D0lo
+	vpmadd52huq	$RR0,$R0,$D0hi
+	vpmadd52luq	$RR0,$R1,$D1lo
+	vpmadd52huq	$RR0,$R1,$D1hi
+	vpmadd52luq	$RR0,$R2,$D2lo
+	vpmadd52huq	$RR0,$R2,$D2hi
+
+	vpmadd52luq	$RR1,$S2,$D0lo
+	vpmadd52huq	$RR1,$S2,$D0hi
+	vpmadd52luq	$RR1,$R0,$D1lo
+	vpmadd52huq	$RR1,$R0,$D1hi
+	vpmadd52luq	$RR1,$R1,$D2lo
+	vpmadd52huq	$RR1,$R1,$D2hi
+
+	################################################################
+	# partial reduction
+	vpsrlq		\$44,$D0lo,$tmp
+	vpsllq		\$8,$D0hi,$D0hi
+	vpandq		$mask44,$D0lo,$RR0
+	vpaddq		$tmp,$D0hi,$D0hi
+
+	vpaddq		$D0hi,$D1lo,$D1lo
+
+	vpsrlq		\$44,$D1lo,$tmp
+	vpsllq		\$8,$D1hi,$D1hi
+	vpandq		$mask44,$D1lo,$RR1
+	vpaddq		$tmp,$D1hi,$D1hi
+
+	vpaddq		$D1hi,$D2lo,$D2lo
+
+	vpsrlq		\$42,$D2lo,$tmp
+	vpsllq		\$10,$D2hi,$D2hi
+	vpandq		$mask42,$D2lo,$RR2
+	vpaddq		$tmp,$D2hi,$D2hi
+
+	vpaddq		$D2hi,$RR0,$RR0
+	vpsllq		\$2,$D2hi,$D2hi
+
+	vpaddq		$D2hi,$RR0,$RR0
+
+	vpsrlq		\$44,$RR0,$tmp		# additional step
+	vpandq		$mask44,$RR0,$RR0
+
+	vpaddq		$tmp,$RR1,$RR1
+
+	################################################################
+	# At this point Rx holds 1324 powers, RRx - 5768, and the goal
+	# is 15263748, which reflects how data is loaded...
+
+	vpunpcklqdq	$R2,$RR2,$T2		# 3748
+	vpunpckhqdq	$R2,$RR2,$R2		# 1526
+	vpunpcklqdq	$R0,$RR0,$T0
+	vpunpckhqdq	$R0,$RR0,$R0
+	vpunpcklqdq	$R1,$RR1,$T1
+	vpunpckhqdq	$R1,$RR1,$R1
+___
+######## switch to %zmm
+map(s/%y/%z/, $H0,$H1,$H2,$R0,$R1,$R2,$S1,$S2);
+map(s/%y/%z/, $D0lo,$D0hi,$D1lo,$D1hi,$D2lo,$D2hi);
+map(s/%y/%z/, $T0,$T1,$T2,$T3,$mask44,$mask42,$tmp,$PAD);
+map(s/%y/%z/, $RR0,$RR1,$RR2,$SS1,$SS2);
+
+$code.=<<___;
+	vshufi64x2	\$0x44,$R2,$T2,$RR2	# 15263748
+	vshufi64x2	\$0x44,$R0,$T0,$RR0
+	vshufi64x2	\$0x44,$R1,$T1,$RR1
+
+	vmovdqu64	16*0($inp),$T2		# load data
+	vmovdqu64	16*4($inp),$T3
+	lea		16*8($inp),$inp
+
+	vpsllq		\$2,$RR2,$SS2		# S2 = R2*5*4
+	vpsllq		\$2,$RR1,$SS1		# S1 = R1*5*4
+	vpaddq		$RR2,$SS2,$SS2
+	vpaddq		$RR1,$SS1,$SS1
+	vpsllq		\$2,$SS2,$SS2
+	vpsllq		\$2,$SS1,$SS1
+
+	vpbroadcastq	$padbit,$PAD
+	vpbroadcastq	%x#$mask44,$mask44
+	vpbroadcastq	%x#$mask42,$mask42
+
+	vpbroadcastq	%x#$SS1,$S1		# broadcast 8th power
+	vpbroadcastq	%x#$SS2,$S2
+	vpbroadcastq	%x#$RR0,$R0
+	vpbroadcastq	%x#$RR1,$R1
+	vpbroadcastq	%x#$RR2,$R2
+
+	vpunpcklqdq	$T3,$T2,$T1		# transpose data
+	vpunpckhqdq	$T3,$T2,$T3
+
+	# at this point 64-bit lanes are ordered as 73625140
+
+	vpsrlq		\$24,$T3,$T2		# splat the data
+	vporq		$PAD,$T2,$T2
+	 vpaddq		$T2,$H2,$H2		# accumulate input
+	vpandq		$mask44,$T1,$T0
+	vpsrlq		\$44,$T1,$T1
+	vpsllq		\$20,$T3,$T3
+	vporq		$T3,$T1,$T1
+	vpandq		$mask44,$T1,$T1
+
+	sub		\$8,$len
+	jz		.Ltail_vpmadd52_8x
+	jmp		.Loop_vpmadd52_8x
+
+.align	32
+.Loop_vpmadd52_8x:
+	#vpaddq		$T2,$H2,$H2		# accumulate input
+	vpaddq		$T0,$H0,$H0
+	vpaddq		$T1,$H1,$H1
+
+	vpxorq		$D0lo,$D0lo,$D0lo
+	vpmadd52luq	$H2,$S1,$D0lo
+	vpxorq		$D0hi,$D0hi,$D0hi
+	vpmadd52huq	$H2,$S1,$D0hi
+	vpxorq		$D1lo,$D1lo,$D1lo
+	vpmadd52luq	$H2,$S2,$D1lo
+	vpxorq		$D1hi,$D1hi,$D1hi
+	vpmadd52huq	$H2,$S2,$D1hi
+	vpxorq		$D2lo,$D2lo,$D2lo
+	vpmadd52luq	$H2,$R0,$D2lo
+	vpxorq		$D2hi,$D2hi,$D2hi
+	vpmadd52huq	$H2,$R0,$D2hi
+
+	 vmovdqu64	16*0($inp),$T2		# load data
+	 vmovdqu64	16*4($inp),$T3
+	 lea		16*8($inp),$inp
+	vpmadd52luq	$H0,$R0,$D0lo
+	vpmadd52huq	$H0,$R0,$D0hi
+	vpmadd52luq	$H0,$R1,$D1lo
+	vpmadd52huq	$H0,$R1,$D1hi
+	vpmadd52luq	$H0,$R2,$D2lo
+	vpmadd52huq	$H0,$R2,$D2hi
+
+	 vpunpcklqdq	$T3,$T2,$T1		# transpose data
+	 vpunpckhqdq	$T3,$T2,$T3
+	vpmadd52luq	$H1,$S2,$D0lo
+	vpmadd52huq	$H1,$S2,$D0hi
+	vpmadd52luq	$H1,$R0,$D1lo
+	vpmadd52huq	$H1,$R0,$D1hi
+	vpmadd52luq	$H1,$R1,$D2lo
+	vpmadd52huq	$H1,$R1,$D2hi
+
+	################################################################
+	# partial reduction (interleaved with data splat)
+	vpsrlq		\$44,$D0lo,$tmp
+	vpsllq		\$8,$D0hi,$D0hi
+	vpandq		$mask44,$D0lo,$H0
+	vpaddq		$tmp,$D0hi,$D0hi
+
+	 vpsrlq		\$24,$T3,$T2
+	 vporq		$PAD,$T2,$T2
+	vpaddq		$D0hi,$D1lo,$D1lo
+
+	vpsrlq		\$44,$D1lo,$tmp
+	vpsllq		\$8,$D1hi,$D1hi
+	vpandq		$mask44,$D1lo,$H1
+	vpaddq		$tmp,$D1hi,$D1hi
+
+	 vpandq		$mask44,$T1,$T0
+	 vpsrlq		\$44,$T1,$T1
+	 vpsllq		\$20,$T3,$T3
+	vpaddq		$D1hi,$D2lo,$D2lo
+
+	vpsrlq		\$42,$D2lo,$tmp
+	vpsllq		\$10,$D2hi,$D2hi
+	vpandq		$mask42,$D2lo,$H2
+	vpaddq		$tmp,$D2hi,$D2hi
+
+	  vpaddq	$T2,$H2,$H2		# accumulate input
+	vpaddq		$D2hi,$H0,$H0
+	vpsllq		\$2,$D2hi,$D2hi
+
+	vpaddq		$D2hi,$H0,$H0
+	 vporq		$T3,$T1,$T1
+	 vpandq		$mask44,$T1,$T1
+
+	vpsrlq		\$44,$H0,$tmp		# additional step
+	vpandq		$mask44,$H0,$H0
+
+	vpaddq		$tmp,$H1,$H1
+
+	sub		\$8,$len		# len-=128
+	jnz		.Loop_vpmadd52_8x
+
+.Ltail_vpmadd52_8x:
+	#vpaddq		$T2,$H2,$H2		# accumulate input
+	vpaddq		$T0,$H0,$H0
+	vpaddq		$T1,$H1,$H1
+
+	vpxorq		$D0lo,$D0lo,$D0lo
+	vpmadd52luq	$H2,$SS1,$D0lo
+	vpxorq		$D0hi,$D0hi,$D0hi
+	vpmadd52huq	$H2,$SS1,$D0hi
+	vpxorq		$D1lo,$D1lo,$D1lo
+	vpmadd52luq	$H2,$SS2,$D1lo
+	vpxorq		$D1hi,$D1hi,$D1hi
+	vpmadd52huq	$H2,$SS2,$D1hi
+	vpxorq		$D2lo,$D2lo,$D2lo
+	vpmadd52luq	$H2,$RR0,$D2lo
+	vpxorq		$D2hi,$D2hi,$D2hi
+	vpmadd52huq	$H2,$RR0,$D2hi
+
+	vpmadd52luq	$H0,$RR0,$D0lo
+	vpmadd52huq	$H0,$RR0,$D0hi
+	vpmadd52luq	$H0,$RR1,$D1lo
+	vpmadd52huq	$H0,$RR1,$D1hi
+	vpmadd52luq	$H0,$RR2,$D2lo
+	vpmadd52huq	$H0,$RR2,$D2hi
+
+	vpmadd52luq	$H1,$SS2,$D0lo
+	vpmadd52huq	$H1,$SS2,$D0hi
+	vpmadd52luq	$H1,$RR0,$D1lo
+	vpmadd52huq	$H1,$RR0,$D1hi
+	vpmadd52luq	$H1,$RR1,$D2lo
+	vpmadd52huq	$H1,$RR1,$D2hi
+
+	################################################################
+	# horizontal addition
+
+	mov		\$1,%eax
+	kmovw		%eax,%k1
+	vpsrldq		\$8,$D0lo,$T0
+	vpsrldq		\$8,$D0hi,$H0
+	vpsrldq		\$8,$D1lo,$T1
+	vpsrldq		\$8,$D1hi,$H1
+	vpaddq		$T0,$D0lo,$D0lo
+	vpaddq		$H0,$D0hi,$D0hi
+	vpsrldq		\$8,$D2lo,$T2
+	vpsrldq		\$8,$D2hi,$H2
+	vpaddq		$T1,$D1lo,$D1lo
+	vpaddq		$H1,$D1hi,$D1hi
+	 vpermq		\$0x2,$D0lo,$T0
+	 vpermq		\$0x2,$D0hi,$H0
+	vpaddq		$T2,$D2lo,$D2lo
+	vpaddq		$H2,$D2hi,$D2hi
+
+	vpermq		\$0x2,$D1lo,$T1
+	vpermq		\$0x2,$D1hi,$H1
+	vpaddq		$T0,$D0lo,$D0lo
+	vpaddq		$H0,$D0hi,$D0hi
+	vpermq		\$0x2,$D2lo,$T2
+	vpermq		\$0x2,$D2hi,$H2
+	vpaddq		$T1,$D1lo,$D1lo
+	vpaddq		$H1,$D1hi,$D1hi
+	 vextracti64x4	\$1,$D0lo,%y#$T0
+	 vextracti64x4	\$1,$D0hi,%y#$H0
+	vpaddq		$T2,$D2lo,$D2lo
+	vpaddq		$H2,$D2hi,$D2hi
+
+	vextracti64x4	\$1,$D1lo,%y#$T1
+	vextracti64x4	\$1,$D1hi,%y#$H1
+	vextracti64x4	\$1,$D2lo,%y#$T2
+	vextracti64x4	\$1,$D2hi,%y#$H2
+___
+######## switch back to %ymm
+map(s/%z/%y/, $H0,$H1,$H2,$R0,$R1,$R2,$S1,$S2);
+map(s/%z/%y/, $D0lo,$D0hi,$D1lo,$D1hi,$D2lo,$D2hi);
+map(s/%z/%y/, $T0,$T1,$T2,$T3,$mask44,$mask42,$tmp,$PAD);
+
+$code.=<<___;
+	vpaddq		$T0,$D0lo,${D0lo}{%k1}{z}
+	vpaddq		$H0,$D0hi,${D0hi}{%k1}{z}
+	vpaddq		$T1,$D1lo,${D1lo}{%k1}{z}
+	vpaddq		$H1,$D1hi,${D1hi}{%k1}{z}
+	vpaddq		$T2,$D2lo,${D2lo}{%k1}{z}
+	vpaddq		$H2,$D2hi,${D2hi}{%k1}{z}
+
+	################################################################
+	# partial reduction
+	vpsrlq		\$44,$D0lo,$tmp
+	vpsllq		\$8,$D0hi,$D0hi
+	vpandq		$mask44,$D0lo,$H0
+	vpaddq		$tmp,$D0hi,$D0hi
+
+	vpaddq		$D0hi,$D1lo,$D1lo
+
+	vpsrlq		\$44,$D1lo,$tmp
+	vpsllq		\$8,$D1hi,$D1hi
+	vpandq		$mask44,$D1lo,$H1
+	vpaddq		$tmp,$D1hi,$D1hi
+
+	vpaddq		$D1hi,$D2lo,$D2lo
+
+	vpsrlq		\$42,$D2lo,$tmp
+	vpsllq		\$10,$D2hi,$D2hi
+	vpandq		$mask42,$D2lo,$H2
+	vpaddq		$tmp,$D2hi,$D2hi
+
+	vpaddq		$D2hi,$H0,$H0
+	vpsllq		\$2,$D2hi,$D2hi
+
+	vpaddq		$D2hi,$H0,$H0
+
+	vpsrlq		\$44,$H0,$tmp		# additional step
+	vpandq		$mask44,$H0,$H0
+
+	vpaddq		$tmp,$H1,$H1
+
+	################################################################
+
+	vmovq		%x#$H0,0($ctx)
+	vmovq		%x#$H1,8($ctx)
+	vmovq		%x#$H2,16($ctx)
+	vzeroall
+
+.Lno_data_vpmadd52_8x:
+	ret
+.size	poly1305_blocks_vpmadd52_8x,.-poly1305_blocks_vpmadd52_8x
+___
+}
+$code.=<<___;
+.type	poly1305_emit_base2_44,\@function,3
+.align	32
+poly1305_emit_base2_44:
+	mov	0($ctx),%r8	# load hash value
+	mov	8($ctx),%r9
+	mov	16($ctx),%r10
+
+	mov	%r9,%rax
+	shr	\$20,%r9
+	shl	\$44,%rax
+	mov	%r10,%rcx
+	shr	\$40,%r10
+	shl	\$24,%rcx
+
+	add	%rax,%r8
+	adc	%rcx,%r9
+	adc	\$0,%r10
+
+	mov	%r8,%rax
+	add	\$5,%r8		# compare to modulus
+	mov	%r9,%rcx
+	adc	\$0,%r9
+	adc	\$0,%r10
+	shr	\$2,%r10	# did 130-bit value overflow?
+	cmovnz	%r8,%rax
+	cmovnz	%r9,%rcx
+
+	add	0($nonce),%rax	# accumulate nonce
+	adc	8($nonce),%rcx
+	mov	%rax,0($mac)	# write result
+	mov	%rcx,8($mac)
+
+	ret
+.size	poly1305_emit_base2_44,.-poly1305_emit_base2_44
+___
+}	}	}
+$code.=<<___;
+.align	64
+.Lconst:
+.Lmask24:
+.long	0x0ffffff,0,0x0ffffff,0,0x0ffffff,0,0x0ffffff,0
+.L129:
+.long	`1<<24`,0,`1<<24`,0,`1<<24`,0,`1<<24`,0
+.Lmask26:
+.long	0x3ffffff,0,0x3ffffff,0,0x3ffffff,0,0x3ffffff,0
+.Lpermd_avx2:
+.long	2,2,2,3,2,0,2,1
+.Lpermd_avx512:
+.long	0,0,0,1, 0,2,0,3, 0,4,0,5, 0,6,0,7
+
+.L2_44_inp_permd:
+.long	0,1,1,2,2,3,7,7
+.L2_44_inp_shift:
+.quad	0,12,24,64
+.L2_44_mask:
+.quad	0xfffffffffff,0xfffffffffff,0x3ffffffffff,0xffffffffffffffff
+.L2_44_shift_rgt:
+.quad	44,44,42,64
+.L2_44_shift_lft:
+.quad	8,8,10,64
+
+.align	64
+.Lx_mask44:
+.quad	0xfffffffffff,0xfffffffffff,0xfffffffffff,0xfffffffffff
+.quad	0xfffffffffff,0xfffffffffff,0xfffffffffff,0xfffffffffff
+.Lx_mask42:
+.quad	0x3ffffffffff,0x3ffffffffff,0x3ffffffffff,0x3ffffffffff
+.quad	0x3ffffffffff,0x3ffffffffff,0x3ffffffffff,0x3ffffffffff
+___
+}
+$code.=<<___;
+.asciz	"Poly1305 for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+.align	16
+___
+
+{	# chacha20-poly1305 helpers
+my ($out,$inp,$otp,$len)=$win64 ? ("%rcx","%rdx","%r8", "%r9") :  # Win64 order
+                                  ("%rdi","%rsi","%rdx","%rcx");  # Unix order
+$code.=<<___;
+.globl	xor128_encrypt_n_pad
+.type	xor128_encrypt_n_pad,\@abi-omnipotent
+.align	16
+xor128_encrypt_n_pad:
+	sub	$otp,$inp
+	sub	$otp,$out
+	mov	$len,%r10		# put len aside
+	shr	\$4,$len		# len / 16
+	jz	.Ltail_enc
+	nop
+.Loop_enc_xmm:
+	movdqu	($inp,$otp),%xmm0
+	pxor	($otp),%xmm0
+	movdqu	%xmm0,($out,$otp)
+	movdqa	%xmm0,($otp)
+	lea	16($otp),$otp
+	dec	$len
+	jnz	.Loop_enc_xmm
+
+	and	\$15,%r10		# len % 16
+	jz	.Ldone_enc
+
+.Ltail_enc:
+	mov	\$16,$len
+	sub	%r10,$len
+	xor	%eax,%eax
+.Loop_enc_byte:
+	mov	($inp,$otp),%al
+	xor	($otp),%al
+	mov	%al,($out,$otp)
+	mov	%al,($otp)
+	lea	1($otp),$otp
+	dec	%r10
+	jnz	.Loop_enc_byte
+
+	xor	%eax,%eax
+.Loop_enc_pad:
+	mov	%al,($otp)
+	lea	1($otp),$otp
+	dec	$len
+	jnz	.Loop_enc_pad
+
+.Ldone_enc:
+	mov	$otp,%rax
+	ret
+.size	xor128_encrypt_n_pad,.-xor128_encrypt_n_pad
+
+.globl	xor128_decrypt_n_pad
+.type	xor128_decrypt_n_pad,\@abi-omnipotent
+.align	16
+xor128_decrypt_n_pad:
+	sub	$otp,$inp
+	sub	$otp,$out
+	mov	$len,%r10		# put len aside
+	shr	\$4,$len		# len / 16
+	jz	.Ltail_dec
+	nop
+.Loop_dec_xmm:
+	movdqu	($inp,$otp),%xmm0
+	movdqa	($otp),%xmm1
+	pxor	%xmm0,%xmm1
+	movdqu	%xmm1,($out,$otp)
+	movdqa	%xmm0,($otp)
+	lea	16($otp),$otp
+	dec	$len
+	jnz	.Loop_dec_xmm
+
+	pxor	%xmm1,%xmm1
+	and	\$15,%r10		# len % 16
+	jz	.Ldone_dec
+
+.Ltail_dec:
+	mov	\$16,$len
+	sub	%r10,$len
+	xor	%eax,%eax
+	xor	%r11,%r11
+.Loop_dec_byte:
+	mov	($inp,$otp),%r11b
+	mov	($otp),%al
+	xor	%r11b,%al
+	mov	%al,($out,$otp)
+	mov	%r11b,($otp)
+	lea	1($otp),$otp
+	dec	%r10
+	jnz	.Loop_dec_byte
+
+	xor	%eax,%eax
+.Loop_dec_pad:
+	mov	%al,($otp)
+	lea	1($otp),$otp
+	dec	$len
+	jnz	.Loop_dec_pad
+
+.Ldone_dec:
+	mov	$otp,%rax
+	ret
+.size	xor128_decrypt_n_pad,.-xor128_decrypt_n_pad
+___
+}
+
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern	__imp_RtlVirtualUnwind
+.type	se_handler,\@abi-omnipotent
+.align	16
+se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# prologue label
+	cmp	%r10,%rbx		# context->Rip<.Lprologue
+	jb	.Lcommon_seh_tail
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=.Lepilogue
+	jae	.Lcommon_seh_tail
+
+	lea	48(%rax),%rax
+
+	mov	-8(%rax),%rbx
+	mov	-16(%rax),%rbp
+	mov	-24(%rax),%r12
+	mov	-32(%rax),%r13
+	mov	-40(%rax),%r14
+	mov	-48(%rax),%r15
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+	mov	%r14,232($context)	# restore context->R14
+	mov	%r15,240($context)	# restore context->R14
+
+	jmp	.Lcommon_seh_tail
+.size	se_handler,.-se_handler
+
+.type	avx_handler,\@abi-omnipotent
+.align	16
+avx_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# prologue label
+	cmp	%r10,%rbx		# context->Rip<prologue label
+	jb	.Lcommon_seh_tail
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lcommon_seh_tail
+
+	mov	208($context),%rax	# pull context->R11
+
+	lea	0x50(%rax),%rsi
+	lea	0xf8(%rax),%rax
+	lea	512($context),%rdi	# &context.Xmm6
+	mov	\$20,%ecx
+	.long	0xa548f3fc		# cld; rep movsq
+
+.Lcommon_seh_tail:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$154,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	avx_handler,.-avx_handler
+
+.section	.pdata
+.align	4
+	.rva	.LSEH_begin_poly1305_init
+	.rva	.LSEH_end_poly1305_init
+	.rva	.LSEH_info_poly1305_init
+
+	.rva	.LSEH_begin_poly1305_blocks
+	.rva	.LSEH_end_poly1305_blocks
+	.rva	.LSEH_info_poly1305_blocks
+
+	.rva	.LSEH_begin_poly1305_emit
+	.rva	.LSEH_end_poly1305_emit
+	.rva	.LSEH_info_poly1305_emit
+___
+$code.=<<___ if ($avx);
+	.rva	.LSEH_begin_poly1305_blocks_avx
+	.rva	.Lbase2_64_avx
+	.rva	.LSEH_info_poly1305_blocks_avx_1
+
+	.rva	.Lbase2_64_avx
+	.rva	.Leven_avx
+	.rva	.LSEH_info_poly1305_blocks_avx_2
+
+	.rva	.Leven_avx
+	.rva	.LSEH_end_poly1305_blocks_avx
+	.rva	.LSEH_info_poly1305_blocks_avx_3
+
+	.rva	.LSEH_begin_poly1305_emit_avx
+	.rva	.LSEH_end_poly1305_emit_avx
+	.rva	.LSEH_info_poly1305_emit_avx
+___
+$code.=<<___ if ($avx>1);
+	.rva	.LSEH_begin_poly1305_blocks_avx2
+	.rva	.Lbase2_64_avx2
+	.rva	.LSEH_info_poly1305_blocks_avx2_1
+
+	.rva	.Lbase2_64_avx2
+	.rva	.Leven_avx2
+	.rva	.LSEH_info_poly1305_blocks_avx2_2
+
+	.rva	.Leven_avx2
+	.rva	.LSEH_end_poly1305_blocks_avx2
+	.rva	.LSEH_info_poly1305_blocks_avx2_3
+___
+$code.=<<___ if ($avx>2);
+	.rva	.LSEH_begin_poly1305_blocks_avx512
+	.rva	.LSEH_end_poly1305_blocks_avx512
+	.rva	.LSEH_info_poly1305_blocks_avx512
+___
+$code.=<<___;
+.section	.xdata
+.align	8
+.LSEH_info_poly1305_init:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.LSEH_begin_poly1305_init,.LSEH_begin_poly1305_init
+
+.LSEH_info_poly1305_blocks:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lblocks_body,.Lblocks_epilogue
+
+.LSEH_info_poly1305_emit:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.LSEH_begin_poly1305_emit,.LSEH_begin_poly1305_emit
+___
+$code.=<<___ if ($avx);
+.LSEH_info_poly1305_blocks_avx_1:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lblocks_avx_body,.Lblocks_avx_epilogue		# HandlerData[]
+
+.LSEH_info_poly1305_blocks_avx_2:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lbase2_64_avx_body,.Lbase2_64_avx_epilogue	# HandlerData[]
+
+.LSEH_info_poly1305_blocks_avx_3:
+	.byte	9,0,0,0
+	.rva	avx_handler
+	.rva	.Ldo_avx_body,.Ldo_avx_epilogue			# HandlerData[]
+
+.LSEH_info_poly1305_emit_avx:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.LSEH_begin_poly1305_emit_avx,.LSEH_begin_poly1305_emit_avx
+___
+$code.=<<___ if ($avx>1);
+.LSEH_info_poly1305_blocks_avx2_1:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lblocks_avx2_body,.Lblocks_avx2_epilogue	# HandlerData[]
+
+.LSEH_info_poly1305_blocks_avx2_2:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lbase2_64_avx2_body,.Lbase2_64_avx2_epilogue	# HandlerData[]
+
+.LSEH_info_poly1305_blocks_avx2_3:
+	.byte	9,0,0,0
+	.rva	avx_handler
+	.rva	.Ldo_avx2_body,.Ldo_avx2_epilogue		# HandlerData[]
+___
+$code.=<<___ if ($avx>2);
+.LSEH_info_poly1305_blocks_avx512:
+	.byte	9,0,0,0
+	.rva	avx_handler
+	.rva	.Ldo_avx512_body,.Ldo_avx512_epilogue		# HandlerData[]
+___
+}
+
+foreach (split('\n',$code)) {
+	s/\`([^\`]*)\`/eval($1)/ge;
+	s/%r([a-z]+)#d/%e$1/g;
+	s/%r([0-9]+)#d/%r$1d/g;
+	s/%x#%[yz]/%x/g or s/%y#%z/%y/g or s/%z#%[yz]/%z/g;
+
+	print $_,"\n";
+}
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/build.info
new file mode 100644
index 000000000..631b32b8e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/build.info
@@ -0,0 +1,24 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        poly1305_pmeth.c \
+        poly1305_ameth.c \
+        poly1305.c {- $target{poly1305_asm_src} -}
+
+GENERATE[poly1305-sparcv9.S]=asm/poly1305-sparcv9.pl $(PERLASM_SCHEME)
+INCLUDE[poly1305-sparcv9.o]=..
+GENERATE[poly1305-x86.s]=asm/poly1305-x86.pl \
+        $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR)
+GENERATE[poly1305-x86_64.s]=asm/poly1305-x86_64.pl $(PERLASM_SCHEME)
+GENERATE[poly1305-ppc.s]=asm/poly1305-ppc.pl $(PERLASM_SCHEME)
+GENERATE[poly1305-ppcfp.s]=asm/poly1305-ppcfp.pl $(PERLASM_SCHEME)
+GENERATE[poly1305-armv4.S]=asm/poly1305-armv4.pl $(PERLASM_SCHEME)
+INCLUDE[poly1305-armv4.o]=..
+GENERATE[poly1305-armv8.S]=asm/poly1305-armv8.pl $(PERLASM_SCHEME)
+INCLUDE[poly1305-armv8.o]=..
+GENERATE[poly1305-mips.S]=asm/poly1305-mips.pl $(PERLASM_SCHEME)
+INCLUDE[poly1305-mips.o]=..
+
+BEGINRAW[Makefile(unix)]
+{- $builddir -}/poly1305-%.S:	{- $sourcedir -}/asm/poly1305-%.pl
+	CC="$(CC)" $(PERL) $< $(PERLASM_SCHEME) $@
+ENDRAW[Makefile(unix)]
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/poly1305.c b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/poly1305.c
new file mode 100644
index 000000000..1d182364a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/poly1305.c
@@ -0,0 +1,531 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/crypto.h>
+
+#include "internal/poly1305.h"
+#include "poly1305_local.h"
+
+size_t Poly1305_ctx_size(void)
+{
+    return sizeof(struct poly1305_context);
+}
+
+/* pick 32-bit unsigned integer in little endian order */
+static unsigned int U8TOU32(const unsigned char *p)
+{
+    return (((unsigned int)(p[0] & 0xff)) |
+            ((unsigned int)(p[1] & 0xff) << 8) |
+            ((unsigned int)(p[2] & 0xff) << 16) |
+            ((unsigned int)(p[3] & 0xff) << 24));
+}
+
+/*
+ * Implementations can be classified by amount of significant bits in
+ * words making up the multi-precision value, or in other words radix
+ * or base of numerical representation, e.g. base 2^64, base 2^32,
+ * base 2^26. Complementary characteristic is how wide is the result of
+ * multiplication of pair of digits, e.g. it would take 128 bits to
+ * accommodate multiplication result in base 2^64 case. These are used
+ * interchangeably. To describe implementation that is. But interface
+ * is designed to isolate this so that low-level primitives implemented
+ * in assembly can be self-contained/self-coherent.
+ */
+#ifndef POLY1305_ASM
+/*
+ * Even though there is __int128 reference implementation targeting
+ * 64-bit platforms provided below, it's not obvious that it's optimal
+ * choice for every one of them. Depending on instruction set overall
+ * amount of instructions can be comparable to one in __int64
+ * implementation. Amount of multiplication instructions would be lower,
+ * but not necessarily overall. And in out-of-order execution context,
+ * it is the latter that can be crucial...
+ *
+ * On related note. Poly1305 author, D. J. Bernstein, discusses and
+ * provides floating-point implementations of the algorithm in question.
+ * It made a lot of sense by the time of introduction, because most
+ * then-modern processors didn't have pipelined integer multiplier.
+ * [Not to mention that some had non-constant timing for integer
+ * multiplications.] Floating-point instructions on the other hand could
+ * be issued every cycle, which allowed to achieve better performance.
+ * Nowadays, with SIMD and/or out-or-order execution, shared or
+ * even emulated FPU, it's more complicated, and floating-point
+ * implementation is not necessarily optimal choice in every situation,
+ * rather contrary...
+ *
+ *                                              <appro@openssl.org>
+ */
+
+typedef unsigned int u32;
+
+/*
+ * poly1305_blocks processes a multiple of POLY1305_BLOCK_SIZE blocks
+ * of |inp| no longer than |len|. Behaviour for |len| not divisible by
+ * block size is unspecified in general case, even though in reference
+ * implementation the trailing chunk is simply ignored. Per algorithm
+ * specification, every input block, complete or last partial, is to be
+ * padded with a bit past most significant byte. The latter kind is then
+ * padded with zeros till block size. This last partial block padding
+ * is caller(*)'s responsibility, and because of this the last partial
+ * block is always processed with separate call with |len| set to
+ * POLY1305_BLOCK_SIZE and |padbit| to 0. In all other cases |padbit|
+ * should be set to 1 to perform implicit padding with 128th bit.
+ * poly1305_blocks does not actually check for this constraint though,
+ * it's caller(*)'s responsibility to comply.
+ *
+ * (*)  In the context "caller" is not application code, but higher
+ *      level Poly1305_* from this very module, so that quirks are
+ *      handled locally.
+ */
+static void
+poly1305_blocks(void *ctx, const unsigned char *inp, size_t len, u32 padbit);
+
+/*
+ * Type-agnostic "rip-off" from constant_time_locl.h
+ */
+# define CONSTANT_TIME_CARRY(a,b) ( \
+         (a ^ ((a ^ b) | ((a - b) ^ b))) >> (sizeof(a) * 8 - 1) \
+         )
+
+# if (defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16) && \
+     (defined(__SIZEOF_LONG__) && __SIZEOF_LONG__==8)
+
+typedef unsigned long u64;
+typedef __uint128_t u128;
+
+typedef struct {
+    u64 h[3];
+    u64 r[2];
+} poly1305_internal;
+
+/* pick 32-bit unsigned integer in little endian order */
+static u64 U8TOU64(const unsigned char *p)
+{
+    return (((u64)(p[0] & 0xff)) |
+            ((u64)(p[1] & 0xff) << 8) |
+            ((u64)(p[2] & 0xff) << 16) |
+            ((u64)(p[3] & 0xff) << 24) |
+            ((u64)(p[4] & 0xff) << 32) |
+            ((u64)(p[5] & 0xff) << 40) |
+            ((u64)(p[6] & 0xff) << 48) |
+            ((u64)(p[7] & 0xff) << 56));
+}
+
+/* store a 32-bit unsigned integer in little endian */
+static void U64TO8(unsigned char *p, u64 v)
+{
+    p[0] = (unsigned char)((v) & 0xff);
+    p[1] = (unsigned char)((v >> 8) & 0xff);
+    p[2] = (unsigned char)((v >> 16) & 0xff);
+    p[3] = (unsigned char)((v >> 24) & 0xff);
+    p[4] = (unsigned char)((v >> 32) & 0xff);
+    p[5] = (unsigned char)((v >> 40) & 0xff);
+    p[6] = (unsigned char)((v >> 48) & 0xff);
+    p[7] = (unsigned char)((v >> 56) & 0xff);
+}
+
+static void poly1305_init(void *ctx, const unsigned char key[16])
+{
+    poly1305_internal *st = (poly1305_internal *) ctx;
+
+    /* h = 0 */
+    st->h[0] = 0;
+    st->h[1] = 0;
+    st->h[2] = 0;
+
+    /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */
+    st->r[0] = U8TOU64(&key[0]) & 0x0ffffffc0fffffff;
+    st->r[1] = U8TOU64(&key[8]) & 0x0ffffffc0ffffffc;
+}
+
+static void
+poly1305_blocks(void *ctx, const unsigned char *inp, size_t len, u32 padbit)
+{
+    poly1305_internal *st = (poly1305_internal *)ctx;
+    u64 r0, r1;
+    u64 s1;
+    u64 h0, h1, h2, c;
+    u128 d0, d1;
+
+    r0 = st->r[0];
+    r1 = st->r[1];
+
+    s1 = r1 + (r1 >> 2);
+
+    h0 = st->h[0];
+    h1 = st->h[1];
+    h2 = st->h[2];
+
+    while (len >= POLY1305_BLOCK_SIZE) {
+        /* h += m[i] */
+        h0 = (u64)(d0 = (u128)h0 + U8TOU64(inp + 0));
+        h1 = (u64)(d1 = (u128)h1 + (d0 >> 64) + U8TOU64(inp + 8));
+        /*
+         * padbit can be zero only when original len was
+         * POLY1306_BLOCK_SIZE, but we don't check
+         */
+        h2 += (u64)(d1 >> 64) + padbit;
+
+        /* h *= r "%" p, where "%" stands for "partial remainder" */
+        d0 = ((u128)h0 * r0) +
+             ((u128)h1 * s1);
+        d1 = ((u128)h0 * r1) +
+             ((u128)h1 * r0) +
+             (h2 * s1);
+        h2 = (h2 * r0);
+
+        /* last reduction step: */
+        /* a) h2:h0 = h2<<128 + d1<<64 + d0 */
+        h0 = (u64)d0;
+        h1 = (u64)(d1 += d0 >> 64);
+        h2 += (u64)(d1 >> 64);
+        /* b) (h2:h0 += (h2:h0>>130) * 5) %= 2^130 */
+        c = (h2 >> 2) + (h2 & ~3UL);
+        h2 &= 3;
+        h0 += c;
+        h1 += (c = CONSTANT_TIME_CARRY(h0,c));
+        h2 += CONSTANT_TIME_CARRY(h1,c);
+        /*
+         * Occasional overflows to 3rd bit of h2 are taken care of
+         * "naturally". If after this point we end up at the top of
+         * this loop, then the overflow bit will be accounted for
+         * in next iteration. If we end up in poly1305_emit, then
+         * comparison to modulus below will still count as "carry
+         * into 131st bit", so that properly reduced value will be
+         * picked in conditional move.
+         */
+
+        inp += POLY1305_BLOCK_SIZE;
+        len -= POLY1305_BLOCK_SIZE;
+    }
+
+    st->h[0] = h0;
+    st->h[1] = h1;
+    st->h[2] = h2;
+}
+
+static void poly1305_emit(void *ctx, unsigned char mac[16],
+                          const u32 nonce[4])
+{
+    poly1305_internal *st = (poly1305_internal *) ctx;
+    u64 h0, h1, h2;
+    u64 g0, g1, g2;
+    u128 t;
+    u64 mask;
+
+    h0 = st->h[0];
+    h1 = st->h[1];
+    h2 = st->h[2];
+
+    /* compare to modulus by computing h + -p */
+    g0 = (u64)(t = (u128)h0 + 5);
+    g1 = (u64)(t = (u128)h1 + (t >> 64));
+    g2 = h2 + (u64)(t >> 64);
+
+    /* if there was carry into 131st bit, h1:h0 = g1:g0 */
+    mask = 0 - (g2 >> 2);
+    g0 &= mask;
+    g1 &= mask;
+    mask = ~mask;
+    h0 = (h0 & mask) | g0;
+    h1 = (h1 & mask) | g1;
+
+    /* mac = (h + nonce) % (2^128) */
+    h0 = (u64)(t = (u128)h0 + nonce[0] + ((u64)nonce[1]<<32));
+    h1 = (u64)(t = (u128)h1 + nonce[2] + ((u64)nonce[3]<<32) + (t >> 64));
+
+    U64TO8(mac + 0, h0);
+    U64TO8(mac + 8, h1);
+}
+
+# else
+
+#  if defined(_WIN32) && !defined(__MINGW32__)
+typedef unsigned __int64 u64;
+#  elif defined(__arch64__)
+typedef unsigned long u64;
+#  else
+typedef unsigned long long u64;
+#  endif
+
+typedef struct {
+    u32 h[5];
+    u32 r[4];
+} poly1305_internal;
+
+/* store a 32-bit unsigned integer in little endian */
+static void U32TO8(unsigned char *p, unsigned int v)
+{
+    p[0] = (unsigned char)((v) & 0xff);
+    p[1] = (unsigned char)((v >> 8) & 0xff);
+    p[2] = (unsigned char)((v >> 16) & 0xff);
+    p[3] = (unsigned char)((v >> 24) & 0xff);
+}
+
+static void poly1305_init(void *ctx, const unsigned char key[16])
+{
+    poly1305_internal *st = (poly1305_internal *) ctx;
+
+    /* h = 0 */
+    st->h[0] = 0;
+    st->h[1] = 0;
+    st->h[2] = 0;
+    st->h[3] = 0;
+    st->h[4] = 0;
+
+    /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */
+    st->r[0] = U8TOU32(&key[0]) & 0x0fffffff;
+    st->r[1] = U8TOU32(&key[4]) & 0x0ffffffc;
+    st->r[2] = U8TOU32(&key[8]) & 0x0ffffffc;
+    st->r[3] = U8TOU32(&key[12]) & 0x0ffffffc;
+}
+
+static void
+poly1305_blocks(void *ctx, const unsigned char *inp, size_t len, u32 padbit)
+{
+    poly1305_internal *st = (poly1305_internal *)ctx;
+    u32 r0, r1, r2, r3;
+    u32 s1, s2, s3;
+    u32 h0, h1, h2, h3, h4, c;
+    u64 d0, d1, d2, d3;
+
+    r0 = st->r[0];
+    r1 = st->r[1];
+    r2 = st->r[2];
+    r3 = st->r[3];
+
+    s1 = r1 + (r1 >> 2);
+    s2 = r2 + (r2 >> 2);
+    s3 = r3 + (r3 >> 2);
+
+    h0 = st->h[0];
+    h1 = st->h[1];
+    h2 = st->h[2];
+    h3 = st->h[3];
+    h4 = st->h[4];
+
+    while (len >= POLY1305_BLOCK_SIZE) {
+        /* h += m[i] */
+        h0 = (u32)(d0 = (u64)h0 + U8TOU32(inp + 0));
+        h1 = (u32)(d1 = (u64)h1 + (d0 >> 32) + U8TOU32(inp + 4));
+        h2 = (u32)(d2 = (u64)h2 + (d1 >> 32) + U8TOU32(inp + 8));
+        h3 = (u32)(d3 = (u64)h3 + (d2 >> 32) + U8TOU32(inp + 12));
+        h4 += (u32)(d3 >> 32) + padbit;
+
+        /* h *= r "%" p, where "%" stands for "partial remainder" */
+        d0 = ((u64)h0 * r0) +
+             ((u64)h1 * s3) +
+             ((u64)h2 * s2) +
+             ((u64)h3 * s1);
+        d1 = ((u64)h0 * r1) +
+             ((u64)h1 * r0) +
+             ((u64)h2 * s3) +
+             ((u64)h3 * s2) +
+             (h4 * s1);
+        d2 = ((u64)h0 * r2) +
+             ((u64)h1 * r1) +
+             ((u64)h2 * r0) +
+             ((u64)h3 * s3) +
+             (h4 * s2);
+        d3 = ((u64)h0 * r3) +
+             ((u64)h1 * r2) +
+             ((u64)h2 * r1) +
+             ((u64)h3 * r0) +
+             (h4 * s3);
+        h4 = (h4 * r0);
+
+        /* last reduction step: */
+        /* a) h4:h0 = h4<<128 + d3<<96 + d2<<64 + d1<<32 + d0 */
+        h0 = (u32)d0;
+        h1 = (u32)(d1 += d0 >> 32);
+        h2 = (u32)(d2 += d1 >> 32);
+        h3 = (u32)(d3 += d2 >> 32);
+        h4 += (u32)(d3 >> 32);
+        /* b) (h4:h0 += (h4:h0>>130) * 5) %= 2^130 */
+        c = (h4 >> 2) + (h4 & ~3U);
+        h4 &= 3;
+        h0 += c;
+        h1 += (c = CONSTANT_TIME_CARRY(h0,c));
+        h2 += (c = CONSTANT_TIME_CARRY(h1,c));
+        h3 += (c = CONSTANT_TIME_CARRY(h2,c));
+        h4 += CONSTANT_TIME_CARRY(h3,c);
+        /*
+         * Occasional overflows to 3rd bit of h4 are taken care of
+         * "naturally". If after this point we end up at the top of
+         * this loop, then the overflow bit will be accounted for
+         * in next iteration. If we end up in poly1305_emit, then
+         * comparison to modulus below will still count as "carry
+         * into 131st bit", so that properly reduced value will be
+         * picked in conditional move.
+         */
+
+        inp += POLY1305_BLOCK_SIZE;
+        len -= POLY1305_BLOCK_SIZE;
+    }
+
+    st->h[0] = h0;
+    st->h[1] = h1;
+    st->h[2] = h2;
+    st->h[3] = h3;
+    st->h[4] = h4;
+}
+
+static void poly1305_emit(void *ctx, unsigned char mac[16],
+                          const u32 nonce[4])
+{
+    poly1305_internal *st = (poly1305_internal *) ctx;
+    u32 h0, h1, h2, h3, h4;
+    u32 g0, g1, g2, g3, g4;
+    u64 t;
+    u32 mask;
+
+    h0 = st->h[0];
+    h1 = st->h[1];
+    h2 = st->h[2];
+    h3 = st->h[3];
+    h4 = st->h[4];
+
+    /* compare to modulus by computing h + -p */
+    g0 = (u32)(t = (u64)h0 + 5);
+    g1 = (u32)(t = (u64)h1 + (t >> 32));
+    g2 = (u32)(t = (u64)h2 + (t >> 32));
+    g3 = (u32)(t = (u64)h3 + (t >> 32));
+    g4 = h4 + (u32)(t >> 32);
+
+    /* if there was carry into 131st bit, h3:h0 = g3:g0 */
+    mask = 0 - (g4 >> 2);
+    g0 &= mask;
+    g1 &= mask;
+    g2 &= mask;
+    g3 &= mask;
+    mask = ~mask;
+    h0 = (h0 & mask) | g0;
+    h1 = (h1 & mask) | g1;
+    h2 = (h2 & mask) | g2;
+    h3 = (h3 & mask) | g3;
+
+    /* mac = (h + nonce) % (2^128) */
+    h0 = (u32)(t = (u64)h0 + nonce[0]);
+    h1 = (u32)(t = (u64)h1 + (t >> 32) + nonce[1]);
+    h2 = (u32)(t = (u64)h2 + (t >> 32) + nonce[2]);
+    h3 = (u32)(t = (u64)h3 + (t >> 32) + nonce[3]);
+
+    U32TO8(mac + 0, h0);
+    U32TO8(mac + 4, h1);
+    U32TO8(mac + 8, h2);
+    U32TO8(mac + 12, h3);
+}
+# endif
+#else
+int poly1305_init(void *ctx, const unsigned char key[16], void *func);
+void poly1305_blocks(void *ctx, const unsigned char *inp, size_t len,
+                     unsigned int padbit);
+void poly1305_emit(void *ctx, unsigned char mac[16],
+                   const unsigned int nonce[4]);
+#endif
+
+void Poly1305_Init(POLY1305 *ctx, const unsigned char key[32])
+{
+    ctx->nonce[0] = U8TOU32(&key[16]);
+    ctx->nonce[1] = U8TOU32(&key[20]);
+    ctx->nonce[2] = U8TOU32(&key[24]);
+    ctx->nonce[3] = U8TOU32(&key[28]);
+
+#ifndef POLY1305_ASM
+    poly1305_init(ctx->opaque, key);
+#else
+    /*
+     * Unlike reference poly1305_init assembly counterpart is expected
+     * to return a value: non-zero if it initializes ctx->func, and zero
+     * otherwise. Latter is to simplify assembly in cases when there no
+     * multiple code paths to switch between.
+     */
+    if (!poly1305_init(ctx->opaque, key, &ctx->func)) {
+        ctx->func.blocks = poly1305_blocks;
+        ctx->func.emit = poly1305_emit;
+    }
+#endif
+
+    ctx->num = 0;
+
+}
+
+#ifdef POLY1305_ASM
+/*
+ * This "eclipses" poly1305_blocks and poly1305_emit, but it's
+ * conscious choice imposed by -Wshadow compiler warnings.
+ */
+# define poly1305_blocks (*poly1305_blocks_p)
+# define poly1305_emit   (*poly1305_emit_p)
+#endif
+
+void Poly1305_Update(POLY1305 *ctx, const unsigned char *inp, size_t len)
+{
+#ifdef POLY1305_ASM
+    /*
+     * As documented, poly1305_blocks is never called with input
+     * longer than single block and padbit argument set to 0. This
+     * property is fluently used in assembly modules to optimize
+     * padbit handling on loop boundary.
+     */
+    poly1305_blocks_f poly1305_blocks_p = ctx->func.blocks;
+#endif
+    size_t rem, num;
+
+    if ((num = ctx->num)) {
+        rem = POLY1305_BLOCK_SIZE - num;
+        if (len >= rem) {
+            memcpy(ctx->data + num, inp, rem);
+            poly1305_blocks(ctx->opaque, ctx->data, POLY1305_BLOCK_SIZE, 1);
+            inp += rem;
+            len -= rem;
+        } else {
+            /* Still not enough data to process a block. */
+            memcpy(ctx->data + num, inp, len);
+            ctx->num = num + len;
+            return;
+        }
+    }
+
+    rem = len % POLY1305_BLOCK_SIZE;
+    len -= rem;
+
+    if (len >= POLY1305_BLOCK_SIZE) {
+        poly1305_blocks(ctx->opaque, inp, len, 1);
+        inp += len;
+    }
+
+    if (rem)
+        memcpy(ctx->data, inp, rem);
+
+    ctx->num = rem;
+}
+
+void Poly1305_Final(POLY1305 *ctx, unsigned char mac[16])
+{
+#ifdef POLY1305_ASM
+    poly1305_blocks_f poly1305_blocks_p = ctx->func.blocks;
+    poly1305_emit_f poly1305_emit_p = ctx->func.emit;
+#endif
+    size_t num;
+
+    if ((num = ctx->num)) {
+        ctx->data[num++] = 1;   /* pad bit */
+        while (num < POLY1305_BLOCK_SIZE)
+            ctx->data[num++] = 0;
+        poly1305_blocks(ctx->opaque, ctx->data, POLY1305_BLOCK_SIZE, 0);
+    }
+
+    poly1305_emit(ctx->opaque, mac, ctx->nonce);
+
+    /* zero out the state */
+    OPENSSL_cleanse(ctx, sizeof(*ctx));
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/poly1305_ameth.c b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/poly1305_ameth.c
new file mode 100644
index 000000000..033ee8cd9
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/poly1305_ameth.c
@@ -0,0 +1,122 @@
+/*
+ * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include "internal/asn1_int.h"
+#include "internal/poly1305.h"
+#include "poly1305_local.h"
+#include "internal/evp_int.h"
+
+/*
+ * POLY1305 "ASN1" method. This is just here to indicate the maximum
+ * POLY1305 output length and to free up a POLY1305 key.
+ */
+
+static int poly1305_size(const EVP_PKEY *pkey)
+{
+    return POLY1305_DIGEST_SIZE;
+}
+
+static void poly1305_key_free(EVP_PKEY *pkey)
+{
+    ASN1_OCTET_STRING *os = EVP_PKEY_get0(pkey);
+    if (os != NULL) {
+        if (os->data != NULL)
+            OPENSSL_cleanse(os->data, os->length);
+        ASN1_OCTET_STRING_free(os);
+    }
+}
+
+static int poly1305_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+{
+    /* nothing, (including ASN1_PKEY_CTRL_DEFAULT_MD_NID), is supported */
+    return -2;
+}
+
+static int poly1305_pkey_public_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+    return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b));
+}
+
+static int poly1305_set_priv_key(EVP_PKEY *pkey, const unsigned char *priv,
+                                 size_t len)
+{
+    ASN1_OCTET_STRING *os;
+
+    if (pkey->pkey.ptr != NULL || len != POLY1305_KEY_SIZE)
+        return 0;
+
+    os = ASN1_OCTET_STRING_new();
+    if (os == NULL)
+        return 0;
+
+    if (!ASN1_OCTET_STRING_set(os, priv, len)) {
+        ASN1_OCTET_STRING_free(os);
+        return 0;
+    }
+
+    pkey->pkey.ptr = os;
+    return 1;
+}
+
+static int poly1305_get_priv_key(const EVP_PKEY *pkey, unsigned char *priv,
+                                 size_t *len)
+{
+    ASN1_OCTET_STRING *os = (ASN1_OCTET_STRING *)pkey->pkey.ptr;
+
+    if (priv == NULL) {
+        *len = POLY1305_KEY_SIZE;
+        return 1;
+    }
+
+    if (os == NULL || *len < POLY1305_KEY_SIZE)
+        return 0;
+
+    memcpy(priv, ASN1_STRING_get0_data(os), ASN1_STRING_length(os));
+    *len = POLY1305_KEY_SIZE;
+
+    return 1;
+}
+
+const EVP_PKEY_ASN1_METHOD poly1305_asn1_meth = {
+    EVP_PKEY_POLY1305,
+    EVP_PKEY_POLY1305,
+    0,
+
+    "POLY1305",
+    "OpenSSL POLY1305 method",
+
+    0, 0, poly1305_pkey_public_cmp, 0,
+
+    0, 0, 0,
+
+    poly1305_size,
+    0, 0,
+    0, 0, 0, 0, 0, 0, 0,
+
+    poly1305_key_free,
+    poly1305_pkey_ctrl,
+    NULL,
+    NULL,
+
+    NULL,
+    NULL,
+    NULL,
+
+    NULL,
+    NULL,
+    NULL,
+
+    poly1305_set_priv_key,
+    NULL,
+    poly1305_get_priv_key,
+    NULL,
+};
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/poly1305_base2_44.c b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/poly1305_base2_44.c
new file mode 100644
index 000000000..b6313d01b
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/poly1305_base2_44.c
@@ -0,0 +1,171 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This module is meant to be used as template for base 2^44 assembly
+ * implementation[s]. On side note compiler-generated code is not
+ * slower than compiler-generated base 2^64 code on [high-end] x86_64,
+ * even though amount of multiplications is 50% higher. Go figure...
+ */
+#include <stdlib.h>
+
+typedef unsigned char u8;
+typedef unsigned int u32;
+typedef unsigned long u64;
+typedef unsigned __int128 u128;
+
+typedef struct {
+    u64 h[3];
+    u64 s[2];
+    u64 r[3];
+} poly1305_internal;
+
+#define POLY1305_BLOCK_SIZE 16
+
+/* pick 64-bit unsigned integer in little endian order */
+static u64 U8TOU64(const unsigned char *p)
+{
+    return (((u64)(p[0] & 0xff)) |
+            ((u64)(p[1] & 0xff) << 8) |
+            ((u64)(p[2] & 0xff) << 16) |
+            ((u64)(p[3] & 0xff) << 24) |
+            ((u64)(p[4] & 0xff) << 32) |
+            ((u64)(p[5] & 0xff) << 40) |
+            ((u64)(p[6] & 0xff) << 48) |
+            ((u64)(p[7] & 0xff) << 56));
+}
+
+/* store a 64-bit unsigned integer in little endian */
+static void U64TO8(unsigned char *p, u64 v)
+{
+    p[0] = (unsigned char)((v) & 0xff);
+    p[1] = (unsigned char)((v >> 8) & 0xff);
+    p[2] = (unsigned char)((v >> 16) & 0xff);
+    p[3] = (unsigned char)((v >> 24) & 0xff);
+    p[4] = (unsigned char)((v >> 32) & 0xff);
+    p[5] = (unsigned char)((v >> 40) & 0xff);
+    p[6] = (unsigned char)((v >> 48) & 0xff);
+    p[7] = (unsigned char)((v >> 56) & 0xff);
+}
+
+int poly1305_init(void *ctx, const unsigned char key[16])
+{
+    poly1305_internal *st = (poly1305_internal *)ctx;
+    u64 r0, r1;
+
+    /* h = 0 */
+    st->h[0] = 0;
+    st->h[1] = 0;
+    st->h[2] = 0;
+
+    r0 = U8TOU64(&key[0]) & 0x0ffffffc0fffffff;
+    r1 = U8TOU64(&key[8]) & 0x0ffffffc0ffffffc;
+
+    /* break r1:r0 to three 44-bit digits, masks are 1<<44-1 */
+    st->r[0] = r0 & 0x0fffffffffff;
+    st->r[1] = ((r0 >> 44) | (r1 << 20))  & 0x0fffffffffff;
+    st->r[2] = (r1 >> 24);
+
+    st->s[0] = (st->r[1] + (st->r[1] << 2)) << 2;
+    st->s[1] = (st->r[2] + (st->r[2] << 2)) << 2;
+
+    return 0;
+}
+
+void poly1305_blocks(void *ctx, const unsigned char *inp, size_t len,
+                     u32 padbit)
+{
+    poly1305_internal *st = (poly1305_internal *)ctx;
+    u64 r0, r1, r2;
+    u64 s1, s2;
+    u64 h0, h1, h2, c;
+    u128 d0, d1, d2;
+    u64 pad = (u64)padbit << 40;
+
+    r0 = st->r[0];
+    r1 = st->r[1];
+    r2 = st->r[2];
+
+    s1 = st->s[0];
+    s2 = st->s[1];
+
+    h0 = st->h[0];
+    h1 = st->h[1];
+    h2 = st->h[2];
+
+    while (len >= POLY1305_BLOCK_SIZE) {
+        u64 m0, m1;
+
+        m0 = U8TOU64(inp + 0);
+        m1 = U8TOU64(inp + 8);
+
+        /* h += m[i], m[i] is broken to 44-bit digits */
+        h0 += m0 & 0x0fffffffffff;
+        h1 += ((m0 >> 44) | (m1 << 20))  & 0x0fffffffffff;
+        h2 +=  (m1 >> 24) + pad;
+
+        /* h *= r "%" p, where "%" stands for "partial remainder" */
+        d0 = ((u128)h0 * r0) + ((u128)h1 * s2) + ((u128)h2 * s1);
+        d1 = ((u128)h0 * r1) + ((u128)h1 * r0) + ((u128)h2 * s2);
+        d2 = ((u128)h0 * r2) + ((u128)h1 * r1) + ((u128)h2 * r0);
+
+        /* "lazy" reduction step */
+        h0 = (u64)d0 & 0x0fffffffffff;
+        h1 = (u64)(d1 += (u64)(d0 >> 44)) & 0x0fffffffffff;
+        h2 = (u64)(d2 += (u64)(d1 >> 44)) & 0x03ffffffffff; /* last 42 bits */
+
+        c = (d2 >> 42);
+        h0 += c + (c << 2);
+
+        inp += POLY1305_BLOCK_SIZE;
+        len -= POLY1305_BLOCK_SIZE;
+    }
+
+    st->h[0] = h0;
+    st->h[1] = h1;
+    st->h[2] = h2;
+}
+
+void poly1305_emit(void *ctx, unsigned char mac[16], const u32 nonce[4])
+{
+    poly1305_internal *st = (poly1305_internal *) ctx;
+    u64 h0, h1, h2;
+    u64 g0, g1, g2;
+    u128 t;
+    u64 mask;
+
+    h0 = st->h[0];
+    h1 = st->h[1];
+    h2 = st->h[2];
+
+    /* after "lazy" reduction, convert 44+bit digits to 64-bit ones */
+    h0 = (u64)(t = (u128)h0 + (h1 << 44));              h1 >>= 20;
+    h1 = (u64)(t = (u128)h1 + (h2 << 24) + (t >> 64));  h2 >>= 40;
+    h2 += (u64)(t >> 64);
+
+    /* compare to modulus by computing h + -p */
+    g0 = (u64)(t = (u128)h0 + 5);
+    g1 = (u64)(t = (u128)h1 + (t >> 64));
+    g2 = h2 + (u64)(t >> 64);
+
+    /* if there was carry into 131st bit, h1:h0 = g1:g0 */
+    mask = 0 - (g2 >> 2);
+    g0 &= mask;
+    g1 &= mask;
+    mask = ~mask;
+    h0 = (h0 & mask) | g0;
+    h1 = (h1 & mask) | g1;
+
+    /* mac = (h + nonce) % (2^128) */
+    h0 = (u64)(t = (u128)h0 + nonce[0] + ((u64)nonce[1]<<32));
+    h1 = (u64)(t = (u128)h1 + nonce[2] + ((u64)nonce[3]<<32) + (t >> 64));
+
+    U64TO8(mac + 0, h0);
+    U64TO8(mac + 8, h1);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/poly1305_ieee754.c b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/poly1305_ieee754.c
new file mode 100644
index 000000000..7cfd96864
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/poly1305_ieee754.c
@@ -0,0 +1,488 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This module is meant to be used as template for non-x87 floating-
+ * point assembly modules. The template itself is x86_64-specific
+ * though, as it was debugged on x86_64. So that implementor would
+ * have to recognize platform-specific parts, UxTOy and inline asm,
+ * and act accordingly.
+ *
+ * Huh? x86_64-specific code as template for non-x87? Note seven, which
+ * is not a typo, but reference to 80-bit precision. This module on the
+ * other hand relies on 64-bit precision operations, which are default
+ * for x86_64 code. And since we are at it, just for sense of it,
+ * large-block performance in cycles per processed byte for *this* code
+ * is:
+ *                      gcc-4.8         icc-15.0        clang-3.4(*)
+ *
+ * Westmere             4.96            5.09            4.37
+ * Sandy Bridge         4.95            4.90            4.17
+ * Haswell              4.92            4.87            3.78
+ * Bulldozer            4.67            4.49            4.68
+ * VIA Nano             7.07            7.05            5.98
+ * Silvermont           10.6            9.61            12.6
+ *
+ * (*)  clang managed to discover parallelism and deployed SIMD;
+ *
+ * And for range of other platforms with unspecified gcc versions:
+ *
+ * Freescale e300       12.5
+ * PPC74x0              10.8
+ * POWER6               4.92
+ * POWER7               4.50
+ * POWER8               4.10
+ *
+ * z10                  11.2
+ * z196+                7.30
+ *
+ * UltraSPARC III       16.0
+ * SPARC T4             16.1
+ */
+
+#if !(defined(__GNUC__) && __GNUC__>=2)
+# error "this is gcc-specific template"
+#endif
+
+#include <stdlib.h>
+
+typedef unsigned char u8;
+typedef unsigned int u32;
+typedef unsigned long long u64;
+typedef union { double d; u64 u; } elem64;
+
+#define TWO(p)          ((double)(1ULL<<(p)))
+#define TWO0            TWO(0)
+#define TWO32           TWO(32)
+#define TWO64           (TWO32*TWO(32))
+#define TWO96           (TWO64*TWO(32))
+#define TWO130          (TWO96*TWO(34))
+
+#define EXP(p)          ((1023ULL+(p))<<52)
+
+#if defined(__x86_64__) || (defined(__PPC__) && defined(__LITTLE_ENDIAN__))
+# define U8TOU32(p)     (*(const u32 *)(p))
+# define U32TO8(p,v)    (*(u32 *)(p) = (v))
+#elif defined(__PPC__)
+# define U8TOU32(p)     ({u32 ret; asm ("lwbrx	%0,0,%1":"=r"(ret):"b"(p)); ret; })
+# define U32TO8(p,v)    asm ("stwbrx %0,0,%1"::"r"(v),"b"(p):"memory")
+#elif defined(__s390x__)
+# define U8TOU32(p)     ({u32 ret; asm ("lrv	%0,%1":"=d"(ret):"m"(*(u32 *)(p))); ret; })
+# define U32TO8(p,v)    asm ("strv	%1,%0":"=m"(*(u32 *)(p)):"d"(v))
+#endif
+
+#ifndef U8TOU32
+# define U8TOU32(p)     ((u32)(p)[0]     | (u32)(p)[1]<<8 |     \
+                         (u32)(p)[2]<<16 | (u32)(p)[3]<<24  )
+#endif
+#ifndef U32TO8
+# define U32TO8(p,v)    ((p)[0] = (u8)(v),       (p)[1] = (u8)((v)>>8), \
+                         (p)[2] = (u8)((v)>>16), (p)[3] = (u8)((v)>>24) )
+#endif
+
+typedef struct {
+    elem64 h[4];
+    double r[8];
+    double s[6];
+} poly1305_internal;
+
+/* "round toward zero (truncate), mask all exceptions" */
+#if defined(__x86_64__)
+static const u32 mxcsr = 0x7f80;
+#elif defined(__PPC__)
+static const u64 one = 1;
+#elif defined(__s390x__)
+static const u32 fpc = 1;
+#elif defined(__sparc__)
+static const u64 fsr = 1ULL<<30;
+#elif defined(__mips__)
+static const u32 fcsr = 1;
+#else
+#error "unrecognized platform"
+#endif
+
+int poly1305_init(void *ctx, const unsigned char key[16])
+{
+    poly1305_internal *st = (poly1305_internal *) ctx;
+    elem64 r0, r1, r2, r3;
+
+    /* h = 0, biased */
+#if 0
+    st->h[0].d = TWO(52)*TWO0;
+    st->h[1].d = TWO(52)*TWO32;
+    st->h[2].d = TWO(52)*TWO64;
+    st->h[3].d = TWO(52)*TWO96;
+#else
+    st->h[0].u = EXP(52+0);
+    st->h[1].u = EXP(52+32);
+    st->h[2].u = EXP(52+64);
+    st->h[3].u = EXP(52+96);
+#endif
+
+    if (key) {
+        /*
+         * set "truncate" rounding mode
+         */
+#if defined(__x86_64__)
+        u32 mxcsr_orig;
+
+        asm volatile ("stmxcsr	%0":"=m"(mxcsr_orig));
+        asm volatile ("ldmxcsr	%0"::"m"(mxcsr));
+#elif defined(__PPC__)
+        double fpscr_orig, fpscr = *(double *)&one;
+
+        asm volatile ("mffs	%0":"=f"(fpscr_orig));
+        asm volatile ("mtfsf	255,%0"::"f"(fpscr));
+#elif defined(__s390x__)
+        u32 fpc_orig;
+
+        asm volatile ("stfpc	%0":"=m"(fpc_orig));
+        asm volatile ("lfpc	%0"::"m"(fpc));
+#elif defined(__sparc__)
+        u64 fsr_orig;
+
+        asm volatile ("stx	%%fsr,%0":"=m"(fsr_orig));
+        asm volatile ("ldx	%0,%%fsr"::"m"(fsr));
+#elif defined(__mips__)
+        u32 fcsr_orig;
+
+        asm volatile ("cfc1	%0,$31":"=r"(fcsr_orig));
+        asm volatile ("ctc1	%0,$31"::"r"(fcsr));
+#endif
+
+        /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */
+        r0.u = EXP(52+0)  | (U8TOU32(&key[0])  & 0x0fffffff);
+        r1.u = EXP(52+32) | (U8TOU32(&key[4])  & 0x0ffffffc);
+        r2.u = EXP(52+64) | (U8TOU32(&key[8])  & 0x0ffffffc);
+        r3.u = EXP(52+96) | (U8TOU32(&key[12]) & 0x0ffffffc);
+
+        st->r[0] = r0.d - TWO(52)*TWO0;
+        st->r[2] = r1.d - TWO(52)*TWO32;
+        st->r[4] = r2.d - TWO(52)*TWO64;
+        st->r[6] = r3.d - TWO(52)*TWO96;
+
+        st->s[0] = st->r[2] * (5.0/TWO130);
+        st->s[2] = st->r[4] * (5.0/TWO130);
+        st->s[4] = st->r[6] * (5.0/TWO130);
+
+        /*
+         * base 2^32 -> base 2^16
+         */
+        st->r[1] = (st->r[0] + TWO(52)*TWO(16)*TWO0) -
+                               TWO(52)*TWO(16)*TWO0;
+        st->r[0] -= st->r[1];
+
+        st->r[3] = (st->r[2] + TWO(52)*TWO(16)*TWO32) -
+                               TWO(52)*TWO(16)*TWO32;
+        st->r[2] -= st->r[3];
+
+        st->r[5] = (st->r[4] + TWO(52)*TWO(16)*TWO64) -
+                               TWO(52)*TWO(16)*TWO64;
+        st->r[4] -= st->r[5];
+
+        st->r[7] = (st->r[6] + TWO(52)*TWO(16)*TWO96) -
+                               TWO(52)*TWO(16)*TWO96;
+        st->r[6] -= st->r[7];
+
+        st->s[1] = (st->s[0] + TWO(52)*TWO(16)*TWO0/TWO96) -
+                               TWO(52)*TWO(16)*TWO0/TWO96;
+        st->s[0] -= st->s[1];
+
+        st->s[3] = (st->s[2] + TWO(52)*TWO(16)*TWO32/TWO96) -
+                               TWO(52)*TWO(16)*TWO32/TWO96;
+        st->s[2] -= st->s[3];
+
+        st->s[5] = (st->s[4] + TWO(52)*TWO(16)*TWO64/TWO96) -
+                               TWO(52)*TWO(16)*TWO64/TWO96;
+        st->s[4] -= st->s[5];
+
+        /*
+         * restore original FPU control register
+         */
+#if defined(__x86_64__)
+        asm volatile ("ldmxcsr	%0"::"m"(mxcsr_orig));
+#elif defined(__PPC__)
+        asm volatile ("mtfsf	255,%0"::"f"(fpscr_orig));
+#elif defined(__s390x__)
+        asm volatile ("lfpc	%0"::"m"(fpc_orig));
+#elif defined(__sparc__)
+        asm volatile ("ldx	%0,%%fsr"::"m"(fsr_orig));
+#elif defined(__mips__)
+        asm volatile ("ctc1	%0,$31"::"r"(fcsr_orig));
+#endif
+    }
+
+    return 0;
+}
+
+void poly1305_blocks(void *ctx, const unsigned char *inp, size_t len,
+                     int padbit)
+{
+    poly1305_internal *st = (poly1305_internal *)ctx;
+    elem64 in0, in1, in2, in3;
+    u64 pad = (u64)padbit<<32;
+
+    double x0, x1, x2, x3;
+    double h0lo, h0hi, h1lo, h1hi, h2lo, h2hi, h3lo, h3hi;
+    double c0lo, c0hi, c1lo, c1hi, c2lo, c2hi, c3lo, c3hi;
+
+    const double r0lo = st->r[0];
+    const double r0hi = st->r[1];
+    const double r1lo = st->r[2];
+    const double r1hi = st->r[3];
+    const double r2lo = st->r[4];
+    const double r2hi = st->r[5];
+    const double r3lo = st->r[6];
+    const double r3hi = st->r[7];
+
+    const double s1lo = st->s[0];
+    const double s1hi = st->s[1];
+    const double s2lo = st->s[2];
+    const double s2hi = st->s[3];
+    const double s3lo = st->s[4];
+    const double s3hi = st->s[5];
+
+    /*
+     * set "truncate" rounding mode
+     */
+#if defined(__x86_64__)
+    u32 mxcsr_orig;
+
+    asm volatile ("stmxcsr	%0":"=m"(mxcsr_orig));
+    asm volatile ("ldmxcsr	%0"::"m"(mxcsr));
+#elif defined(__PPC__)
+    double fpscr_orig, fpscr = *(double *)&one;
+
+    asm volatile ("mffs		%0":"=f"(fpscr_orig));
+    asm volatile ("mtfsf	255,%0"::"f"(fpscr));
+#elif defined(__s390x__)
+    u32 fpc_orig;
+
+    asm volatile ("stfpc	%0":"=m"(fpc_orig));
+    asm volatile ("lfpc		%0"::"m"(fpc));
+#elif defined(__sparc__)
+    u64 fsr_orig;
+
+    asm volatile ("stx		%%fsr,%0":"=m"(fsr_orig));
+    asm volatile ("ldx		%0,%%fsr"::"m"(fsr));
+#elif defined(__mips__)
+    u32 fcsr_orig;
+
+    asm volatile ("cfc1		%0,$31":"=r"(fcsr_orig));
+    asm volatile ("ctc1		%0,$31"::"r"(fcsr));
+#endif
+
+    /*
+     * load base 2^32 and de-bias
+     */
+    h0lo = st->h[0].d - TWO(52)*TWO0;
+    h1lo = st->h[1].d - TWO(52)*TWO32;
+    h2lo = st->h[2].d - TWO(52)*TWO64;
+    h3lo = st->h[3].d - TWO(52)*TWO96;
+
+#ifdef __clang__
+    h0hi = 0;
+    h1hi = 0;
+    h2hi = 0;
+    h3hi = 0;
+#else
+    in0.u = EXP(52+0)  | U8TOU32(&inp[0]);
+    in1.u = EXP(52+32) | U8TOU32(&inp[4]);
+    in2.u = EXP(52+64) | U8TOU32(&inp[8]);
+    in3.u = EXP(52+96) | U8TOU32(&inp[12]) | pad;
+
+    x0 = in0.d - TWO(52)*TWO0;
+    x1 = in1.d - TWO(52)*TWO32;
+    x2 = in2.d - TWO(52)*TWO64;
+    x3 = in3.d - TWO(52)*TWO96;
+
+    x0 += h0lo;
+    x1 += h1lo;
+    x2 += h2lo;
+    x3 += h3lo;
+
+    goto fast_entry;
+#endif
+
+    do {
+        in0.u = EXP(52+0)  | U8TOU32(&inp[0]);
+        in1.u = EXP(52+32) | U8TOU32(&inp[4]);
+        in2.u = EXP(52+64) | U8TOU32(&inp[8]);
+        in3.u = EXP(52+96) | U8TOU32(&inp[12]) | pad;
+
+        x0 = in0.d - TWO(52)*TWO0;
+        x1 = in1.d - TWO(52)*TWO32;
+        x2 = in2.d - TWO(52)*TWO64;
+        x3 = in3.d - TWO(52)*TWO96;
+
+        /*
+         * note that there are multiple ways to accumulate input, e.g.
+         * one can as well accumulate to h0lo-h1lo-h1hi-h2hi...
+         */
+        h0lo += x0;
+        h0hi += x1;
+        h2lo += x2;
+        h2hi += x3;
+
+        /*
+         * carries that cross 32n-bit (and 130-bit) boundaries
+         */
+        c0lo = (h0lo + TWO(52)*TWO32)  - TWO(52)*TWO32;
+        c1lo = (h1lo + TWO(52)*TWO64)  - TWO(52)*TWO64;
+        c2lo = (h2lo + TWO(52)*TWO96)  - TWO(52)*TWO96;
+        c3lo = (h3lo + TWO(52)*TWO130) - TWO(52)*TWO130;
+
+        c0hi = (h0hi + TWO(52)*TWO32)  - TWO(52)*TWO32;
+        c1hi = (h1hi + TWO(52)*TWO64)  - TWO(52)*TWO64;
+        c2hi = (h2hi + TWO(52)*TWO96)  - TWO(52)*TWO96;
+        c3hi = (h3hi + TWO(52)*TWO130) - TWO(52)*TWO130;
+
+        /*
+         * base 2^48 -> base 2^32 with last reduction step
+         */
+        x1 =  (h1lo - c1lo) + c0lo;
+        x2 =  (h2lo - c2lo) + c1lo;
+        x3 =  (h3lo - c3lo) + c2lo;
+        x0 =  (h0lo - c0lo) + c3lo * (5.0/TWO130);
+
+        x1 += (h1hi - c1hi) + c0hi;
+        x2 += (h2hi - c2hi) + c1hi;
+        x3 += (h3hi - c3hi) + c2hi;
+        x0 += (h0hi - c0hi) + c3hi * (5.0/TWO130);
+
+#ifndef __clang__
+    fast_entry:
+#endif
+        /*
+         * base 2^32 * base 2^16 = base 2^48
+         */
+        h0lo = s3lo * x1 + s2lo * x2 + s1lo * x3 + r0lo * x0;
+        h1lo = r0lo * x1 + s3lo * x2 + s2lo * x3 + r1lo * x0;
+        h2lo = r1lo * x1 + r0lo * x2 + s3lo * x3 + r2lo * x0;
+        h3lo = r2lo * x1 + r1lo * x2 + r0lo * x3 + r3lo * x0;
+
+        h0hi = s3hi * x1 + s2hi * x2 + s1hi * x3 + r0hi * x0;
+        h1hi = r0hi * x1 + s3hi * x2 + s2hi * x3 + r1hi * x0;
+        h2hi = r1hi * x1 + r0hi * x2 + s3hi * x3 + r2hi * x0;
+        h3hi = r2hi * x1 + r1hi * x2 + r0hi * x3 + r3hi * x0;
+
+        inp += 16;
+        len -= 16;
+
+    } while (len >= 16);
+
+    /*
+     * carries that cross 32n-bit (and 130-bit) boundaries
+     */
+    c0lo = (h0lo + TWO(52)*TWO32)  - TWO(52)*TWO32;
+    c1lo = (h1lo + TWO(52)*TWO64)  - TWO(52)*TWO64;
+    c2lo = (h2lo + TWO(52)*TWO96)  - TWO(52)*TWO96;
+    c3lo = (h3lo + TWO(52)*TWO130) - TWO(52)*TWO130;
+
+    c0hi = (h0hi + TWO(52)*TWO32)  - TWO(52)*TWO32;
+    c1hi = (h1hi + TWO(52)*TWO64)  - TWO(52)*TWO64;
+    c2hi = (h2hi + TWO(52)*TWO96)  - TWO(52)*TWO96;
+    c3hi = (h3hi + TWO(52)*TWO130) - TWO(52)*TWO130;
+
+    /*
+     * base 2^48 -> base 2^32 with last reduction step
+     */
+    x1 =  (h1lo - c1lo) + c0lo;
+    x2 =  (h2lo - c2lo) + c1lo;
+    x3 =  (h3lo - c3lo) + c2lo;
+    x0 =  (h0lo - c0lo) + c3lo * (5.0/TWO130);
+
+    x1 += (h1hi - c1hi) + c0hi;
+    x2 += (h2hi - c2hi) + c1hi;
+    x3 += (h3hi - c3hi) + c2hi;
+    x0 += (h0hi - c0hi) + c3hi * (5.0/TWO130);
+
+    /*
+     * store base 2^32, with bias
+     */
+    st->h[1].d = x1 + TWO(52)*TWO32;
+    st->h[2].d = x2 + TWO(52)*TWO64;
+    st->h[3].d = x3 + TWO(52)*TWO96;
+    st->h[0].d = x0 + TWO(52)*TWO0;
+
+    /*
+     * restore original FPU control register
+     */
+#if defined(__x86_64__)
+    asm volatile ("ldmxcsr	%0"::"m"(mxcsr_orig));
+#elif defined(__PPC__)
+    asm volatile ("mtfsf	255,%0"::"f"(fpscr_orig));
+#elif defined(__s390x__)
+    asm volatile ("lfpc		%0"::"m"(fpc_orig));
+#elif defined(__sparc__)
+    asm volatile ("ldx		%0,%%fsr"::"m"(fsr_orig));
+#elif defined(__mips__)
+    asm volatile ("ctc1		%0,$31"::"r"(fcsr_orig));
+#endif
+}
+
+void poly1305_emit(void *ctx, unsigned char mac[16], const u32 nonce[4])
+{
+    poly1305_internal *st = (poly1305_internal *) ctx;
+    u64 h0, h1, h2, h3, h4;
+    u32 g0, g1, g2, g3, g4;
+    u64 t;
+    u32 mask;
+
+    /*
+     * thanks to bias masking exponent gives integer result
+     */
+    h0 = st->h[0].u & 0x000fffffffffffffULL;
+    h1 = st->h[1].u & 0x000fffffffffffffULL;
+    h2 = st->h[2].u & 0x000fffffffffffffULL;
+    h3 = st->h[3].u & 0x000fffffffffffffULL;
+
+    /*
+     * can be partially reduced, so reduce...
+     */
+    h4 = h3>>32; h3 &= 0xffffffffU;
+    g4 = h4&-4;
+    h4 &= 3;
+    g4 += g4>>2;
+
+    h0 += g4;
+    h1 += h0>>32; h0 &= 0xffffffffU;
+    h2 += h1>>32; h1 &= 0xffffffffU;
+    h3 += h2>>32; h2 &= 0xffffffffU;
+
+    /* compute h + -p */
+    g0 = (u32)(t = h0 + 5);
+    g1 = (u32)(t = h1 + (t >> 32));
+    g2 = (u32)(t = h2 + (t >> 32));
+    g3 = (u32)(t = h3 + (t >> 32));
+    g4 = h4 + (u32)(t >> 32);
+
+    /* if there was carry, select g0-g3 */
+    mask = 0 - (g4 >> 2);
+    g0 &= mask;
+    g1 &= mask;
+    g2 &= mask;
+    g3 &= mask;
+    mask = ~mask;
+    g0 |= (h0 & mask);
+    g1 |= (h1 & mask);
+    g2 |= (h2 & mask);
+    g3 |= (h3 & mask);
+
+    /* mac = (h + nonce) % (2^128) */
+    g0 = (u32)(t = (u64)g0 + nonce[0]);
+    g1 = (u32)(t = (u64)g1 + (t >> 32) + nonce[1]);
+    g2 = (u32)(t = (u64)g2 + (t >> 32) + nonce[2]);
+    g3 = (u32)(t = (u64)g3 + (t >> 32) + nonce[3]);
+
+    U32TO8(mac + 0, g0);
+    U32TO8(mac + 4, g1);
+    U32TO8(mac + 8, g2);
+    U32TO8(mac + 12, g3);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/poly1305_local.h b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/poly1305_local.h
new file mode 100644
index 000000000..6d4d9dc5b
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/poly1305_local.h
@@ -0,0 +1,27 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+typedef void (*poly1305_blocks_f) (void *ctx, const unsigned char *inp,
+                                   size_t len, unsigned int padbit);
+typedef void (*poly1305_emit_f) (void *ctx, unsigned char mac[16],
+                                 const unsigned int nonce[4]);
+
+struct poly1305_context {
+    double opaque[24];  /* large enough to hold internal state, declared
+                         * 'double' to ensure at least 64-bit invariant
+                         * alignment across all platforms and
+                         * configurations */
+    unsigned int nonce[4];
+    unsigned char data[POLY1305_BLOCK_SIZE];
+    size_t num;
+    struct {
+        poly1305_blocks_f blocks;
+        poly1305_emit_f emit;
+    } func;
+};
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/poly1305_pmeth.c b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/poly1305_pmeth.c
new file mode 100644
index 000000000..3bc24c98c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/poly1305_pmeth.c
@@ -0,0 +1,194 @@
+/*
+ * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include "internal/poly1305.h"
+#include "poly1305_local.h"
+#include "internal/evp_int.h"
+
+/* POLY1305 pkey context structure */
+
+typedef struct {
+    ASN1_OCTET_STRING ktmp;     /* Temp storage for key */
+    POLY1305 ctx;
+} POLY1305_PKEY_CTX;
+
+static int pkey_poly1305_init(EVP_PKEY_CTX *ctx)
+{
+    POLY1305_PKEY_CTX *pctx;
+
+    if ((pctx = OPENSSL_zalloc(sizeof(*pctx))) == NULL) {
+        CRYPTOerr(CRYPTO_F_PKEY_POLY1305_INIT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    pctx->ktmp.type = V_ASN1_OCTET_STRING;
+
+    EVP_PKEY_CTX_set_data(ctx, pctx);
+    EVP_PKEY_CTX_set0_keygen_info(ctx, NULL, 0);
+    return 1;
+}
+
+static void pkey_poly1305_cleanup(EVP_PKEY_CTX *ctx)
+{
+    POLY1305_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(ctx);
+
+    if (pctx != NULL) {
+        OPENSSL_clear_free(pctx->ktmp.data, pctx->ktmp.length);
+        OPENSSL_clear_free(pctx, sizeof(*pctx));
+        EVP_PKEY_CTX_set_data(ctx, NULL);
+    }
+}
+
+static int pkey_poly1305_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
+{
+    POLY1305_PKEY_CTX *sctx, *dctx;
+
+    /* allocate memory for dst->data and a new POLY1305_CTX in dst->data->ctx */
+    if (!pkey_poly1305_init(dst))
+        return 0;
+    sctx = EVP_PKEY_CTX_get_data(src);
+    dctx = EVP_PKEY_CTX_get_data(dst);
+    if (ASN1_STRING_get0_data(&sctx->ktmp) != NULL &&
+        !ASN1_STRING_copy(&dctx->ktmp, &sctx->ktmp)) {
+        /* cleanup and free the POLY1305_PKEY_CTX in dst->data */
+        pkey_poly1305_cleanup(dst);
+        return 0;
+    }
+    memcpy(&dctx->ctx, &sctx->ctx, sizeof(POLY1305));
+    return 1;
+}
+
+static int pkey_poly1305_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+    ASN1_OCTET_STRING *key;
+    POLY1305_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(ctx);
+
+    if (ASN1_STRING_get0_data(&pctx->ktmp) == NULL)
+        return 0;
+    key = ASN1_OCTET_STRING_dup(&pctx->ktmp);
+    if (key == NULL)
+        return 0;
+    return EVP_PKEY_assign_POLY1305(pkey, key);
+}
+
+static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    POLY1305_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(EVP_MD_CTX_pkey_ctx(ctx));
+
+    Poly1305_Update(&pctx->ctx, data, count);
+    return 1;
+}
+
+static int poly1305_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
+{
+    POLY1305_PKEY_CTX *pctx = ctx->data;
+    ASN1_OCTET_STRING *key = (ASN1_OCTET_STRING *)ctx->pkey->pkey.ptr;
+
+    if (key->length != POLY1305_KEY_SIZE)
+        return 0;
+    EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT);
+    EVP_MD_CTX_set_update_fn(mctx, int_update);
+    Poly1305_Init(&pctx->ctx, key->data);
+    return 1;
+}
+static int poly1305_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                            EVP_MD_CTX *mctx)
+{
+    POLY1305_PKEY_CTX *pctx = ctx->data;
+
+    *siglen = POLY1305_DIGEST_SIZE;
+    if (sig != NULL)
+        Poly1305_Final(&pctx->ctx, sig);
+    return 1;
+}
+
+static int pkey_poly1305_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    POLY1305_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(ctx);
+    const unsigned char *key;
+    size_t len;
+
+    switch (type) {
+
+    case EVP_PKEY_CTRL_MD:
+        /* ignore */
+        break;
+
+    case EVP_PKEY_CTRL_SET_MAC_KEY:
+    case EVP_PKEY_CTRL_DIGESTINIT:
+        if (type == EVP_PKEY_CTRL_SET_MAC_KEY) {
+            /* user explicitly setting the key */
+            key = p2;
+            len = p1;
+        } else {
+            /* user indirectly setting the key via EVP_DigestSignInit */
+            key = EVP_PKEY_get0_poly1305(EVP_PKEY_CTX_get0_pkey(ctx), &len);
+        }
+        if (key == NULL || len != POLY1305_KEY_SIZE ||
+            !ASN1_OCTET_STRING_set(&pctx->ktmp, key, len))
+            return 0;
+        Poly1305_Init(&pctx->ctx, ASN1_STRING_get0_data(&pctx->ktmp));
+        break;
+
+    default:
+        return -2;
+
+    }
+    return 1;
+}
+
+static int pkey_poly1305_ctrl_str(EVP_PKEY_CTX *ctx,
+                                  const char *type, const char *value)
+{
+    if (value == NULL)
+        return 0;
+    if (strcmp(type, "key") == 0)
+        return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value);
+    if (strcmp(type, "hexkey") == 0)
+        return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value);
+    return -2;
+}
+
+const EVP_PKEY_METHOD poly1305_pkey_meth = {
+    EVP_PKEY_POLY1305,
+    EVP_PKEY_FLAG_SIGCTX_CUSTOM, /* we don't deal with a separate MD */
+    pkey_poly1305_init,
+    pkey_poly1305_copy,
+    pkey_poly1305_cleanup,
+
+    0, 0,
+
+    0,
+    pkey_poly1305_keygen,
+
+    0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    poly1305_signctx_init,
+    poly1305_signctx,
+
+    0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    pkey_poly1305_ctrl,
+    pkey_poly1305_ctrl_str
+};
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ppc_arch.h b/trunk/3rdparty/openssl-1.1-fit/crypto/ppc_arch.h
new file mode 100644
index 000000000..72bd74687
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ppc_arch.h
@@ -0,0 +1,28 @@
+/*
+ * Copyright 2014-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_PPC_ARCH_H
+# define HEADER_PPC_ARCH_H
+
+extern unsigned int OPENSSL_ppccap_P;
+
+/*
+ * Flags' usage can appear ambiguous, because they are set rather
+ * to reflect OpenSSL performance preferences than actual processor
+ * capabilities.
+ */
+# define PPC_FPU64       (1<<0)
+# define PPC_ALTIVEC     (1<<1)
+# define PPC_CRYPTO207   (1<<2)
+# define PPC_FPU         (1<<3)
+# define PPC_MADD300     (1<<4)
+# define PPC_MFTB        (1<<5)
+# define PPC_MFSPR268    (1<<6)
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ppccap.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ppccap.c
new file mode 100644
index 000000000..afb9e31b0
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ppccap.c
@@ -0,0 +1,408 @@
+/*
+ * Copyright 2009-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <setjmp.h>
+#include <signal.h>
+#include <unistd.h>
+#if defined(__linux) || defined(_AIX)
+# include <sys/utsname.h>
+#endif
+#if defined(_AIX53)     /* defined even on post-5.3 */
+# include <sys/systemcfg.h>
+# if !defined(__power_set)
+#  define __power_set(a) (_system_configuration.implementation & (a))
+# endif
+#endif
+#if defined(__APPLE__) && defined(__MACH__)
+# include <sys/types.h>
+# include <sys/sysctl.h>
+#endif
+#include <openssl/crypto.h>
+#include <openssl/bn.h>
+#include <internal/cryptlib.h>
+#include <internal/chacha.h>
+#include "bn/bn_lcl.h"
+
+#include "ppc_arch.h"
+
+unsigned int OPENSSL_ppccap_P = 0;
+
+static sigset_t all_masked;
+
+#ifdef OPENSSL_BN_ASM_MONT
+int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                const BN_ULONG *np, const BN_ULONG *n0, int num)
+{
+    int bn_mul_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                        const BN_ULONG *np, const BN_ULONG *n0, int num);
+    int bn_mul4x_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                          const BN_ULONG *np, const BN_ULONG *n0, int num);
+
+    if (num < 4)
+        return 0;
+
+    if ((num & 3) == 0)
+        return bn_mul4x_mont_int(rp, ap, bp, np, n0, num);
+
+    /*
+     * There used to be [optional] call to bn_mul_mont_fpu64 here,
+     * but above subroutine is faster on contemporary processors.
+     * Formulation means that there might be old processors where
+     * FPU code path would be faster, POWER6 perhaps, but there was
+     * no opportunity to figure it out...
+     */
+
+    return bn_mul_mont_int(rp, ap, bp, np, n0, num);
+}
+#endif
+
+void sha256_block_p8(void *ctx, const void *inp, size_t len);
+void sha256_block_ppc(void *ctx, const void *inp, size_t len);
+void sha256_block_data_order(void *ctx, const void *inp, size_t len);
+void sha256_block_data_order(void *ctx, const void *inp, size_t len)
+{
+    OPENSSL_ppccap_P & PPC_CRYPTO207 ? sha256_block_p8(ctx, inp, len) :
+        sha256_block_ppc(ctx, inp, len);
+}
+
+void sha512_block_p8(void *ctx, const void *inp, size_t len);
+void sha512_block_ppc(void *ctx, const void *inp, size_t len);
+void sha512_block_data_order(void *ctx, const void *inp, size_t len);
+void sha512_block_data_order(void *ctx, const void *inp, size_t len)
+{
+    OPENSSL_ppccap_P & PPC_CRYPTO207 ? sha512_block_p8(ctx, inp, len) :
+        sha512_block_ppc(ctx, inp, len);
+}
+
+#ifndef OPENSSL_NO_CHACHA
+void ChaCha20_ctr32_int(unsigned char *out, const unsigned char *inp,
+                        size_t len, const unsigned int key[8],
+                        const unsigned int counter[4]);
+void ChaCha20_ctr32_vmx(unsigned char *out, const unsigned char *inp,
+                        size_t len, const unsigned int key[8],
+                        const unsigned int counter[4]);
+void ChaCha20_ctr32_vsx(unsigned char *out, const unsigned char *inp,
+                        size_t len, const unsigned int key[8],
+                        const unsigned int counter[4]);
+void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp,
+                    size_t len, const unsigned int key[8],
+                    const unsigned int counter[4])
+{
+    OPENSSL_ppccap_P & PPC_CRYPTO207
+        ? ChaCha20_ctr32_vsx(out, inp, len, key, counter)
+        : OPENSSL_ppccap_P & PPC_ALTIVEC
+            ? ChaCha20_ctr32_vmx(out, inp, len, key, counter)
+            : ChaCha20_ctr32_int(out, inp, len, key, counter);
+}
+#endif
+
+#ifndef OPENSSL_NO_POLY1305
+void poly1305_init_int(void *ctx, const unsigned char key[16]);
+void poly1305_blocks(void *ctx, const unsigned char *inp, size_t len,
+                         unsigned int padbit);
+void poly1305_emit(void *ctx, unsigned char mac[16],
+                       const unsigned int nonce[4]);
+void poly1305_init_fpu(void *ctx, const unsigned char key[16]);
+void poly1305_blocks_fpu(void *ctx, const unsigned char *inp, size_t len,
+                         unsigned int padbit);
+void poly1305_emit_fpu(void *ctx, unsigned char mac[16],
+                       const unsigned int nonce[4]);
+int poly1305_init(void *ctx, const unsigned char key[16], void *func[2]);
+int poly1305_init(void *ctx, const unsigned char key[16], void *func[2])
+{
+    if (sizeof(size_t) == 4 && (OPENSSL_ppccap_P & PPC_FPU)) {
+        poly1305_init_fpu(ctx, key);
+        func[0] = (void*)(uintptr_t)poly1305_blocks_fpu;
+        func[1] = (void*)(uintptr_t)poly1305_emit_fpu;
+    } else {
+        poly1305_init_int(ctx, key);
+        func[0] = (void*)(uintptr_t)poly1305_blocks;
+        func[1] = (void*)(uintptr_t)poly1305_emit;
+    }
+    return 1;
+}
+#endif
+
+#ifdef ECP_NISTZ256_ASM
+void ecp_nistz256_mul_mont(unsigned long res[4], const unsigned long a[4],
+                           const unsigned long b[4]);
+
+void ecp_nistz256_to_mont(unsigned long res[4], const unsigned long in[4]);
+void ecp_nistz256_to_mont(unsigned long res[4], const unsigned long in[4])
+{
+    static const unsigned long RR[] = { 0x0000000000000003U,
+                                        0xfffffffbffffffffU,
+                                        0xfffffffffffffffeU,
+                                        0x00000004fffffffdU };
+
+    ecp_nistz256_mul_mont(res, in, RR);
+}
+
+void ecp_nistz256_from_mont(unsigned long res[4], const unsigned long in[4]);
+void ecp_nistz256_from_mont(unsigned long res[4], const unsigned long in[4])
+{
+    static const unsigned long one[] = { 1, 0, 0, 0 };
+
+    ecp_nistz256_mul_mont(res, in, one);
+}
+#endif
+
+static sigjmp_buf ill_jmp;
+static void ill_handler(int sig)
+{
+    siglongjmp(ill_jmp, sig);
+}
+
+void OPENSSL_fpu_probe(void);
+void OPENSSL_ppc64_probe(void);
+void OPENSSL_altivec_probe(void);
+void OPENSSL_crypto207_probe(void);
+void OPENSSL_madd300_probe(void);
+
+long OPENSSL_rdtsc_mftb(void);
+long OPENSSL_rdtsc_mfspr268(void);
+
+uint32_t OPENSSL_rdtsc(void)
+{
+    if (OPENSSL_ppccap_P & PPC_MFTB)
+        return OPENSSL_rdtsc_mftb();
+    else if (OPENSSL_ppccap_P & PPC_MFSPR268)
+        return OPENSSL_rdtsc_mfspr268();
+    else
+        return 0;
+}
+
+size_t OPENSSL_instrument_bus_mftb(unsigned int *, size_t);
+size_t OPENSSL_instrument_bus_mfspr268(unsigned int *, size_t);
+
+size_t OPENSSL_instrument_bus(unsigned int *out, size_t cnt)
+{
+    if (OPENSSL_ppccap_P & PPC_MFTB)
+        return OPENSSL_instrument_bus_mftb(out, cnt);
+    else if (OPENSSL_ppccap_P & PPC_MFSPR268)
+        return OPENSSL_instrument_bus_mfspr268(out, cnt);
+    else
+        return 0;
+}
+
+size_t OPENSSL_instrument_bus2_mftb(unsigned int *, size_t, size_t);
+size_t OPENSSL_instrument_bus2_mfspr268(unsigned int *, size_t, size_t);
+
+size_t OPENSSL_instrument_bus2(unsigned int *out, size_t cnt, size_t max)
+{
+    if (OPENSSL_ppccap_P & PPC_MFTB)
+        return OPENSSL_instrument_bus2_mftb(out, cnt, max);
+    else if (OPENSSL_ppccap_P & PPC_MFSPR268)
+        return OPENSSL_instrument_bus2_mfspr268(out, cnt, max);
+    else
+        return 0;
+}
+
+#if defined(__GLIBC__) && defined(__GLIBC_PREREQ)
+# if __GLIBC_PREREQ(2, 16)
+#  include <sys/auxv.h>
+#  define OSSL_IMPLEMENT_GETAUXVAL
+# endif
+#endif
+
+/* I wish <sys/auxv.h> was universally available */
+#define HWCAP                   16      /* AT_HWCAP */
+#define HWCAP_PPC64             (1U << 30)
+#define HWCAP_ALTIVEC           (1U << 28)
+#define HWCAP_FPU               (1U << 27)
+#define HWCAP_POWER6_EXT        (1U << 9)
+#define HWCAP_VSX               (1U << 7)
+
+#define HWCAP2                  26      /* AT_HWCAP2 */
+#define HWCAP_VEC_CRYPTO        (1U << 25)
+#define HWCAP_ARCH_3_00         (1U << 23)
+
+# if defined(__GNUC__) && __GNUC__>=2
+__attribute__ ((constructor))
+# endif
+void OPENSSL_cpuid_setup(void)
+{
+    char *e;
+    struct sigaction ill_oact, ill_act;
+    sigset_t oset;
+    static int trigger = 0;
+
+    if (trigger)
+        return;
+    trigger = 1;
+
+    if ((e = getenv("OPENSSL_ppccap"))) {
+        OPENSSL_ppccap_P = strtoul(e, NULL, 0);
+        return;
+    }
+
+    OPENSSL_ppccap_P = 0;
+
+#if defined(_AIX)
+    OPENSSL_ppccap_P |= PPC_FPU;
+
+    if (sizeof(size_t) == 4) {
+        struct utsname uts;
+# if defined(_SC_AIX_KERNEL_BITMODE)
+        if (sysconf(_SC_AIX_KERNEL_BITMODE) != 64)
+            return;
+# endif
+        if (uname(&uts) != 0 || atoi(uts.version) < 6)
+            return;
+    }
+
+# if defined(__power_set)
+    /*
+     * Value used in __power_set is a single-bit 1<<n one denoting
+     * specific processor class. Incidentally 0xffffffff<<n can be
+     * used to denote specific processor and its successors.
+     */
+    if (sizeof(size_t) == 4) {
+        /* In 32-bit case PPC_FPU64 is always fastest [if option] */
+        if (__power_set(0xffffffffU<<13))       /* POWER5 and later */
+            OPENSSL_ppccap_P |= PPC_FPU64;
+    } else {
+        /* In 64-bit case PPC_FPU64 is fastest only on POWER6 */
+        if (__power_set(0x1U<<14))              /* POWER6 */
+            OPENSSL_ppccap_P |= PPC_FPU64;
+    }
+
+    if (__power_set(0xffffffffU<<14))           /* POWER6 and later */
+        OPENSSL_ppccap_P |= PPC_ALTIVEC;
+
+    if (__power_set(0xffffffffU<<16))           /* POWER8 and later */
+        OPENSSL_ppccap_P |= PPC_CRYPTO207;
+
+    if (__power_set(0xffffffffU<<17))           /* POWER9 and later */
+        OPENSSL_ppccap_P |= PPC_MADD300;
+
+    return;
+# endif
+#endif
+
+#if defined(__APPLE__) && defined(__MACH__)
+    OPENSSL_ppccap_P |= PPC_FPU;
+
+    {
+        int val;
+        size_t len = sizeof(val);
+
+        if (sysctlbyname("hw.optional.64bitops", &val, &len, NULL, 0) == 0) {
+            if (val)
+                OPENSSL_ppccap_P |= PPC_FPU64;
+        }
+
+        len = sizeof(val);
+        if (sysctlbyname("hw.optional.altivec", &val, &len, NULL, 0) == 0) {
+            if (val)
+                OPENSSL_ppccap_P |= PPC_ALTIVEC;
+        }
+
+        return;
+    }
+#endif
+
+#ifdef OSSL_IMPLEMENT_GETAUXVAL
+    {
+        unsigned long hwcap = getauxval(HWCAP);
+
+        if (hwcap & HWCAP_FPU) {
+            OPENSSL_ppccap_P |= PPC_FPU;
+
+            if (sizeof(size_t) == 4) {
+                /* In 32-bit case PPC_FPU64 is always fastest [if option] */
+                if (hwcap & HWCAP_PPC64)
+                    OPENSSL_ppccap_P |= PPC_FPU64;
+            } else {
+                /* In 64-bit case PPC_FPU64 is fastest only on POWER6 */
+                if (hwcap & HWCAP_POWER6_EXT)
+                    OPENSSL_ppccap_P |= PPC_FPU64;
+            }
+        }
+
+        if (hwcap & HWCAP_ALTIVEC) {
+            OPENSSL_ppccap_P |= PPC_ALTIVEC;
+
+            if ((hwcap & HWCAP_VSX) && (getauxval(HWCAP2) & HWCAP_VEC_CRYPTO))
+                OPENSSL_ppccap_P |= PPC_CRYPTO207;
+        }
+
+        if (hwcap & HWCAP_ARCH_3_00) {
+            OPENSSL_ppccap_P |= PPC_MADD300;
+        }
+    }
+#endif
+
+    sigfillset(&all_masked);
+    sigdelset(&all_masked, SIGILL);
+    sigdelset(&all_masked, SIGTRAP);
+#ifdef SIGEMT
+    sigdelset(&all_masked, SIGEMT);
+#endif
+    sigdelset(&all_masked, SIGFPE);
+    sigdelset(&all_masked, SIGBUS);
+    sigdelset(&all_masked, SIGSEGV);
+
+    memset(&ill_act, 0, sizeof(ill_act));
+    ill_act.sa_handler = ill_handler;
+    ill_act.sa_mask = all_masked;
+
+    sigprocmask(SIG_SETMASK, &ill_act.sa_mask, &oset);
+    sigaction(SIGILL, &ill_act, &ill_oact);
+
+#ifndef OSSL_IMPLEMENT_GETAUXVAL
+    if (sigsetjmp(ill_jmp,1) == 0) {
+        OPENSSL_fpu_probe();
+        OPENSSL_ppccap_P |= PPC_FPU;
+
+        if (sizeof(size_t) == 4) {
+# ifdef __linux
+            struct utsname uts;
+            if (uname(&uts) == 0 && strcmp(uts.machine, "ppc64") == 0)
+# endif
+                if (sigsetjmp(ill_jmp, 1) == 0) {
+                    OPENSSL_ppc64_probe();
+                    OPENSSL_ppccap_P |= PPC_FPU64;
+                }
+        } else {
+            /*
+             * Wanted code detecting POWER6 CPU and setting PPC_FPU64
+             */
+        }
+    }
+
+    if (sigsetjmp(ill_jmp, 1) == 0) {
+        OPENSSL_altivec_probe();
+        OPENSSL_ppccap_P |= PPC_ALTIVEC;
+        if (sigsetjmp(ill_jmp, 1) == 0) {
+            OPENSSL_crypto207_probe();
+            OPENSSL_ppccap_P |= PPC_CRYPTO207;
+        }
+    }
+
+    if (sigsetjmp(ill_jmp, 1) == 0) {
+        OPENSSL_madd300_probe();
+        OPENSSL_ppccap_P |= PPC_MADD300;
+    }
+#endif
+
+    if (sigsetjmp(ill_jmp, 1) == 0) {
+        OPENSSL_rdtsc_mftb();
+        OPENSSL_ppccap_P |= PPC_MFTB;
+    } else if (sigsetjmp(ill_jmp, 1) == 0) {
+        OPENSSL_rdtsc_mfspr268();
+        OPENSSL_ppccap_P |= PPC_MFSPR268;
+    }
+
+    sigaction(SIGILL, &ill_oact, NULL);
+    sigprocmask(SIG_SETMASK, &oset, NULL);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ppccpuid.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/ppccpuid.pl
new file mode 100755
index 000000000..a38445fd3
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ppccpuid.pl
@@ -0,0 +1,382 @@
+#! /usr/bin/env perl
+# Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+$flavour = shift;
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}perlasm/ppc-xlate.pl" and -f $xlate) or
+die "can't locate ppc-xlate.pl";
+
+open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!";
+
+if ($flavour=~/64/) {
+    $CMPLI="cmpldi";
+    $SHRLI="srdi";
+    $SIGNX="extsw";
+} else {
+    $CMPLI="cmplwi";
+    $SHRLI="srwi";
+    $SIGNX="mr";
+}
+
+$code=<<___;
+.machine	"any"
+.text
+
+.globl	.OPENSSL_fpu_probe
+.align	4
+.OPENSSL_fpu_probe:
+	fmr	f0,f0
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+.size	.OPENSSL_fpu_probe,.-.OPENSSL_fpu_probe
+.globl	.OPENSSL_ppc64_probe
+.align	4
+.OPENSSL_ppc64_probe:
+	fcfid	f1,f1
+	extrdi	r0,r0,32,0
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+.size	.OPENSSL_ppc64_probe,.-.OPENSSL_ppc64_probe
+
+.globl	.OPENSSL_altivec_probe
+.align	4
+.OPENSSL_altivec_probe:
+	.long	0x10000484	# vor	v0,v0,v0
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+.size	.OPENSSL_altivec_probe,.-..OPENSSL_altivec_probe
+
+.globl	.OPENSSL_crypto207_probe
+.align	4
+.OPENSSL_crypto207_probe:
+	lvx_u	v0,0,r1
+	vcipher	v0,v0,v0
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+.size	.OPENSSL_crypto207_probe,.-.OPENSSL_crypto207_probe
+
+.globl	.OPENSSL_madd300_probe
+.align	4
+.OPENSSL_madd300_probe:
+	xor	r0,r0,r0
+	maddld	r3,r0,r0,r0
+	maddhdu	r3,r0,r0,r0
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+
+.globl	.OPENSSL_wipe_cpu
+.align	4
+.OPENSSL_wipe_cpu:
+	xor	r0,r0,r0
+	fmr	f0,f31
+	fmr	f1,f31
+	fmr	f2,f31
+	mr	r3,r1
+	fmr	f3,f31
+	xor	r4,r4,r4
+	fmr	f4,f31
+	xor	r5,r5,r5
+	fmr	f5,f31
+	xor	r6,r6,r6
+	fmr	f6,f31
+	xor	r7,r7,r7
+	fmr	f7,f31
+	xor	r8,r8,r8
+	fmr	f8,f31
+	xor	r9,r9,r9
+	fmr	f9,f31
+	xor	r10,r10,r10
+	fmr	f10,f31
+	xor	r11,r11,r11
+	fmr	f11,f31
+	xor	r12,r12,r12
+	fmr	f12,f31
+	fmr	f13,f31
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+.size	.OPENSSL_wipe_cpu,.-.OPENSSL_wipe_cpu
+
+.globl	.OPENSSL_atomic_add
+.align	4
+.OPENSSL_atomic_add:
+Ladd:	lwarx	r5,0,r3
+	add	r0,r4,r5
+	stwcx.	r0,0,r3
+	bne-	Ladd
+	$SIGNX	r3,r0
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,2,0
+	.long	0
+.size	.OPENSSL_atomic_add,.-.OPENSSL_atomic_add
+
+.globl	.OPENSSL_rdtsc_mftb
+.align	4
+.OPENSSL_rdtsc_mftb:
+	mftb	r3
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+.size	.OPENSSL_rdtsc_mftb,.-.OPENSSL_rdtsc_mftb
+
+.globl	.OPENSSL_rdtsc_mfspr268
+.align	4
+.OPENSSL_rdtsc_mfspr268:
+	mfspr	r3,268
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+.size	.OPENSSL_rdtsc_mfspr268,.-.OPENSSL_rdtsc_mfspr268
+
+.globl	.OPENSSL_cleanse
+.align	4
+.OPENSSL_cleanse:
+	$CMPLI	r4,7
+	li	r0,0
+	bge	Lot
+	$CMPLI	r4,0
+	beqlr-
+Little:	mtctr	r4
+	stb	r0,0(r3)
+	addi	r3,r3,1
+	bdnz	\$-8
+	blr
+Lot:	andi.	r5,r3,3
+	beq	Laligned
+	stb	r0,0(r3)
+	subi	r4,r4,1
+	addi	r3,r3,1
+	b	Lot
+Laligned:
+	$SHRLI	r5,r4,2
+	mtctr	r5
+	stw	r0,0(r3)
+	addi	r3,r3,4
+	bdnz	\$-8
+	andi.	r4,r4,3
+	bne	Little
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,2,0
+	.long	0
+.size	.OPENSSL_cleanse,.-.OPENSSL_cleanse
+
+globl	.CRYPTO_memcmp
+.align	4
+.CRYPTO_memcmp:
+	$CMPLI	r5,0
+	li	r0,0
+	beq	Lno_data
+	mtctr	r5
+Loop_cmp:
+	lbz	r6,0(r3)
+	addi	r3,r3,1
+	lbz	r7,0(r4)
+	addi	r4,r4,1
+	xor	r6,r6,r7
+	or	r0,r0,r6
+	bdnz	Loop_cmp
+
+Lno_data:
+	li	r3,0
+	sub	r3,r3,r0
+	extrwi	r3,r3,1,0
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,3,0
+	.long	0
+.size	.CRYPTO_memcmp,.-.CRYPTO_memcmp
+___
+{
+my ($out,$cnt,$max)=("r3","r4","r5");
+my ($tick,$lasttick)=("r6","r7");
+my ($diff,$lastdiff)=("r8","r9");
+
+$code.=<<___;
+.globl	.OPENSSL_instrument_bus_mftb
+.align	4
+.OPENSSL_instrument_bus_mftb:
+	mtctr	$cnt
+
+	mftb	$lasttick		# collect 1st tick
+	li	$diff,0
+
+	dcbf	0,$out			# flush cache line
+	lwarx	$tick,0,$out		# load and lock
+	add	$tick,$tick,$diff
+	stwcx.	$tick,0,$out
+	stwx	$tick,0,$out
+
+Loop:	mftb	$tick
+	sub	$diff,$tick,$lasttick
+	mr	$lasttick,$tick
+	dcbf	0,$out			# flush cache line
+	lwarx	$tick,0,$out		# load and lock
+	add	$tick,$tick,$diff
+	stwcx.	$tick,0,$out
+	stwx	$tick,0,$out
+	addi	$out,$out,4		# ++$out
+	bdnz	Loop
+
+	mr	r3,$cnt
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,2,0
+	.long	0
+.size	.OPENSSL_instrument_bus_mftb,.-.OPENSSL_instrument_bus_mftb
+
+.globl	.OPENSSL_instrument_bus2_mftb
+.align	4
+.OPENSSL_instrument_bus2_mftb:
+	mr	r0,$cnt
+	slwi	$cnt,$cnt,2
+
+	mftb	$lasttick		# collect 1st tick
+	li	$diff,0
+
+	dcbf	0,$out			# flush cache line
+	lwarx	$tick,0,$out		# load and lock
+	add	$tick,$tick,$diff
+	stwcx.	$tick,0,$out
+	stwx	$tick,0,$out
+
+	mftb	$tick			# collect 1st diff
+	sub	$diff,$tick,$lasttick
+	mr	$lasttick,$tick
+	mr	$lastdiff,$diff
+Loop2:
+	dcbf	0,$out			# flush cache line
+	lwarx	$tick,0,$out		# load and lock
+	add	$tick,$tick,$diff
+	stwcx.	$tick,0,$out
+	stwx	$tick,0,$out
+
+	addic.	$max,$max,-1
+	beq	Ldone2
+
+	mftb	$tick
+	sub	$diff,$tick,$lasttick
+	mr	$lasttick,$tick
+	cmplw	7,$diff,$lastdiff
+	mr	$lastdiff,$diff
+
+	mfcr	$tick			# pull cr
+	not	$tick,$tick		# flip bits
+	rlwinm	$tick,$tick,1,29,29	# isolate flipped eq bit and scale
+
+	sub.	$cnt,$cnt,$tick		# conditional --$cnt
+	add	$out,$out,$tick		# conditional ++$out
+	bne	Loop2
+
+Ldone2:
+	srwi	$cnt,$cnt,2
+	sub	r3,r0,$cnt
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,3,0
+	.long	0
+.size	.OPENSSL_instrument_bus2_mftb,.-.OPENSSL_instrument_bus2_mftb
+
+.globl	.OPENSSL_instrument_bus_mfspr268
+.align	4
+.OPENSSL_instrument_bus_mfspr268:
+	mtctr	$cnt
+
+	mfspr	$lasttick,268		# collect 1st tick
+	li	$diff,0
+
+	dcbf	0,$out			# flush cache line
+	lwarx	$tick,0,$out		# load and lock
+	add	$tick,$tick,$diff
+	stwcx.	$tick,0,$out
+	stwx	$tick,0,$out
+
+Loop3:	mfspr	$tick,268
+	sub	$diff,$tick,$lasttick
+	mr	$lasttick,$tick
+	dcbf	0,$out			# flush cache line
+	lwarx	$tick,0,$out		# load and lock
+	add	$tick,$tick,$diff
+	stwcx.	$tick,0,$out
+	stwx	$tick,0,$out
+	addi	$out,$out,4		# ++$out
+	bdnz	Loop3
+
+	mr	r3,$cnt
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,2,0
+	.long	0
+.size	.OPENSSL_instrument_bus_mfspr268,.-.OPENSSL_instrument_bus_mfspr268
+
+.globl	.OPENSSL_instrument_bus2_mfspr268
+.align	4
+.OPENSSL_instrument_bus2_mfspr268:
+	mr	r0,$cnt
+	slwi	$cnt,$cnt,2
+
+	mfspr	$lasttick,268		# collect 1st tick
+	li	$diff,0
+
+	dcbf	0,$out			# flush cache line
+	lwarx	$tick,0,$out		# load and lock
+	add	$tick,$tick,$diff
+	stwcx.	$tick,0,$out
+	stwx	$tick,0,$out
+
+	mfspr	$tick,268		# collect 1st diff
+	sub	$diff,$tick,$lasttick
+	mr	$lasttick,$tick
+	mr	$lastdiff,$diff
+Loop4:
+	dcbf	0,$out			# flush cache line
+	lwarx	$tick,0,$out		# load and lock
+	add	$tick,$tick,$diff
+	stwcx.	$tick,0,$out
+	stwx	$tick,0,$out
+
+	addic.	$max,$max,-1
+	beq	Ldone4
+
+	mfspr	$tick,268
+	sub	$diff,$tick,$lasttick
+	mr	$lasttick,$tick
+	cmplw	7,$diff,$lastdiff
+	mr	$lastdiff,$diff
+
+	mfcr	$tick			# pull cr
+	not	$tick,$tick		# flip bits
+	rlwinm	$tick,$tick,1,29,29	# isolate flipped eq bit and scale
+
+	sub.	$cnt,$cnt,$tick		# conditional --$cnt
+	add	$out,$out,$tick		# conditional ++$out
+	bne	Loop4
+
+Ldone4:
+	srwi	$cnt,$cnt,2
+	sub	r3,r0,$cnt
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,3,0
+	.long	0
+.size	.OPENSSL_instrument_bus2_mfspr268,.-.OPENSSL_instrument_bus2_mfspr268
+___
+}
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rand/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/rand/build.info
new file mode 100644
index 000000000..df9bac67f
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rand/build.info
@@ -0,0 +1,4 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        randfile.c rand_lib.c rand_err.c rand_egd.c \
+        rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rand/drbg_ctr.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rand/drbg_ctr.c
new file mode 100644
index 000000000..a243361b5
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rand/drbg_ctr.c
@@ -0,0 +1,438 @@
+/*
+ * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#include "internal/thread_once.h"
+#include "internal/thread_once.h"
+#include "rand_lcl.h"
+/*
+ * Implementation of NIST SP 800-90A CTR DRBG.
+ */
+
+static void inc_128(RAND_DRBG_CTR *ctr)
+{
+    int i;
+    unsigned char c;
+    unsigned char *p = &ctr->V[15];
+
+    for (i = 0; i < 16; i++, p--) {
+        c = *p;
+        c++;
+        *p = c;
+        if (c != 0) {
+            /* If we didn't wrap around, we're done. */
+            break;
+        }
+    }
+}
+
+static void ctr_XOR(RAND_DRBG_CTR *ctr, const unsigned char *in, size_t inlen)
+{
+    size_t i, n;
+
+    if (in == NULL || inlen == 0)
+        return;
+
+    /*
+     * Any zero padding will have no effect on the result as we
+     * are XORing. So just process however much input we have.
+     */
+    n = inlen < ctr->keylen ? inlen : ctr->keylen;
+    for (i = 0; i < n; i++)
+        ctr->K[i] ^= in[i];
+    if (inlen <= ctr->keylen)
+        return;
+
+    n = inlen - ctr->keylen;
+    if (n > 16) {
+        /* Should never happen */
+        n = 16;
+    }
+    for (i = 0; i < n; i++)
+        ctr->V[i] ^= in[i + ctr->keylen];
+}
+
+/*
+ * Process a complete block using BCC algorithm of SP 800-90A 10.3.3
+ */
+__owur static int ctr_BCC_block(RAND_DRBG_CTR *ctr, unsigned char *out,
+                                const unsigned char *in)
+{
+    int i, outlen = AES_BLOCK_SIZE;
+
+    for (i = 0; i < 16; i++)
+        out[i] ^= in[i];
+
+    if (!EVP_CipherUpdate(ctr->ctx_df, out, &outlen, out, AES_BLOCK_SIZE)
+        || outlen != AES_BLOCK_SIZE)
+        return 0;
+    return 1;
+}
+
+
+/*
+ * Handle several BCC operations for as much data as we need for K and X
+ */
+__owur static int ctr_BCC_blocks(RAND_DRBG_CTR *ctr, const unsigned char *in)
+{
+    if (!ctr_BCC_block(ctr, ctr->KX, in)
+        || !ctr_BCC_block(ctr, ctr->KX + 16, in))
+        return 0;
+    if (ctr->keylen != 16 && !ctr_BCC_block(ctr, ctr->KX + 32, in))
+        return 0;
+    return 1;
+}
+
+/*
+ * Initialise BCC blocks: these have the value 0,1,2 in leftmost positions:
+ * see 10.3.1 stage 7.
+ */
+__owur static int ctr_BCC_init(RAND_DRBG_CTR *ctr)
+{
+    memset(ctr->KX, 0, 48);
+    memset(ctr->bltmp, 0, 16);
+    if (!ctr_BCC_block(ctr, ctr->KX, ctr->bltmp))
+        return 0;
+    ctr->bltmp[3] = 1;
+    if (!ctr_BCC_block(ctr, ctr->KX + 16, ctr->bltmp))
+        return 0;
+    if (ctr->keylen != 16) {
+        ctr->bltmp[3] = 2;
+        if (!ctr_BCC_block(ctr, ctr->KX + 32, ctr->bltmp))
+            return 0;
+    }
+    return 1;
+}
+
+/*
+ * Process several blocks into BCC algorithm, some possibly partial
+ */
+__owur static int ctr_BCC_update(RAND_DRBG_CTR *ctr,
+                                 const unsigned char *in, size_t inlen)
+{
+    if (in == NULL || inlen == 0)
+        return 1;
+
+    /* If we have partial block handle it first */
+    if (ctr->bltmp_pos) {
+        size_t left = 16 - ctr->bltmp_pos;
+
+        /* If we now have a complete block process it */
+        if (inlen >= left) {
+            memcpy(ctr->bltmp + ctr->bltmp_pos, in, left);
+            if (!ctr_BCC_blocks(ctr, ctr->bltmp))
+                return 0;
+            ctr->bltmp_pos = 0;
+            inlen -= left;
+            in += left;
+        }
+    }
+
+    /* Process zero or more complete blocks */
+    for (; inlen >= 16; in += 16, inlen -= 16) {
+        if (!ctr_BCC_blocks(ctr, in))
+            return 0;
+    }
+
+    /* Copy any remaining partial block to the temporary buffer */
+    if (inlen > 0) {
+        memcpy(ctr->bltmp + ctr->bltmp_pos, in, inlen);
+        ctr->bltmp_pos += inlen;
+    }
+    return 1;
+}
+
+__owur static int ctr_BCC_final(RAND_DRBG_CTR *ctr)
+{
+    if (ctr->bltmp_pos) {
+        memset(ctr->bltmp + ctr->bltmp_pos, 0, 16 - ctr->bltmp_pos);
+        if (!ctr_BCC_blocks(ctr, ctr->bltmp))
+            return 0;
+    }
+    return 1;
+}
+
+__owur static int ctr_df(RAND_DRBG_CTR *ctr,
+                         const unsigned char *in1, size_t in1len,
+                         const unsigned char *in2, size_t in2len,
+                         const unsigned char *in3, size_t in3len)
+{
+    static unsigned char c80 = 0x80;
+    size_t inlen;
+    unsigned char *p = ctr->bltmp;
+    int outlen = AES_BLOCK_SIZE;
+
+    if (!ctr_BCC_init(ctr))
+        return 0;
+    if (in1 == NULL)
+        in1len = 0;
+    if (in2 == NULL)
+        in2len = 0;
+    if (in3 == NULL)
+        in3len = 0;
+    inlen = in1len + in2len + in3len;
+    /* Initialise L||N in temporary block */
+    *p++ = (inlen >> 24) & 0xff;
+    *p++ = (inlen >> 16) & 0xff;
+    *p++ = (inlen >> 8) & 0xff;
+    *p++ = inlen & 0xff;
+
+    /* NB keylen is at most 32 bytes */
+    *p++ = 0;
+    *p++ = 0;
+    *p++ = 0;
+    *p = (unsigned char)((ctr->keylen + 16) & 0xff);
+    ctr->bltmp_pos = 8;
+    if (!ctr_BCC_update(ctr, in1, in1len)
+        || !ctr_BCC_update(ctr, in2, in2len)
+        || !ctr_BCC_update(ctr, in3, in3len)
+        || !ctr_BCC_update(ctr, &c80, 1)
+        || !ctr_BCC_final(ctr))
+        return 0;
+    /* Set up key K */
+    if (!EVP_CipherInit_ex(ctr->ctx, ctr->cipher, NULL, ctr->KX, NULL, 1))
+        return 0;
+    /* X follows key K */
+    if (!EVP_CipherUpdate(ctr->ctx, ctr->KX, &outlen, ctr->KX + ctr->keylen,
+                          AES_BLOCK_SIZE)
+        || outlen != AES_BLOCK_SIZE)
+        return 0;
+    if (!EVP_CipherUpdate(ctr->ctx, ctr->KX + 16, &outlen, ctr->KX,
+                          AES_BLOCK_SIZE)
+        || outlen != AES_BLOCK_SIZE)
+        return 0;
+    if (ctr->keylen != 16)
+        if (!EVP_CipherUpdate(ctr->ctx, ctr->KX + 32, &outlen, ctr->KX + 16,
+                              AES_BLOCK_SIZE)
+            || outlen != AES_BLOCK_SIZE)
+            return 0;
+    return 1;
+}
+
+/*
+ * NB the no-df Update in SP800-90A specifies a constant input length
+ * of seedlen, however other uses of this algorithm pad the input with
+ * zeroes if necessary and have up to two parameters XORed together,
+ * so we handle both cases in this function instead.
+ */
+__owur static int ctr_update(RAND_DRBG *drbg,
+                             const unsigned char *in1, size_t in1len,
+                             const unsigned char *in2, size_t in2len,
+                             const unsigned char *nonce, size_t noncelen)
+{
+    RAND_DRBG_CTR *ctr = &drbg->data.ctr;
+    int outlen = AES_BLOCK_SIZE;
+
+    /* correct key is already set up. */
+    inc_128(ctr);
+    if (!EVP_CipherUpdate(ctr->ctx, ctr->K, &outlen, ctr->V, AES_BLOCK_SIZE)
+        || outlen != AES_BLOCK_SIZE)
+        return 0;
+
+    /* If keylen longer than 128 bits need extra encrypt */
+    if (ctr->keylen != 16) {
+        inc_128(ctr);
+        if (!EVP_CipherUpdate(ctr->ctx, ctr->K+16, &outlen, ctr->V,
+                              AES_BLOCK_SIZE)
+            || outlen != AES_BLOCK_SIZE)
+            return 0;
+    }
+    inc_128(ctr);
+    if (!EVP_CipherUpdate(ctr->ctx, ctr->V, &outlen, ctr->V, AES_BLOCK_SIZE)
+        || outlen != AES_BLOCK_SIZE)
+        return 0;
+
+    /* If 192 bit key part of V is on end of K */
+    if (ctr->keylen == 24) {
+        memcpy(ctr->V + 8, ctr->V, 8);
+        memcpy(ctr->V, ctr->K + 24, 8);
+    }
+
+    if ((drbg->flags & RAND_DRBG_FLAG_CTR_NO_DF) == 0) {
+        /* If no input reuse existing derived value */
+        if (in1 != NULL || nonce != NULL || in2 != NULL)
+            if (!ctr_df(ctr, in1, in1len, nonce, noncelen, in2, in2len))
+                return 0;
+        /* If this a reuse input in1len != 0 */
+        if (in1len)
+            ctr_XOR(ctr, ctr->KX, drbg->seedlen);
+    } else {
+        ctr_XOR(ctr, in1, in1len);
+        ctr_XOR(ctr, in2, in2len);
+    }
+
+    if (!EVP_CipherInit_ex(ctr->ctx, ctr->cipher, NULL, ctr->K, NULL, 1))
+        return 0;
+    return 1;
+}
+
+__owur static int drbg_ctr_instantiate(RAND_DRBG *drbg,
+                                       const unsigned char *entropy, size_t entropylen,
+                                       const unsigned char *nonce, size_t noncelen,
+                                       const unsigned char *pers, size_t perslen)
+{
+    RAND_DRBG_CTR *ctr = &drbg->data.ctr;
+
+    if (entropy == NULL)
+        return 0;
+
+    memset(ctr->K, 0, sizeof(ctr->K));
+    memset(ctr->V, 0, sizeof(ctr->V));
+    if (!EVP_CipherInit_ex(ctr->ctx, ctr->cipher, NULL, ctr->K, NULL, 1))
+        return 0;
+    if (!ctr_update(drbg, entropy, entropylen, pers, perslen, nonce, noncelen))
+        return 0;
+    return 1;
+}
+
+__owur static int drbg_ctr_reseed(RAND_DRBG *drbg,
+                                  const unsigned char *entropy, size_t entropylen,
+                                  const unsigned char *adin, size_t adinlen)
+{
+    if (entropy == NULL)
+        return 0;
+    if (!ctr_update(drbg, entropy, entropylen, adin, adinlen, NULL, 0))
+        return 0;
+    return 1;
+}
+
+__owur static int drbg_ctr_generate(RAND_DRBG *drbg,
+                                    unsigned char *out, size_t outlen,
+                                    const unsigned char *adin, size_t adinlen)
+{
+    RAND_DRBG_CTR *ctr = &drbg->data.ctr;
+
+    if (adin != NULL && adinlen != 0) {
+        if (!ctr_update(drbg, adin, adinlen, NULL, 0, NULL, 0))
+            return 0;
+        /* This means we reuse derived value */
+        if ((drbg->flags & RAND_DRBG_FLAG_CTR_NO_DF) == 0) {
+            adin = NULL;
+            adinlen = 1;
+        }
+    } else {
+        adinlen = 0;
+    }
+
+    for ( ; ; ) {
+        int outl = AES_BLOCK_SIZE;
+
+        inc_128(ctr);
+        if (outlen < 16) {
+            /* Use K as temp space as it will be updated */
+            if (!EVP_CipherUpdate(ctr->ctx, ctr->K, &outl, ctr->V,
+                                  AES_BLOCK_SIZE)
+                || outl != AES_BLOCK_SIZE)
+                return 0;
+            memcpy(out, ctr->K, outlen);
+            break;
+        }
+        if (!EVP_CipherUpdate(ctr->ctx, out, &outl, ctr->V, AES_BLOCK_SIZE)
+            || outl != AES_BLOCK_SIZE)
+            return 0;
+        out += 16;
+        outlen -= 16;
+        if (outlen == 0)
+            break;
+    }
+
+    if (!ctr_update(drbg, adin, adinlen, NULL, 0, NULL, 0))
+        return 0;
+    return 1;
+}
+
+static int drbg_ctr_uninstantiate(RAND_DRBG *drbg)
+{
+    EVP_CIPHER_CTX_free(drbg->data.ctr.ctx);
+    EVP_CIPHER_CTX_free(drbg->data.ctr.ctx_df);
+    OPENSSL_cleanse(&drbg->data.ctr, sizeof(drbg->data.ctr));
+    return 1;
+}
+
+static RAND_DRBG_METHOD drbg_ctr_meth = {
+    drbg_ctr_instantiate,
+    drbg_ctr_reseed,
+    drbg_ctr_generate,
+    drbg_ctr_uninstantiate
+};
+
+int drbg_ctr_init(RAND_DRBG *drbg)
+{
+    RAND_DRBG_CTR *ctr = &drbg->data.ctr;
+    size_t keylen;
+
+    switch (drbg->type) {
+    default:
+        /* This can't happen, but silence the compiler warning. */
+        return 0;
+    case NID_aes_128_ctr:
+        keylen = 16;
+        ctr->cipher = EVP_aes_128_ecb();
+        break;
+    case NID_aes_192_ctr:
+        keylen = 24;
+        ctr->cipher = EVP_aes_192_ecb();
+        break;
+    case NID_aes_256_ctr:
+        keylen = 32;
+        ctr->cipher = EVP_aes_256_ecb();
+        break;
+    }
+
+    drbg->meth = &drbg_ctr_meth;
+
+    ctr->keylen = keylen;
+    if (ctr->ctx == NULL)
+        ctr->ctx = EVP_CIPHER_CTX_new();
+    if (ctr->ctx == NULL)
+        return 0;
+    drbg->strength = keylen * 8;
+    drbg->seedlen = keylen + 16;
+
+    if ((drbg->flags & RAND_DRBG_FLAG_CTR_NO_DF) == 0) {
+        /* df initialisation */
+        static const unsigned char df_key[32] = {
+            0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+            0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+            0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+            0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
+        };
+
+        if (ctr->ctx_df == NULL)
+            ctr->ctx_df = EVP_CIPHER_CTX_new();
+        if (ctr->ctx_df == NULL)
+            return 0;
+        /* Set key schedule for df_key */
+        if (!EVP_CipherInit_ex(ctr->ctx_df, ctr->cipher, NULL, df_key, NULL, 1))
+            return 0;
+
+        drbg->min_entropylen = ctr->keylen;
+        drbg->max_entropylen = DRBG_MAX_LENGTH;
+        drbg->min_noncelen = drbg->min_entropylen / 2;
+        drbg->max_noncelen = DRBG_MAX_LENGTH;
+        drbg->max_perslen = DRBG_MAX_LENGTH;
+        drbg->max_adinlen = DRBG_MAX_LENGTH;
+    } else {
+        drbg->min_entropylen = drbg->seedlen;
+        drbg->max_entropylen = drbg->seedlen;
+        /* Nonce not used */
+        drbg->min_noncelen = 0;
+        drbg->max_noncelen = 0;
+        drbg->max_perslen = drbg->seedlen;
+        drbg->max_adinlen = drbg->seedlen;
+    }
+
+    drbg->max_request = 1 << 16;
+
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rand/drbg_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rand/drbg_lib.c
new file mode 100644
index 000000000..a13282181
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rand/drbg_lib.c
@@ -0,0 +1,1159 @@
+/*
+ * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#include "rand_lcl.h"
+#include "internal/thread_once.h"
+#include "internal/rand_int.h"
+#include "internal/cryptlib_int.h"
+
+/*
+ * Support framework for NIST SP 800-90A DRBG
+ *
+ * See manual page RAND_DRBG(7) for a general overview.
+ *
+ * The OpenSSL model is to have new and free functions, and that new
+ * does all initialization.  That is not the NIST model, which has
+ * instantiation and un-instantiate, and re-use within a new/free
+ * lifecycle.  (No doubt this comes from the desire to support hardware
+ * DRBG, where allocation of resources on something like an HSM is
+ * a much bigger deal than just re-setting an allocated resource.)
+ */
+
+/*
+ * The three shared DRBG instances
+ *
+ * There are three shared DRBG instances: <master>, <public>, and <private>.
+ */
+
+/*
+ * The <master> DRBG
+ *
+ * Not used directly by the application, only for reseeding the two other
+ * DRBGs. It reseeds itself by pulling either randomness from os entropy
+ * sources or by consuming randomness which was added by RAND_add().
+ *
+ * The <master> DRBG is a global instance which is accessed concurrently by
+ * all threads. The necessary locking is managed automatically by its child
+ * DRBG instances during reseeding.
+ */
+static RAND_DRBG *master_drbg;
+/*
+ * The <public> DRBG
+ *
+ * Used by default for generating random bytes using RAND_bytes().
+ *
+ * The <public> DRBG is thread-local, i.e., there is one instance per thread.
+ */
+static CRYPTO_THREAD_LOCAL public_drbg;
+/*
+ * The <private> DRBG
+ *
+ * Used by default for generating private keys using RAND_priv_bytes()
+ *
+ * The <private> DRBG is thread-local, i.e., there is one instance per thread.
+ */
+static CRYPTO_THREAD_LOCAL private_drbg;
+
+
+
+/* NIST SP 800-90A DRBG recommends the use of a personalization string. */
+static const char ossl_pers_string[] = "OpenSSL NIST SP 800-90A DRBG";
+
+static CRYPTO_ONCE rand_drbg_init = CRYPTO_ONCE_STATIC_INIT;
+
+
+
+static int rand_drbg_type = RAND_DRBG_TYPE;
+static unsigned int rand_drbg_flags = RAND_DRBG_FLAGS;
+
+static unsigned int master_reseed_interval = MASTER_RESEED_INTERVAL;
+static unsigned int slave_reseed_interval  = SLAVE_RESEED_INTERVAL;
+
+static time_t master_reseed_time_interval = MASTER_RESEED_TIME_INTERVAL;
+static time_t slave_reseed_time_interval  = SLAVE_RESEED_TIME_INTERVAL;
+
+/* A logical OR of all used DRBG flag bits (currently there is only one) */
+static const unsigned int rand_drbg_used_flags =
+    RAND_DRBG_FLAG_CTR_NO_DF;
+
+static RAND_DRBG *drbg_setup(RAND_DRBG *parent);
+
+static RAND_DRBG *rand_drbg_new(int secure,
+                                int type,
+                                unsigned int flags,
+                                RAND_DRBG *parent);
+
+/*
+ * Set/initialize |drbg| to be of type |type|, with optional |flags|.
+ *
+ * If |type| and |flags| are zero, use the defaults
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int RAND_DRBG_set(RAND_DRBG *drbg, int type, unsigned int flags)
+{
+    int ret = 1;
+
+    if (type == 0 && flags == 0) {
+        type = rand_drbg_type;
+        flags = rand_drbg_flags;
+    }
+
+    /* If set is called multiple times - clear the old one */
+    if (drbg->type != 0 && (type != drbg->type || flags != drbg->flags)) {
+        drbg->meth->uninstantiate(drbg);
+        rand_pool_free(drbg->adin_pool);
+        drbg->adin_pool = NULL;
+    }
+
+    drbg->state = DRBG_UNINITIALISED;
+    drbg->flags = flags;
+    drbg->type = type;
+
+    switch (type) {
+    default:
+        drbg->type = 0;
+        drbg->flags = 0;
+        drbg->meth = NULL;
+        RANDerr(RAND_F_RAND_DRBG_SET, RAND_R_UNSUPPORTED_DRBG_TYPE);
+        return 0;
+    case 0:
+        /* Uninitialized; that's okay. */
+        drbg->meth = NULL;
+        return 1;
+    case NID_aes_128_ctr:
+    case NID_aes_192_ctr:
+    case NID_aes_256_ctr:
+        ret = drbg_ctr_init(drbg);
+        break;
+    }
+
+    if (ret == 0) {
+        drbg->state = DRBG_ERROR;
+        RANDerr(RAND_F_RAND_DRBG_SET, RAND_R_ERROR_INITIALISING_DRBG);
+    }
+    return ret;
+}
+
+/*
+ * Set/initialize default |type| and |flag| for new drbg instances.
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int RAND_DRBG_set_defaults(int type, unsigned int flags)
+{
+    int ret = 1;
+
+    switch (type) {
+    default:
+        RANDerr(RAND_F_RAND_DRBG_SET_DEFAULTS, RAND_R_UNSUPPORTED_DRBG_TYPE);
+        return 0;
+    case NID_aes_128_ctr:
+    case NID_aes_192_ctr:
+    case NID_aes_256_ctr:
+        break;
+    }
+
+    if ((flags & ~rand_drbg_used_flags) != 0) {
+        RANDerr(RAND_F_RAND_DRBG_SET_DEFAULTS, RAND_R_UNSUPPORTED_DRBG_FLAGS);
+        return 0;
+    }
+
+    rand_drbg_type  = type;
+    rand_drbg_flags = flags;
+
+    return ret;
+}
+
+
+/*
+ * Allocate memory and initialize a new DRBG. The DRBG is allocated on
+ * the secure heap if |secure| is nonzero and the secure heap is enabled.
+ * The |parent|, if not NULL, will be used as random source for reseeding.
+ *
+ * Returns a pointer to the new DRBG instance on success, NULL on failure.
+ */
+static RAND_DRBG *rand_drbg_new(int secure,
+                                int type,
+                                unsigned int flags,
+                                RAND_DRBG *parent)
+{
+    RAND_DRBG *drbg = secure ?
+        OPENSSL_secure_zalloc(sizeof(*drbg)) : OPENSSL_zalloc(sizeof(*drbg));
+
+    if (drbg == NULL) {
+        RANDerr(RAND_F_RAND_DRBG_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    drbg->secure = secure && CRYPTO_secure_allocated(drbg);
+    drbg->fork_count = rand_fork_count;
+    drbg->parent = parent;
+
+    if (parent == NULL) {
+        drbg->get_entropy = rand_drbg_get_entropy;
+        drbg->cleanup_entropy = rand_drbg_cleanup_entropy;
+#ifndef RAND_DRBG_GET_RANDOM_NONCE
+        drbg->get_nonce = rand_drbg_get_nonce;
+        drbg->cleanup_nonce = rand_drbg_cleanup_nonce;
+#endif
+
+        drbg->reseed_interval = master_reseed_interval;
+        drbg->reseed_time_interval = master_reseed_time_interval;
+    } else {
+        drbg->get_entropy = rand_drbg_get_entropy;
+        drbg->cleanup_entropy = rand_drbg_cleanup_entropy;
+        /*
+         * Do not provide nonce callbacks, the child DRBGs will
+         * obtain their nonce using random bits from the parent.
+         */
+
+        drbg->reseed_interval = slave_reseed_interval;
+        drbg->reseed_time_interval = slave_reseed_time_interval;
+    }
+
+    if (RAND_DRBG_set(drbg, type, flags) == 0)
+        goto err;
+
+    if (parent != NULL) {
+        rand_drbg_lock(parent);
+        if (drbg->strength > parent->strength) {
+            /*
+             * We currently don't support the algorithm from NIST SP 800-90C
+             * 10.1.2 to use a weaker DRBG as source
+             */
+            rand_drbg_unlock(parent);
+            RANDerr(RAND_F_RAND_DRBG_NEW, RAND_R_PARENT_STRENGTH_TOO_WEAK);
+            goto err;
+        }
+        rand_drbg_unlock(parent);
+    }
+
+    return drbg;
+
+ err:
+    RAND_DRBG_free(drbg);
+
+    return NULL;
+}
+
+RAND_DRBG *RAND_DRBG_new(int type, unsigned int flags, RAND_DRBG *parent)
+{
+    return rand_drbg_new(0, type, flags, parent);
+}
+
+RAND_DRBG *RAND_DRBG_secure_new(int type, unsigned int flags, RAND_DRBG *parent)
+{
+    return rand_drbg_new(1, type, flags, parent);
+}
+
+/*
+ * Uninstantiate |drbg| and free all memory.
+ */
+void RAND_DRBG_free(RAND_DRBG *drbg)
+{
+    if (drbg == NULL)
+        return;
+
+    if (drbg->meth != NULL)
+        drbg->meth->uninstantiate(drbg);
+    rand_pool_free(drbg->adin_pool);
+    CRYPTO_THREAD_lock_free(drbg->lock);
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DRBG, drbg, &drbg->ex_data);
+
+    if (drbg->secure)
+        OPENSSL_secure_clear_free(drbg, sizeof(*drbg));
+    else
+        OPENSSL_clear_free(drbg, sizeof(*drbg));
+}
+
+/*
+ * Instantiate |drbg|, after it has been initialized.  Use |pers| and
+ * |perslen| as prediction-resistance input.
+ *
+ * Requires that drbg->lock is already locked for write, if non-null.
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int RAND_DRBG_instantiate(RAND_DRBG *drbg,
+                          const unsigned char *pers, size_t perslen)
+{
+    unsigned char *nonce = NULL, *entropy = NULL;
+    size_t noncelen = 0, entropylen = 0;
+    size_t min_entropy = drbg->strength;
+    size_t min_entropylen = drbg->min_entropylen;
+    size_t max_entropylen = drbg->max_entropylen;
+
+    if (perslen > drbg->max_perslen) {
+        RANDerr(RAND_F_RAND_DRBG_INSTANTIATE,
+                RAND_R_PERSONALISATION_STRING_TOO_LONG);
+        goto end;
+    }
+
+    if (drbg->meth == NULL) {
+        RANDerr(RAND_F_RAND_DRBG_INSTANTIATE,
+                RAND_R_NO_DRBG_IMPLEMENTATION_SELECTED);
+        goto end;
+    }
+
+    if (drbg->state != DRBG_UNINITIALISED) {
+        RANDerr(RAND_F_RAND_DRBG_INSTANTIATE,
+                drbg->state == DRBG_ERROR ? RAND_R_IN_ERROR_STATE
+                                          : RAND_R_ALREADY_INSTANTIATED);
+        goto end;
+    }
+
+    drbg->state = DRBG_ERROR;
+
+    /*
+     * NIST SP800-90Ar1 section 9.1 says you can combine getting the entropy
+     * and nonce in 1 call by increasing the entropy with 50% and increasing
+     * the minimum length to accomadate the length of the nonce.
+     * We do this in case a nonce is require and get_nonce is NULL.
+     */
+    if (drbg->min_noncelen > 0 && drbg->get_nonce == NULL) {
+        min_entropy += drbg->strength / 2;
+        min_entropylen += drbg->min_noncelen;
+        max_entropylen += drbg->max_noncelen;
+    }
+
+    drbg->reseed_next_counter = tsan_load(&drbg->reseed_prop_counter);
+    if (drbg->reseed_next_counter) {
+        drbg->reseed_next_counter++;
+        if(!drbg->reseed_next_counter)
+            drbg->reseed_next_counter = 1;
+    }
+
+    if (drbg->get_entropy != NULL)
+        entropylen = drbg->get_entropy(drbg, &entropy, min_entropy,
+                                       min_entropylen, max_entropylen, 0);
+    if (entropylen < min_entropylen
+            || entropylen > max_entropylen) {
+        RANDerr(RAND_F_RAND_DRBG_INSTANTIATE, RAND_R_ERROR_RETRIEVING_ENTROPY);
+        goto end;
+    }
+
+    if (drbg->min_noncelen > 0 && drbg->get_nonce != NULL) {
+        noncelen = drbg->get_nonce(drbg, &nonce, drbg->strength / 2,
+                                   drbg->min_noncelen, drbg->max_noncelen);
+        if (noncelen < drbg->min_noncelen || noncelen > drbg->max_noncelen) {
+            RANDerr(RAND_F_RAND_DRBG_INSTANTIATE, RAND_R_ERROR_RETRIEVING_NONCE);
+            goto end;
+        }
+    }
+
+    if (!drbg->meth->instantiate(drbg, entropy, entropylen,
+                         nonce, noncelen, pers, perslen)) {
+        RANDerr(RAND_F_RAND_DRBG_INSTANTIATE, RAND_R_ERROR_INSTANTIATING_DRBG);
+        goto end;
+    }
+
+    drbg->state = DRBG_READY;
+    drbg->reseed_gen_counter = 1;
+    drbg->reseed_time = time(NULL);
+    tsan_store(&drbg->reseed_prop_counter, drbg->reseed_next_counter);
+
+ end:
+    if (entropy != NULL && drbg->cleanup_entropy != NULL)
+        drbg->cleanup_entropy(drbg, entropy, entropylen);
+    if (nonce != NULL && drbg->cleanup_nonce != NULL)
+        drbg->cleanup_nonce(drbg, nonce, noncelen);
+    if (drbg->state == DRBG_READY)
+        return 1;
+    return 0;
+}
+
+/*
+ * Uninstantiate |drbg|. Must be instantiated before it can be used.
+ *
+ * Requires that drbg->lock is already locked for write, if non-null.
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int RAND_DRBG_uninstantiate(RAND_DRBG *drbg)
+{
+    if (drbg->meth == NULL) {
+        drbg->state = DRBG_ERROR;
+        RANDerr(RAND_F_RAND_DRBG_UNINSTANTIATE,
+                RAND_R_NO_DRBG_IMPLEMENTATION_SELECTED);
+        return 0;
+    }
+
+    /* Clear the entire drbg->ctr struct, then reset some important
+     * members of the drbg->ctr struct (e.g. keysize, df_ks) to their
+     * initial values.
+     */
+    drbg->meth->uninstantiate(drbg);
+    return RAND_DRBG_set(drbg, drbg->type, drbg->flags);
+}
+
+/*
+ * Reseed |drbg|, mixing in the specified data
+ *
+ * Requires that drbg->lock is already locked for write, if non-null.
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int RAND_DRBG_reseed(RAND_DRBG *drbg,
+                     const unsigned char *adin, size_t adinlen,
+                     int prediction_resistance)
+{
+    unsigned char *entropy = NULL;
+    size_t entropylen = 0;
+
+    if (drbg->state == DRBG_ERROR) {
+        RANDerr(RAND_F_RAND_DRBG_RESEED, RAND_R_IN_ERROR_STATE);
+        return 0;
+    }
+    if (drbg->state == DRBG_UNINITIALISED) {
+        RANDerr(RAND_F_RAND_DRBG_RESEED, RAND_R_NOT_INSTANTIATED);
+        return 0;
+    }
+
+    if (adin == NULL) {
+        adinlen = 0;
+    } else if (adinlen > drbg->max_adinlen) {
+        RANDerr(RAND_F_RAND_DRBG_RESEED, RAND_R_ADDITIONAL_INPUT_TOO_LONG);
+        return 0;
+    }
+
+    drbg->state = DRBG_ERROR;
+
+    drbg->reseed_next_counter = tsan_load(&drbg->reseed_prop_counter);
+    if (drbg->reseed_next_counter) {
+        drbg->reseed_next_counter++;
+        if(!drbg->reseed_next_counter)
+            drbg->reseed_next_counter = 1;
+    }
+
+    if (drbg->get_entropy != NULL)
+        entropylen = drbg->get_entropy(drbg, &entropy, drbg->strength,
+                                       drbg->min_entropylen,
+                                       drbg->max_entropylen,
+                                       prediction_resistance);
+    if (entropylen < drbg->min_entropylen
+            || entropylen > drbg->max_entropylen) {
+        RANDerr(RAND_F_RAND_DRBG_RESEED, RAND_R_ERROR_RETRIEVING_ENTROPY);
+        goto end;
+    }
+
+    if (!drbg->meth->reseed(drbg, entropy, entropylen, adin, adinlen))
+        goto end;
+
+    drbg->state = DRBG_READY;
+    drbg->reseed_gen_counter = 1;
+    drbg->reseed_time = time(NULL);
+    tsan_store(&drbg->reseed_prop_counter, drbg->reseed_next_counter);
+
+ end:
+    if (entropy != NULL && drbg->cleanup_entropy != NULL)
+        drbg->cleanup_entropy(drbg, entropy, entropylen);
+    if (drbg->state == DRBG_READY)
+        return 1;
+    return 0;
+}
+
+/*
+ * Restart |drbg|, using the specified entropy or additional input
+ *
+ * Tries its best to get the drbg instantiated by all means,
+ * regardless of its current state.
+ *
+ * Optionally, a |buffer| of |len| random bytes can be passed,
+ * which is assumed to contain at least |entropy| bits of entropy.
+ *
+ * If |entropy| > 0, the buffer content is used as entropy input.
+ *
+ * If |entropy| == 0, the buffer content is used as additional input
+ *
+ * Returns 1 on success, 0 on failure.
+ *
+ * This function is used internally only.
+ */
+int rand_drbg_restart(RAND_DRBG *drbg,
+                      const unsigned char *buffer, size_t len, size_t entropy)
+{
+    int reseeded = 0;
+    const unsigned char *adin = NULL;
+    size_t adinlen = 0;
+
+    if (drbg->seed_pool != NULL) {
+        RANDerr(RAND_F_RAND_DRBG_RESTART, ERR_R_INTERNAL_ERROR);
+        drbg->state = DRBG_ERROR;
+        rand_pool_free(drbg->seed_pool);
+        drbg->seed_pool = NULL;
+        return 0;
+    }
+
+    if (buffer != NULL) {
+        if (entropy > 0) {
+            if (drbg->max_entropylen < len) {
+                RANDerr(RAND_F_RAND_DRBG_RESTART,
+                    RAND_R_ENTROPY_INPUT_TOO_LONG);
+                drbg->state = DRBG_ERROR;
+                return 0;
+            }
+
+            if (entropy > 8 * len) {
+                RANDerr(RAND_F_RAND_DRBG_RESTART, RAND_R_ENTROPY_OUT_OF_RANGE);
+                drbg->state = DRBG_ERROR;
+                return 0;
+            }
+
+            /* will be picked up by the rand_drbg_get_entropy() callback */
+            drbg->seed_pool = rand_pool_attach(buffer, len, entropy);
+            if (drbg->seed_pool == NULL)
+                return 0;
+        } else {
+            if (drbg->max_adinlen < len) {
+                RANDerr(RAND_F_RAND_DRBG_RESTART,
+                        RAND_R_ADDITIONAL_INPUT_TOO_LONG);
+                drbg->state = DRBG_ERROR;
+                return 0;
+            }
+            adin = buffer;
+            adinlen = len;
+        }
+    }
+
+    /* repair error state */
+    if (drbg->state == DRBG_ERROR)
+        RAND_DRBG_uninstantiate(drbg);
+
+    /* repair uninitialized state */
+    if (drbg->state == DRBG_UNINITIALISED) {
+        /* reinstantiate drbg */
+        RAND_DRBG_instantiate(drbg,
+                              (const unsigned char *) ossl_pers_string,
+                              sizeof(ossl_pers_string) - 1);
+        /* already reseeded. prevent second reseeding below */
+        reseeded = (drbg->state == DRBG_READY);
+    }
+
+    /* refresh current state if entropy or additional input has been provided */
+    if (drbg->state == DRBG_READY) {
+        if (adin != NULL) {
+            /*
+             * mix in additional input without reseeding
+             *
+             * Similar to RAND_DRBG_reseed(), but the provided additional
+             * data |adin| is mixed into the current state without pulling
+             * entropy from the trusted entropy source using get_entropy().
+             * This is not a reseeding in the strict sense of NIST SP 800-90A.
+             */
+            drbg->meth->reseed(drbg, adin, adinlen, NULL, 0);
+        } else if (reseeded == 0) {
+            /* do a full reseeding if it has not been done yet above */
+            RAND_DRBG_reseed(drbg, NULL, 0, 0);
+        }
+    }
+
+    rand_pool_free(drbg->seed_pool);
+    drbg->seed_pool = NULL;
+
+    return drbg->state == DRBG_READY;
+}
+
+/*
+ * Generate |outlen| bytes into the buffer at |out|.  Reseed if we need
+ * to or if |prediction_resistance| is set.  Additional input can be
+ * sent in |adin| and |adinlen|.
+ *
+ * Requires that drbg->lock is already locked for write, if non-null.
+ *
+ * Returns 1 on success, 0 on failure.
+ *
+ */
+int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen,
+                       int prediction_resistance,
+                       const unsigned char *adin, size_t adinlen)
+{
+    int reseed_required = 0;
+
+    if (drbg->state != DRBG_READY) {
+        /* try to recover from previous errors */
+        rand_drbg_restart(drbg, NULL, 0, 0);
+
+        if (drbg->state == DRBG_ERROR) {
+            RANDerr(RAND_F_RAND_DRBG_GENERATE, RAND_R_IN_ERROR_STATE);
+            return 0;
+        }
+        if (drbg->state == DRBG_UNINITIALISED) {
+            RANDerr(RAND_F_RAND_DRBG_GENERATE, RAND_R_NOT_INSTANTIATED);
+            return 0;
+        }
+    }
+
+    if (outlen > drbg->max_request) {
+        RANDerr(RAND_F_RAND_DRBG_GENERATE, RAND_R_REQUEST_TOO_LARGE_FOR_DRBG);
+        return 0;
+    }
+    if (adinlen > drbg->max_adinlen) {
+        RANDerr(RAND_F_RAND_DRBG_GENERATE, RAND_R_ADDITIONAL_INPUT_TOO_LONG);
+        return 0;
+    }
+
+    if (drbg->fork_count != rand_fork_count) {
+        drbg->fork_count = rand_fork_count;
+        reseed_required = 1;
+    }
+
+    if (drbg->reseed_interval > 0) {
+        if (drbg->reseed_gen_counter >= drbg->reseed_interval)
+            reseed_required = 1;
+    }
+    if (drbg->reseed_time_interval > 0) {
+        time_t now = time(NULL);
+        if (now < drbg->reseed_time
+            || now - drbg->reseed_time >= drbg->reseed_time_interval)
+            reseed_required = 1;
+    }
+    if (drbg->parent != NULL) {
+        unsigned int reseed_counter = tsan_load(&drbg->reseed_prop_counter);
+        if (reseed_counter > 0
+                && tsan_load(&drbg->parent->reseed_prop_counter)
+                   != reseed_counter)
+            reseed_required = 1;
+    }
+
+    if (reseed_required || prediction_resistance) {
+        if (!RAND_DRBG_reseed(drbg, adin, adinlen, prediction_resistance)) {
+            RANDerr(RAND_F_RAND_DRBG_GENERATE, RAND_R_RESEED_ERROR);
+            return 0;
+        }
+        adin = NULL;
+        adinlen = 0;
+    }
+
+    if (!drbg->meth->generate(drbg, out, outlen, adin, adinlen)) {
+        drbg->state = DRBG_ERROR;
+        RANDerr(RAND_F_RAND_DRBG_GENERATE, RAND_R_GENERATE_ERROR);
+        return 0;
+    }
+
+    drbg->reseed_gen_counter++;
+
+    return 1;
+}
+
+/*
+ * Generates |outlen| random bytes and stores them in |out|. It will
+ * using the given |drbg| to generate the bytes.
+ *
+ * Requires that drbg->lock is already locked for write, if non-null.
+ *
+ * Returns 1 on success 0 on failure.
+ */
+int RAND_DRBG_bytes(RAND_DRBG *drbg, unsigned char *out, size_t outlen)
+{
+    unsigned char *additional = NULL;
+    size_t additional_len;
+    size_t chunk;
+    size_t ret = 0;
+
+    if (drbg->adin_pool == NULL) {
+        if (drbg->type == 0)
+            goto err;
+        drbg->adin_pool = rand_pool_new(0, 0, drbg->max_adinlen);
+        if (drbg->adin_pool == NULL)
+            goto err;
+    }
+
+    additional_len = rand_drbg_get_additional_data(drbg->adin_pool,
+                                                   &additional);
+
+    for ( ; outlen > 0; outlen -= chunk, out += chunk) {
+        chunk = outlen;
+        if (chunk > drbg->max_request)
+            chunk = drbg->max_request;
+        ret = RAND_DRBG_generate(drbg, out, chunk, 0, additional, additional_len);
+        if (!ret)
+            goto err;
+    }
+    ret = 1;
+
+ err:
+    if (additional != NULL)
+        rand_drbg_cleanup_additional_data(drbg->adin_pool, additional);
+
+    return ret;
+}
+
+/*
+ * Set the RAND_DRBG callbacks for obtaining entropy and nonce.
+ *
+ * Setting the callbacks is allowed only if the drbg has not been
+ * initialized yet. Otherwise, the operation will fail.
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int RAND_DRBG_set_callbacks(RAND_DRBG *drbg,
+                            RAND_DRBG_get_entropy_fn get_entropy,
+                            RAND_DRBG_cleanup_entropy_fn cleanup_entropy,
+                            RAND_DRBG_get_nonce_fn get_nonce,
+                            RAND_DRBG_cleanup_nonce_fn cleanup_nonce)
+{
+    if (drbg->state != DRBG_UNINITIALISED
+            || drbg->parent != NULL)
+        return 0;
+    drbg->get_entropy = get_entropy;
+    drbg->cleanup_entropy = cleanup_entropy;
+    drbg->get_nonce = get_nonce;
+    drbg->cleanup_nonce = cleanup_nonce;
+    return 1;
+}
+
+/*
+ * Set the reseed interval.
+ *
+ * The drbg will reseed automatically whenever the number of generate
+ * requests exceeds the given reseed interval. If the reseed interval
+ * is 0, then this feature is disabled.
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int RAND_DRBG_set_reseed_interval(RAND_DRBG *drbg, unsigned int interval)
+{
+    if (interval > MAX_RESEED_INTERVAL)
+        return 0;
+    drbg->reseed_interval = interval;
+    return 1;
+}
+
+/*
+ * Set the reseed time interval.
+ *
+ * The drbg will reseed automatically whenever the time elapsed since
+ * the last reseeding exceeds the given reseed time interval. For safety,
+ * a reseeding will also occur if the clock has been reset to a smaller
+ * value.
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int RAND_DRBG_set_reseed_time_interval(RAND_DRBG *drbg, time_t interval)
+{
+    if (interval > MAX_RESEED_TIME_INTERVAL)
+        return 0;
+    drbg->reseed_time_interval = interval;
+    return 1;
+}
+
+/*
+ * Set the default values for reseed (time) intervals of new DRBG instances
+ *
+ * The default values can be set independently for master DRBG instances
+ * (without a parent) and slave DRBG instances (with parent).
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+
+int RAND_DRBG_set_reseed_defaults(
+                                  unsigned int _master_reseed_interval,
+                                  unsigned int _slave_reseed_interval,
+                                  time_t _master_reseed_time_interval,
+                                  time_t _slave_reseed_time_interval
+                                  )
+{
+    if (_master_reseed_interval > MAX_RESEED_INTERVAL
+        || _slave_reseed_interval > MAX_RESEED_INTERVAL)
+        return 0;
+
+    if (_master_reseed_time_interval > MAX_RESEED_TIME_INTERVAL
+        || _slave_reseed_time_interval > MAX_RESEED_TIME_INTERVAL)
+        return 0;
+
+    master_reseed_interval = _master_reseed_interval;
+    slave_reseed_interval = _slave_reseed_interval;
+
+    master_reseed_time_interval = _master_reseed_time_interval;
+    slave_reseed_time_interval = _slave_reseed_time_interval;
+
+    return 1;
+}
+
+/*
+ * Locks the given drbg. Locking a drbg which does not have locking
+ * enabled is considered a successful no-op.
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int rand_drbg_lock(RAND_DRBG *drbg)
+{
+    if (drbg->lock != NULL)
+        return CRYPTO_THREAD_write_lock(drbg->lock);
+
+    return 1;
+}
+
+/*
+ * Unlocks the given drbg. Unlocking a drbg which does not have locking
+ * enabled is considered a successful no-op.
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int rand_drbg_unlock(RAND_DRBG *drbg)
+{
+    if (drbg->lock != NULL)
+        return CRYPTO_THREAD_unlock(drbg->lock);
+
+    return 1;
+}
+
+/*
+ * Enables locking for the given drbg
+ *
+ * Locking can only be enabled if the random generator
+ * is in the uninitialized state.
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int rand_drbg_enable_locking(RAND_DRBG *drbg)
+{
+    if (drbg->state != DRBG_UNINITIALISED) {
+        RANDerr(RAND_F_RAND_DRBG_ENABLE_LOCKING,
+                RAND_R_DRBG_ALREADY_INITIALIZED);
+        return 0;
+    }
+
+    if (drbg->lock == NULL) {
+        if (drbg->parent != NULL && drbg->parent->lock == NULL) {
+            RANDerr(RAND_F_RAND_DRBG_ENABLE_LOCKING,
+                    RAND_R_PARENT_LOCKING_NOT_ENABLED);
+            return 0;
+        }
+
+        drbg->lock = CRYPTO_THREAD_lock_new();
+        if (drbg->lock == NULL) {
+            RANDerr(RAND_F_RAND_DRBG_ENABLE_LOCKING,
+                    RAND_R_FAILED_TO_CREATE_LOCK);
+            return 0;
+        }
+    }
+
+    return 1;
+}
+
+/*
+ * Get and set the EXDATA
+ */
+int RAND_DRBG_set_ex_data(RAND_DRBG *drbg, int idx, void *arg)
+{
+    return CRYPTO_set_ex_data(&drbg->ex_data, idx, arg);
+}
+
+void *RAND_DRBG_get_ex_data(const RAND_DRBG *drbg, int idx)
+{
+    return CRYPTO_get_ex_data(&drbg->ex_data, idx);
+}
+
+
+/*
+ * The following functions provide a RAND_METHOD that works on the
+ * global DRBG.  They lock.
+ */
+
+/*
+ * Allocates a new global DRBG on the secure heap (if enabled) and
+ * initializes it with default settings.
+ *
+ * Returns a pointer to the new DRBG instance on success, NULL on failure.
+ */
+static RAND_DRBG *drbg_setup(RAND_DRBG *parent)
+{
+    RAND_DRBG *drbg;
+
+    drbg = RAND_DRBG_secure_new(rand_drbg_type, rand_drbg_flags, parent);
+    if (drbg == NULL)
+        return NULL;
+
+    /* Only the master DRBG needs to have a lock */
+    if (parent == NULL && rand_drbg_enable_locking(drbg) == 0)
+        goto err;
+
+    /* enable seed propagation */
+    tsan_store(&drbg->reseed_prop_counter, 1);
+
+    /*
+     * Ignore instantiation error to support just-in-time instantiation.
+     *
+     * The state of the drbg will be checked in RAND_DRBG_generate() and
+     * an automatic recovery is attempted.
+     */
+    (void)RAND_DRBG_instantiate(drbg,
+                                (const unsigned char *) ossl_pers_string,
+                                sizeof(ossl_pers_string) - 1);
+    return drbg;
+
+err:
+    RAND_DRBG_free(drbg);
+    return NULL;
+}
+
+/*
+ * Initialize the global DRBGs on first use.
+ * Returns 1 on success, 0 on failure.
+ */
+DEFINE_RUN_ONCE_STATIC(do_rand_drbg_init)
+{
+    /*
+     * ensure that libcrypto is initialized, otherwise the
+     * DRBG locks are not cleaned up properly
+     */
+    if (!OPENSSL_init_crypto(0, NULL))
+        return 0;
+
+    if (!CRYPTO_THREAD_init_local(&private_drbg, NULL))
+        return 0;
+
+    if (!CRYPTO_THREAD_init_local(&public_drbg, NULL))
+        goto err1;
+
+    master_drbg = drbg_setup(NULL);
+    if (master_drbg == NULL)
+        goto err2;
+
+    return 1;
+
+err2:
+    CRYPTO_THREAD_cleanup_local(&public_drbg);
+err1:
+    CRYPTO_THREAD_cleanup_local(&private_drbg);
+    return 0;
+}
+
+/* Clean up the global DRBGs before exit */
+void rand_drbg_cleanup_int(void)
+{
+    if (master_drbg != NULL) {
+        RAND_DRBG_free(master_drbg);
+        master_drbg = NULL;
+
+        CRYPTO_THREAD_cleanup_local(&private_drbg);
+        CRYPTO_THREAD_cleanup_local(&public_drbg);
+    }
+}
+
+void drbg_delete_thread_state(void)
+{
+    RAND_DRBG *drbg;
+
+    drbg = CRYPTO_THREAD_get_local(&public_drbg);
+    CRYPTO_THREAD_set_local(&public_drbg, NULL);
+    RAND_DRBG_free(drbg);
+
+    drbg = CRYPTO_THREAD_get_local(&private_drbg);
+    CRYPTO_THREAD_set_local(&private_drbg, NULL);
+    RAND_DRBG_free(drbg);
+}
+
+/* Implements the default OpenSSL RAND_bytes() method */
+static int drbg_bytes(unsigned char *out, int count)
+{
+    int ret;
+    RAND_DRBG *drbg = RAND_DRBG_get0_public();
+
+    if (drbg == NULL)
+        return 0;
+
+    ret = RAND_DRBG_bytes(drbg, out, count);
+
+    return ret;
+}
+
+/*
+ * Calculates the minimum length of a full entropy buffer
+ * which is necessary to seed (i.e. instantiate) the DRBG
+ * successfully.
+ */
+size_t rand_drbg_seedlen(RAND_DRBG *drbg)
+{
+    /*
+     * If no os entropy source is available then RAND_seed(buffer, bufsize)
+     * is expected to succeed if and only if the buffer length satisfies
+     * the following requirements, which follow from the calculations
+     * in RAND_DRBG_instantiate().
+     */
+    size_t min_entropy = drbg->strength;
+    size_t min_entropylen = drbg->min_entropylen;
+
+    /*
+     * Extra entropy for the random nonce in the absence of a
+     * get_nonce callback, see comment in RAND_DRBG_instantiate().
+     */
+    if (drbg->min_noncelen > 0 && drbg->get_nonce == NULL) {
+        min_entropy += drbg->strength / 2;
+        min_entropylen += drbg->min_noncelen;
+    }
+
+    /*
+     * Convert entropy requirement from bits to bytes
+     * (dividing by 8 without rounding upwards, because
+     * all entropy requirements are divisible by 8).
+     */
+    min_entropy >>= 3;
+
+    /* Return a value that satisfies both requirements */
+    return min_entropy > min_entropylen ? min_entropy : min_entropylen;
+}
+
+/* Implements the default OpenSSL RAND_add() method */
+static int drbg_add(const void *buf, int num, double randomness)
+{
+    int ret = 0;
+    RAND_DRBG *drbg = RAND_DRBG_get0_master();
+    size_t buflen;
+    size_t seedlen;
+
+    if (drbg == NULL)
+        return 0;
+
+    if (num < 0 || randomness < 0.0)
+        return 0;
+
+    rand_drbg_lock(drbg);
+    seedlen = rand_drbg_seedlen(drbg);
+
+    buflen = (size_t)num;
+
+    if (buflen < seedlen || randomness < (double) seedlen) {
+#if defined(OPENSSL_RAND_SEED_NONE)
+        /*
+         * If no os entropy source is available, a reseeding will fail
+         * inevitably. So we use a trick to mix the buffer contents into
+         * the DRBG state without forcing a reseeding: we generate a
+         * dummy random byte, using the buffer content as additional data.
+         * Note: This won't work with RAND_DRBG_FLAG_CTR_NO_DF.
+         */
+        unsigned char dummy[1];
+
+        ret = RAND_DRBG_generate(drbg, dummy, sizeof(dummy), 0, buf, buflen);
+        rand_drbg_unlock(drbg);
+        return ret;
+#else
+        /*
+         * If an os entropy source is avaible then we declare the buffer content
+         * as additional data by setting randomness to zero and trigger a regular
+         * reseeding.
+         */
+        randomness = 0.0;
+#endif
+    }
+
+
+    if (randomness > (double)seedlen) {
+        /*
+         * The purpose of this check is to bound |randomness| by a
+         * relatively small value in order to prevent an integer
+         * overflow when multiplying by 8 in the rand_drbg_restart()
+         * call below. Note that randomness is measured in bytes,
+         * not bits, so this value corresponds to eight times the
+         * security strength.
+         */
+        randomness = (double)seedlen;
+    }
+
+    ret = rand_drbg_restart(drbg, buf, buflen, (size_t)(8 * randomness));
+    rand_drbg_unlock(drbg);
+
+    return ret;
+}
+
+/* Implements the default OpenSSL RAND_seed() method */
+static int drbg_seed(const void *buf, int num)
+{
+    return drbg_add(buf, num, num);
+}
+
+/* Implements the default OpenSSL RAND_status() method */
+static int drbg_status(void)
+{
+    int ret;
+    RAND_DRBG *drbg = RAND_DRBG_get0_master();
+
+    if (drbg == NULL)
+        return 0;
+
+    rand_drbg_lock(drbg);
+    ret = drbg->state == DRBG_READY ? 1 : 0;
+    rand_drbg_unlock(drbg);
+    return ret;
+}
+
+/*
+ * Get the master DRBG.
+ * Returns pointer to the DRBG on success, NULL on failure.
+ *
+ */
+RAND_DRBG *RAND_DRBG_get0_master(void)
+{
+    if (!RUN_ONCE(&rand_drbg_init, do_rand_drbg_init))
+        return NULL;
+
+    return master_drbg;
+}
+
+/*
+ * Get the public DRBG.
+ * Returns pointer to the DRBG on success, NULL on failure.
+ */
+RAND_DRBG *RAND_DRBG_get0_public(void)
+{
+    RAND_DRBG *drbg;
+
+    if (!RUN_ONCE(&rand_drbg_init, do_rand_drbg_init))
+        return NULL;
+
+    drbg = CRYPTO_THREAD_get_local(&public_drbg);
+    if (drbg == NULL) {
+        if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_RAND))
+            return NULL;
+        drbg = drbg_setup(master_drbg);
+        CRYPTO_THREAD_set_local(&public_drbg, drbg);
+    }
+    return drbg;
+}
+
+/*
+ * Get the private DRBG.
+ * Returns pointer to the DRBG on success, NULL on failure.
+ */
+RAND_DRBG *RAND_DRBG_get0_private(void)
+{
+    RAND_DRBG *drbg;
+
+    if (!RUN_ONCE(&rand_drbg_init, do_rand_drbg_init))
+        return NULL;
+
+    drbg = CRYPTO_THREAD_get_local(&private_drbg);
+    if (drbg == NULL) {
+        if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_RAND))
+            return NULL;
+        drbg = drbg_setup(master_drbg);
+        CRYPTO_THREAD_set_local(&private_drbg, drbg);
+    }
+    return drbg;
+}
+
+RAND_METHOD rand_meth = {
+    drbg_seed,
+    drbg_bytes,
+    NULL,
+    drbg_add,
+    drbg_bytes,
+    drbg_status
+};
+
+RAND_METHOD *RAND_OpenSSL(void)
+{
+    return &rand_meth;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_egd.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_egd.c
new file mode 100644
index 000000000..da3017df3
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_egd.c
@@ -0,0 +1,158 @@
+/*
+ * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_EGD
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <openssl/crypto.h>
+# include <openssl/e_os2.h>
+# include <openssl/rand.h>
+
+/*
+ * Query an EGD
+ */
+
+# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_UEFI)
+int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
+{
+    return -1;
+}
+
+int RAND_egd(const char *path)
+{
+    return -1;
+}
+
+int RAND_egd_bytes(const char *path, int bytes)
+{
+    return -1;
+}
+
+# else
+
+#  include OPENSSL_UNISTD
+#  include <stddef.h>
+#  include <sys/types.h>
+#  include <sys/socket.h>
+#  ifndef NO_SYS_UN_H
+#   ifdef OPENSSL_SYS_VXWORKS
+#    include <streams/un.h>
+#   else
+#    include <sys/un.h>
+#   endif
+#  else
+struct sockaddr_un {
+    short sun_family;           /* AF_UNIX */
+    char sun_path[108];         /* path name (gag) */
+};
+#  endif                         /* NO_SYS_UN_H */
+#  include <string.h>
+#  include <errno.h>
+
+int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
+{
+    FILE *fp = NULL;
+    struct sockaddr_un addr;
+    int mybuffer, ret = -1, i, numbytes, fd;
+    unsigned char tempbuf[255];
+
+    if (bytes > (int)sizeof(tempbuf))
+        return -1;
+
+    /* Make socket. */
+    memset(&addr, 0, sizeof(addr));
+    addr.sun_family = AF_UNIX;
+    if (strlen(path) >= sizeof(addr.sun_path))
+        return -1;
+    strcpy(addr.sun_path, path);
+    i = offsetof(struct sockaddr_un, sun_path) + strlen(path);
+    fd = socket(AF_UNIX, SOCK_STREAM, 0);
+    if (fd == -1 || (fp = fdopen(fd, "r+")) == NULL)
+        return -1;
+    setbuf(fp, NULL);
+
+    /* Try to connect */
+    for ( ; ; ) {
+        if (connect(fd, (struct sockaddr *)&addr, i) == 0)
+            break;
+#  ifdef EISCONN
+        if (errno == EISCONN)
+            break;
+#  endif
+        switch (errno) {
+#  ifdef EINTR
+        case EINTR:
+#  endif
+#  ifdef EAGAIN
+        case EAGAIN:
+#  endif
+#  ifdef EINPROGRESS
+        case EINPROGRESS:
+#  endif
+#  ifdef EALREADY
+        case EALREADY:
+#  endif
+            /* No error, try again */
+            break;
+        default:
+            ret = -1;
+            goto err;
+        }
+    }
+
+    /* Make request, see how many bytes we can get back. */
+    tempbuf[0] = 1;
+    tempbuf[1] = bytes;
+    if (fwrite(tempbuf, sizeof(char), 2, fp) != 2 || fflush(fp) == EOF)
+        goto err;
+    if (fread(tempbuf, sizeof(char), 1, fp) != 1 || tempbuf[0] == 0)
+        goto err;
+    numbytes = tempbuf[0];
+
+    /* Which buffer are we using? */
+    mybuffer = buf == NULL;
+    if (mybuffer)
+        buf = tempbuf;
+
+    /* Read bytes. */
+    i = fread(buf, sizeof(char), numbytes, fp);
+    if (i < numbytes)
+        goto err;
+    ret = numbytes;
+    if (mybuffer)
+        RAND_add(tempbuf, i, i);
+
+ err:
+    if (fp != NULL)
+        fclose(fp);
+    return ret;
+}
+
+int RAND_egd_bytes(const char *path, int bytes)
+{
+    int num;
+
+    num = RAND_query_egd_bytes(path, NULL, bytes);
+    if (num < 0)
+        return -1;
+    if (RAND_status() != 1)
+        return -1;
+    return num;
+}
+
+int RAND_egd(const char *path)
+{
+    return RAND_egd_bytes(path, 255);
+}
+
+# endif
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_err.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_err.c
new file mode 100644
index 000000000..6a870455d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_err.c
@@ -0,0 +1,135 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/randerr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA RAND_str_functs[] = {
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_DRBG_BYTES, 0), "drbg_bytes"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_DRBG_GET_ENTROPY, 0), "drbg_get_entropy"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_DRBG_SETUP, 0), "drbg_setup"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_GET_ENTROPY, 0), "get_entropy"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_BYTES, 0), "RAND_bytes"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_ENABLE_LOCKING, 0),
+     "rand_drbg_enable_locking"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_GENERATE, 0),
+     "RAND_DRBG_generate"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_GET_ENTROPY, 0),
+     "rand_drbg_get_entropy"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_GET_NONCE, 0),
+     "rand_drbg_get_nonce"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_INSTANTIATE, 0),
+     "RAND_DRBG_instantiate"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_NEW, 0), "RAND_DRBG_new"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_RESEED, 0), "RAND_DRBG_reseed"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_RESTART, 0), "rand_drbg_restart"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_SET, 0), "RAND_DRBG_set"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_SET_DEFAULTS, 0),
+     "RAND_DRBG_set_defaults"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_UNINSTANTIATE, 0),
+     "RAND_DRBG_uninstantiate"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_LOAD_FILE, 0), "RAND_load_file"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ACQUIRE_ENTROPY, 0),
+     "rand_pool_acquire_entropy"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD, 0), "rand_pool_add"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD_BEGIN, 0),
+     "rand_pool_add_begin"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD_END, 0), "rand_pool_add_end"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ATTACH, 0), "rand_pool_attach"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_BYTES_NEEDED, 0),
+     "rand_pool_bytes_needed"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_NEW, 0), "rand_pool_new"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_WRITE_FILE, 0), "RAND_write_file"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA RAND_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ADDITIONAL_INPUT_TOO_LONG),
+    "additional input too long"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ALREADY_INSTANTIATED),
+    "already instantiated"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ARGUMENT_OUT_OF_RANGE),
+    "argument out of range"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_CANNOT_OPEN_FILE), "Cannot open file"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_DRBG_ALREADY_INITIALIZED),
+    "drbg already initialized"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_DRBG_NOT_INITIALISED),
+    "drbg not initialised"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ENTROPY_INPUT_TOO_LONG),
+    "entropy input too long"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ENTROPY_OUT_OF_RANGE),
+    "entropy out of range"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_ENTROPY_POOL_WAS_IGNORED),
+    "error entropy pool was ignored"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_INITIALISING_DRBG),
+    "error initialising drbg"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_INSTANTIATING_DRBG),
+    "error instantiating drbg"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_RETRIEVING_ADDITIONAL_INPUT),
+    "error retrieving additional input"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_RETRIEVING_ENTROPY),
+    "error retrieving entropy"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_RETRIEVING_NONCE),
+    "error retrieving nonce"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_FAILED_TO_CREATE_LOCK),
+    "failed to create lock"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_FUNC_NOT_IMPLEMENTED),
+    "Function not implemented"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_FWRITE_ERROR), "Error writing file"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_GENERATE_ERROR), "generate error"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_INTERNAL_ERROR), "internal error"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_IN_ERROR_STATE), "in error state"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_NOT_A_REGULAR_FILE),
+    "Not a regular file"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_NOT_INSTANTIATED), "not instantiated"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_NO_DRBG_IMPLEMENTATION_SELECTED),
+    "no drbg implementation selected"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PARENT_LOCKING_NOT_ENABLED),
+    "parent locking not enabled"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PARENT_STRENGTH_TOO_WEAK),
+    "parent strength too weak"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PERSONALISATION_STRING_TOO_LONG),
+    "personalisation string too long"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PREDICTION_RESISTANCE_NOT_SUPPORTED),
+    "prediction resistance not supported"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PRNG_NOT_SEEDED), "PRNG not seeded"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_RANDOM_POOL_OVERFLOW),
+    "random pool overflow"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_RANDOM_POOL_UNDERFLOW),
+    "random pool underflow"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_REQUEST_TOO_LARGE_FOR_DRBG),
+    "request too large for drbg"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_RESEED_ERROR), "reseed error"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_SELFTEST_FAILURE), "selftest failure"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_TOO_LITTLE_NONCE_REQUESTED),
+    "too little nonce requested"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_TOO_MUCH_NONCE_REQUESTED),
+    "too much nonce requested"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_UNSUPPORTED_DRBG_FLAGS),
+    "unsupported drbg flags"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_UNSUPPORTED_DRBG_TYPE),
+    "unsupported drbg type"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_RAND_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(RAND_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(RAND_str_functs);
+        ERR_load_strings_const(RAND_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_lcl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_lcl.h
new file mode 100644
index 000000000..c3e9804dc
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_lcl.h
@@ -0,0 +1,293 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_RAND_LCL_H
+# define HEADER_RAND_LCL_H
+
+# include <openssl/aes.h>
+# include <openssl/evp.h>
+# include <openssl/sha.h>
+# include <openssl/hmac.h>
+# include <openssl/ec.h>
+# include <openssl/rand_drbg.h>
+# include "internal/tsan_assist.h"
+
+# include "internal/numbers.h"
+
+/* How many times to read the TSC as a randomness source. */
+# define TSC_READ_COUNT                 4
+
+/* Maximum reseed intervals */
+# define MAX_RESEED_INTERVAL                     (1 << 24)
+# define MAX_RESEED_TIME_INTERVAL                (1 << 20) /* approx. 12 days */
+
+/* Default reseed intervals */
+# define MASTER_RESEED_INTERVAL                  (1 << 8)
+# define SLAVE_RESEED_INTERVAL                   (1 << 16)
+# define MASTER_RESEED_TIME_INTERVAL             (60*60)   /* 1 hour */
+# define SLAVE_RESEED_TIME_INTERVAL              (7*60)    /* 7 minutes */
+
+
+
+/*
+ * Maximum input size for the DRBG (entropy, nonce, personalization string)
+ *
+ * NIST SP800 90Ar1 allows a maximum of (1 << 35) bits i.e., (1 << 32) bytes.
+ *
+ * We lower it to 'only' INT32_MAX bytes, which is equivalent to 2 gigabytes.
+ */
+# define DRBG_MAX_LENGTH                         INT32_MAX
+
+
+
+/*
+ * Maximum allocation size for RANDOM_POOL buffers
+ *
+ * The max_len value for the buffer provided to the rand_drbg_get_entropy()
+ * callback is currently 2^31 bytes (2 gigabytes), if a derivation function
+ * is used. Since this is much too large to be allocated, the rand_pool_new()
+ * function chooses more modest values as default pool length, bounded
+ * by RAND_POOL_MIN_LENGTH and RAND_POOL_MAX_LENGTH
+ *
+ * The choice of the RAND_POOL_FACTOR is large enough such that the
+ * RAND_POOL can store a random input which has a lousy entropy rate of
+ * 8/256 (= 0.03125) bits per byte. This input will be sent through the
+ * derivation function which 'compresses' the low quality input into a
+ * high quality output.
+ *
+ * The factor 1.5 below is the pessimistic estimate for the extra amount
+ * of entropy required when no get_nonce() callback is defined.
+ */
+# define RAND_POOL_FACTOR        256
+# define RAND_POOL_MAX_LENGTH    (RAND_POOL_FACTOR * \
+                                  3 * (RAND_DRBG_STRENGTH / 16))
+/*
+ *                             = (RAND_POOL_FACTOR * \
+ *                                1.5 * (RAND_DRBG_STRENGTH / 8))
+ */
+
+
+/* DRBG status values */
+typedef enum drbg_status_e {
+    DRBG_UNINITIALISED,
+    DRBG_READY,
+    DRBG_ERROR
+} DRBG_STATUS;
+
+
+/* instantiate */
+typedef int (*RAND_DRBG_instantiate_fn)(RAND_DRBG *ctx,
+                                        const unsigned char *ent,
+                                        size_t entlen,
+                                        const unsigned char *nonce,
+                                        size_t noncelen,
+                                        const unsigned char *pers,
+                                        size_t perslen);
+/* reseed */
+typedef int (*RAND_DRBG_reseed_fn)(RAND_DRBG *ctx,
+                                   const unsigned char *ent,
+                                   size_t entlen,
+                                   const unsigned char *adin,
+                                   size_t adinlen);
+/* generate output */
+typedef int (*RAND_DRBG_generate_fn)(RAND_DRBG *ctx,
+                                     unsigned char *out,
+                                     size_t outlen,
+                                     const unsigned char *adin,
+                                     size_t adinlen);
+/* uninstantiate */
+typedef int (*RAND_DRBG_uninstantiate_fn)(RAND_DRBG *ctx);
+
+
+/*
+ * The DRBG methods
+ */
+
+typedef struct rand_drbg_method_st {
+    RAND_DRBG_instantiate_fn instantiate;
+    RAND_DRBG_reseed_fn reseed;
+    RAND_DRBG_generate_fn generate;
+    RAND_DRBG_uninstantiate_fn uninstantiate;
+} RAND_DRBG_METHOD;
+
+
+/*
+ * The state of a DRBG AES-CTR.
+ */
+typedef struct rand_drbg_ctr_st {
+    EVP_CIPHER_CTX *ctx;
+    EVP_CIPHER_CTX *ctx_df;
+    const EVP_CIPHER *cipher;
+    size_t keylen;
+    unsigned char K[32];
+    unsigned char V[16];
+    /* Temporary block storage used by ctr_df */
+    unsigned char bltmp[16];
+    size_t bltmp_pos;
+    unsigned char KX[48];
+} RAND_DRBG_CTR;
+
+
+/*
+ * The 'random pool' acts as a dumb container for collecting random
+ * input from various entropy sources. The pool has no knowledge about
+ * whether its randomness is fed into a legacy RAND_METHOD via RAND_add()
+ * or into a new style RAND_DRBG. It is the callers duty to 1) initialize the
+ * random pool, 2) pass it to the polling callbacks, 3) seed the RNG, and
+ * 4) cleanup the random pool again.
+ *
+ * The random pool contains no locking mechanism because its scope and
+ * lifetime is intended to be restricted to a single stack frame.
+ */
+struct rand_pool_st {
+    unsigned char *buffer;  /* points to the beginning of the random pool */
+    size_t len; /* current number of random bytes contained in the pool */
+
+    int attached;  /* true pool was attached to existing buffer */
+
+    size_t min_len; /* minimum number of random bytes requested */
+    size_t max_len; /* maximum number of random bytes (allocated buffer size) */
+    size_t entropy; /* current entropy count in bits */
+    size_t entropy_requested; /* requested entropy count in bits */
+};
+
+/*
+ * The state of all types of DRBGs, even though we only have CTR mode
+ * right now.
+ */
+struct rand_drbg_st {
+    CRYPTO_RWLOCK *lock;
+    RAND_DRBG *parent;
+    int secure; /* 1: allocated on the secure heap, 0: otherwise */
+    int type; /* the nid of the underlying algorithm */
+    /*
+     * Stores the value of the rand_fork_count global as of when we last
+     * reseeded.  The DRBG reseeds automatically whenever drbg->fork_count !=
+     * rand_fork_count.  Used to provide fork-safety and reseed this DRBG in
+     * the child process.
+     */
+    int fork_count;
+    unsigned short flags; /* various external flags */
+
+    /*
+     * The random_data is used by RAND_add()/drbg_add() to attach random
+     * data to the global drbg, such that the rand_drbg_get_entropy() callback
+     * can pull it during instantiation and reseeding. This is necessary to
+     * reconcile the different philosophies of the RAND and the RAND_DRBG
+     * with respect to how randomness is added to the RNG during reseeding
+     * (see PR #4328).
+     */
+    struct rand_pool_st *seed_pool;
+
+    /*
+     * Auxiliary pool for additional data.
+     */
+    struct rand_pool_st *adin_pool;
+
+    /*
+     * The following parameters are setup by the per-type "init" function.
+     *
+     * Currently the only type is CTR_DRBG, its init function is drbg_ctr_init().
+     *
+     * The parameters are closely related to the ones described in
+     * section '10.2.1 CTR_DRBG' of [NIST SP 800-90Ar1], with one
+     * crucial difference: In the NIST standard, all counts are given
+     * in bits, whereas in OpenSSL entropy counts are given in bits
+     * and buffer lengths are given in bytes.
+     *
+     * Since this difference has lead to some confusion in the past,
+     * (see [GitHub Issue #2443], formerly [rt.openssl.org #4055])
+     * the 'len' suffix has been added to all buffer sizes for
+     * clarification.
+     */
+
+    int strength;
+    size_t max_request;
+    size_t min_entropylen, max_entropylen;
+    size_t min_noncelen, max_noncelen;
+    size_t max_perslen, max_adinlen;
+
+    /* Counts the number of generate requests since the last reseed. */
+    unsigned int reseed_gen_counter;
+    /*
+     * Maximum number of generate requests until a reseed is required.
+     * This value is ignored if it is zero.
+     */
+    unsigned int reseed_interval;
+    /* Stores the time when the last reseeding occurred */
+    time_t reseed_time;
+    /*
+     * Specifies the maximum time interval (in seconds) between reseeds.
+     * This value is ignored if it is zero.
+     */
+    time_t reseed_time_interval;
+    /*
+     * Counts the number of reseeds since instantiation.
+     * This value is ignored if it is zero.
+     *
+     * This counter is used only for seed propagation from the <master> DRBG
+     * to its two children, the <public> and <private> DRBG. This feature is
+     * very special and its sole purpose is to ensure that any randomness which
+     * is added by RAND_add() or RAND_seed() will have an immediate effect on
+     * the output of RAND_bytes() resp. RAND_priv_bytes().
+     */
+    TSAN_QUALIFIER unsigned int reseed_prop_counter;
+    unsigned int reseed_next_counter;
+
+    size_t seedlen;
+    DRBG_STATUS state;
+
+    /* Application data, mainly used in the KATs. */
+    CRYPTO_EX_DATA ex_data;
+
+    /* Implementation specific data (currently only one implementation) */
+    union {
+        RAND_DRBG_CTR ctr;
+    } data;
+
+    /* Implementation specific methods */
+    RAND_DRBG_METHOD *meth;
+
+    /* Callback functions.  See comments in rand_lib.c */
+    RAND_DRBG_get_entropy_fn get_entropy;
+    RAND_DRBG_cleanup_entropy_fn cleanup_entropy;
+    RAND_DRBG_get_nonce_fn get_nonce;
+    RAND_DRBG_cleanup_nonce_fn cleanup_nonce;
+};
+
+/* The global RAND method, and the global buffer and DRBG instance. */
+extern RAND_METHOD rand_meth;
+
+/*
+ * A "generation count" of forks.  Incremented in the child process after a
+ * fork.  Since rand_fork_count is increment-only, and only ever written to in
+ * the child process of the fork, which is guaranteed to be single-threaded, no
+ * locking is needed for normal (read) accesses; the rest of pthread fork
+ * processing is assumed to introduce the necessary memory barriers.  Sibling
+ * children of a given parent will produce duplicate values, but this is not
+ * problematic because the reseeding process pulls input from the system CSPRNG
+ * and/or other global sources, so the siblings will end up generating
+ * different output streams.
+ */
+extern int rand_fork_count;
+
+/* DRBG helpers */
+int rand_drbg_restart(RAND_DRBG *drbg,
+                      const unsigned char *buffer, size_t len, size_t entropy);
+size_t rand_drbg_seedlen(RAND_DRBG *drbg);
+/* locking api */
+int rand_drbg_lock(RAND_DRBG *drbg);
+int rand_drbg_unlock(RAND_DRBG *drbg);
+int rand_drbg_enable_locking(RAND_DRBG *drbg);
+
+
+/* initializes the AES-CTR DRBG implementation */
+int drbg_ctr_init(RAND_DRBG *drbg);
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_lib.c
new file mode 100644
index 000000000..d8639c4a0
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_lib.c
@@ -0,0 +1,859 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "internal/cryptlib.h"
+#include <openssl/opensslconf.h>
+#include "internal/rand_int.h"
+#include <openssl/engine.h>
+#include "internal/thread_once.h"
+#include "rand_lcl.h"
+#include "e_os.h"
+
+#ifndef OPENSSL_NO_ENGINE
+/* non-NULL if default_RAND_meth is ENGINE-provided */
+static ENGINE *funct_ref;
+static CRYPTO_RWLOCK *rand_engine_lock;
+#endif
+static CRYPTO_RWLOCK *rand_meth_lock;
+static const RAND_METHOD *default_RAND_meth;
+static CRYPTO_ONCE rand_init = CRYPTO_ONCE_STATIC_INIT;
+
+int rand_fork_count;
+
+static CRYPTO_RWLOCK *rand_nonce_lock;
+static int rand_nonce_count;
+
+static int rand_inited = 0;
+
+#ifdef OPENSSL_RAND_SEED_RDTSC
+/*
+ * IMPORTANT NOTE:  It is not currently possible to use this code
+ * because we are not sure about the amount of randomness it provides.
+ * Some SP900 tests have been run, but there is internal skepticism.
+ * So for now this code is not used.
+ */
+# error "RDTSC enabled?  Should not be possible!"
+
+/*
+ * Acquire entropy from high-speed clock
+ *
+ * Since we get some randomness from the low-order bits of the
+ * high-speed clock, it can help.
+ *
+ * Returns the total entropy count, if it exceeds the requested
+ * entropy count. Otherwise, returns an entropy count of 0.
+ */
+size_t rand_acquire_entropy_from_tsc(RAND_POOL *pool)
+{
+    unsigned char c;
+    int i;
+
+    if ((OPENSSL_ia32cap_P[0] & (1 << 4)) != 0) {
+        for (i = 0; i < TSC_READ_COUNT; i++) {
+            c = (unsigned char)(OPENSSL_rdtsc() & 0xFF);
+            rand_pool_add(pool, &c, 1, 4);
+        }
+    }
+    return rand_pool_entropy_available(pool);
+}
+#endif
+
+#ifdef OPENSSL_RAND_SEED_RDCPU
+size_t OPENSSL_ia32_rdseed_bytes(unsigned char *buf, size_t len);
+size_t OPENSSL_ia32_rdrand_bytes(unsigned char *buf, size_t len);
+
+extern unsigned int OPENSSL_ia32cap_P[];
+
+/*
+ * Acquire entropy using Intel-specific cpu instructions
+ *
+ * Uses the RDSEED instruction if available, otherwise uses
+ * RDRAND if available.
+ *
+ * For the differences between RDSEED and RDRAND, and why RDSEED
+ * is the preferred choice, see https://goo.gl/oK3KcN
+ *
+ * Returns the total entropy count, if it exceeds the requested
+ * entropy count. Otherwise, returns an entropy count of 0.
+ */
+size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool)
+{
+    size_t bytes_needed;
+    unsigned char *buffer;
+
+    bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
+    if (bytes_needed > 0) {
+        buffer = rand_pool_add_begin(pool, bytes_needed);
+
+        if (buffer != NULL) {
+            /* Whichever comes first, use RDSEED, RDRAND or nothing */
+            if ((OPENSSL_ia32cap_P[2] & (1 << 18)) != 0) {
+                if (OPENSSL_ia32_rdseed_bytes(buffer, bytes_needed)
+                    == bytes_needed) {
+                    rand_pool_add_end(pool, bytes_needed, 8 * bytes_needed);
+                }
+            } else if ((OPENSSL_ia32cap_P[1] & (1 << (62 - 32))) != 0) {
+                if (OPENSSL_ia32_rdrand_bytes(buffer, bytes_needed)
+                    == bytes_needed) {
+                    rand_pool_add_end(pool, bytes_needed, 8 * bytes_needed);
+                }
+            } else {
+                rand_pool_add_end(pool, 0, 0);
+            }
+        }
+    }
+
+    return rand_pool_entropy_available(pool);
+}
+#endif
+
+
+/*
+ * Implements the get_entropy() callback (see RAND_DRBG_set_callbacks())
+ *
+ * If the DRBG has a parent, then the required amount of entropy input
+ * is fetched using the parent's RAND_DRBG_generate().
+ *
+ * Otherwise, the entropy is polled from the system entropy sources
+ * using rand_pool_acquire_entropy().
+ *
+ * If a random pool has been added to the DRBG using RAND_add(), then
+ * its entropy will be used up first.
+ */
+size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
+                             unsigned char **pout,
+                             int entropy, size_t min_len, size_t max_len,
+                             int prediction_resistance)
+{
+    size_t ret = 0;
+    size_t entropy_available = 0;
+    RAND_POOL *pool;
+
+    if (drbg->parent && drbg->strength > drbg->parent->strength) {
+        /*
+         * We currently don't support the algorithm from NIST SP 800-90C
+         * 10.1.2 to use a weaker DRBG as source
+         */
+        RANDerr(RAND_F_RAND_DRBG_GET_ENTROPY, RAND_R_PARENT_STRENGTH_TOO_WEAK);
+        return 0;
+    }
+
+    if (drbg->seed_pool != NULL) {
+        pool = drbg->seed_pool;
+        pool->entropy_requested = entropy;
+    } else {
+        pool = rand_pool_new(entropy, min_len, max_len);
+        if (pool == NULL)
+            return 0;
+    }
+
+    if (drbg->parent) {
+        size_t bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
+        unsigned char *buffer = rand_pool_add_begin(pool, bytes_needed);
+
+        if (buffer != NULL) {
+            size_t bytes = 0;
+
+            /*
+             * Get random from parent, include our state as additional input.
+             * Our lock is already held, but we need to lock our parent before
+             * generating bits from it. (Note: taking the lock will be a no-op
+             * if locking if drbg->parent->lock == NULL.)
+             */
+            rand_drbg_lock(drbg->parent);
+            if (RAND_DRBG_generate(drbg->parent,
+                                   buffer, bytes_needed,
+                                   prediction_resistance,
+                                   NULL, 0) != 0)
+                bytes = bytes_needed;
+            drbg->reseed_next_counter
+                = tsan_load(&drbg->parent->reseed_prop_counter);
+            rand_drbg_unlock(drbg->parent);
+
+            rand_pool_add_end(pool, bytes, 8 * bytes);
+            entropy_available = rand_pool_entropy_available(pool);
+        }
+
+    } else {
+        if (prediction_resistance) {
+            /*
+             * We don't have any entropy sources that comply with the NIST
+             * standard to provide prediction resistance (see NIST SP 800-90C,
+             * Section 5.4).
+             */
+            RANDerr(RAND_F_RAND_DRBG_GET_ENTROPY,
+                    RAND_R_PREDICTION_RESISTANCE_NOT_SUPPORTED);
+            goto err;
+        }
+
+        /* Get entropy by polling system entropy sources. */
+        entropy_available = rand_pool_acquire_entropy(pool);
+    }
+
+    if (entropy_available > 0) {
+        ret   = rand_pool_length(pool);
+        *pout = rand_pool_detach(pool);
+    }
+
+ err:
+    if (drbg->seed_pool == NULL)
+        rand_pool_free(pool);
+    return ret;
+}
+
+/*
+ * Implements the cleanup_entropy() callback (see RAND_DRBG_set_callbacks())
+ *
+ */
+void rand_drbg_cleanup_entropy(RAND_DRBG *drbg,
+                               unsigned char *out, size_t outlen)
+{
+    if (drbg->seed_pool == NULL)
+        OPENSSL_secure_clear_free(out, outlen);
+}
+
+
+/*
+ * Implements the get_nonce() callback (see RAND_DRBG_set_callbacks())
+ *
+ */
+size_t rand_drbg_get_nonce(RAND_DRBG *drbg,
+                           unsigned char **pout,
+                           int entropy, size_t min_len, size_t max_len)
+{
+    size_t ret = 0;
+    RAND_POOL *pool;
+
+    struct {
+        void * instance;
+        int count;
+    } data = { 0 };
+
+    pool = rand_pool_new(0, min_len, max_len);
+    if (pool == NULL)
+        return 0;
+
+    if (rand_pool_add_nonce_data(pool) == 0)
+        goto err;
+
+    data.instance = drbg;
+    CRYPTO_atomic_add(&rand_nonce_count, 1, &data.count, rand_nonce_lock);
+
+    if (rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0) == 0)
+        goto err;
+
+    ret   = rand_pool_length(pool);
+    *pout = rand_pool_detach(pool);
+
+ err:
+    rand_pool_free(pool);
+
+    return ret;
+}
+
+/*
+ * Implements the cleanup_nonce() callback (see RAND_DRBG_set_callbacks())
+ *
+ */
+void rand_drbg_cleanup_nonce(RAND_DRBG *drbg,
+                             unsigned char *out, size_t outlen)
+{
+    OPENSSL_secure_clear_free(out, outlen);
+}
+
+/*
+ * Generate additional data that can be used for the drbg. The data does
+ * not need to contain entropy, but it's useful if it contains at least
+ * some bits that are unpredictable.
+ *
+ * Returns 0 on failure.
+ *
+ * On success it allocates a buffer at |*pout| and returns the length of
+ * the data. The buffer should get freed using OPENSSL_secure_clear_free().
+ */
+size_t rand_drbg_get_additional_data(RAND_POOL *pool, unsigned char **pout)
+{
+    size_t ret = 0;
+
+    if (rand_pool_add_additional_data(pool) == 0)
+        goto err;
+
+    ret = rand_pool_length(pool);
+    *pout = rand_pool_detach(pool);
+
+ err:
+    return ret;
+}
+
+void rand_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out)
+{
+    rand_pool_reattach(pool, out);
+}
+
+void rand_fork(void)
+{
+    rand_fork_count++;
+}
+
+DEFINE_RUN_ONCE_STATIC(do_rand_init)
+{
+#ifndef OPENSSL_NO_ENGINE
+    rand_engine_lock = CRYPTO_THREAD_lock_new();
+    if (rand_engine_lock == NULL)
+        return 0;
+#endif
+
+    rand_meth_lock = CRYPTO_THREAD_lock_new();
+    if (rand_meth_lock == NULL)
+        goto err1;
+
+    rand_nonce_lock = CRYPTO_THREAD_lock_new();
+    if (rand_nonce_lock == NULL)
+        goto err2;
+
+    if (!rand_pool_init())
+        goto err3;
+
+    rand_inited = 1;
+    return 1;
+
+err3:
+    CRYPTO_THREAD_lock_free(rand_nonce_lock);
+    rand_nonce_lock = NULL;
+err2:
+    CRYPTO_THREAD_lock_free(rand_meth_lock);
+    rand_meth_lock = NULL;
+err1:
+#ifndef OPENSSL_NO_ENGINE
+    CRYPTO_THREAD_lock_free(rand_engine_lock);
+    rand_engine_lock = NULL;
+#endif
+    return 0;
+}
+
+void rand_cleanup_int(void)
+{
+    const RAND_METHOD *meth = default_RAND_meth;
+
+    if (!rand_inited)
+        return;
+
+    if (meth != NULL && meth->cleanup != NULL)
+        meth->cleanup();
+    RAND_set_rand_method(NULL);
+    rand_pool_cleanup();
+#ifndef OPENSSL_NO_ENGINE
+    CRYPTO_THREAD_lock_free(rand_engine_lock);
+    rand_engine_lock = NULL;
+#endif
+    CRYPTO_THREAD_lock_free(rand_meth_lock);
+    rand_meth_lock = NULL;
+    CRYPTO_THREAD_lock_free(rand_nonce_lock);
+    rand_nonce_lock = NULL;
+    rand_inited = 0;
+}
+
+/*
+ * RAND_close_seed_files() ensures that any seed file decriptors are
+ * closed after use.
+ */
+void RAND_keep_random_devices_open(int keep)
+{
+    if (RUN_ONCE(&rand_init, do_rand_init))
+        rand_pool_keep_random_devices_open(keep);
+}
+
+/*
+ * RAND_poll() reseeds the default RNG using random input
+ *
+ * The random input is obtained from polling various entropy
+ * sources which depend on the operating system and are
+ * configurable via the --with-rand-seed configure option.
+ */
+int RAND_poll(void)
+{
+    int ret = 0;
+
+    RAND_POOL *pool = NULL;
+
+    const RAND_METHOD *meth = RAND_get_rand_method();
+
+    if (meth == RAND_OpenSSL()) {
+        /* fill random pool and seed the master DRBG */
+        RAND_DRBG *drbg = RAND_DRBG_get0_master();
+
+        if (drbg == NULL)
+            return 0;
+
+        rand_drbg_lock(drbg);
+        ret = rand_drbg_restart(drbg, NULL, 0, 0);
+        rand_drbg_unlock(drbg);
+
+        return ret;
+
+    } else {
+        /* fill random pool and seed the current legacy RNG */
+        pool = rand_pool_new(RAND_DRBG_STRENGTH,
+                             RAND_DRBG_STRENGTH / 8,
+                             RAND_POOL_MAX_LENGTH);
+        if (pool == NULL)
+            return 0;
+
+        if (rand_pool_acquire_entropy(pool) == 0)
+            goto err;
+
+        if (meth->add == NULL
+            || meth->add(rand_pool_buffer(pool),
+                         rand_pool_length(pool),
+                         (rand_pool_entropy(pool) / 8.0)) == 0)
+            goto err;
+
+        ret = 1;
+    }
+
+err:
+    rand_pool_free(pool);
+    return ret;
+}
+
+/*
+ * Allocate memory and initialize a new random pool
+ */
+
+RAND_POOL *rand_pool_new(int entropy_requested, size_t min_len, size_t max_len)
+{
+    RAND_POOL *pool = OPENSSL_zalloc(sizeof(*pool));
+
+    if (pool == NULL) {
+        RANDerr(RAND_F_RAND_POOL_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    pool->min_len = min_len;
+    pool->max_len = (max_len > RAND_POOL_MAX_LENGTH) ?
+        RAND_POOL_MAX_LENGTH : max_len;
+
+    pool->buffer = OPENSSL_secure_zalloc(pool->max_len);
+    if (pool->buffer == NULL) {
+        RANDerr(RAND_F_RAND_POOL_NEW, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    pool->entropy_requested = entropy_requested;
+
+    return pool;
+
+err:
+    OPENSSL_free(pool);
+    return NULL;
+}
+
+/*
+ * Attach new random pool to the given buffer
+ *
+ * This function is intended to be used only for feeding random data
+ * provided by RAND_add() and RAND_seed() into the <master> DRBG.
+ */
+RAND_POOL *rand_pool_attach(const unsigned char *buffer, size_t len,
+                            size_t entropy)
+{
+    RAND_POOL *pool = OPENSSL_zalloc(sizeof(*pool));
+
+    if (pool == NULL) {
+        RANDerr(RAND_F_RAND_POOL_ATTACH, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    /*
+     * The const needs to be cast away, but attached buffers will not be
+     * modified (in contrary to allocated buffers which are zeroed and
+     * freed in the end).
+     */
+    pool->buffer = (unsigned char *) buffer;
+    pool->len = len;
+
+    pool->attached = 1;
+
+    pool->min_len = pool->max_len = pool->len;
+    pool->entropy = entropy;
+
+    return pool;
+}
+
+/*
+ * Free |pool|, securely erasing its buffer.
+ */
+void rand_pool_free(RAND_POOL *pool)
+{
+    if (pool == NULL)
+        return;
+
+    /*
+     * Although it would be advisable from a cryptographical viewpoint,
+     * we are not allowed to clear attached buffers, since they are passed
+     * to rand_pool_attach() as `const unsigned char*`.
+     * (see corresponding comment in rand_pool_attach()).
+     */
+    if (!pool->attached)
+        OPENSSL_secure_clear_free(pool->buffer, pool->max_len);
+    OPENSSL_free(pool);
+}
+
+/*
+ * Return the |pool|'s buffer to the caller (readonly).
+ */
+const unsigned char *rand_pool_buffer(RAND_POOL *pool)
+{
+    return pool->buffer;
+}
+
+/*
+ * Return the |pool|'s entropy to the caller.
+ */
+size_t rand_pool_entropy(RAND_POOL *pool)
+{
+    return pool->entropy;
+}
+
+/*
+ * Return the |pool|'s buffer length to the caller.
+ */
+size_t rand_pool_length(RAND_POOL *pool)
+{
+    return pool->len;
+}
+
+/*
+ * Detach the |pool| buffer and return it to the caller.
+ * It's the responsibility of the caller to free the buffer
+ * using OPENSSL_secure_clear_free() or to re-attach it
+ * again to the pool using rand_pool_reattach().
+ */
+unsigned char *rand_pool_detach(RAND_POOL *pool)
+{
+    unsigned char *ret = pool->buffer;
+    pool->buffer = NULL;
+    pool->entropy = 0;
+    return ret;
+}
+
+/*
+ * Re-attach the |pool| buffer. It is only allowed to pass
+ * the |buffer| which was previously detached from the same pool.
+ */
+void rand_pool_reattach(RAND_POOL *pool, unsigned char *buffer)
+{
+    pool->buffer = buffer;
+    OPENSSL_cleanse(pool->buffer, pool->len);
+    pool->len = 0;
+}
+
+/*
+ * If |entropy_factor| bits contain 1 bit of entropy, how many bytes does one
+ * need to obtain at least |bits| bits of entropy?
+ */
+#define ENTROPY_TO_BYTES(bits, entropy_factor) \
+    (((bits) * (entropy_factor) + 7) / 8)
+
+
+/*
+ * Checks whether the |pool|'s entropy is available to the caller.
+ * This is the case when entropy count and buffer length are high enough.
+ * Returns
+ *
+ *  |entropy|  if the entropy count and buffer size is large enough
+ *      0      otherwise
+ */
+size_t rand_pool_entropy_available(RAND_POOL *pool)
+{
+    if (pool->entropy < pool->entropy_requested)
+        return 0;
+
+    if (pool->len < pool->min_len)
+        return 0;
+
+    return pool->entropy;
+}
+
+/*
+ * Returns the (remaining) amount of entropy needed to fill
+ * the random pool.
+ */
+
+size_t rand_pool_entropy_needed(RAND_POOL *pool)
+{
+    if (pool->entropy < pool->entropy_requested)
+        return pool->entropy_requested - pool->entropy;
+
+    return 0;
+}
+
+/*
+ * Returns the number of bytes needed to fill the pool, assuming
+ * the input has 1 / |entropy_factor| entropy bits per data bit.
+ * In case of an error, 0 is returned.
+ */
+
+size_t rand_pool_bytes_needed(RAND_POOL *pool, unsigned int entropy_factor)
+{
+    size_t bytes_needed;
+    size_t entropy_needed = rand_pool_entropy_needed(pool);
+
+    if (entropy_factor < 1) {
+        RANDerr(RAND_F_RAND_POOL_BYTES_NEEDED, RAND_R_ARGUMENT_OUT_OF_RANGE);
+        return 0;
+    }
+
+    bytes_needed = ENTROPY_TO_BYTES(entropy_needed, entropy_factor);
+
+    if (bytes_needed > pool->max_len - pool->len) {
+        /* not enough space left */
+        RANDerr(RAND_F_RAND_POOL_BYTES_NEEDED, RAND_R_RANDOM_POOL_OVERFLOW);
+        return 0;
+    }
+
+    if (pool->len < pool->min_len &&
+        bytes_needed < pool->min_len - pool->len)
+        /* to meet the min_len requirement */
+        bytes_needed = pool->min_len - pool->len;
+
+    return bytes_needed;
+}
+
+/* Returns the remaining number of bytes available */
+size_t rand_pool_bytes_remaining(RAND_POOL *pool)
+{
+    return pool->max_len - pool->len;
+}
+
+/*
+ * Add random bytes to the random pool.
+ *
+ * It is expected that the |buffer| contains |len| bytes of
+ * random input which contains at least |entropy| bits of
+ * randomness.
+ *
+ * Returns 1 if the added amount is adequate, otherwise 0
+ */
+int rand_pool_add(RAND_POOL *pool,
+                  const unsigned char *buffer, size_t len, size_t entropy)
+{
+    if (len > pool->max_len - pool->len) {
+        RANDerr(RAND_F_RAND_POOL_ADD, RAND_R_ENTROPY_INPUT_TOO_LONG);
+        return 0;
+    }
+
+    if (pool->buffer == NULL) {
+        RANDerr(RAND_F_RAND_POOL_ADD, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    if (len > 0) {
+        memcpy(pool->buffer + pool->len, buffer, len);
+        pool->len += len;
+        pool->entropy += entropy;
+    }
+
+    return 1;
+}
+
+/*
+ * Start to add random bytes to the random pool in-place.
+ *
+ * Reserves the next |len| bytes for adding random bytes in-place
+ * and returns a pointer to the buffer.
+ * The caller is allowed to copy up to |len| bytes into the buffer.
+ * If |len| == 0 this is considered a no-op and a NULL pointer
+ * is returned without producing an error message.
+ *
+ * After updating the buffer, rand_pool_add_end() needs to be called
+ * to finish the udpate operation (see next comment).
+ */
+unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len)
+{
+    if (len == 0)
+        return NULL;
+
+    if (len > pool->max_len - pool->len) {
+        RANDerr(RAND_F_RAND_POOL_ADD_BEGIN, RAND_R_RANDOM_POOL_OVERFLOW);
+        return NULL;
+    }
+
+    if (pool->buffer == NULL) {
+        RANDerr(RAND_F_RAND_POOL_ADD_BEGIN, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    return pool->buffer + pool->len;
+}
+
+/*
+ * Finish to add random bytes to the random pool in-place.
+ *
+ * Finishes an in-place update of the random pool started by
+ * rand_pool_add_begin() (see previous comment).
+ * It is expected that |len| bytes of random input have been added
+ * to the buffer which contain at least |entropy| bits of randomness.
+ * It is allowed to add less bytes than originally reserved.
+ */
+int rand_pool_add_end(RAND_POOL *pool, size_t len, size_t entropy)
+{
+    if (len > pool->max_len - pool->len) {
+        RANDerr(RAND_F_RAND_POOL_ADD_END, RAND_R_RANDOM_POOL_OVERFLOW);
+        return 0;
+    }
+
+    if (len > 0) {
+        pool->len += len;
+        pool->entropy += entropy;
+    }
+
+    return 1;
+}
+
+int RAND_set_rand_method(const RAND_METHOD *meth)
+{
+    if (!RUN_ONCE(&rand_init, do_rand_init))
+        return 0;
+
+    CRYPTO_THREAD_write_lock(rand_meth_lock);
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_finish(funct_ref);
+    funct_ref = NULL;
+#endif
+    default_RAND_meth = meth;
+    CRYPTO_THREAD_unlock(rand_meth_lock);
+    return 1;
+}
+
+const RAND_METHOD *RAND_get_rand_method(void)
+{
+    const RAND_METHOD *tmp_meth = NULL;
+
+    if (!RUN_ONCE(&rand_init, do_rand_init))
+        return NULL;
+
+    CRYPTO_THREAD_write_lock(rand_meth_lock);
+    if (default_RAND_meth == NULL) {
+#ifndef OPENSSL_NO_ENGINE
+        ENGINE *e;
+
+        /* If we have an engine that can do RAND, use it. */
+        if ((e = ENGINE_get_default_RAND()) != NULL
+                && (tmp_meth = ENGINE_get_RAND(e)) != NULL) {
+            funct_ref = e;
+            default_RAND_meth = tmp_meth;
+        } else {
+            ENGINE_finish(e);
+            default_RAND_meth = &rand_meth;
+        }
+#else
+        default_RAND_meth = &rand_meth;
+#endif
+    }
+    tmp_meth = default_RAND_meth;
+    CRYPTO_THREAD_unlock(rand_meth_lock);
+    return tmp_meth;
+}
+
+#ifndef OPENSSL_NO_ENGINE
+int RAND_set_rand_engine(ENGINE *engine)
+{
+    const RAND_METHOD *tmp_meth = NULL;
+
+    if (!RUN_ONCE(&rand_init, do_rand_init))
+        return 0;
+
+    if (engine != NULL) {
+        if (!ENGINE_init(engine))
+            return 0;
+        tmp_meth = ENGINE_get_RAND(engine);
+        if (tmp_meth == NULL) {
+            ENGINE_finish(engine);
+            return 0;
+        }
+    }
+    CRYPTO_THREAD_write_lock(rand_engine_lock);
+    /* This function releases any prior ENGINE so call it first */
+    RAND_set_rand_method(tmp_meth);
+    funct_ref = engine;
+    CRYPTO_THREAD_unlock(rand_engine_lock);
+    return 1;
+}
+#endif
+
+void RAND_seed(const void *buf, int num)
+{
+    const RAND_METHOD *meth = RAND_get_rand_method();
+
+    if (meth->seed != NULL)
+        meth->seed(buf, num);
+}
+
+void RAND_add(const void *buf, int num, double randomness)
+{
+    const RAND_METHOD *meth = RAND_get_rand_method();
+
+    if (meth->add != NULL)
+        meth->add(buf, num, randomness);
+}
+
+/*
+ * This function is not part of RAND_METHOD, so if we're not using
+ * the default method, then just call RAND_bytes().  Otherwise make
+ * sure we're instantiated and use the private DRBG.
+ */
+int RAND_priv_bytes(unsigned char *buf, int num)
+{
+    const RAND_METHOD *meth = RAND_get_rand_method();
+    RAND_DRBG *drbg;
+    int ret;
+
+    if (meth != RAND_OpenSSL())
+        return RAND_bytes(buf, num);
+
+    drbg = RAND_DRBG_get0_private();
+    if (drbg == NULL)
+        return 0;
+
+    ret = RAND_DRBG_bytes(drbg, buf, num);
+    return ret;
+}
+
+int RAND_bytes(unsigned char *buf, int num)
+{
+    const RAND_METHOD *meth = RAND_get_rand_method();
+
+    if (meth->bytes != NULL)
+        return meth->bytes(buf, num);
+    RANDerr(RAND_F_RAND_BYTES, RAND_R_FUNC_NOT_IMPLEMENTED);
+    return -1;
+}
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+int RAND_pseudo_bytes(unsigned char *buf, int num)
+{
+    const RAND_METHOD *meth = RAND_get_rand_method();
+
+    if (meth->pseudorand != NULL)
+        return meth->pseudorand(buf, num);
+    return -1;
+}
+#endif
+
+int RAND_status(void)
+{
+    const RAND_METHOD *meth = RAND_get_rand_method();
+
+    if (meth->status != NULL)
+        return meth->status();
+    return 0;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_unix.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_unix.c
new file mode 100644
index 000000000..9cbc9ade7
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_unix.c
@@ -0,0 +1,707 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef _GNU_SOURCE
+# define _GNU_SOURCE
+#endif
+#include "e_os.h"
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/rand.h>
+#include "rand_lcl.h"
+#include "internal/rand_int.h"
+#include <stdio.h>
+#include "internal/dso.h"
+#if defined(__linux)
+# include <sys/syscall.h>
+#endif
+#if defined(__FreeBSD__)
+# include <sys/types.h>
+# include <sys/sysctl.h>
+# include <sys/param.h>
+#endif
+#if defined(__OpenBSD__) || defined(__NetBSD__)
+# include <sys/param.h>
+#endif
+
+#if defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__)
+# include <sys/types.h>
+# include <sys/stat.h>
+# include <fcntl.h>
+# include <unistd.h>
+# include <sys/time.h>
+
+static uint64_t get_time_stamp(void);
+static uint64_t get_timer_bits(void);
+
+/* Macro to convert two thirty two bit values into a sixty four bit one */
+# define TWO32TO64(a, b) ((((uint64_t)(a)) << 32) + (b))
+
+/*
+ * Check for the existence and support of POSIX timers.  The standard
+ * says that the _POSIX_TIMERS macro will have a positive value if they
+ * are available.
+ *
+ * However, we want an additional constraint: that the timer support does
+ * not require an extra library dependency.  Early versions of glibc
+ * require -lrt to be specified on the link line to access the timers,
+ * so this needs to be checked for.
+ *
+ * It is worse because some libraries define __GLIBC__ but don't
+ * support the version testing macro (e.g. uClibc).  This means
+ * an extra check is needed.
+ *
+ * The final condition is:
+ *      "have posix timers and either not glibc or glibc without -lrt"
+ *
+ * The nested #if sequences are required to avoid using a parameterised
+ * macro that might be undefined.
+ */
+# undef OSSL_POSIX_TIMER_OKAY
+# if defined(_POSIX_TIMERS) && _POSIX_TIMERS > 0
+#  if defined(__GLIBC__)
+#   if defined(__GLIBC_PREREQ)
+#    if __GLIBC_PREREQ(2, 17)
+#     define OSSL_POSIX_TIMER_OKAY
+#    endif
+#   endif
+#  else
+#   define OSSL_POSIX_TIMER_OKAY
+#  endif
+# endif
+#endif /* defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) */
+
+#if defined(OPENSSL_RAND_SEED_NONE)
+/* none means none. this simplifies the following logic */
+# undef OPENSSL_RAND_SEED_OS
+# undef OPENSSL_RAND_SEED_GETRANDOM
+# undef OPENSSL_RAND_SEED_LIBRANDOM
+# undef OPENSSL_RAND_SEED_DEVRANDOM
+# undef OPENSSL_RAND_SEED_RDTSC
+# undef OPENSSL_RAND_SEED_RDCPU
+# undef OPENSSL_RAND_SEED_EGD
+#endif
+
+#if (defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)) && \
+        !defined(OPENSSL_RAND_SEED_NONE)
+# error "UEFI and VXWorks only support seeding NONE"
+#endif
+
+#if defined(OPENSSL_SYS_VXWORKS)
+/* empty implementation */
+int rand_pool_init(void)
+{
+    return 1;
+}
+
+void rand_pool_cleanup(void)
+{
+}
+
+void rand_pool_keep_random_devices_open(int keep)
+{
+}
+
+size_t rand_pool_acquire_entropy(RAND_POOL *pool)
+{
+    return rand_pool_entropy_available(pool);
+}
+#endif
+
+#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) \
+    || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_VXWORKS) \
+    || defined(OPENSSL_SYS_UEFI))
+
+# if defined(OPENSSL_SYS_VOS)
+
+#  ifndef OPENSSL_RAND_SEED_OS
+#   error "Unsupported seeding method configured; must be os"
+#  endif
+
+#  if defined(OPENSSL_SYS_VOS_HPPA) && defined(OPENSSL_SYS_VOS_IA32)
+#   error "Unsupported HP-PA and IA32 at the same time."
+#  endif
+#  if !defined(OPENSSL_SYS_VOS_HPPA) && !defined(OPENSSL_SYS_VOS_IA32)
+#   error "Must have one of HP-PA or IA32"
+#  endif
+
+/*
+ * The following algorithm repeatedly samples the real-time clock (RTC) to
+ * generate a sequence of unpredictable data.  The algorithm relies upon the
+ * uneven execution speed of the code (due to factors such as cache misses,
+ * interrupts, bus activity, and scheduling) and upon the rather large
+ * relative difference between the speed of the clock and the rate at which
+ * it can be read.  If it is ported to an environment where execution speed
+ * is more constant or where the RTC ticks at a much slower rate, or the
+ * clock can be read with fewer instructions, it is likely that the results
+ * would be far more predictable.  This should only be used for legacy
+ * platforms.
+ *
+ * As a precaution, we assume only 2 bits of entropy per byte.
+ */
+size_t rand_pool_acquire_entropy(RAND_POOL *pool)
+{
+    short int code;
+    int i, k;
+    size_t bytes_needed;
+    struct timespec ts;
+    unsigned char v;
+#  ifdef OPENSSL_SYS_VOS_HPPA
+    long duration;
+    extern void s$sleep(long *_duration, short int *_code);
+#  else
+    long long duration;
+    extern void s$sleep2(long long *_duration, short int *_code);
+#  endif
+
+    bytes_needed = rand_pool_bytes_needed(pool, 4 /*entropy_factor*/);
+
+    for (i = 0; i < bytes_needed; i++) {
+        /*
+         * burn some cpu; hope for interrupts, cache collisions, bus
+         * interference, etc.
+         */
+        for (k = 0; k < 99; k++)
+            ts.tv_nsec = random();
+
+#  ifdef OPENSSL_SYS_VOS_HPPA
+        /* sleep for 1/1024 of a second (976 us).  */
+        duration = 1;
+        s$sleep(&duration, &code);
+#  else
+        /* sleep for 1/65536 of a second (15 us).  */
+        duration = 1;
+        s$sleep2(&duration, &code);
+#  endif
+
+        /* Get wall clock time, take 8 bits. */
+        clock_gettime(CLOCK_REALTIME, &ts);
+        v = (unsigned char)(ts.tv_nsec & 0xFF);
+        rand_pool_add(pool, arg, &v, sizeof(v) , 2);
+    }
+    return rand_pool_entropy_available(pool);
+}
+
+void rand_pool_cleanup(void)
+{
+}
+
+void rand_pool_keep_random_devices_open(int keep)
+{
+}
+
+# else
+
+#  if defined(OPENSSL_RAND_SEED_EGD) && \
+        (defined(OPENSSL_NO_EGD) || !defined(DEVRANDOM_EGD))
+#   error "Seeding uses EGD but EGD is turned off or no device given"
+#  endif
+
+#  if defined(OPENSSL_RAND_SEED_DEVRANDOM) && !defined(DEVRANDOM)
+#   error "Seeding uses urandom but DEVRANDOM is not configured"
+#  endif
+
+#  if defined(OPENSSL_RAND_SEED_OS)
+#   if !defined(DEVRANDOM)
+#    error "OS seeding requires DEVRANDOM to be configured"
+#   endif
+#   define OPENSSL_RAND_SEED_GETRANDOM
+#   define OPENSSL_RAND_SEED_DEVRANDOM
+#  endif
+
+#  if defined(OPENSSL_RAND_SEED_LIBRANDOM)
+#   error "librandom not (yet) supported"
+#  endif
+
+#  if (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
+/*
+ * sysctl_random(): Use sysctl() to read a random number from the kernel
+ * Returns the number of bytes returned in buf on success, -1 on failure.
+ */
+static ssize_t sysctl_random(char *buf, size_t buflen)
+{
+    int mib[2];
+    size_t done = 0;
+    size_t len;
+
+    /*
+     * Note: sign conversion between size_t and ssize_t is safe even
+     * without a range check, see comment in syscall_random()
+     */
+
+    /*
+     * On FreeBSD old implementations returned longs, newer versions support
+     * variable sizes up to 256 byte. The code below would not work properly
+     * when the sysctl returns long and we want to request something not a
+     * multiple of longs, which should never be the case.
+     */
+    if (!ossl_assert(buflen % sizeof(long) == 0)) {
+        errno = EINVAL;
+        return -1;
+    }
+
+    /*
+     * On NetBSD before 4.0 KERN_ARND was an alias for KERN_URND, and only
+     * filled in an int, leaving the rest uninitialized. Since NetBSD 4.0
+     * it returns a variable number of bytes with the current version supporting
+     * up to 256 bytes.
+     * Just return an error on older NetBSD versions.
+     */
+#if   defined(__NetBSD__) && __NetBSD_Version__ < 400000000
+    errno = ENOSYS;
+    return -1;
+#endif
+
+    mib[0] = CTL_KERN;
+    mib[1] = KERN_ARND;
+
+    do {
+        len = buflen;
+        if (sysctl(mib, 2, buf, &len, NULL, 0) == -1)
+            return done > 0 ? done : -1;
+        done += len;
+        buf += len;
+        buflen -= len;
+    } while (buflen > 0);
+
+    return done;
+}
+#  endif
+
+#  if defined(OPENSSL_RAND_SEED_GETRANDOM)
+/*
+ * syscall_random(): Try to get random data using a system call
+ * returns the number of bytes returned in buf, or < 0 on error.
+ */
+static ssize_t syscall_random(void *buf, size_t buflen)
+{
+    /*
+     * Note: 'buflen' equals the size of the buffer which is used by the
+     * get_entropy() callback of the RAND_DRBG. It is roughly bounded by
+     *
+     *   2 * RAND_POOL_FACTOR * (RAND_DRBG_STRENGTH / 8) = 2^14
+     *
+     * which is way below the OSSL_SSIZE_MAX limit. Therefore sign conversion
+     * between size_t and ssize_t is safe even without a range check.
+     */
+
+    /*
+     * Do runtime detection to find getentropy().
+     *
+     * Known OSs that should support this:
+     * - Darwin since 16 (OSX 10.12, IOS 10.0).
+     * - Solaris since 11.3
+     * - OpenBSD since 5.6
+     * - Linux since 3.17 with glibc 2.25
+     * - FreeBSD since 12.0 (1200061)
+     */
+#  if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux)
+    extern int getentropy(void *buffer, size_t length) __attribute__((weak));
+
+    if (getentropy != NULL)
+        return getentropy(buf, buflen) == 0 ? (ssize_t)buflen : -1;
+#  else
+    union {
+        void *p;
+        int (*f)(void *buffer, size_t length);
+    } p_getentropy;
+
+    /*
+     * We could cache the result of the lookup, but we normally don't
+     * call this function often.
+     */
+    ERR_set_mark();
+    p_getentropy.p = DSO_global_lookup("getentropy");
+    ERR_pop_to_mark();
+    if (p_getentropy.p != NULL)
+        return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1;
+#  endif
+
+    /* Linux supports this since version 3.17 */
+#  if defined(__linux) && defined(SYS_getrandom)
+    return syscall(SYS_getrandom, buf, buflen, 0);
+#  elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
+    return sysctl_random(buf, buflen);
+#  else
+    errno = ENOSYS;
+    return -1;
+#  endif
+}
+#  endif    /* defined(OPENSSL_RAND_SEED_GETRANDOM) */
+
+#  if defined(OPENSSL_RAND_SEED_DEVRANDOM)
+static const char *random_device_paths[] = { DEVRANDOM };
+static struct random_device {
+    int fd;
+    dev_t dev;
+    ino_t ino;
+    mode_t mode;
+    dev_t rdev;
+} random_devices[OSSL_NELEM(random_device_paths)];
+static int keep_random_devices_open = 1;
+
+/*
+ * Verify that the file descriptor associated with the random source is
+ * still valid. The rationale for doing this is the fact that it is not
+ * uncommon for daemons to close all open file handles when daemonizing.
+ * So the handle might have been closed or even reused for opening
+ * another file.
+ */
+static int check_random_device(struct random_device * rd)
+{
+    struct stat st;
+
+    return rd->fd != -1
+           && fstat(rd->fd, &st) != -1
+           && rd->dev == st.st_dev
+           && rd->ino == st.st_ino
+           && ((rd->mode ^ st.st_mode) & ~(S_IRWXU | S_IRWXG | S_IRWXO)) == 0
+           && rd->rdev == st.st_rdev;
+}
+
+/*
+ * Open a random device if required and return its file descriptor or -1 on error
+ */
+static int get_random_device(size_t n)
+{
+    struct stat st;
+    struct random_device * rd = &random_devices[n];
+
+    /* reuse existing file descriptor if it is (still) valid */
+    if (check_random_device(rd))
+        return rd->fd;
+
+    /* open the random device ... */
+    if ((rd->fd = open(random_device_paths[n], O_RDONLY)) == -1)
+        return rd->fd;
+
+    /* ... and cache its relevant stat(2) data */
+    if (fstat(rd->fd, &st) != -1) {
+        rd->dev = st.st_dev;
+        rd->ino = st.st_ino;
+        rd->mode = st.st_mode;
+        rd->rdev = st.st_rdev;
+    } else {
+        close(rd->fd);
+        rd->fd = -1;
+    }
+
+    return rd->fd;
+}
+
+/*
+ * Close a random device making sure it is a random device
+ */
+static void close_random_device(size_t n)
+{
+    struct random_device * rd = &random_devices[n];
+
+    if (check_random_device(rd))
+        close(rd->fd);
+    rd->fd = -1;
+}
+
+int rand_pool_init(void)
+{
+    size_t i;
+
+    for (i = 0; i < OSSL_NELEM(random_devices); i++)
+        random_devices[i].fd = -1;
+
+    return 1;
+}
+
+void rand_pool_cleanup(void)
+{
+    size_t i;
+
+    for (i = 0; i < OSSL_NELEM(random_devices); i++)
+        close_random_device(i);
+}
+
+void rand_pool_keep_random_devices_open(int keep)
+{
+    if (!keep)
+        rand_pool_cleanup();
+
+    keep_random_devices_open = keep;
+}
+
+#  else     /* !defined(OPENSSL_RAND_SEED_DEVRANDOM) */
+
+int rand_pool_init(void)
+{
+    return 1;
+}
+
+void rand_pool_cleanup(void)
+{
+}
+
+void rand_pool_keep_random_devices_open(int keep)
+{
+}
+
+#  endif    /* defined(OPENSSL_RAND_SEED_DEVRANDOM) */
+
+/*
+ * Try the various seeding methods in turn, exit when successful.
+ *
+ * TODO(DRBG): If more than one entropy source is available, is it
+ * preferable to stop as soon as enough entropy has been collected
+ * (as favored by @rsalz) or should one rather be defensive and add
+ * more entropy than requested and/or from different sources?
+ *
+ * Currently, the user can select multiple entropy sources in the
+ * configure step, yet in practice only the first available source
+ * will be used. A more flexible solution has been requested, but
+ * currently it is not clear how this can be achieved without
+ * overengineering the problem. There are many parameters which
+ * could be taken into account when selecting the order and amount
+ * of input from the different entropy sources (trust, quality,
+ * possibility of blocking).
+ */
+size_t rand_pool_acquire_entropy(RAND_POOL *pool)
+{
+#  if defined(OPENSSL_RAND_SEED_NONE)
+    return rand_pool_entropy_available(pool);
+#  else
+    size_t bytes_needed;
+    size_t entropy_available = 0;
+    unsigned char *buffer;
+
+#   if defined(OPENSSL_RAND_SEED_GETRANDOM)
+    {
+        ssize_t bytes;
+        /* Maximum allowed number of consecutive unsuccessful attempts */
+        int attempts = 3;
+
+        bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
+        while (bytes_needed != 0 && attempts-- > 0) {
+            buffer = rand_pool_add_begin(pool, bytes_needed);
+            bytes = syscall_random(buffer, bytes_needed);
+            if (bytes > 0) {
+                rand_pool_add_end(pool, bytes, 8 * bytes);
+                bytes_needed -= bytes;
+                attempts = 3; /* reset counter after successful attempt */
+            } else if (bytes < 0 && errno != EINTR) {
+                break;
+            }
+        }
+    }
+    entropy_available = rand_pool_entropy_available(pool);
+    if (entropy_available > 0)
+        return entropy_available;
+#   endif
+
+#   if defined(OPENSSL_RAND_SEED_LIBRANDOM)
+    {
+        /* Not yet implemented. */
+    }
+#   endif
+
+#   if defined(OPENSSL_RAND_SEED_DEVRANDOM)
+    bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
+    {
+        size_t i;
+
+        for (i = 0; bytes_needed > 0 && i < OSSL_NELEM(random_device_paths); i++) {
+            ssize_t bytes = 0;
+            /* Maximum allowed number of consecutive unsuccessful attempts */
+            int attempts = 3;
+            const int fd = get_random_device(i);
+
+            if (fd == -1)
+                continue;
+
+            while (bytes_needed != 0 && attempts-- > 0) {
+                buffer = rand_pool_add_begin(pool, bytes_needed);
+                bytes = read(fd, buffer, bytes_needed);
+
+                if (bytes > 0) {
+                    rand_pool_add_end(pool, bytes, 8 * bytes);
+                    bytes_needed -= bytes;
+                    attempts = 3; /* reset counter after successful attempt */
+                } else if (bytes < 0 && errno != EINTR) {
+                    break;
+                }
+            }
+            if (bytes < 0 || !keep_random_devices_open)
+                close_random_device(i);
+
+            bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
+        }
+        entropy_available = rand_pool_entropy_available(pool);
+        if (entropy_available > 0)
+            return entropy_available;
+    }
+#   endif
+
+#   if defined(OPENSSL_RAND_SEED_RDTSC)
+    entropy_available = rand_acquire_entropy_from_tsc(pool);
+    if (entropy_available > 0)
+        return entropy_available;
+#   endif
+
+#   if defined(OPENSSL_RAND_SEED_RDCPU)
+    entropy_available = rand_acquire_entropy_from_cpu(pool);
+    if (entropy_available > 0)
+        return entropy_available;
+#   endif
+
+#   if defined(OPENSSL_RAND_SEED_EGD)
+    bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
+    if (bytes_needed > 0) {
+        static const char *paths[] = { DEVRANDOM_EGD, NULL };
+        int i;
+
+        for (i = 0; paths[i] != NULL; i++) {
+            buffer = rand_pool_add_begin(pool, bytes_needed);
+            if (buffer != NULL) {
+                size_t bytes = 0;
+                int num = RAND_query_egd_bytes(paths[i],
+                                               buffer, (int)bytes_needed);
+                if (num == (int)bytes_needed)
+                    bytes = bytes_needed;
+
+                rand_pool_add_end(pool, bytes, 8 * bytes);
+                entropy_available = rand_pool_entropy_available(pool);
+            }
+            if (entropy_available > 0)
+                return entropy_available;
+        }
+    }
+#   endif
+
+    return rand_pool_entropy_available(pool);
+#  endif
+}
+# endif
+#endif
+
+#if defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__)
+int rand_pool_add_nonce_data(RAND_POOL *pool)
+{
+    struct {
+        pid_t pid;
+        CRYPTO_THREAD_ID tid;
+        uint64_t time;
+    } data = { 0 };
+
+    /*
+     * Add process id, thread id, and a high resolution timestamp to
+     * ensure that the nonce is unique with high probability for
+     * different process instances.
+     */
+    data.pid = getpid();
+    data.tid = CRYPTO_THREAD_get_current_id();
+    data.time = get_time_stamp();
+
+    return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
+}
+
+int rand_pool_add_additional_data(RAND_POOL *pool)
+{
+    struct {
+        CRYPTO_THREAD_ID tid;
+        uint64_t time;
+    } data = { 0 };
+
+    /*
+     * Add some noise from the thread id and a high resolution timer.
+     * The thread id adds a little randomness if the drbg is accessed
+     * concurrently (which is the case for the <master> drbg).
+     */
+    data.tid = CRYPTO_THREAD_get_current_id();
+    data.time = get_timer_bits();
+
+    return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
+}
+
+
+/*
+ * Get the current time with the highest possible resolution
+ *
+ * The time stamp is added to the nonce, so it is optimized for not repeating.
+ * The current time is ideal for this purpose, provided the computer's clock
+ * is synchronized.
+ */
+static uint64_t get_time_stamp(void)
+{
+# if defined(OSSL_POSIX_TIMER_OKAY)
+    {
+        struct timespec ts;
+
+        if (clock_gettime(CLOCK_REALTIME, &ts) == 0)
+            return TWO32TO64(ts.tv_sec, ts.tv_nsec);
+    }
+# endif
+# if defined(__unix__) \
+     || (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L)
+    {
+        struct timeval tv;
+
+        if (gettimeofday(&tv, NULL) == 0)
+            return TWO32TO64(tv.tv_sec, tv.tv_usec);
+    }
+# endif
+    return time(NULL);
+}
+
+/*
+ * Get an arbitrary timer value of the highest possible resolution
+ *
+ * The timer value is added as random noise to the additional data,
+ * which is not considered a trusted entropy sourec, so any result
+ * is acceptable.
+ */
+static uint64_t get_timer_bits(void)
+{
+    uint64_t res = OPENSSL_rdtsc();
+
+    if (res != 0)
+        return res;
+
+# if defined(__sun) || defined(__hpux)
+    return gethrtime();
+# elif defined(_AIX)
+    {
+        timebasestruct_t t;
+
+        read_wall_time(&t, TIMEBASE_SZ);
+        return TWO32TO64(t.tb_high, t.tb_low);
+    }
+# elif defined(OSSL_POSIX_TIMER_OKAY)
+    {
+        struct timespec ts;
+
+#  ifdef CLOCK_BOOTTIME
+#   define CLOCK_TYPE CLOCK_BOOTTIME
+#  elif defined(_POSIX_MONOTONIC_CLOCK)
+#   define CLOCK_TYPE CLOCK_MONOTONIC
+#  else
+#   define CLOCK_TYPE CLOCK_REALTIME
+#  endif
+
+        if (clock_gettime(CLOCK_TYPE, &ts) == 0)
+            return TWO32TO64(ts.tv_sec, ts.tv_nsec);
+    }
+# endif
+# if defined(__unix__) \
+     || (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L)
+    {
+        struct timeval tv;
+
+        if (gettimeofday(&tv, NULL) == 0)
+            return TWO32TO64(tv.tv_sec, tv.tv_usec);
+    }
+# endif
+    return time(NULL);
+}
+#endif /* defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) */
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_vms.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_vms.c
new file mode 100644
index 000000000..bfcf6f0a8
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_vms.c
@@ -0,0 +1,528 @@
+/*
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+
+#if defined(OPENSSL_SYS_VMS)
+# define __NEW_STARLET 1         /* New starlet definitions since VMS 7.0 */
+# include <unistd.h>
+# include "internal/cryptlib.h"
+# include <openssl/rand.h>
+# include "internal/rand_int.h"
+# include "rand_lcl.h"
+# include <descrip.h>
+# include <dvidef.h>
+# include <jpidef.h>
+# include <rmidef.h>
+# include <syidef.h>
+# include <ssdef.h>
+# include <starlet.h>
+# include <efndef.h>
+# include <gen64def.h>
+# include <iosbdef.h>
+# include <iledef.h>
+# include <lib$routines.h>
+# ifdef __DECC
+#  pragma message disable DOLLARID
+# endif
+
+# ifndef OPENSSL_RAND_SEED_OS
+#  error "Unsupported seeding method configured; must be os"
+# endif
+
+/* We need to make sure we have the right size pointer in some cases */
+# if __INITIAL_POINTER_SIZE == 64
+#  pragma pointer_size save
+#  pragma pointer_size 32
+# endif
+typedef uint32_t *uint32_t__ptr32;
+# if __INITIAL_POINTER_SIZE == 64
+#  pragma pointer_size restore
+# endif
+
+struct item_st {
+    short length, code;         /* length is number of bytes */
+};
+
+static const struct item_st DVI_item_data[] = {
+    {4,   DVI$_ERRCNT},
+    {4,   DVI$_REFCNT},
+};
+
+static const struct item_st JPI_item_data[] = {
+    {4,   JPI$_BUFIO},
+    {4,   JPI$_CPUTIM},
+    {4,   JPI$_DIRIO},
+    {4,   JPI$_IMAGECOUNT},
+    {4,   JPI$_PAGEFLTS},
+    {4,   JPI$_PID},
+    {4,   JPI$_PPGCNT},
+    {4,   JPI$_WSPEAK},
+    /*
+     * Note: the direct result is just a 32-bit address.  However, it points
+     * to a list of 4 32-bit words, so we make extra space for them so we can
+     * do in-place replacement of values
+     */
+    {16,  JPI$_FINALEXC},
+};
+
+static const struct item_st JPI_item_data_64bit[] = {
+    {8,   JPI$_LAST_LOGIN_I},
+    {8,   JPI$_LOGINTIM},
+};
+
+static const struct item_st RMI_item_data[] = {
+    {4,   RMI$_COLPG},
+    {4,   RMI$_MWAIT},
+    {4,   RMI$_CEF},
+    {4,   RMI$_PFW},
+    {4,   RMI$_LEF},
+    {4,   RMI$_LEFO},
+    {4,   RMI$_HIB},
+    {4,   RMI$_HIBO},
+    {4,   RMI$_SUSP},
+    {4,   RMI$_SUSPO},
+    {4,   RMI$_FPG},
+    {4,   RMI$_COM},
+    {4,   RMI$_COMO},
+    {4,   RMI$_CUR},
+#if defined __alpha
+    {4,   RMI$_FRLIST},
+    {4,   RMI$_MODLIST},
+#endif
+    {4,   RMI$_FAULTS},
+    {4,   RMI$_PREADS},
+    {4,   RMI$_PWRITES},
+    {4,   RMI$_PWRITIO},
+    {4,   RMI$_PREADIO},
+    {4,   RMI$_GVALFLTS},
+    {4,   RMI$_WRTINPROG},
+    {4,   RMI$_FREFLTS},
+    {4,   RMI$_DZROFLTS},
+    {4,   RMI$_SYSFAULTS},
+    {4,   RMI$_ISWPCNT},
+    {4,   RMI$_DIRIO},
+    {4,   RMI$_BUFIO},
+    {4,   RMI$_MBREADS},
+    {4,   RMI$_MBWRITES},
+    {4,   RMI$_LOGNAM},
+    {4,   RMI$_FCPCALLS},
+    {4,   RMI$_FCPREAD},
+    {4,   RMI$_FCPWRITE},
+    {4,   RMI$_FCPCACHE},
+    {4,   RMI$_FCPCPU},
+    {4,   RMI$_FCPHIT},
+    {4,   RMI$_FCPSPLIT},
+    {4,   RMI$_FCPFAULT},
+    {4,   RMI$_ENQNEW},
+    {4,   RMI$_ENQCVT},
+    {4,   RMI$_DEQ},
+    {4,   RMI$_BLKAST},
+    {4,   RMI$_ENQWAIT},
+    {4,   RMI$_ENQNOTQD},
+    {4,   RMI$_DLCKSRCH},
+    {4,   RMI$_DLCKFND},
+    {4,   RMI$_NUMLOCKS},
+    {4,   RMI$_NUMRES},
+    {4,   RMI$_ARRLOCPK},
+    {4,   RMI$_DEPLOCPK},
+    {4,   RMI$_ARRTRAPK},
+    {4,   RMI$_TRCNGLOS},
+    {4,   RMI$_RCVBUFFL},
+    {4,   RMI$_ENQNEWLOC},
+    {4,   RMI$_ENQNEWIN},
+    {4,   RMI$_ENQNEWOUT},
+    {4,   RMI$_ENQCVTLOC},
+    {4,   RMI$_ENQCVTIN},
+    {4,   RMI$_ENQCVTOUT},
+    {4,   RMI$_DEQLOC},
+    {4,   RMI$_DEQIN},
+    {4,   RMI$_DEQOUT},
+    {4,   RMI$_BLKLOC},
+    {4,   RMI$_BLKIN},
+    {4,   RMI$_BLKOUT},
+    {4,   RMI$_DIRIN},
+    {4,   RMI$_DIROUT},
+    /* We currently get a fault when trying these.  TODO: To be figured out. */
+#if 0
+    {140, RMI$_MSCP_EVERYTHING},   /* 35 32-bit words */
+    {152, RMI$_DDTM_ALL},          /* 38 32-bit words */
+    {80,  RMI$_TMSCP_EVERYTHING}   /* 20 32-bit words */
+#endif
+    {4,   RMI$_LPZ_PAGCNT},
+    {4,   RMI$_LPZ_HITS},
+    {4,   RMI$_LPZ_MISSES},
+    {4,   RMI$_LPZ_EXPCNT},
+    {4,   RMI$_LPZ_ALLOCF},
+    {4,   RMI$_LPZ_ALLOC2},
+    {4,   RMI$_ACCESS},
+    {4,   RMI$_ALLOC},
+    {4,   RMI$_FCPCREATE},
+    {4,   RMI$_VOLWAIT},
+    {4,   RMI$_FCPTURN},
+    {4,   RMI$_FCPERASE},
+    {4,   RMI$_OPENS},
+    {4,   RMI$_FIDHIT},
+    {4,   RMI$_FIDMISS},
+    {4,   RMI$_FILHDR_HIT},
+    {4,   RMI$_DIRFCB_HIT},
+    {4,   RMI$_DIRFCB_MISS},
+    {4,   RMI$_DIRDATA_HIT},
+    {4,   RMI$_EXTHIT},
+    {4,   RMI$_EXTMISS},
+    {4,   RMI$_QUOHIT},
+    {4,   RMI$_QUOMISS},
+    {4,   RMI$_STORAGMAP_HIT},
+    {4,   RMI$_VOLLCK},
+    {4,   RMI$_SYNCHLCK},
+    {4,   RMI$_SYNCHWAIT},
+    {4,   RMI$_ACCLCK},
+    {4,   RMI$_XQPCACHEWAIT},
+    {4,   RMI$_DIRDATA_MISS},
+    {4,   RMI$_FILHDR_MISS},
+    {4,   RMI$_STORAGMAP_MISS},
+    {4,   RMI$_PROCCNTMAX},
+    {4,   RMI$_PROCBATCNT},
+    {4,   RMI$_PROCINTCNT},
+    {4,   RMI$_PROCNETCNT},
+    {4,   RMI$_PROCSWITCHCNT},
+    {4,   RMI$_PROCBALSETCNT},
+    {4,   RMI$_PROCLOADCNT},
+    {4,   RMI$_BADFLTS},
+    {4,   RMI$_EXEFAULTS},
+    {4,   RMI$_HDRINSWAPS},
+    {4,   RMI$_HDROUTSWAPS},
+    {4,   RMI$_IOPAGCNT},
+    {4,   RMI$_ISWPCNTPG},
+    {4,   RMI$_OSWPCNT},
+    {4,   RMI$_OSWPCNTPG},
+    {4,   RMI$_RDFAULTS},
+    {4,   RMI$_TRANSFLTS},
+    {4,   RMI$_WRTFAULTS},
+#if defined __alpha
+    {4,   RMI$_USERPAGES},
+#endif
+    {4,   RMI$_VMSPAGES},
+    {4,   RMI$_TTWRITES},
+    {4,   RMI$_BUFOBJPAG},
+    {4,   RMI$_BUFOBJPAGPEAK},
+    {4,   RMI$_BUFOBJPAGS01},
+    {4,   RMI$_BUFOBJPAGS2},
+    {4,   RMI$_BUFOBJPAGMAXS01},
+    {4,   RMI$_BUFOBJPAGMAXS2},
+    {4,   RMI$_BUFOBJPAGPEAKS01},
+    {4,   RMI$_BUFOBJPAGPEAKS2},
+    {4,   RMI$_BUFOBJPGLTMAXS01},
+    {4,   RMI$_BUFOBJPGLTMAXS2},
+    {4,   RMI$_DLCK_INCMPLT},
+    {4,   RMI$_DLCKMSGS_IN},
+    {4,   RMI$_DLCKMSGS_OUT},
+    {4,   RMI$_MCHKERRS},
+    {4,   RMI$_MEMERRS},
+};
+
+static const struct item_st RMI_item_data_64bit[] = {
+#if defined __ia64
+    {8,   RMI$_FRLIST},
+    {8,   RMI$_MODLIST},
+#endif
+    {8,   RMI$_LCKMGR_REQCNT},
+    {8,   RMI$_LCKMGR_REQTIME},
+    {8,   RMI$_LCKMGR_SPINCNT},
+    {8,   RMI$_LCKMGR_SPINTIME},
+    {8,   RMI$_CPUINTSTK},
+    {8,   RMI$_CPUMPSYNCH},
+    {8,   RMI$_CPUKERNEL},
+    {8,   RMI$_CPUEXEC},
+    {8,   RMI$_CPUSUPER},
+    {8,   RMI$_CPUUSER},
+#if defined __ia64
+    {8,   RMI$_USERPAGES},
+#endif
+    {8,   RMI$_TQETOTAL},
+    {8,   RMI$_TQESYSUB},
+    {8,   RMI$_TQEUSRTIMR},
+    {8,   RMI$_TQEUSRWAKE},
+};
+
+static const struct item_st SYI_item_data[] = {
+    {4,   SYI$_PAGEFILE_FREE},
+};
+
+/*
+ * Input:
+ * items_data           - an array of lengths and codes
+ * items_data_num       - number of elements in that array
+ *
+ * Output:
+ * items                - pre-allocated ILE3 array to be filled.
+ *                        It's assumed to have items_data_num elements plus
+ *                        one extra for the terminating NULL element
+ * databuffer           - pre-allocated 32-bit word array.
+ *
+ * Returns the number of elements used in databuffer
+ */
+static size_t prepare_item_list(const struct item_st *items_input,
+                                size_t items_input_num,
+                                ILE3 *items,
+                                uint32_t__ptr32 databuffer)
+{
+    size_t data_sz = 0;
+
+    for (; items_input_num-- > 0; items_input++, items++) {
+
+        items->ile3$w_code = items_input->code;
+        /* Special treatment of JPI$_FINALEXC */
+        if (items->ile3$w_code == JPI$_FINALEXC)
+            items->ile3$w_length = 4;
+        else
+            items->ile3$w_length = items_input->length;
+
+        items->ile3$ps_bufaddr = databuffer;
+        items->ile3$ps_retlen_addr = 0;
+
+        databuffer += items_input->length / sizeof(databuffer[0]);
+        data_sz += items_input->length;
+    }
+    /* Terminating NULL entry */
+    items->ile3$w_length = items->ile3$w_code = 0;
+    items->ile3$ps_bufaddr = items->ile3$ps_retlen_addr = NULL;
+
+    return data_sz / sizeof(databuffer[0]);
+}
+
+static void massage_JPI(ILE3 *items)
+{
+    /*
+     * Special treatment of JPI$_FINALEXC
+     * The result of that item's data buffer is a 32-bit address to a list of
+     * 4 32-bit words.
+     */
+    for (; items->ile3$w_length != 0; items++) {
+        if (items->ile3$w_code == JPI$_FINALEXC) {
+            uint32_t *data = items->ile3$ps_bufaddr;
+            uint32_t *ptr = (uint32_t *)*data;
+            size_t j;
+
+            /*
+             * We know we made space for 4 32-bit words, so we can do in-place
+             * replacement.
+             */
+            for (j = 0; j < 4; j++)
+                data[j] = ptr[j];
+
+            break;
+        }
+    }
+}
+
+/*
+ * This number expresses how many bits of data contain 1 bit of entropy.
+ *
+ * For the moment, we assume about 0.05 entropy bits per data bit, or 1
+ * bit of entropy per 20 data bits.
+ */
+#define ENTROPY_FACTOR  20
+
+size_t rand_pool_acquire_entropy(RAND_POOL *pool)
+{
+    ILE3 JPI_items_64bit[OSSL_NELEM(JPI_item_data_64bit) + 1];
+    ILE3 RMI_items_64bit[OSSL_NELEM(RMI_item_data_64bit) + 1];
+    ILE3 DVI_items[OSSL_NELEM(DVI_item_data) + 1];
+    ILE3 JPI_items[OSSL_NELEM(JPI_item_data) + 1];
+    ILE3 RMI_items[OSSL_NELEM(RMI_item_data) + 1];
+    ILE3 SYI_items[OSSL_NELEM(SYI_item_data) + 1];
+    union {
+        /* This ensures buffer starts at 64 bit boundary */
+        uint64_t dummy;
+        uint32_t buffer[OSSL_NELEM(JPI_item_data_64bit) * 2
+                        + OSSL_NELEM(RMI_item_data_64bit) * 2
+                        + OSSL_NELEM(DVI_item_data)
+                        + OSSL_NELEM(JPI_item_data)
+                        + OSSL_NELEM(RMI_item_data)
+                        + OSSL_NELEM(SYI_item_data)
+                        + 4 /* For JPI$_FINALEXC */];
+    } data;
+    size_t total_elems = 0;
+    size_t total_length = 0;
+    size_t bytes_needed = rand_pool_bytes_needed(pool, ENTROPY_FACTOR);
+    size_t bytes_remaining = rand_pool_bytes_remaining(pool);
+
+    /* Take all the 64-bit items first, to ensure proper alignment of data */
+    total_elems +=
+        prepare_item_list(JPI_item_data_64bit, OSSL_NELEM(JPI_item_data_64bit),
+                          JPI_items_64bit, &data.buffer[total_elems]);
+    total_elems +=
+        prepare_item_list(RMI_item_data_64bit, OSSL_NELEM(RMI_item_data_64bit),
+                          RMI_items_64bit, &data.buffer[total_elems]);
+    /* Now the 32-bit items */
+    total_elems += prepare_item_list(DVI_item_data, OSSL_NELEM(DVI_item_data),
+                                     DVI_items, &data.buffer[total_elems]);
+    total_elems += prepare_item_list(JPI_item_data, OSSL_NELEM(JPI_item_data),
+                                     JPI_items, &data.buffer[total_elems]);
+    total_elems += prepare_item_list(RMI_item_data, OSSL_NELEM(RMI_item_data),
+                                     RMI_items, &data.buffer[total_elems]);
+    total_elems += prepare_item_list(SYI_item_data, OSSL_NELEM(SYI_item_data),
+                                     SYI_items, &data.buffer[total_elems]);
+    total_length = total_elems * sizeof(data.buffer[0]);
+
+    /* Fill data.buffer with various info bits from this process */
+    {
+        uint32_t status;
+        uint32_t efn;
+        IOSB iosb;
+        $DESCRIPTOR(SYSDEVICE,"SYS$SYSDEVICE:");
+
+        if ((status = sys$getdviw(EFN$C_ENF, 0, &SYSDEVICE, DVI_items,
+                                  0, 0, 0, 0, 0)) != SS$_NORMAL) {
+            lib$signal(status);
+            return 0;
+        }
+        if ((status = sys$getjpiw(EFN$C_ENF, 0, 0, JPI_items_64bit, 0, 0, 0))
+            != SS$_NORMAL) {
+            lib$signal(status);
+            return 0;
+        }
+        if ((status = sys$getjpiw(EFN$C_ENF, 0, 0, JPI_items, 0, 0, 0))
+            != SS$_NORMAL) {
+            lib$signal(status);
+            return 0;
+        }
+        if ((status = sys$getsyiw(EFN$C_ENF, 0, 0, SYI_items, 0, 0, 0))
+            != SS$_NORMAL) {
+            lib$signal(status);
+            return 0;
+        }
+        /*
+         * The RMI service is a bit special, as there is no synchronous
+         * variant, so we MUST create an event flag to synchronise on.
+         */
+        if ((status = lib$get_ef(&efn)) != SS$_NORMAL) {
+            lib$signal(status);
+            return 0;
+        }
+        if ((status = sys$getrmi(efn, 0, 0, RMI_items_64bit, &iosb, 0, 0))
+            != SS$_NORMAL) {
+            lib$signal(status);
+            return 0;
+        }
+        if ((status = sys$synch(efn, &iosb)) != SS$_NORMAL) {
+            lib$signal(status);
+            return 0;
+        }
+        if (iosb.iosb$l_getxxi_status != SS$_NORMAL) {
+            lib$signal(iosb.iosb$l_getxxi_status);
+            return 0;
+        }
+        if ((status = sys$getrmi(efn, 0, 0, RMI_items, &iosb, 0, 0))
+            != SS$_NORMAL) {
+            lib$signal(status);
+            return 0;
+        }
+        if ((status = sys$synch(efn, &iosb)) != SS$_NORMAL) {
+            lib$signal(status);
+            return 0;
+        }
+        if (iosb.iosb$l_getxxi_status != SS$_NORMAL) {
+            lib$signal(iosb.iosb$l_getxxi_status);
+            return 0;
+        }
+        if ((status = lib$free_ef(&efn)) != SS$_NORMAL) {
+            lib$signal(status);
+            return 0;
+        }
+    }
+
+    massage_JPI(JPI_items);
+
+    /*
+     * If we can't feed the requirements from the caller, we're in deep trouble.
+     */
+    if (!ossl_assert(total_length >= bytes_needed)) {
+        char neededstr[20];
+        char availablestr[20];
+
+        BIO_snprintf(neededstr, sizeof(neededstr), "%zu", bytes_needed);
+        BIO_snprintf(availablestr, sizeof(availablestr), "%zu", total_length);
+        RANDerr(RAND_F_RAND_POOL_ACQUIRE_ENTROPY,
+                RAND_R_RANDOM_POOL_UNDERFLOW);
+        ERR_add_error_data(4, "Needed: ", neededstr, ", Available: ",
+                           availablestr);
+        return 0;
+    }
+
+    /*
+     * Try not to overfeed the pool
+     */
+    if (total_length > bytes_remaining)
+        total_length = bytes_remaining;
+
+    /* We give the pessimistic value for the amount of entropy */
+    rand_pool_add(pool, (unsigned char *)data.buffer, total_length,
+                  8 * total_length / ENTROPY_FACTOR);
+    return rand_pool_entropy_available(pool);
+}
+
+int rand_pool_add_nonce_data(RAND_POOL *pool)
+{
+    struct {
+        pid_t pid;
+        CRYPTO_THREAD_ID tid;
+        uint64_t time;
+    } data = { 0 };
+
+    /*
+     * Add process id, thread id, and a high resolution timestamp
+     * (where available, which is OpenVMS v8.4 and up) to ensure that
+     * the nonce is unique whith high probability for different process
+     * instances.
+     */
+    data.pid = getpid();
+    data.tid = CRYPTO_THREAD_get_current_id();
+#if __CRTL_VER >= 80400000
+    sys$gettim_prec(&data.time);
+#else
+    sys$gettim((void*)&data.time);
+#endif
+
+    return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
+}
+
+int rand_pool_add_additional_data(RAND_POOL *pool)
+{
+    struct {
+        CRYPTO_THREAD_ID tid;
+        uint64_t time;
+    } data = { 0 };
+
+    /*
+     * Add some noise from the thread id and a high resolution timer.
+     * The thread id adds a little randomness if the drbg is accessed
+     * concurrently (which is the case for the <master> drbg).
+     */
+    data.tid = CRYPTO_THREAD_get_current_id();
+    sys$gettim_prec(&data.time);
+
+    return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
+}
+
+int rand_pool_init(void)
+{
+    return 1;
+}
+
+void rand_pool_cleanup(void)
+{
+}
+
+void rand_pool_keep_random_devices_open(int keep)
+{
+}
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_win.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_win.c
new file mode 100644
index 000000000..d2039eb22
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_win.c
@@ -0,0 +1,185 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/rand.h>
+#include "rand_lcl.h"
+#include "internal/rand_int.h"
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
+
+# ifndef OPENSSL_RAND_SEED_OS
+#  error "Unsupported seeding method configured; must be os"
+# endif
+
+# include <windows.h>
+/* On Windows 7 or higher use BCrypt instead of the legacy CryptoAPI */
+# if defined(_MSC_VER) && defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x0601
+#  define USE_BCRYPTGENRANDOM
+# endif
+
+# ifdef USE_BCRYPTGENRANDOM
+#  include <bcrypt.h>
+#  pragma comment(lib, "bcrypt.lib")
+#  ifndef STATUS_SUCCESS
+#   define STATUS_SUCCESS ((NTSTATUS)0x00000000L)
+#  endif
+# else
+#  include <wincrypt.h>
+/*
+ * Intel hardware RNG CSP -- available from
+ * http://developer.intel.com/design/security/rng/redist_license.htm
+ */
+#  define PROV_INTEL_SEC 22
+#  define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider"
+# endif
+
+size_t rand_pool_acquire_entropy(RAND_POOL *pool)
+{
+# ifndef USE_BCRYPTGENRANDOM
+    HCRYPTPROV hProvider;
+# endif
+    unsigned char *buffer;
+    size_t bytes_needed;
+    size_t entropy_available = 0;
+
+
+# ifdef OPENSSL_RAND_SEED_RDTSC
+    entropy_available = rand_acquire_entropy_from_tsc(pool);
+    if (entropy_available > 0)
+        return entropy_available;
+# endif
+
+# ifdef OPENSSL_RAND_SEED_RDCPU
+    entropy_available = rand_acquire_entropy_from_cpu(pool);
+    if (entropy_available > 0)
+        return entropy_available;
+# endif
+
+# ifdef USE_BCRYPTGENRANDOM
+    bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
+    buffer = rand_pool_add_begin(pool, bytes_needed);
+    if (buffer != NULL) {
+        size_t bytes = 0;
+        if (BCryptGenRandom(NULL, buffer, bytes_needed,
+                            BCRYPT_USE_SYSTEM_PREFERRED_RNG) == STATUS_SUCCESS)
+            bytes = bytes_needed;
+
+        rand_pool_add_end(pool, bytes, 8 * bytes);
+        entropy_available = rand_pool_entropy_available(pool);
+    }
+    if (entropy_available > 0)
+        return entropy_available;
+# else
+    bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
+    buffer = rand_pool_add_begin(pool, bytes_needed);
+    if (buffer != NULL) {
+        size_t bytes = 0;
+        /* poll the CryptoAPI PRNG */
+        if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL,
+                                 CRYPT_VERIFYCONTEXT | CRYPT_SILENT) != 0) {
+            if (CryptGenRandom(hProvider, bytes_needed, buffer) != 0)
+                bytes = bytes_needed;
+
+            CryptReleaseContext(hProvider, 0);
+        }
+
+        rand_pool_add_end(pool, bytes, 8 * bytes);
+        entropy_available = rand_pool_entropy_available(pool);
+    }
+    if (entropy_available > 0)
+        return entropy_available;
+
+    bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
+    buffer = rand_pool_add_begin(pool, bytes_needed);
+    if (buffer != NULL) {
+        size_t bytes = 0;
+        /* poll the Pentium PRG with CryptoAPI */
+        if (CryptAcquireContextW(&hProvider, NULL,
+                                 INTEL_DEF_PROV, PROV_INTEL_SEC,
+                                 CRYPT_VERIFYCONTEXT | CRYPT_SILENT) != 0) {
+            if (CryptGenRandom(hProvider, bytes_needed, buffer) != 0)
+                bytes = bytes_needed;
+
+            CryptReleaseContext(hProvider, 0);
+        }
+        rand_pool_add_end(pool, bytes, 8 * bytes);
+        entropy_available = rand_pool_entropy_available(pool);
+    }
+    if (entropy_available > 0)
+        return entropy_available;
+# endif
+
+    return rand_pool_entropy_available(pool);
+}
+
+
+int rand_pool_add_nonce_data(RAND_POOL *pool)
+{
+    struct {
+        DWORD pid;
+        DWORD tid;
+        FILETIME time;
+    } data = { 0 };
+
+    /*
+     * Add process id, thread id, and a high resolution timestamp to
+     * ensure that the nonce is unique whith high probability for
+     * different process instances.
+     */
+    data.pid = GetCurrentProcessId();
+    data.tid = GetCurrentThreadId();
+    GetSystemTimeAsFileTime(&data.time);
+
+    return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
+}
+
+int rand_pool_add_additional_data(RAND_POOL *pool)
+{
+    struct {
+        DWORD tid;
+        LARGE_INTEGER time;
+    } data = { 0 };
+
+    /*
+     * Add some noise from the thread id and a high resolution timer.
+     * The thread id adds a little randomness if the drbg is accessed
+     * concurrently (which is the case for the <master> drbg).
+     */
+    data.tid = GetCurrentThreadId();
+    QueryPerformanceCounter(&data.time);
+    return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
+}
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam)
+{
+    RAND_poll();
+    return RAND_status();
+}
+
+void RAND_screen(void)
+{
+    RAND_poll();
+}
+# endif
+
+int rand_pool_init(void)
+{
+    return 1;
+}
+
+void rand_pool_cleanup(void)
+{
+}
+
+void rand_pool_keep_random_devices_open(int keep)
+{
+}
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rand/randfile.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rand/randfile.c
new file mode 100644
index 000000000..1b737d1ba
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rand/randfile.c
@@ -0,0 +1,314 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/crypto.h>
+#include <openssl/rand.h>
+#include <openssl/rand_drbg.h>
+#include <openssl/buffer.h>
+
+#ifdef OPENSSL_SYS_VMS
+# include <unixio.h>
+#endif
+#include <sys/types.h>
+#ifndef OPENSSL_NO_POSIX_IO
+# include <sys/stat.h>
+# include <fcntl.h>
+# ifdef _WIN32
+#  include <windows.h>
+#  include <io.h>
+#  define stat    _stat
+#  define chmod   _chmod
+#  define open    _open
+#  define fdopen  _fdopen
+#  define fstat   _fstat
+#  define fileno  _fileno
+# endif
+#endif
+
+/*
+ * Following should not be needed, and we could have been stricter
+ * and demand S_IS*. But some systems just don't comply... Formally
+ * below macros are "anatomically incorrect", because normally they
+ * would look like ((m) & MASK == TYPE), but since MASK availability
+ * is as questionable, we settle for this poor-man fallback...
+ */
+# if !defined(S_ISREG)
+#   define S_ISREG(m) ((m) & S_IFREG)
+# endif
+
+#define RAND_BUF_SIZE 1024
+#define RFILE ".rnd"
+
+#ifdef OPENSSL_SYS_VMS
+/*
+ * __FILE_ptr32 is a type provided by DEC C headers (types.h specifically)
+ * to make sure the FILE* is a 32-bit pointer no matter what.  We know that
+ * stdio functions return this type (a study of stdio.h proves it).
+ *
+ * This declaration is a nasty hack to get around vms' extension to fopen for
+ * passing in sharing options being disabled by /STANDARD=ANSI89
+ */
+static __FILE_ptr32 (*const vms_fopen)(const char *, const char *, ...) =
+        (__FILE_ptr32 (*)(const char *, const char *, ...))fopen;
+# define VMS_OPEN_ATTRS \
+        "shr=get,put,upd,del","ctx=bin,stm","rfm=stm","rat=none","mrs=0"
+# define openssl_fopen(fname, mode) vms_fopen((fname), (mode), VMS_OPEN_ATTRS)
+#endif
+
+/*
+ * Note that these functions are intended for seed files only. Entropy
+ * devices and EGD sockets are handled in rand_unix.c  If |bytes| is
+ * -1 read the complete file; otherwise read the specified amount.
+ */
+int RAND_load_file(const char *file, long bytes)
+{
+    /*
+     * The load buffer size exceeds the chunk size by the comfortable amount
+     * of 'RAND_DRBG_STRENGTH' bytes (not bits!). This is done on purpose
+     * to avoid calling RAND_add() with a small final chunk. Instead, such
+     * a small final chunk will be added together with the previous chunk
+     * (unless it's the only one).
+     */
+#define RAND_LOAD_BUF_SIZE (RAND_BUF_SIZE + RAND_DRBG_STRENGTH)
+    unsigned char buf[RAND_LOAD_BUF_SIZE];
+
+#ifndef OPENSSL_NO_POSIX_IO
+    struct stat sb;
+#endif
+    int i, n, ret = 0;
+    FILE *in;
+
+    if (bytes == 0)
+        return 0;
+
+    if ((in = openssl_fopen(file, "rb")) == NULL) {
+        RANDerr(RAND_F_RAND_LOAD_FILE, RAND_R_CANNOT_OPEN_FILE);
+        ERR_add_error_data(2, "Filename=", file);
+        return -1;
+    }
+
+#ifndef OPENSSL_NO_POSIX_IO
+    if (fstat(fileno(in), &sb) < 0) {
+        RANDerr(RAND_F_RAND_LOAD_FILE, RAND_R_INTERNAL_ERROR);
+        ERR_add_error_data(2, "Filename=", file);
+        fclose(in);
+        return -1;
+    }
+
+    if (bytes < 0) {
+        if (S_ISREG(sb.st_mode))
+            bytes = sb.st_size;
+        else
+            bytes = RAND_DRBG_STRENGTH;
+    }
+#endif
+    /*
+     * On VMS, setbuf() will only take 32-bit pointers, and a compilation
+     * with /POINTER_SIZE=64 will give off a MAYLOSEDATA2 warning here.
+     * However, we trust that the C RTL will never give us a FILE pointer
+     * above the first 4 GB of memory, so we simply turn off the warning
+     * temporarily.
+     */
+#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
+# pragma environment save
+# pragma message disable maylosedata2
+#endif
+    /*
+     * Don't buffer, because even if |file| is regular file, we have
+     * no control over the buffer, so why would we want a copy of its
+     * contents lying around?
+     */
+    setbuf(in, NULL);
+#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
+# pragma environment restore
+#endif
+
+    for ( ; ; ) {
+        if (bytes > 0)
+            n = (bytes <= RAND_LOAD_BUF_SIZE) ? (int)bytes : RAND_BUF_SIZE;
+        else
+            n = RAND_LOAD_BUF_SIZE;
+        i = fread(buf, 1, n, in);
+#ifdef EINTR
+        if (ferror(in) && errno == EINTR){
+            clearerr(in);
+            if (i == 0)
+                continue;
+        }
+#endif
+        if (i == 0)
+            break;
+
+        RAND_add(buf, i, (double)i);
+        ret += i;
+
+        /* If given a bytecount, and we did it, break. */
+        if (bytes > 0 && (bytes -= i) <= 0)
+            break;
+    }
+
+    OPENSSL_cleanse(buf, sizeof(buf));
+    fclose(in);
+    if (!RAND_status()) {
+        RANDerr(RAND_F_RAND_LOAD_FILE, RAND_R_RESEED_ERROR);
+        ERR_add_error_data(2, "Filename=", file);
+        return -1;
+    }
+
+    return ret;
+}
+
+int RAND_write_file(const char *file)
+{
+    unsigned char buf[RAND_BUF_SIZE];
+    int ret = -1;
+    FILE *out = NULL;
+#ifndef OPENSSL_NO_POSIX_IO
+    struct stat sb;
+
+    if (stat(file, &sb) >= 0 && !S_ISREG(sb.st_mode)) {
+        RANDerr(RAND_F_RAND_WRITE_FILE, RAND_R_NOT_A_REGULAR_FILE);
+        ERR_add_error_data(2, "Filename=", file);
+        return -1;
+    }
+#endif
+
+    /* Collect enough random data. */
+    if (RAND_priv_bytes(buf, (int)sizeof(buf)) != 1)
+        return  -1;
+
+#if defined(O_CREAT) && !defined(OPENSSL_NO_POSIX_IO) && \
+    !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WINDOWS)
+    {
+# ifndef O_BINARY
+#  define O_BINARY 0
+# endif
+        /*
+         * chmod(..., 0600) is too late to protect the file, permissions
+         * should be restrictive from the start
+         */
+        int fd = open(file, O_WRONLY | O_CREAT | O_BINARY, 0600);
+        if (fd != -1)
+            out = fdopen(fd, "wb");
+    }
+#endif
+
+#ifdef OPENSSL_SYS_VMS
+    /*
+     * VMS NOTE: Prior versions of this routine created a _new_ version of
+     * the rand file for each call into this routine, then deleted all
+     * existing versions named ;-1, and finally renamed the current version
+     * as ';1'. Under concurrent usage, this resulted in an RMS race
+     * condition in rename() which could orphan files (see vms message help
+     * for RMS$_REENT). With the fopen() calls below, openssl/VMS now shares
+     * the top-level version of the rand file. Note that there may still be
+     * conditions where the top-level rand file is locked. If so, this code
+     * will then create a new version of the rand file. Without the delete
+     * and rename code, this can result in ascending file versions that stop
+     * at version 32767, and this routine will then return an error. The
+     * remedy for this is to recode the calling application to avoid
+     * concurrent use of the rand file, or synchronize usage at the
+     * application level. Also consider whether or not you NEED a persistent
+     * rand file in a concurrent use situation.
+     */
+    out = openssl_fopen(file, "rb+");
+#endif
+
+    if (out == NULL)
+        out = openssl_fopen(file, "wb");
+    if (out == NULL) {
+        RANDerr(RAND_F_RAND_WRITE_FILE, RAND_R_CANNOT_OPEN_FILE);
+        ERR_add_error_data(2, "Filename=", file);
+        return -1;
+    }
+
+#if !defined(NO_CHMOD) && !defined(OPENSSL_NO_POSIX_IO)
+    /*
+     * Yes it's late to do this (see above comment), but better than nothing.
+     */
+    chmod(file, 0600);
+#endif
+
+    ret = fwrite(buf, 1, RAND_BUF_SIZE, out);
+    fclose(out);
+    OPENSSL_cleanse(buf, RAND_BUF_SIZE);
+    return ret;
+}
+
+const char *RAND_file_name(char *buf, size_t size)
+{
+    char *s = NULL;
+    size_t len;
+    int use_randfile = 1;
+
+#if defined(_WIN32) && defined(CP_UTF8)
+    DWORD envlen;
+    WCHAR *var;
+
+    /* Look up various environment variables. */
+    if ((envlen = GetEnvironmentVariableW(var = L"RANDFILE", NULL, 0)) == 0) {
+        use_randfile = 0;
+        if ((envlen = GetEnvironmentVariableW(var = L"HOME", NULL, 0)) == 0
+                && (envlen = GetEnvironmentVariableW(var = L"USERPROFILE",
+                                                  NULL, 0)) == 0)
+            envlen = GetEnvironmentVariableW(var = L"SYSTEMROOT", NULL, 0);
+    }
+
+    /* If we got a value, allocate space to hold it and then get it. */
+    if (envlen != 0) {
+        int sz;
+        WCHAR *val = _alloca(envlen * sizeof(WCHAR));
+
+        if (GetEnvironmentVariableW(var, val, envlen) < envlen
+                && (sz = WideCharToMultiByte(CP_UTF8, 0, val, -1, NULL, 0,
+                                             NULL, NULL)) != 0) {
+            s = _alloca(sz);
+            if (WideCharToMultiByte(CP_UTF8, 0, val, -1, s, sz,
+                                    NULL, NULL) == 0)
+                s = NULL;
+        }
+    }
+#else
+    if ((s = ossl_safe_getenv("RANDFILE")) == NULL || *s == '\0') {
+        use_randfile = 0;
+        s = ossl_safe_getenv("HOME");
+    }
+#endif
+
+#ifdef DEFAULT_HOME
+    if (!use_randfile && s == NULL)
+        s = DEFAULT_HOME;
+#endif
+    if (s == NULL || *s == '\0')
+        return NULL;
+
+    len = strlen(s);
+    if (use_randfile) {
+        if (len + 1 >= size)
+            return NULL;
+        strcpy(buf, s);
+    } else {
+        if (len + 1 + strlen(RFILE) + 1 >= size)
+            return NULL;
+        strcpy(buf, s);
+#ifndef OPENSSL_SYS_VMS
+        strcat(buf, "/");
+#endif
+        strcat(buf, RFILE);
+    }
+
+    return buf;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rc2/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/rc2/build.info
new file mode 100644
index 000000000..47a3fd0d4
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rc2/build.info
@@ -0,0 +1,3 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rc2/rc2_cbc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rc2/rc2_cbc.c
new file mode 100644
index 000000000..2b59353b1
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rc2/rc2_cbc.c
@@ -0,0 +1,179 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/rc2.h>
+#include "rc2_locl.h"
+
+void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+                     RC2_KEY *ks, unsigned char *iv, int encrypt)
+{
+    register unsigned long tin0, tin1;
+    register unsigned long tout0, tout1, xor0, xor1;
+    register long l = length;
+    unsigned long tin[2];
+
+    if (encrypt) {
+        c2l(iv, tout0);
+        c2l(iv, tout1);
+        iv -= 8;
+        for (l -= 8; l >= 0; l -= 8) {
+            c2l(in, tin0);
+            c2l(in, tin1);
+            tin0 ^= tout0;
+            tin1 ^= tout1;
+            tin[0] = tin0;
+            tin[1] = tin1;
+            RC2_encrypt(tin, ks);
+            tout0 = tin[0];
+            l2c(tout0, out);
+            tout1 = tin[1];
+            l2c(tout1, out);
+        }
+        if (l != -8) {
+            c2ln(in, tin0, tin1, l + 8);
+            tin0 ^= tout0;
+            tin1 ^= tout1;
+            tin[0] = tin0;
+            tin[1] = tin1;
+            RC2_encrypt(tin, ks);
+            tout0 = tin[0];
+            l2c(tout0, out);
+            tout1 = tin[1];
+            l2c(tout1, out);
+        }
+        l2c(tout0, iv);
+        l2c(tout1, iv);
+    } else {
+        c2l(iv, xor0);
+        c2l(iv, xor1);
+        iv -= 8;
+        for (l -= 8; l >= 0; l -= 8) {
+            c2l(in, tin0);
+            tin[0] = tin0;
+            c2l(in, tin1);
+            tin[1] = tin1;
+            RC2_decrypt(tin, ks);
+            tout0 = tin[0] ^ xor0;
+            tout1 = tin[1] ^ xor1;
+            l2c(tout0, out);
+            l2c(tout1, out);
+            xor0 = tin0;
+            xor1 = tin1;
+        }
+        if (l != -8) {
+            c2l(in, tin0);
+            tin[0] = tin0;
+            c2l(in, tin1);
+            tin[1] = tin1;
+            RC2_decrypt(tin, ks);
+            tout0 = tin[0] ^ xor0;
+            tout1 = tin[1] ^ xor1;
+            l2cn(tout0, tout1, out, l + 8);
+            xor0 = tin0;
+            xor1 = tin1;
+        }
+        l2c(xor0, iv);
+        l2c(xor1, iv);
+    }
+    tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
+    tin[0] = tin[1] = 0;
+}
+
+void RC2_encrypt(unsigned long *d, RC2_KEY *key)
+{
+    int i, n;
+    register RC2_INT *p0, *p1;
+    register RC2_INT x0, x1, x2, x3, t;
+    unsigned long l;
+
+    l = d[0];
+    x0 = (RC2_INT) l & 0xffff;
+    x1 = (RC2_INT) (l >> 16L);
+    l = d[1];
+    x2 = (RC2_INT) l & 0xffff;
+    x3 = (RC2_INT) (l >> 16L);
+
+    n = 3;
+    i = 5;
+
+    p0 = p1 = &(key->data[0]);
+    for (;;) {
+        t = (x0 + (x1 & ~x3) + (x2 & x3) + *(p0++)) & 0xffff;
+        x0 = (t << 1) | (t >> 15);
+        t = (x1 + (x2 & ~x0) + (x3 & x0) + *(p0++)) & 0xffff;
+        x1 = (t << 2) | (t >> 14);
+        t = (x2 + (x3 & ~x1) + (x0 & x1) + *(p0++)) & 0xffff;
+        x2 = (t << 3) | (t >> 13);
+        t = (x3 + (x0 & ~x2) + (x1 & x2) + *(p0++)) & 0xffff;
+        x3 = (t << 5) | (t >> 11);
+
+        if (--i == 0) {
+            if (--n == 0)
+                break;
+            i = (n == 2) ? 6 : 5;
+
+            x0 += p1[x3 & 0x3f];
+            x1 += p1[x0 & 0x3f];
+            x2 += p1[x1 & 0x3f];
+            x3 += p1[x2 & 0x3f];
+        }
+    }
+
+    d[0] =
+        (unsigned long)(x0 & 0xffff) | ((unsigned long)(x1 & 0xffff) << 16L);
+    d[1] =
+        (unsigned long)(x2 & 0xffff) | ((unsigned long)(x3 & 0xffff) << 16L);
+}
+
+void RC2_decrypt(unsigned long *d, RC2_KEY *key)
+{
+    int i, n;
+    register RC2_INT *p0, *p1;
+    register RC2_INT x0, x1, x2, x3, t;
+    unsigned long l;
+
+    l = d[0];
+    x0 = (RC2_INT) l & 0xffff;
+    x1 = (RC2_INT) (l >> 16L);
+    l = d[1];
+    x2 = (RC2_INT) l & 0xffff;
+    x3 = (RC2_INT) (l >> 16L);
+
+    n = 3;
+    i = 5;
+
+    p0 = &(key->data[63]);
+    p1 = &(key->data[0]);
+    for (;;) {
+        t = ((x3 << 11) | (x3 >> 5)) & 0xffff;
+        x3 = (t - (x0 & ~x2) - (x1 & x2) - *(p0--)) & 0xffff;
+        t = ((x2 << 13) | (x2 >> 3)) & 0xffff;
+        x2 = (t - (x3 & ~x1) - (x0 & x1) - *(p0--)) & 0xffff;
+        t = ((x1 << 14) | (x1 >> 2)) & 0xffff;
+        x1 = (t - (x2 & ~x0) - (x3 & x0) - *(p0--)) & 0xffff;
+        t = ((x0 << 15) | (x0 >> 1)) & 0xffff;
+        x0 = (t - (x1 & ~x3) - (x2 & x3) - *(p0--)) & 0xffff;
+
+        if (--i == 0) {
+            if (--n == 0)
+                break;
+            i = (n == 2) ? 6 : 5;
+
+            x3 = (x3 - p1[x2 & 0x3f]) & 0xffff;
+            x2 = (x2 - p1[x1 & 0x3f]) & 0xffff;
+            x1 = (x1 - p1[x0 & 0x3f]) & 0xffff;
+            x0 = (x0 - p1[x3 & 0x3f]) & 0xffff;
+        }
+    }
+
+    d[0] =
+        (unsigned long)(x0 & 0xffff) | ((unsigned long)(x1 & 0xffff) << 16L);
+    d[1] =
+        (unsigned long)(x2 & 0xffff) | ((unsigned long)(x3 & 0xffff) << 16L);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rc2/rc2_ecb.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rc2/rc2_ecb.c
new file mode 100644
index 000000000..fb2f78273
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rc2/rc2_ecb.c
@@ -0,0 +1,40 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/rc2.h>
+#include "rc2_locl.h"
+#include <openssl/opensslv.h>
+
+/*-
+ * RC2 as implemented frm a posting from
+ * Newsgroups: sci.crypt
+ * Subject: Specification for Ron Rivests Cipher No.2
+ * Message-ID: <4fk39f$f70@net.auckland.ac.nz>
+ * Date: 11 Feb 1996 06:45:03 GMT
+ */
+
+void RC2_ecb_encrypt(const unsigned char *in, unsigned char *out, RC2_KEY *ks,
+                     int encrypt)
+{
+    unsigned long l, d[2];
+
+    c2l(in, l);
+    d[0] = l;
+    c2l(in, l);
+    d[1] = l;
+    if (encrypt)
+        RC2_encrypt(d, ks);
+    else
+        RC2_decrypt(d, ks);
+    l = d[0];
+    l2c(l, out);
+    l = d[1];
+    l2c(l, out);
+    l = d[0] = d[1] = 0;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rc2/rc2_locl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/rc2/rc2_locl.h
new file mode 100644
index 000000000..e4dad9478
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rc2/rc2_locl.h
@@ -0,0 +1,134 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#undef c2l
+#define c2l(c,l)        (l =((unsigned long)(*((c)++)))    , \
+                         l|=((unsigned long)(*((c)++)))<< 8L, \
+                         l|=((unsigned long)(*((c)++)))<<16L, \
+                         l|=((unsigned long)(*((c)++)))<<24L)
+
+/* NOTE - c is not incremented as per c2l */
+#undef c2ln
+#define c2ln(c,l1,l2,n) { \
+                        c+=n; \
+                        l1=l2=0; \
+                        switch (n) { \
+                        case 8: l2 =((unsigned long)(*(--(c))))<<24L; \
+                        /* fall thru */                               \
+                        case 7: l2|=((unsigned long)(*(--(c))))<<16L; \
+                        /* fall thru */                               \
+                        case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \
+                        /* fall thru */                               \
+                        case 5: l2|=((unsigned long)(*(--(c))));      \
+                        /* fall thru */                               \
+                        case 4: l1 =((unsigned long)(*(--(c))))<<24L; \
+                        /* fall thru */                               \
+                        case 3: l1|=((unsigned long)(*(--(c))))<<16L; \
+                        /* fall thru */                               \
+                        case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \
+                        /* fall thru */                               \
+                        case 1: l1|=((unsigned long)(*(--(c))));      \
+                                } \
+                        }
+
+#undef l2c
+#define l2c(l,c)        (*((c)++)=(unsigned char)(((l)     )&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>24L)&0xff))
+
+/* NOTE - c is not incremented as per l2c */
+#undef l2cn
+#define l2cn(l1,l2,c,n) { \
+                        c+=n; \
+                        switch (n) { \
+                        case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
+                        /* fall thru */                                     \
+                        case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
+                        /* fall thru */                                     \
+                        case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
+                        /* fall thru */                                     \
+                        case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \
+                        /* fall thru */                                     \
+                        case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
+                        /* fall thru */                                     \
+                        case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
+                        /* fall thru */                                     \
+                        case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
+                        /* fall thru */                                     \
+                        case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \
+                                } \
+                        }
+
+/* NOTE - c is not incremented as per n2l */
+#define n2ln(c,l1,l2,n) { \
+                        c+=n; \
+                        l1=l2=0; \
+                        switch (n) { \
+                        case 8: l2 =((unsigned long)(*(--(c))))    ; \
+                        /* fall thru */                              \
+                        case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
+                        /* fall thru */                              \
+                        case 6: l2|=((unsigned long)(*(--(c))))<<16; \
+                        /* fall thru */                              \
+                        case 5: l2|=((unsigned long)(*(--(c))))<<24; \
+                        /* fall thru */                              \
+                        case 4: l1 =((unsigned long)(*(--(c))))    ; \
+                        /* fall thru */                              \
+                        case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
+                        /* fall thru */                              \
+                        case 2: l1|=((unsigned long)(*(--(c))))<<16; \
+                        /* fall thru */                              \
+                        case 1: l1|=((unsigned long)(*(--(c))))<<24; \
+                                } \
+                        }
+
+/* NOTE - c is not incremented as per l2n */
+#define l2nn(l1,l2,c,n) { \
+                        c+=n; \
+                        switch (n) { \
+                        case 8: *(--(c))=(unsigned char)(((l2)    )&0xff); \
+                        /* fall thru */                                    \
+                        case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
+                        /* fall thru */                                    \
+                        case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
+                        /* fall thru */                                    \
+                        case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
+                        /* fall thru */                                    \
+                        case 4: *(--(c))=(unsigned char)(((l1)    )&0xff); \
+                        /* fall thru */                                    \
+                        case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
+                        /* fall thru */                                    \
+                        case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
+                        /* fall thru */                                    \
+                        case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
+                                } \
+                        }
+
+#undef n2l
+#define n2l(c,l)        (l =((unsigned long)(*((c)++)))<<24L, \
+                         l|=((unsigned long)(*((c)++)))<<16L, \
+                         l|=((unsigned long)(*((c)++)))<< 8L, \
+                         l|=((unsigned long)(*((c)++))))
+
+#undef l2n
+#define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)     )&0xff))
+
+#define C_RC2(n) \
+        t=(x0+(x1& ~x3)+(x2&x3)+ *(p0++))&0xffff; \
+        x0=(t<<1)|(t>>15); \
+        t=(x1+(x2& ~x0)+(x3&x0)+ *(p0++))&0xffff; \
+        x1=(t<<2)|(t>>14); \
+        t=(x2+(x3& ~x1)+(x0&x1)+ *(p0++))&0xffff; \
+        x2=(t<<3)|(t>>13); \
+        t=(x3+(x0& ~x2)+(x1&x2)+ *(p0++))&0xffff; \
+        x3=(t<<5)|(t>>11);
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rc2/rc2_skey.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rc2/rc2_skey.c
new file mode 100644
index 000000000..55d8ba371
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rc2/rc2_skey.c
@@ -0,0 +1,98 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/rc2.h>
+#include "rc2_locl.h"
+
+static const unsigned char key_table[256] = {
+    0xd9, 0x78, 0xf9, 0xc4, 0x19, 0xdd, 0xb5, 0xed, 0x28, 0xe9, 0xfd, 0x79,
+    0x4a, 0xa0, 0xd8, 0x9d, 0xc6, 0x7e, 0x37, 0x83, 0x2b, 0x76, 0x53, 0x8e,
+    0x62, 0x4c, 0x64, 0x88, 0x44, 0x8b, 0xfb, 0xa2, 0x17, 0x9a, 0x59, 0xf5,
+    0x87, 0xb3, 0x4f, 0x13, 0x61, 0x45, 0x6d, 0x8d, 0x09, 0x81, 0x7d, 0x32,
+    0xbd, 0x8f, 0x40, 0xeb, 0x86, 0xb7, 0x7b, 0x0b, 0xf0, 0x95, 0x21, 0x22,
+    0x5c, 0x6b, 0x4e, 0x82, 0x54, 0xd6, 0x65, 0x93, 0xce, 0x60, 0xb2, 0x1c,
+    0x73, 0x56, 0xc0, 0x14, 0xa7, 0x8c, 0xf1, 0xdc, 0x12, 0x75, 0xca, 0x1f,
+    0x3b, 0xbe, 0xe4, 0xd1, 0x42, 0x3d, 0xd4, 0x30, 0xa3, 0x3c, 0xb6, 0x26,
+    0x6f, 0xbf, 0x0e, 0xda, 0x46, 0x69, 0x07, 0x57, 0x27, 0xf2, 0x1d, 0x9b,
+    0xbc, 0x94, 0x43, 0x03, 0xf8, 0x11, 0xc7, 0xf6, 0x90, 0xef, 0x3e, 0xe7,
+    0x06, 0xc3, 0xd5, 0x2f, 0xc8, 0x66, 0x1e, 0xd7, 0x08, 0xe8, 0xea, 0xde,
+    0x80, 0x52, 0xee, 0xf7, 0x84, 0xaa, 0x72, 0xac, 0x35, 0x4d, 0x6a, 0x2a,
+    0x96, 0x1a, 0xd2, 0x71, 0x5a, 0x15, 0x49, 0x74, 0x4b, 0x9f, 0xd0, 0x5e,
+    0x04, 0x18, 0xa4, 0xec, 0xc2, 0xe0, 0x41, 0x6e, 0x0f, 0x51, 0xcb, 0xcc,
+    0x24, 0x91, 0xaf, 0x50, 0xa1, 0xf4, 0x70, 0x39, 0x99, 0x7c, 0x3a, 0x85,
+    0x23, 0xb8, 0xb4, 0x7a, 0xfc, 0x02, 0x36, 0x5b, 0x25, 0x55, 0x97, 0x31,
+    0x2d, 0x5d, 0xfa, 0x98, 0xe3, 0x8a, 0x92, 0xae, 0x05, 0xdf, 0x29, 0x10,
+    0x67, 0x6c, 0xba, 0xc9, 0xd3, 0x00, 0xe6, 0xcf, 0xe1, 0x9e, 0xa8, 0x2c,
+    0x63, 0x16, 0x01, 0x3f, 0x58, 0xe2, 0x89, 0xa9, 0x0d, 0x38, 0x34, 0x1b,
+    0xab, 0x33, 0xff, 0xb0, 0xbb, 0x48, 0x0c, 0x5f, 0xb9, 0xb1, 0xcd, 0x2e,
+    0xc5, 0xf3, 0xdb, 0x47, 0xe5, 0xa5, 0x9c, 0x77, 0x0a, 0xa6, 0x20, 0x68,
+    0xfe, 0x7f, 0xc1, 0xad,
+};
+
+#if defined(_MSC_VER) && defined(_ARM_)
+# pragma optimize("g",off)
+#endif
+
+/*
+ * It has come to my attention that there are 2 versions of the RC2 key
+ * schedule.  One which is normal, and anther which has a hook to use a
+ * reduced key length. BSAFE uses the 'retarded' version.  What I previously
+ * shipped is the same as specifying 1024 for the 'bits' parameter.  Bsafe
+ * uses a version where the bits parameter is the same as len*8
+ */
+void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits)
+{
+    int i, j;
+    unsigned char *k;
+    RC2_INT *ki;
+    unsigned int c, d;
+
+    k = (unsigned char *)&(key->data[0]);
+    *k = 0;                     /* for if there is a zero length key */
+
+    if (len > 128)
+        len = 128;
+    if (bits <= 0)
+        bits = 1024;
+    if (bits > 1024)
+        bits = 1024;
+
+    for (i = 0; i < len; i++)
+        k[i] = data[i];
+
+    /* expand table */
+    d = k[len - 1];
+    j = 0;
+    for (i = len; i < 128; i++, j++) {
+        d = key_table[(k[j] + d) & 0xff];
+        k[i] = d;
+    }
+
+    /* hmm.... key reduction to 'bits' bits */
+
+    j = (bits + 7) >> 3;
+    i = 128 - j;
+    c = (0xff >> (-bits & 0x07));
+
+    d = key_table[k[i] & c];
+    k[i] = d;
+    while (i--) {
+        d = key_table[k[i + j] ^ d];
+        k[i] = d;
+    }
+
+    /* copy from bytes into RC2_INT's */
+    ki = &(key->data[63]);
+    for (i = 127; i >= 0; i -= 2)
+        *(ki--) = ((k[i] << 8) | k[i - 1]) & 0xffff;
+}
+
+#if defined(_MSC_VER)
+# pragma optimize("",on)
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rc2/rc2cfb64.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rc2/rc2cfb64.c
new file mode 100644
index 000000000..e11093db9
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rc2/rc2cfb64.c
@@ -0,0 +1,74 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/rc2.h>
+#include "rc2_locl.h"
+
+/*
+ * The input and output encrypted as though 64bit cfb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+
+void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                       long length, RC2_KEY *schedule, unsigned char *ivec,
+                       int *num, int encrypt)
+{
+    register unsigned long v0, v1, t;
+    register int n = *num;
+    register long l = length;
+    unsigned long ti[2];
+    unsigned char *iv, c, cc;
+
+    iv = (unsigned char *)ivec;
+    if (encrypt) {
+        while (l--) {
+            if (n == 0) {
+                c2l(iv, v0);
+                ti[0] = v0;
+                c2l(iv, v1);
+                ti[1] = v1;
+                RC2_encrypt((unsigned long *)ti, schedule);
+                iv = (unsigned char *)ivec;
+                t = ti[0];
+                l2c(t, iv);
+                t = ti[1];
+                l2c(t, iv);
+                iv = (unsigned char *)ivec;
+            }
+            c = *(in++) ^ iv[n];
+            *(out++) = c;
+            iv[n] = c;
+            n = (n + 1) & 0x07;
+        }
+    } else {
+        while (l--) {
+            if (n == 0) {
+                c2l(iv, v0);
+                ti[0] = v0;
+                c2l(iv, v1);
+                ti[1] = v1;
+                RC2_encrypt((unsigned long *)ti, schedule);
+                iv = (unsigned char *)ivec;
+                t = ti[0];
+                l2c(t, iv);
+                t = ti[1];
+                l2c(t, iv);
+                iv = (unsigned char *)ivec;
+            }
+            cc = *(in++);
+            c = iv[n];
+            iv[n] = cc;
+            *(out++) = c ^ cc;
+            n = (n + 1) & 0x07;
+        }
+    }
+    v0 = v1 = ti[0] = ti[1] = t = c = cc = 0;
+    *num = n;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rc2/rc2ofb64.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rc2/rc2ofb64.c
new file mode 100644
index 000000000..d610278a9
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rc2/rc2ofb64.c
@@ -0,0 +1,61 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/rc2.h>
+#include "rc2_locl.h"
+
+/*
+ * The input and output encrypted as though 64bit ofb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                       long length, RC2_KEY *schedule, unsigned char *ivec,
+                       int *num)
+{
+    register unsigned long v0, v1, t;
+    register int n = *num;
+    register long l = length;
+    unsigned char d[8];
+    register char *dp;
+    unsigned long ti[2];
+    unsigned char *iv;
+    int save = 0;
+
+    iv = (unsigned char *)ivec;
+    c2l(iv, v0);
+    c2l(iv, v1);
+    ti[0] = v0;
+    ti[1] = v1;
+    dp = (char *)d;
+    l2c(v0, dp);
+    l2c(v1, dp);
+    while (l--) {
+        if (n == 0) {
+            RC2_encrypt((unsigned long *)ti, schedule);
+            dp = (char *)d;
+            t = ti[0];
+            l2c(t, dp);
+            t = ti[1];
+            l2c(t, dp);
+            save++;
+        }
+        *(out++) = *(in++) ^ d[n];
+        n = (n + 1) & 0x07;
+    }
+    if (save) {
+        v0 = ti[0];
+        v1 = ti[1];
+        iv = (unsigned char *)ivec;
+        l2c(v0, iv);
+        l2c(v1, iv);
+    }
+    t = v0 = v1 = ti[0] = ti[1] = 0;
+    *num = n;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/asm/rc4-586.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/asm/rc4-586.pl
new file mode 100644
index 000000000..8c5cf87d0
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/asm/rc4-586.pl
@@ -0,0 +1,426 @@
+#! /usr/bin/env perl
+# Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# [Re]written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# At some point it became apparent that the original SSLeay RC4
+# assembler implementation performs suboptimally on latest IA-32
+# microarchitectures. After re-tuning performance has changed as
+# following:
+#
+# Pentium	-10%
+# Pentium III	+12%
+# AMD		+50%(*)
+# P4		+250%(**)
+#
+# (*)	This number is actually a trade-off:-) It's possible to
+#	achieve	+72%, but at the cost of -48% off PIII performance.
+#	In other words code performing further 13% faster on AMD
+#	would perform almost 2 times slower on Intel PIII...
+#	For reference! This code delivers ~80% of rc4-amd64.pl
+#	performance on the same Opteron machine.
+# (**)	This number requires compressed key schedule set up by
+#	RC4_set_key [see commentary below for further details].
+
+# May 2011
+#
+# Optimize for Core2 and Westmere [and incidentally Opteron]. Current
+# performance in cycles per processed byte (less is better) and
+# improvement relative to previous version of this module is:
+#
+# Pentium	10.2			# original numbers
+# Pentium III	7.8(*)
+# Intel P4	7.5
+#
+# Opteron	6.1/+20%		# new MMX numbers
+# Core2		5.3/+67%(**)
+# Westmere	5.1/+94%(**)
+# Sandy Bridge	5.0/+8%
+# Atom		12.6/+6%
+# VIA Nano	6.4/+9%
+# Ivy Bridge	4.9/±0%
+# Bulldozer	4.9/+15%
+#
+# (*)	PIII can actually deliver 6.6 cycles per byte with MMX code,
+#	but this specific code performs poorly on Core2. And vice
+#	versa, below MMX/SSE code delivering 5.8/7.1 on Core2 performs
+#	poorly on PIII, at 8.0/14.5:-( As PIII is not a "hot" CPU
+#	[anymore], I chose to discard PIII-specific code path and opt
+#	for original IALU-only code, which is why MMX/SSE code path
+#	is guarded by SSE2 bit (see below), not MMX/SSE.
+# (**)	Performance vs. block size on Core2 and Westmere had a maximum
+#	at ... 64 bytes block size. And it was quite a maximum, 40-60%
+#	in comparison to largest 8KB block size. Above improvement
+#	coefficients are for the largest block size.
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+
+$output=pop;
+open STDOUT,">$output";
+
+&asm_init($ARGV[0],$x86only = $ARGV[$#ARGV] eq "386");
+
+$xx="eax";
+$yy="ebx";
+$tx="ecx";
+$ty="edx";
+$inp="esi";
+$out="ebp";
+$dat="edi";
+
+sub RC4_loop {
+  my $i=shift;
+  my $func = ($i==0)?*mov:*or;
+
+	&add	(&LB($yy),&LB($tx));
+	&mov	($ty,&DWP(0,$dat,$yy,4));
+	&mov	(&DWP(0,$dat,$yy,4),$tx);
+	&mov	(&DWP(0,$dat,$xx,4),$ty);
+	&add	($ty,$tx);
+	&inc	(&LB($xx));
+	&and	($ty,0xff);
+	&ror	($out,8)	if ($i!=0);
+	if ($i<3) {
+	  &mov	($tx,&DWP(0,$dat,$xx,4));
+	} else {
+	  &mov	($tx,&wparam(3));	# reload [re-biased] out
+	}
+	&$func	($out,&DWP(0,$dat,$ty,4));
+}
+
+if ($alt=0) {
+  # >20% faster on Atom and Sandy Bridge[!], 8% faster on Opteron,
+  # but ~40% slower on Core2 and Westmere... Attempt to add movz
+  # brings down Opteron by 25%, Atom and Sandy Bridge by 15%, yet
+  # on Core2 with movz it's almost 20% slower than below alternative
+  # code... Yes, it's a total mess...
+  my @XX=($xx,$out);
+  $RC4_loop_mmx = sub {		# SSE actually...
+    my $i=shift;
+    my $j=$i<=0?0:$i>>1;
+    my $mm=$i<=0?"mm0":"mm".($i&1);
+
+	&add	(&LB($yy),&LB($tx));
+	&lea	(@XX[1],&DWP(1,@XX[0]));
+	&pxor	("mm2","mm0")				if ($i==0);
+	&psllq	("mm1",8)				if ($i==0);
+	&and	(@XX[1],0xff);
+	&pxor	("mm0","mm0")				if ($i<=0);
+	&mov	($ty,&DWP(0,$dat,$yy,4));
+	&mov	(&DWP(0,$dat,$yy,4),$tx);
+	&pxor	("mm1","mm2")				if ($i==0);
+	&mov	(&DWP(0,$dat,$XX[0],4),$ty);
+	&add	(&LB($ty),&LB($tx));
+	&movd	(@XX[0],"mm7")				if ($i==0);
+	&mov	($tx,&DWP(0,$dat,@XX[1],4));
+	&pxor	("mm1","mm1")				if ($i==1);
+	&movq	("mm2",&QWP(0,$inp))			if ($i==1);
+	&movq	(&QWP(-8,(@XX[0],$inp)),"mm1")		if ($i==0);
+	&pinsrw	($mm,&DWP(0,$dat,$ty,4),$j);
+
+	push	(@XX,shift(@XX))			if ($i>=0);
+  }
+} else {
+  # Using pinsrw here improves performance on Intel CPUs by 2-3%, but
+  # brings down AMD by 7%...
+  $RC4_loop_mmx = sub {
+    my $i=shift;
+
+	&add	(&LB($yy),&LB($tx));
+	&psllq	("mm1",8*(($i-1)&7))			if (abs($i)!=1);
+	&mov	($ty,&DWP(0,$dat,$yy,4));
+	&mov	(&DWP(0,$dat,$yy,4),$tx);
+	&mov	(&DWP(0,$dat,$xx,4),$ty);
+	&inc	($xx);
+	&add	($ty,$tx);
+	&movz	($xx,&LB($xx));				# (*)
+	&movz	($ty,&LB($ty));				# (*)
+	&pxor	("mm2",$i==1?"mm0":"mm1")		if ($i>=0);
+	&movq	("mm0",&QWP(0,$inp))			if ($i<=0);
+	&movq	(&QWP(-8,($out,$inp)),"mm2")		if ($i==0);
+	&mov	($tx,&DWP(0,$dat,$xx,4));
+	&movd	($i>0?"mm1":"mm2",&DWP(0,$dat,$ty,4));
+
+	# (*)	This is the key to Core2 and Westmere performance.
+	#	Without movz out-of-order execution logic confuses
+	#	itself and fails to reorder loads and stores. Problem
+	#	appears to be fixed in Sandy Bridge...
+  }
+}
+
+&external_label("OPENSSL_ia32cap_P");
+
+# void RC4(RC4_KEY *key,size_t len,const unsigned char *inp,unsigned char *out);
+&function_begin("RC4");
+	&mov	($dat,&wparam(0));	# load key schedule pointer
+	&mov	($ty, &wparam(1));	# load len
+	&mov	($inp,&wparam(2));	# load inp
+	&mov	($out,&wparam(3));	# load out
+
+	&xor	($xx,$xx);		# avoid partial register stalls
+	&xor	($yy,$yy);
+
+	&cmp	($ty,0);		# safety net
+	&je	(&label("abort"));
+
+	&mov	(&LB($xx),&BP(0,$dat));	# load key->x
+	&mov	(&LB($yy),&BP(4,$dat));	# load key->y
+	&add	($dat,8);
+
+	&lea	($tx,&DWP(0,$inp,$ty));
+	&sub	($out,$inp);		# re-bias out
+	&mov	(&wparam(1),$tx);	# save input+len
+
+	&inc	(&LB($xx));
+
+	# detect compressed key schedule...
+	&cmp	(&DWP(256,$dat),-1);
+	&je	(&label("RC4_CHAR"));
+
+	&mov	($tx,&DWP(0,$dat,$xx,4));
+
+	&and	($ty,-4);		# how many 4-byte chunks?
+	&jz	(&label("loop1"));
+
+	&mov	(&wparam(3),$out);	# $out as accumulator in these loops
+					if ($x86only) {
+	&jmp	(&label("go4loop4"));
+					} else {
+	&test	($ty,-8);
+	&jz	(&label("go4loop4"));
+
+	&picmeup($out,"OPENSSL_ia32cap_P");
+	&bt	(&DWP(0,$out),26);	# check SSE2 bit [could have been MMX]
+	&jnc	(&label("go4loop4"));
+
+	&mov	($out,&wparam(3))	if (!$alt);
+	&movd	("mm7",&wparam(3))	if ($alt);
+	&and	($ty,-8);
+	&lea	($ty,&DWP(-8,$inp,$ty));
+	&mov	(&DWP(-4,$dat),$ty);	# save input+(len/8)*8-8
+
+	&$RC4_loop_mmx(-1);
+	&jmp(&label("loop_mmx_enter"));
+
+	&set_label("loop_mmx",16);
+		&$RC4_loop_mmx(0);
+	&set_label("loop_mmx_enter");
+		for 	($i=1;$i<8;$i++) { &$RC4_loop_mmx($i); }
+		&mov	($ty,$yy);
+		&xor	($yy,$yy);		# this is second key to Core2
+		&mov	(&LB($yy),&LB($ty));	# and Westmere performance...
+		&cmp	($inp,&DWP(-4,$dat));
+		&lea	($inp,&DWP(8,$inp));
+	&jb	(&label("loop_mmx"));
+
+    if ($alt) {
+	&movd	($out,"mm7");
+	&pxor	("mm2","mm0");
+	&psllq	("mm1",8);
+	&pxor	("mm1","mm2");
+	&movq	(&QWP(-8,$out,$inp),"mm1");
+    } else {
+	&psllq	("mm1",56);
+	&pxor	("mm2","mm1");
+	&movq	(&QWP(-8,$out,$inp),"mm2");
+    }
+	&emms	();
+
+	&cmp	($inp,&wparam(1));	# compare to input+len
+	&je	(&label("done"));
+	&jmp	(&label("loop1"));
+					}
+
+&set_label("go4loop4",16);
+	&lea	($ty,&DWP(-4,$inp,$ty));
+	&mov	(&wparam(2),$ty);	# save input+(len/4)*4-4
+
+	&set_label("loop4");
+		for ($i=0;$i<4;$i++) { RC4_loop($i); }
+		&ror	($out,8);
+		&xor	($out,&DWP(0,$inp));
+		&cmp	($inp,&wparam(2));	# compare to input+(len/4)*4-4
+		&mov	(&DWP(0,$tx,$inp),$out);# $tx holds re-biased out here
+		&lea	($inp,&DWP(4,$inp));
+		&mov	($tx,&DWP(0,$dat,$xx,4));
+	&jb	(&label("loop4"));
+
+	&cmp	($inp,&wparam(1));	# compare to input+len
+	&je	(&label("done"));
+	&mov	($out,&wparam(3));	# restore $out
+
+	&set_label("loop1",16);
+		&add	(&LB($yy),&LB($tx));
+		&mov	($ty,&DWP(0,$dat,$yy,4));
+		&mov	(&DWP(0,$dat,$yy,4),$tx);
+		&mov	(&DWP(0,$dat,$xx,4),$ty);
+		&add	($ty,$tx);
+		&inc	(&LB($xx));
+		&and	($ty,0xff);
+		&mov	($ty,&DWP(0,$dat,$ty,4));
+		&xor	(&LB($ty),&BP(0,$inp));
+		&lea	($inp,&DWP(1,$inp));
+		&mov	($tx,&DWP(0,$dat,$xx,4));
+		&cmp	($inp,&wparam(1));	# compare to input+len
+		&mov	(&BP(-1,$out,$inp),&LB($ty));
+	&jb	(&label("loop1"));
+
+	&jmp	(&label("done"));
+
+# this is essentially Intel P4 specific codepath...
+&set_label("RC4_CHAR",16);
+	&movz	($tx,&BP(0,$dat,$xx));
+	# strangely enough unrolled loop performs over 20% slower...
+	&set_label("cloop1");
+		&add	(&LB($yy),&LB($tx));
+		&movz	($ty,&BP(0,$dat,$yy));
+		&mov	(&BP(0,$dat,$yy),&LB($tx));
+		&mov	(&BP(0,$dat,$xx),&LB($ty));
+		&add	(&LB($ty),&LB($tx));
+		&movz	($ty,&BP(0,$dat,$ty));
+		&add	(&LB($xx),1);
+		&xor	(&LB($ty),&BP(0,$inp));
+		&lea	($inp,&DWP(1,$inp));
+		&movz	($tx,&BP(0,$dat,$xx));
+		&cmp	($inp,&wparam(1));
+		&mov	(&BP(-1,$out,$inp),&LB($ty));
+	&jb	(&label("cloop1"));
+
+&set_label("done");
+	&dec	(&LB($xx));
+	&mov	(&DWP(-4,$dat),$yy);		# save key->y
+	&mov	(&BP(-8,$dat),&LB($xx));	# save key->x
+&set_label("abort");
+&function_end("RC4");
+
+########################################################################
+
+$inp="esi";
+$out="edi";
+$idi="ebp";
+$ido="ecx";
+$idx="edx";
+
+# void RC4_set_key(RC4_KEY *key,int len,const unsigned char *data);
+&function_begin("RC4_set_key");
+	&mov	($out,&wparam(0));		# load key
+	&mov	($idi,&wparam(1));		# load len
+	&mov	($inp,&wparam(2));		# load data
+	&picmeup($idx,"OPENSSL_ia32cap_P");
+
+	&lea	($out,&DWP(2*4,$out));		# &key->data
+	&lea	($inp,&DWP(0,$inp,$idi));	# $inp to point at the end
+	&neg	($idi);
+	&xor	("eax","eax");
+	&mov	(&DWP(-4,$out),$idi);		# borrow key->y
+
+	&bt	(&DWP(0,$idx),20);		# check for bit#20
+	&jc	(&label("c1stloop"));
+
+&set_label("w1stloop",16);
+	&mov	(&DWP(0,$out,"eax",4),"eax");	# key->data[i]=i;
+	&add	(&LB("eax"),1);			# i++;
+	&jnc	(&label("w1stloop"));
+
+	&xor	($ido,$ido);
+	&xor	($idx,$idx);
+
+&set_label("w2ndloop",16);
+	&mov	("eax",&DWP(0,$out,$ido,4));
+	&add	(&LB($idx),&BP(0,$inp,$idi));
+	&add	(&LB($idx),&LB("eax"));
+	&add	($idi,1);
+	&mov	("ebx",&DWP(0,$out,$idx,4));
+	&jnz	(&label("wnowrap"));
+	  &mov	($idi,&DWP(-4,$out));
+	&set_label("wnowrap");
+	&mov	(&DWP(0,$out,$idx,4),"eax");
+	&mov	(&DWP(0,$out,$ido,4),"ebx");
+	&add	(&LB($ido),1);
+	&jnc	(&label("w2ndloop"));
+&jmp	(&label("exit"));
+
+# Unlike all other x86 [and x86_64] implementations, Intel P4 core
+# [including EM64T] was found to perform poorly with above "32-bit" key
+# schedule, a.k.a. RC4_INT. Performance improvement for IA-32 hand-coded
+# assembler turned out to be 3.5x if re-coded for compressed 8-bit one,
+# a.k.a. RC4_CHAR! It's however inappropriate to just switch to 8-bit
+# schedule for x86[_64], because non-P4 implementations suffer from
+# significant performance losses then, e.g. PIII exhibits >2x
+# deterioration, and so does Opteron. In order to assure optimal
+# all-round performance, we detect P4 at run-time and set up compressed
+# key schedule, which is recognized by RC4 procedure.
+
+&set_label("c1stloop",16);
+	&mov	(&BP(0,$out,"eax"),&LB("eax"));	# key->data[i]=i;
+	&add	(&LB("eax"),1);			# i++;
+	&jnc	(&label("c1stloop"));
+
+	&xor	($ido,$ido);
+	&xor	($idx,$idx);
+	&xor	("ebx","ebx");
+
+&set_label("c2ndloop",16);
+	&mov	(&LB("eax"),&BP(0,$out,$ido));
+	&add	(&LB($idx),&BP(0,$inp,$idi));
+	&add	(&LB($idx),&LB("eax"));
+	&add	($idi,1);
+	&mov	(&LB("ebx"),&BP(0,$out,$idx));
+	&jnz	(&label("cnowrap"));
+	  &mov	($idi,&DWP(-4,$out));
+	&set_label("cnowrap");
+	&mov	(&BP(0,$out,$idx),&LB("eax"));
+	&mov	(&BP(0,$out,$ido),&LB("ebx"));
+	&add	(&LB($ido),1);
+	&jnc	(&label("c2ndloop"));
+
+	&mov	(&DWP(256,$out),-1);		# mark schedule as compressed
+
+&set_label("exit");
+	&xor	("eax","eax");
+	&mov	(&DWP(-8,$out),"eax");		# key->x=0;
+	&mov	(&DWP(-4,$out),"eax");		# key->y=0;
+&function_end("RC4_set_key");
+
+# const char *RC4_options(void);
+&function_begin_B("RC4_options");
+	&call	(&label("pic_point"));
+&set_label("pic_point");
+	&blindpop("eax");
+	&lea	("eax",&DWP(&label("opts")."-".&label("pic_point"),"eax"));
+	&picmeup("edx","OPENSSL_ia32cap_P");
+	&mov	("edx",&DWP(0,"edx"));
+	&bt	("edx",20);
+	&jc	(&label("1xchar"));
+	&bt	("edx",26);
+	&jnc	(&label("ret"));
+	&add	("eax",25);
+	&ret	();
+&set_label("1xchar");
+	&add	("eax",12);
+&set_label("ret");
+	&ret	();
+&set_label("opts",64);
+&asciz	("rc4(4x,int)");
+&asciz	("rc4(1x,char)");
+&asciz	("rc4(8x,mmx)");
+&asciz	("RC4 for x86, CRYPTOGAMS by <appro\@openssl.org>");
+&align	(64);
+&function_end_B("RC4_options");
+
+&asm_finish();
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/asm/rc4-c64xplus.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/asm/rc4-c64xplus.pl
new file mode 100644
index 000000000..1354d1821
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/asm/rc4-c64xplus.pl
@@ -0,0 +1,192 @@
+#! /usr/bin/env perl
+# Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# RC4 for C64x+.
+#
+# April 2014
+#
+# RC4 subroutine processes one byte in 7.0 cycles, which is 3x faster
+# than TI CGT-generated code. Loop is scheduled in such way that
+# there is only one reference to memory in each cycle. This is done
+# to avoid L1D memory banking conflicts, see SPRU871 TI publication
+# for further details. Otherwise it should be possible to schedule
+# the loop for iteration interval of 6...
+
+($KEY,$LEN,$INP,$OUT)=("A4","B4","A6","B6");
+
+($KEYA,$XX,$TY,$xx,$ONE,$ret)=map("A$_",(5,7,8,9,1,2));
+($KEYB,$YY,$TX,$tx,$SUM,$dat)=map("B$_",(5,7,8,9,1,2));
+
+$code.=<<___;
+	.text
+
+	.if	.ASSEMBLER_VERSION<7000000
+	.asg	0,__TI_EABI__
+	.endif
+	.if	__TI_EABI__
+	.nocmp
+	.asg	RC4,_RC4
+	.asg	RC4_set_key,_RC4_set_key
+	.asg	RC4_options,_RC4_options
+	.endif
+
+	.global	_RC4
+	.align	16
+_RC4:
+	.asmfunc
+	MV	$LEN,B0
+  [!B0]	BNOP	B3			; if (len==0) return;
+||[B0]	ADD	$KEY,2,$KEYA
+||[B0]	ADD	$KEY,2,$KEYB
+  [B0]	MVK	1,$ONE
+||[B0]	LDBU	*${KEYA}[-2],$XX	; key->x
+  [B0]	LDBU	*${KEYB}[-1],$YY	; key->y
+||	NOP	4
+
+	ADD4	$ONE,$XX,$XX
+	LDBU	*${KEYA}[$XX],$TX
+||	MVC	$LEN,ILC
+	NOP	4
+;;==================================================
+	SPLOOP	7
+||	ADD4	$TX,$YY,$YY
+
+	LDBU	*${KEYB}[$YY],$TY
+||	MVD	$XX,$xx
+||	ADD4	$ONE,$XX,$XX
+	LDBU	*${KEYA}[$XX],$tx
+	CMPEQ	$YY,$XX,B0
+||	NOP	3
+	STB	$TX,*${KEYB}[$YY]
+||[B0]	ADD4	$TX,$YY,$YY
+	STB	$TY,*${KEYA}[$xx]
+||[!B0]	ADD4	$tx,$YY,$YY
+||[!B0]	MVD	$tx,$TX
+	ADD4	$TY,$TX,$SUM		; [0,0] $TX is not replaced by $tx yet!
+||	NOP	2
+	LDBU	*$INP++,$dat
+||	NOP	2
+	LDBU	*${KEYB}[$SUM],$ret
+||	NOP	5
+	XOR.L	$dat,$ret,$ret
+	SPKERNEL
+||	STB	$ret,*$OUT++
+;;==================================================
+	SUB4	$XX,$ONE,$XX
+||	NOP	5
+	STB	$XX,*${KEYA}[-2]	; key->x
+||	SUB4	$YY,$TX,$YY
+||	BNOP	B3
+	STB	$YY,*${KEYB}[-1]	; key->y
+||	NOP	5
+	.endasmfunc
+
+	.global	_RC4_set_key
+	.align	16
+_RC4_set_key:
+	.asmfunc
+	.if	.BIG_ENDIAN
+	MVK	0x00000404,$ONE
+||	MVK	0x00000203,B0
+	MVKH	0x04040000,$ONE
+||	MVKH	0x00010000,B0
+	.else
+	MVK	0x00000404,$ONE
+||	MVK	0x00000100,B0
+	MVKH	0x04040000,$ONE
+||	MVKH	0x03020000,B0
+	.endif
+	ADD	$KEY,2,$KEYA
+||	ADD	$KEY,2,$KEYB
+||	ADD	$INP,$LEN,$ret		; end of input
+	LDBU	*${INP}++,$dat
+||	MVK	0,$TX
+	STH	$TX,*${KEY}++		; key->x=key->y=0
+||	MV	B0,A0
+||	MVK	64-4,B0
+
+;;==================================================
+	SPLOOPD	1
+||	MVC	B0,ILC
+
+	STNW	A0,*${KEY}++
+||	ADD4	$ONE,A0,A0
+	SPKERNEL
+;;==================================================
+
+	MVK	0,$YY
+||	MVK	0,$XX
+	MVK	1,$ONE
+||	MVK	256-1,B0
+
+;;==================================================
+	SPLOOPD	8
+||	MVC	B0,ILC
+
+	ADD4	$dat,$YY,$YY
+||	CMPEQ	$INP,$ret,A0		; end of input?
+	LDBU	*${KEYB}[$YY],$TY
+||	MVD	$XX,$xx
+||	ADD4	$ONE,$XX,$XX
+	LDBU	*${KEYA}[$XX],$tx
+||[A0]	SUB	$INP,$LEN,$INP		; rewind
+	LDBU	*${INP}++,$dat
+||	CMPEQ	$YY,$XX,B0
+||	NOP	3
+	STB	$TX,*${KEYB}[$YY]
+||[B0]	ADD4	$TX,$YY,$YY
+	STB	$TY,*${KEYA}[$xx]
+||[!B0]	ADD4	$tx,$YY,$YY
+||[!B0]	MV	$tx,$TX
+	SPKERNEL
+;;==================================================
+
+	BNOP	B3,5
+	.endasmfunc
+
+	.global	_RC4_options
+	.align	16
+_RC4_options:
+_rc4_options:
+	.asmfunc
+	BNOP	B3,1
+	ADDKPC	_rc4_options,B4
+	.if	__TI_EABI__
+	MVKL	\$PCR_OFFSET(rc4_options,_rc4_options),A4
+	MVKH	\$PCR_OFFSET(rc4_options,_rc4_options),A4
+	.else
+	MVKL	(rc4_options-_rc4_options),A4
+	MVKH	(rc4_options-_rc4_options),A4
+	.endif
+	ADD	B4,A4,A4
+	.endasmfunc
+
+	.if	__TI_EABI__
+	.sect	".text:rc4_options.const"
+	.else
+	.sect	".const:rc4_options"
+	.endif
+	.align	4
+rc4_options:
+	.cstring "rc4(sploop,char)"
+	.cstring "RC4 for C64+, CRYPTOGAMS by <appro\@openssl.org>"
+	.align	4
+___
+
+$output=pop;
+open STDOUT,">$output";
+print $code;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/asm/rc4-md5-x86_64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/asm/rc4-md5-x86_64.pl
new file mode 100644
index 000000000..74e519105
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/asm/rc4-md5-x86_64.pl
@@ -0,0 +1,661 @@
+#! /usr/bin/env perl
+# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# June 2011
+#
+# This is RC4+MD5 "stitch" implementation. The idea, as spelled in
+# http://download.intel.com/design/intarch/papers/323686.pdf, is that
+# since both algorithms exhibit instruction-level parallelism, ILP,
+# below theoretical maximum, interleaving them would allow to utilize
+# processor resources better and achieve better performance. RC4
+# instruction sequence is virtually identical to rc4-x86_64.pl, which
+# is heavily based on submission by Maxim Perminov, Maxim Locktyukhin
+# and Jim Guilford of Intel. MD5 is fresh implementation aiming to
+# minimize register usage, which was used as "main thread" with RC4
+# weaved into it, one RC4 round per one MD5 round. In addition to the
+# stiched subroutine the script can generate standalone replacement
+# md5_block_asm_data_order and RC4. Below are performance numbers in
+# cycles per processed byte, less is better, for these the standalone
+# subroutines, sum of them, and stitched one:
+#
+#		RC4	MD5	RC4+MD5	stitch	gain
+# Opteron	6.5(*)	5.4	11.9	7.0	+70%(*)
+# Core2		6.5	5.8	12.3	7.7	+60%
+# Westmere	4.3	5.2	9.5	7.0	+36%
+# Sandy Bridge	4.2	5.5	9.7	6.8	+43%
+# Ivy Bridge	4.1	5.2	9.3	6.0	+54%
+# Haswell	4.0	5.0	9.0	5.7	+60%
+# Skylake	6.3(**)	5.0	11.3	5.3	+110%
+# Atom		9.3	6.5	15.8	11.1	+42%
+# VIA Nano	6.3	5.4	11.7	8.6	+37%
+# Bulldozer	4.5	5.4	9.9	7.7	+29%
+#
+# (*)	rc4-x86_64.pl delivers 5.3 on Opteron, so real improvement
+#	is +53%...
+# (**)	unidentified anomaly;
+
+my ($rc4,$md5)=(1,1);	# what to generate?
+my $D="#" if (!$md5);	# if set to "#", MD5 is stitched into RC4(),
+			# but its result is discarded. Idea here is
+			# to be able to use 'openssl speed rc4' for
+			# benchmarking the stitched subroutine...
+
+my $flavour = shift;
+my $output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+my $win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; my $dir=$1; my $xlate;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+my ($dat,$in0,$out,$ctx,$inp,$len, $func,$nargs);
+
+if ($rc4 && !$md5) {
+  ($dat,$len,$in0,$out) = ("%rdi","%rsi","%rdx","%rcx");
+  $func="RC4";				$nargs=4;
+} elsif ($md5 && !$rc4) {
+  ($ctx,$inp,$len) = ("%rdi","%rsi","%rdx");
+  $func="md5_block_asm_data_order";	$nargs=3;
+} else {
+  ($dat,$in0,$out,$ctx,$inp,$len) = ("%rdi","%rsi","%rdx","%rcx","%r8","%r9");
+  $func="rc4_md5_enc";			$nargs=6;
+  # void rc4_md5_enc(
+  #		RC4_KEY *key,		#
+  #		const void *in0,	# RC4 input
+  #		void *out,		# RC4 output
+  #		MD5_CTX *ctx,		#
+  #		const void *inp,	# MD5 input
+  #		size_t len);		# number of 64-byte blocks
+}
+
+my @K=(	0xd76aa478,0xe8c7b756,0x242070db,0xc1bdceee,
+	0xf57c0faf,0x4787c62a,0xa8304613,0xfd469501,
+	0x698098d8,0x8b44f7af,0xffff5bb1,0x895cd7be,
+	0x6b901122,0xfd987193,0xa679438e,0x49b40821,
+
+	0xf61e2562,0xc040b340,0x265e5a51,0xe9b6c7aa,
+	0xd62f105d,0x02441453,0xd8a1e681,0xe7d3fbc8,
+	0x21e1cde6,0xc33707d6,0xf4d50d87,0x455a14ed,
+	0xa9e3e905,0xfcefa3f8,0x676f02d9,0x8d2a4c8a,
+
+	0xfffa3942,0x8771f681,0x6d9d6122,0xfde5380c,
+	0xa4beea44,0x4bdecfa9,0xf6bb4b60,0xbebfbc70,
+	0x289b7ec6,0xeaa127fa,0xd4ef3085,0x04881d05,
+	0xd9d4d039,0xe6db99e5,0x1fa27cf8,0xc4ac5665,
+
+	0xf4292244,0x432aff97,0xab9423a7,0xfc93a039,
+	0x655b59c3,0x8f0ccc92,0xffeff47d,0x85845dd1,
+	0x6fa87e4f,0xfe2ce6e0,0xa3014314,0x4e0811a1,
+	0xf7537e82,0xbd3af235,0x2ad7d2bb,0xeb86d391	);
+
+my @V=("%r8d","%r9d","%r10d","%r11d");	# MD5 registers
+my $tmp="%r12d";
+
+my @XX=("%rbp","%rsi");			# RC4 registers
+my @TX=("%rax","%rbx");
+my $YY="%rcx";
+my $TY="%rdx";
+
+my $MOD=32;				# 16, 32 or 64
+
+$code.=<<___;
+.text
+.align 16
+
+.globl	$func
+.type	$func,\@function,$nargs
+$func:
+.cfi_startproc
+	cmp	\$0,$len
+	je	.Labort
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+	sub	\$40,%rsp
+.cfi_adjust_cfa_offset	40
+.Lbody:
+___
+if ($rc4) {
+$code.=<<___;
+$D#md5#	mov	$ctx,%r11		# reassign arguments
+	mov	$len,%r12
+	mov	$in0,%r13
+	mov	$out,%r14
+$D#md5#	mov	$inp,%r15
+___
+    $ctx="%r11"	if ($md5);		# reassign arguments
+    $len="%r12";
+    $in0="%r13";
+    $out="%r14";
+    $inp="%r15"	if ($md5);
+    $inp=$in0	if (!$md5);
+$code.=<<___;
+	xor	$XX[0],$XX[0]
+	xor	$YY,$YY
+
+	lea	8($dat),$dat
+	mov	-8($dat),$XX[0]#b
+	mov	-4($dat),$YY#b
+
+	inc	$XX[0]#b
+	sub	$in0,$out
+	movl	($dat,$XX[0],4),$TX[0]#d
+___
+$code.=<<___ if (!$md5);
+	xor	$TX[1],$TX[1]
+	test	\$-128,$len
+	jz	.Loop1
+	sub	$XX[0],$TX[1]
+	and	\$`$MOD-1`,$TX[1]
+	jz	.Loop${MOD}_is_hot
+	sub	$TX[1],$len
+.Loop${MOD}_warmup:
+	add	$TX[0]#b,$YY#b
+	movl	($dat,$YY,4),$TY#d
+	movl	$TX[0]#d,($dat,$YY,4)
+	movl	$TY#d,($dat,$XX[0],4)
+	add	$TY#b,$TX[0]#b
+	inc	$XX[0]#b
+	movl	($dat,$TX[0],4),$TY#d
+	movl	($dat,$XX[0],4),$TX[0]#d
+	xorb	($in0),$TY#b
+	movb	$TY#b,($out,$in0)
+	lea	1($in0),$in0
+	dec	$TX[1]
+	jnz	.Loop${MOD}_warmup
+
+	mov	$YY,$TX[1]
+	xor	$YY,$YY
+	mov	$TX[1]#b,$YY#b
+
+.Loop${MOD}_is_hot:
+	mov	$len,32(%rsp)		# save original $len
+	shr	\$6,$len		# number of 64-byte blocks
+___
+  if ($D && !$md5) {			# stitch in dummy MD5
+    $md5=1;
+    $ctx="%r11";
+    $inp="%r15";
+    $code.=<<___;
+	mov	%rsp,$ctx
+	mov	$in0,$inp
+___
+  }
+}
+$code.=<<___;
+#rc4#	add	$TX[0]#b,$YY#b
+#rc4#	lea	($dat,$XX[0],4),$XX[1]
+	shl	\$6,$len
+	add	$inp,$len		# pointer to the end of input
+	mov	$len,16(%rsp)
+
+#md5#	mov	$ctx,24(%rsp)		# save pointer to MD5_CTX
+#md5#	mov	0*4($ctx),$V[0]		# load current hash value from MD5_CTX
+#md5#	mov	1*4($ctx),$V[1]
+#md5#	mov	2*4($ctx),$V[2]
+#md5#	mov	3*4($ctx),$V[3]
+	jmp	.Loop
+
+.align	16
+.Loop:
+#md5#	mov	$V[0],0*4(%rsp)		# put aside current hash value
+#md5#	mov	$V[1],1*4(%rsp)
+#md5#	mov	$V[2],2*4(%rsp)
+#md5#	mov	$V[3],$tmp		# forward reference
+#md5#	mov	$V[3],3*4(%rsp)
+___
+
+sub R0 {
+  my ($i,$a,$b,$c,$d)=@_;
+  my @rot0=(7,12,17,22);
+  my $j=$i%16;
+  my $k=$i%$MOD;
+  my $xmm="%xmm".($j&1);
+    $code.="	movdqu	($in0),%xmm2\n"		if ($rc4 && $j==15);
+    $code.="	add	\$$MOD,$XX[0]#b\n"	if ($rc4 && $j==15 && $k==$MOD-1);
+    $code.="	pxor	$xmm,$xmm\n"		if ($rc4 && $j<=1);
+    $code.=<<___;
+#rc4#	movl	($dat,$YY,4),$TY#d
+#md5#	xor	$c,$tmp
+#rc4#	movl	$TX[0]#d,($dat,$YY,4)
+#md5#	and	$b,$tmp
+#md5#	add	4*`$j`($inp),$a
+#rc4#	add	$TY#b,$TX[0]#b
+#rc4#	movl	`4*(($k+1)%$MOD)`(`$k==$MOD-1?"$dat,$XX[0],4":"$XX[1]"`),$TX[1]#d
+#md5#	add	\$$K[$i],$a
+#md5#	xor	$d,$tmp
+#rc4#	movz	$TX[0]#b,$TX[0]#d
+#rc4#	movl	$TY#d,4*$k($XX[1])
+#md5#	add	$tmp,$a
+#rc4#	add	$TX[1]#b,$YY#b
+#md5#	rol	\$$rot0[$j%4],$a
+#md5#	mov	`$j==15?"$b":"$c"`,$tmp		# forward reference
+#rc4#	pinsrw	\$`($j>>1)&7`,($dat,$TX[0],4),$xmm\n
+#md5#	add	$b,$a
+___
+    $code.=<<___ if ($rc4 && $j==15 && $k==$MOD-1);
+	mov	$YY,$XX[1]
+	xor	$YY,$YY				# keyword to partial register
+	mov	$XX[1]#b,$YY#b
+	lea	($dat,$XX[0],4),$XX[1]
+___
+    $code.=<<___ if ($rc4 && $j==15);
+	psllq	\$8,%xmm1
+	pxor	%xmm0,%xmm2
+	pxor	%xmm1,%xmm2
+___
+}
+sub R1 {
+  my ($i,$a,$b,$c,$d)=@_;
+  my @rot1=(5,9,14,20);
+  my $j=$i%16;
+  my $k=$i%$MOD;
+  my $xmm="%xmm".($j&1);
+    $code.="	movdqu	16($in0),%xmm3\n"	if ($rc4 && $j==15);
+    $code.="	add	\$$MOD,$XX[0]#b\n"	if ($rc4 && $j==15 && $k==$MOD-1);
+    $code.="	pxor	$xmm,$xmm\n"		if ($rc4 && $j<=1);
+    $code.=<<___;
+#rc4#	movl	($dat,$YY,4),$TY#d
+#md5#	xor	$b,$tmp
+#rc4#	movl	$TX[0]#d,($dat,$YY,4)
+#md5#	and	$d,$tmp
+#md5#	add	4*`((1+5*$j)%16)`($inp),$a
+#rc4#	add	$TY#b,$TX[0]#b
+#rc4#	movl	`4*(($k+1)%$MOD)`(`$k==$MOD-1?"$dat,$XX[0],4":"$XX[1]"`),$TX[1]#d
+#md5#	add	\$$K[$i],$a
+#md5#	xor	$c,$tmp
+#rc4#	movz	$TX[0]#b,$TX[0]#d
+#rc4#	movl	$TY#d,4*$k($XX[1])
+#md5#	add	$tmp,$a
+#rc4#	add	$TX[1]#b,$YY#b
+#md5#	rol	\$$rot1[$j%4],$a
+#md5#	mov	`$j==15?"$c":"$b"`,$tmp		# forward reference
+#rc4#	pinsrw	\$`($j>>1)&7`,($dat,$TX[0],4),$xmm\n
+#md5#	add	$b,$a
+___
+    $code.=<<___ if ($rc4 && $j==15 && $k==$MOD-1);
+	mov	$YY,$XX[1]
+	xor	$YY,$YY				# keyword to partial register
+	mov	$XX[1]#b,$YY#b
+	lea	($dat,$XX[0],4),$XX[1]
+___
+    $code.=<<___ if ($rc4 && $j==15);
+	psllq	\$8,%xmm1
+	pxor	%xmm0,%xmm3
+	pxor	%xmm1,%xmm3
+___
+}
+sub R2 {
+  my ($i,$a,$b,$c,$d)=@_;
+  my @rot2=(4,11,16,23);
+  my $j=$i%16;
+  my $k=$i%$MOD;
+  my $xmm="%xmm".($j&1);
+    $code.="	movdqu	32($in0),%xmm4\n"	if ($rc4 && $j==15);
+    $code.="	add	\$$MOD,$XX[0]#b\n"	if ($rc4 && $j==15 && $k==$MOD-1);
+    $code.="	pxor	$xmm,$xmm\n"		if ($rc4 && $j<=1);
+    $code.=<<___;
+#rc4#	movl	($dat,$YY,4),$TY#d
+#md5#	xor	$c,$tmp
+#rc4#	movl	$TX[0]#d,($dat,$YY,4)
+#md5#	xor	$b,$tmp
+#md5#	add	4*`((5+3*$j)%16)`($inp),$a
+#rc4#	add	$TY#b,$TX[0]#b
+#rc4#	movl	`4*(($k+1)%$MOD)`(`$k==$MOD-1?"$dat,$XX[0],4":"$XX[1]"`),$TX[1]#d
+#md5#	add	\$$K[$i],$a
+#rc4#	movz	$TX[0]#b,$TX[0]#d
+#md5#	add	$tmp,$a
+#rc4#	movl	$TY#d,4*$k($XX[1])
+#rc4#	add	$TX[1]#b,$YY#b
+#md5#	rol	\$$rot2[$j%4],$a
+#md5#	mov	`$j==15?"\\\$-1":"$c"`,$tmp	# forward reference
+#rc4#	pinsrw	\$`($j>>1)&7`,($dat,$TX[0],4),$xmm\n
+#md5#	add	$b,$a
+___
+    $code.=<<___ if ($rc4 && $j==15 && $k==$MOD-1);
+	mov	$YY,$XX[1]
+	xor	$YY,$YY				# keyword to partial register
+	mov	$XX[1]#b,$YY#b
+	lea	($dat,$XX[0],4),$XX[1]
+___
+    $code.=<<___ if ($rc4 && $j==15);
+	psllq	\$8,%xmm1
+	pxor	%xmm0,%xmm4
+	pxor	%xmm1,%xmm4
+___
+}
+sub R3 {
+  my ($i,$a,$b,$c,$d)=@_;
+  my @rot3=(6,10,15,21);
+  my $j=$i%16;
+  my $k=$i%$MOD;
+  my $xmm="%xmm".($j&1);
+    $code.="	movdqu	48($in0),%xmm5\n"	if ($rc4 && $j==15);
+    $code.="	add	\$$MOD,$XX[0]#b\n"	if ($rc4 && $j==15 && $k==$MOD-1);
+    $code.="	pxor	$xmm,$xmm\n"		if ($rc4 && $j<=1);
+    $code.=<<___;
+#rc4#	movl	($dat,$YY,4),$TY#d
+#md5#	xor	$d,$tmp
+#rc4#	movl	$TX[0]#d,($dat,$YY,4)
+#md5#	or	$b,$tmp
+#md5#	add	4*`((7*$j)%16)`($inp),$a
+#rc4#	add	$TY#b,$TX[0]#b
+#rc4#	movl	`4*(($k+1)%$MOD)`(`$k==$MOD-1?"$dat,$XX[0],4":"$XX[1]"`),$TX[1]#d
+#md5#	add	\$$K[$i],$a
+#rc4#	movz	$TX[0]#b,$TX[0]#d
+#md5#	xor	$c,$tmp
+#rc4#	movl	$TY#d,4*$k($XX[1])
+#md5#	add	$tmp,$a
+#rc4#	add	$TX[1]#b,$YY#b
+#md5#	rol	\$$rot3[$j%4],$a
+#md5#	mov	\$-1,$tmp			# forward reference
+#rc4#	pinsrw	\$`($j>>1)&7`,($dat,$TX[0],4),$xmm\n
+#md5#	add	$b,$a
+___
+    $code.=<<___ if ($rc4 && $j==15);
+	mov	$XX[0],$XX[1]
+	xor	$XX[0],$XX[0]			# keyword to partial register
+	mov	$XX[1]#b,$XX[0]#b
+	mov	$YY,$XX[1]
+	xor	$YY,$YY				# keyword to partial register
+	mov	$XX[1]#b,$YY#b
+	lea	($dat,$XX[0],4),$XX[1]
+	psllq	\$8,%xmm1
+	pxor	%xmm0,%xmm5
+	pxor	%xmm1,%xmm5
+___
+}
+
+my $i=0;
+for(;$i<16;$i++) { R0($i,@V); unshift(@V,pop(@V)); push(@TX,shift(@TX)); }
+for(;$i<32;$i++) { R1($i,@V); unshift(@V,pop(@V)); push(@TX,shift(@TX)); }
+for(;$i<48;$i++) { R2($i,@V); unshift(@V,pop(@V)); push(@TX,shift(@TX)); }
+for(;$i<64;$i++) { R3($i,@V); unshift(@V,pop(@V)); push(@TX,shift(@TX)); }
+
+$code.=<<___;
+#md5#	add	0*4(%rsp),$V[0]		# accumulate hash value
+#md5#	add	1*4(%rsp),$V[1]
+#md5#	add	2*4(%rsp),$V[2]
+#md5#	add	3*4(%rsp),$V[3]
+
+#rc4#	movdqu	%xmm2,($out,$in0)	# write RC4 output
+#rc4#	movdqu	%xmm3,16($out,$in0)
+#rc4#	movdqu	%xmm4,32($out,$in0)
+#rc4#	movdqu	%xmm5,48($out,$in0)
+#md5#	lea	64($inp),$inp
+#rc4#	lea	64($in0),$in0
+	cmp	16(%rsp),$inp		# are we done?
+	jb	.Loop
+
+#md5#	mov	24(%rsp),$len		# restore pointer to MD5_CTX
+#rc4#	sub	$TX[0]#b,$YY#b		# correct $YY
+#md5#	mov	$V[0],0*4($len)		# write MD5_CTX
+#md5#	mov	$V[1],1*4($len)
+#md5#	mov	$V[2],2*4($len)
+#md5#	mov	$V[3],3*4($len)
+___
+$code.=<<___ if ($rc4 && (!$md5 || $D));
+	mov	32(%rsp),$len		# restore original $len
+	and	\$63,$len		# remaining bytes
+	jnz	.Loop1
+	jmp	.Ldone
+
+.align	16
+.Loop1:
+	add	$TX[0]#b,$YY#b
+	movl	($dat,$YY,4),$TY#d
+	movl	$TX[0]#d,($dat,$YY,4)
+	movl	$TY#d,($dat,$XX[0],4)
+	add	$TY#b,$TX[0]#b
+	inc	$XX[0]#b
+	movl	($dat,$TX[0],4),$TY#d
+	movl	($dat,$XX[0],4),$TX[0]#d
+	xorb	($in0),$TY#b
+	movb	$TY#b,($out,$in0)
+	lea	1($in0),$in0
+	dec	$len
+	jnz	.Loop1
+
+.Ldone:
+___
+$code.=<<___;
+#rc4#	sub	\$1,$XX[0]#b
+#rc4#	movl	$XX[0]#d,-8($dat)
+#rc4#	movl	$YY#d,-4($dat)
+
+	mov	40(%rsp),%r15
+.cfi_restore	%r15
+	mov	48(%rsp),%r14
+.cfi_restore	%r14
+	mov	56(%rsp),%r13
+.cfi_restore	%r13
+	mov	64(%rsp),%r12
+.cfi_restore	%r12
+	mov	72(%rsp),%rbp
+.cfi_restore	%rbp
+	mov	80(%rsp),%rbx
+.cfi_restore	%rbx
+	lea	88(%rsp),%rsp
+.cfi_adjust_cfa_offset	-88
+.Lepilogue:
+.Labort:
+	ret
+.cfi_endproc
+.size $func,.-$func
+___
+
+if ($rc4 && $D) {	# sole purpose of this section is to provide
+			# option to use the generated module as drop-in
+			# replacement for rc4-x86_64.pl for debugging
+			# and testing purposes...
+my ($idx,$ido)=("%r8","%r9");
+my ($dat,$len,$inp)=("%rdi","%rsi","%rdx");
+
+$code.=<<___;
+.globl	RC4_set_key
+.type	RC4_set_key,\@function,3
+.align	16
+RC4_set_key:
+	lea	8($dat),$dat
+	lea	($inp,$len),$inp
+	neg	$len
+	mov	$len,%rcx
+	xor	%eax,%eax
+	xor	$ido,$ido
+	xor	%r10,%r10
+	xor	%r11,%r11
+	jmp	.Lw1stloop
+
+.align	16
+.Lw1stloop:
+	mov	%eax,($dat,%rax,4)
+	add	\$1,%al
+	jnc	.Lw1stloop
+
+	xor	$ido,$ido
+	xor	$idx,$idx
+.align	16
+.Lw2ndloop:
+	mov	($dat,$ido,4),%r10d
+	add	($inp,$len,1),$idx#b
+	add	%r10b,$idx#b
+	add	\$1,$len
+	mov	($dat,$idx,4),%r11d
+	cmovz	%rcx,$len
+	mov	%r10d,($dat,$idx,4)
+	mov	%r11d,($dat,$ido,4)
+	add	\$1,$ido#b
+	jnc	.Lw2ndloop
+
+	xor	%eax,%eax
+	mov	%eax,-8($dat)
+	mov	%eax,-4($dat)
+	ret
+.size	RC4_set_key,.-RC4_set_key
+
+.globl	RC4_options
+.type	RC4_options,\@abi-omnipotent
+.align	16
+RC4_options:
+	lea	.Lopts(%rip),%rax
+	ret
+.align	64
+.Lopts:
+.asciz	"rc4(64x,int)"
+.align	64
+.size	RC4_options,.-RC4_options
+___
+}
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+my $rec="%rcx";
+my $frame="%rdx";
+my $context="%r8";
+my $disp="%r9";
+
+$code.=<<___;
+.extern	__imp_RtlVirtualUnwind
+.type	se_handler,\@abi-omnipotent
+.align	16
+se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	lea	.Lbody(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip<.Lbody
+	jb	.Lin_prologue
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	lea	.Lepilogue(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip>=.Lepilogue
+	jae	.Lin_prologue
+
+	mov	40(%rax),%r15
+	mov	48(%rax),%r14
+	mov	56(%rax),%r13
+	mov	64(%rax),%r12
+	mov	72(%rax),%rbp
+	mov	80(%rax),%rbx
+	lea	88(%rax),%rax
+
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R12
+	mov	%r14,232($context)	# restore context->R14
+	mov	%r15,240($context)	# restore context->R15
+
+.Lin_prologue:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$154,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	se_handler,.-se_handler
+
+.section	.pdata
+.align	4
+	.rva	.LSEH_begin_$func
+	.rva	.LSEH_end_$func
+	.rva	.LSEH_info_$func
+
+.section	.xdata
+.align	8
+.LSEH_info_$func:
+	.byte	9,0,0,0
+	.rva	se_handler
+___
+}
+
+sub reg_part {
+my ($reg,$conv)=@_;
+    if ($reg =~ /%r[0-9]+/)     { $reg .= $conv; }
+    elsif ($conv eq "b")        { $reg =~ s/%[er]([^x]+)x?/%$1l/;       }
+    elsif ($conv eq "w")        { $reg =~ s/%[er](.+)/%$1/;             }
+    elsif ($conv eq "d")        { $reg =~ s/%[er](.+)/%e$1/;            }
+    return $reg;
+}
+
+$code =~ s/(%[a-z0-9]+)#([bwd])/reg_part($1,$2)/gem;
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+$code =~ s/pinsrw\s+\$0,/movd	/gm;
+
+$code =~ s/#md5#//gm	if ($md5);
+$code =~ s/#rc4#//gm	if ($rc4);
+
+print $code;
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/asm/rc4-parisc.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/asm/rc4-parisc.pl
new file mode 100644
index 000000000..4111f339d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/asm/rc4-parisc.pl
@@ -0,0 +1,333 @@
+#! /usr/bin/env perl
+# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# RC4 for PA-RISC.
+
+# June 2009.
+#
+# Performance is 33% better than gcc 3.2 generated code on PA-7100LC.
+# For reference, [4x] unrolled loop is >40% faster than folded one.
+# It's possible to unroll loop 8 times on PA-RISC 2.0, but improvement
+# is believed to be not sufficient to justify the effort...
+#
+# Special thanks to polarhome.com for providing HP-UX account.
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+
+$flavour = shift;
+$output = shift;
+open STDOUT,">$output";
+
+if ($flavour =~ /64/) {
+	$LEVEL		="2.0W";
+	$SIZE_T		=8;
+	$FRAME_MARKER	=80;
+	$SAVED_RP	=16;
+	$PUSH		="std";
+	$PUSHMA		="std,ma";
+	$POP		="ldd";
+	$POPMB		="ldd,mb";
+} else {
+	$LEVEL		="1.0";
+	$SIZE_T		=4;
+	$FRAME_MARKER	=48;
+	$SAVED_RP	=20;
+	$PUSH		="stw";
+	$PUSHMA		="stwm";
+	$POP		="ldw";
+	$POPMB		="ldwm";
+}
+
+$FRAME=4*$SIZE_T+$FRAME_MARKER;	# 4 saved regs + frame marker
+				#                [+ argument transfer]
+$SZ=1;				# defaults to RC4_CHAR
+if (open CONF,"<${dir}../../opensslconf.h") {
+    while(<CONF>) {
+	if (m/#\s*define\s+RC4_INT\s+(.*)/) {
+	    $SZ = ($1=~/char$/) ? 1 : 4;
+	    last;
+	}
+    }
+    close CONF;
+}
+
+if ($SZ==1) {	# RC4_CHAR
+    $LD="ldb";
+    $LDX="ldbx";
+    $MKX="addl";
+    $ST="stb";
+} else {	# RC4_INT (~5% faster than RC4_CHAR on PA-7100LC)
+    $LD="ldw";
+    $LDX="ldwx,s";
+    $MKX="sh2addl";
+    $ST="stw";
+}
+
+$key="%r26";
+$len="%r25";
+$inp="%r24";
+$out="%r23";
+
+@XX=("%r19","%r20");
+@TX=("%r21","%r22");
+$YY="%r28";
+$TY="%r29";
+
+$acc="%r1";
+$ix="%r2";
+$iy="%r3";
+$dat0="%r4";
+$dat1="%r5";
+$rem="%r6";
+$mask="%r31";
+
+sub unrolledloopbody {
+for ($i=0;$i<4;$i++) {
+$code.=<<___;
+	ldo	1($XX[0]),$XX[1]
+	`sprintf("$LDX	%$TY(%$key),%$dat1") if ($i>0)`
+	and	$mask,$XX[1],$XX[1]
+	$LDX	$YY($key),$TY
+	$MKX	$YY,$key,$ix
+	$LDX	$XX[1]($key),$TX[1]
+	$MKX	$XX[0],$key,$iy
+	$ST	$TX[0],0($ix)
+	comclr,<> $XX[1],$YY,%r0	; conditional
+	copy	$TX[0],$TX[1]		; move
+	`sprintf("%sdep	%$dat1,%d,8,%$acc",$i==1?"z":"",8*($i-1)+7) if ($i>0)`
+	$ST	$TY,0($iy)
+	addl	$TX[0],$TY,$TY
+	addl	$TX[1],$YY,$YY
+	and	$mask,$TY,$TY
+	and	$mask,$YY,$YY
+___
+push(@TX,shift(@TX)); push(@XX,shift(@XX));	# "rotate" registers
+} }
+
+sub foldedloop {
+my ($label,$count)=@_;
+$code.=<<___;
+$label
+	$MKX	$YY,$key,$iy
+	$LDX	$YY($key),$TY
+	$MKX	$XX[0],$key,$ix
+	$ST	$TX[0],0($iy)
+	ldo	1($XX[0]),$XX[0]
+	$ST	$TY,0($ix)
+	addl	$TX[0],$TY,$TY
+	ldbx	$inp($out),$dat1
+	and	$mask,$TY,$TY
+	and	$mask,$XX[0],$XX[0]
+	$LDX	$TY($key),$acc
+	$LDX	$XX[0]($key),$TX[0]
+	ldo	1($out),$out
+	xor	$dat1,$acc,$acc
+	addl	$TX[0],$YY,$YY
+	stb	$acc,-1($out)
+	addib,<> -1,$count,$label	; $count is always small
+	and	$mask,$YY,$YY
+___
+}
+
+$code=<<___;
+	.LEVEL	$LEVEL
+	.SPACE	\$TEXT\$
+	.SUBSPA	\$CODE\$,QUAD=0,ALIGN=8,ACCESS=0x2C,CODE_ONLY
+
+	.EXPORT	RC4,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR
+RC4
+	.PROC
+	.CALLINFO	FRAME=`$FRAME-4*$SIZE_T`,NO_CALLS,SAVE_RP,ENTRY_GR=6
+	.ENTRY
+	$PUSH	%r2,-$SAVED_RP(%sp)	; standard prologue
+	$PUSHMA	%r3,$FRAME(%sp)
+	$PUSH	%r4,`-$FRAME+1*$SIZE_T`(%sp)
+	$PUSH	%r5,`-$FRAME+2*$SIZE_T`(%sp)
+	$PUSH	%r6,`-$FRAME+3*$SIZE_T`(%sp)
+
+	cmpib,*= 0,$len,L\$abort
+	sub	$inp,$out,$inp		; distance between $inp and $out
+
+	$LD	`0*$SZ`($key),$XX[0]
+	$LD	`1*$SZ`($key),$YY
+	ldo	`2*$SZ`($key),$key
+
+	ldi	0xff,$mask
+	ldi	3,$dat0
+
+	ldo	1($XX[0]),$XX[0]	; warm up loop
+	and	$mask,$XX[0],$XX[0]
+	$LDX	$XX[0]($key),$TX[0]
+	addl	$TX[0],$YY,$YY
+	cmpib,*>>= 6,$len,L\$oop1	; is $len large enough to bother?
+	and	$mask,$YY,$YY
+
+	and,<>	$out,$dat0,$rem		; is $out aligned?
+	b	L\$alignedout
+	subi	4,$rem,$rem
+	sub	$len,$rem,$len
+___
+&foldedloop("L\$alignout",$rem);	# process till $out is aligned
+
+$code.=<<___;
+L\$alignedout				; $len is at least 4 here
+	and,<>	$inp,$dat0,$acc		; is $inp aligned?
+	b	L\$oop4
+	sub	$inp,$acc,$rem		; align $inp
+
+	sh3addl	$acc,%r0,$acc
+	subi	32,$acc,$acc
+	mtctl	$acc,%cr11		; load %sar with vshd align factor
+	ldwx	$rem($out),$dat0
+	ldo	4($rem),$rem
+L\$oop4misalignedinp
+___
+&unrolledloopbody();
+$code.=<<___;
+	$LDX	$TY($key),$ix
+	ldwx	$rem($out),$dat1
+	ldo	-4($len),$len
+	or	$ix,$acc,$acc		; last piece, no need to dep
+	vshd	$dat0,$dat1,$iy		; align data
+	copy	$dat1,$dat0
+	xor	$iy,$acc,$acc
+	stw	$acc,0($out)
+	cmpib,*<< 3,$len,L\$oop4misalignedinp
+	ldo	4($out),$out
+	cmpib,*= 0,$len,L\$done
+	nop
+	b	L\$oop1
+	nop
+
+	.ALIGN	8
+L\$oop4
+___
+&unrolledloopbody();
+$code.=<<___;
+	$LDX	$TY($key),$ix
+	ldwx	$inp($out),$dat0
+	ldo	-4($len),$len
+	or	$ix,$acc,$acc		; last piece, no need to dep
+	xor	$dat0,$acc,$acc
+	stw	$acc,0($out)
+	cmpib,*<< 3,$len,L\$oop4
+	ldo	4($out),$out
+	cmpib,*= 0,$len,L\$done
+	nop
+___
+&foldedloop("L\$oop1",$len);
+$code.=<<___;
+L\$done
+	$POP	`-$FRAME-$SAVED_RP`(%sp),%r2
+	ldo	-1($XX[0]),$XX[0]	; chill out loop
+	sub	$YY,$TX[0],$YY
+	and	$mask,$XX[0],$XX[0]
+	and	$mask,$YY,$YY
+	$ST	$XX[0],`-2*$SZ`($key)
+	$ST	$YY,`-1*$SZ`($key)
+	$POP	`-$FRAME+1*$SIZE_T`(%sp),%r4
+	$POP	`-$FRAME+2*$SIZE_T`(%sp),%r5
+	$POP	`-$FRAME+3*$SIZE_T`(%sp),%r6
+L\$abort
+	bv	(%r2)
+	.EXIT
+	$POPMB	-$FRAME(%sp),%r3
+	.PROCEND
+___
+
+$code.=<<___;
+
+	.EXPORT	RC4_set_key,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR
+	.ALIGN	8
+RC4_set_key
+	.PROC
+	.CALLINFO	NO_CALLS
+	.ENTRY
+	$ST	%r0,`0*$SZ`($key)
+	$ST	%r0,`1*$SZ`($key)
+	ldo	`2*$SZ`($key),$key
+	copy	%r0,@XX[0]
+L\$1st
+	$ST	@XX[0],0($key)
+	ldo	1(@XX[0]),@XX[0]
+	bb,>=	@XX[0],`31-8`,L\$1st	; @XX[0]<256
+	ldo	$SZ($key),$key
+
+	ldo	`-256*$SZ`($key),$key	; rewind $key
+	addl	$len,$inp,$inp		; $inp to point at the end
+	sub	%r0,$len,%r23		; inverse index
+	copy	%r0,@XX[0]
+	copy	%r0,@XX[1]
+	ldi	0xff,$mask
+
+L\$2nd
+	$LDX	@XX[0]($key),@TX[0]
+	ldbx	%r23($inp),@TX[1]
+	addi,nuv 1,%r23,%r23		; increment and conditional
+	sub	%r0,$len,%r23		; inverse index
+	addl	@TX[0],@XX[1],@XX[1]
+	addl	@TX[1],@XX[1],@XX[1]
+	and	$mask,@XX[1],@XX[1]
+	$MKX	@XX[0],$key,$TY
+	$LDX	@XX[1]($key),@TX[1]
+	$MKX	@XX[1],$key,$YY
+	ldo	1(@XX[0]),@XX[0]
+	$ST	@TX[0],0($YY)
+	bb,>=	@XX[0],`31-8`,L\$2nd	; @XX[0]<256
+	$ST	@TX[1],0($TY)
+
+	bv,n	(%r2)
+	.EXIT
+	nop
+	.PROCEND
+
+	.EXPORT	RC4_options,ENTRY
+	.ALIGN	8
+RC4_options
+	.PROC
+	.CALLINFO	NO_CALLS
+	.ENTRY
+	blr	%r0,%r28
+	ldi	3,%r1
+L\$pic
+	andcm	%r28,%r1,%r28
+	bv	(%r2)
+	.EXIT
+	ldo	L\$opts-L\$pic(%r28),%r28
+	.PROCEND
+	.ALIGN	8
+L\$opts
+	.STRINGZ "rc4(4x,`$SZ==1?"char":"int"`)"
+	.STRINGZ "RC4 for PA-RISC, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+	=~ /GNU assembler/) {
+    $gnuas = 1;
+}
+
+foreach(split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/ge;
+
+	s/(\.LEVEL\s+2\.0)W/$1w/	if ($gnuas && $SIZE_T==8);
+	s/\.SPACE\s+\$TEXT\$/.text/	if ($gnuas && $SIZE_T==8);
+	s/\.SUBSPA.*//			if ($gnuas && $SIZE_T==8);
+	s/cmpib,\*/comib,/		if ($SIZE_T==4);
+	s/\bbv\b/bve/			if ($SIZE_T==8);
+
+	print $_,"\n";
+}
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/asm/rc4-s390x.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/asm/rc4-s390x.pl
new file mode 100644
index 000000000..469f110fa
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/asm/rc4-s390x.pl
@@ -0,0 +1,241 @@
+#! /usr/bin/env perl
+# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# February 2009
+#
+# Performance is 2x of gcc 3.4.6 on z10. Coding "secret" is to
+# "cluster" Address Generation Interlocks, so that one pipeline stall
+# resolves several dependencies.
+
+# November 2010.
+#
+# Adapt for -m31 build. If kernel supports what's called "highgprs"
+# feature on Linux [see /proc/cpuinfo], it's possible to use 64-bit
+# instructions and achieve "64-bit" performance even in 31-bit legacy
+# application context. The feature is not specific to any particular
+# processor, as long as it's "z-CPU". Latter implies that the code
+# remains z/Architecture specific. On z990 it was measured to perform
+# 50% better than code generated by gcc 4.3.
+
+$flavour = shift;
+
+if ($flavour =~ /3[12]/) {
+	$SIZE_T=4;
+	$g="";
+} else {
+	$SIZE_T=8;
+	$g="g";
+}
+
+while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+open STDOUT,">$output";
+
+$rp="%r14";
+$sp="%r15";
+$code=<<___;
+.text
+
+___
+
+# void RC4(RC4_KEY *key,size_t len,const void *inp,void *out)
+{
+$acc="%r0";
+$cnt="%r1";
+$key="%r2";
+$len="%r3";
+$inp="%r4";
+$out="%r5";
+
+@XX=("%r6","%r7");
+@TX=("%r8","%r9");
+$YY="%r10";
+$TY="%r11";
+
+$code.=<<___;
+.globl	RC4
+.type	RC4,\@function
+.align	64
+RC4:
+	stm${g}	%r6,%r11,6*$SIZE_T($sp)
+___
+$code.=<<___ if ($flavour =~ /3[12]/);
+	llgfr	$len,$len
+___
+$code.=<<___;
+	llgc	$XX[0],0($key)
+	llgc	$YY,1($key)
+	la	$XX[0],1($XX[0])
+	nill	$XX[0],0xff
+	srlg	$cnt,$len,3
+	ltgr	$cnt,$cnt
+	llgc	$TX[0],2($XX[0],$key)
+	jz	.Lshort
+	j	.Loop8
+
+.align	64
+.Loop8:
+___
+for ($i=0;$i<8;$i++) {
+$code.=<<___;
+	la	$YY,0($YY,$TX[0])	# $i
+	nill	$YY,255
+	la	$XX[1],1($XX[0])
+	nill	$XX[1],255
+___
+$code.=<<___ if ($i==1);
+	llgc	$acc,2($TY,$key)
+___
+$code.=<<___ if ($i>1);
+	sllg	$acc,$acc,8
+	ic	$acc,2($TY,$key)
+___
+$code.=<<___;
+	llgc	$TY,2($YY,$key)
+	stc	$TX[0],2($YY,$key)
+	llgc	$TX[1],2($XX[1],$key)
+	stc	$TY,2($XX[0],$key)
+	cr	$XX[1],$YY
+	jne	.Lcmov$i
+	la	$TX[1],0($TX[0])
+.Lcmov$i:
+	la	$TY,0($TY,$TX[0])
+	nill	$TY,255
+___
+push(@TX,shift(@TX)); push(@XX,shift(@XX));     # "rotate" registers
+}
+
+$code.=<<___;
+	lg	$TX[1],0($inp)
+	sllg	$acc,$acc,8
+	la	$inp,8($inp)
+	ic	$acc,2($TY,$key)
+	xgr	$acc,$TX[1]
+	stg	$acc,0($out)
+	la	$out,8($out)
+	brctg	$cnt,.Loop8
+
+.Lshort:
+	lghi	$acc,7
+	ngr	$len,$acc
+	jz	.Lexit
+	j	.Loop1
+
+.align	16
+.Loop1:
+	la	$YY,0($YY,$TX[0])
+	nill	$YY,255
+	llgc	$TY,2($YY,$key)
+	stc	$TX[0],2($YY,$key)
+	stc	$TY,2($XX[0],$key)
+	ar	$TY,$TX[0]
+	ahi	$XX[0],1
+	nill	$TY,255
+	nill	$XX[0],255
+	llgc	$acc,0($inp)
+	la	$inp,1($inp)
+	llgc	$TY,2($TY,$key)
+	llgc	$TX[0],2($XX[0],$key)
+	xr	$acc,$TY
+	stc	$acc,0($out)
+	la	$out,1($out)
+	brct	$len,.Loop1
+
+.Lexit:
+	ahi	$XX[0],-1
+	stc	$XX[0],0($key)
+	stc	$YY,1($key)
+	lm${g}	%r6,%r11,6*$SIZE_T($sp)
+	br	$rp
+.size	RC4,.-RC4
+.string	"RC4 for s390x, CRYPTOGAMS by <appro\@openssl.org>"
+
+___
+}
+
+# void RC4_set_key(RC4_KEY *key,unsigned int len,const void *inp)
+{
+$cnt="%r0";
+$idx="%r1";
+$key="%r2";
+$len="%r3";
+$inp="%r4";
+$acc="%r5";
+$dat="%r6";
+$ikey="%r7";
+$iinp="%r8";
+
+$code.=<<___;
+.globl	RC4_set_key
+.type	RC4_set_key,\@function
+.align	64
+RC4_set_key:
+	stm${g}	%r6,%r8,6*$SIZE_T($sp)
+	lhi	$cnt,256
+	la	$idx,0(%r0)
+	sth	$idx,0($key)
+.align	4
+.L1stloop:
+	stc	$idx,2($idx,$key)
+	la	$idx,1($idx)
+	brct	$cnt,.L1stloop
+
+	lghi	$ikey,-256
+	lr	$cnt,$len
+	la	$iinp,0(%r0)
+	la	$idx,0(%r0)
+.align	16
+.L2ndloop:
+	llgc	$acc,2+256($ikey,$key)
+	llgc	$dat,0($iinp,$inp)
+	la	$idx,0($idx,$acc)
+	la	$ikey,1($ikey)
+	la	$idx,0($idx,$dat)
+	nill	$idx,255
+	la	$iinp,1($iinp)
+	tml	$ikey,255
+	llgc	$dat,2($idx,$key)
+	stc	$dat,2+256-1($ikey,$key)
+	stc	$acc,2($idx,$key)
+	jz	.Ldone
+	brct	$cnt,.L2ndloop
+	lr	$cnt,$len
+	la	$iinp,0(%r0)
+	j	.L2ndloop
+.Ldone:
+	lm${g}	%r6,%r8,6*$SIZE_T($sp)
+	br	$rp
+.size	RC4_set_key,.-RC4_set_key
+
+___
+}
+
+# const char *RC4_options()
+$code.=<<___;
+.globl	RC4_options
+.type	RC4_options,\@function
+.align	16
+RC4_options:
+	larl	%r2,.Loptions
+	br	%r14
+.size	RC4_options,.-RC4_options
+.section	.rodata
+.Loptions:
+.align	8
+.string	"rc4(8x,char)"
+___
+
+print $code;
+close STDOUT;	# force flush
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/asm/rc4-x86_64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/asm/rc4-x86_64.pl
new file mode 100755
index 000000000..1a9cc47d7
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/asm/rc4-x86_64.pl
@@ -0,0 +1,696 @@
+#! /usr/bin/env perl
+# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# July 2004
+#
+# 2.22x RC4 tune-up:-) It should be noted though that my hand [as in
+# "hand-coded assembler"] doesn't stand for the whole improvement
+# coefficient. It turned out that eliminating RC4_CHAR from config
+# line results in ~40% improvement (yes, even for C implementation).
+# Presumably it has everything to do with AMD cache architecture and
+# RAW or whatever penalties. Once again! The module *requires* config
+# line *without* RC4_CHAR! As for coding "secret," I bet on partial
+# register arithmetics. For example instead of 'inc %r8; and $255,%r8'
+# I simply 'inc %r8b'. Even though optimization manual discourages
+# to operate on partial registers, it turned out to be the best bet.
+# At least for AMD... How IA32E would perform remains to be seen...
+
+# November 2004
+#
+# As was shown by Marc Bevand reordering of couple of load operations
+# results in even higher performance gain of 3.3x:-) At least on
+# Opteron... For reference, 1x in this case is RC4_CHAR C-code
+# compiled with gcc 3.3.2, which performs at ~54MBps per 1GHz clock.
+# Latter means that if you want to *estimate* what to expect from
+# *your* Opteron, then multiply 54 by 3.3 and clock frequency in GHz.
+
+# November 2004
+#
+# Intel P4 EM64T core was found to run the AMD64 code really slow...
+# The only way to achieve comparable performance on P4 was to keep
+# RC4_CHAR. Kind of ironic, huh? As it's apparently impossible to
+# compose blended code, which would perform even within 30% marginal
+# on either AMD and Intel platforms, I implement both cases. See
+# rc4_skey.c for further details...
+
+# April 2005
+#
+# P4 EM64T core appears to be "allergic" to 64-bit inc/dec. Replacing
+# those with add/sub results in 50% performance improvement of folded
+# loop...
+
+# May 2005
+#
+# As was shown by Zou Nanhai loop unrolling can improve Intel EM64T
+# performance by >30% [unlike P4 32-bit case that is]. But this is
+# provided that loads are reordered even more aggressively! Both code
+# paths, AMD64 and EM64T, reorder loads in essentially same manner
+# as my IA-64 implementation. On Opteron this resulted in modest 5%
+# improvement [I had to test it], while final Intel P4 performance
+# achieves respectful 432MBps on 2.8GHz processor now. For reference.
+# If executed on Xeon, current RC4_CHAR code-path is 2.7x faster than
+# RC4_INT code-path. While if executed on Opteron, it's only 25%
+# slower than the RC4_INT one [meaning that if CPU µ-arch detection
+# is not implemented, then this final RC4_CHAR code-path should be
+# preferred, as it provides better *all-round* performance].
+
+# March 2007
+#
+# Intel Core2 was observed to perform poorly on both code paths:-( It
+# apparently suffers from some kind of partial register stall, which
+# occurs in 64-bit mode only [as virtually identical 32-bit loop was
+# observed to outperform 64-bit one by almost 50%]. Adding two movzb to
+# cloop1 boosts its performance by 80%! This loop appears to be optimal
+# fit for Core2 and therefore the code was modified to skip cloop8 on
+# this CPU.
+
+# May 2010
+#
+# Intel Westmere was observed to perform suboptimally. Adding yet
+# another movzb to cloop1 improved performance by almost 50%! Core2
+# performance is improved too, but nominally...
+
+# May 2011
+#
+# The only code path that was not modified is P4-specific one. Non-P4
+# Intel code path optimization is heavily based on submission by Maxim
+# Perminov, Maxim Locktyukhin and Jim Guilford of Intel. I've used
+# some of the ideas even in attempt to optimize the original RC4_INT
+# code path... Current performance in cycles per processed byte (less
+# is better) and improvement coefficients relative to previous
+# version of this module are:
+#
+# Opteron	5.3/+0%(*)
+# P4		6.5
+# Core2		6.2/+15%(**)
+# Westmere	4.2/+60%
+# Sandy Bridge	4.2/+120%
+# Atom		9.3/+80%
+# VIA Nano	6.4/+4%
+# Ivy Bridge	4.1/+30%
+# Bulldozer	4.5/+30%(*)
+#
+# (*)	But corresponding loop has less instructions, which should have
+#	positive effect on upcoming Bulldozer, which has one less ALU.
+#	For reference, Intel code runs at 6.8 cpb rate on Opteron.
+# (**)	Note that Core2 result is ~15% lower than corresponding result
+#	for 32-bit code, meaning that it's possible to improve it,
+#	but more than likely at the cost of the others (see rc4-586.pl
+#	to get the idea)...
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+$dat="%rdi";	    # arg1
+$len="%rsi";	    # arg2
+$inp="%rdx";	    # arg3
+$out="%rcx";	    # arg4
+
+{
+$code=<<___;
+.text
+.extern	OPENSSL_ia32cap_P
+
+.globl	RC4
+.type	RC4,\@function,4
+.align	16
+RC4:	or	$len,$len
+	jne	.Lentry
+	ret
+.Lentry:
+.cfi_startproc
+	push	%rbx
+.cfi_push	%rbx
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+.Lprologue:
+	mov	$len,%r11
+	mov	$inp,%r12
+	mov	$out,%r13
+___
+my $len="%r11";		# reassign input arguments
+my $inp="%r12";
+my $out="%r13";
+
+my @XX=("%r10","%rsi");
+my @TX=("%rax","%rbx");
+my $YY="%rcx";
+my $TY="%rdx";
+
+$code.=<<___;
+	xor	$XX[0],$XX[0]
+	xor	$YY,$YY
+
+	lea	8($dat),$dat
+	mov	-8($dat),$XX[0]#b
+	mov	-4($dat),$YY#b
+	cmpl	\$-1,256($dat)
+	je	.LRC4_CHAR
+	mov	OPENSSL_ia32cap_P(%rip),%r8d
+	xor	$TX[1],$TX[1]
+	inc	$XX[0]#b
+	sub	$XX[0],$TX[1]
+	sub	$inp,$out
+	movl	($dat,$XX[0],4),$TX[0]#d
+	test	\$-16,$len
+	jz	.Lloop1
+	bt	\$30,%r8d	# Intel CPU?
+	jc	.Lintel
+	and	\$7,$TX[1]
+	lea	1($XX[0]),$XX[1]
+	jz	.Loop8
+	sub	$TX[1],$len
+.Loop8_warmup:
+	add	$TX[0]#b,$YY#b
+	movl	($dat,$YY,4),$TY#d
+	movl	$TX[0]#d,($dat,$YY,4)
+	movl	$TY#d,($dat,$XX[0],4)
+	add	$TY#b,$TX[0]#b
+	inc	$XX[0]#b
+	movl	($dat,$TX[0],4),$TY#d
+	movl	($dat,$XX[0],4),$TX[0]#d
+	xorb	($inp),$TY#b
+	movb	$TY#b,($out,$inp)
+	lea	1($inp),$inp
+	dec	$TX[1]
+	jnz	.Loop8_warmup
+
+	lea	1($XX[0]),$XX[1]
+	jmp	.Loop8
+.align	16
+.Loop8:
+___
+for ($i=0;$i<8;$i++) {
+$code.=<<___ if ($i==7);
+	add	\$8,$XX[1]#b
+___
+$code.=<<___;
+	add	$TX[0]#b,$YY#b
+	movl	($dat,$YY,4),$TY#d
+	movl	$TX[0]#d,($dat,$YY,4)
+	movl	`4*($i==7?-1:$i)`($dat,$XX[1],4),$TX[1]#d
+	ror	\$8,%r8				# ror is redundant when $i=0
+	movl	$TY#d,4*$i($dat,$XX[0],4)
+	add	$TX[0]#b,$TY#b
+	movb	($dat,$TY,4),%r8b
+___
+push(@TX,shift(@TX)); #push(@XX,shift(@XX));	# "rotate" registers
+}
+$code.=<<___;
+	add	\$8,$XX[0]#b
+	ror	\$8,%r8
+	sub	\$8,$len
+
+	xor	($inp),%r8
+	mov	%r8,($out,$inp)
+	lea	8($inp),$inp
+
+	test	\$-8,$len
+	jnz	.Loop8
+	cmp	\$0,$len
+	jne	.Lloop1
+	jmp	.Lexit
+
+.align	16
+.Lintel:
+	test	\$-32,$len
+	jz	.Lloop1
+	and	\$15,$TX[1]
+	jz	.Loop16_is_hot
+	sub	$TX[1],$len
+.Loop16_warmup:
+	add	$TX[0]#b,$YY#b
+	movl	($dat,$YY,4),$TY#d
+	movl	$TX[0]#d,($dat,$YY,4)
+	movl	$TY#d,($dat,$XX[0],4)
+	add	$TY#b,$TX[0]#b
+	inc	$XX[0]#b
+	movl	($dat,$TX[0],4),$TY#d
+	movl	($dat,$XX[0],4),$TX[0]#d
+	xorb	($inp),$TY#b
+	movb	$TY#b,($out,$inp)
+	lea	1($inp),$inp
+	dec	$TX[1]
+	jnz	.Loop16_warmup
+
+	mov	$YY,$TX[1]
+	xor	$YY,$YY
+	mov	$TX[1]#b,$YY#b
+
+.Loop16_is_hot:
+	lea	($dat,$XX[0],4),$XX[1]
+___
+sub RC4_loop {
+  my $i=shift;
+  my $j=$i<0?0:$i;
+  my $xmm="%xmm".($j&1);
+
+    $code.="	add	\$16,$XX[0]#b\n"		if ($i==15);
+    $code.="	movdqu	($inp),%xmm2\n"			if ($i==15);
+    $code.="	add	$TX[0]#b,$YY#b\n"		if ($i<=0);
+    $code.="	movl	($dat,$YY,4),$TY#d\n";
+    $code.="	pxor	%xmm0,%xmm2\n"			if ($i==0);
+    $code.="	psllq	\$8,%xmm1\n"			if ($i==0);
+    $code.="	pxor	$xmm,$xmm\n"			if ($i<=1);
+    $code.="	movl	$TX[0]#d,($dat,$YY,4)\n";
+    $code.="	add	$TY#b,$TX[0]#b\n";
+    $code.="	movl	`4*($j+1)`($XX[1]),$TX[1]#d\n"	if ($i<15);
+    $code.="	movz	$TX[0]#b,$TX[0]#d\n";
+    $code.="	movl	$TY#d,4*$j($XX[1])\n";
+    $code.="	pxor	%xmm1,%xmm2\n"			if ($i==0);
+    $code.="	lea	($dat,$XX[0],4),$XX[1]\n"	if ($i==15);
+    $code.="	add	$TX[1]#b,$YY#b\n"		if ($i<15);
+    $code.="	pinsrw	\$`($j>>1)&7`,($dat,$TX[0],4),$xmm\n";
+    $code.="	movdqu	%xmm2,($out,$inp)\n"		if ($i==0);
+    $code.="	lea	16($inp),$inp\n"		if ($i==0);
+    $code.="	movl	($XX[1]),$TX[1]#d\n"		if ($i==15);
+}
+	RC4_loop(-1);
+$code.=<<___;
+	jmp	.Loop16_enter
+.align	16
+.Loop16:
+___
+
+for ($i=0;$i<16;$i++) {
+    $code.=".Loop16_enter:\n"		if ($i==1);
+	RC4_loop($i);
+	push(@TX,shift(@TX)); 		# "rotate" registers
+}
+$code.=<<___;
+	mov	$YY,$TX[1]
+	xor	$YY,$YY			# keyword to partial register
+	sub	\$16,$len
+	mov	$TX[1]#b,$YY#b
+	test	\$-16,$len
+	jnz	.Loop16
+
+	psllq	\$8,%xmm1
+	pxor	%xmm0,%xmm2
+	pxor	%xmm1,%xmm2
+	movdqu	%xmm2,($out,$inp)
+	lea	16($inp),$inp
+
+	cmp	\$0,$len
+	jne	.Lloop1
+	jmp	.Lexit
+
+.align	16
+.Lloop1:
+	add	$TX[0]#b,$YY#b
+	movl	($dat,$YY,4),$TY#d
+	movl	$TX[0]#d,($dat,$YY,4)
+	movl	$TY#d,($dat,$XX[0],4)
+	add	$TY#b,$TX[0]#b
+	inc	$XX[0]#b
+	movl	($dat,$TX[0],4),$TY#d
+	movl	($dat,$XX[0],4),$TX[0]#d
+	xorb	($inp),$TY#b
+	movb	$TY#b,($out,$inp)
+	lea	1($inp),$inp
+	dec	$len
+	jnz	.Lloop1
+	jmp	.Lexit
+
+.align	16
+.LRC4_CHAR:
+	add	\$1,$XX[0]#b
+	movzb	($dat,$XX[0]),$TX[0]#d
+	test	\$-8,$len
+	jz	.Lcloop1
+	jmp	.Lcloop8
+.align	16
+.Lcloop8:
+	mov	($inp),%r8d
+	mov	4($inp),%r9d
+___
+# unroll 2x4-wise, because 64-bit rotates kill Intel P4...
+for ($i=0;$i<4;$i++) {
+$code.=<<___;
+	add	$TX[0]#b,$YY#b
+	lea	1($XX[0]),$XX[1]
+	movzb	($dat,$YY),$TY#d
+	movzb	$XX[1]#b,$XX[1]#d
+	movzb	($dat,$XX[1]),$TX[1]#d
+	movb	$TX[0]#b,($dat,$YY)
+	cmp	$XX[1],$YY
+	movb	$TY#b,($dat,$XX[0])
+	jne	.Lcmov$i			# Intel cmov is sloooow...
+	mov	$TX[0],$TX[1]
+.Lcmov$i:
+	add	$TX[0]#b,$TY#b
+	xor	($dat,$TY),%r8b
+	ror	\$8,%r8d
+___
+push(@TX,shift(@TX)); push(@XX,shift(@XX));	# "rotate" registers
+}
+for ($i=4;$i<8;$i++) {
+$code.=<<___;
+	add	$TX[0]#b,$YY#b
+	lea	1($XX[0]),$XX[1]
+	movzb	($dat,$YY),$TY#d
+	movzb	$XX[1]#b,$XX[1]#d
+	movzb	($dat,$XX[1]),$TX[1]#d
+	movb	$TX[0]#b,($dat,$YY)
+	cmp	$XX[1],$YY
+	movb	$TY#b,($dat,$XX[0])
+	jne	.Lcmov$i			# Intel cmov is sloooow...
+	mov	$TX[0],$TX[1]
+.Lcmov$i:
+	add	$TX[0]#b,$TY#b
+	xor	($dat,$TY),%r9b
+	ror	\$8,%r9d
+___
+push(@TX,shift(@TX)); push(@XX,shift(@XX));	# "rotate" registers
+}
+$code.=<<___;
+	lea	-8($len),$len
+	mov	%r8d,($out)
+	lea	8($inp),$inp
+	mov	%r9d,4($out)
+	lea	8($out),$out
+
+	test	\$-8,$len
+	jnz	.Lcloop8
+	cmp	\$0,$len
+	jne	.Lcloop1
+	jmp	.Lexit
+___
+$code.=<<___;
+.align	16
+.Lcloop1:
+	add	$TX[0]#b,$YY#b
+	movzb	$YY#b,$YY#d
+	movzb	($dat,$YY),$TY#d
+	movb	$TX[0]#b,($dat,$YY)
+	movb	$TY#b,($dat,$XX[0])
+	add	$TX[0]#b,$TY#b
+	add	\$1,$XX[0]#b
+	movzb	$TY#b,$TY#d
+	movzb	$XX[0]#b,$XX[0]#d
+	movzb	($dat,$TY),$TY#d
+	movzb	($dat,$XX[0]),$TX[0]#d
+	xorb	($inp),$TY#b
+	lea	1($inp),$inp
+	movb	$TY#b,($out)
+	lea	1($out),$out
+	sub	\$1,$len
+	jnz	.Lcloop1
+	jmp	.Lexit
+
+.align	16
+.Lexit:
+	sub	\$1,$XX[0]#b
+	movl	$XX[0]#d,-8($dat)
+	movl	$YY#d,-4($dat)
+
+	mov	(%rsp),%r13
+.cfi_restore	%r13
+	mov	8(%rsp),%r12
+.cfi_restore	%r12
+	mov	16(%rsp),%rbx
+.cfi_restore	%rbx
+	add	\$24,%rsp
+.cfi_adjust_cfa_offset	-24
+.Lepilogue:
+	ret
+.cfi_endproc
+.size	RC4,.-RC4
+___
+}
+
+$idx="%r8";
+$ido="%r9";
+
+$code.=<<___;
+.globl	RC4_set_key
+.type	RC4_set_key,\@function,3
+.align	16
+RC4_set_key:
+	lea	8($dat),$dat
+	lea	($inp,$len),$inp
+	neg	$len
+	mov	$len,%rcx
+	xor	%eax,%eax
+	xor	$ido,$ido
+	xor	%r10,%r10
+	xor	%r11,%r11
+
+	mov	OPENSSL_ia32cap_P(%rip),$idx#d
+	bt	\$20,$idx#d	# RC4_CHAR?
+	jc	.Lc1stloop
+	jmp	.Lw1stloop
+
+.align	16
+.Lw1stloop:
+	mov	%eax,($dat,%rax,4)
+	add	\$1,%al
+	jnc	.Lw1stloop
+
+	xor	$ido,$ido
+	xor	$idx,$idx
+.align	16
+.Lw2ndloop:
+	mov	($dat,$ido,4),%r10d
+	add	($inp,$len,1),$idx#b
+	add	%r10b,$idx#b
+	add	\$1,$len
+	mov	($dat,$idx,4),%r11d
+	cmovz	%rcx,$len
+	mov	%r10d,($dat,$idx,4)
+	mov	%r11d,($dat,$ido,4)
+	add	\$1,$ido#b
+	jnc	.Lw2ndloop
+	jmp	.Lexit_key
+
+.align	16
+.Lc1stloop:
+	mov	%al,($dat,%rax)
+	add	\$1,%al
+	jnc	.Lc1stloop
+
+	xor	$ido,$ido
+	xor	$idx,$idx
+.align	16
+.Lc2ndloop:
+	mov	($dat,$ido),%r10b
+	add	($inp,$len),$idx#b
+	add	%r10b,$idx#b
+	add	\$1,$len
+	mov	($dat,$idx),%r11b
+	jnz	.Lcnowrap
+	mov	%rcx,$len
+.Lcnowrap:
+	mov	%r10b,($dat,$idx)
+	mov	%r11b,($dat,$ido)
+	add	\$1,$ido#b
+	jnc	.Lc2ndloop
+	movl	\$-1,256($dat)
+
+.align	16
+.Lexit_key:
+	xor	%eax,%eax
+	mov	%eax,-8($dat)
+	mov	%eax,-4($dat)
+	ret
+.size	RC4_set_key,.-RC4_set_key
+
+.globl	RC4_options
+.type	RC4_options,\@abi-omnipotent
+.align	16
+RC4_options:
+	lea	.Lopts(%rip),%rax
+	mov	OPENSSL_ia32cap_P(%rip),%edx
+	bt	\$20,%edx
+	jc	.L8xchar
+	bt	\$30,%edx
+	jnc	.Ldone
+	add	\$25,%rax
+	ret
+.L8xchar:
+	add	\$12,%rax
+.Ldone:
+	ret
+.align	64
+.Lopts:
+.asciz	"rc4(8x,int)"
+.asciz	"rc4(8x,char)"
+.asciz	"rc4(16x,int)"
+.asciz	"RC4 for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+.align	64
+.size	RC4_options,.-RC4_options
+___
+
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern	__imp_RtlVirtualUnwind
+.type	stream_se_handler,\@abi-omnipotent
+.align	16
+stream_se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	lea	.Lprologue(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip<prologue label
+	jb	.Lin_prologue
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	lea	.Lepilogue(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lin_prologue
+
+	lea	24(%rax),%rax
+
+	mov	-8(%rax),%rbx
+	mov	-16(%rax),%r12
+	mov	-24(%rax),%r13
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+
+.Lin_prologue:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	jmp	.Lcommon_seh_exit
+.size	stream_se_handler,.-stream_se_handler
+
+.type	key_se_handler,\@abi-omnipotent
+.align	16
+key_se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	152($context),%rax	# pull context->Rsp
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+.Lcommon_seh_exit:
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$154,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	key_se_handler,.-key_se_handler
+
+.section	.pdata
+.align	4
+	.rva	.LSEH_begin_RC4
+	.rva	.LSEH_end_RC4
+	.rva	.LSEH_info_RC4
+
+	.rva	.LSEH_begin_RC4_set_key
+	.rva	.LSEH_end_RC4_set_key
+	.rva	.LSEH_info_RC4_set_key
+
+.section	.xdata
+.align	8
+.LSEH_info_RC4:
+	.byte	9,0,0,0
+	.rva	stream_se_handler
+.LSEH_info_RC4_set_key:
+	.byte	9,0,0,0
+	.rva	key_se_handler
+___
+}
+
+sub reg_part {
+my ($reg,$conv)=@_;
+    if ($reg =~ /%r[0-9]+/)	{ $reg .= $conv; }
+    elsif ($conv eq "b")	{ $reg =~ s/%[er]([^x]+)x?/%$1l/;	}
+    elsif ($conv eq "w")	{ $reg =~ s/%[er](.+)/%$1/;		}
+    elsif ($conv eq "d")	{ $reg =~ s/%[er](.+)/%e$1/;		}
+    return $reg;
+}
+
+$code =~ s/(%[a-z0-9]+)#([bwd])/reg_part($1,$2)/gem;
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+
+print $code;
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/build.info
new file mode 100644
index 000000000..46ee66b61
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/build.info
@@ -0,0 +1,18 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        {- $target{rc4_asm_src} -}
+
+GENERATE[rc4-586.s]=asm/rc4-586.pl \
+        $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR)
+DEPEND[rc4-586.s]=../perlasm/x86asm.pl
+
+GENERATE[rc4-x86_64.s]=asm/rc4-x86_64.pl $(PERLASM_SCHEME)
+GENERATE[rc4-md5-x86_64.s]=asm/rc4-md5-x86_64.pl $(PERLASM_SCHEME)
+
+GENERATE[rc4-parisc.s]=asm/rc4-parisc.pl $(PERLASM_SCHEME)
+
+BEGINRAW[Makefile]
+# GNU make "catch all"
+{- $builddir -}/rc4-%.s:	{- $sourcedir -}/asm/rc4-%.pl
+	CC="$(CC)" $(PERL) $< $(PERLASM_SCHEME) $@
+ENDRAW[Makefile]
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/rc4_enc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/rc4_enc.c
new file mode 100644
index 000000000..638a75bb0
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/rc4_enc.c
@@ -0,0 +1,85 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/rc4.h>
+#include "rc4_locl.h"
+
+/*-
+ * RC4 as implemented from a posting from
+ * Newsgroups: sci.crypt
+ * Subject: RC4 Algorithm revealed.
+ * Message-ID: <sternCvKL4B.Hyy@netcom.com>
+ * Date: Wed, 14 Sep 1994 06:35:31 GMT
+ */
+
+void RC4(RC4_KEY *key, size_t len, const unsigned char *indata,
+         unsigned char *outdata)
+{
+    register RC4_INT *d;
+    register RC4_INT x, y, tx, ty;
+    size_t i;
+
+    x = key->x;
+    y = key->y;
+    d = key->data;
+
+#define LOOP(in,out) \
+                x=((x+1)&0xff); \
+                tx=d[x]; \
+                y=(tx+y)&0xff; \
+                d[x]=ty=d[y]; \
+                d[y]=tx; \
+                (out) = d[(tx+ty)&0xff]^ (in);
+
+    i = len >> 3;
+    if (i) {
+        for (;;) {
+            LOOP(indata[0], outdata[0]);
+            LOOP(indata[1], outdata[1]);
+            LOOP(indata[2], outdata[2]);
+            LOOP(indata[3], outdata[3]);
+            LOOP(indata[4], outdata[4]);
+            LOOP(indata[5], outdata[5]);
+            LOOP(indata[6], outdata[6]);
+            LOOP(indata[7], outdata[7]);
+            indata += 8;
+            outdata += 8;
+            if (--i == 0)
+                break;
+        }
+    }
+    i = len & 0x07;
+    if (i) {
+        for (;;) {
+            LOOP(indata[0], outdata[0]);
+            if (--i == 0)
+                break;
+            LOOP(indata[1], outdata[1]);
+            if (--i == 0)
+                break;
+            LOOP(indata[2], outdata[2]);
+            if (--i == 0)
+                break;
+            LOOP(indata[3], outdata[3]);
+            if (--i == 0)
+                break;
+            LOOP(indata[4], outdata[4]);
+            if (--i == 0)
+                break;
+            LOOP(indata[5], outdata[5]);
+            if (--i == 0)
+                break;
+            LOOP(indata[6], outdata[6]);
+            if (--i == 0)
+                break;
+        }
+    }
+    key->x = x;
+    key->y = y;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/rc4_locl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/rc4_locl.h
new file mode 100644
index 000000000..4380addbc
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/rc4_locl.h
@@ -0,0 +1,16 @@
+/*
+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_RC4_LOCL_H
+# define HEADER_RC4_LOCL_H
+
+# include <openssl/opensslconf.h>
+# include "internal/cryptlib.h"
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/rc4_skey.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/rc4_skey.c
new file mode 100644
index 000000000..e9007331e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/rc4_skey.c
@@ -0,0 +1,57 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/rc4.h>
+#include "rc4_locl.h"
+#include <openssl/opensslv.h>
+
+const char *RC4_options(void)
+{
+    if (sizeof(RC4_INT) == 1)
+        return "rc4(char)";
+    else
+        return "rc4(int)";
+}
+
+/*-
+ * RC4 as implemented from a posting from
+ * Newsgroups: sci.crypt
+ * Subject: RC4 Algorithm revealed.
+ * Message-ID: <sternCvKL4B.Hyy@netcom.com>
+ * Date: Wed, 14 Sep 1994 06:35:31 GMT
+ */
+
+void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data)
+{
+    register RC4_INT tmp;
+    register int id1, id2;
+    register RC4_INT *d;
+    unsigned int i;
+
+    d = &(key->data[0]);
+    key->x = 0;
+    key->y = 0;
+    id1 = id2 = 0;
+
+#define SK_LOOP(d,n) { \
+                tmp=d[(n)]; \
+                id2 = (data[id1] + tmp + id2) & 0xff; \
+                if (++id1 == len) id1=0; \
+                d[(n)]=d[id2]; \
+                d[id2]=tmp; }
+
+    for (i = 0; i < 256; i++)
+        d[i] = i;
+    for (i = 0; i < 256; i += 4) {
+        SK_LOOP(d, i + 0);
+        SK_LOOP(d, i + 1);
+        SK_LOOP(d, i + 2);
+        SK_LOOP(d, i + 3);
+    }
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rc5/asm/rc5-586.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/rc5/asm/rc5-586.pl
new file mode 100644
index 000000000..e58a98bc8
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rc5/asm/rc5-586.pl
@@ -0,0 +1,122 @@
+#! /usr/bin/env perl
+# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+require "cbc.pl";
+
+$output = pop;
+open STDOUT,">$output";
+
+&asm_init($ARGV[0]);
+
+$RC5_MAX_ROUNDS=16;
+$RC5_32_OFF=($RC5_MAX_ROUNDS+2)*4;
+$A="edi";
+$B="esi";
+$S="ebp";
+$tmp1="eax";
+$r="ebx";
+$tmpc="ecx";
+$tmp4="edx";
+
+&RC5_32_encrypt("RC5_32_encrypt",1);
+&RC5_32_encrypt("RC5_32_decrypt",0);
+&cbc("RC5_32_cbc_encrypt","RC5_32_encrypt","RC5_32_decrypt",0,4,5,3,-1,-1);
+&asm_finish();
+
+close STDOUT;
+
+sub RC5_32_encrypt
+	{
+	local($name,$enc)=@_;
+
+	&function_begin_B($name,"");
+
+	&comment("");
+
+	&push("ebp");
+	 &push("esi");
+	&push("edi");
+	 &mov($tmp4,&wparam(0));
+	&mov($S,&wparam(1));
+
+	&comment("Load the 2 words");
+	 &mov($A,&DWP(0,$tmp4,"",0));
+	&mov($B,&DWP(4,$tmp4,"",0));
+
+	&push($r);
+	 &mov($r,	&DWP(0,$S,"",0));
+
+	# encrypting part
+
+	if ($enc)
+		{
+		 &add($A,	&DWP(4+0,$S,"",0));
+		&add($B,	&DWP(4+4,$S,"",0));
+
+		for ($i=0; $i<$RC5_MAX_ROUNDS; $i++)
+			{
+			 &xor($A,	$B);
+			&mov($tmp1,	&DWP(12+$i*8,$S,"",0));
+			 &mov($tmpc,	$B);
+			&rotl($A,	&LB("ecx"));
+			&add($A,	$tmp1);
+
+			 &xor($B,	$A);
+			&mov($tmp1,	&DWP(16+$i*8,$S,"",0));
+			 &mov($tmpc,	$A);
+			&rotl($B,	&LB("ecx"));
+			&add($B,	$tmp1);
+			if (($i == 7) || ($i == 11))
+				{
+			 &cmp($r,	$i+1);
+			&je(&label("rc5_exit"));
+				}
+			}
+		}
+	else
+		{
+		 &cmp($r,	12);
+		&je(&label("rc5_dec_12"));
+		 &cmp($r,	8);
+		&je(&label("rc5_dec_8"));
+		for ($i=$RC5_MAX_ROUNDS; $i > 0; $i--)
+			{
+			&set_label("rc5_dec_$i") if ($i == 12) || ($i == 8);
+			 &mov($tmp1,	&DWP($i*8+8,$S,"",0));
+			&sub($B,	$tmp1);
+			 &mov($tmpc,	$A);
+			&rotr($B,	&LB("ecx"));
+			&xor($B,	$A);
+
+			 &mov($tmp1,	&DWP($i*8+4,$S,"",0));
+			&sub($A,	$tmp1);
+			 &mov($tmpc,	$B);
+			&rotr($A,	&LB("ecx"));
+			&xor($A,	$B);
+			}
+		 &sub($B,	&DWP(4+4,$S,"",0));
+		&sub($A,	&DWP(4+0,$S,"",0));
+		}
+
+	&set_label("rc5_exit");
+	 &mov(&DWP(0,$tmp4,"",0),$A);
+	&mov(&DWP(4,$tmp4,"",0),$B);
+
+	 &pop("ebx");
+	&pop("edi");
+	 &pop("esi");
+	&pop("ebp");
+	 &ret();
+	&function_end_B($name);
+	}
+
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rc5/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/rc5/build.info
new file mode 100644
index 000000000..928a62cd8
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rc5/build.info
@@ -0,0 +1,7 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        rc5_skey.c rc5_ecb.c {- $target{rc5_asm_src} -} rc5cfb64.c rc5ofb64.c
+
+GENERATE[rc5-586.s]=asm/rc5-586.pl \
+        $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS)
+DEPEND[rc5-586.s]=../perlasm/x86asm.pl ../perlasm/cbc.pl
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rc5/rc5_ecb.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rc5/rc5_ecb.c
new file mode 100644
index 000000000..c32f38e47
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rc5/rc5_ecb.c
@@ -0,0 +1,32 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/rc5.h>
+#include "rc5_locl.h"
+#include <openssl/opensslv.h>
+
+void RC5_32_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                        RC5_32_KEY *ks, int encrypt)
+{
+    unsigned long l, d[2];
+
+    c2l(in, l);
+    d[0] = l;
+    c2l(in, l);
+    d[1] = l;
+    if (encrypt)
+        RC5_32_encrypt(d, ks);
+    else
+        RC5_32_decrypt(d, ks);
+    l = d[0];
+    l2c(l, out);
+    l = d[1];
+    l2c(l, out);
+    l = d[0] = d[1] = 0;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rc5/rc5_enc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rc5/rc5_enc.c
new file mode 100644
index 000000000..58631dee2
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rc5/rc5_enc.c
@@ -0,0 +1,160 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/rc5.h>
+#include "rc5_locl.h"
+
+void RC5_32_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                        long length, RC5_32_KEY *ks, unsigned char *iv,
+                        int encrypt)
+{
+    register unsigned long tin0, tin1;
+    register unsigned long tout0, tout1, xor0, xor1;
+    register long l = length;
+    unsigned long tin[2];
+
+    if (encrypt) {
+        c2l(iv, tout0);
+        c2l(iv, tout1);
+        iv -= 8;
+        for (l -= 8; l >= 0; l -= 8) {
+            c2l(in, tin0);
+            c2l(in, tin1);
+            tin0 ^= tout0;
+            tin1 ^= tout1;
+            tin[0] = tin0;
+            tin[1] = tin1;
+            RC5_32_encrypt(tin, ks);
+            tout0 = tin[0];
+            l2c(tout0, out);
+            tout1 = tin[1];
+            l2c(tout1, out);
+        }
+        if (l != -8) {
+            c2ln(in, tin0, tin1, l + 8);
+            tin0 ^= tout0;
+            tin1 ^= tout1;
+            tin[0] = tin0;
+            tin[1] = tin1;
+            RC5_32_encrypt(tin, ks);
+            tout0 = tin[0];
+            l2c(tout0, out);
+            tout1 = tin[1];
+            l2c(tout1, out);
+        }
+        l2c(tout0, iv);
+        l2c(tout1, iv);
+    } else {
+        c2l(iv, xor0);
+        c2l(iv, xor1);
+        iv -= 8;
+        for (l -= 8; l >= 0; l -= 8) {
+            c2l(in, tin0);
+            tin[0] = tin0;
+            c2l(in, tin1);
+            tin[1] = tin1;
+            RC5_32_decrypt(tin, ks);
+            tout0 = tin[0] ^ xor0;
+            tout1 = tin[1] ^ xor1;
+            l2c(tout0, out);
+            l2c(tout1, out);
+            xor0 = tin0;
+            xor1 = tin1;
+        }
+        if (l != -8) {
+            c2l(in, tin0);
+            tin[0] = tin0;
+            c2l(in, tin1);
+            tin[1] = tin1;
+            RC5_32_decrypt(tin, ks);
+            tout0 = tin[0] ^ xor0;
+            tout1 = tin[1] ^ xor1;
+            l2cn(tout0, tout1, out, l + 8);
+            xor0 = tin0;
+            xor1 = tin1;
+        }
+        l2c(xor0, iv);
+        l2c(xor1, iv);
+    }
+    tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
+    tin[0] = tin[1] = 0;
+}
+
+void RC5_32_encrypt(unsigned long *d, RC5_32_KEY *key)
+{
+    RC5_32_INT a, b, *s;
+
+    s = key->data;
+
+    a = d[0] + s[0];
+    b = d[1] + s[1];
+    E_RC5_32(a, b, s, 2);
+    E_RC5_32(a, b, s, 4);
+    E_RC5_32(a, b, s, 6);
+    E_RC5_32(a, b, s, 8);
+    E_RC5_32(a, b, s, 10);
+    E_RC5_32(a, b, s, 12);
+    E_RC5_32(a, b, s, 14);
+    E_RC5_32(a, b, s, 16);
+    if (key->rounds == 12) {
+        E_RC5_32(a, b, s, 18);
+        E_RC5_32(a, b, s, 20);
+        E_RC5_32(a, b, s, 22);
+        E_RC5_32(a, b, s, 24);
+    } else if (key->rounds == 16) {
+        /* Do a full expansion to avoid a jump */
+        E_RC5_32(a, b, s, 18);
+        E_RC5_32(a, b, s, 20);
+        E_RC5_32(a, b, s, 22);
+        E_RC5_32(a, b, s, 24);
+        E_RC5_32(a, b, s, 26);
+        E_RC5_32(a, b, s, 28);
+        E_RC5_32(a, b, s, 30);
+        E_RC5_32(a, b, s, 32);
+    }
+    d[0] = a;
+    d[1] = b;
+}
+
+void RC5_32_decrypt(unsigned long *d, RC5_32_KEY *key)
+{
+    RC5_32_INT a, b, *s;
+
+    s = key->data;
+
+    a = d[0];
+    b = d[1];
+    if (key->rounds == 16) {
+        D_RC5_32(a, b, s, 32);
+        D_RC5_32(a, b, s, 30);
+        D_RC5_32(a, b, s, 28);
+        D_RC5_32(a, b, s, 26);
+        /* Do a full expansion to avoid a jump */
+        D_RC5_32(a, b, s, 24);
+        D_RC5_32(a, b, s, 22);
+        D_RC5_32(a, b, s, 20);
+        D_RC5_32(a, b, s, 18);
+    } else if (key->rounds == 12) {
+        D_RC5_32(a, b, s, 24);
+        D_RC5_32(a, b, s, 22);
+        D_RC5_32(a, b, s, 20);
+        D_RC5_32(a, b, s, 18);
+    }
+    D_RC5_32(a, b, s, 16);
+    D_RC5_32(a, b, s, 14);
+    D_RC5_32(a, b, s, 12);
+    D_RC5_32(a, b, s, 10);
+    D_RC5_32(a, b, s, 8);
+    D_RC5_32(a, b, s, 6);
+    D_RC5_32(a, b, s, 4);
+    D_RC5_32(a, b, s, 2);
+    d[0] = a - s[0];
+    d[1] = b - s[1];
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rc5/rc5_locl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/rc5/rc5_locl.h
new file mode 100644
index 000000000..41130fe33
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rc5/rc5_locl.h
@@ -0,0 +1,186 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdlib.h>
+
+#undef c2l
+#define c2l(c,l)        (l =((unsigned long)(*((c)++)))    , \
+                         l|=((unsigned long)(*((c)++)))<< 8L, \
+                         l|=((unsigned long)(*((c)++)))<<16L, \
+                         l|=((unsigned long)(*((c)++)))<<24L)
+
+/* NOTE - c is not incremented as per c2l */
+#undef c2ln
+#define c2ln(c,l1,l2,n) { \
+                        c+=n; \
+                        l1=l2=0; \
+                        switch (n) { \
+                        case 8: l2 =((unsigned long)(*(--(c))))<<24L; \
+                        /* fall thru */                               \
+                        case 7: l2|=((unsigned long)(*(--(c))))<<16L; \
+                        /* fall thru */                               \
+                        case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \
+                        /* fall thru */                               \
+                        case 5: l2|=((unsigned long)(*(--(c))));      \
+                        /* fall thru */                               \
+                        case 4: l1 =((unsigned long)(*(--(c))))<<24L; \
+                        /* fall thru */                               \
+                        case 3: l1|=((unsigned long)(*(--(c))))<<16L; \
+                        /* fall thru */                               \
+                        case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \
+                        /* fall thru */                               \
+                        case 1: l1|=((unsigned long)(*(--(c))));      \
+                                } \
+                        }
+
+#undef l2c
+#define l2c(l,c)        (*((c)++)=(unsigned char)(((l)     )&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>24L)&0xff))
+
+/* NOTE - c is not incremented as per l2c */
+#undef l2cn
+#define l2cn(l1,l2,c,n) { \
+                        c+=n; \
+                        switch (n) { \
+                        case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
+                        /* fall thru */                                     \
+                        case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
+                        /* fall thru */                                     \
+                        case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
+                        /* fall thru */                                     \
+                        case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \
+                        /* fall thru */                                     \
+                        case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
+                        /* fall thru */                                     \
+                        case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
+                        /* fall thru */                                     \
+                        case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
+                        /* fall thru */                                     \
+                        case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \
+                                } \
+                        }
+
+/* NOTE - c is not incremented as per n2l */
+#define n2ln(c,l1,l2,n) { \
+                        c+=n; \
+                        l1=l2=0; \
+                        switch (n) { \
+                        case 8: l2 =((unsigned long)(*(--(c))))    ; \
+                        /* fall thru */                              \
+                        case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
+                        /* fall thru */                              \
+                        case 6: l2|=((unsigned long)(*(--(c))))<<16; \
+                        /* fall thru */                              \
+                        case 5: l2|=((unsigned long)(*(--(c))))<<24; \
+                        /* fall thru */                              \
+                        case 4: l1 =((unsigned long)(*(--(c))))    ; \
+                        /* fall thru */                              \
+                        case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
+                        /* fall thru */                              \
+                        case 2: l1|=((unsigned long)(*(--(c))))<<16; \
+                        /* fall thru */                              \
+                        case 1: l1|=((unsigned long)(*(--(c))))<<24; \
+                                } \
+                        }
+
+/* NOTE - c is not incremented as per l2n */
+#define l2nn(l1,l2,c,n) { \
+                        c+=n; \
+                        switch (n) { \
+                        case 8: *(--(c))=(unsigned char)(((l2)    )&0xff); \
+                        /* fall thru */                                    \
+                        case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
+                        /* fall thru */                                    \
+                        case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
+                        /* fall thru */                                    \
+                        case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
+                        /* fall thru */                                    \
+                        case 4: *(--(c))=(unsigned char)(((l1)    )&0xff); \
+                        /* fall thru */                                    \
+                        case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
+                        /* fall thru */                                    \
+                        case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
+                        /* fall thru */                                    \
+                        case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
+                                } \
+                        }
+
+#undef n2l
+#define n2l(c,l)        (l =((unsigned long)(*((c)++)))<<24L, \
+                         l|=((unsigned long)(*((c)++)))<<16L, \
+                         l|=((unsigned long)(*((c)++)))<< 8L, \
+                         l|=((unsigned long)(*((c)++))))
+
+#undef l2n
+#define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)     )&0xff))
+
+#if (defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER))
+# define ROTATE_l32(a,n)     _lrotl(a,n)
+# define ROTATE_r32(a,n)     _lrotr(a,n)
+#elif defined(__ICC)
+# define ROTATE_l32(a,n)     _rotl(a,n)
+# define ROTATE_r32(a,n)     _rotr(a,n)
+#elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC)
+# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
+#  define ROTATE_l32(a,n)       ({ register unsigned int ret;   \
+                                        asm ("roll %%cl,%0"     \
+                                                : "=r"(ret)     \
+                                                : "c"(n),"0"((unsigned int)(a)) \
+                                                : "cc");        \
+                                        ret;                    \
+                                })
+#  define ROTATE_r32(a,n)       ({ register unsigned int ret;   \
+                                        asm ("rorl %%cl,%0"     \
+                                                : "=r"(ret)     \
+                                                : "c"(n),"0"((unsigned int)(a)) \
+                                                : "cc");        \
+                                        ret;                    \
+                                })
+# endif
+#endif
+#ifndef ROTATE_l32
+# define ROTATE_l32(a,n)     (((a)<<(n&0x1f))|(((a)&0xffffffff)>>((32-n)&0x1f)))
+#endif
+#ifndef ROTATE_r32
+# define ROTATE_r32(a,n)     (((a)<<((32-n)&0x1f))|(((a)&0xffffffff)>>(n&0x1f)))
+#endif
+
+#define RC5_32_MASK     0xffffffffL
+
+#define RC5_16_P        0xB7E1
+#define RC5_16_Q        0x9E37
+#define RC5_32_P        0xB7E15163L
+#define RC5_32_Q        0x9E3779B9L
+#define RC5_64_P        0xB7E151628AED2A6BLL
+#define RC5_64_Q        0x9E3779B97F4A7C15LL
+
+#define E_RC5_32(a,b,s,n) \
+        a^=b; \
+        a=ROTATE_l32(a,b); \
+        a+=s[n]; \
+        a&=RC5_32_MASK; \
+        b^=a; \
+        b=ROTATE_l32(b,a); \
+        b+=s[n+1]; \
+        b&=RC5_32_MASK;
+
+#define D_RC5_32(a,b,s,n) \
+        b-=s[n+1]; \
+        b&=RC5_32_MASK; \
+        b=ROTATE_r32(b,a); \
+        b^=a; \
+        a-=s[n]; \
+        a&=RC5_32_MASK; \
+        a=ROTATE_r32(a,b); \
+        a^=b;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rc5/rc5_skey.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rc5/rc5_skey.c
new file mode 100644
index 000000000..943a7849b
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rc5/rc5_skey.c
@@ -0,0 +1,61 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/rc5.h>
+#include "rc5_locl.h"
+
+void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data,
+                    int rounds)
+{
+    RC5_32_INT L[64], l, ll, A, B, *S, k;
+    int i, j, m, c, t, ii, jj;
+
+    if ((rounds != RC5_16_ROUNDS) &&
+        (rounds != RC5_12_ROUNDS) && (rounds != RC5_8_ROUNDS))
+        rounds = RC5_16_ROUNDS;
+
+    key->rounds = rounds;
+    S = &(key->data[0]);
+    j = 0;
+    for (i = 0; i <= (len - 8); i += 8) {
+        c2l(data, l);
+        L[j++] = l;
+        c2l(data, l);
+        L[j++] = l;
+    }
+    ii = len - i;
+    if (ii) {
+        k = len & 0x07;
+        c2ln(data, l, ll, k);
+        L[j + 0] = l;
+        L[j + 1] = ll;
+    }
+
+    c = (len + 3) / 4;
+    t = (rounds + 1) * 2;
+    S[0] = RC5_32_P;
+    for (i = 1; i < t; i++)
+        S[i] = (S[i - 1] + RC5_32_Q) & RC5_32_MASK;
+
+    j = (t > c) ? t : c;
+    j *= 3;
+    ii = jj = 0;
+    A = B = 0;
+    for (i = 0; i < j; i++) {
+        k = (S[ii] + A + B) & RC5_32_MASK;
+        A = S[ii] = ROTATE_l32(k, 3);
+        m = (int)(A + B);
+        k = (L[jj] + A + B) & RC5_32_MASK;
+        B = L[jj] = ROTATE_l32(k, m);
+        if (++ii >= t)
+            ii = 0;
+        if (++jj >= c)
+            jj = 0;
+    }
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rc5/rc5cfb64.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rc5/rc5cfb64.c
new file mode 100644
index 000000000..9a8aa6b24
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rc5/rc5cfb64.c
@@ -0,0 +1,74 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/rc5.h>
+#include "rc5_locl.h"
+
+/*
+ * The input and output encrypted as though 64bit cfb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+
+void RC5_32_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                          long length, RC5_32_KEY *schedule,
+                          unsigned char *ivec, int *num, int encrypt)
+{
+    register unsigned long v0, v1, t;
+    register int n = *num;
+    register long l = length;
+    unsigned long ti[2];
+    unsigned char *iv, c, cc;
+
+    iv = (unsigned char *)ivec;
+    if (encrypt) {
+        while (l--) {
+            if (n == 0) {
+                c2l(iv, v0);
+                ti[0] = v0;
+                c2l(iv, v1);
+                ti[1] = v1;
+                RC5_32_encrypt((unsigned long *)ti, schedule);
+                iv = (unsigned char *)ivec;
+                t = ti[0];
+                l2c(t, iv);
+                t = ti[1];
+                l2c(t, iv);
+                iv = (unsigned char *)ivec;
+            }
+            c = *(in++) ^ iv[n];
+            *(out++) = c;
+            iv[n] = c;
+            n = (n + 1) & 0x07;
+        }
+    } else {
+        while (l--) {
+            if (n == 0) {
+                c2l(iv, v0);
+                ti[0] = v0;
+                c2l(iv, v1);
+                ti[1] = v1;
+                RC5_32_encrypt((unsigned long *)ti, schedule);
+                iv = (unsigned char *)ivec;
+                t = ti[0];
+                l2c(t, iv);
+                t = ti[1];
+                l2c(t, iv);
+                iv = (unsigned char *)ivec;
+            }
+            cc = *(in++);
+            c = iv[n];
+            iv[n] = cc;
+            *(out++) = c ^ cc;
+            n = (n + 1) & 0x07;
+        }
+    }
+    v0 = v1 = ti[0] = ti[1] = t = c = cc = 0;
+    *num = n;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rc5/rc5ofb64.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rc5/rc5ofb64.c
new file mode 100644
index 000000000..3a41d773c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rc5/rc5ofb64.c
@@ -0,0 +1,61 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/rc5.h>
+#include "rc5_locl.h"
+
+/*
+ * The input and output encrypted as though 64bit ofb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+void RC5_32_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                          long length, RC5_32_KEY *schedule,
+                          unsigned char *ivec, int *num)
+{
+    register unsigned long v0, v1, t;
+    register int n = *num;
+    register long l = length;
+    unsigned char d[8];
+    register char *dp;
+    unsigned long ti[2];
+    unsigned char *iv;
+    int save = 0;
+
+    iv = (unsigned char *)ivec;
+    c2l(iv, v0);
+    c2l(iv, v1);
+    ti[0] = v0;
+    ti[1] = v1;
+    dp = (char *)d;
+    l2c(v0, dp);
+    l2c(v1, dp);
+    while (l--) {
+        if (n == 0) {
+            RC5_32_encrypt((unsigned long *)ti, schedule);
+            dp = (char *)d;
+            t = ti[0];
+            l2c(t, dp);
+            t = ti[1];
+            l2c(t, dp);
+            save++;
+        }
+        *(out++) = *(in++) ^ d[n];
+        n = (n + 1) & 0x07;
+    }
+    if (save) {
+        v0 = ti[0];
+        v1 = ti[1];
+        iv = (unsigned char *)ivec;
+        l2c(v0, iv);
+        l2c(v1, iv);
+    }
+    t = v0 = v1 = ti[0] = ti[1] = 0;
+    *num = n;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ripemd/asm/rmd-586.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/ripemd/asm/rmd-586.pl
new file mode 100644
index 000000000..84aa7ced1
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ripemd/asm/rmd-586.pl
@@ -0,0 +1,602 @@
+#! /usr/bin/env perl
+# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# Normal is the
+# ripemd160_block_asm_data_order(RIPEMD160_CTX *c, ULONG *X,int blocks);
+
+$normal=0;
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+
+$output=pop;
+open STDOUT,">$output";
+
+&asm_init($ARGV[0]);
+
+$A="ecx";
+$B="esi";
+$C="edi";
+$D="ebx";
+$E="ebp";
+$tmp1="eax";
+$tmp2="edx";
+
+$KL1=0x5A827999;
+$KL2=0x6ED9EBA1;
+$KL3=0x8F1BBCDC;
+$KL4=0xA953FD4E;
+$KR0=0x50A28BE6;
+$KR1=0x5C4DD124;
+$KR2=0x6D703EF3;
+$KR3=0x7A6D76E9;
+
+
+@wl=(	 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,10,11,12,13,14,15,
+	 7, 4,13, 1,10, 6,15, 3,12, 0, 9, 5, 2,14,11, 8,
+	 3,10,14, 4, 9,15, 8, 1, 2, 7, 0, 6,13,11, 5,12,
+	 1, 9,11,10, 0, 8,12, 4,13, 3, 7,15,14, 5, 6, 2,
+	 4, 0, 5, 9, 7,12, 2,10,14, 1, 3, 8,11, 6,15,13,
+	 );
+
+@wr=(	 5,14, 7, 0, 9, 2,11, 4,13, 6,15, 8, 1,10, 3,12,
+	 6,11, 3, 7, 0,13, 5,10,14,15, 8,12, 4, 9, 1, 2,
+	15, 5, 1, 3, 7,14, 6, 9,11, 8,12, 2,10, 0, 4,13,
+	 8, 6, 4, 1, 3,11,15, 0, 5,12, 2,13, 9, 7,10,14,
+	12,15,10, 4, 1, 5, 8, 7, 6, 2,13,14, 0, 3, 9,11,
+	);
+
+@sl=(	11,14,15,12, 5, 8, 7, 9,11,13,14,15, 6, 7, 9, 8,
+	 7, 6, 8,13,11, 9, 7,15, 7,12,15, 9,11, 7,13,12,
+	11,13, 6, 7,14, 9,13,15,14, 8,13, 6, 5,12, 7, 5,
+	11,12,14,15,14,15, 9, 8, 9,14, 5, 6, 8, 6, 5,12,
+	 9,15, 5,11, 6, 8,13,12, 5,12,13,14,11, 8, 5, 6,
+	 );
+
+@sr=(	 8, 9, 9,11,13,15,15, 5, 7, 7, 8,11,14,14,12, 6,
+	 9,13,15, 7,12, 8, 9,11, 7, 7,12, 7, 6,15,13,11,
+	 9, 7,15,11, 8, 6, 6,14,12,13, 5,14,13,13, 7, 5,
+	15, 5, 8,11,14,14, 6,14, 6, 9,12, 9,12, 5,15, 8,
+	 8, 5,12, 9,12, 5,14, 6, 8,13, 6, 5,15,13,11,11,
+ 	);
+
+&ripemd160_block("ripemd160_block_asm_data_order");
+&asm_finish();
+
+close STDOUT;
+
+sub Xv
+	{
+	local($n)=@_;
+	return(&swtmp($n));
+	# tmp on stack
+	}
+
+sub Np
+	{
+	local($p)=@_;
+	local(%n)=($A,$E,$B,$A,$C,$B,$D,$C,$E,$D);
+	return($n{$p});
+	}
+
+sub RIP1
+	{
+	local($a,$b,$c,$d,$e,$pos,$s,$o,$pos2)=@_;
+
+	&comment($p++);
+	if ($p & 1)
+		{
+	 #&mov($tmp1,	$c) if $o == -1;
+	&xor($tmp1,	$d) if $o == -1;
+	 &mov($tmp2,	&Xv($pos));
+	&xor($tmp1,	$b);
+	 &add($a,	$tmp2);
+	&rotl($c,	10);
+	&add($a,	$tmp1);
+	 &mov($tmp1,	&Np($c));	# NEXT
+	 # XXX
+	&rotl($a,	$s);
+	&add($a,	$e);
+		}
+	else
+		{
+	 &xor($tmp1,	$d);
+	&mov($tmp2,	&Xv($pos));
+	 &xor($tmp1,	$b);
+	&add($a,	$tmp1);
+	 &mov($tmp1,	&Np($c)) if $o <= 0;
+	 &mov($tmp1,	-1) if $o == 1;
+	 # XXX if $o == 2;
+	&rotl($c,	10);
+	&add($a,	$tmp2);
+	 &xor($tmp1,	&Np($d)) if $o <= 0;
+	 &mov($tmp2,	&Xv($pos2)) if $o == 1;
+	 &mov($tmp2,	&wparam(0)) if $o == 2;
+	&rotl($a,	$s);
+	&add($a,	$e);
+		}
+	}
+
+sub RIP2
+	{
+	local($a,$b,$c,$d,$e,$pos,$pos2,$s,$K,$o)=@_;
+
+# XXXXXX
+	&comment($p++);
+	if ($p & 1)
+		{
+#	 &mov($tmp2,	&Xv($pos)) if $o < -1;
+#	&mov($tmp1,	-1) if $o < -1;
+
+	 &add($a,	$tmp2);
+	&mov($tmp2,	$c);
+	 &sub($tmp1,	$b);
+	&and($tmp2,	$b);
+	 &and($tmp1,	$d);
+	&or($tmp2,	$tmp1);
+	 &mov($tmp1,	&Xv($pos2)) if $o <= 0; # XXXXXXXXXXXXXX
+	 # XXX
+	&rotl($c,	10);
+	&lea($a,	&DWP($K,$a,$tmp2,1));
+	 &mov($tmp2,	-1) if $o <= 0;
+	 # XXX
+	&rotl($a,	$s);
+	&add($a,	$e);
+		}
+	else
+		{
+	 # XXX
+	 &add($a,	$tmp1);
+	&mov($tmp1,	$c);
+	 &sub($tmp2,	$b);
+	&and($tmp1,	$b);
+	 &and($tmp2,	$d);
+	if ($o != 2)
+		{
+	&or($tmp1,	$tmp2);
+	 &mov($tmp2,	&Xv($pos2)) if $o <= 0;
+	 &mov($tmp2,	-1) if $o == 1;
+	&rotl($c,	10);
+	&lea($a,	&DWP($K,$a,$tmp1,1));
+	 &mov($tmp1,	-1) if $o <= 0;
+	 &sub($tmp2,	&Np($c)) if $o == 1;
+		} else {
+	&or($tmp2,	$tmp1);
+	 &mov($tmp1,	&Np($c));
+	&rotl($c,	10);
+	&lea($a,	&DWP($K,$a,$tmp2,1));
+	 &xor($tmp1,	&Np($d));
+		}
+	&rotl($a,	$s);
+	&add($a,	$e);
+		}
+	}
+
+sub RIP3
+	{
+	local($a,$b,$c,$d,$e,$pos,$s,$K,$o,$pos2)=@_;
+
+	&comment($p++);
+	if ($p & 1)
+		{
+#	 &mov($tmp2,	-1) if $o < -1;
+#	&sub($tmp2,	$c) if $o < -1;
+	 &mov($tmp1,	&Xv($pos));
+	&or($tmp2,	$b);
+	 &add($a,	$tmp1);
+	&xor($tmp2,	$d);
+	 &mov($tmp1,	-1) if $o <= 0;		# NEXT
+	 # XXX
+	&rotl($c,	10);
+	&lea($a,	&DWP($K,$a,$tmp2,1));
+	 &sub($tmp1,	&Np($c)) if $o <= 0;	# NEXT
+	 # XXX
+	&rotl($a,	$s);
+	&add($a,	$e);
+		}
+	else
+		{
+	 &mov($tmp2,	&Xv($pos));
+	&or($tmp1,	$b);
+	 &add($a,	$tmp2);
+	&xor($tmp1,	$d);
+	 &mov($tmp2,	-1) if $o <= 0;		# NEXT
+	 &mov($tmp2,	-1) if $o == 1;
+	 &mov($tmp2,	&Xv($pos2)) if $o == 2;
+	&rotl($c,	10);
+	&lea($a,	&DWP($K,$a,$tmp1,1));
+	 &sub($tmp2,	&Np($c)) if $o <= 0;	# NEXT
+	 &mov($tmp1,	&Np($d)) if $o == 1;
+	 &mov($tmp1,	-1) if $o == 2;
+	&rotl($a,	$s);
+	&add($a,	$e);
+		}
+	}
+
+sub RIP4
+	{
+	local($a,$b,$c,$d,$e,$pos,$s,$K,$o)=@_;
+
+	&comment($p++);
+	if ($p & 1)
+		{
+#	 &mov($tmp2,	-1) if $o == -2;
+#	&mov($tmp1,	$d) if $o == -2;
+	 &sub($tmp2,	$d);
+	&and($tmp1,	$b);
+	 &and($tmp2,	$c);
+	&or($tmp2,	$tmp1);
+	 &mov($tmp1,	&Xv($pos));
+	&rotl($c,	10);
+	&lea($a,	&DWP($K,$a,$tmp2));
+	 &mov($tmp2,	-1) unless $o > 0;	# NEXT
+	 # XXX
+	&add($a,	$tmp1);
+	 &mov($tmp1,	&Np($d)) unless $o > 0; # NEXT
+	 # XXX
+	&rotl($a,	$s);
+	&add($a,	$e);
+		}
+	else
+		{
+	 &sub($tmp2,	$d);
+	&and($tmp1,	$b);
+	 &and($tmp2,	$c);
+	&or($tmp2,	$tmp1);
+	 &mov($tmp1,	&Xv($pos));
+	&rotl($c,	10);
+	&lea($a,	&DWP($K,$a,$tmp2));
+	 &mov($tmp2,	-1) if $o == 0;	# NEXT
+	 &mov($tmp2,	-1) if $o == 1;
+	 &mov($tmp2,	-1) if $o == 2;
+	 # XXX
+	&add($a,	$tmp1);
+	 &mov($tmp1,	&Np($d)) if $o == 0;	# NEXT
+	 &sub($tmp2,	&Np($d)) if $o == 1;
+	 &sub($tmp2,	&Np($c)) if $o == 2;
+	 # XXX
+	&rotl($a,	$s);
+	&add($a,	$e);
+		}
+	}
+
+sub RIP5
+	{
+	local($a,$b,$c,$d,$e,$pos,$s,$K,$o)=@_;
+
+	&comment($p++);
+	if ($p & 1)
+		{
+	 &mov($tmp2,	-1) if $o == -2;
+	&sub($tmp2,	$d) if $o == -2;
+	 &mov($tmp1,	&Xv($pos));
+	&or($tmp2,	$c);
+	 &add($a,	$tmp1);
+	&xor($tmp2,	$b);
+	 &mov($tmp1,	-1) if $o <= 0;
+	 # XXX
+	&rotl($c,	10);
+	&lea($a,	&DWP($K,$a,$tmp2,1));
+	 &sub($tmp1,	&Np($d)) if $o <= 0;
+	 # XXX
+	&rotl($a,	$s);
+	&add($a,	$e);
+		}
+	else
+		{
+	 &mov($tmp2,	&Xv($pos));
+	&or($tmp1,	$c);
+	 &add($a,	$tmp2);
+	&xor($tmp1,	$b);
+	 &mov($tmp2,	-1) if $o <= 0;
+	 &mov($tmp2,	&wparam(0)) if $o == 1;	# Middle code
+	 &mov($tmp2,	-1) if $o == 2;
+	&rotl($c,	10);
+	&lea($a,	&DWP($K,$a,$tmp1,1));
+	 &sub($tmp2,	&Np($d)) if $o <= 0;
+	 &mov(&swtmp(16),	$A) if $o == 1;
+	 &mov($tmp1,	&Np($d)) if $o == 2;
+	&rotl($a,	$s);
+	&add($a,	$e);
+		}
+	}
+
+sub ripemd160_block
+	{
+	local($name)=@_;
+
+	&function_begin_B($name,"",3);
+
+	# parameter 1 is the RIPEMD160_CTX structure.
+	# A	0
+	# B	4
+	# C	8
+	# D 	12
+	# E 	16
+
+	&mov($tmp2,	&wparam(0));
+	 &mov($tmp1,	&wparam(1));
+	&push("esi");
+	 &mov($A,	&DWP( 0,$tmp2,"",0));
+	&push("edi");
+	 &mov($B,	&DWP( 4,$tmp2,"",0));
+	&push("ebp");
+	 &mov($C,	&DWP( 8,$tmp2,"",0));
+	&push("ebx");
+	 &stack_push(16+5+6);
+			  # Special comment about the figure of 6.
+			  # Idea is to pad the current frame so
+			  # that the top of the stack gets fairly
+			  # aligned. Well, as you realize it would
+			  # always depend on how the frame below is
+			  # aligned. The good news are that gcc-2.95
+			  # and later does keep first argument at
+			  # least double-wise aligned.
+
+	&set_label("start") unless $normal;
+	&comment("");
+
+	# &mov($tmp1,	&wparam(1)); # Done at end of loop
+	# &mov($tmp2,	&wparam(0)); # Done at end of loop
+
+	for ($z=0; $z<16; $z+=2)
+		{
+		&mov($D,		&DWP( $z*4,$tmp1,"",0));
+		 &mov($E,		&DWP( ($z+1)*4,$tmp1,"",0));
+		&mov(&swtmp($z),	$D);
+		 &mov(&swtmp($z+1),	$E);
+		}
+	&mov($tmp1,	$C);
+	 &mov($D,	&DWP(12,$tmp2,"",0));
+	&mov($E,	&DWP(16,$tmp2,"",0));
+
+	&RIP1($A,$B,$C,$D,$E,$wl[ 0],$sl[ 0],-1);
+	&RIP1($E,$A,$B,$C,$D,$wl[ 1],$sl[ 1],0);
+	&RIP1($D,$E,$A,$B,$C,$wl[ 2],$sl[ 2],0);
+	&RIP1($C,$D,$E,$A,$B,$wl[ 3],$sl[ 3],0);
+	&RIP1($B,$C,$D,$E,$A,$wl[ 4],$sl[ 4],0);
+	&RIP1($A,$B,$C,$D,$E,$wl[ 5],$sl[ 5],0);
+	&RIP1($E,$A,$B,$C,$D,$wl[ 6],$sl[ 6],0);
+	&RIP1($D,$E,$A,$B,$C,$wl[ 7],$sl[ 7],0);
+	&RIP1($C,$D,$E,$A,$B,$wl[ 8],$sl[ 8],0);
+	&RIP1($B,$C,$D,$E,$A,$wl[ 9],$sl[ 9],0);
+	&RIP1($A,$B,$C,$D,$E,$wl[10],$sl[10],0);
+	&RIP1($E,$A,$B,$C,$D,$wl[11],$sl[11],0);
+	&RIP1($D,$E,$A,$B,$C,$wl[12],$sl[12],0);
+	&RIP1($C,$D,$E,$A,$B,$wl[13],$sl[13],0);
+	&RIP1($B,$C,$D,$E,$A,$wl[14],$sl[14],0);
+	&RIP1($A,$B,$C,$D,$E,$wl[15],$sl[15],1,$wl[16]);
+
+	&RIP2($E,$A,$B,$C,$D,$wl[16],$wl[17],$sl[16],$KL1,-1);
+	&RIP2($D,$E,$A,$B,$C,$wl[17],$wl[18],$sl[17],$KL1,0);
+	&RIP2($C,$D,$E,$A,$B,$wl[18],$wl[19],$sl[18],$KL1,0);
+	&RIP2($B,$C,$D,$E,$A,$wl[19],$wl[20],$sl[19],$KL1,0);
+	&RIP2($A,$B,$C,$D,$E,$wl[20],$wl[21],$sl[20],$KL1,0);
+	&RIP2($E,$A,$B,$C,$D,$wl[21],$wl[22],$sl[21],$KL1,0);
+	&RIP2($D,$E,$A,$B,$C,$wl[22],$wl[23],$sl[22],$KL1,0);
+	&RIP2($C,$D,$E,$A,$B,$wl[23],$wl[24],$sl[23],$KL1,0);
+	&RIP2($B,$C,$D,$E,$A,$wl[24],$wl[25],$sl[24],$KL1,0);
+	&RIP2($A,$B,$C,$D,$E,$wl[25],$wl[26],$sl[25],$KL1,0);
+	&RIP2($E,$A,$B,$C,$D,$wl[26],$wl[27],$sl[26],$KL1,0);
+	&RIP2($D,$E,$A,$B,$C,$wl[27],$wl[28],$sl[27],$KL1,0);
+	&RIP2($C,$D,$E,$A,$B,$wl[28],$wl[29],$sl[28],$KL1,0);
+	&RIP2($B,$C,$D,$E,$A,$wl[29],$wl[30],$sl[29],$KL1,0);
+	&RIP2($A,$B,$C,$D,$E,$wl[30],$wl[31],$sl[30],$KL1,0);
+	&RIP2($E,$A,$B,$C,$D,$wl[31],$wl[32],$sl[31],$KL1,1);
+
+	&RIP3($D,$E,$A,$B,$C,$wl[32],$sl[32],$KL2,-1);
+	&RIP3($C,$D,$E,$A,$B,$wl[33],$sl[33],$KL2,0);
+	&RIP3($B,$C,$D,$E,$A,$wl[34],$sl[34],$KL2,0);
+	&RIP3($A,$B,$C,$D,$E,$wl[35],$sl[35],$KL2,0);
+	&RIP3($E,$A,$B,$C,$D,$wl[36],$sl[36],$KL2,0);
+	&RIP3($D,$E,$A,$B,$C,$wl[37],$sl[37],$KL2,0);
+	&RIP3($C,$D,$E,$A,$B,$wl[38],$sl[38],$KL2,0);
+	&RIP3($B,$C,$D,$E,$A,$wl[39],$sl[39],$KL2,0);
+	&RIP3($A,$B,$C,$D,$E,$wl[40],$sl[40],$KL2,0);
+	&RIP3($E,$A,$B,$C,$D,$wl[41],$sl[41],$KL2,0);
+	&RIP3($D,$E,$A,$B,$C,$wl[42],$sl[42],$KL2,0);
+	&RIP3($C,$D,$E,$A,$B,$wl[43],$sl[43],$KL2,0);
+	&RIP3($B,$C,$D,$E,$A,$wl[44],$sl[44],$KL2,0);
+	&RIP3($A,$B,$C,$D,$E,$wl[45],$sl[45],$KL2,0);
+	&RIP3($E,$A,$B,$C,$D,$wl[46],$sl[46],$KL2,0);
+	&RIP3($D,$E,$A,$B,$C,$wl[47],$sl[47],$KL2,1);
+
+	&RIP4($C,$D,$E,$A,$B,$wl[48],$sl[48],$KL3,-1);
+	&RIP4($B,$C,$D,$E,$A,$wl[49],$sl[49],$KL3,0);
+	&RIP4($A,$B,$C,$D,$E,$wl[50],$sl[50],$KL3,0);
+	&RIP4($E,$A,$B,$C,$D,$wl[51],$sl[51],$KL3,0);
+	&RIP4($D,$E,$A,$B,$C,$wl[52],$sl[52],$KL3,0);
+	&RIP4($C,$D,$E,$A,$B,$wl[53],$sl[53],$KL3,0);
+	&RIP4($B,$C,$D,$E,$A,$wl[54],$sl[54],$KL3,0);
+	&RIP4($A,$B,$C,$D,$E,$wl[55],$sl[55],$KL3,0);
+	&RIP4($E,$A,$B,$C,$D,$wl[56],$sl[56],$KL3,0);
+	&RIP4($D,$E,$A,$B,$C,$wl[57],$sl[57],$KL3,0);
+	&RIP4($C,$D,$E,$A,$B,$wl[58],$sl[58],$KL3,0);
+	&RIP4($B,$C,$D,$E,$A,$wl[59],$sl[59],$KL3,0);
+	&RIP4($A,$B,$C,$D,$E,$wl[60],$sl[60],$KL3,0);
+	&RIP4($E,$A,$B,$C,$D,$wl[61],$sl[61],$KL3,0);
+	&RIP4($D,$E,$A,$B,$C,$wl[62],$sl[62],$KL3,0);
+	&RIP4($C,$D,$E,$A,$B,$wl[63],$sl[63],$KL3,1);
+
+	&RIP5($B,$C,$D,$E,$A,$wl[64],$sl[64],$KL4,-1);
+	&RIP5($A,$B,$C,$D,$E,$wl[65],$sl[65],$KL4,0);
+	&RIP5($E,$A,$B,$C,$D,$wl[66],$sl[66],$KL4,0);
+	&RIP5($D,$E,$A,$B,$C,$wl[67],$sl[67],$KL4,0);
+	&RIP5($C,$D,$E,$A,$B,$wl[68],$sl[68],$KL4,0);
+	&RIP5($B,$C,$D,$E,$A,$wl[69],$sl[69],$KL4,0);
+	&RIP5($A,$B,$C,$D,$E,$wl[70],$sl[70],$KL4,0);
+	&RIP5($E,$A,$B,$C,$D,$wl[71],$sl[71],$KL4,0);
+	&RIP5($D,$E,$A,$B,$C,$wl[72],$sl[72],$KL4,0);
+	&RIP5($C,$D,$E,$A,$B,$wl[73],$sl[73],$KL4,0);
+	&RIP5($B,$C,$D,$E,$A,$wl[74],$sl[74],$KL4,0);
+	&RIP5($A,$B,$C,$D,$E,$wl[75],$sl[75],$KL4,0);
+	&RIP5($E,$A,$B,$C,$D,$wl[76],$sl[76],$KL4,0);
+	&RIP5($D,$E,$A,$B,$C,$wl[77],$sl[77],$KL4,0);
+	&RIP5($C,$D,$E,$A,$B,$wl[78],$sl[78],$KL4,0);
+	&RIP5($B,$C,$D,$E,$A,$wl[79],$sl[79],$KL4,1);
+
+	# &mov($tmp2,	&wparam(0)); # moved into last RIP5
+	# &mov(&swtmp(16),	$A);
+	 &mov($A,	&DWP( 0,$tmp2,"",0));
+	&mov(&swtmp(16+1),	$B);
+	 &mov(&swtmp(16+2),	$C);
+	&mov($B,	&DWP( 4,$tmp2,"",0));
+	 &mov(&swtmp(16+3),	$D);
+	&mov($C,	&DWP( 8,$tmp2,"",0));
+	 &mov(&swtmp(16+4),	$E);
+	&mov($D,	&DWP(12,$tmp2,"",0));
+	 &mov($E,	&DWP(16,$tmp2,"",0));
+
+	&RIP5($A,$B,$C,$D,$E,$wr[ 0],$sr[ 0],$KR0,-2);
+	&RIP5($E,$A,$B,$C,$D,$wr[ 1],$sr[ 1],$KR0,0);
+	&RIP5($D,$E,$A,$B,$C,$wr[ 2],$sr[ 2],$KR0,0);
+	&RIP5($C,$D,$E,$A,$B,$wr[ 3],$sr[ 3],$KR0,0);
+	&RIP5($B,$C,$D,$E,$A,$wr[ 4],$sr[ 4],$KR0,0);
+	&RIP5($A,$B,$C,$D,$E,$wr[ 5],$sr[ 5],$KR0,0);
+	&RIP5($E,$A,$B,$C,$D,$wr[ 6],$sr[ 6],$KR0,0);
+	&RIP5($D,$E,$A,$B,$C,$wr[ 7],$sr[ 7],$KR0,0);
+	&RIP5($C,$D,$E,$A,$B,$wr[ 8],$sr[ 8],$KR0,0);
+	&RIP5($B,$C,$D,$E,$A,$wr[ 9],$sr[ 9],$KR0,0);
+	&RIP5($A,$B,$C,$D,$E,$wr[10],$sr[10],$KR0,0);
+	&RIP5($E,$A,$B,$C,$D,$wr[11],$sr[11],$KR0,0);
+	&RIP5($D,$E,$A,$B,$C,$wr[12],$sr[12],$KR0,0);
+	&RIP5($C,$D,$E,$A,$B,$wr[13],$sr[13],$KR0,0);
+	&RIP5($B,$C,$D,$E,$A,$wr[14],$sr[14],$KR0,0);
+	&RIP5($A,$B,$C,$D,$E,$wr[15],$sr[15],$KR0,2);
+
+	&RIP4($E,$A,$B,$C,$D,$wr[16],$sr[16],$KR1,-2);
+	&RIP4($D,$E,$A,$B,$C,$wr[17],$sr[17],$KR1,0);
+	&RIP4($C,$D,$E,$A,$B,$wr[18],$sr[18],$KR1,0);
+	&RIP4($B,$C,$D,$E,$A,$wr[19],$sr[19],$KR1,0);
+	&RIP4($A,$B,$C,$D,$E,$wr[20],$sr[20],$KR1,0);
+	&RIP4($E,$A,$B,$C,$D,$wr[21],$sr[21],$KR1,0);
+	&RIP4($D,$E,$A,$B,$C,$wr[22],$sr[22],$KR1,0);
+	&RIP4($C,$D,$E,$A,$B,$wr[23],$sr[23],$KR1,0);
+	&RIP4($B,$C,$D,$E,$A,$wr[24],$sr[24],$KR1,0);
+	&RIP4($A,$B,$C,$D,$E,$wr[25],$sr[25],$KR1,0);
+	&RIP4($E,$A,$B,$C,$D,$wr[26],$sr[26],$KR1,0);
+	&RIP4($D,$E,$A,$B,$C,$wr[27],$sr[27],$KR1,0);
+	&RIP4($C,$D,$E,$A,$B,$wr[28],$sr[28],$KR1,0);
+	&RIP4($B,$C,$D,$E,$A,$wr[29],$sr[29],$KR1,0);
+	&RIP4($A,$B,$C,$D,$E,$wr[30],$sr[30],$KR1,0);
+	&RIP4($E,$A,$B,$C,$D,$wr[31],$sr[31],$KR1,2);
+
+	&RIP3($D,$E,$A,$B,$C,$wr[32],$sr[32],$KR2,-2);
+	&RIP3($C,$D,$E,$A,$B,$wr[33],$sr[33],$KR2,0);
+	&RIP3($B,$C,$D,$E,$A,$wr[34],$sr[34],$KR2,0);
+	&RIP3($A,$B,$C,$D,$E,$wr[35],$sr[35],$KR2,0);
+	&RIP3($E,$A,$B,$C,$D,$wr[36],$sr[36],$KR2,0);
+	&RIP3($D,$E,$A,$B,$C,$wr[37],$sr[37],$KR2,0);
+	&RIP3($C,$D,$E,$A,$B,$wr[38],$sr[38],$KR2,0);
+	&RIP3($B,$C,$D,$E,$A,$wr[39],$sr[39],$KR2,0);
+	&RIP3($A,$B,$C,$D,$E,$wr[40],$sr[40],$KR2,0);
+	&RIP3($E,$A,$B,$C,$D,$wr[41],$sr[41],$KR2,0);
+	&RIP3($D,$E,$A,$B,$C,$wr[42],$sr[42],$KR2,0);
+	&RIP3($C,$D,$E,$A,$B,$wr[43],$sr[43],$KR2,0);
+	&RIP3($B,$C,$D,$E,$A,$wr[44],$sr[44],$KR2,0);
+	&RIP3($A,$B,$C,$D,$E,$wr[45],$sr[45],$KR2,0);
+	&RIP3($E,$A,$B,$C,$D,$wr[46],$sr[46],$KR2,0);
+	&RIP3($D,$E,$A,$B,$C,$wr[47],$sr[47],$KR2,2,$wr[48]);
+
+	&RIP2($C,$D,$E,$A,$B,$wr[48],$wr[49],$sr[48],$KR3,-2);
+	&RIP2($B,$C,$D,$E,$A,$wr[49],$wr[50],$sr[49],$KR3,0);
+	&RIP2($A,$B,$C,$D,$E,$wr[50],$wr[51],$sr[50],$KR3,0);
+	&RIP2($E,$A,$B,$C,$D,$wr[51],$wr[52],$sr[51],$KR3,0);
+	&RIP2($D,$E,$A,$B,$C,$wr[52],$wr[53],$sr[52],$KR3,0);
+	&RIP2($C,$D,$E,$A,$B,$wr[53],$wr[54],$sr[53],$KR3,0);
+	&RIP2($B,$C,$D,$E,$A,$wr[54],$wr[55],$sr[54],$KR3,0);
+	&RIP2($A,$B,$C,$D,$E,$wr[55],$wr[56],$sr[55],$KR3,0);
+	&RIP2($E,$A,$B,$C,$D,$wr[56],$wr[57],$sr[56],$KR3,0);
+	&RIP2($D,$E,$A,$B,$C,$wr[57],$wr[58],$sr[57],$KR3,0);
+	&RIP2($C,$D,$E,$A,$B,$wr[58],$wr[59],$sr[58],$KR3,0);
+	&RIP2($B,$C,$D,$E,$A,$wr[59],$wr[60],$sr[59],$KR3,0);
+	&RIP2($A,$B,$C,$D,$E,$wr[60],$wr[61],$sr[60],$KR3,0);
+	&RIP2($E,$A,$B,$C,$D,$wr[61],$wr[62],$sr[61],$KR3,0);
+	&RIP2($D,$E,$A,$B,$C,$wr[62],$wr[63],$sr[62],$KR3,0);
+	&RIP2($C,$D,$E,$A,$B,$wr[63],$wr[64],$sr[63],$KR3,2);
+
+	&RIP1($B,$C,$D,$E,$A,$wr[64],$sr[64],-2);
+	&RIP1($A,$B,$C,$D,$E,$wr[65],$sr[65],0);
+	&RIP1($E,$A,$B,$C,$D,$wr[66],$sr[66],0);
+	&RIP1($D,$E,$A,$B,$C,$wr[67],$sr[67],0);
+	&RIP1($C,$D,$E,$A,$B,$wr[68],$sr[68],0);
+	&RIP1($B,$C,$D,$E,$A,$wr[69],$sr[69],0);
+	&RIP1($A,$B,$C,$D,$E,$wr[70],$sr[70],0);
+	&RIP1($E,$A,$B,$C,$D,$wr[71],$sr[71],0);
+	&RIP1($D,$E,$A,$B,$C,$wr[72],$sr[72],0);
+	&RIP1($C,$D,$E,$A,$B,$wr[73],$sr[73],0);
+	&RIP1($B,$C,$D,$E,$A,$wr[74],$sr[74],0);
+	&RIP1($A,$B,$C,$D,$E,$wr[75],$sr[75],0);
+	&RIP1($E,$A,$B,$C,$D,$wr[76],$sr[76],0);
+	&RIP1($D,$E,$A,$B,$C,$wr[77],$sr[77],0);
+	&RIP1($C,$D,$E,$A,$B,$wr[78],$sr[78],0);
+	&RIP1($B,$C,$D,$E,$A,$wr[79],$sr[79],2);
+
+	# &mov($tmp2,	&wparam(0)); # Moved into last round
+
+	 &mov($tmp1,	&DWP( 4,$tmp2,"",0));	# ctx->B
+ 	&add($D,	$tmp1);
+	 &mov($tmp1,	&swtmp(16+2));		# $c
+	&add($D,	$tmp1);
+
+	 &mov($tmp1,	&DWP( 8,$tmp2,"",0));	# ctx->C
+	&add($E,	$tmp1);
+	 &mov($tmp1,	&swtmp(16+3));		# $d
+	&add($E,	$tmp1);
+
+	 &mov($tmp1,	&DWP(12,$tmp2,"",0));	# ctx->D
+	&add($A,	$tmp1);
+	 &mov($tmp1,	&swtmp(16+4));		# $e
+	&add($A,	$tmp1);
+
+
+	 &mov($tmp1,	&DWP(16,$tmp2,"",0));	# ctx->E
+	&add($B,	$tmp1);
+	 &mov($tmp1,	&swtmp(16+0));		# $a
+	&add($B,	$tmp1);
+
+	 &mov($tmp1,	&DWP( 0,$tmp2,"",0));	# ctx->A
+	&add($C,	$tmp1);
+	 &mov($tmp1,	&swtmp(16+1));		# $b
+	&add($C,	$tmp1);
+
+	 &mov($tmp1,	&wparam(2));
+
+	&mov(&DWP( 0,$tmp2,"",0),	$D);
+	 &mov(&DWP( 4,$tmp2,"",0),	$E);
+	&mov(&DWP( 8,$tmp2,"",0),	$A);
+	 &sub($tmp1,1);
+	&mov(&DWP(12,$tmp2,"",0),	$B);
+	 &mov(&DWP(16,$tmp2,"",0),	$C);
+
+	&jle(&label("get_out"));
+
+	&mov(&wparam(2),$tmp1);
+	 &mov($C,	$A);
+	&mov($tmp1,	&wparam(1));
+	 &mov($A,	$D);
+	&add($tmp1,	64);
+	 &mov($B,	$E);
+	&mov(&wparam(1),$tmp1);
+
+	&jmp(&label("start"));
+
+	&set_label("get_out");
+
+	&stack_pop(16+5+6);
+
+	&pop("ebx");
+	&pop("ebp");
+	&pop("edi");
+	&pop("esi");
+	&ret();
+	&function_end_B($name);
+	}
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ripemd/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/ripemd/build.info
new file mode 100644
index 000000000..a4a894e2d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ripemd/build.info
@@ -0,0 +1,7 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        rmd_dgst.c rmd_one.c {- $target{rmd160_asm_src} -}
+
+GENERATE[rmd-586.s]=asm/rmd-586.pl \
+        $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS)
+DEPEND[rmd-586.s]=../perlasm/x86asm.pl
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ripemd/rmd_dgst.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ripemd/rmd_dgst.c
new file mode 100644
index 000000000..a1670c7fb
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ripemd/rmd_dgst.c
@@ -0,0 +1,282 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "rmd_locl.h"
+#include <openssl/opensslv.h>
+
+#ifdef RMD160_ASM
+void ripemd160_block_x86(RIPEMD160_CTX *c, unsigned long *p, size_t num);
+# define ripemd160_block ripemd160_block_x86
+#else
+void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p, size_t num);
+#endif
+
+int RIPEMD160_Init(RIPEMD160_CTX *c)
+{
+    memset(c, 0, sizeof(*c));
+    c->A = RIPEMD160_A;
+    c->B = RIPEMD160_B;
+    c->C = RIPEMD160_C;
+    c->D = RIPEMD160_D;
+    c->E = RIPEMD160_E;
+    return 1;
+}
+
+#ifndef ripemd160_block_data_order
+# ifdef X
+#  undef X
+# endif
+void ripemd160_block_data_order(RIPEMD160_CTX *ctx, const void *p, size_t num)
+{
+    const unsigned char *data = p;
+    register unsigned MD32_REG_T A, B, C, D, E;
+    unsigned MD32_REG_T a, b, c, d, e, l;
+# ifndef MD32_XARRAY
+    /* See comment in crypto/sha/sha_locl.h for details. */
+    unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
+        XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15;
+#  define X(i)   XX##i
+# else
+    RIPEMD160_LONG XX[16];
+#  define X(i)   XX[i]
+# endif
+
+    for (; num--;) {
+
+        A = ctx->A;
+        B = ctx->B;
+        C = ctx->C;
+        D = ctx->D;
+        E = ctx->E;
+
+        (void)HOST_c2l(data, l);
+        X(0) = l;
+        (void)HOST_c2l(data, l);
+        X(1) = l;
+        RIP1(A, B, C, D, E, WL00, SL00);
+        (void)HOST_c2l(data, l);
+        X(2) = l;
+        RIP1(E, A, B, C, D, WL01, SL01);
+        (void)HOST_c2l(data, l);
+        X(3) = l;
+        RIP1(D, E, A, B, C, WL02, SL02);
+        (void)HOST_c2l(data, l);
+        X(4) = l;
+        RIP1(C, D, E, A, B, WL03, SL03);
+        (void)HOST_c2l(data, l);
+        X(5) = l;
+        RIP1(B, C, D, E, A, WL04, SL04);
+        (void)HOST_c2l(data, l);
+        X(6) = l;
+        RIP1(A, B, C, D, E, WL05, SL05);
+        (void)HOST_c2l(data, l);
+        X(7) = l;
+        RIP1(E, A, B, C, D, WL06, SL06);
+        (void)HOST_c2l(data, l);
+        X(8) = l;
+        RIP1(D, E, A, B, C, WL07, SL07);
+        (void)HOST_c2l(data, l);
+        X(9) = l;
+        RIP1(C, D, E, A, B, WL08, SL08);
+        (void)HOST_c2l(data, l);
+        X(10) = l;
+        RIP1(B, C, D, E, A, WL09, SL09);
+        (void)HOST_c2l(data, l);
+        X(11) = l;
+        RIP1(A, B, C, D, E, WL10, SL10);
+        (void)HOST_c2l(data, l);
+        X(12) = l;
+        RIP1(E, A, B, C, D, WL11, SL11);
+        (void)HOST_c2l(data, l);
+        X(13) = l;
+        RIP1(D, E, A, B, C, WL12, SL12);
+        (void)HOST_c2l(data, l);
+        X(14) = l;
+        RIP1(C, D, E, A, B, WL13, SL13);
+        (void)HOST_c2l(data, l);
+        X(15) = l;
+        RIP1(B, C, D, E, A, WL14, SL14);
+        RIP1(A, B, C, D, E, WL15, SL15);
+
+        RIP2(E, A, B, C, D, WL16, SL16, KL1);
+        RIP2(D, E, A, B, C, WL17, SL17, KL1);
+        RIP2(C, D, E, A, B, WL18, SL18, KL1);
+        RIP2(B, C, D, E, A, WL19, SL19, KL1);
+        RIP2(A, B, C, D, E, WL20, SL20, KL1);
+        RIP2(E, A, B, C, D, WL21, SL21, KL1);
+        RIP2(D, E, A, B, C, WL22, SL22, KL1);
+        RIP2(C, D, E, A, B, WL23, SL23, KL1);
+        RIP2(B, C, D, E, A, WL24, SL24, KL1);
+        RIP2(A, B, C, D, E, WL25, SL25, KL1);
+        RIP2(E, A, B, C, D, WL26, SL26, KL1);
+        RIP2(D, E, A, B, C, WL27, SL27, KL1);
+        RIP2(C, D, E, A, B, WL28, SL28, KL1);
+        RIP2(B, C, D, E, A, WL29, SL29, KL1);
+        RIP2(A, B, C, D, E, WL30, SL30, KL1);
+        RIP2(E, A, B, C, D, WL31, SL31, KL1);
+
+        RIP3(D, E, A, B, C, WL32, SL32, KL2);
+        RIP3(C, D, E, A, B, WL33, SL33, KL2);
+        RIP3(B, C, D, E, A, WL34, SL34, KL2);
+        RIP3(A, B, C, D, E, WL35, SL35, KL2);
+        RIP3(E, A, B, C, D, WL36, SL36, KL2);
+        RIP3(D, E, A, B, C, WL37, SL37, KL2);
+        RIP3(C, D, E, A, B, WL38, SL38, KL2);
+        RIP3(B, C, D, E, A, WL39, SL39, KL2);
+        RIP3(A, B, C, D, E, WL40, SL40, KL2);
+        RIP3(E, A, B, C, D, WL41, SL41, KL2);
+        RIP3(D, E, A, B, C, WL42, SL42, KL2);
+        RIP3(C, D, E, A, B, WL43, SL43, KL2);
+        RIP3(B, C, D, E, A, WL44, SL44, KL2);
+        RIP3(A, B, C, D, E, WL45, SL45, KL2);
+        RIP3(E, A, B, C, D, WL46, SL46, KL2);
+        RIP3(D, E, A, B, C, WL47, SL47, KL2);
+
+        RIP4(C, D, E, A, B, WL48, SL48, KL3);
+        RIP4(B, C, D, E, A, WL49, SL49, KL3);
+        RIP4(A, B, C, D, E, WL50, SL50, KL3);
+        RIP4(E, A, B, C, D, WL51, SL51, KL3);
+        RIP4(D, E, A, B, C, WL52, SL52, KL3);
+        RIP4(C, D, E, A, B, WL53, SL53, KL3);
+        RIP4(B, C, D, E, A, WL54, SL54, KL3);
+        RIP4(A, B, C, D, E, WL55, SL55, KL3);
+        RIP4(E, A, B, C, D, WL56, SL56, KL3);
+        RIP4(D, E, A, B, C, WL57, SL57, KL3);
+        RIP4(C, D, E, A, B, WL58, SL58, KL3);
+        RIP4(B, C, D, E, A, WL59, SL59, KL3);
+        RIP4(A, B, C, D, E, WL60, SL60, KL3);
+        RIP4(E, A, B, C, D, WL61, SL61, KL3);
+        RIP4(D, E, A, B, C, WL62, SL62, KL3);
+        RIP4(C, D, E, A, B, WL63, SL63, KL3);
+
+        RIP5(B, C, D, E, A, WL64, SL64, KL4);
+        RIP5(A, B, C, D, E, WL65, SL65, KL4);
+        RIP5(E, A, B, C, D, WL66, SL66, KL4);
+        RIP5(D, E, A, B, C, WL67, SL67, KL4);
+        RIP5(C, D, E, A, B, WL68, SL68, KL4);
+        RIP5(B, C, D, E, A, WL69, SL69, KL4);
+        RIP5(A, B, C, D, E, WL70, SL70, KL4);
+        RIP5(E, A, B, C, D, WL71, SL71, KL4);
+        RIP5(D, E, A, B, C, WL72, SL72, KL4);
+        RIP5(C, D, E, A, B, WL73, SL73, KL4);
+        RIP5(B, C, D, E, A, WL74, SL74, KL4);
+        RIP5(A, B, C, D, E, WL75, SL75, KL4);
+        RIP5(E, A, B, C, D, WL76, SL76, KL4);
+        RIP5(D, E, A, B, C, WL77, SL77, KL4);
+        RIP5(C, D, E, A, B, WL78, SL78, KL4);
+        RIP5(B, C, D, E, A, WL79, SL79, KL4);
+
+        a = A;
+        b = B;
+        c = C;
+        d = D;
+        e = E;
+        /* Do other half */
+        A = ctx->A;
+        B = ctx->B;
+        C = ctx->C;
+        D = ctx->D;
+        E = ctx->E;
+
+        RIP5(A, B, C, D, E, WR00, SR00, KR0);
+        RIP5(E, A, B, C, D, WR01, SR01, KR0);
+        RIP5(D, E, A, B, C, WR02, SR02, KR0);
+        RIP5(C, D, E, A, B, WR03, SR03, KR0);
+        RIP5(B, C, D, E, A, WR04, SR04, KR0);
+        RIP5(A, B, C, D, E, WR05, SR05, KR0);
+        RIP5(E, A, B, C, D, WR06, SR06, KR0);
+        RIP5(D, E, A, B, C, WR07, SR07, KR0);
+        RIP5(C, D, E, A, B, WR08, SR08, KR0);
+        RIP5(B, C, D, E, A, WR09, SR09, KR0);
+        RIP5(A, B, C, D, E, WR10, SR10, KR0);
+        RIP5(E, A, B, C, D, WR11, SR11, KR0);
+        RIP5(D, E, A, B, C, WR12, SR12, KR0);
+        RIP5(C, D, E, A, B, WR13, SR13, KR0);
+        RIP5(B, C, D, E, A, WR14, SR14, KR0);
+        RIP5(A, B, C, D, E, WR15, SR15, KR0);
+
+        RIP4(E, A, B, C, D, WR16, SR16, KR1);
+        RIP4(D, E, A, B, C, WR17, SR17, KR1);
+        RIP4(C, D, E, A, B, WR18, SR18, KR1);
+        RIP4(B, C, D, E, A, WR19, SR19, KR1);
+        RIP4(A, B, C, D, E, WR20, SR20, KR1);
+        RIP4(E, A, B, C, D, WR21, SR21, KR1);
+        RIP4(D, E, A, B, C, WR22, SR22, KR1);
+        RIP4(C, D, E, A, B, WR23, SR23, KR1);
+        RIP4(B, C, D, E, A, WR24, SR24, KR1);
+        RIP4(A, B, C, D, E, WR25, SR25, KR1);
+        RIP4(E, A, B, C, D, WR26, SR26, KR1);
+        RIP4(D, E, A, B, C, WR27, SR27, KR1);
+        RIP4(C, D, E, A, B, WR28, SR28, KR1);
+        RIP4(B, C, D, E, A, WR29, SR29, KR1);
+        RIP4(A, B, C, D, E, WR30, SR30, KR1);
+        RIP4(E, A, B, C, D, WR31, SR31, KR1);
+
+        RIP3(D, E, A, B, C, WR32, SR32, KR2);
+        RIP3(C, D, E, A, B, WR33, SR33, KR2);
+        RIP3(B, C, D, E, A, WR34, SR34, KR2);
+        RIP3(A, B, C, D, E, WR35, SR35, KR2);
+        RIP3(E, A, B, C, D, WR36, SR36, KR2);
+        RIP3(D, E, A, B, C, WR37, SR37, KR2);
+        RIP3(C, D, E, A, B, WR38, SR38, KR2);
+        RIP3(B, C, D, E, A, WR39, SR39, KR2);
+        RIP3(A, B, C, D, E, WR40, SR40, KR2);
+        RIP3(E, A, B, C, D, WR41, SR41, KR2);
+        RIP3(D, E, A, B, C, WR42, SR42, KR2);
+        RIP3(C, D, E, A, B, WR43, SR43, KR2);
+        RIP3(B, C, D, E, A, WR44, SR44, KR2);
+        RIP3(A, B, C, D, E, WR45, SR45, KR2);
+        RIP3(E, A, B, C, D, WR46, SR46, KR2);
+        RIP3(D, E, A, B, C, WR47, SR47, KR2);
+
+        RIP2(C, D, E, A, B, WR48, SR48, KR3);
+        RIP2(B, C, D, E, A, WR49, SR49, KR3);
+        RIP2(A, B, C, D, E, WR50, SR50, KR3);
+        RIP2(E, A, B, C, D, WR51, SR51, KR3);
+        RIP2(D, E, A, B, C, WR52, SR52, KR3);
+        RIP2(C, D, E, A, B, WR53, SR53, KR3);
+        RIP2(B, C, D, E, A, WR54, SR54, KR3);
+        RIP2(A, B, C, D, E, WR55, SR55, KR3);
+        RIP2(E, A, B, C, D, WR56, SR56, KR3);
+        RIP2(D, E, A, B, C, WR57, SR57, KR3);
+        RIP2(C, D, E, A, B, WR58, SR58, KR3);
+        RIP2(B, C, D, E, A, WR59, SR59, KR3);
+        RIP2(A, B, C, D, E, WR60, SR60, KR3);
+        RIP2(E, A, B, C, D, WR61, SR61, KR3);
+        RIP2(D, E, A, B, C, WR62, SR62, KR3);
+        RIP2(C, D, E, A, B, WR63, SR63, KR3);
+
+        RIP1(B, C, D, E, A, WR64, SR64);
+        RIP1(A, B, C, D, E, WR65, SR65);
+        RIP1(E, A, B, C, D, WR66, SR66);
+        RIP1(D, E, A, B, C, WR67, SR67);
+        RIP1(C, D, E, A, B, WR68, SR68);
+        RIP1(B, C, D, E, A, WR69, SR69);
+        RIP1(A, B, C, D, E, WR70, SR70);
+        RIP1(E, A, B, C, D, WR71, SR71);
+        RIP1(D, E, A, B, C, WR72, SR72);
+        RIP1(C, D, E, A, B, WR73, SR73);
+        RIP1(B, C, D, E, A, WR74, SR74);
+        RIP1(A, B, C, D, E, WR75, SR75);
+        RIP1(E, A, B, C, D, WR76, SR76);
+        RIP1(D, E, A, B, C, WR77, SR77);
+        RIP1(C, D, E, A, B, WR78, SR78);
+        RIP1(B, C, D, E, A, WR79, SR79);
+
+        D = ctx->B + c + D;
+        ctx->B = ctx->C + d + E;
+        ctx->C = ctx->D + e + A;
+        ctx->D = ctx->E + a + B;
+        ctx->E = ctx->A + b + C;
+        ctx->A = D;
+
+    }
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ripemd/rmd_locl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/ripemd/rmd_locl.h
new file mode 100644
index 000000000..f1ae4323c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ripemd/rmd_locl.h
@@ -0,0 +1,87 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/opensslconf.h>
+#include <openssl/ripemd.h>
+
+/*
+ * DO EXAMINE COMMENTS IN crypto/md5/md5_locl.h & crypto/md5/md5_dgst.c
+ * FOR EXPLANATIONS ON FOLLOWING "CODE."
+ */
+#ifdef RMD160_ASM
+# if defined(__i386) || defined(__i386__) || defined(_M_IX86)
+#  define ripemd160_block_data_order ripemd160_block_asm_data_order
+# endif
+#endif
+
+void ripemd160_block_data_order(RIPEMD160_CTX *c, const void *p, size_t num);
+
+#define DATA_ORDER_IS_LITTLE_ENDIAN
+
+#define HASH_LONG               RIPEMD160_LONG
+#define HASH_CTX                RIPEMD160_CTX
+#define HASH_CBLOCK             RIPEMD160_CBLOCK
+#define HASH_UPDATE             RIPEMD160_Update
+#define HASH_TRANSFORM          RIPEMD160_Transform
+#define HASH_FINAL              RIPEMD160_Final
+#define HASH_MAKE_STRING(c,s)   do {    \
+        unsigned long ll;               \
+        ll=(c)->A; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->B; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->C; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->D; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->E; (void)HOST_l2c(ll,(s));      \
+        } while (0)
+#define HASH_BLOCK_DATA_ORDER   ripemd160_block_data_order
+
+#include "internal/md32_common.h"
+
+/*
+ * Transformed F2 and F4 are courtesy of Wei Dai
+ */
+#define F1(x,y,z)       ((x) ^ (y) ^ (z))
+#define F2(x,y,z)       ((((y) ^ (z)) & (x)) ^ (z))
+#define F3(x,y,z)       (((~(y)) | (x)) ^ (z))
+#define F4(x,y,z)       ((((x) ^ (y)) & (z)) ^ (y))
+#define F5(x,y,z)       (((~(z)) | (y)) ^ (x))
+
+#define RIPEMD160_A     0x67452301L
+#define RIPEMD160_B     0xEFCDAB89L
+#define RIPEMD160_C     0x98BADCFEL
+#define RIPEMD160_D     0x10325476L
+#define RIPEMD160_E     0xC3D2E1F0L
+
+#include "rmdconst.h"
+
+#define RIP1(a,b,c,d,e,w,s) { \
+        a+=F1(b,c,d)+X(w); \
+        a=ROTATE(a,s)+e; \
+        c=ROTATE(c,10); }
+
+#define RIP2(a,b,c,d,e,w,s,K) { \
+        a+=F2(b,c,d)+X(w)+K; \
+        a=ROTATE(a,s)+e; \
+        c=ROTATE(c,10); }
+
+#define RIP3(a,b,c,d,e,w,s,K) { \
+        a+=F3(b,c,d)+X(w)+K; \
+        a=ROTATE(a,s)+e; \
+        c=ROTATE(c,10); }
+
+#define RIP4(a,b,c,d,e,w,s,K) { \
+        a+=F4(b,c,d)+X(w)+K; \
+        a=ROTATE(a,s)+e; \
+        c=ROTATE(c,10); }
+
+#define RIP5(a,b,c,d,e,w,s,K) { \
+        a+=F5(b,c,d)+X(w)+K; \
+        a=ROTATE(a,s)+e; \
+        c=ROTATE(c,10); }
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ripemd/rmd_one.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ripemd/rmd_one.c
new file mode 100644
index 000000000..cc01f15c7
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ripemd/rmd_one.c
@@ -0,0 +1,28 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/ripemd.h>
+#include <openssl/crypto.h>
+
+unsigned char *RIPEMD160(const unsigned char *d, size_t n, unsigned char *md)
+{
+    RIPEMD160_CTX c;
+    static unsigned char m[RIPEMD160_DIGEST_LENGTH];
+
+    if (md == NULL)
+        md = m;
+    if (!RIPEMD160_Init(&c))
+        return NULL;
+    RIPEMD160_Update(&c, d, n);
+    RIPEMD160_Final(md, &c);
+    OPENSSL_cleanse(&c, sizeof(c)); /* security consideration */
+    return md;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ripemd/rmdconst.h b/trunk/3rdparty/openssl-1.1-fit/crypto/ripemd/rmdconst.h
new file mode 100644
index 000000000..b81013239
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ripemd/rmdconst.h
@@ -0,0 +1,350 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#define KL0 0x00000000L
+#define KL1 0x5A827999L
+#define KL2 0x6ED9EBA1L
+#define KL3 0x8F1BBCDCL
+#define KL4 0xA953FD4EL
+
+#define KR0 0x50A28BE6L
+#define KR1 0x5C4DD124L
+#define KR2 0x6D703EF3L
+#define KR3 0x7A6D76E9L
+#define KR4 0x00000000L
+
+#define WL00  0
+#define SL00 11
+#define WL01  1
+#define SL01 14
+#define WL02  2
+#define SL02 15
+#define WL03  3
+#define SL03 12
+#define WL04  4
+#define SL04  5
+#define WL05  5
+#define SL05  8
+#define WL06  6
+#define SL06  7
+#define WL07  7
+#define SL07  9
+#define WL08  8
+#define SL08 11
+#define WL09  9
+#define SL09 13
+#define WL10 10
+#define SL10 14
+#define WL11 11
+#define SL11 15
+#define WL12 12
+#define SL12  6
+#define WL13 13
+#define SL13  7
+#define WL14 14
+#define SL14  9
+#define WL15 15
+#define SL15  8
+
+#define WL16  7
+#define SL16  7
+#define WL17  4
+#define SL17  6
+#define WL18 13
+#define SL18  8
+#define WL19  1
+#define SL19 13
+#define WL20 10
+#define SL20 11
+#define WL21  6
+#define SL21  9
+#define WL22 15
+#define SL22  7
+#define WL23  3
+#define SL23 15
+#define WL24 12
+#define SL24  7
+#define WL25  0
+#define SL25 12
+#define WL26  9
+#define SL26 15
+#define WL27  5
+#define SL27  9
+#define WL28  2
+#define SL28 11
+#define WL29 14
+#define SL29  7
+#define WL30 11
+#define SL30 13
+#define WL31  8
+#define SL31 12
+
+#define WL32  3
+#define SL32 11
+#define WL33 10
+#define SL33 13
+#define WL34 14
+#define SL34  6
+#define WL35  4
+#define SL35  7
+#define WL36  9
+#define SL36 14
+#define WL37 15
+#define SL37  9
+#define WL38  8
+#define SL38 13
+#define WL39  1
+#define SL39 15
+#define WL40  2
+#define SL40 14
+#define WL41  7
+#define SL41  8
+#define WL42  0
+#define SL42 13
+#define WL43  6
+#define SL43  6
+#define WL44 13
+#define SL44  5
+#define WL45 11
+#define SL45 12
+#define WL46  5
+#define SL46  7
+#define WL47 12
+#define SL47  5
+
+#define WL48  1
+#define SL48 11
+#define WL49  9
+#define SL49 12
+#define WL50 11
+#define SL50 14
+#define WL51 10
+#define SL51 15
+#define WL52  0
+#define SL52 14
+#define WL53  8
+#define SL53 15
+#define WL54 12
+#define SL54  9
+#define WL55  4
+#define SL55  8
+#define WL56 13
+#define SL56  9
+#define WL57  3
+#define SL57 14
+#define WL58  7
+#define SL58  5
+#define WL59 15
+#define SL59  6
+#define WL60 14
+#define SL60  8
+#define WL61  5
+#define SL61  6
+#define WL62  6
+#define SL62  5
+#define WL63  2
+#define SL63 12
+
+#define WL64  4
+#define SL64  9
+#define WL65  0
+#define SL65 15
+#define WL66  5
+#define SL66  5
+#define WL67  9
+#define SL67 11
+#define WL68  7
+#define SL68  6
+#define WL69 12
+#define SL69  8
+#define WL70  2
+#define SL70 13
+#define WL71 10
+#define SL71 12
+#define WL72 14
+#define SL72  5
+#define WL73  1
+#define SL73 12
+#define WL74  3
+#define SL74 13
+#define WL75  8
+#define SL75 14
+#define WL76 11
+#define SL76 11
+#define WL77  6
+#define SL77  8
+#define WL78 15
+#define SL78  5
+#define WL79 13
+#define SL79  6
+
+#define WR00  5
+#define SR00  8
+#define WR01 14
+#define SR01  9
+#define WR02  7
+#define SR02  9
+#define WR03  0
+#define SR03 11
+#define WR04  9
+#define SR04 13
+#define WR05  2
+#define SR05 15
+#define WR06 11
+#define SR06 15
+#define WR07  4
+#define SR07  5
+#define WR08 13
+#define SR08  7
+#define WR09  6
+#define SR09  7
+#define WR10 15
+#define SR10  8
+#define WR11  8
+#define SR11 11
+#define WR12  1
+#define SR12 14
+#define WR13 10
+#define SR13 14
+#define WR14  3
+#define SR14 12
+#define WR15 12
+#define SR15  6
+
+#define WR16  6
+#define SR16  9
+#define WR17 11
+#define SR17 13
+#define WR18  3
+#define SR18 15
+#define WR19  7
+#define SR19  7
+#define WR20  0
+#define SR20 12
+#define WR21 13
+#define SR21  8
+#define WR22  5
+#define SR22  9
+#define WR23 10
+#define SR23 11
+#define WR24 14
+#define SR24  7
+#define WR25 15
+#define SR25  7
+#define WR26  8
+#define SR26 12
+#define WR27 12
+#define SR27  7
+#define WR28  4
+#define SR28  6
+#define WR29  9
+#define SR29 15
+#define WR30  1
+#define SR30 13
+#define WR31  2
+#define SR31 11
+
+#define WR32 15
+#define SR32  9
+#define WR33  5
+#define SR33  7
+#define WR34  1
+#define SR34 15
+#define WR35  3
+#define SR35 11
+#define WR36  7
+#define SR36  8
+#define WR37 14
+#define SR37  6
+#define WR38  6
+#define SR38  6
+#define WR39  9
+#define SR39 14
+#define WR40 11
+#define SR40 12
+#define WR41  8
+#define SR41 13
+#define WR42 12
+#define SR42  5
+#define WR43  2
+#define SR43 14
+#define WR44 10
+#define SR44 13
+#define WR45  0
+#define SR45 13
+#define WR46  4
+#define SR46  7
+#define WR47 13
+#define SR47  5
+
+#define WR48  8
+#define SR48 15
+#define WR49  6
+#define SR49  5
+#define WR50  4
+#define SR50  8
+#define WR51  1
+#define SR51 11
+#define WR52  3
+#define SR52 14
+#define WR53 11
+#define SR53 14
+#define WR54 15
+#define SR54  6
+#define WR55  0
+#define SR55 14
+#define WR56  5
+#define SR56  6
+#define WR57 12
+#define SR57  9
+#define WR58  2
+#define SR58 12
+#define WR59 13
+#define SR59  9
+#define WR60  9
+#define SR60 12
+#define WR61  7
+#define SR61  5
+#define WR62 10
+#define SR62 15
+#define WR63 14
+#define SR63  8
+
+#define WR64 12
+#define SR64  8
+#define WR65 15
+#define SR65  5
+#define WR66 10
+#define SR66 12
+#define WR67  4
+#define SR67  9
+#define WR68  1
+#define SR68 12
+#define WR69  5
+#define SR69  5
+#define WR70  8
+#define SR70 14
+#define WR71  7
+#define SR71  6
+#define WR72  6
+#define SR72  8
+#define WR73  2
+#define SR73 13
+#define WR74 13
+#define SR74  6
+#define WR75 14
+#define SR75  5
+#define WR76  0
+#define SR76 15
+#define WR77  3
+#define SR77 13
+#define WR78  9
+#define SR78 11
+#define WR79 11
+#define SR79 11
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/build.info
new file mode 100644
index 000000000..87f924922
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/build.info
@@ -0,0 +1,6 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        rsa_ossl.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c \
+        rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c \
+        rsa_pss.c rsa_x931.c rsa_asn1.c rsa_depr.c rsa_ameth.c rsa_prn.c \
+        rsa_pmeth.c rsa_crpt.c rsa_x931g.c rsa_meth.c rsa_mp.c
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_ameth.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_ameth.c
new file mode 100644
index 000000000..75debb3e0
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_ameth.c
@@ -0,0 +1,1105 @@
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/bn.h>
+#include <openssl/cms.h>
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
+#include "rsa_locl.h"
+
+#ifndef OPENSSL_NO_CMS
+static int rsa_cms_sign(CMS_SignerInfo *si);
+static int rsa_cms_verify(CMS_SignerInfo *si);
+static int rsa_cms_decrypt(CMS_RecipientInfo *ri);
+static int rsa_cms_encrypt(CMS_RecipientInfo *ri);
+#endif
+
+static RSA_PSS_PARAMS *rsa_pss_decode(const X509_ALGOR *alg);
+
+/* Set any parameters associated with pkey */
+static int rsa_param_encode(const EVP_PKEY *pkey,
+                            ASN1_STRING **pstr, int *pstrtype)
+{
+    const RSA *rsa = pkey->pkey.rsa;
+
+    *pstr = NULL;
+    /* If RSA it's just NULL type */
+    if (pkey->ameth->pkey_id != EVP_PKEY_RSA_PSS) {
+        *pstrtype = V_ASN1_NULL;
+        return 1;
+    }
+    /* If no PSS parameters we omit parameters entirely */
+    if (rsa->pss == NULL) {
+        *pstrtype = V_ASN1_UNDEF;
+        return 1;
+    }
+    /* Encode PSS parameters */
+    if (ASN1_item_pack(rsa->pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS), pstr) == NULL)
+        return 0;
+
+    *pstrtype = V_ASN1_SEQUENCE;
+    return 1;
+}
+/* Decode any parameters and set them in RSA structure */
+static int rsa_param_decode(RSA *rsa, const X509_ALGOR *alg)
+{
+    const ASN1_OBJECT *algoid;
+    const void *algp;
+    int algptype;
+
+    X509_ALGOR_get0(&algoid, &algptype, &algp, alg);
+    if (OBJ_obj2nid(algoid) != EVP_PKEY_RSA_PSS)
+        return 1;
+    if (algptype == V_ASN1_UNDEF)
+        return 1;
+    if (algptype != V_ASN1_SEQUENCE) {
+        RSAerr(RSA_F_RSA_PARAM_DECODE, RSA_R_INVALID_PSS_PARAMETERS);
+        return 0;
+    }
+    rsa->pss = rsa_pss_decode(alg);
+    if (rsa->pss == NULL)
+        return 0;
+    return 1;
+}
+
+static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
+{
+    unsigned char *penc = NULL;
+    int penclen;
+    ASN1_STRING *str;
+    int strtype;
+
+    if (!rsa_param_encode(pkey, &str, &strtype))
+        return 0;
+    penclen = i2d_RSAPublicKey(pkey->pkey.rsa, &penc);
+    if (penclen <= 0)
+        return 0;
+    if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(pkey->ameth->pkey_id),
+                               strtype, str, penc, penclen))
+        return 1;
+
+    OPENSSL_free(penc);
+    return 0;
+}
+
+static int rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
+{
+    const unsigned char *p;
+    int pklen;
+    X509_ALGOR *alg;
+    RSA *rsa = NULL;
+
+    if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &alg, pubkey))
+        return 0;
+    if ((rsa = d2i_RSAPublicKey(NULL, &p, pklen)) == NULL) {
+        RSAerr(RSA_F_RSA_PUB_DECODE, ERR_R_RSA_LIB);
+        return 0;
+    }
+    if (!rsa_param_decode(rsa, alg)) {
+        RSA_free(rsa);
+        return 0;
+    }
+    if (!EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, rsa)) {
+        RSA_free(rsa);
+        return 0;
+    }
+    return 1;
+}
+
+static int rsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+    if (BN_cmp(b->pkey.rsa->n, a->pkey.rsa->n) != 0
+        || BN_cmp(b->pkey.rsa->e, a->pkey.rsa->e) != 0)
+        return 0;
+    return 1;
+}
+
+static int old_rsa_priv_decode(EVP_PKEY *pkey,
+                               const unsigned char **pder, int derlen)
+{
+    RSA *rsa;
+
+    if ((rsa = d2i_RSAPrivateKey(NULL, pder, derlen)) == NULL) {
+        RSAerr(RSA_F_OLD_RSA_PRIV_DECODE, ERR_R_RSA_LIB);
+        return 0;
+    }
+    EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, rsa);
+    return 1;
+}
+
+static int old_rsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder)
+{
+    return i2d_RSAPrivateKey(pkey->pkey.rsa, pder);
+}
+
+static int rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
+{
+    unsigned char *rk = NULL;
+    int rklen;
+    ASN1_STRING *str;
+    int strtype;
+
+    if (!rsa_param_encode(pkey, &str, &strtype))
+        return 0;
+    rklen = i2d_RSAPrivateKey(pkey->pkey.rsa, &rk);
+
+    if (rklen <= 0) {
+        RSAerr(RSA_F_RSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
+        ASN1_STRING_free(str);
+        return 0;
+    }
+
+    if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(pkey->ameth->pkey_id), 0,
+                         strtype, str, rk, rklen)) {
+        RSAerr(RSA_F_RSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
+        ASN1_STRING_free(str);
+        return 0;
+    }
+
+    return 1;
+}
+
+static int rsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
+{
+    const unsigned char *p;
+    RSA *rsa;
+    int pklen;
+    const X509_ALGOR *alg;
+
+    if (!PKCS8_pkey_get0(NULL, &p, &pklen, &alg, p8))
+        return 0;
+    rsa = d2i_RSAPrivateKey(NULL, &p, pklen);
+    if (rsa == NULL) {
+        RSAerr(RSA_F_RSA_PRIV_DECODE, ERR_R_RSA_LIB);
+        return 0;
+    }
+    if (!rsa_param_decode(rsa, alg)) {
+        RSA_free(rsa);
+        return 0;
+    }
+    EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, rsa);
+    return 1;
+}
+
+static int int_rsa_size(const EVP_PKEY *pkey)
+{
+    return RSA_size(pkey->pkey.rsa);
+}
+
+static int rsa_bits(const EVP_PKEY *pkey)
+{
+    return BN_num_bits(pkey->pkey.rsa->n);
+}
+
+static int rsa_security_bits(const EVP_PKEY *pkey)
+{
+    return RSA_security_bits(pkey->pkey.rsa);
+}
+
+static void int_rsa_free(EVP_PKEY *pkey)
+{
+    RSA_free(pkey->pkey.rsa);
+}
+
+static X509_ALGOR *rsa_mgf1_decode(X509_ALGOR *alg)
+{
+    if (OBJ_obj2nid(alg->algorithm) != NID_mgf1)
+        return NULL;
+    return ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(X509_ALGOR),
+                                     alg->parameter);
+}
+
+static int rsa_pss_param_print(BIO *bp, int pss_key, RSA_PSS_PARAMS *pss,
+                               int indent)
+{
+    int rv = 0;
+    X509_ALGOR *maskHash = NULL;
+
+    if (!BIO_indent(bp, indent, 128))
+        goto err;
+    if (pss_key) {
+        if (pss == NULL) {
+            if (BIO_puts(bp, "No PSS parameter restrictions\n") <= 0)
+                return 0;
+            return 1;
+        } else {
+            if (BIO_puts(bp, "PSS parameter restrictions:") <= 0)
+                return 0;
+        }
+    } else if (pss == NULL) {
+        if (BIO_puts(bp,"(INVALID PSS PARAMETERS)\n") <= 0)
+            return 0;
+        return 1;
+    }
+    if (BIO_puts(bp, "\n") <= 0)
+        goto err;
+    if (pss_key)
+        indent += 2;
+    if (!BIO_indent(bp, indent, 128))
+        goto err;
+    if (BIO_puts(bp, "Hash Algorithm: ") <= 0)
+        goto err;
+
+    if (pss->hashAlgorithm) {
+        if (i2a_ASN1_OBJECT(bp, pss->hashAlgorithm->algorithm) <= 0)
+            goto err;
+    } else if (BIO_puts(bp, "sha1 (default)") <= 0) {
+        goto err;
+    }
+
+    if (BIO_puts(bp, "\n") <= 0)
+        goto err;
+
+    if (!BIO_indent(bp, indent, 128))
+        goto err;
+
+    if (BIO_puts(bp, "Mask Algorithm: ") <= 0)
+        goto err;
+    if (pss->maskGenAlgorithm) {
+        if (i2a_ASN1_OBJECT(bp, pss->maskGenAlgorithm->algorithm) <= 0)
+            goto err;
+        if (BIO_puts(bp, " with ") <= 0)
+            goto err;
+        maskHash = rsa_mgf1_decode(pss->maskGenAlgorithm);
+        if (maskHash != NULL) {
+            if (i2a_ASN1_OBJECT(bp, maskHash->algorithm) <= 0)
+                goto err;
+        } else if (BIO_puts(bp, "INVALID") <= 0) {
+            goto err;
+        }
+    } else if (BIO_puts(bp, "mgf1 with sha1 (default)") <= 0) {
+        goto err;
+    }
+    BIO_puts(bp, "\n");
+
+    if (!BIO_indent(bp, indent, 128))
+        goto err;
+    if (BIO_printf(bp, "%s Salt Length: 0x", pss_key ? "Minimum" : "") <= 0)
+        goto err;
+    if (pss->saltLength) {
+        if (i2a_ASN1_INTEGER(bp, pss->saltLength) <= 0)
+            goto err;
+    } else if (BIO_puts(bp, "14 (default)") <= 0) {
+        goto err;
+    }
+    BIO_puts(bp, "\n");
+
+    if (!BIO_indent(bp, indent, 128))
+        goto err;
+    if (BIO_puts(bp, "Trailer Field: 0x") <= 0)
+        goto err;
+    if (pss->trailerField) {
+        if (i2a_ASN1_INTEGER(bp, pss->trailerField) <= 0)
+            goto err;
+    } else if (BIO_puts(bp, "BC (default)") <= 0) {
+        goto err;
+    }
+    BIO_puts(bp, "\n");
+
+    rv = 1;
+
+ err:
+    X509_ALGOR_free(maskHash);
+    return rv;
+
+}
+
+static int pkey_rsa_print(BIO *bp, const EVP_PKEY *pkey, int off, int priv)
+{
+    const RSA *x = pkey->pkey.rsa;
+    char *str;
+    const char *s;
+    int ret = 0, mod_len = 0, ex_primes;
+
+    if (x->n != NULL)
+        mod_len = BN_num_bits(x->n);
+    ex_primes = sk_RSA_PRIME_INFO_num(x->prime_infos);
+
+    if (!BIO_indent(bp, off, 128))
+        goto err;
+
+    if (BIO_printf(bp, "%s ", pkey_is_pss(pkey) ?  "RSA-PSS" : "RSA") <= 0)
+        goto err;
+
+    if (priv && x->d) {
+        if (BIO_printf(bp, "Private-Key: (%d bit, %d primes)\n",
+                       mod_len, ex_primes <= 0 ? 2 : ex_primes + 2) <= 0)
+            goto err;
+        str = "modulus:";
+        s = "publicExponent:";
+    } else {
+        if (BIO_printf(bp, "Public-Key: (%d bit)\n", mod_len) <= 0)
+            goto err;
+        str = "Modulus:";
+        s = "Exponent:";
+    }
+    if (!ASN1_bn_print(bp, str, x->n, NULL, off))
+        goto err;
+    if (!ASN1_bn_print(bp, s, x->e, NULL, off))
+        goto err;
+    if (priv) {
+        int i;
+
+        if (!ASN1_bn_print(bp, "privateExponent:", x->d, NULL, off))
+            goto err;
+        if (!ASN1_bn_print(bp, "prime1:", x->p, NULL, off))
+            goto err;
+        if (!ASN1_bn_print(bp, "prime2:", x->q, NULL, off))
+            goto err;
+        if (!ASN1_bn_print(bp, "exponent1:", x->dmp1, NULL, off))
+            goto err;
+        if (!ASN1_bn_print(bp, "exponent2:", x->dmq1, NULL, off))
+            goto err;
+        if (!ASN1_bn_print(bp, "coefficient:", x->iqmp, NULL, off))
+            goto err;
+        for (i = 0; i < sk_RSA_PRIME_INFO_num(x->prime_infos); i++) {
+            /* print multi-prime info */
+            BIGNUM *bn = NULL;
+            RSA_PRIME_INFO *pinfo;
+            int j;
+
+            pinfo = sk_RSA_PRIME_INFO_value(x->prime_infos, i);
+            for (j = 0; j < 3; j++) {
+                if (!BIO_indent(bp, off, 128))
+                    goto err;
+                switch (j) {
+                case 0:
+                    if (BIO_printf(bp, "prime%d:", i + 3) <= 0)
+                        goto err;
+                    bn = pinfo->r;
+                    break;
+                case 1:
+                    if (BIO_printf(bp, "exponent%d:", i + 3) <= 0)
+                        goto err;
+                    bn = pinfo->d;
+                    break;
+                case 2:
+                    if (BIO_printf(bp, "coefficient%d:", i + 3) <= 0)
+                        goto err;
+                    bn = pinfo->t;
+                    break;
+                default:
+                    break;
+                }
+                if (!ASN1_bn_print(bp, "", bn, NULL, off))
+                    goto err;
+            }
+        }
+    }
+    if (pkey_is_pss(pkey) && !rsa_pss_param_print(bp, 1, x->pss, off))
+        goto err;
+    ret = 1;
+ err:
+    return ret;
+}
+
+static int rsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                         ASN1_PCTX *ctx)
+{
+    return pkey_rsa_print(bp, pkey, indent, 0);
+}
+
+static int rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                          ASN1_PCTX *ctx)
+{
+    return pkey_rsa_print(bp, pkey, indent, 1);
+}
+
+static RSA_PSS_PARAMS *rsa_pss_decode(const X509_ALGOR *alg)
+{
+    RSA_PSS_PARAMS *pss;
+
+    pss = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(RSA_PSS_PARAMS),
+                                    alg->parameter);
+
+    if (pss == NULL)
+        return NULL;
+
+    if (pss->maskGenAlgorithm != NULL) {
+        pss->maskHash = rsa_mgf1_decode(pss->maskGenAlgorithm);
+        if (pss->maskHash == NULL) {
+            RSA_PSS_PARAMS_free(pss);
+            return NULL;
+        }
+    }
+
+    return pss;
+}
+
+static int rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,
+                         const ASN1_STRING *sig, int indent, ASN1_PCTX *pctx)
+{
+    if (OBJ_obj2nid(sigalg->algorithm) == EVP_PKEY_RSA_PSS) {
+        int rv;
+        RSA_PSS_PARAMS *pss = rsa_pss_decode(sigalg);
+
+        rv = rsa_pss_param_print(bp, 0, pss, indent);
+        RSA_PSS_PARAMS_free(pss);
+        if (!rv)
+            return 0;
+    } else if (!sig && BIO_puts(bp, "\n") <= 0) {
+        return 0;
+    }
+    if (sig)
+        return X509_signature_dump(bp, sig, indent);
+    return 1;
+}
+
+static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+{
+    X509_ALGOR *alg = NULL;
+
+    switch (op) {
+
+    case ASN1_PKEY_CTRL_PKCS7_SIGN:
+        if (arg1 == 0)
+            PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, NULL, &alg);
+        break;
+
+    case ASN1_PKEY_CTRL_PKCS7_ENCRYPT:
+        if (pkey_is_pss(pkey))
+            return -2;
+        if (arg1 == 0)
+            PKCS7_RECIP_INFO_get0_alg(arg2, &alg);
+        break;
+#ifndef OPENSSL_NO_CMS
+    case ASN1_PKEY_CTRL_CMS_SIGN:
+        if (arg1 == 0)
+            return rsa_cms_sign(arg2);
+        else if (arg1 == 1)
+            return rsa_cms_verify(arg2);
+        break;
+
+    case ASN1_PKEY_CTRL_CMS_ENVELOPE:
+        if (pkey_is_pss(pkey))
+            return -2;
+        if (arg1 == 0)
+            return rsa_cms_encrypt(arg2);
+        else if (arg1 == 1)
+            return rsa_cms_decrypt(arg2);
+        break;
+
+    case ASN1_PKEY_CTRL_CMS_RI_TYPE:
+        if (pkey_is_pss(pkey))
+            return -2;
+        *(int *)arg2 = CMS_RECIPINFO_TRANS;
+        return 1;
+#endif
+
+    case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
+        *(int *)arg2 = NID_sha256;
+        return 1;
+
+    default:
+        return -2;
+
+    }
+
+    if (alg)
+        X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), V_ASN1_NULL, 0);
+
+    return 1;
+
+}
+
+/* allocate and set algorithm ID from EVP_MD, default SHA1 */
+static int rsa_md_to_algor(X509_ALGOR **palg, const EVP_MD *md)
+{
+    if (md == NULL || EVP_MD_type(md) == NID_sha1)
+        return 1;
+    *palg = X509_ALGOR_new();
+    if (*palg == NULL)
+        return 0;
+    X509_ALGOR_set_md(*palg, md);
+    return 1;
+}
+
+/* Allocate and set MGF1 algorithm ID from EVP_MD */
+static int rsa_md_to_mgf1(X509_ALGOR **palg, const EVP_MD *mgf1md)
+{
+    X509_ALGOR *algtmp = NULL;
+    ASN1_STRING *stmp = NULL;
+
+    *palg = NULL;
+    if (mgf1md == NULL || EVP_MD_type(mgf1md) == NID_sha1)
+        return 1;
+    /* need to embed algorithm ID inside another */
+    if (!rsa_md_to_algor(&algtmp, mgf1md))
+        goto err;
+    if (ASN1_item_pack(algtmp, ASN1_ITEM_rptr(X509_ALGOR), &stmp) == NULL)
+         goto err;
+    *palg = X509_ALGOR_new();
+    if (*palg == NULL)
+        goto err;
+    X509_ALGOR_set0(*palg, OBJ_nid2obj(NID_mgf1), V_ASN1_SEQUENCE, stmp);
+    stmp = NULL;
+ err:
+    ASN1_STRING_free(stmp);
+    X509_ALGOR_free(algtmp);
+    if (*palg)
+        return 1;
+    return 0;
+}
+
+/* convert algorithm ID to EVP_MD, default SHA1 */
+static const EVP_MD *rsa_algor_to_md(X509_ALGOR *alg)
+{
+    const EVP_MD *md;
+
+    if (!alg)
+        return EVP_sha1();
+    md = EVP_get_digestbyobj(alg->algorithm);
+    if (md == NULL)
+        RSAerr(RSA_F_RSA_ALGOR_TO_MD, RSA_R_UNKNOWN_DIGEST);
+    return md;
+}
+
+/*
+ * Convert EVP_PKEY_CTX in PSS mode into corresponding algorithm parameter,
+ * suitable for setting an AlgorithmIdentifier.
+ */
+
+static RSA_PSS_PARAMS *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx)
+{
+    const EVP_MD *sigmd, *mgf1md;
+    EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(pkctx);
+    int saltlen;
+
+    if (EVP_PKEY_CTX_get_signature_md(pkctx, &sigmd) <= 0)
+        return NULL;
+    if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0)
+        return NULL;
+    if (!EVP_PKEY_CTX_get_rsa_pss_saltlen(pkctx, &saltlen))
+        return NULL;
+    if (saltlen == -1) {
+        saltlen = EVP_MD_size(sigmd);
+    } else if (saltlen == -2) {
+        saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2;
+        if ((EVP_PKEY_bits(pk) & 0x7) == 1)
+            saltlen--;
+    }
+
+    return rsa_pss_params_create(sigmd, mgf1md, saltlen);
+}
+
+RSA_PSS_PARAMS *rsa_pss_params_create(const EVP_MD *sigmd,
+                                      const EVP_MD *mgf1md, int saltlen)
+{
+    RSA_PSS_PARAMS *pss = RSA_PSS_PARAMS_new();
+
+    if (pss == NULL)
+        goto err;
+    if (saltlen != 20) {
+        pss->saltLength = ASN1_INTEGER_new();
+        if (pss->saltLength == NULL)
+            goto err;
+        if (!ASN1_INTEGER_set(pss->saltLength, saltlen))
+            goto err;
+    }
+    if (!rsa_md_to_algor(&pss->hashAlgorithm, sigmd))
+        goto err;
+    if (mgf1md == NULL)
+        mgf1md = sigmd;
+    if (!rsa_md_to_mgf1(&pss->maskGenAlgorithm, mgf1md))
+        goto err;
+    if (!rsa_md_to_algor(&pss->maskHash, mgf1md))
+        goto err;
+    return pss;
+ err:
+    RSA_PSS_PARAMS_free(pss);
+    return NULL;
+}
+
+static ASN1_STRING *rsa_ctx_to_pss_string(EVP_PKEY_CTX *pkctx)
+{
+    RSA_PSS_PARAMS *pss = rsa_ctx_to_pss(pkctx);
+    ASN1_STRING *os;
+
+    if (pss == NULL)
+        return NULL;
+
+    os = ASN1_item_pack(pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS), NULL);
+    RSA_PSS_PARAMS_free(pss);
+    return os;
+}
+
+/*
+ * From PSS AlgorithmIdentifier set public key parameters. If pkey isn't NULL
+ * then the EVP_MD_CTX is setup and initialised. If it is NULL parameters are
+ * passed to pkctx instead.
+ */
+
+static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx,
+                          X509_ALGOR *sigalg, EVP_PKEY *pkey)
+{
+    int rv = -1;
+    int saltlen;
+    const EVP_MD *mgf1md = NULL, *md = NULL;
+    RSA_PSS_PARAMS *pss;
+
+    /* Sanity check: make sure it is PSS */
+    if (OBJ_obj2nid(sigalg->algorithm) != EVP_PKEY_RSA_PSS) {
+        RSAerr(RSA_F_RSA_PSS_TO_CTX, RSA_R_UNSUPPORTED_SIGNATURE_TYPE);
+        return -1;
+    }
+    /* Decode PSS parameters */
+    pss = rsa_pss_decode(sigalg);
+
+    if (!rsa_pss_get_param(pss, &md, &mgf1md, &saltlen)) {
+        RSAerr(RSA_F_RSA_PSS_TO_CTX, RSA_R_INVALID_PSS_PARAMETERS);
+        goto err;
+    }
+
+    /* We have all parameters now set up context */
+    if (pkey) {
+        if (!EVP_DigestVerifyInit(ctx, &pkctx, md, NULL, pkey))
+            goto err;
+    } else {
+        const EVP_MD *checkmd;
+        if (EVP_PKEY_CTX_get_signature_md(pkctx, &checkmd) <= 0)
+            goto err;
+        if (EVP_MD_type(md) != EVP_MD_type(checkmd)) {
+            RSAerr(RSA_F_RSA_PSS_TO_CTX, RSA_R_DIGEST_DOES_NOT_MATCH);
+            goto err;
+        }
+    }
+
+    if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) <= 0)
+        goto err;
+
+    if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, saltlen) <= 0)
+        goto err;
+
+    if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0)
+        goto err;
+    /* Carry on */
+    rv = 1;
+
+ err:
+    RSA_PSS_PARAMS_free(pss);
+    return rv;
+}
+
+int rsa_pss_get_param(const RSA_PSS_PARAMS *pss, const EVP_MD **pmd,
+                      const EVP_MD **pmgf1md, int *psaltlen)
+{
+    if (pss == NULL)
+        return 0;
+    *pmd = rsa_algor_to_md(pss->hashAlgorithm);
+    if (*pmd == NULL)
+        return 0;
+    *pmgf1md = rsa_algor_to_md(pss->maskHash);
+    if (*pmgf1md == NULL)
+        return 0;
+    if (pss->saltLength) {
+        *psaltlen = ASN1_INTEGER_get(pss->saltLength);
+        if (*psaltlen < 0) {
+            RSAerr(RSA_F_RSA_PSS_GET_PARAM, RSA_R_INVALID_SALT_LENGTH);
+            return 0;
+        }
+    } else {
+        *psaltlen = 20;
+    }
+
+    /*
+     * low-level routines support only trailer field 0xbc (value 1) and
+     * PKCS#1 says we should reject any other value anyway.
+     */
+    if (pss->trailerField && ASN1_INTEGER_get(pss->trailerField) != 1) {
+        RSAerr(RSA_F_RSA_PSS_GET_PARAM, RSA_R_INVALID_TRAILER);
+        return 0;
+    }
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_CMS
+static int rsa_cms_verify(CMS_SignerInfo *si)
+{
+    int nid, nid2;
+    X509_ALGOR *alg;
+    EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si);
+
+    CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg);
+    nid = OBJ_obj2nid(alg->algorithm);
+    if (nid == EVP_PKEY_RSA_PSS)
+        return rsa_pss_to_ctx(NULL, pkctx, alg, NULL);
+    /* Only PSS allowed for PSS keys */
+    if (pkey_ctx_is_pss(pkctx)) {
+        RSAerr(RSA_F_RSA_CMS_VERIFY, RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
+        return 0;
+    }
+    if (nid == NID_rsaEncryption)
+        return 1;
+    /* Workaround for some implementation that use a signature OID */
+    if (OBJ_find_sigid_algs(nid, NULL, &nid2)) {
+        if (nid2 == NID_rsaEncryption)
+            return 1;
+    }
+    return 0;
+}
+#endif
+
+/*
+ * Customised RSA item verification routine. This is called when a signature
+ * is encountered requiring special handling. We currently only handle PSS.
+ */
+
+static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+                           X509_ALGOR *sigalg, ASN1_BIT_STRING *sig,
+                           EVP_PKEY *pkey)
+{
+    /* Sanity check: make sure it is PSS */
+    if (OBJ_obj2nid(sigalg->algorithm) != EVP_PKEY_RSA_PSS) {
+        RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_SIGNATURE_TYPE);
+        return -1;
+    }
+    if (rsa_pss_to_ctx(ctx, NULL, sigalg, pkey) > 0) {
+        /* Carry on */
+        return 2;
+    }
+    return -1;
+}
+
+#ifndef OPENSSL_NO_CMS
+static int rsa_cms_sign(CMS_SignerInfo *si)
+{
+    int pad_mode = RSA_PKCS1_PADDING;
+    X509_ALGOR *alg;
+    EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si);
+    ASN1_STRING *os = NULL;
+
+    CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg);
+    if (pkctx) {
+        if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0)
+            return 0;
+    }
+    if (pad_mode == RSA_PKCS1_PADDING) {
+        X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), V_ASN1_NULL, 0);
+        return 1;
+    }
+    /* We don't support it */
+    if (pad_mode != RSA_PKCS1_PSS_PADDING)
+        return 0;
+    os = rsa_ctx_to_pss_string(pkctx);
+    if (!os)
+        return 0;
+    X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_PKEY_RSA_PSS), V_ASN1_SEQUENCE, os);
+    return 1;
+}
+#endif
+
+static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+                         X509_ALGOR *alg1, X509_ALGOR *alg2,
+                         ASN1_BIT_STRING *sig)
+{
+    int pad_mode;
+    EVP_PKEY_CTX *pkctx = EVP_MD_CTX_pkey_ctx(ctx);
+
+    if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0)
+        return 0;
+    if (pad_mode == RSA_PKCS1_PADDING)
+        return 2;
+    if (pad_mode == RSA_PKCS1_PSS_PADDING) {
+        ASN1_STRING *os1 = NULL;
+        os1 = rsa_ctx_to_pss_string(pkctx);
+        if (!os1)
+            return 0;
+        /* Duplicate parameters if we have to */
+        if (alg2) {
+            ASN1_STRING *os2 = ASN1_STRING_dup(os1);
+            if (!os2) {
+                ASN1_STRING_free(os1);
+                return 0;
+            }
+            X509_ALGOR_set0(alg2, OBJ_nid2obj(EVP_PKEY_RSA_PSS),
+                            V_ASN1_SEQUENCE, os2);
+        }
+        X509_ALGOR_set0(alg1, OBJ_nid2obj(EVP_PKEY_RSA_PSS),
+                        V_ASN1_SEQUENCE, os1);
+        return 3;
+    }
+    return 2;
+}
+
+static int rsa_sig_info_set(X509_SIG_INFO *siginf, const X509_ALGOR *sigalg,
+                            const ASN1_STRING *sig)
+{
+    int rv = 0;
+    int mdnid, saltlen;
+    uint32_t flags;
+    const EVP_MD *mgf1md = NULL, *md = NULL;
+    RSA_PSS_PARAMS *pss;
+
+    /* Sanity check: make sure it is PSS */
+    if (OBJ_obj2nid(sigalg->algorithm) != EVP_PKEY_RSA_PSS)
+        return 0;
+    /* Decode PSS parameters */
+    pss = rsa_pss_decode(sigalg);
+    if (!rsa_pss_get_param(pss, &md, &mgf1md, &saltlen))
+        goto err;
+    mdnid = EVP_MD_type(md);
+    /*
+     * For TLS need SHA256, SHA384 or SHA512, digest and MGF1 digest must
+     * match and salt length must equal digest size
+     */
+    if ((mdnid == NID_sha256 || mdnid == NID_sha384 || mdnid == NID_sha512)
+            && mdnid == EVP_MD_type(mgf1md) && saltlen == EVP_MD_size(md))
+        flags = X509_SIG_INFO_TLS;
+    else
+        flags = 0;
+    /* Note: security bits half number of digest bits */
+    X509_SIG_INFO_set(siginf, mdnid, EVP_PKEY_RSA_PSS, EVP_MD_size(md) * 4,
+                      flags);
+    rv = 1;
+    err:
+    RSA_PSS_PARAMS_free(pss);
+    return rv;
+}
+
+#ifndef OPENSSL_NO_CMS
+static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg)
+{
+    RSA_OAEP_PARAMS *oaep;
+
+    oaep = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(RSA_OAEP_PARAMS),
+                                     alg->parameter);
+
+    if (oaep == NULL)
+        return NULL;
+
+    if (oaep->maskGenFunc != NULL) {
+        oaep->maskHash = rsa_mgf1_decode(oaep->maskGenFunc);
+        if (oaep->maskHash == NULL) {
+            RSA_OAEP_PARAMS_free(oaep);
+            return NULL;
+        }
+    }
+    return oaep;
+}
+
+static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
+{
+    EVP_PKEY_CTX *pkctx;
+    X509_ALGOR *cmsalg;
+    int nid;
+    int rv = -1;
+    unsigned char *label = NULL;
+    int labellen = 0;
+    const EVP_MD *mgf1md = NULL, *md = NULL;
+    RSA_OAEP_PARAMS *oaep;
+
+    pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
+    if (pkctx == NULL)
+        return 0;
+    if (!CMS_RecipientInfo_ktri_get0_algs(ri, NULL, NULL, &cmsalg))
+        return -1;
+    nid = OBJ_obj2nid(cmsalg->algorithm);
+    if (nid == NID_rsaEncryption)
+        return 1;
+    if (nid != NID_rsaesOaep) {
+        RSAerr(RSA_F_RSA_CMS_DECRYPT, RSA_R_UNSUPPORTED_ENCRYPTION_TYPE);
+        return -1;
+    }
+    /* Decode OAEP parameters */
+    oaep = rsa_oaep_decode(cmsalg);
+
+    if (oaep == NULL) {
+        RSAerr(RSA_F_RSA_CMS_DECRYPT, RSA_R_INVALID_OAEP_PARAMETERS);
+        goto err;
+    }
+
+    mgf1md = rsa_algor_to_md(oaep->maskHash);
+    if (mgf1md == NULL)
+        goto err;
+    md = rsa_algor_to_md(oaep->hashFunc);
+    if (md == NULL)
+        goto err;
+
+    if (oaep->pSourceFunc != NULL) {
+        X509_ALGOR *plab = oaep->pSourceFunc;
+
+        if (OBJ_obj2nid(plab->algorithm) != NID_pSpecified) {
+            RSAerr(RSA_F_RSA_CMS_DECRYPT, RSA_R_UNSUPPORTED_LABEL_SOURCE);
+            goto err;
+        }
+        if (plab->parameter->type != V_ASN1_OCTET_STRING) {
+            RSAerr(RSA_F_RSA_CMS_DECRYPT, RSA_R_INVALID_LABEL);
+            goto err;
+        }
+
+        label = plab->parameter->value.octet_string->data;
+        /* Stop label being freed when OAEP parameters are freed */
+        plab->parameter->value.octet_string->data = NULL;
+        labellen = plab->parameter->value.octet_string->length;
+    }
+
+    if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_OAEP_PADDING) <= 0)
+        goto err;
+    if (EVP_PKEY_CTX_set_rsa_oaep_md(pkctx, md) <= 0)
+        goto err;
+    if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0)
+        goto err;
+    if (EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0)
+        goto err;
+    /* Carry on */
+    rv = 1;
+
+ err:
+    RSA_OAEP_PARAMS_free(oaep);
+    return rv;
+}
+
+static int rsa_cms_encrypt(CMS_RecipientInfo *ri)
+{
+    const EVP_MD *md, *mgf1md;
+    RSA_OAEP_PARAMS *oaep = NULL;
+    ASN1_STRING *os = NULL;
+    X509_ALGOR *alg;
+    EVP_PKEY_CTX *pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
+    int pad_mode = RSA_PKCS1_PADDING, rv = 0, labellen;
+    unsigned char *label;
+
+    if (CMS_RecipientInfo_ktri_get0_algs(ri, NULL, NULL, &alg) <= 0)
+        return 0;
+    if (pkctx) {
+        if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0)
+            return 0;
+    }
+    if (pad_mode == RSA_PKCS1_PADDING) {
+        X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), V_ASN1_NULL, 0);
+        return 1;
+    }
+    /* Not supported */
+    if (pad_mode != RSA_PKCS1_OAEP_PADDING)
+        return 0;
+    if (EVP_PKEY_CTX_get_rsa_oaep_md(pkctx, &md) <= 0)
+        goto err;
+    if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0)
+        goto err;
+    labellen = EVP_PKEY_CTX_get0_rsa_oaep_label(pkctx, &label);
+    if (labellen < 0)
+        goto err;
+    oaep = RSA_OAEP_PARAMS_new();
+    if (oaep == NULL)
+        goto err;
+    if (!rsa_md_to_algor(&oaep->hashFunc, md))
+        goto err;
+    if (!rsa_md_to_mgf1(&oaep->maskGenFunc, mgf1md))
+        goto err;
+    if (labellen > 0) {
+        ASN1_OCTET_STRING *los;
+        oaep->pSourceFunc = X509_ALGOR_new();
+        if (oaep->pSourceFunc == NULL)
+            goto err;
+        los = ASN1_OCTET_STRING_new();
+        if (los == NULL)
+            goto err;
+        if (!ASN1_OCTET_STRING_set(los, label, labellen)) {
+            ASN1_OCTET_STRING_free(los);
+            goto err;
+        }
+        X509_ALGOR_set0(oaep->pSourceFunc, OBJ_nid2obj(NID_pSpecified),
+                        V_ASN1_OCTET_STRING, los);
+    }
+    /* create string with pss parameter encoding. */
+    if (!ASN1_item_pack(oaep, ASN1_ITEM_rptr(RSA_OAEP_PARAMS), &os))
+         goto err;
+    X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaesOaep), V_ASN1_SEQUENCE, os);
+    os = NULL;
+    rv = 1;
+ err:
+    RSA_OAEP_PARAMS_free(oaep);
+    ASN1_STRING_free(os);
+    return rv;
+}
+#endif
+
+static int rsa_pkey_check(const EVP_PKEY *pkey)
+{
+    return RSA_check_key_ex(pkey->pkey.rsa, NULL);
+}
+
+const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[2] = {
+    {
+     EVP_PKEY_RSA,
+     EVP_PKEY_RSA,
+     ASN1_PKEY_SIGPARAM_NULL,
+
+     "RSA",
+     "OpenSSL RSA method",
+
+     rsa_pub_decode,
+     rsa_pub_encode,
+     rsa_pub_cmp,
+     rsa_pub_print,
+
+     rsa_priv_decode,
+     rsa_priv_encode,
+     rsa_priv_print,
+
+     int_rsa_size,
+     rsa_bits,
+     rsa_security_bits,
+
+     0, 0, 0, 0, 0, 0,
+
+     rsa_sig_print,
+     int_rsa_free,
+     rsa_pkey_ctrl,
+     old_rsa_priv_decode,
+     old_rsa_priv_encode,
+     rsa_item_verify,
+     rsa_item_sign,
+     rsa_sig_info_set,
+     rsa_pkey_check
+    },
+
+    {
+     EVP_PKEY_RSA2,
+     EVP_PKEY_RSA,
+     ASN1_PKEY_ALIAS}
+};
+
+const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth = {
+     EVP_PKEY_RSA_PSS,
+     EVP_PKEY_RSA_PSS,
+     ASN1_PKEY_SIGPARAM_NULL,
+
+     "RSA-PSS",
+     "OpenSSL RSA-PSS method",
+
+     rsa_pub_decode,
+     rsa_pub_encode,
+     rsa_pub_cmp,
+     rsa_pub_print,
+
+     rsa_priv_decode,
+     rsa_priv_encode,
+     rsa_priv_print,
+
+     int_rsa_size,
+     rsa_bits,
+     rsa_security_bits,
+
+     0, 0, 0, 0, 0, 0,
+
+     rsa_sig_print,
+     int_rsa_free,
+     rsa_pkey_ctrl,
+     0, 0,
+     rsa_item_verify,
+     rsa_item_sign,
+     0,
+     rsa_pkey_check
+};
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_asn1.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_asn1.c
new file mode 100644
index 000000000..9fe62c82e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_asn1.c
@@ -0,0 +1,121 @@
+/*
+ * Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/x509.h>
+#include <openssl/asn1t.h>
+#include "rsa_locl.h"
+
+/*
+ * Override the default free and new methods,
+ * and calculate helper products for multi-prime
+ * RSA keys.
+ */
+static int rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                  void *exarg)
+{
+    if (operation == ASN1_OP_NEW_PRE) {
+        *pval = (ASN1_VALUE *)RSA_new();
+        if (*pval != NULL)
+            return 2;
+        return 0;
+    } else if (operation == ASN1_OP_FREE_PRE) {
+        RSA_free((RSA *)*pval);
+        *pval = NULL;
+        return 2;
+    } else if (operation == ASN1_OP_D2I_POST) {
+        if (((RSA *)*pval)->version != RSA_ASN1_VERSION_MULTI) {
+            /* not a multi-prime key, skip */
+            return 1;
+        }
+        return (rsa_multip_calc_product((RSA *)*pval) == 1) ? 2 : 0;
+    }
+    return 1;
+}
+
+/* Based on definitions in RFC 8017 appendix A.1.2 */
+ASN1_SEQUENCE(RSA_PRIME_INFO) = {
+        ASN1_SIMPLE(RSA_PRIME_INFO, r, CBIGNUM),
+        ASN1_SIMPLE(RSA_PRIME_INFO, d, CBIGNUM),
+        ASN1_SIMPLE(RSA_PRIME_INFO, t, CBIGNUM),
+} ASN1_SEQUENCE_END(RSA_PRIME_INFO)
+
+ASN1_SEQUENCE_cb(RSAPrivateKey, rsa_cb) = {
+        ASN1_EMBED(RSA, version, INT32),
+        ASN1_SIMPLE(RSA, n, BIGNUM),
+        ASN1_SIMPLE(RSA, e, BIGNUM),
+        ASN1_SIMPLE(RSA, d, CBIGNUM),
+        ASN1_SIMPLE(RSA, p, CBIGNUM),
+        ASN1_SIMPLE(RSA, q, CBIGNUM),
+        ASN1_SIMPLE(RSA, dmp1, CBIGNUM),
+        ASN1_SIMPLE(RSA, dmq1, CBIGNUM),
+        ASN1_SIMPLE(RSA, iqmp, CBIGNUM),
+        ASN1_SEQUENCE_OF_OPT(RSA, prime_infos, RSA_PRIME_INFO)
+} ASN1_SEQUENCE_END_cb(RSA, RSAPrivateKey)
+
+
+ASN1_SEQUENCE_cb(RSAPublicKey, rsa_cb) = {
+        ASN1_SIMPLE(RSA, n, BIGNUM),
+        ASN1_SIMPLE(RSA, e, BIGNUM),
+} ASN1_SEQUENCE_END_cb(RSA, RSAPublicKey)
+
+/* Free up maskHash */
+static int rsa_pss_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                      void *exarg)
+{
+    if (operation == ASN1_OP_FREE_PRE) {
+        RSA_PSS_PARAMS *pss = (RSA_PSS_PARAMS *)*pval;
+        X509_ALGOR_free(pss->maskHash);
+    }
+    return 1;
+}
+
+ASN1_SEQUENCE_cb(RSA_PSS_PARAMS, rsa_pss_cb) = {
+        ASN1_EXP_OPT(RSA_PSS_PARAMS, hashAlgorithm, X509_ALGOR,0),
+        ASN1_EXP_OPT(RSA_PSS_PARAMS, maskGenAlgorithm, X509_ALGOR,1),
+        ASN1_EXP_OPT(RSA_PSS_PARAMS, saltLength, ASN1_INTEGER,2),
+        ASN1_EXP_OPT(RSA_PSS_PARAMS, trailerField, ASN1_INTEGER,3)
+} ASN1_SEQUENCE_END_cb(RSA_PSS_PARAMS, RSA_PSS_PARAMS)
+
+IMPLEMENT_ASN1_FUNCTIONS(RSA_PSS_PARAMS)
+
+/* Free up maskHash */
+static int rsa_oaep_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                       void *exarg)
+{
+    if (operation == ASN1_OP_FREE_PRE) {
+        RSA_OAEP_PARAMS *oaep = (RSA_OAEP_PARAMS *)*pval;
+        X509_ALGOR_free(oaep->maskHash);
+    }
+    return 1;
+}
+
+ASN1_SEQUENCE_cb(RSA_OAEP_PARAMS, rsa_oaep_cb) = {
+        ASN1_EXP_OPT(RSA_OAEP_PARAMS, hashFunc, X509_ALGOR, 0),
+        ASN1_EXP_OPT(RSA_OAEP_PARAMS, maskGenFunc, X509_ALGOR, 1),
+        ASN1_EXP_OPT(RSA_OAEP_PARAMS, pSourceFunc, X509_ALGOR, 2),
+} ASN1_SEQUENCE_END_cb(RSA_OAEP_PARAMS, RSA_OAEP_PARAMS)
+
+IMPLEMENT_ASN1_FUNCTIONS(RSA_OAEP_PARAMS)
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(RSA, RSAPrivateKey, RSAPrivateKey)
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(RSA, RSAPublicKey, RSAPublicKey)
+
+RSA *RSAPublicKey_dup(RSA *rsa)
+{
+    return ASN1_item_dup(ASN1_ITEM_rptr(RSAPublicKey), rsa);
+}
+
+RSA *RSAPrivateKey_dup(RSA *rsa)
+{
+    return ASN1_item_dup(ASN1_ITEM_rptr(RSAPrivateKey), rsa);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_chk.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_chk.c
new file mode 100644
index 000000000..1b69be30c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_chk.c
@@ -0,0 +1,228 @@
+/*
+ * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/bn.h>
+#include <openssl/err.h>
+#include "rsa_locl.h"
+
+int RSA_check_key(const RSA *key)
+{
+    return RSA_check_key_ex(key, NULL);
+}
+
+int RSA_check_key_ex(const RSA *key, BN_GENCB *cb)
+{
+    BIGNUM *i, *j, *k, *l, *m;
+    BN_CTX *ctx;
+    int ret = 1, ex_primes = 0, idx;
+    RSA_PRIME_INFO *pinfo;
+
+    if (key->p == NULL || key->q == NULL || key->n == NULL
+            || key->e == NULL || key->d == NULL) {
+        RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_VALUE_MISSING);
+        return 0;
+    }
+
+    /* multi-prime? */
+    if (key->version == RSA_ASN1_VERSION_MULTI) {
+        ex_primes = sk_RSA_PRIME_INFO_num(key->prime_infos);
+        if (ex_primes <= 0
+                || (ex_primes + 2) > rsa_multip_cap(BN_num_bits(key->n))) {
+            RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_INVALID_MULTI_PRIME_KEY);
+            return 0;
+        }
+    }
+
+    i = BN_new();
+    j = BN_new();
+    k = BN_new();
+    l = BN_new();
+    m = BN_new();
+    ctx = BN_CTX_new();
+    if (i == NULL || j == NULL || k == NULL || l == NULL
+            || m == NULL || ctx == NULL) {
+        ret = -1;
+        RSAerr(RSA_F_RSA_CHECK_KEY_EX, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (BN_is_one(key->e)) {
+        ret = 0;
+        RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_BAD_E_VALUE);
+    }
+    if (!BN_is_odd(key->e)) {
+        ret = 0;
+        RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_BAD_E_VALUE);
+    }
+
+    /* p prime? */
+    if (BN_is_prime_ex(key->p, BN_prime_checks, NULL, cb) != 1) {
+        ret = 0;
+        RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_P_NOT_PRIME);
+    }
+
+    /* q prime? */
+    if (BN_is_prime_ex(key->q, BN_prime_checks, NULL, cb) != 1) {
+        ret = 0;
+        RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_Q_NOT_PRIME);
+    }
+
+    /* r_i prime? */
+    for (idx = 0; idx < ex_primes; idx++) {
+        pinfo = sk_RSA_PRIME_INFO_value(key->prime_infos, idx);
+        if (BN_is_prime_ex(pinfo->r, BN_prime_checks, NULL, cb) != 1) {
+            ret = 0;
+            RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_MP_R_NOT_PRIME);
+        }
+    }
+
+    /* n = p*q * r_3...r_i? */
+    if (!BN_mul(i, key->p, key->q, ctx)) {
+        ret = -1;
+        goto err;
+    }
+    for (idx = 0; idx < ex_primes; idx++) {
+        pinfo = sk_RSA_PRIME_INFO_value(key->prime_infos, idx);
+        if (!BN_mul(i, i, pinfo->r, ctx)) {
+            ret = -1;
+            goto err;
+        }
+    }
+    if (BN_cmp(i, key->n) != 0) {
+        ret = 0;
+        if (ex_primes)
+            RSAerr(RSA_F_RSA_CHECK_KEY_EX,
+                   RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES);
+        else
+            RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_N_DOES_NOT_EQUAL_P_Q);
+    }
+
+    /* d*e = 1  mod \lambda(n)? */
+    if (!BN_sub(i, key->p, BN_value_one())) {
+        ret = -1;
+        goto err;
+    }
+    if (!BN_sub(j, key->q, BN_value_one())) {
+        ret = -1;
+        goto err;
+    }
+
+    /* now compute k = \lambda(n) = LCM(i, j, r_3 - 1...) */
+    if (!BN_mul(l, i, j, ctx)) {
+        ret = -1;
+        goto err;
+    }
+    if (!BN_gcd(m, i, j, ctx)) {
+        ret = -1;
+        goto err;
+    }
+    for (idx = 0; idx < ex_primes; idx++) {
+        pinfo = sk_RSA_PRIME_INFO_value(key->prime_infos, idx);
+        if (!BN_sub(k, pinfo->r, BN_value_one())) {
+            ret = -1;
+            goto err;
+        }
+        if (!BN_mul(l, l, k, ctx)) {
+            ret = -1;
+            goto err;
+        }
+        if (!BN_gcd(m, m, k, ctx)) {
+            ret = -1;
+            goto err;
+        }
+    }
+    if (!BN_div(k, NULL, l, m, ctx)) { /* remainder is 0 */
+        ret = -1;
+        goto err;
+    }
+    if (!BN_mod_mul(i, key->d, key->e, k, ctx)) {
+        ret = -1;
+        goto err;
+    }
+
+    if (!BN_is_one(i)) {
+        ret = 0;
+        RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_D_E_NOT_CONGRUENT_TO_1);
+    }
+
+    if (key->dmp1 != NULL && key->dmq1 != NULL && key->iqmp != NULL) {
+        /* dmp1 = d mod (p-1)? */
+        if (!BN_sub(i, key->p, BN_value_one())) {
+            ret = -1;
+            goto err;
+        }
+        if (!BN_mod(j, key->d, i, ctx)) {
+            ret = -1;
+            goto err;
+        }
+        if (BN_cmp(j, key->dmp1) != 0) {
+            ret = 0;
+            RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_DMP1_NOT_CONGRUENT_TO_D);
+        }
+
+        /* dmq1 = d mod (q-1)? */
+        if (!BN_sub(i, key->q, BN_value_one())) {
+            ret = -1;
+            goto err;
+        }
+        if (!BN_mod(j, key->d, i, ctx)) {
+            ret = -1;
+            goto err;
+        }
+        if (BN_cmp(j, key->dmq1) != 0) {
+            ret = 0;
+            RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_DMQ1_NOT_CONGRUENT_TO_D);
+        }
+
+        /* iqmp = q^-1 mod p? */
+        if (!BN_mod_inverse(i, key->q, key->p, ctx)) {
+            ret = -1;
+            goto err;
+        }
+        if (BN_cmp(i, key->iqmp) != 0) {
+            ret = 0;
+            RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_IQMP_NOT_INVERSE_OF_Q);
+        }
+    }
+
+    for (idx = 0; idx < ex_primes; idx++) {
+        pinfo = sk_RSA_PRIME_INFO_value(key->prime_infos, idx);
+        /* d_i = d mod (r_i - 1)? */
+        if (!BN_sub(i, pinfo->r, BN_value_one())) {
+            ret = -1;
+            goto err;
+        }
+        if (!BN_mod(j, key->d, i, ctx)) {
+            ret = -1;
+            goto err;
+        }
+        if (BN_cmp(j, pinfo->d) != 0) {
+            ret = 0;
+            RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D);
+        }
+        /* t_i = R_i ^ -1 mod r_i ? */
+        if (!BN_mod_inverse(i, pinfo->pp, pinfo->r, ctx)) {
+            ret = -1;
+            goto err;
+        }
+        if (BN_cmp(i, pinfo->t) != 0) {
+            ret = 0;
+            RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R);
+        }
+    }
+
+ err:
+    BN_free(i);
+    BN_free(j);
+    BN_free(k);
+    BN_free(l);
+    BN_free(m);
+    BN_CTX_free(ctx);
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_crpt.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_crpt.c
new file mode 100644
index 000000000..f4ef8b438
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_crpt.c
@@ -0,0 +1,169 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "internal/cryptlib.h"
+#include "internal/bn_int.h"
+#include <openssl/rand.h>
+#include "rsa_locl.h"
+
+int RSA_bits(const RSA *r)
+{
+    return BN_num_bits(r->n);
+}
+
+int RSA_size(const RSA *r)
+{
+    return BN_num_bytes(r->n);
+}
+
+int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
+                       RSA *rsa, int padding)
+{
+    return rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding);
+}
+
+int RSA_private_encrypt(int flen, const unsigned char *from,
+                        unsigned char *to, RSA *rsa, int padding)
+{
+    return rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding);
+}
+
+int RSA_private_decrypt(int flen, const unsigned char *from,
+                        unsigned char *to, RSA *rsa, int padding)
+{
+    return rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding);
+}
+
+int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
+                       RSA *rsa, int padding)
+{
+    return rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding);
+}
+
+int RSA_flags(const RSA *r)
+{
+    return r == NULL ? 0 : r->meth->flags;
+}
+
+void RSA_blinding_off(RSA *rsa)
+{
+    BN_BLINDING_free(rsa->blinding);
+    rsa->blinding = NULL;
+    rsa->flags &= ~RSA_FLAG_BLINDING;
+    rsa->flags |= RSA_FLAG_NO_BLINDING;
+}
+
+int RSA_blinding_on(RSA *rsa, BN_CTX *ctx)
+{
+    int ret = 0;
+
+    if (rsa->blinding != NULL)
+        RSA_blinding_off(rsa);
+
+    rsa->blinding = RSA_setup_blinding(rsa, ctx);
+    if (rsa->blinding == NULL)
+        goto err;
+
+    rsa->flags |= RSA_FLAG_BLINDING;
+    rsa->flags &= ~RSA_FLAG_NO_BLINDING;
+    ret = 1;
+ err:
+    return ret;
+}
+
+static BIGNUM *rsa_get_public_exp(const BIGNUM *d, const BIGNUM *p,
+                                  const BIGNUM *q, BN_CTX *ctx)
+{
+    BIGNUM *ret = NULL, *r0, *r1, *r2;
+
+    if (d == NULL || p == NULL || q == NULL)
+        return NULL;
+
+    BN_CTX_start(ctx);
+    r0 = BN_CTX_get(ctx);
+    r1 = BN_CTX_get(ctx);
+    r2 = BN_CTX_get(ctx);
+    if (r2 == NULL)
+        goto err;
+
+    if (!BN_sub(r1, p, BN_value_one()))
+        goto err;
+    if (!BN_sub(r2, q, BN_value_one()))
+        goto err;
+    if (!BN_mul(r0, r1, r2, ctx))
+        goto err;
+
+    ret = BN_mod_inverse(NULL, d, r0, ctx);
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
+{
+    BIGNUM *e;
+    BN_CTX *ctx;
+    BN_BLINDING *ret = NULL;
+
+    if (in_ctx == NULL) {
+        if ((ctx = BN_CTX_new()) == NULL)
+            return 0;
+    } else {
+        ctx = in_ctx;
+    }
+
+    BN_CTX_start(ctx);
+    e = BN_CTX_get(ctx);
+    if (e == NULL) {
+        RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (rsa->e == NULL) {
+        e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx);
+        if (e == NULL) {
+            RSAerr(RSA_F_RSA_SETUP_BLINDING, RSA_R_NO_PUBLIC_EXPONENT);
+            goto err;
+        }
+    } else {
+        e = rsa->e;
+    }
+
+    {
+        BIGNUM *n = BN_new();
+
+        if (n == NULL) {
+            RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME);
+
+        ret = BN_BLINDING_create_param(NULL, e, n, ctx, rsa->meth->bn_mod_exp,
+                                       rsa->_method_mod_n);
+        /* We MUST free n before any further use of rsa->n */
+        BN_free(n);
+    }
+    if (ret == NULL) {
+        RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    BN_BLINDING_set_current_thread(ret);
+
+ err:
+    BN_CTX_end(ctx);
+    if (ctx != in_ctx)
+        BN_CTX_free(ctx);
+    if (e != rsa->e)
+        BN_free(e);
+
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_depr.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_depr.c
new file mode 100644
index 000000000..21e056252
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_depr.c
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * NB: This file contains deprecated functions (compatibility wrappers to the
+ * "new" versions).
+ */
+
+#include <openssl/opensslconf.h>
+#if OPENSSL_API_COMPAT >= 0x00908000L
+NON_EMPTY_TRANSLATION_UNIT
+
+#else
+
+# include <stdio.h>
+# include <time.h>
+# include "internal/cryptlib.h"
+# include <openssl/bn.h>
+# include <openssl/rsa.h>
+
+RSA *RSA_generate_key(int bits, unsigned long e_value,
+                      void (*callback) (int, int, void *), void *cb_arg)
+{
+    int i;
+    BN_GENCB *cb = BN_GENCB_new();
+    RSA *rsa = RSA_new();
+    BIGNUM *e = BN_new();
+
+    if (cb == NULL || rsa == NULL || e == NULL)
+        goto err;
+
+    /*
+     * The problem is when building with 8, 16, or 32 BN_ULONG, unsigned long
+     * can be larger
+     */
+    for (i = 0; i < (int)sizeof(unsigned long) * 8; i++) {
+        if (e_value & (1UL << i))
+            if (BN_set_bit(e, i) == 0)
+                goto err;
+    }
+
+    BN_GENCB_set_old(cb, callback, cb_arg);
+
+    if (RSA_generate_key_ex(rsa, bits, e, cb)) {
+        BN_free(e);
+        BN_GENCB_free(cb);
+        return rsa;
+    }
+ err:
+    BN_free(e);
+    RSA_free(rsa);
+    BN_GENCB_free(cb);
+    return 0;
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_err.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_err.c
new file mode 100644
index 000000000..62fd9e0b1
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_err.c
@@ -0,0 +1,246 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/rsaerr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA RSA_str_functs[] = {
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_CHECK_PADDING_MD, 0), "check_padding_md"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_ENCODE_PKCS1, 0), "encode_pkcs1"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_INT_RSA_VERIFY, 0), "int_rsa_verify"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_OLD_RSA_PRIV_DECODE, 0),
+     "old_rsa_priv_decode"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_PKEY_PSS_INIT, 0), "pkey_pss_init"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_PKEY_RSA_CTRL, 0), "pkey_rsa_ctrl"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_PKEY_RSA_CTRL_STR, 0), "pkey_rsa_ctrl_str"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_PKEY_RSA_SIGN, 0), "pkey_rsa_sign"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_PKEY_RSA_VERIFY, 0), "pkey_rsa_verify"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_PKEY_RSA_VERIFYRECOVER, 0),
+     "pkey_rsa_verifyrecover"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_ALGOR_TO_MD, 0), "rsa_algor_to_md"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_BUILTIN_KEYGEN, 0), "rsa_builtin_keygen"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_CHECK_KEY, 0), "RSA_check_key"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_CHECK_KEY_EX, 0), "RSA_check_key_ex"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_CMS_DECRYPT, 0), "rsa_cms_decrypt"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_CMS_VERIFY, 0), "rsa_cms_verify"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_ITEM_VERIFY, 0), "rsa_item_verify"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_METH_DUP, 0), "RSA_meth_dup"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_METH_NEW, 0), "RSA_meth_new"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_METH_SET1_NAME, 0), "RSA_meth_set1_name"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_MGF1_TO_MD, 0), ""},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_MULTIP_INFO_NEW, 0),
+     "rsa_multip_info_new"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_NEW_METHOD, 0), "RSA_new_method"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_NULL, 0), ""},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_NULL_PRIVATE_DECRYPT, 0), ""},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_NULL_PRIVATE_ENCRYPT, 0), ""},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_NULL_PUBLIC_DECRYPT, 0), ""},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_NULL_PUBLIC_ENCRYPT, 0), ""},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PRIVATE_DECRYPT, 0),
+     "rsa_ossl_private_decrypt"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, 0),
+     "rsa_ossl_private_encrypt"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PUBLIC_DECRYPT, 0),
+     "rsa_ossl_public_decrypt"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, 0),
+     "rsa_ossl_public_encrypt"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_NONE, 0),
+     "RSA_padding_add_none"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, 0),
+     "RSA_padding_add_PKCS1_OAEP"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1, 0),
+     "RSA_padding_add_PKCS1_OAEP_mgf1"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_PKCS1_PSS, 0),
+     "RSA_padding_add_PKCS1_PSS"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1, 0),
+     "RSA_padding_add_PKCS1_PSS_mgf1"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1, 0),
+     "RSA_padding_add_PKCS1_type_1"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2, 0),
+     "RSA_padding_add_PKCS1_type_2"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_SSLV23, 0),
+     "RSA_padding_add_SSLv23"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_X931, 0),
+     "RSA_padding_add_X931"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_CHECK_NONE, 0),
+     "RSA_padding_check_none"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, 0),
+     "RSA_padding_check_PKCS1_OAEP"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1, 0),
+     "RSA_padding_check_PKCS1_OAEP_mgf1"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1, 0),
+     "RSA_padding_check_PKCS1_type_1"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, 0),
+     "RSA_padding_check_PKCS1_type_2"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_CHECK_SSLV23, 0),
+     "RSA_padding_check_SSLv23"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_CHECK_X931, 0),
+     "RSA_padding_check_X931"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PARAM_DECODE, 0), "rsa_param_decode"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRINT, 0), "RSA_print"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRINT_FP, 0), "RSA_print_fp"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIV_DECODE, 0), "rsa_priv_decode"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIV_ENCODE, 0), "rsa_priv_encode"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PSS_GET_PARAM, 0), "rsa_pss_get_param"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PSS_TO_CTX, 0), "rsa_pss_to_ctx"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PUB_DECODE, 0), "rsa_pub_decode"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SETUP_BLINDING, 0), "RSA_setup_blinding"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SIGN, 0), "RSA_sign"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SIGN_ASN1_OCTET_STRING, 0),
+     "RSA_sign_ASN1_OCTET_STRING"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_VERIFY, 0), "RSA_verify"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_VERIFY_ASN1_OCTET_STRING, 0),
+     "RSA_verify_ASN1_OCTET_STRING"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, 0),
+     "RSA_verify_PKCS1_PSS_mgf1"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_SETUP_TBUF, 0), "setup_tbuf"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA RSA_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_ALGORITHM_MISMATCH), "algorithm mismatch"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BAD_E_VALUE), "bad e value"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BAD_FIXED_HEADER_DECRYPT),
+    "bad fixed header decrypt"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BAD_PAD_BYTE_COUNT), "bad pad byte count"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BAD_SIGNATURE), "bad signature"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BLOCK_TYPE_IS_NOT_01),
+    "block type is not 01"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BLOCK_TYPE_IS_NOT_02),
+    "block type is not 02"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_GREATER_THAN_MOD_LEN),
+    "data greater than mod len"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_TOO_LARGE), "data too large"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),
+    "data too large for key size"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_TOO_LARGE_FOR_MODULUS),
+    "data too large for modulus"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_TOO_SMALL), "data too small"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE),
+    "data too small for key size"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DIGEST_DOES_NOT_MATCH),
+    "digest does not match"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DIGEST_NOT_ALLOWED), "digest not allowed"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY),
+    "digest too big for rsa key"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DMP1_NOT_CONGRUENT_TO_D),
+    "dmp1 not congruent to d"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DMQ1_NOT_CONGRUENT_TO_D),
+    "dmq1 not congruent to d"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_D_E_NOT_CONGRUENT_TO_1),
+    "d e not congruent to 1"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_FIRST_OCTET_INVALID),
+    "first octet invalid"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE),
+    "illegal or unsupported padding mode"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_DIGEST), "invalid digest"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_DIGEST_LENGTH),
+    "invalid digest length"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_HEADER), "invalid header"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_LABEL), "invalid label"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_MESSAGE_LENGTH),
+    "invalid message length"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_MGF1_MD), "invalid mgf1 md"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_MULTI_PRIME_KEY),
+    "invalid multi prime key"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_OAEP_PARAMETERS),
+    "invalid oaep parameters"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_PADDING), "invalid padding"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_PADDING_MODE),
+    "invalid padding mode"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_PSS_PARAMETERS),
+    "invalid pss parameters"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_PSS_SALTLEN),
+    "invalid pss saltlen"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_SALT_LENGTH),
+    "invalid salt length"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_TRAILER), "invalid trailer"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_X931_DIGEST),
+    "invalid x931 digest"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_IQMP_NOT_INVERSE_OF_Q),
+    "iqmp not inverse of q"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_KEY_PRIME_NUM_INVALID),
+    "key prime num invalid"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_KEY_SIZE_TOO_SMALL), "key size too small"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_LAST_OCTET_INVALID), "last octet invalid"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MGF1_DIGEST_NOT_ALLOWED),
+    "mgf1 digest not allowed"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MODULUS_TOO_LARGE), "modulus too large"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R),
+    "mp coefficient not inverse of r"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D),
+    "mp exponent not congruent to d"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MP_R_NOT_PRIME), "mp r not prime"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NO_PUBLIC_EXPONENT), "no public exponent"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NULL_BEFORE_BLOCK_MISSING),
+    "null before block missing"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES),
+    "n does not equal product of primes"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_N_DOES_NOT_EQUAL_P_Q),
+    "n does not equal p q"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_OAEP_DECODING_ERROR),
+    "oaep decoding error"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),
+    "operation not supported for this keytype"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_PADDING_CHECK_FAILED),
+    "padding check failed"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_PKCS_DECODING_ERROR),
+    "pkcs decoding error"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_PSS_SALTLEN_TOO_SMALL),
+    "pss saltlen too small"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_P_NOT_PRIME), "p not prime"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_Q_NOT_PRIME), "q not prime"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED),
+    "rsa operations not supported"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_SLEN_CHECK_FAILED),
+    "salt length check failed"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_SLEN_RECOVERY_FAILED),
+    "salt length recovery failed"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_SSLV3_ROLLBACK_ATTACK),
+    "sslv3 rollback attack"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),
+    "the asn1 object identifier is not known for this md"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNKNOWN_ALGORITHM_TYPE),
+    "unknown algorithm type"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNKNOWN_DIGEST), "unknown digest"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNKNOWN_MASK_DIGEST),
+    "unknown mask digest"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNKNOWN_PADDING_TYPE),
+    "unknown padding type"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_ENCRYPTION_TYPE),
+    "unsupported encryption type"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_LABEL_SOURCE),
+    "unsupported label source"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_MASK_ALGORITHM),
+    "unsupported mask algorithm"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_MASK_PARAMETER),
+    "unsupported mask parameter"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_SIGNATURE_TYPE),
+    "unsupported signature type"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_VALUE_MISSING), "value missing"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_WRONG_SIGNATURE_LENGTH),
+    "wrong signature length"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_RSA_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(RSA_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(RSA_str_functs);
+        ERR_load_strings_const(RSA_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_gen.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_gen.c
new file mode 100644
index 000000000..7f0a25648
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_gen.c
@@ -0,0 +1,394 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * NB: these functions have been "upgraded", the deprecated versions (which
+ * are compatibility wrappers using these functions) are in rsa_depr.c. -
+ * Geoff
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include "rsa_locl.h"
+
+static int rsa_builtin_keygen(RSA *rsa, int bits, int primes, BIGNUM *e_value,
+                              BN_GENCB *cb);
+
+/*
+ * NB: this wrapper would normally be placed in rsa_lib.c and the static
+ * implementation would probably be in rsa_eay.c. Nonetheless, is kept here
+ * so that we don't introduce a new linker dependency. Eg. any application
+ * that wasn't previously linking object code related to key-generation won't
+ * have to now just because key-generation is part of RSA_METHOD.
+ */
+int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
+{
+    if (rsa->meth->rsa_keygen != NULL)
+        return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
+
+    return RSA_generate_multi_prime_key(rsa, bits, RSA_DEFAULT_PRIME_NUM,
+                                        e_value, cb);
+}
+
+int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes,
+                                 BIGNUM *e_value, BN_GENCB *cb)
+{
+    /* multi-prime is only supported with the builtin key generation */
+    if (rsa->meth->rsa_multi_prime_keygen != NULL) {
+        return rsa->meth->rsa_multi_prime_keygen(rsa, bits, primes,
+                                                 e_value, cb);
+    } else if (rsa->meth->rsa_keygen != NULL) {
+        /*
+         * However, if rsa->meth implements only rsa_keygen, then we
+         * have to honour it in 2-prime case and assume that it wouldn't
+         * know what to do with multi-prime key generated by builtin
+         * subroutine...
+         */
+        if (primes == 2)
+            return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
+        else
+            return 0;
+    }
+
+    return rsa_builtin_keygen(rsa, bits, primes, e_value, cb);
+}
+
+static int rsa_builtin_keygen(RSA *rsa, int bits, int primes, BIGNUM *e_value,
+                              BN_GENCB *cb)
+{
+    BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *tmp, *prime;
+    int ok = -1, n = 0, bitsr[RSA_MAX_PRIME_NUM], bitse = 0;
+    int i = 0, quo = 0, rmd = 0, adj = 0, retries = 0;
+    RSA_PRIME_INFO *pinfo = NULL;
+    STACK_OF(RSA_PRIME_INFO) *prime_infos = NULL;
+    BN_CTX *ctx = NULL;
+    BN_ULONG bitst = 0;
+    unsigned long error = 0;
+
+    if (bits < RSA_MIN_MODULUS_BITS) {
+        ok = 0;             /* we set our own err */
+        RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, RSA_R_KEY_SIZE_TOO_SMALL);
+        goto err;
+    }
+
+    if (primes < RSA_DEFAULT_PRIME_NUM || primes > rsa_multip_cap(bits)) {
+        ok = 0;             /* we set our own err */
+        RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, RSA_R_KEY_PRIME_NUM_INVALID);
+        goto err;
+    }
+
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+    r0 = BN_CTX_get(ctx);
+    r1 = BN_CTX_get(ctx);
+    r2 = BN_CTX_get(ctx);
+    if (r2 == NULL)
+        goto err;
+
+    /* divide bits into 'primes' pieces evenly */
+    quo = bits / primes;
+    rmd = bits % primes;
+
+    for (i = 0; i < primes; i++)
+        bitsr[i] = (i < rmd) ? quo + 1 : quo;
+
+    /* We need the RSA components non-NULL */
+    if (!rsa->n && ((rsa->n = BN_new()) == NULL))
+        goto err;
+    if (!rsa->d && ((rsa->d = BN_secure_new()) == NULL))
+        goto err;
+    if (!rsa->e && ((rsa->e = BN_new()) == NULL))
+        goto err;
+    if (!rsa->p && ((rsa->p = BN_secure_new()) == NULL))
+        goto err;
+    if (!rsa->q && ((rsa->q = BN_secure_new()) == NULL))
+        goto err;
+    if (!rsa->dmp1 && ((rsa->dmp1 = BN_secure_new()) == NULL))
+        goto err;
+    if (!rsa->dmq1 && ((rsa->dmq1 = BN_secure_new()) == NULL))
+        goto err;
+    if (!rsa->iqmp && ((rsa->iqmp = BN_secure_new()) == NULL))
+        goto err;
+
+    /* initialize multi-prime components */
+    if (primes > RSA_DEFAULT_PRIME_NUM) {
+        rsa->version = RSA_ASN1_VERSION_MULTI;
+        prime_infos = sk_RSA_PRIME_INFO_new_reserve(NULL, primes - 2);
+        if (prime_infos == NULL)
+            goto err;
+        if (rsa->prime_infos != NULL) {
+            /* could this happen? */
+            sk_RSA_PRIME_INFO_pop_free(rsa->prime_infos, rsa_multip_info_free);
+        }
+        rsa->prime_infos = prime_infos;
+
+        /* prime_info from 2 to |primes| -1 */
+        for (i = 2; i < primes; i++) {
+            pinfo = rsa_multip_info_new();
+            if (pinfo == NULL)
+                goto err;
+            (void)sk_RSA_PRIME_INFO_push(prime_infos, pinfo);
+        }
+    }
+
+    if (BN_copy(rsa->e, e_value) == NULL)
+        goto err;
+
+    /* generate p, q and other primes (if any) */
+    for (i = 0; i < primes; i++) {
+        adj = 0;
+        retries = 0;
+
+        if (i == 0) {
+            prime = rsa->p;
+        } else if (i == 1) {
+            prime = rsa->q;
+        } else {
+            pinfo = sk_RSA_PRIME_INFO_value(prime_infos, i - 2);
+            prime = pinfo->r;
+        }
+        BN_set_flags(prime, BN_FLG_CONSTTIME);
+
+        for (;;) {
+ redo:
+            if (!BN_generate_prime_ex(prime, bitsr[i] + adj, 0, NULL, NULL, cb))
+                goto err;
+            /*
+             * prime should not be equal to p, q, r_3...
+             * (those primes prior to this one)
+             */
+            {
+                int j;
+
+                for (j = 0; j < i; j++) {
+                    BIGNUM *prev_prime;
+
+                    if (j == 0)
+                        prev_prime = rsa->p;
+                    else if (j == 1)
+                        prev_prime = rsa->q;
+                    else
+                        prev_prime = sk_RSA_PRIME_INFO_value(prime_infos,
+                                                             j - 2)->r;
+
+                    if (!BN_cmp(prime, prev_prime)) {
+                        goto redo;
+                    }
+                }
+            }
+            if (!BN_sub(r2, prime, BN_value_one()))
+                goto err;
+            ERR_set_mark();
+            BN_set_flags(r2, BN_FLG_CONSTTIME);
+            if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) {
+               /* GCD == 1 since inverse exists */
+                break;
+            }
+            error = ERR_peek_last_error();
+            if (ERR_GET_LIB(error) == ERR_LIB_BN
+                && ERR_GET_REASON(error) == BN_R_NO_INVERSE) {
+                /* GCD != 1 */
+                ERR_pop_to_mark();
+            } else {
+                goto err;
+            }
+            if (!BN_GENCB_call(cb, 2, n++))
+                goto err;
+        }
+
+        bitse += bitsr[i];
+
+        /* calculate n immediately to see if it's sufficient */
+        if (i == 1) {
+            /* we get at least 2 primes */
+            if (!BN_mul(r1, rsa->p, rsa->q, ctx))
+                goto err;
+        } else if (i != 0) {
+            /* modulus n = p * q * r_3 * r_4 ... */
+            if (!BN_mul(r1, rsa->n, prime, ctx))
+                goto err;
+        } else {
+            /* i == 0, do nothing */
+            if (!BN_GENCB_call(cb, 3, i))
+                goto err;
+            continue;
+        }
+        /*
+         * if |r1|, product of factors so far, is not as long as expected
+         * (by checking the first 4 bits are less than 0x9 or greater than
+         * 0xF). If so, re-generate the last prime.
+         *
+         * NOTE: This actually can't happen in two-prime case, because of
+         * the way factors are generated.
+         *
+         * Besides, another consideration is, for multi-prime case, even the
+         * length modulus is as long as expected, the modulus could start at
+         * 0x8, which could be utilized to distinguish a multi-prime private
+         * key by using the modulus in a certificate. This is also covered
+         * by checking the length should not be less than 0x9.
+         */
+        if (!BN_rshift(r2, r1, bitse - 4))
+            goto err;
+        bitst = BN_get_word(r2);
+
+        if (bitst < 0x9 || bitst > 0xF) {
+            /*
+             * For keys with more than 4 primes, we attempt longer factor to
+             * meet length requirement.
+             *
+             * Otherwise, we just re-generate the prime with the same length.
+             *
+             * This strategy has the following goals:
+             *
+             * 1. 1024-bit factors are effcient when using 3072 and 4096-bit key
+             * 2. stay the same logic with normal 2-prime key
+             */
+            bitse -= bitsr[i];
+            if (!BN_GENCB_call(cb, 2, n++))
+                goto err;
+            if (primes > 4) {
+                if (bitst < 0x9)
+                    adj++;
+                else
+                    adj--;
+            } else if (retries == 4) {
+                /*
+                 * re-generate all primes from scratch, mainly used
+                 * in 4 prime case to avoid long loop. Max retry times
+                 * is set to 4.
+                 */
+                i = -1;
+                bitse = 0;
+                continue;
+            }
+            retries++;
+            goto redo;
+        }
+        /* save product of primes for further use, for multi-prime only */
+        if (i > 1 && BN_copy(pinfo->pp, rsa->n) == NULL)
+            goto err;
+        if (BN_copy(rsa->n, r1) == NULL)
+            goto err;
+        if (!BN_GENCB_call(cb, 3, i))
+            goto err;
+    }
+
+    if (BN_cmp(rsa->p, rsa->q) < 0) {
+        tmp = rsa->p;
+        rsa->p = rsa->q;
+        rsa->q = tmp;
+    }
+
+    /* calculate d */
+
+    /* p - 1 */
+    if (!BN_sub(r1, rsa->p, BN_value_one()))
+        goto err;
+    /* q - 1 */
+    if (!BN_sub(r2, rsa->q, BN_value_one()))
+        goto err;
+    /* (p - 1)(q - 1) */
+    if (!BN_mul(r0, r1, r2, ctx))
+        goto err;
+    /* multi-prime */
+    for (i = 2; i < primes; i++) {
+        pinfo = sk_RSA_PRIME_INFO_value(prime_infos, i - 2);
+        /* save r_i - 1 to pinfo->d temporarily */
+        if (!BN_sub(pinfo->d, pinfo->r, BN_value_one()))
+            goto err;
+        if (!BN_mul(r0, r0, pinfo->d, ctx))
+            goto err;
+    }
+
+    {
+        BIGNUM *pr0 = BN_new();
+
+        if (pr0 == NULL)
+            goto err;
+
+        BN_with_flags(pr0, r0, BN_FLG_CONSTTIME);
+        if (!BN_mod_inverse(rsa->d, rsa->e, pr0, ctx)) {
+            BN_free(pr0);
+            goto err;               /* d */
+        }
+        /* We MUST free pr0 before any further use of r0 */
+        BN_free(pr0);
+    }
+
+    {
+        BIGNUM *d = BN_new();
+
+        if (d == NULL)
+            goto err;
+
+        BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+
+        /* calculate d mod (p-1) and d mod (q - 1) */
+        if (!BN_mod(rsa->dmp1, d, r1, ctx)
+            || !BN_mod(rsa->dmq1, d, r2, ctx)) {
+            BN_free(d);
+            goto err;
+        }
+
+        /* calculate CRT exponents */
+        for (i = 2; i < primes; i++) {
+            pinfo = sk_RSA_PRIME_INFO_value(prime_infos, i - 2);
+            /* pinfo->d == r_i - 1 */
+            if (!BN_mod(pinfo->d, d, pinfo->d, ctx)) {
+                BN_free(d);
+                goto err;
+            }
+        }
+
+        /* We MUST free d before any further use of rsa->d */
+        BN_free(d);
+    }
+
+    {
+        BIGNUM *p = BN_new();
+
+        if (p == NULL)
+            goto err;
+        BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
+
+        /* calculate inverse of q mod p */
+        if (!BN_mod_inverse(rsa->iqmp, rsa->q, p, ctx)) {
+            BN_free(p);
+            goto err;
+        }
+
+        /* calculate CRT coefficient for other primes */
+        for (i = 2; i < primes; i++) {
+            pinfo = sk_RSA_PRIME_INFO_value(prime_infos, i - 2);
+            BN_with_flags(p, pinfo->r, BN_FLG_CONSTTIME);
+            if (!BN_mod_inverse(pinfo->t, pinfo->pp, p, ctx)) {
+                BN_free(p);
+                goto err;
+            }
+        }
+
+        /* We MUST free p before any further use of rsa->p */
+        BN_free(p);
+    }
+
+    ok = 1;
+ err:
+    if (ok == -1) {
+        RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, ERR_LIB_BN);
+        ok = 0;
+    }
+    if (ctx != NULL)
+        BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    return ok;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_lib.c
new file mode 100644
index 000000000..49c34b7c3
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_lib.c
@@ -0,0 +1,479 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "internal/cryptlib.h"
+#include "internal/refcount.h"
+#include "internal/bn_int.h"
+#include <openssl/engine.h>
+#include <openssl/evp.h>
+#include "internal/evp_int.h"
+#include "rsa_locl.h"
+
+RSA *RSA_new(void)
+{
+    return RSA_new_method(NULL);
+}
+
+const RSA_METHOD *RSA_get_method(const RSA *rsa)
+{
+    return rsa->meth;
+}
+
+int RSA_set_method(RSA *rsa, const RSA_METHOD *meth)
+{
+    /*
+     * NB: The caller is specifically setting a method, so it's not up to us
+     * to deal with which ENGINE it comes from.
+     */
+    const RSA_METHOD *mtmp;
+    mtmp = rsa->meth;
+    if (mtmp->finish)
+        mtmp->finish(rsa);
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_finish(rsa->engine);
+    rsa->engine = NULL;
+#endif
+    rsa->meth = meth;
+    if (meth->init)
+        meth->init(rsa);
+    return 1;
+}
+
+RSA *RSA_new_method(ENGINE *engine)
+{
+    RSA *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ret->references = 1;
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+
+    ret->meth = RSA_get_default_method();
+#ifndef OPENSSL_NO_ENGINE
+    ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW;
+    if (engine) {
+        if (!ENGINE_init(engine)) {
+            RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
+            goto err;
+        }
+        ret->engine = engine;
+    } else {
+        ret->engine = ENGINE_get_default_RSA();
+    }
+    if (ret->engine) {
+        ret->meth = ENGINE_get_RSA(ret->engine);
+        if (ret->meth == NULL) {
+            RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
+            goto err;
+        }
+    }
+#endif
+
+    ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW;
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) {
+        goto err;
+    }
+
+    if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
+        RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_INIT_FAIL);
+        goto err;
+    }
+
+    return ret;
+
+ err:
+    RSA_free(ret);
+    return NULL;
+}
+
+void RSA_free(RSA *r)
+{
+    int i;
+
+    if (r == NULL)
+        return;
+
+    CRYPTO_DOWN_REF(&r->references, &i, r->lock);
+    REF_PRINT_COUNT("RSA", r);
+    if (i > 0)
+        return;
+    REF_ASSERT_ISNT(i < 0);
+
+    if (r->meth != NULL && r->meth->finish != NULL)
+        r->meth->finish(r);
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_finish(r->engine);
+#endif
+
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);
+
+    CRYPTO_THREAD_lock_free(r->lock);
+
+    BN_free(r->n);
+    BN_free(r->e);
+    BN_clear_free(r->d);
+    BN_clear_free(r->p);
+    BN_clear_free(r->q);
+    BN_clear_free(r->dmp1);
+    BN_clear_free(r->dmq1);
+    BN_clear_free(r->iqmp);
+    RSA_PSS_PARAMS_free(r->pss);
+    sk_RSA_PRIME_INFO_pop_free(r->prime_infos, rsa_multip_info_free);
+    BN_BLINDING_free(r->blinding);
+    BN_BLINDING_free(r->mt_blinding);
+    OPENSSL_free(r->bignum_data);
+    OPENSSL_free(r);
+}
+
+int RSA_up_ref(RSA *r)
+{
+    int i;
+
+    if (CRYPTO_UP_REF(&r->references, &i, r->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("RSA", r);
+    REF_ASSERT_ISNT(i < 2);
+    return i > 1 ? 1 : 0;
+}
+
+int RSA_set_ex_data(RSA *r, int idx, void *arg)
+{
+    return CRYPTO_set_ex_data(&r->ex_data, idx, arg);
+}
+
+void *RSA_get_ex_data(const RSA *r, int idx)
+{
+    return CRYPTO_get_ex_data(&r->ex_data, idx);
+}
+
+int RSA_security_bits(const RSA *rsa)
+{
+    int bits = BN_num_bits(rsa->n);
+
+    if (rsa->version == RSA_ASN1_VERSION_MULTI) {
+        /* This ought to mean that we have private key at hand. */
+        int ex_primes = sk_RSA_PRIME_INFO_num(rsa->prime_infos);
+
+        if (ex_primes <= 0 || (ex_primes + 2) > rsa_multip_cap(bits))
+            return 0;
+    }
+    return BN_security_bits(bits, -1);
+}
+
+int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
+{
+    /* If the fields n and e in r are NULL, the corresponding input
+     * parameters MUST be non-NULL for n and e.  d may be
+     * left NULL (in case only the public key is used).
+     */
+    if ((r->n == NULL && n == NULL)
+        || (r->e == NULL && e == NULL))
+        return 0;
+
+    if (n != NULL) {
+        BN_free(r->n);
+        r->n = n;
+    }
+    if (e != NULL) {
+        BN_free(r->e);
+        r->e = e;
+    }
+    if (d != NULL) {
+        BN_clear_free(r->d);
+        r->d = d;
+    }
+
+    return 1;
+}
+
+int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q)
+{
+    /* If the fields p and q in r are NULL, the corresponding input
+     * parameters MUST be non-NULL.
+     */
+    if ((r->p == NULL && p == NULL)
+        || (r->q == NULL && q == NULL))
+        return 0;
+
+    if (p != NULL) {
+        BN_clear_free(r->p);
+        r->p = p;
+    }
+    if (q != NULL) {
+        BN_clear_free(r->q);
+        r->q = q;
+    }
+
+    return 1;
+}
+
+int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp)
+{
+    /* If the fields dmp1, dmq1 and iqmp in r are NULL, the corresponding input
+     * parameters MUST be non-NULL.
+     */
+    if ((r->dmp1 == NULL && dmp1 == NULL)
+        || (r->dmq1 == NULL && dmq1 == NULL)
+        || (r->iqmp == NULL && iqmp == NULL))
+        return 0;
+
+    if (dmp1 != NULL) {
+        BN_clear_free(r->dmp1);
+        r->dmp1 = dmp1;
+    }
+    if (dmq1 != NULL) {
+        BN_clear_free(r->dmq1);
+        r->dmq1 = dmq1;
+    }
+    if (iqmp != NULL) {
+        BN_clear_free(r->iqmp);
+        r->iqmp = iqmp;
+    }
+
+    return 1;
+}
+
+/*
+ * Is it better to export RSA_PRIME_INFO structure
+ * and related functions to let user pass a triplet?
+ */
+int RSA_set0_multi_prime_params(RSA *r, BIGNUM *primes[], BIGNUM *exps[],
+                                BIGNUM *coeffs[], int pnum)
+{
+    STACK_OF(RSA_PRIME_INFO) *prime_infos, *old = NULL;
+    RSA_PRIME_INFO *pinfo;
+    int i;
+
+    if (primes == NULL || exps == NULL || coeffs == NULL || pnum == 0)
+        return 0;
+
+    prime_infos = sk_RSA_PRIME_INFO_new_reserve(NULL, pnum);
+    if (prime_infos == NULL)
+        return 0;
+
+    if (r->prime_infos != NULL)
+        old = r->prime_infos;
+
+    for (i = 0; i < pnum; i++) {
+        pinfo = rsa_multip_info_new();
+        if (pinfo == NULL)
+            goto err;
+        if (primes[i] != NULL && exps[i] != NULL && coeffs[i] != NULL) {
+            BN_free(pinfo->r);
+            BN_free(pinfo->d);
+            BN_free(pinfo->t);
+            pinfo->r = primes[i];
+            pinfo->d = exps[i];
+            pinfo->t = coeffs[i];
+        } else {
+            rsa_multip_info_free(pinfo);
+            goto err;
+        }
+        (void)sk_RSA_PRIME_INFO_push(prime_infos, pinfo);
+    }
+
+    r->prime_infos = prime_infos;
+
+    if (!rsa_multip_calc_product(r)) {
+        r->prime_infos = old;
+        goto err;
+    }
+
+    if (old != NULL) {
+        /*
+         * This is hard to deal with, since the old infos could
+         * also be set by this function and r, d, t should not
+         * be freed in that case. So currently, stay consistent
+         * with other *set0* functions: just free it...
+         */
+        sk_RSA_PRIME_INFO_pop_free(old, rsa_multip_info_free);
+    }
+
+    r->version = RSA_ASN1_VERSION_MULTI;
+
+    return 1;
+ err:
+    /* r, d, t should not be freed */
+    sk_RSA_PRIME_INFO_pop_free(prime_infos, rsa_multip_info_free_ex);
+    return 0;
+}
+
+void RSA_get0_key(const RSA *r,
+                  const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
+{
+    if (n != NULL)
+        *n = r->n;
+    if (e != NULL)
+        *e = r->e;
+    if (d != NULL)
+        *d = r->d;
+}
+
+void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q)
+{
+    if (p != NULL)
+        *p = r->p;
+    if (q != NULL)
+        *q = r->q;
+}
+
+int RSA_get_multi_prime_extra_count(const RSA *r)
+{
+    int pnum;
+
+    pnum = sk_RSA_PRIME_INFO_num(r->prime_infos);
+    if (pnum <= 0)
+        pnum = 0;
+    return pnum;
+}
+
+int RSA_get0_multi_prime_factors(const RSA *r, const BIGNUM *primes[])
+{
+    int pnum, i;
+    RSA_PRIME_INFO *pinfo;
+
+    if ((pnum = RSA_get_multi_prime_extra_count(r)) == 0)
+        return 0;
+
+    /*
+     * return other primes
+     * it's caller's responsibility to allocate oth_primes[pnum]
+     */
+    for (i = 0; i < pnum; i++) {
+        pinfo = sk_RSA_PRIME_INFO_value(r->prime_infos, i);
+        primes[i] = pinfo->r;
+    }
+
+    return 1;
+}
+
+void RSA_get0_crt_params(const RSA *r,
+                         const BIGNUM **dmp1, const BIGNUM **dmq1,
+                         const BIGNUM **iqmp)
+{
+    if (dmp1 != NULL)
+        *dmp1 = r->dmp1;
+    if (dmq1 != NULL)
+        *dmq1 = r->dmq1;
+    if (iqmp != NULL)
+        *iqmp = r->iqmp;
+}
+
+int RSA_get0_multi_prime_crt_params(const RSA *r, const BIGNUM *exps[],
+                                    const BIGNUM *coeffs[])
+{
+    int pnum;
+
+    if ((pnum = RSA_get_multi_prime_extra_count(r)) == 0)
+        return 0;
+
+    /* return other primes */
+    if (exps != NULL || coeffs != NULL) {
+        RSA_PRIME_INFO *pinfo;
+        int i;
+
+        /* it's the user's job to guarantee the buffer length */
+        for (i = 0; i < pnum; i++) {
+            pinfo = sk_RSA_PRIME_INFO_value(r->prime_infos, i);
+            if (exps != NULL)
+                exps[i] = pinfo->d;
+            if (coeffs != NULL)
+                coeffs[i] = pinfo->t;
+        }
+    }
+
+    return 1;
+}
+
+const BIGNUM *RSA_get0_n(const RSA *r)
+{
+    return r->n;
+}
+
+const BIGNUM *RSA_get0_e(const RSA *r)
+{
+    return r->e;
+}
+
+const BIGNUM *RSA_get0_d(const RSA *r)
+{
+    return r->d;
+}
+
+const BIGNUM *RSA_get0_p(const RSA *r)
+{
+    return r->p;
+}
+
+const BIGNUM *RSA_get0_q(const RSA *r)
+{
+    return r->q;
+}
+
+const BIGNUM *RSA_get0_dmp1(const RSA *r)
+{
+    return r->dmp1;
+}
+
+const BIGNUM *RSA_get0_dmq1(const RSA *r)
+{
+    return r->dmq1;
+}
+
+const BIGNUM *RSA_get0_iqmp(const RSA *r)
+{
+    return r->iqmp;
+}
+
+void RSA_clear_flags(RSA *r, int flags)
+{
+    r->flags &= ~flags;
+}
+
+int RSA_test_flags(const RSA *r, int flags)
+{
+    return r->flags & flags;
+}
+
+void RSA_set_flags(RSA *r, int flags)
+{
+    r->flags |= flags;
+}
+
+int RSA_get_version(RSA *r)
+{
+    /* { two-prime(0), multi(1) } */
+    return r->version;
+}
+
+ENGINE *RSA_get0_engine(const RSA *r)
+{
+    return r->engine;
+}
+
+int RSA_pkey_ctx_ctrl(EVP_PKEY_CTX *ctx, int optype, int cmd, int p1, void *p2)
+{
+    /* If key type not RSA or RSA-PSS return error */
+    if (ctx != NULL && ctx->pmeth != NULL
+        && ctx->pmeth->pkey_id != EVP_PKEY_RSA
+        && ctx->pmeth->pkey_id != EVP_PKEY_RSA_PSS)
+        return -1;
+     return EVP_PKEY_CTX_ctrl(ctx, -1, optype, cmd, p1, p2);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_locl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_locl.h
new file mode 100644
index 000000000..2b94462a9
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_locl.h
@@ -0,0 +1,132 @@
+/*
+ * Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/rsa.h>
+#include "internal/refcount.h"
+
+#define RSA_MAX_PRIME_NUM       5
+#define RSA_MIN_MODULUS_BITS    512
+
+typedef struct rsa_prime_info_st {
+    BIGNUM *r;
+    BIGNUM *d;
+    BIGNUM *t;
+    /* save product of primes prior to this one */
+    BIGNUM *pp;
+    BN_MONT_CTX *m;
+} RSA_PRIME_INFO;
+
+DECLARE_ASN1_ITEM(RSA_PRIME_INFO)
+DEFINE_STACK_OF(RSA_PRIME_INFO)
+
+struct rsa_st {
+    /*
+     * The first parameter is used to pickup errors where this is passed
+     * instead of an EVP_PKEY, it is set to 0
+     */
+    int pad;
+    int32_t version;
+    const RSA_METHOD *meth;
+    /* functional reference if 'meth' is ENGINE-provided */
+    ENGINE *engine;
+    BIGNUM *n;
+    BIGNUM *e;
+    BIGNUM *d;
+    BIGNUM *p;
+    BIGNUM *q;
+    BIGNUM *dmp1;
+    BIGNUM *dmq1;
+    BIGNUM *iqmp;
+    /* for multi-prime RSA, defined in RFC 8017 */
+    STACK_OF(RSA_PRIME_INFO) *prime_infos;
+    /* If a PSS only key this contains the parameter restrictions */
+    RSA_PSS_PARAMS *pss;
+    /* be careful using this if the RSA structure is shared */
+    CRYPTO_EX_DATA ex_data;
+    CRYPTO_REF_COUNT references;
+    int flags;
+    /* Used to cache montgomery values */
+    BN_MONT_CTX *_method_mod_n;
+    BN_MONT_CTX *_method_mod_p;
+    BN_MONT_CTX *_method_mod_q;
+    /*
+     * all BIGNUM values are actually in the following data, if it is not
+     * NULL
+     */
+    char *bignum_data;
+    BN_BLINDING *blinding;
+    BN_BLINDING *mt_blinding;
+    CRYPTO_RWLOCK *lock;
+};
+
+struct rsa_meth_st {
+    char *name;
+    int (*rsa_pub_enc) (int flen, const unsigned char *from,
+                        unsigned char *to, RSA *rsa, int padding);
+    int (*rsa_pub_dec) (int flen, const unsigned char *from,
+                        unsigned char *to, RSA *rsa, int padding);
+    int (*rsa_priv_enc) (int flen, const unsigned char *from,
+                         unsigned char *to, RSA *rsa, int padding);
+    int (*rsa_priv_dec) (int flen, const unsigned char *from,
+                         unsigned char *to, RSA *rsa, int padding);
+    /* Can be null */
+    int (*rsa_mod_exp) (BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
+    /* Can be null */
+    int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                       const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+    /* called at new */
+    int (*init) (RSA *rsa);
+    /* called at free */
+    int (*finish) (RSA *rsa);
+    /* RSA_METHOD_FLAG_* things */
+    int flags;
+    /* may be needed! */
+    char *app_data;
+    /*
+     * New sign and verify functions: some libraries don't allow arbitrary
+     * data to be signed/verified: this allows them to be used. Note: for
+     * this to work the RSA_public_decrypt() and RSA_private_encrypt() should
+     * *NOT* be used RSA_sign(), RSA_verify() should be used instead.
+     */
+    int (*rsa_sign) (int type,
+                     const unsigned char *m, unsigned int m_length,
+                     unsigned char *sigret, unsigned int *siglen,
+                     const RSA *rsa);
+    int (*rsa_verify) (int dtype, const unsigned char *m,
+                       unsigned int m_length, const unsigned char *sigbuf,
+                       unsigned int siglen, const RSA *rsa);
+    /*
+     * If this callback is NULL, the builtin software RSA key-gen will be
+     * used. This is for behavioural compatibility whilst the code gets
+     * rewired, but one day it would be nice to assume there are no such
+     * things as "builtin software" implementations.
+     */
+    int (*rsa_keygen) (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
+    int (*rsa_multi_prime_keygen) (RSA *rsa, int bits, int primes,
+                                   BIGNUM *e, BN_GENCB *cb);
+};
+
+extern int int_rsa_verify(int dtype, const unsigned char *m,
+                          unsigned int m_len, unsigned char *rm,
+                          size_t *prm_len, const unsigned char *sigbuf,
+                          size_t siglen, RSA *rsa);
+/* Macros to test if a pkey or ctx is for a PSS key */
+#define pkey_is_pss(pkey) (pkey->ameth->pkey_id == EVP_PKEY_RSA_PSS)
+#define pkey_ctx_is_pss(ctx) (ctx->pmeth->pkey_id == EVP_PKEY_RSA_PSS)
+
+RSA_PSS_PARAMS *rsa_pss_params_create(const EVP_MD *sigmd,
+                                      const EVP_MD *mgf1md, int saltlen);
+int rsa_pss_get_param(const RSA_PSS_PARAMS *pss, const EVP_MD **pmd,
+                      const EVP_MD **pmgf1md, int *psaltlen);
+/* internal function to clear and free multi-prime parameters */
+void rsa_multip_info_free_ex(RSA_PRIME_INFO *pinfo);
+void rsa_multip_info_free(RSA_PRIME_INFO *pinfo);
+RSA_PRIME_INFO *rsa_multip_info_new(void);
+int rsa_multip_calc_product(RSA *rsa);
+int rsa_multip_cap(int bits);
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_meth.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_meth.c
new file mode 100644
index 000000000..def19f375
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_meth.c
@@ -0,0 +1,287 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include "rsa_locl.h"
+#include <openssl/err.h>
+
+RSA_METHOD *RSA_meth_new(const char *name, int flags)
+{
+    RSA_METHOD *meth = OPENSSL_zalloc(sizeof(*meth));
+
+    if (meth != NULL) {
+        meth->flags = flags;
+
+        meth->name = OPENSSL_strdup(name);
+        if (meth->name != NULL)
+            return meth;
+
+        OPENSSL_free(meth);
+    }
+
+    RSAerr(RSA_F_RSA_METH_NEW, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+void RSA_meth_free(RSA_METHOD *meth)
+{
+    if (meth != NULL) {
+        OPENSSL_free(meth->name);
+        OPENSSL_free(meth);
+    }
+}
+
+RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth)
+{
+    RSA_METHOD *ret = OPENSSL_malloc(sizeof(*ret));
+
+    if (ret != NULL) {
+        memcpy(ret, meth, sizeof(*meth));
+
+        ret->name = OPENSSL_strdup(meth->name);
+        if (ret->name != NULL)
+            return ret;
+
+        OPENSSL_free(ret);
+    }
+
+    RSAerr(RSA_F_RSA_METH_DUP, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+const char *RSA_meth_get0_name(const RSA_METHOD *meth)
+{
+    return meth->name;
+}
+
+int RSA_meth_set1_name(RSA_METHOD *meth, const char *name)
+{
+    char *tmpname = OPENSSL_strdup(name);
+
+    if (tmpname == NULL) {
+        RSAerr(RSA_F_RSA_METH_SET1_NAME, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    OPENSSL_free(meth->name);
+    meth->name = tmpname;
+
+    return 1;
+}
+
+int RSA_meth_get_flags(const RSA_METHOD *meth)
+{
+    return meth->flags;
+}
+
+int RSA_meth_set_flags(RSA_METHOD *meth, int flags)
+{
+    meth->flags = flags;
+    return 1;
+}
+
+void *RSA_meth_get0_app_data(const RSA_METHOD *meth)
+{
+    return meth->app_data;
+}
+
+int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data)
+{
+    meth->app_data = app_data;
+    return 1;
+}
+
+int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth))
+    (int flen, const unsigned char *from,
+     unsigned char *to, RSA *rsa, int padding)
+{
+    return meth->rsa_pub_enc;
+}
+
+int RSA_meth_set_pub_enc(RSA_METHOD *meth,
+                         int (*pub_enc) (int flen, const unsigned char *from,
+                                         unsigned char *to, RSA *rsa,
+                                         int padding))
+{
+    meth->rsa_pub_enc = pub_enc;
+    return 1;
+}
+
+int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth))
+    (int flen, const unsigned char *from,
+     unsigned char *to, RSA *rsa, int padding)
+{
+    return meth->rsa_pub_dec;
+}
+
+int RSA_meth_set_pub_dec(RSA_METHOD *meth,
+                         int (*pub_dec) (int flen, const unsigned char *from,
+                                         unsigned char *to, RSA *rsa,
+                                         int padding))
+{
+    meth->rsa_pub_dec = pub_dec;
+    return 1;
+}
+
+int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth))
+    (int flen, const unsigned char *from,
+     unsigned char *to, RSA *rsa, int padding)
+{
+    return meth->rsa_priv_enc;
+}
+
+int RSA_meth_set_priv_enc(RSA_METHOD *meth,
+                          int (*priv_enc) (int flen, const unsigned char *from,
+                                           unsigned char *to, RSA *rsa,
+                                           int padding))
+{
+    meth->rsa_priv_enc = priv_enc;
+    return 1;
+}
+
+int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth))
+    (int flen, const unsigned char *from,
+     unsigned char *to, RSA *rsa, int padding)
+{
+    return meth->rsa_priv_dec;
+}
+
+int RSA_meth_set_priv_dec(RSA_METHOD *meth,
+                          int (*priv_dec) (int flen, const unsigned char *from,
+                                           unsigned char *to, RSA *rsa,
+                                           int padding))
+{
+    meth->rsa_priv_dec = priv_dec;
+    return 1;
+}
+
+    /* Can be null */
+int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth))
+    (BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx)
+{
+    return meth->rsa_mod_exp;
+}
+
+int RSA_meth_set_mod_exp(RSA_METHOD *meth,
+                         int (*mod_exp) (BIGNUM *r0, const BIGNUM *i, RSA *rsa,
+                                         BN_CTX *ctx))
+{
+    meth->rsa_mod_exp = mod_exp;
+    return 1;
+}
+
+    /* Can be null */
+int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth))
+    (BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+     const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+{
+    return meth->bn_mod_exp;
+}
+
+int RSA_meth_set_bn_mod_exp(RSA_METHOD *meth,
+                            int (*bn_mod_exp) (BIGNUM *r,
+                                               const BIGNUM *a,
+                                               const BIGNUM *p,
+                                               const BIGNUM *m,
+                                               BN_CTX *ctx,
+                                               BN_MONT_CTX *m_ctx))
+{
+    meth->bn_mod_exp = bn_mod_exp;
+    return 1;
+}
+
+    /* called at new */
+int (*RSA_meth_get_init(const RSA_METHOD *meth)) (RSA *rsa)
+{
+    return meth->init;
+}
+
+int RSA_meth_set_init(RSA_METHOD *meth, int (*init) (RSA *rsa))
+{
+    meth->init = init;
+    return 1;
+}
+
+    /* called at free */
+int (*RSA_meth_get_finish(const RSA_METHOD *meth)) (RSA *rsa)
+{
+    return meth->finish;
+}
+
+int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa))
+{
+    meth->finish = finish;
+    return 1;
+}
+
+int (*RSA_meth_get_sign(const RSA_METHOD *meth))
+    (int type,
+     const unsigned char *m, unsigned int m_length,
+     unsigned char *sigret, unsigned int *siglen,
+     const RSA *rsa)
+{
+    return meth->rsa_sign;
+}
+
+int RSA_meth_set_sign(RSA_METHOD *meth,
+                      int (*sign) (int type, const unsigned char *m,
+                                   unsigned int m_length,
+                                   unsigned char *sigret, unsigned int *siglen,
+                                   const RSA *rsa))
+{
+    meth->rsa_sign = sign;
+    return 1;
+}
+
+int (*RSA_meth_get_verify(const RSA_METHOD *meth))
+    (int dtype, const unsigned char *m,
+     unsigned int m_length, const unsigned char *sigbuf,
+     unsigned int siglen, const RSA *rsa)
+{
+    return meth->rsa_verify;
+}
+
+int RSA_meth_set_verify(RSA_METHOD *meth,
+                        int (*verify) (int dtype, const unsigned char *m,
+                                       unsigned int m_length,
+                                       const unsigned char *sigbuf,
+                                       unsigned int siglen, const RSA *rsa))
+{
+    meth->rsa_verify = verify;
+    return 1;
+}
+
+int (*RSA_meth_get_keygen(const RSA_METHOD *meth))
+    (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
+{
+    return meth->rsa_keygen;
+}
+
+int RSA_meth_set_keygen(RSA_METHOD *meth,
+                        int (*keygen) (RSA *rsa, int bits, BIGNUM *e,
+                                       BN_GENCB *cb))
+{
+    meth->rsa_keygen = keygen;
+    return 1;
+}
+
+int (*RSA_meth_get_multi_prime_keygen(const RSA_METHOD *meth))
+    (RSA *rsa, int bits, int primes, BIGNUM *e, BN_GENCB *cb)
+{
+    return meth->rsa_multi_prime_keygen;
+}
+
+int RSA_meth_set_multi_prime_keygen(RSA_METHOD *meth,
+                                    int (*keygen) (RSA *rsa, int bits,
+                                                   int primes, BIGNUM *e,
+                                                   BN_GENCB *cb))
+{
+    meth->rsa_multi_prime_keygen = keygen;
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_mp.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_mp.c
new file mode 100644
index 000000000..e7e810823
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_mp.c
@@ -0,0 +1,115 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 BaishanCloud. All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/bn.h>
+#include <openssl/err.h>
+#include "rsa_locl.h"
+
+void rsa_multip_info_free_ex(RSA_PRIME_INFO *pinfo)
+{
+    /* free pp and pinfo only */
+    BN_clear_free(pinfo->pp);
+    OPENSSL_free(pinfo);
+}
+
+void rsa_multip_info_free(RSA_PRIME_INFO *pinfo)
+{
+    /* free a RSA_PRIME_INFO structure */
+    BN_clear_free(pinfo->r);
+    BN_clear_free(pinfo->d);
+    BN_clear_free(pinfo->t);
+    rsa_multip_info_free_ex(pinfo);
+}
+
+RSA_PRIME_INFO *rsa_multip_info_new(void)
+{
+    RSA_PRIME_INFO *pinfo;
+
+    /* create a RSA_PRIME_INFO structure */
+    if ((pinfo = OPENSSL_zalloc(sizeof(RSA_PRIME_INFO))) == NULL) {
+        RSAerr(RSA_F_RSA_MULTIP_INFO_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    if ((pinfo->r = BN_secure_new()) == NULL)
+        goto err;
+    if ((pinfo->d = BN_secure_new()) == NULL)
+        goto err;
+    if ((pinfo->t = BN_secure_new()) == NULL)
+        goto err;
+    if ((pinfo->pp = BN_secure_new()) == NULL)
+        goto err;
+
+    return pinfo;
+
+ err:
+    BN_free(pinfo->r);
+    BN_free(pinfo->d);
+    BN_free(pinfo->t);
+    BN_free(pinfo->pp);
+    OPENSSL_free(pinfo);
+    return NULL;
+}
+
+/* Refill products of primes */
+int rsa_multip_calc_product(RSA *rsa)
+{
+    RSA_PRIME_INFO *pinfo;
+    BIGNUM *p1 = NULL, *p2 = NULL;
+    BN_CTX *ctx = NULL;
+    int i, rv = 0, ex_primes;
+
+    if ((ex_primes = sk_RSA_PRIME_INFO_num(rsa->prime_infos)) <= 0) {
+        /* invalid */
+        goto err;
+    }
+
+    if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+
+    /* calculate pinfo->pp = p * q for first 'extra' prime */
+    p1 = rsa->p;
+    p2 = rsa->q;
+
+    for (i = 0; i < ex_primes; i++) {
+        pinfo = sk_RSA_PRIME_INFO_value(rsa->prime_infos, i);
+        if (pinfo->pp == NULL) {
+            pinfo->pp = BN_secure_new();
+            if (pinfo->pp == NULL)
+                goto err;
+        }
+        if (!BN_mul(pinfo->pp, p1, p2, ctx))
+            goto err;
+        /* save previous one */
+        p1 = pinfo->pp;
+        p2 = pinfo->r;
+    }
+
+    rv = 1;
+ err:
+    BN_CTX_free(ctx);
+    return rv;
+}
+
+int rsa_multip_cap(int bits)
+{
+    int cap = 5;
+
+    if (bits < 1024)
+        cap = 2;
+    else if (bits < 4096)
+        cap = 3;
+    else if (bits < 8192)
+        cap = 4;
+
+    if (cap > RSA_MAX_PRIME_NUM)
+        cap = RSA_MAX_PRIME_NUM;
+
+    return cap;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_none.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_none.c
new file mode 100644
index 000000000..f16cc6706
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_none.c
@@ -0,0 +1,43 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+
+int RSA_padding_add_none(unsigned char *to, int tlen,
+                         const unsigned char *from, int flen)
+{
+    if (flen > tlen) {
+        RSAerr(RSA_F_RSA_PADDING_ADD_NONE, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+        return 0;
+    }
+
+    if (flen < tlen) {
+        RSAerr(RSA_F_RSA_PADDING_ADD_NONE, RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE);
+        return 0;
+    }
+
+    memcpy(to, from, (unsigned int)flen);
+    return 1;
+}
+
+int RSA_padding_check_none(unsigned char *to, int tlen,
+                           const unsigned char *from, int flen, int num)
+{
+
+    if (flen > tlen) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_NONE, RSA_R_DATA_TOO_LARGE);
+        return -1;
+    }
+
+    memset(to, 0, tlen - flen);
+    memcpy(to + tlen - flen, from, flen);
+    return tlen;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_oaep.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_oaep.c
new file mode 100644
index 000000000..689e6dc22
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_oaep.c
@@ -0,0 +1,313 @@
+/*
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* EME-OAEP as defined in RFC 2437 (PKCS #1 v2.0) */
+
+/*
+ * See Victor Shoup, "OAEP reconsidered," Nov. 2000, <URL:
+ * http://www.shoup.net/papers/oaep.ps.Z> for problems with the security
+ * proof for the original OAEP scheme, which EME-OAEP is based on. A new
+ * proof can be found in E. Fujisaki, T. Okamoto, D. Pointcheval, J. Stern,
+ * "RSA-OEAP is Still Alive!", Dec. 2000, <URL:
+ * http://eprint.iacr.org/2000/061/>. The new proof has stronger requirements
+ * for the underlying permutation: "partial-one-wayness" instead of
+ * one-wayness.  For the RSA function, this is an equivalent notion.
+ */
+
+#include "internal/constant_time_locl.h"
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/sha.h>
+#include "rsa_locl.h"
+
+int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
+                               const unsigned char *from, int flen,
+                               const unsigned char *param, int plen)
+{
+    return RSA_padding_add_PKCS1_OAEP_mgf1(to, tlen, from, flen,
+                                           param, plen, NULL, NULL);
+}
+
+int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
+                                    const unsigned char *from, int flen,
+                                    const unsigned char *param, int plen,
+                                    const EVP_MD *md, const EVP_MD *mgf1md)
+{
+    int rv = 0;
+    int i, emlen = tlen - 1;
+    unsigned char *db, *seed;
+    unsigned char *dbmask = NULL;
+    unsigned char seedmask[EVP_MAX_MD_SIZE];
+    int mdlen, dbmask_len = 0;
+
+    if (md == NULL)
+        md = EVP_sha1();
+    if (mgf1md == NULL)
+        mgf1md = md;
+
+    mdlen = EVP_MD_size(md);
+
+    if (flen > emlen - 2 * mdlen - 1) {
+        RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1,
+               RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+        return 0;
+    }
+
+    if (emlen < 2 * mdlen + 1) {
+        RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1,
+               RSA_R_KEY_SIZE_TOO_SMALL);
+        return 0;
+    }
+
+    to[0] = 0;
+    seed = to + 1;
+    db = to + mdlen + 1;
+
+    if (!EVP_Digest((void *)param, plen, db, NULL, md, NULL))
+        goto err;
+    memset(db + mdlen, 0, emlen - flen - 2 * mdlen - 1);
+    db[emlen - flen - mdlen - 1] = 0x01;
+    memcpy(db + emlen - flen - mdlen, from, (unsigned int)flen);
+    if (RAND_bytes(seed, mdlen) <= 0)
+        goto err;
+
+    dbmask_len = emlen - mdlen;
+    dbmask = OPENSSL_malloc(dbmask_len);
+    if (dbmask == NULL) {
+        RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (PKCS1_MGF1(dbmask, dbmask_len, seed, mdlen, mgf1md) < 0)
+        goto err;
+    for (i = 0; i < dbmask_len; i++)
+        db[i] ^= dbmask[i];
+
+    if (PKCS1_MGF1(seedmask, mdlen, db, dbmask_len, mgf1md) < 0)
+        goto err;
+    for (i = 0; i < mdlen; i++)
+        seed[i] ^= seedmask[i];
+    rv = 1;
+
+ err:
+    OPENSSL_cleanse(seedmask, sizeof(seedmask));
+    OPENSSL_clear_free(dbmask, dbmask_len);
+    return rv;
+}
+
+int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
+                                 const unsigned char *from, int flen, int num,
+                                 const unsigned char *param, int plen)
+{
+    return RSA_padding_check_PKCS1_OAEP_mgf1(to, tlen, from, flen, num,
+                                             param, plen, NULL, NULL);
+}
+
+int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
+                                      const unsigned char *from, int flen,
+                                      int num, const unsigned char *param,
+                                      int plen, const EVP_MD *md,
+                                      const EVP_MD *mgf1md)
+{
+    int i, dblen = 0, mlen = -1, one_index = 0, msg_index;
+    unsigned int good = 0, found_one_byte, mask;
+    const unsigned char *maskedseed, *maskeddb;
+    /*
+     * |em| is the encoded message, zero-padded to exactly |num| bytes: em =
+     * Y || maskedSeed || maskedDB
+     */
+    unsigned char *db = NULL, *em = NULL, seed[EVP_MAX_MD_SIZE],
+        phash[EVP_MAX_MD_SIZE];
+    int mdlen;
+
+    if (md == NULL)
+        md = EVP_sha1();
+    if (mgf1md == NULL)
+        mgf1md = md;
+
+    mdlen = EVP_MD_size(md);
+
+    if (tlen <= 0 || flen <= 0)
+        return -1;
+    /*
+     * |num| is the length of the modulus; |flen| is the length of the
+     * encoded message. Therefore, for any |from| that was obtained by
+     * decrypting a ciphertext, we must have |flen| <= |num|. Similarly,
+     * num < 2 * mdlen + 2 must hold for the modulus irrespective of
+     * the ciphertext, see PKCS #1 v2.2, section 7.1.2.
+     * This does not leak any side-channel information.
+     */
+    if (num < flen || num < 2 * mdlen + 2) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1,
+               RSA_R_OAEP_DECODING_ERROR);
+        return -1;
+    }
+
+    dblen = num - mdlen - 1;
+    db = OPENSSL_malloc(dblen);
+    if (db == NULL) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1, ERR_R_MALLOC_FAILURE);
+        goto cleanup;
+    }
+
+    em = OPENSSL_malloc(num);
+    if (em == NULL) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1,
+               ERR_R_MALLOC_FAILURE);
+        goto cleanup;
+    }
+
+    /*
+     * Caller is encouraged to pass zero-padded message created with
+     * BN_bn2binpad. Trouble is that since we can't read out of |from|'s
+     * bounds, it's impossible to have an invariant memory access pattern
+     * in case |from| was not zero-padded in advance.
+     */
+    for (from += flen, em += num, i = 0; i < num; i++) {
+        mask = ~constant_time_is_zero(flen);
+        flen -= 1 & mask;
+        from -= 1 & mask;
+        *--em = *from & mask;
+    }
+    from = em;
+
+    /*
+     * The first byte must be zero, however we must not leak if this is
+     * true. See James H. Manger, "A Chosen Ciphertext  Attack on RSA
+     * Optimal Asymmetric Encryption Padding (OAEP) [...]", CRYPTO 2001).
+     */
+    good = constant_time_is_zero(from[0]);
+
+    maskedseed = from + 1;
+    maskeddb = from + 1 + mdlen;
+
+    if (PKCS1_MGF1(seed, mdlen, maskeddb, dblen, mgf1md))
+        goto cleanup;
+    for (i = 0; i < mdlen; i++)
+        seed[i] ^= maskedseed[i];
+
+    if (PKCS1_MGF1(db, dblen, seed, mdlen, mgf1md))
+        goto cleanup;
+    for (i = 0; i < dblen; i++)
+        db[i] ^= maskeddb[i];
+
+    if (!EVP_Digest((void *)param, plen, phash, NULL, md, NULL))
+        goto cleanup;
+
+    good &= constant_time_is_zero(CRYPTO_memcmp(db, phash, mdlen));
+
+    found_one_byte = 0;
+    for (i = mdlen; i < dblen; i++) {
+        /*
+         * Padding consists of a number of 0-bytes, followed by a 1.
+         */
+        unsigned int equals1 = constant_time_eq(db[i], 1);
+        unsigned int equals0 = constant_time_is_zero(db[i]);
+        one_index = constant_time_select_int(~found_one_byte & equals1,
+                                             i, one_index);
+        found_one_byte |= equals1;
+        good &= (found_one_byte | equals0);
+    }
+
+    good &= found_one_byte;
+
+    /*
+     * At this point |good| is zero unless the plaintext was valid,
+     * so plaintext-awareness ensures timing side-channels are no longer a
+     * concern.
+     */
+    msg_index = one_index + 1;
+    mlen = dblen - msg_index;
+
+    /*
+     * For good measure, do this check in constant tine as well.
+     */
+    good &= constant_time_ge(tlen, mlen);
+
+    /*
+     * Even though we can't fake result's length, we can pretend copying
+     * |tlen| bytes where |mlen| bytes would be real. Last |tlen| of |dblen|
+     * bytes are viewed as circular buffer with start at |tlen|-|mlen'|,
+     * where |mlen'| is "saturated" |mlen| value. Deducing information
+     * about failure or |mlen| would take attacker's ability to observe
+     * memory access pattern with byte granularity *as it occurs*. It
+     * should be noted that failure is indistinguishable from normal
+     * operation if |tlen| is fixed by protocol.
+     */
+    tlen = constant_time_select_int(constant_time_lt(dblen, tlen), dblen, tlen);
+    msg_index = constant_time_select_int(good, msg_index, dblen - tlen);
+    mlen = dblen - msg_index;
+    for (from = db + msg_index, mask = good, i = 0; i < tlen; i++) {
+        unsigned int equals = constant_time_eq(i, mlen);
+
+        from -= dblen & equals; /* if (i == dblen) rewind   */
+        mask &= mask ^ equals;  /* if (i == dblen) mask = 0 */
+        to[i] = constant_time_select_8(mask, from[i], to[i]);
+    }
+
+    /*
+     * To avoid chosen ciphertext attacks, the error message should not
+     * reveal which kind of decoding error happened.
+     */
+    RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1,
+           RSA_R_OAEP_DECODING_ERROR);
+    err_clear_last_constant_time(1 & good);
+ cleanup:
+    OPENSSL_cleanse(seed, sizeof(seed));
+    OPENSSL_clear_free(db, dblen);
+    OPENSSL_clear_free(em, num);
+
+    return constant_time_select_int(good, mlen, -1);
+}
+
+int PKCS1_MGF1(unsigned char *mask, long len,
+               const unsigned char *seed, long seedlen, const EVP_MD *dgst)
+{
+    long i, outlen = 0;
+    unsigned char cnt[4];
+    EVP_MD_CTX *c = EVP_MD_CTX_new();
+    unsigned char md[EVP_MAX_MD_SIZE];
+    int mdlen;
+    int rv = -1;
+
+    if (c == NULL)
+        goto err;
+    mdlen = EVP_MD_size(dgst);
+    if (mdlen < 0)
+        goto err;
+    for (i = 0; outlen < len; i++) {
+        cnt[0] = (unsigned char)((i >> 24) & 255);
+        cnt[1] = (unsigned char)((i >> 16) & 255);
+        cnt[2] = (unsigned char)((i >> 8)) & 255;
+        cnt[3] = (unsigned char)(i & 255);
+        if (!EVP_DigestInit_ex(c, dgst, NULL)
+            || !EVP_DigestUpdate(c, seed, seedlen)
+            || !EVP_DigestUpdate(c, cnt, 4))
+            goto err;
+        if (outlen + mdlen <= len) {
+            if (!EVP_DigestFinal_ex(c, mask + outlen, NULL))
+                goto err;
+            outlen += mdlen;
+        } else {
+            if (!EVP_DigestFinal_ex(c, md, NULL))
+                goto err;
+            memcpy(mask + outlen, md, len - outlen);
+            outlen = len;
+        }
+    }
+    rv = 0;
+ err:
+    OPENSSL_cleanse(md, sizeof(md));
+    EVP_MD_CTX_free(c);
+    return rv;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_ossl.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_ossl.c
new file mode 100644
index 000000000..465134257
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_ossl.c
@@ -0,0 +1,970 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include "internal/bn_int.h"
+#include "rsa_locl.h"
+#include "internal/constant_time_locl.h"
+
+static int rsa_ossl_public_encrypt(int flen, const unsigned char *from,
+                                  unsigned char *to, RSA *rsa, int padding);
+static int rsa_ossl_private_encrypt(int flen, const unsigned char *from,
+                                   unsigned char *to, RSA *rsa, int padding);
+static int rsa_ossl_public_decrypt(int flen, const unsigned char *from,
+                                  unsigned char *to, RSA *rsa, int padding);
+static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
+                                   unsigned char *to, RSA *rsa, int padding);
+static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa,
+                           BN_CTX *ctx);
+static int rsa_ossl_init(RSA *rsa);
+static int rsa_ossl_finish(RSA *rsa);
+static RSA_METHOD rsa_pkcs1_ossl_meth = {
+    "OpenSSL PKCS#1 RSA",
+    rsa_ossl_public_encrypt,
+    rsa_ossl_public_decrypt,     /* signature verification */
+    rsa_ossl_private_encrypt,    /* signing */
+    rsa_ossl_private_decrypt,
+    rsa_ossl_mod_exp,
+    BN_mod_exp_mont,            /* XXX probably we should not use Montgomery
+                                 * if e == 3 */
+    rsa_ossl_init,
+    rsa_ossl_finish,
+    RSA_FLAG_FIPS_METHOD,       /* flags */
+    NULL,
+    0,                          /* rsa_sign */
+    0,                          /* rsa_verify */
+    NULL,                       /* rsa_keygen */
+    NULL                        /* rsa_multi_prime_keygen */
+};
+
+static const RSA_METHOD *default_RSA_meth = &rsa_pkcs1_ossl_meth;
+
+void RSA_set_default_method(const RSA_METHOD *meth)
+{
+    default_RSA_meth = meth;
+}
+
+const RSA_METHOD *RSA_get_default_method(void)
+{
+    return default_RSA_meth;
+}
+
+const RSA_METHOD *RSA_PKCS1_OpenSSL(void)
+{
+    return &rsa_pkcs1_ossl_meth;
+}
+
+const RSA_METHOD *RSA_null_method(void)
+{
+    return NULL;
+}
+
+static int rsa_ossl_public_encrypt(int flen, const unsigned char *from,
+                                  unsigned char *to, RSA *rsa, int padding)
+{
+    BIGNUM *f, *ret;
+    int i, num = 0, r = -1;
+    unsigned char *buf = NULL;
+    BN_CTX *ctx = NULL;
+
+    if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) {
+        RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE);
+        return -1;
+    }
+
+    if (BN_ucmp(rsa->n, rsa->e) <= 0) {
+        RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
+        return -1;
+    }
+
+    /* for large moduli, enforce exponent limit */
+    if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) {
+        if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) {
+            RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
+            return -1;
+        }
+    }
+
+    if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+    f = BN_CTX_get(ctx);
+    ret = BN_CTX_get(ctx);
+    num = BN_num_bytes(rsa->n);
+    buf = OPENSSL_malloc(num);
+    if (ret == NULL || buf == NULL) {
+        RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    switch (padding) {
+    case RSA_PKCS1_PADDING:
+        i = RSA_padding_add_PKCS1_type_2(buf, num, from, flen);
+        break;
+    case RSA_PKCS1_OAEP_PADDING:
+        i = RSA_padding_add_PKCS1_OAEP(buf, num, from, flen, NULL, 0);
+        break;
+    case RSA_SSLV23_PADDING:
+        i = RSA_padding_add_SSLv23(buf, num, from, flen);
+        break;
+    case RSA_NO_PADDING:
+        i = RSA_padding_add_none(buf, num, from, flen);
+        break;
+    default:
+        RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
+        goto err;
+    }
+    if (i <= 0)
+        goto err;
+
+    if (BN_bin2bn(buf, num, f) == NULL)
+        goto err;
+
+    if (BN_ucmp(f, rsa->n) >= 0) {
+        /* usually the padding functions would catch this */
+        RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT,
+               RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
+        goto err;
+    }
+
+    if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
+        if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, rsa->lock,
+                                    rsa->n, ctx))
+            goto err;
+
+    if (!rsa->meth->bn_mod_exp(ret, f, rsa->e, rsa->n, ctx,
+                               rsa->_method_mod_n))
+        goto err;
+
+    /*
+     * BN_bn2binpad puts in leading 0 bytes if the number is less than
+     * the length of the modulus.
+     */
+    r = BN_bn2binpad(ret, to, num);
+ err:
+    if (ctx != NULL)
+        BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    OPENSSL_clear_free(buf, num);
+    return r;
+}
+
+static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)
+{
+    BN_BLINDING *ret;
+
+    CRYPTO_THREAD_write_lock(rsa->lock);
+
+    if (rsa->blinding == NULL) {
+        rsa->blinding = RSA_setup_blinding(rsa, ctx);
+    }
+
+    ret = rsa->blinding;
+    if (ret == NULL)
+        goto err;
+
+    if (BN_BLINDING_is_current_thread(ret)) {
+        /* rsa->blinding is ours! */
+
+        *local = 1;
+    } else {
+        /* resort to rsa->mt_blinding instead */
+
+        /*
+         * instructs rsa_blinding_convert(), rsa_blinding_invert() that the
+         * BN_BLINDING is shared, meaning that accesses require locks, and
+         * that the blinding factor must be stored outside the BN_BLINDING
+         */
+        *local = 0;
+
+        if (rsa->mt_blinding == NULL) {
+            rsa->mt_blinding = RSA_setup_blinding(rsa, ctx);
+        }
+        ret = rsa->mt_blinding;
+    }
+
+ err:
+    CRYPTO_THREAD_unlock(rsa->lock);
+    return ret;
+}
+
+static int rsa_blinding_convert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind,
+                                BN_CTX *ctx)
+{
+    if (unblind == NULL) {
+        /*
+         * Local blinding: store the unblinding factor in BN_BLINDING.
+         */
+        return BN_BLINDING_convert_ex(f, NULL, b, ctx);
+    } else {
+        /*
+         * Shared blinding: store the unblinding factor outside BN_BLINDING.
+         */
+        int ret;
+
+        BN_BLINDING_lock(b);
+        ret = BN_BLINDING_convert_ex(f, unblind, b, ctx);
+        BN_BLINDING_unlock(b);
+
+        return ret;
+    }
+}
+
+static int rsa_blinding_invert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind,
+                               BN_CTX *ctx)
+{
+    /*
+     * For local blinding, unblind is set to NULL, and BN_BLINDING_invert_ex
+     * will use the unblinding factor stored in BN_BLINDING. If BN_BLINDING
+     * is shared between threads, unblind must be non-null:
+     * BN_BLINDING_invert_ex will then use the local unblinding factor, and
+     * will only read the modulus from BN_BLINDING. In both cases it's safe
+     * to access the blinding without a lock.
+     */
+    return BN_BLINDING_invert_ex(f, unblind, b, ctx);
+}
+
+/* signing */
+static int rsa_ossl_private_encrypt(int flen, const unsigned char *from,
+                                   unsigned char *to, RSA *rsa, int padding)
+{
+    BIGNUM *f, *ret, *res;
+    int i, num = 0, r = -1;
+    unsigned char *buf = NULL;
+    BN_CTX *ctx = NULL;
+    int local_blinding = 0;
+    /*
+     * Used only if the blinding structure is shared. A non-NULL unblind
+     * instructs rsa_blinding_convert() and rsa_blinding_invert() to store
+     * the unblinding factor outside the blinding structure.
+     */
+    BIGNUM *unblind = NULL;
+    BN_BLINDING *blinding = NULL;
+
+    if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+    f = BN_CTX_get(ctx);
+    ret = BN_CTX_get(ctx);
+    num = BN_num_bytes(rsa->n);
+    buf = OPENSSL_malloc(num);
+    if (ret == NULL || buf == NULL) {
+        RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    switch (padding) {
+    case RSA_PKCS1_PADDING:
+        i = RSA_padding_add_PKCS1_type_1(buf, num, from, flen);
+        break;
+    case RSA_X931_PADDING:
+        i = RSA_padding_add_X931(buf, num, from, flen);
+        break;
+    case RSA_NO_PADDING:
+        i = RSA_padding_add_none(buf, num, from, flen);
+        break;
+    case RSA_SSLV23_PADDING:
+    default:
+        RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
+        goto err;
+    }
+    if (i <= 0)
+        goto err;
+
+    if (BN_bin2bn(buf, num, f) == NULL)
+        goto err;
+
+    if (BN_ucmp(f, rsa->n) >= 0) {
+        /* usually the padding functions would catch this */
+        RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT,
+               RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
+        goto err;
+    }
+
+    if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
+        if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, rsa->lock,
+                                    rsa->n, ctx))
+            goto err;
+
+    if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) {
+        blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
+        if (blinding == NULL) {
+            RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+    }
+
+    if (blinding != NULL) {
+        if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) {
+            RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (!rsa_blinding_convert(blinding, f, unblind, ctx))
+            goto err;
+    }
+
+    if ((rsa->flags & RSA_FLAG_EXT_PKEY) ||
+        (rsa->version == RSA_ASN1_VERSION_MULTI) ||
+        ((rsa->p != NULL) &&
+         (rsa->q != NULL) &&
+         (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL))) {
+        if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx))
+            goto err;
+    } else {
+        BIGNUM *d = BN_new();
+        if (d == NULL) {
+            RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+
+        if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx,
+                                   rsa->_method_mod_n)) {
+            BN_free(d);
+            goto err;
+        }
+        /* We MUST free d before any further use of rsa->d */
+        BN_free(d);
+    }
+
+    if (blinding)
+        if (!rsa_blinding_invert(blinding, ret, unblind, ctx))
+            goto err;
+
+    if (padding == RSA_X931_PADDING) {
+        if (!BN_sub(f, rsa->n, ret))
+            goto err;
+        if (BN_cmp(ret, f) > 0)
+            res = f;
+        else
+            res = ret;
+    } else {
+        res = ret;
+    }
+
+    /*
+     * BN_bn2binpad puts in leading 0 bytes if the number is less than
+     * the length of the modulus.
+     */
+    r = BN_bn2binpad(res, to, num);
+ err:
+    if (ctx != NULL)
+        BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    OPENSSL_clear_free(buf, num);
+    return r;
+}
+
+static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
+                                   unsigned char *to, RSA *rsa, int padding)
+{
+    BIGNUM *f, *ret;
+    int j, num = 0, r = -1;
+    unsigned char *buf = NULL;
+    BN_CTX *ctx = NULL;
+    int local_blinding = 0;
+    /*
+     * Used only if the blinding structure is shared. A non-NULL unblind
+     * instructs rsa_blinding_convert() and rsa_blinding_invert() to store
+     * the unblinding factor outside the blinding structure.
+     */
+    BIGNUM *unblind = NULL;
+    BN_BLINDING *blinding = NULL;
+
+    if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+    f = BN_CTX_get(ctx);
+    ret = BN_CTX_get(ctx);
+    num = BN_num_bytes(rsa->n);
+    buf = OPENSSL_malloc(num);
+    if (ret == NULL || buf == NULL) {
+        RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /*
+     * This check was for equality but PGP does evil things and chops off the
+     * top '0' bytes
+     */
+    if (flen > num) {
+        RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT,
+               RSA_R_DATA_GREATER_THAN_MOD_LEN);
+        goto err;
+    }
+
+    /* make data into a big number */
+    if (BN_bin2bn(from, (int)flen, f) == NULL)
+        goto err;
+
+    if (BN_ucmp(f, rsa->n) >= 0) {
+        RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT,
+               RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
+        goto err;
+    }
+
+    if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) {
+        blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
+        if (blinding == NULL) {
+            RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+    }
+
+    if (blinding != NULL) {
+        if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) {
+            RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (!rsa_blinding_convert(blinding, f, unblind, ctx))
+            goto err;
+    }
+
+    /* do the decrypt */
+    if ((rsa->flags & RSA_FLAG_EXT_PKEY) ||
+        (rsa->version == RSA_ASN1_VERSION_MULTI) ||
+        ((rsa->p != NULL) &&
+         (rsa->q != NULL) &&
+         (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL))) {
+        if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx))
+            goto err;
+    } else {
+        BIGNUM *d = BN_new();
+        if (d == NULL) {
+            RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+
+        if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
+            if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, rsa->lock,
+                                        rsa->n, ctx)) {
+                BN_free(d);
+                goto err;
+            }
+        if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx,
+                                   rsa->_method_mod_n)) {
+            BN_free(d);
+            goto err;
+        }
+        /* We MUST free d before any further use of rsa->d */
+        BN_free(d);
+    }
+
+    if (blinding)
+        if (!rsa_blinding_invert(blinding, ret, unblind, ctx))
+            goto err;
+
+    j = BN_bn2binpad(ret, buf, num);
+
+    switch (padding) {
+    case RSA_PKCS1_PADDING:
+        r = RSA_padding_check_PKCS1_type_2(to, num, buf, j, num);
+        break;
+    case RSA_PKCS1_OAEP_PADDING:
+        r = RSA_padding_check_PKCS1_OAEP(to, num, buf, j, num, NULL, 0);
+        break;
+    case RSA_SSLV23_PADDING:
+        r = RSA_padding_check_SSLv23(to, num, buf, j, num);
+        break;
+    case RSA_NO_PADDING:
+        memcpy(to, buf, (r = j));
+        break;
+    default:
+        RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
+        goto err;
+    }
+    RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_PADDING_CHECK_FAILED);
+    err_clear_last_constant_time(r >= 0);
+
+ err:
+    if (ctx != NULL)
+        BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    OPENSSL_clear_free(buf, num);
+    return r;
+}
+
+/* signature verification */
+static int rsa_ossl_public_decrypt(int flen, const unsigned char *from,
+                                  unsigned char *to, RSA *rsa, int padding)
+{
+    BIGNUM *f, *ret;
+    int i, num = 0, r = -1;
+    unsigned char *buf = NULL;
+    BN_CTX *ctx = NULL;
+
+    if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) {
+        RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE);
+        return -1;
+    }
+
+    if (BN_ucmp(rsa->n, rsa->e) <= 0) {
+        RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);
+        return -1;
+    }
+
+    /* for large moduli, enforce exponent limit */
+    if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) {
+        if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) {
+            RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);
+            return -1;
+        }
+    }
+
+    if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+    f = BN_CTX_get(ctx);
+    ret = BN_CTX_get(ctx);
+    num = BN_num_bytes(rsa->n);
+    buf = OPENSSL_malloc(num);
+    if (ret == NULL || buf == NULL) {
+        RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /*
+     * This check was for equality but PGP does evil things and chops off the
+     * top '0' bytes
+     */
+    if (flen > num) {
+        RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_DATA_GREATER_THAN_MOD_LEN);
+        goto err;
+    }
+
+    if (BN_bin2bn(from, flen, f) == NULL)
+        goto err;
+
+    if (BN_ucmp(f, rsa->n) >= 0) {
+        RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT,
+               RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
+        goto err;
+    }
+
+    if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
+        if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, rsa->lock,
+                                    rsa->n, ctx))
+            goto err;
+
+    if (!rsa->meth->bn_mod_exp(ret, f, rsa->e, rsa->n, ctx,
+                               rsa->_method_mod_n))
+        goto err;
+
+    if ((padding == RSA_X931_PADDING) && ((bn_get_words(ret)[0] & 0xf) != 12))
+        if (!BN_sub(ret, rsa->n, ret))
+            goto err;
+
+    i = BN_bn2binpad(ret, buf, num);
+
+    switch (padding) {
+    case RSA_PKCS1_PADDING:
+        r = RSA_padding_check_PKCS1_type_1(to, num, buf, i, num);
+        break;
+    case RSA_X931_PADDING:
+        r = RSA_padding_check_X931(to, num, buf, i, num);
+        break;
+    case RSA_NO_PADDING:
+        memcpy(to, buf, (r = i));
+        break;
+    default:
+        RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
+        goto err;
+    }
+    if (r < 0)
+        RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_PADDING_CHECK_FAILED);
+
+ err:
+    if (ctx != NULL)
+        BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    OPENSSL_clear_free(buf, num);
+    return r;
+}
+
+static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
+{
+    BIGNUM *r1, *m1, *vrfy, *r2, *m[RSA_MAX_PRIME_NUM - 2];
+    int ret = 0, i, ex_primes = 0, smooth = 0;
+    RSA_PRIME_INFO *pinfo;
+
+    BN_CTX_start(ctx);
+
+    r1 = BN_CTX_get(ctx);
+    r2 = BN_CTX_get(ctx);
+    m1 = BN_CTX_get(ctx);
+    vrfy = BN_CTX_get(ctx);
+    if (vrfy == NULL)
+        goto err;
+
+    if (rsa->version == RSA_ASN1_VERSION_MULTI
+        && ((ex_primes = sk_RSA_PRIME_INFO_num(rsa->prime_infos)) <= 0
+             || ex_primes > RSA_MAX_PRIME_NUM - 2))
+        goto err;
+
+    if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) {
+        BIGNUM *factor = BN_new();
+
+        if (factor == NULL)
+            goto err;
+
+        /*
+         * Make sure BN_mod_inverse in Montgomery initialization uses the
+         * BN_FLG_CONSTTIME flag
+         */
+        if (!(BN_with_flags(factor, rsa->p, BN_FLG_CONSTTIME),
+              BN_MONT_CTX_set_locked(&rsa->_method_mod_p, rsa->lock,
+                                     factor, ctx))
+            || !(BN_with_flags(factor, rsa->q, BN_FLG_CONSTTIME),
+                 BN_MONT_CTX_set_locked(&rsa->_method_mod_q, rsa->lock,
+                                        factor, ctx))) {
+            BN_free(factor);
+            goto err;
+        }
+        for (i = 0; i < ex_primes; i++) {
+            pinfo = sk_RSA_PRIME_INFO_value(rsa->prime_infos, i);
+            BN_with_flags(factor, pinfo->r, BN_FLG_CONSTTIME);
+            if (!BN_MONT_CTX_set_locked(&pinfo->m, rsa->lock, factor, ctx)) {
+                BN_free(factor);
+                goto err;
+            }
+        }
+        /*
+         * We MUST free |factor| before any further use of the prime factors
+         */
+        BN_free(factor);
+
+        smooth = (ex_primes == 0)
+                 && (rsa->meth->bn_mod_exp == BN_mod_exp_mont)
+                 && (BN_num_bits(rsa->q) == BN_num_bits(rsa->p));
+    }
+
+    if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
+        if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, rsa->lock,
+                                    rsa->n, ctx))
+            goto err;
+
+    if (smooth) {
+        /*
+         * Conversion from Montgomery domain, a.k.a. Montgomery reduction,
+         * accepts values in [0-m*2^w) range. w is m's bit width rounded up
+         * to limb width. So that at the very least if |I| is fully reduced,
+         * i.e. less than p*q, we can count on from-to round to perform
+         * below modulo operations on |I|. Unlike BN_mod it's constant time.
+         */
+        if (/* m1 = I moq q */
+            !bn_from_mont_fixed_top(m1, I, rsa->_method_mod_q, ctx)
+            || !bn_to_mont_fixed_top(m1, m1, rsa->_method_mod_q, ctx)
+            /* m1 = m1^dmq1 mod q */
+            || !BN_mod_exp_mont_consttime(m1, m1, rsa->dmq1, rsa->q, ctx,
+                                          rsa->_method_mod_q)
+            /* r1 = I mod p */
+            || !bn_from_mont_fixed_top(r1, I, rsa->_method_mod_p, ctx)
+            || !bn_to_mont_fixed_top(r1, r1, rsa->_method_mod_p, ctx)
+            /* r1 = r1^dmp1 mod p */
+            || !BN_mod_exp_mont_consttime(r1, r1, rsa->dmp1, rsa->p, ctx,
+                                          rsa->_method_mod_p)
+            /* r1 = (r1 - m1) mod p */
+            /*
+             * bn_mod_sub_fixed_top is not regular modular subtraction,
+             * it can tolerate subtrahend to be larger than modulus, but
+             * not bit-wise wider. This makes up for uncommon q>p case,
+             * when |m1| can be larger than |rsa->p|.
+             */
+            || !bn_mod_sub_fixed_top(r1, r1, m1, rsa->p)
+
+            /* r1 = r1 * iqmp mod p */
+            || !bn_to_mont_fixed_top(r1, r1, rsa->_method_mod_p, ctx)
+            || !bn_mul_mont_fixed_top(r1, r1, rsa->iqmp, rsa->_method_mod_p,
+                                      ctx)
+            /* r0 = r1 * q + m1 */
+            || !bn_mul_fixed_top(r0, r1, rsa->q, ctx)
+            || !bn_mod_add_fixed_top(r0, r0, m1, rsa->n))
+            goto err;
+
+        goto tail;
+    }
+
+    /* compute I mod q */
+    {
+        BIGNUM *c = BN_new();
+        if (c == NULL)
+            goto err;
+        BN_with_flags(c, I, BN_FLG_CONSTTIME);
+
+        if (!BN_mod(r1, c, rsa->q, ctx)) {
+            BN_free(c);
+            goto err;
+        }
+
+        {
+            BIGNUM *dmq1 = BN_new();
+            if (dmq1 == NULL) {
+                BN_free(c);
+                goto err;
+            }
+            BN_with_flags(dmq1, rsa->dmq1, BN_FLG_CONSTTIME);
+
+            /* compute r1^dmq1 mod q */
+            if (!rsa->meth->bn_mod_exp(m1, r1, dmq1, rsa->q, ctx,
+                                       rsa->_method_mod_q)) {
+                BN_free(c);
+                BN_free(dmq1);
+                goto err;
+            }
+            /* We MUST free dmq1 before any further use of rsa->dmq1 */
+            BN_free(dmq1);
+        }
+
+        /* compute I mod p */
+        if (!BN_mod(r1, c, rsa->p, ctx)) {
+            BN_free(c);
+            goto err;
+        }
+        /* We MUST free c before any further use of I */
+        BN_free(c);
+    }
+
+    {
+        BIGNUM *dmp1 = BN_new();
+        if (dmp1 == NULL)
+            goto err;
+        BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME);
+
+        /* compute r1^dmp1 mod p */
+        if (!rsa->meth->bn_mod_exp(r0, r1, dmp1, rsa->p, ctx,
+                                   rsa->_method_mod_p)) {
+            BN_free(dmp1);
+            goto err;
+        }
+        /* We MUST free dmp1 before any further use of rsa->dmp1 */
+        BN_free(dmp1);
+    }
+
+    /*
+     * calculate m_i in multi-prime case
+     *
+     * TODO:
+     * 1. squash the following two loops and calculate |m_i| there.
+     * 2. remove cc and reuse |c|.
+     * 3. remove |dmq1| and |dmp1| in previous block and use |di|.
+     *
+     * If these things are done, the code will be more readable.
+     */
+    if (ex_primes > 0) {
+        BIGNUM *di = BN_new(), *cc = BN_new();
+
+        if (cc == NULL || di == NULL) {
+            BN_free(cc);
+            BN_free(di);
+            goto err;
+        }
+
+        for (i = 0; i < ex_primes; i++) {
+            /* prepare m_i */
+            if ((m[i] = BN_CTX_get(ctx)) == NULL) {
+                BN_free(cc);
+                BN_free(di);
+                goto err;
+            }
+
+            pinfo = sk_RSA_PRIME_INFO_value(rsa->prime_infos, i);
+
+            /* prepare c and d_i */
+            BN_with_flags(cc, I, BN_FLG_CONSTTIME);
+            BN_with_flags(di, pinfo->d, BN_FLG_CONSTTIME);
+
+            if (!BN_mod(r1, cc, pinfo->r, ctx)) {
+                BN_free(cc);
+                BN_free(di);
+                goto err;
+            }
+            /* compute r1 ^ d_i mod r_i */
+            if (!rsa->meth->bn_mod_exp(m[i], r1, di, pinfo->r, ctx, pinfo->m)) {
+                BN_free(cc);
+                BN_free(di);
+                goto err;
+            }
+        }
+
+        BN_free(cc);
+        BN_free(di);
+    }
+
+    if (!BN_sub(r0, r0, m1))
+        goto err;
+    /*
+     * This will help stop the size of r0 increasing, which does affect the
+     * multiply if it optimised for a power of 2 size
+     */
+    if (BN_is_negative(r0))
+        if (!BN_add(r0, r0, rsa->p))
+            goto err;
+
+    if (!BN_mul(r1, r0, rsa->iqmp, ctx))
+        goto err;
+
+    {
+        BIGNUM *pr1 = BN_new();
+        if (pr1 == NULL)
+            goto err;
+        BN_with_flags(pr1, r1, BN_FLG_CONSTTIME);
+
+        if (!BN_mod(r0, pr1, rsa->p, ctx)) {
+            BN_free(pr1);
+            goto err;
+        }
+        /* We MUST free pr1 before any further use of r1 */
+        BN_free(pr1);
+    }
+
+    /*
+     * If p < q it is occasionally possible for the correction of adding 'p'
+     * if r0 is negative above to leave the result still negative. This can
+     * break the private key operations: the following second correction
+     * should *always* correct this rare occurrence. This will *never* happen
+     * with OpenSSL generated keys because they ensure p > q [steve]
+     */
+    if (BN_is_negative(r0))
+        if (!BN_add(r0, r0, rsa->p))
+            goto err;
+    if (!BN_mul(r1, r0, rsa->q, ctx))
+        goto err;
+    if (!BN_add(r0, r1, m1))
+        goto err;
+
+    /* add m_i to m in multi-prime case */
+    if (ex_primes > 0) {
+        BIGNUM *pr2 = BN_new();
+
+        if (pr2 == NULL)
+            goto err;
+
+        for (i = 0; i < ex_primes; i++) {
+            pinfo = sk_RSA_PRIME_INFO_value(rsa->prime_infos, i);
+            if (!BN_sub(r1, m[i], r0)) {
+                BN_free(pr2);
+                goto err;
+            }
+
+            if (!BN_mul(r2, r1, pinfo->t, ctx)) {
+                BN_free(pr2);
+                goto err;
+            }
+
+            BN_with_flags(pr2, r2, BN_FLG_CONSTTIME);
+
+            if (!BN_mod(r1, pr2, pinfo->r, ctx)) {
+                BN_free(pr2);
+                goto err;
+            }
+
+            if (BN_is_negative(r1))
+                if (!BN_add(r1, r1, pinfo->r)) {
+                    BN_free(pr2);
+                    goto err;
+                }
+            if (!BN_mul(r1, r1, pinfo->pp, ctx)) {
+                BN_free(pr2);
+                goto err;
+            }
+            if (!BN_add(r0, r0, r1)) {
+                BN_free(pr2);
+                goto err;
+            }
+        }
+        BN_free(pr2);
+    }
+
+ tail:
+    if (rsa->e && rsa->n) {
+        if (rsa->meth->bn_mod_exp == BN_mod_exp_mont) {
+            if (!BN_mod_exp_mont(vrfy, r0, rsa->e, rsa->n, ctx,
+                                 rsa->_method_mod_n))
+                goto err;
+        } else {
+            bn_correct_top(r0);
+            if (!rsa->meth->bn_mod_exp(vrfy, r0, rsa->e, rsa->n, ctx,
+                                       rsa->_method_mod_n))
+                goto err;
+        }
+        /*
+         * If 'I' was greater than (or equal to) rsa->n, the operation will
+         * be equivalent to using 'I mod n'. However, the result of the
+         * verify will *always* be less than 'n' so we don't check for
+         * absolute equality, just congruency.
+         */
+        if (!BN_sub(vrfy, vrfy, I))
+            goto err;
+        if (BN_is_zero(vrfy)) {
+            bn_correct_top(r0);
+            ret = 1;
+            goto err;   /* not actually error */
+        }
+        if (!BN_mod(vrfy, vrfy, rsa->n, ctx))
+            goto err;
+        if (BN_is_negative(vrfy))
+            if (!BN_add(vrfy, vrfy, rsa->n))
+                goto err;
+        if (!BN_is_zero(vrfy)) {
+            /*
+             * 'I' and 'vrfy' aren't congruent mod n. Don't leak
+             * miscalculated CRT output, just do a raw (slower) mod_exp and
+             * return that instead.
+             */
+
+            BIGNUM *d = BN_new();
+            if (d == NULL)
+                goto err;
+            BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+
+            if (!rsa->meth->bn_mod_exp(r0, I, d, rsa->n, ctx,
+                                       rsa->_method_mod_n)) {
+                BN_free(d);
+                goto err;
+            }
+            /* We MUST free d before any further use of rsa->d */
+            BN_free(d);
+        }
+    }
+    /*
+     * It's unfortunate that we have to bn_correct_top(r0). What hopefully
+     * saves the day is that correction is highly unlike, and private key
+     * operations are customarily performed on blinded message. Which means
+     * that attacker won't observe correlation with chosen plaintext.
+     * Secondly, remaining code would still handle it in same computational
+     * time and even conceal memory access pattern around corrected top.
+     */
+    bn_correct_top(r0);
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+static int rsa_ossl_init(RSA *rsa)
+{
+    rsa->flags |= RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE;
+    return 1;
+}
+
+static int rsa_ossl_finish(RSA *rsa)
+{
+    int i;
+    RSA_PRIME_INFO *pinfo;
+
+    BN_MONT_CTX_free(rsa->_method_mod_n);
+    BN_MONT_CTX_free(rsa->_method_mod_p);
+    BN_MONT_CTX_free(rsa->_method_mod_q);
+    for (i = 0; i < sk_RSA_PRIME_INFO_num(rsa->prime_infos); i++) {
+        pinfo = sk_RSA_PRIME_INFO_value(rsa->prime_infos, i);
+        BN_MONT_CTX_free(pinfo->m);
+    }
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_pk1.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_pk1.c
new file mode 100644
index 000000000..062690741
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_pk1.c
@@ -0,0 +1,255 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/constant_time_locl.h"
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/rand.h>
+
+int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
+                                 const unsigned char *from, int flen)
+{
+    int j;
+    unsigned char *p;
+
+    if (flen > (tlen - RSA_PKCS1_PADDING_SIZE)) {
+        RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,
+               RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+        return 0;
+    }
+
+    p = (unsigned char *)to;
+
+    *(p++) = 0;
+    *(p++) = 1;                 /* Private Key BT (Block Type) */
+
+    /* pad out with 0xff data */
+    j = tlen - 3 - flen;
+    memset(p, 0xff, j);
+    p += j;
+    *(p++) = '\0';
+    memcpy(p, from, (unsigned int)flen);
+    return 1;
+}
+
+int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
+                                   const unsigned char *from, int flen,
+                                   int num)
+{
+    int i, j;
+    const unsigned char *p;
+
+    p = from;
+
+    /*
+     * The format is
+     * 00 || 01 || PS || 00 || D
+     * PS - padding string, at least 8 bytes of FF
+     * D  - data.
+     */
+
+    if (num < 11)
+        return -1;
+
+    /* Accept inputs with and without the leading 0-byte. */
+    if (num == flen) {
+        if ((*p++) != 0x00) {
+            RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
+                   RSA_R_INVALID_PADDING);
+            return -1;
+        }
+        flen--;
+    }
+
+    if ((num != (flen + 1)) || (*(p++) != 0x01)) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
+               RSA_R_BLOCK_TYPE_IS_NOT_01);
+        return -1;
+    }
+
+    /* scan over padding data */
+    j = flen - 1;               /* one for type. */
+    for (i = 0; i < j; i++) {
+        if (*p != 0xff) {       /* should decrypt to 0xff */
+            if (*p == 0) {
+                p++;
+                break;
+            } else {
+                RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
+                       RSA_R_BAD_FIXED_HEADER_DECRYPT);
+                return -1;
+            }
+        }
+        p++;
+    }
+
+    if (i == j) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
+               RSA_R_NULL_BEFORE_BLOCK_MISSING);
+        return -1;
+    }
+
+    if (i < 8) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
+               RSA_R_BAD_PAD_BYTE_COUNT);
+        return -1;
+    }
+    i++;                        /* Skip over the '\0' */
+    j -= i;
+    if (j > tlen) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1, RSA_R_DATA_TOO_LARGE);
+        return -1;
+    }
+    memcpy(to, p, (unsigned int)j);
+
+    return j;
+}
+
+int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
+                                 const unsigned char *from, int flen)
+{
+    int i, j;
+    unsigned char *p;
+
+    if (flen > (tlen - 11)) {
+        RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2,
+               RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+        return 0;
+    }
+
+    p = (unsigned char *)to;
+
+    *(p++) = 0;
+    *(p++) = 2;                 /* Public Key BT (Block Type) */
+
+    /* pad out with non-zero random data */
+    j = tlen - 3 - flen;
+
+    if (RAND_bytes(p, j) <= 0)
+        return 0;
+    for (i = 0; i < j; i++) {
+        if (*p == '\0')
+            do {
+                if (RAND_bytes(p, 1) <= 0)
+                    return 0;
+            } while (*p == '\0');
+        p++;
+    }
+
+    *(p++) = '\0';
+
+    memcpy(p, from, (unsigned int)flen);
+    return 1;
+}
+
+int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
+                                   const unsigned char *from, int flen,
+                                   int num)
+{
+    int i;
+    /* |em| is the encoded message, zero-padded to exactly |num| bytes */
+    unsigned char *em = NULL;
+    unsigned int good, found_zero_byte, mask;
+    int zero_index = 0, msg_index, mlen = -1;
+
+    if (tlen <= 0 || flen <= 0)
+        return -1;
+
+    /*
+     * PKCS#1 v1.5 decryption. See "PKCS #1 v2.2: RSA Cryptography Standard",
+     * section 7.2.2.
+     */
+
+    if (flen > num || num < 11) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,
+               RSA_R_PKCS_DECODING_ERROR);
+        return -1;
+    }
+
+    em = OPENSSL_malloc(num);
+    if (em == NULL) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+    /*
+     * Caller is encouraged to pass zero-padded message created with
+     * BN_bn2binpad. Trouble is that since we can't read out of |from|'s
+     * bounds, it's impossible to have an invariant memory access pattern
+     * in case |from| was not zero-padded in advance.
+     */
+    for (from += flen, em += num, i = 0; i < num; i++) {
+        mask = ~constant_time_is_zero(flen);
+        flen -= 1 & mask;
+        from -= 1 & mask;
+        *--em = *from & mask;
+    }
+    from = em;
+
+    good = constant_time_is_zero(from[0]);
+    good &= constant_time_eq(from[1], 2);
+
+    /* scan over padding data */
+    found_zero_byte = 0;
+    for (i = 2; i < num; i++) {
+        unsigned int equals0 = constant_time_is_zero(from[i]);
+
+        zero_index = constant_time_select_int(~found_zero_byte & equals0,
+                                              i, zero_index);
+        found_zero_byte |= equals0;
+    }
+
+    /*
+     * PS must be at least 8 bytes long, and it starts two bytes into |from|.
+     * If we never found a 0-byte, then |zero_index| is 0 and the check
+     * also fails.
+     */
+    good &= constant_time_ge(zero_index, 2 + 8);
+
+    /*
+     * Skip the zero byte. This is incorrect if we never found a zero-byte
+     * but in this case we also do not copy the message out.
+     */
+    msg_index = zero_index + 1;
+    mlen = num - msg_index;
+
+    /*
+     * For good measure, do this check in constant time as well.
+     */
+    good &= constant_time_ge(tlen, mlen);
+
+    /*
+     * Even though we can't fake result's length, we can pretend copying
+     * |tlen| bytes where |mlen| bytes would be real. Last |tlen| of |num|
+     * bytes are viewed as circular buffer with start at |tlen|-|mlen'|,
+     * where |mlen'| is "saturated" |mlen| value. Deducing information
+     * about failure or |mlen| would take attacker's ability to observe
+     * memory access pattern with byte granularity *as it occurs*. It
+     * should be noted that failure is indistinguishable from normal
+     * operation if |tlen| is fixed by protocol.
+     */
+    tlen = constant_time_select_int(constant_time_lt(num, tlen), num, tlen);
+    msg_index = constant_time_select_int(good, msg_index, num - tlen);
+    mlen = num - msg_index;
+    for (from += msg_index, mask = good, i = 0; i < tlen; i++) {
+        unsigned int equals = constant_time_eq(i, mlen);
+
+        from -= tlen & equals;  /* if (i == mlen) rewind   */
+        mask &= mask ^ equals;  /* if (i == mlen) mask = 0 */
+        to[i] = constant_time_select_8(mask, from[i], to[i]);
+    }
+
+    OPENSSL_clear_free(em, num);
+    RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, RSA_R_PKCS_DECODING_ERROR);
+    err_clear_last_constant_time(1 & good);
+
+    return constant_time_select_int(good, mlen, -1);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_pmeth.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_pmeth.c
new file mode 100644
index 000000000..c10669f8a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_pmeth.c
@@ -0,0 +1,860 @@
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/rsa.h>
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/x509v3.h>
+#include <openssl/cms.h>
+#include "internal/evp_int.h"
+#include "rsa_locl.h"
+
+/* RSA pkey context structure */
+
+typedef struct {
+    /* Key gen parameters */
+    int nbits;
+    BIGNUM *pub_exp;
+    int primes;
+    /* Keygen callback info */
+    int gentmp[2];
+    /* RSA padding mode */
+    int pad_mode;
+    /* message digest */
+    const EVP_MD *md;
+    /* message digest for MGF1 */
+    const EVP_MD *mgf1md;
+    /* PSS salt length */
+    int saltlen;
+    /* Minimum salt length or -1 if no PSS parameter restriction */
+    int min_saltlen;
+    /* Temp buffer */
+    unsigned char *tbuf;
+    /* OAEP label */
+    unsigned char *oaep_label;
+    size_t oaep_labellen;
+} RSA_PKEY_CTX;
+
+/* True if PSS parameters are restricted */
+#define rsa_pss_restricted(rctx) (rctx->min_saltlen != -1)
+
+static int pkey_rsa_init(EVP_PKEY_CTX *ctx)
+{
+    RSA_PKEY_CTX *rctx = OPENSSL_zalloc(sizeof(*rctx));
+
+    if (rctx == NULL)
+        return 0;
+    rctx->nbits = 1024;
+    rctx->primes = RSA_DEFAULT_PRIME_NUM;
+    if (pkey_ctx_is_pss(ctx))
+        rctx->pad_mode = RSA_PKCS1_PSS_PADDING;
+    else
+        rctx->pad_mode = RSA_PKCS1_PADDING;
+    /* Maximum for sign, auto for verify */
+    rctx->saltlen = RSA_PSS_SALTLEN_AUTO;
+    rctx->min_saltlen = -1;
+    ctx->data = rctx;
+    ctx->keygen_info = rctx->gentmp;
+    ctx->keygen_info_count = 2;
+
+    return 1;
+}
+
+static int pkey_rsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
+{
+    RSA_PKEY_CTX *dctx, *sctx;
+
+    if (!pkey_rsa_init(dst))
+        return 0;
+    sctx = src->data;
+    dctx = dst->data;
+    dctx->nbits = sctx->nbits;
+    if (sctx->pub_exp) {
+        dctx->pub_exp = BN_dup(sctx->pub_exp);
+        if (!dctx->pub_exp)
+            return 0;
+    }
+    dctx->pad_mode = sctx->pad_mode;
+    dctx->md = sctx->md;
+    dctx->mgf1md = sctx->mgf1md;
+    if (sctx->oaep_label) {
+        OPENSSL_free(dctx->oaep_label);
+        dctx->oaep_label = OPENSSL_memdup(sctx->oaep_label, sctx->oaep_labellen);
+        if (!dctx->oaep_label)
+            return 0;
+        dctx->oaep_labellen = sctx->oaep_labellen;
+    }
+    return 1;
+}
+
+static int setup_tbuf(RSA_PKEY_CTX *ctx, EVP_PKEY_CTX *pk)
+{
+    if (ctx->tbuf != NULL)
+        return 1;
+    if ((ctx->tbuf = OPENSSL_malloc(EVP_PKEY_size(pk->pkey))) == NULL) {
+        RSAerr(RSA_F_SETUP_TBUF, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    return 1;
+}
+
+static void pkey_rsa_cleanup(EVP_PKEY_CTX *ctx)
+{
+    RSA_PKEY_CTX *rctx = ctx->data;
+    if (rctx) {
+        BN_free(rctx->pub_exp);
+        OPENSSL_free(rctx->tbuf);
+        OPENSSL_free(rctx->oaep_label);
+        OPENSSL_free(rctx);
+    }
+}
+
+static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
+                         size_t *siglen, const unsigned char *tbs,
+                         size_t tbslen)
+{
+    int ret;
+    RSA_PKEY_CTX *rctx = ctx->data;
+    RSA *rsa = ctx->pkey->pkey.rsa;
+
+    if (rctx->md) {
+        if (tbslen != (size_t)EVP_MD_size(rctx->md)) {
+            RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_INVALID_DIGEST_LENGTH);
+            return -1;
+        }
+
+        if (EVP_MD_type(rctx->md) == NID_mdc2) {
+            unsigned int sltmp;
+            if (rctx->pad_mode != RSA_PKCS1_PADDING)
+                return -1;
+            ret = RSA_sign_ASN1_OCTET_STRING(0,
+                                             tbs, tbslen, sig, &sltmp, rsa);
+
+            if (ret <= 0)
+                return ret;
+            ret = sltmp;
+        } else if (rctx->pad_mode == RSA_X931_PADDING) {
+            if ((size_t)EVP_PKEY_size(ctx->pkey) < tbslen + 1) {
+                RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_KEY_SIZE_TOO_SMALL);
+                return -1;
+            }
+            if (!setup_tbuf(rctx, ctx)) {
+                RSAerr(RSA_F_PKEY_RSA_SIGN, ERR_R_MALLOC_FAILURE);
+                return -1;
+            }
+            memcpy(rctx->tbuf, tbs, tbslen);
+            rctx->tbuf[tbslen] = RSA_X931_hash_id(EVP_MD_type(rctx->md));
+            ret = RSA_private_encrypt(tbslen + 1, rctx->tbuf,
+                                      sig, rsa, RSA_X931_PADDING);
+        } else if (rctx->pad_mode == RSA_PKCS1_PADDING) {
+            unsigned int sltmp;
+            ret = RSA_sign(EVP_MD_type(rctx->md),
+                           tbs, tbslen, sig, &sltmp, rsa);
+            if (ret <= 0)
+                return ret;
+            ret = sltmp;
+        } else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) {
+            if (!setup_tbuf(rctx, ctx))
+                return -1;
+            if (!RSA_padding_add_PKCS1_PSS_mgf1(rsa,
+                                                rctx->tbuf, tbs,
+                                                rctx->md, rctx->mgf1md,
+                                                rctx->saltlen))
+                return -1;
+            ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf,
+                                      sig, rsa, RSA_NO_PADDING);
+        } else {
+            return -1;
+        }
+    } else {
+        ret = RSA_private_encrypt(tbslen, tbs, sig, ctx->pkey->pkey.rsa,
+                                  rctx->pad_mode);
+    }
+    if (ret < 0)
+        return ret;
+    *siglen = ret;
+    return 1;
+}
+
+static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx,
+                                  unsigned char *rout, size_t *routlen,
+                                  const unsigned char *sig, size_t siglen)
+{
+    int ret;
+    RSA_PKEY_CTX *rctx = ctx->data;
+
+    if (rctx->md) {
+        if (rctx->pad_mode == RSA_X931_PADDING) {
+            if (!setup_tbuf(rctx, ctx))
+                return -1;
+            ret = RSA_public_decrypt(siglen, sig,
+                                     rctx->tbuf, ctx->pkey->pkey.rsa,
+                                     RSA_X931_PADDING);
+            if (ret < 1)
+                return 0;
+            ret--;
+            if (rctx->tbuf[ret] != RSA_X931_hash_id(EVP_MD_type(rctx->md))) {
+                RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER,
+                       RSA_R_ALGORITHM_MISMATCH);
+                return 0;
+            }
+            if (ret != EVP_MD_size(rctx->md)) {
+                RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER,
+                       RSA_R_INVALID_DIGEST_LENGTH);
+                return 0;
+            }
+            if (rout)
+                memcpy(rout, rctx->tbuf, ret);
+        } else if (rctx->pad_mode == RSA_PKCS1_PADDING) {
+            size_t sltmp;
+            ret = int_rsa_verify(EVP_MD_type(rctx->md),
+                                 NULL, 0, rout, &sltmp,
+                                 sig, siglen, ctx->pkey->pkey.rsa);
+            if (ret <= 0)
+                return 0;
+            ret = sltmp;
+        } else {
+            return -1;
+        }
+    } else {
+        ret = RSA_public_decrypt(siglen, sig, rout, ctx->pkey->pkey.rsa,
+                                 rctx->pad_mode);
+    }
+    if (ret < 0)
+        return ret;
+    *routlen = ret;
+    return 1;
+}
+
+static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
+                           const unsigned char *sig, size_t siglen,
+                           const unsigned char *tbs, size_t tbslen)
+{
+    RSA_PKEY_CTX *rctx = ctx->data;
+    RSA *rsa = ctx->pkey->pkey.rsa;
+    size_t rslen;
+
+    if (rctx->md) {
+        if (rctx->pad_mode == RSA_PKCS1_PADDING)
+            return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
+                              sig, siglen, rsa);
+        if (tbslen != (size_t)EVP_MD_size(rctx->md)) {
+            RSAerr(RSA_F_PKEY_RSA_VERIFY, RSA_R_INVALID_DIGEST_LENGTH);
+            return -1;
+        }
+        if (rctx->pad_mode == RSA_X931_PADDING) {
+            if (pkey_rsa_verifyrecover(ctx, NULL, &rslen, sig, siglen) <= 0)
+                return 0;
+        } else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) {
+            int ret;
+            if (!setup_tbuf(rctx, ctx))
+                return -1;
+            ret = RSA_public_decrypt(siglen, sig, rctx->tbuf,
+                                     rsa, RSA_NO_PADDING);
+            if (ret <= 0)
+                return 0;
+            ret = RSA_verify_PKCS1_PSS_mgf1(rsa, tbs,
+                                            rctx->md, rctx->mgf1md,
+                                            rctx->tbuf, rctx->saltlen);
+            if (ret <= 0)
+                return 0;
+            return 1;
+        } else {
+            return -1;
+        }
+    } else {
+        if (!setup_tbuf(rctx, ctx))
+            return -1;
+        rslen = RSA_public_decrypt(siglen, sig, rctx->tbuf,
+                                   rsa, rctx->pad_mode);
+        if (rslen == 0)
+            return 0;
+    }
+
+    if ((rslen != tbslen) || memcmp(tbs, rctx->tbuf, rslen))
+        return 0;
+
+    return 1;
+
+}
+
+static int pkey_rsa_encrypt(EVP_PKEY_CTX *ctx,
+                            unsigned char *out, size_t *outlen,
+                            const unsigned char *in, size_t inlen)
+{
+    int ret;
+    RSA_PKEY_CTX *rctx = ctx->data;
+
+    if (rctx->pad_mode == RSA_PKCS1_OAEP_PADDING) {
+        int klen = RSA_size(ctx->pkey->pkey.rsa);
+        if (!setup_tbuf(rctx, ctx))
+            return -1;
+        if (!RSA_padding_add_PKCS1_OAEP_mgf1(rctx->tbuf, klen,
+                                             in, inlen,
+                                             rctx->oaep_label,
+                                             rctx->oaep_labellen,
+                                             rctx->md, rctx->mgf1md))
+            return -1;
+        ret = RSA_public_encrypt(klen, rctx->tbuf, out,
+                                 ctx->pkey->pkey.rsa, RSA_NO_PADDING);
+    } else {
+        ret = RSA_public_encrypt(inlen, in, out, ctx->pkey->pkey.rsa,
+                                 rctx->pad_mode);
+    }
+    if (ret < 0)
+        return ret;
+    *outlen = ret;
+    return 1;
+}
+
+static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx,
+                            unsigned char *out, size_t *outlen,
+                            const unsigned char *in, size_t inlen)
+{
+    int ret;
+    RSA_PKEY_CTX *rctx = ctx->data;
+
+    if (rctx->pad_mode == RSA_PKCS1_OAEP_PADDING) {
+        if (!setup_tbuf(rctx, ctx))
+            return -1;
+        ret = RSA_private_decrypt(inlen, in, rctx->tbuf,
+                                  ctx->pkey->pkey.rsa, RSA_NO_PADDING);
+        if (ret <= 0)
+            return ret;
+        ret = RSA_padding_check_PKCS1_OAEP_mgf1(out, ret, rctx->tbuf,
+                                                ret, ret,
+                                                rctx->oaep_label,
+                                                rctx->oaep_labellen,
+                                                rctx->md, rctx->mgf1md);
+    } else {
+        ret = RSA_private_decrypt(inlen, in, out, ctx->pkey->pkey.rsa,
+                                  rctx->pad_mode);
+    }
+    if (ret < 0)
+        return ret;
+    *outlen = ret;
+    return 1;
+}
+
+static int check_padding_md(const EVP_MD *md, int padding)
+{
+    int mdnid;
+
+    if (!md)
+        return 1;
+
+    mdnid = EVP_MD_type(md);
+
+    if (padding == RSA_NO_PADDING) {
+        RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_PADDING_MODE);
+        return 0;
+    }
+
+    if (padding == RSA_X931_PADDING) {
+        if (RSA_X931_hash_id(mdnid) == -1) {
+            RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_X931_DIGEST);
+            return 0;
+        }
+    } else {
+        switch(mdnid) {
+        /* List of all supported RSA digests */
+        case NID_sha1:
+        case NID_sha224:
+        case NID_sha256:
+        case NID_sha384:
+        case NID_sha512:
+        case NID_md5:
+        case NID_md5_sha1:
+        case NID_md2:
+        case NID_md4:
+        case NID_mdc2:
+        case NID_ripemd160:
+        case NID_sha3_224:
+        case NID_sha3_256:
+        case NID_sha3_384:
+        case NID_sha3_512:
+            return 1;
+
+        default:
+            RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_DIGEST);
+            return 0;
+
+        }
+    }
+
+    return 1;
+}
+
+static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    RSA_PKEY_CTX *rctx = ctx->data;
+
+    switch (type) {
+    case EVP_PKEY_CTRL_RSA_PADDING:
+        if ((p1 >= RSA_PKCS1_PADDING) && (p1 <= RSA_PKCS1_PSS_PADDING)) {
+            if (!check_padding_md(rctx->md, p1))
+                return 0;
+            if (p1 == RSA_PKCS1_PSS_PADDING) {
+                if (!(ctx->operation &
+                      (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY)))
+                    goto bad_pad;
+                if (!rctx->md)
+                    rctx->md = EVP_sha1();
+            } else if (pkey_ctx_is_pss(ctx)) {
+                goto bad_pad;
+            }
+            if (p1 == RSA_PKCS1_OAEP_PADDING) {
+                if (!(ctx->operation & EVP_PKEY_OP_TYPE_CRYPT))
+                    goto bad_pad;
+                if (!rctx->md)
+                    rctx->md = EVP_sha1();
+            }
+            rctx->pad_mode = p1;
+            return 1;
+        }
+ bad_pad:
+        RSAerr(RSA_F_PKEY_RSA_CTRL,
+               RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
+        return -2;
+
+    case EVP_PKEY_CTRL_GET_RSA_PADDING:
+        *(int *)p2 = rctx->pad_mode;
+        return 1;
+
+    case EVP_PKEY_CTRL_RSA_PSS_SALTLEN:
+    case EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN:
+        if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING) {
+            RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PSS_SALTLEN);
+            return -2;
+        }
+        if (type == EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN) {
+            *(int *)p2 = rctx->saltlen;
+        } else {
+            if (p1 < RSA_PSS_SALTLEN_MAX)
+                return -2;
+            if (rsa_pss_restricted(rctx)) {
+                if (p1 == RSA_PSS_SALTLEN_AUTO
+                    && ctx->operation == EVP_PKEY_OP_VERIFY) {
+                    RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PSS_SALTLEN);
+                    return -2;
+                }
+                if ((p1 == RSA_PSS_SALTLEN_DIGEST
+                     && rctx->min_saltlen > EVP_MD_size(rctx->md))
+                    || (p1 >= 0 && p1 < rctx->min_saltlen)) {
+                    RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_PSS_SALTLEN_TOO_SMALL);
+                    return 0;
+                }
+            }
+            rctx->saltlen = p1;
+        }
+        return 1;
+
+    case EVP_PKEY_CTRL_RSA_KEYGEN_BITS:
+        if (p1 < RSA_MIN_MODULUS_BITS) {
+            RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_KEY_SIZE_TOO_SMALL);
+            return -2;
+        }
+        rctx->nbits = p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP:
+        if (p2 == NULL || !BN_is_odd((BIGNUM *)p2) || BN_is_one((BIGNUM *)p2)) {
+            RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_BAD_E_VALUE);
+            return -2;
+        }
+        BN_free(rctx->pub_exp);
+        rctx->pub_exp = p2;
+        return 1;
+
+    case EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES:
+        if (p1 < RSA_DEFAULT_PRIME_NUM || p1 > RSA_MAX_PRIME_NUM) {
+            RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_KEY_PRIME_NUM_INVALID);
+            return -2;
+        }
+        rctx->primes = p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_RSA_OAEP_MD:
+    case EVP_PKEY_CTRL_GET_RSA_OAEP_MD:
+        if (rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) {
+            RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PADDING_MODE);
+            return -2;
+        }
+        if (type == EVP_PKEY_CTRL_GET_RSA_OAEP_MD)
+            *(const EVP_MD **)p2 = rctx->md;
+        else
+            rctx->md = p2;
+        return 1;
+
+    case EVP_PKEY_CTRL_MD:
+        if (!check_padding_md(p2, rctx->pad_mode))
+            return 0;
+        if (rsa_pss_restricted(rctx)) {
+            if (EVP_MD_type(rctx->md) == EVP_MD_type(p2))
+                return 1;
+            RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_DIGEST_NOT_ALLOWED);
+            return 0;
+        }
+        rctx->md = p2;
+        return 1;
+
+    case EVP_PKEY_CTRL_GET_MD:
+        *(const EVP_MD **)p2 = rctx->md;
+        return 1;
+
+    case EVP_PKEY_CTRL_RSA_MGF1_MD:
+    case EVP_PKEY_CTRL_GET_RSA_MGF1_MD:
+        if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING
+            && rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) {
+            RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_MGF1_MD);
+            return -2;
+        }
+        if (type == EVP_PKEY_CTRL_GET_RSA_MGF1_MD) {
+            if (rctx->mgf1md)
+                *(const EVP_MD **)p2 = rctx->mgf1md;
+            else
+                *(const EVP_MD **)p2 = rctx->md;
+        } else {
+            if (rsa_pss_restricted(rctx)) {
+                if (EVP_MD_type(rctx->mgf1md) == EVP_MD_type(p2))
+                    return 1;
+                RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_MGF1_DIGEST_NOT_ALLOWED);
+                return 0;
+            }
+            rctx->mgf1md = p2;
+        }
+        return 1;
+
+    case EVP_PKEY_CTRL_RSA_OAEP_LABEL:
+        if (rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) {
+            RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PADDING_MODE);
+            return -2;
+        }
+        OPENSSL_free(rctx->oaep_label);
+        if (p2 && p1 > 0) {
+            rctx->oaep_label = p2;
+            rctx->oaep_labellen = p1;
+        } else {
+            rctx->oaep_label = NULL;
+            rctx->oaep_labellen = 0;
+        }
+        return 1;
+
+    case EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL:
+        if (rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) {
+            RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PADDING_MODE);
+            return -2;
+        }
+        *(unsigned char **)p2 = rctx->oaep_label;
+        return rctx->oaep_labellen;
+
+    case EVP_PKEY_CTRL_DIGESTINIT:
+    case EVP_PKEY_CTRL_PKCS7_SIGN:
+#ifndef OPENSSL_NO_CMS
+    case EVP_PKEY_CTRL_CMS_SIGN:
+#endif
+    return 1;
+
+    case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
+    case EVP_PKEY_CTRL_PKCS7_DECRYPT:
+#ifndef OPENSSL_NO_CMS
+    case EVP_PKEY_CTRL_CMS_DECRYPT:
+    case EVP_PKEY_CTRL_CMS_ENCRYPT:
+#endif
+    if (!pkey_ctx_is_pss(ctx))
+        return 1;
+    /* fall through */
+    case EVP_PKEY_CTRL_PEER_KEY:
+        RSAerr(RSA_F_PKEY_RSA_CTRL,
+               RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+
+    default:
+        return -2;
+
+    }
+}
+
+static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx,
+                             const char *type, const char *value)
+{
+    if (value == NULL) {
+        RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_VALUE_MISSING);
+        return 0;
+    }
+    if (strcmp(type, "rsa_padding_mode") == 0) {
+        int pm;
+
+        if (strcmp(value, "pkcs1") == 0) {
+            pm = RSA_PKCS1_PADDING;
+        } else if (strcmp(value, "sslv23") == 0) {
+            pm = RSA_SSLV23_PADDING;
+        } else if (strcmp(value, "none") == 0) {
+            pm = RSA_NO_PADDING;
+        } else if (strcmp(value, "oeap") == 0) {
+            pm = RSA_PKCS1_OAEP_PADDING;
+        } else if (strcmp(value, "oaep") == 0) {
+            pm = RSA_PKCS1_OAEP_PADDING;
+        } else if (strcmp(value, "x931") == 0) {
+            pm = RSA_X931_PADDING;
+        } else if (strcmp(value, "pss") == 0) {
+            pm = RSA_PKCS1_PSS_PADDING;
+        } else {
+            RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_UNKNOWN_PADDING_TYPE);
+            return -2;
+        }
+        return EVP_PKEY_CTX_set_rsa_padding(ctx, pm);
+    }
+
+    if (strcmp(type, "rsa_pss_saltlen") == 0) {
+        int saltlen;
+
+        if (!strcmp(value, "digest"))
+            saltlen = RSA_PSS_SALTLEN_DIGEST;
+        else if (!strcmp(value, "max"))
+            saltlen = RSA_PSS_SALTLEN_MAX;
+        else if (!strcmp(value, "auto"))
+            saltlen = RSA_PSS_SALTLEN_AUTO;
+        else
+            saltlen = atoi(value);
+        return EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, saltlen);
+    }
+
+    if (strcmp(type, "rsa_keygen_bits") == 0) {
+        int nbits = atoi(value);
+
+        return EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, nbits);
+    }
+
+    if (strcmp(type, "rsa_keygen_pubexp") == 0) {
+        int ret;
+
+        BIGNUM *pubexp = NULL;
+        if (!BN_asc2bn(&pubexp, value))
+            return 0;
+        ret = EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp);
+        if (ret <= 0)
+            BN_free(pubexp);
+        return ret;
+    }
+
+    if (strcmp(type, "rsa_keygen_primes") == 0) {
+        int nprimes = atoi(value);
+
+        return EVP_PKEY_CTX_set_rsa_keygen_primes(ctx, nprimes);
+    }
+
+    if (strcmp(type, "rsa_mgf1_md") == 0)
+        return EVP_PKEY_CTX_md(ctx,
+                               EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT,
+                               EVP_PKEY_CTRL_RSA_MGF1_MD, value);
+
+    if (pkey_ctx_is_pss(ctx)) {
+
+        if (strcmp(type, "rsa_pss_keygen_mgf1_md") == 0)
+            return EVP_PKEY_CTX_md(ctx, EVP_PKEY_OP_KEYGEN,
+                                   EVP_PKEY_CTRL_RSA_MGF1_MD, value);
+
+        if (strcmp(type, "rsa_pss_keygen_md") == 0)
+            return EVP_PKEY_CTX_md(ctx, EVP_PKEY_OP_KEYGEN,
+                                   EVP_PKEY_CTRL_MD, value);
+
+        if (strcmp(type, "rsa_pss_keygen_saltlen") == 0) {
+            int saltlen = atoi(value);
+
+            return EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(ctx, saltlen);
+        }
+    }
+
+    if (strcmp(type, "rsa_oaep_md") == 0)
+        return EVP_PKEY_CTX_md(ctx, EVP_PKEY_OP_TYPE_CRYPT,
+                               EVP_PKEY_CTRL_RSA_OAEP_MD, value);
+
+    if (strcmp(type, "rsa_oaep_label") == 0) {
+        unsigned char *lab;
+        long lablen;
+        int ret;
+
+        lab = OPENSSL_hexstr2buf(value, &lablen);
+        if (!lab)
+            return 0;
+        ret = EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, lab, lablen);
+        if (ret <= 0)
+            OPENSSL_free(lab);
+        return ret;
+    }
+
+    return -2;
+}
+
+/* Set PSS parameters when generating a key, if necessary */
+static int rsa_set_pss_param(RSA *rsa, EVP_PKEY_CTX *ctx)
+{
+    RSA_PKEY_CTX *rctx = ctx->data;
+
+    if (!pkey_ctx_is_pss(ctx))
+        return 1;
+    /* If all parameters are default values don't set pss */
+    if (rctx->md == NULL && rctx->mgf1md == NULL && rctx->saltlen == -2)
+        return 1;
+    rsa->pss = rsa_pss_params_create(rctx->md, rctx->mgf1md,
+                                     rctx->saltlen == -2 ? 0 : rctx->saltlen);
+    if (rsa->pss == NULL)
+        return 0;
+    return 1;
+}
+
+static int pkey_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+    RSA *rsa = NULL;
+    RSA_PKEY_CTX *rctx = ctx->data;
+    BN_GENCB *pcb;
+    int ret;
+
+    if (rctx->pub_exp == NULL) {
+        rctx->pub_exp = BN_new();
+        if (rctx->pub_exp == NULL || !BN_set_word(rctx->pub_exp, RSA_F4))
+            return 0;
+    }
+    rsa = RSA_new();
+    if (rsa == NULL)
+        return 0;
+    if (ctx->pkey_gencb) {
+        pcb = BN_GENCB_new();
+        if (pcb == NULL) {
+            RSA_free(rsa);
+            return 0;
+        }
+        evp_pkey_set_cb_translate(pcb, ctx);
+    } else {
+        pcb = NULL;
+    }
+    ret = RSA_generate_multi_prime_key(rsa, rctx->nbits, rctx->primes,
+                                       rctx->pub_exp, pcb);
+    BN_GENCB_free(pcb);
+    if (ret > 0 && !rsa_set_pss_param(rsa, ctx)) {
+        RSA_free(rsa);
+        return 0;
+    }
+    if (ret > 0)
+        EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, rsa);
+    else
+        RSA_free(rsa);
+    return ret;
+}
+
+const EVP_PKEY_METHOD rsa_pkey_meth = {
+    EVP_PKEY_RSA,
+    EVP_PKEY_FLAG_AUTOARGLEN,
+    pkey_rsa_init,
+    pkey_rsa_copy,
+    pkey_rsa_cleanup,
+
+    0, 0,
+
+    0,
+    pkey_rsa_keygen,
+
+    0,
+    pkey_rsa_sign,
+
+    0,
+    pkey_rsa_verify,
+
+    0,
+    pkey_rsa_verifyrecover,
+
+    0, 0, 0, 0,
+
+    0,
+    pkey_rsa_encrypt,
+
+    0,
+    pkey_rsa_decrypt,
+
+    0, 0,
+
+    pkey_rsa_ctrl,
+    pkey_rsa_ctrl_str
+};
+
+/*
+ * Called for PSS sign or verify initialisation: checks PSS parameter
+ * sanity and sets any restrictions on key usage.
+ */
+
+static int pkey_pss_init(EVP_PKEY_CTX *ctx)
+{
+    RSA *rsa;
+    RSA_PKEY_CTX *rctx = ctx->data;
+    const EVP_MD *md;
+    const EVP_MD *mgf1md;
+    int min_saltlen, max_saltlen;
+
+    /* Should never happen */
+    if (!pkey_ctx_is_pss(ctx))
+        return 0;
+    rsa = ctx->pkey->pkey.rsa;
+    /* If no restrictions just return */
+    if (rsa->pss == NULL)
+        return 1;
+    /* Get and check parameters */
+    if (!rsa_pss_get_param(rsa->pss, &md, &mgf1md, &min_saltlen))
+        return 0;
+
+    /* See if minimum salt length exceeds maximum possible */
+    max_saltlen = RSA_size(rsa) - EVP_MD_size(md);
+    if ((RSA_bits(rsa) & 0x7) == 1)
+        max_saltlen--;
+    if (min_saltlen > max_saltlen) {
+        RSAerr(RSA_F_PKEY_PSS_INIT, RSA_R_INVALID_SALT_LENGTH);
+        return 0;
+    }
+
+    rctx->min_saltlen = min_saltlen;
+
+    /*
+     * Set PSS restrictions as defaults: we can then block any attempt to
+     * use invalid values in pkey_rsa_ctrl
+     */
+
+    rctx->md = md;
+    rctx->mgf1md = mgf1md;
+    rctx->saltlen = min_saltlen;
+
+    return 1;
+}
+
+const EVP_PKEY_METHOD rsa_pss_pkey_meth = {
+    EVP_PKEY_RSA_PSS,
+    EVP_PKEY_FLAG_AUTOARGLEN,
+    pkey_rsa_init,
+    pkey_rsa_copy,
+    pkey_rsa_cleanup,
+
+    0, 0,
+
+    0,
+    pkey_rsa_keygen,
+
+    pkey_pss_init,
+    pkey_rsa_sign,
+
+    pkey_pss_init,
+    pkey_rsa_verify,
+
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+
+    pkey_rsa_ctrl,
+    pkey_rsa_ctrl_str
+};
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_prn.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_prn.c
new file mode 100644
index 000000000..b5f4bce2a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_prn.c
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+
+#ifndef OPENSSL_NO_STDIO
+int RSA_print_fp(FILE *fp, const RSA *x, int off)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        RSAerr(RSA_F_RSA_PRINT_FP, ERR_R_BUF_LIB);
+        return 0;
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = RSA_print(b, x, off);
+    BIO_free(b);
+    return ret;
+}
+#endif
+
+int RSA_print(BIO *bp, const RSA *x, int off)
+{
+    EVP_PKEY *pk;
+    int ret;
+    pk = EVP_PKEY_new();
+    if (pk == NULL || !EVP_PKEY_set1_RSA(pk, (RSA *)x))
+        return 0;
+    ret = EVP_PKEY_print_private(bp, pk, off, NULL);
+    EVP_PKEY_free(pk);
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_pss.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_pss.c
new file mode 100644
index 000000000..f7c575d00
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_pss.c
@@ -0,0 +1,255 @@
+/*
+ * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/sha.h>
+#include "rsa_locl.h"
+
+static const unsigned char zeroes[] = { 0, 0, 0, 0, 0, 0, 0, 0 };
+
+#if defined(_MSC_VER) && defined(_ARM_)
+# pragma optimize("g", off)
+#endif
+
+int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
+                         const EVP_MD *Hash, const unsigned char *EM,
+                         int sLen)
+{
+    return RSA_verify_PKCS1_PSS_mgf1(rsa, mHash, Hash, NULL, EM, sLen);
+}
+
+int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
+                              const EVP_MD *Hash, const EVP_MD *mgf1Hash,
+                              const unsigned char *EM, int sLen)
+{
+    int i;
+    int ret = 0;
+    int hLen, maskedDBLen, MSBits, emLen;
+    const unsigned char *H;
+    unsigned char *DB = NULL;
+    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+    unsigned char H_[EVP_MAX_MD_SIZE];
+
+    if (ctx == NULL)
+        goto err;
+
+    if (mgf1Hash == NULL)
+        mgf1Hash = Hash;
+
+    hLen = EVP_MD_size(Hash);
+    if (hLen < 0)
+        goto err;
+    /*-
+     * Negative sLen has special meanings:
+     *      -1      sLen == hLen
+     *      -2      salt length is autorecovered from signature
+     *      -3      salt length is maximized
+     *      -N      reserved
+     */
+    if (sLen == RSA_PSS_SALTLEN_DIGEST) {
+        sLen = hLen;
+    } else if (sLen < RSA_PSS_SALTLEN_MAX) {
+        RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_SLEN_CHECK_FAILED);
+        goto err;
+    }
+
+    MSBits = (BN_num_bits(rsa->n) - 1) & 0x7;
+    emLen = RSA_size(rsa);
+    if (EM[0] & (0xFF << MSBits)) {
+        RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_FIRST_OCTET_INVALID);
+        goto err;
+    }
+    if (MSBits == 0) {
+        EM++;
+        emLen--;
+    }
+    if (emLen < hLen + 2) {
+        RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_DATA_TOO_LARGE);
+        goto err;
+    }
+    if (sLen == RSA_PSS_SALTLEN_MAX) {
+        sLen = emLen - hLen - 2;
+    } else if (sLen > emLen - hLen - 2) { /* sLen can be small negative */
+        RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_DATA_TOO_LARGE);
+        goto err;
+    }
+    if (EM[emLen - 1] != 0xbc) {
+        RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_LAST_OCTET_INVALID);
+        goto err;
+    }
+    maskedDBLen = emLen - hLen - 1;
+    H = EM + maskedDBLen;
+    DB = OPENSSL_malloc(maskedDBLen);
+    if (DB == NULL) {
+        RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (PKCS1_MGF1(DB, maskedDBLen, H, hLen, mgf1Hash) < 0)
+        goto err;
+    for (i = 0; i < maskedDBLen; i++)
+        DB[i] ^= EM[i];
+    if (MSBits)
+        DB[0] &= 0xFF >> (8 - MSBits);
+    for (i = 0; DB[i] == 0 && i < (maskedDBLen - 1); i++) ;
+    if (DB[i++] != 0x1) {
+        RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_SLEN_RECOVERY_FAILED);
+        goto err;
+    }
+    if (sLen != RSA_PSS_SALTLEN_AUTO && (maskedDBLen - i) != sLen) {
+        RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_SLEN_CHECK_FAILED);
+        goto err;
+    }
+    if (!EVP_DigestInit_ex(ctx, Hash, NULL)
+        || !EVP_DigestUpdate(ctx, zeroes, sizeof(zeroes))
+        || !EVP_DigestUpdate(ctx, mHash, hLen))
+        goto err;
+    if (maskedDBLen - i) {
+        if (!EVP_DigestUpdate(ctx, DB + i, maskedDBLen - i))
+            goto err;
+    }
+    if (!EVP_DigestFinal_ex(ctx, H_, NULL))
+        goto err;
+    if (memcmp(H_, H, hLen)) {
+        RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_BAD_SIGNATURE);
+        ret = 0;
+    } else {
+        ret = 1;
+    }
+
+ err:
+    OPENSSL_free(DB);
+    EVP_MD_CTX_free(ctx);
+
+    return ret;
+
+}
+
+int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
+                              const unsigned char *mHash,
+                              const EVP_MD *Hash, int sLen)
+{
+    return RSA_padding_add_PKCS1_PSS_mgf1(rsa, EM, mHash, Hash, NULL, sLen);
+}
+
+int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
+                                   const unsigned char *mHash,
+                                   const EVP_MD *Hash, const EVP_MD *mgf1Hash,
+                                   int sLen)
+{
+    int i;
+    int ret = 0;
+    int hLen, maskedDBLen, MSBits, emLen;
+    unsigned char *H, *salt = NULL, *p;
+    EVP_MD_CTX *ctx = NULL;
+
+    if (mgf1Hash == NULL)
+        mgf1Hash = Hash;
+
+    hLen = EVP_MD_size(Hash);
+    if (hLen < 0)
+        goto err;
+    /*-
+     * Negative sLen has special meanings:
+     *      -1      sLen == hLen
+     *      -2      salt length is maximized
+     *      -3      same as above (on signing)
+     *      -N      reserved
+     */
+    if (sLen == RSA_PSS_SALTLEN_DIGEST) {
+        sLen = hLen;
+    } else if (sLen == RSA_PSS_SALTLEN_MAX_SIGN) {
+        sLen = RSA_PSS_SALTLEN_MAX;
+    } else if (sLen < RSA_PSS_SALTLEN_MAX) {
+        RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1, RSA_R_SLEN_CHECK_FAILED);
+        goto err;
+    }
+
+    MSBits = (BN_num_bits(rsa->n) - 1) & 0x7;
+    emLen = RSA_size(rsa);
+    if (MSBits == 0) {
+        *EM++ = 0;
+        emLen--;
+    }
+    if (emLen < hLen + 2) {
+        RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1,
+               RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+        goto err;
+    }
+    if (sLen == RSA_PSS_SALTLEN_MAX) {
+        sLen = emLen - hLen - 2;
+    } else if (sLen > emLen - hLen - 2) {
+        RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1,
+               RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+        goto err;
+    }
+    if (sLen > 0) {
+        salt = OPENSSL_malloc(sLen);
+        if (salt == NULL) {
+            RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1,
+                   ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (RAND_bytes(salt, sLen) <= 0)
+            goto err;
+    }
+    maskedDBLen = emLen - hLen - 1;
+    H = EM + maskedDBLen;
+    ctx = EVP_MD_CTX_new();
+    if (ctx == NULL)
+        goto err;
+    if (!EVP_DigestInit_ex(ctx, Hash, NULL)
+        || !EVP_DigestUpdate(ctx, zeroes, sizeof(zeroes))
+        || !EVP_DigestUpdate(ctx, mHash, hLen))
+        goto err;
+    if (sLen && !EVP_DigestUpdate(ctx, salt, sLen))
+        goto err;
+    if (!EVP_DigestFinal_ex(ctx, H, NULL))
+        goto err;
+
+    /* Generate dbMask in place then perform XOR on it */
+    if (PKCS1_MGF1(EM, maskedDBLen, H, hLen, mgf1Hash))
+        goto err;
+
+    p = EM;
+
+    /*
+     * Initial PS XORs with all zeroes which is a NOP so just update pointer.
+     * Note from a test above this value is guaranteed to be non-negative.
+     */
+    p += emLen - sLen - hLen - 2;
+    *p++ ^= 0x1;
+    if (sLen > 0) {
+        for (i = 0; i < sLen; i++)
+            *p++ ^= salt[i];
+    }
+    if (MSBits)
+        EM[0] &= 0xFF >> (8 - MSBits);
+
+    /* H is already in place so just set final 0xbc */
+
+    EM[emLen - 1] = 0xbc;
+
+    ret = 1;
+
+ err:
+    EVP_MD_CTX_free(ctx);
+    OPENSSL_clear_free(salt, (size_t)sLen); /* salt != NULL implies sLen > 0 */
+
+    return ret;
+
+}
+
+#if defined(_MSC_VER)
+# pragma optimize("",on)
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_saos.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_saos.c
new file mode 100644
index 000000000..8336f32f1
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_saos.c
@@ -0,0 +1,95 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+int RSA_sign_ASN1_OCTET_STRING(int type,
+                               const unsigned char *m, unsigned int m_len,
+                               unsigned char *sigret, unsigned int *siglen,
+                               RSA *rsa)
+{
+    ASN1_OCTET_STRING sig;
+    int i, j, ret = 1;
+    unsigned char *p, *s;
+
+    sig.type = V_ASN1_OCTET_STRING;
+    sig.length = m_len;
+    sig.data = (unsigned char *)m;
+
+    i = i2d_ASN1_OCTET_STRING(&sig, NULL);
+    j = RSA_size(rsa);
+    if (i > (j - RSA_PKCS1_PADDING_SIZE)) {
+        RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,
+               RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
+        return 0;
+    }
+    s = OPENSSL_malloc((unsigned int)j + 1);
+    if (s == NULL) {
+        RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    p = s;
+    i2d_ASN1_OCTET_STRING(&sig, &p);
+    i = RSA_private_encrypt(i, s, sigret, rsa, RSA_PKCS1_PADDING);
+    if (i <= 0)
+        ret = 0;
+    else
+        *siglen = i;
+
+    OPENSSL_clear_free(s, (unsigned int)j + 1);
+    return ret;
+}
+
+int RSA_verify_ASN1_OCTET_STRING(int dtype,
+                                 const unsigned char *m,
+                                 unsigned int m_len, unsigned char *sigbuf,
+                                 unsigned int siglen, RSA *rsa)
+{
+    int i, ret = 0;
+    unsigned char *s;
+    const unsigned char *p;
+    ASN1_OCTET_STRING *sig = NULL;
+
+    if (siglen != (unsigned int)RSA_size(rsa)) {
+        RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,
+               RSA_R_WRONG_SIGNATURE_LENGTH);
+        return 0;
+    }
+
+    s = OPENSSL_malloc((unsigned int)siglen);
+    if (s == NULL) {
+        RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    i = RSA_public_decrypt((int)siglen, sigbuf, s, rsa, RSA_PKCS1_PADDING);
+
+    if (i <= 0)
+        goto err;
+
+    p = s;
+    sig = d2i_ASN1_OCTET_STRING(NULL, &p, (long)i);
+    if (sig == NULL)
+        goto err;
+
+    if (((unsigned int)sig->length != m_len) ||
+        (memcmp(m, sig->data, m_len) != 0)) {
+        RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING, RSA_R_BAD_SIGNATURE);
+    } else {
+        ret = 1;
+    }
+ err:
+    ASN1_OCTET_STRING_free(sig);
+    OPENSSL_clear_free(s, (unsigned int)siglen);
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_sign.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_sign.c
new file mode 100644
index 000000000..952d24fb8
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_sign.c
@@ -0,0 +1,248 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include "internal/x509_int.h"
+#include "rsa_locl.h"
+
+/* Size of an SSL signature: MD5+SHA1 */
+#define SSL_SIG_LENGTH  36
+
+/*
+ * encode_pkcs1 encodes a DigestInfo prefix of hash |type| and digest |m|, as
+ * described in EMSA-PKCS1-v1_5-ENCODE, RFC 3447 section 9.2 step 2. This
+ * encodes the DigestInfo (T and tLen) but does not add the padding.
+ *
+ * On success, it returns one and sets |*out| to a newly allocated buffer
+ * containing the result and |*out_len| to its length. The caller must free
+ * |*out| with |OPENSSL_free|. Otherwise, it returns zero.
+ */
+static int encode_pkcs1(unsigned char **out, int *out_len, int type,
+                        const unsigned char *m, unsigned int m_len)
+{
+    X509_SIG sig;
+    X509_ALGOR algor;
+    ASN1_TYPE parameter;
+    ASN1_OCTET_STRING digest;
+    uint8_t *der = NULL;
+    int len;
+
+    sig.algor = &algor;
+    sig.algor->algorithm = OBJ_nid2obj(type);
+    if (sig.algor->algorithm == NULL) {
+        RSAerr(RSA_F_ENCODE_PKCS1, RSA_R_UNKNOWN_ALGORITHM_TYPE);
+        return 0;
+    }
+    if (OBJ_length(sig.algor->algorithm) == 0) {
+        RSAerr(RSA_F_ENCODE_PKCS1,
+               RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
+        return 0;
+    }
+    parameter.type = V_ASN1_NULL;
+    parameter.value.ptr = NULL;
+    sig.algor->parameter = &parameter;
+
+    sig.digest = &digest;
+    sig.digest->data = (unsigned char *)m;
+    sig.digest->length = m_len;
+
+    len = i2d_X509_SIG(&sig, &der);
+    if (len < 0)
+        return 0;
+
+    *out = der;
+    *out_len = len;
+    return 1;
+}
+
+int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
+             unsigned char *sigret, unsigned int *siglen, RSA *rsa)
+{
+    int encrypt_len, encoded_len = 0, ret = 0;
+    unsigned char *tmps = NULL;
+    const unsigned char *encoded = NULL;
+
+    if (rsa->meth->rsa_sign) {
+        return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa);
+    }
+
+    /* Compute the encoded digest. */
+    if (type == NID_md5_sha1) {
+        /*
+         * NID_md5_sha1 corresponds to the MD5/SHA1 combination in TLS 1.1 and
+         * earlier. It has no DigestInfo wrapper but otherwise is
+         * RSASSA-PKCS1-v1_5.
+         */
+        if (m_len != SSL_SIG_LENGTH) {
+            RSAerr(RSA_F_RSA_SIGN, RSA_R_INVALID_MESSAGE_LENGTH);
+            return 0;
+        }
+        encoded_len = SSL_SIG_LENGTH;
+        encoded = m;
+    } else {
+        if (!encode_pkcs1(&tmps, &encoded_len, type, m, m_len))
+            goto err;
+        encoded = tmps;
+    }
+
+    if (encoded_len > RSA_size(rsa) - RSA_PKCS1_PADDING_SIZE) {
+        RSAerr(RSA_F_RSA_SIGN, RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
+        goto err;
+    }
+    encrypt_len = RSA_private_encrypt(encoded_len, encoded, sigret, rsa,
+                                      RSA_PKCS1_PADDING);
+    if (encrypt_len <= 0)
+        goto err;
+
+    *siglen = encrypt_len;
+    ret = 1;
+
+err:
+    OPENSSL_clear_free(tmps, (size_t)encoded_len);
+    return ret;
+}
+
+/*
+ * int_rsa_verify verifies an RSA signature in |sigbuf| using |rsa|. It may be
+ * called in two modes. If |rm| is NULL, it verifies the signature for digest
+ * |m|. Otherwise, it recovers the digest from the signature, writing the digest
+ * to |rm| and the length to |*prm_len|. |type| is the NID of the digest
+ * algorithm to use. It returns one on successful verification and zero
+ * otherwise.
+ */
+int int_rsa_verify(int type, const unsigned char *m, unsigned int m_len,
+                   unsigned char *rm, size_t *prm_len,
+                   const unsigned char *sigbuf, size_t siglen, RSA *rsa)
+{
+    int decrypt_len, ret = 0, encoded_len = 0;
+    unsigned char *decrypt_buf = NULL, *encoded = NULL;
+
+    if (siglen != (size_t)RSA_size(rsa)) {
+        RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_WRONG_SIGNATURE_LENGTH);
+        return 0;
+    }
+
+    /* Recover the encoded digest. */
+    decrypt_buf = OPENSSL_malloc(siglen);
+    if (decrypt_buf == NULL) {
+        RSAerr(RSA_F_INT_RSA_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    decrypt_len = RSA_public_decrypt((int)siglen, sigbuf, decrypt_buf, rsa,
+                                     RSA_PKCS1_PADDING);
+    if (decrypt_len <= 0)
+        goto err;
+
+    if (type == NID_md5_sha1) {
+        /*
+         * NID_md5_sha1 corresponds to the MD5/SHA1 combination in TLS 1.1 and
+         * earlier. It has no DigestInfo wrapper but otherwise is
+         * RSASSA-PKCS1-v1_5.
+         */
+        if (decrypt_len != SSL_SIG_LENGTH) {
+            RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
+            goto err;
+        }
+
+        if (rm != NULL) {
+            memcpy(rm, decrypt_buf, SSL_SIG_LENGTH);
+            *prm_len = SSL_SIG_LENGTH;
+        } else {
+            if (m_len != SSL_SIG_LENGTH) {
+                RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_INVALID_MESSAGE_LENGTH);
+                goto err;
+            }
+
+            if (memcmp(decrypt_buf, m, SSL_SIG_LENGTH) != 0) {
+                RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
+                goto err;
+            }
+        }
+    } else if (type == NID_mdc2 && decrypt_len == 2 + 16
+               && decrypt_buf[0] == 0x04 && decrypt_buf[1] == 0x10) {
+        /*
+         * Oddball MDC2 case: signature can be OCTET STRING. check for correct
+         * tag and length octets.
+         */
+        if (rm != NULL) {
+            memcpy(rm, decrypt_buf + 2, 16);
+            *prm_len = 16;
+        } else {
+            if (m_len != 16) {
+                RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_INVALID_MESSAGE_LENGTH);
+                goto err;
+            }
+
+            if (memcmp(m, decrypt_buf + 2, 16) != 0) {
+                RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
+                goto err;
+            }
+        }
+    } else {
+        /*
+         * If recovering the digest, extract a digest-sized output from the end
+         * of |decrypt_buf| for |encode_pkcs1|, then compare the decryption
+         * output as in a standard verification.
+         */
+        if (rm != NULL) {
+            const EVP_MD *md = EVP_get_digestbynid(type);
+            if (md == NULL) {
+                RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_UNKNOWN_ALGORITHM_TYPE);
+                goto err;
+            }
+
+            m_len = EVP_MD_size(md);
+            if (m_len > (size_t)decrypt_len) {
+                RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_INVALID_DIGEST_LENGTH);
+                goto err;
+            }
+            m = decrypt_buf + decrypt_len - m_len;
+        }
+
+        /* Construct the encoded digest and ensure it matches. */
+        if (!encode_pkcs1(&encoded, &encoded_len, type, m, m_len))
+            goto err;
+
+        if (encoded_len != decrypt_len
+            || memcmp(encoded, decrypt_buf, encoded_len) != 0) {
+            RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
+            goto err;
+        }
+
+        /* Output the recovered digest. */
+        if (rm != NULL) {
+            memcpy(rm, m, m_len);
+            *prm_len = m_len;
+        }
+    }
+
+    ret = 1;
+
+err:
+    OPENSSL_clear_free(encoded, (size_t)encoded_len);
+    OPENSSL_clear_free(decrypt_buf, siglen);
+    return ret;
+}
+
+int RSA_verify(int type, const unsigned char *m, unsigned int m_len,
+               const unsigned char *sigbuf, unsigned int siglen, RSA *rsa)
+{
+
+    if (rsa->meth->rsa_verify) {
+        return rsa->meth->rsa_verify(type, m, m_len, sigbuf, siglen, rsa);
+    }
+
+    return int_rsa_verify(type, m, m_len, NULL, NULL, sigbuf, siglen, rsa);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_ssl.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_ssl.c
new file mode 100644
index 000000000..c5654595f
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_ssl.c
@@ -0,0 +1,167 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/rand.h>
+#include "internal/constant_time_locl.h"
+
+int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
+                           const unsigned char *from, int flen)
+{
+    int i, j;
+    unsigned char *p;
+
+    if (flen > (tlen - 11)) {
+        RSAerr(RSA_F_RSA_PADDING_ADD_SSLV23,
+               RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+        return 0;
+    }
+
+    p = (unsigned char *)to;
+
+    *(p++) = 0;
+    *(p++) = 2;                 /* Public Key BT (Block Type) */
+
+    /* pad out with non-zero random data */
+    j = tlen - 3 - 8 - flen;
+
+    if (RAND_bytes(p, j) <= 0)
+        return 0;
+    for (i = 0; i < j; i++) {
+        if (*p == '\0')
+            do {
+                if (RAND_bytes(p, 1) <= 0)
+                    return 0;
+            } while (*p == '\0');
+        p++;
+    }
+
+    memset(p, 3, 8);
+    p += 8;
+    *(p++) = '\0';
+
+    memcpy(p, from, (unsigned int)flen);
+    return 1;
+}
+
+/*
+ * Copy of RSA_padding_check_PKCS1_type_2 with a twist that rejects padding
+ * if nul delimiter is preceded by 8 consecutive 0x03 bytes. It also
+ * preserves error code reporting for backward compatibility.
+ */
+int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
+                             const unsigned char *from, int flen, int num)
+{
+    int i;
+    /* |em| is the encoded message, zero-padded to exactly |num| bytes */
+    unsigned char *em = NULL;
+    unsigned int good, found_zero_byte, mask, threes_in_row;
+    int zero_index = 0, msg_index, mlen = -1, err;
+
+    if (flen < 10) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_DATA_TOO_SMALL);
+        return -1;
+    }
+
+    em = OPENSSL_malloc(num);
+    if (em == NULL) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+    /*
+     * Caller is encouraged to pass zero-padded message created with
+     * BN_bn2binpad. Trouble is that since we can't read out of |from|'s
+     * bounds, it's impossible to have an invariant memory access pattern
+     * in case |from| was not zero-padded in advance.
+     */
+    for (from += flen, em += num, i = 0; i < num; i++) {
+        mask = ~constant_time_is_zero(flen);
+        flen -= 1 & mask;
+        from -= 1 & mask;
+        *--em = *from & mask;
+    }
+    from = em;
+
+    good = constant_time_is_zero(from[0]);
+    good &= constant_time_eq(from[1], 2);
+    err = constant_time_select_int(good, 0, RSA_R_BLOCK_TYPE_IS_NOT_02);
+    mask = ~good;
+
+    /* scan over padding data */
+    found_zero_byte = 0;
+    threes_in_row = 0;
+    for (i = 2; i < num; i++) {
+        unsigned int equals0 = constant_time_is_zero(from[i]);
+
+        zero_index = constant_time_select_int(~found_zero_byte & equals0,
+                                              i, zero_index);
+        found_zero_byte |= equals0;
+
+        threes_in_row += 1 & ~found_zero_byte;
+        threes_in_row &= found_zero_byte | constant_time_eq(from[i], 3);
+    }
+
+    /*
+     * PS must be at least 8 bytes long, and it starts two bytes into |from|.
+     * If we never found a 0-byte, then |zero_index| is 0 and the check
+     * also fails.
+     */
+    good &= constant_time_ge(zero_index, 2 + 8);
+    err = constant_time_select_int(mask | good, err,
+                                   RSA_R_NULL_BEFORE_BLOCK_MISSING);
+    mask = ~good;
+
+    good &= constant_time_lt(threes_in_row, 8);
+    err = constant_time_select_int(mask | good, err,
+                                   RSA_R_SSLV3_ROLLBACK_ATTACK);
+    mask = ~good;
+
+    /*
+     * Skip the zero byte. This is incorrect if we never found a zero-byte
+     * but in this case we also do not copy the message out.
+     */
+    msg_index = zero_index + 1;
+    mlen = num - msg_index;
+
+    /*
+     * For good measure, do this check in constant time as well.
+     */
+    good &= constant_time_ge(tlen, mlen);
+    err = constant_time_select_int(mask | good, err, RSA_R_DATA_TOO_LARGE);
+
+    /*
+     * Even though we can't fake result's length, we can pretend copying
+     * |tlen| bytes where |mlen| bytes would be real. Last |tlen| of |num|
+     * bytes are viewed as circular buffer with start at |tlen|-|mlen'|,
+     * where |mlen'| is "saturated" |mlen| value. Deducing information
+     * about failure or |mlen| would take attacker's ability to observe
+     * memory access pattern with byte granularity *as it occurs*. It
+     * should be noted that failure is indistinguishable from normal
+     * operation if |tlen| is fixed by protocol.
+     */
+    tlen = constant_time_select_int(constant_time_lt(num, tlen), num, tlen);
+    msg_index = constant_time_select_int(good, msg_index, num - tlen);
+    mlen = num - msg_index;
+    for (from += msg_index, mask = good, i = 0; i < tlen; i++) {
+        unsigned int equals = constant_time_eq(i, mlen);
+
+        from -= tlen & equals;  /* if (i == mlen) rewind   */
+        mask &= mask ^ equals;  /* if (i == mlen) mask = 0 */
+        to[i] = constant_time_select_8(mask, from[i], to[i]);
+    }
+
+    OPENSSL_clear_free(em, num);
+    RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, err);
+    err_clear_last_constant_time(1 & good);
+
+    return constant_time_select_int(good, mlen, -1);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_x931.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_x931.c
new file mode 100644
index 000000000..7b0486c0f
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_x931.c
@@ -0,0 +1,117 @@
+/*
+ * Copyright 2005-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/objects.h>
+
+int RSA_padding_add_X931(unsigned char *to, int tlen,
+                         const unsigned char *from, int flen)
+{
+    int j;
+    unsigned char *p;
+
+    /*
+     * Absolute minimum amount of padding is 1 header nibble, 1 padding
+     * nibble and 2 trailer bytes: but 1 hash if is already in 'from'.
+     */
+
+    j = tlen - flen - 2;
+
+    if (j < 0) {
+        RSAerr(RSA_F_RSA_PADDING_ADD_X931, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+        return -1;
+    }
+
+    p = (unsigned char *)to;
+
+    /* If no padding start and end nibbles are in one byte */
+    if (j == 0) {
+        *p++ = 0x6A;
+    } else {
+        *p++ = 0x6B;
+        if (j > 1) {
+            memset(p, 0xBB, j - 1);
+            p += j - 1;
+        }
+        *p++ = 0xBA;
+    }
+    memcpy(p, from, (unsigned int)flen);
+    p += flen;
+    *p = 0xCC;
+    return 1;
+}
+
+int RSA_padding_check_X931(unsigned char *to, int tlen,
+                           const unsigned char *from, int flen, int num)
+{
+    int i = 0, j;
+    const unsigned char *p;
+
+    p = from;
+    if ((num != flen) || ((*p != 0x6A) && (*p != 0x6B))) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_HEADER);
+        return -1;
+    }
+
+    if (*p++ == 0x6B) {
+        j = flen - 3;
+        for (i = 0; i < j; i++) {
+            unsigned char c = *p++;
+            if (c == 0xBA)
+                break;
+            if (c != 0xBB) {
+                RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_PADDING);
+                return -1;
+            }
+        }
+
+        j -= i;
+
+        if (i == 0) {
+            RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_PADDING);
+            return -1;
+        }
+
+    } else {
+        j = flen - 2;
+    }
+
+    if (p[j] != 0xCC) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_TRAILER);
+        return -1;
+    }
+
+    memcpy(to, p, (unsigned int)j);
+
+    return j;
+}
+
+/* Translate between X931 hash ids and NIDs */
+
+int RSA_X931_hash_id(int nid)
+{
+    switch (nid) {
+    case NID_sha1:
+        return 0x33;
+
+    case NID_sha256:
+        return 0x34;
+
+    case NID_sha384:
+        return 0x36;
+
+    case NID_sha512:
+        return 0x35;
+
+    }
+    return -1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_x931g.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_x931g.c
new file mode 100644
index 000000000..15e40e8d1
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_x931g.c
@@ -0,0 +1,200 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <time.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include "rsa_locl.h"
+
+/* X9.31 RSA key derivation and generation */
+
+int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1,
+                       BIGNUM *q2, const BIGNUM *Xp1, const BIGNUM *Xp2,
+                       const BIGNUM *Xp, const BIGNUM *Xq1, const BIGNUM *Xq2,
+                       const BIGNUM *Xq, const BIGNUM *e, BN_GENCB *cb)
+{
+    BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL;
+    BN_CTX *ctx = NULL, *ctx2 = NULL;
+    int ret = 0;
+
+    if (!rsa)
+        goto err;
+
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+
+    r0 = BN_CTX_get(ctx);
+    r1 = BN_CTX_get(ctx);
+    r2 = BN_CTX_get(ctx);
+    r3 = BN_CTX_get(ctx);
+
+    if (r3 == NULL)
+        goto err;
+    if (!rsa->e) {
+        rsa->e = BN_dup(e);
+        if (!rsa->e)
+            goto err;
+    } else {
+        e = rsa->e;
+    }
+
+    /*
+     * If not all parameters present only calculate what we can. This allows
+     * test programs to output selective parameters.
+     */
+
+    if (Xp && rsa->p == NULL) {
+        rsa->p = BN_new();
+        if (rsa->p == NULL)
+            goto err;
+
+        if (!BN_X931_derive_prime_ex(rsa->p, p1, p2,
+                                     Xp, Xp1, Xp2, e, ctx, cb))
+            goto err;
+    }
+
+    if (Xq && rsa->q == NULL) {
+        rsa->q = BN_new();
+        if (rsa->q == NULL)
+            goto err;
+        if (!BN_X931_derive_prime_ex(rsa->q, q1, q2,
+                                     Xq, Xq1, Xq2, e, ctx, cb))
+            goto err;
+    }
+
+    if (rsa->p == NULL || rsa->q == NULL) {
+        BN_CTX_end(ctx);
+        BN_CTX_free(ctx);
+        return 2;
+    }
+
+    /*
+     * Since both primes are set we can now calculate all remaining
+     * components.
+     */
+
+    /* calculate n */
+    rsa->n = BN_new();
+    if (rsa->n == NULL)
+        goto err;
+    if (!BN_mul(rsa->n, rsa->p, rsa->q, ctx))
+        goto err;
+
+    /* calculate d */
+    if (!BN_sub(r1, rsa->p, BN_value_one()))
+        goto err;               /* p-1 */
+    if (!BN_sub(r2, rsa->q, BN_value_one()))
+        goto err;               /* q-1 */
+    if (!BN_mul(r0, r1, r2, ctx))
+        goto err;               /* (p-1)(q-1) */
+
+    if (!BN_gcd(r3, r1, r2, ctx))
+        goto err;
+
+    if (!BN_div(r0, NULL, r0, r3, ctx))
+        goto err;               /* LCM((p-1)(q-1)) */
+
+    ctx2 = BN_CTX_new();
+    if (ctx2 == NULL)
+        goto err;
+
+    rsa->d = BN_mod_inverse(NULL, rsa->e, r0, ctx2); /* d */
+    if (rsa->d == NULL)
+        goto err;
+
+    /* calculate d mod (p-1) */
+    rsa->dmp1 = BN_new();
+    if (rsa->dmp1 == NULL)
+        goto err;
+    if (!BN_mod(rsa->dmp1, rsa->d, r1, ctx))
+        goto err;
+
+    /* calculate d mod (q-1) */
+    rsa->dmq1 = BN_new();
+    if (rsa->dmq1 == NULL)
+        goto err;
+    if (!BN_mod(rsa->dmq1, rsa->d, r2, ctx))
+        goto err;
+
+    /* calculate inverse of q mod p */
+    rsa->iqmp = BN_mod_inverse(NULL, rsa->q, rsa->p, ctx2);
+    if (rsa->iqmp == NULL)
+        goto err;
+
+    ret = 1;
+ err:
+    if (ctx)
+        BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    BN_CTX_free(ctx2);
+
+    return ret;
+
+}
+
+int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e,
+                             BN_GENCB *cb)
+{
+    int ok = 0;
+    BIGNUM *Xp = NULL, *Xq = NULL;
+    BN_CTX *ctx = NULL;
+
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        goto error;
+
+    BN_CTX_start(ctx);
+    Xp = BN_CTX_get(ctx);
+    Xq = BN_CTX_get(ctx);
+    if (Xq == NULL)
+        goto error;
+    if (!BN_X931_generate_Xpq(Xp, Xq, bits, ctx))
+        goto error;
+
+    rsa->p = BN_new();
+    rsa->q = BN_new();
+    if (rsa->p == NULL || rsa->q == NULL)
+        goto error;
+
+    /* Generate two primes from Xp, Xq */
+
+    if (!BN_X931_generate_prime_ex(rsa->p, NULL, NULL, NULL, NULL, Xp,
+                                   e, ctx, cb))
+        goto error;
+
+    if (!BN_X931_generate_prime_ex(rsa->q, NULL, NULL, NULL, NULL, Xq,
+                                   e, ctx, cb))
+        goto error;
+
+    /*
+     * Since rsa->p and rsa->q are valid this call will just derive remaining
+     * RSA components.
+     */
+
+    if (!RSA_X931_derive_ex(rsa, NULL, NULL, NULL, NULL,
+                            NULL, NULL, NULL, NULL, NULL, NULL, e, cb))
+        goto error;
+
+    ok = 1;
+
+ error:
+    if (ctx)
+        BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+
+    if (ok)
+        return 1;
+
+    return 0;
+
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/s390x_arch.h b/trunk/3rdparty/openssl-1.1-fit/crypto/s390x_arch.h
new file mode 100644
index 000000000..4a775a927
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/s390x_arch.h
@@ -0,0 +1,103 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef S390X_ARCH_H
+# define S390X_ARCH_H
+
+# ifndef __ASSEMBLER__
+
+void s390x_kimd(const unsigned char *in, size_t len, unsigned int fc,
+                void *param);
+void s390x_klmd(const unsigned char *in, size_t inlen, unsigned char *out,
+                size_t outlen, unsigned int fc, void *param);
+void s390x_km(const unsigned char *in, size_t len, unsigned char *out,
+              unsigned int fc, void *param);
+void s390x_kmac(const unsigned char *in, size_t len, unsigned int fc,
+                void *param);
+void s390x_kmo(const unsigned char *in, size_t len, unsigned char *out,
+               unsigned int fc, void *param);
+void s390x_kmf(const unsigned char *in, size_t len, unsigned char *out,
+               unsigned int fc, void *param);
+void s390x_kma(const unsigned char *aad, size_t alen, const unsigned char *in,
+               size_t len, unsigned char *out, unsigned int fc, void *param);
+
+/*
+ * The field elements of OPENSSL_s390xcap_P are the 64-bit words returned by
+ * the STFLE instruction followed by the 64-bit word pairs returned by
+ * instructions' QUERY functions. If STFLE returns fewer data or an instruction
+ * is not supported, the corresponding field elements are zero.
+ */
+struct OPENSSL_s390xcap_st {
+    unsigned long long stfle[4];
+    unsigned long long kimd[2];
+    unsigned long long klmd[2];
+    unsigned long long km[2];
+    unsigned long long kmc[2];
+    unsigned long long kmac[2];
+    unsigned long long kmctr[2];
+    unsigned long long kmo[2];
+    unsigned long long kmf[2];
+    unsigned long long prno[2];
+    unsigned long long kma[2];
+};
+
+extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P;
+
+/* convert facility bit number or function code to bit mask */
+#  define S390X_CAPBIT(i)	(1ULL << (63 - (i) % 64))
+
+# endif
+
+/* OPENSSL_s390xcap_P offsets [bytes] */
+# define S390X_STFLE		0x00
+# define S390X_KIMD		0x20
+# define S390X_KLMD		0x30
+# define S390X_KM		0x40
+# define S390X_KMC		0x50
+# define S390X_KMAC		0x60
+# define S390X_KMCTR		0x70
+# define S390X_KMO		0x80
+# define S390X_KMF		0x90
+# define S390X_PRNO		0xa0
+# define S390X_KMA		0xb0
+
+/* Facility Bit Numbers */
+# define S390X_VX		129
+# define S390X_VXD		134
+# define S390X_VXE		135
+
+/* Function Codes */
+
+/* all instructions */
+# define S390X_QUERY		0
+
+/* kimd/klmd */
+# define S390X_SHA3_224		32
+# define S390X_SHA3_256		33
+# define S390X_SHA3_384		34
+# define S390X_SHA3_512		35
+# define S390X_SHAKE_128	36
+# define S390X_SHAKE_256	37
+# define S390X_GHASH		65
+
+/* km/kmc/kmac/kmctr/kmo/kmf/kma */
+# define S390X_AES_128		18
+# define S390X_AES_192		19
+# define S390X_AES_256		20
+
+/* prno */
+# define S390X_TRNG		114
+
+/* Register 0 Flags */
+# define S390X_DECRYPT		0x80
+# define S390X_KMA_LPC		0x100
+# define S390X_KMA_LAAD		0x200
+# define S390X_KMA_HS		0x400
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/s390xcap.c b/trunk/3rdparty/openssl-1.1-fit/crypto/s390xcap.c
new file mode 100644
index 000000000..e7c7f0a35
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/s390xcap.c
@@ -0,0 +1,67 @@
+/*
+ * Copyright 2010-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <setjmp.h>
+#include <signal.h>
+#include "internal/cryptlib.h"
+#include "s390x_arch.h"
+
+static sigjmp_buf ill_jmp;
+static void ill_handler(int sig)
+{
+    siglongjmp(ill_jmp, sig);
+}
+
+void OPENSSL_s390x_facilities(void);
+void OPENSSL_vx_probe(void);
+
+struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P;
+
+void OPENSSL_cpuid_setup(void)
+{
+    sigset_t oset;
+    struct sigaction ill_act, oact;
+
+    if (OPENSSL_s390xcap_P.stfle[0])
+        return;
+
+    /* set a bit that will not be tested later */
+    OPENSSL_s390xcap_P.stfle[0] |= S390X_CAPBIT(0);
+
+    memset(&ill_act, 0, sizeof(ill_act));
+    ill_act.sa_handler = ill_handler;
+    sigfillset(&ill_act.sa_mask);
+    sigdelset(&ill_act.sa_mask, SIGILL);
+    sigdelset(&ill_act.sa_mask, SIGFPE);
+    sigdelset(&ill_act.sa_mask, SIGTRAP);
+    sigprocmask(SIG_SETMASK, &ill_act.sa_mask, &oset);
+    sigaction(SIGILL, &ill_act, &oact);
+    sigaction(SIGFPE, &ill_act, &oact);
+
+    /* protection against missing store-facility-list-extended */
+    if (sigsetjmp(ill_jmp, 1) == 0)
+        OPENSSL_s390x_facilities();
+
+    /* protection against disabled vector facility */
+    if ((OPENSSL_s390xcap_P.stfle[2] & S390X_CAPBIT(S390X_VX))
+        && (sigsetjmp(ill_jmp, 1) == 0)) {
+        OPENSSL_vx_probe();
+    } else {
+        OPENSSL_s390xcap_P.stfle[2] &= ~(S390X_CAPBIT(S390X_VX)
+                                         | S390X_CAPBIT(S390X_VXD)
+                                         | S390X_CAPBIT(S390X_VXE));
+    }
+
+    sigaction(SIGFPE, &oact, NULL);
+    sigaction(SIGILL, &oact, NULL);
+    sigprocmask(SIG_SETMASK, &oset, NULL);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/s390xcpuid.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/s390xcpuid.pl
new file mode 100755
index 000000000..ec700a47d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/s390xcpuid.pl
@@ -0,0 +1,421 @@
+#! /usr/bin/env perl
+# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+$flavour = shift;
+
+if ($flavour =~ /3[12]/) {
+	$SIZE_T=4;
+	$g="";
+} else {
+	$SIZE_T=8;
+	$g="g";
+}
+
+while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+open STDOUT,">$output";
+
+$ra="%r14";
+$sp="%r15";
+$stdframe=16*$SIZE_T+4*8;
+
+$code=<<___;
+#include "s390x_arch.h"
+
+.text
+
+.globl	OPENSSL_s390x_facilities
+.type	OPENSSL_s390x_facilities,\@function
+.align	16
+OPENSSL_s390x_facilities:
+	lghi	%r0,0
+	larl	%r4,OPENSSL_s390xcap_P
+
+	stg	%r0,S390X_STFLE+8(%r4)	# wipe capability vectors
+	stg	%r0,S390X_STFLE+16(%r4)
+	stg	%r0,S390X_STFLE+24(%r4)
+	stg	%r0,S390X_KIMD(%r4)
+	stg	%r0,S390X_KIMD+8(%r4)
+	stg	%r0,S390X_KLMD(%r4)
+	stg	%r0,S390X_KLMD+8(%r4)
+	stg	%r0,S390X_KM(%r4)
+	stg	%r0,S390X_KM+8(%r4)
+	stg	%r0,S390X_KMC(%r4)
+	stg	%r0,S390X_KMC+8(%r4)
+	stg	%r0,S390X_KMAC(%r4)
+	stg	%r0,S390X_KMAC+8(%r4)
+	stg	%r0,S390X_KMCTR(%r4)
+	stg	%r0,S390X_KMCTR+8(%r4)
+	stg	%r0,S390X_KMO(%r4)
+	stg	%r0,S390X_KMO+8(%r4)
+	stg	%r0,S390X_KMF(%r4)
+	stg	%r0,S390X_KMF+8(%r4)
+	stg	%r0,S390X_PRNO(%r4)
+	stg	%r0,S390X_PRNO+8(%r4)
+	stg	%r0,S390X_KMA(%r4)
+	stg	%r0,S390X_KMA+8(%r4)
+
+	.long	0xb2b04000		# stfle	0(%r4)
+	brc	8,.Ldone
+	lghi	%r0,1
+	.long	0xb2b04000		# stfle 0(%r4)
+	brc	8,.Ldone
+	lghi	%r0,2
+	.long	0xb2b04000		# stfle 0(%r4)
+.Ldone:
+	lmg	%r2,%r3,S390X_STFLE(%r4)
+	tmhl	%r2,0x4000		# check for message-security-assist
+	jz	.Lret
+
+	lghi	%r0,S390X_QUERY		# query kimd capabilities
+	la	%r1,S390X_KIMD(%r4)
+	.long	0xb93e0002		# kimd %r0,%r2
+
+	lghi	%r0,S390X_QUERY		# query klmd capabilities
+	la	%r1,S390X_KLMD(%r4)
+	.long	0xb93f0002		# klmd %r0,%r2
+
+	lghi	%r0,S390X_QUERY		# query km capability vector
+	la	%r1,S390X_KM(%r4)
+	.long	0xb92e0042		# km %r4,%r2
+
+	lghi	%r0,S390X_QUERY		# query kmc capability vector
+	la	%r1,S390X_KMC(%r4)
+	.long	0xb92f0042		# kmc %r4,%r2
+
+	lghi	%r0,S390X_QUERY		# query kmac capability vector
+	la	%r1,S390X_KMAC(%r4)
+	.long	0xb91e0042		# kmac %r4,%r2
+
+	tmhh	%r3,0x0004		# check for message-security-assist-4
+	jz	.Lret
+
+	lghi	%r0,S390X_QUERY		# query kmctr capability vector
+	la	%r1,S390X_KMCTR(%r4)
+	.long	0xb92d2042		# kmctr %r4,%r2,%r2
+
+	lghi	%r0,S390X_QUERY		# query kmo capability vector
+	la	%r1,S390X_KMO(%r4)
+	.long	0xb92b0042		# kmo %r4,%r2
+
+	lghi	%r0,S390X_QUERY		# query kmf capability vector
+	la	%r1,S390X_KMF(%r4)
+	.long	0xb92a0042		# kmf %r4,%r2
+
+	tml	%r2,0x40		# check for message-security-assist-5
+	jz	.Lret
+
+	lghi	%r0,S390X_QUERY		# query prno capability vector
+	la	%r1,S390X_PRNO(%r4)
+	.long	0xb93c0042		# prno %r4,%r2
+
+	lg	%r2,S390X_STFLE+16(%r4)
+	tmhl	%r2,0x2000		# check for message-security-assist-8
+	jz	.Lret
+
+	lghi	%r0,S390X_QUERY		# query kma capability vector
+	la	%r1,S390X_KMA(%r4)
+	.long	0xb9294022		# kma %r2,%r4,%r2
+
+.Lret:
+	br	$ra
+.size	OPENSSL_s390x_facilities,.-OPENSSL_s390x_facilities
+
+.globl	OPENSSL_rdtsc
+.type	OPENSSL_rdtsc,\@function
+.align	16
+OPENSSL_rdtsc:
+	larl	%r4,OPENSSL_s390xcap_P
+	tm	S390X_STFLE+3(%r4),0x40	# check for store-clock-fast facility
+	jz	.Lstck
+
+	.long	0xb27cf010	# stckf 16($sp)
+	lg	%r2,16($sp)
+	br	$ra
+.Lstck:
+	stck	16($sp)
+	lg	%r2,16($sp)
+	br	$ra
+.size	OPENSSL_rdtsc,.-OPENSSL_rdtsc
+
+.globl	OPENSSL_atomic_add
+.type	OPENSSL_atomic_add,\@function
+.align	16
+OPENSSL_atomic_add:
+	l	%r1,0(%r2)
+.Lspin:	lr	%r0,%r1
+	ar	%r0,%r3
+	cs	%r1,%r0,0(%r2)
+	brc	4,.Lspin
+	lgfr	%r2,%r0		# OpenSSL expects the new value
+	br	$ra
+.size	OPENSSL_atomic_add,.-OPENSSL_atomic_add
+
+.globl	OPENSSL_wipe_cpu
+.type	OPENSSL_wipe_cpu,\@function
+.align	16
+OPENSSL_wipe_cpu:
+	xgr	%r0,%r0
+	xgr	%r1,%r1
+	lgr	%r2,$sp
+	xgr	%r3,%r3
+	xgr	%r4,%r4
+	lzdr	%f0
+	lzdr	%f1
+	lzdr	%f2
+	lzdr	%f3
+	lzdr	%f4
+	lzdr	%f5
+	lzdr	%f6
+	lzdr	%f7
+	br	$ra
+.size	OPENSSL_wipe_cpu,.-OPENSSL_wipe_cpu
+
+.globl	OPENSSL_cleanse
+.type	OPENSSL_cleanse,\@function
+.align	16
+OPENSSL_cleanse:
+#if !defined(__s390x__) && !defined(__s390x)
+	llgfr	%r3,%r3
+#endif
+	lghi	%r4,15
+	lghi	%r0,0
+	clgr	%r3,%r4
+	jh	.Lot
+	clgr	%r3,%r0
+	bcr	8,%r14
+.Little:
+	stc	%r0,0(%r2)
+	la	%r2,1(%r2)
+	brctg	%r3,.Little
+	br	%r14
+.align	4
+.Lot:	tmll	%r2,7
+	jz	.Laligned
+	stc	%r0,0(%r2)
+	la	%r2,1(%r2)
+	brctg	%r3,.Lot
+.Laligned:
+	srlg	%r4,%r3,3
+.Loop:	stg	%r0,0(%r2)
+	la	%r2,8(%r2)
+	brctg	%r4,.Loop
+	lghi	%r4,7
+	ngr	%r3,%r4
+	jnz	.Little
+	br	$ra
+.size	OPENSSL_cleanse,.-OPENSSL_cleanse
+
+.globl	CRYPTO_memcmp
+.type	CRYPTO_memcmp,\@function
+.align	16
+CRYPTO_memcmp:
+#if !defined(__s390x__) && !defined(__s390x)
+	llgfr	%r4,%r4
+#endif
+	lghi	%r5,0
+	clgr	%r4,%r5
+	je	.Lno_data
+
+.Loop_cmp:
+	llgc	%r0,0(%r2)
+	la	%r2,1(%r2)
+	llgc	%r1,0(%r3)
+	la	%r3,1(%r3)
+	xr	%r1,%r0
+	or	%r5,%r1
+	brctg	%r4,.Loop_cmp
+
+	lnr	%r5,%r5
+	srl	%r5,31
+.Lno_data:
+	lgr	%r2,%r5
+	br	$ra
+.size	CRYPTO_memcmp,.-CRYPTO_memcmp
+
+.globl	OPENSSL_instrument_bus
+.type	OPENSSL_instrument_bus,\@function
+.align	16
+OPENSSL_instrument_bus:
+	lghi	%r2,0
+	br	%r14
+.size	OPENSSL_instrument_bus,.-OPENSSL_instrument_bus
+
+.globl	OPENSSL_instrument_bus2
+.type	OPENSSL_instrument_bus2,\@function
+.align	16
+OPENSSL_instrument_bus2:
+	lghi	%r2,0
+	br	$ra
+.size	OPENSSL_instrument_bus2,.-OPENSSL_instrument_bus2
+
+.globl	OPENSSL_vx_probe
+.type	OPENSSL_vx_probe,\@function
+.align	16
+OPENSSL_vx_probe:
+	.word	0xe700,0x0000,0x0044	# vzero %v0
+	br	$ra
+.size	OPENSSL_vx_probe,.-OPENSSL_vx_probe
+___
+
+{
+################
+# void s390x_kimd(const unsigned char *in, size_t len, unsigned int fc,
+#                 void *param)
+my ($in,$len,$fc,$param) = map("%r$_",(2..5));
+$code.=<<___;
+.globl	s390x_kimd
+.type	s390x_kimd,\@function
+.align	16
+s390x_kimd:
+	llgfr	%r0,$fc
+	lgr	%r1,$param
+
+	.long	0xb93e0002	# kimd %r0,%r2
+	brc	1,.-4		# pay attention to "partial completion"
+
+	br	$ra
+.size	s390x_kimd,.-s390x_kimd
+___
+}
+
+{
+################
+# void s390x_klmd(const unsigned char *in, size_t inlen, unsigned char *out,
+#                 size_t outlen, unsigned int fc, void *param)
+my ($in,$inlen,$out,$outlen,$fc) = map("%r$_",(2..6));
+$code.=<<___;
+.globl	s390x_klmd
+.type	s390x_klmd,\@function
+.align	32
+s390x_klmd:
+	llgfr	%r0,$fc
+	l${g}	%r1,$stdframe($sp)
+
+	.long	0xb93f0042	# klmd %r4,%r2
+	brc	1,.-4		# pay attention to "partial completion"
+
+	br	$ra
+.size	s390x_klmd,.-s390x_klmd
+___
+}
+
+################
+# void s390x_km(const unsigned char *in, size_t len, unsigned char *out,
+#               unsigned int fc, void *param)
+{
+my ($in,$len,$out,$fc,$param) = map("%r$_",(2..6));
+$code.=<<___;
+.globl	s390x_km
+.type	s390x_km,\@function
+.align	16
+s390x_km:
+	lr	%r0,$fc
+	l${g}r	%r1,$param
+
+	.long	0xb92e0042	# km $out,$in
+	brc	1,.-4		# pay attention to "partial completion"
+
+	br	$ra
+.size	s390x_km,.-s390x_km
+___
+}
+
+################
+# void s390x_kmac(const unsigned char *in, size_t len, unsigned int fc,
+#                 void *param)
+{
+my ($in,$len,$fc,$param) = map("%r$_",(2..5));
+$code.=<<___;
+.globl	s390x_kmac
+.type	s390x_kmac,\@function
+.align	16
+s390x_kmac:
+	lr	%r0,$fc
+	l${g}r	%r1,$param
+
+	.long	0xb91e0002	# kmac %r0,$in
+	brc	1,.-4		# pay attention to "partial completion"
+
+	br	$ra
+.size	s390x_kmac,.-s390x_kmac
+___
+}
+
+################
+# void s390x_kmo(const unsigned char *in, size_t len, unsigned char *out,
+#                unsigned int fc, void *param)
+{
+my ($in,$len,$out,$fc,$param) = map("%r$_",(2..6));
+$code.=<<___;
+.globl	s390x_kmo
+.type	s390x_kmo,\@function
+.align	16
+s390x_kmo:
+	lr	%r0,$fc
+	l${g}r	%r1,$param
+
+	.long	0xb92b0042	# kmo $out,$in
+	brc	1,.-4		# pay attention to "partial completion"
+
+	br	$ra
+.size	s390x_kmo,.-s390x_kmo
+___
+}
+
+################
+# void s390x_kmf(const unsigned char *in, size_t len, unsigned char *out,
+#                unsigned int fc, void *param)
+{
+my ($in,$len,$out,$fc,$param) = map("%r$_",(2..6));
+$code.=<<___;
+.globl	s390x_kmf
+.type	s390x_kmf,\@function
+.align	16
+s390x_kmf:
+	lr	%r0,$fc
+	l${g}r	%r1,$param
+
+	.long	0xb92a0042	# kmf $out,$in
+	brc	1,.-4		# pay attention to "partial completion"
+
+	br	$ra
+.size	s390x_kmf,.-s390x_kmf
+___
+}
+
+################
+# void s390x_kma(const unsigned char *aad, size_t alen,
+#                const unsigned char *in, size_t len,
+#                unsigned char *out, unsigned int fc, void *param)
+{
+my ($aad,$alen,$in,$len,$out) = map("%r$_",(2..6));
+$code.=<<___;
+.globl	s390x_kma
+.type	s390x_kma,\@function
+.align	16
+s390x_kma:
+	st${g}	$out,6*$SIZE_T($sp)
+	lm${g}	%r0,%r1,$stdframe($sp)
+
+	.long	0xb9292064	# kma $out,$aad,$in
+	brc	1,.-4		# pay attention to "partial completion"
+
+	l${g}	$out,6*$SIZE_T($sp)
+	br	$ra
+.size	s390x_kma,.-s390x_kma
+___
+}
+
+$code.=<<___;
+.section	.init
+	brasl	$ra,OPENSSL_cpuid_setup
+___
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT;	# force flush
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/seed/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/seed/build.info
new file mode 100644
index 000000000..abdcbcaa9
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/seed/build.info
@@ -0,0 +1,2 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=seed.c seed_ecb.c seed_cbc.c seed_cfb.c seed_ofb.c
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/seed/seed.c b/trunk/3rdparty/openssl-1.1-fit/crypto/seed/seed.c
new file mode 100644
index 000000000..d62da91ed
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/seed/seed.c
@@ -0,0 +1,590 @@
+/*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Neither the name of author nor the names of its contributors may
+ *    be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ */
+#ifndef OPENSSL_NO_SEED
+
+# include <stdio.h>
+# include <stdlib.h>
+# include <string.h>
+# ifdef _WIN32
+#  include <memory.h>
+# endif
+
+# include <openssl/seed.h>
+# include "seed_locl.h"
+
+# ifdef SS                      /* can get defined on Solaris by inclusion of
+                                 * <stdlib.h> */
+#  undef SS
+# endif
+
+# if !defined(OPENSSL_SMALL_FOOTPRINT)
+
+#  define G_FUNC(v)       \
+        SS[0][(unsigned char)      (v) & 0xff] ^ \
+        SS[1][(unsigned char) ((v)>>8) & 0xff] ^ \
+        SS[2][(unsigned char)((v)>>16) & 0xff] ^ \
+        SS[3][(unsigned char)((v)>>24) & 0xff]
+
+static const seed_word SS[4][256] = {
+    { 0x2989a1a8, 0x05858184, 0x16c6d2d4, 0x13c3d3d0,
+      0x14445054, 0x1d0d111c, 0x2c8ca0ac, 0x25052124,
+      0x1d4d515c, 0x03434340, 0x18081018, 0x1e0e121c,
+      0x11415150, 0x3cccf0fc, 0x0acac2c8, 0x23436360,
+      0x28082028, 0x04444044, 0x20002020, 0x1d8d919c,
+      0x20c0e0e0, 0x22c2e2e0, 0x08c8c0c8, 0x17071314,
+      0x2585a1a4, 0x0f8f838c, 0x03030300, 0x3b4b7378,
+      0x3b8bb3b8, 0x13031310, 0x12c2d2d0, 0x2ecee2ec,
+      0x30407070, 0x0c8c808c, 0x3f0f333c, 0x2888a0a8,
+      0x32023230, 0x1dcdd1dc, 0x36c6f2f4, 0x34447074,
+      0x2ccce0ec, 0x15859194, 0x0b0b0308, 0x17475354,
+      0x1c4c505c, 0x1b4b5358, 0x3d8db1bc, 0x01010100,
+      0x24042024, 0x1c0c101c, 0x33437370, 0x18889098,
+      0x10001010, 0x0cccc0cc, 0x32c2f2f0, 0x19c9d1d8,
+      0x2c0c202c, 0x27c7e3e4, 0x32427270, 0x03838380,
+      0x1b8b9398, 0x11c1d1d0, 0x06868284, 0x09c9c1c8,
+      0x20406060, 0x10405050, 0x2383a3a0, 0x2bcbe3e8,
+      0x0d0d010c, 0x3686b2b4, 0x1e8e929c, 0x0f4f434c,
+      0x3787b3b4, 0x1a4a5258, 0x06c6c2c4, 0x38487078,
+      0x2686a2a4, 0x12021210, 0x2f8fa3ac, 0x15c5d1d4,
+      0x21416160, 0x03c3c3c0, 0x3484b0b4, 0x01414140,
+      0x12425250, 0x3d4d717c, 0x0d8d818c, 0x08080008,
+      0x1f0f131c, 0x19899198, 0x00000000, 0x19091118,
+      0x04040004, 0x13435350, 0x37c7f3f4, 0x21c1e1e0,
+      0x3dcdf1fc, 0x36467274, 0x2f0f232c, 0x27072324,
+      0x3080b0b0, 0x0b8b8388, 0x0e0e020c, 0x2b8ba3a8,
+      0x2282a2a0, 0x2e4e626c, 0x13839390, 0x0d4d414c,
+      0x29496168, 0x3c4c707c, 0x09090108, 0x0a0a0208,
+      0x3f8fb3bc, 0x2fcfe3ec, 0x33c3f3f0, 0x05c5c1c4,
+      0x07878384, 0x14041014, 0x3ecef2fc, 0x24446064,
+      0x1eced2dc, 0x2e0e222c, 0x0b4b4348, 0x1a0a1218,
+      0x06060204, 0x21012120, 0x2b4b6368, 0x26466264,
+      0x02020200, 0x35c5f1f4, 0x12829290, 0x0a8a8288,
+      0x0c0c000c, 0x3383b3b0, 0x3e4e727c, 0x10c0d0d0,
+      0x3a4a7278, 0x07474344, 0x16869294, 0x25c5e1e4,
+      0x26062224, 0x00808080, 0x2d8da1ac, 0x1fcfd3dc,
+      0x2181a1a0, 0x30003030, 0x37073334, 0x2e8ea2ac,
+      0x36063234, 0x15051114, 0x22022220, 0x38083038,
+      0x34c4f0f4, 0x2787a3a4, 0x05454144, 0x0c4c404c,
+      0x01818180, 0x29c9e1e8, 0x04848084, 0x17879394,
+      0x35053134, 0x0bcbc3c8, 0x0ecec2cc, 0x3c0c303c,
+      0x31417170, 0x11011110, 0x07c7c3c4, 0x09898188,
+      0x35457174, 0x3bcbf3f8, 0x1acad2d8, 0x38c8f0f8,
+      0x14849094, 0x19495158, 0x02828280, 0x04c4c0c4,
+      0x3fcff3fc, 0x09494148, 0x39093138, 0x27476364,
+      0x00c0c0c0, 0x0fcfc3cc, 0x17c7d3d4, 0x3888b0b8,
+      0x0f0f030c, 0x0e8e828c, 0x02424240, 0x23032320,
+      0x11819190, 0x2c4c606c, 0x1bcbd3d8, 0x2484a0a4,
+      0x34043034, 0x31c1f1f0, 0x08484048, 0x02c2c2c0,
+      0x2f4f636c, 0x3d0d313c, 0x2d0d212c, 0x00404040,
+      0x3e8eb2bc, 0x3e0e323c, 0x3c8cb0bc, 0x01c1c1c0,
+      0x2a8aa2a8, 0x3a8ab2b8, 0x0e4e424c, 0x15455154,
+      0x3b0b3338, 0x1cccd0dc, 0x28486068, 0x3f4f737c,
+      0x1c8c909c, 0x18c8d0d8, 0x0a4a4248, 0x16465254,
+      0x37477374, 0x2080a0a0, 0x2dcde1ec, 0x06464244,
+      0x3585b1b4, 0x2b0b2328, 0x25456164, 0x3acaf2f8,
+      0x23c3e3e0, 0x3989b1b8, 0x3181b1b0, 0x1f8f939c,
+      0x1e4e525c, 0x39c9f1f8, 0x26c6e2e4, 0x3282b2b0,
+      0x31013130, 0x2acae2e8, 0x2d4d616c, 0x1f4f535c,
+      0x24c4e0e4, 0x30c0f0f0, 0x0dcdc1cc, 0x08888088,
+      0x16061214, 0x3a0a3238, 0x18485058, 0x14c4d0d4,
+      0x22426260, 0x29092128, 0x07070304, 0x33033330,
+      0x28c8e0e8, 0x1b0b1318, 0x05050104, 0x39497178,
+      0x10809090, 0x2a4a6268, 0x2a0a2228, 0x1a8a9298
+    },
+    { 0x38380830, 0xe828c8e0, 0x2c2d0d21, 0xa42686a2,
+      0xcc0fcfc3, 0xdc1eced2, 0xb03383b3, 0xb83888b0,
+      0xac2f8fa3, 0x60204060, 0x54154551, 0xc407c7c3,
+      0x44044440, 0x6c2f4f63, 0x682b4b63, 0x581b4b53,
+      0xc003c3c3, 0x60224262, 0x30330333, 0xb43585b1,
+      0x28290921, 0xa02080a0, 0xe022c2e2, 0xa42787a3,
+      0xd013c3d3, 0x90118191, 0x10110111, 0x04060602,
+      0x1c1c0c10, 0xbc3c8cb0, 0x34360632, 0x480b4b43,
+      0xec2fcfe3, 0x88088880, 0x6c2c4c60, 0xa82888a0,
+      0x14170713, 0xc404c4c0, 0x14160612, 0xf434c4f0,
+      0xc002c2c2, 0x44054541, 0xe021c1e1, 0xd416c6d2,
+      0x3c3f0f33, 0x3c3d0d31, 0x8c0e8e82, 0x98188890,
+      0x28280820, 0x4c0e4e42, 0xf436c6f2, 0x3c3e0e32,
+      0xa42585a1, 0xf839c9f1, 0x0c0d0d01, 0xdc1fcfd3,
+      0xd818c8d0, 0x282b0b23, 0x64264662, 0x783a4a72,
+      0x24270723, 0x2c2f0f23, 0xf031c1f1, 0x70324272,
+      0x40024242, 0xd414c4d0, 0x40014141, 0xc000c0c0,
+      0x70334373, 0x64274763, 0xac2c8ca0, 0x880b8b83,
+      0xf437c7f3, 0xac2d8da1, 0x80008080, 0x1c1f0f13,
+      0xc80acac2, 0x2c2c0c20, 0xa82a8aa2, 0x34340430,
+      0xd012c2d2, 0x080b0b03, 0xec2ecee2, 0xe829c9e1,
+      0x5c1d4d51, 0x94148490, 0x18180810, 0xf838c8f0,
+      0x54174753, 0xac2e8ea2, 0x08080800, 0xc405c5c1,
+      0x10130313, 0xcc0dcdc1, 0x84068682, 0xb83989b1,
+      0xfc3fcff3, 0x7c3d4d71, 0xc001c1c1, 0x30310131,
+      0xf435c5f1, 0x880a8a82, 0x682a4a62, 0xb03181b1,
+      0xd011c1d1, 0x20200020, 0xd417c7d3, 0x00020202,
+      0x20220222, 0x04040400, 0x68284860, 0x70314171,
+      0x04070703, 0xd81bcbd3, 0x9c1d8d91, 0x98198991,
+      0x60214161, 0xbc3e8eb2, 0xe426c6e2, 0x58194951,
+      0xdc1dcdd1, 0x50114151, 0x90108090, 0xdc1cccd0,
+      0x981a8a92, 0xa02383a3, 0xa82b8ba3, 0xd010c0d0,
+      0x80018181, 0x0c0f0f03, 0x44074743, 0x181a0a12,
+      0xe023c3e3, 0xec2ccce0, 0x8c0d8d81, 0xbc3f8fb3,
+      0x94168692, 0x783b4b73, 0x5c1c4c50, 0xa02282a2,
+      0xa02181a1, 0x60234363, 0x20230323, 0x4c0d4d41,
+      0xc808c8c0, 0x9c1e8e92, 0x9c1c8c90, 0x383a0a32,
+      0x0c0c0c00, 0x2c2e0e22, 0xb83a8ab2, 0x6c2e4e62,
+      0x9c1f8f93, 0x581a4a52, 0xf032c2f2, 0x90128292,
+      0xf033c3f3, 0x48094941, 0x78384870, 0xcc0cccc0,
+      0x14150511, 0xf83bcbf3, 0x70304070, 0x74354571,
+      0x7c3f4f73, 0x34350531, 0x10100010, 0x00030303,
+      0x64244460, 0x6c2d4d61, 0xc406c6c2, 0x74344470,
+      0xd415c5d1, 0xb43484b0, 0xe82acae2, 0x08090901,
+      0x74364672, 0x18190911, 0xfc3ecef2, 0x40004040,
+      0x10120212, 0xe020c0e0, 0xbc3d8db1, 0x04050501,
+      0xf83acaf2, 0x00010101, 0xf030c0f0, 0x282a0a22,
+      0x5c1e4e52, 0xa82989a1, 0x54164652, 0x40034343,
+      0x84058581, 0x14140410, 0x88098981, 0x981b8b93,
+      0xb03080b0, 0xe425c5e1, 0x48084840, 0x78394971,
+      0x94178793, 0xfc3cccf0, 0x1c1e0e12, 0x80028282,
+      0x20210121, 0x8c0c8c80, 0x181b0b13, 0x5c1f4f53,
+      0x74374773, 0x54144450, 0xb03282b2, 0x1c1d0d11,
+      0x24250521, 0x4c0f4f43, 0x00000000, 0x44064642,
+      0xec2dcde1, 0x58184850, 0x50124252, 0xe82bcbe3,
+      0x7c3e4e72, 0xd81acad2, 0xc809c9c1, 0xfc3dcdf1,
+      0x30300030, 0x94158591, 0x64254561, 0x3c3c0c30,
+      0xb43686b2, 0xe424c4e0, 0xb83b8bb3, 0x7c3c4c70,
+      0x0c0e0e02, 0x50104050, 0x38390931, 0x24260622,
+      0x30320232, 0x84048480, 0x68294961, 0x90138393,
+      0x34370733, 0xe427c7e3, 0x24240420, 0xa42484a0,
+      0xc80bcbc3, 0x50134353, 0x080a0a02, 0x84078783,
+      0xd819c9d1, 0x4c0c4c40, 0x80038383, 0x8c0f8f83,
+      0xcc0ecec2, 0x383b0b33, 0x480a4a42, 0xb43787b3
+    },
+    { 0xa1a82989, 0x81840585, 0xd2d416c6, 0xd3d013c3,
+      0x50541444, 0x111c1d0d, 0xa0ac2c8c, 0x21242505,
+      0x515c1d4d, 0x43400343, 0x10181808, 0x121c1e0e,
+      0x51501141, 0xf0fc3ccc, 0xc2c80aca, 0x63602343,
+      0x20282808, 0x40440444, 0x20202000, 0x919c1d8d,
+      0xe0e020c0, 0xe2e022c2, 0xc0c808c8, 0x13141707,
+      0xa1a42585, 0x838c0f8f, 0x03000303, 0x73783b4b,
+      0xb3b83b8b, 0x13101303, 0xd2d012c2, 0xe2ec2ece,
+      0x70703040, 0x808c0c8c, 0x333c3f0f, 0xa0a82888,
+      0x32303202, 0xd1dc1dcd, 0xf2f436c6, 0x70743444,
+      0xe0ec2ccc, 0x91941585, 0x03080b0b, 0x53541747,
+      0x505c1c4c, 0x53581b4b, 0xb1bc3d8d, 0x01000101,
+      0x20242404, 0x101c1c0c, 0x73703343, 0x90981888,
+      0x10101000, 0xc0cc0ccc, 0xf2f032c2, 0xd1d819c9,
+      0x202c2c0c, 0xe3e427c7, 0x72703242, 0x83800383,
+      0x93981b8b, 0xd1d011c1, 0x82840686, 0xc1c809c9,
+      0x60602040, 0x50501040, 0xa3a02383, 0xe3e82bcb,
+      0x010c0d0d, 0xb2b43686, 0x929c1e8e, 0x434c0f4f,
+      0xb3b43787, 0x52581a4a, 0xc2c406c6, 0x70783848,
+      0xa2a42686, 0x12101202, 0xa3ac2f8f, 0xd1d415c5,
+      0x61602141, 0xc3c003c3, 0xb0b43484, 0x41400141,
+      0x52501242, 0x717c3d4d, 0x818c0d8d, 0x00080808,
+      0x131c1f0f, 0x91981989, 0x00000000, 0x11181909,
+      0x00040404, 0x53501343, 0xf3f437c7, 0xe1e021c1,
+      0xf1fc3dcd, 0x72743646, 0x232c2f0f, 0x23242707,
+      0xb0b03080, 0x83880b8b, 0x020c0e0e, 0xa3a82b8b,
+      0xa2a02282, 0x626c2e4e, 0x93901383, 0x414c0d4d,
+      0x61682949, 0x707c3c4c, 0x01080909, 0x02080a0a,
+      0xb3bc3f8f, 0xe3ec2fcf, 0xf3f033c3, 0xc1c405c5,
+      0x83840787, 0x10141404, 0xf2fc3ece, 0x60642444,
+      0xd2dc1ece, 0x222c2e0e, 0x43480b4b, 0x12181a0a,
+      0x02040606, 0x21202101, 0x63682b4b, 0x62642646,
+      0x02000202, 0xf1f435c5, 0x92901282, 0x82880a8a,
+      0x000c0c0c, 0xb3b03383, 0x727c3e4e, 0xd0d010c0,
+      0x72783a4a, 0x43440747, 0x92941686, 0xe1e425c5,
+      0x22242606, 0x80800080, 0xa1ac2d8d, 0xd3dc1fcf,
+      0xa1a02181, 0x30303000, 0x33343707, 0xa2ac2e8e,
+      0x32343606, 0x11141505, 0x22202202, 0x30383808,
+      0xf0f434c4, 0xa3a42787, 0x41440545, 0x404c0c4c,
+      0x81800181, 0xe1e829c9, 0x80840484, 0x93941787,
+      0x31343505, 0xc3c80bcb, 0xc2cc0ece, 0x303c3c0c,
+      0x71703141, 0x11101101, 0xc3c407c7, 0x81880989,
+      0x71743545, 0xf3f83bcb, 0xd2d81aca, 0xf0f838c8,
+      0x90941484, 0x51581949, 0x82800282, 0xc0c404c4,
+      0xf3fc3fcf, 0x41480949, 0x31383909, 0x63642747,
+      0xc0c000c0, 0xc3cc0fcf, 0xd3d417c7, 0xb0b83888,
+      0x030c0f0f, 0x828c0e8e, 0x42400242, 0x23202303,
+      0x91901181, 0x606c2c4c, 0xd3d81bcb, 0xa0a42484,
+      0x30343404, 0xf1f031c1, 0x40480848, 0xc2c002c2,
+      0x636c2f4f, 0x313c3d0d, 0x212c2d0d, 0x40400040,
+      0xb2bc3e8e, 0x323c3e0e, 0xb0bc3c8c, 0xc1c001c1,
+      0xa2a82a8a, 0xb2b83a8a, 0x424c0e4e, 0x51541545,
+      0x33383b0b, 0xd0dc1ccc, 0x60682848, 0x737c3f4f,
+      0x909c1c8c, 0xd0d818c8, 0x42480a4a, 0x52541646,
+      0x73743747, 0xa0a02080, 0xe1ec2dcd, 0x42440646,
+      0xb1b43585, 0x23282b0b, 0x61642545, 0xf2f83aca,
+      0xe3e023c3, 0xb1b83989, 0xb1b03181, 0x939c1f8f,
+      0x525c1e4e, 0xf1f839c9, 0xe2e426c6, 0xb2b03282,
+      0x31303101, 0xe2e82aca, 0x616c2d4d, 0x535c1f4f,
+      0xe0e424c4, 0xf0f030c0, 0xc1cc0dcd, 0x80880888,
+      0x12141606, 0x32383a0a, 0x50581848, 0xd0d414c4,
+      0x62602242, 0x21282909, 0x03040707, 0x33303303,
+      0xe0e828c8, 0x13181b0b, 0x01040505, 0x71783949,
+      0x90901080, 0x62682a4a, 0x22282a0a, 0x92981a8a
+    },
+    { 0x08303838, 0xc8e0e828, 0x0d212c2d, 0x86a2a426,
+      0xcfc3cc0f, 0xced2dc1e, 0x83b3b033, 0x88b0b838,
+      0x8fa3ac2f, 0x40606020, 0x45515415, 0xc7c3c407,
+      0x44404404, 0x4f636c2f, 0x4b63682b, 0x4b53581b,
+      0xc3c3c003, 0x42626022, 0x03333033, 0x85b1b435,
+      0x09212829, 0x80a0a020, 0xc2e2e022, 0x87a3a427,
+      0xc3d3d013, 0x81919011, 0x01111011, 0x06020406,
+      0x0c101c1c, 0x8cb0bc3c, 0x06323436, 0x4b43480b,
+      0xcfe3ec2f, 0x88808808, 0x4c606c2c, 0x88a0a828,
+      0x07131417, 0xc4c0c404, 0x06121416, 0xc4f0f434,
+      0xc2c2c002, 0x45414405, 0xc1e1e021, 0xc6d2d416,
+      0x0f333c3f, 0x0d313c3d, 0x8e828c0e, 0x88909818,
+      0x08202828, 0x4e424c0e, 0xc6f2f436, 0x0e323c3e,
+      0x85a1a425, 0xc9f1f839, 0x0d010c0d, 0xcfd3dc1f,
+      0xc8d0d818, 0x0b23282b, 0x46626426, 0x4a72783a,
+      0x07232427, 0x0f232c2f, 0xc1f1f031, 0x42727032,
+      0x42424002, 0xc4d0d414, 0x41414001, 0xc0c0c000,
+      0x43737033, 0x47636427, 0x8ca0ac2c, 0x8b83880b,
+      0xc7f3f437, 0x8da1ac2d, 0x80808000, 0x0f131c1f,
+      0xcac2c80a, 0x0c202c2c, 0x8aa2a82a, 0x04303434,
+      0xc2d2d012, 0x0b03080b, 0xcee2ec2e, 0xc9e1e829,
+      0x4d515c1d, 0x84909414, 0x08101818, 0xc8f0f838,
+      0x47535417, 0x8ea2ac2e, 0x08000808, 0xc5c1c405,
+      0x03131013, 0xcdc1cc0d, 0x86828406, 0x89b1b839,
+      0xcff3fc3f, 0x4d717c3d, 0xc1c1c001, 0x01313031,
+      0xc5f1f435, 0x8a82880a, 0x4a62682a, 0x81b1b031,
+      0xc1d1d011, 0x00202020, 0xc7d3d417, 0x02020002,
+      0x02222022, 0x04000404, 0x48606828, 0x41717031,
+      0x07030407, 0xcbd3d81b, 0x8d919c1d, 0x89919819,
+      0x41616021, 0x8eb2bc3e, 0xc6e2e426, 0x49515819,
+      0xcdd1dc1d, 0x41515011, 0x80909010, 0xccd0dc1c,
+      0x8a92981a, 0x83a3a023, 0x8ba3a82b, 0xc0d0d010,
+      0x81818001, 0x0f030c0f, 0x47434407, 0x0a12181a,
+      0xc3e3e023, 0xcce0ec2c, 0x8d818c0d, 0x8fb3bc3f,
+      0x86929416, 0x4b73783b, 0x4c505c1c, 0x82a2a022,
+      0x81a1a021, 0x43636023, 0x03232023, 0x4d414c0d,
+      0xc8c0c808, 0x8e929c1e, 0x8c909c1c, 0x0a32383a,
+      0x0c000c0c, 0x0e222c2e, 0x8ab2b83a, 0x4e626c2e,
+      0x8f939c1f, 0x4a52581a, 0xc2f2f032, 0x82929012,
+      0xc3f3f033, 0x49414809, 0x48707838, 0xccc0cc0c,
+      0x05111415, 0xcbf3f83b, 0x40707030, 0x45717435,
+      0x4f737c3f, 0x05313435, 0x00101010, 0x03030003,
+      0x44606424, 0x4d616c2d, 0xc6c2c406, 0x44707434,
+      0xc5d1d415, 0x84b0b434, 0xcae2e82a, 0x09010809,
+      0x46727436, 0x09111819, 0xcef2fc3e, 0x40404000,
+      0x02121012, 0xc0e0e020, 0x8db1bc3d, 0x05010405,
+      0xcaf2f83a, 0x01010001, 0xc0f0f030, 0x0a22282a,
+      0x4e525c1e, 0x89a1a829, 0x46525416, 0x43434003,
+      0x85818405, 0x04101414, 0x89818809, 0x8b93981b,
+      0x80b0b030, 0xc5e1e425, 0x48404808, 0x49717839,
+      0x87939417, 0xccf0fc3c, 0x0e121c1e, 0x82828002,
+      0x01212021, 0x8c808c0c, 0x0b13181b, 0x4f535c1f,
+      0x47737437, 0x44505414, 0x82b2b032, 0x0d111c1d,
+      0x05212425, 0x4f434c0f, 0x00000000, 0x46424406,
+      0xcde1ec2d, 0x48505818, 0x42525012, 0xcbe3e82b,
+      0x4e727c3e, 0xcad2d81a, 0xc9c1c809, 0xcdf1fc3d,
+      0x00303030, 0x85919415, 0x45616425, 0x0c303c3c,
+      0x86b2b436, 0xc4e0e424, 0x8bb3b83b, 0x4c707c3c,
+      0x0e020c0e, 0x40505010, 0x09313839, 0x06222426,
+      0x02323032, 0x84808404, 0x49616829, 0x83939013,
+      0x07333437, 0xc7e3e427, 0x04202424, 0x84a0a424,
+      0xcbc3c80b, 0x43535013, 0x0a02080a, 0x87838407,
+      0xc9d1d819, 0x4c404c0c, 0x83838003, 0x8f838c0f,
+      0xcec2cc0e, 0x0b33383b, 0x4a42480a, 0x87b3b437
+    }
+};
+
+#else
+
+/* on x86_64 >5x size reduction at 40% performance penalty */
+static const unsigned char SEED_Sbox[2][256] = {
+{
+      0xA9, 0x85, 0xD6, 0xD3, 0x54, 0x1D, 0xAC, 0x25,
+      0x5D, 0x43, 0x18, 0x1E, 0x51, 0xFC, 0xCA, 0x63,
+      0x28, 0x44, 0x20, 0x9D, 0xE0, 0xE2, 0xC8, 0x17,
+      0xA5, 0x8F, 0x03, 0x7B, 0xBB, 0x13, 0xD2, 0xEE,
+      0x70, 0x8C, 0x3F, 0xA8, 0x32, 0xDD, 0xF6, 0x74,
+      0xEC, 0x95, 0x0B, 0x57, 0x5C, 0x5B, 0xBD, 0x01,
+      0x24, 0x1C, 0x73, 0x98, 0x10, 0xCC, 0xF2, 0xD9,
+      0x2C, 0xE7, 0x72, 0x83, 0x9B, 0xD1, 0x86, 0xC9,
+      0x60, 0x50, 0xA3, 0xEB, 0x0D, 0xB6, 0x9E, 0x4F,
+      0xB7, 0x5A, 0xC6, 0x78, 0xA6, 0x12, 0xAF, 0xD5,
+      0x61, 0xC3, 0xB4, 0x41, 0x52, 0x7D, 0x8D, 0x08,
+      0x1F, 0x99, 0x00, 0x19, 0x04, 0x53, 0xF7, 0xE1,
+      0xFD, 0x76, 0x2F, 0x27, 0xB0, 0x8B, 0x0E, 0xAB,
+      0xA2, 0x6E, 0x93, 0x4D, 0x69, 0x7C, 0x09, 0x0A,
+      0xBF, 0xEF, 0xF3, 0xC5, 0x87, 0x14, 0xFE, 0x64,
+      0xDE, 0x2E, 0x4B, 0x1A, 0x06, 0x21, 0x6B, 0x66,
+      0x02, 0xF5, 0x92, 0x8A, 0x0C, 0xB3, 0x7E, 0xD0,
+      0x7A, 0x47, 0x96, 0xE5, 0x26, 0x80, 0xAD, 0xDF,
+      0xA1, 0x30, 0x37, 0xAE, 0x36, 0x15, 0x22, 0x38,
+      0xF4, 0xA7, 0x45, 0x4C, 0x81, 0xE9, 0x84, 0x97,
+      0x35, 0xCB, 0xCE, 0x3C, 0x71, 0x11, 0xC7, 0x89,
+      0x75, 0xFB, 0xDA, 0xF8, 0x94, 0x59, 0x82, 0xC4,
+      0xFF, 0x49, 0x39, 0x67, 0xC0, 0xCF, 0xD7, 0xB8,
+      0x0F, 0x8E, 0x42, 0x23, 0x91, 0x6C, 0xDB, 0xA4,
+      0x34, 0xF1, 0x48, 0xC2, 0x6F, 0x3D, 0x2D, 0x40,
+      0xBE, 0x3E, 0xBC, 0xC1, 0xAA, 0xBA, 0x4E, 0x55,
+      0x3B, 0xDC, 0x68, 0x7F, 0x9C, 0xD8, 0x4A, 0x56,
+      0x77, 0xA0, 0xED, 0x46, 0xB5, 0x2B, 0x65, 0xFA,
+      0xE3, 0xB9, 0xB1, 0x9F, 0x5E, 0xF9, 0xE6, 0xB2,
+      0x31, 0xEA, 0x6D, 0x5F, 0xE4, 0xF0, 0xCD, 0x88,
+      0x16, 0x3A, 0x58, 0xD4, 0x62, 0x29, 0x07, 0x33,
+      0xE8, 0x1B, 0x05, 0x79, 0x90, 0x6A, 0x2A, 0x9A
+    },
+    {
+      0x38, 0xE8, 0x2D, 0xA6, 0xCF, 0xDE, 0xB3, 0xB8,
+      0xAF, 0x60, 0x55, 0xC7, 0x44, 0x6F, 0x6B, 0x5B,
+      0xC3, 0x62, 0x33, 0xB5, 0x29, 0xA0, 0xE2, 0xA7,
+      0xD3, 0x91, 0x11, 0x06, 0x1C, 0xBC, 0x36, 0x4B,
+      0xEF, 0x88, 0x6C, 0xA8, 0x17, 0xC4, 0x16, 0xF4,
+      0xC2, 0x45, 0xE1, 0xD6, 0x3F, 0x3D, 0x8E, 0x98,
+      0x28, 0x4E, 0xF6, 0x3E, 0xA5, 0xF9, 0x0D, 0xDF,
+      0xD8, 0x2B, 0x66, 0x7A, 0x27, 0x2F, 0xF1, 0x72,
+      0x42, 0xD4, 0x41, 0xC0, 0x73, 0x67, 0xAC, 0x8B,
+      0xF7, 0xAD, 0x80, 0x1F, 0xCA, 0x2C, 0xAA, 0x34,
+      0xD2, 0x0B, 0xEE, 0xE9, 0x5D, 0x94, 0x18, 0xF8,
+      0x57, 0xAE, 0x08, 0xC5, 0x13, 0xCD, 0x86, 0xB9,
+      0xFF, 0x7D, 0xC1, 0x31, 0xF5, 0x8A, 0x6A, 0xB1,
+      0xD1, 0x20, 0xD7, 0x02, 0x22, 0x04, 0x68, 0x71,
+      0x07, 0xDB, 0x9D, 0x99, 0x61, 0xBE, 0xE6, 0x59,
+      0xDD, 0x51, 0x90, 0xDC, 0x9A, 0xA3, 0xAB, 0xD0,
+      0x81, 0x0F, 0x47, 0x1A, 0xE3, 0xEC, 0x8D, 0xBF,
+      0x96, 0x7B, 0x5C, 0xA2, 0xA1, 0x63, 0x23, 0x4D,
+      0xC8, 0x9E, 0x9C, 0x3A, 0x0C, 0x2E, 0xBA, 0x6E,
+      0x9F, 0x5A, 0xF2, 0x92, 0xF3, 0x49, 0x78, 0xCC,
+      0x15, 0xFB, 0x70, 0x75, 0x7F, 0x35, 0x10, 0x03,
+      0x64, 0x6D, 0xC6, 0x74, 0xD5, 0xB4, 0xEA, 0x09,
+      0x76, 0x19, 0xFE, 0x40, 0x12, 0xE0, 0xBD, 0x05,
+      0xFA, 0x01, 0xF0, 0x2A, 0x5E, 0xA9, 0x56, 0x43,
+      0x85, 0x14, 0x89, 0x9B, 0xB0, 0xE5, 0x48, 0x79,
+      0x97, 0xFC, 0x1E, 0x82, 0x21, 0x8C, 0x1B, 0x5F,
+      0x77, 0x54, 0xB2, 0x1D, 0x25, 0x4F, 0x00, 0x46,
+      0xED, 0x58, 0x52, 0xEB, 0x7E, 0xDA, 0xC9, 0xFD,
+      0x30, 0x95, 0x65, 0x3C, 0xB6, 0xE4, 0xBB, 0x7C,
+      0x0E, 0x50, 0x39, 0x26, 0x32, 0x84, 0x69, 0x93,
+      0x37, 0xE7, 0x24, 0xA4, 0xCB, 0x53, 0x0A, 0x87,
+      0xD9, 0x4C, 0x83, 0x8F, 0xCE, 0x3B, 0x4A, 0xB7
+    }
+};
+
+static unsigned int G_FUNC(unsigned int v)
+{
+    unsigned int s0, s1, s2, s3, ret;
+
+    s0 = SEED_Sbox[0][(unsigned char)      (v) & 0xff];
+    s1 = SEED_Sbox[1][(unsigned char)((v)>> 8) & 0xff];
+    s2 = SEED_Sbox[0][(unsigned char)((v)>>16) & 0xff];
+    s3 = SEED_Sbox[1][(unsigned char)((v)>>24) & 0xff];
+
+    ret  = ((s0 & 0xFC) ^ (s1 & 0xF3) ^ (s2 & 0xCF) ^ (s3 & 0x3F));
+    ret |= ((s0 & 0xF3) ^ (s1 & 0xCF) ^ (s2 & 0x3F) ^ (s3 & 0xFC)) << 8;
+    ret |= ((s0 & 0xCF) ^ (s1 & 0x3F) ^ (s2 & 0xFC) ^ (s3 & 0xF3)) << 16;
+    ret |= ((s0 & 0x3F) ^ (s1 & 0xFC) ^ (s2 & 0xF3) ^ (s3 & 0xCF)) << 24;
+
+    return ret;
+}
+# endif
+
+/* key schedule constants - golden ratio */
+# define KC0     0x9e3779b9
+# define KC1     0x3c6ef373
+# define KC2     0x78dde6e6
+# define KC3     0xf1bbcdcc
+# define KC4     0xe3779b99
+# define KC5     0xc6ef3733
+# define KC6     0x8dde6e67
+# define KC7     0x1bbcdccf
+# define KC8     0x3779b99e
+# define KC9     0x6ef3733c
+# define KC10    0xdde6e678
+# define KC11    0xbbcdccf1
+# define KC12    0x779b99e3
+# define KC13    0xef3733c6
+# define KC14    0xde6e678d
+# define KC15    0xbcdccf1b
+
+# if defined(OPENSSL_SMALL_FOOTPRINT)
+static const seed_word KC[] = {
+    KC0, KC1, KC2, KC3, KC4, KC5, KC6, KC7,
+    KC8, KC9, KC10, KC11, KC12, KC13, KC14, KC15
+};
+# endif
+
+void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH],
+                  SEED_KEY_SCHEDULE *ks)
+{
+    seed_word x1, x2, x3, x4;
+    seed_word t0, t1;
+
+    char2word(rawkey, x1);
+    char2word(rawkey + 4, x2);
+    char2word(rawkey + 8, x3);
+    char2word(rawkey + 12, x4);
+
+    t0 = (x1 + x3 - KC0) & 0xffffffff;
+    t1 = (x2 - x4 + KC0) & 0xffffffff;
+    KEYUPDATE_TEMP(t0, t1, &ks->data[0]);
+    KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC1);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[2]);
+
+# if !defined(OPENSSL_SMALL_FOOTPRINT)
+    KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC2);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[4]);
+    KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC3);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[6]);
+    KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC4);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[8]);
+    KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC5);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[10]);
+    KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC6);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[12]);
+    KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC7);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[14]);
+    KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC8);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[16]);
+    KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC9);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[18]);
+    KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC10);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[20]);
+    KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC11);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[22]);
+    KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC12);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[24]);
+    KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC13);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[26]);
+    KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC14);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[28]);
+    KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC15);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[30]);
+# else
+    {
+        int i;
+        for (i = 2; i < 16; i += 2) {
+            KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC[i]);
+            KEYUPDATE_TEMP(t0, t1, &ks->data[i * 2]);
+            KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC[i + 1]);
+            KEYUPDATE_TEMP(t0, t1, &ks->data[i * 2 + 2]);
+        }
+    }
+# endif
+}
+
+void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE],
+                  unsigned char d[SEED_BLOCK_SIZE],
+                  const SEED_KEY_SCHEDULE *ks)
+{
+    seed_word x1, x2, x3, x4;
+    seed_word t0, t1;
+
+    char2word(s, x1);
+    char2word(s + 4, x2);
+    char2word(s + 8, x3);
+    char2word(s + 12, x4);
+
+# if !defined(OPENSSL_SMALL_FOOTPRINT)
+    E_SEED(t0, t1, x1, x2, x3, x4, 0);
+    E_SEED(t0, t1, x3, x4, x1, x2, 2);
+    E_SEED(t0, t1, x1, x2, x3, x4, 4);
+    E_SEED(t0, t1, x3, x4, x1, x2, 6);
+    E_SEED(t0, t1, x1, x2, x3, x4, 8);
+    E_SEED(t0, t1, x3, x4, x1, x2, 10);
+    E_SEED(t0, t1, x1, x2, x3, x4, 12);
+    E_SEED(t0, t1, x3, x4, x1, x2, 14);
+    E_SEED(t0, t1, x1, x2, x3, x4, 16);
+    E_SEED(t0, t1, x3, x4, x1, x2, 18);
+    E_SEED(t0, t1, x1, x2, x3, x4, 20);
+    E_SEED(t0, t1, x3, x4, x1, x2, 22);
+    E_SEED(t0, t1, x1, x2, x3, x4, 24);
+    E_SEED(t0, t1, x3, x4, x1, x2, 26);
+    E_SEED(t0, t1, x1, x2, x3, x4, 28);
+    E_SEED(t0, t1, x3, x4, x1, x2, 30);
+# else
+    {
+        int i;
+        for (i = 0; i < 30; i += 4) {
+            E_SEED(t0, t1, x1, x2, x3, x4, i);
+            E_SEED(t0, t1, x3, x4, x1, x2, i + 2);
+        }
+    }
+# endif
+
+    word2char(x3, d);
+    word2char(x4, d + 4);
+    word2char(x1, d + 8);
+    word2char(x2, d + 12);
+}
+
+void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE],
+                  unsigned char d[SEED_BLOCK_SIZE],
+                  const SEED_KEY_SCHEDULE *ks)
+{
+    seed_word x1, x2, x3, x4;
+    seed_word t0, t1;
+
+    char2word(s, x1);
+    char2word(s + 4, x2);
+    char2word(s + 8, x3);
+    char2word(s + 12, x4);
+
+# if !defined(OPENSSL_SMALL_FOOTPRINT)
+    E_SEED(t0, t1, x1, x2, x3, x4, 30);
+    E_SEED(t0, t1, x3, x4, x1, x2, 28);
+    E_SEED(t0, t1, x1, x2, x3, x4, 26);
+    E_SEED(t0, t1, x3, x4, x1, x2, 24);
+    E_SEED(t0, t1, x1, x2, x3, x4, 22);
+    E_SEED(t0, t1, x3, x4, x1, x2, 20);
+    E_SEED(t0, t1, x1, x2, x3, x4, 18);
+    E_SEED(t0, t1, x3, x4, x1, x2, 16);
+    E_SEED(t0, t1, x1, x2, x3, x4, 14);
+    E_SEED(t0, t1, x3, x4, x1, x2, 12);
+    E_SEED(t0, t1, x1, x2, x3, x4, 10);
+    E_SEED(t0, t1, x3, x4, x1, x2, 8);
+    E_SEED(t0, t1, x1, x2, x3, x4, 6);
+    E_SEED(t0, t1, x3, x4, x1, x2, 4);
+    E_SEED(t0, t1, x1, x2, x3, x4, 2);
+    E_SEED(t0, t1, x3, x4, x1, x2, 0);
+# else
+    {
+        int i;
+        for (i = 30; i > 0; i -= 4) {
+            E_SEED(t0, t1, x1, x2, x3, x4, i);
+            E_SEED(t0, t1, x3, x4, x1, x2, i - 2);
+
+        }
+    }
+# endif
+
+    word2char(x3, d);
+    word2char(x4, d + 4);
+    word2char(x1, d + 8);
+    word2char(x2, d + 12);
+}
+
+#endif                          /* OPENSSL_NO_SEED */
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/seed/seed_cbc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/seed/seed_cbc.c
new file mode 100644
index 000000000..c9a4fe217
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/seed/seed_cbc.c
@@ -0,0 +1,23 @@
+/*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/seed.h>
+#include <openssl/modes.h>
+
+void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                      size_t len, const SEED_KEY_SCHEDULE *ks,
+                      unsigned char ivec[SEED_BLOCK_SIZE], int enc)
+{
+    if (enc)
+        CRYPTO_cbc128_encrypt(in, out, len, ks, ivec,
+                              (block128_f) SEED_encrypt);
+    else
+        CRYPTO_cbc128_decrypt(in, out, len, ks, ivec,
+                              (block128_f) SEED_decrypt);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/seed/seed_cfb.c b/trunk/3rdparty/openssl-1.1-fit/crypto/seed/seed_cfb.c
new file mode 100644
index 000000000..2aee1ffe3
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/seed/seed_cfb.c
@@ -0,0 +1,20 @@
+/*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/seed.h>
+#include <openssl/modes.h>
+
+void SEED_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+                         size_t len, const SEED_KEY_SCHEDULE *ks,
+                         unsigned char ivec[SEED_BLOCK_SIZE], int *num,
+                         int enc)
+{
+    CRYPTO_cfb128_encrypt(in, out, len, ks, ivec, num, enc,
+                          (block128_f) SEED_encrypt);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/seed/seed_ecb.c b/trunk/3rdparty/openssl-1.1-fit/crypto/seed/seed_ecb.c
new file mode 100644
index 000000000..b6e301ccd
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/seed/seed_ecb.c
@@ -0,0 +1,19 @@
+/*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/seed.h>
+
+void SEED_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                      const SEED_KEY_SCHEDULE *ks, int enc)
+{
+    if (enc)
+        SEED_encrypt(in, out, ks);
+    else
+        SEED_decrypt(in, out, ks);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/seed/seed_locl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/seed/seed_locl.h
new file mode 100644
index 000000000..ac2950d97
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/seed/seed_locl.h
@@ -0,0 +1,112 @@
+/*
+ * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Neither the name of author nor the names of its contributors may
+ *    be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ */
+#ifndef HEADER_SEED_LOCL_H
+# define HEADER_SEED_LOCL_H
+
+# include "openssl/e_os2.h"
+# include <openssl/seed.h>
+
+# ifdef SEED_LONG               /* need 32-bit type */
+typedef unsigned long seed_word;
+# else
+typedef unsigned int seed_word;
+# endif
+
+
+# define char2word(c, i)  \
+        (i) = ((((seed_word)(c)[0]) << 24) | (((seed_word)(c)[1]) << 16) | (((seed_word)(c)[2]) << 8) | ((seed_word)(c)[3]))
+
+# define word2char(l, c)  \
+        *((c)+0) = (unsigned char)((l)>>24) & 0xff; \
+        *((c)+1) = (unsigned char)((l)>>16) & 0xff; \
+        *((c)+2) = (unsigned char)((l)>> 8) & 0xff; \
+        *((c)+3) = (unsigned char)((l))     & 0xff
+
+# define KEYSCHEDULE_UPDATE0(T0, T1, X1, X2, X3, X4, KC)  \
+        (T0) = (X3);                                     \
+        (X3) = (((X3)<<8) ^ ((X4)>>24)) & 0xffffffff;    \
+        (X4) = (((X4)<<8) ^ ((T0)>>24)) & 0xffffffff;    \
+        (T0) = ((X1) + (X3) - (KC))     & 0xffffffff;    \
+        (T1) = ((X2) + (KC) - (X4))     & 0xffffffff
+
+# define KEYSCHEDULE_UPDATE1(T0, T1, X1, X2, X3, X4, KC)  \
+        (T0) = (X1);                                     \
+        (X1) = (((X1)>>8) ^ ((X2)<<24)) & 0xffffffff;    \
+        (X2) = (((X2)>>8) ^ ((T0)<<24)) & 0xffffffff;    \
+        (T0) = ((X1) + (X3) - (KC))     & 0xffffffff;     \
+        (T1) = ((X2) + (KC) - (X4))     & 0xffffffff
+
+# define KEYUPDATE_TEMP(T0, T1, K)   \
+        (K)[0] = G_FUNC((T0));      \
+        (K)[1] = G_FUNC((T1))
+
+# define XOR_SEEDBLOCK(DST, SRC)      \
+        ((DST))[0] ^= ((SRC))[0];    \
+        ((DST))[1] ^= ((SRC))[1];    \
+        ((DST))[2] ^= ((SRC))[2];    \
+        ((DST))[3] ^= ((SRC))[3]
+
+# define MOV_SEEDBLOCK(DST, SRC)      \
+        ((DST))[0] = ((SRC))[0];     \
+        ((DST))[1] = ((SRC))[1];     \
+        ((DST))[2] = ((SRC))[2];     \
+        ((DST))[3] = ((SRC))[3]
+
+# define CHAR2WORD(C, I)              \
+        char2word((C),    (I)[0]);    \
+        char2word((C+4),  (I)[1]);    \
+        char2word((C+8),  (I)[2]);    \
+        char2word((C+12), (I)[3])
+
+# define WORD2CHAR(I, C)              \
+        word2char((I)[0], (C));       \
+        word2char((I)[1], (C+4));     \
+        word2char((I)[2], (C+8));     \
+        word2char((I)[3], (C+12))
+
+# define E_SEED(T0, T1, X1, X2, X3, X4, rbase)   \
+        (T0) = (X3) ^ (ks->data)[(rbase)];       \
+        (T1) = (X4) ^ (ks->data)[(rbase)+1];     \
+        (T1) ^= (T0);                            \
+        (T1) = G_FUNC((T1));                     \
+        (T0) = ((T0) + (T1)) & 0xffffffff;       \
+        (T0) = G_FUNC((T0));                     \
+        (T1) = ((T1) + (T0)) & 0xffffffff;       \
+        (T1) = G_FUNC((T1));                     \
+        (T0) = ((T0) + (T1)) & 0xffffffff;       \
+        (X1) ^= (T0);                            \
+        (X2) ^= (T1)
+
+#endif                          /* HEADER_SEED_LOCL_H */
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/seed/seed_ofb.c b/trunk/3rdparty/openssl-1.1-fit/crypto/seed/seed_ofb.c
new file mode 100644
index 000000000..b45554058
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/seed/seed_ofb.c
@@ -0,0 +1,19 @@
+/*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/seed.h>
+#include <openssl/modes.h>
+
+void SEED_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+                         size_t len, const SEED_KEY_SCHEDULE *ks,
+                         unsigned char ivec[SEED_BLOCK_SIZE], int *num)
+{
+    CRYPTO_ofb128_encrypt(in, out, len, ks, ivec, num,
+                          (block128_f) SEED_encrypt);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-armv4.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-armv4.pl
new file mode 100755
index 000000000..8bf665c8b
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-armv4.pl
@@ -0,0 +1,1606 @@
+#!/usr/bin/env perl
+# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# Keccak-1600 for ARMv4.
+#
+# June 2017.
+#
+# Non-NEON code is KECCAK_1X variant (see sha/keccak1600.c) with bit
+# interleaving. How does it compare to Keccak Code Package? It's as
+# fast, but several times smaller, and is endian- and ISA-neutral. ISA
+# neutrality means that minimum ISA requirement is ARMv4, yet it can
+# be assembled even as Thumb-2. NEON code path is KECCAK_1X_ALT with
+# register layout taken from Keccak Code Package. It's also as fast,
+# in fact faster by 10-15% on some processors, and endian-neutral.
+#
+# August 2017.
+#
+# Switch to KECCAK_2X variant for non-NEON code and merge almost 1/2
+# of rotate instructions with logical ones. This resulted in ~10%
+# improvement on most processors. Switch to KECCAK_2X effectively
+# minimizes re-loads from temporary storage, and merged rotates just
+# eliminate corresponding instructions. As for latter. When examining
+# code you'll notice commented ror instructions. These are eliminated
+# ones, and you should trace destination register below to see what's
+# going on. Just in case, why not all rotates are eliminated. Trouble
+# is that you have operations that require both inputs to be rotated,
+# e.g. 'eor a,b>>>x,c>>>y'. This conundrum is resolved by using
+# 'eor a,b,c>>>(x-y)' and then merge-rotating 'a' in next operation
+# that takes 'a' as input. And thing is that this next operation can
+# be in next round. It's totally possible to "carry" rotate "factors"
+# to the next round, but it makes code more complex. And the last word
+# is the keyword, i.e. "almost 1/2" is kind of complexity cap [for the
+# time being]...
+#
+# Reduce per-round instruction count in Thumb-2 case by 16%. This is
+# achieved by folding ldr/str pairs to their double-word counterparts.
+# Theoretically this should have improved performance on single-issue
+# cores, such as Cortex-A5/A7, by 19%. Reality is a bit different, as
+# usual...
+#
+########################################################################
+# Numbers are cycles per processed byte. Non-NEON results account even
+# for input bit interleaving.
+#
+#		r=1088(*)   Thumb-2(**) NEON
+#
+# ARM11xx	82/+150%
+# Cortex-A5	88/+160%,   86,         36
+# Cortex-A7	78/+160%,   68,         34
+# Cortex-A8	51/+230%,   57,         30
+# Cortex-A9	53/+210%,   51,         26
+# Cortex-A15	42/+160%,   38,         18
+# Snapdragon S4	43/+210%,   38,         24
+#
+# (*)	Corresponds to SHA3-256. Percentage after slash is improvement
+#	over compiler-generated KECCAK_2X reference code.
+# (**)	Thumb-2 results for Cortex-A5/A7 are likely to apply even to
+#	Cortex-Mx, x>=3. Otherwise, non-NEON results for NEON-capable
+#	processors are presented mostly for reference purposes.
+
+$flavour = shift;
+if ($flavour=~/\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; }
+else { while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} }
+
+if ($flavour && $flavour ne "void") {
+    $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+    ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
+    ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
+    die "can't locate arm-xlate.pl";
+
+    open STDOUT,"| \"$^X\" $xlate $flavour $output";
+} else {
+    open STDOUT,">$output";
+}
+
+my @C = map("r$_",(0..9));
+my @E = map("r$_",(10..12,14));
+
+########################################################################
+# Stack layout
+# ----->+-----------------------+
+#       | uint64_t A[5][5]      |
+#       | ...                   |
+# +200->+-----------------------+
+#       | uint64_t D[5]         |
+#       | ...                   |
+# +240->+-----------------------+
+#       | uint64_t T[5][5]      |
+#       | ...                   |
+# +440->+-----------------------+
+#       | saved lr              |
+# +444->+-----------------------+
+#       | loop counter          |
+# +448->+-----------------------+
+#       | ...
+
+my @A = map([ 8*$_, 8*($_+1), 8*($_+2), 8*($_+3), 8*($_+4) ], (0,5,10,15,20));
+my @D = map(8*$_, (25..29));
+my @T = map([ 8*$_, 8*($_+1), 8*($_+2), 8*($_+3), 8*($_+4) ], (30,35,40,45,50));
+
+$code.=<<___;
+#include "arm_arch.h"
+
+.text
+
+#if defined(__thumb2__)
+.syntax	unified
+.thumb
+#else
+.code	32
+#endif
+
+.type	iotas32, %object
+.align	5
+iotas32:
+	.long	0x00000001, 0x00000000
+	.long	0x00000000, 0x00000089
+	.long	0x00000000, 0x8000008b
+	.long	0x00000000, 0x80008080
+	.long	0x00000001, 0x0000008b
+	.long	0x00000001, 0x00008000
+	.long	0x00000001, 0x80008088
+	.long	0x00000001, 0x80000082
+	.long	0x00000000, 0x0000000b
+	.long	0x00000000, 0x0000000a
+	.long	0x00000001, 0x00008082
+	.long	0x00000000, 0x00008003
+	.long	0x00000001, 0x0000808b
+	.long	0x00000001, 0x8000000b
+	.long	0x00000001, 0x8000008a
+	.long	0x00000001, 0x80000081
+	.long	0x00000000, 0x80000081
+	.long	0x00000000, 0x80000008
+	.long	0x00000000, 0x00000083
+	.long	0x00000000, 0x80008003
+	.long	0x00000001, 0x80008088
+	.long	0x00000000, 0x80000088
+	.long	0x00000001, 0x00008000
+	.long	0x00000000, 0x80008082
+.size	iotas32,.-iotas32
+
+.type	KeccakF1600_int, %function
+.align	5
+KeccakF1600_int:
+	add	@C[9],sp,#$A[4][2]
+	add	@E[2],sp,#$A[0][0]
+	add	@E[0],sp,#$A[1][0]
+	ldmia	@C[9],{@C[4]-@C[9]}		@ A[4][2..4]
+KeccakF1600_enter:
+	str	lr,[sp,#440]
+	eor	@E[1],@E[1],@E[1]
+	str	@E[1],[sp,#444]
+	b	.Lround2x
+
+.align	4
+.Lround2x:
+___
+sub Round {
+my (@A,@R); (@A[0..4],@R) = @_;
+
+$code.=<<___;
+	ldmia	@E[2],{@C[0]-@C[3]}		@ A[0][0..1]
+	ldmia	@E[0],{@E[0]-@E[2],@E[3]}	@ A[1][0..1]
+#ifdef	__thumb2__
+	eor	@C[0],@C[0],@E[0]
+	eor	@C[1],@C[1],@E[1]
+	eor	@C[2],@C[2],@E[2]
+	ldrd	@E[0],@E[1],[sp,#$A[1][2]]
+	eor	@C[3],@C[3],@E[3]
+	ldrd	@E[2],@E[3],[sp,#$A[1][3]]
+	eor	@C[4],@C[4],@E[0]
+	eor	@C[5],@C[5],@E[1]
+	eor	@C[6],@C[6],@E[2]
+	ldrd	@E[0],@E[1],[sp,#$A[1][4]]
+	eor	@C[7],@C[7],@E[3]
+	ldrd	@E[2],@E[3],[sp,#$A[2][0]]
+	eor	@C[8],@C[8],@E[0]
+	eor	@C[9],@C[9],@E[1]
+	eor	@C[0],@C[0],@E[2]
+	ldrd	@E[0],@E[1],[sp,#$A[2][1]]
+	eor	@C[1],@C[1],@E[3]
+	ldrd	@E[2],@E[3],[sp,#$A[2][2]]
+	eor	@C[2],@C[2],@E[0]
+	eor	@C[3],@C[3],@E[1]
+	eor	@C[4],@C[4],@E[2]
+	ldrd	@E[0],@E[1],[sp,#$A[2][3]]
+	eor	@C[5],@C[5],@E[3]
+	ldrd	@E[2],@E[3],[sp,#$A[2][4]]
+	eor	@C[6],@C[6],@E[0]
+	eor	@C[7],@C[7],@E[1]
+	eor	@C[8],@C[8],@E[2]
+	ldrd	@E[0],@E[1],[sp,#$A[3][0]]
+	eor	@C[9],@C[9],@E[3]
+	ldrd	@E[2],@E[3],[sp,#$A[3][1]]
+	eor	@C[0],@C[0],@E[0]
+	eor	@C[1],@C[1],@E[1]
+	eor	@C[2],@C[2],@E[2]
+	ldrd	@E[0],@E[1],[sp,#$A[3][2]]
+	eor	@C[3],@C[3],@E[3]
+	ldrd	@E[2],@E[3],[sp,#$A[3][3]]
+	eor	@C[4],@C[4],@E[0]
+	eor	@C[5],@C[5],@E[1]
+	eor	@C[6],@C[6],@E[2]
+	ldrd	@E[0],@E[1],[sp,#$A[3][4]]
+	eor	@C[7],@C[7],@E[3]
+	ldrd	@E[2],@E[3],[sp,#$A[4][0]]
+	eor	@C[8],@C[8],@E[0]
+	eor	@C[9],@C[9],@E[1]
+	eor	@C[0],@C[0],@E[2]
+	ldrd	@E[0],@E[1],[sp,#$A[4][1]]
+	eor	@C[1],@C[1],@E[3]
+	ldrd	@E[2],@E[3],[sp,#$A[0][2]]
+	eor	@C[2],@C[2],@E[0]
+	eor	@C[3],@C[3],@E[1]
+	eor	@C[4],@C[4],@E[2]
+	ldrd	@E[0],@E[1],[sp,#$A[0][3]]
+	eor	@C[5],@C[5],@E[3]
+	ldrd	@E[2],@E[3],[sp,#$A[0][4]]
+#else
+	eor	@C[0],@C[0],@E[0]
+	 add	@E[0],sp,#$A[1][2]
+	eor	@C[1],@C[1],@E[1]
+	eor	@C[2],@C[2],@E[2]
+	eor	@C[3],@C[3],@E[3]
+	ldmia	@E[0],{@E[0]-@E[2],@E[3]}	@ A[1][2..3]
+	eor	@C[4],@C[4],@E[0]
+	 add	@E[0],sp,#$A[1][4]
+	eor	@C[5],@C[5],@E[1]
+	eor	@C[6],@C[6],@E[2]
+	eor	@C[7],@C[7],@E[3]
+	ldmia	@E[0],{@E[0]-@E[2],@E[3]}	@ A[1][4]..A[2][0]
+	eor	@C[8],@C[8],@E[0]
+	 add	@E[0],sp,#$A[2][1]
+	eor	@C[9],@C[9],@E[1]
+	eor	@C[0],@C[0],@E[2]
+	eor	@C[1],@C[1],@E[3]
+	ldmia	@E[0],{@E[0]-@E[2],@E[3]}	@ A[2][1..2]
+	eor	@C[2],@C[2],@E[0]
+	 add	@E[0],sp,#$A[2][3]
+	eor	@C[3],@C[3],@E[1]
+	eor	@C[4],@C[4],@E[2]
+	eor	@C[5],@C[5],@E[3]
+	ldmia	@E[0],{@E[0]-@E[2],@E[3]}	@ A[2][3..4]
+	eor	@C[6],@C[6],@E[0]
+	 add	@E[0],sp,#$A[3][0]
+	eor	@C[7],@C[7],@E[1]
+	eor	@C[8],@C[8],@E[2]
+	eor	@C[9],@C[9],@E[3]
+	ldmia	@E[0],{@E[0]-@E[2],@E[3]}	@ A[3][0..1]
+	eor	@C[0],@C[0],@E[0]
+	 add	@E[0],sp,#$A[3][2]
+	eor	@C[1],@C[1],@E[1]
+	eor	@C[2],@C[2],@E[2]
+	eor	@C[3],@C[3],@E[3]
+	ldmia	@E[0],{@E[0]-@E[2],@E[3]}	@ A[3][2..3]
+	eor	@C[4],@C[4],@E[0]
+	 add	@E[0],sp,#$A[3][4]
+	eor	@C[5],@C[5],@E[1]
+	eor	@C[6],@C[6],@E[2]
+	eor	@C[7],@C[7],@E[3]
+	ldmia	@E[0],{@E[0]-@E[2],@E[3]}	@ A[3][4]..A[4][0]
+	eor	@C[8],@C[8],@E[0]
+	ldr	@E[0],[sp,#$A[4][1]]		@ A[4][1]
+	eor	@C[9],@C[9],@E[1]
+	ldr	@E[1],[sp,#$A[4][1]+4]
+	eor	@C[0],@C[0],@E[2]
+	ldr	@E[2],[sp,#$A[0][2]]		@ A[0][2]
+	eor	@C[1],@C[1],@E[3]
+	ldr	@E[3],[sp,#$A[0][2]+4]
+	eor	@C[2],@C[2],@E[0]
+	 add	@E[0],sp,#$A[0][3]
+	eor	@C[3],@C[3],@E[1]
+	eor	@C[4],@C[4],@E[2]
+	eor	@C[5],@C[5],@E[3]
+	ldmia	@E[0],{@E[0]-@E[2],@E[3]}	@ A[0][3..4]
+#endif
+	eor	@C[6],@C[6],@E[0]
+	eor	@C[7],@C[7],@E[1]
+	eor	@C[8],@C[8],@E[2]
+	eor	@C[9],@C[9],@E[3]
+
+	eor	@E[0],@C[0],@C[5],ror#32-1	@ E[0] = ROL64(C[2], 1) ^ C[0];
+	str.l	@E[0],[sp,#$D[1]]		@ D[1] = E[0]
+	eor	@E[1],@C[1],@C[4]
+	str.h	@E[1],[sp,#$D[1]+4]
+	eor	@E[2],@C[6],@C[1],ror#32-1	@ E[1] = ROL64(C[0], 1) ^ C[3];
+	eor	@E[3],@C[7],@C[0]
+	str.l	@E[2],[sp,#$D[4]]		@ D[4] = E[1]
+	eor	@C[0],@C[8],@C[3],ror#32-1	@ C[0] = ROL64(C[1], 1) ^ C[4];
+	str.h	@E[3],[sp,#$D[4]+4]
+	eor	@C[1],@C[9],@C[2]
+	str.l	@C[0],[sp,#$D[0]]		@ D[0] = C[0]
+	eor	@C[2],@C[2],@C[7],ror#32-1	@ C[1] = ROL64(C[3], 1) ^ C[1];
+	 ldr.l	@C[7],[sp,#$A[3][3]]
+	eor	@C[3],@C[3],@C[6]
+	str.h	@C[1],[sp,#$D[0]+4]
+	 ldr.h	@C[6],[sp,#$A[3][3]+4]
+	str.l	@C[2],[sp,#$D[2]]		@ D[2] = C[1]
+	eor	@C[4],@C[4],@C[9],ror#32-1	@ C[2] = ROL64(C[4], 1) ^ C[2];
+	str.h	@C[3],[sp,#$D[2]+4]
+	eor	@C[5],@C[5],@C[8]
+
+	ldr.l	@C[8],[sp,#$A[4][4]]
+	ldr.h	@C[9],[sp,#$A[4][4]+4]
+	 str.l	@C[4],[sp,#$D[3]]		@ D[3] = C[2]
+	eor	@C[7],@C[7],@C[4]
+	 str.h	@C[5],[sp,#$D[3]+4]
+	eor	@C[6],@C[6],@C[5]
+	ldr.l	@C[4],[sp,#$A[0][0]]
+	@ ror	@C[7],@C[7],#32-10		@ C[3] = ROL64(A[3][3] ^ C[2], rhotates[3][3]);   /* D[3] */
+	@ ror	@C[6],@C[6],#32-11
+	ldr.h	@C[5],[sp,#$A[0][0]+4]
+	eor	@C[8],@C[8],@E[2]
+	eor	@C[9],@C[9],@E[3]
+	ldr.l	@E[2],[sp,#$A[2][2]]
+	eor	@C[0],@C[0],@C[4]
+	ldr.h	@E[3],[sp,#$A[2][2]+4]
+	@ ror	@C[8],@C[8],#32-7		@ C[4] = ROL64(A[4][4] ^ E[1], rhotates[4][4]);   /* D[4] */
+	@ ror	@C[9],@C[9],#32-7
+	eor	@C[1],@C[1],@C[5]		@ C[0] =       A[0][0] ^ C[0]; /* rotate by 0 */  /* D[0] */
+	eor	@E[2],@E[2],@C[2]
+	ldr.l	@C[2],[sp,#$A[1][1]]
+	eor	@E[3],@E[3],@C[3]
+	ldr.h	@C[3],[sp,#$A[1][1]+4]
+	ror	@C[5],@E[2],#32-21		@ C[2] = ROL64(A[2][2] ^ C[1], rhotates[2][2]);   /* D[2] */
+	 ldr	@E[2],[sp,#444]			@ load counter
+	eor	@C[2],@C[2],@E[0]
+	 adr	@E[0],iotas32
+	ror	@C[4],@E[3],#32-22
+	 add	@E[3],@E[0],@E[2]
+	eor	@C[3],@C[3],@E[1]
+___
+$code.=<<___	if ($A[0][0] != $T[0][0]);
+	ldmia	@E[3],{@E[0],@E[1]}		@ iotas[i]
+___
+$code.=<<___	if ($A[0][0] == $T[0][0]);
+	ldr.l	@E[0],[@E[3],#8]		@ iotas[i].lo
+	add	@E[2],@E[2],#16
+	ldr.h	@E[1],[@E[3],#12]		@ iotas[i].hi
+	cmp	@E[2],#192
+	str	@E[2],[sp,#444]			@ store counter
+___
+$code.=<<___;
+	bic	@E[2],@C[4],@C[2],ror#32-22
+	bic	@E[3],@C[5],@C[3],ror#32-22
+	 ror	@C[2],@C[2],#32-22		@ C[1] = ROL64(A[1][1] ^ E[0], rhotates[1][1]);   /* D[1] */
+	 ror	@C[3],@C[3],#32-22
+	eor	@E[2],@E[2],@C[0]
+	eor	@E[3],@E[3],@C[1]
+	eor	@E[0],@E[0],@E[2]
+	eor	@E[1],@E[1],@E[3]
+	str.l	@E[0],[sp,#$R[0][0]]		@ R[0][0] = C[0] ^ (~C[1] & C[2]) ^ iotas[i];
+	bic	@E[2],@C[6],@C[4],ror#11
+	str.h	@E[1],[sp,#$R[0][0]+4]
+	bic	@E[3],@C[7],@C[5],ror#10
+	bic	@E[0],@C[8],@C[6],ror#32-(11-7)
+	bic	@E[1],@C[9],@C[7],ror#32-(10-7)
+	eor	@E[2],@C[2],@E[2],ror#32-11
+	str.l	@E[2],[sp,#$R[0][1]]		@ R[0][1] = C[1] ^ (~C[2] & C[3]);
+	eor	@E[3],@C[3],@E[3],ror#32-10
+	str.h	@E[3],[sp,#$R[0][1]+4]
+	eor	@E[0],@C[4],@E[0],ror#32-7
+	eor	@E[1],@C[5],@E[1],ror#32-7
+	str.l	@E[0],[sp,#$R[0][2]]		@ R[0][2] = C[2] ^ (~C[3] & C[4]);
+	bic	@E[2],@C[0],@C[8],ror#32-7
+	str.h	@E[1],[sp,#$R[0][2]+4]
+	bic	@E[3],@C[1],@C[9],ror#32-7
+	eor	@E[2],@E[2],@C[6],ror#32-11
+	str.l	@E[2],[sp,#$R[0][3]]		@ R[0][3] = C[3] ^ (~C[4] & C[0]);
+	eor	@E[3],@E[3],@C[7],ror#32-10
+	str.h	@E[3],[sp,#$R[0][3]+4]
+	bic	@E[0],@C[2],@C[0]
+	 add	@E[3],sp,#$D[3]
+	 ldr.l	@C[0],[sp,#$A[0][3]]		@ A[0][3]
+	bic	@E[1],@C[3],@C[1]
+	 ldr.h	@C[1],[sp,#$A[0][3]+4]
+	eor	@E[0],@E[0],@C[8],ror#32-7
+	eor	@E[1],@E[1],@C[9],ror#32-7
+	str.l	@E[0],[sp,#$R[0][4]]		@ R[0][4] = C[4] ^ (~C[0] & C[1]);
+	 add	@C[9],sp,#$D[0]
+	str.h	@E[1],[sp,#$R[0][4]+4]
+
+	ldmia	@E[3],{@E[0]-@E[2],@E[3]}	@ D[3..4]
+	ldmia	@C[9],{@C[6]-@C[9]}		@ D[0..1]
+
+	ldr.l	@C[2],[sp,#$A[1][4]]		@ A[1][4]
+	eor	@C[0],@C[0],@E[0]
+	ldr.h	@C[3],[sp,#$A[1][4]+4]
+	eor	@C[1],@C[1],@E[1]
+	@ ror	@C[0],@C[0],#32-14		@ C[0] = ROL64(A[0][3] ^ D[3], rhotates[0][3]);
+	ldr.l	@E[0],[sp,#$A[3][1]]		@ A[3][1]
+	@ ror	@C[1],@C[1],#32-14
+	ldr.h	@E[1],[sp,#$A[3][1]+4]
+
+	eor	@C[2],@C[2],@E[2]
+	ldr.l	@C[4],[sp,#$A[2][0]]		@ A[2][0]
+	eor	@C[3],@C[3],@E[3]
+	ldr.h	@C[5],[sp,#$A[2][0]+4]
+	@ ror	@C[2],@C[2],#32-10		@ C[1] = ROL64(A[1][4] ^ D[4], rhotates[1][4]);
+	@ ror	@C[3],@C[3],#32-10
+
+	eor	@C[6],@C[6],@C[4]
+	ldr.l	@E[2],[sp,#$D[2]]		@ D[2]
+	eor	@C[7],@C[7],@C[5]
+	ldr.h	@E[3],[sp,#$D[2]+4]
+	ror	@C[5],@C[6],#32-1		@ C[2] = ROL64(A[2][0] ^ D[0], rhotates[2][0]);
+	ror	@C[4],@C[7],#32-2
+
+	eor	@E[0],@E[0],@C[8]
+	ldr.l	@C[8],[sp,#$A[4][2]]		@ A[4][2]
+	eor	@E[1],@E[1],@C[9]
+	ldr.h	@C[9],[sp,#$A[4][2]+4]
+	ror	@C[7],@E[0],#32-22		@ C[3] = ROL64(A[3][1] ^ D[1], rhotates[3][1]);
+	ror	@C[6],@E[1],#32-23
+
+	bic	@E[0],@C[4],@C[2],ror#32-10
+	bic	@E[1],@C[5],@C[3],ror#32-10
+	 eor	@E[2],@E[2],@C[8]
+	 eor	@E[3],@E[3],@C[9]
+	 ror	@C[9],@E[2],#32-30		@ C[4] = ROL64(A[4][2] ^ D[2], rhotates[4][2]);
+	 ror	@C[8],@E[3],#32-31
+	eor	@E[0],@E[0],@C[0],ror#32-14
+	eor	@E[1],@E[1],@C[1],ror#32-14
+	str.l	@E[0],[sp,#$R[1][0]]		@ R[1][0] = C[0] ^ (~C[1] & C[2])
+	bic	@E[2],@C[6],@C[4]
+	str.h	@E[1],[sp,#$R[1][0]+4]
+	bic	@E[3],@C[7],@C[5]
+	eor	@E[2],@E[2],@C[2],ror#32-10
+	str.l	@E[2],[sp,#$R[1][1]]		@ R[1][1] = C[1] ^ (~C[2] & C[3]);
+	eor	@E[3],@E[3],@C[3],ror#32-10
+	str.h	@E[3],[sp,#$R[1][1]+4]
+	bic	@E[0],@C[8],@C[6]
+	bic	@E[1],@C[9],@C[7]
+	bic	@E[2],@C[0],@C[8],ror#14
+	bic	@E[3],@C[1],@C[9],ror#14
+	eor	@E[0],@E[0],@C[4]
+	eor	@E[1],@E[1],@C[5]
+	str.l	@E[0],[sp,#$R[1][2]]		@ R[1][2] = C[2] ^ (~C[3] & C[4]);
+	bic	@C[2],@C[2],@C[0],ror#32-(14-10)
+	str.h	@E[1],[sp,#$R[1][2]+4]
+	eor	@E[2],@C[6],@E[2],ror#32-14
+	bic	@E[1],@C[3],@C[1],ror#32-(14-10)
+	str.l	@E[2],[sp,#$R[1][3]]		@ R[1][3] = C[3] ^ (~C[4] & C[0]);
+	eor	@E[3],@C[7],@E[3],ror#32-14
+	str.h	@E[3],[sp,#$R[1][3]+4]
+	 add	@E[2],sp,#$D[1]
+	 ldr.l	@C[1],[sp,#$A[0][1]]		@ A[0][1]
+	eor	@E[0],@C[8],@C[2],ror#32-10
+	 ldr.h	@C[0],[sp,#$A[0][1]+4]
+	eor	@E[1],@C[9],@E[1],ror#32-10
+	str.l	@E[0],[sp,#$R[1][4]]		@ R[1][4] = C[4] ^ (~C[0] & C[1]);
+	str.h	@E[1],[sp,#$R[1][4]+4]
+
+	add	@C[9],sp,#$D[3]
+	ldmia	@E[2],{@E[0]-@E[2],@E[3]}	@ D[1..2]
+	ldr.l	@C[2],[sp,#$A[1][2]]		@ A[1][2]
+	ldr.h	@C[3],[sp,#$A[1][2]+4]
+	ldmia	@C[9],{@C[6]-@C[9]}		@ D[3..4]
+
+	eor	@C[1],@C[1],@E[0]
+	ldr.l	@C[4],[sp,#$A[2][3]]		@ A[2][3]
+	eor	@C[0],@C[0],@E[1]
+	ldr.h	@C[5],[sp,#$A[2][3]+4]
+	ror	@C[0],@C[0],#32-1		@ C[0] = ROL64(A[0][1] ^ D[1], rhotates[0][1]);
+
+	eor	@C[2],@C[2],@E[2]
+	ldr.l	@E[0],[sp,#$A[3][4]]		@ A[3][4]
+	eor	@C[3],@C[3],@E[3]
+	ldr.h	@E[1],[sp,#$A[3][4]+4]
+	@ ror	@C[2],@C[2],#32-3		@ C[1] = ROL64(A[1][2] ^ D[2], rhotates[1][2]);
+	ldr.l	@E[2],[sp,#$D[0]]		@ D[0]
+	@ ror	@C[3],@C[3],#32-3
+	ldr.h	@E[3],[sp,#$D[0]+4]
+
+	eor	@C[4],@C[4],@C[6]
+	eor	@C[5],@C[5],@C[7]
+	@ ror	@C[5],@C[6],#32-12		@ C[2] = ROL64(A[2][3] ^ D[3], rhotates[2][3]);
+	@ ror	@C[4],@C[7],#32-13		@ [track reverse order below]
+
+	eor	@E[0],@E[0],@C[8]
+	ldr.l	@C[8],[sp,#$A[4][0]]		@ A[4][0]
+	eor	@E[1],@E[1],@C[9]
+	ldr.h	@C[9],[sp,#$A[4][0]+4]
+	ror	@C[6],@E[0],#32-4		@ C[3] = ROL64(A[3][4] ^ D[4], rhotates[3][4]);
+	ror	@C[7],@E[1],#32-4
+
+	eor	@E[2],@E[2],@C[8]
+	eor	@E[3],@E[3],@C[9]
+	ror	@C[8],@E[2],#32-9		@ C[4] = ROL64(A[4][0] ^ D[0], rhotates[4][0]);
+	ror	@C[9],@E[3],#32-9
+
+	bic	@E[0],@C[5],@C[2],ror#13-3
+	bic	@E[1],@C[4],@C[3],ror#12-3
+	bic	@E[2],@C[6],@C[5],ror#32-13
+	bic	@E[3],@C[7],@C[4],ror#32-12
+	eor	@E[0],@C[0],@E[0],ror#32-13
+	eor	@E[1],@C[1],@E[1],ror#32-12
+	str.l	@E[0],[sp,#$R[2][0]]		@ R[2][0] = C[0] ^ (~C[1] & C[2])
+	eor	@E[2],@E[2],@C[2],ror#32-3
+	str.h	@E[1],[sp,#$R[2][0]+4]
+	eor	@E[3],@E[3],@C[3],ror#32-3
+	str.l	@E[2],[sp,#$R[2][1]]		@ R[2][1] = C[1] ^ (~C[2] & C[3]);
+	bic	@E[0],@C[8],@C[6]
+	bic	@E[1],@C[9],@C[7]
+	str.h	@E[3],[sp,#$R[2][1]+4]
+	eor	@E[0],@E[0],@C[5],ror#32-13
+	eor	@E[1],@E[1],@C[4],ror#32-12
+	str.l	@E[0],[sp,#$R[2][2]]		@ R[2][2] = C[2] ^ (~C[3] & C[4]);
+	bic	@E[2],@C[0],@C[8]
+	str.h	@E[1],[sp,#$R[2][2]+4]
+	bic	@E[3],@C[1],@C[9]
+	eor	@E[2],@E[2],@C[6]
+	eor	@E[3],@E[3],@C[7]
+	str.l	@E[2],[sp,#$R[2][3]]		@ R[2][3] = C[3] ^ (~C[4] & C[0]);
+	bic	@E[0],@C[2],@C[0],ror#3
+	str.h	@E[3],[sp,#$R[2][3]+4]
+	bic	@E[1],@C[3],@C[1],ror#3
+	 ldr.l	@C[1],[sp,#$A[0][4]]		@ A[0][4] [in reverse order]
+	eor	@E[0],@C[8],@E[0],ror#32-3
+	 ldr.h	@C[0],[sp,#$A[0][4]+4]
+	eor	@E[1],@C[9],@E[1],ror#32-3
+	str.l	@E[0],[sp,#$R[2][4]]		@ R[2][4] = C[4] ^ (~C[0] & C[1]);
+	 add	@C[9],sp,#$D[1]
+	str.h	@E[1],[sp,#$R[2][4]+4]
+
+	ldr.l	@E[0],[sp,#$D[4]]		@ D[4]
+	ldr.h	@E[1],[sp,#$D[4]+4]
+	ldr.l	@E[2],[sp,#$D[0]]		@ D[0]
+	ldr.h	@E[3],[sp,#$D[0]+4]
+
+	ldmia	@C[9],{@C[6]-@C[9]}		@ D[1..2]
+
+	eor	@C[1],@C[1],@E[0]
+	ldr.l	@C[2],[sp,#$A[1][0]]		@ A[1][0]
+	eor	@C[0],@C[0],@E[1]
+	ldr.h	@C[3],[sp,#$A[1][0]+4]
+	@ ror	@C[1],@E[0],#32-13		@ C[0] = ROL64(A[0][4] ^ D[4], rhotates[0][4]);
+	ldr.l	@C[4],[sp,#$A[2][1]]		@ A[2][1]
+	@ ror	@C[0],@E[1],#32-14		@ [was loaded in reverse order]
+	ldr.h	@C[5],[sp,#$A[2][1]+4]
+
+	eor	@C[2],@C[2],@E[2]
+	ldr.l	@E[0],[sp,#$A[3][2]]		@ A[3][2]
+	eor	@C[3],@C[3],@E[3]
+	ldr.h	@E[1],[sp,#$A[3][2]+4]
+	@ ror	@C[2],@C[2],#32-18		@ C[1] = ROL64(A[1][0] ^ D[0], rhotates[1][0]);
+	ldr.l	@E[2],[sp,#$D[3]]		@ D[3]
+	@ ror	@C[3],@C[3],#32-18
+	ldr.h	@E[3],[sp,#$D[3]+4]
+
+	eor	@C[6],@C[6],@C[4]
+	eor	@C[7],@C[7],@C[5]
+	ror	@C[4],@C[6],#32-5		@ C[2] = ROL64(A[2][1] ^ D[1], rhotates[2][1]);
+	ror	@C[5],@C[7],#32-5
+
+	eor	@E[0],@E[0],@C[8]
+	ldr.l	@C[8],[sp,#$A[4][3]]		@ A[4][3]
+	eor	@E[1],@E[1],@C[9]
+	ldr.h	@C[9],[sp,#$A[4][3]+4]
+	ror	@C[7],@E[0],#32-7		@ C[3] = ROL64(A[3][2] ^ D[2], rhotates[3][2]);
+	ror	@C[6],@E[1],#32-8
+
+	eor	@E[2],@E[2],@C[8]
+	eor	@E[3],@E[3],@C[9]
+	ror	@C[8],@E[2],#32-28		@ C[4] = ROL64(A[4][3] ^ D[3], rhotates[4][3]);
+	ror	@C[9],@E[3],#32-28
+
+	bic	@E[0],@C[4],@C[2],ror#32-18
+	bic	@E[1],@C[5],@C[3],ror#32-18
+	eor	@E[0],@E[0],@C[0],ror#32-14
+	eor	@E[1],@E[1],@C[1],ror#32-13
+	str.l	@E[0],[sp,#$R[3][0]]		@ R[3][0] = C[0] ^ (~C[1] & C[2])
+	bic	@E[2],@C[6],@C[4]
+	str.h	@E[1],[sp,#$R[3][0]+4]
+	bic	@E[3],@C[7],@C[5]
+	eor	@E[2],@E[2],@C[2],ror#32-18
+	str.l	@E[2],[sp,#$R[3][1]]		@ R[3][1] = C[1] ^ (~C[2] & C[3]);
+	eor	@E[3],@E[3],@C[3],ror#32-18
+	str.h	@E[3],[sp,#$R[3][1]+4]
+	bic	@E[0],@C[8],@C[6]
+	bic	@E[1],@C[9],@C[7]
+	bic	@E[2],@C[0],@C[8],ror#14
+	bic	@E[3],@C[1],@C[9],ror#13
+	eor	@E[0],@E[0],@C[4]
+	eor	@E[1],@E[1],@C[5]
+	str.l	@E[0],[sp,#$R[3][2]]		@ R[3][2] = C[2] ^ (~C[3] & C[4]);
+	bic	@C[2],@C[2],@C[0],ror#18-14
+	str.h	@E[1],[sp,#$R[3][2]+4]
+	eor	@E[2],@C[6],@E[2],ror#32-14
+	bic	@E[1],@C[3],@C[1],ror#18-13
+	eor	@E[3],@C[7],@E[3],ror#32-13
+	str.l	@E[2],[sp,#$R[3][3]]		@ R[3][3] = C[3] ^ (~C[4] & C[0]);
+	str.h	@E[3],[sp,#$R[3][3]+4]
+	 add	@E[3],sp,#$D[2]
+	 ldr.l	@C[0],[sp,#$A[0][2]]		@ A[0][2]
+	eor	@E[0],@C[8],@C[2],ror#32-18
+	 ldr.h	@C[1],[sp,#$A[0][2]+4]
+	eor	@E[1],@C[9],@E[1],ror#32-18
+	str.l	@E[0],[sp,#$R[3][4]]		@ R[3][4] = C[4] ^ (~C[0] & C[1]);
+	str.h	@E[1],[sp,#$R[3][4]+4]
+
+	ldmia	@E[3],{@E[0]-@E[2],@E[3]}	@ D[2..3]
+	ldr.l	@C[2],[sp,#$A[1][3]]		@ A[1][3]
+	ldr.h	@C[3],[sp,#$A[1][3]+4]
+	ldr.l	@C[6],[sp,#$D[4]]		@ D[4]
+	ldr.h	@C[7],[sp,#$D[4]+4]
+
+	eor	@C[0],@C[0],@E[0]
+	ldr.l	@C[4],[sp,#$A[2][4]]		@ A[2][4]
+	eor	@C[1],@C[1],@E[1]
+	ldr.h	@C[5],[sp,#$A[2][4]+4]
+	@ ror	@C[0],@C[0],#32-31		@ C[0] = ROL64(A[0][2] ^ D[2], rhotates[0][2]);
+	ldr.l	@C[8],[sp,#$D[0]]		@ D[0]
+	@ ror	@C[1],@C[1],#32-31
+	ldr.h	@C[9],[sp,#$D[0]+4]
+
+	eor	@E[2],@E[2],@C[2]
+	ldr.l	@E[0],[sp,#$A[3][0]]		@ A[3][0]
+	eor	@E[3],@E[3],@C[3]
+	ldr.h	@E[1],[sp,#$A[3][0]+4]
+	ror	@C[3],@E[2],#32-27		@ C[1] = ROL64(A[1][3] ^ D[3], rhotates[1][3]);
+	ldr.l	@E[2],[sp,#$D[1]]		@ D[1]
+	ror	@C[2],@E[3],#32-28
+	ldr.h	@E[3],[sp,#$D[1]+4]
+
+	eor	@C[6],@C[6],@C[4]
+	eor	@C[7],@C[7],@C[5]
+	ror	@C[5],@C[6],#32-19		@ C[2] = ROL64(A[2][4] ^ D[4], rhotates[2][4]);
+	ror	@C[4],@C[7],#32-20
+
+	eor	@E[0],@E[0],@C[8]
+	ldr.l	@C[8],[sp,#$A[4][1]]		@ A[4][1]
+	eor	@E[1],@E[1],@C[9]
+	ldr.h	@C[9],[sp,#$A[4][1]+4]
+	ror	@C[7],@E[0],#32-20		@ C[3] = ROL64(A[3][0] ^ D[0], rhotates[3][0]);
+	ror	@C[6],@E[1],#32-21
+
+	eor	@C[8],@C[8],@E[2]
+	eor	@C[9],@C[9],@E[3]
+	@ ror	@C[8],@C[2],#32-1		@ C[4] = ROL64(A[4][1] ^ D[1], rhotates[4][1]);
+	@ ror	@C[9],@C[3],#32-1
+
+	bic	@E[0],@C[4],@C[2]
+	bic	@E[1],@C[5],@C[3]
+	eor	@E[0],@E[0],@C[0],ror#32-31
+	str.l	@E[0],[sp,#$R[4][0]]		@ R[4][0] = C[0] ^ (~C[1] & C[2])
+	eor	@E[1],@E[1],@C[1],ror#32-31
+	str.h	@E[1],[sp,#$R[4][0]+4]
+	bic	@E[2],@C[6],@C[4]
+	bic	@E[3],@C[7],@C[5]
+	eor	@E[2],@E[2],@C[2]
+	eor	@E[3],@E[3],@C[3]
+	str.l	@E[2],[sp,#$R[4][1]]		@ R[4][1] = C[1] ^ (~C[2] & C[3]);
+	bic	@E[0],@C[8],@C[6],ror#1
+	str.h	@E[3],[sp,#$R[4][1]+4]
+	bic	@E[1],@C[9],@C[7],ror#1
+	bic	@E[2],@C[0],@C[8],ror#31-1
+	bic	@E[3],@C[1],@C[9],ror#31-1
+	eor	@C[4],@C[4],@E[0],ror#32-1
+	str.l	@C[4],[sp,#$R[4][2]]		@ R[4][2] = C[2] ^= (~C[3] & C[4]);
+	eor	@C[5],@C[5],@E[1],ror#32-1
+	str.h	@C[5],[sp,#$R[4][2]+4]
+	eor	@C[6],@C[6],@E[2],ror#32-31
+	eor	@C[7],@C[7],@E[3],ror#32-31
+	str.l	@C[6],[sp,#$R[4][3]]		@ R[4][3] = C[3] ^= (~C[4] & C[0]);
+	bic	@E[0],@C[2],@C[0],ror#32-31
+	str.h	@C[7],[sp,#$R[4][3]+4]
+	bic	@E[1],@C[3],@C[1],ror#32-31
+	 add	@E[2],sp,#$R[0][0]
+	eor	@C[8],@E[0],@C[8],ror#32-1
+	 add	@E[0],sp,#$R[1][0]
+	eor	@C[9],@E[1],@C[9],ror#32-1
+	str.l	@C[8],[sp,#$R[4][4]]		@ R[4][4] = C[4] ^= (~C[0] & C[1]);
+	str.h	@C[9],[sp,#$R[4][4]+4]
+___
+}
+	Round(@A,@T);
+	Round(@T,@A);
+$code.=<<___;
+	blo	.Lround2x
+
+	ldr	pc,[sp,#440]
+.size	KeccakF1600_int,.-KeccakF1600_int
+
+.type	KeccakF1600, %function
+.align	5
+KeccakF1600:
+	stmdb	sp!,{r0,r4-r11,lr}
+	sub	sp,sp,#440+16			@ space for A[5][5],D[5],T[5][5],...
+
+	add	@E[0],r0,#$A[1][0]
+	add	@E[1],sp,#$A[1][0]
+	ldmia	r0,    {@C[0]-@C[9]}		@ copy A[5][5] to stack
+	stmia	sp,    {@C[0]-@C[9]}
+	ldmia	@E[0]!,{@C[0]-@C[9]}
+	stmia	@E[1]!,{@C[0]-@C[9]}
+	ldmia	@E[0]!,{@C[0]-@C[9]}
+	stmia	@E[1]!,{@C[0]-@C[9]}
+	ldmia	@E[0]!,{@C[0]-@C[9]}
+	stmia	@E[1]!,{@C[0]-@C[9]}
+	ldmia	@E[0], {@C[0]-@C[9]}
+	add	@E[2],sp,#$A[0][0]
+	add	@E[0],sp,#$A[1][0]
+	stmia	@E[1], {@C[0]-@C[9]}
+
+	bl	KeccakF1600_enter
+
+	ldr	@E[1], [sp,#440+16]		@ restore pointer to A
+	ldmia	sp,    {@C[0]-@C[9]}
+	stmia	@E[1]!,{@C[0]-@C[9]}		@ return A[5][5]
+	ldmia	@E[0]!,{@C[0]-@C[9]}
+	stmia	@E[1]!,{@C[0]-@C[9]}
+	ldmia	@E[0]!,{@C[0]-@C[9]}
+	stmia	@E[1]!,{@C[0]-@C[9]}
+	ldmia	@E[0]!,{@C[0]-@C[9]}
+	stmia	@E[1]!,{@C[0]-@C[9]}
+	ldmia	@E[0], {@C[0]-@C[9]}
+	stmia	@E[1], {@C[0]-@C[9]}
+
+	add	sp,sp,#440+20
+	ldmia	sp!,{r4-r11,pc}
+.size	KeccakF1600,.-KeccakF1600
+___
+{ my ($A_flat,$inp,$len,$bsz) = map("r$_",(10..12,14));
+
+########################################################################
+# Stack layout
+# ----->+-----------------------+
+#       | uint64_t A[5][5]      |
+#       | ...                   |
+#       | ...                   |
+# +456->+-----------------------+
+#       | 0x55555555            |
+# +460->+-----------------------+
+#       | 0x33333333            |
+# +464->+-----------------------+
+#       | 0x0f0f0f0f            |
+# +468->+-----------------------+
+#       | 0x00ff00ff            |
+# +472->+-----------------------+
+#       | uint64_t *A           |
+# +476->+-----------------------+
+#       | const void *inp       |
+# +480->+-----------------------+
+#       | size_t len            |
+# +484->+-----------------------+
+#       | size_t bs             |
+# +488->+-----------------------+
+#       | ....
+
+$code.=<<___;
+.global	SHA3_absorb
+.type	SHA3_absorb,%function
+.align	5
+SHA3_absorb:
+	stmdb	sp!,{r0-r12,lr}
+	sub	sp,sp,#456+16
+
+	add	$A_flat,r0,#$A[1][0]
+	@ mov	$inp,r1
+	mov	$len,r2
+	mov	$bsz,r3
+	cmp	r2,r3
+	blo	.Labsorb_abort
+
+	add	$inp,sp,#0
+	ldmia	r0,      {@C[0]-@C[9]}	@ copy A[5][5] to stack
+	stmia	$inp!,   {@C[0]-@C[9]}
+	ldmia	$A_flat!,{@C[0]-@C[9]}
+	stmia	$inp!,   {@C[0]-@C[9]}
+	ldmia	$A_flat!,{@C[0]-@C[9]}
+	stmia	$inp!,   {@C[0]-@C[9]}
+	ldmia	$A_flat!,{@C[0]-@C[9]}
+	stmia	$inp!,   {@C[0]-@C[9]}
+	ldmia	$A_flat!,{@C[0]-@C[9]}
+	stmia	$inp,    {@C[0]-@C[9]}
+
+	ldr	$inp,[sp,#476]		@ restore $inp
+#ifdef	__thumb2__
+	mov	r9,#0x00ff00ff
+	mov	r8,#0x0f0f0f0f
+	mov	r7,#0x33333333
+	mov	r6,#0x55555555
+#else
+	mov	r6,#0x11		@ compose constants
+	mov	r8,#0x0f
+	mov	r9,#0xff
+	orr	r6,r6,r6,lsl#8
+	orr	r8,r8,r8,lsl#8
+	orr	r6,r6,r6,lsl#16		@ 0x11111111
+	orr	r9,r9,r9,lsl#16		@ 0x00ff00ff
+	orr	r8,r8,r8,lsl#16		@ 0x0f0f0f0f
+	orr	r7,r6,r6,lsl#1		@ 0x33333333
+	orr	r6,r6,r6,lsl#2		@ 0x55555555
+#endif
+	str	r9,[sp,#468]
+	str	r8,[sp,#464]
+	str	r7,[sp,#460]
+	str	r6,[sp,#456]
+	b	.Loop_absorb
+
+.align	4
+.Loop_absorb:
+	subs	r0,$len,$bsz
+	blo	.Labsorbed
+	add	$A_flat,sp,#0
+	str	r0,[sp,#480]		@ save len - bsz
+
+.align	4
+.Loop_block:
+	ldrb	r0,[$inp],#1
+	ldrb	r1,[$inp],#1
+	ldrb	r2,[$inp],#1
+	ldrb	r3,[$inp],#1
+	ldrb	r4,[$inp],#1
+	orr	r0,r0,r1,lsl#8
+	ldrb	r1,[$inp],#1
+	orr	r0,r0,r2,lsl#16
+	ldrb	r2,[$inp],#1
+	orr	r0,r0,r3,lsl#24		@ lo
+	ldrb	r3,[$inp],#1
+	orr	r1,r4,r1,lsl#8
+	orr	r1,r1,r2,lsl#16
+	orr	r1,r1,r3,lsl#24		@ hi
+
+	and	r2,r0,r6		@ &=0x55555555
+	and	r0,r0,r6,lsl#1		@ &=0xaaaaaaaa
+	and	r3,r1,r6		@ &=0x55555555
+	and	r1,r1,r6,lsl#1		@ &=0xaaaaaaaa
+	orr	r2,r2,r2,lsr#1
+	orr	r0,r0,r0,lsl#1
+	orr	r3,r3,r3,lsr#1
+	orr	r1,r1,r1,lsl#1
+	and	r2,r2,r7		@ &=0x33333333
+	and	r0,r0,r7,lsl#2		@ &=0xcccccccc
+	and	r3,r3,r7		@ &=0x33333333
+	and	r1,r1,r7,lsl#2		@ &=0xcccccccc
+	orr	r2,r2,r2,lsr#2
+	orr	r0,r0,r0,lsl#2
+	orr	r3,r3,r3,lsr#2
+	orr	r1,r1,r1,lsl#2
+	and	r2,r2,r8		@ &=0x0f0f0f0f
+	and	r0,r0,r8,lsl#4		@ &=0xf0f0f0f0
+	and	r3,r3,r8		@ &=0x0f0f0f0f
+	and	r1,r1,r8,lsl#4		@ &=0xf0f0f0f0
+	ldmia	$A_flat,{r4-r5}		@ A_flat[i]
+	orr	r2,r2,r2,lsr#4
+	orr	r0,r0,r0,lsl#4
+	orr	r3,r3,r3,lsr#4
+	orr	r1,r1,r1,lsl#4
+	and	r2,r2,r9		@ &=0x00ff00ff
+	and	r0,r0,r9,lsl#8		@ &=0xff00ff00
+	and	r3,r3,r9		@ &=0x00ff00ff
+	and	r1,r1,r9,lsl#8		@ &=0xff00ff00
+	orr	r2,r2,r2,lsr#8
+	orr	r0,r0,r0,lsl#8
+	orr	r3,r3,r3,lsr#8
+	orr	r1,r1,r1,lsl#8
+
+	lsl	r2,r2,#16
+	lsr	r1,r1,#16
+	eor	r4,r4,r3,lsl#16
+	eor	r5,r5,r0,lsr#16
+	eor	r4,r4,r2,lsr#16
+	eor	r5,r5,r1,lsl#16
+	stmia	$A_flat!,{r4-r5}	@ A_flat[i++] ^= BitInterleave(inp[0..7])
+
+	subs	$bsz,$bsz,#8
+	bhi	.Loop_block
+
+	str	$inp,[sp,#476]
+
+	bl	KeccakF1600_int
+
+	add	r14,sp,#456
+	ldmia	r14,{r6-r12,r14}	@ restore constants and variables
+	b	.Loop_absorb
+
+.align	4
+.Labsorbed:
+	add	$inp,sp,#$A[1][0]
+	ldmia	sp,      {@C[0]-@C[9]}
+	stmia	$A_flat!,{@C[0]-@C[9]}	@ return A[5][5]
+	ldmia	$inp!,   {@C[0]-@C[9]}
+	stmia	$A_flat!,{@C[0]-@C[9]}
+	ldmia	$inp!,   {@C[0]-@C[9]}
+	stmia	$A_flat!,{@C[0]-@C[9]}
+	ldmia	$inp!,   {@C[0]-@C[9]}
+	stmia	$A_flat!,{@C[0]-@C[9]}
+	ldmia	$inp,    {@C[0]-@C[9]}
+	stmia	$A_flat, {@C[0]-@C[9]}
+
+.Labsorb_abort:
+	add	sp,sp,#456+32
+	mov	r0,$len			@ return value
+	ldmia	sp!,{r4-r12,pc}
+.size	SHA3_absorb,.-SHA3_absorb
+___
+}
+{ my ($out,$len,$A_flat,$bsz) = map("r$_", (4,5,10,12));
+
+$code.=<<___;
+.global	SHA3_squeeze
+.type	SHA3_squeeze,%function
+.align	5
+SHA3_squeeze:
+	stmdb	sp!,{r0,r3-r10,lr}
+
+	mov	$A_flat,r0
+	mov	$out,r1
+	mov	$len,r2
+	mov	$bsz,r3
+
+#ifdef	__thumb2__
+	mov	r9,#0x00ff00ff
+	mov	r8,#0x0f0f0f0f
+	mov	r7,#0x33333333
+	mov	r6,#0x55555555
+#else
+	mov	r6,#0x11		@ compose constants
+	mov	r8,#0x0f
+	mov	r9,#0xff
+	orr	r6,r6,r6,lsl#8
+	orr	r8,r8,r8,lsl#8
+	orr	r6,r6,r6,lsl#16		@ 0x11111111
+	orr	r9,r9,r9,lsl#16		@ 0x00ff00ff
+	orr	r8,r8,r8,lsl#16		@ 0x0f0f0f0f
+	orr	r7,r6,r6,lsl#1		@ 0x33333333
+	orr	r6,r6,r6,lsl#2		@ 0x55555555
+#endif
+	stmdb	sp!,{r6-r9}
+
+	mov	r14,$A_flat
+	b	.Loop_squeeze
+
+.align	4
+.Loop_squeeze:
+	ldmia	$A_flat!,{r0,r1}	@ A_flat[i++]
+
+	lsl	r2,r0,#16
+	lsl	r3,r1,#16		@ r3 = r1 << 16
+	lsr	r2,r2,#16		@ r2 = r0 & 0x0000ffff
+	lsr	r1,r1,#16
+	lsr	r0,r0,#16		@ r0 = r0 >> 16
+	lsl	r1,r1,#16		@ r1 = r1 & 0xffff0000
+
+	orr	r2,r2,r2,lsl#8
+	orr	r3,r3,r3,lsr#8
+	orr	r0,r0,r0,lsl#8
+	orr	r1,r1,r1,lsr#8
+	and	r2,r2,r9		@ &=0x00ff00ff
+	and	r3,r3,r9,lsl#8		@ &=0xff00ff00
+	and	r0,r0,r9		@ &=0x00ff00ff
+	and	r1,r1,r9,lsl#8		@ &=0xff00ff00
+	orr	r2,r2,r2,lsl#4
+	orr	r3,r3,r3,lsr#4
+	orr	r0,r0,r0,lsl#4
+	orr	r1,r1,r1,lsr#4
+	and	r2,r2,r8		@ &=0x0f0f0f0f
+	and	r3,r3,r8,lsl#4		@ &=0xf0f0f0f0
+	and	r0,r0,r8		@ &=0x0f0f0f0f
+	and	r1,r1,r8,lsl#4		@ &=0xf0f0f0f0
+	orr	r2,r2,r2,lsl#2
+	orr	r3,r3,r3,lsr#2
+	orr	r0,r0,r0,lsl#2
+	orr	r1,r1,r1,lsr#2
+	and	r2,r2,r7		@ &=0x33333333
+	and	r3,r3,r7,lsl#2		@ &=0xcccccccc
+	and	r0,r0,r7		@ &=0x33333333
+	and	r1,r1,r7,lsl#2		@ &=0xcccccccc
+	orr	r2,r2,r2,lsl#1
+	orr	r3,r3,r3,lsr#1
+	orr	r0,r0,r0,lsl#1
+	orr	r1,r1,r1,lsr#1
+	and	r2,r2,r6		@ &=0x55555555
+	and	r3,r3,r6,lsl#1		@ &=0xaaaaaaaa
+	and	r0,r0,r6		@ &=0x55555555
+	and	r1,r1,r6,lsl#1		@ &=0xaaaaaaaa
+
+	orr	r2,r2,r3
+	orr	r0,r0,r1
+
+	cmp	$len,#8
+	blo	.Lsqueeze_tail
+	lsr	r1,r2,#8
+	strb	r2,[$out],#1
+	lsr	r3,r2,#16
+	strb	r1,[$out],#1
+	lsr	r2,r2,#24
+	strb	r3,[$out],#1
+	strb	r2,[$out],#1
+
+	lsr	r1,r0,#8
+	strb	r0,[$out],#1
+	lsr	r3,r0,#16
+	strb	r1,[$out],#1
+	lsr	r0,r0,#24
+	strb	r3,[$out],#1
+	strb	r0,[$out],#1
+	subs	$len,$len,#8
+	beq	.Lsqueeze_done
+
+	subs	$bsz,$bsz,#8		@ bsz -= 8
+	bhi	.Loop_squeeze
+
+	mov	r0,r14			@ original $A_flat
+
+	bl	KeccakF1600
+
+	ldmia	sp,{r6-r10,r12}		@ restore constants and variables
+	mov	r14,$A_flat
+	b	.Loop_squeeze
+
+.align	4
+.Lsqueeze_tail:
+	strb	r2,[$out],#1
+	lsr	r2,r2,#8
+	subs	$len,$len,#1
+	beq	.Lsqueeze_done
+	strb	r2,[$out],#1
+	lsr	r2,r2,#8
+	subs	$len,$len,#1
+	beq	.Lsqueeze_done
+	strb	r2,[$out],#1
+	lsr	r2,r2,#8
+	subs	$len,$len,#1
+	beq	.Lsqueeze_done
+	strb	r2,[$out],#1
+	subs	$len,$len,#1
+	beq	.Lsqueeze_done
+
+	strb	r0,[$out],#1
+	lsr	r0,r0,#8
+	subs	$len,$len,#1
+	beq	.Lsqueeze_done
+	strb	r0,[$out],#1
+	lsr	r0,r0,#8
+	subs	$len,$len,#1
+	beq	.Lsqueeze_done
+	strb	r0,[$out]
+	b	.Lsqueeze_done
+
+.align	4
+.Lsqueeze_done:
+	add	sp,sp,#24
+	ldmia	sp!,{r4-r10,pc}
+.size	SHA3_squeeze,.-SHA3_squeeze
+___
+}
+
+$code.=<<___;
+#if __ARM_MAX_ARCH__>=7
+.fpu	neon
+
+.type	iotas64, %object
+.align 5
+iotas64:
+	.quad	0x0000000000000001
+	.quad	0x0000000000008082
+	.quad	0x800000000000808a
+	.quad	0x8000000080008000
+	.quad	0x000000000000808b
+	.quad	0x0000000080000001
+	.quad	0x8000000080008081
+	.quad	0x8000000000008009
+	.quad	0x000000000000008a
+	.quad	0x0000000000000088
+	.quad	0x0000000080008009
+	.quad	0x000000008000000a
+	.quad	0x000000008000808b
+	.quad	0x800000000000008b
+	.quad	0x8000000000008089
+	.quad	0x8000000000008003
+	.quad	0x8000000000008002
+	.quad	0x8000000000000080
+	.quad	0x000000000000800a
+	.quad	0x800000008000000a
+	.quad	0x8000000080008081
+	.quad	0x8000000000008080
+	.quad	0x0000000080000001
+	.quad	0x8000000080008008
+.size	iotas64,.-iotas64
+
+.type	KeccakF1600_neon, %function
+.align	5
+KeccakF1600_neon:
+	add	r1, r0, #16
+	adr	r2, iotas64
+	mov	r3, #24			@ loop counter
+	b	.Loop_neon
+
+.align	4
+.Loop_neon:
+	@ Theta
+	vst1.64		{q4},  [r0:64]		@ offload A[0..1][4]
+	veor		q13, q0,  q5		@ A[0..1][0]^A[2..3][0]
+	vst1.64		{d18}, [r1:64]		@ offload A[2][4]
+	veor		q14, q1,  q6		@ A[0..1][1]^A[2..3][1]
+	veor		q15, q2,  q7		@ A[0..1][2]^A[2..3][2]
+	veor		d26, d26, d27		@ C[0]=A[0][0]^A[1][0]^A[2][0]^A[3][0]
+	veor		d27, d28, d29		@ C[1]=A[0][1]^A[1][1]^A[2][1]^A[3][1]
+	veor		q14, q3,  q8		@ A[0..1][3]^A[2..3][3]
+	veor		q4,  q4,  q9		@ A[0..1][4]^A[2..3][4]
+	veor		d30, d30, d31		@ C[2]=A[0][2]^A[1][2]^A[2][2]^A[3][2]
+	veor		d31, d28, d29		@ C[3]=A[0][3]^A[1][3]^A[2][3]^A[3][3]
+	veor		d25, d8,  d9		@ C[4]=A[0][4]^A[1][4]^A[2][4]^A[3][4]
+	veor		q13, q13, q10		@ C[0..1]^=A[4][0..1]
+	veor		q14, q15, q11		@ C[2..3]^=A[4][2..3]
+	veor		d25, d25, d24		@ C[4]^=A[4][4]
+
+	vadd.u64	q4,  q13, q13		@ C[0..1]<<1
+	vadd.u64	q15, q14, q14		@ C[2..3]<<1
+	vadd.u64	d18, d25, d25		@ C[4]<<1
+	vsri.u64	q4,  q13, #63		@ ROL64(C[0..1],1)
+	vsri.u64	q15, q14, #63		@ ROL64(C[2..3],1)
+	vsri.u64	d18, d25, #63		@ ROL64(C[4],1)
+	veor		d25, d25, d9		@ D[0] = C[4] ^= ROL64(C[1],1)
+	veor		q13, q13, q15		@ D[1..2] = C[0..1] ^ ROL64(C[2..3],1)
+	veor		d28, d28, d18		@ D[3] = C[2] ^= ROL64(C[4],1)
+	veor		d29, d29, d8		@ D[4] = C[3] ^= ROL64(C[0],1)
+
+	veor		d0,  d0,  d25		@ A[0][0] ^= C[4]
+	veor		d1,  d1,  d25		@ A[1][0] ^= C[4]
+	veor		d10, d10, d25		@ A[2][0] ^= C[4]
+	veor		d11, d11, d25		@ A[3][0] ^= C[4]
+	veor		d20, d20, d25		@ A[4][0] ^= C[4]
+
+	veor		d2,  d2,  d26		@ A[0][1] ^= D[1]
+	veor		d3,  d3,  d26		@ A[1][1] ^= D[1]
+	veor		d12, d12, d26		@ A[2][1] ^= D[1]
+	veor		d13, d13, d26		@ A[3][1] ^= D[1]
+	veor		d21, d21, d26		@ A[4][1] ^= D[1]
+	vmov		d26, d27
+
+	veor		d6,  d6,  d28		@ A[0][3] ^= C[2]
+	veor		d7,  d7,  d28		@ A[1][3] ^= C[2]
+	veor		d16, d16, d28		@ A[2][3] ^= C[2]
+	veor		d17, d17, d28		@ A[3][3] ^= C[2]
+	veor		d23, d23, d28		@ A[4][3] ^= C[2]
+	vld1.64		{q4},  [r0:64]		@ restore A[0..1][4]
+	vmov		d28, d29
+
+	vld1.64		{d18}, [r1:64]		@ restore A[2][4]
+	veor		q2,  q2,  q13		@ A[0..1][2] ^= D[2]
+	veor		q7,  q7,  q13		@ A[2..3][2] ^= D[2]
+	veor		d22, d22, d27		@ A[4][2]    ^= D[2]
+
+	veor		q4,  q4,  q14		@ A[0..1][4] ^= C[3]
+	veor		q9,  q9,  q14		@ A[2..3][4] ^= C[3]
+	veor		d24, d24, d29		@ A[4][4]    ^= C[3]
+
+	@ Rho + Pi
+	vmov		d26, d2			@ C[1] = A[0][1]
+	vshl.u64	d2,  d3,  #44
+	vmov		d27, d4			@ C[2] = A[0][2]
+	vshl.u64	d4,  d14, #43
+	vmov		d28, d6			@ C[3] = A[0][3]
+	vshl.u64	d6,  d17, #21
+	vmov		d29, d8			@ C[4] = A[0][4]
+	vshl.u64	d8,  d24, #14
+	vsri.u64	d2,  d3,  #64-44	@ A[0][1] = ROL64(A[1][1], rhotates[1][1])
+	vsri.u64	d4,  d14, #64-43	@ A[0][2] = ROL64(A[2][2], rhotates[2][2])
+	vsri.u64	d6,  d17, #64-21	@ A[0][3] = ROL64(A[3][3], rhotates[3][3])
+	vsri.u64	d8,  d24, #64-14	@ A[0][4] = ROL64(A[4][4], rhotates[4][4])
+
+	vshl.u64	d3,  d9,  #20
+	vshl.u64	d14, d16, #25
+	vshl.u64	d17, d15, #15
+	vshl.u64	d24, d21, #2
+	vsri.u64	d3,  d9,  #64-20	@ A[1][1] = ROL64(A[1][4], rhotates[1][4])
+	vsri.u64	d14, d16, #64-25	@ A[2][2] = ROL64(A[2][3], rhotates[2][3])
+	vsri.u64	d17, d15, #64-15	@ A[3][3] = ROL64(A[3][2], rhotates[3][2])
+	vsri.u64	d24, d21, #64-2		@ A[4][4] = ROL64(A[4][1], rhotates[4][1])
+
+	vshl.u64	d9,  d22, #61
+	@ vshl.u64	d16, d19, #8
+	vshl.u64	d15, d12, #10
+	vshl.u64	d21, d7,  #55
+	vsri.u64	d9,  d22, #64-61	@ A[1][4] = ROL64(A[4][2], rhotates[4][2])
+	vext.8		d16, d19, d19, #8-1	@ A[2][3] = ROL64(A[3][4], rhotates[3][4])
+	vsri.u64	d15, d12, #64-10	@ A[3][2] = ROL64(A[2][1], rhotates[2][1])
+	vsri.u64	d21, d7,  #64-55	@ A[4][1] = ROL64(A[1][3], rhotates[1][3])
+
+	vshl.u64	d22, d18, #39
+	@ vshl.u64	d19, d23, #56
+	vshl.u64	d12, d5,  #6
+	vshl.u64	d7,  d13, #45
+	vsri.u64	d22, d18, #64-39	@ A[4][2] = ROL64(A[2][4], rhotates[2][4])
+	vext.8		d19, d23, d23, #8-7	@ A[3][4] = ROL64(A[4][3], rhotates[4][3])
+	vsri.u64	d12, d5,  #64-6		@ A[2][1] = ROL64(A[1][2], rhotates[1][2])
+	vsri.u64	d7,  d13, #64-45	@ A[1][3] = ROL64(A[3][1], rhotates[3][1])
+
+	vshl.u64	d18, d20, #18
+	vshl.u64	d23, d11, #41
+	vshl.u64	d5,  d10, #3
+	vshl.u64	d13, d1,  #36
+	vsri.u64	d18, d20, #64-18	@ A[2][4] = ROL64(A[4][0], rhotates[4][0])
+	vsri.u64	d23, d11, #64-41	@ A[4][3] = ROL64(A[3][0], rhotates[3][0])
+	vsri.u64	d5,  d10, #64-3		@ A[1][2] = ROL64(A[2][0], rhotates[2][0])
+	vsri.u64	d13, d1,  #64-36	@ A[3][1] = ROL64(A[1][0], rhotates[1][0])
+
+	vshl.u64	d1,  d28, #28
+	vshl.u64	d10, d26, #1
+	vshl.u64	d11, d29, #27
+	vshl.u64	d20, d27, #62
+	vsri.u64	d1,  d28, #64-28	@ A[1][0] = ROL64(C[3],    rhotates[0][3])
+	vsri.u64	d10, d26, #64-1		@ A[2][0] = ROL64(C[1],    rhotates[0][1])
+	vsri.u64	d11, d29, #64-27	@ A[3][0] = ROL64(C[4],    rhotates[0][4])
+	vsri.u64	d20, d27, #64-62	@ A[4][0] = ROL64(C[2],    rhotates[0][2])
+
+	@ Chi + Iota
+	vbic		q13, q2,  q1
+	vbic		q14, q3,  q2
+	vbic		q15, q4,  q3
+	veor		q13, q13, q0		@ A[0..1][0] ^ (~A[0..1][1] & A[0..1][2])
+	veor		q14, q14, q1		@ A[0..1][1] ^ (~A[0..1][2] & A[0..1][3])
+	veor		q2,  q2,  q15		@ A[0..1][2] ^= (~A[0..1][3] & A[0..1][4])
+	vst1.64		{q13}, [r0:64]		@ offload A[0..1][0]
+	vbic		q13, q0,  q4
+	vbic		q15, q1,  q0
+	vmov		q1,  q14		@ A[0..1][1]
+	veor		q3,  q3,  q13		@ A[0..1][3] ^= (~A[0..1][4] & A[0..1][0])
+	veor		q4,  q4,  q15		@ A[0..1][4] ^= (~A[0..1][0] & A[0..1][1])
+
+	vbic		q13, q7,  q6
+	vmov		q0,  q5			@ A[2..3][0]
+	vbic		q14, q8,  q7
+	vmov		q15, q6			@ A[2..3][1]
+	veor		q5,  q5,  q13		@ A[2..3][0] ^= (~A[2..3][1] & A[2..3][2])
+	vbic		q13, q9,  q8
+	veor		q6,  q6,  q14		@ A[2..3][1] ^= (~A[2..3][2] & A[2..3][3])
+	vbic		q14, q0,  q9
+	veor		q7,  q7,  q13		@ A[2..3][2] ^= (~A[2..3][3] & A[2..3][4])
+	vbic		q13, q15, q0
+	veor		q8,  q8,  q14		@ A[2..3][3] ^= (~A[2..3][4] & A[2..3][0])
+	vmov		q14, q10		@ A[4][0..1]
+	veor		q9,  q9,  q13		@ A[2..3][4] ^= (~A[2..3][0] & A[2..3][1])
+
+	vld1.64		d25, [r2:64]!		@ Iota[i++]
+	vbic		d26, d22, d21
+	vbic		d27, d23, d22
+	vld1.64		{q0}, [r0:64]		@ restore A[0..1][0]
+	veor		d20, d20, d26		@ A[4][0] ^= (~A[4][1] & A[4][2])
+	vbic		d26, d24, d23
+	veor		d21, d21, d27		@ A[4][1] ^= (~A[4][2] & A[4][3])
+	vbic		d27, d28, d24
+	veor		d22, d22, d26		@ A[4][2] ^= (~A[4][3] & A[4][4])
+	vbic		d26, d29, d28
+	veor		d23, d23, d27		@ A[4][3] ^= (~A[4][4] & A[4][0])
+	veor		d0,  d0,  d25		@ A[0][0] ^= Iota[i]
+	veor		d24, d24, d26		@ A[4][4] ^= (~A[4][0] & A[4][1])
+
+	subs	r3, r3, #1
+	bne	.Loop_neon
+
+	bx	lr
+.size	KeccakF1600_neon,.-KeccakF1600_neon
+
+.global	SHA3_absorb_neon
+.type	SHA3_absorb_neon, %function
+.align	5
+SHA3_absorb_neon:
+	stmdb	sp!, {r4-r6,lr}
+	vstmdb	sp!, {d8-d15}
+
+	mov	r4, r1			@ inp
+	mov	r5, r2			@ len
+	mov	r6, r3			@ bsz
+
+	vld1.32	{d0}, [r0:64]!		@ A[0][0]
+	vld1.32	{d2}, [r0:64]!		@ A[0][1]
+	vld1.32	{d4}, [r0:64]!		@ A[0][2]
+	vld1.32	{d6}, [r0:64]!		@ A[0][3]
+	vld1.32	{d8}, [r0:64]!		@ A[0][4]
+
+	vld1.32	{d1}, [r0:64]!		@ A[1][0]
+	vld1.32	{d3}, [r0:64]!		@ A[1][1]
+	vld1.32	{d5}, [r0:64]!		@ A[1][2]
+	vld1.32	{d7}, [r0:64]!		@ A[1][3]
+	vld1.32	{d9}, [r0:64]!		@ A[1][4]
+
+	vld1.32	{d10}, [r0:64]!		@ A[2][0]
+	vld1.32	{d12}, [r0:64]!		@ A[2][1]
+	vld1.32	{d14}, [r0:64]!		@ A[2][2]
+	vld1.32	{d16}, [r0:64]!		@ A[2][3]
+	vld1.32	{d18}, [r0:64]!		@ A[2][4]
+
+	vld1.32	{d11}, [r0:64]!		@ A[3][0]
+	vld1.32	{d13}, [r0:64]!		@ A[3][1]
+	vld1.32	{d15}, [r0:64]!		@ A[3][2]
+	vld1.32	{d17}, [r0:64]!		@ A[3][3]
+	vld1.32	{d19}, [r0:64]!		@ A[3][4]
+
+	vld1.32	{d20-d23}, [r0:64]!	@ A[4][0..3]
+	vld1.32	{d24}, [r0:64]		@ A[4][4]
+	sub	r0, r0, #24*8		@ rewind
+	b	.Loop_absorb_neon
+
+.align	4
+.Loop_absorb_neon:
+	subs	r12, r5, r6		@ len - bsz
+	blo	.Labsorbed_neon
+	mov	r5, r12
+
+	vld1.8	{d31}, [r4]!		@ endian-neutral loads...
+	cmp	r6, #8*2
+	veor	d0, d0, d31		@ A[0][0] ^= *inp++
+	blo	.Lprocess_neon
+	vld1.8	{d31}, [r4]!
+	veor	d2, d2, d31		@ A[0][1] ^= *inp++
+	beq	.Lprocess_neon
+	vld1.8	{d31}, [r4]!
+	cmp	r6, #8*4
+	veor	d4, d4, d31		@ A[0][2] ^= *inp++
+	blo	.Lprocess_neon
+	vld1.8	{d31}, [r4]!
+	veor	d6, d6, d31		@ A[0][3] ^= *inp++
+	beq	.Lprocess_neon
+	vld1.8	{d31},[r4]!
+	cmp	r6, #8*6
+	veor	d8, d8, d31		@ A[0][4] ^= *inp++
+	blo	.Lprocess_neon
+
+	vld1.8	{d31}, [r4]!
+	veor	d1, d1, d31		@ A[1][0] ^= *inp++
+	beq	.Lprocess_neon
+	vld1.8	{d31}, [r4]!
+	cmp	r6, #8*8
+	veor	d3, d3, d31		@ A[1][1] ^= *inp++
+	blo	.Lprocess_neon
+	vld1.8	{d31}, [r4]!
+	veor	d5, d5, d31		@ A[1][2] ^= *inp++
+	beq	.Lprocess_neon
+	vld1.8	{d31}, [r4]!
+	cmp	r6, #8*10
+	veor	d7, d7, d31		@ A[1][3] ^= *inp++
+	blo	.Lprocess_neon
+	vld1.8	{d31}, [r4]!
+	veor	d9, d9, d31		@ A[1][4] ^= *inp++
+	beq	.Lprocess_neon
+
+	vld1.8	{d31}, [r4]!
+	cmp	r6, #8*12
+	veor	d10, d10, d31		@ A[2][0] ^= *inp++
+	blo	.Lprocess_neon
+	vld1.8	{d31}, [r4]!
+	veor	d12, d12, d31		@ A[2][1] ^= *inp++
+	beq	.Lprocess_neon
+	vld1.8	{d31}, [r4]!
+	cmp	r6, #8*14
+	veor	d14, d14, d31		@ A[2][2] ^= *inp++
+	blo	.Lprocess_neon
+	vld1.8	{d31}, [r4]!
+	veor	d16, d16, d31		@ A[2][3] ^= *inp++
+	beq	.Lprocess_neon
+	vld1.8	{d31}, [r4]!
+	cmp	r6, #8*16
+	veor	d18, d18, d31		@ A[2][4] ^= *inp++
+	blo	.Lprocess_neon
+
+	vld1.8	{d31}, [r4]!
+	veor	d11, d11, d31		@ A[3][0] ^= *inp++
+	beq	.Lprocess_neon
+	vld1.8	{d31}, [r4]!
+	cmp	r6, #8*18
+	veor	d13, d13, d31		@ A[3][1] ^= *inp++
+	blo	.Lprocess_neon
+	vld1.8	{d31}, [r4]!
+	veor	d15, d15, d31		@ A[3][2] ^= *inp++
+	beq	.Lprocess_neon
+	vld1.8	{d31}, [r4]!
+	cmp	r6, #8*20
+	veor	d17, d17, d31		@ A[3][3] ^= *inp++
+	blo	.Lprocess_neon
+	vld1.8	{d31}, [r4]!
+	veor	d19, d19, d31		@ A[3][4] ^= *inp++
+	beq	.Lprocess_neon
+
+	vld1.8	{d31}, [r4]!
+	cmp	r6, #8*22
+	veor	d20, d20, d31		@ A[4][0] ^= *inp++
+	blo	.Lprocess_neon
+	vld1.8	{d31}, [r4]!
+	veor	d21, d21, d31		@ A[4][1] ^= *inp++
+	beq	.Lprocess_neon
+	vld1.8	{d31}, [r4]!
+	cmp	r6, #8*24
+	veor	d22, d22, d31		@ A[4][2] ^= *inp++
+	blo	.Lprocess_neon
+	vld1.8	{d31}, [r4]!
+	veor	d23, d23, d31		@ A[4][3] ^= *inp++
+	beq	.Lprocess_neon
+	vld1.8	{d31}, [r4]!
+	veor	d24, d24, d31		@ A[4][4] ^= *inp++
+
+.Lprocess_neon:
+	bl	KeccakF1600_neon
+	b 	.Loop_absorb_neon
+
+.align	4
+.Labsorbed_neon:
+	vst1.32	{d0}, [r0:64]!		@ A[0][0..4]
+	vst1.32	{d2}, [r0:64]!
+	vst1.32	{d4}, [r0:64]!
+	vst1.32	{d6}, [r0:64]!
+	vst1.32	{d8}, [r0:64]!
+
+	vst1.32	{d1}, [r0:64]!		@ A[1][0..4]
+	vst1.32	{d3}, [r0:64]!
+	vst1.32	{d5}, [r0:64]!
+	vst1.32	{d7}, [r0:64]!
+	vst1.32	{d9}, [r0:64]!
+
+	vst1.32	{d10}, [r0:64]!		@ A[2][0..4]
+	vst1.32	{d12}, [r0:64]!
+	vst1.32	{d14}, [r0:64]!
+	vst1.32	{d16}, [r0:64]!
+	vst1.32	{d18}, [r0:64]!
+
+	vst1.32	{d11}, [r0:64]!		@ A[3][0..4]
+	vst1.32	{d13}, [r0:64]!
+	vst1.32	{d15}, [r0:64]!
+	vst1.32	{d17}, [r0:64]!
+	vst1.32	{d19}, [r0:64]!
+
+	vst1.32	{d20-d23}, [r0:64]!	@ A[4][0..4]
+	vst1.32	{d24}, [r0:64]
+
+	mov	r0, r5			@ return value
+	vldmia	sp!, {d8-d15}
+	ldmia	sp!, {r4-r6,pc}
+.size	SHA3_absorb_neon,.-SHA3_absorb_neon
+
+.global	SHA3_squeeze_neon
+.type	SHA3_squeeze_neon, %function
+.align	5
+SHA3_squeeze_neon:
+	stmdb	sp!, {r4-r6,lr}
+
+	mov	r4, r1			@ out
+	mov	r5, r2			@ len
+	mov	r6, r3			@ bsz
+	mov	r12, r0			@ A_flat
+	mov	r14, r3			@ bsz
+	b	.Loop_squeeze_neon
+
+.align	4
+.Loop_squeeze_neon:
+	cmp	r5, #8
+	blo	.Lsqueeze_neon_tail
+	vld1.32	{d0}, [r12]!
+	vst1.8	{d0}, [r4]!		@ endian-neutral store
+
+	subs	r5, r5, #8		@ len -= 8
+	beq	.Lsqueeze_neon_done
+
+	subs	r14, r14, #8		@ bsz -= 8
+	bhi	.Loop_squeeze_neon
+
+	vstmdb	sp!,  {d8-d15}
+
+	vld1.32	{d0}, [r0:64]!		@ A[0][0..4]
+	vld1.32	{d2}, [r0:64]!
+	vld1.32	{d4}, [r0:64]!
+	vld1.32	{d6}, [r0:64]!
+	vld1.32	{d8}, [r0:64]!
+
+	vld1.32	{d1}, [r0:64]!		@ A[1][0..4]
+	vld1.32	{d3}, [r0:64]!
+	vld1.32	{d5}, [r0:64]!
+	vld1.32	{d7}, [r0:64]!
+	vld1.32	{d9}, [r0:64]!
+
+	vld1.32	{d10}, [r0:64]!		@ A[2][0..4]
+	vld1.32	{d12}, [r0:64]!
+	vld1.32	{d14}, [r0:64]!
+	vld1.32	{d16}, [r0:64]!
+	vld1.32	{d18}, [r0:64]!
+
+	vld1.32	{d11}, [r0:64]!		@ A[3][0..4]
+	vld1.32	{d13}, [r0:64]!
+	vld1.32	{d15}, [r0:64]!
+	vld1.32	{d17}, [r0:64]!
+	vld1.32	{d19}, [r0:64]!
+
+	vld1.32	{d20-d23}, [r0:64]!	@ A[4][0..4]
+	vld1.32	{d24}, [r0:64]
+	sub	r0, r0, #24*8		@ rewind
+
+	bl	KeccakF1600_neon
+
+	mov	r12, r0			@ A_flat
+	vst1.32	{d0}, [r0:64]!		@ A[0][0..4]
+	vst1.32	{d2}, [r0:64]!
+	vst1.32	{d4}, [r0:64]!
+	vst1.32	{d6}, [r0:64]!
+	vst1.32	{d8}, [r0:64]!
+
+	vst1.32	{d1}, [r0:64]!		@ A[1][0..4]
+	vst1.32	{d3}, [r0:64]!
+	vst1.32	{d5}, [r0:64]!
+	vst1.32	{d7}, [r0:64]!
+	vst1.32	{d9}, [r0:64]!
+
+	vst1.32	{d10}, [r0:64]!		@ A[2][0..4]
+	vst1.32	{d12}, [r0:64]!
+	vst1.32	{d14}, [r0:64]!
+	vst1.32	{d16}, [r0:64]!
+	vst1.32	{d18}, [r0:64]!
+
+	vst1.32	{d11}, [r0:64]!		@ A[3][0..4]
+	vst1.32	{d13}, [r0:64]!
+	vst1.32	{d15}, [r0:64]!
+	vst1.32	{d17}, [r0:64]!
+	vst1.32	{d19}, [r0:64]!
+
+	vst1.32	{d20-d23}, [r0:64]!	@ A[4][0..4]
+	mov	r14, r6			@ bsz
+	vst1.32	{d24}, [r0:64]
+	mov	r0,  r12		@ rewind
+
+	vldmia	sp!, {d8-d15}
+	b	.Loop_squeeze_neon
+
+.align	4
+.Lsqueeze_neon_tail:
+	ldmia	r12, {r2,r3}
+	cmp	r5, #2
+	strb	r2, [r4],#1		@ endian-neutral store
+	lsr	r2, r2, #8
+	blo	.Lsqueeze_neon_done
+	strb	r2, [r4], #1
+	lsr	r2, r2, #8
+	beq	.Lsqueeze_neon_done
+	strb	r2, [r4], #1
+	lsr	r2, r2, #8
+	cmp	r5, #4
+	blo	.Lsqueeze_neon_done
+	strb	r2, [r4], #1
+	beq	.Lsqueeze_neon_done
+
+	strb	r3, [r4], #1
+	lsr	r3, r3, #8
+	cmp	r5, #6
+	blo	.Lsqueeze_neon_done
+	strb	r3, [r4], #1
+	lsr	r3, r3, #8
+	beq	.Lsqueeze_neon_done
+	strb	r3, [r4], #1
+
+.Lsqueeze_neon_done:
+	ldmia	sp!, {r4-r6,pc}
+.size	SHA3_squeeze_neon,.-SHA3_squeeze_neon
+#endif
+.asciz	"Keccak-1600 absorb and squeeze for ARMv4/NEON, CRYPTOGAMS by <appro\@openssl.org>"
+.align	2
+___
+
+{
+    my %ldr, %str;
+
+    sub ldrd {
+	my ($mnemonic,$half,$reg,$ea) = @_;
+	my $op = $mnemonic eq "ldr" ? \%ldr : \%str;
+
+	if ($half eq "l") {
+	    $$op{reg} = $reg;
+	    $$op{ea}  = $ea;
+	    sprintf "#ifndef	__thumb2__\n"	.
+		    "	%s\t%s,%s\n"		.
+		    "#endif", $mnemonic,$reg,$ea;
+	} else {
+	    sprintf "#ifndef	__thumb2__\n"	.
+		    "	%s\t%s,%s\n"		.
+		    "#else\n"			.
+		    "	%sd\t%s,%s,%s\n"	.
+		    "#endif",	$mnemonic,$reg,$ea,
+				$mnemonic,$$op{reg},$reg,$$op{ea};
+	}
+    }
+}
+
+foreach (split($/,$code)) {
+	s/\`([^\`]*)\`/eval $1/ge;
+
+	s/^\s+(ldr|str)\.([lh])\s+(r[0-9]+),\s*(\[.*)/ldrd($1,$2,$3,$4)/ge or
+	s/\b(ror|ls[rl])\s+(r[0-9]+.*)#/mov	$2$1#/g or
+	s/\bret\b/bx	lr/g		or
+	s/\bbx\s+lr\b/.word\t0xe12fff1e/g;	# make it possible to compile with -march=armv4
+
+	print $_,"\n";
+}
+
+close STDOUT; # enforce flush
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-armv8.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-armv8.pl
new file mode 100755
index 000000000..a3117bd75
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-armv8.pl
@@ -0,0 +1,880 @@
+#!/usr/bin/env perl
+# Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# Keccak-1600 for ARMv8.
+#
+# June 2017.
+#
+# This is straightforward KECCAK_1X_ALT implementation. It makes no
+# sense to attempt SIMD/NEON implementation for following reason.
+# 64-bit lanes of vector registers can't be addressed as easily as in
+# 32-bit mode. This means that 64-bit NEON is bound to be slower than
+# 32-bit NEON, and this implementation is faster than 32-bit NEON on
+# same processor. Even though it takes more scalar xor's and andn's,
+# it gets compensated by availability of rotate. Not to forget that
+# most processors achieve higher issue rate with scalar instructions.
+#
+# February 2018.
+#
+# Add hardware-assisted ARMv8.2 implementation. It's KECCAK_1X_ALT
+# variant with register permutation/rotation twist that allows to
+# eliminate copies to temporary registers. If you look closely you'll
+# notice that it uses only one lane of vector registers. The new
+# instructions effectively facilitate parallel hashing, which we don't
+# support [yet?]. But lowest-level core procedure is prepared for it.
+# The inner round is 67 [vector] instructions, so it's not actually
+# obvious that it will provide performance improvement [in serial
+# hash] as long as vector instructions issue rate is limited to 1 per
+# cycle...
+#
+######################################################################
+# Numbers are cycles per processed byte.
+#
+#		r=1088(*)
+#
+# Cortex-A53	13
+# Cortex-A57	12
+# X-Gene	14
+# Mongoose	10
+# Kryo		12
+# Denver	7.8
+# Apple A7	7.2
+#
+# (*)	Corresponds to SHA3-256. No improvement coefficients are listed
+#	because they vary too much from compiler to compiler. Newer
+#	compiler does much better and improvement varies from 5% on
+#	Cortex-A57 to 25% on Cortex-A53. While in comparison to older
+#	compiler this code is at least 2x faster...
+
+$flavour = shift;
+$output  = shift;
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
+die "can't locate arm-xlate.pl";
+
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
+
+my @rhotates = ([  0,  1, 62, 28, 27 ],
+                [ 36, 44,  6, 55, 20 ],
+                [  3, 10, 43, 25, 39 ],
+                [ 41, 45, 15, 21,  8 ],
+                [ 18,  2, 61, 56, 14 ]);
+
+$code.=<<___;
+.text
+
+.align 8	// strategic alignment and padding that allows to use
+		// address value as loop termination condition...
+	.quad	0,0,0,0,0,0,0,0
+.type	iotas,%object
+iotas:
+	.quad	0x0000000000000001
+	.quad	0x0000000000008082
+	.quad	0x800000000000808a
+	.quad	0x8000000080008000
+	.quad	0x000000000000808b
+	.quad	0x0000000080000001
+	.quad	0x8000000080008081
+	.quad	0x8000000000008009
+	.quad	0x000000000000008a
+	.quad	0x0000000000000088
+	.quad	0x0000000080008009
+	.quad	0x000000008000000a
+	.quad	0x000000008000808b
+	.quad	0x800000000000008b
+	.quad	0x8000000000008089
+	.quad	0x8000000000008003
+	.quad	0x8000000000008002
+	.quad	0x8000000000000080
+	.quad	0x000000000000800a
+	.quad	0x800000008000000a
+	.quad	0x8000000080008081
+	.quad	0x8000000000008080
+	.quad	0x0000000080000001
+	.quad	0x8000000080008008
+.size	iotas,.-iotas
+___
+								{{{
+my @A = map([ "x$_", "x".($_+1), "x".($_+2), "x".($_+3), "x".($_+4) ],
+            (0, 5, 10, 15, 20));
+   $A[3][3] = "x25"; # x18 is reserved
+
+my @C = map("x$_", (26,27,28,30));
+
+$code.=<<___;
+.type	KeccakF1600_int,%function
+.align	5
+KeccakF1600_int:
+	adr	$C[2],iotas
+	.inst	0xd503233f			// paciasp
+	stp	$C[2],x30,[sp,#16]		// 32 bytes on top are mine
+	b	.Loop
+.align	4
+.Loop:
+	////////////////////////////////////////// Theta
+	eor	$C[0],$A[0][0],$A[1][0]
+	stp	$A[0][4],$A[1][4],[sp,#0]	// offload pair...
+	eor	$C[1],$A[0][1],$A[1][1]
+	eor	$C[2],$A[0][2],$A[1][2]
+	eor	$C[3],$A[0][3],$A[1][3]
+___
+	$C[4]=$A[0][4];
+	$C[5]=$A[1][4];
+$code.=<<___;
+	eor	$C[4],$A[0][4],$A[1][4]
+	eor	$C[0],$C[0],$A[2][0]
+	eor	$C[1],$C[1],$A[2][1]
+	eor	$C[2],$C[2],$A[2][2]
+	eor	$C[3],$C[3],$A[2][3]
+	eor	$C[4],$C[4],$A[2][4]
+	eor	$C[0],$C[0],$A[3][0]
+	eor	$C[1],$C[1],$A[3][1]
+	eor	$C[2],$C[2],$A[3][2]
+	eor	$C[3],$C[3],$A[3][3]
+	eor	$C[4],$C[4],$A[3][4]
+	eor	$C[0],$C[0],$A[4][0]
+	eor	$C[2],$C[2],$A[4][2]
+	eor	$C[1],$C[1],$A[4][1]
+	eor	$C[3],$C[3],$A[4][3]
+	eor	$C[4],$C[4],$A[4][4]
+
+	eor	$C[5],$C[0],$C[2],ror#63
+
+	eor	$A[0][1],$A[0][1],$C[5]
+	eor	$A[1][1],$A[1][1],$C[5]
+	eor	$A[2][1],$A[2][1],$C[5]
+	eor	$A[3][1],$A[3][1],$C[5]
+	eor	$A[4][1],$A[4][1],$C[5]
+
+	eor	$C[5],$C[1],$C[3],ror#63
+	eor	$C[2],$C[2],$C[4],ror#63
+	eor	$C[3],$C[3],$C[0],ror#63
+	eor	$C[4],$C[4],$C[1],ror#63
+
+	eor	$C[1],   $A[0][2],$C[5]		// mov	$C[1],$A[0][2]
+	eor	$A[1][2],$A[1][2],$C[5]
+	eor	$A[2][2],$A[2][2],$C[5]
+	eor	$A[3][2],$A[3][2],$C[5]
+	eor	$A[4][2],$A[4][2],$C[5]
+
+	eor	$A[0][0],$A[0][0],$C[4]
+	eor	$A[1][0],$A[1][0],$C[4]
+	eor	$A[2][0],$A[2][0],$C[4]
+	eor	$A[3][0],$A[3][0],$C[4]
+	eor	$A[4][0],$A[4][0],$C[4]
+___
+	$C[4]=undef;
+	$C[5]=undef;
+$code.=<<___;
+	ldp	$A[0][4],$A[1][4],[sp,#0]	// re-load offloaded data
+	eor	$C[0],   $A[0][3],$C[2]		// mov	$C[0],$A[0][3]
+	eor	$A[1][3],$A[1][3],$C[2]
+	eor	$A[2][3],$A[2][3],$C[2]
+	eor	$A[3][3],$A[3][3],$C[2]
+	eor	$A[4][3],$A[4][3],$C[2]
+
+	eor	$C[2],   $A[0][4],$C[3]		// mov	$C[2],$A[0][4]
+	eor	$A[1][4],$A[1][4],$C[3]
+	eor	$A[2][4],$A[2][4],$C[3]
+	eor	$A[3][4],$A[3][4],$C[3]
+	eor	$A[4][4],$A[4][4],$C[3]
+
+	////////////////////////////////////////// Rho+Pi
+	mov	$C[3],$A[0][1]
+	ror	$A[0][1],$A[1][1],#64-$rhotates[1][1]
+	//mov	$C[1],$A[0][2]
+	ror	$A[0][2],$A[2][2],#64-$rhotates[2][2]
+	//mov	$C[0],$A[0][3]
+	ror	$A[0][3],$A[3][3],#64-$rhotates[3][3]
+	//mov	$C[2],$A[0][4]
+	ror	$A[0][4],$A[4][4],#64-$rhotates[4][4]
+
+	ror	$A[1][1],$A[1][4],#64-$rhotates[1][4]
+	ror	$A[2][2],$A[2][3],#64-$rhotates[2][3]
+	ror	$A[3][3],$A[3][2],#64-$rhotates[3][2]
+	ror	$A[4][4],$A[4][1],#64-$rhotates[4][1]
+
+	ror	$A[1][4],$A[4][2],#64-$rhotates[4][2]
+	ror	$A[2][3],$A[3][4],#64-$rhotates[3][4]
+	ror	$A[3][2],$A[2][1],#64-$rhotates[2][1]
+	ror	$A[4][1],$A[1][3],#64-$rhotates[1][3]
+
+	ror	$A[4][2],$A[2][4],#64-$rhotates[2][4]
+	ror	$A[3][4],$A[4][3],#64-$rhotates[4][3]
+	ror	$A[2][1],$A[1][2],#64-$rhotates[1][2]
+	ror	$A[1][3],$A[3][1],#64-$rhotates[3][1]
+
+	ror	$A[2][4],$A[4][0],#64-$rhotates[4][0]
+	ror	$A[4][3],$A[3][0],#64-$rhotates[3][0]
+	ror	$A[1][2],$A[2][0],#64-$rhotates[2][0]
+	ror	$A[3][1],$A[1][0],#64-$rhotates[1][0]
+
+	ror	$A[1][0],$C[0],#64-$rhotates[0][3]
+	ror	$A[2][0],$C[3],#64-$rhotates[0][1]
+	ror	$A[3][0],$C[2],#64-$rhotates[0][4]
+	ror	$A[4][0],$C[1],#64-$rhotates[0][2]
+
+	////////////////////////////////////////// Chi+Iota
+	bic	$C[0],$A[0][2],$A[0][1]
+	bic	$C[1],$A[0][3],$A[0][2]
+	bic	$C[2],$A[0][0],$A[0][4]
+	bic	$C[3],$A[0][1],$A[0][0]
+	eor	$A[0][0],$A[0][0],$C[0]
+	bic	$C[0],$A[0][4],$A[0][3]
+	eor	$A[0][1],$A[0][1],$C[1]
+	 ldr	$C[1],[sp,#16]
+	eor	$A[0][3],$A[0][3],$C[2]
+	eor	$A[0][4],$A[0][4],$C[3]
+	eor	$A[0][2],$A[0][2],$C[0]
+	 ldr	$C[3],[$C[1]],#8		// Iota[i++]
+
+	bic	$C[0],$A[1][2],$A[1][1]
+	 tst	$C[1],#255			// are we done?
+	 str	$C[1],[sp,#16]
+	bic	$C[1],$A[1][3],$A[1][2]
+	bic	$C[2],$A[1][0],$A[1][4]
+	 eor	$A[0][0],$A[0][0],$C[3]		// A[0][0] ^= Iota
+	bic	$C[3],$A[1][1],$A[1][0]
+	eor	$A[1][0],$A[1][0],$C[0]
+	bic	$C[0],$A[1][4],$A[1][3]
+	eor	$A[1][1],$A[1][1],$C[1]
+	eor	$A[1][3],$A[1][3],$C[2]
+	eor	$A[1][4],$A[1][4],$C[3]
+	eor	$A[1][2],$A[1][2],$C[0]
+
+	bic	$C[0],$A[2][2],$A[2][1]
+	bic	$C[1],$A[2][3],$A[2][2]
+	bic	$C[2],$A[2][0],$A[2][4]
+	bic	$C[3],$A[2][1],$A[2][0]
+	eor	$A[2][0],$A[2][0],$C[0]
+	bic	$C[0],$A[2][4],$A[2][3]
+	eor	$A[2][1],$A[2][1],$C[1]
+	eor	$A[2][3],$A[2][3],$C[2]
+	eor	$A[2][4],$A[2][4],$C[3]
+	eor	$A[2][2],$A[2][2],$C[0]
+
+	bic	$C[0],$A[3][2],$A[3][1]
+	bic	$C[1],$A[3][3],$A[3][2]
+	bic	$C[2],$A[3][0],$A[3][4]
+	bic	$C[3],$A[3][1],$A[3][0]
+	eor	$A[3][0],$A[3][0],$C[0]
+	bic	$C[0],$A[3][4],$A[3][3]
+	eor	$A[3][1],$A[3][1],$C[1]
+	eor	$A[3][3],$A[3][3],$C[2]
+	eor	$A[3][4],$A[3][4],$C[3]
+	eor	$A[3][2],$A[3][2],$C[0]
+
+	bic	$C[0],$A[4][2],$A[4][1]
+	bic	$C[1],$A[4][3],$A[4][2]
+	bic	$C[2],$A[4][0],$A[4][4]
+	bic	$C[3],$A[4][1],$A[4][0]
+	eor	$A[4][0],$A[4][0],$C[0]
+	bic	$C[0],$A[4][4],$A[4][3]
+	eor	$A[4][1],$A[4][1],$C[1]
+	eor	$A[4][3],$A[4][3],$C[2]
+	eor	$A[4][4],$A[4][4],$C[3]
+	eor	$A[4][2],$A[4][2],$C[0]
+
+	bne	.Loop
+
+	ldr	x30,[sp,#24]
+	.inst	0xd50323bf			// autiasp
+	ret
+.size	KeccakF1600_int,.-KeccakF1600_int
+
+.type	KeccakF1600,%function
+.align	5
+KeccakF1600:
+	.inst	0xd503233f			// paciasp
+	stp	x29,x30,[sp,#-128]!
+	add	x29,sp,#0
+	stp	x19,x20,[sp,#16]
+	stp	x21,x22,[sp,#32]
+	stp	x23,x24,[sp,#48]
+	stp	x25,x26,[sp,#64]
+	stp	x27,x28,[sp,#80]
+	sub	sp,sp,#48
+
+	str	x0,[sp,#32]			// offload argument
+	mov	$C[0],x0
+	ldp	$A[0][0],$A[0][1],[x0,#16*0]
+	ldp	$A[0][2],$A[0][3],[$C[0],#16*1]
+	ldp	$A[0][4],$A[1][0],[$C[0],#16*2]
+	ldp	$A[1][1],$A[1][2],[$C[0],#16*3]
+	ldp	$A[1][3],$A[1][4],[$C[0],#16*4]
+	ldp	$A[2][0],$A[2][1],[$C[0],#16*5]
+	ldp	$A[2][2],$A[2][3],[$C[0],#16*6]
+	ldp	$A[2][4],$A[3][0],[$C[0],#16*7]
+	ldp	$A[3][1],$A[3][2],[$C[0],#16*8]
+	ldp	$A[3][3],$A[3][4],[$C[0],#16*9]
+	ldp	$A[4][0],$A[4][1],[$C[0],#16*10]
+	ldp	$A[4][2],$A[4][3],[$C[0],#16*11]
+	ldr	$A[4][4],[$C[0],#16*12]
+
+	bl	KeccakF1600_int
+
+	ldr	$C[0],[sp,#32]
+	stp	$A[0][0],$A[0][1],[$C[0],#16*0]
+	stp	$A[0][2],$A[0][3],[$C[0],#16*1]
+	stp	$A[0][4],$A[1][0],[$C[0],#16*2]
+	stp	$A[1][1],$A[1][2],[$C[0],#16*3]
+	stp	$A[1][3],$A[1][4],[$C[0],#16*4]
+	stp	$A[2][0],$A[2][1],[$C[0],#16*5]
+	stp	$A[2][2],$A[2][3],[$C[0],#16*6]
+	stp	$A[2][4],$A[3][0],[$C[0],#16*7]
+	stp	$A[3][1],$A[3][2],[$C[0],#16*8]
+	stp	$A[3][3],$A[3][4],[$C[0],#16*9]
+	stp	$A[4][0],$A[4][1],[$C[0],#16*10]
+	stp	$A[4][2],$A[4][3],[$C[0],#16*11]
+	str	$A[4][4],[$C[0],#16*12]
+
+	ldp	x19,x20,[x29,#16]
+	add	sp,sp,#48
+	ldp	x21,x22,[x29,#32]
+	ldp	x23,x24,[x29,#48]
+	ldp	x25,x26,[x29,#64]
+	ldp	x27,x28,[x29,#80]
+	ldp	x29,x30,[sp],#128
+	.inst	0xd50323bf			// autiasp
+	ret
+.size	KeccakF1600,.-KeccakF1600
+
+.globl	SHA3_absorb
+.type	SHA3_absorb,%function
+.align	5
+SHA3_absorb:
+	.inst	0xd503233f			// paciasp
+	stp	x29,x30,[sp,#-128]!
+	add	x29,sp,#0
+	stp	x19,x20,[sp,#16]
+	stp	x21,x22,[sp,#32]
+	stp	x23,x24,[sp,#48]
+	stp	x25,x26,[sp,#64]
+	stp	x27,x28,[sp,#80]
+	sub	sp,sp,#64
+
+	stp	x0,x1,[sp,#32]			// offload arguments
+	stp	x2,x3,[sp,#48]
+
+	mov	$C[0],x0			// uint64_t A[5][5]
+	mov	$C[1],x1			// const void *inp
+	mov	$C[2],x2			// size_t len
+	mov	$C[3],x3			// size_t bsz
+	ldp	$A[0][0],$A[0][1],[$C[0],#16*0]
+	ldp	$A[0][2],$A[0][3],[$C[0],#16*1]
+	ldp	$A[0][4],$A[1][0],[$C[0],#16*2]
+	ldp	$A[1][1],$A[1][2],[$C[0],#16*3]
+	ldp	$A[1][3],$A[1][4],[$C[0],#16*4]
+	ldp	$A[2][0],$A[2][1],[$C[0],#16*5]
+	ldp	$A[2][2],$A[2][3],[$C[0],#16*6]
+	ldp	$A[2][4],$A[3][0],[$C[0],#16*7]
+	ldp	$A[3][1],$A[3][2],[$C[0],#16*8]
+	ldp	$A[3][3],$A[3][4],[$C[0],#16*9]
+	ldp	$A[4][0],$A[4][1],[$C[0],#16*10]
+	ldp	$A[4][2],$A[4][3],[$C[0],#16*11]
+	ldr	$A[4][4],[$C[0],#16*12]
+	b	.Loop_absorb
+
+.align	4
+.Loop_absorb:
+	subs	$C[0],$C[2],$C[3]		// len - bsz
+	blo	.Labsorbed
+
+	str	$C[0],[sp,#48]			// save len - bsz
+___
+for (my $i=0; $i<24; $i+=2) {
+my $j = $i+1;
+$code.=<<___;
+	ldr	$C[0],[$C[1]],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev	$C[0],$C[0]
+#endif
+	eor	$A[$i/5][$i%5],$A[$i/5][$i%5],$C[0]
+	cmp	$C[3],#8*($i+2)
+	blo	.Lprocess_block
+	ldr	$C[0],[$C[1]],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev	$C[0],$C[0]
+#endif
+	eor	$A[$j/5][$j%5],$A[$j/5][$j%5],$C[0]
+	beq	.Lprocess_block
+___
+}
+$code.=<<___;
+	ldr	$C[0],[$C[1]],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev	$C[0],$C[0]
+#endif
+	eor	$A[4][4],$A[4][4],$C[0]
+
+.Lprocess_block:
+	str	$C[1],[sp,#40]			// save inp
+
+	bl	KeccakF1600_int
+
+	ldr	$C[1],[sp,#40]			// restore arguments
+	ldp	$C[2],$C[3],[sp,#48]
+	b	.Loop_absorb
+
+.align	4
+.Labsorbed:
+	ldr	$C[1],[sp,#32]
+	stp	$A[0][0],$A[0][1],[$C[1],#16*0]
+	stp	$A[0][2],$A[0][3],[$C[1],#16*1]
+	stp	$A[0][4],$A[1][0],[$C[1],#16*2]
+	stp	$A[1][1],$A[1][2],[$C[1],#16*3]
+	stp	$A[1][3],$A[1][4],[$C[1],#16*4]
+	stp	$A[2][0],$A[2][1],[$C[1],#16*5]
+	stp	$A[2][2],$A[2][3],[$C[1],#16*6]
+	stp	$A[2][4],$A[3][0],[$C[1],#16*7]
+	stp	$A[3][1],$A[3][2],[$C[1],#16*8]
+	stp	$A[3][3],$A[3][4],[$C[1],#16*9]
+	stp	$A[4][0],$A[4][1],[$C[1],#16*10]
+	stp	$A[4][2],$A[4][3],[$C[1],#16*11]
+	str	$A[4][4],[$C[1],#16*12]
+
+	mov	x0,$C[2]			// return value
+	ldp	x19,x20,[x29,#16]
+	add	sp,sp,#64
+	ldp	x21,x22,[x29,#32]
+	ldp	x23,x24,[x29,#48]
+	ldp	x25,x26,[x29,#64]
+	ldp	x27,x28,[x29,#80]
+	ldp	x29,x30,[sp],#128
+	.inst	0xd50323bf			// autiasp
+	ret
+.size	SHA3_absorb,.-SHA3_absorb
+___
+{
+my ($A_flat,$out,$len,$bsz) = map("x$_",(19..22));
+$code.=<<___;
+.globl	SHA3_squeeze
+.type	SHA3_squeeze,%function
+.align	5
+SHA3_squeeze:
+	.inst	0xd503233f			// paciasp
+	stp	x29,x30,[sp,#-48]!
+	add	x29,sp,#0
+	stp	x19,x20,[sp,#16]
+	stp	x21,x22,[sp,#32]
+
+	mov	$A_flat,x0			// put aside arguments
+	mov	$out,x1
+	mov	$len,x2
+	mov	$bsz,x3
+
+.Loop_squeeze:
+	ldr	x4,[x0],#8
+	cmp	$len,#8
+	blo	.Lsqueeze_tail
+#ifdef	__AARCH64EB__
+	rev	x4,x4
+#endif
+	str	x4,[$out],#8
+	subs	$len,$len,#8
+	beq	.Lsqueeze_done
+
+	subs	x3,x3,#8
+	bhi	.Loop_squeeze
+
+	mov	x0,$A_flat
+	bl	KeccakF1600
+	mov	x0,$A_flat
+	mov	x3,$bsz
+	b	.Loop_squeeze
+
+.align	4
+.Lsqueeze_tail:
+	strb	w4,[$out],#1
+	lsr	x4,x4,#8
+	subs	$len,$len,#1
+	beq	.Lsqueeze_done
+	strb	w4,[$out],#1
+	lsr	x4,x4,#8
+	subs	$len,$len,#1
+	beq	.Lsqueeze_done
+	strb	w4,[$out],#1
+	lsr	x4,x4,#8
+	subs	$len,$len,#1
+	beq	.Lsqueeze_done
+	strb	w4,[$out],#1
+	lsr	x4,x4,#8
+	subs	$len,$len,#1
+	beq	.Lsqueeze_done
+	strb	w4,[$out],#1
+	lsr	x4,x4,#8
+	subs	$len,$len,#1
+	beq	.Lsqueeze_done
+	strb	w4,[$out],#1
+	lsr	x4,x4,#8
+	subs	$len,$len,#1
+	beq	.Lsqueeze_done
+	strb	w4,[$out],#1
+
+.Lsqueeze_done:
+	ldp	x19,x20,[sp,#16]
+	ldp	x21,x22,[sp,#32]
+	ldp	x29,x30,[sp],#48
+	.inst	0xd50323bf			// autiasp
+	ret
+.size	SHA3_squeeze,.-SHA3_squeeze
+___
+}								}}}
+								{{{
+my @A = map([ "v".$_.".16b", "v".($_+1).".16b", "v".($_+2).".16b",
+                             "v".($_+3).".16b", "v".($_+4).".16b" ],
+            (0, 5, 10, 15, 20));
+
+my @C = map("v$_.16b", (25..31));
+
+$code.=<<___;
+.type	KeccakF1600_ce,%function
+.align	5
+KeccakF1600_ce:
+	mov	x9,#12
+	adr	x10,iotas
+	b	.Loop_ce
+.align	4
+.Loop_ce:
+___
+for($i=0; $i<2; $i++) {
+$code.=<<___;
+	////////////////////////////////////////////////// Theta
+	eor3	$C[0],$A[0][0],$A[1][0],$A[2][0]
+	eor3	$C[1],$A[0][1],$A[1][1],$A[2][1]
+	eor3	$C[2],$A[0][2],$A[1][2],$A[2][2]
+	eor3	$C[3],$A[0][3],$A[1][3],$A[2][3]
+	eor3	$C[4],$A[0][4],$A[1][4],$A[2][4]
+	eor3	$C[0],$C[0],   $A[3][0],$A[4][0]
+	eor3	$C[1],$C[1],   $A[3][1],$A[4][1]
+	eor3	$C[2],$C[2],   $A[3][2],$A[4][2]
+	eor3	$C[3],$C[3],   $A[3][3],$A[4][3]
+	eor3	$C[4],$C[4],   $A[3][4],$A[4][4]
+
+	rax1	$C[5],$C[0],$C[2]			// D[1]
+	rax1	$C[6],$C[1],$C[3]			// D[2]
+	rax1	$C[2],$C[2],$C[4]			// D[3]
+	rax1	$C[3],$C[3],$C[0]			// D[4]
+	rax1	$C[4],$C[4],$C[1]			// D[0]
+
+	////////////////////////////////////////////////// Theta+Rho+Pi
+	xar	$C[0],   $A[1][1],$C[5],#64-$rhotates[1][1]	// C[0]=A[0][1]
+	xar	$A[1][1],$A[1][4],$C[3],#64-$rhotates[1][4]
+	xar	$A[1][4],$A[4][2],$C[6],#64-$rhotates[4][2]
+	xar	$A[4][2],$A[2][4],$C[3],#64-$rhotates[2][4]
+	xar	$A[2][4],$A[4][0],$C[4],#64-$rhotates[4][0]
+
+	xar	$A[4][0],$A[0][2],$C[6],#64-$rhotates[0][2]
+
+	xar	$A[0][2],$A[2][2],$C[6],#64-$rhotates[2][2]
+	xar	$A[2][2],$A[2][3],$C[2],#64-$rhotates[2][3]
+	xar	$A[2][3],$A[3][4],$C[3],#64-$rhotates[3][4]
+	xar	$A[3][4],$A[4][3],$C[2],#64-$rhotates[4][3]
+	xar	$A[4][3],$A[3][0],$C[4],#64-$rhotates[3][0]
+
+	xar	$A[3][0],$A[0][4],$C[3],#64-$rhotates[0][4]
+
+	eor	$A[0][0],$A[0][0],$C[4]
+	ldr	x11,[x10],#8
+
+	xar	$C[1],   $A[3][3],$C[2],#64-$rhotates[3][3]	// C[1]=A[0][3]
+	xar	$A[3][3],$A[3][2],$C[6],#64-$rhotates[3][2]
+	xar	$A[3][2],$A[2][1],$C[5],#64-$rhotates[2][1]
+	xar	$A[2][1],$A[1][2],$C[6],#64-$rhotates[1][2]
+	xar	$A[1][2],$A[2][0],$C[4],#64-$rhotates[2][0]
+
+	xar	$A[2][0],$A[0][1],$C[5],#64-$rhotates[0][1]	// *
+
+	xar	$A[0][4],$A[4][4],$C[3],#64-$rhotates[4][4]
+	xar	$A[4][4],$A[4][1],$C[5],#64-$rhotates[4][1]
+	xar	$A[4][1],$A[1][3],$C[2],#64-$rhotates[1][3]
+	xar	$A[1][3],$A[3][1],$C[5],#64-$rhotates[3][1]
+	xar	$A[3][1],$A[1][0],$C[4],#64-$rhotates[1][0]
+
+	xar	$C[2],   $A[0][3],$C[2],#64-$rhotates[0][3]	// C[2]=A[1][0]
+
+	////////////////////////////////////////////////// Chi+Iota
+	dup	$C[6],x11				// borrow C[6]
+	bcax	$C[3],   $A[0][0],$A[0][2],$C[0]	// *
+	bcax	$A[0][1],$C[0],   $C[1],   $A[0][2]	// *
+	bcax	$A[0][2],$A[0][2],$A[0][4],$C[1]
+	bcax	$A[0][3],$C[1],   $A[0][0],$A[0][4]
+	bcax	$A[0][4],$A[0][4],$C[0],   $A[0][0]
+
+	bcax	$A[1][0],$C[2],   $A[1][2],$A[1][1]	// *
+	bcax	$C[0],   $A[1][1],$A[1][3],$A[1][2]	// *
+	bcax	$A[1][2],$A[1][2],$A[1][4],$A[1][3]
+	bcax	$A[1][3],$A[1][3],$C[2],   $A[1][4]
+	bcax	$A[1][4],$A[1][4],$A[1][1],$C[2]
+
+	eor	$A[0][0],$C[3],$C[6]			// Iota
+
+	bcax	$C[1],   $A[2][0],$A[2][2],$A[2][1]	// *
+	bcax	$C[2],   $A[2][1],$A[2][3],$A[2][2]	// *
+	bcax	$A[2][2],$A[2][2],$A[2][4],$A[2][3]
+	bcax	$A[2][3],$A[2][3],$A[2][0],$A[2][4]
+	bcax	$A[2][4],$A[2][4],$A[2][1],$A[2][0]
+
+	bcax	$C[3],   $A[3][0],$A[3][2],$A[3][1]	// *
+	bcax	$C[4],   $A[3][1],$A[3][3],$A[3][2]	// *
+	bcax	$A[3][2],$A[3][2],$A[3][4],$A[3][3]
+	bcax	$A[3][3],$A[3][3],$A[3][0],$A[3][4]
+	bcax	$A[3][4],$A[3][4],$A[3][1],$A[3][0]
+
+	bcax	$C[5],   $A[4][0],$A[4][2],$A[4][1]	// *
+	bcax	$C[6],   $A[4][1],$A[4][3],$A[4][2]	// *
+	bcax	$A[4][2],$A[4][2],$A[4][4],$A[4][3]
+	bcax	$A[4][3],$A[4][3],$A[4][0],$A[4][4]
+	bcax	$A[4][4],$A[4][4],$A[4][1],$A[4][0]
+___
+	(         $A[1][1],       $C[0]) = (      $C[0],          $A[1][1]);
+	($A[2][0],$A[2][1], $C[1],$C[2]) = ($C[1],$C[2], $A[2][0],$A[2][1]);
+	($A[3][0],$A[3][1], $C[3],$C[4]) = ($C[3],$C[4], $A[3][0],$A[3][1]);
+	($A[4][0],$A[4][1], $C[5],$C[6]) = ($C[5],$C[6], $A[4][0],$A[4][1]);
+}
+$code.=<<___;
+	subs	x9,x9,#1
+	bne	.Loop_ce
+
+	ret
+.size	KeccakF1600_ce,.-KeccakF1600_ce
+
+.type	KeccakF1600_cext,%function
+.align	5
+KeccakF1600_cext:
+	.inst	0xd503233f		// paciasp
+	stp	x29,x30,[sp,#-80]!
+	add	x29,sp,#0
+	stp	d8,d9,[sp,#16]		// per ABI requirement
+	stp	d10,d11,[sp,#32]
+	stp	d12,d13,[sp,#48]
+	stp	d14,d15,[sp,#64]
+___
+for($i=0; $i<24; $i+=2) {		# load A[5][5]
+my $j=$i+1;
+$code.=<<___;
+	ldp	d$i,d$j,[x0,#8*$i]
+___
+}
+$code.=<<___;
+	ldr	d24,[x0,#8*$i]
+	bl	KeccakF1600_ce
+	ldr	x30,[sp,#8]
+___
+for($i=0; $i<24; $i+=2) {		# store A[5][5]
+my $j=$i+1;
+$code.=<<___;
+	stp	d$i,d$j,[x0,#8*$i]
+___
+}
+$code.=<<___;
+	str	d24,[x0,#8*$i]
+
+	ldp	d8,d9,[sp,#16]
+	ldp	d10,d11,[sp,#32]
+	ldp	d12,d13,[sp,#48]
+	ldp	d14,d15,[sp,#64]
+	ldr	x29,[sp],#80
+	.inst	0xd50323bf		// autiasp
+	ret
+.size	KeccakF1600_cext,.-KeccakF1600_cext
+___
+
+{
+my ($ctx,$inp,$len,$bsz) = map("x$_",(0..3));
+
+$code.=<<___;
+.globl	SHA3_absorb_cext
+.type	SHA3_absorb_cext,%function
+.align	5
+SHA3_absorb_cext:
+	.inst	0xd503233f		// paciasp
+	stp	x29,x30,[sp,#-80]!
+	add	x29,sp,#0
+	stp	d8,d9,[sp,#16]		// per ABI requirement
+	stp	d10,d11,[sp,#32]
+	stp	d12,d13,[sp,#48]
+	stp	d14,d15,[sp,#64]
+___
+for($i=0; $i<24; $i+=2) {		# load A[5][5]
+my $j=$i+1;
+$code.=<<___;
+	ldp	d$i,d$j,[x0,#8*$i]
+___
+}
+$code.=<<___;
+	ldr	d24,[x0,#8*$i]
+	b	.Loop_absorb_ce
+
+.align	4
+.Loop_absorb_ce:
+	subs	$len,$len,$bsz		// len - bsz
+	blo	.Labsorbed_ce
+___
+for (my $i=0; $i<24; $i+=2) {
+my $j = $i+1;
+$code.=<<___;
+	ldr	d31,[$inp],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev64	v31.16b,v31.16b
+#endif
+	eor	$A[$i/5][$i%5],$A[$i/5][$i%5],v31.16b
+	cmp	$bsz,#8*($i+2)
+	blo	.Lprocess_block_ce
+	ldr	d31,[$inp],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev	v31.16b,v31.16b
+#endif
+	eor	$A[$j/5][$j%5],$A[$j/5][$j%5],v31.16b
+	beq	.Lprocess_block_ce
+___
+}
+$code.=<<___;
+	ldr	d31,[$inp],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev	v31.16b,v31.16b
+#endif
+	eor	$A[4][4],$A[4][4],v31.16b
+
+.Lprocess_block_ce:
+
+	bl	KeccakF1600_ce
+
+	b	.Loop_absorb_ce
+
+.align	4
+.Labsorbed_ce:
+___
+for($i=0; $i<24; $i+=2) {		# store A[5][5]
+my $j=$i+1;
+$code.=<<___;
+	stp	d$i,d$j,[x0,#8*$i]
+___
+}
+$code.=<<___;
+	str	d24,[x0,#8*$i]
+	add	x0,$len,$bsz		// return value
+
+	ldp	d8,d9,[sp,#16]
+	ldp	d10,d11,[sp,#32]
+	ldp	d12,d13,[sp,#48]
+	ldp	d14,d15,[sp,#64]
+	ldp	x29,x30,[sp],#80
+	.inst	0xd50323bf		// autiasp
+	ret
+.size	SHA3_absorb_cext,.-SHA3_absorb_cext
+___
+}
+{
+my ($ctx,$out,$len,$bsz) = map("x$_",(0..3));
+$code.=<<___;
+.globl	SHA3_squeeze_cext
+.type	SHA3_squeeze_cext,%function
+.align	5
+SHA3_squeeze_cext:
+	.inst	0xd503233f		// paciasp
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+	mov	x9,$ctx
+	mov	x10,$bsz
+
+.Loop_squeeze_ce:
+	ldr	x4,[x9],#8
+	cmp	$len,#8
+	blo	.Lsqueeze_tail_ce
+#ifdef	__AARCH64EB__
+	rev	x4,x4
+#endif
+	str	x4,[$out],#8
+	beq	.Lsqueeze_done_ce
+
+	sub	$len,$len,#8
+	subs	x10,x10,#8
+	bhi	.Loop_squeeze_ce
+
+	bl	KeccakF1600_cext
+	ldr	x30,[sp,#8]
+	mov	x9,$ctx
+	mov	x10,$bsz
+	b	.Loop_squeeze_ce
+
+.align	4
+.Lsqueeze_tail_ce:
+	strb	w4,[$out],#1
+	lsr	x4,x4,#8
+	subs	$len,$len,#1
+	beq	.Lsqueeze_done_ce
+	strb	w4,[$out],#1
+	lsr	x4,x4,#8
+	subs	$len,$len,#1
+	beq	.Lsqueeze_done_ce
+	strb	w4,[$out],#1
+	lsr	x4,x4,#8
+	subs	$len,$len,#1
+	beq	.Lsqueeze_done_ce
+	strb	w4,[$out],#1
+	lsr	x4,x4,#8
+	subs	$len,$len,#1
+	beq	.Lsqueeze_done_ce
+	strb	w4,[$out],#1
+	lsr	x4,x4,#8
+	subs	$len,$len,#1
+	beq	.Lsqueeze_done_ce
+	strb	w4,[$out],#1
+	lsr	x4,x4,#8
+	subs	$len,$len,#1
+	beq	.Lsqueeze_done_ce
+	strb	w4,[$out],#1
+
+.Lsqueeze_done_ce:
+	ldr	x29,[sp],#16
+	.inst	0xd50323bf		// autiasp
+	ret
+.size	SHA3_squeeze_cext,.-SHA3_squeeze_cext
+___
+}								}}}
+$code.=<<___;
+.asciz	"Keccak-1600 absorb and squeeze for ARMv8, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+{   my  %opcode = (
+	"rax1"	=> 0xce608c00,	"eor3"	=> 0xce000000,
+	"bcax"	=> 0xce200000,	"xar"	=> 0xce800000	);
+
+    sub unsha3 {
+	my ($mnemonic,$arg)=@_;
+
+	$arg =~ m/[qv]([0-9]+)[^,]*,\s*[qv]([0-9]+)[^,]*(?:,\s*[qv]([0-9]+)[^,]*(?:,\s*[qv#]([0-9\-]+))?)?/
+	&&
+	sprintf ".inst\t0x%08x\t//%s %s",
+			$opcode{$mnemonic}|$1|($2<<5)|($3<<16)|(eval($4)<<10),
+			$mnemonic,$arg;
+    }
+}
+
+foreach(split("\n",$code)) {
+
+	s/\`([^\`]*)\`/eval($1)/ge;
+
+	m/\bdup\b/ and s/\.16b/.2d/g	or
+	s/\b(eor3|rax1|xar|bcax)\s+(v.*)/unsha3($1,$2)/ge;
+
+	print $_,"\n";
+}
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-avx2.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-avx2.pl
new file mode 100755
index 000000000..d9fc1c59e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-avx2.pl
@@ -0,0 +1,482 @@
+#!/usr/bin/env perl
+# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# Keccak-1600 for AVX2.
+#
+# July 2017.
+#
+# To paraphrase Gilles Van Assche, if you contemplate Fig. 2.3 on page
+# 20 of The Keccak reference [or Fig. 5 of FIPS PUB 202], and load data
+# other than A[0][0] in magic order into 6 [256-bit] registers, *each
+# dedicated to one axis*, Pi permutation is reduced to intra-register
+# shuffles...
+#
+# It makes other steps more intricate, but overall, is it a win? To be
+# more specific index permutations organized by quadruples are:
+#
+#       [4][4] [3][3] [2][2] [1][1]<-+
+#       [0][4] [0][3] [0][2] [0][1]<-+
+#       [3][0] [1][0] [4][0] [2][0]  |
+#       [4][3] [3][1] [2][4] [1][2]  |
+#       [3][4] [1][3] [4][2] [2][1]  |
+#       [2][3] [4][1] [1][4] [3][2]  |
+#       [2][2] [4][4] [1][1] [3][3] -+
+#
+# This however is highly impractical for Theta and Chi. What would help
+# Theta is if x indices were aligned column-wise, or in other words:
+#
+#       [0][4] [0][3] [0][2] [0][1]
+#       [3][0] [1][0] [4][0] [2][0]
+#vpermq([4][3] [3][1] [2][4] [1][2], 0b01110010)
+#       [2][4] [4][3] [1][2] [3][1]
+#vpermq([4][2] [3][4] [2][1] [1][3], 0b10001101)
+#       [3][4] [1][3] [4][2] [2][1]
+#vpermq([2][3] [4][1] [1][4] [3][2], 0b01110010)
+#       [1][4] [2][3] [3][2] [4][1]
+#vpermq([1][1] [2][2] [3][3] [4][4], 0b00011011)
+#       [4][4] [3][3] [2][2] [1][1]
+#
+# So here we have it, lines not marked with vpermq() represent the magic
+# order in which data is to be loaded and maintained. [And lines marked
+# with vpermq() represent Pi circular permutation in chosen layout. Note
+# that first step is permutation-free.] A[0][0] is loaded to register of
+# its own, to all lanes. [A[0][0] is not part of Pi permutation or Rho.]
+# Digits in variables' names denote right-most coordinates:
+
+my ($A00,	# [0][0] [0][0] [0][0] [0][0]		# %ymm0
+    $A01,	# [0][4] [0][3] [0][2] [0][1]		# %ymm1
+    $A20,	# [3][0] [1][0] [4][0] [2][0]		# %ymm2
+    $A31,	# [2][4] [4][3] [1][2] [3][1]		# %ymm3
+    $A21,	# [3][4] [1][3] [4][2] [2][1]		# %ymm4
+    $A41,	# [1][4] [2][3] [3][2] [4][1]		# %ymm5
+    $A11) =	# [4][4] [3][3] [2][2] [1][1]		# %ymm6
+    map("%ymm$_",(0..6));
+
+# We also need to map the magic order into offsets within structure:
+
+my @A_jagged = ([0,0], [1,0], [1,1], [1,2], [1,3],	# [0][0..4]
+		[2,2], [6,0], [3,1], [4,2], [5,3],	# [1][0..4]
+		[2,0], [4,0], [6,1], [5,2], [3,3],	# [2][0..4]
+		[2,3], [3,0], [5,1], [6,2], [4,3],	# [3][0..4]
+		[2,1], [5,0], [4,1], [3,2], [6,3]);	# [4][0..4]
+   @A_jagged = map(8*($$_[0]*4+$$_[1]), @A_jagged);	# ... and now linear
+
+# But on the other hand Chi is much better off if y indices were aligned
+# column-wise, not x. For this reason we have to shuffle data prior
+# Chi and revert it afterwards. Prior shuffle is naturally merged with
+# Pi itself:
+#
+#       [0][4] [0][3] [0][2] [0][1]
+#       [3][0] [1][0] [4][0] [2][0]
+#vpermq([4][3] [3][1] [2][4] [1][2], 0b01110010)
+#vpermq([2][4] [4][3] [1][2] [3][1], 0b00011011) = 0b10001101
+#       [3][1] [1][2] [4][3] [2][4]
+#vpermq([4][2] [3][4] [2][1] [1][3], 0b10001101)
+#vpermq([3][4] [1][3] [4][2] [2][1], 0b11100100) = 0b10001101
+#       [3][4] [1][3] [4][2] [2][1]
+#vpermq([2][3] [4][1] [1][4] [3][2], 0b01110010)
+#vpermq([1][4] [2][3] [3][2] [4][1], 0b01110010) = 0b00011011
+#       [3][2] [1][4] [4][1] [2][3]
+#vpermq([1][1] [2][2] [3][3] [4][4], 0b00011011)
+#vpermq([4][4] [3][3] [2][2] [1][1], 0b10001101) = 0b01110010
+#       [3][3] [1][1] [4][4] [2][2]
+#
+# And reverse post-Chi permutation:
+#
+#       [0][4] [0][3] [0][2] [0][1]
+#       [3][0] [1][0] [4][0] [2][0]
+#vpermq([3][1] [1][2] [4][3] [2][4], 0b00011011)
+#       [2][4] [4][3] [1][2] [3][1]
+#vpermq([3][4] [1][3] [4][2] [2][1], 0b11100100) = nop :-)
+#       [3][4] [1][3] [4][2] [2][1]
+#vpermq([3][2] [1][4] [4][1] [2][3], 0b10001101)
+#       [1][4] [2][3] [3][2] [4][1]
+#vpermq([3][3] [1][1] [4][4] [2][2], 0b01110010)
+#       [4][4] [3][3] [2][2] [1][1]
+#
+########################################################################
+# Numbers are cycles per processed byte out of large message.
+#
+#			r=1088(*)
+#
+# Haswell		8.7/+10%
+# Skylake		7.8/+20%
+# Ryzen			17(**)
+#
+# (*)	Corresponds to SHA3-256. Percentage after slash is improvement
+#	coefficient in comparison to scalar keccak1600-x86_64.pl.
+# (**)	It's expected that Ryzen performs poorly, because instruction
+#	issue rate is limited to two AVX2 instructions per cycle and
+#	in addition vpblendd is reportedly bound to specific port.
+#	Obviously this code path should not be executed on Ryzen.
+
+my @T = map("%ymm$_",(7..15));
+my ($C14,$C00,$D00,$D14) = @T[5..8];
+
+$code.=<<___;
+.text
+
+.type	__KeccakF1600,\@function
+.align	32
+__KeccakF1600:
+	lea		rhotates_left+96(%rip),%r8
+	lea		rhotates_right+96(%rip),%r9
+	lea		iotas(%rip),%r10
+	mov		\$24,%eax
+	jmp		.Loop_avx2
+
+.align	32
+.Loop_avx2:
+	######################################### Theta
+	vpshufd		\$0b01001110,$A20,$C00
+	vpxor		$A31,$A41,$C14
+	vpxor		$A11,$A21,@T[2]
+	vpxor		$A01,$C14,$C14
+	vpxor		@T[2],$C14,$C14		# C[1..4]
+
+	vpermq		\$0b10010011,$C14,@T[4]
+	vpxor		$A20,$C00,$C00
+	vpermq		\$0b01001110,$C00,@T[0]
+
+	vpsrlq		\$63,$C14,@T[1]
+	vpaddq		$C14,$C14,@T[2]
+	vpor		@T[2],@T[1],@T[1]	# ROL64(C[1..4],1)
+
+	vpermq		\$0b00111001,@T[1],$D14
+	vpxor		@T[4],@T[1],$D00
+	vpermq		\$0b00000000,$D00,$D00	# D[0..0] = ROL64(C[1],1) ^ C[4]
+
+	vpxor		$A00,$C00,$C00
+	vpxor		@T[0],$C00,$C00		# C[0..0]
+
+	vpsrlq		\$63,$C00,@T[0]
+	vpaddq		$C00,$C00,@T[1]
+	vpor		@T[0],@T[1],@T[1]	# ROL64(C[0..0],1)
+
+	vpxor		$D00,$A20,$A20		# ^= D[0..0]
+	vpxor		$D00,$A00,$A00		# ^= D[0..0]
+
+	vpblendd	\$0b11000000,@T[1],$D14,$D14
+	vpblendd	\$0b00000011,$C00,@T[4],@T[4]
+	vpxor		@T[4],$D14,$D14		# D[1..4] = ROL64(C[2..4,0),1) ^ C[0..3]
+
+	######################################### Rho + Pi + pre-Chi shuffle
+	vpsllvq		0*32-96(%r8),$A20,@T[3]
+	vpsrlvq		0*32-96(%r9),$A20,$A20
+	vpor		@T[3],$A20,$A20
+
+	 vpxor		$D14,$A31,$A31		# ^= D[1..4] from Theta
+	vpsllvq		2*32-96(%r8),$A31,@T[4]
+	vpsrlvq		2*32-96(%r9),$A31,$A31
+	vpor		@T[4],$A31,$A31
+
+	 vpxor		$D14,$A21,$A21		# ^= D[1..4] from Theta
+	vpsllvq		3*32-96(%r8),$A21,@T[5]
+	vpsrlvq		3*32-96(%r9),$A21,$A21
+	vpor		@T[5],$A21,$A21
+
+	 vpxor		$D14,$A41,$A41		# ^= D[1..4] from Theta
+	vpsllvq		4*32-96(%r8),$A41,@T[6]
+	vpsrlvq		4*32-96(%r9),$A41,$A41
+	vpor		@T[6],$A41,$A41
+
+	 vpxor		$D14,$A11,$A11		# ^= D[1..4] from Theta
+	 vpermq		\$0b10001101,$A20,@T[3]	# $A20 -> future $A31
+	 vpermq		\$0b10001101,$A31,@T[4]	# $A31 -> future $A21
+	vpsllvq		5*32-96(%r8),$A11,@T[7]
+	vpsrlvq		5*32-96(%r9),$A11,@T[1]
+	vpor		@T[7],@T[1],@T[1]	# $A11 -> future $A01
+
+	 vpxor		$D14,$A01,$A01		# ^= D[1..4] from Theta
+	 vpermq		\$0b00011011,$A21,@T[5]	# $A21 -> future $A41
+	 vpermq		\$0b01110010,$A41,@T[6]	# $A41 -> future $A11
+	vpsllvq		1*32-96(%r8),$A01,@T[8]
+	vpsrlvq		1*32-96(%r9),$A01,@T[2]
+	vpor		@T[8],@T[2],@T[2]	# $A01 -> future $A20
+
+	######################################### Chi
+	vpsrldq		\$8,@T[1],@T[7]
+	vpandn		@T[7],@T[1],@T[0]	# tgting  [0][0] [0][0] [0][0] [0][0]
+
+	vpblendd	\$0b00001100,@T[6],@T[2],$A31	#               [4][4] [2][0]
+	vpblendd	\$0b00001100,@T[2],@T[4],@T[8]	#               [4][0] [2][1]
+	 vpblendd	\$0b00001100,@T[4],@T[3],$A41	#               [4][2] [2][4]
+	 vpblendd	\$0b00001100,@T[3],@T[2],@T[7]	#               [4][3] [2][0]
+	vpblendd	\$0b00110000,@T[4],$A31,$A31	#        [1][3] [4][4] [2][0]
+	vpblendd	\$0b00110000,@T[5],@T[8],@T[8]	#        [1][4] [4][0] [2][1]
+	 vpblendd	\$0b00110000,@T[2],$A41,$A41	#        [1][0] [4][2] [2][4]
+	 vpblendd	\$0b00110000,@T[6],@T[7],@T[7]	#        [1][1] [4][3] [2][0]
+	vpblendd	\$0b11000000,@T[5],$A31,$A31	# [3][2] [1][3] [4][4] [2][0]
+	vpblendd	\$0b11000000,@T[6],@T[8],@T[8]	# [3][3] [1][4] [4][0] [2][1]
+	 vpblendd	\$0b11000000,@T[6],$A41,$A41	# [3][3] [1][0] [4][2] [2][4]
+	 vpblendd	\$0b11000000,@T[4],@T[7],@T[7]	# [3][4] [1][1] [4][3] [2][0]
+	vpandn		@T[8],$A31,$A31		# tgting  [3][1] [1][2] [4][3] [2][4]
+	 vpandn		@T[7],$A41,$A41		# tgting  [3][2] [1][4] [4][1] [2][3]
+
+	vpblendd	\$0b00001100,@T[2],@T[5],$A11	#               [4][0] [2][3]
+	vpblendd	\$0b00001100,@T[5],@T[3],@T[8]	#               [4][1] [2][4]
+	 vpxor		@T[3],$A31,$A31
+	vpblendd	\$0b00110000,@T[3],$A11,$A11	#        [1][2] [4][0] [2][3]
+	vpblendd	\$0b00110000,@T[4],@T[8],@T[8]	#        [1][3] [4][1] [2][4]
+	 vpxor		@T[5],$A41,$A41
+	vpblendd	\$0b11000000,@T[4],$A11,$A11	# [3][4] [1][2] [4][0] [2][3]
+	vpblendd	\$0b11000000,@T[2],@T[8],@T[8]	# [3][0] [1][3] [4][1] [2][4]
+	vpandn		@T[8],$A11,$A11		# tgting  [3][3] [1][1] [4][4] [2][2]
+	vpxor		@T[6],$A11,$A11
+
+	  vpermq	\$0b00011110,@T[1],$A21		# [0][1] [0][2] [0][4] [0][3]
+	  vpblendd	\$0b00110000,$A00,$A21,@T[8]	# [0][1] [0][0] [0][4] [0][3]
+	  vpermq	\$0b00111001,@T[1],$A01		# [0][1] [0][4] [0][3] [0][2]
+	  vpblendd	\$0b11000000,$A00,$A01,$A01	# [0][0] [0][4] [0][3] [0][2]
+	  vpandn	@T[8],$A01,$A01		# tgting  [0][4] [0][3] [0][2] [0][1]
+
+	vpblendd	\$0b00001100,@T[5],@T[4],$A20	#               [4][1] [2][1]
+	vpblendd	\$0b00001100,@T[4],@T[6],@T[7]	#               [4][2] [2][2]
+	vpblendd	\$0b00110000,@T[6],$A20,$A20	#        [1][1] [4][1] [2][1]
+	vpblendd	\$0b00110000,@T[3],@T[7],@T[7]	#        [1][2] [4][2] [2][2]
+	vpblendd	\$0b11000000,@T[3],$A20,$A20	# [3][1] [1][1] [4][1] [2][1]
+	vpblendd	\$0b11000000,@T[5],@T[7],@T[7]	# [3][2] [1][2] [4][2] [2][2]
+	vpandn		@T[7],$A20,$A20		# tgting  [3][0] [1][0] [4][0] [2][0]
+	vpxor		@T[2],$A20,$A20
+
+	 vpermq		\$0b00000000,@T[0],@T[0]	# [0][0] [0][0] [0][0] [0][0]
+	 vpermq		\$0b00011011,$A31,$A31	# post-Chi shuffle
+	 vpermq		\$0b10001101,$A41,$A41
+	 vpermq		\$0b01110010,$A11,$A11
+
+	vpblendd	\$0b00001100,@T[3],@T[6],$A21	#               [4][3] [2][2]
+	vpblendd	\$0b00001100,@T[6],@T[5],@T[7]	#               [4][4] [2][3]
+	vpblendd	\$0b00110000,@T[5],$A21,$A21	#        [1][4] [4][3] [2][2]
+	vpblendd	\$0b00110000,@T[2],@T[7],@T[7]	#        [1][0] [4][4] [2][3]
+	vpblendd	\$0b11000000,@T[2],$A21,$A21	# [3][0] [1][4] [4][3] [2][2]
+	vpblendd	\$0b11000000,@T[3],@T[7],@T[7]	# [3][1] [1][0] [4][4] [2][3]
+	vpandn		@T[7],$A21,$A21		# tgting  [3][4] [1][3] [4][2] [2][1]
+
+	vpxor		@T[0],$A00,$A00
+	vpxor		@T[1],$A01,$A01
+	vpxor		@T[4],$A21,$A21
+
+	######################################### Iota
+	vpxor		(%r10),$A00,$A00
+	lea		32(%r10),%r10
+
+	dec		%eax
+	jnz		.Loop_avx2
+
+	ret
+.size	__KeccakF1600,.-__KeccakF1600
+___
+my ($A_flat,$inp,$len,$bsz) = ("%rdi","%rsi","%rdx","%rcx");
+my  $out = $inp;	# in squeeze
+
+$code.=<<___;
+.globl	SHA3_absorb
+.type	SHA3_absorb,\@function
+.align	32
+SHA3_absorb:
+	mov	%rsp,%r11
+
+	lea	-240(%rsp),%rsp
+	and	\$-32,%rsp
+
+	lea	96($A_flat),$A_flat
+	lea	96($inp),$inp
+	lea	96(%rsp),%r10
+
+	vzeroupper
+
+	vpbroadcastq	-96($A_flat),$A00	# load A[5][5]
+	vmovdqu		8+32*0-96($A_flat),$A01
+	vmovdqu		8+32*1-96($A_flat),$A20
+	vmovdqu		8+32*2-96($A_flat),$A31
+	vmovdqu		8+32*3-96($A_flat),$A21
+	vmovdqu		8+32*4-96($A_flat),$A41
+	vmovdqu		8+32*5-96($A_flat),$A11
+
+	vpxor		@T[0],@T[0],@T[0]
+	vmovdqa		@T[0],32*2-96(%r10)	# zero transfer area on stack
+	vmovdqa		@T[0],32*3-96(%r10)
+	vmovdqa		@T[0],32*4-96(%r10)
+	vmovdqa		@T[0],32*5-96(%r10)
+	vmovdqa		@T[0],32*6-96(%r10)
+
+.Loop_absorb_avx2:
+	mov		$bsz,%rax
+	sub		$bsz,$len
+	jc		.Ldone_absorb_avx2
+
+	shr		\$3,%eax
+	vpbroadcastq	0-96($inp),@T[0]
+	vmovdqu		8-96($inp),@T[1]
+	sub		\$4,%eax
+___
+for(my $i=5; $i<25; $i++) {
+$code.=<<___
+	dec	%eax
+	jz	.Labsorved_avx2
+	mov	8*$i-96($inp),%r8
+	mov	%r8,$A_jagged[$i]-96(%r10)
+___
+}
+$code.=<<___;
+.Labsorved_avx2:
+	lea	($inp,$bsz),$inp
+
+	vpxor	@T[0],$A00,$A00
+	vpxor	@T[1],$A01,$A01
+	vpxor	32*2-96(%r10),$A20,$A20
+	vpxor	32*3-96(%r10),$A31,$A31
+	vpxor	32*4-96(%r10),$A21,$A21
+	vpxor	32*5-96(%r10),$A41,$A41
+	vpxor	32*6-96(%r10),$A11,$A11
+
+	call	__KeccakF1600
+
+	lea	96(%rsp),%r10
+	jmp	.Loop_absorb_avx2
+
+.Ldone_absorb_avx2:
+	vmovq	%xmm0,-96($A_flat)
+	vmovdqu	$A01,8+32*0-96($A_flat)
+	vmovdqu	$A20,8+32*1-96($A_flat)
+	vmovdqu	$A31,8+32*2-96($A_flat)
+	vmovdqu	$A21,8+32*3-96($A_flat)
+	vmovdqu	$A41,8+32*4-96($A_flat)
+	vmovdqu	$A11,8+32*5-96($A_flat)
+
+	vzeroupper
+
+	lea	(%r11),%rsp
+	lea	($len,$bsz),%rax		# return value
+	ret
+.size	SHA3_absorb,.-SHA3_absorb
+
+.globl	SHA3_squeeze
+.type	SHA3_squeeze,\@function
+.align	32
+SHA3_squeeze:
+	mov	%rsp,%r11
+
+	lea	96($A_flat),$A_flat
+	shr	\$3,$bsz
+
+	vzeroupper
+
+	vpbroadcastq	-96($A_flat),$A00
+	vpxor		@T[0],@T[0],@T[0]
+	vmovdqu		8+32*0-96($A_flat),$A01
+	vmovdqu		8+32*1-96($A_flat),$A20
+	vmovdqu		8+32*2-96($A_flat),$A31
+	vmovdqu		8+32*3-96($A_flat),$A21
+	vmovdqu		8+32*4-96($A_flat),$A41
+	vmovdqu		8+32*5-96($A_flat),$A11
+
+	mov	$bsz,%rax
+
+.Loop_squeeze_avx2:
+	mov	@A_jagged[$i]-96($A_flat),%r8
+___
+for (my $i=0; $i<25; $i++) {
+$code.=<<___;
+	sub	\$8,$len
+	jc	.Ltail_squeeze_avx2
+	mov	%r8,($out)
+	lea	8($out),$out
+	je	.Ldone_squeeze_avx2
+	dec	%eax
+	je	.Lextend_output_avx2
+	mov	@A_jagged[$i+1]-120($A_flat),%r8
+___
+}
+$code.=<<___;
+.Lextend_output_avx2:
+	call	__KeccakF1600
+
+	vmovq	%xmm0,-96($A_flat)
+	vmovdqu	$A01,8+32*0-96($A_flat)
+	vmovdqu	$A20,8+32*1-96($A_flat)
+	vmovdqu	$A31,8+32*2-96($A_flat)
+	vmovdqu	$A21,8+32*3-96($A_flat)
+	vmovdqu	$A41,8+32*4-96($A_flat)
+	vmovdqu	$A11,8+32*5-96($A_flat)
+
+	mov	$bsz,%rax
+	jmp	.Loop_squeeze_avx2
+
+
+.Ltail_squeeze_avx2:
+	add	\$8,$len
+.Loop_tail_avx2:
+	mov	%r8b,($out)
+	lea	1($out),$out
+	shr	\$8,%r8
+	dec	$len
+	jnz	.Loop_tail_avx2
+
+.Ldone_squeeze_avx2:
+	vzeroupper
+
+	lea	(%r11),%rsp
+	ret
+.size	SHA3_squeeze,.-SHA3_squeeze
+
+.align	64
+rhotates_left:
+	.quad	3,	18,	36,	41	# [2][0] [4][0] [1][0] [3][0]
+	.quad	1,	62,	28,	27	# [0][1] [0][2] [0][3] [0][4]
+	.quad	45,	6,	56,	39	# [3][1] [1][2] [4][3] [2][4]
+	.quad	10,	61,	55,	8	# [2][1] [4][2] [1][3] [3][4]
+	.quad	2,	15,	25,	20	# [4][1] [3][2] [2][3] [1][4]
+	.quad	44,	43,	21,	14	# [1][1] [2][2] [3][3] [4][4]
+rhotates_right:
+	.quad	64-3,	64-18,	64-36,	64-41
+	.quad	64-1,	64-62,	64-28,	64-27
+	.quad	64-45,	64-6,	64-56,	64-39
+	.quad	64-10,	64-61,	64-55,	64-8
+	.quad	64-2,	64-15,	64-25,	64-20
+	.quad	64-44,	64-43,	64-21,	64-14
+iotas:
+	.quad	0x0000000000000001, 0x0000000000000001, 0x0000000000000001, 0x0000000000000001
+	.quad	0x0000000000008082, 0x0000000000008082, 0x0000000000008082, 0x0000000000008082
+	.quad	0x800000000000808a, 0x800000000000808a, 0x800000000000808a, 0x800000000000808a
+	.quad	0x8000000080008000, 0x8000000080008000, 0x8000000080008000, 0x8000000080008000
+	.quad	0x000000000000808b, 0x000000000000808b, 0x000000000000808b, 0x000000000000808b
+	.quad	0x0000000080000001, 0x0000000080000001, 0x0000000080000001, 0x0000000080000001
+	.quad	0x8000000080008081, 0x8000000080008081, 0x8000000080008081, 0x8000000080008081
+	.quad	0x8000000000008009, 0x8000000000008009, 0x8000000000008009, 0x8000000000008009
+	.quad	0x000000000000008a, 0x000000000000008a, 0x000000000000008a, 0x000000000000008a
+	.quad	0x0000000000000088, 0x0000000000000088, 0x0000000000000088, 0x0000000000000088
+	.quad	0x0000000080008009, 0x0000000080008009, 0x0000000080008009, 0x0000000080008009
+	.quad	0x000000008000000a, 0x000000008000000a, 0x000000008000000a, 0x000000008000000a
+	.quad	0x000000008000808b, 0x000000008000808b, 0x000000008000808b, 0x000000008000808b
+	.quad	0x800000000000008b, 0x800000000000008b, 0x800000000000008b, 0x800000000000008b
+	.quad	0x8000000000008089, 0x8000000000008089, 0x8000000000008089, 0x8000000000008089
+	.quad	0x8000000000008003, 0x8000000000008003, 0x8000000000008003, 0x8000000000008003
+	.quad	0x8000000000008002, 0x8000000000008002, 0x8000000000008002, 0x8000000000008002
+	.quad	0x8000000000000080, 0x8000000000000080, 0x8000000000000080, 0x8000000000000080
+	.quad	0x000000000000800a, 0x000000000000800a, 0x000000000000800a, 0x000000000000800a
+	.quad	0x800000008000000a, 0x800000008000000a, 0x800000008000000a, 0x800000008000000a
+	.quad	0x8000000080008081, 0x8000000080008081, 0x8000000080008081, 0x8000000080008081
+	.quad	0x8000000000008080, 0x8000000000008080, 0x8000000000008080, 0x8000000000008080
+	.quad	0x0000000080000001, 0x0000000080000001, 0x0000000080000001, 0x0000000080000001
+	.quad	0x8000000080008008, 0x8000000080008008, 0x8000000080008008, 0x8000000080008008
+
+.asciz	"Keccak-1600 absorb and squeeze for AVX2, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+$output=pop;
+open STDOUT,">$output";
+print $code;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-avx512.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-avx512.pl
new file mode 100755
index 000000000..9074ff02d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-avx512.pl
@@ -0,0 +1,551 @@
+#!/usr/bin/env perl
+# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# Keccak-1600 for AVX-512F.
+#
+# July 2017.
+#
+# Below code is KECCAK_1X_ALT implementation (see sha/keccak1600.c).
+# Pretty straightforward, the only "magic" is data layout in registers.
+# It's impossible to have one that is optimal for every step, hence
+# it's changing as algorithm progresses. Data is saved in linear order,
+# but in-register order morphs between rounds. Even rounds take in
+# linear layout, and odd rounds - transposed, or "verticaly-shaped"...
+#
+########################################################################
+# Numbers are cycles per processed byte out of large message.
+#
+#			r=1088(*)
+#
+# Knights Landing	7.6
+# Skylake-X		5.7
+#
+# (*)	Corresponds to SHA3-256.
+
+########################################################################
+# Below code is combination of two ideas. One is taken from Keccak Code
+# Package, hereafter KCP, and another one from initial version of this
+# module. What is common is observation that Pi's input and output are
+# "mostly transposed", i.e. if input is aligned by x coordinate, then
+# output is [mostly] aligned by y. Both versions, KCP and predecessor,
+# were trying to use one of them from round to round, which resulted in
+# some kind of transposition in each round. This version still does
+# transpose data, but only every second round. Another essential factor
+# is that KCP transposition has to be performed with instructions that
+# turned to be rather expensive on Knights Landing, both latency- and
+# throughput-wise. Not to mention that some of them have to depend on
+# each other. On the other hand initial version of this module was
+# relying heavily on blend instructions. There were lots of them,
+# resulting in higher instruction count, yet it performed better on
+# Knights Landing, because processor can execute pair of them each
+# cycle and they have minimal latency. This module is an attempt to
+# bring best parts together:-)
+#
+# Coordinates below correspond to those in sha/keccak1600.c. Input
+# layout is straight linear:
+#
+# [0][4] [0][3] [0][2] [0][1] [0][0]
+# [1][4] [1][3] [1][2] [1][1] [1][0]
+# [2][4] [2][3] [2][2] [2][1] [2][0]
+# [3][4] [3][3] [3][2] [3][1] [3][0]
+# [4][4] [4][3] [4][2] [4][1] [4][0]
+#
+# It's perfect for Theta, while Pi is reduced to intra-register
+# permutations which yield layout perfect for Chi:
+#
+# [4][0] [3][0] [2][0] [1][0] [0][0]
+# [4][1] [3][1] [2][1] [1][1] [0][1]
+# [4][2] [3][2] [2][2] [1][2] [0][2]
+# [4][3] [3][3] [2][3] [1][3] [0][3]
+# [4][4] [3][4] [2][4] [1][4] [0][4]
+#
+# Now instead of performing full transposition and feeding it to next
+# identical round, we perform kind of diagonal transposition to layout
+# from initial version of this module, and make it suitable for Theta:
+#
+# [4][4] [3][3] [2][2] [1][1] [0][0]>4.3.2.1.0>[4][4] [3][3] [2][2] [1][1] [0][0]
+# [4][0] [3][4] [2][3] [1][2] [0][1]>3.2.1.0.4>[3][4] [2][3] [1][2] [0][1] [4][0]
+# [4][1] [3][0] [2][4] [1][3] [0][2]>2.1.0.4.3>[2][4] [1][3] [0][2] [4][1] [3][0]
+# [4][2] [3][1] [2][0] [1][4] [0][3]>1.0.4.3.2>[1][4] [0][3] [4][2] [3][1] [2][0]
+# [4][3] [3][2] [2][1] [1][0] [0][4]>0.4.3.2.1>[0][4] [4][3] [3][2] [2][1] [1][0]
+#
+# Now intra-register permutations yield initial [almost] straight
+# linear layout:
+#
+# [4][4] [3][3] [2][2] [1][1] [0][0]
+##[0][4] [0][3] [0][2] [0][1] [0][0]
+# [3][4] [2][3] [1][2] [0][1] [4][0]
+##[2][3] [2][2] [2][1] [2][0] [2][4]
+# [2][4] [1][3] [0][2] [4][1] [3][0]
+##[4][2] [4][1] [4][0] [4][4] [4][3]
+# [1][4] [0][3] [4][2] [3][1] [2][0]
+##[1][1] [1][0] [1][4] [1][3] [1][2]
+# [0][4] [4][3] [3][2] [2][1] [1][0]
+##[3][0] [3][4] [3][3] [3][2] [3][1]
+#
+# This means that odd round Chi is performed in less suitable layout,
+# with a number of additional permutations. But overall it turned to be
+# a win. Permutations are fastest possible on Knights Landing and they
+# are laid down to be independent of each other. In the essence I traded
+# 20 blend instructions for 3 permutations. The result is 13% faster
+# than KCP on Skylake-X, and >40% on Knights Landing.
+#
+# As implied, data is loaded in straight linear order. Digits in
+# variables' names represent coordinates of right-most element of
+# loaded data chunk:
+
+my ($A00,	# [0][4] [0][3] [0][2] [0][1] [0][0]
+    $A10,	# [1][4] [1][3] [1][2] [1][1] [1][0]
+    $A20,	# [2][4] [2][3] [2][2] [2][1] [2][0]
+    $A30,	# [3][4] [3][3] [3][2] [3][1] [3][0]
+    $A40) =	# [4][4] [4][3] [4][2] [4][1] [4][0]
+    map("%zmm$_",(0..4));
+
+# We also need to map the magic order into offsets within structure:
+
+my @A_jagged = ([0,0], [0,1], [0,2], [0,3], [0,4],
+		[1,0], [1,1], [1,2], [1,3], [1,4],
+		[2,0], [2,1], [2,2], [2,3], [2,4],
+		[3,0], [3,1], [3,2], [3,3], [3,4],
+		[4,0], [4,1], [4,2], [4,3], [4,4]);
+   @A_jagged = map(8*($$_[0]*8+$$_[1]), @A_jagged);	# ... and now linear
+
+my @T        = map("%zmm$_",(5..12));
+my @Theta    = map("%zmm$_",(33,13..16));	# invalid @Theta[0] is not typo
+my @Pi0      = map("%zmm$_",(17..21));
+my @Rhotate0 = map("%zmm$_",(22..26));
+my @Rhotate1 = map("%zmm$_",(27..31));
+
+my ($C00,$D00) = @T[0..1];
+my ($k00001,$k00010,$k00100,$k01000,$k10000,$k11111) = map("%k$_",(1..6));
+
+$code.=<<___;
+.text
+
+.type	__KeccakF1600,\@function
+.align	32
+__KeccakF1600:
+	lea		iotas(%rip),%r10
+	mov		\$12,%eax
+	jmp		.Loop_avx512
+
+.align	32
+.Loop_avx512:
+	######################################### Theta, even round
+	vmovdqa64	$A00,@T[0]		# put aside original A00
+	vpternlogq	\$0x96,$A20,$A10,$A00	# and use it as "C00"
+	vpternlogq	\$0x96,$A40,$A30,$A00
+
+	vprolq		\$1,$A00,$D00
+	vpermq		$A00,@Theta[1],$A00
+	vpermq		$D00,@Theta[4],$D00
+
+	vpternlogq	\$0x96,$A00,$D00,@T[0]	# T[0] is original A00
+	vpternlogq	\$0x96,$A00,$D00,$A10
+	vpternlogq	\$0x96,$A00,$D00,$A20
+	vpternlogq	\$0x96,$A00,$D00,$A30
+	vpternlogq	\$0x96,$A00,$D00,$A40
+
+	######################################### Rho
+	vprolvq		@Rhotate0[0],@T[0],$A00	# T[0] is original A00
+	vprolvq		@Rhotate0[1],$A10,$A10
+	vprolvq		@Rhotate0[2],$A20,$A20
+	vprolvq		@Rhotate0[3],$A30,$A30
+	vprolvq		@Rhotate0[4],$A40,$A40
+
+	######################################### Pi
+	vpermq		$A00,@Pi0[0],$A00
+	vpermq		$A10,@Pi0[1],$A10
+	vpermq		$A20,@Pi0[2],$A20
+	vpermq		$A30,@Pi0[3],$A30
+	vpermq		$A40,@Pi0[4],$A40
+
+	######################################### Chi
+	vmovdqa64	$A00,@T[0]
+	vmovdqa64	$A10,@T[1]
+	vpternlogq	\$0xD2,$A20,$A10,$A00
+	vpternlogq	\$0xD2,$A30,$A20,$A10
+	vpternlogq	\$0xD2,$A40,$A30,$A20
+	vpternlogq	\$0xD2,@T[0],$A40,$A30
+	vpternlogq	\$0xD2,@T[1],@T[0],$A40
+
+	######################################### Iota
+	vpxorq		(%r10),$A00,${A00}{$k00001}
+	lea		16(%r10),%r10
+
+	######################################### Harmonize rounds
+	vpblendmq	$A20,$A10,@{T[1]}{$k00010}
+	vpblendmq	$A30,$A20,@{T[2]}{$k00010}
+	vpblendmq	$A40,$A30,@{T[3]}{$k00010}
+	 vpblendmq	$A10,$A00,@{T[0]}{$k00010}
+	vpblendmq	$A00,$A40,@{T[4]}{$k00010}
+
+	vpblendmq	$A30,@T[1],@{T[1]}{$k00100}
+	vpblendmq	$A40,@T[2],@{T[2]}{$k00100}
+	 vpblendmq	$A20,@T[0],@{T[0]}{$k00100}
+	vpblendmq	$A00,@T[3],@{T[3]}{$k00100}
+	vpblendmq	$A10,@T[4],@{T[4]}{$k00100}
+
+	vpblendmq	$A40,@T[1],@{T[1]}{$k01000}
+	 vpblendmq	$A30,@T[0],@{T[0]}{$k01000}
+	vpblendmq	$A00,@T[2],@{T[2]}{$k01000}
+	vpblendmq	$A10,@T[3],@{T[3]}{$k01000}
+	vpblendmq	$A20,@T[4],@{T[4]}{$k01000}
+
+	vpblendmq	$A40,@T[0],@{T[0]}{$k10000}
+	vpblendmq	$A00,@T[1],@{T[1]}{$k10000}
+	vpblendmq	$A10,@T[2],@{T[2]}{$k10000}
+	vpblendmq	$A20,@T[3],@{T[3]}{$k10000}
+	vpblendmq	$A30,@T[4],@{T[4]}{$k10000}
+
+	#vpermq		@T[0],@Theta[0],$A00	# doesn't actually change order
+	vpermq		@T[1],@Theta[1],$A10
+	vpermq		@T[2],@Theta[2],$A20
+	vpermq		@T[3],@Theta[3],$A30
+	vpermq		@T[4],@Theta[4],$A40
+
+	######################################### Theta, odd round
+	vmovdqa64	$T[0],$A00		# real A00
+	vpternlogq	\$0x96,$A20,$A10,$C00	# C00 is @T[0]'s alias
+	vpternlogq	\$0x96,$A40,$A30,$C00
+
+	vprolq		\$1,$C00,$D00
+	vpermq		$C00,@Theta[1],$C00
+	vpermq		$D00,@Theta[4],$D00
+
+	vpternlogq	\$0x96,$C00,$D00,$A00
+	vpternlogq	\$0x96,$C00,$D00,$A30
+	vpternlogq	\$0x96,$C00,$D00,$A10
+	vpternlogq	\$0x96,$C00,$D00,$A40
+	vpternlogq	\$0x96,$C00,$D00,$A20
+
+	######################################### Rho
+	vprolvq		@Rhotate1[0],$A00,$A00
+	vprolvq		@Rhotate1[3],$A30,@T[1]
+	vprolvq		@Rhotate1[1],$A10,@T[2]
+	vprolvq		@Rhotate1[4],$A40,@T[3]
+	vprolvq		@Rhotate1[2],$A20,@T[4]
+
+	 vpermq		$A00,@Theta[4],@T[5]
+	 vpermq		$A00,@Theta[3],@T[6]
+
+	######################################### Iota
+	vpxorq		-8(%r10),$A00,${A00}{$k00001}
+
+	######################################### Pi
+	vpermq		@T[1],@Theta[2],$A10
+	vpermq		@T[2],@Theta[4],$A20
+	vpermq		@T[3],@Theta[1],$A30
+	vpermq		@T[4],@Theta[3],$A40
+
+	######################################### Chi
+	vpternlogq	\$0xD2,@T[6],@T[5],$A00
+
+	vpermq		@T[1],@Theta[1],@T[7]
+	#vpermq		@T[1],@Theta[0],@T[1]
+	vpternlogq	\$0xD2,@T[1],@T[7],$A10
+
+	vpermq		@T[2],@Theta[3],@T[0]
+	vpermq		@T[2],@Theta[2],@T[2]
+	vpternlogq	\$0xD2,@T[2],@T[0],$A20
+
+	#vpermq		@T[3],@Theta[0],@T[3]
+	vpermq		@T[3],@Theta[4],@T[1]
+	vpternlogq	\$0xD2,@T[1],@T[3],$A30
+
+	vpermq		@T[4],@Theta[2],@T[0]
+	vpermq		@T[4],@Theta[1],@T[4]
+	vpternlogq	\$0xD2,@T[4],@T[0],$A40
+
+	dec		%eax
+	jnz		.Loop_avx512
+
+	ret
+.size	__KeccakF1600,.-__KeccakF1600
+___
+
+my ($A_flat,$inp,$len,$bsz) = ("%rdi","%rsi","%rdx","%rcx");
+my  $out = $inp;	# in squeeze
+
+$code.=<<___;
+.globl	SHA3_absorb
+.type	SHA3_absorb,\@function
+.align	32
+SHA3_absorb:
+	mov	%rsp,%r11
+
+	lea	-320(%rsp),%rsp
+	and	\$-64,%rsp
+
+	lea	96($A_flat),$A_flat
+	lea	96($inp),$inp
+	lea	128(%rsp),%r9
+
+	lea		theta_perm(%rip),%r8
+
+	kxnorw		$k11111,$k11111,$k11111
+	kshiftrw	\$15,$k11111,$k00001
+	kshiftrw	\$11,$k11111,$k11111
+	kshiftlw	\$1,$k00001,$k00010
+	kshiftlw	\$2,$k00001,$k00100
+	kshiftlw	\$3,$k00001,$k01000
+	kshiftlw	\$4,$k00001,$k10000
+
+	#vmovdqa64	64*0(%r8),@Theta[0]
+	vmovdqa64	64*1(%r8),@Theta[1]
+	vmovdqa64	64*2(%r8),@Theta[2]
+	vmovdqa64	64*3(%r8),@Theta[3]
+	vmovdqa64	64*4(%r8),@Theta[4]
+
+	vmovdqa64	64*5(%r8),@Rhotate1[0]
+	vmovdqa64	64*6(%r8),@Rhotate1[1]
+	vmovdqa64	64*7(%r8),@Rhotate1[2]
+	vmovdqa64	64*8(%r8),@Rhotate1[3]
+	vmovdqa64	64*9(%r8),@Rhotate1[4]
+
+	vmovdqa64	64*10(%r8),@Rhotate0[0]
+	vmovdqa64	64*11(%r8),@Rhotate0[1]
+	vmovdqa64	64*12(%r8),@Rhotate0[2]
+	vmovdqa64	64*13(%r8),@Rhotate0[3]
+	vmovdqa64	64*14(%r8),@Rhotate0[4]
+
+	vmovdqa64	64*15(%r8),@Pi0[0]
+	vmovdqa64	64*16(%r8),@Pi0[1]
+	vmovdqa64	64*17(%r8),@Pi0[2]
+	vmovdqa64	64*18(%r8),@Pi0[3]
+	vmovdqa64	64*19(%r8),@Pi0[4]
+
+	vmovdqu64	40*0-96($A_flat),${A00}{$k11111}{z}
+	vpxorq		@T[0],@T[0],@T[0]
+	vmovdqu64	40*1-96($A_flat),${A10}{$k11111}{z}
+	vmovdqu64	40*2-96($A_flat),${A20}{$k11111}{z}
+	vmovdqu64	40*3-96($A_flat),${A30}{$k11111}{z}
+	vmovdqu64	40*4-96($A_flat),${A40}{$k11111}{z}
+
+	vmovdqa64	@T[0],0*64-128(%r9)	# zero transfer area on stack
+	vmovdqa64	@T[0],1*64-128(%r9)
+	vmovdqa64	@T[0],2*64-128(%r9)
+	vmovdqa64	@T[0],3*64-128(%r9)
+	vmovdqa64	@T[0],4*64-128(%r9)
+	jmp		.Loop_absorb_avx512
+
+.align	32
+.Loop_absorb_avx512:
+	mov		$bsz,%rax
+	sub		$bsz,$len
+	jc		.Ldone_absorb_avx512
+
+	shr		\$3,%eax
+___
+for(my $i=0; $i<25; $i++) {
+$code.=<<___
+	mov	8*$i-96($inp),%r8
+	mov	%r8,$A_jagged[$i]-128(%r9)
+	dec	%eax
+	jz	.Labsorved_avx512
+___
+}
+$code.=<<___;
+.Labsorved_avx512:
+	lea	($inp,$bsz),$inp
+
+	vpxorq	64*0-128(%r9),$A00,$A00
+	vpxorq	64*1-128(%r9),$A10,$A10
+	vpxorq	64*2-128(%r9),$A20,$A20
+	vpxorq	64*3-128(%r9),$A30,$A30
+	vpxorq	64*4-128(%r9),$A40,$A40
+
+	call	__KeccakF1600
+
+	jmp	.Loop_absorb_avx512
+
+.align	32
+.Ldone_absorb_avx512:
+	vmovdqu64	$A00,40*0-96($A_flat){$k11111}
+	vmovdqu64	$A10,40*1-96($A_flat){$k11111}
+	vmovdqu64	$A20,40*2-96($A_flat){$k11111}
+	vmovdqu64	$A30,40*3-96($A_flat){$k11111}
+	vmovdqu64	$A40,40*4-96($A_flat){$k11111}
+
+	vzeroupper
+
+	lea	(%r11),%rsp
+	lea	($len,$bsz),%rax		# return value
+	ret
+.size	SHA3_absorb,.-SHA3_absorb
+
+.globl	SHA3_squeeze
+.type	SHA3_squeeze,\@function
+.align	32
+SHA3_squeeze:
+	mov	%rsp,%r11
+
+	lea	96($A_flat),$A_flat
+	cmp	$bsz,$len
+	jbe	.Lno_output_extension_avx512
+
+	lea		theta_perm(%rip),%r8
+
+	kxnorw		$k11111,$k11111,$k11111
+	kshiftrw	\$15,$k11111,$k00001
+	kshiftrw	\$11,$k11111,$k11111
+	kshiftlw	\$1,$k00001,$k00010
+	kshiftlw	\$2,$k00001,$k00100
+	kshiftlw	\$3,$k00001,$k01000
+	kshiftlw	\$4,$k00001,$k10000
+
+	#vmovdqa64	64*0(%r8),@Theta[0]
+	vmovdqa64	64*1(%r8),@Theta[1]
+	vmovdqa64	64*2(%r8),@Theta[2]
+	vmovdqa64	64*3(%r8),@Theta[3]
+	vmovdqa64	64*4(%r8),@Theta[4]
+
+	vmovdqa64	64*5(%r8),@Rhotate1[0]
+	vmovdqa64	64*6(%r8),@Rhotate1[1]
+	vmovdqa64	64*7(%r8),@Rhotate1[2]
+	vmovdqa64	64*8(%r8),@Rhotate1[3]
+	vmovdqa64	64*9(%r8),@Rhotate1[4]
+
+	vmovdqa64	64*10(%r8),@Rhotate0[0]
+	vmovdqa64	64*11(%r8),@Rhotate0[1]
+	vmovdqa64	64*12(%r8),@Rhotate0[2]
+	vmovdqa64	64*13(%r8),@Rhotate0[3]
+	vmovdqa64	64*14(%r8),@Rhotate0[4]
+
+	vmovdqa64	64*15(%r8),@Pi0[0]
+	vmovdqa64	64*16(%r8),@Pi0[1]
+	vmovdqa64	64*17(%r8),@Pi0[2]
+	vmovdqa64	64*18(%r8),@Pi0[3]
+	vmovdqa64	64*19(%r8),@Pi0[4]
+
+	vmovdqu64	40*0-96($A_flat),${A00}{$k11111}{z}
+	vmovdqu64	40*1-96($A_flat),${A10}{$k11111}{z}
+	vmovdqu64	40*2-96($A_flat),${A20}{$k11111}{z}
+	vmovdqu64	40*3-96($A_flat),${A30}{$k11111}{z}
+	vmovdqu64	40*4-96($A_flat),${A40}{$k11111}{z}
+
+.Lno_output_extension_avx512:
+	shr	\$3,$bsz
+	lea	-96($A_flat),%r9
+	mov	$bsz,%rax
+	jmp	.Loop_squeeze_avx512
+
+.align	32
+.Loop_squeeze_avx512:
+	cmp	\$8,$len
+	jb	.Ltail_squeeze_avx512
+
+	mov	(%r9),%r8
+	lea	8(%r9),%r9
+	mov	%r8,($out)
+	lea	8($out),$out
+	sub	\$8,$len		# len -= 8
+	jz	.Ldone_squeeze_avx512
+
+	sub	\$1,%rax		# bsz--
+	jnz	.Loop_squeeze_avx512
+
+	#vpermq		@Theta[4],@Theta[4],@Theta[3]
+	#vpermq		@Theta[3],@Theta[4],@Theta[2]
+	#vpermq		@Theta[3],@Theta[3],@Theta[1]
+
+	call		__KeccakF1600
+
+	vmovdqu64	$A00,40*0-96($A_flat){$k11111}
+	vmovdqu64	$A10,40*1-96($A_flat){$k11111}
+	vmovdqu64	$A20,40*2-96($A_flat){$k11111}
+	vmovdqu64	$A30,40*3-96($A_flat){$k11111}
+	vmovdqu64	$A40,40*4-96($A_flat){$k11111}
+
+	lea	-96($A_flat),%r9
+	mov	$bsz,%rax
+	jmp	.Loop_squeeze_avx512
+
+.Ltail_squeeze_avx512:
+	mov	$out,%rdi
+	mov	%r9,%rsi
+	mov	$len,%rcx
+	.byte	0xf3,0xa4		# rep movsb
+
+.Ldone_squeeze_avx512:
+	vzeroupper
+
+	lea	(%r11),%rsp
+	ret
+.size	SHA3_squeeze,.-SHA3_squeeze
+
+.align	64
+theta_perm:
+	.quad	0, 1, 2, 3, 4, 5, 6, 7		# [not used]
+	.quad	4, 0, 1, 2, 3, 5, 6, 7
+	.quad	3, 4, 0, 1, 2, 5, 6, 7
+	.quad	2, 3, 4, 0, 1, 5, 6, 7
+	.quad	1, 2, 3, 4, 0, 5, 6, 7
+
+rhotates1:
+	.quad	0,  44, 43, 21, 14, 0, 0, 0	# [0][0] [1][1] [2][2] [3][3] [4][4]
+	.quad	18, 1,  6,  25, 8,  0, 0, 0	# [4][0] [0][1] [1][2] [2][3] [3][4]
+	.quad	41, 2,	62, 55, 39, 0, 0, 0	# [3][0] [4][1] [0][2] [1][3] [2][4]
+	.quad	3,  45, 61, 28, 20, 0, 0, 0	# [2][0] [3][1] [4][2] [0][3] [1][4]
+	.quad	36, 10, 15, 56, 27, 0, 0, 0	# [1][0] [2][1] [3][2] [4][3] [0][4]
+
+rhotates0:
+	.quad	 0,  1, 62, 28, 27, 0, 0, 0
+	.quad	36, 44,  6, 55, 20, 0, 0, 0
+	.quad	 3, 10, 43, 25, 39, 0, 0, 0
+	.quad	41, 45, 15, 21,  8, 0, 0, 0
+	.quad	18,  2, 61, 56, 14, 0, 0, 0
+
+pi0_perm:
+	.quad	0, 3, 1, 4, 2, 5, 6, 7
+	.quad	1, 4, 2, 0, 3, 5, 6, 7
+	.quad	2, 0, 3, 1, 4, 5, 6, 7
+	.quad	3, 1, 4, 2, 0, 5, 6, 7
+	.quad	4, 2, 0, 3, 1, 5, 6, 7
+
+
+iotas:
+	.quad	0x0000000000000001
+	.quad	0x0000000000008082
+	.quad	0x800000000000808a
+	.quad	0x8000000080008000
+	.quad	0x000000000000808b
+	.quad	0x0000000080000001
+	.quad	0x8000000080008081
+	.quad	0x8000000000008009
+	.quad	0x000000000000008a
+	.quad	0x0000000000000088
+	.quad	0x0000000080008009
+	.quad	0x000000008000000a
+	.quad	0x000000008000808b
+	.quad	0x800000000000008b
+	.quad	0x8000000000008089
+	.quad	0x8000000000008003
+	.quad	0x8000000000008002
+	.quad	0x8000000000000080
+	.quad	0x000000000000800a
+	.quad	0x800000008000000a
+	.quad	0x8000000080008081
+	.quad	0x8000000000008080
+	.quad	0x0000000080000001
+	.quad	0x8000000080008008
+
+.asciz	"Keccak-1600 absorb and squeeze for AVX-512F, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+$output=pop;
+open STDOUT,">$output";
+print $code;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-avx512vl.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-avx512vl.pl
new file mode 100755
index 000000000..a21bb8615
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-avx512vl.pl
@@ -0,0 +1,392 @@
+#!/usr/bin/env perl
+# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# Keccak-1600 for AVX512VL.
+#
+# December 2017.
+#
+# This is an adaptation of AVX2 module that reuses register data
+# layout, but utilizes new 256-bit AVX512VL instructions. See AVX2
+# module for further information on layout.
+#
+########################################################################
+# Numbers are cycles per processed byte out of large message.
+#
+#			r=1088(*)
+#
+# Skylake-X		6.4/+47%
+#
+# (*)	Corresponds to SHA3-256. Percentage after slash is improvement
+#	coefficient in comparison to scalar keccak1600-x86_64.pl.
+
+# Digits in variables' names denote right-most coordinates:
+
+my ($A00,	# [0][0] [0][0] [0][0] [0][0]		# %ymm0
+    $A01,	# [0][4] [0][3] [0][2] [0][1]		# %ymm1
+    $A20,	# [3][0] [1][0] [4][0] [2][0]		# %ymm2
+    $A31,	# [2][4] [4][3] [1][2] [3][1]		# %ymm3
+    $A21,	# [3][4] [1][3] [4][2] [2][1]		# %ymm4
+    $A41,	# [1][4] [2][3] [3][2] [4][1]		# %ymm5
+    $A11) =	# [4][4] [3][3] [2][2] [1][1]		# %ymm6
+    map("%ymm$_",(0..6));
+
+# We also need to map the magic order into offsets within structure:
+
+my @A_jagged = ([0,0], [1,0], [1,1], [1,2], [1,3],	# [0][0..4]
+		[2,2], [6,0], [3,1], [4,2], [5,3],	# [1][0..4]
+		[2,0], [4,0], [6,1], [5,2], [3,3],	# [2][0..4]
+		[2,3], [3,0], [5,1], [6,2], [4,3],	# [3][0..4]
+		[2,1], [5,0], [4,1], [3,2], [6,3]);	# [4][0..4]
+   @A_jagged = map(8*($$_[0]*4+$$_[1]), @A_jagged);	# ... and now linear
+
+my @T = map("%ymm$_",(7..15));
+my ($C14,$C00,$D00,$D14) = @T[5..8];
+my ($R20,$R01,$R31,$R21,$R41,$R11) = map("%ymm$_",(16..21));
+
+$code.=<<___;
+.text
+
+.type	__KeccakF1600,\@function
+.align	32
+__KeccakF1600:
+	lea		iotas(%rip),%r10
+	mov		\$24,%eax
+	jmp		.Loop_avx512vl
+
+.align	32
+.Loop_avx512vl:
+	######################################### Theta
+	vpshufd		\$0b01001110,$A20,$C00
+	vpxor		$A31,$A41,$C14
+	vpxor		$A11,$A21,@T[2]
+	vpternlogq	\$0x96,$A01,$T[2],$C14	# C[1..4]
+
+	vpxor		$A20,$C00,$C00
+	vpermq		\$0b01001110,$C00,@T[0]
+
+	vpermq		\$0b10010011,$C14,@T[4]
+	vprolq		\$1,$C14,@T[1]		# ROL64(C[1..4],1)
+
+	vpermq		\$0b00111001,@T[1],$D14
+	vpxor		@T[4],@T[1],$D00
+	vpermq		\$0b00000000,$D00,$D00	# D[0..0] = ROL64(C[1],1) ^ C[4]
+
+	vpternlogq	\$0x96,@T[0],$A00,$C00	# C[0..0]
+	vprolq		\$1,$C00,@T[1]		# ROL64(C[0..0],1)
+
+	vpxor		$D00,$A00,$A00		# ^= D[0..0]
+
+	vpblendd	\$0b11000000,@T[1],$D14,$D14
+	vpblendd	\$0b00000011,$C00,@T[4],@T[0]
+
+	######################################### Rho + Pi + pre-Chi shuffle
+	 vpxor		$D00,$A20,$A20		# ^= D[0..0] from Theta
+	vprolvq		$R20,$A20,$A20
+
+	 vpternlogq	\$0x96,@T[0],$D14,$A31	# ^= D[1..4] from Theta
+	vprolvq		$R31,$A31,$A31
+
+	 vpternlogq	\$0x96,@T[0],$D14,$A21	# ^= D[1..4] from Theta
+	vprolvq		$R21,$A21,$A21
+
+	 vpternlogq	\$0x96,@T[0],$D14,$A41	# ^= D[1..4] from Theta
+	vprolvq		$R41,$A41,$A41
+
+	 vpermq		\$0b10001101,$A20,@T[3]	# $A20 -> future $A31
+	 vpermq		\$0b10001101,$A31,@T[4]	# $A31 -> future $A21
+	 vpternlogq	\$0x96,@T[0],$D14,$A11	# ^= D[1..4] from Theta
+	vprolvq		$R11,$A11,@T[1]		# $A11 -> future $A01
+
+	 vpermq		\$0b00011011,$A21,@T[5]	# $A21 -> future $A41
+	 vpermq		\$0b01110010,$A41,@T[6]	# $A41 -> future $A11
+	 vpternlogq	\$0x96,@T[0],$D14,$A01	# ^= D[1..4] from Theta
+	vprolvq		$R01,$A01,@T[2]		# $A01 -> future $A20
+
+	######################################### Chi
+	vpblendd	\$0b00001100,@T[6],@T[2],$A31	#               [4][4] [2][0]
+	vpblendd	\$0b00001100,@T[2],@T[4],@T[8]	#               [4][0] [2][1]
+	 vpblendd	\$0b00001100,@T[4],@T[3],$A41	#               [4][2] [2][4]
+	 vpblendd	\$0b00001100,@T[3],@T[2],@T[7]	#               [4][3] [2][0]
+	vpblendd	\$0b00110000,@T[4],$A31,$A31	#        [1][3] [4][4] [2][0]
+	vpblendd	\$0b00110000,@T[5],@T[8],@T[8]	#        [1][4] [4][0] [2][1]
+	 vpblendd	\$0b00110000,@T[2],$A41,$A41	#        [1][0] [4][2] [2][4]
+	 vpblendd	\$0b00110000,@T[6],@T[7],@T[7]	#        [1][1] [4][3] [2][0]
+	vpblendd	\$0b11000000,@T[5],$A31,$A31	# [3][2] [1][3] [4][4] [2][0]
+	vpblendd	\$0b11000000,@T[6],@T[8],@T[8]	# [3][3] [1][4] [4][0] [2][1]
+	 vpblendd	\$0b11000000,@T[6],$A41,$A41	# [3][3] [1][0] [4][2] [2][4]
+	 vpblendd	\$0b11000000,@T[4],@T[7],@T[7]	# [3][4] [1][1] [4][3] [2][0]
+	vpternlogq	\$0xC6,@T[8],@T[3],$A31		# [3][1] [1][2] [4][3] [2][4]
+	 vpternlogq	\$0xC6,@T[7],@T[5],$A41		# [3][2] [1][4] [4][1] [2][3]
+
+	vpsrldq		\$8,@T[1],@T[0]
+	vpandn		@T[0],@T[1],@T[0]	# tgting  [0][0] [0][0] [0][0] [0][0]
+
+	vpblendd	\$0b00001100,@T[2],@T[5],$A11	#               [4][0] [2][3]
+	vpblendd	\$0b00001100,@T[5],@T[3],@T[8]	#               [4][1] [2][4]
+	vpblendd	\$0b00110000,@T[3],$A11,$A11	#        [1][2] [4][0] [2][3]
+	vpblendd	\$0b00110000,@T[4],@T[8],@T[8]	#        [1][3] [4][1] [2][4]
+	vpblendd	\$0b11000000,@T[4],$A11,$A11	# [3][4] [1][2] [4][0] [2][3]
+	vpblendd	\$0b11000000,@T[2],@T[8],@T[8]	# [3][0] [1][3] [4][1] [2][4]
+	vpternlogq	\$0xC6,@T[8],@T[6],$A11		# [3][3] [1][1] [4][4] [2][2]
+
+	  vpermq	\$0b00011110,@T[1],$A21		# [0][1] [0][2] [0][4] [0][3]
+	  vpblendd	\$0b00110000,$A00,$A21,@T[8]	# [0][1] [0][0] [0][4] [0][3]
+	  vpermq	\$0b00111001,@T[1],$A01		# [0][1] [0][4] [0][3] [0][2]
+	  vpblendd	\$0b11000000,$A00,$A01,$A01	# [0][0] [0][4] [0][3] [0][2]
+
+	vpblendd	\$0b00001100,@T[5],@T[4],$A20	#               [4][1] [2][1]
+	vpblendd	\$0b00001100,@T[4],@T[6],@T[7]	#               [4][2] [2][2]
+	vpblendd	\$0b00110000,@T[6],$A20,$A20	#        [1][1] [4][1] [2][1]
+	vpblendd	\$0b00110000,@T[3],@T[7],@T[7]	#        [1][2] [4][2] [2][2]
+	vpblendd	\$0b11000000,@T[3],$A20,$A20	# [3][1] [1][1] [4][1] [2][1]
+	vpblendd	\$0b11000000,@T[5],@T[7],@T[7]	# [3][2] [1][2] [4][2] [2][2]
+	vpternlogq	\$0xC6,@T[7],@T[2],$A20		# [3][0] [1][0] [4][0] [2][0]
+
+	 vpermq		\$0b00000000,@T[0],@T[0]	# [0][0] [0][0] [0][0] [0][0]
+	 vpermq		\$0b00011011,$A31,$A31		# post-Chi shuffle
+	 vpermq		\$0b10001101,$A41,$A41
+	 vpermq		\$0b01110010,$A11,$A11
+
+	vpblendd	\$0b00001100,@T[3],@T[6],$A21	#               [4][3] [2][2]
+	vpblendd	\$0b00001100,@T[6],@T[5],@T[7]	#               [4][4] [2][3]
+	vpblendd	\$0b00110000,@T[5],$A21,$A21	#        [1][4] [4][3] [2][2]
+	vpblendd	\$0b00110000,@T[2],@T[7],@T[7]	#        [1][0] [4][4] [2][3]
+	vpblendd	\$0b11000000,@T[2],$A21,$A21	# [3][0] [1][4] [4][3] [2][2]
+	vpblendd	\$0b11000000,@T[3],@T[7],@T[7]	# [3][1] [1][0] [4][4] [2][3]
+
+	vpternlogq	\$0xC6,@T[8],@T[1],$A01		# [0][4] [0][3] [0][2] [0][1]
+	vpternlogq	\$0xC6,@T[7],@T[4],$A21		# [3][4] [1][3] [4][2] [2][1]
+
+	######################################### Iota
+	vpternlogq	\$0x96,(%r10),@T[0],$A00
+	lea		32(%r10),%r10
+
+	dec		%eax
+	jnz		.Loop_avx512vl
+
+	ret
+.size	__KeccakF1600,.-__KeccakF1600
+___
+my ($A_flat,$inp,$len,$bsz) = ("%rdi","%rsi","%rdx","%rcx");
+my  $out = $inp;	# in squeeze
+
+$code.=<<___;
+.globl	SHA3_absorb
+.type	SHA3_absorb,\@function
+.align	32
+SHA3_absorb:
+	mov	%rsp,%r11
+
+	lea	-240(%rsp),%rsp
+	and	\$-32,%rsp
+
+	lea	96($A_flat),$A_flat
+	lea	96($inp),$inp
+	lea	96(%rsp),%r10
+	lea	rhotates_left(%rip),%r8
+
+	vzeroupper
+
+	vpbroadcastq	-96($A_flat),$A00	# load A[5][5]
+	vmovdqu		8+32*0-96($A_flat),$A01
+	vmovdqu		8+32*1-96($A_flat),$A20
+	vmovdqu		8+32*2-96($A_flat),$A31
+	vmovdqu		8+32*3-96($A_flat),$A21
+	vmovdqu		8+32*4-96($A_flat),$A41
+	vmovdqu		8+32*5-96($A_flat),$A11
+
+	vmovdqa64	0*32(%r8),$R20		# load "rhotate" indices
+	vmovdqa64	1*32(%r8),$R01
+	vmovdqa64	2*32(%r8),$R31
+	vmovdqa64	3*32(%r8),$R21
+	vmovdqa64	4*32(%r8),$R41
+	vmovdqa64	5*32(%r8),$R11
+
+	vpxor		@T[0],@T[0],@T[0]
+	vmovdqa		@T[0],32*2-96(%r10)	# zero transfer area on stack
+	vmovdqa		@T[0],32*3-96(%r10)
+	vmovdqa		@T[0],32*4-96(%r10)
+	vmovdqa		@T[0],32*5-96(%r10)
+	vmovdqa		@T[0],32*6-96(%r10)
+
+.Loop_absorb_avx512vl:
+	mov		$bsz,%rax
+	sub		$bsz,$len
+	jc		.Ldone_absorb_avx512vl
+
+	shr		\$3,%eax
+	vpbroadcastq	0-96($inp),@T[0]
+	vmovdqu		8-96($inp),@T[1]
+	sub		\$4,%eax
+___
+for(my $i=5; $i<25; $i++) {
+$code.=<<___
+	dec	%eax
+	jz	.Labsorved_avx512vl
+	mov	8*$i-96($inp),%r8
+	mov	%r8,$A_jagged[$i]-96(%r10)
+___
+}
+$code.=<<___;
+.Labsorved_avx512vl:
+	lea	($inp,$bsz),$inp
+
+	vpxor	@T[0],$A00,$A00
+	vpxor	@T[1],$A01,$A01
+	vpxor	32*2-96(%r10),$A20,$A20
+	vpxor	32*3-96(%r10),$A31,$A31
+	vpxor	32*4-96(%r10),$A21,$A21
+	vpxor	32*5-96(%r10),$A41,$A41
+	vpxor	32*6-96(%r10),$A11,$A11
+
+	call	__KeccakF1600
+
+	lea	96(%rsp),%r10
+	jmp	.Loop_absorb_avx512vl
+
+.Ldone_absorb_avx512vl:
+	vmovq	%xmm0,-96($A_flat)
+	vmovdqu	$A01,8+32*0-96($A_flat)
+	vmovdqu	$A20,8+32*1-96($A_flat)
+	vmovdqu	$A31,8+32*2-96($A_flat)
+	vmovdqu	$A21,8+32*3-96($A_flat)
+	vmovdqu	$A41,8+32*4-96($A_flat)
+	vmovdqu	$A11,8+32*5-96($A_flat)
+
+	vzeroupper
+
+	lea	(%r11),%rsp
+	lea	($len,$bsz),%rax		# return value
+	ret
+.size	SHA3_absorb,.-SHA3_absorb
+
+.globl	SHA3_squeeze
+.type	SHA3_squeeze,\@function
+.align	32
+SHA3_squeeze:
+	mov	%rsp,%r11
+
+	lea	96($A_flat),$A_flat
+	lea	rhotates_left(%rip),%r8
+	shr	\$3,$bsz
+
+	vzeroupper
+
+	vpbroadcastq	-96($A_flat),$A00
+	vpxor		@T[0],@T[0],@T[0]
+	vmovdqu		8+32*0-96($A_flat),$A01
+	vmovdqu		8+32*1-96($A_flat),$A20
+	vmovdqu		8+32*2-96($A_flat),$A31
+	vmovdqu		8+32*3-96($A_flat),$A21
+	vmovdqu		8+32*4-96($A_flat),$A41
+	vmovdqu		8+32*5-96($A_flat),$A11
+
+	vmovdqa64	0*32(%r8),$R20		# load "rhotate" indices
+	vmovdqa64	1*32(%r8),$R01
+	vmovdqa64	2*32(%r8),$R31
+	vmovdqa64	3*32(%r8),$R21
+	vmovdqa64	4*32(%r8),$R41
+	vmovdqa64	5*32(%r8),$R11
+
+	mov	$bsz,%rax
+
+.Loop_squeeze_avx512vl:
+	mov	@A_jagged[$i]-96($A_flat),%r8
+___
+for (my $i=0; $i<25; $i++) {
+$code.=<<___;
+	sub	\$8,$len
+	jc	.Ltail_squeeze_avx512vl
+	mov	%r8,($out)
+	lea	8($out),$out
+	je	.Ldone_squeeze_avx512vl
+	dec	%eax
+	je	.Lextend_output_avx512vl
+	mov	@A_jagged[$i+1]-120($A_flat),%r8
+___
+}
+$code.=<<___;
+.Lextend_output_avx512vl:
+	call	__KeccakF1600
+
+	vmovq	%xmm0,-96($A_flat)
+	vmovdqu	$A01,8+32*0-96($A_flat)
+	vmovdqu	$A20,8+32*1-96($A_flat)
+	vmovdqu	$A31,8+32*2-96($A_flat)
+	vmovdqu	$A21,8+32*3-96($A_flat)
+	vmovdqu	$A41,8+32*4-96($A_flat)
+	vmovdqu	$A11,8+32*5-96($A_flat)
+
+	mov	$bsz,%rax
+	jmp	.Loop_squeeze_avx512vl
+
+
+.Ltail_squeeze_avx512vl:
+	add	\$8,$len
+.Loop_tail_avx512vl:
+	mov	%r8b,($out)
+	lea	1($out),$out
+	shr	\$8,%r8
+	dec	$len
+	jnz	.Loop_tail_avx512vl
+
+.Ldone_squeeze_avx512vl:
+	vzeroupper
+
+	lea	(%r11),%rsp
+	ret
+.size	SHA3_squeeze,.-SHA3_squeeze
+
+.align	64
+rhotates_left:
+	.quad	3,	18,	36,	41	# [2][0] [4][0] [1][0] [3][0]
+	.quad	1,	62,	28,	27	# [0][1] [0][2] [0][3] [0][4]
+	.quad	45,	6,	56,	39	# [3][1] [1][2] [4][3] [2][4]
+	.quad	10,	61,	55,	8	# [2][1] [4][2] [1][3] [3][4]
+	.quad	2,	15,	25,	20	# [4][1] [3][2] [2][3] [1][4]
+	.quad	44,	43,	21,	14	# [1][1] [2][2] [3][3] [4][4]
+iotas:
+	.quad	0x0000000000000001, 0x0000000000000001, 0x0000000000000001, 0x0000000000000001
+	.quad	0x0000000000008082, 0x0000000000008082, 0x0000000000008082, 0x0000000000008082
+	.quad	0x800000000000808a, 0x800000000000808a, 0x800000000000808a, 0x800000000000808a
+	.quad	0x8000000080008000, 0x8000000080008000, 0x8000000080008000, 0x8000000080008000
+	.quad	0x000000000000808b, 0x000000000000808b, 0x000000000000808b, 0x000000000000808b
+	.quad	0x0000000080000001, 0x0000000080000001, 0x0000000080000001, 0x0000000080000001
+	.quad	0x8000000080008081, 0x8000000080008081, 0x8000000080008081, 0x8000000080008081
+	.quad	0x8000000000008009, 0x8000000000008009, 0x8000000000008009, 0x8000000000008009
+	.quad	0x000000000000008a, 0x000000000000008a, 0x000000000000008a, 0x000000000000008a
+	.quad	0x0000000000000088, 0x0000000000000088, 0x0000000000000088, 0x0000000000000088
+	.quad	0x0000000080008009, 0x0000000080008009, 0x0000000080008009, 0x0000000080008009
+	.quad	0x000000008000000a, 0x000000008000000a, 0x000000008000000a, 0x000000008000000a
+	.quad	0x000000008000808b, 0x000000008000808b, 0x000000008000808b, 0x000000008000808b
+	.quad	0x800000000000008b, 0x800000000000008b, 0x800000000000008b, 0x800000000000008b
+	.quad	0x8000000000008089, 0x8000000000008089, 0x8000000000008089, 0x8000000000008089
+	.quad	0x8000000000008003, 0x8000000000008003, 0x8000000000008003, 0x8000000000008003
+	.quad	0x8000000000008002, 0x8000000000008002, 0x8000000000008002, 0x8000000000008002
+	.quad	0x8000000000000080, 0x8000000000000080, 0x8000000000000080, 0x8000000000000080
+	.quad	0x000000000000800a, 0x000000000000800a, 0x000000000000800a, 0x000000000000800a
+	.quad	0x800000008000000a, 0x800000008000000a, 0x800000008000000a, 0x800000008000000a
+	.quad	0x8000000080008081, 0x8000000080008081, 0x8000000080008081, 0x8000000080008081
+	.quad	0x8000000000008080, 0x8000000000008080, 0x8000000000008080, 0x8000000000008080
+	.quad	0x0000000080000001, 0x0000000080000001, 0x0000000080000001, 0x0000000080000001
+	.quad	0x8000000080008008, 0x8000000080008008, 0x8000000080008008, 0x8000000080008008
+
+.asciz	"Keccak-1600 absorb and squeeze for AVX512VL, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+$output=pop;
+open STDOUT,">$output";
+print $code;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-c64x.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-c64x.pl
new file mode 100755
index 000000000..b00af9af9
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-c64x.pl
@@ -0,0 +1,885 @@
+#!/usr/bin/env perl
+# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# [ABI- and endian-neutral] Keccak-1600 for C64x.
+#
+# June 2017.
+#
+# This is straightforward KECCAK_1X_ALT variant (see sha/keccak1600.c)
+# with bit interleaving. 64-bit values are simply split between A- and
+# B-files, with A-file holding least significant halves. This works
+# out perfectly, because all operations including cross-communications
+# [in rotate operations] are always complementary. Performance is
+# [incredible for a 32-bit processor] 10.9 cycles per processed byte
+# for r=1088, which corresponds to SHA3-256. This is >15x faster than
+# compiler-generated KECCAK_1X_ALT code, and >10x than other variants.
+# On average processor ends up issuing ~4.5 instructions per cycle...
+
+my @A = map([ $_, ($_+1), ($_+2), ($_+3), ($_+4) ], (5,10,16,21,26));
+   $A[1][4] = 31;	# B14 is reserved, A14 is used as iota[]
+   ($A[3][0],$A[4][1]) = ($A[4][1],$A[3][0]);
+my @C = (0..4,$A[3][0],$A[4][0]);
+my $iotas = "A14";
+
+my @rhotates = ([  0,  1, 62, 28, 27 ],
+                [ 36, 44,  6, 55, 20 ],
+                [  3, 10, 43, 25, 39 ],
+                [ 41, 45, 15, 21,  8 ],
+                [ 18,  2, 61, 56, 14 ]);
+
+sub ROL64 {
+    my ($src,$rot,$dst,$p) = @_;
+
+    if ($rot&1) {
+$code.=<<___;
+$p	ROTL	B$src,$rot/2+1,A$dst
+||	ROTL	A$src,$rot/2,  B$dst
+___
+    } else {
+$code.=<<___;
+$p	ROTL	A$src,$rot/2,A$dst
+||	ROTL	B$src,$rot/2,B$dst
+___
+    }
+}
+
+########################################################################
+# Stack frame layout
+#
+# SP--->+------+------+
+#       |      |      |
+# +1--->+------+------+<- -9	below 4 slots are used by KeccakF1600_int
+#       |      |      |
+# +2--->+------+------+<- -8
+#       |      |      |
+# +3--->+------+------+<- -7
+#       | A2   | A3   |		A3:A2 are preserved by KeccakF1600_int
+# +4--->+------+------+<- -6
+#       | B2   | B3   |		B3:B2 are preserved by KeccakF1600_int
+# +5--->+------+------+<- -5	below is ABI-compliant layout
+#       | A10  | A11  |
+# +6--->+------+------+<- -4
+#       | A12  | A13  |
+# +7--->+------+------+<- -3
+#       | A14  | B3   |
+# +8--->+------+------+<- -2
+#       | B10  | B11  |
+# +9--->+------+------+<- -1
+#       | B12  | B13  |
+#       +------+------+<---FP
+#       | A15  |
+#       +------+--
+
+$code.=<<___;
+	.text
+
+	.if	.ASSEMBLER_VERSION<7000000
+	.asg	0,__TI_EABI__
+	.endif
+	.if	__TI_EABI__
+	.nocmp
+	.asg	KeccakF1600,_KeccakF1600
+	.asg	SHA3_absorb,_SHA3_absorb
+	.asg	SHA3_squeeze,_SHA3_squeeze
+	.endif
+
+	.asg	B3,RA
+	.asg	A15,FP
+	.asg	B15,SP
+
+	.align	32
+_KeccakF1600_int:
+	.asmfunc
+	STDW	A3:A2,*FP[-7]
+||	STDW	B3:B2,*SP[4]
+_KeccakF1600_cheat:
+	.if	__TI_EABI__
+	ADDKPC	_KeccakF1600_int,B0
+||	MVKL	\$PCR_OFFSET(iotas,_KeccakF1600_int),$iotas
+	MVKH	\$PCR_OFFSET(iotas,_KeccakF1600_int),$iotas
+	.else
+	ADDKPC	_KeccakF1600_int,B0
+||	MVKL	(iotas-_KeccakF1600_int),$iotas
+	MVKH	(iotas-_KeccakF1600_int),$iotas
+	.endif
+	ADD	B0,$iotas,$iotas
+loop?:
+	XOR	A$A[0][2],A$A[1][2],A$C[2]	; Theta
+||	XOR	B$A[0][2],B$A[1][2],B$C[2]
+||	XOR	A$A[0][3],A$A[1][3],A$C[3]
+||	XOR	B$A[0][3],B$A[1][3],B$C[3]
+||	XOR	A$A[0][0],A$A[1][0],A$C[0]
+||	XOR	B$A[0][0],B$A[1][0],B$C[0]
+	XOR	A$A[2][2],A$C[2],A$C[2]
+||	XOR	B$A[2][2],B$C[2],B$C[2]
+||	XOR	A$A[2][3],A$C[3],A$C[3]
+||	XOR	B$A[2][3],B$C[3],B$C[3]
+||	XOR	A$A[2][0],A$C[0],A$C[0]
+||	XOR	B$A[2][0],B$C[0],B$C[0]
+	XOR	A$A[3][2],A$C[2],A$C[2]
+||	XOR	B$A[3][2],B$C[2],B$C[2]
+||	XOR	A$A[3][3],A$C[3],A$C[3]
+||	XOR	B$A[3][3],B$C[3],B$C[3]
+||	XOR	A$A[3][0],A$C[0],A$C[0]
+||	XOR	B$A[3][0],B$C[0],B$C[0]
+	XOR	A$A[4][2],A$C[2],A$C[2]
+||	XOR	B$A[4][2],B$C[2],B$C[2]
+||	XOR	A$A[4][3],A$C[3],A$C[3]
+||	XOR	B$A[4][3],B$C[3],B$C[3]
+||	XOR	A$A[4][0],A$C[0],A$C[0]
+||	XOR	B$A[4][0],B$C[0],B$C[0]
+	XOR	A$A[0][4],A$A[1][4],A$C[4]
+||	XOR	B$A[0][4],B$A[1][4],B$C[4]
+||	XOR	A$A[0][1],A$A[1][1],A$C[1]
+||	XOR	B$A[0][1],B$A[1][1],B$C[1]
+||	STDW	A$A[3][0]:A$A[4][0],*SP[1]	; offload some data
+	STDW	B$A[3][0]:B$A[4][0],*SP[2]
+||	XOR	A$A[2][4],A$C[4],A$C[4]
+||	XOR	B$A[2][4],B$C[4],B$C[4]
+||	XOR	A$A[2][1],A$C[1],A$C[1]
+||	XOR	B$A[2][1],B$C[1],B$C[1]
+||	ROTL	B$C[2],1,A$C[5]			; ROL64(C[2],1)
+||	ROTL	A$C[2],0,B$C[5]
+	XOR	A$A[3][4],A$C[4],A$C[4]
+||	XOR	B$A[3][4],B$C[4],B$C[4]
+||	XOR	A$A[3][1],A$C[1],A$C[1]
+||	XOR	B$A[3][1],B$C[1],B$C[1]
+||	ROTL	B$C[3],1,A$C[6]			; ROL64(C[3],1)
+||	ROTL	A$C[3],0,B$C[6]
+	XOR	A$A[4][4],A$C[4],A$C[4]
+||	XOR	B$A[4][4],B$C[4],B$C[4]
+||	XOR	A$A[4][1],A$C[1],A$C[1]
+||	XOR	B$A[4][1],B$C[1],B$C[1]
+||	XOR	A$C[0],A$C[5],A$C[5]		; C[0] ^ ROL64(C[2],1)
+||	XOR	B$C[0],B$C[5],B$C[5]
+	XOR	A$C[5],A$A[0][1],A$A[0][1]
+||	XOR	B$C[5],B$A[0][1],B$A[0][1]
+||	XOR	A$C[5],A$A[1][1],A$A[1][1]
+||	XOR	B$C[5],B$A[1][1],B$A[1][1]
+||	XOR	A$C[5],A$A[2][1],A$A[2][1]
+||	XOR	B$C[5],B$A[2][1],B$A[2][1]
+	XOR	A$C[5],A$A[3][1],A$A[3][1]
+||	XOR	B$C[5],B$A[3][1],B$A[3][1]
+||	XOR	A$C[5],A$A[4][1],A$A[4][1]
+||	XOR	B$C[5],B$A[4][1],B$A[4][1]
+||	ROTL	B$C[4],1,A$C[5]			; ROL64(C[4],1)
+||	ROTL	A$C[4],0,B$C[5]
+||	XOR	A$C[1],A$C[6],A$C[6]		; C[1] ^ ROL64(C[3],1)
+||	XOR	B$C[1],B$C[6],B$C[6]
+	XOR	A$C[6],A$A[0][2],A$A[0][2]
+||	XOR	B$C[6],B$A[0][2],B$A[0][2]
+||	XOR	A$C[6],A$A[1][2],A$A[1][2]
+||	XOR	B$C[6],B$A[1][2],B$A[1][2]
+||	XOR	A$C[6],A$A[2][2],A$A[2][2]
+||	XOR	B$C[6],B$A[2][2],B$A[2][2]
+||	ROTL	B$C[1],1,A$C[1]			; ROL64(C[1],1)
+||	ROTL	A$C[1],0,B$C[1]
+	XOR	A$C[6],A$A[3][2],A$A[3][2]
+||	XOR	B$C[6],B$A[3][2],B$A[3][2]
+||	XOR	A$C[6],A$A[4][2],A$A[4][2]
+||	XOR	B$C[6],B$A[4][2],B$A[4][2]
+||	ROTL	B$C[0],1,A$C[6]			; ROL64(C[0],1)
+||	ROTL	A$C[0],0,B$C[6]
+||	XOR	A$C[5],A$C[2],A$C[2]		; C[2] ^= ROL64(C[4],1)
+||	XOR	B$C[5],B$C[2],B$C[2]
+	XOR	A$C[2],A$A[0][3],A$A[0][3]
+||	XOR	B$C[2],B$A[0][3],B$A[0][3]
+||	XOR	A$C[2],A$A[1][3],A$A[1][3]
+||	XOR	B$C[2],B$A[1][3],B$A[1][3]
+||	XOR	A$C[2],A$A[2][3],A$A[2][3]
+||	XOR	B$C[2],B$A[2][3],B$A[2][3]
+	XOR	A$C[6],A$C[3],A$C[3]		; C[3] ^= ROL64(C[0],1)
+||	XOR	B$C[6],B$C[3],B$C[3]
+||	LDDW	*FP[-9],A$A[3][0]:A$A[4][0]	; restore offloaded data
+||	LDDW	*SP[2],B$A[3][0]:B$A[4][0]
+||	XOR	A$C[2],A$A[3][3],A$A[3][3]
+||	XOR	B$C[2],B$A[3][3],B$A[3][3]
+	XOR	A$C[2],A$A[4][3],A$A[4][3]
+||	XOR	B$C[2],B$A[4][3],B$A[4][3]
+||	XOR	A$C[3],A$A[0][4],A$A[0][4]
+||	XOR	B$C[3],B$A[0][4],B$A[0][4]
+||	XOR	A$C[3],A$A[1][4],A$A[1][4]
+||	XOR	B$C[3],B$A[1][4],B$A[1][4]
+	XOR	A$C[3],A$A[2][4],A$A[2][4]
+||	XOR	B$C[3],B$A[2][4],B$A[2][4]
+||	XOR	A$C[3],A$A[3][4],A$A[3][4]
+||	XOR	B$C[3],B$A[3][4],B$A[3][4]
+||	XOR	A$C[3],A$A[4][4],A$A[4][4]
+||	XOR	B$C[3],B$A[4][4],B$A[4][4]
+	XOR	A$C[1],A$C[4],A$C[4]		; C[4] ^= ROL64(C[1],1)
+||	XOR	B$C[1],B$C[4],B$C[4]
+||	MV	A$A[0][1],A$C[1]		; Rho+Pi, "early start"
+||	MV	B$A[0][1],B$C[1]
+___
+	&ROL64	($A[1][1],$rhotates[1][1],$A[0][1],"||");
+$code.=<<___;
+	XOR	A$C[4],A$A[0][0],A$A[0][0]
+||	XOR	B$C[4],B$A[0][0],B$A[0][0]
+||	XOR	A$C[4],A$A[1][0],A$A[1][0]
+||	XOR	B$C[4],B$A[1][0],B$A[1][0]
+||	MV	A$A[0][3],A$C[3]
+||	MV	B$A[0][3],B$C[3]
+___
+	&ROL64	($A[3][3],$rhotates[3][3],$A[0][3],"||");
+$code.=<<___;
+	XOR	A$C[4],A$A[2][0],A$A[2][0]
+||	XOR	B$C[4],B$A[2][0],B$A[2][0]
+||	XOR	A$C[4],A$A[3][0],A$A[3][0]
+||	XOR	B$C[4],B$A[3][0],B$A[3][0]
+||	MV	A$A[0][2],A$C[2]
+||	MV	B$A[0][2],B$C[2]
+___
+	&ROL64	($A[2][2],$rhotates[2][2],$A[0][2],"||");
+$code.=<<___;
+	XOR	A$C[4],A$A[4][0],A$A[4][0]
+||	XOR	B$C[4],B$A[4][0],B$A[4][0]
+||	MV	A$A[0][4],A$C[4]
+||	MV	B$A[0][4],B$C[4]
+___
+	&ROL64	($A[4][4],$rhotates[4][4],$A[0][4],"||");
+
+	&ROL64	($A[1][4],$rhotates[1][4],$A[1][1]);
+$code.=<<___;
+||	LDW	*${iotas}++[2],A$C[0]
+___
+	&ROL64	($A[2][3],$rhotates[2][3],$A[2][2]);
+$code.=<<___;
+||	LDW	*${iotas}[-1],B$C[0]
+___
+	&ROL64	($A[3][2],$rhotates[3][2],$A[3][3]);
+	&ROL64	($A[4][1],$rhotates[4][1],$A[4][4]);
+
+	&ROL64	($A[4][2],$rhotates[4][2],$A[1][4]);
+	&ROL64	($A[3][4],$rhotates[3][4],$A[2][3]);
+	&ROL64	($A[2][1],$rhotates[2][1],$A[3][2]);
+	&ROL64	($A[1][3],$rhotates[1][3],$A[4][1]);
+
+	&ROL64	($A[2][4],$rhotates[2][4],$A[4][2]);
+	&ROL64	($A[4][3],$rhotates[4][3],$A[3][4]);
+	&ROL64	($A[1][2],$rhotates[1][2],$A[2][1]);
+	&ROL64	($A[3][1],$rhotates[3][1],$A[1][3]);
+
+	&ROL64	($A[4][0],$rhotates[4][0],$A[2][4]);
+	&ROL64	($A[3][0],$rhotates[3][0],$A[4][3]);
+	&ROL64	($A[2][0],$rhotates[2][0],$A[1][2]);
+	&ROL64	($A[1][0],$rhotates[1][0],$A[3][1]);
+
+	#&ROL64	($C[3],   $rhotates[0][3],$A[1][0]);	# moved below
+	&ROL64	($C[1],   $rhotates[0][1],$A[2][0]);
+	&ROL64	($C[4],   $rhotates[0][4],$A[3][0]);
+	&ROL64	($C[2],   $rhotates[0][2],$A[4][0]);
+$code.=<<___;
+||	ANDN	A$A[0][2],A$A[0][1],A$C[4]	; Chi+Iota
+||	ANDN	B$A[0][2],B$A[0][1],B$C[4]
+||	ANDN	A$A[0][3],A$A[0][2],A$C[1]
+||	ANDN	B$A[0][3],B$A[0][2],B$C[1]
+||	ANDN	A$A[0][4],A$A[0][3],A$C[2]
+||	ANDN	B$A[0][4],B$A[0][3],B$C[2]
+___
+	&ROL64	($C[3],   $rhotates[0][3],$A[1][0]);
+$code.=<<___;
+||	ANDN	A$A[0][0],A$A[0][4],A$C[3]
+||	ANDN	B$A[0][0],B$A[0][4],B$C[3]
+||	XOR	A$C[4],A$A[0][0],A$A[0][0]
+||	XOR	B$C[4],B$A[0][0],B$A[0][0]
+||	ANDN	A$A[0][1],A$A[0][0],A$C[4]
+||	ANDN	B$A[0][1],B$A[0][0],B$C[4]
+	XOR	A$C[1],A$A[0][1],A$A[0][1]
+||	XOR	B$C[1],B$A[0][1],B$A[0][1]
+||	XOR	A$C[2],A$A[0][2],A$A[0][2]
+||	XOR	B$C[2],B$A[0][2],B$A[0][2]
+||	XOR	A$C[3],A$A[0][3],A$A[0][3]
+||	XOR	B$C[3],B$A[0][3],B$A[0][3]
+	XOR	A$C[4],A$A[0][4],A$A[0][4]
+||	XOR	B$C[4],B$A[0][4],B$A[0][4]
+||	XOR	A$C[0],A$A[0][0],A$A[0][0]	; A[0][0] ^= iotas[i++];
+||	XOR	B$C[0],B$A[0][0],B$A[0][0]
+||	EXTU	$iotas,24,24,A0			; A0 is A$C[0], as we done?
+
+	ANDN	A$A[1][2],A$A[1][1],A$C[4]
+||	ANDN	B$A[1][2],B$A[1][1],B$C[4]
+||	ANDN	A$A[1][3],A$A[1][2],A$C[1]
+||	ANDN	B$A[1][3],B$A[1][2],B$C[1]
+||	ANDN	A$A[1][4],A$A[1][3],A$C[2]
+||	ANDN	B$A[1][4],B$A[1][3],B$C[2]
+	ANDN	A$A[1][0],A$A[1][4],A$C[3]
+||	ANDN	B$A[1][0],B$A[1][4],B$C[3]
+||	XOR	A$C[4],A$A[1][0],A$A[1][0]
+||	XOR	B$C[4],B$A[1][0],B$A[1][0]
+||	ANDN	A$A[1][1],A$A[1][0],A$C[4]
+||	ANDN	B$A[1][1],B$A[1][0],B$C[4]
+	XOR	A$C[1],A$A[1][1],A$A[1][1]
+||	XOR	B$C[1],B$A[1][1],B$A[1][1]
+||	XOR	A$C[2],A$A[1][2],A$A[1][2]
+||	XOR	B$C[2],B$A[1][2],B$A[1][2]
+||	XOR	A$C[3],A$A[1][3],A$A[1][3]
+||	XOR	B$C[3],B$A[1][3],B$A[1][3]
+	XOR	A$C[4],A$A[1][4],A$A[1][4]
+||	XOR	B$C[4],B$A[1][4],B$A[1][4]
+
+||	ANDN	A$A[2][2],A$A[2][1],A$C[4]
+||	ANDN	B$A[2][2],B$A[2][1],B$C[4]
+||	ANDN	A$A[2][3],A$A[2][2],A$C[1]
+||	ANDN	B$A[2][3],B$A[2][2],B$C[1]
+	ANDN	A$A[2][4],A$A[2][3],A$C[2]
+||	ANDN	B$A[2][4],B$A[2][3],B$C[2]
+||	ANDN	A$A[2][0],A$A[2][4],A$C[3]
+||	ANDN	B$A[2][0],B$A[2][4],B$C[3]
+||	XOR	A$C[4],A$A[2][0],A$A[2][0]
+||	XOR	B$C[4],B$A[2][0],B$A[2][0]
+	ANDN	A$A[2][1],A$A[2][0],A$C[4]
+||	ANDN	B$A[2][1],B$A[2][0],B$C[4]
+||	XOR	A$C[1],A$A[2][1],A$A[2][1]
+||	XOR	B$C[1],B$A[2][1],B$A[2][1]
+||	XOR	A$C[2],A$A[2][2],A$A[2][2]
+||	XOR	B$C[2],B$A[2][2],B$A[2][2]
+	XOR	A$C[3],A$A[2][3],A$A[2][3]
+||	XOR	B$C[3],B$A[2][3],B$A[2][3]
+||	XOR	A$C[4],A$A[2][4],A$A[2][4]
+||	XOR	B$C[4],B$A[2][4],B$A[2][4]
+
+	ANDN	A$A[3][2],A$A[3][1],A$C[4]
+||	ANDN	B$A[3][2],B$A[3][1],B$C[4]
+||	ANDN	A$A[3][3],A$A[3][2],A$C[1]
+||	ANDN	B$A[3][3],B$A[3][2],B$C[1]
+||	ANDN	A$A[3][4],A$A[3][3],A$C[2]
+||	ANDN	B$A[3][4],B$A[3][3],B$C[2]
+	ANDN	A$A[3][0],A$A[3][4],A$C[3]
+||	ANDN	B$A[3][0],B$A[3][4],B$C[3]
+||	XOR	A$C[4],A$A[3][0],A$A[3][0]
+||	XOR	B$C[4],B$A[3][0],B$A[3][0]
+||	ANDN	A$A[3][1],A$A[3][0],A$C[4]
+||	ANDN	B$A[3][1],B$A[3][0],B$C[4]
+	XOR	A$C[1],A$A[3][1],A$A[3][1]
+||	XOR	B$C[1],B$A[3][1],B$A[3][1]
+||	XOR	A$C[2],A$A[3][2],A$A[3][2]
+||	XOR	B$C[2],B$A[3][2],B$A[3][2]
+||	XOR	A$C[3],A$A[3][3],A$A[3][3]
+||[A0]	BNOP	loop?
+	XOR	B$C[3],B$A[3][3],B$A[3][3]
+||	XOR	A$C[4],A$A[3][4],A$A[3][4]
+||	XOR	B$C[4],B$A[3][4],B$A[3][4]
+||[!A0]	LDDW	*FP[-7],A3:A2
+||[!A0]	LDDW	*SP[4], RA:B2
+
+	ANDN	A$A[4][2],A$A[4][1],A$C[4]
+||	ANDN	B$A[4][2],B$A[4][1],B$C[4]
+||	ANDN	A$A[4][3],A$A[4][2],A$C[1]
+||	ANDN	B$A[4][3],B$A[4][2],B$C[1]
+||	ANDN	A$A[4][4],A$A[4][3],A$C[2]
+||	ANDN	B$A[4][4],B$A[4][3],B$C[2]
+	ANDN	A$A[4][0],A$A[4][4],A$C[3]
+||	ANDN	B$A[4][0],B$A[4][4],B$C[3]
+||	XOR	A$C[4],A$A[4][0],A$A[4][0]
+||	XOR	B$C[4],B$A[4][0],B$A[4][0]
+||	ANDN	A$A[4][1],A$A[4][0],A$C[4]
+||	ANDN	B$A[4][1],B$A[4][0],B$C[4]
+	XOR	A$C[1],A$A[4][1],A$A[4][1]
+||	XOR	B$C[1],B$A[4][1],B$A[4][1]
+||	XOR	A$C[2],A$A[4][2],A$A[4][2]
+||	XOR	B$C[2],B$A[4][2],B$A[4][2]
+||	XOR	A$C[3],A$A[4][3],A$A[4][3]
+||	XOR	B$C[3],B$A[4][3],B$A[4][3]
+	XOR	A$C[4],A$A[4][4],A$A[4][4]
+||	XOR	B$C[4],B$A[4][4],B$A[4][4]
+;;===== branch to loop? is taken here
+
+	BNOP	RA,5
+	.endasmfunc
+
+	.newblock
+	.global	_KeccakF1600
+	.align	32
+_KeccakF1600:
+	.asmfunc stack_usage(80)
+	STW	FP,*SP--(80)			; save frame pointer
+||	MV	SP,FP
+	STDW	B13:B12,*SP[9]
+||	STDW	A13:A12,*FP[-4]
+	STDW	B11:B10,*SP[8]
+||	STDW	A11:A10,*FP[-5]
+	STW	RA, *SP[15]
+||	STW	A14,*FP[-6]
+||	MV	A4,A2
+||	ADD	4,A4,B2
+
+	LDW	*A2++[2],A$A[0][0]		; load A[5][5]
+||	LDW	*B2++[2],B$A[0][0]
+	LDW	*A2++[2],A$A[0][1]
+||	LDW	*B2++[2],B$A[0][1]
+	LDW	*A2++[2],A$A[0][2]
+||	LDW	*B2++[2],B$A[0][2]
+	LDW	*A2++[2],A$A[0][3]
+||	LDW	*B2++[2],B$A[0][3]
+	LDW	*A2++[2],A$A[0][4]
+||	LDW	*B2++[2],B$A[0][4]
+
+	LDW	*A2++[2],A$A[1][0]
+||	LDW	*B2++[2],B$A[1][0]
+	LDW	*A2++[2],A$A[1][1]
+||	LDW	*B2++[2],B$A[1][1]
+	LDW	*A2++[2],A$A[1][2]
+||	LDW	*B2++[2],B$A[1][2]
+	LDW	*A2++[2],A$A[1][3]
+||	LDW	*B2++[2],B$A[1][3]
+	LDW	*A2++[2],A$A[1][4]
+||	LDW	*B2++[2],B$A[1][4]
+
+	LDW	*A2++[2],A$A[2][0]
+||	LDW	*B2++[2],B$A[2][0]
+	LDW	*A2++[2],A$A[2][1]
+||	LDW	*B2++[2],B$A[2][1]
+	LDW	*A2++[2],A$A[2][2]
+||	LDW	*B2++[2],B$A[2][2]
+	LDW	*A2++[2],A$A[2][3]
+||	LDW	*B2++[2],B$A[2][3]
+	LDW	*A2++[2],A$A[2][4]
+||	LDW	*B2++[2],B$A[2][4]
+
+	LDW	*A2++[2],A$A[3][0]
+||	LDW	*B2++[2],B$A[3][0]
+	LDW	*A2++[2],A$A[3][1]
+||	LDW	*B2++[2],B$A[3][1]
+	LDW	*A2++[2],A$A[3][2]
+||	LDW	*B2++[2],B$A[3][2]
+	LDW	*A2++[2],A$A[3][3]
+||	LDW	*B2++[2],B$A[3][3]
+	LDW	*A2++[2],A$A[3][4]
+||	LDW	*B2++[2],B$A[3][4]
+||	BNOP	_KeccakF1600_int
+
+	ADDKPC	ret?,RA
+||	LDW	*A2++[2],A$A[4][0]
+||	LDW	*B2++[2],B$A[4][0]
+	LDW	*A2++[2],A$A[4][1]
+||	LDW	*B2++[2],B$A[4][1]
+	LDW	*A2++[2],A$A[4][2]
+||	LDW	*B2++[2],B$A[4][2]
+	LDW	*A2++[2],A$A[4][3]
+||	LDW	*B2++[2],B$A[4][3]
+	LDW	*A2,A$A[4][4]
+||	LDW	*B2,B$A[4][4]
+||	ADDK	-192,A2				; rewind
+||	ADDK	-192,B2
+
+	.align	16
+ret?:
+	STW	A$A[0][0],*A2++[2]		; store A[5][5]
+||	STW	B$A[0][0],*B2++[2]
+	STW	A$A[0][1],*A2++[2]
+||	STW	B$A[0][1],*B2++[2]
+	STW	A$A[0][2],*A2++[2]
+||	STW	B$A[0][2],*B2++[2]
+	STW	A$A[0][3],*A2++[2]
+||	STW	B$A[0][3],*B2++[2]
+	STW	A$A[0][4],*A2++[2]
+||	STW	B$A[0][4],*B2++[2]
+
+	STW	A$A[1][0],*A2++[2]
+||	STW	B$A[1][0],*B2++[2]
+	STW	A$A[1][1],*A2++[2]
+||	STW	B$A[1][1],*B2++[2]
+	STW	A$A[1][2],*A2++[2]
+||	STW	B$A[1][2],*B2++[2]
+	STW	A$A[1][3],*A2++[2]
+||	STW	B$A[1][3],*B2++[2]
+	STW	A$A[1][4],*A2++[2]
+||	STW	B$A[1][4],*B2++[2]
+
+	STW	A$A[2][0],*A2++[2]
+||	STW	B$A[2][0],*B2++[2]
+	STW	A$A[2][1],*A2++[2]
+||	STW	B$A[2][1],*B2++[2]
+	STW	A$A[2][2],*A2++[2]
+||	STW	B$A[2][2],*B2++[2]
+	STW	A$A[2][3],*A2++[2]
+||	STW	B$A[2][3],*B2++[2]
+	STW	A$A[2][4],*A2++[2]
+||	STW	B$A[2][4],*B2++[2]
+
+	STW	A$A[3][0],*A2++[2]
+||	STW	B$A[3][0],*B2++[2]
+	STW	A$A[3][1],*A2++[2]
+||	STW	B$A[3][1],*B2++[2]
+	STW	A$A[3][2],*A2++[2]
+||	STW	B$A[3][2],*B2++[2]
+	STW	A$A[3][3],*A2++[2]
+||	STW	B$A[3][3],*B2++[2]
+	STW	A$A[3][4],*A2++[2]
+||	STW	B$A[3][4],*B2++[2]
+
+	LDW	*SP[15],RA
+||	LDW	*FP[-6],A14
+
+	STW	A$A[4][0],*A2++[2]
+||	STW	B$A[4][0],*B2++[2]
+	STW	A$A[4][1],*A2++[2]
+||	STW	B$A[4][1],*B2++[2]
+	STW	A$A[4][2],*A2++[2]
+||	STW	B$A[4][2],*B2++[2]
+	STW	A$A[4][3],*A2++[2]
+||	STW	B$A[4][3],*B2++[2]
+	STW	A$A[4][4],*A2
+||	STW	B$A[4][4],*B2
+||	ADDK	-192,A2				; rewind
+
+	MV	A2,A4				; return original A4
+||	LDDW	*SP[8], B11:B10
+||	LDDW	*FP[-5],A11:A10
+	LDDW	*SP[9], B13:B12
+||	LDDW	*FP[-4],A13:A12
+||	BNOP	RA
+	LDW	*++SP(80),FP			; restore frame pointer
+	NOP	4				; wait till FP is committed
+	.endasmfunc
+
+	.newblock
+	.asg	B2,BSZ
+	.asg	A2,INP
+	.asg	A3,LEN
+	.global	_SHA3_absorb
+	.align	32
+_SHA3_absorb:
+	.asmfunc stack_usage(80)
+	STW	FP,*SP--(80)			; save frame pointer
+||	MV	SP,FP
+	STDW	B13:B12,*SP[9]
+||	STDW	A13:A12,*FP[-4]
+	STDW	B11:B10,*SP[8]
+||	STDW	A11:A10,*FP[-5]
+	STW	RA, *SP[15]
+||	STW	A14,*FP[-6]
+
+	STW	A4,*SP[1]			; save A[][]
+||	MV	B4,INP				; reassign arguments
+||	MV	A6,LEN
+||	MV	B6,BSZ
+||	ADD	4,A4,B4
+
+	LDW	*A4++[2],A$A[0][0]		; load A[5][5]
+||	LDW	*B4++[2],B$A[0][0]
+	LDW	*A4++[2],A$A[0][1]
+||	LDW	*B4++[2],B$A[0][1]
+	LDW	*A4++[2],A$A[0][2]
+||	LDW	*B4++[2],B$A[0][2]
+	LDW	*A4++[2],A$A[0][3]
+||	LDW	*B4++[2],B$A[0][3]
+	LDW	*A4++[2],A$A[0][4]
+||	LDW	*B4++[2],B$A[0][4]
+
+	LDW	*A4++[2],A$A[1][0]
+||	LDW	*B4++[2],B$A[1][0]
+	LDW	*A4++[2],A$A[1][1]
+||	LDW	*B4++[2],B$A[1][1]
+	LDW	*A4++[2],A$A[1][2]
+||	LDW	*B4++[2],B$A[1][2]
+	LDW	*A4++[2],A$A[1][3]
+||	LDW	*B4++[2],B$A[1][3]
+	LDW	*A4++[2],A$A[1][4]
+||	LDW	*B4++[2],B$A[1][4]
+
+	LDW	*A4++[2],A$A[2][0]
+||	LDW	*B4++[2],B$A[2][0]
+	LDW	*A4++[2],A$A[2][1]
+||	LDW	*B4++[2],B$A[2][1]
+	LDW	*A4++[2],A$A[2][2]
+||	LDW	*B4++[2],B$A[2][2]
+	LDW	*A4++[2],A$A[2][3]
+||	LDW	*B4++[2],B$A[2][3]
+	LDW	*A4++[2],A$A[2][4]
+||	LDW	*B4++[2],B$A[2][4]
+
+	LDW	*A4++[2],A$A[3][0]
+||	LDW	*B4++[2],B$A[3][0]
+	LDW	*A4++[2],A$A[3][1]
+||	LDW	*B4++[2],B$A[3][1]
+	LDW	*A4++[2],A$A[3][2]
+||	LDW	*B4++[2],B$A[3][2]
+	LDW	*A4++[2],A$A[3][3]
+||	LDW	*B4++[2],B$A[3][3]
+	LDW	*A4++[2],A$A[3][4]
+||	LDW	*B4++[2],B$A[3][4]
+
+	LDW	*A4++[2],A$A[4][0]
+||	LDW	*B4++[2],B$A[4][0]
+	LDW	*A4++[2],A$A[4][1]
+||	LDW	*B4++[2],B$A[4][1]
+	LDW	*A4++[2],A$A[4][2]
+||	LDW	*B4++[2],B$A[4][2]
+	LDW	*A4++[2],A$A[4][3]
+||	LDW	*B4++[2],B$A[4][3]
+	LDW	*A4,A$A[4][4]
+||	LDW	*B4,B$A[4][4]
+||	ADDKPC	loop?,RA
+	STDW	RA:BSZ,*SP[4]
+
+loop?:
+	CMPLTU	LEN,BSZ,A0			; len < bsz?
+||	SHRU	BSZ,3,BSZ
+  [A0]	BNOP	ret?
+||[A0]	ZERO	BSZ
+||[A0]	LDW	*SP[1],A2			; pull A[][]
+  [BSZ]	LDNDW	*INP++,A1:A0
+||[BSZ]	SUB	LEN,8,LEN
+||[BSZ]	SUB	BSZ,1,BSZ
+	NOP	4
+___
+for ($y = 0; $y < 5; $y++) {
+    for ($x = 0; $x < ($y<4 ? 5 : 4); $x++) {
+$code.=<<___;
+	.if	.BIG_ENDIAN
+	SWAP2	A0,A1
+||	SWAP2	A1,A0
+	SWAP4	A0,A0
+	SWAP4	A1,A1
+||[!BSZ]BNOP	_KeccakF1600_cheat
+||[!BSZ]STDW	LEN:INP,*SP[3]
+||	DEAL	A0,A0
+	.else
+  [!BSZ]BNOP	_KeccakF1600_cheat
+||[!BSZ]STDW	LEN:INP,*SP[3]
+||	DEAL	A0,A0
+	.endif
+  [BSZ]	LDNDW	*INP++,A1:A0
+||	DEAL	A1,A1
+  [BSZ]	SUB	LEN,8,LEN
+||[BSZ]	SUB	BSZ,1,BSZ
+	PACK2	A1,A0,A0
+||	PACKH2	A1,A0,A1
+	XOR	A0,A$A[$y][$x],A$A[$y][$x]
+	XOR	A1,B$A[$y][$x],B$A[$y][$x]
+___
+    }
+}
+$code.=<<___;
+	.if	.BIG_ENDIAN
+	SWAP2	A0,A1
+||	SWAP2	A1,A0
+	SWAP4	A0,A0
+	SWAP4	A1,A1
+	.endif
+	BNOP	_KeccakF1600_cheat
+||	STDW	LEN:INP,*SP[3]
+||	DEAL	A0,A0
+	DEAL	A1,A1
+	NOP
+	PACK2	A1,A0,A0
+||	PACKH2	A1,A0,A1
+	XOR	A0,A$A[4][4],A$A[4][4]
+	XOR	A1,B$A[4][4],B$A[4][4]
+
+	.align	16
+ret?:
+	MV	LEN,A4				; return value
+||	ADD	4,A2,B2
+
+	STW	A$A[0][0],*A2++[2]		; store A[5][5]
+||	STW	B$A[0][0],*B2++[2]
+	STW	A$A[0][1],*A2++[2]
+||	STW	B$A[0][1],*B2++[2]
+	STW	A$A[0][2],*A2++[2]
+||	STW	B$A[0][2],*B2++[2]
+	STW	A$A[0][3],*A2++[2]
+||	STW	B$A[0][3],*B2++[2]
+	STW	A$A[0][4],*A2++[2]
+||	STW	B$A[0][4],*B2++[2]
+
+	STW	A$A[1][0],*A2++[2]
+||	STW	B$A[1][0],*B2++[2]
+	STW	A$A[1][1],*A2++[2]
+||	STW	B$A[1][1],*B2++[2]
+	STW	A$A[1][2],*A2++[2]
+||	STW	B$A[1][2],*B2++[2]
+	STW	A$A[1][3],*A2++[2]
+||	STW	B$A[1][3],*B2++[2]
+	STW	A$A[1][4],*A2++[2]
+||	STW	B$A[1][4],*B2++[2]
+
+	STW	A$A[2][0],*A2++[2]
+||	STW	B$A[2][0],*B2++[2]
+	STW	A$A[2][1],*A2++[2]
+||	STW	B$A[2][1],*B2++[2]
+	STW	A$A[2][2],*A2++[2]
+||	STW	B$A[2][2],*B2++[2]
+	STW	A$A[2][3],*A2++[2]
+||	STW	B$A[2][3],*B2++[2]
+	STW	A$A[2][4],*A2++[2]
+||	STW	B$A[2][4],*B2++[2]
+
+	LDW	*SP[15],RA
+||	LDW	*FP[-6],A14
+
+	STW	A$A[3][0],*A2++[2]
+||	STW	B$A[3][0],*B2++[2]
+	STW	A$A[3][1],*A2++[2]
+||	STW	B$A[3][1],*B2++[2]
+	STW	A$A[3][2],*A2++[2]
+||	STW	B$A[3][2],*B2++[2]
+	STW	A$A[3][3],*A2++[2]
+||	STW	B$A[3][3],*B2++[2]
+	STW	A$A[3][4],*A2++[2]
+||	STW	B$A[3][4],*B2++[2]
+
+	LDDW	*SP[8], B11:B10
+||	LDDW	*FP[-5],A11:A10
+	LDDW	*SP[9], B13:B12
+||	LDDW	*FP[-4],A13:A12
+	BNOP	RA
+||	LDW	*++SP(80),FP			; restore frame pointer
+
+	STW	A$A[4][0],*A2++[2]
+||	STW	B$A[4][0],*B2++[2]
+	STW	A$A[4][1],*A2++[2]
+||	STW	B$A[4][1],*B2++[2]
+	STW	A$A[4][2],*A2++[2]
+||	STW	B$A[4][2],*B2++[2]
+	STW	A$A[4][3],*A2++[2]
+||	STW	B$A[4][3],*B2++[2]
+	STW	A$A[4][4],*A2++[2]
+||	STW	B$A[4][4],*B2++[2]
+	.endasmfunc
+
+	.newblock
+	.global	_SHA3_squeeze
+	.asg	A12,OUT
+	.asg	A13,LEN
+	.asg	A14,BSZ
+	.align	32
+_SHA3_squeeze:
+	.asmfunc stack_usage(24)
+	STW	FP,*SP--(24)			; save frame pointer
+||	MV	SP,FP
+	STW	RA, *SP[5]
+||	STW	A14,*FP[-2]
+	STDW	A13:A12,*FP[-2]
+||	MV	B4,OUT				; reassign arguments
+	MV	A6,LEN
+||	MV	B6,BSZ
+
+loop?:
+	LDW	*SP[5],RA			; reload RA
+||	SHRU	BSZ,3,A1
+||	MV	A4,A8
+||	ADD	4,A4,B8
+block?:
+	CMPLTU	LEN,8,A0			; len < 8?
+  [A0]	BNOP	tail?
+	LDW	*A8++[2],A9
+||	LDW	*B8++[2],B9
+||	SUB	LEN,8,LEN			; len -= 8
+	MV	LEN,A0
+||	SUB	A1,1,A1				; bsz--
+||	NOP	4
+	.if	.BIG_ENDIAN
+	SWAP4	A9,A9
+||	SWAP4	B9,B9
+	SWAP2	A9,A9
+||	SWAP2	B9,B9
+	.endif
+  [!A0]	BNOP	ret?
+||[!A0]	ZERO	A1
+	PACK2	B9,A9,B7
+||[A1]	BNOP	block?
+	PACKH2	B9,A9,B9
+||	SHFL	B7,B7
+	SHFL	B9,B9
+	STNW	B7,*OUT++
+	STNW	B9,*OUT++
+	NOP
+
+	BNOP	_KeccakF1600,4
+	ADDKPC	loop?,RA
+
+	.align	16
+tail?:
+	.if	.BIG_ENDIAN
+	SWAP4	A9,A9
+||	SWAP4	B9,B9
+	SWAP2	A9,A9
+||	SWAP2	B9,B9
+	.endif
+	PACK2	B9,A9,B7
+	PACKH2	B9,A9,B9
+||	SHFL	B7,B7
+	SHFL	B9,B9
+
+	STB	B7,*OUT++
+||	SHRU	B7,8,B7
+||	ADD	LEN,7,A0
+  [A0]	STB	B7,*OUT++
+||[A0]	SHRU	B7,8,B7
+||[A0]	SUB	A0,1,A0
+  [A0]	STB	B7,*OUT++
+||[A0]	SHRU	B7,8,B7
+||[A0]	SUB	A0,1,A0
+  [A0]	STB	B7,*OUT++
+||[A0]	SUB	A0,1,A0
+  [A0]	STB	B9,*OUT++
+||[A0]	SHRU	B9,8,B9
+||[A0]	SUB	A0,1,A0
+  [A0]	STB	B9,*OUT++
+||[A0]	SHRU	B9,8,B9
+||[A0]	SUB	A0,1,A0
+  [A0]	STB	B9,*OUT++
+
+ret?:
+	LDDW	*FP[-2],A13:A12
+	BNOP	RA
+||	LDW	*FP[-2],A14
+	LDW	*++SP(24),FP			; restore frame pointer
+	NOP	4				; wait till FP is committed
+	.endasmfunc
+
+	.if	__TI_EABI__
+	.sect	".text:sha_asm.const"
+	.else
+	.sect	".const:sha_asm"
+	.endif
+	.align	256
+	.uword	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
+iotas:
+	.uword	0x00000001, 0x00000000
+	.uword	0x00000000, 0x00000089
+	.uword	0x00000000, 0x8000008b
+	.uword	0x00000000, 0x80008080
+	.uword	0x00000001, 0x0000008b
+	.uword	0x00000001, 0x00008000
+	.uword	0x00000001, 0x80008088
+	.uword	0x00000001, 0x80000082
+	.uword	0x00000000, 0x0000000b
+	.uword	0x00000000, 0x0000000a
+	.uword	0x00000001, 0x00008082
+	.uword	0x00000000, 0x00008003
+	.uword	0x00000001, 0x0000808b
+	.uword	0x00000001, 0x8000000b
+	.uword	0x00000001, 0x8000008a
+	.uword	0x00000001, 0x80000081
+	.uword	0x00000000, 0x80000081
+	.uword	0x00000000, 0x80000008
+	.uword	0x00000000, 0x00000083
+	.uword	0x00000000, 0x80008003
+	.uword	0x00000001, 0x80008088
+	.uword	0x00000000, 0x80000088
+	.uword	0x00000001, 0x00008000
+	.uword	0x00000000, 0x80008082
+
+	.cstring "Keccak-1600 absorb and squeeze for C64x, CRYPTOGAMS by <appro\@openssl.org>"
+	.align	4
+___
+
+$output=pop;
+open STDOUT,">$output";
+print $code;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-mmx.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-mmx.pl
new file mode 100755
index 000000000..c7685add7
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-mmx.pl
@@ -0,0 +1,440 @@
+#!/usr/bin/env perl
+# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# Keccak-1600 for x86 MMX.
+#
+# June 2017.
+#
+# Below code is KECCAK_2X implementation (see sha/keccak1600.c) with
+# C[5] held in register bank and D[5] offloaded to memory. Though
+# instead of actually unrolling the loop pair-wise I simply flip
+# pointers to T[][] and A[][] and the end of round. Since number of
+# rounds is even, last round writes to A[][] and everything works out.
+# It's argued that MMX is the only code path meaningful to implement
+# for x86. This is because non-MMX-capable processors is an extinct
+# breed, and they as well can lurk executing compiler-generated code.
+# For reference gcc-5.x-generated KECCAK_2X code takes 89 cycles per
+# processed byte on Pentium. Which is fair result. But older compilers
+# produce worse code. On the other hand one can wonder why not 128-bit
+# SSE2? Well, SSE2 won't provide double improvement, rather far from
+# that, if any at all on some processors, because it will take extra
+# permutations and inter-bank data trasfers. Besides, contemporary
+# CPUs are better off executing 64-bit code, and it makes lesser sense
+# to invest into fancy 32-bit code. And the decision doesn't seem to
+# be inadequate, if one compares below results to "64-bit platforms in
+# 32-bit mode" SIMD data points available at
+# http://keccak.noekeon.org/sw_performance.html.
+#
+########################################################################
+# Numbers are cycles per processed byte out of large message.
+#
+#			r=1088(i)
+#
+# PIII			30/+150%
+# Pentium M		27/+150%
+# P4			40/+85%
+# Core 2		19/+170%
+# Sandy Bridge(ii)	18/+140%
+# Atom			33/+180%
+# Silvermont(ii)	30/+180%
+# VIA Nano(ii)		43/+60%
+# Sledgehammer(ii)(iii)	24/+130%
+#
+# (i)	Corresponds to SHA3-256. Numbers after slash are improvement
+#	coefficients over KECCAK_2X [with bit interleave and lane
+#	complementing] position-independent *scalar* code generated
+#	by gcc-5.x. It's not exactly fair comparison, but it's a
+#	datapoint...
+# (ii)	64-bit processor executing 32-bit code.
+# (iii)	Result is considered to be representative even for older AMD
+#	processors.
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+
+$output=pop;
+open STDOUT,">$output";
+
+&asm_init($ARGV[0],$ARGV[$#ARGV] eq "386");
+
+my @C = map("mm$_",(0..4));
+my @T = map("mm$_",(5..7));
+my @A = map([ 8*$_-100, 8*($_+1)-100, 8*($_+2)-100,
+              8*($_+3)-100, 8*($_+4)-100 ], (0,5,10,15,20));
+my @D = map(8*$_+4, (0..4));
+my @rhotates = ([  0,  1, 62, 28, 27 ],
+                [ 36, 44,  6, 55, 20 ],
+                [  3, 10, 43, 25, 39 ],
+                [ 41, 45, 15, 21,  8 ],
+                [ 18,  2, 61, 56, 14 ]);
+
+&static_label("iotas");
+
+&function_begin_B("_KeccakF1600");
+	&movq	(@C[0],&QWP($A[4][0],"esi"));
+	&movq	(@C[1],&QWP($A[4][1],"esi"));
+	&movq	(@C[2],&QWP($A[4][2],"esi"));
+	&movq	(@C[3],&QWP($A[4][3],"esi"));
+	&movq	(@C[4],&QWP($A[4][4],"esi"));
+
+	&mov	("ecx",24);			# loop counter
+	&jmp	(&label("loop"));
+
+    &set_label("loop",16);
+	######################################### Theta
+	&pxor	(@C[0],&QWP($A[0][0],"esi"));
+	&pxor	(@C[1],&QWP($A[0][1],"esi"));
+	&pxor	(@C[2],&QWP($A[0][2],"esi"));
+	&pxor	(@C[3],&QWP($A[0][3],"esi"));
+	&pxor	(@C[4],&QWP($A[0][4],"esi"));
+
+	&pxor	(@C[0],&QWP($A[1][0],"esi"));
+	&pxor	(@C[1],&QWP($A[1][1],"esi"));
+	&pxor	(@C[2],&QWP($A[1][2],"esi"));
+	&pxor	(@C[3],&QWP($A[1][3],"esi"));
+	&pxor	(@C[4],&QWP($A[1][4],"esi"));
+
+	&pxor	(@C[0],&QWP($A[2][0],"esi"));
+	&pxor	(@C[1],&QWP($A[2][1],"esi"));
+	&pxor	(@C[2],&QWP($A[2][2],"esi"));
+	&pxor	(@C[3],&QWP($A[2][3],"esi"));
+	&pxor	(@C[4],&QWP($A[2][4],"esi"));
+
+	&pxor	(@C[2],&QWP($A[3][2],"esi"));
+	&pxor	(@C[0],&QWP($A[3][0],"esi"));
+	&pxor	(@C[1],&QWP($A[3][1],"esi"));
+	&pxor	(@C[3],&QWP($A[3][3],"esi"));
+	 &movq	(@T[0],@C[2]);
+	&pxor	(@C[4],&QWP($A[3][4],"esi"));
+
+	 &movq	(@T[2],@C[2]);
+	 &psrlq	(@T[0],63);
+	&movq	(@T[1],@C[0]);
+	 &psllq	(@T[2],1);
+	 &pxor	(@T[0],@C[0]);
+	&psrlq	(@C[0],63);
+	 &pxor	(@T[0],@T[2]);
+	&psllq	(@T[1],1);
+	 &movq	(@T[2],@C[1]);
+	 &movq	(&QWP(@D[1],"esp"),@T[0]);	# D[1] = E[0] = ROL64(C[2], 1) ^ C[0];
+
+	&pxor	(@T[1],@C[0]);
+	 &psrlq	(@T[2],63);
+	&pxor	(@T[1],@C[3]);
+	 &movq	(@C[0],@C[1]);
+	&movq	(&QWP(@D[4],"esp"),@T[1]);	# D[4] = E[1] = ROL64(C[0], 1) ^ C[3];
+
+	 &psllq	(@C[0],1);
+	 &pxor	(@T[2],@C[4]);
+	 &pxor	(@C[0],@T[2]);
+
+	&movq	(@T[2],@C[3]);
+	&psrlq	(@C[3],63);
+	 &movq	(&QWP(@D[0],"esp"),@C[0]);	# D[0] = C[0] = ROL64(C[1], 1) ^ C[4];
+	&psllq	(@T[2],1);
+	 &movq	(@T[0],@C[4]);
+	 &psrlq	(@C[4],63);
+	&pxor	(@C[1],@C[3]);
+	 &psllq	(@T[0],1);
+	&pxor	(@C[1],@T[2]);
+	 &pxor	(@C[2],@C[4]);
+	&movq	(&QWP(@D[2],"esp"),@C[1]);	# D[2] = C[1] = ROL64(C[3], 1) ^ C[1];
+	 &pxor	(@C[2],@T[0]);
+
+	######################################### first Rho(0) is special
+	&movq	(@C[3],&QWP($A[3][3],"esi"));
+	 &movq	(&QWP(@D[3],"esp"),@C[2]);	# D[3] = C[2] = ROL64(C[4], 1) ^ C[2];
+	&pxor	(@C[3],@C[2]);
+	 &movq	(@C[4],&QWP($A[4][4],"esi"));
+	&movq	(@T[2],@C[3]);
+	&psrlq	(@C[3],64-$rhotates[3][3]);
+	 &pxor	(@C[4],@T[1]);
+	&psllq	(@T[2],$rhotates[3][3]);
+	 &movq	(@T[1],@C[4]);
+	 &psrlq	(@C[4],64-$rhotates[4][4]);
+	&por	(@C[3],@T[2]);		# C[3] = ROL64(A[3][3] ^ C[2], rhotates[3][3]);   /* D[3] */
+	 &psllq	(@T[1],$rhotates[4][4]);
+
+	&movq	(@C[2],&QWP($A[2][2],"esi"));
+	 &por	(@C[4],@T[1]);		# C[4] = ROL64(A[4][4] ^ E[1], rhotates[4][4]);   /* D[4] */
+	&pxor	(@C[2],@C[1]);
+	 &movq	(@C[1],&QWP($A[1][1],"esi"));
+	&movq	(@T[1],@C[2]);
+	&psrlq	(@C[2],64-$rhotates[2][2]);
+	 &pxor	(@C[1],&QWP(@D[1],"esp"));
+	&psllq	(@T[1],$rhotates[2][2]);
+
+	 &movq	(@T[2],@C[1]);
+	 &psrlq	(@C[1],64-$rhotates[1][1]);
+	&por	(@C[2],@T[1]);		# C[2] = ROL64(A[2][2] ^ C[1], rhotates[2][2]);   /* D[2] */
+	 &psllq	(@T[2],$rhotates[1][1]);
+	&pxor	(@C[0],&QWP($A[0][0],"esi")); # /* rotate by 0 */  /* D[0] */
+	 &por	(@C[1],@T[2]);		# C[1] = ROL64(A[1][1] ^ D[1], rhotates[1][1]);
+
+sub Chi() {				######### regular Chi step
+    my ($y,$xrho) = @_;
+
+	&movq	(@T[0],@C[1]);
+	 &movq	(@T[1],@C[2]);
+	&pandn	(@T[0],@C[2]);
+	 &pandn	(@C[2],@C[3]);
+	&pxor	(@T[0],@C[0]);
+	 &pxor	(@C[2],@C[1]);
+	&pxor	(@T[0],&QWP(0,"ebx"))		if ($y == 0);
+	&lea	("ebx",&DWP(8,"ebx"))		if ($y == 0);
+
+	&movq	(@T[2],@C[3]);
+	&movq	(&QWP($A[$y][0],"edi"),@T[0]);	# R[0][0] = C[0] ^ (~C[1] & C[2]) ^ iotas[i];
+	 &movq	(@T[0],@C[4]);
+	&pandn	(@C[3],@C[4]);
+	 &pandn	(@C[4],@C[0]);
+	&pxor	(@C[3],@T[1]);
+	 &movq	(&QWP($A[$y][1],"edi"),@C[2]);	# R[0][1] = C[1] ^ (~C[2] & C[3]);
+	 &pxor	(@C[4],@T[2]);
+	  &movq	(@T[2],&QWP($A[0][$xrho],"esi"))	if (defined($xrho));
+
+	 &movq	(&QWP($A[$y][2],"edi"),@C[3]);	# R[0][2] = C[2] ^ (~C[3] & C[4]);
+	&pandn	(@C[0],@C[1]);
+	 &movq	(&QWP($A[$y][3],"edi"),@C[4]);	# R[0][3] = C[3] ^ (~C[4] & C[0]);
+	&pxor	(@C[0],@T[0]);
+	  &pxor	(@T[2],&QWP(@D[$xrho],"esp"))		if (defined($xrho));
+	&movq	(&QWP($A[$y][4],"edi"),@C[0]);	# R[0][4] = C[4] ^ (~C[0] & C[1]);
+}
+	&Chi	(0, 3);
+
+sub Rho() {				######### regular Rho step
+    my $x = shift;
+
+	#&movq	(@T[2],&QWP($A[0][$x],"esi"));	# moved to Chi
+	#&pxor	(@T[2],&QWP(@D[$x],"esp"));	# moved to Chi
+	&movq	(@C[0],@T[2]);
+	&psrlq	(@T[2],64-$rhotates[0][$x]);
+	 &movq	(@C[1],&QWP($A[1][($x+1)%5],"esi"));
+	&psllq	(@C[0],$rhotates[0][$x]);
+	 &pxor	(@C[1],&QWP(@D[($x+1)%5],"esp"));
+	&por	(@C[0],@T[2]);		# C[0] = ROL64(A[0][3] ^ D[3], rhotates[0][3]);
+
+	 &movq	(@T[1],@C[1]);
+	 &psrlq	(@C[1],64-$rhotates[1][($x+1)%5]);
+	&movq	(@C[2],&QWP($A[2][($x+2)%5],"esi"));
+	 &psllq	(@T[1],$rhotates[1][($x+1)%5]);
+	&pxor	(@C[2],&QWP(@D[($x+2)%5],"esp"));
+	 &por	(@C[1],@T[1]);		# C[1] = ROL64(A[1][4] ^ D[4], rhotates[1][4]);
+
+	&movq	(@T[2],@C[2]);
+	&psrlq	(@C[2],64-$rhotates[2][($x+2)%5]);
+	 &movq	(@C[3],&QWP($A[3][($x+3)%5],"esi"));
+	&psllq	(@T[2],$rhotates[2][($x+2)%5]);
+	 &pxor	(@C[3],&QWP(@D[($x+3)%5],"esp"));
+	&por	(@C[2],@T[2]);		# C[2] = ROL64(A[2][0] ^ D[0], rhotates[2][0]);
+
+	 &movq	(@T[0],@C[3]);
+	 &psrlq	(@C[3],64-$rhotates[3][($x+3)%5]);
+	&movq	(@C[4],&QWP($A[4][($x+4)%5],"esi"));
+	 &psllq	(@T[0],$rhotates[3][($x+3)%5]);
+	&pxor	(@C[4],&QWP(@D[($x+4)%5],"esp"));
+	 &por	(@C[3],@T[0]);		# C[3] = ROL64(A[3][1] ^ D[1], rhotates[3][1]);
+
+	&movq	(@T[1],@C[4]);
+	&psrlq	(@C[4],64-$rhotates[4][($x+4)%5]);
+	&psllq	(@T[1],$rhotates[4][($x+4)%5]);
+	&por	(@C[4],@T[1]);		# C[4] = ROL64(A[4][2] ^ D[2], rhotates[4][2]);
+}
+	&Rho	(3);	&Chi	(1, 1);
+	&Rho	(1);	&Chi	(2, 4);
+	&Rho	(4);	&Chi	(3, 2);
+	&Rho	(2);	###&Chi	(4);
+
+	&movq	(@T[0],@C[0]);		######### last Chi(4) is special
+	 &xor	("edi","esi");		# &xchg	("esi","edi");
+	&movq	(&QWP(@D[1],"esp"),@C[1]);
+	 &xor	("esi","edi");
+	 &xor	("edi","esi");
+
+	&movq	(@T[1],@C[1]);
+	 &movq	(@T[2],@C[2]);
+	&pandn	(@T[1],@C[2]);
+	 &pandn	(@T[2],@C[3]);
+	&pxor	(@C[0],@T[1]);
+	 &pxor	(@C[1],@T[2]);
+
+	&movq	(@T[1],@C[3]);
+	 &movq	(&QWP($A[4][0],"esi"),@C[0]);	# R[4][0] = C[0] ^= (~C[1] & C[2]);
+	&pandn	(@T[1],@C[4]);
+	 &movq	(&QWP($A[4][1],"esi"),@C[1]);	# R[4][1] = C[1] ^= (~C[2] & C[3]);
+	&pxor	(@C[2],@T[1]);
+	 &movq	(@T[2],@C[4]);
+	&movq	(&QWP($A[4][2],"esi"),@C[2]);	# R[4][2] = C[2] ^= (~C[3] & C[4]);
+
+	&pandn	(@T[2],@T[0]);
+	 &pandn	(@T[0],&QWP(@D[1],"esp"));
+	&pxor	(@C[3],@T[2]);
+	 &pxor	(@C[4],@T[0]);
+	&movq	(&QWP($A[4][3],"esi"),@C[3]);	# R[4][3] = C[3] ^= (~C[4] & D[0]);
+	&sub	("ecx",1);
+	 &movq	(&QWP($A[4][4],"esi"),@C[4]);	# R[4][4] = C[4] ^= (~D[0] & D[1]);
+	&jnz	(&label("loop"));
+
+	&lea	("ebx",&DWP(-192,"ebx"));	# rewind iotas
+	&ret	();
+&function_end_B("_KeccakF1600");
+
+&function_begin("KeccakF1600");
+	&mov	("esi",&wparam(0));
+	&mov	("ebp","esp");
+	&sub	("esp",240);
+	&call	(&label("pic_point"));
+    &set_label("pic_point");
+	&blindpop("ebx");
+	&lea	("ebx",&DWP(&label("iotas")."-".&label("pic_point"),"ebx"));
+	&and	("esp",-8);
+	&lea	("esi",&DWP(100,"esi"));	# size optimization
+	&lea	("edi",&DWP(8*5+100,"esp"));	# size optimization
+
+	&call	("_KeccakF1600");
+
+	&mov	("esp","ebp");
+	&emms	();
+&function_end("KeccakF1600");
+
+&function_begin("SHA3_absorb");
+	&mov	("esi",&wparam(0));		# A[][]
+	&mov	("eax",&wparam(1));		# inp
+	&mov	("ecx",&wparam(2));		# len
+	&mov	("edx",&wparam(3));		# bsz
+	&mov	("ebp","esp");
+	&sub	("esp",240+8);
+	&call	(&label("pic_point"));
+    &set_label("pic_point");
+	&blindpop("ebx");
+	&lea	("ebx",&DWP(&label("iotas")."-".&label("pic_point"),"ebx"));
+	&and	("esp",-8);
+
+	&mov	("edi","esi");
+	&lea	("esi",&DWP(100,"esi"));	# size optimization
+	&mov	(&DWP(-4,"ebp"),"edx");		# save bsz
+	&jmp	(&label("loop"));
+
+&set_label("loop",16);
+	&cmp	("ecx","edx");			# len < bsz?
+	&jc	(&label("absorbed"));
+
+	&shr	("edx",3);			# bsz /= 8
+&set_label("block");
+	&movq	("mm0",&QWP(0,"eax"));
+	&lea	("eax",&DWP(8,"eax"));
+	&pxor	("mm0",&QWP(0,"edi"));
+	&lea	("edi",&DWP(8,"edi"));
+	&sub	("ecx",8);			# len -= 8
+	&movq	(&QWP(-8,"edi"),"mm0");
+	&dec	("edx");			# bsz--
+	&jnz	(&label("block"));
+
+	&lea	("edi",&DWP(8*5+100,"esp"));	# size optimization
+	&mov	(&DWP(-8,"ebp"),"ecx");		# save len
+	&call	("_KeccakF1600");
+	&mov	("ecx",&DWP(-8,"ebp"));		# pull len
+	&mov	("edx",&DWP(-4,"ebp"));		# pull bsz
+	&lea	("edi",&DWP(-100,"esi"));
+	&jmp	(&label("loop"));
+
+&set_label("absorbed",16);
+	&mov	("eax","ecx");			# return value
+	&mov	("esp","ebp");
+	&emms	();
+&function_end("SHA3_absorb");
+
+&function_begin("SHA3_squeeze");
+	&mov	("esi",&wparam(0));		# A[][]
+	&mov	("eax",&wparam(1));		# out
+	&mov	("ecx",&wparam(2));		# len
+	&mov	("edx",&wparam(3));		# bsz
+	&mov	("ebp","esp");
+	&sub	("esp",240+8);
+	&call	(&label("pic_point"));
+    &set_label("pic_point");
+	&blindpop("ebx");
+	&lea	("ebx",&DWP(&label("iotas")."-".&label("pic_point"),"ebx"));
+	&and	("esp",-8);
+
+	&shr	("edx",3);			# bsz /= 8
+	&mov	("edi","esi");
+	&lea	("esi",&DWP(100,"esi"));	# size optimization
+	&mov	(&DWP(-4,"ebp"),"edx");		# save bsz
+	&jmp	(&label("loop"));
+
+&set_label("loop",16);
+	&cmp	("ecx",8);			# len < 8?
+	&jc	(&label("tail"));
+
+	&movq	("mm0",&QWP(0,"edi"));
+	&lea	("edi",&DWP(8,"edi"));
+	&movq	(&QWP(0,"eax"),"mm0");
+	&lea	("eax",&DWP(8,"eax"));
+	&sub	("ecx",8);			# len -= 8
+	&jz	(&label("done"));
+
+	&dec	("edx");			# bsz--
+	&jnz	(&label("loop"));
+
+	&lea	("edi",&DWP(8*5+100,"esp"));	# size optimization
+	&mov	(&DWP(-8,"ebp"),"ecx");		# save len
+	&call	("_KeccakF1600");
+	&mov	("ecx",&DWP(-8,"ebp"));		# pull len
+	&mov	("edx",&DWP(-4,"ebp"));		# pull bsz
+	&lea	("edi",&DWP(-100,"esi"));
+	&jmp	(&label("loop"));
+
+&set_label("tail",16);
+	&mov	("esi","edi");
+	&mov	("edi","eax");
+	&data_word("0xA4F39066");		# rep movsb
+
+&set_label("done");
+	&mov	("esp","ebp");
+	&emms	();
+&function_end("SHA3_squeeze");
+
+&set_label("iotas",32);
+	&data_word(0x00000001,0x00000000);
+	&data_word(0x00008082,0x00000000);
+	&data_word(0x0000808a,0x80000000);
+	&data_word(0x80008000,0x80000000);
+	&data_word(0x0000808b,0x00000000);
+	&data_word(0x80000001,0x00000000);
+	&data_word(0x80008081,0x80000000);
+	&data_word(0x00008009,0x80000000);
+	&data_word(0x0000008a,0x00000000);
+	&data_word(0x00000088,0x00000000);
+	&data_word(0x80008009,0x00000000);
+	&data_word(0x8000000a,0x00000000);
+	&data_word(0x8000808b,0x00000000);
+	&data_word(0x0000008b,0x80000000);
+	&data_word(0x00008089,0x80000000);
+	&data_word(0x00008003,0x80000000);
+	&data_word(0x00008002,0x80000000);
+	&data_word(0x00000080,0x80000000);
+	&data_word(0x0000800a,0x00000000);
+	&data_word(0x8000000a,0x80000000);
+	&data_word(0x80008081,0x80000000);
+	&data_word(0x00008080,0x80000000);
+	&data_word(0x80000001,0x00000000);
+	&data_word(0x80008008,0x80000000);
+&asciz("Keccak-1600 absorb and squeeze for MMX, CRYPTOGAMS by <appro\@openssl.org>");
+
+&asm_finish();
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-ppc64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-ppc64.pl
new file mode 100755
index 000000000..30e70c5d6
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-ppc64.pl
@@ -0,0 +1,758 @@
+#!/usr/bin/env perl
+# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# Keccak-1600 for PPC64.
+#
+# June 2017.
+#
+# This is straightforward KECCAK_1X_ALT implementation that works on
+# *any* PPC64. Then PowerISA 2.07 adds 2x64-bit vector rotate, and
+# it's possible to achieve performance better than below, but that is
+# naturally option only for POWER8 and successors...
+#
+######################################################################
+# Numbers are cycles per processed byte.
+#
+#		r=1088(*)
+#
+# PPC970/G5	14.6/+120%
+# POWER7	10.3/+100%
+# POWER8	11.5/+85%
+# POWER9	9.4/+45%
+#
+# (*)	Corresponds to SHA3-256. Percentage after slash is improvement
+#	over gcc-4.x-generated KECCAK_1X_ALT code. Newer compilers do
+#	much better (but watch out for them generating code specific
+#	to processor they execute on).
+
+$flavour = shift;
+
+if ($flavour =~ /64/) {
+	$SIZE_T	=8;
+	$LRSAVE	=2*$SIZE_T;
+	$UCMP	="cmpld";
+	$STU	="stdu";
+	$POP	="ld";
+	$PUSH	="std";
+} else { die "nonsense $flavour"; }
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
+die "can't locate ppc-xlate.pl";
+
+open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!";
+
+$FRAME=24*$SIZE_T+6*$SIZE_T+32;
+$LOCALS=6*$SIZE_T;
+$TEMP=$LOCALS+6*$SIZE_T;
+
+my $sp ="r1";
+
+my @A = map([ "r$_", "r".($_+1), "r".($_+2), "r".($_+3), "r".($_+4) ],
+            (7, 12, 17, 22, 27));
+   $A[1][1] = "r6"; # r13 is reserved
+
+my @C = map("r$_", (0,3,4,5));
+
+my @rhotates = ([  0,  1, 62, 28, 27 ],
+                [ 36, 44,  6, 55, 20 ],
+                [  3, 10, 43, 25, 39 ],
+                [ 41, 45, 15, 21,  8 ],
+                [ 18,  2, 61, 56, 14 ]);
+
+$code.=<<___;
+.text
+
+.type	KeccakF1600_int,\@function
+.align	5
+KeccakF1600_int:
+	li	r0,24
+	mtctr	r0
+	b	.Loop
+.align	4
+.Loop:
+	xor	$C[0],$A[0][0],$A[1][0]		; Theta
+	std	$A[0][4],`$TEMP+0`($sp)
+	xor	$C[1],$A[0][1],$A[1][1]
+	std	$A[1][4],`$TEMP+8`($sp)
+	xor	$C[2],$A[0][2],$A[1][2]
+	std	$A[2][4],`$TEMP+16`($sp)
+	xor	$C[3],$A[0][3],$A[1][3]
+	std	$A[3][4],`$TEMP+24`($sp)
+___
+	$C[4]=$A[0][4];
+	$C[5]=$A[1][4];
+	$C[6]=$A[2][4];
+	$C[7]=$A[3][4];
+$code.=<<___;
+	xor	$C[4],$A[0][4],$A[1][4]
+	xor	$C[0],$C[0],$A[2][0]
+	xor	$C[1],$C[1],$A[2][1]
+	xor	$C[2],$C[2],$A[2][2]
+	xor	$C[3],$C[3],$A[2][3]
+	xor	$C[4],$C[4],$A[2][4]
+	xor	$C[0],$C[0],$A[3][0]
+	xor	$C[1],$C[1],$A[3][1]
+	xor	$C[2],$C[2],$A[3][2]
+	xor	$C[3],$C[3],$A[3][3]
+	xor	$C[4],$C[4],$A[3][4]
+	xor	$C[0],$C[0],$A[4][0]
+	xor	$C[2],$C[2],$A[4][2]
+	xor	$C[1],$C[1],$A[4][1]
+	xor	$C[3],$C[3],$A[4][3]
+	rotldi	$C[5],$C[2],1
+	xor	$C[4],$C[4],$A[4][4]
+	rotldi	$C[6],$C[3],1
+	xor	$C[5],$C[5],$C[0]
+	rotldi	$C[7],$C[4],1
+
+	xor	$A[0][1],$A[0][1],$C[5]
+	xor	$A[1][1],$A[1][1],$C[5]
+	xor	$A[2][1],$A[2][1],$C[5]
+	xor	$A[3][1],$A[3][1],$C[5]
+	xor	$A[4][1],$A[4][1],$C[5]
+
+	rotldi	$C[5],$C[0],1
+	xor	$C[6],$C[6],$C[1]
+	xor	$C[2],$C[2],$C[7]
+	rotldi	$C[7],$C[1],1
+	xor	$C[3],$C[3],$C[5]
+	xor	$C[4],$C[4],$C[7]
+
+	xor	$C[1],   $A[0][2],$C[6]			;mr	$C[1],$A[0][2]
+	xor	$A[1][2],$A[1][2],$C[6]
+	xor	$A[2][2],$A[2][2],$C[6]
+	xor	$A[3][2],$A[3][2],$C[6]
+	xor	$A[4][2],$A[4][2],$C[6]
+
+	xor	$A[0][0],$A[0][0],$C[4]
+	xor	$A[1][0],$A[1][0],$C[4]
+	xor	$A[2][0],$A[2][0],$C[4]
+	xor	$A[3][0],$A[3][0],$C[4]
+	xor	$A[4][0],$A[4][0],$C[4]
+___
+	$C[4]=undef;
+	$C[5]=undef;
+	$C[6]=undef;
+	$C[7]=undef;
+$code.=<<___;
+	ld	$A[0][4],`$TEMP+0`($sp)
+	xor	$C[0],   $A[0][3],$C[2]			;mr	$C[0],$A[0][3]
+	ld	$A[1][4],`$TEMP+8`($sp)
+	xor	$A[1][3],$A[1][3],$C[2]
+	ld	$A[2][4],`$TEMP+16`($sp)
+	xor	$A[2][3],$A[2][3],$C[2]
+	ld	$A[3][4],`$TEMP+24`($sp)
+	xor	$A[3][3],$A[3][3],$C[2]
+	xor	$A[4][3],$A[4][3],$C[2]
+
+	xor	$C[2],   $A[0][4],$C[3]			;mr	$C[2],$A[0][4]
+	xor	$A[1][4],$A[1][4],$C[3]
+	xor	$A[2][4],$A[2][4],$C[3]
+	xor	$A[3][4],$A[3][4],$C[3]
+	xor	$A[4][4],$A[4][4],$C[3]
+
+	mr	$C[3],$A[0][1]				; Rho+Pi
+	rotldi	$A[0][1],$A[1][1],$rhotates[1][1]
+	;mr	$C[1],$A[0][2]
+	rotldi	$A[0][2],$A[2][2],$rhotates[2][2]
+	;mr	$C[0],$A[0][3]
+	rotldi	$A[0][3],$A[3][3],$rhotates[3][3]
+	;mr	$C[2],$A[0][4]
+	rotldi	$A[0][4],$A[4][4],$rhotates[4][4]
+
+	rotldi	$A[1][1],$A[1][4],$rhotates[1][4]
+	rotldi	$A[2][2],$A[2][3],$rhotates[2][3]
+	rotldi	$A[3][3],$A[3][2],$rhotates[3][2]
+	rotldi	$A[4][4],$A[4][1],$rhotates[4][1]
+
+	rotldi	$A[1][4],$A[4][2],$rhotates[4][2]
+	rotldi	$A[2][3],$A[3][4],$rhotates[3][4]
+	rotldi	$A[3][2],$A[2][1],$rhotates[2][1]
+	rotldi	$A[4][1],$A[1][3],$rhotates[1][3]
+
+	rotldi	$A[4][2],$A[2][4],$rhotates[2][4]
+	rotldi	$A[3][4],$A[4][3],$rhotates[4][3]
+	rotldi	$A[2][1],$A[1][2],$rhotates[1][2]
+	rotldi	$A[1][3],$A[3][1],$rhotates[3][1]
+
+	rotldi	$A[2][4],$A[4][0],$rhotates[4][0]
+	rotldi	$A[4][3],$A[3][0],$rhotates[3][0]
+	rotldi	$A[1][2],$A[2][0],$rhotates[2][0]
+	rotldi	$A[3][1],$A[1][0],$rhotates[1][0]
+
+	rotldi	$A[1][0],$C[0],$rhotates[0][3]
+	rotldi	$A[2][0],$C[3],$rhotates[0][1]
+	rotldi	$A[3][0],$C[2],$rhotates[0][4]
+	rotldi	$A[4][0],$C[1],$rhotates[0][2]
+
+	andc	$C[0],$A[0][2],$A[0][1]			; Chi+Iota
+	andc	$C[1],$A[0][3],$A[0][2]
+	andc	$C[2],$A[0][0],$A[0][4]
+	andc	$C[3],$A[0][1],$A[0][0]
+	xor	$A[0][0],$A[0][0],$C[0]
+	andc	$C[0],$A[0][4],$A[0][3]
+	xor	$A[0][1],$A[0][1],$C[1]
+	 ld	$C[1],`$LOCALS+4*$SIZE_T`($sp)
+	xor	$A[0][3],$A[0][3],$C[2]
+	xor	$A[0][4],$A[0][4],$C[3]
+	xor	$A[0][2],$A[0][2],$C[0]
+	 ldu	$C[3],8($C[1])				; Iota[i++]
+
+	andc	$C[0],$A[1][2],$A[1][1]
+	 std	$C[1],`$LOCALS+4*$SIZE_T`($sp)
+	andc	$C[1],$A[1][3],$A[1][2]
+	andc	$C[2],$A[1][0],$A[1][4]
+	 xor	$A[0][0],$A[0][0],$C[3]			; A[0][0] ^= Iota
+	andc	$C[3],$A[1][1],$A[1][0]
+	xor	$A[1][0],$A[1][0],$C[0]
+	andc	$C[0],$A[1][4],$A[1][3]
+	xor	$A[1][1],$A[1][1],$C[1]
+	xor	$A[1][3],$A[1][3],$C[2]
+	xor	$A[1][4],$A[1][4],$C[3]
+	xor	$A[1][2],$A[1][2],$C[0]
+
+	andc	$C[0],$A[2][2],$A[2][1]
+	andc	$C[1],$A[2][3],$A[2][2]
+	andc	$C[2],$A[2][0],$A[2][4]
+	andc	$C[3],$A[2][1],$A[2][0]
+	xor	$A[2][0],$A[2][0],$C[0]
+	andc	$C[0],$A[2][4],$A[2][3]
+	xor	$A[2][1],$A[2][1],$C[1]
+	xor	$A[2][3],$A[2][3],$C[2]
+	xor	$A[2][4],$A[2][4],$C[3]
+	xor	$A[2][2],$A[2][2],$C[0]
+
+	andc	$C[0],$A[3][2],$A[3][1]
+	andc	$C[1],$A[3][3],$A[3][2]
+	andc	$C[2],$A[3][0],$A[3][4]
+	andc	$C[3],$A[3][1],$A[3][0]
+	xor	$A[3][0],$A[3][0],$C[0]
+	andc	$C[0],$A[3][4],$A[3][3]
+	xor	$A[3][1],$A[3][1],$C[1]
+	xor	$A[3][3],$A[3][3],$C[2]
+	xor	$A[3][4],$A[3][4],$C[3]
+	xor	$A[3][2],$A[3][2],$C[0]
+
+	andc	$C[0],$A[4][2],$A[4][1]
+	andc	$C[1],$A[4][3],$A[4][2]
+	andc	$C[2],$A[4][0],$A[4][4]
+	andc	$C[3],$A[4][1],$A[4][0]
+	xor	$A[4][0],$A[4][0],$C[0]
+	andc	$C[0],$A[4][4],$A[4][3]
+	xor	$A[4][1],$A[4][1],$C[1]
+	xor	$A[4][3],$A[4][3],$C[2]
+	xor	$A[4][4],$A[4][4],$C[3]
+	xor	$A[4][2],$A[4][2],$C[0]
+
+	bdnz	.Loop
+
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+.size	KeccakF1600_int,.-KeccakF1600_int
+
+.type	KeccakF1600,\@function
+.align	5
+KeccakF1600:
+	$STU	$sp,-$FRAME($sp)
+	mflr	r0
+	$PUSH	r14,`$FRAME-$SIZE_T*18`($sp)
+	$PUSH	r15,`$FRAME-$SIZE_T*17`($sp)
+	$PUSH	r16,`$FRAME-$SIZE_T*16`($sp)
+	$PUSH	r17,`$FRAME-$SIZE_T*15`($sp)
+	$PUSH	r18,`$FRAME-$SIZE_T*14`($sp)
+	$PUSH	r19,`$FRAME-$SIZE_T*13`($sp)
+	$PUSH	r20,`$FRAME-$SIZE_T*12`($sp)
+	$PUSH	r21,`$FRAME-$SIZE_T*11`($sp)
+	$PUSH	r22,`$FRAME-$SIZE_T*10`($sp)
+	$PUSH	r23,`$FRAME-$SIZE_T*9`($sp)
+	$PUSH	r24,`$FRAME-$SIZE_T*8`($sp)
+	$PUSH	r25,`$FRAME-$SIZE_T*7`($sp)
+	$PUSH	r26,`$FRAME-$SIZE_T*6`($sp)
+	$PUSH	r27,`$FRAME-$SIZE_T*5`($sp)
+	$PUSH	r28,`$FRAME-$SIZE_T*4`($sp)
+	$PUSH	r29,`$FRAME-$SIZE_T*3`($sp)
+	$PUSH	r30,`$FRAME-$SIZE_T*2`($sp)
+	$PUSH	r31,`$FRAME-$SIZE_T*1`($sp)
+	$PUSH	r0,`$FRAME+$LRSAVE`($sp)
+
+	bl	PICmeup
+	subi	r12,r12,8			; prepare for ldu
+
+	$PUSH	r3,`$LOCALS+0*$SIZE_T`($sp)
+	;$PUSH	r4,`$LOCALS+1*$SIZE_T`($sp)
+	;$PUSH	r5,`$LOCALS+2*$SIZE_T`($sp)
+	;$PUSH	r6,`$LOCALS+3*$SIZE_T`($sp)
+	$PUSH	r12,`$LOCALS+4*$SIZE_T`($sp)
+
+	ld	$A[0][0],`8*0`(r3)		; load A[5][5]
+	ld	$A[0][1],`8*1`(r3)
+	ld	$A[0][2],`8*2`(r3)
+	ld	$A[0][3],`8*3`(r3)
+	ld	$A[0][4],`8*4`(r3)
+	ld	$A[1][0],`8*5`(r3)
+	ld	$A[1][1],`8*6`(r3)
+	ld	$A[1][2],`8*7`(r3)
+	ld	$A[1][3],`8*8`(r3)
+	ld	$A[1][4],`8*9`(r3)
+	ld	$A[2][0],`8*10`(r3)
+	ld	$A[2][1],`8*11`(r3)
+	ld	$A[2][2],`8*12`(r3)
+	ld	$A[2][3],`8*13`(r3)
+	ld	$A[2][4],`8*14`(r3)
+	ld	$A[3][0],`8*15`(r3)
+	ld	$A[3][1],`8*16`(r3)
+	ld	$A[3][2],`8*17`(r3)
+	ld	$A[3][3],`8*18`(r3)
+	ld	$A[3][4],`8*19`(r3)
+	ld	$A[4][0],`8*20`(r3)
+	ld	$A[4][1],`8*21`(r3)
+	ld	$A[4][2],`8*22`(r3)
+	ld	$A[4][3],`8*23`(r3)
+	ld	$A[4][4],`8*24`(r3)
+
+	bl	KeccakF1600_int
+
+	$POP	r3,`$LOCALS+0*$SIZE_T`($sp)
+	std	$A[0][0],`8*0`(r3)		; return A[5][5]
+	std	$A[0][1],`8*1`(r3)
+	std	$A[0][2],`8*2`(r3)
+	std	$A[0][3],`8*3`(r3)
+	std	$A[0][4],`8*4`(r3)
+	std	$A[1][0],`8*5`(r3)
+	std	$A[1][1],`8*6`(r3)
+	std	$A[1][2],`8*7`(r3)
+	std	$A[1][3],`8*8`(r3)
+	std	$A[1][4],`8*9`(r3)
+	std	$A[2][0],`8*10`(r3)
+	std	$A[2][1],`8*11`(r3)
+	std	$A[2][2],`8*12`(r3)
+	std	$A[2][3],`8*13`(r3)
+	std	$A[2][4],`8*14`(r3)
+	std	$A[3][0],`8*15`(r3)
+	std	$A[3][1],`8*16`(r3)
+	std	$A[3][2],`8*17`(r3)
+	std	$A[3][3],`8*18`(r3)
+	std	$A[3][4],`8*19`(r3)
+	std	$A[4][0],`8*20`(r3)
+	std	$A[4][1],`8*21`(r3)
+	std	$A[4][2],`8*22`(r3)
+	std	$A[4][3],`8*23`(r3)
+	std	$A[4][4],`8*24`(r3)
+
+	$POP	r0,`$FRAME+$LRSAVE`($sp)
+	$POP	r14,`$FRAME-$SIZE_T*18`($sp)
+	$POP	r15,`$FRAME-$SIZE_T*17`($sp)
+	$POP	r16,`$FRAME-$SIZE_T*16`($sp)
+	$POP	r17,`$FRAME-$SIZE_T*15`($sp)
+	$POP	r18,`$FRAME-$SIZE_T*14`($sp)
+	$POP	r19,`$FRAME-$SIZE_T*13`($sp)
+	$POP	r20,`$FRAME-$SIZE_T*12`($sp)
+	$POP	r21,`$FRAME-$SIZE_T*11`($sp)
+	$POP	r22,`$FRAME-$SIZE_T*10`($sp)
+	$POP	r23,`$FRAME-$SIZE_T*9`($sp)
+	$POP	r24,`$FRAME-$SIZE_T*8`($sp)
+	$POP	r25,`$FRAME-$SIZE_T*7`($sp)
+	$POP	r26,`$FRAME-$SIZE_T*6`($sp)
+	$POP	r27,`$FRAME-$SIZE_T*5`($sp)
+	$POP	r28,`$FRAME-$SIZE_T*4`($sp)
+	$POP	r29,`$FRAME-$SIZE_T*3`($sp)
+	$POP	r30,`$FRAME-$SIZE_T*2`($sp)
+	$POP	r31,`$FRAME-$SIZE_T*1`($sp)
+	mtlr	r0
+	addi	$sp,$sp,$FRAME
+	blr
+	.long	0
+	.byte	0,12,4,1,0x80,18,1,0
+	.long	0
+.size	KeccakF1600,.-KeccakF1600
+
+.type	dword_le_load,\@function
+.align	5
+dword_le_load:
+	lbzu	r0,1(r3)
+	lbzu	r4,1(r3)
+	lbzu	r5,1(r3)
+	insrdi	r0,r4,8,48
+	lbzu	r4,1(r3)
+	insrdi	r0,r5,8,40
+	lbzu	r5,1(r3)
+	insrdi	r0,r4,8,32
+	lbzu	r4,1(r3)
+	insrdi	r0,r5,8,24
+	lbzu	r5,1(r3)
+	insrdi	r0,r4,8,16
+	lbzu	r4,1(r3)
+	insrdi	r0,r5,8,8
+	insrdi	r0,r4,8,0
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,1,0
+	.long	0
+.size	dword_le_load,.-dword_le_load
+
+.globl	SHA3_absorb
+.type	SHA3_absorb,\@function
+.align	5
+SHA3_absorb:
+	$STU	$sp,-$FRAME($sp)
+	mflr	r0
+	$PUSH	r14,`$FRAME-$SIZE_T*18`($sp)
+	$PUSH	r15,`$FRAME-$SIZE_T*17`($sp)
+	$PUSH	r16,`$FRAME-$SIZE_T*16`($sp)
+	$PUSH	r17,`$FRAME-$SIZE_T*15`($sp)
+	$PUSH	r18,`$FRAME-$SIZE_T*14`($sp)
+	$PUSH	r19,`$FRAME-$SIZE_T*13`($sp)
+	$PUSH	r20,`$FRAME-$SIZE_T*12`($sp)
+	$PUSH	r21,`$FRAME-$SIZE_T*11`($sp)
+	$PUSH	r22,`$FRAME-$SIZE_T*10`($sp)
+	$PUSH	r23,`$FRAME-$SIZE_T*9`($sp)
+	$PUSH	r24,`$FRAME-$SIZE_T*8`($sp)
+	$PUSH	r25,`$FRAME-$SIZE_T*7`($sp)
+	$PUSH	r26,`$FRAME-$SIZE_T*6`($sp)
+	$PUSH	r27,`$FRAME-$SIZE_T*5`($sp)
+	$PUSH	r28,`$FRAME-$SIZE_T*4`($sp)
+	$PUSH	r29,`$FRAME-$SIZE_T*3`($sp)
+	$PUSH	r30,`$FRAME-$SIZE_T*2`($sp)
+	$PUSH	r31,`$FRAME-$SIZE_T*1`($sp)
+	$PUSH	r0,`$FRAME+$LRSAVE`($sp)
+
+	bl	PICmeup
+	subi	r4,r4,1				; prepare for lbzu
+	subi	r12,r12,8			; prepare for ldu
+
+	$PUSH	r3,`$LOCALS+0*$SIZE_T`($sp)	; save A[][]
+	$PUSH	r4,`$LOCALS+1*$SIZE_T`($sp)	; save inp
+	$PUSH	r5,`$LOCALS+2*$SIZE_T`($sp)	; save len
+	$PUSH	r6,`$LOCALS+3*$SIZE_T`($sp)	; save bsz
+	mr	r0,r6
+	$PUSH	r12,`$LOCALS+4*$SIZE_T`($sp)
+
+	ld	$A[0][0],`8*0`(r3)		; load A[5][5]
+	ld	$A[0][1],`8*1`(r3)
+	ld	$A[0][2],`8*2`(r3)
+	ld	$A[0][3],`8*3`(r3)
+	ld	$A[0][4],`8*4`(r3)
+	ld	$A[1][0],`8*5`(r3)
+	ld	$A[1][1],`8*6`(r3)
+	ld	$A[1][2],`8*7`(r3)
+	ld	$A[1][3],`8*8`(r3)
+	ld	$A[1][4],`8*9`(r3)
+	ld	$A[2][0],`8*10`(r3)
+	ld	$A[2][1],`8*11`(r3)
+	ld	$A[2][2],`8*12`(r3)
+	ld	$A[2][3],`8*13`(r3)
+	ld	$A[2][4],`8*14`(r3)
+	ld	$A[3][0],`8*15`(r3)
+	ld	$A[3][1],`8*16`(r3)
+	ld	$A[3][2],`8*17`(r3)
+	ld	$A[3][3],`8*18`(r3)
+	ld	$A[3][4],`8*19`(r3)
+	ld	$A[4][0],`8*20`(r3)
+	ld	$A[4][1],`8*21`(r3)
+	ld	$A[4][2],`8*22`(r3)
+	ld	$A[4][3],`8*23`(r3)
+	ld	$A[4][4],`8*24`(r3)
+
+	mr	r3,r4
+	mr	r4,r5
+	mr	r5,r0
+
+	b	.Loop_absorb
+
+.align	4
+.Loop_absorb:
+	$UCMP	r4,r5				; len < bsz?
+	blt	.Labsorbed
+
+	sub	r4,r4,r5			; len -= bsz
+	srwi	r5,r5,3
+	$PUSH	r4,`$LOCALS+2*$SIZE_T`($sp)	; save len
+	mtctr	r5
+	bl	dword_le_load			; *inp++
+	xor	$A[0][0],$A[0][0],r0
+	bdz	.Lprocess_block
+	bl	dword_le_load			; *inp++
+	xor	$A[0][1],$A[0][1],r0
+	bdz	.Lprocess_block
+	bl	dword_le_load			; *inp++
+	xor	$A[0][2],$A[0][2],r0
+	bdz	.Lprocess_block
+	bl	dword_le_load			; *inp++
+	xor	$A[0][3],$A[0][3],r0
+	bdz	.Lprocess_block
+	bl	dword_le_load			; *inp++
+	xor	$A[0][4],$A[0][4],r0
+	bdz	.Lprocess_block
+	bl	dword_le_load			; *inp++
+	xor	$A[1][0],$A[1][0],r0
+	bdz	.Lprocess_block
+	bl	dword_le_load			; *inp++
+	xor	$A[1][1],$A[1][1],r0
+	bdz	.Lprocess_block
+	bl	dword_le_load			; *inp++
+	xor	$A[1][2],$A[1][2],r0
+	bdz	.Lprocess_block
+	bl	dword_le_load			; *inp++
+	xor	$A[1][3],$A[1][3],r0
+	bdz	.Lprocess_block
+	bl	dword_le_load			; *inp++
+	xor	$A[1][4],$A[1][4],r0
+	bdz	.Lprocess_block
+	bl	dword_le_load			; *inp++
+	xor	$A[2][0],$A[2][0],r0
+	bdz	.Lprocess_block
+	bl	dword_le_load			; *inp++
+	xor	$A[2][1],$A[2][1],r0
+	bdz	.Lprocess_block
+	bl	dword_le_load			; *inp++
+	xor	$A[2][2],$A[2][2],r0
+	bdz	.Lprocess_block
+	bl	dword_le_load			; *inp++
+	xor	$A[2][3],$A[2][3],r0
+	bdz	.Lprocess_block
+	bl	dword_le_load			; *inp++
+	xor	$A[2][4],$A[2][4],r0
+	bdz	.Lprocess_block
+	bl	dword_le_load			; *inp++
+	xor	$A[3][0],$A[3][0],r0
+	bdz	.Lprocess_block
+	bl	dword_le_load			; *inp++
+	xor	$A[3][1],$A[3][1],r0
+	bdz	.Lprocess_block
+	bl	dword_le_load			; *inp++
+	xor	$A[3][2],$A[3][2],r0
+	bdz	.Lprocess_block
+	bl	dword_le_load			; *inp++
+	xor	$A[3][3],$A[3][3],r0
+	bdz	.Lprocess_block
+	bl	dword_le_load			; *inp++
+	xor	$A[3][4],$A[3][4],r0
+	bdz	.Lprocess_block
+	bl	dword_le_load			; *inp++
+	xor	$A[4][0],$A[4][0],r0
+	bdz	.Lprocess_block
+	bl	dword_le_load			; *inp++
+	xor	$A[4][1],$A[4][1],r0
+	bdz	.Lprocess_block
+	bl	dword_le_load			; *inp++
+	xor	$A[4][2],$A[4][2],r0
+	bdz	.Lprocess_block
+	bl	dword_le_load			; *inp++
+	xor	$A[4][3],$A[4][3],r0
+	bdz	.Lprocess_block
+	bl	dword_le_load			; *inp++
+	xor	$A[4][4],$A[4][4],r0
+
+.Lprocess_block:
+	$PUSH	r3,`$LOCALS+1*$SIZE_T`($sp)	; save inp
+
+	bl	KeccakF1600_int
+
+	$POP	r0,`$LOCALS+4*$SIZE_T`($sp)	; pull iotas[24]
+	$POP	r5,`$LOCALS+3*$SIZE_T`($sp)	; restore bsz
+	$POP	r4,`$LOCALS+2*$SIZE_T`($sp)	; restore len
+	$POP	r3,`$LOCALS+1*$SIZE_T`($sp)	; restore inp
+	addic	r0,r0,`-8*24`			; rewind iotas
+	$PUSH	r0,`$LOCALS+4*$SIZE_T`($sp)
+
+	b	.Loop_absorb
+
+.align	4
+.Labsorbed:
+	$POP	r3,`$LOCALS+0*$SIZE_T`($sp)
+	std	$A[0][0],`8*0`(r3)		; return A[5][5]
+	std	$A[0][1],`8*1`(r3)
+	std	$A[0][2],`8*2`(r3)
+	std	$A[0][3],`8*3`(r3)
+	std	$A[0][4],`8*4`(r3)
+	std	$A[1][0],`8*5`(r3)
+	std	$A[1][1],`8*6`(r3)
+	std	$A[1][2],`8*7`(r3)
+	std	$A[1][3],`8*8`(r3)
+	std	$A[1][4],`8*9`(r3)
+	std	$A[2][0],`8*10`(r3)
+	std	$A[2][1],`8*11`(r3)
+	std	$A[2][2],`8*12`(r3)
+	std	$A[2][3],`8*13`(r3)
+	std	$A[2][4],`8*14`(r3)
+	std	$A[3][0],`8*15`(r3)
+	std	$A[3][1],`8*16`(r3)
+	std	$A[3][2],`8*17`(r3)
+	std	$A[3][3],`8*18`(r3)
+	std	$A[3][4],`8*19`(r3)
+	std	$A[4][0],`8*20`(r3)
+	std	$A[4][1],`8*21`(r3)
+	std	$A[4][2],`8*22`(r3)
+	std	$A[4][3],`8*23`(r3)
+	std	$A[4][4],`8*24`(r3)
+
+	mr	r3,r4				; return value
+	$POP	r0,`$FRAME+$LRSAVE`($sp)
+	$POP	r14,`$FRAME-$SIZE_T*18`($sp)
+	$POP	r15,`$FRAME-$SIZE_T*17`($sp)
+	$POP	r16,`$FRAME-$SIZE_T*16`($sp)
+	$POP	r17,`$FRAME-$SIZE_T*15`($sp)
+	$POP	r18,`$FRAME-$SIZE_T*14`($sp)
+	$POP	r19,`$FRAME-$SIZE_T*13`($sp)
+	$POP	r20,`$FRAME-$SIZE_T*12`($sp)
+	$POP	r21,`$FRAME-$SIZE_T*11`($sp)
+	$POP	r22,`$FRAME-$SIZE_T*10`($sp)
+	$POP	r23,`$FRAME-$SIZE_T*9`($sp)
+	$POP	r24,`$FRAME-$SIZE_T*8`($sp)
+	$POP	r25,`$FRAME-$SIZE_T*7`($sp)
+	$POP	r26,`$FRAME-$SIZE_T*6`($sp)
+	$POP	r27,`$FRAME-$SIZE_T*5`($sp)
+	$POP	r28,`$FRAME-$SIZE_T*4`($sp)
+	$POP	r29,`$FRAME-$SIZE_T*3`($sp)
+	$POP	r30,`$FRAME-$SIZE_T*2`($sp)
+	$POP	r31,`$FRAME-$SIZE_T*1`($sp)
+	mtlr	r0
+	addi	$sp,$sp,$FRAME
+	blr
+	.long	0
+	.byte	0,12,4,1,0x80,18,4,0
+	.long	0
+.size	SHA3_absorb,.-SHA3_absorb
+___
+{
+my ($A_flat,$out,$len,$bsz) = map("r$_",(28..31));
+$code.=<<___;
+.globl	SHA3_squeeze
+.type	SHA3_squeeze,\@function
+.align	5
+SHA3_squeeze:
+	$STU	$sp,`-10*$SIZE_T`($sp)
+	mflr	r0
+	$PUSH	r28,`6*$SIZE_T`($sp)
+	$PUSH	r29,`7*$SIZE_T`($sp)
+	$PUSH	r30,`8*$SIZE_T`($sp)
+	$PUSH	r31,`9*$SIZE_T`($sp)
+	$PUSH	r0,`10*$SIZE_T+$LRSAVE`($sp)
+
+	mr	$A_flat,r3
+	subi	r3,r3,8			; prepare for ldu
+	subi	$out,r4,1		; prepare for stbu
+	mr	$len,r5
+	mr	$bsz,r6
+	b	.Loop_squeeze
+
+.align	4
+.Loop_squeeze:
+	ldu	r0,8(r3)
+	${UCMP}i $len,8
+	blt	.Lsqueeze_tail
+
+	stbu	r0,1($out)
+	srdi	r0,r0,8
+	stbu	r0,1($out)
+	srdi	r0,r0,8
+	stbu	r0,1($out)
+	srdi	r0,r0,8
+	stbu	r0,1($out)
+	srdi	r0,r0,8
+	stbu	r0,1($out)
+	srdi	r0,r0,8
+	stbu	r0,1($out)
+	srdi	r0,r0,8
+	stbu	r0,1($out)
+	srdi	r0,r0,8
+	stbu	r0,1($out)
+
+	subic.	$len,$len,8
+	beq	.Lsqueeze_done
+
+	subic.	r6,r6,8
+	bgt	.Loop_squeeze
+
+	mr	r3,$A_flat
+	bl	KeccakF1600
+	subi	r3,$A_flat,8		; prepare for ldu
+	mr	r6,$bsz
+	b	.Loop_squeeze
+
+.align	4
+.Lsqueeze_tail:
+	mtctr	$len
+.Loop_tail:
+	stbu	r0,1($out)
+	srdi	r0,r0,8
+	bdnz	.Loop_tail
+
+.Lsqueeze_done:
+	$POP	r0,`10*$SIZE_T+$LRSAVE`($sp)
+	$POP	r28,`6*$SIZE_T`($sp)
+	$POP	r29,`7*$SIZE_T`($sp)
+	$POP	r30,`8*$SIZE_T`($sp)
+	$POP	r31,`9*$SIZE_T`($sp)
+	mtlr	r0
+	addi	$sp,$sp,`10*$SIZE_T`
+	blr
+	.long	0
+	.byte	0,12,4,1,0x80,4,4,0
+	.long	0
+.size	SHA3_squeeze,.-SHA3_squeeze
+___
+}
+
+# Ugly hack here, because PPC assembler syntax seem to vary too
+# much from platforms to platform...
+$code.=<<___;
+.align	6
+PICmeup:
+	mflr	r0
+	bcl	20,31,\$+4
+	mflr	r12   ; vvvvvv "distance" between . and 1st data entry
+	addi	r12,r12,`64-8`
+	mtlr	r0
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+	.space	`64-9*4`
+.type	iotas,\@object
+iotas:
+	.quad	0x0000000000000001
+	.quad	0x0000000000008082
+	.quad	0x800000000000808a
+	.quad	0x8000000080008000
+	.quad	0x000000000000808b
+	.quad	0x0000000080000001
+	.quad	0x8000000080008081
+	.quad	0x8000000000008009
+	.quad	0x000000000000008a
+	.quad	0x0000000000000088
+	.quad	0x0000000080008009
+	.quad	0x000000008000000a
+	.quad	0x000000008000808b
+	.quad	0x800000000000008b
+	.quad	0x8000000000008089
+	.quad	0x8000000000008003
+	.quad	0x8000000000008002
+	.quad	0x8000000000000080
+	.quad	0x000000000000800a
+	.quad	0x800000008000000a
+	.quad	0x8000000080008081
+	.quad	0x8000000000008080
+	.quad	0x0000000080000001
+	.quad	0x8000000080008008
+.size	iotas,.-iotas
+.asciz	"Keccak-1600 absorb and squeeze for PPC64, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-s390x.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-s390x.pl
new file mode 100755
index 000000000..1184cf233
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-s390x.pl
@@ -0,0 +1,560 @@
+#!/usr/bin/env perl
+# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# Keccak-1600 for s390x.
+#
+# June 2017.
+#
+# Below code is [lane complementing] KECCAK_2X implementation (see
+# sha/keccak1600.c) with C[5] and D[5] held in register bank. Though
+# instead of actually unrolling the loop pair-wise I simply flip
+# pointers to T[][] and A[][] at the end of round. Since number of
+# rounds is even, last round writes to A[][] and everything works out.
+# In the nutshell it's transliteration of x86_64 module, because both
+# architectures have similar capabilities/limitations. Performance
+# measurement is problematic as I don't have access to an idle system.
+# It looks like z13 processes one byte [out of long message] in ~14
+# cycles. At least the result is consistent with estimate based on
+# amount of instruction and assumed instruction issue rate. It's ~2.5x
+# faster than compiler-generated code.
+
+$flavour = shift;
+
+if ($flavour =~ /3[12]/) {
+	$SIZE_T=4;
+	$g="";
+} else {
+	$SIZE_T=8;
+	$g="g";
+}
+
+while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+open STDOUT,">$output";
+
+my @A = map([ 8*$_, 8*($_+1), 8*($_+2), 8*($_+3), 8*($_+4) ], (0,5,10,15,20));
+
+my @C = map("%r$_",(0,1,5..7));
+my @D = map("%r$_",(8..12));
+my @T = map("%r$_",(13..14));
+my ($src,$dst,$iotas) = map("%r$_",(2..4));
+my $sp = "%r15";
+
+$stdframe=16*$SIZE_T+4*8;
+$frame=$stdframe+25*8;
+
+my @rhotates = ([  0,  1, 62, 28, 27 ],
+                [ 36, 44,  6, 55, 20 ],
+                [  3, 10, 43, 25, 39 ],
+                [ 41, 45, 15, 21,  8 ],
+                [ 18,  2, 61, 56, 14 ]);
+
+{ my @C = @C;	# copy, because we mess them up...
+  my @D = @D;
+
+$code.=<<___;
+.text
+
+.type	__KeccakF1600,\@function
+.align	32
+__KeccakF1600:
+	st${g}	%r14,$SIZE_T*14($sp)
+	lg	@C[0],$A[4][0]($src)
+	lg	@C[1],$A[4][1]($src)
+	lg	@C[2],$A[4][2]($src)
+	lg	@C[3],$A[4][3]($src)
+	lg	@C[4],$A[4][4]($src)
+	larl	$iotas,iotas
+	j	.Loop
+
+.align	16
+.Loop:
+	lg	@D[0],$A[0][0]($src)
+	lg	@D[1],$A[1][1]($src)
+	lg	@D[2],$A[2][2]($src)
+	lg	@D[3],$A[3][3]($src)
+
+	xgr	@C[0],@D[0]
+	xg	@C[1],$A[0][1]($src)
+	xg	@C[2],$A[0][2]($src)
+	xg	@C[3],$A[0][3]($src)
+	lgr	@D[4],@C[4]
+	xg	@C[4],$A[0][4]($src)
+
+	xg	@C[0],$A[1][0]($src)
+	xgr	@C[1],@D[1]
+	xg	@C[2],$A[1][2]($src)
+	xg	@C[3],$A[1][3]($src)
+	xg	@C[4],$A[1][4]($src)
+
+	xg	@C[0],$A[2][0]($src)
+	xg	@C[1],$A[2][1]($src)
+	xgr	@C[2],@D[2]
+	xg	@C[3],$A[2][3]($src)
+	xg	@C[4],$A[2][4]($src)
+
+	xg	@C[0],$A[3][0]($src)
+	xg	@C[1],$A[3][1]($src)
+	xg	@C[2],$A[3][2]($src)
+	xgr	@C[3],@D[3]
+	xg	@C[4],$A[3][4]($src)
+
+	lgr	@T[0],@C[2]
+	rllg	@C[2],@C[2],1
+	xgr	@C[2],@C[0]		# D[1] = ROL64(C[2], 1) ^ C[0]
+
+	rllg	@C[0],@C[0],1
+	xgr	@C[0],@C[3]		# D[4] = ROL64(C[0], 1) ^ C[3]
+
+	rllg	@C[3],@C[3],1
+	xgr	@C[3],@C[1]		# D[2] = ROL64(C[3], 1) ^ C[1]
+
+	rllg	@C[1],@C[1],1
+	xgr	@C[1],@C[4]		# D[0] = ROL64(C[1], 1) ^ C[4]
+
+	rllg	@C[4],@C[4],1
+	xgr	@C[4],@T[0]		# D[3] = ROL64(C[4], 1) ^ C[2]
+___
+	(@D[0..4], @C) = (@C[1..4,0], @D);
+$code.=<<___;
+	xgr	@C[1],@D[1]
+	xgr	@C[2],@D[2]
+	xgr	@C[3],@D[3]
+	 rllg	@C[1],@C[1],$rhotates[1][1]
+	xgr	@C[4],@D[4]
+	 rllg	@C[2],@C[2],$rhotates[2][2]
+	xgr	@C[0],@D[0]
+
+	lgr	@T[0],@C[1]
+	ogr	@C[1],@C[2]
+	 rllg	@C[3],@C[3],$rhotates[3][3]
+	xgr	@C[1],@C[0]		#	    C[0] ^ ( C[1] | C[2])
+	 rllg	@C[4],@C[4],$rhotates[4][4]
+	xg	@C[1],0($iotas)
+	la	$iotas,8($iotas)
+	stg	@C[1],$A[0][0]($dst)	# R[0][0] = C[0] ^ ( C[1] | C[2]) ^ iotas[i]
+
+	lgr	@T[1],@C[4]
+	ngr	@C[4],@C[3]
+	 lghi	@C[1],-1		# no 'not' instruction :-(
+	xgr	@C[4],@C[2]		#	    C[2] ^ ( C[4] & C[3])
+	 xgr	@C[2],@C[1]		# not	@C[2]
+	stg	@C[4],$A[0][2]($dst)	# R[0][2] = C[2] ^ ( C[4] & C[3])
+	 ogr	@C[2],@C[3]
+	 xgr	@C[2],@T[0]		#	    C[1] ^ (~C[2] | C[3])
+
+	ngr	@T[0],@C[0]
+	 stg	@C[2],$A[0][1]($dst)	# R[0][1] = C[1] ^ (~C[2] | C[3])
+	xgr	@T[0],@T[1]		#	    C[4] ^ ( C[1] & C[0])
+	 ogr	@T[1],@C[0]
+	stg	@T[0],$A[0][4]($dst)	# R[0][4] = C[4] ^ ( C[1] & C[0])
+	 xgr	@T[1],@C[3]		#	    C[3] ^ ( C[4] | C[0])
+	 stg	@T[1],$A[0][3]($dst)	# R[0][3] = C[3] ^ ( C[4] | C[0])
+
+
+	lg	@C[0],$A[0][3]($src)
+	lg	@C[4],$A[4][2]($src)
+	lg	@C[3],$A[3][1]($src)
+	lg	@C[1],$A[1][4]($src)
+	lg	@C[2],$A[2][0]($src)
+
+	xgr	@C[0],@D[3]
+	xgr	@C[4],@D[2]
+	 rllg	@C[0],@C[0],$rhotates[0][3]
+	xgr	@C[3],@D[1]
+	 rllg	@C[4],@C[4],$rhotates[4][2]
+	xgr	@C[1],@D[4]
+	 rllg	@C[3],@C[3],$rhotates[3][1]
+	xgr	@C[2],@D[0]
+
+	lgr	@T[0],@C[0]
+	ogr	@C[0],@C[4]
+	 rllg	@C[1],@C[1],$rhotates[1][4]
+	xgr	@C[0],@C[3]		#	    C[3] ^ (C[0] |  C[4])
+	 rllg	@C[2],@C[2],$rhotates[2][0]
+	stg	@C[0],$A[1][3]($dst)	# R[1][3] = C[3] ^ (C[0] |  C[4])
+
+	lgr	@T[1],@C[1]
+	ngr	@C[1],@T[0]
+	 lghi	@C[0],-1		# no 'not' instruction :-(
+	xgr	@C[1],@C[4]		#	    C[4] ^ (C[1] &  C[0])
+	 xgr	@C[4],@C[0]		# not	@C[4]
+	stg	@C[1],$A[1][4]($dst)	# R[1][4] = C[4] ^ (C[1] &  C[0])
+
+	 ogr	@C[4],@C[3]
+	 xgr	@C[4],@C[2]		#	    C[2] ^ (~C[4] | C[3])
+
+	ngr	@C[3],@C[2]
+	 stg	@C[4],$A[1][2]($dst)	# R[1][2] = C[2] ^ (~C[4] | C[3])
+	xgr	@C[3],@T[1]		#	    C[1] ^ (C[3] &  C[2])
+	 ogr	@T[1],@C[2]
+	stg	@C[3],$A[1][1]($dst)	# R[1][1] = C[1] ^ (C[3] &  C[2])
+	 xgr	@T[1],@T[0]		#	    C[0] ^ (C[1] |  C[2])
+	 stg	@T[1],$A[1][0]($dst)	# R[1][0] = C[0] ^ (C[1] |  C[2])
+
+
+	lg	@C[2],$A[2][3]($src)
+	lg	@C[3],$A[3][4]($src)
+	lg	@C[1],$A[1][2]($src)
+	lg	@C[4],$A[4][0]($src)
+	lg	@C[0],$A[0][1]($src)
+
+	xgr	@C[2],@D[3]
+	xgr	@C[3],@D[4]
+	 rllg	@C[2],@C[2],$rhotates[2][3]
+	xgr	@C[1],@D[2]
+	 rllg	@C[3],@C[3],$rhotates[3][4]
+	xgr	@C[4],@D[0]
+	 rllg	@C[1],@C[1],$rhotates[1][2]
+	xgr	@C[0],@D[1]
+
+	lgr	@T[0],@C[2]
+	ngr	@C[2],@C[3]
+	 rllg	@C[4],@C[4],$rhotates[4][0]
+	xgr	@C[2],@C[1]		#	     C[1] ^ ( C[2] & C[3])
+	lghi	@T[1],-1		# no 'not' instruction :-(
+	stg	@C[2],$A[2][1]($dst)	# R[2][1] =  C[1] ^ ( C[2] & C[3])
+
+	xgr	@C[3],@T[1]		# not	@C[3]
+	lgr	@T[1],@C[4]
+	ngr	@C[4],@C[3]
+	 rllg	@C[0],@C[0],$rhotates[0][1]
+	xgr	@C[4],@T[0]		#	     C[2] ^ ( C[4] & ~C[3])
+	 ogr	@T[0],@C[1]
+	stg	@C[4],$A[2][2]($dst)	# R[2][2] =  C[2] ^ ( C[4] & ~C[3])
+	 xgr	@T[0],@C[0]		#	     C[0] ^ ( C[2] | C[1])
+
+	ngr	@C[1],@C[0]
+	 stg	@T[0],$A[2][0]($dst)	# R[2][0] =  C[0] ^ ( C[2] | C[1])
+	xgr	@C[1],@T[1]		#	     C[4] ^ ( C[1] & C[0])
+	 ogr	@C[0],@T[1]
+	stg	@C[1],$A[2][4]($dst)	# R[2][4] =  C[4] ^ ( C[1] & C[0])
+	 xgr	@C[0],@C[3]		#	    ~C[3] ^ ( C[0] | C[4])
+	 stg	@C[0],$A[2][3]($dst)	# R[2][3] = ~C[3] ^ ( C[0] | C[4])
+
+
+	lg	@C[2],$A[2][1]($src)
+	lg	@C[3],$A[3][2]($src)
+	lg	@C[1],$A[1][0]($src)
+	lg	@C[4],$A[4][3]($src)
+	lg	@C[0],$A[0][4]($src)
+
+	xgr	@C[2],@D[1]
+	xgr	@C[3],@D[2]
+	 rllg	@C[2],@C[2],$rhotates[2][1]
+	xgr	@C[1],@D[0]
+	 rllg	@C[3],@C[3],$rhotates[3][2]
+	xgr	@C[4],@D[3]
+	 rllg	@C[1],@C[1],$rhotates[1][0]
+	xgr	@C[0],@D[4]
+	 rllg	@C[4],@C[4],$rhotates[4][3]
+
+	lgr	@T[0],@C[2]
+	ogr	@C[2],@C[3]
+	lghi	@T[1],-1		# no 'not' instruction :-(
+	xgr	@C[2],@C[1]		#	     C[1] ^ ( C[2] | C[3])
+	xgr	@C[3],@T[1]		# not	@C[3]
+	stg	@C[2],$A[3][1]($dst)	# R[3][1] =  C[1] ^ ( C[2] | C[3])
+
+	lgr	@T[1],@C[4]
+	ogr	@C[4],@C[3]
+	 rllg	@C[0],@C[0],$rhotates[0][4]
+	xgr	@C[4],@T[0]		#	     C[2] ^ ( C[4] | ~C[3])
+	 ngr	@T[0],@C[1]
+	stg	@C[4],$A[3][2]($dst)	# R[3][2] =  C[2] ^ ( C[4] | ~C[3])
+	 xgr	@T[0],@C[0]		#	     C[0] ^ ( C[2] & C[1])
+
+	ogr	@C[1],@C[0]
+	 stg	@T[0],$A[3][0]($dst)	# R[3][0] =  C[0] ^ ( C[2] & C[1])
+	xgr	@C[1],@T[1]		#	     C[4] ^ ( C[1] | C[0])
+	 ngr	@C[0],@T[1]
+	stg	@C[1],$A[3][4]($dst)	# R[3][4] =  C[4] ^ ( C[1] | C[0])
+	 xgr	@C[0],@C[3]		#	    ~C[3] ^ ( C[0] & C[4])
+	 stg	@C[0],$A[3][3]($dst)	# R[3][3] = ~C[3] ^ ( C[0] & C[4])
+
+
+	xg	@D[2],$A[0][2]($src)
+	xg	@D[3],$A[1][3]($src)
+	xg	@D[1],$A[4][1]($src)
+	xg	@D[4],$A[2][4]($src)
+	xgr	$dst,$src		# xchg	$dst,$src
+	 rllg	@D[2],@D[2],$rhotates[0][2]
+	xg	@D[0],$A[3][0]($src)
+	 rllg	@D[3],@D[3],$rhotates[1][3]
+	xgr	$src,$dst
+	 rllg	@D[1],@D[1],$rhotates[4][1]
+	xgr	$dst,$src
+	 rllg	@D[4],@D[4],$rhotates[2][4]
+___
+	@C = @D[2..4,0,1];
+$code.=<<___;
+	lgr	@T[0],@C[0]
+	ngr	@C[0],@C[1]
+	lghi	@T[1],-1		# no 'not' instruction :-(
+	xgr	@C[0],@C[4]		#	     C[4] ^ ( C[0] & C[1])
+	xgr	@C[1],@T[1]		# not	@C[1]
+	stg	@C[0],$A[4][4]($src)	# R[4][4] =  C[4] ^ ( C[0] & C[1])
+
+	lgr	@T[1],@C[2]
+	ngr	@C[2],@C[1]
+	 rllg	@D[0],@D[0],$rhotates[3][0]
+	xgr	@C[2],@T[0]		#	     C[0] ^ ( C[2] & ~C[1])
+	 ogr	@T[0],@C[4]
+	stg	@C[2],$A[4][0]($src)	# R[4][0] =  C[0] ^ ( C[2] & ~C[1])
+	 xgr	@T[0],@C[3]		#	     C[3] ^ ( C[0] | C[4])
+
+	ngr	@C[4],@C[3]
+	 stg	@T[0],$A[4][3]($src)	# R[4][3] =  C[3] ^ ( C[0] | C[4])
+	xgr	@C[4],@T[1]		#	     C[2] ^ ( C[4] & C[3])
+	 ogr	@C[3],@T[1]
+	stg	@C[4],$A[4][2]($src)	# R[4][2] =  C[2] ^ ( C[4] & C[3])
+	 xgr	@C[3],@C[1]		#	    ~C[1] ^ ( C[2] | C[3])
+
+	lgr	@C[1],@C[0]		# harmonize with the loop top
+	lgr	@C[0],@T[0]
+	 stg	@C[3],$A[4][1]($src)	# R[4][1] = ~C[1] ^ ( C[2] | C[3])
+
+	tmll	$iotas,255
+	jnz	.Loop
+
+	l${g}	%r14,$SIZE_T*14($sp)
+	br	%r14
+.size	__KeccakF1600,.-__KeccakF1600
+___
+}
+{
+$code.=<<___;
+.type	KeccakF1600,\@function
+.align	32
+KeccakF1600:
+.LKeccakF1600:
+	lghi	%r1,-$frame
+	stm${g}	%r6,%r15,$SIZE_T*6($sp)
+	lgr	%r0,$sp
+	la	$sp,0(%r1,$sp)
+	st${g}	%r0,0($sp)
+
+	lghi	@D[0],-1		# no 'not' instruction :-(
+	lghi	@D[1],-1
+	lghi	@D[2],-1
+	lghi	@D[3],-1
+	lghi	@D[4],-1
+	lghi	@T[0],-1
+	xg	@D[0],$A[0][1]($src)
+	xg	@D[1],$A[0][2]($src)
+	xg	@D[2],$A[1][3]($src)
+	xg	@D[3],$A[2][2]($src)
+	xg	@D[4],$A[3][2]($src)
+	xg	@T[0],$A[4][0]($src)
+	stmg	@D[0],@D[1],$A[0][1]($src)
+	stg	@D[2],$A[1][3]($src)
+	stg	@D[3],$A[2][2]($src)
+	stg	@D[4],$A[3][2]($src)
+	stg	@T[0],$A[4][0]($src)
+
+	la	$dst,$stdframe($sp)
+
+	bras	%r14,__KeccakF1600
+
+	lghi	@D[0],-1		# no 'not' instruction :-(
+	lghi	@D[1],-1
+	lghi	@D[2],-1
+	lghi	@D[3],-1
+	lghi	@D[4],-1
+	lghi	@T[0],-1
+	xg	@D[0],$A[0][1]($src)
+	xg	@D[1],$A[0][2]($src)
+	xg	@D[2],$A[1][3]($src)
+	xg	@D[3],$A[2][2]($src)
+	xg	@D[4],$A[3][2]($src)
+	xg	@T[0],$A[4][0]($src)
+	stmg	@D[0],@D[1],$A[0][1]($src)
+	stg	@D[2],$A[1][3]($src)
+	stg	@D[3],$A[2][2]($src)
+	stg	@D[4],$A[3][2]($src)
+	stg	@T[0],$A[4][0]($src)
+
+	lm${g}	%r6,%r15,$frame+6*$SIZE_T($sp)
+	br	%r14
+.size	KeccakF1600,.-KeccakF1600
+___
+}
+{ my ($A_flat,$inp,$len,$bsz) = map("%r$_",(2..5));
+
+$code.=<<___;
+.globl	SHA3_absorb
+.type	SHA3_absorb,\@function
+.align	32
+SHA3_absorb:
+	lghi	%r1,-$frame
+	stm${g}	%r5,%r15,$SIZE_T*5($sp)
+	lgr	%r0,$sp
+	la	$sp,0(%r1,$sp)
+	st${g}	%r0,0($sp)
+
+	lghi	@D[0],-1		# no 'not' instruction :-(
+	lghi	@D[1],-1
+	lghi	@D[2],-1
+	lghi	@D[3],-1
+	lghi	@D[4],-1
+	lghi	@T[0],-1
+	xg	@D[0],$A[0][1]($src)
+	xg	@D[1],$A[0][2]($src)
+	xg	@D[2],$A[1][3]($src)
+	xg	@D[3],$A[2][2]($src)
+	xg	@D[4],$A[3][2]($src)
+	xg	@T[0],$A[4][0]($src)
+	stmg	@D[0],@D[1],$A[0][1]($src)
+	stg	@D[2],$A[1][3]($src)
+	stg	@D[3],$A[2][2]($src)
+	stg	@D[4],$A[3][2]($src)
+	stg	@T[0],$A[4][0]($src)
+
+.Loop_absorb:
+	cl${g}r	$len,$bsz
+	jl	.Ldone_absorb
+
+	srl${g}	$bsz,3
+	la	%r1,0($A_flat)
+
+.Lblock_absorb:
+	lrvg	%r0,0($inp)
+	la	$inp,8($inp)
+	xg	%r0,0(%r1)
+	a${g}hi	$len,-8
+	stg	%r0,0(%r1)
+	la	%r1,8(%r1)
+	brct	$bsz,.Lblock_absorb
+
+	stm${g}	$inp,$len,$frame+3*$SIZE_T($sp)
+	la	$dst,$stdframe($sp)
+	bras	%r14,__KeccakF1600
+	lm${g}	$inp,$bsz,$frame+3*$SIZE_T($sp)
+	j	.Loop_absorb
+
+.align	16
+.Ldone_absorb:
+	lghi	@D[0],-1		# no 'not' instruction :-(
+	lghi	@D[1],-1
+	lghi	@D[2],-1
+	lghi	@D[3],-1
+	lghi	@D[4],-1
+	lghi	@T[0],-1
+	xg	@D[0],$A[0][1]($src)
+	xg	@D[1],$A[0][2]($src)
+	xg	@D[2],$A[1][3]($src)
+	xg	@D[3],$A[2][2]($src)
+	xg	@D[4],$A[3][2]($src)
+	xg	@T[0],$A[4][0]($src)
+	stmg	@D[0],@D[1],$A[0][1]($src)
+	stg	@D[2],$A[1][3]($src)
+	stg	@D[3],$A[2][2]($src)
+	stg	@D[4],$A[3][2]($src)
+	stg	@T[0],$A[4][0]($src)
+
+	lgr	%r2,$len		# return value
+
+	lm${g}	%r6,%r15,$frame+6*$SIZE_T($sp)
+	br	%r14
+.size	SHA3_absorb,.-SHA3_absorb
+___
+}
+{ my ($A_flat,$out,$len,$bsz) = map("%r$_",(2..5));
+
+$code.=<<___;
+.globl	SHA3_squeeze
+.type	SHA3_squeeze,\@function
+.align	32
+SHA3_squeeze:
+	srl${g}	$bsz,3
+	st${g}	%r14,2*$SIZE_T($sp)
+	lghi	%r14,8
+	st${g}	$bsz,5*$SIZE_T($sp)
+	la	%r1,0($A_flat)
+
+	j	.Loop_squeeze
+
+.align	16
+.Loop_squeeze:
+	cl${g}r $len,%r14
+	jl	.Ltail_squeeze
+
+	lrvg	%r0,0(%r1)
+	la	%r1,8(%r1)
+	stg	%r0,0($out)
+	la	$out,8($out)
+	a${g}hi	$len,-8			# len -= 8
+	jz	.Ldone_squeeze
+
+	brct	$bsz,.Loop_squeeze	# bsz--
+
+	stm${g}	$out,$len,3*$SIZE_T($sp)
+	bras	%r14,.LKeccakF1600
+	lm${g}	$out,$bsz,3*$SIZE_T($sp)
+	lghi	%r14,8
+	la	%r1,0($A_flat)
+	j	.Loop_squeeze
+
+.Ltail_squeeze:
+	lg	%r0,0(%r1)
+.Loop_tail_squeeze:
+	stc	%r0,0($out)
+	la	$out,1($out)
+	srlg	%r0,8
+	brct	$len,.Loop_tail_squeeze
+
+.Ldone_squeeze:
+	l${g}	%r14,2*$SIZE_T($sp)
+	br	%r14
+.size	SHA3_squeeze,.-SHA3_squeeze
+___
+}
+$code.=<<___;
+.align	256
+	.quad	0,0,0,0,0,0,0,0
+.type	iotas,\@object
+iotas:
+	.quad	0x0000000000000001
+	.quad	0x0000000000008082
+	.quad	0x800000000000808a
+	.quad	0x8000000080008000
+	.quad	0x000000000000808b
+	.quad	0x0000000080000001
+	.quad	0x8000000080008081
+	.quad	0x8000000000008009
+	.quad	0x000000000000008a
+	.quad	0x0000000000000088
+	.quad	0x0000000080008009
+	.quad	0x000000008000000a
+	.quad	0x000000008000808b
+	.quad	0x800000000000008b
+	.quad	0x8000000000008089
+	.quad	0x8000000000008003
+	.quad	0x8000000000008002
+	.quad	0x8000000000000080
+	.quad	0x000000000000800a
+	.quad	0x800000008000000a
+	.quad	0x8000000080008081
+	.quad	0x8000000000008080
+	.quad	0x0000000080000001
+	.quad	0x8000000080008008
+.size	iotas,.-iotas
+.asciz	"Keccak-1600 absorb and squeeze for s390x, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+# unlike 32-bit shift 64-bit one takes three arguments
+$code =~ s/(srlg\s+)(%r[0-9]+),/$1$2,$2,/gm;
+
+print $code;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-x86_64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-x86_64.pl
new file mode 100755
index 000000000..42de5bf12
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-x86_64.pl
@@ -0,0 +1,607 @@
+#!/usr/bin/env perl
+# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# Keccak-1600 for x86_64.
+#
+# June 2017.
+#
+# Below code is [lane complementing] KECCAK_2X implementation (see
+# sha/keccak1600.c) with C[5] and D[5] held in register bank. Though
+# instead of actually unrolling the loop pair-wise I simply flip
+# pointers to T[][] and A[][] at the end of round. Since number of
+# rounds is even, last round writes to A[][] and everything works out.
+# How does it compare to x86_64 assembly module in Keccak Code Package?
+# Depending on processor it's either as fast or faster by up to 15%...
+#
+########################################################################
+# Numbers are cycles per processed byte out of large message.
+#
+#			r=1088(*)
+#
+# P4			25.8
+# Core 2		12.9
+# Westmere		13.7
+# Sandy Bridge		12.9(**)
+# Haswell		9.6
+# Skylake		9.4
+# Silvermont		22.8
+# Goldmont		15.8
+# VIA Nano		17.3
+# Sledgehammer		13.3
+# Bulldozer		16.5
+# Ryzen			8.8
+#
+# (*)	Corresponds to SHA3-256. Improvement over compiler-generate
+#	varies a lot, most commont coefficient is 15% in comparison to
+#	gcc-5.x, 50% for gcc-4.x, 90% for gcc-3.x.
+# (**)	Sandy Bridge has broken rotate instruction. Performance can be
+#	improved by 14% by replacing rotates with double-precision
+#	shift with same register as source and destination.
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+my @A = map([ 8*$_-100, 8*($_+1)-100, 8*($_+2)-100,
+              8*($_+3)-100, 8*($_+4)-100 ], (0,5,10,15,20));
+
+my @C = ("%rax","%rbx","%rcx","%rdx","%rbp");
+my @D = map("%r$_",(8..12));
+my @T = map("%r$_",(13..14));
+my $iotas = "%r15";
+
+my @rhotates = ([  0,  1, 62, 28, 27 ],
+                [ 36, 44,  6, 55, 20 ],
+                [  3, 10, 43, 25, 39 ],
+                [ 41, 45, 15, 21,  8 ],
+                [ 18,  2, 61, 56, 14 ]);
+
+$code.=<<___;
+.text
+
+.type	__KeccakF1600,\@abi-omnipotent
+.align	32
+__KeccakF1600:
+	mov	$A[4][0](%rdi),@C[0]
+	mov	$A[4][1](%rdi),@C[1]
+	mov	$A[4][2](%rdi),@C[2]
+	mov	$A[4][3](%rdi),@C[3]
+	mov	$A[4][4](%rdi),@C[4]
+	jmp	.Loop
+
+.align	32
+.Loop:
+	mov	$A[0][0](%rdi),@D[0]
+	mov	$A[1][1](%rdi),@D[1]
+	mov	$A[2][2](%rdi),@D[2]
+	mov	$A[3][3](%rdi),@D[3]
+
+	xor	$A[0][2](%rdi),@C[2]
+	xor	$A[0][3](%rdi),@C[3]
+	xor	@D[0],         @C[0]
+	xor	$A[0][1](%rdi),@C[1]
+	 xor	$A[1][2](%rdi),@C[2]
+	 xor	$A[1][0](%rdi),@C[0]
+	mov	@C[4],@D[4]
+	xor	$A[0][4](%rdi),@C[4]
+
+	xor	@D[2],         @C[2]
+	xor	$A[2][0](%rdi),@C[0]
+	 xor	$A[1][3](%rdi),@C[3]
+	 xor	@D[1],         @C[1]
+	 xor	$A[1][4](%rdi),@C[4]
+
+	xor	$A[3][2](%rdi),@C[2]
+	xor	$A[3][0](%rdi),@C[0]
+	 xor	$A[2][3](%rdi),@C[3]
+	 xor	$A[2][1](%rdi),@C[1]
+	 xor	$A[2][4](%rdi),@C[4]
+
+	mov	@C[2],@T[0]
+	rol	\$1,@C[2]
+	xor	@C[0],@C[2]		# D[1] = ROL64(C[2], 1) ^ C[0]
+	 xor	@D[3],         @C[3]
+
+	rol	\$1,@C[0]
+	xor	@C[3],@C[0]		# D[4] = ROL64(C[0], 1) ^ C[3]
+	 xor	$A[3][1](%rdi),@C[1]
+
+	rol	\$1,@C[3]
+	xor	@C[1],@C[3]		# D[2] = ROL64(C[3], 1) ^ C[1]
+	 xor	$A[3][4](%rdi),@C[4]
+
+	rol	\$1,@C[1]
+	xor	@C[4],@C[1]		# D[0] = ROL64(C[1], 1) ^ C[4]
+
+	rol	\$1,@C[4]
+	xor	@T[0],@C[4]		# D[3] = ROL64(C[4], 1) ^ C[2]
+___
+	(@D[0..4], @C) = (@C[1..4,0], @D);
+$code.=<<___;
+	xor	@D[1],@C[1]
+	xor	@D[2],@C[2]
+	rol	\$$rhotates[1][1],@C[1]
+	xor	@D[3],@C[3]
+	xor	@D[4],@C[4]
+	rol	\$$rhotates[2][2],@C[2]
+	xor	@D[0],@C[0]
+	 mov	@C[1],@T[0]
+	rol	\$$rhotates[3][3],@C[3]
+	 or	@C[2],@C[1]
+	 xor	@C[0],@C[1]		#           C[0] ^ ( C[1] | C[2])
+	rol	\$$rhotates[4][4],@C[4]
+
+	 xor	($iotas),@C[1]
+	 lea	8($iotas),$iotas
+
+	mov	@C[4],@T[1]
+	and	@C[3],@C[4]
+	 mov	@C[1],$A[0][0](%rsi)	# R[0][0] = C[0] ^ ( C[1] | C[2]) ^ iotas[i]
+	xor	@C[2],@C[4]		#           C[2] ^ ( C[4] & C[3])
+	not	@C[2]
+	mov	@C[4],$A[0][2](%rsi)	# R[0][2] = C[2] ^ ( C[4] & C[3])
+
+	or	@C[3],@C[2]
+	  mov	$A[4][2](%rdi),@C[4]
+	xor	@T[0],@C[2]		#           C[1] ^ (~C[2] | C[3])
+	mov	@C[2],$A[0][1](%rsi)	# R[0][1] = C[1] ^ (~C[2] | C[3])
+
+	and	@C[0],@T[0]
+	  mov	$A[1][4](%rdi),@C[1]
+	xor	@T[1],@T[0]		#           C[4] ^ ( C[1] & C[0])
+	  mov	$A[2][0](%rdi),@C[2]
+	mov	@T[0],$A[0][4](%rsi)	# R[0][4] = C[4] ^ ( C[1] & C[0])
+
+	or	@C[0],@T[1]
+	  mov	$A[0][3](%rdi),@C[0]
+	xor	@C[3],@T[1]		#           C[3] ^ ( C[4] | C[0])
+	  mov	$A[3][1](%rdi),@C[3]
+	mov	@T[1],$A[0][3](%rsi)	# R[0][3] = C[3] ^ ( C[4] | C[0])
+
+
+	xor	@D[3],@C[0]
+	xor	@D[2],@C[4]
+	rol	\$$rhotates[0][3],@C[0]
+	xor	@D[1],@C[3]
+	xor	@D[4],@C[1]
+	rol	\$$rhotates[4][2],@C[4]
+	rol	\$$rhotates[3][1],@C[3]
+	xor	@D[0],@C[2]
+	rol	\$$rhotates[1][4],@C[1]
+	 mov	@C[0],@T[0]
+	 or	@C[4],@C[0]
+	rol	\$$rhotates[2][0],@C[2]
+
+	xor	@C[3],@C[0]		#           C[3] ^ (C[0] |  C[4])
+	mov	@C[0],$A[1][3](%rsi)	# R[1][3] = C[3] ^ (C[0] |  C[4])
+
+	mov	@C[1],@T[1]
+	and	@T[0],@C[1]
+	  mov	$A[0][1](%rdi),@C[0]
+	xor	@C[4],@C[1]		#           C[4] ^ (C[1] &  C[0])
+	not	@C[4]
+	mov	@C[1],$A[1][4](%rsi)	# R[1][4] = C[4] ^ (C[1] &  C[0])
+
+	or	@C[3],@C[4]
+	  mov	$A[1][2](%rdi),@C[1]
+	xor	@C[2],@C[4]		#           C[2] ^ (~C[4] | C[3])
+	mov	@C[4],$A[1][2](%rsi)	# R[1][2] = C[2] ^ (~C[4] | C[3])
+
+	and	@C[2],@C[3]
+	  mov	$A[4][0](%rdi),@C[4]
+	xor	@T[1],@C[3]		#           C[1] ^ (C[3] &  C[2])
+	mov	@C[3],$A[1][1](%rsi)	# R[1][1] = C[1] ^ (C[3] &  C[2])
+
+	or	@C[2],@T[1]
+	  mov	$A[2][3](%rdi),@C[2]
+	xor	@T[0],@T[1]		#           C[0] ^ (C[1] |  C[2])
+	  mov	$A[3][4](%rdi),@C[3]
+	mov	@T[1],$A[1][0](%rsi)	# R[1][0] = C[0] ^ (C[1] |  C[2])
+
+
+	xor	@D[3],@C[2]
+	xor	@D[4],@C[3]
+	rol	\$$rhotates[2][3],@C[2]
+	xor	@D[2],@C[1]
+	rol	\$$rhotates[3][4],@C[3]
+	xor	@D[0],@C[4]
+	rol	\$$rhotates[1][2],@C[1]
+	xor	@D[1],@C[0]
+	rol	\$$rhotates[4][0],@C[4]
+	 mov	@C[2],@T[0]
+	 and	@C[3],@C[2]
+	rol	\$$rhotates[0][1],@C[0]
+
+	not	@C[3]
+	xor	@C[1],@C[2]		#            C[1] ^ ( C[2] & C[3])
+	mov	@C[2],$A[2][1](%rsi)	# R[2][1] =  C[1] ^ ( C[2] & C[3])
+
+	mov	@C[4],@T[1]
+	and	@C[3],@C[4]
+	  mov	$A[2][1](%rdi),@C[2]
+	xor	@T[0],@C[4]		#            C[2] ^ ( C[4] & ~C[3])
+	mov	@C[4],$A[2][2](%rsi)	# R[2][2] =  C[2] ^ ( C[4] & ~C[3])
+
+	or	@C[1],@T[0]
+	  mov	$A[4][3](%rdi),@C[4]
+	xor	@C[0],@T[0]		#            C[0] ^ ( C[2] | C[1])
+	mov	@T[0],$A[2][0](%rsi)	# R[2][0] =  C[0] ^ ( C[2] | C[1])
+
+	and	@C[0],@C[1]
+	xor	@T[1],@C[1]		#            C[4] ^ ( C[1] & C[0])
+	mov	@C[1],$A[2][4](%rsi)	# R[2][4] =  C[4] ^ ( C[1] & C[0])
+
+	or	@C[0],@T[1]
+	  mov	$A[1][0](%rdi),@C[1]
+	xor	@C[3],@T[1]		#           ~C[3] ^ ( C[0] | C[4])
+	  mov	$A[3][2](%rdi),@C[3]
+	mov	@T[1],$A[2][3](%rsi)	# R[2][3] = ~C[3] ^ ( C[0] | C[4])
+
+
+	mov	$A[0][4](%rdi),@C[0]
+
+	xor	@D[1],@C[2]
+	xor	@D[2],@C[3]
+	rol	\$$rhotates[2][1],@C[2]
+	xor	@D[0],@C[1]
+	rol	\$$rhotates[3][2],@C[3]
+	xor	@D[3],@C[4]
+	rol	\$$rhotates[1][0],@C[1]
+	xor	@D[4],@C[0]
+	rol	\$$rhotates[4][3],@C[4]
+	 mov	@C[2],@T[0]
+	 or	@C[3],@C[2]
+	rol	\$$rhotates[0][4],@C[0]
+
+	not	@C[3]
+	xor	@C[1],@C[2]		#            C[1] ^ ( C[2] | C[3])
+	mov	@C[2],$A[3][1](%rsi)	# R[3][1] =  C[1] ^ ( C[2] | C[3])
+
+	mov	@C[4],@T[1]
+	or	@C[3],@C[4]
+	xor	@T[0],@C[4]		#            C[2] ^ ( C[4] | ~C[3])
+	mov	@C[4],$A[3][2](%rsi)	# R[3][2] =  C[2] ^ ( C[4] | ~C[3])
+
+	and	@C[1],@T[0]
+	xor	@C[0],@T[0]		#            C[0] ^ ( C[2] & C[1])
+	mov	@T[0],$A[3][0](%rsi)	# R[3][0] =  C[0] ^ ( C[2] & C[1])
+
+	or	@C[0],@C[1]
+	xor	@T[1],@C[1]		#            C[4] ^ ( C[1] | C[0])
+	mov	@C[1],$A[3][4](%rsi)	# R[3][4] =  C[4] ^ ( C[1] | C[0])
+
+	and	@T[1],@C[0]
+	xor	@C[3],@C[0]		#           ~C[3] ^ ( C[0] & C[4])
+	mov	@C[0],$A[3][3](%rsi)	# R[3][3] = ~C[3] ^ ( C[0] & C[4])
+
+
+	xor	$A[0][2](%rdi),@D[2]
+	xor	$A[1][3](%rdi),@D[3]
+	rol	\$$rhotates[0][2],@D[2]
+	xor	$A[4][1](%rdi),@D[1]
+	rol	\$$rhotates[1][3],@D[3]
+	xor	$A[2][4](%rdi),@D[4]
+	rol	\$$rhotates[4][1],@D[1]
+	xor	$A[3][0](%rdi),@D[0]
+	xchg	%rsi,%rdi
+	rol	\$$rhotates[2][4],@D[4]
+	rol	\$$rhotates[3][0],@D[0]
+___
+	@C = @D[2..4,0,1];
+$code.=<<___;
+	mov	@C[0],@T[0]
+	and	@C[1],@C[0]
+	not	@C[1]
+	xor	@C[4],@C[0]		#            C[4] ^ ( C[0] & C[1])
+	mov	@C[0],$A[4][4](%rdi)	# R[4][4] =  C[4] ^ ( C[0] & C[1])
+
+	mov	@C[2],@T[1]
+	and	@C[1],@C[2]
+	xor	@T[0],@C[2]		#            C[0] ^ ( C[2] & ~C[1])
+	mov	@C[2],$A[4][0](%rdi)	# R[4][0] =  C[0] ^ ( C[2] & ~C[1])
+
+	or	@C[4],@T[0]
+	xor	@C[3],@T[0]		#            C[3] ^ ( C[0] | C[4])
+	mov	@T[0],$A[4][3](%rdi)	# R[4][3] =  C[3] ^ ( C[0] | C[4])
+
+	and	@C[3],@C[4]
+	xor	@T[1],@C[4]		#            C[2] ^ ( C[4] & C[3])
+	mov	@C[4],$A[4][2](%rdi)	# R[4][2] =  C[2] ^ ( C[4] & C[3])
+
+	or	@T[1],@C[3]
+	xor	@C[1],@C[3]		#           ~C[1] ^ ( C[2] | C[3])
+	mov	@C[3],$A[4][1](%rdi)	# R[4][1] = ~C[1] ^ ( C[2] | C[3])
+
+	mov	@C[0],@C[1]		# harmonize with the loop top
+	mov	@T[0],@C[0]
+
+	test	\$255,$iotas
+	jnz	.Loop
+
+	lea	-192($iotas),$iotas	# rewind iotas
+	ret
+.size	__KeccakF1600,.-__KeccakF1600
+
+.type	KeccakF1600,\@abi-omnipotent
+.align	32
+KeccakF1600:
+.cfi_startproc
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+
+	lea	100(%rdi),%rdi		# size optimization
+	sub	\$200,%rsp
+.cfi_adjust_cfa_offset	200
+
+	notq	$A[0][1](%rdi)
+	notq	$A[0][2](%rdi)
+	notq	$A[1][3](%rdi)
+	notq	$A[2][2](%rdi)
+	notq	$A[3][2](%rdi)
+	notq	$A[4][0](%rdi)
+
+	lea	iotas(%rip),$iotas
+	lea	100(%rsp),%rsi		# size optimization
+
+	call	__KeccakF1600
+
+	notq	$A[0][1](%rdi)
+	notq	$A[0][2](%rdi)
+	notq	$A[1][3](%rdi)
+	notq	$A[2][2](%rdi)
+	notq	$A[3][2](%rdi)
+	notq	$A[4][0](%rdi)
+	lea	-100(%rdi),%rdi		# preserve A[][]
+
+	add	\$200,%rsp
+.cfi_adjust_cfa_offset	-200
+
+	pop	%r15
+.cfi_pop	%r15
+	pop	%r14
+.cfi_pop	%r14
+	pop	%r13
+.cfi_pop	%r13
+	pop	%r12
+.cfi_pop	%r12
+	pop	%rbp
+.cfi_pop	%rbp
+	pop	%rbx
+.cfi_pop	%rbx
+	ret
+.cfi_endproc
+.size	KeccakF1600,.-KeccakF1600
+___
+
+{ my ($A_flat,$inp,$len,$bsz) = ("%rdi","%rsi","%rdx","%rcx");
+     ($A_flat,$inp) = ("%r8","%r9");
+$code.=<<___;
+.globl	SHA3_absorb
+.type	SHA3_absorb,\@function,4
+.align	32
+SHA3_absorb:
+.cfi_startproc
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+
+	lea	100(%rdi),%rdi		# size optimization
+	sub	\$232,%rsp
+.cfi_adjust_cfa_offset	232
+
+	mov	%rsi,$inp
+	lea	100(%rsp),%rsi		# size optimization
+
+	notq	$A[0][1](%rdi)
+	notq	$A[0][2](%rdi)
+	notq	$A[1][3](%rdi)
+	notq	$A[2][2](%rdi)
+	notq	$A[3][2](%rdi)
+	notq	$A[4][0](%rdi)
+	lea	iotas(%rip),$iotas
+
+	mov	$bsz,216-100(%rsi)	# save bsz
+
+.Loop_absorb:
+	cmp	$bsz,$len
+	jc	.Ldone_absorb
+
+	shr	\$3,$bsz
+	lea	-100(%rdi),$A_flat
+
+.Lblock_absorb:
+	mov	($inp),%rax
+	lea	8($inp),$inp
+	xor	($A_flat),%rax
+	lea	8($A_flat),$A_flat
+	sub	\$8,$len
+	mov	%rax,-8($A_flat)
+	sub	\$1,$bsz
+	jnz	.Lblock_absorb
+
+	mov	$inp,200-100(%rsi)	# save inp
+	mov	$len,208-100(%rsi)	# save len
+	call	__KeccakF1600
+	mov	200-100(%rsi),$inp	# pull inp
+	mov	208-100(%rsi),$len	# pull len
+	mov	216-100(%rsi),$bsz	# pull bsz
+	jmp	.Loop_absorb
+
+.align	32
+.Ldone_absorb:
+	mov	$len,%rax		# return value
+
+	notq	$A[0][1](%rdi)
+	notq	$A[0][2](%rdi)
+	notq	$A[1][3](%rdi)
+	notq	$A[2][2](%rdi)
+	notq	$A[3][2](%rdi)
+	notq	$A[4][0](%rdi)
+
+	add	\$232,%rsp
+.cfi_adjust_cfa_offset	-232
+
+	pop	%r15
+.cfi_pop	%r15
+	pop	%r14
+.cfi_pop	%r14
+	pop	%r13
+.cfi_pop	%r13
+	pop	%r12
+.cfi_pop	%r12
+	pop	%rbp
+.cfi_pop	%rbp
+	pop	%rbx
+.cfi_pop	%rbx
+	ret
+.cfi_endproc
+.size	SHA3_absorb,.-SHA3_absorb
+___
+}
+{ my ($A_flat,$out,$len,$bsz) = ("%rdi","%rsi","%rdx","%rcx");
+     ($out,$len,$bsz) = ("%r12","%r13","%r14");
+
+$code.=<<___;
+.globl	SHA3_squeeze
+.type	SHA3_squeeze,\@function,4
+.align	32
+SHA3_squeeze:
+.cfi_startproc
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+
+	shr	\$3,%rcx
+	mov	$A_flat,%r8
+	mov	%rsi,$out
+	mov	%rdx,$len
+	mov	%rcx,$bsz
+	jmp	.Loop_squeeze
+
+.align	32
+.Loop_squeeze:
+	cmp	\$8,$len
+	jb	.Ltail_squeeze
+
+	mov	(%r8),%rax
+	lea	8(%r8),%r8
+	mov	%rax,($out)
+	lea	8($out),$out
+	sub	\$8,$len		# len -= 8
+	jz	.Ldone_squeeze
+
+	sub	\$1,%rcx		# bsz--
+	jnz	.Loop_squeeze
+
+	call	KeccakF1600
+	mov	$A_flat,%r8
+	mov	$bsz,%rcx
+	jmp	.Loop_squeeze
+
+.Ltail_squeeze:
+	mov	%r8, %rsi
+	mov	$out,%rdi
+	mov	$len,%rcx
+	.byte	0xf3,0xa4		# rep	movsb
+
+.Ldone_squeeze:
+	pop	%r14
+.cfi_pop	%r14
+	pop	%r13
+.cfi_pop	%r13
+	pop	%r12
+.cfi_pop	%r13
+	ret
+.cfi_endproc
+.size	SHA3_squeeze,.-SHA3_squeeze
+___
+}
+$code.=<<___;
+.align	256
+	.quad	0,0,0,0,0,0,0,0
+.type	iotas,\@object
+iotas:
+	.quad	0x0000000000000001
+	.quad	0x0000000000008082
+	.quad	0x800000000000808a
+	.quad	0x8000000080008000
+	.quad	0x000000000000808b
+	.quad	0x0000000080000001
+	.quad	0x8000000080008081
+	.quad	0x8000000000008009
+	.quad	0x000000000000008a
+	.quad	0x0000000000000088
+	.quad	0x0000000080008009
+	.quad	0x000000008000000a
+	.quad	0x000000008000808b
+	.quad	0x800000000000008b
+	.quad	0x8000000000008089
+	.quad	0x8000000000008003
+	.quad	0x8000000000008002
+	.quad	0x8000000000000080
+	.quad	0x000000000000800a
+	.quad	0x800000008000000a
+	.quad	0x8000000080008081
+	.quad	0x8000000000008080
+	.quad	0x0000000080000001
+	.quad	0x8000000080008008
+.size	iotas,.-iotas
+.asciz	"Keccak-1600 absorb and squeeze for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+foreach (split("\n",$code)) {
+	# Below replacement results in 11.2 on Sandy Bridge, 9.4 on
+	# Haswell, but it hurts other processors by up to 2-3-4x...
+	#s/rol\s+(\$[0-9]+),(%[a-z][a-z0-9]+)/shld\t$1,$2,$2/;
+	# Below replacement results in 9.3 on Haswell [as well as
+	# on Ryzen, i.e. it *hurts* Ryzen]...
+	#s/rol\s+\$([0-9]+),(%[a-z][a-z0-9]+)/rorx\t\$64-$1,$2,$2/;
+
+	print $_, "\n";
+}
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600p8-ppc.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600p8-ppc.pl
new file mode 100755
index 000000000..de2bcd660
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600p8-ppc.pl
@@ -0,0 +1,850 @@
+#!/usr/bin/env perl
+# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# Keccak-1600 for PowerISA 2.07.
+#
+# June 2017.
+#
+# This is straightforward KECCAK_1X_ALT SIMD implementation, but with
+# disjoint Rho and Pi. The module is ABI-bitness- and endian-neutral.
+# POWER8 processor spends 9.8 cycles to process byte out of large
+# buffer for r=1088, which matches SHA3-256. This is 17% better than
+# scalar PPC64 code. It probably should be noted that if POWER8's
+# successor can achieve higher scalar instruction issue rate, then
+# this module will loose... And it does on POWER9 with 12.0 vs. 9.4.
+
+$flavour = shift;
+
+if ($flavour =~ /64/) {
+	$SIZE_T	=8;
+	$LRSAVE	=2*$SIZE_T;
+	$UCMP	="cmpld";
+	$STU	="stdu";
+	$POP	="ld";
+	$PUSH	="std";
+} elsif ($flavour =~ /32/) {
+	$SIZE_T	=4;
+	$LRSAVE	=$SIZE_T;
+	$STU	="stwu";
+	$POP	="lwz";
+	$PUSH	="stw";
+	$UCMP	="cmplw";
+} else { die "nonsense $flavour"; }
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
+die "can't locate ppc-xlate.pl";
+
+open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!";
+
+$FRAME=6*$SIZE_T+13*16;	# 13*16 is for v20-v31 offload
+
+my $sp ="r1";
+
+my $iotas = "r12";
+
+########################################################################
+# Register layout:
+#
+# v0		A[0][0] A[1][0]
+# v1		A[0][1] A[1][1]
+# v2		A[0][2] A[1][2]
+# v3		A[0][3] A[1][3]
+# v4		A[0][4] A[1][4]
+#
+# v5		A[2][0] A[3][0]
+# v6		A[2][1] A[3][1]
+# v7		A[2][2] A[3][2]
+# v8		A[2][3] A[3][3]
+# v9		A[2][4] A[3][4]
+#
+# v10		A[4][0] A[4][1]
+# v11		A[4][2] A[4][3]
+# v12		A[4][4] A[4][4]
+#
+# v13..25	rhotates[][]
+# v26..31	volatile
+#
+$code.=<<___;
+.machine	"any"
+.text
+
+.type	KeccakF1600_int,\@function
+.align	5
+KeccakF1600_int:
+	li	r0,24
+	mtctr	r0
+	li	r0,0
+	b	.Loop
+
+.align	4
+.Loop:
+	;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Theta
+	vxor	v26,v0, v5		; A[0..1][0]^A[2..3][0]
+	vxor	v27,v1, v6		; A[0..1][1]^A[2..3][1]
+	vxor	v28,v2, v7		; A[0..1][2]^A[2..3][2]
+	vxor	v29,v3, v8		; A[0..1][3]^A[2..3][3]
+	vxor	v30,v4, v9		; A[0..1][4]^A[2..3][4]
+	vpermdi	v31,v26,v27,0b00	; A[0][0..1]^A[2][0..1]
+	vpermdi	v26,v26,v27,0b11	; A[1][0..1]^A[3][0..1]
+	vpermdi	v27,v28,v29,0b00	; A[0][2..3]^A[2][2..3]
+	vpermdi	v28,v28,v29,0b11	; A[1][2..3]^A[3][2..3]
+	vpermdi	v29,v30,v30,0b10	; A[1..0][4]^A[3..2][4]
+	vxor	v26,v26,v31		; C[0..1]
+	vxor	v27,v27,v28		; C[2..3]
+	vxor	v28,v29,v30		; C[4..4]
+	vspltisb v31,1
+	vxor	v26,v26,v10		; C[0..1] ^= A[4][0..1]
+	vxor	v27,v27,v11		; C[2..3] ^= A[4][2..3]
+	vxor	v28,v28,v12		; C[4..4] ^= A[4][4..4], low!
+
+	vrld	v29,v26,v31		; ROL64(C[0..1],1)
+	vrld	v30,v27,v31		; ROL64(C[2..3],1)
+	vrld	v31,v28,v31		; ROL64(C[4..4],1)
+	vpermdi	v31,v31,v29,0b10
+	vxor	v26,v26,v30		; C[0..1] ^= ROL64(C[2..3],1)
+	vxor	v27,v27,v31		; C[2..3] ^= ROL64(C[4..0],1)
+	vxor	v28,v28,v29		; C[4..4] ^= ROL64(C[0..1],1), low!
+
+	vpermdi	v29,v26,v26,0b00	; C[0..0]
+	vpermdi	v30,v28,v26,0b10	; C[4..0]
+	vpermdi	v31,v28,v28,0b11	; C[4..4]
+	vxor	v1, v1, v29		; A[0..1][1] ^= C[0..0]
+	vxor	v6, v6, v29		; A[2..3][1] ^= C[0..0]
+	vxor	v10,v10,v30		; A[4][0..1] ^= C[4..0]
+	vxor	v0, v0, v31		; A[0..1][0] ^= C[4..4]
+	vxor	v5, v5, v31		; A[2..3][0] ^= C[4..4]
+
+	vpermdi	v29,v27,v27,0b00	; C[2..2]
+	vpermdi	v30,v26,v26,0b11	; C[1..1]
+	vpermdi	v31,v26,v27,0b10	; C[1..2]
+	vxor	v3, v3, v29		; A[0..1][3] ^= C[2..2]
+	vxor	v8, v8, v29		; A[2..3][3] ^= C[2..2]
+	vxor	v2, v2, v30		; A[0..1][2] ^= C[1..1]
+	vxor	v7, v7, v30		; A[2..3][2] ^= C[1..1]
+	vxor	v11,v11,v31		; A[4][2..3] ^= C[1..2]
+
+	vpermdi	v29,v27,v27,0b11	; C[3..3]
+	vxor	v4, v4, v29		; A[0..1][4] ^= C[3..3]
+	vxor	v9, v9, v29		; A[2..3][4] ^= C[3..3]
+	vxor	v12,v12,v29		; A[4..4][4] ^= C[3..3]
+
+	;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Rho
+	vrld	v26,v0, v13		; v0
+	vrld	v1, v1, v14
+	vrld	v27,v2, v15		; v2
+	vrld	v28,v3, v16		; v3
+	vrld	v4, v4, v17
+	vrld	v5, v5, v18
+	vrld	v6, v6, v19
+	vrld	v29,v7, v20		; v7
+	vrld	v8, v8, v21
+	vrld	v9, v9, v22
+	vrld	v10,v10,v23
+	vrld	v30,v11,v24		; v11
+	vrld	v12,v12,v25
+
+	;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Pi
+	vpermdi	v0, v26,v28,0b00	; [0][0] [1][0] < [0][0] [0][3]
+	vpermdi	v2, v29,v5, 0b00	; [0][2] [1][2] < [2][2] [2][0]
+	vpermdi	v11,v9, v5, 0b01	; [4][2] [4][3] < [2][4] [3][0]
+	vpermdi	v5, v1, v4, 0b00	; [2][0] [3][0] < [0][1] [0][4]
+	vpermdi	v1, v1, v4, 0b11	; [0][1] [1][1] < [1][1] [1][4]
+	vpermdi	v3, v8, v6, 0b11	; [0][3] [1][3] < [3][3] [3][1]
+	vpermdi	v4, v12,v30,0b10	; [0][4] [1][4] < [4][4] [4][2]
+	vpermdi	v7, v8, v6, 0b00	; [2][2] [3][2] < [2][3] [2][1]
+	vpermdi	v6, v27,v26,0b11	; [2][1] [3][1] < [1][2] [1][0]
+	vpermdi	v8, v9, v29,0b11	; [2][3] [3][3] < [3][4] [3][2]
+	vpermdi	v12,v10,v10,0b11	; [4][4] [4][4] < [4][1] [4][1]
+	vpermdi	v9, v10,v30,0b01	; [2][4] [3][4] < [4][0] [4][3]
+	vpermdi	v10,v27,v28,0b01	; [4][0] [4][1] < [0][2] [1][3]
+
+	;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Chi + Iota
+	lvx_u	v31,$iotas,r0		; iotas[index]
+	addic	r0,r0,16		; index++
+
+	vandc	v26,v2, v1		; (~A[0..1][1] & A[0..1][2])
+	vandc	v27,v3, v2		; (~A[0..1][2] & A[0..1][3])
+	vandc	v28,v4, v3		; (~A[0..1][3] & A[0..1][4])
+	vandc	v29,v0, v4		; (~A[0..1][4] & A[0..1][0])
+	vandc	v30,v1, v0		; (~A[0..1][0] & A[0..1][1])
+	vxor	v0, v0, v26		; A[0..1][0] ^= (~A[0..1][1] & A[0..1][2])
+	vxor	v1, v1, v27		; A[0..1][1] ^= (~A[0..1][2] & A[0..1][3])
+	vxor	v2, v2, v28		; A[0..1][2] ^= (~A[0..1][3] & A[0..1][4])
+	vxor	v3, v3, v29		; A[0..1][3] ^= (~A[0..1][4] & A[0..1][0])
+	vxor	v4, v4, v30		; A[0..1][4] ^= (~A[0..1][0] & A[0..1][1])
+
+	vandc	v26,v7, v6		; (~A[2..3][1] & A[2..3][2])
+	vandc	v27,v8, v7		; (~A[2..3][2] & A[2..3][3])
+	vandc	v28,v9, v8		; (~A[2..3][3] & A[2..3][4])
+	vandc	v29,v5, v9		; (~A[2..3][4] & A[2..3][0])
+	vandc	v30,v6, v5		; (~A[2..3][0] & A[2..3][1])
+	vxor	v5, v5, v26		; A[2..3][0] ^= (~A[2..3][1] & A[2..3][2])
+	vxor	v6, v6, v27		; A[2..3][1] ^= (~A[2..3][2] & A[2..3][3])
+	vxor	v7, v7, v28		; A[2..3][2] ^= (~A[2..3][3] & A[2..3][4])
+	vxor	v8, v8, v29		; A[2..3][3] ^= (~A[2..3][4] & A[2..3][0])
+	vxor	v9, v9, v30		; A[2..3][4] ^= (~A[2..3][0] & A[2..3][1])
+
+	vxor	v0, v0, v31		; A[0][0] ^= iotas[index++]
+
+	vpermdi	v26,v10,v11,0b10	; A[4][1..2]
+	vpermdi	v27,v12,v10,0b00	; A[4][4..0]
+	vpermdi	v28,v11,v12,0b10	; A[4][3..4]
+	vpermdi	v29,v10,v10,0b10	; A[4][1..0]
+	vandc	v26,v11,v26		; (~A[4][1..2] & A[4][2..3])
+	vandc	v27,v27,v28		; (~A[4][3..4] & A[4][4..0])
+	vandc	v28,v10,v29		; (~A[4][1..0] & A[4][0..1])
+	vxor	v10,v10,v26		; A[4][0..1] ^= (~A[4][1..2] & A[4][2..3])
+	vxor	v11,v11,v27		; A[4][2..3] ^= (~A[4][3..4] & A[4][4..0])
+	vxor	v12,v12,v28		; A[4][4..4] ^= (~A[4][0..1] & A[4][1..0])
+
+	bdnz	.Loop
+
+	vpermdi	v12,v12,v12,0b11	; broadcast A[4][4]
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+.size	KeccakF1600_int,.-KeccakF1600_int
+
+.type	KeccakF1600,\@function
+.align	5
+KeccakF1600:
+	$STU	$sp,-$FRAME($sp)
+	li	r10,`15+6*$SIZE_T`
+	li	r11,`31+6*$SIZE_T`
+	mflr	r8
+	mfspr	r7, 256			; save vrsave
+	stvx	v20,r10,$sp
+	addi	r10,r10,32
+	stvx	v21,r11,$sp
+	addi	r11,r11,32
+	stvx	v22,r10,$sp
+	addi	r10,r10,32
+	stvx	v23,r11,$sp
+	addi	r11,r11,32
+	stvx	v24,r10,$sp
+	addi	r10,r10,32
+	stvx	v25,r11,$sp
+	addi	r11,r11,32
+	stvx	v26,r10,$sp
+	addi	r10,r10,32
+	stvx	v27,r11,$sp
+	addi	r11,r11,32
+	stvx	v28,r10,$sp
+	addi	r10,r10,32
+	stvx	v29,r11,$sp
+	addi	r11,r11,32
+	stvx	v30,r10,$sp
+	stvx	v31,r11,$sp
+	stw	r7,`$FRAME-4`($sp)	; save vrsave
+	li	r0, -1
+	$PUSH	r8,`$FRAME+$LRSAVE`($sp)
+	mtspr	256, r0			; preserve all AltiVec registers
+
+	li	r11,16
+	lvx_4w	v0,0,r3			; load A[5][5]
+	li	r10,32
+	lvx_4w	v1,r11,r3
+	addi	r11,r11,32
+	lvx_4w	v2,r10,r3
+	addi	r10,r10,32
+	lvx_4w	v3,r11,r3
+	addi	r11,r11,32
+	lvx_4w	v4,r10,r3
+	addi	r10,r10,32
+	lvx_4w	v5,r11,r3
+	addi	r11,r11,32
+	lvx_4w	v6,r10,r3
+	addi	r10,r10,32
+	lvx_4w	v7,r11,r3
+	addi	r11,r11,32
+	lvx_4w	v8,r10,r3
+	addi	r10,r10,32
+	lvx_4w	v9,r11,r3
+	addi	r11,r11,32
+	lvx_4w	v10,r10,r3
+	addi	r10,r10,32
+	lvx_4w	v11,r11,r3
+	lvx_splt v12,r10,r3
+
+	bl	PICmeup
+
+	li	r11,16
+	lvx_u	v13,0,r12		; load rhotates
+	li	r10,32
+	lvx_u	v14,r11,r12
+	addi	r11,r11,32
+	lvx_u	v15,r10,r12
+	addi	r10,r10,32
+	lvx_u	v16,r11,r12
+	addi	r11,r11,32
+	lvx_u	v17,r10,r12
+	addi	r10,r10,32
+	lvx_u	v18,r11,r12
+	addi	r11,r11,32
+	lvx_u	v19,r10,r12
+	addi	r10,r10,32
+	lvx_u	v20,r11,r12
+	addi	r11,r11,32
+	lvx_u	v21,r10,r12
+	addi	r10,r10,32
+	lvx_u	v22,r11,r12
+	addi	r11,r11,32
+	lvx_u	v23,r10,r12
+	addi	r10,r10,32
+	lvx_u	v24,r11,r12
+	lvx_u	v25,r10,r12
+	addi	r12,r12,`16*16`		; points at iotas
+
+	bl	KeccakF1600_int
+
+	li	r11,16
+	stvx_4w	v0,0,r3			; return A[5][5]
+	li	r10,32
+	stvx_4w	v1,r11,r3
+	addi	r11,r11,32
+	stvx_4w	v2,r10,r3
+	addi	r10,r10,32
+	stvx_4w	v3,r11,r3
+	addi	r11,r11,32
+	stvx_4w	v4,r10,r3
+	addi	r10,r10,32
+	stvx_4w	v5,r11,r3
+	addi	r11,r11,32
+	stvx_4w	v6,r10,r3
+	addi	r10,r10,32
+	stvx_4w	v7,r11,r3
+	addi	r11,r11,32
+	stvx_4w	v8,r10,r3
+	addi	r10,r10,32
+	stvx_4w	v9,r11,r3
+	addi	r11,r11,32
+	stvx_4w	v10,r10,r3
+	addi	r10,r10,32
+	stvx_4w	v11,r11,r3
+	stvdx_u v12,r10,r3
+
+	li	r10,`15+6*$SIZE_T`
+	li	r11,`31+6*$SIZE_T`
+	mtlr	r8
+	mtspr	256, r7			; restore vrsave
+	lvx	v20,r10,$sp
+	addi	r10,r10,32
+	lvx	v21,r11,$sp
+	addi	r11,r11,32
+	lvx	v22,r10,$sp
+	addi	r10,r10,32
+	lvx	v23,r11,$sp
+	addi	r11,r11,32
+	lvx	v24,r10,$sp
+	addi	r10,r10,32
+	lvx	v25,r11,$sp
+	addi	r11,r11,32
+	lvx	v26,r10,$sp
+	addi	r10,r10,32
+	lvx	v27,r11,$sp
+	addi	r11,r11,32
+	lvx	v28,r10,$sp
+	addi	r10,r10,32
+	lvx	v29,r11,$sp
+	addi	r11,r11,32
+	lvx	v30,r10,$sp
+	lvx	v31,r11,$sp
+	addi	$sp,$sp,$FRAME
+	blr
+	.long	0
+	.byte	0,12,0x04,1,0x80,0,1,0
+	.long	0
+.size	KeccakF1600,.-KeccakF1600
+___
+{
+my ($A_jagged,$inp,$len,$bsz) = map("r$_",(3..6));
+
+$code.=<<___;
+.globl	SHA3_absorb
+.type	SHA3_absorb,\@function
+.align	5
+SHA3_absorb:
+	$STU	$sp,-$FRAME($sp)
+	li	r10,`15+6*$SIZE_T`
+	li	r11,`31+6*$SIZE_T`
+	mflr	r8
+	mfspr	r7, 256			; save vrsave
+	stvx	v20,r10,$sp
+	addi	r10,r10,32
+	stvx	v21,r11,$sp
+	addi	r11,r11,32
+	stvx	v22,r10,$sp
+	addi	r10,r10,32
+	stvx	v23,r11,$sp
+	addi	r11,r11,32
+	stvx	v24,r10,$sp
+	addi	r10,r10,32
+	stvx	v25,r11,$sp
+	addi	r11,r11,32
+	stvx	v26,r10,$sp
+	addi	r10,r10,32
+	stvx	v27,r11,$sp
+	addi	r11,r11,32
+	stvx	v28,r10,$sp
+	addi	r10,r10,32
+	stvx	v29,r11,$sp
+	addi	r11,r11,32
+	stvx	v30,r10,$sp
+	stvx	v31,r11,$sp
+	stw	r7,`$FRAME-4`($sp)	; save vrsave
+	li	r0, -1
+	$PUSH	r8,`$FRAME+$LRSAVE`($sp)
+	mtspr	256, r0			; preserve all AltiVec registers
+
+	li	r11,16
+	lvx_4w	v0,0,$A_jagged		; load A[5][5]
+	li	r10,32
+	lvx_4w	v1,r11,$A_jagged
+	addi	r11,r11,32
+	lvx_4w	v2,r10,$A_jagged
+	addi	r10,r10,32
+	lvx_4w	v3,r11,$A_jagged
+	addi	r11,r11,32
+	lvx_4w	v4,r10,$A_jagged
+	addi	r10,r10,32
+	lvx_4w	v5,r11,$A_jagged
+	addi	r11,r11,32
+	lvx_4w	v6,r10,$A_jagged
+	addi	r10,r10,32
+	lvx_4w	v7,r11,$A_jagged
+	addi	r11,r11,32
+	lvx_4w	v8,r10,$A_jagged
+	addi	r10,r10,32
+	lvx_4w	v9,r11,$A_jagged
+	addi	r11,r11,32
+	lvx_4w	v10,r10,$A_jagged
+	addi	r10,r10,32
+	lvx_4w	v11,r11,$A_jagged
+	lvx_splt v12,r10,$A_jagged
+
+	bl	PICmeup
+
+	li	r11,16
+	lvx_u	v13,0,r12		; load rhotates
+	li	r10,32
+	lvx_u	v14,r11,r12
+	addi	r11,r11,32
+	lvx_u	v15,r10,r12
+	addi	r10,r10,32
+	lvx_u	v16,r11,r12
+	addi	r11,r11,32
+	lvx_u	v17,r10,r12
+	addi	r10,r10,32
+	lvx_u	v18,r11,r12
+	addi	r11,r11,32
+	lvx_u	v19,r10,r12
+	addi	r10,r10,32
+	lvx_u	v20,r11,r12
+	addi	r11,r11,32
+	lvx_u	v21,r10,r12
+	addi	r10,r10,32
+	lvx_u	v22,r11,r12
+	addi	r11,r11,32
+	lvx_u	v23,r10,r12
+	addi	r10,r10,32
+	lvx_u	v24,r11,r12
+	lvx_u	v25,r10,r12
+	li	r10,-32
+	li	r11,-16
+	addi	r12,r12,`16*16`		; points at iotas
+	b	.Loop_absorb
+
+.align	4
+.Loop_absorb:
+	$UCMP	$len,$bsz		; len < bsz?
+	blt	.Labsorbed
+
+	sub	$len,$len,$bsz		; len -= bsz
+	srwi	r0,$bsz,3
+	mtctr	r0
+
+	lvx_u	v30,r10,r12		; permutation masks
+	lvx_u	v31,r11,r12
+	?vspltisb v27,7			; prepare masks for byte swap
+	?vxor	v30,v30,v27		; on big-endian
+	?vxor	v31,v31,v27
+
+	vxor	v27,v27,v27		; zero
+	lvdx_u	v26,0,$inp
+	addi	$inp,$inp,8
+	vperm	v26,v26,v27,v30
+	vxor	v0, v0, v26
+	bdz	.Lprocess_block
+	lvdx_u	v26,0,$inp
+	addi	$inp,$inp,8
+	vperm	v26,v26,v27,v30
+	vxor	v1, v1, v26
+	bdz	.Lprocess_block
+	lvdx_u	v26,0,$inp
+	addi	$inp,$inp,8
+	vperm	v26,v26,v27,v30
+	vxor	v2, v2, v26
+	bdz	.Lprocess_block
+	lvdx_u	v26,0,$inp
+	addi	$inp,$inp,8
+	vperm	v26,v26,v27,v30
+	vxor	v3, v3, v26
+	bdz	.Lprocess_block
+	lvdx_u	v26,0,$inp
+	addi	$inp,$inp,8
+	vperm	v26,v26,v27,v30
+	vxor	v4, v4, v26
+	bdz	.Lprocess_block
+	lvdx_u	v26,0,$inp
+	addi	$inp,$inp,8
+	vperm	v26,v26,v27,v31
+	vxor	v0, v0, v26
+	bdz	.Lprocess_block
+	lvdx_u	v26,0,$inp
+	addi	$inp,$inp,8
+	vperm	v26,v26,v27,v31
+	vxor	v1, v1, v26
+	bdz	.Lprocess_block
+	lvdx_u	v26,0,$inp
+	addi	$inp,$inp,8
+	vperm	v26,v26,v27,v31
+	vxor	v2, v2, v26
+	bdz	.Lprocess_block
+	lvdx_u	v26,0,$inp
+	addi	$inp,$inp,8
+	vperm	v26,v26,v27,v31
+	vxor	v3, v3, v26
+	bdz	.Lprocess_block
+	lvdx_u	v26,0,$inp
+	addi	$inp,$inp,8
+	vperm	v26,v26,v27,v31
+	vxor	v4, v4, v26
+	bdz	.Lprocess_block
+	lvdx_u	v26,0,$inp
+	addi	$inp,$inp,8
+	vperm	v26,v26,v27,v30
+	vxor	v5, v5, v26
+	bdz	.Lprocess_block
+	lvdx_u	v26,0,$inp
+	addi	$inp,$inp,8
+	vperm	v26,v26,v27,v30
+	vxor	v6, v6, v26
+	bdz	.Lprocess_block
+	lvdx_u	v26,0,$inp
+	addi	$inp,$inp,8
+	vperm	v26,v26,v27,v30
+	vxor	v7, v7, v26
+	bdz	.Lprocess_block
+	lvdx_u	v26,0,$inp
+	addi	$inp,$inp,8
+	vperm	v26,v26,v27,v30
+	vxor	v8, v8, v26
+	bdz	.Lprocess_block
+	lvdx_u	v26,0,$inp
+	addi	$inp,$inp,8
+	vperm	v26,v26,v27,v30
+	vxor	v9, v9, v26
+	bdz	.Lprocess_block
+	lvdx_u	v26,0,$inp
+	addi	$inp,$inp,8
+	vperm	v26,v26,v27,v31
+	vxor	v5, v5, v26
+	bdz	.Lprocess_block
+	lvdx_u	v26,0,$inp
+	addi	$inp,$inp,8
+	vperm	v26,v26,v27,v31
+	vxor	v6, v6, v26
+	bdz	.Lprocess_block
+	lvdx_u	v26,0,$inp
+	addi	$inp,$inp,8
+	vperm	v26,v26,v27,v31
+	vxor	v7, v7, v26
+	bdz	.Lprocess_block
+	lvdx_u	v26,0,$inp
+	addi	$inp,$inp,8
+	vperm	v26,v26,v27,v31
+	vxor	v8, v8, v26
+	bdz	.Lprocess_block
+	lvdx_u	v26,0,$inp
+	addi	$inp,$inp,8
+	vperm	v26,v26,v27,v31
+	vxor	v9, v9, v26
+	bdz	.Lprocess_block
+	lvdx_u	v26,0,$inp
+	addi	$inp,$inp,8
+	vperm	v26,v26,v27,v30
+	vxor	v10, v10, v26
+	bdz	.Lprocess_block
+	lvdx_u	v26,0,$inp
+	addi	$inp,$inp,8
+	vperm	v26,v26,v27,v31
+	vxor	v10, v10, v26
+	bdz	.Lprocess_block
+	lvdx_u	v26,0,$inp
+	addi	$inp,$inp,8
+	vperm	v26,v26,v27,v30
+	vxor	v11, v11, v26
+	bdz	.Lprocess_block
+	lvdx_u	v26,0,$inp
+	addi	$inp,$inp,8
+	vperm	v26,v26,v27,v31
+	vxor	v11, v11, v26
+	bdz	.Lprocess_block
+	lvdx_u	v26,0,$inp
+	addi	$inp,$inp,8
+	vperm	v26,v26,v27,v31
+	vxor	v12, v12, v26
+
+.Lprocess_block:
+	bl	KeccakF1600_int
+
+	b	.Loop_absorb
+
+.align	4
+.Labsorbed:
+	li	r11,16
+	stvx_4w	v0,0,$A_jagged		; return A[5][5]
+	li	r10,32
+	stvx_4w	v1,r11,$A_jagged
+	addi	r11,r11,32
+	stvx_4w	v2,r10,$A_jagged
+	addi	r10,r10,32
+	stvx_4w	v3,r11,$A_jagged
+	addi	r11,r11,32
+	stvx_4w	v4,r10,$A_jagged
+	addi	r10,r10,32
+	stvx_4w	v5,r11,$A_jagged
+	addi	r11,r11,32
+	stvx_4w	v6,r10,$A_jagged
+	addi	r10,r10,32
+	stvx_4w	v7,r11,$A_jagged
+	addi	r11,r11,32
+	stvx_4w	v8,r10,$A_jagged
+	addi	r10,r10,32
+	stvx_4w	v9,r11,$A_jagged
+	addi	r11,r11,32
+	stvx_4w	v10,r10,$A_jagged
+	addi	r10,r10,32
+	stvx_4w	v11,r11,$A_jagged
+	stvdx_u v12,r10,$A_jagged
+
+	mr	r3,$len			; return value
+	li	r10,`15+6*$SIZE_T`
+	li	r11,`31+6*$SIZE_T`
+	mtlr	r8
+	mtspr	256, r7			; restore vrsave
+	lvx	v20,r10,$sp
+	addi	r10,r10,32
+	lvx	v21,r11,$sp
+	addi	r11,r11,32
+	lvx	v22,r10,$sp
+	addi	r10,r10,32
+	lvx	v23,r11,$sp
+	addi	r11,r11,32
+	lvx	v24,r10,$sp
+	addi	r10,r10,32
+	lvx	v25,r11,$sp
+	addi	r11,r11,32
+	lvx	v26,r10,$sp
+	addi	r10,r10,32
+	lvx	v27,r11,$sp
+	addi	r11,r11,32
+	lvx	v28,r10,$sp
+	addi	r10,r10,32
+	lvx	v29,r11,$sp
+	addi	r11,r11,32
+	lvx	v30,r10,$sp
+	lvx	v31,r11,$sp
+	addi	$sp,$sp,$FRAME
+	blr
+	.long	0
+	.byte	0,12,0x04,1,0x80,0,4,0
+	.long	0
+.size	SHA3_absorb,.-SHA3_absorb
+___
+}
+{
+my ($A_jagged,$out,$len,$bsz) = map("r$_",(3..6));
+
+$code.=<<___;
+.globl	SHA3_squeeze
+.type	SHA3_squeeze,\@function
+.align	5
+SHA3_squeeze:
+	mflr	r9			; r9 is not touched by KeccakF1600
+	subi	$out,$out,1		; prepare for stbu
+	addi	r8,$A_jagged,4		; prepare volatiles
+	mr	r10,$bsz
+	li	r11,0
+	b	.Loop_squeeze
+.align	4
+.Loop_squeeze:
+	lwzx	r7,r11,r8		; lo
+	lwzx	r0,r11,$A_jagged	; hi
+	${UCMP}i $len,8
+	blt	.Lsqueeze_tail
+
+	stbu	r7,1($out)		; write lo
+	srwi	r7,r7,8
+	stbu	r7,1($out)
+	srwi	r7,r7,8
+	stbu	r7,1($out)
+	srwi	r7,r7,8
+	stbu	r7,1($out)
+	stbu	r0,1($out)		; write hi
+	srwi	r0,r0,8
+	stbu	r0,1($out)
+	srwi	r0,r0,8
+	stbu	r0,1($out)
+	srwi	r0,r0,8
+	stbu	r0,1($out)
+
+	subic.	$len,$len,8
+	beqlr				; return if done
+
+	subic.	r10,r10,8
+	ble	.Loutput_expand
+
+	addi	r11,r11,16		; calculate jagged index
+	cmplwi	r11,`16*5`
+	blt	.Loop_squeeze
+	subi	r11,r11,72
+	beq	.Loop_squeeze
+	addi	r11,r11,72
+	cmplwi	r11,`16*5+8`
+	subi	r11,r11,8
+	beq	.Loop_squeeze
+	addi	r11,r11,8
+	cmplwi	r11,`16*10`
+	subi	r11,r11,72
+	beq	.Loop_squeeze
+	addi	r11,r11,72
+	blt	.Loop_squeeze
+	subi	r11,r11,8
+	b	.Loop_squeeze
+
+.align	4
+.Loutput_expand:
+	bl	KeccakF1600
+	mtlr	r9
+
+	addi	r8,$A_jagged,4		; restore volatiles
+	mr	r10,$bsz
+	li	r11,0
+	b	.Loop_squeeze
+
+.align	4
+.Lsqueeze_tail:
+	mtctr	$len
+	subic.	$len,$len,4
+	ble	.Loop_tail_lo
+	li	r8,4
+	mtctr	r8
+.Loop_tail_lo:
+	stbu	r7,1($out)
+	srdi	r7,r7,8
+	bdnz	.Loop_tail_lo
+	ble	.Lsqueeze_done
+	mtctr	$len
+.Loop_tail_hi:
+	stbu	r0,1($out)
+	srdi	r0,r0,8
+	bdnz	.Loop_tail_hi
+
+.Lsqueeze_done:
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,4,0
+	.long	0
+.size	SHA3_squeeze,.-SHA3_squeeze
+___
+}
+$code.=<<___;
+.align	6
+PICmeup:
+	mflr	r0
+	bcl	20,31,\$+4
+	mflr	r12   ; vvvvvv "distance" between . and 1st data entry
+	addi	r12,r12,`64-8`
+	mtlr	r0
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+	.space	`64-9*4`
+.type	rhotates,\@object
+.align	6
+rhotates:
+	.quad	0,  36
+	.quad	1,  44
+	.quad	62,  6
+	.quad	28, 55
+	.quad	27, 20
+	.quad	3,  41
+	.quad	10, 45
+	.quad	43, 15
+	.quad	25, 21
+	.quad	39,  8
+	.quad	18,  2
+	.quad	61, 56
+	.quad	14, 14
+.size	rhotates,.-rhotates
+	.quad	0,0
+	.quad	0x0001020304050607,0x1011121314151617
+	.quad	0x1011121314151617,0x0001020304050607
+.type	iotas,\@object
+iotas:
+	.quad	0x0000000000000001,0
+	.quad	0x0000000000008082,0
+	.quad	0x800000000000808a,0
+	.quad	0x8000000080008000,0
+	.quad	0x000000000000808b,0
+	.quad	0x0000000080000001,0
+	.quad	0x8000000080008081,0
+	.quad	0x8000000000008009,0
+	.quad	0x000000000000008a,0
+	.quad	0x0000000000000088,0
+	.quad	0x0000000080008009,0
+	.quad	0x000000008000000a,0
+	.quad	0x000000008000808b,0
+	.quad	0x800000000000008b,0
+	.quad	0x8000000000008089,0
+	.quad	0x8000000000008003,0
+	.quad	0x8000000000008002,0
+	.quad	0x8000000000000080,0
+	.quad	0x000000000000800a,0
+	.quad	0x800000008000000a,0
+	.quad	0x8000000080008081,0
+	.quad	0x8000000000008080,0
+	.quad	0x0000000080000001,0
+	.quad	0x8000000080008008,0
+.size	iotas,.-iotas
+.asciz	"Keccak-1600 absorb and squeeze for PowerISA 2.07, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+foreach  (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/ge;
+
+	if ($flavour =~ /le$/) {	# little-endian
+	    s/\?([a-z]+)/;$1/;
+	} else {			# big-endian
+	    s/\?([a-z]+)/$1/;
+	}
+
+	print $_,"\n";
+}
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-586.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-586.pl
new file mode 100644
index 000000000..9d4ff7f39
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-586.pl
@@ -0,0 +1,1491 @@
+#! /usr/bin/env perl
+# Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# [Re]written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# "[Re]written" was achieved in two major overhauls. In 2004 BODY_*
+# functions were re-implemented to address P4 performance issue [see
+# commentary below], and in 2006 the rest was rewritten in order to
+# gain freedom to liberate licensing terms.
+
+# January, September 2004.
+#
+# It was noted that Intel IA-32 C compiler generates code which
+# performs ~30% *faster* on P4 CPU than original *hand-coded*
+# SHA1 assembler implementation. To address this problem (and
+# prove that humans are still better than machines:-), the
+# original code was overhauled, which resulted in following
+# performance changes:
+#
+#		compared with original	compared with Intel cc
+#		assembler impl.		generated code
+# Pentium	-16%			+48%
+# PIII/AMD	+8%			+16%
+# P4		+85%(!)			+45%
+#
+# As you can see Pentium came out as looser:-( Yet I reckoned that
+# improvement on P4 outweighs the loss and incorporate this
+# re-tuned code to 0.9.7 and later.
+# ----------------------------------------------------------------
+
+# August 2009.
+#
+# George Spelvin has tipped that F_40_59(b,c,d) can be rewritten as
+# '(c&d) + (b&(c^d))', which allows to accumulate partial results
+# and lighten "pressure" on scratch registers. This resulted in
+# >12% performance improvement on contemporary AMD cores (with no
+# degradation on other CPUs:-). Also, the code was revised to maximize
+# "distance" between instructions producing input to 'lea' instruction
+# and the 'lea' instruction itself, which is essential for Intel Atom
+# core and resulted in ~15% improvement.
+
+# October 2010.
+#
+# Add SSSE3, Supplemental[!] SSE3, implementation. The idea behind it
+# is to offload message schedule denoted by Wt in NIST specification,
+# or Xupdate in OpenSSL source, to SIMD unit. The idea is not novel,
+# and in SSE2 context was first explored by Dean Gaudet in 2004, see
+# http://arctic.org/~dean/crypto/sha1.html. Since then several things
+# have changed that made it interesting again:
+#
+# a) XMM units became faster and wider;
+# b) instruction set became more versatile;
+# c) an important observation was made by Max Locktykhin, which made
+#    it possible to reduce amount of instructions required to perform
+#    the operation in question, for further details see
+#    http://software.intel.com/en-us/articles/improving-the-performance-of-the-secure-hash-algorithm-1/.
+
+# April 2011.
+#
+# Add AVX code path, probably most controversial... The thing is that
+# switch to AVX alone improves performance by as little as 4% in
+# comparison to SSSE3 code path. But below result doesn't look like
+# 4% improvement... Trouble is that Sandy Bridge decodes 'ro[rl]' as
+# pair of µ-ops, and it's the additional µ-ops, two per round, that
+# make it run slower than Core2 and Westmere. But 'sh[rl]d' is decoded
+# as single µ-op by Sandy Bridge and it's replacing 'ro[rl]' with
+# equivalent 'sh[rl]d' that is responsible for the impressive 5.1
+# cycles per processed byte. But 'sh[rl]d' is not something that used
+# to be fast, nor does it appear to be fast in upcoming Bulldozer
+# [according to its optimization manual]. Which is why AVX code path
+# is guarded by *both* AVX and synthetic bit denoting Intel CPUs.
+# One can argue that it's unfair to AMD, but without 'sh[rl]d' it
+# makes no sense to keep the AVX code path. If somebody feels that
+# strongly, it's probably more appropriate to discuss possibility of
+# using vector rotate XOP on AMD...
+
+# March 2014.
+#
+# Add support for Intel SHA Extensions.
+
+######################################################################
+# Current performance is summarized in following table. Numbers are
+# CPU clock cycles spent to process single byte (less is better).
+#
+#		x86		SSSE3		AVX
+# Pentium	15.7		-
+# PIII		11.5		-
+# P4		10.6		-
+# AMD K8	7.1		-
+# Core2		7.3		6.0/+22%	-
+# Westmere	7.3		5.5/+33%	-
+# Sandy Bridge	8.8		6.2/+40%	5.1(**)/+73%
+# Ivy Bridge	7.2		4.8/+51%	4.7(**)/+53%
+# Haswell	6.5		4.3/+51%	4.1(**)/+58%
+# Skylake	6.4		4.1/+55%	4.1(**)/+55%
+# Bulldozer	11.6		6.0/+92%
+# VIA Nano	10.6		7.5/+41%
+# Atom		12.5		9.3(*)/+35%
+# Silvermont	14.5		9.9(*)/+46%
+# Goldmont	8.8		6.7/+30%	1.7(***)/+415%
+#
+# (*)	Loop is 1056 instructions long and expected result is ~8.25.
+#	The discrepancy is because of front-end limitations, so
+#	called MS-ROM penalties, and on Silvermont even rotate's
+#	limited parallelism.
+#
+# (**)	As per above comment, the result is for AVX *plus* sh[rl]d.
+#
+# (***)	SHAEXT result
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+
+$output=pop;
+open STDOUT,">$output";
+
+&asm_init($ARGV[0],$ARGV[$#ARGV] eq "386");
+
+$xmm=$ymm=0;
+for (@ARGV) { $xmm=1 if (/-DOPENSSL_IA32_SSE2/); }
+
+$ymm=1 if ($xmm &&
+		`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+			=~ /GNU assembler version ([2-9]\.[0-9]+)/ &&
+		$1>=2.19);	# first version supporting AVX
+
+$ymm=1 if ($xmm && !$ymm && $ARGV[0] eq "win32n" &&
+		`nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/ &&
+		$1>=2.03);	# first version supporting AVX
+
+$ymm=1 if ($xmm && !$ymm && $ARGV[0] eq "win32" &&
+		`ml 2>&1` =~ /Version ([0-9]+)\./ &&
+		$1>=10);	# first version supporting AVX
+
+$ymm=1 if ($xmm && !$ymm && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/ &&
+		$2>=3.0);	# first version supporting AVX
+
+$shaext=$xmm;	### set to zero if compiling for 1.0.1
+
+&external_label("OPENSSL_ia32cap_P") if ($xmm);
+
+
+$A="eax";
+$B="ebx";
+$C="ecx";
+$D="edx";
+$E="edi";
+$T="esi";
+$tmp1="ebp";
+
+@V=($A,$B,$C,$D,$E,$T);
+
+$alt=0;	# 1 denotes alternative IALU implementation, which performs
+	# 8% *worse* on P4, same on Westmere and Atom, 2% better on
+	# Sandy Bridge...
+
+sub BODY_00_15
+	{
+	local($n,$a,$b,$c,$d,$e,$f)=@_;
+
+	&comment("00_15 $n");
+
+	&mov($f,$c);			# f to hold F_00_19(b,c,d)
+	 if ($n==0)  { &mov($tmp1,$a); }
+	 else        { &mov($a,$tmp1); }
+	&rotl($tmp1,5);			# tmp1=ROTATE(a,5)
+	 &xor($f,$d);
+	&add($tmp1,$e);			# tmp1+=e;
+	 &mov($e,&swtmp($n%16));	# e becomes volatile and is loaded
+	 				# with xi, also note that e becomes
+					# f in next round...
+	&and($f,$b);
+	&rotr($b,2);			# b=ROTATE(b,30)
+	 &xor($f,$d);			# f holds F_00_19(b,c,d)
+	&lea($tmp1,&DWP(0x5a827999,$tmp1,$e));	# tmp1+=K_00_19+xi
+
+	if ($n==15) { &mov($e,&swtmp(($n+1)%16));# pre-fetch f for next round
+		      &add($f,$tmp1); }	# f+=tmp1
+	else        { &add($tmp1,$f); }	# f becomes a in next round
+	&mov($tmp1,$a)			if ($alt && $n==15);
+	}
+
+sub BODY_16_19
+	{
+	local($n,$a,$b,$c,$d,$e,$f)=@_;
+
+	&comment("16_19 $n");
+
+if ($alt) {
+	&xor($c,$d);
+	 &xor($f,&swtmp(($n+2)%16));	# f to hold Xupdate(xi,xa,xb,xc,xd)
+	&and($tmp1,$c);			# tmp1 to hold F_00_19(b,c,d), b&=c^d
+	 &xor($f,&swtmp(($n+8)%16));
+	&xor($tmp1,$d);			# tmp1=F_00_19(b,c,d)
+	 &xor($f,&swtmp(($n+13)%16));	# f holds xa^xb^xc^xd
+	&rotl($f,1);			# f=ROTATE(f,1)
+	 &add($e,$tmp1);		# e+=F_00_19(b,c,d)
+	&xor($c,$d);			# restore $c
+	 &mov($tmp1,$a);		# b in next round
+	&rotr($b,$n==16?2:7);		# b=ROTATE(b,30)
+	 &mov(&swtmp($n%16),$f);	# xi=f
+	&rotl($a,5);			# ROTATE(a,5)
+	 &lea($f,&DWP(0x5a827999,$f,$e));# f+=F_00_19(b,c,d)+e
+	&mov($e,&swtmp(($n+1)%16));	# pre-fetch f for next round
+	 &add($f,$a);			# f+=ROTATE(a,5)
+} else {
+	&mov($tmp1,$c);			# tmp1 to hold F_00_19(b,c,d)
+	 &xor($f,&swtmp(($n+2)%16));	# f to hold Xupdate(xi,xa,xb,xc,xd)
+	&xor($tmp1,$d);
+	 &xor($f,&swtmp(($n+8)%16));
+	&and($tmp1,$b);
+	 &xor($f,&swtmp(($n+13)%16));	# f holds xa^xb^xc^xd
+	&rotl($f,1);			# f=ROTATE(f,1)
+	 &xor($tmp1,$d);		# tmp1=F_00_19(b,c,d)
+	&add($e,$tmp1);			# e+=F_00_19(b,c,d)
+	 &mov($tmp1,$a);
+	&rotr($b,2);			# b=ROTATE(b,30)
+	 &mov(&swtmp($n%16),$f);	# xi=f
+	&rotl($tmp1,5);			# ROTATE(a,5)
+	 &lea($f,&DWP(0x5a827999,$f,$e));# f+=F_00_19(b,c,d)+e
+	&mov($e,&swtmp(($n+1)%16));	# pre-fetch f for next round
+	 &add($f,$tmp1);		# f+=ROTATE(a,5)
+}
+	}
+
+sub BODY_20_39
+	{
+	local($n,$a,$b,$c,$d,$e,$f)=@_;
+	local $K=($n<40)?0x6ed9eba1:0xca62c1d6;
+
+	&comment("20_39 $n");
+
+if ($alt) {
+	&xor($tmp1,$c);			# tmp1 to hold F_20_39(b,c,d), b^=c
+	 &xor($f,&swtmp(($n+2)%16));	# f to hold Xupdate(xi,xa,xb,xc,xd)
+	&xor($tmp1,$d);			# tmp1 holds F_20_39(b,c,d)
+	 &xor($f,&swtmp(($n+8)%16));
+	&add($e,$tmp1);			# e+=F_20_39(b,c,d)
+	 &xor($f,&swtmp(($n+13)%16));	# f holds xa^xb^xc^xd
+	&rotl($f,1);			# f=ROTATE(f,1)
+	 &mov($tmp1,$a);		# b in next round
+	&rotr($b,7);			# b=ROTATE(b,30)
+	 &mov(&swtmp($n%16),$f)		if($n<77);# xi=f
+	&rotl($a,5);			# ROTATE(a,5)
+	 &xor($b,$c)			if($n==39);# warm up for BODY_40_59
+	&and($tmp1,$b)			if($n==39);
+	 &lea($f,&DWP($K,$f,$e));	# f+=e+K_XX_YY
+	&mov($e,&swtmp(($n+1)%16))	if($n<79);# pre-fetch f for next round
+	 &add($f,$a);			# f+=ROTATE(a,5)
+	&rotr($a,5)			if ($n==79);
+} else {
+	&mov($tmp1,$b);			# tmp1 to hold F_20_39(b,c,d)
+	 &xor($f,&swtmp(($n+2)%16));	# f to hold Xupdate(xi,xa,xb,xc,xd)
+	&xor($tmp1,$c);
+	 &xor($f,&swtmp(($n+8)%16));
+	&xor($tmp1,$d);			# tmp1 holds F_20_39(b,c,d)
+	 &xor($f,&swtmp(($n+13)%16));	# f holds xa^xb^xc^xd
+	&rotl($f,1);			# f=ROTATE(f,1)
+	 &add($e,$tmp1);		# e+=F_20_39(b,c,d)
+	&rotr($b,2);			# b=ROTATE(b,30)
+	 &mov($tmp1,$a);
+	&rotl($tmp1,5);			# ROTATE(a,5)
+	 &mov(&swtmp($n%16),$f) if($n<77);# xi=f
+	&lea($f,&DWP($K,$f,$e));	# f+=e+K_XX_YY
+	 &mov($e,&swtmp(($n+1)%16)) if($n<79);# pre-fetch f for next round
+	&add($f,$tmp1);			# f+=ROTATE(a,5)
+}
+	}
+
+sub BODY_40_59
+	{
+	local($n,$a,$b,$c,$d,$e,$f)=@_;
+
+	&comment("40_59 $n");
+
+if ($alt) {
+	&add($e,$tmp1);			# e+=b&(c^d)
+	 &xor($f,&swtmp(($n+2)%16));	# f to hold Xupdate(xi,xa,xb,xc,xd)
+	&mov($tmp1,$d);
+	 &xor($f,&swtmp(($n+8)%16));
+	&xor($c,$d);			# restore $c
+	 &xor($f,&swtmp(($n+13)%16));	# f holds xa^xb^xc^xd
+	&rotl($f,1);			# f=ROTATE(f,1)
+	 &and($tmp1,$c);
+	&rotr($b,7);			# b=ROTATE(b,30)
+	 &add($e,$tmp1);		# e+=c&d
+	&mov($tmp1,$a);			# b in next round
+	 &mov(&swtmp($n%16),$f);	# xi=f
+	&rotl($a,5);			# ROTATE(a,5)
+	 &xor($b,$c)			if ($n<59);
+	&and($tmp1,$b)			if ($n<59);# tmp1 to hold F_40_59(b,c,d)
+	 &lea($f,&DWP(0x8f1bbcdc,$f,$e));# f+=K_40_59+e+(b&(c^d))
+	&mov($e,&swtmp(($n+1)%16));	# pre-fetch f for next round
+	 &add($f,$a);			# f+=ROTATE(a,5)
+} else {
+	&mov($tmp1,$c);			# tmp1 to hold F_40_59(b,c,d)
+	 &xor($f,&swtmp(($n+2)%16));	# f to hold Xupdate(xi,xa,xb,xc,xd)
+	&xor($tmp1,$d);
+	 &xor($f,&swtmp(($n+8)%16));
+	&and($tmp1,$b);
+	 &xor($f,&swtmp(($n+13)%16));	# f holds xa^xb^xc^xd
+	&rotl($f,1);			# f=ROTATE(f,1)
+	 &add($tmp1,$e);		# b&(c^d)+=e
+	&rotr($b,2);			# b=ROTATE(b,30)
+	 &mov($e,$a);			# e becomes volatile
+	&rotl($e,5);			# ROTATE(a,5)
+	 &mov(&swtmp($n%16),$f);	# xi=f
+	&lea($f,&DWP(0x8f1bbcdc,$f,$tmp1));# f+=K_40_59+e+(b&(c^d))
+	 &mov($tmp1,$c);
+	&add($f,$e);			# f+=ROTATE(a,5)
+	 &and($tmp1,$d);
+	&mov($e,&swtmp(($n+1)%16));	# pre-fetch f for next round
+	 &add($f,$tmp1);		# f+=c&d
+}
+	}
+
+&function_begin("sha1_block_data_order");
+if ($xmm) {
+  &static_label("shaext_shortcut")	if ($shaext);
+  &static_label("ssse3_shortcut");
+  &static_label("avx_shortcut")		if ($ymm);
+  &static_label("K_XX_XX");
+
+	&call	(&label("pic_point"));	# make it PIC!
+  &set_label("pic_point");
+	&blindpop($tmp1);
+	&picmeup($T,"OPENSSL_ia32cap_P",$tmp1,&label("pic_point"));
+	&lea	($tmp1,&DWP(&label("K_XX_XX")."-".&label("pic_point"),$tmp1));
+
+	&mov	($A,&DWP(0,$T));
+	&mov	($D,&DWP(4,$T));
+	&test	($D,1<<9);		# check SSSE3 bit
+	&jz	(&label("x86"));
+	&mov	($C,&DWP(8,$T));
+	&test	($A,1<<24);		# check FXSR bit
+	&jz	(&label("x86"));
+	if ($shaext) {
+		&test	($C,1<<29);		# check SHA bit
+		&jnz	(&label("shaext_shortcut"));
+	}
+	if ($ymm) {
+		&and	($D,1<<28);		# mask AVX bit
+		&and	($A,1<<30);		# mask "Intel CPU" bit
+		&or	($A,$D);
+		&cmp	($A,1<<28|1<<30);
+		&je	(&label("avx_shortcut"));
+	}
+	&jmp	(&label("ssse3_shortcut"));
+  &set_label("x86",16);
+}
+	&mov($tmp1,&wparam(0));	# SHA_CTX *c
+	&mov($T,&wparam(1));	# const void *input
+	&mov($A,&wparam(2));	# size_t num
+	&stack_push(16+3);	# allocate X[16]
+	&shl($A,6);
+	&add($A,$T);
+	&mov(&wparam(2),$A);	# pointer beyond the end of input
+	&mov($E,&DWP(16,$tmp1));# pre-load E
+	&jmp(&label("loop"));
+
+&set_label("loop",16);
+
+	# copy input chunk to X, but reversing byte order!
+	for ($i=0; $i<16; $i+=4)
+		{
+		&mov($A,&DWP(4*($i+0),$T));
+		&mov($B,&DWP(4*($i+1),$T));
+		&mov($C,&DWP(4*($i+2),$T));
+		&mov($D,&DWP(4*($i+3),$T));
+		&bswap($A);
+		&bswap($B);
+		&bswap($C);
+		&bswap($D);
+		&mov(&swtmp($i+0),$A);
+		&mov(&swtmp($i+1),$B);
+		&mov(&swtmp($i+2),$C);
+		&mov(&swtmp($i+3),$D);
+		}
+	&mov(&wparam(1),$T);	# redundant in 1st spin
+
+	&mov($A,&DWP(0,$tmp1));	# load SHA_CTX
+	&mov($B,&DWP(4,$tmp1));
+	&mov($C,&DWP(8,$tmp1));
+	&mov($D,&DWP(12,$tmp1));
+	# E is pre-loaded
+
+	for($i=0;$i<16;$i++)	{ &BODY_00_15($i,@V); unshift(@V,pop(@V)); }
+	for(;$i<20;$i++)	{ &BODY_16_19($i,@V); unshift(@V,pop(@V)); }
+	for(;$i<40;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+	for(;$i<60;$i++)	{ &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
+	for(;$i<80;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+
+	(($V[5] eq $D) and ($V[0] eq $E)) or die;	# double-check
+
+	&mov($tmp1,&wparam(0));	# re-load SHA_CTX*
+	&mov($D,&wparam(1));	# D is last "T" and is discarded
+
+	&add($E,&DWP(0,$tmp1));	# E is last "A"...
+	&add($T,&DWP(4,$tmp1));
+	&add($A,&DWP(8,$tmp1));
+	&add($B,&DWP(12,$tmp1));
+	&add($C,&DWP(16,$tmp1));
+
+	&mov(&DWP(0,$tmp1),$E);	# update SHA_CTX
+	 &add($D,64);		# advance input pointer
+	&mov(&DWP(4,$tmp1),$T);
+	 &cmp($D,&wparam(2));	# have we reached the end yet?
+	&mov(&DWP(8,$tmp1),$A);
+	 &mov($E,$C);		# C is last "E" which needs to be "pre-loaded"
+	&mov(&DWP(12,$tmp1),$B);
+	 &mov($T,$D);		# input pointer
+	&mov(&DWP(16,$tmp1),$C);
+	&jb(&label("loop"));
+
+	&stack_pop(16+3);
+&function_end("sha1_block_data_order");
+
+if ($xmm) {
+if ($shaext) {
+######################################################################
+# Intel SHA Extensions implementation of SHA1 update function.
+#
+my ($ctx,$inp,$num)=("edi","esi","ecx");
+my ($ABCD,$E,$E_,$BSWAP)=map("xmm$_",(0..3));
+my @MSG=map("xmm$_",(4..7));
+
+sub sha1rnds4 {
+ my ($dst,$src,$imm)=@_;
+    if ("$dst:$src" =~ /xmm([0-7]):xmm([0-7])/)
+    {	&data_byte(0x0f,0x3a,0xcc,0xc0|($1<<3)|$2,$imm);	}
+}
+sub sha1op38 {
+ my ($opcodelet,$dst,$src)=@_;
+    if ("$dst:$src" =~ /xmm([0-7]):xmm([0-7])/)
+    {	&data_byte(0x0f,0x38,$opcodelet,0xc0|($1<<3)|$2);	}
+}
+sub sha1nexte	{ sha1op38(0xc8,@_); }
+sub sha1msg1	{ sha1op38(0xc9,@_); }
+sub sha1msg2	{ sha1op38(0xca,@_); }
+
+&function_begin("_sha1_block_data_order_shaext");
+	&call	(&label("pic_point"));	# make it PIC!
+	&set_label("pic_point");
+	&blindpop($tmp1);
+	&lea	($tmp1,&DWP(&label("K_XX_XX")."-".&label("pic_point"),$tmp1));
+&set_label("shaext_shortcut");
+	&mov	($ctx,&wparam(0));
+	&mov	("ebx","esp");
+	&mov	($inp,&wparam(1));
+	&mov	($num,&wparam(2));
+	&sub	("esp",32);
+
+	&movdqu	($ABCD,&QWP(0,$ctx));
+	&movd	($E,&DWP(16,$ctx));
+	&and	("esp",-32);
+	&movdqa	($BSWAP,&QWP(0x50,$tmp1));	# byte-n-word swap
+
+	&movdqu	(@MSG[0],&QWP(0,$inp));
+	&pshufd	($ABCD,$ABCD,0b00011011);	# flip word order
+	&movdqu	(@MSG[1],&QWP(0x10,$inp));
+	&pshufd	($E,$E,0b00011011);		# flip word order
+	&movdqu	(@MSG[2],&QWP(0x20,$inp));
+	&pshufb	(@MSG[0],$BSWAP);
+	&movdqu	(@MSG[3],&QWP(0x30,$inp));
+	&pshufb	(@MSG[1],$BSWAP);
+	&pshufb	(@MSG[2],$BSWAP);
+	&pshufb	(@MSG[3],$BSWAP);
+	&jmp	(&label("loop_shaext"));
+
+&set_label("loop_shaext",16);
+	&dec		($num);
+	&lea		("eax",&DWP(0x40,$inp));
+	&movdqa		(&QWP(0,"esp"),$E);	# offload $E
+	&paddd		($E,@MSG[0]);
+	&cmovne		($inp,"eax");
+	&movdqa		(&QWP(16,"esp"),$ABCD);	# offload $ABCD
+
+for($i=0;$i<20-4;$i+=2) {
+	&sha1msg1	(@MSG[0],@MSG[1]);
+	&movdqa		($E_,$ABCD);
+	&sha1rnds4	($ABCD,$E,int($i/5));	# 0-3...
+	&sha1nexte	($E_,@MSG[1]);
+	&pxor		(@MSG[0],@MSG[2]);
+	&sha1msg1	(@MSG[1],@MSG[2]);
+	&sha1msg2	(@MSG[0],@MSG[3]);
+
+	&movdqa		($E,$ABCD);
+	&sha1rnds4	($ABCD,$E_,int(($i+1)/5));
+	&sha1nexte	($E,@MSG[2]);
+	&pxor		(@MSG[1],@MSG[3]);
+	&sha1msg2	(@MSG[1],@MSG[0]);
+
+	push(@MSG,shift(@MSG));	push(@MSG,shift(@MSG));
+}
+	&movdqu		(@MSG[0],&QWP(0,$inp));
+	&movdqa		($E_,$ABCD);
+	&sha1rnds4	($ABCD,$E,3);		# 64-67
+	&sha1nexte	($E_,@MSG[1]);
+	&movdqu		(@MSG[1],&QWP(0x10,$inp));
+	&pshufb		(@MSG[0],$BSWAP);
+
+	&movdqa		($E,$ABCD);
+	&sha1rnds4	($ABCD,$E_,3);		# 68-71
+	&sha1nexte	($E,@MSG[2]);
+	&movdqu		(@MSG[2],&QWP(0x20,$inp));
+	&pshufb		(@MSG[1],$BSWAP);
+
+	&movdqa		($E_,$ABCD);
+	&sha1rnds4	($ABCD,$E,3);		# 72-75
+	&sha1nexte	($E_,@MSG[3]);
+	&movdqu		(@MSG[3],&QWP(0x30,$inp));
+	&pshufb		(@MSG[2],$BSWAP);
+
+	&movdqa		($E,$ABCD);
+	&sha1rnds4	($ABCD,$E_,3);		# 76-79
+	&movdqa		($E_,&QWP(0,"esp"));
+	&pshufb		(@MSG[3],$BSWAP);
+	&sha1nexte	($E,$E_);
+	&paddd		($ABCD,&QWP(16,"esp"));
+
+	&jnz		(&label("loop_shaext"));
+
+	&pshufd	($ABCD,$ABCD,0b00011011);
+	&pshufd	($E,$E,0b00011011);
+	&movdqu	(&QWP(0,$ctx),$ABCD)
+	&movd	(&DWP(16,$ctx),$E);
+	&mov	("esp","ebx");
+&function_end("_sha1_block_data_order_shaext");
+}
+######################################################################
+# The SSSE3 implementation.
+#
+# %xmm[0-7] are used as ring @X[] buffer containing quadruples of last
+# 32 elements of the message schedule or Xupdate outputs. First 4
+# quadruples are simply byte-swapped input, next 4 are calculated
+# according to method originally suggested by Dean Gaudet (modulo
+# being implemented in SSSE3). Once 8 quadruples or 32 elements are
+# collected, it switches to routine proposed by Max Locktyukhin.
+#
+# Calculations inevitably require temporary registers, and there are
+# no %xmm registers left to spare. For this reason part of the ring
+# buffer, X[2..4] to be specific, is offloaded to 3 quadriples ring
+# buffer on the stack. Keep in mind that X[2] is alias X[-6], X[3] -
+# X[-5], and X[4] - X[-4]...
+#
+# Another notable optimization is aggressive stack frame compression
+# aiming to minimize amount of 9-byte instructions...
+#
+# Yet another notable optimization is "jumping" $B variable. It means
+# that there is no register permanently allocated for $B value. This
+# allowed to eliminate one instruction from body_20_39...
+#
+my $Xi=4;			# 4xSIMD Xupdate round, start pre-seeded
+my @X=map("xmm$_",(4..7,0..3));	# pre-seeded for $Xi=4
+my @V=($A,$B,$C,$D,$E);
+my $j=0;			# hash round
+my $rx=0;
+my @T=($T,$tmp1);
+my $inp;
+
+my $_rol=sub { &rol(@_) };
+my $_ror=sub { &ror(@_) };
+
+&function_begin("_sha1_block_data_order_ssse3");
+	&call	(&label("pic_point"));	# make it PIC!
+	&set_label("pic_point");
+	&blindpop($tmp1);
+	&lea	($tmp1,&DWP(&label("K_XX_XX")."-".&label("pic_point"),$tmp1));
+&set_label("ssse3_shortcut");
+
+	&movdqa	(@X[3],&QWP(0,$tmp1));		# K_00_19
+	&movdqa	(@X[4],&QWP(16,$tmp1));		# K_20_39
+	&movdqa	(@X[5],&QWP(32,$tmp1));		# K_40_59
+	&movdqa	(@X[6],&QWP(48,$tmp1));		# K_60_79
+	&movdqa	(@X[2],&QWP(64,$tmp1));		# pbswap mask
+
+	&mov	($E,&wparam(0));		# load argument block
+	&mov	($inp=@T[1],&wparam(1));
+	&mov	($D,&wparam(2));
+	&mov	(@T[0],"esp");
+
+	# stack frame layout
+	#
+	# +0	X[0]+K	X[1]+K	X[2]+K	X[3]+K	# XMM->IALU xfer area
+	#	X[4]+K	X[5]+K	X[6]+K	X[7]+K
+	#	X[8]+K	X[9]+K	X[10]+K	X[11]+K
+	#	X[12]+K	X[13]+K	X[14]+K	X[15]+K
+	#
+	# +64	X[0]	X[1]	X[2]	X[3]	# XMM->XMM backtrace area
+	#	X[4]	X[5]	X[6]	X[7]
+	#	X[8]	X[9]	X[10]	X[11]	# even borrowed for K_00_19
+	#
+	# +112	K_20_39	K_20_39	K_20_39	K_20_39	# constants
+	#	K_40_59	K_40_59	K_40_59	K_40_59
+	#	K_60_79	K_60_79	K_60_79	K_60_79
+	#	K_00_19	K_00_19	K_00_19	K_00_19
+	#	pbswap mask
+	#
+	# +192	ctx				# argument block
+	# +196	inp
+	# +200	end
+	# +204	esp
+	&sub	("esp",208);
+	&and	("esp",-64);
+
+	&movdqa	(&QWP(112+0,"esp"),@X[4]);	# copy constants
+	&movdqa	(&QWP(112+16,"esp"),@X[5]);
+	&movdqa	(&QWP(112+32,"esp"),@X[6]);
+	&shl	($D,6);				# len*64
+	&movdqa	(&QWP(112+48,"esp"),@X[3]);
+	&add	($D,$inp);			# end of input
+	&movdqa	(&QWP(112+64,"esp"),@X[2]);
+	&add	($inp,64);
+	&mov	(&DWP(192+0,"esp"),$E);		# save argument block
+	&mov	(&DWP(192+4,"esp"),$inp);
+	&mov	(&DWP(192+8,"esp"),$D);
+	&mov	(&DWP(192+12,"esp"),@T[0]);	# save original %esp
+
+	&mov	($A,&DWP(0,$E));		# load context
+	&mov	($B,&DWP(4,$E));
+	&mov	($C,&DWP(8,$E));
+	&mov	($D,&DWP(12,$E));
+	&mov	($E,&DWP(16,$E));
+	&mov	(@T[0],$B);			# magic seed
+
+	&movdqu	(@X[-4&7],&QWP(-64,$inp));	# load input to %xmm[0-3]
+	&movdqu	(@X[-3&7],&QWP(-48,$inp));
+	&movdqu	(@X[-2&7],&QWP(-32,$inp));
+	&movdqu	(@X[-1&7],&QWP(-16,$inp));
+	&pshufb	(@X[-4&7],@X[2]);		# byte swap
+	&pshufb	(@X[-3&7],@X[2]);
+	&pshufb	(@X[-2&7],@X[2]);
+	&movdqa	(&QWP(112-16,"esp"),@X[3]);	# borrow last backtrace slot
+	&pshufb	(@X[-1&7],@X[2]);
+	&paddd	(@X[-4&7],@X[3]);		# add K_00_19
+	&paddd	(@X[-3&7],@X[3]);
+	&paddd	(@X[-2&7],@X[3]);
+	&movdqa	(&QWP(0,"esp"),@X[-4&7]);	# X[]+K xfer to IALU
+	&psubd	(@X[-4&7],@X[3]);		# restore X[]
+	&movdqa	(&QWP(0+16,"esp"),@X[-3&7]);
+	&psubd	(@X[-3&7],@X[3]);
+	&movdqa	(&QWP(0+32,"esp"),@X[-2&7]);
+	&mov	(@T[1],$C);
+	&psubd	(@X[-2&7],@X[3]);
+	&xor	(@T[1],$D);
+	&pshufd	(@X[0],@X[-4&7],0xee);		# was &movdqa	(@X[0],@X[-3&7]);
+	&and	(@T[0],@T[1]);
+	&jmp	(&label("loop"));
+
+######################################################################
+# SSE instruction sequence is first broken to groups of independent
+# instructions, independent in respect to their inputs and shifter
+# (not all architectures have more than one). Then IALU instructions
+# are "knitted in" between the SSE groups. Distance is maintained for
+# SSE latency of 2 in hope that it fits better upcoming AMD Bulldozer
+# [which allegedly also implements SSSE3]...
+#
+# Temporary registers usage. X[2] is volatile at the entry and at the
+# end is restored from backtrace ring buffer. X[3] is expected to
+# contain current K_XX_XX constant and is used to calculate X[-1]+K
+# from previous round, it becomes volatile the moment the value is
+# saved to stack for transfer to IALU. X[4] becomes volatile whenever
+# X[-4] is accumulated and offloaded to backtrace ring buffer, at the
+# end it is loaded with next K_XX_XX [which becomes X[3] in next
+# round]...
+#
+sub Xupdate_ssse3_16_31()		# recall that $Xi starts with 4
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 40 instructions
+  my ($a,$b,$c,$d,$e);
+
+	 eval(shift(@insns));		# ror
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&punpcklqdq(@X[0],@X[-3&7]);	# compose "X[-14]" in "X[0]", was &palignr(@X[0],@X[-4&7],8);
+	&movdqa	(@X[2],@X[-1&7]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	  &paddd	(@X[3],@X[-1&7]);
+	  &movdqa	(&QWP(64+16*(($Xi-4)%3),"esp"),@X[-4&7]);# save X[] to backtrace buffer
+	 eval(shift(@insns));		# rol
+	 eval(shift(@insns));
+	&psrldq	(@X[2],4);		# "X[-3]", 3 dwords
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&pxor	(@X[0],@X[-4&7]);	# "X[0]"^="X[-16]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# ror
+
+	&pxor	(@X[2],@X[-2&7]);	# "X[-3]"^"X[-8]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&pxor	(@X[0],@X[2]);		# "X[0]"^="X[-3]"^"X[-8]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+	  &movdqa	(&QWP(0+16*(($Xi-1)&3),"esp"),@X[3]);	# X[]+K xfer to IALU
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&movdqa	(@X[4],@X[0]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# ror
+	&movdqa (@X[2],@X[0]);
+	 eval(shift(@insns));
+
+	&pslldq	(@X[4],12);		# "X[0]"<<96, extract one dword
+	&paddd	(@X[0],@X[0]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&psrld	(@X[2],31);
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+	&movdqa	(@X[3],@X[4]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&psrld	(@X[4],30);
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# ror
+	&por	(@X[0],@X[2]);		# "X[0]"<<<=1
+	 eval(shift(@insns));
+	  &movdqa	(@X[2],&QWP(64+16*(($Xi-6)%3),"esp")) if ($Xi>5);	# restore X[] from backtrace buffer
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&pslld	(@X[3],2);
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+	&pxor   (@X[0],@X[4]);
+	  &movdqa	(@X[4],&QWP(112-16+16*(($Xi)/5),"esp"));	# K_XX_XX
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&pxor	(@X[0],@X[3]);		# "X[0]"^=("X[0]"<<96)<<<2
+	  &pshufd	(@X[1],@X[-3&7],0xee)	if ($Xi<7);	# was &movdqa	(@X[1],@X[-2&7])
+	  &pshufd	(@X[3],@X[-1&7],0xee)	if ($Xi==7);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	 foreach (@insns) { eval; }	# remaining instructions [if any]
+
+  $Xi++;	push(@X,shift(@X));	# "rotate" X[]
+}
+
+sub Xupdate_ssse3_32_79()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 32 to 44 instructions
+  my ($a,$b,$c,$d,$e);
+
+	 eval(shift(@insns));		# body_20_39
+	&pxor	(@X[0],@X[-4&7]);	# "X[0]"="X[-32]"^"X[-16]"
+	&punpcklqdq(@X[2],@X[-1&7]);	# compose "X[-6]", was &palignr(@X[2],@X[-2&7],8)
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+
+	&pxor	(@X[0],@X[-7&7]);	# "X[0]"^="X[-28]"
+	  &movdqa	(&QWP(64+16*(($Xi-4)%3),"esp"),@X[-4&7]);	# save X[] to backtrace buffer
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns))		if (@insns[0] =~ /_rol/);
+	 if ($Xi%5) {
+	  &movdqa	(@X[4],@X[3]);	# "perpetuate" K_XX_XX...
+	 } else {			# ... or load next one
+	  &movdqa	(@X[4],&QWP(112-16+16*($Xi/5),"esp"));
+	 }
+	 eval(shift(@insns));		# ror
+	  &paddd	(@X[3],@X[-1&7]);
+	 eval(shift(@insns));
+
+	&pxor	(@X[0],@X[2]);		# "X[0]"^="X[-6]"
+	 eval(shift(@insns));		# body_20_39
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+
+	&movdqa	(@X[2],@X[0]);
+	  &movdqa	(&QWP(0+16*(($Xi-1)&3),"esp"),@X[3]);	# X[]+K xfer to IALU
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# ror
+	 eval(shift(@insns));
+	 eval(shift(@insns))		if (@insns[0] =~ /_rol/);
+
+	&pslld	(@X[0],2);
+	 eval(shift(@insns));		# body_20_39
+	 eval(shift(@insns));
+	&psrld	(@X[2],30);
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# ror
+	 eval(shift(@insns));
+	 eval(shift(@insns))		if (@insns[1] =~ /_rol/);
+	 eval(shift(@insns))		if (@insns[0] =~ /_rol/);
+
+	&por	(@X[0],@X[2]);		# "X[0]"<<<=2
+	 eval(shift(@insns));		# body_20_39
+	 eval(shift(@insns));
+	  &movdqa	(@X[2],&QWP(64+16*(($Xi-6)%3),"esp")) if($Xi<19);	# restore X[] from backtrace buffer
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# ror
+	  &pshufd	(@X[3],@X[-1],0xee)	if ($Xi<19);	# was &movdqa	(@X[3],@X[0])
+	 eval(shift(@insns));
+
+	 foreach (@insns) { eval; }	# remaining instructions
+
+  $Xi++;	push(@X,shift(@X));	# "rotate" X[]
+}
+
+sub Xuplast_ssse3_80()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
+  my ($a,$b,$c,$d,$e);
+
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &paddd	(@X[3],@X[-1&7]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	  &movdqa	(&QWP(0+16*(($Xi-1)&3),"esp"),@X[3]);	# X[]+K xfer IALU
+
+	 foreach (@insns) { eval; }		# remaining instructions
+
+	&mov	($inp=@T[1],&DWP(192+4,"esp"));
+	&cmp	($inp,&DWP(192+8,"esp"));
+	&je	(&label("done"));
+
+	&movdqa	(@X[3],&QWP(112+48,"esp"));	# K_00_19
+	&movdqa	(@X[2],&QWP(112+64,"esp"));	# pbswap mask
+	&movdqu	(@X[-4&7],&QWP(0,$inp));	# load input
+	&movdqu	(@X[-3&7],&QWP(16,$inp));
+	&movdqu	(@X[-2&7],&QWP(32,$inp));
+	&movdqu	(@X[-1&7],&QWP(48,$inp));
+	&add	($inp,64);
+	&pshufb	(@X[-4&7],@X[2]);		# byte swap
+	&mov	(&DWP(192+4,"esp"),$inp);
+	&movdqa	(&QWP(112-16,"esp"),@X[3]);	# borrow last backtrace slot
+
+  $Xi=0;
+}
+
+sub Xloop_ssse3()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
+  my ($a,$b,$c,$d,$e);
+
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&pshufb	(@X[($Xi-3)&7],@X[2]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&paddd	(@X[($Xi-4)&7],@X[3]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&movdqa	(&QWP(0+16*$Xi,"esp"),@X[($Xi-4)&7]);	# X[]+K xfer to IALU
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&psubd	(@X[($Xi-4)&7],@X[3]);
+
+	foreach (@insns) { eval; }
+  $Xi++;
+}
+
+sub Xtail_ssse3()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
+  my ($a,$b,$c,$d,$e);
+
+	foreach (@insns) { eval; }
+}
+
+sub body_00_19 () {	# ((c^d)&b)^d
+	# on start @T[0]=(c^d)&b
+	return &body_20_39()	if ($rx==19);	$rx++;
+	(
+	'($a,$b,$c,$d,$e)=@V;'.
+	'&$_ror	($b,$j?7:2);',	# $b>>>2
+	'&xor	(@T[0],$d);',
+	'&mov	(@T[1],$a);',	# $b in next round
+
+	'&add	($e,&DWP(4*($j&15),"esp"));',	# X[]+K xfer
+	'&xor	($b,$c);',	# $c^$d for next round
+
+	'&$_rol	($a,5);',
+	'&add	($e,@T[0]);',
+	'&and	(@T[1],$b);',	# ($b&($c^$d)) for next round
+
+	'&xor	($b,$c);',	# restore $b
+	'&add	($e,$a);'	.'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));'
+	);
+}
+
+sub body_20_39 () {	# b^d^c
+	# on entry @T[0]=b^d
+	return &body_40_59()	if ($rx==39);	$rx++;
+	(
+	'($a,$b,$c,$d,$e)=@V;'.
+	'&add	($e,&DWP(4*($j&15),"esp"));',	# X[]+K xfer
+	'&xor	(@T[0],$d)	if($j==19);'.
+	'&xor	(@T[0],$c)	if($j> 19);',	# ($b^$d^$c)
+	'&mov	(@T[1],$a);',	# $b in next round
+
+	'&$_rol	($a,5);',
+	'&add	($e,@T[0]);',
+	'&xor	(@T[1],$c)	if ($j< 79);',	# $b^$d for next round
+
+	'&$_ror	($b,7);',	# $b>>>2
+	'&add	($e,$a);'	.'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));'
+	);
+}
+
+sub body_40_59 () {	# ((b^c)&(c^d))^c
+	# on entry @T[0]=(b^c), (c^=d)
+	$rx++;
+	(
+	'($a,$b,$c,$d,$e)=@V;'.
+	'&add	($e,&DWP(4*($j&15),"esp"));',	# X[]+K xfer
+	'&and	(@T[0],$c)	if ($j>=40);',	# (b^c)&(c^d)
+	'&xor	($c,$d)		if ($j>=40);',	# restore $c
+
+	'&$_ror	($b,7);',	# $b>>>2
+	'&mov	(@T[1],$a);',	# $b for next round
+	'&xor	(@T[0],$c);',
+
+	'&$_rol	($a,5);',
+	'&add	($e,@T[0]);',
+	'&xor	(@T[1],$c)	if ($j==59);'.
+	'&xor	(@T[1],$b)	if ($j< 59);',	# b^c for next round
+
+	'&xor	($b,$c)		if ($j< 59);',	# c^d for next round
+	'&add	($e,$a);'	.'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));'
+	);
+}
+######
+sub bodyx_00_19 () {	# ((c^d)&b)^d
+	# on start @T[0]=(b&c)^(~b&d), $e+=X[]+K
+	return &bodyx_20_39()	if ($rx==19);	$rx++;
+	(
+	'($a,$b,$c,$d,$e)=@V;'.
+
+	'&rorx	($b,$b,2)			if ($j==0);'.	# $b>>>2
+	'&rorx	($b,@T[1],7)			if ($j!=0);',	# $b>>>2
+	'&lea	($e,&DWP(0,$e,@T[0]));',
+	'&rorx	(@T[0],$a,5);',
+
+	'&andn	(@T[1],$a,$c);',
+	'&and	($a,$b)',
+	'&add	($d,&DWP(4*(($j+1)&15),"esp"));',	# X[]+K xfer
+
+	'&xor	(@T[1],$a)',
+	'&add	($e,@T[0]);'	.'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));'
+	);
+}
+
+sub bodyx_20_39 () {	# b^d^c
+	# on start $b=b^c^d
+	return &bodyx_40_59()	if ($rx==39);	$rx++;
+	(
+	'($a,$b,$c,$d,$e)=@V;'.
+
+	'&add	($e,($j==19?@T[0]:$b))',
+	'&rorx	($b,@T[1],7);',	# $b>>>2
+	'&rorx	(@T[0],$a,5);',
+
+	'&xor	($a,$b)				if ($j<79);',
+	'&add	($d,&DWP(4*(($j+1)&15),"esp"))	if ($j<79);',	# X[]+K xfer
+	'&xor	($a,$c)				if ($j<79);',
+	'&add	($e,@T[0]);'	.'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));'
+	);
+}
+
+sub bodyx_40_59 () {	# ((b^c)&(c^d))^c
+	# on start $b=((b^c)&(c^d))^c
+	return &bodyx_20_39()	if ($rx==59);	$rx++;
+	(
+	'($a,$b,$c,$d,$e)=@V;'.
+
+	'&rorx	(@T[0],$a,5)',
+	'&lea	($e,&DWP(0,$e,$b))',
+	'&rorx	($b,@T[1],7)',	# $b>>>2
+	'&add	($d,&DWP(4*(($j+1)&15),"esp"))',	# X[]+K xfer
+
+	'&mov	(@T[1],$c)',
+	'&xor	($a,$b)',	# b^c for next round
+	'&xor	(@T[1],$b)',	# c^d for next round
+
+	'&and	($a,@T[1])',
+	'&add	($e,@T[0])',
+	'&xor	($a,$b)'	.'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));'
+	);
+}
+
+&set_label("loop",16);
+	&Xupdate_ssse3_16_31(\&body_00_19);
+	&Xupdate_ssse3_16_31(\&body_00_19);
+	&Xupdate_ssse3_16_31(\&body_00_19);
+	&Xupdate_ssse3_16_31(\&body_00_19);
+	&Xupdate_ssse3_32_79(\&body_00_19);
+	&Xupdate_ssse3_32_79(\&body_20_39);
+	&Xupdate_ssse3_32_79(\&body_20_39);
+	&Xupdate_ssse3_32_79(\&body_20_39);
+	&Xupdate_ssse3_32_79(\&body_20_39);
+	&Xupdate_ssse3_32_79(\&body_20_39);
+	&Xupdate_ssse3_32_79(\&body_40_59);
+	&Xupdate_ssse3_32_79(\&body_40_59);
+	&Xupdate_ssse3_32_79(\&body_40_59);
+	&Xupdate_ssse3_32_79(\&body_40_59);
+	&Xupdate_ssse3_32_79(\&body_40_59);
+	&Xupdate_ssse3_32_79(\&body_20_39);
+	&Xuplast_ssse3_80(\&body_20_39);	# can jump to "done"
+
+				$saved_j=$j; @saved_V=@V;
+
+	&Xloop_ssse3(\&body_20_39);
+	&Xloop_ssse3(\&body_20_39);
+	&Xloop_ssse3(\&body_20_39);
+
+	&mov	(@T[1],&DWP(192,"esp"));	# update context
+	&add	($A,&DWP(0,@T[1]));
+	&add	(@T[0],&DWP(4,@T[1]));		# $b
+	&add	($C,&DWP(8,@T[1]));
+	&mov	(&DWP(0,@T[1]),$A);
+	&add	($D,&DWP(12,@T[1]));
+	&mov	(&DWP(4,@T[1]),@T[0]);
+	&add	($E,&DWP(16,@T[1]));
+	&mov	(&DWP(8,@T[1]),$C);
+	&mov	($B,$C);
+	&mov	(&DWP(12,@T[1]),$D);
+	&xor	($B,$D);
+	&mov	(&DWP(16,@T[1]),$E);
+	&mov	(@T[1],@T[0]);
+	&pshufd	(@X[0],@X[-4&7],0xee);		# was &movdqa	(@X[0],@X[-3&7]);
+	&and	(@T[0],$B);
+	&mov	($B,$T[1]);
+
+	&jmp	(&label("loop"));
+
+&set_label("done",16);		$j=$saved_j; @V=@saved_V;
+
+	&Xtail_ssse3(\&body_20_39);
+	&Xtail_ssse3(\&body_20_39);
+	&Xtail_ssse3(\&body_20_39);
+
+	&mov	(@T[1],&DWP(192,"esp"));	# update context
+	&add	($A,&DWP(0,@T[1]));
+	&mov	("esp",&DWP(192+12,"esp"));	# restore %esp
+	&add	(@T[0],&DWP(4,@T[1]));		# $b
+	&add	($C,&DWP(8,@T[1]));
+	&mov	(&DWP(0,@T[1]),$A);
+	&add	($D,&DWP(12,@T[1]));
+	&mov	(&DWP(4,@T[1]),@T[0]);
+	&add	($E,&DWP(16,@T[1]));
+	&mov	(&DWP(8,@T[1]),$C);
+	&mov	(&DWP(12,@T[1]),$D);
+	&mov	(&DWP(16,@T[1]),$E);
+
+&function_end("_sha1_block_data_order_ssse3");
+
+$rx=0;	# reset
+
+if ($ymm) {
+my $Xi=4;			# 4xSIMD Xupdate round, start pre-seeded
+my @X=map("xmm$_",(4..7,0..3));	# pre-seeded for $Xi=4
+my @V=($A,$B,$C,$D,$E);
+my $j=0;			# hash round
+my @T=($T,$tmp1);
+my $inp;
+
+my $_rol=sub { &shld(@_[0],@_) };
+my $_ror=sub { &shrd(@_[0],@_) };
+
+&function_begin("_sha1_block_data_order_avx");
+	&call	(&label("pic_point"));	# make it PIC!
+	&set_label("pic_point");
+	&blindpop($tmp1);
+	&lea	($tmp1,&DWP(&label("K_XX_XX")."-".&label("pic_point"),$tmp1));
+&set_label("avx_shortcut");
+	&vzeroall();
+
+	&vmovdqa(@X[3],&QWP(0,$tmp1));		# K_00_19
+	&vmovdqa(@X[4],&QWP(16,$tmp1));		# K_20_39
+	&vmovdqa(@X[5],&QWP(32,$tmp1));		# K_40_59
+	&vmovdqa(@X[6],&QWP(48,$tmp1));		# K_60_79
+	&vmovdqa(@X[2],&QWP(64,$tmp1));		# pbswap mask
+
+	&mov	($E,&wparam(0));		# load argument block
+	&mov	($inp=@T[1],&wparam(1));
+	&mov	($D,&wparam(2));
+	&mov	(@T[0],"esp");
+
+	# stack frame layout
+	#
+	# +0	X[0]+K	X[1]+K	X[2]+K	X[3]+K	# XMM->IALU xfer area
+	#	X[4]+K	X[5]+K	X[6]+K	X[7]+K
+	#	X[8]+K	X[9]+K	X[10]+K	X[11]+K
+	#	X[12]+K	X[13]+K	X[14]+K	X[15]+K
+	#
+	# +64	X[0]	X[1]	X[2]	X[3]	# XMM->XMM backtrace area
+	#	X[4]	X[5]	X[6]	X[7]
+	#	X[8]	X[9]	X[10]	X[11]	# even borrowed for K_00_19
+	#
+	# +112	K_20_39	K_20_39	K_20_39	K_20_39	# constants
+	#	K_40_59	K_40_59	K_40_59	K_40_59
+	#	K_60_79	K_60_79	K_60_79	K_60_79
+	#	K_00_19	K_00_19	K_00_19	K_00_19
+	#	pbswap mask
+	#
+	# +192	ctx				# argument block
+	# +196	inp
+	# +200	end
+	# +204	esp
+	&sub	("esp",208);
+	&and	("esp",-64);
+
+	&vmovdqa(&QWP(112+0,"esp"),@X[4]);	# copy constants
+	&vmovdqa(&QWP(112+16,"esp"),@X[5]);
+	&vmovdqa(&QWP(112+32,"esp"),@X[6]);
+	&shl	($D,6);				# len*64
+	&vmovdqa(&QWP(112+48,"esp"),@X[3]);
+	&add	($D,$inp);			# end of input
+	&vmovdqa(&QWP(112+64,"esp"),@X[2]);
+	&add	($inp,64);
+	&mov	(&DWP(192+0,"esp"),$E);		# save argument block
+	&mov	(&DWP(192+4,"esp"),$inp);
+	&mov	(&DWP(192+8,"esp"),$D);
+	&mov	(&DWP(192+12,"esp"),@T[0]);	# save original %esp
+
+	&mov	($A,&DWP(0,$E));		# load context
+	&mov	($B,&DWP(4,$E));
+	&mov	($C,&DWP(8,$E));
+	&mov	($D,&DWP(12,$E));
+	&mov	($E,&DWP(16,$E));
+	&mov	(@T[0],$B);			# magic seed
+
+	&vmovdqu(@X[-4&7],&QWP(-64,$inp));	# load input to %xmm[0-3]
+	&vmovdqu(@X[-3&7],&QWP(-48,$inp));
+	&vmovdqu(@X[-2&7],&QWP(-32,$inp));
+	&vmovdqu(@X[-1&7],&QWP(-16,$inp));
+	&vpshufb(@X[-4&7],@X[-4&7],@X[2]);	# byte swap
+	&vpshufb(@X[-3&7],@X[-3&7],@X[2]);
+	&vpshufb(@X[-2&7],@X[-2&7],@X[2]);
+	&vmovdqa(&QWP(112-16,"esp"),@X[3]);	# borrow last backtrace slot
+	&vpshufb(@X[-1&7],@X[-1&7],@X[2]);
+	&vpaddd	(@X[0],@X[-4&7],@X[3]);		# add K_00_19
+	&vpaddd	(@X[1],@X[-3&7],@X[3]);
+	&vpaddd	(@X[2],@X[-2&7],@X[3]);
+	&vmovdqa(&QWP(0,"esp"),@X[0]);		# X[]+K xfer to IALU
+	&mov	(@T[1],$C);
+	&vmovdqa(&QWP(0+16,"esp"),@X[1]);
+	&xor	(@T[1],$D);
+	&vmovdqa(&QWP(0+32,"esp"),@X[2]);
+	&and	(@T[0],@T[1]);
+	&jmp	(&label("loop"));
+
+sub Xupdate_avx_16_31()		# recall that $Xi starts with 4
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 40 instructions
+  my ($a,$b,$c,$d,$e);
+
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vpalignr(@X[0],@X[-3&7],@X[-4&7],8);	# compose "X[-14]" in "X[0]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	  &vpaddd	(@X[3],@X[3],@X[-1&7]);
+	  &vmovdqa	(&QWP(64+16*(($Xi-4)%3),"esp"),@X[-4&7]);# save X[] to backtrace buffer
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vpsrldq(@X[2],@X[-1&7],4);		# "X[-3]", 3 dwords
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vpxor	(@X[0],@X[0],@X[-4&7]);		# "X[0]"^="X[-16]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpxor	(@X[2],@X[2],@X[-2&7]);		# "X[-3]"^"X[-8]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &vmovdqa	(&QWP(0+16*(($Xi-1)&3),"esp"),@X[3]);	# X[]+K xfer to IALU
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpxor	(@X[0],@X[0],@X[2]);		# "X[0]"^="X[-3]"^"X[-8]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpsrld	(@X[2],@X[0],31);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpslldq(@X[4],@X[0],12);		# "X[0]"<<96, extract one dword
+	&vpaddd	(@X[0],@X[0],@X[0]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpsrld	(@X[3],@X[4],30);
+	&vpor	(@X[0],@X[0],@X[2]);		# "X[0]"<<<=1
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpslld	(@X[4],@X[4],2);
+	  &vmovdqa	(@X[2],&QWP(64+16*(($Xi-6)%3),"esp")) if ($Xi>5);	# restore X[] from backtrace buffer
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vpxor	(@X[0],@X[0],@X[3]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpxor	(@X[0],@X[0],@X[4]);		# "X[0]"^=("X[0]"<<96)<<<2
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &vmovdqa	(@X[4],&QWP(112-16+16*(($Xi)/5),"esp"));	# K_XX_XX
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	 foreach (@insns) { eval; }	# remaining instructions [if any]
+
+  $Xi++;	push(@X,shift(@X));	# "rotate" X[]
+}
+
+sub Xupdate_avx_32_79()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 32 to 44 instructions
+  my ($a,$b,$c,$d,$e);
+
+	&vpalignr(@X[2],@X[-1&7],@X[-2&7],8);	# compose "X[-6]"
+	&vpxor	(@X[0],@X[0],@X[-4&7]);	# "X[0]"="X[-32]"^"X[-16]"
+	 eval(shift(@insns));		# body_20_39
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+
+	&vpxor	(@X[0],@X[0],@X[-7&7]);	# "X[0]"^="X[-28]"
+	  &vmovdqa	(&QWP(64+16*(($Xi-4)%3),"esp"),@X[-4&7]);	# save X[] to backtrace buffer
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 if ($Xi%5) {
+	  &vmovdqa	(@X[4],@X[3]);	# "perpetuate" K_XX_XX...
+	 } else {			# ... or load next one
+	  &vmovdqa	(@X[4],&QWP(112-16+16*($Xi/5),"esp"));
+	 }
+	  &vpaddd	(@X[3],@X[3],@X[-1&7]);
+	 eval(shift(@insns));		# ror
+	 eval(shift(@insns));
+
+	&vpxor	(@X[0],@X[0],@X[2]);		# "X[0]"^="X[-6]"
+	 eval(shift(@insns));		# body_20_39
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+
+	&vpsrld	(@X[2],@X[0],30);
+	  &vmovdqa	(&QWP(0+16*(($Xi-1)&3),"esp"),@X[3]);	# X[]+K xfer to IALU
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# ror
+	 eval(shift(@insns));
+
+	&vpslld	(@X[0],@X[0],2);
+	 eval(shift(@insns));		# body_20_39
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# ror
+	 eval(shift(@insns));
+
+	&vpor	(@X[0],@X[0],@X[2]);	# "X[0]"<<<=2
+	 eval(shift(@insns));		# body_20_39
+	 eval(shift(@insns));
+	  &vmovdqa	(@X[2],&QWP(64+16*(($Xi-6)%3),"esp")) if($Xi<19);	# restore X[] from backtrace buffer
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# ror
+	 eval(shift(@insns));
+
+	 foreach (@insns) { eval; }	# remaining instructions
+
+  $Xi++;	push(@X,shift(@X));	# "rotate" X[]
+}
+
+sub Xuplast_avx_80()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
+  my ($a,$b,$c,$d,$e);
+
+	 eval(shift(@insns));
+	  &vpaddd	(@X[3],@X[3],@X[-1&7]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	  &vmovdqa	(&QWP(0+16*(($Xi-1)&3),"esp"),@X[3]);	# X[]+K xfer IALU
+
+	 foreach (@insns) { eval; }		# remaining instructions
+
+	&mov	($inp=@T[1],&DWP(192+4,"esp"));
+	&cmp	($inp,&DWP(192+8,"esp"));
+	&je	(&label("done"));
+
+	&vmovdqa(@X[3],&QWP(112+48,"esp"));	# K_00_19
+	&vmovdqa(@X[2],&QWP(112+64,"esp"));	# pbswap mask
+	&vmovdqu(@X[-4&7],&QWP(0,$inp));	# load input
+	&vmovdqu(@X[-3&7],&QWP(16,$inp));
+	&vmovdqu(@X[-2&7],&QWP(32,$inp));
+	&vmovdqu(@X[-1&7],&QWP(48,$inp));
+	&add	($inp,64);
+	&vpshufb(@X[-4&7],@X[-4&7],@X[2]);		# byte swap
+	&mov	(&DWP(192+4,"esp"),$inp);
+	&vmovdqa(&QWP(112-16,"esp"),@X[3]);	# borrow last backtrace slot
+
+  $Xi=0;
+}
+
+sub Xloop_avx()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
+  my ($a,$b,$c,$d,$e);
+
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vpshufb	(@X[($Xi-3)&7],@X[($Xi-3)&7],@X[2]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vpaddd	(@X[$Xi&7],@X[($Xi-4)&7],@X[3]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vmovdqa	(&QWP(0+16*$Xi,"esp"),@X[$Xi&7]);	# X[]+K xfer to IALU
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	foreach (@insns) { eval; }
+  $Xi++;
+}
+
+sub Xtail_avx()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
+  my ($a,$b,$c,$d,$e);
+
+	foreach (@insns) { eval; }
+}
+
+&set_label("loop",16);
+	&Xupdate_avx_16_31(\&body_00_19);
+	&Xupdate_avx_16_31(\&body_00_19);
+	&Xupdate_avx_16_31(\&body_00_19);
+	&Xupdate_avx_16_31(\&body_00_19);
+	&Xupdate_avx_32_79(\&body_00_19);
+	&Xupdate_avx_32_79(\&body_20_39);
+	&Xupdate_avx_32_79(\&body_20_39);
+	&Xupdate_avx_32_79(\&body_20_39);
+	&Xupdate_avx_32_79(\&body_20_39);
+	&Xupdate_avx_32_79(\&body_20_39);
+	&Xupdate_avx_32_79(\&body_40_59);
+	&Xupdate_avx_32_79(\&body_40_59);
+	&Xupdate_avx_32_79(\&body_40_59);
+	&Xupdate_avx_32_79(\&body_40_59);
+	&Xupdate_avx_32_79(\&body_40_59);
+	&Xupdate_avx_32_79(\&body_20_39);
+	&Xuplast_avx_80(\&body_20_39);	# can jump to "done"
+
+				$saved_j=$j; @saved_V=@V;
+
+	&Xloop_avx(\&body_20_39);
+	&Xloop_avx(\&body_20_39);
+	&Xloop_avx(\&body_20_39);
+
+	&mov	(@T[1],&DWP(192,"esp"));	# update context
+	&add	($A,&DWP(0,@T[1]));
+	&add	(@T[0],&DWP(4,@T[1]));		# $b
+	&add	($C,&DWP(8,@T[1]));
+	&mov	(&DWP(0,@T[1]),$A);
+	&add	($D,&DWP(12,@T[1]));
+	&mov	(&DWP(4,@T[1]),@T[0]);
+	&add	($E,&DWP(16,@T[1]));
+	&mov	($B,$C);
+	&mov	(&DWP(8,@T[1]),$C);
+	&xor	($B,$D);
+	&mov	(&DWP(12,@T[1]),$D);
+	&mov	(&DWP(16,@T[1]),$E);
+	&mov	(@T[1],@T[0]);
+	&and	(@T[0],$B);
+	&mov	($B,@T[1]);
+
+	&jmp	(&label("loop"));
+
+&set_label("done",16);		$j=$saved_j; @V=@saved_V;
+
+	&Xtail_avx(\&body_20_39);
+	&Xtail_avx(\&body_20_39);
+	&Xtail_avx(\&body_20_39);
+
+	&vzeroall();
+
+	&mov	(@T[1],&DWP(192,"esp"));	# update context
+	&add	($A,&DWP(0,@T[1]));
+	&mov	("esp",&DWP(192+12,"esp"));	# restore %esp
+	&add	(@T[0],&DWP(4,@T[1]));		# $b
+	&add	($C,&DWP(8,@T[1]));
+	&mov	(&DWP(0,@T[1]),$A);
+	&add	($D,&DWP(12,@T[1]));
+	&mov	(&DWP(4,@T[1]),@T[0]);
+	&add	($E,&DWP(16,@T[1]));
+	&mov	(&DWP(8,@T[1]),$C);
+	&mov	(&DWP(12,@T[1]),$D);
+	&mov	(&DWP(16,@T[1]),$E);
+&function_end("_sha1_block_data_order_avx");
+}
+&set_label("K_XX_XX",64);
+&data_word(0x5a827999,0x5a827999,0x5a827999,0x5a827999);	# K_00_19
+&data_word(0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1);	# K_20_39
+&data_word(0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc);	# K_40_59
+&data_word(0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6);	# K_60_79
+&data_word(0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f);	# pbswap mask
+&data_byte(0xf,0xe,0xd,0xc,0xb,0xa,0x9,0x8,0x7,0x6,0x5,0x4,0x3,0x2,0x1,0x0);
+}
+&asciz("SHA1 block transform for x86, CRYPTOGAMS by <appro\@openssl.org>");
+
+&asm_finish();
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-alpha.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-alpha.pl
new file mode 100644
index 000000000..c1a0b0c69
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-alpha.pl
@@ -0,0 +1,329 @@
+#! /usr/bin/env perl
+# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# SHA1 block procedure for Alpha.
+
+# On 21264 performance is 33% better than code generated by vendor
+# compiler, and 75% better than GCC [3.4], and in absolute terms is
+# 8.7 cycles per processed byte. Implementation features vectorized
+# byte swap, but not Xupdate.
+
+@X=(	"\$0",	"\$1",	"\$2",	"\$3",	"\$4",	"\$5",	"\$6",	"\$7",
+	"\$8",	"\$9",	"\$10",	"\$11",	"\$12",	"\$13",	"\$14",	"\$15");
+$ctx="a0";	# $16
+$inp="a1";
+$num="a2";
+$A="a3";
+$B="a4";	# 20
+$C="a5";
+$D="t8";
+$E="t9";	@V=($A,$B,$C,$D,$E);
+$t0="t10";	# 24
+$t1="t11";
+$t2="ra";
+$t3="t12";
+$K="AT";	# 28
+
+sub BODY_00_19 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i+1;
+$code.=<<___ if ($i==0);
+	ldq_u	@X[0],0+0($inp)
+	ldq_u	@X[1],0+7($inp)
+___
+$code.=<<___ if (!($i&1) && $i<14);
+	ldq_u	@X[$i+2],($i+2)*4+0($inp)
+	ldq_u	@X[$i+3],($i+2)*4+7($inp)
+___
+$code.=<<___ if (!($i&1) && $i<15);
+	extql	@X[$i],$inp,@X[$i]
+	extqh	@X[$i+1],$inp,@X[$i+1]
+
+	or	@X[$i+1],@X[$i],@X[$i]	# pair of 32-bit values are fetched
+
+	srl	@X[$i],24,$t0		# vectorized byte swap
+	srl	@X[$i],8,$t2
+
+	sll	@X[$i],8,$t3
+	sll	@X[$i],24,@X[$i]
+	zapnot	$t0,0x11,$t0
+	zapnot	$t2,0x22,$t2
+
+	zapnot	@X[$i],0x88,@X[$i]
+	or	$t0,$t2,$t0
+	zapnot	$t3,0x44,$t3
+	sll	$a,5,$t1
+
+	or	@X[$i],$t0,@X[$i]
+	addl	$K,$e,$e
+	and	$b,$c,$t2
+	zapnot	$a,0xf,$a
+
+	or	@X[$i],$t3,@X[$i]
+	srl	$a,27,$t0
+	bic	$d,$b,$t3
+	sll	$b,30,$b
+
+	extll	@X[$i],4,@X[$i+1]	# extract upper half
+	or	$t2,$t3,$t2
+	addl	@X[$i],$e,$e
+
+	addl	$t1,$e,$e
+	srl	$b,32,$t3
+	zapnot	@X[$i],0xf,@X[$i]
+
+	addl	$t0,$e,$e
+	addl	$t2,$e,$e
+	or	$t3,$b,$b
+___
+$code.=<<___ if (($i&1) && $i<15);
+	sll	$a,5,$t1
+	addl	$K,$e,$e
+	and	$b,$c,$t2
+	zapnot	$a,0xf,$a
+
+	srl	$a,27,$t0
+	addl	@X[$i%16],$e,$e
+	bic	$d,$b,$t3
+	sll	$b,30,$b
+
+	or	$t2,$t3,$t2
+	addl	$t1,$e,$e
+	srl	$b,32,$t3
+	zapnot	@X[$i],0xf,@X[$i]
+
+	addl	$t0,$e,$e
+	addl	$t2,$e,$e
+	or	$t3,$b,$b
+___
+$code.=<<___ if ($i>=15);	# with forward Xupdate
+	sll	$a,5,$t1
+	addl	$K,$e,$e
+	and	$b,$c,$t2
+	xor	@X[($j+2)%16],@X[$j%16],@X[$j%16]
+
+	zapnot	$a,0xf,$a
+	addl	@X[$i%16],$e,$e
+	bic	$d,$b,$t3
+	xor	@X[($j+8)%16],@X[$j%16],@X[$j%16]
+
+	srl	$a,27,$t0
+	addl	$t1,$e,$e
+	or	$t2,$t3,$t2
+	xor	@X[($j+13)%16],@X[$j%16],@X[$j%16]
+
+	sll	$b,30,$b
+	addl	$t0,$e,$e
+	srl	@X[$j%16],31,$t1
+
+	addl	$t2,$e,$e
+	srl	$b,32,$t3
+	addl	@X[$j%16],@X[$j%16],@X[$j%16]
+
+	or	$t3,$b,$b
+	zapnot	@X[$i%16],0xf,@X[$i%16]
+	or	$t1,@X[$j%16],@X[$j%16]
+___
+}
+
+sub BODY_20_39 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i+1;
+$code.=<<___ if ($i<79);	# with forward Xupdate
+	sll	$a,5,$t1
+	addl	$K,$e,$e
+	zapnot	$a,0xf,$a
+	xor	@X[($j+2)%16],@X[$j%16],@X[$j%16]
+
+	sll	$b,30,$t3
+	addl	$t1,$e,$e
+	xor	$b,$c,$t2
+	xor	@X[($j+8)%16],@X[$j%16],@X[$j%16]
+
+	srl	$b,2,$b
+	addl	@X[$i%16],$e,$e
+	xor	$d,$t2,$t2
+	xor	@X[($j+13)%16],@X[$j%16],@X[$j%16]
+
+	srl	@X[$j%16],31,$t1
+	addl	$t2,$e,$e
+	srl	$a,27,$t0
+	addl	@X[$j%16],@X[$j%16],@X[$j%16]
+
+	or	$t3,$b,$b
+	addl	$t0,$e,$e
+	or	$t1,@X[$j%16],@X[$j%16]
+___
+$code.=<<___ if ($i<77);
+	zapnot	@X[$i%16],0xf,@X[$i%16]
+___
+$code.=<<___ if ($i==79);	# with context fetch
+	sll	$a,5,$t1
+	addl	$K,$e,$e
+	zapnot	$a,0xf,$a
+	ldl	@X[0],0($ctx)
+
+	sll	$b,30,$t3
+	addl	$t1,$e,$e
+	xor	$b,$c,$t2
+	ldl	@X[1],4($ctx)
+
+	srl	$b,2,$b
+	addl	@X[$i%16],$e,$e
+	xor	$d,$t2,$t2
+	ldl	@X[2],8($ctx)
+
+	srl	$a,27,$t0
+	addl	$t2,$e,$e
+	ldl	@X[3],12($ctx)
+
+	or	$t3,$b,$b
+	addl	$t0,$e,$e
+	ldl	@X[4],16($ctx)
+___
+}
+
+sub BODY_40_59 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i+1;
+$code.=<<___;	# with forward Xupdate
+	sll	$a,5,$t1
+	addl	$K,$e,$e
+	zapnot	$a,0xf,$a
+	xor	@X[($j+2)%16],@X[$j%16],@X[$j%16]
+
+	srl	$a,27,$t0
+	and	$b,$c,$t2
+	and	$b,$d,$t3
+	xor	@X[($j+8)%16],@X[$j%16],@X[$j%16]
+
+	sll	$b,30,$b
+	addl	$t1,$e,$e
+	xor	@X[($j+13)%16],@X[$j%16],@X[$j%16]
+
+	srl	@X[$j%16],31,$t1
+	addl	$t0,$e,$e
+	or	$t2,$t3,$t2
+	and	$c,$d,$t3
+
+	or	$t2,$t3,$t2
+	srl	$b,32,$t3
+	addl	@X[$i%16],$e,$e
+	addl	@X[$j%16],@X[$j%16],@X[$j%16]
+
+	or	$t3,$b,$b
+	addl	$t2,$e,$e
+	or	$t1,@X[$j%16],@X[$j%16]
+	zapnot	@X[$i%16],0xf,@X[$i%16]
+___
+}
+
+$code=<<___;
+#ifdef __linux__
+#include <asm/regdef.h>
+#else
+#include <asm.h>
+#include <regdef.h>
+#endif
+
+.text
+
+.set	noat
+.set	noreorder
+.globl	sha1_block_data_order
+.align	5
+.ent	sha1_block_data_order
+sha1_block_data_order:
+	lda	sp,-64(sp)
+	stq	ra,0(sp)
+	stq	s0,8(sp)
+	stq	s1,16(sp)
+	stq	s2,24(sp)
+	stq	s3,32(sp)
+	stq	s4,40(sp)
+	stq	s5,48(sp)
+	stq	fp,56(sp)
+	.mask	0x0400fe00,-64
+	.frame	sp,64,ra
+	.prologue 0
+
+	ldl	$A,0($ctx)
+	ldl	$B,4($ctx)
+	sll	$num,6,$num
+	ldl	$C,8($ctx)
+	ldl	$D,12($ctx)
+	ldl	$E,16($ctx)
+	addq	$inp,$num,$num
+
+.Lloop:
+	.set	noreorder
+	ldah	$K,23170(zero)
+	zapnot	$B,0xf,$B
+	lda	$K,31129($K)	# K_00_19
+___
+for ($i=0;$i<20;$i++) { &BODY_00_19($i,@V); unshift(@V,pop(@V)); }
+
+$code.=<<___;
+	ldah	$K,28378(zero)
+	lda	$K,-5215($K)	# K_20_39
+___
+for (;$i<40;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+
+$code.=<<___;
+	ldah	$K,-28900(zero)
+	lda	$K,-17188($K)	# K_40_59
+___
+for (;$i<60;$i++) { &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
+
+$code.=<<___;
+	ldah	$K,-13725(zero)
+	lda	$K,-15914($K)	# K_60_79
+___
+for (;$i<80;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+
+$code.=<<___;
+	addl	@X[0],$A,$A
+	addl	@X[1],$B,$B
+	addl	@X[2],$C,$C
+	addl	@X[3],$D,$D
+	addl	@X[4],$E,$E
+	stl	$A,0($ctx)
+	stl	$B,4($ctx)
+	addq	$inp,64,$inp
+	stl	$C,8($ctx)
+	stl	$D,12($ctx)
+	stl	$E,16($ctx)
+	cmpult	$inp,$num,$t1
+	bne	$t1,.Lloop
+
+	.set	noreorder
+	ldq	ra,0(sp)
+	ldq	s0,8(sp)
+	ldq	s1,16(sp)
+	ldq	s2,24(sp)
+	ldq	s3,32(sp)
+	ldq	s4,40(sp)
+	ldq	s5,48(sp)
+	ldq	fp,56(sp)
+	lda	sp,64(sp)
+	ret	(ra)
+.end	sha1_block_data_order
+.ascii	"SHA1 block transform for Alpha, CRYPTOGAMS by <appro\@openssl.org>"
+.align	2
+___
+$output=pop and open STDOUT,">$output";
+print $code;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-armv4-large.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-armv4-large.pl
new file mode 100644
index 000000000..7ff5bfbba
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-armv4-large.pl
@@ -0,0 +1,742 @@
+#! /usr/bin/env perl
+# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# sha1_block procedure for ARMv4.
+#
+# January 2007.
+
+# Size/performance trade-off
+# ====================================================================
+# impl		size in bytes	comp cycles[*]	measured performance
+# ====================================================================
+# thumb		304		3212		4420
+# armv4-small	392/+29%	1958/+64%	2250/+96%
+# armv4-compact	740/+89%	1552/+26%	1840/+22%
+# armv4-large	1420/+92%	1307/+19%	1370/+34%[***]
+# full unroll	~5100/+260%	~1260/+4%	~1300/+5%
+# ====================================================================
+# thumb		= same as 'small' but in Thumb instructions[**] and
+#		  with recurring code in two private functions;
+# small		= detached Xload/update, loops are folded;
+# compact	= detached Xload/update, 5x unroll;
+# large		= interleaved Xload/update, 5x unroll;
+# full unroll	= interleaved Xload/update, full unroll, estimated[!];
+#
+# [*]	Manually counted instructions in "grand" loop body. Measured
+#	performance is affected by prologue and epilogue overhead,
+#	i-cache availability, branch penalties, etc.
+# [**]	While each Thumb instruction is twice smaller, they are not as
+#	diverse as ARM ones: e.g., there are only two arithmetic
+#	instructions with 3 arguments, no [fixed] rotate, addressing
+#	modes are limited. As result it takes more instructions to do
+#	the same job in Thumb, therefore the code is never twice as
+#	small and always slower.
+# [***]	which is also ~35% better than compiler generated code. Dual-
+#	issue Cortex A8 core was measured to process input block in
+#	~990 cycles.
+
+# August 2010.
+#
+# Rescheduling for dual-issue pipeline resulted in 13% improvement on
+# Cortex A8 core and in absolute terms ~870 cycles per input block
+# [or 13.6 cycles per byte].
+
+# February 2011.
+#
+# Profiler-assisted and platform-specific optimization resulted in 10%
+# improvement on Cortex A8 core and 12.2 cycles per byte.
+
+# September 2013.
+#
+# Add NEON implementation (see sha1-586.pl for background info). On
+# Cortex A8 it was measured to process one byte in 6.7 cycles or >80%
+# faster than integer-only code. Because [fully unrolled] NEON code
+# is ~2.5x larger and there are some redundant instructions executed
+# when processing last block, improvement is not as big for smallest
+# blocks, only ~30%. Snapdragon S4 is a tad faster, 6.4 cycles per
+# byte, which is also >80% faster than integer-only code. Cortex-A15
+# is even faster spending 5.6 cycles per byte outperforming integer-
+# only code by factor of 2.
+
+# May 2014.
+#
+# Add ARMv8 code path performing at 2.35 cpb on Apple A7.
+
+$flavour = shift;
+if ($flavour=~/\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; }
+else { while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} }
+
+if ($flavour && $flavour ne "void") {
+    $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+    ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
+    ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
+    die "can't locate arm-xlate.pl";
+
+    open STDOUT,"| \"$^X\" $xlate $flavour $output";
+} else {
+    open STDOUT,">$output";
+}
+
+$ctx="r0";
+$inp="r1";
+$len="r2";
+$a="r3";
+$b="r4";
+$c="r5";
+$d="r6";
+$e="r7";
+$K="r8";
+$t0="r9";
+$t1="r10";
+$t2="r11";
+$t3="r12";
+$Xi="r14";
+@V=($a,$b,$c,$d,$e);
+
+sub Xupdate {
+my ($a,$b,$c,$d,$e,$opt1,$opt2)=@_;
+$code.=<<___;
+	ldr	$t0,[$Xi,#15*4]
+	ldr	$t1,[$Xi,#13*4]
+	ldr	$t2,[$Xi,#7*4]
+	add	$e,$K,$e,ror#2			@ E+=K_xx_xx
+	ldr	$t3,[$Xi,#2*4]
+	eor	$t0,$t0,$t1
+	eor	$t2,$t2,$t3			@ 1 cycle stall
+	eor	$t1,$c,$d			@ F_xx_xx
+	mov	$t0,$t0,ror#31
+	add	$e,$e,$a,ror#27			@ E+=ROR(A,27)
+	eor	$t0,$t0,$t2,ror#31
+	str	$t0,[$Xi,#-4]!
+	$opt1					@ F_xx_xx
+	$opt2					@ F_xx_xx
+	add	$e,$e,$t0			@ E+=X[i]
+___
+}
+
+sub BODY_00_15 {
+my ($a,$b,$c,$d,$e)=@_;
+$code.=<<___;
+#if __ARM_ARCH__<7
+	ldrb	$t1,[$inp,#2]
+	ldrb	$t0,[$inp,#3]
+	ldrb	$t2,[$inp,#1]
+	add	$e,$K,$e,ror#2			@ E+=K_00_19
+	ldrb	$t3,[$inp],#4
+	orr	$t0,$t0,$t1,lsl#8
+	eor	$t1,$c,$d			@ F_xx_xx
+	orr	$t0,$t0,$t2,lsl#16
+	add	$e,$e,$a,ror#27			@ E+=ROR(A,27)
+	orr	$t0,$t0,$t3,lsl#24
+#else
+	ldr	$t0,[$inp],#4			@ handles unaligned
+	add	$e,$K,$e,ror#2			@ E+=K_00_19
+	eor	$t1,$c,$d			@ F_xx_xx
+	add	$e,$e,$a,ror#27			@ E+=ROR(A,27)
+#ifdef __ARMEL__
+	rev	$t0,$t0				@ byte swap
+#endif
+#endif
+	and	$t1,$b,$t1,ror#2
+	add	$e,$e,$t0			@ E+=X[i]
+	eor	$t1,$t1,$d,ror#2		@ F_00_19(B,C,D)
+	str	$t0,[$Xi,#-4]!
+	add	$e,$e,$t1			@ E+=F_00_19(B,C,D)
+___
+}
+
+sub BODY_16_19 {
+my ($a,$b,$c,$d,$e)=@_;
+	&Xupdate(@_,"and $t1,$b,$t1,ror#2");
+$code.=<<___;
+	eor	$t1,$t1,$d,ror#2		@ F_00_19(B,C,D)
+	add	$e,$e,$t1			@ E+=F_00_19(B,C,D)
+___
+}
+
+sub BODY_20_39 {
+my ($a,$b,$c,$d,$e)=@_;
+	&Xupdate(@_,"eor $t1,$b,$t1,ror#2");
+$code.=<<___;
+	add	$e,$e,$t1			@ E+=F_20_39(B,C,D)
+___
+}
+
+sub BODY_40_59 {
+my ($a,$b,$c,$d,$e)=@_;
+	&Xupdate(@_,"and $t1,$b,$t1,ror#2","and $t2,$c,$d");
+$code.=<<___;
+	add	$e,$e,$t1			@ E+=F_40_59(B,C,D)
+	add	$e,$e,$t2,ror#2
+___
+}
+
+$code=<<___;
+#include "arm_arch.h"
+
+.text
+#if defined(__thumb2__)
+.syntax	unified
+.thumb
+#else
+.code	32
+#endif
+
+.global	sha1_block_data_order
+.type	sha1_block_data_order,%function
+
+.align	5
+sha1_block_data_order:
+#if __ARM_MAX_ARCH__>=7
+.Lsha1_block:
+	adr	r3,.Lsha1_block
+	ldr	r12,.LOPENSSL_armcap
+	ldr	r12,[r3,r12]		@ OPENSSL_armcap_P
+#ifdef	__APPLE__
+	ldr	r12,[r12]
+#endif
+	tst	r12,#ARMV8_SHA1
+	bne	.LARMv8
+	tst	r12,#ARMV7_NEON
+	bne	.LNEON
+#endif
+	stmdb	sp!,{r4-r12,lr}
+	add	$len,$inp,$len,lsl#6	@ $len to point at the end of $inp
+	ldmia	$ctx,{$a,$b,$c,$d,$e}
+.Lloop:
+	ldr	$K,.LK_00_19
+	mov	$Xi,sp
+	sub	sp,sp,#15*4
+	mov	$c,$c,ror#30
+	mov	$d,$d,ror#30
+	mov	$e,$e,ror#30		@ [6]
+.L_00_15:
+___
+for($i=0;$i<5;$i++) {
+	&BODY_00_15(@V);	unshift(@V,pop(@V));
+}
+$code.=<<___;
+#if defined(__thumb2__)
+	mov	$t3,sp
+	teq	$Xi,$t3
+#else
+	teq	$Xi,sp
+#endif
+	bne	.L_00_15		@ [((11+4)*5+2)*3]
+	sub	sp,sp,#25*4
+___
+	&BODY_00_15(@V);	unshift(@V,pop(@V));
+	&BODY_16_19(@V);	unshift(@V,pop(@V));
+	&BODY_16_19(@V);	unshift(@V,pop(@V));
+	&BODY_16_19(@V);	unshift(@V,pop(@V));
+	&BODY_16_19(@V);	unshift(@V,pop(@V));
+$code.=<<___;
+
+	ldr	$K,.LK_20_39		@ [+15+16*4]
+	cmn	sp,#0			@ [+3], clear carry to denote 20_39
+.L_20_39_or_60_79:
+___
+for($i=0;$i<5;$i++) {
+	&BODY_20_39(@V);	unshift(@V,pop(@V));
+}
+$code.=<<___;
+#if defined(__thumb2__)
+	mov	$t3,sp
+	teq	$Xi,$t3
+#else
+	teq	$Xi,sp			@ preserve carry
+#endif
+	bne	.L_20_39_or_60_79	@ [+((12+3)*5+2)*4]
+	bcs	.L_done			@ [+((12+3)*5+2)*4], spare 300 bytes
+
+	ldr	$K,.LK_40_59
+	sub	sp,sp,#20*4		@ [+2]
+.L_40_59:
+___
+for($i=0;$i<5;$i++) {
+	&BODY_40_59(@V);	unshift(@V,pop(@V));
+}
+$code.=<<___;
+#if defined(__thumb2__)
+	mov	$t3,sp
+	teq	$Xi,$t3
+#else
+	teq	$Xi,sp
+#endif
+	bne	.L_40_59		@ [+((12+5)*5+2)*4]
+
+	ldr	$K,.LK_60_79
+	sub	sp,sp,#20*4
+	cmp	sp,#0			@ set carry to denote 60_79
+	b	.L_20_39_or_60_79	@ [+4], spare 300 bytes
+.L_done:
+	add	sp,sp,#80*4		@ "deallocate" stack frame
+	ldmia	$ctx,{$K,$t0,$t1,$t2,$t3}
+	add	$a,$K,$a
+	add	$b,$t0,$b
+	add	$c,$t1,$c,ror#2
+	add	$d,$t2,$d,ror#2
+	add	$e,$t3,$e,ror#2
+	stmia	$ctx,{$a,$b,$c,$d,$e}
+	teq	$inp,$len
+	bne	.Lloop			@ [+18], total 1307
+
+#if __ARM_ARCH__>=5
+	ldmia	sp!,{r4-r12,pc}
+#else
+	ldmia	sp!,{r4-r12,lr}
+	tst	lr,#1
+	moveq	pc,lr			@ be binary compatible with V4, yet
+	bx	lr			@ interoperable with Thumb ISA:-)
+#endif
+.size	sha1_block_data_order,.-sha1_block_data_order
+
+.align	5
+.LK_00_19:	.word	0x5a827999
+.LK_20_39:	.word	0x6ed9eba1
+.LK_40_59:	.word	0x8f1bbcdc
+.LK_60_79:	.word	0xca62c1d6
+#if __ARM_MAX_ARCH__>=7
+.LOPENSSL_armcap:
+.word	OPENSSL_armcap_P-.Lsha1_block
+#endif
+.asciz	"SHA1 block transform for ARMv4/NEON/ARMv8, CRYPTOGAMS by <appro\@openssl.org>"
+.align	5
+___
+#####################################################################
+# NEON stuff
+#
+{{{
+my @V=($a,$b,$c,$d,$e);
+my ($K_XX_XX,$Ki,$t0,$t1,$Xfer,$saved_sp)=map("r$_",(8..12,14));
+my $Xi=4;
+my @X=map("q$_",(8..11,0..3));
+my @Tx=("q12","q13");
+my ($K,$zero)=("q14","q15");
+my $j=0;
+
+sub AUTOLOAD()          # thunk [simplified] x86-style perlasm
+{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://; $opcode =~ s/_/\./;
+  my $arg = pop;
+    $arg = "#$arg" if ($arg*1 eq $arg);
+    $code .= "\t$opcode\t".join(',',@_,$arg)."\n";
+}
+
+sub body_00_19 () {
+	(
+	'($a,$b,$c,$d,$e)=@V;'.		# '$code.="@ $j\n";'.
+	'&bic	($t0,$d,$b)',
+	'&add	($e,$e,$Ki)',		# e+=X[i]+K
+	'&and	($t1,$c,$b)',
+	'&ldr	($Ki,sprintf "[sp,#%d]",4*(($j+1)&15))',
+	'&add	($e,$e,$a,"ror#27")',	# e+=ROR(A,27)
+	'&eor	($t1,$t1,$t0)',		# F_00_19
+	'&mov	($b,$b,"ror#2")',	# b=ROR(b,2)
+	'&add	($e,$e,$t1);'.		# e+=F_00_19
+	'$j++;	unshift(@V,pop(@V));'
+	)
+}
+sub body_20_39 () {
+	(
+	'($a,$b,$c,$d,$e)=@V;'.		# '$code.="@ $j\n";'.
+	'&eor	($t0,$b,$d)',
+	'&add	($e,$e,$Ki)',		# e+=X[i]+K
+	'&ldr	($Ki,sprintf "[sp,#%d]",4*(($j+1)&15)) if ($j<79)',
+	'&eor	($t1,$t0,$c)',		# F_20_39
+	'&add	($e,$e,$a,"ror#27")',	# e+=ROR(A,27)
+	'&mov	($b,$b,"ror#2")',	# b=ROR(b,2)
+	'&add	($e,$e,$t1);'.		# e+=F_20_39
+	'$j++;	unshift(@V,pop(@V));'
+	)
+}
+sub body_40_59 () {
+	(
+	'($a,$b,$c,$d,$e)=@V;'.		# '$code.="@ $j\n";'.
+	'&add	($e,$e,$Ki)',		# e+=X[i]+K
+	'&and	($t0,$c,$d)',
+	'&ldr	($Ki,sprintf "[sp,#%d]",4*(($j+1)&15))',
+	'&add	($e,$e,$a,"ror#27")',	# e+=ROR(A,27)
+	'&eor	($t1,$c,$d)',
+	'&add	($e,$e,$t0)',
+	'&and	($t1,$t1,$b)',
+	'&mov	($b,$b,"ror#2")',	# b=ROR(b,2)
+	'&add	($e,$e,$t1);'.		# e+=F_40_59
+	'$j++;	unshift(@V,pop(@V));'
+	)
+}
+
+sub Xupdate_16_31 ()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);
+  my ($a,$b,$c,$d,$e);
+
+	&vext_8		(@X[0],@X[-4&7],@X[-3&7],8);	# compose "X[-14]" in "X[0]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &vadd_i32	(@Tx[1],@X[-1&7],$K);
+	 eval(shift(@insns));
+	  &vld1_32	("{$K\[]}","[$K_XX_XX,:32]!")	if ($Xi%5==0);
+	 eval(shift(@insns));
+	&vext_8		(@Tx[0],@X[-1&7],$zero,4);	# "X[-3]", 3 words
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&veor		(@X[0],@X[0],@X[-4&7]);		# "X[0]"^="X[-16]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&veor		(@Tx[0],@Tx[0],@X[-2&7]);	# "X[-3]"^"X[-8]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&veor		(@Tx[0],@Tx[0],@X[0]);		# "X[0]"^="X[-3]"^"X[-8]
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &vst1_32	("{@Tx[1]}","[$Xfer,:128]!");	# X[]+K xfer
+	  &sub		($Xfer,$Xfer,64)		if ($Xi%4==0);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vext_8		(@Tx[1],$zero,@Tx[0],4);	# "X[0]"<<96, extract one dword
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vadd_i32	(@X[0],@Tx[0],@Tx[0]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vsri_32	(@X[0],@Tx[0],31);		# "X[0]"<<<=1
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vshr_u32	(@Tx[0],@Tx[1],30);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vshl_u32	(@Tx[1],@Tx[1],2);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&veor		(@X[0],@X[0],@Tx[0]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&veor		(@X[0],@X[0],@Tx[1]);		# "X[0]"^=("X[0]">>96)<<<2
+
+	foreach (@insns) { eval; }	# remaining instructions [if any]
+
+  $Xi++;	push(@X,shift(@X));	# "rotate" X[]
+}
+
+sub Xupdate_32_79 ()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);
+  my ($a,$b,$c,$d,$e);
+
+	&vext_8		(@Tx[0],@X[-2&7],@X[-1&7],8);	# compose "X[-6]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&veor		(@X[0],@X[0],@X[-4&7]);		# "X[0]"="X[-32]"^"X[-16]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&veor		(@X[0],@X[0],@X[-7&7]);		# "X[0]"^="X[-28]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &vadd_i32	(@Tx[1],@X[-1&7],$K);
+	 eval(shift(@insns));
+	  &vld1_32	("{$K\[]}","[$K_XX_XX,:32]!")	if ($Xi%5==0);
+	 eval(shift(@insns));
+	&veor		(@Tx[0],@Tx[0],@X[0]);		# "X[-6]"^="X[0]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vshr_u32	(@X[0],@Tx[0],30);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &vst1_32	("{@Tx[1]}","[$Xfer,:128]!");	# X[]+K xfer
+	  &sub		($Xfer,$Xfer,64)		if ($Xi%4==0);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vsli_32	(@X[0],@Tx[0],2);		# "X[0]"="X[-6]"<<<2
+
+	foreach (@insns) { eval; }	# remaining instructions [if any]
+
+  $Xi++;	push(@X,shift(@X));	# "rotate" X[]
+}
+
+sub Xuplast_80 ()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);
+  my ($a,$b,$c,$d,$e);
+
+	&vadd_i32	(@Tx[1],@X[-1&7],$K);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vst1_32	("{@Tx[1]}","[$Xfer,:128]!");
+	&sub		($Xfer,$Xfer,64);
+
+	&teq		($inp,$len);
+	&sub		($K_XX_XX,$K_XX_XX,16);	# rewind $K_XX_XX
+	&it		("eq");
+	&subeq		($inp,$inp,64);		# reload last block to avoid SEGV
+	&vld1_8		("{@X[-4&7]-@X[-3&7]}","[$inp]!");
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vld1_8		("{@X[-2&7]-@X[-1&7]}","[$inp]!");
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vld1_32	("{$K\[]}","[$K_XX_XX,:32]!");	# load K_00_19
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vrev32_8	(@X[-4&7],@X[-4&7]);
+
+	foreach (@insns) { eval; }		# remaining instructions
+
+   $Xi=0;
+}
+
+sub Xloop()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);
+  my ($a,$b,$c,$d,$e);
+
+	&vrev32_8	(@X[($Xi-3)&7],@X[($Xi-3)&7]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vadd_i32	(@X[$Xi&7],@X[($Xi-4)&7],$K);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vst1_32	("{@X[$Xi&7]}","[$Xfer,:128]!");# X[]+K xfer to IALU
+
+	foreach (@insns) { eval; }
+
+  $Xi++;
+}
+
+$code.=<<___;
+#if __ARM_MAX_ARCH__>=7
+.arch	armv7-a
+.fpu	neon
+
+.type	sha1_block_data_order_neon,%function
+.align	4
+sha1_block_data_order_neon:
+.LNEON:
+	stmdb	sp!,{r4-r12,lr}
+	add	$len,$inp,$len,lsl#6	@ $len to point at the end of $inp
+	@ dmb				@ errata #451034 on early Cortex A8
+	@ vstmdb	sp!,{d8-d15}	@ ABI specification says so
+	mov	$saved_sp,sp
+	sub	$Xfer,sp,#64
+	adr	$K_XX_XX,.LK_00_19
+	bic	$Xfer,$Xfer,#15		@ align for 128-bit stores
+
+	ldmia	$ctx,{$a,$b,$c,$d,$e}	@ load context
+	mov	sp,$Xfer		@ alloca
+
+	vld1.8		{@X[-4&7]-@X[-3&7]},[$inp]!	@ handles unaligned
+	veor		$zero,$zero,$zero
+	vld1.8		{@X[-2&7]-@X[-1&7]},[$inp]!
+	vld1.32		{${K}\[]},[$K_XX_XX,:32]!	@ load K_00_19
+	vrev32.8	@X[-4&7],@X[-4&7]		@ yes, even on
+	vrev32.8	@X[-3&7],@X[-3&7]		@ big-endian...
+	vrev32.8	@X[-2&7],@X[-2&7]
+	vadd.i32	@X[0],@X[-4&7],$K
+	vrev32.8	@X[-1&7],@X[-1&7]
+	vadd.i32	@X[1],@X[-3&7],$K
+	vst1.32		{@X[0]},[$Xfer,:128]!
+	vadd.i32	@X[2],@X[-2&7],$K
+	vst1.32		{@X[1]},[$Xfer,:128]!
+	vst1.32		{@X[2]},[$Xfer,:128]!
+	ldr		$Ki,[sp]			@ big RAW stall
+
+.Loop_neon:
+___
+	&Xupdate_16_31(\&body_00_19);
+	&Xupdate_16_31(\&body_00_19);
+	&Xupdate_16_31(\&body_00_19);
+	&Xupdate_16_31(\&body_00_19);
+	&Xupdate_32_79(\&body_00_19);
+	&Xupdate_32_79(\&body_20_39);
+	&Xupdate_32_79(\&body_20_39);
+	&Xupdate_32_79(\&body_20_39);
+	&Xupdate_32_79(\&body_20_39);
+	&Xupdate_32_79(\&body_20_39);
+	&Xupdate_32_79(\&body_40_59);
+	&Xupdate_32_79(\&body_40_59);
+	&Xupdate_32_79(\&body_40_59);
+	&Xupdate_32_79(\&body_40_59);
+	&Xupdate_32_79(\&body_40_59);
+	&Xupdate_32_79(\&body_20_39);
+	&Xuplast_80(\&body_20_39);
+	&Xloop(\&body_20_39);
+	&Xloop(\&body_20_39);
+	&Xloop(\&body_20_39);
+$code.=<<___;
+	ldmia	$ctx,{$Ki,$t0,$t1,$Xfer}	@ accumulate context
+	add	$a,$a,$Ki
+	ldr	$Ki,[$ctx,#16]
+	add	$b,$b,$t0
+	add	$c,$c,$t1
+	add	$d,$d,$Xfer
+	it	eq
+	moveq	sp,$saved_sp
+	add	$e,$e,$Ki
+	it	ne
+	ldrne	$Ki,[sp]
+	stmia	$ctx,{$a,$b,$c,$d,$e}
+	itt	ne
+	addne	$Xfer,sp,#3*16
+	bne	.Loop_neon
+
+	@ vldmia	sp!,{d8-d15}
+	ldmia	sp!,{r4-r12,pc}
+.size	sha1_block_data_order_neon,.-sha1_block_data_order_neon
+#endif
+___
+}}}
+#####################################################################
+# ARMv8 stuff
+#
+{{{
+my ($ABCD,$E,$E0,$E1)=map("q$_",(0..3));
+my @MSG=map("q$_",(4..7));
+my @Kxx=map("q$_",(8..11));
+my ($W0,$W1,$ABCD_SAVE)=map("q$_",(12..14));
+
+$code.=<<___;
+#if __ARM_MAX_ARCH__>=7
+
+# if defined(__thumb2__)
+#  define INST(a,b,c,d)	.byte	c,d|0xf,a,b
+# else
+#  define INST(a,b,c,d)	.byte	a,b,c,d|0x10
+# endif
+
+.type	sha1_block_data_order_armv8,%function
+.align	5
+sha1_block_data_order_armv8:
+.LARMv8:
+	vstmdb	sp!,{d8-d15}		@ ABI specification says so
+
+	veor	$E,$E,$E
+	adr	r3,.LK_00_19
+	vld1.32	{$ABCD},[$ctx]!
+	vld1.32	{$E\[0]},[$ctx]
+	sub	$ctx,$ctx,#16
+	vld1.32	{@Kxx[0]\[]},[r3,:32]!
+	vld1.32	{@Kxx[1]\[]},[r3,:32]!
+	vld1.32	{@Kxx[2]\[]},[r3,:32]!
+	vld1.32	{@Kxx[3]\[]},[r3,:32]
+
+.Loop_v8:
+	vld1.8		{@MSG[0]-@MSG[1]},[$inp]!
+	vld1.8		{@MSG[2]-@MSG[3]},[$inp]!
+	vrev32.8	@MSG[0],@MSG[0]
+	vrev32.8	@MSG[1],@MSG[1]
+
+	vadd.i32	$W0,@Kxx[0],@MSG[0]
+	vrev32.8	@MSG[2],@MSG[2]
+	vmov		$ABCD_SAVE,$ABCD	@ offload
+	subs		$len,$len,#1
+
+	vadd.i32	$W1,@Kxx[0],@MSG[1]
+	vrev32.8	@MSG[3],@MSG[3]
+	sha1h		$E1,$ABCD		@ 0
+	sha1c		$ABCD,$E,$W0
+	vadd.i32	$W0,@Kxx[$j],@MSG[2]
+	sha1su0		@MSG[0],@MSG[1],@MSG[2]
+___
+for ($j=0,$i=1;$i<20-3;$i++) {
+my $f=("c","p","m","p")[$i/5];
+$code.=<<___;
+	sha1h		$E0,$ABCD		@ $i
+	sha1$f		$ABCD,$E1,$W1
+	vadd.i32	$W1,@Kxx[$j],@MSG[3]
+	sha1su1		@MSG[0],@MSG[3]
+___
+$code.=<<___ if ($i<20-4);
+	sha1su0		@MSG[1],@MSG[2],@MSG[3]
+___
+	($E0,$E1)=($E1,$E0);	($W0,$W1)=($W1,$W0);
+	push(@MSG,shift(@MSG));	$j++ if ((($i+3)%5)==0);
+}
+$code.=<<___;
+	sha1h		$E0,$ABCD		@ $i
+	sha1p		$ABCD,$E1,$W1
+	vadd.i32	$W1,@Kxx[$j],@MSG[3]
+
+	sha1h		$E1,$ABCD		@ 18
+	sha1p		$ABCD,$E0,$W0
+
+	sha1h		$E0,$ABCD		@ 19
+	sha1p		$ABCD,$E1,$W1
+
+	vadd.i32	$E,$E,$E0
+	vadd.i32	$ABCD,$ABCD,$ABCD_SAVE
+	bne		.Loop_v8
+
+	vst1.32		{$ABCD},[$ctx]!
+	vst1.32		{$E\[0]},[$ctx]
+
+	vldmia	sp!,{d8-d15}
+	ret					@ bx lr
+.size	sha1_block_data_order_armv8,.-sha1_block_data_order_armv8
+#endif
+___
+}}}
+$code.=<<___;
+#if __ARM_MAX_ARCH__>=7
+.comm	OPENSSL_armcap_P,4,4
+#endif
+___
+
+{   my  %opcode = (
+	"sha1c"		=> 0xf2000c40,	"sha1p"		=> 0xf2100c40,
+	"sha1m"		=> 0xf2200c40,	"sha1su0"	=> 0xf2300c40,
+	"sha1h"		=> 0xf3b902c0,	"sha1su1"	=> 0xf3ba0380	);
+
+    sub unsha1 {
+	my ($mnemonic,$arg)=@_;
+
+	if ($arg =~ m/q([0-9]+)(?:,\s*q([0-9]+))?,\s*q([0-9]+)/o) {
+	    my $word = $opcode{$mnemonic}|(($1&7)<<13)|(($1&8)<<19)
+					 |(($2&7)<<17)|(($2&8)<<4)
+					 |(($3&7)<<1) |(($3&8)<<2);
+	    # since ARMv7 instructions are always encoded little-endian.
+	    # correct solution is to use .inst directive, but older
+	    # assemblers don't implement it:-(
+
+	    # this fix-up provides Thumb encoding in conjunction with INST
+	    $word &= ~0x10000000 if (($word & 0x0f000000) == 0x02000000);
+	    sprintf "INST(0x%02x,0x%02x,0x%02x,0x%02x)\t@ %s %s",
+			$word&0xff,($word>>8)&0xff,
+			($word>>16)&0xff,($word>>24)&0xff,
+			$mnemonic,$arg;
+	}
+    }
+}
+
+foreach (split($/,$code)) {
+	s/{q([0-9]+)\[\]}/sprintf "{d%d[],d%d[]}",2*$1,2*$1+1/eo	or
+	s/{q([0-9]+)\[0\]}/sprintf "{d%d[0]}",2*$1/eo;
+
+	s/\b(sha1\w+)\s+(q.*)/unsha1($1,$2)/geo;
+
+	s/\bret\b/bx	lr/o		or
+	s/\bbx\s+lr\b/.word\t0xe12fff1e/o;	# make it possible to compile with -march=armv4
+
+	print $_,$/;
+}
+
+close STDOUT; # enforce flush
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-armv8.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-armv8.pl
new file mode 100644
index 000000000..3ba871fed
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-armv8.pl
@@ -0,0 +1,364 @@
+#! /usr/bin/env perl
+# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# SHA1 for ARMv8.
+#
+# Performance in cycles per processed byte and improvement coefficient
+# over code generated with "default" compiler:
+#
+#		hardware-assisted	software(*)
+# Apple A7	2.31			4.13 (+14%)
+# Cortex-A53	2.24			8.03 (+97%)
+# Cortex-A57	2.35			7.88 (+74%)
+# Denver	2.13			3.97 (+0%)(**)
+# X-Gene				8.80 (+200%)
+# Mongoose	2.05			6.50 (+160%)
+# Kryo		1.88			8.00 (+90%)
+#
+# (*)	Software results are presented mostly for reference purposes.
+# (**)	Keep in mind that Denver relies on binary translation, which
+#	optimizes compiler output at run-time.
+
+$flavour = shift;
+$output  = shift;
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
+die "can't locate arm-xlate.pl";
+
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
+
+($ctx,$inp,$num)=("x0","x1","x2");
+@Xw=map("w$_",(3..17,19));
+@Xx=map("x$_",(3..17,19));
+@V=($A,$B,$C,$D,$E)=map("w$_",(20..24));
+($t0,$t1,$t2,$K)=map("w$_",(25..28));
+
+
+sub BODY_00_19 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=($i+2)&15;
+
+$code.=<<___ if ($i<15 && !($i&1));
+	lsr	@Xx[$i+1],@Xx[$i],#32
+___
+$code.=<<___ if ($i<14 && !($i&1));
+	ldr	@Xx[$i+2],[$inp,#`($i+2)*4-64`]
+___
+$code.=<<___ if ($i<14 && ($i&1));
+#ifdef	__ARMEB__
+	ror	@Xx[$i+1],@Xx[$i+1],#32
+#else
+	rev32	@Xx[$i+1],@Xx[$i+1]
+#endif
+___
+$code.=<<___ if ($i<14);
+	bic	$t0,$d,$b
+	and	$t1,$c,$b
+	ror	$t2,$a,#27
+	add	$d,$d,$K		// future e+=K
+	orr	$t0,$t0,$t1
+	add	$e,$e,$t2		// e+=rot(a,5)
+	ror	$b,$b,#2
+	add	$d,$d,@Xw[($i+1)&15]	// future e+=X[i]
+	add	$e,$e,$t0		// e+=F(b,c,d)
+___
+$code.=<<___ if ($i==19);
+	movz	$K,#0xeba1
+	movk	$K,#0x6ed9,lsl#16
+___
+$code.=<<___ if ($i>=14);
+	 eor	@Xw[$j],@Xw[$j],@Xw[($j+2)&15]
+	bic	$t0,$d,$b
+	and	$t1,$c,$b
+	ror	$t2,$a,#27
+	 eor	@Xw[$j],@Xw[$j],@Xw[($j+8)&15]
+	add	$d,$d,$K		// future e+=K
+	orr	$t0,$t0,$t1
+	add	$e,$e,$t2		// e+=rot(a,5)
+	 eor	@Xw[$j],@Xw[$j],@Xw[($j+13)&15]
+	ror	$b,$b,#2
+	add	$d,$d,@Xw[($i+1)&15]	// future e+=X[i]
+	add	$e,$e,$t0		// e+=F(b,c,d)
+	 ror	@Xw[$j],@Xw[$j],#31
+___
+}
+
+sub BODY_40_59 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=($i+2)&15;
+
+$code.=<<___ if ($i==59);
+	movz	$K,#0xc1d6
+	movk	$K,#0xca62,lsl#16
+___
+$code.=<<___;
+	orr	$t0,$b,$c
+	and	$t1,$b,$c
+	 eor	@Xw[$j],@Xw[$j],@Xw[($j+2)&15]
+	ror	$t2,$a,#27
+	and	$t0,$t0,$d
+	add	$d,$d,$K		// future e+=K
+	 eor	@Xw[$j],@Xw[$j],@Xw[($j+8)&15]
+	add	$e,$e,$t2		// e+=rot(a,5)
+	orr	$t0,$t0,$t1
+	ror	$b,$b,#2
+	 eor	@Xw[$j],@Xw[$j],@Xw[($j+13)&15]
+	add	$d,$d,@Xw[($i+1)&15]	// future e+=X[i]
+	add	$e,$e,$t0		// e+=F(b,c,d)
+	 ror	@Xw[$j],@Xw[$j],#31
+___
+}
+
+sub BODY_20_39 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=($i+2)&15;
+
+$code.=<<___ if ($i==39);
+	movz	$K,#0xbcdc
+	movk	$K,#0x8f1b,lsl#16
+___
+$code.=<<___ if ($i<78);
+	 eor	@Xw[$j],@Xw[$j],@Xw[($j+2)&15]
+	eor	$t0,$d,$b
+	ror	$t2,$a,#27
+	add	$d,$d,$K		// future e+=K
+	 eor	@Xw[$j],@Xw[$j],@Xw[($j+8)&15]
+	eor	$t0,$t0,$c
+	add	$e,$e,$t2		// e+=rot(a,5)
+	ror	$b,$b,#2
+	 eor	@Xw[$j],@Xw[$j],@Xw[($j+13)&15]
+	add	$d,$d,@Xw[($i+1)&15]	// future e+=X[i]
+	add	$e,$e,$t0		// e+=F(b,c,d)
+	 ror	@Xw[$j],@Xw[$j],#31
+___
+$code.=<<___ if ($i==78);
+	ldp	@Xw[1],@Xw[2],[$ctx]
+	eor	$t0,$d,$b
+	ror	$t2,$a,#27
+	add	$d,$d,$K		// future e+=K
+	eor	$t0,$t0,$c
+	add	$e,$e,$t2		// e+=rot(a,5)
+	ror	$b,$b,#2
+	add	$d,$d,@Xw[($i+1)&15]	// future e+=X[i]
+	add	$e,$e,$t0		// e+=F(b,c,d)
+___
+$code.=<<___ if ($i==79);
+	ldp	@Xw[3],@Xw[4],[$ctx,#8]
+	eor	$t0,$d,$b
+	ror	$t2,$a,#27
+	eor	$t0,$t0,$c
+	add	$e,$e,$t2		// e+=rot(a,5)
+	ror	$b,$b,#2
+	ldr	@Xw[5],[$ctx,#16]
+	add	$e,$e,$t0		// e+=F(b,c,d)
+___
+}
+
+$code.=<<___;
+#include "arm_arch.h"
+
+.text
+
+.extern	OPENSSL_armcap_P
+.globl	sha1_block_data_order
+.type	sha1_block_data_order,%function
+.align	6
+sha1_block_data_order:
+#ifdef	__ILP32__
+	ldrsw	x16,.LOPENSSL_armcap_P
+#else
+	ldr	x16,.LOPENSSL_armcap_P
+#endif
+	adr	x17,.LOPENSSL_armcap_P
+	add	x16,x16,x17
+	ldr	w16,[x16]
+	tst	w16,#ARMV8_SHA1
+	b.ne	.Lv8_entry
+
+	stp	x29,x30,[sp,#-96]!
+	add	x29,sp,#0
+	stp	x19,x20,[sp,#16]
+	stp	x21,x22,[sp,#32]
+	stp	x23,x24,[sp,#48]
+	stp	x25,x26,[sp,#64]
+	stp	x27,x28,[sp,#80]
+
+	ldp	$A,$B,[$ctx]
+	ldp	$C,$D,[$ctx,#8]
+	ldr	$E,[$ctx,#16]
+
+.Loop:
+	ldr	@Xx[0],[$inp],#64
+	movz	$K,#0x7999
+	sub	$num,$num,#1
+	movk	$K,#0x5a82,lsl#16
+#ifdef	__ARMEB__
+	ror	$Xx[0],@Xx[0],#32
+#else
+	rev32	@Xx[0],@Xx[0]
+#endif
+	add	$E,$E,$K		// warm it up
+	add	$E,$E,@Xw[0]
+___
+for($i=0;$i<20;$i++)	{ &BODY_00_19($i,@V); unshift(@V,pop(@V)); }
+for(;$i<40;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+for(;$i<60;$i++)	{ &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
+for(;$i<80;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	add	$B,$B,@Xw[2]
+	add	$C,$C,@Xw[3]
+	add	$A,$A,@Xw[1]
+	add	$D,$D,@Xw[4]
+	add	$E,$E,@Xw[5]
+	stp	$A,$B,[$ctx]
+	stp	$C,$D,[$ctx,#8]
+	str	$E,[$ctx,#16]
+	cbnz	$num,.Loop
+
+	ldp	x19,x20,[sp,#16]
+	ldp	x21,x22,[sp,#32]
+	ldp	x23,x24,[sp,#48]
+	ldp	x25,x26,[sp,#64]
+	ldp	x27,x28,[sp,#80]
+	ldr	x29,[sp],#96
+	ret
+.size	sha1_block_data_order,.-sha1_block_data_order
+___
+{{{
+my ($ABCD,$E,$E0,$E1)=map("v$_.16b",(0..3));
+my @MSG=map("v$_.16b",(4..7));
+my @Kxx=map("v$_.4s",(16..19));
+my ($W0,$W1)=("v20.4s","v21.4s");
+my $ABCD_SAVE="v22.16b";
+
+$code.=<<___;
+.type	sha1_block_armv8,%function
+.align	6
+sha1_block_armv8:
+.Lv8_entry:
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+
+	adr	x4,.Lconst
+	eor	$E,$E,$E
+	ld1.32	{$ABCD},[$ctx],#16
+	ld1.32	{$E}[0],[$ctx]
+	sub	$ctx,$ctx,#16
+	ld1.32	{@Kxx[0]-@Kxx[3]},[x4]
+
+.Loop_hw:
+	ld1	{@MSG[0]-@MSG[3]},[$inp],#64
+	sub	$num,$num,#1
+	rev32	@MSG[0],@MSG[0]
+	rev32	@MSG[1],@MSG[1]
+
+	add.i32	$W0,@Kxx[0],@MSG[0]
+	rev32	@MSG[2],@MSG[2]
+	orr	$ABCD_SAVE,$ABCD,$ABCD	// offload
+
+	add.i32	$W1,@Kxx[0],@MSG[1]
+	rev32	@MSG[3],@MSG[3]
+	sha1h	$E1,$ABCD
+	sha1c	$ABCD,$E,$W0		// 0
+	add.i32	$W0,@Kxx[$j],@MSG[2]
+	sha1su0	@MSG[0],@MSG[1],@MSG[2]
+___
+for ($j=0,$i=1;$i<20-3;$i++) {
+my $f=("c","p","m","p")[$i/5];
+$code.=<<___;
+	sha1h	$E0,$ABCD		// $i
+	sha1$f	$ABCD,$E1,$W1
+	add.i32	$W1,@Kxx[$j],@MSG[3]
+	sha1su1	@MSG[0],@MSG[3]
+___
+$code.=<<___ if ($i<20-4);
+	sha1su0	@MSG[1],@MSG[2],@MSG[3]
+___
+	($E0,$E1)=($E1,$E0);		($W0,$W1)=($W1,$W0);
+	push(@MSG,shift(@MSG));		$j++ if ((($i+3)%5)==0);
+}
+$code.=<<___;
+	sha1h	$E0,$ABCD		// $i
+	sha1p	$ABCD,$E1,$W1
+	add.i32	$W1,@Kxx[$j],@MSG[3]
+
+	sha1h	$E1,$ABCD		// 18
+	sha1p	$ABCD,$E0,$W0
+
+	sha1h	$E0,$ABCD		// 19
+	sha1p	$ABCD,$E1,$W1
+
+	add.i32	$E,$E,$E0
+	add.i32	$ABCD,$ABCD,$ABCD_SAVE
+
+	cbnz	$num,.Loop_hw
+
+	st1.32	{$ABCD},[$ctx],#16
+	st1.32	{$E}[0],[$ctx]
+
+	ldr	x29,[sp],#16
+	ret
+.size	sha1_block_armv8,.-sha1_block_armv8
+.align	6
+.Lconst:
+.long	0x5a827999,0x5a827999,0x5a827999,0x5a827999	//K_00_19
+.long	0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1	//K_20_39
+.long	0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc	//K_40_59
+.long	0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6	//K_60_79
+.LOPENSSL_armcap_P:
+#ifdef	__ILP32__
+.long	OPENSSL_armcap_P-.
+#else
+.quad	OPENSSL_armcap_P-.
+#endif
+.asciz	"SHA1 block transform for ARMv8, CRYPTOGAMS by <appro\@openssl.org>"
+.align	2
+.comm	OPENSSL_armcap_P,4,4
+___
+}}}
+
+{   my	%opcode = (
+	"sha1c"		=> 0x5e000000,	"sha1p"		=> 0x5e001000,
+	"sha1m"		=> 0x5e002000,	"sha1su0"	=> 0x5e003000,
+	"sha1h"		=> 0x5e280800,	"sha1su1"	=> 0x5e281800	);
+
+    sub unsha1 {
+	my ($mnemonic,$arg)=@_;
+
+	$arg =~ m/[qv]([0-9]+)[^,]*,\s*[qv]([0-9]+)[^,]*(?:,\s*[qv]([0-9]+))?/o
+	&&
+	sprintf ".inst\t0x%08x\t//%s %s",
+			$opcode{$mnemonic}|$1|($2<<5)|($3<<16),
+			$mnemonic,$arg;
+    }
+}
+
+foreach(split("\n",$code)) {
+
+	s/\`([^\`]*)\`/eval($1)/geo;
+
+	s/\b(sha1\w+)\s+([qv].*)/unsha1($1,$2)/geo;
+
+	s/\.\w?32\b//o		and s/\.16b/\.4s/go;
+	m/(ld|st)1[^\[]+\[0\]/o	and s/\.4s/\.s/go;
+
+	print $_,"\n";
+}
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-c64xplus.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-c64xplus.pl
new file mode 100644
index 000000000..4db2bcb06
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-c64xplus.pl
@@ -0,0 +1,337 @@
+#! /usr/bin/env perl
+# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# SHA1 for C64x+.
+#
+# November 2011
+#
+# If compared to compiler-generated code with similar characteristics,
+# i.e. compiled with OPENSSL_SMALL_FOOTPRINT and utilizing SPLOOPs,
+# this implementation is 25% smaller and >2x faster. In absolute terms
+# performance is (quite impressive) ~6.5 cycles per processed byte.
+# Fully unrolled assembler would be ~5x larger and is likely to be
+# ~15% faster. It would be free from references to intermediate ring
+# buffer, but put more pressure on L1P [both because the code would be
+# larger and won't be using SPLOOP buffer]. There are no plans to
+# realize fully unrolled variant though...
+#
+# !!! Note that this module uses AMR, which means that all interrupt
+# service routines are expected to preserve it and for own well-being
+# zero it upon entry.
+
+while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+open STDOUT,">$output";
+
+($CTX,$INP,$NUM) = ("A4","B4","A6");		# arguments
+
+($A,$B,$C,$D,$E, $Arot,$F,$F0,$T,$K) = map("A$_",(16..20, 21..25));
+($X0,$X2,$X8,$X13) = ("A26","B26","A27","B27");
+($TX0,$TX1,$TX2,$TX3) = map("B$_",(28..31));
+($XPA,$XPB) = ("A5","B5");			# X circular buffer
+($Actx,$Bctx,$Cctx,$Dctx,$Ectx) = map("A$_",(3,6..9));	# zaps $NUM
+
+$code=<<___;
+	.text
+
+	.if	.ASSEMBLER_VERSION<7000000
+	.asg	0,__TI_EABI__
+	.endif
+	.if	__TI_EABI__
+	.asg	sha1_block_data_order,_sha1_block_data_order
+	.endif
+
+	.asg	B3,RA
+	.asg	A15,FP
+	.asg	B15,SP
+
+	.if	.BIG_ENDIAN
+	.asg	MV,SWAP2
+	.asg	MV,SWAP4
+	.endif
+
+	.global	_sha1_block_data_order
+_sha1_block_data_order:
+	.asmfunc stack_usage(64)
+	MV	$NUM,A0			; reassign $NUM
+||	MVK	-64,B0
+  [!A0]	BNOP	RA			; if ($NUM==0) return;
+|| [A0]	STW	FP,*SP--[16]		; save frame pointer and alloca(64)
+|| [A0]	MV	SP,FP
+   [A0]	LDW	*${CTX}[0],$A		; load A-E...
+|| [A0]	AND	B0,SP,SP		; align stack at 64 bytes
+   [A0]	LDW	*${CTX}[1],$B
+|| [A0]	SUBAW	SP,2,SP			; reserve two words above buffer
+   [A0]	LDW	*${CTX}[2],$C
+|| [A0]	MVK	0x00404,B0
+   [A0]	LDW	*${CTX}[3],$D
+|| [A0]	MVKH	0x50000,B0		; 0x050404, 64 bytes for $XP[AB]
+   [A0]	LDW	*${CTX}[4],$E
+|| [A0]	MVC	B0,AMR			; setup circular addressing
+	LDNW	*${INP}++,$TX1		; pre-fetch input
+	NOP	1
+
+loop?:
+	MVK	0x00007999,$K
+||	ADDAW	SP,2,$XPA
+||	SUB	A0,1,A0
+||	MVK	13,B0
+	MVKH	0x5a820000,$K		; K_00_19
+||	ADDAW	SP,2,$XPB
+||	MV	$A,$Actx
+||	MV	$B,$Bctx
+;;==================================================
+	SPLOOPD	5			; BODY_00_13
+||	MV	$C,$Cctx
+||	MV	$D,$Dctx
+||	MV	$E,$Ectx
+||	MVC	B0,ILC
+
+	ROTL	$A,5,$Arot
+||	AND	$C,$B,$F
+||	ANDN	$D,$B,$F0
+||	ADD	$K,$E,$T		; T=E+K
+
+	XOR	$F0,$F,$F		; F_00_19(B,C,D)
+||	MV	$D,$E			; E=D
+||	MV	$C,$D			; D=C
+||	SWAP2	$TX1,$TX2
+||	LDNW	*${INP}++,$TX1
+
+	ADD	$F,$T,$T		; T+=F_00_19(B,C,D)
+||	ROTL	$B,30,$C		; C=ROL(B,30)
+||	SWAP4	$TX2,$TX3		; byte swap
+
+	ADD	$Arot,$T,$T		; T+=ROL(A,5)
+||	MV	$A,$B			; B=A
+
+	ADD	$TX3,$T,$A		; A=T+Xi
+||	STW	$TX3,*${XPB}++
+	SPKERNEL
+;;==================================================
+	ROTL	$A,5,$Arot		; BODY_14
+||	AND	$C,$B,$F
+||	ANDN	$D,$B,$F0
+||	ADD	$K,$E,$T		; T=E+K
+
+	XOR	$F0,$F,$F		; F_00_19(B,C,D)
+||	MV	$D,$E			; E=D
+||	MV	$C,$D			; D=C
+||	SWAP2	$TX1,$TX2
+||	LDNW	*${INP}++,$TX1
+
+	ADD	$F,$T,$T		; T+=F_00_19(B,C,D)
+||	ROTL	$B,30,$C		; C=ROL(B,30)
+||	SWAP4	$TX2,$TX2		; byte swap
+||	LDW	*${XPA}++,$X0		; fetches from X ring buffer are
+||	LDW	*${XPB}[4],$X2		; 2 iterations ahead
+
+	ADD	$Arot,$T,$T		; T+=ROL(A,5)
+||	MV	$A,$B			; B=A
+||	LDW	*${XPA}[7],$X8
+||	MV	$TX3,$X13		; ||	LDW	*${XPB}[15],$X13
+||	MV	$TX2,$TX3
+
+	ADD	$TX2,$T,$A		; A=T+Xi
+||	STW	$TX2,*${XPB}++
+;;==================================================
+	ROTL	$A,5,$Arot		; BODY_15
+||	AND	$C,$B,$F
+||	ANDN	$D,$B,$F0
+||	ADD	$K,$E,$T		; T=E+K
+
+	XOR	$F0,$F,$F		; F_00_19(B,C,D)
+||	MV	$D,$E			; E=D
+||	MV	$C,$D			; D=C
+||	SWAP2	$TX1,$TX2
+
+	ADD	$F,$T,$T		; T+=F_00_19(B,C,D)
+||	ROTL	$B,30,$C		; C=ROL(B,30)
+||	SWAP4	$TX2,$TX2		; byte swap
+||	XOR	$X0,$X2,$TX0		; Xupdate XORs are 1 iteration ahead
+||	LDW	*${XPA}++,$X0
+||	LDW	*${XPB}[4],$X2
+
+	ADD	$Arot,$T,$T		; T+=ROL(A,5)
+||	MV	$A,$B			; B=A
+||	XOR	$X8,$X13,$TX1
+||	LDW	*${XPA}[7],$X8
+||	MV	$TX3,$X13		; ||	LDW	*${XPB}[15],$X13
+||	MV	$TX2,$TX3
+
+	ADD	$TX2,$T,$A		; A=T+Xi
+||	STW	$TX2,*${XPB}++
+||	XOR	$TX0,$TX1,$TX1
+||	MVK	3,B0
+;;==================================================
+	SPLOOPD	5			; BODY_16_19
+||	MVC	B0,ILC
+
+	ROTL	$A,5,$Arot
+||	AND	$C,$B,$F
+||	ANDN	$D,$B,$F0
+||	ADD	$K,$E,$T		; T=E+K
+||	ROTL	$TX1,1,$TX2		; Xupdate output
+
+	XOR	$F0,$F,$F		; F_00_19(B,C,D)
+||	MV	$D,$E			; E=D
+||	MV	$C,$D			; D=C
+
+	ADD	$F,$T,$T		; T+=F_00_19(B,C,D)
+||	ROTL	$B,30,$C		; C=ROL(B,30)
+||	XOR	$X0,$X2,$TX0
+||	LDW	*${XPA}++,$X0
+||	LDW	*${XPB}[4],$X2
+
+	ADD	$Arot,$T,$T		; T+=ROL(A,5)
+||	MV	$A,$B			; B=A
+||	XOR	$X8,$X13,$TX1
+||	LDW	*${XPA}[7],$X8
+||	MV	$TX3,$X13		; ||	LDW	*${XPB}[15],$X13
+||	MV	$TX2,$TX3
+
+	ADD	$TX2,$T,$A		; A=T+Xi
+||	STW	$TX2,*${XPB}++
+||	XOR	$TX0,$TX1,$TX1
+	SPKERNEL
+
+	MVK	0xffffeba1,$K
+||	MVK	19,B0
+	MVKH	0x6ed90000,$K		; K_20_39
+___
+sub BODY_20_39 {
+$code.=<<___;
+;;==================================================
+	SPLOOPD	5			; BODY_20_39
+||	MVC	B0,ILC
+
+	ROTL	$A,5,$Arot
+||	XOR	$B,$C,$F
+||	ADD	$K,$E,$T		; T=E+K
+||	ROTL	$TX1,1,$TX2		; Xupdate output
+
+	XOR	$D,$F,$F		; F_20_39(B,C,D)
+||	MV	$D,$E			; E=D
+||	MV	$C,$D			; D=C
+
+	ADD	$F,$T,$T		; T+=F_20_39(B,C,D)
+||	ROTL	$B,30,$C		; C=ROL(B,30)
+||	XOR	$X0,$X2,$TX0
+||	LDW	*${XPA}++,$X0
+||	LDW	*${XPB}[4],$X2
+
+	ADD	$Arot,$T,$T		; T+=ROL(A,5)
+||	MV	$A,$B			; B=A
+||	XOR	$X8,$X13,$TX1
+||	LDW	*${XPA}[7],$X8
+||	MV	$TX3,$X13		; ||	LDW	*${XPB}[15],$X13
+||	MV	$TX2,$TX3
+
+	ADD	$TX2,$T,$A		; A=T+Xi
+||	STW	$TX2,*${XPB}++		; last one is redundant
+||	XOR	$TX0,$TX1,$TX1
+	SPKERNEL
+___
+$code.=<<___ if (!shift);
+	MVK	0xffffbcdc,$K
+	MVKH	0x8f1b0000,$K		; K_40_59
+___
+}	&BODY_20_39();
+$code.=<<___;
+;;==================================================
+	SPLOOPD	5			; BODY_40_59
+||	MVC	B0,ILC
+||	AND	$B,$C,$F
+||	AND	$B,$D,$F0
+
+	ROTL	$A,5,$Arot
+||	XOR	$F0,$F,$F
+||	AND	$C,$D,$F0
+||	ADD	$K,$E,$T		; T=E+K
+||	ROTL	$TX1,1,$TX2		; Xupdate output
+
+	XOR	$F0,$F,$F		; F_40_59(B,C,D)
+||	MV	$D,$E			; E=D
+||	MV	$C,$D			; D=C
+
+	ADD	$F,$T,$T		; T+=F_40_59(B,C,D)
+||	ROTL	$B,30,$C		; C=ROL(B,30)
+||	XOR	$X0,$X2,$TX0
+||	LDW	*${XPA}++,$X0
+||	LDW	*${XPB}[4],$X2
+
+	ADD	$Arot,$T,$T		; T+=ROL(A,5)
+||	MV	$A,$B			; B=A
+||	XOR	$X8,$X13,$TX1
+||	LDW	*${XPA}[7],$X8
+||	MV	$TX3,$X13		; ||	LDW	*${XPB}[15],$X13
+||	MV	$TX2,$TX3
+
+	ADD	$TX2,$T,$A		; A=T+Xi
+||	STW	$TX2,*${XPB}++
+||	XOR	$TX0,$TX1,$TX1
+||	AND	$B,$C,$F
+||	AND	$B,$D,$F0
+	SPKERNEL
+
+	MVK	0xffffc1d6,$K
+||	MVK	18,B0
+	MVKH	0xca620000,$K		; K_60_79
+___
+	&BODY_20_39(-1);		# BODY_60_78
+$code.=<<___;
+;;==================================================
+   [A0]	B	loop?
+||	ROTL	$A,5,$Arot		; BODY_79
+||	XOR	$B,$C,$F
+||	ROTL	$TX1,1,$TX2		; Xupdate output
+
+   [A0]	LDNW	*${INP}++,$TX1		; pre-fetch input
+||	ADD	$K,$E,$T		; T=E+K
+||	XOR	$D,$F,$F		; F_20_39(B,C,D)
+
+	ADD	$F,$T,$T		; T+=F_20_39(B,C,D)
+||	ADD	$Ectx,$D,$E		; E=D,E+=Ectx
+||	ADD	$Dctx,$C,$D		; D=C,D+=Dctx
+||	ROTL	$B,30,$C		; C=ROL(B,30)
+
+	ADD	$Arot,$T,$T		; T+=ROL(A,5)
+||	ADD	$Bctx,$A,$B		; B=A,B+=Bctx
+
+	ADD	$TX2,$T,$A		; A=T+Xi
+
+	ADD	$Actx,$A,$A		; A+=Actx
+||	ADD	$Cctx,$C,$C		; C+=Cctx
+;; end of loop?
+
+	BNOP	RA			; return
+||	MV	FP,SP			; restore stack pointer
+||	LDW	*FP[0],FP		; restore frame pointer
+	STW	$A,*${CTX}[0]		; emit A-E...
+||	MVK	0,B0
+	STW	$B,*${CTX}[1]
+||	MVC	B0,AMR			; clear AMR
+	STW	$C,*${CTX}[2]
+	STW	$D,*${CTX}[3]
+	STW	$E,*${CTX}[4]
+	.endasmfunc
+
+	.sect	.const
+	.cstring "SHA1 block transform for C64x+, CRYPTOGAMS by <appro\@openssl.org>"
+	.align	4
+___
+
+print $code;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-ia64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-ia64.pl
new file mode 100644
index 000000000..bf1d2ebeb
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-ia64.pl
@@ -0,0 +1,314 @@
+#! /usr/bin/env perl
+# Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# Eternal question is what's wrong with compiler generated code? The
+# trick is that it's possible to reduce the number of shifts required
+# to perform rotations by maintaining copy of 32-bit value in upper
+# bits of 64-bit register. Just follow mux2 and shrp instructions...
+# Performance under big-endian OS such as HP-UX is 179MBps*1GHz, which
+# is >50% better than HP C and >2x better than gcc.
+
+$output = pop;
+
+$code=<<___;
+.ident  \"sha1-ia64.s, version 1.3\"
+.ident  \"IA-64 ISA artwork by Andy Polyakov <appro\@fy.chalmers.se>\"
+.explicit
+
+___
+
+
+if ($^O eq "hpux") {
+    $ADDP="addp4";
+    for (@ARGV) { $ADDP="add" if (/[\+DD|\-mlp]64/); }
+} else { $ADDP="add"; }
+
+#$human=1;
+if ($human) {	# useful for visual code auditing...
+	($A,$B,$C,$D,$E)   = ("A","B","C","D","E");
+	($h0,$h1,$h2,$h3,$h4) = ("h0","h1","h2","h3","h4");
+	($K_00_19, $K_20_39, $K_40_59, $K_60_79) =
+	    (	"K_00_19","K_20_39","K_40_59","K_60_79"	);
+	@X= (	"X0", "X1", "X2", "X3", "X4", "X5", "X6", "X7",
+		"X8", "X9","X10","X11","X12","X13","X14","X15"	);
+}
+else {
+	($A,$B,$C,$D,$E)   =    ("loc0","loc1","loc2","loc3","loc4");
+	($h0,$h1,$h2,$h3,$h4) = ("loc5","loc6","loc7","loc8","loc9");
+	($K_00_19, $K_20_39, $K_40_59, $K_60_79) =
+	    (	"r14", "r15", "loc10", "loc11"	);
+	@X= (	"r16", "r17", "r18", "r19", "r20", "r21", "r22", "r23",
+		"r24", "r25", "r26", "r27", "r28", "r29", "r30", "r31"	);
+}
+
+sub BODY_00_15 {
+local	*code=shift;
+my	($i,$a,$b,$c,$d,$e)=@_;
+my	$j=$i+1;
+my	$Xn=@X[$j%16];
+
+$code.=<<___ if ($i==0);
+{ .mmi;	ld1	$X[$i]=[inp],2		    // MSB
+	ld1	tmp2=[tmp3],2		};;
+{ .mmi;	ld1	tmp0=[inp],2
+	ld1	tmp4=[tmp3],2		    // LSB
+	dep	$X[$i]=$X[$i],tmp2,8,8	};;
+___
+if ($i<15) {
+	$code.=<<___;
+{ .mmi;	ld1	$Xn=[inp],2		    // forward Xload
+	nop.m	0x0
+	dep	tmp1=tmp0,tmp4,8,8	};;
+{ .mmi;	ld1	tmp2=[tmp3],2		    // forward Xload
+	and	tmp4=$c,$b
+	dep	$X[$i]=$X[$i],tmp1,16,16} //;;
+{ .mmi;	add	$e=$e,$K_00_19		    // e+=K_00_19
+	andcm	tmp1=$d,$b
+	dep.z	tmp5=$a,5,27		};; // a<<5
+{ .mmi;	add	$e=$e,$X[$i]		    // e+=Xload
+	or	tmp4=tmp4,tmp1		    // F_00_19(b,c,d)=(b&c)|(~b&d)
+	extr.u	tmp1=$a,27,5		};; // a>>27
+{ .mmi;	ld1	tmp0=[inp],2		    // forward Xload
+	add	$e=$e,tmp4		    // e+=F_00_19(b,c,d)
+	shrp	$b=tmp6,tmp6,2		}   // b=ROTATE(b,30)
+{ .mmi;	ld1	tmp4=[tmp3],2		    // forward Xload
+	or	tmp5=tmp1,tmp5		    // ROTATE(a,5)
+	mux2	tmp6=$a,0x44		};; // see b in next iteration
+{ .mii;	add	$e=$e,tmp5		    // e+=ROTATE(a,5)
+	dep	$Xn=$Xn,tmp2,8,8	    // forward Xload
+	mux2	$X[$i]=$X[$i],0x44	} //;;
+
+___
+	}
+else	{
+	$code.=<<___;
+{ .mii;	and	tmp3=$c,$b
+	dep	tmp1=tmp0,tmp4,8,8;;
+	dep	$X[$i]=$X[$i],tmp1,16,16} //;;
+{ .mmi;	add	$e=$e,$K_00_19		    // e+=K_00_19
+	andcm	tmp1=$d,$b
+	dep.z	tmp5=$a,5,27		};; // a<<5
+{ .mmi;	add	$e=$e,$X[$i]		    // e+=Xupdate
+	or	tmp4=tmp3,tmp1		    // F_00_19(b,c,d)=(b&c)|(~b&d)
+	extr.u	tmp1=$a,27,5		}   // a>>27
+{ .mmi;	xor	$Xn=$Xn,$X[($j+2)%16]	    // forward Xupdate
+	xor	tmp3=$X[($j+8)%16],$X[($j+13)%16] // forward Xupdate
+	nop.i	0			};;
+{ .mmi;	add	$e=$e,tmp4		    // e+=F_00_19(b,c,d)
+	xor	$Xn=$Xn,tmp3		    // forward Xupdate
+	shrp	$b=tmp6,tmp6,2		}   // b=ROTATE(b,30)
+{ .mmi; or	tmp1=tmp1,tmp5		    // ROTATE(a,5)
+	mux2	tmp6=$a,0x44		};; // see b in next iteration
+{ .mii;	add	$e=$e,tmp1		    // e+=ROTATE(a,5)
+	shrp	$Xn=$Xn,$Xn,31		    // ROTATE(x[0]^x[2]^x[8]^x[13],1)
+	mux2	$X[$i]=$X[$i],0x44	};;
+
+___
+	}
+}
+
+sub BODY_16_19 {
+local	*code=shift;
+my	($i,$a,$b,$c,$d,$e)=@_;
+my	$j=$i+1;
+my	$Xn=@X[$j%16];
+
+$code.=<<___;
+{ .mib;	add	$e=$e,$K_00_19		    // e+=K_00_19
+	dep.z	tmp5=$a,5,27		}   // a<<5
+{ .mib;	andcm	tmp1=$d,$b
+	and	tmp0=$c,$b		};;
+{ .mmi;	add	$e=$e,$X[$i%16]		    // e+=Xupdate
+	or	tmp0=tmp0,tmp1		    // F_00_19(b,c,d)=(b&c)|(~b&d)
+	extr.u	tmp1=$a,27,5		}   // a>>27
+{ .mmi;	xor	$Xn=$Xn,$X[($j+2)%16]	    // forward Xupdate
+	xor	tmp3=$X[($j+8)%16],$X[($j+13)%16]	// forward Xupdate
+	nop.i	0			};;
+{ .mmi;	add	$e=$e,tmp0		    // f+=F_00_19(b,c,d)
+	xor	$Xn=$Xn,tmp3		    // forward Xupdate
+	shrp	$b=tmp6,tmp6,2		}   // b=ROTATE(b,30)
+{ .mmi;	or	tmp1=tmp1,tmp5		    // ROTATE(a,5)
+	mux2	tmp6=$a,0x44		};; // see b in next iteration
+{ .mii;	add	$e=$e,tmp1		    // e+=ROTATE(a,5)
+	shrp	$Xn=$Xn,$Xn,31		    // ROTATE(x[0]^x[2]^x[8]^x[13],1)
+	nop.i	0			};;
+
+___
+}
+
+sub BODY_20_39 {
+local	*code=shift;
+my	($i,$a,$b,$c,$d,$e,$Konst)=@_;
+	$Konst = $K_20_39 if (!defined($Konst));
+my	$j=$i+1;
+my	$Xn=@X[$j%16];
+
+if ($i<79) {
+$code.=<<___;
+{ .mib;	add	$e=$e,$Konst		    // e+=K_XX_XX
+	dep.z	tmp5=$a,5,27		}   // a<<5
+{ .mib;	xor	tmp0=$c,$b
+	xor	$Xn=$Xn,$X[($j+2)%16]	};; // forward Xupdate
+{ .mib;	add	$e=$e,$X[$i%16]		    // e+=Xupdate
+	extr.u	tmp1=$a,27,5		}   // a>>27
+{ .mib;	xor	tmp0=tmp0,$d		    // F_20_39(b,c,d)=b^c^d
+	xor	$Xn=$Xn,$X[($j+8)%16]	};; // forward Xupdate
+{ .mmi;	add	$e=$e,tmp0		    // e+=F_20_39(b,c,d)
+	xor	$Xn=$Xn,$X[($j+13)%16]	    // forward Xupdate
+	shrp	$b=tmp6,tmp6,2		}   // b=ROTATE(b,30)
+{ .mmi;	or	tmp1=tmp1,tmp5		    // ROTATE(a,5)
+	mux2	tmp6=$a,0x44		};; // see b in next iteration
+{ .mii;	add	$e=$e,tmp1		    // e+=ROTATE(a,5)
+	shrp	$Xn=$Xn,$Xn,31		    // ROTATE(x[0]^x[2]^x[8]^x[13],1)
+	nop.i	0			};;
+
+___
+}
+else {
+$code.=<<___;
+{ .mib;	add	$e=$e,$Konst		    // e+=K_60_79
+	dep.z	tmp5=$a,5,27		}   // a<<5
+{ .mib;	xor	tmp0=$c,$b
+	add	$h1=$h1,$a		};; // wrap up
+{ .mib;	add	$e=$e,$X[$i%16]		    // e+=Xupdate
+	extr.u	tmp1=$a,27,5		}   // a>>27
+{ .mib;	xor	tmp0=tmp0,$d		    // F_20_39(b,c,d)=b^c^d
+	add	$h3=$h3,$c		};; // wrap up
+{ .mmi;	add	$e=$e,tmp0		    // e+=F_20_39(b,c,d)
+	or	tmp1=tmp1,tmp5		    // ROTATE(a,5)
+	shrp	$b=tmp6,tmp6,2		};; // b=ROTATE(b,30) ;;?
+{ .mmi;	add	$e=$e,tmp1		    // e+=ROTATE(a,5)
+	add	tmp3=1,inp		    // used in unaligned codepath
+	add	$h4=$h4,$d		};; // wrap up
+
+___
+}
+}
+
+sub BODY_40_59 {
+local	*code=shift;
+my	($i,$a,$b,$c,$d,$e)=@_;
+my	$j=$i+1;
+my	$Xn=@X[$j%16];
+
+$code.=<<___;
+{ .mib;	add	$e=$e,$K_40_59		    // e+=K_40_59
+	dep.z	tmp5=$a,5,27		}   // a<<5
+{ .mib;	and	tmp1=$c,$d
+	xor	tmp0=$c,$d		};;
+{ .mmi;	add	$e=$e,$X[$i%16]		    // e+=Xupdate
+	add	tmp5=tmp5,tmp1		    // a<<5+(c&d)
+	extr.u	tmp1=$a,27,5		}   // a>>27
+{ .mmi;	and	tmp0=tmp0,$b
+	xor	$Xn=$Xn,$X[($j+2)%16]	    // forward Xupdate
+	xor	tmp3=$X[($j+8)%16],$X[($j+13)%16] };;	// forward Xupdate
+{ .mmi;	add	$e=$e,tmp0		    // e+=b&(c^d)
+	add	tmp5=tmp5,tmp1		    // ROTATE(a,5)+(c&d)
+	shrp	$b=tmp6,tmp6,2		}   // b=ROTATE(b,30)
+{ .mmi;	xor	$Xn=$Xn,tmp3
+	mux2	tmp6=$a,0x44		};; // see b in next iteration
+{ .mii;	add	$e=$e,tmp5		    // e+=ROTATE(a,5)+(c&d)
+	shrp	$Xn=$Xn,$Xn,31		    // ROTATE(x[0]^x[2]^x[8]^x[13],1)
+	nop.i	0x0			};;
+
+___
+}
+sub BODY_60_79	{ &BODY_20_39(@_,$K_60_79); }
+
+$code.=<<___;
+.text
+
+tmp0=r8;
+tmp1=r9;
+tmp2=r10;
+tmp3=r11;
+ctx=r32;	// in0
+inp=r33;	// in1
+
+// void sha1_block_data_order(SHA_CTX *c,const void *p,size_t num);
+.global	sha1_block_data_order#
+.proc	sha1_block_data_order#
+.align	32
+sha1_block_data_order:
+	.prologue
+{ .mmi;	alloc	tmp1=ar.pfs,3,14,0,0
+	$ADDP	tmp0=4,ctx
+	.save	ar.lc,r3
+	mov	r3=ar.lc		}
+{ .mmi;	$ADDP	ctx=0,ctx
+	$ADDP	inp=0,inp
+	mov	r2=pr			};;
+tmp4=in2;
+tmp5=loc12;
+tmp6=loc13;
+	.body
+{ .mlx;	ld4	$h0=[ctx],8
+	movl	$K_00_19=0x5a827999	}
+{ .mlx;	ld4	$h1=[tmp0],8
+	movl	$K_20_39=0x6ed9eba1	};;
+{ .mlx;	ld4	$h2=[ctx],8
+	movl	$K_40_59=0x8f1bbcdc	}
+{ .mlx;	ld4	$h3=[tmp0]
+	movl	$K_60_79=0xca62c1d6	};;
+{ .mmi;	ld4	$h4=[ctx],-16
+	add	in2=-1,in2		    // adjust num for ar.lc
+	mov	ar.ec=1			};;
+{ .mmi;	nop.m	0
+	add	tmp3=1,inp
+	mov	ar.lc=in2		};; // brp.loop.imp: too far
+
+.Ldtop:
+{ .mmi;	mov	$A=$h0
+	mov	$B=$h1
+	mux2	tmp6=$h1,0x44		}
+{ .mmi;	mov	$C=$h2
+	mov	$D=$h3
+	mov	$E=$h4			};;
+
+___
+
+{ my $i;
+  my @V=($A,$B,$C,$D,$E);
+
+	for($i=0;$i<16;$i++)	{ &BODY_00_15(\$code,$i,@V); unshift(@V,pop(@V)); }
+	for(;$i<20;$i++)	{ &BODY_16_19(\$code,$i,@V); unshift(@V,pop(@V)); }
+	for(;$i<40;$i++)	{ &BODY_20_39(\$code,$i,@V); unshift(@V,pop(@V)); }
+	for(;$i<60;$i++)	{ &BODY_40_59(\$code,$i,@V); unshift(@V,pop(@V)); }
+	for(;$i<80;$i++)	{ &BODY_60_79(\$code,$i,@V); unshift(@V,pop(@V)); }
+
+	(($V[0] eq $A) and ($V[4] eq $E)) or die;	# double-check
+}
+
+$code.=<<___;
+{ .mmb;	add	$h0=$h0,$A
+	add	$h2=$h2,$C
+	br.ctop.dptk.many	.Ldtop	};;
+.Ldend:
+{ .mmi;	add	tmp0=4,ctx
+	mov	ar.lc=r3		};;
+{ .mmi;	st4	[ctx]=$h0,8
+	st4	[tmp0]=$h1,8		};;
+{ .mmi;	st4	[ctx]=$h2,8
+	st4	[tmp0]=$h3		};;
+{ .mib;	st4	[ctx]=$h4,-16
+	mov	pr=r2,0x1ffff
+	br.ret.sptk.many	b0	};;
+.endp	sha1_block_data_order#
+stringz	"SHA1 block transform for IA64, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+open STDOUT,">$output" if $output;
+print $code;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-mb-x86_64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-mb-x86_64.pl
new file mode 100644
index 000000000..443b64983
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-mb-x86_64.pl
@@ -0,0 +1,1628 @@
+#! /usr/bin/env perl
+# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# Multi-buffer SHA1 procedure processes n buffers in parallel by
+# placing buffer data to designated lane of SIMD register. n is
+# naturally limited to 4 on pre-AVX2 processors and to 8 on
+# AVX2-capable processors such as Haswell.
+#
+#		this	+aesni(i)	sha1	aesni-sha1	gain(iv)
+# -------------------------------------------------------------------
+# Westmere(ii)	10.7/n	+1.28=3.96(n=4)	5.30	6.66		+68%
+# Atom(ii)	18.1/n	+3.93=8.46(n=4)	9.37	12.8		+51%
+# Sandy Bridge	(8.16	+5.15=13.3)/n	4.99	5.98		+80%
+# Ivy Bridge	(8.08	+5.14=13.2)/n	4.60	5.54		+68%
+# Haswell(iii)	(8.96	+5.00=14.0)/n	3.57	4.55		+160%
+# Skylake	(8.70	+5.00=13.7)/n	3.64	4.20		+145%
+# Bulldozer	(9.76	+5.76=15.5)/n	5.95	6.37		+64%
+#
+# (i)	multi-block CBC encrypt with 128-bit key;
+# (ii)	(HASH+AES)/n does not apply to Westmere for n>3 and Atom,
+#	because of lower AES-NI instruction throughput;
+# (iii)	"this" is for n=8, when we gather twice as much data, result
+#	for n=4 is 8.00+4.44=12.4;
+# (iv)	presented improvement coefficients are asymptotic limits and
+#	in real-life application are somewhat lower, e.g. for 2KB
+#	fragments they range from 30% to 100% (on Haswell);
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+$avx=0;
+
+if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+		=~ /GNU assembler version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.19) + ($1>=2.22);
+}
+
+if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
+	   `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.09) + ($1>=2.10);
+}
+
+if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
+	   `ml64 2>&1` =~ /Version ([0-9]+)\./) {
+	$avx = ($1>=10) + ($1>=11);
+}
+
+if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) {
+	$avx = ($2>=3.0) + ($2>3.0);
+}
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+# void sha1_multi_block (
+#     struct {	unsigned int A[8];
+#		unsigned int B[8];
+#		unsigned int C[8];
+#		unsigned int D[8];
+#		unsigned int E[8];	} *ctx,
+#     struct {	void *ptr; int blocks;	} inp[8],
+#     int num);		/* 1 or 2 */
+#
+$ctx="%rdi";	# 1st arg
+$inp="%rsi";	# 2nd arg
+$num="%edx";
+@ptr=map("%r$_",(8..11));
+$Tbl="%rbp";
+
+@V=($A,$B,$C,$D,$E)=map("%xmm$_",(0..4));
+($t0,$t1,$t2,$t3,$tx)=map("%xmm$_",(5..9));
+@Xi=map("%xmm$_",(10..14));
+$K="%xmm15";
+
+if (1) {
+    # Atom-specific optimization aiming to eliminate pshufb with high
+    # registers [and thus get rid of 48 cycles accumulated penalty]
+    @Xi=map("%xmm$_",(0..4));
+    ($tx,$t0,$t1,$t2,$t3)=map("%xmm$_",(5..9));
+    @V=($A,$B,$C,$D,$E)=map("%xmm$_",(10..14));
+}
+
+$REG_SZ=16;
+
+sub Xi_off {
+my $off = shift;
+
+    $off %= 16; $off *= $REG_SZ;
+    $off<256 ? "$off-128(%rax)" : "$off-256-128(%rbx)";
+}
+
+sub BODY_00_19 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i+1;
+my $k=$i+2;
+
+# Loads are performed 2+3/4 iterations in advance. 3/4 means that out
+# of 4 words you would expect to be loaded per given iteration one is
+# spilled to next iteration. In other words indices in four input
+# streams are distributed as following:
+#
+# $i==0:	0,0,0,0,1,1,1,1,2,2,2,
+# $i==1:	2,3,3,3,
+# $i==2:	3,4,4,4,
+# ...
+# $i==13:	14,15,15,15,
+# $i==14:	15
+#
+# Then at $i==15 Xupdate is applied one iteration in advance...
+$code.=<<___ if ($i==0);
+	movd		(@ptr[0]),@Xi[0]
+	 lea		`16*4`(@ptr[0]),@ptr[0]
+	movd		(@ptr[1]),@Xi[2]	# borrow @Xi[2]
+	 lea		`16*4`(@ptr[1]),@ptr[1]
+	movd		(@ptr[2]),@Xi[3]	# borrow @Xi[3]
+	 lea		`16*4`(@ptr[2]),@ptr[2]
+	movd		(@ptr[3]),@Xi[4]	# borrow @Xi[4]
+	 lea		`16*4`(@ptr[3]),@ptr[3]
+	punpckldq	@Xi[3],@Xi[0]
+	 movd		`4*$j-16*4`(@ptr[0]),@Xi[1]
+	punpckldq	@Xi[4],@Xi[2]
+	 movd		`4*$j-16*4`(@ptr[1]),$t3
+	punpckldq	@Xi[2],@Xi[0]
+	 movd		`4*$j-16*4`(@ptr[2]),$t2
+	pshufb		$tx,@Xi[0]
+___
+$code.=<<___ if ($i<14);			# just load input
+	 movd		`4*$j-16*4`(@ptr[3]),$t1
+	 punpckldq	$t2,@Xi[1]
+	movdqa	$a,$t2
+	paddd	$K,$e				# e+=K_00_19
+	 punpckldq	$t1,$t3
+	movdqa	$b,$t1
+	movdqa	$b,$t0
+	pslld	\$5,$t2
+	pandn	$d,$t1
+	pand	$c,$t0
+	 punpckldq	$t3,@Xi[1]
+	movdqa	$a,$t3
+
+	movdqa	@Xi[0],`&Xi_off($i)`
+	paddd	@Xi[0],$e			# e+=X[i]
+	 movd		`4*$k-16*4`(@ptr[0]),@Xi[2]
+	psrld	\$27,$t3
+	pxor	$t1,$t0				# Ch(b,c,d)
+	movdqa	$b,$t1
+
+	por	$t3,$t2				# rol(a,5)
+	 movd		`4*$k-16*4`(@ptr[1]),$t3
+	pslld	\$30,$t1
+	paddd	$t0,$e				# e+=Ch(b,c,d)
+
+	psrld	\$2,$b
+	paddd	$t2,$e				# e+=rol(a,5)
+	 pshufb	$tx,@Xi[1]
+	 movd		`4*$k-16*4`(@ptr[2]),$t2
+	por	$t1,$b				# b=rol(b,30)
+___
+$code.=<<___ if ($i==14);			# just load input
+	 movd		`4*$j-16*4`(@ptr[3]),$t1
+	 punpckldq	$t2,@Xi[1]
+	movdqa	$a,$t2
+	paddd	$K,$e				# e+=K_00_19
+	 punpckldq	$t1,$t3
+	movdqa	$b,$t1
+	movdqa	$b,$t0
+	pslld	\$5,$t2
+	 prefetcht0	63(@ptr[0])
+	pandn	$d,$t1
+	pand	$c,$t0
+	 punpckldq	$t3,@Xi[1]
+	movdqa	$a,$t3
+
+	movdqa	@Xi[0],`&Xi_off($i)`
+	paddd	@Xi[0],$e			# e+=X[i]
+	psrld	\$27,$t3
+	pxor	$t1,$t0				# Ch(b,c,d)
+	movdqa	$b,$t1
+	 prefetcht0	63(@ptr[1])
+
+	por	$t3,$t2				# rol(a,5)
+	pslld	\$30,$t1
+	paddd	$t0,$e				# e+=Ch(b,c,d)
+	 prefetcht0	63(@ptr[2])
+
+	psrld	\$2,$b
+	paddd	$t2,$e				# e+=rol(a,5)
+	 pshufb	$tx,@Xi[1]
+	 prefetcht0	63(@ptr[3])
+	por	$t1,$b				# b=rol(b,30)
+___
+$code.=<<___ if ($i>=13 && $i<15);
+	movdqa	`&Xi_off($j+2)`,@Xi[3]		# preload "X[2]"
+___
+$code.=<<___ if ($i>=15);			# apply Xupdate
+	pxor	@Xi[-2],@Xi[1]			# "X[13]"
+	movdqa	`&Xi_off($j+2)`,@Xi[3]		# "X[2]"
+
+	movdqa	$a,$t2
+	 pxor	`&Xi_off($j+8)`,@Xi[1]
+	paddd	$K,$e				# e+=K_00_19
+	movdqa	$b,$t1
+	pslld	\$5,$t2
+	 pxor	@Xi[3],@Xi[1]
+	movdqa	$b,$t0
+	pandn	$d,$t1
+	 movdqa	@Xi[1],$tx
+	pand	$c,$t0
+	movdqa	$a,$t3
+	 psrld	\$31,$tx
+	 paddd	@Xi[1],@Xi[1]
+
+	movdqa	@Xi[0],`&Xi_off($i)`
+	paddd	@Xi[0],$e			# e+=X[i]
+	psrld	\$27,$t3
+	pxor	$t1,$t0				# Ch(b,c,d)
+
+	movdqa	$b,$t1
+	por	$t3,$t2				# rol(a,5)
+	pslld	\$30,$t1
+	paddd	$t0,$e				# e+=Ch(b,c,d)
+
+	psrld	\$2,$b
+	paddd	$t2,$e				# e+=rol(a,5)
+	 por	$tx,@Xi[1]			# rol	\$1,@Xi[1]
+	por	$t1,$b				# b=rol(b,30)
+___
+push(@Xi,shift(@Xi));
+}
+
+sub BODY_20_39 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i+1;
+
+$code.=<<___ if ($i<79);
+	pxor	@Xi[-2],@Xi[1]			# "X[13]"
+	movdqa	`&Xi_off($j+2)`,@Xi[3]		# "X[2]"
+
+	movdqa	$a,$t2
+	movdqa	$d,$t0
+	 pxor	`&Xi_off($j+8)`,@Xi[1]
+	paddd	$K,$e				# e+=K_20_39
+	pslld	\$5,$t2
+	pxor	$b,$t0
+
+	movdqa	$a,$t3
+___
+$code.=<<___ if ($i<72);
+	movdqa	@Xi[0],`&Xi_off($i)`
+___
+$code.=<<___ if ($i<79);
+	paddd	@Xi[0],$e			# e+=X[i]
+	 pxor	@Xi[3],@Xi[1]
+	psrld	\$27,$t3
+	pxor	$c,$t0				# Parity(b,c,d)
+	movdqa	$b,$t1
+
+	pslld	\$30,$t1
+	 movdqa	@Xi[1],$tx
+	por	$t3,$t2				# rol(a,5)
+	 psrld	\$31,$tx
+	paddd	$t0,$e				# e+=Parity(b,c,d)
+	 paddd	@Xi[1],@Xi[1]
+
+	psrld	\$2,$b
+	paddd	$t2,$e				# e+=rol(a,5)
+	 por	$tx,@Xi[1]			# rol(@Xi[1],1)
+	por	$t1,$b				# b=rol(b,30)
+___
+$code.=<<___ if ($i==79);
+	movdqa	$a,$t2
+	paddd	$K,$e				# e+=K_20_39
+	movdqa	$d,$t0
+	pslld	\$5,$t2
+	pxor	$b,$t0
+
+	movdqa	$a,$t3
+	paddd	@Xi[0],$e			# e+=X[i]
+	psrld	\$27,$t3
+	movdqa	$b,$t1
+	pxor	$c,$t0				# Parity(b,c,d)
+
+	pslld	\$30,$t1
+	por	$t3,$t2				# rol(a,5)
+	paddd	$t0,$e				# e+=Parity(b,c,d)
+
+	psrld	\$2,$b
+	paddd	$t2,$e				# e+=rol(a,5)
+	por	$t1,$b				# b=rol(b,30)
+___
+push(@Xi,shift(@Xi));
+}
+
+sub BODY_40_59 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i+1;
+
+$code.=<<___;
+	pxor	@Xi[-2],@Xi[1]			# "X[13]"
+	movdqa	`&Xi_off($j+2)`,@Xi[3]		# "X[2]"
+
+	movdqa	$a,$t2
+	movdqa	$d,$t1
+	 pxor	`&Xi_off($j+8)`,@Xi[1]
+	pxor	@Xi[3],@Xi[1]
+	paddd	$K,$e				# e+=K_40_59
+	pslld	\$5,$t2
+	movdqa	$a,$t3
+	pand	$c,$t1
+
+	movdqa	$d,$t0
+	 movdqa	@Xi[1],$tx
+	psrld	\$27,$t3
+	paddd	$t1,$e
+	pxor	$c,$t0
+
+	movdqa	@Xi[0],`&Xi_off($i)`
+	paddd	@Xi[0],$e			# e+=X[i]
+	por	$t3,$t2				# rol(a,5)
+	 psrld	\$31,$tx
+	pand	$b,$t0
+	movdqa	$b,$t1
+
+	pslld	\$30,$t1
+	 paddd	@Xi[1],@Xi[1]
+	paddd	$t0,$e				# e+=Maj(b,d,c)
+
+	psrld	\$2,$b
+	paddd	$t2,$e				# e+=rol(a,5)
+	 por	$tx,@Xi[1]			# rol(@X[1],1)
+	por	$t1,$b				# b=rol(b,30)
+___
+push(@Xi,shift(@Xi));
+}
+
+$code.=<<___;
+.text
+
+.extern	OPENSSL_ia32cap_P
+
+.globl	sha1_multi_block
+.type	sha1_multi_block,\@function,3
+.align	32
+sha1_multi_block:
+.cfi_startproc
+	mov	OPENSSL_ia32cap_P+4(%rip),%rcx
+	bt	\$61,%rcx			# check SHA bit
+	jc	_shaext_shortcut
+___
+$code.=<<___ if ($avx);
+	test	\$`1<<28`,%ecx
+	jnz	_avx_shortcut
+___
+$code.=<<___;
+	mov	%rsp,%rax
+.cfi_def_cfa_register	%rax
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbx
+___
+$code.=<<___ if ($win64);
+	lea	-0xa8(%rsp),%rsp
+	movaps	%xmm6,(%rsp)
+	movaps	%xmm7,0x10(%rsp)
+	movaps	%xmm8,0x20(%rsp)
+	movaps	%xmm9,0x30(%rsp)
+	movaps	%xmm10,-0x78(%rax)
+	movaps	%xmm11,-0x68(%rax)
+	movaps	%xmm12,-0x58(%rax)
+	movaps	%xmm13,-0x48(%rax)
+	movaps	%xmm14,-0x38(%rax)
+	movaps	%xmm15,-0x28(%rax)
+___
+$code.=<<___;
+	sub	\$`$REG_SZ*18`,%rsp
+	and	\$-256,%rsp
+	mov	%rax,`$REG_SZ*17`(%rsp)		# original %rsp
+.cfi_cfa_expression	%rsp+`$REG_SZ*17`,deref,+8
+.Lbody:
+	lea	K_XX_XX(%rip),$Tbl
+	lea	`$REG_SZ*16`(%rsp),%rbx
+
+.Loop_grande:
+	mov	$num,`$REG_SZ*17+8`(%rsp)	# original $num
+	xor	$num,$num
+___
+for($i=0;$i<4;$i++) {
+    $code.=<<___;
+	mov	`16*$i+0`($inp),@ptr[$i]	# input pointer
+	mov	`16*$i+8`($inp),%ecx		# number of blocks
+	cmp	$num,%ecx
+	cmovg	%ecx,$num			# find maximum
+	test	%ecx,%ecx
+	mov	%ecx,`4*$i`(%rbx)		# initialize counters
+	cmovle	$Tbl,@ptr[$i]			# cancel input
+___
+}
+$code.=<<___;
+	test	$num,$num
+	jz	.Ldone
+
+	movdqu	0x00($ctx),$A			# load context
+	 lea	128(%rsp),%rax
+	movdqu	0x20($ctx),$B
+	movdqu	0x40($ctx),$C
+	movdqu	0x60($ctx),$D
+	movdqu	0x80($ctx),$E
+	movdqa	0x60($Tbl),$tx			# pbswap_mask
+	movdqa	-0x20($Tbl),$K			# K_00_19
+	jmp	.Loop
+
+.align	32
+.Loop:
+___
+for($i=0;$i<20;$i++)	{ &BODY_00_19($i,@V); unshift(@V,pop(@V)); }
+$code.="	movdqa	0x00($Tbl),$K\n";	# K_20_39
+for(;$i<40;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+$code.="	movdqa	0x20($Tbl),$K\n";	# K_40_59
+for(;$i<60;$i++)	{ &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
+$code.="	movdqa	0x40($Tbl),$K\n";	# K_60_79
+for(;$i<80;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	movdqa	(%rbx),@Xi[0]			# pull counters
+	mov	\$1,%ecx
+	cmp	4*0(%rbx),%ecx			# examine counters
+	pxor	$t2,$t2
+	cmovge	$Tbl,@ptr[0]			# cancel input
+	cmp	4*1(%rbx),%ecx
+	movdqa	@Xi[0],@Xi[1]
+	cmovge	$Tbl,@ptr[1]
+	cmp	4*2(%rbx),%ecx
+	pcmpgtd	$t2,@Xi[1]			# mask value
+	cmovge	$Tbl,@ptr[2]
+	cmp	4*3(%rbx),%ecx
+	paddd	@Xi[1],@Xi[0]			# counters--
+	cmovge	$Tbl,@ptr[3]
+
+	movdqu	0x00($ctx),$t0
+	pand	@Xi[1],$A
+	movdqu	0x20($ctx),$t1
+	pand	@Xi[1],$B
+	paddd	$t0,$A
+	movdqu	0x40($ctx),$t2
+	pand	@Xi[1],$C
+	paddd	$t1,$B
+	movdqu	0x60($ctx),$t3
+	pand	@Xi[1],$D
+	paddd	$t2,$C
+	movdqu	0x80($ctx),$tx
+	pand	@Xi[1],$E
+	movdqu	$A,0x00($ctx)
+	paddd	$t3,$D
+	movdqu	$B,0x20($ctx)
+	paddd	$tx,$E
+	movdqu	$C,0x40($ctx)
+	movdqu	$D,0x60($ctx)
+	movdqu	$E,0x80($ctx)
+
+	movdqa	@Xi[0],(%rbx)			# save counters
+	movdqa	0x60($Tbl),$tx			# pbswap_mask
+	movdqa	-0x20($Tbl),$K			# K_00_19
+	dec	$num
+	jnz	.Loop
+
+	mov	`$REG_SZ*17+8`(%rsp),$num
+	lea	$REG_SZ($ctx),$ctx
+	lea	`16*$REG_SZ/4`($inp),$inp
+	dec	$num
+	jnz	.Loop_grande
+
+.Ldone:
+	mov	`$REG_SZ*17`(%rsp),%rax		# original %rsp
+.cfi_def_cfa	%rax,8
+___
+$code.=<<___ if ($win64);
+	movaps	-0xb8(%rax),%xmm6
+	movaps	-0xa8(%rax),%xmm7
+	movaps	-0x98(%rax),%xmm8
+	movaps	-0x88(%rax),%xmm9
+	movaps	-0x78(%rax),%xmm10
+	movaps	-0x68(%rax),%xmm11
+	movaps	-0x58(%rax),%xmm12
+	movaps	-0x48(%rax),%xmm13
+	movaps	-0x38(%rax),%xmm14
+	movaps	-0x28(%rax),%xmm15
+___
+$code.=<<___;
+	mov	-16(%rax),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rax),%rbx
+.cfi_restore	%rbx
+	lea	(%rax),%rsp
+.cfi_def_cfa_register	%rsp
+.Lepilogue:
+	ret
+.cfi_endproc
+.size	sha1_multi_block,.-sha1_multi_block
+___
+						{{{
+my ($ABCD0,$E0,$E0_,$BSWAP,$ABCD1,$E1,$E1_)=map("%xmm$_",(0..3,8..10));
+my @MSG0=map("%xmm$_",(4..7));
+my @MSG1=map("%xmm$_",(11..14));
+
+$code.=<<___;
+.type	sha1_multi_block_shaext,\@function,3
+.align	32
+sha1_multi_block_shaext:
+.cfi_startproc
+_shaext_shortcut:
+	mov	%rsp,%rax
+.cfi_def_cfa_register	%rax
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+___
+$code.=<<___ if ($win64);
+	lea	-0xa8(%rsp),%rsp
+	movaps	%xmm6,(%rsp)
+	movaps	%xmm7,0x10(%rsp)
+	movaps	%xmm8,0x20(%rsp)
+	movaps	%xmm9,0x30(%rsp)
+	movaps	%xmm10,-0x78(%rax)
+	movaps	%xmm11,-0x68(%rax)
+	movaps	%xmm12,-0x58(%rax)
+	movaps	%xmm13,-0x48(%rax)
+	movaps	%xmm14,-0x38(%rax)
+	movaps	%xmm15,-0x28(%rax)
+___
+$code.=<<___;
+	sub	\$`$REG_SZ*18`,%rsp
+	shl	\$1,$num			# we process pair at a time
+	and	\$-256,%rsp
+	lea	0x40($ctx),$ctx			# size optimization
+	mov	%rax,`$REG_SZ*17`(%rsp)		# original %rsp
+.Lbody_shaext:
+	lea	`$REG_SZ*16`(%rsp),%rbx
+	movdqa	K_XX_XX+0x80(%rip),$BSWAP	# byte-n-word swap
+
+.Loop_grande_shaext:
+	mov	$num,`$REG_SZ*17+8`(%rsp)	# original $num
+	xor	$num,$num
+___
+for($i=0;$i<2;$i++) {
+    $code.=<<___;
+	mov	`16*$i+0`($inp),@ptr[$i]	# input pointer
+	mov	`16*$i+8`($inp),%ecx		# number of blocks
+	cmp	$num,%ecx
+	cmovg	%ecx,$num			# find maximum
+	test	%ecx,%ecx
+	mov	%ecx,`4*$i`(%rbx)		# initialize counters
+	cmovle	%rsp,@ptr[$i]			# cancel input
+___
+}
+$code.=<<___;
+	test	$num,$num
+	jz	.Ldone_shaext
+
+	movq		0x00-0x40($ctx),$ABCD0	# a1.a0
+	movq		0x20-0x40($ctx),@MSG0[0]# b1.b0
+	movq		0x40-0x40($ctx),@MSG0[1]# c1.c0
+	movq		0x60-0x40($ctx),@MSG0[2]# d1.d0
+	movq		0x80-0x40($ctx),@MSG0[3]# e1.e0
+
+	punpckldq	@MSG0[0],$ABCD0		# b1.a1.b0.a0
+	punpckldq	@MSG0[2],@MSG0[1]	# d1.c1.d0.c0
+
+	movdqa		$ABCD0,$ABCD1
+	punpcklqdq	@MSG0[1],$ABCD0		# d0.c0.b0.a0
+	punpckhqdq	@MSG0[1],$ABCD1		# d1.c1.b1.a1
+
+	pshufd		\$0b00111111,@MSG0[3],$E0
+	pshufd		\$0b01111111,@MSG0[3],$E1
+	pshufd		\$0b00011011,$ABCD0,$ABCD0
+	pshufd		\$0b00011011,$ABCD1,$ABCD1
+	jmp		.Loop_shaext
+
+.align	32
+.Loop_shaext:
+	movdqu		0x00(@ptr[0]),@MSG0[0]
+	 movdqu		0x00(@ptr[1]),@MSG1[0]
+	movdqu		0x10(@ptr[0]),@MSG0[1]
+	 movdqu		0x10(@ptr[1]),@MSG1[1]
+	movdqu		0x20(@ptr[0]),@MSG0[2]
+	pshufb		$BSWAP,@MSG0[0]
+	 movdqu		0x20(@ptr[1]),@MSG1[2]
+	 pshufb		$BSWAP,@MSG1[0]
+	movdqu		0x30(@ptr[0]),@MSG0[3]
+	lea		0x40(@ptr[0]),@ptr[0]
+	pshufb		$BSWAP,@MSG0[1]
+	 movdqu		0x30(@ptr[1]),@MSG1[3]
+	 lea		0x40(@ptr[1]),@ptr[1]
+	 pshufb		$BSWAP,@MSG1[1]
+
+	movdqa		$E0,0x50(%rsp)		# offload
+	paddd		@MSG0[0],$E0
+	 movdqa		$E1,0x70(%rsp)
+	 paddd		@MSG1[0],$E1
+	movdqa		$ABCD0,0x40(%rsp)	# offload
+	movdqa		$ABCD0,$E0_
+	 movdqa		$ABCD1,0x60(%rsp)
+	 movdqa		$ABCD1,$E1_
+	sha1rnds4	\$0,$E0,$ABCD0		# 0-3
+	sha1nexte	@MSG0[1],$E0_
+	 sha1rnds4	\$0,$E1,$ABCD1		# 0-3
+	 sha1nexte	@MSG1[1],$E1_
+	pshufb		$BSWAP,@MSG0[2]
+	prefetcht0	127(@ptr[0])
+	sha1msg1	@MSG0[1],@MSG0[0]
+	 pshufb		$BSWAP,@MSG1[2]
+	 prefetcht0	127(@ptr[1])
+	 sha1msg1	@MSG1[1],@MSG1[0]
+
+	pshufb		$BSWAP,@MSG0[3]
+	movdqa		$ABCD0,$E0
+	 pshufb		$BSWAP,@MSG1[3]
+	 movdqa		$ABCD1,$E1
+	sha1rnds4	\$0,$E0_,$ABCD0		# 4-7
+	sha1nexte	@MSG0[2],$E0
+	 sha1rnds4	\$0,$E1_,$ABCD1		# 4-7
+	 sha1nexte	@MSG1[2],$E1
+	pxor		@MSG0[2],@MSG0[0]
+	sha1msg1	@MSG0[2],@MSG0[1]
+	 pxor		@MSG1[2],@MSG1[0]
+	 sha1msg1	@MSG1[2],@MSG1[1]
+___
+for($i=2;$i<20-4;$i++) {
+$code.=<<___;
+	movdqa		$ABCD0,$E0_
+	 movdqa		$ABCD1,$E1_
+	sha1rnds4	\$`int($i/5)`,$E0,$ABCD0	# 8-11
+	sha1nexte	@MSG0[3],$E0_
+	 sha1rnds4	\$`int($i/5)`,$E1,$ABCD1	# 8-11
+	 sha1nexte	@MSG1[3],$E1_
+	sha1msg2	@MSG0[3],@MSG0[0]
+	 sha1msg2	@MSG1[3],@MSG1[0]
+	pxor		@MSG0[3],@MSG0[1]
+	sha1msg1	@MSG0[3],@MSG0[2]
+	 pxor		@MSG1[3],@MSG1[1]
+	 sha1msg1	@MSG1[3],@MSG1[2]
+___
+	($E0,$E0_)=($E0_,$E0);		($E1,$E1_)=($E1_,$E1);
+	push(@MSG0,shift(@MSG0));	push(@MSG1,shift(@MSG1));
+}
+$code.=<<___;
+	movdqa		$ABCD0,$E0_
+	 movdqa		$ABCD1,$E1_
+	sha1rnds4	\$3,$E0,$ABCD0		# 64-67
+	sha1nexte	@MSG0[3],$E0_
+	 sha1rnds4	\$3,$E1,$ABCD1		# 64-67
+	 sha1nexte	@MSG1[3],$E1_
+	sha1msg2	@MSG0[3],@MSG0[0]
+	 sha1msg2	@MSG1[3],@MSG1[0]
+	pxor		@MSG0[3],@MSG0[1]
+	 pxor		@MSG1[3],@MSG1[1]
+
+	mov		\$1,%ecx
+	pxor		@MSG0[2],@MSG0[2]	# zero
+	cmp		4*0(%rbx),%ecx		# examine counters
+	cmovge		%rsp,@ptr[0]		# cancel input
+
+	movdqa		$ABCD0,$E0
+	 movdqa		$ABCD1,$E1
+	sha1rnds4	\$3,$E0_,$ABCD0		# 68-71
+	sha1nexte	@MSG0[0],$E0
+	 sha1rnds4	\$3,$E1_,$ABCD1		# 68-71
+	 sha1nexte	@MSG1[0],$E1
+	sha1msg2	@MSG0[0],@MSG0[1]
+	 sha1msg2	@MSG1[0],@MSG1[1]
+
+	cmp		4*1(%rbx),%ecx
+	cmovge		%rsp,@ptr[1]
+	movq		(%rbx),@MSG0[0]		# pull counters
+
+	movdqa		$ABCD0,$E0_
+	 movdqa		$ABCD1,$E1_
+	sha1rnds4	\$3,$E0,$ABCD0		# 72-75
+	sha1nexte	@MSG0[1],$E0_
+	 sha1rnds4	\$3,$E1,$ABCD1		# 72-75
+	 sha1nexte	@MSG1[1],$E1_
+
+	pshufd		\$0x00,@MSG0[0],@MSG1[2]
+	pshufd		\$0x55,@MSG0[0],@MSG1[3]
+	movdqa		@MSG0[0],@MSG0[1]
+	pcmpgtd		@MSG0[2],@MSG1[2]
+	pcmpgtd		@MSG0[2],@MSG1[3]
+
+	movdqa		$ABCD0,$E0
+	 movdqa		$ABCD1,$E1
+	sha1rnds4	\$3,$E0_,$ABCD0		# 76-79
+	sha1nexte	$MSG0[2],$E0
+	 sha1rnds4	\$3,$E1_,$ABCD1		# 76-79
+	 sha1nexte	$MSG0[2],$E1
+
+	pcmpgtd		@MSG0[2],@MSG0[1]	# counter mask
+	pand		@MSG1[2],$ABCD0
+	pand		@MSG1[2],$E0
+	 pand		@MSG1[3],$ABCD1
+	 pand		@MSG1[3],$E1
+	paddd		@MSG0[1],@MSG0[0]	# counters--
+
+	paddd		0x40(%rsp),$ABCD0
+	paddd		0x50(%rsp),$E0
+	 paddd		0x60(%rsp),$ABCD1
+	 paddd		0x70(%rsp),$E1
+
+	movq		@MSG0[0],(%rbx)		# save counters
+	dec		$num
+	jnz		.Loop_shaext
+
+	mov		`$REG_SZ*17+8`(%rsp),$num
+
+	pshufd		\$0b00011011,$ABCD0,$ABCD0
+	pshufd		\$0b00011011,$ABCD1,$ABCD1
+
+	movdqa		$ABCD0,@MSG0[0]
+	punpckldq	$ABCD1,$ABCD0		# b1.b0.a1.a0
+	punpckhdq	$ABCD1,@MSG0[0]		# d1.d0.c1.c0
+	punpckhdq	$E1,$E0			# e1.e0.xx.xx
+	movq		$ABCD0,0x00-0x40($ctx)	# a1.a0
+	psrldq		\$8,$ABCD0
+	movq		@MSG0[0],0x40-0x40($ctx)# c1.c0
+	psrldq		\$8,@MSG0[0]
+	movq		$ABCD0,0x20-0x40($ctx)	# b1.b0
+	psrldq		\$8,$E0
+	movq		@MSG0[0],0x60-0x40($ctx)# d1.d0
+	movq		$E0,0x80-0x40($ctx)	# e1.e0
+
+	lea	`$REG_SZ/2`($ctx),$ctx
+	lea	`16*2`($inp),$inp
+	dec	$num
+	jnz	.Loop_grande_shaext
+
+.Ldone_shaext:
+	#mov	`$REG_SZ*17`(%rsp),%rax		# original %rsp
+___
+$code.=<<___ if ($win64);
+	movaps	-0xb8(%rax),%xmm6
+	movaps	-0xa8(%rax),%xmm7
+	movaps	-0x98(%rax),%xmm8
+	movaps	-0x88(%rax),%xmm9
+	movaps	-0x78(%rax),%xmm10
+	movaps	-0x68(%rax),%xmm11
+	movaps	-0x58(%rax),%xmm12
+	movaps	-0x48(%rax),%xmm13
+	movaps	-0x38(%rax),%xmm14
+	movaps	-0x28(%rax),%xmm15
+___
+$code.=<<___;
+	mov	-16(%rax),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rax),%rbx
+.cfi_restore	%rbx
+	lea	(%rax),%rsp
+.cfi_def_cfa_register	%rsp
+.Lepilogue_shaext:
+	ret
+.cfi_endproc
+.size	sha1_multi_block_shaext,.-sha1_multi_block_shaext
+___
+						}}}
+
+						if ($avx) {{{
+sub BODY_00_19_avx {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i+1;
+my $k=$i+2;
+my $vpack = $REG_SZ==16 ? "vpunpckldq" : "vinserti128";
+my $ptr_n = $REG_SZ==16 ? @ptr[1] : @ptr[4];
+
+$code.=<<___ if ($i==0 && $REG_SZ==16);
+	vmovd		(@ptr[0]),@Xi[0]
+	 lea		`16*4`(@ptr[0]),@ptr[0]
+	vmovd		(@ptr[1]),@Xi[2]	# borrow Xi[2]
+	 lea		`16*4`(@ptr[1]),@ptr[1]
+	vpinsrd		\$1,(@ptr[2]),@Xi[0],@Xi[0]
+	 lea		`16*4`(@ptr[2]),@ptr[2]
+	vpinsrd		\$1,(@ptr[3]),@Xi[2],@Xi[2]
+	 lea		`16*4`(@ptr[3]),@ptr[3]
+	 vmovd		`4*$j-16*4`(@ptr[0]),@Xi[1]
+	vpunpckldq	@Xi[2],@Xi[0],@Xi[0]
+	 vmovd		`4*$j-16*4`($ptr_n),$t3
+	vpshufb		$tx,@Xi[0],@Xi[0]
+___
+$code.=<<___ if ($i<15 && $REG_SZ==16);		# just load input
+	 vpinsrd	\$1,`4*$j-16*4`(@ptr[2]),@Xi[1],@Xi[1]
+	 vpinsrd	\$1,`4*$j-16*4`(@ptr[3]),$t3,$t3
+___
+$code.=<<___ if ($i==0 && $REG_SZ==32);
+	vmovd		(@ptr[0]),@Xi[0]
+	 lea		`16*4`(@ptr[0]),@ptr[0]
+	vmovd		(@ptr[4]),@Xi[2]	# borrow Xi[2]
+	 lea		`16*4`(@ptr[4]),@ptr[4]
+	vmovd		(@ptr[1]),$t2
+	 lea		`16*4`(@ptr[1]),@ptr[1]
+	vmovd		(@ptr[5]),$t1
+	 lea		`16*4`(@ptr[5]),@ptr[5]
+	vpinsrd		\$1,(@ptr[2]),@Xi[0],@Xi[0]
+	 lea		`16*4`(@ptr[2]),@ptr[2]
+	vpinsrd		\$1,(@ptr[6]),@Xi[2],@Xi[2]
+	 lea		`16*4`(@ptr[6]),@ptr[6]
+	vpinsrd		\$1,(@ptr[3]),$t2,$t2
+	 lea		`16*4`(@ptr[3]),@ptr[3]
+	vpunpckldq	$t2,@Xi[0],@Xi[0]
+	vpinsrd		\$1,(@ptr[7]),$t1,$t1
+	 lea		`16*4`(@ptr[7]),@ptr[7]
+	vpunpckldq	$t1,@Xi[2],@Xi[2]
+	 vmovd		`4*$j-16*4`(@ptr[0]),@Xi[1]
+	vinserti128	@Xi[2],@Xi[0],@Xi[0]
+	 vmovd		`4*$j-16*4`($ptr_n),$t3
+	vpshufb		$tx,@Xi[0],@Xi[0]
+___
+$code.=<<___ if ($i<15 && $REG_SZ==32);		# just load input
+	 vmovd		`4*$j-16*4`(@ptr[1]),$t2
+	 vmovd		`4*$j-16*4`(@ptr[5]),$t1
+	 vpinsrd	\$1,`4*$j-16*4`(@ptr[2]),@Xi[1],@Xi[1]
+	 vpinsrd	\$1,`4*$j-16*4`(@ptr[6]),$t3,$t3
+	 vpinsrd	\$1,`4*$j-16*4`(@ptr[3]),$t2,$t2
+	 vpunpckldq	$t2,@Xi[1],@Xi[1]
+	 vpinsrd	\$1,`4*$j-16*4`(@ptr[7]),$t1,$t1
+	 vpunpckldq	$t1,$t3,$t3
+___
+$code.=<<___ if ($i<14);
+	vpaddd	$K,$e,$e			# e+=K_00_19
+	vpslld	\$5,$a,$t2
+	vpandn	$d,$b,$t1
+	vpand	$c,$b,$t0
+
+	vmovdqa	@Xi[0],`&Xi_off($i)`
+	vpaddd	@Xi[0],$e,$e			# e+=X[i]
+	 $vpack		$t3,@Xi[1],@Xi[1]
+	vpsrld	\$27,$a,$t3
+	vpxor	$t1,$t0,$t0			# Ch(b,c,d)
+	 vmovd		`4*$k-16*4`(@ptr[0]),@Xi[2]
+
+	vpslld	\$30,$b,$t1
+	vpor	$t3,$t2,$t2			# rol(a,5)
+	 vmovd		`4*$k-16*4`($ptr_n),$t3
+	vpaddd	$t0,$e,$e			# e+=Ch(b,c,d)
+
+	vpsrld	\$2,$b,$b
+	vpaddd	$t2,$e,$e			# e+=rol(a,5)
+	 vpshufb	$tx,@Xi[1],@Xi[1]
+	vpor	$t1,$b,$b			# b=rol(b,30)
+___
+$code.=<<___ if ($i==14);
+	vpaddd	$K,$e,$e			# e+=K_00_19
+	 prefetcht0	63(@ptr[0])
+	vpslld	\$5,$a,$t2
+	vpandn	$d,$b,$t1
+	vpand	$c,$b,$t0
+
+	vmovdqa	@Xi[0],`&Xi_off($i)`
+	vpaddd	@Xi[0],$e,$e			# e+=X[i]
+	 $vpack		$t3,@Xi[1],@Xi[1]
+	vpsrld	\$27,$a,$t3
+	 prefetcht0	63(@ptr[1])
+	vpxor	$t1,$t0,$t0			# Ch(b,c,d)
+
+	vpslld	\$30,$b,$t1
+	vpor	$t3,$t2,$t2			# rol(a,5)
+	 prefetcht0	63(@ptr[2])
+	vpaddd	$t0,$e,$e			# e+=Ch(b,c,d)
+
+	vpsrld	\$2,$b,$b
+	vpaddd	$t2,$e,$e			# e+=rol(a,5)
+	 prefetcht0	63(@ptr[3])
+	 vpshufb	$tx,@Xi[1],@Xi[1]
+	vpor	$t1,$b,$b			# b=rol(b,30)
+___
+$code.=<<___ if ($i>=13 && $i<15);
+	vmovdqa	`&Xi_off($j+2)`,@Xi[3]		# preload "X[2]"
+___
+$code.=<<___ if ($i>=15);			# apply Xupdate
+	vpxor	@Xi[-2],@Xi[1],@Xi[1]		# "X[13]"
+	vmovdqa	`&Xi_off($j+2)`,@Xi[3]		# "X[2]"
+
+	vpaddd	$K,$e,$e			# e+=K_00_19
+	vpslld	\$5,$a,$t2
+	vpandn	$d,$b,$t1
+	 `"prefetcht0	63(@ptr[4])"		if ($i==15 && $REG_SZ==32)`
+	vpand	$c,$b,$t0
+
+	vmovdqa	@Xi[0],`&Xi_off($i)`
+	vpaddd	@Xi[0],$e,$e			# e+=X[i]
+	 vpxor	`&Xi_off($j+8)`,@Xi[1],@Xi[1]
+	vpsrld	\$27,$a,$t3
+	vpxor	$t1,$t0,$t0			# Ch(b,c,d)
+	 vpxor	@Xi[3],@Xi[1],@Xi[1]
+	 `"prefetcht0	63(@ptr[5])"		if ($i==15 && $REG_SZ==32)`
+
+	vpslld	\$30,$b,$t1
+	vpor	$t3,$t2,$t2			# rol(a,5)
+	vpaddd	$t0,$e,$e			# e+=Ch(b,c,d)
+	 `"prefetcht0	63(@ptr[6])"		if ($i==15 && $REG_SZ==32)`
+	 vpsrld	\$31,@Xi[1],$tx
+	 vpaddd	@Xi[1],@Xi[1],@Xi[1]
+
+	vpsrld	\$2,$b,$b
+	 `"prefetcht0	63(@ptr[7])"		if ($i==15 && $REG_SZ==32)`
+	vpaddd	$t2,$e,$e			# e+=rol(a,5)
+	 vpor	$tx,@Xi[1],@Xi[1]		# rol	\$1,@Xi[1]
+	vpor	$t1,$b,$b			# b=rol(b,30)
+___
+push(@Xi,shift(@Xi));
+}
+
+sub BODY_20_39_avx {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i+1;
+
+$code.=<<___ if ($i<79);
+	vpxor	@Xi[-2],@Xi[1],@Xi[1]		# "X[13]"
+	vmovdqa	`&Xi_off($j+2)`,@Xi[3]		# "X[2]"
+
+	vpslld	\$5,$a,$t2
+	vpaddd	$K,$e,$e			# e+=K_20_39
+	vpxor	$b,$d,$t0
+___
+$code.=<<___ if ($i<72);
+	vmovdqa	@Xi[0],`&Xi_off($i)`
+___
+$code.=<<___ if ($i<79);
+	vpaddd	@Xi[0],$e,$e			# e+=X[i]
+	 vpxor	`&Xi_off($j+8)`,@Xi[1],@Xi[1]
+	vpsrld	\$27,$a,$t3
+	vpxor	$c,$t0,$t0			# Parity(b,c,d)
+	 vpxor	@Xi[3],@Xi[1],@Xi[1]
+
+	vpslld	\$30,$b,$t1
+	vpor	$t3,$t2,$t2			# rol(a,5)
+	vpaddd	$t0,$e,$e			# e+=Parity(b,c,d)
+	 vpsrld	\$31,@Xi[1],$tx
+	 vpaddd	@Xi[1],@Xi[1],@Xi[1]
+
+	vpsrld	\$2,$b,$b
+	vpaddd	$t2,$e,$e			# e+=rol(a,5)
+	 vpor	$tx,@Xi[1],@Xi[1]		# rol(@Xi[1],1)
+	vpor	$t1,$b,$b			# b=rol(b,30)
+___
+$code.=<<___ if ($i==79);
+	vpslld	\$5,$a,$t2
+	vpaddd	$K,$e,$e			# e+=K_20_39
+	vpxor	$b,$d,$t0
+
+	vpsrld	\$27,$a,$t3
+	vpaddd	@Xi[0],$e,$e			# e+=X[i]
+	vpxor	$c,$t0,$t0			# Parity(b,c,d)
+
+	vpslld	\$30,$b,$t1
+	vpor	$t3,$t2,$t2			# rol(a,5)
+	vpaddd	$t0,$e,$e			# e+=Parity(b,c,d)
+
+	vpsrld	\$2,$b,$b
+	vpaddd	$t2,$e,$e			# e+=rol(a,5)
+	vpor	$t1,$b,$b			# b=rol(b,30)
+___
+push(@Xi,shift(@Xi));
+}
+
+sub BODY_40_59_avx {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i+1;
+
+$code.=<<___;
+	vpxor	@Xi[-2],@Xi[1],@Xi[1]		# "X[13]"
+	vmovdqa	`&Xi_off($j+2)`,@Xi[3]		# "X[2]"
+
+	vpaddd	$K,$e,$e			# e+=K_40_59
+	vpslld	\$5,$a,$t2
+	vpand	$c,$d,$t1
+	 vpxor	`&Xi_off($j+8)`,@Xi[1],@Xi[1]
+
+	vpaddd	$t1,$e,$e
+	vpsrld	\$27,$a,$t3
+	vpxor	$c,$d,$t0
+	 vpxor	@Xi[3],@Xi[1],@Xi[1]
+
+	vmovdqu	@Xi[0],`&Xi_off($i)`
+	vpaddd	@Xi[0],$e,$e			# e+=X[i]
+	vpor	$t3,$t2,$t2			# rol(a,5)
+	 vpsrld	\$31,@Xi[1],$tx
+	vpand	$b,$t0,$t0
+	 vpaddd	@Xi[1],@Xi[1],@Xi[1]
+
+	vpslld	\$30,$b,$t1
+	vpaddd	$t0,$e,$e			# e+=Maj(b,d,c)
+
+	vpsrld	\$2,$b,$b
+	vpaddd	$t2,$e,$e			# e+=rol(a,5)
+	 vpor	$tx,@Xi[1],@Xi[1]		# rol(@X[1],1)
+	vpor	$t1,$b,$b			# b=rol(b,30)
+___
+push(@Xi,shift(@Xi));
+}
+
+$code.=<<___;
+.type	sha1_multi_block_avx,\@function,3
+.align	32
+sha1_multi_block_avx:
+.cfi_startproc
+_avx_shortcut:
+___
+$code.=<<___ if ($avx>1);
+	shr	\$32,%rcx
+	cmp	\$2,$num
+	jb	.Lavx
+	test	\$`1<<5`,%ecx
+	jnz	_avx2_shortcut
+	jmp	.Lavx
+.align	32
+.Lavx:
+___
+$code.=<<___;
+	mov	%rsp,%rax
+.cfi_def_cfa_register	%rax
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+___
+$code.=<<___ if ($win64);
+	lea	-0xa8(%rsp),%rsp
+	movaps	%xmm6,(%rsp)
+	movaps	%xmm7,0x10(%rsp)
+	movaps	%xmm8,0x20(%rsp)
+	movaps	%xmm9,0x30(%rsp)
+	movaps	%xmm10,-0x78(%rax)
+	movaps	%xmm11,-0x68(%rax)
+	movaps	%xmm12,-0x58(%rax)
+	movaps	%xmm13,-0x48(%rax)
+	movaps	%xmm14,-0x38(%rax)
+	movaps	%xmm15,-0x28(%rax)
+___
+$code.=<<___;
+	sub	\$`$REG_SZ*18`, %rsp
+	and	\$-256,%rsp
+	mov	%rax,`$REG_SZ*17`(%rsp)		# original %rsp
+.cfi_cfa_expression	%rsp+`$REG_SZ*17`,deref,+8
+.Lbody_avx:
+	lea	K_XX_XX(%rip),$Tbl
+	lea	`$REG_SZ*16`(%rsp),%rbx
+
+	vzeroupper
+.Loop_grande_avx:
+	mov	$num,`$REG_SZ*17+8`(%rsp)	# original $num
+	xor	$num,$num
+___
+for($i=0;$i<4;$i++) {
+    $code.=<<___;
+	mov	`16*$i+0`($inp),@ptr[$i]	# input pointer
+	mov	`16*$i+8`($inp),%ecx		# number of blocks
+	cmp	$num,%ecx
+	cmovg	%ecx,$num			# find maximum
+	test	%ecx,%ecx
+	mov	%ecx,`4*$i`(%rbx)		# initialize counters
+	cmovle	$Tbl,@ptr[$i]			# cancel input
+___
+}
+$code.=<<___;
+	test	$num,$num
+	jz	.Ldone_avx
+
+	vmovdqu	0x00($ctx),$A			# load context
+	 lea	128(%rsp),%rax
+	vmovdqu	0x20($ctx),$B
+	vmovdqu	0x40($ctx),$C
+	vmovdqu	0x60($ctx),$D
+	vmovdqu	0x80($ctx),$E
+	vmovdqu	0x60($Tbl),$tx			# pbswap_mask
+	jmp	.Loop_avx
+
+.align	32
+.Loop_avx:
+___
+$code.="	vmovdqa	-0x20($Tbl),$K\n";	# K_00_19
+for($i=0;$i<20;$i++)	{ &BODY_00_19_avx($i,@V); unshift(@V,pop(@V)); }
+$code.="	vmovdqa	0x00($Tbl),$K\n";	# K_20_39
+for(;$i<40;$i++)	{ &BODY_20_39_avx($i,@V); unshift(@V,pop(@V)); }
+$code.="	vmovdqa	0x20($Tbl),$K\n";	# K_40_59
+for(;$i<60;$i++)	{ &BODY_40_59_avx($i,@V); unshift(@V,pop(@V)); }
+$code.="	vmovdqa	0x40($Tbl),$K\n";	# K_60_79
+for(;$i<80;$i++)	{ &BODY_20_39_avx($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	mov	\$1,%ecx
+___
+for($i=0;$i<4;$i++) {
+    $code.=<<___;
+	cmp	`4*$i`(%rbx),%ecx		# examine counters
+	cmovge	$Tbl,@ptr[$i]			# cancel input
+___
+}
+$code.=<<___;
+	vmovdqu	(%rbx),$t0			# pull counters
+	vpxor	$t2,$t2,$t2
+	vmovdqa	$t0,$t1
+	vpcmpgtd $t2,$t1,$t1			# mask value
+	vpaddd	$t1,$t0,$t0			# counters--
+
+	vpand	$t1,$A,$A
+	vpand	$t1,$B,$B
+	vpaddd	0x00($ctx),$A,$A
+	vpand	$t1,$C,$C
+	vpaddd	0x20($ctx),$B,$B
+	vpand	$t1,$D,$D
+	vpaddd	0x40($ctx),$C,$C
+	vpand	$t1,$E,$E
+	vpaddd	0x60($ctx),$D,$D
+	vpaddd	0x80($ctx),$E,$E
+	vmovdqu	$A,0x00($ctx)
+	vmovdqu	$B,0x20($ctx)
+	vmovdqu	$C,0x40($ctx)
+	vmovdqu	$D,0x60($ctx)
+	vmovdqu	$E,0x80($ctx)
+
+	vmovdqu	$t0,(%rbx)			# save counters
+	vmovdqu	0x60($Tbl),$tx			# pbswap_mask
+	dec	$num
+	jnz	.Loop_avx
+
+	mov	`$REG_SZ*17+8`(%rsp),$num
+	lea	$REG_SZ($ctx),$ctx
+	lea	`16*$REG_SZ/4`($inp),$inp
+	dec	$num
+	jnz	.Loop_grande_avx
+
+.Ldone_avx:
+	mov	`$REG_SZ*17`(%rsp),%rax		# original %rsp
+.cfi_def_cfa	%rax,8
+	vzeroupper
+___
+$code.=<<___ if ($win64);
+	movaps	-0xb8(%rax),%xmm6
+	movaps	-0xa8(%rax),%xmm7
+	movaps	-0x98(%rax),%xmm8
+	movaps	-0x88(%rax),%xmm9
+	movaps	-0x78(%rax),%xmm10
+	movaps	-0x68(%rax),%xmm11
+	movaps	-0x58(%rax),%xmm12
+	movaps	-0x48(%rax),%xmm13
+	movaps	-0x38(%rax),%xmm14
+	movaps	-0x28(%rax),%xmm15
+___
+$code.=<<___;
+	mov	-16(%rax),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rax),%rbx
+.cfi_restore	%rbx
+	lea	(%rax),%rsp
+.cfi_def_cfa_register	%rsp
+.Lepilogue_avx:
+	ret
+.cfi_endproc
+.size	sha1_multi_block_avx,.-sha1_multi_block_avx
+___
+
+						if ($avx>1) {
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+
+$REG_SZ=32;
+
+@ptr=map("%r$_",(12..15,8..11));
+
+@V=($A,$B,$C,$D,$E)=map("%ymm$_",(0..4));
+($t0,$t1,$t2,$t3,$tx)=map("%ymm$_",(5..9));
+@Xi=map("%ymm$_",(10..14));
+$K="%ymm15";
+
+$code.=<<___;
+.type	sha1_multi_block_avx2,\@function,3
+.align	32
+sha1_multi_block_avx2:
+.cfi_startproc
+_avx2_shortcut:
+	mov	%rsp,%rax
+.cfi_def_cfa_register	%rax
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+___
+$code.=<<___ if ($win64);
+	lea	-0xa8(%rsp),%rsp
+	movaps	%xmm6,(%rsp)
+	movaps	%xmm7,0x10(%rsp)
+	movaps	%xmm8,0x20(%rsp)
+	movaps	%xmm9,0x30(%rsp)
+	movaps	%xmm10,0x40(%rsp)
+	movaps	%xmm11,0x50(%rsp)
+	movaps	%xmm12,-0x78(%rax)
+	movaps	%xmm13,-0x68(%rax)
+	movaps	%xmm14,-0x58(%rax)
+	movaps	%xmm15,-0x48(%rax)
+___
+$code.=<<___;
+	sub	\$`$REG_SZ*18`, %rsp
+	and	\$-256,%rsp
+	mov	%rax,`$REG_SZ*17`(%rsp)		# original %rsp
+.cfi_cfa_expression	%rsp+`$REG_SZ*17`,deref,+8
+.Lbody_avx2:
+	lea	K_XX_XX(%rip),$Tbl
+	shr	\$1,$num
+
+	vzeroupper
+.Loop_grande_avx2:
+	mov	$num,`$REG_SZ*17+8`(%rsp)	# original $num
+	xor	$num,$num
+	lea	`$REG_SZ*16`(%rsp),%rbx
+___
+for($i=0;$i<8;$i++) {
+    $code.=<<___;
+	mov	`16*$i+0`($inp),@ptr[$i]	# input pointer
+	mov	`16*$i+8`($inp),%ecx		# number of blocks
+	cmp	$num,%ecx
+	cmovg	%ecx,$num			# find maximum
+	test	%ecx,%ecx
+	mov	%ecx,`4*$i`(%rbx)		# initialize counters
+	cmovle	$Tbl,@ptr[$i]			# cancel input
+___
+}
+$code.=<<___;
+	vmovdqu	0x00($ctx),$A			# load context
+	 lea	128(%rsp),%rax
+	vmovdqu	0x20($ctx),$B
+	 lea	256+128(%rsp),%rbx
+	vmovdqu	0x40($ctx),$C
+	vmovdqu	0x60($ctx),$D
+	vmovdqu	0x80($ctx),$E
+	vmovdqu	0x60($Tbl),$tx			# pbswap_mask
+	jmp	.Loop_avx2
+
+.align	32
+.Loop_avx2:
+___
+$code.="	vmovdqa	-0x20($Tbl),$K\n";	# K_00_19
+for($i=0;$i<20;$i++)	{ &BODY_00_19_avx($i,@V); unshift(@V,pop(@V)); }
+$code.="	vmovdqa	0x00($Tbl),$K\n";	# K_20_39
+for(;$i<40;$i++)	{ &BODY_20_39_avx($i,@V); unshift(@V,pop(@V)); }
+$code.="	vmovdqa	0x20($Tbl),$K\n";	# K_40_59
+for(;$i<60;$i++)	{ &BODY_40_59_avx($i,@V); unshift(@V,pop(@V)); }
+$code.="	vmovdqa	0x40($Tbl),$K\n";	# K_60_79
+for(;$i<80;$i++)	{ &BODY_20_39_avx($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	mov	\$1,%ecx
+	lea	`$REG_SZ*16`(%rsp),%rbx
+___
+for($i=0;$i<8;$i++) {
+    $code.=<<___;
+	cmp	`4*$i`(%rbx),%ecx		# examine counters
+	cmovge	$Tbl,@ptr[$i]			# cancel input
+___
+}
+$code.=<<___;
+	vmovdqu	(%rbx),$t0		# pull counters
+	vpxor	$t2,$t2,$t2
+	vmovdqa	$t0,$t1
+	vpcmpgtd $t2,$t1,$t1			# mask value
+	vpaddd	$t1,$t0,$t0			# counters--
+
+	vpand	$t1,$A,$A
+	vpand	$t1,$B,$B
+	vpaddd	0x00($ctx),$A,$A
+	vpand	$t1,$C,$C
+	vpaddd	0x20($ctx),$B,$B
+	vpand	$t1,$D,$D
+	vpaddd	0x40($ctx),$C,$C
+	vpand	$t1,$E,$E
+	vpaddd	0x60($ctx),$D,$D
+	vpaddd	0x80($ctx),$E,$E
+	vmovdqu	$A,0x00($ctx)
+	vmovdqu	$B,0x20($ctx)
+	vmovdqu	$C,0x40($ctx)
+	vmovdqu	$D,0x60($ctx)
+	vmovdqu	$E,0x80($ctx)
+
+	vmovdqu	$t0,(%rbx)			# save counters
+	lea	256+128(%rsp),%rbx
+	vmovdqu	0x60($Tbl),$tx			# pbswap_mask
+	dec	$num
+	jnz	.Loop_avx2
+
+	#mov	`$REG_SZ*17+8`(%rsp),$num
+	#lea	$REG_SZ($ctx),$ctx
+	#lea	`16*$REG_SZ/4`($inp),$inp
+	#dec	$num
+	#jnz	.Loop_grande_avx2
+
+.Ldone_avx2:
+	mov	`$REG_SZ*17`(%rsp),%rax		# original %rsp
+.cfi_def_cfa	%rax,8
+	vzeroupper
+___
+$code.=<<___ if ($win64);
+	movaps	-0xd8(%rax),%xmm6
+	movaps	-0xc8(%rax),%xmm7
+	movaps	-0xb8(%rax),%xmm8
+	movaps	-0xa8(%rax),%xmm9
+	movaps	-0x98(%rax),%xmm10
+	movaps	-0x88(%rax),%xmm11
+	movaps	-0x78(%rax),%xmm12
+	movaps	-0x68(%rax),%xmm13
+	movaps	-0x58(%rax),%xmm14
+	movaps	-0x48(%rax),%xmm15
+___
+$code.=<<___;
+	mov	-48(%rax),%r15
+.cfi_restore	%r15
+	mov	-40(%rax),%r14
+.cfi_restore	%r14
+	mov	-32(%rax),%r13
+.cfi_restore	%r13
+	mov	-24(%rax),%r12
+.cfi_restore	%r12
+	mov	-16(%rax),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rax),%rbx
+.cfi_restore	%rbx
+	lea	(%rax),%rsp
+.cfi_def_cfa_register	%rsp
+.Lepilogue_avx2:
+	ret
+.cfi_endproc
+.size	sha1_multi_block_avx2,.-sha1_multi_block_avx2
+___
+						}	}}}
+$code.=<<___;
+
+.align	256
+	.long	0x5a827999,0x5a827999,0x5a827999,0x5a827999	# K_00_19
+	.long	0x5a827999,0x5a827999,0x5a827999,0x5a827999	# K_00_19
+K_XX_XX:
+	.long	0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1	# K_20_39
+	.long	0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1	# K_20_39
+	.long	0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc	# K_40_59
+	.long	0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc	# K_40_59
+	.long	0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6	# K_60_79
+	.long	0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6	# K_60_79
+	.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f	# pbswap
+	.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f	# pbswap
+	.byte	0xf,0xe,0xd,0xc,0xb,0xa,0x9,0x8,0x7,0x6,0x5,0x4,0x3,0x2,0x1,0x0
+	.asciz	"SHA1 multi-block transform for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+if ($win64) {
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern	__imp_RtlVirtualUnwind
+.type	se_handler,\@abi-omnipotent
+.align	16
+se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# end of prologue label
+	cmp	%r10,%rbx		# context->Rip<.Lbody
+	jb	.Lin_prologue
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=.Lepilogue
+	jae	.Lin_prologue
+
+	mov	`16*17`(%rax),%rax	# pull saved stack pointer
+
+	mov	-8(%rax),%rbx
+	mov	-16(%rax),%rbp
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+
+	lea	-24-10*16(%rax),%rsi
+	lea	512($context),%rdi	# &context.Xmm6
+	mov	\$20,%ecx
+	.long	0xa548f3fc		# cld; rep movsq
+
+.Lin_prologue:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$154,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	se_handler,.-se_handler
+___
+$code.=<<___ if ($avx>1);
+.type	avx2_handler,\@abi-omnipotent
+.align	16
+avx2_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# end of prologue label
+	cmp	%r10,%rbx		# context->Rip<body label
+	jb	.Lin_prologue
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lin_prologue
+
+	mov	`32*17`($context),%rax	# pull saved stack pointer
+
+	mov	-8(%rax),%rbx
+	mov	-16(%rax),%rbp
+	mov	-24(%rax),%r12
+	mov	-32(%rax),%r13
+	mov	-40(%rax),%r14
+	mov	-48(%rax),%r15
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+	mov	%r14,232($context)	# restore context->R14
+	mov	%r15,240($context)	# restore context->R15
+
+	lea	-56-10*16(%rax),%rsi
+	lea	512($context),%rdi	# &context.Xmm6
+	mov	\$20,%ecx
+	.long	0xa548f3fc		# cld; rep movsq
+
+	jmp	.Lin_prologue
+.size	avx2_handler,.-avx2_handler
+___
+$code.=<<___;
+.section	.pdata
+.align	4
+	.rva	.LSEH_begin_sha1_multi_block
+	.rva	.LSEH_end_sha1_multi_block
+	.rva	.LSEH_info_sha1_multi_block
+	.rva	.LSEH_begin_sha1_multi_block_shaext
+	.rva	.LSEH_end_sha1_multi_block_shaext
+	.rva	.LSEH_info_sha1_multi_block_shaext
+___
+$code.=<<___ if ($avx);
+	.rva	.LSEH_begin_sha1_multi_block_avx
+	.rva	.LSEH_end_sha1_multi_block_avx
+	.rva	.LSEH_info_sha1_multi_block_avx
+___
+$code.=<<___ if ($avx>1);
+	.rva	.LSEH_begin_sha1_multi_block_avx2
+	.rva	.LSEH_end_sha1_multi_block_avx2
+	.rva	.LSEH_info_sha1_multi_block_avx2
+___
+$code.=<<___;
+.section	.xdata
+.align	8
+.LSEH_info_sha1_multi_block:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lbody,.Lepilogue			# HandlerData[]
+.LSEH_info_sha1_multi_block_shaext:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lbody_shaext,.Lepilogue_shaext	# HandlerData[]
+___
+$code.=<<___ if ($avx);
+.LSEH_info_sha1_multi_block_avx:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lbody_avx,.Lepilogue_avx		# HandlerData[]
+___
+$code.=<<___ if ($avx>1);
+.LSEH_info_sha1_multi_block_avx2:
+	.byte	9,0,0,0
+	.rva	avx2_handler
+	.rva	.Lbody_avx2,.Lepilogue_avx2		# HandlerData[]
+___
+}
+####################################################################
+
+sub rex {
+  local *opcode=shift;
+  my ($dst,$src)=@_;
+  my $rex=0;
+
+    $rex|=0x04			if ($dst>=8);
+    $rex|=0x01			if ($src>=8);
+    unshift @opcode,$rex|0x40	if ($rex);
+}
+
+sub sha1rnds4 {
+    if (@_[0] =~ /\$([x0-9a-f]+),\s*%xmm([0-9]+),\s*%xmm([0-9]+)/) {
+      my @opcode=(0x0f,0x3a,0xcc);
+	rex(\@opcode,$3,$2);
+	push @opcode,0xc0|($2&7)|(($3&7)<<3);		# ModR/M
+	my $c=$1;
+	push @opcode,$c=~/^0/?oct($c):$c;
+	return ".byte\t".join(',',@opcode);
+    } else {
+	return "sha1rnds4\t".@_[0];
+    }
+}
+
+sub sha1op38 {
+    my $instr = shift;
+    my %opcodelet = (
+		"sha1nexte" => 0xc8,
+  		"sha1msg1"  => 0xc9,
+		"sha1msg2"  => 0xca	);
+
+    if (defined($opcodelet{$instr}) && @_[0] =~ /%xmm([0-9]+),\s*%xmm([0-9]+)/) {
+      my @opcode=(0x0f,0x38);
+	rex(\@opcode,$2,$1);
+	push @opcode,$opcodelet{$instr};
+	push @opcode,0xc0|($1&7)|(($2&7)<<3);		# ModR/M
+	return ".byte\t".join(',',@opcode);
+    } else {
+	return $instr."\t".@_[0];
+    }
+}
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval($1)/ge;
+
+	s/\b(sha1rnds4)\s+(.*)/sha1rnds4($2)/geo		or
+	s/\b(sha1[^\s]*)\s+(.*)/sha1op38($1,$2)/geo		or
+
+	s/\b(vmov[dq])\b(.+)%ymm([0-9]+)/$1$2%xmm$3/go		or
+	s/\b(vmovdqu)\b(.+)%x%ymm([0-9]+)/$1$2%xmm$3/go		or
+	s/\b(vpinsr[qd])\b(.+)%ymm([0-9]+),%ymm([0-9]+)/$1$2%xmm$3,%xmm$4/go	or
+	s/\b(vpextr[qd])\b(.+)%ymm([0-9]+)/$1$2%xmm$3/go	or
+	s/\b(vinserti128)\b(\s+)%ymm/$1$2\$1,%xmm/go		or
+	s/\b(vpbroadcast[qd]\s+)%ymm([0-9]+)/$1%xmm$2/go;
+
+	print $_,"\n";
+}
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-mips.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-mips.pl
new file mode 100644
index 000000000..08f84bc3b
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-mips.pl
@@ -0,0 +1,461 @@
+#! /usr/bin/env perl
+# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# SHA1 block procedure for MIPS.
+
+# Performance improvement is 30% on unaligned input. The "secret" is
+# to deploy lwl/lwr pair to load unaligned input. One could have
+# vectorized Xupdate on MIPSIII/IV, but the goal was to code MIPS32-
+# compatible subroutine. There is room for minor optimization on
+# little-endian platforms...
+
+# September 2012.
+#
+# Add MIPS32r2 code (>25% less instructions).
+
+######################################################################
+# There is a number of MIPS ABI in use, O32 and N32/64 are most
+# widely used. Then there is a new contender: NUBI. It appears that if
+# one picks the latter, it's possible to arrange code in ABI neutral
+# manner. Therefore let's stick to NUBI register layout:
+#
+($zero,$at,$t0,$t1,$t2)=map("\$$_",(0..2,24,25));
+($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11));
+($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7,$s8,$s9,$s10,$s11)=map("\$$_",(12..23));
+($gp,$tp,$sp,$fp,$ra)=map("\$$_",(3,28..31));
+#
+# The return value is placed in $a0. Following coding rules facilitate
+# interoperability:
+#
+# - never ever touch $tp, "thread pointer", former $gp;
+# - copy return value to $t0, former $v0 [or to $a0 if you're adapting
+#   old code];
+# - on O32 populate $a4-$a7 with 'lw $aN,4*N($sp)' if necessary;
+#
+# For reference here is register layout for N32/64 MIPS ABIs:
+#
+# ($zero,$at,$v0,$v1)=map("\$$_",(0..3));
+# ($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11));
+# ($t0,$t1,$t2,$t3,$t8,$t9)=map("\$$_",(12..15,24,25));
+# ($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7)=map("\$$_",(16..23));
+# ($gp,$sp,$fp,$ra)=map("\$$_",(28..31));
+#
+$flavour = shift || "o32"; # supported flavours are o32,n32,64,nubi32,nubi64
+
+if ($flavour =~ /64|n32/i) {
+	$PTR_ADD="daddu";	# incidentally works even on n32
+	$PTR_SUB="dsubu";	# incidentally works even on n32
+	$REG_S="sd";
+	$REG_L="ld";
+	$PTR_SLL="dsll";	# incidentally works even on n32
+	$SZREG=8;
+} else {
+	$PTR_ADD="addu";
+	$PTR_SUB="subu";
+	$REG_S="sw";
+	$REG_L="lw";
+	$PTR_SLL="sll";
+	$SZREG=4;
+}
+#
+# <appro@openssl.org>
+#
+######################################################################
+
+$big_endian=(`echo MIPSEB | $ENV{CC} -E -`=~/MIPSEB/)?0:1 if ($ENV{CC});
+
+for (@ARGV) {	$output=$_ if (/\w[\w\-]*\.\w+$/);   }
+open STDOUT,">$output";
+
+if (!defined($big_endian))
+            {   $big_endian=(unpack('L',pack('N',1))==1);   }
+
+# offsets of the Most and Least Significant Bytes
+$MSB=$big_endian?0:3;
+$LSB=3&~$MSB;
+
+@X=map("\$$_",(8..23));	# a4-a7,s0-s11
+
+$ctx=$a0;
+$inp=$a1;
+$num=$a2;
+$A="\$1";
+$B="\$2";
+$C="\$3";
+$D="\$7";
+$E="\$24";	@V=($A,$B,$C,$D,$E);
+$t0="\$25";
+$t1=$num;	# $num is offloaded to stack
+$t2="\$30";	# fp
+$K="\$31";	# ra
+
+sub BODY_00_14 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i+1;
+$code.=<<___	if (!$big_endian);
+#if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2)
+	wsbh	@X[$i],@X[$i]	# byte swap($i)
+	rotr	@X[$i],@X[$i],16
+#else
+	srl	$t0,@X[$i],24	# byte swap($i)
+	srl	$t1,@X[$i],8
+	andi	$t2,@X[$i],0xFF00
+	sll	@X[$i],@X[$i],24
+	andi	$t1,0xFF00
+	sll	$t2,$t2,8
+	or	@X[$i],$t0
+	or	$t1,$t2
+	or	@X[$i],$t1
+#endif
+___
+$code.=<<___;
+#if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2)
+	addu	$e,$K		# $i
+	xor	$t0,$c,$d
+	rotr	$t1,$a,27
+	and	$t0,$b
+	addu	$e,$t1
+#if defined(_MIPS_ARCH_MIPS32R6) || defined(_MIPS_ARCH_MIPS64R6)
+	 lw	@X[$j],$j*4($inp)
+#else
+	 lwl	@X[$j],$j*4+$MSB($inp)
+	 lwr	@X[$j],$j*4+$LSB($inp)
+#endif
+	xor	$t0,$d
+	addu	$e,@X[$i]
+	rotr	$b,$b,2
+	addu	$e,$t0
+#else
+	 lwl	@X[$j],$j*4+$MSB($inp)
+	sll	$t0,$a,5	# $i
+	addu	$e,$K
+	 lwr	@X[$j],$j*4+$LSB($inp)
+	srl	$t1,$a,27
+	addu	$e,$t0
+	xor	$t0,$c,$d
+	addu	$e,$t1
+	sll	$t2,$b,30
+	and	$t0,$b
+	srl	$b,$b,2
+	xor	$t0,$d
+	addu	$e,@X[$i]
+	or	$b,$t2
+	addu	$e,$t0
+#endif
+___
+}
+
+sub BODY_15_19 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i+1;
+
+$code.=<<___	if (!$big_endian && $i==15);
+#if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2)
+	wsbh	@X[$i],@X[$i]	# byte swap($i)
+	rotr	@X[$i],@X[$i],16
+#else
+	srl	$t0,@X[$i],24	# byte swap($i)
+	srl	$t1,@X[$i],8
+	andi	$t2,@X[$i],0xFF00
+	sll	@X[$i],@X[$i],24
+	andi	$t1,0xFF00
+	sll	$t2,$t2,8
+	or	@X[$i],$t0
+	or	@X[$i],$t1
+	or	@X[$i],$t2
+#endif
+___
+$code.=<<___;
+#if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2)
+	addu	$e,$K		# $i
+	 xor	@X[$j%16],@X[($j+2)%16]
+	xor	$t0,$c,$d
+	rotr	$t1,$a,27
+	 xor	@X[$j%16],@X[($j+8)%16]
+	and	$t0,$b
+	addu	$e,$t1
+	 xor	@X[$j%16],@X[($j+13)%16]
+	xor	$t0,$d
+	addu	$e,@X[$i%16]
+	 rotr	@X[$j%16],@X[$j%16],31
+	rotr	$b,$b,2
+	addu	$e,$t0
+#else
+	 xor	@X[$j%16],@X[($j+2)%16]
+	sll	$t0,$a,5	# $i
+	addu	$e,$K
+	srl	$t1,$a,27
+	addu	$e,$t0
+	 xor	@X[$j%16],@X[($j+8)%16]
+	xor	$t0,$c,$d
+	addu	$e,$t1
+	 xor	@X[$j%16],@X[($j+13)%16]
+	sll	$t2,$b,30
+	and	$t0,$b
+	 srl	$t1,@X[$j%16],31
+	 addu	@X[$j%16],@X[$j%16]
+	srl	$b,$b,2
+	xor	$t0,$d
+	 or	@X[$j%16],$t1
+	addu	$e,@X[$i%16]
+	or	$b,$t2
+	addu	$e,$t0
+#endif
+___
+}
+
+sub BODY_20_39 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i+1;
+$code.=<<___ if ($i<79);
+#if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2)
+	 xor	@X[$j%16],@X[($j+2)%16]
+	addu	$e,$K		# $i
+	rotr	$t1,$a,27
+	 xor	@X[$j%16],@X[($j+8)%16]
+	xor	$t0,$c,$d
+	addu	$e,$t1
+	 xor	@X[$j%16],@X[($j+13)%16]
+	xor	$t0,$b
+	addu	$e,@X[$i%16]
+	 rotr	@X[$j%16],@X[$j%16],31
+	rotr	$b,$b,2
+	addu	$e,$t0
+#else
+	 xor	@X[$j%16],@X[($j+2)%16]
+	sll	$t0,$a,5	# $i
+	addu	$e,$K
+	srl	$t1,$a,27
+	addu	$e,$t0
+	 xor	@X[$j%16],@X[($j+8)%16]
+	xor	$t0,$c,$d
+	addu	$e,$t1
+	 xor	@X[$j%16],@X[($j+13)%16]
+	sll	$t2,$b,30
+	xor	$t0,$b
+	 srl	$t1,@X[$j%16],31
+	 addu	@X[$j%16],@X[$j%16]
+	srl	$b,$b,2
+	addu	$e,@X[$i%16]
+	 or	@X[$j%16],$t1
+	or	$b,$t2
+	addu	$e,$t0
+#endif
+___
+$code.=<<___ if ($i==79);
+#if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2)
+	 lw	@X[0],0($ctx)
+	addu	$e,$K		# $i
+	 lw	@X[1],4($ctx)
+	rotr	$t1,$a,27
+	 lw	@X[2],8($ctx)
+	xor	$t0,$c,$d
+	addu	$e,$t1
+	 lw	@X[3],12($ctx)
+	xor	$t0,$b
+	addu	$e,@X[$i%16]
+	 lw	@X[4],16($ctx)
+	rotr	$b,$b,2
+	addu	$e,$t0
+#else
+	 lw	@X[0],0($ctx)
+	sll	$t0,$a,5	# $i
+	addu	$e,$K
+	 lw	@X[1],4($ctx)
+	srl	$t1,$a,27
+	addu	$e,$t0
+	 lw	@X[2],8($ctx)
+	xor	$t0,$c,$d
+	addu	$e,$t1
+	 lw	@X[3],12($ctx)
+	sll	$t2,$b,30
+	xor	$t0,$b
+	 lw	@X[4],16($ctx)
+	srl	$b,$b,2
+	addu	$e,@X[$i%16]
+	or	$b,$t2
+	addu	$e,$t0
+#endif
+___
+}
+
+sub BODY_40_59 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i+1;
+$code.=<<___ if ($i<79);
+#if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2)
+	addu	$e,$K		# $i
+	and	$t0,$c,$d
+	 xor	@X[$j%16],@X[($j+2)%16]
+	rotr	$t1,$a,27
+	addu	$e,$t0
+	 xor	@X[$j%16],@X[($j+8)%16]
+	xor	$t0,$c,$d
+	addu	$e,$t1
+	 xor	@X[$j%16],@X[($j+13)%16]
+	and	$t0,$b
+	addu	$e,@X[$i%16]
+	 rotr	@X[$j%16],@X[$j%16],31
+	rotr	$b,$b,2
+	addu	$e,$t0
+#else
+	 xor	@X[$j%16],@X[($j+2)%16]
+	sll	$t0,$a,5	# $i
+	addu	$e,$K
+	srl	$t1,$a,27
+	addu	$e,$t0
+	 xor	@X[$j%16],@X[($j+8)%16]
+	and	$t0,$c,$d
+	addu	$e,$t1
+	 xor	@X[$j%16],@X[($j+13)%16]
+	sll	$t2,$b,30
+	addu	$e,$t0
+	 srl	$t1,@X[$j%16],31
+	xor	$t0,$c,$d
+	 addu	@X[$j%16],@X[$j%16]
+	and	$t0,$b
+	srl	$b,$b,2
+	 or	@X[$j%16],$t1
+	addu	$e,@X[$i%16]
+	or	$b,$t2
+	addu	$e,$t0
+#endif
+___
+}
+
+$FRAMESIZE=16;	# large enough to accommodate NUBI saved registers
+$SAVED_REGS_MASK = ($flavour =~ /nubi/i) ? "0xc0fff008" : "0xc0ff0000";
+
+$code=<<___;
+#include "mips_arch.h"
+
+.text
+
+.set	noat
+.set	noreorder
+.align	5
+.globl	sha1_block_data_order
+.ent	sha1_block_data_order
+sha1_block_data_order:
+	.frame	$sp,$FRAMESIZE*$SZREG,$ra
+	.mask	$SAVED_REGS_MASK,-$SZREG
+	.set	noreorder
+	$PTR_SUB $sp,$FRAMESIZE*$SZREG
+	$REG_S	$ra,($FRAMESIZE-1)*$SZREG($sp)
+	$REG_S	$fp,($FRAMESIZE-2)*$SZREG($sp)
+	$REG_S	$s11,($FRAMESIZE-3)*$SZREG($sp)
+	$REG_S	$s10,($FRAMESIZE-4)*$SZREG($sp)
+	$REG_S	$s9,($FRAMESIZE-5)*$SZREG($sp)
+	$REG_S	$s8,($FRAMESIZE-6)*$SZREG($sp)
+	$REG_S	$s7,($FRAMESIZE-7)*$SZREG($sp)
+	$REG_S	$s6,($FRAMESIZE-8)*$SZREG($sp)
+	$REG_S	$s5,($FRAMESIZE-9)*$SZREG($sp)
+	$REG_S	$s4,($FRAMESIZE-10)*$SZREG($sp)
+___
+$code.=<<___ if ($flavour =~ /nubi/i);	# optimize non-nubi prologue
+	$REG_S	$s3,($FRAMESIZE-11)*$SZREG($sp)
+	$REG_S	$s2,($FRAMESIZE-12)*$SZREG($sp)
+	$REG_S	$s1,($FRAMESIZE-13)*$SZREG($sp)
+	$REG_S	$s0,($FRAMESIZE-14)*$SZREG($sp)
+	$REG_S	$gp,($FRAMESIZE-15)*$SZREG($sp)
+___
+$code.=<<___;
+	$PTR_SLL $num,6
+	$PTR_ADD $num,$inp
+	$REG_S	$num,0($sp)
+	lw	$A,0($ctx)
+	lw	$B,4($ctx)
+	lw	$C,8($ctx)
+	lw	$D,12($ctx)
+	b	.Loop
+	lw	$E,16($ctx)
+.align	4
+.Loop:
+	.set	reorder
+#if defined(_MIPS_ARCH_MIPS32R6) || defined(_MIPS_ARCH_MIPS64R6)
+	lui	$K,0x5a82
+	lw	@X[0],($inp)
+	ori	$K,0x7999	# K_00_19
+#else
+	lwl	@X[0],$MSB($inp)
+	lui	$K,0x5a82
+	lwr	@X[0],$LSB($inp)
+	ori	$K,0x7999	# K_00_19
+#endif
+___
+for ($i=0;$i<15;$i++)	{ &BODY_00_14($i,@V); unshift(@V,pop(@V)); }
+for (;$i<20;$i++)	{ &BODY_15_19($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	lui	$K,0x6ed9
+	ori	$K,0xeba1	# K_20_39
+___
+for (;$i<40;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	lui	$K,0x8f1b
+	ori	$K,0xbcdc	# K_40_59
+___
+for (;$i<60;$i++)	{ &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	lui	$K,0xca62
+	ori	$K,0xc1d6	# K_60_79
+___
+for (;$i<80;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	$PTR_ADD $inp,64
+	$REG_L	$num,0($sp)
+
+	addu	$A,$X[0]
+	addu	$B,$X[1]
+	sw	$A,0($ctx)
+	addu	$C,$X[2]
+	addu	$D,$X[3]
+	sw	$B,4($ctx)
+	addu	$E,$X[4]
+	sw	$C,8($ctx)
+	sw	$D,12($ctx)
+	sw	$E,16($ctx)
+	.set	noreorder
+	bne	$inp,$num,.Loop
+	nop
+
+	.set	noreorder
+	$REG_L	$ra,($FRAMESIZE-1)*$SZREG($sp)
+	$REG_L	$fp,($FRAMESIZE-2)*$SZREG($sp)
+	$REG_L	$s11,($FRAMESIZE-3)*$SZREG($sp)
+	$REG_L	$s10,($FRAMESIZE-4)*$SZREG($sp)
+	$REG_L	$s9,($FRAMESIZE-5)*$SZREG($sp)
+	$REG_L	$s8,($FRAMESIZE-6)*$SZREG($sp)
+	$REG_L	$s7,($FRAMESIZE-7)*$SZREG($sp)
+	$REG_L	$s6,($FRAMESIZE-8)*$SZREG($sp)
+	$REG_L	$s5,($FRAMESIZE-9)*$SZREG($sp)
+	$REG_L	$s4,($FRAMESIZE-10)*$SZREG($sp)
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	$REG_L	$s3,($FRAMESIZE-11)*$SZREG($sp)
+	$REG_L	$s2,($FRAMESIZE-12)*$SZREG($sp)
+	$REG_L	$s1,($FRAMESIZE-13)*$SZREG($sp)
+	$REG_L	$s0,($FRAMESIZE-14)*$SZREG($sp)
+	$REG_L	$gp,($FRAMESIZE-15)*$SZREG($sp)
+___
+$code.=<<___;
+	jr	$ra
+	$PTR_ADD $sp,$FRAMESIZE*$SZREG
+.end	sha1_block_data_order
+.rdata
+.asciiz	"SHA1 for MIPS, CRYPTOGAMS by <appro\@openssl.org>"
+___
+print $code;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-parisc.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-parisc.pl
new file mode 100644
index 000000000..b001be16a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-parisc.pl
@@ -0,0 +1,279 @@
+#! /usr/bin/env perl
+# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# SHA1 block procedure for PA-RISC.
+
+# June 2009.
+#
+# On PA-7100LC performance is >30% better than gcc 3.2 generated code
+# for aligned input and >50% better for unaligned. Compared to vendor
+# compiler on PA-8600 it's almost 60% faster in 64-bit build and just
+# few percent faster in 32-bit one (this for aligned input, data for
+# unaligned input is not available).
+#
+# Special thanks to polarhome.com for providing HP-UX account.
+
+$flavour = shift;
+$output = shift;
+open STDOUT,">$output";
+
+if ($flavour =~ /64/) {
+	$LEVEL		="2.0W";
+	$SIZE_T		=8;
+	$FRAME_MARKER	=80;
+	$SAVED_RP	=16;
+	$PUSH		="std";
+	$PUSHMA		="std,ma";
+	$POP		="ldd";
+	$POPMB		="ldd,mb";
+} else {
+	$LEVEL		="1.0";
+	$SIZE_T		=4;
+	$FRAME_MARKER	=48;
+	$SAVED_RP	=20;
+	$PUSH		="stw";
+	$PUSHMA		="stwm";
+	$POP		="ldw";
+	$POPMB		="ldwm";
+}
+
+$FRAME=14*$SIZE_T+$FRAME_MARKER;# 14 saved regs + frame marker
+				#                 [+ argument transfer]
+$ctx="%r26";		# arg0
+$inp="%r25";		# arg1
+$num="%r24";		# arg2
+
+$t0="%r28";
+$t1="%r29";
+$K="%r31";
+
+@X=("%r1", "%r2", "%r3", "%r4", "%r5", "%r6", "%r7", "%r8",
+    "%r9", "%r10","%r11","%r12","%r13","%r14","%r15","%r16",$t0);
+
+@V=($A,$B,$C,$D,$E)=("%r19","%r20","%r21","%r22","%r23");
+
+sub BODY_00_19 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i+1;
+$code.=<<___ if ($i<15);
+	addl	$K,$e,$e	; $i
+	shd	$a,$a,27,$t1
+	addl	@X[$i],$e,$e
+	and	$c,$b,$t0
+	addl	$t1,$e,$e
+	andcm	$d,$b,$t1
+	shd	$b,$b,2,$b
+	or	$t1,$t0,$t0
+	addl	$t0,$e,$e
+___
+$code.=<<___ if ($i>=15);	# with forward Xupdate
+	addl	$K,$e,$e	; $i
+	shd	$a,$a,27,$t1
+	xor	@X[($j+2)%16],@X[$j%16],@X[$j%16]
+	addl	@X[$i%16],$e,$e
+	and	$c,$b,$t0
+	xor	@X[($j+8)%16],@X[$j%16],@X[$j%16]
+	addl	$t1,$e,$e
+	andcm	$d,$b,$t1
+	shd	$b,$b,2,$b
+	or	$t1,$t0,$t0
+	xor	@X[($j+13)%16],@X[$j%16],@X[$j%16]
+	add	$t0,$e,$e
+	shd	@X[$j%16],@X[$j%16],31,@X[$j%16]
+___
+}
+
+sub BODY_20_39 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i+1;
+$code.=<<___ if ($i<79);
+	xor	@X[($j+2)%16],@X[$j%16],@X[$j%16]	; $i
+	addl	$K,$e,$e
+	shd	$a,$a,27,$t1
+	xor	@X[($j+8)%16],@X[$j%16],@X[$j%16]
+	addl	@X[$i%16],$e,$e
+	xor	$b,$c,$t0
+	xor	@X[($j+13)%16],@X[$j%16],@X[$j%16]
+	addl	$t1,$e,$e
+	shd	$b,$b,2,$b
+	xor	$d,$t0,$t0
+	shd	@X[$j%16],@X[$j%16],31,@X[$j%16]
+	addl	$t0,$e,$e
+___
+$code.=<<___ if ($i==79);	# with context load
+	ldw	0($ctx),@X[0]	; $i
+	addl	$K,$e,$e
+	shd	$a,$a,27,$t1
+	ldw	4($ctx),@X[1]
+	addl	@X[$i%16],$e,$e
+	xor	$b,$c,$t0
+	ldw	8($ctx),@X[2]
+	addl	$t1,$e,$e
+	shd	$b,$b,2,$b
+	xor	$d,$t0,$t0
+	ldw	12($ctx),@X[3]
+	addl	$t0,$e,$e
+	ldw	16($ctx),@X[4]
+___
+}
+
+sub BODY_40_59 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i+1;
+$code.=<<___;
+	shd	$a,$a,27,$t1	; $i
+	addl	$K,$e,$e
+	xor	@X[($j+2)%16],@X[$j%16],@X[$j%16]
+	xor	$d,$c,$t0
+	addl	@X[$i%16],$e,$e
+	xor	@X[($j+8)%16],@X[$j%16],@X[$j%16]
+	and	$b,$t0,$t0
+	addl	$t1,$e,$e
+	shd	$b,$b,2,$b
+	xor	@X[($j+13)%16],@X[$j%16],@X[$j%16]
+	addl	$t0,$e,$e
+	and	$d,$c,$t1
+	shd	@X[$j%16],@X[$j%16],31,@X[$j%16]
+	addl	$t1,$e,$e
+___
+}
+
+$code=<<___;
+	.LEVEL	$LEVEL
+	.SPACE	\$TEXT\$
+	.SUBSPA	\$CODE\$,QUAD=0,ALIGN=8,ACCESS=0x2C,CODE_ONLY
+
+	.EXPORT	sha1_block_data_order,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR
+sha1_block_data_order
+	.PROC
+	.CALLINFO	FRAME=`$FRAME-14*$SIZE_T`,NO_CALLS,SAVE_RP,ENTRY_GR=16
+	.ENTRY
+	$PUSH	%r2,-$SAVED_RP(%sp)	; standard prologue
+	$PUSHMA	%r3,$FRAME(%sp)
+	$PUSH	%r4,`-$FRAME+1*$SIZE_T`(%sp)
+	$PUSH	%r5,`-$FRAME+2*$SIZE_T`(%sp)
+	$PUSH	%r6,`-$FRAME+3*$SIZE_T`(%sp)
+	$PUSH	%r7,`-$FRAME+4*$SIZE_T`(%sp)
+	$PUSH	%r8,`-$FRAME+5*$SIZE_T`(%sp)
+	$PUSH	%r9,`-$FRAME+6*$SIZE_T`(%sp)
+	$PUSH	%r10,`-$FRAME+7*$SIZE_T`(%sp)
+	$PUSH	%r11,`-$FRAME+8*$SIZE_T`(%sp)
+	$PUSH	%r12,`-$FRAME+9*$SIZE_T`(%sp)
+	$PUSH	%r13,`-$FRAME+10*$SIZE_T`(%sp)
+	$PUSH	%r14,`-$FRAME+11*$SIZE_T`(%sp)
+	$PUSH	%r15,`-$FRAME+12*$SIZE_T`(%sp)
+	$PUSH	%r16,`-$FRAME+13*$SIZE_T`(%sp)
+
+	ldw	0($ctx),$A
+	ldw	4($ctx),$B
+	ldw	8($ctx),$C
+	ldw	12($ctx),$D
+	ldw	16($ctx),$E
+
+	extru	$inp,31,2,$t0		; t0=inp&3;
+	sh3addl	$t0,%r0,$t0		; t0*=8;
+	subi	32,$t0,$t0		; t0=32-t0;
+	mtctl	$t0,%cr11		; %sar=t0;
+
+L\$oop
+	ldi	3,$t0
+	andcm	$inp,$t0,$t0		; 64-bit neutral
+___
+	for ($i=0;$i<15;$i++) {		# load input block
+	$code.="\tldw	`4*$i`($t0),@X[$i]\n";		}
+$code.=<<___;
+	cmpb,*=	$inp,$t0,L\$aligned
+	ldw	60($t0),@X[15]
+	ldw	64($t0),@X[16]
+___
+	for ($i=0;$i<16;$i++) {		# align input
+	$code.="\tvshd	@X[$i],@X[$i+1],@X[$i]\n";	}
+$code.=<<___;
+L\$aligned
+	ldil	L'0x5a827000,$K		; K_00_19
+	ldo	0x999($K),$K
+___
+for ($i=0;$i<20;$i++)   { &BODY_00_19($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	ldil	L'0x6ed9e000,$K		; K_20_39
+	ldo	0xba1($K),$K
+___
+
+for (;$i<40;$i++)       { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	ldil	L'0x8f1bb000,$K		; K_40_59
+	ldo	0xcdc($K),$K
+___
+
+for (;$i<60;$i++)       { &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	ldil	L'0xca62c000,$K		; K_60_79
+	ldo	0x1d6($K),$K
+___
+for (;$i<80;$i++)       { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+
+$code.=<<___;
+	addl	@X[0],$A,$A
+	addl	@X[1],$B,$B
+	addl	@X[2],$C,$C
+	addl	@X[3],$D,$D
+	addl	@X[4],$E,$E
+	stw	$A,0($ctx)
+	stw	$B,4($ctx)
+	stw	$C,8($ctx)
+	stw	$D,12($ctx)
+	stw	$E,16($ctx)
+	addib,*<> -1,$num,L\$oop
+	ldo	64($inp),$inp
+
+	$POP	`-$FRAME-$SAVED_RP`(%sp),%r2	; standard epilogue
+	$POP	`-$FRAME+1*$SIZE_T`(%sp),%r4
+	$POP	`-$FRAME+2*$SIZE_T`(%sp),%r5
+	$POP	`-$FRAME+3*$SIZE_T`(%sp),%r6
+	$POP	`-$FRAME+4*$SIZE_T`(%sp),%r7
+	$POP	`-$FRAME+5*$SIZE_T`(%sp),%r8
+	$POP	`-$FRAME+6*$SIZE_T`(%sp),%r9
+	$POP	`-$FRAME+7*$SIZE_T`(%sp),%r10
+	$POP	`-$FRAME+8*$SIZE_T`(%sp),%r11
+	$POP	`-$FRAME+9*$SIZE_T`(%sp),%r12
+	$POP	`-$FRAME+10*$SIZE_T`(%sp),%r13
+	$POP	`-$FRAME+11*$SIZE_T`(%sp),%r14
+	$POP	`-$FRAME+12*$SIZE_T`(%sp),%r15
+	$POP	`-$FRAME+13*$SIZE_T`(%sp),%r16
+	bv	(%r2)
+	.EXIT
+	$POPMB	-$FRAME(%sp),%r3
+	.PROCEND
+	.STRINGZ "SHA1 block transform for PA-RISC, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+	=~ /GNU assembler/) {
+    $gnuas = 1;
+}
+
+foreach(split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/ge;
+
+	s/(\.LEVEL\s+2\.0)W/$1w/	if ($gnuas && $SIZE_T==8);
+	s/\.SPACE\s+\$TEXT\$/.text/	if ($gnuas && $SIZE_T==8);
+	s/\.SUBSPA.*//			if ($gnuas && $SIZE_T==8);
+	s/,\*/,/			if ($SIZE_T==4);
+	s/\bbv\b/bve/			if ($SIZE_T==8);
+
+	print $_,"\n";
+}
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-ppc.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-ppc.pl
new file mode 100755
index 000000000..0cda0a3e1
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-ppc.pl
@@ -0,0 +1,351 @@
+#! /usr/bin/env perl
+# Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# I let hardware handle unaligned input(*), except on page boundaries
+# (see below for details). Otherwise straightforward implementation
+# with X vector in register bank.
+#
+# (*) this means that this module is inappropriate for PPC403? Does
+#     anybody know if pre-POWER3 can sustain unaligned load?
+
+# 			-m64	-m32
+# ----------------------------------
+# PPC970,gcc-4.0.0	+76%	+59%
+# Power6,xlc-7		+68%	+33%
+
+$flavour = shift;
+
+if ($flavour =~ /64/) {
+	$SIZE_T	=8;
+	$LRSAVE	=2*$SIZE_T;
+	$UCMP	="cmpld";
+	$STU	="stdu";
+	$POP	="ld";
+	$PUSH	="std";
+} elsif ($flavour =~ /32/) {
+	$SIZE_T	=4;
+	$LRSAVE	=$SIZE_T;
+	$UCMP	="cmplw";
+	$STU	="stwu";
+	$POP	="lwz";
+	$PUSH	="stw";
+} else { die "nonsense $flavour"; }
+
+# Define endianness based on flavour
+# i.e.: linux64le
+$LITTLE_ENDIAN = ($flavour=~/le$/) ? $SIZE_T : 0;
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
+die "can't locate ppc-xlate.pl";
+
+open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!";
+
+$FRAME=24*$SIZE_T+64;
+$LOCALS=6*$SIZE_T;
+
+$K  ="r0";
+$sp ="r1";
+$toc="r2";
+$ctx="r3";
+$inp="r4";
+$num="r5";
+$t0 ="r15";
+$t1 ="r6";
+
+$A  ="r7";
+$B  ="r8";
+$C  ="r9";
+$D  ="r10";
+$E  ="r11";
+$T  ="r12";
+
+@V=($A,$B,$C,$D,$E,$T);
+@X=("r16","r17","r18","r19","r20","r21","r22","r23",
+    "r24","r25","r26","r27","r28","r29","r30","r31");
+
+sub loadbe {
+my ($dst, $src, $temp_reg) = @_;
+$code.=<<___ if (!$LITTLE_ENDIAN);
+	lwz	$dst,$src
+___
+$code.=<<___ if ($LITTLE_ENDIAN);
+	lwz	$temp_reg,$src
+	rotlwi	$dst,$temp_reg,8
+	rlwimi	$dst,$temp_reg,24,0,7
+	rlwimi	$dst,$temp_reg,24,16,23
+___
+}
+
+sub BODY_00_19 {
+my ($i,$a,$b,$c,$d,$e,$f)=@_;
+my $j=$i+1;
+
+	# Since the last value of $f is discarded, we can use
+	# it as a temp reg to swap byte-order when needed.
+	loadbe("@X[$i]","`$i*4`($inp)",$f) if ($i==0);
+	loadbe("@X[$j]","`$j*4`($inp)",$f) if ($i<15);
+$code.=<<___ if ($i<15);
+	add	$f,$K,$e
+	rotlwi	$e,$a,5
+	add	$f,$f,@X[$i]
+	and	$t0,$c,$b
+	add	$f,$f,$e
+	andc	$t1,$d,$b
+	rotlwi	$b,$b,30
+	or	$t0,$t0,$t1
+	add	$f,$f,$t0
+___
+$code.=<<___ if ($i>=15);
+	add	$f,$K,$e
+	rotlwi	$e,$a,5
+	xor	@X[$j%16],@X[$j%16],@X[($j+2)%16]
+	add	$f,$f,@X[$i%16]
+	and	$t0,$c,$b
+	xor	@X[$j%16],@X[$j%16],@X[($j+8)%16]
+	add	$f,$f,$e
+	andc	$t1,$d,$b
+	rotlwi	$b,$b,30
+	or	$t0,$t0,$t1
+	xor	@X[$j%16],@X[$j%16],@X[($j+13)%16]
+	add	$f,$f,$t0
+	rotlwi	@X[$j%16],@X[$j%16],1
+___
+}
+
+sub BODY_20_39 {
+my ($i,$a,$b,$c,$d,$e,$f)=@_;
+my $j=$i+1;
+$code.=<<___ if ($i<79);
+	add	$f,$K,$e
+	xor	$t0,$b,$d
+	rotlwi	$e,$a,5
+	xor	@X[$j%16],@X[$j%16],@X[($j+2)%16]
+	add	$f,$f,@X[$i%16]
+	xor	$t0,$t0,$c
+	xor	@X[$j%16],@X[$j%16],@X[($j+8)%16]
+	add	$f,$f,$t0
+	rotlwi	$b,$b,30
+	xor	@X[$j%16],@X[$j%16],@X[($j+13)%16]
+	add	$f,$f,$e
+	rotlwi	@X[$j%16],@X[$j%16],1
+___
+$code.=<<___ if ($i==79);
+	add	$f,$K,$e
+	xor	$t0,$b,$d
+	rotlwi	$e,$a,5
+	lwz	r16,0($ctx)
+	add	$f,$f,@X[$i%16]
+	xor	$t0,$t0,$c
+	lwz	r17,4($ctx)
+	add	$f,$f,$t0
+	rotlwi	$b,$b,30
+	lwz	r18,8($ctx)
+	lwz	r19,12($ctx)
+	add	$f,$f,$e
+	lwz	r20,16($ctx)
+___
+}
+
+sub BODY_40_59 {
+my ($i,$a,$b,$c,$d,$e,$f)=@_;
+my $j=$i+1;
+$code.=<<___;
+	add	$f,$K,$e
+	rotlwi	$e,$a,5
+	xor	@X[$j%16],@X[$j%16],@X[($j+2)%16]
+	add	$f,$f,@X[$i%16]
+	and	$t0,$b,$c
+	xor	@X[$j%16],@X[$j%16],@X[($j+8)%16]
+	add	$f,$f,$e
+	or	$t1,$b,$c
+	rotlwi	$b,$b,30
+	xor	@X[$j%16],@X[$j%16],@X[($j+13)%16]
+	and	$t1,$t1,$d
+	or	$t0,$t0,$t1
+	rotlwi	@X[$j%16],@X[$j%16],1
+	add	$f,$f,$t0
+___
+}
+
+$code=<<___;
+.machine	"any"
+.text
+
+.globl	.sha1_block_data_order
+.align	4
+.sha1_block_data_order:
+	$STU	$sp,-$FRAME($sp)
+	mflr	r0
+	$PUSH	r15,`$FRAME-$SIZE_T*17`($sp)
+	$PUSH	r16,`$FRAME-$SIZE_T*16`($sp)
+	$PUSH	r17,`$FRAME-$SIZE_T*15`($sp)
+	$PUSH	r18,`$FRAME-$SIZE_T*14`($sp)
+	$PUSH	r19,`$FRAME-$SIZE_T*13`($sp)
+	$PUSH	r20,`$FRAME-$SIZE_T*12`($sp)
+	$PUSH	r21,`$FRAME-$SIZE_T*11`($sp)
+	$PUSH	r22,`$FRAME-$SIZE_T*10`($sp)
+	$PUSH	r23,`$FRAME-$SIZE_T*9`($sp)
+	$PUSH	r24,`$FRAME-$SIZE_T*8`($sp)
+	$PUSH	r25,`$FRAME-$SIZE_T*7`($sp)
+	$PUSH	r26,`$FRAME-$SIZE_T*6`($sp)
+	$PUSH	r27,`$FRAME-$SIZE_T*5`($sp)
+	$PUSH	r28,`$FRAME-$SIZE_T*4`($sp)
+	$PUSH	r29,`$FRAME-$SIZE_T*3`($sp)
+	$PUSH	r30,`$FRAME-$SIZE_T*2`($sp)
+	$PUSH	r31,`$FRAME-$SIZE_T*1`($sp)
+	$PUSH	r0,`$FRAME+$LRSAVE`($sp)
+	lwz	$A,0($ctx)
+	lwz	$B,4($ctx)
+	lwz	$C,8($ctx)
+	lwz	$D,12($ctx)
+	lwz	$E,16($ctx)
+	andi.	r0,$inp,3
+	bne	Lunaligned
+Laligned:
+	mtctr	$num
+	bl	Lsha1_block_private
+	b	Ldone
+
+; PowerPC specification allows an implementation to be ill-behaved
+; upon unaligned access which crosses page boundary. "Better safe
+; than sorry" principle makes me treat it specially. But I don't
+; look for particular offending word, but rather for 64-byte input
+; block which crosses the boundary. Once found that block is aligned
+; and hashed separately...
+.align	4
+Lunaligned:
+	subfic	$t1,$inp,4096
+	andi.	$t1,$t1,4095	; distance to closest page boundary
+	srwi.	$t1,$t1,6	; t1/=64
+	beq	Lcross_page
+	$UCMP	$num,$t1
+	ble	Laligned	; didn't cross the page boundary
+	mtctr	$t1
+	subfc	$num,$t1,$num
+	bl	Lsha1_block_private
+Lcross_page:
+	li	$t1,16
+	mtctr	$t1
+	addi	r20,$sp,$LOCALS	; spot within the frame
+Lmemcpy:
+	lbz	r16,0($inp)
+	lbz	r17,1($inp)
+	lbz	r18,2($inp)
+	lbz	r19,3($inp)
+	addi	$inp,$inp,4
+	stb	r16,0(r20)
+	stb	r17,1(r20)
+	stb	r18,2(r20)
+	stb	r19,3(r20)
+	addi	r20,r20,4
+	bdnz	Lmemcpy
+
+	$PUSH	$inp,`$FRAME-$SIZE_T*18`($sp)
+	li	$t1,1
+	addi	$inp,$sp,$LOCALS
+	mtctr	$t1
+	bl	Lsha1_block_private
+	$POP	$inp,`$FRAME-$SIZE_T*18`($sp)
+	addic.	$num,$num,-1
+	bne	Lunaligned
+
+Ldone:
+	$POP	r0,`$FRAME+$LRSAVE`($sp)
+	$POP	r15,`$FRAME-$SIZE_T*17`($sp)
+	$POP	r16,`$FRAME-$SIZE_T*16`($sp)
+	$POP	r17,`$FRAME-$SIZE_T*15`($sp)
+	$POP	r18,`$FRAME-$SIZE_T*14`($sp)
+	$POP	r19,`$FRAME-$SIZE_T*13`($sp)
+	$POP	r20,`$FRAME-$SIZE_T*12`($sp)
+	$POP	r21,`$FRAME-$SIZE_T*11`($sp)
+	$POP	r22,`$FRAME-$SIZE_T*10`($sp)
+	$POP	r23,`$FRAME-$SIZE_T*9`($sp)
+	$POP	r24,`$FRAME-$SIZE_T*8`($sp)
+	$POP	r25,`$FRAME-$SIZE_T*7`($sp)
+	$POP	r26,`$FRAME-$SIZE_T*6`($sp)
+	$POP	r27,`$FRAME-$SIZE_T*5`($sp)
+	$POP	r28,`$FRAME-$SIZE_T*4`($sp)
+	$POP	r29,`$FRAME-$SIZE_T*3`($sp)
+	$POP	r30,`$FRAME-$SIZE_T*2`($sp)
+	$POP	r31,`$FRAME-$SIZE_T*1`($sp)
+	mtlr	r0
+	addi	$sp,$sp,$FRAME
+	blr
+	.long	0
+	.byte	0,12,4,1,0x80,18,3,0
+	.long	0
+___
+
+# This is private block function, which uses tailored calling
+# interface, namely upon entry SHA_CTX is pre-loaded to given
+# registers and counter register contains amount of chunks to
+# digest...
+$code.=<<___;
+.align	4
+Lsha1_block_private:
+___
+$code.=<<___;	# load K_00_19
+	lis	$K,0x5a82
+	ori	$K,$K,0x7999
+___
+for($i=0;$i<20;$i++)	{ &BODY_00_19($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;	# load K_20_39
+	lis	$K,0x6ed9
+	ori	$K,$K,0xeba1
+___
+for(;$i<40;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;	# load K_40_59
+	lis	$K,0x8f1b
+	ori	$K,$K,0xbcdc
+___
+for(;$i<60;$i++)	{ &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;	# load K_60_79
+	lis	$K,0xca62
+	ori	$K,$K,0xc1d6
+___
+for(;$i<80;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	add	r16,r16,$E
+	add	r17,r17,$T
+	add	r18,r18,$A
+	add	r19,r19,$B
+	add	r20,r20,$C
+	stw	r16,0($ctx)
+	mr	$A,r16
+	stw	r17,4($ctx)
+	mr	$B,r17
+	stw	r18,8($ctx)
+	mr	$C,r18
+	stw	r19,12($ctx)
+	mr	$D,r19
+	stw	r20,16($ctx)
+	mr	$E,r20
+	addi	$inp,$inp,`16*4`
+	bdnz	Lsha1_block_private
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+.size	.sha1_block_data_order,.-.sha1_block_data_order
+___
+$code.=<<___;
+.asciz	"SHA1 block transform for PPC, CRYPTOGAMS by <appro\@fy.chalmers.se>"
+___
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-s390x.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-s390x.pl
new file mode 100644
index 000000000..5729c3089
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-s390x.pl
@@ -0,0 +1,249 @@
+#! /usr/bin/env perl
+# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# SHA1 block procedure for s390x.
+
+# April 2007.
+#
+# Performance is >30% better than gcc 3.3 generated code. But the real
+# twist is that SHA1 hardware support is detected and utilized. In
+# which case performance can reach further >4.5x for larger chunks.
+
+# January 2009.
+#
+# Optimize Xupdate for amount of memory references and reschedule
+# instructions to favour dual-issue z10 pipeline. On z10 hardware is
+# "only" ~2.3x faster than software.
+
+# November 2010.
+#
+# Adapt for -m31 build. If kernel supports what's called "highgprs"
+# feature on Linux [see /proc/cpuinfo], it's possible to use 64-bit
+# instructions and achieve "64-bit" performance even in 31-bit legacy
+# application context. The feature is not specific to any particular
+# processor, as long as it's "z-CPU". Latter implies that the code
+# remains z/Architecture specific. On z990 it was measured to perform
+# 23% better than code generated by gcc 4.3.
+
+$kimdfunc=1;	# magic function code for kimd instruction
+
+$flavour = shift;
+
+if ($flavour =~ /3[12]/) {
+	$SIZE_T=4;
+	$g="";
+} else {
+	$SIZE_T=8;
+	$g="g";
+}
+
+while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+open STDOUT,">$output";
+
+$K_00_39="%r0"; $K=$K_00_39;
+$K_40_79="%r1";
+$ctx="%r2";	$prefetch="%r2";
+$inp="%r3";
+$len="%r4";
+
+$A="%r5";
+$B="%r6";
+$C="%r7";
+$D="%r8";
+$E="%r9";	@V=($A,$B,$C,$D,$E);
+$t0="%r10";
+$t1="%r11";
+@X=("%r12","%r13","%r14");
+$sp="%r15";
+
+$stdframe=16*$SIZE_T+4*8;
+$frame=$stdframe+16*4;
+
+sub Xupdate {
+my $i=shift;
+
+$code.=<<___ if ($i==15);
+	lg	$prefetch,$stdframe($sp)	### Xupdate(16) warm-up
+	lr	$X[0],$X[2]
+___
+return if ($i&1);	# Xupdate is vectorized and executed every 2nd cycle
+$code.=<<___ if ($i<16);
+	lg	$X[0],`$i*4`($inp)	### Xload($i)
+	rllg	$X[1],$X[0],32
+___
+$code.=<<___ if ($i>=16);
+	xgr	$X[0],$prefetch		### Xupdate($i)
+	lg	$prefetch,`$stdframe+4*(($i+2)%16)`($sp)
+	xg	$X[0],`$stdframe+4*(($i+8)%16)`($sp)
+	xgr	$X[0],$prefetch
+	rll	$X[0],$X[0],1
+	rllg	$X[1],$X[0],32
+	rll	$X[1],$X[1],1
+	rllg	$X[0],$X[1],32
+	lr	$X[2],$X[1]		# feedback
+___
+$code.=<<___ if ($i<=70);
+	stg	$X[0],`$stdframe+4*($i%16)`($sp)
+___
+unshift(@X,pop(@X));
+}
+
+sub BODY_00_19 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $xi=$X[1];
+
+	&Xupdate($i);
+$code.=<<___;
+	alr	$e,$K		### $i
+	rll	$t1,$a,5
+	lr	$t0,$d
+	xr	$t0,$c
+	alr	$e,$t1
+	nr	$t0,$b
+	alr	$e,$xi
+	xr	$t0,$d
+	rll	$b,$b,30
+	alr	$e,$t0
+___
+}
+
+sub BODY_20_39 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $xi=$X[1];
+
+	&Xupdate($i);
+$code.=<<___;
+	alr	$e,$K		### $i
+	rll	$t1,$a,5
+	lr	$t0,$b
+	alr	$e,$t1
+	xr	$t0,$c
+	alr	$e,$xi
+	xr	$t0,$d
+	rll	$b,$b,30
+	alr	$e,$t0
+___
+}
+
+sub BODY_40_59 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $xi=$X[1];
+
+	&Xupdate($i);
+$code.=<<___;
+	alr	$e,$K		### $i
+	rll	$t1,$a,5
+	lr	$t0,$b
+	alr	$e,$t1
+	or	$t0,$c
+	lr	$t1,$b
+	nr	$t0,$d
+	nr	$t1,$c
+	alr	$e,$xi
+	or	$t0,$t1
+	rll	$b,$b,30
+	alr	$e,$t0
+___
+}
+
+$code.=<<___;
+#include "s390x_arch.h"
+
+.text
+.align	64
+.type	Ktable,\@object
+Ktable: .long	0x5a827999,0x6ed9eba1,0x8f1bbcdc,0xca62c1d6
+	.skip	48	#.long	0,0,0,0,0,0,0,0,0,0,0,0
+.size	Ktable,.-Ktable
+.globl	sha1_block_data_order
+.type	sha1_block_data_order,\@function
+sha1_block_data_order:
+___
+$code.=<<___ if ($kimdfunc);
+	larl	%r1,OPENSSL_s390xcap_P
+	lg	%r0,S390X_KIMD(%r1)	# check kimd capabilities
+	tmhh	%r0,`0x8000>>$kimdfunc`
+	jz	.Lsoftware
+	lghi	%r0,$kimdfunc
+	lgr	%r1,$ctx
+	lgr	%r2,$inp
+	sllg	%r3,$len,6
+	.long	0xb93e0002	# kimd %r0,%r2
+	brc	1,.-4		# pay attention to "partial completion"
+	br	%r14
+.align	16
+.Lsoftware:
+___
+$code.=<<___;
+	lghi	%r1,-$frame
+	st${g}	$ctx,`2*$SIZE_T`($sp)
+	stm${g}	%r6,%r15,`6*$SIZE_T`($sp)
+	lgr	%r0,$sp
+	la	$sp,0(%r1,$sp)
+	st${g}	%r0,0($sp)
+
+	larl	$t0,Ktable
+	llgf	$A,0($ctx)
+	llgf	$B,4($ctx)
+	llgf	$C,8($ctx)
+	llgf	$D,12($ctx)
+	llgf	$E,16($ctx)
+
+	lg	$K_00_39,0($t0)
+	lg	$K_40_79,8($t0)
+
+.Lloop:
+	rllg	$K_00_39,$K_00_39,32
+___
+for ($i=0;$i<20;$i++)	{ &BODY_00_19($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	rllg	$K_00_39,$K_00_39,32
+___
+for (;$i<40;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;	$K=$K_40_79;
+	rllg	$K_40_79,$K_40_79,32
+___
+for (;$i<60;$i++)	{ &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	rllg	$K_40_79,$K_40_79,32
+___
+for (;$i<80;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+
+	l${g}	$ctx,`$frame+2*$SIZE_T`($sp)
+	la	$inp,64($inp)
+	al	$A,0($ctx)
+	al	$B,4($ctx)
+	al	$C,8($ctx)
+	al	$D,12($ctx)
+	al	$E,16($ctx)
+	st	$A,0($ctx)
+	st	$B,4($ctx)
+	st	$C,8($ctx)
+	st	$D,12($ctx)
+	st	$E,16($ctx)
+	brct${g} $len,.Lloop
+
+	lm${g}	%r6,%r15,`$frame+6*$SIZE_T`($sp)
+	br	%r14
+.size	sha1_block_data_order,.-sha1_block_data_order
+.string	"SHA1 block transform for s390x, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+
+print $code;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-sparcv9.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-sparcv9.pl
new file mode 100644
index 000000000..3e612e3d5
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-sparcv9.pl
@@ -0,0 +1,434 @@
+#! /usr/bin/env perl
+# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+#
+# Hardware SPARC T4 support by David S. Miller
+# ====================================================================
+
+# Performance improvement is not really impressive on pre-T1 CPU: +8%
+# over Sun C and +25% over gcc [3.3]. While on T1, a.k.a. Niagara, it
+# turned to be 40% faster than 64-bit code generated by Sun C 5.8 and
+# >2x than 64-bit code generated by gcc 3.4. And there is a gimmick.
+# X[16] vector is packed to 8 64-bit registers and as result nothing
+# is spilled on stack. In addition input data is loaded in compact
+# instruction sequence, thus minimizing the window when the code is
+# subject to [inter-thread] cache-thrashing hazard. The goal is to
+# ensure scalability on UltraSPARC T1, or rather to avoid decay when
+# amount of active threads exceeds the number of physical cores.
+
+# SPARC T4 SHA1 hardware achieves 3.72 cycles per byte, which is 3.1x
+# faster than software. Multi-process benchmark saturates at 11x
+# single-process result on 8-core processor, or ~9GBps per 2.85GHz
+# socket.
+
+$output=pop;
+open STDOUT,">$output";
+
+@X=("%o0","%o1","%o2","%o3","%o4","%o5","%g1","%o7");
+$rot1m="%g2";
+$tmp64="%g3";
+$Xi="%g4";
+$A="%l0";
+$B="%l1";
+$C="%l2";
+$D="%l3";
+$E="%l4";
+@V=($A,$B,$C,$D,$E);
+$K_00_19="%l5";
+$K_20_39="%l6";
+$K_40_59="%l7";
+$K_60_79="%g5";
+@K=($K_00_19,$K_20_39,$K_40_59,$K_60_79);
+
+$ctx="%i0";
+$inp="%i1";
+$len="%i2";
+$tmp0="%i3";
+$tmp1="%i4";
+$tmp2="%i5";
+
+sub BODY_00_15 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $xi=($i&1)?@X[($i/2)%8]:$Xi;
+
+$code.=<<___;
+	sll	$a,5,$tmp0		!! $i
+	add	@K[$i/20],$e,$e
+	srl	$a,27,$tmp1
+	add	$tmp0,$e,$e
+	and	$c,$b,$tmp0
+	add	$tmp1,$e,$e
+	sll	$b,30,$tmp2
+	andn	$d,$b,$tmp1
+	srl	$b,2,$b
+	or	$tmp1,$tmp0,$tmp1
+	or	$tmp2,$b,$b
+	add	$xi,$e,$e
+___
+if ($i&1 && $i<15) {
+	$code.=
+	"	srlx	@X[(($i+1)/2)%8],32,$Xi\n";
+}
+$code.=<<___;
+	add	$tmp1,$e,$e
+___
+}
+
+sub Xupdate {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i/2;
+
+if ($i&1) {
+$code.=<<___;
+	sll	$a,5,$tmp0		!! $i
+	add	@K[$i/20],$e,$e
+	srl	$a,27,$tmp1
+___
+} else {
+$code.=<<___;
+	sllx	@X[($j+6)%8],32,$Xi	! Xupdate($i)
+	xor	@X[($j+1)%8],@X[$j%8],@X[$j%8]
+	srlx	@X[($j+7)%8],32,$tmp1
+	xor	@X[($j+4)%8],@X[$j%8],@X[$j%8]
+	sll	$a,5,$tmp0		!! $i
+	or	$tmp1,$Xi,$Xi
+	add	@K[$i/20],$e,$e		!!
+	xor	$Xi,@X[$j%8],@X[$j%8]
+	srlx	@X[$j%8],31,$Xi
+	add	@X[$j%8],@X[$j%8],@X[$j%8]
+	and	$Xi,$rot1m,$Xi
+	andn	@X[$j%8],$rot1m,@X[$j%8]
+	srl	$a,27,$tmp1		!!
+	or	$Xi,@X[$j%8],@X[$j%8]
+___
+}
+}
+
+sub BODY_16_19 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+
+	&Xupdate(@_);
+    if ($i&1) {
+	$xi=@X[($i/2)%8];
+    } else {
+	$xi=$Xi;
+	$code.="\tsrlx	@X[($i/2)%8],32,$xi\n";
+    }
+$code.=<<___;
+	add	$tmp0,$e,$e		!!
+	and	$c,$b,$tmp0
+	add	$tmp1,$e,$e
+	sll	$b,30,$tmp2
+	add	$xi,$e,$e
+	andn	$d,$b,$tmp1
+	srl	$b,2,$b
+	or	$tmp1,$tmp0,$tmp1
+	or	$tmp2,$b,$b
+	add	$tmp1,$e,$e
+___
+}
+
+sub BODY_20_39 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $xi;
+	&Xupdate(@_);
+    if ($i&1) {
+	$xi=@X[($i/2)%8];
+    } else {
+	$xi=$Xi;
+	$code.="\tsrlx	@X[($i/2)%8],32,$xi\n";
+    }
+$code.=<<___;
+	add	$tmp0,$e,$e		!!
+	xor	$c,$b,$tmp0
+	add	$tmp1,$e,$e
+	sll	$b,30,$tmp2
+	xor	$d,$tmp0,$tmp1
+	srl	$b,2,$b
+	add	$tmp1,$e,$e
+	or	$tmp2,$b,$b
+	add	$xi,$e,$e
+___
+}
+
+sub BODY_40_59 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $xi;
+	&Xupdate(@_);
+    if ($i&1) {
+	$xi=@X[($i/2)%8];
+    } else {
+	$xi=$Xi;
+	$code.="\tsrlx	@X[($i/2)%8],32,$xi\n";
+    }
+$code.=<<___;
+	add	$tmp0,$e,$e		!!
+	and	$c,$b,$tmp0
+	add	$tmp1,$e,$e
+	sll	$b,30,$tmp2
+	or	$c,$b,$tmp1
+	srl	$b,2,$b
+	and	$d,$tmp1,$tmp1
+	add	$xi,$e,$e
+	or	$tmp1,$tmp0,$tmp1
+	or	$tmp2,$b,$b
+	add	$tmp1,$e,$e
+___
+}
+
+$code.=<<___;
+#include "sparc_arch.h"
+
+#ifdef __arch64__
+.register	%g2,#scratch
+.register	%g3,#scratch
+#endif
+
+.section	".text",#alloc,#execinstr
+
+#ifdef __PIC__
+SPARC_PIC_THUNK(%g1)
+#endif
+
+.align	32
+.globl	sha1_block_data_order
+sha1_block_data_order:
+	SPARC_LOAD_ADDRESS_LEAF(OPENSSL_sparcv9cap_P,%g1,%g5)
+	ld	[%g1+4],%g1		! OPENSSL_sparcv9cap_P[1]
+
+	andcc	%g1, CFR_SHA1, %g0
+	be	.Lsoftware
+	nop
+
+	ld	[%o0 + 0x00], %f0	! load context
+	ld	[%o0 + 0x04], %f1
+	ld	[%o0 + 0x08], %f2
+	andcc	%o1, 0x7, %g0
+	ld	[%o0 + 0x0c], %f3
+	bne,pn	%icc, .Lhwunaligned
+	 ld	[%o0 + 0x10], %f4
+
+.Lhw_loop:
+	ldd	[%o1 + 0x00], %f8
+	ldd	[%o1 + 0x08], %f10
+	ldd	[%o1 + 0x10], %f12
+	ldd	[%o1 + 0x18], %f14
+	ldd	[%o1 + 0x20], %f16
+	ldd	[%o1 + 0x28], %f18
+	ldd	[%o1 + 0x30], %f20
+	subcc	%o2, 1, %o2		! done yet?
+	ldd	[%o1 + 0x38], %f22
+	add	%o1, 0x40, %o1
+	prefetch [%o1 + 63], 20
+
+	.word	0x81b02820		! SHA1
+
+	bne,pt	SIZE_T_CC, .Lhw_loop
+	nop
+
+.Lhwfinish:
+	st	%f0, [%o0 + 0x00]	! store context
+	st	%f1, [%o0 + 0x04]
+	st	%f2, [%o0 + 0x08]
+	st	%f3, [%o0 + 0x0c]
+	retl
+	st	%f4, [%o0 + 0x10]
+
+.align	8
+.Lhwunaligned:
+	alignaddr %o1, %g0, %o1
+
+	ldd	[%o1 + 0x00], %f10
+.Lhwunaligned_loop:
+	ldd	[%o1 + 0x08], %f12
+	ldd	[%o1 + 0x10], %f14
+	ldd	[%o1 + 0x18], %f16
+	ldd	[%o1 + 0x20], %f18
+	ldd	[%o1 + 0x28], %f20
+	ldd	[%o1 + 0x30], %f22
+	ldd	[%o1 + 0x38], %f24
+	subcc	%o2, 1, %o2		! done yet?
+	ldd	[%o1 + 0x40], %f26
+	add	%o1, 0x40, %o1
+	prefetch [%o1 + 63], 20
+
+	faligndata %f10, %f12, %f8
+	faligndata %f12, %f14, %f10
+	faligndata %f14, %f16, %f12
+	faligndata %f16, %f18, %f14
+	faligndata %f18, %f20, %f16
+	faligndata %f20, %f22, %f18
+	faligndata %f22, %f24, %f20
+	faligndata %f24, %f26, %f22
+
+	.word	0x81b02820		! SHA1
+
+	bne,pt	SIZE_T_CC, .Lhwunaligned_loop
+	for	%f26, %f26, %f10	! %f10=%f26
+
+	ba	.Lhwfinish
+	nop
+
+.align	16
+.Lsoftware:
+	save	%sp,-STACK_FRAME,%sp
+	sllx	$len,6,$len
+	add	$inp,$len,$len
+
+	or	%g0,1,$rot1m
+	sllx	$rot1m,32,$rot1m
+	or	$rot1m,1,$rot1m
+
+	ld	[$ctx+0],$A
+	ld	[$ctx+4],$B
+	ld	[$ctx+8],$C
+	ld	[$ctx+12],$D
+	ld	[$ctx+16],$E
+	andn	$inp,7,$tmp0
+
+	sethi	%hi(0x5a827999),$K_00_19
+	or	$K_00_19,%lo(0x5a827999),$K_00_19
+	sethi	%hi(0x6ed9eba1),$K_20_39
+	or	$K_20_39,%lo(0x6ed9eba1),$K_20_39
+	sethi	%hi(0x8f1bbcdc),$K_40_59
+	or	$K_40_59,%lo(0x8f1bbcdc),$K_40_59
+	sethi	%hi(0xca62c1d6),$K_60_79
+	or	$K_60_79,%lo(0xca62c1d6),$K_60_79
+
+.Lloop:
+	ldx	[$tmp0+0],@X[0]
+	ldx	[$tmp0+16],@X[2]
+	ldx	[$tmp0+32],@X[4]
+	ldx	[$tmp0+48],@X[6]
+	and	$inp,7,$tmp1
+	ldx	[$tmp0+8],@X[1]
+	sll	$tmp1,3,$tmp1
+	ldx	[$tmp0+24],@X[3]
+	subcc	%g0,$tmp1,$tmp2	! should be 64-$tmp1, but -$tmp1 works too
+	ldx	[$tmp0+40],@X[5]
+	bz,pt	%icc,.Laligned
+	ldx	[$tmp0+56],@X[7]
+
+	sllx	@X[0],$tmp1,@X[0]
+	ldx	[$tmp0+64],$tmp64
+___
+for($i=0;$i<7;$i++)
+{   $code.=<<___;
+	srlx	@X[$i+1],$tmp2,$Xi
+	sllx	@X[$i+1],$tmp1,@X[$i+1]
+	or	$Xi,@X[$i],@X[$i]
+___
+}
+$code.=<<___;
+	srlx	$tmp64,$tmp2,$tmp64
+	or	$tmp64,@X[7],@X[7]
+.Laligned:
+	srlx	@X[0],32,$Xi
+___
+for ($i=0;$i<16;$i++)	{ &BODY_00_15($i,@V); unshift(@V,pop(@V)); }
+for (;$i<20;$i++)	{ &BODY_16_19($i,@V); unshift(@V,pop(@V)); }
+for (;$i<40;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+for (;$i<60;$i++)	{ &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
+for (;$i<80;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+
+	ld	[$ctx+0],@X[0]
+	ld	[$ctx+4],@X[1]
+	ld	[$ctx+8],@X[2]
+	ld	[$ctx+12],@X[3]
+	add	$inp,64,$inp
+	ld	[$ctx+16],@X[4]
+	cmp	$inp,$len
+
+	add	$A,@X[0],$A
+	st	$A,[$ctx+0]
+	add	$B,@X[1],$B
+	st	$B,[$ctx+4]
+	add	$C,@X[2],$C
+	st	$C,[$ctx+8]
+	add	$D,@X[3],$D
+	st	$D,[$ctx+12]
+	add	$E,@X[4],$E
+	st	$E,[$ctx+16]
+
+	bne	SIZE_T_CC,.Lloop
+	andn	$inp,7,$tmp0
+
+	ret
+	restore
+.type	sha1_block_data_order,#function
+.size	sha1_block_data_order,(.-sha1_block_data_order)
+.asciz	"SHA1 block transform for SPARCv9, CRYPTOGAMS by <appro\@openssl.org>"
+.align	4
+___
+
+# Purpose of these subroutines is to explicitly encode VIS instructions,
+# so that one can compile the module without having to specify VIS
+# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
+# Idea is to reserve for option to produce "universal" binary and let
+# programmer detect if current CPU is VIS capable at run-time.
+sub unvis {
+my ($mnemonic,$rs1,$rs2,$rd)=@_;
+my $ref,$opf;
+my %visopf = (	"faligndata"	=> 0x048,
+		"for"		=> 0x07c	);
+
+    $ref = "$mnemonic\t$rs1,$rs2,$rd";
+
+    if ($opf=$visopf{$mnemonic}) {
+	foreach ($rs1,$rs2,$rd) {
+	    return $ref if (!/%f([0-9]{1,2})/);
+	    $_=$1;
+	    if ($1>=32) {
+		return $ref if ($1&1);
+		# re-encode for upper double register addressing
+		$_=($1|$1>>5)&31;
+	    }
+	}
+
+	return	sprintf ".word\t0x%08x !%s",
+			0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2,
+			$ref;
+    } else {
+	return $ref;
+    }
+}
+sub unalignaddr {
+my ($mnemonic,$rs1,$rs2,$rd)=@_;
+my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24 );
+my $ref="$mnemonic\t$rs1,$rs2,$rd";
+
+    foreach ($rs1,$rs2,$rd) {
+	if (/%([goli])([0-7])/)	{ $_=$bias{$1}+$2; }
+	else			{ return $ref; }
+    }
+    return  sprintf ".word\t0x%08x !%s",
+		    0x81b00300|$rd<<25|$rs1<<14|$rs2,
+		    $ref;
+}
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/ge;
+
+	s/\b(f[^\s]*)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*(%f[0-9]{1,2})/
+		&unvis($1,$2,$3,$4)
+	 /ge;
+	s/\b(alignaddr)\s+(%[goli][0-7]),\s*(%[goli][0-7]),\s*(%[goli][0-7])/
+		&unalignaddr($1,$2,$3,$4)
+	 /ge;
+
+	print $_,"\n";
+}
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-sparcv9a.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-sparcv9a.pl
new file mode 100644
index 000000000..50d3e136a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-sparcv9a.pl
@@ -0,0 +1,608 @@
+#! /usr/bin/env perl
+# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# January 2009
+#
+# Provided that UltraSPARC VIS instructions are pipe-lined(*) and
+# pairable(*) with IALU ones, offloading of Xupdate to the UltraSPARC
+# Graphic Unit would make it possible to achieve higher instruction-
+# level parallelism, ILP, and thus higher performance. It should be
+# explicitly noted that ILP is the keyword, and it means that this
+# code would be unsuitable for cores like UltraSPARC-Tx. The idea is
+# not really novel, Sun had VIS-powered implementation for a while.
+# Unlike Sun's implementation this one can process multiple unaligned
+# input blocks, and as such works as drop-in replacement for OpenSSL
+# sha1_block_data_order. Performance improvement was measured to be
+# 40% over pure IALU sha1-sparcv9.pl on UltraSPARC-IIi, but 12% on
+# UltraSPARC-III. See below for discussion...
+#
+# The module does not present direct interest for OpenSSL, because
+# it doesn't provide better performance on contemporary SPARCv9 CPUs,
+# UltraSPARC-Tx and SPARC64-V[II] to be specific. Those who feel they
+# absolutely must score on UltraSPARC-I-IV can simply replace
+# crypto/sha/asm/sha1-sparcv9.pl with this module.
+#
+# (*)	"Pipe-lined" means that even if it takes several cycles to
+#	complete, next instruction using same functional unit [but not
+#	depending on the result of the current instruction] can start
+#	execution without having to wait for the unit. "Pairable"
+#	means that two [or more] independent instructions can be
+#	issued at the very same time.
+
+$bits=32;
+for (@ARGV)	{ $bits=64 if (/\-m64/ || /\-xarch\=v9/); }
+if ($bits==64)	{ $bias=2047; $frame=192; }
+else		{ $bias=0;    $frame=112; }
+
+$output=shift;
+open STDOUT,">$output";
+
+$ctx="%i0";
+$inp="%i1";
+$len="%i2";
+$tmp0="%i3";
+$tmp1="%i4";
+$tmp2="%i5";
+$tmp3="%g5";
+
+$base="%g1";
+$align="%g4";
+$Xfer="%o5";
+$nXfer=$tmp3;
+$Xi="%o7";
+
+$A="%l0";
+$B="%l1";
+$C="%l2";
+$D="%l3";
+$E="%l4";
+@V=($A,$B,$C,$D,$E);
+
+$Actx="%o0";
+$Bctx="%o1";
+$Cctx="%o2";
+$Dctx="%o3";
+$Ectx="%o4";
+
+$fmul="%f32";
+$VK_00_19="%f34";
+$VK_20_39="%f36";
+$VK_40_59="%f38";
+$VK_60_79="%f40";
+@VK=($VK_00_19,$VK_20_39,$VK_40_59,$VK_60_79);
+@X=("%f0", "%f1", "%f2", "%f3", "%f4", "%f5", "%f6", "%f7",
+    "%f8", "%f9","%f10","%f11","%f12","%f13","%f14","%f15","%f16");
+
+# This is reference 2x-parallelized VIS-powered Xupdate procedure. It
+# covers even K_NN_MM addition...
+sub Xupdate {
+my ($i)=@_;
+my $K=@VK[($i+16)/20];
+my $j=($i+16)%16;
+
+#	[ provided that GSR.alignaddr_offset is 5, $mul contains
+#	  0x100ULL<<32|0x100 value and K_NN_MM are pre-loaded to
+#	  chosen registers... ]
+$code.=<<___;
+	fxors		@X[($j+13)%16],@X[$j],@X[$j]	!-1/-1/-1:X[0]^=X[13]
+	fxors		@X[($j+14)%16],@X[$j+1],@X[$j+1]! 0/ 0/ 0:X[1]^=X[14]
+	fxor		@X[($j+2)%16],@X[($j+8)%16],%f18! 1/ 1/ 1:Tmp=X[2,3]^X[8,9]
+	fxor		%f18,@X[$j],@X[$j]		! 2/ 4/ 3:X[0,1]^=X[2,3]^X[8,9]
+	faligndata	@X[$j],@X[$j],%f18		! 3/ 7/ 5:Tmp=X[0,1]>>>24
+	fpadd32		@X[$j],@X[$j],@X[$j]		! 4/ 8/ 6:X[0,1]<<=1
+	fmul8ulx16	%f18,$fmul,%f18			! 5/10/ 7:Tmp>>=7, Tmp&=1
+	![fxors		%f15,%f2,%f2]
+	for		%f18,@X[$j],@X[$j]		! 8/14/10:X[0,1]|=Tmp
+	![fxors		%f0,%f3,%f3]			!10/17/12:X[0] dependency
+	fpadd32		$K,@X[$j],%f20
+	std		%f20,[$Xfer+`4*$j`]
+___
+# The numbers delimited with slash are the earliest possible dispatch
+# cycles for given instruction assuming 1 cycle latency for simple VIS
+# instructions, such as on UltraSPARC-I&II, 3 cycles latency, such as
+# on UltraSPARC-III&IV, and 2 cycles latency(*), respectively. Being
+# 2x-parallelized the procedure is "worth" 5, 8.5 or 6 ticks per SHA1
+# round. As [long as] FPU/VIS instructions are perfectly pairable with
+# IALU ones, the round timing is defined by the maximum between VIS
+# and IALU timings. The latter varies from round to round and averages
+# out at 6.25 ticks. This means that USI&II should operate at IALU
+# rate, while USIII&IV - at VIS rate. This explains why performance
+# improvement varies among processors. Well, given that pure IALU
+# sha1-sparcv9.pl module exhibits virtually uniform performance of
+# ~9.3 cycles per SHA1 round. Timings mentioned above are theoretical
+# lower limits. Real-life performance was measured to be 6.6 cycles
+# per SHA1 round on USIIi and 8.3 on USIII. The latter is lower than
+# half-round VIS timing, because there are 16 Xupdate-free rounds,
+# which "push down" average theoretical timing to 8 cycles...
+
+# (*)	SPARC64-V[II] was originally believed to have 2 cycles VIS
+#	latency. Well, it might have, but it doesn't have dedicated
+#	VIS-unit. Instead, VIS instructions are executed by other
+#	functional units, ones used here - by IALU. This doesn't
+#	improve effective ILP...
+}
+
+# The reference Xupdate procedure is then "strained" over *pairs* of
+# BODY_NN_MM and kind of modulo-scheduled in respect to X[n]^=X[n+13]
+# and K_NN_MM addition. It's "running" 15 rounds ahead, which leaves
+# plenty of room to amortize for read-after-write hazard, as well as
+# to fetch and align input for the next spin. The VIS instructions are
+# scheduled for latency of 2 cycles, because there are not enough IALU
+# instructions to schedule for latency of 3, while scheduling for 1
+# would give no gain on USI&II anyway.
+
+sub BODY_00_19 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i&~1;
+my $k=($j+16+2)%16;	# ahead reference
+my $l=($j+16-2)%16;	# behind reference
+my $K=@VK[($j+16-2)/20];
+
+$j=($j+16)%16;
+
+$code.=<<___ if (!($i&1));
+	sll		$a,5,$tmp0			!! $i
+	and		$c,$b,$tmp3
+	ld		[$Xfer+`4*($i%16)`],$Xi
+	 fxors		@X[($j+14)%16],@X[$j+1],@X[$j+1]! 0/ 0/ 0:X[1]^=X[14]
+	srl		$a,27,$tmp1
+	add		$tmp0,$e,$e
+	 fxor		@X[($j+2)%16],@X[($j+8)%16],%f18! 1/ 1/ 1:Tmp=X[2,3]^X[8,9]
+	sll		$b,30,$tmp2
+	add		$tmp1,$e,$e
+	andn		$d,$b,$tmp1
+	add		$Xi,$e,$e
+	 fxor		%f18,@X[$j],@X[$j]		! 2/ 4/ 3:X[0,1]^=X[2,3]^X[8,9]
+	srl		$b,2,$b
+	or		$tmp1,$tmp3,$tmp1
+	or		$tmp2,$b,$b
+	add		$tmp1,$e,$e
+	 faligndata	@X[$j],@X[$j],%f18		! 3/ 7/ 5:Tmp=X[0,1]>>>24
+___
+$code.=<<___ if ($i&1);
+	sll		$a,5,$tmp0			!! $i
+	and		$c,$b,$tmp3
+	ld		[$Xfer+`4*($i%16)`],$Xi
+	 fpadd32	@X[$j],@X[$j],@X[$j]		! 4/ 8/ 6:X[0,1]<<=1
+	srl		$a,27,$tmp1
+	add		$tmp0,$e,$e
+	 fmul8ulx16	%f18,$fmul,%f18			! 5/10/ 7:Tmp>>=7, Tmp&=1
+	sll		$b,30,$tmp2
+	add		$tmp1,$e,$e
+	 fpadd32	$K,@X[$l],%f20			!
+	andn		$d,$b,$tmp1
+	add		$Xi,$e,$e
+	 fxors		@X[($k+13)%16],@X[$k],@X[$k]	!-1/-1/-1:X[0]^=X[13]
+	srl		$b,2,$b
+	or		$tmp1,$tmp3,$tmp1
+	 fxor		%f18,@X[$j],@X[$j]		! 8/14/10:X[0,1]|=Tmp
+	or		$tmp2,$b,$b
+	add		$tmp1,$e,$e
+___
+$code.=<<___ if ($i&1 && $i>=2);
+	 std		%f20,[$Xfer+`4*$l`]		!
+___
+}
+
+sub BODY_20_39 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i&~1;
+my $k=($j+16+2)%16;	# ahead reference
+my $l=($j+16-2)%16;	# behind reference
+my $K=@VK[($j+16-2)/20];
+
+$j=($j+16)%16;
+
+$code.=<<___ if (!($i&1) && $i<64);
+	sll		$a,5,$tmp0			!! $i
+	ld		[$Xfer+`4*($i%16)`],$Xi
+	 fxors		@X[($j+14)%16],@X[$j+1],@X[$j+1]! 0/ 0/ 0:X[1]^=X[14]
+	srl		$a,27,$tmp1
+	add		$tmp0,$e,$e
+	 fxor		@X[($j+2)%16],@X[($j+8)%16],%f18! 1/ 1/ 1:Tmp=X[2,3]^X[8,9]
+	xor		$c,$b,$tmp0
+	add		$tmp1,$e,$e
+	sll		$b,30,$tmp2
+	xor		$d,$tmp0,$tmp1
+	 fxor		%f18,@X[$j],@X[$j]		! 2/ 4/ 3:X[0,1]^=X[2,3]^X[8,9]
+	srl		$b,2,$b
+	add		$tmp1,$e,$e
+	or		$tmp2,$b,$b
+	add		$Xi,$e,$e
+	 faligndata	@X[$j],@X[$j],%f18		! 3/ 7/ 5:Tmp=X[0,1]>>>24
+___
+$code.=<<___ if ($i&1 && $i<64);
+	sll		$a,5,$tmp0			!! $i
+	ld		[$Xfer+`4*($i%16)`],$Xi
+	 fpadd32	@X[$j],@X[$j],@X[$j]		! 4/ 8/ 6:X[0,1]<<=1
+	srl		$a,27,$tmp1
+	add		$tmp0,$e,$e
+	 fmul8ulx16	%f18,$fmul,%f18			! 5/10/ 7:Tmp>>=7, Tmp&=1
+	xor		$c,$b,$tmp0
+	add		$tmp1,$e,$e
+	 fpadd32	$K,@X[$l],%f20			!
+	sll		$b,30,$tmp2
+	xor		$d,$tmp0,$tmp1
+	 fxors		@X[($k+13)%16],@X[$k],@X[$k]	!-1/-1/-1:X[0]^=X[13]
+	srl		$b,2,$b
+	add		$tmp1,$e,$e
+	 fxor		%f18,@X[$j],@X[$j]		! 8/14/10:X[0,1]|=Tmp
+	or		$tmp2,$b,$b
+	add		$Xi,$e,$e
+	 std		%f20,[$Xfer+`4*$l`]		!
+___
+$code.=<<___ if ($i==64);
+	sll		$a,5,$tmp0			!! $i
+	ld		[$Xfer+`4*($i%16)`],$Xi
+	 fpadd32	$K,@X[$l],%f20
+	srl		$a,27,$tmp1
+	add		$tmp0,$e,$e
+	xor		$c,$b,$tmp0
+	add		$tmp1,$e,$e
+	sll		$b,30,$tmp2
+	xor		$d,$tmp0,$tmp1
+	 std		%f20,[$Xfer+`4*$l`]
+	srl		$b,2,$b
+	add		$tmp1,$e,$e
+	or		$tmp2,$b,$b
+	add		$Xi,$e,$e
+___
+$code.=<<___ if ($i>64);
+	sll		$a,5,$tmp0			!! $i
+	ld		[$Xfer+`4*($i%16)`],$Xi
+	srl		$a,27,$tmp1
+	add		$tmp0,$e,$e
+	xor		$c,$b,$tmp0
+	add		$tmp1,$e,$e
+	sll		$b,30,$tmp2
+	xor		$d,$tmp0,$tmp1
+	srl		$b,2,$b
+	add		$tmp1,$e,$e
+	or		$tmp2,$b,$b
+	add		$Xi,$e,$e
+___
+}
+
+sub BODY_40_59 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i&~1;
+my $k=($j+16+2)%16;	# ahead reference
+my $l=($j+16-2)%16;	# behind reference
+my $K=@VK[($j+16-2)/20];
+
+$j=($j+16)%16;
+
+$code.=<<___ if (!($i&1));
+	sll		$a,5,$tmp0			!! $i
+	ld		[$Xfer+`4*($i%16)`],$Xi
+	 fxors		@X[($j+14)%16],@X[$j+1],@X[$j+1]! 0/ 0/ 0:X[1]^=X[14]
+	srl		$a,27,$tmp1
+	add		$tmp0,$e,$e
+	 fxor		@X[($j+2)%16],@X[($j+8)%16],%f18! 1/ 1/ 1:Tmp=X[2,3]^X[8,9]
+	and		$c,$b,$tmp0
+	add		$tmp1,$e,$e
+	sll		$b,30,$tmp2
+	or		$c,$b,$tmp1
+	 fxor		%f18,@X[$j],@X[$j]		! 2/ 4/ 3:X[0,1]^=X[2,3]^X[8,9]
+	srl		$b,2,$b
+	and		$d,$tmp1,$tmp1
+	add		$Xi,$e,$e
+	or		$tmp1,$tmp0,$tmp1
+	 faligndata	@X[$j],@X[$j],%f18		! 3/ 7/ 5:Tmp=X[0,1]>>>24
+	or		$tmp2,$b,$b
+	add		$tmp1,$e,$e
+	 fpadd32	@X[$j],@X[$j],@X[$j]		! 4/ 8/ 6:X[0,1]<<=1
+___
+$code.=<<___ if ($i&1);
+	sll		$a,5,$tmp0			!! $i
+	ld		[$Xfer+`4*($i%16)`],$Xi
+	srl		$a,27,$tmp1
+	add		$tmp0,$e,$e
+	 fmul8ulx16	%f18,$fmul,%f18			! 5/10/ 7:Tmp>>=7, Tmp&=1
+	and		$c,$b,$tmp0
+	add		$tmp1,$e,$e
+	 fpadd32	$K,@X[$l],%f20			!
+	sll		$b,30,$tmp2
+	or		$c,$b,$tmp1
+	 fxors		@X[($k+13)%16],@X[$k],@X[$k]	!-1/-1/-1:X[0]^=X[13]
+	srl		$b,2,$b
+	and		$d,$tmp1,$tmp1
+	 fxor		%f18,@X[$j],@X[$j]		! 8/14/10:X[0,1]|=Tmp
+	add		$Xi,$e,$e
+	or		$tmp1,$tmp0,$tmp1
+	or		$tmp2,$b,$b
+	add		$tmp1,$e,$e
+	 std		%f20,[$Xfer+`4*$l`]		!
+___
+}
+
+# If there is more data to process, then we pre-fetch the data for
+# next iteration in last ten rounds...
+sub BODY_70_79 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i&~1;
+my $m=($i%8)*2;
+
+$j=($j+16)%16;
+
+$code.=<<___ if ($i==70);
+	sll		$a,5,$tmp0			!! $i
+	ld		[$Xfer+`4*($i%16)`],$Xi
+	srl		$a,27,$tmp1
+	add		$tmp0,$e,$e
+	 ldd		[$inp+64],@X[0]
+	xor		$c,$b,$tmp0
+	add		$tmp1,$e,$e
+	sll		$b,30,$tmp2
+	xor		$d,$tmp0,$tmp1
+	srl		$b,2,$b
+	add		$tmp1,$e,$e
+	or		$tmp2,$b,$b
+	add		$Xi,$e,$e
+
+	and		$inp,-64,$nXfer
+	inc		64,$inp
+	and		$nXfer,255,$nXfer
+	alignaddr	%g0,$align,%g0
+	add		$base,$nXfer,$nXfer
+___
+$code.=<<___ if ($i==71);
+	sll		$a,5,$tmp0			!! $i
+	ld		[$Xfer+`4*($i%16)`],$Xi
+	srl		$a,27,$tmp1
+	add		$tmp0,$e,$e
+	xor		$c,$b,$tmp0
+	add		$tmp1,$e,$e
+	sll		$b,30,$tmp2
+	xor		$d,$tmp0,$tmp1
+	srl		$b,2,$b
+	add		$tmp1,$e,$e
+	or		$tmp2,$b,$b
+	add		$Xi,$e,$e
+___
+$code.=<<___ if ($i>=72);
+	 faligndata	@X[$m],@X[$m+2],@X[$m]
+	sll		$a,5,$tmp0			!! $i
+	ld		[$Xfer+`4*($i%16)`],$Xi
+	srl		$a,27,$tmp1
+	add		$tmp0,$e,$e
+	xor		$c,$b,$tmp0
+	add		$tmp1,$e,$e
+	 fpadd32	$VK_00_19,@X[$m],%f20
+	sll		$b,30,$tmp2
+	xor		$d,$tmp0,$tmp1
+	srl		$b,2,$b
+	add		$tmp1,$e,$e
+	or		$tmp2,$b,$b
+	add		$Xi,$e,$e
+___
+$code.=<<___ if ($i<77);
+	 ldd		[$inp+`8*($i+1-70)`],@X[2*($i+1-70)]
+___
+$code.=<<___ if ($i==77);	# redundant if $inp was aligned
+	 add		$align,63,$tmp0
+	 and		$tmp0,-8,$tmp0
+	 ldd		[$inp+$tmp0],@X[16]
+___
+$code.=<<___ if ($i>=72);
+	 std		%f20,[$nXfer+`4*$m`]
+___
+}
+
+$code.=<<___;
+.section	".text",#alloc,#execinstr
+
+.align	64
+vis_const:
+.long	0x5a827999,0x5a827999	! K_00_19
+.long	0x6ed9eba1,0x6ed9eba1	! K_20_39
+.long	0x8f1bbcdc,0x8f1bbcdc	! K_40_59
+.long	0xca62c1d6,0xca62c1d6	! K_60_79
+.long	0x00000100,0x00000100
+.align	64
+.type	vis_const,#object
+.size	vis_const,(.-vis_const)
+
+.globl	sha1_block_data_order
+sha1_block_data_order:
+	save	%sp,-$frame,%sp
+	add	%fp,$bias-256,$base
+
+1:	call	.+8
+	add	%o7,vis_const-1b,$tmp0
+
+	ldd	[$tmp0+0],$VK_00_19
+	ldd	[$tmp0+8],$VK_20_39
+	ldd	[$tmp0+16],$VK_40_59
+	ldd	[$tmp0+24],$VK_60_79
+	ldd	[$tmp0+32],$fmul
+
+	ld	[$ctx+0],$Actx
+	and	$base,-256,$base
+	ld	[$ctx+4],$Bctx
+	sub	$base,$bias+$frame,%sp
+	ld	[$ctx+8],$Cctx
+	and	$inp,7,$align
+	ld	[$ctx+12],$Dctx
+	and	$inp,-8,$inp
+	ld	[$ctx+16],$Ectx
+
+	! X[16] is maintained in FP register bank
+	alignaddr	%g0,$align,%g0
+	ldd		[$inp+0],@X[0]
+	sub		$inp,-64,$Xfer
+	ldd		[$inp+8],@X[2]
+	and		$Xfer,-64,$Xfer
+	ldd		[$inp+16],@X[4]
+	and		$Xfer,255,$Xfer
+	ldd		[$inp+24],@X[6]
+	add		$base,$Xfer,$Xfer
+	ldd		[$inp+32],@X[8]
+	ldd		[$inp+40],@X[10]
+	ldd		[$inp+48],@X[12]
+	brz,pt		$align,.Laligned
+	ldd		[$inp+56],@X[14]
+
+	ldd		[$inp+64],@X[16]
+	faligndata	@X[0],@X[2],@X[0]
+	faligndata	@X[2],@X[4],@X[2]
+	faligndata	@X[4],@X[6],@X[4]
+	faligndata	@X[6],@X[8],@X[6]
+	faligndata	@X[8],@X[10],@X[8]
+	faligndata	@X[10],@X[12],@X[10]
+	faligndata	@X[12],@X[14],@X[12]
+	faligndata	@X[14],@X[16],@X[14]
+
+.Laligned:
+	mov		5,$tmp0
+	dec		1,$len
+	alignaddr	%g0,$tmp0,%g0
+	fpadd32		$VK_00_19,@X[0],%f16
+	fpadd32		$VK_00_19,@X[2],%f18
+	fpadd32		$VK_00_19,@X[4],%f20
+	fpadd32		$VK_00_19,@X[6],%f22
+	fpadd32		$VK_00_19,@X[8],%f24
+	fpadd32		$VK_00_19,@X[10],%f26
+	fpadd32		$VK_00_19,@X[12],%f28
+	fpadd32		$VK_00_19,@X[14],%f30
+	std		%f16,[$Xfer+0]
+	mov		$Actx,$A
+	std		%f18,[$Xfer+8]
+	mov		$Bctx,$B
+	std		%f20,[$Xfer+16]
+	mov		$Cctx,$C
+	std		%f22,[$Xfer+24]
+	mov		$Dctx,$D
+	std		%f24,[$Xfer+32]
+	mov		$Ectx,$E
+	std		%f26,[$Xfer+40]
+	fxors		@X[13],@X[0],@X[0]
+	std		%f28,[$Xfer+48]
+	ba		.Loop
+	std		%f30,[$Xfer+56]
+.align	32
+.Loop:
+___
+for ($i=0;$i<20;$i++)	{ &BODY_00_19($i,@V); unshift(@V,pop(@V)); }
+for (;$i<40;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+for (;$i<60;$i++)	{ &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
+for (;$i<70;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	tst		$len
+	bz,pn		`$bits==32?"%icc":"%xcc"`,.Ltail
+	nop
+___
+for (;$i<80;$i++)	{ &BODY_70_79($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	add		$A,$Actx,$Actx
+	add		$B,$Bctx,$Bctx
+	add		$C,$Cctx,$Cctx
+	add		$D,$Dctx,$Dctx
+	add		$E,$Ectx,$Ectx
+	mov		5,$tmp0
+	fxors		@X[13],@X[0],@X[0]
+	mov		$Actx,$A
+	mov		$Bctx,$B
+	mov		$Cctx,$C
+	mov		$Dctx,$D
+	mov		$Ectx,$E
+	alignaddr	%g0,$tmp0,%g0
+	dec		1,$len
+	ba		.Loop
+	mov		$nXfer,$Xfer
+
+.align	32
+.Ltail:
+___
+for($i=70;$i<80;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	add	$A,$Actx,$Actx
+	add	$B,$Bctx,$Bctx
+	add	$C,$Cctx,$Cctx
+	add	$D,$Dctx,$Dctx
+	add	$E,$Ectx,$Ectx
+
+	st	$Actx,[$ctx+0]
+	st	$Bctx,[$ctx+4]
+	st	$Cctx,[$ctx+8]
+	st	$Dctx,[$ctx+12]
+	st	$Ectx,[$ctx+16]
+
+	ret
+	restore
+.type	sha1_block_data_order,#function
+.size	sha1_block_data_order,(.-sha1_block_data_order)
+.asciz	"SHA1 block transform for SPARCv9a, CRYPTOGAMS by <appro\@openssl.org>"
+.align	4
+___
+
+# Purpose of these subroutines is to explicitly encode VIS instructions,
+# so that one can compile the module without having to specify VIS
+# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
+# Idea is to reserve for option to produce "universal" binary and let
+# programmer detect if current CPU is VIS capable at run-time.
+sub unvis {
+my ($mnemonic,$rs1,$rs2,$rd)=@_;
+my ($ref,$opf);
+my %visopf = (	"fmul8ulx16"	=> 0x037,
+		"faligndata"	=> 0x048,
+		"fpadd32"	=> 0x052,
+		"fxor"		=> 0x06c,
+		"fxors"		=> 0x06d	);
+
+    $ref = "$mnemonic\t$rs1,$rs2,$rd";
+
+    if ($opf=$visopf{$mnemonic}) {
+	foreach ($rs1,$rs2,$rd) {
+	    return $ref if (!/%f([0-9]{1,2})/);
+	    $_=$1;
+	    if ($1>=32) {
+		return $ref if ($1&1);
+		# re-encode for upper double register addressing
+		$_=($1|$1>>5)&31;
+	    }
+	}
+
+	return	sprintf ".word\t0x%08x !%s",
+			0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2,
+			$ref;
+    } else {
+	return $ref;
+    }
+}
+sub unalignaddr {
+my ($mnemonic,$rs1,$rs2,$rd)=@_;
+my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24 );
+my $ref="$mnemonic\t$rs1,$rs2,$rd";
+
+    foreach ($rs1,$rs2,$rd) {
+	if (/%([goli])([0-7])/)	{ $_=$bias{$1}+$2; }
+	else			{ return $ref; }
+    }
+    return  sprintf ".word\t0x%08x !%s",
+		    0x81b00300|$rd<<25|$rs1<<14|$rs2,
+		    $ref;
+}
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+$code =~ s/\b(f[^\s]*)\s+(%f[0-9]{1,2}),(%f[0-9]{1,2}),(%f[0-9]{1,2})/
+		&unvis($1,$2,$3,$4)
+	  /gem;
+$code =~ s/\b(alignaddr)\s+(%[goli][0-7]),(%[goli][0-7]),(%[goli][0-7])/
+		&unalignaddr($1,$2,$3,$4)
+	  /gem;
+print $code;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-thumb.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-thumb.pl
new file mode 100644
index 000000000..ac74a25d6
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-thumb.pl
@@ -0,0 +1,266 @@
+#! /usr/bin/env perl
+# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# sha1_block for Thumb.
+#
+# January 2007.
+#
+# The code does not present direct interest to OpenSSL, because of low
+# performance. Its purpose is to establish _size_ benchmark. Pretty
+# useless one I must say, because 30% or 88 bytes larger ARMv4 code
+# [available on demand] is almost _twice_ as fast. It should also be
+# noted that in-lining of .Lcommon and .Lrotate improves performance
+# by over 40%, while code increases by only 10% or 32 bytes. But once
+# again, the goal was to establish _size_ benchmark, not performance.
+
+$output=shift;
+open STDOUT,">$output";
+
+$inline=0;
+#$cheat_on_binutils=1;
+
+$t0="r0";
+$t1="r1";
+$t2="r2";
+$a="r3";
+$b="r4";
+$c="r5";
+$d="r6";
+$e="r7";
+$K="r8";	# "upper" registers can be used in add/sub and mov insns
+$ctx="r9";
+$inp="r10";
+$len="r11";
+$Xi="r12";
+
+sub common {
+<<___;
+	sub	$t0,#4
+	ldr	$t1,[$t0]
+	add	$e,$K			@ E+=K_xx_xx
+	lsl	$t2,$a,#5
+	add	$t2,$e
+	lsr	$e,$a,#27
+	add	$t2,$e			@ E+=ROR(A,27)
+	add	$t2,$t1			@ E+=X[i]
+___
+}
+sub rotate {
+<<___;
+	mov	$e,$d			@ E=D
+	mov	$d,$c			@ D=C
+	lsl	$c,$b,#30
+	lsr	$b,$b,#2
+	orr	$c,$b			@ C=ROR(B,2)
+	mov	$b,$a			@ B=A
+	add	$a,$t2,$t1		@ A=E+F_xx_xx(B,C,D)
+___
+}
+
+sub BODY_00_19 {
+$code.=$inline?&common():"\tbl	.Lcommon\n";
+$code.=<<___;
+	mov	$t1,$c
+	eor	$t1,$d
+	and	$t1,$b
+	eor	$t1,$d			@ F_00_19(B,C,D)
+___
+$code.=$inline?&rotate():"\tbl	.Lrotate\n";
+}
+
+sub BODY_20_39 {
+$code.=$inline?&common():"\tbl	.Lcommon\n";
+$code.=<<___;
+	mov	$t1,$b
+	eor	$t1,$c
+	eor	$t1,$d			@ F_20_39(B,C,D)
+___
+$code.=$inline?&rotate():"\tbl	.Lrotate\n";
+}
+
+sub BODY_40_59 {
+$code.=$inline?&common():"\tbl	.Lcommon\n";
+$code.=<<___;
+	mov	$t1,$b
+	and	$t1,$c
+	mov	$e,$b
+	orr	$e,$c
+	and	$e,$d
+	orr	$t1,$e			@ F_40_59(B,C,D)
+___
+$code.=$inline?&rotate():"\tbl	.Lrotate\n";
+}
+
+$code=<<___;
+.text
+.code	16
+
+.global	sha1_block_data_order
+.type	sha1_block_data_order,%function
+
+.align	2
+sha1_block_data_order:
+___
+if ($cheat_on_binutils) {
+$code.=<<___;
+.code	32
+	add	r3,pc,#1
+	bx	r3			@ switch to Thumb ISA
+.code	16
+___
+}
+$code.=<<___;
+	push	{r4-r7}
+	mov	r3,r8
+	mov	r4,r9
+	mov	r5,r10
+	mov	r6,r11
+	mov	r7,r12
+	push	{r3-r7,lr}
+	lsl	r2,#6
+	mov	$ctx,r0			@ save context
+	mov	$inp,r1			@ save inp
+	mov	$len,r2			@ save len
+	add	$len,$inp		@ $len to point at inp end
+
+.Lloop:
+	mov	$Xi,sp
+	mov	$t2,sp
+	sub	$t2,#16*4		@ [3]
+.LXload:
+	ldrb	$a,[$t1,#0]		@ $t1 is r1 and holds inp
+	ldrb	$b,[$t1,#1]
+	ldrb	$c,[$t1,#2]
+	ldrb	$d,[$t1,#3]
+	lsl	$a,#24
+	lsl	$b,#16
+	lsl	$c,#8
+	orr	$a,$b
+	orr	$a,$c
+	orr	$a,$d
+	add	$t1,#4
+	push	{$a}
+	cmp	sp,$t2
+	bne	.LXload			@ [+14*16]
+
+	mov	$inp,$t1		@ update $inp
+	sub	$t2,#32*4
+	sub	$t2,#32*4
+	mov	$e,#31			@ [+4]
+.LXupdate:
+	ldr	$a,[sp,#15*4]
+	ldr	$b,[sp,#13*4]
+	ldr	$c,[sp,#7*4]
+	ldr	$d,[sp,#2*4]
+	eor	$a,$b
+	eor	$a,$c
+	eor	$a,$d
+	ror	$a,$e
+	push	{$a}
+	cmp	sp,$t2
+	bne	.LXupdate		@ [+(11+1)*64]
+
+	ldmia	$t0!,{$a,$b,$c,$d,$e}	@ $t0 is r0 and holds ctx
+	mov	$t0,$Xi
+
+	ldr	$t2,.LK_00_19
+	mov	$t1,$t0
+	sub	$t1,#20*4
+	mov	$Xi,$t1
+	mov	$K,$t2			@ [+7+4]
+.L_00_19:
+___
+	&BODY_00_19();
+$code.=<<___;
+	cmp	$Xi,$t0
+	bne	.L_00_19		@ [+(2+9+4+2+8+2)*20]
+
+	ldr	$t2,.LK_20_39
+	mov	$t1,$t0
+	sub	$t1,#20*4
+	mov	$Xi,$t1
+	mov	$K,$t2			@ [+5]
+.L_20_39_or_60_79:
+___
+	&BODY_20_39();
+$code.=<<___;
+	cmp	$Xi,$t0
+	bne	.L_20_39_or_60_79	@ [+(2+9+3+2+8+2)*20*2]
+	cmp	sp,$t0
+	beq	.Ldone			@ [+2]
+
+	ldr	$t2,.LK_40_59
+	mov	$t1,$t0
+	sub	$t1,#20*4
+	mov	$Xi,$t1
+	mov	$K,$t2			@ [+5]
+.L_40_59:
+___
+	&BODY_40_59();
+$code.=<<___;
+	cmp	$Xi,$t0
+	bne	.L_40_59		@ [+(2+9+6+2+8+2)*20]
+
+	ldr	$t2,.LK_60_79
+	mov	$Xi,sp
+	mov	$K,$t2
+	b	.L_20_39_or_60_79	@ [+4]
+.Ldone:
+	mov	$t0,$ctx
+	ldr	$t1,[$t0,#0]
+	ldr	$t2,[$t0,#4]
+	add	$a,$t1
+	ldr	$t1,[$t0,#8]
+	add	$b,$t2
+	ldr	$t2,[$t0,#12]
+	add	$c,$t1
+	ldr	$t1,[$t0,#16]
+	add	$d,$t2
+	add	$e,$t1
+	stmia	$t0!,{$a,$b,$c,$d,$e}	@ [+20]
+
+	add	sp,#80*4		@ deallocate stack frame
+	mov	$t0,$ctx		@ restore ctx
+	mov	$t1,$inp		@ restore inp
+	cmp	$t1,$len
+	beq	.Lexit
+	b	.Lloop			@ [+6] total 3212 cycles
+.Lexit:
+	pop	{r2-r7}
+	mov	r8,r2
+	mov	r9,r3
+	mov	r10,r4
+	mov	r11,r5
+	mov	r12,r6
+	mov	lr,r7
+	pop	{r4-r7}
+	bx	lr
+.align	2
+___
+$code.=".Lcommon:\n".&common()."\tmov	pc,lr\n" if (!$inline);
+$code.=".Lrotate:\n".&rotate()."\tmov	pc,lr\n" if (!$inline);
+$code.=<<___;
+.align	2
+.LK_00_19:	.word	0x5a827999
+.LK_20_39:	.word	0x6ed9eba1
+.LK_40_59:	.word	0x8f1bbcdc
+.LK_60_79:	.word	0xca62c1d6
+.size	sha1_block_data_order,.-sha1_block_data_order
+.asciz	"SHA1 block transform for Thumb, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+print $code;
+close STDOUT; # enforce flush
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-x86_64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-x86_64.pl
new file mode 100755
index 000000000..60819f618
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-x86_64.pl
@@ -0,0 +1,2132 @@
+#! /usr/bin/env perl
+# Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# sha1_block procedure for x86_64.
+#
+# It was brought to my attention that on EM64T compiler-generated code
+# was far behind 32-bit assembler implementation. This is unlike on
+# Opteron where compiler-generated code was only 15% behind 32-bit
+# assembler, which originally made it hard to motivate the effort.
+# There was suggestion to mechanically translate 32-bit code, but I
+# dismissed it, reasoning that x86_64 offers enough register bank
+# capacity to fully utilize SHA-1 parallelism. Therefore this fresh
+# implementation:-) However! While 64-bit code does perform better
+# on Opteron, I failed to beat 32-bit assembler on EM64T core. Well,
+# x86_64 does offer larger *addressable* bank, but out-of-order core
+# reaches for even more registers through dynamic aliasing, and EM64T
+# core must have managed to run-time optimize even 32-bit code just as
+# good as 64-bit one. Performance improvement is summarized in the
+# following table:
+#
+#		gcc 3.4		32-bit asm	cycles/byte
+# Opteron	+45%		+20%		6.8
+# Xeon P4	+65%		+0%		9.9
+# Core2		+60%		+10%		7.0
+
+# August 2009.
+#
+# The code was revised to minimize code size and to maximize
+# "distance" between instructions producing input to 'lea'
+# instruction and the 'lea' instruction itself, which is essential
+# for Intel Atom core.
+
+# October 2010.
+#
+# Add SSSE3, Supplemental[!] SSE3, implementation. The idea behind it
+# is to offload message schedule denoted by Wt in NIST specification,
+# or Xupdate in OpenSSL source, to SIMD unit. See sha1-586.pl module
+# for background and implementation details. The only difference from
+# 32-bit code is that 64-bit code doesn't have to spill @X[] elements
+# to free temporary registers.
+
+# April 2011.
+#
+# Add AVX code path. See sha1-586.pl for further information.
+
+# May 2013.
+#
+# Add AVX2+BMI code path. Initial attempt (utilizing BMI instructions
+# and loading pair of consecutive blocks to 256-bit %ymm registers)
+# did not provide impressive performance improvement till a crucial
+# hint regarding the number of Xupdate iterations to pre-compute in
+# advance was provided by Ilya Albrekht of Intel Corp.
+
+# March 2014.
+#
+# Add support for Intel SHA Extensions.
+
+######################################################################
+# Current performance is summarized in following table. Numbers are
+# CPU clock cycles spent to process single byte (less is better).
+#
+#		x86_64		SSSE3		AVX[2]
+# P4		9.05		-
+# Opteron	6.26		-
+# Core2		6.55		6.05/+8%	-
+# Westmere	6.73		5.30/+27%	-
+# Sandy Bridge	7.70		6.10/+26%	4.99/+54%
+# Ivy Bridge	6.06		4.67/+30%	4.60/+32%
+# Haswell	5.45		4.15/+31%	3.57/+53%
+# Skylake	5.18		4.06/+28%	3.54/+46%
+# Bulldozer	9.11		5.95/+53%
+# Ryzen		4.75		3.80/+24%	1.93/+150%(**)
+# VIA Nano	9.32		7.15/+30%
+# Atom		10.3		9.17/+12%
+# Silvermont	13.1(*)		9.37/+40%
+# Knights L	13.2(*)		9.68/+36%	8.30/+59%
+# Goldmont	8.13		6.42/+27%	1.70/+380%(**)
+#
+# (*)	obviously suboptimal result, nothing was done about it,
+#	because SSSE3 code is compiled unconditionally;
+# (**)	SHAEXT result
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+		=~ /GNU assembler version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.19) + ($1>=2.22);
+}
+
+if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
+	   `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.09) + ($1>=2.10);
+}
+
+if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
+	   `ml64 2>&1` =~ /Version ([0-9]+)\./) {
+	$avx = ($1>=10) + ($1>=11);
+}
+
+if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([2-9]\.[0-9]+)/) {
+	$avx = ($2>=3.0) + ($2>3.0);
+}
+
+$shaext=1;	### set to zero if compiling for 1.0.1
+$avx=1		if (!$shaext && $avx);
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+$ctx="%rdi";	# 1st arg
+$inp="%rsi";	# 2nd arg
+$num="%rdx";	# 3rd arg
+
+# reassign arguments in order to produce more compact code
+$ctx="%r8";
+$inp="%r9";
+$num="%r10";
+
+$t0="%eax";
+$t1="%ebx";
+$t2="%ecx";
+@xi=("%edx","%ebp","%r14d");
+$A="%esi";
+$B="%edi";
+$C="%r11d";
+$D="%r12d";
+$E="%r13d";
+
+@V=($A,$B,$C,$D,$E);
+
+sub BODY_00_19 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i+1;
+$code.=<<___ if ($i==0);
+	mov	`4*$i`($inp),$xi[0]
+	bswap	$xi[0]
+___
+$code.=<<___ if ($i<15);
+	mov	`4*$j`($inp),$xi[1]
+	mov	$d,$t0
+	mov	$xi[0],`4*$i`(%rsp)
+	mov	$a,$t2
+	bswap	$xi[1]
+	xor	$c,$t0
+	rol	\$5,$t2
+	and	$b,$t0
+	lea	0x5a827999($xi[0],$e),$e
+	add	$t2,$e
+	xor	$d,$t0
+	rol	\$30,$b
+	add	$t0,$e
+___
+$code.=<<___ if ($i>=15);
+	xor	`4*($j%16)`(%rsp),$xi[1]
+	mov	$d,$t0
+	mov	$xi[0],`4*($i%16)`(%rsp)
+	mov	$a,$t2
+	xor	`4*(($j+2)%16)`(%rsp),$xi[1]
+	xor	$c,$t0
+	rol	\$5,$t2
+	xor	`4*(($j+8)%16)`(%rsp),$xi[1]
+	and	$b,$t0
+	lea	0x5a827999($xi[0],$e),$e
+	rol	\$30,$b
+	xor	$d,$t0
+	add	$t2,$e
+	rol	\$1,$xi[1]
+	add	$t0,$e
+___
+push(@xi,shift(@xi));
+}
+
+sub BODY_20_39 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i+1;
+my $K=($i<40)?0x6ed9eba1:0xca62c1d6;
+$code.=<<___ if ($i<79);
+	xor	`4*($j%16)`(%rsp),$xi[1]
+	mov	$b,$t0
+	`"mov	$xi[0],".4*($i%16)."(%rsp)"	if ($i<72)`
+	mov	$a,$t2
+	xor	`4*(($j+2)%16)`(%rsp),$xi[1]
+	xor	$d,$t0
+	rol	\$5,$t2
+	xor	`4*(($j+8)%16)`(%rsp),$xi[1]
+	lea	$K($xi[0],$e),$e
+	xor	$c,$t0
+	add	$t2,$e
+	rol	\$30,$b
+	add	$t0,$e
+	rol	\$1,$xi[1]
+___
+$code.=<<___ if ($i==79);
+	mov	$b,$t0
+	mov	$a,$t2
+	xor	$d,$t0
+	lea	$K($xi[0],$e),$e
+	rol	\$5,$t2
+	xor	$c,$t0
+	add	$t2,$e
+	rol	\$30,$b
+	add	$t0,$e
+___
+push(@xi,shift(@xi));
+}
+
+sub BODY_40_59 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i+1;
+$code.=<<___;
+	xor	`4*($j%16)`(%rsp),$xi[1]
+	mov	$d,$t0
+	mov	$xi[0],`4*($i%16)`(%rsp)
+	mov	$d,$t1
+	xor	`4*(($j+2)%16)`(%rsp),$xi[1]
+	and	$c,$t0
+	mov	$a,$t2
+	xor	`4*(($j+8)%16)`(%rsp),$xi[1]
+	lea	0x8f1bbcdc($xi[0],$e),$e
+	xor	$c,$t1
+	rol	\$5,$t2
+	add	$t0,$e
+	rol	\$1,$xi[1]
+	and	$b,$t1
+	add	$t2,$e
+	rol	\$30,$b
+	add	$t1,$e
+___
+push(@xi,shift(@xi));
+}
+
+$code.=<<___;
+.text
+.extern	OPENSSL_ia32cap_P
+
+.globl	sha1_block_data_order
+.type	sha1_block_data_order,\@function,3
+.align	16
+sha1_block_data_order:
+.cfi_startproc
+	mov	OPENSSL_ia32cap_P+0(%rip),%r9d
+	mov	OPENSSL_ia32cap_P+4(%rip),%r8d
+	mov	OPENSSL_ia32cap_P+8(%rip),%r10d
+	test	\$`1<<9`,%r8d		# check SSSE3 bit
+	jz	.Lialu
+___
+$code.=<<___ if ($shaext);
+	test	\$`1<<29`,%r10d		# check SHA bit
+	jnz	_shaext_shortcut
+___
+$code.=<<___ if ($avx>1);
+	and	\$`1<<3|1<<5|1<<8`,%r10d	# check AVX2+BMI1+BMI2
+	cmp	\$`1<<3|1<<5|1<<8`,%r10d
+	je	_avx2_shortcut
+___
+$code.=<<___ if ($avx);
+	and	\$`1<<28`,%r8d		# mask AVX bit
+	and	\$`1<<30`,%r9d		# mask "Intel CPU" bit
+	or	%r9d,%r8d
+	cmp	\$`1<<28|1<<30`,%r8d
+	je	_avx_shortcut
+___
+$code.=<<___;
+	jmp	_ssse3_shortcut
+
+.align	16
+.Lialu:
+	mov	%rsp,%rax
+.cfi_def_cfa_register	%rax
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	mov	%rdi,$ctx	# reassigned argument
+	sub	\$`8+16*4`,%rsp
+	mov	%rsi,$inp	# reassigned argument
+	and	\$-64,%rsp
+	mov	%rdx,$num	# reassigned argument
+	mov	%rax,`16*4`(%rsp)
+.cfi_cfa_expression	%rsp+64,deref,+8
+.Lprologue:
+
+	mov	0($ctx),$A
+	mov	4($ctx),$B
+	mov	8($ctx),$C
+	mov	12($ctx),$D
+	mov	16($ctx),$E
+	jmp	.Lloop
+
+.align	16
+.Lloop:
+___
+for($i=0;$i<20;$i++)	{ &BODY_00_19($i,@V); unshift(@V,pop(@V)); }
+for(;$i<40;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+for(;$i<60;$i++)	{ &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
+for(;$i<80;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	add	0($ctx),$A
+	add	4($ctx),$B
+	add	8($ctx),$C
+	add	12($ctx),$D
+	add	16($ctx),$E
+	mov	$A,0($ctx)
+	mov	$B,4($ctx)
+	mov	$C,8($ctx)
+	mov	$D,12($ctx)
+	mov	$E,16($ctx)
+
+	sub	\$1,$num
+	lea	`16*4`($inp),$inp
+	jnz	.Lloop
+
+	mov	`16*4`(%rsp),%rsi
+.cfi_def_cfa	%rsi,8
+	mov	-40(%rsi),%r14
+.cfi_restore	%r14
+	mov	-32(%rsi),%r13
+.cfi_restore	%r13
+	mov	-24(%rsi),%r12
+.cfi_restore	%r12
+	mov	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lepilogue:
+	ret
+.cfi_endproc
+.size	sha1_block_data_order,.-sha1_block_data_order
+___
+if ($shaext) {{{
+######################################################################
+# Intel SHA Extensions implementation of SHA1 update function.
+#
+my ($ctx,$inp,$num)=("%rdi","%rsi","%rdx");
+my ($ABCD,$E,$E_,$BSWAP,$ABCD_SAVE,$E_SAVE)=map("%xmm$_",(0..3,8,9));
+my @MSG=map("%xmm$_",(4..7));
+
+$code.=<<___;
+.type	sha1_block_data_order_shaext,\@function,3
+.align	32
+sha1_block_data_order_shaext:
+_shaext_shortcut:
+.cfi_startproc
+___
+$code.=<<___ if ($win64);
+	lea	`-8-4*16`(%rsp),%rsp
+	movaps	%xmm6,-8-4*16(%rax)
+	movaps	%xmm7,-8-3*16(%rax)
+	movaps	%xmm8,-8-2*16(%rax)
+	movaps	%xmm9,-8-1*16(%rax)
+.Lprologue_shaext:
+___
+$code.=<<___;
+	movdqu	($ctx),$ABCD
+	movd	16($ctx),$E
+	movdqa	K_XX_XX+0xa0(%rip),$BSWAP	# byte-n-word swap
+
+	movdqu	($inp),@MSG[0]
+	pshufd	\$0b00011011,$ABCD,$ABCD	# flip word order
+	movdqu	0x10($inp),@MSG[1]
+	pshufd	\$0b00011011,$E,$E		# flip word order
+	movdqu	0x20($inp),@MSG[2]
+	pshufb	$BSWAP,@MSG[0]
+	movdqu	0x30($inp),@MSG[3]
+	pshufb	$BSWAP,@MSG[1]
+	pshufb	$BSWAP,@MSG[2]
+	movdqa	$E,$E_SAVE			# offload $E
+	pshufb	$BSWAP,@MSG[3]
+	jmp	.Loop_shaext
+
+.align	16
+.Loop_shaext:
+	dec		$num
+	lea		0x40($inp),%r8		# next input block
+	paddd		@MSG[0],$E
+	cmovne		%r8,$inp
+	movdqa		$ABCD,$ABCD_SAVE	# offload $ABCD
+___
+for($i=0;$i<20-4;$i+=2) {
+$code.=<<___;
+	sha1msg1	@MSG[1],@MSG[0]
+	movdqa		$ABCD,$E_
+	sha1rnds4	\$`int($i/5)`,$E,$ABCD	# 0-3...
+	sha1nexte	@MSG[1],$E_
+	pxor		@MSG[2],@MSG[0]
+	sha1msg1	@MSG[2],@MSG[1]
+	sha1msg2	@MSG[3],@MSG[0]
+
+	movdqa		$ABCD,$E
+	sha1rnds4	\$`int(($i+1)/5)`,$E_,$ABCD
+	sha1nexte	@MSG[2],$E
+	pxor		@MSG[3],@MSG[1]
+	sha1msg2	@MSG[0],@MSG[1]
+___
+	push(@MSG,shift(@MSG));	push(@MSG,shift(@MSG));
+}
+$code.=<<___;
+	movdqu		($inp),@MSG[0]
+	movdqa		$ABCD,$E_
+	sha1rnds4	\$3,$E,$ABCD		# 64-67
+	sha1nexte	@MSG[1],$E_
+	movdqu		0x10($inp),@MSG[1]
+	pshufb		$BSWAP,@MSG[0]
+
+	movdqa		$ABCD,$E
+	sha1rnds4	\$3,$E_,$ABCD		# 68-71
+	sha1nexte	@MSG[2],$E
+	movdqu		0x20($inp),@MSG[2]
+	pshufb		$BSWAP,@MSG[1]
+
+	movdqa		$ABCD,$E_
+	sha1rnds4	\$3,$E,$ABCD		# 72-75
+	sha1nexte	@MSG[3],$E_
+	movdqu		0x30($inp),@MSG[3]
+	pshufb		$BSWAP,@MSG[2]
+
+	movdqa		$ABCD,$E
+	sha1rnds4	\$3,$E_,$ABCD		# 76-79
+	sha1nexte	$E_SAVE,$E
+	pshufb		$BSWAP,@MSG[3]
+
+	paddd		$ABCD_SAVE,$ABCD
+	movdqa		$E,$E_SAVE		# offload $E
+
+	jnz		.Loop_shaext
+
+	pshufd	\$0b00011011,$ABCD,$ABCD
+	pshufd	\$0b00011011,$E,$E
+	movdqu	$ABCD,($ctx)
+	movd	$E,16($ctx)
+___
+$code.=<<___ if ($win64);
+	movaps	-8-4*16(%rax),%xmm6
+	movaps	-8-3*16(%rax),%xmm7
+	movaps	-8-2*16(%rax),%xmm8
+	movaps	-8-1*16(%rax),%xmm9
+	mov	%rax,%rsp
+.Lepilogue_shaext:
+___
+$code.=<<___;
+.cfi_endproc
+	ret
+.size	sha1_block_data_order_shaext,.-sha1_block_data_order_shaext
+___
+}}}
+{{{
+my $Xi=4;
+my @X=map("%xmm$_",(4..7,0..3));
+my @Tx=map("%xmm$_",(8..10));
+my $Kx="%xmm11";
+my @V=($A,$B,$C,$D,$E)=("%eax","%ebx","%ecx","%edx","%ebp");	# size optimization
+my @T=("%esi","%edi");
+my $j=0;
+my $rx=0;
+my $K_XX_XX="%r14";
+my $fp="%r11";
+
+my $_rol=sub { &rol(@_) };
+my $_ror=sub { &ror(@_) };
+
+{ my $sn;
+sub align32() {
+  ++$sn;
+$code.=<<___;
+	jmp	.Lalign32_$sn	# see "Decoded ICache" in manual
+.align	32
+.Lalign32_$sn:
+___
+}
+}
+
+$code.=<<___;
+.type	sha1_block_data_order_ssse3,\@function,3
+.align	16
+sha1_block_data_order_ssse3:
+_ssse3_shortcut:
+.cfi_startproc
+	mov	%rsp,$fp	# frame pointer
+.cfi_def_cfa_register	$fp
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13		# redundant, done to share Win64 SE handler
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	lea	`-64-($win64?6*16:0)`(%rsp),%rsp
+___
+$code.=<<___ if ($win64);
+	movaps	%xmm6,-40-6*16($fp)
+	movaps	%xmm7,-40-5*16($fp)
+	movaps	%xmm8,-40-4*16($fp)
+	movaps	%xmm9,-40-3*16($fp)
+	movaps	%xmm10,-40-2*16($fp)
+	movaps	%xmm11,-40-1*16($fp)
+.Lprologue_ssse3:
+___
+$code.=<<___;
+	and	\$-64,%rsp
+	mov	%rdi,$ctx	# reassigned argument
+	mov	%rsi,$inp	# reassigned argument
+	mov	%rdx,$num	# reassigned argument
+
+	shl	\$6,$num
+	add	$inp,$num
+	lea	K_XX_XX+64(%rip),$K_XX_XX
+
+	mov	0($ctx),$A		# load context
+	mov	4($ctx),$B
+	mov	8($ctx),$C
+	mov	12($ctx),$D
+	mov	$B,@T[0]		# magic seed
+	mov	16($ctx),$E
+	mov	$C,@T[1]
+	xor	$D,@T[1]
+	and	@T[1],@T[0]
+
+	movdqa	64($K_XX_XX),@X[2]	# pbswap mask
+	movdqa	-64($K_XX_XX),@Tx[1]	# K_00_19
+	movdqu	0($inp),@X[-4&7]	# load input to %xmm[0-3]
+	movdqu	16($inp),@X[-3&7]
+	movdqu	32($inp),@X[-2&7]
+	movdqu	48($inp),@X[-1&7]
+	pshufb	@X[2],@X[-4&7]		# byte swap
+	pshufb	@X[2],@X[-3&7]
+	pshufb	@X[2],@X[-2&7]
+	add	\$64,$inp
+	paddd	@Tx[1],@X[-4&7]		# add K_00_19
+	pshufb	@X[2],@X[-1&7]
+	paddd	@Tx[1],@X[-3&7]
+	paddd	@Tx[1],@X[-2&7]
+	movdqa	@X[-4&7],0(%rsp)	# X[]+K xfer to IALU
+	psubd	@Tx[1],@X[-4&7]		# restore X[]
+	movdqa	@X[-3&7],16(%rsp)
+	psubd	@Tx[1],@X[-3&7]
+	movdqa	@X[-2&7],32(%rsp)
+	psubd	@Tx[1],@X[-2&7]
+	jmp	.Loop_ssse3
+___
+
+sub AUTOLOAD()		# thunk [simplified] 32-bit style perlasm
+{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://;
+  my $arg = pop;
+    $arg = "\$$arg" if ($arg*1 eq $arg);
+    $code .= "\t$opcode\t".join(',',$arg,reverse @_)."\n";
+}
+
+sub Xupdate_ssse3_16_31()		# recall that $Xi starts with 4
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 40 instructions
+  my ($a,$b,$c,$d,$e);
+
+	 eval(shift(@insns));		# ror
+	&pshufd	(@X[0],@X[-4&7],0xee);	# was &movdqa	(@X[0],@X[-3&7]);
+	 eval(shift(@insns));
+	&movdqa	(@Tx[0],@X[-1&7]);
+	  &paddd	(@Tx[1],@X[-1&7]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&punpcklqdq(@X[0],@X[-3&7]);	# compose "X[-14]" in "X[0]", was &palignr(@X[0],@X[-4&7],8);
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+	 eval(shift(@insns));
+	&psrldq	(@Tx[0],4);		# "X[-3]", 3 dwords
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&pxor	(@X[0],@X[-4&7]);	# "X[0]"^="X[-16]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# ror
+	&pxor	(@Tx[0],@X[-2&7]);	# "X[-3]"^"X[-8]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&pxor	(@X[0],@Tx[0]);		# "X[0]"^="X[-3]"^"X[-8]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+	  &movdqa	(eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]);	# X[]+K xfer to IALU
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&movdqa	(@Tx[2],@X[0]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# ror
+	&movdqa	(@Tx[0],@X[0]);
+	 eval(shift(@insns));
+
+	&pslldq	(@Tx[2],12);		# "X[0]"<<96, extract one dword
+	&paddd	(@X[0],@X[0]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&psrld	(@Tx[0],31);
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+	 eval(shift(@insns));
+	&movdqa	(@Tx[1],@Tx[2]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&psrld	(@Tx[2],30);
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# ror
+	&por	(@X[0],@Tx[0]);		# "X[0]"<<<=1
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&pslld	(@Tx[1],2);
+	&pxor	(@X[0],@Tx[2]);
+	 eval(shift(@insns));
+	  &movdqa	(@Tx[2],eval(2*16*(($Xi)/5)-64)."($K_XX_XX)");	# K_XX_XX
+	 eval(shift(@insns));		# rol
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&pxor	(@X[0],@Tx[1]);		# "X[0]"^=("X[0]">>96)<<<2
+	&pshufd (@Tx[1],@X[-1&7],0xee)	if ($Xi==7);	# was &movdqa	(@Tx[0],@X[-1&7]) in Xupdate_ssse3_32_79
+
+	 foreach (@insns) { eval; }	# remaining instructions [if any]
+
+  $Xi++;	push(@X,shift(@X));	# "rotate" X[]
+		push(@Tx,shift(@Tx));
+}
+
+sub Xupdate_ssse3_32_79()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 32 to 44 instructions
+  my ($a,$b,$c,$d,$e);
+
+	 eval(shift(@insns))		if ($Xi==8);
+	&pxor	(@X[0],@X[-4&7]);	# "X[0]"="X[-32]"^"X[-16]"
+	 eval(shift(@insns))		if ($Xi==8);
+	 eval(shift(@insns));		# body_20_39
+	 eval(shift(@insns));
+	 eval(shift(@insns))		if (@insns[1] =~ /_ror/);
+	 eval(shift(@insns))		if (@insns[0] =~ /_ror/);
+	&punpcklqdq(@Tx[0],@X[-1&7]);	# compose "X[-6]", was &palignr(@Tx[0],@X[-2&7],8);
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+
+	&pxor	(@X[0],@X[-7&7]);	# "X[0]"^="X[-28]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	if ($Xi%5) {
+	  &movdqa	(@Tx[2],@Tx[1]);# "perpetuate" K_XX_XX...
+	} else {			# ... or load next one
+	  &movdqa	(@Tx[2],eval(2*16*($Xi/5)-64)."($K_XX_XX)");
+	}
+	 eval(shift(@insns));		# ror
+	  &paddd	(@Tx[1],@X[-1&7]);
+	 eval(shift(@insns));
+
+	&pxor	(@X[0],@Tx[0]);		# "X[0]"^="X[-6]"
+	 eval(shift(@insns));		# body_20_39
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+	 eval(shift(@insns))		if (@insns[0] =~ /_ror/);
+
+	&movdqa	(@Tx[0],@X[0]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &movdqa	(eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]);	# X[]+K xfer to IALU
+	 eval(shift(@insns));		# ror
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# body_20_39
+
+	&pslld	(@X[0],2);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&psrld	(@Tx[0],30);
+	 eval(shift(@insns))		if (@insns[0] =~ /_rol/);# rol
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# ror
+
+	&por	(@X[0],@Tx[0]);		# "X[0]"<<<=2
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# body_20_39
+	 eval(shift(@insns))		if (@insns[1] =~ /_rol/);
+	 eval(shift(@insns))		if (@insns[0] =~ /_rol/);
+	  &pshufd(@Tx[1],@X[-1&7],0xee)	if ($Xi<19);	# was &movdqa	(@Tx[1],@X[0])
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+	 eval(shift(@insns));
+
+	 foreach (@insns) { eval; }	# remaining instructions
+
+  $Xi++;	push(@X,shift(@X));	# "rotate" X[]
+		push(@Tx,shift(@Tx));
+}
+
+sub Xuplast_ssse3_80()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
+  my ($a,$b,$c,$d,$e);
+
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &paddd	(@Tx[1],@X[-1&7]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	  &movdqa	(eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]);	# X[]+K xfer IALU
+
+	 foreach (@insns) { eval; }		# remaining instructions
+
+	&cmp	($inp,$num);
+	&je	(".Ldone_ssse3");
+
+	unshift(@Tx,pop(@Tx));
+
+	&movdqa	(@X[2],"64($K_XX_XX)");		# pbswap mask
+	&movdqa	(@Tx[1],"-64($K_XX_XX)");	# K_00_19
+	&movdqu	(@X[-4&7],"0($inp)");		# load input
+	&movdqu	(@X[-3&7],"16($inp)");
+	&movdqu	(@X[-2&7],"32($inp)");
+	&movdqu	(@X[-1&7],"48($inp)");
+	&pshufb	(@X[-4&7],@X[2]);		# byte swap
+	&add	($inp,64);
+
+  $Xi=0;
+}
+
+sub Xloop_ssse3()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
+  my ($a,$b,$c,$d,$e);
+
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&pshufb	(@X[($Xi-3)&7],@X[2]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&paddd	(@X[($Xi-4)&7],@Tx[1]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&movdqa	(eval(16*$Xi)."(%rsp)",@X[($Xi-4)&7]);	# X[]+K xfer to IALU
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&psubd	(@X[($Xi-4)&7],@Tx[1]);
+
+	foreach (@insns) { eval; }
+  $Xi++;
+}
+
+sub Xtail_ssse3()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
+  my ($a,$b,$c,$d,$e);
+
+	foreach (@insns) { eval; }
+}
+
+sub body_00_19 () {	# ((c^d)&b)^d
+	# on start @T[0]=(c^d)&b
+	return &body_20_39() if ($rx==19); $rx++;
+	(
+	'($a,$b,$c,$d,$e)=@V;'.
+	'&$_ror	($b,$j?7:2)',	# $b>>>2
+	'&xor	(@T[0],$d)',
+	'&mov	(@T[1],$a)',	# $b for next round
+
+	'&add	($e,eval(4*($j&15))."(%rsp)")',	# X[]+K xfer
+	'&xor	($b,$c)',	# $c^$d for next round
+
+	'&$_rol	($a,5)',
+	'&add	($e,@T[0])',
+	'&and	(@T[1],$b)',	# ($b&($c^$d)) for next round
+
+	'&xor	($b,$c)',	# restore $b
+	'&add	($e,$a);'	.'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));'
+	);
+}
+
+sub body_20_39 () {	# b^d^c
+	# on entry @T[0]=b^d
+	return &body_40_59() if ($rx==39); $rx++;
+	(
+	'($a,$b,$c,$d,$e)=@V;'.
+	'&add	($e,eval(4*($j&15))."(%rsp)")',	# X[]+K xfer
+	'&xor	(@T[0],$d)	if($j==19);'.
+	'&xor	(@T[0],$c)	if($j> 19)',	# ($b^$d^$c)
+	'&mov	(@T[1],$a)',	# $b for next round
+
+	'&$_rol	($a,5)',
+	'&add	($e,@T[0])',
+	'&xor	(@T[1],$c)	if ($j< 79)',	# $b^$d for next round
+
+	'&$_ror	($b,7)',	# $b>>>2
+	'&add	($e,$a);'	.'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));'
+	);
+}
+
+sub body_40_59 () {	# ((b^c)&(c^d))^c
+	# on entry @T[0]=(b^c), (c^=d)
+	$rx++;
+	(
+	'($a,$b,$c,$d,$e)=@V;'.
+	'&add	($e,eval(4*($j&15))."(%rsp)")',	# X[]+K xfer
+	'&and	(@T[0],$c)	if ($j>=40)',	# (b^c)&(c^d)
+	'&xor	($c,$d)		if ($j>=40)',	# restore $c
+
+	'&$_ror	($b,7)',	# $b>>>2
+	'&mov	(@T[1],$a)',	# $b for next round
+	'&xor	(@T[0],$c)',
+
+	'&$_rol	($a,5)',
+	'&add	($e,@T[0])',
+	'&xor	(@T[1],$c)	if ($j==59);'.
+	'&xor	(@T[1],$b)	if ($j< 59)',	# b^c for next round
+
+	'&xor	($b,$c)		if ($j< 59)',	# c^d for next round
+	'&add	($e,$a);'	.'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));'
+	);
+}
+$code.=<<___;
+.align	16
+.Loop_ssse3:
+___
+	&Xupdate_ssse3_16_31(\&body_00_19);
+	&Xupdate_ssse3_16_31(\&body_00_19);
+	&Xupdate_ssse3_16_31(\&body_00_19);
+	&Xupdate_ssse3_16_31(\&body_00_19);
+	&Xupdate_ssse3_32_79(\&body_00_19);
+	&Xupdate_ssse3_32_79(\&body_20_39);
+	&Xupdate_ssse3_32_79(\&body_20_39);
+	&Xupdate_ssse3_32_79(\&body_20_39);
+	&Xupdate_ssse3_32_79(\&body_20_39);
+	&Xupdate_ssse3_32_79(\&body_20_39);
+	&Xupdate_ssse3_32_79(\&body_40_59);
+	&Xupdate_ssse3_32_79(\&body_40_59);
+	&Xupdate_ssse3_32_79(\&body_40_59);
+	&Xupdate_ssse3_32_79(\&body_40_59);
+	&Xupdate_ssse3_32_79(\&body_40_59);
+	&Xupdate_ssse3_32_79(\&body_20_39);
+	&Xuplast_ssse3_80(\&body_20_39);	# can jump to "done"
+
+				$saved_j=$j; @saved_V=@V;
+
+	&Xloop_ssse3(\&body_20_39);
+	&Xloop_ssse3(\&body_20_39);
+	&Xloop_ssse3(\&body_20_39);
+
+$code.=<<___;
+	add	0($ctx),$A			# update context
+	add	4($ctx),@T[0]
+	add	8($ctx),$C
+	add	12($ctx),$D
+	mov	$A,0($ctx)
+	add	16($ctx),$E
+	mov	@T[0],4($ctx)
+	mov	@T[0],$B			# magic seed
+	mov	$C,8($ctx)
+	mov	$C,@T[1]
+	mov	$D,12($ctx)
+	xor	$D,@T[1]
+	mov	$E,16($ctx)
+	and	@T[1],@T[0]
+	jmp	.Loop_ssse3
+
+.align	16
+.Ldone_ssse3:
+___
+				$j=$saved_j; @V=@saved_V;
+
+	&Xtail_ssse3(\&body_20_39);
+	&Xtail_ssse3(\&body_20_39);
+	&Xtail_ssse3(\&body_20_39);
+
+$code.=<<___;
+	add	0($ctx),$A			# update context
+	add	4($ctx),@T[0]
+	add	8($ctx),$C
+	mov	$A,0($ctx)
+	add	12($ctx),$D
+	mov	@T[0],4($ctx)
+	add	16($ctx),$E
+	mov	$C,8($ctx)
+	mov	$D,12($ctx)
+	mov	$E,16($ctx)
+___
+$code.=<<___ if ($win64);
+	movaps	-40-6*16($fp),%xmm6
+	movaps	-40-5*16($fp),%xmm7
+	movaps	-40-4*16($fp),%xmm8
+	movaps	-40-3*16($fp),%xmm9
+	movaps	-40-2*16($fp),%xmm10
+	movaps	-40-1*16($fp),%xmm11
+___
+$code.=<<___;
+	mov	-40($fp),%r14
+.cfi_restore	%r14
+	mov	-32($fp),%r13
+.cfi_restore	%r13
+	mov	-24($fp),%r12
+.cfi_restore	%r12
+	mov	-16($fp),%rbp
+.cfi_restore	%rbp
+	mov	-8($fp),%rbx
+.cfi_restore	%rbx
+	lea	($fp),%rsp
+.cfi_def_cfa_register	%rsp
+.Lepilogue_ssse3:
+	ret
+.cfi_endproc
+.size	sha1_block_data_order_ssse3,.-sha1_block_data_order_ssse3
+___
+
+if ($avx) {
+$Xi=4;				# reset variables
+@X=map("%xmm$_",(4..7,0..3));
+@Tx=map("%xmm$_",(8..10));
+$j=0;
+$rx=0;
+
+my $done_avx_label=".Ldone_avx";
+
+my $_rol=sub { &shld(@_[0],@_) };
+my $_ror=sub { &shrd(@_[0],@_) };
+
+$code.=<<___;
+.type	sha1_block_data_order_avx,\@function,3
+.align	16
+sha1_block_data_order_avx:
+_avx_shortcut:
+.cfi_startproc
+	mov	%rsp,$fp
+.cfi_def_cfa_register	$fp
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13		# redundant, done to share Win64 SE handler
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	lea	`-64-($win64?6*16:0)`(%rsp),%rsp
+	vzeroupper
+___
+$code.=<<___ if ($win64);
+	vmovaps	%xmm6,-40-6*16($fp)
+	vmovaps	%xmm7,-40-5*16($fp)
+	vmovaps	%xmm8,-40-4*16($fp)
+	vmovaps	%xmm9,-40-3*16($fp)
+	vmovaps	%xmm10,-40-2*16($fp)
+	vmovaps	%xmm11,-40-1*16($fp)
+.Lprologue_avx:
+___
+$code.=<<___;
+	and	\$-64,%rsp
+	mov	%rdi,$ctx	# reassigned argument
+	mov	%rsi,$inp	# reassigned argument
+	mov	%rdx,$num	# reassigned argument
+
+	shl	\$6,$num
+	add	$inp,$num
+	lea	K_XX_XX+64(%rip),$K_XX_XX
+
+	mov	0($ctx),$A		# load context
+	mov	4($ctx),$B
+	mov	8($ctx),$C
+	mov	12($ctx),$D
+	mov	$B,@T[0]		# magic seed
+	mov	16($ctx),$E
+	mov	$C,@T[1]
+	xor	$D,@T[1]
+	and	@T[1],@T[0]
+
+	vmovdqa	64($K_XX_XX),@X[2]	# pbswap mask
+	vmovdqa	-64($K_XX_XX),$Kx	# K_00_19
+	vmovdqu	0($inp),@X[-4&7]	# load input to %xmm[0-3]
+	vmovdqu	16($inp),@X[-3&7]
+	vmovdqu	32($inp),@X[-2&7]
+	vmovdqu	48($inp),@X[-1&7]
+	vpshufb	@X[2],@X[-4&7],@X[-4&7]	# byte swap
+	add	\$64,$inp
+	vpshufb	@X[2],@X[-3&7],@X[-3&7]
+	vpshufb	@X[2],@X[-2&7],@X[-2&7]
+	vpshufb	@X[2],@X[-1&7],@X[-1&7]
+	vpaddd	$Kx,@X[-4&7],@X[0]	# add K_00_19
+	vpaddd	$Kx,@X[-3&7],@X[1]
+	vpaddd	$Kx,@X[-2&7],@X[2]
+	vmovdqa	@X[0],0(%rsp)		# X[]+K xfer to IALU
+	vmovdqa	@X[1],16(%rsp)
+	vmovdqa	@X[2],32(%rsp)
+	jmp	.Loop_avx
+___
+
+sub Xupdate_avx_16_31()		# recall that $Xi starts with 4
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 40 instructions
+  my ($a,$b,$c,$d,$e);
+
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vpalignr(@X[0],@X[-3&7],@X[-4&7],8);	# compose "X[-14]" in "X[0]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	  &vpaddd	(@Tx[1],$Kx,@X[-1&7]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vpsrldq(@Tx[0],@X[-1&7],4);		# "X[-3]", 3 dwords
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vpxor	(@X[0],@X[0],@X[-4&7]);		# "X[0]"^="X[-16]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpxor	(@Tx[0],@Tx[0],@X[-2&7]);	# "X[-3]"^"X[-8]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpxor	(@X[0],@X[0],@Tx[0]);		# "X[0]"^="X[-3]"^"X[-8]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &vmovdqa	(eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]);	# X[]+K xfer to IALU
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpsrld	(@Tx[0],@X[0],31);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpslldq(@Tx[2],@X[0],12);		# "X[0]"<<96, extract one dword
+	&vpaddd	(@X[0],@X[0],@X[0]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpsrld	(@Tx[1],@Tx[2],30);
+	&vpor	(@X[0],@X[0],@Tx[0]);		# "X[0]"<<<=1
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpslld	(@Tx[2],@Tx[2],2);
+	&vpxor	(@X[0],@X[0],@Tx[1]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpxor	(@X[0],@X[0],@Tx[2]);		# "X[0]"^=("X[0]">>96)<<<2
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &vmovdqa	($Kx,eval(2*16*(($Xi)/5)-64)."($K_XX_XX)")	if ($Xi%5==0);	# K_XX_XX
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+
+	 foreach (@insns) { eval; }	# remaining instructions [if any]
+
+  $Xi++;	push(@X,shift(@X));	# "rotate" X[]
+}
+
+sub Xupdate_avx_32_79()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 32 to 44 instructions
+  my ($a,$b,$c,$d,$e);
+
+	&vpalignr(@Tx[0],@X[-1&7],@X[-2&7],8);	# compose "X[-6]"
+	&vpxor	(@X[0],@X[0],@X[-4&7]);		# "X[0]"="X[-32]"^"X[-16]"
+	 eval(shift(@insns));		# body_20_39
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+
+	&vpxor	(@X[0],@X[0],@X[-7&7]);		# "X[0]"^="X[-28]"
+	 eval(shift(@insns));
+	 eval(shift(@insns))	if (@insns[0] !~ /&ro[rl]/);
+	  &vpaddd	(@Tx[1],$Kx,@X[-1&7]);
+	  &vmovdqa	($Kx,eval(2*16*($Xi/5)-64)."($K_XX_XX)")	if ($Xi%5==0);
+	 eval(shift(@insns));		# ror
+	 eval(shift(@insns));
+
+	&vpxor	(@X[0],@X[0],@Tx[0]);		# "X[0]"^="X[-6]"
+	 eval(shift(@insns));		# body_20_39
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+
+	&vpsrld	(@Tx[0],@X[0],30);
+	  &vmovdqa	(eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]);	# X[]+K xfer to IALU
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# ror
+	 eval(shift(@insns));
+
+	&vpslld	(@X[0],@X[0],2);
+	 eval(shift(@insns));		# body_20_39
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# ror
+	 eval(shift(@insns));
+
+	&vpor	(@X[0],@X[0],@Tx[0]);		# "X[0]"<<<=2
+	 eval(shift(@insns));		# body_20_39
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+	 eval(shift(@insns));
+
+	 foreach (@insns) { eval; }	# remaining instructions
+
+  $Xi++;	push(@X,shift(@X));	# "rotate" X[]
+}
+
+sub Xuplast_avx_80()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
+  my ($a,$b,$c,$d,$e);
+
+	 eval(shift(@insns));
+	  &vpaddd	(@Tx[1],$Kx,@X[-1&7]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	  &vmovdqa	(eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]);	# X[]+K xfer IALU
+
+	 foreach (@insns) { eval; }		# remaining instructions
+
+	&cmp	($inp,$num);
+	&je	($done_avx_label);
+
+	&vmovdqa(@X[2],"64($K_XX_XX)");		# pbswap mask
+	&vmovdqa($Kx,"-64($K_XX_XX)");		# K_00_19
+	&vmovdqu(@X[-4&7],"0($inp)");		# load input
+	&vmovdqu(@X[-3&7],"16($inp)");
+	&vmovdqu(@X[-2&7],"32($inp)");
+	&vmovdqu(@X[-1&7],"48($inp)");
+	&vpshufb(@X[-4&7],@X[-4&7],@X[2]);	# byte swap
+	&add	($inp,64);
+
+  $Xi=0;
+}
+
+sub Xloop_avx()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
+  my ($a,$b,$c,$d,$e);
+
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vpshufb(@X[($Xi-3)&7],@X[($Xi-3)&7],@X[2]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vpaddd	(@X[$Xi&7],@X[($Xi-4)&7],$Kx);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vmovdqa(eval(16*$Xi)."(%rsp)",@X[$Xi&7]);	# X[]+K xfer to IALU
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	foreach (@insns) { eval; }
+  $Xi++;
+}
+
+sub Xtail_avx()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
+  my ($a,$b,$c,$d,$e);
+
+	foreach (@insns) { eval; }
+}
+
+$code.=<<___;
+.align	16
+.Loop_avx:
+___
+	&Xupdate_avx_16_31(\&body_00_19);
+	&Xupdate_avx_16_31(\&body_00_19);
+	&Xupdate_avx_16_31(\&body_00_19);
+	&Xupdate_avx_16_31(\&body_00_19);
+	&Xupdate_avx_32_79(\&body_00_19);
+	&Xupdate_avx_32_79(\&body_20_39);
+	&Xupdate_avx_32_79(\&body_20_39);
+	&Xupdate_avx_32_79(\&body_20_39);
+	&Xupdate_avx_32_79(\&body_20_39);
+	&Xupdate_avx_32_79(\&body_20_39);
+	&Xupdate_avx_32_79(\&body_40_59);
+	&Xupdate_avx_32_79(\&body_40_59);
+	&Xupdate_avx_32_79(\&body_40_59);
+	&Xupdate_avx_32_79(\&body_40_59);
+	&Xupdate_avx_32_79(\&body_40_59);
+	&Xupdate_avx_32_79(\&body_20_39);
+	&Xuplast_avx_80(\&body_20_39);	# can jump to "done"
+
+				$saved_j=$j; @saved_V=@V;
+
+	&Xloop_avx(\&body_20_39);
+	&Xloop_avx(\&body_20_39);
+	&Xloop_avx(\&body_20_39);
+
+$code.=<<___;
+	add	0($ctx),$A			# update context
+	add	4($ctx),@T[0]
+	add	8($ctx),$C
+	add	12($ctx),$D
+	mov	$A,0($ctx)
+	add	16($ctx),$E
+	mov	@T[0],4($ctx)
+	mov	@T[0],$B			# magic seed
+	mov	$C,8($ctx)
+	mov	$C,@T[1]
+	mov	$D,12($ctx)
+	xor	$D,@T[1]
+	mov	$E,16($ctx)
+	and	@T[1],@T[0]
+	jmp	.Loop_avx
+
+.align	16
+$done_avx_label:
+___
+				$j=$saved_j; @V=@saved_V;
+
+	&Xtail_avx(\&body_20_39);
+	&Xtail_avx(\&body_20_39);
+	&Xtail_avx(\&body_20_39);
+
+$code.=<<___;
+	vzeroupper
+
+	add	0($ctx),$A			# update context
+	add	4($ctx),@T[0]
+	add	8($ctx),$C
+	mov	$A,0($ctx)
+	add	12($ctx),$D
+	mov	@T[0],4($ctx)
+	add	16($ctx),$E
+	mov	$C,8($ctx)
+	mov	$D,12($ctx)
+	mov	$E,16($ctx)
+___
+$code.=<<___ if ($win64);
+	movaps	-40-6*16($fp),%xmm6
+	movaps	-40-5*16($fp),%xmm7
+	movaps	-40-4*16($fp),%xmm8
+	movaps	-40-3*16($fp),%xmm9
+	movaps	-40-2*16($fp),%xmm10
+	movaps	-40-1*16($fp),%xmm11
+___
+$code.=<<___;
+	mov	-40($fp),%r14
+.cfi_restore	%r14
+	mov	-32($fp),%r13
+.cfi_restore	%r13
+	mov	-24($fp),%r12
+.cfi_restore	%r12
+	mov	-16($fp),%rbp
+.cfi_restore	%rbp
+	mov	-8($fp),%rbx
+.cfi_restore	%rbx
+	lea	($fp),%rsp
+.cfi_def_cfa_register	%rsp
+.Lepilogue_avx:
+	ret
+.cfi_endproc
+.size	sha1_block_data_order_avx,.-sha1_block_data_order_avx
+___
+
+if ($avx>1) {
+use integer;
+$Xi=4;					# reset variables
+@X=map("%ymm$_",(4..7,0..3));
+@Tx=map("%ymm$_",(8..10));
+$Kx="%ymm11";
+$j=0;
+
+my @ROTX=("%eax","%ebp","%ebx","%ecx","%edx","%esi");
+my ($a5,$t0)=("%r12d","%edi");
+
+my ($A,$F,$B,$C,$D,$E)=@ROTX;
+my $rx=0;
+my $frame="%r13";
+
+$code.=<<___;
+.type	sha1_block_data_order_avx2,\@function,3
+.align	16
+sha1_block_data_order_avx2:
+_avx2_shortcut:
+.cfi_startproc
+	mov	%rsp,$fp
+.cfi_def_cfa_register	$fp
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	vzeroupper
+___
+$code.=<<___ if ($win64);
+	lea	-6*16(%rsp),%rsp
+	vmovaps	%xmm6,-40-6*16($fp)
+	vmovaps	%xmm7,-40-5*16($fp)
+	vmovaps	%xmm8,-40-4*16($fp)
+	vmovaps	%xmm9,-40-3*16($fp)
+	vmovaps	%xmm10,-40-2*16($fp)
+	vmovaps	%xmm11,-40-1*16($fp)
+.Lprologue_avx2:
+___
+$code.=<<___;
+	mov	%rdi,$ctx		# reassigned argument
+	mov	%rsi,$inp		# reassigned argument
+	mov	%rdx,$num		# reassigned argument
+
+	lea	-640(%rsp),%rsp
+	shl	\$6,$num
+	 lea	64($inp),$frame
+	and	\$-128,%rsp
+	add	$inp,$num
+	lea	K_XX_XX+64(%rip),$K_XX_XX
+
+	mov	0($ctx),$A		# load context
+	 cmp	$num,$frame
+	 cmovae	$inp,$frame		# next or same block
+	mov	4($ctx),$F
+	mov	8($ctx),$C
+	mov	12($ctx),$D
+	mov	16($ctx),$E
+	vmovdqu	64($K_XX_XX),@X[2]	# pbswap mask
+
+	vmovdqu		($inp),%xmm0
+	vmovdqu		16($inp),%xmm1
+	vmovdqu		32($inp),%xmm2
+	vmovdqu		48($inp),%xmm3
+	lea		64($inp),$inp
+	vinserti128	\$1,($frame),@X[-4&7],@X[-4&7]
+	vinserti128	\$1,16($frame),@X[-3&7],@X[-3&7]
+	vpshufb		@X[2],@X[-4&7],@X[-4&7]
+	vinserti128	\$1,32($frame),@X[-2&7],@X[-2&7]
+	vpshufb		@X[2],@X[-3&7],@X[-3&7]
+	vinserti128	\$1,48($frame),@X[-1&7],@X[-1&7]
+	vpshufb		@X[2],@X[-2&7],@X[-2&7]
+	vmovdqu		-64($K_XX_XX),$Kx	# K_00_19
+	vpshufb		@X[2],@X[-1&7],@X[-1&7]
+
+	vpaddd	$Kx,@X[-4&7],@X[0]	# add K_00_19
+	vpaddd	$Kx,@X[-3&7],@X[1]
+	vmovdqu	@X[0],0(%rsp)		# X[]+K xfer to IALU
+	vpaddd	$Kx,@X[-2&7],@X[2]
+	vmovdqu	@X[1],32(%rsp)
+	vpaddd	$Kx,@X[-1&7],@X[3]
+	vmovdqu	@X[2],64(%rsp)
+	vmovdqu	@X[3],96(%rsp)
+___
+for (;$Xi<8;$Xi++) {	# Xupdate_avx2_16_31
+    use integer;
+
+	&vpalignr(@X[0],@X[-3&7],@X[-4&7],8);	# compose "X[-14]" in "X[0]"
+	&vpsrldq(@Tx[0],@X[-1&7],4);		# "X[-3]", 3 dwords
+	&vpxor	(@X[0],@X[0],@X[-4&7]);		# "X[0]"^="X[-16]"
+	&vpxor	(@Tx[0],@Tx[0],@X[-2&7]);	# "X[-3]"^"X[-8]"
+	&vpxor	(@X[0],@X[0],@Tx[0]);		# "X[0]"^="X[-3]"^"X[-8]"
+	&vpsrld	(@Tx[0],@X[0],31);
+	&vmovdqu($Kx,eval(2*16*(($Xi)/5)-64)."($K_XX_XX)")	if ($Xi%5==0);	# K_XX_XX
+	&vpslldq(@Tx[2],@X[0],12);		# "X[0]"<<96, extract one dword
+	&vpaddd	(@X[0],@X[0],@X[0]);
+	&vpsrld	(@Tx[1],@Tx[2],30);
+	&vpor	(@X[0],@X[0],@Tx[0]);		# "X[0]"<<<=1
+	&vpslld	(@Tx[2],@Tx[2],2);
+	&vpxor	(@X[0],@X[0],@Tx[1]);
+	&vpxor	(@X[0],@X[0],@Tx[2]);		# "X[0]"^=("X[0]">>96)<<<2
+	&vpaddd	(@Tx[1],@X[0],$Kx);
+	&vmovdqu("32*$Xi(%rsp)",@Tx[1]);	# X[]+K xfer to IALU
+
+	push(@X,shift(@X));	# "rotate" X[]
+}
+$code.=<<___;
+	lea	128(%rsp),$frame
+	jmp	.Loop_avx2
+.align	32
+.Loop_avx2:
+	rorx	\$2,$F,$B
+	andn	$D,$F,$t0
+	and	$C,$F
+	xor	$t0,$F
+___
+sub bodyx_00_19 () {	# 8 instructions, 3 cycles critical path
+	# at start $f=(b&c)^(~b&d), $b>>>=2
+	return &bodyx_20_39() if ($rx==19); $rx++;
+	(
+	'($a,$f,$b,$c,$d,$e)=@ROTX;'.
+
+	'&add	($e,((32*($j/4)+4*($j%4))%256-128)."($frame)");'.	# e+=X[i]+K
+	 '&lea	($frame,"256($frame)")	if ($j%32==31);',
+	'&andn	($t0,$a,$c)',			# ~b&d for next round
+
+	'&add	($e,$f)',			# e+=(b&c)^(~b&d)
+	'&rorx	($a5,$a,27)',			# a<<<5
+	'&rorx	($f,$a,2)',			# b>>>2 for next round
+	'&and	($a,$b)',			# b&c for next round
+
+	'&add	($e,$a5)',			# e+=a<<<5
+	'&xor	($a,$t0);'.			# f=(b&c)^(~b&d) for next round
+
+	'unshift(@ROTX,pop(@ROTX)); $j++;'
+	)
+}
+
+sub bodyx_20_39 () {	# 7 instructions, 2 cycles critical path
+	# on entry $f=b^c^d, $b>>>=2
+	return &bodyx_40_59() if ($rx==39); $rx++;
+	(
+	'($a,$f,$b,$c,$d,$e)=@ROTX;'.
+
+	'&add	($e,((32*($j/4)+4*($j%4))%256-128)."($frame)");'.	# e+=X[i]+K
+	 '&lea	($frame,"256($frame)")	if ($j%32==31);',
+
+	'&lea	($e,"($e,$f)")',		# e+=b^c^d
+	'&rorx	($a5,$a,27)',			# a<<<5
+	'&rorx	($f,$a,2)	if ($j<79)',	# b>>>2 in next round
+	'&xor	($a,$b)		if ($j<79)',	# b^c for next round
+
+	'&add	($e,$a5)',			# e+=a<<<5
+	'&xor	($a,$c)		if ($j<79);'.	# f=b^c^d for next round
+
+	'unshift(@ROTX,pop(@ROTX)); $j++;'
+	)
+}
+
+sub bodyx_40_59 () {	# 10 instructions, 3 cycles critical path
+	# on entry $f=((b^c)&(c^d)), $b>>>=2
+	$rx++;
+	(
+	'($a,$f,$b,$c,$d,$e)=@ROTX;'.
+
+	'&add	($e,((32*($j/4)+4*($j%4))%256-128)."($frame)");'.	# e+=X[i]+K
+	 '&lea	($frame,"256($frame)")	if ($j%32==31);',
+	'&xor	($f,$c)		if ($j>39)',	# (b^c)&(c^d)^c
+	'&mov	($t0,$b)	if ($j<59)',	# count on zero latency
+	'&xor	($t0,$c)	if ($j<59)',	# c^d for next round
+
+	'&lea	($e,"($e,$f)")',		# e+=(b^c)&(c^d)^c
+	'&rorx	($a5,$a,27)',			# a<<<5
+	'&rorx	($f,$a,2)',			# b>>>2 in next round
+	'&xor	($a,$b)',			# b^c for next round
+
+	'&add	($e,$a5)',			# e+=a<<<5
+	'&and	($a,$t0)	if ($j< 59);'.	# f=(b^c)&(c^d) for next round
+	'&xor	($a,$c)		if ($j==59);'.	# f=b^c^d for next round
+
+	'unshift(@ROTX,pop(@ROTX)); $j++;'
+	)
+}
+
+sub Xupdate_avx2_16_31()		# recall that $Xi starts with 4
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body,&$body);	# 35 instructions
+  my ($a,$b,$c,$d,$e);
+
+	&vpalignr(@X[0],@X[-3&7],@X[-4&7],8);	# compose "X[-14]" in "X[0]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpsrldq(@Tx[0],@X[-1&7],4);		# "X[-3]", 3 dwords
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpxor	(@X[0],@X[0],@X[-4&7]);		# "X[0]"^="X[-16]"
+	&vpxor	(@Tx[0],@Tx[0],@X[-2&7]);	# "X[-3]"^"X[-8]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpxor	(@X[0],@X[0],@Tx[0]);		# "X[0]"^="X[-3]"^"X[-8]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpsrld	(@Tx[0],@X[0],31);
+	&vmovdqu($Kx,eval(2*16*(($Xi)/5)-64)."($K_XX_XX)")	if ($Xi%5==0);	# K_XX_XX
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpslldq(@Tx[2],@X[0],12);		# "X[0]"<<96, extract one dword
+	&vpaddd	(@X[0],@X[0],@X[0]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpsrld	(@Tx[1],@Tx[2],30);
+	&vpor	(@X[0],@X[0],@Tx[0]);		# "X[0]"<<<=1
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpslld	(@Tx[2],@Tx[2],2);
+	&vpxor	(@X[0],@X[0],@Tx[1]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpxor	(@X[0],@X[0],@Tx[2]);		# "X[0]"^=("X[0]">>96)<<<2
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpaddd	(@Tx[1],@X[0],$Kx);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vmovdqu(eval(32*($Xi))."(%rsp)",@Tx[1]);	# X[]+K xfer to IALU
+
+	 foreach (@insns) { eval; }	# remaining instructions [if any]
+
+	$Xi++;
+	push(@X,shift(@X));	# "rotate" X[]
+}
+
+sub Xupdate_avx2_32_79()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body,&$body);	# 35 to 50 instructions
+  my ($a,$b,$c,$d,$e);
+
+	&vpalignr(@Tx[0],@X[-1&7],@X[-2&7],8);	# compose "X[-6]"
+	&vpxor	(@X[0],@X[0],@X[-4&7]);		# "X[0]"="X[-32]"^"X[-16]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpxor	(@X[0],@X[0],@X[-7&7]);		# "X[0]"^="X[-28]"
+	&vmovdqu($Kx,eval(2*16*($Xi/5)-64)."($K_XX_XX)")	if ($Xi%5==0);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpxor	(@X[0],@X[0],@Tx[0]);		# "X[0]"^="X[-6]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpsrld	(@Tx[0],@X[0],30);
+	&vpslld	(@X[0],@X[0],2);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	#&vpslld	(@X[0],@X[0],2);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpor	(@X[0],@X[0],@Tx[0]);		# "X[0]"<<<=2
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpaddd	(@Tx[1],@X[0],$Kx);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vmovdqu("32*$Xi(%rsp)",@Tx[1]);	# X[]+K xfer to IALU
+
+	 foreach (@insns) { eval; }	# remaining instructions
+
+	$Xi++;
+	push(@X,shift(@X));	# "rotate" X[]
+}
+
+sub Xloop_avx2()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body,&$body);	# 32 instructions
+  my ($a,$b,$c,$d,$e);
+
+	 foreach (@insns) { eval; }
+}
+
+	&align32();
+	&Xupdate_avx2_32_79(\&bodyx_00_19);
+	&Xupdate_avx2_32_79(\&bodyx_00_19);
+	&Xupdate_avx2_32_79(\&bodyx_00_19);
+	&Xupdate_avx2_32_79(\&bodyx_00_19);
+
+	&Xupdate_avx2_32_79(\&bodyx_20_39);
+	&Xupdate_avx2_32_79(\&bodyx_20_39);
+	&Xupdate_avx2_32_79(\&bodyx_20_39);
+	&Xupdate_avx2_32_79(\&bodyx_20_39);
+
+	&align32();
+	&Xupdate_avx2_32_79(\&bodyx_40_59);
+	&Xupdate_avx2_32_79(\&bodyx_40_59);
+	&Xupdate_avx2_32_79(\&bodyx_40_59);
+	&Xupdate_avx2_32_79(\&bodyx_40_59);
+
+	&Xloop_avx2(\&bodyx_20_39);
+	&Xloop_avx2(\&bodyx_20_39);
+	&Xloop_avx2(\&bodyx_20_39);
+	&Xloop_avx2(\&bodyx_20_39);
+
+$code.=<<___;
+	lea	128($inp),$frame
+	lea	128($inp),%rdi			# borrow $t0
+	cmp	$num,$frame
+	cmovae	$inp,$frame			# next or previous block
+
+	# output is d-e-[a]-f-b-c => A=d,F=e,C=f,D=b,E=c
+	add	0($ctx),@ROTX[0]		# update context
+	add	4($ctx),@ROTX[1]
+	add	8($ctx),@ROTX[3]
+	mov	@ROTX[0],0($ctx)
+	add	12($ctx),@ROTX[4]
+	mov	@ROTX[1],4($ctx)
+	 mov	@ROTX[0],$A			# A=d
+	add	16($ctx),@ROTX[5]
+	 mov	@ROTX[3],$a5
+	mov	@ROTX[3],8($ctx)
+	 mov	@ROTX[4],$D			# D=b
+	 #xchg	@ROTX[5],$F			# F=c, C=f
+	mov	@ROTX[4],12($ctx)
+	 mov	@ROTX[1],$F			# F=e
+	mov	@ROTX[5],16($ctx)
+	#mov	$F,16($ctx)
+	 mov	@ROTX[5],$E			# E=c
+	 mov	$a5,$C				# C=f
+	 #xchg	$F,$E				# E=c, F=e
+
+	cmp	$num,$inp
+	je	.Ldone_avx2
+___
+
+$Xi=4;				# reset variables
+@X=map("%ymm$_",(4..7,0..3));
+
+$code.=<<___;
+	vmovdqu	64($K_XX_XX),@X[2]		# pbswap mask
+	cmp	$num,%rdi			# borrowed $t0
+	ja	.Last_avx2
+
+	vmovdqu		-64(%rdi),%xmm0		# low part of @X[-4&7]
+	vmovdqu		-48(%rdi),%xmm1
+	vmovdqu		-32(%rdi),%xmm2
+	vmovdqu		-16(%rdi),%xmm3
+	vinserti128	\$1,0($frame),@X[-4&7],@X[-4&7]
+	vinserti128	\$1,16($frame),@X[-3&7],@X[-3&7]
+	vinserti128	\$1,32($frame),@X[-2&7],@X[-2&7]
+	vinserti128	\$1,48($frame),@X[-1&7],@X[-1&7]
+	jmp	.Last_avx2
+
+.align	32
+.Last_avx2:
+	lea	128+16(%rsp),$frame
+	rorx	\$2,$F,$B
+	andn	$D,$F,$t0
+	and	$C,$F
+	xor	$t0,$F
+	sub	\$-128,$inp
+___
+	$rx=$j=0;	@ROTX=($A,$F,$B,$C,$D,$E);
+
+	&Xloop_avx2	(\&bodyx_00_19);
+	&Xloop_avx2	(\&bodyx_00_19);
+	&Xloop_avx2	(\&bodyx_00_19);
+	&Xloop_avx2	(\&bodyx_00_19);
+
+	&Xloop_avx2	(\&bodyx_20_39);
+	  &vmovdqu	($Kx,"-64($K_XX_XX)");		# K_00_19
+	  &vpshufb	(@X[-4&7],@X[-4&7],@X[2]);	# byte swap
+	&Xloop_avx2	(\&bodyx_20_39);
+	  &vpshufb	(@X[-3&7],@X[-3&7],@X[2]);
+	  &vpaddd	(@Tx[0],@X[-4&7],$Kx);		# add K_00_19
+	&Xloop_avx2	(\&bodyx_20_39);
+	  &vmovdqu	("0(%rsp)",@Tx[0]);
+	  &vpshufb	(@X[-2&7],@X[-2&7],@X[2]);
+	  &vpaddd	(@Tx[1],@X[-3&7],$Kx);
+	&Xloop_avx2	(\&bodyx_20_39);
+	  &vmovdqu	("32(%rsp)",@Tx[1]);
+	  &vpshufb	(@X[-1&7],@X[-1&7],@X[2]);
+	  &vpaddd	(@X[2],@X[-2&7],$Kx);
+
+	&Xloop_avx2	(\&bodyx_40_59);
+	&align32	();
+	  &vmovdqu	("64(%rsp)",@X[2]);
+	  &vpaddd	(@X[3],@X[-1&7],$Kx);
+	&Xloop_avx2	(\&bodyx_40_59);
+	  &vmovdqu	("96(%rsp)",@X[3]);
+	&Xloop_avx2	(\&bodyx_40_59);
+	&Xupdate_avx2_16_31(\&bodyx_40_59);
+
+	&Xupdate_avx2_16_31(\&bodyx_20_39);
+	&Xupdate_avx2_16_31(\&bodyx_20_39);
+	&Xupdate_avx2_16_31(\&bodyx_20_39);
+	&Xloop_avx2	(\&bodyx_20_39);
+
+$code.=<<___;
+	lea	128(%rsp),$frame
+
+	# output is d-e-[a]-f-b-c => A=d,F=e,C=f,D=b,E=c
+	add	0($ctx),@ROTX[0]		# update context
+	add	4($ctx),@ROTX[1]
+	add	8($ctx),@ROTX[3]
+	mov	@ROTX[0],0($ctx)
+	add	12($ctx),@ROTX[4]
+	mov	@ROTX[1],4($ctx)
+	 mov	@ROTX[0],$A			# A=d
+	add	16($ctx),@ROTX[5]
+	 mov	@ROTX[3],$a5
+	mov	@ROTX[3],8($ctx)
+	 mov	@ROTX[4],$D			# D=b
+	 #xchg	@ROTX[5],$F			# F=c, C=f
+	mov	@ROTX[4],12($ctx)
+	 mov	@ROTX[1],$F			# F=e
+	mov	@ROTX[5],16($ctx)
+	#mov	$F,16($ctx)
+	 mov	@ROTX[5],$E			# E=c
+	 mov	$a5,$C				# C=f
+	 #xchg	$F,$E				# E=c, F=e
+
+	cmp	$num,$inp
+	jbe	.Loop_avx2
+
+.Ldone_avx2:
+	vzeroupper
+___
+$code.=<<___ if ($win64);
+	movaps	-40-6*16($fp),%xmm6
+	movaps	-40-5*16($fp),%xmm7
+	movaps	-40-4*16($fp),%xmm8
+	movaps	-40-3*16($fp),%xmm9
+	movaps	-40-2*16($fp),%xmm10
+	movaps	-40-1*16($fp),%xmm11
+___
+$code.=<<___;
+	mov	-40($fp),%r14
+.cfi_restore	%r14
+	mov	-32($fp),%r13
+.cfi_restore	%r13
+	mov	-24($fp),%r12
+.cfi_restore	%r12
+	mov	-16($fp),%rbp
+.cfi_restore	%rbp
+	mov	-8($fp),%rbx
+.cfi_restore	%rbx
+	lea	($fp),%rsp
+.cfi_def_cfa_register	%rsp
+.Lepilogue_avx2:
+	ret
+.cfi_endproc
+.size	sha1_block_data_order_avx2,.-sha1_block_data_order_avx2
+___
+}
+}
+$code.=<<___;
+.align	64
+K_XX_XX:
+.long	0x5a827999,0x5a827999,0x5a827999,0x5a827999	# K_00_19
+.long	0x5a827999,0x5a827999,0x5a827999,0x5a827999	# K_00_19
+.long	0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1	# K_20_39
+.long	0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1	# K_20_39
+.long	0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc	# K_40_59
+.long	0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc	# K_40_59
+.long	0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6	# K_60_79
+.long	0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6	# K_60_79
+.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f	# pbswap mask
+.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f	# pbswap mask
+.byte	0xf,0xe,0xd,0xc,0xb,0xa,0x9,0x8,0x7,0x6,0x5,0x4,0x3,0x2,0x1,0x0
+___
+}}}
+$code.=<<___;
+.asciz	"SHA1 block transform for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+.align	64
+___
+
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern	__imp_RtlVirtualUnwind
+.type	se_handler,\@abi-omnipotent
+.align	16
+se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	lea	.Lprologue(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip<.Lprologue
+	jb	.Lcommon_seh_tail
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	lea	.Lepilogue(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip>=.Lepilogue
+	jae	.Lcommon_seh_tail
+
+	mov	`16*4`(%rax),%rax	# pull saved stack pointer
+
+	mov	-8(%rax),%rbx
+	mov	-16(%rax),%rbp
+	mov	-24(%rax),%r12
+	mov	-32(%rax),%r13
+	mov	-40(%rax),%r14
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+	mov	%r14,232($context)	# restore context->R14
+
+	jmp	.Lcommon_seh_tail
+.size	se_handler,.-se_handler
+___
+
+$code.=<<___ if ($shaext);
+.type	shaext_handler,\@abi-omnipotent
+.align	16
+shaext_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	lea	.Lprologue_shaext(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip<.Lprologue
+	jb	.Lcommon_seh_tail
+
+	lea	.Lepilogue_shaext(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip>=.Lepilogue
+	jae	.Lcommon_seh_tail
+
+	lea	-8-4*16(%rax),%rsi
+	lea	512($context),%rdi	# &context.Xmm6
+	mov	\$8,%ecx
+	.long	0xa548f3fc		# cld; rep movsq
+
+	jmp	.Lcommon_seh_tail
+.size	shaext_handler,.-shaext_handler
+___
+
+$code.=<<___;
+.type	ssse3_handler,\@abi-omnipotent
+.align	16
+ssse3_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# prologue label
+	cmp	%r10,%rbx		# context->Rip<prologue label
+	jb	.Lcommon_seh_tail
+
+	mov	208($context),%rax	# pull context->R11
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lcommon_seh_tail
+
+	lea	-40-6*16(%rax),%rsi
+	lea	512($context),%rdi	# &context.Xmm6
+	mov	\$12,%ecx
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	-8(%rax),%rbx
+	mov	-16(%rax),%rbp
+	mov	-24(%rax),%r12
+	mov	-32(%rax),%r13
+	mov	-40(%rax),%r14
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+	mov	%r14,232($context)	# restore context->R14
+
+.Lcommon_seh_tail:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$154,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	ssse3_handler,.-ssse3_handler
+
+.section	.pdata
+.align	4
+	.rva	.LSEH_begin_sha1_block_data_order
+	.rva	.LSEH_end_sha1_block_data_order
+	.rva	.LSEH_info_sha1_block_data_order
+___
+$code.=<<___ if ($shaext);
+	.rva	.LSEH_begin_sha1_block_data_order_shaext
+	.rva	.LSEH_end_sha1_block_data_order_shaext
+	.rva	.LSEH_info_sha1_block_data_order_shaext
+___
+$code.=<<___;
+	.rva	.LSEH_begin_sha1_block_data_order_ssse3
+	.rva	.LSEH_end_sha1_block_data_order_ssse3
+	.rva	.LSEH_info_sha1_block_data_order_ssse3
+___
+$code.=<<___ if ($avx);
+	.rva	.LSEH_begin_sha1_block_data_order_avx
+	.rva	.LSEH_end_sha1_block_data_order_avx
+	.rva	.LSEH_info_sha1_block_data_order_avx
+___
+$code.=<<___ if ($avx>1);
+	.rva	.LSEH_begin_sha1_block_data_order_avx2
+	.rva	.LSEH_end_sha1_block_data_order_avx2
+	.rva	.LSEH_info_sha1_block_data_order_avx2
+___
+$code.=<<___;
+.section	.xdata
+.align	8
+.LSEH_info_sha1_block_data_order:
+	.byte	9,0,0,0
+	.rva	se_handler
+___
+$code.=<<___ if ($shaext);
+.LSEH_info_sha1_block_data_order_shaext:
+	.byte	9,0,0,0
+	.rva	shaext_handler
+___
+$code.=<<___;
+.LSEH_info_sha1_block_data_order_ssse3:
+	.byte	9,0,0,0
+	.rva	ssse3_handler
+	.rva	.Lprologue_ssse3,.Lepilogue_ssse3	# HandlerData[]
+___
+$code.=<<___ if ($avx);
+.LSEH_info_sha1_block_data_order_avx:
+	.byte	9,0,0,0
+	.rva	ssse3_handler
+	.rva	.Lprologue_avx,.Lepilogue_avx		# HandlerData[]
+___
+$code.=<<___ if ($avx>1);
+.LSEH_info_sha1_block_data_order_avx2:
+	.byte	9,0,0,0
+	.rva	ssse3_handler
+	.rva	.Lprologue_avx2,.Lepilogue_avx2		# HandlerData[]
+___
+}
+
+####################################################################
+
+sub sha1rnds4 {
+    if (@_[0] =~ /\$([x0-9a-f]+),\s*%xmm([0-7]),\s*%xmm([0-7])/) {
+      my @opcode=(0x0f,0x3a,0xcc);
+	push @opcode,0xc0|($2&7)|(($3&7)<<3);		# ModR/M
+	my $c=$1;
+	push @opcode,$c=~/^0/?oct($c):$c;
+	return ".byte\t".join(',',@opcode);
+    } else {
+	return "sha1rnds4\t".@_[0];
+    }
+}
+
+sub sha1op38 {
+    my $instr = shift;
+    my %opcodelet = (
+		"sha1nexte" => 0xc8,
+  		"sha1msg1"  => 0xc9,
+		"sha1msg2"  => 0xca	);
+
+    if (defined($opcodelet{$instr}) && @_[0] =~ /%xmm([0-9]+),\s*%xmm([0-9]+)/) {
+      my @opcode=(0x0f,0x38);
+      my $rex=0;
+	$rex|=0x04			if ($2>=8);
+	$rex|=0x01			if ($1>=8);
+	unshift @opcode,0x40|$rex	if ($rex);
+	push @opcode,$opcodelet{$instr};
+	push @opcode,0xc0|($1&7)|(($2&7)<<3);		# ModR/M
+	return ".byte\t".join(',',@opcode);
+    } else {
+	return $instr."\t".@_[0];
+    }
+}
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/geo;
+
+	s/\b(sha1rnds4)\s+(.*)/sha1rnds4($2)/geo	or
+	s/\b(sha1[^\s]*)\s+(.*)/sha1op38($1,$2)/geo;
+
+	print $_,"\n";
+}
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha256-586.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha256-586.pl
new file mode 100644
index 000000000..dccc771ad
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha256-586.pl
@@ -0,0 +1,1296 @@
+#! /usr/bin/env perl
+# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# SHA256 block transform for x86. September 2007.
+#
+# Performance improvement over compiler generated code varies from
+# 10% to 40% [see below]. Not very impressive on some µ-archs, but
+# it's 5 times smaller and optimizes amount of writes.
+#
+# May 2012.
+#
+# Optimization including two of Pavel Semjanov's ideas, alternative
+# Maj and full unroll, resulted in ~20-25% improvement on most CPUs,
+# ~7% on Pentium, ~40% on Atom. As fully unrolled loop body is almost
+# 15x larger, 8KB vs. 560B, it's fired only for longer inputs. But not
+# on P4, where it kills performance, nor Sandy Bridge, where folded
+# loop is approximately as fast...
+#
+# June 2012.
+#
+# Add AMD XOP-specific code path, >30% improvement on Bulldozer over
+# May version, >60% over original. Add AVX+shrd code path, >25%
+# improvement on Sandy Bridge over May version, 60% over original.
+#
+# May 2013.
+#
+# Replace AMD XOP code path with SSSE3 to cover more processors.
+# (Biggest improvement coefficient is on upcoming Atom Silvermont,
+# not shown.) Add AVX+BMI code path.
+#
+# March 2014.
+#
+# Add support for Intel SHA Extensions.
+#
+# Performance in clock cycles per processed byte (less is better):
+#
+#		gcc	icc	x86 asm(*)	SIMD	x86_64 asm(**)
+# Pentium	46	57	40/38		-	-
+# PIII		36	33	27/24		-	-
+# P4		41	38	28		-	17.3
+# AMD K8	27	25	19/15.5		-	14.9
+# Core2		26	23	18/15.6		14.3	13.8
+# Westmere	27	-	19/15.7		13.4	12.3
+# Sandy Bridge	25	-	15.9		12.4	11.6
+# Ivy Bridge	24	-	15.0		11.4	10.3
+# Haswell	22	-	13.9		9.46	7.80
+# Skylake	20	-	14.9		9.50	7.70
+# Bulldozer	36	-	27/22		17.0	13.6
+# VIA Nano	36	-	25/22		16.8	16.5
+# Atom		50	-	30/25		21.9	18.9
+# Silvermont	40	-	34/31		22.9	20.6
+# Goldmont	29	-	20		16.3(***)
+#
+# (*)	numbers after slash are for unrolled loop, where applicable;
+# (**)	x86_64 assembly performance is presented for reference
+#	purposes, results are best-available;
+# (***)	SHAEXT result is 4.1, strangely enough better than 64-bit one;
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+
+$output=pop;
+open STDOUT,">$output";
+
+&asm_init($ARGV[0],$ARGV[$#ARGV] eq "386");
+
+$xmm=$avx=0;
+for (@ARGV) { $xmm=1 if (/-DOPENSSL_IA32_SSE2/); }
+
+if ($xmm &&	`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+			=~ /GNU assembler version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.19) + ($1>=2.22);
+}
+
+if ($xmm && !$avx && $ARGV[0] eq "win32n" &&
+		`nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.03) + ($1>=2.10);
+}
+
+if ($xmm && !$avx && $ARGV[0] eq "win32" &&
+		`ml 2>&1` =~ /Version ([0-9]+)\./) {
+	$avx = ($1>=10) + ($1>=11);
+}
+
+if ($xmm && !$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) {
+	$avx = ($2>=3.0) + ($2>3.0);
+}
+
+$shaext=$xmm;	### set to zero if compiling for 1.0.1
+
+$unroll_after = 64*4;	# If pre-evicted from L1P cache first spin of
+			# fully unrolled loop was measured to run about
+			# 3-4x slower. If slowdown coefficient is N and
+			# unrolled loop is m times faster, then you break
+			# even at (N-1)/(m-1) blocks. Then it needs to be
+			# adjusted for probability of code being evicted,
+			# code size/cache size=1/4. Typical m is 1.15...
+
+$A="eax";
+$E="edx";
+$T="ebx";
+$Aoff=&DWP(4,"esp");
+$Boff=&DWP(8,"esp");
+$Coff=&DWP(12,"esp");
+$Doff=&DWP(16,"esp");
+$Eoff=&DWP(20,"esp");
+$Foff=&DWP(24,"esp");
+$Goff=&DWP(28,"esp");
+$Hoff=&DWP(32,"esp");
+$Xoff=&DWP(36,"esp");
+$K256="ebp";
+
+sub BODY_16_63() {
+	&mov	($T,"ecx");			# "ecx" is preloaded
+	 &mov	("esi",&DWP(4*(9+15+16-14),"esp"));
+	&ror	("ecx",18-7);
+	 &mov	("edi","esi");
+	&ror	("esi",19-17);
+	 &xor	("ecx",$T);
+	 &shr	($T,3);
+	&ror	("ecx",7);
+	 &xor	("esi","edi");
+	 &xor	($T,"ecx");			# T = sigma0(X[-15])
+	&ror	("esi",17);
+	 &add	($T,&DWP(4*(9+15+16),"esp"));	# T += X[-16]
+	&shr	("edi",10);
+	 &add	($T,&DWP(4*(9+15+16-9),"esp"));	# T += X[-7]
+	#&xor	("edi","esi")			# sigma1(X[-2])
+	# &add	($T,"edi");			# T += sigma1(X[-2])
+	# &mov	(&DWP(4*(9+15),"esp"),$T);	# save X[0]
+
+	&BODY_00_15(1);
+}
+sub BODY_00_15() {
+    my $in_16_63=shift;
+
+	&mov	("ecx",$E);
+	 &xor	("edi","esi")			if ($in_16_63);	# sigma1(X[-2])
+	 &mov	("esi",$Foff);
+	&ror	("ecx",25-11);
+	 &add	($T,"edi")			if ($in_16_63);	# T += sigma1(X[-2])
+	 &mov	("edi",$Goff);
+	&xor	("ecx",$E);
+	 &xor	("esi","edi");
+	 &mov	($T,&DWP(4*(9+15),"esp"))	if (!$in_16_63);
+	 &mov	(&DWP(4*(9+15),"esp"),$T)	if ($in_16_63);	# save X[0]
+	&ror	("ecx",11-6);
+	 &and	("esi",$E);
+	 &mov	($Eoff,$E);		# modulo-scheduled
+	&xor	($E,"ecx");
+	 &add	($T,$Hoff);		# T += h
+	 &xor	("esi","edi");		# Ch(e,f,g)
+	&ror	($E,6);			# Sigma1(e)
+	 &mov	("ecx",$A);
+	 &add	($T,"esi");		# T += Ch(e,f,g)
+
+	&ror	("ecx",22-13);
+	 &add	($T,$E);		# T += Sigma1(e)
+	 &mov	("edi",$Boff);
+	&xor	("ecx",$A);
+	 &mov	($Aoff,$A);		# modulo-scheduled
+	 &lea	("esp",&DWP(-4,"esp"));
+	&ror	("ecx",13-2);
+	 &mov	("esi",&DWP(0,$K256));
+	&xor	("ecx",$A);
+	 &mov	($E,$Eoff);		# e in next iteration, d in this one
+	 &xor	($A,"edi");		# a ^= b
+	&ror	("ecx",2);		# Sigma0(a)
+
+	 &add	($T,"esi");		# T+= K[i]
+	 &mov	(&DWP(0,"esp"),$A);	# (b^c) in next round
+	&add	($E,$T);		# d += T
+	 &and	($A,&DWP(4,"esp"));	# a &= (b^c)
+	&add	($T,"ecx");		# T += Sigma0(a)
+	 &xor	($A,"edi");		# h = Maj(a,b,c) = Ch(a^b,c,b)
+	 &mov	("ecx",&DWP(4*(9+15+16-1),"esp"))	if ($in_16_63);	# preload T
+	&add	($K256,4);
+	 &add	($A,$T);		# h += T
+}
+
+&external_label("OPENSSL_ia32cap_P")		if (!$i386);
+
+&function_begin("sha256_block_data_order");
+	&mov	("esi",wparam(0));	# ctx
+	&mov	("edi",wparam(1));	# inp
+	&mov	("eax",wparam(2));	# num
+	&mov	("ebx","esp");		# saved sp
+
+	&call	(&label("pic_point"));	# make it PIC!
+&set_label("pic_point");
+	&blindpop($K256);
+	&lea	($K256,&DWP(&label("K256")."-".&label("pic_point"),$K256));
+
+	&sub	("esp",16);
+	&and	("esp",-64);
+
+	&shl	("eax",6);
+	&add	("eax","edi");
+	&mov	(&DWP(0,"esp"),"esi");	# ctx
+	&mov	(&DWP(4,"esp"),"edi");	# inp
+	&mov	(&DWP(8,"esp"),"eax");	# inp+num*128
+	&mov	(&DWP(12,"esp"),"ebx");	# saved sp
+						if (!$i386 && $xmm) {
+	&picmeup("edx","OPENSSL_ia32cap_P",$K256,&label("K256"));
+	&mov	("ecx",&DWP(0,"edx"));
+	&mov	("ebx",&DWP(4,"edx"));
+	&test	("ecx",1<<20);		# check for P4
+	&jnz	(&label("loop"));
+	&mov	("edx",&DWP(8,"edx"))	if ($xmm);
+	&test	("ecx",1<<24);		# check for FXSR
+	&jz	($unroll_after?&label("no_xmm"):&label("loop"));
+	&and	("ecx",1<<30);		# mask "Intel CPU" bit
+	&and	("ebx",1<<28|1<<9);	# mask AVX and SSSE3 bits
+	&test	("edx",1<<29)		if ($shaext);	# check for SHA
+	&jnz	(&label("shaext"))	if ($shaext);
+	&or	("ecx","ebx");
+	&and	("ecx",1<<28|1<<30);
+	&cmp	("ecx",1<<28|1<<30);
+					if ($xmm) {
+	&je	(&label("AVX"))		if ($avx);
+	&test	("ebx",1<<9);		# check for SSSE3
+	&jnz	(&label("SSSE3"));
+					} else {
+	&je	(&label("loop_shrd"));
+					}
+						if ($unroll_after) {
+&set_label("no_xmm");
+	&sub	("eax","edi");
+	&cmp	("eax",$unroll_after);
+	&jae	(&label("unrolled"));
+						} }
+	&jmp	(&label("loop"));
+
+sub COMPACT_LOOP() {
+my $suffix=shift;
+
+&set_label("loop$suffix",$suffix?32:16);
+    # copy input block to stack reversing byte and dword order
+    for($i=0;$i<4;$i++) {
+	&mov	("eax",&DWP($i*16+0,"edi"));
+	&mov	("ebx",&DWP($i*16+4,"edi"));
+	&mov	("ecx",&DWP($i*16+8,"edi"));
+	&bswap	("eax");
+	&mov	("edx",&DWP($i*16+12,"edi"));
+	&bswap	("ebx");
+	&push	("eax");
+	&bswap	("ecx");
+	&push	("ebx");
+	&bswap	("edx");
+	&push	("ecx");
+	&push	("edx");
+    }
+	&add	("edi",64);
+	&lea	("esp",&DWP(-4*9,"esp"));# place for A,B,C,D,E,F,G,H
+	&mov	(&DWP(4*(9+16)+4,"esp"),"edi");
+
+	# copy ctx->h[0-7] to A,B,C,D,E,F,G,H on stack
+	&mov	($A,&DWP(0,"esi"));
+	&mov	("ebx",&DWP(4,"esi"));
+	&mov	("ecx",&DWP(8,"esi"));
+	&mov	("edi",&DWP(12,"esi"));
+	# &mov	($Aoff,$A);
+	&mov	($Boff,"ebx");
+	&xor	("ebx","ecx");
+	&mov	($Coff,"ecx");
+	&mov	($Doff,"edi");
+	&mov	(&DWP(0,"esp"),"ebx");	# magic
+	&mov	($E,&DWP(16,"esi"));
+	&mov	("ebx",&DWP(20,"esi"));
+	&mov	("ecx",&DWP(24,"esi"));
+	&mov	("edi",&DWP(28,"esi"));
+	# &mov	($Eoff,$E);
+	&mov	($Foff,"ebx");
+	&mov	($Goff,"ecx");
+	&mov	($Hoff,"edi");
+
+&set_label("00_15$suffix",16);
+
+	&BODY_00_15();
+
+	&cmp	("esi",0xc19bf174);
+	&jne	(&label("00_15$suffix"));
+
+	&mov	("ecx",&DWP(4*(9+15+16-1),"esp"));	# preloaded in BODY_00_15(1)
+	&jmp	(&label("16_63$suffix"));
+
+&set_label("16_63$suffix",16);
+
+	&BODY_16_63();
+
+	&cmp	("esi",0xc67178f2);
+	&jne	(&label("16_63$suffix"));
+
+	&mov	("esi",&DWP(4*(9+16+64)+0,"esp"));#ctx
+	# &mov	($A,$Aoff);
+	&mov	("ebx",$Boff);
+	# &mov	("edi",$Coff);
+	&mov	("ecx",$Doff);
+	&add	($A,&DWP(0,"esi"));
+	&add	("ebx",&DWP(4,"esi"));
+	&add	("edi",&DWP(8,"esi"));
+	&add	("ecx",&DWP(12,"esi"));
+	&mov	(&DWP(0,"esi"),$A);
+	&mov	(&DWP(4,"esi"),"ebx");
+	&mov	(&DWP(8,"esi"),"edi");
+	&mov	(&DWP(12,"esi"),"ecx");
+	# &mov	($E,$Eoff);
+	&mov	("eax",$Foff);
+	&mov	("ebx",$Goff);
+	&mov	("ecx",$Hoff);
+	&mov	("edi",&DWP(4*(9+16+64)+4,"esp"));#inp
+	&add	($E,&DWP(16,"esi"));
+	&add	("eax",&DWP(20,"esi"));
+	&add	("ebx",&DWP(24,"esi"));
+	&add	("ecx",&DWP(28,"esi"));
+	&mov	(&DWP(16,"esi"),$E);
+	&mov	(&DWP(20,"esi"),"eax");
+	&mov	(&DWP(24,"esi"),"ebx");
+	&mov	(&DWP(28,"esi"),"ecx");
+
+	&lea	("esp",&DWP(4*(9+16+64),"esp"));# destroy frame
+	&sub	($K256,4*64);			# rewind K
+
+	&cmp	("edi",&DWP(8,"esp"));		# are we done yet?
+	&jb	(&label("loop$suffix"));
+}
+	&COMPACT_LOOP();
+	&mov	("esp",&DWP(12,"esp"));		# restore sp
+&function_end_A();
+						if (!$i386 && !$xmm) {
+	# ~20% improvement on Sandy Bridge
+	local *ror = sub { &shrd(@_[0],@_) };
+	&COMPACT_LOOP("_shrd");
+	&mov	("esp",&DWP(12,"esp"));		# restore sp
+&function_end_A();
+						}
+
+&set_label("K256",64);	# Yes! I keep it in the code segment!
+@K256=(	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5,
+	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5,
+	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3,
+	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174,
+	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc,
+	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da,
+	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7,
+	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967,
+	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13,
+	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85,
+	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3,
+	0xd192e819,0xd6990624,0xf40e3585,0x106aa070,
+	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5,
+	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3,
+	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208,
+	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2	);
+&data_word(@K256);
+&data_word(0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f);	# byte swap mask
+&asciz("SHA256 block transform for x86, CRYPTOGAMS by <appro\@openssl.org>");
+
+($a,$b,$c,$d,$e,$f,$g,$h)=(0..7);	# offsets
+sub off { &DWP(4*(((shift)-$i)&7),"esp"); }
+
+if (!$i386 && $unroll_after) {
+my @AH=($A,$K256);
+
+&set_label("unrolled",16);
+	&lea	("esp",&DWP(-96,"esp"));
+	# copy ctx->h[0-7] to A,B,C,D,E,F,G,H on stack
+	&mov	($AH[0],&DWP(0,"esi"));
+	&mov	($AH[1],&DWP(4,"esi"));
+	&mov	("ecx",&DWP(8,"esi"));
+	&mov	("ebx",&DWP(12,"esi"));
+	#&mov	(&DWP(0,"esp"),$AH[0]);
+	&mov	(&DWP(4,"esp"),$AH[1]);
+	&xor	($AH[1],"ecx");		# magic
+	&mov	(&DWP(8,"esp"),"ecx");
+	&mov	(&DWP(12,"esp"),"ebx");
+	&mov	($E,&DWP(16,"esi"));
+	&mov	("ebx",&DWP(20,"esi"));
+	&mov	("ecx",&DWP(24,"esi"));
+	&mov	("esi",&DWP(28,"esi"));
+	#&mov	(&DWP(16,"esp"),$E);
+	&mov	(&DWP(20,"esp"),"ebx");
+	&mov	(&DWP(24,"esp"),"ecx");
+	&mov	(&DWP(28,"esp"),"esi");
+	&jmp	(&label("grand_loop"));
+
+&set_label("grand_loop",16);
+    # copy input block to stack reversing byte order
+    for($i=0;$i<5;$i++) {
+	&mov	("ebx",&DWP(12*$i+0,"edi"));
+	&mov	("ecx",&DWP(12*$i+4,"edi"));
+	&bswap	("ebx");
+	&mov	("esi",&DWP(12*$i+8,"edi"));
+	&bswap	("ecx");
+	&mov	(&DWP(32+12*$i+0,"esp"),"ebx");
+	&bswap	("esi");
+	&mov	(&DWP(32+12*$i+4,"esp"),"ecx");
+	&mov	(&DWP(32+12*$i+8,"esp"),"esi");
+    }
+	&mov	("ebx",&DWP($i*12,"edi"));
+	&add	("edi",64);
+	&bswap	("ebx");
+	&mov	(&DWP(96+4,"esp"),"edi");
+	&mov	(&DWP(32+12*$i,"esp"),"ebx");
+
+    my ($t1,$t2) = ("ecx","esi");
+
+    for ($i=0;$i<64;$i++) {
+
+      if ($i>=16) {
+	&mov	($T,$t1);			# $t1 is preloaded
+	# &mov	($t2,&DWP(32+4*(($i+14)&15),"esp"));
+	&ror	($t1,18-7);
+	 &mov	("edi",$t2);
+	&ror	($t2,19-17);
+	 &xor	($t1,$T);
+	 &shr	($T,3);
+	&ror	($t1,7);
+	 &xor	($t2,"edi");
+	 &xor	($T,$t1);			# T = sigma0(X[-15])
+	&ror	($t2,17);
+	 &add	($T,&DWP(32+4*($i&15),"esp"));	# T += X[-16]
+	&shr	("edi",10);
+	 &add	($T,&DWP(32+4*(($i+9)&15),"esp"));	# T += X[-7]
+	#&xor	("edi",$t2)			# sigma1(X[-2])
+	# &add	($T,"edi");			# T += sigma1(X[-2])
+	# &mov	(&DWP(4*(9+15),"esp"),$T);	# save X[0]
+      }
+	&mov	($t1,$E);
+	 &xor	("edi",$t2)			if ($i>=16);	# sigma1(X[-2])
+	 &mov	($t2,&off($f));
+	&ror	($E,25-11);
+	 &add	($T,"edi")			if ($i>=16);	# T += sigma1(X[-2])
+	 &mov	("edi",&off($g));
+	&xor	($E,$t1);
+	 &mov	($T,&DWP(32+4*($i&15),"esp"))	if ($i<16);	# X[i]
+	 &mov	(&DWP(32+4*($i&15),"esp"),$T)	if ($i>=16 && $i<62);	# save X[0]
+	 &xor	($t2,"edi");
+	&ror	($E,11-6);
+	 &and	($t2,$t1);
+	 &mov	(&off($e),$t1);		# save $E, modulo-scheduled
+	&xor	($E,$t1);
+	 &add	($T,&off($h));		# T += h
+	 &xor	("edi",$t2);		# Ch(e,f,g)
+	&ror	($E,6);			# Sigma1(e)
+	 &mov	($t1,$AH[0]);
+	 &add	($T,"edi");		# T += Ch(e,f,g)
+
+	&ror	($t1,22-13);
+	 &mov	($t2,$AH[0]);
+	 &mov	("edi",&off($b));
+	&xor	($t1,$AH[0]);
+	 &mov	(&off($a),$AH[0]);	# save $A, modulo-scheduled
+	 &xor	($AH[0],"edi");		# a ^= b, (b^c) in next round
+	&ror	($t1,13-2);
+	 &and	($AH[1],$AH[0]);	# (b^c) &= (a^b)
+	 &lea	($E,&DWP(@K256[$i],$T,$E));	# T += Sigma1(1)+K[i]
+	&xor	($t1,$t2);
+	 &xor	($AH[1],"edi");		# h = Maj(a,b,c) = Ch(a^b,c,b)
+	 &mov	($t2,&DWP(32+4*(($i+2)&15),"esp"))	if ($i>=15 && $i<63);
+	&ror	($t1,2);		# Sigma0(a)
+
+	 &add	($AH[1],$E);		# h += T
+	 &add	($E,&off($d));		# d += T
+	&add	($AH[1],$t1);		# h += Sigma0(a)
+	 &mov	($t1,&DWP(32+4*(($i+15)&15),"esp"))	if ($i>=15 && $i<63);
+
+	@AH = reverse(@AH);		# rotate(a,h)
+	($t1,$t2) = ($t2,$t1);		# rotate(t1,t2)
+    }
+	&mov	("esi",&DWP(96,"esp"));	#ctx
+					#&mov	($AH[0],&DWP(0,"esp"));
+	&xor	($AH[1],"edi");		#&mov	($AH[1],&DWP(4,"esp"));
+					#&mov	("edi", &DWP(8,"esp"));
+	&mov	("ecx",&DWP(12,"esp"));
+	&add	($AH[0],&DWP(0,"esi"));
+	&add	($AH[1],&DWP(4,"esi"));
+	&add	("edi",&DWP(8,"esi"));
+	&add	("ecx",&DWP(12,"esi"));
+	&mov	(&DWP(0,"esi"),$AH[0]);
+	&mov	(&DWP(4,"esi"),$AH[1]);
+	&mov	(&DWP(8,"esi"),"edi");
+	&mov	(&DWP(12,"esi"),"ecx");
+	 #&mov	(&DWP(0,"esp"),$AH[0]);
+	 &mov	(&DWP(4,"esp"),$AH[1]);
+	 &xor	($AH[1],"edi");		# magic
+	 &mov	(&DWP(8,"esp"),"edi");
+	 &mov	(&DWP(12,"esp"),"ecx");
+	#&mov	($E,&DWP(16,"esp"));
+	&mov	("edi",&DWP(20,"esp"));
+	&mov	("ebx",&DWP(24,"esp"));
+	&mov	("ecx",&DWP(28,"esp"));
+	&add	($E,&DWP(16,"esi"));
+	&add	("edi",&DWP(20,"esi"));
+	&add	("ebx",&DWP(24,"esi"));
+	&add	("ecx",&DWP(28,"esi"));
+	&mov	(&DWP(16,"esi"),$E);
+	&mov	(&DWP(20,"esi"),"edi");
+	&mov	(&DWP(24,"esi"),"ebx");
+	&mov	(&DWP(28,"esi"),"ecx");
+	 #&mov	(&DWP(16,"esp"),$E);
+	 &mov	(&DWP(20,"esp"),"edi");
+	&mov	("edi",&DWP(96+4,"esp"));	# inp
+	 &mov	(&DWP(24,"esp"),"ebx");
+	 &mov	(&DWP(28,"esp"),"ecx");
+
+	&cmp	("edi",&DWP(96+8,"esp"));	# are we done yet?
+	&jb	(&label("grand_loop"));
+
+	&mov	("esp",&DWP(96+12,"esp"));	# restore sp
+&function_end_A();
+}
+						if (!$i386 && $xmm) {{{
+if ($shaext) {
+######################################################################
+# Intel SHA Extensions implementation of SHA256 update function.
+#
+my ($ctx,$inp,$end)=("esi","edi","eax");
+my ($Wi,$ABEF,$CDGH,$TMP)=map("xmm$_",(0..2,7));
+my @MSG=map("xmm$_",(3..6));
+
+sub sha256op38 {
+ my ($opcodelet,$dst,$src)=@_;
+    if ("$dst:$src" =~ /xmm([0-7]):xmm([0-7])/)
+    {	&data_byte(0x0f,0x38,$opcodelet,0xc0|($1<<3)|$2);	}
+}
+sub sha256rnds2	{ sha256op38(0xcb,@_); }
+sub sha256msg1	{ sha256op38(0xcc,@_); }
+sub sha256msg2	{ sha256op38(0xcd,@_); }
+
+&set_label("shaext",32);
+	&sub		("esp",32);
+
+	&movdqu		($ABEF,&QWP(0,$ctx));		# DCBA
+	&lea		($K256,&DWP(0x80,$K256));
+	&movdqu		($CDGH,&QWP(16,$ctx));		# HGFE
+	&movdqa		($TMP,&QWP(0x100-0x80,$K256));	# byte swap mask
+
+	&pshufd		($Wi,$ABEF,0x1b);		# ABCD
+	&pshufd		($ABEF,$ABEF,0xb1);		# CDAB
+	&pshufd		($CDGH,$CDGH,0x1b);		# EFGH
+	&palignr	($ABEF,$CDGH,8);		# ABEF
+	&punpcklqdq	($CDGH,$Wi);			# CDGH
+	&jmp		(&label("loop_shaext"));
+
+&set_label("loop_shaext",16);
+	&movdqu		(@MSG[0],&QWP(0,$inp));
+	&movdqu		(@MSG[1],&QWP(0x10,$inp));
+	&movdqu		(@MSG[2],&QWP(0x20,$inp));
+	&pshufb		(@MSG[0],$TMP);
+	&movdqu		(@MSG[3],&QWP(0x30,$inp));
+	&movdqa		(&QWP(16,"esp"),$CDGH);		# offload
+
+	&movdqa		($Wi,&QWP(0*16-0x80,$K256));
+	&paddd		($Wi,@MSG[0]);
+	&pshufb		(@MSG[1],$TMP);
+	&sha256rnds2	($CDGH,$ABEF);			# 0-3
+	&pshufd		($Wi,$Wi,0x0e);
+	&nop		();
+	&movdqa		(&QWP(0,"esp"),$ABEF);		# offload
+	&sha256rnds2	($ABEF,$CDGH);
+
+	&movdqa		($Wi,&QWP(1*16-0x80,$K256));
+	&paddd		($Wi,@MSG[1]);
+	&pshufb		(@MSG[2],$TMP);
+	&sha256rnds2	($CDGH,$ABEF);			# 4-7
+	&pshufd		($Wi,$Wi,0x0e);
+	&lea		($inp,&DWP(0x40,$inp));
+	&sha256msg1	(@MSG[0],@MSG[1]);
+	&sha256rnds2	($ABEF,$CDGH);
+
+	&movdqa		($Wi,&QWP(2*16-0x80,$K256));
+	&paddd		($Wi,@MSG[2]);
+	&pshufb		(@MSG[3],$TMP);
+	&sha256rnds2	($CDGH,$ABEF);			# 8-11
+	&pshufd		($Wi,$Wi,0x0e);
+	&movdqa		($TMP,@MSG[3]);
+	&palignr	($TMP,@MSG[2],4);
+	&nop		();
+	&paddd		(@MSG[0],$TMP);
+	&sha256msg1	(@MSG[1],@MSG[2]);
+	&sha256rnds2	($ABEF,$CDGH);
+
+	&movdqa		($Wi,&QWP(3*16-0x80,$K256));
+	&paddd		($Wi,@MSG[3]);
+	&sha256msg2	(@MSG[0],@MSG[3]);
+	&sha256rnds2	($CDGH,$ABEF);			# 12-15
+	&pshufd		($Wi,$Wi,0x0e);
+	&movdqa		($TMP,@MSG[0]);
+	&palignr	($TMP,@MSG[3],4);
+	&nop		();
+	&paddd		(@MSG[1],$TMP);
+	&sha256msg1	(@MSG[2],@MSG[3]);
+	&sha256rnds2	($ABEF,$CDGH);
+
+for($i=4;$i<16-3;$i++) {
+	&movdqa		($Wi,&QWP($i*16-0x80,$K256));
+	&paddd		($Wi,@MSG[0]);
+	&sha256msg2	(@MSG[1],@MSG[0]);
+	&sha256rnds2	($CDGH,$ABEF);			# 16-19...
+	&pshufd		($Wi,$Wi,0x0e);
+	&movdqa		($TMP,@MSG[1]);
+	&palignr	($TMP,@MSG[0],4);
+	&nop		();
+	&paddd		(@MSG[2],$TMP);
+	&sha256msg1	(@MSG[3],@MSG[0]);
+	&sha256rnds2	($ABEF,$CDGH);
+
+	push(@MSG,shift(@MSG));
+}
+	&movdqa		($Wi,&QWP(13*16-0x80,$K256));
+	&paddd		($Wi,@MSG[0]);
+	&sha256msg2	(@MSG[1],@MSG[0]);
+	&sha256rnds2	($CDGH,$ABEF);			# 52-55
+	&pshufd		($Wi,$Wi,0x0e);
+	&movdqa		($TMP,@MSG[1])
+	&palignr	($TMP,@MSG[0],4);
+	&sha256rnds2	($ABEF,$CDGH);
+	&paddd		(@MSG[2],$TMP);
+
+	&movdqa		($Wi,&QWP(14*16-0x80,$K256));
+	&paddd		($Wi,@MSG[1]);
+	&sha256rnds2	($CDGH,$ABEF);			# 56-59
+	&pshufd		($Wi,$Wi,0x0e);
+	&sha256msg2	(@MSG[2],@MSG[1]);
+	&movdqa		($TMP,&QWP(0x100-0x80,$K256));	# byte swap mask
+	&sha256rnds2	($ABEF,$CDGH);
+
+	&movdqa		($Wi,&QWP(15*16-0x80,$K256));
+	&paddd		($Wi,@MSG[2]);
+	&nop		();
+	&sha256rnds2	($CDGH,$ABEF);			# 60-63
+	&pshufd		($Wi,$Wi,0x0e);
+	&cmp		($end,$inp);
+	&nop		();
+	&sha256rnds2	($ABEF,$CDGH);
+
+	&paddd		($CDGH,&QWP(16,"esp"));
+	&paddd		($ABEF,&QWP(0,"esp"));
+	&jnz		(&label("loop_shaext"));
+
+	&pshufd		($CDGH,$CDGH,0xb1);		# DCHG
+	&pshufd		($TMP,$ABEF,0x1b);		# FEBA
+	&pshufd		($ABEF,$ABEF,0xb1);		# BAFE
+	&punpckhqdq	($ABEF,$CDGH);			# DCBA
+	&palignr	($CDGH,$TMP,8);			# HGFE
+
+	&mov		("esp",&DWP(32+12,"esp"));
+	&movdqu		(&QWP(0,$ctx),$ABEF);
+	&movdqu		(&QWP(16,$ctx),$CDGH);
+&function_end_A();
+}
+
+my @X = map("xmm$_",(0..3));
+my ($t0,$t1,$t2,$t3) = map("xmm$_",(4..7));
+my @AH = ($A,$T);
+
+&set_label("SSSE3",32);
+	&lea	("esp",&DWP(-96,"esp"));
+	# copy ctx->h[0-7] to A,B,C,D,E,F,G,H on stack
+	&mov	($AH[0],&DWP(0,"esi"));
+	&mov	($AH[1],&DWP(4,"esi"));
+	&mov	("ecx",&DWP(8,"esi"));
+	&mov	("edi",&DWP(12,"esi"));
+	#&mov	(&DWP(0,"esp"),$AH[0]);
+	&mov	(&DWP(4,"esp"),$AH[1]);
+	&xor	($AH[1],"ecx");			# magic
+	&mov	(&DWP(8,"esp"),"ecx");
+	&mov	(&DWP(12,"esp"),"edi");
+	&mov	($E,&DWP(16,"esi"));
+	&mov	("edi",&DWP(20,"esi"));
+	&mov	("ecx",&DWP(24,"esi"));
+	&mov	("esi",&DWP(28,"esi"));
+	#&mov	(&DWP(16,"esp"),$E);
+	&mov	(&DWP(20,"esp"),"edi");
+	&mov	("edi",&DWP(96+4,"esp"));	# inp
+	&mov	(&DWP(24,"esp"),"ecx");
+	&mov	(&DWP(28,"esp"),"esi");
+	&movdqa	($t3,&QWP(256,$K256));
+	&jmp	(&label("grand_ssse3"));
+
+&set_label("grand_ssse3",16);
+	# load input, reverse byte order, add K256[0..15], save to stack
+	&movdqu	(@X[0],&QWP(0,"edi"));
+	&movdqu	(@X[1],&QWP(16,"edi"));
+	&movdqu	(@X[2],&QWP(32,"edi"));
+	&movdqu	(@X[3],&QWP(48,"edi"));
+	&add	("edi",64);
+	&pshufb	(@X[0],$t3);
+	&mov	(&DWP(96+4,"esp"),"edi");
+	&pshufb	(@X[1],$t3);
+	&movdqa	($t0,&QWP(0,$K256));
+	&pshufb	(@X[2],$t3);
+	&movdqa	($t1,&QWP(16,$K256));
+	&paddd	($t0,@X[0]);
+	&pshufb	(@X[3],$t3);
+	&movdqa	($t2,&QWP(32,$K256));
+	&paddd	($t1,@X[1]);
+	&movdqa	($t3,&QWP(48,$K256));
+	&movdqa	(&QWP(32+0,"esp"),$t0);
+	&paddd	($t2,@X[2]);
+	&movdqa	(&QWP(32+16,"esp"),$t1);
+	&paddd	($t3,@X[3]);
+	&movdqa	(&QWP(32+32,"esp"),$t2);
+	&movdqa	(&QWP(32+48,"esp"),$t3);
+	&jmp	(&label("ssse3_00_47"));
+
+&set_label("ssse3_00_47",16);
+	&add		($K256,64);
+
+sub SSSE3_00_47 () {
+my $j = shift;
+my $body = shift;
+my @X = @_;
+my @insns = (&$body,&$body,&$body,&$body);	# 120 instructions
+
+	  eval(shift(@insns));
+	&movdqa		($t0,@X[1]);
+	  eval(shift(@insns));			# @
+	  eval(shift(@insns));
+	&movdqa		($t3,@X[3]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&palignr	($t0,@X[0],4);		# X[1..4]
+	  eval(shift(@insns));
+	  eval(shift(@insns));			# @
+	  eval(shift(@insns));
+	 &palignr	($t3,@X[2],4);		# X[9..12]
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&movdqa		($t1,$t0);
+	  eval(shift(@insns));			# @
+	  eval(shift(@insns));
+	&movdqa		($t2,$t0);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&psrld		($t0,3);
+	  eval(shift(@insns));
+	  eval(shift(@insns));			# @
+	 &paddd		(@X[0],$t3);		# X[0..3] += X[9..12]
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&psrld		($t2,7);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));			# @
+	  eval(shift(@insns));
+	 &pshufd	($t3,@X[3],0b11111010);	# X[14..15]
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&pslld		($t1,32-18);
+	  eval(shift(@insns));
+	  eval(shift(@insns));			# @
+	&pxor		($t0,$t2);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&psrld		($t2,18-7);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));			# @
+	&pxor		($t0,$t1);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&pslld		($t1,18-7);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));			# @
+	&pxor		($t0,$t2);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &movdqa	($t2,$t3);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));			# @
+	&pxor		($t0,$t1);		# sigma0(X[1..4])
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &psrld		($t3,10);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));			# @
+	&paddd		(@X[0],$t0);		# X[0..3] += sigma0(X[1..4])
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &psrlq		($t2,17);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));			# @
+	 &pxor		($t3,$t2);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &psrlq		($t2,19-17);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));			# @
+	 &pxor		($t3,$t2);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &pshufd	($t3,$t3,0b10000000);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));			# @
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));			# @
+	  eval(shift(@insns));
+	 &psrldq	($t3,8);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&paddd		(@X[0],$t3);		# X[0..1] += sigma1(X[14..15])
+	  eval(shift(@insns));			# @
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));			# @
+	  eval(shift(@insns));
+	 &pshufd	($t3,@X[0],0b01010000);	# X[16..17]
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &movdqa	($t2,$t3);
+	  eval(shift(@insns));			# @
+	 &psrld		($t3,10);
+	  eval(shift(@insns));
+	 &psrlq		($t2,17);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));			# @
+	 &pxor		($t3,$t2);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &psrlq		($t2,19-17);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));			# @
+	 &pxor		($t3,$t2);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &pshufd	($t3,$t3,0b00001000);
+	  eval(shift(@insns));
+	  eval(shift(@insns));			# @
+	&movdqa		($t2,&QWP(16*$j,$K256));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &pslldq	($t3,8);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));			# @
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));			# @
+	&paddd		(@X[0],$t3);		# X[2..3] += sigma1(X[16..17])
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&paddd		($t2,@X[0]);
+	  eval(shift(@insns));			# @
+
+	foreach (@insns) { eval; }		# remaining instructions
+
+	&movdqa		(&QWP(32+16*$j,"esp"),$t2);
+}
+
+sub body_00_15 () {
+	(
+	'&mov	("ecx",$E);',
+	'&ror	($E,25-11);',
+	 '&mov	("esi",&off($f));',
+	'&xor	($E,"ecx");',
+	 '&mov	("edi",&off($g));',
+	 '&xor	("esi","edi");',
+	'&ror	($E,11-6);',
+	 '&and	("esi","ecx");',
+	 '&mov	(&off($e),"ecx");',	# save $E, modulo-scheduled
+	'&xor	($E,"ecx");',
+	 '&xor	("edi","esi");',	# Ch(e,f,g)
+	'&ror	($E,6);',		# T = Sigma1(e)
+	 '&mov	("ecx",$AH[0]);',
+	 '&add	($E,"edi");',		# T += Ch(e,f,g)
+	 '&mov	("edi",&off($b));',
+	'&mov	("esi",$AH[0]);',
+
+	'&ror	("ecx",22-13);',
+	 '&mov	(&off($a),$AH[0]);',	# save $A, modulo-scheduled
+	'&xor	("ecx",$AH[0]);',
+	 '&xor	($AH[0],"edi");',	# a ^= b, (b^c) in next round
+	 '&add	($E,&off($h));',	# T += h
+	'&ror	("ecx",13-2);',
+	 '&and	($AH[1],$AH[0]);',	# (b^c) &= (a^b)
+	'&xor	("ecx","esi");',
+	 '&add	($E,&DWP(32+4*($i&15),"esp"));',	# T += K[i]+X[i]
+	 '&xor	($AH[1],"edi");',	# h = Maj(a,b,c) = Ch(a^b,c,b)
+	'&ror	("ecx",2);',		# Sigma0(a)
+
+	 '&add	($AH[1],$E);',		# h += T
+	 '&add	($E,&off($d));',	# d += T
+	'&add	($AH[1],"ecx");'.	# h += Sigma0(a)
+
+	'@AH = reverse(@AH); $i++;'	# rotate(a,h)
+	);
+}
+
+    for ($i=0,$j=0; $j<4; $j++) {
+	&SSSE3_00_47($j,\&body_00_15,@X);
+	push(@X,shift(@X));		# rotate(@X)
+    }
+	&cmp	(&DWP(16*$j,$K256),0x00010203);
+	&jne	(&label("ssse3_00_47"));
+
+    for ($i=0; $i<16; ) {
+	foreach(body_00_15()) { eval; }
+    }
+
+	&mov	("esi",&DWP(96,"esp"));	#ctx
+					#&mov	($AH[0],&DWP(0,"esp"));
+	&xor	($AH[1],"edi");		#&mov	($AH[1],&DWP(4,"esp"));
+					#&mov	("edi", &DWP(8,"esp"));
+	&mov	("ecx",&DWP(12,"esp"));
+	&add	($AH[0],&DWP(0,"esi"));
+	&add	($AH[1],&DWP(4,"esi"));
+	&add	("edi",&DWP(8,"esi"));
+	&add	("ecx",&DWP(12,"esi"));
+	&mov	(&DWP(0,"esi"),$AH[0]);
+	&mov	(&DWP(4,"esi"),$AH[1]);
+	&mov	(&DWP(8,"esi"),"edi");
+	&mov	(&DWP(12,"esi"),"ecx");
+	 #&mov	(&DWP(0,"esp"),$AH[0]);
+	 &mov	(&DWP(4,"esp"),$AH[1]);
+	 &xor	($AH[1],"edi");			# magic
+	 &mov	(&DWP(8,"esp"),"edi");
+	 &mov	(&DWP(12,"esp"),"ecx");
+	#&mov	($E,&DWP(16,"esp"));
+	&mov	("edi",&DWP(20,"esp"));
+	&mov	("ecx",&DWP(24,"esp"));
+	&add	($E,&DWP(16,"esi"));
+	&add	("edi",&DWP(20,"esi"));
+	&add	("ecx",&DWP(24,"esi"));
+	&mov	(&DWP(16,"esi"),$E);
+	&mov	(&DWP(20,"esi"),"edi");
+	 &mov	(&DWP(20,"esp"),"edi");
+	&mov	("edi",&DWP(28,"esp"));
+	&mov	(&DWP(24,"esi"),"ecx");
+	 #&mov	(&DWP(16,"esp"),$E);
+	&add	("edi",&DWP(28,"esi"));
+	 &mov	(&DWP(24,"esp"),"ecx");
+	&mov	(&DWP(28,"esi"),"edi");
+	 &mov	(&DWP(28,"esp"),"edi");
+	&mov	("edi",&DWP(96+4,"esp"));	# inp
+
+	&movdqa	($t3,&QWP(64,$K256));
+	&sub	($K256,3*64);			# rewind K
+	&cmp	("edi",&DWP(96+8,"esp"));	# are we done yet?
+	&jb	(&label("grand_ssse3"));
+
+	&mov	("esp",&DWP(96+12,"esp"));	# restore sp
+&function_end_A();
+						if ($avx) {
+&set_label("AVX",32);
+						if ($avx>1) {
+	&and	("edx",1<<8|1<<3);		# check for BMI2+BMI1
+	&cmp	("edx",1<<8|1<<3);
+	&je	(&label("AVX_BMI"));
+						}
+	&lea	("esp",&DWP(-96,"esp"));
+	&vzeroall	();
+	# copy ctx->h[0-7] to A,B,C,D,E,F,G,H on stack
+	&mov	($AH[0],&DWP(0,"esi"));
+	&mov	($AH[1],&DWP(4,"esi"));
+	&mov	("ecx",&DWP(8,"esi"));
+	&mov	("edi",&DWP(12,"esi"));
+	#&mov	(&DWP(0,"esp"),$AH[0]);
+	&mov	(&DWP(4,"esp"),$AH[1]);
+	&xor	($AH[1],"ecx");			# magic
+	&mov	(&DWP(8,"esp"),"ecx");
+	&mov	(&DWP(12,"esp"),"edi");
+	&mov	($E,&DWP(16,"esi"));
+	&mov	("edi",&DWP(20,"esi"));
+	&mov	("ecx",&DWP(24,"esi"));
+	&mov	("esi",&DWP(28,"esi"));
+	#&mov	(&DWP(16,"esp"),$E);
+	&mov	(&DWP(20,"esp"),"edi");
+	&mov	("edi",&DWP(96+4,"esp"));	# inp
+	&mov	(&DWP(24,"esp"),"ecx");
+	&mov	(&DWP(28,"esp"),"esi");
+	&vmovdqa	($t3,&QWP(256,$K256));
+	&jmp	(&label("grand_avx"));
+
+&set_label("grand_avx",32);
+	# load input, reverse byte order, add K256[0..15], save to stack
+	&vmovdqu	(@X[0],&QWP(0,"edi"));
+	&vmovdqu	(@X[1],&QWP(16,"edi"));
+	&vmovdqu	(@X[2],&QWP(32,"edi"));
+	&vmovdqu	(@X[3],&QWP(48,"edi"));
+	&add		("edi",64);
+	&vpshufb	(@X[0],@X[0],$t3);
+	&mov		(&DWP(96+4,"esp"),"edi");
+	&vpshufb	(@X[1],@X[1],$t3);
+	&vpshufb	(@X[2],@X[2],$t3);
+	&vpaddd		($t0,@X[0],&QWP(0,$K256));
+	&vpshufb	(@X[3],@X[3],$t3);
+	&vpaddd		($t1,@X[1],&QWP(16,$K256));
+	&vpaddd		($t2,@X[2],&QWP(32,$K256));
+	&vpaddd		($t3,@X[3],&QWP(48,$K256));
+	&vmovdqa	(&QWP(32+0,"esp"),$t0);
+	&vmovdqa	(&QWP(32+16,"esp"),$t1);
+	&vmovdqa	(&QWP(32+32,"esp"),$t2);
+	&vmovdqa	(&QWP(32+48,"esp"),$t3);
+	&jmp		(&label("avx_00_47"));
+
+&set_label("avx_00_47",16);
+	&add		($K256,64);
+
+sub Xupdate_AVX () {
+	(
+	'&vpalignr	($t0,@X[1],@X[0],4);',	# X[1..4]
+	 '&vpalignr	($t3,@X[3],@X[2],4);',	# X[9..12]
+	'&vpsrld	($t2,$t0,7);',
+	 '&vpaddd	(@X[0],@X[0],$t3);',	# X[0..3] += X[9..16]
+	'&vpsrld	($t3,$t0,3);',
+	'&vpslld	($t1,$t0,14);',
+	'&vpxor		($t0,$t3,$t2);',
+	 '&vpshufd	($t3,@X[3],0b11111010)',# X[14..15]
+	'&vpsrld	($t2,$t2,18-7);',
+	'&vpxor		($t0,$t0,$t1);',
+	'&vpslld	($t1,$t1,25-14);',
+	'&vpxor		($t0,$t0,$t2);',
+	 '&vpsrld	($t2,$t3,10);',
+	'&vpxor		($t0,$t0,$t1);',	# sigma0(X[1..4])
+	 '&vpsrlq	($t1,$t3,17);',
+	'&vpaddd	(@X[0],@X[0],$t0);',	# X[0..3] += sigma0(X[1..4])
+	 '&vpxor	($t2,$t2,$t1);',
+	 '&vpsrlq	($t3,$t3,19);',
+	 '&vpxor	($t2,$t2,$t3);',	# sigma1(X[14..15]
+	 '&vpshufd	($t3,$t2,0b10000100);',
+	'&vpsrldq	($t3,$t3,8);',
+	'&vpaddd	(@X[0],@X[0],$t3);',	# X[0..1] += sigma1(X[14..15])
+	 '&vpshufd	($t3,@X[0],0b01010000)',# X[16..17]
+	 '&vpsrld	($t2,$t3,10);',
+	 '&vpsrlq	($t1,$t3,17);',
+	 '&vpxor	($t2,$t2,$t1);',
+	 '&vpsrlq	($t3,$t3,19);',
+	 '&vpxor	($t2,$t2,$t3);',	# sigma1(X[16..17]
+	 '&vpshufd	($t3,$t2,0b11101000);',
+	'&vpslldq	($t3,$t3,8);',
+	'&vpaddd	(@X[0],@X[0],$t3);'	# X[2..3] += sigma1(X[16..17])
+	);
+}
+
+local *ror = sub { &shrd(@_[0],@_) };
+sub AVX_00_47 () {
+my $j = shift;
+my $body = shift;
+my @X = @_;
+my @insns = (&$body,&$body,&$body,&$body);	# 120 instructions
+my $insn;
+
+	foreach (Xupdate_AVX()) {		# 31 instructions
+	    eval;
+	    eval(shift(@insns));
+	    eval(shift(@insns));
+	    eval($insn = shift(@insns));
+	    eval(shift(@insns)) if ($insn =~ /rorx/ && @insns[0] =~ /rorx/);
+	}
+	&vpaddd		($t2,@X[0],&QWP(16*$j,$K256));
+	foreach (@insns) { eval; }		# remaining instructions
+	&vmovdqa	(&QWP(32+16*$j,"esp"),$t2);
+}
+
+    for ($i=0,$j=0; $j<4; $j++) {
+	&AVX_00_47($j,\&body_00_15,@X);
+	push(@X,shift(@X));		# rotate(@X)
+    }
+	&cmp	(&DWP(16*$j,$K256),0x00010203);
+	&jne	(&label("avx_00_47"));
+
+    for ($i=0; $i<16; ) {
+	foreach(body_00_15()) { eval; }
+    }
+
+	&mov	("esi",&DWP(96,"esp"));	#ctx
+					#&mov	($AH[0],&DWP(0,"esp"));
+	&xor	($AH[1],"edi");		#&mov	($AH[1],&DWP(4,"esp"));
+					#&mov	("edi", &DWP(8,"esp"));
+	&mov	("ecx",&DWP(12,"esp"));
+	&add	($AH[0],&DWP(0,"esi"));
+	&add	($AH[1],&DWP(4,"esi"));
+	&add	("edi",&DWP(8,"esi"));
+	&add	("ecx",&DWP(12,"esi"));
+	&mov	(&DWP(0,"esi"),$AH[0]);
+	&mov	(&DWP(4,"esi"),$AH[1]);
+	&mov	(&DWP(8,"esi"),"edi");
+	&mov	(&DWP(12,"esi"),"ecx");
+	 #&mov	(&DWP(0,"esp"),$AH[0]);
+	 &mov	(&DWP(4,"esp"),$AH[1]);
+	 &xor	($AH[1],"edi");			# magic
+	 &mov	(&DWP(8,"esp"),"edi");
+	 &mov	(&DWP(12,"esp"),"ecx");
+	#&mov	($E,&DWP(16,"esp"));
+	&mov	("edi",&DWP(20,"esp"));
+	&mov	("ecx",&DWP(24,"esp"));
+	&add	($E,&DWP(16,"esi"));
+	&add	("edi",&DWP(20,"esi"));
+	&add	("ecx",&DWP(24,"esi"));
+	&mov	(&DWP(16,"esi"),$E);
+	&mov	(&DWP(20,"esi"),"edi");
+	 &mov	(&DWP(20,"esp"),"edi");
+	&mov	("edi",&DWP(28,"esp"));
+	&mov	(&DWP(24,"esi"),"ecx");
+	 #&mov	(&DWP(16,"esp"),$E);
+	&add	("edi",&DWP(28,"esi"));
+	 &mov	(&DWP(24,"esp"),"ecx");
+	&mov	(&DWP(28,"esi"),"edi");
+	 &mov	(&DWP(28,"esp"),"edi");
+	&mov	("edi",&DWP(96+4,"esp"));	# inp
+
+	&vmovdqa	($t3,&QWP(64,$K256));
+	&sub	($K256,3*64);			# rewind K
+	&cmp	("edi",&DWP(96+8,"esp"));	# are we done yet?
+	&jb	(&label("grand_avx"));
+
+	&mov	("esp",&DWP(96+12,"esp"));	# restore sp
+	&vzeroall	();
+&function_end_A();
+						if ($avx>1) {
+sub bodyx_00_15 () {			# +10%
+	(
+	'&rorx	("ecx",$E,6)',
+	'&rorx	("esi",$E,11)',
+	 '&mov	(&off($e),$E)',		# save $E, modulo-scheduled
+	'&rorx	("edi",$E,25)',
+	'&xor	("ecx","esi")',
+	 '&andn	("esi",$E,&off($g))',
+	'&xor	("ecx","edi")',		# Sigma1(e)
+	 '&and	($E,&off($f))',
+	 '&mov	(&off($a),$AH[0]);',	# save $A, modulo-scheduled
+	 '&or	($E,"esi")',		# T = Ch(e,f,g)
+
+	'&rorx	("edi",$AH[0],2)',
+	'&rorx	("esi",$AH[0],13)',
+	 '&lea	($E,&DWP(0,$E,"ecx"))',	# T += Sigma1(e)
+	'&rorx	("ecx",$AH[0],22)',
+	'&xor	("esi","edi")',
+	 '&mov	("edi",&off($b))',
+	'&xor	("ecx","esi")',		# Sigma0(a)
+
+	 '&xor	($AH[0],"edi")',	# a ^= b, (b^c) in next round
+	 '&add	($E,&off($h))',		# T += h
+	 '&and	($AH[1],$AH[0])',	# (b^c) &= (a^b)
+	 '&add	($E,&DWP(32+4*($i&15),"esp"))',	# T += K[i]+X[i]
+	 '&xor	($AH[1],"edi")',	# h = Maj(a,b,c) = Ch(a^b,c,b)
+
+	 '&add	("ecx",$E)',		# h += T
+	 '&add	($E,&off($d))',		# d += T
+	'&lea	($AH[1],&DWP(0,$AH[1],"ecx"));'.	# h += Sigma0(a)
+
+	'@AH = reverse(@AH); $i++;'	# rotate(a,h)
+	);
+}
+
+&set_label("AVX_BMI",32);
+	&lea	("esp",&DWP(-96,"esp"));
+	&vzeroall	();
+	# copy ctx->h[0-7] to A,B,C,D,E,F,G,H on stack
+	&mov	($AH[0],&DWP(0,"esi"));
+	&mov	($AH[1],&DWP(4,"esi"));
+	&mov	("ecx",&DWP(8,"esi"));
+	&mov	("edi",&DWP(12,"esi"));
+	#&mov	(&DWP(0,"esp"),$AH[0]);
+	&mov	(&DWP(4,"esp"),$AH[1]);
+	&xor	($AH[1],"ecx");			# magic
+	&mov	(&DWP(8,"esp"),"ecx");
+	&mov	(&DWP(12,"esp"),"edi");
+	&mov	($E,&DWP(16,"esi"));
+	&mov	("edi",&DWP(20,"esi"));
+	&mov	("ecx",&DWP(24,"esi"));
+	&mov	("esi",&DWP(28,"esi"));
+	#&mov	(&DWP(16,"esp"),$E);
+	&mov	(&DWP(20,"esp"),"edi");
+	&mov	("edi",&DWP(96+4,"esp"));	# inp
+	&mov	(&DWP(24,"esp"),"ecx");
+	&mov	(&DWP(28,"esp"),"esi");
+	&vmovdqa	($t3,&QWP(256,$K256));
+	&jmp	(&label("grand_avx_bmi"));
+
+&set_label("grand_avx_bmi",32);
+	# load input, reverse byte order, add K256[0..15], save to stack
+	&vmovdqu	(@X[0],&QWP(0,"edi"));
+	&vmovdqu	(@X[1],&QWP(16,"edi"));
+	&vmovdqu	(@X[2],&QWP(32,"edi"));
+	&vmovdqu	(@X[3],&QWP(48,"edi"));
+	&add		("edi",64);
+	&vpshufb	(@X[0],@X[0],$t3);
+	&mov		(&DWP(96+4,"esp"),"edi");
+	&vpshufb	(@X[1],@X[1],$t3);
+	&vpshufb	(@X[2],@X[2],$t3);
+	&vpaddd		($t0,@X[0],&QWP(0,$K256));
+	&vpshufb	(@X[3],@X[3],$t3);
+	&vpaddd		($t1,@X[1],&QWP(16,$K256));
+	&vpaddd		($t2,@X[2],&QWP(32,$K256));
+	&vpaddd		($t3,@X[3],&QWP(48,$K256));
+	&vmovdqa	(&QWP(32+0,"esp"),$t0);
+	&vmovdqa	(&QWP(32+16,"esp"),$t1);
+	&vmovdqa	(&QWP(32+32,"esp"),$t2);
+	&vmovdqa	(&QWP(32+48,"esp"),$t3);
+	&jmp		(&label("avx_bmi_00_47"));
+
+&set_label("avx_bmi_00_47",16);
+	&add		($K256,64);
+
+    for ($i=0,$j=0; $j<4; $j++) {
+	&AVX_00_47($j,\&bodyx_00_15,@X);
+	push(@X,shift(@X));		# rotate(@X)
+    }
+	&cmp	(&DWP(16*$j,$K256),0x00010203);
+	&jne	(&label("avx_bmi_00_47"));
+
+    for ($i=0; $i<16; ) {
+	foreach(bodyx_00_15()) { eval; }
+    }
+
+	&mov	("esi",&DWP(96,"esp"));	#ctx
+					#&mov	($AH[0],&DWP(0,"esp"));
+	&xor	($AH[1],"edi");		#&mov	($AH[1],&DWP(4,"esp"));
+					#&mov	("edi", &DWP(8,"esp"));
+	&mov	("ecx",&DWP(12,"esp"));
+	&add	($AH[0],&DWP(0,"esi"));
+	&add	($AH[1],&DWP(4,"esi"));
+	&add	("edi",&DWP(8,"esi"));
+	&add	("ecx",&DWP(12,"esi"));
+	&mov	(&DWP(0,"esi"),$AH[0]);
+	&mov	(&DWP(4,"esi"),$AH[1]);
+	&mov	(&DWP(8,"esi"),"edi");
+	&mov	(&DWP(12,"esi"),"ecx");
+	 #&mov	(&DWP(0,"esp"),$AH[0]);
+	 &mov	(&DWP(4,"esp"),$AH[1]);
+	 &xor	($AH[1],"edi");			# magic
+	 &mov	(&DWP(8,"esp"),"edi");
+	 &mov	(&DWP(12,"esp"),"ecx");
+	#&mov	($E,&DWP(16,"esp"));
+	&mov	("edi",&DWP(20,"esp"));
+	&mov	("ecx",&DWP(24,"esp"));
+	&add	($E,&DWP(16,"esi"));
+	&add	("edi",&DWP(20,"esi"));
+	&add	("ecx",&DWP(24,"esi"));
+	&mov	(&DWP(16,"esi"),$E);
+	&mov	(&DWP(20,"esi"),"edi");
+	 &mov	(&DWP(20,"esp"),"edi");
+	&mov	("edi",&DWP(28,"esp"));
+	&mov	(&DWP(24,"esi"),"ecx");
+	 #&mov	(&DWP(16,"esp"),$E);
+	&add	("edi",&DWP(28,"esi"));
+	 &mov	(&DWP(24,"esp"),"ecx");
+	&mov	(&DWP(28,"esi"),"edi");
+	 &mov	(&DWP(28,"esp"),"edi");
+	&mov	("edi",&DWP(96+4,"esp"));	# inp
+
+	&vmovdqa	($t3,&QWP(64,$K256));
+	&sub	($K256,3*64);			# rewind K
+	&cmp	("edi",&DWP(96+8,"esp"));	# are we done yet?
+	&jb	(&label("grand_avx_bmi"));
+
+	&mov	("esp",&DWP(96+12,"esp"));	# restore sp
+	&vzeroall	();
+&function_end_A();
+						}
+						}
+						}}}
+&function_end_B("sha256_block_data_order");
+
+&asm_finish();
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha256-armv4.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha256-armv4.pl
new file mode 100644
index 000000000..edcfc3127
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha256-armv4.pl
@@ -0,0 +1,732 @@
+#! /usr/bin/env perl
+# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+#
+# Permission to use under GPL terms is granted.
+# ====================================================================
+
+# SHA256 block procedure for ARMv4. May 2007.
+
+# Performance is ~2x better than gcc 3.4 generated code and in "abso-
+# lute" terms is ~2250 cycles per 64-byte block or ~35 cycles per
+# byte [on single-issue Xscale PXA250 core].
+
+# July 2010.
+#
+# Rescheduling for dual-issue pipeline resulted in 22% improvement on
+# Cortex A8 core and ~20 cycles per processed byte.
+
+# February 2011.
+#
+# Profiler-assisted and platform-specific optimization resulted in 16%
+# improvement on Cortex A8 core and ~15.4 cycles per processed byte.
+
+# September 2013.
+#
+# Add NEON implementation. On Cortex A8 it was measured to process one
+# byte in 12.5 cycles or 23% faster than integer-only code. Snapdragon
+# S4 does it in 12.5 cycles too, but it's 50% faster than integer-only
+# code (meaning that latter performs sub-optimally, nothing was done
+# about it).
+
+# May 2014.
+#
+# Add ARMv8 code path performing at 2.0 cpb on Apple A7.
+
+$flavour = shift;
+if ($flavour=~/\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; }
+else { while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} }
+
+if ($flavour && $flavour ne "void") {
+    $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+    ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
+    ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
+    die "can't locate arm-xlate.pl";
+
+    open STDOUT,"| \"$^X\" $xlate $flavour $output";
+} else {
+    open STDOUT,">$output";
+}
+
+$ctx="r0";	$t0="r0";
+$inp="r1";	$t4="r1";
+$len="r2";	$t1="r2";
+$T1="r3";	$t3="r3";
+$A="r4";
+$B="r5";
+$C="r6";
+$D="r7";
+$E="r8";
+$F="r9";
+$G="r10";
+$H="r11";
+@V=($A,$B,$C,$D,$E,$F,$G,$H);
+$t2="r12";
+$Ktbl="r14";
+
+@Sigma0=( 2,13,22);
+@Sigma1=( 6,11,25);
+@sigma0=( 7,18, 3);
+@sigma1=(17,19,10);
+
+sub BODY_00_15 {
+my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_;
+
+$code.=<<___ if ($i<16);
+#if __ARM_ARCH__>=7
+	@ ldr	$t1,[$inp],#4			@ $i
+# if $i==15
+	str	$inp,[sp,#17*4]			@ make room for $t4
+# endif
+	eor	$t0,$e,$e,ror#`$Sigma1[1]-$Sigma1[0]`
+	add	$a,$a,$t2			@ h+=Maj(a,b,c) from the past
+	eor	$t0,$t0,$e,ror#`$Sigma1[2]-$Sigma1[0]`	@ Sigma1(e)
+# ifndef __ARMEB__
+	rev	$t1,$t1
+# endif
+#else
+	@ ldrb	$t1,[$inp,#3]			@ $i
+	add	$a,$a,$t2			@ h+=Maj(a,b,c) from the past
+	ldrb	$t2,[$inp,#2]
+	ldrb	$t0,[$inp,#1]
+	orr	$t1,$t1,$t2,lsl#8
+	ldrb	$t2,[$inp],#4
+	orr	$t1,$t1,$t0,lsl#16
+# if $i==15
+	str	$inp,[sp,#17*4]			@ make room for $t4
+# endif
+	eor	$t0,$e,$e,ror#`$Sigma1[1]-$Sigma1[0]`
+	orr	$t1,$t1,$t2,lsl#24
+	eor	$t0,$t0,$e,ror#`$Sigma1[2]-$Sigma1[0]`	@ Sigma1(e)
+#endif
+___
+$code.=<<___;
+	ldr	$t2,[$Ktbl],#4			@ *K256++
+	add	$h,$h,$t1			@ h+=X[i]
+	str	$t1,[sp,#`$i%16`*4]
+	eor	$t1,$f,$g
+	add	$h,$h,$t0,ror#$Sigma1[0]	@ h+=Sigma1(e)
+	and	$t1,$t1,$e
+	add	$h,$h,$t2			@ h+=K256[i]
+	eor	$t1,$t1,$g			@ Ch(e,f,g)
+	eor	$t0,$a,$a,ror#`$Sigma0[1]-$Sigma0[0]`
+	add	$h,$h,$t1			@ h+=Ch(e,f,g)
+#if $i==31
+	and	$t2,$t2,#0xff
+	cmp	$t2,#0xf2			@ done?
+#endif
+#if $i<15
+# if __ARM_ARCH__>=7
+	ldr	$t1,[$inp],#4			@ prefetch
+# else
+	ldrb	$t1,[$inp,#3]
+# endif
+	eor	$t2,$a,$b			@ a^b, b^c in next round
+#else
+	ldr	$t1,[sp,#`($i+2)%16`*4]		@ from future BODY_16_xx
+	eor	$t2,$a,$b			@ a^b, b^c in next round
+	ldr	$t4,[sp,#`($i+15)%16`*4]	@ from future BODY_16_xx
+#endif
+	eor	$t0,$t0,$a,ror#`$Sigma0[2]-$Sigma0[0]`	@ Sigma0(a)
+	and	$t3,$t3,$t2			@ (b^c)&=(a^b)
+	add	$d,$d,$h			@ d+=h
+	eor	$t3,$t3,$b			@ Maj(a,b,c)
+	add	$h,$h,$t0,ror#$Sigma0[0]	@ h+=Sigma0(a)
+	@ add	$h,$h,$t3			@ h+=Maj(a,b,c)
+___
+	($t2,$t3)=($t3,$t2);
+}
+
+sub BODY_16_XX {
+my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_;
+
+$code.=<<___;
+	@ ldr	$t1,[sp,#`($i+1)%16`*4]		@ $i
+	@ ldr	$t4,[sp,#`($i+14)%16`*4]
+	mov	$t0,$t1,ror#$sigma0[0]
+	add	$a,$a,$t2			@ h+=Maj(a,b,c) from the past
+	mov	$t2,$t4,ror#$sigma1[0]
+	eor	$t0,$t0,$t1,ror#$sigma0[1]
+	eor	$t2,$t2,$t4,ror#$sigma1[1]
+	eor	$t0,$t0,$t1,lsr#$sigma0[2]	@ sigma0(X[i+1])
+	ldr	$t1,[sp,#`($i+0)%16`*4]
+	eor	$t2,$t2,$t4,lsr#$sigma1[2]	@ sigma1(X[i+14])
+	ldr	$t4,[sp,#`($i+9)%16`*4]
+
+	add	$t2,$t2,$t0
+	eor	$t0,$e,$e,ror#`$Sigma1[1]-$Sigma1[0]`	@ from BODY_00_15
+	add	$t1,$t1,$t2
+	eor	$t0,$t0,$e,ror#`$Sigma1[2]-$Sigma1[0]`	@ Sigma1(e)
+	add	$t1,$t1,$t4			@ X[i]
+___
+	&BODY_00_15(@_);
+}
+
+$code=<<___;
+#ifndef __KERNEL__
+# include "arm_arch.h"
+#else
+# define __ARM_ARCH__ __LINUX_ARM_ARCH__
+# define __ARM_MAX_ARCH__ 7
+#endif
+
+.text
+#if defined(__thumb2__)
+.syntax unified
+.thumb
+#else
+.code   32
+#endif
+
+.type	K256,%object
+.align	5
+K256:
+.word	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
+.word	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
+.word	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
+.word	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
+.word	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
+.word	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
+.word	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
+.word	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
+.word	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
+.word	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
+.word	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
+.word	0xd192e819,0xd6990624,0xf40e3585,0x106aa070
+.word	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
+.word	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
+.word	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
+.word	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
+.size	K256,.-K256
+.word	0				@ terminator
+#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__)
+.LOPENSSL_armcap:
+.word	OPENSSL_armcap_P-.Lsha256_block_data_order
+#endif
+.align	5
+
+.global	sha256_block_data_order
+.type	sha256_block_data_order,%function
+sha256_block_data_order:
+.Lsha256_block_data_order:
+#if __ARM_ARCH__<7 && !defined(__thumb2__)
+	sub	r3,pc,#8		@ sha256_block_data_order
+#else
+	adr	r3,.Lsha256_block_data_order
+#endif
+#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__)
+	ldr	r12,.LOPENSSL_armcap
+	ldr	r12,[r3,r12]		@ OPENSSL_armcap_P
+#ifdef	__APPLE__
+	ldr	r12,[r12]
+#endif
+	tst	r12,#ARMV8_SHA256
+	bne	.LARMv8
+	tst	r12,#ARMV7_NEON
+	bne	.LNEON
+#endif
+	add	$len,$inp,$len,lsl#6	@ len to point at the end of inp
+	stmdb	sp!,{$ctx,$inp,$len,r4-r11,lr}
+	ldmia	$ctx,{$A,$B,$C,$D,$E,$F,$G,$H}
+	sub	$Ktbl,r3,#256+32	@ K256
+	sub	sp,sp,#16*4		@ alloca(X[16])
+.Loop:
+# if __ARM_ARCH__>=7
+	ldr	$t1,[$inp],#4
+# else
+	ldrb	$t1,[$inp,#3]
+# endif
+	eor	$t3,$B,$C		@ magic
+	eor	$t2,$t2,$t2
+___
+for($i=0;$i<16;$i++)	{ &BODY_00_15($i,@V); unshift(@V,pop(@V)); }
+$code.=".Lrounds_16_xx:\n";
+for (;$i<32;$i++)	{ &BODY_16_XX($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+#ifdef	__thumb2__
+	ite	eq			@ Thumb2 thing, sanity check in ARM
+#endif
+	ldreq	$t3,[sp,#16*4]		@ pull ctx
+	bne	.Lrounds_16_xx
+
+	add	$A,$A,$t2		@ h+=Maj(a,b,c) from the past
+	ldr	$t0,[$t3,#0]
+	ldr	$t1,[$t3,#4]
+	ldr	$t2,[$t3,#8]
+	add	$A,$A,$t0
+	ldr	$t0,[$t3,#12]
+	add	$B,$B,$t1
+	ldr	$t1,[$t3,#16]
+	add	$C,$C,$t2
+	ldr	$t2,[$t3,#20]
+	add	$D,$D,$t0
+	ldr	$t0,[$t3,#24]
+	add	$E,$E,$t1
+	ldr	$t1,[$t3,#28]
+	add	$F,$F,$t2
+	ldr	$inp,[sp,#17*4]		@ pull inp
+	ldr	$t2,[sp,#18*4]		@ pull inp+len
+	add	$G,$G,$t0
+	add	$H,$H,$t1
+	stmia	$t3,{$A,$B,$C,$D,$E,$F,$G,$H}
+	cmp	$inp,$t2
+	sub	$Ktbl,$Ktbl,#256	@ rewind Ktbl
+	bne	.Loop
+
+	add	sp,sp,#`16+3`*4	@ destroy frame
+#if __ARM_ARCH__>=5
+	ldmia	sp!,{r4-r11,pc}
+#else
+	ldmia	sp!,{r4-r11,lr}
+	tst	lr,#1
+	moveq	pc,lr			@ be binary compatible with V4, yet
+	bx	lr			@ interoperable with Thumb ISA:-)
+#endif
+.size	sha256_block_data_order,.-sha256_block_data_order
+___
+######################################################################
+# NEON stuff
+#
+{{{
+my @X=map("q$_",(0..3));
+my ($T0,$T1,$T2,$T3,$T4,$T5)=("q8","q9","q10","q11","d24","d25");
+my $Xfer=$t4;
+my $j=0;
+
+sub Dlo()   { shift=~m|q([1]?[0-9])|?"d".($1*2):"";     }
+sub Dhi()   { shift=~m|q([1]?[0-9])|?"d".($1*2+1):"";   }
+
+sub AUTOLOAD()          # thunk [simplified] x86-style perlasm
+{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://; $opcode =~ s/_/\./;
+  my $arg = pop;
+    $arg = "#$arg" if ($arg*1 eq $arg);
+    $code .= "\t$opcode\t".join(',',@_,$arg)."\n";
+}
+
+sub Xupdate()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);
+  my ($a,$b,$c,$d,$e,$f,$g,$h);
+
+	&vext_8		($T0,@X[0],@X[1],4);	# X[1..4]
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vext_8		($T1,@X[2],@X[3],4);	# X[9..12]
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vshr_u32	($T2,$T0,$sigma0[0]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vadd_i32	(@X[0],@X[0],$T1);	# X[0..3] += X[9..12]
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vshr_u32	($T1,$T0,$sigma0[2]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vsli_32	($T2,$T0,32-$sigma0[0]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vshr_u32	($T3,$T0,$sigma0[1]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&veor		($T1,$T1,$T2);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vsli_32	($T3,$T0,32-$sigma0[1]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &vshr_u32	($T4,&Dhi(@X[3]),$sigma1[0]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&veor		($T1,$T1,$T3);		# sigma0(X[1..4])
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &vsli_32	($T4,&Dhi(@X[3]),32-$sigma1[0]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &vshr_u32	($T5,&Dhi(@X[3]),$sigma1[2]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vadd_i32	(@X[0],@X[0],$T1);	# X[0..3] += sigma0(X[1..4])
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &veor		($T5,$T5,$T4);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &vshr_u32	($T4,&Dhi(@X[3]),$sigma1[1]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &vsli_32	($T4,&Dhi(@X[3]),32-$sigma1[1]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &veor		($T5,$T5,$T4);		# sigma1(X[14..15])
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vadd_i32	(&Dlo(@X[0]),&Dlo(@X[0]),$T5);# X[0..1] += sigma1(X[14..15])
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &vshr_u32	($T4,&Dlo(@X[0]),$sigma1[0]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &vsli_32	($T4,&Dlo(@X[0]),32-$sigma1[0]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &vshr_u32	($T5,&Dlo(@X[0]),$sigma1[2]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &veor		($T5,$T5,$T4);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &vshr_u32	($T4,&Dlo(@X[0]),$sigma1[1]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vld1_32	("{$T0}","[$Ktbl,:128]!");
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &vsli_32	($T4,&Dlo(@X[0]),32-$sigma1[1]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &veor		($T5,$T5,$T4);		# sigma1(X[16..17])
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vadd_i32	(&Dhi(@X[0]),&Dhi(@X[0]),$T5);# X[2..3] += sigma1(X[16..17])
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vadd_i32	($T0,$T0,@X[0]);
+	 while($#insns>=2) { eval(shift(@insns)); }
+	&vst1_32	("{$T0}","[$Xfer,:128]!");
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	push(@X,shift(@X));		# "rotate" X[]
+}
+
+sub Xpreload()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);
+  my ($a,$b,$c,$d,$e,$f,$g,$h);
+
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vld1_32	("{$T0}","[$Ktbl,:128]!");
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vrev32_8	(@X[0],@X[0]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vadd_i32	($T0,$T0,@X[0]);
+	 foreach (@insns) { eval; }	# remaining instructions
+	&vst1_32	("{$T0}","[$Xfer,:128]!");
+
+	push(@X,shift(@X));		# "rotate" X[]
+}
+
+sub body_00_15 () {
+	(
+	'($a,$b,$c,$d,$e,$f,$g,$h)=@V;'.
+	'&add	($h,$h,$t1)',			# h+=X[i]+K[i]
+	'&eor	($t1,$f,$g)',
+	'&eor	($t0,$e,$e,"ror#".($Sigma1[1]-$Sigma1[0]))',
+	'&add	($a,$a,$t2)',			# h+=Maj(a,b,c) from the past
+	'&and	($t1,$t1,$e)',
+	'&eor	($t2,$t0,$e,"ror#".($Sigma1[2]-$Sigma1[0]))',	# Sigma1(e)
+	'&eor	($t0,$a,$a,"ror#".($Sigma0[1]-$Sigma0[0]))',
+	'&eor	($t1,$t1,$g)',			# Ch(e,f,g)
+	'&add	($h,$h,$t2,"ror#$Sigma1[0]")',	# h+=Sigma1(e)
+	'&eor	($t2,$a,$b)',			# a^b, b^c in next round
+	'&eor	($t0,$t0,$a,"ror#".($Sigma0[2]-$Sigma0[0]))',	# Sigma0(a)
+	'&add	($h,$h,$t1)',			# h+=Ch(e,f,g)
+	'&ldr	($t1,sprintf "[sp,#%d]",4*(($j+1)&15))	if (($j&15)!=15);'.
+	'&ldr	($t1,"[$Ktbl]")				if ($j==15);'.
+	'&ldr	($t1,"[sp,#64]")			if ($j==31)',
+	'&and	($t3,$t3,$t2)',			# (b^c)&=(a^b)
+	'&add	($d,$d,$h)',			# d+=h
+	'&add	($h,$h,$t0,"ror#$Sigma0[0]");'.	# h+=Sigma0(a)
+	'&eor	($t3,$t3,$b)',			# Maj(a,b,c)
+	'$j++;	unshift(@V,pop(@V)); ($t2,$t3)=($t3,$t2);'
+	)
+}
+
+$code.=<<___;
+#if __ARM_MAX_ARCH__>=7
+.arch	armv7-a
+.fpu	neon
+
+.global	sha256_block_data_order_neon
+.type	sha256_block_data_order_neon,%function
+.align	5
+.skip	16
+sha256_block_data_order_neon:
+.LNEON:
+	stmdb	sp!,{r4-r12,lr}
+
+	sub	$H,sp,#16*4+16
+	adr	$Ktbl,K256
+	bic	$H,$H,#15		@ align for 128-bit stores
+	mov	$t2,sp
+	mov	sp,$H			@ alloca
+	add	$len,$inp,$len,lsl#6	@ len to point at the end of inp
+
+	vld1.8		{@X[0]},[$inp]!
+	vld1.8		{@X[1]},[$inp]!
+	vld1.8		{@X[2]},[$inp]!
+	vld1.8		{@X[3]},[$inp]!
+	vld1.32		{$T0},[$Ktbl,:128]!
+	vld1.32		{$T1},[$Ktbl,:128]!
+	vld1.32		{$T2},[$Ktbl,:128]!
+	vld1.32		{$T3},[$Ktbl,:128]!
+	vrev32.8	@X[0],@X[0]		@ yes, even on
+	str		$ctx,[sp,#64]
+	vrev32.8	@X[1],@X[1]		@ big-endian
+	str		$inp,[sp,#68]
+	mov		$Xfer,sp
+	vrev32.8	@X[2],@X[2]
+	str		$len,[sp,#72]
+	vrev32.8	@X[3],@X[3]
+	str		$t2,[sp,#76]		@ save original sp
+	vadd.i32	$T0,$T0,@X[0]
+	vadd.i32	$T1,$T1,@X[1]
+	vst1.32		{$T0},[$Xfer,:128]!
+	vadd.i32	$T2,$T2,@X[2]
+	vst1.32		{$T1},[$Xfer,:128]!
+	vadd.i32	$T3,$T3,@X[3]
+	vst1.32		{$T2},[$Xfer,:128]!
+	vst1.32		{$T3},[$Xfer,:128]!
+
+	ldmia		$ctx,{$A-$H}
+	sub		$Xfer,$Xfer,#64
+	ldr		$t1,[sp,#0]
+	eor		$t2,$t2,$t2
+	eor		$t3,$B,$C
+	b		.L_00_48
+
+.align	4
+.L_00_48:
+___
+	&Xupdate(\&body_00_15);
+	&Xupdate(\&body_00_15);
+	&Xupdate(\&body_00_15);
+	&Xupdate(\&body_00_15);
+$code.=<<___;
+	teq	$t1,#0				@ check for K256 terminator
+	ldr	$t1,[sp,#0]
+	sub	$Xfer,$Xfer,#64
+	bne	.L_00_48
+
+	ldr		$inp,[sp,#68]
+	ldr		$t0,[sp,#72]
+	sub		$Ktbl,$Ktbl,#256	@ rewind $Ktbl
+	teq		$inp,$t0
+	it		eq
+	subeq		$inp,$inp,#64		@ avoid SEGV
+	vld1.8		{@X[0]},[$inp]!		@ load next input block
+	vld1.8		{@X[1]},[$inp]!
+	vld1.8		{@X[2]},[$inp]!
+	vld1.8		{@X[3]},[$inp]!
+	it		ne
+	strne		$inp,[sp,#68]
+	mov		$Xfer,sp
+___
+	&Xpreload(\&body_00_15);
+	&Xpreload(\&body_00_15);
+	&Xpreload(\&body_00_15);
+	&Xpreload(\&body_00_15);
+$code.=<<___;
+	ldr	$t0,[$t1,#0]
+	add	$A,$A,$t2			@ h+=Maj(a,b,c) from the past
+	ldr	$t2,[$t1,#4]
+	ldr	$t3,[$t1,#8]
+	ldr	$t4,[$t1,#12]
+	add	$A,$A,$t0			@ accumulate
+	ldr	$t0,[$t1,#16]
+	add	$B,$B,$t2
+	ldr	$t2,[$t1,#20]
+	add	$C,$C,$t3
+	ldr	$t3,[$t1,#24]
+	add	$D,$D,$t4
+	ldr	$t4,[$t1,#28]
+	add	$E,$E,$t0
+	str	$A,[$t1],#4
+	add	$F,$F,$t2
+	str	$B,[$t1],#4
+	add	$G,$G,$t3
+	str	$C,[$t1],#4
+	add	$H,$H,$t4
+	str	$D,[$t1],#4
+	stmia	$t1,{$E-$H}
+
+	ittte	ne
+	movne	$Xfer,sp
+	ldrne	$t1,[sp,#0]
+	eorne	$t2,$t2,$t2
+	ldreq	sp,[sp,#76]			@ restore original sp
+	itt	ne
+	eorne	$t3,$B,$C
+	bne	.L_00_48
+
+	ldmia	sp!,{r4-r12,pc}
+.size	sha256_block_data_order_neon,.-sha256_block_data_order_neon
+#endif
+___
+}}}
+######################################################################
+# ARMv8 stuff
+#
+{{{
+my ($ABCD,$EFGH,$abcd)=map("q$_",(0..2));
+my @MSG=map("q$_",(8..11));
+my ($W0,$W1,$ABCD_SAVE,$EFGH_SAVE)=map("q$_",(12..15));
+my $Ktbl="r3";
+
+$code.=<<___;
+#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__)
+
+# if defined(__thumb2__)
+#  define INST(a,b,c,d)	.byte	c,d|0xc,a,b
+# else
+#  define INST(a,b,c,d)	.byte	a,b,c,d
+# endif
+
+.type	sha256_block_data_order_armv8,%function
+.align	5
+sha256_block_data_order_armv8:
+.LARMv8:
+	vld1.32	{$ABCD,$EFGH},[$ctx]
+	sub	$Ktbl,$Ktbl,#256+32
+	add	$len,$inp,$len,lsl#6	@ len to point at the end of inp
+	b	.Loop_v8
+
+.align	4
+.Loop_v8:
+	vld1.8		{@MSG[0]-@MSG[1]},[$inp]!
+	vld1.8		{@MSG[2]-@MSG[3]},[$inp]!
+	vld1.32		{$W0},[$Ktbl]!
+	vrev32.8	@MSG[0],@MSG[0]
+	vrev32.8	@MSG[1],@MSG[1]
+	vrev32.8	@MSG[2],@MSG[2]
+	vrev32.8	@MSG[3],@MSG[3]
+	vmov		$ABCD_SAVE,$ABCD	@ offload
+	vmov		$EFGH_SAVE,$EFGH
+	teq		$inp,$len
+___
+for($i=0;$i<12;$i++) {
+$code.=<<___;
+	vld1.32		{$W1},[$Ktbl]!
+	vadd.i32	$W0,$W0,@MSG[0]
+	sha256su0	@MSG[0],@MSG[1]
+	vmov		$abcd,$ABCD
+	sha256h		$ABCD,$EFGH,$W0
+	sha256h2	$EFGH,$abcd,$W0
+	sha256su1	@MSG[0],@MSG[2],@MSG[3]
+___
+	($W0,$W1)=($W1,$W0);	push(@MSG,shift(@MSG));
+}
+$code.=<<___;
+	vld1.32		{$W1},[$Ktbl]!
+	vadd.i32	$W0,$W0,@MSG[0]
+	vmov		$abcd,$ABCD
+	sha256h		$ABCD,$EFGH,$W0
+	sha256h2	$EFGH,$abcd,$W0
+
+	vld1.32		{$W0},[$Ktbl]!
+	vadd.i32	$W1,$W1,@MSG[1]
+	vmov		$abcd,$ABCD
+	sha256h		$ABCD,$EFGH,$W1
+	sha256h2	$EFGH,$abcd,$W1
+
+	vld1.32		{$W1},[$Ktbl]
+	vadd.i32	$W0,$W0,@MSG[2]
+	sub		$Ktbl,$Ktbl,#256-16	@ rewind
+	vmov		$abcd,$ABCD
+	sha256h		$ABCD,$EFGH,$W0
+	sha256h2	$EFGH,$abcd,$W0
+
+	vadd.i32	$W1,$W1,@MSG[3]
+	vmov		$abcd,$ABCD
+	sha256h		$ABCD,$EFGH,$W1
+	sha256h2	$EFGH,$abcd,$W1
+
+	vadd.i32	$ABCD,$ABCD,$ABCD_SAVE
+	vadd.i32	$EFGH,$EFGH,$EFGH_SAVE
+	it		ne
+	bne		.Loop_v8
+
+	vst1.32		{$ABCD,$EFGH},[$ctx]
+
+	ret		@ bx lr
+.size	sha256_block_data_order_armv8,.-sha256_block_data_order_armv8
+#endif
+___
+}}}
+$code.=<<___;
+.asciz  "SHA256 block transform for ARMv4/NEON/ARMv8, CRYPTOGAMS by <appro\@openssl.org>"
+.align	2
+#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__)
+.comm   OPENSSL_armcap_P,4,4
+#endif
+___
+
+open SELF,$0;
+while(<SELF>) {
+	next if (/^#!/);
+	last if (!s/^#/@/ and !/^$/);
+	print;
+}
+close SELF;
+
+{   my  %opcode = (
+	"sha256h"	=> 0xf3000c40,	"sha256h2"	=> 0xf3100c40,
+	"sha256su0"	=> 0xf3ba03c0,	"sha256su1"	=> 0xf3200c40	);
+
+    sub unsha256 {
+	my ($mnemonic,$arg)=@_;
+
+	if ($arg =~ m/q([0-9]+)(?:,\s*q([0-9]+))?,\s*q([0-9]+)/o) {
+	    my $word = $opcode{$mnemonic}|(($1&7)<<13)|(($1&8)<<19)
+					 |(($2&7)<<17)|(($2&8)<<4)
+					 |(($3&7)<<1) |(($3&8)<<2);
+	    # since ARMv7 instructions are always encoded little-endian.
+	    # correct solution is to use .inst directive, but older
+	    # assemblers don't implement it:-(
+	    sprintf "INST(0x%02x,0x%02x,0x%02x,0x%02x)\t@ %s %s",
+			$word&0xff,($word>>8)&0xff,
+			($word>>16)&0xff,($word>>24)&0xff,
+			$mnemonic,$arg;
+	}
+    }
+}
+
+foreach (split($/,$code)) {
+
+	s/\`([^\`]*)\`/eval $1/geo;
+
+	s/\b(sha256\w+)\s+(q.*)/unsha256($1,$2)/geo;
+
+	s/\bret\b/bx	lr/go		or
+	s/\bbx\s+lr\b/.word\t0xe12fff1e/go;	# make it possible to compile with -march=armv4
+
+	print $_,"\n";
+}
+
+close STDOUT; # enforce flush
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha256-c64xplus.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha256-c64xplus.pl
new file mode 100644
index 000000000..3ab7d9b68
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha256-c64xplus.pl
@@ -0,0 +1,320 @@
+#! /usr/bin/env perl
+# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# SHA256 for C64x+.
+#
+# January 2012
+#
+# Performance is just below 10 cycles per processed byte, which is
+# almost 40% faster than compiler-generated code. Unroll is unlikely
+# to give more than ~8% improvement...
+#
+# !!! Note that this module uses AMR, which means that all interrupt
+# service routines are expected to preserve it and for own well-being
+# zero it upon entry.
+
+while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+open STDOUT,">$output";
+
+($CTXA,$INP,$NUM) = ("A4","B4","A6");            # arguments
+ $K256="A3";
+
+($A,$Actx,$B,$Bctx,$C,$Cctx,$D,$Dctx,$T2,$S0,$s1,$t0a,$t1a,$t2a,$X9,$X14)
+	=map("A$_",(16..31));
+($E,$Ectx,$F,$Fctx,$G,$Gctx,$H,$Hctx,$T1,$S1,$s0,$t0e,$t1e,$t2e,$X1,$X15)
+	=map("B$_",(16..31));
+
+($Xia,$Xib)=("A5","B5");			# circular/ring buffer
+ $CTXB=$t2e;
+
+($Xn,$X0,$K)=("B7","B8","B9");
+($Maj,$Ch)=($T2,"B6");
+
+$code.=<<___;
+	.text
+
+	.if	.ASSEMBLER_VERSION<7000000
+	.asg	0,__TI_EABI__
+	.endif
+	.if	__TI_EABI__
+	.nocmp
+	.asg	sha256_block_data_order,_sha256_block_data_order
+	.endif
+
+	.asg	B3,RA
+	.asg	A15,FP
+	.asg	B15,SP
+
+	.if	.BIG_ENDIAN
+	.asg	SWAP2,MV
+	.asg	SWAP4,MV
+	.endif
+
+	.global	_sha256_block_data_order
+_sha256_block_data_order:
+__sha256_block:
+	.asmfunc stack_usage(64)
+	MV	$NUM,A0				; reassign $NUM
+||	MVK	-64,B0
+  [!A0]	BNOP	RA				; if ($NUM==0) return;
+|| [A0]	STW	FP,*SP--[16]			; save frame pointer and alloca(64)
+|| [A0]	MV	SP,FP
+   [A0]	ADDKPC	__sha256_block,B2
+|| [A0]	AND	B0,SP,SP			; align stack at 64 bytes
+	.if	__TI_EABI__
+   [A0]	MVK	0x00404,B1
+|| [A0]	MVKL	\$PCR_OFFSET(K256,__sha256_block),$K256
+   [A0]	MVKH	0x50000,B1
+|| [A0]	MVKH	\$PCR_OFFSET(K256,__sha256_block),$K256
+	.else
+   [A0]	MVK	0x00404,B1
+|| [A0]	MVKL	(K256-__sha256_block),$K256
+   [A0]	MVKH	0x50000,B1
+|| [A0]	MVKH	(K256-__sha256_block),$K256
+	.endif
+   [A0]	MVC	B1,AMR				; setup circular addressing
+|| [A0]	MV	SP,$Xia
+   [A0]	MV	SP,$Xib
+|| [A0]	ADD	B2,$K256,$K256
+|| [A0]	MV	$CTXA,$CTXB
+|| [A0]	SUBAW	SP,2,SP				; reserve two words above buffer
+	LDW	*${CTXA}[0],$A			; load ctx
+||	LDW	*${CTXB}[4],$E
+	LDW	*${CTXA}[1],$B
+||	LDW	*${CTXB}[5],$F
+	LDW	*${CTXA}[2],$C
+||	LDW	*${CTXB}[6],$G
+	LDW	*${CTXA}[3],$D
+||	LDW	*${CTXB}[7],$H
+
+	LDNW	*$INP++,$Xn			; pre-fetch input
+	LDW	*$K256++,$K			; pre-fetch K256[0]
+	MVK	14,B0				; loop counters
+	MVK	47,B1
+||	ADDAW	$Xia,9,$Xia
+outerloop?:
+	SUB	A0,1,A0
+||	MV	$A,$Actx
+||	MV	$E,$Ectx
+||	MVD	$B,$Bctx
+||	MVD	$F,$Fctx
+	MV	$C,$Cctx
+||	MV	$G,$Gctx
+||	MVD	$D,$Dctx
+||	MVD	$H,$Hctx
+||	SWAP4	$Xn,$X0
+
+	SPLOOPD	8				; BODY_00_14
+||	MVC	B0,ILC
+||	SWAP2	$X0,$X0
+
+	LDNW	*$INP++,$Xn
+||	ROTL	$A,30,$S0
+||	OR	$A,$B,$Maj
+||	AND	$A,$B,$t2a
+||	ROTL	$E,26,$S1
+||	AND	$F,$E,$Ch
+||	ANDN	$G,$E,$t2e
+	ROTL	$A,19,$t0a
+||	AND	$C,$Maj,$Maj
+||	ROTL	$E,21,$t0e
+||	XOR	$t2e,$Ch,$Ch			; Ch(e,f,g) = (e&f)^(~e&g)
+	ROTL	$A,10,$t1a
+||	OR	$t2a,$Maj,$Maj			; Maj(a,b,c) = ((a|b)&c)|(a&b)
+||	ROTL	$E,7,$t1e
+||	ADD	$K,$H,$T1			; T1 = h + K256[i]
+	ADD	$X0,$T1,$T1			; T1 += X[i];
+||	STW	$X0,*$Xib++
+||	XOR	$t0a,$S0,$S0
+||	XOR	$t0e,$S1,$S1
+	XOR	$t1a,$S0,$S0			; Sigma0(a)
+||	XOR	$t1e,$S1,$S1			; Sigma1(e)
+||	LDW	*$K256++,$K			; pre-fetch K256[i+1]
+||	ADD	$Ch,$T1,$T1			; T1 += Ch(e,f,g)
+	ADD	$S1,$T1,$T1			; T1 += Sigma1(e)
+||	ADD	$S0,$Maj,$T2			; T2 = Sigma0(a) + Maj(a,b,c)
+||	ROTL	$G,0,$H				; h = g
+||	MV	$F,$G				; g = f
+||	MV	$X0,$X14
+||	SWAP4	$Xn,$X0
+	SWAP2	$X0,$X0
+||	MV	$E,$F				; f = e
+||	ADD	$D,$T1,$E			; e = d + T1
+||	MV	$C,$D				; d = c
+	MV	$B,$C				; c = b
+||	MV	$A,$B				; b = a
+||	ADD	$T1,$T2,$A			; a = T1 + T2
+	SPKERNEL
+
+	ROTL	$A,30,$S0			; BODY_15
+||	OR	$A,$B,$Maj
+||	AND	$A,$B,$t2a
+||	ROTL	$E,26,$S1
+||	AND	$F,$E,$Ch
+||	ANDN	$G,$E,$t2e
+||	LDW	*${Xib}[1],$Xn			; modulo-scheduled
+	ROTL	$A,19,$t0a
+||	AND	$C,$Maj,$Maj
+||	ROTL	$E,21,$t0e
+||	XOR	$t2e,$Ch,$Ch			; Ch(e,f,g) = (e&f)^(~e&g)
+||	LDW	*${Xib}[2],$X1			; modulo-scheduled
+	ROTL	$A,10,$t1a
+||	OR	$t2a,$Maj,$Maj			; Maj(a,b,c) = ((a|b)&c)|(a&b)
+||	ROTL	$E,7,$t1e
+||	ADD	$K,$H,$T1			; T1 = h + K256[i]
+	ADD	$X0,$T1,$T1			; T1 += X[i];
+||	STW	$X0,*$Xib++
+||	XOR	$t0a,$S0,$S0
+||	XOR	$t0e,$S1,$S1
+	XOR	$t1a,$S0,$S0			; Sigma0(a)
+||	XOR	$t1e,$S1,$S1			; Sigma1(e)
+||	LDW	*$K256++,$K			; pre-fetch K256[i+1]
+||	ADD	$Ch,$T1,$T1			; T1 += Ch(e,f,g)
+	ADD	$S1,$T1,$T1			; T1 += Sigma1(e)
+||	ADD	$S0,$Maj,$T2			; T2 = Sigma0(a) + Maj(a,b,c)
+||	ROTL	$G,0,$H				; h = g
+||	MV	$F,$G				; g = f
+||	MV	$X0,$X15
+	MV	$E,$F				; f = e
+||	ADD	$D,$T1,$E			; e = d + T1
+||	MV	$C,$D				; d = c
+||	MV	$Xn,$X0				; modulo-scheduled
+||	LDW	*$Xia,$X9			; modulo-scheduled
+||	ROTL	$X1,25,$t0e			; modulo-scheduled
+||	ROTL	$X14,15,$t0a			; modulo-scheduled
+	SHRU	$X1,3,$s0			; modulo-scheduled
+||	SHRU	$X14,10,$s1			; modulo-scheduled
+||	ROTL	$B,0,$C				; c = b
+||	MV	$A,$B				; b = a
+||	ADD	$T1,$T2,$A			; a = T1 + T2
+
+	SPLOOPD	10				; BODY_16_63
+||	MVC	B1,ILC
+||	ROTL	$X1,14,$t1e			; modulo-scheduled
+||	ROTL	$X14,13,$t1a			; modulo-scheduled
+
+	XOR	$t0e,$s0,$s0
+||	XOR	$t0a,$s1,$s1
+||	MV	$X15,$X14
+||	MV	$X1,$Xn
+	XOR	$t1e,$s0,$s0			; sigma0(X[i+1])
+||	XOR	$t1a,$s1,$s1			; sigma1(X[i+14])
+||	LDW	*${Xib}[2],$X1			; module-scheduled
+	ROTL	$A,30,$S0
+||	OR	$A,$B,$Maj
+||	AND	$A,$B,$t2a
+||	ROTL	$E,26,$S1
+||	AND	$F,$E,$Ch
+||	ANDN	$G,$E,$t2e
+||	ADD	$X9,$X0,$X0			; X[i] += X[i+9]
+	ROTL	$A,19,$t0a
+||	AND	$C,$Maj,$Maj
+||	ROTL	$E,21,$t0e
+||	XOR	$t2e,$Ch,$Ch			; Ch(e,f,g) = (e&f)^(~e&g)
+||	ADD	$s0,$X0,$X0			; X[i] += sigma1(X[i+1])
+	ROTL	$A,10,$t1a
+||	OR	$t2a,$Maj,$Maj			; Maj(a,b,c) = ((a|b)&c)|(a&b)
+||	ROTL	$E,7,$t1e
+||	ADD	$H,$K,$T1			; T1 = h + K256[i]
+||	ADD	$s1,$X0,$X0			; X[i] += sigma1(X[i+14])
+	XOR	$t0a,$S0,$S0
+||	XOR	$t0e,$S1,$S1
+||	ADD	$X0,$T1,$T1			; T1 += X[i]
+||	STW	$X0,*$Xib++
+	XOR	$t1a,$S0,$S0			; Sigma0(a)
+||	XOR	$t1e,$S1,$S1			; Sigma1(e)
+||	ADD	$Ch,$T1,$T1			; T1 += Ch(e,f,g)
+||	MV	$X0,$X15
+||	ROTL	$G,0,$H				; h = g
+||	LDW	*$K256++,$K			; pre-fetch K256[i+1]
+	ADD	$S1,$T1,$T1			; T1 += Sigma1(e)
+||	ADD	$S0,$Maj,$T2			; T2 = Sigma0(a) + Maj(a,b,c)
+||	MV	$F,$G				; g = f
+||	MV	$Xn,$X0				; modulo-scheduled
+||	LDW	*++$Xia,$X9			; modulo-scheduled
+||	ROTL	$X1,25,$t0e			; module-scheduled
+||	ROTL	$X14,15,$t0a			; modulo-scheduled
+	ROTL	$X1,14,$t1e			; modulo-scheduled
+||	ROTL	$X14,13,$t1a			; modulo-scheduled
+||	MV	$E,$F				; f = e
+||	ADD	$D,$T1,$E			; e = d + T1
+||	MV	$C,$D				; d = c
+||	MV	$B,$C				; c = b
+	MV	$A,$B				; b = a
+||	ADD	$T1,$T2,$A			; a = T1 + T2
+||	SHRU	$X1,3,$s0			; modulo-scheduled
+||	SHRU	$X14,10,$s1			; modulo-scheduled
+	SPKERNEL
+
+   [A0]	B	outerloop?
+|| [A0]	LDNW	*$INP++,$Xn			; pre-fetch input
+|| [A0]	ADDK	-260,$K256			; rewind K256
+||	ADD	$Actx,$A,$A			; accumulate ctx
+||	ADD	$Ectx,$E,$E
+||	ADD	$Bctx,$B,$B
+	ADD	$Fctx,$F,$F
+||	ADD	$Cctx,$C,$C
+||	ADD	$Gctx,$G,$G
+||	ADD	$Dctx,$D,$D
+||	ADD	$Hctx,$H,$H
+|| [A0]	LDW	*$K256++,$K			; pre-fetch K256[0]
+
+  [!A0]	BNOP	RA
+||[!A0]	MV	$CTXA,$CTXB
+  [!A0]	MV	FP,SP				; restore stack pointer
+||[!A0]	LDW	*FP[0],FP			; restore frame pointer
+  [!A0]	STW	$A,*${CTXA}[0]  		; save ctx
+||[!A0]	STW	$E,*${CTXB}[4]
+||[!A0]	MVK	0,B0
+  [!A0]	STW	$B,*${CTXA}[1]
+||[!A0]	STW	$F,*${CTXB}[5]
+||[!A0]	MVC	B0,AMR				; clear AMR
+	STW	$C,*${CTXA}[2]
+||	STW	$G,*${CTXB}[6]
+	STW	$D,*${CTXA}[3]
+||	STW	$H,*${CTXB}[7]
+	.endasmfunc
+
+	.if	__TI_EABI__
+	.sect	".text:sha_asm.const"
+	.else
+	.sect	".const:sha_asm"
+	.endif
+	.align	128
+K256:
+	.uword	0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5
+	.uword	0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5
+	.uword	0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3
+	.uword	0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174
+	.uword	0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc
+	.uword	0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da
+	.uword	0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7
+	.uword	0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967
+	.uword	0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13
+	.uword	0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85
+	.uword	0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3
+	.uword	0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070
+	.uword	0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5
+	.uword	0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3
+	.uword	0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208
+	.uword	0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
+	.cstring "SHA256 block transform for C64x+, CRYPTOGAMS by <appro\@openssl.org>"
+	.align	4
+
+___
+
+print $code;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha256-mb-x86_64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha256-mb-x86_64.pl
new file mode 100644
index 000000000..73978dbd8
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha256-mb-x86_64.pl
@@ -0,0 +1,1614 @@
+#! /usr/bin/env perl
+# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# Multi-buffer SHA256 procedure processes n buffers in parallel by
+# placing buffer data to designated lane of SIMD register. n is
+# naturally limited to 4 on pre-AVX2 processors and to 8 on
+# AVX2-capable processors such as Haswell.
+#
+#		this	+aesni(i)	sha256	aesni-sha256	gain(iv)
+# -------------------------------------------------------------------
+# Westmere(ii)	23.3/n	+1.28=7.11(n=4)	12.3	+3.75=16.1	+126%
+# Atom(ii)	38.7/n	+3.93=13.6(n=4)	20.8	+5.69=26.5	+95%
+# Sandy Bridge	(20.5	+5.15=25.7)/n	11.6	13.0		+103%
+# Ivy Bridge	(20.4	+5.14=25.5)/n	10.3	11.6		+82%
+# Haswell(iii)	(21.0	+5.00=26.0)/n	7.80	8.79		+170%
+# Skylake	(18.9	+5.00=23.9)/n	7.70	8.17		+170%
+# Bulldozer	(21.6	+5.76=27.4)/n	13.6	13.7		+100%
+#
+# (i)	multi-block CBC encrypt with 128-bit key;
+# (ii)	(HASH+AES)/n does not apply to Westmere for n>3 and Atom,
+#	because of lower AES-NI instruction throughput, nor is there
+#	AES-NI-SHA256 stitch for these processors;
+# (iii)	"this" is for n=8, when we gather twice as much data, result
+#	for n=4 is 20.3+4.44=24.7;
+# (iv)	presented improvement coefficients are asymptotic limits and
+#	in real-life application are somewhat lower, e.g. for 2KB
+#	fragments they range from 75% to 130% (on Haswell);
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+$avx=0;
+
+if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+		=~ /GNU assembler version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.19) + ($1>=2.22);
+}
+
+if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
+	   `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.09) + ($1>=2.10);
+}
+
+if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
+	   `ml64 2>&1` =~ /Version ([0-9]+)\./) {
+	$avx = ($1>=10) + ($1>=11);
+}
+
+if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) {
+	$avx = ($2>=3.0) + ($2>3.0);
+}
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+# void sha256_multi_block (
+#     struct {	unsigned int A[8];
+#		unsigned int B[8];
+#		unsigned int C[8];
+#		unsigned int D[8];
+#		unsigned int E[8];
+#		unsigned int F[8];
+#		unsigned int G[8];
+#		unsigned int H[8];	} *ctx,
+#     struct {	void *ptr; int blocks;	} inp[8],
+#     int num);		/* 1 or 2 */
+#
+$ctx="%rdi";	# 1st arg
+$inp="%rsi";	# 2nd arg
+$num="%edx";	# 3rd arg
+@ptr=map("%r$_",(8..11));
+$Tbl="%rbp";
+
+@V=($A,$B,$C,$D,$E,$F,$G,$H)=map("%xmm$_",(8..15));
+($t1,$t2,$t3,$axb,$bxc,$Xi,$Xn,$sigma)=map("%xmm$_",(0..7));
+
+$REG_SZ=16;
+
+sub Xi_off {
+my $off = shift;
+
+    $off %= 16; $off *= $REG_SZ;
+    $off<256 ? "$off-128(%rax)" : "$off-256-128(%rbx)";
+}
+
+sub ROUND_00_15 {
+my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_;
+
+$code.=<<___ if ($i<15);
+	movd		`4*$i`(@ptr[0]),$Xi
+	movd		`4*$i`(@ptr[1]),$t1
+	movd		`4*$i`(@ptr[2]),$t2
+	movd		`4*$i`(@ptr[3]),$t3
+	punpckldq	$t2,$Xi
+	punpckldq	$t3,$t1
+	punpckldq	$t1,$Xi
+___
+$code.=<<___ if ($i==15);
+	movd		`4*$i`(@ptr[0]),$Xi
+	 lea		`16*4`(@ptr[0]),@ptr[0]
+	movd		`4*$i`(@ptr[1]),$t1
+	 lea		`16*4`(@ptr[1]),@ptr[1]
+	movd		`4*$i`(@ptr[2]),$t2
+	 lea		`16*4`(@ptr[2]),@ptr[2]
+	movd		`4*$i`(@ptr[3]),$t3
+	 lea		`16*4`(@ptr[3]),@ptr[3]
+	punpckldq	$t2,$Xi
+	punpckldq	$t3,$t1
+	punpckldq	$t1,$Xi
+___
+$code.=<<___;
+	movdqa	$e,$sigma
+	`"pshufb	$Xn,$Xi"		if ($i<=15 && ($i&1)==0)`
+	movdqa	$e,$t3
+	`"pshufb	$Xn,$Xi"		if ($i<=15 && ($i&1)==1)`
+	psrld	\$6,$sigma
+	movdqa	$e,$t2
+	pslld	\$7,$t3
+	movdqa	$Xi,`&Xi_off($i)`
+	 paddd	$h,$Xi				# Xi+=h
+
+	psrld	\$11,$t2
+	pxor	$t3,$sigma
+	pslld	\$21-7,$t3
+	 paddd	`32*($i%8)-128`($Tbl),$Xi	# Xi+=K[round]
+	pxor	$t2,$sigma
+
+	psrld	\$25-11,$t2
+	 movdqa	$e,$t1
+	 `"prefetcht0	63(@ptr[0])"		if ($i==15)`
+	pxor	$t3,$sigma
+	 movdqa	$e,$axb				# borrow $axb
+	pslld	\$26-21,$t3
+	 pandn	$g,$t1
+	 pand	$f,$axb
+	pxor	$t2,$sigma
+
+	 `"prefetcht0	63(@ptr[1])"		if ($i==15)`
+	movdqa	$a,$t2
+	pxor	$t3,$sigma			# Sigma1(e)
+	movdqa	$a,$t3
+	psrld	\$2,$t2
+	paddd	$sigma,$Xi			# Xi+=Sigma1(e)
+	 pxor	$axb,$t1			# Ch(e,f,g)
+	 movdqa	$b,$axb
+	movdqa	$a,$sigma
+	pslld	\$10,$t3
+	 pxor	$a,$axb				# a^b, b^c in next round
+
+	 `"prefetcht0	63(@ptr[2])"		if ($i==15)`
+	psrld	\$13,$sigma
+	pxor	$t3,$t2
+	 paddd	$t1,$Xi				# Xi+=Ch(e,f,g)
+	pslld	\$19-10,$t3
+	 pand	$axb,$bxc
+	pxor	$sigma,$t2
+
+	 `"prefetcht0	63(@ptr[3])"		if ($i==15)`
+	psrld	\$22-13,$sigma
+	pxor	$t3,$t2
+	 movdqa	$b,$h
+	pslld	\$30-19,$t3
+	pxor	$t2,$sigma
+	 pxor	$bxc,$h				# h=Maj(a,b,c)=Ch(a^b,c,b)
+	 paddd	$Xi,$d				# d+=Xi
+	pxor	$t3,$sigma			# Sigma0(a)
+
+	paddd	$Xi,$h				# h+=Xi
+	paddd	$sigma,$h			# h+=Sigma0(a)
+___
+$code.=<<___ if (($i%8)==7);
+	lea	`32*8`($Tbl),$Tbl
+___
+	($axb,$bxc)=($bxc,$axb);
+}
+
+sub ROUND_16_XX {
+my $i=shift;
+
+$code.=<<___;
+	movdqa	`&Xi_off($i+1)`,$Xn
+	paddd	`&Xi_off($i+9)`,$Xi		# Xi+=X[i+9]
+
+	movdqa	$Xn,$sigma
+	movdqa	$Xn,$t2
+	psrld	\$3,$sigma
+	movdqa	$Xn,$t3
+
+	psrld	\$7,$t2
+	movdqa	`&Xi_off($i+14)`,$t1
+	pslld	\$14,$t3
+	pxor	$t2,$sigma
+	psrld	\$18-7,$t2
+	movdqa	$t1,$axb			# borrow $axb
+	pxor	$t3,$sigma
+	pslld	\$25-14,$t3
+	pxor	$t2,$sigma
+	psrld	\$10,$t1
+	movdqa	$axb,$t2
+
+	psrld	\$17,$axb
+	pxor	$t3,$sigma			# sigma0(X[i+1])
+	pslld	\$13,$t2
+	 paddd	$sigma,$Xi			# Xi+=sigma0(e)
+	pxor	$axb,$t1
+	psrld	\$19-17,$axb
+	pxor	$t2,$t1
+	pslld	\$15-13,$t2
+	pxor	$axb,$t1
+	pxor	$t2,$t1				# sigma0(X[i+14])
+	paddd	$t1,$Xi				# Xi+=sigma1(X[i+14])
+___
+	&ROUND_00_15($i,@_);
+	($Xi,$Xn)=($Xn,$Xi);
+}
+
+$code.=<<___;
+.text
+
+.extern	OPENSSL_ia32cap_P
+
+.globl	sha256_multi_block
+.type	sha256_multi_block,\@function,3
+.align	32
+sha256_multi_block:
+.cfi_startproc
+	mov	OPENSSL_ia32cap_P+4(%rip),%rcx
+	bt	\$61,%rcx			# check SHA bit
+	jc	_shaext_shortcut
+___
+$code.=<<___ if ($avx);
+	test	\$`1<<28`,%ecx
+	jnz	_avx_shortcut
+___
+$code.=<<___;
+	mov	%rsp,%rax
+.cfi_def_cfa_register	%rax
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+___
+$code.=<<___ if ($win64);
+	lea	-0xa8(%rsp),%rsp
+	movaps	%xmm6,(%rsp)
+	movaps	%xmm7,0x10(%rsp)
+	movaps	%xmm8,0x20(%rsp)
+	movaps	%xmm9,0x30(%rsp)
+	movaps	%xmm10,-0x78(%rax)
+	movaps	%xmm11,-0x68(%rax)
+	movaps	%xmm12,-0x58(%rax)
+	movaps	%xmm13,-0x48(%rax)
+	movaps	%xmm14,-0x38(%rax)
+	movaps	%xmm15,-0x28(%rax)
+___
+$code.=<<___;
+	sub	\$`$REG_SZ*18`, %rsp
+	and	\$-256,%rsp
+	mov	%rax,`$REG_SZ*17`(%rsp)		# original %rsp
+.cfi_cfa_expression	%rsp+`$REG_SZ*17`,deref,+8
+.Lbody:
+	lea	K256+128(%rip),$Tbl
+	lea	`$REG_SZ*16`(%rsp),%rbx
+	lea	0x80($ctx),$ctx			# size optimization
+
+.Loop_grande:
+	mov	$num,`$REG_SZ*17+8`(%rsp)	# original $num
+	xor	$num,$num
+___
+for($i=0;$i<4;$i++) {
+    $code.=<<___;
+	mov	`16*$i+0`($inp),@ptr[$i]	# input pointer
+	mov	`16*$i+8`($inp),%ecx		# number of blocks
+	cmp	$num,%ecx
+	cmovg	%ecx,$num			# find maximum
+	test	%ecx,%ecx
+	mov	%ecx,`4*$i`(%rbx)		# initialize counters
+	cmovle	$Tbl,@ptr[$i]			# cancel input
+___
+}
+$code.=<<___;
+	test	$num,$num
+	jz	.Ldone
+
+	movdqu	0x00-0x80($ctx),$A		# load context
+	 lea	128(%rsp),%rax
+	movdqu	0x20-0x80($ctx),$B
+	movdqu	0x40-0x80($ctx),$C
+	movdqu	0x60-0x80($ctx),$D
+	movdqu	0x80-0x80($ctx),$E
+	movdqu	0xa0-0x80($ctx),$F
+	movdqu	0xc0-0x80($ctx),$G
+	movdqu	0xe0-0x80($ctx),$H
+	movdqu	.Lpbswap(%rip),$Xn
+	jmp	.Loop
+
+.align	32
+.Loop:
+	movdqa	$C,$bxc
+	pxor	$B,$bxc				# magic seed
+___
+for($i=0;$i<16;$i++)	{ &ROUND_00_15($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	movdqu	`&Xi_off($i)`,$Xi
+	mov	\$3,%ecx
+	jmp	.Loop_16_xx
+.align	32
+.Loop_16_xx:
+___
+for(;$i<32;$i++)	{ &ROUND_16_XX($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	dec	%ecx
+	jnz	.Loop_16_xx
+
+	mov	\$1,%ecx
+	lea	K256+128(%rip),$Tbl
+
+	movdqa	(%rbx),$sigma			# pull counters
+	cmp	4*0(%rbx),%ecx			# examine counters
+	pxor	$t1,$t1
+	cmovge	$Tbl,@ptr[0]			# cancel input
+	cmp	4*1(%rbx),%ecx
+	movdqa	$sigma,$Xn
+	cmovge	$Tbl,@ptr[1]
+	cmp	4*2(%rbx),%ecx
+	pcmpgtd	$t1,$Xn				# mask value
+	cmovge	$Tbl,@ptr[2]
+	cmp	4*3(%rbx),%ecx
+	paddd	$Xn,$sigma			# counters--
+	cmovge	$Tbl,@ptr[3]
+
+	movdqu	0x00-0x80($ctx),$t1
+	pand	$Xn,$A
+	movdqu	0x20-0x80($ctx),$t2
+	pand	$Xn,$B
+	movdqu	0x40-0x80($ctx),$t3
+	pand	$Xn,$C
+	movdqu	0x60-0x80($ctx),$Xi
+	pand	$Xn,$D
+	paddd	$t1,$A
+	movdqu	0x80-0x80($ctx),$t1
+	pand	$Xn,$E
+	paddd	$t2,$B
+	movdqu	0xa0-0x80($ctx),$t2
+	pand	$Xn,$F
+	paddd	$t3,$C
+	movdqu	0xc0-0x80($ctx),$t3
+	pand	$Xn,$G
+	paddd	$Xi,$D
+	movdqu	0xe0-0x80($ctx),$Xi
+	pand	$Xn,$H
+	paddd	$t1,$E
+	paddd	$t2,$F
+	movdqu	$A,0x00-0x80($ctx)
+	paddd	$t3,$G
+	movdqu	$B,0x20-0x80($ctx)
+	paddd	$Xi,$H
+	movdqu	$C,0x40-0x80($ctx)
+	movdqu	$D,0x60-0x80($ctx)
+	movdqu	$E,0x80-0x80($ctx)
+	movdqu	$F,0xa0-0x80($ctx)
+	movdqu	$G,0xc0-0x80($ctx)
+	movdqu	$H,0xe0-0x80($ctx)
+
+	movdqa	$sigma,(%rbx)			# save counters
+	movdqa	.Lpbswap(%rip),$Xn
+	dec	$num
+	jnz	.Loop
+
+	mov	`$REG_SZ*17+8`(%rsp),$num
+	lea	$REG_SZ($ctx),$ctx
+	lea	`16*$REG_SZ/4`($inp),$inp
+	dec	$num
+	jnz	.Loop_grande
+
+.Ldone:
+	mov	`$REG_SZ*17`(%rsp),%rax		# original %rsp
+.cfi_def_cfa	%rax,8
+___
+$code.=<<___ if ($win64);
+	movaps	-0xb8(%rax),%xmm6
+	movaps	-0xa8(%rax),%xmm7
+	movaps	-0x98(%rax),%xmm8
+	movaps	-0x88(%rax),%xmm9
+	movaps	-0x78(%rax),%xmm10
+	movaps	-0x68(%rax),%xmm11
+	movaps	-0x58(%rax),%xmm12
+	movaps	-0x48(%rax),%xmm13
+	movaps	-0x38(%rax),%xmm14
+	movaps	-0x28(%rax),%xmm15
+___
+$code.=<<___;
+	mov	-16(%rax),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rax),%rbx
+.cfi_restore	%rbx
+	lea	(%rax),%rsp
+.cfi_def_cfa_register	%rsp
+.Lepilogue:
+	ret
+.cfi_endproc
+.size	sha256_multi_block,.-sha256_multi_block
+___
+						{{{
+my ($Wi,$TMP0,$TMP1,$TMPx,$ABEF0,$CDGH0,$ABEF1,$CDGH1)=map("%xmm$_",(0..3,12..15));
+my @MSG0=map("%xmm$_",(4..7));
+my @MSG1=map("%xmm$_",(8..11));
+
+$code.=<<___;
+.type	sha256_multi_block_shaext,\@function,3
+.align	32
+sha256_multi_block_shaext:
+.cfi_startproc
+_shaext_shortcut:
+	mov	%rsp,%rax
+.cfi_def_cfa_register	%rax
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+___
+$code.=<<___ if ($win64);
+	lea	-0xa8(%rsp),%rsp
+	movaps	%xmm6,(%rsp)
+	movaps	%xmm7,0x10(%rsp)
+	movaps	%xmm8,0x20(%rsp)
+	movaps	%xmm9,0x30(%rsp)
+	movaps	%xmm10,-0x78(%rax)
+	movaps	%xmm11,-0x68(%rax)
+	movaps	%xmm12,-0x58(%rax)
+	movaps	%xmm13,-0x48(%rax)
+	movaps	%xmm14,-0x38(%rax)
+	movaps	%xmm15,-0x28(%rax)
+___
+$code.=<<___;
+	sub	\$`$REG_SZ*18`,%rsp
+	shl	\$1,$num			# we process pair at a time
+	and	\$-256,%rsp
+	lea	0x80($ctx),$ctx			# size optimization
+	mov	%rax,`$REG_SZ*17`(%rsp)		# original %rsp
+.Lbody_shaext:
+	lea	`$REG_SZ*16`(%rsp),%rbx
+	lea	K256_shaext+0x80(%rip),$Tbl
+
+.Loop_grande_shaext:
+	mov	$num,`$REG_SZ*17+8`(%rsp)	# original $num
+	xor	$num,$num
+___
+for($i=0;$i<2;$i++) {
+    $code.=<<___;
+	mov	`16*$i+0`($inp),@ptr[$i]	# input pointer
+	mov	`16*$i+8`($inp),%ecx		# number of blocks
+	cmp	$num,%ecx
+	cmovg	%ecx,$num			# find maximum
+	test	%ecx,%ecx
+	mov	%ecx,`4*$i`(%rbx)		# initialize counters
+	cmovle	%rsp,@ptr[$i]			# cancel input
+___
+}
+$code.=<<___;
+	test	$num,$num
+	jz	.Ldone_shaext
+
+	movq		0x00-0x80($ctx),$ABEF0		# A1.A0
+	movq		0x20-0x80($ctx),@MSG0[0]	# B1.B0
+	movq		0x40-0x80($ctx),$CDGH0		# C1.C0
+	movq		0x60-0x80($ctx),@MSG0[1]	# D1.D0
+	movq		0x80-0x80($ctx),@MSG1[0]	# E1.E0
+	movq		0xa0-0x80($ctx),@MSG1[1]	# F1.F0
+	movq		0xc0-0x80($ctx),@MSG1[2]	# G1.G0
+	movq		0xe0-0x80($ctx),@MSG1[3]	# H1.H0
+
+	punpckldq	@MSG0[0],$ABEF0			# B1.A1.B0.A0
+	punpckldq	@MSG0[1],$CDGH0			# D1.C1.D0.C0
+	punpckldq	@MSG1[1],@MSG1[0]		# F1.E1.F0.E0
+	punpckldq	@MSG1[3],@MSG1[2]		# H1.G1.H0.G0
+	movdqa		K256_shaext-0x10(%rip),$TMPx	# byte swap
+
+	movdqa		$ABEF0,$ABEF1
+	movdqa		$CDGH0,$CDGH1
+	punpcklqdq	@MSG1[0],$ABEF0			# F0.E0.B0.A0
+	punpcklqdq	@MSG1[2],$CDGH0			# H0.G0.D0.C0
+	punpckhqdq	@MSG1[0],$ABEF1			# F1.E1.B1.A1
+	punpckhqdq	@MSG1[2],$CDGH1			# H1.G1.D1.C1
+
+	pshufd		\$0b00011011,$ABEF0,$ABEF0
+	pshufd		\$0b00011011,$CDGH0,$CDGH0
+	pshufd		\$0b00011011,$ABEF1,$ABEF1
+	pshufd		\$0b00011011,$CDGH1,$CDGH1
+	jmp		.Loop_shaext
+
+.align	32
+.Loop_shaext:
+	movdqu		0x00(@ptr[0]),@MSG0[0]
+	 movdqu		0x00(@ptr[1]),@MSG1[0]
+	movdqu		0x10(@ptr[0]),@MSG0[1]
+	 movdqu		0x10(@ptr[1]),@MSG1[1]
+	movdqu		0x20(@ptr[0]),@MSG0[2]
+	pshufb		$TMPx,@MSG0[0]
+	 movdqu		0x20(@ptr[1]),@MSG1[2]
+	 pshufb		$TMPx,@MSG1[0]
+	movdqu		0x30(@ptr[0]),@MSG0[3]
+	lea		0x40(@ptr[0]),@ptr[0]
+	 movdqu		0x30(@ptr[1]),@MSG1[3]
+	 lea		0x40(@ptr[1]),@ptr[1]
+
+	movdqa		0*16-0x80($Tbl),$Wi
+	pshufb		$TMPx,@MSG0[1]
+	paddd		@MSG0[0],$Wi
+	pxor		$ABEF0,@MSG0[0]		# black magic
+	movdqa		$Wi,$TMP0
+	 movdqa		0*16-0x80($Tbl),$TMP1
+	 pshufb		$TMPx,@MSG1[1]
+	 paddd		@MSG1[0],$TMP1
+	movdqa		$CDGH0,0x50(%rsp)	# offload
+	sha256rnds2	$ABEF0,$CDGH0		# 0-3
+	 pxor		$ABEF1,@MSG1[0]		# black magic
+	 movdqa		$TMP1,$Wi
+	 movdqa		$CDGH1,0x70(%rsp)
+	 sha256rnds2	$ABEF1,$CDGH1		# 0-3
+	pshufd		\$0x0e,$TMP0,$Wi
+	pxor		$ABEF0,@MSG0[0]		# black magic
+	movdqa		$ABEF0,0x40(%rsp)	# offload
+	sha256rnds2	$CDGH0,$ABEF0
+	 pshufd		\$0x0e,$TMP1,$Wi
+	 pxor		$ABEF1,@MSG1[0]		# black magic
+	 movdqa		$ABEF1,0x60(%rsp)
+	movdqa		1*16-0x80($Tbl),$TMP0
+	paddd		@MSG0[1],$TMP0
+	pshufb		$TMPx,@MSG0[2]
+	 sha256rnds2	$CDGH1,$ABEF1
+
+	movdqa		$TMP0,$Wi
+	 movdqa		1*16-0x80($Tbl),$TMP1
+	 paddd		@MSG1[1],$TMP1
+	sha256rnds2	$ABEF0,$CDGH0		# 4-7
+	 movdqa		$TMP1,$Wi
+	prefetcht0	127(@ptr[0])
+	pshufb		$TMPx,@MSG0[3]
+	 pshufb		$TMPx,@MSG1[2]
+	 prefetcht0	127(@ptr[1])
+	 sha256rnds2	$ABEF1,$CDGH1		# 4-7
+	pshufd		\$0x0e,$TMP0,$Wi
+	 pshufb		$TMPx,@MSG1[3]
+	sha256msg1	@MSG0[1],@MSG0[0]
+	sha256rnds2	$CDGH0,$ABEF0
+	 pshufd		\$0x0e,$TMP1,$Wi
+	movdqa		2*16-0x80($Tbl),$TMP0
+	paddd		@MSG0[2],$TMP0
+	 sha256rnds2	$CDGH1,$ABEF1
+
+	movdqa		$TMP0,$Wi
+	 movdqa		2*16-0x80($Tbl),$TMP1
+	 paddd		@MSG1[2],$TMP1
+	sha256rnds2	$ABEF0,$CDGH0		# 8-11
+	 sha256msg1	@MSG1[1],@MSG1[0]
+	 movdqa		$TMP1,$Wi
+	movdqa		@MSG0[3],$TMPx
+	 sha256rnds2	$ABEF1,$CDGH1		# 8-11
+	pshufd		\$0x0e,$TMP0,$Wi
+	palignr		\$4,@MSG0[2],$TMPx
+	paddd		$TMPx,@MSG0[0]
+	 movdqa		@MSG1[3],$TMPx
+	 palignr	\$4,@MSG1[2],$TMPx
+	sha256msg1	@MSG0[2],@MSG0[1]
+	sha256rnds2	$CDGH0,$ABEF0
+	 pshufd		\$0x0e,$TMP1,$Wi
+	movdqa		3*16-0x80($Tbl),$TMP0
+	paddd		@MSG0[3],$TMP0
+	 sha256rnds2	$CDGH1,$ABEF1
+	 sha256msg1	@MSG1[2],@MSG1[1]
+
+	movdqa		$TMP0,$Wi
+	 movdqa		3*16-0x80($Tbl),$TMP1
+	 paddd		$TMPx,@MSG1[0]
+	 paddd		@MSG1[3],$TMP1
+	sha256msg2	@MSG0[3],@MSG0[0]
+	sha256rnds2	$ABEF0,$CDGH0		# 12-15
+	 movdqa		$TMP1,$Wi
+	movdqa		@MSG0[0],$TMPx
+	palignr		\$4,@MSG0[3],$TMPx
+	 sha256rnds2	$ABEF1,$CDGH1		# 12-15
+	 sha256msg2	@MSG1[3],@MSG1[0]
+	pshufd		\$0x0e,$TMP0,$Wi
+	paddd		$TMPx,@MSG0[1]
+	 movdqa		@MSG1[0],$TMPx
+	 palignr	\$4,@MSG1[3],$TMPx
+	sha256msg1	@MSG0[3],@MSG0[2]
+	sha256rnds2	$CDGH0,$ABEF0
+	 pshufd		\$0x0e,$TMP1,$Wi
+	movdqa		4*16-0x80($Tbl),$TMP0
+	paddd		@MSG0[0],$TMP0
+	 sha256rnds2	$CDGH1,$ABEF1
+	 sha256msg1	@MSG1[3],@MSG1[2]
+___
+for($i=4;$i<16-3;$i++) {
+$code.=<<___;
+	movdqa		$TMP0,$Wi
+	 movdqa		$i*16-0x80($Tbl),$TMP1
+	 paddd		$TMPx,@MSG1[1]
+	 paddd		@MSG1[0],$TMP1
+	sha256msg2	@MSG0[0],@MSG0[1]
+	sha256rnds2	$ABEF0,$CDGH0		# 16-19...
+	 movdqa		$TMP1,$Wi
+	movdqa		@MSG0[1],$TMPx
+	palignr		\$4,@MSG0[0],$TMPx
+	 sha256rnds2	$ABEF1,$CDGH1		# 16-19...
+	 sha256msg2	@MSG1[0],@MSG1[1]
+	pshufd		\$0x0e,$TMP0,$Wi
+	paddd		$TMPx,@MSG0[2]
+	 movdqa		@MSG1[1],$TMPx
+	 palignr	\$4,@MSG1[0],$TMPx
+	sha256msg1	@MSG0[0],@MSG0[3]
+	sha256rnds2	$CDGH0,$ABEF0
+	 pshufd		\$0x0e,$TMP1,$Wi
+	movdqa		`($i+1)*16`-0x80($Tbl),$TMP0
+	paddd		@MSG0[1],$TMP0
+	 sha256rnds2	$CDGH1,$ABEF1
+	 sha256msg1	@MSG1[0],@MSG1[3]
+___
+	push(@MSG0,shift(@MSG0));	push(@MSG1,shift(@MSG1));
+}
+$code.=<<___;
+	movdqa		$TMP0,$Wi
+	 movdqa		13*16-0x80($Tbl),$TMP1
+	 paddd		$TMPx,@MSG1[1]
+	 paddd		@MSG1[0],$TMP1
+	sha256msg2	@MSG0[0],@MSG0[1]
+	sha256rnds2	$ABEF0,$CDGH0		# 52-55
+	 movdqa		$TMP1,$Wi
+	movdqa		@MSG0[1],$TMPx
+	palignr		\$4,@MSG0[0],$TMPx
+	 sha256rnds2	$ABEF1,$CDGH1		# 52-55
+	 sha256msg2	@MSG1[0],@MSG1[1]
+	pshufd		\$0x0e,$TMP0,$Wi
+	paddd		$TMPx,@MSG0[2]
+	 movdqa		@MSG1[1],$TMPx
+	 palignr	\$4,@MSG1[0],$TMPx
+	nop
+	sha256rnds2	$CDGH0,$ABEF0
+	 pshufd		\$0x0e,$TMP1,$Wi
+	movdqa		14*16-0x80($Tbl),$TMP0
+	paddd		@MSG0[1],$TMP0
+	 sha256rnds2	$CDGH1,$ABEF1
+
+	movdqa		$TMP0,$Wi
+	 movdqa		14*16-0x80($Tbl),$TMP1
+	 paddd		$TMPx,@MSG1[2]
+	 paddd		@MSG1[1],$TMP1
+	sha256msg2	@MSG0[1],@MSG0[2]
+	nop
+	sha256rnds2	$ABEF0,$CDGH0		# 56-59
+	 movdqa		$TMP1,$Wi
+	  mov		\$1,%ecx
+	  pxor		@MSG0[1],@MSG0[1]	# zero
+	 sha256rnds2	$ABEF1,$CDGH1		# 56-59
+	 sha256msg2	@MSG1[1],@MSG1[2]
+	pshufd		\$0x0e,$TMP0,$Wi
+	movdqa		15*16-0x80($Tbl),$TMP0
+	paddd		@MSG0[2],$TMP0
+	  movq		(%rbx),@MSG0[2]		# pull counters
+	  nop
+	sha256rnds2	$CDGH0,$ABEF0
+	 pshufd		\$0x0e,$TMP1,$Wi
+	 movdqa		15*16-0x80($Tbl),$TMP1
+	 paddd		@MSG1[2],$TMP1
+	 sha256rnds2	$CDGH1,$ABEF1
+
+	movdqa		$TMP0,$Wi
+	  cmp		4*0(%rbx),%ecx		# examine counters
+	  cmovge	%rsp,@ptr[0]		# cancel input
+	  cmp		4*1(%rbx),%ecx
+	  cmovge	%rsp,@ptr[1]
+	  pshufd	\$0x00,@MSG0[2],@MSG1[0]
+	sha256rnds2	$ABEF0,$CDGH0		# 60-63
+	 movdqa		$TMP1,$Wi
+	  pshufd	\$0x55,@MSG0[2],@MSG1[1]
+	  movdqa	@MSG0[2],@MSG1[2]
+	 sha256rnds2	$ABEF1,$CDGH1		# 60-63
+	pshufd		\$0x0e,$TMP0,$Wi
+	  pcmpgtd	@MSG0[1],@MSG1[0]
+	  pcmpgtd	@MSG0[1],@MSG1[1]
+	sha256rnds2	$CDGH0,$ABEF0
+	 pshufd		\$0x0e,$TMP1,$Wi
+	  pcmpgtd	@MSG0[1],@MSG1[2]	# counter mask
+	  movdqa	K256_shaext-0x10(%rip),$TMPx
+	 sha256rnds2	$CDGH1,$ABEF1
+
+	pand		@MSG1[0],$CDGH0
+	 pand		@MSG1[1],$CDGH1
+	pand		@MSG1[0],$ABEF0
+	 pand		@MSG1[1],$ABEF1
+	paddd		@MSG0[2],@MSG1[2]	# counters--
+
+	paddd		0x50(%rsp),$CDGH0
+	 paddd		0x70(%rsp),$CDGH1
+	paddd		0x40(%rsp),$ABEF0
+	 paddd		0x60(%rsp),$ABEF1
+
+	movq		@MSG1[2],(%rbx)		# save counters
+	dec		$num
+	jnz		.Loop_shaext
+
+	mov		`$REG_SZ*17+8`(%rsp),$num
+
+	pshufd		\$0b00011011,$ABEF0,$ABEF0
+	pshufd		\$0b00011011,$CDGH0,$CDGH0
+	pshufd		\$0b00011011,$ABEF1,$ABEF1
+	pshufd		\$0b00011011,$CDGH1,$CDGH1
+
+	movdqa		$ABEF0,@MSG0[0]
+	movdqa		$CDGH0,@MSG0[1]
+	punpckldq	$ABEF1,$ABEF0			# B1.B0.A1.A0
+	punpckhdq	$ABEF1,@MSG0[0]			# F1.F0.E1.E0
+	punpckldq	$CDGH1,$CDGH0			# D1.D0.C1.C0
+	punpckhdq	$CDGH1,@MSG0[1]			# H1.H0.G1.G0
+
+	movq		$ABEF0,0x00-0x80($ctx)		# A1.A0
+	psrldq		\$8,$ABEF0
+	movq		@MSG0[0],0x80-0x80($ctx)	# E1.E0
+	psrldq		\$8,@MSG0[0]
+	movq		$ABEF0,0x20-0x80($ctx)		# B1.B0
+	movq		@MSG0[0],0xa0-0x80($ctx)	# F1.F0
+
+	movq		$CDGH0,0x40-0x80($ctx)		# C1.C0
+	psrldq		\$8,$CDGH0
+	movq		@MSG0[1],0xc0-0x80($ctx)	# G1.G0
+	psrldq		\$8,@MSG0[1]
+	movq		$CDGH0,0x60-0x80($ctx)		# D1.D0
+	movq		@MSG0[1],0xe0-0x80($ctx)	# H1.H0
+
+	lea	`$REG_SZ/2`($ctx),$ctx
+	lea	`16*2`($inp),$inp
+	dec	$num
+	jnz	.Loop_grande_shaext
+
+.Ldone_shaext:
+	#mov	`$REG_SZ*17`(%rsp),%rax		# original %rsp
+___
+$code.=<<___ if ($win64);
+	movaps	-0xb8(%rax),%xmm6
+	movaps	-0xa8(%rax),%xmm7
+	movaps	-0x98(%rax),%xmm8
+	movaps	-0x88(%rax),%xmm9
+	movaps	-0x78(%rax),%xmm10
+	movaps	-0x68(%rax),%xmm11
+	movaps	-0x58(%rax),%xmm12
+	movaps	-0x48(%rax),%xmm13
+	movaps	-0x38(%rax),%xmm14
+	movaps	-0x28(%rax),%xmm15
+___
+$code.=<<___;
+	mov	-16(%rax),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rax),%rbx
+.cfi_restore	%rbx
+	lea	(%rax),%rsp
+.cfi_def_cfa_register	%rsp
+.Lepilogue_shaext:
+	ret
+.cfi_endproc
+.size	sha256_multi_block_shaext,.-sha256_multi_block_shaext
+___
+						}}}
+						if ($avx) {{{
+sub ROUND_00_15_avx {
+my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_;
+
+$code.=<<___ if ($i<15 && $REG_SZ==16);
+	vmovd		`4*$i`(@ptr[0]),$Xi
+	vmovd		`4*$i`(@ptr[1]),$t1
+	vpinsrd		\$1,`4*$i`(@ptr[2]),$Xi,$Xi
+	vpinsrd		\$1,`4*$i`(@ptr[3]),$t1,$t1
+	vpunpckldq	$t1,$Xi,$Xi
+	vpshufb		$Xn,$Xi,$Xi
+___
+$code.=<<___ if ($i==15 && $REG_SZ==16);
+	vmovd		`4*$i`(@ptr[0]),$Xi
+	 lea		`16*4`(@ptr[0]),@ptr[0]
+	vmovd		`4*$i`(@ptr[1]),$t1
+	 lea		`16*4`(@ptr[1]),@ptr[1]
+	vpinsrd		\$1,`4*$i`(@ptr[2]),$Xi,$Xi
+	 lea		`16*4`(@ptr[2]),@ptr[2]
+	vpinsrd		\$1,`4*$i`(@ptr[3]),$t1,$t1
+	 lea		`16*4`(@ptr[3]),@ptr[3]
+	vpunpckldq	$t1,$Xi,$Xi
+	vpshufb		$Xn,$Xi,$Xi
+___
+$code.=<<___ if ($i<15 && $REG_SZ==32);
+	vmovd		`4*$i`(@ptr[0]),$Xi
+	vmovd		`4*$i`(@ptr[4]),$t1
+	vmovd		`4*$i`(@ptr[1]),$t2
+	vmovd		`4*$i`(@ptr[5]),$t3
+	vpinsrd		\$1,`4*$i`(@ptr[2]),$Xi,$Xi
+	vpinsrd		\$1,`4*$i`(@ptr[6]),$t1,$t1
+	vpinsrd		\$1,`4*$i`(@ptr[3]),$t2,$t2
+	vpunpckldq	$t2,$Xi,$Xi
+	vpinsrd		\$1,`4*$i`(@ptr[7]),$t3,$t3
+	vpunpckldq	$t3,$t1,$t1
+	vinserti128	$t1,$Xi,$Xi
+	vpshufb		$Xn,$Xi,$Xi
+___
+$code.=<<___ if ($i==15 && $REG_SZ==32);
+	vmovd		`4*$i`(@ptr[0]),$Xi
+	 lea		`16*4`(@ptr[0]),@ptr[0]
+	vmovd		`4*$i`(@ptr[4]),$t1
+	 lea		`16*4`(@ptr[4]),@ptr[4]
+	vmovd		`4*$i`(@ptr[1]),$t2
+	 lea		`16*4`(@ptr[1]),@ptr[1]
+	vmovd		`4*$i`(@ptr[5]),$t3
+	 lea		`16*4`(@ptr[5]),@ptr[5]
+	vpinsrd		\$1,`4*$i`(@ptr[2]),$Xi,$Xi
+	 lea		`16*4`(@ptr[2]),@ptr[2]
+	vpinsrd		\$1,`4*$i`(@ptr[6]),$t1,$t1
+	 lea		`16*4`(@ptr[6]),@ptr[6]
+	vpinsrd		\$1,`4*$i`(@ptr[3]),$t2,$t2
+	 lea		`16*4`(@ptr[3]),@ptr[3]
+	vpunpckldq	$t2,$Xi,$Xi
+	vpinsrd		\$1,`4*$i`(@ptr[7]),$t3,$t3
+	 lea		`16*4`(@ptr[7]),@ptr[7]
+	vpunpckldq	$t3,$t1,$t1
+	vinserti128	$t1,$Xi,$Xi
+	vpshufb		$Xn,$Xi,$Xi
+___
+$code.=<<___;
+	vpsrld	\$6,$e,$sigma
+	vpslld	\$26,$e,$t3
+	vmovdqu	$Xi,`&Xi_off($i)`
+	 vpaddd	$h,$Xi,$Xi			# Xi+=h
+
+	vpsrld	\$11,$e,$t2
+	vpxor	$t3,$sigma,$sigma
+	vpslld	\$21,$e,$t3
+	 vpaddd	`32*($i%8)-128`($Tbl),$Xi,$Xi	# Xi+=K[round]
+	vpxor	$t2,$sigma,$sigma
+
+	vpsrld	\$25,$e,$t2
+	vpxor	$t3,$sigma,$sigma
+	 `"prefetcht0	63(@ptr[0])"		if ($i==15)`
+	vpslld	\$7,$e,$t3
+	 vpandn	$g,$e,$t1
+	 vpand	$f,$e,$axb			# borrow $axb
+	 `"prefetcht0	63(@ptr[1])"		if ($i==15)`
+	vpxor	$t2,$sigma,$sigma
+
+	vpsrld	\$2,$a,$h			# borrow $h
+	vpxor	$t3,$sigma,$sigma		# Sigma1(e)
+	 `"prefetcht0	63(@ptr[2])"		if ($i==15)`
+	vpslld	\$30,$a,$t2
+	 vpxor	$axb,$t1,$t1			# Ch(e,f,g)
+	 vpxor	$a,$b,$axb			# a^b, b^c in next round
+	 `"prefetcht0	63(@ptr[3])"		if ($i==15)`
+	vpxor	$t2,$h,$h
+	vpaddd	$sigma,$Xi,$Xi			# Xi+=Sigma1(e)
+
+	vpsrld	\$13,$a,$t2
+	 `"prefetcht0	63(@ptr[4])"		if ($i==15 && $REG_SZ==32)`
+	vpslld	\$19,$a,$t3
+	 vpaddd	$t1,$Xi,$Xi			# Xi+=Ch(e,f,g)
+	 vpand	$axb,$bxc,$bxc
+	 `"prefetcht0	63(@ptr[5])"		if ($i==15 && $REG_SZ==32)`
+	vpxor	$t2,$h,$sigma
+
+	vpsrld	\$22,$a,$t2
+	vpxor	$t3,$sigma,$sigma
+	 `"prefetcht0	63(@ptr[6])"		if ($i==15 && $REG_SZ==32)`
+	vpslld	\$10,$a,$t3
+	 vpxor	$bxc,$b,$h			# h=Maj(a,b,c)=Ch(a^b,c,b)
+	 vpaddd	$Xi,$d,$d			# d+=Xi
+	 `"prefetcht0	63(@ptr[7])"		if ($i==15 && $REG_SZ==32)`
+	vpxor	$t2,$sigma,$sigma
+	vpxor	$t3,$sigma,$sigma		# Sigma0(a)
+
+	vpaddd	$Xi,$h,$h			# h+=Xi
+	vpaddd	$sigma,$h,$h			# h+=Sigma0(a)
+___
+$code.=<<___ if (($i%8)==7);
+	add	\$`32*8`,$Tbl
+___
+	($axb,$bxc)=($bxc,$axb);
+}
+
+sub ROUND_16_XX_avx {
+my $i=shift;
+
+$code.=<<___;
+	vmovdqu	`&Xi_off($i+1)`,$Xn
+	vpaddd	`&Xi_off($i+9)`,$Xi,$Xi		# Xi+=X[i+9]
+
+	vpsrld	\$3,$Xn,$sigma
+	vpsrld	\$7,$Xn,$t2
+	vpslld	\$25,$Xn,$t3
+	vpxor	$t2,$sigma,$sigma
+	vpsrld	\$18,$Xn,$t2
+	vpxor	$t3,$sigma,$sigma
+	vpslld	\$14,$Xn,$t3
+	vmovdqu	`&Xi_off($i+14)`,$t1
+	vpsrld	\$10,$t1,$axb			# borrow $axb
+
+	vpxor	$t2,$sigma,$sigma
+	vpsrld	\$17,$t1,$t2
+	vpxor	$t3,$sigma,$sigma		# sigma0(X[i+1])
+	vpslld	\$15,$t1,$t3
+	 vpaddd	$sigma,$Xi,$Xi			# Xi+=sigma0(e)
+	vpxor	$t2,$axb,$sigma
+	vpsrld	\$19,$t1,$t2
+	vpxor	$t3,$sigma,$sigma
+	vpslld	\$13,$t1,$t3
+	vpxor	$t2,$sigma,$sigma
+	vpxor	$t3,$sigma,$sigma		# sigma0(X[i+14])
+	vpaddd	$sigma,$Xi,$Xi			# Xi+=sigma1(X[i+14])
+___
+	&ROUND_00_15_avx($i,@_);
+	($Xi,$Xn)=($Xn,$Xi);
+}
+
+$code.=<<___;
+.type	sha256_multi_block_avx,\@function,3
+.align	32
+sha256_multi_block_avx:
+.cfi_startproc
+_avx_shortcut:
+___
+$code.=<<___ if ($avx>1);
+	shr	\$32,%rcx
+	cmp	\$2,$num
+	jb	.Lavx
+	test	\$`1<<5`,%ecx
+	jnz	_avx2_shortcut
+	jmp	.Lavx
+.align	32
+.Lavx:
+___
+$code.=<<___;
+	mov	%rsp,%rax
+.cfi_def_cfa_register	%rax
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+___
+$code.=<<___ if ($win64);
+	lea	-0xa8(%rsp),%rsp
+	movaps	%xmm6,(%rsp)
+	movaps	%xmm7,0x10(%rsp)
+	movaps	%xmm8,0x20(%rsp)
+	movaps	%xmm9,0x30(%rsp)
+	movaps	%xmm10,-0x78(%rax)
+	movaps	%xmm11,-0x68(%rax)
+	movaps	%xmm12,-0x58(%rax)
+	movaps	%xmm13,-0x48(%rax)
+	movaps	%xmm14,-0x38(%rax)
+	movaps	%xmm15,-0x28(%rax)
+___
+$code.=<<___;
+	sub	\$`$REG_SZ*18`, %rsp
+	and	\$-256,%rsp
+	mov	%rax,`$REG_SZ*17`(%rsp)		# original %rsp
+.cfi_cfa_expression	%rsp+`$REG_SZ*17`,deref,+8
+.Lbody_avx:
+	lea	K256+128(%rip),$Tbl
+	lea	`$REG_SZ*16`(%rsp),%rbx
+	lea	0x80($ctx),$ctx			# size optimization
+
+.Loop_grande_avx:
+	mov	$num,`$REG_SZ*17+8`(%rsp)	# original $num
+	xor	$num,$num
+___
+for($i=0;$i<4;$i++) {
+    $code.=<<___;
+	mov	`16*$i+0`($inp),@ptr[$i]	# input pointer
+	mov	`16*$i+8`($inp),%ecx		# number of blocks
+	cmp	$num,%ecx
+	cmovg	%ecx,$num			# find maximum
+	test	%ecx,%ecx
+	mov	%ecx,`4*$i`(%rbx)		# initialize counters
+	cmovle	$Tbl,@ptr[$i]			# cancel input
+___
+}
+$code.=<<___;
+	test	$num,$num
+	jz	.Ldone_avx
+
+	vmovdqu	0x00-0x80($ctx),$A		# load context
+	 lea	128(%rsp),%rax
+	vmovdqu	0x20-0x80($ctx),$B
+	vmovdqu	0x40-0x80($ctx),$C
+	vmovdqu	0x60-0x80($ctx),$D
+	vmovdqu	0x80-0x80($ctx),$E
+	vmovdqu	0xa0-0x80($ctx),$F
+	vmovdqu	0xc0-0x80($ctx),$G
+	vmovdqu	0xe0-0x80($ctx),$H
+	vmovdqu	.Lpbswap(%rip),$Xn
+	jmp	.Loop_avx
+
+.align	32
+.Loop_avx:
+	vpxor	$B,$C,$bxc			# magic seed
+___
+for($i=0;$i<16;$i++)	{ &ROUND_00_15_avx($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	vmovdqu	`&Xi_off($i)`,$Xi
+	mov	\$3,%ecx
+	jmp	.Loop_16_xx_avx
+.align	32
+.Loop_16_xx_avx:
+___
+for(;$i<32;$i++)	{ &ROUND_16_XX_avx($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	dec	%ecx
+	jnz	.Loop_16_xx_avx
+
+	mov	\$1,%ecx
+	lea	K256+128(%rip),$Tbl
+___
+for($i=0;$i<4;$i++) {
+    $code.=<<___;
+	cmp	`4*$i`(%rbx),%ecx		# examine counters
+	cmovge	$Tbl,@ptr[$i]			# cancel input
+___
+}
+$code.=<<___;
+	vmovdqa	(%rbx),$sigma			# pull counters
+	vpxor	$t1,$t1,$t1
+	vmovdqa	$sigma,$Xn
+	vpcmpgtd $t1,$Xn,$Xn			# mask value
+	vpaddd	$Xn,$sigma,$sigma		# counters--
+
+	vmovdqu	0x00-0x80($ctx),$t1
+	vpand	$Xn,$A,$A
+	vmovdqu	0x20-0x80($ctx),$t2
+	vpand	$Xn,$B,$B
+	vmovdqu	0x40-0x80($ctx),$t3
+	vpand	$Xn,$C,$C
+	vmovdqu	0x60-0x80($ctx),$Xi
+	vpand	$Xn,$D,$D
+	vpaddd	$t1,$A,$A
+	vmovdqu	0x80-0x80($ctx),$t1
+	vpand	$Xn,$E,$E
+	vpaddd	$t2,$B,$B
+	vmovdqu	0xa0-0x80($ctx),$t2
+	vpand	$Xn,$F,$F
+	vpaddd	$t3,$C,$C
+	vmovdqu	0xc0-0x80($ctx),$t3
+	vpand	$Xn,$G,$G
+	vpaddd	$Xi,$D,$D
+	vmovdqu	0xe0-0x80($ctx),$Xi
+	vpand	$Xn,$H,$H
+	vpaddd	$t1,$E,$E
+	vpaddd	$t2,$F,$F
+	vmovdqu	$A,0x00-0x80($ctx)
+	vpaddd	$t3,$G,$G
+	vmovdqu	$B,0x20-0x80($ctx)
+	vpaddd	$Xi,$H,$H
+	vmovdqu	$C,0x40-0x80($ctx)
+	vmovdqu	$D,0x60-0x80($ctx)
+	vmovdqu	$E,0x80-0x80($ctx)
+	vmovdqu	$F,0xa0-0x80($ctx)
+	vmovdqu	$G,0xc0-0x80($ctx)
+	vmovdqu	$H,0xe0-0x80($ctx)
+
+	vmovdqu	$sigma,(%rbx)			# save counters
+	vmovdqu	.Lpbswap(%rip),$Xn
+	dec	$num
+	jnz	.Loop_avx
+
+	mov	`$REG_SZ*17+8`(%rsp),$num
+	lea	$REG_SZ($ctx),$ctx
+	lea	`16*$REG_SZ/4`($inp),$inp
+	dec	$num
+	jnz	.Loop_grande_avx
+
+.Ldone_avx:
+	mov	`$REG_SZ*17`(%rsp),%rax		# original %rsp
+.cfi_def_cfa	%rax,8
+	vzeroupper
+___
+$code.=<<___ if ($win64);
+	movaps	-0xb8(%rax),%xmm6
+	movaps	-0xa8(%rax),%xmm7
+	movaps	-0x98(%rax),%xmm8
+	movaps	-0x88(%rax),%xmm9
+	movaps	-0x78(%rax),%xmm10
+	movaps	-0x68(%rax),%xmm11
+	movaps	-0x58(%rax),%xmm12
+	movaps	-0x48(%rax),%xmm13
+	movaps	-0x38(%rax),%xmm14
+	movaps	-0x28(%rax),%xmm15
+___
+$code.=<<___;
+	mov	-16(%rax),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rax),%rbx
+.cfi_restore	%rbx
+	lea	(%rax),%rsp
+.cfi_def_cfa_register	%rsp
+.Lepilogue_avx:
+	ret
+.cfi_endproc
+.size	sha256_multi_block_avx,.-sha256_multi_block_avx
+___
+						if ($avx>1) {
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+
+$REG_SZ=32;
+@ptr=map("%r$_",(12..15,8..11));
+
+@V=($A,$B,$C,$D,$E,$F,$G,$H)=map("%ymm$_",(8..15));
+($t1,$t2,$t3,$axb,$bxc,$Xi,$Xn,$sigma)=map("%ymm$_",(0..7));
+
+$code.=<<___;
+.type	sha256_multi_block_avx2,\@function,3
+.align	32
+sha256_multi_block_avx2:
+.cfi_startproc
+_avx2_shortcut:
+	mov	%rsp,%rax
+.cfi_def_cfa_register	%rax
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+___
+$code.=<<___ if ($win64);
+	lea	-0xa8(%rsp),%rsp
+	movaps	%xmm6,(%rsp)
+	movaps	%xmm7,0x10(%rsp)
+	movaps	%xmm8,0x20(%rsp)
+	movaps	%xmm9,0x30(%rsp)
+	movaps	%xmm10,0x40(%rsp)
+	movaps	%xmm11,0x50(%rsp)
+	movaps	%xmm12,-0x78(%rax)
+	movaps	%xmm13,-0x68(%rax)
+	movaps	%xmm14,-0x58(%rax)
+	movaps	%xmm15,-0x48(%rax)
+___
+$code.=<<___;
+	sub	\$`$REG_SZ*18`, %rsp
+	and	\$-256,%rsp
+	mov	%rax,`$REG_SZ*17`(%rsp)		# original %rsp
+.cfi_cfa_expression	%rsp+`$REG_SZ*17`,deref,+8
+.Lbody_avx2:
+	lea	K256+128(%rip),$Tbl
+	lea	0x80($ctx),$ctx			# size optimization
+
+.Loop_grande_avx2:
+	mov	$num,`$REG_SZ*17+8`(%rsp)	# original $num
+	xor	$num,$num
+	lea	`$REG_SZ*16`(%rsp),%rbx
+___
+for($i=0;$i<8;$i++) {
+    $code.=<<___;
+	mov	`16*$i+0`($inp),@ptr[$i]	# input pointer
+	mov	`16*$i+8`($inp),%ecx		# number of blocks
+	cmp	$num,%ecx
+	cmovg	%ecx,$num			# find maximum
+	test	%ecx,%ecx
+	mov	%ecx,`4*$i`(%rbx)		# initialize counters
+	cmovle	$Tbl,@ptr[$i]			# cancel input
+___
+}
+$code.=<<___;
+	vmovdqu	0x00-0x80($ctx),$A		# load context
+	 lea	128(%rsp),%rax
+	vmovdqu	0x20-0x80($ctx),$B
+	 lea	256+128(%rsp),%rbx
+	vmovdqu	0x40-0x80($ctx),$C
+	vmovdqu	0x60-0x80($ctx),$D
+	vmovdqu	0x80-0x80($ctx),$E
+	vmovdqu	0xa0-0x80($ctx),$F
+	vmovdqu	0xc0-0x80($ctx),$G
+	vmovdqu	0xe0-0x80($ctx),$H
+	vmovdqu	.Lpbswap(%rip),$Xn
+	jmp	.Loop_avx2
+
+.align	32
+.Loop_avx2:
+	vpxor	$B,$C,$bxc			# magic seed
+___
+for($i=0;$i<16;$i++)	{ &ROUND_00_15_avx($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	vmovdqu	`&Xi_off($i)`,$Xi
+	mov	\$3,%ecx
+	jmp	.Loop_16_xx_avx2
+.align	32
+.Loop_16_xx_avx2:
+___
+for(;$i<32;$i++)	{ &ROUND_16_XX_avx($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	dec	%ecx
+	jnz	.Loop_16_xx_avx2
+
+	mov	\$1,%ecx
+	lea	`$REG_SZ*16`(%rsp),%rbx
+	lea	K256+128(%rip),$Tbl
+___
+for($i=0;$i<8;$i++) {
+    $code.=<<___;
+	cmp	`4*$i`(%rbx),%ecx		# examine counters
+	cmovge	$Tbl,@ptr[$i]			# cancel input
+___
+}
+$code.=<<___;
+	vmovdqa	(%rbx),$sigma			# pull counters
+	vpxor	$t1,$t1,$t1
+	vmovdqa	$sigma,$Xn
+	vpcmpgtd $t1,$Xn,$Xn			# mask value
+	vpaddd	$Xn,$sigma,$sigma		# counters--
+
+	vmovdqu	0x00-0x80($ctx),$t1
+	vpand	$Xn,$A,$A
+	vmovdqu	0x20-0x80($ctx),$t2
+	vpand	$Xn,$B,$B
+	vmovdqu	0x40-0x80($ctx),$t3
+	vpand	$Xn,$C,$C
+	vmovdqu	0x60-0x80($ctx),$Xi
+	vpand	$Xn,$D,$D
+	vpaddd	$t1,$A,$A
+	vmovdqu	0x80-0x80($ctx),$t1
+	vpand	$Xn,$E,$E
+	vpaddd	$t2,$B,$B
+	vmovdqu	0xa0-0x80($ctx),$t2
+	vpand	$Xn,$F,$F
+	vpaddd	$t3,$C,$C
+	vmovdqu	0xc0-0x80($ctx),$t3
+	vpand	$Xn,$G,$G
+	vpaddd	$Xi,$D,$D
+	vmovdqu	0xe0-0x80($ctx),$Xi
+	vpand	$Xn,$H,$H
+	vpaddd	$t1,$E,$E
+	vpaddd	$t2,$F,$F
+	vmovdqu	$A,0x00-0x80($ctx)
+	vpaddd	$t3,$G,$G
+	vmovdqu	$B,0x20-0x80($ctx)
+	vpaddd	$Xi,$H,$H
+	vmovdqu	$C,0x40-0x80($ctx)
+	vmovdqu	$D,0x60-0x80($ctx)
+	vmovdqu	$E,0x80-0x80($ctx)
+	vmovdqu	$F,0xa0-0x80($ctx)
+	vmovdqu	$G,0xc0-0x80($ctx)
+	vmovdqu	$H,0xe0-0x80($ctx)
+
+	vmovdqu	$sigma,(%rbx)			# save counters
+	lea	256+128(%rsp),%rbx
+	vmovdqu	.Lpbswap(%rip),$Xn
+	dec	$num
+	jnz	.Loop_avx2
+
+	#mov	`$REG_SZ*17+8`(%rsp),$num
+	#lea	$REG_SZ($ctx),$ctx
+	#lea	`16*$REG_SZ/4`($inp),$inp
+	#dec	$num
+	#jnz	.Loop_grande_avx2
+
+.Ldone_avx2:
+	mov	`$REG_SZ*17`(%rsp),%rax		# original %rsp
+.cfi_def_cfa	%rax,8
+	vzeroupper
+___
+$code.=<<___ if ($win64);
+	movaps	-0xd8(%rax),%xmm6
+	movaps	-0xc8(%rax),%xmm7
+	movaps	-0xb8(%rax),%xmm8
+	movaps	-0xa8(%rax),%xmm9
+	movaps	-0x98(%rax),%xmm10
+	movaps	-0x88(%rax),%xmm11
+	movaps	-0x78(%rax),%xmm12
+	movaps	-0x68(%rax),%xmm13
+	movaps	-0x58(%rax),%xmm14
+	movaps	-0x48(%rax),%xmm15
+___
+$code.=<<___;
+	mov	-48(%rax),%r15
+.cfi_restore	%r15
+	mov	-40(%rax),%r14
+.cfi_restore	%r14
+	mov	-32(%rax),%r13
+.cfi_restore	%r13
+	mov	-24(%rax),%r12
+.cfi_restore	%r12
+	mov	-16(%rax),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rax),%rbx
+.cfi_restore	%rbx
+	lea	(%rax),%rsp
+.cfi_def_cfa_register	%rsp
+.Lepilogue_avx2:
+	ret
+.cfi_endproc
+.size	sha256_multi_block_avx2,.-sha256_multi_block_avx2
+___
+					}	}}}
+$code.=<<___;
+.align	256
+K256:
+___
+sub TABLE {
+    foreach (@_) {
+	$code.=<<___;
+	.long	$_,$_,$_,$_
+	.long	$_,$_,$_,$_
+___
+    }
+}
+&TABLE(	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5,
+	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5,
+	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3,
+	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174,
+	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc,
+	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da,
+	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7,
+	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967,
+	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13,
+	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85,
+	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3,
+	0xd192e819,0xd6990624,0xf40e3585,0x106aa070,
+	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5,
+	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3,
+	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208,
+	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2 );
+$code.=<<___;
+.Lpbswap:
+	.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f	# pbswap
+	.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f	# pbswap
+K256_shaext:
+	.long	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
+	.long	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
+	.long	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
+	.long	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
+	.long	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
+	.long	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
+	.long	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
+	.long	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
+	.long	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
+	.long	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
+	.long	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
+	.long	0xd192e819,0xd6990624,0xf40e3585,0x106aa070
+	.long	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
+	.long	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
+	.long	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
+	.long	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
+	.asciz	"SHA256 multi-block transform for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+if ($win64) {
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern	__imp_RtlVirtualUnwind
+.type	se_handler,\@abi-omnipotent
+.align	16
+se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# end of prologue label
+	cmp	%r10,%rbx		# context->Rip<.Lbody
+	jb	.Lin_prologue
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=.Lepilogue
+	jae	.Lin_prologue
+
+	mov	`16*17`(%rax),%rax	# pull saved stack pointer
+
+	mov	-8(%rax),%rbx
+	mov	-16(%rax),%rbp
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+
+	lea	-24-10*16(%rax),%rsi
+	lea	512($context),%rdi	# &context.Xmm6
+	mov	\$20,%ecx
+	.long	0xa548f3fc		# cld; rep movsq
+
+.Lin_prologue:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$154,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	se_handler,.-se_handler
+___
+$code.=<<___ if ($avx>1);
+.type	avx2_handler,\@abi-omnipotent
+.align	16
+avx2_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# end of prologue label
+	cmp	%r10,%rbx		# context->Rip<body label
+	jb	.Lin_prologue
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lin_prologue
+
+	mov	`32*17`($context),%rax	# pull saved stack pointer
+
+	mov	-8(%rax),%rbx
+	mov	-16(%rax),%rbp
+	mov	-24(%rax),%r12
+	mov	-32(%rax),%r13
+	mov	-40(%rax),%r14
+	mov	-48(%rax),%r15
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+	mov	%r14,232($context)	# restore context->R14
+	mov	%r15,240($context)	# restore context->R15
+
+	lea	-56-10*16(%rax),%rsi
+	lea	512($context),%rdi	# &context.Xmm6
+	mov	\$20,%ecx
+	.long	0xa548f3fc		# cld; rep movsq
+
+	jmp	.Lin_prologue
+.size	avx2_handler,.-avx2_handler
+___
+$code.=<<___;
+.section	.pdata
+.align	4
+	.rva	.LSEH_begin_sha256_multi_block
+	.rva	.LSEH_end_sha256_multi_block
+	.rva	.LSEH_info_sha256_multi_block
+	.rva	.LSEH_begin_sha256_multi_block_shaext
+	.rva	.LSEH_end_sha256_multi_block_shaext
+	.rva	.LSEH_info_sha256_multi_block_shaext
+___
+$code.=<<___ if ($avx);
+	.rva	.LSEH_begin_sha256_multi_block_avx
+	.rva	.LSEH_end_sha256_multi_block_avx
+	.rva	.LSEH_info_sha256_multi_block_avx
+___
+$code.=<<___ if ($avx>1);
+	.rva	.LSEH_begin_sha256_multi_block_avx2
+	.rva	.LSEH_end_sha256_multi_block_avx2
+	.rva	.LSEH_info_sha256_multi_block_avx2
+___
+$code.=<<___;
+.section	.xdata
+.align	8
+.LSEH_info_sha256_multi_block:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lbody,.Lepilogue			# HandlerData[]
+.LSEH_info_sha256_multi_block_shaext:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lbody_shaext,.Lepilogue_shaext		# HandlerData[]
+___
+$code.=<<___ if ($avx);
+.LSEH_info_sha256_multi_block_avx:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lbody_avx,.Lepilogue_avx		# HandlerData[]
+___
+$code.=<<___ if ($avx>1);
+.LSEH_info_sha256_multi_block_avx2:
+	.byte	9,0,0,0
+	.rva	avx2_handler
+	.rva	.Lbody_avx2,.Lepilogue_avx2		# HandlerData[]
+___
+}
+####################################################################
+
+sub rex {
+  local *opcode=shift;
+  my ($dst,$src)=@_;
+  my $rex=0;
+
+    $rex|=0x04			if ($dst>=8);
+    $rex|=0x01			if ($src>=8);
+    unshift @opcode,$rex|0x40	if ($rex);
+}
+
+sub sha256op38 {
+    my $instr = shift;
+    my %opcodelet = (
+		"sha256rnds2" => 0xcb,
+  		"sha256msg1"  => 0xcc,
+		"sha256msg2"  => 0xcd	);
+
+    if (defined($opcodelet{$instr}) && @_[0] =~ /%xmm([0-9]+),\s*%xmm([0-9]+)/) {
+      my @opcode=(0x0f,0x38);
+	rex(\@opcode,$2,$1);
+	push @opcode,$opcodelet{$instr};
+	push @opcode,0xc0|($1&7)|(($2&7)<<3);		# ModR/M
+	return ".byte\t".join(',',@opcode);
+    } else {
+	return $instr."\t".@_[0];
+    }
+}
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval($1)/ge;
+
+	s/\b(sha256[^\s]*)\s+(.*)/sha256op38($1,$2)/geo		or
+
+	s/\b(vmov[dq])\b(.+)%ymm([0-9]+)/$1$2%xmm$3/go		or
+	s/\b(vmovdqu)\b(.+)%x%ymm([0-9]+)/$1$2%xmm$3/go		or
+	s/\b(vpinsr[qd])\b(.+)%ymm([0-9]+),%ymm([0-9]+)/$1$2%xmm$3,%xmm$4/go	or
+	s/\b(vpextr[qd])\b(.+)%ymm([0-9]+)/$1$2%xmm$3/go	or
+	s/\b(vinserti128)\b(\s+)%ymm/$1$2\$1,%xmm/go		or
+	s/\b(vpbroadcast[qd]\s+)%ymm([0-9]+)/$1%xmm$2/go;
+
+	print $_,"\n";
+}
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-586.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-586.pl
new file mode 100644
index 000000000..867ce30b9
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-586.pl
@@ -0,0 +1,925 @@
+#! /usr/bin/env perl
+# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# SHA512 block transform for x86. September 2007.
+#
+# May 2013.
+#
+# Add SSSE3 code path, 20-25% improvement [over original SSE2 code].
+#
+# Performance in clock cycles per processed byte (less is better):
+#
+#		gcc	icc	x86 asm	SIMD(*)	x86_64(**)
+# Pentium	100	97	61	-	-
+# PIII		75	77	56	-	-
+# P4		116	95	82	34.6	30.8
+# AMD K8	54	55	36	20.7	9.57
+# Core2		66	57	40	15.9	9.97
+# Westmere	70	-	38	12.2	9.58
+# Sandy Bridge	58	-	35	11.9	11.2
+# Ivy Bridge	50	-	33	11.5	8.17
+# Haswell	46	-	29	11.3	7.66
+# Skylake	40	-	26	13.3	7.25
+# Bulldozer	121	-	50	14.0	13.5
+# VIA Nano	91	-	52	33	14.7
+# Atom		126	-	68	48(***)	14.7
+# Silvermont	97	-	58	42(***)	17.5
+# Goldmont	80	-	48	19.5	12.0
+#
+# (*)	whichever best applicable.
+# (**)	x86_64 assembler performance is presented for reference
+#	purposes, the results are for integer-only code.
+# (***)	paddq is incredibly slow on Atom.
+#
+# IALU code-path is optimized for elder Pentiums. On vanilla Pentium
+# performance improvement over compiler generated code reaches ~60%,
+# while on PIII - ~35%. On newer µ-archs improvement varies from 15%
+# to 50%, but it's less important as they are expected to execute SSE2
+# code-path, which is commonly ~2-3x faster [than compiler generated
+# code]. SSE2 code-path is as fast as original sha512-sse2.pl, even
+# though it does not use 128-bit operations. The latter means that
+# SSE2-aware kernel is no longer required to execute the code. Another
+# difference is that new code optimizes amount of writes, but at the
+# cost of increased data cache "footprint" by 1/2KB.
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+
+$output=pop;
+open STDOUT,">$output";
+
+&asm_init($ARGV[0],$ARGV[$#ARGV] eq "386");
+
+$sse2=0;
+for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
+
+&external_label("OPENSSL_ia32cap_P") if ($sse2);
+
+$Tlo=&DWP(0,"esp");	$Thi=&DWP(4,"esp");
+$Alo=&DWP(8,"esp");	$Ahi=&DWP(8+4,"esp");
+$Blo=&DWP(16,"esp");	$Bhi=&DWP(16+4,"esp");
+$Clo=&DWP(24,"esp");	$Chi=&DWP(24+4,"esp");
+$Dlo=&DWP(32,"esp");	$Dhi=&DWP(32+4,"esp");
+$Elo=&DWP(40,"esp");	$Ehi=&DWP(40+4,"esp");
+$Flo=&DWP(48,"esp");	$Fhi=&DWP(48+4,"esp");
+$Glo=&DWP(56,"esp");	$Ghi=&DWP(56+4,"esp");
+$Hlo=&DWP(64,"esp");	$Hhi=&DWP(64+4,"esp");
+$K512="ebp";
+
+$Asse2=&QWP(0,"esp");
+$Bsse2=&QWP(8,"esp");
+$Csse2=&QWP(16,"esp");
+$Dsse2=&QWP(24,"esp");
+$Esse2=&QWP(32,"esp");
+$Fsse2=&QWP(40,"esp");
+$Gsse2=&QWP(48,"esp");
+$Hsse2=&QWP(56,"esp");
+
+$A="mm0";	# B-D and
+$E="mm4";	# F-H are commonly loaded to respectively mm1-mm3 and
+		# mm5-mm7, but it's done on on-demand basis...
+$BxC="mm2";	# ... except for B^C
+
+sub BODY_00_15_sse2 {
+    my $phase=shift;
+
+	#&movq	("mm5",$Fsse2);			# load f
+	#&movq	("mm6",$Gsse2);			# load g
+
+	&movq	("mm1",$E);			# %mm1 is sliding right
+	 &pxor	("mm5","mm6");			# f^=g
+	&psrlq	("mm1",14);
+	 &movq	($Esse2,$E);			# modulo-scheduled save e
+	 &pand	("mm5",$E);			# f&=e
+	&psllq	($E,23);			# $E is sliding left
+	 &movq	($A,"mm3")			if ($phase<2);
+	 &movq	(&QWP(8*9,"esp"),"mm7")		# save X[i]
+	&movq	("mm3","mm1");			# %mm3 is T1
+	 &psrlq	("mm1",4);
+	 &pxor	("mm5","mm6");			# Ch(e,f,g)
+	&pxor	("mm3",$E);
+	 &psllq	($E,23);
+	&pxor	("mm3","mm1");
+	 &movq	($Asse2,$A);			# modulo-scheduled save a
+	 &paddq	("mm7","mm5");			# X[i]+=Ch(e,f,g)
+	&pxor	("mm3",$E);
+	 &psrlq	("mm1",23);
+	 &paddq	("mm7",$Hsse2);			# X[i]+=h
+	&pxor	("mm3","mm1");
+	 &psllq	($E,4);
+	 &paddq	("mm7",QWP(0,$K512));		# X[i]+=K512[i]
+	&pxor	("mm3",$E);			# T1=Sigma1_512(e)
+
+	 &movq	($E,$Dsse2);			# e = load d, e in next round
+	&paddq	("mm3","mm7");			# T1+=X[i]
+	 &movq	("mm5",$A);			# %mm5 is sliding right
+	 &psrlq	("mm5",28);
+	&paddq	($E,"mm3");			# d += T1
+	 &movq	("mm6",$A);			# %mm6 is sliding left
+	 &movq	("mm7","mm5");
+	 &psllq	("mm6",25);
+	&movq	("mm1",$Bsse2);			# load b
+	 &psrlq	("mm5",6);
+	 &pxor	("mm7","mm6");
+	&sub	("esp",8);
+	 &psllq	("mm6",5);
+	 &pxor	("mm7","mm5");
+	&pxor	($A,"mm1");			# a^b, b^c in next round
+	 &psrlq	("mm5",5);
+	 &pxor	("mm7","mm6");
+	&pand	($BxC,$A);			# (b^c)&(a^b)
+	 &psllq	("mm6",6);
+	 &pxor	("mm7","mm5");
+	&pxor	($BxC,"mm1");			# [h=]Maj(a,b,c)
+	 &pxor	("mm6","mm7");			# Sigma0_512(a)
+	 &movq	("mm7",&QWP(8*(9+16-1),"esp"))	if ($phase!=0);	# pre-fetch
+	 &movq	("mm5",$Fsse2)			if ($phase==0);	# load f
+
+    if ($phase>1) {
+	&paddq	($BxC,"mm6");			# h+=Sigma0(a)
+	 &add	($K512,8);
+	#&paddq	($BxC,"mm3");			# h+=T1
+
+	($A,$BxC) = ($BxC,$A);			# rotate registers
+    } else {
+	&paddq	("mm3",$BxC);			# T1+=Maj(a,b,c)
+	 &movq	($BxC,$A);
+	 &add	($K512,8);
+	&paddq	("mm3","mm6");			# T1+=Sigma0(a)
+	 &movq	("mm6",$Gsse2)			if ($phase==0);	# load g
+	#&movq	($A,"mm3");			# h=T1
+    }
+}
+
+sub BODY_00_15_x86 {
+	#define Sigma1(x)	(ROTR((x),14) ^ ROTR((x),18)  ^ ROTR((x),41))
+	#	LO		lo>>14^hi<<18 ^ lo>>18^hi<<14 ^ hi>>9^lo<<23
+	#	HI		hi>>14^lo<<18 ^ hi>>18^lo<<14 ^ lo>>9^hi<<23
+	&mov	("ecx",$Elo);
+	&mov	("edx",$Ehi);
+	&mov	("esi","ecx");
+
+	&shr	("ecx",9);	# lo>>9
+	&mov	("edi","edx");
+	&shr	("edx",9);	# hi>>9
+	&mov	("ebx","ecx");
+	&shl	("esi",14);	# lo<<14
+	&mov	("eax","edx");
+	&shl	("edi",14);	# hi<<14
+	&xor	("ebx","esi");
+
+	&shr	("ecx",14-9);	# lo>>14
+	&xor	("eax","edi");
+	&shr	("edx",14-9);	# hi>>14
+	&xor	("eax","ecx");
+	&shl	("esi",18-14);	# lo<<18
+	&xor	("ebx","edx");
+	&shl	("edi",18-14);	# hi<<18
+	&xor	("ebx","esi");
+
+	&shr	("ecx",18-14);	# lo>>18
+	&xor	("eax","edi");
+	&shr	("edx",18-14);	# hi>>18
+	&xor	("eax","ecx");
+	&shl	("esi",23-18);	# lo<<23
+	&xor	("ebx","edx");
+	&shl	("edi",23-18);	# hi<<23
+	&xor	("eax","esi");
+	&xor	("ebx","edi");			# T1 = Sigma1(e)
+
+	&mov	("ecx",$Flo);
+	&mov	("edx",$Fhi);
+	&mov	("esi",$Glo);
+	&mov	("edi",$Ghi);
+	 &add	("eax",$Hlo);
+	 &adc	("ebx",$Hhi);			# T1 += h
+	&xor	("ecx","esi");
+	&xor	("edx","edi");
+	&and	("ecx",$Elo);
+	&and	("edx",$Ehi);
+	 &add	("eax",&DWP(8*(9+15)+0,"esp"));
+	 &adc	("ebx",&DWP(8*(9+15)+4,"esp"));	# T1 += X[0]
+	&xor	("ecx","esi");
+	&xor	("edx","edi");			# Ch(e,f,g) = (f^g)&e)^g
+
+	&mov	("esi",&DWP(0,$K512));
+	&mov	("edi",&DWP(4,$K512));		# K[i]
+	&add	("eax","ecx");
+	&adc	("ebx","edx");			# T1 += Ch(e,f,g)
+	&mov	("ecx",$Dlo);
+	&mov	("edx",$Dhi);
+	&add	("eax","esi");
+	&adc	("ebx","edi");			# T1 += K[i]
+	&mov	($Tlo,"eax");
+	&mov	($Thi,"ebx");			# put T1 away
+	&add	("eax","ecx");
+	&adc	("ebx","edx");			# d += T1
+
+	#define Sigma0(x)	(ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39))
+	#	LO		lo>>28^hi<<4  ^ hi>>2^lo<<30 ^ hi>>7^lo<<25
+	#	HI		hi>>28^lo<<4  ^ lo>>2^hi<<30 ^ lo>>7^hi<<25
+	&mov	("ecx",$Alo);
+	&mov	("edx",$Ahi);
+	&mov	($Dlo,"eax");
+	&mov	($Dhi,"ebx");
+	&mov	("esi","ecx");
+
+	&shr	("ecx",2);	# lo>>2
+	&mov	("edi","edx");
+	&shr	("edx",2);	# hi>>2
+	&mov	("ebx","ecx");
+	&shl	("esi",4);	# lo<<4
+	&mov	("eax","edx");
+	&shl	("edi",4);	# hi<<4
+	&xor	("ebx","esi");
+
+	&shr	("ecx",7-2);	# lo>>7
+	&xor	("eax","edi");
+	&shr	("edx",7-2);	# hi>>7
+	&xor	("ebx","ecx");
+	&shl	("esi",25-4);	# lo<<25
+	&xor	("eax","edx");
+	&shl	("edi",25-4);	# hi<<25
+	&xor	("eax","esi");
+
+	&shr	("ecx",28-7);	# lo>>28
+	&xor	("ebx","edi");
+	&shr	("edx",28-7);	# hi>>28
+	&xor	("eax","ecx");
+	&shl	("esi",30-25);	# lo<<30
+	&xor	("ebx","edx");
+	&shl	("edi",30-25);	# hi<<30
+	&xor	("eax","esi");
+	&xor	("ebx","edi");			# Sigma0(a)
+
+	&mov	("ecx",$Alo);
+	&mov	("edx",$Ahi);
+	&mov	("esi",$Blo);
+	&mov	("edi",$Bhi);
+	&add	("eax",$Tlo);
+	&adc	("ebx",$Thi);			# T1 = Sigma0(a)+T1
+	&or	("ecx","esi");
+	&or	("edx","edi");
+	&and	("ecx",$Clo);
+	&and	("edx",$Chi);
+	&and	("esi",$Alo);
+	&and	("edi",$Ahi);
+	&or	("ecx","esi");
+	&or	("edx","edi");			# Maj(a,b,c) = ((a|b)&c)|(a&b)
+
+	&add	("eax","ecx");
+	&adc	("ebx","edx");			# T1 += Maj(a,b,c)
+	&mov	($Tlo,"eax");
+	&mov	($Thi,"ebx");
+
+	&mov	(&LB("edx"),&BP(0,$K512));	# pre-fetch LSB of *K
+	&sub	("esp",8);
+	&lea	($K512,&DWP(8,$K512));		# K++
+}
+
+
+&function_begin("sha512_block_data_order");
+	&mov	("esi",wparam(0));	# ctx
+	&mov	("edi",wparam(1));	# inp
+	&mov	("eax",wparam(2));	# num
+	&mov	("ebx","esp");		# saved sp
+
+	&call	(&label("pic_point"));	# make it PIC!
+&set_label("pic_point");
+	&blindpop($K512);
+	&lea	($K512,&DWP(&label("K512")."-".&label("pic_point"),$K512));
+
+	&sub	("esp",16);
+	&and	("esp",-64);
+
+	&shl	("eax",7);
+	&add	("eax","edi");
+	&mov	(&DWP(0,"esp"),"esi");	# ctx
+	&mov	(&DWP(4,"esp"),"edi");	# inp
+	&mov	(&DWP(8,"esp"),"eax");	# inp+num*128
+	&mov	(&DWP(12,"esp"),"ebx");	# saved sp
+
+if ($sse2) {
+	&picmeup("edx","OPENSSL_ia32cap_P",$K512,&label("K512"));
+	&mov	("ecx",&DWP(0,"edx"));
+	&test	("ecx",1<<26);
+	&jz	(&label("loop_x86"));
+
+	&mov	("edx",&DWP(4,"edx"));
+
+	# load ctx->h[0-7]
+	&movq	($A,&QWP(0,"esi"));
+	 &and	("ecx",1<<24);		# XMM registers availability
+	&movq	("mm1",&QWP(8,"esi"));
+	 &and	("edx",1<<9);		# SSSE3 bit
+	&movq	($BxC,&QWP(16,"esi"));
+	 &or	("ecx","edx");
+	&movq	("mm3",&QWP(24,"esi"));
+	&movq	($E,&QWP(32,"esi"));
+	&movq	("mm5",&QWP(40,"esi"));
+	&movq	("mm6",&QWP(48,"esi"));
+	&movq	("mm7",&QWP(56,"esi"));
+	&cmp	("ecx",1<<24|1<<9);
+	&je	(&label("SSSE3"));
+	&sub	("esp",8*10);
+	&jmp	(&label("loop_sse2"));
+
+&set_label("loop_sse2",16);
+	#&movq	($Asse2,$A);
+	&movq	($Bsse2,"mm1");
+	&movq	($Csse2,$BxC);
+	&movq	($Dsse2,"mm3");
+	#&movq	($Esse2,$E);
+	&movq	($Fsse2,"mm5");
+	&movq	($Gsse2,"mm6");
+	&pxor	($BxC,"mm1");			# magic
+	&movq	($Hsse2,"mm7");
+	&movq	("mm3",$A);			# magic
+
+	&mov	("eax",&DWP(0,"edi"));
+	&mov	("ebx",&DWP(4,"edi"));
+	&add	("edi",8);
+	&mov	("edx",15);			# counter
+	&bswap	("eax");
+	&bswap	("ebx");
+	&jmp	(&label("00_14_sse2"));
+
+&set_label("00_14_sse2",16);
+	&movd	("mm1","eax");
+	&mov	("eax",&DWP(0,"edi"));
+	&movd	("mm7","ebx");
+	&mov	("ebx",&DWP(4,"edi"));
+	&add	("edi",8);
+	&bswap	("eax");
+	&bswap	("ebx");
+	&punpckldq("mm7","mm1");
+
+	&BODY_00_15_sse2();
+
+	&dec	("edx");
+	&jnz	(&label("00_14_sse2"));
+
+	&movd	("mm1","eax");
+	&movd	("mm7","ebx");
+	&punpckldq("mm7","mm1");
+
+	&BODY_00_15_sse2(1);
+
+	&pxor	($A,$A);			# A is in %mm3
+	&mov	("edx",32);			# counter
+	&jmp	(&label("16_79_sse2"));
+
+&set_label("16_79_sse2",16);
+    for ($j=0;$j<2;$j++) {			# 2x unroll
+	#&movq	("mm7",&QWP(8*(9+16-1),"esp"));	# prefetched in BODY_00_15
+	&movq	("mm5",&QWP(8*(9+16-14),"esp"));
+	&movq	("mm1","mm7");
+	&psrlq	("mm7",1);
+	 &movq	("mm6","mm5");
+	 &psrlq	("mm5",6);
+	&psllq	("mm1",56);
+	 &paddq	($A,"mm3");			# from BODY_00_15
+	 &movq	("mm3","mm7");
+	&psrlq	("mm7",7-1);
+	 &pxor	("mm3","mm1");
+	 &psllq	("mm1",63-56);
+	&pxor	("mm3","mm7");
+	 &psrlq	("mm7",8-7);
+	&pxor	("mm3","mm1");
+	 &movq	("mm1","mm5");
+	 &psrlq	("mm5",19-6);
+	&pxor	("mm7","mm3");			# sigma0
+
+	 &psllq	("mm6",3);
+	 &pxor	("mm1","mm5");
+	&paddq	("mm7",&QWP(8*(9+16),"esp"));
+	 &pxor	("mm1","mm6");
+	 &psrlq	("mm5",61-19);
+	&paddq	("mm7",&QWP(8*(9+16-9),"esp"));
+	 &pxor	("mm1","mm5");
+	 &psllq	("mm6",45-3);
+	&movq	("mm5",$Fsse2);			# load f
+	 &pxor	("mm1","mm6");			# sigma1
+	&movq	("mm6",$Gsse2);			# load g
+
+	&paddq	("mm7","mm1");			# X[i]
+	#&movq	(&QWP(8*9,"esp"),"mm7");	# moved to BODY_00_15
+
+	&BODY_00_15_sse2(2);
+    }
+	&dec	("edx");
+	&jnz	(&label("16_79_sse2"));
+
+	#&movq	($A,$Asse2);
+	&paddq	($A,"mm3");			# from BODY_00_15
+	&movq	("mm1",$Bsse2);
+	#&movq	($BxC,$Csse2);
+	&movq	("mm3",$Dsse2);
+	#&movq	($E,$Esse2);
+	&movq	("mm5",$Fsse2);
+	&movq	("mm6",$Gsse2);
+	&movq	("mm7",$Hsse2);
+
+	&pxor	($BxC,"mm1");			# de-magic
+	&paddq	($A,&QWP(0,"esi"));
+	&paddq	("mm1",&QWP(8,"esi"));
+	&paddq	($BxC,&QWP(16,"esi"));
+	&paddq	("mm3",&QWP(24,"esi"));
+	&paddq	($E,&QWP(32,"esi"));
+	&paddq	("mm5",&QWP(40,"esi"));
+	&paddq	("mm6",&QWP(48,"esi"));
+	&paddq	("mm7",&QWP(56,"esi"));
+
+	&mov	("eax",8*80);
+	&movq	(&QWP(0,"esi"),$A);
+	&movq	(&QWP(8,"esi"),"mm1");
+	&movq	(&QWP(16,"esi"),$BxC);
+	&movq	(&QWP(24,"esi"),"mm3");
+	&movq	(&QWP(32,"esi"),$E);
+	&movq	(&QWP(40,"esi"),"mm5");
+	&movq	(&QWP(48,"esi"),"mm6");
+	&movq	(&QWP(56,"esi"),"mm7");
+
+	&lea	("esp",&DWP(0,"esp","eax"));	# destroy frame
+	&sub	($K512,"eax");			# rewind K
+
+	&cmp	("edi",&DWP(8*10+8,"esp"));	# are we done yet?
+	&jb	(&label("loop_sse2"));
+
+	&mov	("esp",&DWP(8*10+12,"esp"));	# restore sp
+	&emms	();
+&function_end_A();
+
+&set_label("SSSE3",32);
+{ my ($cnt,$frame)=("ecx","edx");
+  my @X=map("xmm$_",(0..7));
+  my $j;
+  my $i=0;
+
+	&lea	($frame,&DWP(-64,"esp"));
+	&sub	("esp",256);
+
+	# fixed stack frame layout
+	#
+	# +0	A B C D E F G H		# backing store
+	# +64	X[0]+K[i] .. X[15]+K[i]	# XMM->MM xfer area
+	# +192				# XMM off-load ring buffer
+	# +256				# saved parameters
+
+	&movdqa		(@X[1],&QWP(80*8,$K512));		# byte swap mask
+	&movdqu		(@X[0],&QWP(0,"edi"));
+	&pshufb		(@X[0],@X[1]);
+    for ($j=0;$j<8;$j++) {
+	&movdqa		(&QWP(16*(($j-1)%4),$frame),@X[3])	if ($j>4); # off-load
+	&movdqa		(@X[3],&QWP(16*($j%8),$K512));
+	&movdqa		(@X[2],@X[1])				if ($j<7); # perpetuate byte swap mask
+	&movdqu		(@X[1],&QWP(16*($j+1),"edi"))		if ($j<7); # next input
+	&movdqa		(@X[1],&QWP(16*(($j+1)%4),$frame))	if ($j==7);# restore @X[0]
+	&paddq		(@X[3],@X[0]);
+	&pshufb		(@X[1],@X[2])				if ($j<7);
+	&movdqa		(&QWP(16*($j%8)-128,$frame),@X[3]);	# xfer X[i]+K[i]
+
+	push(@X,shift(@X));					# rotate(@X)
+    }
+	#&jmp		(&label("loop_ssse3"));
+	&nop		();
+
+&set_label("loop_ssse3",32);
+	&movdqa		(@X[2],&QWP(16*(($j+1)%4),$frame));	# pre-restore @X[1]
+	&movdqa		(&QWP(16*(($j-1)%4),$frame),@X[3]);	# off-load @X[3]
+	&lea		($K512,&DWP(16*8,$K512));
+
+	#&movq	($Asse2,$A);			# off-load A-H
+	&movq	($Bsse2,"mm1");
+	 &mov	("ebx","edi");
+	&movq	($Csse2,$BxC);
+	 &lea	("edi",&DWP(128,"edi"));	# advance input
+	&movq	($Dsse2,"mm3");
+	 &cmp	("edi","eax");
+	#&movq	($Esse2,$E);
+	&movq	($Fsse2,"mm5");
+	 &cmovb	("ebx","edi");
+	&movq	($Gsse2,"mm6");
+	 &mov	("ecx",4);			# loop counter
+	&pxor	($BxC,"mm1");			# magic
+	&movq	($Hsse2,"mm7");
+	&pxor	("mm3","mm3");			# magic
+
+	&jmp		(&label("00_47_ssse3"));
+
+sub BODY_00_15_ssse3 {		# "phase-less" copy of BODY_00_15_sse2
+	(
+	'&movq	("mm1",$E)',				# %mm1 is sliding right
+	'&movq	("mm7",&QWP(((-8*$i)%128)-128,$frame))',# X[i]+K[i]
+	 '&pxor	("mm5","mm6")',				# f^=g
+	'&psrlq	("mm1",14)',
+	 '&movq	(&QWP(8*($i+4)%64,"esp"),$E)',		# modulo-scheduled save e
+	 '&pand	("mm5",$E)',				# f&=e
+	'&psllq	($E,23)',				# $E is sliding left
+	'&paddq	($A,"mm3")',				# [h+=Maj(a,b,c)]
+	'&movq	("mm3","mm1")',				# %mm3 is T1
+	 '&psrlq("mm1",4)',
+	 '&pxor	("mm5","mm6")',				# Ch(e,f,g)
+	'&pxor	("mm3",$E)',
+	 '&psllq($E,23)',
+	'&pxor	("mm3","mm1")',
+	 '&movq	(&QWP(8*$i%64,"esp"),$A)',		# modulo-scheduled save a
+	 '&paddq("mm7","mm5")',				# X[i]+=Ch(e,f,g)
+	'&pxor	("mm3",$E)',
+	 '&psrlq("mm1",23)',
+	 '&paddq("mm7",&QWP(8*($i+7)%64,"esp"))',	# X[i]+=h
+	'&pxor	("mm3","mm1")',
+	 '&psllq($E,4)',
+	'&pxor	("mm3",$E)',				# T1=Sigma1_512(e)
+
+	 '&movq	($E,&QWP(8*($i+3)%64,"esp"))',		# e = load d, e in next round
+	'&paddq	("mm3","mm7")',				# T1+=X[i]
+	 '&movq	("mm5",$A)',				# %mm5 is sliding right
+	 '&psrlq("mm5",28)',
+	'&paddq	($E,"mm3")',				# d += T1
+	 '&movq	("mm6",$A)',				# %mm6 is sliding left
+	 '&movq	("mm7","mm5")',
+	 '&psllq("mm6",25)',
+	'&movq	("mm1",&QWP(8*($i+1)%64,"esp"))',	# load b
+	 '&psrlq("mm5",6)',
+	 '&pxor	("mm7","mm6")',
+	 '&psllq("mm6",5)',
+	 '&pxor	("mm7","mm5")',
+	'&pxor	($A,"mm1")',				# a^b, b^c in next round
+	 '&psrlq("mm5",5)',
+	 '&pxor	("mm7","mm6")',
+	'&pand	($BxC,$A)',				# (b^c)&(a^b)
+	 '&psllq("mm6",6)',
+	 '&pxor	("mm7","mm5")',
+	'&pxor	($BxC,"mm1")',				# [h=]Maj(a,b,c)
+	 '&pxor	("mm6","mm7")',				# Sigma0_512(a)
+	 '&movq	("mm5",&QWP(8*($i+5-1)%64,"esp"))',	# pre-load f
+	'&paddq	($BxC,"mm6")',				# h+=Sigma0(a)
+	 '&movq	("mm6",&QWP(8*($i+6-1)%64,"esp"))',	# pre-load g
+
+	'($A,$BxC) = ($BxC,$A); $i--;'
+	);
+}
+
+&set_label("00_47_ssse3",32);
+
+    for(;$j<16;$j++) {
+	my ($t0,$t2,$t1)=@X[2..4];
+	my @insns = (&BODY_00_15_ssse3(),&BODY_00_15_ssse3());
+
+	&movdqa		($t2,@X[5]);
+	&movdqa		(@X[1],$t0);			# restore @X[1]
+	&palignr	($t0,@X[0],8);			# X[1..2]
+	&movdqa		(&QWP(16*($j%4),$frame),@X[4]);	# off-load @X[4]
+	 &palignr	($t2,@X[4],8);			# X[9..10]
+
+	&movdqa		($t1,$t0);
+	&psrlq		($t0,7);
+	 &paddq		(@X[0],$t2);			# X[0..1] += X[9..10]
+	&movdqa		($t2,$t1);
+	&psrlq		($t1,1);
+	&psllq		($t2,64-8);
+	&pxor		($t0,$t1);
+	&psrlq		($t1,8-1);
+	&pxor		($t0,$t2);
+	&psllq		($t2,8-1);
+	&pxor		($t0,$t1);
+	 &movdqa	($t1,@X[7]);
+	&pxor		($t0,$t2);			# sigma0(X[1..2])
+	 &movdqa	($t2,@X[7]);
+	 &psrlq		($t1,6);
+	&paddq		(@X[0],$t0);			# X[0..1] += sigma0(X[1..2])
+
+	&movdqa		($t0,@X[7]);
+	&psrlq		($t2,19);
+	&psllq		($t0,64-61);
+	&pxor		($t1,$t2);
+	&psrlq		($t2,61-19);
+	&pxor		($t1,$t0);
+	&psllq		($t0,61-19);
+	&pxor		($t1,$t2);
+	&movdqa		($t2,&QWP(16*(($j+2)%4),$frame));# pre-restore @X[1]
+	&pxor		($t1,$t0);			# sigma0(X[1..2])
+	&movdqa		($t0,&QWP(16*($j%8),$K512));
+	 eval(shift(@insns));
+	&paddq		(@X[0],$t1);			# X[0..1] += sigma0(X[14..15])
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&paddq		($t0,@X[0]);
+	 foreach(@insns) { eval; }
+	&movdqa		(&QWP(16*($j%8)-128,$frame),$t0);# xfer X[i]+K[i]
+
+	push(@X,shift(@X));				# rotate(@X)
+    }
+	&lea		($K512,&DWP(16*8,$K512));
+	&dec		("ecx");
+	&jnz		(&label("00_47_ssse3"));
+
+	&movdqa		(@X[1],&QWP(0,$K512));		# byte swap mask
+	&lea		($K512,&DWP(-80*8,$K512));	# rewind
+	&movdqu		(@X[0],&QWP(0,"ebx"));
+	&pshufb		(@X[0],@X[1]);
+
+    for ($j=0;$j<8;$j++) {	# load next or same block
+	my @insns = (&BODY_00_15_ssse3(),&BODY_00_15_ssse3());
+
+	&movdqa		(&QWP(16*(($j-1)%4),$frame),@X[3])	if ($j>4); # off-load
+	&movdqa		(@X[3],&QWP(16*($j%8),$K512));
+	&movdqa		(@X[2],@X[1])				if ($j<7); # perpetuate byte swap mask
+	&movdqu		(@X[1],&QWP(16*($j+1),"ebx"))		if ($j<7); # next input
+	&movdqa		(@X[1],&QWP(16*(($j+1)%4),$frame))	if ($j==7);# restore @X[0]
+	&paddq		(@X[3],@X[0]);
+	&pshufb		(@X[1],@X[2])				if ($j<7);
+	 foreach(@insns) { eval; }
+	&movdqa		(&QWP(16*($j%8)-128,$frame),@X[3]);# xfer X[i]+K[i]
+
+	push(@X,shift(@X));				# rotate(@X)
+    }
+
+	#&movq	($A,$Asse2);			# load A-H
+	&movq	("mm1",$Bsse2);
+	&paddq	($A,"mm3");			# from BODY_00_15
+	#&movq	($BxC,$Csse2);
+	&movq	("mm3",$Dsse2);
+	#&movq	($E,$Esse2);
+	#&movq	("mm5",$Fsse2);
+	#&movq	("mm6",$Gsse2);
+	&movq	("mm7",$Hsse2);
+
+	&pxor	($BxC,"mm1");			# de-magic
+	&paddq	($A,&QWP(0,"esi"));
+	&paddq	("mm1",&QWP(8,"esi"));
+	&paddq	($BxC,&QWP(16,"esi"));
+	&paddq	("mm3",&QWP(24,"esi"));
+	&paddq	($E,&QWP(32,"esi"));
+	&paddq	("mm5",&QWP(40,"esi"));
+	&paddq	("mm6",&QWP(48,"esi"));
+	&paddq	("mm7",&QWP(56,"esi"));
+
+	&movq	(&QWP(0,"esi"),$A);
+	&movq	(&QWP(8,"esi"),"mm1");
+	&movq	(&QWP(16,"esi"),$BxC);
+	&movq	(&QWP(24,"esi"),"mm3");
+	&movq	(&QWP(32,"esi"),$E);
+	&movq	(&QWP(40,"esi"),"mm5");
+	&movq	(&QWP(48,"esi"),"mm6");
+	&movq	(&QWP(56,"esi"),"mm7");
+
+    	&cmp	("edi","eax")			# are we done yet?
+	&jb	(&label("loop_ssse3"));
+
+	&mov	("esp",&DWP(64+12,$frame));	# restore sp
+	&emms	();
+}
+&function_end_A();
+}
+&set_label("loop_x86",16);
+    # copy input block to stack reversing byte and qword order
+    for ($i=0;$i<8;$i++) {
+	&mov	("eax",&DWP($i*16+0,"edi"));
+	&mov	("ebx",&DWP($i*16+4,"edi"));
+	&mov	("ecx",&DWP($i*16+8,"edi"));
+	&mov	("edx",&DWP($i*16+12,"edi"));
+	&bswap	("eax");
+	&bswap	("ebx");
+	&bswap	("ecx");
+	&bswap	("edx");
+	&push	("eax");
+	&push	("ebx");
+	&push	("ecx");
+	&push	("edx");
+    }
+	&add	("edi",128);
+	&sub	("esp",9*8);		# place for T,A,B,C,D,E,F,G,H
+	&mov	(&DWP(8*(9+16)+4,"esp"),"edi");
+
+	# copy ctx->h[0-7] to A,B,C,D,E,F,G,H on stack
+	&lea	("edi",&DWP(8,"esp"));
+	&mov	("ecx",16);
+	&data_word(0xA5F3F689);		# rep movsd
+
+&set_label("00_15_x86",16);
+	&BODY_00_15_x86();
+
+	&cmp	(&LB("edx"),0x94);
+	&jne	(&label("00_15_x86"));
+
+&set_label("16_79_x86",16);
+	#define sigma0(x)	(ROTR((x),1)  ^ ROTR((x),8)  ^ ((x)>>7))
+	#	LO		lo>>1^hi<<31  ^ lo>>8^hi<<24 ^ lo>>7^hi<<25
+	#	HI		hi>>1^lo<<31  ^ hi>>8^lo<<24 ^ hi>>7
+	&mov	("ecx",&DWP(8*(9+15+16-1)+0,"esp"));
+	&mov	("edx",&DWP(8*(9+15+16-1)+4,"esp"));
+	&mov	("esi","ecx");
+
+	&shr	("ecx",1);	# lo>>1
+	&mov	("edi","edx");
+	&shr	("edx",1);	# hi>>1
+	&mov	("eax","ecx");
+	&shl	("esi",24);	# lo<<24
+	&mov	("ebx","edx");
+	&shl	("edi",24);	# hi<<24
+	&xor	("ebx","esi");
+
+	&shr	("ecx",7-1);	# lo>>7
+	&xor	("eax","edi");
+	&shr	("edx",7-1);	# hi>>7
+	&xor	("eax","ecx");
+	&shl	("esi",31-24);	# lo<<31
+	&xor	("ebx","edx");
+	&shl	("edi",25-24);	# hi<<25
+	&xor	("ebx","esi");
+
+	&shr	("ecx",8-7);	# lo>>8
+	&xor	("eax","edi");
+	&shr	("edx",8-7);	# hi>>8
+	&xor	("eax","ecx");
+	&shl	("edi",31-25);	# hi<<31
+	&xor	("ebx","edx");
+	&xor	("eax","edi");			# T1 = sigma0(X[-15])
+
+	&mov	(&DWP(0,"esp"),"eax");
+	&mov	(&DWP(4,"esp"),"ebx");		# put T1 away
+
+	#define sigma1(x)	(ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6))
+	#	LO		lo>>19^hi<<13 ^ hi>>29^lo<<3 ^ lo>>6^hi<<26
+	#	HI		hi>>19^lo<<13 ^ lo>>29^hi<<3 ^ hi>>6
+	&mov	("ecx",&DWP(8*(9+15+16-14)+0,"esp"));
+	&mov	("edx",&DWP(8*(9+15+16-14)+4,"esp"));
+	&mov	("esi","ecx");
+
+	&shr	("ecx",6);	# lo>>6
+	&mov	("edi","edx");
+	&shr	("edx",6);	# hi>>6
+	&mov	("eax","ecx");
+	&shl	("esi",3);	# lo<<3
+	&mov	("ebx","edx");
+	&shl	("edi",3);	# hi<<3
+	&xor	("eax","esi");
+
+	&shr	("ecx",19-6);	# lo>>19
+	&xor	("ebx","edi");
+	&shr	("edx",19-6);	# hi>>19
+	&xor	("eax","ecx");
+	&shl	("esi",13-3);	# lo<<13
+	&xor	("ebx","edx");
+	&shl	("edi",13-3);	# hi<<13
+	&xor	("ebx","esi");
+
+	&shr	("ecx",29-19);	# lo>>29
+	&xor	("eax","edi");
+	&shr	("edx",29-19);	# hi>>29
+	&xor	("ebx","ecx");
+	&shl	("edi",26-13);	# hi<<26
+	&xor	("eax","edx");
+	&xor	("eax","edi");			# sigma1(X[-2])
+
+	&mov	("ecx",&DWP(8*(9+15+16)+0,"esp"));
+	&mov	("edx",&DWP(8*(9+15+16)+4,"esp"));
+	&add	("eax",&DWP(0,"esp"));
+	&adc	("ebx",&DWP(4,"esp"));		# T1 = sigma1(X[-2])+T1
+	&mov	("esi",&DWP(8*(9+15+16-9)+0,"esp"));
+	&mov	("edi",&DWP(8*(9+15+16-9)+4,"esp"));
+	&add	("eax","ecx");
+	&adc	("ebx","edx");			# T1 += X[-16]
+	&add	("eax","esi");
+	&adc	("ebx","edi");			# T1 += X[-7]
+	&mov	(&DWP(8*(9+15)+0,"esp"),"eax");
+	&mov	(&DWP(8*(9+15)+4,"esp"),"ebx");	# save X[0]
+
+	&BODY_00_15_x86();
+
+	&cmp	(&LB("edx"),0x17);
+	&jne	(&label("16_79_x86"));
+
+	&mov	("esi",&DWP(8*(9+16+80)+0,"esp"));# ctx
+	&mov	("edi",&DWP(8*(9+16+80)+4,"esp"));# inp
+    for($i=0;$i<4;$i++) {
+	&mov	("eax",&DWP($i*16+0,"esi"));
+	&mov	("ebx",&DWP($i*16+4,"esi"));
+	&mov	("ecx",&DWP($i*16+8,"esi"));
+	&mov	("edx",&DWP($i*16+12,"esi"));
+	&add	("eax",&DWP(8+($i*16)+0,"esp"));
+	&adc	("ebx",&DWP(8+($i*16)+4,"esp"));
+	&mov	(&DWP($i*16+0,"esi"),"eax");
+	&mov	(&DWP($i*16+4,"esi"),"ebx");
+	&add	("ecx",&DWP(8+($i*16)+8,"esp"));
+	&adc	("edx",&DWP(8+($i*16)+12,"esp"));
+	&mov	(&DWP($i*16+8,"esi"),"ecx");
+	&mov	(&DWP($i*16+12,"esi"),"edx");
+    }
+	&add	("esp",8*(9+16+80));		# destroy frame
+	&sub	($K512,8*80);			# rewind K
+
+	&cmp	("edi",&DWP(8,"esp"));		# are we done yet?
+	&jb	(&label("loop_x86"));
+
+	&mov	("esp",&DWP(12,"esp"));		# restore sp
+&function_end_A();
+
+&set_label("K512",64);	# Yes! I keep it in the code segment!
+	&data_word(0xd728ae22,0x428a2f98);	# u64
+	&data_word(0x23ef65cd,0x71374491);	# u64
+	&data_word(0xec4d3b2f,0xb5c0fbcf);	# u64
+	&data_word(0x8189dbbc,0xe9b5dba5);	# u64
+	&data_word(0xf348b538,0x3956c25b);	# u64
+	&data_word(0xb605d019,0x59f111f1);	# u64
+	&data_word(0xaf194f9b,0x923f82a4);	# u64
+	&data_word(0xda6d8118,0xab1c5ed5);	# u64
+	&data_word(0xa3030242,0xd807aa98);	# u64
+	&data_word(0x45706fbe,0x12835b01);	# u64
+	&data_word(0x4ee4b28c,0x243185be);	# u64
+	&data_word(0xd5ffb4e2,0x550c7dc3);	# u64
+	&data_word(0xf27b896f,0x72be5d74);	# u64
+	&data_word(0x3b1696b1,0x80deb1fe);	# u64
+	&data_word(0x25c71235,0x9bdc06a7);	# u64
+	&data_word(0xcf692694,0xc19bf174);	# u64
+	&data_word(0x9ef14ad2,0xe49b69c1);	# u64
+	&data_word(0x384f25e3,0xefbe4786);	# u64
+	&data_word(0x8b8cd5b5,0x0fc19dc6);	# u64
+	&data_word(0x77ac9c65,0x240ca1cc);	# u64
+	&data_word(0x592b0275,0x2de92c6f);	# u64
+	&data_word(0x6ea6e483,0x4a7484aa);	# u64
+	&data_word(0xbd41fbd4,0x5cb0a9dc);	# u64
+	&data_word(0x831153b5,0x76f988da);	# u64
+	&data_word(0xee66dfab,0x983e5152);	# u64
+	&data_word(0x2db43210,0xa831c66d);	# u64
+	&data_word(0x98fb213f,0xb00327c8);	# u64
+	&data_word(0xbeef0ee4,0xbf597fc7);	# u64
+	&data_word(0x3da88fc2,0xc6e00bf3);	# u64
+	&data_word(0x930aa725,0xd5a79147);	# u64
+	&data_word(0xe003826f,0x06ca6351);	# u64
+	&data_word(0x0a0e6e70,0x14292967);	# u64
+	&data_word(0x46d22ffc,0x27b70a85);	# u64
+	&data_word(0x5c26c926,0x2e1b2138);	# u64
+	&data_word(0x5ac42aed,0x4d2c6dfc);	# u64
+	&data_word(0x9d95b3df,0x53380d13);	# u64
+	&data_word(0x8baf63de,0x650a7354);	# u64
+	&data_word(0x3c77b2a8,0x766a0abb);	# u64
+	&data_word(0x47edaee6,0x81c2c92e);	# u64
+	&data_word(0x1482353b,0x92722c85);	# u64
+	&data_word(0x4cf10364,0xa2bfe8a1);	# u64
+	&data_word(0xbc423001,0xa81a664b);	# u64
+	&data_word(0xd0f89791,0xc24b8b70);	# u64
+	&data_word(0x0654be30,0xc76c51a3);	# u64
+	&data_word(0xd6ef5218,0xd192e819);	# u64
+	&data_word(0x5565a910,0xd6990624);	# u64
+	&data_word(0x5771202a,0xf40e3585);	# u64
+	&data_word(0x32bbd1b8,0x106aa070);	# u64
+	&data_word(0xb8d2d0c8,0x19a4c116);	# u64
+	&data_word(0x5141ab53,0x1e376c08);	# u64
+	&data_word(0xdf8eeb99,0x2748774c);	# u64
+	&data_word(0xe19b48a8,0x34b0bcb5);	# u64
+	&data_word(0xc5c95a63,0x391c0cb3);	# u64
+	&data_word(0xe3418acb,0x4ed8aa4a);	# u64
+	&data_word(0x7763e373,0x5b9cca4f);	# u64
+	&data_word(0xd6b2b8a3,0x682e6ff3);	# u64
+	&data_word(0x5defb2fc,0x748f82ee);	# u64
+	&data_word(0x43172f60,0x78a5636f);	# u64
+	&data_word(0xa1f0ab72,0x84c87814);	# u64
+	&data_word(0x1a6439ec,0x8cc70208);	# u64
+	&data_word(0x23631e28,0x90befffa);	# u64
+	&data_word(0xde82bde9,0xa4506ceb);	# u64
+	&data_word(0xb2c67915,0xbef9a3f7);	# u64
+	&data_word(0xe372532b,0xc67178f2);	# u64
+	&data_word(0xea26619c,0xca273ece);	# u64
+	&data_word(0x21c0c207,0xd186b8c7);	# u64
+	&data_word(0xcde0eb1e,0xeada7dd6);	# u64
+	&data_word(0xee6ed178,0xf57d4f7f);	# u64
+	&data_word(0x72176fba,0x06f067aa);	# u64
+	&data_word(0xa2c898a6,0x0a637dc5);	# u64
+	&data_word(0xbef90dae,0x113f9804);	# u64
+	&data_word(0x131c471b,0x1b710b35);	# u64
+	&data_word(0x23047d84,0x28db77f5);	# u64
+	&data_word(0x40c72493,0x32caab7b);	# u64
+	&data_word(0x15c9bebc,0x3c9ebe0a);	# u64
+	&data_word(0x9c100d4c,0x431d67c4);	# u64
+	&data_word(0xcb3e42b6,0x4cc5d4be);	# u64
+	&data_word(0xfc657e2a,0x597f299c);	# u64
+	&data_word(0x3ad6faec,0x5fcb6fab);	# u64
+	&data_word(0x4a475817,0x6c44198c);	# u64
+
+	&data_word(0x04050607,0x00010203);	# byte swap
+	&data_word(0x0c0d0e0f,0x08090a0b);	# mask
+&function_end_B("sha512_block_data_order");
+&asciz("SHA512 block transform for x86, CRYPTOGAMS by <appro\@openssl.org>");
+
+&asm_finish();
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-armv4.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-armv4.pl
new file mode 100644
index 000000000..0b4c5674d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-armv4.pl
@@ -0,0 +1,668 @@
+#! /usr/bin/env perl
+# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+#
+# Permission to use under GPL terms is granted.
+# ====================================================================
+
+# SHA512 block procedure for ARMv4. September 2007.
+
+# This code is ~4.5 (four and a half) times faster than code generated
+# by gcc 3.4 and it spends ~72 clock cycles per byte [on single-issue
+# Xscale PXA250 core].
+#
+# July 2010.
+#
+# Rescheduling for dual-issue pipeline resulted in 6% improvement on
+# Cortex A8 core and ~40 cycles per processed byte.
+
+# February 2011.
+#
+# Profiler-assisted and platform-specific optimization resulted in 7%
+# improvement on Coxtex A8 core and ~38 cycles per byte.
+
+# March 2011.
+#
+# Add NEON implementation. On Cortex A8 it was measured to process
+# one byte in 23.3 cycles or ~60% faster than integer-only code.
+
+# August 2012.
+#
+# Improve NEON performance by 12% on Snapdragon S4. In absolute
+# terms it's 22.6 cycles per byte, which is disappointing result.
+# Technical writers asserted that 3-way S4 pipeline can sustain
+# multiple NEON instructions per cycle, but dual NEON issue could
+# not be observed, see http://www.openssl.org/~appro/Snapdragon-S4.html
+# for further details. On side note Cortex-A15 processes one byte in
+# 16 cycles.
+
+# Byte order [in]dependence. =========================================
+#
+# Originally caller was expected to maintain specific *dword* order in
+# h[0-7], namely with most significant dword at *lower* address, which
+# was reflected in below two parameters as 0 and 4. Now caller is
+# expected to maintain native byte order for whole 64-bit values.
+$hi="HI";
+$lo="LO";
+# ====================================================================
+
+$flavour = shift;
+if ($flavour=~/\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; }
+else { while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} }
+
+if ($flavour && $flavour ne "void") {
+    $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+    ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
+    ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
+    die "can't locate arm-xlate.pl";
+
+    open STDOUT,"| \"$^X\" $xlate $flavour $output";
+} else {
+    open STDOUT,">$output";
+}
+
+$ctx="r0";	# parameter block
+$inp="r1";
+$len="r2";
+
+$Tlo="r3";
+$Thi="r4";
+$Alo="r5";
+$Ahi="r6";
+$Elo="r7";
+$Ehi="r8";
+$t0="r9";
+$t1="r10";
+$t2="r11";
+$t3="r12";
+############	r13 is stack pointer
+$Ktbl="r14";
+############	r15 is program counter
+
+$Aoff=8*0;
+$Boff=8*1;
+$Coff=8*2;
+$Doff=8*3;
+$Eoff=8*4;
+$Foff=8*5;
+$Goff=8*6;
+$Hoff=8*7;
+$Xoff=8*8;
+
+sub BODY_00_15() {
+my $magic = shift;
+$code.=<<___;
+	@ Sigma1(x)	(ROTR((x),14) ^ ROTR((x),18)  ^ ROTR((x),41))
+	@ LO		lo>>14^hi<<18 ^ lo>>18^hi<<14 ^ hi>>9^lo<<23
+	@ HI		hi>>14^lo<<18 ^ hi>>18^lo<<14 ^ lo>>9^hi<<23
+	mov	$t0,$Elo,lsr#14
+	str	$Tlo,[sp,#$Xoff+0]
+	mov	$t1,$Ehi,lsr#14
+	str	$Thi,[sp,#$Xoff+4]
+	eor	$t0,$t0,$Ehi,lsl#18
+	ldr	$t2,[sp,#$Hoff+0]	@ h.lo
+	eor	$t1,$t1,$Elo,lsl#18
+	ldr	$t3,[sp,#$Hoff+4]	@ h.hi
+	eor	$t0,$t0,$Elo,lsr#18
+	eor	$t1,$t1,$Ehi,lsr#18
+	eor	$t0,$t0,$Ehi,lsl#14
+	eor	$t1,$t1,$Elo,lsl#14
+	eor	$t0,$t0,$Ehi,lsr#9
+	eor	$t1,$t1,$Elo,lsr#9
+	eor	$t0,$t0,$Elo,lsl#23
+	eor	$t1,$t1,$Ehi,lsl#23	@ Sigma1(e)
+	adds	$Tlo,$Tlo,$t0
+	ldr	$t0,[sp,#$Foff+0]	@ f.lo
+	adc	$Thi,$Thi,$t1		@ T += Sigma1(e)
+	ldr	$t1,[sp,#$Foff+4]	@ f.hi
+	adds	$Tlo,$Tlo,$t2
+	ldr	$t2,[sp,#$Goff+0]	@ g.lo
+	adc	$Thi,$Thi,$t3		@ T += h
+	ldr	$t3,[sp,#$Goff+4]	@ g.hi
+
+	eor	$t0,$t0,$t2
+	str	$Elo,[sp,#$Eoff+0]
+	eor	$t1,$t1,$t3
+	str	$Ehi,[sp,#$Eoff+4]
+	and	$t0,$t0,$Elo
+	str	$Alo,[sp,#$Aoff+0]
+	and	$t1,$t1,$Ehi
+	str	$Ahi,[sp,#$Aoff+4]
+	eor	$t0,$t0,$t2
+	ldr	$t2,[$Ktbl,#$lo]	@ K[i].lo
+	eor	$t1,$t1,$t3		@ Ch(e,f,g)
+	ldr	$t3,[$Ktbl,#$hi]	@ K[i].hi
+
+	adds	$Tlo,$Tlo,$t0
+	ldr	$Elo,[sp,#$Doff+0]	@ d.lo
+	adc	$Thi,$Thi,$t1		@ T += Ch(e,f,g)
+	ldr	$Ehi,[sp,#$Doff+4]	@ d.hi
+	adds	$Tlo,$Tlo,$t2
+	and	$t0,$t2,#0xff
+	adc	$Thi,$Thi,$t3		@ T += K[i]
+	adds	$Elo,$Elo,$Tlo
+	ldr	$t2,[sp,#$Boff+0]	@ b.lo
+	adc	$Ehi,$Ehi,$Thi		@ d += T
+	teq	$t0,#$magic
+
+	ldr	$t3,[sp,#$Coff+0]	@ c.lo
+#ifdef	__thumb2__
+	it	eq			@ Thumb2 thing, sanity check in ARM
+#endif
+	orreq	$Ktbl,$Ktbl,#1
+	@ Sigma0(x)	(ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39))
+	@ LO		lo>>28^hi<<4  ^ hi>>2^lo<<30 ^ hi>>7^lo<<25
+	@ HI		hi>>28^lo<<4  ^ lo>>2^hi<<30 ^ lo>>7^hi<<25
+	mov	$t0,$Alo,lsr#28
+	mov	$t1,$Ahi,lsr#28
+	eor	$t0,$t0,$Ahi,lsl#4
+	eor	$t1,$t1,$Alo,lsl#4
+	eor	$t0,$t0,$Ahi,lsr#2
+	eor	$t1,$t1,$Alo,lsr#2
+	eor	$t0,$t0,$Alo,lsl#30
+	eor	$t1,$t1,$Ahi,lsl#30
+	eor	$t0,$t0,$Ahi,lsr#7
+	eor	$t1,$t1,$Alo,lsr#7
+	eor	$t0,$t0,$Alo,lsl#25
+	eor	$t1,$t1,$Ahi,lsl#25	@ Sigma0(a)
+	adds	$Tlo,$Tlo,$t0
+	and	$t0,$Alo,$t2
+	adc	$Thi,$Thi,$t1		@ T += Sigma0(a)
+
+	ldr	$t1,[sp,#$Boff+4]	@ b.hi
+	orr	$Alo,$Alo,$t2
+	ldr	$t2,[sp,#$Coff+4]	@ c.hi
+	and	$Alo,$Alo,$t3
+	and	$t3,$Ahi,$t1
+	orr	$Ahi,$Ahi,$t1
+	orr	$Alo,$Alo,$t0		@ Maj(a,b,c).lo
+	and	$Ahi,$Ahi,$t2
+	adds	$Alo,$Alo,$Tlo
+	orr	$Ahi,$Ahi,$t3		@ Maj(a,b,c).hi
+	sub	sp,sp,#8
+	adc	$Ahi,$Ahi,$Thi		@ h += T
+	tst	$Ktbl,#1
+	add	$Ktbl,$Ktbl,#8
+___
+}
+$code=<<___;
+#ifndef __KERNEL__
+# include "arm_arch.h"
+# define VFP_ABI_PUSH	vstmdb	sp!,{d8-d15}
+# define VFP_ABI_POP	vldmia	sp!,{d8-d15}
+#else
+# define __ARM_ARCH__ __LINUX_ARM_ARCH__
+# define __ARM_MAX_ARCH__ 7
+# define VFP_ABI_PUSH
+# define VFP_ABI_POP
+#endif
+
+#ifdef __ARMEL__
+# define LO 0
+# define HI 4
+# define WORD64(hi0,lo0,hi1,lo1)	.word	lo0,hi0, lo1,hi1
+#else
+# define HI 0
+# define LO 4
+# define WORD64(hi0,lo0,hi1,lo1)	.word	hi0,lo0, hi1,lo1
+#endif
+
+.text
+#if defined(__thumb2__)
+.syntax unified
+.thumb
+# define adrl adr
+#else
+.code	32
+#endif
+
+.type	K512,%object
+.align	5
+K512:
+WORD64(0x428a2f98,0xd728ae22, 0x71374491,0x23ef65cd)
+WORD64(0xb5c0fbcf,0xec4d3b2f, 0xe9b5dba5,0x8189dbbc)
+WORD64(0x3956c25b,0xf348b538, 0x59f111f1,0xb605d019)
+WORD64(0x923f82a4,0xaf194f9b, 0xab1c5ed5,0xda6d8118)
+WORD64(0xd807aa98,0xa3030242, 0x12835b01,0x45706fbe)
+WORD64(0x243185be,0x4ee4b28c, 0x550c7dc3,0xd5ffb4e2)
+WORD64(0x72be5d74,0xf27b896f, 0x80deb1fe,0x3b1696b1)
+WORD64(0x9bdc06a7,0x25c71235, 0xc19bf174,0xcf692694)
+WORD64(0xe49b69c1,0x9ef14ad2, 0xefbe4786,0x384f25e3)
+WORD64(0x0fc19dc6,0x8b8cd5b5, 0x240ca1cc,0x77ac9c65)
+WORD64(0x2de92c6f,0x592b0275, 0x4a7484aa,0x6ea6e483)
+WORD64(0x5cb0a9dc,0xbd41fbd4, 0x76f988da,0x831153b5)
+WORD64(0x983e5152,0xee66dfab, 0xa831c66d,0x2db43210)
+WORD64(0xb00327c8,0x98fb213f, 0xbf597fc7,0xbeef0ee4)
+WORD64(0xc6e00bf3,0x3da88fc2, 0xd5a79147,0x930aa725)
+WORD64(0x06ca6351,0xe003826f, 0x14292967,0x0a0e6e70)
+WORD64(0x27b70a85,0x46d22ffc, 0x2e1b2138,0x5c26c926)
+WORD64(0x4d2c6dfc,0x5ac42aed, 0x53380d13,0x9d95b3df)
+WORD64(0x650a7354,0x8baf63de, 0x766a0abb,0x3c77b2a8)
+WORD64(0x81c2c92e,0x47edaee6, 0x92722c85,0x1482353b)
+WORD64(0xa2bfe8a1,0x4cf10364, 0xa81a664b,0xbc423001)
+WORD64(0xc24b8b70,0xd0f89791, 0xc76c51a3,0x0654be30)
+WORD64(0xd192e819,0xd6ef5218, 0xd6990624,0x5565a910)
+WORD64(0xf40e3585,0x5771202a, 0x106aa070,0x32bbd1b8)
+WORD64(0x19a4c116,0xb8d2d0c8, 0x1e376c08,0x5141ab53)
+WORD64(0x2748774c,0xdf8eeb99, 0x34b0bcb5,0xe19b48a8)
+WORD64(0x391c0cb3,0xc5c95a63, 0x4ed8aa4a,0xe3418acb)
+WORD64(0x5b9cca4f,0x7763e373, 0x682e6ff3,0xd6b2b8a3)
+WORD64(0x748f82ee,0x5defb2fc, 0x78a5636f,0x43172f60)
+WORD64(0x84c87814,0xa1f0ab72, 0x8cc70208,0x1a6439ec)
+WORD64(0x90befffa,0x23631e28, 0xa4506ceb,0xde82bde9)
+WORD64(0xbef9a3f7,0xb2c67915, 0xc67178f2,0xe372532b)
+WORD64(0xca273ece,0xea26619c, 0xd186b8c7,0x21c0c207)
+WORD64(0xeada7dd6,0xcde0eb1e, 0xf57d4f7f,0xee6ed178)
+WORD64(0x06f067aa,0x72176fba, 0x0a637dc5,0xa2c898a6)
+WORD64(0x113f9804,0xbef90dae, 0x1b710b35,0x131c471b)
+WORD64(0x28db77f5,0x23047d84, 0x32caab7b,0x40c72493)
+WORD64(0x3c9ebe0a,0x15c9bebc, 0x431d67c4,0x9c100d4c)
+WORD64(0x4cc5d4be,0xcb3e42b6, 0x597f299c,0xfc657e2a)
+WORD64(0x5fcb6fab,0x3ad6faec, 0x6c44198c,0x4a475817)
+.size	K512,.-K512
+#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__)
+.LOPENSSL_armcap:
+.word	OPENSSL_armcap_P-.Lsha512_block_data_order
+.skip	32-4
+#else
+.skip	32
+#endif
+
+.global	sha512_block_data_order
+.type	sha512_block_data_order,%function
+sha512_block_data_order:
+.Lsha512_block_data_order:
+#if __ARM_ARCH__<7 && !defined(__thumb2__)
+	sub	r3,pc,#8		@ sha512_block_data_order
+#else
+	adr	r3,.Lsha512_block_data_order
+#endif
+#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__)
+	ldr	r12,.LOPENSSL_armcap
+	ldr	r12,[r3,r12]		@ OPENSSL_armcap_P
+#ifdef	__APPLE__
+	ldr	r12,[r12]
+#endif
+	tst	r12,#ARMV7_NEON
+	bne	.LNEON
+#endif
+	add	$len,$inp,$len,lsl#7	@ len to point at the end of inp
+	stmdb	sp!,{r4-r12,lr}
+	sub	$Ktbl,r3,#672		@ K512
+	sub	sp,sp,#9*8
+
+	ldr	$Elo,[$ctx,#$Eoff+$lo]
+	ldr	$Ehi,[$ctx,#$Eoff+$hi]
+	ldr	$t0, [$ctx,#$Goff+$lo]
+	ldr	$t1, [$ctx,#$Goff+$hi]
+	ldr	$t2, [$ctx,#$Hoff+$lo]
+	ldr	$t3, [$ctx,#$Hoff+$hi]
+.Loop:
+	str	$t0, [sp,#$Goff+0]
+	str	$t1, [sp,#$Goff+4]
+	str	$t2, [sp,#$Hoff+0]
+	str	$t3, [sp,#$Hoff+4]
+	ldr	$Alo,[$ctx,#$Aoff+$lo]
+	ldr	$Ahi,[$ctx,#$Aoff+$hi]
+	ldr	$Tlo,[$ctx,#$Boff+$lo]
+	ldr	$Thi,[$ctx,#$Boff+$hi]
+	ldr	$t0, [$ctx,#$Coff+$lo]
+	ldr	$t1, [$ctx,#$Coff+$hi]
+	ldr	$t2, [$ctx,#$Doff+$lo]
+	ldr	$t3, [$ctx,#$Doff+$hi]
+	str	$Tlo,[sp,#$Boff+0]
+	str	$Thi,[sp,#$Boff+4]
+	str	$t0, [sp,#$Coff+0]
+	str	$t1, [sp,#$Coff+4]
+	str	$t2, [sp,#$Doff+0]
+	str	$t3, [sp,#$Doff+4]
+	ldr	$Tlo,[$ctx,#$Foff+$lo]
+	ldr	$Thi,[$ctx,#$Foff+$hi]
+	str	$Tlo,[sp,#$Foff+0]
+	str	$Thi,[sp,#$Foff+4]
+
+.L00_15:
+#if __ARM_ARCH__<7
+	ldrb	$Tlo,[$inp,#7]
+	ldrb	$t0, [$inp,#6]
+	ldrb	$t1, [$inp,#5]
+	ldrb	$t2, [$inp,#4]
+	ldrb	$Thi,[$inp,#3]
+	ldrb	$t3, [$inp,#2]
+	orr	$Tlo,$Tlo,$t0,lsl#8
+	ldrb	$t0, [$inp,#1]
+	orr	$Tlo,$Tlo,$t1,lsl#16
+	ldrb	$t1, [$inp],#8
+	orr	$Tlo,$Tlo,$t2,lsl#24
+	orr	$Thi,$Thi,$t3,lsl#8
+	orr	$Thi,$Thi,$t0,lsl#16
+	orr	$Thi,$Thi,$t1,lsl#24
+#else
+	ldr	$Tlo,[$inp,#4]
+	ldr	$Thi,[$inp],#8
+#ifdef __ARMEL__
+	rev	$Tlo,$Tlo
+	rev	$Thi,$Thi
+#endif
+#endif
+___
+	&BODY_00_15(0x94);
+$code.=<<___;
+	tst	$Ktbl,#1
+	beq	.L00_15
+	ldr	$t0,[sp,#`$Xoff+8*(16-1)`+0]
+	ldr	$t1,[sp,#`$Xoff+8*(16-1)`+4]
+	bic	$Ktbl,$Ktbl,#1
+.L16_79:
+	@ sigma0(x)	(ROTR((x),1)  ^ ROTR((x),8)  ^ ((x)>>7))
+	@ LO		lo>>1^hi<<31  ^ lo>>8^hi<<24 ^ lo>>7^hi<<25
+	@ HI		hi>>1^lo<<31  ^ hi>>8^lo<<24 ^ hi>>7
+	mov	$Tlo,$t0,lsr#1
+	ldr	$t2,[sp,#`$Xoff+8*(16-14)`+0]
+	mov	$Thi,$t1,lsr#1
+	ldr	$t3,[sp,#`$Xoff+8*(16-14)`+4]
+	eor	$Tlo,$Tlo,$t1,lsl#31
+	eor	$Thi,$Thi,$t0,lsl#31
+	eor	$Tlo,$Tlo,$t0,lsr#8
+	eor	$Thi,$Thi,$t1,lsr#8
+	eor	$Tlo,$Tlo,$t1,lsl#24
+	eor	$Thi,$Thi,$t0,lsl#24
+	eor	$Tlo,$Tlo,$t0,lsr#7
+	eor	$Thi,$Thi,$t1,lsr#7
+	eor	$Tlo,$Tlo,$t1,lsl#25
+
+	@ sigma1(x)	(ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6))
+	@ LO		lo>>19^hi<<13 ^ hi>>29^lo<<3 ^ lo>>6^hi<<26
+	@ HI		hi>>19^lo<<13 ^ lo>>29^hi<<3 ^ hi>>6
+	mov	$t0,$t2,lsr#19
+	mov	$t1,$t3,lsr#19
+	eor	$t0,$t0,$t3,lsl#13
+	eor	$t1,$t1,$t2,lsl#13
+	eor	$t0,$t0,$t3,lsr#29
+	eor	$t1,$t1,$t2,lsr#29
+	eor	$t0,$t0,$t2,lsl#3
+	eor	$t1,$t1,$t3,lsl#3
+	eor	$t0,$t0,$t2,lsr#6
+	eor	$t1,$t1,$t3,lsr#6
+	ldr	$t2,[sp,#`$Xoff+8*(16-9)`+0]
+	eor	$t0,$t0,$t3,lsl#26
+
+	ldr	$t3,[sp,#`$Xoff+8*(16-9)`+4]
+	adds	$Tlo,$Tlo,$t0
+	ldr	$t0,[sp,#`$Xoff+8*16`+0]
+	adc	$Thi,$Thi,$t1
+
+	ldr	$t1,[sp,#`$Xoff+8*16`+4]
+	adds	$Tlo,$Tlo,$t2
+	adc	$Thi,$Thi,$t3
+	adds	$Tlo,$Tlo,$t0
+	adc	$Thi,$Thi,$t1
+___
+	&BODY_00_15(0x17);
+$code.=<<___;
+#ifdef	__thumb2__
+	ittt	eq			@ Thumb2 thing, sanity check in ARM
+#endif
+	ldreq	$t0,[sp,#`$Xoff+8*(16-1)`+0]
+	ldreq	$t1,[sp,#`$Xoff+8*(16-1)`+4]
+	beq	.L16_79
+	bic	$Ktbl,$Ktbl,#1
+
+	ldr	$Tlo,[sp,#$Boff+0]
+	ldr	$Thi,[sp,#$Boff+4]
+	ldr	$t0, [$ctx,#$Aoff+$lo]
+	ldr	$t1, [$ctx,#$Aoff+$hi]
+	ldr	$t2, [$ctx,#$Boff+$lo]
+	ldr	$t3, [$ctx,#$Boff+$hi]
+	adds	$t0,$Alo,$t0
+	str	$t0, [$ctx,#$Aoff+$lo]
+	adc	$t1,$Ahi,$t1
+	str	$t1, [$ctx,#$Aoff+$hi]
+	adds	$t2,$Tlo,$t2
+	str	$t2, [$ctx,#$Boff+$lo]
+	adc	$t3,$Thi,$t3
+	str	$t3, [$ctx,#$Boff+$hi]
+
+	ldr	$Alo,[sp,#$Coff+0]
+	ldr	$Ahi,[sp,#$Coff+4]
+	ldr	$Tlo,[sp,#$Doff+0]
+	ldr	$Thi,[sp,#$Doff+4]
+	ldr	$t0, [$ctx,#$Coff+$lo]
+	ldr	$t1, [$ctx,#$Coff+$hi]
+	ldr	$t2, [$ctx,#$Doff+$lo]
+	ldr	$t3, [$ctx,#$Doff+$hi]
+	adds	$t0,$Alo,$t0
+	str	$t0, [$ctx,#$Coff+$lo]
+	adc	$t1,$Ahi,$t1
+	str	$t1, [$ctx,#$Coff+$hi]
+	adds	$t2,$Tlo,$t2
+	str	$t2, [$ctx,#$Doff+$lo]
+	adc	$t3,$Thi,$t3
+	str	$t3, [$ctx,#$Doff+$hi]
+
+	ldr	$Tlo,[sp,#$Foff+0]
+	ldr	$Thi,[sp,#$Foff+4]
+	ldr	$t0, [$ctx,#$Eoff+$lo]
+	ldr	$t1, [$ctx,#$Eoff+$hi]
+	ldr	$t2, [$ctx,#$Foff+$lo]
+	ldr	$t3, [$ctx,#$Foff+$hi]
+	adds	$Elo,$Elo,$t0
+	str	$Elo,[$ctx,#$Eoff+$lo]
+	adc	$Ehi,$Ehi,$t1
+	str	$Ehi,[$ctx,#$Eoff+$hi]
+	adds	$t2,$Tlo,$t2
+	str	$t2, [$ctx,#$Foff+$lo]
+	adc	$t3,$Thi,$t3
+	str	$t3, [$ctx,#$Foff+$hi]
+
+	ldr	$Alo,[sp,#$Goff+0]
+	ldr	$Ahi,[sp,#$Goff+4]
+	ldr	$Tlo,[sp,#$Hoff+0]
+	ldr	$Thi,[sp,#$Hoff+4]
+	ldr	$t0, [$ctx,#$Goff+$lo]
+	ldr	$t1, [$ctx,#$Goff+$hi]
+	ldr	$t2, [$ctx,#$Hoff+$lo]
+	ldr	$t3, [$ctx,#$Hoff+$hi]
+	adds	$t0,$Alo,$t0
+	str	$t0, [$ctx,#$Goff+$lo]
+	adc	$t1,$Ahi,$t1
+	str	$t1, [$ctx,#$Goff+$hi]
+	adds	$t2,$Tlo,$t2
+	str	$t2, [$ctx,#$Hoff+$lo]
+	adc	$t3,$Thi,$t3
+	str	$t3, [$ctx,#$Hoff+$hi]
+
+	add	sp,sp,#640
+	sub	$Ktbl,$Ktbl,#640
+
+	teq	$inp,$len
+	bne	.Loop
+
+	add	sp,sp,#8*9		@ destroy frame
+#if __ARM_ARCH__>=5
+	ldmia	sp!,{r4-r12,pc}
+#else
+	ldmia	sp!,{r4-r12,lr}
+	tst	lr,#1
+	moveq	pc,lr			@ be binary compatible with V4, yet
+	bx	lr			@ interoperable with Thumb ISA:-)
+#endif
+.size	sha512_block_data_order,.-sha512_block_data_order
+___
+
+{
+my @Sigma0=(28,34,39);
+my @Sigma1=(14,18,41);
+my @sigma0=(1, 8, 7);
+my @sigma1=(19,61,6);
+
+my $Ktbl="r3";
+my $cnt="r12";	# volatile register known as ip, intra-procedure-call scratch
+
+my @X=map("d$_",(0..15));
+my @V=($A,$B,$C,$D,$E,$F,$G,$H)=map("d$_",(16..23));
+
+sub NEON_00_15() {
+my $i=shift;
+my ($a,$b,$c,$d,$e,$f,$g,$h)=@_;
+my ($t0,$t1,$t2,$T1,$K,$Ch,$Maj)=map("d$_",(24..31));	# temps
+
+$code.=<<___ if ($i<16 || $i&1);
+	vshr.u64	$t0,$e,#@Sigma1[0]	@ $i
+#if $i<16
+	vld1.64		{@X[$i%16]},[$inp]!	@ handles unaligned
+#endif
+	vshr.u64	$t1,$e,#@Sigma1[1]
+#if $i>0
+	 vadd.i64	$a,$Maj			@ h+=Maj from the past
+#endif
+	vshr.u64	$t2,$e,#@Sigma1[2]
+___
+$code.=<<___;
+	vld1.64		{$K},[$Ktbl,:64]!	@ K[i++]
+	vsli.64		$t0,$e,#`64-@Sigma1[0]`
+	vsli.64		$t1,$e,#`64-@Sigma1[1]`
+	vmov		$Ch,$e
+	vsli.64		$t2,$e,#`64-@Sigma1[2]`
+#if $i<16 && defined(__ARMEL__)
+	vrev64.8	@X[$i],@X[$i]
+#endif
+	veor		$t1,$t0
+	vbsl		$Ch,$f,$g		@ Ch(e,f,g)
+	vshr.u64	$t0,$a,#@Sigma0[0]
+	veor		$t2,$t1			@ Sigma1(e)
+	vadd.i64	$T1,$Ch,$h
+	vshr.u64	$t1,$a,#@Sigma0[1]
+	vsli.64		$t0,$a,#`64-@Sigma0[0]`
+	vadd.i64	$T1,$t2
+	vshr.u64	$t2,$a,#@Sigma0[2]
+	vadd.i64	$K,@X[$i%16]
+	vsli.64		$t1,$a,#`64-@Sigma0[1]`
+	veor		$Maj,$a,$b
+	vsli.64		$t2,$a,#`64-@Sigma0[2]`
+	veor		$h,$t0,$t1
+	vadd.i64	$T1,$K
+	vbsl		$Maj,$c,$b		@ Maj(a,b,c)
+	veor		$h,$t2			@ Sigma0(a)
+	vadd.i64	$d,$T1
+	vadd.i64	$Maj,$T1
+	@ vadd.i64	$h,$Maj
+___
+}
+
+sub NEON_16_79() {
+my $i=shift;
+
+if ($i&1)	{ &NEON_00_15($i,@_); return; }
+
+# 2x-vectorized, therefore runs every 2nd round
+my @X=map("q$_",(0..7));			# view @X as 128-bit vector
+my ($t0,$t1,$s0,$s1) = map("q$_",(12..15));	# temps
+my ($d0,$d1,$d2) = map("d$_",(24..26));		# temps from NEON_00_15
+my $e=@_[4];					# $e from NEON_00_15
+$i /= 2;
+$code.=<<___;
+	vshr.u64	$t0,@X[($i+7)%8],#@sigma1[0]
+	vshr.u64	$t1,@X[($i+7)%8],#@sigma1[1]
+	 vadd.i64	@_[0],d30			@ h+=Maj from the past
+	vshr.u64	$s1,@X[($i+7)%8],#@sigma1[2]
+	vsli.64		$t0,@X[($i+7)%8],#`64-@sigma1[0]`
+	vext.8		$s0,@X[$i%8],@X[($i+1)%8],#8	@ X[i+1]
+	vsli.64		$t1,@X[($i+7)%8],#`64-@sigma1[1]`
+	veor		$s1,$t0
+	vshr.u64	$t0,$s0,#@sigma0[0]
+	veor		$s1,$t1				@ sigma1(X[i+14])
+	vshr.u64	$t1,$s0,#@sigma0[1]
+	vadd.i64	@X[$i%8],$s1
+	vshr.u64	$s1,$s0,#@sigma0[2]
+	vsli.64		$t0,$s0,#`64-@sigma0[0]`
+	vsli.64		$t1,$s0,#`64-@sigma0[1]`
+	vext.8		$s0,@X[($i+4)%8],@X[($i+5)%8],#8	@ X[i+9]
+	veor		$s1,$t0
+	vshr.u64	$d0,$e,#@Sigma1[0]		@ from NEON_00_15
+	vadd.i64	@X[$i%8],$s0
+	vshr.u64	$d1,$e,#@Sigma1[1]		@ from NEON_00_15
+	veor		$s1,$t1				@ sigma0(X[i+1])
+	vshr.u64	$d2,$e,#@Sigma1[2]		@ from NEON_00_15
+	vadd.i64	@X[$i%8],$s1
+___
+	&NEON_00_15(2*$i,@_);
+}
+
+$code.=<<___;
+#if __ARM_MAX_ARCH__>=7
+.arch	armv7-a
+.fpu	neon
+
+.global	sha512_block_data_order_neon
+.type	sha512_block_data_order_neon,%function
+.align	4
+sha512_block_data_order_neon:
+.LNEON:
+	dmb				@ errata #451034 on early Cortex A8
+	add	$len,$inp,$len,lsl#7	@ len to point at the end of inp
+	adr	$Ktbl,K512
+	VFP_ABI_PUSH
+	vldmia	$ctx,{$A-$H}		@ load context
+.Loop_neon:
+___
+for($i=0;$i<16;$i++)	{ &NEON_00_15($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	mov		$cnt,#4
+.L16_79_neon:
+	subs		$cnt,#1
+___
+for(;$i<32;$i++)	{ &NEON_16_79($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	bne		.L16_79_neon
+
+	 vadd.i64	$A,d30		@ h+=Maj from the past
+	vldmia		$ctx,{d24-d31}	@ load context to temp
+	vadd.i64	q8,q12		@ vectorized accumulate
+	vadd.i64	q9,q13
+	vadd.i64	q10,q14
+	vadd.i64	q11,q15
+	vstmia		$ctx,{$A-$H}	@ save context
+	teq		$inp,$len
+	sub		$Ktbl,#640	@ rewind K512
+	bne		.Loop_neon
+
+	VFP_ABI_POP
+	ret				@ bx lr
+.size	sha512_block_data_order_neon,.-sha512_block_data_order_neon
+#endif
+___
+}
+$code.=<<___;
+.asciz	"SHA512 block transform for ARMv4/NEON, CRYPTOGAMS by <appro\@openssl.org>"
+.align	2
+#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__)
+.comm	OPENSSL_armcap_P,4,4
+#endif
+___
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+$code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm;	# make it possible to compile with -march=armv4
+$code =~ s/\bret\b/bx	lr/gm;
+
+open SELF,$0;
+while(<SELF>) {
+	next if (/^#!/);
+	last if (!s/^#/@/ and !/^$/);
+	print;
+}
+close SELF;
+
+print $code;
+close STDOUT; # enforce flush
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-armv8.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-armv8.pl
new file mode 100644
index 000000000..01ffe9f98
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-armv8.pl
@@ -0,0 +1,905 @@
+#! /usr/bin/env perl
+# Copyright 2014-2019 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+#
+# Permission to use under GPLv2 terms is granted.
+# ====================================================================
+#
+# SHA256/512 for ARMv8.
+#
+# Performance in cycles per processed byte and improvement coefficient
+# over code generated with "default" compiler:
+#
+#		SHA256-hw	SHA256(*)	SHA512
+# Apple A7	1.97		10.5 (+33%)	6.73 (-1%(**))
+# Cortex-A53	2.38		15.5 (+115%)	10.0 (+150%(***))
+# Cortex-A57	2.31		11.6 (+86%)	7.51 (+260%(***))
+# Denver	2.01		10.5 (+26%)	6.70 (+8%)
+# X-Gene			20.0 (+100%)	12.8 (+300%(***))
+# Mongoose	2.36		13.0 (+50%)	8.36 (+33%)
+# Kryo		1.92		17.4 (+30%)	11.2 (+8%)
+#
+# (*)	Software SHA256 results are of lesser relevance, presented
+#	mostly for informational purposes.
+# (**)	The result is a trade-off: it's possible to improve it by
+#	10% (or by 1 cycle per round), but at the cost of 20% loss
+#	on Cortex-A53 (or by 4 cycles per round).
+# (***)	Super-impressive coefficients over gcc-generated code are
+#	indication of some compiler "pathology", most notably code
+#	generated with -mgeneral-regs-only is significantly faster
+#	and the gap is only 40-90%.
+#
+# October 2016.
+#
+# Originally it was reckoned that it makes no sense to implement NEON
+# version of SHA256 for 64-bit processors. This is because performance
+# improvement on most wide-spread Cortex-A5x processors was observed
+# to be marginal, same on Cortex-A53 and ~10% on A57. But then it was
+# observed that 32-bit NEON SHA256 performs significantly better than
+# 64-bit scalar version on *some* of the more recent processors. As
+# result 64-bit NEON version of SHA256 was added to provide best
+# all-round performance. For example it executes ~30% faster on X-Gene
+# and Mongoose. [For reference, NEON version of SHA512 is bound to
+# deliver much less improvement, likely *negative* on Cortex-A5x.
+# Which is why NEON support is limited to SHA256.]
+
+$output=pop;
+$flavour=pop;
+
+if ($flavour && $flavour ne "void") {
+    $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+    ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
+    ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
+    die "can't locate arm-xlate.pl";
+
+    open OUT,"| \"$^X\" $xlate $flavour $output";
+    *STDOUT=*OUT;
+} else {
+    open STDOUT,">$output";
+}
+
+if ($output =~ /512/) {
+	$BITS=512;
+	$SZ=8;
+	@Sigma0=(28,34,39);
+	@Sigma1=(14,18,41);
+	@sigma0=(1,  8, 7);
+	@sigma1=(19,61, 6);
+	$rounds=80;
+	$reg_t="x";
+} else {
+	$BITS=256;
+	$SZ=4;
+	@Sigma0=( 2,13,22);
+	@Sigma1=( 6,11,25);
+	@sigma0=( 7,18, 3);
+	@sigma1=(17,19,10);
+	$rounds=64;
+	$reg_t="w";
+}
+
+$func="sha${BITS}_block_data_order";
+
+($ctx,$inp,$num,$Ktbl)=map("x$_",(0..2,30));
+
+@X=map("$reg_t$_",(3..15,0..2));
+@V=($A,$B,$C,$D,$E,$F,$G,$H)=map("$reg_t$_",(20..27));
+($t0,$t1,$t2,$t3)=map("$reg_t$_",(16,17,19,28));
+
+sub BODY_00_xx {
+my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_;
+my $j=($i+1)&15;
+my ($T0,$T1,$T2)=(@X[($i-8)&15],@X[($i-9)&15],@X[($i-10)&15]);
+   $T0=@X[$i+3] if ($i<11);
+
+$code.=<<___	if ($i<16);
+#ifndef	__AARCH64EB__
+	rev	@X[$i],@X[$i]			// $i
+#endif
+___
+$code.=<<___	if ($i<13 && ($i&1));
+	ldp	@X[$i+1],@X[$i+2],[$inp],#2*$SZ
+___
+$code.=<<___	if ($i==13);
+	ldp	@X[14],@X[15],[$inp]
+___
+$code.=<<___	if ($i>=14);
+	ldr	@X[($i-11)&15],[sp,#`$SZ*(($i-11)%4)`]
+___
+$code.=<<___	if ($i>0 && $i<16);
+	add	$a,$a,$t1			// h+=Sigma0(a)
+___
+$code.=<<___	if ($i>=11);
+	str	@X[($i-8)&15],[sp,#`$SZ*(($i-8)%4)`]
+___
+# While ARMv8 specifies merged rotate-n-logical operation such as
+# 'eor x,y,z,ror#n', it was found to negatively affect performance
+# on Apple A7. The reason seems to be that it requires even 'y' to
+# be available earlier. This means that such merged instruction is
+# not necessarily best choice on critical path... On the other hand
+# Cortex-A5x handles merged instructions much better than disjoint
+# rotate and logical... See (**) footnote above.
+$code.=<<___	if ($i<15);
+	ror	$t0,$e,#$Sigma1[0]
+	add	$h,$h,$t2			// h+=K[i]
+	eor	$T0,$e,$e,ror#`$Sigma1[2]-$Sigma1[1]`
+	and	$t1,$f,$e
+	bic	$t2,$g,$e
+	add	$h,$h,@X[$i&15]			// h+=X[i]
+	orr	$t1,$t1,$t2			// Ch(e,f,g)
+	eor	$t2,$a,$b			// a^b, b^c in next round
+	eor	$t0,$t0,$T0,ror#$Sigma1[1]	// Sigma1(e)
+	ror	$T0,$a,#$Sigma0[0]
+	add	$h,$h,$t1			// h+=Ch(e,f,g)
+	eor	$t1,$a,$a,ror#`$Sigma0[2]-$Sigma0[1]`
+	add	$h,$h,$t0			// h+=Sigma1(e)
+	and	$t3,$t3,$t2			// (b^c)&=(a^b)
+	add	$d,$d,$h			// d+=h
+	eor	$t3,$t3,$b			// Maj(a,b,c)
+	eor	$t1,$T0,$t1,ror#$Sigma0[1]	// Sigma0(a)
+	add	$h,$h,$t3			// h+=Maj(a,b,c)
+	ldr	$t3,[$Ktbl],#$SZ		// *K++, $t2 in next round
+	//add	$h,$h,$t1			// h+=Sigma0(a)
+___
+$code.=<<___	if ($i>=15);
+	ror	$t0,$e,#$Sigma1[0]
+	add	$h,$h,$t2			// h+=K[i]
+	ror	$T1,@X[($j+1)&15],#$sigma0[0]
+	and	$t1,$f,$e
+	ror	$T2,@X[($j+14)&15],#$sigma1[0]
+	bic	$t2,$g,$e
+	ror	$T0,$a,#$Sigma0[0]
+	add	$h,$h,@X[$i&15]			// h+=X[i]
+	eor	$t0,$t0,$e,ror#$Sigma1[1]
+	eor	$T1,$T1,@X[($j+1)&15],ror#$sigma0[1]
+	orr	$t1,$t1,$t2			// Ch(e,f,g)
+	eor	$t2,$a,$b			// a^b, b^c in next round
+	eor	$t0,$t0,$e,ror#$Sigma1[2]	// Sigma1(e)
+	eor	$T0,$T0,$a,ror#$Sigma0[1]
+	add	$h,$h,$t1			// h+=Ch(e,f,g)
+	and	$t3,$t3,$t2			// (b^c)&=(a^b)
+	eor	$T2,$T2,@X[($j+14)&15],ror#$sigma1[1]
+	eor	$T1,$T1,@X[($j+1)&15],lsr#$sigma0[2]	// sigma0(X[i+1])
+	add	$h,$h,$t0			// h+=Sigma1(e)
+	eor	$t3,$t3,$b			// Maj(a,b,c)
+	eor	$t1,$T0,$a,ror#$Sigma0[2]	// Sigma0(a)
+	eor	$T2,$T2,@X[($j+14)&15],lsr#$sigma1[2]	// sigma1(X[i+14])
+	add	@X[$j],@X[$j],@X[($j+9)&15]
+	add	$d,$d,$h			// d+=h
+	add	$h,$h,$t3			// h+=Maj(a,b,c)
+	ldr	$t3,[$Ktbl],#$SZ		// *K++, $t2 in next round
+	add	@X[$j],@X[$j],$T1
+	add	$h,$h,$t1			// h+=Sigma0(a)
+	add	@X[$j],@X[$j],$T2
+___
+	($t2,$t3)=($t3,$t2);
+}
+
+$code.=<<___;
+#ifndef	__KERNEL__
+# include "arm_arch.h"
+#endif
+
+.text
+
+.extern	OPENSSL_armcap_P
+.globl	$func
+.type	$func,%function
+.align	6
+$func:
+#ifndef	__KERNEL__
+# ifdef	__ILP32__
+	ldrsw	x16,.LOPENSSL_armcap_P
+# else
+	ldr	x16,.LOPENSSL_armcap_P
+# endif
+	adr	x17,.LOPENSSL_armcap_P
+	add	x16,x16,x17
+	ldr	w16,[x16]
+___
+$code.=<<___	if ($SZ==4);
+	tst	w16,#ARMV8_SHA256
+	b.ne	.Lv8_entry
+	tst	w16,#ARMV7_NEON
+	b.ne	.Lneon_entry
+___
+$code.=<<___	if ($SZ==8);
+	tst	w16,#ARMV8_SHA512
+	b.ne	.Lv8_entry
+___
+$code.=<<___;
+#endif
+	.inst	0xd503233f				// paciasp
+	stp	x29,x30,[sp,#-128]!
+	add	x29,sp,#0
+
+	stp	x19,x20,[sp,#16]
+	stp	x21,x22,[sp,#32]
+	stp	x23,x24,[sp,#48]
+	stp	x25,x26,[sp,#64]
+	stp	x27,x28,[sp,#80]
+	sub	sp,sp,#4*$SZ
+
+	ldp	$A,$B,[$ctx]				// load context
+	ldp	$C,$D,[$ctx,#2*$SZ]
+	ldp	$E,$F,[$ctx,#4*$SZ]
+	add	$num,$inp,$num,lsl#`log(16*$SZ)/log(2)`	// end of input
+	ldp	$G,$H,[$ctx,#6*$SZ]
+	adr	$Ktbl,.LK$BITS
+	stp	$ctx,$num,[x29,#96]
+
+.Loop:
+	ldp	@X[0],@X[1],[$inp],#2*$SZ
+	ldr	$t2,[$Ktbl],#$SZ			// *K++
+	eor	$t3,$B,$C				// magic seed
+	str	$inp,[x29,#112]
+___
+for ($i=0;$i<16;$i++)	{ &BODY_00_xx($i,@V); unshift(@V,pop(@V)); }
+$code.=".Loop_16_xx:\n";
+for (;$i<32;$i++)	{ &BODY_00_xx($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	cbnz	$t2,.Loop_16_xx
+
+	ldp	$ctx,$num,[x29,#96]
+	ldr	$inp,[x29,#112]
+	sub	$Ktbl,$Ktbl,#`$SZ*($rounds+1)`		// rewind
+
+	ldp	@X[0],@X[1],[$ctx]
+	ldp	@X[2],@X[3],[$ctx,#2*$SZ]
+	add	$inp,$inp,#14*$SZ			// advance input pointer
+	ldp	@X[4],@X[5],[$ctx,#4*$SZ]
+	add	$A,$A,@X[0]
+	ldp	@X[6],@X[7],[$ctx,#6*$SZ]
+	add	$B,$B,@X[1]
+	add	$C,$C,@X[2]
+	add	$D,$D,@X[3]
+	stp	$A,$B,[$ctx]
+	add	$E,$E,@X[4]
+	add	$F,$F,@X[5]
+	stp	$C,$D,[$ctx,#2*$SZ]
+	add	$G,$G,@X[6]
+	add	$H,$H,@X[7]
+	cmp	$inp,$num
+	stp	$E,$F,[$ctx,#4*$SZ]
+	stp	$G,$H,[$ctx,#6*$SZ]
+	b.ne	.Loop
+
+	ldp	x19,x20,[x29,#16]
+	add	sp,sp,#4*$SZ
+	ldp	x21,x22,[x29,#32]
+	ldp	x23,x24,[x29,#48]
+	ldp	x25,x26,[x29,#64]
+	ldp	x27,x28,[x29,#80]
+	ldp	x29,x30,[sp],#128
+	.inst	0xd50323bf				// autiasp
+	ret
+.size	$func,.-$func
+
+.align	6
+.type	.LK$BITS,%object
+.LK$BITS:
+___
+$code.=<<___ if ($SZ==8);
+	.quad	0x428a2f98d728ae22,0x7137449123ef65cd
+	.quad	0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc
+	.quad	0x3956c25bf348b538,0x59f111f1b605d019
+	.quad	0x923f82a4af194f9b,0xab1c5ed5da6d8118
+	.quad	0xd807aa98a3030242,0x12835b0145706fbe
+	.quad	0x243185be4ee4b28c,0x550c7dc3d5ffb4e2
+	.quad	0x72be5d74f27b896f,0x80deb1fe3b1696b1
+	.quad	0x9bdc06a725c71235,0xc19bf174cf692694
+	.quad	0xe49b69c19ef14ad2,0xefbe4786384f25e3
+	.quad	0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65
+	.quad	0x2de92c6f592b0275,0x4a7484aa6ea6e483
+	.quad	0x5cb0a9dcbd41fbd4,0x76f988da831153b5
+	.quad	0x983e5152ee66dfab,0xa831c66d2db43210
+	.quad	0xb00327c898fb213f,0xbf597fc7beef0ee4
+	.quad	0xc6e00bf33da88fc2,0xd5a79147930aa725
+	.quad	0x06ca6351e003826f,0x142929670a0e6e70
+	.quad	0x27b70a8546d22ffc,0x2e1b21385c26c926
+	.quad	0x4d2c6dfc5ac42aed,0x53380d139d95b3df
+	.quad	0x650a73548baf63de,0x766a0abb3c77b2a8
+	.quad	0x81c2c92e47edaee6,0x92722c851482353b
+	.quad	0xa2bfe8a14cf10364,0xa81a664bbc423001
+	.quad	0xc24b8b70d0f89791,0xc76c51a30654be30
+	.quad	0xd192e819d6ef5218,0xd69906245565a910
+	.quad	0xf40e35855771202a,0x106aa07032bbd1b8
+	.quad	0x19a4c116b8d2d0c8,0x1e376c085141ab53
+	.quad	0x2748774cdf8eeb99,0x34b0bcb5e19b48a8
+	.quad	0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb
+	.quad	0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3
+	.quad	0x748f82ee5defb2fc,0x78a5636f43172f60
+	.quad	0x84c87814a1f0ab72,0x8cc702081a6439ec
+	.quad	0x90befffa23631e28,0xa4506cebde82bde9
+	.quad	0xbef9a3f7b2c67915,0xc67178f2e372532b
+	.quad	0xca273eceea26619c,0xd186b8c721c0c207
+	.quad	0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178
+	.quad	0x06f067aa72176fba,0x0a637dc5a2c898a6
+	.quad	0x113f9804bef90dae,0x1b710b35131c471b
+	.quad	0x28db77f523047d84,0x32caab7b40c72493
+	.quad	0x3c9ebe0a15c9bebc,0x431d67c49c100d4c
+	.quad	0x4cc5d4becb3e42b6,0x597f299cfc657e2a
+	.quad	0x5fcb6fab3ad6faec,0x6c44198c4a475817
+	.quad	0	// terminator
+___
+$code.=<<___ if ($SZ==4);
+	.long	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
+	.long	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
+	.long	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
+	.long	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
+	.long	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
+	.long	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
+	.long	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
+	.long	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
+	.long	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
+	.long	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
+	.long	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
+	.long	0xd192e819,0xd6990624,0xf40e3585,0x106aa070
+	.long	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
+	.long	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
+	.long	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
+	.long	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
+	.long	0	//terminator
+___
+$code.=<<___;
+.size	.LK$BITS,.-.LK$BITS
+#ifndef	__KERNEL__
+.align	3
+.LOPENSSL_armcap_P:
+# ifdef	__ILP32__
+	.long	OPENSSL_armcap_P-.
+# else
+	.quad	OPENSSL_armcap_P-.
+# endif
+#endif
+.asciz	"SHA$BITS block transform for ARMv8, CRYPTOGAMS by <appro\@openssl.org>"
+.align	2
+___
+
+if ($SZ==4) {
+my $Ktbl="x3";
+
+my ($ABCD,$EFGH,$abcd)=map("v$_.16b",(0..2));
+my @MSG=map("v$_.16b",(4..7));
+my ($W0,$W1)=("v16.4s","v17.4s");
+my ($ABCD_SAVE,$EFGH_SAVE)=("v18.16b","v19.16b");
+
+$code.=<<___;
+#ifndef	__KERNEL__
+.type	sha256_block_armv8,%function
+.align	6
+sha256_block_armv8:
+.Lv8_entry:
+	stp		x29,x30,[sp,#-16]!
+	add		x29,sp,#0
+
+	ld1.32		{$ABCD,$EFGH},[$ctx]
+	adr		$Ktbl,.LK256
+
+.Loop_hw:
+	ld1		{@MSG[0]-@MSG[3]},[$inp],#64
+	sub		$num,$num,#1
+	ld1.32		{$W0},[$Ktbl],#16
+	rev32		@MSG[0],@MSG[0]
+	rev32		@MSG[1],@MSG[1]
+	rev32		@MSG[2],@MSG[2]
+	rev32		@MSG[3],@MSG[3]
+	orr		$ABCD_SAVE,$ABCD,$ABCD		// offload
+	orr		$EFGH_SAVE,$EFGH,$EFGH
+___
+for($i=0;$i<12;$i++) {
+$code.=<<___;
+	ld1.32		{$W1},[$Ktbl],#16
+	add.i32		$W0,$W0,@MSG[0]
+	sha256su0	@MSG[0],@MSG[1]
+	orr		$abcd,$ABCD,$ABCD
+	sha256h		$ABCD,$EFGH,$W0
+	sha256h2	$EFGH,$abcd,$W0
+	sha256su1	@MSG[0],@MSG[2],@MSG[3]
+___
+	($W0,$W1)=($W1,$W0);	push(@MSG,shift(@MSG));
+}
+$code.=<<___;
+	ld1.32		{$W1},[$Ktbl],#16
+	add.i32		$W0,$W0,@MSG[0]
+	orr		$abcd,$ABCD,$ABCD
+	sha256h		$ABCD,$EFGH,$W0
+	sha256h2	$EFGH,$abcd,$W0
+
+	ld1.32		{$W0},[$Ktbl],#16
+	add.i32		$W1,$W1,@MSG[1]
+	orr		$abcd,$ABCD,$ABCD
+	sha256h		$ABCD,$EFGH,$W1
+	sha256h2	$EFGH,$abcd,$W1
+
+	ld1.32		{$W1},[$Ktbl]
+	add.i32		$W0,$W0,@MSG[2]
+	sub		$Ktbl,$Ktbl,#$rounds*$SZ-16	// rewind
+	orr		$abcd,$ABCD,$ABCD
+	sha256h		$ABCD,$EFGH,$W0
+	sha256h2	$EFGH,$abcd,$W0
+
+	add.i32		$W1,$W1,@MSG[3]
+	orr		$abcd,$ABCD,$ABCD
+	sha256h		$ABCD,$EFGH,$W1
+	sha256h2	$EFGH,$abcd,$W1
+
+	add.i32		$ABCD,$ABCD,$ABCD_SAVE
+	add.i32		$EFGH,$EFGH,$EFGH_SAVE
+
+	cbnz		$num,.Loop_hw
+
+	st1.32		{$ABCD,$EFGH},[$ctx]
+
+	ldr		x29,[sp],#16
+	ret
+.size	sha256_block_armv8,.-sha256_block_armv8
+#endif
+___
+}
+
+if ($SZ==4) {	######################################### NEON stuff #
+# You'll surely note a lot of similarities with sha256-armv4 module,
+# and of course it's not a coincidence. sha256-armv4 was used as
+# initial template, but was adapted for ARMv8 instruction set and
+# extensively re-tuned for all-round performance.
+
+my @V = ($A,$B,$C,$D,$E,$F,$G,$H) = map("w$_",(3..10));
+my ($t0,$t1,$t2,$t3,$t4) = map("w$_",(11..15));
+my $Ktbl="x16";
+my $Xfer="x17";
+my @X = map("q$_",(0..3));
+my ($T0,$T1,$T2,$T3,$T4,$T5,$T6,$T7) = map("q$_",(4..7,16..19));
+my $j=0;
+
+sub AUTOLOAD()          # thunk [simplified] x86-style perlasm
+{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://; $opcode =~ s/_/\./;
+  my $arg = pop;
+    $arg = "#$arg" if ($arg*1 eq $arg);
+    $code .= "\t$opcode\t".join(',',@_,$arg)."\n";
+}
+
+sub Dscalar { shift =~ m|[qv]([0-9]+)|?"d$1":""; }
+sub Dlo     { shift =~ m|[qv]([0-9]+)|?"v$1.d[0]":""; }
+sub Dhi     { shift =~ m|[qv]([0-9]+)|?"v$1.d[1]":""; }
+
+sub Xupdate()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);
+  my ($a,$b,$c,$d,$e,$f,$g,$h);
+
+	&ext_8		($T0,@X[0],@X[1],4);	# X[1..4]
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&ext_8		($T3,@X[2],@X[3],4);	# X[9..12]
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&mov		(&Dscalar($T7),&Dhi(@X[3]));	# X[14..15]
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&ushr_32	($T2,$T0,$sigma0[0]);
+	 eval(shift(@insns));
+	&ushr_32	($T1,$T0,$sigma0[2]);
+	 eval(shift(@insns));
+	&add_32 	(@X[0],@X[0],$T3);	# X[0..3] += X[9..12]
+	 eval(shift(@insns));
+	&sli_32		($T2,$T0,32-$sigma0[0]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&ushr_32	($T3,$T0,$sigma0[1]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&eor_8		($T1,$T1,$T2);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&sli_32		($T3,$T0,32-$sigma0[1]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &ushr_32	($T4,$T7,$sigma1[0]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&eor_8		($T1,$T1,$T3);		# sigma0(X[1..4])
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &sli_32	($T4,$T7,32-$sigma1[0]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &ushr_32	($T5,$T7,$sigma1[2]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &ushr_32	($T3,$T7,$sigma1[1]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&add_32		(@X[0],@X[0],$T1);	# X[0..3] += sigma0(X[1..4])
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &sli_u32	($T3,$T7,32-$sigma1[1]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &eor_8	($T5,$T5,$T4);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &eor_8	($T5,$T5,$T3);		# sigma1(X[14..15])
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&add_32		(@X[0],@X[0],$T5);	# X[0..1] += sigma1(X[14..15])
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &ushr_32	($T6,@X[0],$sigma1[0]);
+	 eval(shift(@insns));
+	  &ushr_32	($T7,@X[0],$sigma1[2]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &sli_32	($T6,@X[0],32-$sigma1[0]);
+	 eval(shift(@insns));
+	  &ushr_32	($T5,@X[0],$sigma1[1]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &eor_8	($T7,$T7,$T6);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &sli_32	($T5,@X[0],32-$sigma1[1]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&ld1_32		("{$T0}","[$Ktbl], #16");
+	 eval(shift(@insns));
+	  &eor_8	($T7,$T7,$T5);		# sigma1(X[16..17])
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&eor_8		($T5,$T5,$T5);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&mov		(&Dhi($T5), &Dlo($T7));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&add_32		(@X[0],@X[0],$T5);	# X[2..3] += sigma1(X[16..17])
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&add_32		($T0,$T0,@X[0]);
+	 while($#insns>=1) { eval(shift(@insns)); }
+	&st1_32		("{$T0}","[$Xfer], #16");
+	 eval(shift(@insns));
+
+	push(@X,shift(@X));		# "rotate" X[]
+}
+
+sub Xpreload()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);
+  my ($a,$b,$c,$d,$e,$f,$g,$h);
+
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&ld1_8		("{@X[0]}","[$inp],#16");
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&ld1_32		("{$T0}","[$Ktbl],#16");
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&rev32		(@X[0],@X[0]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&add_32		($T0,$T0,@X[0]);
+	 foreach (@insns) { eval; }	# remaining instructions
+	&st1_32		("{$T0}","[$Xfer], #16");
+
+	push(@X,shift(@X));		# "rotate" X[]
+}
+
+sub body_00_15 () {
+	(
+	'($a,$b,$c,$d,$e,$f,$g,$h)=@V;'.
+	'&add	($h,$h,$t1)',			# h+=X[i]+K[i]
+	'&add	($a,$a,$t4);'.			# h+=Sigma0(a) from the past
+	'&and	($t1,$f,$e)',
+	'&bic	($t4,$g,$e)',
+	'&eor	($t0,$e,$e,"ror#".($Sigma1[1]-$Sigma1[0]))',
+	'&add	($a,$a,$t2)',			# h+=Maj(a,b,c) from the past
+	'&orr	($t1,$t1,$t4)',			# Ch(e,f,g)
+	'&eor	($t0,$t0,$e,"ror#".($Sigma1[2]-$Sigma1[0]))',	# Sigma1(e)
+	'&eor	($t4,$a,$a,"ror#".($Sigma0[1]-$Sigma0[0]))',
+	'&add	($h,$h,$t1)',			# h+=Ch(e,f,g)
+	'&ror	($t0,$t0,"#$Sigma1[0]")',
+	'&eor	($t2,$a,$b)',			# a^b, b^c in next round
+	'&eor	($t4,$t4,$a,"ror#".($Sigma0[2]-$Sigma0[0]))',	# Sigma0(a)
+	'&add	($h,$h,$t0)',			# h+=Sigma1(e)
+	'&ldr	($t1,sprintf "[sp,#%d]",4*(($j+1)&15))	if (($j&15)!=15);'.
+	'&ldr	($t1,"[$Ktbl]")				if ($j==15);'.
+	'&and	($t3,$t3,$t2)',			# (b^c)&=(a^b)
+	'&ror	($t4,$t4,"#$Sigma0[0]")',
+	'&add	($d,$d,$h)',			# d+=h
+	'&eor	($t3,$t3,$b)',			# Maj(a,b,c)
+	'$j++;	unshift(@V,pop(@V)); ($t2,$t3)=($t3,$t2);'
+	)
+}
+
+$code.=<<___;
+#ifdef	__KERNEL__
+.globl	sha256_block_neon
+#endif
+.type	sha256_block_neon,%function
+.align	4
+sha256_block_neon:
+.Lneon_entry:
+	stp	x29, x30, [sp, #-16]!
+	mov	x29, sp
+	sub	sp,sp,#16*4
+
+	adr	$Ktbl,.LK256
+	add	$num,$inp,$num,lsl#6	// len to point at the end of inp
+
+	ld1.8	{@X[0]},[$inp], #16
+	ld1.8	{@X[1]},[$inp], #16
+	ld1.8	{@X[2]},[$inp], #16
+	ld1.8	{@X[3]},[$inp], #16
+	ld1.32	{$T0},[$Ktbl], #16
+	ld1.32	{$T1},[$Ktbl], #16
+	ld1.32	{$T2},[$Ktbl], #16
+	ld1.32	{$T3},[$Ktbl], #16
+	rev32	@X[0],@X[0]		// yes, even on
+	rev32	@X[1],@X[1]		// big-endian
+	rev32	@X[2],@X[2]
+	rev32	@X[3],@X[3]
+	mov	$Xfer,sp
+	add.32	$T0,$T0,@X[0]
+	add.32	$T1,$T1,@X[1]
+	add.32	$T2,$T2,@X[2]
+	st1.32	{$T0-$T1},[$Xfer], #32
+	add.32	$T3,$T3,@X[3]
+	st1.32	{$T2-$T3},[$Xfer]
+	sub	$Xfer,$Xfer,#32
+
+	ldp	$A,$B,[$ctx]
+	ldp	$C,$D,[$ctx,#8]
+	ldp	$E,$F,[$ctx,#16]
+	ldp	$G,$H,[$ctx,#24]
+	ldr	$t1,[sp,#0]
+	mov	$t2,wzr
+	eor	$t3,$B,$C
+	mov	$t4,wzr
+	b	.L_00_48
+
+.align	4
+.L_00_48:
+___
+	&Xupdate(\&body_00_15);
+	&Xupdate(\&body_00_15);
+	&Xupdate(\&body_00_15);
+	&Xupdate(\&body_00_15);
+$code.=<<___;
+	cmp	$t1,#0				// check for K256 terminator
+	ldr	$t1,[sp,#0]
+	sub	$Xfer,$Xfer,#64
+	bne	.L_00_48
+
+	sub	$Ktbl,$Ktbl,#256		// rewind $Ktbl
+	cmp	$inp,$num
+	mov	$Xfer, #64
+	csel	$Xfer, $Xfer, xzr, eq
+	sub	$inp,$inp,$Xfer			// avoid SEGV
+	mov	$Xfer,sp
+___
+	&Xpreload(\&body_00_15);
+	&Xpreload(\&body_00_15);
+	&Xpreload(\&body_00_15);
+	&Xpreload(\&body_00_15);
+$code.=<<___;
+	add	$A,$A,$t4			// h+=Sigma0(a) from the past
+	ldp	$t0,$t1,[$ctx,#0]
+	add	$A,$A,$t2			// h+=Maj(a,b,c) from the past
+	ldp	$t2,$t3,[$ctx,#8]
+	add	$A,$A,$t0			// accumulate
+	add	$B,$B,$t1
+	ldp	$t0,$t1,[$ctx,#16]
+	add	$C,$C,$t2
+	add	$D,$D,$t3
+	ldp	$t2,$t3,[$ctx,#24]
+	add	$E,$E,$t0
+	add	$F,$F,$t1
+	 ldr	$t1,[sp,#0]
+	stp	$A,$B,[$ctx,#0]
+	add	$G,$G,$t2
+	 mov	$t2,wzr
+	stp	$C,$D,[$ctx,#8]
+	add	$H,$H,$t3
+	stp	$E,$F,[$ctx,#16]
+	 eor	$t3,$B,$C
+	stp	$G,$H,[$ctx,#24]
+	 mov	$t4,wzr
+	 mov	$Xfer,sp
+	b.ne	.L_00_48
+
+	ldr	x29,[x29]
+	add	sp,sp,#16*4+16
+	ret
+.size	sha256_block_neon,.-sha256_block_neon
+___
+}
+
+if ($SZ==8) {
+my $Ktbl="x3";
+
+my @H = map("v$_.16b",(0..4));
+my ($fg,$de,$m9_10)=map("v$_.16b",(5..7));
+my @MSG=map("v$_.16b",(16..23));
+my ($W0,$W1)=("v24.2d","v25.2d");
+my ($AB,$CD,$EF,$GH)=map("v$_.16b",(26..29));
+
+$code.=<<___;
+#ifndef	__KERNEL__
+.type	sha512_block_armv8,%function
+.align	6
+sha512_block_armv8:
+.Lv8_entry:
+	stp		x29,x30,[sp,#-16]!
+	add		x29,sp,#0
+
+	ld1		{@MSG[0]-@MSG[3]},[$inp],#64	// load input
+	ld1		{@MSG[4]-@MSG[7]},[$inp],#64
+
+	ld1.64		{@H[0]-@H[3]},[$ctx]		// load context
+	adr		$Ktbl,.LK512
+
+	rev64		@MSG[0],@MSG[0]
+	rev64		@MSG[1],@MSG[1]
+	rev64		@MSG[2],@MSG[2]
+	rev64		@MSG[3],@MSG[3]
+	rev64		@MSG[4],@MSG[4]
+	rev64		@MSG[5],@MSG[5]
+	rev64		@MSG[6],@MSG[6]
+	rev64		@MSG[7],@MSG[7]
+	b		.Loop_hw
+
+.align	4
+.Loop_hw:
+	ld1.64		{$W0},[$Ktbl],#16
+	subs		$num,$num,#1
+	sub		x4,$inp,#128
+	orr		$AB,@H[0],@H[0]			// offload
+	orr		$CD,@H[1],@H[1]
+	orr		$EF,@H[2],@H[2]
+	orr		$GH,@H[3],@H[3]
+	csel		$inp,$inp,x4,ne			// conditional rewind
+___
+for($i=0;$i<32;$i++) {
+$code.=<<___;
+	add.i64		$W0,$W0,@MSG[0]
+	ld1.64		{$W1},[$Ktbl],#16
+	ext		$W0,$W0,$W0,#8
+	ext		$fg,@H[2],@H[3],#8
+	ext		$de,@H[1],@H[2],#8
+	add.i64		@H[3],@H[3],$W0			// "T1 + H + K512[i]"
+	 sha512su0	@MSG[0],@MSG[1]
+	 ext		$m9_10,@MSG[4],@MSG[5],#8
+	sha512h		@H[3],$fg,$de
+	 sha512su1	@MSG[0],@MSG[7],$m9_10
+	add.i64		@H[4],@H[1],@H[3]		// "D + T1"
+	sha512h2	@H[3],$H[1],@H[0]
+___
+	($W0,$W1)=($W1,$W0);	push(@MSG,shift(@MSG));
+	@H = (@H[3],@H[0],@H[4],@H[2],@H[1]);
+}
+for(;$i<40;$i++) {
+$code.=<<___	if ($i<39);
+	ld1.64		{$W1},[$Ktbl],#16
+___
+$code.=<<___	if ($i==39);
+	sub		$Ktbl,$Ktbl,#$rounds*$SZ	// rewind
+___
+$code.=<<___;
+	add.i64		$W0,$W0,@MSG[0]
+	 ld1		{@MSG[0]},[$inp],#16		// load next input
+	ext		$W0,$W0,$W0,#8
+	ext		$fg,@H[2],@H[3],#8
+	ext		$de,@H[1],@H[2],#8
+	add.i64		@H[3],@H[3],$W0			// "T1 + H + K512[i]"
+	sha512h		@H[3],$fg,$de
+	 rev64		@MSG[0],@MSG[0]
+	add.i64		@H[4],@H[1],@H[3]		// "D + T1"
+	sha512h2	@H[3],$H[1],@H[0]
+___
+	($W0,$W1)=($W1,$W0);	push(@MSG,shift(@MSG));
+	@H = (@H[3],@H[0],@H[4],@H[2],@H[1]);
+}
+$code.=<<___;
+	add.i64		@H[0],@H[0],$AB			// accumulate
+	add.i64		@H[1],@H[1],$CD
+	add.i64		@H[2],@H[2],$EF
+	add.i64		@H[3],@H[3],$GH
+
+	cbnz		$num,.Loop_hw
+
+	st1.64		{@H[0]-@H[3]},[$ctx]		// store context
+
+	ldr		x29,[sp],#16
+	ret
+.size	sha512_block_armv8,.-sha512_block_armv8
+#endif
+___
+}
+
+$code.=<<___;
+#ifndef	__KERNEL__
+.comm	OPENSSL_armcap_P,4,4
+#endif
+___
+
+{   my  %opcode = (
+	"sha256h"	=> 0x5e004000,	"sha256h2"	=> 0x5e005000,
+	"sha256su0"	=> 0x5e282800,	"sha256su1"	=> 0x5e006000	);
+
+    sub unsha256 {
+	my ($mnemonic,$arg)=@_;
+
+	$arg =~ m/[qv]([0-9]+)[^,]*,\s*[qv]([0-9]+)[^,]*(?:,\s*[qv]([0-9]+))?/o
+	&&
+	sprintf ".inst\t0x%08x\t//%s %s",
+			$opcode{$mnemonic}|$1|($2<<5)|($3<<16),
+			$mnemonic,$arg;
+    }
+}
+
+{   my  %opcode = (
+	"sha512h"	=> 0xce608000,	"sha512h2"	=> 0xce608400,
+	"sha512su0"	=> 0xcec08000,	"sha512su1"	=> 0xce608800	);
+
+    sub unsha512 {
+	my ($mnemonic,$arg)=@_;
+
+	$arg =~ m/[qv]([0-9]+)[^,]*,\s*[qv]([0-9]+)[^,]*(?:,\s*[qv]([0-9]+))?/o
+	&&
+	sprintf ".inst\t0x%08x\t//%s %s",
+			$opcode{$mnemonic}|$1|($2<<5)|($3<<16),
+			$mnemonic,$arg;
+    }
+}
+
+open SELF,$0;
+while(<SELF>) {
+        next if (/^#!/);
+        last if (!s/^#/\/\// and !/^$/);
+        print;
+}
+close SELF;
+
+foreach(split("\n",$code)) {
+
+	s/\`([^\`]*)\`/eval($1)/ge;
+
+	s/\b(sha512\w+)\s+([qv].*)/unsha512($1,$2)/ge	or
+	s/\b(sha256\w+)\s+([qv].*)/unsha256($1,$2)/ge;
+
+	s/\bq([0-9]+)\b/v$1.16b/g;		# old->new registers
+
+	s/\.[ui]?8(\s)/$1/;
+	s/\.\w?64\b//		and s/\.16b/\.2d/g	or
+	s/\.\w?32\b//		and s/\.16b/\.4s/g;
+	m/\bext\b/		and s/\.2d/\.16b/g	or
+	m/(ld|st)1[^\[]+\[0\]/	and s/\.4s/\.s/g;
+
+	print $_,"\n";
+}
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-c64xplus.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-c64xplus.pl
new file mode 100644
index 000000000..9ebfc92e2
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-c64xplus.pl
@@ -0,0 +1,438 @@
+#! /usr/bin/env perl
+# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# SHA512 for C64x+.
+#
+# January 2012
+#
+# Performance is 19 cycles per processed byte. Compared to block
+# transform function from sha512.c compiled with cl6x with -mv6400+
+# -o2 -DOPENSSL_SMALL_FOOTPRINT it's almost 7x faster and 2x smaller.
+# Loop unroll won't make it, this implementation, any faster, because
+# it's effectively dominated by SHRU||SHL pairs and you can't schedule
+# more of them.
+#
+# !!! Note that this module uses AMR, which means that all interrupt
+# service routines are expected to preserve it and for own well-being
+# zero it upon entry.
+
+while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+open STDOUT,">$output";
+
+($CTXA,$INP,$NUM) = ("A4","B4","A6");            # arguments
+ $K512="A3";
+
+($Ahi,$Actxhi,$Bhi,$Bctxhi,$Chi,$Cctxhi,$Dhi,$Dctxhi,
+ $Ehi,$Ectxhi,$Fhi,$Fctxhi,$Ghi,$Gctxhi,$Hhi,$Hctxhi)=map("A$_",(16..31));
+($Alo,$Actxlo,$Blo,$Bctxlo,$Clo,$Cctxlo,$Dlo,$Dctxlo,
+ $Elo,$Ectxlo,$Flo,$Fctxlo,$Glo,$Gctxlo,$Hlo,$Hctxlo)=map("B$_",(16..31));
+
+($S1hi,$CHhi,$S0hi,$t0hi)=map("A$_",(10..13));
+($S1lo,$CHlo,$S0lo,$t0lo)=map("B$_",(10..13));
+($T1hi,         $T2hi)=         ("A6","A7");
+($T1lo,$T1carry,$T2lo,$T2carry)=("B6","B7","B8","B9");
+($Khi,$Klo)=("A9","A8");
+($MAJhi,$MAJlo)=($T2hi,$T2lo);
+($t1hi,$t1lo)=($Khi,"B2");
+ $CTXB=$t1lo;
+
+($Xihi,$Xilo)=("A5","B5");			# circular/ring buffer
+
+$code.=<<___;
+	.text
+
+	.if	.ASSEMBLER_VERSION<7000000
+	.asg	0,__TI_EABI__
+	.endif
+	.if	__TI_EABI__
+	.nocmp
+	.asg	sha512_block_data_order,_sha512_block_data_order
+	.endif
+
+	.asg	B3,RA
+	.asg	A15,FP
+	.asg	B15,SP
+
+	.if	.BIG_ENDIAN
+	.asg	$Khi,KHI
+	.asg	$Klo,KLO
+	.else
+	.asg	$Khi,KLO
+	.asg	$Klo,KHI
+	.endif
+
+	.global	_sha512_block_data_order
+_sha512_block_data_order:
+__sha512_block:
+	.asmfunc stack_usage(40+128)
+	MV	$NUM,A0				; reassign $NUM
+||	MVK	-128,B0
+  [!A0]	BNOP	RA				; if ($NUM==0) return;
+|| [A0]	STW	FP,*SP--(40)			; save frame pointer
+|| [A0]	MV	SP,FP
+   [A0]	STDW	B13:B12,*SP[4]
+|| [A0]	MVK	0x00404,B1
+   [A0]	STDW	B11:B10,*SP[3]
+|| [A0]	STDW	A13:A12,*FP[-3]
+|| [A0]	MVKH	0x60000,B1
+   [A0]	STDW	A11:A10,*SP[1]
+|| [A0]	MVC	B1,AMR				; setup circular addressing
+|| [A0]	ADD	B0,SP,SP			; alloca(128)
+	.if	__TI_EABI__
+   [A0]	AND	B0,SP,SP			; align stack at 128 bytes
+|| [A0]	ADDKPC	__sha512_block,B1
+|| [A0]	MVKL	\$PCR_OFFSET(K512,__sha512_block),$K512
+   [A0]	MVKH	\$PCR_OFFSET(K512,__sha512_block),$K512
+|| [A0]	SUBAW	SP,2,SP				; reserve two words above buffer
+	.else
+   [A0]	AND	B0,SP,SP			; align stack at 128 bytes
+|| [A0]	ADDKPC	__sha512_block,B1
+|| [A0]	MVKL	(K512-__sha512_block),$K512
+   [A0]	MVKH	(K512-__sha512_block),$K512
+|| [A0]	SUBAW	SP,2,SP				; reserve two words above buffer
+	.endif
+	ADDAW	SP,3,$Xilo
+	ADDAW	SP,2,$Xihi
+
+||	MV	$CTXA,$CTXB
+	LDW	*${CTXA}[0^.LITTLE_ENDIAN],$Ahi	; load ctx
+||	LDW	*${CTXB}[1^.LITTLE_ENDIAN],$Alo
+||	ADD	B1,$K512,$K512
+	LDW	*${CTXA}[2^.LITTLE_ENDIAN],$Bhi
+||	LDW	*${CTXB}[3^.LITTLE_ENDIAN],$Blo
+	LDW	*${CTXA}[4^.LITTLE_ENDIAN],$Chi
+||	LDW	*${CTXB}[5^.LITTLE_ENDIAN],$Clo
+	LDW	*${CTXA}[6^.LITTLE_ENDIAN],$Dhi
+||	LDW	*${CTXB}[7^.LITTLE_ENDIAN],$Dlo
+	LDW	*${CTXA}[8^.LITTLE_ENDIAN],$Ehi
+||	LDW	*${CTXB}[9^.LITTLE_ENDIAN],$Elo
+	LDW	*${CTXA}[10^.LITTLE_ENDIAN],$Fhi
+||	LDW	*${CTXB}[11^.LITTLE_ENDIAN],$Flo
+	LDW	*${CTXA}[12^.LITTLE_ENDIAN],$Ghi
+||	LDW	*${CTXB}[13^.LITTLE_ENDIAN],$Glo
+	LDW	*${CTXA}[14^.LITTLE_ENDIAN],$Hhi
+||	LDW	*${CTXB}[15^.LITTLE_ENDIAN],$Hlo
+
+	LDNDW	*$INP++,B11:B10			; pre-fetch input
+	LDDW	*$K512++,$Khi:$Klo		; pre-fetch K512[0]
+outerloop?:
+	MVK	15,B0				; loop counters
+||	MVK	64,B1
+||	SUB	A0,1,A0
+	MV	$Ahi,$Actxhi
+||	MV	$Alo,$Actxlo
+||	MV	$Bhi,$Bctxhi
+||	MV	$Blo,$Bctxlo
+||	MV	$Chi,$Cctxhi
+||	MV	$Clo,$Cctxlo
+||	MVD	$Dhi,$Dctxhi
+||	MVD	$Dlo,$Dctxlo
+	MV	$Ehi,$Ectxhi
+||	MV	$Elo,$Ectxlo
+||	MV	$Fhi,$Fctxhi
+||	MV	$Flo,$Fctxlo
+||	MV	$Ghi,$Gctxhi
+||	MV	$Glo,$Gctxlo
+||	MVD	$Hhi,$Hctxhi
+||	MVD	$Hlo,$Hctxlo
+loop0_15?:
+	.if	.BIG_ENDIAN
+	MV	B11,$T1hi
+||	MV	B10,$T1lo
+	.else
+	SWAP4	B10,$T1hi
+||	SWAP4	B11,$T1lo
+	SWAP2	$T1hi,$T1hi
+||	SWAP2	$T1lo,$T1lo
+	.endif
+loop16_79?:
+	STW	$T1hi,*$Xihi++[2]
+||	STW	$T1lo,*$Xilo++[2]			; X[i] = T1
+||	ADD	$Hhi,$T1hi,$T1hi
+||	ADDU	$Hlo,$T1lo,$T1carry:$T1lo		; T1 += h
+||	SHRU	$Ehi,14,$S1hi
+||	SHL	$Ehi,32-14,$S1lo
+	XOR	$Fhi,$Ghi,$CHhi
+||	XOR	$Flo,$Glo,$CHlo
+||	ADD	KHI,$T1hi,$T1hi
+||	ADDU	KLO,$T1carry:$T1lo,$T1carry:$T1lo	; T1 += K512[i]
+||	SHRU	$Elo,14,$t0lo
+||	SHL	$Elo,32-14,$t0hi
+	XOR	$t0hi,$S1hi,$S1hi
+||	XOR	$t0lo,$S1lo,$S1lo
+||	AND	$Ehi,$CHhi,$CHhi
+||	AND	$Elo,$CHlo,$CHlo
+||	ROTL	$Ghi,0,$Hhi
+||	ROTL	$Glo,0,$Hlo				; h = g
+||	SHRU	$Ehi,18,$t0hi
+||	SHL	$Ehi,32-18,$t0lo
+	XOR	$t0hi,$S1hi,$S1hi
+||	XOR	$t0lo,$S1lo,$S1lo
+||	XOR	$Ghi,$CHhi,$CHhi
+||	XOR	$Glo,$CHlo,$CHlo			; Ch(e,f,g) = ((f^g)&e)^g
+||	ROTL	$Fhi,0,$Ghi
+||	ROTL	$Flo,0,$Glo				; g = f
+||	SHRU	$Elo,18,$t0lo
+||	SHL	$Elo,32-18,$t0hi
+	XOR	$t0hi,$S1hi,$S1hi
+||	XOR	$t0lo,$S1lo,$S1lo
+||	OR	$Ahi,$Bhi,$MAJhi
+||	OR	$Alo,$Blo,$MAJlo
+||	ROTL	$Ehi,0,$Fhi
+||	ROTL	$Elo,0,$Flo				; f = e
+||	SHRU	$Ehi,41-32,$t0lo
+||	SHL	$Ehi,64-41,$t0hi
+	XOR	$t0hi,$S1hi,$S1hi
+||	XOR	$t0lo,$S1lo,$S1lo
+||	AND	$Chi,$MAJhi,$MAJhi
+||	AND	$Clo,$MAJlo,$MAJlo
+||	ROTL	$Dhi,0,$Ehi
+||	ROTL	$Dlo,0,$Elo				; e = d
+||	SHRU	$Elo,41-32,$t0hi
+||	SHL	$Elo,64-41,$t0lo
+	XOR	$t0hi,$S1hi,$S1hi
+||	XOR	$t0lo,$S1lo,$S1lo			; Sigma1(e)
+||	AND	$Ahi,$Bhi,$t1hi
+||	AND	$Alo,$Blo,$t1lo
+||	ROTL	$Chi,0,$Dhi
+||	ROTL	$Clo,0,$Dlo				; d = c
+||	SHRU	$Ahi,28,$S0hi
+||	SHL	$Ahi,32-28,$S0lo
+	OR	$t1hi,$MAJhi,$MAJhi
+||	OR	$t1lo,$MAJlo,$MAJlo			; Maj(a,b,c) = ((a|b)&c)|(a&b)
+||	ADD	$CHhi,$T1hi,$T1hi
+||	ADDU	$CHlo,$T1carry:$T1lo,$T1carry:$T1lo	; T1 += Ch(e,f,g)
+||	ROTL	$Bhi,0,$Chi
+||	ROTL	$Blo,0,$Clo				; c = b
+||	SHRU	$Alo,28,$t0lo
+||	SHL	$Alo,32-28,$t0hi
+	XOR	$t0hi,$S0hi,$S0hi
+||	XOR	$t0lo,$S0lo,$S0lo
+||	ADD	$S1hi,$T1hi,$T1hi
+||	ADDU	$S1lo,$T1carry:$T1lo,$T1carry:$T1lo	; T1 += Sigma1(e)
+||	ROTL	$Ahi,0,$Bhi
+||	ROTL	$Alo,0,$Blo				; b = a
+||	SHRU	$Ahi,34-32,$t0lo
+||	SHL	$Ahi,64-34,$t0hi
+	XOR	$t0hi,$S0hi,$S0hi
+||	XOR	$t0lo,$S0lo,$S0lo
+||	ADD	$MAJhi,$T1hi,$T2hi
+||	ADDU	$MAJlo,$T1carry:$T1lo,$T2carry:$T2lo	; T2 = T1+Maj(a,b,c)
+||	SHRU	$Alo,34-32,$t0hi
+||	SHL	$Alo,64-34,$t0lo
+	XOR	$t0hi,$S0hi,$S0hi
+||	XOR	$t0lo,$S0lo,$S0lo
+||	ADD	$Ehi,$T1hi,$T1hi
+||	ADDU	$Elo,$T1carry:$T1lo,$T1carry:$T1lo	; T1 += e
+|| [B0]	BNOP	loop0_15?
+||	SHRU	$Ahi,39-32,$t0lo
+||	SHL	$Ahi,64-39,$t0hi
+	XOR	$t0hi,$S0hi,$S0hi
+||	XOR	$t0lo,$S0lo,$S0lo
+|| [B0]	LDNDW	*$INP++,B11:B10				; pre-fetch input
+||[!B1]	BNOP	break?
+||	SHRU	$Alo,39-32,$t0hi
+||	SHL	$Alo,64-39,$t0lo
+	XOR	$t0hi,$S0hi,$S0hi
+||	XOR	$t0lo,$S0lo,$S0lo			; Sigma0(a)
+||	ADD	$T1carry,$T1hi,$Ehi
+||	MV	$T1lo,$Elo				; e = T1
+||[!B0]	LDW	*${Xihi}[28],$T1hi
+||[!B0]	LDW	*${Xilo}[28],$T1lo			; X[i+14]
+	ADD	$S0hi,$T2hi,$T2hi
+||	ADDU	$S0lo,$T2carry:$T2lo,$T2carry:$T2lo	; T2 += Sigma0(a)
+|| [B1]	LDDW	*$K512++,$Khi:$Klo			; pre-fetch K512[i]
+	NOP						; avoid cross-path stall
+	ADD	$T2carry,$T2hi,$Ahi
+||	MV	$T2lo,$Alo				; a = T2
+|| [B0]	SUB	B0,1,B0
+;;===== branch to loop00_15? is taken here
+	NOP
+;;===== branch to break? is taken here
+	LDW	*${Xihi}[2],$T2hi
+||	LDW	*${Xilo}[2],$T2lo			; X[i+1]
+||	SHRU	$T1hi,19,$S1hi
+||	SHL	$T1hi,32-19,$S1lo
+	SHRU	$T1lo,19,$t0lo
+||	SHL	$T1lo,32-19,$t0hi
+	XOR	$t0hi,$S1hi,$S1hi
+||	XOR	$t0lo,$S1lo,$S1lo
+||	SHRU	$T1hi,61-32,$t0lo
+||	SHL	$T1hi,64-61,$t0hi
+	XOR	$t0hi,$S1hi,$S1hi
+||	XOR	$t0lo,$S1lo,$S1lo
+||	SHRU	$T1lo,61-32,$t0hi
+||	SHL	$T1lo,64-61,$t0lo
+	XOR	$t0hi,$S1hi,$S1hi
+||	XOR	$t0lo,$S1lo,$S1lo
+||	SHRU	$T1hi,6,$t0hi
+||	SHL	$T1hi,32-6,$t0lo
+	XOR	$t0hi,$S1hi,$S1hi
+||	XOR	$t0lo,$S1lo,$S1lo
+||	SHRU	$T1lo,6,$t0lo
+||	LDW	*${Xihi}[18],$T1hi
+||	LDW	*${Xilo}[18],$T1lo			; X[i+9]
+	XOR	$t0lo,$S1lo,$S1lo			; sigma1(Xi[i+14])
+
+||	LDW	*${Xihi}[0],$CHhi
+||	LDW	*${Xilo}[0],$CHlo			; X[i]
+||	SHRU	$T2hi,1,$S0hi
+||	SHL	$T2hi,32-1,$S0lo
+	SHRU	$T2lo,1,$t0lo
+||	SHL	$T2lo,32-1,$t0hi
+	XOR	$t0hi,$S0hi,$S0hi
+||	XOR	$t0lo,$S0lo,$S0lo
+||	SHRU	$T2hi,8,$t0hi
+||	SHL	$T2hi,32-8,$t0lo
+	XOR	$t0hi,$S0hi,$S0hi
+||	XOR	$t0lo,$S0lo,$S0lo
+||	SHRU	$T2lo,8,$t0lo
+||	SHL	$T2lo,32-8,$t0hi
+	XOR	$t0hi,$S0hi,$S0hi
+||	XOR	$t0lo,$S0lo,$S0lo
+||	ADD	$S1hi,$T1hi,$T1hi
+||	ADDU	$S1lo,$T1lo,$T1carry:$T1lo		; T1 = X[i+9]+sigma1()
+|| [B1]	BNOP	loop16_79?
+||	SHRU	$T2hi,7,$t0hi
+||	SHL	$T2hi,32-7,$t0lo
+	XOR	$t0hi,$S0hi,$S0hi
+||	XOR	$t0lo,$S0lo,$S0lo
+||	ADD	$CHhi,$T1hi,$T1hi
+||	ADDU	$CHlo,$T1carry:$T1lo,$T1carry:$T1lo	; T1 += X[i]
+||	SHRU	$T2lo,7,$t0lo
+	XOR	$t0lo,$S0lo,$S0lo			; sigma0(Xi[i+1]
+
+	ADD	$S0hi,$T1hi,$T1hi
+||	ADDU	$S0lo,$T1carry:$T1lo,$T1carry:$T1lo	; T1 += sigma0()
+|| [B1]	SUB	B1,1,B1
+	NOP						; avoid cross-path stall
+	ADD	$T1carry,$T1hi,$T1hi
+;;===== branch to loop16_79? is taken here
+
+break?:
+	ADD	$Ahi,$Actxhi,$Ahi		; accumulate ctx
+||	ADDU	$Alo,$Actxlo,$Actxlo:$Alo
+|| [A0]	LDNDW	*$INP++,B11:B10			; pre-fetch input
+|| [A0]	ADDK	-640,$K512			; rewind pointer to K512
+	ADD	$Bhi,$Bctxhi,$Bhi
+||	ADDU	$Blo,$Bctxlo,$Bctxlo:$Blo
+|| [A0]	LDDW	*$K512++,$Khi:$Klo		; pre-fetch K512[0]
+	ADD	$Chi,$Cctxhi,$Chi
+||	ADDU	$Clo,$Cctxlo,$Cctxlo:$Clo
+||	ADD	$Actxlo,$Ahi,$Ahi
+||[!A0]	MV	$CTXA,$CTXB
+	ADD	$Dhi,$Dctxhi,$Dhi
+||	ADDU	$Dlo,$Dctxlo,$Dctxlo:$Dlo
+||	ADD	$Bctxlo,$Bhi,$Bhi
+||[!A0]	STW	$Ahi,*${CTXA}[0^.LITTLE_ENDIAN]	; save ctx
+||[!A0]	STW	$Alo,*${CTXB}[1^.LITTLE_ENDIAN]
+	ADD	$Ehi,$Ectxhi,$Ehi
+||	ADDU	$Elo,$Ectxlo,$Ectxlo:$Elo
+||	ADD	$Cctxlo,$Chi,$Chi
+|| [A0]	BNOP	outerloop?
+||[!A0]	STW	$Bhi,*${CTXA}[2^.LITTLE_ENDIAN]
+||[!A0]	STW	$Blo,*${CTXB}[3^.LITTLE_ENDIAN]
+	ADD	$Fhi,$Fctxhi,$Fhi
+||	ADDU	$Flo,$Fctxlo,$Fctxlo:$Flo
+||	ADD	$Dctxlo,$Dhi,$Dhi
+||[!A0]	STW	$Chi,*${CTXA}[4^.LITTLE_ENDIAN]
+||[!A0]	STW	$Clo,*${CTXB}[5^.LITTLE_ENDIAN]
+	ADD	$Ghi,$Gctxhi,$Ghi
+||	ADDU	$Glo,$Gctxlo,$Gctxlo:$Glo
+||	ADD	$Ectxlo,$Ehi,$Ehi
+||[!A0]	STW	$Dhi,*${CTXA}[6^.LITTLE_ENDIAN]
+||[!A0]	STW	$Dlo,*${CTXB}[7^.LITTLE_ENDIAN]
+	ADD	$Hhi,$Hctxhi,$Hhi
+||	ADDU	$Hlo,$Hctxlo,$Hctxlo:$Hlo
+||	ADD	$Fctxlo,$Fhi,$Fhi
+||[!A0]	STW	$Ehi,*${CTXA}[8^.LITTLE_ENDIAN]
+||[!A0]	STW	$Elo,*${CTXB}[9^.LITTLE_ENDIAN]
+	ADD	$Gctxlo,$Ghi,$Ghi
+||[!A0]	STW	$Fhi,*${CTXA}[10^.LITTLE_ENDIAN]
+||[!A0]	STW	$Flo,*${CTXB}[11^.LITTLE_ENDIAN]
+	ADD	$Hctxlo,$Hhi,$Hhi
+||[!A0]	STW	$Ghi,*${CTXA}[12^.LITTLE_ENDIAN]
+||[!A0]	STW	$Glo,*${CTXB}[13^.LITTLE_ENDIAN]
+;;===== branch to outerloop? is taken here
+
+	STW	$Hhi,*${CTXA}[14^.LITTLE_ENDIAN]
+||	STW	$Hlo,*${CTXB}[15^.LITTLE_ENDIAN]
+||	MVK	-40,B0
+	ADD	FP,B0,SP			; destroy circular buffer
+||	LDDW	*FP[-4],A11:A10
+	LDDW	*SP[2],A13:A12
+||	LDDW	*FP[-2],B11:B10
+	LDDW	*SP[4],B13:B12
+||	BNOP	RA
+	LDW	*++SP(40),FP			; restore frame pointer
+	MVK	0,B0
+	MVC	B0,AMR				; clear AMR
+	NOP	2				; wait till FP is committed
+	.endasmfunc
+
+	.if	__TI_EABI__
+	.sect	".text:sha_asm.const"
+	.else
+	.sect	".const:sha_asm"
+	.endif
+	.align	128
+K512:
+	.uword	0x428a2f98,0xd728ae22, 0x71374491,0x23ef65cd
+	.uword	0xb5c0fbcf,0xec4d3b2f, 0xe9b5dba5,0x8189dbbc
+	.uword	0x3956c25b,0xf348b538, 0x59f111f1,0xb605d019
+	.uword	0x923f82a4,0xaf194f9b, 0xab1c5ed5,0xda6d8118
+	.uword	0xd807aa98,0xa3030242, 0x12835b01,0x45706fbe
+	.uword	0x243185be,0x4ee4b28c, 0x550c7dc3,0xd5ffb4e2
+	.uword	0x72be5d74,0xf27b896f, 0x80deb1fe,0x3b1696b1
+	.uword	0x9bdc06a7,0x25c71235, 0xc19bf174,0xcf692694
+	.uword	0xe49b69c1,0x9ef14ad2, 0xefbe4786,0x384f25e3
+	.uword	0x0fc19dc6,0x8b8cd5b5, 0x240ca1cc,0x77ac9c65
+	.uword	0x2de92c6f,0x592b0275, 0x4a7484aa,0x6ea6e483
+	.uword	0x5cb0a9dc,0xbd41fbd4, 0x76f988da,0x831153b5
+	.uword	0x983e5152,0xee66dfab, 0xa831c66d,0x2db43210
+	.uword	0xb00327c8,0x98fb213f, 0xbf597fc7,0xbeef0ee4
+	.uword	0xc6e00bf3,0x3da88fc2, 0xd5a79147,0x930aa725
+	.uword	0x06ca6351,0xe003826f, 0x14292967,0x0a0e6e70
+	.uword	0x27b70a85,0x46d22ffc, 0x2e1b2138,0x5c26c926
+	.uword	0x4d2c6dfc,0x5ac42aed, 0x53380d13,0x9d95b3df
+	.uword	0x650a7354,0x8baf63de, 0x766a0abb,0x3c77b2a8
+	.uword	0x81c2c92e,0x47edaee6, 0x92722c85,0x1482353b
+	.uword	0xa2bfe8a1,0x4cf10364, 0xa81a664b,0xbc423001
+	.uword	0xc24b8b70,0xd0f89791, 0xc76c51a3,0x0654be30
+	.uword	0xd192e819,0xd6ef5218, 0xd6990624,0x5565a910
+	.uword	0xf40e3585,0x5771202a, 0x106aa070,0x32bbd1b8
+	.uword	0x19a4c116,0xb8d2d0c8, 0x1e376c08,0x5141ab53
+	.uword	0x2748774c,0xdf8eeb99, 0x34b0bcb5,0xe19b48a8
+	.uword	0x391c0cb3,0xc5c95a63, 0x4ed8aa4a,0xe3418acb
+	.uword	0x5b9cca4f,0x7763e373, 0x682e6ff3,0xd6b2b8a3
+	.uword	0x748f82ee,0x5defb2fc, 0x78a5636f,0x43172f60
+	.uword	0x84c87814,0xa1f0ab72, 0x8cc70208,0x1a6439ec
+	.uword	0x90befffa,0x23631e28, 0xa4506ceb,0xde82bde9
+	.uword	0xbef9a3f7,0xb2c67915, 0xc67178f2,0xe372532b
+	.uword	0xca273ece,0xea26619c, 0xd186b8c7,0x21c0c207
+	.uword	0xeada7dd6,0xcde0eb1e, 0xf57d4f7f,0xee6ed178
+	.uword	0x06f067aa,0x72176fba, 0x0a637dc5,0xa2c898a6
+	.uword	0x113f9804,0xbef90dae, 0x1b710b35,0x131c471b
+	.uword	0x28db77f5,0x23047d84, 0x32caab7b,0x40c72493
+	.uword	0x3c9ebe0a,0x15c9bebc, 0x431d67c4,0x9c100d4c
+	.uword	0x4cc5d4be,0xcb3e42b6, 0x597f299c,0xfc657e2a
+	.uword	0x5fcb6fab,0x3ad6faec, 0x6c44198c,0x4a475817
+	.cstring "SHA512 block transform for C64x+, CRYPTOGAMS by <appro\@openssl.org>"
+	.align	4
+___
+
+print $code;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-ia64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-ia64.pl
new file mode 100755
index 000000000..356a46ace
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-ia64.pl
@@ -0,0 +1,692 @@
+#! /usr/bin/env perl
+# Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# SHA256/512_Transform for Itanium.
+#
+# sha512_block runs in 1003 cycles on Itanium 2, which is almost 50%
+# faster than gcc and >60%(!) faster than code generated by HP-UX
+# compiler (yes, HP-UX is generating slower code, because unlike gcc,
+# it failed to deploy "shift right pair," 'shrp' instruction, which
+# substitutes for 64-bit rotate).
+#
+# 924 cycles long sha256_block outperforms gcc by over factor of 2(!)
+# and HP-UX compiler - by >40% (yes, gcc won sha512_block, but lost
+# this one big time). Note that "formally" 924 is about 100 cycles
+# too much. I mean it's 64 32-bit rounds vs. 80 virtually identical
+# 64-bit ones and 1003*64/80 gives 802. Extra cycles, 2 per round,
+# are spent on extra work to provide for 32-bit rotations. 32-bit
+# rotations are still handled by 'shrp' instruction and for this
+# reason lower 32 bits are deposited to upper half of 64-bit register
+# prior 'shrp' issue. And in order to minimize the amount of such
+# operations, X[16] values are *maintained* with copies of lower
+# halves in upper halves, which is why you'll spot such instructions
+# as custom 'mux2', "parallel 32-bit add," 'padd4' and "parallel
+# 32-bit unsigned right shift," 'pshr4.u' instructions here.
+#
+# Rules of engagement.
+#
+# There is only one integer shifter meaning that if I have two rotate,
+# deposit or extract instructions in adjacent bundles, they shall
+# split [at run-time if they have to]. But note that variable and
+# parallel shifts are performed by multi-media ALU and *are* pairable
+# with rotates [and alike]. On the backside MMALU is rather slow: it
+# takes 2 extra cycles before the result of integer operation is
+# available *to* MMALU and 2(*) extra cycles before the result of MM
+# operation is available "back" *to* integer ALU, not to mention that
+# MMALU itself has 2 cycles latency. However! I explicitly scheduled
+# these MM instructions to avoid MM stalls, so that all these extra
+# latencies get "hidden" in instruction-level parallelism.
+#
+# (*) 2 cycles on Itanium 1 and 1 cycle on Itanium 2. But I schedule
+#     for 2 in order to provide for best *overall* performance,
+#     because on Itanium 1 stall on MM result is accompanied by
+#     pipeline flush, which takes 6 cycles:-(
+#
+# June 2012
+#
+# Improve performance by 15-20%. Note about "rules of engagement"
+# above. Contemporary cores are equipped with additional shifter,
+# so that they should perform even better than below, presumably
+# by ~10%.
+#
+######################################################################
+# Current performance in cycles per processed byte for Itanium 2
+# pre-9000 series [little-endian] system:
+#
+# SHA1(*)	5.7
+# SHA256	12.6
+# SHA512	6.7
+#
+# (*) SHA1 result is presented purely for reference purposes.
+#
+# To generate code, pass the file name with either 256 or 512 in its
+# name and compiler flags.
+
+$output=pop;
+
+if ($output =~ /512.*\.[s|asm]/) {
+	$SZ=8;
+	$BITS=8*$SZ;
+	$LDW="ld8";
+	$STW="st8";
+	$ADD="add";
+	$SHRU="shr.u";
+	$TABLE="K512";
+	$func="sha512_block_data_order";
+	@Sigma0=(28,34,39);
+	@Sigma1=(14,18,41);
+	@sigma0=(1,  8, 7);
+	@sigma1=(19,61, 6);
+	$rounds=80;
+} elsif ($output =~ /256.*\.[s|asm]/) {
+	$SZ=4;
+	$BITS=8*$SZ;
+	$LDW="ld4";
+	$STW="st4";
+	$ADD="padd4";
+	$SHRU="pshr4.u";
+	$TABLE="K256";
+	$func="sha256_block_data_order";
+	@Sigma0=( 2,13,22);
+	@Sigma1=( 6,11,25);
+	@sigma0=( 7,18, 3);
+	@sigma1=(17,19,10);
+	$rounds=64;
+} else { die "nonsense $output"; }
+
+open STDOUT,">$output" || die "can't open $output: $!";
+
+if ($^O eq "hpux") {
+    $ADDP="addp4";
+    for (@ARGV) { $ADDP="add" if (/[\+DD|\-mlp]64/); }
+} else { $ADDP="add"; }
+for (@ARGV)  {	$big_endian=1 if (/\-DB_ENDIAN/);
+		$big_endian=0 if (/\-DL_ENDIAN/);  }
+if (!defined($big_endian))
+             {	$big_endian=(unpack('L',pack('N',1))==1);  }
+
+$code=<<___;
+.ident  \"$output, version 2.0\"
+.ident  \"IA-64 ISA artwork by Andy Polyakov <appro\@openssl.org>\"
+.explicit
+.text
+
+pfssave=r2;
+lcsave=r3;
+prsave=r14;
+K=r15;
+A_=r16; B_=r17; C_=r18; D_=r19;
+E_=r20; F_=r21; G_=r22; H_=r23;
+T1=r24;	T2=r25;
+s0=r26;	s1=r27;	t0=r28;	t1=r29;
+Ktbl=r30;
+ctx=r31;	// 1st arg
+input=r56;	// 2nd arg
+num=r57;	// 3rd arg
+sgm0=r58;	sgm1=r59;	// small constants
+
+// void $func (SHA_CTX *ctx, const void *in,size_t num[,int host])
+.global	$func#
+.proc	$func#
+.align	32
+.skip	16
+$func:
+	.prologue
+	.save	ar.pfs,pfssave
+{ .mmi;	alloc	pfssave=ar.pfs,3,25,0,24
+	$ADDP	ctx=0,r32		// 1st arg
+	.save	ar.lc,lcsave
+	mov	lcsave=ar.lc	}
+{ .mmi;	$ADDP	input=0,r33		// 2nd arg
+	mov	num=r34			// 3rd arg
+	.save	pr,prsave
+	mov	prsave=pr	};;
+
+	.body
+{ .mib;	add	r8=0*$SZ,ctx
+	add	r9=1*$SZ,ctx	}
+{ .mib;	add	r10=2*$SZ,ctx
+	add	r11=3*$SZ,ctx	};;
+
+// load A-H
+.Lpic_point:
+{ .mmi;	$LDW	A_=[r8],4*$SZ
+	$LDW	B_=[r9],4*$SZ
+	mov	Ktbl=ip		}
+{ .mmi;	$LDW	C_=[r10],4*$SZ
+	$LDW	D_=[r11],4*$SZ
+	mov	sgm0=$sigma0[2]	};;
+{ .mmi;	$LDW	E_=[r8]
+	$LDW	F_=[r9]
+	add	Ktbl=($TABLE#-.Lpic_point),Ktbl		}
+{ .mmi;	$LDW	G_=[r10]
+	$LDW	H_=[r11]
+	cmp.ne	p0,p16=0,r0	};;
+___
+$code.=<<___ if ($BITS==64);
+{ .mii;	and	r8=7,input
+	and	input=~7,input;;
+	cmp.eq	p9,p0=1,r8	}
+{ .mmi;	cmp.eq	p10,p0=2,r8
+	cmp.eq	p11,p0=3,r8
+	cmp.eq	p12,p0=4,r8	}
+{ .mmi;	cmp.eq	p13,p0=5,r8
+	cmp.eq	p14,p0=6,r8
+	cmp.eq	p15,p0=7,r8	};;
+___
+$code.=<<___;
+.L_outer:
+.rotr	R[8],X[16]
+A=R[0]; B=R[1]; C=R[2]; D=R[3]; E=R[4]; F=R[5]; G=R[6]; H=R[7]
+{ .mmi;	ld1	X[15]=[input],$SZ		// eliminated in sha512
+	mov	A=A_
+	mov	ar.lc=14	}
+{ .mmi;	mov	B=B_
+	mov	C=C_
+	mov	D=D_		}
+{ .mmi;	mov	E=E_
+	mov	F=F_
+	mov	ar.ec=2		};;
+{ .mmi;	mov	G=G_
+	mov	H=H_
+	mov	sgm1=$sigma1[2]	}
+{ .mib;	mov	r8=0
+	add	r9=1-$SZ,input
+	brp.loop.imp	.L_first16,.L_first16_end-16	};;
+___
+$t0="A", $t1="E", $code.=<<___ if ($BITS==64);
+// in sha512 case I load whole X[16] at once and take care of alignment...
+{ .mmi;	add	r8=1*$SZ,input
+	add	r9=2*$SZ,input
+	add	r10=3*$SZ,input		};;
+{ .mmb;	$LDW	X[15]=[input],4*$SZ
+	$LDW	X[14]=[r8],4*$SZ
+(p9)	br.cond.dpnt.many	.L1byte	};;
+{ .mmb;	$LDW	X[13]=[r9],4*$SZ
+	$LDW	X[12]=[r10],4*$SZ
+(p10)	br.cond.dpnt.many	.L2byte	};;
+{ .mmb;	$LDW	X[11]=[input],4*$SZ
+	$LDW	X[10]=[r8],4*$SZ
+(p11)	br.cond.dpnt.many	.L3byte	};;
+{ .mmb;	$LDW	X[ 9]=[r9],4*$SZ
+	$LDW	X[ 8]=[r10],4*$SZ
+(p12)	br.cond.dpnt.many	.L4byte	};;
+{ .mmb;	$LDW	X[ 7]=[input],4*$SZ
+	$LDW	X[ 6]=[r8],4*$SZ
+(p13)	br.cond.dpnt.many	.L5byte	};;
+{ .mmb;	$LDW	X[ 5]=[r9],4*$SZ
+	$LDW	X[ 4]=[r10],4*$SZ
+(p14)	br.cond.dpnt.many	.L6byte	};;
+{ .mmb;	$LDW	X[ 3]=[input],4*$SZ
+	$LDW	X[ 2]=[r8],4*$SZ
+(p15)	br.cond.dpnt.many	.L7byte	};;
+{ .mmb;	$LDW	X[ 1]=[r9],4*$SZ
+	$LDW	X[ 0]=[r10],4*$SZ	}
+{ .mib;	mov	r8=0
+	mux1	X[15]=X[15],\@rev		// eliminated on big-endian
+	br.many	.L_first16		};;
+.L1byte:
+{ .mmi;	$LDW	X[13]=[r9],4*$SZ
+	$LDW	X[12]=[r10],4*$SZ
+	shrp	X[15]=X[15],X[14],56	};;
+{ .mmi;	$LDW	X[11]=[input],4*$SZ
+	$LDW	X[10]=[r8],4*$SZ
+	shrp	X[14]=X[14],X[13],56	}
+{ .mmi;	$LDW	X[ 9]=[r9],4*$SZ
+	$LDW	X[ 8]=[r10],4*$SZ
+	shrp	X[13]=X[13],X[12],56	};;
+{ .mmi;	$LDW	X[ 7]=[input],4*$SZ
+	$LDW	X[ 6]=[r8],4*$SZ
+	shrp	X[12]=X[12],X[11],56	}
+{ .mmi;	$LDW	X[ 5]=[r9],4*$SZ
+	$LDW	X[ 4]=[r10],4*$SZ
+	shrp	X[11]=X[11],X[10],56	};;
+{ .mmi;	$LDW	X[ 3]=[input],4*$SZ
+	$LDW	X[ 2]=[r8],4*$SZ
+	shrp	X[10]=X[10],X[ 9],56	}
+{ .mmi;	$LDW	X[ 1]=[r9],4*$SZ
+	$LDW	X[ 0]=[r10],4*$SZ
+	shrp	X[ 9]=X[ 9],X[ 8],56	};;
+{ .mii;	$LDW	T1=[input]
+	shrp	X[ 8]=X[ 8],X[ 7],56
+	shrp	X[ 7]=X[ 7],X[ 6],56	}
+{ .mii;	shrp	X[ 6]=X[ 6],X[ 5],56
+	shrp	X[ 5]=X[ 5],X[ 4],56	};;
+{ .mii;	shrp	X[ 4]=X[ 4],X[ 3],56
+	shrp	X[ 3]=X[ 3],X[ 2],56	}
+{ .mii;	shrp	X[ 2]=X[ 2],X[ 1],56
+	shrp	X[ 1]=X[ 1],X[ 0],56	}
+{ .mib;	shrp	X[ 0]=X[ 0],T1,56	}
+{ .mib;	mov	r8=0
+	mux1	X[15]=X[15],\@rev		// eliminated on big-endian
+	br.many	.L_first16		};;
+.L2byte:
+{ .mmi;	$LDW	X[11]=[input],4*$SZ
+	$LDW	X[10]=[r8],4*$SZ
+	shrp	X[15]=X[15],X[14],48	}
+{ .mmi;	$LDW	X[ 9]=[r9],4*$SZ
+	$LDW	X[ 8]=[r10],4*$SZ
+	shrp	X[14]=X[14],X[13],48	};;
+{ .mmi;	$LDW	X[ 7]=[input],4*$SZ
+	$LDW	X[ 6]=[r8],4*$SZ
+	shrp	X[13]=X[13],X[12],48	}
+{ .mmi;	$LDW	X[ 5]=[r9],4*$SZ
+	$LDW	X[ 4]=[r10],4*$SZ
+	shrp	X[12]=X[12],X[11],48	};;
+{ .mmi;	$LDW	X[ 3]=[input],4*$SZ
+	$LDW	X[ 2]=[r8],4*$SZ
+	shrp	X[11]=X[11],X[10],48	}
+{ .mmi;	$LDW	X[ 1]=[r9],4*$SZ
+	$LDW	X[ 0]=[r10],4*$SZ
+	shrp	X[10]=X[10],X[ 9],48	};;
+{ .mii;	$LDW	T1=[input]
+	shrp	X[ 9]=X[ 9],X[ 8],48
+	shrp	X[ 8]=X[ 8],X[ 7],48	}
+{ .mii;	shrp	X[ 7]=X[ 7],X[ 6],48
+	shrp	X[ 6]=X[ 6],X[ 5],48	};;
+{ .mii;	shrp	X[ 5]=X[ 5],X[ 4],48
+	shrp	X[ 4]=X[ 4],X[ 3],48	}
+{ .mii;	shrp	X[ 3]=X[ 3],X[ 2],48
+	shrp	X[ 2]=X[ 2],X[ 1],48	}
+{ .mii;	shrp	X[ 1]=X[ 1],X[ 0],48
+	shrp	X[ 0]=X[ 0],T1,48	}
+{ .mib;	mov	r8=0
+	mux1	X[15]=X[15],\@rev		// eliminated on big-endian
+	br.many	.L_first16		};;
+.L3byte:
+{ .mmi;	$LDW	X[ 9]=[r9],4*$SZ
+	$LDW	X[ 8]=[r10],4*$SZ
+	shrp	X[15]=X[15],X[14],40	};;
+{ .mmi;	$LDW	X[ 7]=[input],4*$SZ
+	$LDW	X[ 6]=[r8],4*$SZ
+	shrp	X[14]=X[14],X[13],40	}
+{ .mmi;	$LDW	X[ 5]=[r9],4*$SZ
+	$LDW	X[ 4]=[r10],4*$SZ
+	shrp	X[13]=X[13],X[12],40	};;
+{ .mmi;	$LDW	X[ 3]=[input],4*$SZ
+	$LDW	X[ 2]=[r8],4*$SZ
+	shrp	X[12]=X[12],X[11],40	}
+{ .mmi;	$LDW	X[ 1]=[r9],4*$SZ
+	$LDW	X[ 0]=[r10],4*$SZ
+	shrp	X[11]=X[11],X[10],40	};;
+{ .mii;	$LDW	T1=[input]
+	shrp	X[10]=X[10],X[ 9],40
+	shrp	X[ 9]=X[ 9],X[ 8],40	}
+{ .mii;	shrp	X[ 8]=X[ 8],X[ 7],40
+	shrp	X[ 7]=X[ 7],X[ 6],40	};;
+{ .mii;	shrp	X[ 6]=X[ 6],X[ 5],40
+	shrp	X[ 5]=X[ 5],X[ 4],40	}
+{ .mii;	shrp	X[ 4]=X[ 4],X[ 3],40
+	shrp	X[ 3]=X[ 3],X[ 2],40	}
+{ .mii;	shrp	X[ 2]=X[ 2],X[ 1],40
+	shrp	X[ 1]=X[ 1],X[ 0],40	}
+{ .mib;	shrp	X[ 0]=X[ 0],T1,40	}
+{ .mib;	mov	r8=0
+	mux1	X[15]=X[15],\@rev		// eliminated on big-endian
+	br.many	.L_first16		};;
+.L4byte:
+{ .mmi;	$LDW	X[ 7]=[input],4*$SZ
+	$LDW	X[ 6]=[r8],4*$SZ
+	shrp	X[15]=X[15],X[14],32	}
+{ .mmi;	$LDW	X[ 5]=[r9],4*$SZ
+	$LDW	X[ 4]=[r10],4*$SZ
+	shrp	X[14]=X[14],X[13],32	};;
+{ .mmi;	$LDW	X[ 3]=[input],4*$SZ
+	$LDW	X[ 2]=[r8],4*$SZ
+	shrp	X[13]=X[13],X[12],32	}
+{ .mmi;	$LDW	X[ 1]=[r9],4*$SZ
+	$LDW	X[ 0]=[r10],4*$SZ
+	shrp	X[12]=X[12],X[11],32	};;
+{ .mii;	$LDW	T1=[input]
+	shrp	X[11]=X[11],X[10],32
+	shrp	X[10]=X[10],X[ 9],32	}
+{ .mii;	shrp	X[ 9]=X[ 9],X[ 8],32
+	shrp	X[ 8]=X[ 8],X[ 7],32	};;
+{ .mii;	shrp	X[ 7]=X[ 7],X[ 6],32
+	shrp	X[ 6]=X[ 6],X[ 5],32	}
+{ .mii;	shrp	X[ 5]=X[ 5],X[ 4],32
+	shrp	X[ 4]=X[ 4],X[ 3],32	}
+{ .mii;	shrp	X[ 3]=X[ 3],X[ 2],32
+	shrp	X[ 2]=X[ 2],X[ 1],32	}
+{ .mii;	shrp	X[ 1]=X[ 1],X[ 0],32
+	shrp	X[ 0]=X[ 0],T1,32	}
+{ .mib;	mov	r8=0
+	mux1	X[15]=X[15],\@rev		// eliminated on big-endian
+	br.many	.L_first16		};;
+.L5byte:
+{ .mmi;	$LDW	X[ 5]=[r9],4*$SZ
+	$LDW	X[ 4]=[r10],4*$SZ
+	shrp	X[15]=X[15],X[14],24	};;
+{ .mmi;	$LDW	X[ 3]=[input],4*$SZ
+	$LDW	X[ 2]=[r8],4*$SZ
+	shrp	X[14]=X[14],X[13],24	}
+{ .mmi;	$LDW	X[ 1]=[r9],4*$SZ
+	$LDW	X[ 0]=[r10],4*$SZ
+	shrp	X[13]=X[13],X[12],24	};;
+{ .mii;	$LDW	T1=[input]
+	shrp	X[12]=X[12],X[11],24
+	shrp	X[11]=X[11],X[10],24	}
+{ .mii;	shrp	X[10]=X[10],X[ 9],24
+	shrp	X[ 9]=X[ 9],X[ 8],24	};;
+{ .mii;	shrp	X[ 8]=X[ 8],X[ 7],24
+	shrp	X[ 7]=X[ 7],X[ 6],24	}
+{ .mii;	shrp	X[ 6]=X[ 6],X[ 5],24
+	shrp	X[ 5]=X[ 5],X[ 4],24	}
+{ .mii;	shrp	X[ 4]=X[ 4],X[ 3],24
+	shrp	X[ 3]=X[ 3],X[ 2],24	}
+{ .mii;	shrp	X[ 2]=X[ 2],X[ 1],24
+	shrp	X[ 1]=X[ 1],X[ 0],24	}
+{ .mib;	shrp	X[ 0]=X[ 0],T1,24	}
+{ .mib;	mov	r8=0
+	mux1	X[15]=X[15],\@rev		// eliminated on big-endian
+	br.many	.L_first16		};;
+.L6byte:
+{ .mmi;	$LDW	X[ 3]=[input],4*$SZ
+	$LDW	X[ 2]=[r8],4*$SZ
+	shrp	X[15]=X[15],X[14],16	}
+{ .mmi;	$LDW	X[ 1]=[r9],4*$SZ
+	$LDW	X[ 0]=[r10],4*$SZ
+	shrp	X[14]=X[14],X[13],16	};;
+{ .mii;	$LDW	T1=[input]
+	shrp	X[13]=X[13],X[12],16
+	shrp	X[12]=X[12],X[11],16	}
+{ .mii;	shrp	X[11]=X[11],X[10],16
+	shrp	X[10]=X[10],X[ 9],16	};;
+{ .mii;	shrp	X[ 9]=X[ 9],X[ 8],16
+	shrp	X[ 8]=X[ 8],X[ 7],16	}
+{ .mii;	shrp	X[ 7]=X[ 7],X[ 6],16
+	shrp	X[ 6]=X[ 6],X[ 5],16	}
+{ .mii;	shrp	X[ 5]=X[ 5],X[ 4],16
+	shrp	X[ 4]=X[ 4],X[ 3],16	}
+{ .mii;	shrp	X[ 3]=X[ 3],X[ 2],16
+	shrp	X[ 2]=X[ 2],X[ 1],16	}
+{ .mii;	shrp	X[ 1]=X[ 1],X[ 0],16
+	shrp	X[ 0]=X[ 0],T1,16	}
+{ .mib;	mov	r8=0
+	mux1	X[15]=X[15],\@rev		// eliminated on big-endian
+	br.many	.L_first16		};;
+.L7byte:
+{ .mmi;	$LDW	X[ 1]=[r9],4*$SZ
+	$LDW	X[ 0]=[r10],4*$SZ
+	shrp	X[15]=X[15],X[14],8	};;
+{ .mii;	$LDW	T1=[input]
+	shrp	X[14]=X[14],X[13],8
+	shrp	X[13]=X[13],X[12],8	}
+{ .mii;	shrp	X[12]=X[12],X[11],8
+	shrp	X[11]=X[11],X[10],8	};;
+{ .mii;	shrp	X[10]=X[10],X[ 9],8
+	shrp	X[ 9]=X[ 9],X[ 8],8	}
+{ .mii;	shrp	X[ 8]=X[ 8],X[ 7],8
+	shrp	X[ 7]=X[ 7],X[ 6],8	}
+{ .mii;	shrp	X[ 6]=X[ 6],X[ 5],8
+	shrp	X[ 5]=X[ 5],X[ 4],8	}
+{ .mii;	shrp	X[ 4]=X[ 4],X[ 3],8
+	shrp	X[ 3]=X[ 3],X[ 2],8	}
+{ .mii;	shrp	X[ 2]=X[ 2],X[ 1],8
+	shrp	X[ 1]=X[ 1],X[ 0],8	}
+{ .mib;	shrp	X[ 0]=X[ 0],T1,8	}
+{ .mib;	mov	r8=0
+	mux1	X[15]=X[15],\@rev	};;	// eliminated on big-endian
+
+.align	32
+.L_first16:
+{ .mmi;		$LDW	K=[Ktbl],$SZ
+		add	A=A,r8			// H+=Sigma(0) from the past
+		_rotr	r10=$t1,$Sigma1[0]  }	// ROTR(e,14)
+{ .mmi;		and	T1=F,E
+		andcm	r8=G,E
+	(p16)	mux1	X[14]=X[14],\@rev   };;	// eliminated on big-endian
+{ .mmi;		and	T2=A,B
+		and	r9=A,C
+		_rotr	r11=$t1,$Sigma1[1]  }	// ROTR(e,41)
+{ .mmi;		xor	T1=T1,r8		// T1=((e & f) ^ (~e & g))
+		and	r8=B,C		    };;
+___
+$t0="t0", $t1="t1", $code.=<<___ if ($BITS==32);
+.align	32
+.L_first16:
+{ .mmi;		add	A=A,r8			// H+=Sigma(0) from the past
+		add	r10=2-$SZ,input
+		add	r11=3-$SZ,input	};;
+{ .mmi;		ld1	r9=[r9]
+		ld1	r10=[r10]
+		dep.z	$t1=E,32,32	}
+{ .mmi;		ld1	r11=[r11]
+		$LDW	K=[Ktbl],$SZ
+		zxt4	E=E		};;
+{ .mii;		or	$t1=$t1,E
+		dep	X[15]=X[15],r9,8,8
+		mux2	$t0=A,0x44	};;	// copy lower half to upper
+{ .mmi;		and	T1=F,E
+		andcm	r8=G,E
+		dep	r11=r10,r11,8,8	};;
+{ .mmi;		and	T2=A,B
+		and	r9=A,C
+		dep	X[15]=X[15],r11,16,16	};;
+{ .mmi;	(p16)	ld1	X[15-1]=[input],$SZ	// prefetch
+		xor	T1=T1,r8		// T1=((e & f) ^ (~e & g))
+		_rotr	r10=$t1,$Sigma1[0] }	// ROTR(e,14)
+{ .mmi;		and	r8=B,C
+		_rotr	r11=$t1,$Sigma1[1] };;	// ROTR(e,18)
+___
+$code.=<<___;
+{ .mmi;		add	T1=T1,H			// T1=Ch(e,f,g)+h
+		xor	r10=r10,r11
+		_rotr	r11=$t1,$Sigma1[2]  }	// ROTR(e,41)
+{ .mmi;		xor	T2=T2,r9
+		add	K=K,X[15]	    };;
+{ .mmi;		add	T1=T1,K			// T1+=K[i]+X[i]
+		xor	T2=T2,r8		// T2=((a & b) ^ (a & c) ^ (b & c))
+		_rotr	r8=$t0,$Sigma0[0]   }	// ROTR(a,28)
+{ .mmi;		xor	r11=r11,r10		// Sigma1(e)
+		_rotr	r9=$t0,$Sigma0[1]   };;	// ROTR(a,34)
+{ .mmi;		add	T1=T1,r11		// T+=Sigma1(e)
+		xor	r8=r8,r9
+		_rotr	r9=$t0,$Sigma0[2]   };;	// ROTR(a,39)
+{ .mmi;		xor	r8=r8,r9		// Sigma0(a)
+		add	D=D,T1
+		mux2	H=X[15],0x44	    }	// mov H=X[15] in sha512
+{ .mib;	(p16)	add	r9=1-$SZ,input		// not used in sha512
+		add	X[15]=T1,T2		// H=T1+Maj(a,b,c)
+	br.ctop.sptk	.L_first16	    };;
+.L_first16_end:
+
+{ .mib;	mov	ar.lc=$rounds-17
+	brp.loop.imp	.L_rest,.L_rest_end-16		}
+{ .mib;	mov	ar.ec=1
+	br.many	.L_rest			};;
+
+.align	32
+.L_rest:
+{ .mmi;		$LDW	K=[Ktbl],$SZ
+		add	A=A,r8			// H+=Sigma0(a) from the past
+		_rotr	r8=X[15-1],$sigma0[0] }	// ROTR(s0,1)
+{ .mmi; 	add	X[15]=X[15],X[15-9]	// X[i&0xF]+=X[(i+9)&0xF]
+		$SHRU	s0=X[15-1],sgm0	    };;	// s0=X[(i+1)&0xF]>>7
+{ .mib;		and	T1=F,E
+		_rotr	r9=X[15-1],$sigma0[1] }	// ROTR(s0,8)
+{ .mib;		andcm	r10=G,E
+		$SHRU	s1=X[15-14],sgm1    };;	// s1=X[(i+14)&0xF]>>6
+// Pair of mmi; splits on Itanium 1 and prevents pipeline flush
+// upon $SHRU output usage
+{ .mmi;		xor	T1=T1,r10		// T1=((e & f) ^ (~e & g))
+		xor	r9=r8,r9
+		_rotr	r10=X[15-14],$sigma1[0] }// ROTR(s1,19)
+{ .mmi;		and	T2=A,B
+		and	r8=A,C
+		_rotr	r11=X[15-14],$sigma1[1] };;// ROTR(s1,61)
+___
+$t0="t0", $t1="t1", $code.=<<___ if ($BITS==32);
+{ .mib;		xor	s0=s0,r9		// s0=sigma0(X[(i+1)&0xF])
+		dep.z	$t1=E,32,32	    }
+{ .mib;		xor	r10=r11,r10
+		zxt4	E=E		    };;
+{ .mii;		xor	s1=s1,r10		// s1=sigma1(X[(i+14)&0xF])
+		shrp	r9=E,$t1,32+$Sigma1[0]	// ROTR(e,14)
+		mux2	$t0=A,0x44	    };;	// copy lower half to upper
+// Pair of mmi; splits on Itanium 1 and prevents pipeline flush
+// upon mux2 output usage
+{ .mmi;		xor	T2=T2,r8
+		shrp	r8=E,$t1,32+$Sigma1[1]}	// ROTR(e,18)
+{ .mmi;		and	r10=B,C
+		add	T1=T1,H			// T1=Ch(e,f,g)+h
+		or	$t1=$t1,E   	    };;
+___
+$t0="A", $t1="E", $code.=<<___ if ($BITS==64);
+{ .mib;		xor	s0=s0,r9		// s0=sigma0(X[(i+1)&0xF])
+		_rotr	r9=$t1,$Sigma1[0]   }	// ROTR(e,14)
+{ .mib;		xor	r10=r11,r10
+		xor	T2=T2,r8	    };;
+{ .mib;		xor	s1=s1,r10		// s1=sigma1(X[(i+14)&0xF])
+		_rotr	r8=$t1,$Sigma1[1]   }	// ROTR(e,18)
+{ .mib;		and	r10=B,C
+		add	T1=T1,H		    };;	// T1+=H
+___
+$code.=<<___;
+{ .mib;		xor	r9=r9,r8
+		_rotr	r8=$t1,$Sigma1[2]   }	// ROTR(e,41)
+{ .mib;		xor	T2=T2,r10		// T2=((a & b) ^ (a & c) ^ (b & c))
+		add	X[15]=X[15],s0	    };;	// X[i]+=sigma0(X[i+1])
+{ .mmi;		xor	r9=r9,r8		// Sigma1(e)
+		add	X[15]=X[15],s1		// X[i]+=sigma0(X[i+14])
+		_rotr	r8=$t0,$Sigma0[0]   };;	// ROTR(a,28)
+{ .mmi;		add	K=K,X[15]
+		add	T1=T1,r9		// T1+=Sigma1(e)
+		_rotr	r9=$t0,$Sigma0[1]   };;	// ROTR(a,34)
+{ .mmi;		add	T1=T1,K			// T1+=K[i]+X[i]
+		xor	r8=r8,r9
+		_rotr	r9=$t0,$Sigma0[2]   };;	// ROTR(a,39)
+{ .mib;		add	D=D,T1
+		mux2	H=X[15],0x44	    }	// mov H=X[15] in sha512
+{ .mib;		xor	r8=r8,r9		// Sigma0(a)
+		add	X[15]=T1,T2		// H=T1+Maj(a,b,c)
+	br.ctop.sptk	.L_rest		    };;
+.L_rest_end:
+
+{ .mmi;	add	A=A,r8			};;	// H+=Sigma0(a) from the past
+{ .mmi;	add	A_=A_,A
+	add	B_=B_,B
+	add	C_=C_,C			}
+{ .mmi;	add	D_=D_,D
+	add	E_=E_,E
+	cmp.ltu	p16,p0=1,num		};;
+{ .mmi;	add	F_=F_,F
+	add	G_=G_,G
+	add	H_=H_,H			}
+{ .mmb;	add	Ktbl=-$SZ*$rounds,Ktbl
+(p16)	add	num=-1,num
+(p16)	br.dptk.many	.L_outer	};;
+
+{ .mib;	add	r8=0*$SZ,ctx
+	add	r9=1*$SZ,ctx		}
+{ .mib;	add	r10=2*$SZ,ctx
+	add	r11=3*$SZ,ctx		};;
+{ .mmi;	$STW	[r8]=A_,4*$SZ
+	$STW	[r9]=B_,4*$SZ
+	mov	ar.lc=lcsave		}
+{ .mmi;	$STW	[r10]=C_,4*$SZ
+	$STW	[r11]=D_,4*$SZ
+	mov	pr=prsave,0x1ffff	};;
+{ .mmb;	$STW	[r8]=E_
+	$STW	[r9]=F_			}
+{ .mmb;	$STW	[r10]=G_
+	$STW	[r11]=H_
+	br.ret.sptk.many	b0	};;
+.endp	$func#
+___
+
+foreach(split($/,$code)) {
+    s/\`([^\`]*)\`/eval $1/gem;
+    s/_rotr(\s+)([^=]+)=([^,]+),([0-9]+)/shrp$1$2=$3,$3,$4/gm;
+    if ($BITS==64) {
+	s/mux2(\s+)([^=]+)=([^,]+),\S+/mov$1 $2=$3/gm;
+	s/mux1(\s+)\S+/nop.i$1 0x0/gm	if ($big_endian);
+	s/(shrp\s+X\[[^=]+)=([^,]+),([^,]+),([1-9]+)/$1=$3,$2,64-$4/gm
+    						if (!$big_endian);
+	s/ld1(\s+)X\[\S+/nop.m$1 0x0/gm;
+    }
+
+    print $_,"\n";
+}
+
+print<<___ if ($BITS==32);
+.align	64
+.type	K256#,\@object
+K256:	data4	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
+	data4	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
+	data4	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
+	data4	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
+	data4	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
+	data4	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
+	data4	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
+	data4	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
+	data4	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
+	data4	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
+	data4	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
+	data4	0xd192e819,0xd6990624,0xf40e3585,0x106aa070
+	data4	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
+	data4	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
+	data4	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
+	data4	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
+.size	K256#,$SZ*$rounds
+stringz	"SHA256 block transform for IA64, CRYPTOGAMS by <appro\@openssl.org>"
+___
+print<<___ if ($BITS==64);
+.align	64
+.type	K512#,\@object
+K512:	data8	0x428a2f98d728ae22,0x7137449123ef65cd
+	data8	0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc
+	data8	0x3956c25bf348b538,0x59f111f1b605d019
+	data8	0x923f82a4af194f9b,0xab1c5ed5da6d8118
+	data8	0xd807aa98a3030242,0x12835b0145706fbe
+	data8	0x243185be4ee4b28c,0x550c7dc3d5ffb4e2
+	data8	0x72be5d74f27b896f,0x80deb1fe3b1696b1
+	data8	0x9bdc06a725c71235,0xc19bf174cf692694
+	data8	0xe49b69c19ef14ad2,0xefbe4786384f25e3
+	data8	0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65
+	data8	0x2de92c6f592b0275,0x4a7484aa6ea6e483
+	data8	0x5cb0a9dcbd41fbd4,0x76f988da831153b5
+	data8	0x983e5152ee66dfab,0xa831c66d2db43210
+	data8	0xb00327c898fb213f,0xbf597fc7beef0ee4
+	data8	0xc6e00bf33da88fc2,0xd5a79147930aa725
+	data8	0x06ca6351e003826f,0x142929670a0e6e70
+	data8	0x27b70a8546d22ffc,0x2e1b21385c26c926
+	data8	0x4d2c6dfc5ac42aed,0x53380d139d95b3df
+	data8	0x650a73548baf63de,0x766a0abb3c77b2a8
+	data8	0x81c2c92e47edaee6,0x92722c851482353b
+	data8	0xa2bfe8a14cf10364,0xa81a664bbc423001
+	data8	0xc24b8b70d0f89791,0xc76c51a30654be30
+	data8	0xd192e819d6ef5218,0xd69906245565a910
+	data8	0xf40e35855771202a,0x106aa07032bbd1b8
+	data8	0x19a4c116b8d2d0c8,0x1e376c085141ab53
+	data8	0x2748774cdf8eeb99,0x34b0bcb5e19b48a8
+	data8	0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb
+	data8	0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3
+	data8	0x748f82ee5defb2fc,0x78a5636f43172f60
+	data8	0x84c87814a1f0ab72,0x8cc702081a6439ec
+	data8	0x90befffa23631e28,0xa4506cebde82bde9
+	data8	0xbef9a3f7b2c67915,0xc67178f2e372532b
+	data8	0xca273eceea26619c,0xd186b8c721c0c207
+	data8	0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178
+	data8	0x06f067aa72176fba,0x0a637dc5a2c898a6
+	data8	0x113f9804bef90dae,0x1b710b35131c471b
+	data8	0x28db77f523047d84,0x32caab7b40c72493
+	data8	0x3c9ebe0a15c9bebc,0x431d67c49c100d4c
+	data8	0x4cc5d4becb3e42b6,0x597f299cfc657e2a
+	data8	0x5fcb6fab3ad6faec,0x6c44198c4a475817
+.size	K512#,$SZ*$rounds
+stringz	"SHA512 block transform for IA64, CRYPTOGAMS by <appro\@openssl.org>"
+___
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-mips.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-mips.pl
new file mode 100644
index 000000000..dab684dde
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-mips.pl
@@ -0,0 +1,521 @@
+#! /usr/bin/env perl
+# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# SHA2 block procedures for MIPS.
+
+# October 2010.
+#
+# SHA256 performance improvement on MIPS R5000 CPU is ~27% over gcc-
+# generated code in o32 build and ~55% in n32/64 build. SHA512 [which
+# for now can only be compiled for MIPS64 ISA] improvement is modest
+# ~17%, but it comes for free, because it's same instruction sequence.
+# Improvement coefficients are for aligned input.
+
+# September 2012.
+#
+# Add MIPS[32|64]R2 code (>25% less instructions).
+
+######################################################################
+# There is a number of MIPS ABI in use, O32 and N32/64 are most
+# widely used. Then there is a new contender: NUBI. It appears that if
+# one picks the latter, it's possible to arrange code in ABI neutral
+# manner. Therefore let's stick to NUBI register layout:
+#
+($zero,$at,$t0,$t1,$t2)=map("\$$_",(0..2,24,25));
+($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11));
+($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7,$s8,$s9,$s10,$s11)=map("\$$_",(12..23));
+($gp,$tp,$sp,$fp,$ra)=map("\$$_",(3,28..31));
+#
+# The return value is placed in $a0. Following coding rules facilitate
+# interoperability:
+#
+# - never ever touch $tp, "thread pointer", former $gp [o32 can be
+#   excluded from the rule, because it's specified volatile];
+# - copy return value to $t0, former $v0 [or to $a0 if you're adapting
+#   old code];
+# - on O32 populate $a4-$a7 with 'lw $aN,4*N($sp)' if necessary;
+#
+# For reference here is register layout for N32/64 MIPS ABIs:
+#
+# ($zero,$at,$v0,$v1)=map("\$$_",(0..3));
+# ($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11));
+# ($t0,$t1,$t2,$t3,$t8,$t9)=map("\$$_",(12..15,24,25));
+# ($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7)=map("\$$_",(16..23));
+# ($gp,$sp,$fp,$ra)=map("\$$_",(28..31));
+#
+$flavour = shift || "o32"; # supported flavours are o32,n32,64,nubi32,nubi64
+
+if ($flavour =~ /64|n32/i) {
+	$PTR_LA="dla";
+	$PTR_ADD="daddu";	# incidentally works even on n32
+	$PTR_SUB="dsubu";	# incidentally works even on n32
+	$REG_S="sd";
+	$REG_L="ld";
+	$PTR_SLL="dsll";	# incidentally works even on n32
+	$SZREG=8;
+} else {
+	$PTR_LA="la";
+	$PTR_ADD="addu";
+	$PTR_SUB="subu";
+	$REG_S="sw";
+	$REG_L="lw";
+	$PTR_SLL="sll";
+	$SZREG=4;
+}
+$pf = ($flavour =~ /nubi/i) ? $t0 : $t2;
+#
+# <appro@openssl.org>
+#
+######################################################################
+
+$big_endian=(`echo MIPSEB | $ENV{CC} -E -`=~/MIPSEB/)?0:1 if ($ENV{CC});
+
+for (@ARGV) {	$output=$_ if (/\w[\w\-]*\.\w+$/);	}
+open STDOUT,">$output";
+
+if (!defined($big_endian)) { $big_endian=(unpack('L',pack('N',1))==1); }
+
+if ($output =~ /512/) {
+	$label="512";
+	$SZ=8;
+	$LD="ld";		# load from memory
+	$ST="sd";		# store to memory
+	$SLL="dsll";		# shift left logical
+	$SRL="dsrl";		# shift right logical
+	$ADDU="daddu";
+	$ROTR="drotr";
+	@Sigma0=(28,34,39);
+	@Sigma1=(14,18,41);
+	@sigma0=( 7, 1, 8);	# right shift first
+	@sigma1=( 6,19,61);	# right shift first
+	$lastK=0x817;
+	$rounds=80;
+} else {
+	$label="256";
+	$SZ=4;
+	$LD="lw";		# load from memory
+	$ST="sw";		# store to memory
+	$SLL="sll";		# shift left logical
+	$SRL="srl";		# shift right logical
+	$ADDU="addu";
+	$ROTR="rotr";
+	@Sigma0=( 2,13,22);
+	@Sigma1=( 6,11,25);
+	@sigma0=( 3, 7,18);	# right shift first
+	@sigma1=(10,17,19);	# right shift first
+	$lastK=0x8f2;
+	$rounds=64;
+}
+
+$MSB = $big_endian ? 0 : ($SZ-1);
+$LSB = ($SZ-1)&~$MSB;
+
+@V=($A,$B,$C,$D,$E,$F,$G,$H)=map("\$$_",(1,2,3,7,24,25,30,31));
+@X=map("\$$_",(8..23));
+
+$ctx=$a0;
+$inp=$a1;
+$len=$a2;	$Ktbl=$len;
+
+sub BODY_00_15 {
+my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_;
+my ($T1,$tmp0,$tmp1,$tmp2)=(@X[4],@X[5],@X[6],@X[7]);
+
+$code.=<<___ if ($i<15);
+#if defined(_MIPS_ARCH_MIPS32R6) || defined(_MIPS_ARCH_MIPS64R6)
+	${LD}	@X[1],`($i+1)*$SZ`($inp)
+#else
+	${LD}l	@X[1],`($i+1)*$SZ+$MSB`($inp)
+	${LD}r	@X[1],`($i+1)*$SZ+$LSB`($inp)
+#endif
+___
+$code.=<<___	if (!$big_endian && $i<16 && $SZ==4);
+#if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2)
+	wsbh	@X[0],@X[0]		# byte swap($i)
+	rotr	@X[0],@X[0],16
+#else
+	srl	$tmp0,@X[0],24		# byte swap($i)
+	srl	$tmp1,@X[0],8
+	andi	$tmp2,@X[0],0xFF00
+	sll	@X[0],@X[0],24
+	andi	$tmp1,0xFF00
+	sll	$tmp2,$tmp2,8
+	or	@X[0],$tmp0
+	or	$tmp1,$tmp2
+	or	@X[0],$tmp1
+#endif
+___
+$code.=<<___	if (!$big_endian && $i<16 && $SZ==8);
+#if defined(_MIPS_ARCH_MIPS64R2)
+	dsbh	@X[0],@X[0]		# byte swap($i)
+	dshd	@X[0],@X[0]
+#else
+	ori	$tmp0,$zero,0xFF
+	dsll	$tmp2,$tmp0,32
+	or	$tmp0,$tmp2		# 0x000000FF000000FF
+	and	$tmp1,@X[0],$tmp0	# byte swap($i)
+	dsrl	$tmp2,@X[0],24
+	dsll	$tmp1,24
+	and	$tmp2,$tmp0
+	dsll	$tmp0,8			# 0x0000FF000000FF00
+	or	$tmp1,$tmp2
+	and	$tmp2,@X[0],$tmp0
+	dsrl	@X[0],8
+	dsll	$tmp2,8
+	and	@X[0],$tmp0
+	or	$tmp1,$tmp2
+	or	@X[0],$tmp1
+	dsrl	$tmp1,@X[0],32
+	dsll	@X[0],32
+	or	@X[0],$tmp1
+#endif
+___
+$code.=<<___;
+#if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2)
+	xor	$tmp2,$f,$g			# $i
+	$ROTR	$tmp0,$e,@Sigma1[0]
+	$ADDU	$T1,$X[0],$h
+	$ROTR	$tmp1,$e,@Sigma1[1]
+	and	$tmp2,$e
+	$ROTR	$h,$e,@Sigma1[2]
+	xor	$tmp0,$tmp1
+	$ROTR	$tmp1,$a,@Sigma0[0]
+	xor	$tmp2,$g			# Ch(e,f,g)
+	xor	$tmp0,$h			# Sigma1(e)
+
+	$ROTR	$h,$a,@Sigma0[1]
+	$ADDU	$T1,$tmp2
+	$LD	$tmp2,`$i*$SZ`($Ktbl)		# K[$i]
+	xor	$h,$tmp1
+	$ROTR	$tmp1,$a,@Sigma0[2]
+	$ADDU	$T1,$tmp0
+	and	$tmp0,$b,$c
+	xor	$h,$tmp1			# Sigma0(a)
+	xor	$tmp1,$b,$c
+#else
+	$ADDU	$T1,$X[0],$h			# $i
+	$SRL	$h,$e,@Sigma1[0]
+	xor	$tmp2,$f,$g
+	$SLL	$tmp1,$e,`$SZ*8-@Sigma1[2]`
+	and	$tmp2,$e
+	$SRL	$tmp0,$e,@Sigma1[1]
+	xor	$h,$tmp1
+	$SLL	$tmp1,$e,`$SZ*8-@Sigma1[1]`
+	xor	$h,$tmp0
+	$SRL	$tmp0,$e,@Sigma1[2]
+	xor	$h,$tmp1
+	$SLL	$tmp1,$e,`$SZ*8-@Sigma1[0]`
+	xor	$h,$tmp0
+	xor	$tmp2,$g			# Ch(e,f,g)
+	xor	$tmp0,$tmp1,$h			# Sigma1(e)
+
+	$SRL	$h,$a,@Sigma0[0]
+	$ADDU	$T1,$tmp2
+	$LD	$tmp2,`$i*$SZ`($Ktbl)		# K[$i]
+	$SLL	$tmp1,$a,`$SZ*8-@Sigma0[2]`
+	$ADDU	$T1,$tmp0
+	$SRL	$tmp0,$a,@Sigma0[1]
+	xor	$h,$tmp1
+	$SLL	$tmp1,$a,`$SZ*8-@Sigma0[1]`
+	xor	$h,$tmp0
+	$SRL	$tmp0,$a,@Sigma0[2]
+	xor	$h,$tmp1
+	$SLL	$tmp1,$a,`$SZ*8-@Sigma0[0]`
+	xor	$h,$tmp0
+	and	$tmp0,$b,$c
+	xor	$h,$tmp1			# Sigma0(a)
+	xor	$tmp1,$b,$c
+#endif
+	$ST	@X[0],`($i%16)*$SZ`($sp)	# offload to ring buffer
+	$ADDU	$h,$tmp0
+	and	$tmp1,$a
+	$ADDU	$T1,$tmp2			# +=K[$i]
+	$ADDU	$h,$tmp1			# +=Maj(a,b,c)
+	$ADDU	$d,$T1
+	$ADDU	$h,$T1
+___
+$code.=<<___ if ($i>=13);
+	$LD	@X[3],`(($i+3)%16)*$SZ`($sp)	# prefetch from ring buffer
+___
+}
+
+sub BODY_16_XX {
+my $i=@_[0];
+my ($tmp0,$tmp1,$tmp2,$tmp3)=(@X[4],@X[5],@X[6],@X[7]);
+
+$code.=<<___;
+#if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2)
+	$SRL	$tmp2,@X[1],@sigma0[0]		# Xupdate($i)
+	$ROTR	$tmp0,@X[1],@sigma0[1]
+	$ADDU	@X[0],@X[9]			# +=X[i+9]
+	xor	$tmp2,$tmp0
+	$ROTR	$tmp0,@X[1],@sigma0[2]
+
+	$SRL	$tmp3,@X[14],@sigma1[0]
+	$ROTR	$tmp1,@X[14],@sigma1[1]
+	xor	$tmp2,$tmp0			# sigma0(X[i+1])
+	$ROTR	$tmp0,@X[14],@sigma1[2]
+	xor	$tmp3,$tmp1
+	$ADDU	@X[0],$tmp2
+#else
+	$SRL	$tmp2,@X[1],@sigma0[0]		# Xupdate($i)
+	$ADDU	@X[0],@X[9]			# +=X[i+9]
+	$SLL	$tmp1,@X[1],`$SZ*8-@sigma0[2]`
+	$SRL	$tmp0,@X[1],@sigma0[1]
+	xor	$tmp2,$tmp1
+	$SLL	$tmp1,`@sigma0[2]-@sigma0[1]`
+	xor	$tmp2,$tmp0
+	$SRL	$tmp0,@X[1],@sigma0[2]
+	xor	$tmp2,$tmp1
+
+	$SRL	$tmp3,@X[14],@sigma1[0]
+	xor	$tmp2,$tmp0			# sigma0(X[i+1])
+	$SLL	$tmp1,@X[14],`$SZ*8-@sigma1[2]`
+	$ADDU	@X[0],$tmp2
+	$SRL	$tmp0,@X[14],@sigma1[1]
+	xor	$tmp3,$tmp1
+	$SLL	$tmp1,`@sigma1[2]-@sigma1[1]`
+	xor	$tmp3,$tmp0
+	$SRL	$tmp0,@X[14],@sigma1[2]
+	xor	$tmp3,$tmp1
+#endif
+	xor	$tmp3,$tmp0			# sigma1(X[i+14])
+	$ADDU	@X[0],$tmp3
+___
+	&BODY_00_15(@_);
+}
+
+$FRAMESIZE=16*$SZ+16*$SZREG;
+$SAVED_REGS_MASK = ($flavour =~ /nubi/i) ? "0xc0fff008" : "0xc0ff0000";
+
+$code.=<<___;
+#include "mips_arch.h"
+
+.text
+.set	noat
+#if !defined(__mips_eabi) && (!defined(__vxworks) || defined(__pic__))
+.option	pic2
+#endif
+
+.align	5
+.globl	sha${label}_block_data_order
+.ent	sha${label}_block_data_order
+sha${label}_block_data_order:
+	.frame	$sp,$FRAMESIZE,$ra
+	.mask	$SAVED_REGS_MASK,-$SZREG
+	.set	noreorder
+___
+$code.=<<___ if ($flavour =~ /o32/i);	# o32 PIC-ification
+	.cpload	$pf
+___
+$code.=<<___;
+	$PTR_SUB $sp,$FRAMESIZE
+	$REG_S	$ra,$FRAMESIZE-1*$SZREG($sp)
+	$REG_S	$fp,$FRAMESIZE-2*$SZREG($sp)
+	$REG_S	$s11,$FRAMESIZE-3*$SZREG($sp)
+	$REG_S	$s10,$FRAMESIZE-4*$SZREG($sp)
+	$REG_S	$s9,$FRAMESIZE-5*$SZREG($sp)
+	$REG_S	$s8,$FRAMESIZE-6*$SZREG($sp)
+	$REG_S	$s7,$FRAMESIZE-7*$SZREG($sp)
+	$REG_S	$s6,$FRAMESIZE-8*$SZREG($sp)
+	$REG_S	$s5,$FRAMESIZE-9*$SZREG($sp)
+	$REG_S	$s4,$FRAMESIZE-10*$SZREG($sp)
+___
+$code.=<<___ if ($flavour =~ /nubi/i);	# optimize non-nubi prologue
+	$REG_S	$s3,$FRAMESIZE-11*$SZREG($sp)
+	$REG_S	$s2,$FRAMESIZE-12*$SZREG($sp)
+	$REG_S	$s1,$FRAMESIZE-13*$SZREG($sp)
+	$REG_S	$s0,$FRAMESIZE-14*$SZREG($sp)
+	$REG_S	$gp,$FRAMESIZE-15*$SZREG($sp)
+___
+$code.=<<___;
+	$PTR_SLL @X[15],$len,`log(16*$SZ)/log(2)`
+___
+$code.=<<___ if ($flavour !~ /o32/i);	# non-o32 PIC-ification
+	.cplocal	$Ktbl
+	.cpsetup	$pf,$zero,sha${label}_block_data_order
+___
+$code.=<<___;
+	.set	reorder
+	$PTR_LA	$Ktbl,K${label}		# PIC-ified 'load address'
+
+	$LD	$A,0*$SZ($ctx)		# load context
+	$LD	$B,1*$SZ($ctx)
+	$LD	$C,2*$SZ($ctx)
+	$LD	$D,3*$SZ($ctx)
+	$LD	$E,4*$SZ($ctx)
+	$LD	$F,5*$SZ($ctx)
+	$LD	$G,6*$SZ($ctx)
+	$LD	$H,7*$SZ($ctx)
+
+	$PTR_ADD @X[15],$inp		# pointer to the end of input
+	$REG_S	@X[15],16*$SZ($sp)
+	b	.Loop
+
+.align	5
+.Loop:
+#if defined(_MIPS_ARCH_MIPS32R6) || defined(_MIPS_ARCH_MIPS64R6)
+	${LD}	@X[0],($inp)
+#else
+	${LD}l	@X[0],$MSB($inp)
+	${LD}r	@X[0],$LSB($inp)
+#endif
+___
+for ($i=0;$i<16;$i++)
+{ &BODY_00_15($i,@V); unshift(@V,pop(@V)); push(@X,shift(@X)); }
+$code.=<<___;
+	b	.L16_xx
+.align	4
+.L16_xx:
+___
+for (;$i<32;$i++)
+{ &BODY_16_XX($i,@V); unshift(@V,pop(@V)); push(@X,shift(@X)); }
+$code.=<<___;
+	and	@X[6],0xfff
+	li	@X[7],$lastK
+	.set	noreorder
+	bne	@X[6],@X[7],.L16_xx
+	$PTR_ADD $Ktbl,16*$SZ		# Ktbl+=16
+
+	$REG_L	@X[15],16*$SZ($sp)	# restore pointer to the end of input
+	$LD	@X[0],0*$SZ($ctx)
+	$LD	@X[1],1*$SZ($ctx)
+	$LD	@X[2],2*$SZ($ctx)
+	$PTR_ADD $inp,16*$SZ
+	$LD	@X[3],3*$SZ($ctx)
+	$ADDU	$A,@X[0]
+	$LD	@X[4],4*$SZ($ctx)
+	$ADDU	$B,@X[1]
+	$LD	@X[5],5*$SZ($ctx)
+	$ADDU	$C,@X[2]
+	$LD	@X[6],6*$SZ($ctx)
+	$ADDU	$D,@X[3]
+	$LD	@X[7],7*$SZ($ctx)
+	$ADDU	$E,@X[4]
+	$ST	$A,0*$SZ($ctx)
+	$ADDU	$F,@X[5]
+	$ST	$B,1*$SZ($ctx)
+	$ADDU	$G,@X[6]
+	$ST	$C,2*$SZ($ctx)
+	$ADDU	$H,@X[7]
+	$ST	$D,3*$SZ($ctx)
+	$ST	$E,4*$SZ($ctx)
+	$ST	$F,5*$SZ($ctx)
+	$ST	$G,6*$SZ($ctx)
+	$ST	$H,7*$SZ($ctx)
+
+	bne	$inp,@X[15],.Loop
+	$PTR_SUB $Ktbl,`($rounds-16)*$SZ`	# rewind $Ktbl
+
+	$REG_L	$ra,$FRAMESIZE-1*$SZREG($sp)
+	$REG_L	$fp,$FRAMESIZE-2*$SZREG($sp)
+	$REG_L	$s11,$FRAMESIZE-3*$SZREG($sp)
+	$REG_L	$s10,$FRAMESIZE-4*$SZREG($sp)
+	$REG_L	$s9,$FRAMESIZE-5*$SZREG($sp)
+	$REG_L	$s8,$FRAMESIZE-6*$SZREG($sp)
+	$REG_L	$s7,$FRAMESIZE-7*$SZREG($sp)
+	$REG_L	$s6,$FRAMESIZE-8*$SZREG($sp)
+	$REG_L	$s5,$FRAMESIZE-9*$SZREG($sp)
+	$REG_L	$s4,$FRAMESIZE-10*$SZREG($sp)
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	$REG_L	$s3,$FRAMESIZE-11*$SZREG($sp)
+	$REG_L	$s2,$FRAMESIZE-12*$SZREG($sp)
+	$REG_L	$s1,$FRAMESIZE-13*$SZREG($sp)
+	$REG_L	$s0,$FRAMESIZE-14*$SZREG($sp)
+	$REG_L	$gp,$FRAMESIZE-15*$SZREG($sp)
+___
+$code.=<<___;
+	jr	$ra
+	$PTR_ADD $sp,$FRAMESIZE
+.end	sha${label}_block_data_order
+
+.rdata
+.align	5
+K${label}:
+___
+if ($SZ==4) {
+$code.=<<___;
+	.word	0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5
+	.word	0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5
+	.word	0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3
+	.word	0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174
+	.word	0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc
+	.word	0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da
+	.word	0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7
+	.word	0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967
+	.word	0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13
+	.word	0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85
+	.word	0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3
+	.word	0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070
+	.word	0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5
+	.word	0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3
+	.word	0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208
+	.word	0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
+___
+} else {
+$code.=<<___;
+	.dword	0x428a2f98d728ae22, 0x7137449123ef65cd
+	.dword	0xb5c0fbcfec4d3b2f, 0xe9b5dba58189dbbc
+	.dword	0x3956c25bf348b538, 0x59f111f1b605d019
+	.dword	0x923f82a4af194f9b, 0xab1c5ed5da6d8118
+	.dword	0xd807aa98a3030242, 0x12835b0145706fbe
+	.dword	0x243185be4ee4b28c, 0x550c7dc3d5ffb4e2
+	.dword	0x72be5d74f27b896f, 0x80deb1fe3b1696b1
+	.dword	0x9bdc06a725c71235, 0xc19bf174cf692694
+	.dword	0xe49b69c19ef14ad2, 0xefbe4786384f25e3
+	.dword	0x0fc19dc68b8cd5b5, 0x240ca1cc77ac9c65
+	.dword	0x2de92c6f592b0275, 0x4a7484aa6ea6e483
+	.dword	0x5cb0a9dcbd41fbd4, 0x76f988da831153b5
+	.dword	0x983e5152ee66dfab, 0xa831c66d2db43210
+	.dword	0xb00327c898fb213f, 0xbf597fc7beef0ee4
+	.dword	0xc6e00bf33da88fc2, 0xd5a79147930aa725
+	.dword	0x06ca6351e003826f, 0x142929670a0e6e70
+	.dword	0x27b70a8546d22ffc, 0x2e1b21385c26c926
+	.dword	0x4d2c6dfc5ac42aed, 0x53380d139d95b3df
+	.dword	0x650a73548baf63de, 0x766a0abb3c77b2a8
+	.dword	0x81c2c92e47edaee6, 0x92722c851482353b
+	.dword	0xa2bfe8a14cf10364, 0xa81a664bbc423001
+	.dword	0xc24b8b70d0f89791, 0xc76c51a30654be30
+	.dword	0xd192e819d6ef5218, 0xd69906245565a910
+	.dword	0xf40e35855771202a, 0x106aa07032bbd1b8
+	.dword	0x19a4c116b8d2d0c8, 0x1e376c085141ab53
+	.dword	0x2748774cdf8eeb99, 0x34b0bcb5e19b48a8
+	.dword	0x391c0cb3c5c95a63, 0x4ed8aa4ae3418acb
+	.dword	0x5b9cca4f7763e373, 0x682e6ff3d6b2b8a3
+	.dword	0x748f82ee5defb2fc, 0x78a5636f43172f60
+	.dword	0x84c87814a1f0ab72, 0x8cc702081a6439ec
+	.dword	0x90befffa23631e28, 0xa4506cebde82bde9
+	.dword	0xbef9a3f7b2c67915, 0xc67178f2e372532b
+	.dword	0xca273eceea26619c, 0xd186b8c721c0c207
+	.dword	0xeada7dd6cde0eb1e, 0xf57d4f7fee6ed178
+	.dword	0x06f067aa72176fba, 0x0a637dc5a2c898a6
+	.dword	0x113f9804bef90dae, 0x1b710b35131c471b
+	.dword	0x28db77f523047d84, 0x32caab7b40c72493
+	.dword	0x3c9ebe0a15c9bebc, 0x431d67c49c100d4c
+	.dword	0x4cc5d4becb3e42b6, 0x597f299cfc657e2a
+	.dword	0x5fcb6fab3ad6faec, 0x6c44198c4a475817
+___
+}
+$code.=<<___;
+.asciiz	"SHA${label} for MIPS, CRYPTOGAMS by <appro\@openssl.org>"
+.align	5
+
+___
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-parisc.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-parisc.pl
new file mode 100755
index 000000000..59eb320ab
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-parisc.pl
@@ -0,0 +1,807 @@
+#! /usr/bin/env perl
+# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# SHA256/512 block procedure for PA-RISC.
+
+# June 2009.
+#
+# SHA256 performance is >75% better than gcc 3.2 generated code on
+# PA-7100LC. Compared to code generated by vendor compiler this
+# implementation is almost 70% faster in 64-bit build, but delivers
+# virtually same performance in 32-bit build on PA-8600.
+#
+# SHA512 performance is >2.9x better than gcc 3.2 generated code on
+# PA-7100LC, PA-RISC 1.1 processor. Then implementation detects if the
+# code is executed on PA-RISC 2.0 processor and switches to 64-bit
+# code path delivering adequate performance even in "blended" 32-bit
+# build. Though 64-bit code is not any faster than code generated by
+# vendor compiler on PA-8600...
+#
+# Special thanks to polarhome.com for providing HP-UX account.
+
+$flavour = shift;
+$output = shift;
+open STDOUT,">$output";
+
+if ($flavour =~ /64/) {
+	$LEVEL		="2.0W";
+	$SIZE_T		=8;
+	$FRAME_MARKER	=80;
+	$SAVED_RP	=16;
+	$PUSH		="std";
+	$PUSHMA		="std,ma";
+	$POP		="ldd";
+	$POPMB		="ldd,mb";
+} else {
+	$LEVEL		="1.0";
+	$SIZE_T		=4;
+	$FRAME_MARKER	=48;
+	$SAVED_RP	=20;
+	$PUSH		="stw";
+	$PUSHMA		="stwm";
+	$POP		="ldw";
+	$POPMB		="ldwm";
+}
+
+if ($output =~ /512/) {
+	$func="sha512_block_data_order";
+	$SZ=8;
+	@Sigma0=(28,34,39);
+	@Sigma1=(14,18,41);
+	@sigma0=(1,  8, 7);
+	@sigma1=(19,61, 6);
+	$rounds=80;
+	$LAST10BITS=0x017;
+	$LD="ldd";
+	$LDM="ldd,ma";
+	$ST="std";
+} else {
+	$func="sha256_block_data_order";
+	$SZ=4;
+	@Sigma0=( 2,13,22);
+	@Sigma1=( 6,11,25);
+	@sigma0=( 7,18, 3);
+	@sigma1=(17,19,10);
+	$rounds=64;
+	$LAST10BITS=0x0f2;
+	$LD="ldw";
+	$LDM="ldwm";
+	$ST="stw";
+}
+
+$FRAME=16*$SIZE_T+$FRAME_MARKER;# 16 saved regs + frame marker
+				#                 [+ argument transfer]
+$XOFF=16*$SZ+32;		# local variables
+$FRAME+=$XOFF;
+$XOFF+=$FRAME_MARKER;		# distance between %sp and local variables
+
+$ctx="%r26";	# zapped by $a0
+$inp="%r25";	# zapped by $a1
+$num="%r24";	# zapped by $t0
+
+$a0 ="%r26";
+$a1 ="%r25";
+$t0 ="%r24";
+$t1 ="%r29";
+$Tbl="%r31";
+
+@V=($A,$B,$C,$D,$E,$F,$G,$H)=("%r17","%r18","%r19","%r20","%r21","%r22","%r23","%r28");
+
+@X=("%r1", "%r2", "%r3", "%r4", "%r5", "%r6", "%r7", "%r8",
+    "%r9", "%r10","%r11","%r12","%r13","%r14","%r15","%r16",$inp);
+
+sub ROUND_00_15 {
+my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_;
+$code.=<<___;
+	_ror	$e,$Sigma1[0],$a0
+	and	$f,$e,$t0
+	_ror	$e,$Sigma1[1],$a1
+	addl	$t1,$h,$h
+	andcm	$g,$e,$t1
+	xor	$a1,$a0,$a0
+	_ror	$a1,`$Sigma1[2]-$Sigma1[1]`,$a1
+	or	$t0,$t1,$t1		; Ch(e,f,g)
+	addl	@X[$i%16],$h,$h
+	xor	$a0,$a1,$a1		; Sigma1(e)
+	addl	$t1,$h,$h
+	_ror	$a,$Sigma0[0],$a0
+	addl	$a1,$h,$h
+
+	_ror	$a,$Sigma0[1],$a1
+	and	$a,$b,$t0
+	and	$a,$c,$t1
+	xor	$a1,$a0,$a0
+	_ror	$a1,`$Sigma0[2]-$Sigma0[1]`,$a1
+	xor	$t1,$t0,$t0
+	and	$b,$c,$t1
+	xor	$a0,$a1,$a1		; Sigma0(a)
+	addl	$h,$d,$d
+	xor	$t1,$t0,$t0		; Maj(a,b,c)
+	`"$LDM	$SZ($Tbl),$t1" if ($i<15)`
+	addl	$a1,$h,$h
+	addl	$t0,$h,$h
+
+___
+}
+
+sub ROUND_16_xx {
+my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_;
+$i-=16;
+$code.=<<___;
+	_ror	@X[($i+1)%16],$sigma0[0],$a0
+	_ror	@X[($i+1)%16],$sigma0[1],$a1
+	addl	@X[($i+9)%16],@X[$i],@X[$i]
+	_ror	@X[($i+14)%16],$sigma1[0],$t0
+	_ror	@X[($i+14)%16],$sigma1[1],$t1
+	xor	$a1,$a0,$a0
+	_shr	@X[($i+1)%16],$sigma0[2],$a1
+	xor	$t1,$t0,$t0
+	_shr	@X[($i+14)%16],$sigma1[2],$t1
+	xor	$a1,$a0,$a0		; sigma0(X[(i+1)&0x0f])
+	xor	$t1,$t0,$t0		; sigma1(X[(i+14)&0x0f])
+	$LDM	$SZ($Tbl),$t1
+	addl	$a0,@X[$i],@X[$i]
+	addl	$t0,@X[$i],@X[$i]
+___
+$code.=<<___ if ($i==15);
+	extru	$t1,31,10,$a1
+	comiclr,<> $LAST10BITS,$a1,%r0
+	ldo	1($Tbl),$Tbl		; signal end of $Tbl
+___
+&ROUND_00_15($i+16,$a,$b,$c,$d,$e,$f,$g,$h);
+}
+
+$code=<<___;
+	.LEVEL	$LEVEL
+	.SPACE	\$TEXT\$
+	.SUBSPA	\$CODE\$,QUAD=0,ALIGN=8,ACCESS=0x2C,CODE_ONLY
+
+	.ALIGN	64
+L\$table
+___
+$code.=<<___ if ($SZ==8);
+	.WORD	0x428a2f98,0xd728ae22,0x71374491,0x23ef65cd
+	.WORD	0xb5c0fbcf,0xec4d3b2f,0xe9b5dba5,0x8189dbbc
+	.WORD	0x3956c25b,0xf348b538,0x59f111f1,0xb605d019
+	.WORD	0x923f82a4,0xaf194f9b,0xab1c5ed5,0xda6d8118
+	.WORD	0xd807aa98,0xa3030242,0x12835b01,0x45706fbe
+	.WORD	0x243185be,0x4ee4b28c,0x550c7dc3,0xd5ffb4e2
+	.WORD	0x72be5d74,0xf27b896f,0x80deb1fe,0x3b1696b1
+	.WORD	0x9bdc06a7,0x25c71235,0xc19bf174,0xcf692694
+	.WORD	0xe49b69c1,0x9ef14ad2,0xefbe4786,0x384f25e3
+	.WORD	0x0fc19dc6,0x8b8cd5b5,0x240ca1cc,0x77ac9c65
+	.WORD	0x2de92c6f,0x592b0275,0x4a7484aa,0x6ea6e483
+	.WORD	0x5cb0a9dc,0xbd41fbd4,0x76f988da,0x831153b5
+	.WORD	0x983e5152,0xee66dfab,0xa831c66d,0x2db43210
+	.WORD	0xb00327c8,0x98fb213f,0xbf597fc7,0xbeef0ee4
+	.WORD	0xc6e00bf3,0x3da88fc2,0xd5a79147,0x930aa725
+	.WORD	0x06ca6351,0xe003826f,0x14292967,0x0a0e6e70
+	.WORD	0x27b70a85,0x46d22ffc,0x2e1b2138,0x5c26c926
+	.WORD	0x4d2c6dfc,0x5ac42aed,0x53380d13,0x9d95b3df
+	.WORD	0x650a7354,0x8baf63de,0x766a0abb,0x3c77b2a8
+	.WORD	0x81c2c92e,0x47edaee6,0x92722c85,0x1482353b
+	.WORD	0xa2bfe8a1,0x4cf10364,0xa81a664b,0xbc423001
+	.WORD	0xc24b8b70,0xd0f89791,0xc76c51a3,0x0654be30
+	.WORD	0xd192e819,0xd6ef5218,0xd6990624,0x5565a910
+	.WORD	0xf40e3585,0x5771202a,0x106aa070,0x32bbd1b8
+	.WORD	0x19a4c116,0xb8d2d0c8,0x1e376c08,0x5141ab53
+	.WORD	0x2748774c,0xdf8eeb99,0x34b0bcb5,0xe19b48a8
+	.WORD	0x391c0cb3,0xc5c95a63,0x4ed8aa4a,0xe3418acb
+	.WORD	0x5b9cca4f,0x7763e373,0x682e6ff3,0xd6b2b8a3
+	.WORD	0x748f82ee,0x5defb2fc,0x78a5636f,0x43172f60
+	.WORD	0x84c87814,0xa1f0ab72,0x8cc70208,0x1a6439ec
+	.WORD	0x90befffa,0x23631e28,0xa4506ceb,0xde82bde9
+	.WORD	0xbef9a3f7,0xb2c67915,0xc67178f2,0xe372532b
+	.WORD	0xca273ece,0xea26619c,0xd186b8c7,0x21c0c207
+	.WORD	0xeada7dd6,0xcde0eb1e,0xf57d4f7f,0xee6ed178
+	.WORD	0x06f067aa,0x72176fba,0x0a637dc5,0xa2c898a6
+	.WORD	0x113f9804,0xbef90dae,0x1b710b35,0x131c471b
+	.WORD	0x28db77f5,0x23047d84,0x32caab7b,0x40c72493
+	.WORD	0x3c9ebe0a,0x15c9bebc,0x431d67c4,0x9c100d4c
+	.WORD	0x4cc5d4be,0xcb3e42b6,0x597f299c,0xfc657e2a
+	.WORD	0x5fcb6fab,0x3ad6faec,0x6c44198c,0x4a475817
+___
+$code.=<<___ if ($SZ==4);
+	.WORD	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
+	.WORD	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
+	.WORD	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
+	.WORD	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
+	.WORD	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
+	.WORD	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
+	.WORD	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
+	.WORD	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
+	.WORD	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
+	.WORD	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
+	.WORD	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
+	.WORD	0xd192e819,0xd6990624,0xf40e3585,0x106aa070
+	.WORD	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
+	.WORD	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
+	.WORD	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
+	.WORD	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
+___
+$code.=<<___;
+
+	.EXPORT	$func,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR
+	.ALIGN	64
+$func
+	.PROC
+	.CALLINFO	FRAME=`$FRAME-16*$SIZE_T`,NO_CALLS,SAVE_RP,ENTRY_GR=18
+	.ENTRY
+	$PUSH	%r2,-$SAVED_RP(%sp)	; standard prologue
+	$PUSHMA	%r3,$FRAME(%sp)
+	$PUSH	%r4,`-$FRAME+1*$SIZE_T`(%sp)
+	$PUSH	%r5,`-$FRAME+2*$SIZE_T`(%sp)
+	$PUSH	%r6,`-$FRAME+3*$SIZE_T`(%sp)
+	$PUSH	%r7,`-$FRAME+4*$SIZE_T`(%sp)
+	$PUSH	%r8,`-$FRAME+5*$SIZE_T`(%sp)
+	$PUSH	%r9,`-$FRAME+6*$SIZE_T`(%sp)
+	$PUSH	%r10,`-$FRAME+7*$SIZE_T`(%sp)
+	$PUSH	%r11,`-$FRAME+8*$SIZE_T`(%sp)
+	$PUSH	%r12,`-$FRAME+9*$SIZE_T`(%sp)
+	$PUSH	%r13,`-$FRAME+10*$SIZE_T`(%sp)
+	$PUSH	%r14,`-$FRAME+11*$SIZE_T`(%sp)
+	$PUSH	%r15,`-$FRAME+12*$SIZE_T`(%sp)
+	$PUSH	%r16,`-$FRAME+13*$SIZE_T`(%sp)
+	$PUSH	%r17,`-$FRAME+14*$SIZE_T`(%sp)
+	$PUSH	%r18,`-$FRAME+15*$SIZE_T`(%sp)
+
+	_shl	$num,`log(16*$SZ)/log(2)`,$num
+	addl	$inp,$num,$num		; $num to point at the end of $inp
+
+	$PUSH	$num,`-$FRAME_MARKER-4*$SIZE_T`(%sp)	; save arguments
+	$PUSH	$inp,`-$FRAME_MARKER-3*$SIZE_T`(%sp)
+	$PUSH	$ctx,`-$FRAME_MARKER-2*$SIZE_T`(%sp)
+
+	blr	%r0,$Tbl
+	ldi	3,$t1
+L\$pic
+	andcm	$Tbl,$t1,$Tbl		; wipe privilege level
+	ldo	L\$table-L\$pic($Tbl),$Tbl
+___
+$code.=<<___ if ($SZ==8 && $SIZE_T==4);
+	ldi	31,$t1
+	mtctl	$t1,%cr11
+	extrd,u,*= $t1,%sar,1,$t1	; executes on PA-RISC 1.0
+	b	L\$parisc1
+	nop
+___
+$code.=<<___;
+	$LD	`0*$SZ`($ctx),$A	; load context
+	$LD	`1*$SZ`($ctx),$B
+	$LD	`2*$SZ`($ctx),$C
+	$LD	`3*$SZ`($ctx),$D
+	$LD	`4*$SZ`($ctx),$E
+	$LD	`5*$SZ`($ctx),$F
+	$LD	`6*$SZ`($ctx),$G
+	$LD	`7*$SZ`($ctx),$H
+
+	extru	$inp,31,`log($SZ)/log(2)`,$t0
+	sh3addl	$t0,%r0,$t0
+	subi	`8*$SZ`,$t0,$t0
+	mtctl	$t0,%cr11		; load %sar with align factor
+
+L\$oop
+	ldi	`$SZ-1`,$t0
+	$LDM	$SZ($Tbl),$t1
+	andcm	$inp,$t0,$t0		; align $inp
+___
+	for ($i=0;$i<15;$i++) {		# load input block
+	$code.="\t$LD	`$SZ*$i`($t0),@X[$i]\n";		}
+$code.=<<___;
+	cmpb,*=	$inp,$t0,L\$aligned
+	$LD	`$SZ*15`($t0),@X[15]
+	$LD	`$SZ*16`($t0),@X[16]
+___
+	for ($i=0;$i<16;$i++) {		# align data
+	$code.="\t_align	@X[$i],@X[$i+1],@X[$i]\n";	}
+$code.=<<___;
+L\$aligned
+	nop	; otherwise /usr/ccs/bin/as is confused by below .WORD
+___
+
+for($i=0;$i<16;$i++)	{ &ROUND_00_15($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+L\$rounds
+	nop	; otherwise /usr/ccs/bin/as is confused by below .WORD
+___
+for(;$i<32;$i++)	{ &ROUND_16_xx($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	bb,>=	$Tbl,31,L\$rounds	; end of $Tbl signalled?
+	nop
+
+	$POP	`-$FRAME_MARKER-2*$SIZE_T`(%sp),$ctx	; restore arguments
+	$POP	`-$FRAME_MARKER-3*$SIZE_T`(%sp),$inp
+	$POP	`-$FRAME_MARKER-4*$SIZE_T`(%sp),$num
+	ldo	`-$rounds*$SZ-1`($Tbl),$Tbl		; rewind $Tbl
+
+	$LD	`0*$SZ`($ctx),@X[0]	; load context
+	$LD	`1*$SZ`($ctx),@X[1]
+	$LD	`2*$SZ`($ctx),@X[2]
+	$LD	`3*$SZ`($ctx),@X[3]
+	$LD	`4*$SZ`($ctx),@X[4]
+	$LD	`5*$SZ`($ctx),@X[5]
+	addl	@X[0],$A,$A
+	$LD	`6*$SZ`($ctx),@X[6]
+	addl	@X[1],$B,$B
+	$LD	`7*$SZ`($ctx),@X[7]
+	ldo	`16*$SZ`($inp),$inp	; advance $inp
+
+	$ST	$A,`0*$SZ`($ctx)	; save context
+	addl	@X[2],$C,$C
+	$ST	$B,`1*$SZ`($ctx)
+	addl	@X[3],$D,$D
+	$ST	$C,`2*$SZ`($ctx)
+	addl	@X[4],$E,$E
+	$ST	$D,`3*$SZ`($ctx)
+	addl	@X[5],$F,$F
+	$ST	$E,`4*$SZ`($ctx)
+	addl	@X[6],$G,$G
+	$ST	$F,`5*$SZ`($ctx)
+	addl	@X[7],$H,$H
+	$ST	$G,`6*$SZ`($ctx)
+	$ST	$H,`7*$SZ`($ctx)
+
+	cmpb,*<>,n $inp,$num,L\$oop
+	$PUSH	$inp,`-$FRAME_MARKER-3*$SIZE_T`(%sp)	; save $inp
+___
+if ($SZ==8 && $SIZE_T==4)	# SHA512 for 32-bit PA-RISC 1.0
+{{
+$code.=<<___;
+	b	L\$done
+	nop
+
+	.ALIGN	64
+L\$parisc1
+___
+
+@V=(  $Ahi,  $Alo,  $Bhi,  $Blo,  $Chi,  $Clo,  $Dhi,  $Dlo,
+      $Ehi,  $Elo,  $Fhi,  $Flo,  $Ghi,  $Glo,  $Hhi,  $Hlo) =
+   ( "%r1", "%r2", "%r3", "%r4", "%r5", "%r6", "%r7", "%r8",
+     "%r9","%r10","%r11","%r12","%r13","%r14","%r15","%r16");
+$a0 ="%r17";
+$a1 ="%r18";
+$a2 ="%r19";
+$a3 ="%r20";
+$t0 ="%r21";
+$t1 ="%r22";
+$t2 ="%r28";
+$t3 ="%r29";
+$Tbl="%r31";
+
+@X=("%r23","%r24","%r25","%r26");	# zaps $num,$inp,$ctx
+
+sub ROUND_00_15_pa1 {
+my ($i,$ahi,$alo,$bhi,$blo,$chi,$clo,$dhi,$dlo,
+       $ehi,$elo,$fhi,$flo,$ghi,$glo,$hhi,$hlo,$flag)=@_;
+my ($Xhi,$Xlo,$Xnhi,$Xnlo) = @X;
+
+$code.=<<___ if (!$flag);
+	ldw	`-$XOFF+8*(($i+1)%16)`(%sp),$Xnhi
+	ldw	`-$XOFF+8*(($i+1)%16)+4`(%sp),$Xnlo	; load X[i+1]
+___
+$code.=<<___;
+	shd	$ehi,$elo,$Sigma1[0],$t0
+	 add	$Xlo,$hlo,$hlo
+	shd	$elo,$ehi,$Sigma1[0],$t1
+	 addc	$Xhi,$hhi,$hhi		; h += X[i]
+	shd	$ehi,$elo,$Sigma1[1],$t2
+	 ldwm	8($Tbl),$Xhi
+	shd	$elo,$ehi,$Sigma1[1],$t3
+	 ldw	-4($Tbl),$Xlo		; load K[i]
+	xor	$t2,$t0,$t0
+	xor	$t3,$t1,$t1
+	 and	$flo,$elo,$a0
+	 and	$fhi,$ehi,$a1
+	shd	$ehi,$elo,$Sigma1[2],$t2
+	 andcm	$glo,$elo,$a2
+	shd	$elo,$ehi,$Sigma1[2],$t3
+	 andcm	$ghi,$ehi,$a3
+	xor	$t2,$t0,$t0
+	xor	$t3,$t1,$t1		; Sigma1(e)
+	add	$Xlo,$hlo,$hlo
+	 xor	$a2,$a0,$a0
+	addc	$Xhi,$hhi,$hhi		; h += K[i]
+	 xor	$a3,$a1,$a1		; Ch(e,f,g)
+
+	 add	$t0,$hlo,$hlo
+	shd	$ahi,$alo,$Sigma0[0],$t0
+	 addc	$t1,$hhi,$hhi		; h += Sigma1(e)
+	shd	$alo,$ahi,$Sigma0[0],$t1
+	 add	$a0,$hlo,$hlo
+	shd	$ahi,$alo,$Sigma0[1],$t2
+	 addc	$a1,$hhi,$hhi		; h += Ch(e,f,g)
+	shd	$alo,$ahi,$Sigma0[1],$t3
+
+	xor	$t2,$t0,$t0
+	xor	$t3,$t1,$t1
+	shd	$ahi,$alo,$Sigma0[2],$t2
+	and	$alo,$blo,$a0
+	shd	$alo,$ahi,$Sigma0[2],$t3
+	and	$ahi,$bhi,$a1
+	xor	$t2,$t0,$t0
+	xor	$t3,$t1,$t1		; Sigma0(a)
+
+	and	$alo,$clo,$a2
+	and	$ahi,$chi,$a3
+	xor	$a2,$a0,$a0
+	 add	$hlo,$dlo,$dlo
+	xor	$a3,$a1,$a1
+	 addc	$hhi,$dhi,$dhi		; d += h
+	and	$blo,$clo,$a2
+	 add	$t0,$hlo,$hlo
+	and	$bhi,$chi,$a3
+	 addc	$t1,$hhi,$hhi		; h += Sigma0(a)
+	xor	$a2,$a0,$a0
+	 add	$a0,$hlo,$hlo
+	xor	$a3,$a1,$a1		; Maj(a,b,c)
+	 addc	$a1,$hhi,$hhi		; h += Maj(a,b,c)
+
+___
+$code.=<<___ if ($i==15 && $flag);
+	extru	$Xlo,31,10,$Xlo
+	comiclr,= $LAST10BITS,$Xlo,%r0
+	b	L\$rounds_pa1
+	nop
+___
+push(@X,shift(@X)); push(@X,shift(@X));
+}
+
+sub ROUND_16_xx_pa1 {
+my ($Xhi,$Xlo,$Xnhi,$Xnlo) = @X;
+my ($i)=shift;
+$i-=16;
+$code.=<<___;
+	ldw	`-$XOFF+8*(($i+1)%16)`(%sp),$Xnhi
+	ldw	`-$XOFF+8*(($i+1)%16)+4`(%sp),$Xnlo	; load X[i+1]
+	ldw	`-$XOFF+8*(($i+9)%16)`(%sp),$a1
+	ldw	`-$XOFF+8*(($i+9)%16)+4`(%sp),$a0	; load X[i+9]
+	ldw	`-$XOFF+8*(($i+14)%16)`(%sp),$a3
+	ldw	`-$XOFF+8*(($i+14)%16)+4`(%sp),$a2	; load X[i+14]
+	shd	$Xnhi,$Xnlo,$sigma0[0],$t0
+	shd	$Xnlo,$Xnhi,$sigma0[0],$t1
+	 add	$a0,$Xlo,$Xlo
+	shd	$Xnhi,$Xnlo,$sigma0[1],$t2
+	 addc	$a1,$Xhi,$Xhi
+	shd	$Xnlo,$Xnhi,$sigma0[1],$t3
+	xor	$t2,$t0,$t0
+	shd	$Xnhi,$Xnlo,$sigma0[2],$t2
+	xor	$t3,$t1,$t1
+	extru	$Xnhi,`31-$sigma0[2]`,`32-$sigma0[2]`,$t3
+	xor	$t2,$t0,$t0
+	 shd	$a3,$a2,$sigma1[0],$a0
+	xor	$t3,$t1,$t1		; sigma0(X[i+1)&0x0f])
+	 shd	$a2,$a3,$sigma1[0],$a1
+	add	$t0,$Xlo,$Xlo
+	 shd	$a3,$a2,$sigma1[1],$t2
+	addc	$t1,$Xhi,$Xhi
+	 shd	$a2,$a3,$sigma1[1],$t3
+	xor	$t2,$a0,$a0
+	shd	$a3,$a2,$sigma1[2],$t2
+	xor	$t3,$a1,$a1
+	extru	$a3,`31-$sigma1[2]`,`32-$sigma1[2]`,$t3
+	xor	$t2,$a0,$a0
+	xor	$t3,$a1,$a1		; sigma0(X[i+14)&0x0f])
+	add	$a0,$Xlo,$Xlo
+	addc	$a1,$Xhi,$Xhi
+
+	stw	$Xhi,`-$XOFF+8*($i%16)`(%sp)
+	stw	$Xlo,`-$XOFF+8*($i%16)+4`(%sp)
+___
+&ROUND_00_15_pa1($i,@_,1);
+}
+$code.=<<___;
+	ldw	`0*4`($ctx),$Ahi		; load context
+	ldw	`1*4`($ctx),$Alo
+	ldw	`2*4`($ctx),$Bhi
+	ldw	`3*4`($ctx),$Blo
+	ldw	`4*4`($ctx),$Chi
+	ldw	`5*4`($ctx),$Clo
+	ldw	`6*4`($ctx),$Dhi
+	ldw	`7*4`($ctx),$Dlo
+	ldw	`8*4`($ctx),$Ehi
+	ldw	`9*4`($ctx),$Elo
+	ldw	`10*4`($ctx),$Fhi
+	ldw	`11*4`($ctx),$Flo
+	ldw	`12*4`($ctx),$Ghi
+	ldw	`13*4`($ctx),$Glo
+	ldw	`14*4`($ctx),$Hhi
+	ldw	`15*4`($ctx),$Hlo
+
+	extru	$inp,31,2,$t0
+	sh3addl	$t0,%r0,$t0
+	subi	32,$t0,$t0
+	mtctl	$t0,%cr11		; load %sar with align factor
+
+L\$oop_pa1
+	extru	$inp,31,2,$a3
+	comib,=	0,$a3,L\$aligned_pa1
+	sub	$inp,$a3,$inp
+
+	ldw	`0*4`($inp),$X[0]
+	ldw	`1*4`($inp),$X[1]
+	ldw	`2*4`($inp),$t2
+	ldw	`3*4`($inp),$t3
+	ldw	`4*4`($inp),$a0
+	ldw	`5*4`($inp),$a1
+	ldw	`6*4`($inp),$a2
+	ldw	`7*4`($inp),$a3
+	vshd	$X[0],$X[1],$X[0]
+	vshd	$X[1],$t2,$X[1]
+	stw	$X[0],`-$XOFF+0*4`(%sp)
+	ldw	`8*4`($inp),$t0
+	vshd	$t2,$t3,$t2
+	stw	$X[1],`-$XOFF+1*4`(%sp)
+	ldw	`9*4`($inp),$t1
+	vshd	$t3,$a0,$t3
+___
+{
+my @t=($t2,$t3,$a0,$a1,$a2,$a3,$t0,$t1);
+for ($i=2;$i<=(128/4-8);$i++) {
+$code.=<<___;
+	stw	$t[0],`-$XOFF+$i*4`(%sp)
+	ldw	`(8+$i)*4`($inp),$t[0]
+	vshd	$t[1],$t[2],$t[1]
+___
+push(@t,shift(@t));
+}
+for (;$i<(128/4-1);$i++) {
+$code.=<<___;
+	stw	$t[0],`-$XOFF+$i*4`(%sp)
+	vshd	$t[1],$t[2],$t[1]
+___
+push(@t,shift(@t));
+}
+$code.=<<___;
+	b	L\$collected_pa1
+	stw	$t[0],`-$XOFF+$i*4`(%sp)
+
+___
+}
+$code.=<<___;
+L\$aligned_pa1
+	ldw	`0*4`($inp),$X[0]
+	ldw	`1*4`($inp),$X[1]
+	ldw	`2*4`($inp),$t2
+	ldw	`3*4`($inp),$t3
+	ldw	`4*4`($inp),$a0
+	ldw	`5*4`($inp),$a1
+	ldw	`6*4`($inp),$a2
+	ldw	`7*4`($inp),$a3
+	stw	$X[0],`-$XOFF+0*4`(%sp)
+	ldw	`8*4`($inp),$t0
+	stw	$X[1],`-$XOFF+1*4`(%sp)
+	ldw	`9*4`($inp),$t1
+___
+{
+my @t=($t2,$t3,$a0,$a1,$a2,$a3,$t0,$t1);
+for ($i=2;$i<(128/4-8);$i++) {
+$code.=<<___;
+	stw	$t[0],`-$XOFF+$i*4`(%sp)
+	ldw	`(8+$i)*4`($inp),$t[0]
+___
+push(@t,shift(@t));
+}
+for (;$i<128/4;$i++) {
+$code.=<<___;
+	stw	$t[0],`-$XOFF+$i*4`(%sp)
+___
+push(@t,shift(@t));
+}
+$code.="L\$collected_pa1\n";
+}
+
+for($i=0;$i<16;$i++)	{ &ROUND_00_15_pa1($i,@V); unshift(@V,pop(@V)); unshift(@V,pop(@V)); }
+$code.="L\$rounds_pa1\n";
+for(;$i<32;$i++)	{ &ROUND_16_xx_pa1($i,@V); unshift(@V,pop(@V)); unshift(@V,pop(@V)); }
+
+$code.=<<___;
+	$POP	`-$FRAME_MARKER-2*$SIZE_T`(%sp),$ctx	; restore arguments
+	$POP	`-$FRAME_MARKER-3*$SIZE_T`(%sp),$inp
+	$POP	`-$FRAME_MARKER-4*$SIZE_T`(%sp),$num
+	ldo	`-$rounds*$SZ`($Tbl),$Tbl		; rewind $Tbl
+
+	ldw	`0*4`($ctx),$t1		; update context
+	ldw	`1*4`($ctx),$t0
+	ldw	`2*4`($ctx),$t3
+	ldw	`3*4`($ctx),$t2
+	ldw	`4*4`($ctx),$a1
+	ldw	`5*4`($ctx),$a0
+	ldw	`6*4`($ctx),$a3
+	add	$t0,$Alo,$Alo
+	ldw	`7*4`($ctx),$a2
+	addc	$t1,$Ahi,$Ahi
+	ldw	`8*4`($ctx),$t1
+	add	$t2,$Blo,$Blo
+	ldw	`9*4`($ctx),$t0
+	addc	$t3,$Bhi,$Bhi
+	ldw	`10*4`($ctx),$t3
+	add	$a0,$Clo,$Clo
+	ldw	`11*4`($ctx),$t2
+	addc	$a1,$Chi,$Chi
+	ldw	`12*4`($ctx),$a1
+	add	$a2,$Dlo,$Dlo
+	ldw	`13*4`($ctx),$a0
+	addc	$a3,$Dhi,$Dhi
+	ldw	`14*4`($ctx),$a3
+	add	$t0,$Elo,$Elo
+	ldw	`15*4`($ctx),$a2
+	addc	$t1,$Ehi,$Ehi
+	stw	$Ahi,`0*4`($ctx)
+	add	$t2,$Flo,$Flo
+	stw	$Alo,`1*4`($ctx)
+	addc	$t3,$Fhi,$Fhi
+	stw	$Bhi,`2*4`($ctx)
+	add	$a0,$Glo,$Glo
+	stw	$Blo,`3*4`($ctx)
+	addc	$a1,$Ghi,$Ghi
+	stw	$Chi,`4*4`($ctx)
+	add	$a2,$Hlo,$Hlo
+	stw	$Clo,`5*4`($ctx)
+	addc	$a3,$Hhi,$Hhi
+	stw	$Dhi,`6*4`($ctx)
+	ldo	`16*$SZ`($inp),$inp	; advance $inp
+	stw	$Dlo,`7*4`($ctx)
+	stw	$Ehi,`8*4`($ctx)
+	stw	$Elo,`9*4`($ctx)
+	stw	$Fhi,`10*4`($ctx)
+	stw	$Flo,`11*4`($ctx)
+	stw	$Ghi,`12*4`($ctx)
+	stw	$Glo,`13*4`($ctx)
+	stw	$Hhi,`14*4`($ctx)
+	comb,=	$inp,$num,L\$done
+	stw	$Hlo,`15*4`($ctx)
+	b	L\$oop_pa1
+	$PUSH	$inp,`-$FRAME_MARKER-3*$SIZE_T`(%sp)	; save $inp
+L\$done
+___
+}}
+$code.=<<___;
+	$POP	`-$FRAME-$SAVED_RP`(%sp),%r2		; standard epilogue
+	$POP	`-$FRAME+1*$SIZE_T`(%sp),%r4
+	$POP	`-$FRAME+2*$SIZE_T`(%sp),%r5
+	$POP	`-$FRAME+3*$SIZE_T`(%sp),%r6
+	$POP	`-$FRAME+4*$SIZE_T`(%sp),%r7
+	$POP	`-$FRAME+5*$SIZE_T`(%sp),%r8
+	$POP	`-$FRAME+6*$SIZE_T`(%sp),%r9
+	$POP	`-$FRAME+7*$SIZE_T`(%sp),%r10
+	$POP	`-$FRAME+8*$SIZE_T`(%sp),%r11
+	$POP	`-$FRAME+9*$SIZE_T`(%sp),%r12
+	$POP	`-$FRAME+10*$SIZE_T`(%sp),%r13
+	$POP	`-$FRAME+11*$SIZE_T`(%sp),%r14
+	$POP	`-$FRAME+12*$SIZE_T`(%sp),%r15
+	$POP	`-$FRAME+13*$SIZE_T`(%sp),%r16
+	$POP	`-$FRAME+14*$SIZE_T`(%sp),%r17
+	$POP	`-$FRAME+15*$SIZE_T`(%sp),%r18
+	bv	(%r2)
+	.EXIT
+	$POPMB	-$FRAME(%sp),%r3
+	.PROCEND
+	.STRINGZ "SHA`64*$SZ` block transform for PA-RISC, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+# Explicitly encode PA-RISC 2.0 instructions used in this module, so
+# that it can be compiled with .LEVEL 1.0. It should be noted that I
+# wouldn't have to do this, if GNU assembler understood .ALLOW 2.0
+# directive...
+
+my $ldd = sub {
+  my ($mod,$args) = @_;
+  my $orig = "ldd$mod\t$args";
+
+    if ($args =~ /(\-?[0-9]+)\(%r([0-9]+)\),%r([0-9]+)/) # format 3 suffices
+    {	my $opcode=(0x14<<26)|($2<<21)|($3<<16)|(($1&0x1FF8)<<1)|(($1>>13)&1);
+	$opcode|=(1<<3) if ($mod =~ /^,m/);
+	$opcode|=(1<<2) if ($mod =~ /^,mb/);
+	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
+    }
+    else { "\t".$orig; }
+};
+
+my $std = sub {
+  my ($mod,$args) = @_;
+  my $orig = "std$mod\t$args";
+
+    if ($args =~ /%r([0-9]+),(\-?[0-9]+)\(%r([0-9]+)\)/) # format 3 suffices
+    {	my $opcode=(0x1c<<26)|($3<<21)|($1<<16)|(($2&0x1FF8)<<1)|(($2>>13)&1);
+	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
+    }
+    else { "\t".$orig; }
+};
+
+my $extrd = sub {
+  my ($mod,$args) = @_;
+  my $orig = "extrd$mod\t$args";
+
+    # I only have ",u" completer, it's implicitly encoded...
+    if ($args =~ /%r([0-9]+),([0-9]+),([0-9]+),%r([0-9]+)/)	# format 15
+    {	my $opcode=(0x36<<26)|($1<<21)|($4<<16);
+	my $len=32-$3;
+	$opcode |= (($2&0x20)<<6)|(($2&0x1f)<<5);		# encode pos
+	$opcode |= (($len&0x20)<<7)|($len&0x1f);		# encode len
+	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
+    }
+    elsif ($args =~ /%r([0-9]+),%sar,([0-9]+),%r([0-9]+)/)	# format 12
+    {	my $opcode=(0x34<<26)|($1<<21)|($3<<16)|(2<<11)|(1<<9);
+	my $len=32-$2;
+	$opcode |= (($len&0x20)<<3)|($len&0x1f);		# encode len
+	$opcode |= (1<<13) if ($mod =~ /,\**=/);
+	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
+    }
+    else { "\t".$orig; }
+};
+
+my $shrpd = sub {
+  my ($mod,$args) = @_;
+  my $orig = "shrpd$mod\t$args";
+
+    if ($args =~ /%r([0-9]+),%r([0-9]+),([0-9]+),%r([0-9]+)/)	# format 14
+    {	my $opcode=(0x34<<26)|($2<<21)|($1<<16)|(1<<10)|$4;
+	my $cpos=63-$3;
+	$opcode |= (($cpos&0x20)<<6)|(($cpos&0x1f)<<5);		# encode sa
+	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
+    }
+    elsif ($args =~ /%r([0-9]+),%r([0-9]+),%sar,%r([0-9]+)/)	# format 11
+    {	sprintf "\t.WORD\t0x%08x\t; %s",
+		(0x34<<26)|($2<<21)|($1<<16)|(1<<9)|$3,$orig;
+    }
+    else { "\t".$orig; }
+};
+
+sub assemble {
+  my ($mnemonic,$mod,$args)=@_;
+  my $opcode = eval("\$$mnemonic");
+
+    ref($opcode) eq 'CODE' ? &$opcode($mod,$args) : "\t$mnemonic$mod\t$args";
+}
+
+if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+	=~ /GNU assembler/) {
+    $gnuas = 1;
+}
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/ge;
+
+	s/shd\s+(%r[0-9]+),(%r[0-9]+),([0-9]+)/
+		$3>31 ? sprintf("shd\t%$2,%$1,%d",$3-32)	# rotation for >=32
+		:       sprintf("shd\t%$1,%$2,%d",$3)/e			or
+	# translate made up instructions: _ror, _shr, _align, _shl
+	s/_ror(\s+)(%r[0-9]+),/
+		($SZ==4 ? "shd" : "shrpd")."$1$2,$2,"/e			or
+
+	s/_shr(\s+%r[0-9]+),([0-9]+),/
+		$SZ==4 ? sprintf("extru%s,%d,%d,",$1,31-$2,32-$2)
+		:        sprintf("extrd,u%s,%d,%d,",$1,63-$2,64-$2)/e	or
+
+	s/_align(\s+%r[0-9]+,%r[0-9]+),/
+		($SZ==4 ? "vshd$1," : "shrpd$1,%sar,")/e		or
+
+	s/_shl(\s+%r[0-9]+),([0-9]+),/
+		$SIZE_T==4 ? sprintf("zdep%s,%d,%d,",$1,31-$2,32-$2)
+		:            sprintf("depd,z%s,%d,%d,",$1,63-$2,64-$2)/e;
+
+	s/^\s+([a-z]+)([\S]*)\s+([\S]*)/&assemble($1,$2,$3)/e if ($SIZE_T==4);
+
+	s/(\.LEVEL\s+2\.0)W/$1w/	if ($gnuas && $SIZE_T==8);
+	s/\.SPACE\s+\$TEXT\$/.text/	if ($gnuas && $SIZE_T==8);
+	s/\.SUBSPA.*//			if ($gnuas && $SIZE_T==8);
+	s/cmpb,\*/comb,/ 		if ($SIZE_T==4);
+	s/\bbv\b/bve/    		if ($SIZE_T==8);
+
+	print $_,"\n";
+}
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-ppc.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-ppc.pl
new file mode 100755
index 000000000..71699f663
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-ppc.pl
@@ -0,0 +1,799 @@
+#! /usr/bin/env perl
+# Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# I let hardware handle unaligned input, except on page boundaries
+# (see below for details). Otherwise straightforward implementation
+# with X vector in register bank.
+
+#			sha256		|	sha512
+# 			-m64	-m32	|	-m64	-m32
+# --------------------------------------+-----------------------
+# PPC970,gcc-4.0.0	+50%	+38%	|	+40%	+410%(*)
+# Power6,xlc-7		+150%	+90%	|	+100%	+430%(*)
+#
+# (*)	64-bit code in 32-bit application context, which actually is
+#	on TODO list. It should be noted that for safe deployment in
+#	32-bit *multi-threaded* context asynchronous signals should be
+#	blocked upon entry to SHA512 block routine. This is because
+#	32-bit signaling procedure invalidates upper halves of GPRs.
+#	Context switch procedure preserves them, but not signaling:-(
+
+# Second version is true multi-thread safe. Trouble with the original
+# version was that it was using thread local storage pointer register.
+# Well, it scrupulously preserved it, but the problem would arise the
+# moment asynchronous signal was delivered and signal handler would
+# dereference the TLS pointer. While it's never the case in openssl
+# application or test suite, we have to respect this scenario and not
+# use TLS pointer register. Alternative would be to require caller to
+# block signals prior calling this routine. For the record, in 32-bit
+# context R2 serves as TLS pointer, while in 64-bit context - R13.
+
+$flavour=shift;
+$output =shift;
+
+if ($flavour =~ /64/) {
+	$SIZE_T=8;
+	$LRSAVE=2*$SIZE_T;
+	$STU="stdu";
+	$UCMP="cmpld";
+	$SHL="sldi";
+	$POP="ld";
+	$PUSH="std";
+} elsif ($flavour =~ /32/) {
+	$SIZE_T=4;
+	$LRSAVE=$SIZE_T;
+	$STU="stwu";
+	$UCMP="cmplw";
+	$SHL="slwi";
+	$POP="lwz";
+	$PUSH="stw";
+} else { die "nonsense $flavour"; }
+
+$LITTLE_ENDIAN = ($flavour=~/le$/) ? $SIZE_T : 0;
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
+die "can't locate ppc-xlate.pl";
+
+open STDOUT,"| $^X $xlate $flavour $output" || die "can't call $xlate: $!";
+
+if ($output =~ /512/) {
+	$func="sha512_block_ppc";
+	$SZ=8;
+	@Sigma0=(28,34,39);
+	@Sigma1=(14,18,41);
+	@sigma0=(1,  8, 7);
+	@sigma1=(19,61, 6);
+	$rounds=80;
+	$LD="ld";
+	$ST="std";
+	$ROR="rotrdi";
+	$SHR="srdi";
+} else {
+	$func="sha256_block_ppc";
+	$SZ=4;
+	@Sigma0=( 2,13,22);
+	@Sigma1=( 6,11,25);
+	@sigma0=( 7,18, 3);
+	@sigma1=(17,19,10);
+	$rounds=64;
+	$LD="lwz";
+	$ST="stw";
+	$ROR="rotrwi";
+	$SHR="srwi";
+}
+
+$FRAME=32*$SIZE_T+16*$SZ;
+$LOCALS=6*$SIZE_T;
+
+$sp ="r1";
+$toc="r2";
+$ctx="r3";	# zapped by $a0
+$inp="r4";	# zapped by $a1
+$num="r5";	# zapped by $t0
+
+$T  ="r0";
+$a0 ="r3";
+$a1 ="r4";
+$t0 ="r5";
+$t1 ="r6";
+$Tbl="r7";
+
+$A  ="r8";
+$B  ="r9";
+$C  ="r10";
+$D  ="r11";
+$E  ="r12";
+$F  =$t1;	$t1 = "r0";	# stay away from "r13";
+$G  ="r14";
+$H  ="r15";
+
+@V=($A,$B,$C,$D,$E,$F,$G,$H);
+@X=("r16","r17","r18","r19","r20","r21","r22","r23",
+    "r24","r25","r26","r27","r28","r29","r30","r31");
+
+$inp="r31" if($SZ==4 || $SIZE_T==8);	# reassigned $inp! aliases with @X[15]
+
+sub ROUND_00_15 {
+my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_;
+$code.=<<___;
+	$ROR	$a0,$e,$Sigma1[0]
+	$ROR	$a1,$e,$Sigma1[1]
+	and	$t0,$f,$e
+	xor	$a0,$a0,$a1
+	add	$h,$h,$t1
+	andc	$t1,$g,$e
+	$ROR	$a1,$a1,`$Sigma1[2]-$Sigma1[1]`
+	or	$t0,$t0,$t1		; Ch(e,f,g)
+	add	$h,$h,@X[$i%16]
+	xor	$a0,$a0,$a1		; Sigma1(e)
+	add	$h,$h,$t0
+	add	$h,$h,$a0
+
+	$ROR	$a0,$a,$Sigma0[0]
+	$ROR	$a1,$a,$Sigma0[1]
+	and	$t0,$a,$b
+	and	$t1,$a,$c
+	xor	$a0,$a0,$a1
+	$ROR	$a1,$a1,`$Sigma0[2]-$Sigma0[1]`
+	xor	$t0,$t0,$t1
+	and	$t1,$b,$c
+	xor	$a0,$a0,$a1		; Sigma0(a)
+	add	$d,$d,$h
+	xor	$t0,$t0,$t1		; Maj(a,b,c)
+___
+$code.=<<___ if ($i<15);
+	$LD	$t1,`($i+1)*$SZ`($Tbl)
+___
+$code.=<<___;
+	add	$h,$h,$a0
+	add	$h,$h,$t0
+
+___
+}
+
+sub ROUND_16_xx {
+my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_;
+$i-=16;
+$code.=<<___;
+	$ROR	$a0,@X[($i+1)%16],$sigma0[0]
+	$ROR	$a1,@X[($i+1)%16],$sigma0[1]
+	$ROR	$t0,@X[($i+14)%16],$sigma1[0]
+	$ROR	$t1,@X[($i+14)%16],$sigma1[1]
+	xor	$a0,$a0,$a1
+	$SHR	$a1,@X[($i+1)%16],$sigma0[2]
+	xor	$t0,$t0,$t1
+	$SHR	$t1,@X[($i+14)%16],$sigma1[2]
+	add	@X[$i],@X[$i],@X[($i+9)%16]
+	xor	$a0,$a0,$a1		; sigma0(X[(i+1)&0x0f])
+	xor	$t0,$t0,$t1		; sigma1(X[(i+14)&0x0f])
+	$LD	$t1,`$i*$SZ`($Tbl)
+	add	@X[$i],@X[$i],$a0
+	add	@X[$i],@X[$i],$t0
+___
+&ROUND_00_15($i+16,$a,$b,$c,$d,$e,$f,$g,$h);
+}
+
+$code=<<___;
+.machine	"any"
+.text
+
+.globl	$func
+.align	6
+$func:
+	$STU	$sp,-$FRAME($sp)
+	mflr	r0
+	$SHL	$num,$num,`log(16*$SZ)/log(2)`
+
+	$PUSH	$ctx,`$FRAME-$SIZE_T*22`($sp)
+
+	$PUSH	r14,`$FRAME-$SIZE_T*18`($sp)
+	$PUSH	r15,`$FRAME-$SIZE_T*17`($sp)
+	$PUSH	r16,`$FRAME-$SIZE_T*16`($sp)
+	$PUSH	r17,`$FRAME-$SIZE_T*15`($sp)
+	$PUSH	r18,`$FRAME-$SIZE_T*14`($sp)
+	$PUSH	r19,`$FRAME-$SIZE_T*13`($sp)
+	$PUSH	r20,`$FRAME-$SIZE_T*12`($sp)
+	$PUSH	r21,`$FRAME-$SIZE_T*11`($sp)
+	$PUSH	r22,`$FRAME-$SIZE_T*10`($sp)
+	$PUSH	r23,`$FRAME-$SIZE_T*9`($sp)
+	$PUSH	r24,`$FRAME-$SIZE_T*8`($sp)
+	$PUSH	r25,`$FRAME-$SIZE_T*7`($sp)
+	$PUSH	r26,`$FRAME-$SIZE_T*6`($sp)
+	$PUSH	r27,`$FRAME-$SIZE_T*5`($sp)
+	$PUSH	r28,`$FRAME-$SIZE_T*4`($sp)
+	$PUSH	r29,`$FRAME-$SIZE_T*3`($sp)
+	$PUSH	r30,`$FRAME-$SIZE_T*2`($sp)
+	$PUSH	r31,`$FRAME-$SIZE_T*1`($sp)
+	$PUSH	r0,`$FRAME+$LRSAVE`($sp)
+___
+
+if ($SZ==4 || $SIZE_T==8) {
+$code.=<<___;
+	$LD	$A,`0*$SZ`($ctx)
+	mr	$inp,r4				; incarnate $inp
+	$LD	$B,`1*$SZ`($ctx)
+	$LD	$C,`2*$SZ`($ctx)
+	$LD	$D,`3*$SZ`($ctx)
+	$LD	$E,`4*$SZ`($ctx)
+	$LD	$F,`5*$SZ`($ctx)
+	$LD	$G,`6*$SZ`($ctx)
+	$LD	$H,`7*$SZ`($ctx)
+___
+} else {
+  for ($i=16;$i<32;$i++) {
+    $code.=<<___;
+	lwz	r$i,`$LITTLE_ENDIAN^(4*($i-16))`($ctx)
+___
+  }
+}
+
+$code.=<<___;
+	bl	LPICmeup
+LPICedup:
+	andi.	r0,$inp,3
+	bne	Lunaligned
+Laligned:
+	add	$num,$inp,$num
+	$PUSH	$num,`$FRAME-$SIZE_T*24`($sp)	; end pointer
+	$PUSH	$inp,`$FRAME-$SIZE_T*23`($sp)	; inp pointer
+	bl	Lsha2_block_private
+	b	Ldone
+
+; PowerPC specification allows an implementation to be ill-behaved
+; upon unaligned access which crosses page boundary. "Better safe
+; than sorry" principle makes me treat it specially. But I don't
+; look for particular offending word, but rather for the input
+; block which crosses the boundary. Once found that block is aligned
+; and hashed separately...
+.align	4
+Lunaligned:
+	subfic	$t1,$inp,4096
+	andi.	$t1,$t1,`4096-16*$SZ`	; distance to closest page boundary
+	beq	Lcross_page
+	$UCMP	$num,$t1
+	ble	Laligned		; didn't cross the page boundary
+	subfc	$num,$t1,$num
+	add	$t1,$inp,$t1
+	$PUSH	$num,`$FRAME-$SIZE_T*25`($sp)	; save real remaining num
+	$PUSH	$t1,`$FRAME-$SIZE_T*24`($sp)	; intermediate end pointer
+	$PUSH	$inp,`$FRAME-$SIZE_T*23`($sp)	; inp pointer
+	bl	Lsha2_block_private
+	; $inp equals to the intermediate end pointer here
+	$POP	$num,`$FRAME-$SIZE_T*25`($sp)	; restore real remaining num
+Lcross_page:
+	li	$t1,`16*$SZ/4`
+	mtctr	$t1
+___
+if ($SZ==4 || $SIZE_T==8) {
+$code.=<<___;
+	addi	r20,$sp,$LOCALS			; aligned spot below the frame
+Lmemcpy:
+	lbz	r16,0($inp)
+	lbz	r17,1($inp)
+	lbz	r18,2($inp)
+	lbz	r19,3($inp)
+	addi	$inp,$inp,4
+	stb	r16,0(r20)
+	stb	r17,1(r20)
+	stb	r18,2(r20)
+	stb	r19,3(r20)
+	addi	r20,r20,4
+	bdnz	Lmemcpy
+___
+} else {
+$code.=<<___;
+	addi	r12,$sp,$LOCALS			; aligned spot below the frame
+Lmemcpy:
+	lbz	r8,0($inp)
+	lbz	r9,1($inp)
+	lbz	r10,2($inp)
+	lbz	r11,3($inp)
+	addi	$inp,$inp,4
+	stb	r8,0(r12)
+	stb	r9,1(r12)
+	stb	r10,2(r12)
+	stb	r11,3(r12)
+	addi	r12,r12,4
+	bdnz	Lmemcpy
+___
+}
+
+$code.=<<___;
+	$PUSH	$inp,`$FRAME-$SIZE_T*26`($sp)	; save real inp
+	addi	$t1,$sp,`$LOCALS+16*$SZ`	; fictitious end pointer
+	addi	$inp,$sp,$LOCALS		; fictitious inp pointer
+	$PUSH	$num,`$FRAME-$SIZE_T*25`($sp)	; save real num
+	$PUSH	$t1,`$FRAME-$SIZE_T*24`($sp)	; end pointer
+	$PUSH	$inp,`$FRAME-$SIZE_T*23`($sp)	; inp pointer
+	bl	Lsha2_block_private
+	$POP	$inp,`$FRAME-$SIZE_T*26`($sp)	; restore real inp
+	$POP	$num,`$FRAME-$SIZE_T*25`($sp)	; restore real num
+	addic.	$num,$num,`-16*$SZ`		; num--
+	bne	Lunaligned
+
+Ldone:
+	$POP	r0,`$FRAME+$LRSAVE`($sp)
+	$POP	r14,`$FRAME-$SIZE_T*18`($sp)
+	$POP	r15,`$FRAME-$SIZE_T*17`($sp)
+	$POP	r16,`$FRAME-$SIZE_T*16`($sp)
+	$POP	r17,`$FRAME-$SIZE_T*15`($sp)
+	$POP	r18,`$FRAME-$SIZE_T*14`($sp)
+	$POP	r19,`$FRAME-$SIZE_T*13`($sp)
+	$POP	r20,`$FRAME-$SIZE_T*12`($sp)
+	$POP	r21,`$FRAME-$SIZE_T*11`($sp)
+	$POP	r22,`$FRAME-$SIZE_T*10`($sp)
+	$POP	r23,`$FRAME-$SIZE_T*9`($sp)
+	$POP	r24,`$FRAME-$SIZE_T*8`($sp)
+	$POP	r25,`$FRAME-$SIZE_T*7`($sp)
+	$POP	r26,`$FRAME-$SIZE_T*6`($sp)
+	$POP	r27,`$FRAME-$SIZE_T*5`($sp)
+	$POP	r28,`$FRAME-$SIZE_T*4`($sp)
+	$POP	r29,`$FRAME-$SIZE_T*3`($sp)
+	$POP	r30,`$FRAME-$SIZE_T*2`($sp)
+	$POP	r31,`$FRAME-$SIZE_T*1`($sp)
+	mtlr	r0
+	addi	$sp,$sp,$FRAME
+	blr
+	.long	0
+	.byte	0,12,4,1,0x80,18,3,0
+	.long	0
+___
+
+if ($SZ==4 || $SIZE_T==8) {
+$code.=<<___;
+.align	4
+Lsha2_block_private:
+	$LD	$t1,0($Tbl)
+___
+for($i=0;$i<16;$i++) {
+$code.=<<___ if ($SZ==4 && !$LITTLE_ENDIAN);
+	lwz	@X[$i],`$i*$SZ`($inp)
+___
+$code.=<<___ if ($SZ==4 && $LITTLE_ENDIAN);
+	lwz	$a0,`$i*$SZ`($inp)
+	rotlwi	@X[$i],$a0,8
+	rlwimi	@X[$i],$a0,24,0,7
+	rlwimi	@X[$i],$a0,24,16,23
+___
+# 64-bit loads are split to 2x32-bit ones, as CPU can't handle
+# unaligned 64-bit loads, only 32-bit ones...
+$code.=<<___ if ($SZ==8 && !$LITTLE_ENDIAN);
+	lwz	$t0,`$i*$SZ`($inp)
+	lwz	@X[$i],`$i*$SZ+4`($inp)
+	insrdi	@X[$i],$t0,32,0
+___
+$code.=<<___ if ($SZ==8 && $LITTLE_ENDIAN);
+	lwz	$a0,`$i*$SZ`($inp)
+	 lwz	$a1,`$i*$SZ+4`($inp)
+	rotlwi	$t0,$a0,8
+	 rotlwi	@X[$i],$a1,8
+	rlwimi	$t0,$a0,24,0,7
+	 rlwimi	@X[$i],$a1,24,0,7
+	rlwimi	$t0,$a0,24,16,23
+	 rlwimi	@X[$i],$a1,24,16,23
+	insrdi	@X[$i],$t0,32,0
+___
+	&ROUND_00_15($i,@V);
+	unshift(@V,pop(@V));
+}
+$code.=<<___;
+	li	$t0,`$rounds/16-1`
+	mtctr	$t0
+.align	4
+Lrounds:
+	addi	$Tbl,$Tbl,`16*$SZ`
+___
+for(;$i<32;$i++) {
+	&ROUND_16_xx($i,@V);
+	unshift(@V,pop(@V));
+}
+$code.=<<___;
+	bdnz	Lrounds
+
+	$POP	$ctx,`$FRAME-$SIZE_T*22`($sp)
+	$POP	$inp,`$FRAME-$SIZE_T*23`($sp)	; inp pointer
+	$POP	$num,`$FRAME-$SIZE_T*24`($sp)	; end pointer
+	subi	$Tbl,$Tbl,`($rounds-16)*$SZ`	; rewind Tbl
+
+	$LD	r16,`0*$SZ`($ctx)
+	$LD	r17,`1*$SZ`($ctx)
+	$LD	r18,`2*$SZ`($ctx)
+	$LD	r19,`3*$SZ`($ctx)
+	$LD	r20,`4*$SZ`($ctx)
+	$LD	r21,`5*$SZ`($ctx)
+	$LD	r22,`6*$SZ`($ctx)
+	addi	$inp,$inp,`16*$SZ`		; advance inp
+	$LD	r23,`7*$SZ`($ctx)
+	add	$A,$A,r16
+	add	$B,$B,r17
+	$PUSH	$inp,`$FRAME-$SIZE_T*23`($sp)
+	add	$C,$C,r18
+	$ST	$A,`0*$SZ`($ctx)
+	add	$D,$D,r19
+	$ST	$B,`1*$SZ`($ctx)
+	add	$E,$E,r20
+	$ST	$C,`2*$SZ`($ctx)
+	add	$F,$F,r21
+	$ST	$D,`3*$SZ`($ctx)
+	add	$G,$G,r22
+	$ST	$E,`4*$SZ`($ctx)
+	add	$H,$H,r23
+	$ST	$F,`5*$SZ`($ctx)
+	$ST	$G,`6*$SZ`($ctx)
+	$UCMP	$inp,$num
+	$ST	$H,`7*$SZ`($ctx)
+	bne	Lsha2_block_private
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+.size	$func,.-$func
+___
+} else {
+########################################################################
+# SHA512 for PPC32, X vector is off-loaded to stack...
+#
+#			|	sha512
+#			|	-m32
+# ----------------------+-----------------------
+# PPC74x0,gcc-4.0.1	|	+48%
+# POWER6,gcc-4.4.6	|	+124%(*)
+# POWER7,gcc-4.4.6	|	+79%(*)
+# e300,gcc-4.1.0	|	+167%
+#
+# (*)	~1/3 of -m64 result [and ~20% better than -m32 code generated
+#	by xlc-12.1]
+
+my $XOFF=$LOCALS;
+
+my @V=map("r$_",(16..31));	# A..H
+
+my ($s0,$s1,$t0,$t1,$t2,$t3,$a0,$a1,$a2,$a3)=map("r$_",(0,5,6,8..12,14,15));
+my ($x0,$x1)=("r3","r4");	# zaps $ctx and $inp
+
+sub ROUND_00_15_ppc32 {
+my ($i,	$ahi,$alo,$bhi,$blo,$chi,$clo,$dhi,$dlo,
+	$ehi,$elo,$fhi,$flo,$ghi,$glo,$hhi,$hlo)=@_;
+
+$code.=<<___;
+	lwz	$t2,`$SZ*($i%16)+($LITTLE_ENDIAN^4)`($Tbl)
+	 xor	$a0,$flo,$glo
+	lwz	$t3,`$SZ*($i%16)+($LITTLE_ENDIAN^0)`($Tbl)
+	 xor	$a1,$fhi,$ghi
+	addc	$hlo,$hlo,$t0			; h+=x[i]
+	stw	$t0,`$XOFF+0+$SZ*($i%16)`($sp)	; save x[i]
+
+	srwi	$s0,$elo,$Sigma1[0]
+	srwi	$s1,$ehi,$Sigma1[0]
+	 and	$a0,$a0,$elo
+	adde	$hhi,$hhi,$t1
+	 and	$a1,$a1,$ehi
+	stw	$t1,`$XOFF+4+$SZ*($i%16)`($sp)
+	srwi	$t0,$elo,$Sigma1[1]
+	srwi	$t1,$ehi,$Sigma1[1]
+	 addc	$hlo,$hlo,$t2			; h+=K512[i]
+	insrwi	$s0,$ehi,$Sigma1[0],0
+	insrwi	$s1,$elo,$Sigma1[0],0
+	 xor	$a0,$a0,$glo			; Ch(e,f,g)
+	 adde	$hhi,$hhi,$t3
+	 xor	$a1,$a1,$ghi
+	insrwi	$t0,$ehi,$Sigma1[1],0
+	insrwi	$t1,$elo,$Sigma1[1],0
+	 addc	$hlo,$hlo,$a0			; h+=Ch(e,f,g)
+	srwi	$t2,$ehi,$Sigma1[2]-32
+	srwi	$t3,$elo,$Sigma1[2]-32
+	xor	$s0,$s0,$t0
+	xor	$s1,$s1,$t1
+	insrwi	$t2,$elo,$Sigma1[2]-32,0
+	insrwi	$t3,$ehi,$Sigma1[2]-32,0
+	 xor	$a0,$alo,$blo			; a^b, b^c in next round
+	 adde	$hhi,$hhi,$a1
+	 xor	$a1,$ahi,$bhi
+	xor	$s0,$s0,$t2			; Sigma1(e)
+	xor	$s1,$s1,$t3
+
+	srwi	$t0,$alo,$Sigma0[0]
+	 and	$a2,$a2,$a0
+	 addc	$hlo,$hlo,$s0			; h+=Sigma1(e)
+	 and	$a3,$a3,$a1
+	srwi	$t1,$ahi,$Sigma0[0]
+	srwi	$s0,$ahi,$Sigma0[1]-32
+	 adde	$hhi,$hhi,$s1
+	srwi	$s1,$alo,$Sigma0[1]-32
+	insrwi	$t0,$ahi,$Sigma0[0],0
+	insrwi	$t1,$alo,$Sigma0[0],0
+	 xor	$a2,$a2,$blo			; Maj(a,b,c)
+	 addc	$dlo,$dlo,$hlo			; d+=h
+	 xor	$a3,$a3,$bhi
+	insrwi	$s0,$alo,$Sigma0[1]-32,0
+	insrwi	$s1,$ahi,$Sigma0[1]-32,0
+	 adde	$dhi,$dhi,$hhi
+	srwi	$t2,$ahi,$Sigma0[2]-32
+	srwi	$t3,$alo,$Sigma0[2]-32
+	xor	$s0,$s0,$t0
+	 addc	$hlo,$hlo,$a2			; h+=Maj(a,b,c)
+	xor	$s1,$s1,$t1
+	insrwi	$t2,$alo,$Sigma0[2]-32,0
+	insrwi	$t3,$ahi,$Sigma0[2]-32,0
+	 adde	$hhi,$hhi,$a3
+___
+$code.=<<___ if ($i>=15);
+	lwz	$t0,`$XOFF+0+$SZ*(($i+2)%16)`($sp)
+	lwz	$t1,`$XOFF+4+$SZ*(($i+2)%16)`($sp)
+___
+$code.=<<___ if ($i<15 && !$LITTLE_ENDIAN);
+	lwz	$t1,`$SZ*($i+1)+0`($inp)
+	lwz	$t0,`$SZ*($i+1)+4`($inp)
+___
+$code.=<<___ if ($i<15 && $LITTLE_ENDIAN);
+	lwz	$a2,`$SZ*($i+1)+0`($inp)
+	 lwz	$a3,`$SZ*($i+1)+4`($inp)
+	rotlwi	$t1,$a2,8
+	 rotlwi	$t0,$a3,8
+	rlwimi	$t1,$a2,24,0,7
+	 rlwimi	$t0,$a3,24,0,7
+	rlwimi	$t1,$a2,24,16,23
+	 rlwimi	$t0,$a3,24,16,23
+___
+$code.=<<___;
+	xor	$s0,$s0,$t2			; Sigma0(a)
+	xor	$s1,$s1,$t3
+	addc	$hlo,$hlo,$s0			; h+=Sigma0(a)
+	adde	$hhi,$hhi,$s1
+___
+$code.=<<___ if ($i==15);
+	lwz	$x0,`$XOFF+0+$SZ*(($i+1)%16)`($sp)
+	lwz	$x1,`$XOFF+4+$SZ*(($i+1)%16)`($sp)
+___
+}
+sub ROUND_16_xx_ppc32 {
+my ($i,	$ahi,$alo,$bhi,$blo,$chi,$clo,$dhi,$dlo,
+	$ehi,$elo,$fhi,$flo,$ghi,$glo,$hhi,$hlo)=@_;
+
+$code.=<<___;
+	srwi	$s0,$t0,$sigma0[0]
+	srwi	$s1,$t1,$sigma0[0]
+	srwi	$t2,$t0,$sigma0[1]
+	srwi	$t3,$t1,$sigma0[1]
+	insrwi	$s0,$t1,$sigma0[0],0
+	insrwi	$s1,$t0,$sigma0[0],0
+	srwi	$a0,$t0,$sigma0[2]
+	insrwi	$t2,$t1,$sigma0[1],0
+	insrwi	$t3,$t0,$sigma0[1],0
+	insrwi	$a0,$t1,$sigma0[2],0
+	xor	$s0,$s0,$t2
+	 lwz	$t2,`$XOFF+0+$SZ*(($i+14)%16)`($sp)
+	srwi	$a1,$t1,$sigma0[2]
+	xor	$s1,$s1,$t3
+	 lwz	$t3,`$XOFF+4+$SZ*(($i+14)%16)`($sp)
+	xor	$a0,$a0,$s0
+	 srwi	$s0,$t2,$sigma1[0]
+	xor	$a1,$a1,$s1
+	 srwi	$s1,$t3,$sigma1[0]
+	addc	$x0,$x0,$a0			; x[i]+=sigma0(x[i+1])
+	 srwi	$a0,$t3,$sigma1[1]-32
+	insrwi	$s0,$t3,$sigma1[0],0
+	insrwi	$s1,$t2,$sigma1[0],0
+	adde	$x1,$x1,$a1
+	 srwi	$a1,$t2,$sigma1[1]-32
+
+	insrwi	$a0,$t2,$sigma1[1]-32,0
+	srwi	$t2,$t2,$sigma1[2]
+	insrwi	$a1,$t3,$sigma1[1]-32,0
+	insrwi	$t2,$t3,$sigma1[2],0
+	xor	$s0,$s0,$a0
+	 lwz	$a0,`$XOFF+0+$SZ*(($i+9)%16)`($sp)
+	srwi	$t3,$t3,$sigma1[2]
+	xor	$s1,$s1,$a1
+	 lwz	$a1,`$XOFF+4+$SZ*(($i+9)%16)`($sp)
+	xor	$s0,$s0,$t2
+	 addc	$x0,$x0,$a0			; x[i]+=x[i+9]
+	xor	$s1,$s1,$t3
+	 adde	$x1,$x1,$a1
+	addc	$x0,$x0,$s0			; x[i]+=sigma1(x[i+14])
+	adde	$x1,$x1,$s1
+___
+	($t0,$t1,$x0,$x1) = ($x0,$x1,$t0,$t1);
+	&ROUND_00_15_ppc32(@_);
+}
+
+$code.=<<___;
+.align	4
+Lsha2_block_private:
+___
+$code.=<<___ if (!$LITTLE_ENDIAN);
+	lwz	$t1,0($inp)
+	xor	$a2,@V[3],@V[5]		; B^C, magic seed
+	lwz	$t0,4($inp)
+	xor	$a3,@V[2],@V[4]
+___
+$code.=<<___ if ($LITTLE_ENDIAN);
+	lwz	$a1,0($inp)
+	xor	$a2,@V[3],@V[5]		; B^C, magic seed
+	lwz	$a0,4($inp)
+	xor	$a3,@V[2],@V[4]
+	rotlwi	$t1,$a1,8
+	 rotlwi	$t0,$a0,8
+	rlwimi	$t1,$a1,24,0,7
+	 rlwimi	$t0,$a0,24,0,7
+	rlwimi	$t1,$a1,24,16,23
+	 rlwimi	$t0,$a0,24,16,23
+___
+for($i=0;$i<16;$i++) {
+	&ROUND_00_15_ppc32($i,@V);
+	unshift(@V,pop(@V));	unshift(@V,pop(@V));
+	($a0,$a1,$a2,$a3) = ($a2,$a3,$a0,$a1);
+}
+$code.=<<___;
+	li	$a0,`$rounds/16-1`
+	mtctr	$a0
+.align	4
+Lrounds:
+	addi	$Tbl,$Tbl,`16*$SZ`
+___
+for(;$i<32;$i++) {
+	&ROUND_16_xx_ppc32($i,@V);
+	unshift(@V,pop(@V));	unshift(@V,pop(@V));
+	($a0,$a1,$a2,$a3) = ($a2,$a3,$a0,$a1);
+}
+$code.=<<___;
+	bdnz	Lrounds
+
+	$POP	$ctx,`$FRAME-$SIZE_T*22`($sp)
+	$POP	$inp,`$FRAME-$SIZE_T*23`($sp)	; inp pointer
+	$POP	$num,`$FRAME-$SIZE_T*24`($sp)	; end pointer
+	subi	$Tbl,$Tbl,`($rounds-16)*$SZ`	; rewind Tbl
+
+	lwz	$t0,`$LITTLE_ENDIAN^0`($ctx)
+	lwz	$t1,`$LITTLE_ENDIAN^4`($ctx)
+	lwz	$t2,`$LITTLE_ENDIAN^8`($ctx)
+	lwz	$t3,`$LITTLE_ENDIAN^12`($ctx)
+	lwz	$a0,`$LITTLE_ENDIAN^16`($ctx)
+	lwz	$a1,`$LITTLE_ENDIAN^20`($ctx)
+	lwz	$a2,`$LITTLE_ENDIAN^24`($ctx)
+	addc	@V[1],@V[1],$t1
+	lwz	$a3,`$LITTLE_ENDIAN^28`($ctx)
+	adde	@V[0],@V[0],$t0
+	lwz	$t0,`$LITTLE_ENDIAN^32`($ctx)
+	addc	@V[3],@V[3],$t3
+	lwz	$t1,`$LITTLE_ENDIAN^36`($ctx)
+	adde	@V[2],@V[2],$t2
+	lwz	$t2,`$LITTLE_ENDIAN^40`($ctx)
+	addc	@V[5],@V[5],$a1
+	lwz	$t3,`$LITTLE_ENDIAN^44`($ctx)
+	adde	@V[4],@V[4],$a0
+	lwz	$a0,`$LITTLE_ENDIAN^48`($ctx)
+	addc	@V[7],@V[7],$a3
+	lwz	$a1,`$LITTLE_ENDIAN^52`($ctx)
+	adde	@V[6],@V[6],$a2
+	lwz	$a2,`$LITTLE_ENDIAN^56`($ctx)
+	addc	@V[9],@V[9],$t1
+	lwz	$a3,`$LITTLE_ENDIAN^60`($ctx)
+	adde	@V[8],@V[8],$t0
+	stw	@V[0],`$LITTLE_ENDIAN^0`($ctx)
+	stw	@V[1],`$LITTLE_ENDIAN^4`($ctx)
+	addc	@V[11],@V[11],$t3
+	stw	@V[2],`$LITTLE_ENDIAN^8`($ctx)
+	stw	@V[3],`$LITTLE_ENDIAN^12`($ctx)
+	adde	@V[10],@V[10],$t2
+	stw	@V[4],`$LITTLE_ENDIAN^16`($ctx)
+	stw	@V[5],`$LITTLE_ENDIAN^20`($ctx)
+	addc	@V[13],@V[13],$a1
+	stw	@V[6],`$LITTLE_ENDIAN^24`($ctx)
+	stw	@V[7],`$LITTLE_ENDIAN^28`($ctx)
+	adde	@V[12],@V[12],$a0
+	stw	@V[8],`$LITTLE_ENDIAN^32`($ctx)
+	stw	@V[9],`$LITTLE_ENDIAN^36`($ctx)
+	addc	@V[15],@V[15],$a3
+	stw	@V[10],`$LITTLE_ENDIAN^40`($ctx)
+	stw	@V[11],`$LITTLE_ENDIAN^44`($ctx)
+	adde	@V[14],@V[14],$a2
+	stw	@V[12],`$LITTLE_ENDIAN^48`($ctx)
+	stw	@V[13],`$LITTLE_ENDIAN^52`($ctx)
+	stw	@V[14],`$LITTLE_ENDIAN^56`($ctx)
+	stw	@V[15],`$LITTLE_ENDIAN^60`($ctx)
+
+	addi	$inp,$inp,`16*$SZ`		; advance inp
+	$PUSH	$inp,`$FRAME-$SIZE_T*23`($sp)
+	$UCMP	$inp,$num
+	bne	Lsha2_block_private
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+.size	$func,.-$func
+___
+}
+
+# Ugly hack here, because PPC assembler syntax seem to vary too
+# much from platforms to platform...
+$code.=<<___;
+.align	6
+LPICmeup:
+	mflr	r0
+	bcl	20,31,\$+4
+	mflr	$Tbl	; vvvvvv "distance" between . and 1st data entry
+	addi	$Tbl,$Tbl,`64-8`
+	mtlr	r0
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+	.space	`64-9*4`
+___
+$code.=<<___ if ($SZ==8);
+	.quad	0x428a2f98d728ae22,0x7137449123ef65cd
+	.quad	0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc
+	.quad	0x3956c25bf348b538,0x59f111f1b605d019
+	.quad	0x923f82a4af194f9b,0xab1c5ed5da6d8118
+	.quad	0xd807aa98a3030242,0x12835b0145706fbe
+	.quad	0x243185be4ee4b28c,0x550c7dc3d5ffb4e2
+	.quad	0x72be5d74f27b896f,0x80deb1fe3b1696b1
+	.quad	0x9bdc06a725c71235,0xc19bf174cf692694
+	.quad	0xe49b69c19ef14ad2,0xefbe4786384f25e3
+	.quad	0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65
+	.quad	0x2de92c6f592b0275,0x4a7484aa6ea6e483
+	.quad	0x5cb0a9dcbd41fbd4,0x76f988da831153b5
+	.quad	0x983e5152ee66dfab,0xa831c66d2db43210
+	.quad	0xb00327c898fb213f,0xbf597fc7beef0ee4
+	.quad	0xc6e00bf33da88fc2,0xd5a79147930aa725
+	.quad	0x06ca6351e003826f,0x142929670a0e6e70
+	.quad	0x27b70a8546d22ffc,0x2e1b21385c26c926
+	.quad	0x4d2c6dfc5ac42aed,0x53380d139d95b3df
+	.quad	0x650a73548baf63de,0x766a0abb3c77b2a8
+	.quad	0x81c2c92e47edaee6,0x92722c851482353b
+	.quad	0xa2bfe8a14cf10364,0xa81a664bbc423001
+	.quad	0xc24b8b70d0f89791,0xc76c51a30654be30
+	.quad	0xd192e819d6ef5218,0xd69906245565a910
+	.quad	0xf40e35855771202a,0x106aa07032bbd1b8
+	.quad	0x19a4c116b8d2d0c8,0x1e376c085141ab53
+	.quad	0x2748774cdf8eeb99,0x34b0bcb5e19b48a8
+	.quad	0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb
+	.quad	0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3
+	.quad	0x748f82ee5defb2fc,0x78a5636f43172f60
+	.quad	0x84c87814a1f0ab72,0x8cc702081a6439ec
+	.quad	0x90befffa23631e28,0xa4506cebde82bde9
+	.quad	0xbef9a3f7b2c67915,0xc67178f2e372532b
+	.quad	0xca273eceea26619c,0xd186b8c721c0c207
+	.quad	0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178
+	.quad	0x06f067aa72176fba,0x0a637dc5a2c898a6
+	.quad	0x113f9804bef90dae,0x1b710b35131c471b
+	.quad	0x28db77f523047d84,0x32caab7b40c72493
+	.quad	0x3c9ebe0a15c9bebc,0x431d67c49c100d4c
+	.quad	0x4cc5d4becb3e42b6,0x597f299cfc657e2a
+	.quad	0x5fcb6fab3ad6faec,0x6c44198c4a475817
+___
+$code.=<<___ if ($SZ==4);
+	.long	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
+	.long	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
+	.long	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
+	.long	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
+	.long	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
+	.long	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
+	.long	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
+	.long	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
+	.long	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
+	.long	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
+	.long	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
+	.long	0xd192e819,0xd6990624,0xf40e3585,0x106aa070
+	.long	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
+	.long	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
+	.long	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
+	.long	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
+___
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-s390x.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-s390x.pl
new file mode 100644
index 000000000..4c0f4e793
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-s390x.pl
@@ -0,0 +1,324 @@
+#! /usr/bin/env perl
+# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# SHA256/512 block procedures for s390x.
+
+# April 2007.
+#
+# sha256_block_data_order is reportedly >3 times faster than gcc 3.3
+# generated code (must be a bug in compiler, as improvement is
+# "pathologically" high, in particular in comparison to other SHA
+# modules). But the real twist is that it detects if hardware support
+# for SHA256 is available and in such case utilizes it. Then the
+# performance can reach >6.5x of assembler one for larger chunks.
+#
+# sha512_block_data_order is ~70% faster than gcc 3.3 generated code.
+
+# January 2009.
+#
+# Add support for hardware SHA512 and reschedule instructions to
+# favour dual-issue z10 pipeline. Hardware SHA256/512 is ~4.7x faster
+# than software.
+
+# November 2010.
+#
+# Adapt for -m31 build. If kernel supports what's called "highgprs"
+# feature on Linux [see /proc/cpuinfo], it's possible to use 64-bit
+# instructions and achieve "64-bit" performance even in 31-bit legacy
+# application context. The feature is not specific to any particular
+# processor, as long as it's "z-CPU". Latter implies that the code
+# remains z/Architecture specific. On z990 SHA256 was measured to
+# perform 2.4x and SHA512 - 13x better than code generated by gcc 4.3.
+
+$flavour = shift;
+
+if ($flavour =~ /3[12]/) {
+	$SIZE_T=4;
+	$g="";
+} else {
+	$SIZE_T=8;
+	$g="g";
+}
+
+$t0="%r0";
+$t1="%r1";
+$ctx="%r2";	$t2="%r2";
+$inp="%r3";
+$len="%r4";	# used as index in inner loop
+
+$A="%r5";
+$B="%r6";
+$C="%r7";
+$D="%r8";
+$E="%r9";
+$F="%r10";
+$G="%r11";
+$H="%r12";	@V=($A,$B,$C,$D,$E,$F,$G,$H);
+$tbl="%r13";
+$T1="%r14";
+$sp="%r15";
+
+while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+open STDOUT,">$output";
+
+if ($output =~ /512/) {
+	$label="512";
+	$SZ=8;
+	$LD="lg";	# load from memory
+	$ST="stg";	# store to memory
+	$ADD="alg";	# add with memory operand
+	$ROT="rllg";	# rotate left
+	$SHR="srlg";	# logical right shift [see even at the end]
+	@Sigma0=(25,30,36);
+	@Sigma1=(23,46,50);
+	@sigma0=(56,63, 7);
+	@sigma1=( 3,45, 6);
+	$rounds=80;
+	$kimdfunc=3;	# 0 means unknown/unsupported/unimplemented/disabled
+} else {
+	$label="256";
+	$SZ=4;
+	$LD="llgf";	# load from memory
+	$ST="st";	# store to memory
+	$ADD="al";	# add with memory operand
+	$ROT="rll";	# rotate left
+	$SHR="srl";	# logical right shift
+	@Sigma0=(10,19,30);
+	@Sigma1=( 7,21,26);
+	@sigma0=(14,25, 3);
+	@sigma1=(13,15,10);
+	$rounds=64;
+	$kimdfunc=2;	# magic function code for kimd instruction
+}
+$Func="sha${label}_block_data_order";
+$Table="K${label}";
+$stdframe=16*$SIZE_T+4*8;
+$frame=$stdframe+16*$SZ;
+
+sub BODY_00_15 {
+my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_;
+
+$code.=<<___ if ($i<16);
+	$LD	$T1,`$i*$SZ`($inp)	### $i
+___
+$code.=<<___;
+	$ROT	$t0,$e,$Sigma1[0]
+	$ROT	$t1,$e,$Sigma1[1]
+	 lgr	$t2,$f
+	xgr	$t0,$t1
+	$ROT	$t1,$t1,`$Sigma1[2]-$Sigma1[1]`
+	 xgr	$t2,$g
+	$ST	$T1,`$stdframe+$SZ*($i%16)`($sp)
+	xgr	$t0,$t1			# Sigma1(e)
+	algr	$T1,$h			# T1+=h
+	 ngr	$t2,$e
+	 lgr	$t1,$a
+	algr	$T1,$t0			# T1+=Sigma1(e)
+	$ROT	$h,$a,$Sigma0[0]
+	 xgr	$t2,$g			# Ch(e,f,g)
+	$ADD	$T1,`$i*$SZ`($len,$tbl)	# T1+=K[i]
+	$ROT	$t0,$a,$Sigma0[1]
+	algr	$T1,$t2			# T1+=Ch(e,f,g)
+	 ogr	$t1,$b
+	xgr	$h,$t0
+	 lgr	$t2,$a
+	 ngr	$t1,$c
+	$ROT	$t0,$t0,`$Sigma0[2]-$Sigma0[1]`
+	xgr	$h,$t0			# h=Sigma0(a)
+	 ngr	$t2,$b
+	algr	$h,$T1			# h+=T1
+	 ogr	$t2,$t1			# Maj(a,b,c)
+	algr	$d,$T1			# d+=T1
+	algr	$h,$t2			# h+=Maj(a,b,c)
+___
+}
+
+sub BODY_16_XX {
+my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_;
+
+$code.=<<___;
+	$LD	$T1,`$stdframe+$SZ*(($i+1)%16)`($sp)	### $i
+	$LD	$t1,`$stdframe+$SZ*(($i+14)%16)`($sp)
+	$ROT	$t0,$T1,$sigma0[0]
+	$SHR	$T1,$sigma0[2]
+	$ROT	$t2,$t0,`$sigma0[1]-$sigma0[0]`
+	xgr	$T1,$t0
+	$ROT	$t0,$t1,$sigma1[0]
+	xgr	$T1,$t2					# sigma0(X[i+1])
+	$SHR	$t1,$sigma1[2]
+	$ADD	$T1,`$stdframe+$SZ*($i%16)`($sp)	# +=X[i]
+	xgr	$t1,$t0
+	$ROT	$t0,$t0,`$sigma1[1]-$sigma1[0]`
+	$ADD	$T1,`$stdframe+$SZ*(($i+9)%16)`($sp)	# +=X[i+9]
+	xgr	$t1,$t0				# sigma1(X[i+14])
+	algr	$T1,$t1				# +=sigma1(X[i+14])
+___
+	&BODY_00_15(@_);
+}
+
+$code.=<<___;
+#include "s390x_arch.h"
+
+.text
+.align	64
+.type	$Table,\@object
+$Table:
+___
+$code.=<<___ if ($SZ==4);
+	.long	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
+	.long	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
+	.long	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
+	.long	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
+	.long	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
+	.long	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
+	.long	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
+	.long	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
+	.long	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
+	.long	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
+	.long	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
+	.long	0xd192e819,0xd6990624,0xf40e3585,0x106aa070
+	.long	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
+	.long	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
+	.long	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
+	.long	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
+___
+$code.=<<___ if ($SZ==8);
+	.quad	0x428a2f98d728ae22,0x7137449123ef65cd
+	.quad	0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc
+	.quad	0x3956c25bf348b538,0x59f111f1b605d019
+	.quad	0x923f82a4af194f9b,0xab1c5ed5da6d8118
+	.quad	0xd807aa98a3030242,0x12835b0145706fbe
+	.quad	0x243185be4ee4b28c,0x550c7dc3d5ffb4e2
+	.quad	0x72be5d74f27b896f,0x80deb1fe3b1696b1
+	.quad	0x9bdc06a725c71235,0xc19bf174cf692694
+	.quad	0xe49b69c19ef14ad2,0xefbe4786384f25e3
+	.quad	0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65
+	.quad	0x2de92c6f592b0275,0x4a7484aa6ea6e483
+	.quad	0x5cb0a9dcbd41fbd4,0x76f988da831153b5
+	.quad	0x983e5152ee66dfab,0xa831c66d2db43210
+	.quad	0xb00327c898fb213f,0xbf597fc7beef0ee4
+	.quad	0xc6e00bf33da88fc2,0xd5a79147930aa725
+	.quad	0x06ca6351e003826f,0x142929670a0e6e70
+	.quad	0x27b70a8546d22ffc,0x2e1b21385c26c926
+	.quad	0x4d2c6dfc5ac42aed,0x53380d139d95b3df
+	.quad	0x650a73548baf63de,0x766a0abb3c77b2a8
+	.quad	0x81c2c92e47edaee6,0x92722c851482353b
+	.quad	0xa2bfe8a14cf10364,0xa81a664bbc423001
+	.quad	0xc24b8b70d0f89791,0xc76c51a30654be30
+	.quad	0xd192e819d6ef5218,0xd69906245565a910
+	.quad	0xf40e35855771202a,0x106aa07032bbd1b8
+	.quad	0x19a4c116b8d2d0c8,0x1e376c085141ab53
+	.quad	0x2748774cdf8eeb99,0x34b0bcb5e19b48a8
+	.quad	0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb
+	.quad	0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3
+	.quad	0x748f82ee5defb2fc,0x78a5636f43172f60
+	.quad	0x84c87814a1f0ab72,0x8cc702081a6439ec
+	.quad	0x90befffa23631e28,0xa4506cebde82bde9
+	.quad	0xbef9a3f7b2c67915,0xc67178f2e372532b
+	.quad	0xca273eceea26619c,0xd186b8c721c0c207
+	.quad	0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178
+	.quad	0x06f067aa72176fba,0x0a637dc5a2c898a6
+	.quad	0x113f9804bef90dae,0x1b710b35131c471b
+	.quad	0x28db77f523047d84,0x32caab7b40c72493
+	.quad	0x3c9ebe0a15c9bebc,0x431d67c49c100d4c
+	.quad	0x4cc5d4becb3e42b6,0x597f299cfc657e2a
+	.quad	0x5fcb6fab3ad6faec,0x6c44198c4a475817
+___
+$code.=<<___;
+.size	$Table,.-$Table
+.globl	$Func
+.type	$Func,\@function
+$Func:
+	sllg	$len,$len,`log(16*$SZ)/log(2)`
+___
+$code.=<<___ if ($kimdfunc);
+	larl	%r1,OPENSSL_s390xcap_P
+	lg	%r0,S390X_KIMD(%r1)	# check kimd capabilities
+	tmhh	%r0,`0x8000>>$kimdfunc`
+	jz	.Lsoftware
+	lghi	%r0,$kimdfunc
+	lgr	%r1,$ctx
+	lgr	%r2,$inp
+	lgr	%r3,$len
+	.long	0xb93e0002	# kimd %r0,%r2
+	brc	1,.-4		# pay attention to "partial completion"
+	br	%r14
+.align	16
+.Lsoftware:
+___
+$code.=<<___;
+	lghi	%r1,-$frame
+	la	$len,0($len,$inp)
+	stm${g}	$ctx,%r15,`2*$SIZE_T`($sp)
+	lgr	%r0,$sp
+	la	$sp,0(%r1,$sp)
+	st${g}	%r0,0($sp)
+
+	larl	$tbl,$Table
+	$LD	$A,`0*$SZ`($ctx)
+	$LD	$B,`1*$SZ`($ctx)
+	$LD	$C,`2*$SZ`($ctx)
+	$LD	$D,`3*$SZ`($ctx)
+	$LD	$E,`4*$SZ`($ctx)
+	$LD	$F,`5*$SZ`($ctx)
+	$LD	$G,`6*$SZ`($ctx)
+	$LD	$H,`7*$SZ`($ctx)
+
+.Lloop:
+	lghi	$len,0
+___
+for ($i=0;$i<16;$i++)	{ &BODY_00_15($i,@V); unshift(@V,pop(@V)); }
+$code.=".Lrounds_16_xx:\n";
+for (;$i<32;$i++)	{ &BODY_16_XX($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	aghi	$len,`16*$SZ`
+	lghi	$t0,`($rounds-16)*$SZ`
+	clgr	$len,$t0
+	jne	.Lrounds_16_xx
+
+	l${g}	$ctx,`$frame+2*$SIZE_T`($sp)
+	la	$inp,`16*$SZ`($inp)
+	$ADD	$A,`0*$SZ`($ctx)
+	$ADD	$B,`1*$SZ`($ctx)
+	$ADD	$C,`2*$SZ`($ctx)
+	$ADD	$D,`3*$SZ`($ctx)
+	$ADD	$E,`4*$SZ`($ctx)
+	$ADD	$F,`5*$SZ`($ctx)
+	$ADD	$G,`6*$SZ`($ctx)
+	$ADD	$H,`7*$SZ`($ctx)
+	$ST	$A,`0*$SZ`($ctx)
+	$ST	$B,`1*$SZ`($ctx)
+	$ST	$C,`2*$SZ`($ctx)
+	$ST	$D,`3*$SZ`($ctx)
+	$ST	$E,`4*$SZ`($ctx)
+	$ST	$F,`5*$SZ`($ctx)
+	$ST	$G,`6*$SZ`($ctx)
+	$ST	$H,`7*$SZ`($ctx)
+	cl${g}	$inp,`$frame+4*$SIZE_T`($sp)
+	jne	.Lloop
+
+	lm${g}	%r6,%r15,`$frame+6*$SIZE_T`($sp)
+	br	%r14
+.size	$Func,.-$Func
+.string	"SHA${label} block transform for s390x, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+# unlike 32-bit shift 64-bit one takes three arguments
+$code =~ s/(srlg\s+)(%r[0-9]+),/$1$2,$2,/gm;
+
+print $code;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-sparcv9.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-sparcv9.pl
new file mode 100644
index 000000000..4432bda65
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-sparcv9.pl
@@ -0,0 +1,857 @@
+#! /usr/bin/env perl
+# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+#
+# Hardware SPARC T4 support by David S. Miller
+# ====================================================================
+
+# SHA256 performance improvement over compiler generated code varies
+# from 40% for Sun C [32-bit build] to 70% for gcc [3.3, 64-bit
+# build]. Just like in SHA1 module I aim to ensure scalability on
+# UltraSPARC T1 by packing X[16] to 8 64-bit registers.
+
+# SHA512 on pre-T1 UltraSPARC.
+#
+# Performance is >75% better than 64-bit code generated by Sun C and
+# over 2x than 32-bit code. X[16] resides on stack, but access to it
+# is scheduled for L2 latency and staged through 32 least significant
+# bits of %l0-%l7. The latter is done to achieve 32-/64-bit ABI
+# duality. Nevetheless it's ~40% faster than SHA256, which is pretty
+# good [optimal coefficient is 50%].
+#
+# SHA512 on UltraSPARC T1.
+#
+# It's not any faster than 64-bit code generated by Sun C 5.8. This is
+# because 64-bit code generator has the advantage of using 64-bit
+# loads(*) to access X[16], which I consciously traded for 32-/64-bit
+# ABI duality [as per above]. But it surpasses 32-bit Sun C generated
+# code by 60%, not to mention that it doesn't suffer from severe decay
+# when running 4 times physical cores threads and that it leaves gcc
+# [3.4] behind by over 4x factor! If compared to SHA256, single thread
+# performance is only 10% better, but overall throughput for maximum
+# amount of threads for given CPU exceeds corresponding one of SHA256
+# by 30% [again, optimal coefficient is 50%].
+#
+# (*)	Unlike pre-T1 UltraSPARC loads on T1 are executed strictly
+#	in-order, i.e. load instruction has to complete prior next
+#	instruction in given thread is executed, even if the latter is
+#	not dependent on load result! This means that on T1 two 32-bit
+#	loads are always slower than one 64-bit load. Once again this
+#	is unlike pre-T1 UltraSPARC, where, if scheduled appropriately,
+#	2x32-bit loads can be as fast as 1x64-bit ones.
+#
+# SPARC T4 SHA256/512 hardware achieves 3.17/2.01 cycles per byte,
+# which is 9.3x/11.1x faster than software. Multi-process benchmark
+# saturates at 11.5x single-process result on 8-core processor, or
+# ~11/16GBps per 2.85GHz socket.
+
+$output=pop;
+open STDOUT,">$output";
+
+if ($output =~ /512/) {
+	$label="512";
+	$SZ=8;
+	$LD="ldx";		# load from memory
+	$ST="stx";		# store to memory
+	$SLL="sllx";		# shift left logical
+	$SRL="srlx";		# shift right logical
+	@Sigma0=(28,34,39);
+	@Sigma1=(14,18,41);
+	@sigma0=( 7, 1, 8);	# right shift first
+	@sigma1=( 6,19,61);	# right shift first
+	$lastK=0x817;
+	$rounds=80;
+	$align=4;
+
+	$locals=16*$SZ;		# X[16]
+
+	$A="%o0";
+	$B="%o1";
+	$C="%o2";
+	$D="%o3";
+	$E="%o4";
+	$F="%o5";
+	$G="%g1";
+	$H="%o7";
+	@V=($A,$B,$C,$D,$E,$F,$G,$H);
+} else {
+	$label="256";
+	$SZ=4;
+	$LD="ld";		# load from memory
+	$ST="st";		# store to memory
+	$SLL="sll";		# shift left logical
+	$SRL="srl";		# shift right logical
+	@Sigma0=( 2,13,22);
+	@Sigma1=( 6,11,25);
+	@sigma0=( 3, 7,18);	# right shift first
+	@sigma1=(10,17,19);	# right shift first
+	$lastK=0x8f2;
+	$rounds=64;
+	$align=8;
+
+	$locals=0;		# X[16] is register resident
+	@X=("%o0","%o1","%o2","%o3","%o4","%o5","%g1","%o7");
+
+	$A="%l0";
+	$B="%l1";
+	$C="%l2";
+	$D="%l3";
+	$E="%l4";
+	$F="%l5";
+	$G="%l6";
+	$H="%l7";
+	@V=($A,$B,$C,$D,$E,$F,$G,$H);
+}
+$T1="%g2";
+$tmp0="%g3";
+$tmp1="%g4";
+$tmp2="%g5";
+
+$ctx="%i0";
+$inp="%i1";
+$len="%i2";
+$Ktbl="%i3";
+$tmp31="%i4";
+$tmp32="%i5";
+
+########### SHA256
+$Xload = sub {
+my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_;
+
+    if ($i==0) {
+$code.=<<___;
+	ldx	[$inp+0],@X[0]
+	ldx	[$inp+16],@X[2]
+	ldx	[$inp+32],@X[4]
+	ldx	[$inp+48],@X[6]
+	ldx	[$inp+8],@X[1]
+	ldx	[$inp+24],@X[3]
+	subcc	%g0,$tmp31,$tmp32 ! should be 64-$tmp31, but -$tmp31 works too
+	ldx	[$inp+40],@X[5]
+	bz,pt	%icc,.Laligned
+	ldx	[$inp+56],@X[7]
+
+	sllx	@X[0],$tmp31,@X[0]
+	ldx	[$inp+64],$T1
+___
+for($j=0;$j<7;$j++)
+{   $code.=<<___;
+	srlx	@X[$j+1],$tmp32,$tmp1
+	sllx	@X[$j+1],$tmp31,@X[$j+1]
+	or	$tmp1,@X[$j],@X[$j]
+___
+}
+$code.=<<___;
+	srlx	$T1,$tmp32,$T1
+	or	$T1,@X[7],@X[7]
+.Laligned:
+___
+    }
+
+    if ($i&1) {
+	$code.="\tadd	@X[$i/2],$h,$T1\n";
+    } else {
+	$code.="\tsrlx	@X[$i/2],32,$T1\n\tadd	$h,$T1,$T1\n";
+    }
+} if ($SZ==4);
+
+########### SHA512
+$Xload = sub {
+my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_;
+my @pair=("%l".eval(($i*2)%8),"%l".eval(($i*2)%8+1),"%l".eval((($i+1)*2)%8));
+
+$code.=<<___ if ($i==0);
+	ld	[$inp+0],%l0
+	ld	[$inp+4],%l1
+	ld	[$inp+8],%l2
+	ld	[$inp+12],%l3
+	ld	[$inp+16],%l4
+	ld	[$inp+20],%l5
+	ld	[$inp+24],%l6
+	cmp	$tmp31,0
+	ld	[$inp+28],%l7
+___
+$code.=<<___ if ($i<15);
+	sllx	@pair[1],$tmp31,$tmp2	! Xload($i)
+	add	$tmp31,32,$tmp0
+	sllx	@pair[0],$tmp0,$tmp1
+	`"ld	[$inp+".eval(32+0+$i*8)."],@pair[0]"	if ($i<12)`
+	srlx	@pair[2],$tmp32,@pair[1]
+	or	$tmp1,$tmp2,$tmp2
+	or	@pair[1],$tmp2,$tmp2
+	`"ld	[$inp+".eval(32+4+$i*8)."],@pair[1]"	if ($i<12)`
+	add	$h,$tmp2,$T1
+	$ST	$tmp2,[%sp+STACK_BIAS+STACK_FRAME+`$i*$SZ`]
+___
+$code.=<<___ if ($i==12);
+	bnz,a,pn	%icc,.+8
+	ld	[$inp+128],%l0
+___
+$code.=<<___ if ($i==15);
+	ld	[%sp+STACK_BIAS+STACK_FRAME+`(($i+1+1)%16)*$SZ+0`],%l2
+	sllx	@pair[1],$tmp31,$tmp2	! Xload($i)
+	add	$tmp31,32,$tmp0
+	ld	[%sp+STACK_BIAS+STACK_FRAME+`(($i+1+1)%16)*$SZ+4`],%l3
+	sllx	@pair[0],$tmp0,$tmp1
+	ld	[%sp+STACK_BIAS+STACK_FRAME+`(($i+1+9)%16)*$SZ+0`],%l4
+	srlx	@pair[2],$tmp32,@pair[1]
+	or	$tmp1,$tmp2,$tmp2
+	ld	[%sp+STACK_BIAS+STACK_FRAME+`(($i+1+9)%16)*$SZ+4`],%l5
+	or	@pair[1],$tmp2,$tmp2
+	ld	[%sp+STACK_BIAS+STACK_FRAME+`(($i+1+14)%16)*$SZ+0`],%l6
+	add	$h,$tmp2,$T1
+	$ST	$tmp2,[%sp+STACK_BIAS+STACK_FRAME+`$i*$SZ`]
+	ld	[%sp+STACK_BIAS+STACK_FRAME+`(($i+1+14)%16)*$SZ+4`],%l7
+	ld	[%sp+STACK_BIAS+STACK_FRAME+`(($i+1+0)%16)*$SZ+0`],%l0
+	ld	[%sp+STACK_BIAS+STACK_FRAME+`(($i+1+0)%16)*$SZ+4`],%l1
+___
+} if ($SZ==8);
+
+########### common
+sub BODY_00_15 {
+my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_;
+
+    if ($i<16) {
+	&$Xload(@_);
+    } else {
+	$code.="\tadd	$h,$T1,$T1\n";
+    }
+
+$code.=<<___;
+	$SRL	$e,@Sigma1[0],$h	!! $i
+	xor	$f,$g,$tmp2
+	$SLL	$e,`$SZ*8-@Sigma1[2]`,$tmp1
+	and	$e,$tmp2,$tmp2
+	$SRL	$e,@Sigma1[1],$tmp0
+	xor	$tmp1,$h,$h
+	$SLL	$e,`$SZ*8-@Sigma1[1]`,$tmp1
+	xor	$tmp0,$h,$h
+	$SRL	$e,@Sigma1[2],$tmp0
+	xor	$tmp1,$h,$h
+	$SLL	$e,`$SZ*8-@Sigma1[0]`,$tmp1
+	xor	$tmp0,$h,$h
+	xor	$g,$tmp2,$tmp2		! Ch(e,f,g)
+	xor	$tmp1,$h,$tmp0		! Sigma1(e)
+
+	$SRL	$a,@Sigma0[0],$h
+	add	$tmp2,$T1,$T1
+	$LD	[$Ktbl+`$i*$SZ`],$tmp2	! K[$i]
+	$SLL	$a,`$SZ*8-@Sigma0[2]`,$tmp1
+	add	$tmp0,$T1,$T1
+	$SRL	$a,@Sigma0[1],$tmp0
+	xor	$tmp1,$h,$h
+	$SLL	$a,`$SZ*8-@Sigma0[1]`,$tmp1
+	xor	$tmp0,$h,$h
+	$SRL	$a,@Sigma0[2],$tmp0
+	xor	$tmp1,$h,$h
+	$SLL	$a,`$SZ*8-@Sigma0[0]`,$tmp1
+	xor	$tmp0,$h,$h
+	xor	$tmp1,$h,$h		! Sigma0(a)
+
+	or	$a,$b,$tmp0
+	and	$a,$b,$tmp1
+	and	$c,$tmp0,$tmp0
+	or	$tmp0,$tmp1,$tmp1	! Maj(a,b,c)
+	add	$tmp2,$T1,$T1		! +=K[$i]
+	add	$tmp1,$h,$h
+
+	add	$T1,$d,$d
+	add	$T1,$h,$h
+___
+}
+
+########### SHA256
+$BODY_16_XX = sub {
+my $i=@_[0];
+my $xi;
+
+    if ($i&1) {
+	$xi=$tmp32;
+	$code.="\tsrlx	@X[(($i+1)/2)%8],32,$xi\n";
+    } else {
+	$xi=@X[(($i+1)/2)%8];
+    }
+$code.=<<___;
+	srl	$xi,@sigma0[0],$T1		!! Xupdate($i)
+	sll	$xi,`32-@sigma0[2]`,$tmp1
+	srl	$xi,@sigma0[1],$tmp0
+	xor	$tmp1,$T1,$T1
+	sll	$tmp1,`@sigma0[2]-@sigma0[1]`,$tmp1
+	xor	$tmp0,$T1,$T1
+	srl	$xi,@sigma0[2],$tmp0
+	xor	$tmp1,$T1,$T1
+___
+    if ($i&1) {
+	$xi=@X[(($i+14)/2)%8];
+    } else {
+	$xi=$tmp32;
+	$code.="\tsrlx	@X[(($i+14)/2)%8],32,$xi\n";
+    }
+$code.=<<___;
+	srl	$xi,@sigma1[0],$tmp2
+	xor	$tmp0,$T1,$T1			! T1=sigma0(X[i+1])
+	sll	$xi,`32-@sigma1[2]`,$tmp1
+	srl	$xi,@sigma1[1],$tmp0
+	xor	$tmp1,$tmp2,$tmp2
+	sll	$tmp1,`@sigma1[2]-@sigma1[1]`,$tmp1
+	xor	$tmp0,$tmp2,$tmp2
+	srl	$xi,@sigma1[2],$tmp0
+	xor	$tmp1,$tmp2,$tmp2
+___
+    if ($i&1) {
+	$xi=@X[($i/2)%8];
+$code.=<<___;
+	srlx	@X[(($i+9)/2)%8],32,$tmp1	! X[i+9]
+	xor	$tmp0,$tmp2,$tmp2		! sigma1(X[i+14])
+	srl	@X[($i/2)%8],0,$tmp0
+	add	$tmp2,$tmp1,$tmp1
+	add	$xi,$T1,$T1			! +=X[i]
+	xor	$tmp0,@X[($i/2)%8],@X[($i/2)%8]
+	add	$tmp1,$T1,$T1
+
+	srl	$T1,0,$T1
+	or	$T1,@X[($i/2)%8],@X[($i/2)%8]
+___
+    } else {
+	$xi=@X[(($i+9)/2)%8];
+$code.=<<___;
+	srlx	@X[($i/2)%8],32,$tmp1		! X[i]
+	xor	$tmp0,$tmp2,$tmp2		! sigma1(X[i+14])
+	add	$xi,$T1,$T1			! +=X[i+9]
+	add	$tmp2,$tmp1,$tmp1
+	srl	@X[($i/2)%8],0,@X[($i/2)%8]
+	add	$tmp1,$T1,$T1
+
+	sllx	$T1,32,$tmp0
+	or	$tmp0,@X[($i/2)%8],@X[($i/2)%8]
+___
+    }
+    &BODY_00_15(@_);
+} if ($SZ==4);
+
+########### SHA512
+$BODY_16_XX = sub {
+my $i=@_[0];
+my @pair=("%l".eval(($i*2)%8),"%l".eval(($i*2)%8+1));
+
+$code.=<<___;
+	sllx	%l2,32,$tmp0		!! Xupdate($i)
+	or	%l3,$tmp0,$tmp0
+
+	srlx	$tmp0,@sigma0[0],$T1
+	ld	[%sp+STACK_BIAS+STACK_FRAME+`(($i+1+1)%16)*$SZ+0`],%l2
+	sllx	$tmp0,`64-@sigma0[2]`,$tmp1
+	ld	[%sp+STACK_BIAS+STACK_FRAME+`(($i+1+1)%16)*$SZ+4`],%l3
+	srlx	$tmp0,@sigma0[1],$tmp0
+	xor	$tmp1,$T1,$T1
+	sllx	$tmp1,`@sigma0[2]-@sigma0[1]`,$tmp1
+	xor	$tmp0,$T1,$T1
+	srlx	$tmp0,`@sigma0[2]-@sigma0[1]`,$tmp0
+	xor	$tmp1,$T1,$T1
+	sllx	%l6,32,$tmp2
+	xor	$tmp0,$T1,$T1		! sigma0(X[$i+1])
+	or	%l7,$tmp2,$tmp2
+
+	srlx	$tmp2,@sigma1[0],$tmp1
+	ld	[%sp+STACK_BIAS+STACK_FRAME+`(($i+1+14)%16)*$SZ+0`],%l6
+	sllx	$tmp2,`64-@sigma1[2]`,$tmp0
+	ld	[%sp+STACK_BIAS+STACK_FRAME+`(($i+1+14)%16)*$SZ+4`],%l7
+	srlx	$tmp2,@sigma1[1],$tmp2
+	xor	$tmp0,$tmp1,$tmp1
+	sllx	$tmp0,`@sigma1[2]-@sigma1[1]`,$tmp0
+	xor	$tmp2,$tmp1,$tmp1
+	srlx	$tmp2,`@sigma1[2]-@sigma1[1]`,$tmp2
+	xor	$tmp0,$tmp1,$tmp1
+	sllx	%l4,32,$tmp0
+	xor	$tmp2,$tmp1,$tmp1	! sigma1(X[$i+14])
+	ld	[%sp+STACK_BIAS+STACK_FRAME+`(($i+1+9)%16)*$SZ+0`],%l4
+	or	%l5,$tmp0,$tmp0
+	ld	[%sp+STACK_BIAS+STACK_FRAME+`(($i+1+9)%16)*$SZ+4`],%l5
+
+	sllx	%l0,32,$tmp2
+	add	$tmp1,$T1,$T1
+	ld	[%sp+STACK_BIAS+STACK_FRAME+`(($i+1+0)%16)*$SZ+0`],%l0
+	or	%l1,$tmp2,$tmp2
+	add	$tmp0,$T1,$T1		! +=X[$i+9]
+	ld	[%sp+STACK_BIAS+STACK_FRAME+`(($i+1+0)%16)*$SZ+4`],%l1
+	add	$tmp2,$T1,$T1		! +=X[$i]
+	$ST	$T1,[%sp+STACK_BIAS+STACK_FRAME+`($i%16)*$SZ`]
+___
+    &BODY_00_15(@_);
+} if ($SZ==8);
+
+$code.=<<___;
+#include "sparc_arch.h"
+
+#ifdef __arch64__
+.register	%g2,#scratch
+.register	%g3,#scratch
+#endif
+
+.section	".text",#alloc,#execinstr
+
+.align	64
+K${label}:
+.type	K${label},#object
+___
+if ($SZ==4) {
+$code.=<<___;
+	.long	0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5
+	.long	0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5
+	.long	0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3
+	.long	0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174
+	.long	0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc
+	.long	0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da
+	.long	0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7
+	.long	0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967
+	.long	0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13
+	.long	0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85
+	.long	0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3
+	.long	0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070
+	.long	0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5
+	.long	0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3
+	.long	0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208
+	.long	0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
+___
+} else {
+$code.=<<___;
+	.long	0x428a2f98,0xd728ae22, 0x71374491,0x23ef65cd
+	.long	0xb5c0fbcf,0xec4d3b2f, 0xe9b5dba5,0x8189dbbc
+	.long	0x3956c25b,0xf348b538, 0x59f111f1,0xb605d019
+	.long	0x923f82a4,0xaf194f9b, 0xab1c5ed5,0xda6d8118
+	.long	0xd807aa98,0xa3030242, 0x12835b01,0x45706fbe
+	.long	0x243185be,0x4ee4b28c, 0x550c7dc3,0xd5ffb4e2
+	.long	0x72be5d74,0xf27b896f, 0x80deb1fe,0x3b1696b1
+	.long	0x9bdc06a7,0x25c71235, 0xc19bf174,0xcf692694
+	.long	0xe49b69c1,0x9ef14ad2, 0xefbe4786,0x384f25e3
+	.long	0x0fc19dc6,0x8b8cd5b5, 0x240ca1cc,0x77ac9c65
+	.long	0x2de92c6f,0x592b0275, 0x4a7484aa,0x6ea6e483
+	.long	0x5cb0a9dc,0xbd41fbd4, 0x76f988da,0x831153b5
+	.long	0x983e5152,0xee66dfab, 0xa831c66d,0x2db43210
+	.long	0xb00327c8,0x98fb213f, 0xbf597fc7,0xbeef0ee4
+	.long	0xc6e00bf3,0x3da88fc2, 0xd5a79147,0x930aa725
+	.long	0x06ca6351,0xe003826f, 0x14292967,0x0a0e6e70
+	.long	0x27b70a85,0x46d22ffc, 0x2e1b2138,0x5c26c926
+	.long	0x4d2c6dfc,0x5ac42aed, 0x53380d13,0x9d95b3df
+	.long	0x650a7354,0x8baf63de, 0x766a0abb,0x3c77b2a8
+	.long	0x81c2c92e,0x47edaee6, 0x92722c85,0x1482353b
+	.long	0xa2bfe8a1,0x4cf10364, 0xa81a664b,0xbc423001
+	.long	0xc24b8b70,0xd0f89791, 0xc76c51a3,0x0654be30
+	.long	0xd192e819,0xd6ef5218, 0xd6990624,0x5565a910
+	.long	0xf40e3585,0x5771202a, 0x106aa070,0x32bbd1b8
+	.long	0x19a4c116,0xb8d2d0c8, 0x1e376c08,0x5141ab53
+	.long	0x2748774c,0xdf8eeb99, 0x34b0bcb5,0xe19b48a8
+	.long	0x391c0cb3,0xc5c95a63, 0x4ed8aa4a,0xe3418acb
+	.long	0x5b9cca4f,0x7763e373, 0x682e6ff3,0xd6b2b8a3
+	.long	0x748f82ee,0x5defb2fc, 0x78a5636f,0x43172f60
+	.long	0x84c87814,0xa1f0ab72, 0x8cc70208,0x1a6439ec
+	.long	0x90befffa,0x23631e28, 0xa4506ceb,0xde82bde9
+	.long	0xbef9a3f7,0xb2c67915, 0xc67178f2,0xe372532b
+	.long	0xca273ece,0xea26619c, 0xd186b8c7,0x21c0c207
+	.long	0xeada7dd6,0xcde0eb1e, 0xf57d4f7f,0xee6ed178
+	.long	0x06f067aa,0x72176fba, 0x0a637dc5,0xa2c898a6
+	.long	0x113f9804,0xbef90dae, 0x1b710b35,0x131c471b
+	.long	0x28db77f5,0x23047d84, 0x32caab7b,0x40c72493
+	.long	0x3c9ebe0a,0x15c9bebc, 0x431d67c4,0x9c100d4c
+	.long	0x4cc5d4be,0xcb3e42b6, 0x597f299c,0xfc657e2a
+	.long	0x5fcb6fab,0x3ad6faec, 0x6c44198c,0x4a475817
+___
+}
+$code.=<<___;
+.size	K${label},.-K${label}
+
+#ifdef __PIC__
+SPARC_PIC_THUNK(%g1)
+#endif
+
+.globl	sha${label}_block_data_order
+.align	32
+sha${label}_block_data_order:
+	SPARC_LOAD_ADDRESS_LEAF(OPENSSL_sparcv9cap_P,%g1,%g5)
+	ld	[%g1+4],%g1		! OPENSSL_sparcv9cap_P[1]
+
+	andcc	%g1, CFR_SHA${label}, %g0
+	be	.Lsoftware
+	nop
+___
+$code.=<<___ if ($SZ==8); 		# SHA512
+	ldd	[%o0 + 0x00], %f0	! load context
+	ldd	[%o0 + 0x08], %f2
+	ldd	[%o0 + 0x10], %f4
+	ldd	[%o0 + 0x18], %f6
+	ldd	[%o0 + 0x20], %f8
+	ldd	[%o0 + 0x28], %f10
+	andcc	%o1, 0x7, %g0
+	ldd	[%o0 + 0x30], %f12
+	bne,pn	%icc, .Lhwunaligned
+	 ldd	[%o0 + 0x38], %f14
+
+.Lhwaligned_loop:
+	ldd	[%o1 + 0x00], %f16
+	ldd	[%o1 + 0x08], %f18
+	ldd	[%o1 + 0x10], %f20
+	ldd	[%o1 + 0x18], %f22
+	ldd	[%o1 + 0x20], %f24
+	ldd	[%o1 + 0x28], %f26
+	ldd	[%o1 + 0x30], %f28
+	ldd	[%o1 + 0x38], %f30
+	ldd	[%o1 + 0x40], %f32
+	ldd	[%o1 + 0x48], %f34
+	ldd	[%o1 + 0x50], %f36
+	ldd	[%o1 + 0x58], %f38
+	ldd	[%o1 + 0x60], %f40
+	ldd	[%o1 + 0x68], %f42
+	ldd	[%o1 + 0x70], %f44
+	subcc	%o2, 1, %o2		! done yet?
+	ldd	[%o1 + 0x78], %f46
+	add	%o1, 0x80, %o1
+	prefetch [%o1 + 63], 20
+	prefetch [%o1 + 64+63], 20
+
+	.word	0x81b02860		! SHA512
+
+	bne,pt	SIZE_T_CC, .Lhwaligned_loop
+	nop
+
+.Lhwfinish:
+	std	%f0, [%o0 + 0x00]	! store context
+	std	%f2, [%o0 + 0x08]
+	std	%f4, [%o0 + 0x10]
+	std	%f6, [%o0 + 0x18]
+	std	%f8, [%o0 + 0x20]
+	std	%f10, [%o0 + 0x28]
+	std	%f12, [%o0 + 0x30]
+	retl
+	 std	%f14, [%o0 + 0x38]
+
+.align	16
+.Lhwunaligned:
+	alignaddr %o1, %g0, %o1
+
+	ldd	[%o1 + 0x00], %f18
+.Lhwunaligned_loop:
+	ldd	[%o1 + 0x08], %f20
+	ldd	[%o1 + 0x10], %f22
+	ldd	[%o1 + 0x18], %f24
+	ldd	[%o1 + 0x20], %f26
+	ldd	[%o1 + 0x28], %f28
+	ldd	[%o1 + 0x30], %f30
+	ldd	[%o1 + 0x38], %f32
+	ldd	[%o1 + 0x40], %f34
+	ldd	[%o1 + 0x48], %f36
+	ldd	[%o1 + 0x50], %f38
+	ldd	[%o1 + 0x58], %f40
+	ldd	[%o1 + 0x60], %f42
+	ldd	[%o1 + 0x68], %f44
+	ldd	[%o1 + 0x70], %f46
+	ldd	[%o1 + 0x78], %f48
+	subcc	%o2, 1, %o2		! done yet?
+	ldd	[%o1 + 0x80], %f50
+	add	%o1, 0x80, %o1
+	prefetch [%o1 + 63], 20
+	prefetch [%o1 + 64+63], 20
+
+	faligndata %f18, %f20, %f16
+	faligndata %f20, %f22, %f18
+	faligndata %f22, %f24, %f20
+	faligndata %f24, %f26, %f22
+	faligndata %f26, %f28, %f24
+	faligndata %f28, %f30, %f26
+	faligndata %f30, %f32, %f28
+	faligndata %f32, %f34, %f30
+	faligndata %f34, %f36, %f32
+	faligndata %f36, %f38, %f34
+	faligndata %f38, %f40, %f36
+	faligndata %f40, %f42, %f38
+	faligndata %f42, %f44, %f40
+	faligndata %f44, %f46, %f42
+	faligndata %f46, %f48, %f44
+	faligndata %f48, %f50, %f46
+
+	.word	0x81b02860		! SHA512
+
+	bne,pt	SIZE_T_CC, .Lhwunaligned_loop
+	for	%f50, %f50, %f18	! %f18=%f50
+
+	ba	.Lhwfinish
+	nop
+___
+$code.=<<___ if ($SZ==4); 		# SHA256
+	ld	[%o0 + 0x00], %f0
+	ld	[%o0 + 0x04], %f1
+	ld	[%o0 + 0x08], %f2
+	ld	[%o0 + 0x0c], %f3
+	ld	[%o0 + 0x10], %f4
+	ld	[%o0 + 0x14], %f5
+	andcc	%o1, 0x7, %g0
+	ld	[%o0 + 0x18], %f6
+	bne,pn	%icc, .Lhwunaligned
+	 ld	[%o0 + 0x1c], %f7
+
+.Lhwloop:
+	ldd	[%o1 + 0x00], %f8
+	ldd	[%o1 + 0x08], %f10
+	ldd	[%o1 + 0x10], %f12
+	ldd	[%o1 + 0x18], %f14
+	ldd	[%o1 + 0x20], %f16
+	ldd	[%o1 + 0x28], %f18
+	ldd	[%o1 + 0x30], %f20
+	subcc	%o2, 1, %o2		! done yet?
+	ldd	[%o1 + 0x38], %f22
+	add	%o1, 0x40, %o1
+	prefetch [%o1 + 63], 20
+
+	.word	0x81b02840		! SHA256
+
+	bne,pt	SIZE_T_CC, .Lhwloop
+	nop
+
+.Lhwfinish:
+	st	%f0, [%o0 + 0x00]	! store context
+	st	%f1, [%o0 + 0x04]
+	st	%f2, [%o0 + 0x08]
+	st	%f3, [%o0 + 0x0c]
+	st	%f4, [%o0 + 0x10]
+	st	%f5, [%o0 + 0x14]
+	st	%f6, [%o0 + 0x18]
+	retl
+	 st	%f7, [%o0 + 0x1c]
+
+.align	8
+.Lhwunaligned:
+	alignaddr %o1, %g0, %o1
+
+	ldd	[%o1 + 0x00], %f10
+.Lhwunaligned_loop:
+	ldd	[%o1 + 0x08], %f12
+	ldd	[%o1 + 0x10], %f14
+	ldd	[%o1 + 0x18], %f16
+	ldd	[%o1 + 0x20], %f18
+	ldd	[%o1 + 0x28], %f20
+	ldd	[%o1 + 0x30], %f22
+	ldd	[%o1 + 0x38], %f24
+	subcc	%o2, 1, %o2		! done yet?
+	ldd	[%o1 + 0x40], %f26
+	add	%o1, 0x40, %o1
+	prefetch [%o1 + 63], 20
+
+	faligndata %f10, %f12, %f8
+	faligndata %f12, %f14, %f10
+	faligndata %f14, %f16, %f12
+	faligndata %f16, %f18, %f14
+	faligndata %f18, %f20, %f16
+	faligndata %f20, %f22, %f18
+	faligndata %f22, %f24, %f20
+	faligndata %f24, %f26, %f22
+
+	.word	0x81b02840		! SHA256
+
+	bne,pt	SIZE_T_CC, .Lhwunaligned_loop
+	for	%f26, %f26, %f10	! %f10=%f26
+
+	ba	.Lhwfinish
+	nop
+___
+$code.=<<___;
+.align	16
+.Lsoftware:
+	save	%sp,-STACK_FRAME-$locals,%sp
+	and	$inp,`$align-1`,$tmp31
+	sllx	$len,`log(16*$SZ)/log(2)`,$len
+	andn	$inp,`$align-1`,$inp
+	sll	$tmp31,3,$tmp31
+	add	$inp,$len,$len
+___
+$code.=<<___ if ($SZ==8); # SHA512
+	mov	32,$tmp32
+	sub	$tmp32,$tmp31,$tmp32
+___
+$code.=<<___;
+.Lpic:	call	.+8
+	add	%o7,K${label}-.Lpic,$Ktbl
+
+	$LD	[$ctx+`0*$SZ`],$A
+	$LD	[$ctx+`1*$SZ`],$B
+	$LD	[$ctx+`2*$SZ`],$C
+	$LD	[$ctx+`3*$SZ`],$D
+	$LD	[$ctx+`4*$SZ`],$E
+	$LD	[$ctx+`5*$SZ`],$F
+	$LD	[$ctx+`6*$SZ`],$G
+	$LD	[$ctx+`7*$SZ`],$H
+
+.Lloop:
+___
+for ($i=0;$i<16;$i++)	{ &BODY_00_15($i,@V); unshift(@V,pop(@V)); }
+$code.=".L16_xx:\n";
+for (;$i<32;$i++)	{ &$BODY_16_XX($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	and	$tmp2,0xfff,$tmp2
+	cmp	$tmp2,$lastK
+	bne	.L16_xx
+	add	$Ktbl,`16*$SZ`,$Ktbl	! Ktbl+=16
+
+___
+$code.=<<___ if ($SZ==4); # SHA256
+	$LD	[$ctx+`0*$SZ`],@X[0]
+	$LD	[$ctx+`1*$SZ`],@X[1]
+	$LD	[$ctx+`2*$SZ`],@X[2]
+	$LD	[$ctx+`3*$SZ`],@X[3]
+	$LD	[$ctx+`4*$SZ`],@X[4]
+	$LD	[$ctx+`5*$SZ`],@X[5]
+	$LD	[$ctx+`6*$SZ`],@X[6]
+	$LD	[$ctx+`7*$SZ`],@X[7]
+
+	add	$A,@X[0],$A
+	$ST	$A,[$ctx+`0*$SZ`]
+	add	$B,@X[1],$B
+	$ST	$B,[$ctx+`1*$SZ`]
+	add	$C,@X[2],$C
+	$ST	$C,[$ctx+`2*$SZ`]
+	add	$D,@X[3],$D
+	$ST	$D,[$ctx+`3*$SZ`]
+	add	$E,@X[4],$E
+	$ST	$E,[$ctx+`4*$SZ`]
+	add	$F,@X[5],$F
+	$ST	$F,[$ctx+`5*$SZ`]
+	add	$G,@X[6],$G
+	$ST	$G,[$ctx+`6*$SZ`]
+	add	$H,@X[7],$H
+	$ST	$H,[$ctx+`7*$SZ`]
+___
+$code.=<<___ if ($SZ==8); # SHA512
+	ld	[$ctx+`0*$SZ+0`],%l0
+	ld	[$ctx+`0*$SZ+4`],%l1
+	ld	[$ctx+`1*$SZ+0`],%l2
+	ld	[$ctx+`1*$SZ+4`],%l3
+	ld	[$ctx+`2*$SZ+0`],%l4
+	ld	[$ctx+`2*$SZ+4`],%l5
+	ld	[$ctx+`3*$SZ+0`],%l6
+
+	sllx	%l0,32,$tmp0
+	ld	[$ctx+`3*$SZ+4`],%l7
+	sllx	%l2,32,$tmp1
+	or	%l1,$tmp0,$tmp0
+	or	%l3,$tmp1,$tmp1
+	add	$tmp0,$A,$A
+	add	$tmp1,$B,$B
+	$ST	$A,[$ctx+`0*$SZ`]
+	sllx	%l4,32,$tmp2
+	$ST	$B,[$ctx+`1*$SZ`]
+	sllx	%l6,32,$T1
+	or	%l5,$tmp2,$tmp2
+	or	%l7,$T1,$T1
+	add	$tmp2,$C,$C
+	$ST	$C,[$ctx+`2*$SZ`]
+	add	$T1,$D,$D
+	$ST	$D,[$ctx+`3*$SZ`]
+
+	ld	[$ctx+`4*$SZ+0`],%l0
+	ld	[$ctx+`4*$SZ+4`],%l1
+	ld	[$ctx+`5*$SZ+0`],%l2
+	ld	[$ctx+`5*$SZ+4`],%l3
+	ld	[$ctx+`6*$SZ+0`],%l4
+	ld	[$ctx+`6*$SZ+4`],%l5
+	ld	[$ctx+`7*$SZ+0`],%l6
+
+	sllx	%l0,32,$tmp0
+	ld	[$ctx+`7*$SZ+4`],%l7
+	sllx	%l2,32,$tmp1
+	or	%l1,$tmp0,$tmp0
+	or	%l3,$tmp1,$tmp1
+	add	$tmp0,$E,$E
+	add	$tmp1,$F,$F
+	$ST	$E,[$ctx+`4*$SZ`]
+	sllx	%l4,32,$tmp2
+	$ST	$F,[$ctx+`5*$SZ`]
+	sllx	%l6,32,$T1
+	or	%l5,$tmp2,$tmp2
+	or	%l7,$T1,$T1
+	add	$tmp2,$G,$G
+	$ST	$G,[$ctx+`6*$SZ`]
+	add	$T1,$H,$H
+	$ST	$H,[$ctx+`7*$SZ`]
+___
+$code.=<<___;
+	add	$inp,`16*$SZ`,$inp		! advance inp
+	cmp	$inp,$len
+	bne	SIZE_T_CC,.Lloop
+	sub	$Ktbl,`($rounds-16)*$SZ`,$Ktbl	! rewind Ktbl
+
+	ret
+	restore
+.type	sha${label}_block_data_order,#function
+.size	sha${label}_block_data_order,(.-sha${label}_block_data_order)
+.asciz	"SHA${label} block transform for SPARCv9, CRYPTOGAMS by <appro\@openssl.org>"
+.align	4
+___
+
+# Purpose of these subroutines is to explicitly encode VIS instructions,
+# so that one can compile the module without having to specify VIS
+# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
+# Idea is to reserve for option to produce "universal" binary and let
+# programmer detect if current CPU is VIS capable at run-time.
+sub unvis {
+my ($mnemonic,$rs1,$rs2,$rd)=@_;
+my $ref,$opf;
+my %visopf = (	"faligndata"	=> 0x048,
+		"for"		=> 0x07c	);
+
+    $ref = "$mnemonic\t$rs1,$rs2,$rd";
+
+    if ($opf=$visopf{$mnemonic}) {
+	foreach ($rs1,$rs2,$rd) {
+	    return $ref if (!/%f([0-9]{1,2})/);
+	    $_=$1;
+	    if ($1>=32) {
+		return $ref if ($1&1);
+		# re-encode for upper double register addressing
+		$_=($1|$1>>5)&31;
+	    }
+	}
+
+	return	sprintf ".word\t0x%08x !%s",
+			0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2,
+			$ref;
+    } else {
+	return $ref;
+    }
+}
+sub unalignaddr {
+my ($mnemonic,$rs1,$rs2,$rd)=@_;
+my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24 );
+my $ref="$mnemonic\t$rs1,$rs2,$rd";
+
+    foreach ($rs1,$rs2,$rd) {
+	if (/%([goli])([0-7])/)	{ $_=$bias{$1}+$2; }
+	else			{ return $ref; }
+    }
+    return  sprintf ".word\t0x%08x !%s",
+		    0x81b00300|$rd<<25|$rs1<<14|$rs2,
+		    $ref;
+}
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/ge;
+
+	s/\b(f[^\s]*)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*(%f[0-9]{1,2})/
+		&unvis($1,$2,$3,$4)
+	 /ge;
+	s/\b(alignaddr)\s+(%[goli][0-7]),\s*(%[goli][0-7]),\s*(%[goli][0-7])/
+		&unalignaddr($1,$2,$3,$4)
+	 /ge;
+
+	print $_,"\n";
+}
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-x86_64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-x86_64.pl
new file mode 100755
index 000000000..f2ebdfdb6
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-x86_64.pl
@@ -0,0 +1,2498 @@
+#! /usr/bin/env perl
+# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. Rights for redistribution and usage in source and binary
+# forms are granted according to the OpenSSL license.
+# ====================================================================
+#
+# sha256/512_block procedure for x86_64.
+#
+# 40% improvement over compiler-generated code on Opteron. On EM64T
+# sha256 was observed to run >80% faster and sha512 - >40%. No magical
+# tricks, just straight implementation... I really wonder why gcc
+# [being armed with inline assembler] fails to generate as fast code.
+# The only thing which is cool about this module is that it's very
+# same instruction sequence used for both SHA-256 and SHA-512. In
+# former case the instructions operate on 32-bit operands, while in
+# latter - on 64-bit ones. All I had to do is to get one flavor right,
+# the other one passed the test right away:-)
+#
+# sha256_block runs in ~1005 cycles on Opteron, which gives you
+# asymptotic performance of 64*1000/1005=63.7MBps times CPU clock
+# frequency in GHz. sha512_block runs in ~1275 cycles, which results
+# in 128*1000/1275=100MBps per GHz. Is there room for improvement?
+# Well, if you compare it to IA-64 implementation, which maintains
+# X[16] in register bank[!], tends to 4 instructions per CPU clock
+# cycle and runs in 1003 cycles, 1275 is very good result for 3-way
+# issue Opteron pipeline and X[16] maintained in memory. So that *if*
+# there is a way to improve it, *then* the only way would be to try to
+# offload X[16] updates to SSE unit, but that would require "deeper"
+# loop unroll, which in turn would naturally cause size blow-up, not
+# to mention increased complexity! And once again, only *if* it's
+# actually possible to noticeably improve overall ILP, instruction
+# level parallelism, on a given CPU implementation in this case.
+#
+# Special note on Intel EM64T. While Opteron CPU exhibits perfect
+# performance ratio of 1.5 between 64- and 32-bit flavors [see above],
+# [currently available] EM64T CPUs apparently are far from it. On the
+# contrary, 64-bit version, sha512_block, is ~30% *slower* than 32-bit
+# sha256_block:-( This is presumably because 64-bit shifts/rotates
+# apparently are not atomic instructions, but implemented in microcode.
+#
+# May 2012.
+#
+# Optimization including one of Pavel Semjanov's ideas, alternative
+# Maj, resulted in >=5% improvement on most CPUs, +20% SHA256 and
+# unfortunately -2% SHA512 on P4 [which nobody should care about
+# that much].
+#
+# June 2012.
+#
+# Add SIMD code paths, see below for improvement coefficients. SSSE3
+# code path was not attempted for SHA512, because improvement is not
+# estimated to be high enough, noticeably less than 9%, to justify
+# the effort, not on pre-AVX processors. [Obviously with exclusion
+# for VIA Nano, but it has SHA512 instruction that is faster and
+# should be used instead.] For reference, corresponding estimated
+# upper limit for improvement for SSSE3 SHA256 is 28%. The fact that
+# higher coefficients are observed on VIA Nano and Bulldozer has more
+# to do with specifics of their architecture [which is topic for
+# separate discussion].
+#
+# November 2012.
+#
+# Add AVX2 code path. Two consecutive input blocks are loaded to
+# 256-bit %ymm registers, with data from first block to least
+# significant 128-bit halves and data from second to most significant.
+# The data is then processed with same SIMD instruction sequence as
+# for AVX, but with %ymm as operands. Side effect is increased stack
+# frame, 448 additional bytes in SHA256 and 1152 in SHA512, and 1.2KB
+# code size increase.
+#
+# March 2014.
+#
+# Add support for Intel SHA Extensions.
+
+######################################################################
+# Current performance in cycles per processed byte (less is better):
+#
+#		SHA256	SSSE3       AVX/XOP(*)	    SHA512  AVX/XOP(*)
+#
+# AMD K8	14.9	-	    -		    9.57    -
+# P4		17.3	-	    -		    30.8    -
+# Core 2	15.6	13.8(+13%)  -		    9.97    -
+# Westmere	14.8	12.3(+19%)  -		    9.58    -
+# Sandy Bridge	17.4	14.2(+23%)  11.6(+50%(**))  11.2    8.10(+38%(**))
+# Ivy Bridge	12.6	10.5(+20%)  10.3(+22%)	    8.17    7.22(+13%)
+# Haswell	12.2	9.28(+31%)  7.80(+56%)	    7.66    5.40(+42%)
+# Skylake	11.4	9.03(+26%)  7.70(+48%)      7.25    5.20(+40%)
+# Bulldozer	21.1	13.6(+54%)  13.6(+54%(***)) 13.5    8.58(+57%)
+# Ryzen		11.0	9.02(+22%)  2.05(+440%)     7.05    5.67(+20%)
+# VIA Nano	23.0	16.5(+39%)  -		    14.7    -
+# Atom		23.0	18.9(+22%)  -		    14.7    -
+# Silvermont	27.4	20.6(+33%)  -               17.5    -
+# Knights L	27.4	21.0(+30%)  19.6(+40%)	    17.5    12.8(+37%)
+# Goldmont	18.9	14.3(+32%)  4.16(+350%)     12.0    -
+#
+# (*)	whichever best applicable, including SHAEXT;
+# (**)	switch from ror to shrd stands for fair share of improvement;
+# (***)	execution time is fully determined by remaining integer-only
+#	part, body_00_15; reducing the amount of SIMD instructions
+#	below certain limit makes no difference/sense; to conserve
+#	space SHA256 XOP code path is therefore omitted;
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+		=~ /GNU assembler version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.19) + ($1>=2.22);
+}
+
+if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
+	   `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.09) + ($1>=2.10);
+}
+
+if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
+	   `ml64 2>&1` =~ /Version ([0-9]+)\./) {
+	$avx = ($1>=10) + ($1>=11);
+}
+
+if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) {
+	$avx = ($2>=3.0) + ($2>3.0);
+}
+
+$shaext=1;	### set to zero if compiling for 1.0.1
+$avx=1		if (!$shaext && $avx);
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+if ($output =~ /512/) {
+	$func="sha512_block_data_order";
+	$TABLE="K512";
+	$SZ=8;
+	@ROT=($A,$B,$C,$D,$E,$F,$G,$H)=("%rax","%rbx","%rcx","%rdx",
+					"%r8", "%r9", "%r10","%r11");
+	($T1,$a0,$a1,$a2,$a3)=("%r12","%r13","%r14","%r15","%rdi");
+	@Sigma0=(28,34,39);
+	@Sigma1=(14,18,41);
+	@sigma0=(1,  8, 7);
+	@sigma1=(19,61, 6);
+	$rounds=80;
+} else {
+	$func="sha256_block_data_order";
+	$TABLE="K256";
+	$SZ=4;
+	@ROT=($A,$B,$C,$D,$E,$F,$G,$H)=("%eax","%ebx","%ecx","%edx",
+					"%r8d","%r9d","%r10d","%r11d");
+	($T1,$a0,$a1,$a2,$a3)=("%r12d","%r13d","%r14d","%r15d","%edi");
+	@Sigma0=( 2,13,22);
+	@Sigma1=( 6,11,25);
+	@sigma0=( 7,18, 3);
+	@sigma1=(17,19,10);
+	$rounds=64;
+}
+
+$ctx="%rdi";	# 1st arg, zapped by $a3
+$inp="%rsi";	# 2nd arg
+$Tbl="%rbp";
+
+$_ctx="16*$SZ+0*8(%rsp)";
+$_inp="16*$SZ+1*8(%rsp)";
+$_end="16*$SZ+2*8(%rsp)";
+$_rsp="`16*$SZ+3*8`(%rsp)";
+$framesz="16*$SZ+4*8";
+
+
+sub ROUND_00_15()
+{ my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_;
+  my $STRIDE=$SZ;
+     $STRIDE += 16 if ($i%(16/$SZ)==(16/$SZ-1));
+
+$code.=<<___;
+	ror	\$`$Sigma1[2]-$Sigma1[1]`,$a0
+	mov	$f,$a2
+
+	xor	$e,$a0
+	ror	\$`$Sigma0[2]-$Sigma0[1]`,$a1
+	xor	$g,$a2			# f^g
+
+	mov	$T1,`$SZ*($i&0xf)`(%rsp)
+	xor	$a,$a1
+	and	$e,$a2			# (f^g)&e
+
+	ror	\$`$Sigma1[1]-$Sigma1[0]`,$a0
+	add	$h,$T1			# T1+=h
+	xor	$g,$a2			# Ch(e,f,g)=((f^g)&e)^g
+
+	ror	\$`$Sigma0[1]-$Sigma0[0]`,$a1
+	xor	$e,$a0
+	add	$a2,$T1			# T1+=Ch(e,f,g)
+
+	mov	$a,$a2
+	add	($Tbl),$T1		# T1+=K[round]
+	xor	$a,$a1
+
+	xor	$b,$a2			# a^b, b^c in next round
+	ror	\$$Sigma1[0],$a0	# Sigma1(e)
+	mov	$b,$h
+
+	and	$a2,$a3
+	ror	\$$Sigma0[0],$a1	# Sigma0(a)
+	add	$a0,$T1			# T1+=Sigma1(e)
+
+	xor	$a3,$h			# h=Maj(a,b,c)=Ch(a^b,c,b)
+	add	$T1,$d			# d+=T1
+	add	$T1,$h			# h+=T1
+
+	lea	$STRIDE($Tbl),$Tbl	# round++
+___
+$code.=<<___ if ($i<15);
+	add	$a1,$h			# h+=Sigma0(a)
+___
+	($a2,$a3) = ($a3,$a2);
+}
+
+sub ROUND_16_XX()
+{ my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_;
+
+$code.=<<___;
+	mov	`$SZ*(($i+1)&0xf)`(%rsp),$a0
+	mov	`$SZ*(($i+14)&0xf)`(%rsp),$a2
+
+	mov	$a0,$T1
+	ror	\$`$sigma0[1]-$sigma0[0]`,$a0
+	add	$a1,$a			# modulo-scheduled h+=Sigma0(a)
+	mov	$a2,$a1
+	ror	\$`$sigma1[1]-$sigma1[0]`,$a2
+
+	xor	$T1,$a0
+	shr	\$$sigma0[2],$T1
+	ror	\$$sigma0[0],$a0
+	xor	$a1,$a2
+	shr	\$$sigma1[2],$a1
+
+	ror	\$$sigma1[0],$a2
+	xor	$a0,$T1			# sigma0(X[(i+1)&0xf])
+	xor	$a1,$a2			# sigma1(X[(i+14)&0xf])
+	add	`$SZ*(($i+9)&0xf)`(%rsp),$T1
+
+	add	`$SZ*($i&0xf)`(%rsp),$T1
+	mov	$e,$a0
+	add	$a2,$T1
+	mov	$a,$a1
+___
+	&ROUND_00_15(@_);
+}
+
+$code=<<___;
+.text
+
+.extern	OPENSSL_ia32cap_P
+.globl	$func
+.type	$func,\@function,3
+.align	16
+$func:
+.cfi_startproc
+___
+$code.=<<___ if ($SZ==4 || $avx);
+	lea	OPENSSL_ia32cap_P(%rip),%r11
+	mov	0(%r11),%r9d
+	mov	4(%r11),%r10d
+	mov	8(%r11),%r11d
+___
+$code.=<<___ if ($SZ==4 && $shaext);
+	test	\$`1<<29`,%r11d		# check for SHA
+	jnz	_shaext_shortcut
+___
+$code.=<<___ if ($avx && $SZ==8);
+	test	\$`1<<11`,%r10d		# check for XOP
+	jnz	.Lxop_shortcut
+___
+$code.=<<___ if ($avx>1);
+	and	\$`1<<8|1<<5|1<<3`,%r11d	# check for BMI2+AVX2+BMI1
+	cmp	\$`1<<8|1<<5|1<<3`,%r11d
+	je	.Lavx2_shortcut
+___
+$code.=<<___ if ($avx);
+	and	\$`1<<30`,%r9d		# mask "Intel CPU" bit
+	and	\$`1<<28|1<<9`,%r10d	# mask AVX and SSSE3 bits
+	or	%r9d,%r10d
+	cmp	\$`1<<28|1<<9|1<<30`,%r10d
+	je	.Lavx_shortcut
+___
+$code.=<<___ if ($SZ==4);
+	test	\$`1<<9`,%r10d
+	jnz	.Lssse3_shortcut
+___
+$code.=<<___;
+	mov	%rsp,%rax		# copy %rsp
+.cfi_def_cfa_register	%rax
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+	shl	\$4,%rdx		# num*16
+	sub	\$$framesz,%rsp
+	lea	($inp,%rdx,$SZ),%rdx	# inp+num*16*$SZ
+	and	\$-64,%rsp		# align stack frame
+	mov	$ctx,$_ctx		# save ctx, 1st arg
+	mov	$inp,$_inp		# save inp, 2nd arh
+	mov	%rdx,$_end		# save end pointer, "3rd" arg
+	mov	%rax,$_rsp		# save copy of %rsp
+.cfi_cfa_expression	$_rsp,deref,+8
+.Lprologue:
+
+	mov	$SZ*0($ctx),$A
+	mov	$SZ*1($ctx),$B
+	mov	$SZ*2($ctx),$C
+	mov	$SZ*3($ctx),$D
+	mov	$SZ*4($ctx),$E
+	mov	$SZ*5($ctx),$F
+	mov	$SZ*6($ctx),$G
+	mov	$SZ*7($ctx),$H
+	jmp	.Lloop
+
+.align	16
+.Lloop:
+	mov	$B,$a3
+	lea	$TABLE(%rip),$Tbl
+	xor	$C,$a3			# magic
+___
+	for($i=0;$i<16;$i++) {
+		$code.="	mov	$SZ*$i($inp),$T1\n";
+		$code.="	mov	@ROT[4],$a0\n";
+		$code.="	mov	@ROT[0],$a1\n";
+		$code.="	bswap	$T1\n";
+		&ROUND_00_15($i,@ROT);
+		unshift(@ROT,pop(@ROT));
+	}
+$code.=<<___;
+	jmp	.Lrounds_16_xx
+.align	16
+.Lrounds_16_xx:
+___
+	for(;$i<32;$i++) {
+		&ROUND_16_XX($i,@ROT);
+		unshift(@ROT,pop(@ROT));
+	}
+
+$code.=<<___;
+	cmpb	\$0,`$SZ-1`($Tbl)
+	jnz	.Lrounds_16_xx
+
+	mov	$_ctx,$ctx
+	add	$a1,$A			# modulo-scheduled h+=Sigma0(a)
+	lea	16*$SZ($inp),$inp
+
+	add	$SZ*0($ctx),$A
+	add	$SZ*1($ctx),$B
+	add	$SZ*2($ctx),$C
+	add	$SZ*3($ctx),$D
+	add	$SZ*4($ctx),$E
+	add	$SZ*5($ctx),$F
+	add	$SZ*6($ctx),$G
+	add	$SZ*7($ctx),$H
+
+	cmp	$_end,$inp
+
+	mov	$A,$SZ*0($ctx)
+	mov	$B,$SZ*1($ctx)
+	mov	$C,$SZ*2($ctx)
+	mov	$D,$SZ*3($ctx)
+	mov	$E,$SZ*4($ctx)
+	mov	$F,$SZ*5($ctx)
+	mov	$G,$SZ*6($ctx)
+	mov	$H,$SZ*7($ctx)
+	jb	.Lloop
+
+	mov	$_rsp,%rsi
+.cfi_def_cfa	%rsi,8
+	mov	-48(%rsi),%r15
+.cfi_restore	%r15
+	mov	-40(%rsi),%r14
+.cfi_restore	%r14
+	mov	-32(%rsi),%r13
+.cfi_restore	%r13
+	mov	-24(%rsi),%r12
+.cfi_restore	%r12
+	mov	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lepilogue:
+	ret
+.cfi_endproc
+.size	$func,.-$func
+___
+
+if ($SZ==4) {
+$code.=<<___;
+.align	64
+.type	$TABLE,\@object
+$TABLE:
+	.long	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
+	.long	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
+	.long	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
+	.long	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
+	.long	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
+	.long	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
+	.long	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
+	.long	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
+	.long	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
+	.long	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
+	.long	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
+	.long	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
+	.long	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
+	.long	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
+	.long	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
+	.long	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
+	.long	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
+	.long	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
+	.long	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
+	.long	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
+	.long	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
+	.long	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
+	.long	0xd192e819,0xd6990624,0xf40e3585,0x106aa070
+	.long	0xd192e819,0xd6990624,0xf40e3585,0x106aa070
+	.long	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
+	.long	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
+	.long	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
+	.long	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
+	.long	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
+	.long	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
+	.long	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
+	.long	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
+
+	.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f
+	.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f
+	.long	0x03020100,0x0b0a0908,0xffffffff,0xffffffff
+	.long	0x03020100,0x0b0a0908,0xffffffff,0xffffffff
+	.long	0xffffffff,0xffffffff,0x03020100,0x0b0a0908
+	.long	0xffffffff,0xffffffff,0x03020100,0x0b0a0908
+	.asciz	"SHA256 block transform for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+___
+} else {
+$code.=<<___;
+.align	64
+.type	$TABLE,\@object
+$TABLE:
+	.quad	0x428a2f98d728ae22,0x7137449123ef65cd
+	.quad	0x428a2f98d728ae22,0x7137449123ef65cd
+	.quad	0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc
+	.quad	0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc
+	.quad	0x3956c25bf348b538,0x59f111f1b605d019
+	.quad	0x3956c25bf348b538,0x59f111f1b605d019
+	.quad	0x923f82a4af194f9b,0xab1c5ed5da6d8118
+	.quad	0x923f82a4af194f9b,0xab1c5ed5da6d8118
+	.quad	0xd807aa98a3030242,0x12835b0145706fbe
+	.quad	0xd807aa98a3030242,0x12835b0145706fbe
+	.quad	0x243185be4ee4b28c,0x550c7dc3d5ffb4e2
+	.quad	0x243185be4ee4b28c,0x550c7dc3d5ffb4e2
+	.quad	0x72be5d74f27b896f,0x80deb1fe3b1696b1
+	.quad	0x72be5d74f27b896f,0x80deb1fe3b1696b1
+	.quad	0x9bdc06a725c71235,0xc19bf174cf692694
+	.quad	0x9bdc06a725c71235,0xc19bf174cf692694
+	.quad	0xe49b69c19ef14ad2,0xefbe4786384f25e3
+	.quad	0xe49b69c19ef14ad2,0xefbe4786384f25e3
+	.quad	0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65
+	.quad	0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65
+	.quad	0x2de92c6f592b0275,0x4a7484aa6ea6e483
+	.quad	0x2de92c6f592b0275,0x4a7484aa6ea6e483
+	.quad	0x5cb0a9dcbd41fbd4,0x76f988da831153b5
+	.quad	0x5cb0a9dcbd41fbd4,0x76f988da831153b5
+	.quad	0x983e5152ee66dfab,0xa831c66d2db43210
+	.quad	0x983e5152ee66dfab,0xa831c66d2db43210
+	.quad	0xb00327c898fb213f,0xbf597fc7beef0ee4
+	.quad	0xb00327c898fb213f,0xbf597fc7beef0ee4
+	.quad	0xc6e00bf33da88fc2,0xd5a79147930aa725
+	.quad	0xc6e00bf33da88fc2,0xd5a79147930aa725
+	.quad	0x06ca6351e003826f,0x142929670a0e6e70
+	.quad	0x06ca6351e003826f,0x142929670a0e6e70
+	.quad	0x27b70a8546d22ffc,0x2e1b21385c26c926
+	.quad	0x27b70a8546d22ffc,0x2e1b21385c26c926
+	.quad	0x4d2c6dfc5ac42aed,0x53380d139d95b3df
+	.quad	0x4d2c6dfc5ac42aed,0x53380d139d95b3df
+	.quad	0x650a73548baf63de,0x766a0abb3c77b2a8
+	.quad	0x650a73548baf63de,0x766a0abb3c77b2a8
+	.quad	0x81c2c92e47edaee6,0x92722c851482353b
+	.quad	0x81c2c92e47edaee6,0x92722c851482353b
+	.quad	0xa2bfe8a14cf10364,0xa81a664bbc423001
+	.quad	0xa2bfe8a14cf10364,0xa81a664bbc423001
+	.quad	0xc24b8b70d0f89791,0xc76c51a30654be30
+	.quad	0xc24b8b70d0f89791,0xc76c51a30654be30
+	.quad	0xd192e819d6ef5218,0xd69906245565a910
+	.quad	0xd192e819d6ef5218,0xd69906245565a910
+	.quad	0xf40e35855771202a,0x106aa07032bbd1b8
+	.quad	0xf40e35855771202a,0x106aa07032bbd1b8
+	.quad	0x19a4c116b8d2d0c8,0x1e376c085141ab53
+	.quad	0x19a4c116b8d2d0c8,0x1e376c085141ab53
+	.quad	0x2748774cdf8eeb99,0x34b0bcb5e19b48a8
+	.quad	0x2748774cdf8eeb99,0x34b0bcb5e19b48a8
+	.quad	0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb
+	.quad	0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb
+	.quad	0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3
+	.quad	0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3
+	.quad	0x748f82ee5defb2fc,0x78a5636f43172f60
+	.quad	0x748f82ee5defb2fc,0x78a5636f43172f60
+	.quad	0x84c87814a1f0ab72,0x8cc702081a6439ec
+	.quad	0x84c87814a1f0ab72,0x8cc702081a6439ec
+	.quad	0x90befffa23631e28,0xa4506cebde82bde9
+	.quad	0x90befffa23631e28,0xa4506cebde82bde9
+	.quad	0xbef9a3f7b2c67915,0xc67178f2e372532b
+	.quad	0xbef9a3f7b2c67915,0xc67178f2e372532b
+	.quad	0xca273eceea26619c,0xd186b8c721c0c207
+	.quad	0xca273eceea26619c,0xd186b8c721c0c207
+	.quad	0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178
+	.quad	0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178
+	.quad	0x06f067aa72176fba,0x0a637dc5a2c898a6
+	.quad	0x06f067aa72176fba,0x0a637dc5a2c898a6
+	.quad	0x113f9804bef90dae,0x1b710b35131c471b
+	.quad	0x113f9804bef90dae,0x1b710b35131c471b
+	.quad	0x28db77f523047d84,0x32caab7b40c72493
+	.quad	0x28db77f523047d84,0x32caab7b40c72493
+	.quad	0x3c9ebe0a15c9bebc,0x431d67c49c100d4c
+	.quad	0x3c9ebe0a15c9bebc,0x431d67c49c100d4c
+	.quad	0x4cc5d4becb3e42b6,0x597f299cfc657e2a
+	.quad	0x4cc5d4becb3e42b6,0x597f299cfc657e2a
+	.quad	0x5fcb6fab3ad6faec,0x6c44198c4a475817
+	.quad	0x5fcb6fab3ad6faec,0x6c44198c4a475817
+
+	.quad	0x0001020304050607,0x08090a0b0c0d0e0f
+	.quad	0x0001020304050607,0x08090a0b0c0d0e0f
+	.asciz	"SHA512 block transform for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+___
+}
+
+######################################################################
+# SIMD code paths
+#
+if ($SZ==4 && $shaext) {{{
+######################################################################
+# Intel SHA Extensions implementation of SHA256 update function.
+#
+my ($ctx,$inp,$num,$Tbl)=("%rdi","%rsi","%rdx","%rcx");
+
+my ($Wi,$ABEF,$CDGH,$TMP,$BSWAP,$ABEF_SAVE,$CDGH_SAVE)=map("%xmm$_",(0..2,7..10));
+my @MSG=map("%xmm$_",(3..6));
+
+$code.=<<___;
+.type	sha256_block_data_order_shaext,\@function,3
+.align	64
+sha256_block_data_order_shaext:
+_shaext_shortcut:
+___
+$code.=<<___ if ($win64);
+	lea	`-8-5*16`(%rsp),%rsp
+	movaps	%xmm6,-8-5*16(%rax)
+	movaps	%xmm7,-8-4*16(%rax)
+	movaps	%xmm8,-8-3*16(%rax)
+	movaps	%xmm9,-8-2*16(%rax)
+	movaps	%xmm10,-8-1*16(%rax)
+.Lprologue_shaext:
+___
+$code.=<<___;
+	lea		K256+0x80(%rip),$Tbl
+	movdqu		($ctx),$ABEF		# DCBA
+	movdqu		16($ctx),$CDGH		# HGFE
+	movdqa		0x200-0x80($Tbl),$TMP	# byte swap mask
+
+	pshufd		\$0x1b,$ABEF,$Wi	# ABCD
+	pshufd		\$0xb1,$ABEF,$ABEF	# CDAB
+	pshufd		\$0x1b,$CDGH,$CDGH	# EFGH
+	movdqa		$TMP,$BSWAP		# offload
+	palignr		\$8,$CDGH,$ABEF		# ABEF
+	punpcklqdq	$Wi,$CDGH		# CDGH
+	jmp		.Loop_shaext
+
+.align	16
+.Loop_shaext:
+	movdqu		($inp),@MSG[0]
+	movdqu		0x10($inp),@MSG[1]
+	movdqu		0x20($inp),@MSG[2]
+	pshufb		$TMP,@MSG[0]
+	movdqu		0x30($inp),@MSG[3]
+
+	movdqa		0*32-0x80($Tbl),$Wi
+	paddd		@MSG[0],$Wi
+	pshufb		$TMP,@MSG[1]
+	movdqa		$CDGH,$CDGH_SAVE	# offload
+	sha256rnds2	$ABEF,$CDGH		# 0-3
+	pshufd		\$0x0e,$Wi,$Wi
+	nop
+	movdqa		$ABEF,$ABEF_SAVE	# offload
+	sha256rnds2	$CDGH,$ABEF
+
+	movdqa		1*32-0x80($Tbl),$Wi
+	paddd		@MSG[1],$Wi
+	pshufb		$TMP,@MSG[2]
+	sha256rnds2	$ABEF,$CDGH		# 4-7
+	pshufd		\$0x0e,$Wi,$Wi
+	lea		0x40($inp),$inp
+	sha256msg1	@MSG[1],@MSG[0]
+	sha256rnds2	$CDGH,$ABEF
+
+	movdqa		2*32-0x80($Tbl),$Wi
+	paddd		@MSG[2],$Wi
+	pshufb		$TMP,@MSG[3]
+	sha256rnds2	$ABEF,$CDGH		# 8-11
+	pshufd		\$0x0e,$Wi,$Wi
+	movdqa		@MSG[3],$TMP
+	palignr		\$4,@MSG[2],$TMP
+	nop
+	paddd		$TMP,@MSG[0]
+	sha256msg1	@MSG[2],@MSG[1]
+	sha256rnds2	$CDGH,$ABEF
+
+	movdqa		3*32-0x80($Tbl),$Wi
+	paddd		@MSG[3],$Wi
+	sha256msg2	@MSG[3],@MSG[0]
+	sha256rnds2	$ABEF,$CDGH		# 12-15
+	pshufd		\$0x0e,$Wi,$Wi
+	movdqa		@MSG[0],$TMP
+	palignr		\$4,@MSG[3],$TMP
+	nop
+	paddd		$TMP,@MSG[1]
+	sha256msg1	@MSG[3],@MSG[2]
+	sha256rnds2	$CDGH,$ABEF
+___
+for($i=4;$i<16-3;$i++) {
+$code.=<<___;
+	movdqa		$i*32-0x80($Tbl),$Wi
+	paddd		@MSG[0],$Wi
+	sha256msg2	@MSG[0],@MSG[1]
+	sha256rnds2	$ABEF,$CDGH		# 16-19...
+	pshufd		\$0x0e,$Wi,$Wi
+	movdqa		@MSG[1],$TMP
+	palignr		\$4,@MSG[0],$TMP
+	nop
+	paddd		$TMP,@MSG[2]
+	sha256msg1	@MSG[0],@MSG[3]
+	sha256rnds2	$CDGH,$ABEF
+___
+	push(@MSG,shift(@MSG));
+}
+$code.=<<___;
+	movdqa		13*32-0x80($Tbl),$Wi
+	paddd		@MSG[0],$Wi
+	sha256msg2	@MSG[0],@MSG[1]
+	sha256rnds2	$ABEF,$CDGH		# 52-55
+	pshufd		\$0x0e,$Wi,$Wi
+	movdqa		@MSG[1],$TMP
+	palignr		\$4,@MSG[0],$TMP
+	sha256rnds2	$CDGH,$ABEF
+	paddd		$TMP,@MSG[2]
+
+	movdqa		14*32-0x80($Tbl),$Wi
+	paddd		@MSG[1],$Wi
+	sha256rnds2	$ABEF,$CDGH		# 56-59
+	pshufd		\$0x0e,$Wi,$Wi
+	sha256msg2	@MSG[1],@MSG[2]
+	movdqa		$BSWAP,$TMP
+	sha256rnds2	$CDGH,$ABEF
+
+	movdqa		15*32-0x80($Tbl),$Wi
+	paddd		@MSG[2],$Wi
+	nop
+	sha256rnds2	$ABEF,$CDGH		# 60-63
+	pshufd		\$0x0e,$Wi,$Wi
+	dec		$num
+	nop
+	sha256rnds2	$CDGH,$ABEF
+
+	paddd		$CDGH_SAVE,$CDGH
+	paddd		$ABEF_SAVE,$ABEF
+	jnz		.Loop_shaext
+
+	pshufd		\$0xb1,$CDGH,$CDGH	# DCHG
+	pshufd		\$0x1b,$ABEF,$TMP	# FEBA
+	pshufd		\$0xb1,$ABEF,$ABEF	# BAFE
+	punpckhqdq	$CDGH,$ABEF		# DCBA
+	palignr		\$8,$TMP,$CDGH		# HGFE
+
+	movdqu	$ABEF,($ctx)
+	movdqu	$CDGH,16($ctx)
+___
+$code.=<<___ if ($win64);
+	movaps	-8-5*16(%rax),%xmm6
+	movaps	-8-4*16(%rax),%xmm7
+	movaps	-8-3*16(%rax),%xmm8
+	movaps	-8-2*16(%rax),%xmm9
+	movaps	-8-1*16(%rax),%xmm10
+	mov	%rax,%rsp
+.Lepilogue_shaext:
+___
+$code.=<<___;
+	ret
+.size	sha256_block_data_order_shaext,.-sha256_block_data_order_shaext
+___
+}}}
+{{{
+
+my $a4=$T1;
+my ($a,$b,$c,$d,$e,$f,$g,$h);
+
+sub AUTOLOAD()		# thunk [simplified] 32-bit style perlasm
+{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://;
+  my $arg = pop;
+    $arg = "\$$arg" if ($arg*1 eq $arg);
+    $code .= "\t$opcode\t".join(',',$arg,reverse @_)."\n";
+}
+
+sub body_00_15 () {
+	(
+	'($a,$b,$c,$d,$e,$f,$g,$h)=@ROT;'.
+
+	'&ror	($a0,$Sigma1[2]-$Sigma1[1])',
+	'&mov	($a,$a1)',
+	'&mov	($a4,$f)',
+
+	'&ror	($a1,$Sigma0[2]-$Sigma0[1])',
+	'&xor	($a0,$e)',
+	'&xor	($a4,$g)',			# f^g
+
+	'&ror	($a0,$Sigma1[1]-$Sigma1[0])',
+	'&xor	($a1,$a)',
+	'&and	($a4,$e)',			# (f^g)&e
+
+	'&xor	($a0,$e)',
+	'&add	($h,$SZ*($i&15)."(%rsp)")',	# h+=X[i]+K[i]
+	'&mov	($a2,$a)',
+
+	'&xor	($a4,$g)',			# Ch(e,f,g)=((f^g)&e)^g
+	'&ror	($a1,$Sigma0[1]-$Sigma0[0])',
+	'&xor	($a2,$b)',			# a^b, b^c in next round
+
+	'&add	($h,$a4)',			# h+=Ch(e,f,g)
+	'&ror	($a0,$Sigma1[0])',		# Sigma1(e)
+	'&and	($a3,$a2)',			# (b^c)&(a^b)
+
+	'&xor	($a1,$a)',
+	'&add	($h,$a0)',			# h+=Sigma1(e)
+	'&xor	($a3,$b)',			# Maj(a,b,c)=Ch(a^b,c,b)
+
+	'&ror	($a1,$Sigma0[0])',		# Sigma0(a)
+	'&add	($d,$h)',			# d+=h
+	'&add	($h,$a3)',			# h+=Maj(a,b,c)
+
+	'&mov	($a0,$d)',
+	'&add	($a1,$h);'.			# h+=Sigma0(a)
+	'($a2,$a3) = ($a3,$a2); unshift(@ROT,pop(@ROT)); $i++;'
+	);
+}
+
+######################################################################
+# SSSE3 code path
+#
+if ($SZ==4) {	# SHA256 only
+my @X = map("%xmm$_",(0..3));
+my ($t0,$t1,$t2,$t3, $t4,$t5) = map("%xmm$_",(4..9));
+
+$code.=<<___;
+.type	${func}_ssse3,\@function,3
+.align	64
+${func}_ssse3:
+.cfi_startproc
+.Lssse3_shortcut:
+	mov	%rsp,%rax		# copy %rsp
+.cfi_def_cfa_register	%rax
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+	shl	\$4,%rdx		# num*16
+	sub	\$`$framesz+$win64*16*4`,%rsp
+	lea	($inp,%rdx,$SZ),%rdx	# inp+num*16*$SZ
+	and	\$-64,%rsp		# align stack frame
+	mov	$ctx,$_ctx		# save ctx, 1st arg
+	mov	$inp,$_inp		# save inp, 2nd arh
+	mov	%rdx,$_end		# save end pointer, "3rd" arg
+	mov	%rax,$_rsp		# save copy of %rsp
+.cfi_cfa_expression	$_rsp,deref,+8
+___
+$code.=<<___ if ($win64);
+	movaps	%xmm6,16*$SZ+32(%rsp)
+	movaps	%xmm7,16*$SZ+48(%rsp)
+	movaps	%xmm8,16*$SZ+64(%rsp)
+	movaps	%xmm9,16*$SZ+80(%rsp)
+___
+$code.=<<___;
+.Lprologue_ssse3:
+
+	mov	$SZ*0($ctx),$A
+	mov	$SZ*1($ctx),$B
+	mov	$SZ*2($ctx),$C
+	mov	$SZ*3($ctx),$D
+	mov	$SZ*4($ctx),$E
+	mov	$SZ*5($ctx),$F
+	mov	$SZ*6($ctx),$G
+	mov	$SZ*7($ctx),$H
+___
+
+$code.=<<___;
+	#movdqa	$TABLE+`$SZ*2*$rounds`+32(%rip),$t4
+	#movdqa	$TABLE+`$SZ*2*$rounds`+64(%rip),$t5
+	jmp	.Lloop_ssse3
+.align	16
+.Lloop_ssse3:
+	movdqa	$TABLE+`$SZ*2*$rounds`(%rip),$t3
+	movdqu	0x00($inp),@X[0]
+	movdqu	0x10($inp),@X[1]
+	movdqu	0x20($inp),@X[2]
+	pshufb	$t3,@X[0]
+	movdqu	0x30($inp),@X[3]
+	lea	$TABLE(%rip),$Tbl
+	pshufb	$t3,@X[1]
+	movdqa	0x00($Tbl),$t0
+	movdqa	0x20($Tbl),$t1
+	pshufb	$t3,@X[2]
+	paddd	@X[0],$t0
+	movdqa	0x40($Tbl),$t2
+	pshufb	$t3,@X[3]
+	movdqa	0x60($Tbl),$t3
+	paddd	@X[1],$t1
+	paddd	@X[2],$t2
+	paddd	@X[3],$t3
+	movdqa	$t0,0x00(%rsp)
+	mov	$A,$a1
+	movdqa	$t1,0x10(%rsp)
+	mov	$B,$a3
+	movdqa	$t2,0x20(%rsp)
+	xor	$C,$a3			# magic
+	movdqa	$t3,0x30(%rsp)
+	mov	$E,$a0
+	jmp	.Lssse3_00_47
+
+.align	16
+.Lssse3_00_47:
+	sub	\$`-16*2*$SZ`,$Tbl	# size optimization
+___
+sub Xupdate_256_SSSE3 () {
+	(
+	'&movdqa	($t0,@X[1]);',
+	'&movdqa	($t3,@X[3])',
+	'&palignr	($t0,@X[0],$SZ)',	# X[1..4]
+	 '&palignr	($t3,@X[2],$SZ);',	# X[9..12]
+	'&movdqa	($t1,$t0)',
+	'&movdqa	($t2,$t0);',
+	'&psrld		($t0,$sigma0[2])',
+	 '&paddd	(@X[0],$t3);',		# X[0..3] += X[9..12]
+	'&psrld		($t2,$sigma0[0])',
+	 '&pshufd	($t3,@X[3],0b11111010)',# X[14..15]
+	'&pslld		($t1,8*$SZ-$sigma0[1]);'.
+	'&pxor		($t0,$t2)',
+	'&psrld		($t2,$sigma0[1]-$sigma0[0]);'.
+	'&pxor		($t0,$t1)',
+	'&pslld		($t1,$sigma0[1]-$sigma0[0]);'.
+	'&pxor		($t0,$t2);',
+	 '&movdqa	($t2,$t3)',
+	'&pxor		($t0,$t1);',		# sigma0(X[1..4])
+	 '&psrld	($t3,$sigma1[2])',
+	'&paddd		(@X[0],$t0);',		# X[0..3] += sigma0(X[1..4])
+	 '&psrlq	($t2,$sigma1[0])',
+	 '&pxor		($t3,$t2);',
+	 '&psrlq	($t2,$sigma1[1]-$sigma1[0])',
+	 '&pxor		($t3,$t2)',
+	 '&pshufb	($t3,$t4)',		# sigma1(X[14..15])
+	'&paddd		(@X[0],$t3)',		# X[0..1] += sigma1(X[14..15])
+	 '&pshufd	($t3,@X[0],0b01010000)',# X[16..17]
+	 '&movdqa	($t2,$t3);',
+	 '&psrld	($t3,$sigma1[2])',
+	 '&psrlq	($t2,$sigma1[0])',
+	 '&pxor		($t3,$t2);',
+	 '&psrlq	($t2,$sigma1[1]-$sigma1[0])',
+	 '&pxor		($t3,$t2);',
+	'&movdqa	($t2,16*2*$j."($Tbl)")',
+	 '&pshufb	($t3,$t5)',
+	'&paddd		(@X[0],$t3)'		# X[2..3] += sigma1(X[16..17])
+	);
+}
+
+sub SSSE3_256_00_47 () {
+my $j = shift;
+my $body = shift;
+my @X = @_;
+my @insns = (&$body,&$body,&$body,&$body);	# 104 instructions
+
+    if (0) {
+	foreach (Xupdate_256_SSSE3()) {		# 36 instructions
+	    eval;
+	    eval(shift(@insns));
+	    eval(shift(@insns));
+	    eval(shift(@insns));
+	}
+    } else {			# squeeze extra 4% on Westmere and 19% on Atom
+	  eval(shift(@insns));	#@
+	&movdqa		($t0,@X[1]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&movdqa		($t3,@X[3]);
+	  eval(shift(@insns));	#@
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));	#@
+	  eval(shift(@insns));
+	&palignr	($t0,@X[0],$SZ);	# X[1..4]
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &palignr	($t3,@X[2],$SZ);	# X[9..12]
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));	#@
+	&movdqa		($t1,$t0);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&movdqa		($t2,$t0);
+	  eval(shift(@insns));	#@
+	  eval(shift(@insns));
+	&psrld		($t0,$sigma0[2]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &paddd		(@X[0],$t3);		# X[0..3] += X[9..12]
+	  eval(shift(@insns));	#@
+	  eval(shift(@insns));
+	&psrld		($t2,$sigma0[0]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &pshufd	($t3,@X[3],0b11111010);	# X[4..15]
+	  eval(shift(@insns));
+	  eval(shift(@insns));	#@
+	&pslld		($t1,8*$SZ-$sigma0[1]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&pxor		($t0,$t2);
+	  eval(shift(@insns));	#@
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));	#@
+	&psrld		($t2,$sigma0[1]-$sigma0[0]);
+	  eval(shift(@insns));
+	&pxor		($t0,$t1);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&pslld		($t1,$sigma0[1]-$sigma0[0]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&pxor		($t0,$t2);
+	  eval(shift(@insns));
+	  eval(shift(@insns));	#@
+	 &movdqa	($t2,$t3);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&pxor		($t0,$t1);		# sigma0(X[1..4])
+	  eval(shift(@insns));	#@
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &psrld		($t3,$sigma1[2]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&paddd		(@X[0],$t0);		# X[0..3] += sigma0(X[1..4])
+	  eval(shift(@insns));	#@
+	  eval(shift(@insns));
+	 &psrlq		($t2,$sigma1[0]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &pxor		($t3,$t2);
+	  eval(shift(@insns));	#@
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));	#@
+	 &psrlq		($t2,$sigma1[1]-$sigma1[0]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &pxor		($t3,$t2);
+	  eval(shift(@insns));	#@
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 #&pshufb	($t3,$t4);		# sigma1(X[14..15])
+	 &pshufd	($t3,$t3,0b10000000);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &psrldq	($t3,8);
+	  eval(shift(@insns));
+	  eval(shift(@insns));	#@
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));	#@
+	&paddd		(@X[0],$t3);		# X[0..1] += sigma1(X[14..15])
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &pshufd	($t3,@X[0],0b01010000);	# X[16..17]
+	  eval(shift(@insns));
+	  eval(shift(@insns));	#@
+	  eval(shift(@insns));
+	 &movdqa	($t2,$t3);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &psrld		($t3,$sigma1[2]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));	#@
+	 &psrlq		($t2,$sigma1[0]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &pxor		($t3,$t2);
+	  eval(shift(@insns));	#@
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));	#@
+	  eval(shift(@insns));
+	 &psrlq		($t2,$sigma1[1]-$sigma1[0]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &pxor		($t3,$t2);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));	#@
+	 #&pshufb	($t3,$t5);
+	 &pshufd	($t3,$t3,0b00001000);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&movdqa		($t2,16*2*$j."($Tbl)");
+	  eval(shift(@insns));	#@
+	  eval(shift(@insns));
+	 &pslldq	($t3,8);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&paddd		(@X[0],$t3);		# X[2..3] += sigma1(X[16..17])
+	  eval(shift(@insns));	#@
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+    }
+	&paddd		($t2,@X[0]);
+	  foreach (@insns) { eval; }		# remaining instructions
+	&movdqa		(16*$j."(%rsp)",$t2);
+}
+
+    for ($i=0,$j=0; $j<4; $j++) {
+	&SSSE3_256_00_47($j,\&body_00_15,@X);
+	push(@X,shift(@X));			# rotate(@X)
+    }
+	&cmpb	($SZ-1+16*2*$SZ."($Tbl)",0);
+	&jne	(".Lssse3_00_47");
+
+    for ($i=0; $i<16; ) {
+	foreach(body_00_15()) { eval; }
+    }
+$code.=<<___;
+	mov	$_ctx,$ctx
+	mov	$a1,$A
+
+	add	$SZ*0($ctx),$A
+	lea	16*$SZ($inp),$inp
+	add	$SZ*1($ctx),$B
+	add	$SZ*2($ctx),$C
+	add	$SZ*3($ctx),$D
+	add	$SZ*4($ctx),$E
+	add	$SZ*5($ctx),$F
+	add	$SZ*6($ctx),$G
+	add	$SZ*7($ctx),$H
+
+	cmp	$_end,$inp
+
+	mov	$A,$SZ*0($ctx)
+	mov	$B,$SZ*1($ctx)
+	mov	$C,$SZ*2($ctx)
+	mov	$D,$SZ*3($ctx)
+	mov	$E,$SZ*4($ctx)
+	mov	$F,$SZ*5($ctx)
+	mov	$G,$SZ*6($ctx)
+	mov	$H,$SZ*7($ctx)
+	jb	.Lloop_ssse3
+
+	mov	$_rsp,%rsi
+.cfi_def_cfa	%rsi,8
+___
+$code.=<<___ if ($win64);
+	movaps	16*$SZ+32(%rsp),%xmm6
+	movaps	16*$SZ+48(%rsp),%xmm7
+	movaps	16*$SZ+64(%rsp),%xmm8
+	movaps	16*$SZ+80(%rsp),%xmm9
+___
+$code.=<<___;
+	mov	-48(%rsi),%r15
+.cfi_restore	%r15
+	mov	-40(%rsi),%r14
+.cfi_restore	%r14
+	mov	-32(%rsi),%r13
+.cfi_restore	%r13
+	mov	-24(%rsi),%r12
+.cfi_restore	%r12
+	mov	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lepilogue_ssse3:
+	ret
+.cfi_endproc
+.size	${func}_ssse3,.-${func}_ssse3
+___
+}
+
+if ($avx) {{
+######################################################################
+# XOP code path
+#
+if ($SZ==8) {	# SHA512 only
+$code.=<<___;
+.type	${func}_xop,\@function,3
+.align	64
+${func}_xop:
+.cfi_startproc
+.Lxop_shortcut:
+	mov	%rsp,%rax		# copy %rsp
+.cfi_def_cfa_register	%rax
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+	shl	\$4,%rdx		# num*16
+	sub	\$`$framesz+$win64*16*($SZ==4?4:6)`,%rsp
+	lea	($inp,%rdx,$SZ),%rdx	# inp+num*16*$SZ
+	and	\$-64,%rsp		# align stack frame
+	mov	$ctx,$_ctx		# save ctx, 1st arg
+	mov	$inp,$_inp		# save inp, 2nd arh
+	mov	%rdx,$_end		# save end pointer, "3rd" arg
+	mov	%rax,$_rsp		# save copy of %rsp
+.cfi_cfa_expression	$_rsp,deref,+8
+___
+$code.=<<___ if ($win64);
+	movaps	%xmm6,16*$SZ+32(%rsp)
+	movaps	%xmm7,16*$SZ+48(%rsp)
+	movaps	%xmm8,16*$SZ+64(%rsp)
+	movaps	%xmm9,16*$SZ+80(%rsp)
+___
+$code.=<<___ if ($win64 && $SZ>4);
+	movaps	%xmm10,16*$SZ+96(%rsp)
+	movaps	%xmm11,16*$SZ+112(%rsp)
+___
+$code.=<<___;
+.Lprologue_xop:
+
+	vzeroupper
+	mov	$SZ*0($ctx),$A
+	mov	$SZ*1($ctx),$B
+	mov	$SZ*2($ctx),$C
+	mov	$SZ*3($ctx),$D
+	mov	$SZ*4($ctx),$E
+	mov	$SZ*5($ctx),$F
+	mov	$SZ*6($ctx),$G
+	mov	$SZ*7($ctx),$H
+	jmp	.Lloop_xop
+___
+					if ($SZ==4) {	# SHA256
+    my @X = map("%xmm$_",(0..3));
+    my ($t0,$t1,$t2,$t3) = map("%xmm$_",(4..7));
+
+$code.=<<___;
+.align	16
+.Lloop_xop:
+	vmovdqa	$TABLE+`$SZ*2*$rounds`(%rip),$t3
+	vmovdqu	0x00($inp),@X[0]
+	vmovdqu	0x10($inp),@X[1]
+	vmovdqu	0x20($inp),@X[2]
+	vmovdqu	0x30($inp),@X[3]
+	vpshufb	$t3,@X[0],@X[0]
+	lea	$TABLE(%rip),$Tbl
+	vpshufb	$t3,@X[1],@X[1]
+	vpshufb	$t3,@X[2],@X[2]
+	vpaddd	0x00($Tbl),@X[0],$t0
+	vpshufb	$t3,@X[3],@X[3]
+	vpaddd	0x20($Tbl),@X[1],$t1
+	vpaddd	0x40($Tbl),@X[2],$t2
+	vpaddd	0x60($Tbl),@X[3],$t3
+	vmovdqa	$t0,0x00(%rsp)
+	mov	$A,$a1
+	vmovdqa	$t1,0x10(%rsp)
+	mov	$B,$a3
+	vmovdqa	$t2,0x20(%rsp)
+	xor	$C,$a3			# magic
+	vmovdqa	$t3,0x30(%rsp)
+	mov	$E,$a0
+	jmp	.Lxop_00_47
+
+.align	16
+.Lxop_00_47:
+	sub	\$`-16*2*$SZ`,$Tbl	# size optimization
+___
+sub XOP_256_00_47 () {
+my $j = shift;
+my $body = shift;
+my @X = @_;
+my @insns = (&$body,&$body,&$body,&$body);	# 104 instructions
+
+	&vpalignr	($t0,@X[1],@X[0],$SZ);	# X[1..4]
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vpalignr	($t3,@X[3],@X[2],$SZ);	# X[9..12]
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vprotd		($t1,$t0,8*$SZ-$sigma0[1]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vpsrld		($t0,$t0,$sigma0[2]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vpaddd	(@X[0],@X[0],$t3);	# X[0..3] += X[9..12]
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vprotd		($t2,$t1,$sigma0[1]-$sigma0[0]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vpxor		($t0,$t0,$t1);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vprotd	($t3,@X[3],8*$SZ-$sigma1[1]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vpxor		($t0,$t0,$t2);		# sigma0(X[1..4])
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vpsrld	($t2,@X[3],$sigma1[2]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vpaddd		(@X[0],@X[0],$t0);	# X[0..3] += sigma0(X[1..4])
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vprotd	($t1,$t3,$sigma1[1]-$sigma1[0]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vpxor		($t3,$t3,$t2);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vpxor		($t3,$t3,$t1);		# sigma1(X[14..15])
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vpsrldq	($t3,$t3,8);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vpaddd		(@X[0],@X[0],$t3);	# X[0..1] += sigma1(X[14..15])
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vprotd	($t3,@X[0],8*$SZ-$sigma1[1]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vpsrld	($t2,@X[0],$sigma1[2]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vprotd	($t1,$t3,$sigma1[1]-$sigma1[0]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vpxor		($t3,$t3,$t2);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vpxor		($t3,$t3,$t1);		# sigma1(X[16..17])
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vpslldq	($t3,$t3,8);		# 22 instructions
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vpaddd		(@X[0],@X[0],$t3);	# X[2..3] += sigma1(X[16..17])
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vpaddd		($t2,@X[0],16*2*$j."($Tbl)");
+	  foreach (@insns) { eval; }		# remaining instructions
+	&vmovdqa	(16*$j."(%rsp)",$t2);
+}
+
+    for ($i=0,$j=0; $j<4; $j++) {
+	&XOP_256_00_47($j,\&body_00_15,@X);
+	push(@X,shift(@X));			# rotate(@X)
+    }
+	&cmpb	($SZ-1+16*2*$SZ."($Tbl)",0);
+	&jne	(".Lxop_00_47");
+
+    for ($i=0; $i<16; ) {
+	foreach(body_00_15()) { eval; }
+    }
+
+					} else {	# SHA512
+    my @X = map("%xmm$_",(0..7));
+    my ($t0,$t1,$t2,$t3) = map("%xmm$_",(8..11));
+
+$code.=<<___;
+.align	16
+.Lloop_xop:
+	vmovdqa	$TABLE+`$SZ*2*$rounds`(%rip),$t3
+	vmovdqu	0x00($inp),@X[0]
+	lea	$TABLE+0x80(%rip),$Tbl	# size optimization
+	vmovdqu	0x10($inp),@X[1]
+	vmovdqu	0x20($inp),@X[2]
+	vpshufb	$t3,@X[0],@X[0]
+	vmovdqu	0x30($inp),@X[3]
+	vpshufb	$t3,@X[1],@X[1]
+	vmovdqu	0x40($inp),@X[4]
+	vpshufb	$t3,@X[2],@X[2]
+	vmovdqu	0x50($inp),@X[5]
+	vpshufb	$t3,@X[3],@X[3]
+	vmovdqu	0x60($inp),@X[6]
+	vpshufb	$t3,@X[4],@X[4]
+	vmovdqu	0x70($inp),@X[7]
+	vpshufb	$t3,@X[5],@X[5]
+	vpaddq	-0x80($Tbl),@X[0],$t0
+	vpshufb	$t3,@X[6],@X[6]
+	vpaddq	-0x60($Tbl),@X[1],$t1
+	vpshufb	$t3,@X[7],@X[7]
+	vpaddq	-0x40($Tbl),@X[2],$t2
+	vpaddq	-0x20($Tbl),@X[3],$t3
+	vmovdqa	$t0,0x00(%rsp)
+	vpaddq	0x00($Tbl),@X[4],$t0
+	vmovdqa	$t1,0x10(%rsp)
+	vpaddq	0x20($Tbl),@X[5],$t1
+	vmovdqa	$t2,0x20(%rsp)
+	vpaddq	0x40($Tbl),@X[6],$t2
+	vmovdqa	$t3,0x30(%rsp)
+	vpaddq	0x60($Tbl),@X[7],$t3
+	vmovdqa	$t0,0x40(%rsp)
+	mov	$A,$a1
+	vmovdqa	$t1,0x50(%rsp)
+	mov	$B,$a3
+	vmovdqa	$t2,0x60(%rsp)
+	xor	$C,$a3			# magic
+	vmovdqa	$t3,0x70(%rsp)
+	mov	$E,$a0
+	jmp	.Lxop_00_47
+
+.align	16
+.Lxop_00_47:
+	add	\$`16*2*$SZ`,$Tbl
+___
+sub XOP_512_00_47 () {
+my $j = shift;
+my $body = shift;
+my @X = @_;
+my @insns = (&$body,&$body);			# 52 instructions
+
+	&vpalignr	($t0,@X[1],@X[0],$SZ);	# X[1..2]
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vpalignr	($t3,@X[5],@X[4],$SZ);	# X[9..10]
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vprotq		($t1,$t0,8*$SZ-$sigma0[1]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vpsrlq		($t0,$t0,$sigma0[2]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vpaddq	(@X[0],@X[0],$t3);	# X[0..1] += X[9..10]
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vprotq		($t2,$t1,$sigma0[1]-$sigma0[0]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vpxor		($t0,$t0,$t1);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vprotq	($t3,@X[7],8*$SZ-$sigma1[1]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vpxor		($t0,$t0,$t2);		# sigma0(X[1..2])
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vpsrlq	($t2,@X[7],$sigma1[2]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vpaddq		(@X[0],@X[0],$t0);	# X[0..1] += sigma0(X[1..2])
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vprotq	($t1,$t3,$sigma1[1]-$sigma1[0]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vpxor		($t3,$t3,$t2);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vpxor		($t3,$t3,$t1);		# sigma1(X[14..15])
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vpaddq		(@X[0],@X[0],$t3);	# X[0..1] += sigma1(X[14..15])
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vpaddq		($t2,@X[0],16*2*$j-0x80."($Tbl)");
+	  foreach (@insns) { eval; }		# remaining instructions
+	&vmovdqa	(16*$j."(%rsp)",$t2);
+}
+
+    for ($i=0,$j=0; $j<8; $j++) {
+	&XOP_512_00_47($j,\&body_00_15,@X);
+	push(@X,shift(@X));			# rotate(@X)
+    }
+	&cmpb	($SZ-1+16*2*$SZ-0x80."($Tbl)",0);
+	&jne	(".Lxop_00_47");
+
+    for ($i=0; $i<16; ) {
+	foreach(body_00_15()) { eval; }
+    }
+}
+$code.=<<___;
+	mov	$_ctx,$ctx
+	mov	$a1,$A
+
+	add	$SZ*0($ctx),$A
+	lea	16*$SZ($inp),$inp
+	add	$SZ*1($ctx),$B
+	add	$SZ*2($ctx),$C
+	add	$SZ*3($ctx),$D
+	add	$SZ*4($ctx),$E
+	add	$SZ*5($ctx),$F
+	add	$SZ*6($ctx),$G
+	add	$SZ*7($ctx),$H
+
+	cmp	$_end,$inp
+
+	mov	$A,$SZ*0($ctx)
+	mov	$B,$SZ*1($ctx)
+	mov	$C,$SZ*2($ctx)
+	mov	$D,$SZ*3($ctx)
+	mov	$E,$SZ*4($ctx)
+	mov	$F,$SZ*5($ctx)
+	mov	$G,$SZ*6($ctx)
+	mov	$H,$SZ*7($ctx)
+	jb	.Lloop_xop
+
+	mov	$_rsp,%rsi
+.cfi_def_cfa	%rsi,8
+	vzeroupper
+___
+$code.=<<___ if ($win64);
+	movaps	16*$SZ+32(%rsp),%xmm6
+	movaps	16*$SZ+48(%rsp),%xmm7
+	movaps	16*$SZ+64(%rsp),%xmm8
+	movaps	16*$SZ+80(%rsp),%xmm9
+___
+$code.=<<___ if ($win64 && $SZ>4);
+	movaps	16*$SZ+96(%rsp),%xmm10
+	movaps	16*$SZ+112(%rsp),%xmm11
+___
+$code.=<<___;
+	mov	-48(%rsi),%r15
+.cfi_restore	%r15
+	mov	-40(%rsi),%r14
+.cfi_restore	%r14
+	mov	-32(%rsi),%r13
+.cfi_restore	%r13
+	mov	-24(%rsi),%r12
+.cfi_restore	%r12
+	mov	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lepilogue_xop:
+	ret
+.cfi_endproc
+.size	${func}_xop,.-${func}_xop
+___
+}
+######################################################################
+# AVX+shrd code path
+#
+local *ror = sub { &shrd(@_[0],@_) };
+
+$code.=<<___;
+.type	${func}_avx,\@function,3
+.align	64
+${func}_avx:
+.cfi_startproc
+.Lavx_shortcut:
+	mov	%rsp,%rax		# copy %rsp
+.cfi_def_cfa_register	%rax
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+	shl	\$4,%rdx		# num*16
+	sub	\$`$framesz+$win64*16*($SZ==4?4:6)`,%rsp
+	lea	($inp,%rdx,$SZ),%rdx	# inp+num*16*$SZ
+	and	\$-64,%rsp		# align stack frame
+	mov	$ctx,$_ctx		# save ctx, 1st arg
+	mov	$inp,$_inp		# save inp, 2nd arh
+	mov	%rdx,$_end		# save end pointer, "3rd" arg
+	mov	%rax,$_rsp		# save copy of %rsp
+.cfi_cfa_expression	$_rsp,deref,+8
+___
+$code.=<<___ if ($win64);
+	movaps	%xmm6,16*$SZ+32(%rsp)
+	movaps	%xmm7,16*$SZ+48(%rsp)
+	movaps	%xmm8,16*$SZ+64(%rsp)
+	movaps	%xmm9,16*$SZ+80(%rsp)
+___
+$code.=<<___ if ($win64 && $SZ>4);
+	movaps	%xmm10,16*$SZ+96(%rsp)
+	movaps	%xmm11,16*$SZ+112(%rsp)
+___
+$code.=<<___;
+.Lprologue_avx:
+
+	vzeroupper
+	mov	$SZ*0($ctx),$A
+	mov	$SZ*1($ctx),$B
+	mov	$SZ*2($ctx),$C
+	mov	$SZ*3($ctx),$D
+	mov	$SZ*4($ctx),$E
+	mov	$SZ*5($ctx),$F
+	mov	$SZ*6($ctx),$G
+	mov	$SZ*7($ctx),$H
+___
+					if ($SZ==4) {	# SHA256
+    my @X = map("%xmm$_",(0..3));
+    my ($t0,$t1,$t2,$t3, $t4,$t5) = map("%xmm$_",(4..9));
+
+$code.=<<___;
+	vmovdqa	$TABLE+`$SZ*2*$rounds`+32(%rip),$t4
+	vmovdqa	$TABLE+`$SZ*2*$rounds`+64(%rip),$t5
+	jmp	.Lloop_avx
+.align	16
+.Lloop_avx:
+	vmovdqa	$TABLE+`$SZ*2*$rounds`(%rip),$t3
+	vmovdqu	0x00($inp),@X[0]
+	vmovdqu	0x10($inp),@X[1]
+	vmovdqu	0x20($inp),@X[2]
+	vmovdqu	0x30($inp),@X[3]
+	vpshufb	$t3,@X[0],@X[0]
+	lea	$TABLE(%rip),$Tbl
+	vpshufb	$t3,@X[1],@X[1]
+	vpshufb	$t3,@X[2],@X[2]
+	vpaddd	0x00($Tbl),@X[0],$t0
+	vpshufb	$t3,@X[3],@X[3]
+	vpaddd	0x20($Tbl),@X[1],$t1
+	vpaddd	0x40($Tbl),@X[2],$t2
+	vpaddd	0x60($Tbl),@X[3],$t3
+	vmovdqa	$t0,0x00(%rsp)
+	mov	$A,$a1
+	vmovdqa	$t1,0x10(%rsp)
+	mov	$B,$a3
+	vmovdqa	$t2,0x20(%rsp)
+	xor	$C,$a3			# magic
+	vmovdqa	$t3,0x30(%rsp)
+	mov	$E,$a0
+	jmp	.Lavx_00_47
+
+.align	16
+.Lavx_00_47:
+	sub	\$`-16*2*$SZ`,$Tbl	# size optimization
+___
+sub Xupdate_256_AVX () {
+	(
+	'&vpalignr	($t0,@X[1],@X[0],$SZ)',	# X[1..4]
+	 '&vpalignr	($t3,@X[3],@X[2],$SZ)',	# X[9..12]
+	'&vpsrld	($t2,$t0,$sigma0[0]);',
+	 '&vpaddd	(@X[0],@X[0],$t3)',	# X[0..3] += X[9..12]
+	'&vpsrld	($t3,$t0,$sigma0[2])',
+	'&vpslld	($t1,$t0,8*$SZ-$sigma0[1]);',
+	'&vpxor		($t0,$t3,$t2)',
+	 '&vpshufd	($t3,@X[3],0b11111010)',# X[14..15]
+	'&vpsrld	($t2,$t2,$sigma0[1]-$sigma0[0]);',
+	'&vpxor		($t0,$t0,$t1)',
+	'&vpslld	($t1,$t1,$sigma0[1]-$sigma0[0]);',
+	'&vpxor		($t0,$t0,$t2)',
+	 '&vpsrld	($t2,$t3,$sigma1[2]);',
+	'&vpxor		($t0,$t0,$t1)',		# sigma0(X[1..4])
+	 '&vpsrlq	($t3,$t3,$sigma1[0]);',
+	'&vpaddd	(@X[0],@X[0],$t0)',	# X[0..3] += sigma0(X[1..4])
+	 '&vpxor	($t2,$t2,$t3);',
+	 '&vpsrlq	($t3,$t3,$sigma1[1]-$sigma1[0])',
+	 '&vpxor	($t2,$t2,$t3)',
+	 '&vpshufb	($t2,$t2,$t4)',		# sigma1(X[14..15])
+	'&vpaddd	(@X[0],@X[0],$t2)',	# X[0..1] += sigma1(X[14..15])
+	 '&vpshufd	($t3,@X[0],0b01010000)',# X[16..17]
+	 '&vpsrld	($t2,$t3,$sigma1[2])',
+	 '&vpsrlq	($t3,$t3,$sigma1[0])',
+	 '&vpxor	($t2,$t2,$t3);',
+	 '&vpsrlq	($t3,$t3,$sigma1[1]-$sigma1[0])',
+	 '&vpxor	($t2,$t2,$t3)',
+	 '&vpshufb	($t2,$t2,$t5)',
+	'&vpaddd	(@X[0],@X[0],$t2)'	# X[2..3] += sigma1(X[16..17])
+	);
+}
+
+sub AVX_256_00_47 () {
+my $j = shift;
+my $body = shift;
+my @X = @_;
+my @insns = (&$body,&$body,&$body,&$body);	# 104 instructions
+
+	foreach (Xupdate_256_AVX()) {		# 29 instructions
+	    eval;
+	    eval(shift(@insns));
+	    eval(shift(@insns));
+	    eval(shift(@insns));
+	}
+	&vpaddd		($t2,@X[0],16*2*$j."($Tbl)");
+	  foreach (@insns) { eval; }		# remaining instructions
+	&vmovdqa	(16*$j."(%rsp)",$t2);
+}
+
+    for ($i=0,$j=0; $j<4; $j++) {
+	&AVX_256_00_47($j,\&body_00_15,@X);
+	push(@X,shift(@X));			# rotate(@X)
+    }
+	&cmpb	($SZ-1+16*2*$SZ."($Tbl)",0);
+	&jne	(".Lavx_00_47");
+
+    for ($i=0; $i<16; ) {
+	foreach(body_00_15()) { eval; }
+    }
+
+					} else {	# SHA512
+    my @X = map("%xmm$_",(0..7));
+    my ($t0,$t1,$t2,$t3) = map("%xmm$_",(8..11));
+
+$code.=<<___;
+	jmp	.Lloop_avx
+.align	16
+.Lloop_avx:
+	vmovdqa	$TABLE+`$SZ*2*$rounds`(%rip),$t3
+	vmovdqu	0x00($inp),@X[0]
+	lea	$TABLE+0x80(%rip),$Tbl	# size optimization
+	vmovdqu	0x10($inp),@X[1]
+	vmovdqu	0x20($inp),@X[2]
+	vpshufb	$t3,@X[0],@X[0]
+	vmovdqu	0x30($inp),@X[3]
+	vpshufb	$t3,@X[1],@X[1]
+	vmovdqu	0x40($inp),@X[4]
+	vpshufb	$t3,@X[2],@X[2]
+	vmovdqu	0x50($inp),@X[5]
+	vpshufb	$t3,@X[3],@X[3]
+	vmovdqu	0x60($inp),@X[6]
+	vpshufb	$t3,@X[4],@X[4]
+	vmovdqu	0x70($inp),@X[7]
+	vpshufb	$t3,@X[5],@X[5]
+	vpaddq	-0x80($Tbl),@X[0],$t0
+	vpshufb	$t3,@X[6],@X[6]
+	vpaddq	-0x60($Tbl),@X[1],$t1
+	vpshufb	$t3,@X[7],@X[7]
+	vpaddq	-0x40($Tbl),@X[2],$t2
+	vpaddq	-0x20($Tbl),@X[3],$t3
+	vmovdqa	$t0,0x00(%rsp)
+	vpaddq	0x00($Tbl),@X[4],$t0
+	vmovdqa	$t1,0x10(%rsp)
+	vpaddq	0x20($Tbl),@X[5],$t1
+	vmovdqa	$t2,0x20(%rsp)
+	vpaddq	0x40($Tbl),@X[6],$t2
+	vmovdqa	$t3,0x30(%rsp)
+	vpaddq	0x60($Tbl),@X[7],$t3
+	vmovdqa	$t0,0x40(%rsp)
+	mov	$A,$a1
+	vmovdqa	$t1,0x50(%rsp)
+	mov	$B,$a3
+	vmovdqa	$t2,0x60(%rsp)
+	xor	$C,$a3			# magic
+	vmovdqa	$t3,0x70(%rsp)
+	mov	$E,$a0
+	jmp	.Lavx_00_47
+
+.align	16
+.Lavx_00_47:
+	add	\$`16*2*$SZ`,$Tbl
+___
+sub Xupdate_512_AVX () {
+	(
+	'&vpalignr	($t0,@X[1],@X[0],$SZ)',	# X[1..2]
+	 '&vpalignr	($t3,@X[5],@X[4],$SZ)',	# X[9..10]
+	'&vpsrlq	($t2,$t0,$sigma0[0])',
+	 '&vpaddq	(@X[0],@X[0],$t3);',	# X[0..1] += X[9..10]
+	'&vpsrlq	($t3,$t0,$sigma0[2])',
+	'&vpsllq	($t1,$t0,8*$SZ-$sigma0[1]);',
+	 '&vpxor	($t0,$t3,$t2)',
+	'&vpsrlq	($t2,$t2,$sigma0[1]-$sigma0[0]);',
+	 '&vpxor	($t0,$t0,$t1)',
+	'&vpsllq	($t1,$t1,$sigma0[1]-$sigma0[0]);',
+	 '&vpxor	($t0,$t0,$t2)',
+	 '&vpsrlq	($t3,@X[7],$sigma1[2]);',
+	'&vpxor		($t0,$t0,$t1)',		# sigma0(X[1..2])
+	 '&vpsllq	($t2,@X[7],8*$SZ-$sigma1[1]);',
+	'&vpaddq	(@X[0],@X[0],$t0)',	# X[0..1] += sigma0(X[1..2])
+	 '&vpsrlq	($t1,@X[7],$sigma1[0]);',
+	 '&vpxor	($t3,$t3,$t2)',
+	 '&vpsllq	($t2,$t2,$sigma1[1]-$sigma1[0]);',
+	 '&vpxor	($t3,$t3,$t1)',
+	 '&vpsrlq	($t1,$t1,$sigma1[1]-$sigma1[0]);',
+	 '&vpxor	($t3,$t3,$t2)',
+	 '&vpxor	($t3,$t3,$t1)',		# sigma1(X[14..15])
+	'&vpaddq	(@X[0],@X[0],$t3)',	# X[0..1] += sigma1(X[14..15])
+	);
+}
+
+sub AVX_512_00_47 () {
+my $j = shift;
+my $body = shift;
+my @X = @_;
+my @insns = (&$body,&$body);			# 52 instructions
+
+	foreach (Xupdate_512_AVX()) {		# 23 instructions
+	    eval;
+	    eval(shift(@insns));
+	    eval(shift(@insns));
+	}
+	&vpaddq		($t2,@X[0],16*2*$j-0x80."($Tbl)");
+	  foreach (@insns) { eval; }		# remaining instructions
+	&vmovdqa	(16*$j."(%rsp)",$t2);
+}
+
+    for ($i=0,$j=0; $j<8; $j++) {
+	&AVX_512_00_47($j,\&body_00_15,@X);
+	push(@X,shift(@X));			# rotate(@X)
+    }
+	&cmpb	($SZ-1+16*2*$SZ-0x80."($Tbl)",0);
+	&jne	(".Lavx_00_47");
+
+    for ($i=0; $i<16; ) {
+	foreach(body_00_15()) { eval; }
+    }
+}
+$code.=<<___;
+	mov	$_ctx,$ctx
+	mov	$a1,$A
+
+	add	$SZ*0($ctx),$A
+	lea	16*$SZ($inp),$inp
+	add	$SZ*1($ctx),$B
+	add	$SZ*2($ctx),$C
+	add	$SZ*3($ctx),$D
+	add	$SZ*4($ctx),$E
+	add	$SZ*5($ctx),$F
+	add	$SZ*6($ctx),$G
+	add	$SZ*7($ctx),$H
+
+	cmp	$_end,$inp
+
+	mov	$A,$SZ*0($ctx)
+	mov	$B,$SZ*1($ctx)
+	mov	$C,$SZ*2($ctx)
+	mov	$D,$SZ*3($ctx)
+	mov	$E,$SZ*4($ctx)
+	mov	$F,$SZ*5($ctx)
+	mov	$G,$SZ*6($ctx)
+	mov	$H,$SZ*7($ctx)
+	jb	.Lloop_avx
+
+	mov	$_rsp,%rsi
+.cfi_def_cfa	%rsi,8
+	vzeroupper
+___
+$code.=<<___ if ($win64);
+	movaps	16*$SZ+32(%rsp),%xmm6
+	movaps	16*$SZ+48(%rsp),%xmm7
+	movaps	16*$SZ+64(%rsp),%xmm8
+	movaps	16*$SZ+80(%rsp),%xmm9
+___
+$code.=<<___ if ($win64 && $SZ>4);
+	movaps	16*$SZ+96(%rsp),%xmm10
+	movaps	16*$SZ+112(%rsp),%xmm11
+___
+$code.=<<___;
+	mov	-48(%rsi),%r15
+.cfi_restore	%r15
+	mov	-40(%rsi),%r14
+.cfi_restore	%r14
+	mov	-32(%rsi),%r13
+.cfi_restore	%r13
+	mov	-24(%rsi),%r12
+.cfi_restore	%r12
+	mov	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lepilogue_avx:
+	ret
+.cfi_endproc
+.size	${func}_avx,.-${func}_avx
+___
+
+if ($avx>1) {{
+######################################################################
+# AVX2+BMI code path
+#
+my $a5=$SZ==4?"%esi":"%rsi";	# zap $inp
+my $PUSH8=8*2*$SZ;
+use integer;
+
+sub bodyx_00_15 () {
+	# at start $a1 should be zero, $a3 - $b^$c and $a4 copy of $f
+	(
+	'($a,$b,$c,$d,$e,$f,$g,$h)=@ROT;'.
+
+	'&add	($h,(32*($i/(16/$SZ))+$SZ*($i%(16/$SZ)))%$PUSH8.$base)',    # h+=X[i]+K[i]
+	'&and	($a4,$e)',		# f&e
+	'&rorx	($a0,$e,$Sigma1[2])',
+	'&rorx	($a2,$e,$Sigma1[1])',
+
+	'&lea	($a,"($a,$a1)")',	# h+=Sigma0(a) from the past
+	'&lea	($h,"($h,$a4)")',
+	'&andn	($a4,$e,$g)',		# ~e&g
+	'&xor	($a0,$a2)',
+
+	'&rorx	($a1,$e,$Sigma1[0])',
+	'&lea	($h,"($h,$a4)")',	# h+=Ch(e,f,g)=(e&f)+(~e&g)
+	'&xor	($a0,$a1)',		# Sigma1(e)
+	'&mov	($a2,$a)',
+
+	'&rorx	($a4,$a,$Sigma0[2])',
+	'&lea	($h,"($h,$a0)")',	# h+=Sigma1(e)
+	'&xor	($a2,$b)',		# a^b, b^c in next round
+	'&rorx	($a1,$a,$Sigma0[1])',
+
+	'&rorx	($a0,$a,$Sigma0[0])',
+	'&lea	($d,"($d,$h)")',	# d+=h
+	'&and	($a3,$a2)',		# (b^c)&(a^b)
+	'&xor	($a1,$a4)',
+
+	'&xor	($a3,$b)',		# Maj(a,b,c)=Ch(a^b,c,b)
+	'&xor	($a1,$a0)',		# Sigma0(a)
+	'&lea	($h,"($h,$a3)");'.	# h+=Maj(a,b,c)
+	'&mov	($a4,$e)',		# copy of f in future
+
+	'($a2,$a3) = ($a3,$a2); unshift(@ROT,pop(@ROT)); $i++;'
+	);
+	# and at the finish one has to $a+=$a1
+}
+
+$code.=<<___;
+.type	${func}_avx2,\@function,3
+.align	64
+${func}_avx2:
+.cfi_startproc
+.Lavx2_shortcut:
+	mov	%rsp,%rax		# copy %rsp
+.cfi_def_cfa_register	%rax
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+	sub	\$`2*$SZ*$rounds+4*8+$win64*16*($SZ==4?4:6)`,%rsp
+	shl	\$4,%rdx		# num*16
+	and	\$-256*$SZ,%rsp		# align stack frame
+	lea	($inp,%rdx,$SZ),%rdx	# inp+num*16*$SZ
+	add	\$`2*$SZ*($rounds-8)`,%rsp
+	mov	$ctx,$_ctx		# save ctx, 1st arg
+	mov	$inp,$_inp		# save inp, 2nd arh
+	mov	%rdx,$_end		# save end pointer, "3rd" arg
+	mov	%rax,$_rsp		# save copy of %rsp
+.cfi_cfa_expression	$_rsp,deref,+8
+___
+$code.=<<___ if ($win64);
+	movaps	%xmm6,16*$SZ+32(%rsp)
+	movaps	%xmm7,16*$SZ+48(%rsp)
+	movaps	%xmm8,16*$SZ+64(%rsp)
+	movaps	%xmm9,16*$SZ+80(%rsp)
+___
+$code.=<<___ if ($win64 && $SZ>4);
+	movaps	%xmm10,16*$SZ+96(%rsp)
+	movaps	%xmm11,16*$SZ+112(%rsp)
+___
+$code.=<<___;
+.Lprologue_avx2:
+
+	vzeroupper
+	sub	\$-16*$SZ,$inp		# inp++, size optimization
+	mov	$SZ*0($ctx),$A
+	mov	$inp,%r12		# borrow $T1
+	mov	$SZ*1($ctx),$B
+	cmp	%rdx,$inp		# $_end
+	mov	$SZ*2($ctx),$C
+	cmove	%rsp,%r12		# next block or random data
+	mov	$SZ*3($ctx),$D
+	mov	$SZ*4($ctx),$E
+	mov	$SZ*5($ctx),$F
+	mov	$SZ*6($ctx),$G
+	mov	$SZ*7($ctx),$H
+___
+					if ($SZ==4) {	# SHA256
+    my @X = map("%ymm$_",(0..3));
+    my ($t0,$t1,$t2,$t3, $t4,$t5) = map("%ymm$_",(4..9));
+
+$code.=<<___;
+	vmovdqa	$TABLE+`$SZ*2*$rounds`+32(%rip),$t4
+	vmovdqa	$TABLE+`$SZ*2*$rounds`+64(%rip),$t5
+	jmp	.Loop_avx2
+.align	16
+.Loop_avx2:
+	vmovdqa	$TABLE+`$SZ*2*$rounds`(%rip),$t3
+	vmovdqu	-16*$SZ+0($inp),%xmm0
+	vmovdqu	-16*$SZ+16($inp),%xmm1
+	vmovdqu	-16*$SZ+32($inp),%xmm2
+	vmovdqu	-16*$SZ+48($inp),%xmm3
+	#mov		$inp,$_inp	# offload $inp
+	vinserti128	\$1,(%r12),@X[0],@X[0]
+	vinserti128	\$1,16(%r12),@X[1],@X[1]
+	vpshufb		$t3,@X[0],@X[0]
+	vinserti128	\$1,32(%r12),@X[2],@X[2]
+	vpshufb		$t3,@X[1],@X[1]
+	vinserti128	\$1,48(%r12),@X[3],@X[3]
+
+	lea	$TABLE(%rip),$Tbl
+	vpshufb	$t3,@X[2],@X[2]
+	vpaddd	0x00($Tbl),@X[0],$t0
+	vpshufb	$t3,@X[3],@X[3]
+	vpaddd	0x20($Tbl),@X[1],$t1
+	vpaddd	0x40($Tbl),@X[2],$t2
+	vpaddd	0x60($Tbl),@X[3],$t3
+	vmovdqa	$t0,0x00(%rsp)
+	xor	$a1,$a1
+	vmovdqa	$t1,0x20(%rsp)
+	lea	-$PUSH8(%rsp),%rsp
+	mov	$B,$a3
+	vmovdqa	$t2,0x00(%rsp)
+	xor	$C,$a3			# magic
+	vmovdqa	$t3,0x20(%rsp)
+	mov	$F,$a4
+	sub	\$-16*2*$SZ,$Tbl	# size optimization
+	jmp	.Lavx2_00_47
+
+.align	16
+.Lavx2_00_47:
+___
+
+sub AVX2_256_00_47 () {
+my $j = shift;
+my $body = shift;
+my @X = @_;
+my @insns = (&$body,&$body,&$body,&$body);	# 96 instructions
+my $base = "+2*$PUSH8(%rsp)";
+
+	&lea	("%rsp","-$PUSH8(%rsp)")	if (($j%2)==0);
+	foreach (Xupdate_256_AVX()) {		# 29 instructions
+	    eval;
+	    eval(shift(@insns));
+	    eval(shift(@insns));
+	    eval(shift(@insns));
+	}
+	&vpaddd		($t2,@X[0],16*2*$j."($Tbl)");
+	  foreach (@insns) { eval; }		# remaining instructions
+	&vmovdqa	((32*$j)%$PUSH8."(%rsp)",$t2);
+}
+
+    for ($i=0,$j=0; $j<4; $j++) {
+	&AVX2_256_00_47($j,\&bodyx_00_15,@X);
+	push(@X,shift(@X));			# rotate(@X)
+    }
+	&lea	($Tbl,16*2*$SZ."($Tbl)");
+	&cmpb	(($SZ-1)."($Tbl)",0);
+	&jne	(".Lavx2_00_47");
+
+    for ($i=0; $i<16; ) {
+	my $base=$i<8?"+$PUSH8(%rsp)":"(%rsp)";
+	foreach(bodyx_00_15()) { eval; }
+    }
+					} else {	# SHA512
+    my @X = map("%ymm$_",(0..7));
+    my ($t0,$t1,$t2,$t3) = map("%ymm$_",(8..11));
+
+$code.=<<___;
+	jmp	.Loop_avx2
+.align	16
+.Loop_avx2:
+	vmovdqu	-16*$SZ($inp),%xmm0
+	vmovdqu	-16*$SZ+16($inp),%xmm1
+	vmovdqu	-16*$SZ+32($inp),%xmm2
+	lea	$TABLE+0x80(%rip),$Tbl	# size optimization
+	vmovdqu	-16*$SZ+48($inp),%xmm3
+	vmovdqu	-16*$SZ+64($inp),%xmm4
+	vmovdqu	-16*$SZ+80($inp),%xmm5
+	vmovdqu	-16*$SZ+96($inp),%xmm6
+	vmovdqu	-16*$SZ+112($inp),%xmm7
+	#mov	$inp,$_inp	# offload $inp
+	vmovdqa	`$SZ*2*$rounds-0x80`($Tbl),$t2
+	vinserti128	\$1,(%r12),@X[0],@X[0]
+	vinserti128	\$1,16(%r12),@X[1],@X[1]
+	 vpshufb	$t2,@X[0],@X[0]
+	vinserti128	\$1,32(%r12),@X[2],@X[2]
+	 vpshufb	$t2,@X[1],@X[1]
+	vinserti128	\$1,48(%r12),@X[3],@X[3]
+	 vpshufb	$t2,@X[2],@X[2]
+	vinserti128	\$1,64(%r12),@X[4],@X[4]
+	 vpshufb	$t2,@X[3],@X[3]
+	vinserti128	\$1,80(%r12),@X[5],@X[5]
+	 vpshufb	$t2,@X[4],@X[4]
+	vinserti128	\$1,96(%r12),@X[6],@X[6]
+	 vpshufb	$t2,@X[5],@X[5]
+	vinserti128	\$1,112(%r12),@X[7],@X[7]
+
+	vpaddq	-0x80($Tbl),@X[0],$t0
+	vpshufb	$t2,@X[6],@X[6]
+	vpaddq	-0x60($Tbl),@X[1],$t1
+	vpshufb	$t2,@X[7],@X[7]
+	vpaddq	-0x40($Tbl),@X[2],$t2
+	vpaddq	-0x20($Tbl),@X[3],$t3
+	vmovdqa	$t0,0x00(%rsp)
+	vpaddq	0x00($Tbl),@X[4],$t0
+	vmovdqa	$t1,0x20(%rsp)
+	vpaddq	0x20($Tbl),@X[5],$t1
+	vmovdqa	$t2,0x40(%rsp)
+	vpaddq	0x40($Tbl),@X[6],$t2
+	vmovdqa	$t3,0x60(%rsp)
+	lea	-$PUSH8(%rsp),%rsp
+	vpaddq	0x60($Tbl),@X[7],$t3
+	vmovdqa	$t0,0x00(%rsp)
+	xor	$a1,$a1
+	vmovdqa	$t1,0x20(%rsp)
+	mov	$B,$a3
+	vmovdqa	$t2,0x40(%rsp)
+	xor	$C,$a3			# magic
+	vmovdqa	$t3,0x60(%rsp)
+	mov	$F,$a4
+	add	\$16*2*$SZ,$Tbl
+	jmp	.Lavx2_00_47
+
+.align	16
+.Lavx2_00_47:
+___
+
+sub AVX2_512_00_47 () {
+my $j = shift;
+my $body = shift;
+my @X = @_;
+my @insns = (&$body,&$body);			# 48 instructions
+my $base = "+2*$PUSH8(%rsp)";
+
+	&lea	("%rsp","-$PUSH8(%rsp)")	if (($j%4)==0);
+	foreach (Xupdate_512_AVX()) {		# 23 instructions
+	    eval;
+	    if ($_ !~ /\;$/) {
+		eval(shift(@insns));
+		eval(shift(@insns));
+		eval(shift(@insns));
+	    }
+	}
+	&vpaddq		($t2,@X[0],16*2*$j-0x80."($Tbl)");
+	  foreach (@insns) { eval; }		# remaining instructions
+	&vmovdqa	((32*$j)%$PUSH8."(%rsp)",$t2);
+}
+
+    for ($i=0,$j=0; $j<8; $j++) {
+	&AVX2_512_00_47($j,\&bodyx_00_15,@X);
+	push(@X,shift(@X));			# rotate(@X)
+    }
+	&lea	($Tbl,16*2*$SZ."($Tbl)");
+	&cmpb	(($SZ-1-0x80)."($Tbl)",0);
+	&jne	(".Lavx2_00_47");
+
+    for ($i=0; $i<16; ) {
+	my $base=$i<8?"+$PUSH8(%rsp)":"(%rsp)";
+	foreach(bodyx_00_15()) { eval; }
+    }
+}
+$code.=<<___;
+	mov	`2*$SZ*$rounds`(%rsp),$ctx	# $_ctx
+	add	$a1,$A
+	#mov	`2*$SZ*$rounds+8`(%rsp),$inp	# $_inp
+	lea	`2*$SZ*($rounds-8)`(%rsp),$Tbl
+
+	add	$SZ*0($ctx),$A
+	add	$SZ*1($ctx),$B
+	add	$SZ*2($ctx),$C
+	add	$SZ*3($ctx),$D
+	add	$SZ*4($ctx),$E
+	add	$SZ*5($ctx),$F
+	add	$SZ*6($ctx),$G
+	add	$SZ*7($ctx),$H
+
+	mov	$A,$SZ*0($ctx)
+	mov	$B,$SZ*1($ctx)
+	mov	$C,$SZ*2($ctx)
+	mov	$D,$SZ*3($ctx)
+	mov	$E,$SZ*4($ctx)
+	mov	$F,$SZ*5($ctx)
+	mov	$G,$SZ*6($ctx)
+	mov	$H,$SZ*7($ctx)
+
+	cmp	`$PUSH8+2*8`($Tbl),$inp	# $_end
+	je	.Ldone_avx2
+
+	xor	$a1,$a1
+	mov	$B,$a3
+	xor	$C,$a3			# magic
+	mov	$F,$a4
+	jmp	.Lower_avx2
+.align	16
+.Lower_avx2:
+___
+    for ($i=0; $i<8; ) {
+	my $base="+16($Tbl)";
+	foreach(bodyx_00_15()) { eval; }
+    }
+$code.=<<___;
+	lea	-$PUSH8($Tbl),$Tbl
+	cmp	%rsp,$Tbl
+	jae	.Lower_avx2
+
+	mov	`2*$SZ*$rounds`(%rsp),$ctx	# $_ctx
+	add	$a1,$A
+	#mov	`2*$SZ*$rounds+8`(%rsp),$inp	# $_inp
+	lea	`2*$SZ*($rounds-8)`(%rsp),%rsp
+
+	add	$SZ*0($ctx),$A
+	add	$SZ*1($ctx),$B
+	add	$SZ*2($ctx),$C
+	add	$SZ*3($ctx),$D
+	add	$SZ*4($ctx),$E
+	add	$SZ*5($ctx),$F
+	lea	`2*16*$SZ`($inp),$inp	# inp+=2
+	add	$SZ*6($ctx),$G
+	mov	$inp,%r12
+	add	$SZ*7($ctx),$H
+	cmp	$_end,$inp
+
+	mov	$A,$SZ*0($ctx)
+	cmove	%rsp,%r12		# next block or stale data
+	mov	$B,$SZ*1($ctx)
+	mov	$C,$SZ*2($ctx)
+	mov	$D,$SZ*3($ctx)
+	mov	$E,$SZ*4($ctx)
+	mov	$F,$SZ*5($ctx)
+	mov	$G,$SZ*6($ctx)
+	mov	$H,$SZ*7($ctx)
+
+	jbe	.Loop_avx2
+	lea	(%rsp),$Tbl
+
+.Ldone_avx2:
+	lea	($Tbl),%rsp
+	mov	$_rsp,%rsi
+.cfi_def_cfa	%rsi,8
+	vzeroupper
+___
+$code.=<<___ if ($win64);
+	movaps	16*$SZ+32(%rsp),%xmm6
+	movaps	16*$SZ+48(%rsp),%xmm7
+	movaps	16*$SZ+64(%rsp),%xmm8
+	movaps	16*$SZ+80(%rsp),%xmm9
+___
+$code.=<<___ if ($win64 && $SZ>4);
+	movaps	16*$SZ+96(%rsp),%xmm10
+	movaps	16*$SZ+112(%rsp),%xmm11
+___
+$code.=<<___;
+	mov	-48(%rsi),%r15
+.cfi_restore	%r15
+	mov	-40(%rsi),%r14
+.cfi_restore	%r14
+	mov	-32(%rsi),%r13
+.cfi_restore	%r13
+	mov	-24(%rsi),%r12
+.cfi_restore	%r12
+	mov	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lepilogue_avx2:
+	ret
+.cfi_endproc
+.size	${func}_avx2,.-${func}_avx2
+___
+}}
+}}}}}
+
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern	__imp_RtlVirtualUnwind
+.type	se_handler,\@abi-omnipotent
+.align	16
+se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HanderlData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# prologue label
+	cmp	%r10,%rbx		# context->Rip<prologue label
+	jb	.Lin_prologue
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lin_prologue
+___
+$code.=<<___ if ($avx>1);
+	lea	.Lavx2_shortcut(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip<avx2_shortcut
+	jb	.Lnot_in_avx2
+
+	and	\$-256*$SZ,%rax
+	add	\$`2*$SZ*($rounds-8)`,%rax
+.Lnot_in_avx2:
+___
+$code.=<<___;
+	mov	%rax,%rsi		# put aside Rsp
+	mov	16*$SZ+3*8(%rax),%rax	# pull $_rsp
+
+	mov	-8(%rax),%rbx
+	mov	-16(%rax),%rbp
+	mov	-24(%rax),%r12
+	mov	-32(%rax),%r13
+	mov	-40(%rax),%r14
+	mov	-48(%rax),%r15
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+	mov	%r14,232($context)	# restore context->R14
+	mov	%r15,240($context)	# restore context->R15
+
+	lea	.Lepilogue(%rip),%r10
+	cmp	%r10,%rbx
+	jb	.Lin_prologue		# non-AVX code
+
+	lea	16*$SZ+4*8(%rsi),%rsi	# Xmm6- save area
+	lea	512($context),%rdi	# &context.Xmm6
+	mov	\$`$SZ==4?8:12`,%ecx
+	.long	0xa548f3fc		# cld; rep movsq
+
+.Lin_prologue:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$154,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	se_handler,.-se_handler
+___
+
+$code.=<<___ if ($SZ==4 && $shaext);
+.type	shaext_handler,\@abi-omnipotent
+.align	16
+shaext_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	lea	.Lprologue_shaext(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip<.Lprologue
+	jb	.Lin_prologue
+
+	lea	.Lepilogue_shaext(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip>=.Lepilogue
+	jae	.Lin_prologue
+
+	lea	-8-5*16(%rax),%rsi
+	lea	512($context),%rdi	# &context.Xmm6
+	mov	\$10,%ecx
+	.long	0xa548f3fc		# cld; rep movsq
+
+	jmp	.Lin_prologue
+.size	shaext_handler,.-shaext_handler
+___
+
+$code.=<<___;
+.section	.pdata
+.align	4
+	.rva	.LSEH_begin_$func
+	.rva	.LSEH_end_$func
+	.rva	.LSEH_info_$func
+___
+$code.=<<___ if ($SZ==4 && $shaext);
+	.rva	.LSEH_begin_${func}_shaext
+	.rva	.LSEH_end_${func}_shaext
+	.rva	.LSEH_info_${func}_shaext
+___
+$code.=<<___ if ($SZ==4);
+	.rva	.LSEH_begin_${func}_ssse3
+	.rva	.LSEH_end_${func}_ssse3
+	.rva	.LSEH_info_${func}_ssse3
+___
+$code.=<<___ if ($avx && $SZ==8);
+	.rva	.LSEH_begin_${func}_xop
+	.rva	.LSEH_end_${func}_xop
+	.rva	.LSEH_info_${func}_xop
+___
+$code.=<<___ if ($avx);
+	.rva	.LSEH_begin_${func}_avx
+	.rva	.LSEH_end_${func}_avx
+	.rva	.LSEH_info_${func}_avx
+___
+$code.=<<___ if ($avx>1);
+	.rva	.LSEH_begin_${func}_avx2
+	.rva	.LSEH_end_${func}_avx2
+	.rva	.LSEH_info_${func}_avx2
+___
+$code.=<<___;
+.section	.xdata
+.align	8
+.LSEH_info_$func:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lprologue,.Lepilogue			# HandlerData[]
+___
+$code.=<<___ if ($SZ==4 && $shaext);
+.LSEH_info_${func}_shaext:
+	.byte	9,0,0,0
+	.rva	shaext_handler
+___
+$code.=<<___ if ($SZ==4);
+.LSEH_info_${func}_ssse3:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lprologue_ssse3,.Lepilogue_ssse3	# HandlerData[]
+___
+$code.=<<___ if ($avx && $SZ==8);
+.LSEH_info_${func}_xop:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lprologue_xop,.Lepilogue_xop		# HandlerData[]
+___
+$code.=<<___ if ($avx);
+.LSEH_info_${func}_avx:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lprologue_avx,.Lepilogue_avx		# HandlerData[]
+___
+$code.=<<___ if ($avx>1);
+.LSEH_info_${func}_avx2:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lprologue_avx2,.Lepilogue_avx2		# HandlerData[]
+___
+}
+
+sub sha256op38 {
+    my $instr = shift;
+    my %opcodelet = (
+		"sha256rnds2" => 0xcb,
+  		"sha256msg1"  => 0xcc,
+		"sha256msg2"  => 0xcd	);
+
+    if (defined($opcodelet{$instr}) && @_[0] =~ /%xmm([0-7]),\s*%xmm([0-7])/) {
+      my @opcode=(0x0f,0x38);
+	push @opcode,$opcodelet{$instr};
+	push @opcode,0xc0|($1&7)|(($2&7)<<3);		# ModR/M
+	return ".byte\t".join(',',@opcode);
+    } else {
+	return $instr."\t".@_[0];
+    }
+}
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/geo;
+
+	s/\b(sha256[^\s]*)\s+(.*)/sha256op38($1,$2)/geo;
+
+	print $_,"\n";
+}
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512p8-ppc.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512p8-ppc.pl
new file mode 100755
index 000000000..0d4fdd292
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512p8-ppc.pl
@@ -0,0 +1,420 @@
+#! /usr/bin/env perl
+# Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# SHA256/512 for PowerISA v2.07.
+#
+# Accurate performance measurements are problematic, because it's
+# always virtualized setup with possibly throttled processor.
+# Relative comparison is therefore more informative. This module is
+# ~60% faster than integer-only sha512-ppc.pl. To anchor to something
+# else, SHA256 is 24% slower than sha1-ppc.pl and 2.5x slower than
+# hardware-assisted aes-128-cbc encrypt. SHA512 is 20% faster than
+# sha1-ppc.pl and 1.6x slower than aes-128-cbc. Another interesting
+# result is degree of computational resources' utilization. POWER8 is
+# "massively multi-threaded chip" and difference between single- and
+# maximum multi-process benchmark results tells that utilization is
+# whooping 94%. For sha512-ppc.pl we get [not unimpressive] 84% and
+# for sha1-ppc.pl - 73%. 100% means that multi-process result equals
+# to single-process one, given that all threads end up on the same
+# physical core.
+#
+######################################################################
+# Believed-to-be-accurate results in cycles per processed byte [on
+# little-endian system]. Numbers in square brackets are for 64-bit
+# build of sha512-ppc.pl, presented for reference.
+#
+#		POWER8		POWER9
+# SHA256	9.7 [15.8]	11.2 [12.5]
+# SHA512	6.1 [10.3]	7.0 [7.9]
+
+$flavour=shift;
+$output =shift;
+
+if ($flavour =~ /64/) {
+	$SIZE_T=8;
+	$LRSAVE=2*$SIZE_T;
+	$STU="stdu";
+	$POP="ld";
+	$PUSH="std";
+} elsif ($flavour =~ /32/) {
+	$SIZE_T=4;
+	$LRSAVE=$SIZE_T;
+	$STU="stwu";
+	$POP="lwz";
+	$PUSH="stw";
+} else { die "nonsense $flavour"; }
+
+$LENDIAN=($flavour=~/le/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
+die "can't locate ppc-xlate.pl";
+
+open STDOUT,"| $^X $xlate $flavour $output" || die "can't call $xlate: $!";
+
+if ($output =~ /512/) {
+	$bits=512;
+	$SZ=8;
+	$sz="d";
+	$rounds=80;
+} else {
+	$bits=256;
+	$SZ=4;
+	$sz="w";
+	$rounds=64;
+}
+
+$func="sha${bits}_block_p8";
+$LOCALS=8*$SIZE_T+8*16;
+$FRAME=$LOCALS+9*16+6*$SIZE_T;
+
+$sp ="r1";
+$toc="r2";
+$ctx="r3";
+$inp="r4";
+$num="r5";
+$Tbl="r6";
+$idx="r7";
+$lrsave="r8";
+$offload="r11";
+$vrsave="r12";
+@I = ($x00,$x10,$x20,$x30,$x40,$x50,$x60,$x70) = (0,map("r$_",(10,26..31)));
+
+@V=($A,$B,$C,$D,$E,$F,$G,$H)=map("v$_",(0..7));
+@X=map("v$_",(8..19,24..27));
+($Ki,$Func,$Sigma,$lemask)=map("v$_",(28..31));
+
+sub ROUND {
+my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_;
+my $j=($i+1)%16;
+my $k=($i+2)%8;
+
+$code.=<<___		if ($i<15 && ($i%(16/$SZ))==(16/$SZ-1));
+	lvx_u		@X[$i+1],0,$inp		; load X[i] in advance
+	addi		$inp,$inp,16
+___
+$code.=<<___		if ($i<16 && ($i%(16/$SZ)));
+	vsldoi		@X[$i],@X[$i-1],@X[$i-1],$SZ
+___
+$code.=<<___		if ($LENDIAN && $i<16 && ($i%(16/$SZ))==0);
+	vperm		@X[$i],@X[$i],@X[$i],$lemask
+___
+$code.=<<___		if ($i>=15);
+	vshasigma${sz}	$Sigma,@X[($j+1)%16],0,0
+	vaddu${sz}m	@X[$j],@X[$j],$Sigma
+	vshasigma${sz}	$Sigma,@X[($j+14)%16],0,15
+	vaddu${sz}m	@X[$j],@X[$j],$Sigma
+	vaddu${sz}m	@X[$j],@X[$j],@X[($j+9)%16]
+___
+$code.=<<___;
+	vaddu${sz}m	$h,$h,@X[$i%16]		; h+=X[i]
+	vsel		$Func,$g,$f,$e		; Ch(e,f,g)
+	vaddu${sz}m	$g,$g,$Ki		; future h+=K[i]
+	vaddu${sz}m	$h,$h,$Func		; h+=Ch(e,f,g)
+	vshasigma${sz}	$Sigma,$e,1,15		; Sigma1(e)
+	vaddu${sz}m	$h,$h,$Sigma		; h+=Sigma1(e)
+	vxor		$Func,$a,$b
+	vsel		$Func,$b,$c,$Func	; Maj(a,b,c)
+	vaddu${sz}m	$d,$d,$h		; d+=h
+	vshasigma${sz}	$Sigma,$a,1,0		; Sigma0(a)
+	vaddu${sz}m	$Sigma,$Sigma,$Func	; Sigma0(a)+Maj(a,b,c)
+	vaddu${sz}m	$h,$h,$Sigma		; h+=Sigma0(a)+Maj(a,b,c)
+	lvx		$Ki,@I[$k],$idx		; load next K[i]
+___
+$code.=<<___		if ($k == 7);
+	addi		$idx,$idx,0x80
+___
+}
+
+$code=<<___;
+.machine	"any"
+.text
+
+.globl	$func
+.align	6
+$func:
+	$STU		$sp,-$FRAME($sp)
+	mflr		$lrsave
+	li		r10,`$LOCALS+15`
+	li		r11,`$LOCALS+31`
+	stvx		v24,r10,$sp		# ABI says so
+	addi		r10,r10,32
+	mfspr		$vrsave,256
+	stvx		v25,r11,$sp
+	addi		r11,r11,32
+	stvx		v26,r10,$sp
+	addi		r10,r10,32
+	stvx		v27,r11,$sp
+	addi		r11,r11,32
+	stvx		v28,r10,$sp
+	addi		r10,r10,32
+	stvx		v29,r11,$sp
+	addi		r11,r11,32
+	stvx		v30,r10,$sp
+	stvx		v31,r11,$sp
+	li		r11,-4096+255		# 0xfffff0ff
+	stw		$vrsave,`$FRAME-6*$SIZE_T-4`($sp)	# save vrsave
+	li		$x10,0x10
+	$PUSH		r26,`$FRAME-6*$SIZE_T`($sp)
+	li		$x20,0x20
+	$PUSH		r27,`$FRAME-5*$SIZE_T`($sp)
+	li		$x30,0x30
+	$PUSH		r28,`$FRAME-4*$SIZE_T`($sp)
+	li		$x40,0x40
+	$PUSH		r29,`$FRAME-3*$SIZE_T`($sp)
+	li		$x50,0x50
+	$PUSH		r30,`$FRAME-2*$SIZE_T`($sp)
+	li		$x60,0x60
+	$PUSH		r31,`$FRAME-1*$SIZE_T`($sp)
+	li		$x70,0x70
+	$PUSH		$lrsave,`$FRAME+$LRSAVE`($sp)
+	mtspr		256,r11
+
+	bl		LPICmeup
+	addi		$offload,$sp,`8*$SIZE_T+15`
+___
+$code.=<<___		if ($LENDIAN);
+	li		$idx,8
+	lvsl		$lemask,0,$idx
+	vspltisb	$Ki,0x0f
+	vxor		$lemask,$lemask,$Ki
+___
+$code.=<<___		if ($SZ==4);
+	lvx_4w		$A,$x00,$ctx
+	lvx_4w		$E,$x10,$ctx
+	vsldoi		$B,$A,$A,4		# unpack
+	vsldoi		$C,$A,$A,8
+	vsldoi		$D,$A,$A,12
+	vsldoi		$F,$E,$E,4
+	vsldoi		$G,$E,$E,8
+	vsldoi		$H,$E,$E,12
+___
+$code.=<<___		if ($SZ==8);
+	lvx_u		$A,$x00,$ctx
+	lvx_u		$C,$x10,$ctx
+	lvx_u		$E,$x20,$ctx
+	vsldoi		$B,$A,$A,8		# unpack
+	lvx_u		$G,$x30,$ctx
+	vsldoi		$D,$C,$C,8
+	vsldoi		$F,$E,$E,8
+	vsldoi		$H,$G,$G,8
+___
+$code.=<<___;
+	li		r0,`($rounds-16)/16`	# inner loop counter
+	b		Loop
+.align	5
+Loop:
+	lvx		$Ki,$x00,$Tbl
+	lvx_u		@X[0],0,$inp
+	addi		$inp,$inp,16
+	mr		$idx,$Tbl		# copy $Tbl
+	stvx		$A,$x00,$offload	# offload $A-$H
+	stvx		$B,$x10,$offload
+	stvx		$C,$x20,$offload
+	stvx		$D,$x30,$offload
+	stvx		$E,$x40,$offload
+	stvx		$F,$x50,$offload
+	stvx		$G,$x60,$offload
+	stvx		$H,$x70,$offload
+	vaddu${sz}m	$H,$H,$Ki		# h+K[i]
+	lvx		$Ki,$x10,$Tbl
+___
+for ($i=0;$i<16;$i++)	{ &ROUND($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	mtctr		r0
+	b		L16_xx
+.align	5
+L16_xx:
+___
+for (;$i<32;$i++)	{ &ROUND($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	bdnz		L16_xx
+
+	lvx		@X[2],$x00,$offload
+	subic.		$num,$num,1
+	lvx		@X[3],$x10,$offload
+	vaddu${sz}m	$A,$A,@X[2]
+	lvx		@X[4],$x20,$offload
+	vaddu${sz}m	$B,$B,@X[3]
+	lvx		@X[5],$x30,$offload
+	vaddu${sz}m	$C,$C,@X[4]
+	lvx		@X[6],$x40,$offload
+	vaddu${sz}m	$D,$D,@X[5]
+	lvx		@X[7],$x50,$offload
+	vaddu${sz}m	$E,$E,@X[6]
+	lvx		@X[8],$x60,$offload
+	vaddu${sz}m	$F,$F,@X[7]
+	lvx		@X[9],$x70,$offload
+	vaddu${sz}m	$G,$G,@X[8]
+	vaddu${sz}m	$H,$H,@X[9]
+	bne		Loop
+___
+$code.=<<___		if ($SZ==4);
+	lvx		@X[0],$x20,$idx
+	vperm		$A,$A,$B,$Ki		# pack the answer
+	lvx		@X[1],$x30,$idx
+	vperm		$E,$E,$F,$Ki
+	vperm		$A,$A,$C,@X[0]
+	vperm		$E,$E,$G,@X[0]
+	vperm		$A,$A,$D,@X[1]
+	vperm		$E,$E,$H,@X[1]
+	stvx_4w		$A,$x00,$ctx
+	stvx_4w		$E,$x10,$ctx
+___
+$code.=<<___		if ($SZ==8);
+	vperm		$A,$A,$B,$Ki		# pack the answer
+	vperm		$C,$C,$D,$Ki
+	vperm		$E,$E,$F,$Ki
+	vperm		$G,$G,$H,$Ki
+	stvx_u		$A,$x00,$ctx
+	stvx_u		$C,$x10,$ctx
+	stvx_u		$E,$x20,$ctx
+	stvx_u		$G,$x30,$ctx
+___
+$code.=<<___;
+	addi		$offload,$sp,`$LOCALS+15`
+	mtlr		$lrsave
+	mtspr		256,$vrsave
+	lvx		v24,$x00,$offload	# ABI says so
+	lvx		v25,$x10,$offload
+	lvx		v26,$x20,$offload
+	lvx		v27,$x30,$offload
+	lvx		v28,$x40,$offload
+	lvx		v29,$x50,$offload
+	lvx		v30,$x60,$offload
+	lvx		v31,$x70,$offload
+	$POP		r26,`$FRAME-6*$SIZE_T`($sp)
+	$POP		r27,`$FRAME-5*$SIZE_T`($sp)
+	$POP		r28,`$FRAME-4*$SIZE_T`($sp)
+	$POP		r29,`$FRAME-3*$SIZE_T`($sp)
+	$POP		r30,`$FRAME-2*$SIZE_T`($sp)
+	$POP		r31,`$FRAME-1*$SIZE_T`($sp)
+	addi		$sp,$sp,$FRAME
+	blr
+	.long		0
+	.byte		0,12,4,1,0x80,6,3,0
+	.long		0
+.size	$func,.-$func
+___
+
+# Ugly hack here, because PPC assembler syntax seem to vary too
+# much from platforms to platform...
+$code.=<<___;
+.align	6
+LPICmeup:
+	mflr	r0
+	bcl	20,31,\$+4
+	mflr	$Tbl	; vvvvvv "distance" between . and 1st data entry
+	addi	$Tbl,$Tbl,`64-8`
+	mtlr	r0
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+	.space	`64-9*4`
+___
+
+if ($SZ==8) {
+    local *table = sub {
+	foreach(@_) { $code.=".quad	$_,$_\n"; }
+    };
+    table(
+	"0x428a2f98d728ae22","0x7137449123ef65cd",
+	"0xb5c0fbcfec4d3b2f","0xe9b5dba58189dbbc",
+	"0x3956c25bf348b538","0x59f111f1b605d019",
+	"0x923f82a4af194f9b","0xab1c5ed5da6d8118",
+	"0xd807aa98a3030242","0x12835b0145706fbe",
+	"0x243185be4ee4b28c","0x550c7dc3d5ffb4e2",
+	"0x72be5d74f27b896f","0x80deb1fe3b1696b1",
+	"0x9bdc06a725c71235","0xc19bf174cf692694",
+	"0xe49b69c19ef14ad2","0xefbe4786384f25e3",
+	"0x0fc19dc68b8cd5b5","0x240ca1cc77ac9c65",
+	"0x2de92c6f592b0275","0x4a7484aa6ea6e483",
+	"0x5cb0a9dcbd41fbd4","0x76f988da831153b5",
+	"0x983e5152ee66dfab","0xa831c66d2db43210",
+	"0xb00327c898fb213f","0xbf597fc7beef0ee4",
+	"0xc6e00bf33da88fc2","0xd5a79147930aa725",
+	"0x06ca6351e003826f","0x142929670a0e6e70",
+	"0x27b70a8546d22ffc","0x2e1b21385c26c926",
+	"0x4d2c6dfc5ac42aed","0x53380d139d95b3df",
+	"0x650a73548baf63de","0x766a0abb3c77b2a8",
+	"0x81c2c92e47edaee6","0x92722c851482353b",
+	"0xa2bfe8a14cf10364","0xa81a664bbc423001",
+	"0xc24b8b70d0f89791","0xc76c51a30654be30",
+	"0xd192e819d6ef5218","0xd69906245565a910",
+	"0xf40e35855771202a","0x106aa07032bbd1b8",
+	"0x19a4c116b8d2d0c8","0x1e376c085141ab53",
+	"0x2748774cdf8eeb99","0x34b0bcb5e19b48a8",
+	"0x391c0cb3c5c95a63","0x4ed8aa4ae3418acb",
+	"0x5b9cca4f7763e373","0x682e6ff3d6b2b8a3",
+	"0x748f82ee5defb2fc","0x78a5636f43172f60",
+	"0x84c87814a1f0ab72","0x8cc702081a6439ec",
+	"0x90befffa23631e28","0xa4506cebde82bde9",
+	"0xbef9a3f7b2c67915","0xc67178f2e372532b",
+	"0xca273eceea26619c","0xd186b8c721c0c207",
+	"0xeada7dd6cde0eb1e","0xf57d4f7fee6ed178",
+	"0x06f067aa72176fba","0x0a637dc5a2c898a6",
+	"0x113f9804bef90dae","0x1b710b35131c471b",
+	"0x28db77f523047d84","0x32caab7b40c72493",
+	"0x3c9ebe0a15c9bebc","0x431d67c49c100d4c",
+	"0x4cc5d4becb3e42b6","0x597f299cfc657e2a",
+	"0x5fcb6fab3ad6faec","0x6c44198c4a475817","0");
+$code.=<<___	if (!$LENDIAN);
+.quad	0x0001020304050607,0x1011121314151617
+___
+$code.=<<___	if ($LENDIAN);	# quad-swapped
+.quad	0x1011121314151617,0x0001020304050607
+___
+} else {
+    local *table = sub {
+	foreach(@_) { $code.=".long	$_,$_,$_,$_\n"; }
+    };
+    table(
+	"0x428a2f98","0x71374491","0xb5c0fbcf","0xe9b5dba5",
+	"0x3956c25b","0x59f111f1","0x923f82a4","0xab1c5ed5",
+	"0xd807aa98","0x12835b01","0x243185be","0x550c7dc3",
+	"0x72be5d74","0x80deb1fe","0x9bdc06a7","0xc19bf174",
+	"0xe49b69c1","0xefbe4786","0x0fc19dc6","0x240ca1cc",
+	"0x2de92c6f","0x4a7484aa","0x5cb0a9dc","0x76f988da",
+	"0x983e5152","0xa831c66d","0xb00327c8","0xbf597fc7",
+	"0xc6e00bf3","0xd5a79147","0x06ca6351","0x14292967",
+	"0x27b70a85","0x2e1b2138","0x4d2c6dfc","0x53380d13",
+	"0x650a7354","0x766a0abb","0x81c2c92e","0x92722c85",
+	"0xa2bfe8a1","0xa81a664b","0xc24b8b70","0xc76c51a3",
+	"0xd192e819","0xd6990624","0xf40e3585","0x106aa070",
+	"0x19a4c116","0x1e376c08","0x2748774c","0x34b0bcb5",
+	"0x391c0cb3","0x4ed8aa4a","0x5b9cca4f","0x682e6ff3",
+	"0x748f82ee","0x78a5636f","0x84c87814","0x8cc70208",
+	"0x90befffa","0xa4506ceb","0xbef9a3f7","0xc67178f2","0");
+$code.=<<___	if (!$LENDIAN);
+.long	0x00010203,0x10111213,0x10111213,0x10111213
+.long	0x00010203,0x04050607,0x10111213,0x10111213
+.long	0x00010203,0x04050607,0x08090a0b,0x10111213
+___
+$code.=<<___	if ($LENDIAN);	# word-swapped
+.long	0x10111213,0x10111213,0x10111213,0x00010203
+.long	0x10111213,0x10111213,0x04050607,0x00010203
+.long	0x10111213,0x08090a0b,0x04050607,0x00010203
+___
+}
+$code.=<<___;
+.asciz	"SHA${bits} for PowerISA 2.07, CRYPTOGAMS by <appro\@openssl.org>"
+.align	2
+___
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/build.info
new file mode 100644
index 000000000..5dd5a9941
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/build.info
@@ -0,0 +1,89 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        sha1dgst.c sha1_one.c sha256.c sha512.c {- $target{sha1_asm_src} -} \
+        {- $target{keccak1600_asm_src} -}
+
+GENERATE[sha1-586.s]=asm/sha1-586.pl \
+        $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR)
+DEPEND[sha1-586.s]=../perlasm/x86asm.pl
+GENERATE[sha256-586.s]=asm/sha256-586.pl \
+        $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR)
+DEPEND[sha256-586.s]=../perlasm/x86asm.pl
+GENERATE[sha512-586.s]=asm/sha512-586.pl \
+        $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR)
+DEPEND[sha512-586.s]=../perlasm/x86asm.pl
+
+GENERATE[sha1-ia64.s]=asm/sha1-ia64.pl $(LIB_CFLAGS) $(LIB_CPPFLAGS)
+GENERATE[sha256-ia64.s]=asm/sha512-ia64.pl $(LIB_CFLAGS) $(LIB_CPPFLAGS)
+GENERATE[sha512-ia64.s]=asm/sha512-ia64.pl $(LIB_CFLAGS) $(LIB_CPPFLAGS)
+
+GENERATE[sha1-alpha.S]=asm/sha1-alpha.pl $(PERLASM_SCHEME)
+
+GENERATE[sha1-x86_64.s]=asm/sha1-x86_64.pl $(PERLASM_SCHEME)
+GENERATE[sha1-mb-x86_64.s]=asm/sha1-mb-x86_64.pl $(PERLASM_SCHEME)
+GENERATE[sha256-x86_64.s]=asm/sha512-x86_64.pl $(PERLASM_SCHEME)
+GENERATE[sha256-mb-x86_64.s]=asm/sha256-mb-x86_64.pl $(PERLASM_SCHEME)
+GENERATE[sha512-x86_64.s]=asm/sha512-x86_64.pl $(PERLASM_SCHEME)
+GENERATE[keccak1600-x86_64.s]=asm/keccak1600-x86_64.pl $(PERLASM_SCHEME)
+
+GENERATE[sha1-sparcv9.S]=asm/sha1-sparcv9.pl $(PERLASM_SCHEME)
+INCLUDE[sha1-sparcv9.o]=..
+GENERATE[sha256-sparcv9.S]=asm/sha512-sparcv9.pl $(PERLASM_SCHEME)
+INCLUDE[sha256-sparcv9.o]=..
+GENERATE[sha512-sparcv9.S]=asm/sha512-sparcv9.pl $(PERLASM_SCHEME)
+INCLUDE[sha512-sparcv9.o]=..
+
+GENERATE[sha1-ppc.s]=asm/sha1-ppc.pl $(PERLASM_SCHEME)
+GENERATE[sha256-ppc.s]=asm/sha512-ppc.pl $(PERLASM_SCHEME)
+GENERATE[sha512-ppc.s]=asm/sha512-ppc.pl $(PERLASM_SCHEME)
+GENERATE[sha256p8-ppc.s]=asm/sha512p8-ppc.pl $(PERLASM_SCHEME)
+GENERATE[sha512p8-ppc.s]=asm/sha512p8-ppc.pl $(PERLASM_SCHEME)
+GENERATE[keccak1600-ppc64.s]=asm/keccak1600-ppc64.pl $(PERLASM_SCHEME)
+
+GENERATE[sha1-parisc.s]=asm/sha1-parisc.pl $(PERLASM_SCHEME)
+GENERATE[sha256-parisc.s]=asm/sha512-parisc.pl $(PERLASM_SCHEME)
+GENERATE[sha512-parisc.s]=asm/sha512-parisc.pl $(PERLASM_SCHEME)
+
+GENERATE[sha1-mips.S]=asm/sha1-mips.pl $(PERLASM_SCHEME)
+INCLUDE[sha1-mips.o]=..
+GENERATE[sha256-mips.S]=asm/sha512-mips.pl $(PERLASM_SCHEME)
+INCLUDE[sha256-mips.o]=..
+GENERATE[sha512-mips.S]=asm/sha512-mips.pl $(PERLASM_SCHEME)
+INCLUDE[sha512-mips.o]=..
+
+GENERATE[sha1-armv4-large.S]=asm/sha1-armv4-large.pl $(PERLASM_SCHEME)
+INCLUDE[sha1-armv4-large.o]=..
+GENERATE[sha256-armv4.S]=asm/sha256-armv4.pl $(PERLASM_SCHEME)
+INCLUDE[sha256-armv4.o]=..
+GENERATE[sha512-armv4.S]=asm/sha512-armv4.pl $(PERLASM_SCHEME)
+INCLUDE[sha512-armv4.o]=..
+GENERATE[keccak1600-armv4.S]=asm/keccak1600-armv4.pl $(PERLASM_SCHEME)
+INCLUDE[keccak1600-armv4.o]=..
+
+GENERATE[sha1-armv8.S]=asm/sha1-armv8.pl $(PERLASM_SCHEME)
+INCLUDE[sha1-armv8.o]=..
+GENERATE[sha256-armv8.S]=asm/sha512-armv8.pl $(PERLASM_SCHEME)
+INCLUDE[sha256-armv8.o]=..
+GENERATE[sha512-armv8.S]=asm/sha512-armv8.pl $(PERLASM_SCHEME)
+INCLUDE[sha512-armv8.o]=..
+GENERATE[keccak1600-armv8.S]=asm/keccak1600-armv8.pl $(PERLASM_SCHEME)
+
+GENERATE[sha1-s390x.S]=asm/sha1-s390x.pl $(PERLASM_SCHEME)
+INCLUDE[sha1-s390x.o]=..
+GENERATE[sha256-s390x.S]=asm/sha512-s390x.pl $(PERLASM_SCHEME)
+INCLUDE[sha256-s390x.o]=..
+GENERATE[sha512-s390x.S]=asm/sha512-s390x.pl $(PERLASM_SCHEME)
+INCLUDE[sha512-s390x.o]=..
+GENERATE[keccak1600-s390x.S]=asm/keccak1600-s390x.pl $(PERLASM_SCHEME)
+
+BEGINRAW[Makefile(unix)]
+##### SHA assembler implementations
+
+# GNU make "catch all"
+{- $builddir -}/sha1-%.S:	{- $sourcedir -}/asm/sha1-%.pl
+	CC="$(CC)" $(PERL) $< $(PERLASM_SCHEME) $@
+{- $builddir -}/sha256-%.S:	{- $sourcedir -}/asm/sha512-%.pl
+	CC="$(CC)" $(PERL) $< $(PERLASM_SCHEME) $@
+{- $builddir -}/sha512-%.S:	{- $sourcedir -}/asm/sha512-%.pl
+	CC="$(CC)" $(PERL) $< $(PERLASM_SCHEME) $@
+ENDRAW[Makefile(unix)]
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/keccak1600.c b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/keccak1600.c
new file mode 100644
index 000000000..e7223486a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/keccak1600.c
@@ -0,0 +1,1246 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/e_os2.h>
+#include <string.h>
+#include <assert.h>
+
+size_t SHA3_absorb(uint64_t A[5][5], const unsigned char *inp, size_t len,
+                   size_t r);
+void SHA3_squeeze(uint64_t A[5][5], unsigned char *out, size_t len, size_t r);
+
+#if !defined(KECCAK1600_ASM) || !defined(SELFTEST)
+
+/*
+ * Choose some sensible defaults
+ */
+#if !defined(KECCAK_REF) && !defined(KECCAK_1X) && !defined(KECCAK_1X_ALT) && \
+    !defined(KECCAK_2X) && !defined(KECCAK_INPLACE)
+# define KECCAK_2X      /* default to KECCAK_2X variant */
+#endif
+
+#if defined(__i386) || defined(__i386__) || defined(_M_IX86)
+# define KECCAK_COMPLEMENTING_TRANSFORM
+#endif
+
+#if defined(__x86_64__) || defined(__aarch64__) || \
+    defined(__mips64) || defined(__ia64) || \
+    (defined(__VMS) && !defined(__vax))
+/*
+ * These are available even in ILP32 flavours, but even then they are
+ * capable of performing 64-bit operations as efficiently as in *P64.
+ * Since it's not given that we can use sizeof(void *), just shunt it.
+ */
+# define BIT_INTERLEAVE (0)
+#else
+# define BIT_INTERLEAVE (sizeof(void *) < 8)
+#endif
+
+#define ROL32(a, offset) (((a) << (offset)) | ((a) >> ((32 - (offset)) & 31)))
+
+static uint64_t ROL64(uint64_t val, int offset)
+{
+    if (offset == 0) {
+        return val;
+    } else if (!BIT_INTERLEAVE) {
+        return (val << offset) | (val >> (64-offset));
+    } else {
+        uint32_t hi = (uint32_t)(val >> 32), lo = (uint32_t)val;
+
+        if (offset & 1) {
+            uint32_t tmp = hi;
+
+            offset >>= 1;
+            hi = ROL32(lo, offset);
+            lo = ROL32(tmp, offset + 1);
+        } else {
+            offset >>= 1;
+            lo = ROL32(lo, offset);
+            hi = ROL32(hi, offset);
+        }
+
+        return ((uint64_t)hi << 32) | lo;
+    }
+}
+
+static const unsigned char rhotates[5][5] = {
+    {  0,  1, 62, 28, 27 },
+    { 36, 44,  6, 55, 20 },
+    {  3, 10, 43, 25, 39 },
+    { 41, 45, 15, 21,  8 },
+    { 18,  2, 61, 56, 14 }
+};
+
+static const uint64_t iotas[] = {
+    BIT_INTERLEAVE ? 0x0000000000000001U : 0x0000000000000001U,
+    BIT_INTERLEAVE ? 0x0000008900000000U : 0x0000000000008082U,
+    BIT_INTERLEAVE ? 0x8000008b00000000U : 0x800000000000808aU,
+    BIT_INTERLEAVE ? 0x8000808000000000U : 0x8000000080008000U,
+    BIT_INTERLEAVE ? 0x0000008b00000001U : 0x000000000000808bU,
+    BIT_INTERLEAVE ? 0x0000800000000001U : 0x0000000080000001U,
+    BIT_INTERLEAVE ? 0x8000808800000001U : 0x8000000080008081U,
+    BIT_INTERLEAVE ? 0x8000008200000001U : 0x8000000000008009U,
+    BIT_INTERLEAVE ? 0x0000000b00000000U : 0x000000000000008aU,
+    BIT_INTERLEAVE ? 0x0000000a00000000U : 0x0000000000000088U,
+    BIT_INTERLEAVE ? 0x0000808200000001U : 0x0000000080008009U,
+    BIT_INTERLEAVE ? 0x0000800300000000U : 0x000000008000000aU,
+    BIT_INTERLEAVE ? 0x0000808b00000001U : 0x000000008000808bU,
+    BIT_INTERLEAVE ? 0x8000000b00000001U : 0x800000000000008bU,
+    BIT_INTERLEAVE ? 0x8000008a00000001U : 0x8000000000008089U,
+    BIT_INTERLEAVE ? 0x8000008100000001U : 0x8000000000008003U,
+    BIT_INTERLEAVE ? 0x8000008100000000U : 0x8000000000008002U,
+    BIT_INTERLEAVE ? 0x8000000800000000U : 0x8000000000000080U,
+    BIT_INTERLEAVE ? 0x0000008300000000U : 0x000000000000800aU,
+    BIT_INTERLEAVE ? 0x8000800300000000U : 0x800000008000000aU,
+    BIT_INTERLEAVE ? 0x8000808800000001U : 0x8000000080008081U,
+    BIT_INTERLEAVE ? 0x8000008800000000U : 0x8000000000008080U,
+    BIT_INTERLEAVE ? 0x0000800000000001U : 0x0000000080000001U,
+    BIT_INTERLEAVE ? 0x8000808200000000U : 0x8000000080008008U
+};
+
+#if defined(KECCAK_REF)
+/*
+ * This is straightforward or "maximum clarity" implementation aiming
+ * to resemble section 3.2 of the FIPS PUB 202 "SHA-3 Standard:
+ * Permutation-Based Hash and Extendible-Output Functions" as much as
+ * possible. With one caveat. Because of the way C stores matrices,
+ * references to A[x,y] in the specification are presented as A[y][x].
+ * Implementation unrolls inner x-loops so that modulo 5 operations are
+ * explicitly pre-computed.
+ */
+static void Theta(uint64_t A[5][5])
+{
+    uint64_t C[5], D[5];
+    size_t y;
+
+    C[0] = A[0][0];
+    C[1] = A[0][1];
+    C[2] = A[0][2];
+    C[3] = A[0][3];
+    C[4] = A[0][4];
+
+    for (y = 1; y < 5; y++) {
+        C[0] ^= A[y][0];
+        C[1] ^= A[y][1];
+        C[2] ^= A[y][2];
+        C[3] ^= A[y][3];
+        C[4] ^= A[y][4];
+    }
+
+    D[0] = ROL64(C[1], 1) ^ C[4];
+    D[1] = ROL64(C[2], 1) ^ C[0];
+    D[2] = ROL64(C[3], 1) ^ C[1];
+    D[3] = ROL64(C[4], 1) ^ C[2];
+    D[4] = ROL64(C[0], 1) ^ C[3];
+
+    for (y = 0; y < 5; y++) {
+        A[y][0] ^= D[0];
+        A[y][1] ^= D[1];
+        A[y][2] ^= D[2];
+        A[y][3] ^= D[3];
+        A[y][4] ^= D[4];
+    }
+}
+
+static void Rho(uint64_t A[5][5])
+{
+    size_t y;
+
+    for (y = 0; y < 5; y++) {
+        A[y][0] = ROL64(A[y][0], rhotates[y][0]);
+        A[y][1] = ROL64(A[y][1], rhotates[y][1]);
+        A[y][2] = ROL64(A[y][2], rhotates[y][2]);
+        A[y][3] = ROL64(A[y][3], rhotates[y][3]);
+        A[y][4] = ROL64(A[y][4], rhotates[y][4]);
+    }
+}
+
+static void Pi(uint64_t A[5][5])
+{
+    uint64_t T[5][5];
+
+    /*
+     * T = A
+     * A[y][x] = T[x][(3*y+x)%5]
+     */
+    memcpy(T, A, sizeof(T));
+
+    A[0][0] = T[0][0];
+    A[0][1] = T[1][1];
+    A[0][2] = T[2][2];
+    A[0][3] = T[3][3];
+    A[0][4] = T[4][4];
+
+    A[1][0] = T[0][3];
+    A[1][1] = T[1][4];
+    A[1][2] = T[2][0];
+    A[1][3] = T[3][1];
+    A[1][4] = T[4][2];
+
+    A[2][0] = T[0][1];
+    A[2][1] = T[1][2];
+    A[2][2] = T[2][3];
+    A[2][3] = T[3][4];
+    A[2][4] = T[4][0];
+
+    A[3][0] = T[0][4];
+    A[3][1] = T[1][0];
+    A[3][2] = T[2][1];
+    A[3][3] = T[3][2];
+    A[3][4] = T[4][3];
+
+    A[4][0] = T[0][2];
+    A[4][1] = T[1][3];
+    A[4][2] = T[2][4];
+    A[4][3] = T[3][0];
+    A[4][4] = T[4][1];
+}
+
+static void Chi(uint64_t A[5][5])
+{
+    uint64_t C[5];
+    size_t y;
+
+    for (y = 0; y < 5; y++) {
+        C[0] = A[y][0] ^ (~A[y][1] & A[y][2]);
+        C[1] = A[y][1] ^ (~A[y][2] & A[y][3]);
+        C[2] = A[y][2] ^ (~A[y][3] & A[y][4]);
+        C[3] = A[y][3] ^ (~A[y][4] & A[y][0]);
+        C[4] = A[y][4] ^ (~A[y][0] & A[y][1]);
+
+        A[y][0] = C[0];
+        A[y][1] = C[1];
+        A[y][2] = C[2];
+        A[y][3] = C[3];
+        A[y][4] = C[4];
+    }
+}
+
+static void Iota(uint64_t A[5][5], size_t i)
+{
+    assert(i < (sizeof(iotas) / sizeof(iotas[0])));
+    A[0][0] ^= iotas[i];
+}
+
+static void KeccakF1600(uint64_t A[5][5])
+{
+    size_t i;
+
+    for (i = 0; i < 24; i++) {
+        Theta(A);
+        Rho(A);
+        Pi(A);
+        Chi(A);
+        Iota(A, i);
+    }
+}
+
+#elif defined(KECCAK_1X)
+/*
+ * This implementation is optimization of above code featuring unroll
+ * of even y-loops, their fusion and code motion. It also minimizes
+ * temporary storage. Compiler would normally do all these things for
+ * you, purpose of manual optimization is to provide "unobscured"
+ * reference for assembly implementation [in case this approach is
+ * chosen for implementation on some platform]. In the nutshell it's
+ * equivalent of "plane-per-plane processing" approach discussed in
+ * section 2.4 of "Keccak implementation overview".
+ */
+static void Round(uint64_t A[5][5], size_t i)
+{
+    uint64_t C[5], E[2];        /* registers */
+    uint64_t D[5], T[2][5];     /* memory    */
+
+    assert(i < (sizeof(iotas) / sizeof(iotas[0])));
+
+    C[0] = A[0][0] ^ A[1][0] ^ A[2][0] ^ A[3][0] ^ A[4][0];
+    C[1] = A[0][1] ^ A[1][1] ^ A[2][1] ^ A[3][1] ^ A[4][1];
+    C[2] = A[0][2] ^ A[1][2] ^ A[2][2] ^ A[3][2] ^ A[4][2];
+    C[3] = A[0][3] ^ A[1][3] ^ A[2][3] ^ A[3][3] ^ A[4][3];
+    C[4] = A[0][4] ^ A[1][4] ^ A[2][4] ^ A[3][4] ^ A[4][4];
+
+#if defined(__arm__)
+    D[1] = E[0] = ROL64(C[2], 1) ^ C[0];
+    D[4] = E[1] = ROL64(C[0], 1) ^ C[3];
+    D[0] = C[0] = ROL64(C[1], 1) ^ C[4];
+    D[2] = C[1] = ROL64(C[3], 1) ^ C[1];
+    D[3] = C[2] = ROL64(C[4], 1) ^ C[2];
+
+    T[0][0] = A[3][0] ^ C[0]; /* borrow T[0][0] */
+    T[0][1] = A[0][1] ^ E[0]; /* D[1] */
+    T[0][2] = A[0][2] ^ C[1]; /* D[2] */
+    T[0][3] = A[0][3] ^ C[2]; /* D[3] */
+    T[0][4] = A[0][4] ^ E[1]; /* D[4] */
+
+    C[3] = ROL64(A[3][3] ^ C[2], rhotates[3][3]);   /* D[3] */
+    C[4] = ROL64(A[4][4] ^ E[1], rhotates[4][4]);   /* D[4] */
+    C[0] =       A[0][0] ^ C[0]; /* rotate by 0 */  /* D[0] */
+    C[2] = ROL64(A[2][2] ^ C[1], rhotates[2][2]);   /* D[2] */
+    C[1] = ROL64(A[1][1] ^ E[0], rhotates[1][1]);   /* D[1] */
+#else
+    D[0] = ROL64(C[1], 1) ^ C[4];
+    D[1] = ROL64(C[2], 1) ^ C[0];
+    D[2] = ROL64(C[3], 1) ^ C[1];
+    D[3] = ROL64(C[4], 1) ^ C[2];
+    D[4] = ROL64(C[0], 1) ^ C[3];
+
+    T[0][0] = A[3][0] ^ D[0]; /* borrow T[0][0] */
+    T[0][1] = A[0][1] ^ D[1];
+    T[0][2] = A[0][2] ^ D[2];
+    T[0][3] = A[0][3] ^ D[3];
+    T[0][4] = A[0][4] ^ D[4];
+
+    C[0] =       A[0][0] ^ D[0]; /* rotate by 0 */
+    C[1] = ROL64(A[1][1] ^ D[1], rhotates[1][1]);
+    C[2] = ROL64(A[2][2] ^ D[2], rhotates[2][2]);
+    C[3] = ROL64(A[3][3] ^ D[3], rhotates[3][3]);
+    C[4] = ROL64(A[4][4] ^ D[4], rhotates[4][4]);
+#endif
+    A[0][0] = C[0] ^ (~C[1] & C[2]) ^ iotas[i];
+    A[0][1] = C[1] ^ (~C[2] & C[3]);
+    A[0][2] = C[2] ^ (~C[3] & C[4]);
+    A[0][3] = C[3] ^ (~C[4] & C[0]);
+    A[0][4] = C[4] ^ (~C[0] & C[1]);
+
+    T[1][0] = A[1][0] ^ (C[3] = D[0]);
+    T[1][1] = A[2][1] ^ (C[4] = D[1]); /* borrow T[1][1] */
+    T[1][2] = A[1][2] ^ (E[0] = D[2]);
+    T[1][3] = A[1][3] ^ (E[1] = D[3]);
+    T[1][4] = A[2][4] ^ (C[2] = D[4]); /* borrow T[1][4] */
+
+    C[0] = ROL64(T[0][3],        rhotates[0][3]);
+    C[1] = ROL64(A[1][4] ^ C[2], rhotates[1][4]);   /* D[4] */
+    C[2] = ROL64(A[2][0] ^ C[3], rhotates[2][0]);   /* D[0] */
+    C[3] = ROL64(A[3][1] ^ C[4], rhotates[3][1]);   /* D[1] */
+    C[4] = ROL64(A[4][2] ^ E[0], rhotates[4][2]);   /* D[2] */
+
+    A[1][0] = C[0] ^ (~C[1] & C[2]);
+    A[1][1] = C[1] ^ (~C[2] & C[3]);
+    A[1][2] = C[2] ^ (~C[3] & C[4]);
+    A[1][3] = C[3] ^ (~C[4] & C[0]);
+    A[1][4] = C[4] ^ (~C[0] & C[1]);
+
+    C[0] = ROL64(T[0][1],        rhotates[0][1]);
+    C[1] = ROL64(T[1][2],        rhotates[1][2]);
+    C[2] = ROL64(A[2][3] ^ D[3], rhotates[2][3]);
+    C[3] = ROL64(A[3][4] ^ D[4], rhotates[3][4]);
+    C[4] = ROL64(A[4][0] ^ D[0], rhotates[4][0]);
+
+    A[2][0] = C[0] ^ (~C[1] & C[2]);
+    A[2][1] = C[1] ^ (~C[2] & C[3]);
+    A[2][2] = C[2] ^ (~C[3] & C[4]);
+    A[2][3] = C[3] ^ (~C[4] & C[0]);
+    A[2][4] = C[4] ^ (~C[0] & C[1]);
+
+    C[0] = ROL64(T[0][4],        rhotates[0][4]);
+    C[1] = ROL64(T[1][0],        rhotates[1][0]);
+    C[2] = ROL64(T[1][1],        rhotates[2][1]); /* originally A[2][1] */
+    C[3] = ROL64(A[3][2] ^ D[2], rhotates[3][2]);
+    C[4] = ROL64(A[4][3] ^ D[3], rhotates[4][3]);
+
+    A[3][0] = C[0] ^ (~C[1] & C[2]);
+    A[3][1] = C[1] ^ (~C[2] & C[3]);
+    A[3][2] = C[2] ^ (~C[3] & C[4]);
+    A[3][3] = C[3] ^ (~C[4] & C[0]);
+    A[3][4] = C[4] ^ (~C[0] & C[1]);
+
+    C[0] = ROL64(T[0][2],        rhotates[0][2]);
+    C[1] = ROL64(T[1][3],        rhotates[1][3]);
+    C[2] = ROL64(T[1][4],        rhotates[2][4]); /* originally A[2][4] */
+    C[3] = ROL64(T[0][0],        rhotates[3][0]); /* originally A[3][0] */
+    C[4] = ROL64(A[4][1] ^ D[1], rhotates[4][1]);
+
+    A[4][0] = C[0] ^ (~C[1] & C[2]);
+    A[4][1] = C[1] ^ (~C[2] & C[3]);
+    A[4][2] = C[2] ^ (~C[3] & C[4]);
+    A[4][3] = C[3] ^ (~C[4] & C[0]);
+    A[4][4] = C[4] ^ (~C[0] & C[1]);
+}
+
+static void KeccakF1600(uint64_t A[5][5])
+{
+    size_t i;
+
+    for (i = 0; i < 24; i++) {
+        Round(A, i);
+    }
+}
+
+#elif defined(KECCAK_1X_ALT)
+/*
+ * This is variant of above KECCAK_1X that reduces requirement for
+ * temporary storage even further, but at cost of more updates to A[][].
+ * It's less suitable if A[][] is memory bound, but better if it's
+ * register bound.
+ */
+
+static void Round(uint64_t A[5][5], size_t i)
+{
+    uint64_t C[5], D[5];
+
+    assert(i < (sizeof(iotas) / sizeof(iotas[0])));
+
+    C[0] = A[0][0] ^ A[1][0] ^ A[2][0] ^ A[3][0] ^ A[4][0];
+    C[1] = A[0][1] ^ A[1][1] ^ A[2][1] ^ A[3][1] ^ A[4][1];
+    C[2] = A[0][2] ^ A[1][2] ^ A[2][2] ^ A[3][2] ^ A[4][2];
+    C[3] = A[0][3] ^ A[1][3] ^ A[2][3] ^ A[3][3] ^ A[4][3];
+    C[4] = A[0][4] ^ A[1][4] ^ A[2][4] ^ A[3][4] ^ A[4][4];
+
+    D[1] = C[0] ^  ROL64(C[2], 1);
+    D[2] = C[1] ^  ROL64(C[3], 1);
+    D[3] = C[2] ^= ROL64(C[4], 1);
+    D[4] = C[3] ^= ROL64(C[0], 1);
+    D[0] = C[4] ^= ROL64(C[1], 1);
+
+    A[0][1] ^= D[1];
+    A[1][1] ^= D[1];
+    A[2][1] ^= D[1];
+    A[3][1] ^= D[1];
+    A[4][1] ^= D[1];
+
+    A[0][2] ^= D[2];
+    A[1][2] ^= D[2];
+    A[2][2] ^= D[2];
+    A[3][2] ^= D[2];
+    A[4][2] ^= D[2];
+
+    A[0][3] ^= C[2];
+    A[1][3] ^= C[2];
+    A[2][3] ^= C[2];
+    A[3][3] ^= C[2];
+    A[4][3] ^= C[2];
+
+    A[0][4] ^= C[3];
+    A[1][4] ^= C[3];
+    A[2][4] ^= C[3];
+    A[3][4] ^= C[3];
+    A[4][4] ^= C[3];
+
+    A[0][0] ^= C[4];
+    A[1][0] ^= C[4];
+    A[2][0] ^= C[4];
+    A[3][0] ^= C[4];
+    A[4][0] ^= C[4];
+
+    C[1] = A[0][1];
+    C[2] = A[0][2];
+    C[3] = A[0][3];
+    C[4] = A[0][4];
+
+    A[0][1] = ROL64(A[1][1], rhotates[1][1]);
+    A[0][2] = ROL64(A[2][2], rhotates[2][2]);
+    A[0][3] = ROL64(A[3][3], rhotates[3][3]);
+    A[0][4] = ROL64(A[4][4], rhotates[4][4]);
+
+    A[1][1] = ROL64(A[1][4], rhotates[1][4]);
+    A[2][2] = ROL64(A[2][3], rhotates[2][3]);
+    A[3][3] = ROL64(A[3][2], rhotates[3][2]);
+    A[4][4] = ROL64(A[4][1], rhotates[4][1]);
+
+    A[1][4] = ROL64(A[4][2], rhotates[4][2]);
+    A[2][3] = ROL64(A[3][4], rhotates[3][4]);
+    A[3][2] = ROL64(A[2][1], rhotates[2][1]);
+    A[4][1] = ROL64(A[1][3], rhotates[1][3]);
+
+    A[4][2] = ROL64(A[2][4], rhotates[2][4]);
+    A[3][4] = ROL64(A[4][3], rhotates[4][3]);
+    A[2][1] = ROL64(A[1][2], rhotates[1][2]);
+    A[1][3] = ROL64(A[3][1], rhotates[3][1]);
+
+    A[2][4] = ROL64(A[4][0], rhotates[4][0]);
+    A[4][3] = ROL64(A[3][0], rhotates[3][0]);
+    A[1][2] = ROL64(A[2][0], rhotates[2][0]);
+    A[3][1] = ROL64(A[1][0], rhotates[1][0]);
+
+    A[1][0] = ROL64(C[3],    rhotates[0][3]);
+    A[2][0] = ROL64(C[1],    rhotates[0][1]);
+    A[3][0] = ROL64(C[4],    rhotates[0][4]);
+    A[4][0] = ROL64(C[2],    rhotates[0][2]);
+
+    C[0] = A[0][0];
+    C[1] = A[1][0];
+    D[0] = A[0][1];
+    D[1] = A[1][1];
+
+    A[0][0] ^= (~A[0][1] & A[0][2]);
+    A[1][0] ^= (~A[1][1] & A[1][2]);
+    A[0][1] ^= (~A[0][2] & A[0][3]);
+    A[1][1] ^= (~A[1][2] & A[1][3]);
+    A[0][2] ^= (~A[0][3] & A[0][4]);
+    A[1][2] ^= (~A[1][3] & A[1][4]);
+    A[0][3] ^= (~A[0][4] & C[0]);
+    A[1][3] ^= (~A[1][4] & C[1]);
+    A[0][4] ^= (~C[0]    & D[0]);
+    A[1][4] ^= (~C[1]    & D[1]);
+
+    C[2] = A[2][0];
+    C[3] = A[3][0];
+    D[2] = A[2][1];
+    D[3] = A[3][1];
+
+    A[2][0] ^= (~A[2][1] & A[2][2]);
+    A[3][0] ^= (~A[3][1] & A[3][2]);
+    A[2][1] ^= (~A[2][2] & A[2][3]);
+    A[3][1] ^= (~A[3][2] & A[3][3]);
+    A[2][2] ^= (~A[2][3] & A[2][4]);
+    A[3][2] ^= (~A[3][3] & A[3][4]);
+    A[2][3] ^= (~A[2][4] & C[2]);
+    A[3][3] ^= (~A[3][4] & C[3]);
+    A[2][4] ^= (~C[2]    & D[2]);
+    A[3][4] ^= (~C[3]    & D[3]);
+
+    C[4] = A[4][0];
+    D[4] = A[4][1];
+
+    A[4][0] ^= (~A[4][1] & A[4][2]);
+    A[4][1] ^= (~A[4][2] & A[4][3]);
+    A[4][2] ^= (~A[4][3] & A[4][4]);
+    A[4][3] ^= (~A[4][4] & C[4]);
+    A[4][4] ^= (~C[4]    & D[4]);
+    A[0][0] ^= iotas[i];
+}
+
+static void KeccakF1600(uint64_t A[5][5])
+{
+    size_t i;
+
+    for (i = 0; i < 24; i++) {
+        Round(A, i);
+    }
+}
+
+#elif defined(KECCAK_2X)
+/*
+ * This implementation is variant of KECCAK_1X above with outer-most
+ * round loop unrolled twice. This allows to take temporary storage
+ * out of round procedure and simplify references to it by alternating
+ * it with actual data (see round loop below). Originally it was meant
+ * rather as reference for an assembly implementation, but it seems to
+ * play best with compilers [as well as provide best instruction per
+ * processed byte ratio at minimal round unroll factor]...
+ */
+static void Round(uint64_t R[5][5], uint64_t A[5][5], size_t i)
+{
+    uint64_t C[5], D[5];
+
+    assert(i < (sizeof(iotas) / sizeof(iotas[0])));
+
+    C[0] = A[0][0] ^ A[1][0] ^ A[2][0] ^ A[3][0] ^ A[4][0];
+    C[1] = A[0][1] ^ A[1][1] ^ A[2][1] ^ A[3][1] ^ A[4][1];
+    C[2] = A[0][2] ^ A[1][2] ^ A[2][2] ^ A[3][2] ^ A[4][2];
+    C[3] = A[0][3] ^ A[1][3] ^ A[2][3] ^ A[3][3] ^ A[4][3];
+    C[4] = A[0][4] ^ A[1][4] ^ A[2][4] ^ A[3][4] ^ A[4][4];
+
+    D[0] = ROL64(C[1], 1) ^ C[4];
+    D[1] = ROL64(C[2], 1) ^ C[0];
+    D[2] = ROL64(C[3], 1) ^ C[1];
+    D[3] = ROL64(C[4], 1) ^ C[2];
+    D[4] = ROL64(C[0], 1) ^ C[3];
+
+    C[0] =       A[0][0] ^ D[0]; /* rotate by 0 */
+    C[1] = ROL64(A[1][1] ^ D[1], rhotates[1][1]);
+    C[2] = ROL64(A[2][2] ^ D[2], rhotates[2][2]);
+    C[3] = ROL64(A[3][3] ^ D[3], rhotates[3][3]);
+    C[4] = ROL64(A[4][4] ^ D[4], rhotates[4][4]);
+
+#ifdef KECCAK_COMPLEMENTING_TRANSFORM
+    R[0][0] = C[0] ^ ( C[1] | C[2]) ^ iotas[i];
+    R[0][1] = C[1] ^ (~C[2] | C[3]);
+    R[0][2] = C[2] ^ ( C[3] & C[4]);
+    R[0][3] = C[3] ^ ( C[4] | C[0]);
+    R[0][4] = C[4] ^ ( C[0] & C[1]);
+#else
+    R[0][0] = C[0] ^ (~C[1] & C[2]) ^ iotas[i];
+    R[0][1] = C[1] ^ (~C[2] & C[3]);
+    R[0][2] = C[2] ^ (~C[3] & C[4]);
+    R[0][3] = C[3] ^ (~C[4] & C[0]);
+    R[0][4] = C[4] ^ (~C[0] & C[1]);
+#endif
+
+    C[0] = ROL64(A[0][3] ^ D[3], rhotates[0][3]);
+    C[1] = ROL64(A[1][4] ^ D[4], rhotates[1][4]);
+    C[2] = ROL64(A[2][0] ^ D[0], rhotates[2][0]);
+    C[3] = ROL64(A[3][1] ^ D[1], rhotates[3][1]);
+    C[4] = ROL64(A[4][2] ^ D[2], rhotates[4][2]);
+
+#ifdef KECCAK_COMPLEMENTING_TRANSFORM
+    R[1][0] = C[0] ^ (C[1] |  C[2]);
+    R[1][1] = C[1] ^ (C[2] &  C[3]);
+    R[1][2] = C[2] ^ (C[3] | ~C[4]);
+    R[1][3] = C[3] ^ (C[4] |  C[0]);
+    R[1][4] = C[4] ^ (C[0] &  C[1]);
+#else
+    R[1][0] = C[0] ^ (~C[1] & C[2]);
+    R[1][1] = C[1] ^ (~C[2] & C[3]);
+    R[1][2] = C[2] ^ (~C[3] & C[4]);
+    R[1][3] = C[3] ^ (~C[4] & C[0]);
+    R[1][4] = C[4] ^ (~C[0] & C[1]);
+#endif
+
+    C[0] = ROL64(A[0][1] ^ D[1], rhotates[0][1]);
+    C[1] = ROL64(A[1][2] ^ D[2], rhotates[1][2]);
+    C[2] = ROL64(A[2][3] ^ D[3], rhotates[2][3]);
+    C[3] = ROL64(A[3][4] ^ D[4], rhotates[3][4]);
+    C[4] = ROL64(A[4][0] ^ D[0], rhotates[4][0]);
+
+#ifdef KECCAK_COMPLEMENTING_TRANSFORM
+    R[2][0] =  C[0] ^ ( C[1] | C[2]);
+    R[2][1] =  C[1] ^ ( C[2] & C[3]);
+    R[2][2] =  C[2] ^ (~C[3] & C[4]);
+    R[2][3] = ~C[3] ^ ( C[4] | C[0]);
+    R[2][4] =  C[4] ^ ( C[0] & C[1]);
+#else
+    R[2][0] = C[0] ^ (~C[1] & C[2]);
+    R[2][1] = C[1] ^ (~C[2] & C[3]);
+    R[2][2] = C[2] ^ (~C[3] & C[4]);
+    R[2][3] = C[3] ^ (~C[4] & C[0]);
+    R[2][4] = C[4] ^ (~C[0] & C[1]);
+#endif
+
+    C[0] = ROL64(A[0][4] ^ D[4], rhotates[0][4]);
+    C[1] = ROL64(A[1][0] ^ D[0], rhotates[1][0]);
+    C[2] = ROL64(A[2][1] ^ D[1], rhotates[2][1]);
+    C[3] = ROL64(A[3][2] ^ D[2], rhotates[3][2]);
+    C[4] = ROL64(A[4][3] ^ D[3], rhotates[4][3]);
+
+#ifdef KECCAK_COMPLEMENTING_TRANSFORM
+    R[3][0] =  C[0] ^ ( C[1] & C[2]);
+    R[3][1] =  C[1] ^ ( C[2] | C[3]);
+    R[3][2] =  C[2] ^ (~C[3] | C[4]);
+    R[3][3] = ~C[3] ^ ( C[4] & C[0]);
+    R[3][4] =  C[4] ^ ( C[0] | C[1]);
+#else
+    R[3][0] = C[0] ^ (~C[1] & C[2]);
+    R[3][1] = C[1] ^ (~C[2] & C[3]);
+    R[3][2] = C[2] ^ (~C[3] & C[4]);
+    R[3][3] = C[3] ^ (~C[4] & C[0]);
+    R[3][4] = C[4] ^ (~C[0] & C[1]);
+#endif
+
+    C[0] = ROL64(A[0][2] ^ D[2], rhotates[0][2]);
+    C[1] = ROL64(A[1][3] ^ D[3], rhotates[1][3]);
+    C[2] = ROL64(A[2][4] ^ D[4], rhotates[2][4]);
+    C[3] = ROL64(A[3][0] ^ D[0], rhotates[3][0]);
+    C[4] = ROL64(A[4][1] ^ D[1], rhotates[4][1]);
+
+#ifdef KECCAK_COMPLEMENTING_TRANSFORM
+    R[4][0] =  C[0] ^ (~C[1] & C[2]);
+    R[4][1] = ~C[1] ^ ( C[2] | C[3]);
+    R[4][2] =  C[2] ^ ( C[3] & C[4]);
+    R[4][3] =  C[3] ^ ( C[4] | C[0]);
+    R[4][4] =  C[4] ^ ( C[0] & C[1]);
+#else
+    R[4][0] = C[0] ^ (~C[1] & C[2]);
+    R[4][1] = C[1] ^ (~C[2] & C[3]);
+    R[4][2] = C[2] ^ (~C[3] & C[4]);
+    R[4][3] = C[3] ^ (~C[4] & C[0]);
+    R[4][4] = C[4] ^ (~C[0] & C[1]);
+#endif
+}
+
+static void KeccakF1600(uint64_t A[5][5])
+{
+    uint64_t T[5][5];
+    size_t i;
+
+#ifdef KECCAK_COMPLEMENTING_TRANSFORM
+    A[0][1] = ~A[0][1];
+    A[0][2] = ~A[0][2];
+    A[1][3] = ~A[1][3];
+    A[2][2] = ~A[2][2];
+    A[3][2] = ~A[3][2];
+    A[4][0] = ~A[4][0];
+#endif
+
+    for (i = 0; i < 24; i += 2) {
+        Round(T, A, i);
+        Round(A, T, i + 1);
+    }
+
+#ifdef KECCAK_COMPLEMENTING_TRANSFORM
+    A[0][1] = ~A[0][1];
+    A[0][2] = ~A[0][2];
+    A[1][3] = ~A[1][3];
+    A[2][2] = ~A[2][2];
+    A[3][2] = ~A[3][2];
+    A[4][0] = ~A[4][0];
+#endif
+}
+
+#else   /* define KECCAK_INPLACE to compile this code path */
+/*
+ * This implementation is KECCAK_1X from above combined 4 times with
+ * a twist that allows to omit temporary storage and perform in-place
+ * processing. It's discussed in section 2.5 of "Keccak implementation
+ * overview". It's likely to be best suited for processors with large
+ * register bank... On the other hand processor with large register
+ * bank can as well use KECCAK_1X_ALT, it would be as fast but much
+ * more compact...
+ */
+static void FourRounds(uint64_t A[5][5], size_t i)
+{
+    uint64_t B[5], C[5], D[5];
+
+    assert(i <= (sizeof(iotas) / sizeof(iotas[0]) - 4));
+
+    /* Round 4*n */
+    C[0] = A[0][0] ^ A[1][0] ^ A[2][0] ^ A[3][0] ^ A[4][0];
+    C[1] = A[0][1] ^ A[1][1] ^ A[2][1] ^ A[3][1] ^ A[4][1];
+    C[2] = A[0][2] ^ A[1][2] ^ A[2][2] ^ A[3][2] ^ A[4][2];
+    C[3] = A[0][3] ^ A[1][3] ^ A[2][3] ^ A[3][3] ^ A[4][3];
+    C[4] = A[0][4] ^ A[1][4] ^ A[2][4] ^ A[3][4] ^ A[4][4];
+
+    D[0] = ROL64(C[1], 1) ^ C[4];
+    D[1] = ROL64(C[2], 1) ^ C[0];
+    D[2] = ROL64(C[3], 1) ^ C[1];
+    D[3] = ROL64(C[4], 1) ^ C[2];
+    D[4] = ROL64(C[0], 1) ^ C[3];
+
+    B[0] =       A[0][0] ^ D[0]; /* rotate by 0 */
+    B[1] = ROL64(A[1][1] ^ D[1], rhotates[1][1]);
+    B[2] = ROL64(A[2][2] ^ D[2], rhotates[2][2]);
+    B[3] = ROL64(A[3][3] ^ D[3], rhotates[3][3]);
+    B[4] = ROL64(A[4][4] ^ D[4], rhotates[4][4]);
+
+    C[0] = A[0][0] = B[0] ^ (~B[1] & B[2]) ^ iotas[i];
+    C[1] = A[1][1] = B[1] ^ (~B[2] & B[3]);
+    C[2] = A[2][2] = B[2] ^ (~B[3] & B[4]);
+    C[3] = A[3][3] = B[3] ^ (~B[4] & B[0]);
+    C[4] = A[4][4] = B[4] ^ (~B[0] & B[1]);
+
+    B[0] = ROL64(A[0][3] ^ D[3], rhotates[0][3]);
+    B[1] = ROL64(A[1][4] ^ D[4], rhotates[1][4]);
+    B[2] = ROL64(A[2][0] ^ D[0], rhotates[2][0]);
+    B[3] = ROL64(A[3][1] ^ D[1], rhotates[3][1]);
+    B[4] = ROL64(A[4][2] ^ D[2], rhotates[4][2]);
+
+    C[0] ^= A[2][0] = B[0] ^ (~B[1] & B[2]);
+    C[1] ^= A[3][1] = B[1] ^ (~B[2] & B[3]);
+    C[2] ^= A[4][2] = B[2] ^ (~B[3] & B[4]);
+    C[3] ^= A[0][3] = B[3] ^ (~B[4] & B[0]);
+    C[4] ^= A[1][4] = B[4] ^ (~B[0] & B[1]);
+
+    B[0] = ROL64(A[0][1] ^ D[1], rhotates[0][1]);
+    B[1] = ROL64(A[1][2] ^ D[2], rhotates[1][2]);
+    B[2] = ROL64(A[2][3] ^ D[3], rhotates[2][3]);
+    B[3] = ROL64(A[3][4] ^ D[4], rhotates[3][4]);
+    B[4] = ROL64(A[4][0] ^ D[0], rhotates[4][0]);
+
+    C[0] ^= A[4][0] = B[0] ^ (~B[1] & B[2]);
+    C[1] ^= A[0][1] = B[1] ^ (~B[2] & B[3]);
+    C[2] ^= A[1][2] = B[2] ^ (~B[3] & B[4]);
+    C[3] ^= A[2][3] = B[3] ^ (~B[4] & B[0]);
+    C[4] ^= A[3][4] = B[4] ^ (~B[0] & B[1]);
+
+    B[0] = ROL64(A[0][4] ^ D[4], rhotates[0][4]);
+    B[1] = ROL64(A[1][0] ^ D[0], rhotates[1][0]);
+    B[2] = ROL64(A[2][1] ^ D[1], rhotates[2][1]);
+    B[3] = ROL64(A[3][2] ^ D[2], rhotates[3][2]);
+    B[4] = ROL64(A[4][3] ^ D[3], rhotates[4][3]);
+
+    C[0] ^= A[1][0] = B[0] ^ (~B[1] & B[2]);
+    C[1] ^= A[2][1] = B[1] ^ (~B[2] & B[3]);
+    C[2] ^= A[3][2] = B[2] ^ (~B[3] & B[4]);
+    C[3] ^= A[4][3] = B[3] ^ (~B[4] & B[0]);
+    C[4] ^= A[0][4] = B[4] ^ (~B[0] & B[1]);
+
+    B[0] = ROL64(A[0][2] ^ D[2], rhotates[0][2]);
+    B[1] = ROL64(A[1][3] ^ D[3], rhotates[1][3]);
+    B[2] = ROL64(A[2][4] ^ D[4], rhotates[2][4]);
+    B[3] = ROL64(A[3][0] ^ D[0], rhotates[3][0]);
+    B[4] = ROL64(A[4][1] ^ D[1], rhotates[4][1]);
+
+    C[0] ^= A[3][0] = B[0] ^ (~B[1] & B[2]);
+    C[1] ^= A[4][1] = B[1] ^ (~B[2] & B[3]);
+    C[2] ^= A[0][2] = B[2] ^ (~B[3] & B[4]);
+    C[3] ^= A[1][3] = B[3] ^ (~B[4] & B[0]);
+    C[4] ^= A[2][4] = B[4] ^ (~B[0] & B[1]);
+
+    /* Round 4*n+1 */
+    D[0] = ROL64(C[1], 1) ^ C[4];
+    D[1] = ROL64(C[2], 1) ^ C[0];
+    D[2] = ROL64(C[3], 1) ^ C[1];
+    D[3] = ROL64(C[4], 1) ^ C[2];
+    D[4] = ROL64(C[0], 1) ^ C[3];
+
+    B[0] =       A[0][0] ^ D[0]; /* rotate by 0 */
+    B[1] = ROL64(A[3][1] ^ D[1], rhotates[1][1]);
+    B[2] = ROL64(A[1][2] ^ D[2], rhotates[2][2]);
+    B[3] = ROL64(A[4][3] ^ D[3], rhotates[3][3]);
+    B[4] = ROL64(A[2][4] ^ D[4], rhotates[4][4]);
+
+    C[0] = A[0][0] = B[0] ^ (~B[1] & B[2]) ^ iotas[i + 1];
+    C[1] = A[3][1] = B[1] ^ (~B[2] & B[3]);
+    C[2] = A[1][2] = B[2] ^ (~B[3] & B[4]);
+    C[3] = A[4][3] = B[3] ^ (~B[4] & B[0]);
+    C[4] = A[2][4] = B[4] ^ (~B[0] & B[1]);
+
+    B[0] = ROL64(A[3][3] ^ D[3], rhotates[0][3]);
+    B[1] = ROL64(A[1][4] ^ D[4], rhotates[1][4]);
+    B[2] = ROL64(A[4][0] ^ D[0], rhotates[2][0]);
+    B[3] = ROL64(A[2][1] ^ D[1], rhotates[3][1]);
+    B[4] = ROL64(A[0][2] ^ D[2], rhotates[4][2]);
+
+    C[0] ^= A[4][0] = B[0] ^ (~B[1] & B[2]);
+    C[1] ^= A[2][1] = B[1] ^ (~B[2] & B[3]);
+    C[2] ^= A[0][2] = B[2] ^ (~B[3] & B[4]);
+    C[3] ^= A[3][3] = B[3] ^ (~B[4] & B[0]);
+    C[4] ^= A[1][4] = B[4] ^ (~B[0] & B[1]);
+
+    B[0] = ROL64(A[1][1] ^ D[1], rhotates[0][1]);
+    B[1] = ROL64(A[4][2] ^ D[2], rhotates[1][2]);
+    B[2] = ROL64(A[2][3] ^ D[3], rhotates[2][3]);
+    B[3] = ROL64(A[0][4] ^ D[4], rhotates[3][4]);
+    B[4] = ROL64(A[3][0] ^ D[0], rhotates[4][0]);
+
+    C[0] ^= A[3][0] = B[0] ^ (~B[1] & B[2]);
+    C[1] ^= A[1][1] = B[1] ^ (~B[2] & B[3]);
+    C[2] ^= A[4][2] = B[2] ^ (~B[3] & B[4]);
+    C[3] ^= A[2][3] = B[3] ^ (~B[4] & B[0]);
+    C[4] ^= A[0][4] = B[4] ^ (~B[0] & B[1]);
+
+    B[0] = ROL64(A[4][4] ^ D[4], rhotates[0][4]);
+    B[1] = ROL64(A[2][0] ^ D[0], rhotates[1][0]);
+    B[2] = ROL64(A[0][1] ^ D[1], rhotates[2][1]);
+    B[3] = ROL64(A[3][2] ^ D[2], rhotates[3][2]);
+    B[4] = ROL64(A[1][3] ^ D[3], rhotates[4][3]);
+
+    C[0] ^= A[2][0] = B[0] ^ (~B[1] & B[2]);
+    C[1] ^= A[0][1] = B[1] ^ (~B[2] & B[3]);
+    C[2] ^= A[3][2] = B[2] ^ (~B[3] & B[4]);
+    C[3] ^= A[1][3] = B[3] ^ (~B[4] & B[0]);
+    C[4] ^= A[4][4] = B[4] ^ (~B[0] & B[1]);
+
+    B[0] = ROL64(A[2][2] ^ D[2], rhotates[0][2]);
+    B[1] = ROL64(A[0][3] ^ D[3], rhotates[1][3]);
+    B[2] = ROL64(A[3][4] ^ D[4], rhotates[2][4]);
+    B[3] = ROL64(A[1][0] ^ D[0], rhotates[3][0]);
+    B[4] = ROL64(A[4][1] ^ D[1], rhotates[4][1]);
+
+    C[0] ^= A[1][0] = B[0] ^ (~B[1] & B[2]);
+    C[1] ^= A[4][1] = B[1] ^ (~B[2] & B[3]);
+    C[2] ^= A[2][2] = B[2] ^ (~B[3] & B[4]);
+    C[3] ^= A[0][3] = B[3] ^ (~B[4] & B[0]);
+    C[4] ^= A[3][4] = B[4] ^ (~B[0] & B[1]);
+
+    /* Round 4*n+2 */
+    D[0] = ROL64(C[1], 1) ^ C[4];
+    D[1] = ROL64(C[2], 1) ^ C[0];
+    D[2] = ROL64(C[3], 1) ^ C[1];
+    D[3] = ROL64(C[4], 1) ^ C[2];
+    D[4] = ROL64(C[0], 1) ^ C[3];
+
+    B[0] =       A[0][0] ^ D[0]; /* rotate by 0 */
+    B[1] = ROL64(A[2][1] ^ D[1], rhotates[1][1]);
+    B[2] = ROL64(A[4][2] ^ D[2], rhotates[2][2]);
+    B[3] = ROL64(A[1][3] ^ D[3], rhotates[3][3]);
+    B[4] = ROL64(A[3][4] ^ D[4], rhotates[4][4]);
+
+    C[0] = A[0][0] = B[0] ^ (~B[1] & B[2]) ^ iotas[i + 2];
+    C[1] = A[2][1] = B[1] ^ (~B[2] & B[3]);
+    C[2] = A[4][2] = B[2] ^ (~B[3] & B[4]);
+    C[3] = A[1][3] = B[3] ^ (~B[4] & B[0]);
+    C[4] = A[3][4] = B[4] ^ (~B[0] & B[1]);
+
+    B[0] = ROL64(A[4][3] ^ D[3], rhotates[0][3]);
+    B[1] = ROL64(A[1][4] ^ D[4], rhotates[1][4]);
+    B[2] = ROL64(A[3][0] ^ D[0], rhotates[2][0]);
+    B[3] = ROL64(A[0][1] ^ D[1], rhotates[3][1]);
+    B[4] = ROL64(A[2][2] ^ D[2], rhotates[4][2]);
+
+    C[0] ^= A[3][0] = B[0] ^ (~B[1] & B[2]);
+    C[1] ^= A[0][1] = B[1] ^ (~B[2] & B[3]);
+    C[2] ^= A[2][2] = B[2] ^ (~B[3] & B[4]);
+    C[3] ^= A[4][3] = B[3] ^ (~B[4] & B[0]);
+    C[4] ^= A[1][4] = B[4] ^ (~B[0] & B[1]);
+
+    B[0] = ROL64(A[3][1] ^ D[1], rhotates[0][1]);
+    B[1] = ROL64(A[0][2] ^ D[2], rhotates[1][2]);
+    B[2] = ROL64(A[2][3] ^ D[3], rhotates[2][3]);
+    B[3] = ROL64(A[4][4] ^ D[4], rhotates[3][4]);
+    B[4] = ROL64(A[1][0] ^ D[0], rhotates[4][0]);
+
+    C[0] ^= A[1][0] = B[0] ^ (~B[1] & B[2]);
+    C[1] ^= A[3][1] = B[1] ^ (~B[2] & B[3]);
+    C[2] ^= A[0][2] = B[2] ^ (~B[3] & B[4]);
+    C[3] ^= A[2][3] = B[3] ^ (~B[4] & B[0]);
+    C[4] ^= A[4][4] = B[4] ^ (~B[0] & B[1]);
+
+    B[0] = ROL64(A[2][4] ^ D[4], rhotates[0][4]);
+    B[1] = ROL64(A[4][0] ^ D[0], rhotates[1][0]);
+    B[2] = ROL64(A[1][1] ^ D[1], rhotates[2][1]);
+    B[3] = ROL64(A[3][2] ^ D[2], rhotates[3][2]);
+    B[4] = ROL64(A[0][3] ^ D[3], rhotates[4][3]);
+
+    C[0] ^= A[4][0] = B[0] ^ (~B[1] & B[2]);
+    C[1] ^= A[1][1] = B[1] ^ (~B[2] & B[3]);
+    C[2] ^= A[3][2] = B[2] ^ (~B[3] & B[4]);
+    C[3] ^= A[0][3] = B[3] ^ (~B[4] & B[0]);
+    C[4] ^= A[2][4] = B[4] ^ (~B[0] & B[1]);
+
+    B[0] = ROL64(A[1][2] ^ D[2], rhotates[0][2]);
+    B[1] = ROL64(A[3][3] ^ D[3], rhotates[1][3]);
+    B[2] = ROL64(A[0][4] ^ D[4], rhotates[2][4]);
+    B[3] = ROL64(A[2][0] ^ D[0], rhotates[3][0]);
+    B[4] = ROL64(A[4][1] ^ D[1], rhotates[4][1]);
+
+    C[0] ^= A[2][0] = B[0] ^ (~B[1] & B[2]);
+    C[1] ^= A[4][1] = B[1] ^ (~B[2] & B[3]);
+    C[2] ^= A[1][2] = B[2] ^ (~B[3] & B[4]);
+    C[3] ^= A[3][3] = B[3] ^ (~B[4] & B[0]);
+    C[4] ^= A[0][4] = B[4] ^ (~B[0] & B[1]);
+
+    /* Round 4*n+3 */
+    D[0] = ROL64(C[1], 1) ^ C[4];
+    D[1] = ROL64(C[2], 1) ^ C[0];
+    D[2] = ROL64(C[3], 1) ^ C[1];
+    D[3] = ROL64(C[4], 1) ^ C[2];
+    D[4] = ROL64(C[0], 1) ^ C[3];
+
+    B[0] =       A[0][0] ^ D[0]; /* rotate by 0 */
+    B[1] = ROL64(A[0][1] ^ D[1], rhotates[1][1]);
+    B[2] = ROL64(A[0][2] ^ D[2], rhotates[2][2]);
+    B[3] = ROL64(A[0][3] ^ D[3], rhotates[3][3]);
+    B[4] = ROL64(A[0][4] ^ D[4], rhotates[4][4]);
+
+    /* C[0] = */ A[0][0] = B[0] ^ (~B[1] & B[2]) ^ iotas[i + 3];
+    /* C[1] = */ A[0][1] = B[1] ^ (~B[2] & B[3]);
+    /* C[2] = */ A[0][2] = B[2] ^ (~B[3] & B[4]);
+    /* C[3] = */ A[0][3] = B[3] ^ (~B[4] & B[0]);
+    /* C[4] = */ A[0][4] = B[4] ^ (~B[0] & B[1]);
+
+    B[0] = ROL64(A[1][3] ^ D[3], rhotates[0][3]);
+    B[1] = ROL64(A[1][4] ^ D[4], rhotates[1][4]);
+    B[2] = ROL64(A[1][0] ^ D[0], rhotates[2][0]);
+    B[3] = ROL64(A[1][1] ^ D[1], rhotates[3][1]);
+    B[4] = ROL64(A[1][2] ^ D[2], rhotates[4][2]);
+
+    /* C[0] ^= */ A[1][0] = B[0] ^ (~B[1] & B[2]);
+    /* C[1] ^= */ A[1][1] = B[1] ^ (~B[2] & B[3]);
+    /* C[2] ^= */ A[1][2] = B[2] ^ (~B[3] & B[4]);
+    /* C[3] ^= */ A[1][3] = B[3] ^ (~B[4] & B[0]);
+    /* C[4] ^= */ A[1][4] = B[4] ^ (~B[0] & B[1]);
+
+    B[0] = ROL64(A[2][1] ^ D[1], rhotates[0][1]);
+    B[1] = ROL64(A[2][2] ^ D[2], rhotates[1][2]);
+    B[2] = ROL64(A[2][3] ^ D[3], rhotates[2][3]);
+    B[3] = ROL64(A[2][4] ^ D[4], rhotates[3][4]);
+    B[4] = ROL64(A[2][0] ^ D[0], rhotates[4][0]);
+
+    /* C[0] ^= */ A[2][0] = B[0] ^ (~B[1] & B[2]);
+    /* C[1] ^= */ A[2][1] = B[1] ^ (~B[2] & B[3]);
+    /* C[2] ^= */ A[2][2] = B[2] ^ (~B[3] & B[4]);
+    /* C[3] ^= */ A[2][3] = B[3] ^ (~B[4] & B[0]);
+    /* C[4] ^= */ A[2][4] = B[4] ^ (~B[0] & B[1]);
+
+    B[0] = ROL64(A[3][4] ^ D[4], rhotates[0][4]);
+    B[1] = ROL64(A[3][0] ^ D[0], rhotates[1][0]);
+    B[2] = ROL64(A[3][1] ^ D[1], rhotates[2][1]);
+    B[3] = ROL64(A[3][2] ^ D[2], rhotates[3][2]);
+    B[4] = ROL64(A[3][3] ^ D[3], rhotates[4][3]);
+
+    /* C[0] ^= */ A[3][0] = B[0] ^ (~B[1] & B[2]);
+    /* C[1] ^= */ A[3][1] = B[1] ^ (~B[2] & B[3]);
+    /* C[2] ^= */ A[3][2] = B[2] ^ (~B[3] & B[4]);
+    /* C[3] ^= */ A[3][3] = B[3] ^ (~B[4] & B[0]);
+    /* C[4] ^= */ A[3][4] = B[4] ^ (~B[0] & B[1]);
+
+    B[0] = ROL64(A[4][2] ^ D[2], rhotates[0][2]);
+    B[1] = ROL64(A[4][3] ^ D[3], rhotates[1][3]);
+    B[2] = ROL64(A[4][4] ^ D[4], rhotates[2][4]);
+    B[3] = ROL64(A[4][0] ^ D[0], rhotates[3][0]);
+    B[4] = ROL64(A[4][1] ^ D[1], rhotates[4][1]);
+
+    /* C[0] ^= */ A[4][0] = B[0] ^ (~B[1] & B[2]);
+    /* C[1] ^= */ A[4][1] = B[1] ^ (~B[2] & B[3]);
+    /* C[2] ^= */ A[4][2] = B[2] ^ (~B[3] & B[4]);
+    /* C[3] ^= */ A[4][3] = B[3] ^ (~B[4] & B[0]);
+    /* C[4] ^= */ A[4][4] = B[4] ^ (~B[0] & B[1]);
+}
+
+static void KeccakF1600(uint64_t A[5][5])
+{
+    size_t i;
+
+    for (i = 0; i < 24; i += 4) {
+        FourRounds(A, i);
+    }
+}
+
+#endif
+
+static uint64_t BitInterleave(uint64_t Ai)
+{
+    if (BIT_INTERLEAVE) {
+        uint32_t hi = (uint32_t)(Ai >> 32), lo = (uint32_t)Ai;
+        uint32_t t0, t1;
+
+        t0 = lo & 0x55555555;
+        t0 |= t0 >> 1;  t0 &= 0x33333333;
+        t0 |= t0 >> 2;  t0 &= 0x0f0f0f0f;
+        t0 |= t0 >> 4;  t0 &= 0x00ff00ff;
+        t0 |= t0 >> 8;  t0 &= 0x0000ffff;
+
+        t1 = hi & 0x55555555;
+        t1 |= t1 >> 1;  t1 &= 0x33333333;
+        t1 |= t1 >> 2;  t1 &= 0x0f0f0f0f;
+        t1 |= t1 >> 4;  t1 &= 0x00ff00ff;
+        t1 |= t1 >> 8;  t1 <<= 16;
+
+        lo &= 0xaaaaaaaa;
+        lo |= lo << 1;  lo &= 0xcccccccc;
+        lo |= lo << 2;  lo &= 0xf0f0f0f0;
+        lo |= lo << 4;  lo &= 0xff00ff00;
+        lo |= lo << 8;  lo >>= 16;
+
+        hi &= 0xaaaaaaaa;
+        hi |= hi << 1;  hi &= 0xcccccccc;
+        hi |= hi << 2;  hi &= 0xf0f0f0f0;
+        hi |= hi << 4;  hi &= 0xff00ff00;
+        hi |= hi << 8;  hi &= 0xffff0000;
+
+        Ai = ((uint64_t)(hi | lo) << 32) | (t1 | t0);
+    }
+
+    return Ai;
+}
+
+static uint64_t BitDeinterleave(uint64_t Ai)
+{
+    if (BIT_INTERLEAVE) {
+        uint32_t hi = (uint32_t)(Ai >> 32), lo = (uint32_t)Ai;
+        uint32_t t0, t1;
+
+        t0 = lo & 0x0000ffff;
+        t0 |= t0 << 8;  t0 &= 0x00ff00ff;
+        t0 |= t0 << 4;  t0 &= 0x0f0f0f0f;
+        t0 |= t0 << 2;  t0 &= 0x33333333;
+        t0 |= t0 << 1;  t0 &= 0x55555555;
+
+        t1 = hi << 16;
+        t1 |= t1 >> 8;  t1 &= 0xff00ff00;
+        t1 |= t1 >> 4;  t1 &= 0xf0f0f0f0;
+        t1 |= t1 >> 2;  t1 &= 0xcccccccc;
+        t1 |= t1 >> 1;  t1 &= 0xaaaaaaaa;
+
+        lo >>= 16;
+        lo |= lo << 8;  lo &= 0x00ff00ff;
+        lo |= lo << 4;  lo &= 0x0f0f0f0f;
+        lo |= lo << 2;  lo &= 0x33333333;
+        lo |= lo << 1;  lo &= 0x55555555;
+
+        hi &= 0xffff0000;
+        hi |= hi >> 8;  hi &= 0xff00ff00;
+        hi |= hi >> 4;  hi &= 0xf0f0f0f0;
+        hi |= hi >> 2;  hi &= 0xcccccccc;
+        hi |= hi >> 1;  hi &= 0xaaaaaaaa;
+
+        Ai = ((uint64_t)(hi | lo) << 32) | (t1 | t0);
+    }
+
+    return Ai;
+}
+
+/*
+ * SHA3_absorb can be called multiple times, but at each invocation
+ * largest multiple of |r| out of |len| bytes are processed. Then
+ * remaining amount of bytes is returned. This is done to spare caller
+ * trouble of calculating the largest multiple of |r|. |r| can be viewed
+ * as blocksize. It is commonly (1600 - 256*n)/8, e.g. 168, 136, 104,
+ * 72, but can also be (1600 - 448)/8 = 144. All this means that message
+ * padding and intermediate sub-block buffering, byte- or bitwise, is
+ * caller's responsibility.
+ */
+size_t SHA3_absorb(uint64_t A[5][5], const unsigned char *inp, size_t len,
+                   size_t r)
+{
+    uint64_t *A_flat = (uint64_t *)A;
+    size_t i, w = r / 8;
+
+    assert(r < (25 * sizeof(A[0][0])) && (r % 8) == 0);
+
+    while (len >= r) {
+        for (i = 0; i < w; i++) {
+            uint64_t Ai = (uint64_t)inp[0]       | (uint64_t)inp[1] << 8  |
+                          (uint64_t)inp[2] << 16 | (uint64_t)inp[3] << 24 |
+                          (uint64_t)inp[4] << 32 | (uint64_t)inp[5] << 40 |
+                          (uint64_t)inp[6] << 48 | (uint64_t)inp[7] << 56;
+            inp += 8;
+
+            A_flat[i] ^= BitInterleave(Ai);
+        }
+        KeccakF1600(A);
+        len -= r;
+    }
+
+    return len;
+}
+
+/*
+ * SHA3_squeeze is called once at the end to generate |out| hash value
+ * of |len| bytes.
+ */
+void SHA3_squeeze(uint64_t A[5][5], unsigned char *out, size_t len, size_t r)
+{
+    uint64_t *A_flat = (uint64_t *)A;
+    size_t i, w = r / 8;
+
+    assert(r < (25 * sizeof(A[0][0])) && (r % 8) == 0);
+
+    while (len != 0) {
+        for (i = 0; i < w && len != 0; i++) {
+            uint64_t Ai = BitDeinterleave(A_flat[i]);
+
+            if (len < 8) {
+                for (i = 0; i < len; i++) {
+                    *out++ = (unsigned char)Ai;
+                    Ai >>= 8;
+                }
+                return;
+            }
+
+            out[0] = (unsigned char)(Ai);
+            out[1] = (unsigned char)(Ai >> 8);
+            out[2] = (unsigned char)(Ai >> 16);
+            out[3] = (unsigned char)(Ai >> 24);
+            out[4] = (unsigned char)(Ai >> 32);
+            out[5] = (unsigned char)(Ai >> 40);
+            out[6] = (unsigned char)(Ai >> 48);
+            out[7] = (unsigned char)(Ai >> 56);
+            out += 8;
+            len -= 8;
+        }
+        if (len)
+            KeccakF1600(A);
+    }
+}
+#endif
+
+#ifdef SELFTEST
+/*
+ * Post-padding one-shot implementations would look as following:
+ *
+ * SHA3_224     SHA3_sponge(inp, len, out, 224/8, (1600-448)/8);
+ * SHA3_256     SHA3_sponge(inp, len, out, 256/8, (1600-512)/8);
+ * SHA3_384     SHA3_sponge(inp, len, out, 384/8, (1600-768)/8);
+ * SHA3_512     SHA3_sponge(inp, len, out, 512/8, (1600-1024)/8);
+ * SHAKE_128    SHA3_sponge(inp, len, out, d, (1600-256)/8);
+ * SHAKE_256    SHA3_sponge(inp, len, out, d, (1600-512)/8);
+ */
+
+void SHA3_sponge(const unsigned char *inp, size_t len,
+                 unsigned char *out, size_t d, size_t r)
+{
+    uint64_t A[5][5];
+
+    memset(A, 0, sizeof(A));
+    SHA3_absorb(A, inp, len, r);
+    SHA3_squeeze(A, out, d, r);
+}
+
+# include <stdio.h>
+
+int main()
+{
+    /*
+     * This is 5-bit SHAKE128 test from http://csrc.nist.gov/groups/ST/toolkit/examples.html#aHashing
+     */
+    unsigned char test[168] = { '\xf3', '\x3' };
+    unsigned char out[512];
+    size_t i;
+    static const unsigned char result[512] = {
+        0x2E, 0x0A, 0xBF, 0xBA, 0x83, 0xE6, 0x72, 0x0B,
+        0xFB, 0xC2, 0x25, 0xFF, 0x6B, 0x7A, 0xB9, 0xFF,
+        0xCE, 0x58, 0xBA, 0x02, 0x7E, 0xE3, 0xD8, 0x98,
+        0x76, 0x4F, 0xEF, 0x28, 0x7D, 0xDE, 0xCC, 0xCA,
+        0x3E, 0x6E, 0x59, 0x98, 0x41, 0x1E, 0x7D, 0xDB,
+        0x32, 0xF6, 0x75, 0x38, 0xF5, 0x00, 0xB1, 0x8C,
+        0x8C, 0x97, 0xC4, 0x52, 0xC3, 0x70, 0xEA, 0x2C,
+        0xF0, 0xAF, 0xCA, 0x3E, 0x05, 0xDE, 0x7E, 0x4D,
+        0xE2, 0x7F, 0xA4, 0x41, 0xA9, 0xCB, 0x34, 0xFD,
+        0x17, 0xC9, 0x78, 0xB4, 0x2D, 0x5B, 0x7E, 0x7F,
+        0x9A, 0xB1, 0x8F, 0xFE, 0xFF, 0xC3, 0xC5, 0xAC,
+        0x2F, 0x3A, 0x45, 0x5E, 0xEB, 0xFD, 0xC7, 0x6C,
+        0xEA, 0xEB, 0x0A, 0x2C, 0xCA, 0x22, 0xEE, 0xF6,
+        0xE6, 0x37, 0xF4, 0xCA, 0xBE, 0x5C, 0x51, 0xDE,
+        0xD2, 0xE3, 0xFA, 0xD8, 0xB9, 0x52, 0x70, 0xA3,
+        0x21, 0x84, 0x56, 0x64, 0xF1, 0x07, 0xD1, 0x64,
+        0x96, 0xBB, 0x7A, 0xBF, 0xBE, 0x75, 0x04, 0xB6,
+        0xED, 0xE2, 0xE8, 0x9E, 0x4B, 0x99, 0x6F, 0xB5,
+        0x8E, 0xFD, 0xC4, 0x18, 0x1F, 0x91, 0x63, 0x38,
+        0x1C, 0xBE, 0x7B, 0xC0, 0x06, 0xA7, 0xA2, 0x05,
+        0x98, 0x9C, 0x52, 0x6C, 0xD1, 0xBD, 0x68, 0x98,
+        0x36, 0x93, 0xB4, 0xBD, 0xC5, 0x37, 0x28, 0xB2,
+        0x41, 0xC1, 0xCF, 0xF4, 0x2B, 0xB6, 0x11, 0x50,
+        0x2C, 0x35, 0x20, 0x5C, 0xAB, 0xB2, 0x88, 0x75,
+        0x56, 0x55, 0xD6, 0x20, 0xC6, 0x79, 0x94, 0xF0,
+        0x64, 0x51, 0x18, 0x7F, 0x6F, 0xD1, 0x7E, 0x04,
+        0x66, 0x82, 0xBA, 0x12, 0x86, 0x06, 0x3F, 0xF8,
+        0x8F, 0xE2, 0x50, 0x8D, 0x1F, 0xCA, 0xF9, 0x03,
+        0x5A, 0x12, 0x31, 0xAD, 0x41, 0x50, 0xA9, 0xC9,
+        0xB2, 0x4C, 0x9B, 0x2D, 0x66, 0xB2, 0xAD, 0x1B,
+        0xDE, 0x0B, 0xD0, 0xBB, 0xCB, 0x8B, 0xE0, 0x5B,
+        0x83, 0x52, 0x29, 0xEF, 0x79, 0x19, 0x73, 0x73,
+        0x23, 0x42, 0x44, 0x01, 0xE1, 0xD8, 0x37, 0xB6,
+        0x6E, 0xB4, 0xE6, 0x30, 0xFF, 0x1D, 0xE7, 0x0C,
+        0xB3, 0x17, 0xC2, 0xBA, 0xCB, 0x08, 0x00, 0x1D,
+        0x34, 0x77, 0xB7, 0xA7, 0x0A, 0x57, 0x6D, 0x20,
+        0x86, 0x90, 0x33, 0x58, 0x9D, 0x85, 0xA0, 0x1D,
+        0xDB, 0x2B, 0x66, 0x46, 0xC0, 0x43, 0xB5, 0x9F,
+        0xC0, 0x11, 0x31, 0x1D, 0xA6, 0x66, 0xFA, 0x5A,
+        0xD1, 0xD6, 0x38, 0x7F, 0xA9, 0xBC, 0x40, 0x15,
+        0xA3, 0x8A, 0x51, 0xD1, 0xDA, 0x1E, 0xA6, 0x1D,
+        0x64, 0x8D, 0xC8, 0xE3, 0x9A, 0x88, 0xB9, 0xD6,
+        0x22, 0xBD, 0xE2, 0x07, 0xFD, 0xAB, 0xC6, 0xF2,
+        0x82, 0x7A, 0x88, 0x0C, 0x33, 0x0B, 0xBF, 0x6D,
+        0xF7, 0x33, 0x77, 0x4B, 0x65, 0x3E, 0x57, 0x30,
+        0x5D, 0x78, 0xDC, 0xE1, 0x12, 0xF1, 0x0A, 0x2C,
+        0x71, 0xF4, 0xCD, 0xAD, 0x92, 0xED, 0x11, 0x3E,
+        0x1C, 0xEA, 0x63, 0xB9, 0x19, 0x25, 0xED, 0x28,
+        0x19, 0x1E, 0x6D, 0xBB, 0xB5, 0xAA, 0x5A, 0x2A,
+        0xFD, 0xA5, 0x1F, 0xC0, 0x5A, 0x3A, 0xF5, 0x25,
+        0x8B, 0x87, 0x66, 0x52, 0x43, 0x55, 0x0F, 0x28,
+        0x94, 0x8A, 0xE2, 0xB8, 0xBE, 0xB6, 0xBC, 0x9C,
+        0x77, 0x0B, 0x35, 0xF0, 0x67, 0xEA, 0xA6, 0x41,
+        0xEF, 0xE6, 0x5B, 0x1A, 0x44, 0x90, 0x9D, 0x1B,
+        0x14, 0x9F, 0x97, 0xEE, 0xA6, 0x01, 0x39, 0x1C,
+        0x60, 0x9E, 0xC8, 0x1D, 0x19, 0x30, 0xF5, 0x7C,
+        0x18, 0xA4, 0xE0, 0xFA, 0xB4, 0x91, 0xD1, 0xCA,
+        0xDF, 0xD5, 0x04, 0x83, 0x44, 0x9E, 0xDC, 0x0F,
+        0x07, 0xFF, 0xB2, 0x4D, 0x2C, 0x6F, 0x9A, 0x9A,
+        0x3B, 0xFF, 0x39, 0xAE, 0x3D, 0x57, 0xF5, 0x60,
+        0x65, 0x4D, 0x7D, 0x75, 0xC9, 0x08, 0xAB, 0xE6,
+        0x25, 0x64, 0x75, 0x3E, 0xAC, 0x39, 0xD7, 0x50,
+        0x3D, 0xA6, 0xD3, 0x7C, 0x2E, 0x32, 0xE1, 0xAF,
+        0x3B, 0x8A, 0xEC, 0x8A, 0xE3, 0x06, 0x9C, 0xD9
+    };
+
+    test[167] = '\x80';
+    SHA3_sponge(test, sizeof(test), out, sizeof(out), sizeof(test));
+
+    /*
+     * Rationale behind keeping output [formatted as below] is that
+     * one should be able to redirect it to a file, then copy-n-paste
+     * final "output val" from official example to another file, and
+     * compare the two with diff(1).
+     */
+    for (i = 0; i < sizeof(out);) {
+        printf("%02X", out[i]);
+        printf(++i % 16 && i != sizeof(out) ? " " : "\n");
+    }
+
+    if (memcmp(out,result,sizeof(out))) {
+        fprintf(stderr,"failure\n");
+        return 1;
+    } else {
+        fprintf(stderr,"success\n");
+        return 0;
+    }
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/sha1_one.c b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/sha1_one.c
new file mode 100644
index 000000000..e5b38211d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/sha1_one.c
@@ -0,0 +1,28 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/sha.h>
+
+unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md)
+{
+    SHA_CTX c;
+    static unsigned char m[SHA_DIGEST_LENGTH];
+
+    if (md == NULL)
+        md = m;
+    if (!SHA1_Init(&c))
+        return NULL;
+    SHA1_Update(&c, d, n);
+    SHA1_Final(md, &c);
+    OPENSSL_cleanse(&c, sizeof(c));
+    return md;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/sha1dgst.c b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/sha1dgst.c
new file mode 100644
index 000000000..819370e61
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/sha1dgst.c
@@ -0,0 +1,17 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include <openssl/opensslconf.h>
+
+# include <openssl/opensslv.h>
+
+/* The implementation is in ../md32_common.h */
+
+# include "sha_locl.h"
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/sha256.c b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/sha256.c
new file mode 100644
index 000000000..bf78f075e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/sha256.c
@@ -0,0 +1,386 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/crypto.h>
+#include <openssl/sha.h>
+#include <openssl/opensslv.h>
+
+int SHA224_Init(SHA256_CTX *c)
+{
+    memset(c, 0, sizeof(*c));
+    c->h[0] = 0xc1059ed8UL;
+    c->h[1] = 0x367cd507UL;
+    c->h[2] = 0x3070dd17UL;
+    c->h[3] = 0xf70e5939UL;
+    c->h[4] = 0xffc00b31UL;
+    c->h[5] = 0x68581511UL;
+    c->h[6] = 0x64f98fa7UL;
+    c->h[7] = 0xbefa4fa4UL;
+    c->md_len = SHA224_DIGEST_LENGTH;
+    return 1;
+}
+
+int SHA256_Init(SHA256_CTX *c)
+{
+    memset(c, 0, sizeof(*c));
+    c->h[0] = 0x6a09e667UL;
+    c->h[1] = 0xbb67ae85UL;
+    c->h[2] = 0x3c6ef372UL;
+    c->h[3] = 0xa54ff53aUL;
+    c->h[4] = 0x510e527fUL;
+    c->h[5] = 0x9b05688cUL;
+    c->h[6] = 0x1f83d9abUL;
+    c->h[7] = 0x5be0cd19UL;
+    c->md_len = SHA256_DIGEST_LENGTH;
+    return 1;
+}
+
+unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md)
+{
+    SHA256_CTX c;
+    static unsigned char m[SHA224_DIGEST_LENGTH];
+
+    if (md == NULL)
+        md = m;
+    SHA224_Init(&c);
+    SHA256_Update(&c, d, n);
+    SHA256_Final(md, &c);
+    OPENSSL_cleanse(&c, sizeof(c));
+    return md;
+}
+
+unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md)
+{
+    SHA256_CTX c;
+    static unsigned char m[SHA256_DIGEST_LENGTH];
+
+    if (md == NULL)
+        md = m;
+    SHA256_Init(&c);
+    SHA256_Update(&c, d, n);
+    SHA256_Final(md, &c);
+    OPENSSL_cleanse(&c, sizeof(c));
+    return md;
+}
+
+int SHA224_Update(SHA256_CTX *c, const void *data, size_t len)
+{
+    return SHA256_Update(c, data, len);
+}
+
+int SHA224_Final(unsigned char *md, SHA256_CTX *c)
+{
+    return SHA256_Final(md, c);
+}
+
+#define DATA_ORDER_IS_BIG_ENDIAN
+
+#define HASH_LONG               SHA_LONG
+#define HASH_CTX                SHA256_CTX
+#define HASH_CBLOCK             SHA_CBLOCK
+
+/*
+ * Note that FIPS180-2 discusses "Truncation of the Hash Function Output."
+ * default: case below covers for it. It's not clear however if it's
+ * permitted to truncate to amount of bytes not divisible by 4. I bet not,
+ * but if it is, then default: case shall be extended. For reference.
+ * Idea behind separate cases for pre-defined lengths is to let the
+ * compiler decide if it's appropriate to unroll small loops.
+ */
+#define HASH_MAKE_STRING(c,s)   do {    \
+        unsigned long ll;               \
+        unsigned int  nn;               \
+        switch ((c)->md_len)            \
+        {   case SHA224_DIGEST_LENGTH:  \
+                for (nn=0;nn<SHA224_DIGEST_LENGTH/4;nn++)       \
+                {   ll=(c)->h[nn]; (void)HOST_l2c(ll,(s));   }  \
+                break;                  \
+            case SHA256_DIGEST_LENGTH:  \
+                for (nn=0;nn<SHA256_DIGEST_LENGTH/4;nn++)       \
+                {   ll=(c)->h[nn]; (void)HOST_l2c(ll,(s));   }  \
+                break;                  \
+            default:                    \
+                if ((c)->md_len > SHA256_DIGEST_LENGTH) \
+                    return 0;                           \
+                for (nn=0;nn<(c)->md_len/4;nn++)                \
+                {   ll=(c)->h[nn]; (void)HOST_l2c(ll,(s));   }  \
+                break;                  \
+        }                               \
+        } while (0)
+
+#define HASH_UPDATE             SHA256_Update
+#define HASH_TRANSFORM          SHA256_Transform
+#define HASH_FINAL              SHA256_Final
+#define HASH_BLOCK_DATA_ORDER   sha256_block_data_order
+#ifndef SHA256_ASM
+static
+#endif
+void sha256_block_data_order(SHA256_CTX *ctx, const void *in, size_t num);
+
+#include "internal/md32_common.h"
+
+#ifndef SHA256_ASM
+static const SHA_LONG K256[64] = {
+    0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
+    0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
+    0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL,
+    0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL,
+    0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
+    0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL,
+    0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL,
+    0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL,
+    0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL,
+    0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
+    0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL,
+    0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL,
+    0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL,
+    0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL,
+    0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
+    0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
+};
+
+/*
+ * FIPS specification refers to right rotations, while our ROTATE macro
+ * is left one. This is why you might notice that rotation coefficients
+ * differ from those observed in FIPS document by 32-N...
+ */
+# define Sigma0(x)       (ROTATE((x),30) ^ ROTATE((x),19) ^ ROTATE((x),10))
+# define Sigma1(x)       (ROTATE((x),26) ^ ROTATE((x),21) ^ ROTATE((x),7))
+# define sigma0(x)       (ROTATE((x),25) ^ ROTATE((x),14) ^ ((x)>>3))
+# define sigma1(x)       (ROTATE((x),15) ^ ROTATE((x),13) ^ ((x)>>10))
+
+# define Ch(x,y,z)       (((x) & (y)) ^ ((~(x)) & (z)))
+# define Maj(x,y,z)      (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+
+# ifdef OPENSSL_SMALL_FOOTPRINT
+
+static void sha256_block_data_order(SHA256_CTX *ctx, const void *in,
+                                    size_t num)
+{
+    unsigned MD32_REG_T a, b, c, d, e, f, g, h, s0, s1, T1, T2;
+    SHA_LONG X[16], l;
+    int i;
+    const unsigned char *data = in;
+
+    while (num--) {
+
+        a = ctx->h[0];
+        b = ctx->h[1];
+        c = ctx->h[2];
+        d = ctx->h[3];
+        e = ctx->h[4];
+        f = ctx->h[5];
+        g = ctx->h[6];
+        h = ctx->h[7];
+
+        for (i = 0; i < 16; i++) {
+            (void)HOST_c2l(data, l);
+            T1 = X[i] = l;
+            T1 += h + Sigma1(e) + Ch(e, f, g) + K256[i];
+            T2 = Sigma0(a) + Maj(a, b, c);
+            h = g;
+            g = f;
+            f = e;
+            e = d + T1;
+            d = c;
+            c = b;
+            b = a;
+            a = T1 + T2;
+        }
+
+        for (; i < 64; i++) {
+            s0 = X[(i + 1) & 0x0f];
+            s0 = sigma0(s0);
+            s1 = X[(i + 14) & 0x0f];
+            s1 = sigma1(s1);
+
+            T1 = X[i & 0xf] += s0 + s1 + X[(i + 9) & 0xf];
+            T1 += h + Sigma1(e) + Ch(e, f, g) + K256[i];
+            T2 = Sigma0(a) + Maj(a, b, c);
+            h = g;
+            g = f;
+            f = e;
+            e = d + T1;
+            d = c;
+            c = b;
+            b = a;
+            a = T1 + T2;
+        }
+
+        ctx->h[0] += a;
+        ctx->h[1] += b;
+        ctx->h[2] += c;
+        ctx->h[3] += d;
+        ctx->h[4] += e;
+        ctx->h[5] += f;
+        ctx->h[6] += g;
+        ctx->h[7] += h;
+
+    }
+}
+
+# else
+
+#  define ROUND_00_15(i,a,b,c,d,e,f,g,h)          do {    \
+        T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i];      \
+        h = Sigma0(a) + Maj(a,b,c);                     \
+        d += T1;        h += T1;                } while (0)
+
+#  define ROUND_16_63(i,a,b,c,d,e,f,g,h,X)        do {    \
+        s0 = X[(i+1)&0x0f];     s0 = sigma0(s0);        \
+        s1 = X[(i+14)&0x0f];    s1 = sigma1(s1);        \
+        T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f];    \
+        ROUND_00_15(i,a,b,c,d,e,f,g,h);         } while (0)
+
+static void sha256_block_data_order(SHA256_CTX *ctx, const void *in,
+                                    size_t num)
+{
+    unsigned MD32_REG_T a, b, c, d, e, f, g, h, s0, s1, T1;
+    SHA_LONG X[16];
+    int i;
+    const unsigned char *data = in;
+    const union {
+        long one;
+        char little;
+    } is_endian = {
+        1
+    };
+
+    while (num--) {
+
+        a = ctx->h[0];
+        b = ctx->h[1];
+        c = ctx->h[2];
+        d = ctx->h[3];
+        e = ctx->h[4];
+        f = ctx->h[5];
+        g = ctx->h[6];
+        h = ctx->h[7];
+
+        if (!is_endian.little && sizeof(SHA_LONG) == 4
+            && ((size_t)in % 4) == 0) {
+            const SHA_LONG *W = (const SHA_LONG *)data;
+
+            T1 = X[0] = W[0];
+            ROUND_00_15(0, a, b, c, d, e, f, g, h);
+            T1 = X[1] = W[1];
+            ROUND_00_15(1, h, a, b, c, d, e, f, g);
+            T1 = X[2] = W[2];
+            ROUND_00_15(2, g, h, a, b, c, d, e, f);
+            T1 = X[3] = W[3];
+            ROUND_00_15(3, f, g, h, a, b, c, d, e);
+            T1 = X[4] = W[4];
+            ROUND_00_15(4, e, f, g, h, a, b, c, d);
+            T1 = X[5] = W[5];
+            ROUND_00_15(5, d, e, f, g, h, a, b, c);
+            T1 = X[6] = W[6];
+            ROUND_00_15(6, c, d, e, f, g, h, a, b);
+            T1 = X[7] = W[7];
+            ROUND_00_15(7, b, c, d, e, f, g, h, a);
+            T1 = X[8] = W[8];
+            ROUND_00_15(8, a, b, c, d, e, f, g, h);
+            T1 = X[9] = W[9];
+            ROUND_00_15(9, h, a, b, c, d, e, f, g);
+            T1 = X[10] = W[10];
+            ROUND_00_15(10, g, h, a, b, c, d, e, f);
+            T1 = X[11] = W[11];
+            ROUND_00_15(11, f, g, h, a, b, c, d, e);
+            T1 = X[12] = W[12];
+            ROUND_00_15(12, e, f, g, h, a, b, c, d);
+            T1 = X[13] = W[13];
+            ROUND_00_15(13, d, e, f, g, h, a, b, c);
+            T1 = X[14] = W[14];
+            ROUND_00_15(14, c, d, e, f, g, h, a, b);
+            T1 = X[15] = W[15];
+            ROUND_00_15(15, b, c, d, e, f, g, h, a);
+
+            data += SHA256_CBLOCK;
+        } else {
+            SHA_LONG l;
+
+            (void)HOST_c2l(data, l);
+            T1 = X[0] = l;
+            ROUND_00_15(0, a, b, c, d, e, f, g, h);
+            (void)HOST_c2l(data, l);
+            T1 = X[1] = l;
+            ROUND_00_15(1, h, a, b, c, d, e, f, g);
+            (void)HOST_c2l(data, l);
+            T1 = X[2] = l;
+            ROUND_00_15(2, g, h, a, b, c, d, e, f);
+            (void)HOST_c2l(data, l);
+            T1 = X[3] = l;
+            ROUND_00_15(3, f, g, h, a, b, c, d, e);
+            (void)HOST_c2l(data, l);
+            T1 = X[4] = l;
+            ROUND_00_15(4, e, f, g, h, a, b, c, d);
+            (void)HOST_c2l(data, l);
+            T1 = X[5] = l;
+            ROUND_00_15(5, d, e, f, g, h, a, b, c);
+            (void)HOST_c2l(data, l);
+            T1 = X[6] = l;
+            ROUND_00_15(6, c, d, e, f, g, h, a, b);
+            (void)HOST_c2l(data, l);
+            T1 = X[7] = l;
+            ROUND_00_15(7, b, c, d, e, f, g, h, a);
+            (void)HOST_c2l(data, l);
+            T1 = X[8] = l;
+            ROUND_00_15(8, a, b, c, d, e, f, g, h);
+            (void)HOST_c2l(data, l);
+            T1 = X[9] = l;
+            ROUND_00_15(9, h, a, b, c, d, e, f, g);
+            (void)HOST_c2l(data, l);
+            T1 = X[10] = l;
+            ROUND_00_15(10, g, h, a, b, c, d, e, f);
+            (void)HOST_c2l(data, l);
+            T1 = X[11] = l;
+            ROUND_00_15(11, f, g, h, a, b, c, d, e);
+            (void)HOST_c2l(data, l);
+            T1 = X[12] = l;
+            ROUND_00_15(12, e, f, g, h, a, b, c, d);
+            (void)HOST_c2l(data, l);
+            T1 = X[13] = l;
+            ROUND_00_15(13, d, e, f, g, h, a, b, c);
+            (void)HOST_c2l(data, l);
+            T1 = X[14] = l;
+            ROUND_00_15(14, c, d, e, f, g, h, a, b);
+            (void)HOST_c2l(data, l);
+            T1 = X[15] = l;
+            ROUND_00_15(15, b, c, d, e, f, g, h, a);
+        }
+
+        for (i = 16; i < 64; i += 8) {
+            ROUND_16_63(i + 0, a, b, c, d, e, f, g, h, X);
+            ROUND_16_63(i + 1, h, a, b, c, d, e, f, g, X);
+            ROUND_16_63(i + 2, g, h, a, b, c, d, e, f, X);
+            ROUND_16_63(i + 3, f, g, h, a, b, c, d, e, X);
+            ROUND_16_63(i + 4, e, f, g, h, a, b, c, d, X);
+            ROUND_16_63(i + 5, d, e, f, g, h, a, b, c, X);
+            ROUND_16_63(i + 6, c, d, e, f, g, h, a, b, X);
+            ROUND_16_63(i + 7, b, c, d, e, f, g, h, a, X);
+        }
+
+        ctx->h[0] += a;
+        ctx->h[1] += b;
+        ctx->h[2] += c;
+        ctx->h[3] += d;
+        ctx->h[4] += e;
+        ctx->h[5] += f;
+        ctx->h[6] += g;
+        ctx->h[7] += h;
+
+    }
+}
+
+# endif
+#endif                         /* SHA256_ASM */
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/sha512.c b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/sha512.c
new file mode 100644
index 000000000..50b65ee81
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/sha512.c
@@ -0,0 +1,765 @@
+/*
+ * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+/*-
+ * IMPLEMENTATION NOTES.
+ *
+ * As you might have noticed 32-bit hash algorithms:
+ *
+ * - permit SHA_LONG to be wider than 32-bit
+ * - optimized versions implement two transform functions: one operating
+ *   on [aligned] data in host byte order and one - on data in input
+ *   stream byte order;
+ * - share common byte-order neutral collector and padding function
+ *   implementations, ../md32_common.h;
+ *
+ * Neither of the above applies to this SHA-512 implementations. Reasons
+ * [in reverse order] are:
+ *
+ * - it's the only 64-bit hash algorithm for the moment of this writing,
+ *   there is no need for common collector/padding implementation [yet];
+ * - by supporting only one transform function [which operates on
+ *   *aligned* data in input stream byte order, big-endian in this case]
+ *   we minimize burden of maintenance in two ways: a) collector/padding
+ *   function is simpler; b) only one transform function to stare at;
+ * - SHA_LONG64 is required to be exactly 64-bit in order to be able to
+ *   apply a number of optimizations to mitigate potential performance
+ *   penalties caused by previous design decision;
+ *
+ * Caveat lector.
+ *
+ * Implementation relies on the fact that "long long" is 64-bit on
+ * both 32- and 64-bit platforms. If some compiler vendor comes up
+ * with 128-bit long long, adjustment to sha.h would be required.
+ * As this implementation relies on 64-bit integer type, it's totally
+ * inappropriate for platforms which don't support it, most notably
+ * 16-bit platforms.
+ */
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/crypto.h>
+#include <openssl/sha.h>
+#include <openssl/opensslv.h>
+
+#include "internal/cryptlib.h"
+#include "internal/sha.h"
+
+#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
+    defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \
+    defined(__s390__) || defined(__s390x__) || \
+    defined(__aarch64__) || \
+    defined(SHA512_ASM)
+# define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
+#endif
+
+int sha512_224_init(SHA512_CTX *c)
+{
+    c->h[0] = U64(0x8c3d37c819544da2);
+    c->h[1] = U64(0x73e1996689dcd4d6);
+    c->h[2] = U64(0x1dfab7ae32ff9c82);
+    c->h[3] = U64(0x679dd514582f9fcf);
+    c->h[4] = U64(0x0f6d2b697bd44da8);
+    c->h[5] = U64(0x77e36f7304c48942);
+    c->h[6] = U64(0x3f9d85a86a1d36c8);
+    c->h[7] = U64(0x1112e6ad91d692a1);
+
+    c->Nl = 0;
+    c->Nh = 0;
+    c->num = 0;
+    c->md_len = SHA224_DIGEST_LENGTH;
+    return 1;
+}
+
+int sha512_256_init(SHA512_CTX *c)
+{
+    c->h[0] = U64(0x22312194fc2bf72c);
+    c->h[1] = U64(0x9f555fa3c84c64c2);
+    c->h[2] = U64(0x2393b86b6f53b151);
+    c->h[3] = U64(0x963877195940eabd);
+    c->h[4] = U64(0x96283ee2a88effe3);
+    c->h[5] = U64(0xbe5e1e2553863992);
+    c->h[6] = U64(0x2b0199fc2c85b8aa);
+    c->h[7] = U64(0x0eb72ddc81c52ca2);
+
+    c->Nl = 0;
+    c->Nh = 0;
+    c->num = 0;
+    c->md_len = SHA256_DIGEST_LENGTH;
+    return 1;
+}
+
+int SHA384_Init(SHA512_CTX *c)
+{
+    c->h[0] = U64(0xcbbb9d5dc1059ed8);
+    c->h[1] = U64(0x629a292a367cd507);
+    c->h[2] = U64(0x9159015a3070dd17);
+    c->h[3] = U64(0x152fecd8f70e5939);
+    c->h[4] = U64(0x67332667ffc00b31);
+    c->h[5] = U64(0x8eb44a8768581511);
+    c->h[6] = U64(0xdb0c2e0d64f98fa7);
+    c->h[7] = U64(0x47b5481dbefa4fa4);
+
+    c->Nl = 0;
+    c->Nh = 0;
+    c->num = 0;
+    c->md_len = SHA384_DIGEST_LENGTH;
+    return 1;
+}
+
+int SHA512_Init(SHA512_CTX *c)
+{
+    c->h[0] = U64(0x6a09e667f3bcc908);
+    c->h[1] = U64(0xbb67ae8584caa73b);
+    c->h[2] = U64(0x3c6ef372fe94f82b);
+    c->h[3] = U64(0xa54ff53a5f1d36f1);
+    c->h[4] = U64(0x510e527fade682d1);
+    c->h[5] = U64(0x9b05688c2b3e6c1f);
+    c->h[6] = U64(0x1f83d9abfb41bd6b);
+    c->h[7] = U64(0x5be0cd19137e2179);
+
+    c->Nl = 0;
+    c->Nh = 0;
+    c->num = 0;
+    c->md_len = SHA512_DIGEST_LENGTH;
+    return 1;
+}
+
+#ifndef SHA512_ASM
+static
+#endif
+void sha512_block_data_order(SHA512_CTX *ctx, const void *in, size_t num);
+
+int SHA512_Final(unsigned char *md, SHA512_CTX *c)
+{
+    unsigned char *p = (unsigned char *)c->u.p;
+    size_t n = c->num;
+
+    p[n] = 0x80;                /* There always is a room for one */
+    n++;
+    if (n > (sizeof(c->u) - 16)) {
+        memset(p + n, 0, sizeof(c->u) - n);
+        n = 0;
+        sha512_block_data_order(c, p, 1);
+    }
+
+    memset(p + n, 0, sizeof(c->u) - 16 - n);
+#ifdef  B_ENDIAN
+    c->u.d[SHA_LBLOCK - 2] = c->Nh;
+    c->u.d[SHA_LBLOCK - 1] = c->Nl;
+#else
+    p[sizeof(c->u) - 1] = (unsigned char)(c->Nl);
+    p[sizeof(c->u) - 2] = (unsigned char)(c->Nl >> 8);
+    p[sizeof(c->u) - 3] = (unsigned char)(c->Nl >> 16);
+    p[sizeof(c->u) - 4] = (unsigned char)(c->Nl >> 24);
+    p[sizeof(c->u) - 5] = (unsigned char)(c->Nl >> 32);
+    p[sizeof(c->u) - 6] = (unsigned char)(c->Nl >> 40);
+    p[sizeof(c->u) - 7] = (unsigned char)(c->Nl >> 48);
+    p[sizeof(c->u) - 8] = (unsigned char)(c->Nl >> 56);
+    p[sizeof(c->u) - 9] = (unsigned char)(c->Nh);
+    p[sizeof(c->u) - 10] = (unsigned char)(c->Nh >> 8);
+    p[sizeof(c->u) - 11] = (unsigned char)(c->Nh >> 16);
+    p[sizeof(c->u) - 12] = (unsigned char)(c->Nh >> 24);
+    p[sizeof(c->u) - 13] = (unsigned char)(c->Nh >> 32);
+    p[sizeof(c->u) - 14] = (unsigned char)(c->Nh >> 40);
+    p[sizeof(c->u) - 15] = (unsigned char)(c->Nh >> 48);
+    p[sizeof(c->u) - 16] = (unsigned char)(c->Nh >> 56);
+#endif
+
+    sha512_block_data_order(c, p, 1);
+
+    if (md == 0)
+        return 0;
+
+    switch (c->md_len) {
+    /* Let compiler decide if it's appropriate to unroll... */
+    case SHA224_DIGEST_LENGTH:
+        for (n = 0; n < SHA224_DIGEST_LENGTH / 8; n++) {
+            SHA_LONG64 t = c->h[n];
+
+            *(md++) = (unsigned char)(t >> 56);
+            *(md++) = (unsigned char)(t >> 48);
+            *(md++) = (unsigned char)(t >> 40);
+            *(md++) = (unsigned char)(t >> 32);
+            *(md++) = (unsigned char)(t >> 24);
+            *(md++) = (unsigned char)(t >> 16);
+            *(md++) = (unsigned char)(t >> 8);
+            *(md++) = (unsigned char)(t);
+        }
+        /*
+         * For 224 bits, there are four bytes left over that have to be
+         * processed separately.
+         */
+        {
+            SHA_LONG64 t = c->h[SHA224_DIGEST_LENGTH / 8];
+
+            *(md++) = (unsigned char)(t >> 56);
+            *(md++) = (unsigned char)(t >> 48);
+            *(md++) = (unsigned char)(t >> 40);
+            *(md++) = (unsigned char)(t >> 32);
+        }
+        break;
+    case SHA256_DIGEST_LENGTH:
+        for (n = 0; n < SHA256_DIGEST_LENGTH / 8; n++) {
+            SHA_LONG64 t = c->h[n];
+
+            *(md++) = (unsigned char)(t >> 56);
+            *(md++) = (unsigned char)(t >> 48);
+            *(md++) = (unsigned char)(t >> 40);
+            *(md++) = (unsigned char)(t >> 32);
+            *(md++) = (unsigned char)(t >> 24);
+            *(md++) = (unsigned char)(t >> 16);
+            *(md++) = (unsigned char)(t >> 8);
+            *(md++) = (unsigned char)(t);
+        }
+        break;
+    case SHA384_DIGEST_LENGTH:
+        for (n = 0; n < SHA384_DIGEST_LENGTH / 8; n++) {
+            SHA_LONG64 t = c->h[n];
+
+            *(md++) = (unsigned char)(t >> 56);
+            *(md++) = (unsigned char)(t >> 48);
+            *(md++) = (unsigned char)(t >> 40);
+            *(md++) = (unsigned char)(t >> 32);
+            *(md++) = (unsigned char)(t >> 24);
+            *(md++) = (unsigned char)(t >> 16);
+            *(md++) = (unsigned char)(t >> 8);
+            *(md++) = (unsigned char)(t);
+        }
+        break;
+    case SHA512_DIGEST_LENGTH:
+        for (n = 0; n < SHA512_DIGEST_LENGTH / 8; n++) {
+            SHA_LONG64 t = c->h[n];
+
+            *(md++) = (unsigned char)(t >> 56);
+            *(md++) = (unsigned char)(t >> 48);
+            *(md++) = (unsigned char)(t >> 40);
+            *(md++) = (unsigned char)(t >> 32);
+            *(md++) = (unsigned char)(t >> 24);
+            *(md++) = (unsigned char)(t >> 16);
+            *(md++) = (unsigned char)(t >> 8);
+            *(md++) = (unsigned char)(t);
+        }
+        break;
+    /* ... as well as make sure md_len is not abused. */
+    default:
+        return 0;
+    }
+
+    return 1;
+}
+
+int SHA384_Final(unsigned char *md, SHA512_CTX *c)
+{
+    return SHA512_Final(md, c);
+}
+
+int SHA512_Update(SHA512_CTX *c, const void *_data, size_t len)
+{
+    SHA_LONG64 l;
+    unsigned char *p = c->u.p;
+    const unsigned char *data = (const unsigned char *)_data;
+
+    if (len == 0)
+        return 1;
+
+    l = (c->Nl + (((SHA_LONG64) len) << 3)) & U64(0xffffffffffffffff);
+    if (l < c->Nl)
+        c->Nh++;
+    if (sizeof(len) >= 8)
+        c->Nh += (((SHA_LONG64) len) >> 61);
+    c->Nl = l;
+
+    if (c->num != 0) {
+        size_t n = sizeof(c->u) - c->num;
+
+        if (len < n) {
+            memcpy(p + c->num, data, len), c->num += (unsigned int)len;
+            return 1;
+        } else {
+            memcpy(p + c->num, data, n), c->num = 0;
+            len -= n, data += n;
+            sha512_block_data_order(c, p, 1);
+        }
+    }
+
+    if (len >= sizeof(c->u)) {
+#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
+        if ((size_t)data % sizeof(c->u.d[0]) != 0)
+            while (len >= sizeof(c->u))
+                memcpy(p, data, sizeof(c->u)),
+                sha512_block_data_order(c, p, 1),
+                len -= sizeof(c->u), data += sizeof(c->u);
+        else
+#endif
+            sha512_block_data_order(c, data, len / sizeof(c->u)),
+            data += len, len %= sizeof(c->u), data -= len;
+    }
+
+    if (len != 0)
+        memcpy(p, data, len), c->num = (int)len;
+
+    return 1;
+}
+
+int SHA384_Update(SHA512_CTX *c, const void *data, size_t len)
+{
+    return SHA512_Update(c, data, len);
+}
+
+void SHA512_Transform(SHA512_CTX *c, const unsigned char *data)
+{
+#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
+    if ((size_t)data % sizeof(c->u.d[0]) != 0)
+        memcpy(c->u.p, data, sizeof(c->u.p)), data = c->u.p;
+#endif
+    sha512_block_data_order(c, data, 1);
+}
+
+unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md)
+{
+    SHA512_CTX c;
+    static unsigned char m[SHA384_DIGEST_LENGTH];
+
+    if (md == NULL)
+        md = m;
+    SHA384_Init(&c);
+    SHA512_Update(&c, d, n);
+    SHA512_Final(md, &c);
+    OPENSSL_cleanse(&c, sizeof(c));
+    return md;
+}
+
+unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md)
+{
+    SHA512_CTX c;
+    static unsigned char m[SHA512_DIGEST_LENGTH];
+
+    if (md == NULL)
+        md = m;
+    SHA512_Init(&c);
+    SHA512_Update(&c, d, n);
+    SHA512_Final(md, &c);
+    OPENSSL_cleanse(&c, sizeof(c));
+    return md;
+}
+
+#ifndef SHA512_ASM
+static const SHA_LONG64 K512[80] = {
+    U64(0x428a2f98d728ae22), U64(0x7137449123ef65cd),
+    U64(0xb5c0fbcfec4d3b2f), U64(0xe9b5dba58189dbbc),
+    U64(0x3956c25bf348b538), U64(0x59f111f1b605d019),
+    U64(0x923f82a4af194f9b), U64(0xab1c5ed5da6d8118),
+    U64(0xd807aa98a3030242), U64(0x12835b0145706fbe),
+    U64(0x243185be4ee4b28c), U64(0x550c7dc3d5ffb4e2),
+    U64(0x72be5d74f27b896f), U64(0x80deb1fe3b1696b1),
+    U64(0x9bdc06a725c71235), U64(0xc19bf174cf692694),
+    U64(0xe49b69c19ef14ad2), U64(0xefbe4786384f25e3),
+    U64(0x0fc19dc68b8cd5b5), U64(0x240ca1cc77ac9c65),
+    U64(0x2de92c6f592b0275), U64(0x4a7484aa6ea6e483),
+    U64(0x5cb0a9dcbd41fbd4), U64(0x76f988da831153b5),
+    U64(0x983e5152ee66dfab), U64(0xa831c66d2db43210),
+    U64(0xb00327c898fb213f), U64(0xbf597fc7beef0ee4),
+    U64(0xc6e00bf33da88fc2), U64(0xd5a79147930aa725),
+    U64(0x06ca6351e003826f), U64(0x142929670a0e6e70),
+    U64(0x27b70a8546d22ffc), U64(0x2e1b21385c26c926),
+    U64(0x4d2c6dfc5ac42aed), U64(0x53380d139d95b3df),
+    U64(0x650a73548baf63de), U64(0x766a0abb3c77b2a8),
+    U64(0x81c2c92e47edaee6), U64(0x92722c851482353b),
+    U64(0xa2bfe8a14cf10364), U64(0xa81a664bbc423001),
+    U64(0xc24b8b70d0f89791), U64(0xc76c51a30654be30),
+    U64(0xd192e819d6ef5218), U64(0xd69906245565a910),
+    U64(0xf40e35855771202a), U64(0x106aa07032bbd1b8),
+    U64(0x19a4c116b8d2d0c8), U64(0x1e376c085141ab53),
+    U64(0x2748774cdf8eeb99), U64(0x34b0bcb5e19b48a8),
+    U64(0x391c0cb3c5c95a63), U64(0x4ed8aa4ae3418acb),
+    U64(0x5b9cca4f7763e373), U64(0x682e6ff3d6b2b8a3),
+    U64(0x748f82ee5defb2fc), U64(0x78a5636f43172f60),
+    U64(0x84c87814a1f0ab72), U64(0x8cc702081a6439ec),
+    U64(0x90befffa23631e28), U64(0xa4506cebde82bde9),
+    U64(0xbef9a3f7b2c67915), U64(0xc67178f2e372532b),
+    U64(0xca273eceea26619c), U64(0xd186b8c721c0c207),
+    U64(0xeada7dd6cde0eb1e), U64(0xf57d4f7fee6ed178),
+    U64(0x06f067aa72176fba), U64(0x0a637dc5a2c898a6),
+    U64(0x113f9804bef90dae), U64(0x1b710b35131c471b),
+    U64(0x28db77f523047d84), U64(0x32caab7b40c72493),
+    U64(0x3c9ebe0a15c9bebc), U64(0x431d67c49c100d4c),
+    U64(0x4cc5d4becb3e42b6), U64(0x597f299cfc657e2a),
+    U64(0x5fcb6fab3ad6faec), U64(0x6c44198c4a475817)
+};
+
+# ifndef PEDANTIC
+#  if defined(__GNUC__) && __GNUC__>=2 && \
+      !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+#   if defined(__x86_64) || defined(__x86_64__)
+#    define ROTR(a,n)    ({ SHA_LONG64 ret;             \
+                                asm ("rorq %1,%0"       \
+                                : "=r"(ret)             \
+                                : "J"(n),"0"(a)         \
+                                : "cc"); ret;           })
+#    if !defined(B_ENDIAN)
+#     define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x)));  \
+                                asm ("bswapq    %0"             \
+                                : "=r"(ret)                     \
+                                : "0"(ret)); ret;               })
+#    endif
+#   elif (defined(__i386) || defined(__i386__)) && !defined(B_ENDIAN)
+#    if defined(I386_ONLY)
+#     define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\
+                          unsigned int hi=p[0],lo=p[1];          \
+                                asm("xchgb %%ah,%%al;xchgb %%dh,%%dl;"\
+                                    "roll $16,%%eax; roll $16,%%edx; "\
+                                    "xchgb %%ah,%%al;xchgb %%dh,%%dl;"\
+                                : "=a"(lo),"=d"(hi)             \
+                                : "0"(lo),"1"(hi) : "cc");      \
+                                ((SHA_LONG64)hi)<<32|lo;        })
+#    else
+#     define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\
+                          unsigned int hi=p[0],lo=p[1];         \
+                                asm ("bswapl %0; bswapl %1;"    \
+                                : "=r"(lo),"=r"(hi)             \
+                                : "0"(lo),"1"(hi));             \
+                                ((SHA_LONG64)hi)<<32|lo;        })
+#    endif
+#   elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64)
+#    define ROTR(a,n)    ({ SHA_LONG64 ret;             \
+                                asm ("rotrdi %0,%1,%2"  \
+                                : "=r"(ret)             \
+                                : "r"(a),"K"(n)); ret;  })
+#   elif defined(__aarch64__)
+#    define ROTR(a,n)    ({ SHA_LONG64 ret;             \
+                                asm ("ror %0,%1,%2"     \
+                                : "=r"(ret)             \
+                                : "r"(a),"I"(n)); ret;  })
+#    if  defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \
+        __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
+#     define PULL64(x)   ({ SHA_LONG64 ret;                     \
+                                asm ("rev       %0,%1"          \
+                                : "=r"(ret)                     \
+                                : "r"(*((const SHA_LONG64 *)(&(x))))); ret; })
+#    endif
+#   endif
+#  elif defined(_MSC_VER)
+#   if defined(_WIN64)         /* applies to both IA-64 and AMD64 */
+#    pragma intrinsic(_rotr64)
+#    define ROTR(a,n)    _rotr64((a),n)
+#   endif
+#   if defined(_M_IX86) && !defined(OPENSSL_NO_ASM) && \
+       !defined(OPENSSL_NO_INLINE_ASM)
+#    if defined(I386_ONLY)
+static SHA_LONG64 __fastcall __pull64be(const void *x)
+{
+    _asm mov  edx,[ecx + 0]
+    _asm mov  eax,[ecx + 4]
+    _asm xchg dh, dl
+    _asm xchg ah, al
+    _asm rol  edx, 16
+    _asm rol  eax, 16
+    _asm xchg dh, dl
+    _asm xchg ah, al
+}
+#    else
+static SHA_LONG64 __fastcall __pull64be(const void *x)
+{
+    _asm mov   edx,[ecx + 0]
+    _asm mov   eax,[ecx + 4]
+    _asm bswap edx
+    _asm bswap eax
+}
+#    endif
+#    define PULL64(x) __pull64be(&(x))
+#   endif
+#  endif
+# endif
+# ifndef PULL64
+#  define B(x,j)    (((SHA_LONG64)(*(((const unsigned char *)(&x))+j)))<<((7-j)*8))
+#  define PULL64(x) (B(x,0)|B(x,1)|B(x,2)|B(x,3)|B(x,4)|B(x,5)|B(x,6)|B(x,7))
+# endif
+# ifndef ROTR
+#  define ROTR(x,s)       (((x)>>s) | (x)<<(64-s))
+# endif
+# define Sigma0(x)       (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39))
+# define Sigma1(x)       (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41))
+# define sigma0(x)       (ROTR((x),1)  ^ ROTR((x),8)  ^ ((x)>>7))
+# define sigma1(x)       (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6))
+# define Ch(x,y,z)       (((x) & (y)) ^ ((~(x)) & (z)))
+# define Maj(x,y,z)      (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+
+# if defined(__i386) || defined(__i386__) || defined(_M_IX86)
+/*
+ * This code should give better results on 32-bit CPU with less than
+ * ~24 registers, both size and performance wise...
+ */
+
+static void sha512_block_data_order(SHA512_CTX *ctx, const void *in,
+                                    size_t num)
+{
+    const SHA_LONG64 *W = in;
+    SHA_LONG64 A, E, T;
+    SHA_LONG64 X[9 + 80], *F;
+    int i;
+
+    while (num--) {
+
+        F = X + 80;
+        A = ctx->h[0];
+        F[1] = ctx->h[1];
+        F[2] = ctx->h[2];
+        F[3] = ctx->h[3];
+        E = ctx->h[4];
+        F[5] = ctx->h[5];
+        F[6] = ctx->h[6];
+        F[7] = ctx->h[7];
+
+        for (i = 0; i < 16; i++, F--) {
+#  ifdef B_ENDIAN
+            T = W[i];
+#  else
+            T = PULL64(W[i]);
+#  endif
+            F[0] = A;
+            F[4] = E;
+            F[8] = T;
+            T += F[7] + Sigma1(E) + Ch(E, F[5], F[6]) + K512[i];
+            E = F[3] + T;
+            A = T + Sigma0(A) + Maj(A, F[1], F[2]);
+        }
+
+        for (; i < 80; i++, F--) {
+            T = sigma0(F[8 + 16 - 1]);
+            T += sigma1(F[8 + 16 - 14]);
+            T += F[8 + 16] + F[8 + 16 - 9];
+
+            F[0] = A;
+            F[4] = E;
+            F[8] = T;
+            T += F[7] + Sigma1(E) + Ch(E, F[5], F[6]) + K512[i];
+            E = F[3] + T;
+            A = T + Sigma0(A) + Maj(A, F[1], F[2]);
+        }
+
+        ctx->h[0] += A;
+        ctx->h[1] += F[1];
+        ctx->h[2] += F[2];
+        ctx->h[3] += F[3];
+        ctx->h[4] += E;
+        ctx->h[5] += F[5];
+        ctx->h[6] += F[6];
+        ctx->h[7] += F[7];
+
+        W += SHA_LBLOCK;
+    }
+}
+
+# elif defined(OPENSSL_SMALL_FOOTPRINT)
+
+static void sha512_block_data_order(SHA512_CTX *ctx, const void *in,
+                                    size_t num)
+{
+    const SHA_LONG64 *W = in;
+    SHA_LONG64 a, b, c, d, e, f, g, h, s0, s1, T1, T2;
+    SHA_LONG64 X[16];
+    int i;
+
+    while (num--) {
+
+        a = ctx->h[0];
+        b = ctx->h[1];
+        c = ctx->h[2];
+        d = ctx->h[3];
+        e = ctx->h[4];
+        f = ctx->h[5];
+        g = ctx->h[6];
+        h = ctx->h[7];
+
+        for (i = 0; i < 16; i++) {
+#  ifdef B_ENDIAN
+            T1 = X[i] = W[i];
+#  else
+            T1 = X[i] = PULL64(W[i]);
+#  endif
+            T1 += h + Sigma1(e) + Ch(e, f, g) + K512[i];
+            T2 = Sigma0(a) + Maj(a, b, c);
+            h = g;
+            g = f;
+            f = e;
+            e = d + T1;
+            d = c;
+            c = b;
+            b = a;
+            a = T1 + T2;
+        }
+
+        for (; i < 80; i++) {
+            s0 = X[(i + 1) & 0x0f];
+            s0 = sigma0(s0);
+            s1 = X[(i + 14) & 0x0f];
+            s1 = sigma1(s1);
+
+            T1 = X[i & 0xf] += s0 + s1 + X[(i + 9) & 0xf];
+            T1 += h + Sigma1(e) + Ch(e, f, g) + K512[i];
+            T2 = Sigma0(a) + Maj(a, b, c);
+            h = g;
+            g = f;
+            f = e;
+            e = d + T1;
+            d = c;
+            c = b;
+            b = a;
+            a = T1 + T2;
+        }
+
+        ctx->h[0] += a;
+        ctx->h[1] += b;
+        ctx->h[2] += c;
+        ctx->h[3] += d;
+        ctx->h[4] += e;
+        ctx->h[5] += f;
+        ctx->h[6] += g;
+        ctx->h[7] += h;
+
+        W += SHA_LBLOCK;
+    }
+}
+
+# else
+#  define ROUND_00_15(i,a,b,c,d,e,f,g,h)        do {    \
+        T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i];      \
+        h = Sigma0(a) + Maj(a,b,c);                     \
+        d += T1;        h += T1;                        } while (0)
+
+#  define ROUND_16_80(i,j,a,b,c,d,e,f,g,h,X)    do {    \
+        s0 = X[(j+1)&0x0f];     s0 = sigma0(s0);        \
+        s1 = X[(j+14)&0x0f];    s1 = sigma1(s1);        \
+        T1 = X[(j)&0x0f] += s0 + s1 + X[(j+9)&0x0f];    \
+        ROUND_00_15(i+j,a,b,c,d,e,f,g,h);               } while (0)
+
+static void sha512_block_data_order(SHA512_CTX *ctx, const void *in,
+                                    size_t num)
+{
+    const SHA_LONG64 *W = in;
+    SHA_LONG64 a, b, c, d, e, f, g, h, s0, s1, T1;
+    SHA_LONG64 X[16];
+    int i;
+
+    while (num--) {
+
+        a = ctx->h[0];
+        b = ctx->h[1];
+        c = ctx->h[2];
+        d = ctx->h[3];
+        e = ctx->h[4];
+        f = ctx->h[5];
+        g = ctx->h[6];
+        h = ctx->h[7];
+
+#  ifdef B_ENDIAN
+        T1 = X[0] = W[0];
+        ROUND_00_15(0, a, b, c, d, e, f, g, h);
+        T1 = X[1] = W[1];
+        ROUND_00_15(1, h, a, b, c, d, e, f, g);
+        T1 = X[2] = W[2];
+        ROUND_00_15(2, g, h, a, b, c, d, e, f);
+        T1 = X[3] = W[3];
+        ROUND_00_15(3, f, g, h, a, b, c, d, e);
+        T1 = X[4] = W[4];
+        ROUND_00_15(4, e, f, g, h, a, b, c, d);
+        T1 = X[5] = W[5];
+        ROUND_00_15(5, d, e, f, g, h, a, b, c);
+        T1 = X[6] = W[6];
+        ROUND_00_15(6, c, d, e, f, g, h, a, b);
+        T1 = X[7] = W[7];
+        ROUND_00_15(7, b, c, d, e, f, g, h, a);
+        T1 = X[8] = W[8];
+        ROUND_00_15(8, a, b, c, d, e, f, g, h);
+        T1 = X[9] = W[9];
+        ROUND_00_15(9, h, a, b, c, d, e, f, g);
+        T1 = X[10] = W[10];
+        ROUND_00_15(10, g, h, a, b, c, d, e, f);
+        T1 = X[11] = W[11];
+        ROUND_00_15(11, f, g, h, a, b, c, d, e);
+        T1 = X[12] = W[12];
+        ROUND_00_15(12, e, f, g, h, a, b, c, d);
+        T1 = X[13] = W[13];
+        ROUND_00_15(13, d, e, f, g, h, a, b, c);
+        T1 = X[14] = W[14];
+        ROUND_00_15(14, c, d, e, f, g, h, a, b);
+        T1 = X[15] = W[15];
+        ROUND_00_15(15, b, c, d, e, f, g, h, a);
+#  else
+        T1 = X[0] = PULL64(W[0]);
+        ROUND_00_15(0, a, b, c, d, e, f, g, h);
+        T1 = X[1] = PULL64(W[1]);
+        ROUND_00_15(1, h, a, b, c, d, e, f, g);
+        T1 = X[2] = PULL64(W[2]);
+        ROUND_00_15(2, g, h, a, b, c, d, e, f);
+        T1 = X[3] = PULL64(W[3]);
+        ROUND_00_15(3, f, g, h, a, b, c, d, e);
+        T1 = X[4] = PULL64(W[4]);
+        ROUND_00_15(4, e, f, g, h, a, b, c, d);
+        T1 = X[5] = PULL64(W[5]);
+        ROUND_00_15(5, d, e, f, g, h, a, b, c);
+        T1 = X[6] = PULL64(W[6]);
+        ROUND_00_15(6, c, d, e, f, g, h, a, b);
+        T1 = X[7] = PULL64(W[7]);
+        ROUND_00_15(7, b, c, d, e, f, g, h, a);
+        T1 = X[8] = PULL64(W[8]);
+        ROUND_00_15(8, a, b, c, d, e, f, g, h);
+        T1 = X[9] = PULL64(W[9]);
+        ROUND_00_15(9, h, a, b, c, d, e, f, g);
+        T1 = X[10] = PULL64(W[10]);
+        ROUND_00_15(10, g, h, a, b, c, d, e, f);
+        T1 = X[11] = PULL64(W[11]);
+        ROUND_00_15(11, f, g, h, a, b, c, d, e);
+        T1 = X[12] = PULL64(W[12]);
+        ROUND_00_15(12, e, f, g, h, a, b, c, d);
+        T1 = X[13] = PULL64(W[13]);
+        ROUND_00_15(13, d, e, f, g, h, a, b, c);
+        T1 = X[14] = PULL64(W[14]);
+        ROUND_00_15(14, c, d, e, f, g, h, a, b);
+        T1 = X[15] = PULL64(W[15]);
+        ROUND_00_15(15, b, c, d, e, f, g, h, a);
+#  endif
+
+        for (i = 16; i < 80; i += 16) {
+            ROUND_16_80(i, 0, a, b, c, d, e, f, g, h, X);
+            ROUND_16_80(i, 1, h, a, b, c, d, e, f, g, X);
+            ROUND_16_80(i, 2, g, h, a, b, c, d, e, f, X);
+            ROUND_16_80(i, 3, f, g, h, a, b, c, d, e, X);
+            ROUND_16_80(i, 4, e, f, g, h, a, b, c, d, X);
+            ROUND_16_80(i, 5, d, e, f, g, h, a, b, c, X);
+            ROUND_16_80(i, 6, c, d, e, f, g, h, a, b, X);
+            ROUND_16_80(i, 7, b, c, d, e, f, g, h, a, X);
+            ROUND_16_80(i, 8, a, b, c, d, e, f, g, h, X);
+            ROUND_16_80(i, 9, h, a, b, c, d, e, f, g, X);
+            ROUND_16_80(i, 10, g, h, a, b, c, d, e, f, X);
+            ROUND_16_80(i, 11, f, g, h, a, b, c, d, e, X);
+            ROUND_16_80(i, 12, e, f, g, h, a, b, c, d, X);
+            ROUND_16_80(i, 13, d, e, f, g, h, a, b, c, X);
+            ROUND_16_80(i, 14, c, d, e, f, g, h, a, b, X);
+            ROUND_16_80(i, 15, b, c, d, e, f, g, h, a, X);
+        }
+
+        ctx->h[0] += a;
+        ctx->h[1] += b;
+        ctx->h[2] += c;
+        ctx->h[3] += d;
+        ctx->h[4] += e;
+        ctx->h[5] += f;
+        ctx->h[6] += g;
+        ctx->h[7] += h;
+
+        W += SHA_LBLOCK;
+    }
+}
+
+# endif
+
+#endif                         /* SHA512_ASM */
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/sha_locl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/sha_locl.h
new file mode 100644
index 000000000..4e5a09038
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/sha_locl.h
@@ -0,0 +1,424 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/opensslconf.h>
+#include <openssl/sha.h>
+
+#define DATA_ORDER_IS_BIG_ENDIAN
+
+#define HASH_LONG               SHA_LONG
+#define HASH_CTX                SHA_CTX
+#define HASH_CBLOCK             SHA_CBLOCK
+#define HASH_MAKE_STRING(c,s)   do {    \
+        unsigned long ll;               \
+        ll=(c)->h0; (void)HOST_l2c(ll,(s));     \
+        ll=(c)->h1; (void)HOST_l2c(ll,(s));     \
+        ll=(c)->h2; (void)HOST_l2c(ll,(s));     \
+        ll=(c)->h3; (void)HOST_l2c(ll,(s));     \
+        ll=(c)->h4; (void)HOST_l2c(ll,(s));     \
+        } while (0)
+
+#define HASH_UPDATE                     SHA1_Update
+#define HASH_TRANSFORM                  SHA1_Transform
+#define HASH_FINAL                      SHA1_Final
+#define HASH_INIT                       SHA1_Init
+#define HASH_BLOCK_DATA_ORDER           sha1_block_data_order
+#define Xupdate(a,ix,ia,ib,ic,id)       ( (a)=(ia^ib^ic^id),    \
+                                          ix=(a)=ROTATE((a),1)  \
+                                        )
+
+#ifndef SHA1_ASM
+static void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num);
+#else
+void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num);
+#endif
+
+#include "internal/md32_common.h"
+
+#define INIT_DATA_h0 0x67452301UL
+#define INIT_DATA_h1 0xefcdab89UL
+#define INIT_DATA_h2 0x98badcfeUL
+#define INIT_DATA_h3 0x10325476UL
+#define INIT_DATA_h4 0xc3d2e1f0UL
+
+int HASH_INIT(SHA_CTX *c)
+{
+    memset(c, 0, sizeof(*c));
+    c->h0 = INIT_DATA_h0;
+    c->h1 = INIT_DATA_h1;
+    c->h2 = INIT_DATA_h2;
+    c->h3 = INIT_DATA_h3;
+    c->h4 = INIT_DATA_h4;
+    return 1;
+}
+
+#define K_00_19 0x5a827999UL
+#define K_20_39 0x6ed9eba1UL
+#define K_40_59 0x8f1bbcdcUL
+#define K_60_79 0xca62c1d6UL
+
+/*
+ * As pointed out by Wei Dai, F() below can be simplified to the code in
+ * F_00_19.  Wei attributes these optimizations to Peter Gutmann's SHS code,
+ * and he attributes it to Rich Schroeppel.
+ *      #define F(x,y,z) (((x) & (y)) | ((~(x)) & (z)))
+ * I've just become aware of another tweak to be made, again from Wei Dai,
+ * in F_40_59, (x&a)|(y&a) -> (x|y)&a
+ */
+#define F_00_19(b,c,d)  ((((c) ^ (d)) & (b)) ^ (d))
+#define F_20_39(b,c,d)  ((b) ^ (c) ^ (d))
+#define F_40_59(b,c,d)  (((b) & (c)) | (((b)|(c)) & (d)))
+#define F_60_79(b,c,d)  F_20_39(b,c,d)
+
+#ifndef OPENSSL_SMALL_FOOTPRINT
+
+# define BODY_00_15(i,a,b,c,d,e,f,xi) \
+        (f)=xi+(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
+        (b)=ROTATE((b),30);
+
+# define BODY_16_19(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \
+        Xupdate(f,xi,xa,xb,xc,xd); \
+        (f)+=(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
+        (b)=ROTATE((b),30);
+
+# define BODY_20_31(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \
+        Xupdate(f,xi,xa,xb,xc,xd); \
+        (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \
+        (b)=ROTATE((b),30);
+
+# define BODY_32_39(i,a,b,c,d,e,f,xa,xb,xc,xd) \
+        Xupdate(f,xa,xa,xb,xc,xd); \
+        (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \
+        (b)=ROTATE((b),30);
+
+# define BODY_40_59(i,a,b,c,d,e,f,xa,xb,xc,xd) \
+        Xupdate(f,xa,xa,xb,xc,xd); \
+        (f)+=(e)+K_40_59+ROTATE((a),5)+F_40_59((b),(c),(d)); \
+        (b)=ROTATE((b),30);
+
+# define BODY_60_79(i,a,b,c,d,e,f,xa,xb,xc,xd) \
+        Xupdate(f,xa,xa,xb,xc,xd); \
+        (f)=xa+(e)+K_60_79+ROTATE((a),5)+F_60_79((b),(c),(d)); \
+        (b)=ROTATE((b),30);
+
+# ifdef X
+#  undef X
+# endif
+# ifndef MD32_XARRAY
+  /*
+   * Originally X was an array. As it's automatic it's natural
+   * to expect RISC compiler to accommodate at least part of it in
+   * the register bank, isn't it? Unfortunately not all compilers
+   * "find" this expectation reasonable:-( On order to make such
+   * compilers generate better code I replace X[] with a bunch of
+   * X0, X1, etc. See the function body below...
+   */
+#  define X(i)   XX##i
+# else
+  /*
+   * However! Some compilers (most notably HP C) get overwhelmed by
+   * that many local variables so that we have to have the way to
+   * fall down to the original behavior.
+   */
+#  define X(i)   XX[i]
+# endif
+
+# if !defined(SHA1_ASM)
+static void HASH_BLOCK_DATA_ORDER(SHA_CTX *c, const void *p, size_t num)
+{
+    const unsigned char *data = p;
+    register unsigned MD32_REG_T A, B, C, D, E, T, l;
+#  ifndef MD32_XARRAY
+    unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
+        XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15;
+#  else
+    SHA_LONG XX[16];
+#  endif
+
+    A = c->h0;
+    B = c->h1;
+    C = c->h2;
+    D = c->h3;
+    E = c->h4;
+
+    for (;;) {
+        const union {
+            long one;
+            char little;
+        } is_endian = {
+            1
+        };
+
+        if (!is_endian.little && sizeof(SHA_LONG) == 4
+            && ((size_t)p % 4) == 0) {
+            const SHA_LONG *W = (const SHA_LONG *)data;
+
+            X(0) = W[0];
+            X(1) = W[1];
+            BODY_00_15(0, A, B, C, D, E, T, X(0));
+            X(2) = W[2];
+            BODY_00_15(1, T, A, B, C, D, E, X(1));
+            X(3) = W[3];
+            BODY_00_15(2, E, T, A, B, C, D, X(2));
+            X(4) = W[4];
+            BODY_00_15(3, D, E, T, A, B, C, X(3));
+            X(5) = W[5];
+            BODY_00_15(4, C, D, E, T, A, B, X(4));
+            X(6) = W[6];
+            BODY_00_15(5, B, C, D, E, T, A, X(5));
+            X(7) = W[7];
+            BODY_00_15(6, A, B, C, D, E, T, X(6));
+            X(8) = W[8];
+            BODY_00_15(7, T, A, B, C, D, E, X(7));
+            X(9) = W[9];
+            BODY_00_15(8, E, T, A, B, C, D, X(8));
+            X(10) = W[10];
+            BODY_00_15(9, D, E, T, A, B, C, X(9));
+            X(11) = W[11];
+            BODY_00_15(10, C, D, E, T, A, B, X(10));
+            X(12) = W[12];
+            BODY_00_15(11, B, C, D, E, T, A, X(11));
+            X(13) = W[13];
+            BODY_00_15(12, A, B, C, D, E, T, X(12));
+            X(14) = W[14];
+            BODY_00_15(13, T, A, B, C, D, E, X(13));
+            X(15) = W[15];
+            BODY_00_15(14, E, T, A, B, C, D, X(14));
+            BODY_00_15(15, D, E, T, A, B, C, X(15));
+
+            data += SHA_CBLOCK;
+        } else {
+            (void)HOST_c2l(data, l);
+            X(0) = l;
+            (void)HOST_c2l(data, l);
+            X(1) = l;
+            BODY_00_15(0, A, B, C, D, E, T, X(0));
+            (void)HOST_c2l(data, l);
+            X(2) = l;
+            BODY_00_15(1, T, A, B, C, D, E, X(1));
+            (void)HOST_c2l(data, l);
+            X(3) = l;
+            BODY_00_15(2, E, T, A, B, C, D, X(2));
+            (void)HOST_c2l(data, l);
+            X(4) = l;
+            BODY_00_15(3, D, E, T, A, B, C, X(3));
+            (void)HOST_c2l(data, l);
+            X(5) = l;
+            BODY_00_15(4, C, D, E, T, A, B, X(4));
+            (void)HOST_c2l(data, l);
+            X(6) = l;
+            BODY_00_15(5, B, C, D, E, T, A, X(5));
+            (void)HOST_c2l(data, l);
+            X(7) = l;
+            BODY_00_15(6, A, B, C, D, E, T, X(6));
+            (void)HOST_c2l(data, l);
+            X(8) = l;
+            BODY_00_15(7, T, A, B, C, D, E, X(7));
+            (void)HOST_c2l(data, l);
+            X(9) = l;
+            BODY_00_15(8, E, T, A, B, C, D, X(8));
+            (void)HOST_c2l(data, l);
+            X(10) = l;
+            BODY_00_15(9, D, E, T, A, B, C, X(9));
+            (void)HOST_c2l(data, l);
+            X(11) = l;
+            BODY_00_15(10, C, D, E, T, A, B, X(10));
+            (void)HOST_c2l(data, l);
+            X(12) = l;
+            BODY_00_15(11, B, C, D, E, T, A, X(11));
+            (void)HOST_c2l(data, l);
+            X(13) = l;
+            BODY_00_15(12, A, B, C, D, E, T, X(12));
+            (void)HOST_c2l(data, l);
+            X(14) = l;
+            BODY_00_15(13, T, A, B, C, D, E, X(13));
+            (void)HOST_c2l(data, l);
+            X(15) = l;
+            BODY_00_15(14, E, T, A, B, C, D, X(14));
+            BODY_00_15(15, D, E, T, A, B, C, X(15));
+        }
+
+        BODY_16_19(16, C, D, E, T, A, B, X(0), X(0), X(2), X(8), X(13));
+        BODY_16_19(17, B, C, D, E, T, A, X(1), X(1), X(3), X(9), X(14));
+        BODY_16_19(18, A, B, C, D, E, T, X(2), X(2), X(4), X(10), X(15));
+        BODY_16_19(19, T, A, B, C, D, E, X(3), X(3), X(5), X(11), X(0));
+
+        BODY_20_31(20, E, T, A, B, C, D, X(4), X(4), X(6), X(12), X(1));
+        BODY_20_31(21, D, E, T, A, B, C, X(5), X(5), X(7), X(13), X(2));
+        BODY_20_31(22, C, D, E, T, A, B, X(6), X(6), X(8), X(14), X(3));
+        BODY_20_31(23, B, C, D, E, T, A, X(7), X(7), X(9), X(15), X(4));
+        BODY_20_31(24, A, B, C, D, E, T, X(8), X(8), X(10), X(0), X(5));
+        BODY_20_31(25, T, A, B, C, D, E, X(9), X(9), X(11), X(1), X(6));
+        BODY_20_31(26, E, T, A, B, C, D, X(10), X(10), X(12), X(2), X(7));
+        BODY_20_31(27, D, E, T, A, B, C, X(11), X(11), X(13), X(3), X(8));
+        BODY_20_31(28, C, D, E, T, A, B, X(12), X(12), X(14), X(4), X(9));
+        BODY_20_31(29, B, C, D, E, T, A, X(13), X(13), X(15), X(5), X(10));
+        BODY_20_31(30, A, B, C, D, E, T, X(14), X(14), X(0), X(6), X(11));
+        BODY_20_31(31, T, A, B, C, D, E, X(15), X(15), X(1), X(7), X(12));
+
+        BODY_32_39(32, E, T, A, B, C, D, X(0), X(2), X(8), X(13));
+        BODY_32_39(33, D, E, T, A, B, C, X(1), X(3), X(9), X(14));
+        BODY_32_39(34, C, D, E, T, A, B, X(2), X(4), X(10), X(15));
+        BODY_32_39(35, B, C, D, E, T, A, X(3), X(5), X(11), X(0));
+        BODY_32_39(36, A, B, C, D, E, T, X(4), X(6), X(12), X(1));
+        BODY_32_39(37, T, A, B, C, D, E, X(5), X(7), X(13), X(2));
+        BODY_32_39(38, E, T, A, B, C, D, X(6), X(8), X(14), X(3));
+        BODY_32_39(39, D, E, T, A, B, C, X(7), X(9), X(15), X(4));
+
+        BODY_40_59(40, C, D, E, T, A, B, X(8), X(10), X(0), X(5));
+        BODY_40_59(41, B, C, D, E, T, A, X(9), X(11), X(1), X(6));
+        BODY_40_59(42, A, B, C, D, E, T, X(10), X(12), X(2), X(7));
+        BODY_40_59(43, T, A, B, C, D, E, X(11), X(13), X(3), X(8));
+        BODY_40_59(44, E, T, A, B, C, D, X(12), X(14), X(4), X(9));
+        BODY_40_59(45, D, E, T, A, B, C, X(13), X(15), X(5), X(10));
+        BODY_40_59(46, C, D, E, T, A, B, X(14), X(0), X(6), X(11));
+        BODY_40_59(47, B, C, D, E, T, A, X(15), X(1), X(7), X(12));
+        BODY_40_59(48, A, B, C, D, E, T, X(0), X(2), X(8), X(13));
+        BODY_40_59(49, T, A, B, C, D, E, X(1), X(3), X(9), X(14));
+        BODY_40_59(50, E, T, A, B, C, D, X(2), X(4), X(10), X(15));
+        BODY_40_59(51, D, E, T, A, B, C, X(3), X(5), X(11), X(0));
+        BODY_40_59(52, C, D, E, T, A, B, X(4), X(6), X(12), X(1));
+        BODY_40_59(53, B, C, D, E, T, A, X(5), X(7), X(13), X(2));
+        BODY_40_59(54, A, B, C, D, E, T, X(6), X(8), X(14), X(3));
+        BODY_40_59(55, T, A, B, C, D, E, X(7), X(9), X(15), X(4));
+        BODY_40_59(56, E, T, A, B, C, D, X(8), X(10), X(0), X(5));
+        BODY_40_59(57, D, E, T, A, B, C, X(9), X(11), X(1), X(6));
+        BODY_40_59(58, C, D, E, T, A, B, X(10), X(12), X(2), X(7));
+        BODY_40_59(59, B, C, D, E, T, A, X(11), X(13), X(3), X(8));
+
+        BODY_60_79(60, A, B, C, D, E, T, X(12), X(14), X(4), X(9));
+        BODY_60_79(61, T, A, B, C, D, E, X(13), X(15), X(5), X(10));
+        BODY_60_79(62, E, T, A, B, C, D, X(14), X(0), X(6), X(11));
+        BODY_60_79(63, D, E, T, A, B, C, X(15), X(1), X(7), X(12));
+        BODY_60_79(64, C, D, E, T, A, B, X(0), X(2), X(8), X(13));
+        BODY_60_79(65, B, C, D, E, T, A, X(1), X(3), X(9), X(14));
+        BODY_60_79(66, A, B, C, D, E, T, X(2), X(4), X(10), X(15));
+        BODY_60_79(67, T, A, B, C, D, E, X(3), X(5), X(11), X(0));
+        BODY_60_79(68, E, T, A, B, C, D, X(4), X(6), X(12), X(1));
+        BODY_60_79(69, D, E, T, A, B, C, X(5), X(7), X(13), X(2));
+        BODY_60_79(70, C, D, E, T, A, B, X(6), X(8), X(14), X(3));
+        BODY_60_79(71, B, C, D, E, T, A, X(7), X(9), X(15), X(4));
+        BODY_60_79(72, A, B, C, D, E, T, X(8), X(10), X(0), X(5));
+        BODY_60_79(73, T, A, B, C, D, E, X(9), X(11), X(1), X(6));
+        BODY_60_79(74, E, T, A, B, C, D, X(10), X(12), X(2), X(7));
+        BODY_60_79(75, D, E, T, A, B, C, X(11), X(13), X(3), X(8));
+        BODY_60_79(76, C, D, E, T, A, B, X(12), X(14), X(4), X(9));
+        BODY_60_79(77, B, C, D, E, T, A, X(13), X(15), X(5), X(10));
+        BODY_60_79(78, A, B, C, D, E, T, X(14), X(0), X(6), X(11));
+        BODY_60_79(79, T, A, B, C, D, E, X(15), X(1), X(7), X(12));
+
+        c->h0 = (c->h0 + E) & 0xffffffffL;
+        c->h1 = (c->h1 + T) & 0xffffffffL;
+        c->h2 = (c->h2 + A) & 0xffffffffL;
+        c->h3 = (c->h3 + B) & 0xffffffffL;
+        c->h4 = (c->h4 + C) & 0xffffffffL;
+
+        if (--num == 0)
+            break;
+
+        A = c->h0;
+        B = c->h1;
+        C = c->h2;
+        D = c->h3;
+        E = c->h4;
+
+    }
+}
+# endif
+
+#else                           /* OPENSSL_SMALL_FOOTPRINT */
+
+# define BODY_00_15(xi)           do {   \
+        T=E+K_00_19+F_00_19(B,C,D);     \
+        E=D, D=C, C=ROTATE(B,30), B=A;  \
+        A=ROTATE(A,5)+T+xi;         } while(0)
+
+# define BODY_16_19(xa,xb,xc,xd)  do {   \
+        Xupdate(T,xa,xa,xb,xc,xd);      \
+        T+=E+K_00_19+F_00_19(B,C,D);    \
+        E=D, D=C, C=ROTATE(B,30), B=A;  \
+        A=ROTATE(A,5)+T;            } while(0)
+
+# define BODY_20_39(xa,xb,xc,xd)  do {   \
+        Xupdate(T,xa,xa,xb,xc,xd);      \
+        T+=E+K_20_39+F_20_39(B,C,D);    \
+        E=D, D=C, C=ROTATE(B,30), B=A;  \
+        A=ROTATE(A,5)+T;            } while(0)
+
+# define BODY_40_59(xa,xb,xc,xd)  do {   \
+        Xupdate(T,xa,xa,xb,xc,xd);      \
+        T+=E+K_40_59+F_40_59(B,C,D);    \
+        E=D, D=C, C=ROTATE(B,30), B=A;  \
+        A=ROTATE(A,5)+T;            } while(0)
+
+# define BODY_60_79(xa,xb,xc,xd)  do {   \
+        Xupdate(T,xa,xa,xb,xc,xd);      \
+        T=E+K_60_79+F_60_79(B,C,D);     \
+        E=D, D=C, C=ROTATE(B,30), B=A;  \
+        A=ROTATE(A,5)+T+xa;         } while(0)
+
+# if !defined(SHA1_ASM)
+static void HASH_BLOCK_DATA_ORDER(SHA_CTX *c, const void *p, size_t num)
+{
+    const unsigned char *data = p;
+    register unsigned MD32_REG_T A, B, C, D, E, T, l;
+    int i;
+    SHA_LONG X[16];
+
+    A = c->h0;
+    B = c->h1;
+    C = c->h2;
+    D = c->h3;
+    E = c->h4;
+
+    for (;;) {
+        for (i = 0; i < 16; i++) {
+            (void)HOST_c2l(data, l);
+            X[i] = l;
+            BODY_00_15(X[i]);
+        }
+        for (i = 0; i < 4; i++) {
+            BODY_16_19(X[i], X[i + 2], X[i + 8], X[(i + 13) & 15]);
+        }
+        for (; i < 24; i++) {
+            BODY_20_39(X[i & 15], X[(i + 2) & 15], X[(i + 8) & 15],
+                       X[(i + 13) & 15]);
+        }
+        for (i = 0; i < 20; i++) {
+            BODY_40_59(X[(i + 8) & 15], X[(i + 10) & 15], X[i & 15],
+                       X[(i + 5) & 15]);
+        }
+        for (i = 4; i < 24; i++) {
+            BODY_60_79(X[(i + 8) & 15], X[(i + 10) & 15], X[i & 15],
+                       X[(i + 5) & 15]);
+        }
+
+        c->h0 = (c->h0 + A) & 0xffffffffL;
+        c->h1 = (c->h1 + B) & 0xffffffffL;
+        c->h2 = (c->h2 + C) & 0xffffffffL;
+        c->h3 = (c->h3 + D) & 0xffffffffL;
+        c->h4 = (c->h4 + E) & 0xffffffffL;
+
+        if (--num == 0)
+            break;
+
+        A = c->h0;
+        B = c->h1;
+        C = c->h2;
+        D = c->h3;
+        E = c->h4;
+
+    }
+}
+# endif
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/siphash/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/siphash/build.info
new file mode 100644
index 000000000..4166344a5
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/siphash/build.info
@@ -0,0 +1,5 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+	siphash.c \
+	siphash_pmeth.c \
+	siphash_ameth.c
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/siphash/siphash.c b/trunk/3rdparty/openssl-1.1-fit/crypto/siphash/siphash.c
new file mode 100644
index 000000000..be74a38d9
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/siphash/siphash.c
@@ -0,0 +1,260 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Based on https://131002.net/siphash C reference implementation */
+/*
+   SipHash reference C implementation
+
+   Copyright (c) 2012-2016 Jean-Philippe Aumasson
+   Copyright (c) 2012-2014 Daniel J. Bernstein
+
+   To the extent possible under law, the author(s) have dedicated all copyright
+   and related and neighboring rights to this software to the public domain
+   worldwide. This software is distributed without any warranty.
+
+   You should have received a copy of the CC0 Public Domain Dedication along
+   with this software. If not, see
+   <http://creativecommons.org/publicdomain/zero/1.0/>.
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/crypto.h>
+
+#include "internal/siphash.h"
+#include "siphash_local.h"
+
+/* default: SipHash-2-4 */
+#define SIPHASH_C_ROUNDS 2
+#define SIPHASH_D_ROUNDS 4
+
+#define ROTL(x, b) (uint64_t)(((x) << (b)) | ((x) >> (64 - (b))))
+
+#define U32TO8_LE(p, v)                                                        \
+    (p)[0] = (uint8_t)((v));                                                   \
+    (p)[1] = (uint8_t)((v) >> 8);                                              \
+    (p)[2] = (uint8_t)((v) >> 16);                                             \
+    (p)[3] = (uint8_t)((v) >> 24);
+
+#define U64TO8_LE(p, v)                                                        \
+    U32TO8_LE((p), (uint32_t)((v)));                                           \
+    U32TO8_LE((p) + 4, (uint32_t)((v) >> 32));
+
+#define U8TO64_LE(p)                                                           \
+    (((uint64_t)((p)[0])) | ((uint64_t)((p)[1]) << 8) |                        \
+     ((uint64_t)((p)[2]) << 16) | ((uint64_t)((p)[3]) << 24) |                 \
+     ((uint64_t)((p)[4]) << 32) | ((uint64_t)((p)[5]) << 40) |                 \
+     ((uint64_t)((p)[6]) << 48) | ((uint64_t)((p)[7]) << 56))
+
+#define SIPROUND                                                               \
+    do {                                                                       \
+        v0 += v1;                                                              \
+        v1 = ROTL(v1, 13);                                                     \
+        v1 ^= v0;                                                              \
+        v0 = ROTL(v0, 32);                                                     \
+        v2 += v3;                                                              \
+        v3 = ROTL(v3, 16);                                                     \
+        v3 ^= v2;                                                              \
+        v0 += v3;                                                              \
+        v3 = ROTL(v3, 21);                                                     \
+        v3 ^= v0;                                                              \
+        v2 += v1;                                                              \
+        v1 = ROTL(v1, 17);                                                     \
+        v1 ^= v2;                                                              \
+        v2 = ROTL(v2, 32);                                                     \
+    } while (0)
+
+size_t SipHash_ctx_size(void)
+{
+    return sizeof(SIPHASH);
+}
+
+size_t SipHash_hash_size(SIPHASH *ctx)
+{
+    return ctx->hash_size;
+}
+
+static size_t siphash_adjust_hash_size(size_t hash_size)
+{
+    if (hash_size == 0)
+        hash_size = SIPHASH_MAX_DIGEST_SIZE;
+    return hash_size;
+}
+
+int SipHash_set_hash_size(SIPHASH *ctx, size_t hash_size)
+{
+    hash_size = siphash_adjust_hash_size(hash_size);
+    if (hash_size != SIPHASH_MIN_DIGEST_SIZE
+        && hash_size != SIPHASH_MAX_DIGEST_SIZE)
+        return 0;
+
+    /*
+     * It's possible that the key was set first.  If the hash size changes,
+     * we need to adjust v1 (see SipHash_Init().
+     */
+
+    /* Start by adjusting the stored size, to make things easier */
+    ctx->hash_size = siphash_adjust_hash_size(ctx->hash_size);
+
+    /* Now, adjust ctx->v1 if the old and the new size differ */
+    if ((size_t)ctx->hash_size != hash_size) {
+        ctx->v1 ^= 0xee;
+        ctx->hash_size = hash_size;
+    }
+    return 1;
+}
+
+/* hash_size = crounds = drounds = 0 means SipHash24 with 16-byte output */
+int SipHash_Init(SIPHASH *ctx, const unsigned char *k, int crounds, int drounds)
+{
+    uint64_t k0 = U8TO64_LE(k);
+    uint64_t k1 = U8TO64_LE(k + 8);
+
+    /* If the hash size wasn't set, i.e. is zero */
+    ctx->hash_size = siphash_adjust_hash_size(ctx->hash_size);
+
+    if (drounds == 0)
+        drounds = SIPHASH_D_ROUNDS;
+    if (crounds == 0)
+        crounds = SIPHASH_C_ROUNDS;
+
+    ctx->crounds = crounds;
+    ctx->drounds = drounds;
+
+    ctx->len = 0;
+    ctx->total_inlen = 0;
+
+    ctx->v0 = 0x736f6d6570736575ULL ^ k0;
+    ctx->v1 = 0x646f72616e646f6dULL ^ k1;
+    ctx->v2 = 0x6c7967656e657261ULL ^ k0;
+    ctx->v3 = 0x7465646279746573ULL ^ k1;
+
+    if (ctx->hash_size == SIPHASH_MAX_DIGEST_SIZE)
+        ctx->v1 ^= 0xee;
+
+    return 1;
+}
+
+void SipHash_Update(SIPHASH *ctx, const unsigned char *in, size_t inlen)
+{
+    uint64_t m;
+    const uint8_t *end;
+    int left;
+    int i;
+    uint64_t v0 = ctx->v0;
+    uint64_t v1 = ctx->v1;
+    uint64_t v2 = ctx->v2;
+    uint64_t v3 = ctx->v3;
+
+    ctx->total_inlen += inlen;
+
+    if (ctx->len) {
+        /* deal with leavings */
+        size_t available = SIPHASH_BLOCK_SIZE - ctx->len;
+
+        /* not enough to fill leavings */
+        if (inlen < available) {
+            memcpy(&ctx->leavings[ctx->len], in, inlen);
+            ctx->len += inlen;
+            return;
+        }
+
+        /* copy data into leavings and reduce input */
+        memcpy(&ctx->leavings[ctx->len], in, available);
+        inlen -= available;
+        in += available;
+
+        /* process leavings */
+        m = U8TO64_LE(ctx->leavings);
+        v3 ^= m;
+        for (i = 0; i < ctx->crounds; ++i)
+            SIPROUND;
+        v0 ^= m;
+    }
+    left = inlen & (SIPHASH_BLOCK_SIZE-1); /* gets put into leavings */
+    end = in + inlen - left;
+
+    for (; in != end; in += 8) {
+        m = U8TO64_LE(in);
+        v3 ^= m;
+        for (i = 0; i < ctx->crounds; ++i)
+            SIPROUND;
+        v0 ^= m;
+    }
+
+    /* save leavings and other ctx */
+    if (left)
+        memcpy(ctx->leavings, end, left);
+    ctx->len = left;
+
+    ctx->v0 = v0;
+    ctx->v1 = v1;
+    ctx->v2 = v2;
+    ctx->v3 = v3;
+}
+
+int SipHash_Final(SIPHASH *ctx, unsigned char *out, size_t outlen)
+{
+    /* finalize hash */
+    int i;
+    uint64_t b = ctx->total_inlen << 56;
+    uint64_t v0 = ctx->v0;
+    uint64_t v1 = ctx->v1;
+    uint64_t v2 = ctx->v2;
+    uint64_t v3 = ctx->v3;
+
+    if (outlen != (size_t)ctx->hash_size)
+        return 0;
+
+    switch (ctx->len) {
+    case 7:
+        b |= ((uint64_t)ctx->leavings[6]) << 48;
+        /* fall thru */
+    case 6:
+        b |= ((uint64_t)ctx->leavings[5]) << 40;
+        /* fall thru */
+    case 5:
+        b |= ((uint64_t)ctx->leavings[4]) << 32;
+        /* fall thru */
+    case 4:
+        b |= ((uint64_t)ctx->leavings[3]) << 24;
+        /* fall thru */
+    case 3:
+        b |= ((uint64_t)ctx->leavings[2]) << 16;
+        /* fall thru */
+    case 2:
+        b |= ((uint64_t)ctx->leavings[1]) <<  8;
+        /* fall thru */
+    case 1:
+        b |= ((uint64_t)ctx->leavings[0]);
+    case 0:
+        break;
+    }
+
+    v3 ^= b;
+    for (i = 0; i < ctx->crounds; ++i)
+        SIPROUND;
+    v0 ^= b;
+    if (ctx->hash_size == SIPHASH_MAX_DIGEST_SIZE)
+        v2 ^= 0xee;
+    else
+        v2 ^= 0xff;
+    for (i = 0; i < ctx->drounds; ++i)
+        SIPROUND;
+    b = v0 ^ v1 ^ v2  ^ v3;
+    U64TO8_LE(out, b);
+    if (ctx->hash_size == SIPHASH_MIN_DIGEST_SIZE)
+        return 1;
+    v1 ^= 0xdd;
+    for (i = 0; i < ctx->drounds; ++i)
+        SIPROUND;
+    b = v0 ^ v1 ^ v2  ^ v3;
+    U64TO8_LE(out + 8, b);
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/siphash/siphash_ameth.c b/trunk/3rdparty/openssl-1.1-fit/crypto/siphash/siphash_ameth.c
new file mode 100644
index 000000000..c0ab7efae
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/siphash/siphash_ameth.c
@@ -0,0 +1,123 @@
+/*
+ * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include "internal/asn1_int.h"
+#include "internal/siphash.h"
+#include "siphash_local.h"
+#include "internal/evp_int.h"
+
+/*
+ * SIPHASH "ASN1" method. This is just here to indicate the maximum
+ * SIPHASH output length and to free up a SIPHASH key.
+ */
+
+static int siphash_size(const EVP_PKEY *pkey)
+{
+    return SIPHASH_MAX_DIGEST_SIZE;
+}
+
+static void siphash_key_free(EVP_PKEY *pkey)
+{
+    ASN1_OCTET_STRING *os = EVP_PKEY_get0(pkey);
+
+    if (os != NULL) {
+        if (os->data != NULL)
+            OPENSSL_cleanse(os->data, os->length);
+        ASN1_OCTET_STRING_free(os);
+    }
+}
+
+static int siphash_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+{
+    /* nothing (including ASN1_PKEY_CTRL_DEFAULT_MD_NID), is supported */
+    return -2;
+}
+
+static int siphash_pkey_public_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+    return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b));
+}
+
+static int siphash_set_priv_key(EVP_PKEY *pkey, const unsigned char *priv,
+                                size_t len)
+{
+    ASN1_OCTET_STRING *os;
+
+    if (pkey->pkey.ptr != NULL || len != SIPHASH_KEY_SIZE)
+        return 0;
+
+    os = ASN1_OCTET_STRING_new();
+    if (os == NULL)
+        return 0;
+
+    if (!ASN1_OCTET_STRING_set(os, priv, len)) {
+        ASN1_OCTET_STRING_free(os);
+        return 0;
+    }
+
+    pkey->pkey.ptr = os;
+    return 1;
+}
+
+static int siphash_get_priv_key(const EVP_PKEY *pkey, unsigned char *priv,
+                                size_t *len)
+{
+    ASN1_OCTET_STRING *os = (ASN1_OCTET_STRING *)pkey->pkey.ptr;
+
+    if (priv == NULL) {
+        *len = SIPHASH_KEY_SIZE;
+        return 1;
+    }
+
+    if (os == NULL || *len < SIPHASH_KEY_SIZE)
+        return 0;
+
+    memcpy(priv, ASN1_STRING_get0_data(os), ASN1_STRING_length(os));
+    *len = SIPHASH_KEY_SIZE;
+
+    return 1;
+}
+
+const EVP_PKEY_ASN1_METHOD siphash_asn1_meth = {
+    EVP_PKEY_SIPHASH,
+    EVP_PKEY_SIPHASH,
+    0,
+
+    "SIPHASH",
+    "OpenSSL SIPHASH method",
+
+    0, 0, siphash_pkey_public_cmp, 0,
+
+    0, 0, 0,
+
+    siphash_size,
+    0, 0,
+    0, 0, 0, 0, 0, 0, 0,
+
+    siphash_key_free,
+    siphash_pkey_ctrl,
+    NULL,
+    NULL,
+
+    NULL,
+    NULL,
+    NULL,
+
+    NULL,
+    NULL,
+    NULL,
+
+    siphash_set_priv_key,
+    NULL,
+    siphash_get_priv_key,
+    NULL,
+};
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/siphash/siphash_local.h b/trunk/3rdparty/openssl-1.1-fit/crypto/siphash/siphash_local.h
new file mode 100644
index 000000000..5ad347646
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/siphash/siphash_local.h
@@ -0,0 +1,23 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Based on https://131002.net/siphash C reference implementation */
+
+struct siphash_st {
+    uint64_t total_inlen;
+    uint64_t v0;
+    uint64_t v1;
+    uint64_t v2;
+    uint64_t v3;
+    unsigned int len;
+    int hash_size;
+    int crounds;
+    int drounds;
+    unsigned char leavings[SIPHASH_BLOCK_SIZE];
+};
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/siphash/siphash_pmeth.c b/trunk/3rdparty/openssl-1.1-fit/crypto/siphash/siphash_pmeth.c
new file mode 100644
index 000000000..66e552fec
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/siphash/siphash_pmeth.c
@@ -0,0 +1,205 @@
+/*
+ * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include "internal/siphash.h"
+#include "siphash_local.h"
+#include "internal/evp_int.h"
+
+/* SIPHASH pkey context structure */
+
+typedef struct siphash_pkey_ctx_st {
+    ASN1_OCTET_STRING ktmp;     /* Temp storage for key */
+    SIPHASH ctx;
+} SIPHASH_PKEY_CTX;
+
+static int pkey_siphash_init(EVP_PKEY_CTX *ctx)
+{
+    SIPHASH_PKEY_CTX *pctx;
+
+    if ((pctx = OPENSSL_zalloc(sizeof(*pctx))) == NULL) {
+        CRYPTOerr(CRYPTO_F_PKEY_SIPHASH_INIT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    pctx->ktmp.type = V_ASN1_OCTET_STRING;
+
+    EVP_PKEY_CTX_set_data(ctx, pctx);
+    EVP_PKEY_CTX_set0_keygen_info(ctx, NULL, 0);
+    return 1;
+}
+
+static void pkey_siphash_cleanup(EVP_PKEY_CTX *ctx)
+{
+    SIPHASH_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(ctx);
+
+    if (pctx != NULL) {
+        OPENSSL_clear_free(pctx->ktmp.data, pctx->ktmp.length);
+        OPENSSL_clear_free(pctx, sizeof(*pctx));
+        EVP_PKEY_CTX_set_data(ctx, NULL);
+    }
+}
+
+static int pkey_siphash_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
+{
+    SIPHASH_PKEY_CTX *sctx, *dctx;
+
+    /* allocate memory for dst->data and a new SIPHASH_CTX in dst->data->ctx */
+    if (!pkey_siphash_init(dst))
+        return 0;
+    sctx = EVP_PKEY_CTX_get_data(src);
+    dctx = EVP_PKEY_CTX_get_data(dst);
+    if (ASN1_STRING_get0_data(&sctx->ktmp) != NULL &&
+        !ASN1_STRING_copy(&dctx->ktmp, &sctx->ktmp)) {
+        /* cleanup and free the SIPHASH_PKEY_CTX in dst->data */
+        pkey_siphash_cleanup(dst);
+        return 0;
+    }
+    memcpy(&dctx->ctx, &sctx->ctx, sizeof(SIPHASH));
+    return 1;
+}
+
+static int pkey_siphash_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+    ASN1_OCTET_STRING *key;
+    SIPHASH_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(ctx);
+
+    if (ASN1_STRING_get0_data(&pctx->ktmp) == NULL)
+        return 0;
+    key = ASN1_OCTET_STRING_dup(&pctx->ktmp);
+    if (key == NULL)
+        return 0;
+    return EVP_PKEY_assign_SIPHASH(pkey, key);
+}
+
+static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    SIPHASH_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(EVP_MD_CTX_pkey_ctx(ctx));
+
+    SipHash_Update(&pctx->ctx, data, count);
+    return 1;
+}
+
+static int siphash_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
+{
+    SIPHASH_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(ctx);
+    const unsigned char* key;
+    size_t len;
+
+    key = EVP_PKEY_get0_siphash(EVP_PKEY_CTX_get0_pkey(ctx), &len);
+    if (key == NULL || len != SIPHASH_KEY_SIZE)
+        return 0;
+    EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT);
+    EVP_MD_CTX_set_update_fn(mctx, int_update);
+    return SipHash_Init(&pctx->ctx, key, 0, 0);
+}
+static int siphash_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                            EVP_MD_CTX *mctx)
+{
+    SIPHASH_PKEY_CTX *pctx = ctx->data;
+
+    *siglen = SipHash_hash_size(&pctx->ctx);
+    if (sig != NULL)
+        return SipHash_Final(&pctx->ctx, sig, *siglen);
+    return 1;
+}
+
+static int pkey_siphash_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    SIPHASH_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(ctx);
+    const unsigned char *key;
+    size_t len;
+
+    switch (type) {
+
+    case EVP_PKEY_CTRL_MD:
+        /* ignore */
+        break;
+
+    case EVP_PKEY_CTRL_SET_DIGEST_SIZE:
+        return SipHash_set_hash_size(&pctx->ctx, p1);
+
+    case EVP_PKEY_CTRL_SET_MAC_KEY:
+    case EVP_PKEY_CTRL_DIGESTINIT:
+        if (type == EVP_PKEY_CTRL_SET_MAC_KEY) {
+            /* user explicitly setting the key */
+            key = p2;
+            len = p1;
+        } else {
+            /* user indirectly setting the key via EVP_DigestSignInit */
+            key = EVP_PKEY_get0_siphash(EVP_PKEY_CTX_get0_pkey(ctx), &len);
+        }
+        if (key == NULL || len != SIPHASH_KEY_SIZE ||
+            !ASN1_OCTET_STRING_set(&pctx->ktmp, key, len))
+            return 0;
+        /* use default rounds (2,4) */
+        return SipHash_Init(&pctx->ctx, ASN1_STRING_get0_data(&pctx->ktmp),
+                            0, 0);
+
+    default:
+        return -2;
+
+    }
+    return 1;
+}
+
+static int pkey_siphash_ctrl_str(EVP_PKEY_CTX *ctx,
+                                  const char *type, const char *value)
+{
+    if (value == NULL)
+        return 0;
+    if (strcmp(type, "digestsize") == 0) {
+        size_t hash_size = atoi(value);
+
+        return pkey_siphash_ctrl(ctx, EVP_PKEY_CTRL_SET_DIGEST_SIZE, hash_size,
+                                 NULL);
+    }
+    if (strcmp(type, "key") == 0)
+        return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value);
+    if (strcmp(type, "hexkey") == 0)
+        return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value);
+    return -2;
+}
+
+const EVP_PKEY_METHOD siphash_pkey_meth = {
+    EVP_PKEY_SIPHASH,
+    EVP_PKEY_FLAG_SIGCTX_CUSTOM, /* we don't deal with a separate MD */
+    pkey_siphash_init,
+    pkey_siphash_copy,
+    pkey_siphash_cleanup,
+
+    0, 0,
+
+    0,
+    pkey_siphash_keygen,
+
+    0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    siphash_signctx_init,
+    siphash_signctx,
+
+    0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    pkey_siphash_ctrl,
+    pkey_siphash_ctrl_str
+};
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sm2/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/sm2/build.info
new file mode 100644
index 000000000..be76d96d3
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sm2/build.info
@@ -0,0 +1,5 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        sm2_sign.c sm2_crypt.c sm2_err.c sm2_pmeth.c
+
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sm2/sm2_crypt.c b/trunk/3rdparty/openssl-1.1-fit/crypto/sm2/sm2_crypt.c
new file mode 100644
index 000000000..4389fc731
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sm2/sm2_crypt.c
@@ -0,0 +1,393 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ * Ported from Ribose contributions from Botan.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/sm2.h"
+#include "internal/sm2err.h"
+#include "internal/ec_int.h" /* ecdh_KDF_X9_63() */
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <string.h>
+
+typedef struct SM2_Ciphertext_st SM2_Ciphertext;
+DECLARE_ASN1_FUNCTIONS(SM2_Ciphertext)
+
+struct SM2_Ciphertext_st {
+    BIGNUM *C1x;
+    BIGNUM *C1y;
+    ASN1_OCTET_STRING *C3;
+    ASN1_OCTET_STRING *C2;
+};
+
+ASN1_SEQUENCE(SM2_Ciphertext) = {
+    ASN1_SIMPLE(SM2_Ciphertext, C1x, BIGNUM),
+    ASN1_SIMPLE(SM2_Ciphertext, C1y, BIGNUM),
+    ASN1_SIMPLE(SM2_Ciphertext, C3, ASN1_OCTET_STRING),
+    ASN1_SIMPLE(SM2_Ciphertext, C2, ASN1_OCTET_STRING),
+} ASN1_SEQUENCE_END(SM2_Ciphertext)
+
+IMPLEMENT_ASN1_FUNCTIONS(SM2_Ciphertext)
+
+static size_t ec_field_size(const EC_GROUP *group)
+{
+    /* Is there some simpler way to do this? */
+    BIGNUM *p = BN_new();
+    BIGNUM *a = BN_new();
+    BIGNUM *b = BN_new();
+    size_t field_size = 0;
+
+    if (p == NULL || a == NULL || b == NULL)
+       goto done;
+
+    if (!EC_GROUP_get_curve(group, p, a, b, NULL))
+        goto done;
+    field_size = (BN_num_bits(p) + 7) / 8;
+
+ done:
+    BN_free(p);
+    BN_free(a);
+    BN_free(b);
+
+    return field_size;
+}
+
+int sm2_plaintext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len,
+                       size_t *pt_size)
+{
+    const size_t field_size = ec_field_size(EC_KEY_get0_group(key));
+    const int md_size = EVP_MD_size(digest);
+    size_t overhead;
+
+    if (md_size < 0) {
+        SM2err(SM2_F_SM2_PLAINTEXT_SIZE, SM2_R_INVALID_DIGEST);
+        return 0;
+    }
+    if (field_size == 0) {
+        SM2err(SM2_F_SM2_PLAINTEXT_SIZE, SM2_R_INVALID_FIELD);
+        return 0;
+    }
+
+    overhead = 10 + 2 * field_size + (size_t)md_size;
+    if (msg_len <= overhead) {
+        SM2err(SM2_F_SM2_PLAINTEXT_SIZE, SM2_R_INVALID_ENCODING);
+        return 0;
+    }
+
+    *pt_size = msg_len - overhead;
+    return 1;
+}
+
+int sm2_ciphertext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len,
+                        size_t *ct_size)
+{
+    const size_t field_size = ec_field_size(EC_KEY_get0_group(key));
+    const int md_size = EVP_MD_size(digest);
+    size_t sz;
+
+    if (field_size == 0 || md_size < 0)
+        return 0;
+
+    /* Integer and string are simple type; set constructed = 0, means primitive and definite length encoding. */
+    sz = 2 * ASN1_object_size(0, field_size + 1, V_ASN1_INTEGER)
+         + ASN1_object_size(0, md_size, V_ASN1_OCTET_STRING)
+         + ASN1_object_size(0, msg_len, V_ASN1_OCTET_STRING);
+    /* Sequence is structured type; set constructed = 1, means constructed and definite length encoding. */
+    *ct_size = ASN1_object_size(1, sz, V_ASN1_SEQUENCE);
+
+    return 1;
+}
+
+int sm2_encrypt(const EC_KEY *key,
+                const EVP_MD *digest,
+                const uint8_t *msg,
+                size_t msg_len, uint8_t *ciphertext_buf, size_t *ciphertext_len)
+{
+    int rc = 0, ciphertext_leni;
+    size_t i;
+    BN_CTX *ctx = NULL;
+    BIGNUM *k = NULL;
+    BIGNUM *x1 = NULL;
+    BIGNUM *y1 = NULL;
+    BIGNUM *x2 = NULL;
+    BIGNUM *y2 = NULL;
+    EVP_MD_CTX *hash = EVP_MD_CTX_new();
+    struct SM2_Ciphertext_st ctext_struct;
+    const EC_GROUP *group = EC_KEY_get0_group(key);
+    const BIGNUM *order = EC_GROUP_get0_order(group);
+    const EC_POINT *P = EC_KEY_get0_public_key(key);
+    EC_POINT *kG = NULL;
+    EC_POINT *kP = NULL;
+    uint8_t *msg_mask = NULL;
+    uint8_t *x2y2 = NULL;
+    uint8_t *C3 = NULL;
+    size_t field_size;
+    const int C3_size = EVP_MD_size(digest);
+
+    /* NULL these before any "goto done" */
+    ctext_struct.C2 = NULL;
+    ctext_struct.C3 = NULL;
+
+    if (hash == NULL || C3_size <= 0) {
+        SM2err(SM2_F_SM2_ENCRYPT, ERR_R_INTERNAL_ERROR);
+        goto done;
+    }
+
+    field_size = ec_field_size(group);
+    if (field_size == 0) {
+        SM2err(SM2_F_SM2_ENCRYPT, ERR_R_INTERNAL_ERROR);
+        goto done;
+    }
+
+    kG = EC_POINT_new(group);
+    kP = EC_POINT_new(group);
+    ctx = BN_CTX_new();
+    if (kG == NULL || kP == NULL || ctx == NULL) {
+        SM2err(SM2_F_SM2_ENCRYPT, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    BN_CTX_start(ctx);
+    k = BN_CTX_get(ctx);
+    x1 = BN_CTX_get(ctx);
+    x2 = BN_CTX_get(ctx);
+    y1 = BN_CTX_get(ctx);
+    y2 = BN_CTX_get(ctx);
+
+    if (y2 == NULL) {
+        SM2err(SM2_F_SM2_ENCRYPT, ERR_R_BN_LIB);
+        goto done;
+    }
+
+    x2y2 = OPENSSL_zalloc(2 * field_size);
+    C3 = OPENSSL_zalloc(C3_size);
+
+    if (x2y2 == NULL || C3 == NULL) {
+        SM2err(SM2_F_SM2_ENCRYPT, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    memset(ciphertext_buf, 0, *ciphertext_len);
+
+    if (!BN_priv_rand_range(k, order)) {
+        SM2err(SM2_F_SM2_ENCRYPT, ERR_R_INTERNAL_ERROR);
+        goto done;
+    }
+
+    if (!EC_POINT_mul(group, kG, k, NULL, NULL, ctx)
+            || !EC_POINT_get_affine_coordinates(group, kG, x1, y1, ctx)
+            || !EC_POINT_mul(group, kP, NULL, P, k, ctx)
+            || !EC_POINT_get_affine_coordinates(group, kP, x2, y2, ctx)) {
+        SM2err(SM2_F_SM2_ENCRYPT, ERR_R_EC_LIB);
+        goto done;
+    }
+
+    if (BN_bn2binpad(x2, x2y2, field_size) < 0
+            || BN_bn2binpad(y2, x2y2 + field_size, field_size) < 0) {
+        SM2err(SM2_F_SM2_ENCRYPT, ERR_R_INTERNAL_ERROR);
+        goto done;
+    }
+
+    msg_mask = OPENSSL_zalloc(msg_len);
+    if (msg_mask == NULL) {
+       SM2err(SM2_F_SM2_ENCRYPT, ERR_R_MALLOC_FAILURE);
+       goto done;
+   }
+
+    /* X9.63 with no salt happens to match the KDF used in SM2 */
+    if (!ecdh_KDF_X9_63(msg_mask, msg_len, x2y2, 2 * field_size, NULL, 0,
+                        digest)) {
+        SM2err(SM2_F_SM2_ENCRYPT, ERR_R_EVP_LIB);
+        goto done;
+    }
+
+    for (i = 0; i != msg_len; ++i)
+        msg_mask[i] ^= msg[i];
+
+    if (EVP_DigestInit(hash, digest) == 0
+            || EVP_DigestUpdate(hash, x2y2, field_size) == 0
+            || EVP_DigestUpdate(hash, msg, msg_len) == 0
+            || EVP_DigestUpdate(hash, x2y2 + field_size, field_size) == 0
+            || EVP_DigestFinal(hash, C3, NULL) == 0) {
+        SM2err(SM2_F_SM2_ENCRYPT, ERR_R_EVP_LIB);
+        goto done;
+    }
+
+    ctext_struct.C1x = x1;
+    ctext_struct.C1y = y1;
+    ctext_struct.C3 = ASN1_OCTET_STRING_new();
+    ctext_struct.C2 = ASN1_OCTET_STRING_new();
+
+    if (ctext_struct.C3 == NULL || ctext_struct.C2 == NULL) {
+       SM2err(SM2_F_SM2_ENCRYPT, ERR_R_MALLOC_FAILURE);
+       goto done;
+    }
+    if (!ASN1_OCTET_STRING_set(ctext_struct.C3, C3, C3_size)
+            || !ASN1_OCTET_STRING_set(ctext_struct.C2, msg_mask, msg_len)) {
+        SM2err(SM2_F_SM2_ENCRYPT, ERR_R_INTERNAL_ERROR);
+        goto done;
+    }
+
+    ciphertext_leni = i2d_SM2_Ciphertext(&ctext_struct, &ciphertext_buf);
+    /* Ensure cast to size_t is safe */
+    if (ciphertext_leni < 0) {
+        SM2err(SM2_F_SM2_ENCRYPT, ERR_R_INTERNAL_ERROR);
+        goto done;
+    }
+    *ciphertext_len = (size_t)ciphertext_leni;
+
+    rc = 1;
+
+ done:
+    ASN1_OCTET_STRING_free(ctext_struct.C2);
+    ASN1_OCTET_STRING_free(ctext_struct.C3);
+    OPENSSL_free(msg_mask);
+    OPENSSL_free(x2y2);
+    OPENSSL_free(C3);
+    EVP_MD_CTX_free(hash);
+    BN_CTX_free(ctx);
+    EC_POINT_free(kG);
+    EC_POINT_free(kP);
+    return rc;
+}
+
+int sm2_decrypt(const EC_KEY *key,
+                const EVP_MD *digest,
+                const uint8_t *ciphertext,
+                size_t ciphertext_len, uint8_t *ptext_buf, size_t *ptext_len)
+{
+    int rc = 0;
+    int i;
+    BN_CTX *ctx = NULL;
+    const EC_GROUP *group = EC_KEY_get0_group(key);
+    EC_POINT *C1 = NULL;
+    struct SM2_Ciphertext_st *sm2_ctext = NULL;
+    BIGNUM *x2 = NULL;
+    BIGNUM *y2 = NULL;
+    uint8_t *x2y2 = NULL;
+    uint8_t *computed_C3 = NULL;
+    const size_t field_size = ec_field_size(group);
+    const int hash_size = EVP_MD_size(digest);
+    uint8_t *msg_mask = NULL;
+    const uint8_t *C2 = NULL;
+    const uint8_t *C3 = NULL;
+    int msg_len = 0;
+    EVP_MD_CTX *hash = NULL;
+
+    if (field_size == 0 || hash_size <= 0)
+       goto done;
+
+    memset(ptext_buf, 0xFF, *ptext_len);
+
+    sm2_ctext = d2i_SM2_Ciphertext(NULL, &ciphertext, ciphertext_len);
+
+    if (sm2_ctext == NULL) {
+        SM2err(SM2_F_SM2_DECRYPT, SM2_R_ASN1_ERROR);
+        goto done;
+    }
+
+    if (sm2_ctext->C3->length != hash_size) {
+        SM2err(SM2_F_SM2_DECRYPT, SM2_R_INVALID_ENCODING);
+        goto done;
+    }
+
+    C2 = sm2_ctext->C2->data;
+    C3 = sm2_ctext->C3->data;
+    msg_len = sm2_ctext->C2->length;
+
+    ctx = BN_CTX_new();
+    if (ctx == NULL) {
+        SM2err(SM2_F_SM2_DECRYPT, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    BN_CTX_start(ctx);
+    x2 = BN_CTX_get(ctx);
+    y2 = BN_CTX_get(ctx);
+
+    if (y2 == NULL) {
+        SM2err(SM2_F_SM2_DECRYPT, ERR_R_BN_LIB);
+        goto done;
+    }
+
+    msg_mask = OPENSSL_zalloc(msg_len);
+    x2y2 = OPENSSL_zalloc(2 * field_size);
+    computed_C3 = OPENSSL_zalloc(hash_size);
+
+    if (msg_mask == NULL || x2y2 == NULL || computed_C3 == NULL) {
+        SM2err(SM2_F_SM2_DECRYPT, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    C1 = EC_POINT_new(group);
+    if (C1 == NULL) {
+        SM2err(SM2_F_SM2_DECRYPT, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    if (!EC_POINT_set_affine_coordinates(group, C1, sm2_ctext->C1x,
+                                         sm2_ctext->C1y, ctx)
+            || !EC_POINT_mul(group, C1, NULL, C1, EC_KEY_get0_private_key(key),
+                             ctx)
+            || !EC_POINT_get_affine_coordinates(group, C1, x2, y2, ctx)) {
+        SM2err(SM2_F_SM2_DECRYPT, ERR_R_EC_LIB);
+        goto done;
+    }
+
+    if (BN_bn2binpad(x2, x2y2, field_size) < 0
+            || BN_bn2binpad(y2, x2y2 + field_size, field_size) < 0
+            || !ecdh_KDF_X9_63(msg_mask, msg_len, x2y2, 2 * field_size, NULL, 0,
+                               digest)) {
+        SM2err(SM2_F_SM2_DECRYPT, ERR_R_INTERNAL_ERROR);
+        goto done;
+    }
+
+    for (i = 0; i != msg_len; ++i)
+        ptext_buf[i] = C2[i] ^ msg_mask[i];
+
+    hash = EVP_MD_CTX_new();
+    if (hash == NULL) {
+        SM2err(SM2_F_SM2_DECRYPT, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    if (!EVP_DigestInit(hash, digest)
+            || !EVP_DigestUpdate(hash, x2y2, field_size)
+            || !EVP_DigestUpdate(hash, ptext_buf, msg_len)
+            || !EVP_DigestUpdate(hash, x2y2 + field_size, field_size)
+            || !EVP_DigestFinal(hash, computed_C3, NULL)) {
+        SM2err(SM2_F_SM2_DECRYPT, ERR_R_EVP_LIB);
+        goto done;
+    }
+
+    if (CRYPTO_memcmp(computed_C3, C3, hash_size) != 0) {
+        SM2err(SM2_F_SM2_DECRYPT, SM2_R_INVALID_DIGEST);
+        goto done;
+    }
+
+    rc = 1;
+    *ptext_len = msg_len;
+
+ done:
+    if (rc == 0)
+        memset(ptext_buf, 0, *ptext_len);
+
+    OPENSSL_free(msg_mask);
+    OPENSSL_free(x2y2);
+    OPENSSL_free(computed_C3);
+    EC_POINT_free(C1);
+    BN_CTX_free(ctx);
+    SM2_Ciphertext_free(sm2_ctext);
+    EVP_MD_CTX_free(hash);
+
+    return rc;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sm2/sm2_err.c b/trunk/3rdparty/openssl-1.1-fit/crypto/sm2/sm2_err.c
new file mode 100644
index 000000000..653c6797f
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sm2/sm2_err.c
@@ -0,0 +1,69 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include "internal/sm2err.h"
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA SM2_str_functs[] = {
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_COPY, 0), "pkey_sm2_copy"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_CTRL, 0), "pkey_sm2_ctrl"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_CTRL_STR, 0), "pkey_sm2_ctrl_str"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_DIGEST_CUSTOM, 0),
+     "pkey_sm2_digest_custom"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_INIT, 0), "pkey_sm2_init"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_SIGN, 0), "pkey_sm2_sign"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_COMPUTE_MSG_HASH, 0),
+     "sm2_compute_msg_hash"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_COMPUTE_USERID_DIGEST, 0),
+     "sm2_compute_userid_digest"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_COMPUTE_Z_DIGEST, 0),
+     "sm2_compute_z_digest"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_DECRYPT, 0), "sm2_decrypt"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_ENCRYPT, 0), "sm2_encrypt"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_PLAINTEXT_SIZE, 0), "sm2_plaintext_size"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_SIGN, 0), "sm2_sign"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_SIG_GEN, 0), "sm2_sig_gen"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_SIG_VERIFY, 0), "sm2_sig_verify"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_VERIFY, 0), "sm2_verify"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA SM2_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_ASN1_ERROR), "asn1 error"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_BAD_SIGNATURE), "bad signature"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_BUFFER_TOO_SMALL), "buffer too small"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_DIST_ID_TOO_LARGE), "dist id too large"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_ID_NOT_SET), "id not set"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_ID_TOO_LARGE), "id too large"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_CURVE), "invalid curve"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_DIGEST), "invalid digest"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_DIGEST_TYPE),
+    "invalid digest type"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_ENCODING), "invalid encoding"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_FIELD), "invalid field"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_NO_PARAMETERS_SET), "no parameters set"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_USER_ID_TOO_LARGE), "user id too large"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_SM2_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(SM2_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(SM2_str_functs);
+        ERR_load_strings_const(SM2_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sm2/sm2_pmeth.c b/trunk/3rdparty/openssl-1.1-fit/crypto/sm2/sm2_pmeth.c
new file mode 100644
index 000000000..d187699cc
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sm2/sm2_pmeth.c
@@ -0,0 +1,325 @@
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/ec.h>
+#include <openssl/evp.h>
+#include "internal/evp_int.h"
+#include "internal/sm2.h"
+#include "internal/sm2err.h"
+
+/* EC pkey context structure */
+
+typedef struct {
+    /* Key and paramgen group */
+    EC_GROUP *gen_group;
+    /* message digest */
+    const EVP_MD *md;
+    /* Distinguishing Identifier, ISO/IEC 15946-3 */
+    uint8_t *id;
+    size_t id_len;
+    /* id_set indicates if the 'id' field is set (1) or not (0) */
+    int id_set;
+} SM2_PKEY_CTX;
+
+static int pkey_sm2_init(EVP_PKEY_CTX *ctx)
+{
+    SM2_PKEY_CTX *smctx;
+
+    if ((smctx = OPENSSL_zalloc(sizeof(*smctx))) == NULL) {
+        SM2err(SM2_F_PKEY_SM2_INIT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    ctx->data = smctx;
+    return 1;
+}
+
+static void pkey_sm2_cleanup(EVP_PKEY_CTX *ctx)
+{
+    SM2_PKEY_CTX *smctx = ctx->data;
+
+    if (smctx != NULL) {
+        EC_GROUP_free(smctx->gen_group);
+        OPENSSL_free(smctx->id);
+        OPENSSL_free(smctx);
+        ctx->data = NULL;
+    }
+}
+
+static int pkey_sm2_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
+{
+    SM2_PKEY_CTX *dctx, *sctx;
+
+    if (!pkey_sm2_init(dst))
+        return 0;
+    sctx = src->data;
+    dctx = dst->data;
+    if (sctx->gen_group != NULL) {
+        dctx->gen_group = EC_GROUP_dup(sctx->gen_group);
+        if (dctx->gen_group == NULL) {
+            pkey_sm2_cleanup(dst);
+            return 0;
+        }
+    }
+    if (sctx->id != NULL) {
+        dctx->id = OPENSSL_malloc(sctx->id_len);
+        if (dctx->id == NULL) {
+            SM2err(SM2_F_PKEY_SM2_COPY, ERR_R_MALLOC_FAILURE);
+            pkey_sm2_cleanup(dst);
+            return 0;
+        }
+        memcpy(dctx->id, sctx->id, sctx->id_len);
+    }
+    dctx->id_len = sctx->id_len;
+    dctx->id_set = sctx->id_set;
+    dctx->md = sctx->md;
+
+    return 1;
+}
+
+static int pkey_sm2_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                         const unsigned char *tbs, size_t tbslen)
+{
+    int ret;
+    unsigned int sltmp;
+    EC_KEY *ec = ctx->pkey->pkey.ec;
+    const int sig_sz = ECDSA_size(ctx->pkey->pkey.ec);
+
+    if (sig_sz <= 0) {
+        return 0;
+    }
+
+    if (sig == NULL) {
+        *siglen = (size_t)sig_sz;
+        return 1;
+    }
+
+    if (*siglen < (size_t)sig_sz) {
+        SM2err(SM2_F_PKEY_SM2_SIGN, SM2_R_BUFFER_TOO_SMALL);
+        return 0;
+    }
+
+    ret = sm2_sign(tbs, tbslen, sig, &sltmp, ec);
+
+    if (ret <= 0)
+        return ret;
+    *siglen = (size_t)sltmp;
+    return 1;
+}
+
+static int pkey_sm2_verify(EVP_PKEY_CTX *ctx,
+                           const unsigned char *sig, size_t siglen,
+                           const unsigned char *tbs, size_t tbslen)
+{
+    EC_KEY *ec = ctx->pkey->pkey.ec;
+
+    return sm2_verify(tbs, tbslen, sig, siglen, ec);
+}
+
+static int pkey_sm2_encrypt(EVP_PKEY_CTX *ctx,
+                            unsigned char *out, size_t *outlen,
+                            const unsigned char *in, size_t inlen)
+{
+    EC_KEY *ec = ctx->pkey->pkey.ec;
+    SM2_PKEY_CTX *dctx = ctx->data;
+    const EVP_MD *md = (dctx->md == NULL) ? EVP_sm3() : dctx->md;
+
+    if (out == NULL) {
+        if (!sm2_ciphertext_size(ec, md, inlen, outlen))
+            return -1;
+        else
+            return 1;
+    }
+
+    return sm2_encrypt(ec, md, in, inlen, out, outlen);
+}
+
+static int pkey_sm2_decrypt(EVP_PKEY_CTX *ctx,
+                            unsigned char *out, size_t *outlen,
+                            const unsigned char *in, size_t inlen)
+{
+    EC_KEY *ec = ctx->pkey->pkey.ec;
+    SM2_PKEY_CTX *dctx = ctx->data;
+    const EVP_MD *md = (dctx->md == NULL) ? EVP_sm3() : dctx->md;
+
+    if (out == NULL) {
+        if (!sm2_plaintext_size(ec, md, inlen, outlen))
+            return -1;
+        else
+            return 1;
+    }
+
+    return sm2_decrypt(ec, md, in, inlen, out, outlen);
+}
+
+static int pkey_sm2_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    SM2_PKEY_CTX *smctx = ctx->data;
+    EC_GROUP *group;
+    uint8_t *tmp_id;
+
+    switch (type) {
+    case EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID:
+        group = EC_GROUP_new_by_curve_name(p1);
+        if (group == NULL) {
+            SM2err(SM2_F_PKEY_SM2_CTRL, SM2_R_INVALID_CURVE);
+            return 0;
+        }
+        EC_GROUP_free(smctx->gen_group);
+        smctx->gen_group = group;
+        return 1;
+
+    case EVP_PKEY_CTRL_EC_PARAM_ENC:
+        if (smctx->gen_group == NULL) {
+            SM2err(SM2_F_PKEY_SM2_CTRL, SM2_R_NO_PARAMETERS_SET);
+            return 0;
+        }
+        EC_GROUP_set_asn1_flag(smctx->gen_group, p1);
+        return 1;
+
+    case EVP_PKEY_CTRL_MD:
+        smctx->md = p2;
+        return 1;
+
+    case EVP_PKEY_CTRL_GET_MD:
+        *(const EVP_MD **)p2 = smctx->md;
+        return 1;
+
+    case EVP_PKEY_CTRL_SET1_ID:
+        if (p1 > 0) {
+            tmp_id = OPENSSL_malloc(p1);
+            if (tmp_id == NULL) {
+                SM2err(SM2_F_PKEY_SM2_CTRL, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+            memcpy(tmp_id, p2, p1);
+            OPENSSL_free(smctx->id);
+            smctx->id = tmp_id;
+        } else {
+            /* set null-ID */
+            OPENSSL_free(smctx->id);
+            smctx->id = NULL;
+        }
+        smctx->id_len = (size_t)p1;
+        smctx->id_set = 1;
+        return 1;
+
+    case EVP_PKEY_CTRL_GET1_ID:
+        memcpy(p2, smctx->id, smctx->id_len);
+        return 1;
+
+    case EVP_PKEY_CTRL_GET1_ID_LEN:
+        *(size_t *)p2 = smctx->id_len;
+        return 1;
+
+    default:
+        return -2;
+    }
+}
+
+static int pkey_sm2_ctrl_str(EVP_PKEY_CTX *ctx,
+                             const char *type, const char *value)
+{
+    if (strcmp(type, "ec_paramgen_curve") == 0) {
+        int nid = NID_undef;
+
+        if (((nid = EC_curve_nist2nid(value)) == NID_undef)
+            && ((nid = OBJ_sn2nid(value)) == NID_undef)
+            && ((nid = OBJ_ln2nid(value)) == NID_undef)) {
+            SM2err(SM2_F_PKEY_SM2_CTRL_STR, SM2_R_INVALID_CURVE);
+            return 0;
+        }
+        return EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid);
+    } else if (strcmp(type, "ec_param_enc") == 0) {
+        int param_enc;
+
+        if (strcmp(value, "explicit") == 0)
+            param_enc = 0;
+        else if (strcmp(value, "named_curve") == 0)
+            param_enc = OPENSSL_EC_NAMED_CURVE;
+        else
+            return -2;
+        return EVP_PKEY_CTX_set_ec_param_enc(ctx, param_enc);
+    }
+
+    return -2;
+}
+
+static int pkey_sm2_digest_custom(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
+{
+    uint8_t z[EVP_MAX_MD_SIZE];
+    SM2_PKEY_CTX *smctx = ctx->data;
+    EC_KEY *ec = ctx->pkey->pkey.ec;
+    const EVP_MD *md = EVP_MD_CTX_md(mctx);
+    int mdlen = EVP_MD_size(md);
+
+    if (!smctx->id_set) {
+        /*
+         * An ID value must be set. The specifications are not clear whether a
+         * NULL is allowed. We only allow it if set explicitly for maximum
+         * flexibility.
+         */
+        SM2err(SM2_F_PKEY_SM2_DIGEST_CUSTOM, SM2_R_ID_NOT_SET);
+        return 0;
+    }
+
+    if (mdlen < 0) {
+        SM2err(SM2_F_PKEY_SM2_DIGEST_CUSTOM, SM2_R_INVALID_DIGEST);
+        return 0;
+    }
+
+    /* get hashed prefix 'z' of tbs message */
+    if (!sm2_compute_z_digest(z, md, smctx->id, smctx->id_len, ec))
+        return 0;
+
+    return EVP_DigestUpdate(mctx, z, (size_t)mdlen);
+}
+
+const EVP_PKEY_METHOD sm2_pkey_meth = {
+    EVP_PKEY_SM2,
+    0,
+    pkey_sm2_init,
+    pkey_sm2_copy,
+    pkey_sm2_cleanup,
+
+    0,
+    0,
+
+    0,
+    0,
+
+    0,
+    pkey_sm2_sign,
+
+    0,
+    pkey_sm2_verify,
+
+    0, 0,
+
+    0, 0, 0, 0,
+
+    0,
+    pkey_sm2_encrypt,
+
+    0,
+    pkey_sm2_decrypt,
+
+    0,
+    0,
+    pkey_sm2_ctrl,
+    pkey_sm2_ctrl_str,
+
+    0, 0,
+
+    0, 0, 0,
+
+    pkey_sm2_digest_custom
+};
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sm2/sm2_sign.c b/trunk/3rdparty/openssl-1.1-fit/crypto/sm2/sm2_sign.c
new file mode 100644
index 000000000..0f9c14cb5
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sm2/sm2_sign.c
@@ -0,0 +1,479 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ * Ported from Ribose contributions from Botan.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/sm2.h"
+#include "internal/sm2err.h"
+#include "internal/ec_int.h" /* ec_group_do_inverse_ord() */
+#include "internal/numbers.h"
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <string.h>
+
+int sm2_compute_z_digest(uint8_t *out,
+                         const EVP_MD *digest,
+                         const uint8_t *id,
+                         const size_t id_len,
+                         const EC_KEY *key)
+{
+    int rc = 0;
+    const EC_GROUP *group = EC_KEY_get0_group(key);
+    BN_CTX *ctx = NULL;
+    EVP_MD_CTX *hash = NULL;
+    BIGNUM *p = NULL;
+    BIGNUM *a = NULL;
+    BIGNUM *b = NULL;
+    BIGNUM *xG = NULL;
+    BIGNUM *yG = NULL;
+    BIGNUM *xA = NULL;
+    BIGNUM *yA = NULL;
+    int p_bytes = 0;
+    uint8_t *buf = NULL;
+    uint16_t entl = 0;
+    uint8_t e_byte = 0;
+
+    hash = EVP_MD_CTX_new();
+    ctx = BN_CTX_new();
+    if (hash == NULL || ctx == NULL) {
+        SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    p = BN_CTX_get(ctx);
+    a = BN_CTX_get(ctx);
+    b = BN_CTX_get(ctx);
+    xG = BN_CTX_get(ctx);
+    yG = BN_CTX_get(ctx);
+    xA = BN_CTX_get(ctx);
+    yA = BN_CTX_get(ctx);
+
+    if (yA == NULL) {
+        SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    if (!EVP_DigestInit(hash, digest)) {
+        SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_EVP_LIB);
+        goto done;
+    }
+
+    /* Z = h(ENTL || ID || a || b || xG || yG || xA || yA) */
+
+    if (id_len >= (UINT16_MAX / 8)) {
+        /* too large */
+        SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, SM2_R_ID_TOO_LARGE);
+        goto done;
+    }
+
+    entl = (uint16_t)(8 * id_len);
+
+    e_byte = entl >> 8;
+    if (!EVP_DigestUpdate(hash, &e_byte, 1)) {
+        SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_EVP_LIB);
+        goto done;
+    }
+    e_byte = entl & 0xFF;
+    if (!EVP_DigestUpdate(hash, &e_byte, 1)) {
+        SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_EVP_LIB);
+        goto done;
+    }
+
+    if (id_len > 0 && !EVP_DigestUpdate(hash, id, id_len)) {
+        SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_EVP_LIB);
+        goto done;
+    }
+
+    if (!EC_GROUP_get_curve(group, p, a, b, ctx)) {
+        SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_EC_LIB);
+        goto done;
+    }
+
+    p_bytes = BN_num_bytes(p);
+    buf = OPENSSL_zalloc(p_bytes);
+    if (buf == NULL) {
+        SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    if (BN_bn2binpad(a, buf, p_bytes) < 0
+            || !EVP_DigestUpdate(hash, buf, p_bytes)
+            || BN_bn2binpad(b, buf, p_bytes) < 0
+            || !EVP_DigestUpdate(hash, buf, p_bytes)
+            || !EC_POINT_get_affine_coordinates(group,
+                                                EC_GROUP_get0_generator(group),
+                                                xG, yG, ctx)
+            || BN_bn2binpad(xG, buf, p_bytes) < 0
+            || !EVP_DigestUpdate(hash, buf, p_bytes)
+            || BN_bn2binpad(yG, buf, p_bytes) < 0
+            || !EVP_DigestUpdate(hash, buf, p_bytes)
+            || !EC_POINT_get_affine_coordinates(group,
+                                                EC_KEY_get0_public_key(key),
+                                                xA, yA, ctx)
+            || BN_bn2binpad(xA, buf, p_bytes) < 0
+            || !EVP_DigestUpdate(hash, buf, p_bytes)
+            || BN_bn2binpad(yA, buf, p_bytes) < 0
+            || !EVP_DigestUpdate(hash, buf, p_bytes)
+            || !EVP_DigestFinal(hash, out, NULL)) {
+        SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_INTERNAL_ERROR);
+        goto done;
+    }
+
+    rc = 1;
+
+ done:
+    OPENSSL_free(buf);
+    BN_CTX_free(ctx);
+    EVP_MD_CTX_free(hash);
+    return rc;
+}
+
+static BIGNUM *sm2_compute_msg_hash(const EVP_MD *digest,
+                                    const EC_KEY *key,
+                                    const uint8_t *id,
+                                    const size_t id_len,
+                                    const uint8_t *msg, size_t msg_len)
+{
+    EVP_MD_CTX *hash = EVP_MD_CTX_new();
+    const int md_size = EVP_MD_size(digest);
+    uint8_t *z = NULL;
+    BIGNUM *e = NULL;
+
+    if (md_size < 0) {
+        SM2err(SM2_F_SM2_COMPUTE_MSG_HASH, SM2_R_INVALID_DIGEST);
+        goto done;
+    }
+
+    z = OPENSSL_zalloc(md_size);
+    if (hash == NULL || z == NULL) {
+        SM2err(SM2_F_SM2_COMPUTE_MSG_HASH, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    if (!sm2_compute_z_digest(z, digest, id, id_len, key)) {
+        /* SM2err already called */
+        goto done;
+    }
+
+    if (!EVP_DigestInit(hash, digest)
+            || !EVP_DigestUpdate(hash, z, md_size)
+            || !EVP_DigestUpdate(hash, msg, msg_len)
+               /* reuse z buffer to hold H(Z || M) */
+            || !EVP_DigestFinal(hash, z, NULL)) {
+        SM2err(SM2_F_SM2_COMPUTE_MSG_HASH, ERR_R_EVP_LIB);
+        goto done;
+    }
+
+    e = BN_bin2bn(z, md_size, NULL);
+    if (e == NULL)
+        SM2err(SM2_F_SM2_COMPUTE_MSG_HASH, ERR_R_INTERNAL_ERROR);
+
+ done:
+    OPENSSL_free(z);
+    EVP_MD_CTX_free(hash);
+    return e;
+}
+
+static ECDSA_SIG *sm2_sig_gen(const EC_KEY *key, const BIGNUM *e)
+{
+    const BIGNUM *dA = EC_KEY_get0_private_key(key);
+    const EC_GROUP *group = EC_KEY_get0_group(key);
+    const BIGNUM *order = EC_GROUP_get0_order(group);
+    ECDSA_SIG *sig = NULL;
+    EC_POINT *kG = NULL;
+    BN_CTX *ctx = NULL;
+    BIGNUM *k = NULL;
+    BIGNUM *rk = NULL;
+    BIGNUM *r = NULL;
+    BIGNUM *s = NULL;
+    BIGNUM *x1 = NULL;
+    BIGNUM *tmp = NULL;
+
+    kG = EC_POINT_new(group);
+    ctx = BN_CTX_new();
+    if (kG == NULL || ctx == NULL) {
+        SM2err(SM2_F_SM2_SIG_GEN, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    BN_CTX_start(ctx);
+    k = BN_CTX_get(ctx);
+    rk = BN_CTX_get(ctx);
+    x1 = BN_CTX_get(ctx);
+    tmp = BN_CTX_get(ctx);
+    if (tmp == NULL) {
+        SM2err(SM2_F_SM2_SIG_GEN, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    /*
+     * These values are returned and so should not be allocated out of the
+     * context
+     */
+    r = BN_new();
+    s = BN_new();
+
+    if (r == NULL || s == NULL) {
+        SM2err(SM2_F_SM2_SIG_GEN, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    for (;;) {
+        if (!BN_priv_rand_range(k, order)) {
+            SM2err(SM2_F_SM2_SIG_GEN, ERR_R_INTERNAL_ERROR);
+            goto done;
+        }
+
+        if (!EC_POINT_mul(group, kG, k, NULL, NULL, ctx)
+                || !EC_POINT_get_affine_coordinates(group, kG, x1, NULL,
+                                                    ctx)
+                || !BN_mod_add(r, e, x1, order, ctx)) {
+            SM2err(SM2_F_SM2_SIG_GEN, ERR_R_INTERNAL_ERROR);
+            goto done;
+        }
+
+        /* try again if r == 0 or r+k == n */
+        if (BN_is_zero(r))
+            continue;
+
+        if (!BN_add(rk, r, k)) {
+            SM2err(SM2_F_SM2_SIG_GEN, ERR_R_INTERNAL_ERROR);
+            goto done;
+        }
+
+        if (BN_cmp(rk, order) == 0)
+            continue;
+
+        if (!BN_add(s, dA, BN_value_one())
+                || !ec_group_do_inverse_ord(group, s, s, ctx)
+                || !BN_mod_mul(tmp, dA, r, order, ctx)
+                || !BN_sub(tmp, k, tmp)
+                || !BN_mod_mul(s, s, tmp, order, ctx)) {
+            SM2err(SM2_F_SM2_SIG_GEN, ERR_R_BN_LIB);
+            goto done;
+        }
+
+        sig = ECDSA_SIG_new();
+        if (sig == NULL) {
+            SM2err(SM2_F_SM2_SIG_GEN, ERR_R_MALLOC_FAILURE);
+            goto done;
+        }
+
+         /* takes ownership of r and s */
+        ECDSA_SIG_set0(sig, r, s);
+        break;
+    }
+
+ done:
+    if (sig == NULL) {
+        BN_free(r);
+        BN_free(s);
+    }
+
+    BN_CTX_free(ctx);
+    EC_POINT_free(kG);
+    return sig;
+}
+
+static int sm2_sig_verify(const EC_KEY *key, const ECDSA_SIG *sig,
+                          const BIGNUM *e)
+{
+    int ret = 0;
+    const EC_GROUP *group = EC_KEY_get0_group(key);
+    const BIGNUM *order = EC_GROUP_get0_order(group);
+    BN_CTX *ctx = NULL;
+    EC_POINT *pt = NULL;
+    BIGNUM *t = NULL;
+    BIGNUM *x1 = NULL;
+    const BIGNUM *r = NULL;
+    const BIGNUM *s = NULL;
+
+    ctx = BN_CTX_new();
+    pt = EC_POINT_new(group);
+    if (ctx == NULL || pt == NULL) {
+        SM2err(SM2_F_SM2_SIG_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    BN_CTX_start(ctx);
+    t = BN_CTX_get(ctx);
+    x1 = BN_CTX_get(ctx);
+    if (x1 == NULL) {
+        SM2err(SM2_F_SM2_SIG_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    /*
+     * B1: verify whether r' in [1,n-1], verification failed if not
+     * B2: vefify whether s' in [1,n-1], verification failed if not
+     * B3: set M'~=ZA || M'
+     * B4: calculate e'=Hv(M'~)
+     * B5: calculate t = (r' + s') modn, verification failed if t=0
+     * B6: calculate the point (x1', y1')=[s']G + [t]PA
+     * B7: calculate R=(e'+x1') modn, verfication pass if yes, otherwise failed
+     */
+
+    ECDSA_SIG_get0(sig, &r, &s);
+
+    if (BN_cmp(r, BN_value_one()) < 0
+            || BN_cmp(s, BN_value_one()) < 0
+            || BN_cmp(order, r) <= 0
+            || BN_cmp(order, s) <= 0) {
+        SM2err(SM2_F_SM2_SIG_VERIFY, SM2_R_BAD_SIGNATURE);
+        goto done;
+    }
+
+    if (!BN_mod_add(t, r, s, order, ctx)) {
+        SM2err(SM2_F_SM2_SIG_VERIFY, ERR_R_BN_LIB);
+        goto done;
+    }
+
+    if (BN_is_zero(t)) {
+        SM2err(SM2_F_SM2_SIG_VERIFY, SM2_R_BAD_SIGNATURE);
+        goto done;
+    }
+
+    if (!EC_POINT_mul(group, pt, s, EC_KEY_get0_public_key(key), t, ctx)
+            || !EC_POINT_get_affine_coordinates(group, pt, x1, NULL, ctx)) {
+        SM2err(SM2_F_SM2_SIG_VERIFY, ERR_R_EC_LIB);
+        goto done;
+    }
+
+    if (!BN_mod_add(t, e, x1, order, ctx)) {
+        SM2err(SM2_F_SM2_SIG_VERIFY, ERR_R_BN_LIB);
+        goto done;
+    }
+
+    if (BN_cmp(r, t) == 0)
+        ret = 1;
+
+ done:
+    EC_POINT_free(pt);
+    BN_CTX_free(ctx);
+    return ret;
+}
+
+ECDSA_SIG *sm2_do_sign(const EC_KEY *key,
+                       const EVP_MD *digest,
+                       const uint8_t *id,
+                       const size_t id_len,
+                       const uint8_t *msg, size_t msg_len)
+{
+    BIGNUM *e = NULL;
+    ECDSA_SIG *sig = NULL;
+
+    e = sm2_compute_msg_hash(digest, key, id, id_len, msg, msg_len);
+    if (e == NULL) {
+        /* SM2err already called */
+        goto done;
+    }
+
+    sig = sm2_sig_gen(key, e);
+
+ done:
+    BN_free(e);
+    return sig;
+}
+
+int sm2_do_verify(const EC_KEY *key,
+                  const EVP_MD *digest,
+                  const ECDSA_SIG *sig,
+                  const uint8_t *id,
+                  const size_t id_len,
+                  const uint8_t *msg, size_t msg_len)
+{
+    BIGNUM *e = NULL;
+    int ret = 0;
+
+    e = sm2_compute_msg_hash(digest, key, id, id_len, msg, msg_len);
+    if (e == NULL) {
+        /* SM2err already called */
+        goto done;
+    }
+
+    ret = sm2_sig_verify(key, sig, e);
+
+ done:
+    BN_free(e);
+    return ret;
+}
+
+int sm2_sign(const unsigned char *dgst, int dgstlen,
+             unsigned char *sig, unsigned int *siglen, EC_KEY *eckey)
+{
+    BIGNUM *e = NULL;
+    ECDSA_SIG *s = NULL;
+    int sigleni;
+    int ret = -1;
+
+    e = BN_bin2bn(dgst, dgstlen, NULL);
+    if (e == NULL) {
+       SM2err(SM2_F_SM2_SIGN, ERR_R_BN_LIB);
+       goto done;
+    }
+
+    s = sm2_sig_gen(eckey, e);
+
+    sigleni = i2d_ECDSA_SIG(s, &sig);
+    if (sigleni < 0) {
+       SM2err(SM2_F_SM2_SIGN, ERR_R_INTERNAL_ERROR);
+       goto done;
+    }
+    *siglen = (unsigned int)sigleni;
+
+    ret = 1;
+
+ done:
+    ECDSA_SIG_free(s);
+    BN_free(e);
+    return ret;
+}
+
+int sm2_verify(const unsigned char *dgst, int dgstlen,
+               const unsigned char *sig, int sig_len, EC_KEY *eckey)
+{
+    ECDSA_SIG *s = NULL;
+    BIGNUM *e = NULL;
+    const unsigned char *p = sig;
+    unsigned char *der = NULL;
+    int derlen = -1;
+    int ret = -1;
+
+    s = ECDSA_SIG_new();
+    if (s == NULL) {
+        SM2err(SM2_F_SM2_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+    if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL) {
+        SM2err(SM2_F_SM2_VERIFY, SM2_R_INVALID_ENCODING);
+        goto done;
+    }
+    /* Ensure signature uses DER and doesn't have trailing garbage */
+    derlen = i2d_ECDSA_SIG(s, &der);
+    if (derlen != sig_len || memcmp(sig, der, derlen) != 0) {
+        SM2err(SM2_F_SM2_VERIFY, SM2_R_INVALID_ENCODING);
+        goto done;
+    }
+
+    e = BN_bin2bn(dgst, dgstlen, NULL);
+    if (e == NULL) {
+        SM2err(SM2_F_SM2_VERIFY, ERR_R_BN_LIB);
+        goto done;
+    }
+
+    ret = sm2_sig_verify(eckey, s, e);
+
+ done:
+    OPENSSL_free(der);
+    BN_free(e);
+    ECDSA_SIG_free(s);
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sm3/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/sm3/build.info
new file mode 100644
index 000000000..6009b1949
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sm3/build.info
@@ -0,0 +1,2 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=sm3.c m_sm3.c
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sm3/m_sm3.c b/trunk/3rdparty/openssl-1.1-fit/crypto/sm3/m_sm3.c
new file mode 100644
index 000000000..85538dc8a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sm3/m_sm3.c
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_SM3
+# include <openssl/evp.h>
+# include "internal/evp_int.h"
+# include "internal/sm3.h"
+
+static int init(EVP_MD_CTX *ctx)
+{
+    return sm3_init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return sm3_update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return sm3_final(md, EVP_MD_CTX_md_data(ctx));
+}
+
+static const EVP_MD sm3_md = {
+    NID_sm3,
+    NID_sm3WithRSAEncryption,
+    SM3_DIGEST_LENGTH,
+    0,
+    init,
+    update,
+    final,
+    NULL,
+    NULL,
+    SM3_CBLOCK,
+    sizeof(EVP_MD *) + sizeof(SM3_CTX),
+};
+
+const EVP_MD *EVP_sm3(void)
+{
+    return &sm3_md;
+}
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sm3/sm3.c b/trunk/3rdparty/openssl-1.1-fit/crypto/sm3/sm3.c
new file mode 100644
index 000000000..1588dd115
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sm3/sm3.c
@@ -0,0 +1,196 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ * Ported from Ribose contributions from Botan.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/e_os2.h>
+#include "sm3_locl.h"
+
+int sm3_init(SM3_CTX *c)
+{
+    memset(c, 0, sizeof(*c));
+    c->A = SM3_A;
+    c->B = SM3_B;
+    c->C = SM3_C;
+    c->D = SM3_D;
+    c->E = SM3_E;
+    c->F = SM3_F;
+    c->G = SM3_G;
+    c->H = SM3_H;
+    return 1;
+}
+
+void sm3_block_data_order(SM3_CTX *ctx, const void *p, size_t num)
+{
+    const unsigned char *data = p;
+    register unsigned MD32_REG_T A, B, C, D, E, F, G, H;
+
+    unsigned MD32_REG_T W00, W01, W02, W03, W04, W05, W06, W07,
+        W08, W09, W10, W11, W12, W13, W14, W15;
+
+    for (; num--;) {
+
+        A = ctx->A;
+        B = ctx->B;
+        C = ctx->C;
+        D = ctx->D;
+        E = ctx->E;
+        F = ctx->F;
+        G = ctx->G;
+        H = ctx->H;
+
+        /*
+        * We have to load all message bytes immediately since SM3 reads
+        * them slightly out of order.
+        */
+        (void)HOST_c2l(data, W00);
+        (void)HOST_c2l(data, W01);
+        (void)HOST_c2l(data, W02);
+        (void)HOST_c2l(data, W03);
+        (void)HOST_c2l(data, W04);
+        (void)HOST_c2l(data, W05);
+        (void)HOST_c2l(data, W06);
+        (void)HOST_c2l(data, W07);
+        (void)HOST_c2l(data, W08);
+        (void)HOST_c2l(data, W09);
+        (void)HOST_c2l(data, W10);
+        (void)HOST_c2l(data, W11);
+        (void)HOST_c2l(data, W12);
+        (void)HOST_c2l(data, W13);
+        (void)HOST_c2l(data, W14);
+        (void)HOST_c2l(data, W15);
+
+        R1(A, B, C, D, E, F, G, H, 0x79CC4519, W00, W00 ^ W04);
+        W00 = EXPAND(W00, W07, W13, W03, W10);
+        R1(D, A, B, C, H, E, F, G, 0xF3988A32, W01, W01 ^ W05);
+        W01 = EXPAND(W01, W08, W14, W04, W11);
+        R1(C, D, A, B, G, H, E, F, 0xE7311465, W02, W02 ^ W06);
+        W02 = EXPAND(W02, W09, W15, W05, W12);
+        R1(B, C, D, A, F, G, H, E, 0xCE6228CB, W03, W03 ^ W07);
+        W03 = EXPAND(W03, W10, W00, W06, W13);
+        R1(A, B, C, D, E, F, G, H, 0x9CC45197, W04, W04 ^ W08);
+        W04 = EXPAND(W04, W11, W01, W07, W14);
+        R1(D, A, B, C, H, E, F, G, 0x3988A32F, W05, W05 ^ W09);
+        W05 = EXPAND(W05, W12, W02, W08, W15);
+        R1(C, D, A, B, G, H, E, F, 0x7311465E, W06, W06 ^ W10);
+        W06 = EXPAND(W06, W13, W03, W09, W00);
+        R1(B, C, D, A, F, G, H, E, 0xE6228CBC, W07, W07 ^ W11);
+        W07 = EXPAND(W07, W14, W04, W10, W01);
+        R1(A, B, C, D, E, F, G, H, 0xCC451979, W08, W08 ^ W12);
+        W08 = EXPAND(W08, W15, W05, W11, W02);
+        R1(D, A, B, C, H, E, F, G, 0x988A32F3, W09, W09 ^ W13);
+        W09 = EXPAND(W09, W00, W06, W12, W03);
+        R1(C, D, A, B, G, H, E, F, 0x311465E7, W10, W10 ^ W14);
+        W10 = EXPAND(W10, W01, W07, W13, W04);
+        R1(B, C, D, A, F, G, H, E, 0x6228CBCE, W11, W11 ^ W15);
+        W11 = EXPAND(W11, W02, W08, W14, W05);
+        R1(A, B, C, D, E, F, G, H, 0xC451979C, W12, W12 ^ W00);
+        W12 = EXPAND(W12, W03, W09, W15, W06);
+        R1(D, A, B, C, H, E, F, G, 0x88A32F39, W13, W13 ^ W01);
+        W13 = EXPAND(W13, W04, W10, W00, W07);
+        R1(C, D, A, B, G, H, E, F, 0x11465E73, W14, W14 ^ W02);
+        W14 = EXPAND(W14, W05, W11, W01, W08);
+        R1(B, C, D, A, F, G, H, E, 0x228CBCE6, W15, W15 ^ W03);
+        W15 = EXPAND(W15, W06, W12, W02, W09);
+        R2(A, B, C, D, E, F, G, H, 0x9D8A7A87, W00, W00 ^ W04);
+        W00 = EXPAND(W00, W07, W13, W03, W10);
+        R2(D, A, B, C, H, E, F, G, 0x3B14F50F, W01, W01 ^ W05);
+        W01 = EXPAND(W01, W08, W14, W04, W11);
+        R2(C, D, A, B, G, H, E, F, 0x7629EA1E, W02, W02 ^ W06);
+        W02 = EXPAND(W02, W09, W15, W05, W12);
+        R2(B, C, D, A, F, G, H, E, 0xEC53D43C, W03, W03 ^ W07);
+        W03 = EXPAND(W03, W10, W00, W06, W13);
+        R2(A, B, C, D, E, F, G, H, 0xD8A7A879, W04, W04 ^ W08);
+        W04 = EXPAND(W04, W11, W01, W07, W14);
+        R2(D, A, B, C, H, E, F, G, 0xB14F50F3, W05, W05 ^ W09);
+        W05 = EXPAND(W05, W12, W02, W08, W15);
+        R2(C, D, A, B, G, H, E, F, 0x629EA1E7, W06, W06 ^ W10);
+        W06 = EXPAND(W06, W13, W03, W09, W00);
+        R2(B, C, D, A, F, G, H, E, 0xC53D43CE, W07, W07 ^ W11);
+        W07 = EXPAND(W07, W14, W04, W10, W01);
+        R2(A, B, C, D, E, F, G, H, 0x8A7A879D, W08, W08 ^ W12);
+        W08 = EXPAND(W08, W15, W05, W11, W02);
+        R2(D, A, B, C, H, E, F, G, 0x14F50F3B, W09, W09 ^ W13);
+        W09 = EXPAND(W09, W00, W06, W12, W03);
+        R2(C, D, A, B, G, H, E, F, 0x29EA1E76, W10, W10 ^ W14);
+        W10 = EXPAND(W10, W01, W07, W13, W04);
+        R2(B, C, D, A, F, G, H, E, 0x53D43CEC, W11, W11 ^ W15);
+        W11 = EXPAND(W11, W02, W08, W14, W05);
+        R2(A, B, C, D, E, F, G, H, 0xA7A879D8, W12, W12 ^ W00);
+        W12 = EXPAND(W12, W03, W09, W15, W06);
+        R2(D, A, B, C, H, E, F, G, 0x4F50F3B1, W13, W13 ^ W01);
+        W13 = EXPAND(W13, W04, W10, W00, W07);
+        R2(C, D, A, B, G, H, E, F, 0x9EA1E762, W14, W14 ^ W02);
+        W14 = EXPAND(W14, W05, W11, W01, W08);
+        R2(B, C, D, A, F, G, H, E, 0x3D43CEC5, W15, W15 ^ W03);
+        W15 = EXPAND(W15, W06, W12, W02, W09);
+        R2(A, B, C, D, E, F, G, H, 0x7A879D8A, W00, W00 ^ W04);
+        W00 = EXPAND(W00, W07, W13, W03, W10);
+        R2(D, A, B, C, H, E, F, G, 0xF50F3B14, W01, W01 ^ W05);
+        W01 = EXPAND(W01, W08, W14, W04, W11);
+        R2(C, D, A, B, G, H, E, F, 0xEA1E7629, W02, W02 ^ W06);
+        W02 = EXPAND(W02, W09, W15, W05, W12);
+        R2(B, C, D, A, F, G, H, E, 0xD43CEC53, W03, W03 ^ W07);
+        W03 = EXPAND(W03, W10, W00, W06, W13);
+        R2(A, B, C, D, E, F, G, H, 0xA879D8A7, W04, W04 ^ W08);
+        W04 = EXPAND(W04, W11, W01, W07, W14);
+        R2(D, A, B, C, H, E, F, G, 0x50F3B14F, W05, W05 ^ W09);
+        W05 = EXPAND(W05, W12, W02, W08, W15);
+        R2(C, D, A, B, G, H, E, F, 0xA1E7629E, W06, W06 ^ W10);
+        W06 = EXPAND(W06, W13, W03, W09, W00);
+        R2(B, C, D, A, F, G, H, E, 0x43CEC53D, W07, W07 ^ W11);
+        W07 = EXPAND(W07, W14, W04, W10, W01);
+        R2(A, B, C, D, E, F, G, H, 0x879D8A7A, W08, W08 ^ W12);
+        W08 = EXPAND(W08, W15, W05, W11, W02);
+        R2(D, A, B, C, H, E, F, G, 0x0F3B14F5, W09, W09 ^ W13);
+        W09 = EXPAND(W09, W00, W06, W12, W03);
+        R2(C, D, A, B, G, H, E, F, 0x1E7629EA, W10, W10 ^ W14);
+        W10 = EXPAND(W10, W01, W07, W13, W04);
+        R2(B, C, D, A, F, G, H, E, 0x3CEC53D4, W11, W11 ^ W15);
+        W11 = EXPAND(W11, W02, W08, W14, W05);
+        R2(A, B, C, D, E, F, G, H, 0x79D8A7A8, W12, W12 ^ W00);
+        W12 = EXPAND(W12, W03, W09, W15, W06);
+        R2(D, A, B, C, H, E, F, G, 0xF3B14F50, W13, W13 ^ W01);
+        W13 = EXPAND(W13, W04, W10, W00, W07);
+        R2(C, D, A, B, G, H, E, F, 0xE7629EA1, W14, W14 ^ W02);
+        W14 = EXPAND(W14, W05, W11, W01, W08);
+        R2(B, C, D, A, F, G, H, E, 0xCEC53D43, W15, W15 ^ W03);
+        W15 = EXPAND(W15, W06, W12, W02, W09);
+        R2(A, B, C, D, E, F, G, H, 0x9D8A7A87, W00, W00 ^ W04);
+        W00 = EXPAND(W00, W07, W13, W03, W10);
+        R2(D, A, B, C, H, E, F, G, 0x3B14F50F, W01, W01 ^ W05);
+        W01 = EXPAND(W01, W08, W14, W04, W11);
+        R2(C, D, A, B, G, H, E, F, 0x7629EA1E, W02, W02 ^ W06);
+        W02 = EXPAND(W02, W09, W15, W05, W12);
+        R2(B, C, D, A, F, G, H, E, 0xEC53D43C, W03, W03 ^ W07);
+        W03 = EXPAND(W03, W10, W00, W06, W13);
+        R2(A, B, C, D, E, F, G, H, 0xD8A7A879, W04, W04 ^ W08);
+        R2(D, A, B, C, H, E, F, G, 0xB14F50F3, W05, W05 ^ W09);
+        R2(C, D, A, B, G, H, E, F, 0x629EA1E7, W06, W06 ^ W10);
+        R2(B, C, D, A, F, G, H, E, 0xC53D43CE, W07, W07 ^ W11);
+        R2(A, B, C, D, E, F, G, H, 0x8A7A879D, W08, W08 ^ W12);
+        R2(D, A, B, C, H, E, F, G, 0x14F50F3B, W09, W09 ^ W13);
+        R2(C, D, A, B, G, H, E, F, 0x29EA1E76, W10, W10 ^ W14);
+        R2(B, C, D, A, F, G, H, E, 0x53D43CEC, W11, W11 ^ W15);
+        R2(A, B, C, D, E, F, G, H, 0xA7A879D8, W12, W12 ^ W00);
+        R2(D, A, B, C, H, E, F, G, 0x4F50F3B1, W13, W13 ^ W01);
+        R2(C, D, A, B, G, H, E, F, 0x9EA1E762, W14, W14 ^ W02);
+        R2(B, C, D, A, F, G, H, E, 0x3D43CEC5, W15, W15 ^ W03);
+
+        ctx->A ^= A;
+        ctx->B ^= B;
+        ctx->C ^= C;
+        ctx->D ^= D;
+        ctx->E ^= E;
+        ctx->F ^= F;
+        ctx->G ^= G;
+        ctx->H ^= H;
+    }
+}
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sm3/sm3_locl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/sm3/sm3_locl.h
new file mode 100644
index 000000000..efa6db57c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sm3/sm3_locl.h
@@ -0,0 +1,79 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ * Ported from Ribose contributions from Botan.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include "internal/sm3.h"
+
+#define DATA_ORDER_IS_BIG_ENDIAN
+
+#define HASH_LONG               SM3_WORD
+#define HASH_CTX                SM3_CTX
+#define HASH_CBLOCK             SM3_CBLOCK
+#define HASH_UPDATE             sm3_update
+#define HASH_TRANSFORM          sm3_transform
+#define HASH_FINAL              sm3_final
+#define HASH_MAKE_STRING(c, s)              \
+      do {                                  \
+        unsigned long ll;                   \
+        ll=(c)->A; (void)HOST_l2c(ll, (s)); \
+        ll=(c)->B; (void)HOST_l2c(ll, (s)); \
+        ll=(c)->C; (void)HOST_l2c(ll, (s)); \
+        ll=(c)->D; (void)HOST_l2c(ll, (s)); \
+        ll=(c)->E; (void)HOST_l2c(ll, (s)); \
+        ll=(c)->F; (void)HOST_l2c(ll, (s)); \
+        ll=(c)->G; (void)HOST_l2c(ll, (s)); \
+        ll=(c)->H; (void)HOST_l2c(ll, (s)); \
+      } while (0)
+#define HASH_BLOCK_DATA_ORDER   sm3_block_data_order
+
+void sm3_transform(SM3_CTX *c, const unsigned char *data);
+
+#include "internal/md32_common.h"
+
+#define P0(X) (X ^ ROTATE(X, 9) ^ ROTATE(X, 17))
+#define P1(X) (X ^ ROTATE(X, 15) ^ ROTATE(X, 23))
+
+#define FF0(X,Y,Z) (X ^ Y ^ Z)
+#define GG0(X,Y,Z) (X ^ Y ^ Z)
+
+#define FF1(X,Y,Z) ((X & Y) | ((X | Y) & Z))
+#define GG1(X,Y,Z) ((Z ^ (X & (Y ^ Z))))
+
+#define EXPAND(W0,W7,W13,W3,W10) \
+   (P1(W0 ^ W7 ^ ROTATE(W13, 15)) ^ ROTATE(W3, 7) ^ W10)
+
+#define RND(A, B, C, D, E, F, G, H, TJ, Wi, Wj, FF, GG)           \
+     do {                                                         \
+       const SM3_WORD A12 = ROTATE(A, 12);                        \
+       const SM3_WORD A12_SM = A12 + E + TJ;                      \
+       const SM3_WORD SS1 = ROTATE(A12_SM, 7);                    \
+       const SM3_WORD TT1 = FF(A, B, C) + D + (SS1 ^ A12) + (Wj); \
+       const SM3_WORD TT2 = GG(E, F, G) + H + SS1 + Wi;           \
+       B = ROTATE(B, 9);                                          \
+       D = TT1;                                                   \
+       F = ROTATE(F, 19);                                         \
+       H = P0(TT2);                                               \
+     } while(0)
+
+#define R1(A,B,C,D,E,F,G,H,TJ,Wi,Wj) \
+   RND(A,B,C,D,E,F,G,H,TJ,Wi,Wj,FF0,GG0)
+
+#define R2(A,B,C,D,E,F,G,H,TJ,Wi,Wj) \
+   RND(A,B,C,D,E,F,G,H,TJ,Wi,Wj,FF1,GG1)
+
+#define SM3_A 0x7380166fUL
+#define SM3_B 0x4914b2b9UL
+#define SM3_C 0x172442d7UL
+#define SM3_D 0xda8a0600UL
+#define SM3_E 0xa96f30bcUL
+#define SM3_F 0x163138aaUL
+#define SM3_G 0xe38dee4dUL
+#define SM3_H 0xb0fb0e4eUL
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sm4/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/sm4/build.info
new file mode 100644
index 000000000..b65a7d149
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sm4/build.info
@@ -0,0 +1,4 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        sm4.c
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sm4/sm4.c b/trunk/3rdparty/openssl-1.1-fit/crypto/sm4/sm4.c
new file mode 100644
index 000000000..0c819a4b6
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sm4/sm4.c
@@ -0,0 +1,233 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ * Ported from Ribose contributions from Botan.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/e_os2.h>
+#include "internal/sm4.h"
+
+static const uint8_t SM4_S[256] = {
+    0xD6, 0x90, 0xE9, 0xFE, 0xCC, 0xE1, 0x3D, 0xB7, 0x16, 0xB6, 0x14, 0xC2,
+    0x28, 0xFB, 0x2C, 0x05, 0x2B, 0x67, 0x9A, 0x76, 0x2A, 0xBE, 0x04, 0xC3,
+    0xAA, 0x44, 0x13, 0x26, 0x49, 0x86, 0x06, 0x99, 0x9C, 0x42, 0x50, 0xF4,
+    0x91, 0xEF, 0x98, 0x7A, 0x33, 0x54, 0x0B, 0x43, 0xED, 0xCF, 0xAC, 0x62,
+    0xE4, 0xB3, 0x1C, 0xA9, 0xC9, 0x08, 0xE8, 0x95, 0x80, 0xDF, 0x94, 0xFA,
+    0x75, 0x8F, 0x3F, 0xA6, 0x47, 0x07, 0xA7, 0xFC, 0xF3, 0x73, 0x17, 0xBA,
+    0x83, 0x59, 0x3C, 0x19, 0xE6, 0x85, 0x4F, 0xA8, 0x68, 0x6B, 0x81, 0xB2,
+    0x71, 0x64, 0xDA, 0x8B, 0xF8, 0xEB, 0x0F, 0x4B, 0x70, 0x56, 0x9D, 0x35,
+    0x1E, 0x24, 0x0E, 0x5E, 0x63, 0x58, 0xD1, 0xA2, 0x25, 0x22, 0x7C, 0x3B,
+    0x01, 0x21, 0x78, 0x87, 0xD4, 0x00, 0x46, 0x57, 0x9F, 0xD3, 0x27, 0x52,
+    0x4C, 0x36, 0x02, 0xE7, 0xA0, 0xC4, 0xC8, 0x9E, 0xEA, 0xBF, 0x8A, 0xD2,
+    0x40, 0xC7, 0x38, 0xB5, 0xA3, 0xF7, 0xF2, 0xCE, 0xF9, 0x61, 0x15, 0xA1,
+    0xE0, 0xAE, 0x5D, 0xA4, 0x9B, 0x34, 0x1A, 0x55, 0xAD, 0x93, 0x32, 0x30,
+    0xF5, 0x8C, 0xB1, 0xE3, 0x1D, 0xF6, 0xE2, 0x2E, 0x82, 0x66, 0xCA, 0x60,
+    0xC0, 0x29, 0x23, 0xAB, 0x0D, 0x53, 0x4E, 0x6F, 0xD5, 0xDB, 0x37, 0x45,
+    0xDE, 0xFD, 0x8E, 0x2F, 0x03, 0xFF, 0x6A, 0x72, 0x6D, 0x6C, 0x5B, 0x51,
+    0x8D, 0x1B, 0xAF, 0x92, 0xBB, 0xDD, 0xBC, 0x7F, 0x11, 0xD9, 0x5C, 0x41,
+    0x1F, 0x10, 0x5A, 0xD8, 0x0A, 0xC1, 0x31, 0x88, 0xA5, 0xCD, 0x7B, 0xBD,
+    0x2D, 0x74, 0xD0, 0x12, 0xB8, 0xE5, 0xB4, 0xB0, 0x89, 0x69, 0x97, 0x4A,
+    0x0C, 0x96, 0x77, 0x7E, 0x65, 0xB9, 0xF1, 0x09, 0xC5, 0x6E, 0xC6, 0x84,
+    0x18, 0xF0, 0x7D, 0xEC, 0x3A, 0xDC, 0x4D, 0x20, 0x79, 0xEE, 0x5F, 0x3E,
+    0xD7, 0xCB, 0x39, 0x48
+};
+
+/*
+ * SM4_SBOX_T[j] == L(SM4_SBOX[j]).
+ */
+static const uint32_t SM4_SBOX_T[256] = {
+    0x8ED55B5B, 0xD0924242, 0x4DEAA7A7, 0x06FDFBFB, 0xFCCF3333, 0x65E28787,
+    0xC93DF4F4, 0x6BB5DEDE, 0x4E165858, 0x6EB4DADA, 0x44145050, 0xCAC10B0B,
+    0x8828A0A0, 0x17F8EFEF, 0x9C2CB0B0, 0x11051414, 0x872BACAC, 0xFB669D9D,
+    0xF2986A6A, 0xAE77D9D9, 0x822AA8A8, 0x46BCFAFA, 0x14041010, 0xCFC00F0F,
+    0x02A8AAAA, 0x54451111, 0x5F134C4C, 0xBE269898, 0x6D482525, 0x9E841A1A,
+    0x1E061818, 0xFD9B6666, 0xEC9E7272, 0x4A430909, 0x10514141, 0x24F7D3D3,
+    0xD5934646, 0x53ECBFBF, 0xF89A6262, 0x927BE9E9, 0xFF33CCCC, 0x04555151,
+    0x270B2C2C, 0x4F420D0D, 0x59EEB7B7, 0xF3CC3F3F, 0x1CAEB2B2, 0xEA638989,
+    0x74E79393, 0x7FB1CECE, 0x6C1C7070, 0x0DABA6A6, 0xEDCA2727, 0x28082020,
+    0x48EBA3A3, 0xC1975656, 0x80820202, 0xA3DC7F7F, 0xC4965252, 0x12F9EBEB,
+    0xA174D5D5, 0xB38D3E3E, 0xC33FFCFC, 0x3EA49A9A, 0x5B461D1D, 0x1B071C1C,
+    0x3BA59E9E, 0x0CFFF3F3, 0x3FF0CFCF, 0xBF72CDCD, 0x4B175C5C, 0x52B8EAEA,
+    0x8F810E0E, 0x3D586565, 0xCC3CF0F0, 0x7D196464, 0x7EE59B9B, 0x91871616,
+    0x734E3D3D, 0x08AAA2A2, 0xC869A1A1, 0xC76AADAD, 0x85830606, 0x7AB0CACA,
+    0xB570C5C5, 0xF4659191, 0xB2D96B6B, 0xA7892E2E, 0x18FBE3E3, 0x47E8AFAF,
+    0x330F3C3C, 0x674A2D2D, 0xB071C1C1, 0x0E575959, 0xE99F7676, 0xE135D4D4,
+    0x661E7878, 0xB4249090, 0x360E3838, 0x265F7979, 0xEF628D8D, 0x38596161,
+    0x95D24747, 0x2AA08A8A, 0xB1259494, 0xAA228888, 0x8C7DF1F1, 0xD73BECEC,
+    0x05010404, 0xA5218484, 0x9879E1E1, 0x9B851E1E, 0x84D75353, 0x00000000,
+    0x5E471919, 0x0B565D5D, 0xE39D7E7E, 0x9FD04F4F, 0xBB279C9C, 0x1A534949,
+    0x7C4D3131, 0xEE36D8D8, 0x0A020808, 0x7BE49F9F, 0x20A28282, 0xD4C71313,
+    0xE8CB2323, 0xE69C7A7A, 0x42E9ABAB, 0x43BDFEFE, 0xA2882A2A, 0x9AD14B4B,
+    0x40410101, 0xDBC41F1F, 0xD838E0E0, 0x61B7D6D6, 0x2FA18E8E, 0x2BF4DFDF,
+    0x3AF1CBCB, 0xF6CD3B3B, 0x1DFAE7E7, 0xE5608585, 0x41155454, 0x25A38686,
+    0x60E38383, 0x16ACBABA, 0x295C7575, 0x34A69292, 0xF7996E6E, 0xE434D0D0,
+    0x721A6868, 0x01545555, 0x19AFB6B6, 0xDF914E4E, 0xFA32C8C8, 0xF030C0C0,
+    0x21F6D7D7, 0xBC8E3232, 0x75B3C6C6, 0x6FE08F8F, 0x691D7474, 0x2EF5DBDB,
+    0x6AE18B8B, 0x962EB8B8, 0x8A800A0A, 0xFE679999, 0xE2C92B2B, 0xE0618181,
+    0xC0C30303, 0x8D29A4A4, 0xAF238C8C, 0x07A9AEAE, 0x390D3434, 0x1F524D4D,
+    0x764F3939, 0xD36EBDBD, 0x81D65757, 0xB7D86F6F, 0xEB37DCDC, 0x51441515,
+    0xA6DD7B7B, 0x09FEF7F7, 0xB68C3A3A, 0x932FBCBC, 0x0F030C0C, 0x03FCFFFF,
+    0xC26BA9A9, 0xBA73C9C9, 0xD96CB5B5, 0xDC6DB1B1, 0x375A6D6D, 0x15504545,
+    0xB98F3636, 0x771B6C6C, 0x13ADBEBE, 0xDA904A4A, 0x57B9EEEE, 0xA9DE7777,
+    0x4CBEF2F2, 0x837EFDFD, 0x55114444, 0xBDDA6767, 0x2C5D7171, 0x45400505,
+    0x631F7C7C, 0x50104040, 0x325B6969, 0xB8DB6363, 0x220A2828, 0xC5C20707,
+    0xF531C4C4, 0xA88A2222, 0x31A79696, 0xF9CE3737, 0x977AEDED, 0x49BFF6F6,
+    0x992DB4B4, 0xA475D1D1, 0x90D34343, 0x5A124848, 0x58BAE2E2, 0x71E69797,
+    0x64B6D2D2, 0x70B2C2C2, 0xAD8B2626, 0xCD68A5A5, 0xCB955E5E, 0x624B2929,
+    0x3C0C3030, 0xCE945A5A, 0xAB76DDDD, 0x867FF9F9, 0xF1649595, 0x5DBBE6E6,
+    0x35F2C7C7, 0x2D092424, 0xD1C61717, 0xD66FB9B9, 0xDEC51B1B, 0x94861212,
+    0x78186060, 0x30F3C3C3, 0x897CF5F5, 0x5CEFB3B3, 0xD23AE8E8, 0xACDF7373,
+    0x794C3535, 0xA0208080, 0x9D78E5E5, 0x56EDBBBB, 0x235E7D7D, 0xC63EF8F8,
+    0x8BD45F5F, 0xE7C82F2F, 0xDD39E4E4, 0x68492121 };
+
+static ossl_inline uint32_t rotl(uint32_t a, uint8_t n)
+{
+    return (a << n) | (a >> (32 - n));
+}
+
+static ossl_inline uint32_t load_u32_be(const uint8_t *b, uint32_t n)
+{
+    return ((uint32_t)b[4 * n] << 24) |
+           ((uint32_t)b[4 * n + 1] << 16) |
+           ((uint32_t)b[4 * n + 2] << 8) |
+           ((uint32_t)b[4 * n + 3]);
+}
+
+static ossl_inline void store_u32_be(uint32_t v, uint8_t *b)
+{
+    b[0] = (uint8_t)(v >> 24);
+    b[1] = (uint8_t)(v >> 16);
+    b[2] = (uint8_t)(v >> 8);
+    b[3] = (uint8_t)(v);
+}
+
+static ossl_inline uint32_t SM4_T_slow(uint32_t X)
+{
+    uint32_t t = 0;
+
+    t |= ((uint32_t)SM4_S[(uint8_t)(X >> 24)]) << 24;
+    t |= ((uint32_t)SM4_S[(uint8_t)(X >> 16)]) << 16;
+    t |= ((uint32_t)SM4_S[(uint8_t)(X >> 8)]) << 8;
+    t |= SM4_S[(uint8_t)X];
+
+    /*
+     * L linear transform
+     */
+    return t ^ rotl(t, 2) ^ rotl(t, 10) ^ rotl(t, 18) ^ rotl(t, 24);
+}
+
+static ossl_inline uint32_t SM4_T(uint32_t X)
+{
+    return SM4_SBOX_T[(uint8_t)(X >> 24)] ^
+           rotl(SM4_SBOX_T[(uint8_t)(X >> 16)], 24) ^
+           rotl(SM4_SBOX_T[(uint8_t)(X >> 8)], 16) ^
+           rotl(SM4_SBOX_T[(uint8_t)X], 8);
+}
+
+int SM4_set_key(const uint8_t *key, SM4_KEY *ks)
+{
+    /*
+     * Family Key
+     */
+    static const uint32_t FK[4] =
+        { 0xa3b1bac6, 0x56aa3350, 0x677d9197, 0xb27022dc };
+
+    /*
+     * Constant Key
+     */
+    static const uint32_t CK[32] = {
+        0x00070E15, 0x1C232A31, 0x383F464D, 0x545B6269,
+        0x70777E85, 0x8C939AA1, 0xA8AFB6BD, 0xC4CBD2D9,
+        0xE0E7EEF5, 0xFC030A11, 0x181F262D, 0x343B4249,
+        0x50575E65, 0x6C737A81, 0x888F969D, 0xA4ABB2B9,
+        0xC0C7CED5, 0xDCE3EAF1, 0xF8FF060D, 0x141B2229,
+        0x30373E45, 0x4C535A61, 0x686F767D, 0x848B9299,
+        0xA0A7AEB5, 0xBCC3CAD1, 0xD8DFE6ED, 0xF4FB0209,
+        0x10171E25, 0x2C333A41, 0x484F565D, 0x646B7279
+    };
+
+    uint32_t K[4];
+    int i;
+
+    K[0] = load_u32_be(key, 0) ^ FK[0];
+    K[1] = load_u32_be(key, 1) ^ FK[1];
+    K[2] = load_u32_be(key, 2) ^ FK[2];
+    K[3] = load_u32_be(key, 3) ^ FK[3];
+
+    for (i = 0; i != SM4_KEY_SCHEDULE; ++i) {
+        uint32_t X = K[(i + 1) % 4] ^ K[(i + 2) % 4] ^ K[(i + 3) % 4] ^ CK[i];
+        uint32_t t = 0;
+
+        t |= ((uint32_t)SM4_S[(uint8_t)(X >> 24)]) << 24;
+        t |= ((uint32_t)SM4_S[(uint8_t)(X >> 16)]) << 16;
+        t |= ((uint32_t)SM4_S[(uint8_t)(X >> 8)]) << 8;
+        t |= SM4_S[(uint8_t)X];
+
+        t = t ^ rotl(t, 13) ^ rotl(t, 23);
+        K[i % 4] ^= t;
+        ks->rk[i] = K[i % 4];
+    }
+
+    return 1;
+}
+
+#define SM4_RNDS(k0, k1, k2, k3, F)          \
+      do {                                   \
+         B0 ^= F(B1 ^ B2 ^ B3 ^ ks->rk[k0]); \
+         B1 ^= F(B0 ^ B2 ^ B3 ^ ks->rk[k1]); \
+         B2 ^= F(B0 ^ B1 ^ B3 ^ ks->rk[k2]); \
+         B3 ^= F(B0 ^ B1 ^ B2 ^ ks->rk[k3]); \
+      } while(0)
+
+void SM4_encrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks)
+{
+    uint32_t B0 = load_u32_be(in, 0);
+    uint32_t B1 = load_u32_be(in, 1);
+    uint32_t B2 = load_u32_be(in, 2);
+    uint32_t B3 = load_u32_be(in, 3);
+
+    /*
+     * Uses byte-wise sbox in the first and last rounds to provide some
+     * protection from cache based side channels.
+     */
+    SM4_RNDS( 0,  1,  2,  3, SM4_T_slow);
+    SM4_RNDS( 4,  5,  6,  7, SM4_T);
+    SM4_RNDS( 8,  9, 10, 11, SM4_T);
+    SM4_RNDS(12, 13, 14, 15, SM4_T);
+    SM4_RNDS(16, 17, 18, 19, SM4_T);
+    SM4_RNDS(20, 21, 22, 23, SM4_T);
+    SM4_RNDS(24, 25, 26, 27, SM4_T);
+    SM4_RNDS(28, 29, 30, 31, SM4_T_slow);
+
+    store_u32_be(B3, out);
+    store_u32_be(B2, out + 4);
+    store_u32_be(B1, out + 8);
+    store_u32_be(B0, out + 12);
+}
+
+void SM4_decrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks)
+{
+    uint32_t B0 = load_u32_be(in, 0);
+    uint32_t B1 = load_u32_be(in, 1);
+    uint32_t B2 = load_u32_be(in, 2);
+    uint32_t B3 = load_u32_be(in, 3);
+
+    SM4_RNDS(31, 30, 29, 28, SM4_T_slow);
+    SM4_RNDS(27, 26, 25, 24, SM4_T);
+    SM4_RNDS(23, 22, 21, 20, SM4_T);
+    SM4_RNDS(19, 18, 17, 16, SM4_T);
+    SM4_RNDS(15, 14, 13, 12, SM4_T);
+    SM4_RNDS(11, 10,  9,  8, SM4_T);
+    SM4_RNDS( 7,  6,  5,  4, SM4_T);
+    SM4_RNDS( 3,  2,  1,  0, SM4_T_slow);
+
+    store_u32_be(B3, out);
+    store_u32_be(B2, out + 4);
+    store_u32_be(B1, out + 8);
+    store_u32_be(B0, out + 12);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sparc_arch.h b/trunk/3rdparty/openssl-1.1-fit/crypto/sparc_arch.h
new file mode 100644
index 000000000..99eafb331
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sparc_arch.h
@@ -0,0 +1,118 @@
+/*
+ * Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef __SPARC_ARCH_H__
+# define __SPARC_ARCH_H__
+
+# define SPARCV9_TICK_PRIVILEGED (1<<0)
+# define SPARCV9_PREFER_FPU      (1<<1)
+# define SPARCV9_VIS1            (1<<2)
+# define SPARCV9_VIS2            (1<<3)/* reserved */
+# define SPARCV9_FMADD           (1<<4)
+# define SPARCV9_BLK             (1<<5)/* VIS1 block copy */
+# define SPARCV9_VIS3            (1<<6)
+# define SPARCV9_RANDOM          (1<<7)
+# define SPARCV9_64BIT_STACK     (1<<8)
+# define SPARCV9_FJAESX          (1<<9)/* Fujitsu SPARC64 X AES */
+# define SPARCV9_FJDESX          (1<<10)/* Fujitsu SPARC64 X DES, reserved */
+# define SPARCV9_FJHPCACE        (1<<11)/* Fujitsu HPC-ACE, reserved */
+# define SPARCV9_IMA             (1<<13)/* reserved */
+# define SPARCV9_VIS4            (1<<14)/* reserved */
+
+/*
+ * OPENSSL_sparcv9cap_P[1] is copy of Compatibility Feature Register,
+ * %asr26, SPARC-T4 and later. There is no SPARCV9_CFR bit in
+ * OPENSSL_sparcv9cap_P[0], as %cfr copy is sufficient...
+ */
+# define CFR_AES         0x00000001/* Supports AES opcodes */
+# define CFR_DES         0x00000002/* Supports DES opcodes */
+# define CFR_KASUMI      0x00000004/* Supports KASUMI opcodes */
+# define CFR_CAMELLIA    0x00000008/* Supports CAMELLIA opcodes */
+# define CFR_MD5         0x00000010/* Supports MD5 opcodes */
+# define CFR_SHA1        0x00000020/* Supports SHA1 opcodes */
+# define CFR_SHA256      0x00000040/* Supports SHA256 opcodes */
+# define CFR_SHA512      0x00000080/* Supports SHA512 opcodes */
+# define CFR_MPMUL       0x00000100/* Supports MPMUL opcodes */
+# define CFR_MONTMUL     0x00000200/* Supports MONTMUL opcodes */
+# define CFR_MONTSQR     0x00000400/* Supports MONTSQR opcodes */
+# define CFR_CRC32C      0x00000800/* Supports CRC32C opcodes */
+# define CFR_XMPMUL      0x00001000/* Supports XMPMUL opcodes */
+# define CFR_XMONTMUL    0x00002000/* Supports XMONTMUL opcodes */
+# define CFR_XMONTSQR    0x00004000/* Supports XMONTSQR opcodes */
+
+# if defined(OPENSSL_PIC) && !defined(__PIC__)
+#  define __PIC__
+# endif
+
+# if defined(__SUNPRO_C) && defined(__sparcv9) && !defined(__arch64__)
+#  define __arch64__
+# endif
+
+# define SPARC_PIC_THUNK(reg)    \
+        .align  32;             \
+.Lpic_thunk:                    \
+        jmp     %o7 + 8;        \
+         add    %o7, reg, reg;
+
+# define SPARC_PIC_THUNK_CALL(reg)                       \
+        sethi   %hi(_GLOBAL_OFFSET_TABLE_-4), reg;      \
+        call    .Lpic_thunk;                            \
+         or     reg, %lo(_GLOBAL_OFFSET_TABLE_+4), reg;
+
+# if 1
+#  define SPARC_SETUP_GOT_REG(reg)       SPARC_PIC_THUNK_CALL(reg)
+# else
+#  define SPARC_SETUP_GOT_REG(reg)       \
+        sethi   %hi(_GLOBAL_OFFSET_TABLE_-4), reg;      \
+        call    .+8;                                    \
+        or      reg,%lo(_GLOBAL_OFFSET_TABLE_+4), reg;  \
+        add     %o7, reg, reg
+# endif
+
+# if defined(__arch64__)
+
+#  define SPARC_LOAD_ADDRESS(SYM, reg)   \
+        setx    SYM, %o7, reg;
+#  define LDPTR          ldx
+#  define SIZE_T_CC      %xcc
+#  define STACK_FRAME    192
+#  define STACK_BIAS     2047
+#  define STACK_7thARG   (STACK_BIAS+176)
+
+# else
+
+#  define SPARC_LOAD_ADDRESS(SYM, reg)   \
+        set     SYM, reg;
+#  define LDPTR          ld
+#  define SIZE_T_CC      %icc
+#  define STACK_FRAME    112
+#  define STACK_BIAS     0
+#  define STACK_7thARG   92
+#  define SPARC_LOAD_ADDRESS_LEAF(SYM,reg,tmp) SPARC_LOAD_ADDRESS(SYM,reg)
+
+# endif
+
+# ifdef __PIC__
+#  undef SPARC_LOAD_ADDRESS
+#  undef SPARC_LOAD_ADDRESS_LEAF
+#  define SPARC_LOAD_ADDRESS(SYM, reg)   \
+        SPARC_SETUP_GOT_REG(reg);       \
+        sethi   %hi(SYM), %o7;          \
+        or      %o7, %lo(SYM), %o7;     \
+        LDPTR   [reg + %o7], reg;
+# endif
+
+# ifndef SPARC_LOAD_ADDRESS_LEAF
+#  define SPARC_LOAD_ADDRESS_LEAF(SYM, reg, tmp) \
+        mov     %o7, tmp;                       \
+        SPARC_LOAD_ADDRESS(SYM, reg)            \
+        mov     tmp, %o7;
+# endif
+
+#endif                          /* __SPARC_ARCH_H__ */
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sparccpuid.S b/trunk/3rdparty/openssl-1.1-fit/crypto/sparccpuid.S
new file mode 100644
index 000000000..95acd2f9d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sparccpuid.S
@@ -0,0 +1,578 @@
+! Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+!
+! Licensed under the OpenSSL license (the "License").  You may not use
+! this file except in compliance with the License.  You can obtain a copy
+! in the file LICENSE in the source distribution or at
+! https://www.openssl.org/source/license.html
+
+#if defined(__SUNPRO_C) && defined(__sparcv9)
+# define ABI64  /* They've said -xarch=v9 at command line */
+#elif defined(__GNUC__) && defined(__arch64__)
+# define ABI64  /* They've said -m64 at command line */
+#endif
+
+#ifdef ABI64
+  .register	%g2,#scratch
+  .register	%g3,#scratch
+# define	FRAME	-192
+# define	BIAS	2047
+#else
+# define	FRAME	-96
+# define	BIAS	0
+#endif
+
+.text
+.align	32
+.global	OPENSSL_wipe_cpu
+.type	OPENSSL_wipe_cpu,#function
+! Keep in mind that this does not excuse us from wiping the stack!
+! This routine wipes registers, but not the backing store [which
+! resides on the stack, toward lower addresses]. To facilitate for
+! stack wiping I return pointer to the top of stack of the *caller*.
+OPENSSL_wipe_cpu:
+	save	%sp,FRAME,%sp
+	nop
+#ifdef __sun
+#include <sys/trap.h>
+	ta	ST_CLEAN_WINDOWS
+#else
+	call	.walk.reg.wins
+#endif
+	nop
+	call	.PIC.zero.up
+	mov	.zero-(.-4),%o0
+	ld	[%o0],%f0
+	ld	[%o0],%f1
+
+	subcc	%g0,1,%o0
+	! Following is V9 "rd %ccr,%o0" instruction. However! V8
+	! specification says that it ("rd %asr2,%o0" in V8 terms) does
+	! not cause illegal_instruction trap. It therefore can be used
+	! to determine if the CPU the code is executing on is V8- or
+	! V9-compliant, as V9 returns a distinct value of 0x99,
+	! "negative" and "borrow" bits set in both %icc and %xcc.
+	.word	0x91408000	!rd	%ccr,%o0
+	cmp	%o0,0x99
+	bne	.v8
+	nop
+			! Even though we do not use %fp register bank,
+			! we wipe it as memcpy might have used it...
+			.word	0xbfa00040	!fmovd	%f0,%f62
+			.word	0xbba00040	!...
+			.word	0xb7a00040
+			.word	0xb3a00040
+			.word	0xafa00040
+			.word	0xaba00040
+			.word	0xa7a00040
+			.word	0xa3a00040
+			.word	0x9fa00040
+			.word	0x9ba00040
+			.word	0x97a00040
+			.word	0x93a00040
+			.word	0x8fa00040
+			.word	0x8ba00040
+			.word	0x87a00040
+			.word	0x83a00040	!fmovd	%f0,%f32
+.v8:			fmovs	%f1,%f31
+	clr	%o0
+			fmovs	%f0,%f30
+	clr	%o1
+			fmovs	%f1,%f29
+	clr	%o2
+			fmovs	%f0,%f28
+	clr	%o3
+			fmovs	%f1,%f27
+	clr	%o4
+			fmovs	%f0,%f26
+	clr	%o5
+			fmovs	%f1,%f25
+	clr	%o7
+			fmovs	%f0,%f24
+	clr	%l0
+			fmovs	%f1,%f23
+	clr	%l1
+			fmovs	%f0,%f22
+	clr	%l2
+			fmovs	%f1,%f21
+	clr	%l3
+			fmovs	%f0,%f20
+	clr	%l4
+			fmovs	%f1,%f19
+	clr	%l5
+			fmovs	%f0,%f18
+	clr	%l6
+			fmovs	%f1,%f17
+	clr	%l7
+			fmovs	%f0,%f16
+	clr	%i0
+			fmovs	%f1,%f15
+	clr	%i1
+			fmovs	%f0,%f14
+	clr	%i2
+			fmovs	%f1,%f13
+	clr	%i3
+			fmovs	%f0,%f12
+	clr	%i4
+			fmovs	%f1,%f11
+	clr	%i5
+			fmovs	%f0,%f10
+	clr	%g1
+			fmovs	%f1,%f9
+	clr	%g2
+			fmovs	%f0,%f8
+	clr	%g3
+			fmovs	%f1,%f7
+	clr	%g4
+			fmovs	%f0,%f6
+	clr	%g5
+			fmovs	%f1,%f5
+			fmovs	%f0,%f4
+			fmovs	%f1,%f3
+			fmovs	%f0,%f2
+
+	add	%fp,BIAS,%i0	! return pointer to caller´s top of stack
+
+	ret
+	restore
+
+.zero:	.long	0x0,0x0
+.PIC.zero.up:
+	retl
+	add	%o0,%o7,%o0
+#ifdef DEBUG
+.global	walk_reg_wins
+.type	walk_reg_wins,#function
+walk_reg_wins:
+#endif
+.walk.reg.wins:
+	save	%sp,FRAME,%sp
+	cmp	%i7,%o7
+	be	2f
+	clr	%o0
+	cmp	%o7,0	! compiler never cleans %o7...
+	be	1f	! could have been a leaf function...
+	clr	%o1
+	call	.walk.reg.wins
+	nop
+1:	clr	%o2
+	clr	%o3
+	clr	%o4
+	clr	%o5
+	clr	%o7
+	clr	%l0
+	clr	%l1
+	clr	%l2
+	clr	%l3
+	clr	%l4
+	clr	%l5
+	clr	%l6
+	clr	%l7
+	add	%o0,1,%i0	! used for debugging
+2:	ret
+	restore
+.size	OPENSSL_wipe_cpu,.-OPENSSL_wipe_cpu
+
+.global	OPENSSL_atomic_add
+.type	OPENSSL_atomic_add,#function
+.align	32
+OPENSSL_atomic_add:
+#ifndef ABI64
+	subcc	%g0,1,%o2
+	.word	0x95408000	!rd	%ccr,%o2, see comment above
+	cmp	%o2,0x99
+	be	.v9
+	nop
+	save	%sp,FRAME,%sp
+	ba	.enter
+	nop
+#ifdef __sun
+! Note that you do not have to link with libthread to call thr_yield,
+! as libc provides a stub, which is overloaded the moment you link
+! with *either* libpthread or libthread...
+#define	YIELD_CPU	thr_yield
+#else
+! applies at least to Linux and FreeBSD... Feedback expected...
+#define	YIELD_CPU	sched_yield
+#endif
+.spin:	call	YIELD_CPU
+	nop
+.enter:	ld	[%i0],%i2
+	cmp	%i2,-4096
+	be	.spin
+	mov	-1,%i2
+	swap	[%i0],%i2
+	cmp	%i2,-1
+	be	.spin
+	add	%i2,%i1,%i2
+	stbar
+	st	%i2,[%i0]
+	sra	%i2,%g0,%i0
+	ret
+	restore
+.v9:
+#endif
+	ld	[%o0],%o2
+1:	add	%o1,%o2,%o3
+	.word	0xd7e2100a	!cas [%o0],%o2,%o3, compare [%o0] with %o2 and swap %o3
+	cmp	%o2,%o3
+	bne	1b
+	mov	%o3,%o2		! cas is always fetching to dest. register
+	add	%o1,%o2,%o0	! OpenSSL expects the new value
+	retl
+	sra	%o0,%g0,%o0	! we return signed int, remember?
+.size	OPENSSL_atomic_add,.-OPENSSL_atomic_add
+
+.global	_sparcv9_rdtick
+.align	32
+_sparcv9_rdtick:
+	subcc	%g0,1,%o0
+	.word	0x91408000	!rd	%ccr,%o0
+	cmp	%o0,0x99
+	bne	.notick
+	xor	%o0,%o0,%o0
+	.word	0x91410000	!rd	%tick,%o0
+	retl
+	.word	0x93323020	!srlx	%o0,32,%o1
+.notick:
+	retl
+	xor	%o1,%o1,%o1
+.type	_sparcv9_rdtick,#function
+.size	_sparcv9_rdtick,.-_sparcv9_rdtick
+
+.global	_sparcv9_vis1_probe
+.align	8
+_sparcv9_vis1_probe:
+	add	%sp,BIAS+2,%o1
+	.word	0xc19a5a40	!ldda	[%o1]ASI_FP16_P,%f0
+	retl
+	.word	0x81b00d80	!fxor	%f0,%f0,%f0
+.type	_sparcv9_vis1_probe,#function
+.size	_sparcv9_vis1_probe,.-_sparcv9_vis1_probe
+
+! Probe and instrument VIS1 instruction. Output is number of cycles it
+! takes to execute rdtick and pair of VIS1 instructions. US-Tx VIS unit
+! is slow (documented to be 6 cycles on T2) and the core is in-order
+! single-issue, it should be possible to distinguish Tx reliably...
+! Observed return values are:
+!
+!	UltraSPARC IIe		7
+!	UltraSPARC III		7
+!	UltraSPARC T1		24
+!	SPARC T4		65(*)
+!
+! (*)	result has lesser to do with VIS instruction latencies, rdtick
+!	appears that slow, but it does the trick in sense that FP and
+!	VIS code paths are still slower than integer-only ones.
+!
+! Numbers for T2 and SPARC64 V-VII are more than welcomed.
+!
+! It would be possible to detect specifically US-T1 by instrumenting
+! fmul8ulx16, which is emulated on T1 and as such accounts for quite
+! a lot of %tick-s, couple of thousand on Linux...
+.global	_sparcv9_vis1_instrument
+.align	8
+_sparcv9_vis1_instrument:
+	.word	0x81b00d80	!fxor	%f0,%f0,%f0
+	.word	0x85b08d82	!fxor	%f2,%f2,%f2
+	.word	0x91410000	!rd	%tick,%o0
+	.word	0x81b00d80	!fxor	%f0,%f0,%f0
+	.word	0x85b08d82	!fxor	%f2,%f2,%f2
+	.word	0x93410000	!rd	%tick,%o1
+	.word	0x81b00d80	!fxor	%f0,%f0,%f0
+	.word	0x85b08d82	!fxor	%f2,%f2,%f2
+	.word	0x95410000	!rd	%tick,%o2
+	.word	0x81b00d80	!fxor	%f0,%f0,%f0
+	.word	0x85b08d82	!fxor	%f2,%f2,%f2
+	.word	0x97410000	!rd	%tick,%o3
+	.word	0x81b00d80	!fxor	%f0,%f0,%f0
+	.word	0x85b08d82	!fxor	%f2,%f2,%f2
+	.word	0x99410000	!rd	%tick,%o4
+
+	! calculate intervals
+	sub	%o1,%o0,%o0
+	sub	%o2,%o1,%o1
+	sub	%o3,%o2,%o2
+	sub	%o4,%o3,%o3
+
+	! find minimum value
+	cmp	%o0,%o1
+	.word	0x38680002	!bgu,a	%xcc,.+8
+	mov	%o1,%o0
+	cmp	%o0,%o2
+	.word	0x38680002	!bgu,a	%xcc,.+8
+	mov	%o2,%o0
+	cmp	%o0,%o3
+	.word	0x38680002	!bgu,a	%xcc,.+8
+	mov	%o3,%o0
+
+	retl
+	nop
+.type	_sparcv9_vis1_instrument,#function
+.size	_sparcv9_vis1_instrument,.-_sparcv9_vis1_instrument
+
+.global	_sparcv9_vis2_probe
+.align	8
+_sparcv9_vis2_probe:
+	retl
+	.word	0x81b00980	!bshuffle	%f0,%f0,%f0
+.type	_sparcv9_vis2_probe,#function
+.size	_sparcv9_vis2_probe,.-_sparcv9_vis2_probe
+
+.global	_sparcv9_fmadd_probe
+.align	8
+_sparcv9_fmadd_probe:
+	.word	0x81b00d80	!fxor	%f0,%f0,%f0
+	.word	0x85b08d82	!fxor	%f2,%f2,%f2
+	retl
+	.word	0x81b80440	!fmaddd	%f0,%f0,%f2,%f0
+.type	_sparcv9_fmadd_probe,#function
+.size	_sparcv9_fmadd_probe,.-_sparcv9_fmadd_probe
+
+.global	_sparcv9_rdcfr
+.align	8
+_sparcv9_rdcfr:
+	retl
+	.word	0x91468000	!rd	%asr26,%o0
+.type	_sparcv9_rdcfr,#function
+.size	_sparcv9_rdcfr,.-_sparcv9_rdcfr
+
+.global	_sparcv9_vis3_probe
+.align	8
+_sparcv9_vis3_probe:
+	retl
+	.word	0x81b022a0	!xmulx	%g0,%g0,%g0
+.type	_sparcv9_vis3_probe,#function
+.size	_sparcv9_vis3_probe,.-_sparcv9_vis3_probe
+
+.global	_sparcv9_random
+.align	8
+_sparcv9_random:
+	retl
+	.word	0x91b002a0	!random	%o0
+.type	_sparcv9_random,#function
+.size	_sparcv9_random,.-_sparcv9_vis3_probe
+
+.global	_sparcv9_fjaesx_probe
+.align	8
+_sparcv9_fjaesx_probe:
+	.word	0x81b09206	!faesencx %f2,%f6,%f0
+	retl
+	nop
+.size	_sparcv9_fjaesx_probe,.-_sparcv9_fjaesx_probe
+
+.global	OPENSSL_cleanse
+.align	32
+OPENSSL_cleanse:
+	cmp	%o1,14
+	nop
+#ifdef ABI64
+	bgu	%xcc,.Lot
+#else
+	bgu	.Lot
+#endif
+	cmp	%o1,0
+	bne	.Little
+	nop
+	retl
+	nop
+
+.Little:
+	stb	%g0,[%o0]
+	subcc	%o1,1,%o1
+	bnz	.Little
+	add	%o0,1,%o0
+	retl
+	nop
+.align	32
+.Lot:
+#ifndef ABI64
+	subcc	%g0,1,%g1
+	! see above for explanation
+	.word	0x83408000	!rd	%ccr,%g1
+	cmp	%g1,0x99
+	bne	.v8lot
+	nop
+#endif
+
+.v9lot:	andcc	%o0,7,%g0
+	bz	.v9aligned
+	nop
+	stb	%g0,[%o0]
+	sub	%o1,1,%o1
+	ba	.v9lot
+	add	%o0,1,%o0
+.align	16,0x01000000
+.v9aligned:
+	.word	0xc0720000	!stx	%g0,[%o0]
+	sub	%o1,8,%o1
+	andcc	%o1,-8,%g0
+#ifdef ABI64
+	.word	0x126ffffd	!bnz	%xcc,.v9aligned
+#else
+	.word	0x124ffffd	!bnz	%icc,.v9aligned
+#endif
+	add	%o0,8,%o0
+
+	cmp	%o1,0
+	bne	.Little
+	nop
+	retl
+	nop
+#ifndef ABI64
+.v8lot:	andcc	%o0,3,%g0
+	bz	.v8aligned
+	nop
+	stb	%g0,[%o0]
+	sub	%o1,1,%o1
+	ba	.v8lot
+	add	%o0,1,%o0
+	nop
+.v8aligned:
+	st	%g0,[%o0]
+	sub	%o1,4,%o1
+	andcc	%o1,-4,%g0
+	bnz	.v8aligned
+	add	%o0,4,%o0
+
+	cmp	%o1,0
+	bne	.Little
+	nop
+	retl
+	nop
+#endif
+.type	OPENSSL_cleanse,#function
+.size	OPENSSL_cleanse,.-OPENSSL_cleanse
+
+.global	CRYPTO_memcmp
+.align	16
+CRYPTO_memcmp:
+	cmp	%o2,0
+#ifdef ABI64
+	beq,pn	%xcc,.Lno_data
+#else
+	beq	.Lno_data
+#endif
+	xor	%g1,%g1,%g1
+	nop
+
+.Loop_cmp:
+	ldub	[%o0],%o3
+	add	%o0,1,%o0
+	ldub	[%o1],%o4
+	add	%o1,1,%o1
+	subcc	%o2,1,%o2
+	xor	%o3,%o4,%o4
+#ifdef ABI64
+	bnz	%xcc,.Loop_cmp
+#else
+	bnz	.Loop_cmp
+#endif
+	or	%o4,%g1,%g1
+
+	sub	%g0,%g1,%g1
+	srl	%g1,31,%g1
+.Lno_data:
+	retl
+	mov	%g1,%o0
+.type	CRYPTO_memcmp,#function
+.size	CRYPTO_memcmp,.-CRYPTO_memcmp
+
+.global	_sparcv9_vis1_instrument_bus
+.align	8
+_sparcv9_vis1_instrument_bus:
+	mov	%o1,%o3					! save cnt
+	.word	0x99410000	!rd	%tick,%o4	! tick
+	mov	%o4,%o5					! lasttick = tick
+	set	0,%g4					! diff
+
+	andn	%o0,63,%g1
+	.word	0xc1985e00	!ldda	[%g1]0xf0,%f0	! block load
+	.word	0x8143e040	!membar	#Sync
+	.word	0xc1b85c00	!stda	%f0,[%g1]0xe0	! block store and commit
+	.word	0x8143e040	!membar	#Sync
+	ld	[%o0],%o4
+	add	%o4,%g4,%g4
+	.word	0xc9e2100c	!cas	[%o0],%o4,%g4
+
+.Loop:	.word	0x99410000	!rd	%tick,%o4
+	sub	%o4,%o5,%g4				! diff=tick-lasttick
+	mov	%o4,%o5					! lasttick=tick
+
+	andn	%o0,63,%g1
+	.word	0xc1985e00	!ldda	[%g1]0xf0,%f0	! block load
+	.word	0x8143e040	!membar	#Sync
+	.word	0xc1b85c00	!stda	%f0,[%g1]0xe0	! block store and commit
+	.word	0x8143e040	!membar	#Sync
+	ld	[%o0],%o4
+	add	%o4,%g4,%g4
+	.word	0xc9e2100c	!cas	[%o0],%o4,%g4
+	subcc	%o1,1,%o1				! --$cnt
+	bnz	.Loop
+	add	%o0,4,%o0				! ++$out
+
+	retl
+	mov	%o3,%o0
+.type	_sparcv9_vis1_instrument_bus,#function
+.size	_sparcv9_vis1_instrument_bus,.-_sparcv9_vis1_instrument_bus
+
+.global	_sparcv9_vis1_instrument_bus2
+.align	8
+_sparcv9_vis1_instrument_bus2:
+	mov	%o1,%o3					! save cnt
+	sll	%o1,2,%o1				! cnt*=4
+
+	.word	0x99410000	!rd	%tick,%o4	! tick
+	mov	%o4,%o5					! lasttick = tick
+	set	0,%g4					! diff
+
+	andn	%o0,63,%g1
+	.word	0xc1985e00	!ldda	[%g1]0xf0,%f0	! block load
+	.word	0x8143e040	!membar	#Sync
+	.word	0xc1b85c00	!stda	%f0,[%g1]0xe0	! block store and commit
+	.word	0x8143e040	!membar	#Sync
+	ld	[%o0],%o4
+	add	%o4,%g4,%g4
+	.word	0xc9e2100c	!cas	[%o0],%o4,%g4
+
+	.word	0x99410000	!rd	%tick,%o4	! tick
+	sub	%o4,%o5,%g4				! diff=tick-lasttick
+	mov	%o4,%o5					! lasttick=tick
+	mov	%g4,%g5					! lastdiff=diff
+.Loop2:
+	andn	%o0,63,%g1
+	.word	0xc1985e00	!ldda	[%g1]0xf0,%f0	! block load
+	.word	0x8143e040	!membar	#Sync
+	.word	0xc1b85c00	!stda	%f0,[%g1]0xe0	! block store and commit
+	.word	0x8143e040	!membar	#Sync
+	ld	[%o0],%o4
+	add	%o4,%g4,%g4
+	.word	0xc9e2100c	!cas	[%o0],%o4,%g4
+
+	subcc	%o2,1,%o2				! --max
+	bz	.Ldone2
+	nop
+
+	.word	0x99410000	!rd	%tick,%o4	! tick
+	sub	%o4,%o5,%g4				! diff=tick-lasttick
+	mov	%o4,%o5					! lasttick=tick
+	cmp	%g4,%g5
+	mov	%g4,%g5					! lastdiff=diff
+
+	.word	0x83408000	!rd	%ccr,%g1
+	and	%g1,4,%g1				! isolate zero flag
+	xor	%g1,4,%g1				! flip zero flag
+
+	subcc	%o1,%g1,%o1				! conditional --$cnt
+	bnz	.Loop2
+	add	%o0,%g1,%o0				! conditional ++$out
+
+.Ldone2:
+	srl	%o1,2,%o1
+	retl
+	sub	%o3,%o1,%o0
+.type	_sparcv9_vis1_instrument_bus2,#function
+.size	_sparcv9_vis1_instrument_bus2,.-_sparcv9_vis1_instrument_bus2
+
+.section	".init",#alloc,#execinstr
+	call	OPENSSL_cpuid_setup
+	nop
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sparcv9cap.c b/trunk/3rdparty/openssl-1.1-fit/crypto/sparcv9cap.c
new file mode 100644
index 000000000..c8c567536
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sparcv9cap.c
@@ -0,0 +1,295 @@
+/*
+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <setjmp.h>
+#include <signal.h>
+#include <sys/time.h>
+#include <unistd.h>
+#include <openssl/bn.h>
+#include "internal/cryptlib.h"
+
+#include "sparc_arch.h"
+
+#if defined(__GNUC__) && defined(__linux)
+__attribute__ ((visibility("hidden")))
+#endif
+unsigned int OPENSSL_sparcv9cap_P[2] = { SPARCV9_TICK_PRIVILEGED, 0 };
+
+int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                const BN_ULONG *np, const BN_ULONG *n0, int num)
+{
+    int bn_mul_mont_vis3(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                         const BN_ULONG *np, const BN_ULONG *n0, int num);
+    int bn_mul_mont_fpu(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                        const BN_ULONG *np, const BN_ULONG *n0, int num);
+    int bn_mul_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                        const BN_ULONG *np, const BN_ULONG *n0, int num);
+
+    if (!(num & 1) && num >= 6) {
+        if ((num & 15) == 0 && num <= 64 &&
+            (OPENSSL_sparcv9cap_P[1] & (CFR_MONTMUL | CFR_MONTSQR)) ==
+            (CFR_MONTMUL | CFR_MONTSQR)) {
+            typedef int (*bn_mul_mont_f) (BN_ULONG *rp, const BN_ULONG *ap,
+                                          const BN_ULONG *bp,
+                                          const BN_ULONG *np,
+                                          const BN_ULONG *n0);
+            int bn_mul_mont_t4_8(BN_ULONG *rp, const BN_ULONG *ap,
+                                 const BN_ULONG *bp, const BN_ULONG *np,
+                                 const BN_ULONG *n0);
+            int bn_mul_mont_t4_16(BN_ULONG *rp, const BN_ULONG *ap,
+                                  const BN_ULONG *bp, const BN_ULONG *np,
+                                  const BN_ULONG *n0);
+            int bn_mul_mont_t4_24(BN_ULONG *rp, const BN_ULONG *ap,
+                                  const BN_ULONG *bp, const BN_ULONG *np,
+                                  const BN_ULONG *n0);
+            int bn_mul_mont_t4_32(BN_ULONG *rp, const BN_ULONG *ap,
+                                  const BN_ULONG *bp, const BN_ULONG *np,
+                                  const BN_ULONG *n0);
+            static const bn_mul_mont_f funcs[4] = {
+                bn_mul_mont_t4_8, bn_mul_mont_t4_16,
+                bn_mul_mont_t4_24, bn_mul_mont_t4_32
+            };
+            bn_mul_mont_f worker = funcs[num / 16 - 1];
+
+            if ((*worker) (rp, ap, bp, np, n0))
+                return 1;
+            /* retry once and fall back */
+            if ((*worker) (rp, ap, bp, np, n0))
+                return 1;
+            return bn_mul_mont_vis3(rp, ap, bp, np, n0, num);
+        }
+        if ((OPENSSL_sparcv9cap_P[0] & SPARCV9_VIS3))
+            return bn_mul_mont_vis3(rp, ap, bp, np, n0, num);
+        else if (num >= 8 &&
+                 /*
+                  * bn_mul_mont_fpu doesn't use FMADD, we just use the
+                  * flag to detect when FPU path is preferable in cases
+                  * when current heuristics is unreliable. [it works
+                  * out because FMADD-capable processors where FPU
+                  * code path is undesirable are also VIS3-capable and
+                  * VIS3 code path takes precedence.]
+                  */
+                 ( (OPENSSL_sparcv9cap_P[0] & SPARCV9_FMADD) ||
+                   (OPENSSL_sparcv9cap_P[0] &
+                    (SPARCV9_PREFER_FPU | SPARCV9_VIS1)) ==
+                   (SPARCV9_PREFER_FPU | SPARCV9_VIS1) ))
+            return bn_mul_mont_fpu(rp, ap, bp, np, n0, num);
+    }
+    return bn_mul_mont_int(rp, ap, bp, np, n0, num);
+}
+
+unsigned long _sparcv9_rdtick(void);
+void _sparcv9_vis1_probe(void);
+unsigned long _sparcv9_vis1_instrument(void);
+void _sparcv9_vis2_probe(void);
+void _sparcv9_fmadd_probe(void);
+unsigned long _sparcv9_rdcfr(void);
+void _sparcv9_vis3_probe(void);
+void _sparcv9_fjaesx_probe(void);
+unsigned long _sparcv9_random(void);
+size_t _sparcv9_vis1_instrument_bus(unsigned int *, size_t);
+size_t _sparcv9_vis1_instrument_bus2(unsigned int *, size_t, size_t);
+
+uint32_t OPENSSL_rdtsc(void)
+{
+    if (OPENSSL_sparcv9cap_P[0] & SPARCV9_TICK_PRIVILEGED)
+#if defined(__sun) && defined(__SVR4)
+        return gethrtime();
+#else
+        return 0;
+#endif
+    else
+        return _sparcv9_rdtick();
+}
+
+size_t OPENSSL_instrument_bus(unsigned int *out, size_t cnt)
+{
+    if ((OPENSSL_sparcv9cap_P[0] & (SPARCV9_TICK_PRIVILEGED | SPARCV9_BLK)) ==
+        SPARCV9_BLK)
+        return _sparcv9_vis1_instrument_bus(out, cnt);
+    else
+        return 0;
+}
+
+size_t OPENSSL_instrument_bus2(unsigned int *out, size_t cnt, size_t max)
+{
+    if ((OPENSSL_sparcv9cap_P[0] & (SPARCV9_TICK_PRIVILEGED | SPARCV9_BLK)) ==
+        SPARCV9_BLK)
+        return _sparcv9_vis1_instrument_bus2(out, cnt, max);
+    else
+        return 0;
+}
+
+static sigjmp_buf common_jmp;
+static void common_handler(int sig)
+{
+    siglongjmp(common_jmp, sig);
+}
+
+#if defined(__sun) && defined(__SVR4)
+# if defined(__GNUC__) && __GNUC__>=2
+extern unsigned int getisax(unsigned int vec[], unsigned int sz) __attribute__ ((weak));
+# elif defined(__SUNPRO_C)
+#pragma weak getisax
+extern unsigned int getisax(unsigned int vec[], unsigned int sz);
+# else
+static unsigned int (*getisax) (unsigned int vec[], unsigned int sz) = NULL;
+# endif
+#endif
+
+void OPENSSL_cpuid_setup(void)
+{
+    char *e;
+    struct sigaction common_act, ill_oact, bus_oact;
+    sigset_t all_masked, oset;
+    static int trigger = 0;
+
+    if (trigger)
+        return;
+    trigger = 1;
+
+    if ((e = getenv("OPENSSL_sparcv9cap"))) {
+        OPENSSL_sparcv9cap_P[0] = strtoul(e, NULL, 0);
+        if ((e = strchr(e, ':')))
+            OPENSSL_sparcv9cap_P[1] = strtoul(e + 1, NULL, 0);
+        return;
+    }
+
+#if defined(__sun) && defined(__SVR4)
+    if (getisax != NULL) {
+        unsigned int vec[2] = { 0, 0 };
+
+        if (getisax (vec,2)) {
+            if (vec[0]&0x00020) OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS1;
+            if (vec[0]&0x00040) OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS2;
+            if (vec[0]&0x00080) OPENSSL_sparcv9cap_P[0] |= SPARCV9_BLK;
+            if (vec[0]&0x00100) OPENSSL_sparcv9cap_P[0] |= SPARCV9_FMADD;
+            if (vec[0]&0x00400) OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS3;
+            if (vec[0]&0x01000) OPENSSL_sparcv9cap_P[0] |= SPARCV9_FJHPCACE;
+            if (vec[0]&0x02000) OPENSSL_sparcv9cap_P[0] |= SPARCV9_FJDESX;
+            if (vec[0]&0x08000) OPENSSL_sparcv9cap_P[0] |= SPARCV9_IMA;
+            if (vec[0]&0x10000) OPENSSL_sparcv9cap_P[0] |= SPARCV9_FJAESX;
+            if (vec[1]&0x00008) OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS4;
+
+            /* reconstruct %cfr copy */
+            OPENSSL_sparcv9cap_P[1] = (vec[0]>>17)&0x3ff;
+            OPENSSL_sparcv9cap_P[1] |= (OPENSSL_sparcv9cap_P[1]&CFR_MONTMUL)<<1;
+            if (vec[0]&0x20000000) OPENSSL_sparcv9cap_P[1] |= CFR_CRC32C;
+            if (vec[1]&0x00000020) OPENSSL_sparcv9cap_P[1] |= CFR_XMPMUL;
+            if (vec[1]&0x00000040)
+                OPENSSL_sparcv9cap_P[1] |= CFR_XMONTMUL|CFR_XMONTSQR;
+
+            /* Some heuristics */
+            /* all known VIS2-capable CPUs have unprivileged tick counter */
+            if (OPENSSL_sparcv9cap_P[0]&SPARCV9_VIS2)
+                OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED;
+
+            OPENSSL_sparcv9cap_P[0] |= SPARCV9_PREFER_FPU;
+
+            /* detect UltraSPARC-Tx, see sparccpud.S for details... */
+            if ((OPENSSL_sparcv9cap_P[0]&SPARCV9_VIS1) &&
+                _sparcv9_vis1_instrument() >= 12)
+                OPENSSL_sparcv9cap_P[0] &= ~(SPARCV9_VIS1 | SPARCV9_PREFER_FPU);
+        }
+
+        if (sizeof(size_t) == 8)
+            OPENSSL_sparcv9cap_P[0] |= SPARCV9_64BIT_STACK;
+
+        return;
+    }
+#endif
+
+    /* Initial value, fits UltraSPARC-I&II... */
+    OPENSSL_sparcv9cap_P[0] = SPARCV9_PREFER_FPU | SPARCV9_TICK_PRIVILEGED;
+
+    sigfillset(&all_masked);
+    sigdelset(&all_masked, SIGILL);
+    sigdelset(&all_masked, SIGTRAP);
+# ifdef SIGEMT
+    sigdelset(&all_masked, SIGEMT);
+# endif
+    sigdelset(&all_masked, SIGFPE);
+    sigdelset(&all_masked, SIGBUS);
+    sigdelset(&all_masked, SIGSEGV);
+    sigprocmask(SIG_SETMASK, &all_masked, &oset);
+
+    memset(&common_act, 0, sizeof(common_act));
+    common_act.sa_handler = common_handler;
+    common_act.sa_mask = all_masked;
+
+    sigaction(SIGILL, &common_act, &ill_oact);
+    sigaction(SIGBUS, &common_act, &bus_oact); /* T1 fails 16-bit ldda [on
+                                                * Linux] */
+
+    if (sigsetjmp(common_jmp, 1) == 0) {
+        _sparcv9_rdtick();
+        OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED;
+    }
+
+    if (sigsetjmp(common_jmp, 1) == 0) {
+        _sparcv9_vis1_probe();
+        OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS1 | SPARCV9_BLK;
+        /* detect UltraSPARC-Tx, see sparccpud.S for details... */
+        if (_sparcv9_vis1_instrument() >= 12)
+            OPENSSL_sparcv9cap_P[0] &= ~(SPARCV9_VIS1 | SPARCV9_PREFER_FPU);
+        else {
+            _sparcv9_vis2_probe();
+            OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS2;
+        }
+    }
+
+    if (sigsetjmp(common_jmp, 1) == 0) {
+        _sparcv9_fmadd_probe();
+        OPENSSL_sparcv9cap_P[0] |= SPARCV9_FMADD;
+    }
+
+    /*
+     * VIS3 flag is tested independently from VIS1, unlike VIS2 that is,
+     * because VIS3 defines even integer instructions.
+     */
+    if (sigsetjmp(common_jmp, 1) == 0) {
+        _sparcv9_vis3_probe();
+        OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS3;
+    }
+
+    if (sigsetjmp(common_jmp, 1) == 0) {
+        _sparcv9_fjaesx_probe();
+        OPENSSL_sparcv9cap_P[0] |= SPARCV9_FJAESX;
+    }
+
+    /*
+     * In wait for better solution _sparcv9_rdcfr is masked by
+     * VIS3 flag, because it goes to uninterruptable endless
+     * loop on UltraSPARC II running Solaris. Things might be
+     * different on Linux...
+     */
+    if ((OPENSSL_sparcv9cap_P[0] & SPARCV9_VIS3) &&
+        sigsetjmp(common_jmp, 1) == 0) {
+        OPENSSL_sparcv9cap_P[1] = (unsigned int)_sparcv9_rdcfr();
+    }
+
+    sigaction(SIGBUS, &bus_oact, NULL);
+    sigaction(SIGILL, &ill_oact, NULL);
+
+    sigprocmask(SIG_SETMASK, &oset, NULL);
+
+    if (sizeof(size_t) == 8)
+        OPENSSL_sparcv9cap_P[0] |= SPARCV9_64BIT_STACK;
+# ifdef __linux
+    else {
+        int ret = syscall(340);
+
+        if (ret >= 0 && ret & 1)
+            OPENSSL_sparcv9cap_P[0] |= SPARCV9_64BIT_STACK;
+    }
+# endif
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/srp/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/srp/build.info
new file mode 100644
index 000000000..b6c7fe7ad
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/srp/build.info
@@ -0,0 +1,2 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=srp_lib.c srp_vfy.c
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/srp/srp_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/srp/srp_lib.c
new file mode 100644
index 000000000..ca20f6d09
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/srp/srp_lib.c
@@ -0,0 +1,286 @@
+/*
+ * Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2004, EdelKey Project. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Christophe Renou and Peter Sylvester,
+ * for the EdelKey project.
+ */
+
+#ifndef OPENSSL_NO_SRP
+# include "internal/cryptlib.h"
+# include <openssl/sha.h>
+# include <openssl/srp.h>
+# include <openssl/evp.h>
+# include "internal/bn_srp.h"
+
+/* calculate = SHA1(PAD(x) || PAD(y)) */
+
+static BIGNUM *srp_Calc_xy(const BIGNUM *x, const BIGNUM *y, const BIGNUM *N)
+{
+    unsigned char digest[SHA_DIGEST_LENGTH];
+    unsigned char *tmp = NULL;
+    int numN = BN_num_bytes(N);
+    BIGNUM *res = NULL;
+
+    if (x != N && BN_ucmp(x, N) >= 0)
+        return NULL;
+    if (y != N && BN_ucmp(y, N) >= 0)
+        return NULL;
+    if ((tmp = OPENSSL_malloc(numN * 2)) == NULL)
+        goto err;
+    if (BN_bn2binpad(x, tmp, numN) < 0
+        || BN_bn2binpad(y, tmp + numN, numN) < 0
+        || !EVP_Digest(tmp, numN * 2, digest, NULL, EVP_sha1(), NULL))
+        goto err;
+    res = BN_bin2bn(digest, sizeof(digest), NULL);
+ err:
+    OPENSSL_free(tmp);
+    return res;
+}
+
+static BIGNUM *srp_Calc_k(const BIGNUM *N, const BIGNUM *g)
+{
+    /* k = SHA1(N | PAD(g)) -- tls-srp draft 8 */
+    return srp_Calc_xy(N, g, N);
+}
+
+BIGNUM *SRP_Calc_u(const BIGNUM *A, const BIGNUM *B, const BIGNUM *N)
+{
+    /* k = SHA1(PAD(A) || PAD(B) ) -- tls-srp draft 8 */
+    return srp_Calc_xy(A, B, N);
+}
+
+BIGNUM *SRP_Calc_server_key(const BIGNUM *A, const BIGNUM *v, const BIGNUM *u,
+                            const BIGNUM *b, const BIGNUM *N)
+{
+    BIGNUM *tmp = NULL, *S = NULL;
+    BN_CTX *bn_ctx;
+
+    if (u == NULL || A == NULL || v == NULL || b == NULL || N == NULL)
+        return NULL;
+
+    if ((bn_ctx = BN_CTX_new()) == NULL || (tmp = BN_new()) == NULL)
+        goto err;
+
+    /* S = (A*v**u) ** b */
+
+    if (!BN_mod_exp(tmp, v, u, N, bn_ctx))
+        goto err;
+    if (!BN_mod_mul(tmp, A, tmp, N, bn_ctx))
+        goto err;
+
+    S = BN_new();
+    if (S != NULL && !BN_mod_exp(S, tmp, b, N, bn_ctx)) {
+        BN_free(S);
+        S = NULL;
+    }
+ err:
+    BN_CTX_free(bn_ctx);
+    BN_clear_free(tmp);
+    return S;
+}
+
+BIGNUM *SRP_Calc_B(const BIGNUM *b, const BIGNUM *N, const BIGNUM *g,
+                   const BIGNUM *v)
+{
+    BIGNUM *kv = NULL, *gb = NULL;
+    BIGNUM *B = NULL, *k = NULL;
+    BN_CTX *bn_ctx;
+
+    if (b == NULL || N == NULL || g == NULL || v == NULL ||
+        (bn_ctx = BN_CTX_new()) == NULL)
+        return NULL;
+
+    if ((kv = BN_new()) == NULL ||
+        (gb = BN_new()) == NULL || (B = BN_new()) == NULL)
+        goto err;
+
+    /* B = g**b + k*v */
+
+    if (!BN_mod_exp(gb, g, b, N, bn_ctx)
+        || (k = srp_Calc_k(N, g)) == NULL
+        || !BN_mod_mul(kv, v, k, N, bn_ctx)
+        || !BN_mod_add(B, gb, kv, N, bn_ctx)) {
+        BN_free(B);
+        B = NULL;
+    }
+ err:
+    BN_CTX_free(bn_ctx);
+    BN_clear_free(kv);
+    BN_clear_free(gb);
+    BN_free(k);
+    return B;
+}
+
+BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass)
+{
+    unsigned char dig[SHA_DIGEST_LENGTH];
+    EVP_MD_CTX *ctxt;
+    unsigned char *cs = NULL;
+    BIGNUM *res = NULL;
+
+    if ((s == NULL) || (user == NULL) || (pass == NULL))
+        return NULL;
+
+    ctxt = EVP_MD_CTX_new();
+    if (ctxt == NULL)
+        return NULL;
+    if ((cs = OPENSSL_malloc(BN_num_bytes(s))) == NULL)
+        goto err;
+
+    if (!EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL)
+        || !EVP_DigestUpdate(ctxt, user, strlen(user))
+        || !EVP_DigestUpdate(ctxt, ":", 1)
+        || !EVP_DigestUpdate(ctxt, pass, strlen(pass))
+        || !EVP_DigestFinal_ex(ctxt, dig, NULL)
+        || !EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL))
+        goto err;
+    if (BN_bn2bin(s, cs) < 0)
+        goto err;
+    if (!EVP_DigestUpdate(ctxt, cs, BN_num_bytes(s)))
+        goto err;
+
+    if (!EVP_DigestUpdate(ctxt, dig, sizeof(dig))
+        || !EVP_DigestFinal_ex(ctxt, dig, NULL))
+        goto err;
+
+    res = BN_bin2bn(dig, sizeof(dig), NULL);
+
+ err:
+    OPENSSL_free(cs);
+    EVP_MD_CTX_free(ctxt);
+    return res;
+}
+
+BIGNUM *SRP_Calc_A(const BIGNUM *a, const BIGNUM *N, const BIGNUM *g)
+{
+    BN_CTX *bn_ctx;
+    BIGNUM *A = NULL;
+
+    if (a == NULL || N == NULL || g == NULL || (bn_ctx = BN_CTX_new()) == NULL)
+        return NULL;
+
+    if ((A = BN_new()) != NULL && !BN_mod_exp(A, g, a, N, bn_ctx)) {
+        BN_free(A);
+        A = NULL;
+    }
+    BN_CTX_free(bn_ctx);
+    return A;
+}
+
+BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g,
+                            const BIGNUM *x, const BIGNUM *a, const BIGNUM *u)
+{
+    BIGNUM *tmp = NULL, *tmp2 = NULL, *tmp3 = NULL, *k = NULL, *K = NULL;
+    BN_CTX *bn_ctx;
+
+    if (u == NULL || B == NULL || N == NULL || g == NULL || x == NULL
+        || a == NULL || (bn_ctx = BN_CTX_new()) == NULL)
+        return NULL;
+
+    if ((tmp = BN_new()) == NULL ||
+        (tmp2 = BN_new()) == NULL ||
+        (tmp3 = BN_new()) == NULL)
+        goto err;
+
+    if (!BN_mod_exp(tmp, g, x, N, bn_ctx))
+        goto err;
+    if ((k = srp_Calc_k(N, g)) == NULL)
+        goto err;
+    if (!BN_mod_mul(tmp2, tmp, k, N, bn_ctx))
+        goto err;
+    if (!BN_mod_sub(tmp, B, tmp2, N, bn_ctx))
+        goto err;
+    if (!BN_mul(tmp3, u, x, bn_ctx))
+        goto err;
+    if (!BN_add(tmp2, a, tmp3))
+        goto err;
+    K = BN_new();
+    if (K != NULL && !BN_mod_exp(K, tmp, tmp2, N, bn_ctx)) {
+        BN_free(K);
+        K = NULL;
+    }
+
+ err:
+    BN_CTX_free(bn_ctx);
+    BN_clear_free(tmp);
+    BN_clear_free(tmp2);
+    BN_clear_free(tmp3);
+    BN_free(k);
+    return K;
+}
+
+int SRP_Verify_B_mod_N(const BIGNUM *B, const BIGNUM *N)
+{
+    BIGNUM *r;
+    BN_CTX *bn_ctx;
+    int ret = 0;
+
+    if (B == NULL || N == NULL || (bn_ctx = BN_CTX_new()) == NULL)
+        return 0;
+
+    if ((r = BN_new()) == NULL)
+        goto err;
+    /* Checks if B % N == 0 */
+    if (!BN_nnmod(r, B, N, bn_ctx))
+        goto err;
+    ret = !BN_is_zero(r);
+ err:
+    BN_CTX_free(bn_ctx);
+    BN_free(r);
+    return ret;
+}
+
+int SRP_Verify_A_mod_N(const BIGNUM *A, const BIGNUM *N)
+{
+    /* Checks if A % N == 0 */
+    return SRP_Verify_B_mod_N(A, N);
+}
+
+static SRP_gN knowngN[] = {
+    {"8192", &bn_generator_19, &bn_group_8192},
+    {"6144", &bn_generator_5, &bn_group_6144},
+    {"4096", &bn_generator_5, &bn_group_4096},
+    {"3072", &bn_generator_5, &bn_group_3072},
+    {"2048", &bn_generator_2, &bn_group_2048},
+    {"1536", &bn_generator_2, &bn_group_1536},
+    {"1024", &bn_generator_2, &bn_group_1024},
+};
+
+# define KNOWN_GN_NUMBER sizeof(knowngN) / sizeof(SRP_gN)
+
+/*
+ * Check if G and N are known parameters. The values have been generated
+ * from the ietf-tls-srp draft version 8
+ */
+char *SRP_check_known_gN_param(const BIGNUM *g, const BIGNUM *N)
+{
+    size_t i;
+    if ((g == NULL) || (N == NULL))
+        return 0;
+
+    for (i = 0; i < KNOWN_GN_NUMBER; i++) {
+        if (BN_cmp(knowngN[i].g, g) == 0 && BN_cmp(knowngN[i].N, N) == 0)
+            return knowngN[i].id;
+    }
+    return NULL;
+}
+
+SRP_gN *SRP_get_default_gN(const char *id)
+{
+    size_t i;
+
+    if (id == NULL)
+        return knowngN;
+    for (i = 0; i < KNOWN_GN_NUMBER; i++) {
+        if (strcmp(knowngN[i].id, id) == 0)
+            return knowngN + i;
+    }
+    return NULL;
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/srp/srp_vfy.c b/trunk/3rdparty/openssl-1.1-fit/crypto/srp/srp_vfy.c
new file mode 100644
index 000000000..eb279dd41
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/srp/srp_vfy.c
@@ -0,0 +1,730 @@
+/*
+ * Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2004, EdelKey Project. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Christophe Renou and Peter Sylvester,
+ * for the EdelKey project.
+ */
+
+#ifndef OPENSSL_NO_SRP
+# include "internal/cryptlib.h"
+# include "internal/evp_int.h"
+# include <openssl/sha.h>
+# include <openssl/srp.h>
+# include <openssl/evp.h>
+# include <openssl/buffer.h>
+# include <openssl/rand.h>
+# include <openssl/txt_db.h>
+# include <openssl/err.h>
+
+# define SRP_RANDOM_SALT_LEN 20
+# define MAX_LEN 2500
+
+/*
+ * Note that SRP uses its own variant of base 64 encoding. A different base64
+ * alphabet is used and no padding '=' characters are added. Instead we pad to
+ * the front with 0 bytes and subsequently strip off leading encoded padding.
+ * This variant is used for compatibility with other SRP implementations -
+ * notably libsrp, but also others. It is also required for backwards
+ * compatibility in order to load verifier files from other OpenSSL versions.
+ */
+
+/*
+ * Convert a base64 string into raw byte array representation.
+ * Returns the length of the decoded data, or -1 on error.
+ */
+static int t_fromb64(unsigned char *a, size_t alen, const char *src)
+{
+    EVP_ENCODE_CTX *ctx;
+    int outl = 0, outl2 = 0;
+    size_t size, padsize;
+    const unsigned char *pad = (const unsigned char *)"00";
+
+    while (*src == ' ' || *src == '\t' || *src == '\n')
+        ++src;
+    size = strlen(src);
+    padsize = 4 - (size & 3);
+    padsize &= 3;
+
+    /* Four bytes in src become three bytes output. */
+    if (size > INT_MAX || ((size + padsize) / 4) * 3 > alen)
+        return -1;
+
+    ctx = EVP_ENCODE_CTX_new();
+    if (ctx == NULL)
+        return -1;
+
+    /*
+     * This should never occur because 1 byte of data always requires 2 bytes of
+     * encoding, i.e.
+     *  0 bytes unencoded = 0 bytes encoded
+     *  1 byte unencoded  = 2 bytes encoded
+     *  2 bytes unencoded = 3 bytes encoded
+     *  3 bytes unencoded = 4 bytes encoded
+     *  4 bytes unencoded = 6 bytes encoded
+     *  etc
+     */
+    if (padsize == 3) {
+        outl = -1;
+        goto err;
+    }
+
+    /* Valid padsize values are now 0, 1 or 2 */
+
+    EVP_DecodeInit(ctx);
+    evp_encode_ctx_set_flags(ctx, EVP_ENCODE_CTX_USE_SRP_ALPHABET);
+
+    /* Add any encoded padding that is required */
+    if (padsize != 0
+            && EVP_DecodeUpdate(ctx, a, &outl, pad, padsize) < 0) {
+        outl = -1;
+        goto err;
+    }
+    if (EVP_DecodeUpdate(ctx, a, &outl2, (const unsigned char *)src, size) < 0) {
+        outl = -1;
+        goto err;
+    }
+    outl += outl2;
+    EVP_DecodeFinal(ctx, a + outl, &outl2);
+    outl += outl2;
+
+    /* Strip off the leading padding */
+    if (padsize != 0) {
+        if ((int)padsize >= outl) {
+            outl = -1;
+            goto err;
+        }
+
+        /*
+         * If we added 1 byte of padding prior to encoding then we have 2 bytes
+         * of "real" data which gets spread across 4 encoded bytes like this:
+         *   (6 bits pad)(2 bits pad | 4 bits data)(6 bits data)(6 bits data)
+         * So 1 byte of pre-encoding padding results in 1 full byte of encoded
+         * padding.
+         * If we added 2 bytes of padding prior to encoding this gets encoded
+         * as:
+         *   (6 bits pad)(6 bits pad)(4 bits pad | 2 bits data)(6 bits data)
+         * So 2 bytes of pre-encoding padding results in 2 full bytes of encoded
+         * padding, i.e. we have to strip the same number of bytes of padding
+         * from the encoded data as we added to the pre-encoded data.
+         */
+        memmove(a, a + padsize, outl - padsize);
+        outl -= padsize;
+    }
+
+ err:
+    EVP_ENCODE_CTX_free(ctx);
+
+    return outl;
+}
+
+/*
+ * Convert a raw byte string into a null-terminated base64 ASCII string.
+ * Returns 1 on success or 0 on error.
+ */
+static int t_tob64(char *dst, const unsigned char *src, int size)
+{
+    EVP_ENCODE_CTX *ctx = EVP_ENCODE_CTX_new();
+    int outl = 0, outl2 = 0;
+    unsigned char pad[2] = {0, 0};
+    size_t leadz = 0;
+
+    if (ctx == NULL)
+        return 0;
+
+    EVP_EncodeInit(ctx);
+    evp_encode_ctx_set_flags(ctx, EVP_ENCODE_CTX_NO_NEWLINES
+                                  | EVP_ENCODE_CTX_USE_SRP_ALPHABET);
+
+    /*
+     * We pad at the front with zero bytes until the length is a multiple of 3
+     * so that EVP_EncodeUpdate/EVP_EncodeFinal does not add any of its own "="
+     * padding
+     */
+    leadz = 3 - (size % 3);
+    if (leadz != 3
+            && !EVP_EncodeUpdate(ctx, (unsigned char *)dst, &outl, pad,
+                                 leadz)) {
+        EVP_ENCODE_CTX_free(ctx);
+        return 0;
+    }
+
+    if (!EVP_EncodeUpdate(ctx, (unsigned char *)dst + outl, &outl2, src,
+                          size)) {
+        EVP_ENCODE_CTX_free(ctx);
+        return 0;
+    }
+    outl += outl2;
+    EVP_EncodeFinal(ctx, (unsigned char *)dst + outl, &outl2);
+    outl += outl2;
+
+    /* Strip the encoded padding at the front */
+    if (leadz != 3) {
+        memmove(dst, dst + leadz, outl - leadz);
+        dst[outl - leadz] = '\0';
+    }
+
+    EVP_ENCODE_CTX_free(ctx);
+    return 1;
+}
+
+void SRP_user_pwd_free(SRP_user_pwd *user_pwd)
+{
+    if (user_pwd == NULL)
+        return;
+    BN_free(user_pwd->s);
+    BN_clear_free(user_pwd->v);
+    OPENSSL_free(user_pwd->id);
+    OPENSSL_free(user_pwd->info);
+    OPENSSL_free(user_pwd);
+}
+
+static SRP_user_pwd *SRP_user_pwd_new(void)
+{
+    SRP_user_pwd *ret;
+
+    if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) {
+        /* SRPerr(SRP_F_SRP_USER_PWD_NEW, ERR_R_MALLOC_FAILURE); */ /*ckerr_ignore*/
+        return NULL;
+    }
+    ret->N = NULL;
+    ret->g = NULL;
+    ret->s = NULL;
+    ret->v = NULL;
+    ret->id = NULL;
+    ret->info = NULL;
+    return ret;
+}
+
+static void SRP_user_pwd_set_gN(SRP_user_pwd *vinfo, const BIGNUM *g,
+                                const BIGNUM *N)
+{
+    vinfo->N = N;
+    vinfo->g = g;
+}
+
+static int SRP_user_pwd_set_ids(SRP_user_pwd *vinfo, const char *id,
+                                const char *info)
+{
+    if (id != NULL && NULL == (vinfo->id = OPENSSL_strdup(id)))
+        return 0;
+    return (info == NULL || NULL != (vinfo->info = OPENSSL_strdup(info)));
+}
+
+static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s,
+                               const char *v)
+{
+    unsigned char tmp[MAX_LEN];
+    int len;
+
+    vinfo->v = NULL;
+    vinfo->s = NULL;
+
+    len = t_fromb64(tmp, sizeof(tmp), v);
+    if (len < 0)
+        return 0;
+    if (NULL == (vinfo->v = BN_bin2bn(tmp, len, NULL)))
+        return 0;
+    len = t_fromb64(tmp, sizeof(tmp), s);
+    if (len < 0)
+        goto err;
+    vinfo->s = BN_bin2bn(tmp, len, NULL);
+    if (vinfo->s == NULL)
+        goto err;
+    return 1;
+ err:
+    BN_free(vinfo->v);
+    vinfo->v = NULL;
+    return 0;
+}
+
+static int SRP_user_pwd_set_sv_BN(SRP_user_pwd *vinfo, BIGNUM *s, BIGNUM *v)
+{
+    vinfo->v = v;
+    vinfo->s = s;
+    return (vinfo->s != NULL && vinfo->v != NULL);
+}
+
+static SRP_user_pwd *srp_user_pwd_dup(SRP_user_pwd *src)
+{
+    SRP_user_pwd *ret;
+
+    if (src == NULL)
+        return NULL;
+    if ((ret = SRP_user_pwd_new()) == NULL)
+        return NULL;
+
+    SRP_user_pwd_set_gN(ret, src->g, src->N);
+    if (!SRP_user_pwd_set_ids(ret, src->id, src->info)
+        || !SRP_user_pwd_set_sv_BN(ret, BN_dup(src->s), BN_dup(src->v))) {
+            SRP_user_pwd_free(ret);
+            return NULL;
+    }
+    return ret;
+}
+
+SRP_VBASE *SRP_VBASE_new(char *seed_key)
+{
+    SRP_VBASE *vb = OPENSSL_malloc(sizeof(*vb));
+
+    if (vb == NULL)
+        return NULL;
+    if ((vb->users_pwd = sk_SRP_user_pwd_new_null()) == NULL
+        || (vb->gN_cache = sk_SRP_gN_cache_new_null()) == NULL) {
+        OPENSSL_free(vb);
+        return NULL;
+    }
+    vb->default_g = NULL;
+    vb->default_N = NULL;
+    vb->seed_key = NULL;
+    if ((seed_key != NULL) && (vb->seed_key = OPENSSL_strdup(seed_key)) == NULL) {
+        sk_SRP_user_pwd_free(vb->users_pwd);
+        sk_SRP_gN_cache_free(vb->gN_cache);
+        OPENSSL_free(vb);
+        return NULL;
+    }
+    return vb;
+}
+
+void SRP_VBASE_free(SRP_VBASE *vb)
+{
+    if (!vb)
+        return;
+    sk_SRP_user_pwd_pop_free(vb->users_pwd, SRP_user_pwd_free);
+    sk_SRP_gN_cache_free(vb->gN_cache);
+    OPENSSL_free(vb->seed_key);
+    OPENSSL_free(vb);
+}
+
+static SRP_gN_cache *SRP_gN_new_init(const char *ch)
+{
+    unsigned char tmp[MAX_LEN];
+    int len;
+    SRP_gN_cache *newgN = OPENSSL_malloc(sizeof(*newgN));
+
+    if (newgN == NULL)
+        return NULL;
+
+    len = t_fromb64(tmp, sizeof(tmp), ch);
+    if (len < 0)
+        goto err;
+
+    if ((newgN->b64_bn = OPENSSL_strdup(ch)) == NULL)
+        goto err;
+
+    if ((newgN->bn = BN_bin2bn(tmp, len, NULL)))
+        return newgN;
+
+    OPENSSL_free(newgN->b64_bn);
+ err:
+    OPENSSL_free(newgN);
+    return NULL;
+}
+
+static void SRP_gN_free(SRP_gN_cache *gN_cache)
+{
+    if (gN_cache == NULL)
+        return;
+    OPENSSL_free(gN_cache->b64_bn);
+    BN_free(gN_cache->bn);
+    OPENSSL_free(gN_cache);
+}
+
+static SRP_gN *SRP_get_gN_by_id(const char *id, STACK_OF(SRP_gN) *gN_tab)
+{
+    int i;
+
+    SRP_gN *gN;
+    if (gN_tab != NULL)
+        for (i = 0; i < sk_SRP_gN_num(gN_tab); i++) {
+            gN = sk_SRP_gN_value(gN_tab, i);
+            if (gN && (id == NULL || strcmp(gN->id, id) == 0))
+                return gN;
+        }
+
+    return SRP_get_default_gN(id);
+}
+
+static BIGNUM *SRP_gN_place_bn(STACK_OF(SRP_gN_cache) *gN_cache, char *ch)
+{
+    int i;
+    if (gN_cache == NULL)
+        return NULL;
+
+    /* search if we have already one... */
+    for (i = 0; i < sk_SRP_gN_cache_num(gN_cache); i++) {
+        SRP_gN_cache *cache = sk_SRP_gN_cache_value(gN_cache, i);
+        if (strcmp(cache->b64_bn, ch) == 0)
+            return cache->bn;
+    }
+    {                           /* it is the first time that we find it */
+        SRP_gN_cache *newgN = SRP_gN_new_init(ch);
+        if (newgN) {
+            if (sk_SRP_gN_cache_insert(gN_cache, newgN, 0) > 0)
+                return newgN->bn;
+            SRP_gN_free(newgN);
+        }
+    }
+    return NULL;
+}
+
+/*
+ * this function parses verifier file. Format is:
+ * string(index):base64(N):base64(g):0
+ * string(username):base64(v):base64(salt):int(index)
+ */
+
+int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file)
+{
+    int error_code;
+    STACK_OF(SRP_gN) *SRP_gN_tab = sk_SRP_gN_new_null();
+    char *last_index = NULL;
+    int i;
+    char **pp;
+
+    SRP_gN *gN = NULL;
+    SRP_user_pwd *user_pwd = NULL;
+
+    TXT_DB *tmpdb = NULL;
+    BIO *in = BIO_new(BIO_s_file());
+
+    error_code = SRP_ERR_OPEN_FILE;
+
+    if (in == NULL || BIO_read_filename(in, verifier_file) <= 0)
+        goto err;
+
+    error_code = SRP_ERR_VBASE_INCOMPLETE_FILE;
+
+    if ((tmpdb = TXT_DB_read(in, DB_NUMBER)) == NULL)
+        goto err;
+
+    error_code = SRP_ERR_MEMORY;
+
+    if (vb->seed_key) {
+        last_index = SRP_get_default_gN(NULL)->id;
+    }
+    for (i = 0; i < sk_OPENSSL_PSTRING_num(tmpdb->data); i++) {
+        pp = sk_OPENSSL_PSTRING_value(tmpdb->data, i);
+        if (pp[DB_srptype][0] == DB_SRP_INDEX) {
+            /*
+             * we add this couple in the internal Stack
+             */
+
+            if ((gN = OPENSSL_malloc(sizeof(*gN))) == NULL)
+                goto err;
+
+            if ((gN->id = OPENSSL_strdup(pp[DB_srpid])) == NULL
+                || (gN->N = SRP_gN_place_bn(vb->gN_cache, pp[DB_srpverifier]))
+                        == NULL
+                || (gN->g = SRP_gN_place_bn(vb->gN_cache, pp[DB_srpsalt]))
+                        == NULL
+                || sk_SRP_gN_insert(SRP_gN_tab, gN, 0) == 0)
+                goto err;
+
+            gN = NULL;
+
+            if (vb->seed_key != NULL) {
+                last_index = pp[DB_srpid];
+            }
+        } else if (pp[DB_srptype][0] == DB_SRP_VALID) {
+            /* it is a user .... */
+            const SRP_gN *lgN;
+
+            if ((lgN = SRP_get_gN_by_id(pp[DB_srpgN], SRP_gN_tab)) != NULL) {
+                error_code = SRP_ERR_MEMORY;
+                if ((user_pwd = SRP_user_pwd_new()) == NULL)
+                    goto err;
+
+                SRP_user_pwd_set_gN(user_pwd, lgN->g, lgN->N);
+                if (!SRP_user_pwd_set_ids
+                    (user_pwd, pp[DB_srpid], pp[DB_srpinfo]))
+                    goto err;
+
+                error_code = SRP_ERR_VBASE_BN_LIB;
+                if (!SRP_user_pwd_set_sv
+                    (user_pwd, pp[DB_srpsalt], pp[DB_srpverifier]))
+                    goto err;
+
+                if (sk_SRP_user_pwd_insert(vb->users_pwd, user_pwd, 0) == 0)
+                    goto err;
+                user_pwd = NULL; /* abandon responsibility */
+            }
+        }
+    }
+
+    if (last_index != NULL) {
+        /* this means that we want to simulate a default user */
+
+        if (((gN = SRP_get_gN_by_id(last_index, SRP_gN_tab)) == NULL)) {
+            error_code = SRP_ERR_VBASE_BN_LIB;
+            goto err;
+        }
+        vb->default_g = gN->g;
+        vb->default_N = gN->N;
+        gN = NULL;
+    }
+    error_code = SRP_NO_ERROR;
+
+ err:
+    /*
+     * there may be still some leaks to fix, if this fails, the application
+     * terminates most likely
+     */
+
+    if (gN != NULL) {
+        OPENSSL_free(gN->id);
+        OPENSSL_free(gN);
+    }
+
+    SRP_user_pwd_free(user_pwd);
+
+    TXT_DB_free(tmpdb);
+    BIO_free_all(in);
+
+    sk_SRP_gN_free(SRP_gN_tab);
+
+    return error_code;
+
+}
+
+static SRP_user_pwd *find_user(SRP_VBASE *vb, char *username)
+{
+    int i;
+    SRP_user_pwd *user;
+
+    if (vb == NULL)
+        return NULL;
+
+    for (i = 0; i < sk_SRP_user_pwd_num(vb->users_pwd); i++) {
+        user = sk_SRP_user_pwd_value(vb->users_pwd, i);
+        if (strcmp(user->id, username) == 0)
+            return user;
+    }
+
+    return NULL;
+}
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+/*
+ * DEPRECATED: use SRP_VBASE_get1_by_user instead.
+ * This method ignores the configured seed and fails for an unknown user.
+ * Ownership of the returned pointer is not released to the caller.
+ * In other words, caller must not free the result.
+ */
+SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username)
+{
+    return find_user(vb, username);
+}
+# endif
+
+/*
+ * Ownership of the returned pointer is released to the caller.
+ * In other words, caller must free the result once done.
+ */
+SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username)
+{
+    SRP_user_pwd *user;
+    unsigned char digv[SHA_DIGEST_LENGTH];
+    unsigned char digs[SHA_DIGEST_LENGTH];
+    EVP_MD_CTX *ctxt = NULL;
+
+    if (vb == NULL)
+        return NULL;
+
+    if ((user = find_user(vb, username)) != NULL)
+        return srp_user_pwd_dup(user);
+
+    if ((vb->seed_key == NULL) ||
+        (vb->default_g == NULL) || (vb->default_N == NULL))
+        return NULL;
+
+/* if the user is unknown we set parameters as well if we have a seed_key */
+
+    if ((user = SRP_user_pwd_new()) == NULL)
+        return NULL;
+
+    SRP_user_pwd_set_gN(user, vb->default_g, vb->default_N);
+
+    if (!SRP_user_pwd_set_ids(user, username, NULL))
+        goto err;
+
+    if (RAND_priv_bytes(digv, SHA_DIGEST_LENGTH) <= 0)
+        goto err;
+    ctxt = EVP_MD_CTX_new();
+    if (ctxt == NULL
+        || !EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL)
+        || !EVP_DigestUpdate(ctxt, vb->seed_key, strlen(vb->seed_key))
+        || !EVP_DigestUpdate(ctxt, username, strlen(username))
+        || !EVP_DigestFinal_ex(ctxt, digs, NULL))
+        goto err;
+    EVP_MD_CTX_free(ctxt);
+    ctxt = NULL;
+    if (SRP_user_pwd_set_sv_BN(user,
+                               BN_bin2bn(digs, SHA_DIGEST_LENGTH, NULL),
+                               BN_bin2bn(digv, SHA_DIGEST_LENGTH, NULL)))
+        return user;
+
+ err:
+    EVP_MD_CTX_free(ctxt);
+    SRP_user_pwd_free(user);
+    return NULL;
+}
+
+/*
+ * create a verifier (*salt,*verifier,g and N are in base64)
+ */
+char *SRP_create_verifier(const char *user, const char *pass, char **salt,
+                          char **verifier, const char *N, const char *g)
+{
+    int len;
+    char *result = NULL, *vf = NULL;
+    const BIGNUM *N_bn = NULL, *g_bn = NULL;
+    BIGNUM *N_bn_alloc = NULL, *g_bn_alloc = NULL, *s = NULL, *v = NULL;
+    unsigned char tmp[MAX_LEN];
+    unsigned char tmp2[MAX_LEN];
+    char *defgNid = NULL;
+    int vfsize = 0;
+
+    if ((user == NULL) ||
+        (pass == NULL) || (salt == NULL) || (verifier == NULL))
+        goto err;
+
+    if (N) {
+        if ((len = t_fromb64(tmp, sizeof(tmp), N)) <= 0)
+            goto err;
+        N_bn_alloc = BN_bin2bn(tmp, len, NULL);
+        if (N_bn_alloc == NULL)
+            goto err;
+        N_bn = N_bn_alloc;
+        if ((len = t_fromb64(tmp, sizeof(tmp) ,g)) <= 0)
+            goto err;
+        g_bn_alloc = BN_bin2bn(tmp, len, NULL);
+        if (g_bn_alloc == NULL)
+            goto err;
+        g_bn = g_bn_alloc;
+        defgNid = "*";
+    } else {
+        SRP_gN *gN = SRP_get_gN_by_id(g, NULL);
+        if (gN == NULL)
+            goto err;
+        N_bn = gN->N;
+        g_bn = gN->g;
+        defgNid = gN->id;
+    }
+
+    if (*salt == NULL) {
+        if (RAND_bytes(tmp2, SRP_RANDOM_SALT_LEN) <= 0)
+            goto err;
+
+        s = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL);
+    } else {
+        if ((len = t_fromb64(tmp2, sizeof(tmp2), *salt)) <= 0)
+            goto err;
+        s = BN_bin2bn(tmp2, len, NULL);
+    }
+    if (s == NULL)
+        goto err;
+
+    if (!SRP_create_verifier_BN(user, pass, &s, &v, N_bn, g_bn))
+        goto err;
+
+    if (BN_bn2bin(v, tmp) < 0)
+        goto err;
+    vfsize = BN_num_bytes(v) * 2;
+    if (((vf = OPENSSL_malloc(vfsize)) == NULL))
+        goto err;
+    if (!t_tob64(vf, tmp, BN_num_bytes(v)))
+        goto err;
+
+    if (*salt == NULL) {
+        char *tmp_salt;
+
+        if ((tmp_salt = OPENSSL_malloc(SRP_RANDOM_SALT_LEN * 2)) == NULL) {
+            goto err;
+        }
+        if (!t_tob64(tmp_salt, tmp2, SRP_RANDOM_SALT_LEN)) {
+            OPENSSL_free(tmp_salt);
+            goto err;
+        }
+        *salt = tmp_salt;
+    }
+
+    *verifier = vf;
+    vf = NULL;
+    result = defgNid;
+
+ err:
+    BN_free(N_bn_alloc);
+    BN_free(g_bn_alloc);
+    OPENSSL_clear_free(vf, vfsize);
+    BN_clear_free(s);
+    BN_clear_free(v);
+    return result;
+}
+
+/*
+ * create a verifier (*salt,*verifier,g and N are BIGNUMs). If *salt != NULL
+ * then the provided salt will be used. On successful exit *verifier will point
+ * to a newly allocated BIGNUM containing the verifier and (if a salt was not
+ * provided) *salt will be populated with a newly allocated BIGNUM containing a
+ * random salt.
+ * The caller is responsible for freeing the allocated *salt and *verifier
+ * BIGNUMS.
+ */
+int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
+                           BIGNUM **verifier, const BIGNUM *N,
+                           const BIGNUM *g)
+{
+    int result = 0;
+    BIGNUM *x = NULL;
+    BN_CTX *bn_ctx = BN_CTX_new();
+    unsigned char tmp2[MAX_LEN];
+    BIGNUM *salttmp = NULL;
+
+    if ((user == NULL) ||
+        (pass == NULL) ||
+        (salt == NULL) ||
+        (verifier == NULL) || (N == NULL) || (g == NULL) || (bn_ctx == NULL))
+        goto err;
+
+    if (*salt == NULL) {
+        if (RAND_bytes(tmp2, SRP_RANDOM_SALT_LEN) <= 0)
+            goto err;
+
+        salttmp = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL);
+        if (salttmp == NULL)
+            goto err;
+    } else {
+        salttmp = *salt;
+    }
+
+    x = SRP_Calc_x(salttmp, user, pass);
+    if (x == NULL)
+        goto err;
+
+    *verifier = BN_new();
+    if (*verifier == NULL)
+        goto err;
+
+    if (!BN_mod_exp(*verifier, g, x, N, bn_ctx)) {
+        BN_clear_free(*verifier);
+        goto err;
+    }
+
+    result = 1;
+    *salt = salttmp;
+
+ err:
+    if (salt != NULL && *salt != salttmp)
+        BN_clear_free(salttmp);
+    BN_clear_free(x);
+    BN_CTX_free(bn_ctx);
+    return result;
+}
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/stack/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/stack/build.info
new file mode 100644
index 000000000..e5870210a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/stack/build.info
@@ -0,0 +1,2 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=stack.c
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/stack/stack.c b/trunk/3rdparty/openssl-1.1-fit/crypto/stack/stack.c
new file mode 100644
index 000000000..975515db5
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/stack/stack.c
@@ -0,0 +1,413 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "internal/numbers.h"
+#include <openssl/stack.h>
+#include <openssl/objects.h>
+#include <errno.h>
+#include <openssl/e_os2.h>      /* For ossl_inline */
+
+/*
+ * The initial number of nodes in the array.
+ */
+static const int min_nodes = 4;
+static const int max_nodes = SIZE_MAX / sizeof(void *) < INT_MAX
+                             ? (int)(SIZE_MAX / sizeof(void *))
+                             : INT_MAX;
+
+struct stack_st {
+    int num;
+    const void **data;
+    int sorted;
+    int num_alloc;
+    OPENSSL_sk_compfunc comp;
+};
+
+OPENSSL_sk_compfunc OPENSSL_sk_set_cmp_func(OPENSSL_STACK *sk, OPENSSL_sk_compfunc c)
+{
+    OPENSSL_sk_compfunc old = sk->comp;
+
+    if (sk->comp != c)
+        sk->sorted = 0;
+    sk->comp = c;
+
+    return old;
+}
+
+OPENSSL_STACK *OPENSSL_sk_dup(const OPENSSL_STACK *sk)
+{
+    OPENSSL_STACK *ret;
+
+    if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) {
+        CRYPTOerr(CRYPTO_F_OPENSSL_SK_DUP, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    /* direct structure assignment */
+    *ret = *sk;
+
+    if (sk->num == 0) {
+        /* postpone |ret->data| allocation */
+        ret->data = NULL;
+        ret->num_alloc = 0;
+        return ret;
+    }
+    /* duplicate |sk->data| content */
+    if ((ret->data = OPENSSL_malloc(sizeof(*ret->data) * sk->num_alloc)) == NULL)
+        goto err;
+    memcpy(ret->data, sk->data, sizeof(void *) * sk->num);
+    return ret;
+ err:
+    OPENSSL_sk_free(ret);
+    return NULL;
+}
+
+OPENSSL_STACK *OPENSSL_sk_deep_copy(const OPENSSL_STACK *sk,
+                             OPENSSL_sk_copyfunc copy_func,
+                             OPENSSL_sk_freefunc free_func)
+{
+    OPENSSL_STACK *ret;
+    int i;
+
+    if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) {
+        CRYPTOerr(CRYPTO_F_OPENSSL_SK_DEEP_COPY, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    /* direct structure assignment */
+    *ret = *sk;
+
+    if (sk->num == 0) {
+        /* postpone |ret| data allocation */
+        ret->data = NULL;
+        ret->num_alloc = 0;
+        return ret;
+    }
+
+    ret->num_alloc = sk->num > min_nodes ? sk->num : min_nodes;
+    ret->data = OPENSSL_zalloc(sizeof(*ret->data) * ret->num_alloc);
+    if (ret->data == NULL) {
+        OPENSSL_free(ret);
+        return NULL;
+    }
+
+    for (i = 0; i < ret->num; ++i) {
+        if (sk->data[i] == NULL)
+            continue;
+        if ((ret->data[i] = copy_func(sk->data[i])) == NULL) {
+            while (--i >= 0)
+                if (ret->data[i] != NULL)
+                    free_func((void *)ret->data[i]);
+            OPENSSL_sk_free(ret);
+            return NULL;
+        }
+    }
+    return ret;
+}
+
+OPENSSL_STACK *OPENSSL_sk_new_null(void)
+{
+    return OPENSSL_sk_new_reserve(NULL, 0);
+}
+
+OPENSSL_STACK *OPENSSL_sk_new(OPENSSL_sk_compfunc c)
+{
+    return OPENSSL_sk_new_reserve(c, 0);
+}
+
+/*
+ * Calculate the array growth based on the target size.
+ *
+ * The growth fraction is a rational number and is defined by a numerator
+ * and a denominator.  According to Andrew Koenig in his paper "Why Are
+ * Vectors Efficient?" from JOOP 11(5) 1998, this factor should be less
+ * than the golden ratio (1.618...).
+ *
+ * We use 3/2 = 1.5 for simplicity of calculation and overflow checking.
+ * Another option 8/5 = 1.6 allows for slightly faster growth, although safe
+ * computation is more difficult.
+ *
+ * The limit to avoid overflow is spot on.  The modulo three correction term
+ * ensures that the limit is the largest number than can be expanded by the
+ * growth factor without exceeding the hard limit.
+ *
+ * Do not call it with |current| lower than 2, or it will infinitely loop.
+ */
+static ossl_inline int compute_growth(int target, int current)
+{
+    const int limit = (max_nodes / 3) * 2 + (max_nodes % 3 ? 1 : 0);
+
+    while (current < target) {
+        /* Check to see if we're at the hard limit */
+        if (current >= max_nodes)
+            return 0;
+
+        /* Expand the size by a factor of 3/2 if it is within range */
+        current = current < limit ? current + current / 2 : max_nodes;
+    }
+    return current;
+}
+
+/* internal STACK storage allocation */
+static int sk_reserve(OPENSSL_STACK *st, int n, int exact)
+{
+    const void **tmpdata;
+    int num_alloc;
+
+    /* Check to see the reservation isn't exceeding the hard limit */
+    if (n > max_nodes - st->num)
+        return 0;
+
+    /* Figure out the new size */
+    num_alloc = st->num + n;
+    if (num_alloc < min_nodes)
+        num_alloc = min_nodes;
+
+    /* If |st->data| allocation was postponed */
+    if (st->data == NULL) {
+        /*
+         * At this point, |st->num_alloc| and |st->num| are 0;
+         * so |num_alloc| value is |n| or |min_nodes| if greater than |n|.
+         */
+        if ((st->data = OPENSSL_zalloc(sizeof(void *) * num_alloc)) == NULL) {
+            CRYPTOerr(CRYPTO_F_SK_RESERVE, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        st->num_alloc = num_alloc;
+        return 1;
+    }
+
+    if (!exact) {
+        if (num_alloc <= st->num_alloc)
+            return 1;
+        num_alloc = compute_growth(num_alloc, st->num_alloc);
+        if (num_alloc == 0)
+            return 0;
+    } else if (num_alloc == st->num_alloc) {
+        return 1;
+    }
+
+    tmpdata = OPENSSL_realloc((void *)st->data, sizeof(void *) * num_alloc);
+    if (tmpdata == NULL)
+        return 0;
+
+    st->data = tmpdata;
+    st->num_alloc = num_alloc;
+    return 1;
+}
+
+OPENSSL_STACK *OPENSSL_sk_new_reserve(OPENSSL_sk_compfunc c, int n)
+{
+    OPENSSL_STACK *st = OPENSSL_zalloc(sizeof(OPENSSL_STACK));
+
+    if (st == NULL)
+        return NULL;
+
+    st->comp = c;
+
+    if (n <= 0)
+        return st;
+
+    if (!sk_reserve(st, n, 1)) {
+        OPENSSL_sk_free(st);
+        return NULL;
+    }
+
+    return st;
+}
+
+int OPENSSL_sk_reserve(OPENSSL_STACK *st, int n)
+{
+    if (st == NULL)
+        return 0;
+
+    if (n < 0)
+        return 1;
+    return sk_reserve(st, n, 1);
+}
+
+int OPENSSL_sk_insert(OPENSSL_STACK *st, const void *data, int loc)
+{
+    if (st == NULL || st->num == max_nodes)
+        return 0;
+
+    if (!sk_reserve(st, 1, 0))
+        return 0;
+
+    if ((loc >= st->num) || (loc < 0)) {
+        st->data[st->num] = data;
+    } else {
+        memmove(&st->data[loc + 1], &st->data[loc],
+                sizeof(st->data[0]) * (st->num - loc));
+        st->data[loc] = data;
+    }
+    st->num++;
+    st->sorted = 0;
+    return st->num;
+}
+
+static ossl_inline void *internal_delete(OPENSSL_STACK *st, int loc)
+{
+    const void *ret = st->data[loc];
+
+    if (loc != st->num - 1)
+         memmove(&st->data[loc], &st->data[loc + 1],
+                 sizeof(st->data[0]) * (st->num - loc - 1));
+    st->num--;
+
+    return (void *)ret;
+}
+
+void *OPENSSL_sk_delete_ptr(OPENSSL_STACK *st, const void *p)
+{
+    int i;
+
+    for (i = 0; i < st->num; i++)
+        if (st->data[i] == p)
+            return internal_delete(st, i);
+    return NULL;
+}
+
+void *OPENSSL_sk_delete(OPENSSL_STACK *st, int loc)
+{
+    if (st == NULL || loc < 0 || loc >= st->num)
+        return NULL;
+
+    return internal_delete(st, loc);
+}
+
+static int internal_find(OPENSSL_STACK *st, const void *data,
+                         int ret_val_options)
+{
+    const void *r;
+    int i;
+
+    if (st == NULL || st->num == 0)
+        return -1;
+
+    if (st->comp == NULL) {
+        for (i = 0; i < st->num; i++)
+            if (st->data[i] == data)
+                return i;
+        return -1;
+    }
+
+    if (!st->sorted) {
+        if (st->num > 1)
+            qsort(st->data, st->num, sizeof(void *), st->comp);
+        st->sorted = 1; /* empty or single-element stack is considered sorted */
+    }
+    if (data == NULL)
+        return -1;
+    r = OBJ_bsearch_ex_(&data, st->data, st->num, sizeof(void *), st->comp,
+                        ret_val_options);
+
+    return r == NULL ? -1 : (int)((const void **)r - st->data);
+}
+
+int OPENSSL_sk_find(OPENSSL_STACK *st, const void *data)
+{
+    return internal_find(st, data, OBJ_BSEARCH_FIRST_VALUE_ON_MATCH);
+}
+
+int OPENSSL_sk_find_ex(OPENSSL_STACK *st, const void *data)
+{
+    return internal_find(st, data, OBJ_BSEARCH_VALUE_ON_NOMATCH);
+}
+
+int OPENSSL_sk_push(OPENSSL_STACK *st, const void *data)
+{
+    if (st == NULL)
+        return -1;
+    return OPENSSL_sk_insert(st, data, st->num);
+}
+
+int OPENSSL_sk_unshift(OPENSSL_STACK *st, const void *data)
+{
+    return OPENSSL_sk_insert(st, data, 0);
+}
+
+void *OPENSSL_sk_shift(OPENSSL_STACK *st)
+{
+    if (st == NULL || st->num == 0)
+        return NULL;
+    return internal_delete(st, 0);
+}
+
+void *OPENSSL_sk_pop(OPENSSL_STACK *st)
+{
+    if (st == NULL || st->num == 0)
+        return NULL;
+    return internal_delete(st, st->num - 1);
+}
+
+void OPENSSL_sk_zero(OPENSSL_STACK *st)
+{
+    if (st == NULL || st->num == 0)
+        return;
+    memset(st->data, 0, sizeof(*st->data) * st->num);
+    st->num = 0;
+}
+
+void OPENSSL_sk_pop_free(OPENSSL_STACK *st, OPENSSL_sk_freefunc func)
+{
+    int i;
+
+    if (st == NULL)
+        return;
+    for (i = 0; i < st->num; i++)
+        if (st->data[i] != NULL)
+            func((char *)st->data[i]);
+    OPENSSL_sk_free(st);
+}
+
+void OPENSSL_sk_free(OPENSSL_STACK *st)
+{
+    if (st == NULL)
+        return;
+    OPENSSL_free(st->data);
+    OPENSSL_free(st);
+}
+
+int OPENSSL_sk_num(const OPENSSL_STACK *st)
+{
+    return st == NULL ? -1 : st->num;
+}
+
+void *OPENSSL_sk_value(const OPENSSL_STACK *st, int i)
+{
+    if (st == NULL || i < 0 || i >= st->num)
+        return NULL;
+    return (void *)st->data[i];
+}
+
+void *OPENSSL_sk_set(OPENSSL_STACK *st, int i, const void *data)
+{
+    if (st == NULL || i < 0 || i >= st->num)
+        return NULL;
+    st->data[i] = data;
+    st->sorted = 0;
+    return (void *)st->data[i];
+}
+
+void OPENSSL_sk_sort(OPENSSL_STACK *st)
+{
+    if (st != NULL && !st->sorted && st->comp != NULL) {
+        if (st->num > 1)
+            qsort(st->data, st->num, sizeof(void *), st->comp);
+        st->sorted = 1; /* empty or single-element stack is considered sorted */
+    }
+}
+
+int OPENSSL_sk_is_sorted(const OPENSSL_STACK *st)
+{
+    return st == NULL ? 1 : st->sorted;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/store/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/store/build.info
new file mode 100644
index 000000000..7d882f313
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/store/build.info
@@ -0,0 +1,4 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        store_err.c store_init.c store_lib.c store_register.c store_strings.c \
+        loader_file.c
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/store/loader_file.c b/trunk/3rdparty/openssl-1.1-fit/crypto/store/loader_file.c
new file mode 100644
index 000000000..632e4511f
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/store/loader_file.c
@@ -0,0 +1,1440 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include <string.h>
+#include <sys/stat.h>
+#include <ctype.h>
+#include <assert.h>
+
+#include <openssl/bio.h>
+#include <openssl/dsa.h>         /* For d2i_DSAPrivateKey */
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/pem.h>
+#include <openssl/pkcs12.h>      /* For the PKCS8 stuff o.O */
+#include <openssl/rsa.h>         /* For d2i_RSAPrivateKey */
+#include <openssl/safestack.h>
+#include <openssl/store.h>
+#include <openssl/ui.h>
+#include <openssl/x509.h>        /* For the PKCS8 stuff o.O */
+#include "internal/asn1_int.h"
+#include "internal/ctype.h"
+#include "internal/o_dir.h"
+#include "internal/cryptlib.h"
+#include "internal/store_int.h"
+#include "store_locl.h"
+
+#ifdef _WIN32
+# define stat    _stat
+#endif
+
+#ifndef S_ISDIR
+# define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
+#endif
+
+/*-
+ *  Password prompting
+ *  ------------------
+ */
+
+static char *file_get_pass(const UI_METHOD *ui_method, char *pass,
+                           size_t maxsize, const char *prompt_info, void *data)
+{
+    UI *ui = UI_new();
+    char *prompt = NULL;
+
+    if (ui == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if (ui_method != NULL)
+        UI_set_method(ui, ui_method);
+    UI_add_user_data(ui, data);
+
+    if ((prompt = UI_construct_prompt(ui, "pass phrase",
+                                      prompt_info)) == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_MALLOC_FAILURE);
+        pass = NULL;
+    } else if (!UI_add_input_string(ui, prompt, UI_INPUT_FLAG_DEFAULT_PWD,
+                                    pass, 0, maxsize - 1)) {
+        OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_UI_LIB);
+        pass = NULL;
+    } else {
+        switch (UI_process(ui)) {
+        case -2:
+            OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS,
+                          OSSL_STORE_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED);
+            pass = NULL;
+            break;
+        case -1:
+            OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_UI_LIB);
+            pass = NULL;
+            break;
+        default:
+            break;
+        }
+    }
+
+    OPENSSL_free(prompt);
+    UI_free(ui);
+    return pass;
+}
+
+struct pem_pass_data {
+    const UI_METHOD *ui_method;
+    void *data;
+    const char *prompt_info;
+};
+
+static int file_fill_pem_pass_data(struct pem_pass_data *pass_data,
+                                   const char *prompt_info,
+                                   const UI_METHOD *ui_method, void *ui_data)
+{
+    if (pass_data == NULL)
+        return 0;
+    pass_data->ui_method = ui_method;
+    pass_data->data = ui_data;
+    pass_data->prompt_info = prompt_info;
+    return 1;
+}
+
+/* This is used anywhere a pem_password_cb is needed */
+static int file_get_pem_pass(char *buf, int num, int w, void *data)
+{
+    struct pem_pass_data *pass_data = data;
+    char *pass = file_get_pass(pass_data->ui_method, buf, num,
+                               pass_data->prompt_info, pass_data->data);
+
+    return pass == NULL ? 0 : strlen(pass);
+}
+
+/*-
+ *  The file scheme decoders
+ *  ------------------------
+ *
+ *  Each possible data type has its own decoder, which either operates
+ *  through a given PEM name, or attempts to decode to see if the blob
+ *  it's given is decodable for its data type.  The assumption is that
+ *  only the correct data type will match the content.
+ */
+
+/*-
+ * The try_decode function is called to check if the blob of data can
+ * be used by this handler, and if it can, decodes it into a supported
+ * OpenSSL type and returns a OSSL_STORE_INFO with the decoded data.
+ * Input:
+ *    pem_name:     If this blob comes from a PEM file, this holds
+ *                  the PEM name.  If it comes from another type of
+ *                  file, this is NULL.
+ *    pem_header:   If this blob comes from a PEM file, this holds
+ *                  the PEM headers.  If it comes from another type of
+ *                  file, this is NULL.
+ *    blob:         The blob of data to match with what this handler
+ *                  can use.
+ *    len:          The length of the blob.
+ *    handler_ctx:  For a handler marked repeatable, this pointer can
+ *                  be used to create a context for the handler.  IT IS
+ *                  THE HANDLER'S RESPONSIBILITY TO CREATE AND DESTROY
+ *                  THIS CONTEXT APPROPRIATELY, i.e. create on first call
+ *                  and destroy when about to return NULL.
+ *    matchcount:   A pointer to an int to count matches for this data.
+ *                  Usually becomes 0 (no match) or 1 (match!), but may
+ *                  be higher in the (unlikely) event that the data matches
+ *                  more than one possibility.  The int will always be
+ *                  zero when the function is called.
+ *    ui_method:    Application UI method for getting a password, pin
+ *                  or any other interactive data.
+ *    ui_data:      Application data to be passed to ui_method when
+ *                  it's called.
+ * Output:
+ *    a OSSL_STORE_INFO
+ */
+typedef OSSL_STORE_INFO *(*file_try_decode_fn)(const char *pem_name,
+                                               const char *pem_header,
+                                               const unsigned char *blob,
+                                               size_t len, void **handler_ctx,
+                                               int *matchcount,
+                                               const UI_METHOD *ui_method,
+                                               void *ui_data);
+/*
+ * The eof function should return 1 if there's no more data to be found
+ * with the handler_ctx, otherwise 0.  This is only used when the handler is
+ * marked repeatable.
+ */
+typedef int (*file_eof_fn)(void *handler_ctx);
+/*
+ * The destroy_ctx function is used to destroy the handler_ctx that was
+ * intiated by a repeatable try_decode fuction.  This is only used when
+ * the handler is marked repeatable.
+ */
+typedef void (*file_destroy_ctx_fn)(void **handler_ctx);
+
+typedef struct file_handler_st {
+    const char *name;
+    file_try_decode_fn try_decode;
+    file_eof_fn eof;
+    file_destroy_ctx_fn destroy_ctx;
+
+    /* flags */
+    int repeatable;
+} FILE_HANDLER;
+
+/*
+ * PKCS#12 decoder.  It operates by decoding all of the blob content,
+ * extracting all the interesting data from it and storing them internally,
+ * then serving them one piece at a time.
+ */
+static OSSL_STORE_INFO *try_decode_PKCS12(const char *pem_name,
+                                          const char *pem_header,
+                                          const unsigned char *blob,
+                                          size_t len, void **pctx,
+                                          int *matchcount,
+                                          const UI_METHOD *ui_method,
+                                          void *ui_data)
+{
+    OSSL_STORE_INFO *store_info = NULL;
+    STACK_OF(OSSL_STORE_INFO) *ctx = *pctx;
+
+    if (ctx == NULL) {
+        /* Initial parsing */
+        PKCS12 *p12;
+        int ok = 0;
+
+        if (pem_name != NULL)
+            /* No match, there is no PEM PKCS12 tag */
+            return NULL;
+
+        if ((p12 = d2i_PKCS12(NULL, &blob, len)) != NULL) {
+            char *pass = NULL;
+            char tpass[PEM_BUFSIZE];
+            EVP_PKEY *pkey = NULL;
+            X509 *cert = NULL;
+            STACK_OF(X509) *chain = NULL;
+
+            *matchcount = 1;
+
+            if (PKCS12_verify_mac(p12, "", 0)
+                || PKCS12_verify_mac(p12, NULL, 0)) {
+                pass = "";
+            } else {
+                if ((pass = file_get_pass(ui_method, tpass, PEM_BUFSIZE,
+                                          "PKCS12 import password",
+                                          ui_data)) == NULL) {
+                    OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS12,
+                                  OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR);
+                    goto p12_end;
+                }
+                if (!PKCS12_verify_mac(p12, pass, strlen(pass))) {
+                    OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS12,
+                                  OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC);
+                    goto p12_end;
+                }
+            }
+
+            if (PKCS12_parse(p12, pass, &pkey, &cert, &chain)) {
+                OSSL_STORE_INFO *osi_pkey = NULL;
+                OSSL_STORE_INFO *osi_cert = NULL;
+                OSSL_STORE_INFO *osi_ca = NULL;
+
+                if ((ctx = sk_OSSL_STORE_INFO_new_null()) != NULL
+                    && (osi_pkey = OSSL_STORE_INFO_new_PKEY(pkey)) != NULL
+                    && sk_OSSL_STORE_INFO_push(ctx, osi_pkey) != 0
+                    && (osi_cert = OSSL_STORE_INFO_new_CERT(cert)) != NULL
+                    && sk_OSSL_STORE_INFO_push(ctx, osi_cert) != 0) {
+                    ok = 1;
+                    osi_pkey = NULL;
+                    osi_cert = NULL;
+
+                    while(sk_X509_num(chain) > 0) {
+                        X509 *ca = sk_X509_value(chain, 0);
+
+                        if ((osi_ca = OSSL_STORE_INFO_new_CERT(ca)) == NULL
+                            || sk_OSSL_STORE_INFO_push(ctx, osi_ca) == 0) {
+                            ok = 0;
+                            break;
+                        }
+                        osi_ca = NULL;
+                        (void)sk_X509_shift(chain);
+                    }
+                }
+                if (!ok) {
+                    OSSL_STORE_INFO_free(osi_ca);
+                    OSSL_STORE_INFO_free(osi_cert);
+                    OSSL_STORE_INFO_free(osi_pkey);
+                    sk_OSSL_STORE_INFO_pop_free(ctx, OSSL_STORE_INFO_free);
+                    EVP_PKEY_free(pkey);
+                    X509_free(cert);
+                    sk_X509_pop_free(chain, X509_free);
+                    ctx = NULL;
+                }
+                *pctx = ctx;
+            }
+        }
+     p12_end:
+        PKCS12_free(p12);
+        if (!ok)
+            return NULL;
+    }
+
+    if (ctx != NULL) {
+        *matchcount = 1;
+        store_info = sk_OSSL_STORE_INFO_shift(ctx);
+    }
+
+    return store_info;
+}
+
+static int eof_PKCS12(void *ctx_)
+{
+    STACK_OF(OSSL_STORE_INFO) *ctx = ctx_;
+
+    return ctx == NULL || sk_OSSL_STORE_INFO_num(ctx) == 0;
+}
+
+static void destroy_ctx_PKCS12(void **pctx)
+{
+    STACK_OF(OSSL_STORE_INFO) *ctx = *pctx;
+
+    sk_OSSL_STORE_INFO_pop_free(ctx, OSSL_STORE_INFO_free);
+    *pctx = NULL;
+}
+
+static FILE_HANDLER PKCS12_handler = {
+    "PKCS12",
+    try_decode_PKCS12,
+    eof_PKCS12,
+    destroy_ctx_PKCS12,
+    1                            /* repeatable */
+};
+
+/*
+ * Encrypted PKCS#8 decoder.  It operates by just decrypting the given blob
+ * into a new blob, which is returned as an EMBEDDED STORE_INFO.  The whole
+ * decoding process will then start over with the new blob.
+ */
+static OSSL_STORE_INFO *try_decode_PKCS8Encrypted(const char *pem_name,
+                                                  const char *pem_header,
+                                                  const unsigned char *blob,
+                                                  size_t len, void **pctx,
+                                                  int *matchcount,
+                                                  const UI_METHOD *ui_method,
+                                                  void *ui_data)
+{
+    X509_SIG *p8 = NULL;
+    char kbuf[PEM_BUFSIZE];
+    char *pass = NULL;
+    const X509_ALGOR *dalg = NULL;
+    const ASN1_OCTET_STRING *doct = NULL;
+    OSSL_STORE_INFO *store_info = NULL;
+    BUF_MEM *mem = NULL;
+    unsigned char *new_data = NULL;
+    int new_data_len;
+
+    if (pem_name != NULL) {
+        if (strcmp(pem_name, PEM_STRING_PKCS8) != 0)
+            return NULL;
+        *matchcount = 1;
+    }
+
+    if ((p8 = d2i_X509_SIG(NULL, &blob, len)) == NULL)
+        return NULL;
+
+    *matchcount = 1;
+
+    if ((mem = BUF_MEM_new()) == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED,
+                      ERR_R_MALLOC_FAILURE);
+        goto nop8;
+    }
+
+    if ((pass = file_get_pass(ui_method, kbuf, PEM_BUFSIZE,
+                              "PKCS8 decrypt password", ui_data)) == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED,
+                      OSSL_STORE_R_BAD_PASSWORD_READ);
+        goto nop8;
+    }
+
+    X509_SIG_get0(p8, &dalg, &doct);
+    if (!PKCS12_pbe_crypt(dalg, pass, strlen(pass), doct->data, doct->length,
+                          &new_data, &new_data_len, 0))
+        goto nop8;
+
+    mem->data = (char *)new_data;
+    mem->max = mem->length = (size_t)new_data_len;
+    X509_SIG_free(p8);
+
+    store_info = ossl_store_info_new_EMBEDDED(PEM_STRING_PKCS8INF, mem);
+    if (store_info == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED,
+                      ERR_R_MALLOC_FAILURE);
+        goto nop8;
+    }
+
+    return store_info;
+ nop8:
+    X509_SIG_free(p8);
+    BUF_MEM_free(mem);
+    return NULL;
+}
+
+static FILE_HANDLER PKCS8Encrypted_handler = {
+    "PKCS8Encrypted",
+    try_decode_PKCS8Encrypted
+};
+
+/*
+ * Private key decoder.  Decodes all sorts of private keys, both PKCS#8
+ * encoded ones and old style PEM ones (with the key type is encoded into
+ * the PEM name).
+ */
+int pem_check_suffix(const char *pem_str, const char *suffix);
+static OSSL_STORE_INFO *try_decode_PrivateKey(const char *pem_name,
+                                              const char *pem_header,
+                                              const unsigned char *blob,
+                                              size_t len, void **pctx,
+                                              int *matchcount,
+                                              const UI_METHOD *ui_method,
+                                              void *ui_data)
+{
+    OSSL_STORE_INFO *store_info = NULL;
+    EVP_PKEY *pkey = NULL;
+    const EVP_PKEY_ASN1_METHOD *ameth = NULL;
+
+    if (pem_name != NULL) {
+        if (strcmp(pem_name, PEM_STRING_PKCS8INF) == 0) {
+            PKCS8_PRIV_KEY_INFO *p8inf =
+                d2i_PKCS8_PRIV_KEY_INFO(NULL, &blob, len);
+
+            *matchcount = 1;
+            if (p8inf != NULL)
+                pkey = EVP_PKCS82PKEY(p8inf);
+            PKCS8_PRIV_KEY_INFO_free(p8inf);
+        } else {
+            int slen;
+
+            if ((slen = pem_check_suffix(pem_name, "PRIVATE KEY")) > 0
+                && (ameth = EVP_PKEY_asn1_find_str(NULL, pem_name,
+                                                   slen)) != NULL) {
+                *matchcount = 1;
+                pkey = d2i_PrivateKey(ameth->pkey_id, NULL, &blob, len);
+            }
+        }
+    } else {
+        int i;
+
+        for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) {
+            EVP_PKEY *tmp_pkey = NULL;
+            const unsigned char *tmp_blob = blob;
+
+            ameth = EVP_PKEY_asn1_get0(i);
+            if (ameth->pkey_flags & ASN1_PKEY_ALIAS)
+                continue;
+
+            tmp_pkey = d2i_PrivateKey(ameth->pkey_id, NULL, &tmp_blob, len);
+            if (tmp_pkey != NULL) {
+                if (pkey != NULL)
+                    EVP_PKEY_free(tmp_pkey);
+                else
+                    pkey = tmp_pkey;
+                (*matchcount)++;
+            }
+        }
+
+        if (*matchcount > 1) {
+            EVP_PKEY_free(pkey);
+            pkey = NULL;
+        }
+    }
+    if (pkey == NULL)
+        /* No match */
+        return NULL;
+
+    store_info = OSSL_STORE_INFO_new_PKEY(pkey);
+    if (store_info == NULL)
+        EVP_PKEY_free(pkey);
+
+    return store_info;
+}
+
+static FILE_HANDLER PrivateKey_handler = {
+    "PrivateKey",
+    try_decode_PrivateKey
+};
+
+/*
+ * Public key decoder.  Only supports SubjectPublicKeyInfo formated keys.
+ */
+static OSSL_STORE_INFO *try_decode_PUBKEY(const char *pem_name,
+                                          const char *pem_header,
+                                          const unsigned char *blob,
+                                          size_t len, void **pctx,
+                                          int *matchcount,
+                                          const UI_METHOD *ui_method,
+                                          void *ui_data)
+{
+    OSSL_STORE_INFO *store_info = NULL;
+    EVP_PKEY *pkey = NULL;
+
+    if (pem_name != NULL) {
+        if (strcmp(pem_name, PEM_STRING_PUBLIC) != 0)
+            /* No match */
+            return NULL;
+        *matchcount = 1;
+    }
+
+    if ((pkey = d2i_PUBKEY(NULL, &blob, len)) != NULL) {
+        *matchcount = 1;
+        store_info = OSSL_STORE_INFO_new_PKEY(pkey);
+    }
+
+    return store_info;
+}
+
+static FILE_HANDLER PUBKEY_handler = {
+    "PUBKEY",
+    try_decode_PUBKEY
+};
+
+/*
+ * Key parameter decoder.
+ */
+static OSSL_STORE_INFO *try_decode_params(const char *pem_name,
+                                          const char *pem_header,
+                                          const unsigned char *blob,
+                                          size_t len, void **pctx,
+                                          int *matchcount,
+                                          const UI_METHOD *ui_method,
+                                          void *ui_data)
+{
+    OSSL_STORE_INFO *store_info = NULL;
+    int slen = 0;
+    EVP_PKEY *pkey = NULL;
+    const EVP_PKEY_ASN1_METHOD *ameth = NULL;
+    int ok = 0;
+
+    if (pem_name != NULL) {
+        if ((slen = pem_check_suffix(pem_name, "PARAMETERS")) == 0)
+            return NULL;
+        *matchcount = 1;
+    }
+
+    if (slen > 0) {
+        if ((pkey = EVP_PKEY_new()) == NULL) {
+            OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PARAMS, ERR_R_EVP_LIB);
+            return NULL;
+        }
+
+
+        if (EVP_PKEY_set_type_str(pkey, pem_name, slen)
+            && (ameth = EVP_PKEY_get0_asn1(pkey)) != NULL
+            && ameth->param_decode != NULL
+            && ameth->param_decode(pkey, &blob, len))
+            ok = 1;
+    } else {
+        int i;
+        EVP_PKEY *tmp_pkey = NULL;
+
+        for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) {
+            const unsigned char *tmp_blob = blob;
+
+            if (tmp_pkey == NULL && (tmp_pkey = EVP_PKEY_new()) == NULL) {
+                OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PARAMS, ERR_R_EVP_LIB);
+                break;
+            }
+
+            ameth = EVP_PKEY_asn1_get0(i);
+            if (ameth->pkey_flags & ASN1_PKEY_ALIAS)
+                continue;
+
+            if (EVP_PKEY_set_type(tmp_pkey, ameth->pkey_id)
+                && (ameth = EVP_PKEY_get0_asn1(tmp_pkey)) != NULL
+                && ameth->param_decode != NULL
+                && ameth->param_decode(tmp_pkey, &tmp_blob, len)) {
+                if (pkey != NULL)
+                    EVP_PKEY_free(tmp_pkey);
+                else
+                    pkey = tmp_pkey;
+                tmp_pkey = NULL;
+                (*matchcount)++;
+            }
+        }
+
+        EVP_PKEY_free(tmp_pkey);
+        if (*matchcount == 1) {
+            ok = 1;
+        }
+    }
+
+    if (ok)
+        store_info = OSSL_STORE_INFO_new_PARAMS(pkey);
+    if (store_info == NULL)
+        EVP_PKEY_free(pkey);
+
+    return store_info;
+}
+
+static FILE_HANDLER params_handler = {
+    "params",
+    try_decode_params
+};
+
+/*
+ * X.509 certificate decoder.
+ */
+static OSSL_STORE_INFO *try_decode_X509Certificate(const char *pem_name,
+                                                   const char *pem_header,
+                                                   const unsigned char *blob,
+                                                   size_t len, void **pctx,
+                                                   int *matchcount,
+                                                   const UI_METHOD *ui_method,
+                                                   void *ui_data)
+{
+    OSSL_STORE_INFO *store_info = NULL;
+    X509 *cert = NULL;
+
+    /*
+     * In most cases, we can try to interpret the serialized data as a trusted
+     * cert (X509 + X509_AUX) and fall back to reading it as a normal cert
+     * (just X509), but if the PEM name specifically declares it as a trusted
+     * cert, then no fallback should be engaged.  |ignore_trusted| tells if
+     * the fallback can be used (1) or not (0).
+     */
+    int ignore_trusted = 1;
+
+    if (pem_name != NULL) {
+        if (strcmp(pem_name, PEM_STRING_X509_TRUSTED) == 0)
+            ignore_trusted = 0;
+        else if (strcmp(pem_name, PEM_STRING_X509_OLD) != 0
+                 && strcmp(pem_name, PEM_STRING_X509) != 0)
+            /* No match */
+            return NULL;
+        *matchcount = 1;
+    }
+
+    if ((cert = d2i_X509_AUX(NULL, &blob, len)) != NULL
+        || (ignore_trusted && (cert = d2i_X509(NULL, &blob, len)) != NULL)) {
+        *matchcount = 1;
+        store_info = OSSL_STORE_INFO_new_CERT(cert);
+    }
+
+    if (store_info == NULL)
+        X509_free(cert);
+
+    return store_info;
+}
+
+static FILE_HANDLER X509Certificate_handler = {
+    "X509Certificate",
+    try_decode_X509Certificate
+};
+
+/*
+ * X.509 CRL decoder.
+ */
+static OSSL_STORE_INFO *try_decode_X509CRL(const char *pem_name,
+                                           const char *pem_header,
+                                           const unsigned char *blob,
+                                           size_t len, void **pctx,
+                                           int *matchcount,
+                                           const UI_METHOD *ui_method,
+                                           void *ui_data)
+{
+    OSSL_STORE_INFO *store_info = NULL;
+    X509_CRL *crl = NULL;
+
+    if (pem_name != NULL) {
+        if (strcmp(pem_name, PEM_STRING_X509_CRL) != 0)
+            /* No match */
+            return NULL;
+        *matchcount = 1;
+    }
+
+    if ((crl = d2i_X509_CRL(NULL, &blob, len)) != NULL) {
+        *matchcount = 1;
+        store_info = OSSL_STORE_INFO_new_CRL(crl);
+    }
+
+    if (store_info == NULL)
+        X509_CRL_free(crl);
+
+    return store_info;
+}
+
+static FILE_HANDLER X509CRL_handler = {
+    "X509CRL",
+    try_decode_X509CRL
+};
+
+/*
+ * To finish it all off, we collect all the handlers.
+ */
+static const FILE_HANDLER *file_handlers[] = {
+    &PKCS12_handler,
+    &PKCS8Encrypted_handler,
+    &X509Certificate_handler,
+    &X509CRL_handler,
+    &params_handler,
+    &PUBKEY_handler,
+    &PrivateKey_handler,
+};
+
+
+/*-
+ *  The loader itself
+ *  -----------------
+ */
+
+struct ossl_store_loader_ctx_st {
+    enum {
+        is_raw = 0,
+        is_pem,
+        is_dir
+    } type;
+    int errcnt;
+#define FILE_FLAG_SECMEM         (1<<0)
+    unsigned int flags;
+    union {
+        struct {                 /* Used with is_raw and is_pem */
+            BIO *file;
+
+            /*
+             * The following are used when the handler is marked as
+             * repeatable
+             */
+            const FILE_HANDLER *last_handler;
+            void *last_handler_ctx;
+        } file;
+        struct {                 /* Used with is_dir */
+            OPENSSL_DIR_CTX *ctx;
+            int end_reached;
+            char *uri;
+
+            /*
+             * When a search expression is given, these are filled in.
+             * |search_name| contains the file basename to look for.
+             * The string is exactly 8 characters long.
+             */
+            char search_name[9];
+
+            /*
+             * The directory reading utility we have combines opening with
+             * reading the first name.  To make sure we can detect the end
+             * at the right time, we read early and cache the name.
+             */
+            const char *last_entry;
+            int last_errno;
+        } dir;
+    } _;
+
+    /* Expected object type.  May be unspecified */
+    int expected_type;
+};
+
+static void OSSL_STORE_LOADER_CTX_free(OSSL_STORE_LOADER_CTX *ctx)
+{
+    if (ctx->type == is_dir) {
+        OPENSSL_free(ctx->_.dir.uri);
+    } else {
+        if (ctx->_.file.last_handler != NULL) {
+            ctx->_.file.last_handler->destroy_ctx(&ctx->_.file.last_handler_ctx);
+            ctx->_.file.last_handler_ctx = NULL;
+            ctx->_.file.last_handler = NULL;
+        }
+    }
+    OPENSSL_free(ctx);
+}
+
+static OSSL_STORE_LOADER_CTX *file_open(const OSSL_STORE_LOADER *loader,
+                                        const char *uri,
+                                        const UI_METHOD *ui_method,
+                                        void *ui_data)
+{
+    OSSL_STORE_LOADER_CTX *ctx = NULL;
+    struct stat st;
+    struct {
+        const char *path;
+        unsigned int check_absolute:1;
+    } path_data[2];
+    size_t path_data_n = 0, i;
+    const char *path;
+
+    /*
+     * First step, just take the URI as is.
+     */
+    path_data[path_data_n].check_absolute = 0;
+    path_data[path_data_n++].path = uri;
+
+    /*
+     * Second step, if the URI appears to start with the 'file' scheme,
+     * extract the path and make that the second path to check.
+     * There's a special case if the URI also contains an authority, then
+     * the full URI shouldn't be used as a path anywhere.
+     */
+    if (strncasecmp(uri, "file:", 5) == 0) {
+        const char *p = &uri[5];
+
+        if (strncmp(&uri[5], "//", 2) == 0) {
+            path_data_n--;           /* Invalidate using the full URI */
+            if (strncasecmp(&uri[7], "localhost/", 10) == 0) {
+                p = &uri[16];
+            } else if (uri[7] == '/') {
+                p = &uri[7];
+            } else {
+                OSSL_STOREerr(OSSL_STORE_F_FILE_OPEN,
+                              OSSL_STORE_R_URI_AUTHORITY_UNSUPPORTED);
+                return NULL;
+            }
+        }
+
+        path_data[path_data_n].check_absolute = 1;
+#ifdef _WIN32
+        /* Windows file: URIs with a drive letter start with a / */
+        if (p[0] == '/' && p[2] == ':' && p[3] == '/') {
+            char c = ossl_tolower(p[1]);
+
+            if (c >= 'a' && c <= 'z') {
+                p++;
+                /* We know it's absolute, so no need to check */
+                path_data[path_data_n].check_absolute = 0;
+            }
+        }
+#endif
+        path_data[path_data_n++].path = p;
+    }
+
+
+    for (i = 0, path = NULL; path == NULL && i < path_data_n; i++) {
+        /*
+         * If the scheme "file" was an explicit part of the URI, the path must
+         * be absolute.  So says RFC 8089
+         */
+        if (path_data[i].check_absolute && path_data[i].path[0] != '/') {
+            OSSL_STOREerr(OSSL_STORE_F_FILE_OPEN,
+                          OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE);
+            ERR_add_error_data(1, path_data[i].path);
+            return NULL;
+        }
+
+        if (stat(path_data[i].path, &st) < 0) {
+            SYSerr(SYS_F_STAT, errno);
+            ERR_add_error_data(1, path_data[i].path);
+        } else {
+            path = path_data[i].path;
+        }
+    }
+    if (path == NULL) {
+        return NULL;
+    }
+
+    /* Successfully found a working path, clear possible collected errors */
+    ERR_clear_error();
+
+    ctx = OPENSSL_zalloc(sizeof(*ctx));
+    if (ctx == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_FILE_OPEN, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if (S_ISDIR(st.st_mode)) {
+        /*
+         * Try to copy everything, even if we know that some of them must be
+         * NULL for the moment.  This prevents errors in the future, when more
+         * components may be used.
+         */
+        ctx->_.dir.uri = OPENSSL_strdup(uri);
+        ctx->type = is_dir;
+
+        if (ctx->_.dir.uri == NULL)
+            goto err;
+
+        ctx->_.dir.last_entry = OPENSSL_DIR_read(&ctx->_.dir.ctx, path);
+        ctx->_.dir.last_errno = errno;
+        if (ctx->_.dir.last_entry == NULL) {
+            if (ctx->_.dir.last_errno != 0) {
+                char errbuf[256];
+                errno = ctx->_.dir.last_errno;
+                openssl_strerror_r(errno, errbuf, sizeof(errbuf));
+                OSSL_STOREerr(OSSL_STORE_F_FILE_OPEN, ERR_R_SYS_LIB);
+                ERR_add_error_data(1, errbuf);
+                goto err;
+            }
+            ctx->_.dir.end_reached = 1;
+        }
+    } else {
+        BIO *buff = NULL;
+        char peekbuf[4096] = { 0, };
+
+        if ((buff = BIO_new(BIO_f_buffer())) == NULL
+            || (ctx->_.file.file = BIO_new_file(path, "rb")) == NULL) {
+            BIO_free_all(buff);
+            goto err;
+        }
+
+        ctx->_.file.file = BIO_push(buff, ctx->_.file.file);
+        if (BIO_buffer_peek(ctx->_.file.file, peekbuf, sizeof(peekbuf) - 1) > 0) {
+            peekbuf[sizeof(peekbuf) - 1] = '\0';
+            if (strstr(peekbuf, "-----BEGIN ") != NULL)
+                ctx->type = is_pem;
+        }
+    }
+
+    return ctx;
+ err:
+    OSSL_STORE_LOADER_CTX_free(ctx);
+    return NULL;
+}
+
+static int file_ctrl(OSSL_STORE_LOADER_CTX *ctx, int cmd, va_list args)
+{
+    int ret = 1;
+
+    switch (cmd) {
+    case OSSL_STORE_C_USE_SECMEM:
+        {
+            int on = *(va_arg(args, int *));
+
+            switch (on) {
+            case 0:
+                ctx->flags &= ~FILE_FLAG_SECMEM;
+                break;
+            case 1:
+                ctx->flags |= FILE_FLAG_SECMEM;
+                break;
+            default:
+                OSSL_STOREerr(OSSL_STORE_F_FILE_CTRL,
+                              ERR_R_PASSED_INVALID_ARGUMENT);
+                ret = 0;
+                break;
+            }
+        }
+        break;
+    default:
+        break;
+    }
+
+    return ret;
+}
+
+static int file_expect(OSSL_STORE_LOADER_CTX *ctx, int expected)
+{
+    ctx->expected_type = expected;
+    return 1;
+}
+
+static int file_find(OSSL_STORE_LOADER_CTX *ctx, OSSL_STORE_SEARCH *search)
+{
+    /*
+     * If ctx == NULL, the library is looking to know if this loader supports
+     * the given search type.
+     */
+
+    if (OSSL_STORE_SEARCH_get_type(search) == OSSL_STORE_SEARCH_BY_NAME) {
+        unsigned long hash = 0;
+
+        if (ctx == NULL)
+            return 1;
+
+        if (ctx->type != is_dir) {
+            OSSL_STOREerr(OSSL_STORE_F_FILE_FIND,
+                          OSSL_STORE_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES);
+            return 0;
+        }
+
+        hash = X509_NAME_hash(OSSL_STORE_SEARCH_get0_name(search));
+        BIO_snprintf(ctx->_.dir.search_name, sizeof(ctx->_.dir.search_name),
+                     "%08lx", hash);
+        return 1;
+    }
+
+    if (ctx != NULL)
+        OSSL_STOREerr(OSSL_STORE_F_FILE_FIND,
+                      OSSL_STORE_R_UNSUPPORTED_SEARCH_TYPE);
+    return 0;
+}
+
+/* Internal function to decode an already opened PEM file */
+OSSL_STORE_LOADER_CTX *ossl_store_file_attach_pem_bio_int(BIO *bp)
+{
+    OSSL_STORE_LOADER_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
+
+    if (ctx == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_FILE_ATTACH_PEM_BIO_INT,
+                      ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ctx->_.file.file = bp;
+    ctx->type = is_pem;
+
+    return ctx;
+}
+
+static OSSL_STORE_INFO *file_load_try_decode(OSSL_STORE_LOADER_CTX *ctx,
+                                             const char *pem_name,
+                                             const char *pem_header,
+                                             unsigned char *data, size_t len,
+                                             const UI_METHOD *ui_method,
+                                             void *ui_data, int *matchcount)
+{
+    OSSL_STORE_INFO *result = NULL;
+    BUF_MEM *new_mem = NULL;
+    char *new_pem_name = NULL;
+    int t = 0;
+
+ again:
+    {
+        size_t i = 0;
+        void *handler_ctx = NULL;
+        const FILE_HANDLER **matching_handlers =
+            OPENSSL_zalloc(sizeof(*matching_handlers)
+                           * OSSL_NELEM(file_handlers));
+
+        if (matching_handlers == NULL) {
+            OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD_TRY_DECODE,
+                          ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        *matchcount = 0;
+        for (i = 0; i < OSSL_NELEM(file_handlers); i++) {
+            const FILE_HANDLER *handler = file_handlers[i];
+            int try_matchcount = 0;
+            void *tmp_handler_ctx = NULL;
+            OSSL_STORE_INFO *tmp_result =
+                handler->try_decode(pem_name, pem_header, data, len,
+                                    &tmp_handler_ctx, &try_matchcount,
+                                    ui_method, ui_data);
+
+            if (try_matchcount > 0) {
+
+                matching_handlers[*matchcount] = handler;
+
+                if (handler_ctx)
+                    handler->destroy_ctx(&handler_ctx);
+                handler_ctx = tmp_handler_ctx;
+
+                if ((*matchcount += try_matchcount) > 1) {
+                    /* more than one match => ambiguous, kill any result */
+                    OSSL_STORE_INFO_free(result);
+                    OSSL_STORE_INFO_free(tmp_result);
+                    if (handler->destroy_ctx != NULL)
+                        handler->destroy_ctx(&handler_ctx);
+                    handler_ctx = NULL;
+                    tmp_result = NULL;
+                    result = NULL;
+                }
+                if (result == NULL)
+                    result = tmp_result;
+            }
+        }
+
+        if (*matchcount == 1 && matching_handlers[0]->repeatable) {
+            ctx->_.file.last_handler = matching_handlers[0];
+            ctx->_.file.last_handler_ctx = handler_ctx;
+        }
+
+        OPENSSL_free(matching_handlers);
+    }
+
+ err:
+    OPENSSL_free(new_pem_name);
+    BUF_MEM_free(new_mem);
+
+    if (result != NULL
+        && (t = OSSL_STORE_INFO_get_type(result)) == OSSL_STORE_INFO_EMBEDDED) {
+        pem_name = new_pem_name =
+            ossl_store_info_get0_EMBEDDED_pem_name(result);
+        new_mem = ossl_store_info_get0_EMBEDDED_buffer(result);
+        data = (unsigned char *)new_mem->data;
+        len = new_mem->length;
+        OPENSSL_free(result);
+        result = NULL;
+        goto again;
+    }
+
+    if (result != NULL)
+        ERR_clear_error();
+
+    return result;
+}
+
+static OSSL_STORE_INFO *file_load_try_repeat(OSSL_STORE_LOADER_CTX *ctx,
+                                             const UI_METHOD *ui_method,
+                                             void *ui_data)
+{
+    OSSL_STORE_INFO *result = NULL;
+    int try_matchcount = 0;
+
+    if (ctx->_.file.last_handler != NULL) {
+        result =
+            ctx->_.file.last_handler->try_decode(NULL, NULL, NULL, 0,
+                                                 &ctx->_.file.last_handler_ctx,
+                                                 &try_matchcount,
+                                                 ui_method, ui_data);
+
+        if (result == NULL) {
+            ctx->_.file.last_handler->destroy_ctx(&ctx->_.file.last_handler_ctx);
+            ctx->_.file.last_handler_ctx = NULL;
+            ctx->_.file.last_handler = NULL;
+        }
+    }
+    return result;
+}
+
+static void pem_free_flag(void *pem_data, int secure, size_t num)
+{
+    if (secure)
+        OPENSSL_secure_clear_free(pem_data, num);
+    else
+        OPENSSL_free(pem_data);
+}
+static int file_read_pem(BIO *bp, char **pem_name, char **pem_header,
+                         unsigned char **data, long *len,
+                         const UI_METHOD *ui_method,
+                         void *ui_data, int secure)
+{
+    int i = secure
+        ? PEM_read_bio_ex(bp, pem_name, pem_header, data, len,
+                          PEM_FLAG_SECURE | PEM_FLAG_EAY_COMPATIBLE)
+        : PEM_read_bio(bp, pem_name, pem_header, data, len);
+
+    if (i <= 0)
+        return 0;
+
+    /*
+     * 10 is the number of characters in "Proc-Type:", which
+     * PEM_get_EVP_CIPHER_INFO() requires to be present.
+     * If the PEM header has less characters than that, it's
+     * not worth spending cycles on it.
+     */
+    if (strlen(*pem_header) > 10) {
+        EVP_CIPHER_INFO cipher;
+        struct pem_pass_data pass_data;
+
+        if (!PEM_get_EVP_CIPHER_INFO(*pem_header, &cipher)
+            || !file_fill_pem_pass_data(&pass_data, "PEM", ui_method, ui_data)
+            || !PEM_do_header(&cipher, *data, len, file_get_pem_pass,
+                              &pass_data)) {
+            return 0;
+        }
+    }
+    return 1;
+}
+
+static int file_read_asn1(BIO *bp, unsigned char **data, long *len)
+{
+    BUF_MEM *mem = NULL;
+
+    if (asn1_d2i_read_bio(bp, &mem) < 0)
+        return 0;
+
+    *data = (unsigned char *)mem->data;
+    *len = (long)mem->length;
+    OPENSSL_free(mem);
+
+    return 1;
+}
+
+static int ends_with_dirsep(const char *uri)
+{
+    if (*uri != '\0')
+        uri += strlen(uri) - 1;
+#if defined __VMS
+    if (*uri == ']' || *uri == '>' || *uri == ':')
+        return 1;
+#elif defined _WIN32
+    if (*uri == '\\')
+        return 1;
+#endif
+    return *uri == '/';
+}
+
+static int file_name_to_uri(OSSL_STORE_LOADER_CTX *ctx, const char *name,
+                            char **data)
+{
+    assert(name != NULL);
+    assert(data != NULL);
+    {
+        const char *pathsep = ends_with_dirsep(ctx->_.dir.uri) ? "" : "/";
+        long calculated_length = strlen(ctx->_.dir.uri) + strlen(pathsep)
+            + strlen(name) + 1 /* \0 */;
+
+        *data = OPENSSL_zalloc(calculated_length);
+        if (*data == NULL) {
+            OSSL_STOREerr(OSSL_STORE_F_FILE_NAME_TO_URI, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+
+        OPENSSL_strlcat(*data, ctx->_.dir.uri, calculated_length);
+        OPENSSL_strlcat(*data, pathsep, calculated_length);
+        OPENSSL_strlcat(*data, name, calculated_length);
+    }
+    return 1;
+}
+
+static int file_name_check(OSSL_STORE_LOADER_CTX *ctx, const char *name)
+{
+    const char *p = NULL;
+
+    /* If there are no search criteria, all names are accepted */
+    if (ctx->_.dir.search_name[0] == '\0')
+        return 1;
+
+    /* If the expected type isn't supported, no name is accepted */
+    if (ctx->expected_type != 0
+        && ctx->expected_type != OSSL_STORE_INFO_CERT
+        && ctx->expected_type != OSSL_STORE_INFO_CRL)
+        return 0;
+
+    /*
+     * First, check the basename
+     */
+    if (strncasecmp(name, ctx->_.dir.search_name,
+                    sizeof(ctx->_.dir.search_name) - 1) != 0
+        || name[sizeof(ctx->_.dir.search_name) - 1] != '.')
+        return 0;
+    p = &name[sizeof(ctx->_.dir.search_name)];
+
+    /*
+     * Then, if the expected type is a CRL, check that the extension starts
+     * with 'r'
+     */
+    if (*p == 'r') {
+        p++;
+        if (ctx->expected_type != 0
+            && ctx->expected_type != OSSL_STORE_INFO_CRL)
+            return 0;
+    } else if (ctx->expected_type == OSSL_STORE_INFO_CRL) {
+        return 0;
+    }
+
+    /*
+     * Last, check that the rest of the extension is a decimal number, at
+     * least one digit long.
+     */
+    if (!ossl_isdigit(*p))
+        return 0;
+    while (ossl_isdigit(*p))
+        p++;
+
+# ifdef __VMS
+    /*
+     * One extra step here, check for a possible generation number.
+     */
+    if (*p == ';')
+        for (p++; *p != '\0'; p++)
+            if (!ossl_isdigit(*p))
+                break;
+# endif
+
+    /*
+     * If we've reached the end of the string at this point, we've successfully
+     * found a fitting file name.
+     */
+    return *p == '\0';
+}
+
+static int file_eof(OSSL_STORE_LOADER_CTX *ctx);
+static int file_error(OSSL_STORE_LOADER_CTX *ctx);
+static OSSL_STORE_INFO *file_load(OSSL_STORE_LOADER_CTX *ctx,
+                                  const UI_METHOD *ui_method, void *ui_data)
+{
+    OSSL_STORE_INFO *result = NULL;
+
+    ctx->errcnt = 0;
+    ERR_clear_error();
+
+    if (ctx->type == is_dir) {
+        do {
+            char *newname = NULL;
+
+            if (ctx->_.dir.last_entry == NULL) {
+                if (!ctx->_.dir.end_reached) {
+                    char errbuf[256];
+                    assert(ctx->_.dir.last_errno != 0);
+                    errno = ctx->_.dir.last_errno;
+                    ctx->errcnt++;
+                    openssl_strerror_r(errno, errbuf, sizeof(errbuf));
+                    OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD, ERR_R_SYS_LIB);
+                    ERR_add_error_data(1, errbuf);
+                }
+                return NULL;
+            }
+
+            if (ctx->_.dir.last_entry[0] != '.'
+                && file_name_check(ctx, ctx->_.dir.last_entry)
+                && !file_name_to_uri(ctx, ctx->_.dir.last_entry, &newname))
+                return NULL;
+
+            /*
+             * On the first call (with a NULL context), OPENSSL_DIR_read()
+             * cares about the second argument.  On the following calls, it
+             * only cares that it isn't NULL.  Therefore, we can safely give
+             * it our URI here.
+             */
+            ctx->_.dir.last_entry = OPENSSL_DIR_read(&ctx->_.dir.ctx,
+                                                     ctx->_.dir.uri);
+            ctx->_.dir.last_errno = errno;
+            if (ctx->_.dir.last_entry == NULL && ctx->_.dir.last_errno == 0)
+                ctx->_.dir.end_reached = 1;
+
+            if (newname != NULL
+                && (result = OSSL_STORE_INFO_new_NAME(newname)) == NULL) {
+                OPENSSL_free(newname);
+                OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD, ERR_R_OSSL_STORE_LIB);
+                return NULL;
+            }
+        } while (result == NULL && !file_eof(ctx));
+    } else {
+        int matchcount = -1;
+
+     again:
+        result = file_load_try_repeat(ctx, ui_method, ui_data);
+        if (result != NULL)
+            return result;
+
+        if (file_eof(ctx))
+            return NULL;
+
+        do {
+            char *pem_name = NULL;      /* PEM record name */
+            char *pem_header = NULL;    /* PEM record header */
+            unsigned char *data = NULL; /* DER encoded data */
+            long len = 0;               /* DER encoded data length */
+
+            matchcount = -1;
+            if (ctx->type == is_pem) {
+                if (!file_read_pem(ctx->_.file.file, &pem_name, &pem_header,
+                                   &data, &len, ui_method, ui_data,
+                                   (ctx->flags & FILE_FLAG_SECMEM) != 0)) {
+                    ctx->errcnt++;
+                    goto endloop;
+                }
+            } else {
+                if (!file_read_asn1(ctx->_.file.file, &data, &len)) {
+                    ctx->errcnt++;
+                    goto endloop;
+                }
+            }
+
+            result = file_load_try_decode(ctx, pem_name, pem_header, data, len,
+                                          ui_method, ui_data, &matchcount);
+
+            if (result != NULL)
+                goto endloop;
+
+            /*
+             * If a PEM name matches more than one handler, the handlers are
+             * badly coded.
+             */
+            if (!ossl_assert(pem_name == NULL || matchcount <= 1)) {
+                ctx->errcnt++;
+                goto endloop;
+            }
+
+            if (matchcount > 1) {
+                OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD,
+                              OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE);
+            } else if (matchcount == 1) {
+                /*
+                 * If there are other errors on the stack, they already show
+                 * what the problem is.
+                 */
+                if (ERR_peek_error() == 0) {
+                    OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD,
+                                  OSSL_STORE_R_UNSUPPORTED_CONTENT_TYPE);
+                    if (pem_name != NULL)
+                        ERR_add_error_data(3, "PEM type is '", pem_name, "'");
+                }
+            }
+            if (matchcount > 0)
+                ctx->errcnt++;
+
+         endloop:
+            pem_free_flag(pem_name, (ctx->flags & FILE_FLAG_SECMEM) != 0, 0);
+            pem_free_flag(pem_header, (ctx->flags & FILE_FLAG_SECMEM) != 0, 0);
+            pem_free_flag(data, (ctx->flags & FILE_FLAG_SECMEM) != 0, len);
+        } while (matchcount == 0 && !file_eof(ctx) && !file_error(ctx));
+
+        /* We bail out on ambiguity */
+        if (matchcount > 1)
+            return NULL;
+
+        if (result != NULL
+            && ctx->expected_type != 0
+            && ctx->expected_type != OSSL_STORE_INFO_get_type(result)) {
+            OSSL_STORE_INFO_free(result);
+            goto again;
+        }
+    }
+
+    return result;
+}
+
+static int file_error(OSSL_STORE_LOADER_CTX *ctx)
+{
+    return ctx->errcnt > 0;
+}
+
+static int file_eof(OSSL_STORE_LOADER_CTX *ctx)
+{
+    if (ctx->type == is_dir)
+        return ctx->_.dir.end_reached;
+
+    if (ctx->_.file.last_handler != NULL
+        && !ctx->_.file.last_handler->eof(ctx->_.file.last_handler_ctx))
+        return 0;
+    return BIO_eof(ctx->_.file.file);
+}
+
+static int file_close(OSSL_STORE_LOADER_CTX *ctx)
+{
+    if (ctx->type == is_dir) {
+        OPENSSL_DIR_end(&ctx->_.dir.ctx);
+    } else {
+        BIO_free_all(ctx->_.file.file);
+    }
+    OSSL_STORE_LOADER_CTX_free(ctx);
+    return 1;
+}
+
+int ossl_store_file_detach_pem_bio_int(OSSL_STORE_LOADER_CTX *ctx)
+{
+    OSSL_STORE_LOADER_CTX_free(ctx);
+    return 1;
+}
+
+static OSSL_STORE_LOADER file_loader =
+    {
+        "file",
+        NULL,
+        file_open,
+        file_ctrl,
+        file_expect,
+        file_find,
+        file_load,
+        file_eof,
+        file_error,
+        file_close
+    };
+
+static void store_file_loader_deinit(void)
+{
+    ossl_store_unregister_loader_int(file_loader.scheme);
+}
+
+int ossl_store_file_loader_init(void)
+{
+    int ret = ossl_store_register_loader_int(&file_loader);
+
+    OPENSSL_atexit(store_file_loader_deinit);
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/store/store_err.c b/trunk/3rdparty/openssl-1.1-fit/crypto/store/store_err.c
new file mode 100644
index 000000000..5a8a8404d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/store/store_err.c
@@ -0,0 +1,146 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/storeerr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA OSSL_STORE_str_functs[] = {
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_FILE_CTRL, 0), "file_ctrl"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_FILE_FIND, 0), "file_find"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_FILE_GET_PASS, 0),
+     "file_get_pass"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_FILE_LOAD, 0), "file_load"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_FILE_LOAD_TRY_DECODE, 0),
+     "file_load_try_decode"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_FILE_NAME_TO_URI, 0),
+     "file_name_to_uri"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_FILE_OPEN, 0), "file_open"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_ATTACH_PEM_BIO, 0),
+     "ossl_store_attach_pem_bio"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_EXPECT, 0),
+     "OSSL_STORE_expect"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_FILE_ATTACH_PEM_BIO_INT, 0),
+     "ossl_store_file_attach_pem_bio_int"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_FIND, 0),
+     "OSSL_STORE_find"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_GET0_LOADER_INT, 0),
+     "ossl_store_get0_loader_int"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_GET1_CERT, 0),
+     "OSSL_STORE_INFO_get1_CERT"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_GET1_CRL, 0),
+     "OSSL_STORE_INFO_get1_CRL"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME, 0),
+     "OSSL_STORE_INFO_get1_NAME"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION, 0),
+     "OSSL_STORE_INFO_get1_NAME_description"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_GET1_PARAMS, 0),
+     "OSSL_STORE_INFO_get1_PARAMS"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_GET1_PKEY, 0),
+     "OSSL_STORE_INFO_get1_PKEY"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_NEW_CERT, 0),
+     "OSSL_STORE_INFO_new_CERT"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_NEW_CRL, 0),
+     "OSSL_STORE_INFO_new_CRL"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED, 0),
+     "ossl_store_info_new_EMBEDDED"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_NEW_NAME, 0),
+     "OSSL_STORE_INFO_new_NAME"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_NEW_PARAMS, 0),
+     "OSSL_STORE_INFO_new_PARAMS"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_NEW_PKEY, 0),
+     "OSSL_STORE_INFO_new_PKEY"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_SET0_NAME_DESCRIPTION, 0),
+     "OSSL_STORE_INFO_set0_NAME_description"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INIT_ONCE, 0),
+     "ossl_store_init_once"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_LOADER_NEW, 0),
+     "OSSL_STORE_LOADER_new"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_OPEN, 0),
+     "OSSL_STORE_open"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_OPEN_INT, 0), ""},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_REGISTER_LOADER_INT, 0),
+     "ossl_store_register_loader_int"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ALIAS, 0),
+     "OSSL_STORE_SEARCH_by_alias"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ISSUER_SERIAL, 0),
+     "OSSL_STORE_SEARCH_by_issuer_serial"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT, 0),
+     "OSSL_STORE_SEARCH_by_key_fingerprint"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_SEARCH_BY_NAME, 0),
+     "OSSL_STORE_SEARCH_by_name"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_UNREGISTER_LOADER_INT, 0),
+     "ossl_store_unregister_loader_int"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_TRY_DECODE_PARAMS, 0),
+     "try_decode_params"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_TRY_DECODE_PKCS12, 0),
+     "try_decode_PKCS12"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED, 0),
+     "try_decode_PKCS8Encrypted"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA OSSL_STORE_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE),
+    "ambiguous content type"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_BAD_PASSWORD_READ),
+    "bad password read"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC),
+    "error verifying pkcs12 mac"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST),
+    "fingerprint size does not match digest"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_INVALID_SCHEME),
+    "invalid scheme"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_IS_NOT_A), "is not a"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_LOADER_INCOMPLETE),
+    "loader incomplete"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_LOADING_STARTED),
+    "loading started"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_A_CERTIFICATE),
+    "not a certificate"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_A_CRL), "not a crl"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_A_KEY), "not a key"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_A_NAME), "not a name"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_PARAMETERS),
+    "not parameters"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR),
+    "passphrase callback error"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE),
+    "path must be absolute"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES),
+    "search only supported for directories"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED),
+    "ui process interrupted or cancelled"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_UNREGISTERED_SCHEME),
+    "unregistered scheme"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_UNSUPPORTED_CONTENT_TYPE),
+    "unsupported content type"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_UNSUPPORTED_OPERATION),
+    "unsupported operation"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_UNSUPPORTED_SEARCH_TYPE),
+    "unsupported search type"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_URI_AUTHORITY_UNSUPPORTED),
+    "uri authority unsupported"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_OSSL_STORE_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(OSSL_STORE_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(OSSL_STORE_str_functs);
+        ERR_load_strings_const(OSSL_STORE_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/store/store_init.c b/trunk/3rdparty/openssl-1.1-fit/crypto/store/store_init.c
new file mode 100644
index 000000000..b398bf598
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/store/store_init.c
@@ -0,0 +1,33 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include "internal/store.h"
+#include "store_locl.h"
+
+static CRYPTO_ONCE store_init = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(do_store_init)
+{
+    return OPENSSL_init_crypto(0, NULL)
+        && ossl_store_file_loader_init();
+}
+
+int ossl_store_init_once(void)
+{
+    if (!RUN_ONCE(&store_init, do_store_init)) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INIT_ONCE, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    return 1;
+}
+
+void ossl_store_cleanup_int(void)
+{
+    ossl_store_destroy_loaders_int();
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/store/store_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/store/store_lib.c
new file mode 100644
index 000000000..1c4354766
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/store/store_lib.c
@@ -0,0 +1,681 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+
+#include "e_os.h"
+
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/store.h>
+#include "internal/thread_once.h"
+#include "internal/store_int.h"
+#include "store_locl.h"
+
+struct ossl_store_ctx_st {
+    const OSSL_STORE_LOADER *loader;
+    OSSL_STORE_LOADER_CTX *loader_ctx;
+    const UI_METHOD *ui_method;
+    void *ui_data;
+    OSSL_STORE_post_process_info_fn post_process;
+    void *post_process_data;
+    int expected_type;
+
+    /* 0 before the first STORE_load(), 1 otherwise */
+    int loading;
+};
+
+OSSL_STORE_CTX *OSSL_STORE_open(const char *uri, const UI_METHOD *ui_method,
+                                void *ui_data,
+                                OSSL_STORE_post_process_info_fn post_process,
+                                void *post_process_data)
+{
+    const OSSL_STORE_LOADER *loader = NULL;
+    OSSL_STORE_LOADER_CTX *loader_ctx = NULL;
+    OSSL_STORE_CTX *ctx = NULL;
+    char scheme_copy[256], *p, *schemes[2];
+    size_t schemes_n = 0;
+    size_t i;
+
+    /*
+     * Put the file scheme first.  If the uri does represent an existing file,
+     * possible device name and all, then it should be loaded.  Only a failed
+     * attempt at loading a local file should have us try something else.
+     */
+    schemes[schemes_n++] = "file";
+
+    /*
+     * Now, check if we have something that looks like a scheme, and add it
+     * as a second scheme.  However, also check if there's an authority start
+     * (://), because that will invalidate the previous file scheme.  Also,
+     * check that this isn't actually the file scheme, as there's no point
+     * going through that one twice!
+     */
+    OPENSSL_strlcpy(scheme_copy, uri, sizeof(scheme_copy));
+    if ((p = strchr(scheme_copy, ':')) != NULL) {
+        *p++ = '\0';
+        if (strcasecmp(scheme_copy, "file") != 0) {
+            if (strncmp(p, "//", 2) == 0)
+                schemes_n--;         /* Invalidate the file scheme */
+            schemes[schemes_n++] = scheme_copy;
+        }
+    }
+
+    ERR_set_mark();
+
+    /* Try each scheme until we find one that could open the URI */
+    for (i = 0; loader_ctx == NULL && i < schemes_n; i++) {
+        if ((loader = ossl_store_get0_loader_int(schemes[i])) != NULL)
+            loader_ctx = loader->open(loader, uri, ui_method, ui_data);
+    }
+    if (loader_ctx == NULL)
+        goto err;
+
+    if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_OPEN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    ctx->loader = loader;
+    ctx->loader_ctx = loader_ctx;
+    ctx->ui_method = ui_method;
+    ctx->ui_data = ui_data;
+    ctx->post_process = post_process;
+    ctx->post_process_data = post_process_data;
+
+    /*
+     * If the attempt to open with the 'file' scheme loader failed and the
+     * other scheme loader succeeded, the failure to open with the 'file'
+     * scheme loader leaves an error on the error stack.  Let's remove it.
+     */
+    ERR_pop_to_mark();
+
+    return ctx;
+
+ err:
+    ERR_clear_last_mark();
+    if (loader_ctx != NULL) {
+        /*
+         * We ignore a returned error because we will return NULL anyway in
+         * this case, so if something goes wrong when closing, that'll simply
+         * just add another entry on the error stack.
+         */
+        (void)loader->close(loader_ctx);
+    }
+    return NULL;
+}
+
+int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ...)
+{
+    va_list args;
+    int ret;
+
+    va_start(args, cmd);
+    ret = OSSL_STORE_vctrl(ctx, cmd, args);
+    va_end(args);
+
+    return ret;
+}
+
+int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd, va_list args)
+{
+    if (ctx->loader->ctrl != NULL)
+        return ctx->loader->ctrl(ctx->loader_ctx, cmd, args);
+    return 0;
+}
+
+int OSSL_STORE_expect(OSSL_STORE_CTX *ctx, int expected_type)
+{
+    if (ctx->loading) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_EXPECT,
+                      OSSL_STORE_R_LOADING_STARTED);
+        return 0;
+    }
+
+    ctx->expected_type = expected_type;
+    if (ctx->loader->expect != NULL)
+        return ctx->loader->expect(ctx->loader_ctx, expected_type);
+    return 1;
+}
+
+int OSSL_STORE_find(OSSL_STORE_CTX *ctx, OSSL_STORE_SEARCH *search)
+{
+    if (ctx->loading) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_FIND,
+                      OSSL_STORE_R_LOADING_STARTED);
+        return 0;
+    }
+    if (ctx->loader->find == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_FIND,
+                      OSSL_STORE_R_UNSUPPORTED_OPERATION);
+        return 0;
+    }
+
+    return ctx->loader->find(ctx->loader_ctx, search);
+}
+
+OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx)
+{
+    OSSL_STORE_INFO *v = NULL;
+
+    ctx->loading = 1;
+ again:
+    if (OSSL_STORE_eof(ctx))
+        return NULL;
+
+    v = ctx->loader->load(ctx->loader_ctx, ctx->ui_method, ctx->ui_data);
+
+    if (ctx->post_process != NULL && v != NULL) {
+        v = ctx->post_process(v, ctx->post_process_data);
+
+        /*
+         * By returning NULL, the callback decides that this object should
+         * be ignored.
+         */
+        if (v == NULL)
+            goto again;
+    }
+
+    if (v != NULL && ctx->expected_type != 0) {
+        int returned_type = OSSL_STORE_INFO_get_type(v);
+
+        if (returned_type != OSSL_STORE_INFO_NAME && returned_type != 0) {
+            /*
+             * Soft assert here so those who want to harsly weed out faulty
+             * loaders can do so using a debugging version of libcrypto.
+             */
+            if (ctx->loader->expect != NULL)
+                assert(ctx->expected_type == returned_type);
+
+            if (ctx->expected_type != returned_type) {
+                OSSL_STORE_INFO_free(v);
+                goto again;
+            }
+        }
+    }
+
+    return v;
+}
+
+int OSSL_STORE_error(OSSL_STORE_CTX *ctx)
+{
+    return ctx->loader->error(ctx->loader_ctx);
+}
+
+int OSSL_STORE_eof(OSSL_STORE_CTX *ctx)
+{
+    return ctx->loader->eof(ctx->loader_ctx);
+}
+
+int OSSL_STORE_close(OSSL_STORE_CTX *ctx)
+{
+    int loader_ret = ctx->loader->close(ctx->loader_ctx);
+
+    OPENSSL_free(ctx);
+    return loader_ret;
+}
+
+/*
+ * Functions to generate OSSL_STORE_INFOs, one function for each type we
+ * support having in them as well as a generic constructor.
+ *
+ * In all cases, ownership of the object is transfered to the OSSL_STORE_INFO
+ * and will therefore be freed when the OSSL_STORE_INFO is freed.
+ */
+static OSSL_STORE_INFO *store_info_new(int type, void *data)
+{
+    OSSL_STORE_INFO *info = OPENSSL_zalloc(sizeof(*info));
+
+    if (info == NULL)
+        return NULL;
+
+    info->type = type;
+    info->_.data = data;
+    return info;
+}
+
+OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name)
+{
+    OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_NAME, NULL);
+
+    if (info == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_NAME,
+                      ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    info->_.name.name = name;
+    info->_.name.desc = NULL;
+
+    return info;
+}
+
+int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc)
+{
+    if (info->type != OSSL_STORE_INFO_NAME) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_SET0_NAME_DESCRIPTION,
+                      ERR_R_PASSED_INVALID_ARGUMENT);
+        return 0;
+    }
+
+    info->_.name.desc = desc;
+
+    return 1;
+}
+OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(EVP_PKEY *params)
+{
+    OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_PARAMS, params);
+
+    if (info == NULL)
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_PARAMS,
+                      ERR_R_MALLOC_FAILURE);
+    return info;
+}
+
+OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey)
+{
+    OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_PKEY, pkey);
+
+    if (info == NULL)
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_PKEY,
+                      ERR_R_MALLOC_FAILURE);
+    return info;
+}
+
+OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509)
+{
+    OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_CERT, x509);
+
+    if (info == NULL)
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_CERT,
+                      ERR_R_MALLOC_FAILURE);
+    return info;
+}
+
+OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl)
+{
+    OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_CRL, crl);
+
+    if (info == NULL)
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_CRL,
+                      ERR_R_MALLOC_FAILURE);
+    return info;
+}
+
+/*
+ * Functions to try to extract data from a OSSL_STORE_INFO.
+ */
+int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *info)
+{
+    return info->type;
+}
+
+const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_NAME)
+        return info->_.name.name;
+    return NULL;
+}
+
+char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_NAME) {
+        char *ret = OPENSSL_strdup(info->_.name.name);
+
+        if (ret == NULL)
+            OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME,
+                          ERR_R_MALLOC_FAILURE);
+        return ret;
+    }
+    OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME,
+                  OSSL_STORE_R_NOT_A_NAME);
+    return NULL;
+}
+
+const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_NAME)
+        return info->_.name.desc;
+    return NULL;
+}
+
+char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_NAME) {
+        char *ret = OPENSSL_strdup(info->_.name.desc
+                                   ? info->_.name.desc : "");
+
+        if (ret == NULL)
+            OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION,
+                     ERR_R_MALLOC_FAILURE);
+        return ret;
+    }
+    OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION,
+                  OSSL_STORE_R_NOT_A_NAME);
+    return NULL;
+}
+
+EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_PARAMS)
+        return info->_.params;
+    return NULL;
+}
+
+EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_PARAMS) {
+        EVP_PKEY_up_ref(info->_.params);
+        return info->_.params;
+    }
+    OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_PARAMS,
+                  OSSL_STORE_R_NOT_PARAMETERS);
+    return NULL;
+}
+
+EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_PKEY)
+        return info->_.pkey;
+    return NULL;
+}
+
+EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_PKEY) {
+        EVP_PKEY_up_ref(info->_.pkey);
+        return info->_.pkey;
+    }
+    OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_PKEY,
+                  OSSL_STORE_R_NOT_A_KEY);
+    return NULL;
+}
+
+X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_CERT)
+        return info->_.x509;
+    return NULL;
+}
+
+X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_CERT) {
+        X509_up_ref(info->_.x509);
+        return info->_.x509;
+    }
+    OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_CERT,
+                  OSSL_STORE_R_NOT_A_CERTIFICATE);
+    return NULL;
+}
+
+X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_CRL)
+        return info->_.crl;
+    return NULL;
+}
+
+X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_CRL) {
+        X509_CRL_up_ref(info->_.crl);
+        return info->_.crl;
+    }
+    OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_CRL,
+                  OSSL_STORE_R_NOT_A_CRL);
+    return NULL;
+}
+
+/*
+ * Free the OSSL_STORE_INFO
+ */
+void OSSL_STORE_INFO_free(OSSL_STORE_INFO *info)
+{
+    if (info != NULL) {
+        switch (info->type) {
+        case OSSL_STORE_INFO_EMBEDDED:
+            BUF_MEM_free(info->_.embedded.blob);
+            OPENSSL_free(info->_.embedded.pem_name);
+            break;
+        case OSSL_STORE_INFO_NAME:
+            OPENSSL_free(info->_.name.name);
+            OPENSSL_free(info->_.name.desc);
+            break;
+        case OSSL_STORE_INFO_PARAMS:
+            EVP_PKEY_free(info->_.params);
+            break;
+        case OSSL_STORE_INFO_PKEY:
+            EVP_PKEY_free(info->_.pkey);
+            break;
+        case OSSL_STORE_INFO_CERT:
+            X509_free(info->_.x509);
+            break;
+        case OSSL_STORE_INFO_CRL:
+            X509_CRL_free(info->_.crl);
+            break;
+        }
+        OPENSSL_free(info);
+    }
+}
+
+int OSSL_STORE_supports_search(OSSL_STORE_CTX *ctx, int search_type)
+{
+    OSSL_STORE_SEARCH tmp_search;
+
+    if (ctx->loader->find == NULL)
+        return 0;
+    tmp_search.search_type = search_type;
+    return ctx->loader->find(NULL, &tmp_search);
+}
+
+/* Search term constructors */
+OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(X509_NAME *name)
+{
+    OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
+
+    if (search == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_SEARCH_BY_NAME,
+                      ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    search->search_type = OSSL_STORE_SEARCH_BY_NAME;
+    search->name = name;
+    return search;
+}
+
+OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME *name,
+                                                    const ASN1_INTEGER *serial)
+{
+    OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
+
+    if (search == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ISSUER_SERIAL,
+                      ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    search->search_type = OSSL_STORE_SEARCH_BY_ISSUER_SERIAL;
+    search->name = name;
+    search->serial = serial;
+    return search;
+}
+
+OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD *digest,
+                                                        const unsigned char
+                                                        *bytes, size_t len)
+{
+    OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
+
+    if (search == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT,
+                      ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if (digest != NULL && len != (size_t)EVP_MD_size(digest)) {
+        char buf1[20], buf2[20];
+
+        BIO_snprintf(buf1, sizeof(buf1), "%d", EVP_MD_size(digest));
+        BIO_snprintf(buf2, sizeof(buf2), "%zu", len);
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT,
+                      OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST);
+        ERR_add_error_data(5, EVP_MD_name(digest), " size is ", buf1,
+                           ", fingerprint size is ", buf2);
+    }
+
+    search->search_type = OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT;
+    search->digest = digest;
+    search->string = bytes;
+    search->stringlength = len;
+    return search;
+}
+
+OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_alias(const char *alias)
+{
+    OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
+
+    if (search == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ALIAS,
+                      ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    search->search_type = OSSL_STORE_SEARCH_BY_ALIAS;
+    search->string = (const unsigned char *)alias;
+    search->stringlength = strlen(alias);
+    return search;
+}
+
+/* Search term destructor */
+void OSSL_STORE_SEARCH_free(OSSL_STORE_SEARCH *search)
+{
+    OPENSSL_free(search);
+}
+
+/* Search term accessors */
+int OSSL_STORE_SEARCH_get_type(const OSSL_STORE_SEARCH *criterion)
+{
+    return criterion->search_type;
+}
+
+X509_NAME *OSSL_STORE_SEARCH_get0_name(OSSL_STORE_SEARCH *criterion)
+{
+    return criterion->name;
+}
+
+const ASN1_INTEGER *OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH
+                                                 *criterion)
+{
+    return criterion->serial;
+}
+
+const unsigned char *OSSL_STORE_SEARCH_get0_bytes(const OSSL_STORE_SEARCH
+                                                  *criterion, size_t *length)
+{
+    *length = criterion->stringlength;
+    return criterion->string;
+}
+
+const char *OSSL_STORE_SEARCH_get0_string(const OSSL_STORE_SEARCH *criterion)
+{
+    return (const char *)criterion->string;
+}
+
+const EVP_MD *OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH *criterion)
+{
+    return criterion->digest;
+}
+
+/* Internal functions */
+OSSL_STORE_INFO *ossl_store_info_new_EMBEDDED(const char *new_pem_name,
+                                              BUF_MEM *embedded)
+{
+    OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_EMBEDDED, NULL);
+
+    if (info == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED,
+                      ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    info->_.embedded.blob = embedded;
+    info->_.embedded.pem_name =
+        new_pem_name == NULL ? NULL : OPENSSL_strdup(new_pem_name);
+
+    if (new_pem_name != NULL && info->_.embedded.pem_name == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED,
+                      ERR_R_MALLOC_FAILURE);
+        OSSL_STORE_INFO_free(info);
+        info = NULL;
+    }
+
+    return info;
+}
+
+BUF_MEM *ossl_store_info_get0_EMBEDDED_buffer(OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_EMBEDDED)
+        return info->_.embedded.blob;
+    return NULL;
+}
+
+char *ossl_store_info_get0_EMBEDDED_pem_name(OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_EMBEDDED)
+        return info->_.embedded.pem_name;
+    return NULL;
+}
+
+OSSL_STORE_CTX *ossl_store_attach_pem_bio(BIO *bp, const UI_METHOD *ui_method,
+                                          void *ui_data)
+{
+    OSSL_STORE_CTX *ctx = NULL;
+    const OSSL_STORE_LOADER *loader = NULL;
+    OSSL_STORE_LOADER_CTX *loader_ctx = NULL;
+
+    if ((loader = ossl_store_get0_loader_int("file")) == NULL
+        || ((loader_ctx = ossl_store_file_attach_pem_bio_int(bp)) == NULL))
+        goto done;
+    if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_ATTACH_PEM_BIO,
+                     ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    ctx->loader = loader;
+    ctx->loader_ctx = loader_ctx;
+    loader_ctx = NULL;
+    ctx->ui_method = ui_method;
+    ctx->ui_data = ui_data;
+    ctx->post_process = NULL;
+    ctx->post_process_data = NULL;
+
+ done:
+    if (loader_ctx != NULL)
+        /*
+         * We ignore a returned error because we will return NULL anyway in
+         * this case, so if something goes wrong when closing, that'll simply
+         * just add another entry on the error stack.
+         */
+        (void)loader->close(loader_ctx);
+    return ctx;
+}
+
+int ossl_store_detach_pem_bio(OSSL_STORE_CTX *ctx)
+{
+    int loader_ret = ossl_store_file_detach_pem_bio_int(ctx->loader_ctx);
+
+    OPENSSL_free(ctx);
+    return loader_ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/store/store_locl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/store/store_locl.h
new file mode 100644
index 000000000..369dcb33f
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/store/store_locl.h
@@ -0,0 +1,132 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/thread_once.h"
+#include <openssl/dsa.h>
+#include <openssl/engine.h>
+#include <openssl/evp.h>
+#include <openssl/lhash.h>
+#include <openssl/x509.h>
+#include <openssl/store.h>
+
+/*-
+ *  OSSL_STORE_INFO stuff
+ *  ---------------------
+ */
+
+struct ossl_store_info_st {
+    int type;
+    union {
+        void *data;              /* used internally as generic pointer */
+
+        struct {
+            BUF_MEM *blob;
+            char *pem_name;
+        } embedded;              /* when type == OSSL_STORE_INFO_EMBEDDED */
+
+        struct {
+            char *name;
+            char *desc;
+        } name;                  /* when type == OSSL_STORE_INFO_NAME */
+
+        EVP_PKEY *params;        /* when type == OSSL_STORE_INFO_PARAMS */
+        EVP_PKEY *pkey;          /* when type == OSSL_STORE_INFO_PKEY */
+        X509 *x509;              /* when type == OSSL_STORE_INFO_CERT */
+        X509_CRL *crl;           /* when type == OSSL_STORE_INFO_CRL */
+    } _;
+};
+
+DEFINE_STACK_OF(OSSL_STORE_INFO)
+
+/*
+ * EMBEDDED is a special type of OSSL_STORE_INFO, specially for the file
+ * handlers.  It should never reach a calling application or any engine.
+ * However, it can be used by a FILE_HANDLER's try_decode function to signal
+ * that it has decoded the incoming blob into a new blob, and that the
+ * attempted decoding should be immediately restarted with the new blob, using
+ * the new PEM name.
+ */
+/*
+ * Because this is an internal type, we don't make it public.
+ */
+#define OSSL_STORE_INFO_EMBEDDED       -1
+OSSL_STORE_INFO *ossl_store_info_new_EMBEDDED(const char *new_pem_name,
+                                              BUF_MEM *embedded);
+BUF_MEM *ossl_store_info_get0_EMBEDDED_buffer(OSSL_STORE_INFO *info);
+char *ossl_store_info_get0_EMBEDDED_pem_name(OSSL_STORE_INFO *info);
+
+/*-
+ *  OSSL_STORE_SEARCH stuff
+ *  -----------------------
+ */
+
+struct ossl_store_search_st {
+    int search_type;
+
+    /*
+     * Used by OSSL_STORE_SEARCH_BY_NAME and
+     * OSSL_STORE_SEARCH_BY_ISSUER_SERIAL
+     */
+    X509_NAME *name;
+
+    /* Used by OSSL_STORE_SEARCH_BY_ISSUER_SERIAL */
+    const ASN1_INTEGER *serial;
+
+    /* Used by OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT */
+    const EVP_MD *digest;
+
+    /*
+     * Used by OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT and
+     * OSSL_STORE_SEARCH_BY_ALIAS
+     */
+    const unsigned char *string;
+    size_t stringlength;
+};
+
+/*-
+ *  OSSL_STORE_LOADER stuff
+ *  -----------------------
+ */
+
+int ossl_store_register_loader_int(OSSL_STORE_LOADER *loader);
+OSSL_STORE_LOADER *ossl_store_unregister_loader_int(const char *scheme);
+
+/* loader stuff */
+struct ossl_store_loader_st {
+    const char *scheme;
+    ENGINE *engine;
+    OSSL_STORE_open_fn open;
+    OSSL_STORE_ctrl_fn ctrl;
+    OSSL_STORE_expect_fn expect;
+    OSSL_STORE_find_fn find;
+    OSSL_STORE_load_fn load;
+    OSSL_STORE_eof_fn eof;
+    OSSL_STORE_error_fn error;
+    OSSL_STORE_close_fn close;
+};
+DEFINE_LHASH_OF(OSSL_STORE_LOADER);
+
+const OSSL_STORE_LOADER *ossl_store_get0_loader_int(const char *scheme);
+void ossl_store_destroy_loaders_int(void);
+
+/*-
+ *  OSSL_STORE init stuff
+ *  ---------------------
+ */
+
+int ossl_store_init_once(void);
+int ossl_store_file_loader_init(void);
+
+/*-
+ *  'file' scheme stuff
+ *  -------------------
+ */
+
+OSSL_STORE_LOADER_CTX *ossl_store_file_attach_pem_bio_int(BIO *bp);
+int ossl_store_file_detach_pem_bio_int(OSSL_STORE_LOADER_CTX *ctx);
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/store/store_register.c b/trunk/3rdparty/openssl-1.1-fit/crypto/store/store_register.c
new file mode 100644
index 000000000..e68cb3c56
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/store/store_register.c
@@ -0,0 +1,297 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include "internal/ctype.h"
+#include <assert.h>
+
+#include <openssl/err.h>
+#include <openssl/lhash.h>
+#include "store_locl.h"
+
+static CRYPTO_RWLOCK *registry_lock;
+static CRYPTO_ONCE registry_init = CRYPTO_ONCE_STATIC_INIT;
+
+DEFINE_RUN_ONCE_STATIC(do_registry_init)
+{
+    registry_lock = CRYPTO_THREAD_lock_new();
+    return registry_lock != NULL;
+}
+
+/*
+ *  Functions for manipulating OSSL_STORE_LOADERs
+ */
+
+OSSL_STORE_LOADER *OSSL_STORE_LOADER_new(ENGINE *e, const char *scheme)
+{
+    OSSL_STORE_LOADER *res = NULL;
+
+    /*
+     * We usually don't check NULL arguments.  For loaders, though, the
+     * scheme is crucial and must never be NULL, or the user will get
+     * mysterious errors when trying to register the created loader
+     * later on.
+     */
+    if (scheme == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_LOADER_NEW,
+                      OSSL_STORE_R_INVALID_SCHEME);
+        return NULL;
+    }
+
+    if ((res = OPENSSL_zalloc(sizeof(*res))) == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_LOADER_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    res->engine = e;
+    res->scheme = scheme;
+    return res;
+}
+
+const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader)
+{
+    return loader->engine;
+}
+
+const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader)
+{
+    return loader->scheme;
+}
+
+int OSSL_STORE_LOADER_set_open(OSSL_STORE_LOADER *loader,
+                               OSSL_STORE_open_fn open_function)
+{
+    loader->open = open_function;
+    return 1;
+}
+
+int OSSL_STORE_LOADER_set_ctrl(OSSL_STORE_LOADER *loader,
+                               OSSL_STORE_ctrl_fn ctrl_function)
+{
+    loader->ctrl = ctrl_function;
+    return 1;
+}
+
+int OSSL_STORE_LOADER_set_expect(OSSL_STORE_LOADER *loader,
+                                 OSSL_STORE_expect_fn expect_function)
+{
+    loader->expect = expect_function;
+    return 1;
+}
+
+int OSSL_STORE_LOADER_set_find(OSSL_STORE_LOADER *loader,
+                               OSSL_STORE_find_fn find_function)
+{
+    loader->find = find_function;
+    return 1;
+}
+
+int OSSL_STORE_LOADER_set_load(OSSL_STORE_LOADER *loader,
+                               OSSL_STORE_load_fn load_function)
+{
+    loader->load = load_function;
+    return 1;
+}
+
+int OSSL_STORE_LOADER_set_eof(OSSL_STORE_LOADER *loader,
+                              OSSL_STORE_eof_fn eof_function)
+{
+    loader->eof = eof_function;
+    return 1;
+}
+
+int OSSL_STORE_LOADER_set_error(OSSL_STORE_LOADER *loader,
+                                OSSL_STORE_error_fn error_function)
+{
+    loader->error = error_function;
+    return 1;
+}
+
+int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader,
+                                OSSL_STORE_close_fn close_function)
+{
+    loader->close = close_function;
+    return 1;
+}
+
+void OSSL_STORE_LOADER_free(OSSL_STORE_LOADER *loader)
+{
+    OPENSSL_free(loader);
+}
+
+/*
+ *  Functions for registering OSSL_STORE_LOADERs
+ */
+
+static unsigned long store_loader_hash(const OSSL_STORE_LOADER *v)
+{
+    return OPENSSL_LH_strhash(v->scheme);
+}
+
+static int store_loader_cmp(const OSSL_STORE_LOADER *a,
+                            const OSSL_STORE_LOADER *b)
+{
+    assert(a->scheme != NULL && b->scheme != NULL);
+    return strcmp(a->scheme, b->scheme);
+}
+
+static LHASH_OF(OSSL_STORE_LOADER) *loader_register = NULL;
+
+int ossl_store_register_loader_int(OSSL_STORE_LOADER *loader)
+{
+    const char *scheme = loader->scheme;
+    int ok = 0;
+
+    /*
+     * Check that the given scheme conforms to correct scheme syntax as per
+     * RFC 3986:
+     *
+     * scheme        = ALPHA *( ALPHA / DIGIT / "+" / "-" / "." )
+     */
+    if (ossl_isalpha(*scheme))
+        while (*scheme != '\0'
+               && (ossl_isalpha(*scheme)
+                   || ossl_isdigit(*scheme)
+                   || strchr("+-.", *scheme) != NULL))
+            scheme++;
+    if (*scheme != '\0') {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_REGISTER_LOADER_INT,
+                      OSSL_STORE_R_INVALID_SCHEME);
+        ERR_add_error_data(2, "scheme=", loader->scheme);
+        return 0;
+    }
+
+    /* Check that functions we absolutely require are present */
+    if (loader->open == NULL || loader->load == NULL || loader->eof == NULL
+        || loader->error == NULL || loader->close == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_REGISTER_LOADER_INT,
+                      OSSL_STORE_R_LOADER_INCOMPLETE);
+        return 0;
+    }
+
+    if (!RUN_ONCE(&registry_init, do_registry_init)) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_REGISTER_LOADER_INT,
+                      ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    CRYPTO_THREAD_write_lock(registry_lock);
+
+    if (loader_register == NULL) {
+        loader_register = lh_OSSL_STORE_LOADER_new(store_loader_hash,
+                                                   store_loader_cmp);
+    }
+
+    if (loader_register != NULL
+        && (lh_OSSL_STORE_LOADER_insert(loader_register, loader) != NULL
+            || lh_OSSL_STORE_LOADER_error(loader_register) == 0))
+        ok = 1;
+
+    CRYPTO_THREAD_unlock(registry_lock);
+
+    return ok;
+}
+int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader)
+{
+    if (!ossl_store_init_once())
+        return 0;
+    return ossl_store_register_loader_int(loader);
+}
+
+const OSSL_STORE_LOADER *ossl_store_get0_loader_int(const char *scheme)
+{
+    OSSL_STORE_LOADER template;
+    OSSL_STORE_LOADER *loader = NULL;
+
+    template.scheme = scheme;
+    template.open = NULL;
+    template.load = NULL;
+    template.eof = NULL;
+    template.close = NULL;
+
+    if (!ossl_store_init_once())
+        return NULL;
+
+    if (!RUN_ONCE(&registry_init, do_registry_init)) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_GET0_LOADER_INT,
+                      ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    CRYPTO_THREAD_write_lock(registry_lock);
+
+    loader = lh_OSSL_STORE_LOADER_retrieve(loader_register, &template);
+
+    if (loader == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_GET0_LOADER_INT,
+                      OSSL_STORE_R_UNREGISTERED_SCHEME);
+        ERR_add_error_data(2, "scheme=", scheme);
+    }
+
+    CRYPTO_THREAD_unlock(registry_lock);
+
+    return loader;
+}
+
+OSSL_STORE_LOADER *ossl_store_unregister_loader_int(const char *scheme)
+{
+    OSSL_STORE_LOADER template;
+    OSSL_STORE_LOADER *loader = NULL;
+
+    template.scheme = scheme;
+    template.open = NULL;
+    template.load = NULL;
+    template.eof = NULL;
+    template.close = NULL;
+
+    if (!RUN_ONCE(&registry_init, do_registry_init)) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_UNREGISTER_LOADER_INT,
+                      ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    CRYPTO_THREAD_write_lock(registry_lock);
+
+    loader = lh_OSSL_STORE_LOADER_delete(loader_register, &template);
+
+    if (loader == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_UNREGISTER_LOADER_INT,
+                      OSSL_STORE_R_UNREGISTERED_SCHEME);
+        ERR_add_error_data(2, "scheme=", scheme);
+    }
+
+    CRYPTO_THREAD_unlock(registry_lock);
+
+    return loader;
+}
+OSSL_STORE_LOADER *OSSL_STORE_unregister_loader(const char *scheme)
+{
+    if (!ossl_store_init_once())
+        return 0;
+    return ossl_store_unregister_loader_int(scheme);
+}
+
+void ossl_store_destroy_loaders_int(void)
+{
+    assert(lh_OSSL_STORE_LOADER_num_items(loader_register) == 0);
+    lh_OSSL_STORE_LOADER_free(loader_register);
+    loader_register = NULL;
+    CRYPTO_THREAD_lock_free(registry_lock);
+    registry_lock = NULL;
+}
+
+/*
+ *  Functions to list OSSL_STORE loaders
+ */
+
+IMPLEMENT_LHASH_DOALL_ARG_CONST(OSSL_STORE_LOADER, void);
+int OSSL_STORE_do_all_loaders(void (*do_function) (const OSSL_STORE_LOADER
+                                                   *loader, void *do_arg),
+                              void *do_arg)
+{
+    lh_OSSL_STORE_LOADER_doall_void(loader_register, do_function, do_arg);
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/store/store_strings.c b/trunk/3rdparty/openssl-1.1-fit/crypto/store/store_strings.c
new file mode 100644
index 000000000..76cf31648
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/store/store_strings.c
@@ -0,0 +1,28 @@
+/*
+ * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/store.h>
+
+static char *type_strings[] = {
+    "Name",                      /* OSSL_STORE_INFO_NAME */
+    "Parameters",                /* OSSL_STORE_INFO_PARAMS */
+    "Pkey",                      /* OSSL_STORE_INFO_PKEY */
+    "Certificate",               /* OSSL_STORE_INFO_CERT */
+    "CRL"                        /* OSSL_STORE_INFO_CRL */
+};
+
+const char *OSSL_STORE_INFO_type_string(int type)
+{
+    int types = sizeof(type_strings) / sizeof(type_strings[0]);
+
+    if (type < 1 || type > types)
+        return NULL;
+
+    return type_strings[type - 1];
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/threads_none.c b/trunk/3rdparty/openssl-1.1-fit/crypto/threads_none.c
new file mode 100644
index 000000000..4b1940ae4
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/threads_none.c
@@ -0,0 +1,136 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include "internal/cryptlib.h"
+
+#if !defined(OPENSSL_THREADS) || defined(CRYPTO_TDEBUG)
+
+CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void)
+{
+    CRYPTO_RWLOCK *lock;
+
+    if ((lock = OPENSSL_zalloc(sizeof(unsigned int))) == NULL) {
+        /* Don't set error, to avoid recursion blowup. */
+        return NULL;
+    }
+
+    *(unsigned int *)lock = 1;
+
+    return lock;
+}
+
+int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock)
+{
+    if (!ossl_assert(*(unsigned int *)lock == 1))
+        return 0;
+    return 1;
+}
+
+int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock)
+{
+    if (!ossl_assert(*(unsigned int *)lock == 1))
+        return 0;
+    return 1;
+}
+
+int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock)
+{
+    if (!ossl_assert(*(unsigned int *)lock == 1))
+        return 0;
+    return 1;
+}
+
+void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock) {
+    if (lock == NULL)
+        return;
+
+    *(unsigned int *)lock = 0;
+    OPENSSL_free(lock);
+
+    return;
+}
+
+int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void))
+{
+    if (*once != 0)
+        return 1;
+
+    init();
+    *once = 1;
+
+    return 1;
+}
+
+#define OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX 256
+
+static void *thread_local_storage[OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX];
+
+int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *))
+{
+    static unsigned int thread_local_key = 0;
+
+    if (thread_local_key >= OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX)
+        return 0;
+
+    *key = thread_local_key++;
+
+    thread_local_storage[*key] = NULL;
+
+    return 1;
+}
+
+void *CRYPTO_THREAD_get_local(CRYPTO_THREAD_LOCAL *key)
+{
+    if (*key >= OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX)
+        return NULL;
+
+    return thread_local_storage[*key];
+}
+
+int CRYPTO_THREAD_set_local(CRYPTO_THREAD_LOCAL *key, void *val)
+{
+    if (*key >= OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX)
+        return 0;
+
+    thread_local_storage[*key] = val;
+
+    return 1;
+}
+
+int CRYPTO_THREAD_cleanup_local(CRYPTO_THREAD_LOCAL *key)
+{
+    *key = OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX + 1;
+    return 1;
+}
+
+CRYPTO_THREAD_ID CRYPTO_THREAD_get_current_id(void)
+{
+    return 0;
+}
+
+int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b)
+{
+    return (a == b);
+}
+
+int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock)
+{
+    *val += amount;
+    *ret  = *val;
+
+    return 1;
+}
+
+int openssl_init_fork_handlers(void)
+{
+    return 0;
+}
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/threads_pthread.c b/trunk/3rdparty/openssl-1.1-fit/crypto/threads_pthread.c
new file mode 100644
index 000000000..5a59779eb
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/threads_pthread.c
@@ -0,0 +1,196 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include "internal/cryptlib.h"
+
+#if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) && !defined(OPENSSL_SYS_WINDOWS)
+
+# ifdef PTHREAD_RWLOCK_INITIALIZER
+#  define USE_RWLOCK
+# endif
+
+CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void)
+{
+# ifdef USE_RWLOCK
+    CRYPTO_RWLOCK *lock;
+
+    if ((lock = OPENSSL_zalloc(sizeof(pthread_rwlock_t))) == NULL) {
+        /* Don't set error, to avoid recursion blowup. */
+        return NULL;
+    }
+
+    if (pthread_rwlock_init(lock, NULL) != 0) {
+        OPENSSL_free(lock);
+        return NULL;
+    }
+# else
+    pthread_mutexattr_t attr;
+    CRYPTO_RWLOCK *lock;
+
+    if ((lock = OPENSSL_zalloc(sizeof(pthread_mutex_t))) == NULL) {
+        /* Don't set error, to avoid recursion blowup. */
+        return NULL;
+    }
+
+    pthread_mutexattr_init(&attr);
+    pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_RECURSIVE);
+
+    if (pthread_mutex_init(lock, &attr) != 0) {
+        pthread_mutexattr_destroy(&attr);
+        OPENSSL_free(lock);
+        return NULL;
+    }
+
+    pthread_mutexattr_destroy(&attr);
+# endif
+
+    return lock;
+}
+
+int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock)
+{
+# ifdef USE_RWLOCK
+    if (pthread_rwlock_rdlock(lock) != 0)
+        return 0;
+# else
+    if (pthread_mutex_lock(lock) != 0)
+        return 0;
+# endif
+
+    return 1;
+}
+
+int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock)
+{
+# ifdef USE_RWLOCK
+    if (pthread_rwlock_wrlock(lock) != 0)
+        return 0;
+# else
+    if (pthread_mutex_lock(lock) != 0)
+        return 0;
+# endif
+
+    return 1;
+}
+
+int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock)
+{
+# ifdef USE_RWLOCK
+    if (pthread_rwlock_unlock(lock) != 0)
+        return 0;
+# else
+    if (pthread_mutex_unlock(lock) != 0)
+        return 0;
+# endif
+
+    return 1;
+}
+
+void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock)
+{
+    if (lock == NULL)
+        return;
+
+# ifdef USE_RWLOCK
+    pthread_rwlock_destroy(lock);
+# else
+    pthread_mutex_destroy(lock);
+# endif
+    OPENSSL_free(lock);
+
+    return;
+}
+
+int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void))
+{
+    if (pthread_once(once, init) != 0)
+        return 0;
+
+    return 1;
+}
+
+int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *))
+{
+    if (pthread_key_create(key, cleanup) != 0)
+        return 0;
+
+    return 1;
+}
+
+void *CRYPTO_THREAD_get_local(CRYPTO_THREAD_LOCAL *key)
+{
+    return pthread_getspecific(*key);
+}
+
+int CRYPTO_THREAD_set_local(CRYPTO_THREAD_LOCAL *key, void *val)
+{
+    if (pthread_setspecific(*key, val) != 0)
+        return 0;
+
+    return 1;
+}
+
+int CRYPTO_THREAD_cleanup_local(CRYPTO_THREAD_LOCAL *key)
+{
+    if (pthread_key_delete(*key) != 0)
+        return 0;
+
+    return 1;
+}
+
+CRYPTO_THREAD_ID CRYPTO_THREAD_get_current_id(void)
+{
+    return pthread_self();
+}
+
+int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b)
+{
+    return pthread_equal(a, b);
+}
+
+int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock)
+{
+# if defined(__GNUC__) && defined(__ATOMIC_ACQ_REL)
+    if (__atomic_is_lock_free(sizeof(*val), val)) {
+        *ret = __atomic_add_fetch(val, amount, __ATOMIC_ACQ_REL);
+        return 1;
+    }
+# endif
+    if (!CRYPTO_THREAD_write_lock(lock))
+        return 0;
+
+    *val += amount;
+    *ret  = *val;
+
+    if (!CRYPTO_THREAD_unlock(lock))
+        return 0;
+
+    return 1;
+}
+
+# ifdef OPENSSL_SYS_UNIX
+static pthread_once_t fork_once_control = PTHREAD_ONCE_INIT;
+
+static void fork_once_func(void)
+{
+    pthread_atfork(OPENSSL_fork_prepare,
+                   OPENSSL_fork_parent, OPENSSL_fork_child);
+}
+# endif
+
+int openssl_init_fork_handlers(void)
+{
+# ifdef OPENSSL_SYS_UNIX
+    if (pthread_once(&fork_once_control, fork_once_func) == 0)
+        return 1;
+# endif
+    return 0;
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/threads_win.c b/trunk/3rdparty/openssl-1.1-fit/crypto/threads_win.c
new file mode 100644
index 000000000..d8fdfb74f
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/threads_win.c
@@ -0,0 +1,163 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#if defined(_WIN32)
+# include <windows.h>
+#endif
+
+#include <openssl/crypto.h>
+
+#if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) && defined(OPENSSL_SYS_WINDOWS)
+
+CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void)
+{
+    CRYPTO_RWLOCK *lock;
+
+    if ((lock = OPENSSL_zalloc(sizeof(CRITICAL_SECTION))) == NULL) {
+        /* Don't set error, to avoid recursion blowup. */
+        return NULL;
+    }
+
+    /* 0x400 is the spin count value suggested in the documentation */
+    if (!InitializeCriticalSectionAndSpinCount(lock, 0x400)) {
+        OPENSSL_free(lock);
+        return NULL;
+    }
+
+    return lock;
+}
+
+int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock)
+{
+    EnterCriticalSection(lock);
+    return 1;
+}
+
+int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock)
+{
+    EnterCriticalSection(lock);
+    return 1;
+}
+
+int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock)
+{
+    LeaveCriticalSection(lock);
+    return 1;
+}
+
+void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock)
+{
+    if (lock == NULL)
+        return;
+
+    DeleteCriticalSection(lock);
+    OPENSSL_free(lock);
+
+    return;
+}
+
+#  define ONCE_UNINITED     0
+#  define ONCE_ININIT       1
+#  define ONCE_DONE         2
+
+/*
+ * We don't use InitOnceExecuteOnce because that isn't available in WinXP which
+ * we still have to support.
+ */
+int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void))
+{
+    LONG volatile *lock = (LONG *)once;
+    LONG result;
+
+    if (*lock == ONCE_DONE)
+        return 1;
+
+    do {
+        result = InterlockedCompareExchange(lock, ONCE_ININIT, ONCE_UNINITED);
+        if (result == ONCE_UNINITED) {
+            init();
+            *lock = ONCE_DONE;
+            return 1;
+        }
+    } while (result == ONCE_ININIT);
+
+    return (*lock == ONCE_DONE);
+}
+
+int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *))
+{
+    *key = TlsAlloc();
+    if (*key == TLS_OUT_OF_INDEXES)
+        return 0;
+
+    return 1;
+}
+
+void *CRYPTO_THREAD_get_local(CRYPTO_THREAD_LOCAL *key)
+{
+    DWORD last_error;
+    void *ret;
+
+    /*
+     * TlsGetValue clears the last error even on success, so that callers may
+     * distinguish it successfully returning NULL or failing. It is documented
+     * to never fail if the argument is a valid index from TlsAlloc, so we do
+     * not need to handle this.
+     *
+     * However, this error-mangling behavior interferes with the caller's use of
+     * GetLastError. In particular SSL_get_error queries the error queue to
+     * determine whether the caller should look at the OS's errors. To avoid
+     * destroying state, save and restore the Windows error.
+     *
+     * https://msdn.microsoft.com/en-us/library/windows/desktop/ms686812(v=vs.85).aspx
+     */
+    last_error = GetLastError();
+    ret = TlsGetValue(*key);
+    SetLastError(last_error);
+    return ret;
+}
+
+int CRYPTO_THREAD_set_local(CRYPTO_THREAD_LOCAL *key, void *val)
+{
+    if (TlsSetValue(*key, val) == 0)
+        return 0;
+
+    return 1;
+}
+
+int CRYPTO_THREAD_cleanup_local(CRYPTO_THREAD_LOCAL *key)
+{
+    if (TlsFree(*key) == 0)
+        return 0;
+
+    return 1;
+}
+
+CRYPTO_THREAD_ID CRYPTO_THREAD_get_current_id(void)
+{
+    return GetCurrentThreadId();
+}
+
+int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b)
+{
+    return (a == b);
+}
+
+int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock)
+{
+    *ret = InterlockedExchangeAdd(val, amount) + amount;
+    return 1;
+}
+
+int openssl_init_fork_handlers(void)
+{
+    return 0;
+}
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ts/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/ts/build.info
new file mode 100644
index 000000000..98e633d57
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ts/build.info
@@ -0,0 +1,5 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        ts_err.c ts_req_utils.c ts_req_print.c ts_rsp_utils.c ts_rsp_print.c \
+        ts_rsp_sign.c ts_rsp_verify.c ts_verify_ctx.c ts_lib.c ts_conf.c \
+        ts_asn1.c
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_asn1.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_asn1.c
new file mode 100644
index 000000000..870720708
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_asn1.c
@@ -0,0 +1,276 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/ts.h>
+#include <openssl/err.h>
+#include <openssl/asn1t.h>
+#include "ts_lcl.h"
+
+ASN1_SEQUENCE(TS_MSG_IMPRINT) = {
+        ASN1_SIMPLE(TS_MSG_IMPRINT, hash_algo, X509_ALGOR),
+        ASN1_SIMPLE(TS_MSG_IMPRINT, hashed_msg, ASN1_OCTET_STRING)
+} static_ASN1_SEQUENCE_END(TS_MSG_IMPRINT)
+
+IMPLEMENT_ASN1_FUNCTIONS_const(TS_MSG_IMPRINT)
+IMPLEMENT_ASN1_DUP_FUNCTION(TS_MSG_IMPRINT)
+TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *bp, TS_MSG_IMPRINT **a)
+{
+    return ASN1_d2i_bio_of(TS_MSG_IMPRINT, TS_MSG_IMPRINT_new,
+                           d2i_TS_MSG_IMPRINT, bp, a);
+}
+
+int i2d_TS_MSG_IMPRINT_bio(BIO *bp, TS_MSG_IMPRINT *a)
+{
+    return ASN1_i2d_bio_of_const(TS_MSG_IMPRINT, i2d_TS_MSG_IMPRINT, bp, a);
+}
+#ifndef OPENSSL_NO_STDIO
+TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a)
+{
+    return ASN1_d2i_fp_of(TS_MSG_IMPRINT, TS_MSG_IMPRINT_new,
+                          d2i_TS_MSG_IMPRINT, fp, a);
+}
+
+int i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a)
+{
+    return ASN1_i2d_fp_of_const(TS_MSG_IMPRINT, i2d_TS_MSG_IMPRINT, fp, a);
+}
+#endif
+
+ASN1_SEQUENCE(TS_REQ) = {
+        ASN1_SIMPLE(TS_REQ, version, ASN1_INTEGER),
+        ASN1_SIMPLE(TS_REQ, msg_imprint, TS_MSG_IMPRINT),
+        ASN1_OPT(TS_REQ, policy_id, ASN1_OBJECT),
+        ASN1_OPT(TS_REQ, nonce, ASN1_INTEGER),
+        ASN1_OPT(TS_REQ, cert_req, ASN1_FBOOLEAN),
+        ASN1_IMP_SEQUENCE_OF_OPT(TS_REQ, extensions, X509_EXTENSION, 0)
+} static_ASN1_SEQUENCE_END(TS_REQ)
+
+IMPLEMENT_ASN1_FUNCTIONS_const(TS_REQ)
+IMPLEMENT_ASN1_DUP_FUNCTION(TS_REQ)
+TS_REQ *d2i_TS_REQ_bio(BIO *bp, TS_REQ **a)
+{
+    return ASN1_d2i_bio_of(TS_REQ, TS_REQ_new, d2i_TS_REQ, bp, a);
+}
+
+int i2d_TS_REQ_bio(BIO *bp, TS_REQ *a)
+{
+    return ASN1_i2d_bio_of_const(TS_REQ, i2d_TS_REQ, bp, a);
+}
+#ifndef OPENSSL_NO_STDIO
+TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a)
+{
+    return ASN1_d2i_fp_of(TS_REQ, TS_REQ_new, d2i_TS_REQ, fp, a);
+}
+
+int i2d_TS_REQ_fp(FILE *fp, TS_REQ *a)
+{
+    return ASN1_i2d_fp_of_const(TS_REQ, i2d_TS_REQ, fp, a);
+}
+#endif
+
+ASN1_SEQUENCE(TS_ACCURACY) = {
+        ASN1_OPT(TS_ACCURACY, seconds, ASN1_INTEGER),
+        ASN1_IMP_OPT(TS_ACCURACY, millis, ASN1_INTEGER, 0),
+        ASN1_IMP_OPT(TS_ACCURACY, micros, ASN1_INTEGER, 1)
+} static_ASN1_SEQUENCE_END(TS_ACCURACY)
+
+IMPLEMENT_ASN1_FUNCTIONS_const(TS_ACCURACY)
+IMPLEMENT_ASN1_DUP_FUNCTION(TS_ACCURACY)
+
+ASN1_SEQUENCE(TS_TST_INFO) = {
+        ASN1_SIMPLE(TS_TST_INFO, version, ASN1_INTEGER),
+        ASN1_SIMPLE(TS_TST_INFO, policy_id, ASN1_OBJECT),
+        ASN1_SIMPLE(TS_TST_INFO, msg_imprint, TS_MSG_IMPRINT),
+        ASN1_SIMPLE(TS_TST_INFO, serial, ASN1_INTEGER),
+        ASN1_SIMPLE(TS_TST_INFO, time, ASN1_GENERALIZEDTIME),
+        ASN1_OPT(TS_TST_INFO, accuracy, TS_ACCURACY),
+        ASN1_OPT(TS_TST_INFO, ordering, ASN1_FBOOLEAN),
+        ASN1_OPT(TS_TST_INFO, nonce, ASN1_INTEGER),
+        ASN1_EXP_OPT(TS_TST_INFO, tsa, GENERAL_NAME, 0),
+        ASN1_IMP_SEQUENCE_OF_OPT(TS_TST_INFO, extensions, X509_EXTENSION, 1)
+} static_ASN1_SEQUENCE_END(TS_TST_INFO)
+
+IMPLEMENT_ASN1_FUNCTIONS_const(TS_TST_INFO)
+IMPLEMENT_ASN1_DUP_FUNCTION(TS_TST_INFO)
+TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *bp, TS_TST_INFO **a)
+{
+    return ASN1_d2i_bio_of(TS_TST_INFO, TS_TST_INFO_new, d2i_TS_TST_INFO, bp,
+                           a);
+}
+
+int i2d_TS_TST_INFO_bio(BIO *bp, TS_TST_INFO *a)
+{
+    return ASN1_i2d_bio_of_const(TS_TST_INFO, i2d_TS_TST_INFO, bp, a);
+}
+#ifndef OPENSSL_NO_STDIO
+TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a)
+{
+    return ASN1_d2i_fp_of(TS_TST_INFO, TS_TST_INFO_new, d2i_TS_TST_INFO, fp,
+                          a);
+}
+
+int i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a)
+{
+    return ASN1_i2d_fp_of_const(TS_TST_INFO, i2d_TS_TST_INFO, fp, a);
+}
+#endif
+
+ASN1_SEQUENCE(TS_STATUS_INFO) = {
+        ASN1_SIMPLE(TS_STATUS_INFO, status, ASN1_INTEGER),
+        ASN1_SEQUENCE_OF_OPT(TS_STATUS_INFO, text, ASN1_UTF8STRING),
+        ASN1_OPT(TS_STATUS_INFO, failure_info, ASN1_BIT_STRING)
+} static_ASN1_SEQUENCE_END(TS_STATUS_INFO)
+
+IMPLEMENT_ASN1_FUNCTIONS_const(TS_STATUS_INFO)
+IMPLEMENT_ASN1_DUP_FUNCTION(TS_STATUS_INFO)
+
+static int ts_resp_set_tst_info(TS_RESP *a)
+{
+    long status;
+
+    status = ASN1_INTEGER_get(a->status_info->status);
+
+    if (a->token) {
+        if (status != 0 && status != 1) {
+            TSerr(TS_F_TS_RESP_SET_TST_INFO, TS_R_TOKEN_PRESENT);
+            return 0;
+        }
+        TS_TST_INFO_free(a->tst_info);
+        a->tst_info = PKCS7_to_TS_TST_INFO(a->token);
+        if (!a->tst_info) {
+            TSerr(TS_F_TS_RESP_SET_TST_INFO,
+                  TS_R_PKCS7_TO_TS_TST_INFO_FAILED);
+            return 0;
+        }
+    } else if (status == 0 || status == 1) {
+        TSerr(TS_F_TS_RESP_SET_TST_INFO, TS_R_TOKEN_NOT_PRESENT);
+        return 0;
+    }
+
+    return 1;
+}
+
+static int ts_resp_cb(int op, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                      void *exarg)
+{
+    TS_RESP *ts_resp = (TS_RESP *)*pval;
+    if (op == ASN1_OP_NEW_POST) {
+        ts_resp->tst_info = NULL;
+    } else if (op == ASN1_OP_FREE_POST) {
+        TS_TST_INFO_free(ts_resp->tst_info);
+    } else if (op == ASN1_OP_D2I_POST) {
+        if (ts_resp_set_tst_info(ts_resp) == 0)
+            return 0;
+    }
+    return 1;
+}
+
+ASN1_SEQUENCE_cb(TS_RESP, ts_resp_cb) = {
+        ASN1_SIMPLE(TS_RESP, status_info, TS_STATUS_INFO),
+        ASN1_OPT(TS_RESP, token, PKCS7),
+} static_ASN1_SEQUENCE_END_cb(TS_RESP, TS_RESP)
+
+IMPLEMENT_ASN1_FUNCTIONS_const(TS_RESP)
+
+IMPLEMENT_ASN1_DUP_FUNCTION(TS_RESP)
+
+TS_RESP *d2i_TS_RESP_bio(BIO *bp, TS_RESP **a)
+{
+    return ASN1_d2i_bio_of(TS_RESP, TS_RESP_new, d2i_TS_RESP, bp, a);
+}
+
+int i2d_TS_RESP_bio(BIO *bp, TS_RESP *a)
+{
+    return ASN1_i2d_bio_of_const(TS_RESP, i2d_TS_RESP, bp, a);
+}
+#ifndef OPENSSL_NO_STDIO
+TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a)
+{
+    return ASN1_d2i_fp_of(TS_RESP, TS_RESP_new, d2i_TS_RESP, fp, a);
+}
+
+int i2d_TS_RESP_fp(FILE *fp, TS_RESP *a)
+{
+    return ASN1_i2d_fp_of_const(TS_RESP, i2d_TS_RESP, fp, a);
+}
+#endif
+
+ASN1_SEQUENCE(ESS_ISSUER_SERIAL) = {
+        ASN1_SEQUENCE_OF(ESS_ISSUER_SERIAL, issuer, GENERAL_NAME),
+        ASN1_SIMPLE(ESS_ISSUER_SERIAL, serial, ASN1_INTEGER)
+} static_ASN1_SEQUENCE_END(ESS_ISSUER_SERIAL)
+
+IMPLEMENT_ASN1_FUNCTIONS_const(ESS_ISSUER_SERIAL)
+IMPLEMENT_ASN1_DUP_FUNCTION(ESS_ISSUER_SERIAL)
+
+ASN1_SEQUENCE(ESS_CERT_ID) = {
+        ASN1_SIMPLE(ESS_CERT_ID, hash, ASN1_OCTET_STRING),
+        ASN1_OPT(ESS_CERT_ID, issuer_serial, ESS_ISSUER_SERIAL)
+} static_ASN1_SEQUENCE_END(ESS_CERT_ID)
+
+IMPLEMENT_ASN1_FUNCTIONS_const(ESS_CERT_ID)
+IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID)
+
+ASN1_SEQUENCE(ESS_SIGNING_CERT) = {
+        ASN1_SEQUENCE_OF(ESS_SIGNING_CERT, cert_ids, ESS_CERT_ID),
+        ASN1_SEQUENCE_OF_OPT(ESS_SIGNING_CERT, policy_info, POLICYINFO)
+} static_ASN1_SEQUENCE_END(ESS_SIGNING_CERT)
+
+IMPLEMENT_ASN1_FUNCTIONS_const(ESS_SIGNING_CERT)
+IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT)
+
+ASN1_SEQUENCE(ESS_CERT_ID_V2) = {
+        ASN1_OPT(ESS_CERT_ID_V2, hash_alg, X509_ALGOR),
+        ASN1_SIMPLE(ESS_CERT_ID_V2, hash, ASN1_OCTET_STRING),
+        ASN1_OPT(ESS_CERT_ID_V2, issuer_serial, ESS_ISSUER_SERIAL)
+} static_ASN1_SEQUENCE_END(ESS_CERT_ID_V2)
+
+IMPLEMENT_ASN1_FUNCTIONS_const(ESS_CERT_ID_V2)
+IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID_V2)
+
+ASN1_SEQUENCE(ESS_SIGNING_CERT_V2) = {
+        ASN1_SEQUENCE_OF(ESS_SIGNING_CERT_V2, cert_ids, ESS_CERT_ID_V2),
+        ASN1_SEQUENCE_OF_OPT(ESS_SIGNING_CERT_V2, policy_info, POLICYINFO)
+} static_ASN1_SEQUENCE_END(ESS_SIGNING_CERT_V2)
+
+IMPLEMENT_ASN1_FUNCTIONS_const(ESS_SIGNING_CERT_V2)
+IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT_V2)
+
+/* Getting encapsulated TS_TST_INFO object from PKCS7. */
+TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token)
+{
+    PKCS7_SIGNED *pkcs7_signed;
+    PKCS7 *enveloped;
+    ASN1_TYPE *tst_info_wrapper;
+    ASN1_OCTET_STRING *tst_info_der;
+    const unsigned char *p;
+
+    if (!PKCS7_type_is_signed(token)) {
+        TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_BAD_PKCS7_TYPE);
+        return NULL;
+    }
+    if (PKCS7_get_detached(token)) {
+        TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_DETACHED_CONTENT);
+        return NULL;
+    }
+    pkcs7_signed = token->d.sign;
+    enveloped = pkcs7_signed->contents;
+    if (OBJ_obj2nid(enveloped->type) != NID_id_smime_ct_TSTInfo) {
+        TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_BAD_PKCS7_TYPE);
+        return NULL;
+    }
+    tst_info_wrapper = enveloped->d.other;
+    if (tst_info_wrapper->type != V_ASN1_OCTET_STRING) {
+        TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_BAD_TYPE);
+        return NULL;
+    }
+    tst_info_der = tst_info_wrapper->value.octet_string;
+    p = tst_info_der->data;
+    return d2i_TS_TST_INFO(NULL, &p, tst_info_der->length);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_conf.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_conf.c
new file mode 100644
index 000000000..625089a59
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_conf.c
@@ -0,0 +1,493 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+
+#include <openssl/crypto.h>
+#include "internal/cryptlib.h"
+#include <openssl/pem.h>
+#include <openssl/engine.h>
+#include <openssl/ts.h>
+
+/* Macro definitions for the configuration file. */
+#define BASE_SECTION                    "tsa"
+#define ENV_DEFAULT_TSA                 "default_tsa"
+#define ENV_SERIAL                      "serial"
+#define ENV_CRYPTO_DEVICE               "crypto_device"
+#define ENV_SIGNER_CERT                 "signer_cert"
+#define ENV_CERTS                       "certs"
+#define ENV_SIGNER_KEY                  "signer_key"
+#define ENV_SIGNER_DIGEST               "signer_digest"
+#define ENV_DEFAULT_POLICY              "default_policy"
+#define ENV_OTHER_POLICIES              "other_policies"
+#define ENV_DIGESTS                     "digests"
+#define ENV_ACCURACY                    "accuracy"
+#define ENV_ORDERING                    "ordering"
+#define ENV_TSA_NAME                    "tsa_name"
+#define ENV_ESS_CERT_ID_CHAIN           "ess_cert_id_chain"
+#define ENV_VALUE_SECS                  "secs"
+#define ENV_VALUE_MILLISECS             "millisecs"
+#define ENV_VALUE_MICROSECS             "microsecs"
+#define ENV_CLOCK_PRECISION_DIGITS      "clock_precision_digits"
+#define ENV_VALUE_YES                   "yes"
+#define ENV_VALUE_NO                    "no"
+#define ENV_ESS_CERT_ID_ALG             "ess_cert_id_alg"
+
+/* Function definitions for certificate and key loading. */
+
+X509 *TS_CONF_load_cert(const char *file)
+{
+    BIO *cert = NULL;
+    X509 *x = NULL;
+
+    if ((cert = BIO_new_file(file, "r")) == NULL)
+        goto end;
+    x = PEM_read_bio_X509_AUX(cert, NULL, NULL, NULL);
+ end:
+    if (x == NULL)
+        TSerr(TS_F_TS_CONF_LOAD_CERT, TS_R_CANNOT_LOAD_CERT);
+    BIO_free(cert);
+    return x;
+}
+
+STACK_OF(X509) *TS_CONF_load_certs(const char *file)
+{
+    BIO *certs = NULL;
+    STACK_OF(X509) *othercerts = NULL;
+    STACK_OF(X509_INFO) *allcerts = NULL;
+    int i;
+
+    if ((certs = BIO_new_file(file, "r")) == NULL)
+        goto end;
+    if ((othercerts = sk_X509_new_null()) == NULL)
+        goto end;
+
+    allcerts = PEM_X509_INFO_read_bio(certs, NULL, NULL, NULL);
+    for (i = 0; i < sk_X509_INFO_num(allcerts); i++) {
+        X509_INFO *xi = sk_X509_INFO_value(allcerts, i);
+        if (xi->x509) {
+            sk_X509_push(othercerts, xi->x509);
+            xi->x509 = NULL;
+        }
+    }
+ end:
+    if (othercerts == NULL)
+        TSerr(TS_F_TS_CONF_LOAD_CERTS, TS_R_CANNOT_LOAD_CERT);
+    sk_X509_INFO_pop_free(allcerts, X509_INFO_free);
+    BIO_free(certs);
+    return othercerts;
+}
+
+EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass)
+{
+    BIO *key = NULL;
+    EVP_PKEY *pkey = NULL;
+
+    if ((key = BIO_new_file(file, "r")) == NULL)
+        goto end;
+    pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, (char *)pass);
+ end:
+    if (pkey == NULL)
+        TSerr(TS_F_TS_CONF_LOAD_KEY, TS_R_CANNOT_LOAD_KEY);
+    BIO_free(key);
+    return pkey;
+}
+
+/* Function definitions for handling configuration options. */
+
+static void ts_CONF_lookup_fail(const char *name, const char *tag)
+{
+    TSerr(TS_F_TS_CONF_LOOKUP_FAIL, TS_R_VAR_LOOKUP_FAILURE);
+    ERR_add_error_data(3, name, "::", tag);
+}
+
+static void ts_CONF_invalid(const char *name, const char *tag)
+{
+    TSerr(TS_F_TS_CONF_INVALID, TS_R_VAR_BAD_VALUE);
+    ERR_add_error_data(3, name, "::", tag);
+}
+
+const char *TS_CONF_get_tsa_section(CONF *conf, const char *section)
+{
+    if (!section) {
+        section = NCONF_get_string(conf, BASE_SECTION, ENV_DEFAULT_TSA);
+        if (!section)
+            ts_CONF_lookup_fail(BASE_SECTION, ENV_DEFAULT_TSA);
+    }
+    return section;
+}
+
+int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb,
+                       TS_RESP_CTX *ctx)
+{
+    int ret = 0;
+    char *serial = NCONF_get_string(conf, section, ENV_SERIAL);
+    if (!serial) {
+        ts_CONF_lookup_fail(section, ENV_SERIAL);
+        goto err;
+    }
+    TS_RESP_CTX_set_serial_cb(ctx, cb, serial);
+
+    ret = 1;
+ err:
+    return ret;
+}
+
+#ifndef OPENSSL_NO_ENGINE
+
+int TS_CONF_set_crypto_device(CONF *conf, const char *section,
+                              const char *device)
+{
+    int ret = 0;
+
+    if (device == NULL)
+        device = NCONF_get_string(conf, section, ENV_CRYPTO_DEVICE);
+
+    if (device && !TS_CONF_set_default_engine(device)) {
+        ts_CONF_invalid(section, ENV_CRYPTO_DEVICE);
+        goto err;
+    }
+    ret = 1;
+ err:
+    return ret;
+}
+
+int TS_CONF_set_default_engine(const char *name)
+{
+    ENGINE *e = NULL;
+    int ret = 0;
+
+    if (strcmp(name, "builtin") == 0)
+        return 1;
+
+    if ((e = ENGINE_by_id(name)) == NULL)
+        goto err;
+    if (strcmp(name, "chil") == 0)
+        ENGINE_ctrl(e, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0);
+    if (!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+        goto err;
+    ret = 1;
+
+ err:
+    if (!ret) {
+        TSerr(TS_F_TS_CONF_SET_DEFAULT_ENGINE, TS_R_COULD_NOT_SET_ENGINE);
+        ERR_add_error_data(2, "engine:", name);
+    }
+    ENGINE_free(e);
+    return ret;
+}
+
+#endif
+
+int TS_CONF_set_signer_cert(CONF *conf, const char *section,
+                            const char *cert, TS_RESP_CTX *ctx)
+{
+    int ret = 0;
+    X509 *cert_obj = NULL;
+
+    if (cert == NULL) {
+        cert = NCONF_get_string(conf, section, ENV_SIGNER_CERT);
+        if (cert == NULL) {
+            ts_CONF_lookup_fail(section, ENV_SIGNER_CERT);
+            goto err;
+        }
+    }
+    if ((cert_obj = TS_CONF_load_cert(cert)) == NULL)
+        goto err;
+    if (!TS_RESP_CTX_set_signer_cert(ctx, cert_obj))
+        goto err;
+
+    ret = 1;
+ err:
+    X509_free(cert_obj);
+    return ret;
+}
+
+int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs,
+                      TS_RESP_CTX *ctx)
+{
+    int ret = 0;
+    STACK_OF(X509) *certs_obj = NULL;
+
+    if (certs == NULL) {
+        /* Certificate chain is optional. */
+        if ((certs = NCONF_get_string(conf, section, ENV_CERTS)) == NULL)
+            goto end;
+    }
+    if ((certs_obj = TS_CONF_load_certs(certs)) == NULL)
+        goto err;
+    if (!TS_RESP_CTX_set_certs(ctx, certs_obj))
+        goto err;
+ end:
+    ret = 1;
+ err:
+    sk_X509_pop_free(certs_obj, X509_free);
+    return ret;
+}
+
+int TS_CONF_set_signer_key(CONF *conf, const char *section,
+                           const char *key, const char *pass,
+                           TS_RESP_CTX *ctx)
+{
+    int ret = 0;
+    EVP_PKEY *key_obj = NULL;
+    if (!key)
+        key = NCONF_get_string(conf, section, ENV_SIGNER_KEY);
+    if (!key) {
+        ts_CONF_lookup_fail(section, ENV_SIGNER_KEY);
+        goto err;
+    }
+    if ((key_obj = TS_CONF_load_key(key, pass)) == NULL)
+        goto err;
+    if (!TS_RESP_CTX_set_signer_key(ctx, key_obj))
+        goto err;
+
+    ret = 1;
+ err:
+    EVP_PKEY_free(key_obj);
+    return ret;
+}
+
+int TS_CONF_set_signer_digest(CONF *conf, const char *section,
+                              const char *md, TS_RESP_CTX *ctx)
+{
+    int ret = 0;
+    const EVP_MD *sign_md = NULL;
+    if (md == NULL)
+        md = NCONF_get_string(conf, section, ENV_SIGNER_DIGEST);
+    if (md == NULL) {
+        ts_CONF_lookup_fail(section, ENV_SIGNER_DIGEST);
+        goto err;
+    }
+    sign_md = EVP_get_digestbyname(md);
+    if (sign_md == NULL) {
+        ts_CONF_invalid(section, ENV_SIGNER_DIGEST);
+        goto err;
+    }
+    if (!TS_RESP_CTX_set_signer_digest(ctx, sign_md))
+        goto err;
+
+    ret = 1;
+ err:
+    return ret;
+}
+
+int TS_CONF_set_def_policy(CONF *conf, const char *section,
+                           const char *policy, TS_RESP_CTX *ctx)
+{
+    int ret = 0;
+    ASN1_OBJECT *policy_obj = NULL;
+    if (!policy)
+        policy = NCONF_get_string(conf, section, ENV_DEFAULT_POLICY);
+    if (!policy) {
+        ts_CONF_lookup_fail(section, ENV_DEFAULT_POLICY);
+        goto err;
+    }
+    if ((policy_obj = OBJ_txt2obj(policy, 0)) == NULL) {
+        ts_CONF_invalid(section, ENV_DEFAULT_POLICY);
+        goto err;
+    }
+    if (!TS_RESP_CTX_set_def_policy(ctx, policy_obj))
+        goto err;
+
+    ret = 1;
+ err:
+    ASN1_OBJECT_free(policy_obj);
+    return ret;
+}
+
+int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx)
+{
+    int ret = 0;
+    int i;
+    STACK_OF(CONF_VALUE) *list = NULL;
+    char *policies = NCONF_get_string(conf, section, ENV_OTHER_POLICIES);
+
+    /* If no other policy is specified, that's fine. */
+    if (policies && (list = X509V3_parse_list(policies)) == NULL) {
+        ts_CONF_invalid(section, ENV_OTHER_POLICIES);
+        goto err;
+    }
+    for (i = 0; i < sk_CONF_VALUE_num(list); ++i) {
+        CONF_VALUE *val = sk_CONF_VALUE_value(list, i);
+        const char *extval = val->value ? val->value : val->name;
+        ASN1_OBJECT *objtmp;
+
+        if ((objtmp = OBJ_txt2obj(extval, 0)) == NULL) {
+            ts_CONF_invalid(section, ENV_OTHER_POLICIES);
+            goto err;
+        }
+        if (!TS_RESP_CTX_add_policy(ctx, objtmp))
+            goto err;
+        ASN1_OBJECT_free(objtmp);
+    }
+
+    ret = 1;
+ err:
+    sk_CONF_VALUE_pop_free(list, X509V3_conf_free);
+    return ret;
+}
+
+int TS_CONF_set_digests(CONF *conf, const char *section, TS_RESP_CTX *ctx)
+{
+    int ret = 0;
+    int i;
+    STACK_OF(CONF_VALUE) *list = NULL;
+    char *digests = NCONF_get_string(conf, section, ENV_DIGESTS);
+
+    if (digests == NULL) {
+        ts_CONF_lookup_fail(section, ENV_DIGESTS);
+        goto err;
+    }
+    if ((list = X509V3_parse_list(digests)) == NULL) {
+        ts_CONF_invalid(section, ENV_DIGESTS);
+        goto err;
+    }
+    if (sk_CONF_VALUE_num(list) == 0) {
+        ts_CONF_invalid(section, ENV_DIGESTS);
+        goto err;
+    }
+    for (i = 0; i < sk_CONF_VALUE_num(list); ++i) {
+        CONF_VALUE *val = sk_CONF_VALUE_value(list, i);
+        const char *extval = val->value ? val->value : val->name;
+        const EVP_MD *md;
+
+        if ((md = EVP_get_digestbyname(extval)) == NULL) {
+            ts_CONF_invalid(section, ENV_DIGESTS);
+            goto err;
+        }
+        if (!TS_RESP_CTX_add_md(ctx, md))
+            goto err;
+    }
+
+    ret = 1;
+ err:
+    sk_CONF_VALUE_pop_free(list, X509V3_conf_free);
+    return ret;
+}
+
+int TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx)
+{
+    int ret = 0;
+    int i;
+    int secs = 0, millis = 0, micros = 0;
+    STACK_OF(CONF_VALUE) *list = NULL;
+    char *accuracy = NCONF_get_string(conf, section, ENV_ACCURACY);
+
+    if (accuracy && (list = X509V3_parse_list(accuracy)) == NULL) {
+        ts_CONF_invalid(section, ENV_ACCURACY);
+        goto err;
+    }
+    for (i = 0; i < sk_CONF_VALUE_num(list); ++i) {
+        CONF_VALUE *val = sk_CONF_VALUE_value(list, i);
+        if (strcmp(val->name, ENV_VALUE_SECS) == 0) {
+            if (val->value)
+                secs = atoi(val->value);
+        } else if (strcmp(val->name, ENV_VALUE_MILLISECS) == 0) {
+            if (val->value)
+                millis = atoi(val->value);
+        } else if (strcmp(val->name, ENV_VALUE_MICROSECS) == 0) {
+            if (val->value)
+                micros = atoi(val->value);
+        } else {
+            ts_CONF_invalid(section, ENV_ACCURACY);
+            goto err;
+        }
+    }
+    if (!TS_RESP_CTX_set_accuracy(ctx, secs, millis, micros))
+        goto err;
+
+    ret = 1;
+ err:
+    sk_CONF_VALUE_pop_free(list, X509V3_conf_free);
+    return ret;
+}
+
+int TS_CONF_set_clock_precision_digits(CONF *conf, const char *section,
+                                       TS_RESP_CTX *ctx)
+{
+    int ret = 0;
+    long digits = 0;
+
+    /*
+     * If not specified, set the default value to 0, i.e. sec precision
+     */
+    if (!NCONF_get_number_e(conf, section, ENV_CLOCK_PRECISION_DIGITS,
+                            &digits))
+        digits = 0;
+    if (digits < 0 || digits > TS_MAX_CLOCK_PRECISION_DIGITS) {
+        ts_CONF_invalid(section, ENV_CLOCK_PRECISION_DIGITS);
+        goto err;
+    }
+
+    if (!TS_RESP_CTX_set_clock_precision_digits(ctx, digits))
+        goto err;
+
+    return 1;
+ err:
+    return ret;
+}
+
+static int ts_CONF_add_flag(CONF *conf, const char *section,
+                            const char *field, int flag, TS_RESP_CTX *ctx)
+{
+    const char *value = NCONF_get_string(conf, section, field);
+
+    if (value) {
+        if (strcmp(value, ENV_VALUE_YES) == 0)
+            TS_RESP_CTX_add_flags(ctx, flag);
+        else if (strcmp(value, ENV_VALUE_NO) != 0) {
+            ts_CONF_invalid(section, field);
+            return 0;
+        }
+    }
+
+    return 1;
+}
+
+int TS_CONF_set_ordering(CONF *conf, const char *section, TS_RESP_CTX *ctx)
+{
+    return ts_CONF_add_flag(conf, section, ENV_ORDERING, TS_ORDERING, ctx);
+}
+
+int TS_CONF_set_tsa_name(CONF *conf, const char *section, TS_RESP_CTX *ctx)
+{
+    return ts_CONF_add_flag(conf, section, ENV_TSA_NAME, TS_TSA_NAME, ctx);
+}
+
+int TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section,
+                                  TS_RESP_CTX *ctx)
+{
+    return ts_CONF_add_flag(conf, section, ENV_ESS_CERT_ID_CHAIN,
+                            TS_ESS_CERT_ID_CHAIN, ctx);
+}
+
+int TS_CONF_set_ess_cert_id_digest(CONF *conf, const char *section,
+                                   TS_RESP_CTX *ctx)
+{
+    int ret = 0;
+    const EVP_MD *cert_md = NULL;
+    const char *md = NCONF_get_string(conf, section, ENV_ESS_CERT_ID_ALG);
+
+    if (md == NULL)
+        md = "sha1";
+
+    cert_md = EVP_get_digestbyname(md);
+    if (cert_md == NULL) {
+        ts_CONF_invalid(section, ENV_ESS_CERT_ID_ALG);
+        goto err;
+    }
+
+    if (!TS_RESP_CTX_set_ess_cert_id_digest(ctx, cert_md))
+        goto err;
+
+    ret = 1;
+err:
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_err.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_err.c
new file mode 100644
index 000000000..1f3854d84
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_err.c
@@ -0,0 +1,184 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/tserr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA TS_str_functs[] = {
+    {ERR_PACK(ERR_LIB_TS, TS_F_DEF_SERIAL_CB, 0), "def_serial_cb"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_DEF_TIME_CB, 0), "def_time_cb"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_ESS_ADD_SIGNING_CERT, 0),
+     "ess_add_signing_cert"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_ESS_ADD_SIGNING_CERT_V2, 0),
+     "ess_add_signing_cert_v2"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_ESS_CERT_ID_NEW_INIT, 0),
+     "ess_CERT_ID_new_init"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_ESS_CERT_ID_V2_NEW_INIT, 0),
+     "ess_cert_id_v2_new_init"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_ESS_SIGNING_CERT_NEW_INIT, 0),
+     "ess_SIGNING_CERT_new_init"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_ESS_SIGNING_CERT_V2_NEW_INIT, 0),
+     "ess_signing_cert_v2_new_init"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_INT_TS_RESP_VERIFY_TOKEN, 0),
+     "int_ts_RESP_verify_token"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_PKCS7_TO_TS_TST_INFO, 0),
+     "PKCS7_to_TS_TST_INFO"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_ACCURACY_SET_MICROS, 0),
+     "TS_ACCURACY_set_micros"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_ACCURACY_SET_MILLIS, 0),
+     "TS_ACCURACY_set_millis"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_ACCURACY_SET_SECONDS, 0),
+     "TS_ACCURACY_set_seconds"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_CHECK_IMPRINTS, 0), "ts_check_imprints"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_CHECK_NONCES, 0), "ts_check_nonces"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_CHECK_POLICY, 0), "ts_check_policy"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_CHECK_SIGNING_CERTS, 0),
+     "ts_check_signing_certs"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_CHECK_STATUS_INFO, 0),
+     "ts_check_status_info"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_COMPUTE_IMPRINT, 0), "ts_compute_imprint"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_CONF_INVALID, 0), "ts_CONF_invalid"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_CONF_LOAD_CERT, 0), "TS_CONF_load_cert"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_CONF_LOAD_CERTS, 0), "TS_CONF_load_certs"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_CONF_LOAD_KEY, 0), "TS_CONF_load_key"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_CONF_LOOKUP_FAIL, 0), "ts_CONF_lookup_fail"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_CONF_SET_DEFAULT_ENGINE, 0),
+     "TS_CONF_set_default_engine"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_GET_STATUS_TEXT, 0), "ts_get_status_text"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_MSG_IMPRINT_SET_ALGO, 0),
+     "TS_MSG_IMPRINT_set_algo"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_REQ_SET_MSG_IMPRINT, 0),
+     "TS_REQ_set_msg_imprint"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_REQ_SET_NONCE, 0), "TS_REQ_set_nonce"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_REQ_SET_POLICY_ID, 0),
+     "TS_REQ_set_policy_id"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CREATE_RESPONSE, 0),
+     "TS_RESP_create_response"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CREATE_TST_INFO, 0),
+     "ts_RESP_create_tst_info"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_ADD_FAILURE_INFO, 0),
+     "TS_RESP_CTX_add_failure_info"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_ADD_MD, 0), "TS_RESP_CTX_add_md"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_ADD_POLICY, 0),
+     "TS_RESP_CTX_add_policy"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_NEW, 0), "TS_RESP_CTX_new"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_SET_ACCURACY, 0),
+     "TS_RESP_CTX_set_accuracy"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_SET_CERTS, 0),
+     "TS_RESP_CTX_set_certs"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_SET_DEF_POLICY, 0),
+     "TS_RESP_CTX_set_def_policy"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_SET_SIGNER_CERT, 0),
+     "TS_RESP_CTX_set_signer_cert"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_SET_STATUS_INFO, 0),
+     "TS_RESP_CTX_set_status_info"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_GET_POLICY, 0), "ts_RESP_get_policy"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION, 0),
+     "TS_RESP_set_genTime_with_precision"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_SET_STATUS_INFO, 0),
+     "TS_RESP_set_status_info"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_SET_TST_INFO, 0),
+     "TS_RESP_set_tst_info"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_SIGN, 0), "ts_RESP_sign"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_VERIFY_SIGNATURE, 0),
+     "TS_RESP_verify_signature"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_TST_INFO_SET_ACCURACY, 0),
+     "TS_TST_INFO_set_accuracy"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_TST_INFO_SET_MSG_IMPRINT, 0),
+     "TS_TST_INFO_set_msg_imprint"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_TST_INFO_SET_NONCE, 0),
+     "TS_TST_INFO_set_nonce"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_TST_INFO_SET_POLICY_ID, 0),
+     "TS_TST_INFO_set_policy_id"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_TST_INFO_SET_SERIAL, 0),
+     "TS_TST_INFO_set_serial"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_TST_INFO_SET_TIME, 0),
+     "TS_TST_INFO_set_time"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_TST_INFO_SET_TSA, 0), "TS_TST_INFO_set_tsa"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_VERIFY, 0), ""},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_VERIFY_CERT, 0), "ts_verify_cert"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_VERIFY_CTX_NEW, 0), "TS_VERIFY_CTX_new"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA TS_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_BAD_PKCS7_TYPE), "bad pkcs7 type"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_BAD_TYPE), "bad type"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_CANNOT_LOAD_CERT), "cannot load certificate"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_CANNOT_LOAD_KEY), "cannot load private key"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_CERTIFICATE_VERIFY_ERROR),
+    "certificate verify error"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_COULD_NOT_SET_ENGINE),
+    "could not set engine"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_COULD_NOT_SET_TIME), "could not set time"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_DETACHED_CONTENT), "detached content"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_ESS_ADD_SIGNING_CERT_ERROR),
+    "ess add signing cert error"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_ESS_ADD_SIGNING_CERT_V2_ERROR),
+    "ess add signing cert v2 error"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_ESS_SIGNING_CERTIFICATE_ERROR),
+    "ess signing certificate error"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_INVALID_NULL_POINTER),
+    "invalid null pointer"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE),
+    "invalid signer certificate purpose"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_MESSAGE_IMPRINT_MISMATCH),
+    "message imprint mismatch"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_NONCE_MISMATCH), "nonce mismatch"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_NONCE_NOT_RETURNED), "nonce not returned"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_NO_CONTENT), "no content"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_NO_TIME_STAMP_TOKEN), "no time stamp token"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_PKCS7_ADD_SIGNATURE_ERROR),
+    "pkcs7 add signature error"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR),
+    "pkcs7 add signed attr error"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_PKCS7_TO_TS_TST_INFO_FAILED),
+    "pkcs7 to ts tst info failed"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_POLICY_MISMATCH), "policy mismatch"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),
+    "private key does not match certificate"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_RESPONSE_SETUP_ERROR),
+    "response setup error"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_SIGNATURE_FAILURE), "signature failure"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_THERE_MUST_BE_ONE_SIGNER),
+    "there must be one signer"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_TIME_SYSCALL_ERROR), "time syscall error"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_TOKEN_NOT_PRESENT), "token not present"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_TOKEN_PRESENT), "token present"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_TSA_NAME_MISMATCH), "tsa name mismatch"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_TSA_UNTRUSTED), "tsa untrusted"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_TST_INFO_SETUP_ERROR),
+    "tst info setup error"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_TS_DATASIGN), "ts datasign"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_UNACCEPTABLE_POLICY), "unacceptable policy"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_UNSUPPORTED_MD_ALGORITHM),
+    "unsupported md algorithm"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_UNSUPPORTED_VERSION), "unsupported version"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_VAR_BAD_VALUE), "var bad value"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_VAR_LOOKUP_FAILURE),
+    "cannot find config variable"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_WRONG_CONTENT_TYPE), "wrong content type"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_TS_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(TS_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(TS_str_functs);
+        ERR_load_strings_const(TS_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_lcl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_lcl.h
new file mode 100644
index 000000000..771784fef
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_lcl.h
@@ -0,0 +1,211 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*-
+ * MessageImprint ::= SEQUENCE  {
+ *      hashAlgorithm                AlgorithmIdentifier,
+ *      hashedMessage                OCTET STRING  }
+ */
+struct TS_msg_imprint_st {
+    X509_ALGOR *hash_algo;
+    ASN1_OCTET_STRING *hashed_msg;
+};
+
+/*-
+ * TimeStampResp ::= SEQUENCE  {
+ *     status                  PKIStatusInfo,
+ *     timeStampToken          TimeStampToken     OPTIONAL }
+ */
+struct TS_resp_st {
+    TS_STATUS_INFO *status_info;
+    PKCS7 *token;
+    TS_TST_INFO *tst_info;
+};
+
+/*-
+ * TimeStampReq ::= SEQUENCE  {
+ *    version                  INTEGER  { v1(1) },
+ *    messageImprint           MessageImprint,
+ *      --a hash algorithm OID and the hash value of the data to be
+ *      --time-stamped
+ *    reqPolicy                TSAPolicyId                OPTIONAL,
+ *    nonce                    INTEGER                    OPTIONAL,
+ *    certReq                  BOOLEAN                    DEFAULT FALSE,
+ *    extensions               [0] IMPLICIT Extensions    OPTIONAL  }
+ */
+struct TS_req_st {
+    ASN1_INTEGER *version;
+    TS_MSG_IMPRINT *msg_imprint;
+    ASN1_OBJECT *policy_id;
+    ASN1_INTEGER *nonce;
+    ASN1_BOOLEAN cert_req;
+    STACK_OF(X509_EXTENSION) *extensions;
+};
+
+/*-
+ * Accuracy ::= SEQUENCE {
+ *                 seconds        INTEGER           OPTIONAL,
+ *                 millis     [0] INTEGER  (1..999) OPTIONAL,
+ *                 micros     [1] INTEGER  (1..999) OPTIONAL  }
+ */
+struct TS_accuracy_st {
+    ASN1_INTEGER *seconds;
+    ASN1_INTEGER *millis;
+    ASN1_INTEGER *micros;
+};
+
+/*-
+ * TSTInfo ::= SEQUENCE  {
+ *     version                      INTEGER  { v1(1) },
+ *     policy                       TSAPolicyId,
+ *     messageImprint               MessageImprint,
+ *       -- MUST have the same value as the similar field in
+ *       -- TimeStampReq
+ *     serialNumber                 INTEGER,
+ *      -- Time-Stamping users MUST be ready to accommodate integers
+ *      -- up to 160 bits.
+ *     genTime                      GeneralizedTime,
+ *     accuracy                     Accuracy                 OPTIONAL,
+ *     ordering                     BOOLEAN             DEFAULT FALSE,
+ *     nonce                        INTEGER                  OPTIONAL,
+ *       -- MUST be present if the similar field was present
+ *       -- in TimeStampReq.  In that case it MUST have the same value.
+ *     tsa                          [0] GeneralName          OPTIONAL,
+ *     extensions                   [1] IMPLICIT Extensions  OPTIONAL   }
+ */
+struct TS_tst_info_st {
+    ASN1_INTEGER *version;
+    ASN1_OBJECT *policy_id;
+    TS_MSG_IMPRINT *msg_imprint;
+    ASN1_INTEGER *serial;
+    ASN1_GENERALIZEDTIME *time;
+    TS_ACCURACY *accuracy;
+    ASN1_BOOLEAN ordering;
+    ASN1_INTEGER *nonce;
+    GENERAL_NAME *tsa;
+    STACK_OF(X509_EXTENSION) *extensions;
+};
+
+struct TS_status_info_st {
+    ASN1_INTEGER *status;
+    STACK_OF(ASN1_UTF8STRING) *text;
+    ASN1_BIT_STRING *failure_info;
+};
+
+/*-
+ * IssuerSerial ::= SEQUENCE {
+ *         issuer                   GeneralNames,
+ *         serialNumber             CertificateSerialNumber
+ *         }
+ */
+struct ESS_issuer_serial {
+    STACK_OF(GENERAL_NAME) *issuer;
+    ASN1_INTEGER *serial;
+};
+
+/*-
+ * ESSCertID ::=  SEQUENCE {
+ *         certHash                 Hash,
+ *         issuerSerial             IssuerSerial OPTIONAL
+ * }
+ */
+struct ESS_cert_id {
+    ASN1_OCTET_STRING *hash;    /* Always SHA-1 digest. */
+    ESS_ISSUER_SERIAL *issuer_serial;
+};
+
+/*-
+ * SigningCertificate ::=  SEQUENCE {
+ *        certs        SEQUENCE OF ESSCertID,
+ *        policies     SEQUENCE OF PolicyInformation OPTIONAL
+ * }
+ */
+struct ESS_signing_cert {
+    STACK_OF(ESS_CERT_ID) *cert_ids;
+    STACK_OF(POLICYINFO) *policy_info;
+};
+
+/*-
+ * ESSCertIDv2 ::=  SEQUENCE {
+ *        hashAlgorithm           AlgorithmIdentifier
+ *                DEFAULT {algorithm id-sha256},
+ *        certHash                Hash,
+ *        issuerSerial            IssuerSerial OPTIONAL
+ * }
+ */
+
+struct ESS_cert_id_v2_st {
+    X509_ALGOR *hash_alg;       /* Default: SHA-256 */
+    ASN1_OCTET_STRING *hash;
+    ESS_ISSUER_SERIAL *issuer_serial;
+};
+
+/*-
+ * SigningCertificateV2 ::= SEQUENCE {
+ *        certs                   SEQUENCE OF ESSCertIDv2,
+ *        policies                SEQUENCE OF PolicyInformation OPTIONAL
+ * }
+ */
+
+struct ESS_signing_cert_v2_st {
+    STACK_OF(ESS_CERT_ID_V2) *cert_ids;
+    STACK_OF(POLICYINFO) *policy_info;
+};
+
+
+struct TS_resp_ctx {
+    X509 *signer_cert;
+    EVP_PKEY *signer_key;
+    const EVP_MD *signer_md;
+    const EVP_MD *ess_cert_id_digest;
+    STACK_OF(X509) *certs;      /* Certs to include in signed data. */
+    STACK_OF(ASN1_OBJECT) *policies; /* Acceptable policies. */
+    ASN1_OBJECT *default_policy; /* It may appear in policies, too. */
+    STACK_OF(EVP_MD) *mds;      /* Acceptable message digests. */
+    ASN1_INTEGER *seconds;      /* accuracy, 0 means not specified. */
+    ASN1_INTEGER *millis;       /* accuracy, 0 means not specified. */
+    ASN1_INTEGER *micros;       /* accuracy, 0 means not specified. */
+    unsigned clock_precision_digits; /* fraction of seconds in time stamp
+                                      * token. */
+    unsigned flags;             /* Optional info, see values above. */
+    /* Callback functions. */
+    TS_serial_cb serial_cb;
+    void *serial_cb_data;       /* User data for serial_cb. */
+    TS_time_cb time_cb;
+    void *time_cb_data;         /* User data for time_cb. */
+    TS_extension_cb extension_cb;
+    void *extension_cb_data;    /* User data for extension_cb. */
+    /* These members are used only while creating the response. */
+    TS_REQ *request;
+    TS_RESP *response;
+    TS_TST_INFO *tst_info;
+};
+
+struct TS_verify_ctx {
+    /* Set this to the union of TS_VFY_... flags you want to carry out. */
+    unsigned flags;
+    /* Must be set only with TS_VFY_SIGNATURE. certs is optional. */
+    X509_STORE *store;
+    STACK_OF(X509) *certs;
+    /* Must be set only with TS_VFY_POLICY. */
+    ASN1_OBJECT *policy;
+    /*
+     * Must be set only with TS_VFY_IMPRINT. If md_alg is NULL, the
+     * algorithm from the response is used.
+     */
+    X509_ALGOR *md_alg;
+    unsigned char *imprint;
+    unsigned imprint_len;
+    /* Must be set only with TS_VFY_DATA. */
+    BIO *data;
+    /* Must be set only with TS_VFY_TSA_NAME. */
+    ASN1_INTEGER *nonce;
+    /* Must be set only with TS_VFY_TSA_NAME. */
+    GENERAL_NAME *tsa_name;
+};
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_lib.c
new file mode 100644
index 000000000..ce2e12c59
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_lib.c
@@ -0,0 +1,92 @@
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/bn.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/ts.h>
+#include "ts_lcl.h"
+
+int TS_ASN1_INTEGER_print_bio(BIO *bio, const ASN1_INTEGER *num)
+{
+    BIGNUM *num_bn;
+    int result = 0;
+    char *hex;
+
+    num_bn = ASN1_INTEGER_to_BN(num, NULL);
+    if (num_bn == NULL)
+        return -1;
+    if ((hex = BN_bn2hex(num_bn))) {
+        result = BIO_write(bio, "0x", 2) > 0;
+        result = result && BIO_write(bio, hex, strlen(hex)) > 0;
+        OPENSSL_free(hex);
+    }
+    BN_free(num_bn);
+
+    return result;
+}
+
+int TS_OBJ_print_bio(BIO *bio, const ASN1_OBJECT *obj)
+{
+    char obj_txt[128];
+
+    OBJ_obj2txt(obj_txt, sizeof(obj_txt), obj, 0);
+    BIO_printf(bio, "%s\n", obj_txt);
+
+    return 1;
+}
+
+int TS_ext_print_bio(BIO *bio, const STACK_OF(X509_EXTENSION) *extensions)
+{
+    int i, critical, n;
+    X509_EXTENSION *ex;
+    ASN1_OBJECT *obj;
+
+    BIO_printf(bio, "Extensions:\n");
+    n = X509v3_get_ext_count(extensions);
+    for (i = 0; i < n; i++) {
+        ex = X509v3_get_ext(extensions, i);
+        obj = X509_EXTENSION_get_object(ex);
+        if (i2a_ASN1_OBJECT(bio, obj) < 0)
+            return 0;
+        critical = X509_EXTENSION_get_critical(ex);
+        BIO_printf(bio, ":%s\n", critical ? " critical" : "");
+        if (!X509V3_EXT_print(bio, ex, 0, 4)) {
+            BIO_printf(bio, "%4s", "");
+            ASN1_STRING_print(bio, X509_EXTENSION_get_data(ex));
+        }
+        BIO_write(bio, "\n", 1);
+    }
+
+    return 1;
+}
+
+int TS_X509_ALGOR_print_bio(BIO *bio, const X509_ALGOR *alg)
+{
+    int i = OBJ_obj2nid(alg->algorithm);
+    return BIO_printf(bio, "Hash Algorithm: %s\n",
+                      (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i));
+}
+
+int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *a)
+{
+    ASN1_OCTET_STRING *msg;
+
+    TS_X509_ALGOR_print_bio(bio, a->hash_algo);
+
+    BIO_printf(bio, "Message data:\n");
+    msg = a->hashed_msg;
+    BIO_dump_indent(bio, (const char *)ASN1_STRING_get0_data(msg),
+                    ASN1_STRING_length(msg), 4);
+
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_req_print.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_req_print.c
new file mode 100644
index 000000000..0dedf47d9
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_req_print.c
@@ -0,0 +1,51 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/bn.h>
+#include <openssl/x509v3.h>
+#include <openssl/ts.h>
+#include "ts_lcl.h"
+
+int TS_REQ_print_bio(BIO *bio, TS_REQ *a)
+{
+    int v;
+    ASN1_OBJECT *policy_id;
+
+    if (a == NULL)
+        return 0;
+
+    v = TS_REQ_get_version(a);
+    BIO_printf(bio, "Version: %d\n", v);
+
+    TS_MSG_IMPRINT_print_bio(bio, a->msg_imprint);
+
+    BIO_printf(bio, "Policy OID: ");
+    policy_id = TS_REQ_get_policy_id(a);
+    if (policy_id == NULL)
+        BIO_printf(bio, "unspecified\n");
+    else
+        TS_OBJ_print_bio(bio, policy_id);
+
+    BIO_printf(bio, "Nonce: ");
+    if (a->nonce == NULL)
+        BIO_printf(bio, "unspecified");
+    else
+        TS_ASN1_INTEGER_print_bio(bio, a->nonce);
+    BIO_write(bio, "\n", 1);
+
+    BIO_printf(bio, "Certificate required: %s\n",
+               a->cert_req ? "yes" : "no");
+
+    TS_ext_print_bio(bio, a->extensions);
+
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_req_utils.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_req_utils.c
new file mode 100644
index 000000000..2073d3395
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_req_utils.c
@@ -0,0 +1,183 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/x509v3.h>
+#include <openssl/ts.h>
+#include "ts_lcl.h"
+
+int TS_REQ_set_version(TS_REQ *a, long version)
+{
+    return ASN1_INTEGER_set(a->version, version);
+}
+
+long TS_REQ_get_version(const TS_REQ *a)
+{
+    return ASN1_INTEGER_get(a->version);
+}
+
+int TS_REQ_set_msg_imprint(TS_REQ *a, TS_MSG_IMPRINT *msg_imprint)
+{
+    TS_MSG_IMPRINT *new_msg_imprint;
+
+    if (a->msg_imprint == msg_imprint)
+        return 1;
+    new_msg_imprint = TS_MSG_IMPRINT_dup(msg_imprint);
+    if (new_msg_imprint == NULL) {
+        TSerr(TS_F_TS_REQ_SET_MSG_IMPRINT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    TS_MSG_IMPRINT_free(a->msg_imprint);
+    a->msg_imprint = new_msg_imprint;
+    return 1;
+}
+
+TS_MSG_IMPRINT *TS_REQ_get_msg_imprint(TS_REQ *a)
+{
+    return a->msg_imprint;
+}
+
+int TS_MSG_IMPRINT_set_algo(TS_MSG_IMPRINT *a, X509_ALGOR *alg)
+{
+    X509_ALGOR *new_alg;
+
+    if (a->hash_algo == alg)
+        return 1;
+    new_alg = X509_ALGOR_dup(alg);
+    if (new_alg == NULL) {
+        TSerr(TS_F_TS_MSG_IMPRINT_SET_ALGO, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    X509_ALGOR_free(a->hash_algo);
+    a->hash_algo = new_alg;
+    return 1;
+}
+
+X509_ALGOR *TS_MSG_IMPRINT_get_algo(TS_MSG_IMPRINT *a)
+{
+    return a->hash_algo;
+}
+
+int TS_MSG_IMPRINT_set_msg(TS_MSG_IMPRINT *a, unsigned char *d, int len)
+{
+    return ASN1_OCTET_STRING_set(a->hashed_msg, d, len);
+}
+
+ASN1_OCTET_STRING *TS_MSG_IMPRINT_get_msg(TS_MSG_IMPRINT *a)
+{
+    return a->hashed_msg;
+}
+
+int TS_REQ_set_policy_id(TS_REQ *a, const ASN1_OBJECT *policy)
+{
+    ASN1_OBJECT *new_policy;
+
+    if (a->policy_id == policy)
+        return 1;
+    new_policy = OBJ_dup(policy);
+    if (new_policy == NULL) {
+        TSerr(TS_F_TS_REQ_SET_POLICY_ID, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ASN1_OBJECT_free(a->policy_id);
+    a->policy_id = new_policy;
+    return 1;
+}
+
+ASN1_OBJECT *TS_REQ_get_policy_id(TS_REQ *a)
+{
+    return a->policy_id;
+}
+
+int TS_REQ_set_nonce(TS_REQ *a, const ASN1_INTEGER *nonce)
+{
+    ASN1_INTEGER *new_nonce;
+
+    if (a->nonce == nonce)
+        return 1;
+    new_nonce = ASN1_INTEGER_dup(nonce);
+    if (new_nonce == NULL) {
+        TSerr(TS_F_TS_REQ_SET_NONCE, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ASN1_INTEGER_free(a->nonce);
+    a->nonce = new_nonce;
+    return 1;
+}
+
+const ASN1_INTEGER *TS_REQ_get_nonce(const TS_REQ *a)
+{
+    return a->nonce;
+}
+
+int TS_REQ_set_cert_req(TS_REQ *a, int cert_req)
+{
+    a->cert_req = cert_req ? 0xFF : 0x00;
+    return 1;
+}
+
+int TS_REQ_get_cert_req(const TS_REQ *a)
+{
+    return a->cert_req ? 1 : 0;
+}
+
+STACK_OF(X509_EXTENSION) *TS_REQ_get_exts(TS_REQ *a)
+{
+    return a->extensions;
+}
+
+void TS_REQ_ext_free(TS_REQ *a)
+{
+    if (!a)
+        return;
+    sk_X509_EXTENSION_pop_free(a->extensions, X509_EXTENSION_free);
+    a->extensions = NULL;
+}
+
+int TS_REQ_get_ext_count(TS_REQ *a)
+{
+    return X509v3_get_ext_count(a->extensions);
+}
+
+int TS_REQ_get_ext_by_NID(TS_REQ *a, int nid, int lastpos)
+{
+    return X509v3_get_ext_by_NID(a->extensions, nid, lastpos);
+}
+
+int TS_REQ_get_ext_by_OBJ(TS_REQ *a, const ASN1_OBJECT *obj, int lastpos)
+{
+    return X509v3_get_ext_by_OBJ(a->extensions, obj, lastpos);
+}
+
+int TS_REQ_get_ext_by_critical(TS_REQ *a, int crit, int lastpos)
+{
+    return X509v3_get_ext_by_critical(a->extensions, crit, lastpos);
+}
+
+X509_EXTENSION *TS_REQ_get_ext(TS_REQ *a, int loc)
+{
+    return X509v3_get_ext(a->extensions, loc);
+}
+
+X509_EXTENSION *TS_REQ_delete_ext(TS_REQ *a, int loc)
+{
+    return X509v3_delete_ext(a->extensions, loc);
+}
+
+int TS_REQ_add_ext(TS_REQ *a, X509_EXTENSION *ex, int loc)
+{
+    return X509v3_add_ext(&a->extensions, ex, loc) != NULL;
+}
+
+void *TS_REQ_get_ext_d2i(TS_REQ *a, int nid, int *crit, int *idx)
+{
+    return X509V3_get_d2i(a->extensions, nid, crit, idx);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_rsp_print.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_rsp_print.c
new file mode 100644
index 000000000..6eb0ec8d7
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_rsp_print.c
@@ -0,0 +1,195 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/bn.h>
+#include <openssl/x509v3.h>
+#include <openssl/ts.h>
+#include "ts_lcl.h"
+
+struct status_map_st {
+    int bit;
+    const char *text;
+};
+
+static int ts_status_map_print(BIO *bio, const struct status_map_st *a,
+                               const ASN1_BIT_STRING *v);
+static int ts_ACCURACY_print_bio(BIO *bio, const TS_ACCURACY *accuracy);
+
+
+int TS_RESP_print_bio(BIO *bio, TS_RESP *a)
+{
+    BIO_printf(bio, "Status info:\n");
+    TS_STATUS_INFO_print_bio(bio, a->status_info);
+
+    BIO_printf(bio, "\nTST info:\n");
+    if (a->tst_info != NULL)
+        TS_TST_INFO_print_bio(bio, a->tst_info);
+    else
+        BIO_printf(bio, "Not included.\n");
+
+    return 1;
+}
+
+int TS_STATUS_INFO_print_bio(BIO *bio, TS_STATUS_INFO *a)
+{
+    static const char *status_map[] = {
+        "Granted.",
+        "Granted with modifications.",
+        "Rejected.",
+        "Waiting.",
+        "Revocation warning.",
+        "Revoked."
+    };
+    static const struct status_map_st failure_map[] = {
+        {TS_INFO_BAD_ALG,
+         "unrecognized or unsupported algorithm identifier"},
+        {TS_INFO_BAD_REQUEST,
+         "transaction not permitted or supported"},
+        {TS_INFO_BAD_DATA_FORMAT,
+         "the data submitted has the wrong format"},
+        {TS_INFO_TIME_NOT_AVAILABLE,
+         "the TSA's time source is not available"},
+        {TS_INFO_UNACCEPTED_POLICY,
+         "the requested TSA policy is not supported by the TSA"},
+        {TS_INFO_UNACCEPTED_EXTENSION,
+         "the requested extension is not supported by the TSA"},
+        {TS_INFO_ADD_INFO_NOT_AVAILABLE,
+         "the additional information requested could not be understood "
+         "or is not available"},
+        {TS_INFO_SYSTEM_FAILURE,
+         "the request cannot be handled due to system failure"},
+        {-1, NULL}
+    };
+    long status;
+    int i, lines = 0;
+
+    BIO_printf(bio, "Status: ");
+    status = ASN1_INTEGER_get(a->status);
+    if (0 <= status && status < (long)OSSL_NELEM(status_map))
+        BIO_printf(bio, "%s\n", status_map[status]);
+    else
+        BIO_printf(bio, "out of bounds\n");
+
+    BIO_printf(bio, "Status description: ");
+    for (i = 0; i < sk_ASN1_UTF8STRING_num(a->text); ++i) {
+        if (i > 0)
+            BIO_puts(bio, "\t");
+        ASN1_STRING_print_ex(bio, sk_ASN1_UTF8STRING_value(a->text, i), 0);
+        BIO_puts(bio, "\n");
+    }
+    if (i == 0)
+        BIO_printf(bio, "unspecified\n");
+
+    BIO_printf(bio, "Failure info: ");
+    if (a->failure_info != NULL)
+        lines = ts_status_map_print(bio, failure_map, a->failure_info);
+    if (lines == 0)
+        BIO_printf(bio, "unspecified");
+    BIO_printf(bio, "\n");
+
+    return 1;
+}
+
+static int ts_status_map_print(BIO *bio, const struct status_map_st *a,
+                               const ASN1_BIT_STRING *v)
+{
+    int lines = 0;
+
+    for (; a->bit >= 0; ++a) {
+        if (ASN1_BIT_STRING_get_bit(v, a->bit)) {
+            if (++lines > 1)
+                BIO_printf(bio, ", ");
+            BIO_printf(bio, "%s", a->text);
+        }
+    }
+
+    return lines;
+}
+
+int TS_TST_INFO_print_bio(BIO *bio, TS_TST_INFO *a)
+{
+    int v;
+
+    if (a == NULL)
+        return 0;
+
+    v = ASN1_INTEGER_get(a->version);
+    BIO_printf(bio, "Version: %d\n", v);
+
+    BIO_printf(bio, "Policy OID: ");
+    TS_OBJ_print_bio(bio, a->policy_id);
+
+    TS_MSG_IMPRINT_print_bio(bio, a->msg_imprint);
+
+    BIO_printf(bio, "Serial number: ");
+    if (a->serial == NULL)
+        BIO_printf(bio, "unspecified");
+    else
+        TS_ASN1_INTEGER_print_bio(bio, a->serial);
+    BIO_write(bio, "\n", 1);
+
+    BIO_printf(bio, "Time stamp: ");
+    ASN1_GENERALIZEDTIME_print(bio, a->time);
+    BIO_write(bio, "\n", 1);
+
+    BIO_printf(bio, "Accuracy: ");
+    if (a->accuracy == NULL)
+        BIO_printf(bio, "unspecified");
+    else
+        ts_ACCURACY_print_bio(bio, a->accuracy);
+    BIO_write(bio, "\n", 1);
+
+    BIO_printf(bio, "Ordering: %s\n", a->ordering ? "yes" : "no");
+
+    BIO_printf(bio, "Nonce: ");
+    if (a->nonce == NULL)
+        BIO_printf(bio, "unspecified");
+    else
+        TS_ASN1_INTEGER_print_bio(bio, a->nonce);
+    BIO_write(bio, "\n", 1);
+
+    BIO_printf(bio, "TSA: ");
+    if (a->tsa == NULL)
+        BIO_printf(bio, "unspecified");
+    else {
+        STACK_OF(CONF_VALUE) *nval;
+        if ((nval = i2v_GENERAL_NAME(NULL, a->tsa, NULL)))
+            X509V3_EXT_val_prn(bio, nval, 0, 0);
+        sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
+    }
+    BIO_write(bio, "\n", 1);
+
+    TS_ext_print_bio(bio, a->extensions);
+
+    return 1;
+}
+
+static int ts_ACCURACY_print_bio(BIO *bio, const TS_ACCURACY *a)
+{
+    if (a->seconds != NULL)
+        TS_ASN1_INTEGER_print_bio(bio, a->seconds);
+    else
+        BIO_printf(bio, "unspecified");
+    BIO_printf(bio, " seconds, ");
+    if (a->millis != NULL)
+        TS_ASN1_INTEGER_print_bio(bio, a->millis);
+    else
+        BIO_printf(bio, "unspecified");
+    BIO_printf(bio, " millis, ");
+    if (a->micros != NULL)
+        TS_ASN1_INTEGER_print_bio(bio, a->micros);
+    else
+        BIO_printf(bio, "unspecified");
+    BIO_printf(bio, " micros");
+
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_rsp_sign.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_rsp_sign.c
new file mode 100644
index 000000000..1b2b84ef6
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_rsp_sign.c
@@ -0,0 +1,1057 @@
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include "internal/cryptlib.h"
+
+#include <openssl/objects.h>
+#include <openssl/ts.h>
+#include <openssl/pkcs7.h>
+#include <openssl/crypto.h>
+#include "ts_lcl.h"
+
+static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *, void *);
+static int def_time_cb(struct TS_resp_ctx *, void *, long *sec, long *usec);
+static int def_extension_cb(struct TS_resp_ctx *, X509_EXTENSION *, void *);
+
+static void ts_RESP_CTX_init(TS_RESP_CTX *ctx);
+static void ts_RESP_CTX_cleanup(TS_RESP_CTX *ctx);
+static int ts_RESP_check_request(TS_RESP_CTX *ctx);
+static ASN1_OBJECT *ts_RESP_get_policy(TS_RESP_CTX *ctx);
+static TS_TST_INFO *ts_RESP_create_tst_info(TS_RESP_CTX *ctx,
+                                            ASN1_OBJECT *policy);
+static int ts_RESP_process_extensions(TS_RESP_CTX *ctx);
+static int ts_RESP_sign(TS_RESP_CTX *ctx);
+
+static ESS_SIGNING_CERT *ess_SIGNING_CERT_new_init(X509 *signcert,
+                                                   STACK_OF(X509) *certs);
+static ESS_CERT_ID *ess_CERT_ID_new_init(X509 *cert, int issuer_needed);
+static int ts_TST_INFO_content_new(PKCS7 *p7);
+static int ess_add_signing_cert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc);
+
+static ESS_SIGNING_CERT_V2 *ess_signing_cert_v2_new_init(const EVP_MD *hash_alg,
+                                                         X509 *signcert,
+                                                         STACK_OF(X509)
+                                                         *certs);
+static ESS_CERT_ID_V2 *ess_cert_id_v2_new_init(const EVP_MD *hash_alg,
+                                               X509 *cert, int issuer_needed);
+static int ess_add_signing_cert_v2(PKCS7_SIGNER_INFO *si,
+                                   ESS_SIGNING_CERT_V2 *sc);
+
+static ASN1_GENERALIZEDTIME
+*TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *, long, long,
+                                    unsigned);
+
+/* Default callback for response generation. */
+static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *ctx, void *data)
+{
+    ASN1_INTEGER *serial = ASN1_INTEGER_new();
+
+    if (serial == NULL)
+        goto err;
+    if (!ASN1_INTEGER_set(serial, 1))
+        goto err;
+    return serial;
+
+ err:
+    TSerr(TS_F_DEF_SERIAL_CB, ERR_R_MALLOC_FAILURE);
+    TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+                                "Error during serial number generation.");
+    return NULL;
+}
+
+#if defined(OPENSSL_SYS_UNIX)
+
+static int def_time_cb(struct TS_resp_ctx *ctx, void *data,
+                       long *sec, long *usec)
+{
+    struct timeval tv;
+    if (gettimeofday(&tv, NULL) != 0) {
+        TSerr(TS_F_DEF_TIME_CB, TS_R_TIME_SYSCALL_ERROR);
+        TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+                                    "Time is not available.");
+        TS_RESP_CTX_add_failure_info(ctx, TS_INFO_TIME_NOT_AVAILABLE);
+        return 0;
+    }
+    *sec = tv.tv_sec;
+    *usec = tv.tv_usec;
+
+    return 1;
+}
+
+#else
+
+static int def_time_cb(struct TS_resp_ctx *ctx, void *data,
+                       long *sec, long *usec)
+{
+    time_t t;
+    if (time(&t) == (time_t)-1) {
+        TSerr(TS_F_DEF_TIME_CB, TS_R_TIME_SYSCALL_ERROR);
+        TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+                                    "Time is not available.");
+        TS_RESP_CTX_add_failure_info(ctx, TS_INFO_TIME_NOT_AVAILABLE);
+        return 0;
+    }
+    *sec = (long)t;
+    *usec = 0;
+
+    return 1;
+}
+
+#endif
+
+static int def_extension_cb(struct TS_resp_ctx *ctx, X509_EXTENSION *ext,
+                            void *data)
+{
+    TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+                                "Unsupported extension.");
+    TS_RESP_CTX_add_failure_info(ctx, TS_INFO_UNACCEPTED_EXTENSION);
+    return 0;
+}
+
+/* TS_RESP_CTX management functions. */
+
+TS_RESP_CTX *TS_RESP_CTX_new(void)
+{
+    TS_RESP_CTX *ctx;
+
+    if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
+        TSerr(TS_F_TS_RESP_CTX_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ctx->signer_md = EVP_sha256();
+
+    ctx->serial_cb = def_serial_cb;
+    ctx->time_cb = def_time_cb;
+    ctx->extension_cb = def_extension_cb;
+
+    return ctx;
+}
+
+void TS_RESP_CTX_free(TS_RESP_CTX *ctx)
+{
+    if (!ctx)
+        return;
+
+    X509_free(ctx->signer_cert);
+    EVP_PKEY_free(ctx->signer_key);
+    sk_X509_pop_free(ctx->certs, X509_free);
+    sk_ASN1_OBJECT_pop_free(ctx->policies, ASN1_OBJECT_free);
+    ASN1_OBJECT_free(ctx->default_policy);
+    sk_EVP_MD_free(ctx->mds);   /* No EVP_MD_free method exists. */
+    ASN1_INTEGER_free(ctx->seconds);
+    ASN1_INTEGER_free(ctx->millis);
+    ASN1_INTEGER_free(ctx->micros);
+    OPENSSL_free(ctx);
+}
+
+int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer)
+{
+    if (X509_check_purpose(signer, X509_PURPOSE_TIMESTAMP_SIGN, 0) != 1) {
+        TSerr(TS_F_TS_RESP_CTX_SET_SIGNER_CERT,
+              TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE);
+        return 0;
+    }
+    X509_free(ctx->signer_cert);
+    ctx->signer_cert = signer;
+    X509_up_ref(ctx->signer_cert);
+    return 1;
+}
+
+int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key)
+{
+    EVP_PKEY_free(ctx->signer_key);
+    ctx->signer_key = key;
+    EVP_PKEY_up_ref(ctx->signer_key);
+
+    return 1;
+}
+
+int TS_RESP_CTX_set_signer_digest(TS_RESP_CTX *ctx, const EVP_MD *md)
+{
+    ctx->signer_md = md;
+    return 1;
+}
+
+int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *def_policy)
+{
+    ASN1_OBJECT_free(ctx->default_policy);
+    if ((ctx->default_policy = OBJ_dup(def_policy)) == NULL)
+        goto err;
+    return 1;
+ err:
+    TSerr(TS_F_TS_RESP_CTX_SET_DEF_POLICY, ERR_R_MALLOC_FAILURE);
+    return 0;
+}
+
+int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs)
+{
+
+    sk_X509_pop_free(ctx->certs, X509_free);
+    ctx->certs = NULL;
+    if (!certs)
+        return 1;
+    if ((ctx->certs = X509_chain_up_ref(certs)) == NULL) {
+        TSerr(TS_F_TS_RESP_CTX_SET_CERTS, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    return 1;
+}
+
+int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *policy)
+{
+    ASN1_OBJECT *copy = NULL;
+
+    if (ctx->policies == NULL
+        && (ctx->policies = sk_ASN1_OBJECT_new_null()) == NULL)
+        goto err;
+    if ((copy = OBJ_dup(policy)) == NULL)
+        goto err;
+    if (!sk_ASN1_OBJECT_push(ctx->policies, copy))
+        goto err;
+
+    return 1;
+ err:
+    TSerr(TS_F_TS_RESP_CTX_ADD_POLICY, ERR_R_MALLOC_FAILURE);
+    ASN1_OBJECT_free(copy);
+    return 0;
+}
+
+int TS_RESP_CTX_add_md(TS_RESP_CTX *ctx, const EVP_MD *md)
+{
+    if (ctx->mds == NULL
+        && (ctx->mds = sk_EVP_MD_new_null()) == NULL)
+        goto err;
+    if (!sk_EVP_MD_push(ctx->mds, md))
+        goto err;
+
+    return 1;
+ err:
+    TSerr(TS_F_TS_RESP_CTX_ADD_MD, ERR_R_MALLOC_FAILURE);
+    return 0;
+}
+
+#define TS_RESP_CTX_accuracy_free(ctx)          \
+        ASN1_INTEGER_free(ctx->seconds);        \
+        ctx->seconds = NULL;                    \
+        ASN1_INTEGER_free(ctx->millis);         \
+        ctx->millis = NULL;                     \
+        ASN1_INTEGER_free(ctx->micros);         \
+        ctx->micros = NULL;
+
+int TS_RESP_CTX_set_accuracy(TS_RESP_CTX *ctx,
+                             int secs, int millis, int micros)
+{
+
+    TS_RESP_CTX_accuracy_free(ctx);
+    if (secs
+        && ((ctx->seconds = ASN1_INTEGER_new()) == NULL
+            || !ASN1_INTEGER_set(ctx->seconds, secs)))
+        goto err;
+    if (millis
+        && ((ctx->millis = ASN1_INTEGER_new()) == NULL
+            || !ASN1_INTEGER_set(ctx->millis, millis)))
+        goto err;
+    if (micros
+        && ((ctx->micros = ASN1_INTEGER_new()) == NULL
+            || !ASN1_INTEGER_set(ctx->micros, micros)))
+        goto err;
+
+    return 1;
+ err:
+    TS_RESP_CTX_accuracy_free(ctx);
+    TSerr(TS_F_TS_RESP_CTX_SET_ACCURACY, ERR_R_MALLOC_FAILURE);
+    return 0;
+}
+
+void TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags)
+{
+    ctx->flags |= flags;
+}
+
+void TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data)
+{
+    ctx->serial_cb = cb;
+    ctx->serial_cb_data = data;
+}
+
+void TS_RESP_CTX_set_time_cb(TS_RESP_CTX *ctx, TS_time_cb cb, void *data)
+{
+    ctx->time_cb = cb;
+    ctx->time_cb_data = data;
+}
+
+void TS_RESP_CTX_set_extension_cb(TS_RESP_CTX *ctx,
+                                  TS_extension_cb cb, void *data)
+{
+    ctx->extension_cb = cb;
+    ctx->extension_cb_data = data;
+}
+
+int TS_RESP_CTX_set_status_info(TS_RESP_CTX *ctx,
+                                int status, const char *text)
+{
+    TS_STATUS_INFO *si = NULL;
+    ASN1_UTF8STRING *utf8_text = NULL;
+    int ret = 0;
+
+    if ((si = TS_STATUS_INFO_new()) == NULL)
+        goto err;
+    if (!ASN1_INTEGER_set(si->status, status))
+        goto err;
+    if (text) {
+        if ((utf8_text = ASN1_UTF8STRING_new()) == NULL
+            || !ASN1_STRING_set(utf8_text, text, strlen(text)))
+            goto err;
+        if (si->text == NULL
+            && (si->text = sk_ASN1_UTF8STRING_new_null()) == NULL)
+            goto err;
+        if (!sk_ASN1_UTF8STRING_push(si->text, utf8_text))
+            goto err;
+        utf8_text = NULL;       /* Ownership is lost. */
+    }
+    if (!TS_RESP_set_status_info(ctx->response, si))
+        goto err;
+    ret = 1;
+ err:
+    if (!ret)
+        TSerr(TS_F_TS_RESP_CTX_SET_STATUS_INFO, ERR_R_MALLOC_FAILURE);
+    TS_STATUS_INFO_free(si);
+    ASN1_UTF8STRING_free(utf8_text);
+    return ret;
+}
+
+int TS_RESP_CTX_set_status_info_cond(TS_RESP_CTX *ctx,
+                                     int status, const char *text)
+{
+    int ret = 1;
+    TS_STATUS_INFO *si = ctx->response->status_info;
+
+    if (ASN1_INTEGER_get(si->status) == TS_STATUS_GRANTED) {
+        ret = TS_RESP_CTX_set_status_info(ctx, status, text);
+    }
+    return ret;
+}
+
+int TS_RESP_CTX_add_failure_info(TS_RESP_CTX *ctx, int failure)
+{
+    TS_STATUS_INFO *si = ctx->response->status_info;
+    if (si->failure_info == NULL
+        && (si->failure_info = ASN1_BIT_STRING_new()) == NULL)
+        goto err;
+    if (!ASN1_BIT_STRING_set_bit(si->failure_info, failure, 1))
+        goto err;
+    return 1;
+ err:
+    TSerr(TS_F_TS_RESP_CTX_ADD_FAILURE_INFO, ERR_R_MALLOC_FAILURE);
+    return 0;
+}
+
+TS_REQ *TS_RESP_CTX_get_request(TS_RESP_CTX *ctx)
+{
+    return ctx->request;
+}
+
+TS_TST_INFO *TS_RESP_CTX_get_tst_info(TS_RESP_CTX *ctx)
+{
+    return ctx->tst_info;
+}
+
+int TS_RESP_CTX_set_clock_precision_digits(TS_RESP_CTX *ctx,
+                                           unsigned precision)
+{
+    if (precision > TS_MAX_CLOCK_PRECISION_DIGITS)
+        return 0;
+    ctx->clock_precision_digits = precision;
+    return 1;
+}
+
+/* Main entry method of the response generation. */
+TS_RESP *TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio)
+{
+    ASN1_OBJECT *policy;
+    TS_RESP *response;
+    int result = 0;
+
+    ts_RESP_CTX_init(ctx);
+
+    if ((ctx->response = TS_RESP_new()) == NULL) {
+        TSerr(TS_F_TS_RESP_CREATE_RESPONSE, ERR_R_MALLOC_FAILURE);
+        goto end;
+    }
+    if ((ctx->request = d2i_TS_REQ_bio(req_bio, NULL)) == NULL) {
+        TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+                                    "Bad request format or system error.");
+        TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_DATA_FORMAT);
+        goto end;
+    }
+    if (!TS_RESP_CTX_set_status_info(ctx, TS_STATUS_GRANTED, NULL))
+        goto end;
+    if (!ts_RESP_check_request(ctx))
+        goto end;
+    if ((policy = ts_RESP_get_policy(ctx)) == NULL)
+        goto end;
+    if ((ctx->tst_info = ts_RESP_create_tst_info(ctx, policy)) == NULL)
+        goto end;
+    if (!ts_RESP_process_extensions(ctx))
+        goto end;
+    if (!ts_RESP_sign(ctx))
+        goto end;
+    result = 1;
+
+ end:
+    if (!result) {
+        TSerr(TS_F_TS_RESP_CREATE_RESPONSE, TS_R_RESPONSE_SETUP_ERROR);
+        if (ctx->response != NULL) {
+            if (TS_RESP_CTX_set_status_info_cond(ctx,
+                                                 TS_STATUS_REJECTION,
+                                                 "Error during response "
+                                                 "generation.") == 0) {
+                TS_RESP_free(ctx->response);
+                ctx->response = NULL;
+            }
+        }
+    }
+    response = ctx->response;
+    ctx->response = NULL;       /* Ownership will be returned to caller. */
+    ts_RESP_CTX_cleanup(ctx);
+    return response;
+}
+
+/* Initializes the variable part of the context. */
+static void ts_RESP_CTX_init(TS_RESP_CTX *ctx)
+{
+    ctx->request = NULL;
+    ctx->response = NULL;
+    ctx->tst_info = NULL;
+}
+
+/* Cleans up the variable part of the context. */
+static void ts_RESP_CTX_cleanup(TS_RESP_CTX *ctx)
+{
+    TS_REQ_free(ctx->request);
+    ctx->request = NULL;
+    TS_RESP_free(ctx->response);
+    ctx->response = NULL;
+    TS_TST_INFO_free(ctx->tst_info);
+    ctx->tst_info = NULL;
+}
+
+/* Checks the format and content of the request. */
+static int ts_RESP_check_request(TS_RESP_CTX *ctx)
+{
+    TS_REQ *request = ctx->request;
+    TS_MSG_IMPRINT *msg_imprint;
+    X509_ALGOR *md_alg;
+    int md_alg_id;
+    const ASN1_OCTET_STRING *digest;
+    const EVP_MD *md = NULL;
+    int i;
+
+    if (TS_REQ_get_version(request) != 1) {
+        TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+                                    "Bad request version.");
+        TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_REQUEST);
+        return 0;
+    }
+
+    msg_imprint = request->msg_imprint;
+    md_alg = msg_imprint->hash_algo;
+    md_alg_id = OBJ_obj2nid(md_alg->algorithm);
+    for (i = 0; !md && i < sk_EVP_MD_num(ctx->mds); ++i) {
+        const EVP_MD *current_md = sk_EVP_MD_value(ctx->mds, i);
+        if (md_alg_id == EVP_MD_type(current_md))
+            md = current_md;
+    }
+    if (!md) {
+        TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+                                    "Message digest algorithm is "
+                                    "not supported.");
+        TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_ALG);
+        return 0;
+    }
+
+    if (md_alg->parameter && ASN1_TYPE_get(md_alg->parameter) != V_ASN1_NULL) {
+        TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+                                    "Superfluous message digest "
+                                    "parameter.");
+        TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_ALG);
+        return 0;
+    }
+    digest = msg_imprint->hashed_msg;
+    if (digest->length != EVP_MD_size(md)) {
+        TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+                                    "Bad message digest.");
+        TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_DATA_FORMAT);
+        return 0;
+    }
+
+    return 1;
+}
+
+/* Returns the TSA policy based on the requested and acceptable policies. */
+static ASN1_OBJECT *ts_RESP_get_policy(TS_RESP_CTX *ctx)
+{
+    ASN1_OBJECT *requested = ctx->request->policy_id;
+    ASN1_OBJECT *policy = NULL;
+    int i;
+
+    if (ctx->default_policy == NULL) {
+        TSerr(TS_F_TS_RESP_GET_POLICY, TS_R_INVALID_NULL_POINTER);
+        return NULL;
+    }
+    if (!requested || !OBJ_cmp(requested, ctx->default_policy))
+        policy = ctx->default_policy;
+
+    /* Check if the policy is acceptable. */
+    for (i = 0; !policy && i < sk_ASN1_OBJECT_num(ctx->policies); ++i) {
+        ASN1_OBJECT *current = sk_ASN1_OBJECT_value(ctx->policies, i);
+        if (!OBJ_cmp(requested, current))
+            policy = current;
+    }
+    if (!policy) {
+        TSerr(TS_F_TS_RESP_GET_POLICY, TS_R_UNACCEPTABLE_POLICY);
+        TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+                                    "Requested policy is not " "supported.");
+        TS_RESP_CTX_add_failure_info(ctx, TS_INFO_UNACCEPTED_POLICY);
+    }
+    return policy;
+}
+
+/* Creates the TS_TST_INFO object based on the settings of the context. */
+static TS_TST_INFO *ts_RESP_create_tst_info(TS_RESP_CTX *ctx,
+                                            ASN1_OBJECT *policy)
+{
+    int result = 0;
+    TS_TST_INFO *tst_info = NULL;
+    ASN1_INTEGER *serial = NULL;
+    ASN1_GENERALIZEDTIME *asn1_time = NULL;
+    long sec, usec;
+    TS_ACCURACY *accuracy = NULL;
+    const ASN1_INTEGER *nonce;
+    GENERAL_NAME *tsa_name = NULL;
+
+    if ((tst_info = TS_TST_INFO_new()) == NULL)
+        goto end;
+    if (!TS_TST_INFO_set_version(tst_info, 1))
+        goto end;
+    if (!TS_TST_INFO_set_policy_id(tst_info, policy))
+        goto end;
+    if (!TS_TST_INFO_set_msg_imprint(tst_info, ctx->request->msg_imprint))
+        goto end;
+    if ((serial = ctx->serial_cb(ctx, ctx->serial_cb_data)) == NULL
+        || !TS_TST_INFO_set_serial(tst_info, serial))
+        goto end;
+    if (!ctx->time_cb(ctx, ctx->time_cb_data, &sec, &usec)
+        || (asn1_time =
+            TS_RESP_set_genTime_with_precision(NULL, sec, usec,
+                                        ctx->clock_precision_digits)) == NULL
+        || !TS_TST_INFO_set_time(tst_info, asn1_time))
+        goto end;
+
+    if ((ctx->seconds || ctx->millis || ctx->micros)
+        && (accuracy = TS_ACCURACY_new()) == NULL)
+        goto end;
+    if (ctx->seconds && !TS_ACCURACY_set_seconds(accuracy, ctx->seconds))
+        goto end;
+    if (ctx->millis && !TS_ACCURACY_set_millis(accuracy, ctx->millis))
+        goto end;
+    if (ctx->micros && !TS_ACCURACY_set_micros(accuracy, ctx->micros))
+        goto end;
+    if (accuracy && !TS_TST_INFO_set_accuracy(tst_info, accuracy))
+        goto end;
+
+    if ((ctx->flags & TS_ORDERING)
+        && !TS_TST_INFO_set_ordering(tst_info, 1))
+        goto end;
+
+    if ((nonce = ctx->request->nonce) != NULL
+        && !TS_TST_INFO_set_nonce(tst_info, nonce))
+        goto end;
+
+    if (ctx->flags & TS_TSA_NAME) {
+        if ((tsa_name = GENERAL_NAME_new()) == NULL)
+            goto end;
+        tsa_name->type = GEN_DIRNAME;
+        tsa_name->d.dirn =
+            X509_NAME_dup(X509_get_subject_name(ctx->signer_cert));
+        if (!tsa_name->d.dirn)
+            goto end;
+        if (!TS_TST_INFO_set_tsa(tst_info, tsa_name))
+            goto end;
+    }
+
+    result = 1;
+ end:
+    if (!result) {
+        TS_TST_INFO_free(tst_info);
+        tst_info = NULL;
+        TSerr(TS_F_TS_RESP_CREATE_TST_INFO, TS_R_TST_INFO_SETUP_ERROR);
+        TS_RESP_CTX_set_status_info_cond(ctx, TS_STATUS_REJECTION,
+                                         "Error during TSTInfo "
+                                         "generation.");
+    }
+    GENERAL_NAME_free(tsa_name);
+    TS_ACCURACY_free(accuracy);
+    ASN1_GENERALIZEDTIME_free(asn1_time);
+    ASN1_INTEGER_free(serial);
+
+    return tst_info;
+}
+
+/* Processing the extensions of the request. */
+static int ts_RESP_process_extensions(TS_RESP_CTX *ctx)
+{
+    STACK_OF(X509_EXTENSION) *exts = ctx->request->extensions;
+    int i;
+    int ok = 1;
+
+    for (i = 0; ok && i < sk_X509_EXTENSION_num(exts); ++i) {
+        X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i);
+        /*
+         * The last argument was previously (void *)ctx->extension_cb,
+         * but ISO C doesn't permit converting a function pointer to void *.
+         * For lack of better information, I'm placing a NULL there instead.
+         * The callback can pick its own address out from the ctx anyway...
+         */
+        ok = (*ctx->extension_cb) (ctx, ext, NULL);
+    }
+
+    return ok;
+}
+
+/* Functions for signing the TS_TST_INFO structure of the context. */
+static int ts_RESP_sign(TS_RESP_CTX *ctx)
+{
+    int ret = 0;
+    PKCS7 *p7 = NULL;
+    PKCS7_SIGNER_INFO *si;
+    STACK_OF(X509) *certs;      /* Certificates to include in sc. */
+    ESS_SIGNING_CERT_V2 *sc2 = NULL;
+    ESS_SIGNING_CERT *sc = NULL;
+    ASN1_OBJECT *oid;
+    BIO *p7bio = NULL;
+    int i;
+
+    if (!X509_check_private_key(ctx->signer_cert, ctx->signer_key)) {
+        TSerr(TS_F_TS_RESP_SIGN, TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+        goto err;
+    }
+
+    if ((p7 = PKCS7_new()) == NULL) {
+        TSerr(TS_F_TS_RESP_SIGN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (!PKCS7_set_type(p7, NID_pkcs7_signed))
+        goto err;
+    if (!ASN1_INTEGER_set(p7->d.sign->version, 3))
+        goto err;
+
+    if (ctx->request->cert_req) {
+        PKCS7_add_certificate(p7, ctx->signer_cert);
+        if (ctx->certs) {
+            for (i = 0; i < sk_X509_num(ctx->certs); ++i) {
+                X509 *cert = sk_X509_value(ctx->certs, i);
+                PKCS7_add_certificate(p7, cert);
+            }
+        }
+    }
+
+    if ((si = PKCS7_add_signature(p7, ctx->signer_cert,
+                                  ctx->signer_key, ctx->signer_md)) == NULL) {
+        TSerr(TS_F_TS_RESP_SIGN, TS_R_PKCS7_ADD_SIGNATURE_ERROR);
+        goto err;
+    }
+
+    oid = OBJ_nid2obj(NID_id_smime_ct_TSTInfo);
+    if (!PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,
+                                    V_ASN1_OBJECT, oid)) {
+        TSerr(TS_F_TS_RESP_SIGN, TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR);
+        goto err;
+    }
+
+    certs = ctx->flags & TS_ESS_CERT_ID_CHAIN ? ctx->certs : NULL;
+    if (ctx->ess_cert_id_digest == NULL
+        || ctx->ess_cert_id_digest == EVP_sha1()) {
+        if ((sc = ess_SIGNING_CERT_new_init(ctx->signer_cert, certs)) == NULL)
+            goto err;
+
+        if (!ess_add_signing_cert(si, sc)) {
+            TSerr(TS_F_TS_RESP_SIGN, TS_R_ESS_ADD_SIGNING_CERT_ERROR);
+            goto err;
+        }
+    } else {
+        sc2 = ess_signing_cert_v2_new_init(ctx->ess_cert_id_digest,
+                                           ctx->signer_cert, certs);
+        if (sc2 == NULL)
+            goto err;
+
+        if (!ess_add_signing_cert_v2(si, sc2)) {
+            TSerr(TS_F_TS_RESP_SIGN, TS_R_ESS_ADD_SIGNING_CERT_V2_ERROR);
+            goto err;
+        }
+    }
+
+    if (!ts_TST_INFO_content_new(p7))
+        goto err;
+    if ((p7bio = PKCS7_dataInit(p7, NULL)) == NULL) {
+        TSerr(TS_F_TS_RESP_SIGN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (!i2d_TS_TST_INFO_bio(p7bio, ctx->tst_info)) {
+        TSerr(TS_F_TS_RESP_SIGN, TS_R_TS_DATASIGN);
+        goto err;
+    }
+    if (!PKCS7_dataFinal(p7, p7bio)) {
+        TSerr(TS_F_TS_RESP_SIGN, TS_R_TS_DATASIGN);
+        goto err;
+    }
+    TS_RESP_set_tst_info(ctx->response, p7, ctx->tst_info);
+    p7 = NULL;                  /* Ownership is lost. */
+    ctx->tst_info = NULL;       /* Ownership is lost. */
+
+    ret = 1;
+ err:
+    if (!ret)
+        TS_RESP_CTX_set_status_info_cond(ctx, TS_STATUS_REJECTION,
+                                         "Error during signature "
+                                         "generation.");
+    BIO_free_all(p7bio);
+    ESS_SIGNING_CERT_V2_free(sc2);
+    ESS_SIGNING_CERT_free(sc);
+    PKCS7_free(p7);
+    return ret;
+}
+
+static ESS_SIGNING_CERT *ess_SIGNING_CERT_new_init(X509 *signcert,
+                                                   STACK_OF(X509) *certs)
+{
+    ESS_CERT_ID *cid;
+    ESS_SIGNING_CERT *sc = NULL;
+    int i;
+
+    if ((sc = ESS_SIGNING_CERT_new()) == NULL)
+        goto err;
+    if (sc->cert_ids == NULL
+        && (sc->cert_ids = sk_ESS_CERT_ID_new_null()) == NULL)
+        goto err;
+
+    if ((cid = ess_CERT_ID_new_init(signcert, 0)) == NULL
+        || !sk_ESS_CERT_ID_push(sc->cert_ids, cid))
+        goto err;
+    for (i = 0; i < sk_X509_num(certs); ++i) {
+        X509 *cert = sk_X509_value(certs, i);
+        if ((cid = ess_CERT_ID_new_init(cert, 1)) == NULL
+            || !sk_ESS_CERT_ID_push(sc->cert_ids, cid))
+            goto err;
+    }
+
+    return sc;
+ err:
+    ESS_SIGNING_CERT_free(sc);
+    TSerr(TS_F_ESS_SIGNING_CERT_NEW_INIT, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+static ESS_CERT_ID *ess_CERT_ID_new_init(X509 *cert, int issuer_needed)
+{
+    ESS_CERT_ID *cid = NULL;
+    GENERAL_NAME *name = NULL;
+    unsigned char cert_sha1[SHA_DIGEST_LENGTH];
+
+    /* Call for side-effect of computing hash and caching extensions */
+    X509_check_purpose(cert, -1, 0);
+    if ((cid = ESS_CERT_ID_new()) == NULL)
+        goto err;
+    X509_digest(cert, EVP_sha1(), cert_sha1, NULL);
+    if (!ASN1_OCTET_STRING_set(cid->hash, cert_sha1, SHA_DIGEST_LENGTH))
+        goto err;
+
+    /* Setting the issuer/serial if requested. */
+    if (issuer_needed) {
+        if (cid->issuer_serial == NULL
+            && (cid->issuer_serial = ESS_ISSUER_SERIAL_new()) == NULL)
+            goto err;
+        if ((name = GENERAL_NAME_new()) == NULL)
+            goto err;
+        name->type = GEN_DIRNAME;
+        if ((name->d.dirn = X509_NAME_dup(X509_get_issuer_name(cert))) == NULL)
+            goto err;
+        if (!sk_GENERAL_NAME_push(cid->issuer_serial->issuer, name))
+            goto err;
+        name = NULL;            /* Ownership is lost. */
+        ASN1_INTEGER_free(cid->issuer_serial->serial);
+        if (!(cid->issuer_serial->serial =
+              ASN1_INTEGER_dup(X509_get_serialNumber(cert))))
+            goto err;
+    }
+
+    return cid;
+ err:
+    GENERAL_NAME_free(name);
+    ESS_CERT_ID_free(cid);
+    TSerr(TS_F_ESS_CERT_ID_NEW_INIT, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+static int ts_TST_INFO_content_new(PKCS7 *p7)
+{
+    PKCS7 *ret = NULL;
+    ASN1_OCTET_STRING *octet_string = NULL;
+
+    /* Create new encapsulated NID_id_smime_ct_TSTInfo content. */
+    if ((ret = PKCS7_new()) == NULL)
+        goto err;
+    if ((ret->d.other = ASN1_TYPE_new()) == NULL)
+        goto err;
+    ret->type = OBJ_nid2obj(NID_id_smime_ct_TSTInfo);
+    if ((octet_string = ASN1_OCTET_STRING_new()) == NULL)
+        goto err;
+    ASN1_TYPE_set(ret->d.other, V_ASN1_OCTET_STRING, octet_string);
+    octet_string = NULL;
+
+    /* Add encapsulated content to signed PKCS7 structure. */
+    if (!PKCS7_set_content(p7, ret))
+        goto err;
+
+    return 1;
+ err:
+    ASN1_OCTET_STRING_free(octet_string);
+    PKCS7_free(ret);
+    return 0;
+}
+
+static int ess_add_signing_cert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc)
+{
+    ASN1_STRING *seq = NULL;
+    unsigned char *p, *pp = NULL;
+    int len;
+
+    len = i2d_ESS_SIGNING_CERT(sc, NULL);
+    if ((pp = OPENSSL_malloc(len)) == NULL) {
+        TSerr(TS_F_ESS_ADD_SIGNING_CERT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    p = pp;
+    i2d_ESS_SIGNING_CERT(sc, &p);
+    if ((seq = ASN1_STRING_new()) == NULL || !ASN1_STRING_set(seq, pp, len)) {
+        TSerr(TS_F_ESS_ADD_SIGNING_CERT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    OPENSSL_free(pp);
+    pp = NULL;
+    return PKCS7_add_signed_attribute(si,
+                                      NID_id_smime_aa_signingCertificate,
+                                      V_ASN1_SEQUENCE, seq);
+ err:
+    ASN1_STRING_free(seq);
+    OPENSSL_free(pp);
+
+    return 0;
+}
+
+static ESS_SIGNING_CERT_V2 *ess_signing_cert_v2_new_init(const EVP_MD *hash_alg,
+                                                         X509 *signcert,
+                                                         STACK_OF(X509) *certs)
+{
+    ESS_CERT_ID_V2 *cid = NULL;
+    ESS_SIGNING_CERT_V2 *sc = NULL;
+    int i;
+
+    if ((sc = ESS_SIGNING_CERT_V2_new()) == NULL)
+        goto err;
+    if ((cid = ess_cert_id_v2_new_init(hash_alg, signcert, 0)) == NULL)
+        goto err;
+    if (!sk_ESS_CERT_ID_V2_push(sc->cert_ids, cid))
+        goto err;
+    cid = NULL;
+
+    for (i = 0; i < sk_X509_num(certs); ++i) {
+        X509 *cert = sk_X509_value(certs, i);
+
+        if ((cid = ess_cert_id_v2_new_init(hash_alg, cert, 1)) == NULL)
+            goto err;
+        if (!sk_ESS_CERT_ID_V2_push(sc->cert_ids, cid))
+            goto err;
+        cid = NULL;
+    }
+
+    return sc;
+ err:
+    ESS_SIGNING_CERT_V2_free(sc);
+    ESS_CERT_ID_V2_free(cid);
+    TSerr(TS_F_ESS_SIGNING_CERT_V2_NEW_INIT, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+static ESS_CERT_ID_V2 *ess_cert_id_v2_new_init(const EVP_MD *hash_alg,
+                                               X509 *cert, int issuer_needed)
+{
+    ESS_CERT_ID_V2 *cid = NULL;
+    GENERAL_NAME *name = NULL;
+    unsigned char hash[EVP_MAX_MD_SIZE];
+    unsigned int hash_len = sizeof(hash);
+    X509_ALGOR *alg = NULL;
+
+    memset(hash, 0, sizeof(hash));
+
+    if ((cid = ESS_CERT_ID_V2_new()) == NULL)
+        goto err;
+
+    if (hash_alg != EVP_sha256()) {
+        alg = X509_ALGOR_new();
+        if (alg == NULL)
+            goto err;
+        X509_ALGOR_set_md(alg, hash_alg);
+        if (alg->algorithm == NULL)
+            goto err;
+        cid->hash_alg = alg;
+        alg = NULL;
+    } else {
+        cid->hash_alg = NULL;
+    }
+
+    if (!X509_digest(cert, hash_alg, hash, &hash_len))
+        goto err;
+
+    if (!ASN1_OCTET_STRING_set(cid->hash, hash, hash_len))
+        goto err;
+
+    if (issuer_needed) {
+        if ((cid->issuer_serial = ESS_ISSUER_SERIAL_new()) == NULL)
+            goto err;
+        if ((name = GENERAL_NAME_new()) == NULL)
+            goto err;
+        name->type = GEN_DIRNAME;
+        if ((name->d.dirn = X509_NAME_dup(X509_get_issuer_name(cert))) == NULL)
+            goto err;
+        if (!sk_GENERAL_NAME_push(cid->issuer_serial->issuer, name))
+            goto err;
+        name = NULL;            /* Ownership is lost. */
+        ASN1_INTEGER_free(cid->issuer_serial->serial);
+        cid->issuer_serial->serial =
+                ASN1_INTEGER_dup(X509_get_serialNumber(cert));
+        if (cid->issuer_serial->serial == NULL)
+            goto err;
+    }
+
+    return cid;
+ err:
+    X509_ALGOR_free(alg);
+    GENERAL_NAME_free(name);
+    ESS_CERT_ID_V2_free(cid);
+    TSerr(TS_F_ESS_CERT_ID_V2_NEW_INIT, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+static int ess_add_signing_cert_v2(PKCS7_SIGNER_INFO *si,
+                                   ESS_SIGNING_CERT_V2 *sc)
+{
+    ASN1_STRING *seq = NULL;
+    unsigned char *p, *pp = NULL;
+    int len = i2d_ESS_SIGNING_CERT_V2(sc, NULL);
+
+    if ((pp = OPENSSL_malloc(len)) == NULL) {
+        TSerr(TS_F_ESS_ADD_SIGNING_CERT_V2, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    p = pp;
+    i2d_ESS_SIGNING_CERT_V2(sc, &p);
+    if ((seq = ASN1_STRING_new()) == NULL || !ASN1_STRING_set(seq, pp, len)) {
+        TSerr(TS_F_ESS_ADD_SIGNING_CERT_V2, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    OPENSSL_free(pp);
+    pp = NULL;
+    return PKCS7_add_signed_attribute(si,
+                                      NID_id_smime_aa_signingCertificateV2,
+                                      V_ASN1_SEQUENCE, seq);
+ err:
+    ASN1_STRING_free(seq);
+    OPENSSL_free(pp);
+    return 0;
+}
+
+static ASN1_GENERALIZEDTIME *TS_RESP_set_genTime_with_precision(
+        ASN1_GENERALIZEDTIME *asn1_time, long sec, long usec,
+        unsigned precision)
+{
+    time_t time_sec = (time_t)sec;
+    struct tm *tm = NULL, tm_result;
+    char genTime_str[17 + TS_MAX_CLOCK_PRECISION_DIGITS];
+    char *p = genTime_str;
+    char *p_end = genTime_str + sizeof(genTime_str);
+
+    if (precision > TS_MAX_CLOCK_PRECISION_DIGITS)
+        goto err;
+
+    if ((tm = OPENSSL_gmtime(&time_sec, &tm_result)) == NULL)
+        goto err;
+
+    /*
+     * Put "genTime_str" in GeneralizedTime format.  We work around the
+     * restrictions imposed by rfc3280 (i.e. "GeneralizedTime values MUST
+     * NOT include fractional seconds") and OpenSSL related functions to
+     * meet the rfc3161 requirement: "GeneralizedTime syntax can include
+     * fraction-of-second details".
+     */
+    p += BIO_snprintf(p, p_end - p,
+                      "%04d%02d%02d%02d%02d%02d",
+                      tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday,
+                      tm->tm_hour, tm->tm_min, tm->tm_sec);
+    if (precision > 0) {
+        BIO_snprintf(p, 2 + precision, ".%06ld", usec);
+        p += strlen(p);
+
+        /*
+         * To make things a bit harder, X.690 | ISO/IEC 8825-1 provides the
+         * following restrictions for a DER-encoding, which OpenSSL
+         * (specifically ASN1_GENERALIZEDTIME_check() function) doesn't
+         * support: "The encoding MUST terminate with a "Z" (which means
+         * "Zulu" time). The decimal point element, if present, MUST be the
+         * point option ".". The fractional-seconds elements, if present,
+         * MUST omit all trailing 0's; if the elements correspond to 0, they
+         * MUST be wholly omitted, and the decimal point element also MUST be
+         * omitted."
+         */
+        /*
+         * Remove trailing zeros. The dot guarantees the exit condition of
+         * this loop even if all the digits are zero.
+         */
+        while (*--p == '0')
+             continue;
+        if (*p != '.')
+            ++p;
+    }
+    *p++ = 'Z';
+    *p++ = '\0';
+
+    if (asn1_time == NULL
+        && (asn1_time = ASN1_GENERALIZEDTIME_new()) == NULL)
+        goto err;
+    if (!ASN1_GENERALIZEDTIME_set_string(asn1_time, genTime_str)) {
+        ASN1_GENERALIZEDTIME_free(asn1_time);
+        goto err;
+    }
+    return asn1_time;
+
+ err:
+    TSerr(TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION, TS_R_COULD_NOT_SET_TIME);
+    return NULL;
+}
+
+int TS_RESP_CTX_set_ess_cert_id_digest(TS_RESP_CTX *ctx, const EVP_MD *md)
+{
+    ctx->ess_cert_id_digest = md;
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_rsp_utils.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_rsp_utils.c
new file mode 100644
index 000000000..3ecee39a2
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_rsp_utils.c
@@ -0,0 +1,365 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/ts.h>
+#include <openssl/pkcs7.h>
+#include "ts_lcl.h"
+
+int TS_RESP_set_status_info(TS_RESP *a, TS_STATUS_INFO *status_info)
+{
+    TS_STATUS_INFO *new_status_info;
+
+    if (a->status_info == status_info)
+        return 1;
+    new_status_info = TS_STATUS_INFO_dup(status_info);
+    if (new_status_info == NULL) {
+        TSerr(TS_F_TS_RESP_SET_STATUS_INFO, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    TS_STATUS_INFO_free(a->status_info);
+    a->status_info = new_status_info;
+
+    return 1;
+}
+
+TS_STATUS_INFO *TS_RESP_get_status_info(TS_RESP *a)
+{
+    return a->status_info;
+}
+
+/* Caller loses ownership of PKCS7 and TS_TST_INFO objects. */
+void TS_RESP_set_tst_info(TS_RESP *a, PKCS7 *p7, TS_TST_INFO *tst_info)
+{
+    PKCS7_free(a->token);
+    a->token = p7;
+    TS_TST_INFO_free(a->tst_info);
+    a->tst_info = tst_info;
+}
+
+PKCS7 *TS_RESP_get_token(TS_RESP *a)
+{
+    return a->token;
+}
+
+TS_TST_INFO *TS_RESP_get_tst_info(TS_RESP *a)
+{
+    return a->tst_info;
+}
+
+int TS_TST_INFO_set_version(TS_TST_INFO *a, long version)
+{
+    return ASN1_INTEGER_set(a->version, version);
+}
+
+long TS_TST_INFO_get_version(const TS_TST_INFO *a)
+{
+    return ASN1_INTEGER_get(a->version);
+}
+
+int TS_TST_INFO_set_policy_id(TS_TST_INFO *a, ASN1_OBJECT *policy)
+{
+    ASN1_OBJECT *new_policy;
+
+    if (a->policy_id == policy)
+        return 1;
+    new_policy = OBJ_dup(policy);
+    if (new_policy == NULL) {
+        TSerr(TS_F_TS_TST_INFO_SET_POLICY_ID, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ASN1_OBJECT_free(a->policy_id);
+    a->policy_id = new_policy;
+    return 1;
+}
+
+ASN1_OBJECT *TS_TST_INFO_get_policy_id(TS_TST_INFO *a)
+{
+    return a->policy_id;
+}
+
+int TS_TST_INFO_set_msg_imprint(TS_TST_INFO *a, TS_MSG_IMPRINT *msg_imprint)
+{
+    TS_MSG_IMPRINT *new_msg_imprint;
+
+    if (a->msg_imprint == msg_imprint)
+        return 1;
+    new_msg_imprint = TS_MSG_IMPRINT_dup(msg_imprint);
+    if (new_msg_imprint == NULL) {
+        TSerr(TS_F_TS_TST_INFO_SET_MSG_IMPRINT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    TS_MSG_IMPRINT_free(a->msg_imprint);
+    a->msg_imprint = new_msg_imprint;
+    return 1;
+}
+
+TS_MSG_IMPRINT *TS_TST_INFO_get_msg_imprint(TS_TST_INFO *a)
+{
+    return a->msg_imprint;
+}
+
+int TS_TST_INFO_set_serial(TS_TST_INFO *a, const ASN1_INTEGER *serial)
+{
+    ASN1_INTEGER *new_serial;
+
+    if (a->serial == serial)
+        return 1;
+    new_serial = ASN1_INTEGER_dup(serial);
+    if (new_serial == NULL) {
+        TSerr(TS_F_TS_TST_INFO_SET_SERIAL, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ASN1_INTEGER_free(a->serial);
+    a->serial = new_serial;
+    return 1;
+}
+
+const ASN1_INTEGER *TS_TST_INFO_get_serial(const TS_TST_INFO *a)
+{
+    return a->serial;
+}
+
+int TS_TST_INFO_set_time(TS_TST_INFO *a, const ASN1_GENERALIZEDTIME *gtime)
+{
+    ASN1_GENERALIZEDTIME *new_time;
+
+    if (a->time == gtime)
+        return 1;
+    new_time = ASN1_STRING_dup(gtime);
+    if (new_time == NULL) {
+        TSerr(TS_F_TS_TST_INFO_SET_TIME, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ASN1_GENERALIZEDTIME_free(a->time);
+    a->time = new_time;
+    return 1;
+}
+
+const ASN1_GENERALIZEDTIME *TS_TST_INFO_get_time(const TS_TST_INFO *a)
+{
+    return a->time;
+}
+
+int TS_TST_INFO_set_accuracy(TS_TST_INFO *a, TS_ACCURACY *accuracy)
+{
+    TS_ACCURACY *new_accuracy;
+
+    if (a->accuracy == accuracy)
+        return 1;
+    new_accuracy = TS_ACCURACY_dup(accuracy);
+    if (new_accuracy == NULL) {
+        TSerr(TS_F_TS_TST_INFO_SET_ACCURACY, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    TS_ACCURACY_free(a->accuracy);
+    a->accuracy = new_accuracy;
+    return 1;
+}
+
+TS_ACCURACY *TS_TST_INFO_get_accuracy(TS_TST_INFO *a)
+{
+    return a->accuracy;
+}
+
+int TS_ACCURACY_set_seconds(TS_ACCURACY *a, const ASN1_INTEGER *seconds)
+{
+    ASN1_INTEGER *new_seconds;
+
+    if (a->seconds == seconds)
+        return 1;
+    new_seconds = ASN1_INTEGER_dup(seconds);
+    if (new_seconds == NULL) {
+        TSerr(TS_F_TS_ACCURACY_SET_SECONDS, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ASN1_INTEGER_free(a->seconds);
+    a->seconds = new_seconds;
+    return 1;
+}
+
+const ASN1_INTEGER *TS_ACCURACY_get_seconds(const TS_ACCURACY *a)
+{
+    return a->seconds;
+}
+
+int TS_ACCURACY_set_millis(TS_ACCURACY *a, const ASN1_INTEGER *millis)
+{
+    ASN1_INTEGER *new_millis = NULL;
+
+    if (a->millis == millis)
+        return 1;
+    if (millis != NULL) {
+        new_millis = ASN1_INTEGER_dup(millis);
+        if (new_millis == NULL) {
+            TSerr(TS_F_TS_ACCURACY_SET_MILLIS, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+    }
+    ASN1_INTEGER_free(a->millis);
+    a->millis = new_millis;
+    return 1;
+}
+
+const ASN1_INTEGER *TS_ACCURACY_get_millis(const TS_ACCURACY *a)
+{
+    return a->millis;
+}
+
+int TS_ACCURACY_set_micros(TS_ACCURACY *a, const ASN1_INTEGER *micros)
+{
+    ASN1_INTEGER *new_micros = NULL;
+
+    if (a->micros == micros)
+        return 1;
+    if (micros != NULL) {
+        new_micros = ASN1_INTEGER_dup(micros);
+        if (new_micros == NULL) {
+            TSerr(TS_F_TS_ACCURACY_SET_MICROS, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+    }
+    ASN1_INTEGER_free(a->micros);
+    a->micros = new_micros;
+    return 1;
+}
+
+const ASN1_INTEGER *TS_ACCURACY_get_micros(const TS_ACCURACY *a)
+{
+    return a->micros;
+}
+
+int TS_TST_INFO_set_ordering(TS_TST_INFO *a, int ordering)
+{
+    a->ordering = ordering ? 0xFF : 0x00;
+    return 1;
+}
+
+int TS_TST_INFO_get_ordering(const TS_TST_INFO *a)
+{
+    return a->ordering ? 1 : 0;
+}
+
+int TS_TST_INFO_set_nonce(TS_TST_INFO *a, const ASN1_INTEGER *nonce)
+{
+    ASN1_INTEGER *new_nonce;
+
+    if (a->nonce == nonce)
+        return 1;
+    new_nonce = ASN1_INTEGER_dup(nonce);
+    if (new_nonce == NULL) {
+        TSerr(TS_F_TS_TST_INFO_SET_NONCE, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ASN1_INTEGER_free(a->nonce);
+    a->nonce = new_nonce;
+    return 1;
+}
+
+const ASN1_INTEGER *TS_TST_INFO_get_nonce(const TS_TST_INFO *a)
+{
+    return a->nonce;
+}
+
+int TS_TST_INFO_set_tsa(TS_TST_INFO *a, GENERAL_NAME *tsa)
+{
+    GENERAL_NAME *new_tsa;
+
+    if (a->tsa == tsa)
+        return 1;
+    new_tsa = GENERAL_NAME_dup(tsa);
+    if (new_tsa == NULL) {
+        TSerr(TS_F_TS_TST_INFO_SET_TSA, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    GENERAL_NAME_free(a->tsa);
+    a->tsa = new_tsa;
+    return 1;
+}
+
+GENERAL_NAME *TS_TST_INFO_get_tsa(TS_TST_INFO *a)
+{
+    return a->tsa;
+}
+
+STACK_OF(X509_EXTENSION) *TS_TST_INFO_get_exts(TS_TST_INFO *a)
+{
+    return a->extensions;
+}
+
+void TS_TST_INFO_ext_free(TS_TST_INFO *a)
+{
+    if (!a)
+        return;
+    sk_X509_EXTENSION_pop_free(a->extensions, X509_EXTENSION_free);
+    a->extensions = NULL;
+}
+
+int TS_TST_INFO_get_ext_count(TS_TST_INFO *a)
+{
+    return X509v3_get_ext_count(a->extensions);
+}
+
+int TS_TST_INFO_get_ext_by_NID(TS_TST_INFO *a, int nid, int lastpos)
+{
+    return X509v3_get_ext_by_NID(a->extensions, nid, lastpos);
+}
+
+int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, const ASN1_OBJECT *obj, int lastpos)
+{
+    return X509v3_get_ext_by_OBJ(a->extensions, obj, lastpos);
+}
+
+int TS_TST_INFO_get_ext_by_critical(TS_TST_INFO *a, int crit, int lastpos)
+{
+    return X509v3_get_ext_by_critical(a->extensions, crit, lastpos);
+}
+
+X509_EXTENSION *TS_TST_INFO_get_ext(TS_TST_INFO *a, int loc)
+{
+    return X509v3_get_ext(a->extensions, loc);
+}
+
+X509_EXTENSION *TS_TST_INFO_delete_ext(TS_TST_INFO *a, int loc)
+{
+    return X509v3_delete_ext(a->extensions, loc);
+}
+
+int TS_TST_INFO_add_ext(TS_TST_INFO *a, X509_EXTENSION *ex, int loc)
+{
+    return X509v3_add_ext(&a->extensions, ex, loc) != NULL;
+}
+
+void *TS_TST_INFO_get_ext_d2i(TS_TST_INFO *a, int nid, int *crit, int *idx)
+{
+    return X509V3_get_d2i(a->extensions, nid, crit, idx);
+}
+
+int TS_STATUS_INFO_set_status(TS_STATUS_INFO *a, int i)
+{
+    return ASN1_INTEGER_set(a->status, i);
+}
+
+const ASN1_INTEGER *TS_STATUS_INFO_get0_status(const TS_STATUS_INFO *a)
+{
+    return a->status;
+}
+
+const STACK_OF(ASN1_UTF8STRING) *
+TS_STATUS_INFO_get0_text(const TS_STATUS_INFO *a)
+{
+    return a->text;
+}
+
+const ASN1_BIT_STRING *TS_STATUS_INFO_get0_failure_info(const TS_STATUS_INFO *a)
+{
+    return a->failure_info;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_rsp_verify.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_rsp_verify.c
new file mode 100644
index 000000000..9deda81b0
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_rsp_verify.c
@@ -0,0 +1,704 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/ts.h>
+#include <openssl/pkcs7.h>
+#include "ts_lcl.h"
+
+static int ts_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted,
+                          X509 *signer, STACK_OF(X509) **chain);
+static int ts_check_signing_certs(PKCS7_SIGNER_INFO *si,
+                                  STACK_OF(X509) *chain);
+static ESS_SIGNING_CERT *ess_get_signing_cert(PKCS7_SIGNER_INFO *si);
+static int ts_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert);
+static int ts_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509 *cert);
+static int int_ts_RESP_verify_token(TS_VERIFY_CTX *ctx,
+                                    PKCS7 *token, TS_TST_INFO *tst_info);
+static int ts_check_status_info(TS_RESP *response);
+static char *ts_get_status_text(STACK_OF(ASN1_UTF8STRING) *text);
+static int ts_check_policy(const ASN1_OBJECT *req_oid,
+                           const TS_TST_INFO *tst_info);
+static int ts_compute_imprint(BIO *data, TS_TST_INFO *tst_info,
+                              X509_ALGOR **md_alg,
+                              unsigned char **imprint, unsigned *imprint_len);
+static int ts_check_imprints(X509_ALGOR *algor_a,
+                             const unsigned char *imprint_a, unsigned len_a,
+                             TS_TST_INFO *tst_info);
+static int ts_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info);
+static int ts_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer);
+static int ts_find_name(STACK_OF(GENERAL_NAME) *gen_names,
+                        GENERAL_NAME *name);
+static int ts_find_cert_v2(STACK_OF(ESS_CERT_ID_V2) *cert_ids, X509 *cert);
+static ESS_SIGNING_CERT_V2 *ess_get_signing_cert_v2(PKCS7_SIGNER_INFO *si);
+
+/*
+ * This must be large enough to hold all values in ts_status_text (with
+ * comma separator) or all text fields in ts_failure_info (also with comma).
+ */
+#define TS_STATUS_BUF_SIZE      256
+
+/*
+ * Local mapping between response codes and descriptions.
+ */
+static const char *ts_status_text[] = {
+    "granted",
+    "grantedWithMods",
+    "rejection",
+    "waiting",
+    "revocationWarning",
+    "revocationNotification"
+};
+
+#define TS_STATUS_TEXT_SIZE     OSSL_NELEM(ts_status_text)
+
+static struct {
+    int code;
+    const char *text;
+} ts_failure_info[] = {
+    {TS_INFO_BAD_ALG, "badAlg"},
+    {TS_INFO_BAD_REQUEST, "badRequest"},
+    {TS_INFO_BAD_DATA_FORMAT, "badDataFormat"},
+    {TS_INFO_TIME_NOT_AVAILABLE, "timeNotAvailable"},
+    {TS_INFO_UNACCEPTED_POLICY, "unacceptedPolicy"},
+    {TS_INFO_UNACCEPTED_EXTENSION, "unacceptedExtension"},
+    {TS_INFO_ADD_INFO_NOT_AVAILABLE, "addInfoNotAvailable"},
+    {TS_INFO_SYSTEM_FAILURE, "systemFailure"}
+};
+
+
+/*-
+ * This function carries out the following tasks:
+ *      - Checks if there is one and only one signer.
+ *      - Search for the signing certificate in 'certs' and in the response.
+ *      - Check the extended key usage and key usage fields of the signer
+ *      certificate (done by the path validation).
+ *      - Build and validate the certificate path.
+ *      - Check if the certificate path meets the requirements of the
+ *      SigningCertificate ESS signed attribute.
+ *      - Verify the signature value.
+ *      - Returns the signer certificate in 'signer', if 'signer' is not NULL.
+ */
+int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs,
+                             X509_STORE *store, X509 **signer_out)
+{
+    STACK_OF(PKCS7_SIGNER_INFO) *sinfos = NULL;
+    PKCS7_SIGNER_INFO *si;
+    STACK_OF(X509) *signers = NULL;
+    X509 *signer;
+    STACK_OF(X509) *chain = NULL;
+    char buf[4096];
+    int i, j = 0, ret = 0;
+    BIO *p7bio = NULL;
+
+    /* Some sanity checks first. */
+    if (!token) {
+        TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_INVALID_NULL_POINTER);
+        goto err;
+    }
+    if (!PKCS7_type_is_signed(token)) {
+        TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_WRONG_CONTENT_TYPE);
+        goto err;
+    }
+    sinfos = PKCS7_get_signer_info(token);
+    if (!sinfos || sk_PKCS7_SIGNER_INFO_num(sinfos) != 1) {
+        TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_THERE_MUST_BE_ONE_SIGNER);
+        goto err;
+    }
+    si = sk_PKCS7_SIGNER_INFO_value(sinfos, 0);
+    if (PKCS7_get_detached(token)) {
+        TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_NO_CONTENT);
+        goto err;
+    }
+
+    /*
+     * Get hold of the signer certificate, search only internal certificates
+     * if it was requested.
+     */
+    signers = PKCS7_get0_signers(token, certs, 0);
+    if (!signers || sk_X509_num(signers) != 1)
+        goto err;
+    signer = sk_X509_value(signers, 0);
+
+    if (!ts_verify_cert(store, certs, signer, &chain))
+        goto err;
+    if (!ts_check_signing_certs(si, chain))
+        goto err;
+    p7bio = PKCS7_dataInit(token, NULL);
+
+    /* We now have to 'read' from p7bio to calculate digests etc. */
+    while ((i = BIO_read(p7bio, buf, sizeof(buf))) > 0)
+        continue;
+
+    j = PKCS7_signatureVerify(p7bio, token, si, signer);
+    if (j <= 0) {
+        TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_SIGNATURE_FAILURE);
+        goto err;
+    }
+
+    if (signer_out) {
+        *signer_out = signer;
+        X509_up_ref(signer);
+    }
+    ret = 1;
+
+ err:
+    BIO_free_all(p7bio);
+    sk_X509_pop_free(chain, X509_free);
+    sk_X509_free(signers);
+
+    return ret;
+}
+
+/*
+ * The certificate chain is returned in chain. Caller is responsible for
+ * freeing the vector.
+ */
+static int ts_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted,
+                          X509 *signer, STACK_OF(X509) **chain)
+{
+    X509_STORE_CTX *cert_ctx = NULL;
+    int i;
+    int ret = 0;
+
+    *chain = NULL;
+    cert_ctx = X509_STORE_CTX_new();
+    if (cert_ctx == NULL) {
+        TSerr(TS_F_TS_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (!X509_STORE_CTX_init(cert_ctx, store, signer, untrusted))
+        goto end;
+    X509_STORE_CTX_set_purpose(cert_ctx, X509_PURPOSE_TIMESTAMP_SIGN);
+    i = X509_verify_cert(cert_ctx);
+    if (i <= 0) {
+        int j = X509_STORE_CTX_get_error(cert_ctx);
+        TSerr(TS_F_TS_VERIFY_CERT, TS_R_CERTIFICATE_VERIFY_ERROR);
+        ERR_add_error_data(2, "Verify error:",
+                           X509_verify_cert_error_string(j));
+        goto err;
+    }
+    *chain = X509_STORE_CTX_get1_chain(cert_ctx);
+    ret = 1;
+    goto end;
+
+err:
+    ret = 0;
+
+end:
+    X509_STORE_CTX_free(cert_ctx);
+    return ret;
+}
+
+static int ts_check_signing_certs(PKCS7_SIGNER_INFO *si,
+                                  STACK_OF(X509) *chain)
+{
+    ESS_SIGNING_CERT *ss = ess_get_signing_cert(si);
+    STACK_OF(ESS_CERT_ID) *cert_ids = NULL;
+    ESS_SIGNING_CERT_V2 *ssv2 = ess_get_signing_cert_v2(si);
+    STACK_OF(ESS_CERT_ID_V2) *cert_ids_v2 = NULL;
+    X509 *cert;
+    int i = 0;
+    int ret = 0;
+
+    if (ss != NULL) {
+        cert_ids = ss->cert_ids;
+        cert = sk_X509_value(chain, 0);
+        if (ts_find_cert(cert_ids, cert) != 0)
+            goto err;
+
+        /*
+         * Check the other certificates of the chain if there are more than one
+         * certificate ids in cert_ids.
+         */
+        if (sk_ESS_CERT_ID_num(cert_ids) > 1) {
+            for (i = 1; i < sk_X509_num(chain); ++i) {
+                cert = sk_X509_value(chain, i);
+                if (ts_find_cert(cert_ids, cert) < 0)
+                    goto err;
+            }
+        }
+    } else if (ssv2 != NULL) {
+        cert_ids_v2 = ssv2->cert_ids;
+        cert = sk_X509_value(chain, 0);
+        if (ts_find_cert_v2(cert_ids_v2, cert) != 0)
+            goto err;
+
+        /*
+         * Check the other certificates of the chain if there are more than one
+         * certificate ids in cert_ids.
+         */
+        if (sk_ESS_CERT_ID_V2_num(cert_ids_v2) > 1) {
+            for (i = 1; i < sk_X509_num(chain); ++i) {
+                cert = sk_X509_value(chain, i);
+                if (ts_find_cert_v2(cert_ids_v2, cert) < 0)
+                    goto err;
+            }
+        }
+    } else {
+        goto err;
+    }
+
+    ret = 1;
+ err:
+    if (!ret)
+        TSerr(TS_F_TS_CHECK_SIGNING_CERTS,
+              TS_R_ESS_SIGNING_CERTIFICATE_ERROR);
+    ESS_SIGNING_CERT_free(ss);
+    ESS_SIGNING_CERT_V2_free(ssv2);
+    return ret;
+}
+
+static ESS_SIGNING_CERT *ess_get_signing_cert(PKCS7_SIGNER_INFO *si)
+{
+    ASN1_TYPE *attr;
+    const unsigned char *p;
+    attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificate);
+    if (!attr)
+        return NULL;
+    p = attr->value.sequence->data;
+    return d2i_ESS_SIGNING_CERT(NULL, &p, attr->value.sequence->length);
+}
+
+static ESS_SIGNING_CERT_V2 *ess_get_signing_cert_v2(PKCS7_SIGNER_INFO *si)
+{
+    ASN1_TYPE *attr;
+    const unsigned char *p;
+
+    attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificateV2);
+    if (attr == NULL)
+        return NULL;
+    p = attr->value.sequence->data;
+    return d2i_ESS_SIGNING_CERT_V2(NULL, &p, attr->value.sequence->length);
+}
+
+/* Returns < 0 if certificate is not found, certificate index otherwise. */
+static int ts_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert)
+{
+    int i;
+    unsigned char cert_sha1[SHA_DIGEST_LENGTH];
+
+    if (!cert_ids || !cert)
+        return -1;
+
+    X509_digest(cert, EVP_sha1(), cert_sha1, NULL);
+
+    /* Recompute SHA1 hash of certificate if necessary (side effect). */
+    X509_check_purpose(cert, -1, 0);
+
+    /* Look for cert in the cert_ids vector. */
+    for (i = 0; i < sk_ESS_CERT_ID_num(cert_ids); ++i) {
+        ESS_CERT_ID *cid = sk_ESS_CERT_ID_value(cert_ids, i);
+
+        if (cid->hash->length == SHA_DIGEST_LENGTH
+            && memcmp(cid->hash->data, cert_sha1, SHA_DIGEST_LENGTH) == 0) {
+            ESS_ISSUER_SERIAL *is = cid->issuer_serial;
+            if (!is || !ts_issuer_serial_cmp(is, cert))
+                return i;
+        }
+    }
+
+    return -1;
+}
+
+/* Returns < 0 if certificate is not found, certificate index otherwise. */
+static int ts_find_cert_v2(STACK_OF(ESS_CERT_ID_V2) *cert_ids, X509 *cert)
+{
+    int i;
+    unsigned char cert_digest[EVP_MAX_MD_SIZE];
+    unsigned int len;
+
+    /* Look for cert in the cert_ids vector. */
+    for (i = 0; i < sk_ESS_CERT_ID_V2_num(cert_ids); ++i) {
+        ESS_CERT_ID_V2 *cid = sk_ESS_CERT_ID_V2_value(cert_ids, i);
+        const EVP_MD *md;
+
+        if (cid->hash_alg != NULL)
+            md = EVP_get_digestbyobj(cid->hash_alg->algorithm);
+        else
+            md = EVP_sha256();
+
+        X509_digest(cert, md, cert_digest, &len);
+        if (cid->hash->length != (int)len)
+            return -1;
+
+        if (memcmp(cid->hash->data, cert_digest, cid->hash->length) == 0) {
+            ESS_ISSUER_SERIAL *is = cid->issuer_serial;
+
+            if (is == NULL || !ts_issuer_serial_cmp(is, cert))
+                return i;
+        }
+    }
+
+    return -1;
+}
+
+static int ts_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509 *cert)
+{
+    GENERAL_NAME *issuer;
+
+    if (!is || !cert || sk_GENERAL_NAME_num(is->issuer) != 1)
+        return -1;
+
+    issuer = sk_GENERAL_NAME_value(is->issuer, 0);
+    if (issuer->type != GEN_DIRNAME
+        || X509_NAME_cmp(issuer->d.dirn, X509_get_issuer_name(cert)))
+        return -1;
+
+    if (ASN1_INTEGER_cmp(is->serial, X509_get_serialNumber(cert)))
+        return -1;
+
+    return 0;
+}
+
+/*-
+ * Verifies whether 'response' contains a valid response with regards
+ * to the settings of the context:
+ *      - Gives an error message if the TS_TST_INFO is not present.
+ *      - Calls _TS_RESP_verify_token to verify the token content.
+ */
+int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response)
+{
+    PKCS7 *token = response->token;
+    TS_TST_INFO *tst_info = response->tst_info;
+    int ret = 0;
+
+    if (!ts_check_status_info(response))
+        goto err;
+    if (!int_ts_RESP_verify_token(ctx, token, tst_info))
+        goto err;
+    ret = 1;
+
+ err:
+    return ret;
+}
+
+/*
+ * Tries to extract a TS_TST_INFO structure from the PKCS7 token and
+ * calls the internal int_TS_RESP_verify_token function for verifying it.
+ */
+int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token)
+{
+    TS_TST_INFO *tst_info = PKCS7_to_TS_TST_INFO(token);
+    int ret = 0;
+    if (tst_info) {
+        ret = int_ts_RESP_verify_token(ctx, token, tst_info);
+        TS_TST_INFO_free(tst_info);
+    }
+    return ret;
+}
+
+/*-
+ * Verifies whether the 'token' contains a valid time stamp token
+ * with regards to the settings of the context. Only those checks are
+ * carried out that are specified in the context:
+ *      - Verifies the signature of the TS_TST_INFO.
+ *      - Checks the version number of the response.
+ *      - Check if the requested and returned policies math.
+ *      - Check if the message imprints are the same.
+ *      - Check if the nonces are the same.
+ *      - Check if the TSA name matches the signer.
+ *      - Check if the TSA name is the expected TSA.
+ */
+static int int_ts_RESP_verify_token(TS_VERIFY_CTX *ctx,
+                                    PKCS7 *token, TS_TST_INFO *tst_info)
+{
+    X509 *signer = NULL;
+    GENERAL_NAME *tsa_name = tst_info->tsa;
+    X509_ALGOR *md_alg = NULL;
+    unsigned char *imprint = NULL;
+    unsigned imprint_len = 0;
+    int ret = 0;
+    int flags = ctx->flags;
+
+    /* Some options require us to also check the signature */
+    if (((flags & TS_VFY_SIGNER) && tsa_name != NULL)
+            || (flags & TS_VFY_TSA_NAME)) {
+        flags |= TS_VFY_SIGNATURE;
+    }
+
+    if ((flags & TS_VFY_SIGNATURE)
+        && !TS_RESP_verify_signature(token, ctx->certs, ctx->store, &signer))
+        goto err;
+    if ((flags & TS_VFY_VERSION)
+        && TS_TST_INFO_get_version(tst_info) != 1) {
+        TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_UNSUPPORTED_VERSION);
+        goto err;
+    }
+    if ((flags & TS_VFY_POLICY)
+        && !ts_check_policy(ctx->policy, tst_info))
+        goto err;
+    if ((flags & TS_VFY_IMPRINT)
+        && !ts_check_imprints(ctx->md_alg, ctx->imprint, ctx->imprint_len,
+                              tst_info))
+        goto err;
+    if ((flags & TS_VFY_DATA)
+        && (!ts_compute_imprint(ctx->data, tst_info,
+                                &md_alg, &imprint, &imprint_len)
+            || !ts_check_imprints(md_alg, imprint, imprint_len, tst_info)))
+        goto err;
+    if ((flags & TS_VFY_NONCE)
+        && !ts_check_nonces(ctx->nonce, tst_info))
+        goto err;
+    if ((flags & TS_VFY_SIGNER)
+        && tsa_name && !ts_check_signer_name(tsa_name, signer)) {
+        TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_TSA_NAME_MISMATCH);
+        goto err;
+    }
+    if ((flags & TS_VFY_TSA_NAME)
+        && !ts_check_signer_name(ctx->tsa_name, signer)) {
+        TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_TSA_UNTRUSTED);
+        goto err;
+    }
+    ret = 1;
+
+ err:
+    X509_free(signer);
+    X509_ALGOR_free(md_alg);
+    OPENSSL_free(imprint);
+    return ret;
+}
+
+static int ts_check_status_info(TS_RESP *response)
+{
+    TS_STATUS_INFO *info = response->status_info;
+    long status = ASN1_INTEGER_get(info->status);
+    const char *status_text = NULL;
+    char *embedded_status_text = NULL;
+    char failure_text[TS_STATUS_BUF_SIZE] = "";
+
+    if (status == 0 || status == 1)
+        return 1;
+
+    /* There was an error, get the description in status_text. */
+    if (0 <= status && status < (long) OSSL_NELEM(ts_status_text))
+        status_text = ts_status_text[status];
+    else
+        status_text = "unknown code";
+
+    if (sk_ASN1_UTF8STRING_num(info->text) > 0
+        && (embedded_status_text = ts_get_status_text(info->text)) == NULL)
+        return 0;
+
+    /* Fill in failure_text with the failure information. */
+    if (info->failure_info) {
+        int i;
+        int first = 1;
+        for (i = 0; i < (int)OSSL_NELEM(ts_failure_info); ++i) {
+            if (ASN1_BIT_STRING_get_bit(info->failure_info,
+                                        ts_failure_info[i].code)) {
+                if (!first)
+                    strcat(failure_text, ",");
+                else
+                    first = 0;
+                strcat(failure_text, ts_failure_info[i].text);
+            }
+        }
+    }
+    if (failure_text[0] == '\0')
+        strcpy(failure_text, "unspecified");
+
+    TSerr(TS_F_TS_CHECK_STATUS_INFO, TS_R_NO_TIME_STAMP_TOKEN);
+    ERR_add_error_data(6,
+                       "status code: ", status_text,
+                       ", status text: ", embedded_status_text ?
+                       embedded_status_text : "unspecified",
+                       ", failure codes: ", failure_text);
+    OPENSSL_free(embedded_status_text);
+
+    return 0;
+}
+
+static char *ts_get_status_text(STACK_OF(ASN1_UTF8STRING) *text)
+{
+    int i;
+    int length = 0;
+    char *result = NULL;
+    char *p;
+
+    for (i = 0; i < sk_ASN1_UTF8STRING_num(text); ++i) {
+        ASN1_UTF8STRING *current = sk_ASN1_UTF8STRING_value(text, i);
+        if (ASN1_STRING_length(current) > TS_MAX_STATUS_LENGTH - length - 1)
+            return NULL;
+        length += ASN1_STRING_length(current);
+        length += 1;            /* separator character */
+    }
+    if ((result = OPENSSL_malloc(length)) == NULL) {
+        TSerr(TS_F_TS_GET_STATUS_TEXT, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    for (i = 0, p = result; i < sk_ASN1_UTF8STRING_num(text); ++i) {
+        ASN1_UTF8STRING *current = sk_ASN1_UTF8STRING_value(text, i);
+        length = ASN1_STRING_length(current);
+        if (i > 0)
+            *p++ = '/';
+        strncpy(p, (const char *)ASN1_STRING_get0_data(current), length);
+        p += length;
+    }
+    *p = '\0';
+
+    return result;
+}
+
+static int ts_check_policy(const ASN1_OBJECT *req_oid,
+                           const TS_TST_INFO *tst_info)
+{
+    const ASN1_OBJECT *resp_oid = tst_info->policy_id;
+
+    if (OBJ_cmp(req_oid, resp_oid) != 0) {
+        TSerr(TS_F_TS_CHECK_POLICY, TS_R_POLICY_MISMATCH);
+        return 0;
+    }
+
+    return 1;
+}
+
+static int ts_compute_imprint(BIO *data, TS_TST_INFO *tst_info,
+                              X509_ALGOR **md_alg,
+                              unsigned char **imprint, unsigned *imprint_len)
+{
+    TS_MSG_IMPRINT *msg_imprint = tst_info->msg_imprint;
+    X509_ALGOR *md_alg_resp = msg_imprint->hash_algo;
+    const EVP_MD *md;
+    EVP_MD_CTX *md_ctx = NULL;
+    unsigned char buffer[4096];
+    int length;
+
+    *md_alg = NULL;
+    *imprint = NULL;
+
+    if ((*md_alg = X509_ALGOR_dup(md_alg_resp)) == NULL)
+        goto err;
+    if ((md = EVP_get_digestbyobj((*md_alg)->algorithm)) == NULL) {
+        TSerr(TS_F_TS_COMPUTE_IMPRINT, TS_R_UNSUPPORTED_MD_ALGORITHM);
+        goto err;
+    }
+    length = EVP_MD_size(md);
+    if (length < 0)
+        goto err;
+    *imprint_len = length;
+    if ((*imprint = OPENSSL_malloc(*imprint_len)) == NULL) {
+        TSerr(TS_F_TS_COMPUTE_IMPRINT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    md_ctx = EVP_MD_CTX_new();
+    if (md_ctx == NULL) {
+        TSerr(TS_F_TS_COMPUTE_IMPRINT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (!EVP_DigestInit(md_ctx, md))
+        goto err;
+    while ((length = BIO_read(data, buffer, sizeof(buffer))) > 0) {
+        if (!EVP_DigestUpdate(md_ctx, buffer, length))
+            goto err;
+    }
+    if (!EVP_DigestFinal(md_ctx, *imprint, NULL))
+        goto err;
+    EVP_MD_CTX_free(md_ctx);
+
+    return 1;
+ err:
+    EVP_MD_CTX_free(md_ctx);
+    X509_ALGOR_free(*md_alg);
+    OPENSSL_free(*imprint);
+    *imprint_len = 0;
+    *imprint = 0;
+    return 0;
+}
+
+static int ts_check_imprints(X509_ALGOR *algor_a,
+                             const unsigned char *imprint_a, unsigned len_a,
+                             TS_TST_INFO *tst_info)
+{
+    TS_MSG_IMPRINT *b = tst_info->msg_imprint;
+    X509_ALGOR *algor_b = b->hash_algo;
+    int ret = 0;
+
+    if (algor_a) {
+        if (OBJ_cmp(algor_a->algorithm, algor_b->algorithm))
+            goto err;
+
+        /* The parameter must be NULL in both. */
+        if ((algor_a->parameter
+             && ASN1_TYPE_get(algor_a->parameter) != V_ASN1_NULL)
+            || (algor_b->parameter
+                && ASN1_TYPE_get(algor_b->parameter) != V_ASN1_NULL))
+            goto err;
+    }
+
+    ret = len_a == (unsigned)ASN1_STRING_length(b->hashed_msg) &&
+        memcmp(imprint_a, ASN1_STRING_get0_data(b->hashed_msg), len_a) == 0;
+ err:
+    if (!ret)
+        TSerr(TS_F_TS_CHECK_IMPRINTS, TS_R_MESSAGE_IMPRINT_MISMATCH);
+    return ret;
+}
+
+static int ts_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info)
+{
+    const ASN1_INTEGER *b = tst_info->nonce;
+
+    if (!b) {
+        TSerr(TS_F_TS_CHECK_NONCES, TS_R_NONCE_NOT_RETURNED);
+        return 0;
+    }
+
+    /* No error if a nonce is returned without being requested. */
+    if (ASN1_INTEGER_cmp(a, b) != 0) {
+        TSerr(TS_F_TS_CHECK_NONCES, TS_R_NONCE_MISMATCH);
+        return 0;
+    }
+
+    return 1;
+}
+
+/*
+ * Check if the specified TSA name matches either the subject or one of the
+ * subject alternative names of the TSA certificate.
+ */
+static int ts_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer)
+{
+    STACK_OF(GENERAL_NAME) *gen_names = NULL;
+    int idx = -1;
+    int found = 0;
+
+    if (tsa_name->type == GEN_DIRNAME
+        && X509_name_cmp(tsa_name->d.dirn, X509_get_subject_name(signer)) == 0)
+        return 1;
+    gen_names = X509_get_ext_d2i(signer, NID_subject_alt_name, NULL, &idx);
+    while (gen_names != NULL) {
+        found = ts_find_name(gen_names, tsa_name) >= 0;
+        if (found)
+            break;
+        /*
+         * Get the next subject alternative name, although there should be no
+         * more than one.
+         */
+        GENERAL_NAMES_free(gen_names);
+        gen_names = X509_get_ext_d2i(signer, NID_subject_alt_name, NULL, &idx);
+    }
+    GENERAL_NAMES_free(gen_names);
+
+    return found;
+}
+
+/* Returns 1 if name is in gen_names, 0 otherwise. */
+static int ts_find_name(STACK_OF(GENERAL_NAME) *gen_names, GENERAL_NAME *name)
+{
+    int i, found;
+    for (i = 0, found = 0; !found && i < sk_GENERAL_NAME_num(gen_names); ++i) {
+        GENERAL_NAME *current = sk_GENERAL_NAME_value(gen_names, i);
+        found = GENERAL_NAME_cmp(current, name) == 0;
+    }
+    return found ? i - 1 : -1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_verify_ctx.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_verify_ctx.c
new file mode 100644
index 000000000..d4792ee04
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_verify_ctx.c
@@ -0,0 +1,146 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/ts.h>
+#include "ts_lcl.h"
+
+TS_VERIFY_CTX *TS_VERIFY_CTX_new(void)
+{
+    TS_VERIFY_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
+
+    if (ctx == NULL)
+        TSerr(TS_F_TS_VERIFY_CTX_NEW, ERR_R_MALLOC_FAILURE);
+    return ctx;
+}
+
+void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx)
+{
+    OPENSSL_assert(ctx != NULL);
+    memset(ctx, 0, sizeof(*ctx));
+}
+
+void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx)
+{
+    if (!ctx)
+        return;
+
+    TS_VERIFY_CTX_cleanup(ctx);
+    OPENSSL_free(ctx);
+}
+
+int TS_VERIFY_CTX_add_flags(TS_VERIFY_CTX *ctx, int f)
+{
+    ctx->flags |= f;
+    return ctx->flags;
+}
+
+int TS_VERIFY_CTX_set_flags(TS_VERIFY_CTX *ctx, int f)
+{
+    ctx->flags = f;
+    return ctx->flags;
+}
+
+BIO *TS_VERIFY_CTX_set_data(TS_VERIFY_CTX *ctx, BIO *b)
+{
+    ctx->data = b;
+    return ctx->data;
+}
+
+X509_STORE *TS_VERIFY_CTX_set_store(TS_VERIFY_CTX *ctx, X509_STORE *s)
+{
+    ctx->store = s;
+    return ctx->store;
+}
+
+STACK_OF(X509) *TS_VERIFY_CTS_set_certs(TS_VERIFY_CTX *ctx,
+                                        STACK_OF(X509) *certs)
+{
+    ctx->certs = certs;
+    return ctx->certs;
+}
+
+unsigned char *TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx,
+                                         unsigned char *hexstr, long len)
+{
+    ctx->imprint = hexstr;
+    ctx->imprint_len = len;
+    return ctx->imprint;
+}
+
+void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx)
+{
+    if (!ctx)
+        return;
+
+    X509_STORE_free(ctx->store);
+    sk_X509_pop_free(ctx->certs, X509_free);
+
+    ASN1_OBJECT_free(ctx->policy);
+
+    X509_ALGOR_free(ctx->md_alg);
+    OPENSSL_free(ctx->imprint);
+
+    BIO_free_all(ctx->data);
+
+    ASN1_INTEGER_free(ctx->nonce);
+
+    GENERAL_NAME_free(ctx->tsa_name);
+
+    TS_VERIFY_CTX_init(ctx);
+}
+
+TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx)
+{
+    TS_VERIFY_CTX *ret = ctx;
+    ASN1_OBJECT *policy;
+    TS_MSG_IMPRINT *imprint;
+    X509_ALGOR *md_alg;
+    ASN1_OCTET_STRING *msg;
+    const ASN1_INTEGER *nonce;
+
+    OPENSSL_assert(req != NULL);
+    if (ret)
+        TS_VERIFY_CTX_cleanup(ret);
+    else if ((ret = TS_VERIFY_CTX_new()) == NULL)
+        return NULL;
+
+    ret->flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE);
+
+    if ((policy = req->policy_id) != NULL) {
+        if ((ret->policy = OBJ_dup(policy)) == NULL)
+            goto err;
+    } else
+        ret->flags &= ~TS_VFY_POLICY;
+
+    imprint = req->msg_imprint;
+    md_alg = imprint->hash_algo;
+    if ((ret->md_alg = X509_ALGOR_dup(md_alg)) == NULL)
+        goto err;
+    msg = imprint->hashed_msg;
+    ret->imprint_len = ASN1_STRING_length(msg);
+    if ((ret->imprint = OPENSSL_malloc(ret->imprint_len)) == NULL)
+        goto err;
+    memcpy(ret->imprint, ASN1_STRING_get0_data(msg), ret->imprint_len);
+
+    if ((nonce = req->nonce) != NULL) {
+        if ((ret->nonce = ASN1_INTEGER_dup(nonce)) == NULL)
+            goto err;
+    } else
+        ret->flags &= ~TS_VFY_NONCE;
+
+    return ret;
+ err:
+    if (ctx)
+        TS_VERIFY_CTX_cleanup(ctx);
+    else
+        TS_VERIFY_CTX_free(ret);
+    return NULL;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/txt_db/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/txt_db/build.info
new file mode 100644
index 000000000..4379d5f1b
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/txt_db/build.info
@@ -0,0 +1,2 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=txt_db.c
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/txt_db/txt_db.c b/trunk/3rdparty/openssl-1.1-fit/crypto/txt_db/txt_db.c
new file mode 100644
index 000000000..c4e178251
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/txt_db/txt_db.c
@@ -0,0 +1,317 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/txt_db.h>
+
+#undef BUFSIZE
+#define BUFSIZE 512
+
+TXT_DB *TXT_DB_read(BIO *in, int num)
+{
+    TXT_DB *ret = NULL;
+    int esc = 0;
+    long ln = 0;
+    int i, add, n;
+    int size = BUFSIZE;
+    int offset = 0;
+    char *p, *f;
+    OPENSSL_STRING *pp;
+    BUF_MEM *buf = NULL;
+
+    if ((buf = BUF_MEM_new()) == NULL)
+        goto err;
+    if (!BUF_MEM_grow(buf, size))
+        goto err;
+
+    if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL)
+        goto err;
+    ret->num_fields = num;
+    ret->index = NULL;
+    ret->qual = NULL;
+    if ((ret->data = sk_OPENSSL_PSTRING_new_null()) == NULL)
+        goto err;
+    if ((ret->index = OPENSSL_malloc(sizeof(*ret->index) * num)) == NULL)
+        goto err;
+    if ((ret->qual = OPENSSL_malloc(sizeof(*(ret->qual)) * num)) == NULL)
+        goto err;
+    for (i = 0; i < num; i++) {
+        ret->index[i] = NULL;
+        ret->qual[i] = NULL;
+    }
+
+    add = (num + 1) * sizeof(char *);
+    buf->data[size - 1] = '\0';
+    offset = 0;
+    for (;;) {
+        if (offset != 0) {
+            size += BUFSIZE;
+            if (!BUF_MEM_grow_clean(buf, size))
+                goto err;
+        }
+        buf->data[offset] = '\0';
+        BIO_gets(in, &(buf->data[offset]), size - offset);
+        ln++;
+        if (buf->data[offset] == '\0')
+            break;
+        if ((offset == 0) && (buf->data[0] == '#'))
+            continue;
+        i = strlen(&(buf->data[offset]));
+        offset += i;
+        if (buf->data[offset - 1] != '\n')
+            continue;
+        else {
+            buf->data[offset - 1] = '\0'; /* blat the '\n' */
+            if ((p = OPENSSL_malloc(add + offset)) == NULL)
+                goto err;
+            offset = 0;
+        }
+        pp = (char **)p;
+        p += add;
+        n = 0;
+        pp[n++] = p;
+        i = 0;
+        f = buf->data;
+
+        esc = 0;
+        for (;;) {
+            if (*f == '\0')
+                break;
+            if (*f == '\t') {
+                if (esc)
+                    p--;
+                else {
+                    *(p++) = '\0';
+                    f++;
+                    if (n >= num)
+                        break;
+                    pp[n++] = p;
+                    continue;
+                }
+            }
+            esc = (*f == '\\');
+            *(p++) = *(f++);
+        }
+        *(p++) = '\0';
+        if ((n != num) || (*f != '\0')) {
+            OPENSSL_free(pp);
+            ret->error = DB_ERROR_WRONG_NUM_FIELDS;
+            goto err;
+        }
+        pp[n] = p;
+        if (!sk_OPENSSL_PSTRING_push(ret->data, pp)) {
+            OPENSSL_free(pp);
+            goto err;
+        }
+    }
+    BUF_MEM_free(buf);
+    return ret;
+ err:
+    BUF_MEM_free(buf);
+    if (ret != NULL) {
+        sk_OPENSSL_PSTRING_free(ret->data);
+        OPENSSL_free(ret->index);
+        OPENSSL_free(ret->qual);
+        OPENSSL_free(ret);
+    }
+    return NULL;
+}
+
+OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx,
+                                    OPENSSL_STRING *value)
+{
+    OPENSSL_STRING *ret;
+    LHASH_OF(OPENSSL_STRING) *lh;
+
+    if (idx >= db->num_fields) {
+        db->error = DB_ERROR_INDEX_OUT_OF_RANGE;
+        return NULL;
+    }
+    lh = db->index[idx];
+    if (lh == NULL) {
+        db->error = DB_ERROR_NO_INDEX;
+        return NULL;
+    }
+    ret = lh_OPENSSL_STRING_retrieve(lh, value);
+    db->error = DB_ERROR_OK;
+    return ret;
+}
+
+int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *),
+                        OPENSSL_LH_HASHFUNC hash, OPENSSL_LH_COMPFUNC cmp)
+{
+    LHASH_OF(OPENSSL_STRING) *idx;
+    OPENSSL_STRING *r, *k;
+    int i, n;
+
+    if (field >= db->num_fields) {
+        db->error = DB_ERROR_INDEX_OUT_OF_RANGE;
+        return 0;
+    }
+    /* FIXME: we lose type checking at this point */
+    if ((idx = (LHASH_OF(OPENSSL_STRING) *)OPENSSL_LH_new(hash, cmp)) == NULL) {
+        db->error = DB_ERROR_MALLOC;
+        return 0;
+    }
+    n = sk_OPENSSL_PSTRING_num(db->data);
+    for (i = 0; i < n; i++) {
+        r = sk_OPENSSL_PSTRING_value(db->data, i);
+        if ((qual != NULL) && (qual(r) == 0))
+            continue;
+        if ((k = lh_OPENSSL_STRING_insert(idx, r)) != NULL) {
+            db->error = DB_ERROR_INDEX_CLASH;
+            db->arg1 = sk_OPENSSL_PSTRING_find(db->data, k);
+            db->arg2 = i;
+            lh_OPENSSL_STRING_free(idx);
+            return 0;
+        }
+        if (lh_OPENSSL_STRING_retrieve(idx, r) == NULL) {
+            db->error = DB_ERROR_MALLOC;
+            lh_OPENSSL_STRING_free(idx);
+            return 0;
+        }
+    }
+    lh_OPENSSL_STRING_free(db->index[field]);
+    db->index[field] = idx;
+    db->qual[field] = qual;
+    return 1;
+}
+
+long TXT_DB_write(BIO *out, TXT_DB *db)
+{
+    long i, j, n, nn, l, tot = 0;
+    char *p, **pp, *f;
+    BUF_MEM *buf = NULL;
+    long ret = -1;
+
+    if ((buf = BUF_MEM_new()) == NULL)
+        goto err;
+    n = sk_OPENSSL_PSTRING_num(db->data);
+    nn = db->num_fields;
+    for (i = 0; i < n; i++) {
+        pp = sk_OPENSSL_PSTRING_value(db->data, i);
+
+        l = 0;
+        for (j = 0; j < nn; j++) {
+            if (pp[j] != NULL)
+                l += strlen(pp[j]);
+        }
+        if (!BUF_MEM_grow_clean(buf, (int)(l * 2 + nn)))
+            goto err;
+
+        p = buf->data;
+        for (j = 0; j < nn; j++) {
+            f = pp[j];
+            if (f != NULL)
+                for (;;) {
+                    if (*f == '\0')
+                        break;
+                    if (*f == '\t')
+                        *(p++) = '\\';
+                    *(p++) = *(f++);
+                }
+            *(p++) = '\t';
+        }
+        p[-1] = '\n';
+        j = p - buf->data;
+        if (BIO_write(out, buf->data, (int)j) != j)
+            goto err;
+        tot += j;
+    }
+    ret = tot;
+ err:
+    BUF_MEM_free(buf);
+    return ret;
+}
+
+int TXT_DB_insert(TXT_DB *db, OPENSSL_STRING *row)
+{
+    int i;
+    OPENSSL_STRING *r;
+
+    for (i = 0; i < db->num_fields; i++) {
+        if (db->index[i] != NULL) {
+            if ((db->qual[i] != NULL) && (db->qual[i] (row) == 0))
+                continue;
+            r = lh_OPENSSL_STRING_retrieve(db->index[i], row);
+            if (r != NULL) {
+                db->error = DB_ERROR_INDEX_CLASH;
+                db->arg1 = i;
+                db->arg_row = r;
+                goto err;
+            }
+        }
+    }
+
+    for (i = 0; i < db->num_fields; i++) {
+        if (db->index[i] != NULL) {
+            if ((db->qual[i] != NULL) && (db->qual[i] (row) == 0))
+                continue;
+            (void)lh_OPENSSL_STRING_insert(db->index[i], row);
+            if (lh_OPENSSL_STRING_retrieve(db->index[i], row) == NULL)
+                goto err1;
+        }
+    }
+    if (!sk_OPENSSL_PSTRING_push(db->data, row))
+        goto err1;
+    return 1;
+
+ err1:
+    db->error = DB_ERROR_MALLOC;
+    while (i-- > 0) {
+        if (db->index[i] != NULL) {
+            if ((db->qual[i] != NULL) && (db->qual[i] (row) == 0))
+                continue;
+            (void)lh_OPENSSL_STRING_delete(db->index[i], row);
+        }
+    }
+ err:
+    return 0;
+}
+
+void TXT_DB_free(TXT_DB *db)
+{
+    int i, n;
+    char **p, *max;
+
+    if (db == NULL)
+        return;
+    if (db->index != NULL) {
+        for (i = db->num_fields - 1; i >= 0; i--)
+            lh_OPENSSL_STRING_free(db->index[i]);
+        OPENSSL_free(db->index);
+    }
+    OPENSSL_free(db->qual);
+    if (db->data != NULL) {
+        for (i = sk_OPENSSL_PSTRING_num(db->data) - 1; i >= 0; i--) {
+            /*
+             * check if any 'fields' have been allocated from outside of the
+             * initial block
+             */
+            p = sk_OPENSSL_PSTRING_value(db->data, i);
+            max = p[db->num_fields]; /* last address */
+            if (max == NULL) {  /* new row */
+                for (n = 0; n < db->num_fields; n++)
+                    OPENSSL_free(p[n]);
+            } else {
+                for (n = 0; n < db->num_fields; n++) {
+                    if (((p[n] < (char *)p) || (p[n] > max)))
+                        OPENSSL_free(p[n]);
+                }
+            }
+            OPENSSL_free(sk_OPENSSL_PSTRING_value(db->data, i));
+        }
+        sk_OPENSSL_PSTRING_free(db->data);
+    }
+    OPENSSL_free(db);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ui/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/ui/build.info
new file mode 100644
index 000000000..c5d17fb74
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ui/build.info
@@ -0,0 +1,3 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        ui_err.c ui_lib.c ui_openssl.c ui_null.c ui_util.c
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ui/ui_err.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ui/ui_err.c
new file mode 100644
index 000000000..b806872c3
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ui/ui_err.c
@@ -0,0 +1,78 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/uierr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA UI_str_functs[] = {
+    {ERR_PACK(ERR_LIB_UI, UI_F_CLOSE_CONSOLE, 0), "close_console"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_ECHO_CONSOLE, 0), "echo_console"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_GENERAL_ALLOCATE_BOOLEAN, 0),
+     "general_allocate_boolean"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_GENERAL_ALLOCATE_PROMPT, 0),
+     "general_allocate_prompt"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_NOECHO_CONSOLE, 0), "noecho_console"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_OPEN_CONSOLE, 0), "open_console"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_CONSTRUCT_PROMPT, 0), "UI_construct_prompt"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_CREATE_METHOD, 0), "UI_create_method"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_CTRL, 0), "UI_ctrl"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_DUP_ERROR_STRING, 0), "UI_dup_error_string"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_DUP_INFO_STRING, 0), "UI_dup_info_string"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_DUP_INPUT_BOOLEAN, 0),
+     "UI_dup_input_boolean"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_DUP_INPUT_STRING, 0), "UI_dup_input_string"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_DUP_USER_DATA, 0), "UI_dup_user_data"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_DUP_VERIFY_STRING, 0),
+     "UI_dup_verify_string"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_GET0_RESULT, 0), "UI_get0_result"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_GET_RESULT_LENGTH, 0),
+     "UI_get_result_length"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_NEW_METHOD, 0), "UI_new_method"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_PROCESS, 0), "UI_process"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_SET_RESULT, 0), "UI_set_result"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_SET_RESULT_EX, 0), "UI_set_result_ex"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA UI_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_UI, 0, UI_R_COMMON_OK_AND_CANCEL_CHARACTERS),
+    "common ok and cancel characters"},
+    {ERR_PACK(ERR_LIB_UI, 0, UI_R_INDEX_TOO_LARGE), "index too large"},
+    {ERR_PACK(ERR_LIB_UI, 0, UI_R_INDEX_TOO_SMALL), "index too small"},
+    {ERR_PACK(ERR_LIB_UI, 0, UI_R_NO_RESULT_BUFFER), "no result buffer"},
+    {ERR_PACK(ERR_LIB_UI, 0, UI_R_PROCESSING_ERROR), "processing error"},
+    {ERR_PACK(ERR_LIB_UI, 0, UI_R_RESULT_TOO_LARGE), "result too large"},
+    {ERR_PACK(ERR_LIB_UI, 0, UI_R_RESULT_TOO_SMALL), "result too small"},
+    {ERR_PACK(ERR_LIB_UI, 0, UI_R_SYSASSIGN_ERROR), "sys$assign error"},
+    {ERR_PACK(ERR_LIB_UI, 0, UI_R_SYSDASSGN_ERROR), "sys$dassgn error"},
+    {ERR_PACK(ERR_LIB_UI, 0, UI_R_SYSQIOW_ERROR), "sys$qiow error"},
+    {ERR_PACK(ERR_LIB_UI, 0, UI_R_UNKNOWN_CONTROL_COMMAND),
+    "unknown control command"},
+    {ERR_PACK(ERR_LIB_UI, 0, UI_R_UNKNOWN_TTYGET_ERRNO_VALUE),
+    "unknown ttyget errno value"},
+    {ERR_PACK(ERR_LIB_UI, 0, UI_R_USER_DATA_DUPLICATION_UNSUPPORTED),
+    "user data duplication unsupported"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_UI_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(UI_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(UI_str_functs);
+        ERR_load_strings_const(UI_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ui/ui_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ui/ui_lib.c
new file mode 100644
index 000000000..139485dcd
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ui/ui_lib.c
@@ -0,0 +1,954 @@
+/*
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include "internal/cryptlib.h"
+#include <openssl/e_os2.h>
+#include <openssl/buffer.h>
+#include <openssl/ui.h>
+#include <openssl/err.h>
+#include "ui_locl.h"
+
+UI *UI_new(void)
+{
+    return UI_new_method(NULL);
+}
+
+UI *UI_new_method(const UI_METHOD *method)
+{
+    UI *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        UIerr(UI_F_UI_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        UIerr(UI_F_UI_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+
+    if (method == NULL)
+        method = UI_get_default_method();
+    if (method == NULL)
+        method = UI_null();
+    ret->meth = method;
+
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_UI, ret, &ret->ex_data)) {
+        OPENSSL_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+static void free_string(UI_STRING *uis)
+{
+    if (uis->flags & OUT_STRING_FREEABLE) {
+        OPENSSL_free((char *)uis->out_string);
+        switch (uis->type) {
+        case UIT_BOOLEAN:
+            OPENSSL_free((char *)uis->_.boolean_data.action_desc);
+            OPENSSL_free((char *)uis->_.boolean_data.ok_chars);
+            OPENSSL_free((char *)uis->_.boolean_data.cancel_chars);
+            break;
+        case UIT_NONE:
+        case UIT_PROMPT:
+        case UIT_VERIFY:
+        case UIT_ERROR:
+        case UIT_INFO:
+            break;
+        }
+    }
+    OPENSSL_free(uis);
+}
+
+void UI_free(UI *ui)
+{
+    if (ui == NULL)
+        return;
+    if ((ui->flags & UI_FLAG_DUPL_DATA) != 0) {
+        ui->meth->ui_destroy_data(ui, ui->user_data);
+    }
+    sk_UI_STRING_pop_free(ui->strings, free_string);
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_UI, ui, &ui->ex_data);
+    CRYPTO_THREAD_lock_free(ui->lock);
+    OPENSSL_free(ui);
+}
+
+static int allocate_string_stack(UI *ui)
+{
+    if (ui->strings == NULL) {
+        ui->strings = sk_UI_STRING_new_null();
+        if (ui->strings == NULL) {
+            return -1;
+        }
+    }
+    return 0;
+}
+
+static UI_STRING *general_allocate_prompt(UI *ui, const char *prompt,
+                                          int prompt_freeable,
+                                          enum UI_string_types type,
+                                          int input_flags, char *result_buf)
+{
+    UI_STRING *ret = NULL;
+
+    if (prompt == NULL) {
+        UIerr(UI_F_GENERAL_ALLOCATE_PROMPT, ERR_R_PASSED_NULL_PARAMETER);
+    } else if ((type == UIT_PROMPT || type == UIT_VERIFY
+                || type == UIT_BOOLEAN) && result_buf == NULL) {
+        UIerr(UI_F_GENERAL_ALLOCATE_PROMPT, UI_R_NO_RESULT_BUFFER);
+    } else if ((ret = OPENSSL_malloc(sizeof(*ret))) != NULL) {
+        ret->out_string = prompt;
+        ret->flags = prompt_freeable ? OUT_STRING_FREEABLE : 0;
+        ret->input_flags = input_flags;
+        ret->type = type;
+        ret->result_buf = result_buf;
+    }
+    return ret;
+}
+
+static int general_allocate_string(UI *ui, const char *prompt,
+                                   int prompt_freeable,
+                                   enum UI_string_types type, int input_flags,
+                                   char *result_buf, int minsize, int maxsize,
+                                   const char *test_buf)
+{
+    int ret = -1;
+    UI_STRING *s = general_allocate_prompt(ui, prompt, prompt_freeable,
+                                           type, input_flags, result_buf);
+
+    if (s != NULL) {
+        if (allocate_string_stack(ui) >= 0) {
+            s->_.string_data.result_minsize = minsize;
+            s->_.string_data.result_maxsize = maxsize;
+            s->_.string_data.test_buf = test_buf;
+            ret = sk_UI_STRING_push(ui->strings, s);
+            /* sk_push() returns 0 on error.  Let's adapt that */
+            if (ret <= 0) {
+                ret--;
+                free_string(s);
+            }
+        } else
+            free_string(s);
+    }
+    return ret;
+}
+
+static int general_allocate_boolean(UI *ui,
+                                    const char *prompt,
+                                    const char *action_desc,
+                                    const char *ok_chars,
+                                    const char *cancel_chars,
+                                    int prompt_freeable,
+                                    enum UI_string_types type,
+                                    int input_flags, char *result_buf)
+{
+    int ret = -1;
+    UI_STRING *s;
+    const char *p;
+
+    if (ok_chars == NULL) {
+        UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN, ERR_R_PASSED_NULL_PARAMETER);
+    } else if (cancel_chars == NULL) {
+        UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN, ERR_R_PASSED_NULL_PARAMETER);
+    } else {
+        for (p = ok_chars; *p != '\0'; p++) {
+            if (strchr(cancel_chars, *p) != NULL) {
+                UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN,
+                      UI_R_COMMON_OK_AND_CANCEL_CHARACTERS);
+            }
+        }
+
+        s = general_allocate_prompt(ui, prompt, prompt_freeable,
+                                    type, input_flags, result_buf);
+
+        if (s != NULL) {
+            if (allocate_string_stack(ui) >= 0) {
+                s->_.boolean_data.action_desc = action_desc;
+                s->_.boolean_data.ok_chars = ok_chars;
+                s->_.boolean_data.cancel_chars = cancel_chars;
+                ret = sk_UI_STRING_push(ui->strings, s);
+                /*
+                 * sk_push() returns 0 on error. Let's adapt that
+                 */
+                if (ret <= 0) {
+                    ret--;
+                    free_string(s);
+                }
+            } else
+                free_string(s);
+        }
+    }
+    return ret;
+}
+
+/*
+ * Returns the index to the place in the stack or -1 for error.  Uses a
+ * direct reference to the prompt.
+ */
+int UI_add_input_string(UI *ui, const char *prompt, int flags,
+                        char *result_buf, int minsize, int maxsize)
+{
+    return general_allocate_string(ui, prompt, 0,
+                                   UIT_PROMPT, flags, result_buf, minsize,
+                                   maxsize, NULL);
+}
+
+/* Same as UI_add_input_string(), excepts it takes a copy of the prompt */
+int UI_dup_input_string(UI *ui, const char *prompt, int flags,
+                        char *result_buf, int minsize, int maxsize)
+{
+    char *prompt_copy = NULL;
+
+    if (prompt != NULL) {
+        prompt_copy = OPENSSL_strdup(prompt);
+        if (prompt_copy == NULL) {
+            UIerr(UI_F_UI_DUP_INPUT_STRING, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+    }
+
+    return general_allocate_string(ui, prompt_copy, 1,
+                                   UIT_PROMPT, flags, result_buf, minsize,
+                                   maxsize, NULL);
+}
+
+int UI_add_verify_string(UI *ui, const char *prompt, int flags,
+                         char *result_buf, int minsize, int maxsize,
+                         const char *test_buf)
+{
+    return general_allocate_string(ui, prompt, 0,
+                                   UIT_VERIFY, flags, result_buf, minsize,
+                                   maxsize, test_buf);
+}
+
+int UI_dup_verify_string(UI *ui, const char *prompt, int flags,
+                         char *result_buf, int minsize, int maxsize,
+                         const char *test_buf)
+{
+    char *prompt_copy = NULL;
+
+    if (prompt != NULL) {
+        prompt_copy = OPENSSL_strdup(prompt);
+        if (prompt_copy == NULL) {
+            UIerr(UI_F_UI_DUP_VERIFY_STRING, ERR_R_MALLOC_FAILURE);
+            return -1;
+        }
+    }
+
+    return general_allocate_string(ui, prompt_copy, 1,
+                                   UIT_VERIFY, flags, result_buf, minsize,
+                                   maxsize, test_buf);
+}
+
+int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc,
+                         const char *ok_chars, const char *cancel_chars,
+                         int flags, char *result_buf)
+{
+    return general_allocate_boolean(ui, prompt, action_desc,
+                                    ok_chars, cancel_chars, 0, UIT_BOOLEAN,
+                                    flags, result_buf);
+}
+
+int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
+                         const char *ok_chars, const char *cancel_chars,
+                         int flags, char *result_buf)
+{
+    char *prompt_copy = NULL;
+    char *action_desc_copy = NULL;
+    char *ok_chars_copy = NULL;
+    char *cancel_chars_copy = NULL;
+
+    if (prompt != NULL) {
+        prompt_copy = OPENSSL_strdup(prompt);
+        if (prompt_copy == NULL) {
+            UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+
+    if (action_desc != NULL) {
+        action_desc_copy = OPENSSL_strdup(action_desc);
+        if (action_desc_copy == NULL) {
+            UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+
+    if (ok_chars != NULL) {
+        ok_chars_copy = OPENSSL_strdup(ok_chars);
+        if (ok_chars_copy == NULL) {
+            UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+
+    if (cancel_chars != NULL) {
+        cancel_chars_copy = OPENSSL_strdup(cancel_chars);
+        if (cancel_chars_copy == NULL) {
+            UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+
+    return general_allocate_boolean(ui, prompt_copy, action_desc_copy,
+                                    ok_chars_copy, cancel_chars_copy, 1,
+                                    UIT_BOOLEAN, flags, result_buf);
+ err:
+    OPENSSL_free(prompt_copy);
+    OPENSSL_free(action_desc_copy);
+    OPENSSL_free(ok_chars_copy);
+    OPENSSL_free(cancel_chars_copy);
+    return -1;
+}
+
+int UI_add_info_string(UI *ui, const char *text)
+{
+    return general_allocate_string(ui, text, 0, UIT_INFO, 0, NULL, 0, 0,
+                                   NULL);
+}
+
+int UI_dup_info_string(UI *ui, const char *text)
+{
+    char *text_copy = NULL;
+
+    if (text != NULL) {
+        text_copy = OPENSSL_strdup(text);
+        if (text_copy == NULL) {
+            UIerr(UI_F_UI_DUP_INFO_STRING, ERR_R_MALLOC_FAILURE);
+            return -1;
+        }
+    }
+
+    return general_allocate_string(ui, text_copy, 1, UIT_INFO, 0, NULL,
+                                   0, 0, NULL);
+}
+
+int UI_add_error_string(UI *ui, const char *text)
+{
+    return general_allocate_string(ui, text, 0, UIT_ERROR, 0, NULL, 0, 0,
+                                   NULL);
+}
+
+int UI_dup_error_string(UI *ui, const char *text)
+{
+    char *text_copy = NULL;
+
+    if (text != NULL) {
+        text_copy = OPENSSL_strdup(text);
+        if (text_copy == NULL) {
+            UIerr(UI_F_UI_DUP_ERROR_STRING, ERR_R_MALLOC_FAILURE);
+            return -1;
+        }
+    }
+    return general_allocate_string(ui, text_copy, 1, UIT_ERROR, 0, NULL,
+                                   0, 0, NULL);
+}
+
+char *UI_construct_prompt(UI *ui, const char *object_desc,
+                          const char *object_name)
+{
+    char *prompt = NULL;
+
+    if (ui->meth->ui_construct_prompt != NULL)
+        prompt = ui->meth->ui_construct_prompt(ui, object_desc, object_name);
+    else {
+        char prompt1[] = "Enter ";
+        char prompt2[] = " for ";
+        char prompt3[] = ":";
+        int len = 0;
+
+        if (object_desc == NULL)
+            return NULL;
+        len = sizeof(prompt1) - 1 + strlen(object_desc);
+        if (object_name != NULL)
+            len += sizeof(prompt2) - 1 + strlen(object_name);
+        len += sizeof(prompt3) - 1;
+
+        if ((prompt = OPENSSL_malloc(len + 1)) == NULL) {
+            UIerr(UI_F_UI_CONSTRUCT_PROMPT, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+        OPENSSL_strlcpy(prompt, prompt1, len + 1);
+        OPENSSL_strlcat(prompt, object_desc, len + 1);
+        if (object_name != NULL) {
+            OPENSSL_strlcat(prompt, prompt2, len + 1);
+            OPENSSL_strlcat(prompt, object_name, len + 1);
+        }
+        OPENSSL_strlcat(prompt, prompt3, len + 1);
+    }
+    return prompt;
+}
+
+void *UI_add_user_data(UI *ui, void *user_data)
+{
+    void *old_data = ui->user_data;
+
+    if ((ui->flags & UI_FLAG_DUPL_DATA) != 0) {
+        ui->meth->ui_destroy_data(ui, old_data);
+        old_data = NULL;
+    }
+    ui->user_data = user_data;
+    ui->flags &= ~UI_FLAG_DUPL_DATA;
+    return old_data;
+}
+
+int UI_dup_user_data(UI *ui, void *user_data)
+{
+    void *duplicate = NULL;
+
+    if (ui->meth->ui_duplicate_data == NULL
+        || ui->meth->ui_destroy_data == NULL) {
+        UIerr(UI_F_UI_DUP_USER_DATA, UI_R_USER_DATA_DUPLICATION_UNSUPPORTED);
+        return -1;
+    }
+
+    duplicate = ui->meth->ui_duplicate_data(ui, user_data);
+    if (duplicate == NULL) {
+        UIerr(UI_F_UI_DUP_USER_DATA, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+
+    (void)UI_add_user_data(ui, duplicate);
+    ui->flags |= UI_FLAG_DUPL_DATA;
+
+    return 0;
+}
+
+void *UI_get0_user_data(UI *ui)
+{
+    return ui->user_data;
+}
+
+const char *UI_get0_result(UI *ui, int i)
+{
+    if (i < 0) {
+        UIerr(UI_F_UI_GET0_RESULT, UI_R_INDEX_TOO_SMALL);
+        return NULL;
+    }
+    if (i >= sk_UI_STRING_num(ui->strings)) {
+        UIerr(UI_F_UI_GET0_RESULT, UI_R_INDEX_TOO_LARGE);
+        return NULL;
+    }
+    return UI_get0_result_string(sk_UI_STRING_value(ui->strings, i));
+}
+
+int UI_get_result_length(UI *ui, int i)
+{
+    if (i < 0) {
+        UIerr(UI_F_UI_GET_RESULT_LENGTH, UI_R_INDEX_TOO_SMALL);
+        return -1;
+    }
+    if (i >= sk_UI_STRING_num(ui->strings)) {
+        UIerr(UI_F_UI_GET_RESULT_LENGTH, UI_R_INDEX_TOO_LARGE);
+        return -1;
+    }
+    return UI_get_result_string_length(sk_UI_STRING_value(ui->strings, i));
+}
+
+static int print_error(const char *str, size_t len, UI *ui)
+{
+    UI_STRING uis;
+
+    memset(&uis, 0, sizeof(uis));
+    uis.type = UIT_ERROR;
+    uis.out_string = str;
+
+    if (ui->meth->ui_write_string != NULL
+        && ui->meth->ui_write_string(ui, &uis) <= 0)
+        return -1;
+    return 0;
+}
+
+int UI_process(UI *ui)
+{
+    int i, ok = 0;
+    const char *state = "processing";
+
+    if (ui->meth->ui_open_session != NULL
+        && ui->meth->ui_open_session(ui) <= 0) {
+        state = "opening session";
+        ok = -1;
+        goto err;
+    }
+
+    if (ui->flags & UI_FLAG_PRINT_ERRORS)
+        ERR_print_errors_cb((int (*)(const char *, size_t, void *))
+                            print_error, (void *)ui);
+
+    for (i = 0; i < sk_UI_STRING_num(ui->strings); i++) {
+        if (ui->meth->ui_write_string != NULL
+            && (ui->meth->ui_write_string(ui,
+                                          sk_UI_STRING_value(ui->strings, i))
+                <= 0))
+        {
+            state = "writing strings";
+            ok = -1;
+            goto err;
+        }
+    }
+
+    if (ui->meth->ui_flush != NULL)
+        switch (ui->meth->ui_flush(ui)) {
+        case -1:               /* Interrupt/Cancel/something... */
+            ok = -2;
+            goto err;
+        case 0:                /* Errors */
+            state = "flushing";
+            ok = -1;
+            goto err;
+        default:               /* Success */
+            ok = 0;
+            break;
+        }
+
+    for (i = 0; i < sk_UI_STRING_num(ui->strings); i++) {
+        if (ui->meth->ui_read_string != NULL) {
+            switch (ui->meth->ui_read_string(ui,
+                                             sk_UI_STRING_value(ui->strings,
+                                                                i))) {
+            case -1:           /* Interrupt/Cancel/something... */
+                ok = -2;
+                goto err;
+            case 0:            /* Errors */
+                state = "reading strings";
+                ok = -1;
+                goto err;
+            default:           /* Success */
+                ok = 0;
+                break;
+            }
+        }
+    }
+
+    state = NULL;
+ err:
+    if (ui->meth->ui_close_session != NULL
+        && ui->meth->ui_close_session(ui) <= 0) {
+        if (state == NULL)
+            state = "closing session";
+        ok = -1;
+    }
+
+    if (ok == -1) {
+        UIerr(UI_F_UI_PROCESS, UI_R_PROCESSING_ERROR);
+        ERR_add_error_data(2, "while ", state);
+    }
+    return ok;
+}
+
+int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void))
+{
+    if (ui == NULL) {
+        UIerr(UI_F_UI_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+        return -1;
+    }
+    switch (cmd) {
+    case UI_CTRL_PRINT_ERRORS:
+        {
+            int save_flag = ! !(ui->flags & UI_FLAG_PRINT_ERRORS);
+            if (i)
+                ui->flags |= UI_FLAG_PRINT_ERRORS;
+            else
+                ui->flags &= ~UI_FLAG_PRINT_ERRORS;
+            return save_flag;
+        }
+    case UI_CTRL_IS_REDOABLE:
+        return ! !(ui->flags & UI_FLAG_REDOABLE);
+    default:
+        break;
+    }
+    UIerr(UI_F_UI_CTRL, UI_R_UNKNOWN_CONTROL_COMMAND);
+    return -1;
+}
+
+int UI_set_ex_data(UI *r, int idx, void *arg)
+{
+    return CRYPTO_set_ex_data(&r->ex_data, idx, arg);
+}
+
+void *UI_get_ex_data(UI *r, int idx)
+{
+    return CRYPTO_get_ex_data(&r->ex_data, idx);
+}
+
+const UI_METHOD *UI_get_method(UI *ui)
+{
+    return ui->meth;
+}
+
+const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth)
+{
+    ui->meth = meth;
+    return ui->meth;
+}
+
+UI_METHOD *UI_create_method(const char *name)
+{
+    UI_METHOD *ui_method = NULL;
+
+    if ((ui_method = OPENSSL_zalloc(sizeof(*ui_method))) == NULL
+        || (ui_method->name = OPENSSL_strdup(name)) == NULL
+        || !CRYPTO_new_ex_data(CRYPTO_EX_INDEX_UI_METHOD, ui_method,
+                               &ui_method->ex_data)) {
+        if (ui_method)
+            OPENSSL_free(ui_method->name);
+        OPENSSL_free(ui_method);
+        UIerr(UI_F_UI_CREATE_METHOD, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    return ui_method;
+}
+
+/*
+ * BIG FSCKING WARNING!!!! If you use this on a statically allocated method
+ * (that is, it hasn't been allocated using UI_create_method(), you deserve
+ * anything Murphy can throw at you and more! You have been warned.
+ */
+void UI_destroy_method(UI_METHOD *ui_method)
+{
+    if (ui_method == NULL)
+        return;
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_UI_METHOD, ui_method,
+                        &ui_method->ex_data);
+    OPENSSL_free(ui_method->name);
+    ui_method->name = NULL;
+    OPENSSL_free(ui_method);
+}
+
+int UI_method_set_opener(UI_METHOD *method, int (*opener) (UI *ui))
+{
+    if (method != NULL) {
+        method->ui_open_session = opener;
+        return 0;
+    }
+    return -1;
+}
+
+int UI_method_set_writer(UI_METHOD *method,
+                         int (*writer) (UI *ui, UI_STRING *uis))
+{
+    if (method != NULL) {
+        method->ui_write_string = writer;
+        return 0;
+    }
+    return -1;
+}
+
+int UI_method_set_flusher(UI_METHOD *method, int (*flusher) (UI *ui))
+{
+    if (method != NULL) {
+        method->ui_flush = flusher;
+        return 0;
+    }
+    return -1;
+}
+
+int UI_method_set_reader(UI_METHOD *method,
+                         int (*reader) (UI *ui, UI_STRING *uis))
+{
+    if (method != NULL) {
+        method->ui_read_string = reader;
+        return 0;
+    }
+    return -1;
+}
+
+int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui))
+{
+    if (method != NULL) {
+        method->ui_close_session = closer;
+        return 0;
+    }
+    return -1;
+}
+
+int UI_method_set_data_duplicator(UI_METHOD *method,
+                                  void *(*duplicator) (UI *ui, void *ui_data),
+                                  void (*destructor)(UI *ui, void *ui_data))
+{
+    if (method != NULL) {
+        method->ui_duplicate_data = duplicator;
+        method->ui_destroy_data = destructor;
+        return 0;
+    }
+    return -1;
+}
+
+int UI_method_set_prompt_constructor(UI_METHOD *method,
+                                     char *(*prompt_constructor) (UI *ui,
+                                                                  const char
+                                                                  *object_desc,
+                                                                  const char
+                                                                  *object_name))
+{
+    if (method != NULL) {
+        method->ui_construct_prompt = prompt_constructor;
+        return 0;
+    }
+    return -1;
+}
+
+int UI_method_set_ex_data(UI_METHOD *method, int idx, void *data)
+{
+    return CRYPTO_set_ex_data(&method->ex_data, idx, data);
+}
+
+int (*UI_method_get_opener(const UI_METHOD *method)) (UI *)
+{
+    if (method != NULL)
+        return method->ui_open_session;
+    return NULL;
+}
+
+int (*UI_method_get_writer(const UI_METHOD *method)) (UI *, UI_STRING *)
+{
+    if (method != NULL)
+        return method->ui_write_string;
+    return NULL;
+}
+
+int (*UI_method_get_flusher(const UI_METHOD *method)) (UI *)
+{
+    if (method != NULL)
+        return method->ui_flush;
+    return NULL;
+}
+
+int (*UI_method_get_reader(const UI_METHOD *method)) (UI *, UI_STRING *)
+{
+    if (method != NULL)
+        return method->ui_read_string;
+    return NULL;
+}
+
+int (*UI_method_get_closer(const UI_METHOD *method)) (UI *)
+{
+    if (method != NULL)
+        return method->ui_close_session;
+    return NULL;
+}
+
+char *(*UI_method_get_prompt_constructor(const UI_METHOD *method))
+    (UI *, const char *, const char *)
+{
+    if (method != NULL)
+        return method->ui_construct_prompt;
+    return NULL;
+}
+
+void *(*UI_method_get_data_duplicator(const UI_METHOD *method)) (UI *, void *)
+{
+    if (method != NULL)
+        return method->ui_duplicate_data;
+    return NULL;
+}
+
+void (*UI_method_get_data_destructor(const UI_METHOD *method)) (UI *, void *)
+{
+    if (method != NULL)
+        return method->ui_destroy_data;
+    return NULL;
+}
+
+const void *UI_method_get_ex_data(const UI_METHOD *method, int idx)
+{
+    return CRYPTO_get_ex_data(&method->ex_data, idx);
+}
+
+enum UI_string_types UI_get_string_type(UI_STRING *uis)
+{
+    return uis->type;
+}
+
+int UI_get_input_flags(UI_STRING *uis)
+{
+    return uis->input_flags;
+}
+
+const char *UI_get0_output_string(UI_STRING *uis)
+{
+    return uis->out_string;
+}
+
+const char *UI_get0_action_string(UI_STRING *uis)
+{
+    switch (uis->type) {
+    case UIT_BOOLEAN:
+        return uis->_.boolean_data.action_desc;
+    case UIT_PROMPT:
+    case UIT_NONE:
+    case UIT_VERIFY:
+    case UIT_INFO:
+    case UIT_ERROR:
+        break;
+    }
+    return NULL;
+}
+
+const char *UI_get0_result_string(UI_STRING *uis)
+{
+    switch (uis->type) {
+    case UIT_PROMPT:
+    case UIT_VERIFY:
+        return uis->result_buf;
+    case UIT_NONE:
+    case UIT_BOOLEAN:
+    case UIT_INFO:
+    case UIT_ERROR:
+        break;
+    }
+    return NULL;
+}
+
+int UI_get_result_string_length(UI_STRING *uis)
+{
+    switch (uis->type) {
+    case UIT_PROMPT:
+    case UIT_VERIFY:
+        return uis->result_len;
+    case UIT_NONE:
+    case UIT_BOOLEAN:
+    case UIT_INFO:
+    case UIT_ERROR:
+        break;
+    }
+    return -1;
+}
+
+const char *UI_get0_test_string(UI_STRING *uis)
+{
+    switch (uis->type) {
+    case UIT_VERIFY:
+        return uis->_.string_data.test_buf;
+    case UIT_NONE:
+    case UIT_BOOLEAN:
+    case UIT_INFO:
+    case UIT_ERROR:
+    case UIT_PROMPT:
+        break;
+    }
+    return NULL;
+}
+
+int UI_get_result_minsize(UI_STRING *uis)
+{
+    switch (uis->type) {
+    case UIT_PROMPT:
+    case UIT_VERIFY:
+        return uis->_.string_data.result_minsize;
+    case UIT_NONE:
+    case UIT_INFO:
+    case UIT_ERROR:
+    case UIT_BOOLEAN:
+        break;
+    }
+    return -1;
+}
+
+int UI_get_result_maxsize(UI_STRING *uis)
+{
+    switch (uis->type) {
+    case UIT_PROMPT:
+    case UIT_VERIFY:
+        return uis->_.string_data.result_maxsize;
+    case UIT_NONE:
+    case UIT_INFO:
+    case UIT_ERROR:
+    case UIT_BOOLEAN:
+        break;
+    }
+    return -1;
+}
+
+int UI_set_result(UI *ui, UI_STRING *uis, const char *result)
+{
+#if 0
+    /*
+     * This is placed here solely to preserve UI_F_UI_SET_RESULT
+     * To be removed for OpenSSL 1.2.0
+     */
+    UIerr(UI_F_UI_SET_RESULT, ERR_R_DISABLED);
+#endif
+    return UI_set_result_ex(ui, uis, result, strlen(result));
+}
+
+int UI_set_result_ex(UI *ui, UI_STRING *uis, const char *result, int len)
+{
+    ui->flags &= ~UI_FLAG_REDOABLE;
+
+    switch (uis->type) {
+    case UIT_PROMPT:
+    case UIT_VERIFY:
+        {
+            char number1[DECIMAL_SIZE(uis->_.string_data.result_minsize) + 1];
+            char number2[DECIMAL_SIZE(uis->_.string_data.result_maxsize) + 1];
+
+            BIO_snprintf(number1, sizeof(number1), "%d",
+                         uis->_.string_data.result_minsize);
+            BIO_snprintf(number2, sizeof(number2), "%d",
+                         uis->_.string_data.result_maxsize);
+
+            if (len < uis->_.string_data.result_minsize) {
+                ui->flags |= UI_FLAG_REDOABLE;
+                UIerr(UI_F_UI_SET_RESULT_EX, UI_R_RESULT_TOO_SMALL);
+                ERR_add_error_data(5, "You must type in ",
+                                   number1, " to ", number2, " characters");
+                return -1;
+            }
+            if (len > uis->_.string_data.result_maxsize) {
+                ui->flags |= UI_FLAG_REDOABLE;
+                UIerr(UI_F_UI_SET_RESULT_EX, UI_R_RESULT_TOO_LARGE);
+                ERR_add_error_data(5, "You must type in ",
+                                   number1, " to ", number2, " characters");
+                return -1;
+            }
+        }
+
+        if (uis->result_buf == NULL) {
+            UIerr(UI_F_UI_SET_RESULT_EX, UI_R_NO_RESULT_BUFFER);
+            return -1;
+        }
+
+        memcpy(uis->result_buf, result, len);
+        if (len <= uis->_.string_data.result_maxsize)
+            uis->result_buf[len] = '\0';
+        uis->result_len = len;
+        break;
+    case UIT_BOOLEAN:
+        {
+            const char *p;
+
+            if (uis->result_buf == NULL) {
+                UIerr(UI_F_UI_SET_RESULT_EX, UI_R_NO_RESULT_BUFFER);
+                return -1;
+            }
+
+            uis->result_buf[0] = '\0';
+            for (p = result; *p; p++) {
+                if (strchr(uis->_.boolean_data.ok_chars, *p)) {
+                    uis->result_buf[0] = uis->_.boolean_data.ok_chars[0];
+                    break;
+                }
+                if (strchr(uis->_.boolean_data.cancel_chars, *p)) {
+                    uis->result_buf[0] = uis->_.boolean_data.cancel_chars[0];
+                    break;
+                }
+            }
+        }
+    case UIT_NONE:
+    case UIT_INFO:
+    case UIT_ERROR:
+        break;
+    }
+    return 0;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ui/ui_locl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/ui/ui_locl.h
new file mode 100644
index 000000000..19b33b8fc
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ui/ui_locl.h
@@ -0,0 +1,109 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_UI_LOCL_H
+# define HEADER_UI_LOCL_H
+
+# include <openssl/ui.h>
+# include <openssl/crypto.h>
+
+# ifdef _
+#  undef _
+# endif
+
+struct ui_method_st {
+    char *name;
+    /*
+     * All the functions return 1 or non-NULL for success and 0 or NULL for
+     * failure
+     */
+    /*
+     * Open whatever channel for this, be it the console, an X window or
+     * whatever. This function should use the ex_data structure to save
+     * intermediate data.
+     */
+    int (*ui_open_session) (UI *ui);
+    int (*ui_write_string) (UI *ui, UI_STRING *uis);
+    /*
+     * Flush the output.  If a GUI dialog box is used, this function can be
+     * used to actually display it.
+     */
+    int (*ui_flush) (UI *ui);
+    int (*ui_read_string) (UI *ui, UI_STRING *uis);
+    int (*ui_close_session) (UI *ui);
+    /*
+     * Duplicate the ui_data that often comes alongside a ui_method.  This
+     * allows some backends to save away UI information for later use.
+     */
+    void *(*ui_duplicate_data) (UI *ui, void *ui_data);
+    void (*ui_destroy_data) (UI *ui, void *ui_data);
+    /*
+     * Construct a prompt in a user-defined manner.  object_desc is a textual
+     * short description of the object, for example "pass phrase", and
+     * object_name is the name of the object (might be a card name or a file
+     * name. The returned string shall always be allocated on the heap with
+     * OPENSSL_malloc(), and need to be free'd with OPENSSL_free().
+     */
+    char *(*ui_construct_prompt) (UI *ui, const char *object_desc,
+                                  const char *object_name);
+    /*
+     * UI_METHOD specific application data.
+     */
+    CRYPTO_EX_DATA ex_data;
+};
+
+struct ui_string_st {
+    enum UI_string_types type;  /* Input */
+    const char *out_string;     /* Input */
+    int input_flags;            /* Flags from the user */
+    /*
+     * The following parameters are completely irrelevant for UIT_INFO, and
+     * can therefore be set to 0 or NULL
+     */
+    char *result_buf;           /* Input and Output: If not NULL,
+                                 * user-defined with size in result_maxsize.
+                                 * Otherwise, it may be allocated by the UI
+                                 * routine, meaning result_minsize is going
+                                 * to be overwritten. */
+    size_t result_len;
+    union {
+        struct {
+            int result_minsize; /* Input: minimum required size of the
+                                 * result. */
+            int result_maxsize; /* Input: maximum permitted size of the
+                                 * result */
+            const char *test_buf; /* Input: test string to verify against */
+        } string_data;
+        struct {
+            const char *action_desc; /* Input */
+            const char *ok_chars; /* Input */
+            const char *cancel_chars; /* Input */
+        } boolean_data;
+    } _;
+
+# define OUT_STRING_FREEABLE 0x01
+    int flags;                  /* flags for internal use */
+};
+
+struct ui_st {
+    const UI_METHOD *meth;
+    STACK_OF(UI_STRING) *strings; /* We might want to prompt for more than
+                                   * one thing at a time, and with different
+                                   * echoing status.  */
+    void *user_data;
+    CRYPTO_EX_DATA ex_data;
+# define UI_FLAG_REDOABLE        0x0001
+# define UI_FLAG_DUPL_DATA       0x0002 /* user_data was duplicated */
+# define UI_FLAG_PRINT_ERRORS    0x0100
+    int flags;
+
+    CRYPTO_RWLOCK *lock;
+};
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ui/ui_null.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ui/ui_null.c
new file mode 100644
index 000000000..9e5f6fca5
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ui/ui_null.c
@@ -0,0 +1,26 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "ui_locl.h"
+
+static const UI_METHOD ui_null = {
+    "OpenSSL NULL UI",
+    NULL,                        /* opener */
+    NULL,                        /* writer */
+    NULL,                        /* flusher */
+    NULL,                        /* reader */
+    NULL,                        /* closer */
+    NULL
+};
+
+/* The method with all the built-in thingies */
+const UI_METHOD *UI_null(void)
+{
+    return &ui_null;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ui/ui_openssl.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ui/ui_openssl.c
new file mode 100644
index 000000000..5ca418d24
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ui/ui_openssl.c
@@ -0,0 +1,744 @@
+/*
+ * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include <openssl/e_os2.h>
+#include <openssl/err.h>
+#include <openssl/ui.h>
+
+#ifndef OPENSSL_NO_UI_CONSOLE
+/*
+ * need for #define _POSIX_C_SOURCE arises whenever you pass -ansi to gcc
+ * [maybe others?], because it masks interfaces not discussed in standard,
+ * sigaction and fileno included. -pedantic would be more appropriate for the
+ * intended purposes, but we can't prevent users from adding -ansi.
+ */
+# if defined(OPENSSL_SYS_VXWORKS)
+#  include <sys/types.h>
+# endif
+
+# if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
+#  ifndef _POSIX_C_SOURCE
+#   define _POSIX_C_SOURCE 2
+#  endif
+# endif
+# include <signal.h>
+# include <stdio.h>
+# include <string.h>
+# include <errno.h>
+
+# if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS)
+#  ifdef OPENSSL_UNISTD
+#   include OPENSSL_UNISTD
+#  else
+#   include <unistd.h>
+#  endif
+/*
+ * If unistd.h defines _POSIX_VERSION, we conclude that we are on a POSIX
+ * system and have sigaction and termios.
+ */
+#  if defined(_POSIX_VERSION) && _POSIX_VERSION>=199309L
+
+#   define SIGACTION
+#   if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY)
+#    define TERMIOS
+#   endif
+
+#  endif
+# endif
+
+# include "ui_locl.h"
+# include "internal/cryptlib.h"
+
+# ifdef OPENSSL_SYS_VMS          /* prototypes for sys$whatever */
+#  include <starlet.h>
+#  ifdef __DECC
+#   pragma message disable DOLLARID
+#  endif
+# endif
+
+# ifdef WIN_CONSOLE_BUG
+#  include <windows.h>
+#  ifndef OPENSSL_SYS_WINCE
+#   include <wincon.h>
+#  endif
+# endif
+
+/*
+ * There are 6 types of terminal interface supported, TERMIO, TERMIOS, VMS,
+ * MSDOS, WIN32 Console and SGTTY.
+ *
+ * If someone defines one of the macros TERMIO, TERMIOS or SGTTY, it will
+ * remain respected.  Otherwise, we default to TERMIOS except for a few
+ * systems that require something different.
+ *
+ * Note: we do not use SGTTY unless it's defined by the configuration.  We
+ * may eventually opt to remove it's use entirely.
+ */
+
+# if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY)
+
+#  if defined(_LIBC)
+#   undef  TERMIOS
+#   define TERMIO
+#   undef  SGTTY
+/*
+ * We know that VMS, MSDOS, VXWORKS, use entirely other mechanisms.
+ */
+#  elif !defined(OPENSSL_SYS_VMS) \
+	&& !defined(OPENSSL_SYS_MSDOS) \
+	&& !defined(OPENSSL_SYS_VXWORKS)
+#   define TERMIOS
+#   undef  TERMIO
+#   undef  SGTTY
+#  endif
+
+# endif
+
+# if defined(OPENSSL_SYS_VXWORKS)
+#  undef TERMIOS
+#  undef TERMIO
+#  undef SGTTY
+# endif
+
+# ifdef TERMIOS
+#  include <termios.h>
+#  define TTY_STRUCT             struct termios
+#  define TTY_FLAGS              c_lflag
+#  define TTY_get(tty,data)      tcgetattr(tty,data)
+#  define TTY_set(tty,data)      tcsetattr(tty,TCSANOW,data)
+# endif
+
+# ifdef TERMIO
+#  include <termio.h>
+#  define TTY_STRUCT             struct termio
+#  define TTY_FLAGS              c_lflag
+#  define TTY_get(tty,data)      ioctl(tty,TCGETA,data)
+#  define TTY_set(tty,data)      ioctl(tty,TCSETA,data)
+# endif
+
+# ifdef SGTTY
+#  include <sgtty.h>
+#  define TTY_STRUCT             struct sgttyb
+#  define TTY_FLAGS              sg_flags
+#  define TTY_get(tty,data)      ioctl(tty,TIOCGETP,data)
+#  define TTY_set(tty,data)      ioctl(tty,TIOCSETP,data)
+# endif
+
+# if !defined(_LIBC) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS)
+#  include <sys/ioctl.h>
+# endif
+
+# ifdef OPENSSL_SYS_MSDOS
+#  include <conio.h>
+# endif
+
+# ifdef OPENSSL_SYS_VMS
+#  include <ssdef.h>
+#  include <iodef.h>
+#  include <ttdef.h>
+#  include <descrip.h>
+struct IOSB {
+    short iosb$w_value;
+    short iosb$w_count;
+    long iosb$l_info;
+};
+# endif
+
+# ifndef NX509_SIG
+#  define NX509_SIG 32
+# endif
+
+/* Define globals.  They are protected by a lock */
+# ifdef SIGACTION
+static struct sigaction savsig[NX509_SIG];
+# else
+static void (*savsig[NX509_SIG]) (int);
+# endif
+
+# ifdef OPENSSL_SYS_VMS
+static struct IOSB iosb;
+static $DESCRIPTOR(terminal, "TT");
+static long tty_orig[3], tty_new[3]; /* XXX Is there any guarantee that this
+                                      * will always suffice for the actual
+                                      * structures? */
+static long status;
+static unsigned short channel = 0;
+# elif defined(_WIN32) && !defined(_WIN32_WCE)
+static DWORD tty_orig, tty_new;
+# else
+#  if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__)
+static TTY_STRUCT tty_orig, tty_new;
+#  endif
+# endif
+static FILE *tty_in, *tty_out;
+static int is_a_tty;
+
+/* Declare static functions */
+# if !defined(OPENSSL_SYS_WINCE)
+static int read_till_nl(FILE *);
+static void recsig(int);
+static void pushsig(void);
+static void popsig(void);
+# endif
+# if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32)
+static int noecho_fgets(char *buf, int size, FILE *tty);
+# endif
+static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl);
+
+static int read_string(UI *ui, UI_STRING *uis);
+static int write_string(UI *ui, UI_STRING *uis);
+
+static int open_console(UI *ui);
+static int echo_console(UI *ui);
+static int noecho_console(UI *ui);
+static int close_console(UI *ui);
+
+/*
+ * The following function makes sure that info and error strings are printed
+ * before any prompt.
+ */
+static int write_string(UI *ui, UI_STRING *uis)
+{
+    switch (UI_get_string_type(uis)) {
+    case UIT_ERROR:
+    case UIT_INFO:
+        fputs(UI_get0_output_string(uis), tty_out);
+        fflush(tty_out);
+        break;
+    case UIT_NONE:
+    case UIT_PROMPT:
+    case UIT_VERIFY:
+    case UIT_BOOLEAN:
+        break;
+    }
+    return 1;
+}
+
+static int read_string(UI *ui, UI_STRING *uis)
+{
+    int ok = 0;
+
+    switch (UI_get_string_type(uis)) {
+    case UIT_BOOLEAN:
+        fputs(UI_get0_output_string(uis), tty_out);
+        fputs(UI_get0_action_string(uis), tty_out);
+        fflush(tty_out);
+        return read_string_inner(ui, uis,
+                                 UI_get_input_flags(uis) & UI_INPUT_FLAG_ECHO,
+                                 0);
+    case UIT_PROMPT:
+        fputs(UI_get0_output_string(uis), tty_out);
+        fflush(tty_out);
+        return read_string_inner(ui, uis,
+                                 UI_get_input_flags(uis) & UI_INPUT_FLAG_ECHO,
+                                 1);
+    case UIT_VERIFY:
+        fprintf(tty_out, "Verifying - %s", UI_get0_output_string(uis));
+        fflush(tty_out);
+        if ((ok = read_string_inner(ui, uis,
+                                    UI_get_input_flags(uis) &
+                                    UI_INPUT_FLAG_ECHO, 1)) <= 0)
+            return ok;
+        if (strcmp(UI_get0_result_string(uis), UI_get0_test_string(uis)) != 0) {
+            fprintf(tty_out, "Verify failure\n");
+            fflush(tty_out);
+            return 0;
+        }
+        break;
+    case UIT_NONE:
+    case UIT_INFO:
+    case UIT_ERROR:
+        break;
+    }
+    return 1;
+}
+
+# if !defined(OPENSSL_SYS_WINCE)
+/* Internal functions to read a string without echoing */
+static int read_till_nl(FILE *in)
+{
+#  define SIZE 4
+    char buf[SIZE + 1];
+
+    do {
+        if (!fgets(buf, SIZE, in))
+            return 0;
+    } while (strchr(buf, '\n') == NULL);
+    return 1;
+}
+
+static volatile sig_atomic_t intr_signal;
+# endif
+
+static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl)
+{
+    static int ps;
+    int ok;
+    char result[BUFSIZ];
+    int maxsize = BUFSIZ - 1;
+# if !defined(OPENSSL_SYS_WINCE)
+    char *p = NULL;
+    int echo_eol = !echo;
+
+    intr_signal = 0;
+    ok = 0;
+    ps = 0;
+
+    pushsig();
+    ps = 1;
+
+    if (!echo && !noecho_console(ui))
+        goto error;
+    ps = 2;
+
+    result[0] = '\0';
+#  if defined(_WIN32)
+    if (is_a_tty) {
+        DWORD numread;
+#   if defined(CP_UTF8)
+        if (GetEnvironmentVariableW(L"OPENSSL_WIN32_UTF8", NULL, 0) != 0) {
+            WCHAR wresult[BUFSIZ];
+
+            if (ReadConsoleW(GetStdHandle(STD_INPUT_HANDLE),
+                         wresult, maxsize, &numread, NULL)) {
+                if (numread >= 2 &&
+                    wresult[numread-2] == L'\r' &&
+                    wresult[numread-1] == L'\n') {
+                    wresult[numread-2] = L'\n';
+                    numread--;
+                }
+                wresult[numread] = '\0';
+                if (WideCharToMultiByte(CP_UTF8, 0, wresult, -1,
+                                        result, sizeof(result), NULL, 0) > 0)
+                    p = result;
+
+                OPENSSL_cleanse(wresult, sizeof(wresult));
+            }
+        } else
+#   endif
+        if (ReadConsoleA(GetStdHandle(STD_INPUT_HANDLE),
+                         result, maxsize, &numread, NULL)) {
+            if (numread >= 2 &&
+                result[numread-2] == '\r' && result[numread-1] == '\n') {
+                result[numread-2] = '\n';
+                numread--;
+            }
+            result[numread] = '\0';
+            p = result;
+        }
+    } else
+#  elif defined(OPENSSL_SYS_MSDOS)
+    if (!echo) {
+        noecho_fgets(result, maxsize, tty_in);
+        p = result;             /* FIXME: noecho_fgets doesn't return errors */
+    } else
+#  endif
+    p = fgets(result, maxsize, tty_in);
+    if (p == NULL)
+        goto error;
+    if (feof(tty_in))
+        goto error;
+    if (ferror(tty_in))
+        goto error;
+    if ((p = (char *)strchr(result, '\n')) != NULL) {
+        if (strip_nl)
+            *p = '\0';
+    } else if (!read_till_nl(tty_in))
+        goto error;
+    if (UI_set_result(ui, uis, result) >= 0)
+        ok = 1;
+
+ error:
+    if (intr_signal == SIGINT)
+        ok = -1;
+    if (echo_eol)
+        fprintf(tty_out, "\n");
+    if (ps >= 2 && !echo && !echo_console(ui))
+        ok = 0;
+
+    if (ps >= 1)
+        popsig();
+# else
+    ok = 1;
+# endif
+
+    OPENSSL_cleanse(result, BUFSIZ);
+    return ok;
+}
+
+/* Internal functions to open, handle and close a channel to the console.  */
+static int open_console(UI *ui)
+{
+    CRYPTO_THREAD_write_lock(ui->lock);
+    is_a_tty = 1;
+
+# if defined(OPENSSL_SYS_VXWORKS)
+    tty_in = stdin;
+    tty_out = stderr;
+# elif defined(_WIN32) && !defined(_WIN32_WCE)
+    if ((tty_out = fopen("conout$", "w")) == NULL)
+        tty_out = stderr;
+
+    if (GetConsoleMode(GetStdHandle(STD_INPUT_HANDLE), &tty_orig)) {
+        tty_in = stdin;
+    } else {
+        is_a_tty = 0;
+        if ((tty_in = fopen("conin$", "r")) == NULL)
+            tty_in = stdin;
+    }
+# else
+#  ifdef OPENSSL_SYS_MSDOS
+#   define DEV_TTY "con"
+#  else
+#   define DEV_TTY "/dev/tty"
+#  endif
+    if ((tty_in = fopen(DEV_TTY, "r")) == NULL)
+        tty_in = stdin;
+    if ((tty_out = fopen(DEV_TTY, "w")) == NULL)
+        tty_out = stderr;
+# endif
+
+# if defined(TTY_get) && !defined(OPENSSL_SYS_VMS)
+    if (TTY_get(fileno(tty_in), &tty_orig) == -1) {
+#  ifdef ENOTTY
+        if (errno == ENOTTY)
+            is_a_tty = 0;
+        else
+#  endif
+#  ifdef EINVAL
+            /*
+             * Ariel Glenn reports that solaris can return EINVAL instead.
+             * This should be ok
+             */
+        if (errno == EINVAL)
+            is_a_tty = 0;
+        else
+#  endif
+#  ifdef ENXIO
+            /*
+             * Solaris can return ENXIO.
+             * This should be ok
+             */
+        if (errno == ENXIO)
+            is_a_tty = 0;
+        else
+#  endif
+#  ifdef EIO
+            /*
+             * Linux can return EIO.
+             * This should be ok
+             */
+        if (errno == EIO)
+            is_a_tty = 0;
+        else
+#  endif
+#  ifdef ENODEV
+            /*
+             * MacOS X returns ENODEV (Operation not supported by device),
+             * which seems appropriate.
+             */
+        if (errno == ENODEV)
+            is_a_tty = 0;
+        else
+#  endif
+            {
+                char tmp_num[10];
+                BIO_snprintf(tmp_num, sizeof(tmp_num) - 1, "%d", errno);
+                UIerr(UI_F_OPEN_CONSOLE, UI_R_UNKNOWN_TTYGET_ERRNO_VALUE);
+                ERR_add_error_data(2, "errno=", tmp_num);
+
+                return 0;
+            }
+    }
+# endif
+# ifdef OPENSSL_SYS_VMS
+    status = sys$assign(&terminal, &channel, 0, 0);
+
+    /* if there isn't a TT device, something is very wrong */
+    if (status != SS$_NORMAL) {
+        char tmp_num[12];
+
+        BIO_snprintf(tmp_num, sizeof(tmp_num) - 1, "%%X%08X", status);
+        UIerr(UI_F_OPEN_CONSOLE, UI_R_SYSASSIGN_ERROR);
+        ERR_add_error_data(2, "status=", tmp_num);
+        return 0;
+    }
+
+    status = sys$qiow(0, channel, IO$_SENSEMODE, &iosb, 0, 0, tty_orig, 12,
+                      0, 0, 0, 0);
+
+    /* If IO$_SENSEMODE doesn't work, this is not a terminal device */
+    if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
+        is_a_tty = 0;
+# endif
+    return 1;
+}
+
+static int noecho_console(UI *ui)
+{
+# ifdef TTY_FLAGS
+    memcpy(&(tty_new), &(tty_orig), sizeof(tty_orig));
+    tty_new.TTY_FLAGS &= ~ECHO;
+# endif
+
+# if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
+    if (is_a_tty && (TTY_set(fileno(tty_in), &tty_new) == -1))
+        return 0;
+# endif
+# ifdef OPENSSL_SYS_VMS
+    if (is_a_tty) {
+        tty_new[0] = tty_orig[0];
+        tty_new[1] = tty_orig[1] | TT$M_NOECHO;
+        tty_new[2] = tty_orig[2];
+        status = sys$qiow(0, channel, IO$_SETMODE, &iosb, 0, 0, tty_new, 12,
+                          0, 0, 0, 0);
+        if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL)) {
+            char tmp_num[2][12];
+
+            BIO_snprintf(tmp_num[0], sizeof(tmp_num[0]) - 1, "%%X%08X",
+                         status);
+            BIO_snprintf(tmp_num[1], sizeof(tmp_num[1]) - 1, "%%X%08X",
+                         iosb.iosb$w_value);
+            UIerr(UI_F_NOECHO_CONSOLE, UI_R_SYSQIOW_ERROR);
+            ERR_add_error_data(5, "status=", tmp_num[0],
+                               ",", "iosb.iosb$w_value=", tmp_num[1]);
+            return 0;
+        }
+    }
+# endif
+# if defined(_WIN32) && !defined(_WIN32_WCE)
+    if (is_a_tty) {
+        tty_new = tty_orig;
+        tty_new &= ~ENABLE_ECHO_INPUT;
+        SetConsoleMode(GetStdHandle(STD_INPUT_HANDLE), tty_new);
+    }
+# endif
+    return 1;
+}
+
+static int echo_console(UI *ui)
+{
+# if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
+    memcpy(&(tty_new), &(tty_orig), sizeof(tty_orig));
+    if (is_a_tty && (TTY_set(fileno(tty_in), &tty_new) == -1))
+        return 0;
+# endif
+# ifdef OPENSSL_SYS_VMS
+    if (is_a_tty) {
+        tty_new[0] = tty_orig[0];
+        tty_new[1] = tty_orig[1];
+        tty_new[2] = tty_orig[2];
+        status = sys$qiow(0, channel, IO$_SETMODE, &iosb, 0, 0, tty_new, 12,
+                          0, 0, 0, 0);
+        if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL)) {
+            char tmp_num[2][12];
+
+            BIO_snprintf(tmp_num[0], sizeof(tmp_num[0]) - 1, "%%X%08X",
+                         status);
+            BIO_snprintf(tmp_num[1], sizeof(tmp_num[1]) - 1, "%%X%08X",
+                         iosb.iosb$w_value);
+            UIerr(UI_F_ECHO_CONSOLE, UI_R_SYSQIOW_ERROR);
+            ERR_add_error_data(5, "status=", tmp_num[0],
+                               ",", "iosb.iosb$w_value=", tmp_num[1]);
+            return 0;
+        }
+    }
+# endif
+# if defined(_WIN32) && !defined(_WIN32_WCE)
+    if (is_a_tty) {
+        tty_new = tty_orig;
+        SetConsoleMode(GetStdHandle(STD_INPUT_HANDLE), tty_new);
+    }
+# endif
+    return 1;
+}
+
+static int close_console(UI *ui)
+{
+    if (tty_in != stdin)
+        fclose(tty_in);
+    if (tty_out != stderr)
+        fclose(tty_out);
+# ifdef OPENSSL_SYS_VMS
+    status = sys$dassgn(channel);
+    if (status != SS$_NORMAL) {
+        char tmp_num[12];
+
+        BIO_snprintf(tmp_num, sizeof(tmp_num) - 1, "%%X%08X", status);
+        UIerr(UI_F_CLOSE_CONSOLE, UI_R_SYSDASSGN_ERROR);
+        ERR_add_error_data(2, "status=", tmp_num);
+        return 0;
+    }
+# endif
+    CRYPTO_THREAD_unlock(ui->lock);
+
+    return 1;
+}
+
+# if !defined(OPENSSL_SYS_WINCE)
+/* Internal functions to handle signals and act on them */
+static void pushsig(void)
+{
+#  ifndef OPENSSL_SYS_WIN32
+    int i;
+#  endif
+#  ifdef SIGACTION
+    struct sigaction sa;
+
+    memset(&sa, 0, sizeof(sa));
+    sa.sa_handler = recsig;
+#  endif
+
+#  ifdef OPENSSL_SYS_WIN32
+    savsig[SIGABRT] = signal(SIGABRT, recsig);
+    savsig[SIGFPE] = signal(SIGFPE, recsig);
+    savsig[SIGILL] = signal(SIGILL, recsig);
+    savsig[SIGINT] = signal(SIGINT, recsig);
+    savsig[SIGSEGV] = signal(SIGSEGV, recsig);
+    savsig[SIGTERM] = signal(SIGTERM, recsig);
+#  else
+    for (i = 1; i < NX509_SIG; i++) {
+#   ifdef SIGUSR1
+        if (i == SIGUSR1)
+            continue;
+#   endif
+#   ifdef SIGUSR2
+        if (i == SIGUSR2)
+            continue;
+#   endif
+#   ifdef SIGKILL
+        if (i == SIGKILL)       /* We can't make any action on that. */
+            continue;
+#   endif
+#   ifdef SIGACTION
+        sigaction(i, &sa, &savsig[i]);
+#   else
+        savsig[i] = signal(i, recsig);
+#   endif
+    }
+#  endif
+
+#  ifdef SIGWINCH
+    signal(SIGWINCH, SIG_DFL);
+#  endif
+}
+
+static void popsig(void)
+{
+#  ifdef OPENSSL_SYS_WIN32
+    signal(SIGABRT, savsig[SIGABRT]);
+    signal(SIGFPE, savsig[SIGFPE]);
+    signal(SIGILL, savsig[SIGILL]);
+    signal(SIGINT, savsig[SIGINT]);
+    signal(SIGSEGV, savsig[SIGSEGV]);
+    signal(SIGTERM, savsig[SIGTERM]);
+#  else
+    int i;
+    for (i = 1; i < NX509_SIG; i++) {
+#   ifdef SIGUSR1
+        if (i == SIGUSR1)
+            continue;
+#   endif
+#   ifdef SIGUSR2
+        if (i == SIGUSR2)
+            continue;
+#   endif
+#   ifdef SIGACTION
+        sigaction(i, &savsig[i], NULL);
+#   else
+        signal(i, savsig[i]);
+#   endif
+    }
+#  endif
+}
+
+static void recsig(int i)
+{
+    intr_signal = i;
+}
+# endif
+
+/* Internal functions specific for Windows */
+# if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32)
+static int noecho_fgets(char *buf, int size, FILE *tty)
+{
+    int i;
+    char *p;
+
+    p = buf;
+    for (;;) {
+        if (size == 0) {
+            *p = '\0';
+            break;
+        }
+        size--;
+#  if defined(_WIN32)
+        i = _getch();
+#  else
+        i = getch();
+#  endif
+        if (i == '\r')
+            i = '\n';
+        *(p++) = i;
+        if (i == '\n') {
+            *p = '\0';
+            break;
+        }
+    }
+#  ifdef WIN_CONSOLE_BUG
+    /*
+     * Win95 has several evil console bugs: one of these is that the last
+     * character read using getch() is passed to the next read: this is
+     * usually a CR so this can be trouble. No STDIO fix seems to work but
+     * flushing the console appears to do the trick.
+     */
+    {
+        HANDLE inh;
+        inh = GetStdHandle(STD_INPUT_HANDLE);
+        FlushConsoleInputBuffer(inh);
+    }
+#  endif
+    return strlen(buf);
+}
+# endif
+
+static UI_METHOD ui_openssl = {
+    "OpenSSL default user interface",
+    open_console,
+    write_string,
+    NULL,                       /* No flusher is needed for command lines */
+    read_string,
+    close_console,
+    NULL
+};
+
+/* The method with all the built-in console thingies */
+UI_METHOD *UI_OpenSSL(void)
+{
+    return &ui_openssl;
+}
+
+static const UI_METHOD *default_UI_meth = &ui_openssl;
+
+#else
+
+static const UI_METHOD *default_UI_meth = NULL;
+
+#endif
+
+void UI_set_default_method(const UI_METHOD *meth)
+{
+    default_UI_meth = meth;
+}
+
+const UI_METHOD *UI_get_default_method(void)
+{
+    return default_UI_meth;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ui/ui_util.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ui/ui_util.c
new file mode 100644
index 000000000..b379324f9
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ui/ui_util.c
@@ -0,0 +1,162 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include "internal/thread_once.h"
+#include "ui_locl.h"
+
+#ifndef BUFSIZ
+#define BUFSIZ 256
+#endif
+
+int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt,
+                           int verify)
+{
+    char buff[BUFSIZ];
+    int ret;
+
+    ret =
+        UI_UTIL_read_pw(buf, buff, (length > BUFSIZ) ? BUFSIZ : length,
+                        prompt, verify);
+    OPENSSL_cleanse(buff, BUFSIZ);
+    return ret;
+}
+
+int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt,
+                    int verify)
+{
+    int ok = 0;
+    UI *ui;
+
+    if (size < 1)
+        return -1;
+
+    ui = UI_new();
+    if (ui != NULL) {
+        ok = UI_add_input_string(ui, prompt, 0, buf, 0, size - 1);
+        if (ok >= 0 && verify)
+            ok = UI_add_verify_string(ui, prompt, 0, buff, 0, size - 1, buf);
+        if (ok >= 0)
+            ok = UI_process(ui);
+        UI_free(ui);
+    }
+    if (ok > 0)
+        ok = 0;
+    return ok;
+}
+
+/*
+ * Wrapper around pem_password_cb, a method to help older APIs use newer
+ * ones.
+ */
+struct pem_password_cb_data {
+    pem_password_cb *cb;
+    int rwflag;
+};
+
+static void ui_new_method_data(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+                               int idx, long argl, void *argp)
+{
+    /*
+     * Do nothing, the data is allocated externally and assigned later with
+     * CRYPTO_set_ex_data()
+     */
+}
+
+static int ui_dup_method_data(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
+                              void *from_d, int idx, long argl, void *argp)
+{
+    void **pptr = (void **)from_d;
+    if (*pptr != NULL)
+        *pptr = OPENSSL_memdup(*pptr, sizeof(struct pem_password_cb_data));
+    return 1;
+}
+
+static void ui_free_method_data(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+                                int idx, long argl, void *argp)
+{
+    OPENSSL_free(ptr);
+}
+
+static CRYPTO_ONCE get_index_once = CRYPTO_ONCE_STATIC_INIT;
+static int ui_method_data_index = -1;
+DEFINE_RUN_ONCE_STATIC(ui_method_data_index_init)
+{
+    ui_method_data_index = CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI_METHOD,
+                                                   0, NULL, ui_new_method_data,
+                                                   ui_dup_method_data,
+                                                   ui_free_method_data);
+    return 1;
+}
+
+static int ui_open(UI *ui)
+{
+    return 1;
+}
+static int ui_read(UI *ui, UI_STRING *uis)
+{
+    switch (UI_get_string_type(uis)) {
+    case UIT_PROMPT:
+        {
+            char result[PEM_BUFSIZE + 1];
+            const struct pem_password_cb_data *data =
+                UI_method_get_ex_data(UI_get_method(ui), ui_method_data_index);
+            int maxsize = UI_get_result_maxsize(uis);
+            int len = data->cb(result,
+                               maxsize > PEM_BUFSIZE ? PEM_BUFSIZE : maxsize,
+                               data->rwflag, UI_get0_user_data(ui));
+
+            if (len >= 0)
+                result[len] = '\0';
+            if (len <= 0)
+                return len;
+            if (UI_set_result_ex(ui, uis, result, len) >= 0)
+                return 1;
+            return 0;
+        }
+    case UIT_VERIFY:
+    case UIT_NONE:
+    case UIT_BOOLEAN:
+    case UIT_INFO:
+    case UIT_ERROR:
+        break;
+    }
+    return 1;
+}
+static int ui_write(UI *ui, UI_STRING *uis)
+{
+    return 1;
+}
+static int ui_close(UI *ui)
+{
+    return 1;
+}
+
+UI_METHOD *UI_UTIL_wrap_read_pem_callback(pem_password_cb *cb, int rwflag)
+{
+    struct pem_password_cb_data *data = NULL;
+    UI_METHOD *ui_method = NULL;
+
+    if ((data = OPENSSL_zalloc(sizeof(*data))) == NULL
+        || (ui_method = UI_create_method("PEM password callback wrapper")) == NULL
+        || UI_method_set_opener(ui_method, ui_open) < 0
+        || UI_method_set_reader(ui_method, ui_read) < 0
+        || UI_method_set_writer(ui_method, ui_write) < 0
+        || UI_method_set_closer(ui_method, ui_close) < 0
+        || !RUN_ONCE(&get_index_once, ui_method_data_index_init)
+        || UI_method_set_ex_data(ui_method, ui_method_data_index, data) < 0) {
+        UI_destroy_method(ui_method);
+        OPENSSL_free(data);
+        return NULL;
+    }
+    data->rwflag = rwflag;
+    data->cb = cb;
+
+    return ui_method;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/uid.c b/trunk/3rdparty/openssl-1.1-fit/crypto/uid.c
new file mode 100644
index 000000000..b2b096446
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/uid.c
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include <openssl/opensslconf.h>
+
+#if defined(__OpenBSD__) || (defined(__FreeBSD__) && __FreeBSD__ > 2) || defined(__DragonFly__)
+
+# include OPENSSL_UNISTD
+
+int OPENSSL_issetugid(void)
+{
+    return issetugid();
+}
+
+#elif defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)
+
+int OPENSSL_issetugid(void)
+{
+    return 0;
+}
+
+#else
+
+# include OPENSSL_UNISTD
+# include <sys/types.h>
+
+# if defined(__GLIBC__) && defined(__GLIBC_PREREQ)
+#  if __GLIBC_PREREQ(2, 16)
+#   include <sys/auxv.h>
+#   define OSSL_IMPLEMENT_GETAUXVAL
+#  endif
+# endif
+
+int OPENSSL_issetugid(void)
+{
+# ifdef OSSL_IMPLEMENT_GETAUXVAL
+    return getauxval(AT_SECURE) != 0;
+# else
+    return getuid() != geteuid() || getgid() != getegid();
+# endif
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/vms_rms.h b/trunk/3rdparty/openssl-1.1-fit/crypto/vms_rms.h
new file mode 100644
index 000000000..3b994a0ab
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/vms_rms.h
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifdef NAML$C_MAXRSS
+
+# define CC_RMS_NAMX cc$rms_naml
+# define FAB_NAMX fab$l_naml
+# define FAB_OR_NAML( fab, naml) naml
+# define FAB_OR_NAML_DNA naml$l_long_defname
+# define FAB_OR_NAML_DNS naml$l_long_defname_size
+# define FAB_OR_NAML_FNA naml$l_long_filename
+# define FAB_OR_NAML_FNS naml$l_long_filename_size
+# define NAMX_ESA naml$l_long_expand
+# define NAMX_ESL naml$l_long_expand_size
+# define NAMX_ESS naml$l_long_expand_alloc
+# define NAMX_NOP naml$b_nop
+# define SET_NAMX_NO_SHORT_UPCASE( nam) nam.naml$v_no_short_upcase = 1
+
+# if __INITIAL_POINTER_SIZE == 64
+#  define NAMX_DNA_FNA_SET(fab) fab.fab$l_dna = (__char_ptr32) -1; \
+   fab.fab$l_fna = (__char_ptr32) -1;
+# else                          /* __INITIAL_POINTER_SIZE == 64 */
+#  define NAMX_DNA_FNA_SET(fab) fab.fab$l_dna = (char *) -1; \
+   fab.fab$l_fna = (char *) -1;
+# endif                         /* __INITIAL_POINTER_SIZE == 64 [else] */
+
+# define NAMX_MAXRSS NAML$C_MAXRSS
+# define NAMX_STRUCT NAML
+
+#else                           /* def NAML$C_MAXRSS */
+
+# define CC_RMS_NAMX cc$rms_nam
+# define FAB_NAMX fab$l_nam
+# define FAB_OR_NAML( fab, naml) fab
+# define FAB_OR_NAML_DNA fab$l_dna
+# define FAB_OR_NAML_DNS fab$b_dns
+# define FAB_OR_NAML_FNA fab$l_fna
+# define FAB_OR_NAML_FNS fab$b_fns
+# define NAMX_ESA nam$l_esa
+# define NAMX_ESL nam$b_esl
+# define NAMX_ESS nam$b_ess
+# define NAMX_NOP nam$b_nop
+# define NAMX_DNA_FNA_SET(fab)
+# define NAMX_MAXRSS NAM$C_MAXRSS
+# define NAMX_STRUCT NAM
+# ifdef NAM$M_NO_SHORT_UPCASE
+#  define SET_NAMX_NO_SHORT_UPCASE( nam) naml.naml$v_no_short_upcase = 1
+# else                          /* def NAM$M_NO_SHORT_UPCASE */
+#  define SET_NAMX_NO_SHORT_UPCASE( nam)
+# endif                         /* def NAM$M_NO_SHORT_UPCASE [else] */
+
+#endif                          /* def NAML$C_MAXRSS [else] */
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/whrlpool/asm/wp-mmx.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/whrlpool/asm/wp-mmx.pl
new file mode 100644
index 000000000..2241c6f0f
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/whrlpool/asm/wp-mmx.pl
@@ -0,0 +1,507 @@
+#! /usr/bin/env perl
+# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. Rights for redistribution and usage in source and binary
+# forms are granted according to the OpenSSL license.
+# ====================================================================
+#
+# whirlpool_block_mmx implementation.
+#
+*SCALE=\(2); # 2 or 8, that is the question:-) Value of 8 results
+# in 16KB large table, which is tough on L1 cache, but eliminates
+# unaligned references to it. Value of 2 results in 4KB table, but
+# 7/8 of references to it are unaligned. AMD cores seem to be
+# allergic to the latter, while Intel ones - to former [see the
+# table]. I stick to value of 2 for two reasons: 1. smaller table
+# minimizes cache trashing and thus mitigates the hazard of side-
+# channel leakage similar to AES cache-timing one; 2. performance
+# gap among different µ-archs is smaller.
+#
+# Performance table lists rounded amounts of CPU cycles spent by
+# whirlpool_block_mmx routine on single 64 byte input block, i.e.
+# smaller is better and asymptotic throughput can be estimated by
+# multiplying 64 by CPU clock frequency and dividing by relevant
+# value from the given table:
+#
+#		$SCALE=2/8	icc8	gcc3
+# Intel P4	3200/4600	4600(*)	6400
+# Intel PIII	2900/3000	4900	5400
+# AMD K[78]	2500/1800	9900	8200(**)
+#
+# (*)	I've sketched even non-MMX assembler, but for the record
+#	I've failed to beat the Intel compiler on P4, without using
+#	MMX that is...
+# (**)	... on AMD on the other hand non-MMX assembler was observed
+#	to perform significantly better, but I figured this MMX
+#	implementation is even faster anyway, so why bother? As for
+#	pre-MMX AMD core[s], the improvement coefficient is more
+#	than likely to vary anyway and I don't know how. But the
+#	least I know is that gcc-generated code compiled with
+#	-DL_ENDIAN and -DOPENSSL_SMALL_FOOTPRINT [see C module for
+#	details] and optimized for Pentium was observed to perform
+#	*better* on Pentium 100 than unrolled non-MMX assembler
+#	loop... So we just say that I don't know if maintaining
+#	non-MMX implementation would actually pay off, but till
+#	opposite is proved "unlikely" is assumed.
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+
+$output=pop;
+open STDOUT,">$output";
+
+&asm_init($ARGV[0]);
+
+sub L()  { &data_byte(@_); }
+sub LL()
+{	if	($SCALE==2)	{ &data_byte(@_); &data_byte(@_); }
+	elsif	($SCALE==8)	{ for ($i=0;$i<8;$i++) {
+					&data_byte(@_);
+					unshift(@_,pop(@_));
+				  }
+				}
+	else			{ die "unvalid SCALE value"; }
+}
+
+sub scale()
+{	if	($SCALE==2)	{ &lea(@_[0],&DWP(0,@_[1],@_[1])); }
+	elsif	($SCALE==8)	{ &lea(@_[0],&DWP(0,"",@_[1],8));  }
+	else			{ die "unvalid SCALE value";       }
+}
+
+sub row()
+{	if	($SCALE==2)	{ ((8-shift)&7); }
+	elsif	($SCALE==8)	{ (8*shift);     }
+	else			{ die "unvalid SCALE value"; }
+}
+
+$tbl="ebp";
+@mm=("mm0","mm1","mm2","mm3","mm4","mm5","mm6","mm7");
+
+&function_begin_B("whirlpool_block_mmx");
+	&push	("ebp");
+	&push	("ebx");
+	&push	("esi");
+	&push	("edi");
+
+	&mov	("esi",&wparam(0));		# hash value
+	&mov	("edi",&wparam(1));		# input data stream
+	&mov	("ebp",&wparam(2));		# number of chunks in input
+
+	&mov	("eax","esp");			# copy stack pointer
+	&sub	("esp",128+20);			# allocate frame
+	&and	("esp",-64);			# align for cache-line
+
+	&lea	("ebx",&DWP(128,"esp"));
+	&mov	(&DWP(0,"ebx"),"esi");		# save parameter block
+	&mov	(&DWP(4,"ebx"),"edi");
+	&mov	(&DWP(8,"ebx"),"ebp");
+	&mov	(&DWP(16,"ebx"),"eax");		# saved stack pointer
+
+	&call	(&label("pic_point"));
+&set_label("pic_point");
+	&blindpop($tbl);
+	&lea	($tbl,&DWP(&label("table")."-".&label("pic_point"),$tbl));
+
+	&xor	("ecx","ecx");
+	&xor	("edx","edx");
+
+	for($i=0;$i<8;$i++) { &movq(@mm[$i],&QWP($i*8,"esi")); }    # L=H
+&set_label("outerloop");
+	for($i=0;$i<8;$i++) { &movq(&QWP($i*8,"esp"),@mm[$i]); }    # K=L
+	for($i=0;$i<8;$i++) { &pxor(@mm[$i],&QWP($i*8,"edi")); }    # L^=inp
+	for($i=0;$i<8;$i++) { &movq(&QWP(64+$i*8,"esp"),@mm[$i]); } # S=L
+
+	&xor	("esi","esi");
+	&mov	(&DWP(12,"ebx"),"esi");		# zero round counter
+
+&set_label("round",16);
+	&movq	(@mm[0],&QWP(2048*$SCALE,$tbl,"esi",8));	# rc[r]
+	&mov	("eax",&DWP(0,"esp"));
+	&mov	("ebx",&DWP(4,"esp"));
+	&movz	("ecx",&LB("eax"));
+	&movz	("edx",&HB("eax"));
+for($i=0;$i<8;$i++) {
+    my $func = ($i==0)? \&movq : \&pxor;
+	&shr	("eax",16);
+	&scale	("esi","ecx");
+	&movz	("ecx",&LB("eax"));
+	&scale	("edi","edx");
+	&movz	("edx",&HB("eax"));
+	&pxor	(@mm[0],&QWP(&row(0),$tbl,"esi",8));
+	&$func	(@mm[1],&QWP(&row(1),$tbl,"edi",8));
+	&mov	("eax",&DWP(($i+1)*8,"esp"));
+	&scale	("esi","ecx");
+	&movz	("ecx",&LB("ebx"));
+	&scale	("edi","edx");
+	&movz	("edx",&HB("ebx"));
+	&$func	(@mm[2],&QWP(&row(2),$tbl,"esi",8));
+	&$func	(@mm[3],&QWP(&row(3),$tbl,"edi",8));
+	&shr	("ebx",16);
+	&scale	("esi","ecx");
+	&movz	("ecx",&LB("ebx"));
+	&scale	("edi","edx");
+	&movz	("edx",&HB("ebx"));
+	&$func	(@mm[4],&QWP(&row(4),$tbl,"esi",8));
+	&$func	(@mm[5],&QWP(&row(5),$tbl,"edi",8));
+	&mov	("ebx",&DWP(($i+1)*8+4,"esp"));
+	&scale	("esi","ecx");
+	&movz	("ecx",&LB("eax"));
+	&scale	("edi","edx");
+	&movz	("edx",&HB("eax"));
+	&$func	(@mm[6],&QWP(&row(6),$tbl,"esi",8));
+	&$func	(@mm[7],&QWP(&row(7),$tbl,"edi",8));
+    push(@mm,shift(@mm));
+}
+
+	for($i=0;$i<8;$i++) { &movq(&QWP($i*8,"esp"),@mm[$i]); }    # K=L
+
+for($i=0;$i<8;$i++) {
+	&shr	("eax",16);
+	&scale	("esi","ecx");
+	&movz	("ecx",&LB("eax"));
+	&scale	("edi","edx");
+	&movz	("edx",&HB("eax"));
+	&pxor	(@mm[0],&QWP(&row(0),$tbl,"esi",8));
+	&pxor	(@mm[1],&QWP(&row(1),$tbl,"edi",8));
+	&mov	("eax",&DWP(64+($i+1)*8,"esp"))		if ($i<7);
+	&scale	("esi","ecx");
+	&movz	("ecx",&LB("ebx"));
+	&scale	("edi","edx");
+	&movz	("edx",&HB("ebx"));
+	&pxor	(@mm[2],&QWP(&row(2),$tbl,"esi",8));
+	&pxor	(@mm[3],&QWP(&row(3),$tbl,"edi",8));
+	&shr	("ebx",16);
+	&scale	("esi","ecx");
+	&movz	("ecx",&LB("ebx"));
+	&scale	("edi","edx");
+	&movz	("edx",&HB("ebx"));
+	&pxor	(@mm[4],&QWP(&row(4),$tbl,"esi",8));
+	&pxor	(@mm[5],&QWP(&row(5),$tbl,"edi",8));
+	&mov	("ebx",&DWP(64+($i+1)*8+4,"esp"))	if ($i<7);
+	&scale	("esi","ecx");
+	&movz	("ecx",&LB("eax"));
+	&scale	("edi","edx");
+	&movz	("edx",&HB("eax"));
+	&pxor	(@mm[6],&QWP(&row(6),$tbl,"esi",8));
+	&pxor	(@mm[7],&QWP(&row(7),$tbl,"edi",8));
+    push(@mm,shift(@mm));
+}
+	&lea	("ebx",&DWP(128,"esp"));
+	&mov	("esi",&DWP(12,"ebx"));		# pull round counter
+	&add	("esi",1);
+	&cmp	("esi",10);
+	&je	(&label("roundsdone"));
+
+	&mov	(&DWP(12,"ebx"),"esi");		# update round counter
+	for($i=0;$i<8;$i++) { &movq(&QWP(64+$i*8,"esp"),@mm[$i]); } # S=L
+	&jmp	(&label("round"));
+
+&set_label("roundsdone",16);
+	&mov	("esi",&DWP(0,"ebx"));		# reload argument block
+	&mov	("edi",&DWP(4,"ebx"));
+	&mov	("eax",&DWP(8,"ebx"));
+
+	for($i=0;$i<8;$i++) { &pxor(@mm[$i],&QWP($i*8,"edi")); }    # L^=inp
+	for($i=0;$i<8;$i++) { &pxor(@mm[$i],&QWP($i*8,"esi")); }    # L^=H
+	for($i=0;$i<8;$i++) { &movq(&QWP($i*8,"esi"),@mm[$i]); }    # H=L
+
+	&lea	("edi",&DWP(64,"edi"));		# inp+=64
+	&sub	("eax",1);			# num--
+	&jz	(&label("alldone"));
+	&mov	(&DWP(4,"ebx"),"edi");		# update argument block
+	&mov	(&DWP(8,"ebx"),"eax");
+	&jmp	(&label("outerloop"));
+
+&set_label("alldone");
+	&emms	();
+	&mov	("esp",&DWP(16,"ebx"));		# restore saved stack pointer
+	&pop	("edi");
+	&pop	("esi");
+	&pop	("ebx");
+	&pop	("ebp");
+	&ret	();
+
+&align(64);
+&set_label("table");
+	&LL(0x18,0x18,0x60,0x18,0xc0,0x78,0x30,0xd8);
+	&LL(0x23,0x23,0x8c,0x23,0x05,0xaf,0x46,0x26);
+	&LL(0xc6,0xc6,0x3f,0xc6,0x7e,0xf9,0x91,0xb8);
+	&LL(0xe8,0xe8,0x87,0xe8,0x13,0x6f,0xcd,0xfb);
+	&LL(0x87,0x87,0x26,0x87,0x4c,0xa1,0x13,0xcb);
+	&LL(0xb8,0xb8,0xda,0xb8,0xa9,0x62,0x6d,0x11);
+	&LL(0x01,0x01,0x04,0x01,0x08,0x05,0x02,0x09);
+	&LL(0x4f,0x4f,0x21,0x4f,0x42,0x6e,0x9e,0x0d);
+	&LL(0x36,0x36,0xd8,0x36,0xad,0xee,0x6c,0x9b);
+	&LL(0xa6,0xa6,0xa2,0xa6,0x59,0x04,0x51,0xff);
+	&LL(0xd2,0xd2,0x6f,0xd2,0xde,0xbd,0xb9,0x0c);
+	&LL(0xf5,0xf5,0xf3,0xf5,0xfb,0x06,0xf7,0x0e);
+	&LL(0x79,0x79,0xf9,0x79,0xef,0x80,0xf2,0x96);
+	&LL(0x6f,0x6f,0xa1,0x6f,0x5f,0xce,0xde,0x30);
+	&LL(0x91,0x91,0x7e,0x91,0xfc,0xef,0x3f,0x6d);
+	&LL(0x52,0x52,0x55,0x52,0xaa,0x07,0xa4,0xf8);
+	&LL(0x60,0x60,0x9d,0x60,0x27,0xfd,0xc0,0x47);
+	&LL(0xbc,0xbc,0xca,0xbc,0x89,0x76,0x65,0x35);
+	&LL(0x9b,0x9b,0x56,0x9b,0xac,0xcd,0x2b,0x37);
+	&LL(0x8e,0x8e,0x02,0x8e,0x04,0x8c,0x01,0x8a);
+	&LL(0xa3,0xa3,0xb6,0xa3,0x71,0x15,0x5b,0xd2);
+	&LL(0x0c,0x0c,0x30,0x0c,0x60,0x3c,0x18,0x6c);
+	&LL(0x7b,0x7b,0xf1,0x7b,0xff,0x8a,0xf6,0x84);
+	&LL(0x35,0x35,0xd4,0x35,0xb5,0xe1,0x6a,0x80);
+	&LL(0x1d,0x1d,0x74,0x1d,0xe8,0x69,0x3a,0xf5);
+	&LL(0xe0,0xe0,0xa7,0xe0,0x53,0x47,0xdd,0xb3);
+	&LL(0xd7,0xd7,0x7b,0xd7,0xf6,0xac,0xb3,0x21);
+	&LL(0xc2,0xc2,0x2f,0xc2,0x5e,0xed,0x99,0x9c);
+	&LL(0x2e,0x2e,0xb8,0x2e,0x6d,0x96,0x5c,0x43);
+	&LL(0x4b,0x4b,0x31,0x4b,0x62,0x7a,0x96,0x29);
+	&LL(0xfe,0xfe,0xdf,0xfe,0xa3,0x21,0xe1,0x5d);
+	&LL(0x57,0x57,0x41,0x57,0x82,0x16,0xae,0xd5);
+	&LL(0x15,0x15,0x54,0x15,0xa8,0x41,0x2a,0xbd);
+	&LL(0x77,0x77,0xc1,0x77,0x9f,0xb6,0xee,0xe8);
+	&LL(0x37,0x37,0xdc,0x37,0xa5,0xeb,0x6e,0x92);
+	&LL(0xe5,0xe5,0xb3,0xe5,0x7b,0x56,0xd7,0x9e);
+	&LL(0x9f,0x9f,0x46,0x9f,0x8c,0xd9,0x23,0x13);
+	&LL(0xf0,0xf0,0xe7,0xf0,0xd3,0x17,0xfd,0x23);
+	&LL(0x4a,0x4a,0x35,0x4a,0x6a,0x7f,0x94,0x20);
+	&LL(0xda,0xda,0x4f,0xda,0x9e,0x95,0xa9,0x44);
+	&LL(0x58,0x58,0x7d,0x58,0xfa,0x25,0xb0,0xa2);
+	&LL(0xc9,0xc9,0x03,0xc9,0x06,0xca,0x8f,0xcf);
+	&LL(0x29,0x29,0xa4,0x29,0x55,0x8d,0x52,0x7c);
+	&LL(0x0a,0x0a,0x28,0x0a,0x50,0x22,0x14,0x5a);
+	&LL(0xb1,0xb1,0xfe,0xb1,0xe1,0x4f,0x7f,0x50);
+	&LL(0xa0,0xa0,0xba,0xa0,0x69,0x1a,0x5d,0xc9);
+	&LL(0x6b,0x6b,0xb1,0x6b,0x7f,0xda,0xd6,0x14);
+	&LL(0x85,0x85,0x2e,0x85,0x5c,0xab,0x17,0xd9);
+	&LL(0xbd,0xbd,0xce,0xbd,0x81,0x73,0x67,0x3c);
+	&LL(0x5d,0x5d,0x69,0x5d,0xd2,0x34,0xba,0x8f);
+	&LL(0x10,0x10,0x40,0x10,0x80,0x50,0x20,0x90);
+	&LL(0xf4,0xf4,0xf7,0xf4,0xf3,0x03,0xf5,0x07);
+	&LL(0xcb,0xcb,0x0b,0xcb,0x16,0xc0,0x8b,0xdd);
+	&LL(0x3e,0x3e,0xf8,0x3e,0xed,0xc6,0x7c,0xd3);
+	&LL(0x05,0x05,0x14,0x05,0x28,0x11,0x0a,0x2d);
+	&LL(0x67,0x67,0x81,0x67,0x1f,0xe6,0xce,0x78);
+	&LL(0xe4,0xe4,0xb7,0xe4,0x73,0x53,0xd5,0x97);
+	&LL(0x27,0x27,0x9c,0x27,0x25,0xbb,0x4e,0x02);
+	&LL(0x41,0x41,0x19,0x41,0x32,0x58,0x82,0x73);
+	&LL(0x8b,0x8b,0x16,0x8b,0x2c,0x9d,0x0b,0xa7);
+	&LL(0xa7,0xa7,0xa6,0xa7,0x51,0x01,0x53,0xf6);
+	&LL(0x7d,0x7d,0xe9,0x7d,0xcf,0x94,0xfa,0xb2);
+	&LL(0x95,0x95,0x6e,0x95,0xdc,0xfb,0x37,0x49);
+	&LL(0xd8,0xd8,0x47,0xd8,0x8e,0x9f,0xad,0x56);
+	&LL(0xfb,0xfb,0xcb,0xfb,0x8b,0x30,0xeb,0x70);
+	&LL(0xee,0xee,0x9f,0xee,0x23,0x71,0xc1,0xcd);
+	&LL(0x7c,0x7c,0xed,0x7c,0xc7,0x91,0xf8,0xbb);
+	&LL(0x66,0x66,0x85,0x66,0x17,0xe3,0xcc,0x71);
+	&LL(0xdd,0xdd,0x53,0xdd,0xa6,0x8e,0xa7,0x7b);
+	&LL(0x17,0x17,0x5c,0x17,0xb8,0x4b,0x2e,0xaf);
+	&LL(0x47,0x47,0x01,0x47,0x02,0x46,0x8e,0x45);
+	&LL(0x9e,0x9e,0x42,0x9e,0x84,0xdc,0x21,0x1a);
+	&LL(0xca,0xca,0x0f,0xca,0x1e,0xc5,0x89,0xd4);
+	&LL(0x2d,0x2d,0xb4,0x2d,0x75,0x99,0x5a,0x58);
+	&LL(0xbf,0xbf,0xc6,0xbf,0x91,0x79,0x63,0x2e);
+	&LL(0x07,0x07,0x1c,0x07,0x38,0x1b,0x0e,0x3f);
+	&LL(0xad,0xad,0x8e,0xad,0x01,0x23,0x47,0xac);
+	&LL(0x5a,0x5a,0x75,0x5a,0xea,0x2f,0xb4,0xb0);
+	&LL(0x83,0x83,0x36,0x83,0x6c,0xb5,0x1b,0xef);
+	&LL(0x33,0x33,0xcc,0x33,0x85,0xff,0x66,0xb6);
+	&LL(0x63,0x63,0x91,0x63,0x3f,0xf2,0xc6,0x5c);
+	&LL(0x02,0x02,0x08,0x02,0x10,0x0a,0x04,0x12);
+	&LL(0xaa,0xaa,0x92,0xaa,0x39,0x38,0x49,0x93);
+	&LL(0x71,0x71,0xd9,0x71,0xaf,0xa8,0xe2,0xde);
+	&LL(0xc8,0xc8,0x07,0xc8,0x0e,0xcf,0x8d,0xc6);
+	&LL(0x19,0x19,0x64,0x19,0xc8,0x7d,0x32,0xd1);
+	&LL(0x49,0x49,0x39,0x49,0x72,0x70,0x92,0x3b);
+	&LL(0xd9,0xd9,0x43,0xd9,0x86,0x9a,0xaf,0x5f);
+	&LL(0xf2,0xf2,0xef,0xf2,0xc3,0x1d,0xf9,0x31);
+	&LL(0xe3,0xe3,0xab,0xe3,0x4b,0x48,0xdb,0xa8);
+	&LL(0x5b,0x5b,0x71,0x5b,0xe2,0x2a,0xb6,0xb9);
+	&LL(0x88,0x88,0x1a,0x88,0x34,0x92,0x0d,0xbc);
+	&LL(0x9a,0x9a,0x52,0x9a,0xa4,0xc8,0x29,0x3e);
+	&LL(0x26,0x26,0x98,0x26,0x2d,0xbe,0x4c,0x0b);
+	&LL(0x32,0x32,0xc8,0x32,0x8d,0xfa,0x64,0xbf);
+	&LL(0xb0,0xb0,0xfa,0xb0,0xe9,0x4a,0x7d,0x59);
+	&LL(0xe9,0xe9,0x83,0xe9,0x1b,0x6a,0xcf,0xf2);
+	&LL(0x0f,0x0f,0x3c,0x0f,0x78,0x33,0x1e,0x77);
+	&LL(0xd5,0xd5,0x73,0xd5,0xe6,0xa6,0xb7,0x33);
+	&LL(0x80,0x80,0x3a,0x80,0x74,0xba,0x1d,0xf4);
+	&LL(0xbe,0xbe,0xc2,0xbe,0x99,0x7c,0x61,0x27);
+	&LL(0xcd,0xcd,0x13,0xcd,0x26,0xde,0x87,0xeb);
+	&LL(0x34,0x34,0xd0,0x34,0xbd,0xe4,0x68,0x89);
+	&LL(0x48,0x48,0x3d,0x48,0x7a,0x75,0x90,0x32);
+	&LL(0xff,0xff,0xdb,0xff,0xab,0x24,0xe3,0x54);
+	&LL(0x7a,0x7a,0xf5,0x7a,0xf7,0x8f,0xf4,0x8d);
+	&LL(0x90,0x90,0x7a,0x90,0xf4,0xea,0x3d,0x64);
+	&LL(0x5f,0x5f,0x61,0x5f,0xc2,0x3e,0xbe,0x9d);
+	&LL(0x20,0x20,0x80,0x20,0x1d,0xa0,0x40,0x3d);
+	&LL(0x68,0x68,0xbd,0x68,0x67,0xd5,0xd0,0x0f);
+	&LL(0x1a,0x1a,0x68,0x1a,0xd0,0x72,0x34,0xca);
+	&LL(0xae,0xae,0x82,0xae,0x19,0x2c,0x41,0xb7);
+	&LL(0xb4,0xb4,0xea,0xb4,0xc9,0x5e,0x75,0x7d);
+	&LL(0x54,0x54,0x4d,0x54,0x9a,0x19,0xa8,0xce);
+	&LL(0x93,0x93,0x76,0x93,0xec,0xe5,0x3b,0x7f);
+	&LL(0x22,0x22,0x88,0x22,0x0d,0xaa,0x44,0x2f);
+	&LL(0x64,0x64,0x8d,0x64,0x07,0xe9,0xc8,0x63);
+	&LL(0xf1,0xf1,0xe3,0xf1,0xdb,0x12,0xff,0x2a);
+	&LL(0x73,0x73,0xd1,0x73,0xbf,0xa2,0xe6,0xcc);
+	&LL(0x12,0x12,0x48,0x12,0x90,0x5a,0x24,0x82);
+	&LL(0x40,0x40,0x1d,0x40,0x3a,0x5d,0x80,0x7a);
+	&LL(0x08,0x08,0x20,0x08,0x40,0x28,0x10,0x48);
+	&LL(0xc3,0xc3,0x2b,0xc3,0x56,0xe8,0x9b,0x95);
+	&LL(0xec,0xec,0x97,0xec,0x33,0x7b,0xc5,0xdf);
+	&LL(0xdb,0xdb,0x4b,0xdb,0x96,0x90,0xab,0x4d);
+	&LL(0xa1,0xa1,0xbe,0xa1,0x61,0x1f,0x5f,0xc0);
+	&LL(0x8d,0x8d,0x0e,0x8d,0x1c,0x83,0x07,0x91);
+	&LL(0x3d,0x3d,0xf4,0x3d,0xf5,0xc9,0x7a,0xc8);
+	&LL(0x97,0x97,0x66,0x97,0xcc,0xf1,0x33,0x5b);
+	&LL(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00);
+	&LL(0xcf,0xcf,0x1b,0xcf,0x36,0xd4,0x83,0xf9);
+	&LL(0x2b,0x2b,0xac,0x2b,0x45,0x87,0x56,0x6e);
+	&LL(0x76,0x76,0xc5,0x76,0x97,0xb3,0xec,0xe1);
+	&LL(0x82,0x82,0x32,0x82,0x64,0xb0,0x19,0xe6);
+	&LL(0xd6,0xd6,0x7f,0xd6,0xfe,0xa9,0xb1,0x28);
+	&LL(0x1b,0x1b,0x6c,0x1b,0xd8,0x77,0x36,0xc3);
+	&LL(0xb5,0xb5,0xee,0xb5,0xc1,0x5b,0x77,0x74);
+	&LL(0xaf,0xaf,0x86,0xaf,0x11,0x29,0x43,0xbe);
+	&LL(0x6a,0x6a,0xb5,0x6a,0x77,0xdf,0xd4,0x1d);
+	&LL(0x50,0x50,0x5d,0x50,0xba,0x0d,0xa0,0xea);
+	&LL(0x45,0x45,0x09,0x45,0x12,0x4c,0x8a,0x57);
+	&LL(0xf3,0xf3,0xeb,0xf3,0xcb,0x18,0xfb,0x38);
+	&LL(0x30,0x30,0xc0,0x30,0x9d,0xf0,0x60,0xad);
+	&LL(0xef,0xef,0x9b,0xef,0x2b,0x74,0xc3,0xc4);
+	&LL(0x3f,0x3f,0xfc,0x3f,0xe5,0xc3,0x7e,0xda);
+	&LL(0x55,0x55,0x49,0x55,0x92,0x1c,0xaa,0xc7);
+	&LL(0xa2,0xa2,0xb2,0xa2,0x79,0x10,0x59,0xdb);
+	&LL(0xea,0xea,0x8f,0xea,0x03,0x65,0xc9,0xe9);
+	&LL(0x65,0x65,0x89,0x65,0x0f,0xec,0xca,0x6a);
+	&LL(0xba,0xba,0xd2,0xba,0xb9,0x68,0x69,0x03);
+	&LL(0x2f,0x2f,0xbc,0x2f,0x65,0x93,0x5e,0x4a);
+	&LL(0xc0,0xc0,0x27,0xc0,0x4e,0xe7,0x9d,0x8e);
+	&LL(0xde,0xde,0x5f,0xde,0xbe,0x81,0xa1,0x60);
+	&LL(0x1c,0x1c,0x70,0x1c,0xe0,0x6c,0x38,0xfc);
+	&LL(0xfd,0xfd,0xd3,0xfd,0xbb,0x2e,0xe7,0x46);
+	&LL(0x4d,0x4d,0x29,0x4d,0x52,0x64,0x9a,0x1f);
+	&LL(0x92,0x92,0x72,0x92,0xe4,0xe0,0x39,0x76);
+	&LL(0x75,0x75,0xc9,0x75,0x8f,0xbc,0xea,0xfa);
+	&LL(0x06,0x06,0x18,0x06,0x30,0x1e,0x0c,0x36);
+	&LL(0x8a,0x8a,0x12,0x8a,0x24,0x98,0x09,0xae);
+	&LL(0xb2,0xb2,0xf2,0xb2,0xf9,0x40,0x79,0x4b);
+	&LL(0xe6,0xe6,0xbf,0xe6,0x63,0x59,0xd1,0x85);
+	&LL(0x0e,0x0e,0x38,0x0e,0x70,0x36,0x1c,0x7e);
+	&LL(0x1f,0x1f,0x7c,0x1f,0xf8,0x63,0x3e,0xe7);
+	&LL(0x62,0x62,0x95,0x62,0x37,0xf7,0xc4,0x55);
+	&LL(0xd4,0xd4,0x77,0xd4,0xee,0xa3,0xb5,0x3a);
+	&LL(0xa8,0xa8,0x9a,0xa8,0x29,0x32,0x4d,0x81);
+	&LL(0x96,0x96,0x62,0x96,0xc4,0xf4,0x31,0x52);
+	&LL(0xf9,0xf9,0xc3,0xf9,0x9b,0x3a,0xef,0x62);
+	&LL(0xc5,0xc5,0x33,0xc5,0x66,0xf6,0x97,0xa3);
+	&LL(0x25,0x25,0x94,0x25,0x35,0xb1,0x4a,0x10);
+	&LL(0x59,0x59,0x79,0x59,0xf2,0x20,0xb2,0xab);
+	&LL(0x84,0x84,0x2a,0x84,0x54,0xae,0x15,0xd0);
+	&LL(0x72,0x72,0xd5,0x72,0xb7,0xa7,0xe4,0xc5);
+	&LL(0x39,0x39,0xe4,0x39,0xd5,0xdd,0x72,0xec);
+	&LL(0x4c,0x4c,0x2d,0x4c,0x5a,0x61,0x98,0x16);
+	&LL(0x5e,0x5e,0x65,0x5e,0xca,0x3b,0xbc,0x94);
+	&LL(0x78,0x78,0xfd,0x78,0xe7,0x85,0xf0,0x9f);
+	&LL(0x38,0x38,0xe0,0x38,0xdd,0xd8,0x70,0xe5);
+	&LL(0x8c,0x8c,0x0a,0x8c,0x14,0x86,0x05,0x98);
+	&LL(0xd1,0xd1,0x63,0xd1,0xc6,0xb2,0xbf,0x17);
+	&LL(0xa5,0xa5,0xae,0xa5,0x41,0x0b,0x57,0xe4);
+	&LL(0xe2,0xe2,0xaf,0xe2,0x43,0x4d,0xd9,0xa1);
+	&LL(0x61,0x61,0x99,0x61,0x2f,0xf8,0xc2,0x4e);
+	&LL(0xb3,0xb3,0xf6,0xb3,0xf1,0x45,0x7b,0x42);
+	&LL(0x21,0x21,0x84,0x21,0x15,0xa5,0x42,0x34);
+	&LL(0x9c,0x9c,0x4a,0x9c,0x94,0xd6,0x25,0x08);
+	&LL(0x1e,0x1e,0x78,0x1e,0xf0,0x66,0x3c,0xee);
+	&LL(0x43,0x43,0x11,0x43,0x22,0x52,0x86,0x61);
+	&LL(0xc7,0xc7,0x3b,0xc7,0x76,0xfc,0x93,0xb1);
+	&LL(0xfc,0xfc,0xd7,0xfc,0xb3,0x2b,0xe5,0x4f);
+	&LL(0x04,0x04,0x10,0x04,0x20,0x14,0x08,0x24);
+	&LL(0x51,0x51,0x59,0x51,0xb2,0x08,0xa2,0xe3);
+	&LL(0x99,0x99,0x5e,0x99,0xbc,0xc7,0x2f,0x25);
+	&LL(0x6d,0x6d,0xa9,0x6d,0x4f,0xc4,0xda,0x22);
+	&LL(0x0d,0x0d,0x34,0x0d,0x68,0x39,0x1a,0x65);
+	&LL(0xfa,0xfa,0xcf,0xfa,0x83,0x35,0xe9,0x79);
+	&LL(0xdf,0xdf,0x5b,0xdf,0xb6,0x84,0xa3,0x69);
+	&LL(0x7e,0x7e,0xe5,0x7e,0xd7,0x9b,0xfc,0xa9);
+	&LL(0x24,0x24,0x90,0x24,0x3d,0xb4,0x48,0x19);
+	&LL(0x3b,0x3b,0xec,0x3b,0xc5,0xd7,0x76,0xfe);
+	&LL(0xab,0xab,0x96,0xab,0x31,0x3d,0x4b,0x9a);
+	&LL(0xce,0xce,0x1f,0xce,0x3e,0xd1,0x81,0xf0);
+	&LL(0x11,0x11,0x44,0x11,0x88,0x55,0x22,0x99);
+	&LL(0x8f,0x8f,0x06,0x8f,0x0c,0x89,0x03,0x83);
+	&LL(0x4e,0x4e,0x25,0x4e,0x4a,0x6b,0x9c,0x04);
+	&LL(0xb7,0xb7,0xe6,0xb7,0xd1,0x51,0x73,0x66);
+	&LL(0xeb,0xeb,0x8b,0xeb,0x0b,0x60,0xcb,0xe0);
+	&LL(0x3c,0x3c,0xf0,0x3c,0xfd,0xcc,0x78,0xc1);
+	&LL(0x81,0x81,0x3e,0x81,0x7c,0xbf,0x1f,0xfd);
+	&LL(0x94,0x94,0x6a,0x94,0xd4,0xfe,0x35,0x40);
+	&LL(0xf7,0xf7,0xfb,0xf7,0xeb,0x0c,0xf3,0x1c);
+	&LL(0xb9,0xb9,0xde,0xb9,0xa1,0x67,0x6f,0x18);
+	&LL(0x13,0x13,0x4c,0x13,0x98,0x5f,0x26,0x8b);
+	&LL(0x2c,0x2c,0xb0,0x2c,0x7d,0x9c,0x58,0x51);
+	&LL(0xd3,0xd3,0x6b,0xd3,0xd6,0xb8,0xbb,0x05);
+	&LL(0xe7,0xe7,0xbb,0xe7,0x6b,0x5c,0xd3,0x8c);
+	&LL(0x6e,0x6e,0xa5,0x6e,0x57,0xcb,0xdc,0x39);
+	&LL(0xc4,0xc4,0x37,0xc4,0x6e,0xf3,0x95,0xaa);
+	&LL(0x03,0x03,0x0c,0x03,0x18,0x0f,0x06,0x1b);
+	&LL(0x56,0x56,0x45,0x56,0x8a,0x13,0xac,0xdc);
+	&LL(0x44,0x44,0x0d,0x44,0x1a,0x49,0x88,0x5e);
+	&LL(0x7f,0x7f,0xe1,0x7f,0xdf,0x9e,0xfe,0xa0);
+	&LL(0xa9,0xa9,0x9e,0xa9,0x21,0x37,0x4f,0x88);
+	&LL(0x2a,0x2a,0xa8,0x2a,0x4d,0x82,0x54,0x67);
+	&LL(0xbb,0xbb,0xd6,0xbb,0xb1,0x6d,0x6b,0x0a);
+	&LL(0xc1,0xc1,0x23,0xc1,0x46,0xe2,0x9f,0x87);
+	&LL(0x53,0x53,0x51,0x53,0xa2,0x02,0xa6,0xf1);
+	&LL(0xdc,0xdc,0x57,0xdc,0xae,0x8b,0xa5,0x72);
+	&LL(0x0b,0x0b,0x2c,0x0b,0x58,0x27,0x16,0x53);
+	&LL(0x9d,0x9d,0x4e,0x9d,0x9c,0xd3,0x27,0x01);
+	&LL(0x6c,0x6c,0xad,0x6c,0x47,0xc1,0xd8,0x2b);
+	&LL(0x31,0x31,0xc4,0x31,0x95,0xf5,0x62,0xa4);
+	&LL(0x74,0x74,0xcd,0x74,0x87,0xb9,0xe8,0xf3);
+	&LL(0xf6,0xf6,0xff,0xf6,0xe3,0x09,0xf1,0x15);
+	&LL(0x46,0x46,0x05,0x46,0x0a,0x43,0x8c,0x4c);
+	&LL(0xac,0xac,0x8a,0xac,0x09,0x26,0x45,0xa5);
+	&LL(0x89,0x89,0x1e,0x89,0x3c,0x97,0x0f,0xb5);
+	&LL(0x14,0x14,0x50,0x14,0xa0,0x44,0x28,0xb4);
+	&LL(0xe1,0xe1,0xa3,0xe1,0x5b,0x42,0xdf,0xba);
+	&LL(0x16,0x16,0x58,0x16,0xb0,0x4e,0x2c,0xa6);
+	&LL(0x3a,0x3a,0xe8,0x3a,0xcd,0xd2,0x74,0xf7);
+	&LL(0x69,0x69,0xb9,0x69,0x6f,0xd0,0xd2,0x06);
+	&LL(0x09,0x09,0x24,0x09,0x48,0x2d,0x12,0x41);
+	&LL(0x70,0x70,0xdd,0x70,0xa7,0xad,0xe0,0xd7);
+	&LL(0xb6,0xb6,0xe2,0xb6,0xd9,0x54,0x71,0x6f);
+	&LL(0xd0,0xd0,0x67,0xd0,0xce,0xb7,0xbd,0x1e);
+	&LL(0xed,0xed,0x93,0xed,0x3b,0x7e,0xc7,0xd6);
+	&LL(0xcc,0xcc,0x17,0xcc,0x2e,0xdb,0x85,0xe2);
+	&LL(0x42,0x42,0x15,0x42,0x2a,0x57,0x84,0x68);
+	&LL(0x98,0x98,0x5a,0x98,0xb4,0xc2,0x2d,0x2c);
+	&LL(0xa4,0xa4,0xaa,0xa4,0x49,0x0e,0x55,0xed);
+	&LL(0x28,0x28,0xa0,0x28,0x5d,0x88,0x50,0x75);
+	&LL(0x5c,0x5c,0x6d,0x5c,0xda,0x31,0xb8,0x86);
+	&LL(0xf8,0xf8,0xc7,0xf8,0x93,0x3f,0xed,0x6b);
+	&LL(0x86,0x86,0x22,0x86,0x44,0xa4,0x11,0xc2);
+
+	&L(0x18,0x23,0xc6,0xe8,0x87,0xb8,0x01,0x4f);	# rc[ROUNDS]
+	&L(0x36,0xa6,0xd2,0xf5,0x79,0x6f,0x91,0x52);
+	&L(0x60,0xbc,0x9b,0x8e,0xa3,0x0c,0x7b,0x35);
+	&L(0x1d,0xe0,0xd7,0xc2,0x2e,0x4b,0xfe,0x57);
+	&L(0x15,0x77,0x37,0xe5,0x9f,0xf0,0x4a,0xda);
+	&L(0x58,0xc9,0x29,0x0a,0xb1,0xa0,0x6b,0x85);
+	&L(0xbd,0x5d,0x10,0xf4,0xcb,0x3e,0x05,0x67);
+	&L(0xe4,0x27,0x41,0x8b,0xa7,0x7d,0x95,0xd8);
+	&L(0xfb,0xee,0x7c,0x66,0xdd,0x17,0x47,0x9e);
+	&L(0xca,0x2d,0xbf,0x07,0xad,0x5a,0x83,0x33);
+
+&function_end_B("whirlpool_block_mmx");
+&asm_finish();
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/whrlpool/asm/wp-x86_64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/whrlpool/asm/wp-x86_64.pl
new file mode 100644
index 000000000..fe23d8cad
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/whrlpool/asm/wp-x86_64.pl
@@ -0,0 +1,617 @@
+#! /usr/bin/env perl
+# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. Rights for redistribution and usage in source and binary
+# forms are granted according to the OpenSSL license.
+# ====================================================================
+#
+# whirlpool_block for x86_64.
+#
+# 2500 cycles per 64-byte input block on AMD64, which is *identical*
+# to 32-bit MMX version executed on same CPU. So why did I bother?
+# Well, it's faster than gcc 3.3.2 generated code by over 50%, and
+# over 80% faster than PathScale 1.4, an "ambitious" commercial
+# compiler. Furthermore it surpasses gcc 3.4.3 by 170% and Sun Studio
+# 10 - by 360%[!]... What is it with x86_64 compilers? It's not the
+# first example when they fail to generate more optimal code, when
+# I believe they had *all* chances to...
+#
+# Note that register and stack frame layout are virtually identical
+# to 32-bit MMX version, except that %r8-15 are used instead of
+# %mm0-8. You can even notice that K[i] and S[i] are loaded to
+# %eax:%ebx as pair of 32-bit values and not as single 64-bit one.
+# This is done in order to avoid 64-bit shift penalties on Intel
+# EM64T core. Speaking of which! I bet it's possible to improve
+# Opteron performance by compressing the table to 2KB and replacing
+# unaligned references with complementary rotations [which would
+# incidentally replace lea instructions], but it would definitely
+# just "kill" EM64T, because it has only 1 shifter/rotator [against
+# 3 on Opteron] and which is *unacceptably* slow with 64-bit
+# operand.
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; my $dir=$1; my $xlate;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+sub L() { $code.=".byte	".join(',',@_)."\n"; }
+sub LL(){ $code.=".byte	".join(',',@_).",".join(',',@_)."\n"; }
+
+@mm=("%r8","%r9","%r10","%r11","%r12","%r13","%r14","%r15");
+
+$func="whirlpool_block";
+$table=".Ltable";
+
+$code=<<___;
+.text
+
+.globl	$func
+.type	$func,\@function,3
+.align	16
+$func:
+.cfi_startproc
+	mov	%rsp,%rax
+.cfi_def_cfa_register	%rax
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+
+	sub	\$128+40,%rsp
+	and	\$-64,%rsp
+
+	lea	128(%rsp),%r10
+	mov	%rdi,0(%r10)		# save parameter block
+	mov	%rsi,8(%r10)
+	mov	%rdx,16(%r10)
+	mov	%rax,32(%r10)		# saved stack pointer
+.cfi_cfa_expression	%rsp+`128+32`,deref,+8
+.Lprologue:
+
+	mov	%r10,%rbx
+	lea	$table(%rip),%rbp
+
+	xor	%rcx,%rcx
+	xor	%rdx,%rdx
+___
+for($i=0;$i<8;$i++) { $code.="mov $i*8(%rdi),@mm[$i]\n"; }	# L=H
+$code.=".Louterloop:\n";
+for($i=0;$i<8;$i++) { $code.="mov @mm[$i],$i*8(%rsp)\n"; }	# K=L
+for($i=0;$i<8;$i++) { $code.="xor $i*8(%rsi),@mm[$i]\n"; }	# L^=inp
+for($i=0;$i<8;$i++) { $code.="mov @mm[$i],64+$i*8(%rsp)\n"; }	# S=L
+$code.=<<___;
+	xor	%rsi,%rsi
+	mov	%rsi,24(%rbx)		# zero round counter
+	jmp	.Lround
+.align	16
+.Lround:
+	mov	4096(%rbp,%rsi,8),@mm[0]	# rc[r]
+	mov	0(%rsp),%eax
+	mov	4(%rsp),%ebx
+	movz	%al,%ecx
+	movz	%ah,%edx
+___
+for($i=0;$i<8;$i++) {
+    my $func = ($i==0)? "mov" : "xor";
+    $code.=<<___;
+	shr	\$16,%eax
+	lea	(%rcx,%rcx),%rsi
+	movz	%al,%ecx
+	lea	(%rdx,%rdx),%rdi
+	movz	%ah,%edx
+	xor	0(%rbp,%rsi,8),@mm[0]
+	$func	7(%rbp,%rdi,8),@mm[1]
+	mov	$i*8+8(%rsp),%eax		# ($i+1)*8
+	lea	(%rcx,%rcx),%rsi
+	movz	%bl,%ecx
+	lea	(%rdx,%rdx),%rdi
+	movz	%bh,%edx
+	$func	6(%rbp,%rsi,8),@mm[2]
+	$func	5(%rbp,%rdi,8),@mm[3]
+	shr	\$16,%ebx
+	lea	(%rcx,%rcx),%rsi
+	movz	%bl,%ecx
+	lea	(%rdx,%rdx),%rdi
+	movz	%bh,%edx
+	$func	4(%rbp,%rsi,8),@mm[4]
+	$func	3(%rbp,%rdi,8),@mm[5]
+	mov	$i*8+8+4(%rsp),%ebx		# ($i+1)*8+4
+	lea	(%rcx,%rcx),%rsi
+	movz	%al,%ecx
+	lea	(%rdx,%rdx),%rdi
+	movz	%ah,%edx
+	$func	2(%rbp,%rsi,8),@mm[6]
+	$func	1(%rbp,%rdi,8),@mm[7]
+___
+    push(@mm,shift(@mm));
+}
+for($i=0;$i<8;$i++) { $code.="mov @mm[$i],$i*8(%rsp)\n"; }	# K=L
+for($i=0;$i<8;$i++) {
+    $code.=<<___;
+	shr	\$16,%eax
+	lea	(%rcx,%rcx),%rsi
+	movz	%al,%ecx
+	lea	(%rdx,%rdx),%rdi
+	movz	%ah,%edx
+	xor	0(%rbp,%rsi,8),@mm[0]
+	xor	7(%rbp,%rdi,8),@mm[1]
+	`"mov	64+$i*8+8(%rsp),%eax"	if($i<7);`	# 64+($i+1)*8
+	lea	(%rcx,%rcx),%rsi
+	movz	%bl,%ecx
+	lea	(%rdx,%rdx),%rdi
+	movz	%bh,%edx
+	xor	6(%rbp,%rsi,8),@mm[2]
+	xor	5(%rbp,%rdi,8),@mm[3]
+	shr	\$16,%ebx
+	lea	(%rcx,%rcx),%rsi
+	movz	%bl,%ecx
+	lea	(%rdx,%rdx),%rdi
+	movz	%bh,%edx
+	xor	4(%rbp,%rsi,8),@mm[4]
+	xor	3(%rbp,%rdi,8),@mm[5]
+	`"mov	64+$i*8+8+4(%rsp),%ebx"	if($i<7);`	# 64+($i+1)*8+4
+	lea	(%rcx,%rcx),%rsi
+	movz	%al,%ecx
+	lea	(%rdx,%rdx),%rdi
+	movz	%ah,%edx
+	xor	2(%rbp,%rsi,8),@mm[6]
+	xor	1(%rbp,%rdi,8),@mm[7]
+___
+    push(@mm,shift(@mm));
+}
+$code.=<<___;
+	lea	128(%rsp),%rbx
+	mov	24(%rbx),%rsi		# pull round counter
+	add	\$1,%rsi
+	cmp	\$10,%rsi
+	je	.Lroundsdone
+
+	mov	%rsi,24(%rbx)		# update round counter
+___
+for($i=0;$i<8;$i++) { $code.="mov @mm[$i],64+$i*8(%rsp)\n"; }	# S=L
+$code.=<<___;
+	jmp	.Lround
+.align	16
+.Lroundsdone:
+	mov	0(%rbx),%rdi		# reload argument block
+	mov	8(%rbx),%rsi
+	mov	16(%rbx),%rax
+___
+for($i=0;$i<8;$i++) { $code.="xor $i*8(%rsi),@mm[$i]\n"; }	# L^=inp
+for($i=0;$i<8;$i++) { $code.="xor $i*8(%rdi),@mm[$i]\n"; }	# L^=H
+for($i=0;$i<8;$i++) { $code.="mov @mm[$i],$i*8(%rdi)\n"; }	# H=L
+$code.=<<___;
+	lea	64(%rsi),%rsi		# inp+=64
+	sub	\$1,%rax		# num--
+	jz	.Lalldone
+	mov	%rsi,8(%rbx)		# update parameter block
+	mov	%rax,16(%rbx)
+	jmp	.Louterloop
+.Lalldone:
+	mov	32(%rbx),%rsi		# restore saved pointer
+.cfi_def_cfa	%rsi,8
+	mov	-48(%rsi),%r15
+.cfi_restore	%r15
+	mov	-40(%rsi),%r14
+.cfi_restore	%r14
+	mov	-32(%rsi),%r13
+.cfi_restore	%r13
+	mov	-24(%rsi),%r12
+.cfi_restore	%r12
+	mov	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lepilogue:
+	ret
+.cfi_endproc
+.size	$func,.-$func
+
+.align	64
+.type	$table,\@object
+$table:
+___
+	&LL(0x18,0x18,0x60,0x18,0xc0,0x78,0x30,0xd8);
+	&LL(0x23,0x23,0x8c,0x23,0x05,0xaf,0x46,0x26);
+	&LL(0xc6,0xc6,0x3f,0xc6,0x7e,0xf9,0x91,0xb8);
+	&LL(0xe8,0xe8,0x87,0xe8,0x13,0x6f,0xcd,0xfb);
+	&LL(0x87,0x87,0x26,0x87,0x4c,0xa1,0x13,0xcb);
+	&LL(0xb8,0xb8,0xda,0xb8,0xa9,0x62,0x6d,0x11);
+	&LL(0x01,0x01,0x04,0x01,0x08,0x05,0x02,0x09);
+	&LL(0x4f,0x4f,0x21,0x4f,0x42,0x6e,0x9e,0x0d);
+	&LL(0x36,0x36,0xd8,0x36,0xad,0xee,0x6c,0x9b);
+	&LL(0xa6,0xa6,0xa2,0xa6,0x59,0x04,0x51,0xff);
+	&LL(0xd2,0xd2,0x6f,0xd2,0xde,0xbd,0xb9,0x0c);
+	&LL(0xf5,0xf5,0xf3,0xf5,0xfb,0x06,0xf7,0x0e);
+	&LL(0x79,0x79,0xf9,0x79,0xef,0x80,0xf2,0x96);
+	&LL(0x6f,0x6f,0xa1,0x6f,0x5f,0xce,0xde,0x30);
+	&LL(0x91,0x91,0x7e,0x91,0xfc,0xef,0x3f,0x6d);
+	&LL(0x52,0x52,0x55,0x52,0xaa,0x07,0xa4,0xf8);
+	&LL(0x60,0x60,0x9d,0x60,0x27,0xfd,0xc0,0x47);
+	&LL(0xbc,0xbc,0xca,0xbc,0x89,0x76,0x65,0x35);
+	&LL(0x9b,0x9b,0x56,0x9b,0xac,0xcd,0x2b,0x37);
+	&LL(0x8e,0x8e,0x02,0x8e,0x04,0x8c,0x01,0x8a);
+	&LL(0xa3,0xa3,0xb6,0xa3,0x71,0x15,0x5b,0xd2);
+	&LL(0x0c,0x0c,0x30,0x0c,0x60,0x3c,0x18,0x6c);
+	&LL(0x7b,0x7b,0xf1,0x7b,0xff,0x8a,0xf6,0x84);
+	&LL(0x35,0x35,0xd4,0x35,0xb5,0xe1,0x6a,0x80);
+	&LL(0x1d,0x1d,0x74,0x1d,0xe8,0x69,0x3a,0xf5);
+	&LL(0xe0,0xe0,0xa7,0xe0,0x53,0x47,0xdd,0xb3);
+	&LL(0xd7,0xd7,0x7b,0xd7,0xf6,0xac,0xb3,0x21);
+	&LL(0xc2,0xc2,0x2f,0xc2,0x5e,0xed,0x99,0x9c);
+	&LL(0x2e,0x2e,0xb8,0x2e,0x6d,0x96,0x5c,0x43);
+	&LL(0x4b,0x4b,0x31,0x4b,0x62,0x7a,0x96,0x29);
+	&LL(0xfe,0xfe,0xdf,0xfe,0xa3,0x21,0xe1,0x5d);
+	&LL(0x57,0x57,0x41,0x57,0x82,0x16,0xae,0xd5);
+	&LL(0x15,0x15,0x54,0x15,0xa8,0x41,0x2a,0xbd);
+	&LL(0x77,0x77,0xc1,0x77,0x9f,0xb6,0xee,0xe8);
+	&LL(0x37,0x37,0xdc,0x37,0xa5,0xeb,0x6e,0x92);
+	&LL(0xe5,0xe5,0xb3,0xe5,0x7b,0x56,0xd7,0x9e);
+	&LL(0x9f,0x9f,0x46,0x9f,0x8c,0xd9,0x23,0x13);
+	&LL(0xf0,0xf0,0xe7,0xf0,0xd3,0x17,0xfd,0x23);
+	&LL(0x4a,0x4a,0x35,0x4a,0x6a,0x7f,0x94,0x20);
+	&LL(0xda,0xda,0x4f,0xda,0x9e,0x95,0xa9,0x44);
+	&LL(0x58,0x58,0x7d,0x58,0xfa,0x25,0xb0,0xa2);
+	&LL(0xc9,0xc9,0x03,0xc9,0x06,0xca,0x8f,0xcf);
+	&LL(0x29,0x29,0xa4,0x29,0x55,0x8d,0x52,0x7c);
+	&LL(0x0a,0x0a,0x28,0x0a,0x50,0x22,0x14,0x5a);
+	&LL(0xb1,0xb1,0xfe,0xb1,0xe1,0x4f,0x7f,0x50);
+	&LL(0xa0,0xa0,0xba,0xa0,0x69,0x1a,0x5d,0xc9);
+	&LL(0x6b,0x6b,0xb1,0x6b,0x7f,0xda,0xd6,0x14);
+	&LL(0x85,0x85,0x2e,0x85,0x5c,0xab,0x17,0xd9);
+	&LL(0xbd,0xbd,0xce,0xbd,0x81,0x73,0x67,0x3c);
+	&LL(0x5d,0x5d,0x69,0x5d,0xd2,0x34,0xba,0x8f);
+	&LL(0x10,0x10,0x40,0x10,0x80,0x50,0x20,0x90);
+	&LL(0xf4,0xf4,0xf7,0xf4,0xf3,0x03,0xf5,0x07);
+	&LL(0xcb,0xcb,0x0b,0xcb,0x16,0xc0,0x8b,0xdd);
+	&LL(0x3e,0x3e,0xf8,0x3e,0xed,0xc6,0x7c,0xd3);
+	&LL(0x05,0x05,0x14,0x05,0x28,0x11,0x0a,0x2d);
+	&LL(0x67,0x67,0x81,0x67,0x1f,0xe6,0xce,0x78);
+	&LL(0xe4,0xe4,0xb7,0xe4,0x73,0x53,0xd5,0x97);
+	&LL(0x27,0x27,0x9c,0x27,0x25,0xbb,0x4e,0x02);
+	&LL(0x41,0x41,0x19,0x41,0x32,0x58,0x82,0x73);
+	&LL(0x8b,0x8b,0x16,0x8b,0x2c,0x9d,0x0b,0xa7);
+	&LL(0xa7,0xa7,0xa6,0xa7,0x51,0x01,0x53,0xf6);
+	&LL(0x7d,0x7d,0xe9,0x7d,0xcf,0x94,0xfa,0xb2);
+	&LL(0x95,0x95,0x6e,0x95,0xdc,0xfb,0x37,0x49);
+	&LL(0xd8,0xd8,0x47,0xd8,0x8e,0x9f,0xad,0x56);
+	&LL(0xfb,0xfb,0xcb,0xfb,0x8b,0x30,0xeb,0x70);
+	&LL(0xee,0xee,0x9f,0xee,0x23,0x71,0xc1,0xcd);
+	&LL(0x7c,0x7c,0xed,0x7c,0xc7,0x91,0xf8,0xbb);
+	&LL(0x66,0x66,0x85,0x66,0x17,0xe3,0xcc,0x71);
+	&LL(0xdd,0xdd,0x53,0xdd,0xa6,0x8e,0xa7,0x7b);
+	&LL(0x17,0x17,0x5c,0x17,0xb8,0x4b,0x2e,0xaf);
+	&LL(0x47,0x47,0x01,0x47,0x02,0x46,0x8e,0x45);
+	&LL(0x9e,0x9e,0x42,0x9e,0x84,0xdc,0x21,0x1a);
+	&LL(0xca,0xca,0x0f,0xca,0x1e,0xc5,0x89,0xd4);
+	&LL(0x2d,0x2d,0xb4,0x2d,0x75,0x99,0x5a,0x58);
+	&LL(0xbf,0xbf,0xc6,0xbf,0x91,0x79,0x63,0x2e);
+	&LL(0x07,0x07,0x1c,0x07,0x38,0x1b,0x0e,0x3f);
+	&LL(0xad,0xad,0x8e,0xad,0x01,0x23,0x47,0xac);
+	&LL(0x5a,0x5a,0x75,0x5a,0xea,0x2f,0xb4,0xb0);
+	&LL(0x83,0x83,0x36,0x83,0x6c,0xb5,0x1b,0xef);
+	&LL(0x33,0x33,0xcc,0x33,0x85,0xff,0x66,0xb6);
+	&LL(0x63,0x63,0x91,0x63,0x3f,0xf2,0xc6,0x5c);
+	&LL(0x02,0x02,0x08,0x02,0x10,0x0a,0x04,0x12);
+	&LL(0xaa,0xaa,0x92,0xaa,0x39,0x38,0x49,0x93);
+	&LL(0x71,0x71,0xd9,0x71,0xaf,0xa8,0xe2,0xde);
+	&LL(0xc8,0xc8,0x07,0xc8,0x0e,0xcf,0x8d,0xc6);
+	&LL(0x19,0x19,0x64,0x19,0xc8,0x7d,0x32,0xd1);
+	&LL(0x49,0x49,0x39,0x49,0x72,0x70,0x92,0x3b);
+	&LL(0xd9,0xd9,0x43,0xd9,0x86,0x9a,0xaf,0x5f);
+	&LL(0xf2,0xf2,0xef,0xf2,0xc3,0x1d,0xf9,0x31);
+	&LL(0xe3,0xe3,0xab,0xe3,0x4b,0x48,0xdb,0xa8);
+	&LL(0x5b,0x5b,0x71,0x5b,0xe2,0x2a,0xb6,0xb9);
+	&LL(0x88,0x88,0x1a,0x88,0x34,0x92,0x0d,0xbc);
+	&LL(0x9a,0x9a,0x52,0x9a,0xa4,0xc8,0x29,0x3e);
+	&LL(0x26,0x26,0x98,0x26,0x2d,0xbe,0x4c,0x0b);
+	&LL(0x32,0x32,0xc8,0x32,0x8d,0xfa,0x64,0xbf);
+	&LL(0xb0,0xb0,0xfa,0xb0,0xe9,0x4a,0x7d,0x59);
+	&LL(0xe9,0xe9,0x83,0xe9,0x1b,0x6a,0xcf,0xf2);
+	&LL(0x0f,0x0f,0x3c,0x0f,0x78,0x33,0x1e,0x77);
+	&LL(0xd5,0xd5,0x73,0xd5,0xe6,0xa6,0xb7,0x33);
+	&LL(0x80,0x80,0x3a,0x80,0x74,0xba,0x1d,0xf4);
+	&LL(0xbe,0xbe,0xc2,0xbe,0x99,0x7c,0x61,0x27);
+	&LL(0xcd,0xcd,0x13,0xcd,0x26,0xde,0x87,0xeb);
+	&LL(0x34,0x34,0xd0,0x34,0xbd,0xe4,0x68,0x89);
+	&LL(0x48,0x48,0x3d,0x48,0x7a,0x75,0x90,0x32);
+	&LL(0xff,0xff,0xdb,0xff,0xab,0x24,0xe3,0x54);
+	&LL(0x7a,0x7a,0xf5,0x7a,0xf7,0x8f,0xf4,0x8d);
+	&LL(0x90,0x90,0x7a,0x90,0xf4,0xea,0x3d,0x64);
+	&LL(0x5f,0x5f,0x61,0x5f,0xc2,0x3e,0xbe,0x9d);
+	&LL(0x20,0x20,0x80,0x20,0x1d,0xa0,0x40,0x3d);
+	&LL(0x68,0x68,0xbd,0x68,0x67,0xd5,0xd0,0x0f);
+	&LL(0x1a,0x1a,0x68,0x1a,0xd0,0x72,0x34,0xca);
+	&LL(0xae,0xae,0x82,0xae,0x19,0x2c,0x41,0xb7);
+	&LL(0xb4,0xb4,0xea,0xb4,0xc9,0x5e,0x75,0x7d);
+	&LL(0x54,0x54,0x4d,0x54,0x9a,0x19,0xa8,0xce);
+	&LL(0x93,0x93,0x76,0x93,0xec,0xe5,0x3b,0x7f);
+	&LL(0x22,0x22,0x88,0x22,0x0d,0xaa,0x44,0x2f);
+	&LL(0x64,0x64,0x8d,0x64,0x07,0xe9,0xc8,0x63);
+	&LL(0xf1,0xf1,0xe3,0xf1,0xdb,0x12,0xff,0x2a);
+	&LL(0x73,0x73,0xd1,0x73,0xbf,0xa2,0xe6,0xcc);
+	&LL(0x12,0x12,0x48,0x12,0x90,0x5a,0x24,0x82);
+	&LL(0x40,0x40,0x1d,0x40,0x3a,0x5d,0x80,0x7a);
+	&LL(0x08,0x08,0x20,0x08,0x40,0x28,0x10,0x48);
+	&LL(0xc3,0xc3,0x2b,0xc3,0x56,0xe8,0x9b,0x95);
+	&LL(0xec,0xec,0x97,0xec,0x33,0x7b,0xc5,0xdf);
+	&LL(0xdb,0xdb,0x4b,0xdb,0x96,0x90,0xab,0x4d);
+	&LL(0xa1,0xa1,0xbe,0xa1,0x61,0x1f,0x5f,0xc0);
+	&LL(0x8d,0x8d,0x0e,0x8d,0x1c,0x83,0x07,0x91);
+	&LL(0x3d,0x3d,0xf4,0x3d,0xf5,0xc9,0x7a,0xc8);
+	&LL(0x97,0x97,0x66,0x97,0xcc,0xf1,0x33,0x5b);
+	&LL(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00);
+	&LL(0xcf,0xcf,0x1b,0xcf,0x36,0xd4,0x83,0xf9);
+	&LL(0x2b,0x2b,0xac,0x2b,0x45,0x87,0x56,0x6e);
+	&LL(0x76,0x76,0xc5,0x76,0x97,0xb3,0xec,0xe1);
+	&LL(0x82,0x82,0x32,0x82,0x64,0xb0,0x19,0xe6);
+	&LL(0xd6,0xd6,0x7f,0xd6,0xfe,0xa9,0xb1,0x28);
+	&LL(0x1b,0x1b,0x6c,0x1b,0xd8,0x77,0x36,0xc3);
+	&LL(0xb5,0xb5,0xee,0xb5,0xc1,0x5b,0x77,0x74);
+	&LL(0xaf,0xaf,0x86,0xaf,0x11,0x29,0x43,0xbe);
+	&LL(0x6a,0x6a,0xb5,0x6a,0x77,0xdf,0xd4,0x1d);
+	&LL(0x50,0x50,0x5d,0x50,0xba,0x0d,0xa0,0xea);
+	&LL(0x45,0x45,0x09,0x45,0x12,0x4c,0x8a,0x57);
+	&LL(0xf3,0xf3,0xeb,0xf3,0xcb,0x18,0xfb,0x38);
+	&LL(0x30,0x30,0xc0,0x30,0x9d,0xf0,0x60,0xad);
+	&LL(0xef,0xef,0x9b,0xef,0x2b,0x74,0xc3,0xc4);
+	&LL(0x3f,0x3f,0xfc,0x3f,0xe5,0xc3,0x7e,0xda);
+	&LL(0x55,0x55,0x49,0x55,0x92,0x1c,0xaa,0xc7);
+	&LL(0xa2,0xa2,0xb2,0xa2,0x79,0x10,0x59,0xdb);
+	&LL(0xea,0xea,0x8f,0xea,0x03,0x65,0xc9,0xe9);
+	&LL(0x65,0x65,0x89,0x65,0x0f,0xec,0xca,0x6a);
+	&LL(0xba,0xba,0xd2,0xba,0xb9,0x68,0x69,0x03);
+	&LL(0x2f,0x2f,0xbc,0x2f,0x65,0x93,0x5e,0x4a);
+	&LL(0xc0,0xc0,0x27,0xc0,0x4e,0xe7,0x9d,0x8e);
+	&LL(0xde,0xde,0x5f,0xde,0xbe,0x81,0xa1,0x60);
+	&LL(0x1c,0x1c,0x70,0x1c,0xe0,0x6c,0x38,0xfc);
+	&LL(0xfd,0xfd,0xd3,0xfd,0xbb,0x2e,0xe7,0x46);
+	&LL(0x4d,0x4d,0x29,0x4d,0x52,0x64,0x9a,0x1f);
+	&LL(0x92,0x92,0x72,0x92,0xe4,0xe0,0x39,0x76);
+	&LL(0x75,0x75,0xc9,0x75,0x8f,0xbc,0xea,0xfa);
+	&LL(0x06,0x06,0x18,0x06,0x30,0x1e,0x0c,0x36);
+	&LL(0x8a,0x8a,0x12,0x8a,0x24,0x98,0x09,0xae);
+	&LL(0xb2,0xb2,0xf2,0xb2,0xf9,0x40,0x79,0x4b);
+	&LL(0xe6,0xe6,0xbf,0xe6,0x63,0x59,0xd1,0x85);
+	&LL(0x0e,0x0e,0x38,0x0e,0x70,0x36,0x1c,0x7e);
+	&LL(0x1f,0x1f,0x7c,0x1f,0xf8,0x63,0x3e,0xe7);
+	&LL(0x62,0x62,0x95,0x62,0x37,0xf7,0xc4,0x55);
+	&LL(0xd4,0xd4,0x77,0xd4,0xee,0xa3,0xb5,0x3a);
+	&LL(0xa8,0xa8,0x9a,0xa8,0x29,0x32,0x4d,0x81);
+	&LL(0x96,0x96,0x62,0x96,0xc4,0xf4,0x31,0x52);
+	&LL(0xf9,0xf9,0xc3,0xf9,0x9b,0x3a,0xef,0x62);
+	&LL(0xc5,0xc5,0x33,0xc5,0x66,0xf6,0x97,0xa3);
+	&LL(0x25,0x25,0x94,0x25,0x35,0xb1,0x4a,0x10);
+	&LL(0x59,0x59,0x79,0x59,0xf2,0x20,0xb2,0xab);
+	&LL(0x84,0x84,0x2a,0x84,0x54,0xae,0x15,0xd0);
+	&LL(0x72,0x72,0xd5,0x72,0xb7,0xa7,0xe4,0xc5);
+	&LL(0x39,0x39,0xe4,0x39,0xd5,0xdd,0x72,0xec);
+	&LL(0x4c,0x4c,0x2d,0x4c,0x5a,0x61,0x98,0x16);
+	&LL(0x5e,0x5e,0x65,0x5e,0xca,0x3b,0xbc,0x94);
+	&LL(0x78,0x78,0xfd,0x78,0xe7,0x85,0xf0,0x9f);
+	&LL(0x38,0x38,0xe0,0x38,0xdd,0xd8,0x70,0xe5);
+	&LL(0x8c,0x8c,0x0a,0x8c,0x14,0x86,0x05,0x98);
+	&LL(0xd1,0xd1,0x63,0xd1,0xc6,0xb2,0xbf,0x17);
+	&LL(0xa5,0xa5,0xae,0xa5,0x41,0x0b,0x57,0xe4);
+	&LL(0xe2,0xe2,0xaf,0xe2,0x43,0x4d,0xd9,0xa1);
+	&LL(0x61,0x61,0x99,0x61,0x2f,0xf8,0xc2,0x4e);
+	&LL(0xb3,0xb3,0xf6,0xb3,0xf1,0x45,0x7b,0x42);
+	&LL(0x21,0x21,0x84,0x21,0x15,0xa5,0x42,0x34);
+	&LL(0x9c,0x9c,0x4a,0x9c,0x94,0xd6,0x25,0x08);
+	&LL(0x1e,0x1e,0x78,0x1e,0xf0,0x66,0x3c,0xee);
+	&LL(0x43,0x43,0x11,0x43,0x22,0x52,0x86,0x61);
+	&LL(0xc7,0xc7,0x3b,0xc7,0x76,0xfc,0x93,0xb1);
+	&LL(0xfc,0xfc,0xd7,0xfc,0xb3,0x2b,0xe5,0x4f);
+	&LL(0x04,0x04,0x10,0x04,0x20,0x14,0x08,0x24);
+	&LL(0x51,0x51,0x59,0x51,0xb2,0x08,0xa2,0xe3);
+	&LL(0x99,0x99,0x5e,0x99,0xbc,0xc7,0x2f,0x25);
+	&LL(0x6d,0x6d,0xa9,0x6d,0x4f,0xc4,0xda,0x22);
+	&LL(0x0d,0x0d,0x34,0x0d,0x68,0x39,0x1a,0x65);
+	&LL(0xfa,0xfa,0xcf,0xfa,0x83,0x35,0xe9,0x79);
+	&LL(0xdf,0xdf,0x5b,0xdf,0xb6,0x84,0xa3,0x69);
+	&LL(0x7e,0x7e,0xe5,0x7e,0xd7,0x9b,0xfc,0xa9);
+	&LL(0x24,0x24,0x90,0x24,0x3d,0xb4,0x48,0x19);
+	&LL(0x3b,0x3b,0xec,0x3b,0xc5,0xd7,0x76,0xfe);
+	&LL(0xab,0xab,0x96,0xab,0x31,0x3d,0x4b,0x9a);
+	&LL(0xce,0xce,0x1f,0xce,0x3e,0xd1,0x81,0xf0);
+	&LL(0x11,0x11,0x44,0x11,0x88,0x55,0x22,0x99);
+	&LL(0x8f,0x8f,0x06,0x8f,0x0c,0x89,0x03,0x83);
+	&LL(0x4e,0x4e,0x25,0x4e,0x4a,0x6b,0x9c,0x04);
+	&LL(0xb7,0xb7,0xe6,0xb7,0xd1,0x51,0x73,0x66);
+	&LL(0xeb,0xeb,0x8b,0xeb,0x0b,0x60,0xcb,0xe0);
+	&LL(0x3c,0x3c,0xf0,0x3c,0xfd,0xcc,0x78,0xc1);
+	&LL(0x81,0x81,0x3e,0x81,0x7c,0xbf,0x1f,0xfd);
+	&LL(0x94,0x94,0x6a,0x94,0xd4,0xfe,0x35,0x40);
+	&LL(0xf7,0xf7,0xfb,0xf7,0xeb,0x0c,0xf3,0x1c);
+	&LL(0xb9,0xb9,0xde,0xb9,0xa1,0x67,0x6f,0x18);
+	&LL(0x13,0x13,0x4c,0x13,0x98,0x5f,0x26,0x8b);
+	&LL(0x2c,0x2c,0xb0,0x2c,0x7d,0x9c,0x58,0x51);
+	&LL(0xd3,0xd3,0x6b,0xd3,0xd6,0xb8,0xbb,0x05);
+	&LL(0xe7,0xe7,0xbb,0xe7,0x6b,0x5c,0xd3,0x8c);
+	&LL(0x6e,0x6e,0xa5,0x6e,0x57,0xcb,0xdc,0x39);
+	&LL(0xc4,0xc4,0x37,0xc4,0x6e,0xf3,0x95,0xaa);
+	&LL(0x03,0x03,0x0c,0x03,0x18,0x0f,0x06,0x1b);
+	&LL(0x56,0x56,0x45,0x56,0x8a,0x13,0xac,0xdc);
+	&LL(0x44,0x44,0x0d,0x44,0x1a,0x49,0x88,0x5e);
+	&LL(0x7f,0x7f,0xe1,0x7f,0xdf,0x9e,0xfe,0xa0);
+	&LL(0xa9,0xa9,0x9e,0xa9,0x21,0x37,0x4f,0x88);
+	&LL(0x2a,0x2a,0xa8,0x2a,0x4d,0x82,0x54,0x67);
+	&LL(0xbb,0xbb,0xd6,0xbb,0xb1,0x6d,0x6b,0x0a);
+	&LL(0xc1,0xc1,0x23,0xc1,0x46,0xe2,0x9f,0x87);
+	&LL(0x53,0x53,0x51,0x53,0xa2,0x02,0xa6,0xf1);
+	&LL(0xdc,0xdc,0x57,0xdc,0xae,0x8b,0xa5,0x72);
+	&LL(0x0b,0x0b,0x2c,0x0b,0x58,0x27,0x16,0x53);
+	&LL(0x9d,0x9d,0x4e,0x9d,0x9c,0xd3,0x27,0x01);
+	&LL(0x6c,0x6c,0xad,0x6c,0x47,0xc1,0xd8,0x2b);
+	&LL(0x31,0x31,0xc4,0x31,0x95,0xf5,0x62,0xa4);
+	&LL(0x74,0x74,0xcd,0x74,0x87,0xb9,0xe8,0xf3);
+	&LL(0xf6,0xf6,0xff,0xf6,0xe3,0x09,0xf1,0x15);
+	&LL(0x46,0x46,0x05,0x46,0x0a,0x43,0x8c,0x4c);
+	&LL(0xac,0xac,0x8a,0xac,0x09,0x26,0x45,0xa5);
+	&LL(0x89,0x89,0x1e,0x89,0x3c,0x97,0x0f,0xb5);
+	&LL(0x14,0x14,0x50,0x14,0xa0,0x44,0x28,0xb4);
+	&LL(0xe1,0xe1,0xa3,0xe1,0x5b,0x42,0xdf,0xba);
+	&LL(0x16,0x16,0x58,0x16,0xb0,0x4e,0x2c,0xa6);
+	&LL(0x3a,0x3a,0xe8,0x3a,0xcd,0xd2,0x74,0xf7);
+	&LL(0x69,0x69,0xb9,0x69,0x6f,0xd0,0xd2,0x06);
+	&LL(0x09,0x09,0x24,0x09,0x48,0x2d,0x12,0x41);
+	&LL(0x70,0x70,0xdd,0x70,0xa7,0xad,0xe0,0xd7);
+	&LL(0xb6,0xb6,0xe2,0xb6,0xd9,0x54,0x71,0x6f);
+	&LL(0xd0,0xd0,0x67,0xd0,0xce,0xb7,0xbd,0x1e);
+	&LL(0xed,0xed,0x93,0xed,0x3b,0x7e,0xc7,0xd6);
+	&LL(0xcc,0xcc,0x17,0xcc,0x2e,0xdb,0x85,0xe2);
+	&LL(0x42,0x42,0x15,0x42,0x2a,0x57,0x84,0x68);
+	&LL(0x98,0x98,0x5a,0x98,0xb4,0xc2,0x2d,0x2c);
+	&LL(0xa4,0xa4,0xaa,0xa4,0x49,0x0e,0x55,0xed);
+	&LL(0x28,0x28,0xa0,0x28,0x5d,0x88,0x50,0x75);
+	&LL(0x5c,0x5c,0x6d,0x5c,0xda,0x31,0xb8,0x86);
+	&LL(0xf8,0xf8,0xc7,0xf8,0x93,0x3f,0xed,0x6b);
+	&LL(0x86,0x86,0x22,0x86,0x44,0xa4,0x11,0xc2);
+
+	&L(0x18,0x23,0xc6,0xe8,0x87,0xb8,0x01,0x4f);	# rc[ROUNDS]
+	&L(0x36,0xa6,0xd2,0xf5,0x79,0x6f,0x91,0x52);
+	&L(0x60,0xbc,0x9b,0x8e,0xa3,0x0c,0x7b,0x35);
+	&L(0x1d,0xe0,0xd7,0xc2,0x2e,0x4b,0xfe,0x57);
+	&L(0x15,0x77,0x37,0xe5,0x9f,0xf0,0x4a,0xda);
+	&L(0x58,0xc9,0x29,0x0a,0xb1,0xa0,0x6b,0x85);
+	&L(0xbd,0x5d,0x10,0xf4,0xcb,0x3e,0x05,0x67);
+	&L(0xe4,0x27,0x41,0x8b,0xa7,0x7d,0x95,0xd8);
+	&L(0xfb,0xee,0x7c,0x66,0xdd,0x17,0x47,0x9e);
+	&L(0xca,0x2d,0xbf,0x07,0xad,0x5a,0x83,0x33);
+
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern	__imp_RtlVirtualUnwind
+.type	se_handler,\@abi-omnipotent
+.align	16
+se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	lea	.Lprologue(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip<.Lprologue
+	jb	.Lin_prologue
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	lea	.Lepilogue(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip>=.Lepilogue
+	jae	.Lin_prologue
+
+	mov	128+32(%rax),%rax	# pull saved stack pointer
+
+	mov	-8(%rax),%rbx
+	mov	-16(%rax),%rbp
+	mov	-24(%rax),%r12
+	mov	-32(%rax),%r13
+	mov	-40(%rax),%r14
+	mov	-48(%rax),%r15
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+	mov	%r14,232($context)	# restore context->R14
+	mov	%r15,240($context)	# restore context->R15
+
+.Lin_prologue:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$154,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	se_handler,.-se_handler
+
+.section	.pdata
+.align	4
+	.rva	.LSEH_begin_$func
+	.rva	.LSEH_end_$func
+	.rva	.LSEH_info_$func
+
+.section	.xdata
+.align	8
+.LSEH_info_$func:
+	.byte	9,0,0,0
+	.rva	se_handler
+___
+}
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/whrlpool/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/whrlpool/build.info
new file mode 100644
index 000000000..4b167b504
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/whrlpool/build.info
@@ -0,0 +1,8 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=wp_dgst.c {- $target{wp_asm_src} -}
+
+GENERATE[wp-mmx.s]=asm/wp-mmx.pl \
+        $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR)
+DEPEND[wp-mmx.s]=../perlasm/x86asm.pl
+
+GENERATE[wp-x86_64.s]=asm/wp-x86_64.pl $(PERLASM_SCHEME)
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/whrlpool/wp_block.c b/trunk/3rdparty/openssl-1.1-fit/crypto/whrlpool/wp_block.c
new file mode 100644
index 000000000..0cc92a3b0
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/whrlpool/wp_block.c
@@ -0,0 +1,784 @@
+/*
+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/**
+ * The Whirlpool hashing function.
+ *
+ * See
+ *      P.S.L.M. Barreto, V. Rijmen,
+ *      ``The Whirlpool hashing function,''
+ *      NESSIE submission, 2000 (tweaked version, 2001),
+ *      <https://www.cosic.esat.kuleuven.ac.be/nessie/workshop/submissions/whirlpool.zip>
+ *
+ * Based on "@version 3.0 (2003.03.12)" by Paulo S.L.M. Barreto and
+ * Vincent Rijmen. Lookup "reference implementations" on
+ * <http://planeta.terra.com.br/informatica/paulobarreto/>
+ *
+ * =============================================================================
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
+ * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+ * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include "wp_locl.h"
+#include <string.h>
+
+typedef unsigned char u8;
+#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32)
+typedef unsigned __int64 u64;
+#elif defined(__arch64__)
+typedef unsigned long u64;
+#else
+typedef unsigned long long u64;
+#endif
+
+#define ROUNDS  10
+
+#define STRICT_ALIGNMENT
+#if !defined(PEDANTIC) && (defined(__i386) || defined(__i386__) || \
+                           defined(__x86_64) || defined(__x86_64__) || \
+                           defined(_M_IX86) || defined(_M_AMD64) || \
+                           defined(_M_X64))
+/*
+ * Well, formally there're couple of other architectures, which permit
+ * unaligned loads, specifically those not crossing cache lines, IA-64 and
+ * PowerPC...
+ */
+# undef STRICT_ALIGNMENT
+#endif
+
+#undef SMALL_REGISTER_BANK
+#if defined(__i386) || defined(__i386__) || defined(_M_IX86)
+# define SMALL_REGISTER_BANK
+# if defined(WHIRLPOOL_ASM)
+#  ifndef OPENSSL_SMALL_FOOTPRINT
+/*
+ * it appears that for elder non-MMX
+ * CPUs this is actually faster!
+ */
+#   define OPENSSL_SMALL_FOOTPRINT
+#  endif
+#  define GO_FOR_MMX(ctx,inp,num)     do {                    \
+        extern unsigned long OPENSSL_ia32cap_P[];               \
+        void whirlpool_block_mmx(void *,const void *,size_t);   \
+        if (!(OPENSSL_ia32cap_P[0] & (1<<23)))  break;          \
+        whirlpool_block_mmx(ctx->H.c,inp,num);  return;         \
+                                        } while (0)
+# endif
+#endif
+
+#undef ROTATE
+#ifndef PEDANTIC
+# if defined(_MSC_VER)
+#  if defined(_WIN64)            /* applies to both IA-64 and AMD64 */
+#   pragma intrinsic(_rotl64)
+#   define ROTATE(a,n) _rotl64((a),n)
+#  endif
+# elif defined(__GNUC__) && __GNUC__>=2
+#  if defined(__x86_64) || defined(__x86_64__)
+#   if defined(L_ENDIAN)
+#    define ROTATE(a,n)       ({ u64 ret; asm ("rolq %1,%0"   \
+                                   : "=r"(ret) : "J"(n),"0"(a) : "cc"); ret; })
+#   elif defined(B_ENDIAN)
+       /*
+        * Most will argue that x86_64 is always little-endian. Well, yes, but
+        * then we have stratus.com who has modified gcc to "emulate"
+        * big-endian on x86. Is there evidence that they [or somebody else]
+        * won't do same for x86_64? Naturally no. And this line is waiting
+        * ready for that brave soul:-)
+        */
+#    define ROTATE(a,n)       ({ u64 ret; asm ("rorq %1,%0"   \
+                                   : "=r"(ret) : "J"(n),"0"(a) : "cc"); ret; })
+#   endif
+#  elif defined(__ia64) || defined(__ia64__)
+#   if defined(L_ENDIAN)
+#    define ROTATE(a,n)       ({ u64 ret; asm ("shrp %0=%1,%1,%2"     \
+                                   : "=r"(ret) : "r"(a),"M"(64-(n))); ret; })
+#   elif defined(B_ENDIAN)
+#    define ROTATE(a,n)       ({ u64 ret; asm ("shrp %0=%1,%1,%2"     \
+                                   : "=r"(ret) : "r"(a),"M"(n)); ret; })
+#   endif
+#  endif
+# endif
+#endif
+
+#if defined(OPENSSL_SMALL_FOOTPRINT)
+# if !defined(ROTATE)
+#  if defined(L_ENDIAN)         /* little-endians have to rotate left */
+#   define ROTATE(i,n)       ((i)<<(n) ^ (i)>>(64-n))
+#  elif defined(B_ENDIAN)       /* big-endians have to rotate right */
+#   define ROTATE(i,n)       ((i)>>(n) ^ (i)<<(64-n))
+#  endif
+# endif
+# if defined(ROTATE) && !defined(STRICT_ALIGNMENT)
+#  define STRICT_ALIGNMENT      /* ensure smallest table size */
+# endif
+#endif
+
+/*
+ * Table size depends on STRICT_ALIGNMENT and whether or not endian-
+ * specific ROTATE macro is defined. If STRICT_ALIGNMENT is not
+ * defined, which is normally the case on x86[_64] CPUs, the table is
+ * 4KB large unconditionally. Otherwise if ROTATE is defined, the
+ * table is 2KB large, and otherwise - 16KB. 2KB table requires a
+ * whole bunch of additional rotations, but I'm willing to "trade,"
+ * because 16KB table certainly trashes L1 cache. I wish all CPUs
+ * could handle unaligned load as 4KB table doesn't trash the cache,
+ * nor does it require additional rotations.
+ */
+/*
+ * Note that every Cn macro expands as two loads: one byte load and
+ * one quadword load. One can argue that that many single-byte loads
+ * is too excessive, as one could load a quadword and "milk" it for
+ * eight 8-bit values instead. Well, yes, but in order to do so *and*
+ * avoid excessive loads you have to accommodate a handful of 64-bit
+ * values in the register bank and issue a bunch of shifts and mask.
+ * It's a tradeoff: loads vs. shift and mask in big register bank[!].
+ * On most CPUs eight single-byte loads are faster and I let other
+ * ones to depend on smart compiler to fold byte loads if beneficial.
+ * Hand-coded assembler would be another alternative:-)
+ */
+#ifdef STRICT_ALIGNMENT
+# if defined(ROTATE)
+#  define N   1
+#  define LL(c0,c1,c2,c3,c4,c5,c6,c7) c0,c1,c2,c3,c4,c5,c6,c7
+#  define C0(K,i)     (Cx.q[K.c[(i)*8+0]])
+#  define C1(K,i)     ROTATE(Cx.q[K.c[(i)*8+1]],8)
+#  define C2(K,i)     ROTATE(Cx.q[K.c[(i)*8+2]],16)
+#  define C3(K,i)     ROTATE(Cx.q[K.c[(i)*8+3]],24)
+#  define C4(K,i)     ROTATE(Cx.q[K.c[(i)*8+4]],32)
+#  define C5(K,i)     ROTATE(Cx.q[K.c[(i)*8+5]],40)
+#  define C6(K,i)     ROTATE(Cx.q[K.c[(i)*8+6]],48)
+#  define C7(K,i)     ROTATE(Cx.q[K.c[(i)*8+7]],56)
+# else
+#  define N   8
+#  define LL(c0,c1,c2,c3,c4,c5,c6,c7) c0,c1,c2,c3,c4,c5,c6,c7, \
+                                        c7,c0,c1,c2,c3,c4,c5,c6, \
+                                        c6,c7,c0,c1,c2,c3,c4,c5, \
+                                        c5,c6,c7,c0,c1,c2,c3,c4, \
+                                        c4,c5,c6,c7,c0,c1,c2,c3, \
+                                        c3,c4,c5,c6,c7,c0,c1,c2, \
+                                        c2,c3,c4,c5,c6,c7,c0,c1, \
+                                        c1,c2,c3,c4,c5,c6,c7,c0
+#  define C0(K,i)     (Cx.q[0+8*K.c[(i)*8+0]])
+#  define C1(K,i)     (Cx.q[1+8*K.c[(i)*8+1]])
+#  define C2(K,i)     (Cx.q[2+8*K.c[(i)*8+2]])
+#  define C3(K,i)     (Cx.q[3+8*K.c[(i)*8+3]])
+#  define C4(K,i)     (Cx.q[4+8*K.c[(i)*8+4]])
+#  define C5(K,i)     (Cx.q[5+8*K.c[(i)*8+5]])
+#  define C6(K,i)     (Cx.q[6+8*K.c[(i)*8+6]])
+#  define C7(K,i)     (Cx.q[7+8*K.c[(i)*8+7]])
+# endif
+#else
+# define N     2
+# define LL(c0,c1,c2,c3,c4,c5,c6,c7)   c0,c1,c2,c3,c4,c5,c6,c7, \
+                                        c0,c1,c2,c3,c4,c5,c6,c7
+# define C0(K,i)       (((u64*)(Cx.c+0))[2*K.c[(i)*8+0]])
+# define C1(K,i)       (((u64*)(Cx.c+7))[2*K.c[(i)*8+1]])
+# define C2(K,i)       (((u64*)(Cx.c+6))[2*K.c[(i)*8+2]])
+# define C3(K,i)       (((u64*)(Cx.c+5))[2*K.c[(i)*8+3]])
+# define C4(K,i)       (((u64*)(Cx.c+4))[2*K.c[(i)*8+4]])
+# define C5(K,i)       (((u64*)(Cx.c+3))[2*K.c[(i)*8+5]])
+# define C6(K,i)       (((u64*)(Cx.c+2))[2*K.c[(i)*8+6]])
+# define C7(K,i)       (((u64*)(Cx.c+1))[2*K.c[(i)*8+7]])
+#endif
+
+static const
+    union {
+    u8 c[(256 * N + ROUNDS) * sizeof(u64)];
+    u64 q[(256 * N + ROUNDS)];
+} Cx = {
+        {
+            /* Note endian-neutral representation:-) */
+            LL(0x18, 0x18, 0x60, 0x18, 0xc0, 0x78, 0x30, 0xd8),
+            LL(0x23, 0x23, 0x8c, 0x23, 0x05, 0xaf, 0x46, 0x26),
+            LL(0xc6, 0xc6, 0x3f, 0xc6, 0x7e, 0xf9, 0x91, 0xb8),
+            LL(0xe8, 0xe8, 0x87, 0xe8, 0x13, 0x6f, 0xcd, 0xfb),
+            LL(0x87, 0x87, 0x26, 0x87, 0x4c, 0xa1, 0x13, 0xcb),
+            LL(0xb8, 0xb8, 0xda, 0xb8, 0xa9, 0x62, 0x6d, 0x11),
+            LL(0x01, 0x01, 0x04, 0x01, 0x08, 0x05, 0x02, 0x09),
+            LL(0x4f, 0x4f, 0x21, 0x4f, 0x42, 0x6e, 0x9e, 0x0d),
+            LL(0x36, 0x36, 0xd8, 0x36, 0xad, 0xee, 0x6c, 0x9b),
+            LL(0xa6, 0xa6, 0xa2, 0xa6, 0x59, 0x04, 0x51, 0xff),
+            LL(0xd2, 0xd2, 0x6f, 0xd2, 0xde, 0xbd, 0xb9, 0x0c),
+            LL(0xf5, 0xf5, 0xf3, 0xf5, 0xfb, 0x06, 0xf7, 0x0e),
+            LL(0x79, 0x79, 0xf9, 0x79, 0xef, 0x80, 0xf2, 0x96),
+            LL(0x6f, 0x6f, 0xa1, 0x6f, 0x5f, 0xce, 0xde, 0x30),
+            LL(0x91, 0x91, 0x7e, 0x91, 0xfc, 0xef, 0x3f, 0x6d),
+            LL(0x52, 0x52, 0x55, 0x52, 0xaa, 0x07, 0xa4, 0xf8),
+            LL(0x60, 0x60, 0x9d, 0x60, 0x27, 0xfd, 0xc0, 0x47),
+            LL(0xbc, 0xbc, 0xca, 0xbc, 0x89, 0x76, 0x65, 0x35),
+            LL(0x9b, 0x9b, 0x56, 0x9b, 0xac, 0xcd, 0x2b, 0x37),
+            LL(0x8e, 0x8e, 0x02, 0x8e, 0x04, 0x8c, 0x01, 0x8a),
+            LL(0xa3, 0xa3, 0xb6, 0xa3, 0x71, 0x15, 0x5b, 0xd2),
+            LL(0x0c, 0x0c, 0x30, 0x0c, 0x60, 0x3c, 0x18, 0x6c),
+            LL(0x7b, 0x7b, 0xf1, 0x7b, 0xff, 0x8a, 0xf6, 0x84),
+            LL(0x35, 0x35, 0xd4, 0x35, 0xb5, 0xe1, 0x6a, 0x80),
+            LL(0x1d, 0x1d, 0x74, 0x1d, 0xe8, 0x69, 0x3a, 0xf5),
+            LL(0xe0, 0xe0, 0xa7, 0xe0, 0x53, 0x47, 0xdd, 0xb3),
+            LL(0xd7, 0xd7, 0x7b, 0xd7, 0xf6, 0xac, 0xb3, 0x21),
+            LL(0xc2, 0xc2, 0x2f, 0xc2, 0x5e, 0xed, 0x99, 0x9c),
+            LL(0x2e, 0x2e, 0xb8, 0x2e, 0x6d, 0x96, 0x5c, 0x43),
+            LL(0x4b, 0x4b, 0x31, 0x4b, 0x62, 0x7a, 0x96, 0x29),
+            LL(0xfe, 0xfe, 0xdf, 0xfe, 0xa3, 0x21, 0xe1, 0x5d),
+            LL(0x57, 0x57, 0x41, 0x57, 0x82, 0x16, 0xae, 0xd5),
+            LL(0x15, 0x15, 0x54, 0x15, 0xa8, 0x41, 0x2a, 0xbd),
+            LL(0x77, 0x77, 0xc1, 0x77, 0x9f, 0xb6, 0xee, 0xe8),
+            LL(0x37, 0x37, 0xdc, 0x37, 0xa5, 0xeb, 0x6e, 0x92),
+            LL(0xe5, 0xe5, 0xb3, 0xe5, 0x7b, 0x56, 0xd7, 0x9e),
+            LL(0x9f, 0x9f, 0x46, 0x9f, 0x8c, 0xd9, 0x23, 0x13),
+            LL(0xf0, 0xf0, 0xe7, 0xf0, 0xd3, 0x17, 0xfd, 0x23),
+            LL(0x4a, 0x4a, 0x35, 0x4a, 0x6a, 0x7f, 0x94, 0x20),
+            LL(0xda, 0xda, 0x4f, 0xda, 0x9e, 0x95, 0xa9, 0x44),
+            LL(0x58, 0x58, 0x7d, 0x58, 0xfa, 0x25, 0xb0, 0xa2),
+            LL(0xc9, 0xc9, 0x03, 0xc9, 0x06, 0xca, 0x8f, 0xcf),
+            LL(0x29, 0x29, 0xa4, 0x29, 0x55, 0x8d, 0x52, 0x7c),
+            LL(0x0a, 0x0a, 0x28, 0x0a, 0x50, 0x22, 0x14, 0x5a),
+            LL(0xb1, 0xb1, 0xfe, 0xb1, 0xe1, 0x4f, 0x7f, 0x50),
+            LL(0xa0, 0xa0, 0xba, 0xa0, 0x69, 0x1a, 0x5d, 0xc9),
+            LL(0x6b, 0x6b, 0xb1, 0x6b, 0x7f, 0xda, 0xd6, 0x14),
+            LL(0x85, 0x85, 0x2e, 0x85, 0x5c, 0xab, 0x17, 0xd9),
+            LL(0xbd, 0xbd, 0xce, 0xbd, 0x81, 0x73, 0x67, 0x3c),
+            LL(0x5d, 0x5d, 0x69, 0x5d, 0xd2, 0x34, 0xba, 0x8f),
+            LL(0x10, 0x10, 0x40, 0x10, 0x80, 0x50, 0x20, 0x90),
+            LL(0xf4, 0xf4, 0xf7, 0xf4, 0xf3, 0x03, 0xf5, 0x07),
+            LL(0xcb, 0xcb, 0x0b, 0xcb, 0x16, 0xc0, 0x8b, 0xdd),
+            LL(0x3e, 0x3e, 0xf8, 0x3e, 0xed, 0xc6, 0x7c, 0xd3),
+            LL(0x05, 0x05, 0x14, 0x05, 0x28, 0x11, 0x0a, 0x2d),
+            LL(0x67, 0x67, 0x81, 0x67, 0x1f, 0xe6, 0xce, 0x78),
+            LL(0xe4, 0xe4, 0xb7, 0xe4, 0x73, 0x53, 0xd5, 0x97),
+            LL(0x27, 0x27, 0x9c, 0x27, 0x25, 0xbb, 0x4e, 0x02),
+            LL(0x41, 0x41, 0x19, 0x41, 0x32, 0x58, 0x82, 0x73),
+            LL(0x8b, 0x8b, 0x16, 0x8b, 0x2c, 0x9d, 0x0b, 0xa7),
+            LL(0xa7, 0xa7, 0xa6, 0xa7, 0x51, 0x01, 0x53, 0xf6),
+            LL(0x7d, 0x7d, 0xe9, 0x7d, 0xcf, 0x94, 0xfa, 0xb2),
+            LL(0x95, 0x95, 0x6e, 0x95, 0xdc, 0xfb, 0x37, 0x49),
+            LL(0xd8, 0xd8, 0x47, 0xd8, 0x8e, 0x9f, 0xad, 0x56),
+            LL(0xfb, 0xfb, 0xcb, 0xfb, 0x8b, 0x30, 0xeb, 0x70),
+            LL(0xee, 0xee, 0x9f, 0xee, 0x23, 0x71, 0xc1, 0xcd),
+            LL(0x7c, 0x7c, 0xed, 0x7c, 0xc7, 0x91, 0xf8, 0xbb),
+            LL(0x66, 0x66, 0x85, 0x66, 0x17, 0xe3, 0xcc, 0x71),
+            LL(0xdd, 0xdd, 0x53, 0xdd, 0xa6, 0x8e, 0xa7, 0x7b),
+            LL(0x17, 0x17, 0x5c, 0x17, 0xb8, 0x4b, 0x2e, 0xaf),
+            LL(0x47, 0x47, 0x01, 0x47, 0x02, 0x46, 0x8e, 0x45),
+            LL(0x9e, 0x9e, 0x42, 0x9e, 0x84, 0xdc, 0x21, 0x1a),
+            LL(0xca, 0xca, 0x0f, 0xca, 0x1e, 0xc5, 0x89, 0xd4),
+            LL(0x2d, 0x2d, 0xb4, 0x2d, 0x75, 0x99, 0x5a, 0x58),
+            LL(0xbf, 0xbf, 0xc6, 0xbf, 0x91, 0x79, 0x63, 0x2e),
+            LL(0x07, 0x07, 0x1c, 0x07, 0x38, 0x1b, 0x0e, 0x3f),
+            LL(0xad, 0xad, 0x8e, 0xad, 0x01, 0x23, 0x47, 0xac),
+            LL(0x5a, 0x5a, 0x75, 0x5a, 0xea, 0x2f, 0xb4, 0xb0),
+            LL(0x83, 0x83, 0x36, 0x83, 0x6c, 0xb5, 0x1b, 0xef),
+            LL(0x33, 0x33, 0xcc, 0x33, 0x85, 0xff, 0x66, 0xb6),
+            LL(0x63, 0x63, 0x91, 0x63, 0x3f, 0xf2, 0xc6, 0x5c),
+            LL(0x02, 0x02, 0x08, 0x02, 0x10, 0x0a, 0x04, 0x12),
+            LL(0xaa, 0xaa, 0x92, 0xaa, 0x39, 0x38, 0x49, 0x93),
+            LL(0x71, 0x71, 0xd9, 0x71, 0xaf, 0xa8, 0xe2, 0xde),
+            LL(0xc8, 0xc8, 0x07, 0xc8, 0x0e, 0xcf, 0x8d, 0xc6),
+            LL(0x19, 0x19, 0x64, 0x19, 0xc8, 0x7d, 0x32, 0xd1),
+            LL(0x49, 0x49, 0x39, 0x49, 0x72, 0x70, 0x92, 0x3b),
+            LL(0xd9, 0xd9, 0x43, 0xd9, 0x86, 0x9a, 0xaf, 0x5f),
+            LL(0xf2, 0xf2, 0xef, 0xf2, 0xc3, 0x1d, 0xf9, 0x31),
+            LL(0xe3, 0xe3, 0xab, 0xe3, 0x4b, 0x48, 0xdb, 0xa8),
+            LL(0x5b, 0x5b, 0x71, 0x5b, 0xe2, 0x2a, 0xb6, 0xb9),
+            LL(0x88, 0x88, 0x1a, 0x88, 0x34, 0x92, 0x0d, 0xbc),
+            LL(0x9a, 0x9a, 0x52, 0x9a, 0xa4, 0xc8, 0x29, 0x3e),
+            LL(0x26, 0x26, 0x98, 0x26, 0x2d, 0xbe, 0x4c, 0x0b),
+            LL(0x32, 0x32, 0xc8, 0x32, 0x8d, 0xfa, 0x64, 0xbf),
+            LL(0xb0, 0xb0, 0xfa, 0xb0, 0xe9, 0x4a, 0x7d, 0x59),
+            LL(0xe9, 0xe9, 0x83, 0xe9, 0x1b, 0x6a, 0xcf, 0xf2),
+            LL(0x0f, 0x0f, 0x3c, 0x0f, 0x78, 0x33, 0x1e, 0x77),
+            LL(0xd5, 0xd5, 0x73, 0xd5, 0xe6, 0xa6, 0xb7, 0x33),
+            LL(0x80, 0x80, 0x3a, 0x80, 0x74, 0xba, 0x1d, 0xf4),
+            LL(0xbe, 0xbe, 0xc2, 0xbe, 0x99, 0x7c, 0x61, 0x27),
+            LL(0xcd, 0xcd, 0x13, 0xcd, 0x26, 0xde, 0x87, 0xeb),
+            LL(0x34, 0x34, 0xd0, 0x34, 0xbd, 0xe4, 0x68, 0x89),
+            LL(0x48, 0x48, 0x3d, 0x48, 0x7a, 0x75, 0x90, 0x32),
+            LL(0xff, 0xff, 0xdb, 0xff, 0xab, 0x24, 0xe3, 0x54),
+            LL(0x7a, 0x7a, 0xf5, 0x7a, 0xf7, 0x8f, 0xf4, 0x8d),
+            LL(0x90, 0x90, 0x7a, 0x90, 0xf4, 0xea, 0x3d, 0x64),
+            LL(0x5f, 0x5f, 0x61, 0x5f, 0xc2, 0x3e, 0xbe, 0x9d),
+            LL(0x20, 0x20, 0x80, 0x20, 0x1d, 0xa0, 0x40, 0x3d),
+            LL(0x68, 0x68, 0xbd, 0x68, 0x67, 0xd5, 0xd0, 0x0f),
+            LL(0x1a, 0x1a, 0x68, 0x1a, 0xd0, 0x72, 0x34, 0xca),
+            LL(0xae, 0xae, 0x82, 0xae, 0x19, 0x2c, 0x41, 0xb7),
+            LL(0xb4, 0xb4, 0xea, 0xb4, 0xc9, 0x5e, 0x75, 0x7d),
+            LL(0x54, 0x54, 0x4d, 0x54, 0x9a, 0x19, 0xa8, 0xce),
+            LL(0x93, 0x93, 0x76, 0x93, 0xec, 0xe5, 0x3b, 0x7f),
+            LL(0x22, 0x22, 0x88, 0x22, 0x0d, 0xaa, 0x44, 0x2f),
+            LL(0x64, 0x64, 0x8d, 0x64, 0x07, 0xe9, 0xc8, 0x63),
+            LL(0xf1, 0xf1, 0xe3, 0xf1, 0xdb, 0x12, 0xff, 0x2a),
+            LL(0x73, 0x73, 0xd1, 0x73, 0xbf, 0xa2, 0xe6, 0xcc),
+            LL(0x12, 0x12, 0x48, 0x12, 0x90, 0x5a, 0x24, 0x82),
+            LL(0x40, 0x40, 0x1d, 0x40, 0x3a, 0x5d, 0x80, 0x7a),
+            LL(0x08, 0x08, 0x20, 0x08, 0x40, 0x28, 0x10, 0x48),
+            LL(0xc3, 0xc3, 0x2b, 0xc3, 0x56, 0xe8, 0x9b, 0x95),
+            LL(0xec, 0xec, 0x97, 0xec, 0x33, 0x7b, 0xc5, 0xdf),
+            LL(0xdb, 0xdb, 0x4b, 0xdb, 0x96, 0x90, 0xab, 0x4d),
+            LL(0xa1, 0xa1, 0xbe, 0xa1, 0x61, 0x1f, 0x5f, 0xc0),
+            LL(0x8d, 0x8d, 0x0e, 0x8d, 0x1c, 0x83, 0x07, 0x91),
+            LL(0x3d, 0x3d, 0xf4, 0x3d, 0xf5, 0xc9, 0x7a, 0xc8),
+            LL(0x97, 0x97, 0x66, 0x97, 0xcc, 0xf1, 0x33, 0x5b),
+            LL(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
+            LL(0xcf, 0xcf, 0x1b, 0xcf, 0x36, 0xd4, 0x83, 0xf9),
+            LL(0x2b, 0x2b, 0xac, 0x2b, 0x45, 0x87, 0x56, 0x6e),
+            LL(0x76, 0x76, 0xc5, 0x76, 0x97, 0xb3, 0xec, 0xe1),
+            LL(0x82, 0x82, 0x32, 0x82, 0x64, 0xb0, 0x19, 0xe6),
+            LL(0xd6, 0xd6, 0x7f, 0xd6, 0xfe, 0xa9, 0xb1, 0x28),
+            LL(0x1b, 0x1b, 0x6c, 0x1b, 0xd8, 0x77, 0x36, 0xc3),
+            LL(0xb5, 0xb5, 0xee, 0xb5, 0xc1, 0x5b, 0x77, 0x74),
+            LL(0xaf, 0xaf, 0x86, 0xaf, 0x11, 0x29, 0x43, 0xbe),
+            LL(0x6a, 0x6a, 0xb5, 0x6a, 0x77, 0xdf, 0xd4, 0x1d),
+            LL(0x50, 0x50, 0x5d, 0x50, 0xba, 0x0d, 0xa0, 0xea),
+            LL(0x45, 0x45, 0x09, 0x45, 0x12, 0x4c, 0x8a, 0x57),
+            LL(0xf3, 0xf3, 0xeb, 0xf3, 0xcb, 0x18, 0xfb, 0x38),
+            LL(0x30, 0x30, 0xc0, 0x30, 0x9d, 0xf0, 0x60, 0xad),
+            LL(0xef, 0xef, 0x9b, 0xef, 0x2b, 0x74, 0xc3, 0xc4),
+            LL(0x3f, 0x3f, 0xfc, 0x3f, 0xe5, 0xc3, 0x7e, 0xda),
+            LL(0x55, 0x55, 0x49, 0x55, 0x92, 0x1c, 0xaa, 0xc7),
+            LL(0xa2, 0xa2, 0xb2, 0xa2, 0x79, 0x10, 0x59, 0xdb),
+            LL(0xea, 0xea, 0x8f, 0xea, 0x03, 0x65, 0xc9, 0xe9),
+            LL(0x65, 0x65, 0x89, 0x65, 0x0f, 0xec, 0xca, 0x6a),
+            LL(0xba, 0xba, 0xd2, 0xba, 0xb9, 0x68, 0x69, 0x03),
+            LL(0x2f, 0x2f, 0xbc, 0x2f, 0x65, 0x93, 0x5e, 0x4a),
+            LL(0xc0, 0xc0, 0x27, 0xc0, 0x4e, 0xe7, 0x9d, 0x8e),
+            LL(0xde, 0xde, 0x5f, 0xde, 0xbe, 0x81, 0xa1, 0x60),
+            LL(0x1c, 0x1c, 0x70, 0x1c, 0xe0, 0x6c, 0x38, 0xfc),
+            LL(0xfd, 0xfd, 0xd3, 0xfd, 0xbb, 0x2e, 0xe7, 0x46),
+            LL(0x4d, 0x4d, 0x29, 0x4d, 0x52, 0x64, 0x9a, 0x1f),
+            LL(0x92, 0x92, 0x72, 0x92, 0xe4, 0xe0, 0x39, 0x76),
+            LL(0x75, 0x75, 0xc9, 0x75, 0x8f, 0xbc, 0xea, 0xfa),
+            LL(0x06, 0x06, 0x18, 0x06, 0x30, 0x1e, 0x0c, 0x36),
+            LL(0x8a, 0x8a, 0x12, 0x8a, 0x24, 0x98, 0x09, 0xae),
+            LL(0xb2, 0xb2, 0xf2, 0xb2, 0xf9, 0x40, 0x79, 0x4b),
+            LL(0xe6, 0xe6, 0xbf, 0xe6, 0x63, 0x59, 0xd1, 0x85),
+            LL(0x0e, 0x0e, 0x38, 0x0e, 0x70, 0x36, 0x1c, 0x7e),
+            LL(0x1f, 0x1f, 0x7c, 0x1f, 0xf8, 0x63, 0x3e, 0xe7),
+            LL(0x62, 0x62, 0x95, 0x62, 0x37, 0xf7, 0xc4, 0x55),
+            LL(0xd4, 0xd4, 0x77, 0xd4, 0xee, 0xa3, 0xb5, 0x3a),
+            LL(0xa8, 0xa8, 0x9a, 0xa8, 0x29, 0x32, 0x4d, 0x81),
+            LL(0x96, 0x96, 0x62, 0x96, 0xc4, 0xf4, 0x31, 0x52),
+            LL(0xf9, 0xf9, 0xc3, 0xf9, 0x9b, 0x3a, 0xef, 0x62),
+            LL(0xc5, 0xc5, 0x33, 0xc5, 0x66, 0xf6, 0x97, 0xa3),
+            LL(0x25, 0x25, 0x94, 0x25, 0x35, 0xb1, 0x4a, 0x10),
+            LL(0x59, 0x59, 0x79, 0x59, 0xf2, 0x20, 0xb2, 0xab),
+            LL(0x84, 0x84, 0x2a, 0x84, 0x54, 0xae, 0x15, 0xd0),
+            LL(0x72, 0x72, 0xd5, 0x72, 0xb7, 0xa7, 0xe4, 0xc5),
+            LL(0x39, 0x39, 0xe4, 0x39, 0xd5, 0xdd, 0x72, 0xec),
+            LL(0x4c, 0x4c, 0x2d, 0x4c, 0x5a, 0x61, 0x98, 0x16),
+            LL(0x5e, 0x5e, 0x65, 0x5e, 0xca, 0x3b, 0xbc, 0x94),
+            LL(0x78, 0x78, 0xfd, 0x78, 0xe7, 0x85, 0xf0, 0x9f),
+            LL(0x38, 0x38, 0xe0, 0x38, 0xdd, 0xd8, 0x70, 0xe5),
+            LL(0x8c, 0x8c, 0x0a, 0x8c, 0x14, 0x86, 0x05, 0x98),
+            LL(0xd1, 0xd1, 0x63, 0xd1, 0xc6, 0xb2, 0xbf, 0x17),
+            LL(0xa5, 0xa5, 0xae, 0xa5, 0x41, 0x0b, 0x57, 0xe4),
+            LL(0xe2, 0xe2, 0xaf, 0xe2, 0x43, 0x4d, 0xd9, 0xa1),
+            LL(0x61, 0x61, 0x99, 0x61, 0x2f, 0xf8, 0xc2, 0x4e),
+            LL(0xb3, 0xb3, 0xf6, 0xb3, 0xf1, 0x45, 0x7b, 0x42),
+            LL(0x21, 0x21, 0x84, 0x21, 0x15, 0xa5, 0x42, 0x34),
+            LL(0x9c, 0x9c, 0x4a, 0x9c, 0x94, 0xd6, 0x25, 0x08),
+            LL(0x1e, 0x1e, 0x78, 0x1e, 0xf0, 0x66, 0x3c, 0xee),
+            LL(0x43, 0x43, 0x11, 0x43, 0x22, 0x52, 0x86, 0x61),
+            LL(0xc7, 0xc7, 0x3b, 0xc7, 0x76, 0xfc, 0x93, 0xb1),
+            LL(0xfc, 0xfc, 0xd7, 0xfc, 0xb3, 0x2b, 0xe5, 0x4f),
+            LL(0x04, 0x04, 0x10, 0x04, 0x20, 0x14, 0x08, 0x24),
+            LL(0x51, 0x51, 0x59, 0x51, 0xb2, 0x08, 0xa2, 0xe3),
+            LL(0x99, 0x99, 0x5e, 0x99, 0xbc, 0xc7, 0x2f, 0x25),
+            LL(0x6d, 0x6d, 0xa9, 0x6d, 0x4f, 0xc4, 0xda, 0x22),
+            LL(0x0d, 0x0d, 0x34, 0x0d, 0x68, 0x39, 0x1a, 0x65),
+            LL(0xfa, 0xfa, 0xcf, 0xfa, 0x83, 0x35, 0xe9, 0x79),
+            LL(0xdf, 0xdf, 0x5b, 0xdf, 0xb6, 0x84, 0xa3, 0x69),
+            LL(0x7e, 0x7e, 0xe5, 0x7e, 0xd7, 0x9b, 0xfc, 0xa9),
+            LL(0x24, 0x24, 0x90, 0x24, 0x3d, 0xb4, 0x48, 0x19),
+            LL(0x3b, 0x3b, 0xec, 0x3b, 0xc5, 0xd7, 0x76, 0xfe),
+            LL(0xab, 0xab, 0x96, 0xab, 0x31, 0x3d, 0x4b, 0x9a),
+            LL(0xce, 0xce, 0x1f, 0xce, 0x3e, 0xd1, 0x81, 0xf0),
+            LL(0x11, 0x11, 0x44, 0x11, 0x88, 0x55, 0x22, 0x99),
+            LL(0x8f, 0x8f, 0x06, 0x8f, 0x0c, 0x89, 0x03, 0x83),
+            LL(0x4e, 0x4e, 0x25, 0x4e, 0x4a, 0x6b, 0x9c, 0x04),
+            LL(0xb7, 0xb7, 0xe6, 0xb7, 0xd1, 0x51, 0x73, 0x66),
+            LL(0xeb, 0xeb, 0x8b, 0xeb, 0x0b, 0x60, 0xcb, 0xe0),
+            LL(0x3c, 0x3c, 0xf0, 0x3c, 0xfd, 0xcc, 0x78, 0xc1),
+            LL(0x81, 0x81, 0x3e, 0x81, 0x7c, 0xbf, 0x1f, 0xfd),
+            LL(0x94, 0x94, 0x6a, 0x94, 0xd4, 0xfe, 0x35, 0x40),
+            LL(0xf7, 0xf7, 0xfb, 0xf7, 0xeb, 0x0c, 0xf3, 0x1c),
+            LL(0xb9, 0xb9, 0xde, 0xb9, 0xa1, 0x67, 0x6f, 0x18),
+            LL(0x13, 0x13, 0x4c, 0x13, 0x98, 0x5f, 0x26, 0x8b),
+            LL(0x2c, 0x2c, 0xb0, 0x2c, 0x7d, 0x9c, 0x58, 0x51),
+            LL(0xd3, 0xd3, 0x6b, 0xd3, 0xd6, 0xb8, 0xbb, 0x05),
+            LL(0xe7, 0xe7, 0xbb, 0xe7, 0x6b, 0x5c, 0xd3, 0x8c),
+            LL(0x6e, 0x6e, 0xa5, 0x6e, 0x57, 0xcb, 0xdc, 0x39),
+            LL(0xc4, 0xc4, 0x37, 0xc4, 0x6e, 0xf3, 0x95, 0xaa),
+            LL(0x03, 0x03, 0x0c, 0x03, 0x18, 0x0f, 0x06, 0x1b),
+            LL(0x56, 0x56, 0x45, 0x56, 0x8a, 0x13, 0xac, 0xdc),
+            LL(0x44, 0x44, 0x0d, 0x44, 0x1a, 0x49, 0x88, 0x5e),
+            LL(0x7f, 0x7f, 0xe1, 0x7f, 0xdf, 0x9e, 0xfe, 0xa0),
+            LL(0xa9, 0xa9, 0x9e, 0xa9, 0x21, 0x37, 0x4f, 0x88),
+            LL(0x2a, 0x2a, 0xa8, 0x2a, 0x4d, 0x82, 0x54, 0x67),
+            LL(0xbb, 0xbb, 0xd6, 0xbb, 0xb1, 0x6d, 0x6b, 0x0a),
+            LL(0xc1, 0xc1, 0x23, 0xc1, 0x46, 0xe2, 0x9f, 0x87),
+            LL(0x53, 0x53, 0x51, 0x53, 0xa2, 0x02, 0xa6, 0xf1),
+            LL(0xdc, 0xdc, 0x57, 0xdc, 0xae, 0x8b, 0xa5, 0x72),
+            LL(0x0b, 0x0b, 0x2c, 0x0b, 0x58, 0x27, 0x16, 0x53),
+            LL(0x9d, 0x9d, 0x4e, 0x9d, 0x9c, 0xd3, 0x27, 0x01),
+            LL(0x6c, 0x6c, 0xad, 0x6c, 0x47, 0xc1, 0xd8, 0x2b),
+            LL(0x31, 0x31, 0xc4, 0x31, 0x95, 0xf5, 0x62, 0xa4),
+            LL(0x74, 0x74, 0xcd, 0x74, 0x87, 0xb9, 0xe8, 0xf3),
+            LL(0xf6, 0xf6, 0xff, 0xf6, 0xe3, 0x09, 0xf1, 0x15),
+            LL(0x46, 0x46, 0x05, 0x46, 0x0a, 0x43, 0x8c, 0x4c),
+            LL(0xac, 0xac, 0x8a, 0xac, 0x09, 0x26, 0x45, 0xa5),
+            LL(0x89, 0x89, 0x1e, 0x89, 0x3c, 0x97, 0x0f, 0xb5),
+            LL(0x14, 0x14, 0x50, 0x14, 0xa0, 0x44, 0x28, 0xb4),
+            LL(0xe1, 0xe1, 0xa3, 0xe1, 0x5b, 0x42, 0xdf, 0xba),
+            LL(0x16, 0x16, 0x58, 0x16, 0xb0, 0x4e, 0x2c, 0xa6),
+            LL(0x3a, 0x3a, 0xe8, 0x3a, 0xcd, 0xd2, 0x74, 0xf7),
+            LL(0x69, 0x69, 0xb9, 0x69, 0x6f, 0xd0, 0xd2, 0x06),
+            LL(0x09, 0x09, 0x24, 0x09, 0x48, 0x2d, 0x12, 0x41),
+            LL(0x70, 0x70, 0xdd, 0x70, 0xa7, 0xad, 0xe0, 0xd7),
+            LL(0xb6, 0xb6, 0xe2, 0xb6, 0xd9, 0x54, 0x71, 0x6f),
+            LL(0xd0, 0xd0, 0x67, 0xd0, 0xce, 0xb7, 0xbd, 0x1e),
+            LL(0xed, 0xed, 0x93, 0xed, 0x3b, 0x7e, 0xc7, 0xd6),
+            LL(0xcc, 0xcc, 0x17, 0xcc, 0x2e, 0xdb, 0x85, 0xe2),
+            LL(0x42, 0x42, 0x15, 0x42, 0x2a, 0x57, 0x84, 0x68),
+            LL(0x98, 0x98, 0x5a, 0x98, 0xb4, 0xc2, 0x2d, 0x2c),
+            LL(0xa4, 0xa4, 0xaa, 0xa4, 0x49, 0x0e, 0x55, 0xed),
+            LL(0x28, 0x28, 0xa0, 0x28, 0x5d, 0x88, 0x50, 0x75),
+            LL(0x5c, 0x5c, 0x6d, 0x5c, 0xda, 0x31, 0xb8, 0x86),
+            LL(0xf8, 0xf8, 0xc7, 0xf8, 0x93, 0x3f, 0xed, 0x6b),
+            LL(0x86, 0x86, 0x22, 0x86, 0x44, 0xa4, 0x11, 0xc2),
+#define RC      (&(Cx.q[256*N]))
+            0x18, 0x23, 0xc6, 0xe8, 0x87, 0xb8, 0x01, 0x4f,
+            /* rc[ROUNDS] */
+            0x36, 0xa6, 0xd2, 0xf5, 0x79, 0x6f, 0x91, 0x52, 0x60, 0xbc, 0x9b,
+            0x8e, 0xa3, 0x0c, 0x7b, 0x35, 0x1d, 0xe0, 0xd7, 0xc2, 0x2e, 0x4b,
+            0xfe, 0x57, 0x15, 0x77, 0x37, 0xe5, 0x9f, 0xf0, 0x4a, 0xda, 0x58,
+            0xc9, 0x29, 0x0a, 0xb1, 0xa0, 0x6b, 0x85, 0xbd, 0x5d, 0x10, 0xf4,
+            0xcb, 0x3e, 0x05, 0x67, 0xe4, 0x27, 0x41, 0x8b, 0xa7, 0x7d, 0x95,
+            0xd8, 0xfb, 0xee, 0x7c, 0x66, 0xdd, 0x17, 0x47, 0x9e, 0xca, 0x2d,
+            0xbf, 0x07, 0xad, 0x5a, 0x83, 0x33
+        }
+    };
+
+void whirlpool_block(WHIRLPOOL_CTX *ctx, const void *inp, size_t n)
+{
+    int r;
+    const u8 *p = inp;
+    union {
+        u64 q[8];
+        u8 c[64];
+    } S, K, *H = (void *)ctx->H.q;
+
+#ifdef GO_FOR_MMX
+    GO_FOR_MMX(ctx, inp, n);
+#endif
+    do {
+#ifdef OPENSSL_SMALL_FOOTPRINT
+        u64 L[8];
+        int i;
+
+        for (i = 0; i < 64; i++)
+            S.c[i] = (K.c[i] = H->c[i]) ^ p[i];
+        for (r = 0; r < ROUNDS; r++) {
+            for (i = 0; i < 8; i++) {
+                L[i] = i ? 0 : RC[r];
+                L[i] ^= C0(K, i) ^ C1(K, (i - 1) & 7) ^
+                    C2(K, (i - 2) & 7) ^ C3(K, (i - 3) & 7) ^
+                    C4(K, (i - 4) & 7) ^ C5(K, (i - 5) & 7) ^
+                    C6(K, (i - 6) & 7) ^ C7(K, (i - 7) & 7);
+            }
+            memcpy(K.q, L, 64);
+            for (i = 0; i < 8; i++) {
+                L[i] ^= C0(S, i) ^ C1(S, (i - 1) & 7) ^
+                    C2(S, (i - 2) & 7) ^ C3(S, (i - 3) & 7) ^
+                    C4(S, (i - 4) & 7) ^ C5(S, (i - 5) & 7) ^
+                    C6(S, (i - 6) & 7) ^ C7(S, (i - 7) & 7);
+            }
+            memcpy(S.q, L, 64);
+        }
+        for (i = 0; i < 64; i++)
+            H->c[i] ^= S.c[i] ^ p[i];
+#else
+        u64 L0, L1, L2, L3, L4, L5, L6, L7;
+
+# ifdef STRICT_ALIGNMENT
+        if ((size_t)p & 7) {
+            memcpy(S.c, p, 64);
+            S.q[0] ^= (K.q[0] = H->q[0]);
+            S.q[1] ^= (K.q[1] = H->q[1]);
+            S.q[2] ^= (K.q[2] = H->q[2]);
+            S.q[3] ^= (K.q[3] = H->q[3]);
+            S.q[4] ^= (K.q[4] = H->q[4]);
+            S.q[5] ^= (K.q[5] = H->q[5]);
+            S.q[6] ^= (K.q[6] = H->q[6]);
+            S.q[7] ^= (K.q[7] = H->q[7]);
+        } else
+# endif
+        {
+            const u64 *pa = (const u64 *)p;
+            S.q[0] = (K.q[0] = H->q[0]) ^ pa[0];
+            S.q[1] = (K.q[1] = H->q[1]) ^ pa[1];
+            S.q[2] = (K.q[2] = H->q[2]) ^ pa[2];
+            S.q[3] = (K.q[3] = H->q[3]) ^ pa[3];
+            S.q[4] = (K.q[4] = H->q[4]) ^ pa[4];
+            S.q[5] = (K.q[5] = H->q[5]) ^ pa[5];
+            S.q[6] = (K.q[6] = H->q[6]) ^ pa[6];
+            S.q[7] = (K.q[7] = H->q[7]) ^ pa[7];
+        }
+
+        for (r = 0; r < ROUNDS; r++) {
+# ifdef SMALL_REGISTER_BANK
+            L0 = C0(K, 0) ^ C1(K, 7) ^ C2(K, 6) ^ C3(K, 5) ^
+                C4(K, 4) ^ C5(K, 3) ^ C6(K, 2) ^ C7(K, 1) ^ RC[r];
+            L1 = C0(K, 1) ^ C1(K, 0) ^ C2(K, 7) ^ C3(K, 6) ^
+                C4(K, 5) ^ C5(K, 4) ^ C6(K, 3) ^ C7(K, 2);
+            L2 = C0(K, 2) ^ C1(K, 1) ^ C2(K, 0) ^ C3(K, 7) ^
+                C4(K, 6) ^ C5(K, 5) ^ C6(K, 4) ^ C7(K, 3);
+            L3 = C0(K, 3) ^ C1(K, 2) ^ C2(K, 1) ^ C3(K, 0) ^
+                C4(K, 7) ^ C5(K, 6) ^ C6(K, 5) ^ C7(K, 4);
+            L4 = C0(K, 4) ^ C1(K, 3) ^ C2(K, 2) ^ C3(K, 1) ^
+                C4(K, 0) ^ C5(K, 7) ^ C6(K, 6) ^ C7(K, 5);
+            L5 = C0(K, 5) ^ C1(K, 4) ^ C2(K, 3) ^ C3(K, 2) ^
+                C4(K, 1) ^ C5(K, 0) ^ C6(K, 7) ^ C7(K, 6);
+            L6 = C0(K, 6) ^ C1(K, 5) ^ C2(K, 4) ^ C3(K, 3) ^
+                C4(K, 2) ^ C5(K, 1) ^ C6(K, 0) ^ C7(K, 7);
+            L7 = C0(K, 7) ^ C1(K, 6) ^ C2(K, 5) ^ C3(K, 4) ^
+                C4(K, 3) ^ C5(K, 2) ^ C6(K, 1) ^ C7(K, 0);
+
+            K.q[0] = L0;
+            K.q[1] = L1;
+            K.q[2] = L2;
+            K.q[3] = L3;
+            K.q[4] = L4;
+            K.q[5] = L5;
+            K.q[6] = L6;
+            K.q[7] = L7;
+
+            L0 ^= C0(S, 0) ^ C1(S, 7) ^ C2(S, 6) ^ C3(S, 5) ^
+                C4(S, 4) ^ C5(S, 3) ^ C6(S, 2) ^ C7(S, 1);
+            L1 ^= C0(S, 1) ^ C1(S, 0) ^ C2(S, 7) ^ C3(S, 6) ^
+                C4(S, 5) ^ C5(S, 4) ^ C6(S, 3) ^ C7(S, 2);
+            L2 ^= C0(S, 2) ^ C1(S, 1) ^ C2(S, 0) ^ C3(S, 7) ^
+                C4(S, 6) ^ C5(S, 5) ^ C6(S, 4) ^ C7(S, 3);
+            L3 ^= C0(S, 3) ^ C1(S, 2) ^ C2(S, 1) ^ C3(S, 0) ^
+                C4(S, 7) ^ C5(S, 6) ^ C6(S, 5) ^ C7(S, 4);
+            L4 ^= C0(S, 4) ^ C1(S, 3) ^ C2(S, 2) ^ C3(S, 1) ^
+                C4(S, 0) ^ C5(S, 7) ^ C6(S, 6) ^ C7(S, 5);
+            L5 ^= C0(S, 5) ^ C1(S, 4) ^ C2(S, 3) ^ C3(S, 2) ^
+                C4(S, 1) ^ C5(S, 0) ^ C6(S, 7) ^ C7(S, 6);
+            L6 ^= C0(S, 6) ^ C1(S, 5) ^ C2(S, 4) ^ C3(S, 3) ^
+                C4(S, 2) ^ C5(S, 1) ^ C6(S, 0) ^ C7(S, 7);
+            L7 ^= C0(S, 7) ^ C1(S, 6) ^ C2(S, 5) ^ C3(S, 4) ^
+                C4(S, 3) ^ C5(S, 2) ^ C6(S, 1) ^ C7(S, 0);
+
+            S.q[0] = L0;
+            S.q[1] = L1;
+            S.q[2] = L2;
+            S.q[3] = L3;
+            S.q[4] = L4;
+            S.q[5] = L5;
+            S.q[6] = L6;
+            S.q[7] = L7;
+# else
+            L0 = C0(K, 0);
+            L1 = C1(K, 0);
+            L2 = C2(K, 0);
+            L3 = C3(K, 0);
+            L4 = C4(K, 0);
+            L5 = C5(K, 0);
+            L6 = C6(K, 0);
+            L7 = C7(K, 0);
+            L0 ^= RC[r];
+
+            L1 ^= C0(K, 1);
+            L2 ^= C1(K, 1);
+            L3 ^= C2(K, 1);
+            L4 ^= C3(K, 1);
+            L5 ^= C4(K, 1);
+            L6 ^= C5(K, 1);
+            L7 ^= C6(K, 1);
+            L0 ^= C7(K, 1);
+
+            L2 ^= C0(K, 2);
+            L3 ^= C1(K, 2);
+            L4 ^= C2(K, 2);
+            L5 ^= C3(K, 2);
+            L6 ^= C4(K, 2);
+            L7 ^= C5(K, 2);
+            L0 ^= C6(K, 2);
+            L1 ^= C7(K, 2);
+
+            L3 ^= C0(K, 3);
+            L4 ^= C1(K, 3);
+            L5 ^= C2(K, 3);
+            L6 ^= C3(K, 3);
+            L7 ^= C4(K, 3);
+            L0 ^= C5(K, 3);
+            L1 ^= C6(K, 3);
+            L2 ^= C7(K, 3);
+
+            L4 ^= C0(K, 4);
+            L5 ^= C1(K, 4);
+            L6 ^= C2(K, 4);
+            L7 ^= C3(K, 4);
+            L0 ^= C4(K, 4);
+            L1 ^= C5(K, 4);
+            L2 ^= C6(K, 4);
+            L3 ^= C7(K, 4);
+
+            L5 ^= C0(K, 5);
+            L6 ^= C1(K, 5);
+            L7 ^= C2(K, 5);
+            L0 ^= C3(K, 5);
+            L1 ^= C4(K, 5);
+            L2 ^= C5(K, 5);
+            L3 ^= C6(K, 5);
+            L4 ^= C7(K, 5);
+
+            L6 ^= C0(K, 6);
+            L7 ^= C1(K, 6);
+            L0 ^= C2(K, 6);
+            L1 ^= C3(K, 6);
+            L2 ^= C4(K, 6);
+            L3 ^= C5(K, 6);
+            L4 ^= C6(K, 6);
+            L5 ^= C7(K, 6);
+
+            L7 ^= C0(K, 7);
+            L0 ^= C1(K, 7);
+            L1 ^= C2(K, 7);
+            L2 ^= C3(K, 7);
+            L3 ^= C4(K, 7);
+            L4 ^= C5(K, 7);
+            L5 ^= C6(K, 7);
+            L6 ^= C7(K, 7);
+
+            K.q[0] = L0;
+            K.q[1] = L1;
+            K.q[2] = L2;
+            K.q[3] = L3;
+            K.q[4] = L4;
+            K.q[5] = L5;
+            K.q[6] = L6;
+            K.q[7] = L7;
+
+            L0 ^= C0(S, 0);
+            L1 ^= C1(S, 0);
+            L2 ^= C2(S, 0);
+            L3 ^= C3(S, 0);
+            L4 ^= C4(S, 0);
+            L5 ^= C5(S, 0);
+            L6 ^= C6(S, 0);
+            L7 ^= C7(S, 0);
+
+            L1 ^= C0(S, 1);
+            L2 ^= C1(S, 1);
+            L3 ^= C2(S, 1);
+            L4 ^= C3(S, 1);
+            L5 ^= C4(S, 1);
+            L6 ^= C5(S, 1);
+            L7 ^= C6(S, 1);
+            L0 ^= C7(S, 1);
+
+            L2 ^= C0(S, 2);
+            L3 ^= C1(S, 2);
+            L4 ^= C2(S, 2);
+            L5 ^= C3(S, 2);
+            L6 ^= C4(S, 2);
+            L7 ^= C5(S, 2);
+            L0 ^= C6(S, 2);
+            L1 ^= C7(S, 2);
+
+            L3 ^= C0(S, 3);
+            L4 ^= C1(S, 3);
+            L5 ^= C2(S, 3);
+            L6 ^= C3(S, 3);
+            L7 ^= C4(S, 3);
+            L0 ^= C5(S, 3);
+            L1 ^= C6(S, 3);
+            L2 ^= C7(S, 3);
+
+            L4 ^= C0(S, 4);
+            L5 ^= C1(S, 4);
+            L6 ^= C2(S, 4);
+            L7 ^= C3(S, 4);
+            L0 ^= C4(S, 4);
+            L1 ^= C5(S, 4);
+            L2 ^= C6(S, 4);
+            L3 ^= C7(S, 4);
+
+            L5 ^= C0(S, 5);
+            L6 ^= C1(S, 5);
+            L7 ^= C2(S, 5);
+            L0 ^= C3(S, 5);
+            L1 ^= C4(S, 5);
+            L2 ^= C5(S, 5);
+            L3 ^= C6(S, 5);
+            L4 ^= C7(S, 5);
+
+            L6 ^= C0(S, 6);
+            L7 ^= C1(S, 6);
+            L0 ^= C2(S, 6);
+            L1 ^= C3(S, 6);
+            L2 ^= C4(S, 6);
+            L3 ^= C5(S, 6);
+            L4 ^= C6(S, 6);
+            L5 ^= C7(S, 6);
+
+            L7 ^= C0(S, 7);
+            L0 ^= C1(S, 7);
+            L1 ^= C2(S, 7);
+            L2 ^= C3(S, 7);
+            L3 ^= C4(S, 7);
+            L4 ^= C5(S, 7);
+            L5 ^= C6(S, 7);
+            L6 ^= C7(S, 7);
+
+            S.q[0] = L0;
+            S.q[1] = L1;
+            S.q[2] = L2;
+            S.q[3] = L3;
+            S.q[4] = L4;
+            S.q[5] = L5;
+            S.q[6] = L6;
+            S.q[7] = L7;
+# endif
+        }
+
+# ifdef STRICT_ALIGNMENT
+        if ((size_t)p & 7) {
+            int i;
+            for (i = 0; i < 64; i++)
+                H->c[i] ^= S.c[i] ^ p[i];
+        } else
+# endif
+        {
+            const u64 *pa = (const u64 *)p;
+            H->q[0] ^= S.q[0] ^ pa[0];
+            H->q[1] ^= S.q[1] ^ pa[1];
+            H->q[2] ^= S.q[2] ^ pa[2];
+            H->q[3] ^= S.q[3] ^ pa[3];
+            H->q[4] ^= S.q[4] ^ pa[4];
+            H->q[5] ^= S.q[5] ^ pa[5];
+            H->q[6] ^= S.q[6] ^ pa[6];
+            H->q[7] ^= S.q[7] ^ pa[7];
+        }
+#endif
+        p += 64;
+    } while (--n);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/whrlpool/wp_dgst.c b/trunk/3rdparty/openssl-1.1-fit/crypto/whrlpool/wp_dgst.c
new file mode 100644
index 000000000..1ac29803a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/whrlpool/wp_dgst.c
@@ -0,0 +1,258 @@
+/*
+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/**
+ * The Whirlpool hashing function.
+ *
+ * See
+ *      P.S.L.M. Barreto, V. Rijmen,
+ *      ``The Whirlpool hashing function,''
+ *      NESSIE submission, 2000 (tweaked version, 2001),
+ *      <https://www.cosic.esat.kuleuven.ac.be/nessie/workshop/submissions/whirlpool.zip>
+ *
+ * Based on "@version 3.0 (2003.03.12)" by Paulo S.L.M. Barreto and
+ * Vincent Rijmen. Lookup "reference implementations" on
+ * <http://planeta.terra.com.br/informatica/paulobarreto/>
+ *
+ * =============================================================================
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
+ * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+ * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+/*
+ * OpenSSL-specific implementation notes.
+ *
+ * WHIRLPOOL_Update as well as one-stroke WHIRLPOOL both expect
+ * number of *bytes* as input length argument. Bit-oriented routine
+ * as specified by authors is called WHIRLPOOL_BitUpdate[!] and
+ * does not have one-stroke counterpart.
+ *
+ * WHIRLPOOL_BitUpdate implements byte-oriented loop, essentially
+ * to serve WHIRLPOOL_Update. This is done for performance.
+ *
+ * Unlike authors' reference implementation, block processing
+ * routine whirlpool_block is designed to operate on multi-block
+ * input. This is done for performance.
+ */
+
+#include <openssl/crypto.h>
+#include "wp_locl.h"
+#include <string.h>
+
+int WHIRLPOOL_Init(WHIRLPOOL_CTX *c)
+{
+    memset(c, 0, sizeof(*c));
+    return 1;
+}
+
+int WHIRLPOOL_Update(WHIRLPOOL_CTX *c, const void *_inp, size_t bytes)
+{
+    /*
+     * Well, largest suitable chunk size actually is
+     * (1<<(sizeof(size_t)*8-3))-64, but below number is large enough for not
+     * to care about excessive calls to WHIRLPOOL_BitUpdate...
+     */
+    size_t chunk = ((size_t)1) << (sizeof(size_t) * 8 - 4);
+    const unsigned char *inp = _inp;
+
+    while (bytes >= chunk) {
+        WHIRLPOOL_BitUpdate(c, inp, chunk * 8);
+        bytes -= chunk;
+        inp += chunk;
+    }
+    if (bytes)
+        WHIRLPOOL_BitUpdate(c, inp, bytes * 8);
+
+    return 1;
+}
+
+void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *_inp, size_t bits)
+{
+    size_t n;
+    unsigned int bitoff = c->bitoff,
+        bitrem = bitoff % 8, inpgap = (8 - (unsigned int)bits % 8) & 7;
+    const unsigned char *inp = _inp;
+
+    /*
+     * This 256-bit increment procedure relies on the size_t being natural
+     * size of CPU register, so that we don't have to mask the value in order
+     * to detect overflows.
+     */
+    c->bitlen[0] += bits;
+    if (c->bitlen[0] < bits) {  /* overflow */
+        n = 1;
+        do {
+            c->bitlen[n]++;
+        } while (c->bitlen[n] == 0
+                 && ++n < (WHIRLPOOL_COUNTER / sizeof(size_t)));
+    }
+#ifndef OPENSSL_SMALL_FOOTPRINT
+ reconsider:
+    if (inpgap == 0 && bitrem == 0) { /* byte-oriented loop */
+        while (bits) {
+            if (bitoff == 0 && (n = bits / WHIRLPOOL_BBLOCK)) {
+                whirlpool_block(c, inp, n);
+                inp += n * WHIRLPOOL_BBLOCK / 8;
+                bits %= WHIRLPOOL_BBLOCK;
+            } else {
+                unsigned int byteoff = bitoff / 8;
+
+                bitrem = WHIRLPOOL_BBLOCK - bitoff; /* re-use bitrem */
+                if (bits >= bitrem) {
+                    bits -= bitrem;
+                    bitrem /= 8;
+                    memcpy(c->data + byteoff, inp, bitrem);
+                    inp += bitrem;
+                    whirlpool_block(c, c->data, 1);
+                    bitoff = 0;
+                } else {
+                    memcpy(c->data + byteoff, inp, bits / 8);
+                    bitoff += (unsigned int)bits;
+                    bits = 0;
+                }
+                c->bitoff = bitoff;
+            }
+        }
+    } else                      /* bit-oriented loop */
+#endif
+    {
+        /*-
+                   inp
+                   |
+                   +-------+-------+-------
+                      |||||||||||||||||||||
+                   +-------+-------+-------
+        +-------+-------+-------+-------+-------
+        ||||||||||||||                          c->data
+        +-------+-------+-------+-------+-------
+                |
+                c->bitoff/8
+        */
+        while (bits) {
+            unsigned int byteoff = bitoff / 8;
+            unsigned char b;
+
+#ifndef OPENSSL_SMALL_FOOTPRINT
+            if (bitrem == inpgap) {
+                c->data[byteoff++] |= inp[0] & (0xff >> inpgap);
+                inpgap = 8 - inpgap;
+                bitoff += inpgap;
+                bitrem = 0;     /* bitoff%8 */
+                bits -= inpgap;
+                inpgap = 0;     /* bits%8 */
+                inp++;
+                if (bitoff == WHIRLPOOL_BBLOCK) {
+                    whirlpool_block(c, c->data, 1);
+                    bitoff = 0;
+                }
+                c->bitoff = bitoff;
+                goto reconsider;
+            } else
+#endif
+            if (bits > 8) {
+                b = ((inp[0] << inpgap) | (inp[1] >> (8 - inpgap)));
+                b &= 0xff;
+                if (bitrem)
+                    c->data[byteoff++] |= b >> bitrem;
+                else
+                    c->data[byteoff++] = b;
+                bitoff += 8;
+                bits -= 8;
+                inp++;
+                if (bitoff >= WHIRLPOOL_BBLOCK) {
+                    whirlpool_block(c, c->data, 1);
+                    byteoff = 0;
+                    bitoff %= WHIRLPOOL_BBLOCK;
+                }
+                if (bitrem)
+                    c->data[byteoff] = b << (8 - bitrem);
+            } else {            /* remaining less than or equal to 8 bits */
+
+                b = (inp[0] << inpgap) & 0xff;
+                if (bitrem)
+                    c->data[byteoff++] |= b >> bitrem;
+                else
+                    c->data[byteoff++] = b;
+                bitoff += (unsigned int)bits;
+                if (bitoff == WHIRLPOOL_BBLOCK) {
+                    whirlpool_block(c, c->data, 1);
+                    byteoff = 0;
+                    bitoff %= WHIRLPOOL_BBLOCK;
+                }
+                if (bitrem)
+                    c->data[byteoff] = b << (8 - bitrem);
+                bits = 0;
+            }
+            c->bitoff = bitoff;
+        }
+    }
+}
+
+int WHIRLPOOL_Final(unsigned char *md, WHIRLPOOL_CTX *c)
+{
+    unsigned int bitoff = c->bitoff, byteoff = bitoff / 8;
+    size_t i, j, v;
+    unsigned char *p;
+
+    bitoff %= 8;
+    if (bitoff)
+        c->data[byteoff] |= 0x80 >> bitoff;
+    else
+        c->data[byteoff] = 0x80;
+    byteoff++;
+
+    /* pad with zeros */
+    if (byteoff > (WHIRLPOOL_BBLOCK / 8 - WHIRLPOOL_COUNTER)) {
+        if (byteoff < WHIRLPOOL_BBLOCK / 8)
+            memset(&c->data[byteoff], 0, WHIRLPOOL_BBLOCK / 8 - byteoff);
+        whirlpool_block(c, c->data, 1);
+        byteoff = 0;
+    }
+    if (byteoff < (WHIRLPOOL_BBLOCK / 8 - WHIRLPOOL_COUNTER))
+        memset(&c->data[byteoff], 0,
+               (WHIRLPOOL_BBLOCK / 8 - WHIRLPOOL_COUNTER) - byteoff);
+    /* smash 256-bit c->bitlen in big-endian order */
+    p = &c->data[WHIRLPOOL_BBLOCK / 8 - 1]; /* last byte in c->data */
+    for (i = 0; i < WHIRLPOOL_COUNTER / sizeof(size_t); i++)
+        for (v = c->bitlen[i], j = 0; j < sizeof(size_t); j++, v >>= 8)
+            *p-- = (unsigned char)(v & 0xff);
+
+    whirlpool_block(c, c->data, 1);
+
+    if (md) {
+        memcpy(md, c->H.c, WHIRLPOOL_DIGEST_LENGTH);
+        OPENSSL_cleanse(c, sizeof(*c));
+        return 1;
+    }
+    return 0;
+}
+
+unsigned char *WHIRLPOOL(const void *inp, size_t bytes, unsigned char *md)
+{
+    WHIRLPOOL_CTX ctx;
+    static unsigned char m[WHIRLPOOL_DIGEST_LENGTH];
+
+    if (md == NULL)
+        md = m;
+    WHIRLPOOL_Init(&ctx);
+    WHIRLPOOL_Update(&ctx, inp, bytes);
+    WHIRLPOOL_Final(md, &ctx);
+    return md;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/whrlpool/wp_locl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/whrlpool/wp_locl.h
new file mode 100644
index 000000000..3a81cfd58
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/whrlpool/wp_locl.h
@@ -0,0 +1,12 @@
+/*
+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/whrlpool.h>
+
+void whirlpool_block(WHIRLPOOL_CTX *, const void *, size_t);
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/build.info
new file mode 100644
index 000000000..afd0b6134
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/build.info
@@ -0,0 +1,10 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        x509_def.c x509_d2.c x509_r2x.c x509_cmp.c \
+        x509_obj.c x509_req.c x509spki.c x509_vfy.c \
+        x509_set.c x509cset.c x509rset.c x509_err.c \
+        x509name.c x509_v3.c x509_ext.c x509_att.c \
+        x509type.c x509_meth.c x509_lu.c x_all.c x509_txt.c \
+        x509_trs.c by_file.c by_dir.c x509_vpm.c \
+        x_crl.c t_crl.c x_req.c t_req.c x_x509.c t_x509.c \
+        x_pubkey.c x_x509a.c x_attrib.c x_exten.c x_name.c
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/by_dir.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/by_dir.c
new file mode 100644
index 000000000..b3760dbad
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/by_dir.c
@@ -0,0 +1,390 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include "internal/cryptlib.h"
+#include <stdio.h>
+#include <time.h>
+#include <errno.h>
+#include <sys/types.h>
+
+#ifndef OPENSSL_NO_POSIX_IO
+# include <sys/stat.h>
+#endif
+
+#include <openssl/x509.h>
+#include "internal/x509_int.h"
+#include "x509_lcl.h"
+
+struct lookup_dir_hashes_st {
+    unsigned long hash;
+    int suffix;
+};
+
+struct lookup_dir_entry_st {
+    char *dir;
+    int dir_type;
+    STACK_OF(BY_DIR_HASH) *hashes;
+};
+
+typedef struct lookup_dir_st {
+    BUF_MEM *buffer;
+    STACK_OF(BY_DIR_ENTRY) *dirs;
+    CRYPTO_RWLOCK *lock;
+} BY_DIR;
+
+static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
+                    char **ret);
+static int new_dir(X509_LOOKUP *lu);
+static void free_dir(X509_LOOKUP *lu);
+static int add_cert_dir(BY_DIR *ctx, const char *dir, int type);
+static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type,
+                               X509_NAME *name, X509_OBJECT *ret);
+static X509_LOOKUP_METHOD x509_dir_lookup = {
+    "Load certs from files in a directory",
+    new_dir,                    /* new_item */
+    free_dir,                   /* free */
+    NULL,                       /* init */
+    NULL,                       /* shutdown */
+    dir_ctrl,                   /* ctrl */
+    get_cert_by_subject,        /* get_by_subject */
+    NULL,                       /* get_by_issuer_serial */
+    NULL,                       /* get_by_fingerprint */
+    NULL,                       /* get_by_alias */
+};
+
+X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void)
+{
+    return &x509_dir_lookup;
+}
+
+static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
+                    char **retp)
+{
+    int ret = 0;
+    BY_DIR *ld = (BY_DIR *)ctx->method_data;
+
+    switch (cmd) {
+    case X509_L_ADD_DIR:
+        if (argl == X509_FILETYPE_DEFAULT) {
+            const char *dir = ossl_safe_getenv(X509_get_default_cert_dir_env());
+
+            if (dir)
+                ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM);
+            else
+                ret = add_cert_dir(ld, X509_get_default_cert_dir(),
+                                   X509_FILETYPE_PEM);
+            if (!ret) {
+                X509err(X509_F_DIR_CTRL, X509_R_LOADING_CERT_DIR);
+            }
+        } else
+            ret = add_cert_dir(ld, argp, (int)argl);
+        break;
+    }
+    return ret;
+}
+
+static int new_dir(X509_LOOKUP *lu)
+{
+    BY_DIR *a = OPENSSL_malloc(sizeof(*a));
+
+    if (a == NULL) {
+        X509err(X509_F_NEW_DIR, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    if ((a->buffer = BUF_MEM_new()) == NULL) {
+        X509err(X509_F_NEW_DIR, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    a->dirs = NULL;
+    a->lock = CRYPTO_THREAD_lock_new();
+    if (a->lock == NULL) {
+        BUF_MEM_free(a->buffer);
+        X509err(X509_F_NEW_DIR, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    lu->method_data = a;
+    return 1;
+
+ err:
+    OPENSSL_free(a);
+    return 0;
+}
+
+static void by_dir_hash_free(BY_DIR_HASH *hash)
+{
+    OPENSSL_free(hash);
+}
+
+static int by_dir_hash_cmp(const BY_DIR_HASH *const *a,
+                           const BY_DIR_HASH *const *b)
+{
+    if ((*a)->hash > (*b)->hash)
+        return 1;
+    if ((*a)->hash < (*b)->hash)
+        return -1;
+    return 0;
+}
+
+static void by_dir_entry_free(BY_DIR_ENTRY *ent)
+{
+    OPENSSL_free(ent->dir);
+    sk_BY_DIR_HASH_pop_free(ent->hashes, by_dir_hash_free);
+    OPENSSL_free(ent);
+}
+
+static void free_dir(X509_LOOKUP *lu)
+{
+    BY_DIR *a = (BY_DIR *)lu->method_data;
+
+    sk_BY_DIR_ENTRY_pop_free(a->dirs, by_dir_entry_free);
+    BUF_MEM_free(a->buffer);
+    CRYPTO_THREAD_lock_free(a->lock);
+    OPENSSL_free(a);
+}
+
+static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
+{
+    int j;
+    size_t len;
+    const char *s, *ss, *p;
+
+    if (dir == NULL || !*dir) {
+        X509err(X509_F_ADD_CERT_DIR, X509_R_INVALID_DIRECTORY);
+        return 0;
+    }
+
+    s = dir;
+    p = s;
+    do {
+        if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0')) {
+            BY_DIR_ENTRY *ent;
+
+            ss = s;
+            s = p + 1;
+            len = p - ss;
+            if (len == 0)
+                continue;
+            for (j = 0; j < sk_BY_DIR_ENTRY_num(ctx->dirs); j++) {
+                ent = sk_BY_DIR_ENTRY_value(ctx->dirs, j);
+                if (strlen(ent->dir) == len && strncmp(ent->dir, ss, len) == 0)
+                    break;
+            }
+            if (j < sk_BY_DIR_ENTRY_num(ctx->dirs))
+                continue;
+            if (ctx->dirs == NULL) {
+                ctx->dirs = sk_BY_DIR_ENTRY_new_null();
+                if (!ctx->dirs) {
+                    X509err(X509_F_ADD_CERT_DIR, ERR_R_MALLOC_FAILURE);
+                    return 0;
+                }
+            }
+            ent = OPENSSL_malloc(sizeof(*ent));
+            if (ent == NULL) {
+                X509err(X509_F_ADD_CERT_DIR, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+            ent->dir_type = type;
+            ent->hashes = sk_BY_DIR_HASH_new(by_dir_hash_cmp);
+            ent->dir = OPENSSL_strndup(ss, len);
+            if (ent->dir == NULL || ent->hashes == NULL) {
+                by_dir_entry_free(ent);
+                return 0;
+            }
+            if (!sk_BY_DIR_ENTRY_push(ctx->dirs, ent)) {
+                by_dir_entry_free(ent);
+                X509err(X509_F_ADD_CERT_DIR, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+        }
+    } while (*p++ != '\0');
+    return 1;
+}
+
+static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type,
+                               X509_NAME *name, X509_OBJECT *ret)
+{
+    BY_DIR *ctx;
+    union {
+        X509 st_x509;
+        X509_CRL crl;
+    } data;
+    int ok = 0;
+    int i, j, k;
+    unsigned long h;
+    BUF_MEM *b = NULL;
+    X509_OBJECT stmp, *tmp;
+    const char *postfix = "";
+
+    if (name == NULL)
+        return 0;
+
+    stmp.type = type;
+    if (type == X509_LU_X509) {
+        data.st_x509.cert_info.subject = name;
+        stmp.data.x509 = &data.st_x509;
+        postfix = "";
+    } else if (type == X509_LU_CRL) {
+        data.crl.crl.issuer = name;
+        stmp.data.crl = &data.crl;
+        postfix = "r";
+    } else {
+        X509err(X509_F_GET_CERT_BY_SUBJECT, X509_R_WRONG_LOOKUP_TYPE);
+        goto finish;
+    }
+
+    if ((b = BUF_MEM_new()) == NULL) {
+        X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_BUF_LIB);
+        goto finish;
+    }
+
+    ctx = (BY_DIR *)xl->method_data;
+
+    h = X509_NAME_hash(name);
+    for (i = 0; i < sk_BY_DIR_ENTRY_num(ctx->dirs); i++) {
+        BY_DIR_ENTRY *ent;
+        int idx;
+        BY_DIR_HASH htmp, *hent;
+
+        ent = sk_BY_DIR_ENTRY_value(ctx->dirs, i);
+        j = strlen(ent->dir) + 1 + 8 + 6 + 1 + 1;
+        if (!BUF_MEM_grow(b, j)) {
+            X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_MALLOC_FAILURE);
+            goto finish;
+        }
+        if (type == X509_LU_CRL && ent->hashes) {
+            htmp.hash = h;
+            CRYPTO_THREAD_read_lock(ctx->lock);
+            idx = sk_BY_DIR_HASH_find(ent->hashes, &htmp);
+            if (idx >= 0) {
+                hent = sk_BY_DIR_HASH_value(ent->hashes, idx);
+                k = hent->suffix;
+            } else {
+                hent = NULL;
+                k = 0;
+            }
+            CRYPTO_THREAD_unlock(ctx->lock);
+        } else {
+            k = 0;
+            hent = NULL;
+        }
+        for (;;) {
+            char c = '/';
+#ifdef OPENSSL_SYS_VMS
+            c = ent->dir[strlen(ent->dir) - 1];
+            if (c != ':' && c != '>' && c != ']') {
+                /*
+                 * If no separator is present, we assume the directory
+                 * specifier is a logical name, and add a colon.  We really
+                 * should use better VMS routines for merging things like
+                 * this, but this will do for now... -- Richard Levitte
+                 */
+                c = ':';
+            } else {
+                c = '\0';
+            }
+#endif
+            if (c == '\0') {
+                /*
+                 * This is special.  When c == '\0', no directory separator
+                 * should be added.
+                 */
+                BIO_snprintf(b->data, b->max,
+                             "%s%08lx.%s%d", ent->dir, h, postfix, k);
+            } else {
+                BIO_snprintf(b->data, b->max,
+                             "%s%c%08lx.%s%d", ent->dir, c, h, postfix, k);
+            }
+#ifndef OPENSSL_NO_POSIX_IO
+# ifdef _WIN32
+#  define stat _stat
+# endif
+            {
+                struct stat st;
+                if (stat(b->data, &st) < 0)
+                    break;
+            }
+#endif
+            /* found one. */
+            if (type == X509_LU_X509) {
+                if ((X509_load_cert_file(xl, b->data, ent->dir_type)) == 0)
+                    break;
+            } else if (type == X509_LU_CRL) {
+                if ((X509_load_crl_file(xl, b->data, ent->dir_type)) == 0)
+                    break;
+            }
+            /* else case will caught higher up */
+            k++;
+        }
+
+        /*
+         * we have added it to the cache so now pull it out again
+         */
+        CRYPTO_THREAD_write_lock(ctx->lock);
+        j = sk_X509_OBJECT_find(xl->store_ctx->objs, &stmp);
+        tmp = sk_X509_OBJECT_value(xl->store_ctx->objs, j);
+        CRYPTO_THREAD_unlock(ctx->lock);
+
+        /* If a CRL, update the last file suffix added for this */
+
+        if (type == X509_LU_CRL) {
+            CRYPTO_THREAD_write_lock(ctx->lock);
+            /*
+             * Look for entry again in case another thread added an entry
+             * first.
+             */
+            if (hent == NULL) {
+                htmp.hash = h;
+                idx = sk_BY_DIR_HASH_find(ent->hashes, &htmp);
+                hent = sk_BY_DIR_HASH_value(ent->hashes, idx);
+            }
+            if (hent == NULL) {
+                hent = OPENSSL_malloc(sizeof(*hent));
+                if (hent == NULL) {
+                    CRYPTO_THREAD_unlock(ctx->lock);
+                    X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_MALLOC_FAILURE);
+                    ok = 0;
+                    goto finish;
+                }
+                hent->hash = h;
+                hent->suffix = k;
+                if (!sk_BY_DIR_HASH_push(ent->hashes, hent)) {
+                    CRYPTO_THREAD_unlock(ctx->lock);
+                    OPENSSL_free(hent);
+                    X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_MALLOC_FAILURE);
+                    ok = 0;
+                    goto finish;
+                }
+            } else if (hent->suffix < k) {
+                hent->suffix = k;
+            }
+
+            CRYPTO_THREAD_unlock(ctx->lock);
+
+        }
+
+        if (tmp != NULL) {
+            ok = 1;
+            ret->type = tmp->type;
+            memcpy(&ret->data, &tmp->data, sizeof(ret->data));
+
+            /*
+             * Clear any errors that might have been raised processing empty
+             * or malformed files.
+             */
+            ERR_clear_error();
+
+            goto finish;
+        }
+    }
+ finish:
+    BUF_MEM_free(b);
+    return ok;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/by_file.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/by_file.c
new file mode 100644
index 000000000..244512c93
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/by_file.c
@@ -0,0 +1,227 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include <errno.h>
+
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include "x509_lcl.h"
+
+static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
+                        long argl, char **ret);
+static X509_LOOKUP_METHOD x509_file_lookup = {
+    "Load file into cache",
+    NULL,                       /* new_item */
+    NULL,                       /* free */
+    NULL,                       /* init */
+    NULL,                       /* shutdown */
+    by_file_ctrl,               /* ctrl */
+    NULL,                       /* get_by_subject */
+    NULL,                       /* get_by_issuer_serial */
+    NULL,                       /* get_by_fingerprint */
+    NULL,                       /* get_by_alias */
+};
+
+X509_LOOKUP_METHOD *X509_LOOKUP_file(void)
+{
+    return &x509_file_lookup;
+}
+
+static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp,
+                        long argl, char **ret)
+{
+    int ok = 0;
+    const char *file;
+
+    switch (cmd) {
+    case X509_L_FILE_LOAD:
+        if (argl == X509_FILETYPE_DEFAULT) {
+            file = ossl_safe_getenv(X509_get_default_cert_file_env());
+            if (file)
+                ok = (X509_load_cert_crl_file(ctx, file,
+                                              X509_FILETYPE_PEM) != 0);
+
+            else
+                ok = (X509_load_cert_crl_file
+                      (ctx, X509_get_default_cert_file(),
+                       X509_FILETYPE_PEM) != 0);
+
+            if (!ok) {
+                X509err(X509_F_BY_FILE_CTRL, X509_R_LOADING_DEFAULTS);
+            }
+        } else {
+            if (argl == X509_FILETYPE_PEM)
+                ok = (X509_load_cert_crl_file(ctx, argp,
+                                              X509_FILETYPE_PEM) != 0);
+            else
+                ok = (X509_load_cert_file(ctx, argp, (int)argl) != 0);
+        }
+        break;
+    }
+    return ok;
+}
+
+int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)
+{
+    int ret = 0;
+    BIO *in = NULL;
+    int i, count = 0;
+    X509 *x = NULL;
+
+    in = BIO_new(BIO_s_file());
+
+    if ((in == NULL) || (BIO_read_filename(in, file) <= 0)) {
+        X509err(X509_F_X509_LOAD_CERT_FILE, ERR_R_SYS_LIB);
+        goto err;
+    }
+
+    if (type == X509_FILETYPE_PEM) {
+        for (;;) {
+            x = PEM_read_bio_X509_AUX(in, NULL, NULL, "");
+            if (x == NULL) {
+                if ((ERR_GET_REASON(ERR_peek_last_error()) ==
+                     PEM_R_NO_START_LINE) && (count > 0)) {
+                    ERR_clear_error();
+                    break;
+                } else {
+                    X509err(X509_F_X509_LOAD_CERT_FILE, ERR_R_PEM_LIB);
+                    goto err;
+                }
+            }
+            i = X509_STORE_add_cert(ctx->store_ctx, x);
+            if (!i)
+                goto err;
+            count++;
+            X509_free(x);
+            x = NULL;
+        }
+        ret = count;
+    } else if (type == X509_FILETYPE_ASN1) {
+        x = d2i_X509_bio(in, NULL);
+        if (x == NULL) {
+            X509err(X509_F_X509_LOAD_CERT_FILE, ERR_R_ASN1_LIB);
+            goto err;
+        }
+        i = X509_STORE_add_cert(ctx->store_ctx, x);
+        if (!i)
+            goto err;
+        ret = i;
+    } else {
+        X509err(X509_F_X509_LOAD_CERT_FILE, X509_R_BAD_X509_FILETYPE);
+        goto err;
+    }
+    if (ret == 0)
+        X509err(X509_F_X509_LOAD_CERT_FILE, X509_R_NO_CERTIFICATE_FOUND);
+ err:
+    X509_free(x);
+    BIO_free(in);
+    return ret;
+}
+
+int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type)
+{
+    int ret = 0;
+    BIO *in = NULL;
+    int i, count = 0;
+    X509_CRL *x = NULL;
+
+    in = BIO_new(BIO_s_file());
+
+    if ((in == NULL) || (BIO_read_filename(in, file) <= 0)) {
+        X509err(X509_F_X509_LOAD_CRL_FILE, ERR_R_SYS_LIB);
+        goto err;
+    }
+
+    if (type == X509_FILETYPE_PEM) {
+        for (;;) {
+            x = PEM_read_bio_X509_CRL(in, NULL, NULL, "");
+            if (x == NULL) {
+                if ((ERR_GET_REASON(ERR_peek_last_error()) ==
+                     PEM_R_NO_START_LINE) && (count > 0)) {
+                    ERR_clear_error();
+                    break;
+                } else {
+                    X509err(X509_F_X509_LOAD_CRL_FILE, ERR_R_PEM_LIB);
+                    goto err;
+                }
+            }
+            i = X509_STORE_add_crl(ctx->store_ctx, x);
+            if (!i)
+                goto err;
+            count++;
+            X509_CRL_free(x);
+            x = NULL;
+        }
+        ret = count;
+    } else if (type == X509_FILETYPE_ASN1) {
+        x = d2i_X509_CRL_bio(in, NULL);
+        if (x == NULL) {
+            X509err(X509_F_X509_LOAD_CRL_FILE, ERR_R_ASN1_LIB);
+            goto err;
+        }
+        i = X509_STORE_add_crl(ctx->store_ctx, x);
+        if (!i)
+            goto err;
+        ret = i;
+    } else {
+        X509err(X509_F_X509_LOAD_CRL_FILE, X509_R_BAD_X509_FILETYPE);
+        goto err;
+    }
+    if (ret == 0)
+        X509err(X509_F_X509_LOAD_CRL_FILE, X509_R_NO_CRL_FOUND);
+ err:
+    X509_CRL_free(x);
+    BIO_free(in);
+    return ret;
+}
+
+int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type)
+{
+    STACK_OF(X509_INFO) *inf;
+    X509_INFO *itmp;
+    BIO *in;
+    int i, count = 0;
+
+    if (type != X509_FILETYPE_PEM)
+        return X509_load_cert_file(ctx, file, type);
+    in = BIO_new_file(file, "r");
+    if (!in) {
+        X509err(X509_F_X509_LOAD_CERT_CRL_FILE, ERR_R_SYS_LIB);
+        return 0;
+    }
+    inf = PEM_X509_INFO_read_bio(in, NULL, NULL, "");
+    BIO_free(in);
+    if (!inf) {
+        X509err(X509_F_X509_LOAD_CERT_CRL_FILE, ERR_R_PEM_LIB);
+        return 0;
+    }
+    for (i = 0; i < sk_X509_INFO_num(inf); i++) {
+        itmp = sk_X509_INFO_value(inf, i);
+        if (itmp->x509) {
+            if (!X509_STORE_add_cert(ctx->store_ctx, itmp->x509))
+                goto err;
+            count++;
+        }
+        if (itmp->crl) {
+            if (!X509_STORE_add_crl(ctx->store_ctx, itmp->crl))
+                goto err;
+            count++;
+        }
+    }
+    if (count == 0)
+        X509err(X509_F_X509_LOAD_CERT_CRL_FILE,
+                X509_R_NO_CERTIFICATE_OR_CRL_FOUND);
+ err:
+    sk_X509_INFO_pop_free(inf, X509_INFO_free);
+    return count;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/t_crl.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/t_crl.c
new file mode 100644
index 000000000..8e262912f
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/t_crl.c
@@ -0,0 +1,94 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/bn.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+#ifndef OPENSSL_NO_STDIO
+int X509_CRL_print_fp(FILE *fp, X509_CRL *x)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        X509err(X509_F_X509_CRL_PRINT_FP, ERR_R_BUF_LIB);
+        return 0;
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = X509_CRL_print(b, x);
+    BIO_free(b);
+    return ret;
+}
+#endif
+
+int X509_CRL_print(BIO *out, X509_CRL *x)
+{
+  return X509_CRL_print_ex(out, x, XN_FLAG_COMPAT);
+}
+
+int X509_CRL_print_ex(BIO *out, X509_CRL *x, unsigned long nmflag)
+{
+    STACK_OF(X509_REVOKED) *rev;
+    X509_REVOKED *r;
+    const X509_ALGOR *sig_alg;
+    const ASN1_BIT_STRING *sig;
+    long l;
+    int i;
+
+    BIO_printf(out, "Certificate Revocation List (CRL):\n");
+    l = X509_CRL_get_version(x);
+    if (l >= 0 && l <= 1)
+        BIO_printf(out, "%8sVersion %ld (0x%lx)\n", "", l + 1, (unsigned long)l);
+    else
+        BIO_printf(out, "%8sVersion unknown (%ld)\n", "", l);
+    X509_CRL_get0_signature(x, &sig, &sig_alg);
+    BIO_puts(out, "    ");
+    X509_signature_print(out, sig_alg, NULL);
+    BIO_printf(out, "%8sIssuer: ", "");
+    X509_NAME_print_ex(out, X509_CRL_get_issuer(x), 0, nmflag);
+    BIO_puts(out, "\n");
+    BIO_printf(out, "%8sLast Update: ", "");
+    ASN1_TIME_print(out, X509_CRL_get0_lastUpdate(x));
+    BIO_printf(out, "\n%8sNext Update: ", "");
+    if (X509_CRL_get0_nextUpdate(x))
+        ASN1_TIME_print(out, X509_CRL_get0_nextUpdate(x));
+    else
+        BIO_printf(out, "NONE");
+    BIO_printf(out, "\n");
+
+    X509V3_extensions_print(out, "CRL extensions",
+                            X509_CRL_get0_extensions(x), 0, 8);
+
+    rev = X509_CRL_get_REVOKED(x);
+
+    if (sk_X509_REVOKED_num(rev) > 0)
+        BIO_printf(out, "Revoked Certificates:\n");
+    else
+        BIO_printf(out, "No Revoked Certificates.\n");
+
+    for (i = 0; i < sk_X509_REVOKED_num(rev); i++) {
+        r = sk_X509_REVOKED_value(rev, i);
+        BIO_printf(out, "    Serial Number: ");
+        i2a_ASN1_INTEGER(out, X509_REVOKED_get0_serialNumber(r));
+        BIO_printf(out, "\n        Revocation Date: ");
+        ASN1_TIME_print(out, X509_REVOKED_get0_revocationDate(r));
+        BIO_printf(out, "\n");
+        X509V3_extensions_print(out, "CRL entry extensions",
+                                X509_REVOKED_get0_extensions(r), 0, 8);
+    }
+    X509_signature_print(out, sig_alg, sig);
+
+    return 1;
+
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/t_req.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/t_req.c
new file mode 100644
index 000000000..2d4c591b7
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/t_req.c
@@ -0,0 +1,210 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/bn.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+
+#ifndef OPENSSL_NO_STDIO
+int X509_REQ_print_fp(FILE *fp, X509_REQ *x)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        X509err(X509_F_X509_REQ_PRINT_FP, ERR_R_BUF_LIB);
+        return 0;
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = X509_REQ_print(b, x);
+    BIO_free(b);
+    return ret;
+}
+#endif
+
+int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags,
+                      unsigned long cflag)
+{
+    long l;
+    int i;
+    EVP_PKEY *pkey;
+    STACK_OF(X509_EXTENSION) *exts;
+    char mlch = ' ';
+    int nmindent = 0;
+
+    if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
+        mlch = '\n';
+        nmindent = 12;
+    }
+
+    if (nmflags == X509_FLAG_COMPAT)
+        nmindent = 16;
+
+    if (!(cflag & X509_FLAG_NO_HEADER)) {
+        if (BIO_write(bp, "Certificate Request:\n", 21) <= 0)
+            goto err;
+        if (BIO_write(bp, "    Data:\n", 10) <= 0)
+            goto err;
+    }
+    if (!(cflag & X509_FLAG_NO_VERSION)) {
+        l = X509_REQ_get_version(x);
+        if (l >= 0 && l <= 2) {
+            if (BIO_printf(bp, "%8sVersion: %ld (0x%lx)\n", "", l + 1, (unsigned long)l) <= 0)
+                goto err;
+        } else {
+            if (BIO_printf(bp, "%8sVersion: Unknown (%ld)\n", "", l) <= 0)
+                goto err;
+        }
+    }
+    if (!(cflag & X509_FLAG_NO_SUBJECT)) {
+        if (BIO_printf(bp, "        Subject:%c", mlch) <= 0)
+            goto err;
+        if (X509_NAME_print_ex(bp, X509_REQ_get_subject_name(x),
+            nmindent, nmflags) < 0)
+            goto err;
+        if (BIO_write(bp, "\n", 1) <= 0)
+            goto err;
+    }
+    if (!(cflag & X509_FLAG_NO_PUBKEY)) {
+        X509_PUBKEY *xpkey;
+        ASN1_OBJECT *koid;
+        if (BIO_write(bp, "        Subject Public Key Info:\n", 33) <= 0)
+            goto err;
+        if (BIO_printf(bp, "%12sPublic Key Algorithm: ", "") <= 0)
+            goto err;
+        xpkey = X509_REQ_get_X509_PUBKEY(x);
+        X509_PUBKEY_get0_param(&koid, NULL, NULL, NULL, xpkey);
+        if (i2a_ASN1_OBJECT(bp, koid) <= 0)
+            goto err;
+        if (BIO_puts(bp, "\n") <= 0)
+            goto err;
+
+        pkey = X509_REQ_get0_pubkey(x);
+        if (pkey == NULL) {
+            if (BIO_printf(bp, "%12sUnable to load Public Key\n", "") <= 0)
+                goto err;
+            ERR_print_errors(bp);
+        } else {
+            if (EVP_PKEY_print_public(bp, pkey, 16, NULL) <= 0)
+                goto err;
+        }
+    }
+
+    if (!(cflag & X509_FLAG_NO_ATTRIBUTES)) {
+        /* may not be */
+        if (BIO_printf(bp, "%8sAttributes:\n", "") <= 0)
+            goto err;
+
+        if (X509_REQ_get_attr_count(x) == 0) {
+            if (BIO_printf(bp, "%12sa0:00\n", "") <= 0)
+                goto err;
+        } else {
+            for (i = 0; i < X509_REQ_get_attr_count(x); i++) {
+                ASN1_TYPE *at;
+                X509_ATTRIBUTE *a;
+                ASN1_BIT_STRING *bs = NULL;
+                ASN1_OBJECT *aobj;
+                int j, type = 0, count = 1, ii = 0;
+
+                a = X509_REQ_get_attr(x, i);
+                aobj = X509_ATTRIBUTE_get0_object(a);
+                if (X509_REQ_extension_nid(OBJ_obj2nid(aobj)))
+                    continue;
+                if (BIO_printf(bp, "%12s", "") <= 0)
+                    goto err;
+                if ((j = i2a_ASN1_OBJECT(bp, aobj)) > 0) {
+                    ii = 0;
+                    count = X509_ATTRIBUTE_count(a);
+ get_next:
+                    at = X509_ATTRIBUTE_get0_type(a, ii);
+                    type = at->type;
+                    bs = at->value.asn1_string;
+                }
+                for (j = 25 - j; j > 0; j--)
+                    if (BIO_write(bp, " ", 1) != 1)
+                        goto err;
+                if (BIO_puts(bp, ":") <= 0)
+                    goto err;
+                switch (type) {
+                case V_ASN1_PRINTABLESTRING:
+                case V_ASN1_T61STRING:
+                case V_ASN1_NUMERICSTRING:
+                case V_ASN1_UTF8STRING:
+                case V_ASN1_IA5STRING:
+                    if (BIO_write(bp, (char *)bs->data, bs->length)
+                            != bs->length)
+                        goto err;
+                    if (BIO_puts(bp, "\n") <= 0)
+                        goto err;
+                    break;
+                default:
+                    if (BIO_puts(bp, "unable to print attribute\n") <= 0)
+                        goto err;
+                    break;
+                }
+                if (++ii < count)
+                    goto get_next;
+            }
+        }
+    }
+    if (!(cflag & X509_FLAG_NO_EXTENSIONS)) {
+        exts = X509_REQ_get_extensions(x);
+        if (exts) {
+            if (BIO_printf(bp, "%8sRequested Extensions:\n", "") <= 0)
+                goto err;
+            for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
+                ASN1_OBJECT *obj;
+                X509_EXTENSION *ex;
+                int critical;
+                ex = sk_X509_EXTENSION_value(exts, i);
+                if (BIO_printf(bp, "%12s", "") <= 0)
+                    goto err;
+                obj = X509_EXTENSION_get_object(ex);
+                if (i2a_ASN1_OBJECT(bp, obj) <= 0)
+                    goto err;
+                critical = X509_EXTENSION_get_critical(ex);
+                if (BIO_printf(bp, ": %s\n", critical ? "critical" : "") <= 0)
+                    goto err;
+                if (!X509V3_EXT_print(bp, ex, cflag, 16)) {
+                    if (BIO_printf(bp, "%16s", "") <= 0
+                        || ASN1_STRING_print(bp,
+                                             X509_EXTENSION_get_data(ex)) <= 0)
+                        goto err;
+                }
+                if (BIO_write(bp, "\n", 1) <= 0)
+                    goto err;
+            }
+            sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
+        }
+    }
+
+    if (!(cflag & X509_FLAG_NO_SIGDUMP)) {
+        const X509_ALGOR *sig_alg;
+        const ASN1_BIT_STRING *sig;
+        X509_REQ_get0_signature(x, &sig, &sig_alg);
+        if (!X509_signature_print(bp, sig_alg, sig))
+            goto err;
+    }
+
+    return 1;
+ err:
+    X509err(X509_F_X509_REQ_PRINT_EX, ERR_R_BUF_LIB);
+    return 0;
+}
+
+int X509_REQ_print(BIO *bp, X509_REQ *x)
+{
+    return X509_REQ_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/t_x509.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/t_x509.c
new file mode 100644
index 000000000..ccacbe7cb
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/t_x509.c
@@ -0,0 +1,379 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/bn.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include "internal/asn1_int.h"
+
+#ifndef OPENSSL_NO_STDIO
+int X509_print_fp(FILE *fp, X509 *x)
+{
+    return X509_print_ex_fp(fp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
+}
+
+int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag,
+                     unsigned long cflag)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        X509err(X509_F_X509_PRINT_EX_FP, ERR_R_BUF_LIB);
+        return 0;
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = X509_print_ex(b, x, nmflag, cflag);
+    BIO_free(b);
+    return ret;
+}
+#endif
+
+int X509_print(BIO *bp, X509 *x)
+{
+    return X509_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
+}
+
+int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,
+                  unsigned long cflag)
+{
+    long l;
+    int ret = 0, i;
+    char *m = NULL, mlch = ' ';
+    int nmindent = 0;
+    ASN1_INTEGER *bs;
+    EVP_PKEY *pkey = NULL;
+    const char *neg;
+
+    if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
+        mlch = '\n';
+        nmindent = 12;
+    }
+
+    if (nmflags == X509_FLAG_COMPAT)
+        nmindent = 16;
+
+    if (!(cflag & X509_FLAG_NO_HEADER)) {
+        if (BIO_write(bp, "Certificate:\n", 13) <= 0)
+            goto err;
+        if (BIO_write(bp, "    Data:\n", 10) <= 0)
+            goto err;
+    }
+    if (!(cflag & X509_FLAG_NO_VERSION)) {
+        l = X509_get_version(x);
+        if (l >= 0 && l <= 2) {
+            if (BIO_printf(bp, "%8sVersion: %ld (0x%lx)\n", "", l + 1, (unsigned long)l) <= 0)
+                goto err;
+        } else {
+            if (BIO_printf(bp, "%8sVersion: Unknown (%ld)\n", "", l) <= 0)
+                goto err;
+        }
+    }
+    if (!(cflag & X509_FLAG_NO_SERIAL)) {
+
+        if (BIO_write(bp, "        Serial Number:", 22) <= 0)
+            goto err;
+
+        bs = X509_get_serialNumber(x);
+        if (bs->length <= (int)sizeof(long)) {
+                ERR_set_mark();
+                l = ASN1_INTEGER_get(bs);
+                ERR_pop_to_mark();
+        } else {
+            l = -1;
+        }
+        if (l != -1) {
+            unsigned long ul;
+            if (bs->type == V_ASN1_NEG_INTEGER) {
+                ul = 0 - (unsigned long)l;
+                neg = "-";
+            } else {
+                ul = l;
+                neg = "";
+            }
+            if (BIO_printf(bp, " %s%lu (%s0x%lx)\n", neg, ul, neg, ul) <= 0)
+                goto err;
+        } else {
+            neg = (bs->type == V_ASN1_NEG_INTEGER) ? " (Negative)" : "";
+            if (BIO_printf(bp, "\n%12s%s", "", neg) <= 0)
+                goto err;
+
+            for (i = 0; i < bs->length; i++) {
+                if (BIO_printf(bp, "%02x%c", bs->data[i],
+                               ((i + 1 == bs->length) ? '\n' : ':')) <= 0)
+                    goto err;
+            }
+        }
+
+    }
+
+    if (!(cflag & X509_FLAG_NO_SIGNAME)) {
+        const X509_ALGOR *tsig_alg = X509_get0_tbs_sigalg(x);
+
+        if (BIO_puts(bp, "    ") <= 0)
+            goto err;
+        if (X509_signature_print(bp, tsig_alg, NULL) <= 0)
+            goto err;
+    }
+
+    if (!(cflag & X509_FLAG_NO_ISSUER)) {
+        if (BIO_printf(bp, "        Issuer:%c", mlch) <= 0)
+            goto err;
+        if (X509_NAME_print_ex(bp, X509_get_issuer_name(x), nmindent, nmflags)
+            < 0)
+            goto err;
+        if (BIO_write(bp, "\n", 1) <= 0)
+            goto err;
+    }
+    if (!(cflag & X509_FLAG_NO_VALIDITY)) {
+        if (BIO_write(bp, "        Validity\n", 17) <= 0)
+            goto err;
+        if (BIO_write(bp, "            Not Before: ", 24) <= 0)
+            goto err;
+        if (!ASN1_TIME_print(bp, X509_get0_notBefore(x)))
+            goto err;
+        if (BIO_write(bp, "\n            Not After : ", 25) <= 0)
+            goto err;
+        if (!ASN1_TIME_print(bp, X509_get0_notAfter(x)))
+            goto err;
+        if (BIO_write(bp, "\n", 1) <= 0)
+            goto err;
+    }
+    if (!(cflag & X509_FLAG_NO_SUBJECT)) {
+        if (BIO_printf(bp, "        Subject:%c", mlch) <= 0)
+            goto err;
+        if (X509_NAME_print_ex
+            (bp, X509_get_subject_name(x), nmindent, nmflags) < 0)
+            goto err;
+        if (BIO_write(bp, "\n", 1) <= 0)
+            goto err;
+    }
+    if (!(cflag & X509_FLAG_NO_PUBKEY)) {
+        X509_PUBKEY *xpkey = X509_get_X509_PUBKEY(x);
+        ASN1_OBJECT *xpoid;
+        X509_PUBKEY_get0_param(&xpoid, NULL, NULL, NULL, xpkey);
+        if (BIO_write(bp, "        Subject Public Key Info:\n", 33) <= 0)
+            goto err;
+        if (BIO_printf(bp, "%12sPublic Key Algorithm: ", "") <= 0)
+            goto err;
+        if (i2a_ASN1_OBJECT(bp, xpoid) <= 0)
+            goto err;
+        if (BIO_puts(bp, "\n") <= 0)
+            goto err;
+
+        pkey = X509_get0_pubkey(x);
+        if (pkey == NULL) {
+            BIO_printf(bp, "%12sUnable to load Public Key\n", "");
+            ERR_print_errors(bp);
+        } else {
+            EVP_PKEY_print_public(bp, pkey, 16, NULL);
+        }
+    }
+
+    if (!(cflag & X509_FLAG_NO_IDS)) {
+        const ASN1_BIT_STRING *iuid, *suid;
+        X509_get0_uids(x, &iuid, &suid);
+        if (iuid != NULL) {
+            if (BIO_printf(bp, "%8sIssuer Unique ID: ", "") <= 0)
+                goto err;
+            if (!X509_signature_dump(bp, iuid, 12))
+                goto err;
+        }
+        if (suid != NULL) {
+            if (BIO_printf(bp, "%8sSubject Unique ID: ", "") <= 0)
+                goto err;
+            if (!X509_signature_dump(bp, suid, 12))
+                goto err;
+        }
+    }
+
+    if (!(cflag & X509_FLAG_NO_EXTENSIONS))
+        X509V3_extensions_print(bp, "X509v3 extensions",
+                                X509_get0_extensions(x), cflag, 8);
+
+    if (!(cflag & X509_FLAG_NO_SIGDUMP)) {
+        const X509_ALGOR *sig_alg;
+        const ASN1_BIT_STRING *sig;
+        X509_get0_signature(&sig, &sig_alg, x);
+        if (X509_signature_print(bp, sig_alg, sig) <= 0)
+            goto err;
+    }
+    if (!(cflag & X509_FLAG_NO_AUX)) {
+        if (!X509_aux_print(bp, x, 0))
+            goto err;
+    }
+    ret = 1;
+ err:
+    OPENSSL_free(m);
+    return ret;
+}
+
+int X509_ocspid_print(BIO *bp, X509 *x)
+{
+    unsigned char *der = NULL;
+    unsigned char *dertmp;
+    int derlen;
+    int i;
+    unsigned char SHA1md[SHA_DIGEST_LENGTH];
+    ASN1_BIT_STRING *keybstr;
+    X509_NAME *subj;
+
+    /*
+     * display the hash of the subject as it would appear in OCSP requests
+     */
+    if (BIO_printf(bp, "        Subject OCSP hash: ") <= 0)
+        goto err;
+    subj = X509_get_subject_name(x);
+    derlen = i2d_X509_NAME(subj, NULL);
+    if ((der = dertmp = OPENSSL_malloc(derlen)) == NULL)
+        goto err;
+    i2d_X509_NAME(subj, &dertmp);
+
+    if (!EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL))
+        goto err;
+    for (i = 0; i < SHA_DIGEST_LENGTH; i++) {
+        if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0)
+            goto err;
+    }
+    OPENSSL_free(der);
+    der = NULL;
+
+    /*
+     * display the hash of the public key as it would appear in OCSP requests
+     */
+    if (BIO_printf(bp, "\n        Public key OCSP hash: ") <= 0)
+        goto err;
+
+    keybstr = X509_get0_pubkey_bitstr(x);
+
+    if (keybstr == NULL)
+        goto err;
+
+    if (!EVP_Digest(ASN1_STRING_get0_data(keybstr),
+                    ASN1_STRING_length(keybstr), SHA1md, NULL, EVP_sha1(),
+                    NULL))
+        goto err;
+    for (i = 0; i < SHA_DIGEST_LENGTH; i++) {
+        if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0)
+            goto err;
+    }
+    BIO_printf(bp, "\n");
+
+    return 1;
+ err:
+    OPENSSL_free(der);
+    return 0;
+}
+
+int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent)
+{
+    const unsigned char *s;
+    int i, n;
+
+    n = sig->length;
+    s = sig->data;
+    for (i = 0; i < n; i++) {
+        if ((i % 18) == 0) {
+            if (BIO_write(bp, "\n", 1) <= 0)
+                return 0;
+            if (BIO_indent(bp, indent, indent) <= 0)
+                return 0;
+        }
+        if (BIO_printf(bp, "%02x%s", s[i], ((i + 1) == n) ? "" : ":") <= 0)
+            return 0;
+    }
+    if (BIO_write(bp, "\n", 1) != 1)
+        return 0;
+
+    return 1;
+}
+
+int X509_signature_print(BIO *bp, const X509_ALGOR *sigalg,
+                         const ASN1_STRING *sig)
+{
+    int sig_nid;
+    if (BIO_puts(bp, "    Signature Algorithm: ") <= 0)
+        return 0;
+    if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0)
+        return 0;
+
+    sig_nid = OBJ_obj2nid(sigalg->algorithm);
+    if (sig_nid != NID_undef) {
+        int pkey_nid, dig_nid;
+        const EVP_PKEY_ASN1_METHOD *ameth;
+        if (OBJ_find_sigid_algs(sig_nid, &dig_nid, &pkey_nid)) {
+            ameth = EVP_PKEY_asn1_find(NULL, pkey_nid);
+            if (ameth && ameth->sig_print)
+                return ameth->sig_print(bp, sigalg, sig, 9, 0);
+        }
+    }
+    if (sig)
+        return X509_signature_dump(bp, sig, 9);
+    else if (BIO_puts(bp, "\n") <= 0)
+        return 0;
+    return 1;
+}
+
+int X509_aux_print(BIO *out, X509 *x, int indent)
+{
+    char oidstr[80], first;
+    STACK_OF(ASN1_OBJECT) *trust, *reject;
+    const unsigned char *alias, *keyid;
+    int keyidlen;
+    int i;
+    if (X509_trusted(x) == 0)
+        return 1;
+    trust = X509_get0_trust_objects(x);
+    reject = X509_get0_reject_objects(x);
+    if (trust) {
+        first = 1;
+        BIO_printf(out, "%*sTrusted Uses:\n%*s", indent, "", indent + 2, "");
+        for (i = 0; i < sk_ASN1_OBJECT_num(trust); i++) {
+            if (!first)
+                BIO_puts(out, ", ");
+            else
+                first = 0;
+            OBJ_obj2txt(oidstr, sizeof(oidstr),
+                        sk_ASN1_OBJECT_value(trust, i), 0);
+            BIO_puts(out, oidstr);
+        }
+        BIO_puts(out, "\n");
+    } else
+        BIO_printf(out, "%*sNo Trusted Uses.\n", indent, "");
+    if (reject) {
+        first = 1;
+        BIO_printf(out, "%*sRejected Uses:\n%*s", indent, "", indent + 2, "");
+        for (i = 0; i < sk_ASN1_OBJECT_num(reject); i++) {
+            if (!first)
+                BIO_puts(out, ", ");
+            else
+                first = 0;
+            OBJ_obj2txt(oidstr, sizeof(oidstr),
+                        sk_ASN1_OBJECT_value(reject, i), 0);
+            BIO_puts(out, oidstr);
+        }
+        BIO_puts(out, "\n");
+    } else
+        BIO_printf(out, "%*sNo Rejected Uses.\n", indent, "");
+    alias = X509_alias_get0(x, NULL);
+    if (alias)
+        BIO_printf(out, "%*sAlias: %s\n", indent, "", alias);
+    keyid = X509_keyid_get0(x, &keyidlen);
+    if (keyid) {
+        BIO_printf(out, "%*sKey Id: ", indent, "");
+        for (i = 0; i < keyidlen; i++)
+            BIO_printf(out, "%s%02X", i ? ":" : "", keyid[i]);
+        BIO_write(out, "\n", 1);
+    }
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_att.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_att.c
new file mode 100644
index 000000000..63895efe4
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_att.c
@@ -0,0 +1,329 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/safestack.h>
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include "x509_lcl.h"
+
+int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x)
+{
+    return sk_X509_ATTRIBUTE_num(x);
+}
+
+int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
+                           int lastpos)
+{
+    const ASN1_OBJECT *obj = OBJ_nid2obj(nid);
+
+    if (obj == NULL)
+        return -2;
+    return X509at_get_attr_by_OBJ(x, obj, lastpos);
+}
+
+int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk,
+                           const ASN1_OBJECT *obj, int lastpos)
+{
+    int n;
+    X509_ATTRIBUTE *ex;
+
+    if (sk == NULL)
+        return -1;
+    lastpos++;
+    if (lastpos < 0)
+        lastpos = 0;
+    n = sk_X509_ATTRIBUTE_num(sk);
+    for (; lastpos < n; lastpos++) {
+        ex = sk_X509_ATTRIBUTE_value(sk, lastpos);
+        if (OBJ_cmp(ex->object, obj) == 0)
+            return lastpos;
+    }
+    return -1;
+}
+
+X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc)
+{
+    if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
+        return NULL;
+
+    return sk_X509_ATTRIBUTE_value(x, loc);
+}
+
+X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc)
+{
+    X509_ATTRIBUTE *ret;
+
+    if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
+        return NULL;
+    ret = sk_X509_ATTRIBUTE_delete(x, loc);
+    return ret;
+}
+
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
+                                           X509_ATTRIBUTE *attr)
+{
+    X509_ATTRIBUTE *new_attr = NULL;
+    STACK_OF(X509_ATTRIBUTE) *sk = NULL;
+
+    if (x == NULL) {
+        X509err(X509_F_X509AT_ADD1_ATTR, ERR_R_PASSED_NULL_PARAMETER);
+        goto err2;
+    }
+
+    if (*x == NULL) {
+        if ((sk = sk_X509_ATTRIBUTE_new_null()) == NULL)
+            goto err;
+    } else
+        sk = *x;
+
+    if ((new_attr = X509_ATTRIBUTE_dup(attr)) == NULL)
+        goto err2;
+    if (!sk_X509_ATTRIBUTE_push(sk, new_attr))
+        goto err;
+    if (*x == NULL)
+        *x = sk;
+    return sk;
+ err:
+    X509err(X509_F_X509AT_ADD1_ATTR, ERR_R_MALLOC_FAILURE);
+ err2:
+    X509_ATTRIBUTE_free(new_attr);
+    sk_X509_ATTRIBUTE_free(sk);
+    return NULL;
+}
+
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE)
+                                                  **x, const ASN1_OBJECT *obj,
+                                                  int type,
+                                                  const unsigned char *bytes,
+                                                  int len)
+{
+    X509_ATTRIBUTE *attr;
+    STACK_OF(X509_ATTRIBUTE) *ret;
+    attr = X509_ATTRIBUTE_create_by_OBJ(NULL, obj, type, bytes, len);
+    if (!attr)
+        return 0;
+    ret = X509at_add1_attr(x, attr);
+    X509_ATTRIBUTE_free(attr);
+    return ret;
+}
+
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE)
+                                                  **x, int nid, int type,
+                                                  const unsigned char *bytes,
+                                                  int len)
+{
+    X509_ATTRIBUTE *attr;
+    STACK_OF(X509_ATTRIBUTE) *ret;
+    attr = X509_ATTRIBUTE_create_by_NID(NULL, nid, type, bytes, len);
+    if (!attr)
+        return 0;
+    ret = X509at_add1_attr(x, attr);
+    X509_ATTRIBUTE_free(attr);
+    return ret;
+}
+
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE)
+                                                  **x, const char *attrname,
+                                                  int type,
+                                                  const unsigned char *bytes,
+                                                  int len)
+{
+    X509_ATTRIBUTE *attr;
+    STACK_OF(X509_ATTRIBUTE) *ret;
+    attr = X509_ATTRIBUTE_create_by_txt(NULL, attrname, type, bytes, len);
+    if (!attr)
+        return 0;
+    ret = X509at_add1_attr(x, attr);
+    X509_ATTRIBUTE_free(attr);
+    return ret;
+}
+
+void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x,
+                              const ASN1_OBJECT *obj, int lastpos, int type)
+{
+    int i;
+    X509_ATTRIBUTE *at;
+    i = X509at_get_attr_by_OBJ(x, obj, lastpos);
+    if (i == -1)
+        return NULL;
+    if ((lastpos <= -2) && (X509at_get_attr_by_OBJ(x, obj, i) != -1))
+        return NULL;
+    at = X509at_get_attr(x, i);
+    if (lastpos <= -3 && (X509_ATTRIBUTE_count(at) != 1))
+        return NULL;
+    return X509_ATTRIBUTE_get0_data(at, 0, type, NULL);
+}
+
+X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
+                                             int atrtype, const void *data,
+                                             int len)
+{
+    ASN1_OBJECT *obj;
+    X509_ATTRIBUTE *ret;
+
+    obj = OBJ_nid2obj(nid);
+    if (obj == NULL) {
+        X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_NID, X509_R_UNKNOWN_NID);
+        return NULL;
+    }
+    ret = X509_ATTRIBUTE_create_by_OBJ(attr, obj, atrtype, data, len);
+    if (ret == NULL)
+        ASN1_OBJECT_free(obj);
+    return ret;
+}
+
+X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
+                                             const ASN1_OBJECT *obj,
+                                             int atrtype, const void *data,
+                                             int len)
+{
+    X509_ATTRIBUTE *ret;
+
+    if ((attr == NULL) || (*attr == NULL)) {
+        if ((ret = X509_ATTRIBUTE_new()) == NULL) {
+            X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ,
+                    ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+    } else
+        ret = *attr;
+
+    if (!X509_ATTRIBUTE_set1_object(ret, obj))
+        goto err;
+    if (!X509_ATTRIBUTE_set1_data(ret, atrtype, data, len))
+        goto err;
+
+    if ((attr != NULL) && (*attr == NULL))
+        *attr = ret;
+    return ret;
+ err:
+    if ((attr == NULL) || (ret != *attr))
+        X509_ATTRIBUTE_free(ret);
+    return NULL;
+}
+
+X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
+                                             const char *atrname, int type,
+                                             const unsigned char *bytes,
+                                             int len)
+{
+    ASN1_OBJECT *obj;
+    X509_ATTRIBUTE *nattr;
+
+    obj = OBJ_txt2obj(atrname, 0);
+    if (obj == NULL) {
+        X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT,
+                X509_R_INVALID_FIELD_NAME);
+        ERR_add_error_data(2, "name=", atrname);
+        return NULL;
+    }
+    nattr = X509_ATTRIBUTE_create_by_OBJ(attr, obj, type, bytes, len);
+    ASN1_OBJECT_free(obj);
+    return nattr;
+}
+
+int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj)
+{
+    if ((attr == NULL) || (obj == NULL))
+        return 0;
+    ASN1_OBJECT_free(attr->object);
+    attr->object = OBJ_dup(obj);
+    return attr->object != NULL;
+}
+
+int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
+                             const void *data, int len)
+{
+    ASN1_TYPE *ttmp = NULL;
+    ASN1_STRING *stmp = NULL;
+    int atype = 0;
+    if (!attr)
+        return 0;
+    if (attrtype & MBSTRING_FLAG) {
+        stmp = ASN1_STRING_set_by_NID(NULL, data, len, attrtype,
+                                      OBJ_obj2nid(attr->object));
+        if (!stmp) {
+            X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_ASN1_LIB);
+            return 0;
+        }
+        atype = stmp->type;
+    } else if (len != -1) {
+        if ((stmp = ASN1_STRING_type_new(attrtype)) == NULL)
+            goto err;
+        if (!ASN1_STRING_set(stmp, data, len))
+            goto err;
+        atype = attrtype;
+    }
+    /*
+     * This is a bit naughty because the attribute should really have at
+     * least one value but some types use and zero length SET and require
+     * this.
+     */
+    if (attrtype == 0) {
+        ASN1_STRING_free(stmp);
+        return 1;
+    }
+    if ((ttmp = ASN1_TYPE_new()) == NULL)
+        goto err;
+    if ((len == -1) && !(attrtype & MBSTRING_FLAG)) {
+        if (!ASN1_TYPE_set1(ttmp, attrtype, data))
+            goto err;
+    } else {
+        ASN1_TYPE_set(ttmp, atype, stmp);
+        stmp = NULL;
+    }
+    if (!sk_ASN1_TYPE_push(attr->set, ttmp))
+        goto err;
+    return 1;
+ err:
+    X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_MALLOC_FAILURE);
+    ASN1_TYPE_free(ttmp);
+    ASN1_STRING_free(stmp);
+    return 0;
+}
+
+int X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr)
+{
+    if (attr == NULL)
+        return 0;
+    return sk_ASN1_TYPE_num(attr->set);
+}
+
+ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr)
+{
+    if (attr == NULL)
+        return NULL;
+    return attr->object;
+}
+
+void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
+                               int atrtype, void *data)
+{
+    ASN1_TYPE *ttmp;
+    ttmp = X509_ATTRIBUTE_get0_type(attr, idx);
+    if (!ttmp)
+        return NULL;
+    if (atrtype != ASN1_TYPE_get(ttmp)) {
+        X509err(X509_F_X509_ATTRIBUTE_GET0_DATA, X509_R_WRONG_TYPE);
+        return NULL;
+    }
+    return ttmp->value.ptr;
+}
+
+ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx)
+{
+    if (attr == NULL)
+        return NULL;
+    return sk_ASN1_TYPE_value(attr->set, idx);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_cmp.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_cmp.c
new file mode 100644
index 000000000..02fad0c67
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_cmp.c
@@ -0,0 +1,458 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include "internal/x509_int.h"
+
+int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)
+{
+    int i;
+    const X509_CINF *ai, *bi;
+
+    ai = &a->cert_info;
+    bi = &b->cert_info;
+    i = ASN1_INTEGER_cmp(&ai->serialNumber, &bi->serialNumber);
+    if (i)
+        return i;
+    return X509_NAME_cmp(ai->issuer, bi->issuer);
+}
+
+#ifndef OPENSSL_NO_MD5
+unsigned long X509_issuer_and_serial_hash(X509 *a)
+{
+    unsigned long ret = 0;
+    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+    unsigned char md[16];
+    char *f;
+
+    if (ctx == NULL)
+        goto err;
+    f = X509_NAME_oneline(a->cert_info.issuer, NULL, 0);
+    if (!EVP_DigestInit_ex(ctx, EVP_md5(), NULL))
+        goto err;
+    if (!EVP_DigestUpdate(ctx, (unsigned char *)f, strlen(f)))
+        goto err;
+    OPENSSL_free(f);
+    if (!EVP_DigestUpdate
+        (ctx, (unsigned char *)a->cert_info.serialNumber.data,
+         (unsigned long)a->cert_info.serialNumber.length))
+        goto err;
+    if (!EVP_DigestFinal_ex(ctx, &(md[0]), NULL))
+        goto err;
+    ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) |
+           ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L)
+        ) & 0xffffffffL;
+ err:
+    EVP_MD_CTX_free(ctx);
+    return ret;
+}
+#endif
+
+int X509_issuer_name_cmp(const X509 *a, const X509 *b)
+{
+    return X509_NAME_cmp(a->cert_info.issuer, b->cert_info.issuer);
+}
+
+int X509_subject_name_cmp(const X509 *a, const X509 *b)
+{
+    return X509_NAME_cmp(a->cert_info.subject, b->cert_info.subject);
+}
+
+int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b)
+{
+    return X509_NAME_cmp(a->crl.issuer, b->crl.issuer);
+}
+
+int X509_CRL_match(const X509_CRL *a, const X509_CRL *b)
+{
+    return memcmp(a->sha1_hash, b->sha1_hash, 20);
+}
+
+X509_NAME *X509_get_issuer_name(const X509 *a)
+{
+    return a->cert_info.issuer;
+}
+
+unsigned long X509_issuer_name_hash(X509 *x)
+{
+    return X509_NAME_hash(x->cert_info.issuer);
+}
+
+#ifndef OPENSSL_NO_MD5
+unsigned long X509_issuer_name_hash_old(X509 *x)
+{
+    return X509_NAME_hash_old(x->cert_info.issuer);
+}
+#endif
+
+X509_NAME *X509_get_subject_name(const X509 *a)
+{
+    return a->cert_info.subject;
+}
+
+ASN1_INTEGER *X509_get_serialNumber(X509 *a)
+{
+    return &a->cert_info.serialNumber;
+}
+
+const ASN1_INTEGER *X509_get0_serialNumber(const X509 *a)
+{
+    return &a->cert_info.serialNumber;
+}
+
+unsigned long X509_subject_name_hash(X509 *x)
+{
+    return X509_NAME_hash(x->cert_info.subject);
+}
+
+#ifndef OPENSSL_NO_MD5
+unsigned long X509_subject_name_hash_old(X509 *x)
+{
+    return X509_NAME_hash_old(x->cert_info.subject);
+}
+#endif
+
+/*
+ * Compare two certificates: they must be identical for this to work. NB:
+ * Although "cmp" operations are generally prototyped to take "const"
+ * arguments (eg. for use in STACKs), the way X509 handling is - these
+ * operations may involve ensuring the hashes are up-to-date and ensuring
+ * certain cert information is cached. So this is the point where the
+ * "depth-first" constification tree has to halt with an evil cast.
+ */
+int X509_cmp(const X509 *a, const X509 *b)
+{
+    int rv;
+    /* ensure hash is valid */
+    X509_check_purpose((X509 *)a, -1, 0);
+    X509_check_purpose((X509 *)b, -1, 0);
+
+    rv = memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
+    if (rv)
+        return rv;
+    /* Check for match against stored encoding too */
+    if (!a->cert_info.enc.modified && !b->cert_info.enc.modified) {
+        if (a->cert_info.enc.len < b->cert_info.enc.len)
+            return -1;
+        if (a->cert_info.enc.len > b->cert_info.enc.len)
+            return 1;
+        return memcmp(a->cert_info.enc.enc, b->cert_info.enc.enc,
+                      a->cert_info.enc.len);
+    }
+    return rv;
+}
+
+int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
+{
+    int ret;
+
+    /* Ensure canonical encoding is present and up to date */
+
+    if (!a->canon_enc || a->modified) {
+        ret = i2d_X509_NAME((X509_NAME *)a, NULL);
+        if (ret < 0)
+            return -2;
+    }
+
+    if (!b->canon_enc || b->modified) {
+        ret = i2d_X509_NAME((X509_NAME *)b, NULL);
+        if (ret < 0)
+            return -2;
+    }
+
+    ret = a->canon_enclen - b->canon_enclen;
+
+    if (ret != 0 || a->canon_enclen == 0)
+        return ret;
+
+    return memcmp(a->canon_enc, b->canon_enc, a->canon_enclen);
+
+}
+
+unsigned long X509_NAME_hash(X509_NAME *x)
+{
+    unsigned long ret = 0;
+    unsigned char md[SHA_DIGEST_LENGTH];
+
+    /* Make sure X509_NAME structure contains valid cached encoding */
+    i2d_X509_NAME(x, NULL);
+    if (!EVP_Digest(x->canon_enc, x->canon_enclen, md, NULL, EVP_sha1(),
+                    NULL))
+        return 0;
+
+    ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) |
+           ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L)
+        ) & 0xffffffffL;
+    return ret;
+}
+
+#ifndef OPENSSL_NO_MD5
+/*
+ * I now DER encode the name and hash it.  Since I cache the DER encoding,
+ * this is reasonably efficient.
+ */
+
+unsigned long X509_NAME_hash_old(X509_NAME *x)
+{
+    EVP_MD_CTX *md_ctx = EVP_MD_CTX_new();
+    unsigned long ret = 0;
+    unsigned char md[16];
+
+    if (md_ctx == NULL)
+        return ret;
+
+    /* Make sure X509_NAME structure contains valid cached encoding */
+    i2d_X509_NAME(x, NULL);
+    EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+    if (EVP_DigestInit_ex(md_ctx, EVP_md5(), NULL)
+        && EVP_DigestUpdate(md_ctx, x->bytes->data, x->bytes->length)
+        && EVP_DigestFinal_ex(md_ctx, md, NULL))
+        ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) |
+               ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L)
+            ) & 0xffffffffL;
+    EVP_MD_CTX_free(md_ctx);
+
+    return ret;
+}
+#endif
+
+/* Search a stack of X509 for a match */
+X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name,
+                                     ASN1_INTEGER *serial)
+{
+    int i;
+    X509 x, *x509 = NULL;
+
+    if (!sk)
+        return NULL;
+
+    x.cert_info.serialNumber = *serial;
+    x.cert_info.issuer = name;
+
+    for (i = 0; i < sk_X509_num(sk); i++) {
+        x509 = sk_X509_value(sk, i);
+        if (X509_issuer_and_serial_cmp(x509, &x) == 0)
+            return x509;
+    }
+    return NULL;
+}
+
+X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name)
+{
+    X509 *x509;
+    int i;
+
+    for (i = 0; i < sk_X509_num(sk); i++) {
+        x509 = sk_X509_value(sk, i);
+        if (X509_NAME_cmp(X509_get_subject_name(x509), name) == 0)
+            return x509;
+    }
+    return NULL;
+}
+
+EVP_PKEY *X509_get0_pubkey(const X509 *x)
+{
+    if (x == NULL)
+        return NULL;
+    return X509_PUBKEY_get0(x->cert_info.key);
+}
+
+EVP_PKEY *X509_get_pubkey(X509 *x)
+{
+    if (x == NULL)
+        return NULL;
+    return X509_PUBKEY_get(x->cert_info.key);
+}
+
+int X509_check_private_key(const X509 *x, const EVP_PKEY *k)
+{
+    const EVP_PKEY *xk;
+    int ret;
+
+    xk = X509_get0_pubkey(x);
+
+    if (xk)
+        ret = EVP_PKEY_cmp(xk, k);
+    else
+        ret = -2;
+
+    switch (ret) {
+    case 1:
+        break;
+    case 0:
+        X509err(X509_F_X509_CHECK_PRIVATE_KEY, X509_R_KEY_VALUES_MISMATCH);
+        break;
+    case -1:
+        X509err(X509_F_X509_CHECK_PRIVATE_KEY, X509_R_KEY_TYPE_MISMATCH);
+        break;
+    case -2:
+        X509err(X509_F_X509_CHECK_PRIVATE_KEY, X509_R_UNKNOWN_KEY_TYPE);
+    }
+    if (ret > 0)
+        return 1;
+    return 0;
+}
+
+/*
+ * Check a suite B algorithm is permitted: pass in a public key and the NID
+ * of its signature (or 0 if no signature). The pflags is a pointer to a
+ * flags field which must contain the suite B verification flags.
+ */
+
+#ifndef OPENSSL_NO_EC
+
+static int check_suite_b(EVP_PKEY *pkey, int sign_nid, unsigned long *pflags)
+{
+    const EC_GROUP *grp = NULL;
+    int curve_nid;
+    if (pkey && EVP_PKEY_id(pkey) == EVP_PKEY_EC)
+        grp = EC_KEY_get0_group(EVP_PKEY_get0_EC_KEY(pkey));
+    if (!grp)
+        return X509_V_ERR_SUITE_B_INVALID_ALGORITHM;
+    curve_nid = EC_GROUP_get_curve_name(grp);
+    /* Check curve is consistent with LOS */
+    if (curve_nid == NID_secp384r1) { /* P-384 */
+        /*
+         * Check signature algorithm is consistent with curve.
+         */
+        if (sign_nid != -1 && sign_nid != NID_ecdsa_with_SHA384)
+            return X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM;
+        if (!(*pflags & X509_V_FLAG_SUITEB_192_LOS))
+            return X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED;
+        /* If we encounter P-384 we cannot use P-256 later */
+        *pflags &= ~X509_V_FLAG_SUITEB_128_LOS_ONLY;
+    } else if (curve_nid == NID_X9_62_prime256v1) { /* P-256 */
+        if (sign_nid != -1 && sign_nid != NID_ecdsa_with_SHA256)
+            return X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM;
+        if (!(*pflags & X509_V_FLAG_SUITEB_128_LOS_ONLY))
+            return X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED;
+    } else
+        return X509_V_ERR_SUITE_B_INVALID_CURVE;
+
+    return X509_V_OK;
+}
+
+int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain,
+                            unsigned long flags)
+{
+    int rv, i, sign_nid;
+    EVP_PKEY *pk;
+    unsigned long tflags = flags;
+
+    if (!(flags & X509_V_FLAG_SUITEB_128_LOS))
+        return X509_V_OK;
+
+    /* If no EE certificate passed in must be first in chain */
+    if (x == NULL) {
+        x = sk_X509_value(chain, 0);
+        i = 1;
+    } else
+        i = 0;
+
+    pk = X509_get0_pubkey(x);
+
+    /*
+     * With DANE-EE(3) success, or DANE-EE(3)/PKIX-EE(1) failure we don't build
+     * a chain all, just report trust success or failure, but must also report
+     * Suite-B errors if applicable.  This is indicated via a NULL chain
+     * pointer.  All we need to do is check the leaf key algorithm.
+     */
+    if (chain == NULL)
+        return check_suite_b(pk, -1, &tflags);
+
+    if (X509_get_version(x) != 2) {
+        rv = X509_V_ERR_SUITE_B_INVALID_VERSION;
+        /* Correct error depth */
+        i = 0;
+        goto end;
+    }
+
+    /* Check EE key only */
+    rv = check_suite_b(pk, -1, &tflags);
+    if (rv != X509_V_OK) {
+        /* Correct error depth */
+        i = 0;
+        goto end;
+    }
+    for (; i < sk_X509_num(chain); i++) {
+        sign_nid = X509_get_signature_nid(x);
+        x = sk_X509_value(chain, i);
+        if (X509_get_version(x) != 2) {
+            rv = X509_V_ERR_SUITE_B_INVALID_VERSION;
+            goto end;
+        }
+        pk = X509_get0_pubkey(x);
+        rv = check_suite_b(pk, sign_nid, &tflags);
+        if (rv != X509_V_OK)
+            goto end;
+    }
+
+    /* Final check: root CA signature */
+    rv = check_suite_b(pk, X509_get_signature_nid(x), &tflags);
+ end:
+    if (rv != X509_V_OK) {
+        /* Invalid signature or LOS errors are for previous cert */
+        if ((rv == X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM
+             || rv == X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED) && i)
+            i--;
+        /*
+         * If we have LOS error and flags changed then we are signing P-384
+         * with P-256. Use more meaningful error.
+         */
+        if (rv == X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED && flags != tflags)
+            rv = X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256;
+        if (perror_depth)
+            *perror_depth = i;
+    }
+    return rv;
+}
+
+int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags)
+{
+    int sign_nid;
+    if (!(flags & X509_V_FLAG_SUITEB_128_LOS))
+        return X509_V_OK;
+    sign_nid = OBJ_obj2nid(crl->crl.sig_alg.algorithm);
+    return check_suite_b(pk, sign_nid, &flags);
+}
+
+#else
+int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain,
+                            unsigned long flags)
+{
+    return 0;
+}
+
+int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags)
+{
+    return 0;
+}
+
+#endif
+/*
+ * Not strictly speaking an "up_ref" as a STACK doesn't have a reference
+ * count but it has the same effect by duping the STACK and upping the ref of
+ * each X509 structure.
+ */
+STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain)
+{
+    STACK_OF(X509) *ret;
+    int i;
+    ret = sk_X509_dup(chain);
+    for (i = 0; i < sk_X509_num(ret); i++) {
+        X509 *x = sk_X509_value(ret, i);
+        X509_up_ref(x);
+    }
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_d2.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_d2.c
new file mode 100644
index 000000000..099ffda1e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_d2.c
@@ -0,0 +1,57 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/crypto.h>
+#include <openssl/x509.h>
+
+int X509_STORE_set_default_paths(X509_STORE *ctx)
+{
+    X509_LOOKUP *lookup;
+
+    lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_file());
+    if (lookup == NULL)
+        return 0;
+    X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
+
+    lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_hash_dir());
+    if (lookup == NULL)
+        return 0;
+    X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
+
+    /* clear any errors */
+    ERR_clear_error();
+
+    return 1;
+}
+
+int X509_STORE_load_locations(X509_STORE *ctx, const char *file,
+                              const char *path)
+{
+    X509_LOOKUP *lookup;
+
+    if (file != NULL) {
+        lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_file());
+        if (lookup == NULL)
+            return 0;
+        if (X509_LOOKUP_load_file(lookup, file, X509_FILETYPE_PEM) != 1)
+            return 0;
+    }
+    if (path != NULL) {
+        lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_hash_dir());
+        if (lookup == NULL)
+            return 0;
+        if (X509_LOOKUP_add_dir(lookup, path, X509_FILETYPE_PEM) != 1)
+            return 0;
+    }
+    if ((path == NULL) && (file == NULL))
+        return 0;
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_def.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_def.c
new file mode 100644
index 000000000..bfa8d7d85
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_def.c
@@ -0,0 +1,43 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/crypto.h>
+#include <openssl/x509.h>
+
+const char *X509_get_default_private_dir(void)
+{
+    return X509_PRIVATE_DIR;
+}
+
+const char *X509_get_default_cert_area(void)
+{
+    return X509_CERT_AREA;
+}
+
+const char *X509_get_default_cert_dir(void)
+{
+    return X509_CERT_DIR;
+}
+
+const char *X509_get_default_cert_file(void)
+{
+    return X509_CERT_FILE;
+}
+
+const char *X509_get_default_cert_dir_env(void)
+{
+    return X509_CERT_DIR_EVP;
+}
+
+const char *X509_get_default_cert_file_env(void)
+{
+    return X509_CERT_FILE_EVP;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_err.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_err.c
new file mode 100644
index 000000000..739708e24
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_err.c
@@ -0,0 +1,181 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/x509err.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA X509_str_functs[] = {
+    {ERR_PACK(ERR_LIB_X509, X509_F_ADD_CERT_DIR, 0), "add_cert_dir"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_BUILD_CHAIN, 0), "build_chain"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_BY_FILE_CTRL, 0), "by_file_ctrl"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_CHECK_NAME_CONSTRAINTS, 0),
+     "check_name_constraints"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_CHECK_POLICY, 0), "check_policy"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_DANE_I2D, 0), "dane_i2d"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_DIR_CTRL, 0), "dir_ctrl"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_GET_CERT_BY_SUBJECT, 0),
+     "get_cert_by_subject"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_I2D_X509_AUX, 0), "i2d_X509_AUX"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_LOOKUP_CERTS_SK, 0), "lookup_certs_sk"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_NETSCAPE_SPKI_B64_DECODE, 0),
+     "NETSCAPE_SPKI_b64_decode"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_NETSCAPE_SPKI_B64_ENCODE, 0),
+     "NETSCAPE_SPKI_b64_encode"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_NEW_DIR, 0), "new_dir"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509AT_ADD1_ATTR, 0), "X509at_add1_attr"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509V3_ADD_EXT, 0), "X509v3_add_ext"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_ATTRIBUTE_CREATE_BY_NID, 0),
+     "X509_ATTRIBUTE_create_by_NID"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ, 0),
+     "X509_ATTRIBUTE_create_by_OBJ"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_ATTRIBUTE_CREATE_BY_TXT, 0),
+     "X509_ATTRIBUTE_create_by_txt"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_ATTRIBUTE_GET0_DATA, 0),
+     "X509_ATTRIBUTE_get0_data"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_ATTRIBUTE_SET1_DATA, 0),
+     "X509_ATTRIBUTE_set1_data"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_CHECK_PRIVATE_KEY, 0),
+     "X509_check_private_key"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_CRL_DIFF, 0), "X509_CRL_diff"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_CRL_METHOD_NEW, 0),
+     "X509_CRL_METHOD_new"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_CRL_PRINT_FP, 0), "X509_CRL_print_fp"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_EXTENSION_CREATE_BY_NID, 0),
+     "X509_EXTENSION_create_by_NID"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_EXTENSION_CREATE_BY_OBJ, 0),
+     "X509_EXTENSION_create_by_OBJ"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_GET_PUBKEY_PARAMETERS, 0),
+     "X509_get_pubkey_parameters"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_LOAD_CERT_CRL_FILE, 0),
+     "X509_load_cert_crl_file"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_LOAD_CERT_FILE, 0),
+     "X509_load_cert_file"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_LOAD_CRL_FILE, 0),
+     "X509_load_crl_file"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_LOOKUP_METH_NEW, 0),
+     "X509_LOOKUP_meth_new"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_LOOKUP_NEW, 0), "X509_LOOKUP_new"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_ADD_ENTRY, 0),
+     "X509_NAME_add_entry"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_CANON, 0), "x509_name_canon"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_ENTRY_CREATE_BY_NID, 0),
+     "X509_NAME_ENTRY_create_by_NID"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_ENTRY_CREATE_BY_TXT, 0),
+     "X509_NAME_ENTRY_create_by_txt"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_ENTRY_SET_OBJECT, 0),
+     "X509_NAME_ENTRY_set_object"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_ONELINE, 0), "X509_NAME_oneline"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_PRINT, 0), "X509_NAME_print"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_OBJECT_NEW, 0), "X509_OBJECT_new"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_PRINT_EX_FP, 0), "X509_print_ex_fp"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_PUBKEY_DECODE, 0),
+     "x509_pubkey_decode"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_PUBKEY_GET0, 0), "X509_PUBKEY_get0"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_PUBKEY_SET, 0), "X509_PUBKEY_set"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_REQ_CHECK_PRIVATE_KEY, 0),
+     "X509_REQ_check_private_key"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_REQ_PRINT_EX, 0), "X509_REQ_print_ex"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_REQ_PRINT_FP, 0), "X509_REQ_print_fp"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_REQ_TO_X509, 0), "X509_REQ_to_X509"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_ADD_CERT, 0),
+     "X509_STORE_add_cert"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_ADD_CRL, 0),
+     "X509_STORE_add_crl"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_ADD_LOOKUP, 0),
+     "X509_STORE_add_lookup"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_CTX_GET1_ISSUER, 0),
+     "X509_STORE_CTX_get1_issuer"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_CTX_INIT, 0),
+     "X509_STORE_CTX_init"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_CTX_NEW, 0),
+     "X509_STORE_CTX_new"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_CTX_PURPOSE_INHERIT, 0),
+     "X509_STORE_CTX_purpose_inherit"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_NEW, 0), "X509_STORE_new"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_TO_X509_REQ, 0), "X509_to_X509_REQ"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_TRUST_ADD, 0), "X509_TRUST_add"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_TRUST_SET, 0), "X509_TRUST_set"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_VERIFY_CERT, 0), "X509_verify_cert"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_VERIFY_PARAM_NEW, 0),
+     "X509_VERIFY_PARAM_new"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA X509_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_AKID_MISMATCH), "akid mismatch"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_BAD_SELECTOR), "bad selector"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_BAD_X509_FILETYPE), "bad x509 filetype"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_BASE64_DECODE_ERROR),
+    "base64 decode error"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_CANT_CHECK_DH_KEY), "cant check dh key"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_CERT_ALREADY_IN_HASH_TABLE),
+    "cert already in hash table"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_CRL_ALREADY_DELTA), "crl already delta"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_CRL_VERIFY_FAILURE),
+    "crl verify failure"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_IDP_MISMATCH), "idp mismatch"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_INVALID_DIRECTORY), "invalid directory"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_INVALID_FIELD_NAME),
+    "invalid field name"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_INVALID_TRUST), "invalid trust"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_ISSUER_MISMATCH), "issuer mismatch"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_KEY_TYPE_MISMATCH), "key type mismatch"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_KEY_VALUES_MISMATCH),
+    "key values mismatch"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_LOADING_CERT_DIR), "loading cert dir"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_LOADING_DEFAULTS), "loading defaults"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_METHOD_NOT_SUPPORTED),
+    "method not supported"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_NAME_TOO_LONG), "name too long"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_NEWER_CRL_NOT_NEWER),
+    "newer crl not newer"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_NO_CERTIFICATE_FOUND),
+    "no certificate found"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_NO_CERTIFICATE_OR_CRL_FOUND),
+    "no certificate or crl found"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY),
+    "no cert set for us to verify"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_NO_CRL_FOUND), "no crl found"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_NO_CRL_NUMBER), "no crl number"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_PUBLIC_KEY_DECODE_ERROR),
+    "public key decode error"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_PUBLIC_KEY_ENCODE_ERROR),
+    "public key encode error"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_SHOULD_RETRY), "should retry"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN),
+    "unable to find parameters in chain"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY),
+    "unable to get certs public key"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNKNOWN_KEY_TYPE), "unknown key type"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNKNOWN_NID), "unknown nid"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNKNOWN_PURPOSE_ID),
+    "unknown purpose id"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNKNOWN_TRUST_ID), "unknown trust id"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNSUPPORTED_ALGORITHM),
+    "unsupported algorithm"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_WRONG_LOOKUP_TYPE), "wrong lookup type"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_WRONG_TYPE), "wrong type"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_X509_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(X509_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(X509_str_functs);
+        ERR_load_strings_const(X509_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_ext.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_ext.c
new file mode 100644
index 000000000..2db843760
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_ext.c
@@ -0,0 +1,159 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include "internal/x509_int.h"
+#include <openssl/x509v3.h>
+
+int X509_CRL_get_ext_count(const X509_CRL *x)
+{
+    return X509v3_get_ext_count(x->crl.extensions);
+}
+
+int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos)
+{
+    return X509v3_get_ext_by_NID(x->crl.extensions, nid, lastpos);
+}
+
+int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj,
+                            int lastpos)
+{
+    return X509v3_get_ext_by_OBJ(x->crl.extensions, obj, lastpos);
+}
+
+int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos)
+{
+    return X509v3_get_ext_by_critical(x->crl.extensions, crit, lastpos);
+}
+
+X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc)
+{
+    return X509v3_get_ext(x->crl.extensions, loc);
+}
+
+X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc)
+{
+    return X509v3_delete_ext(x->crl.extensions, loc);
+}
+
+void *X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit, int *idx)
+{
+    return X509V3_get_d2i(x->crl.extensions, nid, crit, idx);
+}
+
+int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,
+                          unsigned long flags)
+{
+    return X509V3_add1_i2d(&x->crl.extensions, nid, value, crit, flags);
+}
+
+int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc)
+{
+    return (X509v3_add_ext(&(x->crl.extensions), ex, loc) != NULL);
+}
+
+int X509_get_ext_count(const X509 *x)
+{
+    return X509v3_get_ext_count(x->cert_info.extensions);
+}
+
+int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos)
+{
+    return X509v3_get_ext_by_NID(x->cert_info.extensions, nid, lastpos);
+}
+
+int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, int lastpos)
+{
+    return X509v3_get_ext_by_OBJ(x->cert_info.extensions, obj, lastpos);
+}
+
+int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos)
+{
+    return (X509v3_get_ext_by_critical
+            (x->cert_info.extensions, crit, lastpos));
+}
+
+X509_EXTENSION *X509_get_ext(const X509 *x, int loc)
+{
+    return X509v3_get_ext(x->cert_info.extensions, loc);
+}
+
+X509_EXTENSION *X509_delete_ext(X509 *x, int loc)
+{
+    return X509v3_delete_ext(x->cert_info.extensions, loc);
+}
+
+int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc)
+{
+    return (X509v3_add_ext(&(x->cert_info.extensions), ex, loc) != NULL);
+}
+
+void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx)
+{
+    return X509V3_get_d2i(x->cert_info.extensions, nid, crit, idx);
+}
+
+int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
+                      unsigned long flags)
+{
+    return X509V3_add1_i2d(&x->cert_info.extensions, nid, value, crit,
+                           flags);
+}
+
+int X509_REVOKED_get_ext_count(const X509_REVOKED *x)
+{
+    return X509v3_get_ext_count(x->extensions);
+}
+
+int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos)
+{
+    return X509v3_get_ext_by_NID(x->extensions, nid, lastpos);
+}
+
+int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, const ASN1_OBJECT *obj,
+                                int lastpos)
+{
+    return X509v3_get_ext_by_OBJ(x->extensions, obj, lastpos);
+}
+
+int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit, int lastpos)
+{
+    return X509v3_get_ext_by_critical(x->extensions, crit, lastpos);
+}
+
+X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc)
+{
+    return X509v3_get_ext(x->extensions, loc);
+}
+
+X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc)
+{
+    return X509v3_delete_ext(x->extensions, loc);
+}
+
+int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc)
+{
+    return (X509v3_add_ext(&(x->extensions), ex, loc) != NULL);
+}
+
+void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *x, int nid, int *crit, int *idx)
+{
+    return X509V3_get_d2i(x->extensions, nid, crit, idx);
+}
+
+int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit,
+                              unsigned long flags)
+{
+    return X509V3_add1_i2d(&x->extensions, nid, value, crit, flags);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_lcl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_lcl.h
new file mode 100644
index 000000000..c517a7745
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_lcl.h
@@ -0,0 +1,147 @@
+/*
+ * Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/refcount.h"
+
+/*
+ * This structure holds all parameters associated with a verify operation by
+ * including an X509_VERIFY_PARAM structure in related structures the
+ * parameters used can be customized
+ */
+
+struct X509_VERIFY_PARAM_st {
+    char *name;
+    time_t check_time;          /* Time to use */
+    uint32_t inh_flags;         /* Inheritance flags */
+    unsigned long flags;        /* Various verify flags */
+    int purpose;                /* purpose to check untrusted certificates */
+    int trust;                  /* trust setting to check */
+    int depth;                  /* Verify depth */
+    int auth_level;             /* Security level for chain verification */
+    STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */
+    /* Peer identity details */
+    STACK_OF(OPENSSL_STRING) *hosts; /* Set of acceptable names */
+    unsigned int hostflags;     /* Flags to control matching features */
+    char *peername;             /* Matching hostname in peer certificate */
+    char *email;                /* If not NULL email address to match */
+    size_t emaillen;
+    unsigned char *ip;          /* If not NULL IP address to match */
+    size_t iplen;               /* Length of IP address */
+};
+
+/* No error callback if depth < 0 */
+int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth);
+
+/* a sequence of these are used */
+struct x509_attributes_st {
+    ASN1_OBJECT *object;
+    STACK_OF(ASN1_TYPE) *set;
+};
+
+struct X509_extension_st {
+    ASN1_OBJECT *object;
+    ASN1_BOOLEAN critical;
+    ASN1_OCTET_STRING value;
+};
+
+/*
+ * Method to handle CRL access. In general a CRL could be very large (several
+ * Mb) and can consume large amounts of resources if stored in memory by
+ * multiple processes. This method allows general CRL operations to be
+ * redirected to more efficient callbacks: for example a CRL entry database.
+ */
+
+#define X509_CRL_METHOD_DYNAMIC         1
+
+struct x509_crl_method_st {
+    int flags;
+    int (*crl_init) (X509_CRL *crl);
+    int (*crl_free) (X509_CRL *crl);
+    int (*crl_lookup) (X509_CRL *crl, X509_REVOKED **ret,
+                       ASN1_INTEGER *ser, X509_NAME *issuer);
+    int (*crl_verify) (X509_CRL *crl, EVP_PKEY *pk);
+};
+
+struct x509_lookup_method_st {
+    char *name;
+    int (*new_item) (X509_LOOKUP *ctx);
+    void (*free) (X509_LOOKUP *ctx);
+    int (*init) (X509_LOOKUP *ctx);
+    int (*shutdown) (X509_LOOKUP *ctx);
+    int (*ctrl) (X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
+                 char **ret);
+    int (*get_by_subject) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                           X509_NAME *name, X509_OBJECT *ret);
+    int (*get_by_issuer_serial) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                                 X509_NAME *name, ASN1_INTEGER *serial,
+                                 X509_OBJECT *ret);
+    int (*get_by_fingerprint) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                               const unsigned char *bytes, int len,
+                               X509_OBJECT *ret);
+    int (*get_by_alias) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                         const char *str, int len, X509_OBJECT *ret);
+};
+
+/* This is the functions plus an instance of the local variables. */
+struct x509_lookup_st {
+    int init;                   /* have we been started */
+    int skip;                   /* don't use us. */
+    X509_LOOKUP_METHOD *method; /* the functions */
+    void *method_data;          /* method data */
+    X509_STORE *store_ctx;      /* who owns us */
+};
+
+/*
+ * This is used to hold everything.  It is used for all certificate
+ * validation.  Once we have a certificate chain, the 'verify' function is
+ * then called to actually check the cert chain.
+ */
+struct x509_store_st {
+    /* The following is a cache of trusted certs */
+    int cache;                  /* if true, stash any hits */
+    STACK_OF(X509_OBJECT) *objs; /* Cache of all objects */
+    /* These are external lookup methods */
+    STACK_OF(X509_LOOKUP) *get_cert_methods;
+    X509_VERIFY_PARAM *param;
+    /* Callbacks for various operations */
+    /* called to verify a certificate */
+    int (*verify) (X509_STORE_CTX *ctx);
+    /* error callback */
+    int (*verify_cb) (int ok, X509_STORE_CTX *ctx);
+    /* get issuers cert from ctx */
+    int (*get_issuer) (X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
+    /* check issued */
+    int (*check_issued) (X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
+    /* Check revocation status of chain */
+    int (*check_revocation) (X509_STORE_CTX *ctx);
+    /* retrieve CRL */
+    int (*get_crl) (X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x);
+    /* Check CRL validity */
+    int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl);
+    /* Check certificate against CRL */
+    int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x);
+    /* Check policy status of the chain */
+    int (*check_policy) (X509_STORE_CTX *ctx);
+    STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm);
+    STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm);
+    int (*cleanup) (X509_STORE_CTX *ctx);
+    CRYPTO_EX_DATA ex_data;
+    CRYPTO_REF_COUNT references;
+    CRYPTO_RWLOCK *lock;
+};
+
+typedef struct lookup_dir_hashes_st BY_DIR_HASH;
+typedef struct lookup_dir_entry_st BY_DIR_ENTRY;
+DEFINE_STACK_OF(BY_DIR_HASH)
+DEFINE_STACK_OF(BY_DIR_ENTRY)
+typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY;
+DEFINE_STACK_OF(STACK_OF_X509_NAME_ENTRY)
+
+void x509_set_signature_info(X509_SIG_INFO *siginf, const X509_ALGOR *alg,
+                             const ASN1_STRING *sig);
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_lu.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_lu.c
new file mode 100644
index 000000000..be39015b0
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_lu.c
@@ -0,0 +1,898 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "internal/refcount.h"
+#include <openssl/x509.h>
+#include "internal/x509_int.h"
+#include <openssl/x509v3.h>
+#include "x509_lcl.h"
+
+X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
+{
+    X509_LOOKUP *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        X509err(X509_F_X509_LOOKUP_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ret->method = method;
+    if (method->new_item != NULL && method->new_item(ret) == 0) {
+        OPENSSL_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+void X509_LOOKUP_free(X509_LOOKUP *ctx)
+{
+    if (ctx == NULL)
+        return;
+    if ((ctx->method != NULL) && (ctx->method->free != NULL))
+        (*ctx->method->free) (ctx);
+    OPENSSL_free(ctx);
+}
+
+int X509_STORE_lock(X509_STORE *s)
+{
+    return CRYPTO_THREAD_write_lock(s->lock);
+}
+
+int X509_STORE_unlock(X509_STORE *s)
+{
+    return CRYPTO_THREAD_unlock(s->lock);
+}
+
+int X509_LOOKUP_init(X509_LOOKUP *ctx)
+{
+    if (ctx->method == NULL)
+        return 0;
+    if (ctx->method->init != NULL)
+        return ctx->method->init(ctx);
+    else
+        return 1;
+}
+
+int X509_LOOKUP_shutdown(X509_LOOKUP *ctx)
+{
+    if (ctx->method == NULL)
+        return 0;
+    if (ctx->method->shutdown != NULL)
+        return ctx->method->shutdown(ctx);
+    else
+        return 1;
+}
+
+int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
+                     char **ret)
+{
+    if (ctx->method == NULL)
+        return -1;
+    if (ctx->method->ctrl != NULL)
+        return ctx->method->ctrl(ctx, cmd, argc, argl, ret);
+    else
+        return 1;
+}
+
+int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                           X509_NAME *name, X509_OBJECT *ret)
+{
+    if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL))
+        return 0;
+    if (ctx->skip)
+        return 0;
+    return ctx->method->get_by_subject(ctx, type, name, ret);
+}
+
+int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                                 X509_NAME *name, ASN1_INTEGER *serial,
+                                 X509_OBJECT *ret)
+{
+    if ((ctx->method == NULL) || (ctx->method->get_by_issuer_serial == NULL))
+        return 0;
+    return ctx->method->get_by_issuer_serial(ctx, type, name, serial, ret);
+}
+
+int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                               const unsigned char *bytes, int len,
+                               X509_OBJECT *ret)
+{
+    if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL))
+        return 0;
+    return ctx->method->get_by_fingerprint(ctx, type, bytes, len, ret);
+}
+
+int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                         const char *str, int len, X509_OBJECT *ret)
+{
+    if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL))
+        return 0;
+    return ctx->method->get_by_alias(ctx, type, str, len, ret);
+}
+
+int X509_LOOKUP_set_method_data(X509_LOOKUP *ctx, void *data)
+{
+    ctx->method_data = data;
+    return 1;
+}
+
+void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx)
+{
+    return ctx->method_data;
+}
+
+X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx)
+{
+    return ctx->store_ctx;
+}
+
+
+static int x509_object_cmp(const X509_OBJECT *const *a,
+                           const X509_OBJECT *const *b)
+{
+    int ret;
+
+    ret = ((*a)->type - (*b)->type);
+    if (ret)
+        return ret;
+    switch ((*a)->type) {
+    case X509_LU_X509:
+        ret = X509_subject_name_cmp((*a)->data.x509, (*b)->data.x509);
+        break;
+    case X509_LU_CRL:
+        ret = X509_CRL_cmp((*a)->data.crl, (*b)->data.crl);
+        break;
+    case X509_LU_NONE:
+        /* abort(); */
+        return 0;
+    }
+    return ret;
+}
+
+X509_STORE *X509_STORE_new(void)
+{
+    X509_STORE *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    if ((ret->objs = sk_X509_OBJECT_new(x509_object_cmp)) == NULL) {
+        X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    ret->cache = 1;
+    if ((ret->get_cert_methods = sk_X509_LOOKUP_new_null()) == NULL) {
+        X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if ((ret->param = X509_VERIFY_PARAM_new()) == NULL) {
+        X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data)) {
+        X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    ret->references = 1;
+    return ret;
+
+err:
+    X509_VERIFY_PARAM_free(ret->param);
+    sk_X509_OBJECT_free(ret->objs);
+    sk_X509_LOOKUP_free(ret->get_cert_methods);
+    OPENSSL_free(ret);
+    return NULL;
+}
+
+void X509_STORE_free(X509_STORE *vfy)
+{
+    int i;
+    STACK_OF(X509_LOOKUP) *sk;
+    X509_LOOKUP *lu;
+
+    if (vfy == NULL)
+        return;
+    CRYPTO_DOWN_REF(&vfy->references, &i, vfy->lock);
+    REF_PRINT_COUNT("X509_STORE", vfy);
+    if (i > 0)
+        return;
+    REF_ASSERT_ISNT(i < 0);
+
+    sk = vfy->get_cert_methods;
+    for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) {
+        lu = sk_X509_LOOKUP_value(sk, i);
+        X509_LOOKUP_shutdown(lu);
+        X509_LOOKUP_free(lu);
+    }
+    sk_X509_LOOKUP_free(sk);
+    sk_X509_OBJECT_pop_free(vfy->objs, X509_OBJECT_free);
+
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data);
+    X509_VERIFY_PARAM_free(vfy->param);
+    CRYPTO_THREAD_lock_free(vfy->lock);
+    OPENSSL_free(vfy);
+}
+
+int X509_STORE_up_ref(X509_STORE *vfy)
+{
+    int i;
+
+    if (CRYPTO_UP_REF(&vfy->references, &i, vfy->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("X509_STORE", a);
+    REF_ASSERT_ISNT(i < 2);
+    return ((i > 1) ? 1 : 0);
+}
+
+X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m)
+{
+    int i;
+    STACK_OF(X509_LOOKUP) *sk;
+    X509_LOOKUP *lu;
+
+    sk = v->get_cert_methods;
+    for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) {
+        lu = sk_X509_LOOKUP_value(sk, i);
+        if (m == lu->method) {
+            return lu;
+        }
+    }
+    /* a new one */
+    lu = X509_LOOKUP_new(m);
+    if (lu == NULL) {
+        X509err(X509_F_X509_STORE_ADD_LOOKUP, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    lu->store_ctx = v;
+    if (sk_X509_LOOKUP_push(v->get_cert_methods, lu))
+        return lu;
+    /* malloc failed */
+    X509err(X509_F_X509_STORE_ADD_LOOKUP, ERR_R_MALLOC_FAILURE);
+    X509_LOOKUP_free(lu);
+    return NULL;
+}
+
+X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs,
+                                               X509_LOOKUP_TYPE type,
+                                               X509_NAME *name)
+{
+    X509_OBJECT *ret = X509_OBJECT_new();
+
+    if (ret == NULL)
+        return NULL;
+    if (!X509_STORE_CTX_get_by_subject(vs, type, name, ret)) {
+        X509_OBJECT_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type,
+                                  X509_NAME *name, X509_OBJECT *ret)
+{
+    X509_STORE *ctx = vs->ctx;
+    X509_LOOKUP *lu;
+    X509_OBJECT stmp, *tmp;
+    int i, j;
+
+    if (ctx == NULL)
+        return 0;
+
+    CRYPTO_THREAD_write_lock(ctx->lock);
+    tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name);
+    CRYPTO_THREAD_unlock(ctx->lock);
+
+    if (tmp == NULL || type == X509_LU_CRL) {
+        for (i = 0; i < sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) {
+            lu = sk_X509_LOOKUP_value(ctx->get_cert_methods, i);
+            j = X509_LOOKUP_by_subject(lu, type, name, &stmp);
+            if (j) {
+                tmp = &stmp;
+                break;
+            }
+        }
+        if (tmp == NULL)
+            return 0;
+    }
+
+    ret->type = tmp->type;
+    ret->data.ptr = tmp->data.ptr;
+
+    X509_OBJECT_up_ref_count(ret);
+
+    return 1;
+}
+
+static int x509_store_add(X509_STORE *ctx, void *x, int crl) {
+    X509_OBJECT *obj;
+    int ret = 0, added = 0;
+
+    if (x == NULL)
+        return 0;
+    obj = X509_OBJECT_new();
+    if (obj == NULL)
+        return 0;
+
+    if (crl) {
+        obj->type = X509_LU_CRL;
+        obj->data.crl = (X509_CRL *)x;
+    } else {
+        obj->type = X509_LU_X509;
+        obj->data.x509 = (X509 *)x;
+    }
+    X509_OBJECT_up_ref_count(obj);
+
+    CRYPTO_THREAD_write_lock(ctx->lock);
+
+    if (X509_OBJECT_retrieve_match(ctx->objs, obj)) {
+        ret = 1;
+    } else {
+        added = sk_X509_OBJECT_push(ctx->objs, obj);
+        ret = added != 0;
+    }
+
+    CRYPTO_THREAD_unlock(ctx->lock);
+
+    if (added == 0)             /* obj not pushed */
+        X509_OBJECT_free(obj);
+
+    return ret;
+}
+
+int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
+{
+    if (!x509_store_add(ctx, x, 0)) {
+        X509err(X509_F_X509_STORE_ADD_CERT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    return 1;
+}
+
+int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
+{
+    if (!x509_store_add(ctx, x, 1)) {
+        X509err(X509_F_X509_STORE_ADD_CRL, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    return 1;
+}
+
+int X509_OBJECT_up_ref_count(X509_OBJECT *a)
+{
+    switch (a->type) {
+    case X509_LU_NONE:
+        break;
+    case X509_LU_X509:
+        return X509_up_ref(a->data.x509);
+    case X509_LU_CRL:
+        return X509_CRL_up_ref(a->data.crl);
+    }
+    return 1;
+}
+
+X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a)
+{
+    if (a == NULL || a->type != X509_LU_X509)
+        return NULL;
+    return a->data.x509;
+}
+
+X509_CRL *X509_OBJECT_get0_X509_CRL(X509_OBJECT *a)
+{
+    if (a == NULL || a->type != X509_LU_CRL)
+        return NULL;
+    return a->data.crl;
+}
+
+X509_LOOKUP_TYPE X509_OBJECT_get_type(const X509_OBJECT *a)
+{
+    return a->type;
+}
+
+X509_OBJECT *X509_OBJECT_new(void)
+{
+    X509_OBJECT *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        X509err(X509_F_X509_OBJECT_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    ret->type = X509_LU_NONE;
+    return ret;
+}
+
+static void x509_object_free_internal(X509_OBJECT *a)
+{
+    if (a == NULL)
+        return;
+    switch (a->type) {
+    case X509_LU_NONE:
+        break;
+    case X509_LU_X509:
+        X509_free(a->data.x509);
+        break;
+    case X509_LU_CRL:
+        X509_CRL_free(a->data.crl);
+        break;
+    }
+}
+
+int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj)
+{
+    if (a == NULL || !X509_up_ref(obj))
+        return 0;
+
+    x509_object_free_internal(a);
+    a->type = X509_LU_X509;
+    a->data.x509 = obj;
+    return 1;
+}
+
+int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj)
+{
+    if (a == NULL || !X509_CRL_up_ref(obj))
+        return 0;
+
+    x509_object_free_internal(a);
+    a->type = X509_LU_CRL;
+    a->data.crl = obj;
+    return 1;
+}
+
+void X509_OBJECT_free(X509_OBJECT *a)
+{
+    x509_object_free_internal(a);
+    OPENSSL_free(a);
+}
+
+static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type,
+                               X509_NAME *name, int *pnmatch)
+{
+    X509_OBJECT stmp;
+    X509 x509_s;
+    X509_CRL crl_s;
+    int idx;
+
+    stmp.type = type;
+    switch (type) {
+    case X509_LU_X509:
+        stmp.data.x509 = &x509_s;
+        x509_s.cert_info.subject = name;
+        break;
+    case X509_LU_CRL:
+        stmp.data.crl = &crl_s;
+        crl_s.crl.issuer = name;
+        break;
+    case X509_LU_NONE:
+        /* abort(); */
+        return -1;
+    }
+
+    idx = sk_X509_OBJECT_find(h, &stmp);
+    if (idx >= 0 && pnmatch) {
+        int tidx;
+        const X509_OBJECT *tobj, *pstmp;
+        *pnmatch = 1;
+        pstmp = &stmp;
+        for (tidx = idx + 1; tidx < sk_X509_OBJECT_num(h); tidx++) {
+            tobj = sk_X509_OBJECT_value(h, tidx);
+            if (x509_object_cmp(&tobj, &pstmp))
+                break;
+            (*pnmatch)++;
+        }
+    }
+    return idx;
+}
+
+int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type,
+                               X509_NAME *name)
+{
+    return x509_object_idx_cnt(h, type, name, NULL);
+}
+
+X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,
+                                             X509_LOOKUP_TYPE type,
+                                             X509_NAME *name)
+{
+    int idx;
+    idx = X509_OBJECT_idx_by_subject(h, type, name);
+    if (idx == -1)
+        return NULL;
+    return sk_X509_OBJECT_value(h, idx);
+}
+
+STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *v)
+{
+    return v->objs;
+}
+
+STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
+{
+    int i, idx, cnt;
+    STACK_OF(X509) *sk = NULL;
+    X509 *x;
+    X509_OBJECT *obj;
+
+    if (ctx->ctx == NULL)
+        return NULL;
+
+    CRYPTO_THREAD_write_lock(ctx->ctx->lock);
+    idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt);
+    if (idx < 0) {
+        /*
+         * Nothing found in cache: do lookup to possibly add new objects to
+         * cache
+         */
+        X509_OBJECT *xobj = X509_OBJECT_new();
+
+        CRYPTO_THREAD_unlock(ctx->ctx->lock);
+        if (xobj == NULL)
+            return NULL;
+        if (!X509_STORE_CTX_get_by_subject(ctx, X509_LU_X509, nm, xobj)) {
+            X509_OBJECT_free(xobj);
+            return NULL;
+        }
+        X509_OBJECT_free(xobj);
+        CRYPTO_THREAD_write_lock(ctx->ctx->lock);
+        idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt);
+        if (idx < 0) {
+            CRYPTO_THREAD_unlock(ctx->ctx->lock);
+            return NULL;
+        }
+    }
+
+    sk = sk_X509_new_null();
+    for (i = 0; i < cnt; i++, idx++) {
+        obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx);
+        x = obj->data.x509;
+        X509_up_ref(x);
+        if (!sk_X509_push(sk, x)) {
+            CRYPTO_THREAD_unlock(ctx->ctx->lock);
+            X509_free(x);
+            sk_X509_pop_free(sk, X509_free);
+            return NULL;
+        }
+    }
+    CRYPTO_THREAD_unlock(ctx->ctx->lock);
+    return sk;
+}
+
+STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm)
+{
+    int i, idx, cnt;
+    STACK_OF(X509_CRL) *sk = sk_X509_CRL_new_null();
+    X509_CRL *x;
+    X509_OBJECT *obj, *xobj = X509_OBJECT_new();
+
+    /* Always do lookup to possibly add new CRLs to cache */
+    if (sk == NULL
+            || xobj == NULL
+            || ctx->ctx == NULL
+            || !X509_STORE_CTX_get_by_subject(ctx, X509_LU_CRL, nm, xobj)) {
+        X509_OBJECT_free(xobj);
+        sk_X509_CRL_free(sk);
+        return NULL;
+    }
+    X509_OBJECT_free(xobj);
+    CRYPTO_THREAD_write_lock(ctx->ctx->lock);
+    idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt);
+    if (idx < 0) {
+        CRYPTO_THREAD_unlock(ctx->ctx->lock);
+        sk_X509_CRL_free(sk);
+        return NULL;
+    }
+
+    for (i = 0; i < cnt; i++, idx++) {
+        obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx);
+        x = obj->data.crl;
+        X509_CRL_up_ref(x);
+        if (!sk_X509_CRL_push(sk, x)) {
+            CRYPTO_THREAD_unlock(ctx->ctx->lock);
+            X509_CRL_free(x);
+            sk_X509_CRL_pop_free(sk, X509_CRL_free);
+            return NULL;
+        }
+    }
+    CRYPTO_THREAD_unlock(ctx->ctx->lock);
+    return sk;
+}
+
+X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h,
+                                        X509_OBJECT *x)
+{
+    int idx, i, num;
+    X509_OBJECT *obj;
+
+    idx = sk_X509_OBJECT_find(h, x);
+    if (idx < 0)
+        return NULL;
+    if ((x->type != X509_LU_X509) && (x->type != X509_LU_CRL))
+        return sk_X509_OBJECT_value(h, idx);
+    for (i = idx, num = sk_X509_OBJECT_num(h); i < num; i++) {
+        obj = sk_X509_OBJECT_value(h, i);
+        if (x509_object_cmp((const X509_OBJECT **)&obj,
+                            (const X509_OBJECT **)&x))
+            return NULL;
+        if (x->type == X509_LU_X509) {
+            if (!X509_cmp(obj->data.x509, x->data.x509))
+                return obj;
+        } else if (x->type == X509_LU_CRL) {
+            if (!X509_CRL_match(obj->data.crl, x->data.crl))
+                return obj;
+        } else
+            return obj;
+    }
+    return NULL;
+}
+
+/*-
+ * Try to get issuer certificate from store. Due to limitations
+ * of the API this can only retrieve a single certificate matching
+ * a given subject name. However it will fill the cache with all
+ * matching certificates, so we can examine the cache for all
+ * matches.
+ *
+ * Return values are:
+ *  1 lookup successful.
+ *  0 certificate not found.
+ * -1 some other error.
+ */
+int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
+{
+    X509_NAME *xn;
+    X509_OBJECT *obj = X509_OBJECT_new(), *pobj = NULL;
+    int i, ok, idx, ret;
+
+    if (obj == NULL)
+        return -1;
+    *issuer = NULL;
+    xn = X509_get_issuer_name(x);
+    ok = X509_STORE_CTX_get_by_subject(ctx, X509_LU_X509, xn, obj);
+    if (ok != 1) {
+        X509_OBJECT_free(obj);
+        return 0;
+    }
+    /* If certificate matches all OK */
+    if (ctx->check_issued(ctx, x, obj->data.x509)) {
+        if (x509_check_cert_time(ctx, obj->data.x509, -1)) {
+            *issuer = obj->data.x509;
+            X509_up_ref(*issuer);
+            X509_OBJECT_free(obj);
+            return 1;
+        }
+    }
+    X509_OBJECT_free(obj);
+
+    if (ctx->ctx == NULL)
+        return 0;
+
+    /* Else find index of first cert accepted by 'check_issued' */
+    ret = 0;
+    CRYPTO_THREAD_write_lock(ctx->ctx->lock);
+    idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn);
+    if (idx != -1) {            /* should be true as we've had at least one
+                                 * match */
+        /* Look through all matching certs for suitable issuer */
+        for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++) {
+            pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i);
+            /* See if we've run past the matches */
+            if (pobj->type != X509_LU_X509)
+                break;
+            if (X509_NAME_cmp(xn, X509_get_subject_name(pobj->data.x509)))
+                break;
+            if (ctx->check_issued(ctx, x, pobj->data.x509)) {
+                *issuer = pobj->data.x509;
+                ret = 1;
+                /*
+                 * If times check, exit with match,
+                 * otherwise keep looking. Leave last
+                 * match in issuer so we return nearest
+                 * match if no certificate time is OK.
+                 */
+
+                if (x509_check_cert_time(ctx, *issuer, -1))
+                    break;
+            }
+        }
+    }
+    CRYPTO_THREAD_unlock(ctx->ctx->lock);
+    if (*issuer)
+        X509_up_ref(*issuer);
+    return ret;
+}
+
+int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags)
+{
+    return X509_VERIFY_PARAM_set_flags(ctx->param, flags);
+}
+
+int X509_STORE_set_depth(X509_STORE *ctx, int depth)
+{
+    X509_VERIFY_PARAM_set_depth(ctx->param, depth);
+    return 1;
+}
+
+int X509_STORE_set_purpose(X509_STORE *ctx, int purpose)
+{
+    return X509_VERIFY_PARAM_set_purpose(ctx->param, purpose);
+}
+
+int X509_STORE_set_trust(X509_STORE *ctx, int trust)
+{
+    return X509_VERIFY_PARAM_set_trust(ctx->param, trust);
+}
+
+int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *param)
+{
+    return X509_VERIFY_PARAM_set1(ctx->param, param);
+}
+
+X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx)
+{
+    return ctx->param;
+}
+
+void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify)
+{
+    ctx->verify = verify;
+}
+
+X509_STORE_CTX_verify_fn X509_STORE_get_verify(X509_STORE *ctx)
+{
+    return ctx->verify;
+}
+
+void X509_STORE_set_verify_cb(X509_STORE *ctx,
+                              X509_STORE_CTX_verify_cb verify_cb)
+{
+    ctx->verify_cb = verify_cb;
+}
+
+X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE *ctx)
+{
+    return ctx->verify_cb;
+}
+
+void X509_STORE_set_get_issuer(X509_STORE *ctx,
+                               X509_STORE_CTX_get_issuer_fn get_issuer)
+{
+    ctx->get_issuer = get_issuer;
+}
+
+X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE *ctx)
+{
+    return ctx->get_issuer;
+}
+
+void X509_STORE_set_check_issued(X509_STORE *ctx,
+                                 X509_STORE_CTX_check_issued_fn check_issued)
+{
+    ctx->check_issued = check_issued;
+}
+
+X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE *ctx)
+{
+    return ctx->check_issued;
+}
+
+void X509_STORE_set_check_revocation(X509_STORE *ctx,
+                                     X509_STORE_CTX_check_revocation_fn check_revocation)
+{
+    ctx->check_revocation = check_revocation;
+}
+
+X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(X509_STORE *ctx)
+{
+    return ctx->check_revocation;
+}
+
+void X509_STORE_set_get_crl(X509_STORE *ctx,
+                            X509_STORE_CTX_get_crl_fn get_crl)
+{
+    ctx->get_crl = get_crl;
+}
+
+X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(X509_STORE *ctx)
+{
+    return ctx->get_crl;
+}
+
+void X509_STORE_set_check_crl(X509_STORE *ctx,
+                              X509_STORE_CTX_check_crl_fn check_crl)
+{
+    ctx->check_crl = check_crl;
+}
+
+X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(X509_STORE *ctx)
+{
+    return ctx->check_crl;
+}
+
+void X509_STORE_set_cert_crl(X509_STORE *ctx,
+                             X509_STORE_CTX_cert_crl_fn cert_crl)
+{
+    ctx->cert_crl = cert_crl;
+}
+
+X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(X509_STORE *ctx)
+{
+    return ctx->cert_crl;
+}
+
+void X509_STORE_set_check_policy(X509_STORE *ctx,
+                                 X509_STORE_CTX_check_policy_fn check_policy)
+{
+    ctx->check_policy = check_policy;
+}
+
+X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(X509_STORE *ctx)
+{
+    return ctx->check_policy;
+}
+
+void X509_STORE_set_lookup_certs(X509_STORE *ctx,
+                                 X509_STORE_CTX_lookup_certs_fn lookup_certs)
+{
+    ctx->lookup_certs = lookup_certs;
+}
+
+X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(X509_STORE *ctx)
+{
+    return ctx->lookup_certs;
+}
+
+void X509_STORE_set_lookup_crls(X509_STORE *ctx,
+                                X509_STORE_CTX_lookup_crls_fn lookup_crls)
+{
+    ctx->lookup_crls = lookup_crls;
+}
+
+X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(X509_STORE *ctx)
+{
+    return ctx->lookup_crls;
+}
+
+void X509_STORE_set_cleanup(X509_STORE *ctx,
+                            X509_STORE_CTX_cleanup_fn ctx_cleanup)
+{
+    ctx->cleanup = ctx_cleanup;
+}
+
+X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(X509_STORE *ctx)
+{
+    return ctx->cleanup;
+}
+
+int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data)
+{
+    return CRYPTO_set_ex_data(&ctx->ex_data, idx, data);
+}
+
+void *X509_STORE_get_ex_data(X509_STORE *ctx, int idx)
+{
+    return CRYPTO_get_ex_data(&ctx->ex_data, idx);
+}
+
+X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx)
+{
+    return ctx->ctx;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_meth.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_meth.c
new file mode 100644
index 000000000..9dc587a09
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_meth.c
@@ -0,0 +1,166 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include <errno.h>
+
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+#include <openssl/ossl_typ.h>
+#include "x509_lcl.h"
+
+X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name)
+{
+    X509_LOOKUP_METHOD *method = OPENSSL_zalloc(sizeof(X509_LOOKUP_METHOD));
+
+    if (method != NULL) {
+        method->name = OPENSSL_strdup(name);
+        if (method->name == NULL) {
+            X509err(X509_F_X509_LOOKUP_METH_NEW, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+
+    return method;
+
+err:
+    OPENSSL_free(method);
+    return NULL;
+}
+
+void X509_LOOKUP_meth_free(X509_LOOKUP_METHOD *method)
+{
+    if (method != NULL)
+        OPENSSL_free(method->name);
+    OPENSSL_free(method);
+}
+
+int X509_LOOKUP_meth_set_new_item(X509_LOOKUP_METHOD *method,
+                                  int (*new_item) (X509_LOOKUP *ctx))
+{
+    method->new_item = new_item;
+    return 1;
+}
+
+int (*X509_LOOKUP_meth_get_new_item(const X509_LOOKUP_METHOD* method))
+    (X509_LOOKUP *ctx)
+{
+    return method->new_item;
+}
+
+int X509_LOOKUP_meth_set_free(
+    X509_LOOKUP_METHOD *method,
+    void (*free_fn) (X509_LOOKUP *ctx))
+{
+    method->free = free_fn;
+    return 1;
+}
+
+void (*X509_LOOKUP_meth_get_free(const X509_LOOKUP_METHOD* method))
+    (X509_LOOKUP *ctx)
+{
+    return method->free;
+}
+
+int X509_LOOKUP_meth_set_init(X509_LOOKUP_METHOD *method,
+                              int (*init) (X509_LOOKUP *ctx))
+{
+    method->init = init;
+    return 1;
+}
+
+int (*X509_LOOKUP_meth_get_init(const X509_LOOKUP_METHOD* method))
+    (X509_LOOKUP *ctx)
+{
+    return method->init;
+}
+
+int X509_LOOKUP_meth_set_shutdown(
+    X509_LOOKUP_METHOD *method,
+    int (*shutdown) (X509_LOOKUP *ctx))
+{
+    method->shutdown = shutdown;
+    return 1;
+}
+
+int (*X509_LOOKUP_meth_get_shutdown(const X509_LOOKUP_METHOD* method))
+    (X509_LOOKUP *ctx)
+{
+    return method->shutdown;
+}
+
+int X509_LOOKUP_meth_set_ctrl(
+    X509_LOOKUP_METHOD *method,
+    X509_LOOKUP_ctrl_fn ctrl)
+{
+    method->ctrl = ctrl;
+    return 1;
+}
+
+X509_LOOKUP_ctrl_fn X509_LOOKUP_meth_get_ctrl(const X509_LOOKUP_METHOD *method)
+{
+    return method->ctrl;
+}
+
+int X509_LOOKUP_meth_set_get_by_subject(X509_LOOKUP_METHOD *method,
+    X509_LOOKUP_get_by_subject_fn get_by_subject)
+{
+    method->get_by_subject = get_by_subject;
+    return 1;
+}
+
+X509_LOOKUP_get_by_subject_fn X509_LOOKUP_meth_get_get_by_subject(
+    const X509_LOOKUP_METHOD *method)
+{
+    return method->get_by_subject;
+}
+
+
+int X509_LOOKUP_meth_set_get_by_issuer_serial(X509_LOOKUP_METHOD *method,
+    X509_LOOKUP_get_by_issuer_serial_fn get_by_issuer_serial)
+{
+    method->get_by_issuer_serial = get_by_issuer_serial;
+    return 1;
+}
+
+X509_LOOKUP_get_by_issuer_serial_fn
+    X509_LOOKUP_meth_get_get_by_issuer_serial(const X509_LOOKUP_METHOD *method)
+{
+    return method->get_by_issuer_serial;
+}
+
+
+int X509_LOOKUP_meth_set_get_by_fingerprint(X509_LOOKUP_METHOD *method,
+    X509_LOOKUP_get_by_fingerprint_fn get_by_fingerprint)
+{
+    method->get_by_fingerprint = get_by_fingerprint;
+    return 1;
+}
+
+X509_LOOKUP_get_by_fingerprint_fn X509_LOOKUP_meth_get_get_by_fingerprint(
+    const X509_LOOKUP_METHOD *method)
+{
+    return method->get_by_fingerprint;
+}
+
+int X509_LOOKUP_meth_set_get_by_alias(X509_LOOKUP_METHOD *method,
+                                      X509_LOOKUP_get_by_alias_fn get_by_alias)
+{
+    method->get_by_alias = get_by_alias;
+    return 1;
+}
+
+X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias(
+    const X509_LOOKUP_METHOD *method)
+{
+    return method->get_by_alias;
+}
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_obj.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_obj.c
new file mode 100644
index 000000000..85c39415c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_obj.c
@@ -0,0 +1,181 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/buffer.h>
+#include "internal/x509_int.h"
+
+/*
+ * Limit to ensure we don't overflow: much greater than
+ * anything encountered in practice.
+ */
+
+#define NAME_ONELINE_MAX    (1024 * 1024)
+
+char *X509_NAME_oneline(const X509_NAME *a, char *buf, int len)
+{
+    const X509_NAME_ENTRY *ne;
+    int i;
+    int n, lold, l, l1, l2, num, j, type;
+    const char *s;
+    char *p;
+    unsigned char *q;
+    BUF_MEM *b = NULL;
+    static const char hex[17] = "0123456789ABCDEF";
+    int gs_doit[4];
+    char tmp_buf[80];
+#ifdef CHARSET_EBCDIC
+    unsigned char ebcdic_buf[1024];
+#endif
+
+    if (buf == NULL) {
+        if ((b = BUF_MEM_new()) == NULL)
+            goto err;
+        if (!BUF_MEM_grow(b, 200))
+            goto err;
+        b->data[0] = '\0';
+        len = 200;
+    } else if (len == 0) {
+        return NULL;
+    }
+    if (a == NULL) {
+        if (b) {
+            buf = b->data;
+            OPENSSL_free(b);
+        }
+        strncpy(buf, "NO X509_NAME", len);
+        buf[len - 1] = '\0';
+        return buf;
+    }
+
+    len--;                      /* space for '\0' */
+    l = 0;
+    for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
+        ne = sk_X509_NAME_ENTRY_value(a->entries, i);
+        n = OBJ_obj2nid(ne->object);
+        if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
+            i2t_ASN1_OBJECT(tmp_buf, sizeof(tmp_buf), ne->object);
+            s = tmp_buf;
+        }
+        l1 = strlen(s);
+
+        type = ne->value->type;
+        num = ne->value->length;
+        if (num > NAME_ONELINE_MAX) {
+            X509err(X509_F_X509_NAME_ONELINE, X509_R_NAME_TOO_LONG);
+            goto end;
+        }
+        q = ne->value->data;
+#ifdef CHARSET_EBCDIC
+        if (type == V_ASN1_GENERALSTRING ||
+            type == V_ASN1_VISIBLESTRING ||
+            type == V_ASN1_PRINTABLESTRING ||
+            type == V_ASN1_TELETEXSTRING ||
+            type == V_ASN1_IA5STRING) {
+            if (num > (int)sizeof(ebcdic_buf))
+                num = sizeof(ebcdic_buf);
+            ascii2ebcdic(ebcdic_buf, q, num);
+            q = ebcdic_buf;
+        }
+#endif
+
+        if ((type == V_ASN1_GENERALSTRING) && ((num % 4) == 0)) {
+            gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 0;
+            for (j = 0; j < num; j++)
+                if (q[j] != 0)
+                    gs_doit[j & 3] = 1;
+
+            if (gs_doit[0] | gs_doit[1] | gs_doit[2])
+                gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 1;
+            else {
+                gs_doit[0] = gs_doit[1] = gs_doit[2] = 0;
+                gs_doit[3] = 1;
+            }
+        } else
+            gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 1;
+
+        for (l2 = j = 0; j < num; j++) {
+            if (!gs_doit[j & 3])
+                continue;
+            l2++;
+#ifndef CHARSET_EBCDIC
+            if ((q[j] < ' ') || (q[j] > '~'))
+                l2 += 3;
+#else
+            if ((os_toascii[q[j]] < os_toascii[' ']) ||
+                (os_toascii[q[j]] > os_toascii['~']))
+                l2 += 3;
+#endif
+        }
+
+        lold = l;
+        l += 1 + l1 + 1 + l2;
+        if (l > NAME_ONELINE_MAX) {
+            X509err(X509_F_X509_NAME_ONELINE, X509_R_NAME_TOO_LONG);
+            goto end;
+        }
+        if (b != NULL) {
+            if (!BUF_MEM_grow(b, l + 1))
+                goto err;
+            p = &(b->data[lold]);
+        } else if (l > len) {
+            break;
+        } else
+            p = &(buf[lold]);
+        *(p++) = '/';
+        memcpy(p, s, (unsigned int)l1);
+        p += l1;
+        *(p++) = '=';
+
+#ifndef CHARSET_EBCDIC          /* q was assigned above already. */
+        q = ne->value->data;
+#endif
+
+        for (j = 0; j < num; j++) {
+            if (!gs_doit[j & 3])
+                continue;
+#ifndef CHARSET_EBCDIC
+            n = q[j];
+            if ((n < ' ') || (n > '~')) {
+                *(p++) = '\\';
+                *(p++) = 'x';
+                *(p++) = hex[(n >> 4) & 0x0f];
+                *(p++) = hex[n & 0x0f];
+            } else
+                *(p++) = n;
+#else
+            n = os_toascii[q[j]];
+            if ((n < os_toascii[' ']) || (n > os_toascii['~'])) {
+                *(p++) = '\\';
+                *(p++) = 'x';
+                *(p++) = hex[(n >> 4) & 0x0f];
+                *(p++) = hex[n & 0x0f];
+            } else
+                *(p++) = q[j];
+#endif
+        }
+        *p = '\0';
+    }
+    if (b != NULL) {
+        p = b->data;
+        OPENSSL_free(b);
+    } else
+        p = buf;
+    if (i == 0)
+        *p = '\0';
+    return p;
+ err:
+    X509err(X509_F_X509_NAME_ONELINE, ERR_R_MALLOC_FAILURE);
+ end:
+    BUF_MEM_free(b);
+    return NULL;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_r2x.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_r2x.c
new file mode 100644
index 000000000..3d72787d3
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_r2x.c
@@ -0,0 +1,67 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+#include "internal/x509_int.h"
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+
+X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
+{
+    X509 *ret = NULL;
+    X509_CINF *xi = NULL;
+    X509_NAME *xn;
+    EVP_PKEY *pubkey = NULL;
+
+    if ((ret = X509_new()) == NULL) {
+        X509err(X509_F_X509_REQ_TO_X509, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    /* duplicate the request */
+    xi = &ret->cert_info;
+
+    if (sk_X509_ATTRIBUTE_num(r->req_info.attributes) != 0) {
+        if ((xi->version = ASN1_INTEGER_new()) == NULL)
+            goto err;
+        if (!ASN1_INTEGER_set(xi->version, 2))
+            goto err;
+/*-     xi->extensions=ri->attributes; <- bad, should not ever be done
+        ri->attributes=NULL; */
+    }
+
+    xn = X509_REQ_get_subject_name(r);
+    if (X509_set_subject_name(ret, xn) == 0)
+        goto err;
+    if (X509_set_issuer_name(ret, xn) == 0)
+        goto err;
+
+    if (X509_gmtime_adj(xi->validity.notBefore, 0) == NULL)
+        goto err;
+    if (X509_gmtime_adj(xi->validity.notAfter, (long)60 * 60 * 24 * days) ==
+        NULL)
+        goto err;
+
+    pubkey = X509_REQ_get0_pubkey(r);
+    if (pubkey == NULL || !X509_set_pubkey(ret, pubkey))
+        goto err;
+
+    if (!X509_sign(ret, pkey, EVP_md5()))
+        goto err;
+    return ret;
+
+ err:
+    X509_free(ret);
+    return NULL;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_req.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_req.c
new file mode 100644
index 000000000..0bdbb81db
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_req.c
@@ -0,0 +1,298 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include "internal/x509_int.h"
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include <openssl/pem.h>
+
+X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
+{
+    X509_REQ *ret;
+    X509_REQ_INFO *ri;
+    int i;
+    EVP_PKEY *pktmp;
+
+    ret = X509_REQ_new();
+    if (ret == NULL) {
+        X509err(X509_F_X509_TO_X509_REQ, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    ri = &ret->req_info;
+
+    ri->version->length = 1;
+    ri->version->data = OPENSSL_malloc(1);
+    if (ri->version->data == NULL)
+        goto err;
+    ri->version->data[0] = 0;   /* version == 0 */
+
+    if (!X509_REQ_set_subject_name(ret, X509_get_subject_name(x)))
+        goto err;
+
+    pktmp = X509_get0_pubkey(x);
+    if (pktmp == NULL)
+        goto err;
+    i = X509_REQ_set_pubkey(ret, pktmp);
+    if (!i)
+        goto err;
+
+    if (pkey != NULL) {
+        if (!X509_REQ_sign(ret, pkey, md))
+            goto err;
+    }
+    return ret;
+ err:
+    X509_REQ_free(ret);
+    return NULL;
+}
+
+EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req)
+{
+    if (req == NULL)
+        return NULL;
+    return X509_PUBKEY_get(req->req_info.pubkey);
+}
+
+EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req)
+{
+    if (req == NULL)
+        return NULL;
+    return X509_PUBKEY_get0(req->req_info.pubkey);
+}
+
+X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req)
+{
+    return req->req_info.pubkey;
+}
+
+int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k)
+{
+    EVP_PKEY *xk = NULL;
+    int ok = 0;
+
+    xk = X509_REQ_get_pubkey(x);
+    switch (EVP_PKEY_cmp(xk, k)) {
+    case 1:
+        ok = 1;
+        break;
+    case 0:
+        X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,
+                X509_R_KEY_VALUES_MISMATCH);
+        break;
+    case -1:
+        X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, X509_R_KEY_TYPE_MISMATCH);
+        break;
+    case -2:
+#ifndef OPENSSL_NO_EC
+        if (EVP_PKEY_id(k) == EVP_PKEY_EC) {
+            X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, ERR_R_EC_LIB);
+            break;
+        }
+#endif
+#ifndef OPENSSL_NO_DH
+        if (EVP_PKEY_id(k) == EVP_PKEY_DH) {
+            /* No idea */
+            X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,
+                    X509_R_CANT_CHECK_DH_KEY);
+            break;
+        }
+#endif
+        X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, X509_R_UNKNOWN_KEY_TYPE);
+    }
+
+    EVP_PKEY_free(xk);
+    return ok;
+}
+
+/*
+ * It seems several organisations had the same idea of including a list of
+ * extensions in a certificate request. There are at least two OIDs that are
+ * used and there may be more: so the list is configurable.
+ */
+
+static int ext_nid_list[] = { NID_ext_req, NID_ms_ext_req, NID_undef };
+
+static int *ext_nids = ext_nid_list;
+
+int X509_REQ_extension_nid(int req_nid)
+{
+    int i, nid;
+    for (i = 0;; i++) {
+        nid = ext_nids[i];
+        if (nid == NID_undef)
+            return 0;
+        else if (req_nid == nid)
+            return 1;
+    }
+}
+
+int *X509_REQ_get_extension_nids(void)
+{
+    return ext_nids;
+}
+
+void X509_REQ_set_extension_nids(int *nids)
+{
+    ext_nids = nids;
+}
+
+STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
+{
+    X509_ATTRIBUTE *attr;
+    ASN1_TYPE *ext = NULL;
+    int idx, *pnid;
+    const unsigned char *p;
+
+    if ((req == NULL) || !ext_nids)
+        return NULL;
+    for (pnid = ext_nids; *pnid != NID_undef; pnid++) {
+        idx = X509_REQ_get_attr_by_NID(req, *pnid, -1);
+        if (idx == -1)
+            continue;
+        attr = X509_REQ_get_attr(req, idx);
+        ext = X509_ATTRIBUTE_get0_type(attr, 0);
+        break;
+    }
+    if (!ext || (ext->type != V_ASN1_SEQUENCE))
+        return NULL;
+    p = ext->value.sequence->data;
+    return (STACK_OF(X509_EXTENSION) *)
+        ASN1_item_d2i(NULL, &p, ext->value.sequence->length,
+                      ASN1_ITEM_rptr(X509_EXTENSIONS));
+}
+
+/*
+ * Add a STACK_OF extensions to a certificate request: allow alternative OIDs
+ * in case we want to create a non standard one.
+ */
+
+int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
+                                int nid)
+{
+    int extlen;
+    int rv = 0;
+    unsigned char *ext = NULL;
+    /* Generate encoding of extensions */
+    extlen = ASN1_item_i2d((ASN1_VALUE *)exts, &ext,
+                           ASN1_ITEM_rptr(X509_EXTENSIONS));
+    if (extlen <= 0)
+        return 0;
+    rv = X509_REQ_add1_attr_by_NID(req, nid, V_ASN1_SEQUENCE, ext, extlen);
+    OPENSSL_free(ext);
+    return rv;
+}
+
+/* This is the normal usage: use the "official" OID */
+int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts)
+{
+    return X509_REQ_add_extensions_nid(req, exts, NID_ext_req);
+}
+
+/* Request attribute functions */
+
+int X509_REQ_get_attr_count(const X509_REQ *req)
+{
+    return X509at_get_attr_count(req->req_info.attributes);
+}
+
+int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos)
+{
+    return X509at_get_attr_by_NID(req->req_info.attributes, nid, lastpos);
+}
+
+int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, const ASN1_OBJECT *obj,
+                             int lastpos)
+{
+    return X509at_get_attr_by_OBJ(req->req_info.attributes, obj, lastpos);
+}
+
+X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc)
+{
+    return X509at_get_attr(req->req_info.attributes, loc);
+}
+
+X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc)
+{
+    return X509at_delete_attr(req->req_info.attributes, loc);
+}
+
+int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr)
+{
+    if (X509at_add1_attr(&req->req_info.attributes, attr))
+        return 1;
+    return 0;
+}
+
+int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
+                              const ASN1_OBJECT *obj, int type,
+                              const unsigned char *bytes, int len)
+{
+    if (X509at_add1_attr_by_OBJ(&req->req_info.attributes, obj,
+                                type, bytes, len))
+        return 1;
+    return 0;
+}
+
+int X509_REQ_add1_attr_by_NID(X509_REQ *req,
+                              int nid, int type,
+                              const unsigned char *bytes, int len)
+{
+    if (X509at_add1_attr_by_NID(&req->req_info.attributes, nid,
+                                type, bytes, len))
+        return 1;
+    return 0;
+}
+
+int X509_REQ_add1_attr_by_txt(X509_REQ *req,
+                              const char *attrname, int type,
+                              const unsigned char *bytes, int len)
+{
+    if (X509at_add1_attr_by_txt(&req->req_info.attributes, attrname,
+                                type, bytes, len))
+        return 1;
+    return 0;
+}
+
+long X509_REQ_get_version(const X509_REQ *req)
+{
+    return ASN1_INTEGER_get(req->req_info.version);
+}
+
+X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req)
+{
+    return req->req_info.subject;
+}
+
+void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig,
+                             const X509_ALGOR **palg)
+{
+    if (psig != NULL)
+        *psig = req->signature;
+    if (palg != NULL)
+        *palg = &req->sig_alg;
+}
+
+int X509_REQ_get_signature_nid(const X509_REQ *req)
+{
+    return OBJ_obj2nid(req->sig_alg.algorithm);
+}
+
+int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp)
+{
+    req->req_info.enc.modified = 1;
+    return i2d_X509_REQ_INFO(&req->req_info, pp);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_set.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_set.c
new file mode 100644
index 000000000..3ab6bf351
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_set.c
@@ -0,0 +1,237 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "internal/refcount.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include "internal/asn1_int.h"
+#include "internal/x509_int.h"
+#include "x509_lcl.h"
+
+int X509_set_version(X509 *x, long version)
+{
+    if (x == NULL)
+        return 0;
+    if (version == 0) {
+        ASN1_INTEGER_free(x->cert_info.version);
+        x->cert_info.version = NULL;
+        return 1;
+    }
+    if (x->cert_info.version == NULL) {
+        if ((x->cert_info.version = ASN1_INTEGER_new()) == NULL)
+            return 0;
+    }
+    return ASN1_INTEGER_set(x->cert_info.version, version);
+}
+
+int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial)
+{
+    ASN1_INTEGER *in;
+
+    if (x == NULL)
+        return 0;
+    in = &x->cert_info.serialNumber;
+    if (in != serial)
+        return ASN1_STRING_copy(in, serial);
+    return 1;
+}
+
+int X509_set_issuer_name(X509 *x, X509_NAME *name)
+{
+    if (x == NULL)
+        return 0;
+    return X509_NAME_set(&x->cert_info.issuer, name);
+}
+
+int X509_set_subject_name(X509 *x, X509_NAME *name)
+{
+    if (x == NULL)
+        return 0;
+    return X509_NAME_set(&x->cert_info.subject, name);
+}
+
+int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm)
+{
+    ASN1_TIME *in;
+    in = *ptm;
+    if (in != tm) {
+        in = ASN1_STRING_dup(tm);
+        if (in != NULL) {
+            ASN1_TIME_free(*ptm);
+            *ptm = in;
+        }
+    }
+    return (in != NULL);
+}
+
+int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm)
+{
+    if (x == NULL)
+        return 0;
+    return x509_set1_time(&x->cert_info.validity.notBefore, tm);
+}
+
+int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm)
+{
+    if (x == NULL)
+        return 0;
+    return x509_set1_time(&x->cert_info.validity.notAfter, tm);
+}
+
+int X509_set_pubkey(X509 *x, EVP_PKEY *pkey)
+{
+    if (x == NULL)
+        return 0;
+    return X509_PUBKEY_set(&(x->cert_info.key), pkey);
+}
+
+int X509_up_ref(X509 *x)
+{
+    int i;
+
+    if (CRYPTO_UP_REF(&x->references, &i, x->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("X509", x);
+    REF_ASSERT_ISNT(i < 2);
+    return ((i > 1) ? 1 : 0);
+}
+
+long X509_get_version(const X509 *x)
+{
+    return ASN1_INTEGER_get(x->cert_info.version);
+}
+
+const ASN1_TIME *X509_get0_notBefore(const X509 *x)
+{
+    return x->cert_info.validity.notBefore;
+}
+
+const ASN1_TIME *X509_get0_notAfter(const X509 *x)
+{
+    return x->cert_info.validity.notAfter;
+}
+
+ASN1_TIME *X509_getm_notBefore(const X509 *x)
+{
+    return x->cert_info.validity.notBefore;
+}
+
+ASN1_TIME *X509_getm_notAfter(const X509 *x)
+{
+    return x->cert_info.validity.notAfter;
+}
+
+int X509_get_signature_type(const X509 *x)
+{
+    return EVP_PKEY_type(OBJ_obj2nid(x->sig_alg.algorithm));
+}
+
+X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x)
+{
+    return x->cert_info.key;
+}
+
+const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x)
+{
+    return x->cert_info.extensions;
+}
+
+void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid,
+                    const ASN1_BIT_STRING **psuid)
+{
+    if (piuid != NULL)
+        *piuid = x->cert_info.issuerUID;
+    if (psuid != NULL)
+        *psuid = x->cert_info.subjectUID;
+}
+
+const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x)
+{
+    return &x->cert_info.signature;
+}
+
+int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid,
+                      int *secbits, uint32_t *flags)
+{
+    if (mdnid != NULL)
+        *mdnid = siginf->mdnid;
+    if (pknid != NULL)
+        *pknid = siginf->pknid;
+    if (secbits != NULL)
+        *secbits = siginf->secbits;
+    if (flags != NULL)
+        *flags = siginf->flags;
+    return (siginf->flags & X509_SIG_INFO_VALID) != 0;
+}
+
+void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid,
+                       int secbits, uint32_t flags)
+{
+    siginf->mdnid = mdnid;
+    siginf->pknid = pknid;
+    siginf->secbits = secbits;
+    siginf->flags = flags;
+}
+
+int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits,
+                            uint32_t *flags)
+{
+    X509_check_purpose(x, -1, -1);
+    return X509_SIG_INFO_get(&x->siginf, mdnid, pknid, secbits, flags);
+}
+
+static void x509_sig_info_init(X509_SIG_INFO *siginf, const X509_ALGOR *alg,
+                               const ASN1_STRING *sig)
+{
+    int pknid, mdnid;
+    const EVP_MD *md;
+
+    siginf->mdnid = NID_undef;
+    siginf->pknid = NID_undef;
+    siginf->secbits = -1;
+    siginf->flags = 0;
+    if (!OBJ_find_sigid_algs(OBJ_obj2nid(alg->algorithm), &mdnid, &pknid)
+            || pknid == NID_undef)
+        return;
+    siginf->pknid = pknid;
+    if (mdnid == NID_undef) {
+        /* If we have one, use a custom handler for this algorithm */
+        const EVP_PKEY_ASN1_METHOD *ameth = EVP_PKEY_asn1_find(NULL, pknid);
+        if (ameth == NULL || ameth->siginf_set == NULL
+                || ameth->siginf_set(siginf, alg, sig) == 0)
+            return;
+        siginf->flags |= X509_SIG_INFO_VALID;
+        return;
+    }
+    siginf->flags |= X509_SIG_INFO_VALID;
+    siginf->mdnid = mdnid;
+    md = EVP_get_digestbynid(mdnid);
+    if (md == NULL)
+        return;
+    /* Security bits: half number of bits in digest */
+    siginf->secbits = EVP_MD_size(md) * 4;
+    switch (mdnid) {
+        case NID_sha1:
+        case NID_sha256:
+        case NID_sha384:
+        case NID_sha512:
+        siginf->flags |= X509_SIG_INFO_TLS;
+    }
+}
+
+void x509_init_sig_info(X509 *x)
+{
+    x509_sig_info_init(&x->siginf, &x->sig_alg, &x->signature);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_trs.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_trs.c
new file mode 100644
index 000000000..d749af4d5
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_trs.c
@@ -0,0 +1,299 @@
+/*
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509v3.h>
+#include "internal/x509_int.h"
+
+static int tr_cmp(const X509_TRUST *const *a, const X509_TRUST *const *b);
+static void trtable_free(X509_TRUST *p);
+
+static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags);
+static int trust_1oid(X509_TRUST *trust, X509 *x, int flags);
+static int trust_compat(X509_TRUST *trust, X509 *x, int flags);
+
+static int obj_trust(int id, X509 *x, int flags);
+static int (*default_trust) (int id, X509 *x, int flags) = obj_trust;
+
+/*
+ * WARNING: the following table should be kept in order of trust and without
+ * any gaps so we can just subtract the minimum trust value to get an index
+ * into the table
+ */
+
+static X509_TRUST trstandard[] = {
+    {X509_TRUST_COMPAT, 0, trust_compat, "compatible", 0, NULL},
+    {X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth,
+     NULL},
+    {X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth,
+     NULL},
+    {X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect,
+     NULL},
+    {X509_TRUST_OBJECT_SIGN, 0, trust_1oidany, "Object Signer", NID_code_sign,
+     NULL},
+    {X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign,
+     NULL},
+    {X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP,
+     NULL},
+    {X509_TRUST_TSA, 0, trust_1oidany, "TSA server", NID_time_stamp, NULL}
+};
+
+#define X509_TRUST_COUNT        OSSL_NELEM(trstandard)
+
+static STACK_OF(X509_TRUST) *trtable = NULL;
+
+static int tr_cmp(const X509_TRUST *const *a, const X509_TRUST *const *b)
+{
+    return (*a)->trust - (*b)->trust;
+}
+
+int (*X509_TRUST_set_default(int (*trust) (int, X509 *, int))) (int, X509 *,
+                                                                int) {
+    int (*oldtrust) (int, X509 *, int);
+    oldtrust = default_trust;
+    default_trust = trust;
+    return oldtrust;
+}
+
+int X509_check_trust(X509 *x, int id, int flags)
+{
+    X509_TRUST *pt;
+    int idx;
+
+    /* We get this as a default value */
+    if (id == X509_TRUST_DEFAULT)
+        return obj_trust(NID_anyExtendedKeyUsage, x,
+                         flags | X509_TRUST_DO_SS_COMPAT);
+    idx = X509_TRUST_get_by_id(id);
+    if (idx == -1)
+        return default_trust(id, x, flags);
+    pt = X509_TRUST_get0(idx);
+    return pt->check_trust(pt, x, flags);
+}
+
+int X509_TRUST_get_count(void)
+{
+    if (!trtable)
+        return X509_TRUST_COUNT;
+    return sk_X509_TRUST_num(trtable) + X509_TRUST_COUNT;
+}
+
+X509_TRUST *X509_TRUST_get0(int idx)
+{
+    if (idx < 0)
+        return NULL;
+    if (idx < (int)X509_TRUST_COUNT)
+        return trstandard + idx;
+    return sk_X509_TRUST_value(trtable, idx - X509_TRUST_COUNT);
+}
+
+int X509_TRUST_get_by_id(int id)
+{
+    X509_TRUST tmp;
+    int idx;
+
+    if ((id >= X509_TRUST_MIN) && (id <= X509_TRUST_MAX))
+        return id - X509_TRUST_MIN;
+    if (trtable == NULL)
+        return -1;
+    tmp.trust = id;
+    idx = sk_X509_TRUST_find(trtable, &tmp);
+    if (idx < 0)
+        return -1;
+    return idx + X509_TRUST_COUNT;
+}
+
+int X509_TRUST_set(int *t, int trust)
+{
+    if (X509_TRUST_get_by_id(trust) == -1) {
+        X509err(X509_F_X509_TRUST_SET, X509_R_INVALID_TRUST);
+        return 0;
+    }
+    *t = trust;
+    return 1;
+}
+
+int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int),
+                   const char *name, int arg1, void *arg2)
+{
+    int idx;
+    X509_TRUST *trtmp;
+    /*
+     * This is set according to what we change: application can't set it
+     */
+    flags &= ~X509_TRUST_DYNAMIC;
+    /* This will always be set for application modified trust entries */
+    flags |= X509_TRUST_DYNAMIC_NAME;
+    /* Get existing entry if any */
+    idx = X509_TRUST_get_by_id(id);
+    /* Need a new entry */
+    if (idx == -1) {
+        if ((trtmp = OPENSSL_malloc(sizeof(*trtmp))) == NULL) {
+            X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        trtmp->flags = X509_TRUST_DYNAMIC;
+    } else
+        trtmp = X509_TRUST_get0(idx);
+
+    /* OPENSSL_free existing name if dynamic */
+    if (trtmp->flags & X509_TRUST_DYNAMIC_NAME)
+        OPENSSL_free(trtmp->name);
+    /* dup supplied name */
+    if ((trtmp->name = OPENSSL_strdup(name)) == NULL) {
+        X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    /* Keep the dynamic flag of existing entry */
+    trtmp->flags &= X509_TRUST_DYNAMIC;
+    /* Set all other flags */
+    trtmp->flags |= flags;
+
+    trtmp->trust = id;
+    trtmp->check_trust = ck;
+    trtmp->arg1 = arg1;
+    trtmp->arg2 = arg2;
+
+    /* If its a new entry manage the dynamic table */
+    if (idx == -1) {
+        if (trtable == NULL
+            && (trtable = sk_X509_TRUST_new(tr_cmp)) == NULL) {
+            X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
+            goto err;;
+        }
+        if (!sk_X509_TRUST_push(trtable, trtmp)) {
+            X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+    return 1;
+ err:
+    if (idx == -1) {
+        OPENSSL_free(trtmp->name);
+        OPENSSL_free(trtmp);
+    }
+    return 0;
+}
+
+static void trtable_free(X509_TRUST *p)
+{
+    if (!p)
+        return;
+    if (p->flags & X509_TRUST_DYNAMIC) {
+        if (p->flags & X509_TRUST_DYNAMIC_NAME)
+            OPENSSL_free(p->name);
+        OPENSSL_free(p);
+    }
+}
+
+void X509_TRUST_cleanup(void)
+{
+    sk_X509_TRUST_pop_free(trtable, trtable_free);
+    trtable = NULL;
+}
+
+int X509_TRUST_get_flags(const X509_TRUST *xp)
+{
+    return xp->flags;
+}
+
+char *X509_TRUST_get0_name(const X509_TRUST *xp)
+{
+    return xp->name;
+}
+
+int X509_TRUST_get_trust(const X509_TRUST *xp)
+{
+    return xp->trust;
+}
+
+static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags)
+{
+    /*
+     * Declare the chain verified if the desired trust OID is not rejected in
+     * any auxiliary trust info for this certificate, and the OID is either
+     * expressly trusted, or else either "anyEKU" is trusted, or the
+     * certificate is self-signed.
+     */
+    flags |= X509_TRUST_DO_SS_COMPAT | X509_TRUST_OK_ANY_EKU;
+    return obj_trust(trust->arg1, x, flags);
+}
+
+static int trust_1oid(X509_TRUST *trust, X509 *x, int flags)
+{
+    /*
+     * Declare the chain verified only if the desired trust OID is not
+     * rejected and is expressly trusted.  Neither "anyEKU" nor "compat"
+     * trust in self-signed certificates apply.
+     */
+    flags &= ~(X509_TRUST_DO_SS_COMPAT | X509_TRUST_OK_ANY_EKU);
+    return obj_trust(trust->arg1, x, flags);
+}
+
+static int trust_compat(X509_TRUST *trust, X509 *x, int flags)
+{
+    /* Call for side-effect of computing hash and caching extensions */
+    X509_check_purpose(x, -1, 0);
+    if ((flags & X509_TRUST_NO_SS_COMPAT) == 0 && x->ex_flags & EXFLAG_SS)
+        return X509_TRUST_TRUSTED;
+    else
+        return X509_TRUST_UNTRUSTED;
+}
+
+static int obj_trust(int id, X509 *x, int flags)
+{
+    X509_CERT_AUX *ax = x->aux;
+    int i;
+
+    if (ax && ax->reject) {
+        for (i = 0; i < sk_ASN1_OBJECT_num(ax->reject); i++) {
+            ASN1_OBJECT *obj = sk_ASN1_OBJECT_value(ax->reject, i);
+            int nid = OBJ_obj2nid(obj);
+
+            if (nid == id || (nid == NID_anyExtendedKeyUsage &&
+                (flags & X509_TRUST_OK_ANY_EKU)))
+                return X509_TRUST_REJECTED;
+        }
+    }
+
+    if (ax && ax->trust) {
+        for (i = 0; i < sk_ASN1_OBJECT_num(ax->trust); i++) {
+            ASN1_OBJECT *obj = sk_ASN1_OBJECT_value(ax->trust, i);
+            int nid = OBJ_obj2nid(obj);
+
+            if (nid == id || (nid == NID_anyExtendedKeyUsage &&
+                (flags & X509_TRUST_OK_ANY_EKU)))
+                return X509_TRUST_TRUSTED;
+        }
+        /*
+         * Reject when explicit trust EKU are set and none match.
+         *
+         * Returning untrusted is enough for for full chains that end in
+         * self-signed roots, because when explicit trust is specified it
+         * suppresses the default blanket trust of self-signed objects.
+         *
+         * But for partial chains, this is not enough, because absent a similar
+         * trust-self-signed policy, non matching EKUs are indistinguishable
+         * from lack of EKU constraints.
+         *
+         * Therefore, failure to match any trusted purpose must trigger an
+         * explicit reject.
+         */
+        return X509_TRUST_REJECTED;
+    }
+
+    if ((flags & X509_TRUST_DO_SS_COMPAT) == 0)
+        return X509_TRUST_UNTRUSTED;
+
+    /*
+     * Not rejected, and there is no list of accepted uses, try compat.
+     */
+    return trust_compat(NULL, x, flags);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_txt.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_txt.c
new file mode 100644
index 000000000..4755b39eb
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_txt.c
@@ -0,0 +1,182 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include <errno.h>
+
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+
+const char *X509_verify_cert_error_string(long n)
+{
+    switch ((int)n) {
+    case X509_V_OK:
+        return "ok";
+    case X509_V_ERR_UNSPECIFIED:
+        return "unspecified certificate verification error";
+    case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+        return "unable to get issuer certificate";
+    case X509_V_ERR_UNABLE_TO_GET_CRL:
+        return "unable to get certificate CRL";
+    case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
+        return "unable to decrypt certificate's signature";
+    case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
+        return "unable to decrypt CRL's signature";
+    case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
+        return "unable to decode issuer public key";
+    case X509_V_ERR_CERT_SIGNATURE_FAILURE:
+        return "certificate signature failure";
+    case X509_V_ERR_CRL_SIGNATURE_FAILURE:
+        return "CRL signature failure";
+    case X509_V_ERR_CERT_NOT_YET_VALID:
+        return "certificate is not yet valid";
+    case X509_V_ERR_CERT_HAS_EXPIRED:
+        return "certificate has expired";
+    case X509_V_ERR_CRL_NOT_YET_VALID:
+        return "CRL is not yet valid";
+    case X509_V_ERR_CRL_HAS_EXPIRED:
+        return "CRL has expired";
+    case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+        return "format error in certificate's notBefore field";
+    case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+        return "format error in certificate's notAfter field";
+    case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
+        return "format error in CRL's lastUpdate field";
+    case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
+        return "format error in CRL's nextUpdate field";
+    case X509_V_ERR_OUT_OF_MEM:
+        return "out of memory";
+    case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
+        return "self signed certificate";
+    case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
+        return "self signed certificate in certificate chain";
+    case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
+        return "unable to get local issuer certificate";
+    case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
+        return "unable to verify the first certificate";
+    case X509_V_ERR_CERT_CHAIN_TOO_LONG:
+        return "certificate chain too long";
+    case X509_V_ERR_CERT_REVOKED:
+        return "certificate revoked";
+    case X509_V_ERR_INVALID_CA:
+        return "invalid CA certificate";
+    case X509_V_ERR_PATH_LENGTH_EXCEEDED:
+        return "path length constraint exceeded";
+    case X509_V_ERR_INVALID_PURPOSE:
+        return "unsupported certificate purpose";
+    case X509_V_ERR_CERT_UNTRUSTED:
+        return "certificate not trusted";
+    case X509_V_ERR_CERT_REJECTED:
+        return "certificate rejected";
+    case X509_V_ERR_SUBJECT_ISSUER_MISMATCH:
+        return "subject issuer mismatch";
+    case X509_V_ERR_AKID_SKID_MISMATCH:
+        return "authority and subject key identifier mismatch";
+    case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH:
+        return "authority and issuer serial number mismatch";
+    case X509_V_ERR_KEYUSAGE_NO_CERTSIGN:
+        return "key usage does not include certificate signing";
+    case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
+        return "unable to get CRL issuer certificate";
+    case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
+        return "unhandled critical extension";
+    case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN:
+        return "key usage does not include CRL signing";
+    case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION:
+        return "unhandled critical CRL extension";
+    case X509_V_ERR_INVALID_NON_CA:
+        return "invalid non-CA certificate (has CA markings)";
+    case X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED:
+        return "proxy path length constraint exceeded";
+    case X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE:
+        return "key usage does not include digital signature";
+    case X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED:
+        return
+            "proxy certificates not allowed, please set the appropriate flag";
+    case X509_V_ERR_INVALID_EXTENSION:
+        return "invalid or inconsistent certificate extension";
+    case X509_V_ERR_INVALID_POLICY_EXTENSION:
+        return "invalid or inconsistent certificate policy extension";
+    case X509_V_ERR_NO_EXPLICIT_POLICY:
+        return "no explicit policy";
+    case X509_V_ERR_DIFFERENT_CRL_SCOPE:
+        return "Different CRL scope";
+    case X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE:
+        return "Unsupported extension feature";
+    case X509_V_ERR_UNNESTED_RESOURCE:
+        return "RFC 3779 resource not subset of parent's resources";
+    case X509_V_ERR_PERMITTED_VIOLATION:
+        return "permitted subtree violation";
+    case X509_V_ERR_EXCLUDED_VIOLATION:
+        return "excluded subtree violation";
+    case X509_V_ERR_SUBTREE_MINMAX:
+        return "name constraints minimum and maximum not supported";
+    case X509_V_ERR_APPLICATION_VERIFICATION:
+        return "application verification failure";
+    case X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE:
+        return "unsupported name constraint type";
+    case X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX:
+        return "unsupported or invalid name constraint syntax";
+    case X509_V_ERR_UNSUPPORTED_NAME_SYNTAX:
+        return "unsupported or invalid name syntax";
+    case X509_V_ERR_CRL_PATH_VALIDATION_ERROR:
+        return "CRL path validation error";
+    case X509_V_ERR_PATH_LOOP:
+        return "Path Loop";
+    case X509_V_ERR_SUITE_B_INVALID_VERSION:
+        return "Suite B: certificate version invalid";
+    case X509_V_ERR_SUITE_B_INVALID_ALGORITHM:
+        return "Suite B: invalid public key algorithm";
+    case X509_V_ERR_SUITE_B_INVALID_CURVE:
+        return "Suite B: invalid ECC curve";
+    case X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM:
+        return "Suite B: invalid signature algorithm";
+    case X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED:
+        return "Suite B: curve not allowed for this LOS";
+    case X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256:
+        return "Suite B: cannot sign P-384 with P-256";
+    case X509_V_ERR_HOSTNAME_MISMATCH:
+        return "Hostname mismatch";
+    case X509_V_ERR_EMAIL_MISMATCH:
+        return "Email address mismatch";
+    case X509_V_ERR_IP_ADDRESS_MISMATCH:
+        return "IP address mismatch";
+    case X509_V_ERR_DANE_NO_MATCH:
+        return "No matching DANE TLSA records";
+    case X509_V_ERR_EE_KEY_TOO_SMALL:
+        return "EE certificate key too weak";
+    case X509_V_ERR_CA_KEY_TOO_SMALL:
+        return "CA certificate key too weak";
+    case X509_V_ERR_CA_MD_TOO_WEAK:
+        return "CA signature digest algorithm too weak";
+    case X509_V_ERR_INVALID_CALL:
+        return "Invalid certificate verification context";
+    case X509_V_ERR_STORE_LOOKUP:
+        return "Issuer certificate lookup error";
+    case X509_V_ERR_NO_VALID_SCTS:
+        return "Certificate Transparency required, but no valid SCTs found";
+    case X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION:
+        return "proxy subject name violation";
+    case X509_V_ERR_OCSP_VERIFY_NEEDED:
+        return "OCSP verification needed";
+    case X509_V_ERR_OCSP_VERIFY_FAILED:
+        return "OCSP verification failed";
+    case X509_V_ERR_OCSP_CERT_UNKNOWN:
+        return "OCSP unknown cert";
+
+    default:
+        /* Printing an error number into a static buffer is not thread-safe */
+        return "unknown certificate verification error";
+    }
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_v3.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_v3.c
new file mode 100644
index 000000000..75ae767d6
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_v3.c
@@ -0,0 +1,235 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/safestack.h>
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include "x509_lcl.h"
+
+int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x)
+{
+    if (x == NULL)
+        return 0;
+    return sk_X509_EXTENSION_num(x);
+}
+
+int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, int nid,
+                          int lastpos)
+{
+    ASN1_OBJECT *obj;
+
+    obj = OBJ_nid2obj(nid);
+    if (obj == NULL)
+        return -2;
+    return X509v3_get_ext_by_OBJ(x, obj, lastpos);
+}
+
+int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *sk,
+                          const ASN1_OBJECT *obj, int lastpos)
+{
+    int n;
+    X509_EXTENSION *ex;
+
+    if (sk == NULL)
+        return -1;
+    lastpos++;
+    if (lastpos < 0)
+        lastpos = 0;
+    n = sk_X509_EXTENSION_num(sk);
+    for (; lastpos < n; lastpos++) {
+        ex = sk_X509_EXTENSION_value(sk, lastpos);
+        if (OBJ_cmp(ex->object, obj) == 0)
+            return lastpos;
+    }
+    return -1;
+}
+
+int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit,
+                               int lastpos)
+{
+    int n;
+    X509_EXTENSION *ex;
+
+    if (sk == NULL)
+        return -1;
+    lastpos++;
+    if (lastpos < 0)
+        lastpos = 0;
+    n = sk_X509_EXTENSION_num(sk);
+    for (; lastpos < n; lastpos++) {
+        ex = sk_X509_EXTENSION_value(sk, lastpos);
+        if (((ex->critical > 0) && crit) || ((ex->critical <= 0) && !crit))
+            return lastpos;
+    }
+    return -1;
+}
+
+X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc)
+{
+    if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0)
+        return NULL;
+    else
+        return sk_X509_EXTENSION_value(x, loc);
+}
+
+X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc)
+{
+    X509_EXTENSION *ret;
+
+    if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0)
+        return NULL;
+    ret = sk_X509_EXTENSION_delete(x, loc);
+    return ret;
+}
+
+STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
+                                         X509_EXTENSION *ex, int loc)
+{
+    X509_EXTENSION *new_ex = NULL;
+    int n;
+    STACK_OF(X509_EXTENSION) *sk = NULL;
+
+    if (x == NULL) {
+        X509err(X509_F_X509V3_ADD_EXT, ERR_R_PASSED_NULL_PARAMETER);
+        goto err2;
+    }
+
+    if (*x == NULL) {
+        if ((sk = sk_X509_EXTENSION_new_null()) == NULL)
+            goto err;
+    } else
+        sk = *x;
+
+    n = sk_X509_EXTENSION_num(sk);
+    if (loc > n)
+        loc = n;
+    else if (loc < 0)
+        loc = n;
+
+    if ((new_ex = X509_EXTENSION_dup(ex)) == NULL)
+        goto err2;
+    if (!sk_X509_EXTENSION_insert(sk, new_ex, loc))
+        goto err;
+    if (*x == NULL)
+        *x = sk;
+    return sk;
+ err:
+    X509err(X509_F_X509V3_ADD_EXT, ERR_R_MALLOC_FAILURE);
+ err2:
+    X509_EXTENSION_free(new_ex);
+    if (x != NULL && *x == NULL)
+        sk_X509_EXTENSION_free(sk);
+    return NULL;
+}
+
+X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid,
+                                             int crit,
+                                             ASN1_OCTET_STRING *data)
+{
+    ASN1_OBJECT *obj;
+    X509_EXTENSION *ret;
+
+    obj = OBJ_nid2obj(nid);
+    if (obj == NULL) {
+        X509err(X509_F_X509_EXTENSION_CREATE_BY_NID, X509_R_UNKNOWN_NID);
+        return NULL;
+    }
+    ret = X509_EXTENSION_create_by_OBJ(ex, obj, crit, data);
+    if (ret == NULL)
+        ASN1_OBJECT_free(obj);
+    return ret;
+}
+
+X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
+                                             const ASN1_OBJECT *obj, int crit,
+                                             ASN1_OCTET_STRING *data)
+{
+    X509_EXTENSION *ret;
+
+    if ((ex == NULL) || (*ex == NULL)) {
+        if ((ret = X509_EXTENSION_new()) == NULL) {
+            X509err(X509_F_X509_EXTENSION_CREATE_BY_OBJ,
+                    ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+    } else
+        ret = *ex;
+
+    if (!X509_EXTENSION_set_object(ret, obj))
+        goto err;
+    if (!X509_EXTENSION_set_critical(ret, crit))
+        goto err;
+    if (!X509_EXTENSION_set_data(ret, data))
+        goto err;
+
+    if ((ex != NULL) && (*ex == NULL))
+        *ex = ret;
+    return ret;
+ err:
+    if ((ex == NULL) || (ret != *ex))
+        X509_EXTENSION_free(ret);
+    return NULL;
+}
+
+int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj)
+{
+    if ((ex == NULL) || (obj == NULL))
+        return 0;
+    ASN1_OBJECT_free(ex->object);
+    ex->object = OBJ_dup(obj);
+    return ex->object != NULL;
+}
+
+int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit)
+{
+    if (ex == NULL)
+        return 0;
+    ex->critical = (crit) ? 0xFF : -1;
+    return 1;
+}
+
+int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data)
+{
+    int i;
+
+    if (ex == NULL)
+        return 0;
+    i = ASN1_OCTET_STRING_set(&ex->value, data->data, data->length);
+    if (!i)
+        return 0;
+    return 1;
+}
+
+ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex)
+{
+    if (ex == NULL)
+        return NULL;
+    return ex->object;
+}
+
+ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ex)
+{
+    if (ex == NULL)
+        return NULL;
+    return &ex->value;
+}
+
+int X509_EXTENSION_get_critical(const X509_EXTENSION *ex)
+{
+    if (ex == NULL)
+        return 0;
+    if (ex->critical > 0)
+        return 1;
+    return 0;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_vfy.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_vfy.c
new file mode 100644
index 000000000..4ced716e3
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_vfy.c
@@ -0,0 +1,3275 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include <errno.h>
+#include <limits.h>
+
+#include "internal/ctype.h"
+#include "internal/cryptlib.h"
+#include <openssl/crypto.h>
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/objects.h>
+#include "internal/dane.h"
+#include "internal/x509_int.h"
+#include "x509_lcl.h"
+
+/* CRL score values */
+
+/* No unhandled critical extensions */
+
+#define CRL_SCORE_NOCRITICAL    0x100
+
+/* certificate is within CRL scope */
+
+#define CRL_SCORE_SCOPE         0x080
+
+/* CRL times valid */
+
+#define CRL_SCORE_TIME          0x040
+
+/* Issuer name matches certificate */
+
+#define CRL_SCORE_ISSUER_NAME   0x020
+
+/* If this score or above CRL is probably valid */
+
+#define CRL_SCORE_VALID (CRL_SCORE_NOCRITICAL|CRL_SCORE_TIME|CRL_SCORE_SCOPE)
+
+/* CRL issuer is certificate issuer */
+
+#define CRL_SCORE_ISSUER_CERT   0x018
+
+/* CRL issuer is on certificate path */
+
+#define CRL_SCORE_SAME_PATH     0x008
+
+/* CRL issuer matches CRL AKID */
+
+#define CRL_SCORE_AKID          0x004
+
+/* Have a delta CRL with valid times */
+
+#define CRL_SCORE_TIME_DELTA    0x002
+
+static int build_chain(X509_STORE_CTX *ctx);
+static int verify_chain(X509_STORE_CTX *ctx);
+static int dane_verify(X509_STORE_CTX *ctx);
+static int null_callback(int ok, X509_STORE_CTX *e);
+static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
+static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x);
+static int check_chain_extensions(X509_STORE_CTX *ctx);
+static int check_name_constraints(X509_STORE_CTX *ctx);
+static int check_id(X509_STORE_CTX *ctx);
+static int check_trust(X509_STORE_CTX *ctx, int num_untrusted);
+static int check_revocation(X509_STORE_CTX *ctx);
+static int check_cert(X509_STORE_CTX *ctx);
+static int check_policy(X509_STORE_CTX *ctx);
+static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
+static int check_dane_issuer(X509_STORE_CTX *ctx, int depth);
+static int check_key_level(X509_STORE_CTX *ctx, X509 *cert);
+static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert);
+
+static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
+                         unsigned int *preasons, X509_CRL *crl, X509 *x);
+static int get_crl_delta(X509_STORE_CTX *ctx,
+                         X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x);
+static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl,
+                         int *pcrl_score, X509_CRL *base,
+                         STACK_OF(X509_CRL) *crls);
+static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, X509 **pissuer,
+                           int *pcrl_score);
+static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score,
+                           unsigned int *preasons);
+static int check_crl_path(X509_STORE_CTX *ctx, X509 *x);
+static int check_crl_chain(X509_STORE_CTX *ctx,
+                           STACK_OF(X509) *cert_path,
+                           STACK_OF(X509) *crl_path);
+
+static int internal_verify(X509_STORE_CTX *ctx);
+
+static int null_callback(int ok, X509_STORE_CTX *e)
+{
+    return ok;
+}
+
+/* Return 1 is a certificate is self signed */
+static int cert_self_signed(X509 *x)
+{
+    /*
+     * FIXME: x509v3_cache_extensions() needs to detect more failures and not
+     * set EXFLAG_SET when that happens.  Especially, if the failures are
+     * parse errors, rather than memory pressure!
+     */
+    X509_check_purpose(x, -1, 0);
+    if (x->ex_flags & EXFLAG_SS)
+        return 1;
+    else
+        return 0;
+}
+
+/* Given a certificate try and find an exact match in the store */
+
+static X509 *lookup_cert_match(X509_STORE_CTX *ctx, X509 *x)
+{
+    STACK_OF(X509) *certs;
+    X509 *xtmp = NULL;
+    int i;
+    /* Lookup all certs with matching subject name */
+    certs = ctx->lookup_certs(ctx, X509_get_subject_name(x));
+    if (certs == NULL)
+        return NULL;
+    /* Look for exact match */
+    for (i = 0; i < sk_X509_num(certs); i++) {
+        xtmp = sk_X509_value(certs, i);
+        if (!X509_cmp(xtmp, x))
+            break;
+    }
+    if (i < sk_X509_num(certs))
+        X509_up_ref(xtmp);
+    else
+        xtmp = NULL;
+    sk_X509_pop_free(certs, X509_free);
+    return xtmp;
+}
+
+/*-
+ * Inform the verify callback of an error.
+ * If B<x> is not NULL it is the error cert, otherwise use the chain cert at
+ * B<depth>.
+ * If B<err> is not X509_V_OK, that's the error value, otherwise leave
+ * unchanged (presumably set by the caller).
+ *
+ * Returns 0 to abort verification with an error, non-zero to continue.
+ */
+static int verify_cb_cert(X509_STORE_CTX *ctx, X509 *x, int depth, int err)
+{
+    ctx->error_depth = depth;
+    ctx->current_cert = (x != NULL) ? x : sk_X509_value(ctx->chain, depth);
+    if (err != X509_V_OK)
+        ctx->error = err;
+    return ctx->verify_cb(0, ctx);
+}
+
+/*-
+ * Inform the verify callback of an error, CRL-specific variant.  Here, the
+ * error depth and certificate are already set, we just specify the error
+ * number.
+ *
+ * Returns 0 to abort verification with an error, non-zero to continue.
+ */
+static int verify_cb_crl(X509_STORE_CTX *ctx, int err)
+{
+    ctx->error = err;
+    return ctx->verify_cb(0, ctx);
+}
+
+static int check_auth_level(X509_STORE_CTX *ctx)
+{
+    int i;
+    int num = sk_X509_num(ctx->chain);
+
+    if (ctx->param->auth_level <= 0)
+        return 1;
+
+    for (i = 0; i < num; ++i) {
+        X509 *cert = sk_X509_value(ctx->chain, i);
+
+        /*
+         * We've already checked the security of the leaf key, so here we only
+         * check the security of issuer keys.
+         */
+        if (i > 0 && !check_key_level(ctx, cert) &&
+            verify_cb_cert(ctx, cert, i, X509_V_ERR_CA_KEY_TOO_SMALL) == 0)
+            return 0;
+        /*
+         * We also check the signature algorithm security of all certificates
+         * except those of the trust anchor at index num-1.
+         */
+        if (i < num - 1 && !check_sig_level(ctx, cert) &&
+            verify_cb_cert(ctx, cert, i, X509_V_ERR_CA_MD_TOO_WEAK) == 0)
+            return 0;
+    }
+    return 1;
+}
+
+static int verify_chain(X509_STORE_CTX *ctx)
+{
+    int err;
+    int ok;
+
+    /*
+     * Before either returning with an error, or continuing with CRL checks,
+     * instantiate chain public key parameters.
+     */
+    if ((ok = build_chain(ctx)) == 0 ||
+        (ok = check_chain_extensions(ctx)) == 0 ||
+        (ok = check_auth_level(ctx)) == 0 ||
+        (ok = check_id(ctx)) == 0 || 1)
+        X509_get_pubkey_parameters(NULL, ctx->chain);
+    if (ok == 0 || (ok = ctx->check_revocation(ctx)) == 0)
+        return ok;
+
+    err = X509_chain_check_suiteb(&ctx->error_depth, NULL, ctx->chain,
+                                  ctx->param->flags);
+    if (err != X509_V_OK) {
+        if ((ok = verify_cb_cert(ctx, NULL, ctx->error_depth, err)) == 0)
+            return ok;
+    }
+
+    /* Verify chain signatures and expiration times */
+    ok = (ctx->verify != NULL) ? ctx->verify(ctx) : internal_verify(ctx);
+    if (!ok)
+        return ok;
+
+    if ((ok = check_name_constraints(ctx)) == 0)
+        return ok;
+
+#ifndef OPENSSL_NO_RFC3779
+    /* RFC 3779 path validation, now that CRL check has been done */
+    if ((ok = X509v3_asid_validate_path(ctx)) == 0)
+        return ok;
+    if ((ok = X509v3_addr_validate_path(ctx)) == 0)
+        return ok;
+#endif
+
+    /* If we get this far evaluate policies */
+    if (ctx->param->flags & X509_V_FLAG_POLICY_CHECK)
+        ok = ctx->check_policy(ctx);
+    return ok;
+}
+
+int X509_verify_cert(X509_STORE_CTX *ctx)
+{
+    SSL_DANE *dane = ctx->dane;
+    int ret;
+
+    if (ctx->cert == NULL) {
+        X509err(X509_F_X509_VERIFY_CERT, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
+        ctx->error = X509_V_ERR_INVALID_CALL;
+        return -1;
+    }
+
+    if (ctx->chain != NULL) {
+        /*
+         * This X509_STORE_CTX has already been used to verify a cert. We
+         * cannot do another one.
+         */
+        X509err(X509_F_X509_VERIFY_CERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        ctx->error = X509_V_ERR_INVALID_CALL;
+        return -1;
+    }
+
+    /*
+     * first we make sure the chain we are going to build is present and that
+     * the first entry is in place
+     */
+    if (((ctx->chain = sk_X509_new_null()) == NULL) ||
+        (!sk_X509_push(ctx->chain, ctx->cert))) {
+        X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
+        ctx->error = X509_V_ERR_OUT_OF_MEM;
+        return -1;
+    }
+    X509_up_ref(ctx->cert);
+    ctx->num_untrusted = 1;
+
+    /* If the peer's public key is too weak, we can stop early. */
+    if (!check_key_level(ctx, ctx->cert) &&
+        !verify_cb_cert(ctx, ctx->cert, 0, X509_V_ERR_EE_KEY_TOO_SMALL))
+        return 0;
+
+    if (DANETLS_ENABLED(dane))
+        ret = dane_verify(ctx);
+    else
+        ret = verify_chain(ctx);
+
+    /*
+     * Safety-net.  If we are returning an error, we must also set ctx->error,
+     * so that the chain is not considered verified should the error be ignored
+     * (e.g. TLS with SSL_VERIFY_NONE).
+     */
+    if (ret <= 0 && ctx->error == X509_V_OK)
+        ctx->error = X509_V_ERR_UNSPECIFIED;
+    return ret;
+}
+
+/*
+ * Given a STACK_OF(X509) find the issuer of cert (if any)
+ */
+static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
+{
+    int i;
+    X509 *issuer, *rv = NULL;
+
+    for (i = 0; i < sk_X509_num(sk); i++) {
+        issuer = sk_X509_value(sk, i);
+        if (ctx->check_issued(ctx, x, issuer)) {
+            rv = issuer;
+            if (x509_check_cert_time(ctx, rv, -1))
+                break;
+        }
+    }
+    return rv;
+}
+
+/* Given a possible certificate and issuer check them */
+
+static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
+{
+    int ret;
+    if (x == issuer)
+        return cert_self_signed(x);
+    ret = X509_check_issued(issuer, x);
+    if (ret == X509_V_OK) {
+        int i;
+        X509 *ch;
+        /* Special case: single self signed certificate */
+        if (cert_self_signed(x) && sk_X509_num(ctx->chain) == 1)
+            return 1;
+        for (i = 0; i < sk_X509_num(ctx->chain); i++) {
+            ch = sk_X509_value(ctx->chain, i);
+            if (ch == issuer || !X509_cmp(ch, issuer)) {
+                ret = X509_V_ERR_PATH_LOOP;
+                break;
+            }
+        }
+    }
+
+    return (ret == X509_V_OK);
+}
+
+/* Alternative lookup method: look from a STACK stored in other_ctx */
+
+static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
+{
+    *issuer = find_issuer(ctx, ctx->other_ctx, x);
+    if (*issuer) {
+        X509_up_ref(*issuer);
+        return 1;
+    } else
+        return 0;
+}
+
+static STACK_OF(X509) *lookup_certs_sk(X509_STORE_CTX *ctx, X509_NAME *nm)
+{
+    STACK_OF(X509) *sk = NULL;
+    X509 *x;
+    int i;
+
+    for (i = 0; i < sk_X509_num(ctx->other_ctx); i++) {
+        x = sk_X509_value(ctx->other_ctx, i);
+        if (X509_NAME_cmp(nm, X509_get_subject_name(x)) == 0) {
+            if (sk == NULL)
+                sk = sk_X509_new_null();
+            if (sk == NULL || sk_X509_push(sk, x) == 0) {
+                sk_X509_pop_free(sk, X509_free);
+                X509err(X509_F_LOOKUP_CERTS_SK, ERR_R_MALLOC_FAILURE);
+                ctx->error = X509_V_ERR_OUT_OF_MEM;
+                return NULL;
+            }
+            X509_up_ref(x);
+        }
+    }
+    return sk;
+}
+
+/*
+ * Check EE or CA certificate purpose.  For trusted certificates explicit local
+ * auxiliary trust can be used to override EKU-restrictions.
+ */
+static int check_purpose(X509_STORE_CTX *ctx, X509 *x, int purpose, int depth,
+                         int must_be_ca)
+{
+    int tr_ok = X509_TRUST_UNTRUSTED;
+
+    /*
+     * For trusted certificates we want to see whether any auxiliary trust
+     * settings trump the purpose constraints.
+     *
+     * This is complicated by the fact that the trust ordinals in
+     * ctx->param->trust are entirely independent of the purpose ordinals in
+     * ctx->param->purpose!
+     *
+     * What connects them is their mutual initialization via calls from
+     * X509_STORE_CTX_set_default() into X509_VERIFY_PARAM_lookup() which sets
+     * related values of both param->trust and param->purpose.  It is however
+     * typically possible to infer associated trust values from a purpose value
+     * via the X509_PURPOSE API.
+     *
+     * Therefore, we can only check for trust overrides when the purpose we're
+     * checking is the same as ctx->param->purpose and ctx->param->trust is
+     * also set.
+     */
+    if (depth >= ctx->num_untrusted && purpose == ctx->param->purpose)
+        tr_ok = X509_check_trust(x, ctx->param->trust, X509_TRUST_NO_SS_COMPAT);
+
+    switch (tr_ok) {
+    case X509_TRUST_TRUSTED:
+        return 1;
+    case X509_TRUST_REJECTED:
+        break;
+    default:
+        switch (X509_check_purpose(x, purpose, must_be_ca > 0)) {
+        case 1:
+            return 1;
+        case 0:
+            break;
+        default:
+            if ((ctx->param->flags & X509_V_FLAG_X509_STRICT) == 0)
+                return 1;
+        }
+        break;
+    }
+
+    return verify_cb_cert(ctx, x, depth, X509_V_ERR_INVALID_PURPOSE);
+}
+
+/*
+ * Check a certificate chains extensions for consistency with the supplied
+ * purpose
+ */
+
+static int check_chain_extensions(X509_STORE_CTX *ctx)
+{
+    int i, must_be_ca, plen = 0;
+    X509 *x;
+    int proxy_path_length = 0;
+    int purpose;
+    int allow_proxy_certs;
+    int num = sk_X509_num(ctx->chain);
+
+    /*-
+     *  must_be_ca can have 1 of 3 values:
+     * -1: we accept both CA and non-CA certificates, to allow direct
+     *     use of self-signed certificates (which are marked as CA).
+     * 0:  we only accept non-CA certificates.  This is currently not
+     *     used, but the possibility is present for future extensions.
+     * 1:  we only accept CA certificates.  This is currently used for
+     *     all certificates in the chain except the leaf certificate.
+     */
+    must_be_ca = -1;
+
+    /* CRL path validation */
+    if (ctx->parent) {
+        allow_proxy_certs = 0;
+        purpose = X509_PURPOSE_CRL_SIGN;
+    } else {
+        allow_proxy_certs =
+            ! !(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
+        purpose = ctx->param->purpose;
+    }
+
+    for (i = 0; i < num; i++) {
+        int ret;
+        x = sk_X509_value(ctx->chain, i);
+        if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
+            && (x->ex_flags & EXFLAG_CRITICAL)) {
+            if (!verify_cb_cert(ctx, x, i,
+                                X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION))
+                return 0;
+        }
+        if (!allow_proxy_certs && (x->ex_flags & EXFLAG_PROXY)) {
+            if (!verify_cb_cert(ctx, x, i,
+                                X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED))
+                return 0;
+        }
+        ret = X509_check_ca(x);
+        switch (must_be_ca) {
+        case -1:
+            if ((ctx->param->flags & X509_V_FLAG_X509_STRICT)
+                && (ret != 1) && (ret != 0)) {
+                ret = 0;
+                ctx->error = X509_V_ERR_INVALID_CA;
+            } else
+                ret = 1;
+            break;
+        case 0:
+            if (ret != 0) {
+                ret = 0;
+                ctx->error = X509_V_ERR_INVALID_NON_CA;
+            } else
+                ret = 1;
+            break;
+        default:
+            /* X509_V_FLAG_X509_STRICT is implicit for intermediate CAs */
+            if ((ret == 0)
+                || ((i + 1 < num || ctx->param->flags & X509_V_FLAG_X509_STRICT)
+                    && (ret != 1))) {
+                ret = 0;
+                ctx->error = X509_V_ERR_INVALID_CA;
+            } else
+                ret = 1;
+            break;
+        }
+        if (ret == 0 && !verify_cb_cert(ctx, x, i, X509_V_OK))
+            return 0;
+        /* check_purpose() makes the callback as needed */
+        if (purpose > 0 && !check_purpose(ctx, x, purpose, i, must_be_ca))
+            return 0;
+        /* Check pathlen */
+        if ((i > 1) && (x->ex_pathlen != -1)
+            && (plen > (x->ex_pathlen + proxy_path_length))) {
+            if (!verify_cb_cert(ctx, x, i, X509_V_ERR_PATH_LENGTH_EXCEEDED))
+                return 0;
+        }
+        /* Increment path length if not a self issued intermediate CA */
+        if (i > 0 && (x->ex_flags & EXFLAG_SI) == 0)
+            plen++;
+        /*
+         * If this certificate is a proxy certificate, the next certificate
+         * must be another proxy certificate or a EE certificate.  If not,
+         * the next certificate must be a CA certificate.
+         */
+        if (x->ex_flags & EXFLAG_PROXY) {
+            /*
+             * RFC3820, 4.1.3 (b)(1) stipulates that if pCPathLengthConstraint
+             * is less than max_path_length, the former should be copied to
+             * the latter, and 4.1.4 (a) stipulates that max_path_length
+             * should be verified to be larger than zero and decrement it.
+             *
+             * Because we're checking the certs in the reverse order, we start
+             * with verifying that proxy_path_length isn't larger than pcPLC,
+             * and copy the latter to the former if it is, and finally,
+             * increment proxy_path_length.
+             */
+            if (x->ex_pcpathlen != -1) {
+                if (proxy_path_length > x->ex_pcpathlen) {
+                    if (!verify_cb_cert(ctx, x, i,
+                                        X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED))
+                        return 0;
+                }
+                proxy_path_length = x->ex_pcpathlen;
+            }
+            proxy_path_length++;
+            must_be_ca = 0;
+        } else
+            must_be_ca = 1;
+    }
+    return 1;
+}
+
+static int has_san_id(X509 *x, int gtype)
+{
+    int i;
+    int ret = 0;
+    GENERAL_NAMES *gs = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
+
+    if (gs == NULL)
+        return 0;
+
+    for (i = 0; i < sk_GENERAL_NAME_num(gs); i++) {
+        GENERAL_NAME *g = sk_GENERAL_NAME_value(gs, i);
+
+        if (g->type == gtype) {
+            ret = 1;
+            break;
+        }
+    }
+    GENERAL_NAMES_free(gs);
+    return ret;
+}
+
+static int check_name_constraints(X509_STORE_CTX *ctx)
+{
+    int i;
+
+    /* Check name constraints for all certificates */
+    for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) {
+        X509 *x = sk_X509_value(ctx->chain, i);
+        int j;
+
+        /* Ignore self issued certs unless last in chain */
+        if (i && (x->ex_flags & EXFLAG_SI))
+            continue;
+
+        /*
+         * Proxy certificates policy has an extra constraint, where the
+         * certificate subject MUST be the issuer with a single CN entry
+         * added.
+         * (RFC 3820: 3.4, 4.1.3 (a)(4))
+         */
+        if (x->ex_flags & EXFLAG_PROXY) {
+            X509_NAME *tmpsubject = X509_get_subject_name(x);
+            X509_NAME *tmpissuer = X509_get_issuer_name(x);
+            X509_NAME_ENTRY *tmpentry = NULL;
+            int last_object_nid = 0;
+            int err = X509_V_OK;
+            int last_object_loc = X509_NAME_entry_count(tmpsubject) - 1;
+
+            /* Check that there are at least two RDNs */
+            if (last_object_loc < 1) {
+                err = X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION;
+                goto proxy_name_done;
+            }
+
+            /*
+             * Check that there is exactly one more RDN in subject as
+             * there is in issuer.
+             */
+            if (X509_NAME_entry_count(tmpsubject)
+                != X509_NAME_entry_count(tmpissuer) + 1) {
+                err = X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION;
+                goto proxy_name_done;
+            }
+
+            /*
+             * Check that the last subject component isn't part of a
+             * multivalued RDN
+             */
+            if (X509_NAME_ENTRY_set(X509_NAME_get_entry(tmpsubject,
+                                                        last_object_loc))
+                == X509_NAME_ENTRY_set(X509_NAME_get_entry(tmpsubject,
+                                                           last_object_loc - 1))) {
+                err = X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION;
+                goto proxy_name_done;
+            }
+
+            /*
+             * Check that the last subject RDN is a commonName, and that
+             * all the previous RDNs match the issuer exactly
+             */
+            tmpsubject = X509_NAME_dup(tmpsubject);
+            if (tmpsubject == NULL) {
+                X509err(X509_F_CHECK_NAME_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
+                ctx->error = X509_V_ERR_OUT_OF_MEM;
+                return 0;
+            }
+
+            tmpentry =
+                X509_NAME_delete_entry(tmpsubject, last_object_loc);
+            last_object_nid =
+                OBJ_obj2nid(X509_NAME_ENTRY_get_object(tmpentry));
+
+            if (last_object_nid != NID_commonName
+                || X509_NAME_cmp(tmpsubject, tmpissuer) != 0) {
+                err = X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION;
+            }
+
+            X509_NAME_ENTRY_free(tmpentry);
+            X509_NAME_free(tmpsubject);
+
+         proxy_name_done:
+            if (err != X509_V_OK
+                && !verify_cb_cert(ctx, x, i, err))
+                return 0;
+        }
+
+        /*
+         * Check against constraints for all certificates higher in chain
+         * including trust anchor. Trust anchor not strictly speaking needed
+         * but if it includes constraints it is to be assumed it expects them
+         * to be obeyed.
+         */
+        for (j = sk_X509_num(ctx->chain) - 1; j > i; j--) {
+            NAME_CONSTRAINTS *nc = sk_X509_value(ctx->chain, j)->nc;
+
+            if (nc) {
+                int rv = NAME_CONSTRAINTS_check(x, nc);
+
+                /* If EE certificate check commonName too */
+                if (rv == X509_V_OK && i == 0
+                    && (ctx->param->hostflags
+                        & X509_CHECK_FLAG_NEVER_CHECK_SUBJECT) == 0
+                    && ((ctx->param->hostflags
+                         & X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT) != 0
+                        || !has_san_id(x, GEN_DNS)))
+                    rv = NAME_CONSTRAINTS_check_CN(x, nc);
+
+                switch (rv) {
+                case X509_V_OK:
+                    break;
+                case X509_V_ERR_OUT_OF_MEM:
+                    return 0;
+                default:
+                    if (!verify_cb_cert(ctx, x, i, rv))
+                        return 0;
+                    break;
+                }
+            }
+        }
+    }
+    return 1;
+}
+
+static int check_id_error(X509_STORE_CTX *ctx, int errcode)
+{
+    return verify_cb_cert(ctx, ctx->cert, 0, errcode);
+}
+
+static int check_hosts(X509 *x, X509_VERIFY_PARAM *vpm)
+{
+    int i;
+    int n = sk_OPENSSL_STRING_num(vpm->hosts);
+    char *name;
+
+    if (vpm->peername != NULL) {
+        OPENSSL_free(vpm->peername);
+        vpm->peername = NULL;
+    }
+    for (i = 0; i < n; ++i) {
+        name = sk_OPENSSL_STRING_value(vpm->hosts, i);
+        if (X509_check_host(x, name, 0, vpm->hostflags, &vpm->peername) > 0)
+            return 1;
+    }
+    return n == 0;
+}
+
+static int check_id(X509_STORE_CTX *ctx)
+{
+    X509_VERIFY_PARAM *vpm = ctx->param;
+    X509 *x = ctx->cert;
+    if (vpm->hosts && check_hosts(x, vpm) <= 0) {
+        if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH))
+            return 0;
+    }
+    if (vpm->email && X509_check_email(x, vpm->email, vpm->emaillen, 0) <= 0) {
+        if (!check_id_error(ctx, X509_V_ERR_EMAIL_MISMATCH))
+            return 0;
+    }
+    if (vpm->ip && X509_check_ip(x, vpm->ip, vpm->iplen, 0) <= 0) {
+        if (!check_id_error(ctx, X509_V_ERR_IP_ADDRESS_MISMATCH))
+            return 0;
+    }
+    return 1;
+}
+
+static int check_trust(X509_STORE_CTX *ctx, int num_untrusted)
+{
+    int i;
+    X509 *x = NULL;
+    X509 *mx;
+    SSL_DANE *dane = ctx->dane;
+    int num = sk_X509_num(ctx->chain);
+    int trust;
+
+    /*
+     * Check for a DANE issuer at depth 1 or greater, if it is a DANE-TA(2)
+     * match, we're done, otherwise we'll merely record the match depth.
+     */
+    if (DANETLS_HAS_TA(dane) && num_untrusted > 0 && num_untrusted < num) {
+        switch (trust = check_dane_issuer(ctx, num_untrusted)) {
+        case X509_TRUST_TRUSTED:
+        case X509_TRUST_REJECTED:
+            return trust;
+        }
+    }
+
+    /*
+     * Check trusted certificates in chain at depth num_untrusted and up.
+     * Note, that depths 0..num_untrusted-1 may also contain trusted
+     * certificates, but the caller is expected to have already checked those,
+     * and wants to incrementally check just any added since.
+     */
+    for (i = num_untrusted; i < num; i++) {
+        x = sk_X509_value(ctx->chain, i);
+        trust = X509_check_trust(x, ctx->param->trust, 0);
+        /* If explicitly trusted return trusted */
+        if (trust == X509_TRUST_TRUSTED)
+            goto trusted;
+        if (trust == X509_TRUST_REJECTED)
+            goto rejected;
+    }
+
+    /*
+     * If we are looking at a trusted certificate, and accept partial chains,
+     * the chain is PKIX trusted.
+     */
+    if (num_untrusted < num) {
+        if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN)
+            goto trusted;
+        return X509_TRUST_UNTRUSTED;
+    }
+
+    if (num_untrusted == num && ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) {
+        /*
+         * Last-resort call with no new trusted certificates, check the leaf
+         * for a direct trust store match.
+         */
+        i = 0;
+        x = sk_X509_value(ctx->chain, i);
+        mx = lookup_cert_match(ctx, x);
+        if (!mx)
+            return X509_TRUST_UNTRUSTED;
+
+        /*
+         * Check explicit auxiliary trust/reject settings.  If none are set,
+         * we'll accept X509_TRUST_UNTRUSTED when not self-signed.
+         */
+        trust = X509_check_trust(mx, ctx->param->trust, 0);
+        if (trust == X509_TRUST_REJECTED) {
+            X509_free(mx);
+            goto rejected;
+        }
+
+        /* Replace leaf with trusted match */
+        (void) sk_X509_set(ctx->chain, 0, mx);
+        X509_free(x);
+        ctx->num_untrusted = 0;
+        goto trusted;
+    }
+
+    /*
+     * If no trusted certs in chain at all return untrusted and allow
+     * standard (no issuer cert) etc errors to be indicated.
+     */
+    return X509_TRUST_UNTRUSTED;
+
+ rejected:
+    if (!verify_cb_cert(ctx, x, i, X509_V_ERR_CERT_REJECTED))
+        return X509_TRUST_REJECTED;
+    return X509_TRUST_UNTRUSTED;
+
+ trusted:
+    if (!DANETLS_ENABLED(dane))
+        return X509_TRUST_TRUSTED;
+    if (dane->pdpth < 0)
+        dane->pdpth = num_untrusted;
+    /* With DANE, PKIX alone is not trusted until we have both */
+    if (dane->mdpth >= 0)
+        return X509_TRUST_TRUSTED;
+    return X509_TRUST_UNTRUSTED;
+}
+
+static int check_revocation(X509_STORE_CTX *ctx)
+{
+    int i = 0, last = 0, ok = 0;
+    if (!(ctx->param->flags & X509_V_FLAG_CRL_CHECK))
+        return 1;
+    if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL)
+        last = sk_X509_num(ctx->chain) - 1;
+    else {
+        /* If checking CRL paths this isn't the EE certificate */
+        if (ctx->parent)
+            return 1;
+        last = 0;
+    }
+    for (i = 0; i <= last; i++) {
+        ctx->error_depth = i;
+        ok = check_cert(ctx);
+        if (!ok)
+            return ok;
+    }
+    return 1;
+}
+
+static int check_cert(X509_STORE_CTX *ctx)
+{
+    X509_CRL *crl = NULL, *dcrl = NULL;
+    int ok = 0;
+    int cnum = ctx->error_depth;
+    X509 *x = sk_X509_value(ctx->chain, cnum);
+
+    ctx->current_cert = x;
+    ctx->current_issuer = NULL;
+    ctx->current_crl_score = 0;
+    ctx->current_reasons = 0;
+
+    if (x->ex_flags & EXFLAG_PROXY)
+        return 1;
+
+    while (ctx->current_reasons != CRLDP_ALL_REASONS) {
+        unsigned int last_reasons = ctx->current_reasons;
+
+        /* Try to retrieve relevant CRL */
+        if (ctx->get_crl)
+            ok = ctx->get_crl(ctx, &crl, x);
+        else
+            ok = get_crl_delta(ctx, &crl, &dcrl, x);
+        /*
+         * If error looking up CRL, nothing we can do except notify callback
+         */
+        if (!ok) {
+            ok = verify_cb_crl(ctx, X509_V_ERR_UNABLE_TO_GET_CRL);
+            goto done;
+        }
+        ctx->current_crl = crl;
+        ok = ctx->check_crl(ctx, crl);
+        if (!ok)
+            goto done;
+
+        if (dcrl) {
+            ok = ctx->check_crl(ctx, dcrl);
+            if (!ok)
+                goto done;
+            ok = ctx->cert_crl(ctx, dcrl, x);
+            if (!ok)
+                goto done;
+        } else
+            ok = 1;
+
+        /* Don't look in full CRL if delta reason is removefromCRL */
+        if (ok != 2) {
+            ok = ctx->cert_crl(ctx, crl, x);
+            if (!ok)
+                goto done;
+        }
+
+        X509_CRL_free(crl);
+        X509_CRL_free(dcrl);
+        crl = NULL;
+        dcrl = NULL;
+        /*
+         * If reasons not updated we won't get anywhere by another iteration,
+         * so exit loop.
+         */
+        if (last_reasons == ctx->current_reasons) {
+            ok = verify_cb_crl(ctx, X509_V_ERR_UNABLE_TO_GET_CRL);
+            goto done;
+        }
+    }
+ done:
+    X509_CRL_free(crl);
+    X509_CRL_free(dcrl);
+
+    ctx->current_crl = NULL;
+    return ok;
+}
+
+/* Check CRL times against values in X509_STORE_CTX */
+
+static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
+{
+    time_t *ptime;
+    int i;
+
+    if (notify)
+        ctx->current_crl = crl;
+    if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
+        ptime = &ctx->param->check_time;
+    else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME)
+        return 1;
+    else
+        ptime = NULL;
+
+    i = X509_cmp_time(X509_CRL_get0_lastUpdate(crl), ptime);
+    if (i == 0) {
+        if (!notify)
+            return 0;
+        if (!verify_cb_crl(ctx, X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD))
+            return 0;
+    }
+
+    if (i > 0) {
+        if (!notify)
+            return 0;
+        if (!verify_cb_crl(ctx, X509_V_ERR_CRL_NOT_YET_VALID))
+            return 0;
+    }
+
+    if (X509_CRL_get0_nextUpdate(crl)) {
+        i = X509_cmp_time(X509_CRL_get0_nextUpdate(crl), ptime);
+
+        if (i == 0) {
+            if (!notify)
+                return 0;
+            if (!verify_cb_crl(ctx, X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD))
+                return 0;
+        }
+        /* Ignore expiry of base CRL is delta is valid */
+        if ((i < 0) && !(ctx->current_crl_score & CRL_SCORE_TIME_DELTA)) {
+            if (!notify)
+                return 0;
+            if (!verify_cb_crl(ctx, X509_V_ERR_CRL_HAS_EXPIRED))
+                return 0;
+        }
+    }
+
+    if (notify)
+        ctx->current_crl = NULL;
+
+    return 1;
+}
+
+static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
+                      X509 **pissuer, int *pscore, unsigned int *preasons,
+                      STACK_OF(X509_CRL) *crls)
+{
+    int i, crl_score, best_score = *pscore;
+    unsigned int reasons, best_reasons = 0;
+    X509 *x = ctx->current_cert;
+    X509_CRL *crl, *best_crl = NULL;
+    X509 *crl_issuer = NULL, *best_crl_issuer = NULL;
+
+    for (i = 0; i < sk_X509_CRL_num(crls); i++) {
+        crl = sk_X509_CRL_value(crls, i);
+        reasons = *preasons;
+        crl_score = get_crl_score(ctx, &crl_issuer, &reasons, crl, x);
+        if (crl_score < best_score || crl_score == 0)
+            continue;
+        /* If current CRL is equivalent use it if it is newer */
+        if (crl_score == best_score && best_crl != NULL) {
+            int day, sec;
+            if (ASN1_TIME_diff(&day, &sec, X509_CRL_get0_lastUpdate(best_crl),
+                               X509_CRL_get0_lastUpdate(crl)) == 0)
+                continue;
+            /*
+             * ASN1_TIME_diff never returns inconsistent signs for |day|
+             * and |sec|.
+             */
+            if (day <= 0 && sec <= 0)
+                continue;
+        }
+        best_crl = crl;
+        best_crl_issuer = crl_issuer;
+        best_score = crl_score;
+        best_reasons = reasons;
+    }
+
+    if (best_crl) {
+        X509_CRL_free(*pcrl);
+        *pcrl = best_crl;
+        *pissuer = best_crl_issuer;
+        *pscore = best_score;
+        *preasons = best_reasons;
+        X509_CRL_up_ref(best_crl);
+        X509_CRL_free(*pdcrl);
+        *pdcrl = NULL;
+        get_delta_sk(ctx, pdcrl, pscore, best_crl, crls);
+    }
+
+    if (best_score >= CRL_SCORE_VALID)
+        return 1;
+
+    return 0;
+}
+
+/*
+ * Compare two CRL extensions for delta checking purposes. They should be
+ * both present or both absent. If both present all fields must be identical.
+ */
+
+static int crl_extension_match(X509_CRL *a, X509_CRL *b, int nid)
+{
+    ASN1_OCTET_STRING *exta, *extb;
+    int i;
+    i = X509_CRL_get_ext_by_NID(a, nid, -1);
+    if (i >= 0) {
+        /* Can't have multiple occurrences */
+        if (X509_CRL_get_ext_by_NID(a, nid, i) != -1)
+            return 0;
+        exta = X509_EXTENSION_get_data(X509_CRL_get_ext(a, i));
+    } else
+        exta = NULL;
+
+    i = X509_CRL_get_ext_by_NID(b, nid, -1);
+
+    if (i >= 0) {
+
+        if (X509_CRL_get_ext_by_NID(b, nid, i) != -1)
+            return 0;
+        extb = X509_EXTENSION_get_data(X509_CRL_get_ext(b, i));
+    } else
+        extb = NULL;
+
+    if (!exta && !extb)
+        return 1;
+
+    if (!exta || !extb)
+        return 0;
+
+    if (ASN1_OCTET_STRING_cmp(exta, extb))
+        return 0;
+
+    return 1;
+}
+
+/* See if a base and delta are compatible */
+
+static int check_delta_base(X509_CRL *delta, X509_CRL *base)
+{
+    /* Delta CRL must be a delta */
+    if (!delta->base_crl_number)
+        return 0;
+    /* Base must have a CRL number */
+    if (!base->crl_number)
+        return 0;
+    /* Issuer names must match */
+    if (X509_NAME_cmp(X509_CRL_get_issuer(base), X509_CRL_get_issuer(delta)))
+        return 0;
+    /* AKID and IDP must match */
+    if (!crl_extension_match(delta, base, NID_authority_key_identifier))
+        return 0;
+    if (!crl_extension_match(delta, base, NID_issuing_distribution_point))
+        return 0;
+    /* Delta CRL base number must not exceed Full CRL number. */
+    if (ASN1_INTEGER_cmp(delta->base_crl_number, base->crl_number) > 0)
+        return 0;
+    /* Delta CRL number must exceed full CRL number */
+    if (ASN1_INTEGER_cmp(delta->crl_number, base->crl_number) > 0)
+        return 1;
+    return 0;
+}
+
+/*
+ * For a given base CRL find a delta... maybe extend to delta scoring or
+ * retrieve a chain of deltas...
+ */
+
+static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pscore,
+                         X509_CRL *base, STACK_OF(X509_CRL) *crls)
+{
+    X509_CRL *delta;
+    int i;
+    if (!(ctx->param->flags & X509_V_FLAG_USE_DELTAS))
+        return;
+    if (!((ctx->current_cert->ex_flags | base->flags) & EXFLAG_FRESHEST))
+        return;
+    for (i = 0; i < sk_X509_CRL_num(crls); i++) {
+        delta = sk_X509_CRL_value(crls, i);
+        if (check_delta_base(delta, base)) {
+            if (check_crl_time(ctx, delta, 0))
+                *pscore |= CRL_SCORE_TIME_DELTA;
+            X509_CRL_up_ref(delta);
+            *dcrl = delta;
+            return;
+        }
+    }
+    *dcrl = NULL;
+}
+
+/*
+ * For a given CRL return how suitable it is for the supplied certificate
+ * 'x'. The return value is a mask of several criteria. If the issuer is not
+ * the certificate issuer this is returned in *pissuer. The reasons mask is
+ * also used to determine if the CRL is suitable: if no new reasons the CRL
+ * is rejected, otherwise reasons is updated.
+ */
+
+static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
+                         unsigned int *preasons, X509_CRL *crl, X509 *x)
+{
+
+    int crl_score = 0;
+    unsigned int tmp_reasons = *preasons, crl_reasons;
+
+    /* First see if we can reject CRL straight away */
+
+    /* Invalid IDP cannot be processed */
+    if (crl->idp_flags & IDP_INVALID)
+        return 0;
+    /* Reason codes or indirect CRLs need extended CRL support */
+    if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT)) {
+        if (crl->idp_flags & (IDP_INDIRECT | IDP_REASONS))
+            return 0;
+    } else if (crl->idp_flags & IDP_REASONS) {
+        /* If no new reasons reject */
+        if (!(crl->idp_reasons & ~tmp_reasons))
+            return 0;
+    }
+    /* Don't process deltas at this stage */
+    else if (crl->base_crl_number)
+        return 0;
+    /* If issuer name doesn't match certificate need indirect CRL */
+    if (X509_NAME_cmp(X509_get_issuer_name(x), X509_CRL_get_issuer(crl))) {
+        if (!(crl->idp_flags & IDP_INDIRECT))
+            return 0;
+    } else
+        crl_score |= CRL_SCORE_ISSUER_NAME;
+
+    if (!(crl->flags & EXFLAG_CRITICAL))
+        crl_score |= CRL_SCORE_NOCRITICAL;
+
+    /* Check expiry */
+    if (check_crl_time(ctx, crl, 0))
+        crl_score |= CRL_SCORE_TIME;
+
+    /* Check authority key ID and locate certificate issuer */
+    crl_akid_check(ctx, crl, pissuer, &crl_score);
+
+    /* If we can't locate certificate issuer at this point forget it */
+
+    if (!(crl_score & CRL_SCORE_AKID))
+        return 0;
+
+    /* Check cert for matching CRL distribution points */
+
+    if (crl_crldp_check(x, crl, crl_score, &crl_reasons)) {
+        /* If no new reasons reject */
+        if (!(crl_reasons & ~tmp_reasons))
+            return 0;
+        tmp_reasons |= crl_reasons;
+        crl_score |= CRL_SCORE_SCOPE;
+    }
+
+    *preasons = tmp_reasons;
+
+    return crl_score;
+
+}
+
+static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl,
+                           X509 **pissuer, int *pcrl_score)
+{
+    X509 *crl_issuer = NULL;
+    X509_NAME *cnm = X509_CRL_get_issuer(crl);
+    int cidx = ctx->error_depth;
+    int i;
+
+    if (cidx != sk_X509_num(ctx->chain) - 1)
+        cidx++;
+
+    crl_issuer = sk_X509_value(ctx->chain, cidx);
+
+    if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
+        if (*pcrl_score & CRL_SCORE_ISSUER_NAME) {
+            *pcrl_score |= CRL_SCORE_AKID | CRL_SCORE_ISSUER_CERT;
+            *pissuer = crl_issuer;
+            return;
+        }
+    }
+
+    for (cidx++; cidx < sk_X509_num(ctx->chain); cidx++) {
+        crl_issuer = sk_X509_value(ctx->chain, cidx);
+        if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm))
+            continue;
+        if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
+            *pcrl_score |= CRL_SCORE_AKID | CRL_SCORE_SAME_PATH;
+            *pissuer = crl_issuer;
+            return;
+        }
+    }
+
+    /* Anything else needs extended CRL support */
+
+    if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT))
+        return;
+
+    /*
+     * Otherwise the CRL issuer is not on the path. Look for it in the set of
+     * untrusted certificates.
+     */
+    for (i = 0; i < sk_X509_num(ctx->untrusted); i++) {
+        crl_issuer = sk_X509_value(ctx->untrusted, i);
+        if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm))
+            continue;
+        if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
+            *pissuer = crl_issuer;
+            *pcrl_score |= CRL_SCORE_AKID;
+            return;
+        }
+    }
+}
+
+/*
+ * Check the path of a CRL issuer certificate. This creates a new
+ * X509_STORE_CTX and populates it with most of the parameters from the
+ * parent. This could be optimised somewhat since a lot of path checking will
+ * be duplicated by the parent, but this will rarely be used in practice.
+ */
+
+static int check_crl_path(X509_STORE_CTX *ctx, X509 *x)
+{
+    X509_STORE_CTX crl_ctx;
+    int ret;
+
+    /* Don't allow recursive CRL path validation */
+    if (ctx->parent)
+        return 0;
+    if (!X509_STORE_CTX_init(&crl_ctx, ctx->ctx, x, ctx->untrusted))
+        return -1;
+
+    crl_ctx.crls = ctx->crls;
+    /* Copy verify params across */
+    X509_STORE_CTX_set0_param(&crl_ctx, ctx->param);
+
+    crl_ctx.parent = ctx;
+    crl_ctx.verify_cb = ctx->verify_cb;
+
+    /* Verify CRL issuer */
+    ret = X509_verify_cert(&crl_ctx);
+    if (ret <= 0)
+        goto err;
+
+    /* Check chain is acceptable */
+    ret = check_crl_chain(ctx, ctx->chain, crl_ctx.chain);
+ err:
+    X509_STORE_CTX_cleanup(&crl_ctx);
+    return ret;
+}
+
+/*
+ * RFC3280 says nothing about the relationship between CRL path and
+ * certificate path, which could lead to situations where a certificate could
+ * be revoked or validated by a CA not authorised to do so. RFC5280 is more
+ * strict and states that the two paths must end in the same trust anchor,
+ * though some discussions remain... until this is resolved we use the
+ * RFC5280 version
+ */
+
+static int check_crl_chain(X509_STORE_CTX *ctx,
+                           STACK_OF(X509) *cert_path,
+                           STACK_OF(X509) *crl_path)
+{
+    X509 *cert_ta, *crl_ta;
+    cert_ta = sk_X509_value(cert_path, sk_X509_num(cert_path) - 1);
+    crl_ta = sk_X509_value(crl_path, sk_X509_num(crl_path) - 1);
+    if (!X509_cmp(cert_ta, crl_ta))
+        return 1;
+    return 0;
+}
+
+/*-
+ * Check for match between two dist point names: three separate cases.
+ * 1. Both are relative names and compare X509_NAME types.
+ * 2. One full, one relative. Compare X509_NAME to GENERAL_NAMES.
+ * 3. Both are full names and compare two GENERAL_NAMES.
+ * 4. One is NULL: automatic match.
+ */
+
+static int idp_check_dp(DIST_POINT_NAME *a, DIST_POINT_NAME *b)
+{
+    X509_NAME *nm = NULL;
+    GENERAL_NAMES *gens = NULL;
+    GENERAL_NAME *gena, *genb;
+    int i, j;
+    if (!a || !b)
+        return 1;
+    if (a->type == 1) {
+        if (!a->dpname)
+            return 0;
+        /* Case 1: two X509_NAME */
+        if (b->type == 1) {
+            if (!b->dpname)
+                return 0;
+            if (!X509_NAME_cmp(a->dpname, b->dpname))
+                return 1;
+            else
+                return 0;
+        }
+        /* Case 2: set name and GENERAL_NAMES appropriately */
+        nm = a->dpname;
+        gens = b->name.fullname;
+    } else if (b->type == 1) {
+        if (!b->dpname)
+            return 0;
+        /* Case 2: set name and GENERAL_NAMES appropriately */
+        gens = a->name.fullname;
+        nm = b->dpname;
+    }
+
+    /* Handle case 2 with one GENERAL_NAMES and one X509_NAME */
+    if (nm) {
+        for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
+            gena = sk_GENERAL_NAME_value(gens, i);
+            if (gena->type != GEN_DIRNAME)
+                continue;
+            if (!X509_NAME_cmp(nm, gena->d.directoryName))
+                return 1;
+        }
+        return 0;
+    }
+
+    /* Else case 3: two GENERAL_NAMES */
+
+    for (i = 0; i < sk_GENERAL_NAME_num(a->name.fullname); i++) {
+        gena = sk_GENERAL_NAME_value(a->name.fullname, i);
+        for (j = 0; j < sk_GENERAL_NAME_num(b->name.fullname); j++) {
+            genb = sk_GENERAL_NAME_value(b->name.fullname, j);
+            if (!GENERAL_NAME_cmp(gena, genb))
+                return 1;
+        }
+    }
+
+    return 0;
+
+}
+
+static int crldp_check_crlissuer(DIST_POINT *dp, X509_CRL *crl, int crl_score)
+{
+    int i;
+    X509_NAME *nm = X509_CRL_get_issuer(crl);
+    /* If no CRLissuer return is successful iff don't need a match */
+    if (!dp->CRLissuer)
+        return ! !(crl_score & CRL_SCORE_ISSUER_NAME);
+    for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++) {
+        GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i);
+        if (gen->type != GEN_DIRNAME)
+            continue;
+        if (!X509_NAME_cmp(gen->d.directoryName, nm))
+            return 1;
+    }
+    return 0;
+}
+
+/* Check CRLDP and IDP */
+
+static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score,
+                           unsigned int *preasons)
+{
+    int i;
+    if (crl->idp_flags & IDP_ONLYATTR)
+        return 0;
+    if (x->ex_flags & EXFLAG_CA) {
+        if (crl->idp_flags & IDP_ONLYUSER)
+            return 0;
+    } else {
+        if (crl->idp_flags & IDP_ONLYCA)
+            return 0;
+    }
+    *preasons = crl->idp_reasons;
+    for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++) {
+        DIST_POINT *dp = sk_DIST_POINT_value(x->crldp, i);
+        if (crldp_check_crlissuer(dp, crl, crl_score)) {
+            if (!crl->idp || idp_check_dp(dp->distpoint, crl->idp->distpoint)) {
+                *preasons &= dp->dp_reasons;
+                return 1;
+            }
+        }
+    }
+    if ((!crl->idp || !crl->idp->distpoint)
+        && (crl_score & CRL_SCORE_ISSUER_NAME))
+        return 1;
+    return 0;
+}
+
+/*
+ * Retrieve CRL corresponding to current certificate. If deltas enabled try
+ * to find a delta CRL too
+ */
+
+static int get_crl_delta(X509_STORE_CTX *ctx,
+                         X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x)
+{
+    int ok;
+    X509 *issuer = NULL;
+    int crl_score = 0;
+    unsigned int reasons;
+    X509_CRL *crl = NULL, *dcrl = NULL;
+    STACK_OF(X509_CRL) *skcrl;
+    X509_NAME *nm = X509_get_issuer_name(x);
+
+    reasons = ctx->current_reasons;
+    ok = get_crl_sk(ctx, &crl, &dcrl,
+                    &issuer, &crl_score, &reasons, ctx->crls);
+    if (ok)
+        goto done;
+
+    /* Lookup CRLs from store */
+
+    skcrl = ctx->lookup_crls(ctx, nm);
+
+    /* If no CRLs found and a near match from get_crl_sk use that */
+    if (!skcrl && crl)
+        goto done;
+
+    get_crl_sk(ctx, &crl, &dcrl, &issuer, &crl_score, &reasons, skcrl);
+
+    sk_X509_CRL_pop_free(skcrl, X509_CRL_free);
+
+ done:
+    /* If we got any kind of CRL use it and return success */
+    if (crl) {
+        ctx->current_issuer = issuer;
+        ctx->current_crl_score = crl_score;
+        ctx->current_reasons = reasons;
+        *pcrl = crl;
+        *pdcrl = dcrl;
+        return 1;
+    }
+    return 0;
+}
+
+/* Check CRL validity */
+static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)
+{
+    X509 *issuer = NULL;
+    EVP_PKEY *ikey = NULL;
+    int cnum = ctx->error_depth;
+    int chnum = sk_X509_num(ctx->chain) - 1;
+
+    /* if we have an alternative CRL issuer cert use that */
+    if (ctx->current_issuer)
+        issuer = ctx->current_issuer;
+    /*
+     * Else find CRL issuer: if not last certificate then issuer is next
+     * certificate in chain.
+     */
+    else if (cnum < chnum)
+        issuer = sk_X509_value(ctx->chain, cnum + 1);
+    else {
+        issuer = sk_X509_value(ctx->chain, chnum);
+        /* If not self signed, can't check signature */
+        if (!ctx->check_issued(ctx, issuer, issuer) &&
+            !verify_cb_crl(ctx, X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER))
+            return 0;
+    }
+
+    if (issuer == NULL)
+        return 1;
+
+    /*
+     * Skip most tests for deltas because they have already been done
+     */
+    if (!crl->base_crl_number) {
+        /* Check for cRLSign bit if keyUsage present */
+        if ((issuer->ex_flags & EXFLAG_KUSAGE) &&
+            !(issuer->ex_kusage & KU_CRL_SIGN) &&
+            !verify_cb_crl(ctx, X509_V_ERR_KEYUSAGE_NO_CRL_SIGN))
+            return 0;
+
+        if (!(ctx->current_crl_score & CRL_SCORE_SCOPE) &&
+            !verify_cb_crl(ctx, X509_V_ERR_DIFFERENT_CRL_SCOPE))
+            return 0;
+
+        if (!(ctx->current_crl_score & CRL_SCORE_SAME_PATH) &&
+            check_crl_path(ctx, ctx->current_issuer) <= 0 &&
+            !verify_cb_crl(ctx, X509_V_ERR_CRL_PATH_VALIDATION_ERROR))
+            return 0;
+
+        if ((crl->idp_flags & IDP_INVALID) &&
+            !verify_cb_crl(ctx, X509_V_ERR_INVALID_EXTENSION))
+            return 0;
+    }
+
+    if (!(ctx->current_crl_score & CRL_SCORE_TIME) &&
+        !check_crl_time(ctx, crl, 1))
+        return 0;
+
+    /* Attempt to get issuer certificate public key */
+    ikey = X509_get0_pubkey(issuer);
+
+    if (!ikey &&
+        !verify_cb_crl(ctx, X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY))
+        return 0;
+
+    if (ikey) {
+        int rv = X509_CRL_check_suiteb(crl, ikey, ctx->param->flags);
+
+        if (rv != X509_V_OK && !verify_cb_crl(ctx, rv))
+            return 0;
+        /* Verify CRL signature */
+        if (X509_CRL_verify(crl, ikey) <= 0 &&
+            !verify_cb_crl(ctx, X509_V_ERR_CRL_SIGNATURE_FAILURE))
+            return 0;
+    }
+    return 1;
+}
+
+/* Check certificate against CRL */
+static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
+{
+    X509_REVOKED *rev;
+
+    /*
+     * The rules changed for this... previously if a CRL contained unhandled
+     * critical extensions it could still be used to indicate a certificate
+     * was revoked. This has since been changed since critical extensions can
+     * change the meaning of CRL entries.
+     */
+    if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
+        && (crl->flags & EXFLAG_CRITICAL) &&
+        !verify_cb_crl(ctx, X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION))
+        return 0;
+    /*
+     * Look for serial number of certificate in CRL.  If found, make sure
+     * reason is not removeFromCRL.
+     */
+    if (X509_CRL_get0_by_cert(crl, &rev, x)) {
+        if (rev->reason == CRL_REASON_REMOVE_FROM_CRL)
+            return 2;
+        if (!verify_cb_crl(ctx, X509_V_ERR_CERT_REVOKED))
+            return 0;
+    }
+
+    return 1;
+}
+
+static int check_policy(X509_STORE_CTX *ctx)
+{
+    int ret;
+
+    if (ctx->parent)
+        return 1;
+    /*
+     * With DANE, the trust anchor might be a bare public key, not a
+     * certificate!  In that case our chain does not have the trust anchor
+     * certificate as a top-most element.  This comports well with RFC5280
+     * chain verification, since there too, the trust anchor is not part of the
+     * chain to be verified.  In particular, X509_policy_check() does not look
+     * at the TA cert, but assumes that it is present as the top-most chain
+     * element.  We therefore temporarily push a NULL cert onto the chain if it
+     * was verified via a bare public key, and pop it off right after the
+     * X509_policy_check() call.
+     */
+    if (ctx->bare_ta_signed && !sk_X509_push(ctx->chain, NULL)) {
+        X509err(X509_F_CHECK_POLICY, ERR_R_MALLOC_FAILURE);
+        ctx->error = X509_V_ERR_OUT_OF_MEM;
+        return 0;
+    }
+    ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain,
+                            ctx->param->policies, ctx->param->flags);
+    if (ctx->bare_ta_signed)
+        sk_X509_pop(ctx->chain);
+
+    if (ret == X509_PCY_TREE_INTERNAL) {
+        X509err(X509_F_CHECK_POLICY, ERR_R_MALLOC_FAILURE);
+        ctx->error = X509_V_ERR_OUT_OF_MEM;
+        return 0;
+    }
+    /* Invalid or inconsistent extensions */
+    if (ret == X509_PCY_TREE_INVALID) {
+        int i;
+
+        /* Locate certificates with bad extensions and notify callback. */
+        for (i = 1; i < sk_X509_num(ctx->chain); i++) {
+            X509 *x = sk_X509_value(ctx->chain, i);
+
+            if (!(x->ex_flags & EXFLAG_INVALID_POLICY))
+                continue;
+            if (!verify_cb_cert(ctx, x, i,
+                                X509_V_ERR_INVALID_POLICY_EXTENSION))
+                return 0;
+        }
+        return 1;
+    }
+    if (ret == X509_PCY_TREE_FAILURE) {
+        ctx->current_cert = NULL;
+        ctx->error = X509_V_ERR_NO_EXPLICIT_POLICY;
+        return ctx->verify_cb(0, ctx);
+    }
+    if (ret != X509_PCY_TREE_VALID) {
+        X509err(X509_F_CHECK_POLICY, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY) {
+        ctx->current_cert = NULL;
+        /*
+         * Verification errors need to be "sticky", a callback may have allowed
+         * an SSL handshake to continue despite an error, and we must then
+         * remain in an error state.  Therefore, we MUST NOT clear earlier
+         * verification errors by setting the error to X509_V_OK.
+         */
+        if (!ctx->verify_cb(2, ctx))
+            return 0;
+    }
+
+    return 1;
+}
+
+/*-
+ * Check certificate validity times.
+ * If depth >= 0, invoke verification callbacks on error, otherwise just return
+ * the validation status.
+ *
+ * Return 1 on success, 0 otherwise.
+ */
+int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth)
+{
+    time_t *ptime;
+    int i;
+
+    if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
+        ptime = &ctx->param->check_time;
+    else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME)
+        return 1;
+    else
+        ptime = NULL;
+
+    i = X509_cmp_time(X509_get0_notBefore(x), ptime);
+    if (i >= 0 && depth < 0)
+        return 0;
+    if (i == 0 && !verify_cb_cert(ctx, x, depth,
+                                  X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD))
+        return 0;
+    if (i > 0 && !verify_cb_cert(ctx, x, depth, X509_V_ERR_CERT_NOT_YET_VALID))
+        return 0;
+
+    i = X509_cmp_time(X509_get0_notAfter(x), ptime);
+    if (i <= 0 && depth < 0)
+        return 0;
+    if (i == 0 && !verify_cb_cert(ctx, x, depth,
+                                  X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD))
+        return 0;
+    if (i < 0 && !verify_cb_cert(ctx, x, depth, X509_V_ERR_CERT_HAS_EXPIRED))
+        return 0;
+    return 1;
+}
+
+static int internal_verify(X509_STORE_CTX *ctx)
+{
+    int n = sk_X509_num(ctx->chain) - 1;
+    X509 *xi = sk_X509_value(ctx->chain, n);
+    X509 *xs;
+
+    /*
+     * With DANE-verified bare public key TA signatures, it remains only to
+     * check the timestamps of the top certificate.  We report the issuer as
+     * NULL, since all we have is a bare key.
+     */
+    if (ctx->bare_ta_signed) {
+        xs = xi;
+        xi = NULL;
+        goto check_cert;
+    }
+
+    if (ctx->check_issued(ctx, xi, xi))
+        xs = xi;
+    else {
+        if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) {
+            xs = xi;
+            goto check_cert;
+        }
+        if (n <= 0)
+            return verify_cb_cert(ctx, xi, 0,
+                                  X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE);
+        n--;
+        ctx->error_depth = n;
+        xs = sk_X509_value(ctx->chain, n);
+    }
+
+    /*
+     * Do not clear ctx->error=0, it must be "sticky", only the user's callback
+     * is allowed to reset errors (at its own peril).
+     */
+    while (n >= 0) {
+        EVP_PKEY *pkey;
+
+        /*
+         * Skip signature check for self signed certificates unless explicitly
+         * asked for.  It doesn't add any security and just wastes time.  If
+         * the issuer's public key is unusable, report the issuer certificate
+         * and its depth (rather than the depth of the subject).
+         */
+        if (xs != xi || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE)) {
+            if ((pkey = X509_get0_pubkey(xi)) == NULL) {
+                if (!verify_cb_cert(ctx, xi, xi != xs ? n+1 : n,
+                        X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY))
+                    return 0;
+            } else if (X509_verify(xs, pkey) <= 0) {
+                if (!verify_cb_cert(ctx, xs, n,
+                                    X509_V_ERR_CERT_SIGNATURE_FAILURE))
+                    return 0;
+            }
+        }
+
+ check_cert:
+        /* Calls verify callback as needed */
+        if (!x509_check_cert_time(ctx, xs, n))
+            return 0;
+
+        /*
+         * Signal success at this depth.  However, the previous error (if any)
+         * is retained.
+         */
+        ctx->current_issuer = xi;
+        ctx->current_cert = xs;
+        ctx->error_depth = n;
+        if (!ctx->verify_cb(1, ctx))
+            return 0;
+
+        if (--n >= 0) {
+            xi = xs;
+            xs = sk_X509_value(ctx->chain, n);
+        }
+    }
+    return 1;
+}
+
+int X509_cmp_current_time(const ASN1_TIME *ctm)
+{
+    return X509_cmp_time(ctm, NULL);
+}
+
+int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time)
+{
+    static const size_t utctime_length = sizeof("YYMMDDHHMMSSZ") - 1;
+    static const size_t generalizedtime_length = sizeof("YYYYMMDDHHMMSSZ") - 1;
+    ASN1_TIME *asn1_cmp_time = NULL;
+    int i, day, sec, ret = 0;
+
+    /*
+     * Note that ASN.1 allows much more slack in the time format than RFC5280.
+     * In RFC5280, the representation is fixed:
+     * UTCTime: YYMMDDHHMMSSZ
+     * GeneralizedTime: YYYYMMDDHHMMSSZ
+     *
+     * We do NOT currently enforce the following RFC 5280 requirement:
+     * "CAs conforming to this profile MUST always encode certificate
+     *  validity dates through the year 2049 as UTCTime; certificate validity
+     *  dates in 2050 or later MUST be encoded as GeneralizedTime."
+     */
+    switch (ctm->type) {
+    case V_ASN1_UTCTIME:
+        if (ctm->length != (int)(utctime_length))
+            return 0;
+        break;
+    case V_ASN1_GENERALIZEDTIME:
+        if (ctm->length != (int)(generalizedtime_length))
+            return 0;
+        break;
+    default:
+        return 0;
+    }
+
+    /**
+     * Verify the format: the ASN.1 functions we use below allow a more
+     * flexible format than what's mandated by RFC 5280.
+     * Digit and date ranges will be verified in the conversion methods.
+     */
+    for (i = 0; i < ctm->length - 1; i++) {
+        if (!ossl_isdigit(ctm->data[i]))
+            return 0;
+    }
+    if (ctm->data[ctm->length - 1] != 'Z')
+        return 0;
+
+    /*
+     * There is ASN1_UTCTIME_cmp_time_t but no
+     * ASN1_GENERALIZEDTIME_cmp_time_t or ASN1_TIME_cmp_time_t,
+     * so we go through ASN.1
+     */
+    asn1_cmp_time = X509_time_adj(NULL, 0, cmp_time);
+    if (asn1_cmp_time == NULL)
+        goto err;
+    if (!ASN1_TIME_diff(&day, &sec, ctm, asn1_cmp_time))
+        goto err;
+
+    /*
+     * X509_cmp_time comparison is <=.
+     * The return value 0 is reserved for errors.
+     */
+    ret = (day >= 0 && sec >= 0) ? -1 : 1;
+
+ err:
+    ASN1_TIME_free(asn1_cmp_time);
+    return ret;
+}
+
+ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj)
+{
+    return X509_time_adj(s, adj, NULL);
+}
+
+ASN1_TIME *X509_time_adj(ASN1_TIME *s, long offset_sec, time_t *in_tm)
+{
+    return X509_time_adj_ex(s, 0, offset_sec, in_tm);
+}
+
+ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s,
+                            int offset_day, long offset_sec, time_t *in_tm)
+{
+    time_t t;
+
+    if (in_tm)
+        t = *in_tm;
+    else
+        time(&t);
+
+    if (s && !(s->flags & ASN1_STRING_FLAG_MSTRING)) {
+        if (s->type == V_ASN1_UTCTIME)
+            return ASN1_UTCTIME_adj(s, t, offset_day, offset_sec);
+        if (s->type == V_ASN1_GENERALIZEDTIME)
+            return ASN1_GENERALIZEDTIME_adj(s, t, offset_day, offset_sec);
+    }
+    return ASN1_TIME_adj(s, t, offset_day, offset_sec);
+}
+
+int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
+{
+    EVP_PKEY *ktmp = NULL, *ktmp2;
+    int i, j;
+
+    if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey))
+        return 1;
+
+    for (i = 0; i < sk_X509_num(chain); i++) {
+        ktmp = X509_get0_pubkey(sk_X509_value(chain, i));
+        if (ktmp == NULL) {
+            X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,
+                    X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY);
+            return 0;
+        }
+        if (!EVP_PKEY_missing_parameters(ktmp))
+            break;
+    }
+    if (ktmp == NULL) {
+        X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,
+                X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN);
+        return 0;
+    }
+
+    /* first, populate the other certs */
+    for (j = i - 1; j >= 0; j--) {
+        ktmp2 = X509_get0_pubkey(sk_X509_value(chain, j));
+        EVP_PKEY_copy_parameters(ktmp2, ktmp);
+    }
+
+    if (pkey != NULL)
+        EVP_PKEY_copy_parameters(pkey, ktmp);
+    return 1;
+}
+
+/* Make a delta CRL as the diff between two full CRLs */
+
+X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
+                        EVP_PKEY *skey, const EVP_MD *md, unsigned int flags)
+{
+    X509_CRL *crl = NULL;
+    int i;
+    STACK_OF(X509_REVOKED) *revs = NULL;
+    /* CRLs can't be delta already */
+    if (base->base_crl_number || newer->base_crl_number) {
+        X509err(X509_F_X509_CRL_DIFF, X509_R_CRL_ALREADY_DELTA);
+        return NULL;
+    }
+    /* Base and new CRL must have a CRL number */
+    if (!base->crl_number || !newer->crl_number) {
+        X509err(X509_F_X509_CRL_DIFF, X509_R_NO_CRL_NUMBER);
+        return NULL;
+    }
+    /* Issuer names must match */
+    if (X509_NAME_cmp(X509_CRL_get_issuer(base), X509_CRL_get_issuer(newer))) {
+        X509err(X509_F_X509_CRL_DIFF, X509_R_ISSUER_MISMATCH);
+        return NULL;
+    }
+    /* AKID and IDP must match */
+    if (!crl_extension_match(base, newer, NID_authority_key_identifier)) {
+        X509err(X509_F_X509_CRL_DIFF, X509_R_AKID_MISMATCH);
+        return NULL;
+    }
+    if (!crl_extension_match(base, newer, NID_issuing_distribution_point)) {
+        X509err(X509_F_X509_CRL_DIFF, X509_R_IDP_MISMATCH);
+        return NULL;
+    }
+    /* Newer CRL number must exceed full CRL number */
+    if (ASN1_INTEGER_cmp(newer->crl_number, base->crl_number) <= 0) {
+        X509err(X509_F_X509_CRL_DIFF, X509_R_NEWER_CRL_NOT_NEWER);
+        return NULL;
+    }
+    /* CRLs must verify */
+    if (skey && (X509_CRL_verify(base, skey) <= 0 ||
+                 X509_CRL_verify(newer, skey) <= 0)) {
+        X509err(X509_F_X509_CRL_DIFF, X509_R_CRL_VERIFY_FAILURE);
+        return NULL;
+    }
+    /* Create new CRL */
+    crl = X509_CRL_new();
+    if (crl == NULL || !X509_CRL_set_version(crl, 1))
+        goto memerr;
+    /* Set issuer name */
+    if (!X509_CRL_set_issuer_name(crl, X509_CRL_get_issuer(newer)))
+        goto memerr;
+
+    if (!X509_CRL_set1_lastUpdate(crl, X509_CRL_get0_lastUpdate(newer)))
+        goto memerr;
+    if (!X509_CRL_set1_nextUpdate(crl, X509_CRL_get0_nextUpdate(newer)))
+        goto memerr;
+
+    /* Set base CRL number: must be critical */
+
+    if (!X509_CRL_add1_ext_i2d(crl, NID_delta_crl, base->crl_number, 1, 0))
+        goto memerr;
+
+    /*
+     * Copy extensions across from newest CRL to delta: this will set CRL
+     * number to correct value too.
+     */
+
+    for (i = 0; i < X509_CRL_get_ext_count(newer); i++) {
+        X509_EXTENSION *ext;
+        ext = X509_CRL_get_ext(newer, i);
+        if (!X509_CRL_add_ext(crl, ext, -1))
+            goto memerr;
+    }
+
+    /* Go through revoked entries, copying as needed */
+
+    revs = X509_CRL_get_REVOKED(newer);
+
+    for (i = 0; i < sk_X509_REVOKED_num(revs); i++) {
+        X509_REVOKED *rvn, *rvtmp;
+        rvn = sk_X509_REVOKED_value(revs, i);
+        /*
+         * Add only if not also in base. TODO: need something cleverer here
+         * for some more complex CRLs covering multiple CAs.
+         */
+        if (!X509_CRL_get0_by_serial(base, &rvtmp, &rvn->serialNumber)) {
+            rvtmp = X509_REVOKED_dup(rvn);
+            if (!rvtmp)
+                goto memerr;
+            if (!X509_CRL_add0_revoked(crl, rvtmp)) {
+                X509_REVOKED_free(rvtmp);
+                goto memerr;
+            }
+        }
+    }
+    /* TODO: optionally prune deleted entries */
+
+    if (skey && md && !X509_CRL_sign(crl, skey, md))
+        goto memerr;
+
+    return crl;
+
+ memerr:
+    X509err(X509_F_X509_CRL_DIFF, ERR_R_MALLOC_FAILURE);
+    X509_CRL_free(crl);
+    return NULL;
+}
+
+int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data)
+{
+    return CRYPTO_set_ex_data(&ctx->ex_data, idx, data);
+}
+
+void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx)
+{
+    return CRYPTO_get_ex_data(&ctx->ex_data, idx);
+}
+
+int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx)
+{
+    return ctx->error;
+}
+
+void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err)
+{
+    ctx->error = err;
+}
+
+int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx)
+{
+    return ctx->error_depth;
+}
+
+void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth)
+{
+    ctx->error_depth = depth;
+}
+
+X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx)
+{
+    return ctx->current_cert;
+}
+
+void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x)
+{
+    ctx->current_cert = x;
+}
+
+STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx)
+{
+    return ctx->chain;
+}
+
+STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx)
+{
+    if (!ctx->chain)
+        return NULL;
+    return X509_chain_up_ref(ctx->chain);
+}
+
+X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx)
+{
+    return ctx->current_issuer;
+}
+
+X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx)
+{
+    return ctx->current_crl;
+}
+
+X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx)
+{
+    return ctx->parent;
+}
+
+void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x)
+{
+    ctx->cert = x;
+}
+
+void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk)
+{
+    ctx->crls = sk;
+}
+
+int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose)
+{
+    /*
+     * XXX: Why isn't this function always used to set the associated trust?
+     * Should there even be a VPM->trust field at all?  Or should the trust
+     * always be inferred from the purpose by X509_STORE_CTX_init().
+     */
+    return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0);
+}
+
+int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust)
+{
+    /*
+     * XXX: See above, this function would only be needed when the default
+     * trust for the purpose needs an override in a corner case.
+     */
+    return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust);
+}
+
+/*
+ * This function is used to set the X509_STORE_CTX purpose and trust values.
+ * This is intended to be used when another structure has its own trust and
+ * purpose values which (if set) will be inherited by the ctx. If they aren't
+ * set then we will usually have a default purpose in mind which should then
+ * be used to set the trust value. An example of this is SSL use: an SSL
+ * structure will have its own purpose and trust settings which the
+ * application can set: if they aren't set then we use the default of SSL
+ * client/server.
+ */
+
+int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
+                                   int purpose, int trust)
+{
+    int idx;
+    /* If purpose not set use default */
+    if (!purpose)
+        purpose = def_purpose;
+    /* If we have a purpose then check it is valid */
+    if (purpose) {
+        X509_PURPOSE *ptmp;
+        idx = X509_PURPOSE_get_by_id(purpose);
+        if (idx == -1) {
+            X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
+                    X509_R_UNKNOWN_PURPOSE_ID);
+            return 0;
+        }
+        ptmp = X509_PURPOSE_get0(idx);
+        if (ptmp->trust == X509_TRUST_DEFAULT) {
+            idx = X509_PURPOSE_get_by_id(def_purpose);
+            /*
+             * XXX: In the two callers above def_purpose is always 0, which is
+             * not a known value, so idx will always be -1.  How is the
+             * X509_TRUST_DEFAULT case actually supposed to be handled?
+             */
+            if (idx == -1) {
+                X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
+                        X509_R_UNKNOWN_PURPOSE_ID);
+                return 0;
+            }
+            ptmp = X509_PURPOSE_get0(idx);
+        }
+        /* If trust not set then get from purpose default */
+        if (!trust)
+            trust = ptmp->trust;
+    }
+    if (trust) {
+        idx = X509_TRUST_get_by_id(trust);
+        if (idx == -1) {
+            X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
+                    X509_R_UNKNOWN_TRUST_ID);
+            return 0;
+        }
+    }
+
+    if (purpose && !ctx->param->purpose)
+        ctx->param->purpose = purpose;
+    if (trust && !ctx->param->trust)
+        ctx->param->trust = trust;
+    return 1;
+}
+
+X509_STORE_CTX *X509_STORE_CTX_new(void)
+{
+    X509_STORE_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
+
+    if (ctx == NULL) {
+        X509err(X509_F_X509_STORE_CTX_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    return ctx;
+}
+
+void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
+{
+    if (ctx == NULL)
+        return;
+
+    X509_STORE_CTX_cleanup(ctx);
+    OPENSSL_free(ctx);
+}
+
+int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
+                        STACK_OF(X509) *chain)
+{
+    int ret = 1;
+
+    ctx->ctx = store;
+    ctx->cert = x509;
+    ctx->untrusted = chain;
+    ctx->crls = NULL;
+    ctx->num_untrusted = 0;
+    ctx->other_ctx = NULL;
+    ctx->valid = 0;
+    ctx->chain = NULL;
+    ctx->error = 0;
+    ctx->explicit_policy = 0;
+    ctx->error_depth = 0;
+    ctx->current_cert = NULL;
+    ctx->current_issuer = NULL;
+    ctx->current_crl = NULL;
+    ctx->current_crl_score = 0;
+    ctx->current_reasons = 0;
+    ctx->tree = NULL;
+    ctx->parent = NULL;
+    ctx->dane = NULL;
+    ctx->bare_ta_signed = 0;
+    /* Zero ex_data to make sure we're cleanup-safe */
+    memset(&ctx->ex_data, 0, sizeof(ctx->ex_data));
+
+    /* store->cleanup is always 0 in OpenSSL, if set must be idempotent */
+    if (store)
+        ctx->cleanup = store->cleanup;
+    else
+        ctx->cleanup = 0;
+
+    if (store && store->check_issued)
+        ctx->check_issued = store->check_issued;
+    else
+        ctx->check_issued = check_issued;
+
+    if (store && store->get_issuer)
+        ctx->get_issuer = store->get_issuer;
+    else
+        ctx->get_issuer = X509_STORE_CTX_get1_issuer;
+
+    if (store && store->verify_cb)
+        ctx->verify_cb = store->verify_cb;
+    else
+        ctx->verify_cb = null_callback;
+
+    if (store && store->verify)
+        ctx->verify = store->verify;
+    else
+        ctx->verify = internal_verify;
+
+    if (store && store->check_revocation)
+        ctx->check_revocation = store->check_revocation;
+    else
+        ctx->check_revocation = check_revocation;
+
+    if (store && store->get_crl)
+        ctx->get_crl = store->get_crl;
+    else
+        ctx->get_crl = NULL;
+
+    if (store && store->check_crl)
+        ctx->check_crl = store->check_crl;
+    else
+        ctx->check_crl = check_crl;
+
+    if (store && store->cert_crl)
+        ctx->cert_crl = store->cert_crl;
+    else
+        ctx->cert_crl = cert_crl;
+
+    if (store && store->check_policy)
+        ctx->check_policy = store->check_policy;
+    else
+        ctx->check_policy = check_policy;
+
+    if (store && store->lookup_certs)
+        ctx->lookup_certs = store->lookup_certs;
+    else
+        ctx->lookup_certs = X509_STORE_CTX_get1_certs;
+
+    if (store && store->lookup_crls)
+        ctx->lookup_crls = store->lookup_crls;
+    else
+        ctx->lookup_crls = X509_STORE_CTX_get1_crls;
+
+    ctx->param = X509_VERIFY_PARAM_new();
+    if (ctx->param == NULL) {
+        X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /*
+     * Inherit callbacks and flags from X509_STORE if not set use defaults.
+     */
+    if (store)
+        ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param);
+    else
+        ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT | X509_VP_FLAG_ONCE;
+
+    if (ret)
+        ret = X509_VERIFY_PARAM_inherit(ctx->param,
+                                        X509_VERIFY_PARAM_lookup("default"));
+
+    if (ret == 0) {
+        X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /*
+     * XXX: For now, continue to inherit trust from VPM, but infer from the
+     * purpose if this still yields the default value.
+     */
+    if (ctx->param->trust == X509_TRUST_DEFAULT) {
+        int idx = X509_PURPOSE_get_by_id(ctx->param->purpose);
+        X509_PURPOSE *xp = X509_PURPOSE_get0(idx);
+
+        if (xp != NULL)
+            ctx->param->trust = X509_PURPOSE_get_trust(xp);
+    }
+
+    if (CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx,
+                           &ctx->ex_data))
+        return 1;
+    X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE);
+
+ err:
+    /*
+     * On error clean up allocated storage, if the store context was not
+     * allocated with X509_STORE_CTX_new() this is our last chance to do so.
+     */
+    X509_STORE_CTX_cleanup(ctx);
+    return 0;
+}
+
+/*
+ * Set alternative lookup method: just a STACK of trusted certificates. This
+ * avoids X509_STORE nastiness where it isn't needed.
+ */
+void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
+{
+    ctx->other_ctx = sk;
+    ctx->get_issuer = get_issuer_sk;
+    ctx->lookup_certs = lookup_certs_sk;
+}
+
+void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
+{
+    /*
+     * We need to be idempotent because, unfortunately, free() also calls
+     * cleanup(), so the natural call sequence new(), init(), cleanup(), free()
+     * calls cleanup() for the same object twice!  Thus we must zero the
+     * pointers below after they're freed!
+     */
+    /* Seems to always be 0 in OpenSSL, do this at most once. */
+    if (ctx->cleanup != NULL) {
+        ctx->cleanup(ctx);
+        ctx->cleanup = NULL;
+    }
+    if (ctx->param != NULL) {
+        if (ctx->parent == NULL)
+            X509_VERIFY_PARAM_free(ctx->param);
+        ctx->param = NULL;
+    }
+    X509_policy_tree_free(ctx->tree);
+    ctx->tree = NULL;
+    sk_X509_pop_free(ctx->chain, X509_free);
+    ctx->chain = NULL;
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data));
+    memset(&ctx->ex_data, 0, sizeof(ctx->ex_data));
+}
+
+void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth)
+{
+    X509_VERIFY_PARAM_set_depth(ctx->param, depth);
+}
+
+void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags)
+{
+    X509_VERIFY_PARAM_set_flags(ctx->param, flags);
+}
+
+void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
+                             time_t t)
+{
+    X509_VERIFY_PARAM_set_time(ctx->param, t);
+}
+
+X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx)
+{
+    return ctx->cert;
+}
+
+STACK_OF(X509) *X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx)
+{
+    return ctx->untrusted;
+}
+
+void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
+{
+    ctx->untrusted = sk;
+}
+
+void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
+{
+    sk_X509_pop_free(ctx->chain, X509_free);
+    ctx->chain = sk;
+}
+
+void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
+                                  X509_STORE_CTX_verify_cb verify_cb)
+{
+    ctx->verify_cb = verify_cb;
+}
+
+X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx)
+{
+    return ctx->verify_cb;
+}
+
+void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
+                               X509_STORE_CTX_verify_fn verify)
+{
+    ctx->verify = verify;
+}
+
+X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx)
+{
+    return ctx->verify;
+}
+
+X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(X509_STORE_CTX *ctx)
+{
+    return ctx->get_issuer;
+}
+
+X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx)
+{
+    return ctx->check_issued;
+}
+
+X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(X509_STORE_CTX *ctx)
+{
+    return ctx->check_revocation;
+}
+
+X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(X509_STORE_CTX *ctx)
+{
+    return ctx->get_crl;
+}
+
+X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(X509_STORE_CTX *ctx)
+{
+    return ctx->check_crl;
+}
+
+X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(X509_STORE_CTX *ctx)
+{
+    return ctx->cert_crl;
+}
+
+X509_STORE_CTX_check_policy_fn X509_STORE_CTX_get_check_policy(X509_STORE_CTX *ctx)
+{
+    return ctx->check_policy;
+}
+
+X509_STORE_CTX_lookup_certs_fn X509_STORE_CTX_get_lookup_certs(X509_STORE_CTX *ctx)
+{
+    return ctx->lookup_certs;
+}
+
+X509_STORE_CTX_lookup_crls_fn X509_STORE_CTX_get_lookup_crls(X509_STORE_CTX *ctx)
+{
+    return ctx->lookup_crls;
+}
+
+X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(X509_STORE_CTX *ctx)
+{
+    return ctx->cleanup;
+}
+
+X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx)
+{
+    return ctx->tree;
+}
+
+int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx)
+{
+    return ctx->explicit_policy;
+}
+
+int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx)
+{
+    return ctx->num_untrusted;
+}
+
+int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name)
+{
+    const X509_VERIFY_PARAM *param;
+    param = X509_VERIFY_PARAM_lookup(name);
+    if (!param)
+        return 0;
+    return X509_VERIFY_PARAM_inherit(ctx->param, param);
+}
+
+X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx)
+{
+    return ctx->param;
+}
+
+void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param)
+{
+    X509_VERIFY_PARAM_free(ctx->param);
+    ctx->param = param;
+}
+
+void X509_STORE_CTX_set0_dane(X509_STORE_CTX *ctx, SSL_DANE *dane)
+{
+    ctx->dane = dane;
+}
+
+static unsigned char *dane_i2d(
+    X509 *cert,
+    uint8_t selector,
+    unsigned int *i2dlen)
+{
+    unsigned char *buf = NULL;
+    int len;
+
+    /*
+     * Extract ASN.1 DER form of certificate or public key.
+     */
+    switch (selector) {
+    case DANETLS_SELECTOR_CERT:
+        len = i2d_X509(cert, &buf);
+        break;
+    case DANETLS_SELECTOR_SPKI:
+        len = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), &buf);
+        break;
+    default:
+        X509err(X509_F_DANE_I2D, X509_R_BAD_SELECTOR);
+        return NULL;
+    }
+
+    if (len < 0 || buf == NULL) {
+        X509err(X509_F_DANE_I2D, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    *i2dlen = (unsigned int)len;
+    return buf;
+}
+
+#define DANETLS_NONE 256        /* impossible uint8_t */
+
+static int dane_match(X509_STORE_CTX *ctx, X509 *cert, int depth)
+{
+    SSL_DANE *dane = ctx->dane;
+    unsigned usage = DANETLS_NONE;
+    unsigned selector = DANETLS_NONE;
+    unsigned ordinal = DANETLS_NONE;
+    unsigned mtype = DANETLS_NONE;
+    unsigned char *i2dbuf = NULL;
+    unsigned int i2dlen = 0;
+    unsigned char mdbuf[EVP_MAX_MD_SIZE];
+    unsigned char *cmpbuf = NULL;
+    unsigned int cmplen = 0;
+    int i;
+    int recnum;
+    int matched = 0;
+    danetls_record *t = NULL;
+    uint32_t mask;
+
+    mask = (depth == 0) ? DANETLS_EE_MASK : DANETLS_TA_MASK;
+
+    /*
+     * The trust store is not applicable with DANE-TA(2)
+     */
+    if (depth >= ctx->num_untrusted)
+        mask &= DANETLS_PKIX_MASK;
+
+    /*
+     * If we've previously matched a PKIX-?? record, no need to test any
+     * further PKIX-?? records, it remains to just build the PKIX chain.
+     * Had the match been a DANE-?? record, we'd be done already.
+     */
+    if (dane->mdpth >= 0)
+        mask &= ~DANETLS_PKIX_MASK;
+
+    /*-
+     * https://tools.ietf.org/html/rfc7671#section-5.1
+     * https://tools.ietf.org/html/rfc7671#section-5.2
+     * https://tools.ietf.org/html/rfc7671#section-5.3
+     * https://tools.ietf.org/html/rfc7671#section-5.4
+     *
+     * We handle DANE-EE(3) records first as they require no chain building
+     * and no expiration or hostname checks.  We also process digests with
+     * higher ordinals first and ignore lower priorities except Full(0) which
+     * is always processed (last).  If none match, we then process PKIX-EE(1).
+     *
+     * NOTE: This relies on DANE usages sorting before the corresponding PKIX
+     * usages in SSL_dane_tlsa_add(), and also on descending sorting of digest
+     * priorities.  See twin comment in ssl/ssl_lib.c.
+     *
+     * We expect that most TLSA RRsets will have just a single usage, so we
+     * don't go out of our way to cache multiple selector-specific i2d buffers
+     * across usages, but if the selector happens to remain the same as switch
+     * usages, that's OK.  Thus, a set of "3 1 1", "3 0 1", "1 1 1", "1 0 1",
+     * records would result in us generating each of the certificate and public
+     * key DER forms twice, but more typically we'd just see multiple "3 1 1"
+     * or multiple "3 0 1" records.
+     *
+     * As soon as we find a match at any given depth, we stop, because either
+     * we've matched a DANE-?? record and the peer is authenticated, or, after
+     * exhausting all DANE-?? records, we've matched a PKIX-?? record, which is
+     * sufficient for DANE, and what remains to do is ordinary PKIX validation.
+     */
+    recnum = (dane->umask & mask) ? sk_danetls_record_num(dane->trecs) : 0;
+    for (i = 0; matched == 0 && i < recnum; ++i) {
+        t = sk_danetls_record_value(dane->trecs, i);
+        if ((DANETLS_USAGE_BIT(t->usage) & mask) == 0)
+            continue;
+        if (t->usage != usage) {
+            usage = t->usage;
+
+            /* Reset digest agility for each usage/selector pair */
+            mtype = DANETLS_NONE;
+            ordinal = dane->dctx->mdord[t->mtype];
+        }
+        if (t->selector != selector) {
+            selector = t->selector;
+
+            /* Update per-selector state */
+            OPENSSL_free(i2dbuf);
+            i2dbuf = dane_i2d(cert, selector, &i2dlen);
+            if (i2dbuf == NULL)
+                return -1;
+
+            /* Reset digest agility for each usage/selector pair */
+            mtype = DANETLS_NONE;
+            ordinal = dane->dctx->mdord[t->mtype];
+        } else if (t->mtype != DANETLS_MATCHING_FULL) {
+            /*-
+             * Digest agility:
+             *
+             *     <https://tools.ietf.org/html/rfc7671#section-9>
+             *
+             * For a fixed selector, after processing all records with the
+             * highest mtype ordinal, ignore all mtypes with lower ordinals
+             * other than "Full".
+             */
+            if (dane->dctx->mdord[t->mtype] < ordinal)
+                continue;
+        }
+
+        /*
+         * Each time we hit a (new selector or) mtype, re-compute the relevant
+         * digest, more complex caching is not worth the code space.
+         */
+        if (t->mtype != mtype) {
+            const EVP_MD *md = dane->dctx->mdevp[mtype = t->mtype];
+            cmpbuf = i2dbuf;
+            cmplen = i2dlen;
+
+            if (md != NULL) {
+                cmpbuf = mdbuf;
+                if (!EVP_Digest(i2dbuf, i2dlen, cmpbuf, &cmplen, md, 0)) {
+                    matched = -1;
+                    break;
+                }
+            }
+        }
+
+        /*
+         * Squirrel away the certificate and depth if we have a match.  Any
+         * DANE match is dispositive, but with PKIX we still need to build a
+         * full chain.
+         */
+        if (cmplen == t->dlen &&
+            memcmp(cmpbuf, t->data, cmplen) == 0) {
+            if (DANETLS_USAGE_BIT(usage) & DANETLS_DANE_MASK)
+                matched = 1;
+            if (matched || dane->mdpth < 0) {
+                dane->mdpth = depth;
+                dane->mtlsa = t;
+                OPENSSL_free(dane->mcert);
+                dane->mcert = cert;
+                X509_up_ref(cert);
+            }
+            break;
+        }
+    }
+
+    /* Clear the one-element DER cache */
+    OPENSSL_free(i2dbuf);
+    return matched;
+}
+
+static int check_dane_issuer(X509_STORE_CTX *ctx, int depth)
+{
+    SSL_DANE *dane = ctx->dane;
+    int matched = 0;
+    X509 *cert;
+
+    if (!DANETLS_HAS_TA(dane) || depth == 0)
+        return  X509_TRUST_UNTRUSTED;
+
+    /*
+     * Record any DANE trust-anchor matches, for the first depth to test, if
+     * there's one at that depth. (This'll be false for length 1 chains looking
+     * for an exact match for the leaf certificate).
+     */
+    cert = sk_X509_value(ctx->chain, depth);
+    if (cert != NULL && (matched = dane_match(ctx, cert, depth)) < 0)
+        return  X509_TRUST_REJECTED;
+    if (matched > 0) {
+        ctx->num_untrusted = depth - 1;
+        return  X509_TRUST_TRUSTED;
+    }
+
+    return  X509_TRUST_UNTRUSTED;
+}
+
+static int check_dane_pkeys(X509_STORE_CTX *ctx)
+{
+    SSL_DANE *dane = ctx->dane;
+    danetls_record *t;
+    int num = ctx->num_untrusted;
+    X509 *cert = sk_X509_value(ctx->chain, num - 1);
+    int recnum = sk_danetls_record_num(dane->trecs);
+    int i;
+
+    for (i = 0; i < recnum; ++i) {
+        t = sk_danetls_record_value(dane->trecs, i);
+        if (t->usage != DANETLS_USAGE_DANE_TA ||
+            t->selector != DANETLS_SELECTOR_SPKI ||
+            t->mtype != DANETLS_MATCHING_FULL ||
+            X509_verify(cert, t->spki) <= 0)
+            continue;
+
+        /* Clear any PKIX-?? matches that failed to extend to a full chain */
+        X509_free(dane->mcert);
+        dane->mcert = NULL;
+
+        /* Record match via a bare TA public key */
+        ctx->bare_ta_signed = 1;
+        dane->mdpth = num - 1;
+        dane->mtlsa = t;
+
+        /* Prune any excess chain certificates */
+        num = sk_X509_num(ctx->chain);
+        for (; num > ctx->num_untrusted; --num)
+            X509_free(sk_X509_pop(ctx->chain));
+
+        return X509_TRUST_TRUSTED;
+    }
+
+    return X509_TRUST_UNTRUSTED;
+}
+
+static void dane_reset(SSL_DANE *dane)
+{
+    /*
+     * Reset state to verify another chain, or clear after failure.
+     */
+    X509_free(dane->mcert);
+    dane->mcert = NULL;
+    dane->mtlsa = NULL;
+    dane->mdpth = -1;
+    dane->pdpth = -1;
+}
+
+static int check_leaf_suiteb(X509_STORE_CTX *ctx, X509 *cert)
+{
+    int err = X509_chain_check_suiteb(NULL, cert, NULL, ctx->param->flags);
+
+    if (err == X509_V_OK)
+        return 1;
+    return verify_cb_cert(ctx, cert, 0, err);
+}
+
+static int dane_verify(X509_STORE_CTX *ctx)
+{
+    X509 *cert = ctx->cert;
+    SSL_DANE *dane = ctx->dane;
+    int matched;
+    int done;
+
+    dane_reset(dane);
+
+    /*-
+     * When testing the leaf certificate, if we match a DANE-EE(3) record,
+     * dane_match() returns 1 and we're done.  If however we match a PKIX-EE(1)
+     * record, the match depth and matching TLSA record are recorded, but the
+     * return value is 0, because we still need to find a PKIX trust-anchor.
+     * Therefore, when DANE authentication is enabled (required), we're done
+     * if:
+     *   + matched < 0, internal error.
+     *   + matched == 1, we matched a DANE-EE(3) record
+     *   + matched == 0, mdepth < 0 (no PKIX-EE match) and there are no
+     *     DANE-TA(2) or PKIX-TA(0) to test.
+     */
+    matched = dane_match(ctx, ctx->cert, 0);
+    done = matched != 0 || (!DANETLS_HAS_TA(dane) && dane->mdpth < 0);
+
+    if (done)
+        X509_get_pubkey_parameters(NULL, ctx->chain);
+
+    if (matched > 0) {
+        /* Callback invoked as needed */
+        if (!check_leaf_suiteb(ctx, cert))
+            return 0;
+        /* Callback invoked as needed */
+        if ((dane->flags & DANE_FLAG_NO_DANE_EE_NAMECHECKS) == 0 &&
+            !check_id(ctx))
+            return 0;
+        /* Bypass internal_verify(), issue depth 0 success callback */
+        ctx->error_depth = 0;
+        ctx->current_cert = cert;
+        return ctx->verify_cb(1, ctx);
+    }
+
+    if (matched < 0) {
+        ctx->error_depth = 0;
+        ctx->current_cert = cert;
+        ctx->error = X509_V_ERR_OUT_OF_MEM;
+        return -1;
+    }
+
+    if (done) {
+        /* Fail early, TA-based success is not possible */
+        if (!check_leaf_suiteb(ctx, cert))
+            return 0;
+        return verify_cb_cert(ctx, cert, 0, X509_V_ERR_DANE_NO_MATCH);
+    }
+
+    /*
+     * Chain verification for usages 0/1/2.  TLSA record matching of depth > 0
+     * certificates happens in-line with building the rest of the chain.
+     */
+    return verify_chain(ctx);
+}
+
+/* Get issuer, without duplicate suppression */
+static int get_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *cert)
+{
+    STACK_OF(X509) *saved_chain = ctx->chain;
+    int ok;
+
+    ctx->chain = NULL;
+    ok = ctx->get_issuer(issuer, ctx, cert);
+    ctx->chain = saved_chain;
+
+    return ok;
+}
+
+static int build_chain(X509_STORE_CTX *ctx)
+{
+    SSL_DANE *dane = ctx->dane;
+    int num = sk_X509_num(ctx->chain);
+    X509 *cert = sk_X509_value(ctx->chain, num - 1);
+    int ss = cert_self_signed(cert);
+    STACK_OF(X509) *sktmp = NULL;
+    unsigned int search;
+    int may_trusted = 0;
+    int may_alternate = 0;
+    int trust = X509_TRUST_UNTRUSTED;
+    int alt_untrusted = 0;
+    int depth;
+    int ok = 0;
+    int i;
+
+    /* Our chain starts with a single untrusted element. */
+    if (!ossl_assert(num == 1 && ctx->num_untrusted == num))  {
+        X509err(X509_F_BUILD_CHAIN, ERR_R_INTERNAL_ERROR);
+        ctx->error = X509_V_ERR_UNSPECIFIED;
+        return 0;
+    }
+
+#define S_DOUNTRUSTED      (1 << 0)     /* Search untrusted chain */
+#define S_DOTRUSTED        (1 << 1)     /* Search trusted store */
+#define S_DOALTERNATE      (1 << 2)     /* Retry with pruned alternate chain */
+    /*
+     * Set up search policy, untrusted if possible, trusted-first if enabled.
+     * If we're doing DANE and not doing PKIX-TA/PKIX-EE, we never look in the
+     * trust_store, otherwise we might look there first.  If not trusted-first,
+     * and alternate chains are not disabled, try building an alternate chain
+     * if no luck with untrusted first.
+     */
+    search = (ctx->untrusted != NULL) ? S_DOUNTRUSTED : 0;
+    if (DANETLS_HAS_PKIX(dane) || !DANETLS_HAS_DANE(dane)) {
+        if (search == 0 || ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST)
+            search |= S_DOTRUSTED;
+        else if (!(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS))
+            may_alternate = 1;
+        may_trusted = 1;
+    }
+
+    /*
+     * Shallow-copy the stack of untrusted certificates (with TLS, this is
+     * typically the content of the peer's certificate message) so can make
+     * multiple passes over it, while free to remove elements as we go.
+     */
+    if (ctx->untrusted && (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) {
+        X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE);
+        ctx->error = X509_V_ERR_OUT_OF_MEM;
+        return 0;
+    }
+
+    /*
+     * If we got any "DANE-TA(2) Cert(0) Full(0)" trust-anchors from DNS, add
+     * them to our working copy of the untrusted certificate stack.  Since the
+     * caller of X509_STORE_CTX_init() may have provided only a leaf cert with
+     * no corresponding stack of untrusted certificates, we may need to create
+     * an empty stack first.  [ At present only the ssl library provides DANE
+     * support, and ssl_verify_cert_chain() always provides a non-null stack
+     * containing at least the leaf certificate, but we must be prepared for
+     * this to change. ]
+     */
+    if (DANETLS_ENABLED(dane) && dane->certs != NULL) {
+        if (sktmp == NULL && (sktmp = sk_X509_new_null()) == NULL) {
+            X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE);
+            ctx->error = X509_V_ERR_OUT_OF_MEM;
+            return 0;
+        }
+        for (i = 0; i < sk_X509_num(dane->certs); ++i) {
+            if (!sk_X509_push(sktmp, sk_X509_value(dane->certs, i))) {
+                sk_X509_free(sktmp);
+                X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE);
+                ctx->error = X509_V_ERR_OUT_OF_MEM;
+                return 0;
+            }
+        }
+    }
+
+    /*
+     * Still absurdly large, but arithmetically safe, a lower hard upper bound
+     * might be reasonable.
+     */
+    if (ctx->param->depth > INT_MAX/2)
+        ctx->param->depth = INT_MAX/2;
+
+    /*
+     * Try to Extend the chain until we reach an ultimately trusted issuer.
+     * Build chains up to one longer the limit, later fail if we hit the limit,
+     * with an X509_V_ERR_CERT_CHAIN_TOO_LONG error code.
+     */
+    depth = ctx->param->depth + 1;
+
+    while (search != 0) {
+        X509 *x;
+        X509 *xtmp = NULL;
+
+        /*
+         * Look in the trust store if enabled for first lookup, or we've run
+         * out of untrusted issuers and search here is not disabled.  When we
+         * reach the depth limit, we stop extending the chain, if by that point
+         * we've not found a trust-anchor, any trusted chain would be too long.
+         *
+         * The error reported to the application verify callback is at the
+         * maximal valid depth with the current certificate equal to the last
+         * not ultimately-trusted issuer.  For example, with verify_depth = 0,
+         * the callback will report errors at depth=1 when the immediate issuer
+         * of the leaf certificate is not a trust anchor.  No attempt will be
+         * made to locate an issuer for that certificate, since such a chain
+         * would be a-priori too long.
+         */
+        if ((search & S_DOTRUSTED) != 0) {
+            i = num = sk_X509_num(ctx->chain);
+            if ((search & S_DOALTERNATE) != 0) {
+                /*
+                 * As high up the chain as we can, look for an alternative
+                 * trusted issuer of an untrusted certificate that currently
+                 * has an untrusted issuer.  We use the alt_untrusted variable
+                 * to track how far up the chain we find the first match.  It
+                 * is only if and when we find a match, that we prune the chain
+                 * and reset ctx->num_untrusted to the reduced count of
+                 * untrusted certificates.  While we're searching for such a
+                 * match (which may never be found), it is neither safe nor
+                 * wise to preemptively modify either the chain or
+                 * ctx->num_untrusted.
+                 *
+                 * Note, like ctx->num_untrusted, alt_untrusted is a count of
+                 * untrusted certificates, not a "depth".
+                 */
+                i = alt_untrusted;
+            }
+            x = sk_X509_value(ctx->chain, i-1);
+
+            ok = (depth < num) ? 0 : get_issuer(&xtmp, ctx, x);
+
+            if (ok < 0) {
+                trust = X509_TRUST_REJECTED;
+                ctx->error = X509_V_ERR_STORE_LOOKUP;
+                search = 0;
+                continue;
+            }
+
+            if (ok > 0) {
+                /*
+                 * Alternative trusted issuer for a mid-chain untrusted cert?
+                 * Pop the untrusted cert's successors and retry.  We might now
+                 * be able to complete a valid chain via the trust store.  Note
+                 * that despite the current trust-store match we might still
+                 * fail complete the chain to a suitable trust-anchor, in which
+                 * case we may prune some more untrusted certificates and try
+                 * again.  Thus the S_DOALTERNATE bit may yet be turned on
+                 * again with an even shorter untrusted chain!
+                 *
+                 * If in the process we threw away our matching PKIX-TA trust
+                 * anchor, reset DANE trust.  We might find a suitable trusted
+                 * certificate among the ones from the trust store.
+                 */
+                if ((search & S_DOALTERNATE) != 0) {
+                    if (!ossl_assert(num > i && i > 0 && ss == 0)) {
+                        X509err(X509_F_BUILD_CHAIN, ERR_R_INTERNAL_ERROR);
+                        X509_free(xtmp);
+                        trust = X509_TRUST_REJECTED;
+                        ctx->error = X509_V_ERR_UNSPECIFIED;
+                        search = 0;
+                        continue;
+                    }
+                    search &= ~S_DOALTERNATE;
+                    for (; num > i; --num)
+                        X509_free(sk_X509_pop(ctx->chain));
+                    ctx->num_untrusted = num;
+
+                    if (DANETLS_ENABLED(dane) &&
+                        dane->mdpth >= ctx->num_untrusted) {
+                        dane->mdpth = -1;
+                        X509_free(dane->mcert);
+                        dane->mcert = NULL;
+                    }
+                    if (DANETLS_ENABLED(dane) &&
+                        dane->pdpth >= ctx->num_untrusted)
+                        dane->pdpth = -1;
+                }
+
+                /*
+                 * Self-signed untrusted certificates get replaced by their
+                 * trusted matching issuer.  Otherwise, grow the chain.
+                 */
+                if (ss == 0) {
+                    if (!sk_X509_push(ctx->chain, x = xtmp)) {
+                        X509_free(xtmp);
+                        X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE);
+                        trust = X509_TRUST_REJECTED;
+                        ctx->error = X509_V_ERR_OUT_OF_MEM;
+                        search = 0;
+                        continue;
+                    }
+                    ss = cert_self_signed(x);
+                } else if (num == ctx->num_untrusted) {
+                    /*
+                     * We have a self-signed certificate that has the same
+                     * subject name (and perhaps keyid and/or serial number) as
+                     * a trust-anchor.  We must have an exact match to avoid
+                     * possible impersonation via key substitution etc.
+                     */
+                    if (X509_cmp(x, xtmp) != 0) {
+                        /* Self-signed untrusted mimic. */
+                        X509_free(xtmp);
+                        ok = 0;
+                    } else {
+                        X509_free(x);
+                        ctx->num_untrusted = --num;
+                        (void) sk_X509_set(ctx->chain, num, x = xtmp);
+                    }
+                }
+
+                /*
+                 * We've added a new trusted certificate to the chain, recheck
+                 * trust.  If not done, and not self-signed look deeper.
+                 * Whether or not we're doing "trusted first", we no longer
+                 * look for untrusted certificates from the peer's chain.
+                 *
+                 * At this point ctx->num_trusted and num must reflect the
+                 * correct number of untrusted certificates, since the DANE
+                 * logic in check_trust() depends on distinguishing CAs from
+                 * "the wire" from CAs from the trust store.  In particular, the
+                 * certificate at depth "num" should be the new trusted
+                 * certificate with ctx->num_untrusted <= num.
+                 */
+                if (ok) {
+                    if (!ossl_assert(ctx->num_untrusted <= num)) {
+                        X509err(X509_F_BUILD_CHAIN, ERR_R_INTERNAL_ERROR);
+                        trust = X509_TRUST_REJECTED;
+                        ctx->error = X509_V_ERR_UNSPECIFIED;
+                        search = 0;
+                        continue;
+                    }
+                    search &= ~S_DOUNTRUSTED;
+                    switch (trust = check_trust(ctx, num)) {
+                    case X509_TRUST_TRUSTED:
+                    case X509_TRUST_REJECTED:
+                        search = 0;
+                        continue;
+                    }
+                    if (ss == 0)
+                        continue;
+                }
+            }
+
+            /*
+             * No dispositive decision, and either self-signed or no match, if
+             * we were doing untrusted-first, and alt-chains are not disabled,
+             * do that, by repeatedly losing one untrusted element at a time,
+             * and trying to extend the shorted chain.
+             */
+            if ((search & S_DOUNTRUSTED) == 0) {
+                /* Continue search for a trusted issuer of a shorter chain? */
+                if ((search & S_DOALTERNATE) != 0 && --alt_untrusted > 0)
+                    continue;
+                /* Still no luck and no fallbacks left? */
+                if (!may_alternate || (search & S_DOALTERNATE) != 0 ||
+                    ctx->num_untrusted < 2)
+                    break;
+                /* Search for a trusted issuer of a shorter chain */
+                search |= S_DOALTERNATE;
+                alt_untrusted = ctx->num_untrusted - 1;
+                ss = 0;
+            }
+        }
+
+        /*
+         * Extend chain with peer-provided certificates
+         */
+        if ((search & S_DOUNTRUSTED) != 0) {
+            num = sk_X509_num(ctx->chain);
+            if (!ossl_assert(num == ctx->num_untrusted)) {
+                X509err(X509_F_BUILD_CHAIN, ERR_R_INTERNAL_ERROR);
+                trust = X509_TRUST_REJECTED;
+                ctx->error = X509_V_ERR_UNSPECIFIED;
+                search = 0;
+                continue;
+            }
+            x = sk_X509_value(ctx->chain, num-1);
+
+            /*
+             * Once we run out of untrusted issuers, we stop looking for more
+             * and start looking only in the trust store if enabled.
+             */
+            xtmp = (ss || depth < num) ? NULL : find_issuer(ctx, sktmp, x);
+            if (xtmp == NULL) {
+                search &= ~S_DOUNTRUSTED;
+                if (may_trusted)
+                    search |= S_DOTRUSTED;
+                continue;
+            }
+
+            /* Drop this issuer from future consideration */
+            (void) sk_X509_delete_ptr(sktmp, xtmp);
+
+            if (!sk_X509_push(ctx->chain, xtmp)) {
+                X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE);
+                trust = X509_TRUST_REJECTED;
+                ctx->error = X509_V_ERR_OUT_OF_MEM;
+                search = 0;
+                continue;
+            }
+
+            X509_up_ref(x = xtmp);
+            ++ctx->num_untrusted;
+            ss = cert_self_signed(xtmp);
+
+            /*
+             * Check for DANE-TA trust of the topmost untrusted certificate.
+             */
+            switch (trust = check_dane_issuer(ctx, ctx->num_untrusted - 1)) {
+            case X509_TRUST_TRUSTED:
+            case X509_TRUST_REJECTED:
+                search = 0;
+                continue;
+            }
+        }
+    }
+    sk_X509_free(sktmp);
+
+    /*
+     * Last chance to make a trusted chain, either bare DANE-TA public-key
+     * signers, or else direct leaf PKIX trust.
+     */
+    num = sk_X509_num(ctx->chain);
+    if (num <= depth) {
+        if (trust == X509_TRUST_UNTRUSTED && DANETLS_HAS_DANE_TA(dane))
+            trust = check_dane_pkeys(ctx);
+        if (trust == X509_TRUST_UNTRUSTED && num == ctx->num_untrusted)
+            trust = check_trust(ctx, num);
+    }
+
+    switch (trust) {
+    case X509_TRUST_TRUSTED:
+        return 1;
+    case X509_TRUST_REJECTED:
+        /* Callback already issued */
+        return 0;
+    case X509_TRUST_UNTRUSTED:
+    default:
+        num = sk_X509_num(ctx->chain);
+        if (num > depth)
+            return verify_cb_cert(ctx, NULL, num-1,
+                                  X509_V_ERR_CERT_CHAIN_TOO_LONG);
+        if (DANETLS_ENABLED(dane) &&
+            (!DANETLS_HAS_PKIX(dane) || dane->pdpth >= 0))
+            return verify_cb_cert(ctx, NULL, num-1, X509_V_ERR_DANE_NO_MATCH);
+        if (ss && sk_X509_num(ctx->chain) == 1)
+            return verify_cb_cert(ctx, NULL, num-1,
+                                  X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT);
+        if (ss)
+            return verify_cb_cert(ctx, NULL, num-1,
+                                  X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN);
+        if (ctx->num_untrusted < num)
+            return verify_cb_cert(ctx, NULL, num-1,
+                                  X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT);
+        return verify_cb_cert(ctx, NULL, num-1,
+                              X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY);
+    }
+}
+
+static const int minbits_table[] = { 80, 112, 128, 192, 256 };
+static const int NUM_AUTH_LEVELS = OSSL_NELEM(minbits_table);
+
+/*
+ * Check whether the public key of ``cert`` meets the security level of
+ * ``ctx``.
+ *
+ * Returns 1 on success, 0 otherwise.
+ */
+static int check_key_level(X509_STORE_CTX *ctx, X509 *cert)
+{
+    EVP_PKEY *pkey = X509_get0_pubkey(cert);
+    int level = ctx->param->auth_level;
+
+    /*
+     * At security level zero, return without checking for a supported public
+     * key type.  Some engines support key types not understood outside the
+     * engine, and we only need to understand the key when enforcing a security
+     * floor.
+     */
+    if (level <= 0)
+        return 1;
+
+    /* Unsupported or malformed keys are not secure */
+    if (pkey == NULL)
+        return 0;
+
+    if (level > NUM_AUTH_LEVELS)
+        level = NUM_AUTH_LEVELS;
+
+    return EVP_PKEY_security_bits(pkey) >= minbits_table[level - 1];
+}
+
+/*
+ * Check whether the signature digest algorithm of ``cert`` meets the security
+ * level of ``ctx``.  Should not be checked for trust anchors (whether
+ * self-signed or otherwise).
+ *
+ * Returns 1 on success, 0 otherwise.
+ */
+static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert)
+{
+    int secbits = -1;
+    int level = ctx->param->auth_level;
+
+    if (level <= 0)
+        return 1;
+    if (level > NUM_AUTH_LEVELS)
+        level = NUM_AUTH_LEVELS;
+
+    if (!X509_get_signature_info(cert, NULL, NULL, &secbits, NULL))
+        return 0;
+
+    return secbits >= minbits_table[level - 1];
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_vpm.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_vpm.c
new file mode 100644
index 000000000..aea186295
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_vpm.c
@@ -0,0 +1,602 @@
+/*
+ * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+
+#include "internal/cryptlib.h"
+#include <openssl/crypto.h>
+#include <openssl/buffer.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include "internal/x509_int.h"
+
+#include "x509_lcl.h"
+
+/* X509_VERIFY_PARAM functions */
+
+#define SET_HOST 0
+#define ADD_HOST 1
+
+static char *str_copy(const char *s)
+{
+    return OPENSSL_strdup(s);
+}
+
+static void str_free(char *s)
+{
+    OPENSSL_free(s);
+}
+
+static int int_x509_param_set_hosts(X509_VERIFY_PARAM *vpm, int mode,
+                                    const char *name, size_t namelen)
+{
+    char *copy;
+
+    /*
+     * Refuse names with embedded NUL bytes, except perhaps as final byte.
+     * XXX: Do we need to push an error onto the error stack?
+     */
+    if (namelen == 0 || name == NULL)
+        namelen = name ? strlen(name) : 0;
+    else if (name && memchr(name, '\0', namelen > 1 ? namelen - 1 : namelen))
+        return 0;
+    if (namelen > 0 && name[namelen - 1] == '\0')
+        --namelen;
+
+    if (mode == SET_HOST) {
+        sk_OPENSSL_STRING_pop_free(vpm->hosts, str_free);
+        vpm->hosts = NULL;
+    }
+    if (name == NULL || namelen == 0)
+        return 1;
+
+    copy = OPENSSL_strndup(name, namelen);
+    if (copy == NULL)
+        return 0;
+
+    if (vpm->hosts == NULL &&
+        (vpm->hosts = sk_OPENSSL_STRING_new_null()) == NULL) {
+        OPENSSL_free(copy);
+        return 0;
+    }
+
+    if (!sk_OPENSSL_STRING_push(vpm->hosts, copy)) {
+        OPENSSL_free(copy);
+        if (sk_OPENSSL_STRING_num(vpm->hosts) == 0) {
+            sk_OPENSSL_STRING_free(vpm->hosts);
+            vpm->hosts = NULL;
+        }
+        return 0;
+    }
+
+    return 1;
+}
+
+
+X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void)
+{
+    X509_VERIFY_PARAM *param;
+
+    param = OPENSSL_zalloc(sizeof(*param));
+    if (param == NULL) {
+        X509err(X509_F_X509_VERIFY_PARAM_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    param->trust = X509_TRUST_DEFAULT;
+    /* param->inh_flags = X509_VP_FLAG_DEFAULT; */
+    param->depth = -1;
+    param->auth_level = -1; /* -1 means unset, 0 is explicit */
+    return param;
+}
+
+void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param)
+{
+    if (param == NULL)
+        return;
+    sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
+    sk_OPENSSL_STRING_pop_free(param->hosts, str_free);
+    OPENSSL_free(param->peername);
+    OPENSSL_free(param->email);
+    OPENSSL_free(param->ip);
+    OPENSSL_free(param);
+}
+
+/*-
+ * This function determines how parameters are "inherited" from one structure
+ * to another. There are several different ways this can happen.
+ *
+ * 1. If a child structure needs to have its values initialized from a parent
+ *    they are simply copied across. For example SSL_CTX copied to SSL.
+ * 2. If the structure should take on values only if they are currently unset.
+ *    For example the values in an SSL structure will take appropriate value
+ *    for SSL servers or clients but only if the application has not set new
+ *    ones.
+ *
+ * The "inh_flags" field determines how this function behaves.
+ *
+ * Normally any values which are set in the default are not copied from the
+ * destination and verify flags are ORed together.
+ *
+ * If X509_VP_FLAG_DEFAULT is set then anything set in the source is copied
+ * to the destination. Effectively the values in "to" become default values
+ * which will be used only if nothing new is set in "from".
+ *
+ * If X509_VP_FLAG_OVERWRITE is set then all value are copied across whether
+ * they are set or not. Flags is still Ored though.
+ *
+ * If X509_VP_FLAG_RESET_FLAGS is set then the flags value is copied instead
+ * of ORed.
+ *
+ * If X509_VP_FLAG_LOCKED is set then no values are copied.
+ *
+ * If X509_VP_FLAG_ONCE is set then the current inh_flags setting is zeroed
+ * after the next call.
+ */
+
+/* Macro to test if a field should be copied from src to dest */
+
+#define test_x509_verify_param_copy(field, def) \
+        (to_overwrite || \
+                ((src->field != def) && (to_default || (dest->field == def))))
+
+/* Macro to test and copy a field if necessary */
+
+#define x509_verify_param_copy(field, def) \
+        if (test_x509_verify_param_copy(field, def)) \
+                dest->field = src->field
+
+int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
+                              const X509_VERIFY_PARAM *src)
+{
+    unsigned long inh_flags;
+    int to_default, to_overwrite;
+    if (!src)
+        return 1;
+    inh_flags = dest->inh_flags | src->inh_flags;
+
+    if (inh_flags & X509_VP_FLAG_ONCE)
+        dest->inh_flags = 0;
+
+    if (inh_flags & X509_VP_FLAG_LOCKED)
+        return 1;
+
+    if (inh_flags & X509_VP_FLAG_DEFAULT)
+        to_default = 1;
+    else
+        to_default = 0;
+
+    if (inh_flags & X509_VP_FLAG_OVERWRITE)
+        to_overwrite = 1;
+    else
+        to_overwrite = 0;
+
+    x509_verify_param_copy(purpose, 0);
+    x509_verify_param_copy(trust, X509_TRUST_DEFAULT);
+    x509_verify_param_copy(depth, -1);
+    x509_verify_param_copy(auth_level, -1);
+
+    /* If overwrite or check time not set, copy across */
+
+    if (to_overwrite || !(dest->flags & X509_V_FLAG_USE_CHECK_TIME)) {
+        dest->check_time = src->check_time;
+        dest->flags &= ~X509_V_FLAG_USE_CHECK_TIME;
+        /* Don't need to copy flag: that is done below */
+    }
+
+    if (inh_flags & X509_VP_FLAG_RESET_FLAGS)
+        dest->flags = 0;
+
+    dest->flags |= src->flags;
+
+    if (test_x509_verify_param_copy(policies, NULL)) {
+        if (!X509_VERIFY_PARAM_set1_policies(dest, src->policies))
+            return 0;
+    }
+
+    /* Copy the host flags if and only if we're copying the host list */
+    if (test_x509_verify_param_copy(hosts, NULL)) {
+        sk_OPENSSL_STRING_pop_free(dest->hosts, str_free);
+        dest->hosts = NULL;
+        if (src->hosts) {
+            dest->hosts =
+                sk_OPENSSL_STRING_deep_copy(src->hosts, str_copy, str_free);
+            if (dest->hosts == NULL)
+                return 0;
+            dest->hostflags = src->hostflags;
+        }
+    }
+
+    if (test_x509_verify_param_copy(email, NULL)) {
+        if (!X509_VERIFY_PARAM_set1_email(dest, src->email, src->emaillen))
+            return 0;
+    }
+
+    if (test_x509_verify_param_copy(ip, NULL)) {
+        if (!X509_VERIFY_PARAM_set1_ip(dest, src->ip, src->iplen))
+            return 0;
+    }
+
+    return 1;
+}
+
+int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,
+                           const X509_VERIFY_PARAM *from)
+{
+    unsigned long save_flags = to->inh_flags;
+    int ret;
+    to->inh_flags |= X509_VP_FLAG_DEFAULT;
+    ret = X509_VERIFY_PARAM_inherit(to, from);
+    to->inh_flags = save_flags;
+    return ret;
+}
+
+static int int_x509_param_set1(char **pdest, size_t *pdestlen,
+                               const char *src, size_t srclen)
+{
+    void *tmp;
+    if (src) {
+        if (srclen == 0)
+            srclen = strlen(src);
+
+        tmp = OPENSSL_memdup(src, srclen);
+        if (tmp == NULL)
+            return 0;
+    } else {
+        tmp = NULL;
+        srclen = 0;
+    }
+    OPENSSL_free(*pdest);
+    *pdest = tmp;
+    if (pdestlen != NULL)
+        *pdestlen = srclen;
+    return 1;
+}
+
+int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name)
+{
+    OPENSSL_free(param->name);
+    param->name = OPENSSL_strdup(name);
+    if (param->name)
+        return 1;
+    return 0;
+}
+
+int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags)
+{
+    param->flags |= flags;
+    if (flags & X509_V_FLAG_POLICY_MASK)
+        param->flags |= X509_V_FLAG_POLICY_CHECK;
+    return 1;
+}
+
+int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,
+                                  unsigned long flags)
+{
+    param->flags &= ~flags;
+    return 1;
+}
+
+unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param)
+{
+    return param->flags;
+}
+
+uint32_t X509_VERIFY_PARAM_get_inh_flags(const X509_VERIFY_PARAM *param)
+{
+    return param->inh_flags;
+}
+
+int X509_VERIFY_PARAM_set_inh_flags(X509_VERIFY_PARAM *param, uint32_t flags)
+{
+    param->inh_flags = flags;
+    return 1;
+}
+
+int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose)
+{
+    return X509_PURPOSE_set(&param->purpose, purpose);
+}
+
+int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust)
+{
+    return X509_TRUST_set(&param->trust, trust);
+}
+
+void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth)
+{
+    param->depth = depth;
+}
+
+void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param, int auth_level)
+{
+    param->auth_level = auth_level;
+}
+
+time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param)
+{
+    return param->check_time;
+}
+
+void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t)
+{
+    param->check_time = t;
+    param->flags |= X509_V_FLAG_USE_CHECK_TIME;
+}
+
+int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
+                                  ASN1_OBJECT *policy)
+{
+    if (!param->policies) {
+        param->policies = sk_ASN1_OBJECT_new_null();
+        if (!param->policies)
+            return 0;
+    }
+    if (!sk_ASN1_OBJECT_push(param->policies, policy))
+        return 0;
+    return 1;
+}
+
+int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
+                                    STACK_OF(ASN1_OBJECT) *policies)
+{
+    int i;
+    ASN1_OBJECT *oid, *doid;
+
+    if (!param)
+        return 0;
+    sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
+
+    if (!policies) {
+        param->policies = NULL;
+        return 1;
+    }
+
+    param->policies = sk_ASN1_OBJECT_new_null();
+    if (!param->policies)
+        return 0;
+
+    for (i = 0; i < sk_ASN1_OBJECT_num(policies); i++) {
+        oid = sk_ASN1_OBJECT_value(policies, i);
+        doid = OBJ_dup(oid);
+        if (!doid)
+            return 0;
+        if (!sk_ASN1_OBJECT_push(param->policies, doid)) {
+            ASN1_OBJECT_free(doid);
+            return 0;
+        }
+    }
+    param->flags |= X509_V_FLAG_POLICY_CHECK;
+    return 1;
+}
+
+int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
+                                const char *name, size_t namelen)
+{
+    return int_x509_param_set_hosts(param, SET_HOST, name, namelen);
+}
+
+int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
+                                const char *name, size_t namelen)
+{
+    return int_x509_param_set_hosts(param, ADD_HOST, name, namelen);
+}
+
+void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
+                                     unsigned int flags)
+{
+    param->hostflags = flags;
+}
+
+unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param)
+{
+    return param->hostflags;
+}
+
+char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param)
+{
+    return param->peername;
+}
+
+/*
+ * Move peername from one param structure to another, freeing any name present
+ * at the target.  If the source is a NULL parameter structure, free and zero
+ * the target peername.
+ */
+void X509_VERIFY_PARAM_move_peername(X509_VERIFY_PARAM *to,
+                                     X509_VERIFY_PARAM *from)
+{
+    char *peername = (from != NULL) ? from->peername : NULL;
+
+    if (to->peername != peername) {
+        OPENSSL_free(to->peername);
+        to->peername = peername;
+    }
+    if (from)
+        from->peername = NULL;
+}
+
+int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
+                                 const char *email, size_t emaillen)
+{
+    return int_x509_param_set1(&param->email, &param->emaillen,
+                               email, emaillen);
+}
+
+int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
+                              const unsigned char *ip, size_t iplen)
+{
+    if (iplen != 0 && iplen != 4 && iplen != 16)
+        return 0;
+    return int_x509_param_set1((char **)&param->ip, &param->iplen,
+                               (char *)ip, iplen);
+}
+
+int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc)
+{
+    unsigned char ipout[16];
+    size_t iplen;
+
+    iplen = (size_t)a2i_ipadd(ipout, ipasc);
+    if (iplen == 0)
+        return 0;
+    return X509_VERIFY_PARAM_set1_ip(param, ipout, iplen);
+}
+
+int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param)
+{
+    return param->depth;
+}
+
+int X509_VERIFY_PARAM_get_auth_level(const X509_VERIFY_PARAM *param)
+{
+    return param->auth_level;
+}
+
+const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param)
+{
+    return param->name;
+}
+
+#define vpm_empty_id NULL, 0U, NULL, NULL, 0, NULL, 0
+
+/*
+ * Default verify parameters: these are used for various applications and can
+ * be overridden by the user specified table. NB: the 'name' field *must* be
+ * in alphabetical order because it will be searched using OBJ_search.
+ */
+
+static const X509_VERIFY_PARAM default_table[] = {
+    {
+     "default",                 /* X509 default parameters */
+     0,                         /* Check time */
+     0,                         /* internal flags */
+     X509_V_FLAG_TRUSTED_FIRST, /* flags */
+     0,                         /* purpose */
+     0,                         /* trust */
+     100,                       /* depth */
+     -1,                        /* auth_level */
+     NULL,                      /* policies */
+     vpm_empty_id},
+    {
+     "pkcs7",                   /* S/MIME sign parameters */
+     0,                         /* Check time */
+     0,                         /* internal flags */
+     0,                         /* flags */
+     X509_PURPOSE_SMIME_SIGN,   /* purpose */
+     X509_TRUST_EMAIL,          /* trust */
+     -1,                        /* depth */
+     -1,                        /* auth_level */
+     NULL,                      /* policies */
+     vpm_empty_id},
+    {
+     "smime_sign",              /* S/MIME sign parameters */
+     0,                         /* Check time */
+     0,                         /* internal flags */
+     0,                         /* flags */
+     X509_PURPOSE_SMIME_SIGN,   /* purpose */
+     X509_TRUST_EMAIL,          /* trust */
+     -1,                        /* depth */
+     -1,                        /* auth_level */
+     NULL,                      /* policies */
+     vpm_empty_id},
+    {
+     "ssl_client",              /* SSL/TLS client parameters */
+     0,                         /* Check time */
+     0,                         /* internal flags */
+     0,                         /* flags */
+     X509_PURPOSE_SSL_CLIENT,   /* purpose */
+     X509_TRUST_SSL_CLIENT,     /* trust */
+     -1,                        /* depth */
+     -1,                        /* auth_level */
+     NULL,                      /* policies */
+     vpm_empty_id},
+    {
+     "ssl_server",              /* SSL/TLS server parameters */
+     0,                         /* Check time */
+     0,                         /* internal flags */
+     0,                         /* flags */
+     X509_PURPOSE_SSL_SERVER,   /* purpose */
+     X509_TRUST_SSL_SERVER,     /* trust */
+     -1,                        /* depth */
+     -1,                        /* auth_level */
+     NULL,                      /* policies */
+     vpm_empty_id}
+};
+
+static STACK_OF(X509_VERIFY_PARAM) *param_table = NULL;
+
+static int table_cmp(const X509_VERIFY_PARAM *a, const X509_VERIFY_PARAM *b)
+{
+    return strcmp(a->name, b->name);
+}
+
+DECLARE_OBJ_BSEARCH_CMP_FN(X509_VERIFY_PARAM, X509_VERIFY_PARAM, table);
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(X509_VERIFY_PARAM, X509_VERIFY_PARAM, table);
+
+static int param_cmp(const X509_VERIFY_PARAM *const *a,
+                     const X509_VERIFY_PARAM *const *b)
+{
+    return strcmp((*a)->name, (*b)->name);
+}
+
+int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param)
+{
+    int idx;
+    X509_VERIFY_PARAM *ptmp;
+    if (param_table == NULL) {
+        param_table = sk_X509_VERIFY_PARAM_new(param_cmp);
+        if (param_table == NULL)
+            return 0;
+    } else {
+        idx = sk_X509_VERIFY_PARAM_find(param_table, param);
+        if (idx >= 0) {
+            ptmp = sk_X509_VERIFY_PARAM_delete(param_table, idx);
+            X509_VERIFY_PARAM_free(ptmp);
+        }
+    }
+    if (!sk_X509_VERIFY_PARAM_push(param_table, param))
+        return 0;
+    return 1;
+}
+
+int X509_VERIFY_PARAM_get_count(void)
+{
+    int num = OSSL_NELEM(default_table);
+    if (param_table)
+        num += sk_X509_VERIFY_PARAM_num(param_table);
+    return num;
+}
+
+const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id)
+{
+    int num = OSSL_NELEM(default_table);
+    if (id < num)
+        return default_table + id;
+    return sk_X509_VERIFY_PARAM_value(param_table, id - num);
+}
+
+const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name)
+{
+    int idx;
+    X509_VERIFY_PARAM pm;
+
+    pm.name = (char *)name;
+    if (param_table != NULL) {
+        idx = sk_X509_VERIFY_PARAM_find(param_table, &pm);
+        if (idx >= 0)
+            return sk_X509_VERIFY_PARAM_value(param_table, idx);
+    }
+    return OBJ_bsearch_table(&pm, default_table, OSSL_NELEM(default_table));
+}
+
+void X509_VERIFY_PARAM_table_cleanup(void)
+{
+    sk_X509_VERIFY_PARAM_pop_free(param_table, X509_VERIFY_PARAM_free);
+    param_table = NULL;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509cset.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509cset.c
new file mode 100644
index 000000000..7645ce375
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509cset.c
@@ -0,0 +1,183 @@
+/*
+ * Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "internal/refcount.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include "internal/x509_int.h"
+
+int X509_CRL_set_version(X509_CRL *x, long version)
+{
+    if (x == NULL)
+        return 0;
+    if (x->crl.version == NULL) {
+        if ((x->crl.version = ASN1_INTEGER_new()) == NULL)
+            return 0;
+    }
+    return ASN1_INTEGER_set(x->crl.version, version);
+}
+
+int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name)
+{
+    if (x == NULL)
+        return 0;
+    return X509_NAME_set(&x->crl.issuer, name);
+}
+
+int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm)
+{
+    if (x == NULL)
+        return 0;
+    return x509_set1_time(&x->crl.lastUpdate, tm);
+}
+
+int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm)
+{
+    if (x == NULL)
+        return 0;
+    return x509_set1_time(&x->crl.nextUpdate, tm);
+}
+
+int X509_CRL_sort(X509_CRL *c)
+{
+    int i;
+    X509_REVOKED *r;
+    /*
+     * sort the data so it will be written in serial number order
+     */
+    sk_X509_REVOKED_sort(c->crl.revoked);
+    for (i = 0; i < sk_X509_REVOKED_num(c->crl.revoked); i++) {
+        r = sk_X509_REVOKED_value(c->crl.revoked, i);
+        r->sequence = i;
+    }
+    c->crl.enc.modified = 1;
+    return 1;
+}
+
+int X509_CRL_up_ref(X509_CRL *crl)
+{
+    int i;
+
+    if (CRYPTO_UP_REF(&crl->references, &i, crl->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("X509_CRL", crl);
+    REF_ASSERT_ISNT(i < 2);
+    return ((i > 1) ? 1 : 0);
+}
+
+long X509_CRL_get_version(const X509_CRL *crl)
+{
+    return ASN1_INTEGER_get(crl->crl.version);
+}
+
+const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl)
+{
+    return crl->crl.lastUpdate;
+}
+
+const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl)
+{
+    return crl->crl.nextUpdate;
+}
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl)
+{
+    return crl->crl.lastUpdate;
+}
+
+ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl)
+{
+    return crl->crl.nextUpdate;
+}
+#endif
+
+X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl)
+{
+    return crl->crl.issuer;
+}
+
+const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl)
+{
+    return crl->crl.extensions;
+}
+
+STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl)
+{
+    return crl->crl.revoked;
+}
+
+void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig,
+                             const X509_ALGOR **palg)
+{
+    if (psig != NULL)
+        *psig = &crl->signature;
+    if (palg != NULL)
+        *palg = &crl->sig_alg;
+}
+
+int X509_CRL_get_signature_nid(const X509_CRL *crl)
+{
+    return OBJ_obj2nid(crl->sig_alg.algorithm);
+}
+
+const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *x)
+{
+    return x->revocationDate;
+}
+
+int X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm)
+{
+    ASN1_TIME *in;
+
+    if (x == NULL)
+        return 0;
+    in = x->revocationDate;
+    if (in != tm) {
+        in = ASN1_STRING_dup(tm);
+        if (in != NULL) {
+            ASN1_TIME_free(x->revocationDate);
+            x->revocationDate = in;
+        }
+    }
+    return (in != NULL);
+}
+
+const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *x)
+{
+    return &x->serialNumber;
+}
+
+int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial)
+{
+    ASN1_INTEGER *in;
+
+    if (x == NULL)
+        return 0;
+    in = &x->serialNumber;
+    if (in != serial)
+        return ASN1_STRING_copy(in, serial);
+    return 1;
+}
+
+const STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(const X509_REVOKED *r)
+{
+    return r->extensions;
+}
+
+int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp)
+{
+    crl->crl.enc.modified = 1;
+    return i2d_X509_CRL_INFO(&crl->crl, pp);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509name.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509name.c
new file mode 100644
index 000000000..64a73e793
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509name.c
@@ -0,0 +1,360 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/safestack.h>
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include "internal/x509_int.h"
+
+int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len)
+{
+    ASN1_OBJECT *obj;
+
+    obj = OBJ_nid2obj(nid);
+    if (obj == NULL)
+        return -1;
+    return X509_NAME_get_text_by_OBJ(name, obj, buf, len);
+}
+
+int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj,
+                              char *buf, int len)
+{
+    int i;
+    const ASN1_STRING *data;
+
+    i = X509_NAME_get_index_by_OBJ(name, obj, -1);
+    if (i < 0)
+        return -1;
+    data = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, i));
+    if (buf == NULL)
+        return data->length;
+    if (len <= 0)
+        return 0;
+    i = (data->length > (len - 1)) ? (len - 1) : data->length;
+    memcpy(buf, data->data, i);
+    buf[i] = '\0';
+    return i;
+}
+
+int X509_NAME_entry_count(const X509_NAME *name)
+{
+    if (name == NULL)
+        return 0;
+    return sk_X509_NAME_ENTRY_num(name->entries);
+}
+
+int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos)
+{
+    ASN1_OBJECT *obj;
+
+    obj = OBJ_nid2obj(nid);
+    if (obj == NULL)
+        return -2;
+    return X509_NAME_get_index_by_OBJ(name, obj, lastpos);
+}
+
+/* NOTE: you should be passing -1, not 0 as lastpos */
+int X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int lastpos)
+{
+    int n;
+    X509_NAME_ENTRY *ne;
+    STACK_OF(X509_NAME_ENTRY) *sk;
+
+    if (name == NULL)
+        return -1;
+    if (lastpos < 0)
+        lastpos = -1;
+    sk = name->entries;
+    n = sk_X509_NAME_ENTRY_num(sk);
+    for (lastpos++; lastpos < n; lastpos++) {
+        ne = sk_X509_NAME_ENTRY_value(sk, lastpos);
+        if (OBJ_cmp(ne->object, obj) == 0)
+            return lastpos;
+    }
+    return -1;
+}
+
+X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc)
+{
+    if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc
+        || loc < 0)
+        return NULL;
+
+    return sk_X509_NAME_ENTRY_value(name->entries, loc);
+}
+
+X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc)
+{
+    X509_NAME_ENTRY *ret;
+    int i, n, set_prev, set_next;
+    STACK_OF(X509_NAME_ENTRY) *sk;
+
+    if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc
+        || loc < 0)
+        return NULL;
+
+    sk = name->entries;
+    ret = sk_X509_NAME_ENTRY_delete(sk, loc);
+    n = sk_X509_NAME_ENTRY_num(sk);
+    name->modified = 1;
+    if (loc == n)
+        return ret;
+
+    /* else we need to fixup the set field */
+    if (loc != 0)
+        set_prev = (sk_X509_NAME_ENTRY_value(sk, loc - 1))->set;
+    else
+        set_prev = ret->set - 1;
+    set_next = sk_X509_NAME_ENTRY_value(sk, loc)->set;
+
+    /*-
+     * set_prev is the previous set
+     * set is the current set
+     * set_next is the following
+     * prev  1 1    1 1     1 1     1 1
+     * set   1      1       2       2
+     * next  1 1    2 2     2 2     3 2
+     * so basically only if prev and next differ by 2, then
+     * re-number down by 1
+     */
+    if (set_prev + 1 < set_next)
+        for (i = loc; i < n; i++)
+            sk_X509_NAME_ENTRY_value(sk, i)->set--;
+    return ret;
+}
+
+int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type,
+                               const unsigned char *bytes, int len, int loc,
+                               int set)
+{
+    X509_NAME_ENTRY *ne;
+    int ret;
+
+    ne = X509_NAME_ENTRY_create_by_OBJ(NULL, obj, type, bytes, len);
+    if (!ne)
+        return 0;
+    ret = X509_NAME_add_entry(name, ne, loc, set);
+    X509_NAME_ENTRY_free(ne);
+    return ret;
+}
+
+int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
+                               const unsigned char *bytes, int len, int loc,
+                               int set)
+{
+    X509_NAME_ENTRY *ne;
+    int ret;
+    ne = X509_NAME_ENTRY_create_by_NID(NULL, nid, type, bytes, len);
+    if (!ne)
+        return 0;
+    ret = X509_NAME_add_entry(name, ne, loc, set);
+    X509_NAME_ENTRY_free(ne);
+    return ret;
+}
+
+int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type,
+                               const unsigned char *bytes, int len, int loc,
+                               int set)
+{
+    X509_NAME_ENTRY *ne;
+    int ret;
+    ne = X509_NAME_ENTRY_create_by_txt(NULL, field, type, bytes, len);
+    if (!ne)
+        return 0;
+    ret = X509_NAME_add_entry(name, ne, loc, set);
+    X509_NAME_ENTRY_free(ne);
+    return ret;
+}
+
+/*
+ * if set is -1, append to previous set, 0 'a new one', and 1, prepend to the
+ * guy we are about to stomp on.
+ */
+int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, int loc,
+                        int set)
+{
+    X509_NAME_ENTRY *new_name = NULL;
+    int n, i, inc;
+    STACK_OF(X509_NAME_ENTRY) *sk;
+
+    if (name == NULL)
+        return 0;
+    sk = name->entries;
+    n = sk_X509_NAME_ENTRY_num(sk);
+    if (loc > n)
+        loc = n;
+    else if (loc < 0)
+        loc = n;
+    inc = (set == 0);
+    name->modified = 1;
+
+    if (set == -1) {
+        if (loc == 0) {
+            set = 0;
+            inc = 1;
+        } else {
+            set = sk_X509_NAME_ENTRY_value(sk, loc - 1)->set;
+        }
+    } else {                    /* if (set >= 0) */
+
+        if (loc >= n) {
+            if (loc != 0)
+                set = sk_X509_NAME_ENTRY_value(sk, loc - 1)->set + 1;
+            else
+                set = 0;
+        } else
+            set = sk_X509_NAME_ENTRY_value(sk, loc)->set;
+    }
+
+    /*
+     * X509_NAME_ENTRY_dup is ASN1 generated code, that can't be easily
+     * const'ified; harmless cast since dup() don't modify its input.
+     */
+    if ((new_name = X509_NAME_ENTRY_dup((X509_NAME_ENTRY *)ne)) == NULL)
+        goto err;
+    new_name->set = set;
+    if (!sk_X509_NAME_ENTRY_insert(sk, new_name, loc)) {
+        X509err(X509_F_X509_NAME_ADD_ENTRY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (inc) {
+        n = sk_X509_NAME_ENTRY_num(sk);
+        for (i = loc + 1; i < n; i++)
+            sk_X509_NAME_ENTRY_value(sk, i)->set += 1;
+    }
+    return 1;
+ err:
+    X509_NAME_ENTRY_free(new_name);
+    return 0;
+}
+
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
+                                               const char *field, int type,
+                                               const unsigned char *bytes,
+                                               int len)
+{
+    ASN1_OBJECT *obj;
+    X509_NAME_ENTRY *nentry;
+
+    obj = OBJ_txt2obj(field, 0);
+    if (obj == NULL) {
+        X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT,
+                X509_R_INVALID_FIELD_NAME);
+        ERR_add_error_data(2, "name=", field);
+        return NULL;
+    }
+    nentry = X509_NAME_ENTRY_create_by_OBJ(ne, obj, type, bytes, len);
+    ASN1_OBJECT_free(obj);
+    return nentry;
+}
+
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
+                                               int type,
+                                               const unsigned char *bytes,
+                                               int len)
+{
+    ASN1_OBJECT *obj;
+    X509_NAME_ENTRY *nentry;
+
+    obj = OBJ_nid2obj(nid);
+    if (obj == NULL) {
+        X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_NID, X509_R_UNKNOWN_NID);
+        return NULL;
+    }
+    nentry = X509_NAME_ENTRY_create_by_OBJ(ne, obj, type, bytes, len);
+    ASN1_OBJECT_free(obj);
+    return nentry;
+}
+
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
+                                               const ASN1_OBJECT *obj, int type,
+                                               const unsigned char *bytes,
+                                               int len)
+{
+    X509_NAME_ENTRY *ret;
+
+    if ((ne == NULL) || (*ne == NULL)) {
+        if ((ret = X509_NAME_ENTRY_new()) == NULL)
+            return NULL;
+    } else
+        ret = *ne;
+
+    if (!X509_NAME_ENTRY_set_object(ret, obj))
+        goto err;
+    if (!X509_NAME_ENTRY_set_data(ret, type, bytes, len))
+        goto err;
+
+    if ((ne != NULL) && (*ne == NULL))
+        *ne = ret;
+    return ret;
+ err:
+    if ((ne == NULL) || (ret != *ne))
+        X509_NAME_ENTRY_free(ret);
+    return NULL;
+}
+
+int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj)
+{
+    if ((ne == NULL) || (obj == NULL)) {
+        X509err(X509_F_X509_NAME_ENTRY_SET_OBJECT,
+                ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    ASN1_OBJECT_free(ne->object);
+    ne->object = OBJ_dup(obj);
+    return ((ne->object == NULL) ? 0 : 1);
+}
+
+int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
+                             const unsigned char *bytes, int len)
+{
+    int i;
+
+    if ((ne == NULL) || ((bytes == NULL) && (len != 0)))
+        return 0;
+    if ((type > 0) && (type & MBSTRING_FLAG))
+        return ASN1_STRING_set_by_NID(&ne->value, bytes,
+                                      len, type,
+                                      OBJ_obj2nid(ne->object)) ? 1 : 0;
+    if (len < 0)
+        len = strlen((const char *)bytes);
+    i = ASN1_STRING_set(ne->value, bytes, len);
+    if (!i)
+        return 0;
+    if (type != V_ASN1_UNDEF) {
+        if (type == V_ASN1_APP_CHOOSE)
+            ne->value->type = ASN1_PRINTABLE_type(bytes, len);
+        else
+            ne->value->type = type;
+    }
+    return 1;
+}
+
+ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne)
+{
+    if (ne == NULL)
+        return NULL;
+    return ne->object;
+}
+
+ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne)
+{
+    if (ne == NULL)
+        return NULL;
+    return ne->value;
+}
+
+int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne)
+{
+    return ne->set;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509rset.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509rset.c
new file mode 100644
index 000000000..e8921b82a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509rset.c
@@ -0,0 +1,40 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include "internal/x509_int.h"
+
+int X509_REQ_set_version(X509_REQ *x, long version)
+{
+    if (x == NULL)
+        return 0;
+    x->req_info.enc.modified = 1;
+    return ASN1_INTEGER_set(x->req_info.version, version);
+}
+
+int X509_REQ_set_subject_name(X509_REQ *x, X509_NAME *name)
+{
+    if (x == NULL)
+        return 0;
+    x->req_info.enc.modified = 1;
+    return X509_NAME_set(&x->req_info.subject, name);
+}
+
+int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey)
+{
+    if (x == NULL)
+        return 0;
+    x->req_info.enc.modified = 1;
+    return X509_PUBKEY_set(&x->req_info.pubkey, pkey);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509spki.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509spki.c
new file mode 100644
index 000000000..fd8162af6
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509spki.c
@@ -0,0 +1,75 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+
+int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey)
+{
+    if ((x == NULL) || (x->spkac == NULL))
+        return 0;
+    return X509_PUBKEY_set(&(x->spkac->pubkey), pkey);
+}
+
+EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x)
+{
+    if ((x == NULL) || (x->spkac == NULL))
+        return NULL;
+    return X509_PUBKEY_get(x->spkac->pubkey);
+}
+
+/* Load a Netscape SPKI from a base64 encoded string */
+
+NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *str, int len)
+{
+    unsigned char *spki_der;
+    const unsigned char *p;
+    int spki_len;
+    NETSCAPE_SPKI *spki;
+    if (len <= 0)
+        len = strlen(str);
+    if ((spki_der = OPENSSL_malloc(len + 1)) == NULL) {
+        X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    spki_len = EVP_DecodeBlock(spki_der, (const unsigned char *)str, len);
+    if (spki_len < 0) {
+        X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, X509_R_BASE64_DECODE_ERROR);
+        OPENSSL_free(spki_der);
+        return NULL;
+    }
+    p = spki_der;
+    spki = d2i_NETSCAPE_SPKI(NULL, &p, spki_len);
+    OPENSSL_free(spki_der);
+    return spki;
+}
+
+/* Generate a base64 encoded string from an SPKI */
+
+char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki)
+{
+    unsigned char *der_spki, *p;
+    char *b64_str;
+    int der_len;
+    der_len = i2d_NETSCAPE_SPKI(spki, NULL);
+    der_spki = OPENSSL_malloc(der_len);
+    b64_str = OPENSSL_malloc(der_len * 2);
+    if (der_spki == NULL || b64_str == NULL) {
+        X509err(X509_F_NETSCAPE_SPKI_B64_ENCODE, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(der_spki);
+        OPENSSL_free(b64_str);
+        return NULL;
+    }
+    p = der_spki;
+    i2d_NETSCAPE_SPKI(spki, &p);
+    EVP_EncodeBlock((unsigned char *)b64_str, der_spki, der_len);
+    OPENSSL_free(der_spki);
+    return b64_str;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509type.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509type.c
new file mode 100644
index 000000000..0e33b424b
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509type.c
@@ -0,0 +1,84 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+int X509_certificate_type(const X509 *x, const EVP_PKEY *pkey)
+{
+    const EVP_PKEY *pk;
+    int ret = 0, i;
+
+    if (x == NULL)
+        return 0;
+
+    if (pkey == NULL)
+        pk = X509_get0_pubkey(x);
+    else
+        pk = pkey;
+
+    if (pk == NULL)
+        return 0;
+
+    switch (EVP_PKEY_id(pk)) {
+    case EVP_PKEY_RSA:
+        ret = EVP_PK_RSA | EVP_PKT_SIGN;
+/*              if (!sign only extension) */
+        ret |= EVP_PKT_ENC;
+        break;
+    case EVP_PKEY_RSA_PSS:
+        ret = EVP_PK_RSA | EVP_PKT_SIGN;
+        break;
+    case EVP_PKEY_DSA:
+        ret = EVP_PK_DSA | EVP_PKT_SIGN;
+        break;
+    case EVP_PKEY_EC:
+        ret = EVP_PK_EC | EVP_PKT_SIGN | EVP_PKT_EXCH;
+        break;
+    case EVP_PKEY_ED448:
+    case EVP_PKEY_ED25519:
+        ret = EVP_PKT_SIGN;
+        break;
+    case EVP_PKEY_DH:
+        ret = EVP_PK_DH | EVP_PKT_EXCH;
+        break;
+    case NID_id_GostR3410_2001:
+    case NID_id_GostR3410_2012_256:
+    case NID_id_GostR3410_2012_512:
+        ret = EVP_PKT_EXCH | EVP_PKT_SIGN;
+        break;
+    default:
+        break;
+    }
+
+    i = X509_get_signature_nid(x);
+    if (i && OBJ_find_sigid_algs(i, NULL, &i)) {
+
+        switch (i) {
+        case NID_rsaEncryption:
+        case NID_rsa:
+            ret |= EVP_PKS_RSA;
+            break;
+        case NID_dsa:
+        case NID_dsa_2:
+            ret |= EVP_PKS_DSA;
+            break;
+        case NID_X9_62_id_ecPublicKey:
+            ret |= EVP_PKS_EC;
+            break;
+        default:
+            break;
+        }
+    }
+
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_all.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_all.c
new file mode 100644
index 000000000..24e411460
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_all.c
@@ -0,0 +1,525 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include "internal/x509_int.h"
+#include <openssl/ocsp.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/x509v3.h>
+
+int X509_verify(X509 *a, EVP_PKEY *r)
+{
+    if (X509_ALGOR_cmp(&a->sig_alg, &a->cert_info.signature))
+        return 0;
+    return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF), &a->sig_alg,
+                             &a->signature, &a->cert_info, r));
+}
+
+int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r)
+{
+    return (ASN1_item_verify(ASN1_ITEM_rptr(X509_REQ_INFO),
+                             &a->sig_alg, a->signature, &a->req_info, r));
+}
+
+int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r)
+{
+    return (ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC),
+                             &a->sig_algor, a->signature, a->spkac, r));
+}
+
+int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
+{
+    x->cert_info.enc.modified = 1;
+    return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), &x->cert_info.signature,
+                           &x->sig_alg, &x->signature, &x->cert_info, pkey,
+                           md));
+}
+
+int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx)
+{
+    x->cert_info.enc.modified = 1;
+    return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF),
+                              &x->cert_info.signature,
+                              &x->sig_alg, &x->signature, &x->cert_info, ctx);
+}
+
+#ifndef OPENSSL_NO_OCSP
+int X509_http_nbio(OCSP_REQ_CTX *rctx, X509 **pcert)
+{
+    return OCSP_REQ_CTX_nbio_d2i(rctx,
+                                 (ASN1_VALUE **)pcert, ASN1_ITEM_rptr(X509));
+}
+#endif
+
+int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md)
+{
+    return (ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO), &x->sig_alg, NULL,
+                           x->signature, &x->req_info, pkey, md));
+}
+
+int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx)
+{
+    return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_REQ_INFO),
+                              &x->sig_alg, NULL, x->signature, &x->req_info,
+                              ctx);
+}
+
+int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)
+{
+    x->crl.enc.modified = 1;
+    return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO), &x->crl.sig_alg,
+                           &x->sig_alg, &x->signature, &x->crl, pkey, md));
+}
+
+int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx)
+{
+    x->crl.enc.modified = 1;
+    return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO),
+                              &x->crl.sig_alg, &x->sig_alg, &x->signature,
+                              &x->crl, ctx);
+}
+
+#ifndef OPENSSL_NO_OCSP
+int X509_CRL_http_nbio(OCSP_REQ_CTX *rctx, X509_CRL **pcrl)
+{
+    return OCSP_REQ_CTX_nbio_d2i(rctx,
+                                 (ASN1_VALUE **)pcrl,
+                                 ASN1_ITEM_rptr(X509_CRL));
+}
+#endif
+
+int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md)
+{
+    return (ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), &x->sig_algor, NULL,
+                           x->signature, x->spkac, pkey, md));
+}
+
+#ifndef OPENSSL_NO_STDIO
+X509 *d2i_X509_fp(FILE *fp, X509 **x509)
+{
+    return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509), fp, x509);
+}
+
+int i2d_X509_fp(FILE *fp, X509 *x509)
+{
+    return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509), fp, x509);
+}
+#endif
+
+X509 *d2i_X509_bio(BIO *bp, X509 **x509)
+{
+    return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509), bp, x509);
+}
+
+int i2d_X509_bio(BIO *bp, X509 *x509)
+{
+    return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509), bp, x509);
+}
+
+#ifndef OPENSSL_NO_STDIO
+X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl)
+{
+    return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
+}
+
+int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl)
+{
+    return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
+}
+#endif
+
+X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl)
+{
+    return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
+}
+
+int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl)
+{
+    return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
+}
+
+#ifndef OPENSSL_NO_STDIO
+PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7)
+{
+    return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
+}
+
+int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7)
+{
+    return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
+}
+#endif
+
+PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7)
+{
+    return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
+}
+
+int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7)
+{
+    return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
+}
+
+#ifndef OPENSSL_NO_STDIO
+X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req)
+{
+    return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
+}
+
+int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req)
+{
+    return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
+}
+#endif
+
+X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req)
+{
+    return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
+}
+
+int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req)
+{
+    return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
+}
+
+#ifndef OPENSSL_NO_RSA
+
+# ifndef OPENSSL_NO_STDIO
+RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa)
+{
+    return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
+}
+
+int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa)
+{
+    return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
+}
+
+RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa)
+{
+    return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
+}
+
+RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa)
+{
+    return ASN1_d2i_fp((void *(*)(void))
+                       RSA_new, (D2I_OF(void)) d2i_RSA_PUBKEY, fp,
+                       (void **)rsa);
+}
+
+int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa)
+{
+    return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
+}
+
+int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa)
+{
+    return ASN1_i2d_fp((I2D_OF(void))i2d_RSA_PUBKEY, fp, rsa);
+}
+# endif
+
+RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa)
+{
+    return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
+}
+
+int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa)
+{
+    return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
+}
+
+RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa)
+{
+    return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
+}
+
+RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa)
+{
+    return ASN1_d2i_bio_of(RSA, RSA_new, d2i_RSA_PUBKEY, bp, rsa);
+}
+
+int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa)
+{
+    return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
+}
+
+int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa)
+{
+    return ASN1_i2d_bio_of(RSA, i2d_RSA_PUBKEY, bp, rsa);
+}
+#endif
+
+#ifndef OPENSSL_NO_DSA
+# ifndef OPENSSL_NO_STDIO
+DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa)
+{
+    return ASN1_d2i_fp_of(DSA, DSA_new, d2i_DSAPrivateKey, fp, dsa);
+}
+
+int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa)
+{
+    return ASN1_i2d_fp_of_const(DSA, i2d_DSAPrivateKey, fp, dsa);
+}
+
+DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa)
+{
+    return ASN1_d2i_fp_of(DSA, DSA_new, d2i_DSA_PUBKEY, fp, dsa);
+}
+
+int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa)
+{
+    return ASN1_i2d_fp_of(DSA, i2d_DSA_PUBKEY, fp, dsa);
+}
+# endif
+
+DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa)
+{
+    return ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSAPrivateKey, bp, dsa);
+}
+
+int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa)
+{
+    return ASN1_i2d_bio_of_const(DSA, i2d_DSAPrivateKey, bp, dsa);
+}
+
+DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa)
+{
+    return ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSA_PUBKEY, bp, dsa);
+}
+
+int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa)
+{
+    return ASN1_i2d_bio_of(DSA, i2d_DSA_PUBKEY, bp, dsa);
+}
+
+#endif
+
+#ifndef OPENSSL_NO_EC
+# ifndef OPENSSL_NO_STDIO
+EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey)
+{
+    return ASN1_d2i_fp_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, fp, eckey);
+}
+
+int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey)
+{
+    return ASN1_i2d_fp_of(EC_KEY, i2d_EC_PUBKEY, fp, eckey);
+}
+
+EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey)
+{
+    return ASN1_d2i_fp_of(EC_KEY, EC_KEY_new, d2i_ECPrivateKey, fp, eckey);
+}
+
+int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey)
+{
+    return ASN1_i2d_fp_of(EC_KEY, i2d_ECPrivateKey, fp, eckey);
+}
+# endif
+EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey)
+{
+    return ASN1_d2i_bio_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, bp, eckey);
+}
+
+int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *ecdsa)
+{
+    return ASN1_i2d_bio_of(EC_KEY, i2d_EC_PUBKEY, bp, ecdsa);
+}
+
+EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey)
+{
+    return ASN1_d2i_bio_of(EC_KEY, EC_KEY_new, d2i_ECPrivateKey, bp, eckey);
+}
+
+int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey)
+{
+    return ASN1_i2d_bio_of(EC_KEY, i2d_ECPrivateKey, bp, eckey);
+}
+#endif
+
+int X509_pubkey_digest(const X509 *data, const EVP_MD *type,
+                       unsigned char *md, unsigned int *len)
+{
+    ASN1_BIT_STRING *key;
+    key = X509_get0_pubkey_bitstr(data);
+    if (!key)
+        return 0;
+    return EVP_Digest(key->data, key->length, md, len, type, NULL);
+}
+
+int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
+                unsigned int *len)
+{
+    if (type == EVP_sha1() && (data->ex_flags & EXFLAG_SET) != 0) {
+        /* Asking for SHA1 and we already computed it. */
+        if (len != NULL)
+            *len = sizeof(data->sha1_hash);
+        memcpy(md, data->sha1_hash, sizeof(data->sha1_hash));
+        return 1;
+    }
+    return (ASN1_item_digest
+            (ASN1_ITEM_rptr(X509), type, (char *)data, md, len));
+}
+
+int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type,
+                    unsigned char *md, unsigned int *len)
+{
+    if (type == EVP_sha1() && (data->flags & EXFLAG_SET) != 0) {
+        /* Asking for SHA1; always computed in CRL d2i. */
+        if (len != NULL)
+            *len = sizeof(data->sha1_hash);
+        memcpy(md, data->sha1_hash, sizeof(data->sha1_hash));
+        return 1;
+    }
+    return (ASN1_item_digest
+            (ASN1_ITEM_rptr(X509_CRL), type, (char *)data, md, len));
+}
+
+int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type,
+                    unsigned char *md, unsigned int *len)
+{
+    return (ASN1_item_digest
+            (ASN1_ITEM_rptr(X509_REQ), type, (char *)data, md, len));
+}
+
+int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type,
+                     unsigned char *md, unsigned int *len)
+{
+    return (ASN1_item_digest
+            (ASN1_ITEM_rptr(X509_NAME), type, (char *)data, md, len));
+}
+
+int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,
+                                   const EVP_MD *type, unsigned char *md,
+                                   unsigned int *len)
+{
+    return (ASN1_item_digest(ASN1_ITEM_rptr(PKCS7_ISSUER_AND_SERIAL), type,
+                             (char *)data, md, len));
+}
+
+#ifndef OPENSSL_NO_STDIO
+X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8)
+{
+    return ASN1_d2i_fp_of(X509_SIG, X509_SIG_new, d2i_X509_SIG, fp, p8);
+}
+
+int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8)
+{
+    return ASN1_i2d_fp_of(X509_SIG, i2d_X509_SIG, fp, p8);
+}
+#endif
+
+X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8)
+{
+    return ASN1_d2i_bio_of(X509_SIG, X509_SIG_new, d2i_X509_SIG, bp, p8);
+}
+
+int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8)
+{
+    return ASN1_i2d_bio_of(X509_SIG, i2d_X509_SIG, bp, p8);
+}
+
+#ifndef OPENSSL_NO_STDIO
+PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
+                                                PKCS8_PRIV_KEY_INFO **p8inf)
+{
+    return ASN1_d2i_fp_of(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_new,
+                          d2i_PKCS8_PRIV_KEY_INFO, fp, p8inf);
+}
+
+int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf)
+{
+    return ASN1_i2d_fp_of(PKCS8_PRIV_KEY_INFO, i2d_PKCS8_PRIV_KEY_INFO, fp,
+                          p8inf);
+}
+
+int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key)
+{
+    PKCS8_PRIV_KEY_INFO *p8inf;
+    int ret;
+    p8inf = EVP_PKEY2PKCS8(key);
+    if (!p8inf)
+        return 0;
+    ret = i2d_PKCS8_PRIV_KEY_INFO_fp(fp, p8inf);
+    PKCS8_PRIV_KEY_INFO_free(p8inf);
+    return ret;
+}
+
+int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey)
+{
+    return ASN1_i2d_fp_of(EVP_PKEY, i2d_PrivateKey, fp, pkey);
+}
+
+EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a)
+{
+    return ASN1_d2i_fp_of(EVP_PKEY, EVP_PKEY_new, d2i_AutoPrivateKey, fp, a);
+}
+
+int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey)
+{
+    return ASN1_i2d_fp_of(EVP_PKEY, i2d_PUBKEY, fp, pkey);
+}
+
+EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a)
+{
+    return ASN1_d2i_fp_of(EVP_PKEY, EVP_PKEY_new, d2i_PUBKEY, fp, a);
+}
+
+#endif
+
+PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
+                                                 PKCS8_PRIV_KEY_INFO **p8inf)
+{
+    return ASN1_d2i_bio_of(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_new,
+                           d2i_PKCS8_PRIV_KEY_INFO, bp, p8inf);
+}
+
+int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf)
+{
+    return ASN1_i2d_bio_of(PKCS8_PRIV_KEY_INFO, i2d_PKCS8_PRIV_KEY_INFO, bp,
+                           p8inf);
+}
+
+int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key)
+{
+    PKCS8_PRIV_KEY_INFO *p8inf;
+    int ret;
+    p8inf = EVP_PKEY2PKCS8(key);
+    if (!p8inf)
+        return 0;
+    ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
+    PKCS8_PRIV_KEY_INFO_free(p8inf);
+    return ret;
+}
+
+int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey)
+{
+    return ASN1_i2d_bio_of(EVP_PKEY, i2d_PrivateKey, bp, pkey);
+}
+
+EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a)
+{
+    return ASN1_d2i_bio_of(EVP_PKEY, EVP_PKEY_new, d2i_AutoPrivateKey, bp, a);
+}
+
+int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey)
+{
+    return ASN1_i2d_bio_of(EVP_PKEY, i2d_PUBKEY, bp, pkey);
+}
+
+EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a)
+{
+    return ASN1_d2i_bio_of(EVP_PKEY, EVP_PKEY_new, d2i_PUBKEY, bp, a);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_attrib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_attrib.c
new file mode 100644
index 000000000..9a41e547c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_attrib.c
@@ -0,0 +1,55 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include "x509_lcl.h"
+
+/*-
+ * X509_ATTRIBUTE: this has the following form:
+ *
+ * typedef struct x509_attributes_st
+ *      {
+ *      ASN1_OBJECT *object;
+ *      STACK_OF(ASN1_TYPE) *set;
+ *      } X509_ATTRIBUTE;
+ *
+ */
+
+ASN1_SEQUENCE(X509_ATTRIBUTE) = {
+        ASN1_SIMPLE(X509_ATTRIBUTE, object, ASN1_OBJECT),
+        ASN1_SET_OF(X509_ATTRIBUTE, set, ASN1_ANY)
+} ASN1_SEQUENCE_END(X509_ATTRIBUTE)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_ATTRIBUTE)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_ATTRIBUTE)
+
+X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
+{
+    X509_ATTRIBUTE *ret = NULL;
+    ASN1_TYPE *val = NULL;
+
+    if ((ret = X509_ATTRIBUTE_new()) == NULL)
+        return NULL;
+    ret->object = OBJ_nid2obj(nid);
+    if ((val = ASN1_TYPE_new()) == NULL)
+        goto err;
+    if (!sk_ASN1_TYPE_push(ret->set, val))
+        goto err;
+
+    ASN1_TYPE_set(val, atrtype, value);
+    return ret;
+ err:
+    X509_ATTRIBUTE_free(ret);
+    ASN1_TYPE_free(val);
+    return NULL;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_crl.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_crl.c
new file mode 100644
index 000000000..12ab3cca4
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_crl.c
@@ -0,0 +1,478 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include "internal/x509_int.h"
+#include <openssl/x509v3.h>
+#include "x509_lcl.h"
+
+static int X509_REVOKED_cmp(const X509_REVOKED *const *a,
+                            const X509_REVOKED *const *b);
+static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp);
+
+ASN1_SEQUENCE(X509_REVOKED) = {
+        ASN1_EMBED(X509_REVOKED,serialNumber, ASN1_INTEGER),
+        ASN1_SIMPLE(X509_REVOKED,revocationDate, ASN1_TIME),
+        ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION)
+} ASN1_SEQUENCE_END(X509_REVOKED)
+
+static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r);
+static int def_crl_lookup(X509_CRL *crl,
+                          X509_REVOKED **ret, ASN1_INTEGER *serial,
+                          X509_NAME *issuer);
+
+static X509_CRL_METHOD int_crl_meth = {
+    0,
+    0, 0,
+    def_crl_lookup,
+    def_crl_verify
+};
+
+static const X509_CRL_METHOD *default_crl_method = &int_crl_meth;
+
+/*
+ * The X509_CRL_INFO structure needs a bit of customisation. Since we cache
+ * the original encoding the signature won't be affected by reordering of the
+ * revoked field.
+ */
+static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                      void *exarg)
+{
+    X509_CRL_INFO *a = (X509_CRL_INFO *)*pval;
+
+    if (!a || !a->revoked)
+        return 1;
+    switch (operation) {
+        /*
+         * Just set cmp function here. We don't sort because that would
+         * affect the output of X509_CRL_print().
+         */
+    case ASN1_OP_D2I_POST:
+        (void)sk_X509_REVOKED_set_cmp_func(a->revoked, X509_REVOKED_cmp);
+        break;
+    }
+    return 1;
+}
+
+
+ASN1_SEQUENCE_enc(X509_CRL_INFO, enc, crl_inf_cb) = {
+        ASN1_OPT(X509_CRL_INFO, version, ASN1_INTEGER),
+        ASN1_EMBED(X509_CRL_INFO, sig_alg, X509_ALGOR),
+        ASN1_SIMPLE(X509_CRL_INFO, issuer, X509_NAME),
+        ASN1_SIMPLE(X509_CRL_INFO, lastUpdate, ASN1_TIME),
+        ASN1_OPT(X509_CRL_INFO, nextUpdate, ASN1_TIME),
+        ASN1_SEQUENCE_OF_OPT(X509_CRL_INFO, revoked, X509_REVOKED),
+        ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions, X509_EXTENSION, 0)
+} ASN1_SEQUENCE_END_enc(X509_CRL_INFO, X509_CRL_INFO)
+
+/*
+ * Set CRL entry issuer according to CRL certificate issuer extension. Check
+ * for unhandled critical CRL entry extensions.
+ */
+
+static int crl_set_issuers(X509_CRL *crl)
+{
+
+    int i, j;
+    GENERAL_NAMES *gens, *gtmp;
+    STACK_OF(X509_REVOKED) *revoked;
+
+    revoked = X509_CRL_get_REVOKED(crl);
+
+    gens = NULL;
+    for (i = 0; i < sk_X509_REVOKED_num(revoked); i++) {
+        X509_REVOKED *rev = sk_X509_REVOKED_value(revoked, i);
+        STACK_OF(X509_EXTENSION) *exts;
+        ASN1_ENUMERATED *reason;
+        X509_EXTENSION *ext;
+        gtmp = X509_REVOKED_get_ext_d2i(rev,
+                                        NID_certificate_issuer, &j, NULL);
+        if (!gtmp && (j != -1)) {
+            crl->flags |= EXFLAG_INVALID;
+            return 1;
+        }
+
+        if (gtmp) {
+            gens = gtmp;
+            if (!crl->issuers) {
+                crl->issuers = sk_GENERAL_NAMES_new_null();
+                if (!crl->issuers)
+                    return 0;
+            }
+            if (!sk_GENERAL_NAMES_push(crl->issuers, gtmp))
+                return 0;
+        }
+        rev->issuer = gens;
+
+        reason = X509_REVOKED_get_ext_d2i(rev, NID_crl_reason, &j, NULL);
+        if (!reason && (j != -1)) {
+            crl->flags |= EXFLAG_INVALID;
+            return 1;
+        }
+
+        if (reason) {
+            rev->reason = ASN1_ENUMERATED_get(reason);
+            ASN1_ENUMERATED_free(reason);
+        } else
+            rev->reason = CRL_REASON_NONE;
+
+        /* Check for critical CRL entry extensions */
+
+        exts = rev->extensions;
+
+        for (j = 0; j < sk_X509_EXTENSION_num(exts); j++) {
+            ext = sk_X509_EXTENSION_value(exts, j);
+            if (X509_EXTENSION_get_critical(ext)) {
+                if (OBJ_obj2nid(X509_EXTENSION_get_object(ext)) == NID_certificate_issuer)
+                    continue;
+                crl->flags |= EXFLAG_CRITICAL;
+                break;
+            }
+        }
+
+    }
+
+    return 1;
+
+}
+
+/*
+ * The X509_CRL structure needs a bit of customisation. Cache some extensions
+ * and hash of the whole CRL.
+ */
+static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                  void *exarg)
+{
+    X509_CRL *crl = (X509_CRL *)*pval;
+    STACK_OF(X509_EXTENSION) *exts;
+    X509_EXTENSION *ext;
+    int idx;
+
+    switch (operation) {
+    case ASN1_OP_D2I_PRE:
+        if (crl->meth->crl_free) {
+            if (!crl->meth->crl_free(crl))
+                return 0;
+        }
+        AUTHORITY_KEYID_free(crl->akid);
+        ISSUING_DIST_POINT_free(crl->idp);
+        ASN1_INTEGER_free(crl->crl_number);
+        ASN1_INTEGER_free(crl->base_crl_number);
+        sk_GENERAL_NAMES_pop_free(crl->issuers, GENERAL_NAMES_free);
+        /* fall thru */
+
+    case ASN1_OP_NEW_POST:
+        crl->idp = NULL;
+        crl->akid = NULL;
+        crl->flags = 0;
+        crl->idp_flags = 0;
+        crl->idp_reasons = CRLDP_ALL_REASONS;
+        crl->meth = default_crl_method;
+        crl->meth_data = NULL;
+        crl->issuers = NULL;
+        crl->crl_number = NULL;
+        crl->base_crl_number = NULL;
+        break;
+
+    case ASN1_OP_D2I_POST:
+        X509_CRL_digest(crl, EVP_sha1(), crl->sha1_hash, NULL);
+        crl->idp = X509_CRL_get_ext_d2i(crl,
+                                        NID_issuing_distribution_point, NULL,
+                                        NULL);
+        if (crl->idp)
+            setup_idp(crl, crl->idp);
+
+        crl->akid = X509_CRL_get_ext_d2i(crl,
+                                         NID_authority_key_identifier, NULL,
+                                         NULL);
+
+        crl->crl_number = X509_CRL_get_ext_d2i(crl,
+                                               NID_crl_number, NULL, NULL);
+
+        crl->base_crl_number = X509_CRL_get_ext_d2i(crl,
+                                                    NID_delta_crl, NULL,
+                                                    NULL);
+        /* Delta CRLs must have CRL number */
+        if (crl->base_crl_number && !crl->crl_number)
+            crl->flags |= EXFLAG_INVALID;
+
+        /*
+         * See if we have any unhandled critical CRL extensions and indicate
+         * this in a flag. We only currently handle IDP so anything else
+         * critical sets the flag. This code accesses the X509_CRL structure
+         * directly: applications shouldn't do this.
+         */
+
+        exts = crl->crl.extensions;
+
+        for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++) {
+            int nid;
+            ext = sk_X509_EXTENSION_value(exts, idx);
+            nid = OBJ_obj2nid(X509_EXTENSION_get_object(ext));
+            if (nid == NID_freshest_crl)
+                crl->flags |= EXFLAG_FRESHEST;
+            if (X509_EXTENSION_get_critical(ext)) {
+                /* We handle IDP and deltas */
+                if ((nid == NID_issuing_distribution_point)
+                    || (nid == NID_authority_key_identifier)
+                    || (nid == NID_delta_crl))
+                    continue;
+                crl->flags |= EXFLAG_CRITICAL;
+                break;
+            }
+        }
+
+        if (!crl_set_issuers(crl))
+            return 0;
+
+        if (crl->meth->crl_init) {
+            if (crl->meth->crl_init(crl) == 0)
+                return 0;
+        }
+
+        crl->flags |= EXFLAG_SET;
+        break;
+
+    case ASN1_OP_FREE_POST:
+        if (crl->meth->crl_free) {
+            if (!crl->meth->crl_free(crl))
+                return 0;
+        }
+        AUTHORITY_KEYID_free(crl->akid);
+        ISSUING_DIST_POINT_free(crl->idp);
+        ASN1_INTEGER_free(crl->crl_number);
+        ASN1_INTEGER_free(crl->base_crl_number);
+        sk_GENERAL_NAMES_pop_free(crl->issuers, GENERAL_NAMES_free);
+        break;
+    }
+    return 1;
+}
+
+/* Convert IDP into a more convenient form */
+
+static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp)
+{
+    int idp_only = 0;
+    /* Set various flags according to IDP */
+    crl->idp_flags |= IDP_PRESENT;
+    if (idp->onlyuser > 0) {
+        idp_only++;
+        crl->idp_flags |= IDP_ONLYUSER;
+    }
+    if (idp->onlyCA > 0) {
+        idp_only++;
+        crl->idp_flags |= IDP_ONLYCA;
+    }
+    if (idp->onlyattr > 0) {
+        idp_only++;
+        crl->idp_flags |= IDP_ONLYATTR;
+    }
+
+    if (idp_only > 1)
+        crl->idp_flags |= IDP_INVALID;
+
+    if (idp->indirectCRL > 0)
+        crl->idp_flags |= IDP_INDIRECT;
+
+    if (idp->onlysomereasons) {
+        crl->idp_flags |= IDP_REASONS;
+        if (idp->onlysomereasons->length > 0)
+            crl->idp_reasons = idp->onlysomereasons->data[0];
+        if (idp->onlysomereasons->length > 1)
+            crl->idp_reasons |= (idp->onlysomereasons->data[1] << 8);
+        crl->idp_reasons &= CRLDP_ALL_REASONS;
+    }
+
+    DIST_POINT_set_dpname(idp->distpoint, X509_CRL_get_issuer(crl));
+}
+
+ASN1_SEQUENCE_ref(X509_CRL, crl_cb) = {
+        ASN1_EMBED(X509_CRL, crl, X509_CRL_INFO),
+        ASN1_EMBED(X509_CRL, sig_alg, X509_ALGOR),
+        ASN1_EMBED(X509_CRL, signature, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END_ref(X509_CRL, X509_CRL)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_REVOKED)
+
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_REVOKED)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_CRL_INFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_CRL)
+
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_CRL)
+
+static int X509_REVOKED_cmp(const X509_REVOKED *const *a,
+                            const X509_REVOKED *const *b)
+{
+    return (ASN1_STRING_cmp((ASN1_STRING *)&(*a)->serialNumber,
+                            (ASN1_STRING *)&(*b)->serialNumber));
+}
+
+int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
+{
+    X509_CRL_INFO *inf;
+
+    inf = &crl->crl;
+    if (inf->revoked == NULL)
+        inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp);
+    if (inf->revoked == NULL || !sk_X509_REVOKED_push(inf->revoked, rev)) {
+        ASN1err(ASN1_F_X509_CRL_ADD0_REVOKED, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    inf->enc.modified = 1;
+    return 1;
+}
+
+int X509_CRL_verify(X509_CRL *crl, EVP_PKEY *r)
+{
+    if (crl->meth->crl_verify)
+        return crl->meth->crl_verify(crl, r);
+    return 0;
+}
+
+int X509_CRL_get0_by_serial(X509_CRL *crl,
+                            X509_REVOKED **ret, ASN1_INTEGER *serial)
+{
+    if (crl->meth->crl_lookup)
+        return crl->meth->crl_lookup(crl, ret, serial, NULL);
+    return 0;
+}
+
+int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x)
+{
+    if (crl->meth->crl_lookup)
+        return crl->meth->crl_lookup(crl, ret,
+                                     X509_get_serialNumber(x),
+                                     X509_get_issuer_name(x));
+    return 0;
+}
+
+static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r)
+{
+    return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO),
+                             &crl->sig_alg, &crl->signature, &crl->crl, r));
+}
+
+static int crl_revoked_issuer_match(X509_CRL *crl, X509_NAME *nm,
+                                    X509_REVOKED *rev)
+{
+    int i;
+
+    if (!rev->issuer) {
+        if (!nm)
+            return 1;
+        if (!X509_NAME_cmp(nm, X509_CRL_get_issuer(crl)))
+            return 1;
+        return 0;
+    }
+
+    if (!nm)
+        nm = X509_CRL_get_issuer(crl);
+
+    for (i = 0; i < sk_GENERAL_NAME_num(rev->issuer); i++) {
+        GENERAL_NAME *gen = sk_GENERAL_NAME_value(rev->issuer, i);
+        if (gen->type != GEN_DIRNAME)
+            continue;
+        if (!X509_NAME_cmp(nm, gen->d.directoryName))
+            return 1;
+    }
+    return 0;
+
+}
+
+static int def_crl_lookup(X509_CRL *crl,
+                          X509_REVOKED **ret, ASN1_INTEGER *serial,
+                          X509_NAME *issuer)
+{
+    X509_REVOKED rtmp, *rev;
+    int idx, num;
+
+    if (crl->crl.revoked == NULL)
+        return 0;
+
+    /*
+     * Sort revoked into serial number order if not already sorted. Do this
+     * under a lock to avoid race condition.
+     */
+    if (!sk_X509_REVOKED_is_sorted(crl->crl.revoked)) {
+        CRYPTO_THREAD_write_lock(crl->lock);
+        sk_X509_REVOKED_sort(crl->crl.revoked);
+        CRYPTO_THREAD_unlock(crl->lock);
+    }
+    rtmp.serialNumber = *serial;
+    idx = sk_X509_REVOKED_find(crl->crl.revoked, &rtmp);
+    if (idx < 0)
+        return 0;
+    /* Need to look for matching name */
+    for (num = sk_X509_REVOKED_num(crl->crl.revoked); idx < num; idx++) {
+        rev = sk_X509_REVOKED_value(crl->crl.revoked, idx);
+        if (ASN1_INTEGER_cmp(&rev->serialNumber, serial))
+            return 0;
+        if (crl_revoked_issuer_match(crl, issuer, rev)) {
+            if (ret)
+                *ret = rev;
+            if (rev->reason == CRL_REASON_REMOVE_FROM_CRL)
+                return 2;
+            return 1;
+        }
+    }
+    return 0;
+}
+
+void X509_CRL_set_default_method(const X509_CRL_METHOD *meth)
+{
+    if (meth == NULL)
+        default_crl_method = &int_crl_meth;
+    else
+        default_crl_method = meth;
+}
+
+X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl),
+                                     int (*crl_free) (X509_CRL *crl),
+                                     int (*crl_lookup) (X509_CRL *crl,
+                                                        X509_REVOKED **ret,
+                                                        ASN1_INTEGER *ser,
+                                                        X509_NAME *issuer),
+                                     int (*crl_verify) (X509_CRL *crl,
+                                                        EVP_PKEY *pk))
+{
+    X509_CRL_METHOD *m = OPENSSL_malloc(sizeof(*m));
+
+    if (m == NULL) {
+        X509err(X509_F_X509_CRL_METHOD_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    m->crl_init = crl_init;
+    m->crl_free = crl_free;
+    m->crl_lookup = crl_lookup;
+    m->crl_verify = crl_verify;
+    m->flags = X509_CRL_METHOD_DYNAMIC;
+    return m;
+}
+
+void X509_CRL_METHOD_free(X509_CRL_METHOD *m)
+{
+    if (m == NULL || !(m->flags & X509_CRL_METHOD_DYNAMIC))
+        return;
+    OPENSSL_free(m);
+}
+
+void X509_CRL_set_meth_data(X509_CRL *crl, void *dat)
+{
+    crl->meth_data = dat;
+}
+
+void *X509_CRL_get_meth_data(X509_CRL *crl)
+{
+    return crl->meth_data;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_exten.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_exten.c
new file mode 100644
index 000000000..f10f4a4d8
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_exten.c
@@ -0,0 +1,28 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stddef.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include "x509_lcl.h"
+
+ASN1_SEQUENCE(X509_EXTENSION) = {
+        ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT),
+        ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN),
+        ASN1_EMBED(X509_EXTENSION, value, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(X509_EXTENSION)
+
+ASN1_ITEM_TEMPLATE(X509_EXTENSIONS) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Extension, X509_EXTENSION)
+ASN1_ITEM_TEMPLATE_END(X509_EXTENSIONS)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_EXTENSION)
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_EXTENSION)
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_name.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_name.c
new file mode 100644
index 000000000..a1e9bbdb6
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_name.c
@@ -0,0 +1,551 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/ctype.h"
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include "internal/x509_int.h"
+#include "internal/asn1_int.h"
+#include "x509_lcl.h"
+
+/*
+ * Maximum length of X509_NAME: much larger than anything we should
+ * ever see in practice.
+ */
+
+#define X509_NAME_MAX (1024 * 1024)
+
+static int x509_name_ex_d2i(ASN1_VALUE **val,
+                            const unsigned char **in, long len,
+                            const ASN1_ITEM *it,
+                            int tag, int aclass, char opt, ASN1_TLC *ctx);
+
+static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out,
+                            const ASN1_ITEM *it, int tag, int aclass);
+static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it);
+static void x509_name_ex_free(ASN1_VALUE **val, const ASN1_ITEM *it);
+
+static int x509_name_encode(X509_NAME *a);
+static int x509_name_canon(X509_NAME *a);
+static int asn1_string_canon(ASN1_STRING *out, const ASN1_STRING *in);
+static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) * intname,
+                          unsigned char **in);
+
+static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval,
+                              int indent,
+                              const char *fname, const ASN1_PCTX *pctx);
+
+ASN1_SEQUENCE(X509_NAME_ENTRY) = {
+        ASN1_SIMPLE(X509_NAME_ENTRY, object, ASN1_OBJECT),
+        ASN1_SIMPLE(X509_NAME_ENTRY, value, ASN1_PRINTABLE)
+} ASN1_SEQUENCE_END(X509_NAME_ENTRY)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_NAME_ENTRY)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME_ENTRY)
+
+/*
+ * For the "Name" type we need a SEQUENCE OF { SET OF X509_NAME_ENTRY } so
+ * declare two template wrappers for this
+ */
+
+ASN1_ITEM_TEMPLATE(X509_NAME_ENTRIES) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, RDNS, X509_NAME_ENTRY)
+static_ASN1_ITEM_TEMPLATE_END(X509_NAME_ENTRIES)
+
+ASN1_ITEM_TEMPLATE(X509_NAME_INTERNAL) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Name, X509_NAME_ENTRIES)
+static_ASN1_ITEM_TEMPLATE_END(X509_NAME_INTERNAL)
+
+/*
+ * Normally that's where it would end: we'd have two nested STACK structures
+ * representing the ASN1. Unfortunately X509_NAME uses a completely different
+ * form and caches encodings so we have to process the internal form and
+ * convert to the external form.
+ */
+
+static const ASN1_EXTERN_FUNCS x509_name_ff = {
+    NULL,
+    x509_name_ex_new,
+    x509_name_ex_free,
+    0,                          /* Default clear behaviour is OK */
+    x509_name_ex_d2i,
+    x509_name_ex_i2d,
+    x509_name_ex_print
+};
+
+IMPLEMENT_EXTERN_ASN1(X509_NAME, V_ASN1_SEQUENCE, x509_name_ff)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_NAME)
+
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME)
+
+static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it)
+{
+    X509_NAME *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL)
+        goto memerr;
+    if ((ret->entries = sk_X509_NAME_ENTRY_new_null()) == NULL)
+        goto memerr;
+    if ((ret->bytes = BUF_MEM_new()) == NULL)
+        goto memerr;
+    ret->modified = 1;
+    *val = (ASN1_VALUE *)ret;
+    return 1;
+
+ memerr:
+    ASN1err(ASN1_F_X509_NAME_EX_NEW, ERR_R_MALLOC_FAILURE);
+    if (ret) {
+        sk_X509_NAME_ENTRY_free(ret->entries);
+        OPENSSL_free(ret);
+    }
+    return 0;
+}
+
+static void x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    X509_NAME *a;
+
+    if (!pval || !*pval)
+        return;
+    a = (X509_NAME *)*pval;
+
+    BUF_MEM_free(a->bytes);
+    sk_X509_NAME_ENTRY_pop_free(a->entries, X509_NAME_ENTRY_free);
+    OPENSSL_free(a->canon_enc);
+    OPENSSL_free(a);
+    *pval = NULL;
+}
+
+static void local_sk_X509_NAME_ENTRY_free(STACK_OF(X509_NAME_ENTRY) *ne)
+{
+    sk_X509_NAME_ENTRY_free(ne);
+}
+
+static void local_sk_X509_NAME_ENTRY_pop_free(STACK_OF(X509_NAME_ENTRY) *ne)
+{
+    sk_X509_NAME_ENTRY_pop_free(ne, X509_NAME_ENTRY_free);
+}
+
+static int x509_name_ex_d2i(ASN1_VALUE **val,
+                            const unsigned char **in, long len,
+                            const ASN1_ITEM *it, int tag, int aclass,
+                            char opt, ASN1_TLC *ctx)
+{
+    const unsigned char *p = *in, *q;
+    union {
+        STACK_OF(STACK_OF_X509_NAME_ENTRY) *s;
+        ASN1_VALUE *a;
+    } intname = {
+        NULL
+    };
+    union {
+        X509_NAME *x;
+        ASN1_VALUE *a;
+    } nm = {
+        NULL
+    };
+    int i, j, ret;
+    STACK_OF(X509_NAME_ENTRY) *entries;
+    X509_NAME_ENTRY *entry;
+    if (len > X509_NAME_MAX)
+        len = X509_NAME_MAX;
+    q = p;
+
+    /* Get internal representation of Name */
+    ret = ASN1_item_ex_d2i(&intname.a,
+                           &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL),
+                           tag, aclass, opt, ctx);
+
+    if (ret <= 0)
+        return ret;
+
+    if (*val)
+        x509_name_ex_free(val, NULL);
+    if (!x509_name_ex_new(&nm.a, NULL))
+        goto err;
+    /* We've decoded it: now cache encoding */
+    if (!BUF_MEM_grow(nm.x->bytes, p - q))
+        goto err;
+    memcpy(nm.x->bytes->data, q, p - q);
+
+    /* Convert internal representation to X509_NAME structure */
+    for (i = 0; i < sk_STACK_OF_X509_NAME_ENTRY_num(intname.s); i++) {
+        entries = sk_STACK_OF_X509_NAME_ENTRY_value(intname.s, i);
+        for (j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) {
+            entry = sk_X509_NAME_ENTRY_value(entries, j);
+            entry->set = i;
+            if (!sk_X509_NAME_ENTRY_push(nm.x->entries, entry))
+                goto err;
+            sk_X509_NAME_ENTRY_set(entries, j, NULL);
+        }
+    }
+    ret = x509_name_canon(nm.x);
+    if (!ret)
+        goto err;
+    sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s,
+                                         local_sk_X509_NAME_ENTRY_free);
+    nm.x->modified = 0;
+    *val = nm.a;
+    *in = p;
+    return ret;
+
+ err:
+    if (nm.x != NULL)
+        X509_NAME_free(nm.x);
+    sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s,
+                                         local_sk_X509_NAME_ENTRY_pop_free);
+    ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+    return 0;
+}
+
+static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out,
+                            const ASN1_ITEM *it, int tag, int aclass)
+{
+    int ret;
+    X509_NAME *a = (X509_NAME *)*val;
+    if (a->modified) {
+        ret = x509_name_encode(a);
+        if (ret < 0)
+            return ret;
+        ret = x509_name_canon(a);
+        if (ret < 0)
+            return ret;
+    }
+    ret = a->bytes->length;
+    if (out != NULL) {
+        memcpy(*out, a->bytes->data, ret);
+        *out += ret;
+    }
+    return ret;
+}
+
+static int x509_name_encode(X509_NAME *a)
+{
+    union {
+        STACK_OF(STACK_OF_X509_NAME_ENTRY) *s;
+        ASN1_VALUE *a;
+    } intname = {
+        NULL
+    };
+    int len;
+    unsigned char *p;
+    STACK_OF(X509_NAME_ENTRY) *entries = NULL;
+    X509_NAME_ENTRY *entry;
+    int i, set = -1;
+    intname.s = sk_STACK_OF_X509_NAME_ENTRY_new_null();
+    if (!intname.s)
+        goto memerr;
+    for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
+        entry = sk_X509_NAME_ENTRY_value(a->entries, i);
+        if (entry->set != set) {
+            entries = sk_X509_NAME_ENTRY_new_null();
+            if (!entries)
+                goto memerr;
+            if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname.s, entries)) {
+                sk_X509_NAME_ENTRY_free(entries);
+                goto memerr;
+            }
+            set = entry->set;
+        }
+        if (!sk_X509_NAME_ENTRY_push(entries, entry))
+            goto memerr;
+    }
+    len = ASN1_item_ex_i2d(&intname.a, NULL,
+                           ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
+    if (!BUF_MEM_grow(a->bytes, len))
+        goto memerr;
+    p = (unsigned char *)a->bytes->data;
+    ASN1_item_ex_i2d(&intname.a,
+                     &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
+    sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s,
+                                         local_sk_X509_NAME_ENTRY_free);
+    a->modified = 0;
+    return len;
+ memerr:
+    sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s,
+                                         local_sk_X509_NAME_ENTRY_free);
+    ASN1err(ASN1_F_X509_NAME_ENCODE, ERR_R_MALLOC_FAILURE);
+    return -1;
+}
+
+static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval,
+                              int indent,
+                              const char *fname, const ASN1_PCTX *pctx)
+{
+    if (X509_NAME_print_ex(out, (const X509_NAME *)*pval,
+                           indent, pctx->nm_flags) <= 0)
+        return 0;
+    return 2;
+}
+
+/*
+ * This function generates the canonical encoding of the Name structure. In
+ * it all strings are converted to UTF8, leading, trailing and multiple
+ * spaces collapsed, converted to lower case and the leading SEQUENCE header
+ * removed. In future we could also normalize the UTF8 too. By doing this
+ * comparison of Name structures can be rapidly performed by just using
+ * memcmp() of the canonical encoding. By omitting the leading SEQUENCE name
+ * constraints of type dirName can also be checked with a simple memcmp().
+ */
+
+static int x509_name_canon(X509_NAME *a)
+{
+    unsigned char *p;
+    STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname;
+    STACK_OF(X509_NAME_ENTRY) *entries = NULL;
+    X509_NAME_ENTRY *entry, *tmpentry = NULL;
+    int i, set = -1, ret = 0, len;
+
+    OPENSSL_free(a->canon_enc);
+    a->canon_enc = NULL;
+    /* Special case: empty X509_NAME => null encoding */
+    if (sk_X509_NAME_ENTRY_num(a->entries) == 0) {
+        a->canon_enclen = 0;
+        return 1;
+    }
+    intname = sk_STACK_OF_X509_NAME_ENTRY_new_null();
+    if (intname == NULL) {
+        X509err(X509_F_X509_NAME_CANON, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
+        entry = sk_X509_NAME_ENTRY_value(a->entries, i);
+        if (entry->set != set) {
+            entries = sk_X509_NAME_ENTRY_new_null();
+            if (entries == NULL)
+                goto err;
+            if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries)) {
+                sk_X509_NAME_ENTRY_free(entries);
+                X509err(X509_F_X509_NAME_CANON, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            set = entry->set;
+        }
+        tmpentry = X509_NAME_ENTRY_new();
+        if (tmpentry == NULL) {
+            X509err(X509_F_X509_NAME_CANON, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        tmpentry->object = OBJ_dup(entry->object);
+        if (tmpentry->object == NULL) {
+            X509err(X509_F_X509_NAME_CANON, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (!asn1_string_canon(tmpentry->value, entry->value))
+            goto err;
+        if (!sk_X509_NAME_ENTRY_push(entries, tmpentry)) {
+            X509err(X509_F_X509_NAME_CANON, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        tmpentry = NULL;
+    }
+
+    /* Finally generate encoding */
+    len = i2d_name_canon(intname, NULL);
+    if (len < 0)
+        goto err;
+    a->canon_enclen = len;
+
+    p = OPENSSL_malloc(a->canon_enclen);
+    if (p == NULL) {
+        X509err(X509_F_X509_NAME_CANON, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    a->canon_enc = p;
+
+    i2d_name_canon(intname, &p);
+
+    ret = 1;
+
+ err:
+    X509_NAME_ENTRY_free(tmpentry);
+    sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname,
+                                         local_sk_X509_NAME_ENTRY_pop_free);
+    return ret;
+}
+
+/* Bitmap of all the types of string that will be canonicalized. */
+
+#define ASN1_MASK_CANON \
+        (B_ASN1_UTF8STRING | B_ASN1_BMPSTRING | B_ASN1_UNIVERSALSTRING \
+        | B_ASN1_PRINTABLESTRING | B_ASN1_T61STRING | B_ASN1_IA5STRING \
+        | B_ASN1_VISIBLESTRING)
+
+static int asn1_string_canon(ASN1_STRING *out, const ASN1_STRING *in)
+{
+    unsigned char *to, *from;
+    int len, i;
+
+    /* If type not in bitmask just copy string across */
+    if (!(ASN1_tag2bit(in->type) & ASN1_MASK_CANON)) {
+        if (!ASN1_STRING_copy(out, in))
+            return 0;
+        return 1;
+    }
+
+    out->type = V_ASN1_UTF8STRING;
+    out->length = ASN1_STRING_to_UTF8(&out->data, in);
+    if (out->length == -1)
+        return 0;
+
+    to = out->data;
+    from = to;
+
+    len = out->length;
+
+    /*
+     * Convert string in place to canonical form. Ultimately we may need to
+     * handle a wider range of characters but for now ignore anything with
+     * MSB set and rely on the ossl_isspace() to fail on bad characters without
+     * needing isascii or range checks as well.
+     */
+
+    /* Ignore leading spaces */
+    while (len > 0 && ossl_isspace(*from)) {
+        from++;
+        len--;
+    }
+
+    to = from + len;
+
+    /* Ignore trailing spaces */
+    while (len > 0 && ossl_isspace(to[-1])) {
+        to--;
+        len--;
+    }
+
+    to = out->data;
+
+    i = 0;
+    while (i < len) {
+        /* If not ASCII set just copy across */
+        if (!ossl_isascii(*from)) {
+            *to++ = *from++;
+            i++;
+        }
+        /* Collapse multiple spaces */
+        else if (ossl_isspace(*from)) {
+            /* Copy one space across */
+            *to++ = ' ';
+            /*
+             * Ignore subsequent spaces. Note: don't need to check len here
+             * because we know the last character is a non-space so we can't
+             * overflow.
+             */
+            do {
+                from++;
+                i++;
+            }
+            while (ossl_isspace(*from));
+        } else {
+            *to++ = ossl_tolower(*from);
+            from++;
+            i++;
+        }
+    }
+
+    out->length = to - out->data;
+
+    return 1;
+
+}
+
+static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) * _intname,
+                          unsigned char **in)
+{
+    int i, len, ltmp;
+    ASN1_VALUE *v;
+    STACK_OF(ASN1_VALUE) *intname = (STACK_OF(ASN1_VALUE) *)_intname;
+
+    len = 0;
+    for (i = 0; i < sk_ASN1_VALUE_num(intname); i++) {
+        v = sk_ASN1_VALUE_value(intname, i);
+        ltmp = ASN1_item_ex_i2d(&v, in,
+                                ASN1_ITEM_rptr(X509_NAME_ENTRIES), -1, -1);
+        if (ltmp < 0)
+            return ltmp;
+        len += ltmp;
+    }
+    return len;
+}
+
+int X509_NAME_set(X509_NAME **xn, X509_NAME *name)
+{
+    if (*xn == name)
+        return *xn != NULL;
+    if ((name = X509_NAME_dup(name)) == NULL)
+        return 0;
+    X509_NAME_free(*xn);
+    *xn = name;
+    return 1;
+}
+
+int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase)
+{
+    char *s, *c, *b;
+    int l, i;
+
+    l = 80 - 2 - obase;
+
+    b = X509_NAME_oneline(name, NULL, 0);
+    if (!b)
+        return 0;
+    if (!*b) {
+        OPENSSL_free(b);
+        return 1;
+    }
+    s = b + 1;                  /* skip the first slash */
+
+    c = s;
+    for (;;) {
+        if (((*s == '/') &&
+             (ossl_isupper(s[1]) && ((s[2] == '=') ||
+                                (ossl_isupper(s[2]) && (s[3] == '='))
+              ))) || (*s == '\0'))
+        {
+            i = s - c;
+            if (BIO_write(bp, c, i) != i)
+                goto err;
+            c = s + 1;          /* skip following slash */
+            if (*s != '\0') {
+                if (BIO_write(bp, ", ", 2) != 2)
+                    goto err;
+            }
+            l--;
+        }
+        if (*s == '\0')
+            break;
+        s++;
+        l--;
+    }
+
+    OPENSSL_free(b);
+    return 1;
+ err:
+    X509err(X509_F_X509_NAME_PRINT, ERR_R_BUF_LIB);
+    OPENSSL_free(b);
+    return 0;
+}
+
+int X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder,
+                       size_t *pderlen)
+{
+    /* Make sure encoding is valid */
+    if (i2d_X509_NAME(nm, NULL) <= 0)
+        return 0;
+    if (pder != NULL)
+        *pder = (unsigned char *)nm->bytes->data;
+    if (pderlen != NULL)
+        *pderlen = nm->bytes->length;
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_pubkey.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_pubkey.c
new file mode 100644
index 000000000..1c87b8268
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_pubkey.c
@@ -0,0 +1,375 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
+#include "internal/x509_int.h"
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+
+struct X509_pubkey_st {
+    X509_ALGOR *algor;
+    ASN1_BIT_STRING *public_key;
+    EVP_PKEY *pkey;
+};
+
+static int x509_pubkey_decode(EVP_PKEY **pk, X509_PUBKEY *key);
+
+/* Minor tweak to operation: free up EVP_PKEY */
+static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                     void *exarg)
+{
+    if (operation == ASN1_OP_FREE_POST) {
+        X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval;
+        EVP_PKEY_free(pubkey->pkey);
+    } else if (operation == ASN1_OP_D2I_POST) {
+        /* Attempt to decode public key and cache in pubkey structure. */
+        X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval;
+        EVP_PKEY_free(pubkey->pkey);
+        pubkey->pkey = NULL;
+        /*
+         * Opportunistically decode the key but remove any non fatal errors
+         * from the queue. Subsequent explicit attempts to decode/use the key
+         * will return an appropriate error.
+         */
+        ERR_set_mark();
+        if (x509_pubkey_decode(&pubkey->pkey, pubkey) == -1)
+            return 0;
+        ERR_pop_to_mark();
+    }
+    return 1;
+}
+
+ASN1_SEQUENCE_cb(X509_PUBKEY, pubkey_cb) = {
+        ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR),
+        ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END_cb(X509_PUBKEY, X509_PUBKEY)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY)
+
+int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
+{
+    X509_PUBKEY *pk = NULL;
+
+    if (x == NULL)
+        return 0;
+
+    if ((pk = X509_PUBKEY_new()) == NULL)
+        goto error;
+
+    if (pkey->ameth) {
+        if (pkey->ameth->pub_encode) {
+            if (!pkey->ameth->pub_encode(pk, pkey)) {
+                X509err(X509_F_X509_PUBKEY_SET,
+                        X509_R_PUBLIC_KEY_ENCODE_ERROR);
+                goto error;
+            }
+        } else {
+            X509err(X509_F_X509_PUBKEY_SET, X509_R_METHOD_NOT_SUPPORTED);
+            goto error;
+        }
+    } else {
+        X509err(X509_F_X509_PUBKEY_SET, X509_R_UNSUPPORTED_ALGORITHM);
+        goto error;
+    }
+
+    X509_PUBKEY_free(*x);
+    *x = pk;
+    pk->pkey = pkey;
+    EVP_PKEY_up_ref(pkey);
+    return 1;
+
+ error:
+    X509_PUBKEY_free(pk);
+    return 0;
+}
+
+/*
+ * Attempt to decode a public key.
+ * Returns 1 on success, 0 for a decode failure and -1 for a fatal
+ * error e.g. malloc failure.
+ */
+
+
+static int x509_pubkey_decode(EVP_PKEY **ppkey, X509_PUBKEY *key)
+{
+    EVP_PKEY *pkey = EVP_PKEY_new();
+
+    if (pkey == NULL) {
+        X509err(X509_F_X509_PUBKEY_DECODE, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+
+    if (!EVP_PKEY_set_type(pkey, OBJ_obj2nid(key->algor->algorithm))) {
+        X509err(X509_F_X509_PUBKEY_DECODE, X509_R_UNSUPPORTED_ALGORITHM);
+        goto error;
+    }
+
+    if (pkey->ameth->pub_decode) {
+        /*
+         * Treat any failure of pub_decode as a decode error. In
+         * future we could have different return codes for decode
+         * errors and fatal errors such as malloc failure.
+         */
+        if (!pkey->ameth->pub_decode(pkey, key)) {
+            X509err(X509_F_X509_PUBKEY_DECODE, X509_R_PUBLIC_KEY_DECODE_ERROR);
+            goto error;
+        }
+    } else {
+        X509err(X509_F_X509_PUBKEY_DECODE, X509_R_METHOD_NOT_SUPPORTED);
+        goto error;
+    }
+
+    *ppkey = pkey;
+    return 1;
+
+ error:
+    EVP_PKEY_free(pkey);
+    return 0;
+}
+
+EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key)
+{
+    EVP_PKEY *ret = NULL;
+
+    if (key == NULL || key->public_key == NULL)
+        return NULL;
+
+    if (key->pkey != NULL)
+        return key->pkey;
+
+    /*
+     * When the key ASN.1 is initially parsed an attempt is made to
+     * decode the public key and cache the EVP_PKEY structure. If this
+     * operation fails the cached value will be NULL. Parsing continues
+     * to allow parsing of unknown key types or unsupported forms.
+     * We repeat the decode operation so the appropriate errors are left
+     * in the queue.
+     */
+    x509_pubkey_decode(&ret, key);
+    /* If decode doesn't fail something bad happened */
+    if (ret != NULL) {
+        X509err(X509_F_X509_PUBKEY_GET0, ERR_R_INTERNAL_ERROR);
+        EVP_PKEY_free(ret);
+    }
+
+    return NULL;
+}
+
+EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
+{
+    EVP_PKEY *ret = X509_PUBKEY_get0(key);
+    if (ret != NULL)
+        EVP_PKEY_up_ref(ret);
+    return ret;
+}
+
+/*
+ * Now two pseudo ASN1 routines that take an EVP_PKEY structure and encode or
+ * decode as X509_PUBKEY
+ */
+
+EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length)
+{
+    X509_PUBKEY *xpk;
+    EVP_PKEY *pktmp;
+    const unsigned char *q;
+    q = *pp;
+    xpk = d2i_X509_PUBKEY(NULL, &q, length);
+    if (!xpk)
+        return NULL;
+    pktmp = X509_PUBKEY_get(xpk);
+    X509_PUBKEY_free(xpk);
+    if (!pktmp)
+        return NULL;
+    *pp = q;
+    if (a) {
+        EVP_PKEY_free(*a);
+        *a = pktmp;
+    }
+    return pktmp;
+}
+
+int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp)
+{
+    X509_PUBKEY *xpk = NULL;
+    int ret;
+    if (!a)
+        return 0;
+    if (!X509_PUBKEY_set(&xpk, a))
+        return -1;
+    ret = i2d_X509_PUBKEY(xpk, pp);
+    X509_PUBKEY_free(xpk);
+    return ret;
+}
+
+/*
+ * The following are equivalents but which return RSA and DSA keys
+ */
+#ifndef OPENSSL_NO_RSA
+RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length)
+{
+    EVP_PKEY *pkey;
+    RSA *key;
+    const unsigned char *q;
+    q = *pp;
+    pkey = d2i_PUBKEY(NULL, &q, length);
+    if (!pkey)
+        return NULL;
+    key = EVP_PKEY_get1_RSA(pkey);
+    EVP_PKEY_free(pkey);
+    if (!key)
+        return NULL;
+    *pp = q;
+    if (a) {
+        RSA_free(*a);
+        *a = key;
+    }
+    return key;
+}
+
+int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp)
+{
+    EVP_PKEY *pktmp;
+    int ret;
+    if (!a)
+        return 0;
+    pktmp = EVP_PKEY_new();
+    if (pktmp == NULL) {
+        ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+    EVP_PKEY_set1_RSA(pktmp, a);
+    ret = i2d_PUBKEY(pktmp, pp);
+    EVP_PKEY_free(pktmp);
+    return ret;
+}
+#endif
+
+#ifndef OPENSSL_NO_DSA
+DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length)
+{
+    EVP_PKEY *pkey;
+    DSA *key;
+    const unsigned char *q;
+    q = *pp;
+    pkey = d2i_PUBKEY(NULL, &q, length);
+    if (!pkey)
+        return NULL;
+    key = EVP_PKEY_get1_DSA(pkey);
+    EVP_PKEY_free(pkey);
+    if (!key)
+        return NULL;
+    *pp = q;
+    if (a) {
+        DSA_free(*a);
+        *a = key;
+    }
+    return key;
+}
+
+int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp)
+{
+    EVP_PKEY *pktmp;
+    int ret;
+    if (!a)
+        return 0;
+    pktmp = EVP_PKEY_new();
+    if (pktmp == NULL) {
+        ASN1err(ASN1_F_I2D_DSA_PUBKEY, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+    EVP_PKEY_set1_DSA(pktmp, a);
+    ret = i2d_PUBKEY(pktmp, pp);
+    EVP_PKEY_free(pktmp);
+    return ret;
+}
+#endif
+
+#ifndef OPENSSL_NO_EC
+EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length)
+{
+    EVP_PKEY *pkey;
+    EC_KEY *key;
+    const unsigned char *q;
+    q = *pp;
+    pkey = d2i_PUBKEY(NULL, &q, length);
+    if (!pkey)
+        return NULL;
+    key = EVP_PKEY_get1_EC_KEY(pkey);
+    EVP_PKEY_free(pkey);
+    if (!key)
+        return NULL;
+    *pp = q;
+    if (a) {
+        EC_KEY_free(*a);
+        *a = key;
+    }
+    return key;
+}
+
+int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp)
+{
+    EVP_PKEY *pktmp;
+    int ret;
+    if (!a)
+        return 0;
+    if ((pktmp = EVP_PKEY_new()) == NULL) {
+        ASN1err(ASN1_F_I2D_EC_PUBKEY, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+    EVP_PKEY_set1_EC_KEY(pktmp, a);
+    ret = i2d_PUBKEY(pktmp, pp);
+    EVP_PKEY_free(pktmp);
+    return ret;
+}
+#endif
+
+int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
+                           int ptype, void *pval,
+                           unsigned char *penc, int penclen)
+{
+    if (!X509_ALGOR_set0(pub->algor, aobj, ptype, pval))
+        return 0;
+    if (penc) {
+        OPENSSL_free(pub->public_key->data);
+        pub->public_key->data = penc;
+        pub->public_key->length = penclen;
+        /* Set number of unused bits to zero */
+        pub->public_key->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
+        pub->public_key->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+    }
+    return 1;
+}
+
+int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg,
+                           const unsigned char **pk, int *ppklen,
+                           X509_ALGOR **pa, X509_PUBKEY *pub)
+{
+    if (ppkalg)
+        *ppkalg = pub->algor->algorithm;
+    if (pk) {
+        *pk = pub->public_key->data;
+        *ppklen = pub->public_key->length;
+    }
+    if (pa)
+        *pa = pub->algor;
+    return 1;
+}
+
+ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x)
+{
+    if (x == NULL)
+        return NULL;
+    return x->cert_info.key->public_key;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_req.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_req.c
new file mode 100644
index 000000000..c2da95a73
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_req.c
@@ -0,0 +1,68 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include "internal/x509_int.h"
+
+/*-
+ * X509_REQ_INFO is handled in an unusual way to get round
+ * invalid encodings. Some broken certificate requests don't
+ * encode the attributes field if it is empty. This is in
+ * violation of PKCS#10 but we need to tolerate it. We do
+ * this by making the attributes field OPTIONAL then using
+ * the callback to initialise it to an empty STACK.
+ *
+ * This means that the field will be correctly encoded unless
+ * we NULL out the field.
+ *
+ * As a result we no longer need the req_kludge field because
+ * the information is now contained in the attributes field:
+ * 1. If it is NULL then it's the invalid omission.
+ * 2. If it is empty it is the correct encoding.
+ * 3. If it is not empty then some attributes are present.
+ *
+ */
+
+static int rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                   void *exarg)
+{
+    X509_REQ_INFO *rinf = (X509_REQ_INFO *)*pval;
+
+    if (operation == ASN1_OP_NEW_POST) {
+        rinf->attributes = sk_X509_ATTRIBUTE_new_null();
+        if (!rinf->attributes)
+            return 0;
+    }
+    return 1;
+}
+
+ASN1_SEQUENCE_enc(X509_REQ_INFO, enc, rinf_cb) = {
+        ASN1_SIMPLE(X509_REQ_INFO, version, ASN1_INTEGER),
+        ASN1_SIMPLE(X509_REQ_INFO, subject, X509_NAME),
+        ASN1_SIMPLE(X509_REQ_INFO, pubkey, X509_PUBKEY),
+        /* This isn't really OPTIONAL but it gets round invalid
+         * encodings
+         */
+        ASN1_IMP_SET_OF_OPT(X509_REQ_INFO, attributes, X509_ATTRIBUTE, 0)
+} ASN1_SEQUENCE_END_enc(X509_REQ_INFO, X509_REQ_INFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_REQ_INFO)
+
+ASN1_SEQUENCE_ref(X509_REQ, 0) = {
+        ASN1_EMBED(X509_REQ, req_info, X509_REQ_INFO),
+        ASN1_EMBED(X509_REQ, sig_alg, X509_ALGOR),
+        ASN1_SIMPLE(X509_REQ, signature, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END_ref(X509_REQ, X509_REQ)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_REQ)
+
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_REQ)
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_x509.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_x509.c
new file mode 100644
index 000000000..afe59c46c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_x509.c
@@ -0,0 +1,247 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include "internal/x509_int.h"
+
+ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = {
+        ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0),
+        ASN1_EMBED(X509_CINF, serialNumber, ASN1_INTEGER),
+        ASN1_EMBED(X509_CINF, signature, X509_ALGOR),
+        ASN1_SIMPLE(X509_CINF, issuer, X509_NAME),
+        ASN1_EMBED(X509_CINF, validity, X509_VAL),
+        ASN1_SIMPLE(X509_CINF, subject, X509_NAME),
+        ASN1_SIMPLE(X509_CINF, key, X509_PUBKEY),
+        ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1),
+        ASN1_IMP_OPT(X509_CINF, subjectUID, ASN1_BIT_STRING, 2),
+        ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF, extensions, X509_EXTENSION, 3)
+} ASN1_SEQUENCE_END_enc(X509_CINF, X509_CINF)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_CINF)
+/* X509 top level structure needs a bit of customisation */
+
+extern void policy_cache_free(X509_POLICY_CACHE *cache);
+
+static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                   void *exarg)
+{
+    X509 *ret = (X509 *)*pval;
+
+    switch (operation) {
+
+    case ASN1_OP_D2I_PRE:
+        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
+        X509_CERT_AUX_free(ret->aux);
+        ASN1_OCTET_STRING_free(ret->skid);
+        AUTHORITY_KEYID_free(ret->akid);
+        CRL_DIST_POINTS_free(ret->crldp);
+        policy_cache_free(ret->policy_cache);
+        GENERAL_NAMES_free(ret->altname);
+        NAME_CONSTRAINTS_free(ret->nc);
+#ifndef OPENSSL_NO_RFC3779
+        sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);
+        ASIdentifiers_free(ret->rfc3779_asid);
+#endif
+
+        /* fall thru */
+
+    case ASN1_OP_NEW_POST:
+        ret->ex_cached = 0;
+        ret->ex_kusage = 0;
+        ret->ex_xkusage = 0;
+        ret->ex_nscert = 0;
+        ret->ex_flags = 0;
+        ret->ex_pathlen = -1;
+        ret->ex_pcpathlen = -1;
+        ret->skid = NULL;
+        ret->akid = NULL;
+        ret->policy_cache = NULL;
+        ret->altname = NULL;
+        ret->nc = NULL;
+#ifndef OPENSSL_NO_RFC3779
+        ret->rfc3779_addr = NULL;
+        ret->rfc3779_asid = NULL;
+#endif
+        ret->aux = NULL;
+        ret->crldp = NULL;
+        if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data))
+            return 0;
+        break;
+
+    case ASN1_OP_FREE_POST:
+        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
+        X509_CERT_AUX_free(ret->aux);
+        ASN1_OCTET_STRING_free(ret->skid);
+        AUTHORITY_KEYID_free(ret->akid);
+        CRL_DIST_POINTS_free(ret->crldp);
+        policy_cache_free(ret->policy_cache);
+        GENERAL_NAMES_free(ret->altname);
+        NAME_CONSTRAINTS_free(ret->nc);
+#ifndef OPENSSL_NO_RFC3779
+        sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);
+        ASIdentifiers_free(ret->rfc3779_asid);
+#endif
+        break;
+
+    }
+
+    return 1;
+
+}
+
+ASN1_SEQUENCE_ref(X509, x509_cb) = {
+        ASN1_EMBED(X509, cert_info, X509_CINF),
+        ASN1_EMBED(X509, sig_alg, X509_ALGOR),
+        ASN1_EMBED(X509, signature, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END_ref(X509, X509)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509)
+
+IMPLEMENT_ASN1_DUP_FUNCTION(X509)
+
+int X509_set_ex_data(X509 *r, int idx, void *arg)
+{
+    return CRYPTO_set_ex_data(&r->ex_data, idx, arg);
+}
+
+void *X509_get_ex_data(X509 *r, int idx)
+{
+    return CRYPTO_get_ex_data(&r->ex_data, idx);
+}
+
+/*
+ * X509_AUX ASN1 routines. X509_AUX is the name given to a certificate with
+ * extra info tagged on the end. Since these functions set how a certificate
+ * is trusted they should only be used when the certificate comes from a
+ * reliable source such as local storage.
+ */
+
+X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
+{
+    const unsigned char *q;
+    X509 *ret;
+    int freeret = 0;
+
+    /* Save start position */
+    q = *pp;
+
+    if (a == NULL || *a == NULL)
+        freeret = 1;
+    ret = d2i_X509(a, &q, length);
+    /* If certificate unreadable then forget it */
+    if (ret == NULL)
+        return NULL;
+    /* update length */
+    length -= q - *pp;
+    if (length > 0 && !d2i_X509_CERT_AUX(&ret->aux, &q, length))
+        goto err;
+    *pp = q;
+    return ret;
+ err:
+    if (freeret) {
+        X509_free(ret);
+        if (a)
+            *a = NULL;
+    }
+    return NULL;
+}
+
+/*
+ * Serialize trusted certificate to *pp or just return the required buffer
+ * length if pp == NULL.  We ultimately want to avoid modifying *pp in the
+ * error path, but that depends on similar hygiene in lower-level functions.
+ * Here we avoid compounding the problem.
+ */
+static int i2d_x509_aux_internal(X509 *a, unsigned char **pp)
+{
+    int length, tmplen;
+    unsigned char *start = pp != NULL ? *pp : NULL;
+
+    /*
+     * This might perturb *pp on error, but fixing that belongs in i2d_X509()
+     * not here.  It should be that if a == NULL length is zero, but we check
+     * both just in case.
+     */
+    length = i2d_X509(a, pp);
+    if (length <= 0 || a == NULL)
+        return length;
+
+    tmplen = i2d_X509_CERT_AUX(a->aux, pp);
+    if (tmplen < 0) {
+        if (start != NULL)
+            *pp = start;
+        return tmplen;
+    }
+    length += tmplen;
+
+    return length;
+}
+
+/*
+ * Serialize trusted certificate to *pp, or just return the required buffer
+ * length if pp == NULL.
+ *
+ * When pp is not NULL, but *pp == NULL, we allocate the buffer, but since
+ * we're writing two ASN.1 objects back to back, we can't have i2d_X509() do
+ * the allocation, nor can we allow i2d_X509_CERT_AUX() to increment the
+ * allocated buffer.
+ */
+int i2d_X509_AUX(X509 *a, unsigned char **pp)
+{
+    int length;
+    unsigned char *tmp;
+
+    /* Buffer provided by caller */
+    if (pp == NULL || *pp != NULL)
+        return i2d_x509_aux_internal(a, pp);
+
+    /* Obtain the combined length */
+    if ((length = i2d_x509_aux_internal(a, NULL)) <= 0)
+        return length;
+
+    /* Allocate requisite combined storage */
+    *pp = tmp = OPENSSL_malloc(length);
+    if (tmp == NULL) {
+        X509err(X509_F_I2D_X509_AUX, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+
+    /* Encode, but keep *pp at the originally malloced pointer */
+    length = i2d_x509_aux_internal(a, &tmp);
+    if (length <= 0) {
+        OPENSSL_free(*pp);
+        *pp = NULL;
+    }
+    return length;
+}
+
+int i2d_re_X509_tbs(X509 *x, unsigned char **pp)
+{
+    x->cert_info.enc.modified = 1;
+    return i2d_X509_CINF(&x->cert_info, pp);
+}
+
+void X509_get0_signature(const ASN1_BIT_STRING **psig,
+                         const X509_ALGOR **palg, const X509 *x)
+{
+    if (psig)
+        *psig = &x->signature;
+    if (palg)
+        *palg = &x->sig_alg;
+}
+
+int X509_get_signature_nid(const X509 *x)
+{
+    return OBJ_obj2nid(x->sig_alg.algorithm);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_x509a.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_x509a.c
new file mode 100644
index 000000000..8c9ad71d1
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_x509a.c
@@ -0,0 +1,169 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include "internal/x509_int.h"
+
+/*
+ * X509_CERT_AUX routines. These are used to encode additional user
+ * modifiable data about a certificate. This data is appended to the X509
+ * encoding when the *_X509_AUX routines are used. This means that the
+ * "traditional" X509 routines will simply ignore the extra data.
+ */
+
+static X509_CERT_AUX *aux_get(X509 *x);
+
+ASN1_SEQUENCE(X509_CERT_AUX) = {
+        ASN1_SEQUENCE_OF_OPT(X509_CERT_AUX, trust, ASN1_OBJECT),
+        ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, reject, ASN1_OBJECT, 0),
+        ASN1_OPT(X509_CERT_AUX, alias, ASN1_UTF8STRING),
+        ASN1_OPT(X509_CERT_AUX, keyid, ASN1_OCTET_STRING),
+        ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, other, X509_ALGOR, 1)
+} ASN1_SEQUENCE_END(X509_CERT_AUX)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_AUX)
+
+int X509_trusted(const X509 *x)
+{
+    return x->aux ? 1 : 0;
+}
+
+static X509_CERT_AUX *aux_get(X509 *x)
+{
+    if (x == NULL)
+        return NULL;
+    if (x->aux == NULL && (x->aux = X509_CERT_AUX_new()) == NULL)
+        return NULL;
+    return x->aux;
+}
+
+int X509_alias_set1(X509 *x, const unsigned char *name, int len)
+{
+    X509_CERT_AUX *aux;
+    if (!name) {
+        if (!x || !x->aux || !x->aux->alias)
+            return 1;
+        ASN1_UTF8STRING_free(x->aux->alias);
+        x->aux->alias = NULL;
+        return 1;
+    }
+    if ((aux = aux_get(x)) == NULL)
+        return 0;
+    if (aux->alias == NULL && (aux->alias = ASN1_UTF8STRING_new()) == NULL)
+        return 0;
+    return ASN1_STRING_set(aux->alias, name, len);
+}
+
+int X509_keyid_set1(X509 *x, const unsigned char *id, int len)
+{
+    X509_CERT_AUX *aux;
+    if (!id) {
+        if (!x || !x->aux || !x->aux->keyid)
+            return 1;
+        ASN1_OCTET_STRING_free(x->aux->keyid);
+        x->aux->keyid = NULL;
+        return 1;
+    }
+    if ((aux = aux_get(x)) == NULL)
+        return 0;
+    if (aux->keyid == NULL
+        && (aux->keyid = ASN1_OCTET_STRING_new()) == NULL)
+        return 0;
+    return ASN1_STRING_set(aux->keyid, id, len);
+}
+
+unsigned char *X509_alias_get0(X509 *x, int *len)
+{
+    if (!x->aux || !x->aux->alias)
+        return NULL;
+    if (len)
+        *len = x->aux->alias->length;
+    return x->aux->alias->data;
+}
+
+unsigned char *X509_keyid_get0(X509 *x, int *len)
+{
+    if (!x->aux || !x->aux->keyid)
+        return NULL;
+    if (len)
+        *len = x->aux->keyid->length;
+    return x->aux->keyid->data;
+}
+
+int X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj)
+{
+    X509_CERT_AUX *aux;
+    ASN1_OBJECT *objtmp = NULL;
+    if (obj) {
+        objtmp = OBJ_dup(obj);
+        if (!objtmp)
+            return 0;
+    }
+    if ((aux = aux_get(x)) == NULL)
+        goto err;
+    if (aux->trust == NULL
+        && (aux->trust = sk_ASN1_OBJECT_new_null()) == NULL)
+        goto err;
+    if (!objtmp || sk_ASN1_OBJECT_push(aux->trust, objtmp))
+        return 1;
+ err:
+    ASN1_OBJECT_free(objtmp);
+    return 0;
+}
+
+int X509_add1_reject_object(X509 *x, const ASN1_OBJECT *obj)
+{
+    X509_CERT_AUX *aux;
+    ASN1_OBJECT *objtmp;
+    if ((objtmp = OBJ_dup(obj)) == NULL)
+        return 0;
+    if ((aux = aux_get(x)) == NULL)
+        goto err;
+    if (aux->reject == NULL
+        && (aux->reject = sk_ASN1_OBJECT_new_null()) == NULL)
+        goto err;
+    return sk_ASN1_OBJECT_push(aux->reject, objtmp);
+ err:
+    ASN1_OBJECT_free(objtmp);
+    return 0;
+}
+
+void X509_trust_clear(X509 *x)
+{
+    if (x->aux) {
+        sk_ASN1_OBJECT_pop_free(x->aux->trust, ASN1_OBJECT_free);
+        x->aux->trust = NULL;
+    }
+}
+
+void X509_reject_clear(X509 *x)
+{
+    if (x->aux) {
+        sk_ASN1_OBJECT_pop_free(x->aux->reject, ASN1_OBJECT_free);
+        x->aux->reject = NULL;
+    }
+}
+
+STACK_OF(ASN1_OBJECT) *X509_get0_trust_objects(X509 *x)
+{
+    if (x->aux != NULL)
+        return x->aux->trust;
+    return NULL;
+}
+
+STACK_OF(ASN1_OBJECT) *X509_get0_reject_objects(X509 *x)
+{
+    if (x->aux != NULL)
+        return x->aux->reject;
+    return NULL;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/build.info
new file mode 100644
index 000000000..4ab648849
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/build.info
@@ -0,0 +1,8 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+  v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c v3_lib.c \
+  v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c v3_pku.c \
+  v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3_info.c \
+  v3_akeya.c v3_pmaps.c v3_pcons.c v3_ncons.c v3_pcia.c v3_pci.c \
+  pcy_cache.c pcy_node.c pcy_data.c pcy_map.c pcy_tree.c pcy_lib.c \
+  v3_asid.c v3_addr.c v3_tlsf.c v3_admis.c
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/ext_dat.h b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/ext_dat.h
new file mode 100644
index 000000000..762e264bb
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/ext_dat.h
@@ -0,0 +1,25 @@
+/*
+ * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+int name_cmp(const char *name, const char *cmp);
+
+extern const X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;
+extern const X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo;
+extern const X509V3_EXT_METHOD v3_ns_ia5_list[8], v3_alt[3], v3_skey_id, v3_akey_id;
+extern const X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate;
+extern const X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld, v3_freshest_crl;
+extern const X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff;
+extern const X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc;
+extern const X509V3_EXT_METHOD v3_crl_hold, v3_pci;
+extern const X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints;
+extern const X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp, v3_idp;
+extern const X509V3_EXT_METHOD v3_addr, v3_asid;
+extern const X509V3_EXT_METHOD v3_ct_scts[3];
+extern const X509V3_EXT_METHOD v3_tls_feature;
+extern const X509V3_EXT_METHOD v3_ext_admission;
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/pcy_cache.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/pcy_cache.c
new file mode 100644
index 000000000..623870b1f
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/pcy_cache.c
@@ -0,0 +1,224 @@
+/*
+ * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include "internal/x509_int.h"
+
+#include "pcy_int.h"
+
+static int policy_data_cmp(const X509_POLICY_DATA *const *a,
+                           const X509_POLICY_DATA *const *b);
+static int policy_cache_set_int(long *out, ASN1_INTEGER *value);
+
+/*
+ * Set cache entry according to CertificatePolicies extension. Note: this
+ * destroys the passed CERTIFICATEPOLICIES structure.
+ */
+
+static int policy_cache_create(X509 *x,
+                               CERTIFICATEPOLICIES *policies, int crit)
+{
+    int i, num, ret = 0;
+    X509_POLICY_CACHE *cache = x->policy_cache;
+    X509_POLICY_DATA *data = NULL;
+    POLICYINFO *policy;
+
+    if ((num = sk_POLICYINFO_num(policies)) <= 0)
+        goto bad_policy;
+    cache->data = sk_X509_POLICY_DATA_new(policy_data_cmp);
+    if (cache->data == NULL) {
+        X509V3err(X509V3_F_POLICY_CACHE_CREATE, ERR_R_MALLOC_FAILURE);
+        goto just_cleanup;
+    }
+    for (i = 0; i < num; i++) {
+        policy = sk_POLICYINFO_value(policies, i);
+        data = policy_data_new(policy, NULL, crit);
+        if (data == NULL) {
+            X509V3err(X509V3_F_POLICY_CACHE_CREATE, ERR_R_MALLOC_FAILURE);
+            goto just_cleanup;
+        }
+        /*
+         * Duplicate policy OIDs are illegal: reject if matches found.
+         */
+        if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) {
+            if (cache->anyPolicy) {
+                ret = -1;
+                goto bad_policy;
+            }
+            cache->anyPolicy = data;
+        } else if (sk_X509_POLICY_DATA_find(cache->data, data) >=0 ) {
+            ret = -1;
+            goto bad_policy;
+        } else if (!sk_X509_POLICY_DATA_push(cache->data, data)) {
+            X509V3err(X509V3_F_POLICY_CACHE_CREATE, ERR_R_MALLOC_FAILURE);
+            goto bad_policy;
+        }
+        data = NULL;
+    }
+    ret = 1;
+
+ bad_policy:
+    if (ret == -1)
+        x->ex_flags |= EXFLAG_INVALID_POLICY;
+    policy_data_free(data);
+ just_cleanup:
+    sk_POLICYINFO_pop_free(policies, POLICYINFO_free);
+    if (ret <= 0) {
+        sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free);
+        cache->data = NULL;
+    }
+    return ret;
+}
+
+static int policy_cache_new(X509 *x)
+{
+    X509_POLICY_CACHE *cache;
+    ASN1_INTEGER *ext_any = NULL;
+    POLICY_CONSTRAINTS *ext_pcons = NULL;
+    CERTIFICATEPOLICIES *ext_cpols = NULL;
+    POLICY_MAPPINGS *ext_pmaps = NULL;
+    int i;
+
+    if (x->policy_cache != NULL)
+        return 1;
+    cache = OPENSSL_malloc(sizeof(*cache));
+    if (cache == NULL) {
+        X509V3err(X509V3_F_POLICY_CACHE_NEW, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    cache->anyPolicy = NULL;
+    cache->data = NULL;
+    cache->any_skip = -1;
+    cache->explicit_skip = -1;
+    cache->map_skip = -1;
+
+    x->policy_cache = cache;
+
+    /*
+     * Handle requireExplicitPolicy *first*. Need to process this even if we
+     * don't have any policies.
+     */
+    ext_pcons = X509_get_ext_d2i(x, NID_policy_constraints, &i, NULL);
+
+    if (!ext_pcons) {
+        if (i != -1)
+            goto bad_cache;
+    } else {
+        if (!ext_pcons->requireExplicitPolicy
+            && !ext_pcons->inhibitPolicyMapping)
+            goto bad_cache;
+        if (!policy_cache_set_int(&cache->explicit_skip,
+                                  ext_pcons->requireExplicitPolicy))
+            goto bad_cache;
+        if (!policy_cache_set_int(&cache->map_skip,
+                                  ext_pcons->inhibitPolicyMapping))
+            goto bad_cache;
+    }
+
+    /* Process CertificatePolicies */
+
+    ext_cpols = X509_get_ext_d2i(x, NID_certificate_policies, &i, NULL);
+    /*
+     * If no CertificatePolicies extension or problem decoding then there is
+     * no point continuing because the valid policies will be NULL.
+     */
+    if (!ext_cpols) {
+        /* If not absent some problem with extension */
+        if (i != -1)
+            goto bad_cache;
+        return 1;
+    }
+
+    i = policy_cache_create(x, ext_cpols, i);
+
+    /* NB: ext_cpols freed by policy_cache_set_policies */
+
+    if (i <= 0)
+        return i;
+
+    ext_pmaps = X509_get_ext_d2i(x, NID_policy_mappings, &i, NULL);
+
+    if (!ext_pmaps) {
+        /* If not absent some problem with extension */
+        if (i != -1)
+            goto bad_cache;
+    } else {
+        i = policy_cache_set_mapping(x, ext_pmaps);
+        if (i <= 0)
+            goto bad_cache;
+    }
+
+    ext_any = X509_get_ext_d2i(x, NID_inhibit_any_policy, &i, NULL);
+
+    if (!ext_any) {
+        if (i != -1)
+            goto bad_cache;
+    } else if (!policy_cache_set_int(&cache->any_skip, ext_any))
+        goto bad_cache;
+    goto just_cleanup;
+
+ bad_cache:
+    x->ex_flags |= EXFLAG_INVALID_POLICY;
+
+ just_cleanup:
+    POLICY_CONSTRAINTS_free(ext_pcons);
+    ASN1_INTEGER_free(ext_any);
+    return 1;
+
+}
+
+void policy_cache_free(X509_POLICY_CACHE *cache)
+{
+    if (!cache)
+        return;
+    policy_data_free(cache->anyPolicy);
+    sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free);
+    OPENSSL_free(cache);
+}
+
+const X509_POLICY_CACHE *policy_cache_set(X509 *x)
+{
+
+    if (x->policy_cache == NULL) {
+        CRYPTO_THREAD_write_lock(x->lock);
+        policy_cache_new(x);
+        CRYPTO_THREAD_unlock(x->lock);
+    }
+
+    return x->policy_cache;
+
+}
+
+X509_POLICY_DATA *policy_cache_find_data(const X509_POLICY_CACHE *cache,
+                                         const ASN1_OBJECT *id)
+{
+    int idx;
+    X509_POLICY_DATA tmp;
+    tmp.valid_policy = (ASN1_OBJECT *)id;
+    idx = sk_X509_POLICY_DATA_find(cache->data, &tmp);
+    return sk_X509_POLICY_DATA_value(cache->data, idx);
+}
+
+static int policy_data_cmp(const X509_POLICY_DATA *const *a,
+                           const X509_POLICY_DATA *const *b)
+{
+    return OBJ_cmp((*a)->valid_policy, (*b)->valid_policy);
+}
+
+static int policy_cache_set_int(long *out, ASN1_INTEGER *value)
+{
+    if (value == NULL)
+        return 1;
+    if (value->type == V_ASN1_NEG_INTEGER)
+        return 0;
+    *out = ASN1_INTEGER_get(value);
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/pcy_data.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/pcy_data.c
new file mode 100644
index 000000000..bd3bb0e40
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/pcy_data.c
@@ -0,0 +1,81 @@
+/*
+ * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+#include "pcy_int.h"
+
+/* Policy Node routines */
+
+void policy_data_free(X509_POLICY_DATA *data)
+{
+    if (data == NULL)
+        return;
+    ASN1_OBJECT_free(data->valid_policy);
+    /* Don't free qualifiers if shared */
+    if (!(data->flags & POLICY_DATA_FLAG_SHARED_QUALIFIERS))
+        sk_POLICYQUALINFO_pop_free(data->qualifier_set, POLICYQUALINFO_free);
+    sk_ASN1_OBJECT_pop_free(data->expected_policy_set, ASN1_OBJECT_free);
+    OPENSSL_free(data);
+}
+
+/*
+ * Create a data based on an existing policy. If 'id' is NULL use the OID in
+ * the policy, otherwise use 'id'. This behaviour covers the two types of
+ * data in RFC3280: data with from a CertificatePolicies extension and
+ * additional data with just the qualifiers of anyPolicy and ID from another
+ * source.
+ */
+
+X509_POLICY_DATA *policy_data_new(POLICYINFO *policy,
+                                  const ASN1_OBJECT *cid, int crit)
+{
+    X509_POLICY_DATA *ret;
+    ASN1_OBJECT *id;
+
+    if (policy == NULL && cid == NULL)
+        return NULL;
+    if (cid) {
+        id = OBJ_dup(cid);
+        if (id == NULL)
+            return NULL;
+    } else
+        id = NULL;
+    ret = OPENSSL_zalloc(sizeof(*ret));
+    if (ret == NULL) {
+        X509V3err(X509V3_F_POLICY_DATA_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    ret->expected_policy_set = sk_ASN1_OBJECT_new_null();
+    if (ret->expected_policy_set == NULL) {
+        OPENSSL_free(ret);
+        ASN1_OBJECT_free(id);
+        X509V3err(X509V3_F_POLICY_DATA_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if (crit)
+        ret->flags = POLICY_DATA_FLAG_CRITICAL;
+
+    if (id)
+        ret->valid_policy = id;
+    else {
+        ret->valid_policy = policy->policyid;
+        policy->policyid = NULL;
+    }
+
+    if (policy) {
+        ret->qualifier_set = policy->qualifiers;
+        policy->qualifiers = NULL;
+    }
+
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/pcy_int.h b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/pcy_int.h
new file mode 100644
index 000000000..5daf78de4
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/pcy_int.h
@@ -0,0 +1,167 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+typedef struct X509_POLICY_DATA_st X509_POLICY_DATA;
+
+DEFINE_STACK_OF(X509_POLICY_DATA)
+
+/* Internal structures */
+
+/*
+ * This structure and the field names correspond to the Policy 'node' of
+ * RFC3280. NB this structure contains no pointers to parent or child data:
+ * X509_POLICY_NODE contains that. This means that the main policy data can
+ * be kept static and cached with the certificate.
+ */
+
+struct X509_POLICY_DATA_st {
+    unsigned int flags;
+    /* Policy OID and qualifiers for this data */
+    ASN1_OBJECT *valid_policy;
+    STACK_OF(POLICYQUALINFO) *qualifier_set;
+    STACK_OF(ASN1_OBJECT) *expected_policy_set;
+};
+
+/* X509_POLICY_DATA flags values */
+
+/*
+ * This flag indicates the structure has been mapped using a policy mapping
+ * extension. If policy mapping is not active its references get deleted.
+ */
+
+#define POLICY_DATA_FLAG_MAPPED                 0x1
+
+/*
+ * This flag indicates the data doesn't correspond to a policy in Certificate
+ * Policies: it has been mapped to any policy.
+ */
+
+#define POLICY_DATA_FLAG_MAPPED_ANY             0x2
+
+/* AND with flags to see if any mapping has occurred */
+
+#define POLICY_DATA_FLAG_MAP_MASK               0x3
+
+/* qualifiers are shared and shouldn't be freed */
+
+#define POLICY_DATA_FLAG_SHARED_QUALIFIERS      0x4
+
+/* Parent node is an extra node and should be freed */
+
+#define POLICY_DATA_FLAG_EXTRA_NODE             0x8
+
+/* Corresponding CertificatePolicies is critical */
+
+#define POLICY_DATA_FLAG_CRITICAL               0x10
+
+/* This structure is cached with a certificate */
+
+struct X509_POLICY_CACHE_st {
+    /* anyPolicy data or NULL if no anyPolicy */
+    X509_POLICY_DATA *anyPolicy;
+    /* other policy data */
+    STACK_OF(X509_POLICY_DATA) *data;
+    /* If InhibitAnyPolicy present this is its value or -1 if absent. */
+    long any_skip;
+    /*
+     * If policyConstraints and requireExplicitPolicy present this is its
+     * value or -1 if absent.
+     */
+    long explicit_skip;
+    /*
+     * If policyConstraints and policyMapping present this is its value or -1
+     * if absent.
+     */
+    long map_skip;
+};
+
+/*
+ * #define POLICY_CACHE_FLAG_CRITICAL POLICY_DATA_FLAG_CRITICAL
+ */
+
+/* This structure represents the relationship between nodes */
+
+struct X509_POLICY_NODE_st {
+    /* node data this refers to */
+    const X509_POLICY_DATA *data;
+    /* Parent node */
+    X509_POLICY_NODE *parent;
+    /* Number of child nodes */
+    int nchild;
+};
+
+struct X509_POLICY_LEVEL_st {
+    /* Cert for this level */
+    X509 *cert;
+    /* nodes at this level */
+    STACK_OF(X509_POLICY_NODE) *nodes;
+    /* anyPolicy node */
+    X509_POLICY_NODE *anyPolicy;
+    /* Extra data */
+    /*
+     * STACK_OF(X509_POLICY_DATA) *extra_data;
+     */
+    unsigned int flags;
+};
+
+struct X509_POLICY_TREE_st {
+    /* This is the tree 'level' data */
+    X509_POLICY_LEVEL *levels;
+    int nlevel;
+    /*
+     * Extra policy data when additional nodes (not from the certificate) are
+     * required.
+     */
+    STACK_OF(X509_POLICY_DATA) *extra_data;
+    /* This is the authority constrained policy set */
+    STACK_OF(X509_POLICY_NODE) *auth_policies;
+    STACK_OF(X509_POLICY_NODE) *user_policies;
+    unsigned int flags;
+};
+
+/* Set if anyPolicy present in user policies */
+#define POLICY_FLAG_ANY_POLICY          0x2
+
+/* Useful macros */
+
+#define node_data_critical(data) (data->flags & POLICY_DATA_FLAG_CRITICAL)
+#define node_critical(node) node_data_critical(node->data)
+
+/* Internal functions */
+
+X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, const ASN1_OBJECT *id,
+                                  int crit);
+void policy_data_free(X509_POLICY_DATA *data);
+
+X509_POLICY_DATA *policy_cache_find_data(const X509_POLICY_CACHE *cache,
+                                         const ASN1_OBJECT *id);
+int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps);
+
+STACK_OF(X509_POLICY_NODE) *policy_node_cmp_new(void);
+
+void policy_cache_init(void);
+
+void policy_cache_free(X509_POLICY_CACHE *cache);
+
+X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level,
+                                  const X509_POLICY_NODE *parent,
+                                  const ASN1_OBJECT *id);
+
+X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk,
+                               const ASN1_OBJECT *id);
+
+X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
+                                 X509_POLICY_DATA *data,
+                                 X509_POLICY_NODE *parent,
+                                 X509_POLICY_TREE *tree);
+void policy_node_free(X509_POLICY_NODE *node);
+int policy_node_match(const X509_POLICY_LEVEL *lvl,
+                      const X509_POLICY_NODE *node, const ASN1_OBJECT *oid);
+
+const X509_POLICY_CACHE *policy_cache_set(X509 *x);
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/pcy_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/pcy_lib.c
new file mode 100644
index 000000000..67f7eafc6
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/pcy_lib.c
@@ -0,0 +1,108 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+#include "pcy_int.h"
+
+/* accessor functions */
+
+/* X509_POLICY_TREE stuff */
+
+int X509_policy_tree_level_count(const X509_POLICY_TREE *tree)
+{
+    if (!tree)
+        return 0;
+    return tree->nlevel;
+}
+
+X509_POLICY_LEVEL *X509_policy_tree_get0_level(const X509_POLICY_TREE *tree,
+                                               int i)
+{
+    if (!tree || (i < 0) || (i >= tree->nlevel))
+        return NULL;
+    return tree->levels + i;
+}
+
+STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_policies(const
+                                                           X509_POLICY_TREE
+                                                           *tree)
+{
+    if (!tree)
+        return NULL;
+    return tree->auth_policies;
+}
+
+STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_user_policies(const
+                                                                X509_POLICY_TREE
+                                                                *tree)
+{
+    if (!tree)
+        return NULL;
+    if (tree->flags & POLICY_FLAG_ANY_POLICY)
+        return tree->auth_policies;
+    else
+        return tree->user_policies;
+}
+
+/* X509_POLICY_LEVEL stuff */
+
+int X509_policy_level_node_count(X509_POLICY_LEVEL *level)
+{
+    int n;
+    if (!level)
+        return 0;
+    if (level->anyPolicy)
+        n = 1;
+    else
+        n = 0;
+    if (level->nodes)
+        n += sk_X509_POLICY_NODE_num(level->nodes);
+    return n;
+}
+
+X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level, int i)
+{
+    if (!level)
+        return NULL;
+    if (level->anyPolicy) {
+        if (i == 0)
+            return level->anyPolicy;
+        i--;
+    }
+    return sk_X509_POLICY_NODE_value(level->nodes, i);
+}
+
+/* X509_POLICY_NODE stuff */
+
+const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node)
+{
+    if (!node)
+        return NULL;
+    return node->data->valid_policy;
+}
+
+STACK_OF(POLICYQUALINFO) *X509_policy_node_get0_qualifiers(const
+                                                           X509_POLICY_NODE
+                                                           *node)
+{
+    if (!node)
+        return NULL;
+    return node->data->qualifier_set;
+}
+
+const X509_POLICY_NODE *X509_policy_node_get0_parent(const X509_POLICY_NODE
+                                                     *node)
+{
+    if (!node)
+        return NULL;
+    return node->parent;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/pcy_map.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/pcy_map.c
new file mode 100644
index 000000000..ab9dd21b7
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/pcy_map.c
@@ -0,0 +1,81 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include "internal/x509_int.h"
+
+#include "pcy_int.h"
+
+/*
+ * Set policy mapping entries in cache. Note: this modifies the passed
+ * POLICY_MAPPINGS structure
+ */
+
+int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps)
+{
+    POLICY_MAPPING *map;
+    X509_POLICY_DATA *data;
+    X509_POLICY_CACHE *cache = x->policy_cache;
+    int i;
+    int ret = 0;
+    if (sk_POLICY_MAPPING_num(maps) == 0) {
+        ret = -1;
+        goto bad_mapping;
+    }
+    for (i = 0; i < sk_POLICY_MAPPING_num(maps); i++) {
+        map = sk_POLICY_MAPPING_value(maps, i);
+        /* Reject if map to or from anyPolicy */
+        if ((OBJ_obj2nid(map->subjectDomainPolicy) == NID_any_policy)
+            || (OBJ_obj2nid(map->issuerDomainPolicy) == NID_any_policy)) {
+            ret = -1;
+            goto bad_mapping;
+        }
+
+        /* Attempt to find matching policy data */
+        data = policy_cache_find_data(cache, map->issuerDomainPolicy);
+        /* If we don't have anyPolicy can't map */
+        if (data == NULL && !cache->anyPolicy)
+            continue;
+
+        /* Create a NODE from anyPolicy */
+        if (data == NULL) {
+            data = policy_data_new(NULL, map->issuerDomainPolicy,
+                                   cache->anyPolicy->flags
+                                   & POLICY_DATA_FLAG_CRITICAL);
+            if (data == NULL)
+                goto bad_mapping;
+            data->qualifier_set = cache->anyPolicy->qualifier_set;
+            /*
+             * map->issuerDomainPolicy = NULL;
+             */
+            data->flags |= POLICY_DATA_FLAG_MAPPED_ANY;
+            data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
+            if (!sk_X509_POLICY_DATA_push(cache->data, data)) {
+                policy_data_free(data);
+                goto bad_mapping;
+            }
+        } else
+            data->flags |= POLICY_DATA_FLAG_MAPPED;
+        if (!sk_ASN1_OBJECT_push(data->expected_policy_set,
+                                 map->subjectDomainPolicy))
+            goto bad_mapping;
+        map->subjectDomainPolicy = NULL;
+
+    }
+
+    ret = 1;
+ bad_mapping:
+    if (ret == -1)
+        x->ex_flags |= EXFLAG_INVALID_POLICY;
+    sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free);
+    return ret;
+
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/pcy_node.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/pcy_node.c
new file mode 100644
index 000000000..1ffe98498
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/pcy_node.c
@@ -0,0 +1,147 @@
+/*
+ * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+
+#include "pcy_int.h"
+
+static int node_cmp(const X509_POLICY_NODE *const *a,
+                    const X509_POLICY_NODE *const *b)
+{
+    return OBJ_cmp((*a)->data->valid_policy, (*b)->data->valid_policy);
+}
+
+STACK_OF(X509_POLICY_NODE) *policy_node_cmp_new(void)
+{
+    return sk_X509_POLICY_NODE_new(node_cmp);
+}
+
+X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *nodes,
+                               const ASN1_OBJECT *id)
+{
+    X509_POLICY_DATA n;
+    X509_POLICY_NODE l;
+    int idx;
+
+    n.valid_policy = (ASN1_OBJECT *)id;
+    l.data = &n;
+
+    idx = sk_X509_POLICY_NODE_find(nodes, &l);
+    return sk_X509_POLICY_NODE_value(nodes, idx);
+
+}
+
+X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level,
+                                  const X509_POLICY_NODE *parent,
+                                  const ASN1_OBJECT *id)
+{
+    X509_POLICY_NODE *node;
+    int i;
+    for (i = 0; i < sk_X509_POLICY_NODE_num(level->nodes); i++) {
+        node = sk_X509_POLICY_NODE_value(level->nodes, i);
+        if (node->parent == parent) {
+            if (!OBJ_cmp(node->data->valid_policy, id))
+                return node;
+        }
+    }
+    return NULL;
+}
+
+X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
+                                 X509_POLICY_DATA *data,
+                                 X509_POLICY_NODE *parent,
+                                 X509_POLICY_TREE *tree)
+{
+    X509_POLICY_NODE *node;
+
+    node = OPENSSL_zalloc(sizeof(*node));
+    if (node == NULL) {
+        X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    node->data = data;
+    node->parent = parent;
+    if (level) {
+        if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) {
+            if (level->anyPolicy)
+                goto node_error;
+            level->anyPolicy = node;
+        } else {
+
+            if (level->nodes == NULL)
+                level->nodes = policy_node_cmp_new();
+            if (level->nodes == NULL) {
+                X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE);
+                goto node_error;
+            }
+            if (!sk_X509_POLICY_NODE_push(level->nodes, node)) {
+                X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE);
+                goto node_error;
+            }
+        }
+    }
+
+    if (tree) {
+        if (tree->extra_data == NULL)
+            tree->extra_data = sk_X509_POLICY_DATA_new_null();
+        if (tree->extra_data == NULL){
+            X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE);
+            goto node_error;
+        }
+        if (!sk_X509_POLICY_DATA_push(tree->extra_data, data)) {
+            X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE);
+            goto node_error;
+        }
+    }
+
+    if (parent)
+        parent->nchild++;
+
+    return node;
+
+ node_error:
+    policy_node_free(node);
+    return NULL;
+}
+
+void policy_node_free(X509_POLICY_NODE *node)
+{
+    OPENSSL_free(node);
+}
+
+/*
+ * See if a policy node matches a policy OID. If mapping enabled look through
+ * expected policy set otherwise just valid policy.
+ */
+
+int policy_node_match(const X509_POLICY_LEVEL *lvl,
+                      const X509_POLICY_NODE *node, const ASN1_OBJECT *oid)
+{
+    int i;
+    ASN1_OBJECT *policy_oid;
+    const X509_POLICY_DATA *x = node->data;
+
+    if ((lvl->flags & X509_V_FLAG_INHIBIT_MAP)
+        || !(x->flags & POLICY_DATA_FLAG_MAP_MASK)) {
+        if (!OBJ_cmp(x->valid_policy, oid))
+            return 1;
+        return 0;
+    }
+
+    for (i = 0; i < sk_ASN1_OBJECT_num(x->expected_policy_set); i++) {
+        policy_oid = sk_ASN1_OBJECT_value(x->expected_policy_set, i);
+        if (!OBJ_cmp(policy_oid, oid))
+            return 1;
+    }
+    return 0;
+
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/pcy_tree.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/pcy_tree.c
new file mode 100644
index 000000000..87f51d001
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/pcy_tree.c
@@ -0,0 +1,703 @@
+/*
+ * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+#include "pcy_int.h"
+
+/*
+ * Enable this to print out the complete policy tree at various point during
+ * evaluation.
+ */
+
+/*
+ * #define OPENSSL_POLICY_DEBUG
+ */
+
+#ifdef OPENSSL_POLICY_DEBUG
+
+static void expected_print(BIO *err, X509_POLICY_LEVEL *lev,
+                           X509_POLICY_NODE *node, int indent)
+{
+    if ((lev->flags & X509_V_FLAG_INHIBIT_MAP)
+        || !(node->data->flags & POLICY_DATA_FLAG_MAP_MASK))
+        BIO_puts(err, "  Not Mapped\n");
+    else {
+        int i;
+        STACK_OF(ASN1_OBJECT) *pset = node->data->expected_policy_set;
+        ASN1_OBJECT *oid;
+        BIO_puts(err, "  Expected: ");
+        for (i = 0; i < sk_ASN1_OBJECT_num(pset); i++) {
+            oid = sk_ASN1_OBJECT_value(pset, i);
+            if (i)
+                BIO_puts(err, ", ");
+            i2a_ASN1_OBJECT(err, oid);
+        }
+        BIO_puts(err, "\n");
+    }
+}
+
+static void tree_print(char *str, X509_POLICY_TREE *tree,
+                       X509_POLICY_LEVEL *curr)
+{
+    BIO *err = BIO_new_fp(stderr, BIO_NOCLOSE);
+    X509_POLICY_LEVEL *plev;
+
+    if (err == NULL)
+        return;
+    if (!curr)
+        curr = tree->levels + tree->nlevel;
+    else
+        curr++;
+
+    BIO_printf(err, "Level print after %s\n", str);
+    BIO_printf(err, "Printing Up to Level %ld\n", curr - tree->levels);
+    for (plev = tree->levels; plev != curr; plev++) {
+        int i;
+
+        BIO_printf(err, "Level %ld, flags = %x\n",
+                   (long)(plev - tree->levels), plev->flags);
+        for (i = 0; i < sk_X509_POLICY_NODE_num(plev->nodes); i++) {
+            X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(plev->nodes, i);
+
+            X509_POLICY_NODE_print(err, node, 2);
+            expected_print(err, plev, node, 2);
+            BIO_printf(err, "  Flags: %x\n", node->data->flags);
+        }
+        if (plev->anyPolicy)
+            X509_POLICY_NODE_print(err, plev->anyPolicy, 2);
+    }
+    BIO_free(err);
+}
+#endif
+
+/*-
+ * Return value: <= 0 on error, or positive bit mask:
+ *
+ * X509_PCY_TREE_VALID: valid tree
+ * X509_PCY_TREE_EMPTY: empty tree (including bare TA case)
+ * X509_PCY_TREE_EXPLICIT: explicit policy required
+ */
+static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
+                     unsigned int flags)
+{
+    X509_POLICY_TREE *tree;
+    X509_POLICY_LEVEL *level;
+    const X509_POLICY_CACHE *cache;
+    X509_POLICY_DATA *data = NULL;
+    int ret = X509_PCY_TREE_VALID;
+    int n = sk_X509_num(certs) - 1; /* RFC5280 paths omit the TA */
+    int explicit_policy = (flags & X509_V_FLAG_EXPLICIT_POLICY) ? 0 : n+1;
+    int any_skip = (flags & X509_V_FLAG_INHIBIT_ANY) ? 0 : n+1;
+    int map_skip = (flags & X509_V_FLAG_INHIBIT_MAP) ? 0 : n+1;
+    int i;
+
+    *ptree = NULL;
+
+    /* Can't do anything with just a trust anchor */
+    if (n == 0)
+        return X509_PCY_TREE_EMPTY;
+
+    /*
+     * First setup the policy cache in all n non-TA certificates, this will be
+     * used in X509_verify_cert() which will invoke the verify callback for all
+     * certificates with invalid policy extensions.
+     */
+    for (i = n - 1; i >= 0; i--) {
+        X509 *x = sk_X509_value(certs, i);
+
+        /* Call for side-effect of computing hash and caching extensions */
+        X509_check_purpose(x, -1, 0);
+
+        /* If cache is NULL, likely ENOMEM: return immediately */
+        if (policy_cache_set(x) == NULL)
+            return X509_PCY_TREE_INTERNAL;
+    }
+
+    /*
+     * At this point check for invalid policies and required explicit policy.
+     * Note that the explicit_policy counter is a count-down to zero, with the
+     * requirement kicking in if and once it does that.  The counter is
+     * decremented for every non-self-issued certificate in the path, but may
+     * be further reduced by policy constraints in a non-leaf certificate.
+     *
+     * The ultimate policy set is the intersection of all the policies along
+     * the path, if we hit a certificate with an empty policy set, and explicit
+     * policy is required we're done.
+     */
+    for (i = n - 1;
+         i >= 0 && (explicit_policy > 0 || (ret & X509_PCY_TREE_EMPTY) == 0);
+         i--) {
+        X509 *x = sk_X509_value(certs, i);
+        uint32_t ex_flags = X509_get_extension_flags(x);
+
+        /* All the policies are already cached, we can return early */
+        if (ex_flags & EXFLAG_INVALID_POLICY)
+            return X509_PCY_TREE_INVALID;
+
+        /* Access the cache which we now know exists */
+        cache = policy_cache_set(x);
+
+        if ((ret & X509_PCY_TREE_VALID) && cache->data == NULL)
+            ret = X509_PCY_TREE_EMPTY;
+        if (explicit_policy > 0) {
+            if (!(ex_flags & EXFLAG_SI))
+                explicit_policy--;
+            if ((cache->explicit_skip >= 0)
+                && (cache->explicit_skip < explicit_policy))
+                explicit_policy = cache->explicit_skip;
+        }
+    }
+
+    if (explicit_policy == 0)
+        ret |= X509_PCY_TREE_EXPLICIT;
+    if ((ret & X509_PCY_TREE_VALID) == 0)
+        return ret;
+
+    /* If we get this far initialize the tree */
+    if ((tree = OPENSSL_zalloc(sizeof(*tree))) == NULL) {
+        X509V3err(X509V3_F_TREE_INIT, ERR_R_MALLOC_FAILURE);
+        return X509_PCY_TREE_INTERNAL;
+    }
+
+    /*
+     * http://tools.ietf.org/html/rfc5280#section-6.1.2, figure 3.
+     *
+     * The top level is implicitly for the trust anchor with valid expected
+     * policies of anyPolicy.  (RFC 5280 has the TA at depth 0 and the leaf at
+     * depth n, we have the leaf at depth 0 and the TA at depth n).
+     */
+    if ((tree->levels = OPENSSL_zalloc(sizeof(*tree->levels)*(n+1))) == NULL) {
+        OPENSSL_free(tree);
+        X509V3err(X509V3_F_TREE_INIT, ERR_R_MALLOC_FAILURE);
+        return X509_PCY_TREE_INTERNAL;
+    }
+    tree->nlevel = n+1;
+    level = tree->levels;
+    if ((data = policy_data_new(NULL, OBJ_nid2obj(NID_any_policy), 0)) == NULL)
+        goto bad_tree;
+    if (level_add_node(level, data, NULL, tree) == NULL) {
+        policy_data_free(data);
+        goto bad_tree;
+    }
+
+    /*
+     * In this pass initialize all the tree levels and whether anyPolicy and
+     * policy mapping are inhibited at each level.
+     */
+    for (i = n - 1; i >= 0; i--) {
+        X509 *x = sk_X509_value(certs, i);
+        uint32_t ex_flags = X509_get_extension_flags(x);
+
+        /* Access the cache which we now know exists */
+        cache = policy_cache_set(x);
+
+        X509_up_ref(x);
+        (++level)->cert = x;
+
+        if (!cache->anyPolicy)
+            level->flags |= X509_V_FLAG_INHIBIT_ANY;
+
+        /* Determine inhibit any and inhibit map flags */
+        if (any_skip == 0) {
+            /*
+             * Any matching allowed only if certificate is self issued and not
+             * the last in the chain.
+             */
+            if (!(ex_flags & EXFLAG_SI) || (i == 0))
+                level->flags |= X509_V_FLAG_INHIBIT_ANY;
+        } else {
+            if (!(ex_flags & EXFLAG_SI))
+                any_skip--;
+            if ((cache->any_skip >= 0) && (cache->any_skip < any_skip))
+                any_skip = cache->any_skip;
+        }
+
+        if (map_skip == 0)
+            level->flags |= X509_V_FLAG_INHIBIT_MAP;
+        else {
+            if (!(ex_flags & EXFLAG_SI))
+                map_skip--;
+            if ((cache->map_skip >= 0) && (cache->map_skip < map_skip))
+                map_skip = cache->map_skip;
+        }
+    }
+
+    *ptree = tree;
+    return ret;
+
+ bad_tree:
+    X509_policy_tree_free(tree);
+    return X509_PCY_TREE_INTERNAL;
+}
+
+/*
+ * Return value: 1 on success, 0 otherwise
+ */
+static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
+                                    X509_POLICY_DATA *data)
+{
+    X509_POLICY_LEVEL *last = curr - 1;
+    int i, matched = 0;
+
+    /* Iterate through all in nodes linking matches */
+    for (i = 0; i < sk_X509_POLICY_NODE_num(last->nodes); i++) {
+        X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(last->nodes, i);
+
+        if (policy_node_match(last, node, data->valid_policy)) {
+            if (level_add_node(curr, data, node, NULL) == NULL)
+                return 0;
+            matched = 1;
+        }
+    }
+    if (!matched && last->anyPolicy) {
+        if (level_add_node(curr, data, last->anyPolicy, NULL) == NULL)
+            return 0;
+    }
+    return 1;
+}
+
+/*
+ * This corresponds to RFC3280 6.1.3(d)(1): link any data from
+ * CertificatePolicies onto matching parent or anyPolicy if no match.
+ *
+ * Return value: 1 on success, 0 otherwise.
+ */
+static int tree_link_nodes(X509_POLICY_LEVEL *curr,
+                           const X509_POLICY_CACHE *cache)
+{
+    int i;
+
+    for (i = 0; i < sk_X509_POLICY_DATA_num(cache->data); i++) {
+        X509_POLICY_DATA *data = sk_X509_POLICY_DATA_value(cache->data, i);
+
+        /* Look for matching nodes in previous level */
+        if (!tree_link_matching_nodes(curr, data))
+            return 0;
+    }
+    return 1;
+}
+
+/*
+ * This corresponds to RFC3280 6.1.3(d)(2): Create new data for any unmatched
+ * policies in the parent and link to anyPolicy.
+ *
+ * Return value: 1 on success, 0 otherwise.
+ */
+static int tree_add_unmatched(X509_POLICY_LEVEL *curr,
+                              const X509_POLICY_CACHE *cache,
+                              const ASN1_OBJECT *id,
+                              X509_POLICY_NODE *node, X509_POLICY_TREE *tree)
+{
+    X509_POLICY_DATA *data;
+
+    if (id == NULL)
+        id = node->data->valid_policy;
+    /*
+     * Create a new node with qualifiers from anyPolicy and id from unmatched
+     * node.
+     */
+    if ((data = policy_data_new(NULL, id, node_critical(node))) == NULL)
+        return 0;
+
+    /* Curr may not have anyPolicy */
+    data->qualifier_set = cache->anyPolicy->qualifier_set;
+    data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
+    if (level_add_node(curr, data, node, tree) == NULL) {
+        policy_data_free(data);
+        return 0;
+    }
+    return 1;
+}
+
+/*
+ * Return value: 1 on success, 0 otherwise.
+ */
+static int tree_link_unmatched(X509_POLICY_LEVEL *curr,
+                               const X509_POLICY_CACHE *cache,
+                               X509_POLICY_NODE *node, X509_POLICY_TREE *tree)
+{
+    const X509_POLICY_LEVEL *last = curr - 1;
+    int i;
+
+    if ((last->flags & X509_V_FLAG_INHIBIT_MAP)
+        || !(node->data->flags & POLICY_DATA_FLAG_MAPPED)) {
+        /* If no policy mapping: matched if one child present */
+        if (node->nchild)
+            return 1;
+        if (!tree_add_unmatched(curr, cache, NULL, node, tree))
+            return 0;
+        /* Add it */
+    } else {
+        /* If mapping: matched if one child per expected policy set */
+        STACK_OF(ASN1_OBJECT) *expset = node->data->expected_policy_set;
+        if (node->nchild == sk_ASN1_OBJECT_num(expset))
+            return 1;
+        /* Locate unmatched nodes */
+        for (i = 0; i < sk_ASN1_OBJECT_num(expset); i++) {
+            ASN1_OBJECT *oid = sk_ASN1_OBJECT_value(expset, i);
+            if (level_find_node(curr, node, oid))
+                continue;
+            if (!tree_add_unmatched(curr, cache, oid, node, tree))
+                return 0;
+        }
+
+    }
+    return 1;
+}
+
+/*
+ * Return value: 1 on success, 0 otherwise
+ */
+static int tree_link_any(X509_POLICY_LEVEL *curr,
+                         const X509_POLICY_CACHE *cache,
+                         X509_POLICY_TREE *tree)
+{
+    int i;
+    X509_POLICY_NODE *node;
+    X509_POLICY_LEVEL *last = curr - 1;
+
+    for (i = 0; i < sk_X509_POLICY_NODE_num(last->nodes); i++) {
+        node = sk_X509_POLICY_NODE_value(last->nodes, i);
+
+        if (!tree_link_unmatched(curr, cache, node, tree))
+            return 0;
+    }
+    /* Finally add link to anyPolicy */
+    if (last->anyPolicy &&
+        level_add_node(curr, cache->anyPolicy, last->anyPolicy, NULL) == NULL)
+        return 0;
+    return 1;
+}
+
+/*-
+ * Prune the tree: delete any child mapped child data on the current level then
+ * proceed up the tree deleting any data with no children. If we ever have no
+ * data on a level we can halt because the tree will be empty.
+ *
+ * Return value: <= 0 error, otherwise one of:
+ *
+ * X509_PCY_TREE_VALID: valid tree
+ * X509_PCY_TREE_EMPTY: empty tree
+ */
+static int tree_prune(X509_POLICY_TREE *tree, X509_POLICY_LEVEL *curr)
+{
+    STACK_OF(X509_POLICY_NODE) *nodes;
+    X509_POLICY_NODE *node;
+    int i;
+    nodes = curr->nodes;
+    if (curr->flags & X509_V_FLAG_INHIBIT_MAP) {
+        for (i = sk_X509_POLICY_NODE_num(nodes) - 1; i >= 0; i--) {
+            node = sk_X509_POLICY_NODE_value(nodes, i);
+            /* Delete any mapped data: see RFC3280 XXXX */
+            if (node->data->flags & POLICY_DATA_FLAG_MAP_MASK) {
+                node->parent->nchild--;
+                OPENSSL_free(node);
+                (void)sk_X509_POLICY_NODE_delete(nodes, i);
+            }
+        }
+    }
+
+    for (;;) {
+        --curr;
+        nodes = curr->nodes;
+        for (i = sk_X509_POLICY_NODE_num(nodes) - 1; i >= 0; i--) {
+            node = sk_X509_POLICY_NODE_value(nodes, i);
+            if (node->nchild == 0) {
+                node->parent->nchild--;
+                OPENSSL_free(node);
+                (void)sk_X509_POLICY_NODE_delete(nodes, i);
+            }
+        }
+        if (curr->anyPolicy && !curr->anyPolicy->nchild) {
+            if (curr->anyPolicy->parent)
+                curr->anyPolicy->parent->nchild--;
+            OPENSSL_free(curr->anyPolicy);
+            curr->anyPolicy = NULL;
+        }
+        if (curr == tree->levels) {
+            /* If we zapped anyPolicy at top then tree is empty */
+            if (!curr->anyPolicy)
+                return X509_PCY_TREE_EMPTY;
+            break;
+        }
+    }
+    return X509_PCY_TREE_VALID;
+}
+
+/*
+ * Return value: 1 on success, 0 otherwise.
+ */
+static int tree_add_auth_node(STACK_OF(X509_POLICY_NODE) **pnodes,
+                              X509_POLICY_NODE *pcy)
+{
+    if (*pnodes == NULL &&
+        (*pnodes = policy_node_cmp_new()) == NULL)
+        return 0;
+    if (sk_X509_POLICY_NODE_find(*pnodes, pcy) >= 0)
+        return 1;
+    return sk_X509_POLICY_NODE_push(*pnodes, pcy) != 0;
+}
+
+#define TREE_CALC_FAILURE 0
+#define TREE_CALC_OK_NOFREE 1
+#define TREE_CALC_OK_DOFREE 2
+
+/*-
+ * Calculate the authority set based on policy tree. The 'pnodes' parameter is
+ * used as a store for the set of policy nodes used to calculate the user set.
+ * If the authority set is not anyPolicy then pnodes will just point to the
+ * authority set. If however the authority set is anyPolicy then the set of
+ * valid policies (other than anyPolicy) is store in pnodes.
+ *
+ * Return value:
+ *  TREE_CALC_FAILURE on failure,
+ *  TREE_CALC_OK_NOFREE on success and pnodes need not be freed,
+ *  TREE_CALC_OK_DOFREE on success and pnodes needs to be freed
+ */
+static int tree_calculate_authority_set(X509_POLICY_TREE *tree,
+                                        STACK_OF(X509_POLICY_NODE) **pnodes)
+{
+    X509_POLICY_LEVEL *curr;
+    X509_POLICY_NODE *node, *anyptr;
+    STACK_OF(X509_POLICY_NODE) **addnodes;
+    int i, j;
+    curr = tree->levels + tree->nlevel - 1;
+
+    /* If last level contains anyPolicy set is anyPolicy */
+    if (curr->anyPolicy) {
+        if (!tree_add_auth_node(&tree->auth_policies, curr->anyPolicy))
+            return TREE_CALC_FAILURE;
+        addnodes = pnodes;
+    } else
+        /* Add policies to authority set */
+        addnodes = &tree->auth_policies;
+
+    curr = tree->levels;
+    for (i = 1; i < tree->nlevel; i++) {
+        /*
+         * If no anyPolicy node on this this level it can't appear on lower
+         * levels so end search.
+         */
+        if ((anyptr = curr->anyPolicy) == NULL)
+            break;
+        curr++;
+        for (j = 0; j < sk_X509_POLICY_NODE_num(curr->nodes); j++) {
+            node = sk_X509_POLICY_NODE_value(curr->nodes, j);
+            if ((node->parent == anyptr)
+                && !tree_add_auth_node(addnodes, node)) {
+                if (addnodes == pnodes) {
+                    sk_X509_POLICY_NODE_free(*pnodes);
+                    *pnodes = NULL;
+                }
+                return TREE_CALC_FAILURE;
+            }
+        }
+    }
+    if (addnodes == pnodes)
+        return TREE_CALC_OK_DOFREE;
+
+    *pnodes = tree->auth_policies;
+    return TREE_CALC_OK_NOFREE;
+}
+
+/*
+ * Return value: 1 on success, 0 otherwise.
+ */
+static int tree_calculate_user_set(X509_POLICY_TREE *tree,
+                                   STACK_OF(ASN1_OBJECT) *policy_oids,
+                                   STACK_OF(X509_POLICY_NODE) *auth_nodes)
+{
+    int i;
+    X509_POLICY_NODE *node;
+    ASN1_OBJECT *oid;
+    X509_POLICY_NODE *anyPolicy;
+    X509_POLICY_DATA *extra;
+
+    /*
+     * Check if anyPolicy present in authority constrained policy set: this
+     * will happen if it is a leaf node.
+     */
+    if (sk_ASN1_OBJECT_num(policy_oids) <= 0)
+        return 1;
+
+    anyPolicy = tree->levels[tree->nlevel - 1].anyPolicy;
+
+    for (i = 0; i < sk_ASN1_OBJECT_num(policy_oids); i++) {
+        oid = sk_ASN1_OBJECT_value(policy_oids, i);
+        if (OBJ_obj2nid(oid) == NID_any_policy) {
+            tree->flags |= POLICY_FLAG_ANY_POLICY;
+            return 1;
+        }
+    }
+
+    for (i = 0; i < sk_ASN1_OBJECT_num(policy_oids); i++) {
+        oid = sk_ASN1_OBJECT_value(policy_oids, i);
+        node = tree_find_sk(auth_nodes, oid);
+        if (!node) {
+            if (!anyPolicy)
+                continue;
+            /*
+             * Create a new node with policy ID from user set and qualifiers
+             * from anyPolicy.
+             */
+            extra = policy_data_new(NULL, oid, node_critical(anyPolicy));
+            if (extra == NULL)
+                return 0;
+            extra->qualifier_set = anyPolicy->data->qualifier_set;
+            extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS
+                | POLICY_DATA_FLAG_EXTRA_NODE;
+            node = level_add_node(NULL, extra, anyPolicy->parent, tree);
+        }
+        if (!tree->user_policies) {
+            tree->user_policies = sk_X509_POLICY_NODE_new_null();
+            if (!tree->user_policies)
+                return 1;
+        }
+        if (!sk_X509_POLICY_NODE_push(tree->user_policies, node))
+            return 0;
+    }
+    return 1;
+}
+
+/*-
+ * Return value: <= 0 error, otherwise one of:
+ *  X509_PCY_TREE_VALID: valid tree
+ *  X509_PCY_TREE_EMPTY: empty tree
+ * (see tree_prune()).
+ */
+static int tree_evaluate(X509_POLICY_TREE *tree)
+{
+    int ret, i;
+    X509_POLICY_LEVEL *curr = tree->levels + 1;
+    const X509_POLICY_CACHE *cache;
+
+    for (i = 1; i < tree->nlevel; i++, curr++) {
+        cache = policy_cache_set(curr->cert);
+        if (!tree_link_nodes(curr, cache))
+            return X509_PCY_TREE_INTERNAL;
+
+        if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY)
+            && !tree_link_any(curr, cache, tree))
+            return X509_PCY_TREE_INTERNAL;
+#ifdef OPENSSL_POLICY_DEBUG
+        tree_print("before tree_prune()", tree, curr);
+#endif
+        ret = tree_prune(tree, curr);
+        if (ret != X509_PCY_TREE_VALID)
+            return ret;
+    }
+    return X509_PCY_TREE_VALID;
+}
+
+static void exnode_free(X509_POLICY_NODE *node)
+{
+    if (node->data && (node->data->flags & POLICY_DATA_FLAG_EXTRA_NODE))
+        OPENSSL_free(node);
+}
+
+void X509_policy_tree_free(X509_POLICY_TREE *tree)
+{
+    X509_POLICY_LEVEL *curr;
+    int i;
+
+    if (!tree)
+        return;
+
+    sk_X509_POLICY_NODE_free(tree->auth_policies);
+    sk_X509_POLICY_NODE_pop_free(tree->user_policies, exnode_free);
+
+    for (i = 0, curr = tree->levels; i < tree->nlevel; i++, curr++) {
+        X509_free(curr->cert);
+        sk_X509_POLICY_NODE_pop_free(curr->nodes, policy_node_free);
+        policy_node_free(curr->anyPolicy);
+    }
+
+    sk_X509_POLICY_DATA_pop_free(tree->extra_data, policy_data_free);
+    OPENSSL_free(tree->levels);
+    OPENSSL_free(tree);
+
+}
+
+/*-
+ * Application policy checking function.
+ * Return codes:
+ *  X509_PCY_TREE_FAILURE:  Failure to satisfy explicit policy
+ *  X509_PCY_TREE_INVALID:  Inconsistent or invalid extensions
+ *  X509_PCY_TREE_INTERNAL: Internal error, most likely malloc
+ *  X509_PCY_TREE_VALID:    Success (null tree if empty or bare TA)
+ */
+int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
+                      STACK_OF(X509) *certs,
+                      STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags)
+{
+    int init_ret;
+    int ret;
+    int calc_ret;
+    X509_POLICY_TREE *tree = NULL;
+    STACK_OF(X509_POLICY_NODE) *nodes, *auth_nodes = NULL;
+
+    *ptree = NULL;
+    *pexplicit_policy = 0;
+    init_ret = tree_init(&tree, certs, flags);
+
+    if (init_ret <= 0)
+        return init_ret;
+
+    if ((init_ret & X509_PCY_TREE_EXPLICIT) == 0) {
+        if (init_ret & X509_PCY_TREE_EMPTY) {
+            X509_policy_tree_free(tree);
+            return X509_PCY_TREE_VALID;
+        }
+    } else {
+        *pexplicit_policy = 1;
+        /* Tree empty and requireExplicit True: Error */
+        if (init_ret & X509_PCY_TREE_EMPTY)
+            return X509_PCY_TREE_FAILURE;
+    }
+
+    ret = tree_evaluate(tree);
+#ifdef OPENSSL_POLICY_DEBUG
+    tree_print("tree_evaluate()", tree, NULL);
+#endif
+    if (ret <= 0)
+        goto error;
+
+    if (ret == X509_PCY_TREE_EMPTY) {
+        X509_policy_tree_free(tree);
+        if (init_ret & X509_PCY_TREE_EXPLICIT)
+            return X509_PCY_TREE_FAILURE;
+        return X509_PCY_TREE_VALID;
+    }
+
+    /* Tree is not empty: continue */
+
+    if ((calc_ret = tree_calculate_authority_set(tree, &auth_nodes)) == 0)
+        goto error;
+    ret = tree_calculate_user_set(tree, policy_oids, auth_nodes);
+    if (calc_ret == TREE_CALC_OK_DOFREE)
+        sk_X509_POLICY_NODE_free(auth_nodes);
+    if (!ret)
+        goto error;
+
+    *ptree = tree;
+
+    if (init_ret & X509_PCY_TREE_EXPLICIT) {
+        nodes = X509_policy_tree_get0_user_policies(tree);
+        if (sk_X509_POLICY_NODE_num(nodes) <= 0)
+            return X509_PCY_TREE_FAILURE;
+    }
+    return X509_PCY_TREE_VALID;
+
+ error:
+    X509_policy_tree_free(tree);
+    return X509_PCY_TREE_INTERNAL;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/standard_exts.h b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/standard_exts.h
new file mode 100644
index 000000000..944f4de02
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/standard_exts.h
@@ -0,0 +1,78 @@
+/*
+ * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This table will be searched using OBJ_bsearch so it *must* kept in order
+ * of the ext_nid values.
+ */
+
+static const X509V3_EXT_METHOD *standard_exts[] = {
+    &v3_nscert,
+    &v3_ns_ia5_list[0],
+    &v3_ns_ia5_list[1],
+    &v3_ns_ia5_list[2],
+    &v3_ns_ia5_list[3],
+    &v3_ns_ia5_list[4],
+    &v3_ns_ia5_list[5],
+    &v3_ns_ia5_list[6],
+    &v3_skey_id,
+    &v3_key_usage,
+    &v3_pkey_usage_period,
+    &v3_alt[0],
+    &v3_alt[1],
+    &v3_bcons,
+    &v3_crl_num,
+    &v3_cpols,
+    &v3_akey_id,
+    &v3_crld,
+    &v3_ext_ku,
+    &v3_delta_crl,
+    &v3_crl_reason,
+#ifndef OPENSSL_NO_OCSP
+    &v3_crl_invdate,
+#endif
+    &v3_sxnet,
+    &v3_info,
+#ifndef OPENSSL_NO_RFC3779
+    &v3_addr,
+    &v3_asid,
+#endif
+#ifndef OPENSSL_NO_OCSP
+    &v3_ocsp_nonce,
+    &v3_ocsp_crlid,
+    &v3_ocsp_accresp,
+    &v3_ocsp_nocheck,
+    &v3_ocsp_acutoff,
+    &v3_ocsp_serviceloc,
+#endif
+    &v3_sinfo,
+    &v3_policy_constraints,
+#ifndef OPENSSL_NO_OCSP
+    &v3_crl_hold,
+#endif
+    &v3_pci,
+    &v3_name_constraints,
+    &v3_policy_mappings,
+    &v3_inhibit_anyp,
+    &v3_idp,
+    &v3_alt[2],
+    &v3_freshest_crl,
+#ifndef OPENSSL_NO_CT
+    &v3_ct_scts[0],
+    &v3_ct_scts[1],
+    &v3_ct_scts[2],
+#endif
+    &v3_tls_feature,
+    &v3_ext_admission
+};
+
+/* Number of standard extensions */
+
+#define STANDARD_EXTENSION_COUNT OSSL_NELEM(standard_exts)
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_addr.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_addr.c
new file mode 100644
index 000000000..bb58e0484
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_addr.c
@@ -0,0 +1,1315 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Implementation of RFC 3779 section 2.2.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/buffer.h>
+#include <openssl/x509v3.h>
+#include "internal/x509_int.h"
+#include "ext_dat.h"
+
+#ifndef OPENSSL_NO_RFC3779
+
+/*
+ * OpenSSL ASN.1 template translation of RFC 3779 2.2.3.
+ */
+
+ASN1_SEQUENCE(IPAddressRange) = {
+  ASN1_SIMPLE(IPAddressRange, min, ASN1_BIT_STRING),
+  ASN1_SIMPLE(IPAddressRange, max, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END(IPAddressRange)
+
+ASN1_CHOICE(IPAddressOrRange) = {
+  ASN1_SIMPLE(IPAddressOrRange, u.addressPrefix, ASN1_BIT_STRING),
+  ASN1_SIMPLE(IPAddressOrRange, u.addressRange,  IPAddressRange)
+} ASN1_CHOICE_END(IPAddressOrRange)
+
+ASN1_CHOICE(IPAddressChoice) = {
+  ASN1_SIMPLE(IPAddressChoice,      u.inherit,           ASN1_NULL),
+  ASN1_SEQUENCE_OF(IPAddressChoice, u.addressesOrRanges, IPAddressOrRange)
+} ASN1_CHOICE_END(IPAddressChoice)
+
+ASN1_SEQUENCE(IPAddressFamily) = {
+  ASN1_SIMPLE(IPAddressFamily, addressFamily,   ASN1_OCTET_STRING),
+  ASN1_SIMPLE(IPAddressFamily, ipAddressChoice, IPAddressChoice)
+} ASN1_SEQUENCE_END(IPAddressFamily)
+
+ASN1_ITEM_TEMPLATE(IPAddrBlocks) =
+  ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0,
+                        IPAddrBlocks, IPAddressFamily)
+static_ASN1_ITEM_TEMPLATE_END(IPAddrBlocks)
+
+IMPLEMENT_ASN1_FUNCTIONS(IPAddressRange)
+IMPLEMENT_ASN1_FUNCTIONS(IPAddressOrRange)
+IMPLEMENT_ASN1_FUNCTIONS(IPAddressChoice)
+IMPLEMENT_ASN1_FUNCTIONS(IPAddressFamily)
+
+/*
+ * How much buffer space do we need for a raw address?
+ */
+#define ADDR_RAW_BUF_LEN        16
+
+/*
+ * What's the address length associated with this AFI?
+ */
+static int length_from_afi(const unsigned afi)
+{
+    switch (afi) {
+    case IANA_AFI_IPV4:
+        return 4;
+    case IANA_AFI_IPV6:
+        return 16;
+    default:
+        return 0;
+    }
+}
+
+/*
+ * Extract the AFI from an IPAddressFamily.
+ */
+unsigned int X509v3_addr_get_afi(const IPAddressFamily *f)
+{
+    if (f == NULL
+            || f->addressFamily == NULL
+            || f->addressFamily->data == NULL
+            || f->addressFamily->length < 2)
+        return 0;
+    return (f->addressFamily->data[0] << 8) | f->addressFamily->data[1];
+}
+
+/*
+ * Expand the bitstring form of an address into a raw byte array.
+ * At the moment this is coded for simplicity, not speed.
+ */
+static int addr_expand(unsigned char *addr,
+                       const ASN1_BIT_STRING *bs,
+                       const int length, const unsigned char fill)
+{
+    if (bs->length < 0 || bs->length > length)
+        return 0;
+    if (bs->length > 0) {
+        memcpy(addr, bs->data, bs->length);
+        if ((bs->flags & 7) != 0) {
+            unsigned char mask = 0xFF >> (8 - (bs->flags & 7));
+            if (fill == 0)
+                addr[bs->length - 1] &= ~mask;
+            else
+                addr[bs->length - 1] |= mask;
+        }
+    }
+    memset(addr + bs->length, fill, length - bs->length);
+    return 1;
+}
+
+/*
+ * Extract the prefix length from a bitstring.
+ */
+#define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7)))
+
+/*
+ * i2r handler for one address bitstring.
+ */
+static int i2r_address(BIO *out,
+                       const unsigned afi,
+                       const unsigned char fill, const ASN1_BIT_STRING *bs)
+{
+    unsigned char addr[ADDR_RAW_BUF_LEN];
+    int i, n;
+
+    if (bs->length < 0)
+        return 0;
+    switch (afi) {
+    case IANA_AFI_IPV4:
+        if (!addr_expand(addr, bs, 4, fill))
+            return 0;
+        BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]);
+        break;
+    case IANA_AFI_IPV6:
+        if (!addr_expand(addr, bs, 16, fill))
+            return 0;
+        for (n = 16; n > 1 && addr[n - 1] == 0x00 && addr[n - 2] == 0x00;
+             n -= 2) ;
+        for (i = 0; i < n; i += 2)
+            BIO_printf(out, "%x%s", (addr[i] << 8) | addr[i + 1],
+                       (i < 14 ? ":" : ""));
+        if (i < 16)
+            BIO_puts(out, ":");
+        if (i == 0)
+            BIO_puts(out, ":");
+        break;
+    default:
+        for (i = 0; i < bs->length; i++)
+            BIO_printf(out, "%s%02x", (i > 0 ? ":" : ""), bs->data[i]);
+        BIO_printf(out, "[%d]", (int)(bs->flags & 7));
+        break;
+    }
+    return 1;
+}
+
+/*
+ * i2r handler for a sequence of addresses and ranges.
+ */
+static int i2r_IPAddressOrRanges(BIO *out,
+                                 const int indent,
+                                 const IPAddressOrRanges *aors,
+                                 const unsigned afi)
+{
+    int i;
+    for (i = 0; i < sk_IPAddressOrRange_num(aors); i++) {
+        const IPAddressOrRange *aor = sk_IPAddressOrRange_value(aors, i);
+        BIO_printf(out, "%*s", indent, "");
+        switch (aor->type) {
+        case IPAddressOrRange_addressPrefix:
+            if (!i2r_address(out, afi, 0x00, aor->u.addressPrefix))
+                return 0;
+            BIO_printf(out, "/%d\n", addr_prefixlen(aor->u.addressPrefix));
+            continue;
+        case IPAddressOrRange_addressRange:
+            if (!i2r_address(out, afi, 0x00, aor->u.addressRange->min))
+                return 0;
+            BIO_puts(out, "-");
+            if (!i2r_address(out, afi, 0xFF, aor->u.addressRange->max))
+                return 0;
+            BIO_puts(out, "\n");
+            continue;
+        }
+    }
+    return 1;
+}
+
+/*
+ * i2r handler for an IPAddrBlocks extension.
+ */
+static int i2r_IPAddrBlocks(const X509V3_EXT_METHOD *method,
+                            void *ext, BIO *out, int indent)
+{
+    const IPAddrBlocks *addr = ext;
+    int i;
+    for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
+        IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
+        const unsigned int afi = X509v3_addr_get_afi(f);
+        switch (afi) {
+        case IANA_AFI_IPV4:
+            BIO_printf(out, "%*sIPv4", indent, "");
+            break;
+        case IANA_AFI_IPV6:
+            BIO_printf(out, "%*sIPv6", indent, "");
+            break;
+        default:
+            BIO_printf(out, "%*sUnknown AFI %u", indent, "", afi);
+            break;
+        }
+        if (f->addressFamily->length > 2) {
+            switch (f->addressFamily->data[2]) {
+            case 1:
+                BIO_puts(out, " (Unicast)");
+                break;
+            case 2:
+                BIO_puts(out, " (Multicast)");
+                break;
+            case 3:
+                BIO_puts(out, " (Unicast/Multicast)");
+                break;
+            case 4:
+                BIO_puts(out, " (MPLS)");
+                break;
+            case 64:
+                BIO_puts(out, " (Tunnel)");
+                break;
+            case 65:
+                BIO_puts(out, " (VPLS)");
+                break;
+            case 66:
+                BIO_puts(out, " (BGP MDT)");
+                break;
+            case 128:
+                BIO_puts(out, " (MPLS-labeled VPN)");
+                break;
+            default:
+                BIO_printf(out, " (Unknown SAFI %u)",
+                           (unsigned)f->addressFamily->data[2]);
+                break;
+            }
+        }
+        switch (f->ipAddressChoice->type) {
+        case IPAddressChoice_inherit:
+            BIO_puts(out, ": inherit\n");
+            break;
+        case IPAddressChoice_addressesOrRanges:
+            BIO_puts(out, ":\n");
+            if (!i2r_IPAddressOrRanges(out,
+                                       indent + 2,
+                                       f->ipAddressChoice->
+                                       u.addressesOrRanges, afi))
+                return 0;
+            break;
+        }
+    }
+    return 1;
+}
+
+/*
+ * Sort comparison function for a sequence of IPAddressOrRange
+ * elements.
+ *
+ * There's no sane answer we can give if addr_expand() fails, and an
+ * assertion failure on externally supplied data is seriously uncool,
+ * so we just arbitrarily declare that if given invalid inputs this
+ * function returns -1.  If this messes up your preferred sort order
+ * for garbage input, tough noogies.
+ */
+static int IPAddressOrRange_cmp(const IPAddressOrRange *a,
+                                const IPAddressOrRange *b, const int length)
+{
+    unsigned char addr_a[ADDR_RAW_BUF_LEN], addr_b[ADDR_RAW_BUF_LEN];
+    int prefixlen_a = 0, prefixlen_b = 0;
+    int r;
+
+    switch (a->type) {
+    case IPAddressOrRange_addressPrefix:
+        if (!addr_expand(addr_a, a->u.addressPrefix, length, 0x00))
+            return -1;
+        prefixlen_a = addr_prefixlen(a->u.addressPrefix);
+        break;
+    case IPAddressOrRange_addressRange:
+        if (!addr_expand(addr_a, a->u.addressRange->min, length, 0x00))
+            return -1;
+        prefixlen_a = length * 8;
+        break;
+    }
+
+    switch (b->type) {
+    case IPAddressOrRange_addressPrefix:
+        if (!addr_expand(addr_b, b->u.addressPrefix, length, 0x00))
+            return -1;
+        prefixlen_b = addr_prefixlen(b->u.addressPrefix);
+        break;
+    case IPAddressOrRange_addressRange:
+        if (!addr_expand(addr_b, b->u.addressRange->min, length, 0x00))
+            return -1;
+        prefixlen_b = length * 8;
+        break;
+    }
+
+    if ((r = memcmp(addr_a, addr_b, length)) != 0)
+        return r;
+    else
+        return prefixlen_a - prefixlen_b;
+}
+
+/*
+ * IPv4-specific closure over IPAddressOrRange_cmp, since sk_sort()
+ * comparison routines are only allowed two arguments.
+ */
+static int v4IPAddressOrRange_cmp(const IPAddressOrRange *const *a,
+                                  const IPAddressOrRange *const *b)
+{
+    return IPAddressOrRange_cmp(*a, *b, 4);
+}
+
+/*
+ * IPv6-specific closure over IPAddressOrRange_cmp, since sk_sort()
+ * comparison routines are only allowed two arguments.
+ */
+static int v6IPAddressOrRange_cmp(const IPAddressOrRange *const *a,
+                                  const IPAddressOrRange *const *b)
+{
+    return IPAddressOrRange_cmp(*a, *b, 16);
+}
+
+/*
+ * Calculate whether a range collapses to a prefix.
+ * See last paragraph of RFC 3779 2.2.3.7.
+ */
+static int range_should_be_prefix(const unsigned char *min,
+                                  const unsigned char *max, const int length)
+{
+    unsigned char mask;
+    int i, j;
+
+    if (memcmp(min, max, length) <= 0)
+        return -1;
+    for (i = 0; i < length && min[i] == max[i]; i++) ;
+    for (j = length - 1; j >= 0 && min[j] == 0x00 && max[j] == 0xFF; j--) ;
+    if (i < j)
+        return -1;
+    if (i > j)
+        return i * 8;
+    mask = min[i] ^ max[i];
+    switch (mask) {
+    case 0x01:
+        j = 7;
+        break;
+    case 0x03:
+        j = 6;
+        break;
+    case 0x07:
+        j = 5;
+        break;
+    case 0x0F:
+        j = 4;
+        break;
+    case 0x1F:
+        j = 3;
+        break;
+    case 0x3F:
+        j = 2;
+        break;
+    case 0x7F:
+        j = 1;
+        break;
+    default:
+        return -1;
+    }
+    if ((min[i] & mask) != 0 || (max[i] & mask) != mask)
+        return -1;
+    else
+        return i * 8 + j;
+}
+
+/*
+ * Construct a prefix.
+ */
+static int make_addressPrefix(IPAddressOrRange **result,
+                              unsigned char *addr, const int prefixlen)
+{
+    int bytelen = (prefixlen + 7) / 8, bitlen = prefixlen % 8;
+    IPAddressOrRange *aor = IPAddressOrRange_new();
+
+    if (aor == NULL)
+        return 0;
+    aor->type = IPAddressOrRange_addressPrefix;
+    if (aor->u.addressPrefix == NULL &&
+        (aor->u.addressPrefix = ASN1_BIT_STRING_new()) == NULL)
+        goto err;
+    if (!ASN1_BIT_STRING_set(aor->u.addressPrefix, addr, bytelen))
+        goto err;
+    aor->u.addressPrefix->flags &= ~7;
+    aor->u.addressPrefix->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+    if (bitlen > 0) {
+        aor->u.addressPrefix->data[bytelen - 1] &= ~(0xFF >> bitlen);
+        aor->u.addressPrefix->flags |= 8 - bitlen;
+    }
+
+    *result = aor;
+    return 1;
+
+ err:
+    IPAddressOrRange_free(aor);
+    return 0;
+}
+
+/*
+ * Construct a range.  If it can be expressed as a prefix,
+ * return a prefix instead.  Doing this here simplifies
+ * the rest of the code considerably.
+ */
+static int make_addressRange(IPAddressOrRange **result,
+                             unsigned char *min,
+                             unsigned char *max, const int length)
+{
+    IPAddressOrRange *aor;
+    int i, prefixlen;
+
+    if ((prefixlen = range_should_be_prefix(min, max, length)) >= 0)
+        return make_addressPrefix(result, min, prefixlen);
+
+    if ((aor = IPAddressOrRange_new()) == NULL)
+        return 0;
+    aor->type = IPAddressOrRange_addressRange;
+    if ((aor->u.addressRange = IPAddressRange_new()) == NULL)
+        goto err;
+    if (aor->u.addressRange->min == NULL &&
+        (aor->u.addressRange->min = ASN1_BIT_STRING_new()) == NULL)
+        goto err;
+    if (aor->u.addressRange->max == NULL &&
+        (aor->u.addressRange->max = ASN1_BIT_STRING_new()) == NULL)
+        goto err;
+
+    for (i = length; i > 0 && min[i - 1] == 0x00; --i) ;
+    if (!ASN1_BIT_STRING_set(aor->u.addressRange->min, min, i))
+        goto err;
+    aor->u.addressRange->min->flags &= ~7;
+    aor->u.addressRange->min->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+    if (i > 0) {
+        unsigned char b = min[i - 1];
+        int j = 1;
+        while ((b & (0xFFU >> j)) != 0)
+            ++j;
+        aor->u.addressRange->min->flags |= 8 - j;
+    }
+
+    for (i = length; i > 0 && max[i - 1] == 0xFF; --i) ;
+    if (!ASN1_BIT_STRING_set(aor->u.addressRange->max, max, i))
+        goto err;
+    aor->u.addressRange->max->flags &= ~7;
+    aor->u.addressRange->max->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+    if (i > 0) {
+        unsigned char b = max[i - 1];
+        int j = 1;
+        while ((b & (0xFFU >> j)) != (0xFFU >> j))
+            ++j;
+        aor->u.addressRange->max->flags |= 8 - j;
+    }
+
+    *result = aor;
+    return 1;
+
+ err:
+    IPAddressOrRange_free(aor);
+    return 0;
+}
+
+/*
+ * Construct a new address family or find an existing one.
+ */
+static IPAddressFamily *make_IPAddressFamily(IPAddrBlocks *addr,
+                                             const unsigned afi,
+                                             const unsigned *safi)
+{
+    IPAddressFamily *f;
+    unsigned char key[3];
+    int keylen;
+    int i;
+
+    key[0] = (afi >> 8) & 0xFF;
+    key[1] = afi & 0xFF;
+    if (safi != NULL) {
+        key[2] = *safi & 0xFF;
+        keylen = 3;
+    } else {
+        keylen = 2;
+    }
+
+    for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
+        f = sk_IPAddressFamily_value(addr, i);
+        if (f->addressFamily->length == keylen &&
+            !memcmp(f->addressFamily->data, key, keylen))
+            return f;
+    }
+
+    if ((f = IPAddressFamily_new()) == NULL)
+        goto err;
+    if (f->ipAddressChoice == NULL &&
+        (f->ipAddressChoice = IPAddressChoice_new()) == NULL)
+        goto err;
+    if (f->addressFamily == NULL &&
+        (f->addressFamily = ASN1_OCTET_STRING_new()) == NULL)
+        goto err;
+    if (!ASN1_OCTET_STRING_set(f->addressFamily, key, keylen))
+        goto err;
+    if (!sk_IPAddressFamily_push(addr, f))
+        goto err;
+
+    return f;
+
+ err:
+    IPAddressFamily_free(f);
+    return NULL;
+}
+
+/*
+ * Add an inheritance element.
+ */
+int X509v3_addr_add_inherit(IPAddrBlocks *addr,
+                            const unsigned afi, const unsigned *safi)
+{
+    IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi);
+    if (f == NULL ||
+        f->ipAddressChoice == NULL ||
+        (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges &&
+         f->ipAddressChoice->u.addressesOrRanges != NULL))
+        return 0;
+    if (f->ipAddressChoice->type == IPAddressChoice_inherit &&
+        f->ipAddressChoice->u.inherit != NULL)
+        return 1;
+    if (f->ipAddressChoice->u.inherit == NULL &&
+        (f->ipAddressChoice->u.inherit = ASN1_NULL_new()) == NULL)
+        return 0;
+    f->ipAddressChoice->type = IPAddressChoice_inherit;
+    return 1;
+}
+
+/*
+ * Construct an IPAddressOrRange sequence, or return an existing one.
+ */
+static IPAddressOrRanges *make_prefix_or_range(IPAddrBlocks *addr,
+                                               const unsigned afi,
+                                               const unsigned *safi)
+{
+    IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi);
+    IPAddressOrRanges *aors = NULL;
+
+    if (f == NULL ||
+        f->ipAddressChoice == NULL ||
+        (f->ipAddressChoice->type == IPAddressChoice_inherit &&
+         f->ipAddressChoice->u.inherit != NULL))
+        return NULL;
+    if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges)
+        aors = f->ipAddressChoice->u.addressesOrRanges;
+    if (aors != NULL)
+        return aors;
+    if ((aors = sk_IPAddressOrRange_new_null()) == NULL)
+        return NULL;
+    switch (afi) {
+    case IANA_AFI_IPV4:
+        (void)sk_IPAddressOrRange_set_cmp_func(aors, v4IPAddressOrRange_cmp);
+        break;
+    case IANA_AFI_IPV6:
+        (void)sk_IPAddressOrRange_set_cmp_func(aors, v6IPAddressOrRange_cmp);
+        break;
+    }
+    f->ipAddressChoice->type = IPAddressChoice_addressesOrRanges;
+    f->ipAddressChoice->u.addressesOrRanges = aors;
+    return aors;
+}
+
+/*
+ * Add a prefix.
+ */
+int X509v3_addr_add_prefix(IPAddrBlocks *addr,
+                           const unsigned afi,
+                           const unsigned *safi,
+                           unsigned char *a, const int prefixlen)
+{
+    IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi);
+    IPAddressOrRange *aor;
+    if (aors == NULL || !make_addressPrefix(&aor, a, prefixlen))
+        return 0;
+    if (sk_IPAddressOrRange_push(aors, aor))
+        return 1;
+    IPAddressOrRange_free(aor);
+    return 0;
+}
+
+/*
+ * Add a range.
+ */
+int X509v3_addr_add_range(IPAddrBlocks *addr,
+                          const unsigned afi,
+                          const unsigned *safi,
+                          unsigned char *min, unsigned char *max)
+{
+    IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi);
+    IPAddressOrRange *aor;
+    int length = length_from_afi(afi);
+    if (aors == NULL)
+        return 0;
+    if (!make_addressRange(&aor, min, max, length))
+        return 0;
+    if (sk_IPAddressOrRange_push(aors, aor))
+        return 1;
+    IPAddressOrRange_free(aor);
+    return 0;
+}
+
+/*
+ * Extract min and max values from an IPAddressOrRange.
+ */
+static int extract_min_max(IPAddressOrRange *aor,
+                           unsigned char *min, unsigned char *max, int length)
+{
+    if (aor == NULL || min == NULL || max == NULL)
+        return 0;
+    switch (aor->type) {
+    case IPAddressOrRange_addressPrefix:
+        return (addr_expand(min, aor->u.addressPrefix, length, 0x00) &&
+                addr_expand(max, aor->u.addressPrefix, length, 0xFF));
+    case IPAddressOrRange_addressRange:
+        return (addr_expand(min, aor->u.addressRange->min, length, 0x00) &&
+                addr_expand(max, aor->u.addressRange->max, length, 0xFF));
+    }
+    return 0;
+}
+
+/*
+ * Public wrapper for extract_min_max().
+ */
+int X509v3_addr_get_range(IPAddressOrRange *aor,
+                          const unsigned afi,
+                          unsigned char *min,
+                          unsigned char *max, const int length)
+{
+    int afi_length = length_from_afi(afi);
+    if (aor == NULL || min == NULL || max == NULL ||
+        afi_length == 0 || length < afi_length ||
+        (aor->type != IPAddressOrRange_addressPrefix &&
+         aor->type != IPAddressOrRange_addressRange) ||
+        !extract_min_max(aor, min, max, afi_length))
+        return 0;
+
+    return afi_length;
+}
+
+/*
+ * Sort comparison function for a sequence of IPAddressFamily.
+ *
+ * The last paragraph of RFC 3779 2.2.3.3 is slightly ambiguous about
+ * the ordering: I can read it as meaning that IPv6 without a SAFI
+ * comes before IPv4 with a SAFI, which seems pretty weird.  The
+ * examples in appendix B suggest that the author intended the
+ * null-SAFI rule to apply only within a single AFI, which is what I
+ * would have expected and is what the following code implements.
+ */
+static int IPAddressFamily_cmp(const IPAddressFamily *const *a_,
+                               const IPAddressFamily *const *b_)
+{
+    const ASN1_OCTET_STRING *a = (*a_)->addressFamily;
+    const ASN1_OCTET_STRING *b = (*b_)->addressFamily;
+    int len = ((a->length <= b->length) ? a->length : b->length);
+    int cmp = memcmp(a->data, b->data, len);
+    return cmp ? cmp : a->length - b->length;
+}
+
+/*
+ * Check whether an IPAddrBLocks is in canonical form.
+ */
+int X509v3_addr_is_canonical(IPAddrBlocks *addr)
+{
+    unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
+    unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN];
+    IPAddressOrRanges *aors;
+    int i, j, k;
+
+    /*
+     * Empty extension is canonical.
+     */
+    if (addr == NULL)
+        return 1;
+
+    /*
+     * Check whether the top-level list is in order.
+     */
+    for (i = 0; i < sk_IPAddressFamily_num(addr) - 1; i++) {
+        const IPAddressFamily *a = sk_IPAddressFamily_value(addr, i);
+        const IPAddressFamily *b = sk_IPAddressFamily_value(addr, i + 1);
+        if (IPAddressFamily_cmp(&a, &b) >= 0)
+            return 0;
+    }
+
+    /*
+     * Top level's ok, now check each address family.
+     */
+    for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
+        IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
+        int length = length_from_afi(X509v3_addr_get_afi(f));
+
+        /*
+         * Inheritance is canonical.  Anything other than inheritance or
+         * a SEQUENCE OF IPAddressOrRange is an ASN.1 error or something.
+         */
+        if (f == NULL || f->ipAddressChoice == NULL)
+            return 0;
+        switch (f->ipAddressChoice->type) {
+        case IPAddressChoice_inherit:
+            continue;
+        case IPAddressChoice_addressesOrRanges:
+            break;
+        default:
+            return 0;
+        }
+
+        /*
+         * It's an IPAddressOrRanges sequence, check it.
+         */
+        aors = f->ipAddressChoice->u.addressesOrRanges;
+        if (sk_IPAddressOrRange_num(aors) == 0)
+            return 0;
+        for (j = 0; j < sk_IPAddressOrRange_num(aors) - 1; j++) {
+            IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
+            IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, j + 1);
+
+            if (!extract_min_max(a, a_min, a_max, length) ||
+                !extract_min_max(b, b_min, b_max, length))
+                return 0;
+
+            /*
+             * Punt misordered list, overlapping start, or inverted range.
+             */
+            if (memcmp(a_min, b_min, length) >= 0 ||
+                memcmp(a_min, a_max, length) > 0 ||
+                memcmp(b_min, b_max, length) > 0)
+                return 0;
+
+            /*
+             * Punt if adjacent or overlapping.  Check for adjacency by
+             * subtracting one from b_min first.
+             */
+            for (k = length - 1; k >= 0 && b_min[k]-- == 0x00; k--) ;
+            if (memcmp(a_max, b_min, length) >= 0)
+                return 0;
+
+            /*
+             * Check for range that should be expressed as a prefix.
+             */
+            if (a->type == IPAddressOrRange_addressRange &&
+                range_should_be_prefix(a_min, a_max, length) >= 0)
+                return 0;
+        }
+
+        /*
+         * Check range to see if it's inverted or should be a
+         * prefix.
+         */
+        j = sk_IPAddressOrRange_num(aors) - 1;
+        {
+            IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
+            if (a != NULL && a->type == IPAddressOrRange_addressRange) {
+                if (!extract_min_max(a, a_min, a_max, length))
+                    return 0;
+                if (memcmp(a_min, a_max, length) > 0 ||
+                    range_should_be_prefix(a_min, a_max, length) >= 0)
+                    return 0;
+            }
+        }
+    }
+
+    /*
+     * If we made it through all that, we're happy.
+     */
+    return 1;
+}
+
+/*
+ * Whack an IPAddressOrRanges into canonical form.
+ */
+static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors,
+                                      const unsigned afi)
+{
+    int i, j, length = length_from_afi(afi);
+
+    /*
+     * Sort the IPAddressOrRanges sequence.
+     */
+    sk_IPAddressOrRange_sort(aors);
+
+    /*
+     * Clean up representation issues, punt on duplicates or overlaps.
+     */
+    for (i = 0; i < sk_IPAddressOrRange_num(aors) - 1; i++) {
+        IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, i);
+        IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, i + 1);
+        unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
+        unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN];
+
+        if (!extract_min_max(a, a_min, a_max, length) ||
+            !extract_min_max(b, b_min, b_max, length))
+            return 0;
+
+        /*
+         * Punt inverted ranges.
+         */
+        if (memcmp(a_min, a_max, length) > 0 ||
+            memcmp(b_min, b_max, length) > 0)
+            return 0;
+
+        /*
+         * Punt overlaps.
+         */
+        if (memcmp(a_max, b_min, length) >= 0)
+            return 0;
+
+        /*
+         * Merge if a and b are adjacent.  We check for
+         * adjacency by subtracting one from b_min first.
+         */
+        for (j = length - 1; j >= 0 && b_min[j]-- == 0x00; j--) ;
+        if (memcmp(a_max, b_min, length) == 0) {
+            IPAddressOrRange *merged;
+            if (!make_addressRange(&merged, a_min, b_max, length))
+                return 0;
+            (void)sk_IPAddressOrRange_set(aors, i, merged);
+            (void)sk_IPAddressOrRange_delete(aors, i + 1);
+            IPAddressOrRange_free(a);
+            IPAddressOrRange_free(b);
+            --i;
+            continue;
+        }
+    }
+
+    /*
+     * Check for inverted final range.
+     */
+    j = sk_IPAddressOrRange_num(aors) - 1;
+    {
+        IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
+        if (a != NULL && a->type == IPAddressOrRange_addressRange) {
+            unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
+            if (!extract_min_max(a, a_min, a_max, length))
+                return 0;
+            if (memcmp(a_min, a_max, length) > 0)
+                return 0;
+        }
+    }
+
+    return 1;
+}
+
+/*
+ * Whack an IPAddrBlocks extension into canonical form.
+ */
+int X509v3_addr_canonize(IPAddrBlocks *addr)
+{
+    int i;
+    for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
+        IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
+        if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges &&
+            !IPAddressOrRanges_canonize(f->ipAddressChoice->
+                                        u.addressesOrRanges,
+                                        X509v3_addr_get_afi(f)))
+            return 0;
+    }
+    (void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp);
+    sk_IPAddressFamily_sort(addr);
+    if (!ossl_assert(X509v3_addr_is_canonical(addr)))
+        return 0;
+    return 1;
+}
+
+/*
+ * v2i handler for the IPAddrBlocks extension.
+ */
+static void *v2i_IPAddrBlocks(const struct v3_ext_method *method,
+                              struct v3_ext_ctx *ctx,
+                              STACK_OF(CONF_VALUE) *values)
+{
+    static const char v4addr_chars[] = "0123456789.";
+    static const char v6addr_chars[] = "0123456789.:abcdefABCDEF";
+    IPAddrBlocks *addr = NULL;
+    char *s = NULL, *t;
+    int i;
+
+    if ((addr = sk_IPAddressFamily_new(IPAddressFamily_cmp)) == NULL) {
+        X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
+        CONF_VALUE *val = sk_CONF_VALUE_value(values, i);
+        unsigned char min[ADDR_RAW_BUF_LEN], max[ADDR_RAW_BUF_LEN];
+        unsigned afi, *safi = NULL, safi_;
+        const char *addr_chars = NULL;
+        int prefixlen, i1, i2, delim, length;
+
+        if (!name_cmp(val->name, "IPv4")) {
+            afi = IANA_AFI_IPV4;
+        } else if (!name_cmp(val->name, "IPv6")) {
+            afi = IANA_AFI_IPV6;
+        } else if (!name_cmp(val->name, "IPv4-SAFI")) {
+            afi = IANA_AFI_IPV4;
+            safi = &safi_;
+        } else if (!name_cmp(val->name, "IPv6-SAFI")) {
+            afi = IANA_AFI_IPV6;
+            safi = &safi_;
+        } else {
+            X509V3err(X509V3_F_V2I_IPADDRBLOCKS,
+                      X509V3_R_EXTENSION_NAME_ERROR);
+            X509V3_conf_err(val);
+            goto err;
+        }
+
+        switch (afi) {
+        case IANA_AFI_IPV4:
+            addr_chars = v4addr_chars;
+            break;
+        case IANA_AFI_IPV6:
+            addr_chars = v6addr_chars;
+            break;
+        }
+
+        length = length_from_afi(afi);
+
+        /*
+         * Handle SAFI, if any, and OPENSSL_strdup() so we can null-terminate
+         * the other input values.
+         */
+        if (safi != NULL) {
+            *safi = strtoul(val->value, &t, 0);
+            t += strspn(t, " \t");
+            if (*safi > 0xFF || *t++ != ':') {
+                X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_SAFI);
+                X509V3_conf_err(val);
+                goto err;
+            }
+            t += strspn(t, " \t");
+            s = OPENSSL_strdup(t);
+        } else {
+            s = OPENSSL_strdup(val->value);
+        }
+        if (s == NULL) {
+            X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        /*
+         * Check for inheritance.  Not worth additional complexity to
+         * optimize this (seldom-used) case.
+         */
+        if (strcmp(s, "inherit") == 0) {
+            if (!X509v3_addr_add_inherit(addr, afi, safi)) {
+                X509V3err(X509V3_F_V2I_IPADDRBLOCKS,
+                          X509V3_R_INVALID_INHERITANCE);
+                X509V3_conf_err(val);
+                goto err;
+            }
+            OPENSSL_free(s);
+            s = NULL;
+            continue;
+        }
+
+        i1 = strspn(s, addr_chars);
+        i2 = i1 + strspn(s + i1, " \t");
+        delim = s[i2++];
+        s[i1] = '\0';
+
+        if (a2i_ipadd(min, s) != length) {
+            X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_IPADDRESS);
+            X509V3_conf_err(val);
+            goto err;
+        }
+
+        switch (delim) {
+        case '/':
+            prefixlen = (int)strtoul(s + i2, &t, 10);
+            if (t == s + i2 || *t != '\0') {
+                X509V3err(X509V3_F_V2I_IPADDRBLOCKS,
+                          X509V3_R_EXTENSION_VALUE_ERROR);
+                X509V3_conf_err(val);
+                goto err;
+            }
+            if (!X509v3_addr_add_prefix(addr, afi, safi, min, prefixlen)) {
+                X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            break;
+        case '-':
+            i1 = i2 + strspn(s + i2, " \t");
+            i2 = i1 + strspn(s + i1, addr_chars);
+            if (i1 == i2 || s[i2] != '\0') {
+                X509V3err(X509V3_F_V2I_IPADDRBLOCKS,
+                          X509V3_R_EXTENSION_VALUE_ERROR);
+                X509V3_conf_err(val);
+                goto err;
+            }
+            if (a2i_ipadd(max, s + i1) != length) {
+                X509V3err(X509V3_F_V2I_IPADDRBLOCKS,
+                          X509V3_R_INVALID_IPADDRESS);
+                X509V3_conf_err(val);
+                goto err;
+            }
+            if (memcmp(min, max, length_from_afi(afi)) > 0) {
+                X509V3err(X509V3_F_V2I_IPADDRBLOCKS,
+                          X509V3_R_EXTENSION_VALUE_ERROR);
+                X509V3_conf_err(val);
+                goto err;
+            }
+            if (!X509v3_addr_add_range(addr, afi, safi, min, max)) {
+                X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            break;
+        case '\0':
+            if (!X509v3_addr_add_prefix(addr, afi, safi, min, length * 8)) {
+                X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            break;
+        default:
+            X509V3err(X509V3_F_V2I_IPADDRBLOCKS,
+                      X509V3_R_EXTENSION_VALUE_ERROR);
+            X509V3_conf_err(val);
+            goto err;
+        }
+
+        OPENSSL_free(s);
+        s = NULL;
+    }
+
+    /*
+     * Canonize the result, then we're done.
+     */
+    if (!X509v3_addr_canonize(addr))
+        goto err;
+    return addr;
+
+ err:
+    OPENSSL_free(s);
+    sk_IPAddressFamily_pop_free(addr, IPAddressFamily_free);
+    return NULL;
+}
+
+/*
+ * OpenSSL dispatch
+ */
+const X509V3_EXT_METHOD v3_addr = {
+    NID_sbgp_ipAddrBlock,       /* nid */
+    0,                          /* flags */
+    ASN1_ITEM_ref(IPAddrBlocks), /* template */
+    0, 0, 0, 0,                 /* old functions, ignored */
+    0,                          /* i2s */
+    0,                          /* s2i */
+    0,                          /* i2v */
+    v2i_IPAddrBlocks,           /* v2i */
+    i2r_IPAddrBlocks,           /* i2r */
+    0,                          /* r2i */
+    NULL                        /* extension-specific data */
+};
+
+/*
+ * Figure out whether extension sues inheritance.
+ */
+int X509v3_addr_inherits(IPAddrBlocks *addr)
+{
+    int i;
+    if (addr == NULL)
+        return 0;
+    for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
+        IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
+        if (f->ipAddressChoice->type == IPAddressChoice_inherit)
+            return 1;
+    }
+    return 0;
+}
+
+/*
+ * Figure out whether parent contains child.
+ */
+static int addr_contains(IPAddressOrRanges *parent,
+                         IPAddressOrRanges *child, int length)
+{
+    unsigned char p_min[ADDR_RAW_BUF_LEN], p_max[ADDR_RAW_BUF_LEN];
+    unsigned char c_min[ADDR_RAW_BUF_LEN], c_max[ADDR_RAW_BUF_LEN];
+    int p, c;
+
+    if (child == NULL || parent == child)
+        return 1;
+    if (parent == NULL)
+        return 0;
+
+    p = 0;
+    for (c = 0; c < sk_IPAddressOrRange_num(child); c++) {
+        if (!extract_min_max(sk_IPAddressOrRange_value(child, c),
+                             c_min, c_max, length))
+            return -1;
+        for (;; p++) {
+            if (p >= sk_IPAddressOrRange_num(parent))
+                return 0;
+            if (!extract_min_max(sk_IPAddressOrRange_value(parent, p),
+                                 p_min, p_max, length))
+                return 0;
+            if (memcmp(p_max, c_max, length) < 0)
+                continue;
+            if (memcmp(p_min, c_min, length) > 0)
+                return 0;
+            break;
+        }
+    }
+
+    return 1;
+}
+
+/*
+ * Test whether a is a subset of b.
+ */
+int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b)
+{
+    int i;
+    if (a == NULL || a == b)
+        return 1;
+    if (b == NULL || X509v3_addr_inherits(a) || X509v3_addr_inherits(b))
+        return 0;
+    (void)sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp);
+    for (i = 0; i < sk_IPAddressFamily_num(a); i++) {
+        IPAddressFamily *fa = sk_IPAddressFamily_value(a, i);
+        int j = sk_IPAddressFamily_find(b, fa);
+        IPAddressFamily *fb;
+        fb = sk_IPAddressFamily_value(b, j);
+        if (fb == NULL)
+            return 0;
+        if (!addr_contains(fb->ipAddressChoice->u.addressesOrRanges,
+                           fa->ipAddressChoice->u.addressesOrRanges,
+                           length_from_afi(X509v3_addr_get_afi(fb))))
+            return 0;
+    }
+    return 1;
+}
+
+/*
+ * Validation error handling via callback.
+ */
+#define validation_err(_err_)           \
+  do {                                  \
+    if (ctx != NULL) {                  \
+      ctx->error = _err_;               \
+      ctx->error_depth = i;             \
+      ctx->current_cert = x;            \
+      ret = ctx->verify_cb(0, ctx);     \
+    } else {                            \
+      ret = 0;                          \
+    }                                   \
+    if (!ret)                           \
+      goto done;                        \
+  } while (0)
+
+/*
+ * Core code for RFC 3779 2.3 path validation.
+ *
+ * Returns 1 for success, 0 on error.
+ *
+ * When returning 0, ctx->error MUST be set to an appropriate value other than
+ * X509_V_OK.
+ */
+static int addr_validate_path_internal(X509_STORE_CTX *ctx,
+                                       STACK_OF(X509) *chain,
+                                       IPAddrBlocks *ext)
+{
+    IPAddrBlocks *child = NULL;
+    int i, j, ret = 1;
+    X509 *x;
+
+    if (!ossl_assert(chain != NULL && sk_X509_num(chain) > 0)
+            || !ossl_assert(ctx != NULL || ext != NULL)
+            || !ossl_assert(ctx == NULL || ctx->verify_cb != NULL)) {
+        if (ctx != NULL)
+            ctx->error = X509_V_ERR_UNSPECIFIED;
+        return 0;
+    }
+
+    /*
+     * Figure out where to start.  If we don't have an extension to
+     * check, we're done.  Otherwise, check canonical form and
+     * set up for walking up the chain.
+     */
+    if (ext != NULL) {
+        i = -1;
+        x = NULL;
+    } else {
+        i = 0;
+        x = sk_X509_value(chain, i);
+        if ((ext = x->rfc3779_addr) == NULL)
+            goto done;
+    }
+    if (!X509v3_addr_is_canonical(ext))
+        validation_err(X509_V_ERR_INVALID_EXTENSION);
+    (void)sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp);
+    if ((child = sk_IPAddressFamily_dup(ext)) == NULL) {
+        X509V3err(X509V3_F_ADDR_VALIDATE_PATH_INTERNAL,
+                  ERR_R_MALLOC_FAILURE);
+        if (ctx != NULL)
+            ctx->error = X509_V_ERR_OUT_OF_MEM;
+        ret = 0;
+        goto done;
+    }
+
+    /*
+     * Now walk up the chain.  No cert may list resources that its
+     * parent doesn't list.
+     */
+    for (i++; i < sk_X509_num(chain); i++) {
+        x = sk_X509_value(chain, i);
+        if (!X509v3_addr_is_canonical(x->rfc3779_addr))
+            validation_err(X509_V_ERR_INVALID_EXTENSION);
+        if (x->rfc3779_addr == NULL) {
+            for (j = 0; j < sk_IPAddressFamily_num(child); j++) {
+                IPAddressFamily *fc = sk_IPAddressFamily_value(child, j);
+                if (fc->ipAddressChoice->type != IPAddressChoice_inherit) {
+                    validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+                    break;
+                }
+            }
+            continue;
+        }
+        (void)sk_IPAddressFamily_set_cmp_func(x->rfc3779_addr,
+                                              IPAddressFamily_cmp);
+        for (j = 0; j < sk_IPAddressFamily_num(child); j++) {
+            IPAddressFamily *fc = sk_IPAddressFamily_value(child, j);
+            int k = sk_IPAddressFamily_find(x->rfc3779_addr, fc);
+            IPAddressFamily *fp =
+                sk_IPAddressFamily_value(x->rfc3779_addr, k);
+            if (fp == NULL) {
+                if (fc->ipAddressChoice->type ==
+                    IPAddressChoice_addressesOrRanges) {
+                    validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+                    break;
+                }
+                continue;
+            }
+            if (fp->ipAddressChoice->type ==
+                IPAddressChoice_addressesOrRanges) {
+                if (fc->ipAddressChoice->type == IPAddressChoice_inherit
+                    || addr_contains(fp->ipAddressChoice->u.addressesOrRanges,
+                                     fc->ipAddressChoice->u.addressesOrRanges,
+                                     length_from_afi(X509v3_addr_get_afi(fc))))
+                    sk_IPAddressFamily_set(child, j, fp);
+                else
+                    validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+            }
+        }
+    }
+
+    /*
+     * Trust anchor can't inherit.
+     */
+    if (x->rfc3779_addr != NULL) {
+        for (j = 0; j < sk_IPAddressFamily_num(x->rfc3779_addr); j++) {
+            IPAddressFamily *fp =
+                sk_IPAddressFamily_value(x->rfc3779_addr, j);
+            if (fp->ipAddressChoice->type == IPAddressChoice_inherit
+                && sk_IPAddressFamily_find(child, fp) >= 0)
+                validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+        }
+    }
+
+ done:
+    sk_IPAddressFamily_free(child);
+    return ret;
+}
+
+#undef validation_err
+
+/*
+ * RFC 3779 2.3 path validation -- called from X509_verify_cert().
+ */
+int X509v3_addr_validate_path(X509_STORE_CTX *ctx)
+{
+    if (ctx->chain == NULL
+            || sk_X509_num(ctx->chain) == 0
+            || ctx->verify_cb == NULL) {
+        ctx->error = X509_V_ERR_UNSPECIFIED;
+        return 0;
+    }
+    return addr_validate_path_internal(ctx, ctx->chain, NULL);
+}
+
+/*
+ * RFC 3779 2.3 path validation of an extension.
+ * Test whether chain covers extension.
+ */
+int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain,
+                                  IPAddrBlocks *ext, int allow_inheritance)
+{
+    if (ext == NULL)
+        return 1;
+    if (chain == NULL || sk_X509_num(chain) == 0)
+        return 0;
+    if (!allow_inheritance && X509v3_addr_inherits(ext))
+        return 0;
+    return addr_validate_path_internal(NULL, chain, ext);
+}
+
+#endif                          /* OPENSSL_NO_RFC3779 */
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_admis.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_admis.c
new file mode 100644
index 000000000..c8e75191b
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_admis.c
@@ -0,0 +1,356 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/ossl_typ.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+
+#include <openssl/x509v3.h>
+
+#include <openssl/safestack.h>
+
+#include "v3_admis.h"
+#include "ext_dat.h"
+
+
+ASN1_SEQUENCE(NAMING_AUTHORITY) = {
+    ASN1_OPT(NAMING_AUTHORITY, namingAuthorityId, ASN1_OBJECT),
+    ASN1_OPT(NAMING_AUTHORITY, namingAuthorityUrl, ASN1_IA5STRING),
+    ASN1_OPT(NAMING_AUTHORITY, namingAuthorityText, DIRECTORYSTRING),
+} ASN1_SEQUENCE_END(NAMING_AUTHORITY)
+
+ASN1_SEQUENCE(PROFESSION_INFO) = {
+    ASN1_EXP_OPT(PROFESSION_INFO, namingAuthority, NAMING_AUTHORITY, 0),
+    ASN1_SEQUENCE_OF(PROFESSION_INFO, professionItems, DIRECTORYSTRING),
+    ASN1_SEQUENCE_OF_OPT(PROFESSION_INFO, professionOIDs, ASN1_OBJECT),
+    ASN1_OPT(PROFESSION_INFO, registrationNumber, ASN1_PRINTABLESTRING),
+    ASN1_OPT(PROFESSION_INFO, addProfessionInfo, ASN1_OCTET_STRING),
+} ASN1_SEQUENCE_END(PROFESSION_INFO)
+
+ASN1_SEQUENCE(ADMISSIONS) = {
+    ASN1_EXP_OPT(ADMISSIONS, admissionAuthority, GENERAL_NAME, 0),
+    ASN1_EXP_OPT(ADMISSIONS, namingAuthority, NAMING_AUTHORITY, 1),
+    ASN1_SEQUENCE_OF(ADMISSIONS, professionInfos, PROFESSION_INFO),
+} ASN1_SEQUENCE_END(ADMISSIONS)
+
+ASN1_SEQUENCE(ADMISSION_SYNTAX) = {
+    ASN1_OPT(ADMISSION_SYNTAX, admissionAuthority, GENERAL_NAME),
+    ASN1_SEQUENCE_OF(ADMISSION_SYNTAX, contentsOfAdmissions, ADMISSIONS),
+} ASN1_SEQUENCE_END(ADMISSION_SYNTAX)
+
+IMPLEMENT_ASN1_FUNCTIONS(NAMING_AUTHORITY)
+IMPLEMENT_ASN1_FUNCTIONS(PROFESSION_INFO)
+IMPLEMENT_ASN1_FUNCTIONS(ADMISSIONS)
+IMPLEMENT_ASN1_FUNCTIONS(ADMISSION_SYNTAX)
+
+static int i2r_ADMISSION_SYNTAX(const struct v3_ext_method *method, void *in,
+                                BIO *bp, int ind);
+
+const X509V3_EXT_METHOD v3_ext_admission = {
+    NID_x509ExtAdmission,   /* .ext_nid = */
+    0,                      /* .ext_flags = */
+    ASN1_ITEM_ref(ADMISSION_SYNTAX), /* .it = */
+    NULL, NULL, NULL, NULL,
+    NULL,                   /* .i2s = */
+    NULL,                   /* .s2i = */
+    NULL,                   /* .i2v = */
+    NULL,                   /* .v2i = */
+    &i2r_ADMISSION_SYNTAX,  /* .i2r = */
+    NULL,                   /* .r2i = */
+    NULL                    /* extension-specific data */
+};
+
+
+static int i2r_NAMING_AUTHORITY(const struct v3_ext_method *method, void *in,
+                                BIO *bp, int ind)
+{
+    NAMING_AUTHORITY * namingAuthority = (NAMING_AUTHORITY*) in;
+
+    if (namingAuthority == NULL)
+        return 0;
+
+    if (namingAuthority->namingAuthorityId == NULL
+        && namingAuthority->namingAuthorityText == NULL
+        && namingAuthority->namingAuthorityUrl == NULL)
+        return 0;
+
+    if (BIO_printf(bp, "%*snamingAuthority: ", ind, "") <= 0)
+        goto err;
+
+    if (namingAuthority->namingAuthorityId != NULL) {
+        char objbuf[128];
+        const char *ln = OBJ_nid2ln(OBJ_obj2nid(namingAuthority->namingAuthorityId));
+
+        if (BIO_printf(bp, "%*s  admissionAuthorityId: ", ind, "") <= 0)
+            goto err;
+
+        OBJ_obj2txt(objbuf, sizeof(objbuf), namingAuthority->namingAuthorityId, 1);
+
+        if (BIO_printf(bp, "%s%s%s%s\n", ln ? ln : "",
+                       ln ? " (" : "", objbuf, ln ? ")" : "") <= 0)
+            goto err;
+    }
+    if (namingAuthority->namingAuthorityText != NULL) {
+        if (BIO_printf(bp, "%*s  namingAuthorityText: ", ind, "") <= 0
+            || ASN1_STRING_print(bp, namingAuthority->namingAuthorityText) <= 0
+            || BIO_printf(bp, "\n") <= 0)
+            goto err;
+    }
+    if (namingAuthority->namingAuthorityUrl != NULL ) {
+        if (BIO_printf(bp, "%*s  namingAuthorityUrl: ", ind, "") <= 0
+            || ASN1_STRING_print(bp, namingAuthority->namingAuthorityUrl) <= 0
+            || BIO_printf(bp, "\n") <= 0)
+            goto err;
+    }
+    return 1;
+
+err:
+    return 0;
+}
+
+static int i2r_ADMISSION_SYNTAX(const struct v3_ext_method *method, void *in,
+                                BIO *bp, int ind)
+{
+    ADMISSION_SYNTAX * admission = (ADMISSION_SYNTAX *)in;
+    int i, j, k;
+
+    if (admission->admissionAuthority != NULL) {
+        if (BIO_printf(bp, "%*sadmissionAuthority:\n", ind, "") <= 0
+            || BIO_printf(bp, "%*s  ", ind, "") <= 0
+            || GENERAL_NAME_print(bp, admission->admissionAuthority) <= 0
+            || BIO_printf(bp, "\n") <= 0)
+            goto err;
+    }
+
+    for (i = 0; i < sk_ADMISSIONS_num(admission->contentsOfAdmissions); i++) {
+        ADMISSIONS* entry = sk_ADMISSIONS_value(admission->contentsOfAdmissions, i);
+
+        if (BIO_printf(bp, "%*sEntry %0d:\n", ind, "", 1 + i) <= 0) goto err;
+
+        if (entry->admissionAuthority != NULL) {
+            if (BIO_printf(bp, "%*s  admissionAuthority:\n", ind, "") <= 0
+                || BIO_printf(bp, "%*s    ", ind, "") <= 0
+                || GENERAL_NAME_print(bp, entry->admissionAuthority) <= 0
+                || BIO_printf(bp, "\n") <= 0)
+                goto err;
+        }
+
+        if (entry->namingAuthority != NULL) {
+            if (i2r_NAMING_AUTHORITY(method, entry->namingAuthority, bp, ind) <= 0)
+                goto err;
+        }
+
+        for (j = 0; j < sk_PROFESSION_INFO_num(entry->professionInfos); j++) {
+            PROFESSION_INFO* pinfo = sk_PROFESSION_INFO_value(entry->professionInfos, j);
+
+            if (BIO_printf(bp, "%*s  Profession Info Entry %0d:\n", ind, "", 1 + j) <= 0)
+                goto err;
+
+            if (pinfo->registrationNumber != NULL) {
+                if (BIO_printf(bp, "%*s    registrationNumber: ", ind, "") <= 0
+                    || ASN1_STRING_print(bp, pinfo->registrationNumber) <= 0
+                    || BIO_printf(bp, "\n") <= 0)
+                    goto err;
+            }
+
+            if (pinfo->namingAuthority != NULL) {
+                if (i2r_NAMING_AUTHORITY(method, pinfo->namingAuthority, bp, ind + 2) <= 0)
+                    goto err;
+            }
+
+            if (pinfo->professionItems != NULL) {
+
+                if (BIO_printf(bp, "%*s    Info Entries:\n", ind, "") <= 0)
+                    goto err;
+                for (k = 0; k < sk_ASN1_STRING_num(pinfo->professionItems); k++) {
+                    ASN1_STRING* val = sk_ASN1_STRING_value(pinfo->professionItems, k);
+
+                    if (BIO_printf(bp, "%*s      ", ind, "") <= 0
+                        || ASN1_STRING_print(bp, val) <= 0
+                        || BIO_printf(bp, "\n") <= 0)
+                        goto err;
+                }
+            }
+
+            if (pinfo->professionOIDs != NULL) {
+                if (BIO_printf(bp, "%*s    Profession OIDs:\n", ind, "") <= 0)
+                    goto err;
+                for (k = 0; k < sk_ASN1_OBJECT_num(pinfo->professionOIDs); k++) {
+                    ASN1_OBJECT* obj = sk_ASN1_OBJECT_value(pinfo->professionOIDs, k);
+                    const char *ln = OBJ_nid2ln(OBJ_obj2nid(obj));
+                    char objbuf[128];
+
+                    OBJ_obj2txt(objbuf, sizeof(objbuf), obj, 1);
+                    if (BIO_printf(bp, "%*s      %s%s%s%s\n", ind, "",
+                                   ln ? ln : "", ln ? " (" : "",
+                                   objbuf, ln ? ")" : "") <= 0)
+                        goto err;
+                }
+            }
+        }
+    }
+    return 1;
+
+err:
+    return -1;
+}
+
+const ASN1_OBJECT *NAMING_AUTHORITY_get0_authorityId(const NAMING_AUTHORITY *n)
+{
+    return n->namingAuthorityId;
+}
+
+void NAMING_AUTHORITY_set0_authorityId(NAMING_AUTHORITY *n, ASN1_OBJECT* id)
+{
+    ASN1_OBJECT_free(n->namingAuthorityId);
+    n->namingAuthorityId = id;
+}
+
+const ASN1_IA5STRING *NAMING_AUTHORITY_get0_authorityURL(
+    const NAMING_AUTHORITY *n)
+{
+    return n->namingAuthorityUrl;
+}
+
+void NAMING_AUTHORITY_set0_authorityURL(NAMING_AUTHORITY *n, ASN1_IA5STRING* u)
+{
+    ASN1_IA5STRING_free(n->namingAuthorityUrl);
+    n->namingAuthorityUrl = u;
+}
+
+const ASN1_STRING *NAMING_AUTHORITY_get0_authorityText(
+    const NAMING_AUTHORITY *n)
+{
+    return n->namingAuthorityText;
+}
+
+void NAMING_AUTHORITY_set0_authorityText(NAMING_AUTHORITY *n, ASN1_STRING* t)
+{
+    ASN1_IA5STRING_free(n->namingAuthorityText);
+    n->namingAuthorityText = t;
+}
+
+const GENERAL_NAME *ADMISSION_SYNTAX_get0_admissionAuthority(const ADMISSION_SYNTAX *as)
+{
+    return as->admissionAuthority;
+}
+
+void ADMISSION_SYNTAX_set0_admissionAuthority(ADMISSION_SYNTAX *as,
+                                              GENERAL_NAME *aa)
+{
+    GENERAL_NAME_free(as->admissionAuthority);
+    as->admissionAuthority = aa;
+}
+
+const STACK_OF(ADMISSIONS) *ADMISSION_SYNTAX_get0_contentsOfAdmissions(const ADMISSION_SYNTAX *as)
+{
+    return as->contentsOfAdmissions;
+}
+
+void ADMISSION_SYNTAX_set0_contentsOfAdmissions(ADMISSION_SYNTAX *as,
+                                                STACK_OF(ADMISSIONS) *a)
+{
+    sk_ADMISSIONS_pop_free(as->contentsOfAdmissions, ADMISSIONS_free);
+    as->contentsOfAdmissions = a;
+}
+
+const GENERAL_NAME *ADMISSIONS_get0_admissionAuthority(const ADMISSIONS *a)
+{
+    return a->admissionAuthority;
+}
+
+void ADMISSIONS_set0_admissionAuthority(ADMISSIONS *a, GENERAL_NAME *aa)
+{
+    GENERAL_NAME_free(a->admissionAuthority);
+    a->admissionAuthority = aa;
+}
+
+const NAMING_AUTHORITY *ADMISSIONS_get0_namingAuthority(const ADMISSIONS *a)
+{
+    return a->namingAuthority;
+}
+
+void ADMISSIONS_set0_namingAuthority(ADMISSIONS *a, NAMING_AUTHORITY *na)
+{
+    NAMING_AUTHORITY_free(a->namingAuthority);
+    a->namingAuthority = na;
+}
+
+const PROFESSION_INFOS *ADMISSIONS_get0_professionInfos(const ADMISSIONS *a)
+{
+    return a->professionInfos;
+}
+
+void ADMISSIONS_set0_professionInfos(ADMISSIONS *a, PROFESSION_INFOS *pi)
+{
+    sk_PROFESSION_INFO_pop_free(a->professionInfos, PROFESSION_INFO_free);
+    a->professionInfos = pi;
+}
+
+const ASN1_OCTET_STRING *PROFESSION_INFO_get0_addProfessionInfo(const PROFESSION_INFO *pi)
+{
+    return pi->addProfessionInfo;
+}
+
+void PROFESSION_INFO_set0_addProfessionInfo(PROFESSION_INFO *pi,
+                                            ASN1_OCTET_STRING *aos)
+{
+    ASN1_OCTET_STRING_free(pi->addProfessionInfo);
+    pi->addProfessionInfo = aos;
+}
+
+const NAMING_AUTHORITY *PROFESSION_INFO_get0_namingAuthority(const PROFESSION_INFO *pi)
+{
+    return pi->namingAuthority;
+}
+
+void PROFESSION_INFO_set0_namingAuthority(PROFESSION_INFO *pi,
+                                          NAMING_AUTHORITY *na)
+{
+    NAMING_AUTHORITY_free(pi->namingAuthority);
+    pi->namingAuthority = na;
+}
+
+const STACK_OF(ASN1_STRING) *PROFESSION_INFO_get0_professionItems(const PROFESSION_INFO *pi)
+{
+    return pi->professionItems;
+}
+
+void PROFESSION_INFO_set0_professionItems(PROFESSION_INFO *pi,
+                                          STACK_OF(ASN1_STRING) *as)
+{
+    sk_ASN1_STRING_pop_free(pi->professionItems, ASN1_STRING_free);
+    pi->professionItems = as;
+}
+
+const STACK_OF(ASN1_OBJECT) *PROFESSION_INFO_get0_professionOIDs(const PROFESSION_INFO *pi)
+{
+    return pi->professionOIDs;
+}
+
+void PROFESSION_INFO_set0_professionOIDs(PROFESSION_INFO *pi,
+                                         STACK_OF(ASN1_OBJECT) *po)
+{
+    sk_ASN1_OBJECT_pop_free(pi->professionOIDs, ASN1_OBJECT_free);
+    pi->professionOIDs = po;
+}
+
+const ASN1_PRINTABLESTRING *PROFESSION_INFO_get0_registrationNumber(const PROFESSION_INFO *pi)
+{
+    return pi->registrationNumber;
+}
+
+void PROFESSION_INFO_set0_registrationNumber(PROFESSION_INFO *pi,
+                                             ASN1_PRINTABLESTRING *rn)
+{
+    ASN1_PRINTABLESTRING_free(pi->registrationNumber);
+    pi->registrationNumber = rn;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_admis.h b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_admis.h
new file mode 100644
index 000000000..fa23fc761
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_admis.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_V3_ADMISSION_H
+# define HEADER_V3_ADMISSION_H
+
+struct NamingAuthority_st {
+    ASN1_OBJECT* namingAuthorityId;
+    ASN1_IA5STRING* namingAuthorityUrl;
+    ASN1_STRING* namingAuthorityText;          /* i.e. DIRECTORYSTRING */
+};
+
+struct ProfessionInfo_st {
+    NAMING_AUTHORITY* namingAuthority;
+    STACK_OF(ASN1_STRING)* professionItems;    /* i.e. DIRECTORYSTRING */
+    STACK_OF(ASN1_OBJECT)* professionOIDs;
+    ASN1_PRINTABLESTRING* registrationNumber;
+    ASN1_OCTET_STRING* addProfessionInfo;
+};
+
+struct Admissions_st {
+    GENERAL_NAME* admissionAuthority;
+    NAMING_AUTHORITY* namingAuthority;
+    STACK_OF(PROFESSION_INFO)* professionInfos;
+};
+
+struct AdmissionSyntax_st {
+    GENERAL_NAME* admissionAuthority;
+    STACK_OF(ADMISSIONS)* contentsOfAdmissions;
+};
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_akey.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_akey.c
new file mode 100644
index 000000000..d9f770433
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_akey.c
@@ -0,0 +1,160 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
+                                                 AUTHORITY_KEYID *akeyid,
+                                                 STACK_OF(CONF_VALUE)
+                                                 *extlist);
+static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
+                                            X509V3_CTX *ctx,
+                                            STACK_OF(CONF_VALUE) *values);
+
+const X509V3_EXT_METHOD v3_akey_id = {
+    NID_authority_key_identifier,
+    X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID),
+    0, 0, 0, 0,
+    0, 0,
+    (X509V3_EXT_I2V) i2v_AUTHORITY_KEYID,
+    (X509V3_EXT_V2I)v2i_AUTHORITY_KEYID,
+    0, 0,
+    NULL
+};
+
+static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
+                                                 AUTHORITY_KEYID *akeyid,
+                                                 STACK_OF(CONF_VALUE)
+                                                 *extlist)
+{
+    char *tmp;
+    if (akeyid->keyid) {
+        tmp = OPENSSL_buf2hexstr(akeyid->keyid->data, akeyid->keyid->length);
+        X509V3_add_value("keyid", tmp, &extlist);
+        OPENSSL_free(tmp);
+    }
+    if (akeyid->issuer)
+        extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist);
+    if (akeyid->serial) {
+        tmp = OPENSSL_buf2hexstr(akeyid->serial->data, akeyid->serial->length);
+        X509V3_add_value("serial", tmp, &extlist);
+        OPENSSL_free(tmp);
+    }
+    return extlist;
+}
+
+/*-
+ * Currently two options:
+ * keyid: use the issuers subject keyid, the value 'always' means its is
+ * an error if the issuer certificate doesn't have a key id.
+ * issuer: use the issuers cert issuer and serial number. The default is
+ * to only use this if keyid is not present. With the option 'always'
+ * this is always included.
+ */
+
+static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
+                                            X509V3_CTX *ctx,
+                                            STACK_OF(CONF_VALUE) *values)
+{
+    char keyid = 0, issuer = 0;
+    int i;
+    CONF_VALUE *cnf;
+    ASN1_OCTET_STRING *ikeyid = NULL;
+    X509_NAME *isname = NULL;
+    GENERAL_NAMES *gens = NULL;
+    GENERAL_NAME *gen = NULL;
+    ASN1_INTEGER *serial = NULL;
+    X509_EXTENSION *ext;
+    X509 *cert;
+    AUTHORITY_KEYID *akeyid;
+
+    for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
+        cnf = sk_CONF_VALUE_value(values, i);
+        if (strcmp(cnf->name, "keyid") == 0) {
+            keyid = 1;
+            if (cnf->value && strcmp(cnf->value, "always") == 0)
+                keyid = 2;
+        } else if (strcmp(cnf->name, "issuer") == 0) {
+            issuer = 1;
+            if (cnf->value && strcmp(cnf->value, "always") == 0)
+                issuer = 2;
+        } else {
+            X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, X509V3_R_UNKNOWN_OPTION);
+            ERR_add_error_data(2, "name=", cnf->name);
+            return NULL;
+        }
+    }
+
+    if (!ctx || !ctx->issuer_cert) {
+        if (ctx && (ctx->flags == CTX_TEST))
+            return AUTHORITY_KEYID_new();
+        X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,
+                  X509V3_R_NO_ISSUER_CERTIFICATE);
+        return NULL;
+    }
+
+    cert = ctx->issuer_cert;
+
+    if (keyid) {
+        i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1);
+        if ((i >= 0) && (ext = X509_get_ext(cert, i)))
+            ikeyid = X509V3_EXT_d2i(ext);
+        if (keyid == 2 && !ikeyid) {
+            X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,
+                      X509V3_R_UNABLE_TO_GET_ISSUER_KEYID);
+            return NULL;
+        }
+    }
+
+    if ((issuer && !ikeyid) || (issuer == 2)) {
+        isname = X509_NAME_dup(X509_get_issuer_name(cert));
+        serial = ASN1_INTEGER_dup(X509_get_serialNumber(cert));
+        if (!isname || !serial) {
+            X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,
+                      X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS);
+            goto err;
+        }
+    }
+
+    if ((akeyid = AUTHORITY_KEYID_new()) == NULL)
+        goto err;
+
+    if (isname) {
+        if ((gens = sk_GENERAL_NAME_new_null()) == NULL
+            || (gen = GENERAL_NAME_new()) == NULL
+            || !sk_GENERAL_NAME_push(gens, gen)) {
+            X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        gen->type = GEN_DIRNAME;
+        gen->d.dirn = isname;
+    }
+
+    akeyid->issuer = gens;
+    gen = NULL;
+    gens = NULL;
+    akeyid->serial = serial;
+    akeyid->keyid = ikeyid;
+
+    return akeyid;
+
+ err:
+    sk_GENERAL_NAME_free(gens);
+    GENERAL_NAME_free(gen);
+    X509_NAME_free(isname);
+    ASN1_INTEGER_free(serial);
+    ASN1_OCTET_STRING_free(ikeyid);
+    return NULL;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_akeya.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_akeya.c
new file mode 100644
index 000000000..d6dd6bcb9
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_akeya.c
@@ -0,0 +1,23 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+
+ASN1_SEQUENCE(AUTHORITY_KEYID) = {
+        ASN1_IMP_OPT(AUTHORITY_KEYID, keyid, ASN1_OCTET_STRING, 0),
+        ASN1_IMP_SEQUENCE_OF_OPT(AUTHORITY_KEYID, issuer, GENERAL_NAME, 1),
+        ASN1_IMP_OPT(AUTHORITY_KEYID, serial, ASN1_INTEGER, 2)
+} ASN1_SEQUENCE_END(AUTHORITY_KEYID)
+
+IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_KEYID)
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_alt.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_alt.c
new file mode 100644
index 000000000..832e6d128
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_alt.c
@@ -0,0 +1,592 @@
+/*
+ * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method,
+                                      X509V3_CTX *ctx,
+                                      STACK_OF(CONF_VALUE) *nval);
+static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method,
+                                     X509V3_CTX *ctx,
+                                     STACK_OF(CONF_VALUE) *nval);
+static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p);
+static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens);
+static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx);
+static int do_dirname(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx);
+
+const X509V3_EXT_METHOD v3_alt[3] = {
+    {NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
+     0, 0, 0, 0,
+     0, 0,
+     (X509V3_EXT_I2V) i2v_GENERAL_NAMES,
+     (X509V3_EXT_V2I)v2i_subject_alt,
+     NULL, NULL, NULL},
+
+    {NID_issuer_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
+     0, 0, 0, 0,
+     0, 0,
+     (X509V3_EXT_I2V) i2v_GENERAL_NAMES,
+     (X509V3_EXT_V2I)v2i_issuer_alt,
+     NULL, NULL, NULL},
+
+    {NID_certificate_issuer, 0, ASN1_ITEM_ref(GENERAL_NAMES),
+     0, 0, 0, 0,
+     0, 0,
+     (X509V3_EXT_I2V) i2v_GENERAL_NAMES,
+     NULL, NULL, NULL, NULL},
+};
+
+STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
+                                        GENERAL_NAMES *gens,
+                                        STACK_OF(CONF_VALUE) *ret)
+{
+    int i;
+    GENERAL_NAME *gen;
+    for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
+        gen = sk_GENERAL_NAME_value(gens, i);
+        ret = i2v_GENERAL_NAME(method, gen, ret);
+    }
+    if (!ret)
+        return sk_CONF_VALUE_new_null();
+    return ret;
+}
+
+STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
+                                       GENERAL_NAME *gen,
+                                       STACK_OF(CONF_VALUE) *ret)
+{
+    unsigned char *p;
+    char oline[256], htmp[5];
+    int i;
+
+    switch (gen->type) {
+    case GEN_OTHERNAME:
+        if (!X509V3_add_value("othername", "<unsupported>", &ret))
+            return NULL;
+        break;
+
+    case GEN_X400:
+        if (!X509V3_add_value("X400Name", "<unsupported>", &ret))
+            return NULL;
+        break;
+
+    case GEN_EDIPARTY:
+        if (!X509V3_add_value("EdiPartyName", "<unsupported>", &ret))
+            return NULL;
+        break;
+
+    case GEN_EMAIL:
+        if (!X509V3_add_value_uchar("email", gen->d.ia5->data, &ret))
+            return NULL;
+        break;
+
+    case GEN_DNS:
+        if (!X509V3_add_value_uchar("DNS", gen->d.ia5->data, &ret))
+            return NULL;
+        break;
+
+    case GEN_URI:
+        if (!X509V3_add_value_uchar("URI", gen->d.ia5->data, &ret))
+            return NULL;
+        break;
+
+    case GEN_DIRNAME:
+        if (X509_NAME_oneline(gen->d.dirn, oline, sizeof(oline)) == NULL
+                || !X509V3_add_value("DirName", oline, &ret))
+            return NULL;
+        break;
+
+    case GEN_IPADD:
+        p = gen->d.ip->data;
+        if (gen->d.ip->length == 4)
+            BIO_snprintf(oline, sizeof(oline), "%d.%d.%d.%d",
+                         p[0], p[1], p[2], p[3]);
+        else if (gen->d.ip->length == 16) {
+            oline[0] = 0;
+            for (i = 0; i < 8; i++) {
+                BIO_snprintf(htmp, sizeof(htmp), "%X", p[0] << 8 | p[1]);
+                p += 2;
+                strcat(oline, htmp);
+                if (i != 7)
+                    strcat(oline, ":");
+            }
+        } else {
+            if (!X509V3_add_value("IP Address", "<invalid>", &ret))
+                return NULL;
+            break;
+        }
+        if (!X509V3_add_value("IP Address", oline, &ret))
+            return NULL;
+        break;
+
+    case GEN_RID:
+        i2t_ASN1_OBJECT(oline, 256, gen->d.rid);
+        if (!X509V3_add_value("Registered ID", oline, &ret))
+            return NULL;
+        break;
+    }
+    return ret;
+}
+
+int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen)
+{
+    unsigned char *p;
+    int i;
+    switch (gen->type) {
+    case GEN_OTHERNAME:
+        BIO_printf(out, "othername:<unsupported>");
+        break;
+
+    case GEN_X400:
+        BIO_printf(out, "X400Name:<unsupported>");
+        break;
+
+    case GEN_EDIPARTY:
+        /* Maybe fix this: it is supported now */
+        BIO_printf(out, "EdiPartyName:<unsupported>");
+        break;
+
+    case GEN_EMAIL:
+        BIO_printf(out, "email:%s", gen->d.ia5->data);
+        break;
+
+    case GEN_DNS:
+        BIO_printf(out, "DNS:%s", gen->d.ia5->data);
+        break;
+
+    case GEN_URI:
+        BIO_printf(out, "URI:%s", gen->d.ia5->data);
+        break;
+
+    case GEN_DIRNAME:
+        BIO_printf(out, "DirName:");
+        X509_NAME_print_ex(out, gen->d.dirn, 0, XN_FLAG_ONELINE);
+        break;
+
+    case GEN_IPADD:
+        p = gen->d.ip->data;
+        if (gen->d.ip->length == 4)
+            BIO_printf(out, "IP Address:%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
+        else if (gen->d.ip->length == 16) {
+            BIO_printf(out, "IP Address");
+            for (i = 0; i < 8; i++) {
+                BIO_printf(out, ":%X", p[0] << 8 | p[1]);
+                p += 2;
+            }
+            BIO_puts(out, "\n");
+        } else {
+            BIO_printf(out, "IP Address:<invalid>");
+            break;
+        }
+        break;
+
+    case GEN_RID:
+        BIO_printf(out, "Registered ID:");
+        i2a_ASN1_OBJECT(out, gen->d.rid);
+        break;
+    }
+    return 1;
+}
+
+static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method,
+                                     X509V3_CTX *ctx,
+                                     STACK_OF(CONF_VALUE) *nval)
+{
+    const int num = sk_CONF_VALUE_num(nval);
+    GENERAL_NAMES *gens = sk_GENERAL_NAME_new_reserve(NULL, num);
+    int i;
+
+    if (gens == NULL) {
+        X509V3err(X509V3_F_V2I_ISSUER_ALT, ERR_R_MALLOC_FAILURE);
+        sk_GENERAL_NAME_free(gens);
+        return NULL;
+    }
+    for (i = 0; i < num; i++) {
+        CONF_VALUE *cnf = sk_CONF_VALUE_value(nval, i);
+
+        if (!name_cmp(cnf->name, "issuer")
+            && cnf->value && strcmp(cnf->value, "copy") == 0) {
+            if (!copy_issuer(ctx, gens))
+                goto err;
+        } else {
+            GENERAL_NAME *gen = v2i_GENERAL_NAME(method, ctx, cnf);
+
+            if (gen == NULL)
+                goto err;
+            sk_GENERAL_NAME_push(gens, gen); /* no failure as it was reserved */
+        }
+    }
+    return gens;
+ err:
+    sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
+    return NULL;
+}
+
+/* Append subject altname of issuer to issuer alt name of subject */
+
+static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens)
+{
+    GENERAL_NAMES *ialt;
+    GENERAL_NAME *gen;
+    X509_EXTENSION *ext;
+    int i, num;
+
+    if (ctx && (ctx->flags == CTX_TEST))
+        return 1;
+    if (!ctx || !ctx->issuer_cert) {
+        X509V3err(X509V3_F_COPY_ISSUER, X509V3_R_NO_ISSUER_DETAILS);
+        goto err;
+    }
+    i = X509_get_ext_by_NID(ctx->issuer_cert, NID_subject_alt_name, -1);
+    if (i < 0)
+        return 1;
+    if ((ext = X509_get_ext(ctx->issuer_cert, i)) == NULL
+        || (ialt = X509V3_EXT_d2i(ext)) == NULL) {
+        X509V3err(X509V3_F_COPY_ISSUER, X509V3_R_ISSUER_DECODE_ERROR);
+        goto err;
+    }
+
+    num = sk_GENERAL_NAME_num(ialt);
+    if (!sk_GENERAL_NAME_reserve(gens, num)) {
+        X509V3err(X509V3_F_COPY_ISSUER, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    for (i = 0; i < num; i++) {
+        gen = sk_GENERAL_NAME_value(ialt, i);
+        sk_GENERAL_NAME_push(gens, gen);     /* no failure as it was reserved */
+    }
+    sk_GENERAL_NAME_free(ialt);
+
+    return 1;
+
+ err:
+    return 0;
+
+}
+
+static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method,
+                                      X509V3_CTX *ctx,
+                                      STACK_OF(CONF_VALUE) *nval)
+{
+    GENERAL_NAMES *gens;
+    CONF_VALUE *cnf;
+    const int num = sk_CONF_VALUE_num(nval);
+    int i;
+
+    gens = sk_GENERAL_NAME_new_reserve(NULL, num);
+    if (gens == NULL) {
+        X509V3err(X509V3_F_V2I_SUBJECT_ALT, ERR_R_MALLOC_FAILURE);
+        sk_GENERAL_NAME_free(gens);
+        return NULL;
+    }
+
+    for (i = 0; i < num; i++) {
+        cnf = sk_CONF_VALUE_value(nval, i);
+        if (!name_cmp(cnf->name, "email")
+            && cnf->value && strcmp(cnf->value, "copy") == 0) {
+            if (!copy_email(ctx, gens, 0))
+                goto err;
+        } else if (!name_cmp(cnf->name, "email")
+                   && cnf->value && strcmp(cnf->value, "move") == 0) {
+            if (!copy_email(ctx, gens, 1))
+                goto err;
+        } else {
+            GENERAL_NAME *gen;
+            if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL)
+                goto err;
+            sk_GENERAL_NAME_push(gens, gen); /* no failure as it was reserved */
+        }
+    }
+    return gens;
+ err:
+    sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
+    return NULL;
+}
+
+/*
+ * Copy any email addresses in a certificate or request to GENERAL_NAMES
+ */
+
+static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
+{
+    X509_NAME *nm;
+    ASN1_IA5STRING *email = NULL;
+    X509_NAME_ENTRY *ne;
+    GENERAL_NAME *gen = NULL;
+    int i = -1;
+
+    if (ctx != NULL && ctx->flags == CTX_TEST)
+        return 1;
+    if (ctx == NULL
+        || (ctx->subject_cert == NULL && ctx->subject_req == NULL)) {
+        X509V3err(X509V3_F_COPY_EMAIL, X509V3_R_NO_SUBJECT_DETAILS);
+        goto err;
+    }
+    /* Find the subject name */
+    if (ctx->subject_cert)
+        nm = X509_get_subject_name(ctx->subject_cert);
+    else
+        nm = X509_REQ_get_subject_name(ctx->subject_req);
+
+    /* Now add any email address(es) to STACK */
+    while ((i = X509_NAME_get_index_by_NID(nm,
+                                           NID_pkcs9_emailAddress, i)) >= 0) {
+        ne = X509_NAME_get_entry(nm, i);
+        email = ASN1_STRING_dup(X509_NAME_ENTRY_get_data(ne));
+        if (move_p) {
+            X509_NAME_delete_entry(nm, i);
+            X509_NAME_ENTRY_free(ne);
+            i--;
+        }
+        if (email == NULL || (gen = GENERAL_NAME_new()) == NULL) {
+            X509V3err(X509V3_F_COPY_EMAIL, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        gen->d.ia5 = email;
+        email = NULL;
+        gen->type = GEN_EMAIL;
+        if (!sk_GENERAL_NAME_push(gens, gen)) {
+            X509V3err(X509V3_F_COPY_EMAIL, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        gen = NULL;
+    }
+
+    return 1;
+
+ err:
+    GENERAL_NAME_free(gen);
+    ASN1_IA5STRING_free(email);
+    return 0;
+
+}
+
+GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method,
+                                 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+{
+    GENERAL_NAME *gen;
+    GENERAL_NAMES *gens;
+    CONF_VALUE *cnf;
+    const int num = sk_CONF_VALUE_num(nval);
+    int i;
+
+    gens = sk_GENERAL_NAME_new_reserve(NULL, num);
+    if (gens == NULL) {
+        X509V3err(X509V3_F_V2I_GENERAL_NAMES, ERR_R_MALLOC_FAILURE);
+        sk_GENERAL_NAME_free(gens);
+        return NULL;
+    }
+
+    for (i = 0; i < num; i++) {
+        cnf = sk_CONF_VALUE_value(nval, i);
+        if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL)
+            goto err;
+        sk_GENERAL_NAME_push(gens, gen);    /* no failure as it was reserved */
+    }
+    return gens;
+ err:
+    sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
+    return NULL;
+}
+
+GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method,
+                               X509V3_CTX *ctx, CONF_VALUE *cnf)
+{
+    return v2i_GENERAL_NAME_ex(NULL, method, ctx, cnf, 0);
+}
+
+GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
+                               const X509V3_EXT_METHOD *method,
+                               X509V3_CTX *ctx, int gen_type, const char *value,
+                               int is_nc)
+{
+    char is_string = 0;
+    GENERAL_NAME *gen = NULL;
+
+    if (!value) {
+        X509V3err(X509V3_F_A2I_GENERAL_NAME, X509V3_R_MISSING_VALUE);
+        return NULL;
+    }
+
+    if (out)
+        gen = out;
+    else {
+        gen = GENERAL_NAME_new();
+        if (gen == NULL) {
+            X509V3err(X509V3_F_A2I_GENERAL_NAME, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+    }
+
+    switch (gen_type) {
+    case GEN_URI:
+    case GEN_EMAIL:
+    case GEN_DNS:
+        is_string = 1;
+        break;
+
+    case GEN_RID:
+        {
+            ASN1_OBJECT *obj;
+            if ((obj = OBJ_txt2obj(value, 0)) == NULL) {
+                X509V3err(X509V3_F_A2I_GENERAL_NAME, X509V3_R_BAD_OBJECT);
+                ERR_add_error_data(2, "value=", value);
+                goto err;
+            }
+            gen->d.rid = obj;
+        }
+        break;
+
+    case GEN_IPADD:
+        if (is_nc)
+            gen->d.ip = a2i_IPADDRESS_NC(value);
+        else
+            gen->d.ip = a2i_IPADDRESS(value);
+        if (gen->d.ip == NULL) {
+            X509V3err(X509V3_F_A2I_GENERAL_NAME, X509V3_R_BAD_IP_ADDRESS);
+            ERR_add_error_data(2, "value=", value);
+            goto err;
+        }
+        break;
+
+    case GEN_DIRNAME:
+        if (!do_dirname(gen, value, ctx)) {
+            X509V3err(X509V3_F_A2I_GENERAL_NAME, X509V3_R_DIRNAME_ERROR);
+            goto err;
+        }
+        break;
+
+    case GEN_OTHERNAME:
+        if (!do_othername(gen, value, ctx)) {
+            X509V3err(X509V3_F_A2I_GENERAL_NAME, X509V3_R_OTHERNAME_ERROR);
+            goto err;
+        }
+        break;
+    default:
+        X509V3err(X509V3_F_A2I_GENERAL_NAME, X509V3_R_UNSUPPORTED_TYPE);
+        goto err;
+    }
+
+    if (is_string) {
+        if ((gen->d.ia5 = ASN1_IA5STRING_new()) == NULL ||
+            !ASN1_STRING_set(gen->d.ia5, (unsigned char *)value,
+                             strlen(value))) {
+            X509V3err(X509V3_F_A2I_GENERAL_NAME, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+
+    gen->type = gen_type;
+
+    return gen;
+
+ err:
+    if (!out)
+        GENERAL_NAME_free(gen);
+    return NULL;
+}
+
+GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
+                                  const X509V3_EXT_METHOD *method,
+                                  X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc)
+{
+    int type;
+
+    char *name, *value;
+
+    name = cnf->name;
+    value = cnf->value;
+
+    if (!value) {
+        X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, X509V3_R_MISSING_VALUE);
+        return NULL;
+    }
+
+    if (!name_cmp(name, "email"))
+        type = GEN_EMAIL;
+    else if (!name_cmp(name, "URI"))
+        type = GEN_URI;
+    else if (!name_cmp(name, "DNS"))
+        type = GEN_DNS;
+    else if (!name_cmp(name, "RID"))
+        type = GEN_RID;
+    else if (!name_cmp(name, "IP"))
+        type = GEN_IPADD;
+    else if (!name_cmp(name, "dirName"))
+        type = GEN_DIRNAME;
+    else if (!name_cmp(name, "otherName"))
+        type = GEN_OTHERNAME;
+    else {
+        X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, X509V3_R_UNSUPPORTED_OPTION);
+        ERR_add_error_data(2, "name=", name);
+        return NULL;
+    }
+
+    return a2i_GENERAL_NAME(out, method, ctx, type, value, is_nc);
+
+}
+
+static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx)
+{
+    char *objtmp = NULL, *p;
+    int objlen;
+
+    if ((p = strchr(value, ';')) == NULL)
+        return 0;
+    if ((gen->d.otherName = OTHERNAME_new()) == NULL)
+        return 0;
+    /*
+     * Free this up because we will overwrite it. no need to free type_id
+     * because it is static
+     */
+    ASN1_TYPE_free(gen->d.otherName->value);
+    if ((gen->d.otherName->value = ASN1_generate_v3(p + 1, ctx)) == NULL)
+        return 0;
+    objlen = p - value;
+    objtmp = OPENSSL_strndup(value, objlen);
+    if (objtmp == NULL)
+        return 0;
+    gen->d.otherName->type_id = OBJ_txt2obj(objtmp, 0);
+    OPENSSL_free(objtmp);
+    if (!gen->d.otherName->type_id)
+        return 0;
+    return 1;
+}
+
+static int do_dirname(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx)
+{
+    int ret = 0;
+    STACK_OF(CONF_VALUE) *sk = NULL;
+    X509_NAME *nm;
+
+    if ((nm = X509_NAME_new()) == NULL)
+        goto err;
+    sk = X509V3_get_section(ctx, value);
+    if (!sk) {
+        X509V3err(X509V3_F_DO_DIRNAME, X509V3_R_SECTION_NOT_FOUND);
+        ERR_add_error_data(2, "section=", value);
+        goto err;
+    }
+    /* FIXME: should allow other character types... */
+    ret = X509V3_NAME_from_section(nm, sk, MBSTRING_ASC);
+    if (!ret)
+        goto err;
+    gen->d.dirn = nm;
+
+err:
+    if (ret == 0)
+        X509_NAME_free(nm);
+    X509V3_section_free(ctx, sk);
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_asid.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_asid.c
new file mode 100644
index 000000000..089f2ae29
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_asid.c
@@ -0,0 +1,880 @@
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Implementation of RFC 3779 section 3.2.
+ */
+
+#include <assert.h>
+#include <stdio.h>
+#include <string.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+#include <openssl/x509.h>
+#include "internal/x509_int.h"
+#include <openssl/bn.h>
+#include "ext_dat.h"
+
+#ifndef OPENSSL_NO_RFC3779
+
+/*
+ * OpenSSL ASN.1 template translation of RFC 3779 3.2.3.
+ */
+
+ASN1_SEQUENCE(ASRange) = {
+  ASN1_SIMPLE(ASRange, min, ASN1_INTEGER),
+  ASN1_SIMPLE(ASRange, max, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(ASRange)
+
+ASN1_CHOICE(ASIdOrRange) = {
+  ASN1_SIMPLE(ASIdOrRange, u.id,    ASN1_INTEGER),
+  ASN1_SIMPLE(ASIdOrRange, u.range, ASRange)
+} ASN1_CHOICE_END(ASIdOrRange)
+
+ASN1_CHOICE(ASIdentifierChoice) = {
+  ASN1_SIMPLE(ASIdentifierChoice,      u.inherit,       ASN1_NULL),
+  ASN1_SEQUENCE_OF(ASIdentifierChoice, u.asIdsOrRanges, ASIdOrRange)
+} ASN1_CHOICE_END(ASIdentifierChoice)
+
+ASN1_SEQUENCE(ASIdentifiers) = {
+  ASN1_EXP_OPT(ASIdentifiers, asnum, ASIdentifierChoice, 0),
+  ASN1_EXP_OPT(ASIdentifiers, rdi,   ASIdentifierChoice, 1)
+} ASN1_SEQUENCE_END(ASIdentifiers)
+
+IMPLEMENT_ASN1_FUNCTIONS(ASRange)
+IMPLEMENT_ASN1_FUNCTIONS(ASIdOrRange)
+IMPLEMENT_ASN1_FUNCTIONS(ASIdentifierChoice)
+IMPLEMENT_ASN1_FUNCTIONS(ASIdentifiers)
+
+/*
+ * i2r method for an ASIdentifierChoice.
+ */
+static int i2r_ASIdentifierChoice(BIO *out,
+                                  ASIdentifierChoice *choice,
+                                  int indent, const char *msg)
+{
+    int i;
+    char *s;
+    if (choice == NULL)
+        return 1;
+    BIO_printf(out, "%*s%s:\n", indent, "", msg);
+    switch (choice->type) {
+    case ASIdentifierChoice_inherit:
+        BIO_printf(out, "%*sinherit\n", indent + 2, "");
+        break;
+    case ASIdentifierChoice_asIdsOrRanges:
+        for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges); i++) {
+            ASIdOrRange *aor =
+                sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
+            switch (aor->type) {
+            case ASIdOrRange_id:
+                if ((s = i2s_ASN1_INTEGER(NULL, aor->u.id)) == NULL)
+                    return 0;
+                BIO_printf(out, "%*s%s\n", indent + 2, "", s);
+                OPENSSL_free(s);
+                break;
+            case ASIdOrRange_range:
+                if ((s = i2s_ASN1_INTEGER(NULL, aor->u.range->min)) == NULL)
+                    return 0;
+                BIO_printf(out, "%*s%s-", indent + 2, "", s);
+                OPENSSL_free(s);
+                if ((s = i2s_ASN1_INTEGER(NULL, aor->u.range->max)) == NULL)
+                    return 0;
+                BIO_printf(out, "%s\n", s);
+                OPENSSL_free(s);
+                break;
+            default:
+                return 0;
+            }
+        }
+        break;
+    default:
+        return 0;
+    }
+    return 1;
+}
+
+/*
+ * i2r method for an ASIdentifier extension.
+ */
+static int i2r_ASIdentifiers(const X509V3_EXT_METHOD *method,
+                             void *ext, BIO *out, int indent)
+{
+    ASIdentifiers *asid = ext;
+    return (i2r_ASIdentifierChoice(out, asid->asnum, indent,
+                                   "Autonomous System Numbers") &&
+            i2r_ASIdentifierChoice(out, asid->rdi, indent,
+                                   "Routing Domain Identifiers"));
+}
+
+/*
+ * Sort comparison function for a sequence of ASIdOrRange elements.
+ */
+static int ASIdOrRange_cmp(const ASIdOrRange *const *a_,
+                           const ASIdOrRange *const *b_)
+{
+    const ASIdOrRange *a = *a_, *b = *b_;
+
+    assert((a->type == ASIdOrRange_id && a->u.id != NULL) ||
+           (a->type == ASIdOrRange_range && a->u.range != NULL &&
+            a->u.range->min != NULL && a->u.range->max != NULL));
+
+    assert((b->type == ASIdOrRange_id && b->u.id != NULL) ||
+           (b->type == ASIdOrRange_range && b->u.range != NULL &&
+            b->u.range->min != NULL && b->u.range->max != NULL));
+
+    if (a->type == ASIdOrRange_id && b->type == ASIdOrRange_id)
+        return ASN1_INTEGER_cmp(a->u.id, b->u.id);
+
+    if (a->type == ASIdOrRange_range && b->type == ASIdOrRange_range) {
+        int r = ASN1_INTEGER_cmp(a->u.range->min, b->u.range->min);
+        return r != 0 ? r : ASN1_INTEGER_cmp(a->u.range->max,
+                                             b->u.range->max);
+    }
+
+    if (a->type == ASIdOrRange_id)
+        return ASN1_INTEGER_cmp(a->u.id, b->u.range->min);
+    else
+        return ASN1_INTEGER_cmp(a->u.range->min, b->u.id);
+}
+
+/*
+ * Add an inherit element.
+ */
+int X509v3_asid_add_inherit(ASIdentifiers *asid, int which)
+{
+    ASIdentifierChoice **choice;
+    if (asid == NULL)
+        return 0;
+    switch (which) {
+    case V3_ASID_ASNUM:
+        choice = &asid->asnum;
+        break;
+    case V3_ASID_RDI:
+        choice = &asid->rdi;
+        break;
+    default:
+        return 0;
+    }
+    if (*choice == NULL) {
+        if ((*choice = ASIdentifierChoice_new()) == NULL)
+            return 0;
+        if (((*choice)->u.inherit = ASN1_NULL_new()) == NULL)
+            return 0;
+        (*choice)->type = ASIdentifierChoice_inherit;
+    }
+    return (*choice)->type == ASIdentifierChoice_inherit;
+}
+
+/*
+ * Add an ID or range to an ASIdentifierChoice.
+ */
+int X509v3_asid_add_id_or_range(ASIdentifiers *asid,
+                                int which, ASN1_INTEGER *min, ASN1_INTEGER *max)
+{
+    ASIdentifierChoice **choice;
+    ASIdOrRange *aor;
+    if (asid == NULL)
+        return 0;
+    switch (which) {
+    case V3_ASID_ASNUM:
+        choice = &asid->asnum;
+        break;
+    case V3_ASID_RDI:
+        choice = &asid->rdi;
+        break;
+    default:
+        return 0;
+    }
+    if (*choice != NULL && (*choice)->type == ASIdentifierChoice_inherit)
+        return 0;
+    if (*choice == NULL) {
+        if ((*choice = ASIdentifierChoice_new()) == NULL)
+            return 0;
+        (*choice)->u.asIdsOrRanges = sk_ASIdOrRange_new(ASIdOrRange_cmp);
+        if ((*choice)->u.asIdsOrRanges == NULL)
+            return 0;
+        (*choice)->type = ASIdentifierChoice_asIdsOrRanges;
+    }
+    if ((aor = ASIdOrRange_new()) == NULL)
+        return 0;
+    if (max == NULL) {
+        aor->type = ASIdOrRange_id;
+        aor->u.id = min;
+    } else {
+        aor->type = ASIdOrRange_range;
+        if ((aor->u.range = ASRange_new()) == NULL)
+            goto err;
+        ASN1_INTEGER_free(aor->u.range->min);
+        aor->u.range->min = min;
+        ASN1_INTEGER_free(aor->u.range->max);
+        aor->u.range->max = max;
+    }
+    if (!(sk_ASIdOrRange_push((*choice)->u.asIdsOrRanges, aor)))
+        goto err;
+    return 1;
+
+ err:
+    ASIdOrRange_free(aor);
+    return 0;
+}
+
+/*
+ * Extract min and max values from an ASIdOrRange.
+ */
+static int extract_min_max(ASIdOrRange *aor,
+                           ASN1_INTEGER **min, ASN1_INTEGER **max)
+{
+    if (!ossl_assert(aor != NULL))
+        return 0;
+    switch (aor->type) {
+    case ASIdOrRange_id:
+        *min = aor->u.id;
+        *max = aor->u.id;
+        return 1;
+    case ASIdOrRange_range:
+        *min = aor->u.range->min;
+        *max = aor->u.range->max;
+        return 1;
+    }
+
+    return 0;
+}
+
+/*
+ * Check whether an ASIdentifierChoice is in canonical form.
+ */
+static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
+{
+    ASN1_INTEGER *a_max_plus_one = NULL;
+    BIGNUM *bn = NULL;
+    int i, ret = 0;
+
+    /*
+     * Empty element or inheritance is canonical.
+     */
+    if (choice == NULL || choice->type == ASIdentifierChoice_inherit)
+        return 1;
+
+    /*
+     * If not a list, or if empty list, it's broken.
+     */
+    if (choice->type != ASIdentifierChoice_asIdsOrRanges ||
+        sk_ASIdOrRange_num(choice->u.asIdsOrRanges) == 0)
+        return 0;
+
+    /*
+     * It's a list, check it.
+     */
+    for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) {
+        ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
+        ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1);
+        ASN1_INTEGER *a_min = NULL, *a_max = NULL, *b_min = NULL, *b_max =
+            NULL;
+
+        if (!extract_min_max(a, &a_min, &a_max)
+                || !extract_min_max(b, &b_min, &b_max))
+            goto done;
+
+        /*
+         * Punt misordered list, overlapping start, or inverted range.
+         */
+        if (ASN1_INTEGER_cmp(a_min, b_min) >= 0 ||
+            ASN1_INTEGER_cmp(a_min, a_max) > 0 ||
+            ASN1_INTEGER_cmp(b_min, b_max) > 0)
+            goto done;
+
+        /*
+         * Calculate a_max + 1 to check for adjacency.
+         */
+        if ((bn == NULL && (bn = BN_new()) == NULL) ||
+            ASN1_INTEGER_to_BN(a_max, bn) == NULL ||
+            !BN_add_word(bn, 1) ||
+            (a_max_plus_one =
+             BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) {
+            X509V3err(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL,
+                      ERR_R_MALLOC_FAILURE);
+            goto done;
+        }
+
+        /*
+         * Punt if adjacent or overlapping.
+         */
+        if (ASN1_INTEGER_cmp(a_max_plus_one, b_min) >= 0)
+            goto done;
+    }
+
+    /*
+     * Check for inverted range.
+     */
+    i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1;
+    {
+        ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
+        ASN1_INTEGER *a_min, *a_max;
+        if (a != NULL && a->type == ASIdOrRange_range) {
+            if (!extract_min_max(a, &a_min, &a_max)
+                    || ASN1_INTEGER_cmp(a_min, a_max) > 0)
+                goto done;
+        }
+    }
+
+    ret = 1;
+
+ done:
+    ASN1_INTEGER_free(a_max_plus_one);
+    BN_free(bn);
+    return ret;
+}
+
+/*
+ * Check whether an ASIdentifier extension is in canonical form.
+ */
+int X509v3_asid_is_canonical(ASIdentifiers *asid)
+{
+    return (asid == NULL ||
+            (ASIdentifierChoice_is_canonical(asid->asnum) &&
+             ASIdentifierChoice_is_canonical(asid->rdi)));
+}
+
+/*
+ * Whack an ASIdentifierChoice into canonical form.
+ */
+static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
+{
+    ASN1_INTEGER *a_max_plus_one = NULL;
+    BIGNUM *bn = NULL;
+    int i, ret = 0;
+
+    /*
+     * Nothing to do for empty element or inheritance.
+     */
+    if (choice == NULL || choice->type == ASIdentifierChoice_inherit)
+        return 1;
+
+    /*
+     * If not a list, or if empty list, it's broken.
+     */
+    if (choice->type != ASIdentifierChoice_asIdsOrRanges ||
+        sk_ASIdOrRange_num(choice->u.asIdsOrRanges) == 0) {
+        X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
+                  X509V3_R_EXTENSION_VALUE_ERROR);
+        return 0;
+    }
+
+    /*
+     * We have a non-empty list.  Sort it.
+     */
+    sk_ASIdOrRange_sort(choice->u.asIdsOrRanges);
+
+    /*
+     * Now check for errors and suboptimal encoding, rejecting the
+     * former and fixing the latter.
+     */
+    for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) {
+        ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
+        ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1);
+        ASN1_INTEGER *a_min = NULL, *a_max = NULL, *b_min = NULL, *b_max =
+            NULL;
+
+        if (!extract_min_max(a, &a_min, &a_max)
+                || !extract_min_max(b, &b_min, &b_max))
+            goto done;
+
+        /*
+         * Make sure we're properly sorted (paranoia).
+         */
+        if (!ossl_assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0))
+            goto done;
+
+        /*
+         * Punt inverted ranges.
+         */
+        if (ASN1_INTEGER_cmp(a_min, a_max) > 0 ||
+            ASN1_INTEGER_cmp(b_min, b_max) > 0)
+            goto done;
+
+        /*
+         * Check for overlaps.
+         */
+        if (ASN1_INTEGER_cmp(a_max, b_min) >= 0) {
+            X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
+                      X509V3_R_EXTENSION_VALUE_ERROR);
+            goto done;
+        }
+
+        /*
+         * Calculate a_max + 1 to check for adjacency.
+         */
+        if ((bn == NULL && (bn = BN_new()) == NULL) ||
+            ASN1_INTEGER_to_BN(a_max, bn) == NULL ||
+            !BN_add_word(bn, 1) ||
+            (a_max_plus_one =
+             BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) {
+            X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
+                      ERR_R_MALLOC_FAILURE);
+            goto done;
+        }
+
+        /*
+         * If a and b are adjacent, merge them.
+         */
+        if (ASN1_INTEGER_cmp(a_max_plus_one, b_min) == 0) {
+            ASRange *r;
+            switch (a->type) {
+            case ASIdOrRange_id:
+                if ((r = OPENSSL_malloc(sizeof(*r))) == NULL) {
+                    X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
+                              ERR_R_MALLOC_FAILURE);
+                    goto done;
+                }
+                r->min = a_min;
+                r->max = b_max;
+                a->type = ASIdOrRange_range;
+                a->u.range = r;
+                break;
+            case ASIdOrRange_range:
+                ASN1_INTEGER_free(a->u.range->max);
+                a->u.range->max = b_max;
+                break;
+            }
+            switch (b->type) {
+            case ASIdOrRange_id:
+                b->u.id = NULL;
+                break;
+            case ASIdOrRange_range:
+                b->u.range->max = NULL;
+                break;
+            }
+            ASIdOrRange_free(b);
+            (void)sk_ASIdOrRange_delete(choice->u.asIdsOrRanges, i + 1);
+            i--;
+            continue;
+        }
+    }
+
+    /*
+     * Check for final inverted range.
+     */
+    i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1;
+    {
+        ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
+        ASN1_INTEGER *a_min, *a_max;
+        if (a != NULL && a->type == ASIdOrRange_range) {
+            if (!extract_min_max(a, &a_min, &a_max)
+                    || ASN1_INTEGER_cmp(a_min, a_max) > 0)
+                goto done;
+        }
+    }
+
+    /* Paranoia */
+    if (!ossl_assert(ASIdentifierChoice_is_canonical(choice)))
+        goto done;
+
+    ret = 1;
+
+ done:
+    ASN1_INTEGER_free(a_max_plus_one);
+    BN_free(bn);
+    return ret;
+}
+
+/*
+ * Whack an ASIdentifier extension into canonical form.
+ */
+int X509v3_asid_canonize(ASIdentifiers *asid)
+{
+    return (asid == NULL ||
+            (ASIdentifierChoice_canonize(asid->asnum) &&
+             ASIdentifierChoice_canonize(asid->rdi)));
+}
+
+/*
+ * v2i method for an ASIdentifier extension.
+ */
+static void *v2i_ASIdentifiers(const struct v3_ext_method *method,
+                               struct v3_ext_ctx *ctx,
+                               STACK_OF(CONF_VALUE) *values)
+{
+    ASN1_INTEGER *min = NULL, *max = NULL;
+    ASIdentifiers *asid = NULL;
+    int i;
+
+    if ((asid = ASIdentifiers_new()) == NULL) {
+        X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
+        CONF_VALUE *val = sk_CONF_VALUE_value(values, i);
+        int i1 = 0, i2 = 0, i3 = 0, is_range = 0, which = 0;
+
+        /*
+         * Figure out whether this is an AS or an RDI.
+         */
+        if (!name_cmp(val->name, "AS")) {
+            which = V3_ASID_ASNUM;
+        } else if (!name_cmp(val->name, "RDI")) {
+            which = V3_ASID_RDI;
+        } else {
+            X509V3err(X509V3_F_V2I_ASIDENTIFIERS,
+                      X509V3_R_EXTENSION_NAME_ERROR);
+            X509V3_conf_err(val);
+            goto err;
+        }
+
+        /*
+         * Handle inheritance.
+         */
+        if (strcmp(val->value, "inherit") == 0) {
+            if (X509v3_asid_add_inherit(asid, which))
+                continue;
+            X509V3err(X509V3_F_V2I_ASIDENTIFIERS,
+                      X509V3_R_INVALID_INHERITANCE);
+            X509V3_conf_err(val);
+            goto err;
+        }
+
+        /*
+         * Number, range, or mistake, pick it apart and figure out which.
+         */
+        i1 = strspn(val->value, "0123456789");
+        if (val->value[i1] == '\0') {
+            is_range = 0;
+        } else {
+            is_range = 1;
+            i2 = i1 + strspn(val->value + i1, " \t");
+            if (val->value[i2] != '-') {
+                X509V3err(X509V3_F_V2I_ASIDENTIFIERS,
+                          X509V3_R_INVALID_ASNUMBER);
+                X509V3_conf_err(val);
+                goto err;
+            }
+            i2++;
+            i2 = i2 + strspn(val->value + i2, " \t");
+            i3 = i2 + strspn(val->value + i2, "0123456789");
+            if (val->value[i3] != '\0') {
+                X509V3err(X509V3_F_V2I_ASIDENTIFIERS,
+                          X509V3_R_INVALID_ASRANGE);
+                X509V3_conf_err(val);
+                goto err;
+            }
+        }
+
+        /*
+         * Syntax is ok, read and add it.
+         */
+        if (!is_range) {
+            if (!X509V3_get_value_int(val, &min)) {
+                X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+        } else {
+            char *s = OPENSSL_strdup(val->value);
+            if (s == NULL) {
+                X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            s[i1] = '\0';
+            min = s2i_ASN1_INTEGER(NULL, s);
+            max = s2i_ASN1_INTEGER(NULL, s + i2);
+            OPENSSL_free(s);
+            if (min == NULL || max == NULL) {
+                X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            if (ASN1_INTEGER_cmp(min, max) > 0) {
+                X509V3err(X509V3_F_V2I_ASIDENTIFIERS,
+                          X509V3_R_EXTENSION_VALUE_ERROR);
+                goto err;
+            }
+        }
+        if (!X509v3_asid_add_id_or_range(asid, which, min, max)) {
+            X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        min = max = NULL;
+    }
+
+    /*
+     * Canonize the result, then we're done.
+     */
+    if (!X509v3_asid_canonize(asid))
+        goto err;
+    return asid;
+
+ err:
+    ASIdentifiers_free(asid);
+    ASN1_INTEGER_free(min);
+    ASN1_INTEGER_free(max);
+    return NULL;
+}
+
+/*
+ * OpenSSL dispatch.
+ */
+const X509V3_EXT_METHOD v3_asid = {
+    NID_sbgp_autonomousSysNum,  /* nid */
+    0,                          /* flags */
+    ASN1_ITEM_ref(ASIdentifiers), /* template */
+    0, 0, 0, 0,                 /* old functions, ignored */
+    0,                          /* i2s */
+    0,                          /* s2i */
+    0,                          /* i2v */
+    v2i_ASIdentifiers,          /* v2i */
+    i2r_ASIdentifiers,          /* i2r */
+    0,                          /* r2i */
+    NULL                        /* extension-specific data */
+};
+
+/*
+ * Figure out whether extension uses inheritance.
+ */
+int X509v3_asid_inherits(ASIdentifiers *asid)
+{
+    return (asid != NULL &&
+            ((asid->asnum != NULL &&
+              asid->asnum->type == ASIdentifierChoice_inherit) ||
+             (asid->rdi != NULL &&
+              asid->rdi->type == ASIdentifierChoice_inherit)));
+}
+
+/*
+ * Figure out whether parent contains child.
+ */
+static int asid_contains(ASIdOrRanges *parent, ASIdOrRanges *child)
+{
+    ASN1_INTEGER *p_min = NULL, *p_max = NULL, *c_min = NULL, *c_max = NULL;
+    int p, c;
+
+    if (child == NULL || parent == child)
+        return 1;
+    if (parent == NULL)
+        return 0;
+
+    p = 0;
+    for (c = 0; c < sk_ASIdOrRange_num(child); c++) {
+        if (!extract_min_max(sk_ASIdOrRange_value(child, c), &c_min, &c_max))
+            return 0;
+        for (;; p++) {
+            if (p >= sk_ASIdOrRange_num(parent))
+                return 0;
+            if (!extract_min_max(sk_ASIdOrRange_value(parent, p), &p_min,
+                                 &p_max))
+                return 0;
+            if (ASN1_INTEGER_cmp(p_max, c_max) < 0)
+                continue;
+            if (ASN1_INTEGER_cmp(p_min, c_min) > 0)
+                return 0;
+            break;
+        }
+    }
+
+    return 1;
+}
+
+/*
+ * Test whether a is a subset of b.
+ */
+int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b)
+{
+    return (a == NULL ||
+            a == b ||
+            (b != NULL &&
+             !X509v3_asid_inherits(a) &&
+             !X509v3_asid_inherits(b) &&
+             asid_contains(b->asnum->u.asIdsOrRanges,
+                           a->asnum->u.asIdsOrRanges) &&
+             asid_contains(b->rdi->u.asIdsOrRanges,
+                           a->rdi->u.asIdsOrRanges)));
+}
+
+/*
+ * Validation error handling via callback.
+ */
+#define validation_err(_err_)           \
+  do {                                  \
+    if (ctx != NULL) {                  \
+      ctx->error = _err_;               \
+      ctx->error_depth = i;             \
+      ctx->current_cert = x;            \
+      ret = ctx->verify_cb(0, ctx);     \
+    } else {                            \
+      ret = 0;                          \
+    }                                   \
+    if (!ret)                           \
+      goto done;                        \
+  } while (0)
+
+/*
+ * Core code for RFC 3779 3.3 path validation.
+ */
+static int asid_validate_path_internal(X509_STORE_CTX *ctx,
+                                       STACK_OF(X509) *chain,
+                                       ASIdentifiers *ext)
+{
+    ASIdOrRanges *child_as = NULL, *child_rdi = NULL;
+    int i, ret = 1, inherit_as = 0, inherit_rdi = 0;
+    X509 *x;
+
+    if (!ossl_assert(chain != NULL && sk_X509_num(chain) > 0)
+            || !ossl_assert(ctx != NULL || ext != NULL)
+            || !ossl_assert(ctx == NULL || ctx->verify_cb != NULL)) {
+        if (ctx != NULL)
+            ctx->error = X509_V_ERR_UNSPECIFIED;
+        return 0;
+    }
+
+
+    /*
+     * Figure out where to start.  If we don't have an extension to
+     * check, we're done.  Otherwise, check canonical form and
+     * set up for walking up the chain.
+     */
+    if (ext != NULL) {
+        i = -1;
+        x = NULL;
+    } else {
+        i = 0;
+        x = sk_X509_value(chain, i);
+        if ((ext = x->rfc3779_asid) == NULL)
+            goto done;
+    }
+    if (!X509v3_asid_is_canonical(ext))
+        validation_err(X509_V_ERR_INVALID_EXTENSION);
+    if (ext->asnum != NULL) {
+        switch (ext->asnum->type) {
+        case ASIdentifierChoice_inherit:
+            inherit_as = 1;
+            break;
+        case ASIdentifierChoice_asIdsOrRanges:
+            child_as = ext->asnum->u.asIdsOrRanges;
+            break;
+        }
+    }
+    if (ext->rdi != NULL) {
+        switch (ext->rdi->type) {
+        case ASIdentifierChoice_inherit:
+            inherit_rdi = 1;
+            break;
+        case ASIdentifierChoice_asIdsOrRanges:
+            child_rdi = ext->rdi->u.asIdsOrRanges;
+            break;
+        }
+    }
+
+    /*
+     * Now walk up the chain.  Extensions must be in canonical form, no
+     * cert may list resources that its parent doesn't list.
+     */
+    for (i++; i < sk_X509_num(chain); i++) {
+        x = sk_X509_value(chain, i);
+        if (!ossl_assert(x != NULL)) {
+            if (ctx != NULL)
+                ctx->error = X509_V_ERR_UNSPECIFIED;
+            return 0;
+        }
+        if (x->rfc3779_asid == NULL) {
+            if (child_as != NULL || child_rdi != NULL)
+                validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+            continue;
+        }
+        if (!X509v3_asid_is_canonical(x->rfc3779_asid))
+            validation_err(X509_V_ERR_INVALID_EXTENSION);
+        if (x->rfc3779_asid->asnum == NULL && child_as != NULL) {
+            validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+            child_as = NULL;
+            inherit_as = 0;
+        }
+        if (x->rfc3779_asid->asnum != NULL &&
+            x->rfc3779_asid->asnum->type ==
+            ASIdentifierChoice_asIdsOrRanges) {
+            if (inherit_as
+                || asid_contains(x->rfc3779_asid->asnum->u.asIdsOrRanges,
+                                 child_as)) {
+                child_as = x->rfc3779_asid->asnum->u.asIdsOrRanges;
+                inherit_as = 0;
+            } else {
+                validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+            }
+        }
+        if (x->rfc3779_asid->rdi == NULL && child_rdi != NULL) {
+            validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+            child_rdi = NULL;
+            inherit_rdi = 0;
+        }
+        if (x->rfc3779_asid->rdi != NULL &&
+            x->rfc3779_asid->rdi->type == ASIdentifierChoice_asIdsOrRanges) {
+            if (inherit_rdi ||
+                asid_contains(x->rfc3779_asid->rdi->u.asIdsOrRanges,
+                              child_rdi)) {
+                child_rdi = x->rfc3779_asid->rdi->u.asIdsOrRanges;
+                inherit_rdi = 0;
+            } else {
+                validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+            }
+        }
+    }
+
+    /*
+     * Trust anchor can't inherit.
+     */
+    if (!ossl_assert(x != NULL)) {
+        if (ctx != NULL)
+            ctx->error = X509_V_ERR_UNSPECIFIED;
+        return 0;
+    }
+    if (x->rfc3779_asid != NULL) {
+        if (x->rfc3779_asid->asnum != NULL &&
+            x->rfc3779_asid->asnum->type == ASIdentifierChoice_inherit)
+            validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+        if (x->rfc3779_asid->rdi != NULL &&
+            x->rfc3779_asid->rdi->type == ASIdentifierChoice_inherit)
+            validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+    }
+
+ done:
+    return ret;
+}
+
+#undef validation_err
+
+/*
+ * RFC 3779 3.3 path validation -- called from X509_verify_cert().
+ */
+int X509v3_asid_validate_path(X509_STORE_CTX *ctx)
+{
+    if (ctx->chain == NULL
+            || sk_X509_num(ctx->chain) == 0
+            || ctx->verify_cb == NULL) {
+        ctx->error = X509_V_ERR_UNSPECIFIED;
+        return 0;
+    }
+    return asid_validate_path_internal(ctx, ctx->chain, NULL);
+}
+
+/*
+ * RFC 3779 3.3 path validation of an extension.
+ * Test whether chain covers extension.
+ */
+int X509v3_asid_validate_resource_set(STACK_OF(X509) *chain,
+                                      ASIdentifiers *ext, int allow_inheritance)
+{
+    if (ext == NULL)
+        return 1;
+    if (chain == NULL || sk_X509_num(chain) == 0)
+        return 0;
+    if (!allow_inheritance && X509v3_asid_inherits(ext))
+        return 0;
+    return asid_validate_path_internal(NULL, chain, ext);
+}
+
+#endif                          /* OPENSSL_NO_RFC3779 */
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_bcons.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_bcons.c
new file mode 100644
index 000000000..3bbf15550
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_bcons.c
@@ -0,0 +1,84 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
+                                                   BASIC_CONSTRAINTS *bcons,
+                                                   STACK_OF(CONF_VALUE)
+                                                   *extlist);
+static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
+                                                X509V3_CTX *ctx,
+                                                STACK_OF(CONF_VALUE) *values);
+
+const X509V3_EXT_METHOD v3_bcons = {
+    NID_basic_constraints, 0,
+    ASN1_ITEM_ref(BASIC_CONSTRAINTS),
+    0, 0, 0, 0,
+    0, 0,
+    (X509V3_EXT_I2V) i2v_BASIC_CONSTRAINTS,
+    (X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS,
+    NULL, NULL,
+    NULL
+};
+
+ASN1_SEQUENCE(BASIC_CONSTRAINTS) = {
+        ASN1_OPT(BASIC_CONSTRAINTS, ca, ASN1_FBOOLEAN),
+        ASN1_OPT(BASIC_CONSTRAINTS, pathlen, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(BASIC_CONSTRAINTS)
+
+IMPLEMENT_ASN1_FUNCTIONS(BASIC_CONSTRAINTS)
+
+static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
+                                                   BASIC_CONSTRAINTS *bcons,
+                                                   STACK_OF(CONF_VALUE)
+                                                   *extlist)
+{
+    X509V3_add_value_bool("CA", bcons->ca, &extlist);
+    X509V3_add_value_int("pathlen", bcons->pathlen, &extlist);
+    return extlist;
+}
+
+static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
+                                                X509V3_CTX *ctx,
+                                                STACK_OF(CONF_VALUE) *values)
+{
+    BASIC_CONSTRAINTS *bcons = NULL;
+    CONF_VALUE *val;
+    int i;
+
+    if ((bcons = BASIC_CONSTRAINTS_new()) == NULL) {
+        X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
+        val = sk_CONF_VALUE_value(values, i);
+        if (strcmp(val->name, "CA") == 0) {
+            if (!X509V3_get_value_bool(val, &bcons->ca))
+                goto err;
+        } else if (strcmp(val->name, "pathlen") == 0) {
+            if (!X509V3_get_value_int(val, &bcons->pathlen))
+                goto err;
+        } else {
+            X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, X509V3_R_INVALID_NAME);
+            X509V3_conf_err(val);
+            goto err;
+        }
+    }
+    return bcons;
+ err:
+    BASIC_CONSTRAINTS_free(bcons);
+    return NULL;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_bitst.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_bitst.c
new file mode 100644
index 000000000..4802116ba
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_bitst.c
@@ -0,0 +1,93 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+static BIT_STRING_BITNAME ns_cert_type_table[] = {
+    {0, "SSL Client", "client"},
+    {1, "SSL Server", "server"},
+    {2, "S/MIME", "email"},
+    {3, "Object Signing", "objsign"},
+    {4, "Unused", "reserved"},
+    {5, "SSL CA", "sslCA"},
+    {6, "S/MIME CA", "emailCA"},
+    {7, "Object Signing CA", "objCA"},
+    {-1, NULL, NULL}
+};
+
+static BIT_STRING_BITNAME key_usage_type_table[] = {
+    {0, "Digital Signature", "digitalSignature"},
+    {1, "Non Repudiation", "nonRepudiation"},
+    {2, "Key Encipherment", "keyEncipherment"},
+    {3, "Data Encipherment", "dataEncipherment"},
+    {4, "Key Agreement", "keyAgreement"},
+    {5, "Certificate Sign", "keyCertSign"},
+    {6, "CRL Sign", "cRLSign"},
+    {7, "Encipher Only", "encipherOnly"},
+    {8, "Decipher Only", "decipherOnly"},
+    {-1, NULL, NULL}
+};
+
+const X509V3_EXT_METHOD v3_nscert =
+EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table);
+const X509V3_EXT_METHOD v3_key_usage =
+EXT_BITSTRING(NID_key_usage, key_usage_type_table);
+
+STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
+                                          ASN1_BIT_STRING *bits,
+                                          STACK_OF(CONF_VALUE) *ret)
+{
+    BIT_STRING_BITNAME *bnam;
+    for (bnam = method->usr_data; bnam->lname; bnam++) {
+        if (ASN1_BIT_STRING_get_bit(bits, bnam->bitnum))
+            X509V3_add_value(bnam->lname, NULL, &ret);
+    }
+    return ret;
+}
+
+ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
+                                     X509V3_CTX *ctx,
+                                     STACK_OF(CONF_VALUE) *nval)
+{
+    CONF_VALUE *val;
+    ASN1_BIT_STRING *bs;
+    int i;
+    BIT_STRING_BITNAME *bnam;
+    if ((bs = ASN1_BIT_STRING_new()) == NULL) {
+        X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+        val = sk_CONF_VALUE_value(nval, i);
+        for (bnam = method->usr_data; bnam->lname; bnam++) {
+            if (strcmp(bnam->sname, val->name) == 0
+                || strcmp(bnam->lname, val->name) == 0) {
+                if (!ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1)) {
+                    X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,
+                              ERR_R_MALLOC_FAILURE);
+                    ASN1_BIT_STRING_free(bs);
+                    return NULL;
+                }
+                break;
+            }
+        }
+        if (!bnam->lname) {
+            X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,
+                      X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT);
+            X509V3_conf_err(val);
+            ASN1_BIT_STRING_free(bs);
+            return NULL;
+        }
+    }
+    return bs;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_conf.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_conf.c
new file mode 100644
index 000000000..7acaebfa2
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_conf.c
@@ -0,0 +1,511 @@
+/*
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* extension creation utilities */
+
+#include <stdio.h>
+#include "internal/ctype.h"
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509.h>
+#include "internal/x509_int.h"
+#include <openssl/x509v3.h>
+
+static int v3_check_critical(const char **value);
+static int v3_check_generic(const char **value);
+static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
+                                    int crit, const char *value);
+static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value,
+                                            int crit, int type,
+                                            X509V3_CTX *ctx);
+static char *conf_lhash_get_string(void *db, const char *section, const char *value);
+static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, const char *section);
+static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method,
+                                  int ext_nid, int crit, void *ext_struc);
+static unsigned char *generic_asn1(const char *value, X509V3_CTX *ctx,
+                                   long *ext_len);
+/* CONF *conf:  Config file    */
+/* char *name:  Name    */
+/* char *value:  Value    */
+X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name,
+                                 const char *value)
+{
+    int crit;
+    int ext_type;
+    X509_EXTENSION *ret;
+    crit = v3_check_critical(&value);
+    if ((ext_type = v3_check_generic(&value)))
+        return v3_generic_extension(name, value, crit, ext_type, ctx);
+    ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value);
+    if (!ret) {
+        X509V3err(X509V3_F_X509V3_EXT_NCONF, X509V3_R_ERROR_IN_EXTENSION);
+        ERR_add_error_data(4, "name=", name, ", value=", value);
+    }
+    return ret;
+}
+
+/* CONF *conf:  Config file    */
+/* char *value:  Value    */
+X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
+                                     const char *value)
+{
+    int crit;
+    int ext_type;
+    crit = v3_check_critical(&value);
+    if ((ext_type = v3_check_generic(&value)))
+        return v3_generic_extension(OBJ_nid2sn(ext_nid),
+                                    value, crit, ext_type, ctx);
+    return do_ext_nconf(conf, ctx, ext_nid, crit, value);
+}
+
+/* CONF *conf:  Config file    */
+/* char *value:  Value    */
+static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
+                                    int crit, const char *value)
+{
+    const X509V3_EXT_METHOD *method;
+    X509_EXTENSION *ext;
+    STACK_OF(CONF_VALUE) *nval;
+    void *ext_struc;
+
+    if (ext_nid == NID_undef) {
+        X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_UNKNOWN_EXTENSION_NAME);
+        return NULL;
+    }
+    if ((method = X509V3_EXT_get_nid(ext_nid)) == NULL) {
+        X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_UNKNOWN_EXTENSION);
+        return NULL;
+    }
+    /* Now get internal extension representation based on type */
+    if (method->v2i) {
+        if (*value == '@')
+            nval = NCONF_get_section(conf, value + 1);
+        else
+            nval = X509V3_parse_list(value);
+        if (nval == NULL || sk_CONF_VALUE_num(nval) <= 0) {
+            X509V3err(X509V3_F_DO_EXT_NCONF,
+                      X509V3_R_INVALID_EXTENSION_STRING);
+            ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=",
+                               value);
+            if (*value != '@')
+                sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
+            return NULL;
+        }
+        ext_struc = method->v2i(method, ctx, nval);
+        if (*value != '@')
+            sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
+        if (!ext_struc)
+            return NULL;
+    } else if (method->s2i) {
+        if ((ext_struc = method->s2i(method, ctx, value)) == NULL)
+            return NULL;
+    } else if (method->r2i) {
+        if (!ctx->db || !ctx->db_meth) {
+            X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_NO_CONFIG_DATABASE);
+            return NULL;
+        }
+        if ((ext_struc = method->r2i(method, ctx, value)) == NULL)
+            return NULL;
+    } else {
+        X509V3err(X509V3_F_DO_EXT_NCONF,
+                  X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED);
+        ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid));
+        return NULL;
+    }
+
+    ext = do_ext_i2d(method, ext_nid, crit, ext_struc);
+    if (method->it)
+        ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it));
+    else
+        method->ext_free(ext_struc);
+    return ext;
+
+}
+
+static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method,
+                                  int ext_nid, int crit, void *ext_struc)
+{
+    unsigned char *ext_der = NULL;
+    int ext_len;
+    ASN1_OCTET_STRING *ext_oct = NULL;
+    X509_EXTENSION *ext;
+    /* Convert internal representation to DER */
+    if (method->it) {
+        ext_der = NULL;
+        ext_len =
+            ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it));
+        if (ext_len < 0)
+            goto merr;
+    } else {
+        unsigned char *p;
+
+        ext_len = method->i2d(ext_struc, NULL);
+        if ((ext_der = OPENSSL_malloc(ext_len)) == NULL)
+            goto merr;
+        p = ext_der;
+        method->i2d(ext_struc, &p);
+    }
+    if ((ext_oct = ASN1_OCTET_STRING_new()) == NULL)
+        goto merr;
+    ext_oct->data = ext_der;
+    ext_der = NULL;
+    ext_oct->length = ext_len;
+
+    ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct);
+    if (!ext)
+        goto merr;
+    ASN1_OCTET_STRING_free(ext_oct);
+
+    return ext;
+
+ merr:
+    X509V3err(X509V3_F_DO_EXT_I2D, ERR_R_MALLOC_FAILURE);
+    OPENSSL_free(ext_der);
+    ASN1_OCTET_STRING_free(ext_oct);
+    return NULL;
+
+}
+
+/* Given an internal structure, nid and critical flag create an extension */
+
+X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
+{
+    const X509V3_EXT_METHOD *method;
+
+    if ((method = X509V3_EXT_get_nid(ext_nid)) == NULL) {
+        X509V3err(X509V3_F_X509V3_EXT_I2D, X509V3_R_UNKNOWN_EXTENSION);
+        return NULL;
+    }
+    return do_ext_i2d(method, ext_nid, crit, ext_struc);
+}
+
+/* Check the extension string for critical flag */
+static int v3_check_critical(const char **value)
+{
+    const char *p = *value;
+    if ((strlen(p) < 9) || strncmp(p, "critical,", 9))
+        return 0;
+    p += 9;
+    while (ossl_isspace(*p))
+        p++;
+    *value = p;
+    return 1;
+}
+
+/* Check extension string for generic extension and return the type */
+static int v3_check_generic(const char **value)
+{
+    int gen_type = 0;
+    const char *p = *value;
+    if ((strlen(p) >= 4) && strncmp(p, "DER:", 4) == 0) {
+        p += 4;
+        gen_type = 1;
+    } else if ((strlen(p) >= 5) && strncmp(p, "ASN1:", 5) == 0) {
+        p += 5;
+        gen_type = 2;
+    } else
+        return 0;
+
+    while (ossl_isspace(*p))
+        p++;
+    *value = p;
+    return gen_type;
+}
+
+/* Create a generic extension: for now just handle DER type */
+static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value,
+                                            int crit, int gen_type,
+                                            X509V3_CTX *ctx)
+{
+    unsigned char *ext_der = NULL;
+    long ext_len = 0;
+    ASN1_OBJECT *obj = NULL;
+    ASN1_OCTET_STRING *oct = NULL;
+    X509_EXTENSION *extension = NULL;
+
+    if ((obj = OBJ_txt2obj(ext, 0)) == NULL) {
+        X509V3err(X509V3_F_V3_GENERIC_EXTENSION,
+                  X509V3_R_EXTENSION_NAME_ERROR);
+        ERR_add_error_data(2, "name=", ext);
+        goto err;
+    }
+
+    if (gen_type == 1)
+        ext_der = OPENSSL_hexstr2buf(value, &ext_len);
+    else if (gen_type == 2)
+        ext_der = generic_asn1(value, ctx, &ext_len);
+
+    if (ext_der == NULL) {
+        X509V3err(X509V3_F_V3_GENERIC_EXTENSION,
+                  X509V3_R_EXTENSION_VALUE_ERROR);
+        ERR_add_error_data(2, "value=", value);
+        goto err;
+    }
+
+    if ((oct = ASN1_OCTET_STRING_new()) == NULL) {
+        X509V3err(X509V3_F_V3_GENERIC_EXTENSION, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    oct->data = ext_der;
+    oct->length = ext_len;
+    ext_der = NULL;
+
+    extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct);
+
+ err:
+    ASN1_OBJECT_free(obj);
+    ASN1_OCTET_STRING_free(oct);
+    OPENSSL_free(ext_der);
+    return extension;
+
+}
+
+static unsigned char *generic_asn1(const char *value, X509V3_CTX *ctx,
+                                   long *ext_len)
+{
+    ASN1_TYPE *typ;
+    unsigned char *ext_der = NULL;
+    typ = ASN1_generate_v3(value, ctx);
+    if (typ == NULL)
+        return NULL;
+    *ext_len = i2d_ASN1_TYPE(typ, &ext_der);
+    ASN1_TYPE_free(typ);
+    return ext_der;
+}
+
+static void delete_ext(STACK_OF(X509_EXTENSION) *sk, X509_EXTENSION *dext)
+{
+    int idx;
+    ASN1_OBJECT *obj;
+    obj = X509_EXTENSION_get_object(dext);
+    while ((idx = X509v3_get_ext_by_OBJ(sk, obj, -1)) >= 0) {
+        X509_EXTENSION *tmpext = X509v3_get_ext(sk, idx);
+        X509v3_delete_ext(sk, idx);
+        X509_EXTENSION_free(tmpext);
+    }
+}
+
+/*
+ * This is the main function: add a bunch of extensions based on a config
+ * file section to an extension STACK.
+ */
+
+int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section,
+                            STACK_OF(X509_EXTENSION) **sk)
+{
+    X509_EXTENSION *ext;
+    STACK_OF(CONF_VALUE) *nval;
+    CONF_VALUE *val;
+    int i;
+
+    if ((nval = NCONF_get_section(conf, section)) == NULL)
+        return 0;
+    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+        val = sk_CONF_VALUE_value(nval, i);
+        if ((ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value)) == NULL)
+            return 0;
+        if (ctx->flags == X509V3_CTX_REPLACE)
+            delete_ext(*sk, ext);
+        if (sk != NULL) {
+            if (X509v3_add_ext(sk, ext, -1) == NULL) {
+                X509_EXTENSION_free(ext);
+                return 0;
+            }
+        }
+        X509_EXTENSION_free(ext);
+    }
+    return 1;
+}
+
+/*
+ * Convenience functions to add extensions to a certificate, CRL and request
+ */
+
+int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
+                         X509 *cert)
+{
+    STACK_OF(X509_EXTENSION) **sk = NULL;
+    if (cert)
+        sk = &cert->cert_info.extensions;
+    return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
+}
+
+/* Same as above but for a CRL */
+
+int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
+                             X509_CRL *crl)
+{
+    STACK_OF(X509_EXTENSION) **sk = NULL;
+    if (crl)
+        sk = &crl->crl.extensions;
+    return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
+}
+
+/* Add extensions to certificate request */
+
+int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
+                             X509_REQ *req)
+{
+    STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL;
+    int i;
+    if (req)
+        sk = &extlist;
+    i = X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
+    if (!i || !sk)
+        return i;
+    i = X509_REQ_add_extensions(req, extlist);
+    sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free);
+    return i;
+}
+
+/* Config database functions */
+
+char *X509V3_get_string(X509V3_CTX *ctx, const char *name, const char *section)
+{
+    if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) {
+        X509V3err(X509V3_F_X509V3_GET_STRING, X509V3_R_OPERATION_NOT_DEFINED);
+        return NULL;
+    }
+    if (ctx->db_meth->get_string)
+        return ctx->db_meth->get_string(ctx->db, name, section);
+    return NULL;
+}
+
+STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section)
+{
+    if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) {
+        X509V3err(X509V3_F_X509V3_GET_SECTION,
+                  X509V3_R_OPERATION_NOT_DEFINED);
+        return NULL;
+    }
+    if (ctx->db_meth->get_section)
+        return ctx->db_meth->get_section(ctx->db, section);
+    return NULL;
+}
+
+void X509V3_string_free(X509V3_CTX *ctx, char *str)
+{
+    if (!str)
+        return;
+    if (ctx->db_meth->free_string)
+        ctx->db_meth->free_string(ctx->db, str);
+}
+
+void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section)
+{
+    if (!section)
+        return;
+    if (ctx->db_meth->free_section)
+        ctx->db_meth->free_section(ctx->db, section);
+}
+
+static char *nconf_get_string(void *db, const char *section, const char *value)
+{
+    return NCONF_get_string(db, section, value);
+}
+
+static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, const char *section)
+{
+    return NCONF_get_section(db, section);
+}
+
+static X509V3_CONF_METHOD nconf_method = {
+    nconf_get_string,
+    nconf_get_section,
+    NULL,
+    NULL
+};
+
+void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf)
+{
+    ctx->db_meth = &nconf_method;
+    ctx->db = conf;
+}
+
+void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,
+                    X509_CRL *crl, int flags)
+{
+    ctx->issuer_cert = issuer;
+    ctx->subject_cert = subj;
+    ctx->crl = crl;
+    ctx->subject_req = req;
+    ctx->flags = flags;
+}
+
+/* Old conf compatibility functions */
+
+X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
+                                const char *name, const char *value)
+{
+    CONF ctmp;
+    CONF_set_nconf(&ctmp, conf);
+    return X509V3_EXT_nconf(&ctmp, ctx, name, value);
+}
+
+/* LHASH *conf:  Config file    */
+/* char *value:  Value    */
+X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf,
+                                    X509V3_CTX *ctx, int ext_nid, const char *value)
+{
+    CONF ctmp;
+    CONF_set_nconf(&ctmp, conf);
+    return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value);
+}
+
+static char *conf_lhash_get_string(void *db, const char *section, const char *value)
+{
+    return CONF_get_string(db, section, value);
+}
+
+static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, const char *section)
+{
+    return CONF_get_section(db, section);
+}
+
+static X509V3_CONF_METHOD conf_lhash_method = {
+    conf_lhash_get_string,
+    conf_lhash_get_section,
+    NULL,
+    NULL
+};
+
+void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash)
+{
+    ctx->db_meth = &conf_lhash_method;
+    ctx->db = lhash;
+}
+
+int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
+                        const char *section, X509 *cert)
+{
+    CONF ctmp;
+    CONF_set_nconf(&ctmp, conf);
+    return X509V3_EXT_add_nconf(&ctmp, ctx, section, cert);
+}
+
+/* Same as above but for a CRL */
+
+int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
+                            const char *section, X509_CRL *crl)
+{
+    CONF ctmp;
+    CONF_set_nconf(&ctmp, conf);
+    return X509V3_EXT_CRL_add_nconf(&ctmp, ctx, section, crl);
+}
+
+/* Add extensions to certificate request */
+
+int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
+                            const char *section, X509_REQ *req)
+{
+    CONF ctmp;
+    CONF_set_nconf(&ctmp, conf);
+    return X509V3_EXT_REQ_add_nconf(&ctmp, ctx, section, req);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_cpols.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_cpols.c
new file mode 100644
index 000000000..7a47fd38b
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_cpols.c
@@ -0,0 +1,491 @@
+/*
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+
+#include "pcy_int.h"
+#include "ext_dat.h"
+
+/* Certificate policies extension support: this one is a bit complex... */
+
+static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol,
+                       BIO *out, int indent);
+static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
+                                         X509V3_CTX *ctx, const char *value);
+static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals,
+                             int indent);
+static void print_notice(BIO *out, USERNOTICE *notice, int indent);
+static POLICYINFO *policy_section(X509V3_CTX *ctx,
+                                  STACK_OF(CONF_VALUE) *polstrs, int ia5org);
+static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
+                                      STACK_OF(CONF_VALUE) *unot, int ia5org);
+static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos);
+static int displaytext_str2tag(const char *tagstr, unsigned int *tag_len);
+static int displaytext_get_tag_len(const char *tagstr);
+
+const X509V3_EXT_METHOD v3_cpols = {
+    NID_certificate_policies, 0, ASN1_ITEM_ref(CERTIFICATEPOLICIES),
+    0, 0, 0, 0,
+    0, 0,
+    0, 0,
+    (X509V3_EXT_I2R)i2r_certpol,
+    (X509V3_EXT_R2I)r2i_certpol,
+    NULL
+};
+
+ASN1_ITEM_TEMPLATE(CERTIFICATEPOLICIES) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CERTIFICATEPOLICIES, POLICYINFO)
+ASN1_ITEM_TEMPLATE_END(CERTIFICATEPOLICIES)
+
+IMPLEMENT_ASN1_FUNCTIONS(CERTIFICATEPOLICIES)
+
+ASN1_SEQUENCE(POLICYINFO) = {
+        ASN1_SIMPLE(POLICYINFO, policyid, ASN1_OBJECT),
+        ASN1_SEQUENCE_OF_OPT(POLICYINFO, qualifiers, POLICYQUALINFO)
+} ASN1_SEQUENCE_END(POLICYINFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(POLICYINFO)
+
+ASN1_ADB_TEMPLATE(policydefault) = ASN1_SIMPLE(POLICYQUALINFO, d.other, ASN1_ANY);
+
+ASN1_ADB(POLICYQUALINFO) = {
+        ADB_ENTRY(NID_id_qt_cps, ASN1_SIMPLE(POLICYQUALINFO, d.cpsuri, ASN1_IA5STRING)),
+        ADB_ENTRY(NID_id_qt_unotice, ASN1_SIMPLE(POLICYQUALINFO, d.usernotice, USERNOTICE))
+} ASN1_ADB_END(POLICYQUALINFO, 0, pqualid, 0, &policydefault_tt, NULL);
+
+ASN1_SEQUENCE(POLICYQUALINFO) = {
+        ASN1_SIMPLE(POLICYQUALINFO, pqualid, ASN1_OBJECT),
+        ASN1_ADB_OBJECT(POLICYQUALINFO)
+} ASN1_SEQUENCE_END(POLICYQUALINFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(POLICYQUALINFO)
+
+ASN1_SEQUENCE(USERNOTICE) = {
+        ASN1_OPT(USERNOTICE, noticeref, NOTICEREF),
+        ASN1_OPT(USERNOTICE, exptext, DISPLAYTEXT)
+} ASN1_SEQUENCE_END(USERNOTICE)
+
+IMPLEMENT_ASN1_FUNCTIONS(USERNOTICE)
+
+ASN1_SEQUENCE(NOTICEREF) = {
+        ASN1_SIMPLE(NOTICEREF, organization, DISPLAYTEXT),
+        ASN1_SEQUENCE_OF(NOTICEREF, noticenos, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(NOTICEREF)
+
+IMPLEMENT_ASN1_FUNCTIONS(NOTICEREF)
+
+static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
+                                         X509V3_CTX *ctx, const char *value)
+{
+    STACK_OF(POLICYINFO) *pols;
+    char *pstr;
+    POLICYINFO *pol;
+    ASN1_OBJECT *pobj;
+    STACK_OF(CONF_VALUE) *vals = X509V3_parse_list(value);
+    CONF_VALUE *cnf;
+    const int num = sk_CONF_VALUE_num(vals);
+    int i, ia5org;
+
+    if (vals == NULL) {
+        X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_X509V3_LIB);
+        return NULL;
+    }
+
+    pols = sk_POLICYINFO_new_reserve(NULL, num);
+    if (pols == NULL) {
+        X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    ia5org = 0;
+    for (i = 0; i < num; i++) {
+        cnf = sk_CONF_VALUE_value(vals, i);
+
+        if (cnf->value || !cnf->name) {
+            X509V3err(X509V3_F_R2I_CERTPOL,
+                      X509V3_R_INVALID_POLICY_IDENTIFIER);
+            X509V3_conf_err(cnf);
+            goto err;
+        }
+        pstr = cnf->name;
+        if (strcmp(pstr, "ia5org") == 0) {
+            ia5org = 1;
+            continue;
+        } else if (*pstr == '@') {
+            STACK_OF(CONF_VALUE) *polsect;
+            polsect = X509V3_get_section(ctx, pstr + 1);
+            if (!polsect) {
+                X509V3err(X509V3_F_R2I_CERTPOL, X509V3_R_INVALID_SECTION);
+
+                X509V3_conf_err(cnf);
+                goto err;
+            }
+            pol = policy_section(ctx, polsect, ia5org);
+            X509V3_section_free(ctx, polsect);
+            if (pol == NULL)
+                goto err;
+        } else {
+            if ((pobj = OBJ_txt2obj(cnf->name, 0)) == NULL) {
+                X509V3err(X509V3_F_R2I_CERTPOL,
+                          X509V3_R_INVALID_OBJECT_IDENTIFIER);
+                X509V3_conf_err(cnf);
+                goto err;
+            }
+            pol = POLICYINFO_new();
+            if (pol == NULL) {
+                ASN1_OBJECT_free(pobj);
+                X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            pol->policyid = pobj;
+        }
+        if (!sk_POLICYINFO_push(pols, pol)) {
+            POLICYINFO_free(pol);
+            X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+    sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
+    return pols;
+ err:
+    sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
+    sk_POLICYINFO_pop_free(pols, POLICYINFO_free);
+    return NULL;
+}
+
+static POLICYINFO *policy_section(X509V3_CTX *ctx,
+                                  STACK_OF(CONF_VALUE) *polstrs, int ia5org)
+{
+    int i;
+    CONF_VALUE *cnf;
+    POLICYINFO *pol;
+    POLICYQUALINFO *qual;
+
+    if ((pol = POLICYINFO_new()) == NULL)
+        goto merr;
+    for (i = 0; i < sk_CONF_VALUE_num(polstrs); i++) {
+        cnf = sk_CONF_VALUE_value(polstrs, i);
+        if (strcmp(cnf->name, "policyIdentifier") == 0) {
+            ASN1_OBJECT *pobj;
+            if ((pobj = OBJ_txt2obj(cnf->value, 0)) == NULL) {
+                X509V3err(X509V3_F_POLICY_SECTION,
+                          X509V3_R_INVALID_OBJECT_IDENTIFIER);
+                X509V3_conf_err(cnf);
+                goto err;
+            }
+            pol->policyid = pobj;
+
+        } else if (!name_cmp(cnf->name, "CPS")) {
+            if (pol->qualifiers == NULL)
+                pol->qualifiers = sk_POLICYQUALINFO_new_null();
+            if ((qual = POLICYQUALINFO_new()) == NULL)
+                goto merr;
+            if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
+                goto merr;
+            if ((qual->pqualid = OBJ_nid2obj(NID_id_qt_cps)) == NULL) {
+                X509V3err(X509V3_F_POLICY_SECTION, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            if ((qual->d.cpsuri = ASN1_IA5STRING_new()) == NULL)
+                goto merr;
+            if (!ASN1_STRING_set(qual->d.cpsuri, cnf->value,
+                                 strlen(cnf->value)))
+                goto merr;
+        } else if (!name_cmp(cnf->name, "userNotice")) {
+            STACK_OF(CONF_VALUE) *unot;
+            if (*cnf->value != '@') {
+                X509V3err(X509V3_F_POLICY_SECTION,
+                          X509V3_R_EXPECTED_A_SECTION_NAME);
+                X509V3_conf_err(cnf);
+                goto err;
+            }
+            unot = X509V3_get_section(ctx, cnf->value + 1);
+            if (!unot) {
+                X509V3err(X509V3_F_POLICY_SECTION, X509V3_R_INVALID_SECTION);
+
+                X509V3_conf_err(cnf);
+                goto err;
+            }
+            qual = notice_section(ctx, unot, ia5org);
+            X509V3_section_free(ctx, unot);
+            if (!qual)
+                goto err;
+            if (!pol->qualifiers)
+                pol->qualifiers = sk_POLICYQUALINFO_new_null();
+            if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
+                goto merr;
+        } else {
+            X509V3err(X509V3_F_POLICY_SECTION, X509V3_R_INVALID_OPTION);
+
+            X509V3_conf_err(cnf);
+            goto err;
+        }
+    }
+    if (!pol->policyid) {
+        X509V3err(X509V3_F_POLICY_SECTION, X509V3_R_NO_POLICY_IDENTIFIER);
+        goto err;
+    }
+
+    return pol;
+
+ merr:
+    X509V3err(X509V3_F_POLICY_SECTION, ERR_R_MALLOC_FAILURE);
+
+ err:
+    POLICYINFO_free(pol);
+    return NULL;
+}
+
+static int displaytext_get_tag_len(const char *tagstr)
+{
+    char *colon = strchr(tagstr, ':');
+
+    return (colon == NULL) ? -1 : colon - tagstr;
+}
+
+static int displaytext_str2tag(const char *tagstr, unsigned int *tag_len)
+{
+    int len;
+
+    *tag_len = 0;
+    len = displaytext_get_tag_len(tagstr);
+
+    if (len == -1)
+        return V_ASN1_VISIBLESTRING;
+    *tag_len = len;
+    if (len == sizeof("UTF8") - 1 && strncmp(tagstr, "UTF8", len) == 0)
+        return V_ASN1_UTF8STRING;
+    if (len == sizeof("UTF8String") - 1 && strncmp(tagstr, "UTF8String", len) == 0)
+        return V_ASN1_UTF8STRING;
+    if (len == sizeof("BMP") - 1 && strncmp(tagstr, "BMP", len) == 0)
+        return V_ASN1_BMPSTRING;
+    if (len == sizeof("BMPSTRING") - 1 && strncmp(tagstr, "BMPSTRING", len) == 0)
+        return V_ASN1_BMPSTRING;
+    if (len == sizeof("VISIBLE") - 1 && strncmp(tagstr, "VISIBLE", len) == 0)
+        return V_ASN1_VISIBLESTRING;
+    if (len == sizeof("VISIBLESTRING") - 1 && strncmp(tagstr, "VISIBLESTRING", len) == 0)
+        return V_ASN1_VISIBLESTRING;
+    *tag_len = 0;
+    return V_ASN1_VISIBLESTRING;
+}
+
+static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
+                                      STACK_OF(CONF_VALUE) *unot, int ia5org)
+{
+    int i, ret, len, tag;
+    unsigned int tag_len;
+    CONF_VALUE *cnf;
+    USERNOTICE *not;
+    POLICYQUALINFO *qual;
+    char *value = NULL;
+
+    if ((qual = POLICYQUALINFO_new()) == NULL)
+        goto merr;
+    if ((qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice)) == NULL) {
+        X509V3err(X509V3_F_NOTICE_SECTION, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    if ((not = USERNOTICE_new()) == NULL)
+        goto merr;
+    qual->d.usernotice = not;
+    for (i = 0; i < sk_CONF_VALUE_num(unot); i++) {
+        cnf = sk_CONF_VALUE_value(unot, i);
+        value = cnf->value;
+        if (strcmp(cnf->name, "explicitText") == 0) {
+            tag = displaytext_str2tag(value, &tag_len);
+            if ((not->exptext = ASN1_STRING_type_new(tag)) == NULL)
+                goto merr;
+            if (tag_len != 0)
+                value += tag_len + 1;
+            len = strlen(value);
+            if (!ASN1_STRING_set(not->exptext, value, len))
+                goto merr;
+        } else if (strcmp(cnf->name, "organization") == 0) {
+            NOTICEREF *nref;
+            if (!not->noticeref) {
+                if ((nref = NOTICEREF_new()) == NULL)
+                    goto merr;
+                not->noticeref = nref;
+            } else
+                nref = not->noticeref;
+            if (ia5org)
+                nref->organization->type = V_ASN1_IA5STRING;
+            else
+                nref->organization->type = V_ASN1_VISIBLESTRING;
+            if (!ASN1_STRING_set(nref->organization, cnf->value,
+                                 strlen(cnf->value)))
+                goto merr;
+        } else if (strcmp(cnf->name, "noticeNumbers") == 0) {
+            NOTICEREF *nref;
+            STACK_OF(CONF_VALUE) *nos;
+            if (!not->noticeref) {
+                if ((nref = NOTICEREF_new()) == NULL)
+                    goto merr;
+                not->noticeref = nref;
+            } else
+                nref = not->noticeref;
+            nos = X509V3_parse_list(cnf->value);
+            if (!nos || !sk_CONF_VALUE_num(nos)) {
+                X509V3err(X509V3_F_NOTICE_SECTION, X509V3_R_INVALID_NUMBERS);
+                X509V3_conf_err(cnf);
+                sk_CONF_VALUE_pop_free(nos, X509V3_conf_free);
+                goto err;
+            }
+            ret = nref_nos(nref->noticenos, nos);
+            sk_CONF_VALUE_pop_free(nos, X509V3_conf_free);
+            if (!ret)
+                goto err;
+        } else {
+            X509V3err(X509V3_F_NOTICE_SECTION, X509V3_R_INVALID_OPTION);
+            X509V3_conf_err(cnf);
+            goto err;
+        }
+    }
+
+    if (not->noticeref &&
+        (!not->noticeref->noticenos || !not->noticeref->organization)) {
+        X509V3err(X509V3_F_NOTICE_SECTION,
+                  X509V3_R_NEED_ORGANIZATION_AND_NUMBERS);
+        goto err;
+    }
+
+    return qual;
+
+ merr:
+    X509V3err(X509V3_F_NOTICE_SECTION, ERR_R_MALLOC_FAILURE);
+
+ err:
+    POLICYQUALINFO_free(qual);
+    return NULL;
+}
+
+static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos)
+{
+    CONF_VALUE *cnf;
+    ASN1_INTEGER *aint;
+
+    int i;
+
+    for (i = 0; i < sk_CONF_VALUE_num(nos); i++) {
+        cnf = sk_CONF_VALUE_value(nos, i);
+        if ((aint = s2i_ASN1_INTEGER(NULL, cnf->name)) == NULL) {
+            X509V3err(X509V3_F_NREF_NOS, X509V3_R_INVALID_NUMBER);
+            goto err;
+        }
+        if (!sk_ASN1_INTEGER_push(nnums, aint))
+            goto merr;
+    }
+    return 1;
+
+ merr:
+    ASN1_INTEGER_free(aint);
+    X509V3err(X509V3_F_NREF_NOS, ERR_R_MALLOC_FAILURE);
+
+ err:
+    return 0;
+}
+
+static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol,
+                       BIO *out, int indent)
+{
+    int i;
+    POLICYINFO *pinfo;
+    /* First print out the policy OIDs */
+    for (i = 0; i < sk_POLICYINFO_num(pol); i++) {
+        pinfo = sk_POLICYINFO_value(pol, i);
+        BIO_printf(out, "%*sPolicy: ", indent, "");
+        i2a_ASN1_OBJECT(out, pinfo->policyid);
+        BIO_puts(out, "\n");
+        if (pinfo->qualifiers)
+            print_qualifiers(out, pinfo->qualifiers, indent + 2);
+    }
+    return 1;
+}
+
+static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals,
+                             int indent)
+{
+    POLICYQUALINFO *qualinfo;
+    int i;
+    for (i = 0; i < sk_POLICYQUALINFO_num(quals); i++) {
+        qualinfo = sk_POLICYQUALINFO_value(quals, i);
+        switch (OBJ_obj2nid(qualinfo->pqualid)) {
+        case NID_id_qt_cps:
+            BIO_printf(out, "%*sCPS: %s\n", indent, "",
+                       qualinfo->d.cpsuri->data);
+            break;
+
+        case NID_id_qt_unotice:
+            BIO_printf(out, "%*sUser Notice:\n", indent, "");
+            print_notice(out, qualinfo->d.usernotice, indent + 2);
+            break;
+
+        default:
+            BIO_printf(out, "%*sUnknown Qualifier: ", indent + 2, "");
+
+            i2a_ASN1_OBJECT(out, qualinfo->pqualid);
+            BIO_puts(out, "\n");
+            break;
+        }
+    }
+}
+
+static void print_notice(BIO *out, USERNOTICE *notice, int indent)
+{
+    int i;
+    if (notice->noticeref) {
+        NOTICEREF *ref;
+        ref = notice->noticeref;
+        BIO_printf(out, "%*sOrganization: %s\n", indent, "",
+                   ref->organization->data);
+        BIO_printf(out, "%*sNumber%s: ", indent, "",
+                   sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : "");
+        for (i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) {
+            ASN1_INTEGER *num;
+            char *tmp;
+            num = sk_ASN1_INTEGER_value(ref->noticenos, i);
+            if (i)
+                BIO_puts(out, ", ");
+            if (num == NULL)
+                BIO_puts(out, "(null)");
+            else {
+                tmp = i2s_ASN1_INTEGER(NULL, num);
+                if (tmp == NULL)
+                    return;
+                BIO_puts(out, tmp);
+                OPENSSL_free(tmp);
+            }
+        }
+        BIO_puts(out, "\n");
+    }
+    if (notice->exptext)
+        BIO_printf(out, "%*sExplicit Text: %s\n", indent, "",
+                   notice->exptext->data);
+}
+
+void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent)
+{
+    const X509_POLICY_DATA *dat = node->data;
+
+    BIO_printf(out, "%*sPolicy: ", indent, "");
+
+    i2a_ASN1_OBJECT(out, dat->valid_policy);
+    BIO_puts(out, "\n");
+    BIO_printf(out, "%*s%s\n", indent + 2, "",
+               node_data_critical(dat) ? "Critical" : "Non Critical");
+    if (dat->qualifier_set)
+        print_qualifiers(out, dat->qualifier_set, indent + 2);
+    else
+        BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, "");
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_crld.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_crld.c
new file mode 100644
index 000000000..6cba4240a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_crld.c
@@ -0,0 +1,506 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+
+#include "internal/x509_int.h"
+#include "ext_dat.h"
+
+static void *v2i_crld(const X509V3_EXT_METHOD *method,
+                      X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,
+                     int indent);
+
+const X509V3_EXT_METHOD v3_crld = {
+    NID_crl_distribution_points, 0, ASN1_ITEM_ref(CRL_DIST_POINTS),
+    0, 0, 0, 0,
+    0, 0,
+    0,
+    v2i_crld,
+    i2r_crldp, 0,
+    NULL
+};
+
+const X509V3_EXT_METHOD v3_freshest_crl = {
+    NID_freshest_crl, 0, ASN1_ITEM_ref(CRL_DIST_POINTS),
+    0, 0, 0, 0,
+    0, 0,
+    0,
+    v2i_crld,
+    i2r_crldp, 0,
+    NULL
+};
+
+static STACK_OF(GENERAL_NAME) *gnames_from_sectname(X509V3_CTX *ctx,
+                                                    char *sect)
+{
+    STACK_OF(CONF_VALUE) *gnsect;
+    STACK_OF(GENERAL_NAME) *gens;
+    if (*sect == '@')
+        gnsect = X509V3_get_section(ctx, sect + 1);
+    else
+        gnsect = X509V3_parse_list(sect);
+    if (!gnsect) {
+        X509V3err(X509V3_F_GNAMES_FROM_SECTNAME, X509V3_R_SECTION_NOT_FOUND);
+        return NULL;
+    }
+    gens = v2i_GENERAL_NAMES(NULL, ctx, gnsect);
+    if (*sect == '@')
+        X509V3_section_free(ctx, gnsect);
+    else
+        sk_CONF_VALUE_pop_free(gnsect, X509V3_conf_free);
+    return gens;
+}
+
+static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx,
+                               CONF_VALUE *cnf)
+{
+    STACK_OF(GENERAL_NAME) *fnm = NULL;
+    STACK_OF(X509_NAME_ENTRY) *rnm = NULL;
+
+    if (strncmp(cnf->name, "fullname", 9) == 0) {
+        fnm = gnames_from_sectname(ctx, cnf->value);
+        if (!fnm)
+            goto err;
+    } else if (strcmp(cnf->name, "relativename") == 0) {
+        int ret;
+        STACK_OF(CONF_VALUE) *dnsect;
+        X509_NAME *nm;
+        nm = X509_NAME_new();
+        if (nm == NULL)
+            return -1;
+        dnsect = X509V3_get_section(ctx, cnf->value);
+        if (!dnsect) {
+            X509V3err(X509V3_F_SET_DIST_POINT_NAME,
+                      X509V3_R_SECTION_NOT_FOUND);
+            return -1;
+        }
+        ret = X509V3_NAME_from_section(nm, dnsect, MBSTRING_ASC);
+        X509V3_section_free(ctx, dnsect);
+        rnm = nm->entries;
+        nm->entries = NULL;
+        X509_NAME_free(nm);
+        if (!ret || sk_X509_NAME_ENTRY_num(rnm) <= 0)
+            goto err;
+        /*
+         * Since its a name fragment can't have more than one RDNSequence
+         */
+        if (sk_X509_NAME_ENTRY_value(rnm,
+                                     sk_X509_NAME_ENTRY_num(rnm) - 1)->set) {
+            X509V3err(X509V3_F_SET_DIST_POINT_NAME,
+                      X509V3_R_INVALID_MULTIPLE_RDNS);
+            goto err;
+        }
+    } else
+        return 0;
+
+    if (*pdp) {
+        X509V3err(X509V3_F_SET_DIST_POINT_NAME,
+                  X509V3_R_DISTPOINT_ALREADY_SET);
+        goto err;
+    }
+
+    *pdp = DIST_POINT_NAME_new();
+    if (*pdp == NULL)
+        goto err;
+    if (fnm) {
+        (*pdp)->type = 0;
+        (*pdp)->name.fullname = fnm;
+    } else {
+        (*pdp)->type = 1;
+        (*pdp)->name.relativename = rnm;
+    }
+
+    return 1;
+
+ err:
+    sk_GENERAL_NAME_pop_free(fnm, GENERAL_NAME_free);
+    sk_X509_NAME_ENTRY_pop_free(rnm, X509_NAME_ENTRY_free);
+    return -1;
+}
+
+static const BIT_STRING_BITNAME reason_flags[] = {
+    {0, "Unused", "unused"},
+    {1, "Key Compromise", "keyCompromise"},
+    {2, "CA Compromise", "CACompromise"},
+    {3, "Affiliation Changed", "affiliationChanged"},
+    {4, "Superseded", "superseded"},
+    {5, "Cessation Of Operation", "cessationOfOperation"},
+    {6, "Certificate Hold", "certificateHold"},
+    {7, "Privilege Withdrawn", "privilegeWithdrawn"},
+    {8, "AA Compromise", "AACompromise"},
+    {-1, NULL, NULL}
+};
+
+static int set_reasons(ASN1_BIT_STRING **preas, char *value)
+{
+    STACK_OF(CONF_VALUE) *rsk = NULL;
+    const BIT_STRING_BITNAME *pbn;
+    const char *bnam;
+    int i, ret = 0;
+    rsk = X509V3_parse_list(value);
+    if (rsk == NULL)
+        return 0;
+    if (*preas != NULL)
+        goto err;
+    for (i = 0; i < sk_CONF_VALUE_num(rsk); i++) {
+        bnam = sk_CONF_VALUE_value(rsk, i)->name;
+        if (*preas == NULL) {
+            *preas = ASN1_BIT_STRING_new();
+            if (*preas == NULL)
+                goto err;
+        }
+        for (pbn = reason_flags; pbn->lname; pbn++) {
+            if (strcmp(pbn->sname, bnam) == 0) {
+                if (!ASN1_BIT_STRING_set_bit(*preas, pbn->bitnum, 1))
+                    goto err;
+                break;
+            }
+        }
+        if (!pbn->lname)
+            goto err;
+    }
+    ret = 1;
+
+ err:
+    sk_CONF_VALUE_pop_free(rsk, X509V3_conf_free);
+    return ret;
+}
+
+static int print_reasons(BIO *out, const char *rname,
+                         ASN1_BIT_STRING *rflags, int indent)
+{
+    int first = 1;
+    const BIT_STRING_BITNAME *pbn;
+    BIO_printf(out, "%*s%s:\n%*s", indent, "", rname, indent + 2, "");
+    for (pbn = reason_flags; pbn->lname; pbn++) {
+        if (ASN1_BIT_STRING_get_bit(rflags, pbn->bitnum)) {
+            if (first)
+                first = 0;
+            else
+                BIO_puts(out, ", ");
+            BIO_puts(out, pbn->lname);
+        }
+    }
+    if (first)
+        BIO_puts(out, "<EMPTY>\n");
+    else
+        BIO_puts(out, "\n");
+    return 1;
+}
+
+static DIST_POINT *crldp_from_section(X509V3_CTX *ctx,
+                                      STACK_OF(CONF_VALUE) *nval)
+{
+    int i;
+    CONF_VALUE *cnf;
+    DIST_POINT *point = DIST_POINT_new();
+
+    if (point == NULL)
+        goto err;
+    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+        int ret;
+        cnf = sk_CONF_VALUE_value(nval, i);
+        ret = set_dist_point_name(&point->distpoint, ctx, cnf);
+        if (ret > 0)
+            continue;
+        if (ret < 0)
+            goto err;
+        if (strcmp(cnf->name, "reasons") == 0) {
+            if (!set_reasons(&point->reasons, cnf->value))
+                goto err;
+        } else if (strcmp(cnf->name, "CRLissuer") == 0) {
+            point->CRLissuer = gnames_from_sectname(ctx, cnf->value);
+            if (!point->CRLissuer)
+                goto err;
+        }
+    }
+
+    return point;
+
+ err:
+    DIST_POINT_free(point);
+    return NULL;
+}
+
+static void *v2i_crld(const X509V3_EXT_METHOD *method,
+                      X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+{
+    STACK_OF(DIST_POINT) *crld;
+    GENERAL_NAMES *gens = NULL;
+    GENERAL_NAME *gen = NULL;
+    CONF_VALUE *cnf;
+    const int num = sk_CONF_VALUE_num(nval);
+    int i;
+
+    crld = sk_DIST_POINT_new_reserve(NULL, num);
+    if (crld == NULL)
+        goto merr;
+    for (i = 0; i < num; i++) {
+        DIST_POINT *point;
+
+        cnf = sk_CONF_VALUE_value(nval, i);
+        if (!cnf->value) {
+            STACK_OF(CONF_VALUE) *dpsect;
+            dpsect = X509V3_get_section(ctx, cnf->name);
+            if (!dpsect)
+                goto err;
+            point = crldp_from_section(ctx, dpsect);
+            X509V3_section_free(ctx, dpsect);
+            if (!point)
+                goto err;
+            sk_DIST_POINT_push(crld, point); /* no failure as it was reserved */
+        } else {
+            if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL)
+                goto err;
+            if ((gens = GENERAL_NAMES_new()) == NULL)
+                goto merr;
+            if (!sk_GENERAL_NAME_push(gens, gen))
+                goto merr;
+            gen = NULL;
+            if ((point = DIST_POINT_new()) == NULL)
+                goto merr;
+            sk_DIST_POINT_push(crld, point); /* no failure as it was reserved */
+            if ((point->distpoint = DIST_POINT_NAME_new()) == NULL)
+                goto merr;
+            point->distpoint->name.fullname = gens;
+            point->distpoint->type = 0;
+            gens = NULL;
+        }
+    }
+    return crld;
+
+ merr:
+    X509V3err(X509V3_F_V2I_CRLD, ERR_R_MALLOC_FAILURE);
+ err:
+    GENERAL_NAME_free(gen);
+    GENERAL_NAMES_free(gens);
+    sk_DIST_POINT_pop_free(crld, DIST_POINT_free);
+    return NULL;
+}
+
+static int dpn_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                  void *exarg)
+{
+    DIST_POINT_NAME *dpn = (DIST_POINT_NAME *)*pval;
+
+    switch (operation) {
+    case ASN1_OP_NEW_POST:
+        dpn->dpname = NULL;
+        break;
+
+    case ASN1_OP_FREE_POST:
+        X509_NAME_free(dpn->dpname);
+        break;
+    }
+    return 1;
+}
+
+
+ASN1_CHOICE_cb(DIST_POINT_NAME, dpn_cb) = {
+        ASN1_IMP_SEQUENCE_OF(DIST_POINT_NAME, name.fullname, GENERAL_NAME, 0),
+        ASN1_IMP_SET_OF(DIST_POINT_NAME, name.relativename, X509_NAME_ENTRY, 1)
+} ASN1_CHOICE_END_cb(DIST_POINT_NAME, DIST_POINT_NAME, type)
+
+
+IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT_NAME)
+
+ASN1_SEQUENCE(DIST_POINT) = {
+        ASN1_EXP_OPT(DIST_POINT, distpoint, DIST_POINT_NAME, 0),
+        ASN1_IMP_OPT(DIST_POINT, reasons, ASN1_BIT_STRING, 1),
+        ASN1_IMP_SEQUENCE_OF_OPT(DIST_POINT, CRLissuer, GENERAL_NAME, 2)
+} ASN1_SEQUENCE_END(DIST_POINT)
+
+IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT)
+
+ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CRLDistributionPoints, DIST_POINT)
+ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS)
+
+IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS)
+
+ASN1_SEQUENCE(ISSUING_DIST_POINT) = {
+        ASN1_EXP_OPT(ISSUING_DIST_POINT, distpoint, DIST_POINT_NAME, 0),
+        ASN1_IMP_OPT(ISSUING_DIST_POINT, onlyuser, ASN1_FBOOLEAN, 1),
+        ASN1_IMP_OPT(ISSUING_DIST_POINT, onlyCA, ASN1_FBOOLEAN, 2),
+        ASN1_IMP_OPT(ISSUING_DIST_POINT, onlysomereasons, ASN1_BIT_STRING, 3),
+        ASN1_IMP_OPT(ISSUING_DIST_POINT, indirectCRL, ASN1_FBOOLEAN, 4),
+        ASN1_IMP_OPT(ISSUING_DIST_POINT, onlyattr, ASN1_FBOOLEAN, 5)
+} ASN1_SEQUENCE_END(ISSUING_DIST_POINT)
+
+IMPLEMENT_ASN1_FUNCTIONS(ISSUING_DIST_POINT)
+
+static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out,
+                   int indent);
+static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+                     STACK_OF(CONF_VALUE) *nval);
+
+const X509V3_EXT_METHOD v3_idp = {
+    NID_issuing_distribution_point, X509V3_EXT_MULTILINE,
+    ASN1_ITEM_ref(ISSUING_DIST_POINT),
+    0, 0, 0, 0,
+    0, 0,
+    0,
+    v2i_idp,
+    i2r_idp, 0,
+    NULL
+};
+
+static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+                     STACK_OF(CONF_VALUE) *nval)
+{
+    ISSUING_DIST_POINT *idp = NULL;
+    CONF_VALUE *cnf;
+    char *name, *val;
+    int i, ret;
+    idp = ISSUING_DIST_POINT_new();
+    if (idp == NULL)
+        goto merr;
+    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+        cnf = sk_CONF_VALUE_value(nval, i);
+        name = cnf->name;
+        val = cnf->value;
+        ret = set_dist_point_name(&idp->distpoint, ctx, cnf);
+        if (ret > 0)
+            continue;
+        if (ret < 0)
+            goto err;
+        if (strcmp(name, "onlyuser") == 0) {
+            if (!X509V3_get_value_bool(cnf, &idp->onlyuser))
+                goto err;
+        } else if (strcmp(name, "onlyCA") == 0) {
+            if (!X509V3_get_value_bool(cnf, &idp->onlyCA))
+                goto err;
+        } else if (strcmp(name, "onlyAA") == 0) {
+            if (!X509V3_get_value_bool(cnf, &idp->onlyattr))
+                goto err;
+        } else if (strcmp(name, "indirectCRL") == 0) {
+            if (!X509V3_get_value_bool(cnf, &idp->indirectCRL))
+                goto err;
+        } else if (strcmp(name, "onlysomereasons") == 0) {
+            if (!set_reasons(&idp->onlysomereasons, val))
+                goto err;
+        } else {
+            X509V3err(X509V3_F_V2I_IDP, X509V3_R_INVALID_NAME);
+            X509V3_conf_err(cnf);
+            goto err;
+        }
+    }
+    return idp;
+
+ merr:
+    X509V3err(X509V3_F_V2I_IDP, ERR_R_MALLOC_FAILURE);
+ err:
+    ISSUING_DIST_POINT_free(idp);
+    return NULL;
+}
+
+static int print_gens(BIO *out, STACK_OF(GENERAL_NAME) *gens, int indent)
+{
+    int i;
+    for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
+        BIO_printf(out, "%*s", indent + 2, "");
+        GENERAL_NAME_print(out, sk_GENERAL_NAME_value(gens, i));
+        BIO_puts(out, "\n");
+    }
+    return 1;
+}
+
+static int print_distpoint(BIO *out, DIST_POINT_NAME *dpn, int indent)
+{
+    if (dpn->type == 0) {
+        BIO_printf(out, "%*sFull Name:\n", indent, "");
+        print_gens(out, dpn->name.fullname, indent);
+    } else {
+        X509_NAME ntmp;
+        ntmp.entries = dpn->name.relativename;
+        BIO_printf(out, "%*sRelative Name:\n%*s", indent, "", indent + 2, "");
+        X509_NAME_print_ex(out, &ntmp, 0, XN_FLAG_ONELINE);
+        BIO_puts(out, "\n");
+    }
+    return 1;
+}
+
+static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out,
+                   int indent)
+{
+    ISSUING_DIST_POINT *idp = pidp;
+    if (idp->distpoint)
+        print_distpoint(out, idp->distpoint, indent);
+    if (idp->onlyuser > 0)
+        BIO_printf(out, "%*sOnly User Certificates\n", indent, "");
+    if (idp->onlyCA > 0)
+        BIO_printf(out, "%*sOnly CA Certificates\n", indent, "");
+    if (idp->indirectCRL > 0)
+        BIO_printf(out, "%*sIndirect CRL\n", indent, "");
+    if (idp->onlysomereasons)
+        print_reasons(out, "Only Some Reasons", idp->onlysomereasons, indent);
+    if (idp->onlyattr > 0)
+        BIO_printf(out, "%*sOnly Attribute Certificates\n", indent, "");
+    if (!idp->distpoint && (idp->onlyuser <= 0) && (idp->onlyCA <= 0)
+        && (idp->indirectCRL <= 0) && !idp->onlysomereasons
+        && (idp->onlyattr <= 0))
+        BIO_printf(out, "%*s<EMPTY>\n", indent, "");
+
+    return 1;
+}
+
+static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,
+                     int indent)
+{
+    STACK_OF(DIST_POINT) *crld = pcrldp;
+    DIST_POINT *point;
+    int i;
+    for (i = 0; i < sk_DIST_POINT_num(crld); i++) {
+        BIO_puts(out, "\n");
+        point = sk_DIST_POINT_value(crld, i);
+        if (point->distpoint)
+            print_distpoint(out, point->distpoint, indent);
+        if (point->reasons)
+            print_reasons(out, "Reasons", point->reasons, indent);
+        if (point->CRLissuer) {
+            BIO_printf(out, "%*sCRL Issuer:\n", indent, "");
+            print_gens(out, point->CRLissuer, indent);
+        }
+    }
+    return 1;
+}
+
+int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname)
+{
+    int i;
+    STACK_OF(X509_NAME_ENTRY) *frag;
+    X509_NAME_ENTRY *ne;
+    if (!dpn || (dpn->type != 1))
+        return 1;
+    frag = dpn->name.relativename;
+    dpn->dpname = X509_NAME_dup(iname);
+    if (!dpn->dpname)
+        return 0;
+    for (i = 0; i < sk_X509_NAME_ENTRY_num(frag); i++) {
+        ne = sk_X509_NAME_ENTRY_value(frag, i);
+        if (!X509_NAME_add_entry(dpn->dpname, ne, -1, i ? 0 : 1)) {
+            X509_NAME_free(dpn->dpname);
+            dpn->dpname = NULL;
+            return 0;
+        }
+    }
+    /* generate cached encoding of name */
+    if (i2d_X509_NAME(dpn->dpname, NULL) < 0) {
+        X509_NAME_free(dpn->dpname);
+        dpn->dpname = NULL;
+        return 0;
+    }
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_enum.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_enum.c
new file mode 100644
index 000000000..3b0f19744
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_enum.c
@@ -0,0 +1,53 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+static ENUMERATED_NAMES crl_reasons[] = {
+    {CRL_REASON_UNSPECIFIED, "Unspecified", "unspecified"},
+    {CRL_REASON_KEY_COMPROMISE, "Key Compromise", "keyCompromise"},
+    {CRL_REASON_CA_COMPROMISE, "CA Compromise", "CACompromise"},
+    {CRL_REASON_AFFILIATION_CHANGED, "Affiliation Changed",
+     "affiliationChanged"},
+    {CRL_REASON_SUPERSEDED, "Superseded", "superseded"},
+    {CRL_REASON_CESSATION_OF_OPERATION,
+     "Cessation Of Operation", "cessationOfOperation"},
+    {CRL_REASON_CERTIFICATE_HOLD, "Certificate Hold", "certificateHold"},
+    {CRL_REASON_REMOVE_FROM_CRL, "Remove From CRL", "removeFromCRL"},
+    {CRL_REASON_PRIVILEGE_WITHDRAWN, "Privilege Withdrawn",
+     "privilegeWithdrawn"},
+    {CRL_REASON_AA_COMPROMISE, "AA Compromise", "AACompromise"},
+    {-1, NULL, NULL}
+};
+
+const X509V3_EXT_METHOD v3_crl_reason = {
+    NID_crl_reason, 0, ASN1_ITEM_ref(ASN1_ENUMERATED),
+    0, 0, 0, 0,
+    (X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE,
+    0,
+    0, 0, 0, 0,
+    crl_reasons
+};
+
+char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method,
+                                const ASN1_ENUMERATED *e)
+{
+    ENUMERATED_NAMES *enam;
+    long strval;
+
+    strval = ASN1_ENUMERATED_get(e);
+    for (enam = method->usr_data; enam->lname; enam++) {
+        if (strval == enam->bitnum)
+            return OPENSSL_strdup(enam->lname);
+    }
+    return i2s_ASN1_ENUMERATED(method, e);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_extku.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_extku.c
new file mode 100644
index 000000000..91b24376e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_extku.c
@@ -0,0 +1,103 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method,
+                                    X509V3_CTX *ctx,
+                                    STACK_OF(CONF_VALUE) *nval);
+static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD
+                                                    *method, void *eku, STACK_OF(CONF_VALUE)
+                                                    *extlist);
+
+const X509V3_EXT_METHOD v3_ext_ku = {
+    NID_ext_key_usage, 0,
+    ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
+    0, 0, 0, 0,
+    0, 0,
+    i2v_EXTENDED_KEY_USAGE,
+    v2i_EXTENDED_KEY_USAGE,
+    0, 0,
+    NULL
+};
+
+/* NB OCSP acceptable responses also is a SEQUENCE OF OBJECT */
+const X509V3_EXT_METHOD v3_ocsp_accresp = {
+    NID_id_pkix_OCSP_acceptableResponses, 0,
+    ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
+    0, 0, 0, 0,
+    0, 0,
+    i2v_EXTENDED_KEY_USAGE,
+    v2i_EXTENDED_KEY_USAGE,
+    0, 0,
+    NULL
+};
+
+ASN1_ITEM_TEMPLATE(EXTENDED_KEY_USAGE) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, EXTENDED_KEY_USAGE, ASN1_OBJECT)
+ASN1_ITEM_TEMPLATE_END(EXTENDED_KEY_USAGE)
+
+IMPLEMENT_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)
+
+static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD
+                                                    *method, void *a, STACK_OF(CONF_VALUE)
+                                                    *ext_list)
+{
+    EXTENDED_KEY_USAGE *eku = a;
+    int i;
+    ASN1_OBJECT *obj;
+    char obj_tmp[80];
+    for (i = 0; i < sk_ASN1_OBJECT_num(eku); i++) {
+        obj = sk_ASN1_OBJECT_value(eku, i);
+        i2t_ASN1_OBJECT(obj_tmp, 80, obj);
+        X509V3_add_value(NULL, obj_tmp, &ext_list);
+    }
+    return ext_list;
+}
+
+static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method,
+                                    X509V3_CTX *ctx,
+                                    STACK_OF(CONF_VALUE) *nval)
+{
+    EXTENDED_KEY_USAGE *extku;
+    char *extval;
+    ASN1_OBJECT *objtmp;
+    CONF_VALUE *val;
+    const int num = sk_CONF_VALUE_num(nval);
+    int i;
+
+    extku = sk_ASN1_OBJECT_new_reserve(NULL, num);
+    if (extku == NULL) {
+        X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE, ERR_R_MALLOC_FAILURE);
+        sk_ASN1_OBJECT_free(extku);
+        return NULL;
+    }
+
+    for (i = 0; i < num; i++) {
+        val = sk_CONF_VALUE_value(nval, i);
+        if (val->value)
+            extval = val->value;
+        else
+            extval = val->name;
+        if ((objtmp = OBJ_txt2obj(extval, 0)) == NULL) {
+            sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free);
+            X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE,
+                      X509V3_R_INVALID_OBJECT_IDENTIFIER);
+            X509V3_conf_err(val);
+            return NULL;
+        }
+        sk_ASN1_OBJECT_push(extku, objtmp);  /* no failure as it was reserved */
+    }
+    return extku;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_genn.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_genn.c
new file mode 100644
index 000000000..85fc3fc24
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_genn.c
@@ -0,0 +1,201 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+ASN1_SEQUENCE(OTHERNAME) = {
+        ASN1_SIMPLE(OTHERNAME, type_id, ASN1_OBJECT),
+        /* Maybe have a true ANY DEFINED BY later */
+        ASN1_EXP(OTHERNAME, value, ASN1_ANY, 0)
+} ASN1_SEQUENCE_END(OTHERNAME)
+
+IMPLEMENT_ASN1_FUNCTIONS(OTHERNAME)
+
+ASN1_SEQUENCE(EDIPARTYNAME) = {
+        ASN1_IMP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0),
+        ASN1_IMP_OPT(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1)
+} ASN1_SEQUENCE_END(EDIPARTYNAME)
+
+IMPLEMENT_ASN1_FUNCTIONS(EDIPARTYNAME)
+
+ASN1_CHOICE(GENERAL_NAME) = {
+        ASN1_IMP(GENERAL_NAME, d.otherName, OTHERNAME, GEN_OTHERNAME),
+        ASN1_IMP(GENERAL_NAME, d.rfc822Name, ASN1_IA5STRING, GEN_EMAIL),
+        ASN1_IMP(GENERAL_NAME, d.dNSName, ASN1_IA5STRING, GEN_DNS),
+        /* Don't decode this */
+        ASN1_IMP(GENERAL_NAME, d.x400Address, ASN1_SEQUENCE, GEN_X400),
+        /* X509_NAME is a CHOICE type so use EXPLICIT */
+        ASN1_EXP(GENERAL_NAME, d.directoryName, X509_NAME, GEN_DIRNAME),
+        ASN1_IMP(GENERAL_NAME, d.ediPartyName, EDIPARTYNAME, GEN_EDIPARTY),
+        ASN1_IMP(GENERAL_NAME, d.uniformResourceIdentifier, ASN1_IA5STRING, GEN_URI),
+        ASN1_IMP(GENERAL_NAME, d.iPAddress, ASN1_OCTET_STRING, GEN_IPADD),
+        ASN1_IMP(GENERAL_NAME, d.registeredID, ASN1_OBJECT, GEN_RID)
+} ASN1_CHOICE_END(GENERAL_NAME)
+
+IMPLEMENT_ASN1_FUNCTIONS(GENERAL_NAME)
+
+ASN1_ITEM_TEMPLATE(GENERAL_NAMES) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, GENERAL_NAME)
+ASN1_ITEM_TEMPLATE_END(GENERAL_NAMES)
+
+IMPLEMENT_ASN1_FUNCTIONS(GENERAL_NAMES)
+
+GENERAL_NAME *GENERAL_NAME_dup(GENERAL_NAME *a)
+{
+    return (GENERAL_NAME *)ASN1_dup((i2d_of_void *)i2d_GENERAL_NAME,
+                                    (d2i_of_void *)d2i_GENERAL_NAME,
+                                    (char *)a);
+}
+
+/* Returns 0 if they are equal, != 0 otherwise. */
+int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b)
+{
+    int result = -1;
+
+    if (!a || !b || a->type != b->type)
+        return -1;
+    switch (a->type) {
+    case GEN_X400:
+    case GEN_EDIPARTY:
+        result = ASN1_TYPE_cmp(a->d.other, b->d.other);
+        break;
+
+    case GEN_OTHERNAME:
+        result = OTHERNAME_cmp(a->d.otherName, b->d.otherName);
+        break;
+
+    case GEN_EMAIL:
+    case GEN_DNS:
+    case GEN_URI:
+        result = ASN1_STRING_cmp(a->d.ia5, b->d.ia5);
+        break;
+
+    case GEN_DIRNAME:
+        result = X509_NAME_cmp(a->d.dirn, b->d.dirn);
+        break;
+
+    case GEN_IPADD:
+        result = ASN1_OCTET_STRING_cmp(a->d.ip, b->d.ip);
+        break;
+
+    case GEN_RID:
+        result = OBJ_cmp(a->d.rid, b->d.rid);
+        break;
+    }
+    return result;
+}
+
+/* Returns 0 if they are equal, != 0 otherwise. */
+int OTHERNAME_cmp(OTHERNAME *a, OTHERNAME *b)
+{
+    int result = -1;
+
+    if (!a || !b)
+        return -1;
+    /* Check their type first. */
+    if ((result = OBJ_cmp(a->type_id, b->type_id)) != 0)
+        return result;
+    /* Check the value. */
+    result = ASN1_TYPE_cmp(a->value, b->value);
+    return result;
+}
+
+void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value)
+{
+    switch (type) {
+    case GEN_X400:
+    case GEN_EDIPARTY:
+        a->d.other = value;
+        break;
+
+    case GEN_OTHERNAME:
+        a->d.otherName = value;
+        break;
+
+    case GEN_EMAIL:
+    case GEN_DNS:
+    case GEN_URI:
+        a->d.ia5 = value;
+        break;
+
+    case GEN_DIRNAME:
+        a->d.dirn = value;
+        break;
+
+    case GEN_IPADD:
+        a->d.ip = value;
+        break;
+
+    case GEN_RID:
+        a->d.rid = value;
+        break;
+    }
+    a->type = type;
+}
+
+void *GENERAL_NAME_get0_value(GENERAL_NAME *a, int *ptype)
+{
+    if (ptype)
+        *ptype = a->type;
+    switch (a->type) {
+    case GEN_X400:
+    case GEN_EDIPARTY:
+        return a->d.other;
+
+    case GEN_OTHERNAME:
+        return a->d.otherName;
+
+    case GEN_EMAIL:
+    case GEN_DNS:
+    case GEN_URI:
+        return a->d.ia5;
+
+    case GEN_DIRNAME:
+        return a->d.dirn;
+
+    case GEN_IPADD:
+        return a->d.ip;
+
+    case GEN_RID:
+        return a->d.rid;
+
+    default:
+        return NULL;
+    }
+}
+
+int GENERAL_NAME_set0_othername(GENERAL_NAME *gen,
+                                ASN1_OBJECT *oid, ASN1_TYPE *value)
+{
+    OTHERNAME *oth;
+    oth = OTHERNAME_new();
+    if (oth == NULL)
+        return 0;
+    ASN1_TYPE_free(oth->value);
+    oth->type_id = oid;
+    oth->value = value;
+    GENERAL_NAME_set0_value(gen, GEN_OTHERNAME, oth);
+    return 1;
+}
+
+int GENERAL_NAME_get0_otherName(GENERAL_NAME *gen,
+                                ASN1_OBJECT **poid, ASN1_TYPE **pvalue)
+{
+    if (gen->type != GEN_OTHERNAME)
+        return 0;
+    if (poid)
+        *poid = gen->d.otherName->type_id;
+    if (pvalue)
+        *pvalue = gen->d.otherName->value;
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_ia5.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_ia5.c
new file mode 100644
index 000000000..c1170d461
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_ia5.c
@@ -0,0 +1,65 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+const X509V3_EXT_METHOD v3_ns_ia5_list[8] = {
+    EXT_IA5STRING(NID_netscape_base_url),
+    EXT_IA5STRING(NID_netscape_revocation_url),
+    EXT_IA5STRING(NID_netscape_ca_revocation_url),
+    EXT_IA5STRING(NID_netscape_renewal_url),
+    EXT_IA5STRING(NID_netscape_ca_policy_url),
+    EXT_IA5STRING(NID_netscape_ssl_server_name),
+    EXT_IA5STRING(NID_netscape_comment),
+    EXT_END
+};
+
+char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5)
+{
+    char *tmp;
+
+    if (!ia5 || !ia5->length)
+        return NULL;
+    if ((tmp = OPENSSL_malloc(ia5->length + 1)) == NULL) {
+        X509V3err(X509V3_F_I2S_ASN1_IA5STRING, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    memcpy(tmp, ia5->data, ia5->length);
+    tmp[ia5->length] = 0;
+    return tmp;
+}
+
+ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
+                                   X509V3_CTX *ctx, const char *str)
+{
+    ASN1_IA5STRING *ia5;
+    if (!str) {
+        X509V3err(X509V3_F_S2I_ASN1_IA5STRING,
+                  X509V3_R_INVALID_NULL_ARGUMENT);
+        return NULL;
+    }
+    if ((ia5 = ASN1_IA5STRING_new()) == NULL)
+        goto err;
+    if (!ASN1_STRING_set((ASN1_STRING *)ia5, str, strlen(str))) {
+        ASN1_IA5STRING_free(ia5);
+        return NULL;
+    }
+#ifdef CHARSET_EBCDIC
+    ebcdic2ascii(ia5->data, ia5->data, ia5->length);
+#endif                          /* CHARSET_EBCDIC */
+    return ia5;
+ err:
+    X509V3err(X509V3_F_S2I_ASN1_IA5STRING, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_info.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_info.c
new file mode 100644
index 000000000..7af9e23ae
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_info.c
@@ -0,0 +1,162 @@
+/*
+ * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD
+                                                       *method, AUTHORITY_INFO_ACCESS
+                                                       *ainfo, STACK_OF(CONF_VALUE)
+                                                       *ret);
+static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD
+                                                        *method,
+                                                        X509V3_CTX *ctx,
+                                                        STACK_OF(CONF_VALUE)
+                                                        *nval);
+
+const X509V3_EXT_METHOD v3_info = { NID_info_access, X509V3_EXT_MULTILINE,
+    ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
+    0, 0, 0, 0,
+    0, 0,
+    (X509V3_EXT_I2V) i2v_AUTHORITY_INFO_ACCESS,
+    (X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
+    0, 0,
+    NULL
+};
+
+const X509V3_EXT_METHOD v3_sinfo = { NID_sinfo_access, X509V3_EXT_MULTILINE,
+    ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
+    0, 0, 0, 0,
+    0, 0,
+    (X509V3_EXT_I2V) i2v_AUTHORITY_INFO_ACCESS,
+    (X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
+    0, 0,
+    NULL
+};
+
+ASN1_SEQUENCE(ACCESS_DESCRIPTION) = {
+        ASN1_SIMPLE(ACCESS_DESCRIPTION, method, ASN1_OBJECT),
+        ASN1_SIMPLE(ACCESS_DESCRIPTION, location, GENERAL_NAME)
+} ASN1_SEQUENCE_END(ACCESS_DESCRIPTION)
+
+IMPLEMENT_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)
+
+ASN1_ITEM_TEMPLATE(AUTHORITY_INFO_ACCESS) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, ACCESS_DESCRIPTION)
+ASN1_ITEM_TEMPLATE_END(AUTHORITY_INFO_ACCESS)
+
+IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
+
+static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(
+    X509V3_EXT_METHOD *method, AUTHORITY_INFO_ACCESS *ainfo,
+    STACK_OF(CONF_VALUE) *ret)
+{
+    ACCESS_DESCRIPTION *desc;
+    int i, nlen;
+    char objtmp[80], *ntmp;
+    CONF_VALUE *vtmp;
+    STACK_OF(CONF_VALUE) *tret = ret;
+
+    for (i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) {
+        STACK_OF(CONF_VALUE) *tmp;
+
+        desc = sk_ACCESS_DESCRIPTION_value(ainfo, i);
+        tmp = i2v_GENERAL_NAME(method, desc->location, tret);
+        if (tmp == NULL)
+            goto err;
+        tret = tmp;
+        vtmp = sk_CONF_VALUE_value(tret, i);
+        i2t_ASN1_OBJECT(objtmp, sizeof(objtmp), desc->method);
+        nlen = strlen(objtmp) + 3 + strlen(vtmp->name) + 1;
+        ntmp = OPENSSL_malloc(nlen);
+        if (ntmp == NULL)
+            goto err;
+        BIO_snprintf(ntmp, nlen, "%s - %s", objtmp, vtmp->name);
+        OPENSSL_free(vtmp->name);
+        vtmp->name = ntmp;
+    }
+    if (ret == NULL && tret == NULL)
+        return sk_CONF_VALUE_new_null();
+
+    return tret;
+ err:
+    X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS, ERR_R_MALLOC_FAILURE);
+    if (ret == NULL && tret != NULL)
+        sk_CONF_VALUE_pop_free(tret, X509V3_conf_free);
+    return NULL;
+}
+
+static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD
+                                                        *method,
+                                                        X509V3_CTX *ctx,
+                                                        STACK_OF(CONF_VALUE)
+                                                        *nval)
+{
+    AUTHORITY_INFO_ACCESS *ainfo = NULL;
+    CONF_VALUE *cnf, ctmp;
+    ACCESS_DESCRIPTION *acc;
+    int i, objlen;
+    const int num = sk_CONF_VALUE_num(nval);
+    char *objtmp, *ptmp;
+
+    if ((ainfo = sk_ACCESS_DESCRIPTION_new_reserve(NULL, num)) == NULL) {
+        X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    for (i = 0; i < num; i++) {
+        cnf = sk_CONF_VALUE_value(nval, i);
+        if ((acc = ACCESS_DESCRIPTION_new()) == NULL) {
+            X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,
+                      ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        sk_ACCESS_DESCRIPTION_push(ainfo, acc); /* Cannot fail due to reserve */
+        ptmp = strchr(cnf->name, ';');
+        if (!ptmp) {
+            X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,
+                      X509V3_R_INVALID_SYNTAX);
+            goto err;
+        }
+        objlen = ptmp - cnf->name;
+        ctmp.name = ptmp + 1;
+        ctmp.value = cnf->value;
+        if (!v2i_GENERAL_NAME_ex(acc->location, method, ctx, &ctmp, 0))
+            goto err;
+        if ((objtmp = OPENSSL_strndup(cnf->name, objlen)) == NULL) {
+            X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,
+                      ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        acc->method = OBJ_txt2obj(objtmp, 0);
+        if (!acc->method) {
+            X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,
+                      X509V3_R_BAD_OBJECT);
+            ERR_add_error_data(2, "value=", objtmp);
+            OPENSSL_free(objtmp);
+            goto err;
+        }
+        OPENSSL_free(objtmp);
+
+    }
+    return ainfo;
+ err:
+    sk_ACCESS_DESCRIPTION_pop_free(ainfo, ACCESS_DESCRIPTION_free);
+    return NULL;
+}
+
+int i2a_ACCESS_DESCRIPTION(BIO *bp, const ACCESS_DESCRIPTION *a)
+{
+    i2a_ASN1_OBJECT(bp, a->method);
+    return 2;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_int.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_int.c
new file mode 100644
index 000000000..690c90e8f
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_int.c
@@ -0,0 +1,43 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+const X509V3_EXT_METHOD v3_crl_num = {
+    NID_crl_number, 0, ASN1_ITEM_ref(ASN1_INTEGER),
+    0, 0, 0, 0,
+    (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
+    0,
+    0, 0, 0, 0, NULL
+};
+
+const X509V3_EXT_METHOD v3_delta_crl = {
+    NID_delta_crl, 0, ASN1_ITEM_ref(ASN1_INTEGER),
+    0, 0, 0, 0,
+    (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
+    0,
+    0, 0, 0, 0, NULL
+};
+
+static void *s2i_asn1_int(X509V3_EXT_METHOD *meth, X509V3_CTX *ctx,
+                          const char *value)
+{
+    return s2i_ASN1_INTEGER(meth, value);
+}
+
+const X509V3_EXT_METHOD v3_inhibit_anyp = {
+    NID_inhibit_any_policy, 0, ASN1_ITEM_ref(ASN1_INTEGER),
+    0, 0, 0, 0,
+    (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
+    (X509V3_EXT_S2I)s2i_asn1_int,
+    0, 0, 0, 0, NULL
+};
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_lib.c
new file mode 100644
index 000000000..97c1cbc20
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_lib.c
@@ -0,0 +1,303 @@
+/*
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* X509 v3 extension utilities */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+#include "ext_dat.h"
+
+static STACK_OF(X509V3_EXT_METHOD) *ext_list = NULL;
+
+static int ext_cmp(const X509V3_EXT_METHOD *const *a,
+                   const X509V3_EXT_METHOD *const *b);
+static void ext_list_free(X509V3_EXT_METHOD *ext);
+
+int X509V3_EXT_add(X509V3_EXT_METHOD *ext)
+{
+    if (ext_list == NULL
+        && (ext_list = sk_X509V3_EXT_METHOD_new(ext_cmp)) == NULL) {
+        X509V3err(X509V3_F_X509V3_EXT_ADD, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    if (!sk_X509V3_EXT_METHOD_push(ext_list, ext)) {
+        X509V3err(X509V3_F_X509V3_EXT_ADD, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    return 1;
+}
+
+static int ext_cmp(const X509V3_EXT_METHOD *const *a,
+                   const X509V3_EXT_METHOD *const *b)
+{
+    return ((*a)->ext_nid - (*b)->ext_nid);
+}
+
+DECLARE_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *,
+                           const X509V3_EXT_METHOD *, ext);
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *,
+                             const X509V3_EXT_METHOD *, ext);
+
+#include "standard_exts.h"
+
+const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)
+{
+    X509V3_EXT_METHOD tmp;
+    const X509V3_EXT_METHOD *t = &tmp, *const *ret;
+    int idx;
+
+    if (nid < 0)
+        return NULL;
+    tmp.ext_nid = nid;
+    ret = OBJ_bsearch_ext(&t, standard_exts, STANDARD_EXTENSION_COUNT);
+    if (ret)
+        return *ret;
+    if (!ext_list)
+        return NULL;
+    idx = sk_X509V3_EXT_METHOD_find(ext_list, &tmp);
+    return sk_X509V3_EXT_METHOD_value(ext_list, idx);
+}
+
+const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext)
+{
+    int nid;
+    if ((nid = OBJ_obj2nid(X509_EXTENSION_get_object(ext))) == NID_undef)
+        return NULL;
+    return X509V3_EXT_get_nid(nid);
+}
+
+int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist)
+{
+    for (; extlist->ext_nid != -1; extlist++)
+        if (!X509V3_EXT_add(extlist))
+            return 0;
+    return 1;
+}
+
+int X509V3_EXT_add_alias(int nid_to, int nid_from)
+{
+    const X509V3_EXT_METHOD *ext;
+    X509V3_EXT_METHOD *tmpext;
+
+    if ((ext = X509V3_EXT_get_nid(nid_from)) == NULL) {
+        X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS, X509V3_R_EXTENSION_NOT_FOUND);
+        return 0;
+    }
+    if ((tmpext = OPENSSL_malloc(sizeof(*tmpext))) == NULL) {
+        X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    *tmpext = *ext;
+    tmpext->ext_nid = nid_to;
+    tmpext->ext_flags |= X509V3_EXT_DYNAMIC;
+    return X509V3_EXT_add(tmpext);
+}
+
+void X509V3_EXT_cleanup(void)
+{
+    sk_X509V3_EXT_METHOD_pop_free(ext_list, ext_list_free);
+    ext_list = NULL;
+}
+
+static void ext_list_free(X509V3_EXT_METHOD *ext)
+{
+    if (ext->ext_flags & X509V3_EXT_DYNAMIC)
+        OPENSSL_free(ext);
+}
+
+/*
+ * Legacy function: we don't need to add standard extensions any more because
+ * they are now kept in ext_dat.h.
+ */
+
+int X509V3_add_standard_extensions(void)
+{
+    return 1;
+}
+
+/* Return an extension internal structure */
+
+void *X509V3_EXT_d2i(X509_EXTENSION *ext)
+{
+    const X509V3_EXT_METHOD *method;
+    const unsigned char *p;
+    ASN1_STRING *extvalue;
+    int extlen;
+
+    if ((method = X509V3_EXT_get(ext)) == NULL)
+        return NULL;
+    extvalue = X509_EXTENSION_get_data(ext);
+    p = ASN1_STRING_get0_data(extvalue);
+    extlen = ASN1_STRING_length(extvalue);
+    if (method->it)
+        return ASN1_item_d2i(NULL, &p, extlen, ASN1_ITEM_ptr(method->it));
+    return method->d2i(NULL, &p, extlen);
+}
+
+/*-
+ * Get critical flag and decoded version of extension from a NID.
+ * The "idx" variable returns the last found extension and can
+ * be used to retrieve multiple extensions of the same NID.
+ * However multiple extensions with the same NID is usually
+ * due to a badly encoded certificate so if idx is NULL we
+ * choke if multiple extensions exist.
+ * The "crit" variable is set to the critical value.
+ * The return value is the decoded extension or NULL on
+ * error. The actual error can have several different causes,
+ * the value of *crit reflects the cause:
+ * >= 0, extension found but not decoded (reflects critical value).
+ * -1 extension not found.
+ * -2 extension occurs more than once.
+ */
+
+void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
+                     int *idx)
+{
+    int lastpos, i;
+    X509_EXTENSION *ex, *found_ex = NULL;
+
+    if (!x) {
+        if (idx)
+            *idx = -1;
+        if (crit)
+            *crit = -1;
+        return NULL;
+    }
+    if (idx)
+        lastpos = *idx + 1;
+    else
+        lastpos = 0;
+    if (lastpos < 0)
+        lastpos = 0;
+    for (i = lastpos; i < sk_X509_EXTENSION_num(x); i++) {
+        ex = sk_X509_EXTENSION_value(x, i);
+        if (OBJ_obj2nid(X509_EXTENSION_get_object(ex)) == nid) {
+            if (idx) {
+                *idx = i;
+                found_ex = ex;
+                break;
+            } else if (found_ex) {
+                /* Found more than one */
+                if (crit)
+                    *crit = -2;
+                return NULL;
+            }
+            found_ex = ex;
+        }
+    }
+    if (found_ex) {
+        /* Found it */
+        if (crit)
+            *crit = X509_EXTENSION_get_critical(found_ex);
+        return X509V3_EXT_d2i(found_ex);
+    }
+
+    /* Extension not found */
+    if (idx)
+        *idx = -1;
+    if (crit)
+        *crit = -1;
+    return NULL;
+}
+
+/*
+ * This function is a general extension append, replace and delete utility.
+ * The precise operation is governed by the 'flags' value. The 'crit' and
+ * 'value' arguments (if relevant) are the extensions internal structure.
+ */
+
+int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
+                    int crit, unsigned long flags)
+{
+    int errcode, extidx = -1;
+    X509_EXTENSION *ext = NULL, *extmp;
+    STACK_OF(X509_EXTENSION) *ret = NULL;
+    unsigned long ext_op = flags & X509V3_ADD_OP_MASK;
+
+    /*
+     * If appending we don't care if it exists, otherwise look for existing
+     * extension.
+     */
+    if (ext_op != X509V3_ADD_APPEND)
+        extidx = X509v3_get_ext_by_NID(*x, nid, -1);
+
+    /* See if extension exists */
+    if (extidx >= 0) {
+        /* If keep existing, nothing to do */
+        if (ext_op == X509V3_ADD_KEEP_EXISTING)
+            return 1;
+        /* If default then its an error */
+        if (ext_op == X509V3_ADD_DEFAULT) {
+            errcode = X509V3_R_EXTENSION_EXISTS;
+            goto err;
+        }
+        /* If delete, just delete it */
+        if (ext_op == X509V3_ADD_DELETE) {
+            if (!sk_X509_EXTENSION_delete(*x, extidx))
+                return -1;
+            return 1;
+        }
+    } else {
+        /*
+         * If replace existing or delete, error since extension must exist
+         */
+        if ((ext_op == X509V3_ADD_REPLACE_EXISTING) ||
+            (ext_op == X509V3_ADD_DELETE)) {
+            errcode = X509V3_R_EXTENSION_NOT_FOUND;
+            goto err;
+        }
+    }
+
+    /*
+     * If we get this far then we have to create an extension: could have
+     * some flags for alternative encoding schemes...
+     */
+
+    ext = X509V3_EXT_i2d(nid, crit, value);
+
+    if (!ext) {
+        X509V3err(X509V3_F_X509V3_ADD1_I2D,
+                  X509V3_R_ERROR_CREATING_EXTENSION);
+        return 0;
+    }
+
+    /* If extension exists replace it.. */
+    if (extidx >= 0) {
+        extmp = sk_X509_EXTENSION_value(*x, extidx);
+        X509_EXTENSION_free(extmp);
+        if (!sk_X509_EXTENSION_set(*x, extidx, ext))
+            return -1;
+        return 1;
+    }
+
+    ret = *x;
+    if (*x == NULL
+        && (ret = sk_X509_EXTENSION_new_null()) == NULL)
+        goto m_fail;
+    if (!sk_X509_EXTENSION_push(ret, ext))
+        goto m_fail;
+
+    *x = ret;
+    return 1;
+
+ m_fail:
+    /* X509V3err(X509V3_F_X509V3_ADD1_I2D, ERR_R_MALLOC_FAILURE); */
+    if (ret != *x)
+        sk_X509_EXTENSION_free(ret);
+    X509_EXTENSION_free(ext);
+    return -1;
+
+ err:
+    if (!(flags & X509V3_ADD_SILENT))
+        X509V3err(X509V3_F_X509V3_ADD1_I2D, errcode);
+    return 0;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_ncons.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_ncons.c
new file mode 100644
index 000000000..9a2cd5af0
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_ncons.c
@@ -0,0 +1,675 @@
+/*
+ * Copyright 2003-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include "internal/numbers.h"
+#include <stdio.h>
+#include "internal/asn1_int.h"
+#include <openssl/asn1t.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+#include "internal/x509_int.h"
+#include "ext_dat.h"
+
+static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
+                                  X509V3_CTX *ctx,
+                                  STACK_OF(CONF_VALUE) *nval);
+static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a,
+                                BIO *bp, int ind);
+static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method,
+                                   STACK_OF(GENERAL_SUBTREE) *trees, BIO *bp,
+                                   int ind, const char *name);
+static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip);
+
+static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc);
+static int nc_match_single(GENERAL_NAME *sub, GENERAL_NAME *gen);
+static int nc_dn(X509_NAME *sub, X509_NAME *nm);
+static int nc_dns(ASN1_IA5STRING *sub, ASN1_IA5STRING *dns);
+static int nc_email(ASN1_IA5STRING *sub, ASN1_IA5STRING *eml);
+static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base);
+static int nc_ip(ASN1_OCTET_STRING *ip, ASN1_OCTET_STRING *base);
+
+const X509V3_EXT_METHOD v3_name_constraints = {
+    NID_name_constraints, 0,
+    ASN1_ITEM_ref(NAME_CONSTRAINTS),
+    0, 0, 0, 0,
+    0, 0,
+    0, v2i_NAME_CONSTRAINTS,
+    i2r_NAME_CONSTRAINTS, 0,
+    NULL
+};
+
+ASN1_SEQUENCE(GENERAL_SUBTREE) = {
+        ASN1_SIMPLE(GENERAL_SUBTREE, base, GENERAL_NAME),
+        ASN1_IMP_OPT(GENERAL_SUBTREE, minimum, ASN1_INTEGER, 0),
+        ASN1_IMP_OPT(GENERAL_SUBTREE, maximum, ASN1_INTEGER, 1)
+} ASN1_SEQUENCE_END(GENERAL_SUBTREE)
+
+ASN1_SEQUENCE(NAME_CONSTRAINTS) = {
+        ASN1_IMP_SEQUENCE_OF_OPT(NAME_CONSTRAINTS, permittedSubtrees,
+                                                        GENERAL_SUBTREE, 0),
+        ASN1_IMP_SEQUENCE_OF_OPT(NAME_CONSTRAINTS, excludedSubtrees,
+                                                        GENERAL_SUBTREE, 1),
+} ASN1_SEQUENCE_END(NAME_CONSTRAINTS)
+
+
+IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
+IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
+
+/*
+ * We cannot use strncasecmp here because that applies locale specific rules.
+ * For example in Turkish 'I' is not the uppercase character for 'i'. We need to
+ * do a simple ASCII case comparison ignoring the locale (that is why we use
+ * numeric constants below).
+ */
+static int ia5ncasecmp(const char *s1, const char *s2, size_t n)
+{
+    for (; n > 0; n--, s1++, s2++) {
+        if (*s1 != *s2) {
+            unsigned char c1 = (unsigned char)*s1, c2 = (unsigned char)*s2;
+
+            /* Convert to lower case */
+            if (c1 >= 0x41 /* A */ && c1 <= 0x5A /* Z */)
+                c1 += 0x20;
+            if (c2 >= 0x41 /* A */ && c2 <= 0x5A /* Z */)
+                c2 += 0x20;
+
+            if (c1 == c2)
+                continue;
+
+            if (c1 < c2)
+                return -1;
+
+            /* c1 > c2 */
+            return 1;
+        } else if (*s1 == 0) {
+            /* If we get here we know that *s2 == 0 too */
+            return 0;
+        }
+    }
+
+    return 0;
+}
+
+static int ia5casecmp(const char *s1, const char *s2)
+{
+    return ia5ncasecmp(s1, s2, SIZE_MAX);
+}
+
+static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
+                                  X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+{
+    int i;
+    CONF_VALUE tval, *val;
+    STACK_OF(GENERAL_SUBTREE) **ptree = NULL;
+    NAME_CONSTRAINTS *ncons = NULL;
+    GENERAL_SUBTREE *sub = NULL;
+
+    ncons = NAME_CONSTRAINTS_new();
+    if (ncons == NULL)
+        goto memerr;
+    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+        val = sk_CONF_VALUE_value(nval, i);
+        if (strncmp(val->name, "permitted", 9) == 0 && val->name[9]) {
+            ptree = &ncons->permittedSubtrees;
+            tval.name = val->name + 10;
+        } else if (strncmp(val->name, "excluded", 8) == 0 && val->name[8]) {
+            ptree = &ncons->excludedSubtrees;
+            tval.name = val->name + 9;
+        } else {
+            X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, X509V3_R_INVALID_SYNTAX);
+            goto err;
+        }
+        tval.value = val->value;
+        sub = GENERAL_SUBTREE_new();
+        if (sub == NULL)
+            goto memerr;
+        if (!v2i_GENERAL_NAME_ex(sub->base, method, ctx, &tval, 1))
+            goto err;
+        if (*ptree == NULL)
+            *ptree = sk_GENERAL_SUBTREE_new_null();
+        if (*ptree == NULL || !sk_GENERAL_SUBTREE_push(*ptree, sub))
+            goto memerr;
+        sub = NULL;
+    }
+
+    return ncons;
+
+ memerr:
+    X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
+ err:
+    NAME_CONSTRAINTS_free(ncons);
+    GENERAL_SUBTREE_free(sub);
+
+    return NULL;
+}
+
+static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a,
+                                BIO *bp, int ind)
+{
+    NAME_CONSTRAINTS *ncons = a;
+    do_i2r_name_constraints(method, ncons->permittedSubtrees,
+                            bp, ind, "Permitted");
+    do_i2r_name_constraints(method, ncons->excludedSubtrees,
+                            bp, ind, "Excluded");
+    return 1;
+}
+
+static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method,
+                                   STACK_OF(GENERAL_SUBTREE) *trees,
+                                   BIO *bp, int ind, const char *name)
+{
+    GENERAL_SUBTREE *tree;
+    int i;
+    if (sk_GENERAL_SUBTREE_num(trees) > 0)
+        BIO_printf(bp, "%*s%s:\n", ind, "", name);
+    for (i = 0; i < sk_GENERAL_SUBTREE_num(trees); i++) {
+        tree = sk_GENERAL_SUBTREE_value(trees, i);
+        BIO_printf(bp, "%*s", ind + 2, "");
+        if (tree->base->type == GEN_IPADD)
+            print_nc_ipadd(bp, tree->base->d.ip);
+        else
+            GENERAL_NAME_print(bp, tree->base);
+        BIO_puts(bp, "\n");
+    }
+    return 1;
+}
+
+static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip)
+{
+    int i, len;
+    unsigned char *p;
+    p = ip->data;
+    len = ip->length;
+    BIO_puts(bp, "IP:");
+    if (len == 8) {
+        BIO_printf(bp, "%d.%d.%d.%d/%d.%d.%d.%d",
+                   p[0], p[1], p[2], p[3], p[4], p[5], p[6], p[7]);
+    } else if (len == 32) {
+        for (i = 0; i < 16; i++) {
+            BIO_printf(bp, "%X", p[0] << 8 | p[1]);
+            p += 2;
+            if (i == 7)
+                BIO_puts(bp, "/");
+            else if (i != 15)
+                BIO_puts(bp, ":");
+        }
+    } else
+        BIO_printf(bp, "IP Address:<invalid>");
+    return 1;
+}
+
+#define NAME_CHECK_MAX (1 << 20)
+
+static int add_lengths(int *out, int a, int b)
+{
+    /* sk_FOO_num(NULL) returns -1 but is effectively 0 when iterating. */
+    if (a < 0)
+        a = 0;
+    if (b < 0)
+        b = 0;
+
+    if (a > INT_MAX - b)
+        return 0;
+    *out = a + b;
+    return 1;
+}
+
+/*-
+ * Check a certificate conforms to a specified set of constraints.
+ * Return values:
+ *  X509_V_OK: All constraints obeyed.
+ *  X509_V_ERR_PERMITTED_VIOLATION: Permitted subtree violation.
+ *  X509_V_ERR_EXCLUDED_VIOLATION: Excluded subtree violation.
+ *  X509_V_ERR_SUBTREE_MINMAX: Min or max values present and matching type.
+ *  X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE:  Unsupported constraint type.
+ *  X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: bad unsupported constraint syntax.
+ *  X509_V_ERR_UNSUPPORTED_NAME_SYNTAX: bad or unsupported syntax of name
+ */
+
+int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc)
+{
+    int r, i, name_count, constraint_count;
+    X509_NAME *nm;
+
+    nm = X509_get_subject_name(x);
+
+    /*
+     * Guard against certificates with an excessive number of names or
+     * constraints causing a computationally expensive name constraints check.
+     */
+    if (!add_lengths(&name_count, X509_NAME_entry_count(nm),
+                     sk_GENERAL_NAME_num(x->altname))
+        || !add_lengths(&constraint_count,
+                        sk_GENERAL_SUBTREE_num(nc->permittedSubtrees),
+                        sk_GENERAL_SUBTREE_num(nc->excludedSubtrees))
+        || (name_count > 0 && constraint_count > NAME_CHECK_MAX / name_count))
+        return X509_V_ERR_UNSPECIFIED;
+
+    if (X509_NAME_entry_count(nm) > 0) {
+        GENERAL_NAME gntmp;
+        gntmp.type = GEN_DIRNAME;
+        gntmp.d.directoryName = nm;
+
+        r = nc_match(&gntmp, nc);
+
+        if (r != X509_V_OK)
+            return r;
+
+        gntmp.type = GEN_EMAIL;
+
+        /* Process any email address attributes in subject name */
+
+        for (i = -1;;) {
+            const X509_NAME_ENTRY *ne;
+
+            i = X509_NAME_get_index_by_NID(nm, NID_pkcs9_emailAddress, i);
+            if (i == -1)
+                break;
+            ne = X509_NAME_get_entry(nm, i);
+            gntmp.d.rfc822Name = X509_NAME_ENTRY_get_data(ne);
+            if (gntmp.d.rfc822Name->type != V_ASN1_IA5STRING)
+                return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
+
+            r = nc_match(&gntmp, nc);
+
+            if (r != X509_V_OK)
+                return r;
+        }
+
+    }
+
+    for (i = 0; i < sk_GENERAL_NAME_num(x->altname); i++) {
+        GENERAL_NAME *gen = sk_GENERAL_NAME_value(x->altname, i);
+        r = nc_match(gen, nc);
+        if (r != X509_V_OK)
+            return r;
+    }
+
+    return X509_V_OK;
+
+}
+
+static int cn2dnsid(ASN1_STRING *cn, unsigned char **dnsid, size_t *idlen)
+{
+    int utf8_length;
+    unsigned char *utf8_value;
+    int i;
+    int isdnsname = 0;
+
+    /* Don't leave outputs uninitialized */
+    *dnsid = NULL;
+    *idlen = 0;
+
+    /*-
+     * Per RFC 6125, DNS-IDs representing internationalized domain names appear
+     * in certificates in A-label encoded form:
+     *
+     *   https://tools.ietf.org/html/rfc6125#section-6.4.2
+     *
+     * The same applies to CNs which are intended to represent DNS names.
+     * However, while in the SAN DNS-IDs are IA5Strings, as CNs they may be
+     * needlessly encoded in 16-bit Unicode.  We perform a conversion to UTF-8
+     * to ensure that we get an ASCII representation of any CNs that are
+     * representable as ASCII, but just not encoded as ASCII.  The UTF-8 form
+     * may contain some non-ASCII octets, and that's fine, such CNs are not
+     * valid legacy DNS names.
+     *
+     * Note, 'int' is the return type of ASN1_STRING_to_UTF8() so that's what
+     * we must use for 'utf8_length'.
+     */
+    if ((utf8_length = ASN1_STRING_to_UTF8(&utf8_value, cn)) < 0)
+        return X509_V_ERR_OUT_OF_MEM;
+
+    /*
+     * Some certificates have had names that include a *trailing* NUL byte.
+     * Remove these harmless NUL characters. They would otherwise yield false
+     * alarms with the following embedded NUL check.
+     */
+    while (utf8_length > 0 && utf8_value[utf8_length - 1] == '\0')
+        --utf8_length;
+
+    /* Reject *embedded* NULs */
+    if ((size_t)utf8_length != strlen((char *)utf8_value)) {
+        OPENSSL_free(utf8_value);
+        return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
+    }
+
+    /*
+     * XXX: Deviation from strict DNS name syntax, also check names with '_'
+     * Check DNS name syntax, any '-' or '.' must be internal,
+     * and on either side of each '.' we can't have a '-' or '.'.
+     *
+     * If the name has just one label, we don't consider it a DNS name.  This
+     * means that "CN=sometld" cannot be precluded by DNS name constraints, but
+     * that is not a problem.
+     */
+    for (i = 0; i < utf8_length; ++i) {
+        unsigned char c = utf8_value[i];
+
+        if ((c >= 'a' && c <= 'z')
+            || (c >= 'A' && c <= 'Z')
+            || (c >= '0' && c <= '9')
+            || c == '_')
+            continue;
+
+        /* Dot and hyphen cannot be first or last. */
+        if (i > 0 && i < utf8_length - 1) {
+            if (c == '-')
+                continue;
+            /*
+             * Next to a dot the preceding and following characters must not be
+             * another dot or a hyphen.  Otherwise, record that the name is
+             * plausible, since it has two or more labels.
+             */
+            if (c == '.'
+                && utf8_value[i + 1] != '.'
+                && utf8_value[i - 1] != '-'
+                && utf8_value[i + 1] != '-') {
+                isdnsname = 1;
+                continue;
+            }
+        }
+        isdnsname = 0;
+        break;
+    }
+
+    if (isdnsname) {
+        *dnsid = utf8_value;
+        *idlen = (size_t)utf8_length;
+        return X509_V_OK;
+    }
+    OPENSSL_free(utf8_value);
+    return X509_V_OK;
+}
+
+/*
+ * Check CN against DNS-ID name constraints.
+ */
+int NAME_CONSTRAINTS_check_CN(X509 *x, NAME_CONSTRAINTS *nc)
+{
+    int r, i;
+    X509_NAME *nm = X509_get_subject_name(x);
+    ASN1_STRING stmp;
+    GENERAL_NAME gntmp;
+
+    stmp.flags = 0;
+    stmp.type = V_ASN1_IA5STRING;
+    gntmp.type = GEN_DNS;
+    gntmp.d.dNSName = &stmp;
+
+    /* Process any commonName attributes in subject name */
+
+    for (i = -1;;) {
+        X509_NAME_ENTRY *ne;
+        ASN1_STRING *cn;
+        unsigned char *idval;
+        size_t idlen;
+
+        i = X509_NAME_get_index_by_NID(nm, NID_commonName, i);
+        if (i == -1)
+            break;
+        ne = X509_NAME_get_entry(nm, i);
+        cn = X509_NAME_ENTRY_get_data(ne);
+
+        /* Only process attributes that look like host names */
+        if ((r = cn2dnsid(cn, &idval, &idlen)) != X509_V_OK)
+            return r;
+        if (idlen == 0)
+            continue;
+
+        stmp.length = idlen;
+        stmp.data = idval;
+        r = nc_match(&gntmp, nc);
+        OPENSSL_free(idval);
+        if (r != X509_V_OK)
+            return r;
+    }
+    return X509_V_OK;
+}
+
+static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc)
+{
+    GENERAL_SUBTREE *sub;
+    int i, r, match = 0;
+
+    /*
+     * Permitted subtrees: if any subtrees exist of matching the type at
+     * least one subtree must match.
+     */
+
+    for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->permittedSubtrees); i++) {
+        sub = sk_GENERAL_SUBTREE_value(nc->permittedSubtrees, i);
+        if (gen->type != sub->base->type)
+            continue;
+        if (sub->minimum || sub->maximum)
+            return X509_V_ERR_SUBTREE_MINMAX;
+        /* If we already have a match don't bother trying any more */
+        if (match == 2)
+            continue;
+        if (match == 0)
+            match = 1;
+        r = nc_match_single(gen, sub->base);
+        if (r == X509_V_OK)
+            match = 2;
+        else if (r != X509_V_ERR_PERMITTED_VIOLATION)
+            return r;
+    }
+
+    if (match == 1)
+        return X509_V_ERR_PERMITTED_VIOLATION;
+
+    /* Excluded subtrees: must not match any of these */
+
+    for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->excludedSubtrees); i++) {
+        sub = sk_GENERAL_SUBTREE_value(nc->excludedSubtrees, i);
+        if (gen->type != sub->base->type)
+            continue;
+        if (sub->minimum || sub->maximum)
+            return X509_V_ERR_SUBTREE_MINMAX;
+
+        r = nc_match_single(gen, sub->base);
+        if (r == X509_V_OK)
+            return X509_V_ERR_EXCLUDED_VIOLATION;
+        else if (r != X509_V_ERR_PERMITTED_VIOLATION)
+            return r;
+
+    }
+
+    return X509_V_OK;
+
+}
+
+static int nc_match_single(GENERAL_NAME *gen, GENERAL_NAME *base)
+{
+    switch (base->type) {
+    case GEN_DIRNAME:
+        return nc_dn(gen->d.directoryName, base->d.directoryName);
+
+    case GEN_DNS:
+        return nc_dns(gen->d.dNSName, base->d.dNSName);
+
+    case GEN_EMAIL:
+        return nc_email(gen->d.rfc822Name, base->d.rfc822Name);
+
+    case GEN_URI:
+        return nc_uri(gen->d.uniformResourceIdentifier,
+                      base->d.uniformResourceIdentifier);
+
+    case GEN_IPADD:
+        return nc_ip(gen->d.iPAddress, base->d.iPAddress);
+
+    default:
+        return X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE;
+    }
+
+}
+
+/*
+ * directoryName name constraint matching. The canonical encoding of
+ * X509_NAME makes this comparison easy. It is matched if the subtree is a
+ * subset of the name.
+ */
+
+static int nc_dn(X509_NAME *nm, X509_NAME *base)
+{
+    /* Ensure canonical encodings are up to date.  */
+    if (nm->modified && i2d_X509_NAME(nm, NULL) < 0)
+        return X509_V_ERR_OUT_OF_MEM;
+    if (base->modified && i2d_X509_NAME(base, NULL) < 0)
+        return X509_V_ERR_OUT_OF_MEM;
+    if (base->canon_enclen > nm->canon_enclen)
+        return X509_V_ERR_PERMITTED_VIOLATION;
+    if (memcmp(base->canon_enc, nm->canon_enc, base->canon_enclen))
+        return X509_V_ERR_PERMITTED_VIOLATION;
+    return X509_V_OK;
+}
+
+static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base)
+{
+    char *baseptr = (char *)base->data;
+    char *dnsptr = (char *)dns->data;
+    /* Empty matches everything */
+    if (!*baseptr)
+        return X509_V_OK;
+    /*
+     * Otherwise can add zero or more components on the left so compare RHS
+     * and if dns is longer and expect '.' as preceding character.
+     */
+    if (dns->length > base->length) {
+        dnsptr += dns->length - base->length;
+        if (*baseptr != '.' && dnsptr[-1] != '.')
+            return X509_V_ERR_PERMITTED_VIOLATION;
+    }
+
+    if (ia5casecmp(baseptr, dnsptr))
+        return X509_V_ERR_PERMITTED_VIOLATION;
+
+    return X509_V_OK;
+
+}
+
+static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base)
+{
+    const char *baseptr = (char *)base->data;
+    const char *emlptr = (char *)eml->data;
+
+    const char *baseat = strchr(baseptr, '@');
+    const char *emlat = strchr(emlptr, '@');
+    if (!emlat)
+        return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
+    /* Special case: initial '.' is RHS match */
+    if (!baseat && (*baseptr == '.')) {
+        if (eml->length > base->length) {
+            emlptr += eml->length - base->length;
+            if (ia5casecmp(baseptr, emlptr) == 0)
+                return X509_V_OK;
+        }
+        return X509_V_ERR_PERMITTED_VIOLATION;
+    }
+
+    /* If we have anything before '@' match local part */
+
+    if (baseat) {
+        if (baseat != baseptr) {
+            if ((baseat - baseptr) != (emlat - emlptr))
+                return X509_V_ERR_PERMITTED_VIOLATION;
+            /* Case sensitive match of local part */
+            if (strncmp(baseptr, emlptr, emlat - emlptr))
+                return X509_V_ERR_PERMITTED_VIOLATION;
+        }
+        /* Position base after '@' */
+        baseptr = baseat + 1;
+    }
+    emlptr = emlat + 1;
+    /* Just have hostname left to match: case insensitive */
+    if (ia5casecmp(baseptr, emlptr))
+        return X509_V_ERR_PERMITTED_VIOLATION;
+
+    return X509_V_OK;
+
+}
+
+static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base)
+{
+    const char *baseptr = (char *)base->data;
+    const char *hostptr = (char *)uri->data;
+    const char *p = strchr(hostptr, ':');
+    int hostlen;
+    /* Check for foo:// and skip past it */
+    if (!p || (p[1] != '/') || (p[2] != '/'))
+        return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
+    hostptr = p + 3;
+
+    /* Determine length of hostname part of URI */
+
+    /* Look for a port indicator as end of hostname first */
+
+    p = strchr(hostptr, ':');
+    /* Otherwise look for trailing slash */
+    if (!p)
+        p = strchr(hostptr, '/');
+
+    if (!p)
+        hostlen = strlen(hostptr);
+    else
+        hostlen = p - hostptr;
+
+    if (hostlen == 0)
+        return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
+
+    /* Special case: initial '.' is RHS match */
+    if (*baseptr == '.') {
+        if (hostlen > base->length) {
+            p = hostptr + hostlen - base->length;
+            if (ia5ncasecmp(p, baseptr, base->length) == 0)
+                return X509_V_OK;
+        }
+        return X509_V_ERR_PERMITTED_VIOLATION;
+    }
+
+    if ((base->length != (int)hostlen)
+        || ia5ncasecmp(hostptr, baseptr, hostlen))
+        return X509_V_ERR_PERMITTED_VIOLATION;
+
+    return X509_V_OK;
+
+}
+
+static int nc_ip(ASN1_OCTET_STRING *ip, ASN1_OCTET_STRING *base)
+{
+    int hostlen, baselen, i;
+    unsigned char *hostptr, *baseptr, *maskptr;
+    hostptr = ip->data;
+    hostlen = ip->length;
+    baseptr = base->data;
+    baselen = base->length;
+
+    /* Invalid if not IPv4 or IPv6 */
+    if (!((hostlen == 4) || (hostlen == 16)))
+        return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
+    if (!((baselen == 8) || (baselen == 32)))
+        return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
+
+    /* Do not match IPv4 with IPv6 */
+    if (hostlen * 2 != baselen)
+        return X509_V_ERR_PERMITTED_VIOLATION;
+
+    maskptr = base->data + hostlen;
+
+    /* Considering possible not aligned base ipAddress */
+    /* Not checking for wrong mask definition: i.e.: 255.0.255.0 */
+    for (i = 0; i < hostlen; i++)
+        if ((hostptr[i] & maskptr[i]) != (baseptr[i] & maskptr[i]))
+            return X509_V_ERR_PERMITTED_VIOLATION;
+
+    return X509_V_OK;
+
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_pci.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_pci.c
new file mode 100644
index 000000000..3d124fa6d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_pci.c
@@ -0,0 +1,325 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This file is dual-licensed and is also available under the following
+ * terms:
+ *
+ * Copyright (c) 2004 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext,
+                   BIO *out, int indent);
+static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
+                                          X509V3_CTX *ctx, char *str);
+
+const X509V3_EXT_METHOD v3_pci =
+    { NID_proxyCertInfo, 0, ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION),
+    0, 0, 0, 0,
+    0, 0,
+    NULL, NULL,
+    (X509V3_EXT_I2R)i2r_pci,
+    (X509V3_EXT_R2I)r2i_pci,
+    NULL,
+};
+
+static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci,
+                   BIO *out, int indent)
+{
+    BIO_printf(out, "%*sPath Length Constraint: ", indent, "");
+    if (pci->pcPathLengthConstraint)
+        i2a_ASN1_INTEGER(out, pci->pcPathLengthConstraint);
+    else
+        BIO_printf(out, "infinite");
+    BIO_puts(out, "\n");
+    BIO_printf(out, "%*sPolicy Language: ", indent, "");
+    i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage);
+    BIO_puts(out, "\n");
+    if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data)
+        BIO_printf(out, "%*sPolicy Text: %s\n", indent, "",
+                   pci->proxyPolicy->policy->data);
+    return 1;
+}
+
+static int process_pci_value(CONF_VALUE *val,
+                             ASN1_OBJECT **language, ASN1_INTEGER **pathlen,
+                             ASN1_OCTET_STRING **policy)
+{
+    int free_policy = 0;
+
+    if (strcmp(val->name, "language") == 0) {
+        if (*language) {
+            X509V3err(X509V3_F_PROCESS_PCI_VALUE,
+                      X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED);
+            X509V3_conf_err(val);
+            return 0;
+        }
+        if ((*language = OBJ_txt2obj(val->value, 0)) == NULL) {
+            X509V3err(X509V3_F_PROCESS_PCI_VALUE,
+                      X509V3_R_INVALID_OBJECT_IDENTIFIER);
+            X509V3_conf_err(val);
+            return 0;
+        }
+    } else if (strcmp(val->name, "pathlen") == 0) {
+        if (*pathlen) {
+            X509V3err(X509V3_F_PROCESS_PCI_VALUE,
+                      X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED);
+            X509V3_conf_err(val);
+            return 0;
+        }
+        if (!X509V3_get_value_int(val, pathlen)) {
+            X509V3err(X509V3_F_PROCESS_PCI_VALUE,
+                      X509V3_R_POLICY_PATH_LENGTH);
+            X509V3_conf_err(val);
+            return 0;
+        }
+    } else if (strcmp(val->name, "policy") == 0) {
+        unsigned char *tmp_data = NULL;
+        long val_len;
+        if (!*policy) {
+            *policy = ASN1_OCTET_STRING_new();
+            if (*policy == NULL) {
+                X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE);
+                X509V3_conf_err(val);
+                return 0;
+            }
+            free_policy = 1;
+        }
+        if (strncmp(val->value, "hex:", 4) == 0) {
+            unsigned char *tmp_data2 =
+                OPENSSL_hexstr2buf(val->value + 4, &val_len);
+
+            if (!tmp_data2) {
+                X509V3_conf_err(val);
+                goto err;
+            }
+
+            tmp_data = OPENSSL_realloc((*policy)->data,
+                                       (*policy)->length + val_len + 1);
+            if (tmp_data) {
+                (*policy)->data = tmp_data;
+                memcpy(&(*policy)->data[(*policy)->length],
+                       tmp_data2, val_len);
+                (*policy)->length += val_len;
+                (*policy)->data[(*policy)->length] = '\0';
+            } else {
+                OPENSSL_free(tmp_data2);
+                /*
+                 * realloc failure implies the original data space is b0rked
+                 * too!
+                 */
+                OPENSSL_free((*policy)->data);
+                (*policy)->data = NULL;
+                (*policy)->length = 0;
+                X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE);
+                X509V3_conf_err(val);
+                goto err;
+            }
+            OPENSSL_free(tmp_data2);
+        } else if (strncmp(val->value, "file:", 5) == 0) {
+            unsigned char buf[2048];
+            int n;
+            BIO *b = BIO_new_file(val->value + 5, "r");
+            if (!b) {
+                X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_BIO_LIB);
+                X509V3_conf_err(val);
+                goto err;
+            }
+            while ((n = BIO_read(b, buf, sizeof(buf))) > 0
+                   || (n == 0 && BIO_should_retry(b))) {
+                if (!n)
+                    continue;
+
+                tmp_data = OPENSSL_realloc((*policy)->data,
+                                           (*policy)->length + n + 1);
+
+                if (!tmp_data) {
+                    OPENSSL_free((*policy)->data);
+                    (*policy)->data = NULL;
+                    (*policy)->length = 0;
+                    X509V3err(X509V3_F_PROCESS_PCI_VALUE,
+                              ERR_R_MALLOC_FAILURE);
+                    X509V3_conf_err(val);
+                    BIO_free_all(b);
+                    goto err;
+                }
+
+                (*policy)->data = tmp_data;
+                memcpy(&(*policy)->data[(*policy)->length], buf, n);
+                (*policy)->length += n;
+                (*policy)->data[(*policy)->length] = '\0';
+            }
+            BIO_free_all(b);
+
+            if (n < 0) {
+                X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_BIO_LIB);
+                X509V3_conf_err(val);
+                goto err;
+            }
+        } else if (strncmp(val->value, "text:", 5) == 0) {
+            val_len = strlen(val->value + 5);
+            tmp_data = OPENSSL_realloc((*policy)->data,
+                                       (*policy)->length + val_len + 1);
+            if (tmp_data) {
+                (*policy)->data = tmp_data;
+                memcpy(&(*policy)->data[(*policy)->length],
+                       val->value + 5, val_len);
+                (*policy)->length += val_len;
+                (*policy)->data[(*policy)->length] = '\0';
+            } else {
+                /*
+                 * realloc failure implies the original data space is b0rked
+                 * too!
+                 */
+                OPENSSL_free((*policy)->data);
+                (*policy)->data = NULL;
+                (*policy)->length = 0;
+                X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE);
+                X509V3_conf_err(val);
+                goto err;
+            }
+        } else {
+            X509V3err(X509V3_F_PROCESS_PCI_VALUE,
+                      X509V3_R_INCORRECT_POLICY_SYNTAX_TAG);
+            X509V3_conf_err(val);
+            goto err;
+        }
+        if (!tmp_data) {
+            X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE);
+            X509V3_conf_err(val);
+            goto err;
+        }
+    }
+    return 1;
+ err:
+    if (free_policy) {
+        ASN1_OCTET_STRING_free(*policy);
+        *policy = NULL;
+    }
+    return 0;
+}
+
+static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
+                                          X509V3_CTX *ctx, char *value)
+{
+    PROXY_CERT_INFO_EXTENSION *pci = NULL;
+    STACK_OF(CONF_VALUE) *vals;
+    ASN1_OBJECT *language = NULL;
+    ASN1_INTEGER *pathlen = NULL;
+    ASN1_OCTET_STRING *policy = NULL;
+    int i, j;
+
+    vals = X509V3_parse_list(value);
+    for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
+        CONF_VALUE *cnf = sk_CONF_VALUE_value(vals, i);
+        if (!cnf->name || (*cnf->name != '@' && !cnf->value)) {
+            X509V3err(X509V3_F_R2I_PCI,
+                      X509V3_R_INVALID_PROXY_POLICY_SETTING);
+            X509V3_conf_err(cnf);
+            goto err;
+        }
+        if (*cnf->name == '@') {
+            STACK_OF(CONF_VALUE) *sect;
+            int success_p = 1;
+
+            sect = X509V3_get_section(ctx, cnf->name + 1);
+            if (!sect) {
+                X509V3err(X509V3_F_R2I_PCI, X509V3_R_INVALID_SECTION);
+                X509V3_conf_err(cnf);
+                goto err;
+            }
+            for (j = 0; success_p && j < sk_CONF_VALUE_num(sect); j++) {
+                success_p =
+                    process_pci_value(sk_CONF_VALUE_value(sect, j),
+                                      &language, &pathlen, &policy);
+            }
+            X509V3_section_free(ctx, sect);
+            if (!success_p)
+                goto err;
+        } else {
+            if (!process_pci_value(cnf, &language, &pathlen, &policy)) {
+                X509V3_conf_err(cnf);
+                goto err;
+            }
+        }
+    }
+
+    /* Language is mandatory */
+    if (!language) {
+        X509V3err(X509V3_F_R2I_PCI,
+                  X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED);
+        goto err;
+    }
+    i = OBJ_obj2nid(language);
+    if ((i == NID_Independent || i == NID_id_ppl_inheritAll) && policy) {
+        X509V3err(X509V3_F_R2I_PCI,
+                  X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY);
+        goto err;
+    }
+
+    pci = PROXY_CERT_INFO_EXTENSION_new();
+    if (pci == NULL) {
+        X509V3err(X509V3_F_R2I_PCI, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    pci->proxyPolicy->policyLanguage = language;
+    language = NULL;
+    pci->proxyPolicy->policy = policy;
+    policy = NULL;
+    pci->pcPathLengthConstraint = pathlen;
+    pathlen = NULL;
+    goto end;
+ err:
+    ASN1_OBJECT_free(language);
+    ASN1_INTEGER_free(pathlen);
+    pathlen = NULL;
+    ASN1_OCTET_STRING_free(policy);
+    policy = NULL;
+    PROXY_CERT_INFO_EXTENSION_free(pci);
+    pci = NULL;
+ end:
+    sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
+    return pci;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_pcia.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_pcia.c
new file mode 100644
index 000000000..8d6af60e5
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_pcia.c
@@ -0,0 +1,64 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This file is dual-licensed and is also available under the following
+ * terms:
+ *
+ * Copyright (c) 2004 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+
+ASN1_SEQUENCE(PROXY_POLICY) =
+        {
+        ASN1_SIMPLE(PROXY_POLICY,policyLanguage,ASN1_OBJECT),
+        ASN1_OPT(PROXY_POLICY,policy,ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(PROXY_POLICY)
+
+IMPLEMENT_ASN1_FUNCTIONS(PROXY_POLICY)
+
+ASN1_SEQUENCE(PROXY_CERT_INFO_EXTENSION) =
+        {
+        ASN1_OPT(PROXY_CERT_INFO_EXTENSION,pcPathLengthConstraint,ASN1_INTEGER),
+        ASN1_SIMPLE(PROXY_CERT_INFO_EXTENSION,proxyPolicy,PROXY_POLICY)
+} ASN1_SEQUENCE_END(PROXY_CERT_INFO_EXTENSION)
+
+IMPLEMENT_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_pcons.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_pcons.c
new file mode 100644
index 000000000..24f7ff49e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_pcons.c
@@ -0,0 +1,91 @@
+/*
+ * Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD
+                                                    *method, void *bcons, STACK_OF(CONF_VALUE)
+                                                    *extlist);
+static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method,
+                                    X509V3_CTX *ctx,
+                                    STACK_OF(CONF_VALUE) *values);
+
+const X509V3_EXT_METHOD v3_policy_constraints = {
+    NID_policy_constraints, 0,
+    ASN1_ITEM_ref(POLICY_CONSTRAINTS),
+    0, 0, 0, 0,
+    0, 0,
+    i2v_POLICY_CONSTRAINTS,
+    v2i_POLICY_CONSTRAINTS,
+    NULL, NULL,
+    NULL
+};
+
+ASN1_SEQUENCE(POLICY_CONSTRAINTS) = {
+        ASN1_IMP_OPT(POLICY_CONSTRAINTS, requireExplicitPolicy, ASN1_INTEGER,0),
+        ASN1_IMP_OPT(POLICY_CONSTRAINTS, inhibitPolicyMapping, ASN1_INTEGER,1)
+} ASN1_SEQUENCE_END(POLICY_CONSTRAINTS)
+
+IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)
+
+static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD
+                                                    *method, void *a, STACK_OF(CONF_VALUE)
+                                                    *extlist)
+{
+    POLICY_CONSTRAINTS *pcons = a;
+    X509V3_add_value_int("Require Explicit Policy",
+                         pcons->requireExplicitPolicy, &extlist);
+    X509V3_add_value_int("Inhibit Policy Mapping",
+                         pcons->inhibitPolicyMapping, &extlist);
+    return extlist;
+}
+
+static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method,
+                                    X509V3_CTX *ctx,
+                                    STACK_OF(CONF_VALUE) *values)
+{
+    POLICY_CONSTRAINTS *pcons = NULL;
+    CONF_VALUE *val;
+    int i;
+
+    if ((pcons = POLICY_CONSTRAINTS_new()) == NULL) {
+        X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
+        val = sk_CONF_VALUE_value(values, i);
+        if (strcmp(val->name, "requireExplicitPolicy") == 0) {
+            if (!X509V3_get_value_int(val, &pcons->requireExplicitPolicy))
+                goto err;
+        } else if (strcmp(val->name, "inhibitPolicyMapping") == 0) {
+            if (!X509V3_get_value_int(val, &pcons->inhibitPolicyMapping))
+                goto err;
+        } else {
+            X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, X509V3_R_INVALID_NAME);
+            X509V3_conf_err(val);
+            goto err;
+        }
+    }
+    if (!pcons->inhibitPolicyMapping && !pcons->requireExplicitPolicy) {
+        X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS,
+                  X509V3_R_ILLEGAL_EMPTY_EXTENSION);
+        goto err;
+    }
+
+    return pcons;
+ err:
+    POLICY_CONSTRAINTS_free(pcons);
+    return NULL;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_pku.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_pku.c
new file mode 100644
index 000000000..5a7e7d972
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_pku.c
@@ -0,0 +1,52 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method,
+                                 PKEY_USAGE_PERIOD *usage, BIO *out,
+                                 int indent);
+
+const X509V3_EXT_METHOD v3_pkey_usage_period = {
+    NID_private_key_usage_period, 0, ASN1_ITEM_ref(PKEY_USAGE_PERIOD),
+    0, 0, 0, 0,
+    0, 0, 0, 0,
+    (X509V3_EXT_I2R)i2r_PKEY_USAGE_PERIOD, NULL,
+    NULL
+};
+
+ASN1_SEQUENCE(PKEY_USAGE_PERIOD) = {
+        ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notBefore, ASN1_GENERALIZEDTIME, 0),
+        ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notAfter, ASN1_GENERALIZEDTIME, 1)
+} ASN1_SEQUENCE_END(PKEY_USAGE_PERIOD)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD)
+
+static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method,
+                                 PKEY_USAGE_PERIOD *usage, BIO *out,
+                                 int indent)
+{
+    BIO_printf(out, "%*s", indent, "");
+    if (usage->notBefore) {
+        BIO_write(out, "Not Before: ", 12);
+        ASN1_GENERALIZEDTIME_print(out, usage->notBefore);
+        if (usage->notAfter)
+            BIO_write(out, ", ", 2);
+    }
+    if (usage->notAfter) {
+        BIO_write(out, "Not After: ", 11);
+        ASN1_GENERALIZEDTIME_print(out, usage->notAfter);
+    }
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_pmaps.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_pmaps.c
new file mode 100644
index 000000000..5b6a2af0f
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_pmaps.c
@@ -0,0 +1,112 @@
+/*
+ * Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method,
+                                 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(const X509V3_EXT_METHOD
+                                                 *method, void *pmps, STACK_OF(CONF_VALUE)
+                                                 *extlist);
+
+const X509V3_EXT_METHOD v3_policy_mappings = {
+    NID_policy_mappings, 0,
+    ASN1_ITEM_ref(POLICY_MAPPINGS),
+    0, 0, 0, 0,
+    0, 0,
+    i2v_POLICY_MAPPINGS,
+    v2i_POLICY_MAPPINGS,
+    0, 0,
+    NULL
+};
+
+ASN1_SEQUENCE(POLICY_MAPPING) = {
+        ASN1_SIMPLE(POLICY_MAPPING, issuerDomainPolicy, ASN1_OBJECT),
+        ASN1_SIMPLE(POLICY_MAPPING, subjectDomainPolicy, ASN1_OBJECT)
+} ASN1_SEQUENCE_END(POLICY_MAPPING)
+
+ASN1_ITEM_TEMPLATE(POLICY_MAPPINGS) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, POLICY_MAPPINGS,
+                                                                POLICY_MAPPING)
+ASN1_ITEM_TEMPLATE_END(POLICY_MAPPINGS)
+
+IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING)
+
+static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(const X509V3_EXT_METHOD
+                                                 *method, void *a, STACK_OF(CONF_VALUE)
+                                                 *ext_list)
+{
+    POLICY_MAPPINGS *pmaps = a;
+    POLICY_MAPPING *pmap;
+    int i;
+    char obj_tmp1[80];
+    char obj_tmp2[80];
+
+    for (i = 0; i < sk_POLICY_MAPPING_num(pmaps); i++) {
+        pmap = sk_POLICY_MAPPING_value(pmaps, i);
+        i2t_ASN1_OBJECT(obj_tmp1, 80, pmap->issuerDomainPolicy);
+        i2t_ASN1_OBJECT(obj_tmp2, 80, pmap->subjectDomainPolicy);
+        X509V3_add_value(obj_tmp1, obj_tmp2, &ext_list);
+    }
+    return ext_list;
+}
+
+static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method,
+                                 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+{
+    POLICY_MAPPING *pmap = NULL;
+    ASN1_OBJECT *obj1 = NULL, *obj2 = NULL;
+    CONF_VALUE *val;
+    POLICY_MAPPINGS *pmaps;
+    const int num = sk_CONF_VALUE_num(nval);
+    int i;
+
+    if ((pmaps = sk_POLICY_MAPPING_new_reserve(NULL, num)) == NULL) {
+        X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    for (i = 0; i < num; i++) {
+        val = sk_CONF_VALUE_value(nval, i);
+        if (!val->value || !val->name) {
+            X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,
+                      X509V3_R_INVALID_OBJECT_IDENTIFIER);
+            X509V3_conf_err(val);
+            goto err;
+        }
+        obj1 = OBJ_txt2obj(val->name, 0);
+        obj2 = OBJ_txt2obj(val->value, 0);
+        if (!obj1 || !obj2) {
+            X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,
+                      X509V3_R_INVALID_OBJECT_IDENTIFIER);
+            X509V3_conf_err(val);
+            goto err;
+        }
+        pmap = POLICY_MAPPING_new();
+        if (pmap == NULL) {
+            X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        pmap->issuerDomainPolicy = obj1;
+        pmap->subjectDomainPolicy = obj2;
+        obj1 = obj2 = NULL;
+        sk_POLICY_MAPPING_push(pmaps, pmap); /* no failure as it was reserved */
+    }
+    return pmaps;
+ err:
+    ASN1_OBJECT_free(obj1);
+    ASN1_OBJECT_free(obj2);
+    sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free);
+    return NULL;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_prn.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_prn.c
new file mode 100644
index 000000000..f384c342a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_prn.c
@@ -0,0 +1,210 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* X509 v3 extension utilities */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+/* Extension printing routines */
+
+static int unknown_ext_print(BIO *out, const unsigned char *ext, int extlen,
+                             unsigned long flag, int indent, int supported);
+
+/* Print out a name+value stack */
+
+void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
+                        int ml)
+{
+    int i;
+    CONF_VALUE *nval;
+    if (!val)
+        return;
+    if (!ml || !sk_CONF_VALUE_num(val)) {
+        BIO_printf(out, "%*s", indent, "");
+        if (!sk_CONF_VALUE_num(val))
+            BIO_puts(out, "<EMPTY>\n");
+    }
+    for (i = 0; i < sk_CONF_VALUE_num(val); i++) {
+        if (ml)
+            BIO_printf(out, "%*s", indent, "");
+        else if (i > 0)
+            BIO_printf(out, ", ");
+        nval = sk_CONF_VALUE_value(val, i);
+        if (!nval->name)
+            BIO_puts(out, nval->value);
+        else if (!nval->value)
+            BIO_puts(out, nval->name);
+#ifndef CHARSET_EBCDIC
+        else
+            BIO_printf(out, "%s:%s", nval->name, nval->value);
+#else
+        else {
+            int len;
+            char *tmp;
+            len = strlen(nval->value) + 1;
+            tmp = OPENSSL_malloc(len);
+            if (tmp != NULL) {
+                ascii2ebcdic(tmp, nval->value, len);
+                BIO_printf(out, "%s:%s", nval->name, tmp);
+                OPENSSL_free(tmp);
+            }
+        }
+#endif
+        if (ml)
+            BIO_puts(out, "\n");
+    }
+}
+
+/* Main routine: print out a general extension */
+
+int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag,
+                     int indent)
+{
+    void *ext_str = NULL;
+    char *value = NULL;
+    ASN1_OCTET_STRING *extoct;
+    const unsigned char *p;
+    int extlen;
+    const X509V3_EXT_METHOD *method;
+    STACK_OF(CONF_VALUE) *nval = NULL;
+    int ok = 1;
+
+    extoct = X509_EXTENSION_get_data(ext);
+    p = ASN1_STRING_get0_data(extoct);
+    extlen = ASN1_STRING_length(extoct);
+
+    if ((method = X509V3_EXT_get(ext)) == NULL)
+        return unknown_ext_print(out, p, extlen, flag, indent, 0);
+    if (method->it)
+        ext_str = ASN1_item_d2i(NULL, &p, extlen, ASN1_ITEM_ptr(method->it));
+    else
+        ext_str = method->d2i(NULL, &p, extlen);
+
+    if (!ext_str)
+        return unknown_ext_print(out, p, extlen, flag, indent, 1);
+
+    if (method->i2s) {
+        if ((value = method->i2s(method, ext_str)) == NULL) {
+            ok = 0;
+            goto err;
+        }
+#ifndef CHARSET_EBCDIC
+        BIO_printf(out, "%*s%s", indent, "", value);
+#else
+        {
+            int len;
+            char *tmp;
+            len = strlen(value) + 1;
+            tmp = OPENSSL_malloc(len);
+            if (tmp != NULL) {
+                ascii2ebcdic(tmp, value, len);
+                BIO_printf(out, "%*s%s", indent, "", tmp);
+                OPENSSL_free(tmp);
+            }
+        }
+#endif
+    } else if (method->i2v) {
+        if ((nval = method->i2v(method, ext_str, NULL)) == NULL) {
+            ok = 0;
+            goto err;
+        }
+        X509V3_EXT_val_prn(out, nval, indent,
+                           method->ext_flags & X509V3_EXT_MULTILINE);
+    } else if (method->i2r) {
+        if (!method->i2r(method, ext_str, out, indent))
+            ok = 0;
+    } else
+        ok = 0;
+
+ err:
+    sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
+    OPENSSL_free(value);
+    if (method->it)
+        ASN1_item_free(ext_str, ASN1_ITEM_ptr(method->it));
+    else
+        method->ext_free(ext_str);
+    return ok;
+}
+
+int X509V3_extensions_print(BIO *bp, const char *title,
+                            const STACK_OF(X509_EXTENSION) *exts,
+                            unsigned long flag, int indent)
+{
+    int i, j;
+
+    if (sk_X509_EXTENSION_num(exts) <= 0)
+        return 1;
+
+    if (title) {
+        BIO_printf(bp, "%*s%s:\n", indent, "", title);
+        indent += 4;
+    }
+
+    for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
+        ASN1_OBJECT *obj;
+        X509_EXTENSION *ex;
+        ex = sk_X509_EXTENSION_value(exts, i);
+        if (indent && BIO_printf(bp, "%*s", indent, "") <= 0)
+            return 0;
+        obj = X509_EXTENSION_get_object(ex);
+        i2a_ASN1_OBJECT(bp, obj);
+        j = X509_EXTENSION_get_critical(ex);
+        if (BIO_printf(bp, ": %s\n", j ? "critical" : "") <= 0)
+            return 0;
+        if (!X509V3_EXT_print(bp, ex, flag, indent + 4)) {
+            BIO_printf(bp, "%*s", indent + 4, "");
+            ASN1_STRING_print(bp, X509_EXTENSION_get_data(ex));
+        }
+        if (BIO_write(bp, "\n", 1) <= 0)
+            return 0;
+    }
+    return 1;
+}
+
+static int unknown_ext_print(BIO *out, const unsigned char *ext, int extlen,
+                             unsigned long flag, int indent, int supported)
+{
+    switch (flag & X509V3_EXT_UNKNOWN_MASK) {
+
+    case X509V3_EXT_DEFAULT:
+        return 0;
+
+    case X509V3_EXT_ERROR_UNKNOWN:
+        if (supported)
+            BIO_printf(out, "%*s<Parse Error>", indent, "");
+        else
+            BIO_printf(out, "%*s<Not Supported>", indent, "");
+        return 1;
+
+    case X509V3_EXT_PARSE_UNKNOWN:
+        return ASN1_parse_dump(out, ext, extlen, indent, -1);
+    case X509V3_EXT_DUMP_UNKNOWN:
+        return BIO_dump_indent(out, (const char *)ext, extlen, indent);
+
+    default:
+        return 1;
+    }
+}
+
+#ifndef OPENSSL_NO_STDIO
+int X509V3_EXT_print_fp(FILE *fp, X509_EXTENSION *ext, int flag, int indent)
+{
+    BIO *bio_tmp;
+    int ret;
+
+    if ((bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL)
+        return 0;
+    ret = X509V3_EXT_print(bio_tmp, ext, flag, indent);
+    BIO_free(bio_tmp);
+    return ret;
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_purp.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_purp.c
new file mode 100644
index 000000000..70b0397d9
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_purp.c
@@ -0,0 +1,890 @@
+/*
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "internal/numbers.h"
+#include <openssl/x509v3.h>
+#include <openssl/x509_vfy.h>
+#include "internal/x509_int.h"
+#include "internal/tsan_assist.h"
+
+static void x509v3_cache_extensions(X509 *x);
+
+static int check_ssl_ca(const X509 *x);
+static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x,
+                                    int ca);
+static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x,
+                                    int ca);
+static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x,
+                                       int ca);
+static int purpose_smime(const X509 *x, int ca);
+static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x,
+                                    int ca);
+static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x,
+                                       int ca);
+static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x,
+                                  int ca);
+static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x,
+                                        int ca);
+static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca);
+static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca);
+
+static int xp_cmp(const X509_PURPOSE *const *a, const X509_PURPOSE *const *b);
+static void xptable_free(X509_PURPOSE *p);
+
+static X509_PURPOSE xstandard[] = {
+    {X509_PURPOSE_SSL_CLIENT, X509_TRUST_SSL_CLIENT, 0,
+     check_purpose_ssl_client, "SSL client", "sslclient", NULL},
+    {X509_PURPOSE_SSL_SERVER, X509_TRUST_SSL_SERVER, 0,
+     check_purpose_ssl_server, "SSL server", "sslserver", NULL},
+    {X509_PURPOSE_NS_SSL_SERVER, X509_TRUST_SSL_SERVER, 0,
+     check_purpose_ns_ssl_server, "Netscape SSL server", "nssslserver", NULL},
+    {X509_PURPOSE_SMIME_SIGN, X509_TRUST_EMAIL, 0, check_purpose_smime_sign,
+     "S/MIME signing", "smimesign", NULL},
+    {X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0,
+     check_purpose_smime_encrypt, "S/MIME encryption", "smimeencrypt", NULL},
+    {X509_PURPOSE_CRL_SIGN, X509_TRUST_COMPAT, 0, check_purpose_crl_sign,
+     "CRL signing", "crlsign", NULL},
+    {X509_PURPOSE_ANY, X509_TRUST_DEFAULT, 0, no_check, "Any Purpose", "any",
+     NULL},
+    {X509_PURPOSE_OCSP_HELPER, X509_TRUST_COMPAT, 0, ocsp_helper,
+     "OCSP helper", "ocsphelper", NULL},
+    {X509_PURPOSE_TIMESTAMP_SIGN, X509_TRUST_TSA, 0,
+     check_purpose_timestamp_sign, "Time Stamp signing", "timestampsign",
+     NULL},
+};
+
+#define X509_PURPOSE_COUNT OSSL_NELEM(xstandard)
+
+static STACK_OF(X509_PURPOSE) *xptable = NULL;
+
+static int xp_cmp(const X509_PURPOSE *const *a, const X509_PURPOSE *const *b)
+{
+    return (*a)->purpose - (*b)->purpose;
+}
+
+/*
+ * As much as I'd like to make X509_check_purpose use a "const" X509* I
+ * really can't because it does recalculate hashes and do other non-const
+ * things.
+ */
+int X509_check_purpose(X509 *x, int id, int ca)
+{
+    int idx;
+    const X509_PURPOSE *pt;
+
+    x509v3_cache_extensions(x);
+
+    /* Return if side-effect only call */
+    if (id == -1)
+        return 1;
+    idx = X509_PURPOSE_get_by_id(id);
+    if (idx == -1)
+        return -1;
+    pt = X509_PURPOSE_get0(idx);
+    return pt->check_purpose(pt, x, ca);
+}
+
+int X509_PURPOSE_set(int *p, int purpose)
+{
+    if (X509_PURPOSE_get_by_id(purpose) == -1) {
+        X509V3err(X509V3_F_X509_PURPOSE_SET, X509V3_R_INVALID_PURPOSE);
+        return 0;
+    }
+    *p = purpose;
+    return 1;
+}
+
+int X509_PURPOSE_get_count(void)
+{
+    if (!xptable)
+        return X509_PURPOSE_COUNT;
+    return sk_X509_PURPOSE_num(xptable) + X509_PURPOSE_COUNT;
+}
+
+X509_PURPOSE *X509_PURPOSE_get0(int idx)
+{
+    if (idx < 0)
+        return NULL;
+    if (idx < (int)X509_PURPOSE_COUNT)
+        return xstandard + idx;
+    return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT);
+}
+
+int X509_PURPOSE_get_by_sname(const char *sname)
+{
+    int i;
+    X509_PURPOSE *xptmp;
+    for (i = 0; i < X509_PURPOSE_get_count(); i++) {
+        xptmp = X509_PURPOSE_get0(i);
+        if (strcmp(xptmp->sname, sname) == 0)
+            return i;
+    }
+    return -1;
+}
+
+int X509_PURPOSE_get_by_id(int purpose)
+{
+    X509_PURPOSE tmp;
+    int idx;
+
+    if ((purpose >= X509_PURPOSE_MIN) && (purpose <= X509_PURPOSE_MAX))
+        return purpose - X509_PURPOSE_MIN;
+    if (xptable == NULL)
+        return -1;
+    tmp.purpose = purpose;
+    idx = sk_X509_PURPOSE_find(xptable, &tmp);
+    if (idx < 0)
+        return -1;
+    return idx + X509_PURPOSE_COUNT;
+}
+
+int X509_PURPOSE_add(int id, int trust, int flags,
+                     int (*ck) (const X509_PURPOSE *, const X509 *, int),
+                     const char *name, const char *sname, void *arg)
+{
+    int idx;
+    X509_PURPOSE *ptmp;
+    /*
+     * This is set according to what we change: application can't set it
+     */
+    flags &= ~X509_PURPOSE_DYNAMIC;
+    /* This will always be set for application modified trust entries */
+    flags |= X509_PURPOSE_DYNAMIC_NAME;
+    /* Get existing entry if any */
+    idx = X509_PURPOSE_get_by_id(id);
+    /* Need a new entry */
+    if (idx == -1) {
+        if ((ptmp = OPENSSL_malloc(sizeof(*ptmp))) == NULL) {
+            X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        ptmp->flags = X509_PURPOSE_DYNAMIC;
+    } else
+        ptmp = X509_PURPOSE_get0(idx);
+
+    /* OPENSSL_free existing name if dynamic */
+    if (ptmp->flags & X509_PURPOSE_DYNAMIC_NAME) {
+        OPENSSL_free(ptmp->name);
+        OPENSSL_free(ptmp->sname);
+    }
+    /* dup supplied name */
+    ptmp->name = OPENSSL_strdup(name);
+    ptmp->sname = OPENSSL_strdup(sname);
+    if (!ptmp->name || !ptmp->sname) {
+        X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    /* Keep the dynamic flag of existing entry */
+    ptmp->flags &= X509_PURPOSE_DYNAMIC;
+    /* Set all other flags */
+    ptmp->flags |= flags;
+
+    ptmp->purpose = id;
+    ptmp->trust = trust;
+    ptmp->check_purpose = ck;
+    ptmp->usr_data = arg;
+
+    /* If its a new entry manage the dynamic table */
+    if (idx == -1) {
+        if (xptable == NULL
+            && (xptable = sk_X509_PURPOSE_new(xp_cmp)) == NULL) {
+            X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (!sk_X509_PURPOSE_push(xptable, ptmp)) {
+            X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+    return 1;
+ err:
+    if (idx == -1) {
+        OPENSSL_free(ptmp->name);
+        OPENSSL_free(ptmp->sname);
+        OPENSSL_free(ptmp);
+    }
+    return 0;
+}
+
+static void xptable_free(X509_PURPOSE *p)
+{
+    if (!p)
+        return;
+    if (p->flags & X509_PURPOSE_DYNAMIC) {
+        if (p->flags & X509_PURPOSE_DYNAMIC_NAME) {
+            OPENSSL_free(p->name);
+            OPENSSL_free(p->sname);
+        }
+        OPENSSL_free(p);
+    }
+}
+
+void X509_PURPOSE_cleanup(void)
+{
+    sk_X509_PURPOSE_pop_free(xptable, xptable_free);
+    xptable = NULL;
+}
+
+int X509_PURPOSE_get_id(const X509_PURPOSE *xp)
+{
+    return xp->purpose;
+}
+
+char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp)
+{
+    return xp->name;
+}
+
+char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp)
+{
+    return xp->sname;
+}
+
+int X509_PURPOSE_get_trust(const X509_PURPOSE *xp)
+{
+    return xp->trust;
+}
+
+static int nid_cmp(const int *a, const int *b)
+{
+    return *a - *b;
+}
+
+DECLARE_OBJ_BSEARCH_CMP_FN(int, int, nid);
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(int, int, nid);
+
+int X509_supported_extension(X509_EXTENSION *ex)
+{
+    /*
+     * This table is a list of the NIDs of supported extensions: that is
+     * those which are used by the verify process. If an extension is
+     * critical and doesn't appear in this list then the verify process will
+     * normally reject the certificate. The list must be kept in numerical
+     * order because it will be searched using bsearch.
+     */
+
+    static const int supported_nids[] = {
+        NID_netscape_cert_type, /* 71 */
+        NID_key_usage,          /* 83 */
+        NID_subject_alt_name,   /* 85 */
+        NID_basic_constraints,  /* 87 */
+        NID_certificate_policies, /* 89 */
+        NID_crl_distribution_points, /* 103 */
+        NID_ext_key_usage,      /* 126 */
+#ifndef OPENSSL_NO_RFC3779
+        NID_sbgp_ipAddrBlock,   /* 290 */
+        NID_sbgp_autonomousSysNum, /* 291 */
+#endif
+        NID_policy_constraints, /* 401 */
+        NID_proxyCertInfo,      /* 663 */
+        NID_name_constraints,   /* 666 */
+        NID_policy_mappings,    /* 747 */
+        NID_inhibit_any_policy  /* 748 */
+    };
+
+    int ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex));
+
+    if (ex_nid == NID_undef)
+        return 0;
+
+    if (OBJ_bsearch_nid(&ex_nid, supported_nids, OSSL_NELEM(supported_nids)))
+        return 1;
+    return 0;
+}
+
+static void setup_dp(X509 *x, DIST_POINT *dp)
+{
+    X509_NAME *iname = NULL;
+    int i;
+    if (dp->reasons) {
+        if (dp->reasons->length > 0)
+            dp->dp_reasons = dp->reasons->data[0];
+        if (dp->reasons->length > 1)
+            dp->dp_reasons |= (dp->reasons->data[1] << 8);
+        dp->dp_reasons &= CRLDP_ALL_REASONS;
+    } else
+        dp->dp_reasons = CRLDP_ALL_REASONS;
+    if (!dp->distpoint || (dp->distpoint->type != 1))
+        return;
+    for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++) {
+        GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i);
+        if (gen->type == GEN_DIRNAME) {
+            iname = gen->d.directoryName;
+            break;
+        }
+    }
+    if (!iname)
+        iname = X509_get_issuer_name(x);
+
+    DIST_POINT_set_dpname(dp->distpoint, iname);
+
+}
+
+static void setup_crldp(X509 *x)
+{
+    int i;
+    x->crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, NULL, NULL);
+    for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++)
+        setup_dp(x, sk_DIST_POINT_value(x->crldp, i));
+}
+
+#define V1_ROOT (EXFLAG_V1|EXFLAG_SS)
+#define ku_reject(x, usage) \
+        (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
+#define xku_reject(x, usage) \
+        (((x)->ex_flags & EXFLAG_XKUSAGE) && !((x)->ex_xkusage & (usage)))
+#define ns_reject(x, usage) \
+        (((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage)))
+
+static void x509v3_cache_extensions(X509 *x)
+{
+    BASIC_CONSTRAINTS *bs;
+    PROXY_CERT_INFO_EXTENSION *pci;
+    ASN1_BIT_STRING *usage;
+    ASN1_BIT_STRING *ns;
+    EXTENDED_KEY_USAGE *extusage;
+    X509_EXTENSION *ex;
+    int i;
+
+#ifdef tsan_ld_acq
+    /* fast lock-free check, see end of the function for details. */
+    if (tsan_ld_acq((TSAN_QUALIFIER int *)&x->ex_cached))
+        return;
+#endif
+
+    CRYPTO_THREAD_write_lock(x->lock);
+    if (x->ex_flags & EXFLAG_SET) {
+        CRYPTO_THREAD_unlock(x->lock);
+        return;
+    }
+
+    X509_digest(x, EVP_sha1(), x->sha1_hash, NULL);
+    /* V1 should mean no extensions ... */
+    if (!X509_get_version(x))
+        x->ex_flags |= EXFLAG_V1;
+    /* Handle basic constraints */
+    if ((bs = X509_get_ext_d2i(x, NID_basic_constraints, NULL, NULL))) {
+        if (bs->ca)
+            x->ex_flags |= EXFLAG_CA;
+        if (bs->pathlen) {
+            if ((bs->pathlen->type == V_ASN1_NEG_INTEGER)
+                || !bs->ca) {
+                x->ex_flags |= EXFLAG_INVALID;
+                x->ex_pathlen = 0;
+            } else
+                x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen);
+        } else
+            x->ex_pathlen = -1;
+        BASIC_CONSTRAINTS_free(bs);
+        x->ex_flags |= EXFLAG_BCONS;
+    }
+    /* Handle proxy certificates */
+    if ((pci = X509_get_ext_d2i(x, NID_proxyCertInfo, NULL, NULL))) {
+        if (x->ex_flags & EXFLAG_CA
+            || X509_get_ext_by_NID(x, NID_subject_alt_name, -1) >= 0
+            || X509_get_ext_by_NID(x, NID_issuer_alt_name, -1) >= 0) {
+            x->ex_flags |= EXFLAG_INVALID;
+        }
+        if (pci->pcPathLengthConstraint) {
+            x->ex_pcpathlen = ASN1_INTEGER_get(pci->pcPathLengthConstraint);
+        } else
+            x->ex_pcpathlen = -1;
+        PROXY_CERT_INFO_EXTENSION_free(pci);
+        x->ex_flags |= EXFLAG_PROXY;
+    }
+    /* Handle key usage */
+    if ((usage = X509_get_ext_d2i(x, NID_key_usage, NULL, NULL))) {
+        if (usage->length > 0) {
+            x->ex_kusage = usage->data[0];
+            if (usage->length > 1)
+                x->ex_kusage |= usage->data[1] << 8;
+        } else
+            x->ex_kusage = 0;
+        x->ex_flags |= EXFLAG_KUSAGE;
+        ASN1_BIT_STRING_free(usage);
+    }
+    x->ex_xkusage = 0;
+    if ((extusage = X509_get_ext_d2i(x, NID_ext_key_usage, NULL, NULL))) {
+        x->ex_flags |= EXFLAG_XKUSAGE;
+        for (i = 0; i < sk_ASN1_OBJECT_num(extusage); i++) {
+            switch (OBJ_obj2nid(sk_ASN1_OBJECT_value(extusage, i))) {
+            case NID_server_auth:
+                x->ex_xkusage |= XKU_SSL_SERVER;
+                break;
+
+            case NID_client_auth:
+                x->ex_xkusage |= XKU_SSL_CLIENT;
+                break;
+
+            case NID_email_protect:
+                x->ex_xkusage |= XKU_SMIME;
+                break;
+
+            case NID_code_sign:
+                x->ex_xkusage |= XKU_CODE_SIGN;
+                break;
+
+            case NID_ms_sgc:
+            case NID_ns_sgc:
+                x->ex_xkusage |= XKU_SGC;
+                break;
+
+            case NID_OCSP_sign:
+                x->ex_xkusage |= XKU_OCSP_SIGN;
+                break;
+
+            case NID_time_stamp:
+                x->ex_xkusage |= XKU_TIMESTAMP;
+                break;
+
+            case NID_dvcs:
+                x->ex_xkusage |= XKU_DVCS;
+                break;
+
+            case NID_anyExtendedKeyUsage:
+                x->ex_xkusage |= XKU_ANYEKU;
+                break;
+            }
+        }
+        sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free);
+    }
+
+    if ((ns = X509_get_ext_d2i(x, NID_netscape_cert_type, NULL, NULL))) {
+        if (ns->length > 0)
+            x->ex_nscert = ns->data[0];
+        else
+            x->ex_nscert = 0;
+        x->ex_flags |= EXFLAG_NSCERT;
+        ASN1_BIT_STRING_free(ns);
+    }
+    x->skid = X509_get_ext_d2i(x, NID_subject_key_identifier, NULL, NULL);
+    x->akid = X509_get_ext_d2i(x, NID_authority_key_identifier, NULL, NULL);
+    /* Does subject name match issuer ? */
+    if (!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x))) {
+        x->ex_flags |= EXFLAG_SI;
+        /* If SKID matches AKID also indicate self signed */
+        if (X509_check_akid(x, x->akid) == X509_V_OK &&
+            !ku_reject(x, KU_KEY_CERT_SIGN))
+            x->ex_flags |= EXFLAG_SS;
+    }
+    x->altname = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
+    x->nc = X509_get_ext_d2i(x, NID_name_constraints, &i, NULL);
+    if (!x->nc && (i != -1))
+        x->ex_flags |= EXFLAG_INVALID;
+    setup_crldp(x);
+
+#ifndef OPENSSL_NO_RFC3779
+    x->rfc3779_addr = X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, NULL, NULL);
+    x->rfc3779_asid = X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum,
+                                       NULL, NULL);
+#endif
+    for (i = 0; i < X509_get_ext_count(x); i++) {
+        ex = X509_get_ext(x, i);
+        if (OBJ_obj2nid(X509_EXTENSION_get_object(ex))
+            == NID_freshest_crl)
+            x->ex_flags |= EXFLAG_FRESHEST;
+        if (!X509_EXTENSION_get_critical(ex))
+            continue;
+        if (!X509_supported_extension(ex)) {
+            x->ex_flags |= EXFLAG_CRITICAL;
+            break;
+        }
+    }
+    x509_init_sig_info(x);
+    x->ex_flags |= EXFLAG_SET;
+#ifdef tsan_st_rel
+    tsan_st_rel((TSAN_QUALIFIER int *)&x->ex_cached, 1);
+    /*
+     * Above store triggers fast lock-free check in the beginning of the
+     * function. But one has to ensure that the structure is "stable", i.e.
+     * all stores are visible on all processors. Hence the release fence.
+     */
+#endif
+    CRYPTO_THREAD_unlock(x->lock);
+}
+
+/*-
+ * CA checks common to all purposes
+ * return codes:
+ * 0 not a CA
+ * 1 is a CA
+ * 2 basicConstraints absent so "maybe" a CA
+ * 3 basicConstraints absent but self signed V1.
+ * 4 basicConstraints absent but keyUsage present and keyCertSign asserted.
+ */
+
+static int check_ca(const X509 *x)
+{
+    /* keyUsage if present should allow cert signing */
+    if (ku_reject(x, KU_KEY_CERT_SIGN))
+        return 0;
+    if (x->ex_flags & EXFLAG_BCONS) {
+        if (x->ex_flags & EXFLAG_CA)
+            return 1;
+        /* If basicConstraints says not a CA then say so */
+        else
+            return 0;
+    } else {
+        /* we support V1 roots for...  uh, I don't really know why. */
+        if ((x->ex_flags & V1_ROOT) == V1_ROOT)
+            return 3;
+        /*
+         * If key usage present it must have certSign so tolerate it
+         */
+        else if (x->ex_flags & EXFLAG_KUSAGE)
+            return 4;
+        /* Older certificates could have Netscape-specific CA types */
+        else if (x->ex_flags & EXFLAG_NSCERT && x->ex_nscert & NS_ANY_CA)
+            return 5;
+        /* can this still be regarded a CA certificate?  I doubt it */
+        return 0;
+    }
+}
+
+void X509_set_proxy_flag(X509 *x)
+{
+    x->ex_flags |= EXFLAG_PROXY;
+}
+
+void X509_set_proxy_pathlen(X509 *x, long l)
+{
+    x->ex_pcpathlen = l;
+}
+
+int X509_check_ca(X509 *x)
+{
+    x509v3_cache_extensions(x);
+
+    return check_ca(x);
+}
+
+/* Check SSL CA: common checks for SSL client and server */
+static int check_ssl_ca(const X509 *x)
+{
+    int ca_ret;
+    ca_ret = check_ca(x);
+    if (!ca_ret)
+        return 0;
+    /* check nsCertType if present */
+    if (ca_ret != 5 || x->ex_nscert & NS_SSL_CA)
+        return ca_ret;
+    else
+        return 0;
+}
+
+static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x,
+                                    int ca)
+{
+    if (xku_reject(x, XKU_SSL_CLIENT))
+        return 0;
+    if (ca)
+        return check_ssl_ca(x);
+    /* We need to do digital signatures or key agreement */
+    if (ku_reject(x, KU_DIGITAL_SIGNATURE | KU_KEY_AGREEMENT))
+        return 0;
+    /* nsCertType if present should allow SSL client use */
+    if (ns_reject(x, NS_SSL_CLIENT))
+        return 0;
+    return 1;
+}
+
+/*
+ * Key usage needed for TLS/SSL server: digital signature, encipherment or
+ * key agreement. The ssl code can check this more thoroughly for individual
+ * key types.
+ */
+#define KU_TLS \
+        KU_DIGITAL_SIGNATURE|KU_KEY_ENCIPHERMENT|KU_KEY_AGREEMENT
+
+static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x,
+                                    int ca)
+{
+    if (xku_reject(x, XKU_SSL_SERVER | XKU_SGC))
+        return 0;
+    if (ca)
+        return check_ssl_ca(x);
+
+    if (ns_reject(x, NS_SSL_SERVER))
+        return 0;
+    if (ku_reject(x, KU_TLS))
+        return 0;
+
+    return 1;
+
+}
+
+static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x,
+                                       int ca)
+{
+    int ret;
+    ret = check_purpose_ssl_server(xp, x, ca);
+    if (!ret || ca)
+        return ret;
+    /* We need to encipher or Netscape complains */
+    if (ku_reject(x, KU_KEY_ENCIPHERMENT))
+        return 0;
+    return ret;
+}
+
+/* common S/MIME checks */
+static int purpose_smime(const X509 *x, int ca)
+{
+    if (xku_reject(x, XKU_SMIME))
+        return 0;
+    if (ca) {
+        int ca_ret;
+        ca_ret = check_ca(x);
+        if (!ca_ret)
+            return 0;
+        /* check nsCertType if present */
+        if (ca_ret != 5 || x->ex_nscert & NS_SMIME_CA)
+            return ca_ret;
+        else
+            return 0;
+    }
+    if (x->ex_flags & EXFLAG_NSCERT) {
+        if (x->ex_nscert & NS_SMIME)
+            return 1;
+        /* Workaround for some buggy certificates */
+        if (x->ex_nscert & NS_SSL_CLIENT)
+            return 2;
+        return 0;
+    }
+    return 1;
+}
+
+static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x,
+                                    int ca)
+{
+    int ret;
+    ret = purpose_smime(x, ca);
+    if (!ret || ca)
+        return ret;
+    if (ku_reject(x, KU_DIGITAL_SIGNATURE | KU_NON_REPUDIATION))
+        return 0;
+    return ret;
+}
+
+static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x,
+                                       int ca)
+{
+    int ret;
+    ret = purpose_smime(x, ca);
+    if (!ret || ca)
+        return ret;
+    if (ku_reject(x, KU_KEY_ENCIPHERMENT))
+        return 0;
+    return ret;
+}
+
+static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x,
+                                  int ca)
+{
+    if (ca) {
+        int ca_ret;
+        if ((ca_ret = check_ca(x)) != 2)
+            return ca_ret;
+        else
+            return 0;
+    }
+    if (ku_reject(x, KU_CRL_SIGN))
+        return 0;
+    return 1;
+}
+
+/*
+ * OCSP helper: this is *not* a full OCSP check. It just checks that each CA
+ * is valid. Additional checks must be made on the chain.
+ */
+
+static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca)
+{
+    /*
+     * Must be a valid CA.  Should we really support the "I don't know" value
+     * (2)?
+     */
+    if (ca)
+        return check_ca(x);
+    /* leaf certificate is checked in OCSP_verify() */
+    return 1;
+}
+
+static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x,
+                                        int ca)
+{
+    int i_ext;
+
+    /* If ca is true we must return if this is a valid CA certificate. */
+    if (ca)
+        return check_ca(x);
+
+    /*
+     * Check the optional key usage field:
+     * if Key Usage is present, it must be one of digitalSignature
+     * and/or nonRepudiation (other values are not consistent and shall
+     * be rejected).
+     */
+    if ((x->ex_flags & EXFLAG_KUSAGE)
+        && ((x->ex_kusage & ~(KU_NON_REPUDIATION | KU_DIGITAL_SIGNATURE)) ||
+            !(x->ex_kusage & (KU_NON_REPUDIATION | KU_DIGITAL_SIGNATURE))))
+        return 0;
+
+    /* Only time stamp key usage is permitted and it's required. */
+    if (!(x->ex_flags & EXFLAG_XKUSAGE) || x->ex_xkusage != XKU_TIMESTAMP)
+        return 0;
+
+    /* Extended Key Usage MUST be critical */
+    i_ext = X509_get_ext_by_NID(x, NID_ext_key_usage, -1);
+    if (i_ext >= 0) {
+        X509_EXTENSION *ext = X509_get_ext((X509 *)x, i_ext);
+        if (!X509_EXTENSION_get_critical(ext))
+            return 0;
+    }
+
+    return 1;
+}
+
+static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca)
+{
+    return 1;
+}
+
+/*-
+ * Various checks to see if one certificate issued the second.
+ * This can be used to prune a set of possible issuer certificates
+ * which have been looked up using some simple method such as by
+ * subject name.
+ * These are:
+ * 1. Check issuer_name(subject) == subject_name(issuer)
+ * 2. If akid(subject) exists check it matches issuer
+ * 3. If key_usage(issuer) exists check it supports certificate signing
+ * returns 0 for OK, positive for reason for mismatch, reasons match
+ * codes for X509_verify_cert()
+ */
+
+int X509_check_issued(X509 *issuer, X509 *subject)
+{
+    if (X509_NAME_cmp(X509_get_subject_name(issuer),
+                      X509_get_issuer_name(subject)))
+        return X509_V_ERR_SUBJECT_ISSUER_MISMATCH;
+
+    x509v3_cache_extensions(issuer);
+    x509v3_cache_extensions(subject);
+
+    if (subject->akid) {
+        int ret = X509_check_akid(issuer, subject->akid);
+        if (ret != X509_V_OK)
+            return ret;
+    }
+
+    if (subject->ex_flags & EXFLAG_PROXY) {
+        if (ku_reject(issuer, KU_DIGITAL_SIGNATURE))
+            return X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE;
+    } else if (ku_reject(issuer, KU_KEY_CERT_SIGN))
+        return X509_V_ERR_KEYUSAGE_NO_CERTSIGN;
+    return X509_V_OK;
+}
+
+int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid)
+{
+
+    if (!akid)
+        return X509_V_OK;
+
+    /* Check key ids (if present) */
+    if (akid->keyid && issuer->skid &&
+        ASN1_OCTET_STRING_cmp(akid->keyid, issuer->skid))
+        return X509_V_ERR_AKID_SKID_MISMATCH;
+    /* Check serial number */
+    if (akid->serial &&
+        ASN1_INTEGER_cmp(X509_get_serialNumber(issuer), akid->serial))
+        return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
+    /* Check issuer name */
+    if (akid->issuer) {
+        /*
+         * Ugh, for some peculiar reason AKID includes SEQUENCE OF
+         * GeneralName. So look for a DirName. There may be more than one but
+         * we only take any notice of the first.
+         */
+        GENERAL_NAMES *gens;
+        GENERAL_NAME *gen;
+        X509_NAME *nm = NULL;
+        int i;
+        gens = akid->issuer;
+        for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
+            gen = sk_GENERAL_NAME_value(gens, i);
+            if (gen->type == GEN_DIRNAME) {
+                nm = gen->d.dirn;
+                break;
+            }
+        }
+        if (nm && X509_NAME_cmp(nm, X509_get_issuer_name(issuer)))
+            return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
+    }
+    return X509_V_OK;
+}
+
+uint32_t X509_get_extension_flags(X509 *x)
+{
+    /* Call for side-effect of computing hash and caching extensions */
+    X509_check_purpose(x, -1, -1);
+    return x->ex_flags;
+}
+
+uint32_t X509_get_key_usage(X509 *x)
+{
+    /* Call for side-effect of computing hash and caching extensions */
+    X509_check_purpose(x, -1, -1);
+    if (x->ex_flags & EXFLAG_KUSAGE)
+        return x->ex_kusage;
+    return UINT32_MAX;
+}
+
+uint32_t X509_get_extended_key_usage(X509 *x)
+{
+    /* Call for side-effect of computing hash and caching extensions */
+    X509_check_purpose(x, -1, -1);
+    if (x->ex_flags & EXFLAG_XKUSAGE)
+        return x->ex_xkusage;
+    return UINT32_MAX;
+}
+
+const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x)
+{
+    /* Call for side-effect of computing hash and caching extensions */
+    X509_check_purpose(x, -1, -1);
+    return x->skid;
+}
+
+const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x)
+{
+    /* Call for side-effect of computing hash and caching extensions */
+    X509_check_purpose(x, -1, -1);
+    return (x->akid != NULL ? x->akid->keyid : NULL);
+}
+
+long X509_get_pathlen(X509 *x)
+{
+    /* Called for side effect of caching extensions */
+    if (X509_check_purpose(x, -1, -1) != 1
+            || (x->ex_flags & EXFLAG_BCONS) == 0)
+        return -1;
+    return x->ex_pathlen;
+}
+
+long X509_get_proxy_pathlen(X509 *x)
+{
+    /* Called for side effect of caching extensions */
+    if (X509_check_purpose(x, -1, -1) != 1
+            || (x->ex_flags & EXFLAG_PROXY) == 0)
+        return -1;
+    return x->ex_pcpathlen;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_skey.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_skey.c
new file mode 100644
index 000000000..749f51b2f
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_skey.c
@@ -0,0 +1,106 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509v3.h>
+#include "internal/x509_int.h"
+#include "ext_dat.h"
+
+static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
+                                      X509V3_CTX *ctx, char *str);
+const X509V3_EXT_METHOD v3_skey_id = {
+    NID_subject_key_identifier, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING),
+    0, 0, 0, 0,
+    (X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING,
+    (X509V3_EXT_S2I)s2i_skey_id,
+    0, 0, 0, 0,
+    NULL
+};
+
+char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
+                            const ASN1_OCTET_STRING *oct)
+{
+    return OPENSSL_buf2hexstr(oct->data, oct->length);
+}
+
+ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
+                                         X509V3_CTX *ctx, const char *str)
+{
+    ASN1_OCTET_STRING *oct;
+    long length;
+
+    if ((oct = ASN1_OCTET_STRING_new()) == NULL) {
+        X509V3err(X509V3_F_S2I_ASN1_OCTET_STRING, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if ((oct->data = OPENSSL_hexstr2buf(str, &length)) == NULL) {
+        ASN1_OCTET_STRING_free(oct);
+        return NULL;
+    }
+
+    oct->length = length;
+
+    return oct;
+
+}
+
+static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
+                                      X509V3_CTX *ctx, char *str)
+{
+    ASN1_OCTET_STRING *oct;
+    X509_PUBKEY *pubkey;
+    const unsigned char *pk;
+    int pklen;
+    unsigned char pkey_dig[EVP_MAX_MD_SIZE];
+    unsigned int diglen;
+
+    if (strcmp(str, "hash"))
+        return s2i_ASN1_OCTET_STRING(method, ctx, str);
+
+    if ((oct = ASN1_OCTET_STRING_new()) == NULL) {
+        X509V3err(X509V3_F_S2I_SKEY_ID, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if (ctx && (ctx->flags == CTX_TEST))
+        return oct;
+
+    if (!ctx || (!ctx->subject_req && !ctx->subject_cert)) {
+        X509V3err(X509V3_F_S2I_SKEY_ID, X509V3_R_NO_PUBLIC_KEY);
+        goto err;
+    }
+
+    if (ctx->subject_req)
+        pubkey = ctx->subject_req->req_info.pubkey;
+    else
+        pubkey = ctx->subject_cert->cert_info.key;
+
+    if (pubkey == NULL) {
+        X509V3err(X509V3_F_S2I_SKEY_ID, X509V3_R_NO_PUBLIC_KEY);
+        goto err;
+    }
+
+    X509_PUBKEY_get0_param(NULL, &pk, &pklen, NULL, pubkey);
+
+    if (!EVP_Digest(pk, pklen, pkey_dig, &diglen, EVP_sha1(), NULL))
+        goto err;
+
+    if (!ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) {
+        X509V3err(X509V3_F_S2I_SKEY_ID, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    return oct;
+
+ err:
+    ASN1_OCTET_STRING_free(oct);
+    return NULL;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_sxnet.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_sxnet.c
new file mode 100644
index 000000000..89cda01be
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_sxnet.c
@@ -0,0 +1,226 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+/* Support for Thawte strong extranet extension */
+
+#define SXNET_TEST
+
+static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
+                     int indent);
+#ifdef SXNET_TEST
+static SXNET *sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+                        STACK_OF(CONF_VALUE) *nval);
+#endif
+const X509V3_EXT_METHOD v3_sxnet = {
+    NID_sxnet, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(SXNET),
+    0, 0, 0, 0,
+    0, 0,
+    0,
+#ifdef SXNET_TEST
+    (X509V3_EXT_V2I)sxnet_v2i,
+#else
+    0,
+#endif
+    (X509V3_EXT_I2R)sxnet_i2r,
+    0,
+    NULL
+};
+
+ASN1_SEQUENCE(SXNETID) = {
+        ASN1_SIMPLE(SXNETID, zone, ASN1_INTEGER),
+        ASN1_SIMPLE(SXNETID, user, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(SXNETID)
+
+IMPLEMENT_ASN1_FUNCTIONS(SXNETID)
+
+ASN1_SEQUENCE(SXNET) = {
+        ASN1_SIMPLE(SXNET, version, ASN1_INTEGER),
+        ASN1_SEQUENCE_OF(SXNET, ids, SXNETID)
+} ASN1_SEQUENCE_END(SXNET)
+
+IMPLEMENT_ASN1_FUNCTIONS(SXNET)
+
+static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
+                     int indent)
+{
+    long v;
+    char *tmp;
+    SXNETID *id;
+    int i;
+    v = ASN1_INTEGER_get(sx->version);
+    BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", v + 1, v);
+    for (i = 0; i < sk_SXNETID_num(sx->ids); i++) {
+        id = sk_SXNETID_value(sx->ids, i);
+        tmp = i2s_ASN1_INTEGER(NULL, id->zone);
+        BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp);
+        OPENSSL_free(tmp);
+        ASN1_STRING_print(out, id->user);
+    }
+    return 1;
+}
+
+#ifdef SXNET_TEST
+
+/*
+ * NBB: this is used for testing only. It should *not* be used for anything
+ * else because it will just take static IDs from the configuration file and
+ * they should really be separate values for each user.
+ */
+
+static SXNET *sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+                        STACK_OF(CONF_VALUE) *nval)
+{
+    CONF_VALUE *cnf;
+    SXNET *sx = NULL;
+    int i;
+    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+        cnf = sk_CONF_VALUE_value(nval, i);
+        if (!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1))
+            return NULL;
+    }
+    return sx;
+}
+
+#endif
+
+/* Strong Extranet utility functions */
+
+/* Add an id given the zone as an ASCII number */
+
+int SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, int userlen)
+{
+    ASN1_INTEGER *izone;
+
+    if ((izone = s2i_ASN1_INTEGER(NULL, zone)) == NULL) {
+        X509V3err(X509V3_F_SXNET_ADD_ID_ASC, X509V3_R_ERROR_CONVERTING_ZONE);
+        return 0;
+    }
+    return SXNET_add_id_INTEGER(psx, izone, user, userlen);
+}
+
+/* Add an id given the zone as an unsigned long */
+
+int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user,
+                       int userlen)
+{
+    ASN1_INTEGER *izone;
+
+    if ((izone = ASN1_INTEGER_new()) == NULL
+        || !ASN1_INTEGER_set(izone, lzone)) {
+        X509V3err(X509V3_F_SXNET_ADD_ID_ULONG, ERR_R_MALLOC_FAILURE);
+        ASN1_INTEGER_free(izone);
+        return 0;
+    }
+    return SXNET_add_id_INTEGER(psx, izone, user, userlen);
+
+}
+
+/*
+ * Add an id given the zone as an ASN1_INTEGER. Note this version uses the
+ * passed integer and doesn't make a copy so don't free it up afterwards.
+ */
+
+int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, const char *user,
+                         int userlen)
+{
+    SXNET *sx = NULL;
+    SXNETID *id = NULL;
+    if (!psx || !zone || !user) {
+        X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,
+                  X509V3_R_INVALID_NULL_ARGUMENT);
+        return 0;
+    }
+    if (userlen == -1)
+        userlen = strlen(user);
+    if (userlen > 64) {
+        X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, X509V3_R_USER_TOO_LONG);
+        return 0;
+    }
+    if (*psx == NULL) {
+        if ((sx = SXNET_new()) == NULL)
+            goto err;
+        if (!ASN1_INTEGER_set(sx->version, 0))
+            goto err;
+        *psx = sx;
+    } else
+        sx = *psx;
+    if (SXNET_get_id_INTEGER(sx, zone)) {
+        X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, X509V3_R_DUPLICATE_ZONE_ID);
+        return 0;
+    }
+
+    if ((id = SXNETID_new()) == NULL)
+        goto err;
+    if (userlen == -1)
+        userlen = strlen(user);
+
+    if (!ASN1_OCTET_STRING_set(id->user, (const unsigned char *)user, userlen))
+        goto err;
+    if (!sk_SXNETID_push(sx->ids, id))
+        goto err;
+    id->zone = zone;
+    return 1;
+
+ err:
+    X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, ERR_R_MALLOC_FAILURE);
+    SXNETID_free(id);
+    SXNET_free(sx);
+    *psx = NULL;
+    return 0;
+}
+
+ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, const char *zone)
+{
+    ASN1_INTEGER *izone;
+    ASN1_OCTET_STRING *oct;
+
+    if ((izone = s2i_ASN1_INTEGER(NULL, zone)) == NULL) {
+        X509V3err(X509V3_F_SXNET_GET_ID_ASC, X509V3_R_ERROR_CONVERTING_ZONE);
+        return NULL;
+    }
+    oct = SXNET_get_id_INTEGER(sx, izone);
+    ASN1_INTEGER_free(izone);
+    return oct;
+}
+
+ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone)
+{
+    ASN1_INTEGER *izone;
+    ASN1_OCTET_STRING *oct;
+
+    if ((izone = ASN1_INTEGER_new()) == NULL
+        || !ASN1_INTEGER_set(izone, lzone)) {
+        X509V3err(X509V3_F_SXNET_GET_ID_ULONG, ERR_R_MALLOC_FAILURE);
+        ASN1_INTEGER_free(izone);
+        return NULL;
+    }
+    oct = SXNET_get_id_INTEGER(sx, izone);
+    ASN1_INTEGER_free(izone);
+    return oct;
+}
+
+ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone)
+{
+    SXNETID *id;
+    int i;
+    for (i = 0; i < sk_SXNETID_num(sx->ids); i++) {
+        id = sk_SXNETID_value(sx->ids, i);
+        if (!ASN1_INTEGER_cmp(id->zone, zone))
+            return id->user;
+    }
+    return NULL;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_tlsf.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_tlsf.c
new file mode 100644
index 000000000..7fd6ef17d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_tlsf.c
@@ -0,0 +1,137 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include "internal/cryptlib.h"
+#include <stdio.h>
+#include "internal/o_str.h"
+#include <openssl/asn1t.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+static STACK_OF(CONF_VALUE) *i2v_TLS_FEATURE(const X509V3_EXT_METHOD *method,
+                                             TLS_FEATURE *tls_feature,
+                                             STACK_OF(CONF_VALUE) *ext_list);
+static TLS_FEATURE *v2i_TLS_FEATURE(const X509V3_EXT_METHOD *method,
+                                    X509V3_CTX *ctx,
+                                    STACK_OF(CONF_VALUE) *nval);
+
+ASN1_ITEM_TEMPLATE(TLS_FEATURE) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, TLS_FEATURE, ASN1_INTEGER)
+static_ASN1_ITEM_TEMPLATE_END(TLS_FEATURE)
+
+IMPLEMENT_ASN1_ALLOC_FUNCTIONS(TLS_FEATURE)
+
+const X509V3_EXT_METHOD v3_tls_feature = {
+    NID_tlsfeature, 0,
+    ASN1_ITEM_ref(TLS_FEATURE),
+    0, 0, 0, 0,
+    0, 0,
+    (X509V3_EXT_I2V)i2v_TLS_FEATURE,
+    (X509V3_EXT_V2I)v2i_TLS_FEATURE,
+    0, 0,
+    NULL
+};
+
+
+typedef struct {
+    long num;
+    const char *name;
+} TLS_FEATURE_NAME;
+
+static TLS_FEATURE_NAME tls_feature_tbl[] = {
+    { 5, "status_request" },
+    { 17, "status_request_v2" }
+};
+
+/*
+ * i2v_TLS_FEATURE converts the TLS_FEATURE structure tls_feature into the
+ * STACK_OF(CONF_VALUE) structure ext_list. STACK_OF(CONF_VALUE) is the format
+ * used by the CONF library to represent a multi-valued extension.  ext_list is
+ * returned.
+ */
+static STACK_OF(CONF_VALUE) *i2v_TLS_FEATURE(const X509V3_EXT_METHOD *method,
+                                             TLS_FEATURE *tls_feature,
+                                             STACK_OF(CONF_VALUE) *ext_list)
+{
+    int i;
+    size_t j;
+    ASN1_INTEGER *ai;
+    long tlsextid;
+    for (i = 0; i < sk_ASN1_INTEGER_num(tls_feature); i++) {
+        ai = sk_ASN1_INTEGER_value(tls_feature, i);
+        tlsextid = ASN1_INTEGER_get(ai);
+        for (j = 0; j < OSSL_NELEM(tls_feature_tbl); j++)
+            if (tlsextid == tls_feature_tbl[j].num)
+                break;
+        if (j < OSSL_NELEM(tls_feature_tbl))
+            X509V3_add_value(NULL, tls_feature_tbl[j].name, &ext_list);
+        else
+            X509V3_add_value_int(NULL, ai, &ext_list);
+    }
+    return ext_list;
+}
+
+/*
+ * v2i_TLS_FEATURE converts the multi-valued extension nval into a TLS_FEATURE
+ * structure, which is returned if the conversion is successful.  In case of
+ * error, NULL is returned.
+ */
+static TLS_FEATURE *v2i_TLS_FEATURE(const X509V3_EXT_METHOD *method,
+                                    X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+{
+    TLS_FEATURE *tlsf;
+    char *extval, *endptr;
+    ASN1_INTEGER *ai;
+    CONF_VALUE *val;
+    int i;
+    size_t j;
+    long tlsextid;
+
+    if ((tlsf = sk_ASN1_INTEGER_new_null()) == NULL) {
+        X509V3err(X509V3_F_V2I_TLS_FEATURE, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+        val = sk_CONF_VALUE_value(nval, i);
+        if (val->value)
+            extval = val->value;
+        else
+            extval = val->name;
+
+        for (j = 0; j < OSSL_NELEM(tls_feature_tbl); j++)
+            if (strcasecmp(extval, tls_feature_tbl[j].name) == 0)
+                break;
+        if (j < OSSL_NELEM(tls_feature_tbl))
+            tlsextid = tls_feature_tbl[j].num;
+        else {
+            tlsextid = strtol(extval, &endptr, 10);
+            if (((*endptr) != '\0') || (extval == endptr) || (tlsextid < 0) ||
+                (tlsextid > 65535)) {
+                X509V3err(X509V3_F_V2I_TLS_FEATURE, X509V3_R_INVALID_SYNTAX);
+                X509V3_conf_err(val);
+                goto err;
+            }
+        }
+
+        if ((ai = ASN1_INTEGER_new()) == NULL
+                || !ASN1_INTEGER_set(ai, tlsextid)
+                || sk_ASN1_INTEGER_push(tlsf, ai) <= 0) {
+            X509V3err(X509V3_F_V2I_TLS_FEATURE, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+    return tlsf;
+
+ err:
+    sk_ASN1_INTEGER_pop_free(tlsf, ASN1_INTEGER_free);
+    return NULL;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_utl.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_utl.c
new file mode 100644
index 000000000..c9b40d2c7
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_utl.c
@@ -0,0 +1,1239 @@
+/*
+ * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* X509 v3 extension utilities */
+
+#include "e_os.h"
+#include "internal/cryptlib.h"
+#include <stdio.h>
+#include "internal/ctype.h"
+#include <openssl/conf.h>
+#include <openssl/crypto.h>
+#include <openssl/x509v3.h>
+#include "internal/x509_int.h"
+#include <openssl/bn.h>
+#include "ext_dat.h"
+
+static char *strip_spaces(char *name);
+static int sk_strcmp(const char *const *a, const char *const *b);
+static STACK_OF(OPENSSL_STRING) *get_email(X509_NAME *name,
+                                           GENERAL_NAMES *gens);
+static void str_free(OPENSSL_STRING str);
+static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, const ASN1_IA5STRING *email);
+
+static int ipv4_from_asc(unsigned char *v4, const char *in);
+static int ipv6_from_asc(unsigned char *v6, const char *in);
+static int ipv6_cb(const char *elem, int len, void *usr);
+static int ipv6_hex(unsigned char *out, const char *in, int inlen);
+
+/* Add a CONF_VALUE name value pair to stack */
+
+int X509V3_add_value(const char *name, const char *value,
+                     STACK_OF(CONF_VALUE) **extlist)
+{
+    CONF_VALUE *vtmp = NULL;
+    char *tname = NULL, *tvalue = NULL;
+    int sk_allocated = (*extlist == NULL);
+
+    if (name && (tname = OPENSSL_strdup(name)) == NULL)
+        goto err;
+    if (value && (tvalue = OPENSSL_strdup(value)) == NULL)
+        goto err;
+    if ((vtmp = OPENSSL_malloc(sizeof(*vtmp))) == NULL)
+        goto err;
+    if (sk_allocated && (*extlist = sk_CONF_VALUE_new_null()) == NULL)
+        goto err;
+    vtmp->section = NULL;
+    vtmp->name = tname;
+    vtmp->value = tvalue;
+    if (!sk_CONF_VALUE_push(*extlist, vtmp))
+        goto err;
+    return 1;
+ err:
+    X509V3err(X509V3_F_X509V3_ADD_VALUE, ERR_R_MALLOC_FAILURE);
+    if (sk_allocated) {
+        sk_CONF_VALUE_free(*extlist);
+        *extlist = NULL;
+    }
+    OPENSSL_free(vtmp);
+    OPENSSL_free(tname);
+    OPENSSL_free(tvalue);
+    return 0;
+}
+
+int X509V3_add_value_uchar(const char *name, const unsigned char *value,
+                           STACK_OF(CONF_VALUE) **extlist)
+{
+    return X509V3_add_value(name, (const char *)value, extlist);
+}
+
+/* Free function for STACK_OF(CONF_VALUE) */
+
+void X509V3_conf_free(CONF_VALUE *conf)
+{
+    if (!conf)
+        return;
+    OPENSSL_free(conf->name);
+    OPENSSL_free(conf->value);
+    OPENSSL_free(conf->section);
+    OPENSSL_free(conf);
+}
+
+int X509V3_add_value_bool(const char *name, int asn1_bool,
+                          STACK_OF(CONF_VALUE) **extlist)
+{
+    if (asn1_bool)
+        return X509V3_add_value(name, "TRUE", extlist);
+    return X509V3_add_value(name, "FALSE", extlist);
+}
+
+int X509V3_add_value_bool_nf(const char *name, int asn1_bool,
+                             STACK_OF(CONF_VALUE) **extlist)
+{
+    if (asn1_bool)
+        return X509V3_add_value(name, "TRUE", extlist);
+    return 1;
+}
+
+static char *bignum_to_string(const BIGNUM *bn)
+{
+    char *tmp, *ret;
+    size_t len;
+
+    /*
+     * Display large numbers in hex and small numbers in decimal. Converting to
+     * decimal takes quadratic time and is no more useful than hex for large
+     * numbers.
+     */
+    if (BN_num_bits(bn) < 128)
+        return BN_bn2dec(bn);
+
+    tmp = BN_bn2hex(bn);
+    if (tmp == NULL)
+        return NULL;
+
+    len = strlen(tmp) + 3;
+    ret = OPENSSL_malloc(len);
+    if (ret == NULL) {
+        X509V3err(X509V3_F_BIGNUM_TO_STRING, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(tmp);
+        return NULL;
+    }
+
+    /* Prepend "0x", but place it after the "-" if negative. */
+    if (tmp[0] == '-') {
+        OPENSSL_strlcpy(ret, "-0x", len);
+        OPENSSL_strlcat(ret, tmp + 1, len);
+    } else {
+        OPENSSL_strlcpy(ret, "0x", len);
+        OPENSSL_strlcat(ret, tmp, len);
+    }
+    OPENSSL_free(tmp);
+    return ret;
+}
+
+char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, const ASN1_ENUMERATED *a)
+{
+    BIGNUM *bntmp = NULL;
+    char *strtmp = NULL;
+
+    if (!a)
+        return NULL;
+    if ((bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) == NULL
+        || (strtmp = bignum_to_string(bntmp)) == NULL)
+        X509V3err(X509V3_F_I2S_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE);
+    BN_free(bntmp);
+    return strtmp;
+}
+
+char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, const ASN1_INTEGER *a)
+{
+    BIGNUM *bntmp = NULL;
+    char *strtmp = NULL;
+
+    if (!a)
+        return NULL;
+    if ((bntmp = ASN1_INTEGER_to_BN(a, NULL)) == NULL
+        || (strtmp = bignum_to_string(bntmp)) == NULL)
+        X509V3err(X509V3_F_I2S_ASN1_INTEGER, ERR_R_MALLOC_FAILURE);
+    BN_free(bntmp);
+    return strtmp;
+}
+
+ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, const char *value)
+{
+    BIGNUM *bn = NULL;
+    ASN1_INTEGER *aint;
+    int isneg, ishex;
+    int ret;
+    if (value == NULL) {
+        X509V3err(X509V3_F_S2I_ASN1_INTEGER, X509V3_R_INVALID_NULL_VALUE);
+        return NULL;
+    }
+    bn = BN_new();
+    if (bn == NULL) {
+        X509V3err(X509V3_F_S2I_ASN1_INTEGER, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    if (value[0] == '-') {
+        value++;
+        isneg = 1;
+    } else
+        isneg = 0;
+
+    if (value[0] == '0' && ((value[1] == 'x') || (value[1] == 'X'))) {
+        value += 2;
+        ishex = 1;
+    } else
+        ishex = 0;
+
+    if (ishex)
+        ret = BN_hex2bn(&bn, value);
+    else
+        ret = BN_dec2bn(&bn, value);
+
+    if (!ret || value[ret]) {
+        BN_free(bn);
+        X509V3err(X509V3_F_S2I_ASN1_INTEGER, X509V3_R_BN_DEC2BN_ERROR);
+        return NULL;
+    }
+
+    if (isneg && BN_is_zero(bn))
+        isneg = 0;
+
+    aint = BN_to_ASN1_INTEGER(bn, NULL);
+    BN_free(bn);
+    if (!aint) {
+        X509V3err(X509V3_F_S2I_ASN1_INTEGER,
+                  X509V3_R_BN_TO_ASN1_INTEGER_ERROR);
+        return NULL;
+    }
+    if (isneg)
+        aint->type |= V_ASN1_NEG;
+    return aint;
+}
+
+int X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint,
+                         STACK_OF(CONF_VALUE) **extlist)
+{
+    char *strtmp;
+    int ret;
+
+    if (!aint)
+        return 1;
+    if ((strtmp = i2s_ASN1_INTEGER(NULL, aint)) == NULL)
+        return 0;
+    ret = X509V3_add_value(name, strtmp, extlist);
+    OPENSSL_free(strtmp);
+    return ret;
+}
+
+int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool)
+{
+    const char *btmp;
+
+    if ((btmp = value->value) == NULL)
+        goto err;
+    if (strcmp(btmp, "TRUE") == 0
+        || strcmp(btmp, "true") == 0
+        || strcmp(btmp, "Y") == 0
+        || strcmp(btmp, "y") == 0
+        || strcmp(btmp, "YES") == 0
+        || strcmp(btmp, "yes") == 0) {
+        *asn1_bool = 0xff;
+        return 1;
+    }
+    if (strcmp(btmp, "FALSE") == 0
+        || strcmp(btmp, "false") == 0
+        || strcmp(btmp, "N") == 0
+        || strcmp(btmp, "n") == 0
+        || strcmp(btmp, "NO") == 0
+        || strcmp(btmp, "no") == 0) {
+        *asn1_bool = 0;
+        return 1;
+    }
+ err:
+    X509V3err(X509V3_F_X509V3_GET_VALUE_BOOL,
+              X509V3_R_INVALID_BOOLEAN_STRING);
+    X509V3_conf_err(value);
+    return 0;
+}
+
+int X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint)
+{
+    ASN1_INTEGER *itmp;
+
+    if ((itmp = s2i_ASN1_INTEGER(NULL, value->value)) == NULL) {
+        X509V3_conf_err(value);
+        return 0;
+    }
+    *aint = itmp;
+    return 1;
+}
+
+#define HDR_NAME        1
+#define HDR_VALUE       2
+
+/*
+ * #define DEBUG
+ */
+
+STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line)
+{
+    char *p, *q, c;
+    char *ntmp, *vtmp;
+    STACK_OF(CONF_VALUE) *values = NULL;
+    char *linebuf;
+    int state;
+    /* We are going to modify the line so copy it first */
+    linebuf = OPENSSL_strdup(line);
+    if (linebuf == NULL) {
+        X509V3err(X509V3_F_X509V3_PARSE_LIST, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    state = HDR_NAME;
+    ntmp = NULL;
+    /* Go through all characters */
+    for (p = linebuf, q = linebuf; (c = *p) && (c != '\r') && (c != '\n');
+         p++) {
+
+        switch (state) {
+        case HDR_NAME:
+            if (c == ':') {
+                state = HDR_VALUE;
+                *p = 0;
+                ntmp = strip_spaces(q);
+                if (!ntmp) {
+                    X509V3err(X509V3_F_X509V3_PARSE_LIST,
+                              X509V3_R_INVALID_NULL_NAME);
+                    goto err;
+                }
+                q = p + 1;
+            } else if (c == ',') {
+                *p = 0;
+                ntmp = strip_spaces(q);
+                q = p + 1;
+                if (!ntmp) {
+                    X509V3err(X509V3_F_X509V3_PARSE_LIST,
+                              X509V3_R_INVALID_NULL_NAME);
+                    goto err;
+                }
+                X509V3_add_value(ntmp, NULL, &values);
+            }
+            break;
+
+        case HDR_VALUE:
+            if (c == ',') {
+                state = HDR_NAME;
+                *p = 0;
+                vtmp = strip_spaces(q);
+                if (!vtmp) {
+                    X509V3err(X509V3_F_X509V3_PARSE_LIST,
+                              X509V3_R_INVALID_NULL_VALUE);
+                    goto err;
+                }
+                X509V3_add_value(ntmp, vtmp, &values);
+                ntmp = NULL;
+                q = p + 1;
+            }
+
+        }
+    }
+
+    if (state == HDR_VALUE) {
+        vtmp = strip_spaces(q);
+        if (!vtmp) {
+            X509V3err(X509V3_F_X509V3_PARSE_LIST,
+                      X509V3_R_INVALID_NULL_VALUE);
+            goto err;
+        }
+        X509V3_add_value(ntmp, vtmp, &values);
+    } else {
+        ntmp = strip_spaces(q);
+        if (!ntmp) {
+            X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
+            goto err;
+        }
+        X509V3_add_value(ntmp, NULL, &values);
+    }
+    OPENSSL_free(linebuf);
+    return values;
+
+ err:
+    OPENSSL_free(linebuf);
+    sk_CONF_VALUE_pop_free(values, X509V3_conf_free);
+    return NULL;
+
+}
+
+/* Delete leading and trailing spaces from a string */
+static char *strip_spaces(char *name)
+{
+    char *p, *q;
+    /* Skip over leading spaces */
+    p = name;
+    while (*p && ossl_isspace(*p))
+        p++;
+    if (!*p)
+        return NULL;
+    q = p + strlen(p) - 1;
+    while ((q != p) && ossl_isspace(*q))
+        q--;
+    if (p != q)
+        q[1] = 0;
+    if (!*p)
+        return NULL;
+    return p;
+}
+
+
+/*
+ * V2I name comparison function: returns zero if 'name' matches cmp or cmp.*
+ */
+
+int name_cmp(const char *name, const char *cmp)
+{
+    int len, ret;
+    char c;
+    len = strlen(cmp);
+    if ((ret = strncmp(name, cmp, len)))
+        return ret;
+    c = name[len];
+    if (!c || (c == '.'))
+        return 0;
+    return 1;
+}
+
+static int sk_strcmp(const char *const *a, const char *const *b)
+{
+    return strcmp(*a, *b);
+}
+
+STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x)
+{
+    GENERAL_NAMES *gens;
+    STACK_OF(OPENSSL_STRING) *ret;
+
+    gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
+    ret = get_email(X509_get_subject_name(x), gens);
+    sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
+    return ret;
+}
+
+STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x)
+{
+    AUTHORITY_INFO_ACCESS *info;
+    STACK_OF(OPENSSL_STRING) *ret = NULL;
+    int i;
+
+    info = X509_get_ext_d2i(x, NID_info_access, NULL, NULL);
+    if (!info)
+        return NULL;
+    for (i = 0; i < sk_ACCESS_DESCRIPTION_num(info); i++) {
+        ACCESS_DESCRIPTION *ad = sk_ACCESS_DESCRIPTION_value(info, i);
+        if (OBJ_obj2nid(ad->method) == NID_ad_OCSP) {
+            if (ad->location->type == GEN_URI) {
+                if (!append_ia5
+                    (&ret, ad->location->d.uniformResourceIdentifier))
+                    break;
+            }
+        }
+    }
+    AUTHORITY_INFO_ACCESS_free(info);
+    return ret;
+}
+
+STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x)
+{
+    GENERAL_NAMES *gens;
+    STACK_OF(X509_EXTENSION) *exts;
+    STACK_OF(OPENSSL_STRING) *ret;
+
+    exts = X509_REQ_get_extensions(x);
+    gens = X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL);
+    ret = get_email(X509_REQ_get_subject_name(x), gens);
+    sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
+    sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
+    return ret;
+}
+
+static STACK_OF(OPENSSL_STRING) *get_email(X509_NAME *name,
+                                           GENERAL_NAMES *gens)
+{
+    STACK_OF(OPENSSL_STRING) *ret = NULL;
+    X509_NAME_ENTRY *ne;
+    const ASN1_IA5STRING *email;
+    GENERAL_NAME *gen;
+    int i = -1;
+
+    /* Now add any email address(es) to STACK */
+    /* First supplied X509_NAME */
+    while ((i = X509_NAME_get_index_by_NID(name,
+                                           NID_pkcs9_emailAddress, i)) >= 0) {
+        ne = X509_NAME_get_entry(name, i);
+        email = X509_NAME_ENTRY_get_data(ne);
+        if (!append_ia5(&ret, email))
+            return NULL;
+    }
+    for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
+        gen = sk_GENERAL_NAME_value(gens, i);
+        if (gen->type != GEN_EMAIL)
+            continue;
+        if (!append_ia5(&ret, gen->d.ia5))
+            return NULL;
+    }
+    return ret;
+}
+
+static void str_free(OPENSSL_STRING str)
+{
+    OPENSSL_free(str);
+}
+
+static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, const ASN1_IA5STRING *email)
+{
+    char *emtmp;
+    /* First some sanity checks */
+    if (email->type != V_ASN1_IA5STRING)
+        return 1;
+    if (!email->data || !email->length)
+        return 1;
+    if (*sk == NULL)
+        *sk = sk_OPENSSL_STRING_new(sk_strcmp);
+    if (*sk == NULL)
+        return 0;
+    /* Don't add duplicates */
+    if (sk_OPENSSL_STRING_find(*sk, (char *)email->data) != -1)
+        return 1;
+    emtmp = OPENSSL_strdup((char *)email->data);
+    if (emtmp == NULL || !sk_OPENSSL_STRING_push(*sk, emtmp)) {
+        OPENSSL_free(emtmp);    /* free on push failure */
+        X509_email_free(*sk);
+        *sk = NULL;
+        return 0;
+    }
+    return 1;
+}
+
+void X509_email_free(STACK_OF(OPENSSL_STRING) *sk)
+{
+    sk_OPENSSL_STRING_pop_free(sk, str_free);
+}
+
+typedef int (*equal_fn) (const unsigned char *pattern, size_t pattern_len,
+                         const unsigned char *subject, size_t subject_len,
+                         unsigned int flags);
+
+/* Skip pattern prefix to match "wildcard" subject */
+static void skip_prefix(const unsigned char **p, size_t *plen,
+                        size_t subject_len,
+                        unsigned int flags)
+{
+    const unsigned char *pattern = *p;
+    size_t pattern_len = *plen;
+
+    /*
+     * If subject starts with a leading '.' followed by more octets, and
+     * pattern is longer, compare just an equal-length suffix with the
+     * full subject (starting at the '.'), provided the prefix contains
+     * no NULs.
+     */
+    if ((flags & _X509_CHECK_FLAG_DOT_SUBDOMAINS) == 0)
+        return;
+
+    while (pattern_len > subject_len && *pattern) {
+        if ((flags & X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS) &&
+            *pattern == '.')
+            break;
+        ++pattern;
+        --pattern_len;
+    }
+
+    /* Skip if entire prefix acceptable */
+    if (pattern_len == subject_len) {
+        *p = pattern;
+        *plen = pattern_len;
+    }
+}
+
+/* Compare while ASCII ignoring case. */
+static int equal_nocase(const unsigned char *pattern, size_t pattern_len,
+                        const unsigned char *subject, size_t subject_len,
+                        unsigned int flags)
+{
+    skip_prefix(&pattern, &pattern_len, subject_len, flags);
+    if (pattern_len != subject_len)
+        return 0;
+    while (pattern_len) {
+        unsigned char l = *pattern;
+        unsigned char r = *subject;
+        /* The pattern must not contain NUL characters. */
+        if (l == 0)
+            return 0;
+        if (l != r) {
+            if ('A' <= l && l <= 'Z')
+                l = (l - 'A') + 'a';
+            if ('A' <= r && r <= 'Z')
+                r = (r - 'A') + 'a';
+            if (l != r)
+                return 0;
+        }
+        ++pattern;
+        ++subject;
+        --pattern_len;
+    }
+    return 1;
+}
+
+/* Compare using memcmp. */
+static int equal_case(const unsigned char *pattern, size_t pattern_len,
+                      const unsigned char *subject, size_t subject_len,
+                      unsigned int flags)
+{
+    skip_prefix(&pattern, &pattern_len, subject_len, flags);
+    if (pattern_len != subject_len)
+        return 0;
+    return !memcmp(pattern, subject, pattern_len);
+}
+
+/*
+ * RFC 5280, section 7.5, requires that only the domain is compared in a
+ * case-insensitive manner.
+ */
+static int equal_email(const unsigned char *a, size_t a_len,
+                       const unsigned char *b, size_t b_len,
+                       unsigned int unused_flags)
+{
+    size_t i = a_len;
+    if (a_len != b_len)
+        return 0;
+    /*
+     * We search backwards for the '@' character, so that we do not have to
+     * deal with quoted local-parts.  The domain part is compared in a
+     * case-insensitive manner.
+     */
+    while (i > 0) {
+        --i;
+        if (a[i] == '@' || b[i] == '@') {
+            if (!equal_nocase(a + i, a_len - i, b + i, a_len - i, 0))
+                return 0;
+            break;
+        }
+    }
+    if (i == 0)
+        i = a_len;
+    return equal_case(a, i, b, i, 0);
+}
+
+/*
+ * Compare the prefix and suffix with the subject, and check that the
+ * characters in-between are valid.
+ */
+static int wildcard_match(const unsigned char *prefix, size_t prefix_len,
+                          const unsigned char *suffix, size_t suffix_len,
+                          const unsigned char *subject, size_t subject_len,
+                          unsigned int flags)
+{
+    const unsigned char *wildcard_start;
+    const unsigned char *wildcard_end;
+    const unsigned char *p;
+    int allow_multi = 0;
+    int allow_idna = 0;
+
+    if (subject_len < prefix_len + suffix_len)
+        return 0;
+    if (!equal_nocase(prefix, prefix_len, subject, prefix_len, flags))
+        return 0;
+    wildcard_start = subject + prefix_len;
+    wildcard_end = subject + (subject_len - suffix_len);
+    if (!equal_nocase(wildcard_end, suffix_len, suffix, suffix_len, flags))
+        return 0;
+    /*
+     * If the wildcard makes up the entire first label, it must match at
+     * least one character.
+     */
+    if (prefix_len == 0 && *suffix == '.') {
+        if (wildcard_start == wildcard_end)
+            return 0;
+        allow_idna = 1;
+        if (flags & X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS)
+            allow_multi = 1;
+    }
+    /* IDNA labels cannot match partial wildcards */
+    if (!allow_idna &&
+        subject_len >= 4 && strncasecmp((char *)subject, "xn--", 4) == 0)
+        return 0;
+    /* The wildcard may match a literal '*' */
+    if (wildcard_end == wildcard_start + 1 && *wildcard_start == '*')
+        return 1;
+    /*
+     * Check that the part matched by the wildcard contains only
+     * permitted characters and only matches a single label unless
+     * allow_multi is set.
+     */
+    for (p = wildcard_start; p != wildcard_end; ++p)
+        if (!(('0' <= *p && *p <= '9') ||
+              ('A' <= *p && *p <= 'Z') ||
+              ('a' <= *p && *p <= 'z') ||
+              *p == '-' || (allow_multi && *p == '.')))
+            return 0;
+    return 1;
+}
+
+#define LABEL_START     (1 << 0)
+#define LABEL_END       (1 << 1)
+#define LABEL_HYPHEN    (1 << 2)
+#define LABEL_IDNA      (1 << 3)
+
+static const unsigned char *valid_star(const unsigned char *p, size_t len,
+                                       unsigned int flags)
+{
+    const unsigned char *star = 0;
+    size_t i;
+    int state = LABEL_START;
+    int dots = 0;
+    for (i = 0; i < len; ++i) {
+        /*
+         * Locate first and only legal wildcard, either at the start
+         * or end of a non-IDNA first and not final label.
+         */
+        if (p[i] == '*') {
+            int atstart = (state & LABEL_START);
+            int atend = (i == len - 1 || p[i + 1] == '.');
+            /*-
+             * At most one wildcard per pattern.
+             * No wildcards in IDNA labels.
+             * No wildcards after the first label.
+             */
+            if (star != NULL || (state & LABEL_IDNA) != 0 || dots)
+                return NULL;
+            /* Only full-label '*.example.com' wildcards? */
+            if ((flags & X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS)
+                && (!atstart || !atend))
+                return NULL;
+            /* No 'foo*bar' wildcards */
+            if (!atstart && !atend)
+                return NULL;
+            star = &p[i];
+            state &= ~LABEL_START;
+        } else if (('a' <= p[i] && p[i] <= 'z')
+                   || ('A' <= p[i] && p[i] <= 'Z')
+                   || ('0' <= p[i] && p[i] <= '9')) {
+            if ((state & LABEL_START) != 0
+                && len - i >= 4 && strncasecmp((char *)&p[i], "xn--", 4) == 0)
+                state |= LABEL_IDNA;
+            state &= ~(LABEL_HYPHEN | LABEL_START);
+        } else if (p[i] == '.') {
+            if ((state & (LABEL_HYPHEN | LABEL_START)) != 0)
+                return NULL;
+            state = LABEL_START;
+            ++dots;
+        } else if (p[i] == '-') {
+            /* no domain/subdomain starts with '-' */
+            if ((state & LABEL_START) != 0)
+                return NULL;
+            state |= LABEL_HYPHEN;
+        } else
+            return NULL;
+    }
+
+    /*
+     * The final label must not end in a hyphen or ".", and
+     * there must be at least two dots after the star.
+     */
+    if ((state & (LABEL_START | LABEL_HYPHEN)) != 0 || dots < 2)
+        return NULL;
+    return star;
+}
+
+/* Compare using wildcards. */
+static int equal_wildcard(const unsigned char *pattern, size_t pattern_len,
+                          const unsigned char *subject, size_t subject_len,
+                          unsigned int flags)
+{
+    const unsigned char *star = NULL;
+
+    /*
+     * Subject names starting with '.' can only match a wildcard pattern
+     * via a subject sub-domain pattern suffix match.
+     */
+    if (!(subject_len > 1 && subject[0] == '.'))
+        star = valid_star(pattern, pattern_len, flags);
+    if (star == NULL)
+        return equal_nocase(pattern, pattern_len,
+                            subject, subject_len, flags);
+    return wildcard_match(pattern, star - pattern,
+                          star + 1, (pattern + pattern_len) - star - 1,
+                          subject, subject_len, flags);
+}
+
+/*
+ * Compare an ASN1_STRING to a supplied string. If they match return 1. If
+ * cmp_type > 0 only compare if string matches the type, otherwise convert it
+ * to UTF8.
+ */
+
+static int do_check_string(const ASN1_STRING *a, int cmp_type, equal_fn equal,
+                           unsigned int flags, const char *b, size_t blen,
+                           char **peername)
+{
+    int rv = 0;
+
+    if (!a->data || !a->length)
+        return 0;
+    if (cmp_type > 0) {
+        if (cmp_type != a->type)
+            return 0;
+        if (cmp_type == V_ASN1_IA5STRING)
+            rv = equal(a->data, a->length, (unsigned char *)b, blen, flags);
+        else if (a->length == (int)blen && !memcmp(a->data, b, blen))
+            rv = 1;
+        if (rv > 0 && peername)
+            *peername = OPENSSL_strndup((char *)a->data, a->length);
+    } else {
+        int astrlen;
+        unsigned char *astr;
+        astrlen = ASN1_STRING_to_UTF8(&astr, a);
+        if (astrlen < 0) {
+            /*
+             * -1 could be an internal malloc failure or a decoding error from
+             * malformed input; we can't distinguish.
+             */
+            return -1;
+        }
+        rv = equal(astr, astrlen, (unsigned char *)b, blen, flags);
+        if (rv > 0 && peername)
+            *peername = OPENSSL_strndup((char *)astr, astrlen);
+        OPENSSL_free(astr);
+    }
+    return rv;
+}
+
+static int do_x509_check(X509 *x, const char *chk, size_t chklen,
+                         unsigned int flags, int check_type, char **peername)
+{
+    GENERAL_NAMES *gens = NULL;
+    X509_NAME *name = NULL;
+    int i;
+    int cnid = NID_undef;
+    int alt_type;
+    int san_present = 0;
+    int rv = 0;
+    equal_fn equal;
+
+    /* See below, this flag is internal-only */
+    flags &= ~_X509_CHECK_FLAG_DOT_SUBDOMAINS;
+    if (check_type == GEN_EMAIL) {
+        cnid = NID_pkcs9_emailAddress;
+        alt_type = V_ASN1_IA5STRING;
+        equal = equal_email;
+    } else if (check_type == GEN_DNS) {
+        cnid = NID_commonName;
+        /* Implicit client-side DNS sub-domain pattern */
+        if (chklen > 1 && chk[0] == '.')
+            flags |= _X509_CHECK_FLAG_DOT_SUBDOMAINS;
+        alt_type = V_ASN1_IA5STRING;
+        if (flags & X509_CHECK_FLAG_NO_WILDCARDS)
+            equal = equal_nocase;
+        else
+            equal = equal_wildcard;
+    } else {
+        alt_type = V_ASN1_OCTET_STRING;
+        equal = equal_case;
+    }
+
+    if (chklen == 0)
+        chklen = strlen(chk);
+
+    gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
+    if (gens) {
+        for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
+            GENERAL_NAME *gen;
+            ASN1_STRING *cstr;
+            gen = sk_GENERAL_NAME_value(gens, i);
+            if (gen->type != check_type)
+                continue;
+            san_present = 1;
+            if (check_type == GEN_EMAIL)
+                cstr = gen->d.rfc822Name;
+            else if (check_type == GEN_DNS)
+                cstr = gen->d.dNSName;
+            else
+                cstr = gen->d.iPAddress;
+            /* Positive on success, negative on error! */
+            if ((rv = do_check_string(cstr, alt_type, equal, flags,
+                                      chk, chklen, peername)) != 0)
+                break;
+        }
+        GENERAL_NAMES_free(gens);
+        if (rv != 0)
+            return rv;
+        if (san_present && !(flags & X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT))
+            return 0;
+    }
+
+    /* We're done if CN-ID is not pertinent */
+    if (cnid == NID_undef || (flags & X509_CHECK_FLAG_NEVER_CHECK_SUBJECT))
+        return 0;
+
+    i = -1;
+    name = X509_get_subject_name(x);
+    while ((i = X509_NAME_get_index_by_NID(name, cnid, i)) >= 0) {
+        const X509_NAME_ENTRY *ne = X509_NAME_get_entry(name, i);
+        const ASN1_STRING *str = X509_NAME_ENTRY_get_data(ne);
+
+        /* Positive on success, negative on error! */
+        if ((rv = do_check_string(str, -1, equal, flags,
+                                  chk, chklen, peername)) != 0)
+            return rv;
+    }
+    return 0;
+}
+
+int X509_check_host(X509 *x, const char *chk, size_t chklen,
+                    unsigned int flags, char **peername)
+{
+    if (chk == NULL)
+        return -2;
+    /*
+     * Embedded NULs are disallowed, except as the last character of a
+     * string of length 2 or more (tolerate caller including terminating
+     * NUL in string length).
+     */
+    if (chklen == 0)
+        chklen = strlen(chk);
+    else if (memchr(chk, '\0', chklen > 1 ? chklen - 1 : chklen))
+        return -2;
+    if (chklen > 1 && chk[chklen - 1] == '\0')
+        --chklen;
+    return do_x509_check(x, chk, chklen, flags, GEN_DNS, peername);
+}
+
+int X509_check_email(X509 *x, const char *chk, size_t chklen,
+                     unsigned int flags)
+{
+    if (chk == NULL)
+        return -2;
+    /*
+     * Embedded NULs are disallowed, except as the last character of a
+     * string of length 2 or more (tolerate caller including terminating
+     * NUL in string length).
+     */
+    if (chklen == 0)
+        chklen = strlen((char *)chk);
+    else if (memchr(chk, '\0', chklen > 1 ? chklen - 1 : chklen))
+        return -2;
+    if (chklen > 1 && chk[chklen - 1] == '\0')
+        --chklen;
+    return do_x509_check(x, chk, chklen, flags, GEN_EMAIL, NULL);
+}
+
+int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen,
+                  unsigned int flags)
+{
+    if (chk == NULL)
+        return -2;
+    return do_x509_check(x, (char *)chk, chklen, flags, GEN_IPADD, NULL);
+}
+
+int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags)
+{
+    unsigned char ipout[16];
+    size_t iplen;
+
+    if (ipasc == NULL)
+        return -2;
+    iplen = (size_t)a2i_ipadd(ipout, ipasc);
+    if (iplen == 0)
+        return -2;
+    return do_x509_check(x, (char *)ipout, iplen, flags, GEN_IPADD, NULL);
+}
+
+/*
+ * Convert IP addresses both IPv4 and IPv6 into an OCTET STRING compatible
+ * with RFC3280.
+ */
+
+ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc)
+{
+    unsigned char ipout[16];
+    ASN1_OCTET_STRING *ret;
+    int iplen;
+
+    /* If string contains a ':' assume IPv6 */
+
+    iplen = a2i_ipadd(ipout, ipasc);
+
+    if (!iplen)
+        return NULL;
+
+    ret = ASN1_OCTET_STRING_new();
+    if (ret == NULL)
+        return NULL;
+    if (!ASN1_OCTET_STRING_set(ret, ipout, iplen)) {
+        ASN1_OCTET_STRING_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc)
+{
+    ASN1_OCTET_STRING *ret = NULL;
+    unsigned char ipout[32];
+    char *iptmp = NULL, *p;
+    int iplen1, iplen2;
+    p = strchr(ipasc, '/');
+    if (!p)
+        return NULL;
+    iptmp = OPENSSL_strdup(ipasc);
+    if (!iptmp)
+        return NULL;
+    p = iptmp + (p - ipasc);
+    *p++ = 0;
+
+    iplen1 = a2i_ipadd(ipout, iptmp);
+
+    if (!iplen1)
+        goto err;
+
+    iplen2 = a2i_ipadd(ipout + iplen1, p);
+
+    OPENSSL_free(iptmp);
+    iptmp = NULL;
+
+    if (!iplen2 || (iplen1 != iplen2))
+        goto err;
+
+    ret = ASN1_OCTET_STRING_new();
+    if (ret == NULL)
+        goto err;
+    if (!ASN1_OCTET_STRING_set(ret, ipout, iplen1 + iplen2))
+        goto err;
+
+    return ret;
+
+ err:
+    OPENSSL_free(iptmp);
+    ASN1_OCTET_STRING_free(ret);
+    return NULL;
+}
+
+int a2i_ipadd(unsigned char *ipout, const char *ipasc)
+{
+    /* If string contains a ':' assume IPv6 */
+
+    if (strchr(ipasc, ':')) {
+        if (!ipv6_from_asc(ipout, ipasc))
+            return 0;
+        return 16;
+    } else {
+        if (!ipv4_from_asc(ipout, ipasc))
+            return 0;
+        return 4;
+    }
+}
+
+static int ipv4_from_asc(unsigned char *v4, const char *in)
+{
+    int a0, a1, a2, a3;
+    if (sscanf(in, "%d.%d.%d.%d", &a0, &a1, &a2, &a3) != 4)
+        return 0;
+    if ((a0 < 0) || (a0 > 255) || (a1 < 0) || (a1 > 255)
+        || (a2 < 0) || (a2 > 255) || (a3 < 0) || (a3 > 255))
+        return 0;
+    v4[0] = a0;
+    v4[1] = a1;
+    v4[2] = a2;
+    v4[3] = a3;
+    return 1;
+}
+
+typedef struct {
+    /* Temporary store for IPV6 output */
+    unsigned char tmp[16];
+    /* Total number of bytes in tmp */
+    int total;
+    /* The position of a zero (corresponding to '::') */
+    int zero_pos;
+    /* Number of zeroes */
+    int zero_cnt;
+} IPV6_STAT;
+
+static int ipv6_from_asc(unsigned char *v6, const char *in)
+{
+    IPV6_STAT v6stat;
+    v6stat.total = 0;
+    v6stat.zero_pos = -1;
+    v6stat.zero_cnt = 0;
+    /*
+     * Treat the IPv6 representation as a list of values separated by ':'.
+     * The presence of a '::' will parse as one, two or three zero length
+     * elements.
+     */
+    if (!CONF_parse_list(in, ':', 0, ipv6_cb, &v6stat))
+        return 0;
+
+    /* Now for some sanity checks */
+
+    if (v6stat.zero_pos == -1) {
+        /* If no '::' must have exactly 16 bytes */
+        if (v6stat.total != 16)
+            return 0;
+    } else {
+        /* If '::' must have less than 16 bytes */
+        if (v6stat.total == 16)
+            return 0;
+        /* More than three zeroes is an error */
+        if (v6stat.zero_cnt > 3)
+            return 0;
+        /* Can only have three zeroes if nothing else present */
+        else if (v6stat.zero_cnt == 3) {
+            if (v6stat.total > 0)
+                return 0;
+        }
+        /* Can only have two zeroes if at start or end */
+        else if (v6stat.zero_cnt == 2) {
+            if ((v6stat.zero_pos != 0)
+                && (v6stat.zero_pos != v6stat.total))
+                return 0;
+        } else
+            /* Can only have one zero if *not* start or end */
+        {
+            if ((v6stat.zero_pos == 0)
+                || (v6stat.zero_pos == v6stat.total))
+                return 0;
+        }
+    }
+
+    /* Format result */
+
+    if (v6stat.zero_pos >= 0) {
+        /* Copy initial part */
+        memcpy(v6, v6stat.tmp, v6stat.zero_pos);
+        /* Zero middle */
+        memset(v6 + v6stat.zero_pos, 0, 16 - v6stat.total);
+        /* Copy final part */
+        if (v6stat.total != v6stat.zero_pos)
+            memcpy(v6 + v6stat.zero_pos + 16 - v6stat.total,
+                   v6stat.tmp + v6stat.zero_pos,
+                   v6stat.total - v6stat.zero_pos);
+    } else
+        memcpy(v6, v6stat.tmp, 16);
+
+    return 1;
+}
+
+static int ipv6_cb(const char *elem, int len, void *usr)
+{
+    IPV6_STAT *s = usr;
+    /* Error if 16 bytes written */
+    if (s->total == 16)
+        return 0;
+    if (len == 0) {
+        /* Zero length element, corresponds to '::' */
+        if (s->zero_pos == -1)
+            s->zero_pos = s->total;
+        /* If we've already got a :: its an error */
+        else if (s->zero_pos != s->total)
+            return 0;
+        s->zero_cnt++;
+    } else {
+        /* If more than 4 characters could be final a.b.c.d form */
+        if (len > 4) {
+            /* Need at least 4 bytes left */
+            if (s->total > 12)
+                return 0;
+            /* Must be end of string */
+            if (elem[len])
+                return 0;
+            if (!ipv4_from_asc(s->tmp + s->total, elem))
+                return 0;
+            s->total += 4;
+        } else {
+            if (!ipv6_hex(s->tmp + s->total, elem, len))
+                return 0;
+            s->total += 2;
+        }
+    }
+    return 1;
+}
+
+/*
+ * Convert a string of up to 4 hex digits into the corresponding IPv6 form.
+ */
+
+static int ipv6_hex(unsigned char *out, const char *in, int inlen)
+{
+    unsigned char c;
+    unsigned int num = 0;
+    int x;
+
+    if (inlen > 4)
+        return 0;
+    while (inlen--) {
+        c = *in++;
+        num <<= 4;
+        x = OPENSSL_hexchar2int(c);
+        if (x < 0)
+            return 0;
+        num |= (char)x;
+    }
+    out[0] = num >> 8;
+    out[1] = num & 0xff;
+    return 1;
+}
+
+int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk,
+                             unsigned long chtype)
+{
+    CONF_VALUE *v;
+    int i, mval, spec_char, plus_char;
+    char *p, *type;
+    if (!nm)
+        return 0;
+
+    for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++) {
+        v = sk_CONF_VALUE_value(dn_sk, i);
+        type = v->name;
+        /*
+         * Skip past any leading X. X: X, etc to allow for multiple instances
+         */
+        for (p = type; *p; p++) {
+#ifndef CHARSET_EBCDIC
+            spec_char = ((*p == ':') || (*p == ',') || (*p == '.'));
+#else
+            spec_char = ((*p == os_toascii[':']) || (*p == os_toascii[','])
+                    || (*p == os_toascii['.']));
+#endif
+            if (spec_char) {
+                p++;
+                if (*p)
+                    type = p;
+                break;
+            }
+        }
+#ifndef CHARSET_EBCDIC
+        plus_char = (*type == '+');
+#else
+        plus_char = (*type == os_toascii['+']);
+#endif
+        if (plus_char) {
+            mval = -1;
+            type++;
+        } else
+            mval = 0;
+        if (!X509_NAME_add_entry_by_txt(nm, type, chtype,
+                                        (unsigned char *)v->value, -1, -1,
+                                        mval))
+            return 0;
+
+    }
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3err.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3err.c
new file mode 100644
index 000000000..4f2ea52a4
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3err.c
@@ -0,0 +1,257 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/x509v3err.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA X509V3_str_functs[] = {
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_A2I_GENERAL_NAME, 0),
+     "a2i_GENERAL_NAME"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_ADDR_VALIDATE_PATH_INTERNAL, 0),
+     "addr_validate_path_internal"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, 0),
+     "ASIdentifierChoice_canonize"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL, 0),
+     "ASIdentifierChoice_is_canonical"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_BIGNUM_TO_STRING, 0),
+     "bignum_to_string"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_COPY_EMAIL, 0), "copy_email"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_COPY_ISSUER, 0), "copy_issuer"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_DO_DIRNAME, 0), "do_dirname"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_DO_EXT_I2D, 0), "do_ext_i2d"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_DO_EXT_NCONF, 0), "do_ext_nconf"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_GNAMES_FROM_SECTNAME, 0),
+     "gnames_from_sectname"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_I2S_ASN1_ENUMERATED, 0),
+     "i2s_ASN1_ENUMERATED"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_I2S_ASN1_IA5STRING, 0),
+     "i2s_ASN1_IA5STRING"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_I2S_ASN1_INTEGER, 0),
+     "i2s_ASN1_INTEGER"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_I2V_AUTHORITY_INFO_ACCESS, 0),
+     "i2v_AUTHORITY_INFO_ACCESS"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_LEVEL_ADD_NODE, 0), "level_add_node"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_NOTICE_SECTION, 0), "notice_section"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_NREF_NOS, 0), "nref_nos"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_POLICY_CACHE_CREATE, 0),
+     "policy_cache_create"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_POLICY_CACHE_NEW, 0),
+     "policy_cache_new"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_POLICY_DATA_NEW, 0), "policy_data_new"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_POLICY_SECTION, 0), "policy_section"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_PROCESS_PCI_VALUE, 0),
+     "process_pci_value"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_R2I_CERTPOL, 0), "r2i_certpol"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_R2I_PCI, 0), "r2i_pci"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_S2I_ASN1_IA5STRING, 0),
+     "s2i_ASN1_IA5STRING"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_S2I_ASN1_INTEGER, 0),
+     "s2i_ASN1_INTEGER"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_S2I_ASN1_OCTET_STRING, 0),
+     "s2i_ASN1_OCTET_STRING"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_S2I_SKEY_ID, 0), "s2i_skey_id"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_SET_DIST_POINT_NAME, 0),
+     "set_dist_point_name"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_SXNET_ADD_ID_ASC, 0),
+     "SXNET_add_id_asc"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_SXNET_ADD_ID_INTEGER, 0),
+     "SXNET_add_id_INTEGER"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_SXNET_ADD_ID_ULONG, 0),
+     "SXNET_add_id_ulong"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_SXNET_GET_ID_ASC, 0),
+     "SXNET_get_id_asc"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_SXNET_GET_ID_ULONG, 0),
+     "SXNET_get_id_ulong"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_TREE_INIT, 0), "tree_init"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_ASIDENTIFIERS, 0),
+     "v2i_ASIdentifiers"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_ASN1_BIT_STRING, 0),
+     "v2i_ASN1_BIT_STRING"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_AUTHORITY_INFO_ACCESS, 0),
+     "v2i_AUTHORITY_INFO_ACCESS"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_AUTHORITY_KEYID, 0),
+     "v2i_AUTHORITY_KEYID"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_BASIC_CONSTRAINTS, 0),
+     "v2i_BASIC_CONSTRAINTS"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_CRLD, 0), "v2i_crld"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_EXTENDED_KEY_USAGE, 0),
+     "v2i_EXTENDED_KEY_USAGE"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_GENERAL_NAMES, 0),
+     "v2i_GENERAL_NAMES"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_GENERAL_NAME_EX, 0),
+     "v2i_GENERAL_NAME_ex"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_IDP, 0), "v2i_idp"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_IPADDRBLOCKS, 0),
+     "v2i_IPAddrBlocks"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_ISSUER_ALT, 0), "v2i_issuer_alt"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_NAME_CONSTRAINTS, 0),
+     "v2i_NAME_CONSTRAINTS"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_POLICY_CONSTRAINTS, 0),
+     "v2i_POLICY_CONSTRAINTS"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_POLICY_MAPPINGS, 0),
+     "v2i_POLICY_MAPPINGS"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_SUBJECT_ALT, 0), "v2i_subject_alt"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_TLS_FEATURE, 0), "v2i_TLS_FEATURE"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V3_GENERIC_EXTENSION, 0),
+     "v3_generic_extension"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_ADD1_I2D, 0), "X509V3_add1_i2d"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_ADD_VALUE, 0),
+     "X509V3_add_value"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_EXT_ADD, 0), "X509V3_EXT_add"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_EXT_ADD_ALIAS, 0),
+     "X509V3_EXT_add_alias"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_EXT_I2D, 0), "X509V3_EXT_i2d"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_EXT_NCONF, 0),
+     "X509V3_EXT_nconf"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_GET_SECTION, 0),
+     "X509V3_get_section"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_GET_STRING, 0),
+     "X509V3_get_string"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_GET_VALUE_BOOL, 0),
+     "X509V3_get_value_bool"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_PARSE_LIST, 0),
+     "X509V3_parse_list"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509_PURPOSE_ADD, 0),
+     "X509_PURPOSE_add"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509_PURPOSE_SET, 0),
+     "X509_PURPOSE_set"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA X509V3_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_BAD_IP_ADDRESS), "bad ip address"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_BAD_OBJECT), "bad object"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_BN_DEC2BN_ERROR), "bn dec2bn error"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_BN_TO_ASN1_INTEGER_ERROR),
+    "bn to asn1 integer error"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_DIRNAME_ERROR), "dirname error"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_DISTPOINT_ALREADY_SET),
+    "distpoint already set"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_DUPLICATE_ZONE_ID),
+    "duplicate zone id"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_ERROR_CONVERTING_ZONE),
+    "error converting zone"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_ERROR_CREATING_EXTENSION),
+    "error creating extension"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_ERROR_IN_EXTENSION),
+    "error in extension"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXPECTED_A_SECTION_NAME),
+    "expected a section name"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXTENSION_EXISTS),
+    "extension exists"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXTENSION_NAME_ERROR),
+    "extension name error"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXTENSION_NOT_FOUND),
+    "extension not found"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED),
+    "extension setting not supported"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXTENSION_VALUE_ERROR),
+    "extension value error"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_ILLEGAL_EMPTY_EXTENSION),
+    "illegal empty extension"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INCORRECT_POLICY_SYNTAX_TAG),
+    "incorrect policy syntax tag"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_ASNUMBER),
+    "invalid asnumber"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_ASRANGE), "invalid asrange"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_BOOLEAN_STRING),
+    "invalid boolean string"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_EXTENSION_STRING),
+    "invalid extension string"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_INHERITANCE),
+    "invalid inheritance"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_IPADDRESS),
+    "invalid ipaddress"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_MULTIPLE_RDNS),
+    "invalid multiple rdns"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_NAME), "invalid name"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_NULL_ARGUMENT),
+    "invalid null argument"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_NULL_NAME),
+    "invalid null name"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_NULL_VALUE),
+    "invalid null value"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_NUMBER), "invalid number"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_NUMBERS), "invalid numbers"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_OBJECT_IDENTIFIER),
+    "invalid object identifier"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_OPTION), "invalid option"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_POLICY_IDENTIFIER),
+    "invalid policy identifier"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_PROXY_POLICY_SETTING),
+    "invalid proxy policy setting"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_PURPOSE), "invalid purpose"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_SAFI), "invalid safi"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_SECTION), "invalid section"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_SYNTAX), "invalid syntax"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_ISSUER_DECODE_ERROR),
+    "issuer decode error"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_MISSING_VALUE), "missing value"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NEED_ORGANIZATION_AND_NUMBERS),
+    "need organization and numbers"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_CONFIG_DATABASE),
+    "no config database"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_ISSUER_CERTIFICATE),
+    "no issuer certificate"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_ISSUER_DETAILS),
+    "no issuer details"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_POLICY_IDENTIFIER),
+    "no policy identifier"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED),
+    "no proxy cert policy language defined"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_PUBLIC_KEY), "no public key"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_SUBJECT_DETAILS),
+    "no subject details"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_OPERATION_NOT_DEFINED),
+    "operation not defined"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_OTHERNAME_ERROR), "othername error"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED),
+    "policy language already defined"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_POLICY_PATH_LENGTH),
+    "policy path length"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED),
+    "policy path length already defined"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY),
+    "policy when proxy language requires no policy"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_SECTION_NOT_FOUND),
+    "section not found"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS),
+    "unable to get issuer details"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNABLE_TO_GET_ISSUER_KEYID),
+    "unable to get issuer keyid"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT),
+    "unknown bit string argument"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNKNOWN_EXTENSION),
+    "unknown extension"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNKNOWN_EXTENSION_NAME),
+    "unknown extension name"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNKNOWN_OPTION), "unknown option"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNSUPPORTED_OPTION),
+    "unsupported option"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNSUPPORTED_TYPE),
+    "unsupported type"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_USER_TOO_LONG), "user too long"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_X509V3_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(X509V3_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(X509V3_str_functs);
+        ERR_load_strings_const(X509V3_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x86_64cpuid.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/x86_64cpuid.pl
new file mode 100644
index 000000000..6423e803b
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x86_64cpuid.pl
@@ -0,0 +1,495 @@
+#! /usr/bin/env perl
+# Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+($arg1,$arg2,$arg3,$arg4)=$win64?("%rcx","%rdx","%r8", "%r9") :	# Win64 order
+				 ("%rdi","%rsi","%rdx","%rcx");	# Unix order
+
+print<<___;
+.extern		OPENSSL_cpuid_setup
+.hidden		OPENSSL_cpuid_setup
+.section	.init
+	call	OPENSSL_cpuid_setup
+
+.hidden	OPENSSL_ia32cap_P
+.comm	OPENSSL_ia32cap_P,16,4
+
+.text
+
+.globl	OPENSSL_atomic_add
+.type	OPENSSL_atomic_add,\@abi-omnipotent
+.align	16
+OPENSSL_atomic_add:
+	movl	($arg1),%eax
+.Lspin:	leaq	($arg2,%rax),%r8
+	.byte	0xf0		# lock
+	cmpxchgl	%r8d,($arg1)
+	jne	.Lspin
+	movl	%r8d,%eax
+	.byte	0x48,0x98	# cltq/cdqe
+	ret
+.size	OPENSSL_atomic_add,.-OPENSSL_atomic_add
+
+.globl	OPENSSL_rdtsc
+.type	OPENSSL_rdtsc,\@abi-omnipotent
+.align	16
+OPENSSL_rdtsc:
+	rdtsc
+	shl	\$32,%rdx
+	or	%rdx,%rax
+	ret
+.size	OPENSSL_rdtsc,.-OPENSSL_rdtsc
+
+.globl	OPENSSL_ia32_cpuid
+.type	OPENSSL_ia32_cpuid,\@function,1
+.align	16
+OPENSSL_ia32_cpuid:
+.cfi_startproc
+	mov	%rbx,%r8		# save %rbx
+.cfi_register	%rbx,%r8
+
+	xor	%eax,%eax
+	mov	%rax,8(%rdi)		# clear extended feature flags
+	cpuid
+	mov	%eax,%r11d		# max value for standard query level
+
+	xor	%eax,%eax
+	cmp	\$0x756e6547,%ebx	# "Genu"
+	setne	%al
+	mov	%eax,%r9d
+	cmp	\$0x49656e69,%edx	# "ineI"
+	setne	%al
+	or	%eax,%r9d
+	cmp	\$0x6c65746e,%ecx	# "ntel"
+	setne	%al
+	or	%eax,%r9d		# 0 indicates Intel CPU
+	jz	.Lintel
+
+	cmp	\$0x68747541,%ebx	# "Auth"
+	setne	%al
+	mov	%eax,%r10d
+	cmp	\$0x69746E65,%edx	# "enti"
+	setne	%al
+	or	%eax,%r10d
+	cmp	\$0x444D4163,%ecx	# "cAMD"
+	setne	%al
+	or	%eax,%r10d		# 0 indicates AMD CPU
+	jnz	.Lintel
+
+	# AMD specific
+	mov	\$0x80000000,%eax
+	cpuid
+	cmp	\$0x80000001,%eax
+	jb	.Lintel
+	mov	%eax,%r10d
+	mov	\$0x80000001,%eax
+	cpuid
+	or	%ecx,%r9d
+	and	\$0x00000801,%r9d	# isolate AMD XOP bit, 1<<11
+
+	cmp	\$0x80000008,%r10d
+	jb	.Lintel
+
+	mov	\$0x80000008,%eax
+	cpuid
+	movzb	%cl,%r10		# number of cores - 1
+	inc	%r10			# number of cores
+
+	mov	\$1,%eax
+	cpuid
+	bt	\$28,%edx		# test hyper-threading bit
+	jnc	.Lgeneric
+	shr	\$16,%ebx		# number of logical processors
+	cmp	%r10b,%bl
+	ja	.Lgeneric
+	and	\$0xefffffff,%edx	# ~(1<<28)
+	jmp	.Lgeneric
+
+.Lintel:
+	cmp	\$4,%r11d
+	mov	\$-1,%r10d
+	jb	.Lnocacheinfo
+
+	mov	\$4,%eax
+	mov	\$0,%ecx		# query L1D
+	cpuid
+	mov	%eax,%r10d
+	shr	\$14,%r10d
+	and	\$0xfff,%r10d		# number of cores -1 per L1D
+
+.Lnocacheinfo:
+	mov	\$1,%eax
+	cpuid
+	movd	%eax,%xmm0		# put aside processor id
+	and	\$0xbfefffff,%edx	# force reserved bits to 0
+	cmp	\$0,%r9d
+	jne	.Lnotintel
+	or	\$0x40000000,%edx	# set reserved bit#30 on Intel CPUs
+	and	\$15,%ah
+	cmp	\$15,%ah		# examine Family ID
+	jne	.LnotP4
+	or	\$0x00100000,%edx	# set reserved bit#20 to engage RC4_CHAR
+.LnotP4:
+	cmp	\$6,%ah
+	jne	.Lnotintel
+	and	\$0x0fff0ff0,%eax
+	cmp	\$0x00050670,%eax	# Knights Landing
+	je	.Lknights
+	cmp	\$0x00080650,%eax	# Knights Mill (according to sde)
+	jne	.Lnotintel
+.Lknights:
+	and	\$0xfbffffff,%ecx	# clear XSAVE flag to mimic Silvermont
+
+.Lnotintel:
+	bt	\$28,%edx		# test hyper-threading bit
+	jnc	.Lgeneric
+	and	\$0xefffffff,%edx	# ~(1<<28)
+	cmp	\$0,%r10d
+	je	.Lgeneric
+
+	or	\$0x10000000,%edx	# 1<<28
+	shr	\$16,%ebx
+	cmp	\$1,%bl			# see if cache is shared
+	ja	.Lgeneric
+	and	\$0xefffffff,%edx	# ~(1<<28)
+.Lgeneric:
+	and	\$0x00000800,%r9d	# isolate AMD XOP flag
+	and	\$0xfffff7ff,%ecx
+	or	%ecx,%r9d		# merge AMD XOP flag
+
+	mov	%edx,%r10d		# %r9d:%r10d is copy of %ecx:%edx
+
+	cmp	\$7,%r11d
+	jb	.Lno_extended_info
+	mov	\$7,%eax
+	xor	%ecx,%ecx
+	cpuid
+	bt	\$26,%r9d		# check XSAVE bit, cleared on Knights
+	jc	.Lnotknights
+	and	\$0xfff7ffff,%ebx	# clear ADCX/ADOX flag
+.Lnotknights:
+	movd	%xmm0,%eax		# restore processor id
+	and	\$0x0fff0ff0,%eax
+	cmp	\$0x00050650,%eax	# Skylake-X
+	jne	.Lnotskylakex
+	and	\$0xfffeffff,%ebx	# ~(1<<16)
+					# suppress AVX512F flag on Skylake-X
+.Lnotskylakex:
+	mov	%ebx,8(%rdi)		# save extended feature flags
+	mov	%ecx,12(%rdi)
+.Lno_extended_info:
+
+	bt	\$27,%r9d		# check OSXSAVE bit
+	jnc	.Lclear_avx
+	xor	%ecx,%ecx		# XCR0
+	.byte	0x0f,0x01,0xd0		# xgetbv
+	and	\$0xe6,%eax		# isolate XMM, YMM and ZMM state support
+	cmp	\$0xe6,%eax
+	je	.Ldone
+	andl	\$0x3fdeffff,8(%rdi)	# ~(1<<31|1<<30|1<<21|1<<16)
+					# clear AVX512F+BW+VL+FIMA, all of
+					# them are EVEX-encoded, which requires
+					# ZMM state support even if one uses
+					# only XMM and YMM :-(
+	and	\$6,%eax		# isolate XMM and YMM state support
+	cmp	\$6,%eax
+	je	.Ldone
+.Lclear_avx:
+	mov	\$0xefffe7ff,%eax	# ~(1<<28|1<<12|1<<11)
+	and	%eax,%r9d		# clear AVX, FMA and AMD XOP bits
+	mov	\$0x3fdeffdf,%eax	# ~(1<<31|1<<30|1<<21|1<<16|1<<5)
+	and	%eax,8(%rdi)		# clear AVX2 and AVX512* bits
+.Ldone:
+	shl	\$32,%r9
+	mov	%r10d,%eax
+	mov	%r8,%rbx		# restore %rbx
+.cfi_restore	%rbx
+	or	%r9,%rax
+	ret
+.cfi_endproc
+.size	OPENSSL_ia32_cpuid,.-OPENSSL_ia32_cpuid
+
+.globl  OPENSSL_cleanse
+.type   OPENSSL_cleanse,\@abi-omnipotent
+.align  16
+OPENSSL_cleanse:
+	xor	%rax,%rax
+	cmp	\$15,$arg2
+	jae	.Lot
+	cmp	\$0,$arg2
+	je	.Lret
+.Little:
+	mov	%al,($arg1)
+	sub	\$1,$arg2
+	lea	1($arg1),$arg1
+	jnz	.Little
+.Lret:
+	ret
+.align	16
+.Lot:
+	test	\$7,$arg1
+	jz	.Laligned
+	mov	%al,($arg1)
+	lea	-1($arg2),$arg2
+	lea	1($arg1),$arg1
+	jmp	.Lot
+.Laligned:
+	mov	%rax,($arg1)
+	lea	-8($arg2),$arg2
+	test	\$-8,$arg2
+	lea	8($arg1),$arg1
+	jnz	.Laligned
+	cmp	\$0,$arg2
+	jne	.Little
+	ret
+.size	OPENSSL_cleanse,.-OPENSSL_cleanse
+
+.globl  CRYPTO_memcmp
+.type   CRYPTO_memcmp,\@abi-omnipotent
+.align  16
+CRYPTO_memcmp:
+	xor	%rax,%rax
+	xor	%r10,%r10
+	cmp	\$0,$arg3
+	je	.Lno_data
+	cmp	\$16,$arg3
+	jne	.Loop_cmp
+	mov	($arg1),%r10
+	mov	8($arg1),%r11
+	mov	\$1,$arg3
+	xor	($arg2),%r10
+	xor	8($arg2),%r11
+	or	%r11,%r10
+	cmovnz	$arg3,%rax
+	ret
+
+.align	16
+.Loop_cmp:
+	mov	($arg1),%r10b
+	lea	1($arg1),$arg1
+	xor	($arg2),%r10b
+	lea	1($arg2),$arg2
+	or	%r10b,%al
+	dec	$arg3
+	jnz	.Loop_cmp
+	neg	%rax
+	shr	\$63,%rax
+.Lno_data:
+	ret
+.size	CRYPTO_memcmp,.-CRYPTO_memcmp
+___
+
+print<<___ if (!$win64);
+.globl	OPENSSL_wipe_cpu
+.type	OPENSSL_wipe_cpu,\@abi-omnipotent
+.align	16
+OPENSSL_wipe_cpu:
+	pxor	%xmm0,%xmm0
+	pxor	%xmm1,%xmm1
+	pxor	%xmm2,%xmm2
+	pxor	%xmm3,%xmm3
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+	pxor	%xmm6,%xmm6
+	pxor	%xmm7,%xmm7
+	pxor	%xmm8,%xmm8
+	pxor	%xmm9,%xmm9
+	pxor	%xmm10,%xmm10
+	pxor	%xmm11,%xmm11
+	pxor	%xmm12,%xmm12
+	pxor	%xmm13,%xmm13
+	pxor	%xmm14,%xmm14
+	pxor	%xmm15,%xmm15
+	xorq	%rcx,%rcx
+	xorq	%rdx,%rdx
+	xorq	%rsi,%rsi
+	xorq	%rdi,%rdi
+	xorq	%r8,%r8
+	xorq	%r9,%r9
+	xorq	%r10,%r10
+	xorq	%r11,%r11
+	leaq	8(%rsp),%rax
+	ret
+.size	OPENSSL_wipe_cpu,.-OPENSSL_wipe_cpu
+___
+print<<___ if ($win64);
+.globl	OPENSSL_wipe_cpu
+.type	OPENSSL_wipe_cpu,\@abi-omnipotent
+.align	16
+OPENSSL_wipe_cpu:
+	pxor	%xmm0,%xmm0
+	pxor	%xmm1,%xmm1
+	pxor	%xmm2,%xmm2
+	pxor	%xmm3,%xmm3
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+	xorq	%rcx,%rcx
+	xorq	%rdx,%rdx
+	xorq	%r8,%r8
+	xorq	%r9,%r9
+	xorq	%r10,%r10
+	xorq	%r11,%r11
+	leaq	8(%rsp),%rax
+	ret
+.size	OPENSSL_wipe_cpu,.-OPENSSL_wipe_cpu
+___
+{
+my $out="%r10";
+my $cnt="%rcx";
+my $max="%r11";
+my $lasttick="%r8d";
+my $lastdiff="%r9d";
+my $redzone=win64?8:-8;
+
+print<<___;
+.globl	OPENSSL_instrument_bus
+.type	OPENSSL_instrument_bus,\@abi-omnipotent
+.align	16
+OPENSSL_instrument_bus:
+	mov	$arg1,$out	# tribute to Win64
+	mov	$arg2,$cnt
+	mov	$arg2,$max
+
+	rdtsc			# collect 1st tick
+	mov	%eax,$lasttick	# lasttick = tick
+	mov	\$0,$lastdiff	# lastdiff = 0
+	clflush	($out)
+	.byte	0xf0		# lock
+	add	$lastdiff,($out)
+	jmp	.Loop
+.align	16
+.Loop:	rdtsc
+	mov	%eax,%edx
+	sub	$lasttick,%eax
+	mov	%edx,$lasttick
+	mov	%eax,$lastdiff
+	clflush	($out)
+	.byte	0xf0		# lock
+	add	%eax,($out)
+	lea	4($out),$out
+	sub	\$1,$cnt
+	jnz	.Loop
+
+	mov	$max,%rax
+	ret
+.size	OPENSSL_instrument_bus,.-OPENSSL_instrument_bus
+
+.globl	OPENSSL_instrument_bus2
+.type	OPENSSL_instrument_bus2,\@abi-omnipotent
+.align	16
+OPENSSL_instrument_bus2:
+	mov	$arg1,$out	# tribute to Win64
+	mov	$arg2,$cnt
+	mov	$arg3,$max
+	mov	$cnt,$redzone(%rsp)
+
+	rdtsc			# collect 1st tick
+	mov	%eax,$lasttick	# lasttick = tick
+	mov	\$0,$lastdiff	# lastdiff = 0
+
+	clflush	($out)
+	.byte	0xf0		# lock
+	add	$lastdiff,($out)
+
+	rdtsc			# collect 1st diff
+	mov	%eax,%edx
+	sub	$lasttick,%eax	# diff
+	mov	%edx,$lasttick	# lasttick = tick
+	mov	%eax,$lastdiff	# lastdiff = diff
+.Loop2:
+	clflush	($out)
+	.byte	0xf0		# lock
+	add	%eax,($out)	# accumulate diff
+
+	sub	\$1,$max
+	jz	.Ldone2
+
+	rdtsc
+	mov	%eax,%edx
+	sub	$lasttick,%eax	# diff
+	mov	%edx,$lasttick	# lasttick = tick
+	cmp	$lastdiff,%eax
+	mov	%eax,$lastdiff	# lastdiff = diff
+	mov	\$0,%edx
+	setne	%dl
+	sub	%rdx,$cnt	# conditional --$cnt
+	lea	($out,%rdx,4),$out	# conditional ++$out
+	jnz	.Loop2
+
+.Ldone2:
+	mov	$redzone(%rsp),%rax
+	sub	$cnt,%rax
+	ret
+.size	OPENSSL_instrument_bus2,.-OPENSSL_instrument_bus2
+___
+}
+
+sub gen_random {
+my $rdop = shift;
+print<<___;
+.globl	OPENSSL_ia32_${rdop}_bytes
+.type	OPENSSL_ia32_${rdop}_bytes,\@abi-omnipotent
+.align	16
+OPENSSL_ia32_${rdop}_bytes:
+	xor	%rax, %rax	# return value
+	cmp	\$0,$arg2
+	je	.Ldone_${rdop}_bytes
+
+	mov	\$8,%r11
+.Loop_${rdop}_bytes:
+	${rdop}	%r10
+	jc	.Lbreak_${rdop}_bytes
+	dec	%r11
+	jnz	.Loop_${rdop}_bytes
+	jmp	.Ldone_${rdop}_bytes
+
+.align	16
+.Lbreak_${rdop}_bytes:
+	cmp	\$8,$arg2
+	jb	.Ltail_${rdop}_bytes
+	mov	%r10,($arg1)
+	lea	8($arg1),$arg1
+	add	\$8,%rax
+	sub	\$8,$arg2
+	jz	.Ldone_${rdop}_bytes
+	mov	\$8,%r11
+	jmp	.Loop_${rdop}_bytes
+
+.align	16
+.Ltail_${rdop}_bytes:
+	mov	%r10b,($arg1)
+	lea	1($arg1),$arg1
+	inc	%rax
+	shr	\$8,%r10
+	dec	$arg2
+	jnz	.Ltail_${rdop}_bytes
+
+.Ldone_${rdop}_bytes:
+	xor	%r10,%r10	# Clear sensitive data from register
+	ret
+.size	OPENSSL_ia32_${rdop}_bytes,.-OPENSSL_ia32_${rdop}_bytes
+___
+}
+gen_random("rdrand");
+gen_random("rdseed");
+
+close STDOUT;	# flush
diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x86cpuid.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/x86cpuid.pl
new file mode 100644
index 000000000..d43dda4d9
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x86cpuid.pl
@@ -0,0 +1,509 @@
+#! /usr/bin/env perl
+# Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC, "${dir}perlasm", "perlasm");
+require "x86asm.pl";
+
+$output = pop;
+open OUT,">$output";
+*STDOUT=*OUT;
+
+&asm_init($ARGV[0]);
+
+for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
+
+&function_begin("OPENSSL_ia32_cpuid");
+	&xor	("edx","edx");
+	&pushf	();
+	&pop	("eax");
+	&mov	("ecx","eax");
+	&xor	("eax",1<<21);
+	&push	("eax");
+	&popf	();
+	&pushf	();
+	&pop	("eax");
+	&xor	("ecx","eax");
+	&xor	("eax","eax");
+	&mov	("esi",&wparam(0));
+	&mov	(&DWP(8,"esi"),"eax");	# clear extended feature flags
+	&bt	("ecx",21);
+	&jnc	(&label("nocpuid"));
+	&cpuid	();
+	&mov	("edi","eax");		# max value for standard query level
+
+	&xor	("eax","eax");
+	&cmp	("ebx",0x756e6547);	# "Genu"
+	&setne	(&LB("eax"));
+	&mov	("ebp","eax");
+	&cmp	("edx",0x49656e69);	# "ineI"
+	&setne	(&LB("eax"));
+	&or	("ebp","eax");
+	&cmp	("ecx",0x6c65746e);	# "ntel"
+	&setne	(&LB("eax"));
+	&or	("ebp","eax");		# 0 indicates Intel CPU
+	&jz	(&label("intel"));
+
+	&cmp	("ebx",0x68747541);	# "Auth"
+	&setne	(&LB("eax"));
+	&mov	("esi","eax");
+	&cmp	("edx",0x69746E65);	# "enti"
+	&setne	(&LB("eax"));
+	&or	("esi","eax");
+	&cmp	("ecx",0x444D4163);	# "cAMD"
+	&setne	(&LB("eax"));
+	&or	("esi","eax");		# 0 indicates AMD CPU
+	&jnz	(&label("intel"));
+
+	# AMD specific
+	&mov	("eax",0x80000000);
+	&cpuid	();
+	&cmp	("eax",0x80000001);
+	&jb	(&label("intel"));
+	&mov	("esi","eax");
+	&mov	("eax",0x80000001);
+	&cpuid	();
+	&or	("ebp","ecx");
+	&and	("ebp",1<<11|1);	# isolate XOP bit
+	&cmp	("esi",0x80000008);
+	&jb	(&label("intel"));
+
+	&mov	("eax",0x80000008);
+	&cpuid	();
+	&movz	("esi",&LB("ecx"));	# number of cores - 1
+	&inc	("esi");		# number of cores
+
+	&mov	("eax",1);
+	&xor	("ecx","ecx");
+	&cpuid	();
+	&bt	("edx",28);
+	&jnc	(&label("generic"));
+	&shr	("ebx",16);
+	&and	("ebx",0xff);
+	&cmp	("ebx","esi");
+	&ja	(&label("generic"));
+	&and	("edx",0xefffffff);	# clear hyper-threading bit
+	&jmp	(&label("generic"));
+
+&set_label("intel");
+	&cmp	("edi",4);
+	&mov	("esi",-1);
+	&jb	(&label("nocacheinfo"));
+
+	&mov	("eax",4);
+	&mov	("ecx",0);		# query L1D
+	&cpuid	();
+	&mov	("esi","eax");
+	&shr	("esi",14);
+	&and	("esi",0xfff);		# number of cores -1 per L1D
+
+&set_label("nocacheinfo");
+	&mov	("eax",1);
+	&xor	("ecx","ecx");
+	&cpuid	();
+	&and	("edx",0xbfefffff);	# force reserved bits #20, #30 to 0
+	&cmp	("ebp",0);
+	&jne	(&label("notintel"));
+	&or	("edx",1<<30);		# set reserved bit#30 on Intel CPUs
+	&and	(&HB("eax"),15);	# family ID
+	&cmp	(&HB("eax"),15);	# P4?
+	&jne	(&label("notintel"));
+	&or	("edx",1<<20);		# set reserved bit#20 to engage RC4_CHAR
+&set_label("notintel");
+	&bt	("edx",28);		# test hyper-threading bit
+	&jnc	(&label("generic"));
+	&and	("edx",0xefffffff);
+	&cmp	("esi",0);
+	&je	(&label("generic"));
+
+	&or	("edx",0x10000000);
+	&shr	("ebx",16);
+	&cmp	(&LB("ebx"),1);
+	&ja	(&label("generic"));
+	&and	("edx",0xefffffff);	# clear hyper-threading bit if not
+
+&set_label("generic");
+	&and	("ebp",1<<11);		# isolate AMD XOP flag
+	&and	("ecx",0xfffff7ff);	# force 11th bit to 0
+	&mov	("esi","edx");		# %ebp:%esi is copy of %ecx:%edx
+	&or	("ebp","ecx");		# merge AMD XOP flag
+
+	&cmp	("edi",7);
+	&mov	("edi",&wparam(0));
+	&jb	(&label("no_extended_info"));
+	&mov	("eax",7);
+	&xor	("ecx","ecx");
+	&cpuid	();
+	&mov	(&DWP(8,"edi"),"ebx");	# save extended feature flag
+&set_label("no_extended_info");
+
+	&bt	("ebp",27);		# check OSXSAVE bit
+	&jnc	(&label("clear_avx"));
+	&xor	("ecx","ecx");
+	&data_byte(0x0f,0x01,0xd0);	# xgetbv
+	&and	("eax",6);
+	&cmp	("eax",6);
+	&je	(&label("done"));
+	&cmp	("eax",2);
+	&je	(&label("clear_avx"));
+&set_label("clear_xmm");
+	&and	("ebp",0xfdfffffd);	# clear AESNI and PCLMULQDQ bits
+	&and	("esi",0xfeffffff);	# clear FXSR
+&set_label("clear_avx");
+	&and	("ebp",0xefffe7ff);	# clear AVX, FMA and AMD XOP bits
+	&and	(&DWP(8,"edi"),0xffffffdf);	# clear AVX2
+&set_label("done");
+	&mov	("eax","esi");
+	&mov	("edx","ebp");
+&set_label("nocpuid");
+&function_end("OPENSSL_ia32_cpuid");
+
+&external_label("OPENSSL_ia32cap_P");
+
+&function_begin_B("OPENSSL_rdtsc","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
+	&xor	("eax","eax");
+	&xor	("edx","edx");
+	&picmeup("ecx","OPENSSL_ia32cap_P");
+	&bt	(&DWP(0,"ecx"),4);
+	&jnc	(&label("notsc"));
+	&rdtsc	();
+&set_label("notsc");
+	&ret	();
+&function_end_B("OPENSSL_rdtsc");
+
+# This works in Ring 0 only [read DJGPP+MS-DOS+privileged DPMI host],
+# but it's safe to call it on any [supported] 32-bit platform...
+# Just check for [non-]zero return value...
+&function_begin_B("OPENSSL_instrument_halt","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
+	&picmeup("ecx","OPENSSL_ia32cap_P");
+	&bt	(&DWP(0,"ecx"),4);
+	&jnc	(&label("nohalt"));	# no TSC
+
+	&data_word(0x9058900e);		# push %cs; pop %eax
+	&and	("eax",3);
+	&jnz	(&label("nohalt"));	# not enough privileges
+
+	&pushf	();
+	&pop	("eax");
+	&bt	("eax",9);
+	&jnc	(&label("nohalt"));	# interrupts are disabled
+
+	&rdtsc	();
+	&push	("edx");
+	&push	("eax");
+	&halt	();
+	&rdtsc	();
+
+	&sub	("eax",&DWP(0,"esp"));
+	&sbb	("edx",&DWP(4,"esp"));
+	&add	("esp",8);
+	&ret	();
+
+&set_label("nohalt");
+	&xor	("eax","eax");
+	&xor	("edx","edx");
+	&ret	();
+&function_end_B("OPENSSL_instrument_halt");
+
+# Essentially there is only one use for this function. Under DJGPP:
+#
+#	#include <go32.h>
+#	...
+#	i=OPENSSL_far_spin(_dos_ds,0x46c);
+#	...
+# to obtain the number of spins till closest timer interrupt.
+
+&function_begin_B("OPENSSL_far_spin");
+	&pushf	();
+	&pop	("eax");
+	&bt	("eax",9);
+	&jnc	(&label("nospin"));	# interrupts are disabled
+
+	&mov	("eax",&DWP(4,"esp"));
+	&mov	("ecx",&DWP(8,"esp"));
+	&data_word (0x90d88e1e);	# push %ds, mov %eax,%ds
+	&xor	("eax","eax");
+	&mov	("edx",&DWP(0,"ecx"));
+	&jmp	(&label("spin"));
+
+	&align	(16);
+&set_label("spin");
+	&inc	("eax");
+	&cmp	("edx",&DWP(0,"ecx"));
+	&je	(&label("spin"));
+
+	&data_word (0x1f909090);	# pop	%ds
+	&ret	();
+
+&set_label("nospin");
+	&xor	("eax","eax");
+	&xor	("edx","edx");
+	&ret	();
+&function_end_B("OPENSSL_far_spin");
+
+&function_begin_B("OPENSSL_wipe_cpu","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
+	&xor	("eax","eax");
+	&xor	("edx","edx");
+	&picmeup("ecx","OPENSSL_ia32cap_P");
+	&mov	("ecx",&DWP(0,"ecx"));
+	&bt	(&DWP(0,"ecx"),1);
+	&jnc	(&label("no_x87"));
+	if ($sse2) {
+		&and	("ecx",1<<26|1<<24);	# check SSE2 and FXSR bits
+		&cmp	("ecx",1<<26|1<<24);
+		&jne	(&label("no_sse2"));
+		&pxor	("xmm0","xmm0");
+		&pxor	("xmm1","xmm1");
+		&pxor	("xmm2","xmm2");
+		&pxor	("xmm3","xmm3");
+		&pxor	("xmm4","xmm4");
+		&pxor	("xmm5","xmm5");
+		&pxor	("xmm6","xmm6");
+		&pxor	("xmm7","xmm7");
+	&set_label("no_sse2");
+	}
+	# just a bunch of fldz to zap the fp/mm bank followed by finit...
+	&data_word(0xeed9eed9,0xeed9eed9,0xeed9eed9,0xeed9eed9,0x90e3db9b);
+&set_label("no_x87");
+	&lea	("eax",&DWP(4,"esp"));
+	&ret	();
+&function_end_B("OPENSSL_wipe_cpu");
+
+&function_begin_B("OPENSSL_atomic_add");
+	&mov	("edx",&DWP(4,"esp"));	# fetch the pointer, 1st arg
+	&mov	("ecx",&DWP(8,"esp"));	# fetch the increment, 2nd arg
+	&push	("ebx");
+	&nop	();
+	&mov	("eax",&DWP(0,"edx"));
+&set_label("spin");
+	&lea	("ebx",&DWP(0,"eax","ecx"));
+	&nop	();
+	&data_word(0x1ab10ff0);	# lock;	cmpxchg	%ebx,(%edx)	# %eax is involved and is always reloaded
+	&jne	(&label("spin"));
+	&mov	("eax","ebx");	# OpenSSL expects the new value
+	&pop	("ebx");
+	&ret	();
+&function_end_B("OPENSSL_atomic_add");
+
+&function_begin_B("OPENSSL_cleanse");
+	&mov	("edx",&wparam(0));
+	&mov	("ecx",&wparam(1));
+	&xor	("eax","eax");
+	&cmp	("ecx",7);
+	&jae	(&label("lot"));
+	&cmp	("ecx",0);
+	&je	(&label("ret"));
+&set_label("little");
+	&mov	(&BP(0,"edx"),"al");
+	&sub	("ecx",1);
+	&lea	("edx",&DWP(1,"edx"));
+	&jnz	(&label("little"));
+&set_label("ret");
+	&ret	();
+
+&set_label("lot",16);
+	&test	("edx",3);
+	&jz	(&label("aligned"));
+	&mov	(&BP(0,"edx"),"al");
+	&lea	("ecx",&DWP(-1,"ecx"));
+	&lea	("edx",&DWP(1,"edx"));
+	&jmp	(&label("lot"));
+&set_label("aligned");
+	&mov	(&DWP(0,"edx"),"eax");
+	&lea	("ecx",&DWP(-4,"ecx"));
+	&test	("ecx",-4);
+	&lea	("edx",&DWP(4,"edx"));
+	&jnz	(&label("aligned"));
+	&cmp	("ecx",0);
+	&jne	(&label("little"));
+	&ret	();
+&function_end_B("OPENSSL_cleanse");
+
+&function_begin_B("CRYPTO_memcmp");
+	&push	("esi");
+	&push	("edi");
+	&mov	("esi",&wparam(0));
+	&mov	("edi",&wparam(1));
+	&mov	("ecx",&wparam(2));
+	&xor	("eax","eax");
+	&xor	("edx","edx");
+	&cmp	("ecx",0);
+	&je	(&label("no_data"));
+&set_label("loop");
+	&mov	("dl",&BP(0,"esi"));
+	&lea	("esi",&DWP(1,"esi"));
+	&xor	("dl",&BP(0,"edi"));
+	&lea	("edi",&DWP(1,"edi"));
+	&or	("al","dl");
+	&dec	("ecx");
+	&jnz	(&label("loop"));
+	&neg	("eax");
+	&shr	("eax",31);
+&set_label("no_data");
+	&pop	("edi");
+	&pop	("esi");
+	&ret	();
+&function_end_B("CRYPTO_memcmp");
+{
+my $lasttick = "esi";
+my $lastdiff = "ebx";
+my $out = "edi";
+my $cnt = "ecx";
+my $max = "ebp";
+
+&function_begin("OPENSSL_instrument_bus");
+    &mov	("eax",0);
+    if ($sse2) {
+	&picmeup("edx","OPENSSL_ia32cap_P");
+	&bt	(&DWP(0,"edx"),4);
+	&jnc	(&label("nogo"));	# no TSC
+	&bt	(&DWP(0,"edx"),19);
+	&jnc	(&label("nogo"));	# no CLFLUSH
+
+	&mov	($out,&wparam(0));	# load arguments
+	&mov	($cnt,&wparam(1));
+
+	# collect 1st tick
+	&rdtsc	();
+	&mov	($lasttick,"eax");	# lasttick = tick
+	&mov	($lastdiff,0);		# lastdiff = 0
+	&clflush(&DWP(0,$out));
+	&data_byte(0xf0);		# lock
+	&add	(&DWP(0,$out),$lastdiff);
+	&jmp	(&label("loop"));
+
+&set_label("loop",16);
+	&rdtsc	();
+	&mov	("edx","eax");		# put aside tick (yes, I neglect edx)
+	&sub	("eax",$lasttick);	# diff
+	&mov	($lasttick,"edx");	# lasttick = tick
+	&mov	($lastdiff,"eax");	# lastdiff = diff
+	&clflush(&DWP(0,$out));
+	&data_byte(0xf0);		# lock
+	&add	(&DWP(0,$out),"eax");	# accumulate diff
+	&lea	($out,&DWP(4,$out));	# ++$out
+	&sub	($cnt,1);		# --$cnt
+	&jnz	(&label("loop"));
+
+	&mov	("eax",&wparam(1));
+&set_label("nogo");
+    }
+&function_end("OPENSSL_instrument_bus");
+
+&function_begin("OPENSSL_instrument_bus2");
+    &mov	("eax",0);
+    if ($sse2) {
+	&picmeup("edx","OPENSSL_ia32cap_P");
+	&bt	(&DWP(0,"edx"),4);
+	&jnc	(&label("nogo"));	# no TSC
+	&bt	(&DWP(0,"edx"),19);
+	&jnc	(&label("nogo"));	# no CLFLUSH
+
+	&mov	($out,&wparam(0));	# load arguments
+	&mov	($cnt,&wparam(1));
+	&mov	($max,&wparam(2));
+
+	&rdtsc	();			# collect 1st tick
+	&mov	($lasttick,"eax");	# lasttick = tick
+	&mov	($lastdiff,0);		# lastdiff = 0
+
+	&clflush(&DWP(0,$out));
+	&data_byte(0xf0);		# lock
+	&add	(&DWP(0,$out),$lastdiff);
+
+	&rdtsc	();			# collect 1st diff
+	&mov	("edx","eax");		# put aside tick (yes, I neglect edx)
+	&sub	("eax",$lasttick);	# diff
+	&mov	($lasttick,"edx");	# lasttick = tick
+	&mov	($lastdiff,"eax");	# lastdiff = diff
+	&jmp	(&label("loop2"));
+
+&set_label("loop2",16);
+	&clflush(&DWP(0,$out));
+	&data_byte(0xf0);		# lock
+	&add	(&DWP(0,$out),"eax");	# accumulate diff
+
+	&sub	($max,1);
+	&jz	(&label("done2"));
+
+	&rdtsc	();
+	&mov	("edx","eax");		# put aside tick (yes, I neglect edx)
+	&sub	("eax",$lasttick);	# diff
+	&mov	($lasttick,"edx");	# lasttick = tick
+	&cmp	("eax",$lastdiff);
+	&mov	($lastdiff,"eax");	# lastdiff = diff
+	&mov	("edx",0);
+	&setne	("dl");
+	&sub	($cnt,"edx");		# conditional --$cnt
+	&lea	($out,&DWP(0,$out,"edx",4));	# conditional ++$out
+	&jnz	(&label("loop2"));
+
+&set_label("done2");
+	&mov	("eax",&wparam(1));
+	&sub	("eax",$cnt);
+&set_label("nogo");
+    }
+&function_end("OPENSSL_instrument_bus2");
+}
+
+sub gen_random {
+my $rdop = shift;
+&function_begin_B("OPENSSL_ia32_${rdop}_bytes");
+	&push	("edi");
+	&push	("ebx");
+	&xor	("eax","eax");		# return value
+	&mov	("edi",&wparam(0));
+	&mov	("ebx",&wparam(1));
+
+	&cmp	("ebx",0);
+	&je	(&label("done"));
+
+	&mov	("ecx",8);
+&set_label("loop");
+	&${rdop}("edx");
+	&jc	(&label("break"));
+	&loop	(&label("loop"));
+	&jmp	(&label("done"));
+
+&set_label("break",16);
+	&cmp	("ebx",4);
+	&jb	(&label("tail"));
+	&mov	(&DWP(0,"edi"),"edx");
+	&lea	("edi",&DWP(4,"edi"));
+	&add	("eax",4);
+	&sub	("ebx",4);
+	&jz	(&label("done"));
+	&mov	("ecx",8);
+	&jmp	(&label("loop"));
+
+&set_label("tail",16);
+	&mov	(&BP(0,"edi"),"dl");
+	&lea	("edi",&DWP(1,"edi"));
+	&inc	("eax");
+	&shr	("edx",8);
+	&dec	("ebx");
+	&jnz	(&label("tail"));
+
+&set_label("done");
+	&xor	("edx","edx");		# Clear random value from registers
+	&pop	("ebx");
+	&pop	("edi");
+	&ret	();
+&function_end_B("OPENSSL_ia32_${rdop}_bytes");
+}
+&gen_random("rdrand");
+&gen_random("rdseed");
+
+&initseg("OPENSSL_cpuid_setup");
+
+&hidden("OPENSSL_cpuid_setup");
+&hidden("OPENSSL_ia32cap_P");
+
+&asm_finish();
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/e_os.h b/trunk/3rdparty/openssl-1.1-fit/e_os.h
new file mode 100644
index 000000000..8e6efa961
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/e_os.h
@@ -0,0 +1,334 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_E_OS_H
+# define HEADER_E_OS_H
+
+# include <limits.h>
+# include <openssl/opensslconf.h>
+
+# include <openssl/e_os2.h>
+# include <openssl/crypto.h>
+# include "internal/nelem.h"
+
+/*
+ * <openssl/e_os2.h> contains what we can justify to make visible to the
+ * outside; this file e_os.h is not part of the exported interface.
+ */
+
+# ifndef DEVRANDOM
+/*
+ * set this to a comma-separated list of 'random' device files to try out. By
+ * default, we will try to read at least one of these files
+ */
+#  if defined(__s390__)
+#   define DEVRANDOM "/dev/prandom","/dev/urandom","/dev/hwrng","/dev/random"
+#  else
+#   define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom"
+#  endif
+# endif
+# if !defined(OPENSSL_NO_EGD) && !defined(DEVRANDOM_EGD)
+/*
+ * set this to a comma-separated list of 'egd' sockets to try out. These
+ * sockets will be tried in the order listed in case accessing the device
+ * files listed in DEVRANDOM did not return enough randomness.
+ */
+#  define DEVRANDOM_EGD "/var/run/egd-pool","/dev/egd-pool","/etc/egd-pool","/etc/entropy"
+# endif
+
+# if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)
+#  define NO_CHMOD
+#  define NO_SYSLOG
+# endif
+
+# define get_last_sys_error()    errno
+# define clear_sys_error()       errno=0
+# define set_sys_error(e)        errno=(e)
+
+/********************************************************************
+ The Microsoft section
+ ********************************************************************/
+# if defined(OPENSSL_SYS_WIN32) && !defined(WIN32)
+#  define WIN32
+# endif
+# if defined(OPENSSL_SYS_WINDOWS) && !defined(WINDOWS)
+#  define WINDOWS
+# endif
+# if defined(OPENSSL_SYS_MSDOS) && !defined(MSDOS)
+#  define MSDOS
+# endif
+
+# ifdef WIN32
+#  undef get_last_sys_error
+#  undef clear_sys_error
+#  undef set_sys_error
+#  define get_last_sys_error()    GetLastError()
+#  define clear_sys_error()       SetLastError(0)
+#  define set_sys_error(e)        SetLastError(e)
+#  if !defined(WINNT)
+#   define WIN_CONSOLE_BUG
+#  endif
+# else
+# endif
+
+# if (defined(WINDOWS) || defined(MSDOS))
+
+#  ifdef __DJGPP__
+#   include <unistd.h>
+#   include <sys/stat.h>
+#   define _setmode setmode
+#   define _O_TEXT O_TEXT
+#   define _O_BINARY O_BINARY
+#   define HAS_LFN_SUPPORT(name)  (pathconf((name), _PC_NAME_MAX) > 12)
+#   undef DEVRANDOM_EGD  /*  Neither MS-DOS nor FreeDOS provide 'egd' sockets.  */
+#   undef DEVRANDOM
+#   define DEVRANDOM "/dev/urandom\x24"
+#  endif                        /* __DJGPP__ */
+
+#  ifndef S_IFDIR
+#   define S_IFDIR     _S_IFDIR
+#  endif
+
+#  ifndef S_IFMT
+#   define S_IFMT      _S_IFMT
+#  endif
+
+#  if !defined(WINNT) && !defined(__DJGPP__)
+#   define NO_SYSLOG
+#  endif
+
+#  ifdef WINDOWS
+#   if !defined(_WIN32_WCE) && !defined(_WIN32_WINNT)
+       /*
+        * Defining _WIN32_WINNT here in e_os.h implies certain "discipline."
+        * Most notably we ought to check for availability of each specific
+        * routine that was introduced after denoted _WIN32_WINNT with
+        * GetProcAddress(). Normally newer functions are masked with higher
+        * _WIN32_WINNT in SDK headers. So that if you wish to use them in
+        * some module, you'd need to override _WIN32_WINNT definition in
+        * the target module in order to "reach for" prototypes, but replace
+        * calls to new functions with indirect calls. Alternatively it
+        * might be possible to achieve the goal by /DELAYLOAD-ing .DLLs
+        * and check for current OS version instead.
+        */
+#    define _WIN32_WINNT 0x0501
+#   endif
+#   if defined(_WIN32_WINNT) || defined(_WIN32_WCE)
+       /*
+        * Just like defining _WIN32_WINNT including winsock2.h implies
+        * certain "discipline" for maintaining [broad] binary compatibility.
+        * As long as structures are invariant among Winsock versions,
+        * it's sufficient to check for specific Winsock2 API availability
+        * at run-time [DSO_global_lookup is recommended]...
+        */
+#    include <winsock2.h>
+#    include <ws2tcpip.h>
+       /* yes, they have to be #included prior to <windows.h> */
+#   endif
+#   include <windows.h>
+#   include <stdio.h>
+#   include <stddef.h>
+#   include <errno.h>
+#   if defined(_WIN32_WCE) && !defined(EACCES)
+#    define EACCES   13
+#   endif
+#   include <string.h>
+#   ifdef _WIN64
+#    define strlen(s) _strlen31(s)
+/* cut strings to 2GB */
+static __inline unsigned int _strlen31(const char *str)
+{
+    unsigned int len = 0;
+    while (*str && len < 0x80000000U)
+        str++, len++;
+    return len & 0x7FFFFFFF;
+}
+#   endif
+#   include <malloc.h>
+#   if defined(_MSC_VER) && !defined(_WIN32_WCE) && !defined(_DLL) && defined(stdin)
+#    if _MSC_VER>=1300 && _MSC_VER<1600
+#     undef stdin
+#     undef stdout
+#     undef stderr
+FILE *__iob_func();
+#     define stdin  (&__iob_func()[0])
+#     define stdout (&__iob_func()[1])
+#     define stderr (&__iob_func()[2])
+#    elif _MSC_VER<1300 && defined(I_CAN_LIVE_WITH_LNK4049)
+#     undef stdin
+#     undef stdout
+#     undef stderr
+         /*
+          * pre-1300 has __p__iob(), but it's available only in msvcrt.lib,
+          * or in other words with /MD. Declaring implicit import, i.e. with
+          * _imp_ prefix, works correctly with all compiler options, but
+          * without /MD results in LINK warning LNK4049: 'locally defined
+          * symbol "__iob" imported'.
+          */
+extern FILE *_imp___iob;
+#     define stdin  (&_imp___iob[0])
+#     define stdout (&_imp___iob[1])
+#     define stderr (&_imp___iob[2])
+#    endif
+#   endif
+#  endif
+#  include <io.h>
+#  include <fcntl.h>
+
+#  ifdef OPENSSL_SYS_WINCE
+#   define OPENSSL_NO_POSIX_IO
+#  endif
+
+#  define EXIT(n) exit(n)
+#  define LIST_SEPARATOR_CHAR ';'
+#  ifndef W_OK
+#   define W_OK        2
+#  endif
+#  ifndef R_OK
+#   define R_OK        4
+#  endif
+#  ifdef OPENSSL_SYS_WINCE
+#   define DEFAULT_HOME  ""
+#  else
+#   define DEFAULT_HOME  "C:"
+#  endif
+
+/* Avoid Visual Studio 13 GetVersion deprecated problems */
+#  if defined(_MSC_VER) && _MSC_VER>=1800
+#   define check_winnt() (1)
+#   define check_win_minplat(x) (1)
+#  else
+#   define check_winnt() (GetVersion() < 0x80000000)
+#   define check_win_minplat(x) (LOBYTE(LOWORD(GetVersion())) >= (x))
+#  endif
+
+# else                          /* The non-microsoft world */
+
+#  if defined(OPENSSL_SYS_VXWORKS)
+#   include <sys/times.h>
+#  else
+#   include <sys/time.h>
+#  endif
+
+#  ifdef OPENSSL_SYS_VMS
+#   define VMS 1
+  /*
+   * some programs don't include stdlib, so exit() and others give implicit
+   * function warnings
+   */
+#   include <stdlib.h>
+#   if defined(__DECC)
+#    include <unistd.h>
+#   else
+#    include <unixlib.h>
+#   endif
+#   define LIST_SEPARATOR_CHAR ','
+  /* We don't have any well-defined random devices on VMS, yet... */
+#   undef DEVRANDOM
+  /*-
+     We need to do this since VMS has the following coding on status codes:
+
+     Bits 0-2: status type: 0 = warning, 1 = success, 2 = error, 3 = info ...
+               The important thing to know is that odd numbers are considered
+               good, while even ones are considered errors.
+     Bits 3-15: actual status number
+     Bits 16-27: facility number.  0 is considered "unknown"
+     Bits 28-31: control bits.  If bit 28 is set, the shell won't try to
+                 output the message (which, for random codes, just looks ugly)
+
+     So, what we do here is to change 0 to 1 to get the default success status,
+     and everything else is shifted up to fit into the status number field, and
+     the status is tagged as an error, which is what is wanted here.
+
+     Finally, we add the VMS C facility code 0x35a000, because there are some
+     programs, such as Perl, that will reinterpret the code back to something
+     POSIX.  'man perlvms' explains it further.
+
+     NOTE: the perlvms manual wants to turn all codes 2 to 255 into success
+     codes (status type = 1).  I couldn't disagree more.  Fortunately, the
+     status type doesn't seem to bother Perl.
+     -- Richard Levitte
+  */
+#   define EXIT(n)  exit((n) ? (((n) << 3) | 2 | 0x10000000 | 0x35a000) : 1)
+
+#   define DEFAULT_HOME "SYS$LOGIN:"
+
+#  else
+     /* !defined VMS */
+#   ifdef OPENSSL_UNISTD
+#    include OPENSSL_UNISTD
+#   else
+#    include <unistd.h>
+#   endif
+#   include <sys/types.h>
+#   ifdef OPENSSL_SYS_WIN32_CYGWIN
+#    include <io.h>
+#    include <fcntl.h>
+#   endif
+
+#   define LIST_SEPARATOR_CHAR ':'
+#   define EXIT(n)             exit(n)
+#  endif
+
+# endif
+
+/***********************************************/
+
+# if defined(OPENSSL_SYS_WINDOWS)
+#  define strcasecmp _stricmp
+#  define strncasecmp _strnicmp
+#  if (_MSC_VER >= 1310)
+#   define open _open
+#   define fdopen _fdopen
+#   define close _close
+#   ifndef strdup
+#    define strdup _strdup
+#   endif
+#   define unlink _unlink
+#   define fileno _fileno
+#  endif
+# else
+#  include <strings.h>
+# endif
+
+/* vxworks */
+# if defined(OPENSSL_SYS_VXWORKS)
+#  include <ioLib.h>
+#  include <tickLib.h>
+#  include <sysLib.h>
+#  include <vxWorks.h>
+#  include <sockLib.h>
+#  include <taskLib.h>
+
+#  define TTY_STRUCT int
+#  define sleep(a) taskDelay((a) * sysClkRateGet())
+
+/*
+ * NOTE: these are implemented by helpers in database app! if the database is
+ * not linked, we need to implement them elsewhere
+ */
+struct hostent *gethostbyname(const char *name);
+struct hostent *gethostbyaddr(const char *addr, int length, int type);
+struct servent *getservbyname(const char *name, const char *proto);
+
+# endif
+/* end vxworks */
+
+# ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+#  define CRYPTO_memcmp memcmp
+# endif
+
+/* unistd.h defines _POSIX_VERSION */
+# if !defined(OPENSSL_NO_SECURE_MEMORY) && defined(OPENSSL_SYS_UNIX) \
+     && ( (defined(_POSIX_VERSION) && _POSIX_VERSION >= 200112L)      \
+          || defined(__sun) || defined(__hpux) || defined(__sgi)      \
+          || defined(__osf__) )
+#  define OPENSSL_SECURE_MEMORY  /* secure memory is implemented */
+# endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/engines/asm/e_padlock-x86.pl b/trunk/3rdparty/openssl-1.1-fit/engines/asm/e_padlock-x86.pl
new file mode 100644
index 000000000..5b097ce3e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/engines/asm/e_padlock-x86.pl
@@ -0,0 +1,627 @@
+#! /usr/bin/env perl
+# Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# September 2011
+#
+# Assembler helpers for Padlock engine. Compared to original engine
+# version relying on inline assembler and compiled with gcc 3.4.6 it
+# was measured to provide ~100% improvement on misaligned data in ECB
+# mode and ~75% in CBC mode. For aligned data improvement can be
+# observed for short inputs only, e.g. 45% for 64-byte messages in
+# ECB mode, 20% in CBC. Difference in performance for aligned vs.
+# misaligned data depends on misalignment and is either ~1.8x or 2.9x.
+# These are approximately same factors as for hardware support, so
+# there is little reason to rely on the latter. On the contrary, it
+# might actually hurt performance in mixture of aligned and misaligned
+# buffers, because a) if you choose to flip 'align' flag in control
+# word on per-buffer basis, then you'd have to reload key context,
+# which incurs penalty; b) if you choose to set 'align' flag
+# permanently, it limits performance even for aligned data to ~1/2.
+# All above mentioned results were collected on 1.5GHz C7. Nano on the
+# other hand handles unaligned data more gracefully. Depending on
+# algorithm and how unaligned data is, hardware can be up to 70% more
+# efficient than below software alignment procedures, nor does 'align'
+# flag have affect on aligned performance [if has any meaning at all].
+# Therefore suggestion is to unconditionally set 'align' flag on Nano
+# for optimal performance.
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../crypto/perlasm");
+require "x86asm.pl";
+
+$output=pop;
+open STDOUT,">$output";
+
+&asm_init($ARGV[0]);
+
+%PADLOCK_PREFETCH=(ecb=>128, cbc=>64);	# prefetch errata
+$PADLOCK_CHUNK=512;	# Must be a power of 2 larger than 16
+
+$ctx="edx";
+$out="edi";
+$inp="esi";
+$len="ecx";
+$chunk="ebx";
+
+&function_begin_B("padlock_capability");
+	&push	("ebx");
+	&pushf	();
+	&pop	("eax");
+	&mov	("ecx","eax");
+	&xor	("eax",1<<21);
+	&push	("eax");
+	&popf	();
+	&pushf	();
+	&pop	("eax");
+	&xor	("ecx","eax");
+	&xor	("eax","eax");
+	&bt	("ecx",21);
+	&jnc	(&label("noluck"));
+	&cpuid	();
+	&xor	("eax","eax");
+	&cmp	("ebx","0x".unpack("H*",'tneC'));
+	&jne	(&label("zhaoxin"));
+	&cmp	("edx","0x".unpack("H*",'Hrua'));
+	&jne	(&label("noluck"));
+	&cmp	("ecx","0x".unpack("H*",'slua'));
+	&jne	(&label("noluck"));
+	&jmp	(&label("zhaoxinEnd"));
+&set_label("zhaoxin");
+	&cmp	("ebx","0x".unpack("H*",'hS  '));
+	&jne	(&label("noluck"));
+	&cmp	("edx","0x".unpack("H*",'hgna'));
+	&jne	(&label("noluck"));
+	&cmp	("ecx","0x".unpack("H*",'  ia'));
+	&jne	(&label("noluck"));
+&set_label("zhaoxinEnd");
+	&mov	("eax",0xC0000000);
+	&cpuid	();
+	&mov	("edx","eax");
+	&xor	("eax","eax");
+	&cmp	("edx",0xC0000001);
+	&jb	(&label("noluck"));
+	&mov	("eax",1);
+	&cpuid	();
+	&or	("eax",0x0f);
+	&xor	("ebx","ebx");
+	&and	("eax",0x0fff);
+	&cmp	("eax",0x06ff);		# check for Nano
+	&sete	("bl");
+	&mov	("eax",0xC0000001);
+	&push	("ebx");
+	&cpuid	();
+	&pop	("ebx");
+	&mov	("eax","edx");
+	&shl	("ebx",4);		# bit#4 denotes Nano
+	&and	("eax",0xffffffef);
+	&or	("eax","ebx")
+&set_label("noluck");
+	&pop	("ebx");
+	&ret	();
+&function_end_B("padlock_capability")
+
+&function_begin_B("padlock_key_bswap");
+	&mov	("edx",&wparam(0));
+	&mov	("ecx",&DWP(240,"edx"));
+&set_label("bswap_loop");
+	&mov	("eax",&DWP(0,"edx"));
+	&bswap	("eax");
+	&mov	(&DWP(0,"edx"),"eax");
+	&lea	("edx",&DWP(4,"edx"));
+	&sub	("ecx",1);
+	&jnz	(&label("bswap_loop"));
+	&ret	();
+&function_end_B("padlock_key_bswap");
+
+# This is heuristic key context tracing. At first one
+# believes that one should use atomic swap instructions,
+# but it's not actually necessary. Point is that if
+# padlock_saved_context was changed by another thread
+# after we've read it and before we compare it with ctx,
+# our key *shall* be reloaded upon thread context switch
+# and we are therefore set in either case...
+&static_label("padlock_saved_context");
+
+&function_begin_B("padlock_verify_context");
+	&mov	($ctx,&wparam(0));
+	&lea	("eax",($::win32 or $::coff) ? &DWP(&label("padlock_saved_context")) :
+		       &DWP(&label("padlock_saved_context")."-".&label("verify_pic_point")));
+	&pushf	();
+	&call	("_padlock_verify_ctx");
+&set_label("verify_pic_point");
+	&lea	("esp",&DWP(4,"esp"));
+	&ret	();
+&function_end_B("padlock_verify_context");
+
+&function_begin_B("_padlock_verify_ctx");
+	&add	("eax",&DWP(0,"esp")) if(!($::win32 or $::coff));# &padlock_saved_context
+	&bt	(&DWP(4,"esp"),30);		# eflags
+	&jnc	(&label("verified"));
+	&cmp	($ctx,&DWP(0,"eax"));
+	&je	(&label("verified"));
+	&pushf	();
+	&popf	();
+&set_label("verified");
+	&mov	(&DWP(0,"eax"),$ctx);
+	&ret	();
+&function_end_B("_padlock_verify_ctx");
+
+&function_begin_B("padlock_reload_key");
+	&pushf	();
+	&popf	();
+	&ret	();
+&function_end_B("padlock_reload_key");
+
+&function_begin_B("padlock_aes_block");
+	&push	("edi");
+	&push	("esi");
+	&push	("ebx");
+	&mov	($out,&wparam(0));		# must be 16-byte aligned
+	&mov	($inp,&wparam(1));		# must be 16-byte aligned
+	&mov	($ctx,&wparam(2));
+	&mov	($len,1);
+	&lea	("ebx",&DWP(32,$ctx));		# key
+	&lea	($ctx,&DWP(16,$ctx));		# control word
+	&data_byte(0xf3,0x0f,0xa7,0xc8);	# rep xcryptecb
+	&pop	("ebx");
+	&pop	("esi");
+	&pop	("edi");
+	&ret	();
+&function_end_B("padlock_aes_block");
+
+sub generate_mode {
+my ($mode,$opcode) = @_;
+# int padlock_$mode_encrypt(void *out, const void *inp,
+#		struct padlock_cipher_data *ctx, size_t len);
+&function_begin("padlock_${mode}_encrypt");
+	&mov	($out,&wparam(0));
+	&mov	($inp,&wparam(1));
+	&mov	($ctx,&wparam(2));
+	&mov	($len,&wparam(3));
+	&test	($ctx,15);
+	&jnz	(&label("${mode}_abort"));
+	&test	($len,15);
+	&jnz	(&label("${mode}_abort"));
+	&lea	("eax",($::win32 or $::coff) ? &DWP(&label("padlock_saved_context")) :
+		       &DWP(&label("padlock_saved_context")."-".&label("${mode}_pic_point")));
+	&pushf	();
+	&cld	();
+	&call	("_padlock_verify_ctx");
+&set_label("${mode}_pic_point");
+	&lea	($ctx,&DWP(16,$ctx));	# control word
+	&xor	("eax","eax");
+					if ($mode eq "ctr32") {
+	&movq	("mm0",&QWP(-16,$ctx));	# load [upper part of] counter
+					} else {
+	&xor	("ebx","ebx");
+	&test	(&DWP(0,$ctx),1<<5);	# align bit in control word
+	&jnz	(&label("${mode}_aligned"));
+	&test	($out,0x0f);
+	&setz	("al");			# !out_misaligned
+	&test	($inp,0x0f);
+	&setz	("bl");			# !inp_misaligned
+	&test	("eax","ebx");
+	&jnz	(&label("${mode}_aligned"));
+	&neg	("eax");
+					}
+	&mov	($chunk,$PADLOCK_CHUNK);
+	&not	("eax");		# out_misaligned?-1:0
+	&lea	("ebp",&DWP(-24,"esp"));
+	&cmp	($len,$chunk);
+	&cmovc	($chunk,$len);		# chunk=len>PADLOCK_CHUNK?PADLOCK_CHUNK:len
+	&and	("eax",$chunk);		# out_misaligned?chunk:0
+	&mov	($chunk,$len);
+	&neg	("eax");
+	&and	($chunk,$PADLOCK_CHUNK-1);	# chunk=len%PADLOCK_CHUNK
+	&lea	("esp",&DWP(0,"eax","ebp"));	# alloca
+	&mov	("eax",$PADLOCK_CHUNK);
+	&cmovz	($chunk,"eax");			# chunk=chunk?:PADLOCK_CHUNK
+	&mov	("eax","ebp");
+	&and	("ebp",-16);
+	&and	("esp",-16);
+	&mov	(&DWP(16,"ebp"),"eax");
+    if ($PADLOCK_PREFETCH{$mode}) {
+	&cmp	($len,$chunk);
+	&ja	(&label("${mode}_loop"));
+	&mov	("eax",$inp);		# check if prefetch crosses page
+	&cmp	("ebp","esp");
+	&cmove	("eax",$out);
+	&add	("eax",$len);
+	&neg	("eax");
+	&and	("eax",0xfff);		# distance to page boundary
+	&cmp	("eax",$PADLOCK_PREFETCH{$mode});
+	&mov	("eax",-$PADLOCK_PREFETCH{$mode});
+	&cmovae	("eax",$chunk);		# mask=distance<prefetch?-prefetch:-1
+	&and	($chunk,"eax");
+	&jz	(&label("${mode}_unaligned_tail"));
+    }
+	&jmp	(&label("${mode}_loop"));
+
+&set_label("${mode}_loop",16);
+	&mov	(&DWP(0,"ebp"),$out);		# save parameters
+	&mov	(&DWP(4,"ebp"),$inp);
+	&mov	(&DWP(8,"ebp"),$len);
+	&mov	($len,$chunk);
+	&mov	(&DWP(12,"ebp"),$chunk);	# chunk
+						if ($mode eq "ctr32") {
+	&mov	("ecx",&DWP(-4,$ctx));
+	&xor	($out,$out);
+	&mov	("eax",&DWP(-8,$ctx));		# borrow $len
+&set_label("${mode}_prepare");
+	&mov	(&DWP(12,"esp",$out),"ecx");
+	&bswap	("ecx");
+	&movq	(&QWP(0,"esp",$out),"mm0");
+	&inc	("ecx");
+	&mov	(&DWP(8,"esp",$out),"eax");
+	&bswap	("ecx");
+	&lea	($out,&DWP(16,$out));
+	&cmp	($out,$chunk);
+	&jb	(&label("${mode}_prepare"));
+
+	&mov	(&DWP(-4,$ctx),"ecx");
+	&lea	($inp,&DWP(0,"esp"));
+	&lea	($out,&DWP(0,"esp"));
+	&mov	($len,$chunk);
+						} else {
+	&test	($out,0x0f);			# out_misaligned
+	&cmovnz	($out,"esp");
+	&test	($inp,0x0f);			# inp_misaligned
+	&jz	(&label("${mode}_inp_aligned"));
+	&shr	($len,2);
+	&data_byte(0xf3,0xa5);			# rep movsl
+	&sub	($out,$chunk);
+	&mov	($len,$chunk);
+	&mov	($inp,$out);
+&set_label("${mode}_inp_aligned");
+						}
+	&lea	("eax",&DWP(-16,$ctx));		# ivp
+	&lea	("ebx",&DWP(16,$ctx));		# key
+	&shr	($len,4);			# len/=AES_BLOCK_SIZE
+	&data_byte(0xf3,0x0f,0xa7,$opcode);	# rep xcrypt*
+						if ($mode !~ /ecb|ctr/) {
+	&movaps	("xmm0",&QWP(0,"eax"));
+	&movaps	(&QWP(-16,$ctx),"xmm0");	# copy [or refresh] iv
+						}
+	&mov	($out,&DWP(0,"ebp"));		# restore parameters
+	&mov	($chunk,&DWP(12,"ebp"));
+						if ($mode eq "ctr32") {
+	&mov	($inp,&DWP(4,"ebp"));
+	&xor	($len,$len);
+&set_label("${mode}_xor");
+	&movups	("xmm1",&QWP(0,$inp,$len));
+	&lea	($len,&DWP(16,$len));
+	&pxor	("xmm1",&QWP(-16,"esp",$len));
+	&movups	(&QWP(-16,$out,$len),"xmm1");
+	&cmp	($len,$chunk);
+	&jb	(&label("${mode}_xor"));
+						} else {
+	&test	($out,0x0f);
+	&jz	(&label("${mode}_out_aligned"));
+	&mov	($len,$chunk);
+	&lea	($inp,&DWP(0,"esp"));
+	&shr	($len,2);
+	&data_byte(0xf3,0xa5);			# rep movsl
+	&sub	($out,$chunk);
+&set_label("${mode}_out_aligned");
+	&mov	($inp,&DWP(4,"ebp"));
+						}
+	&mov	($len,&DWP(8,"ebp"));
+	&add	($out,$chunk);
+	&add	($inp,$chunk);
+	&sub	($len,$chunk);
+	&mov	($chunk,$PADLOCK_CHUNK);
+    if (!$PADLOCK_PREFETCH{$mode}) {
+	&jnz	(&label("${mode}_loop"));
+    } else {
+	&jz	(&label("${mode}_break"));
+	&cmp	($len,$chunk);
+	&jae	(&label("${mode}_loop"));
+
+&set_label("${mode}_unaligned_tail");
+	&xor	("eax","eax");
+	&cmp	("esp","ebp");
+	&cmove	("eax",$len);
+	&sub	("esp","eax");			# alloca
+	&mov	("eax", $out);			# save parameters
+	&mov	($chunk,$len);
+	&shr	($len,2);
+	&lea	($out,&DWP(0,"esp"));
+	&data_byte(0xf3,0xa5);			# rep movsl
+	&mov	($inp,"esp");
+	&mov	($out,"eax");			# restore parameters
+	&mov	($len,$chunk);
+	&jmp	(&label("${mode}_loop"));
+
+&set_label("${mode}_break",16);
+    }
+						if ($mode ne "ctr32") {
+	&cmp	("esp","ebp");
+	&je	(&label("${mode}_done"));
+						}
+	&pxor	("xmm0","xmm0");
+	&lea	("eax",&DWP(0,"esp"));
+&set_label("${mode}_bzero");
+	&movaps	(&QWP(0,"eax"),"xmm0");
+	&lea	("eax",&DWP(16,"eax"));
+	&cmp	("ebp","eax");
+	&ja	(&label("${mode}_bzero"));
+
+&set_label("${mode}_done");
+	&mov	("ebp",&DWP(16,"ebp"));
+	&lea	("esp",&DWP(24,"ebp"));
+						if ($mode ne "ctr32") {
+	&jmp	(&label("${mode}_exit"));
+
+&set_label("${mode}_aligned",16);
+    if ($PADLOCK_PREFETCH{$mode}) {
+	&lea	("ebp",&DWP(0,$inp,$len));
+	&neg	("ebp");
+	&and	("ebp",0xfff);			# distance to page boundary
+	&xor	("eax","eax");
+	&cmp	("ebp",$PADLOCK_PREFETCH{$mode});
+	&mov	("ebp",$PADLOCK_PREFETCH{$mode}-1);
+	&cmovae	("ebp","eax");
+	&and	("ebp",$len);			# remainder
+	&sub	($len,"ebp");
+	&jz	(&label("${mode}_aligned_tail"));
+    }
+	&lea	("eax",&DWP(-16,$ctx));		# ivp
+	&lea	("ebx",&DWP(16,$ctx));		# key
+	&shr	($len,4);			# len/=AES_BLOCK_SIZE
+	&data_byte(0xf3,0x0f,0xa7,$opcode);	# rep xcrypt*
+						if ($mode ne "ecb") {
+	&movaps	("xmm0",&QWP(0,"eax"));
+	&movaps	(&QWP(-16,$ctx),"xmm0");	# copy [or refresh] iv
+						}
+    if ($PADLOCK_PREFETCH{$mode}) {
+	&test	("ebp","ebp");
+	&jz	(&label("${mode}_exit"));
+
+&set_label("${mode}_aligned_tail");
+	&mov	($len,"ebp");
+	&lea	("ebp",&DWP(-24,"esp"));
+	&mov	("esp","ebp");
+	&mov	("eax","ebp");
+	&sub	("esp",$len);
+	&and	("ebp",-16);
+	&and	("esp",-16);
+	&mov	(&DWP(16,"ebp"),"eax");
+	&mov	("eax", $out);			# save parameters
+	&mov	($chunk,$len);
+	&shr	($len,2);
+	&lea	($out,&DWP(0,"esp"));
+	&data_byte(0xf3,0xa5);			# rep movsl
+	&mov	($inp,"esp");
+	&mov	($out,"eax");			# restore parameters
+	&mov	($len,$chunk);
+	&jmp	(&label("${mode}_loop"));
+    }
+&set_label("${mode}_exit");			}
+	&mov	("eax",1);
+	&lea	("esp",&DWP(4,"esp"));		# popf
+	&emms	()				if ($mode eq "ctr32");
+&set_label("${mode}_abort");
+&function_end("padlock_${mode}_encrypt");
+}
+
+&generate_mode("ecb",0xc8);
+&generate_mode("cbc",0xd0);
+&generate_mode("cfb",0xe0);
+&generate_mode("ofb",0xe8);
+&generate_mode("ctr32",0xc8);	# yes, it implements own CTR with ECB opcode,
+				# because hardware CTR was introduced later
+				# and even has errata on certain C7 stepping.
+				# own implementation *always* works, though
+				# ~15% slower than dedicated hardware...
+
+&function_begin_B("padlock_xstore");
+	&push	("edi");
+	&mov	("edi",&wparam(0));
+	&mov	("edx",&wparam(1));
+	&data_byte(0x0f,0xa7,0xc0);		# xstore
+	&pop	("edi");
+	&ret	();
+&function_end_B("padlock_xstore");
+
+&function_begin_B("_win32_segv_handler");
+	&mov	("eax",1);			# ExceptionContinueSearch
+	&mov	("edx",&wparam(0));		# *ExceptionRecord
+	&mov	("ecx",&wparam(2));		# *ContextRecord
+	&cmp	(&DWP(0,"edx"),0xC0000005)	# ExceptionRecord->ExceptionCode == STATUS_ACCESS_VIOLATION
+	&jne	(&label("ret"));
+	&add	(&DWP(184,"ecx"),4);		# skip over rep sha*
+	&mov	("eax",0);			# ExceptionContinueExecution
+&set_label("ret");
+	&ret	();
+&function_end_B("_win32_segv_handler");
+&safeseh("_win32_segv_handler")			if ($::win32);
+
+&function_begin_B("padlock_sha1_oneshot");
+	&push	("edi");
+	&push	("esi");
+	&xor	("eax","eax");
+	&mov	("edi",&wparam(0));
+	&mov	("esi",&wparam(1));
+	&mov	("ecx",&wparam(2));
+    if ($::win32 or $::coff) {
+    	&push	(&::islabel("_win32_segv_handler"));
+	&data_byte(0x64,0xff,0x30);		# push	%fs:(%eax)
+	&data_byte(0x64,0x89,0x20);		# mov	%esp,%fs:(%eax)
+    }
+	&mov	("edx","esp");			# put aside %esp
+	&add	("esp",-128);			# 32 is enough but spec says 128
+	&movups	("xmm0",&QWP(0,"edi"));		# copy-in context
+	&and	("esp",-16);
+	&mov	("eax",&DWP(16,"edi"));
+	&movaps	(&QWP(0,"esp"),"xmm0");
+	&mov	("edi","esp");
+	&mov	(&DWP(16,"esp"),"eax");
+	&xor	("eax","eax");
+	&data_byte(0xf3,0x0f,0xa6,0xc8);	# rep xsha1
+	&movaps	("xmm0",&QWP(0,"esp"));
+	&mov	("eax",&DWP(16,"esp"));
+	&mov	("esp","edx");			# restore %esp
+    if ($::win32 or $::coff) {
+	&data_byte(0x64,0x8f,0x05,0,0,0,0);	# pop	%fs:0
+	&lea	("esp",&DWP(4,"esp"));
+    }
+	&mov	("edi",&wparam(0));
+	&movups	(&QWP(0,"edi"),"xmm0");		# copy-out context
+	&mov	(&DWP(16,"edi"),"eax");
+	&pop	("esi");
+	&pop	("edi");
+	&ret	();
+&function_end_B("padlock_sha1_oneshot");
+
+&function_begin_B("padlock_sha1_blocks");
+	&push	("edi");
+	&push	("esi");
+	&mov	("edi",&wparam(0));
+	&mov	("esi",&wparam(1));
+	&mov	("edx","esp");			# put aside %esp
+	&mov	("ecx",&wparam(2));
+	&add	("esp",-128);
+	&movups	("xmm0",&QWP(0,"edi"));		# copy-in context
+	&and	("esp",-16);
+	&mov	("eax",&DWP(16,"edi"));
+	&movaps	(&QWP(0,"esp"),"xmm0");
+	&mov	("edi","esp");
+	&mov	(&DWP(16,"esp"),"eax");
+	&mov	("eax",-1);
+	&data_byte(0xf3,0x0f,0xa6,0xc8);	# rep xsha1
+	&movaps	("xmm0",&QWP(0,"esp"));
+	&mov	("eax",&DWP(16,"esp"));
+	&mov	("esp","edx");			# restore %esp
+	&mov	("edi",&wparam(0));
+	&movups	(&QWP(0,"edi"),"xmm0");		# copy-out context
+	&mov	(&DWP(16,"edi"),"eax");
+ 	&pop	("esi");
+	&pop	("edi");
+	&ret	();
+&function_end_B("padlock_sha1_blocks");
+
+&function_begin_B("padlock_sha256_oneshot");
+	&push	("edi");
+	&push	("esi");
+	&xor	("eax","eax");
+	&mov	("edi",&wparam(0));
+	&mov	("esi",&wparam(1));
+	&mov	("ecx",&wparam(2));
+    if ($::win32 or $::coff) {
+    	&push	(&::islabel("_win32_segv_handler"));
+	&data_byte(0x64,0xff,0x30);		# push	%fs:(%eax)
+	&data_byte(0x64,0x89,0x20);		# mov	%esp,%fs:(%eax)
+    }
+	&mov	("edx","esp");			# put aside %esp
+	&add	("esp",-128);
+	&movups	("xmm0",&QWP(0,"edi"));		# copy-in context
+	&and	("esp",-16);
+	&movups	("xmm1",&QWP(16,"edi"));
+	&movaps	(&QWP(0,"esp"),"xmm0");
+	&mov	("edi","esp");
+	&movaps	(&QWP(16,"esp"),"xmm1");
+	&xor	("eax","eax");
+	&data_byte(0xf3,0x0f,0xa6,0xd0);	# rep xsha256
+	&movaps	("xmm0",&QWP(0,"esp"));
+	&movaps	("xmm1",&QWP(16,"esp"));
+	&mov	("esp","edx");			# restore %esp
+    if ($::win32 or $::coff) {
+	&data_byte(0x64,0x8f,0x05,0,0,0,0);	# pop	%fs:0
+	&lea	("esp",&DWP(4,"esp"));
+    }
+	&mov	("edi",&wparam(0));
+	&movups	(&QWP(0,"edi"),"xmm0");		# copy-out context
+	&movups	(&QWP(16,"edi"),"xmm1");
+	&pop	("esi");
+	&pop	("edi");
+	&ret	();
+&function_end_B("padlock_sha256_oneshot");
+
+&function_begin_B("padlock_sha256_blocks");
+	&push	("edi");
+	&push	("esi");
+	&mov	("edi",&wparam(0));
+	&mov	("esi",&wparam(1));
+	&mov	("ecx",&wparam(2));
+	&mov	("edx","esp");			# put aside %esp
+	&add	("esp",-128);
+	&movups	("xmm0",&QWP(0,"edi"));		# copy-in context
+	&and	("esp",-16);
+	&movups	("xmm1",&QWP(16,"edi"));
+	&movaps	(&QWP(0,"esp"),"xmm0");
+	&mov	("edi","esp");
+	&movaps	(&QWP(16,"esp"),"xmm1");
+	&mov	("eax",-1);
+	&data_byte(0xf3,0x0f,0xa6,0xd0);	# rep xsha256
+	&movaps	("xmm0",&QWP(0,"esp"));
+	&movaps	("xmm1",&QWP(16,"esp"));
+	&mov	("esp","edx");			# restore %esp
+	&mov	("edi",&wparam(0));
+	&movups	(&QWP(0,"edi"),"xmm0");		# copy-out context
+	&movups	(&QWP(16,"edi"),"xmm1");
+	&pop	("esi");
+	&pop	("edi");
+	&ret	();
+&function_end_B("padlock_sha256_blocks");
+
+&function_begin_B("padlock_sha512_blocks");
+	&push	("edi");
+	&push	("esi");
+	&mov	("edi",&wparam(0));
+	&mov	("esi",&wparam(1));
+	&mov	("ecx",&wparam(2));
+	&mov	("edx","esp");			# put aside %esp
+	&add	("esp",-128);
+	&movups	("xmm0",&QWP(0,"edi"));		# copy-in context
+	&and	("esp",-16);
+	&movups	("xmm1",&QWP(16,"edi"));
+	&movups	("xmm2",&QWP(32,"edi"));
+	&movups	("xmm3",&QWP(48,"edi"));
+	&movaps	(&QWP(0,"esp"),"xmm0");
+	&mov	("edi","esp");
+	&movaps	(&QWP(16,"esp"),"xmm1");
+	&movaps	(&QWP(32,"esp"),"xmm2");
+	&movaps	(&QWP(48,"esp"),"xmm3");
+	&data_byte(0xf3,0x0f,0xa6,0xe0);	# rep xsha512
+	&movaps	("xmm0",&QWP(0,"esp"));
+	&movaps	("xmm1",&QWP(16,"esp"));
+	&movaps	("xmm2",&QWP(32,"esp"));
+	&movaps	("xmm3",&QWP(48,"esp"));
+	&mov	("esp","edx");			# restore %esp
+	&mov	("edi",&wparam(0));
+	&movups	(&QWP(0,"edi"),"xmm0");		# copy-out context
+	&movups	(&QWP(16,"edi"),"xmm1");
+	&movups	(&QWP(32,"edi"),"xmm2");
+	&movups	(&QWP(48,"edi"),"xmm3");
+	&pop	("esi");
+	&pop	("edi");
+	&ret	();
+&function_end_B("padlock_sha512_blocks");
+
+&asciz	("VIA Padlock x86 module, CRYPTOGAMS by <appro\@openssl.org>");
+&align	(16);
+
+&dataseg();
+# Essentially this variable belongs in thread local storage.
+# Having this variable global on the other hand can only cause
+# few bogus key reloads [if any at all on signle-CPU system],
+# so we accept the penalty...
+&set_label("padlock_saved_context",4);
+&data_word(0);
+
+&asm_finish();
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/engines/asm/e_padlock-x86_64.pl b/trunk/3rdparty/openssl-1.1-fit/engines/asm/e_padlock-x86_64.pl
new file mode 100644
index 000000000..09b0aaa48
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/engines/asm/e_padlock-x86_64.pl
@@ -0,0 +1,583 @@
+#! /usr/bin/env perl
+# Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# September 2011
+#
+# Assembler helpers for Padlock engine. See even e_padlock-x86.pl for
+# details.
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../crypto/perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+$code=".text\n";
+
+%PADLOCK_PREFETCH=(ecb=>128, cbc=>64, ctr32=>32);	# prefetch errata
+$PADLOCK_CHUNK=512;	# Must be a power of 2 between 32 and 2^20
+
+$ctx="%rdx";
+$out="%rdi";
+$inp="%rsi";
+$len="%rcx";
+$chunk="%rbx";
+
+($arg1,$arg2,$arg3,$arg4)=$win64?("%rcx","%rdx","%r8", "%r9") : # Win64 order
+                                 ("%rdi","%rsi","%rdx","%rcx"); # Unix order
+
+$code.=<<___;
+.globl	padlock_capability
+.type	padlock_capability,\@abi-omnipotent
+.align	16
+padlock_capability:
+	mov	%rbx,%r8
+	xor	%eax,%eax
+	cpuid
+	xor	%eax,%eax
+	cmp	\$`"0x".unpack("H*",'tneC')`,%ebx
+	jne	.Lzhaoxin
+	cmp	\$`"0x".unpack("H*",'Hrua')`,%edx
+	jne	.Lnoluck
+	cmp	\$`"0x".unpack("H*",'slua')`,%ecx
+	jne	.Lnoluck
+	jmp	.LzhaoxinEnd
+.Lzhaoxin:
+	cmp	\$`"0x".unpack("H*",'hS  ')`,%ebx
+	jne	.Lnoluck
+	cmp	\$`"0x".unpack("H*",'hgna')`,%edx
+	jne	.Lnoluck
+	cmp	\$`"0x".unpack("H*",'  ia')`,%ecx
+	jne	.Lnoluck
+.LzhaoxinEnd:
+	mov	\$0xC0000000,%eax
+	cpuid
+	mov	%eax,%edx
+	xor	%eax,%eax
+	cmp	\$0xC0000001,%edx
+	jb	.Lnoluck
+	mov	\$0xC0000001,%eax
+	cpuid
+	mov	%edx,%eax
+	and	\$0xffffffef,%eax
+	or	\$0x10,%eax		# set Nano bit#4
+.Lnoluck:
+	mov	%r8,%rbx
+	ret
+.size	padlock_capability,.-padlock_capability
+
+.globl	padlock_key_bswap
+.type	padlock_key_bswap,\@abi-omnipotent,0
+.align	16
+padlock_key_bswap:
+	mov	240($arg1),%edx
+.Lbswap_loop:
+	mov	($arg1),%eax
+	bswap	%eax
+	mov	%eax,($arg1)
+	lea	4($arg1),$arg1
+	sub	\$1,%edx
+	jnz	.Lbswap_loop
+	ret
+.size	padlock_key_bswap,.-padlock_key_bswap
+
+.globl	padlock_verify_context
+.type	padlock_verify_context,\@abi-omnipotent
+.align	16
+padlock_verify_context:
+	mov	$arg1,$ctx
+	pushf
+	lea	.Lpadlock_saved_context(%rip),%rax
+	call	_padlock_verify_ctx
+	lea	8(%rsp),%rsp
+	ret
+.size	padlock_verify_context,.-padlock_verify_context
+
+.type	_padlock_verify_ctx,\@abi-omnipotent
+.align	16
+_padlock_verify_ctx:
+	mov	8(%rsp),%r8
+	bt	\$30,%r8
+	jnc	.Lverified
+	cmp	(%rax),$ctx
+	je	.Lverified
+	pushf
+	popf
+.Lverified:
+	mov	$ctx,(%rax)
+	ret
+.size	_padlock_verify_ctx,.-_padlock_verify_ctx
+
+.globl	padlock_reload_key
+.type	padlock_reload_key,\@abi-omnipotent
+.align	16
+padlock_reload_key:
+	pushf
+	popf
+	ret
+.size	padlock_reload_key,.-padlock_reload_key
+
+.globl	padlock_aes_block
+.type	padlock_aes_block,\@function,3
+.align	16
+padlock_aes_block:
+	mov	%rbx,%r8
+	mov	\$1,$len
+	lea	32($ctx),%rbx		# key
+	lea	16($ctx),$ctx		# control word
+	.byte	0xf3,0x0f,0xa7,0xc8	# rep xcryptecb
+	mov	%r8,%rbx
+	ret
+.size	padlock_aes_block,.-padlock_aes_block
+
+.globl	padlock_xstore
+.type	padlock_xstore,\@function,2
+.align	16
+padlock_xstore:
+	mov	%esi,%edx
+	.byte	0x0f,0xa7,0xc0		# xstore
+	ret
+.size	padlock_xstore,.-padlock_xstore
+
+.globl	padlock_sha1_oneshot
+.type	padlock_sha1_oneshot,\@function,3
+.align	16
+padlock_sha1_oneshot:
+	mov	%rdx,%rcx
+	mov	%rdi,%rdx		# put aside %rdi
+	movups	(%rdi),%xmm0		# copy-in context
+	sub	\$128+8,%rsp
+	mov	16(%rdi),%eax
+	movaps	%xmm0,(%rsp)
+	mov	%rsp,%rdi
+	mov	%eax,16(%rsp)
+	xor	%rax,%rax
+	.byte	0xf3,0x0f,0xa6,0xc8	# rep xsha1
+	movaps	(%rsp),%xmm0
+	mov	16(%rsp),%eax
+	add	\$128+8,%rsp
+	movups	%xmm0,(%rdx)		# copy-out context
+	mov	%eax,16(%rdx)
+	ret
+.size	padlock_sha1_oneshot,.-padlock_sha1_oneshot
+
+.globl	padlock_sha1_blocks
+.type	padlock_sha1_blocks,\@function,3
+.align	16
+padlock_sha1_blocks:
+	mov	%rdx,%rcx
+	mov	%rdi,%rdx		# put aside %rdi
+	movups	(%rdi),%xmm0		# copy-in context
+	sub	\$128+8,%rsp
+	mov	16(%rdi),%eax
+	movaps	%xmm0,(%rsp)
+	mov	%rsp,%rdi
+	mov	%eax,16(%rsp)
+	mov	\$-1,%rax
+	.byte	0xf3,0x0f,0xa6,0xc8	# rep xsha1
+	movaps	(%rsp),%xmm0
+	mov	16(%rsp),%eax
+	add	\$128+8,%rsp
+	movups	%xmm0,(%rdx)		# copy-out context
+	mov	%eax,16(%rdx)
+	ret
+.size	padlock_sha1_blocks,.-padlock_sha1_blocks
+
+.globl	padlock_sha256_oneshot
+.type	padlock_sha256_oneshot,\@function,3
+.align	16
+padlock_sha256_oneshot:
+	mov	%rdx,%rcx
+	mov	%rdi,%rdx		# put aside %rdi
+	movups	(%rdi),%xmm0		# copy-in context
+	sub	\$128+8,%rsp
+	movups	16(%rdi),%xmm1
+	movaps	%xmm0,(%rsp)
+	mov	%rsp,%rdi
+	movaps	%xmm1,16(%rsp)
+	xor	%rax,%rax
+	.byte	0xf3,0x0f,0xa6,0xd0	# rep xsha256
+	movaps	(%rsp),%xmm0
+	movaps	16(%rsp),%xmm1
+	add	\$128+8,%rsp
+	movups	%xmm0,(%rdx)		# copy-out context
+	movups	%xmm1,16(%rdx)
+	ret
+.size	padlock_sha256_oneshot,.-padlock_sha256_oneshot
+
+.globl	padlock_sha256_blocks
+.type	padlock_sha256_blocks,\@function,3
+.align	16
+padlock_sha256_blocks:
+	mov	%rdx,%rcx
+	mov	%rdi,%rdx		# put aside %rdi
+	movups	(%rdi),%xmm0		# copy-in context
+	sub	\$128+8,%rsp
+	movups	16(%rdi),%xmm1
+	movaps	%xmm0,(%rsp)
+	mov	%rsp,%rdi
+	movaps	%xmm1,16(%rsp)
+	mov	\$-1,%rax
+	.byte	0xf3,0x0f,0xa6,0xd0	# rep xsha256
+	movaps	(%rsp),%xmm0
+	movaps	16(%rsp),%xmm1
+	add	\$128+8,%rsp
+	movups	%xmm0,(%rdx)		# copy-out context
+	movups	%xmm1,16(%rdx)
+	ret
+.size	padlock_sha256_blocks,.-padlock_sha256_blocks
+
+.globl	padlock_sha512_blocks
+.type	padlock_sha512_blocks,\@function,3
+.align	16
+padlock_sha512_blocks:
+	mov	%rdx,%rcx
+	mov	%rdi,%rdx		# put aside %rdi
+	movups	(%rdi),%xmm0		# copy-in context
+	sub	\$128+8,%rsp
+	movups	16(%rdi),%xmm1
+	movups	32(%rdi),%xmm2
+	movups	48(%rdi),%xmm3
+	movaps	%xmm0,(%rsp)
+	mov	%rsp,%rdi
+	movaps	%xmm1,16(%rsp)
+	movaps	%xmm2,32(%rsp)
+	movaps	%xmm3,48(%rsp)
+	.byte	0xf3,0x0f,0xa6,0xe0	# rep xha512
+	movaps	(%rsp),%xmm0
+	movaps	16(%rsp),%xmm1
+	movaps	32(%rsp),%xmm2
+	movaps	48(%rsp),%xmm3
+	add	\$128+8,%rsp
+	movups	%xmm0,(%rdx)		# copy-out context
+	movups	%xmm1,16(%rdx)
+	movups	%xmm2,32(%rdx)
+	movups	%xmm3,48(%rdx)
+	ret
+.size	padlock_sha512_blocks,.-padlock_sha512_blocks
+___
+
+sub generate_mode {
+my ($mode,$opcode) = @_;
+# int padlock_$mode_encrypt(void *out, const void *inp,
+#		struct padlock_cipher_data *ctx, size_t len);
+$code.=<<___;
+.globl	padlock_${mode}_encrypt
+.type	padlock_${mode}_encrypt,\@function,4
+.align	16
+padlock_${mode}_encrypt:
+	push	%rbp
+	push	%rbx
+
+	xor	%eax,%eax
+	test	\$15,$ctx
+	jnz	.L${mode}_abort
+	test	\$15,$len
+	jnz	.L${mode}_abort
+	lea	.Lpadlock_saved_context(%rip),%rax
+	pushf
+	cld
+	call	_padlock_verify_ctx
+	lea	16($ctx),$ctx		# control word
+	xor	%eax,%eax
+	xor	%ebx,%ebx
+	testl	\$`1<<5`,($ctx)		# align bit in control word
+	jnz	.L${mode}_aligned
+	test	\$0x0f,$out
+	setz	%al			# !out_misaligned
+	test	\$0x0f,$inp
+	setz	%bl			# !inp_misaligned
+	test	%ebx,%eax
+	jnz	.L${mode}_aligned
+	neg	%rax
+	mov	\$$PADLOCK_CHUNK,$chunk
+	not	%rax			# out_misaligned?-1:0
+	lea	(%rsp),%rbp
+	cmp	$chunk,$len
+	cmovc	$len,$chunk		# chunk=len>PADLOCK_CHUNK?PADLOCK_CHUNK:len
+	and	$chunk,%rax		# out_misaligned?chunk:0
+	mov	$len,$chunk
+	neg	%rax
+	and	\$$PADLOCK_CHUNK-1,$chunk	# chunk%=PADLOCK_CHUNK
+	lea	(%rax,%rbp),%rsp
+	mov	\$$PADLOCK_CHUNK,%rax
+	cmovz	%rax,$chunk			# chunk=chunk?:PADLOCK_CHUNK
+___
+$code.=<<___				if ($mode eq "ctr32");
+.L${mode}_reenter:
+	mov	-4($ctx),%eax		# pull 32-bit counter
+	bswap	%eax
+	neg	%eax
+	and	\$`$PADLOCK_CHUNK/16-1`,%eax
+	mov	\$$PADLOCK_CHUNK,$chunk
+	shl	\$4,%eax
+	cmovz	$chunk,%rax
+	cmp	%rax,$len
+	cmova	%rax,$chunk		# don't let counter cross PADLOCK_CHUNK
+	cmovbe	$len,$chunk
+___
+$code.=<<___				if ($PADLOCK_PREFETCH{$mode});
+	cmp	$chunk,$len
+	ja	.L${mode}_loop
+	mov	$inp,%rax		# check if prefetch crosses page
+	cmp	%rsp,%rbp
+	cmove	$out,%rax
+	add	$len,%rax
+	neg	%rax
+	and	\$0xfff,%rax		# distance to page boundary
+	cmp	\$$PADLOCK_PREFETCH{$mode},%rax
+	mov	\$-$PADLOCK_PREFETCH{$mode},%rax
+	cmovae	$chunk,%rax		# mask=distance<prefetch?-prefetch:-1
+	and	%rax,$chunk
+	jz	.L${mode}_unaligned_tail
+___
+$code.=<<___;
+	jmp	.L${mode}_loop
+.align	16
+.L${mode}_loop:
+	cmp	$len,$chunk		# ctr32 artefact
+	cmova	$len,$chunk		# ctr32 artefact
+	mov	$out,%r8		# save parameters
+	mov	$inp,%r9
+	mov	$len,%r10
+	mov	$chunk,$len
+	mov	$chunk,%r11
+	test	\$0x0f,$out		# out_misaligned
+	cmovnz	%rsp,$out
+	test	\$0x0f,$inp		# inp_misaligned
+	jz	.L${mode}_inp_aligned
+	shr	\$3,$len
+	.byte	0xf3,0x48,0xa5		# rep movsq
+	sub	$chunk,$out
+	mov	$chunk,$len
+	mov	$out,$inp
+.L${mode}_inp_aligned:
+	lea	-16($ctx),%rax		# ivp
+	lea	16($ctx),%rbx		# key
+	shr	\$4,$len
+	.byte	0xf3,0x0f,0xa7,$opcode	# rep xcrypt*
+___
+$code.=<<___				if ($mode !~ /ecb|ctr/);
+	movdqa	(%rax),%xmm0
+	movdqa	%xmm0,-16($ctx)		# copy [or refresh] iv
+___
+$code.=<<___				if ($mode eq "ctr32");
+	mov	-4($ctx),%eax		# pull 32-bit counter
+	test	\$0xffff0000,%eax
+	jnz	.L${mode}_no_carry
+	bswap	%eax
+	add	\$0x10000,%eax
+	bswap	%eax
+	mov	%eax,-4($ctx)
+.L${mode}_no_carry:
+___
+$code.=<<___;
+	mov	%r8,$out		# restore parameters
+	mov	%r11,$chunk
+	test	\$0x0f,$out
+	jz	.L${mode}_out_aligned
+	mov	$chunk,$len
+	lea	(%rsp),$inp
+	shr	\$3,$len
+	.byte	0xf3,0x48,0xa5		# rep movsq
+	sub	$chunk,$out
+.L${mode}_out_aligned:
+	mov	%r9,$inp
+	mov	%r10,$len
+	add	$chunk,$out
+	add	$chunk,$inp
+	sub	$chunk,$len
+	mov	\$$PADLOCK_CHUNK,$chunk
+___
+					if (!$PADLOCK_PREFETCH{$mode}) {
+$code.=<<___;
+	jnz	.L${mode}_loop
+___
+					} else {
+$code.=<<___;
+	jz	.L${mode}_break
+	cmp	$chunk,$len
+	jae	.L${mode}_loop
+___
+$code.=<<___				if ($mode eq "ctr32");
+	mov	$len,$chunk
+	mov	$inp,%rax		# check if prefetch crosses page
+	cmp	%rsp,%rbp
+	cmove	$out,%rax
+	add	$len,%rax
+	neg	%rax
+	and	\$0xfff,%rax		# distance to page boundary
+	cmp	\$$PADLOCK_PREFETCH{$mode},%rax
+	mov	\$-$PADLOCK_PREFETCH{$mode},%rax
+	cmovae	$chunk,%rax
+	and	%rax,$chunk
+	jnz	.L${mode}_loop
+___
+$code.=<<___;
+.L${mode}_unaligned_tail:
+	xor	%eax,%eax
+	cmp	%rsp,%rbp
+	cmove	$len,%rax
+	mov	$out,%r8		# save parameters
+	mov	$len,$chunk
+	sub	%rax,%rsp		# alloca
+	shr	\$3,$len
+	lea	(%rsp),$out
+	.byte	0xf3,0x48,0xa5		# rep movsq
+	mov	%rsp,$inp
+	mov	%r8, $out		# restore parameters
+	mov	$chunk,$len
+	jmp	.L${mode}_loop
+.align	16
+.L${mode}_break:
+___
+					}
+$code.=<<___;
+	cmp	%rbp,%rsp
+	je	.L${mode}_done
+
+	pxor	%xmm0,%xmm0
+	lea	(%rsp),%rax
+.L${mode}_bzero:
+	movaps	%xmm0,(%rax)
+	lea	16(%rax),%rax
+	cmp	%rax,%rbp
+	ja	.L${mode}_bzero
+
+.L${mode}_done:
+	lea	(%rbp),%rsp
+	jmp	.L${mode}_exit
+
+.align	16
+.L${mode}_aligned:
+___
+$code.=<<___				if ($mode eq "ctr32");
+	mov	-4($ctx),%eax		# pull 32-bit counter
+	bswap	%eax
+	neg	%eax
+	and	\$0xffff,%eax
+	mov	\$`16*0x10000`,$chunk
+	shl	\$4,%eax
+	cmovz	$chunk,%rax
+	cmp	%rax,$len
+	cmova	%rax,$chunk		# don't let counter cross 2^16
+	cmovbe	$len,$chunk
+	jbe	.L${mode}_aligned_skip
+
+.L${mode}_aligned_loop:
+	mov	$len,%r10		# save parameters
+	mov	$chunk,$len
+	mov	$chunk,%r11
+
+	lea	-16($ctx),%rax		# ivp
+	lea	16($ctx),%rbx		# key
+	shr	\$4,$len		# len/=AES_BLOCK_SIZE
+	.byte	0xf3,0x0f,0xa7,$opcode	# rep xcrypt*
+
+	mov	-4($ctx),%eax		# pull 32-bit counter
+	bswap	%eax
+	add	\$0x10000,%eax
+	bswap	%eax
+	mov	%eax,-4($ctx)
+
+	mov	%r10,$len		# restore parameters
+	sub	%r11,$len
+	mov	\$`16*0x10000`,$chunk
+	jz	.L${mode}_exit
+	cmp	$chunk,$len
+	jae	.L${mode}_aligned_loop
+
+.L${mode}_aligned_skip:
+___
+$code.=<<___				if ($PADLOCK_PREFETCH{$mode});
+	lea	($inp,$len),%rbp
+	neg	%rbp
+	and	\$0xfff,%rbp		# distance to page boundary
+	xor	%eax,%eax
+	cmp	\$$PADLOCK_PREFETCH{$mode},%rbp
+	mov	\$$PADLOCK_PREFETCH{$mode}-1,%rbp
+	cmovae	%rax,%rbp
+	and	$len,%rbp		# remainder
+	sub	%rbp,$len
+	jz	.L${mode}_aligned_tail
+___
+$code.=<<___;
+	lea	-16($ctx),%rax		# ivp
+	lea	16($ctx),%rbx		# key
+	shr	\$4,$len		# len/=AES_BLOCK_SIZE
+	.byte	0xf3,0x0f,0xa7,$opcode	# rep xcrypt*
+___
+$code.=<<___				if ($mode !~ /ecb|ctr/);
+	movdqa	(%rax),%xmm0
+	movdqa	%xmm0,-16($ctx)		# copy [or refresh] iv
+___
+$code.=<<___				if ($PADLOCK_PREFETCH{$mode});
+	test	%rbp,%rbp		# check remainder
+	jz	.L${mode}_exit
+
+.L${mode}_aligned_tail:
+	mov	$out,%r8
+	mov	%rbp,$chunk
+	mov	%rbp,$len
+	lea	(%rsp),%rbp
+	sub	$len,%rsp
+	shr	\$3,$len
+	lea	(%rsp),$out
+	.byte	0xf3,0x48,0xa5		# rep movsq
+	lea	(%r8),$out
+	lea	(%rsp),$inp
+	mov	$chunk,$len
+	jmp	.L${mode}_loop
+___
+$code.=<<___;
+.L${mode}_exit:
+	mov	\$1,%eax
+	lea	8(%rsp),%rsp
+.L${mode}_abort:
+	pop	%rbx
+	pop	%rbp
+	ret
+.size	padlock_${mode}_encrypt,.-padlock_${mode}_encrypt
+___
+}
+
+&generate_mode("ecb",0xc8);
+&generate_mode("cbc",0xd0);
+&generate_mode("cfb",0xe0);
+&generate_mode("ofb",0xe8);
+&generate_mode("ctr32",0xd8);	# all 64-bit CPUs have working CTR...
+
+$code.=<<___;
+.asciz	"VIA Padlock x86_64 module, CRYPTOGAMS by <appro\@openssl.org>"
+.align	16
+.data
+.align	8
+.Lpadlock_saved_context:
+	.quad	0
+___
+$code =~ s/\`([^\`]*)\`/eval($1)/gem;
+
+print $code;
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/engines/build.info b/trunk/3rdparty/openssl-1.1-fit/engines/build.info
new file mode 100644
index 000000000..df173ea69
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/engines/build.info
@@ -0,0 +1,43 @@
+IF[{- !$disabled{"engine"} -}]
+
+  IF[{- $disabled{"dynamic-engine"} -}]
+    LIBS=../libcrypto
+    SOURCE[../libcrypto]=\
+            e_padlock.c {- $target{padlock_asm_src} -}
+    IF[{- !$disabled{capieng} -}]
+      SOURCE[../libcrypto]=e_capi.c
+    ENDIF
+    IF[{- !$disabled{afalgeng} -}]
+      SOURCE[../libcrypto]=e_afalg.c
+    ENDIF
+  ELSE
+    ENGINES=padlock
+    SOURCE[padlock]=e_padlock.c {- $target{padlock_asm_src} -}
+    DEPEND[padlock]=../libcrypto
+    INCLUDE[padlock]=../include
+    IF[{- !$disabled{capieng} -}]
+      ENGINES=capi
+      SOURCE[capi]=e_capi.c
+      DEPEND[capi]=../libcrypto
+      INCLUDE[capi]=../include
+    ENDIF
+    IF[{- !$disabled{afalgeng} -}]
+      ENGINES=afalg
+      SOURCE[afalg]=e_afalg.c
+      DEPEND[afalg]=../libcrypto
+      INCLUDE[afalg]= ../include
+    ENDIF
+
+    ENGINES_NO_INST=ossltest dasync
+    SOURCE[dasync]=e_dasync.c
+    DEPEND[dasync]=../libcrypto
+    INCLUDE[dasync]=../include
+    SOURCE[ossltest]=e_ossltest.c
+    DEPEND[ossltest]=../libcrypto
+    INCLUDE[ossltest]=../include
+  ENDIF
+
+  GENERATE[e_padlock-x86.s]=asm/e_padlock-x86.pl \
+        $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR)
+  GENERATE[e_padlock-x86_64.s]=asm/e_padlock-x86_64.pl $(PERLASM_SCHEME)
+ENDIF
diff --git a/trunk/3rdparty/openssl-1.1-fit/engines/e_afalg.c b/trunk/3rdparty/openssl-1.1-fit/engines/e_afalg.c
new file mode 100644
index 000000000..f09c396ed
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/engines/e_afalg.c
@@ -0,0 +1,870 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Required for vmsplice */
+#ifndef _GNU_SOURCE
+# define _GNU_SOURCE
+#endif
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <openssl/engine.h>
+#include <openssl/async.h>
+#include <openssl/err.h>
+#include "internal/nelem.h"
+
+#include <sys/socket.h>
+#include <linux/version.h>
+#define K_MAJ   4
+#define K_MIN1  1
+#define K_MIN2  0
+#if LINUX_VERSION_CODE < KERNEL_VERSION(K_MAJ, K_MIN1, K_MIN2) || \
+    !defined(AF_ALG)
+# ifndef PEDANTIC
+#  warning "AFALG ENGINE requires Kernel Headers >= 4.1.0"
+#  warning "Skipping Compilation of AFALG engine"
+# endif
+void engine_load_afalg_int(void);
+void engine_load_afalg_int(void)
+{
+}
+#else
+
+# include <linux/if_alg.h>
+# include <fcntl.h>
+# include <sys/utsname.h>
+
+# include <linux/aio_abi.h>
+# include <sys/syscall.h>
+# include <errno.h>
+
+# include "e_afalg.h"
+# include "e_afalg_err.c"
+
+# ifndef SOL_ALG
+#  define SOL_ALG 279
+# endif
+
+# ifdef ALG_ZERO_COPY
+#  ifndef SPLICE_F_GIFT
+#   define SPLICE_F_GIFT    (0x08)
+#  endif
+# endif
+
+# define ALG_AES_IV_LEN 16
+# define ALG_IV_LEN(len) (sizeof(struct af_alg_iv) + (len))
+# define ALG_OP_TYPE     unsigned int
+# define ALG_OP_LEN      (sizeof(ALG_OP_TYPE))
+
+#define ALG_MAX_SALG_NAME       64
+#define ALG_MAX_SALG_TYPE       14
+
+# ifdef OPENSSL_NO_DYNAMIC_ENGINE
+void engine_load_afalg_int(void);
+# endif
+
+/* Local Linkage Functions */
+static int afalg_init_aio(afalg_aio *aio);
+static int afalg_fin_cipher_aio(afalg_aio *ptr, int sfd,
+                                unsigned char *buf, size_t len);
+static int afalg_create_sk(afalg_ctx *actx, const char *ciphertype,
+                                const char *ciphername);
+static int afalg_destroy(ENGINE *e);
+static int afalg_init(ENGINE *e);
+static int afalg_finish(ENGINE *e);
+static const EVP_CIPHER *afalg_aes_cbc(int nid);
+static cbc_handles *get_cipher_handle(int nid);
+static int afalg_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+                         const int **nids, int nid);
+static int afalg_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc);
+static int afalg_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                           const unsigned char *in, size_t inl);
+static int afalg_cipher_cleanup(EVP_CIPHER_CTX *ctx);
+static int afalg_chk_platform(void);
+
+/* Engine Id and Name */
+static const char *engine_afalg_id = "afalg";
+static const char *engine_afalg_name = "AFALG engine support";
+
+static int afalg_cipher_nids[] = {
+    NID_aes_128_cbc,
+    NID_aes_192_cbc,
+    NID_aes_256_cbc,
+};
+
+static cbc_handles cbc_handle[] = {{AES_KEY_SIZE_128, NULL},
+                                    {AES_KEY_SIZE_192, NULL},
+                                    {AES_KEY_SIZE_256, NULL}};
+
+static ossl_inline int io_setup(unsigned n, aio_context_t *ctx)
+{
+    return syscall(__NR_io_setup, n, ctx);
+}
+
+static ossl_inline int eventfd(int n)
+{
+    return syscall(__NR_eventfd2, n, 0);
+}
+
+static ossl_inline int io_destroy(aio_context_t ctx)
+{
+    return syscall(__NR_io_destroy, ctx);
+}
+
+static ossl_inline int io_read(aio_context_t ctx, long n, struct iocb **iocb)
+{
+    return syscall(__NR_io_submit, ctx, n, iocb);
+}
+
+static ossl_inline int io_getevents(aio_context_t ctx, long min, long max,
+                               struct io_event *events,
+                               struct timespec *timeout)
+{
+    return syscall(__NR_io_getevents, ctx, min, max, events, timeout);
+}
+
+static void afalg_waitfd_cleanup(ASYNC_WAIT_CTX *ctx, const void *key,
+                                 OSSL_ASYNC_FD waitfd, void *custom)
+{
+    close(waitfd);
+}
+
+static int afalg_setup_async_event_notification(afalg_aio *aio)
+{
+    ASYNC_JOB *job;
+    ASYNC_WAIT_CTX *waitctx;
+    void *custom = NULL;
+    int ret;
+
+    if ((job = ASYNC_get_current_job()) != NULL) {
+        /* Async mode */
+        waitctx = ASYNC_get_wait_ctx(job);
+        if (waitctx == NULL) {
+            ALG_WARN("%s(%d): ASYNC_get_wait_ctx error", __FILE__, __LINE__);
+            return 0;
+        }
+        /* Get waitfd from ASYNC_WAIT_CTX if it is already set */
+        ret = ASYNC_WAIT_CTX_get_fd(waitctx, engine_afalg_id,
+                                    &aio->efd, &custom);
+        if (ret == 0) {
+            /*
+             * waitfd is not set in ASYNC_WAIT_CTX, create a new one
+             * and set it. efd will be signaled when AIO operation completes
+             */
+            aio->efd = eventfd(0);
+            if (aio->efd == -1) {
+                ALG_PERR("%s(%d): Failed to get eventfd : ", __FILE__,
+                         __LINE__);
+                AFALGerr(AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION,
+                         AFALG_R_EVENTFD_FAILED);
+                return 0;
+            }
+            ret = ASYNC_WAIT_CTX_set_wait_fd(waitctx, engine_afalg_id,
+                                             aio->efd, custom,
+                                             afalg_waitfd_cleanup);
+            if (ret == 0) {
+                ALG_WARN("%s(%d): Failed to set wait fd", __FILE__, __LINE__);
+                close(aio->efd);
+                return 0;
+            }
+            /* make fd non-blocking in async mode */
+            if (fcntl(aio->efd, F_SETFL, O_NONBLOCK) != 0) {
+                ALG_WARN("%s(%d): Failed to set event fd as NONBLOCKING",
+                         __FILE__, __LINE__);
+            }
+        }
+        aio->mode = MODE_ASYNC;
+    } else {
+        /* Sync mode */
+        aio->efd = eventfd(0);
+        if (aio->efd == -1) {
+            ALG_PERR("%s(%d): Failed to get eventfd : ", __FILE__, __LINE__);
+            AFALGerr(AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION,
+                     AFALG_R_EVENTFD_FAILED);
+            return 0;
+        }
+        aio->mode = MODE_SYNC;
+    }
+    return 1;
+}
+
+static int afalg_init_aio(afalg_aio *aio)
+{
+    int r = -1;
+
+    /* Initialise for AIO */
+    aio->aio_ctx = 0;
+    r = io_setup(MAX_INFLIGHTS, &aio->aio_ctx);
+    if (r < 0) {
+        ALG_PERR("%s(%d): io_setup error : ", __FILE__, __LINE__);
+        AFALGerr(AFALG_F_AFALG_INIT_AIO, AFALG_R_IO_SETUP_FAILED);
+        return 0;
+    }
+
+    memset(aio->cbt, 0, sizeof(aio->cbt));
+    aio->efd = -1;
+    aio->mode = MODE_UNINIT;
+
+    return 1;
+}
+
+static int afalg_fin_cipher_aio(afalg_aio *aio, int sfd, unsigned char *buf,
+                                size_t len)
+{
+    int r;
+    int retry = 0;
+    unsigned int done = 0;
+    struct iocb *cb;
+    struct timespec timeout;
+    struct io_event events[MAX_INFLIGHTS];
+    u_int64_t eval = 0;
+
+    timeout.tv_sec = 0;
+    timeout.tv_nsec = 0;
+
+    /* if efd has not been initialised yet do it here */
+    if (aio->mode == MODE_UNINIT) {
+        r = afalg_setup_async_event_notification(aio);
+        if (r == 0)
+            return 0;
+    }
+
+    cb = &(aio->cbt[0 % MAX_INFLIGHTS]);
+    memset(cb, '\0', sizeof(*cb));
+    cb->aio_fildes = sfd;
+    cb->aio_lio_opcode = IOCB_CMD_PREAD;
+    /*
+     * The pointer has to be converted to unsigned value first to avoid
+     * sign extension on cast to 64 bit value in 32-bit builds
+     */
+    cb->aio_buf = (size_t)buf;
+    cb->aio_offset = 0;
+    cb->aio_data = 0;
+    cb->aio_nbytes = len;
+    cb->aio_flags = IOCB_FLAG_RESFD;
+    cb->aio_resfd = aio->efd;
+
+    /*
+     * Perform AIO read on AFALG socket, this in turn performs an async
+     * crypto operation in kernel space
+     */
+    r = io_read(aio->aio_ctx, 1, &cb);
+    if (r < 0) {
+        ALG_PWARN("%s(%d): io_read failed : ", __FILE__, __LINE__);
+        return 0;
+    }
+
+    do {
+        /* While AIO read is being performed pause job */
+        ASYNC_pause_job();
+
+        /* Check for completion of AIO read */
+        r = read(aio->efd, &eval, sizeof(eval));
+        if (r < 0) {
+            if (errno == EAGAIN || errno == EWOULDBLOCK)
+                continue;
+            ALG_PERR("%s(%d): read failed for event fd : ", __FILE__, __LINE__);
+            return 0;
+        } else if (r == 0 || eval <= 0) {
+            ALG_WARN("%s(%d): eventfd read %d bytes, eval = %lu\n", __FILE__,
+                     __LINE__, r, eval);
+        }
+        if (eval > 0) {
+
+            /* Get results of AIO read */
+            r = io_getevents(aio->aio_ctx, 1, MAX_INFLIGHTS,
+                             events, &timeout);
+            if (r > 0) {
+                /*
+                 * events.res indicates the actual status of the operation.
+                 * Handle the error condition first.
+                 */
+                if (events[0].res < 0) {
+                    /*
+                     * Underlying operation cannot be completed at the time
+                     * of previous submission. Resubmit for the operation.
+                     */
+                    if (events[0].res == -EBUSY && retry++ < 3) {
+                        r = io_read(aio->aio_ctx, 1, &cb);
+                        if (r < 0) {
+                            ALG_PERR("%s(%d): retry %d for io_read failed : ",
+                                     __FILE__, __LINE__, retry);
+                            return 0;
+                        }
+                        continue;
+                    } else {
+                        /*
+                         * Retries exceed for -EBUSY or unrecoverable error
+                         * condition for this instance of operation.
+                         */
+                        ALG_WARN
+                            ("%s(%d): Crypto Operation failed with code %lld\n",
+                             __FILE__, __LINE__, events[0].res);
+                        return 0;
+                    }
+                }
+                /* Operation successful. */
+                done = 1;
+            } else if (r < 0) {
+                ALG_PERR("%s(%d): io_getevents failed : ", __FILE__, __LINE__);
+                return 0;
+            } else {
+                ALG_WARN("%s(%d): io_geteventd read 0 bytes\n", __FILE__,
+                         __LINE__);
+            }
+        }
+    } while (!done);
+
+    return 1;
+}
+
+static ossl_inline void afalg_set_op_sk(struct cmsghdr *cmsg,
+                                   const ALG_OP_TYPE op)
+{
+    cmsg->cmsg_level = SOL_ALG;
+    cmsg->cmsg_type = ALG_SET_OP;
+    cmsg->cmsg_len = CMSG_LEN(ALG_OP_LEN);
+    memcpy(CMSG_DATA(cmsg), &op, ALG_OP_LEN);
+}
+
+static void afalg_set_iv_sk(struct cmsghdr *cmsg, const unsigned char *iv,
+                            const unsigned int len)
+{
+    struct af_alg_iv *aiv;
+
+    cmsg->cmsg_level = SOL_ALG;
+    cmsg->cmsg_type = ALG_SET_IV;
+    cmsg->cmsg_len = CMSG_LEN(ALG_IV_LEN(len));
+    aiv = (struct af_alg_iv *)CMSG_DATA(cmsg);
+    aiv->ivlen = len;
+    memcpy(aiv->iv, iv, len);
+}
+
+static ossl_inline int afalg_set_key(afalg_ctx *actx, const unsigned char *key,
+                                const int klen)
+{
+    int ret;
+    ret = setsockopt(actx->bfd, SOL_ALG, ALG_SET_KEY, key, klen);
+    if (ret < 0) {
+        ALG_PERR("%s(%d): Failed to set socket option : ", __FILE__, __LINE__);
+        AFALGerr(AFALG_F_AFALG_SET_KEY, AFALG_R_SOCKET_SET_KEY_FAILED);
+        return 0;
+    }
+    return 1;
+}
+
+static int afalg_create_sk(afalg_ctx *actx, const char *ciphertype,
+                                const char *ciphername)
+{
+    struct sockaddr_alg sa;
+    int r = -1;
+
+    actx->bfd = actx->sfd = -1;
+
+    memset(&sa, 0, sizeof(sa));
+    sa.salg_family = AF_ALG;
+    strncpy((char *) sa.salg_type, ciphertype, ALG_MAX_SALG_TYPE);
+    sa.salg_type[ALG_MAX_SALG_TYPE-1] = '\0';
+    strncpy((char *) sa.salg_name, ciphername, ALG_MAX_SALG_NAME);
+    sa.salg_name[ALG_MAX_SALG_NAME-1] = '\0';
+
+    actx->bfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
+    if (actx->bfd == -1) {
+        ALG_PERR("%s(%d): Failed to open socket : ", __FILE__, __LINE__);
+        AFALGerr(AFALG_F_AFALG_CREATE_SK, AFALG_R_SOCKET_CREATE_FAILED);
+        goto err;
+    }
+
+    r = bind(actx->bfd, (struct sockaddr *)&sa, sizeof(sa));
+    if (r < 0) {
+        ALG_PERR("%s(%d): Failed to bind socket : ", __FILE__, __LINE__);
+        AFALGerr(AFALG_F_AFALG_CREATE_SK, AFALG_R_SOCKET_BIND_FAILED);
+        goto err;
+    }
+
+    actx->sfd = accept(actx->bfd, NULL, 0);
+    if (actx->sfd < 0) {
+        ALG_PERR("%s(%d): Socket Accept Failed : ", __FILE__, __LINE__);
+        AFALGerr(AFALG_F_AFALG_CREATE_SK, AFALG_R_SOCKET_ACCEPT_FAILED);
+        goto err;
+    }
+
+    return 1;
+
+ err:
+    if (actx->bfd >= 0)
+        close(actx->bfd);
+    if (actx->sfd >= 0)
+        close(actx->sfd);
+    actx->bfd = actx->sfd = -1;
+    return 0;
+}
+
+static int afalg_start_cipher_sk(afalg_ctx *actx, const unsigned char *in,
+                                 size_t inl, const unsigned char *iv,
+                                 unsigned int enc)
+{
+    struct msghdr msg = { 0 };
+    struct cmsghdr *cmsg;
+    struct iovec iov;
+    ssize_t sbytes;
+# ifdef ALG_ZERO_COPY
+    int ret;
+# endif
+    char cbuf[CMSG_SPACE(ALG_IV_LEN(ALG_AES_IV_LEN)) + CMSG_SPACE(ALG_OP_LEN)];
+
+    memset(cbuf, 0, sizeof(cbuf));
+    msg.msg_control = cbuf;
+    msg.msg_controllen = sizeof(cbuf);
+
+    /*
+     * cipher direction (i.e. encrypt or decrypt) and iv are sent to the
+     * kernel as part of sendmsg()'s ancillary data
+     */
+    cmsg = CMSG_FIRSTHDR(&msg);
+    afalg_set_op_sk(cmsg, enc);
+    cmsg = CMSG_NXTHDR(&msg, cmsg);
+    afalg_set_iv_sk(cmsg, iv, ALG_AES_IV_LEN);
+
+    /* iov that describes input data */
+    iov.iov_base = (unsigned char *)in;
+    iov.iov_len = inl;
+
+    msg.msg_flags = MSG_MORE;
+
+# ifdef ALG_ZERO_COPY
+    /*
+     * ZERO_COPY mode
+     * Works best when buffer is 4k aligned
+     * OPENS: out of place processing (i.e. out != in)
+     */
+
+    /* Input data is not sent as part of call to sendmsg() */
+    msg.msg_iovlen = 0;
+    msg.msg_iov = NULL;
+
+    /* Sendmsg() sends iv and cipher direction to the kernel */
+    sbytes = sendmsg(actx->sfd, &msg, 0);
+    if (sbytes < 0) {
+        ALG_PERR("%s(%d): sendmsg failed for zero copy cipher operation : ",
+                 __FILE__, __LINE__);
+        return 0;
+    }
+
+    /*
+     * vmsplice and splice are used to pin the user space input buffer for
+     * kernel space processing avoiding copys from user to kernel space
+     */
+    ret = vmsplice(actx->zc_pipe[1], &iov, 1, SPLICE_F_GIFT);
+    if (ret < 0) {
+        ALG_PERR("%s(%d): vmsplice failed : ", __FILE__, __LINE__);
+        return 0;
+    }
+
+    ret = splice(actx->zc_pipe[0], NULL, actx->sfd, NULL, inl, 0);
+    if (ret < 0) {
+        ALG_PERR("%s(%d): splice failed : ", __FILE__, __LINE__);
+        return 0;
+    }
+# else
+    msg.msg_iovlen = 1;
+    msg.msg_iov = &iov;
+
+    /* Sendmsg() sends iv, cipher direction and input data to the kernel */
+    sbytes = sendmsg(actx->sfd, &msg, 0);
+    if (sbytes < 0) {
+        ALG_PERR("%s(%d): sendmsg failed for cipher operation : ", __FILE__,
+                 __LINE__);
+        return 0;
+    }
+
+    if (sbytes != (ssize_t) inl) {
+        ALG_WARN("Cipher operation send bytes %zd != inlen %zd\n", sbytes,
+                inl);
+        return 0;
+    }
+# endif
+
+    return 1;
+}
+
+static int afalg_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc)
+{
+    int ciphertype;
+    int ret;
+    afalg_ctx *actx;
+    char ciphername[ALG_MAX_SALG_NAME];
+
+    if (ctx == NULL || key == NULL) {
+        ALG_WARN("%s(%d): Null Parameter\n", __FILE__, __LINE__);
+        return 0;
+    }
+
+    if (EVP_CIPHER_CTX_cipher(ctx) == NULL) {
+        ALG_WARN("%s(%d): Cipher object NULL\n", __FILE__, __LINE__);
+        return 0;
+    }
+
+    actx = EVP_CIPHER_CTX_get_cipher_data(ctx);
+    if (actx == NULL) {
+        ALG_WARN("%s(%d): Cipher data NULL\n", __FILE__, __LINE__);
+        return 0;
+    }
+
+    ciphertype = EVP_CIPHER_CTX_nid(ctx);
+    switch (ciphertype) {
+    case NID_aes_128_cbc:
+    case NID_aes_192_cbc:
+    case NID_aes_256_cbc:
+        strncpy(ciphername, "cbc(aes)", ALG_MAX_SALG_NAME);
+        break;
+    default:
+        ALG_WARN("%s(%d): Unsupported Cipher type %d\n", __FILE__, __LINE__,
+                 ciphertype);
+        return 0;
+    }
+    ciphername[ALG_MAX_SALG_NAME-1]='\0';
+
+    if (ALG_AES_IV_LEN != EVP_CIPHER_CTX_iv_length(ctx)) {
+        ALG_WARN("%s(%d): Unsupported IV length :%d\n", __FILE__, __LINE__,
+                 EVP_CIPHER_CTX_iv_length(ctx));
+        return 0;
+    }
+
+    /* Setup AFALG socket for crypto processing */
+    ret = afalg_create_sk(actx, "skcipher", ciphername);
+    if (ret < 1)
+        return 0;
+
+
+    ret = afalg_set_key(actx, key, EVP_CIPHER_CTX_key_length(ctx));
+    if (ret < 1)
+        goto err;
+
+    /* Setup AIO ctx to allow async AFALG crypto processing */
+    if (afalg_init_aio(&actx->aio) == 0)
+        goto err;
+
+# ifdef ALG_ZERO_COPY
+    pipe(actx->zc_pipe);
+# endif
+
+    actx->init_done = MAGIC_INIT_NUM;
+
+    return 1;
+
+err:
+    close(actx->sfd);
+    close(actx->bfd);
+    return 0;
+}
+
+static int afalg_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                           const unsigned char *in, size_t inl)
+{
+    afalg_ctx *actx;
+    int ret;
+    char nxtiv[ALG_AES_IV_LEN] = { 0 };
+
+    if (ctx == NULL || out == NULL || in == NULL) {
+        ALG_WARN("NULL parameter passed to function %s(%d)\n", __FILE__,
+                 __LINE__);
+        return 0;
+    }
+
+    actx = (afalg_ctx *) EVP_CIPHER_CTX_get_cipher_data(ctx);
+    if (actx == NULL || actx->init_done != MAGIC_INIT_NUM) {
+        ALG_WARN("%s afalg ctx passed\n",
+                 ctx == NULL ? "NULL" : "Uninitialised");
+        return 0;
+    }
+
+    /*
+     * set iv now for decrypt operation as the input buffer can be
+     * overwritten for inplace operation where in = out.
+     */
+    if (EVP_CIPHER_CTX_encrypting(ctx) == 0) {
+        memcpy(nxtiv, in + (inl - ALG_AES_IV_LEN), ALG_AES_IV_LEN);
+    }
+
+    /* Send input data to kernel space */
+    ret = afalg_start_cipher_sk(actx, (unsigned char *)in, inl,
+                                EVP_CIPHER_CTX_iv(ctx),
+                                EVP_CIPHER_CTX_encrypting(ctx));
+    if (ret < 1) {
+        return 0;
+    }
+
+    /* Perform async crypto operation in kernel space */
+    ret = afalg_fin_cipher_aio(&actx->aio, actx->sfd, out, inl);
+    if (ret < 1)
+        return 0;
+
+    if (EVP_CIPHER_CTX_encrypting(ctx)) {
+        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), out + (inl - ALG_AES_IV_LEN),
+               ALG_AES_IV_LEN);
+    } else {
+        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), nxtiv, ALG_AES_IV_LEN);
+    }
+
+    return 1;
+}
+
+static int afalg_cipher_cleanup(EVP_CIPHER_CTX *ctx)
+{
+    afalg_ctx *actx;
+
+    if (ctx == NULL) {
+        ALG_WARN("NULL parameter passed to function %s(%d)\n", __FILE__,
+                 __LINE__);
+        return 0;
+    }
+
+    actx = (afalg_ctx *) EVP_CIPHER_CTX_get_cipher_data(ctx);
+    if (actx == NULL || actx->init_done != MAGIC_INIT_NUM) {
+        ALG_WARN("%s afalg ctx passed\n",
+                 ctx == NULL ? "NULL" : "Uninitialised");
+        return 0;
+    }
+
+    close(actx->sfd);
+    close(actx->bfd);
+# ifdef ALG_ZERO_COPY
+    close(actx->zc_pipe[0]);
+    close(actx->zc_pipe[1]);
+# endif
+    /* close efd in sync mode, async mode is closed in afalg_waitfd_cleanup() */
+    if (actx->aio.mode == MODE_SYNC)
+        close(actx->aio.efd);
+    io_destroy(actx->aio.aio_ctx);
+
+    return 1;
+}
+
+static cbc_handles *get_cipher_handle(int nid)
+{
+    switch (nid) {
+    case NID_aes_128_cbc:
+        return &cbc_handle[AES_CBC_128];
+    case NID_aes_192_cbc:
+        return &cbc_handle[AES_CBC_192];
+    case NID_aes_256_cbc:
+        return &cbc_handle[AES_CBC_256];
+    default:
+        return NULL;
+    }
+}
+
+static const EVP_CIPHER *afalg_aes_cbc(int nid)
+{
+    cbc_handles *cipher_handle = get_cipher_handle(nid);
+    if (cipher_handle->_hidden == NULL
+        && ((cipher_handle->_hidden =
+         EVP_CIPHER_meth_new(nid,
+                             AES_BLOCK_SIZE,
+                             cipher_handle->key_size)) == NULL
+        || !EVP_CIPHER_meth_set_iv_length(cipher_handle->_hidden,
+                                          AES_IV_LEN)
+        || !EVP_CIPHER_meth_set_flags(cipher_handle->_hidden,
+                                      EVP_CIPH_CBC_MODE |
+                                      EVP_CIPH_FLAG_DEFAULT_ASN1)
+        || !EVP_CIPHER_meth_set_init(cipher_handle->_hidden,
+                                     afalg_cipher_init)
+        || !EVP_CIPHER_meth_set_do_cipher(cipher_handle->_hidden,
+                                          afalg_do_cipher)
+        || !EVP_CIPHER_meth_set_cleanup(cipher_handle->_hidden,
+                                        afalg_cipher_cleanup)
+        || !EVP_CIPHER_meth_set_impl_ctx_size(cipher_handle->_hidden,
+                                              sizeof(afalg_ctx)))) {
+        EVP_CIPHER_meth_free(cipher_handle->_hidden);
+        cipher_handle->_hidden= NULL;
+    }
+    return cipher_handle->_hidden;
+}
+
+static int afalg_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+                         const int **nids, int nid)
+{
+    int r = 1;
+
+    if (cipher == NULL) {
+        *nids = afalg_cipher_nids;
+        return (sizeof(afalg_cipher_nids) / sizeof(afalg_cipher_nids[0]));
+    }
+
+    switch (nid) {
+    case NID_aes_128_cbc:
+    case NID_aes_192_cbc:
+    case NID_aes_256_cbc:
+        *cipher = afalg_aes_cbc(nid);
+        break;
+    default:
+        *cipher = NULL;
+        r = 0;
+    }
+    return r;
+}
+
+static int bind_afalg(ENGINE *e)
+{
+    /* Ensure the afalg error handling is set up */
+    unsigned short i;
+    ERR_load_AFALG_strings();
+
+    if (!ENGINE_set_id(e, engine_afalg_id)
+        || !ENGINE_set_name(e, engine_afalg_name)
+        || !ENGINE_set_destroy_function(e, afalg_destroy)
+        || !ENGINE_set_init_function(e, afalg_init)
+        || !ENGINE_set_finish_function(e, afalg_finish)) {
+        AFALGerr(AFALG_F_BIND_AFALG, AFALG_R_INIT_FAILED);
+        return 0;
+    }
+
+    /*
+     * Create _hidden_aes_xxx_cbc by calling afalg_aes_xxx_cbc
+     * now, as bind_aflag can only be called by one thread at a
+     * time.
+     */
+    for(i = 0; i < OSSL_NELEM(afalg_cipher_nids); i++) {
+        if (afalg_aes_cbc(afalg_cipher_nids[i]) == NULL) {
+            AFALGerr(AFALG_F_BIND_AFALG, AFALG_R_INIT_FAILED);
+            return 0;
+        }
+    }
+
+    if (!ENGINE_set_ciphers(e, afalg_ciphers)) {
+        AFALGerr(AFALG_F_BIND_AFALG, AFALG_R_INIT_FAILED);
+        return 0;
+    }
+
+    return 1;
+}
+
+# ifndef OPENSSL_NO_DYNAMIC_ENGINE
+static int bind_helper(ENGINE *e, const char *id)
+{
+    if (id && (strcmp(id, engine_afalg_id) != 0))
+        return 0;
+
+    if (!afalg_chk_platform())
+        return 0;
+
+    if (!bind_afalg(e))
+        return 0;
+    return 1;
+}
+
+IMPLEMENT_DYNAMIC_CHECK_FN()
+    IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
+# endif
+
+static int afalg_chk_platform(void)
+{
+    int ret;
+    int i;
+    int kver[3] = { -1, -1, -1 };
+    int sock;
+    char *str;
+    struct utsname ut;
+
+    ret = uname(&ut);
+    if (ret != 0) {
+        AFALGerr(AFALG_F_AFALG_CHK_PLATFORM,
+                 AFALG_R_FAILED_TO_GET_PLATFORM_INFO);
+        return 0;
+    }
+
+    str = strtok(ut.release, ".");
+    for (i = 0; i < 3 && str != NULL; i++) {
+        kver[i] = atoi(str);
+        str = strtok(NULL, ".");
+    }
+
+    if (KERNEL_VERSION(kver[0], kver[1], kver[2])
+        < KERNEL_VERSION(K_MAJ, K_MIN1, K_MIN2)) {
+        ALG_ERR("ASYNC AFALG not supported this kernel(%d.%d.%d)\n",
+                 kver[0], kver[1], kver[2]);
+        ALG_ERR("ASYNC AFALG requires kernel version %d.%d.%d or later\n",
+                 K_MAJ, K_MIN1, K_MIN2);
+        AFALGerr(AFALG_F_AFALG_CHK_PLATFORM,
+                 AFALG_R_KERNEL_DOES_NOT_SUPPORT_ASYNC_AFALG);
+        return 0;
+    }
+
+    /* Test if we can actually create an AF_ALG socket */
+    sock = socket(AF_ALG, SOCK_SEQPACKET, 0);
+    if (sock == -1) {
+        AFALGerr(AFALG_F_AFALG_CHK_PLATFORM, AFALG_R_SOCKET_CREATE_FAILED);
+        return 0;
+    }
+    close(sock);
+
+    return 1;
+}
+
+# ifdef OPENSSL_NO_DYNAMIC_ENGINE
+static ENGINE *engine_afalg(void)
+{
+    ENGINE *ret = ENGINE_new();
+    if (ret == NULL)
+        return NULL;
+    if (!bind_afalg(ret)) {
+        ENGINE_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+void engine_load_afalg_int(void)
+{
+    ENGINE *toadd;
+
+    if (!afalg_chk_platform())
+        return;
+
+    toadd = engine_afalg();
+    if (toadd == NULL)
+        return;
+    ENGINE_add(toadd);
+    ENGINE_free(toadd);
+    ERR_clear_error();
+}
+# endif
+
+static int afalg_init(ENGINE *e)
+{
+    return 1;
+}
+
+static int afalg_finish(ENGINE *e)
+{
+    return 1;
+}
+
+static int free_cbc(void)
+{
+    short unsigned int i;
+    for(i = 0; i < OSSL_NELEM(afalg_cipher_nids); i++) {
+        EVP_CIPHER_meth_free(cbc_handle[i]._hidden);
+        cbc_handle[i]._hidden = NULL;
+    }
+    return 1;
+}
+
+static int afalg_destroy(ENGINE *e)
+{
+    ERR_unload_AFALG_strings();
+    free_cbc();
+    return 1;
+}
+
+#endif                          /* KERNEL VERSION */
diff --git a/trunk/3rdparty/openssl-1.1-fit/engines/e_afalg.ec b/trunk/3rdparty/openssl-1.1-fit/engines/e_afalg.ec
new file mode 100644
index 000000000..6d7420fe5
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/engines/e_afalg.ec
@@ -0,0 +1,3 @@
+# The INPUT HEADER is scanned for declarations
+# LIBNAME       INPUT HEADER                    ERROR-TABLE FILE
+L AFALG         e_afalg_err.h                   e_afalg_err.c
diff --git a/trunk/3rdparty/openssl-1.1-fit/engines/e_afalg.h b/trunk/3rdparty/openssl-1.1-fit/engines/e_afalg.h
new file mode 100644
index 000000000..2c03c448d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/engines/e_afalg.h
@@ -0,0 +1,95 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_AFALG_H
+# define HEADER_AFALG_H
+
+# if defined(__GNUC__) && __GNUC__ >= 4 && \
+     (!defined(__STDC_VERSION__) || __STDC_VERSION__ < 199901L)
+#  pragma GCC diagnostic ignored "-Wvariadic-macros"
+# endif
+
+# ifdef ALG_DEBUG
+#  define ALG_DGB(x, ...) fprintf(stderr, "ALG_DBG: " x, __VA_ARGS__)
+#  define ALG_INFO(x, ...) fprintf(stderr, "ALG_INFO: " x, __VA_ARGS__)
+#  define ALG_WARN(x, ...) fprintf(stderr, "ALG_WARN: " x, __VA_ARGS__)
+# else
+#  define ALG_DGB(x, ...)
+#  define ALG_INFO(x, ...)
+#  define ALG_WARN(x, ...)
+# endif
+
+# define ALG_ERR(x, ...) fprintf(stderr, "ALG_ERR: " x, __VA_ARGS__)
+# define ALG_PERR(x, ...) \
+                do { \
+                    fprintf(stderr, "ALG_PERR: " x, __VA_ARGS__); \
+                    perror(NULL); \
+                } while(0)
+# define ALG_PWARN(x, ...) \
+                do { \
+                    fprintf(stderr, "ALG_PERR: " x, __VA_ARGS__); \
+                    perror(NULL); \
+                } while(0)
+
+# ifndef AES_BLOCK_SIZE
+#  define AES_BLOCK_SIZE   16
+# endif
+# define AES_KEY_SIZE_128 16
+# define AES_KEY_SIZE_192 24
+# define AES_KEY_SIZE_256 32
+# define AES_IV_LEN       16
+
+# define MAX_INFLIGHTS 1
+
+typedef enum {
+    MODE_UNINIT = 0,
+    MODE_SYNC,
+    MODE_ASYNC
+} op_mode;
+
+enum {
+    AES_CBC_128 = 0,
+    AES_CBC_192,
+    AES_CBC_256
+};
+
+struct cbc_cipher_handles {
+    int key_size;
+    EVP_CIPHER *_hidden;
+};
+
+typedef struct cbc_cipher_handles cbc_handles;
+
+struct afalg_aio_st {
+    int efd;
+    op_mode mode;
+    aio_context_t aio_ctx;
+    struct io_event events[MAX_INFLIGHTS];
+    struct iocb cbt[MAX_INFLIGHTS];
+};
+typedef struct afalg_aio_st afalg_aio;
+
+/*
+ * MAGIC Number to identify correct initialisation
+ * of afalg_ctx.
+ */
+# define MAGIC_INIT_NUM 0x1890671
+
+struct afalg_ctx_st {
+    int init_done;
+    int sfd;
+    int bfd;
+# ifdef ALG_ZERO_COPY
+    int zc_pipe[2];
+# endif
+    afalg_aio aio;
+};
+
+typedef struct afalg_ctx_st afalg_ctx;
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/engines/e_afalg.txt b/trunk/3rdparty/openssl-1.1-fit/engines/e_afalg.txt
new file mode 100644
index 000000000..3b79305ac
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/engines/e_afalg.txt
@@ -0,0 +1,30 @@
+# Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# Function codes
+AFALG_F_AFALG_CHK_PLATFORM:100:afalg_chk_platform
+AFALG_F_AFALG_CREATE_SK:101:afalg_create_sk
+AFALG_F_AFALG_INIT_AIO:102:afalg_init_aio
+AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION:103:\
+	afalg_setup_async_event_notification
+AFALG_F_AFALG_SET_KEY:104:afalg_set_key
+AFALG_F_BIND_AFALG:105:bind_afalg
+
+#Reason codes
+AFALG_R_EVENTFD_FAILED:108:eventfd failed
+AFALG_R_FAILED_TO_GET_PLATFORM_INFO:111:failed to get platform info
+AFALG_R_INIT_FAILED:100:init failed
+AFALG_R_IO_SETUP_FAILED:105:io setup failed
+AFALG_R_KERNEL_DOES_NOT_SUPPORT_AFALG:101:kernel does not support afalg
+AFALG_R_KERNEL_DOES_NOT_SUPPORT_ASYNC_AFALG:107:\
+	kernel does not support async afalg
+AFALG_R_MEM_ALLOC_FAILED:102:mem alloc failed
+AFALG_R_SOCKET_ACCEPT_FAILED:110:socket accept failed
+AFALG_R_SOCKET_BIND_FAILED:103:socket bind failed
+AFALG_R_SOCKET_CREATE_FAILED:109:socket create failed
+AFALG_R_SOCKET_OPERATION_FAILED:104:socket operation failed
+AFALG_R_SOCKET_SET_KEY_FAILED:106:socket set key failed
diff --git a/trunk/3rdparty/openssl-1.1-fit/engines/e_afalg_err.c b/trunk/3rdparty/openssl-1.1-fit/engines/e_afalg_err.c
new file mode 100644
index 000000000..18fe9c34e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/engines/e_afalg_err.c
@@ -0,0 +1,83 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include "e_afalg_err.h"
+
+#ifndef OPENSSL_NO_ERR
+
+static ERR_STRING_DATA AFALG_str_functs[] = {
+    {ERR_PACK(0, AFALG_F_AFALG_CHK_PLATFORM, 0), "afalg_chk_platform"},
+    {ERR_PACK(0, AFALG_F_AFALG_CREATE_SK, 0), "afalg_create_sk"},
+    {ERR_PACK(0, AFALG_F_AFALG_INIT_AIO, 0), "afalg_init_aio"},
+    {ERR_PACK(0, AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION, 0),
+     "afalg_setup_async_event_notification"},
+    {ERR_PACK(0, AFALG_F_AFALG_SET_KEY, 0), "afalg_set_key"},
+    {ERR_PACK(0, AFALG_F_BIND_AFALG, 0), "bind_afalg"},
+    {0, NULL}
+};
+
+static ERR_STRING_DATA AFALG_str_reasons[] = {
+    {ERR_PACK(0, 0, AFALG_R_EVENTFD_FAILED), "eventfd failed"},
+    {ERR_PACK(0, 0, AFALG_R_FAILED_TO_GET_PLATFORM_INFO),
+    "failed to get platform info"},
+    {ERR_PACK(0, 0, AFALG_R_INIT_FAILED), "init failed"},
+    {ERR_PACK(0, 0, AFALG_R_IO_SETUP_FAILED), "io setup failed"},
+    {ERR_PACK(0, 0, AFALG_R_KERNEL_DOES_NOT_SUPPORT_AFALG),
+    "kernel does not support afalg"},
+    {ERR_PACK(0, 0, AFALG_R_KERNEL_DOES_NOT_SUPPORT_ASYNC_AFALG),
+    "kernel does not support async afalg"},
+    {ERR_PACK(0, 0, AFALG_R_MEM_ALLOC_FAILED), "mem alloc failed"},
+    {ERR_PACK(0, 0, AFALG_R_SOCKET_ACCEPT_FAILED), "socket accept failed"},
+    {ERR_PACK(0, 0, AFALG_R_SOCKET_BIND_FAILED), "socket bind failed"},
+    {ERR_PACK(0, 0, AFALG_R_SOCKET_CREATE_FAILED), "socket create failed"},
+    {ERR_PACK(0, 0, AFALG_R_SOCKET_OPERATION_FAILED),
+    "socket operation failed"},
+    {ERR_PACK(0, 0, AFALG_R_SOCKET_SET_KEY_FAILED), "socket set key failed"},
+    {0, NULL}
+};
+
+#endif
+
+static int lib_code = 0;
+static int error_loaded = 0;
+
+static int ERR_load_AFALG_strings(void)
+{
+    if (lib_code == 0)
+        lib_code = ERR_get_next_error_library();
+
+    if (!error_loaded) {
+#ifndef OPENSSL_NO_ERR
+        ERR_load_strings(lib_code, AFALG_str_functs);
+        ERR_load_strings(lib_code, AFALG_str_reasons);
+#endif
+        error_loaded = 1;
+    }
+    return 1;
+}
+
+static void ERR_unload_AFALG_strings(void)
+{
+    if (error_loaded) {
+#ifndef OPENSSL_NO_ERR
+        ERR_unload_strings(lib_code, AFALG_str_functs);
+        ERR_unload_strings(lib_code, AFALG_str_reasons);
+#endif
+        error_loaded = 0;
+    }
+}
+
+static void ERR_AFALG_error(int function, int reason, char *file, int line)
+{
+    if (lib_code == 0)
+        lib_code = ERR_get_next_error_library();
+    ERR_PUT_error(lib_code, function, reason, file, line);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/engines/e_afalg_err.h b/trunk/3rdparty/openssl-1.1-fit/engines/e_afalg_err.h
new file mode 100644
index 000000000..3eb1332bb
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/engines/e_afalg_err.h
@@ -0,0 +1,43 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_AFALGERR_H
+# define HEADER_AFALGERR_H
+
+# define AFALGerr(f, r) ERR_AFALG_error((f), (r), OPENSSL_FILE, OPENSSL_LINE)
+
+
+/*
+ * AFALG function codes.
+ */
+# define AFALG_F_AFALG_CHK_PLATFORM                       100
+# define AFALG_F_AFALG_CREATE_SK                          101
+# define AFALG_F_AFALG_INIT_AIO                           102
+# define AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION     103
+# define AFALG_F_AFALG_SET_KEY                            104
+# define AFALG_F_BIND_AFALG                               105
+
+/*
+ * AFALG reason codes.
+ */
+# define AFALG_R_EVENTFD_FAILED                           108
+# define AFALG_R_FAILED_TO_GET_PLATFORM_INFO              111
+# define AFALG_R_INIT_FAILED                              100
+# define AFALG_R_IO_SETUP_FAILED                          105
+# define AFALG_R_KERNEL_DOES_NOT_SUPPORT_AFALG            101
+# define AFALG_R_KERNEL_DOES_NOT_SUPPORT_ASYNC_AFALG      107
+# define AFALG_R_MEM_ALLOC_FAILED                         102
+# define AFALG_R_SOCKET_ACCEPT_FAILED                     110
+# define AFALG_R_SOCKET_BIND_FAILED                       103
+# define AFALG_R_SOCKET_CREATE_FAILED                     109
+# define AFALG_R_SOCKET_OPERATION_FAILED                  104
+# define AFALG_R_SOCKET_SET_KEY_FAILED                    106
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/engines/e_capi.c b/trunk/3rdparty/openssl-1.1-fit/engines/e_capi.c
new file mode 100644
index 000000000..37202b81f
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/engines/e_capi.c
@@ -0,0 +1,1904 @@
+/*
+ * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifdef _WIN32
+# ifndef _WIN32_WINNT
+#  define _WIN32_WINNT 0x0400
+# endif
+# include <windows.h>
+# include <wincrypt.h>
+
+# include <stdio.h>
+# include <string.h>
+# include <stdlib.h>
+# include <malloc.h>
+# ifndef alloca
+#  define alloca _alloca
+# endif
+
+# include <openssl/crypto.h>
+
+# ifndef OPENSSL_NO_CAPIENG
+
+#  include <openssl/buffer.h>
+#  include <openssl/bn.h>
+#  include <openssl/rsa.h>
+#  include <openssl/dsa.h>
+
+/*
+ * This module uses several "new" interfaces, among which is
+ * CertGetCertificateContextProperty. CERT_KEY_PROV_INFO_PROP_ID is
+ * one of possible values you can pass to function in question. By
+ * checking if it's defined we can see if wincrypt.h and accompanying
+ * crypt32.lib are in shape. The native MingW32 headers up to and
+ * including __W32API_VERSION 3.14 lack of struct DSSPUBKEY and the
+ * defines CERT_STORE_PROV_SYSTEM_A and CERT_STORE_READONLY_FLAG,
+ * so we check for these too and avoid compiling.
+ * Yes, it's rather "weak" test and if compilation fails,
+ * then re-configure with -DOPENSSL_NO_CAPIENG.
+ */
+#  if defined(CERT_KEY_PROV_INFO_PROP_ID) && \
+    defined(CERT_STORE_PROV_SYSTEM_A) && \
+    defined(CERT_STORE_READONLY_FLAG)
+#   define __COMPILE_CAPIENG
+#  endif                        /* CERT_KEY_PROV_INFO_PROP_ID */
+# endif                         /* OPENSSL_NO_CAPIENG */
+#endif                          /* _WIN32 */
+
+#ifdef __COMPILE_CAPIENG
+
+# undef X509_EXTENSIONS
+
+/* Definitions which may be missing from earlier version of headers */
+# ifndef CERT_STORE_OPEN_EXISTING_FLAG
+#  define CERT_STORE_OPEN_EXISTING_FLAG                   0x00004000
+# endif
+
+# ifndef CERT_STORE_CREATE_NEW_FLAG
+#  define CERT_STORE_CREATE_NEW_FLAG                      0x00002000
+# endif
+
+# ifndef CERT_SYSTEM_STORE_CURRENT_USER
+#  define CERT_SYSTEM_STORE_CURRENT_USER                  0x00010000
+# endif
+
+# ifndef ALG_SID_SHA_256
+#  define ALG_SID_SHA_256   12
+# endif
+# ifndef ALG_SID_SHA_384
+#  define ALG_SID_SHA_384   13
+# endif
+# ifndef ALG_SID_SHA_512
+#  define ALG_SID_SHA_512   14
+# endif
+
+# ifndef CALG_SHA_256
+#  define CALG_SHA_256      (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_256)
+# endif
+# ifndef CALG_SHA_384
+#  define CALG_SHA_384      (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_384)
+# endif
+# ifndef CALG_SHA_512
+#  define CALG_SHA_512      (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_512)
+# endif
+
+# ifndef PROV_RSA_AES
+#  define PROV_RSA_AES 24
+# endif
+
+# include <openssl/engine.h>
+# include <openssl/pem.h>
+# include <openssl/x509v3.h>
+
+# include "e_capi_err.h"
+# include "e_capi_err.c"
+
+static const char *engine_capi_id = "capi";
+static const char *engine_capi_name = "CryptoAPI ENGINE";
+
+typedef struct CAPI_CTX_st CAPI_CTX;
+typedef struct CAPI_KEY_st CAPI_KEY;
+
+static void capi_addlasterror(void);
+static void capi_adderror(DWORD err);
+
+static void CAPI_trace(CAPI_CTX *ctx, char *format, ...);
+
+static int capi_list_providers(CAPI_CTX *ctx, BIO *out);
+static int capi_list_containers(CAPI_CTX *ctx, BIO *out);
+int capi_list_certs(CAPI_CTX *ctx, BIO *out, char *storename);
+void capi_free_key(CAPI_KEY *key);
+
+static PCCERT_CONTEXT capi_find_cert(CAPI_CTX *ctx, const char *id,
+                                     HCERTSTORE hstore);
+
+CAPI_KEY *capi_find_key(CAPI_CTX *ctx, const char *id);
+
+static EVP_PKEY *capi_load_privkey(ENGINE *eng, const char *key_id,
+                                   UI_METHOD *ui_method, void *callback_data);
+static int capi_rsa_sign(int dtype, const unsigned char *m,
+                         unsigned int m_len, unsigned char *sigret,
+                         unsigned int *siglen, const RSA *rsa);
+static int capi_rsa_priv_enc(int flen, const unsigned char *from,
+                             unsigned char *to, RSA *rsa, int padding);
+static int capi_rsa_priv_dec(int flen, const unsigned char *from,
+                             unsigned char *to, RSA *rsa, int padding);
+static int capi_rsa_free(RSA *rsa);
+
+# ifndef OPENSSL_NO_DSA
+static DSA_SIG *capi_dsa_do_sign(const unsigned char *digest, int dlen,
+                                 DSA *dsa);
+static int capi_dsa_free(DSA *dsa);
+# endif
+
+static int capi_load_ssl_client_cert(ENGINE *e, SSL *ssl,
+                                     STACK_OF(X509_NAME) *ca_dn, X509 **pcert,
+                                     EVP_PKEY **pkey, STACK_OF(X509) **pother,
+                                     UI_METHOD *ui_method,
+                                     void *callback_data);
+
+static int cert_select_simple(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs);
+# ifdef OPENSSL_CAPIENG_DIALOG
+static int cert_select_dialog(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs);
+# endif
+
+void engine_load_capi_int(void);
+
+typedef PCCERT_CONTEXT(WINAPI *CERTDLG)(HCERTSTORE, HWND, LPCWSTR,
+                                        LPCWSTR, DWORD, DWORD, void *);
+typedef HWND(WINAPI *GETCONSWIN)(void);
+
+/*
+ * This structure contains CAPI ENGINE specific data: it contains various
+ * global options and affects how other functions behave.
+ */
+
+# define CAPI_DBG_TRACE  2
+# define CAPI_DBG_ERROR  1
+
+struct CAPI_CTX_st {
+    int debug_level;
+    char *debug_file;
+    /* Parameters to use for container lookup */
+    DWORD keytype;
+    LPSTR cspname;
+    DWORD csptype;
+    /* Certificate store name to use */
+    LPSTR storename;
+    LPSTR ssl_client_store;
+    /* System store flags */
+    DWORD store_flags;
+/* Lookup string meanings in load_private_key */
+# define CAPI_LU_SUBSTR          1  /* Substring of subject: uses "storename" */
+# define CAPI_LU_FNAME           2  /* Friendly name: uses storename */
+# define CAPI_LU_CONTNAME        3  /* Container name: uses cspname, keytype */
+    int lookup_method;
+/* Info to dump with dumpcerts option */
+# define CAPI_DMP_SUMMARY        0x1    /* Issuer and serial name strings */
+# define CAPI_DMP_FNAME          0x2    /* Friendly name */
+# define CAPI_DMP_FULL           0x4    /* Full X509_print dump */
+# define CAPI_DMP_PEM            0x8    /* Dump PEM format certificate */
+# define CAPI_DMP_PSKEY          0x10   /* Dump pseudo key (if possible) */
+# define CAPI_DMP_PKEYINFO       0x20   /* Dump key info (if possible) */
+    DWORD dump_flags;
+    int (*client_cert_select) (ENGINE *e, SSL *ssl, STACK_OF(X509) *certs);
+    CERTDLG certselectdlg;
+    GETCONSWIN getconswindow;
+};
+
+static CAPI_CTX *capi_ctx_new(void);
+static void capi_ctx_free(CAPI_CTX *ctx);
+static int capi_ctx_set_provname(CAPI_CTX *ctx, LPSTR pname, DWORD type,
+                                 int check);
+static int capi_ctx_set_provname_idx(CAPI_CTX *ctx, int idx);
+
+# define CAPI_CMD_LIST_CERTS             ENGINE_CMD_BASE
+# define CAPI_CMD_LOOKUP_CERT            (ENGINE_CMD_BASE + 1)
+# define CAPI_CMD_DEBUG_LEVEL            (ENGINE_CMD_BASE + 2)
+# define CAPI_CMD_DEBUG_FILE             (ENGINE_CMD_BASE + 3)
+# define CAPI_CMD_KEYTYPE                (ENGINE_CMD_BASE + 4)
+# define CAPI_CMD_LIST_CSPS              (ENGINE_CMD_BASE + 5)
+# define CAPI_CMD_SET_CSP_IDX            (ENGINE_CMD_BASE + 6)
+# define CAPI_CMD_SET_CSP_NAME           (ENGINE_CMD_BASE + 7)
+# define CAPI_CMD_SET_CSP_TYPE           (ENGINE_CMD_BASE + 8)
+# define CAPI_CMD_LIST_CONTAINERS        (ENGINE_CMD_BASE + 9)
+# define CAPI_CMD_LIST_OPTIONS           (ENGINE_CMD_BASE + 10)
+# define CAPI_CMD_LOOKUP_METHOD          (ENGINE_CMD_BASE + 11)
+# define CAPI_CMD_STORE_NAME             (ENGINE_CMD_BASE + 12)
+# define CAPI_CMD_STORE_FLAGS            (ENGINE_CMD_BASE + 13)
+
+static const ENGINE_CMD_DEFN capi_cmd_defns[] = {
+    {CAPI_CMD_LIST_CERTS,
+     "list_certs",
+     "List all certificates in store",
+     ENGINE_CMD_FLAG_NO_INPUT},
+    {CAPI_CMD_LOOKUP_CERT,
+     "lookup_cert",
+     "Lookup and output certificates",
+     ENGINE_CMD_FLAG_STRING},
+    {CAPI_CMD_DEBUG_LEVEL,
+     "debug_level",
+     "debug level (1=errors, 2=trace)",
+     ENGINE_CMD_FLAG_NUMERIC},
+    {CAPI_CMD_DEBUG_FILE,
+     "debug_file",
+     "debugging filename)",
+     ENGINE_CMD_FLAG_STRING},
+    {CAPI_CMD_KEYTYPE,
+     "key_type",
+     "Key type: 1=AT_KEYEXCHANGE (default), 2=AT_SIGNATURE",
+     ENGINE_CMD_FLAG_NUMERIC},
+    {CAPI_CMD_LIST_CSPS,
+     "list_csps",
+     "List all CSPs",
+     ENGINE_CMD_FLAG_NO_INPUT},
+    {CAPI_CMD_SET_CSP_IDX,
+     "csp_idx",
+     "Set CSP by index",
+     ENGINE_CMD_FLAG_NUMERIC},
+    {CAPI_CMD_SET_CSP_NAME,
+     "csp_name",
+     "Set CSP name, (default CSP used if not specified)",
+     ENGINE_CMD_FLAG_STRING},
+    {CAPI_CMD_SET_CSP_TYPE,
+     "csp_type",
+     "Set CSP type, (default RSA_PROV_FULL)",
+     ENGINE_CMD_FLAG_NUMERIC},
+    {CAPI_CMD_LIST_CONTAINERS,
+     "list_containers",
+     "list container names",
+     ENGINE_CMD_FLAG_NO_INPUT},
+    {CAPI_CMD_LIST_OPTIONS,
+     "list_options",
+     "Set list options (1=summary,2=friendly name, 4=full printout, 8=PEM output, 16=XXX, "
+     "32=private key info)",
+     ENGINE_CMD_FLAG_NUMERIC},
+    {CAPI_CMD_LOOKUP_METHOD,
+     "lookup_method",
+     "Set key lookup method (1=substring, 2=friendlyname, 3=container name)",
+     ENGINE_CMD_FLAG_NUMERIC},
+    {CAPI_CMD_STORE_NAME,
+     "store_name",
+     "certificate store name, default \"MY\"",
+     ENGINE_CMD_FLAG_STRING},
+    {CAPI_CMD_STORE_FLAGS,
+     "store_flags",
+     "Certificate store flags: 1 = system store",
+     ENGINE_CMD_FLAG_NUMERIC},
+
+    {0, NULL, NULL, 0}
+};
+
+static int capi_idx = -1;
+static int rsa_capi_idx = -1;
+static int dsa_capi_idx = -1;
+static int cert_capi_idx = -1;
+
+static int capi_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
+{
+    int ret = 1;
+    CAPI_CTX *ctx;
+    BIO *out;
+    LPSTR tmpstr;
+    if (capi_idx == -1) {
+        CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_ENGINE_NOT_INITIALIZED);
+        return 0;
+    }
+    ctx = ENGINE_get_ex_data(e, capi_idx);
+    out = BIO_new_fp(stdout, BIO_NOCLOSE);
+    if (out == NULL) {
+        CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_FILE_OPEN_ERROR);
+        return 0;
+    }
+    switch (cmd) {
+    case CAPI_CMD_LIST_CSPS:
+        ret = capi_list_providers(ctx, out);
+        break;
+
+    case CAPI_CMD_LIST_CERTS:
+        ret = capi_list_certs(ctx, out, NULL);
+        break;
+
+    case CAPI_CMD_LOOKUP_CERT:
+        ret = capi_list_certs(ctx, out, p);
+        break;
+
+    case CAPI_CMD_LIST_CONTAINERS:
+        ret = capi_list_containers(ctx, out);
+        break;
+
+    case CAPI_CMD_STORE_NAME:
+        tmpstr = OPENSSL_strdup(p);
+        if (tmpstr != NULL) {
+            OPENSSL_free(ctx->storename);
+            ctx->storename = tmpstr;
+            CAPI_trace(ctx, "Setting store name to %s\n", p);
+        } else {
+            CAPIerr(CAPI_F_CAPI_CTRL, ERR_R_MALLOC_FAILURE);
+            ret = 0;
+        }
+        break;
+
+    case CAPI_CMD_STORE_FLAGS:
+        if (i & 1) {
+            ctx->store_flags |= CERT_SYSTEM_STORE_LOCAL_MACHINE;
+            ctx->store_flags &= ~CERT_SYSTEM_STORE_CURRENT_USER;
+        } else {
+            ctx->store_flags |= CERT_SYSTEM_STORE_CURRENT_USER;
+            ctx->store_flags &= ~CERT_SYSTEM_STORE_LOCAL_MACHINE;
+        }
+        CAPI_trace(ctx, "Setting flags to %d\n", i);
+        break;
+
+    case CAPI_CMD_DEBUG_LEVEL:
+        ctx->debug_level = (int)i;
+        CAPI_trace(ctx, "Setting debug level to %d\n", ctx->debug_level);
+        break;
+
+    case CAPI_CMD_DEBUG_FILE:
+        tmpstr = OPENSSL_strdup(p);
+        if (tmpstr != NULL) {
+            ctx->debug_file = tmpstr;
+            CAPI_trace(ctx, "Setting debug file to %s\n", ctx->debug_file);
+        } else {
+            CAPIerr(CAPI_F_CAPI_CTRL, ERR_R_MALLOC_FAILURE);
+            ret = 0;
+        }
+        break;
+
+    case CAPI_CMD_KEYTYPE:
+        ctx->keytype = i;
+        CAPI_trace(ctx, "Setting key type to %d\n", ctx->keytype);
+        break;
+
+    case CAPI_CMD_SET_CSP_IDX:
+        ret = capi_ctx_set_provname_idx(ctx, i);
+        break;
+
+    case CAPI_CMD_LIST_OPTIONS:
+        ctx->dump_flags = i;
+        break;
+
+    case CAPI_CMD_LOOKUP_METHOD:
+        if (i < 1 || i > 3) {
+            CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_INVALID_LOOKUP_METHOD);
+            BIO_free(out);
+            return 0;
+        }
+        ctx->lookup_method = i;
+        break;
+
+    case CAPI_CMD_SET_CSP_NAME:
+        ret = capi_ctx_set_provname(ctx, p, ctx->csptype, 1);
+        break;
+
+    case CAPI_CMD_SET_CSP_TYPE:
+        ctx->csptype = i;
+        break;
+
+    default:
+        CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_UNKNOWN_COMMAND);
+        ret = 0;
+    }
+
+    BIO_free(out);
+    return ret;
+
+}
+
+static RSA_METHOD *capi_rsa_method = NULL;
+# ifndef OPENSSL_NO_DSA
+static DSA_METHOD *capi_dsa_method = NULL;
+# endif
+
+static int use_aes_csp = 0;
+static const WCHAR rsa_aes_cspname[] =
+    L"Microsoft Enhanced RSA and AES Cryptographic Provider";
+static const WCHAR rsa_enh_cspname[] =
+    L"Microsoft Enhanced Cryptographic Provider v1.0";
+
+static int capi_init(ENGINE *e)
+{
+    CAPI_CTX *ctx;
+    const RSA_METHOD *ossl_rsa_meth;
+# ifndef OPENSSL_NO_DSA
+    const DSA_METHOD *ossl_dsa_meth;
+# endif
+    HCRYPTPROV hprov;
+
+    if (capi_idx < 0) {
+        capi_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL, 0);
+        if (capi_idx < 0)
+            goto memerr;
+
+        cert_capi_idx = X509_get_ex_new_index(0, NULL, NULL, NULL, 0);
+
+        /* Setup RSA_METHOD */
+        rsa_capi_idx = RSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
+        ossl_rsa_meth = RSA_PKCS1_OpenSSL();
+        if (   !RSA_meth_set_pub_enc(capi_rsa_method,
+                                     RSA_meth_get_pub_enc(ossl_rsa_meth))
+            || !RSA_meth_set_pub_dec(capi_rsa_method,
+                                     RSA_meth_get_pub_dec(ossl_rsa_meth))
+            || !RSA_meth_set_priv_enc(capi_rsa_method, capi_rsa_priv_enc)
+            || !RSA_meth_set_priv_dec(capi_rsa_method, capi_rsa_priv_dec)
+            || !RSA_meth_set_mod_exp(capi_rsa_method,
+                                     RSA_meth_get_mod_exp(ossl_rsa_meth))
+            || !RSA_meth_set_bn_mod_exp(capi_rsa_method,
+                                        RSA_meth_get_bn_mod_exp(ossl_rsa_meth))
+            || !RSA_meth_set_finish(capi_rsa_method, capi_rsa_free)
+            || !RSA_meth_set_sign(capi_rsa_method, capi_rsa_sign)) {
+            goto memerr;
+        }
+
+# ifndef OPENSSL_NO_DSA
+        /* Setup DSA Method */
+        dsa_capi_idx = DSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
+        ossl_dsa_meth = DSA_OpenSSL();
+        if (   !DSA_meth_set_sign(capi_dsa_method, capi_dsa_do_sign)
+            || !DSA_meth_set_verify(capi_dsa_method,
+                                    DSA_meth_get_verify(ossl_dsa_meth))
+            || !DSA_meth_set_finish(capi_dsa_method, capi_dsa_free)
+            || !DSA_meth_set_mod_exp(capi_dsa_method,
+                                     DSA_meth_get_mod_exp(ossl_dsa_meth))
+            || !DSA_meth_set_bn_mod_exp(capi_dsa_method,
+                                    DSA_meth_get_bn_mod_exp(ossl_dsa_meth))) {
+            goto memerr;
+        }
+# endif
+    }
+
+    ctx = capi_ctx_new();
+    if (ctx == NULL)
+        goto memerr;
+
+    ENGINE_set_ex_data(e, capi_idx, ctx);
+
+# ifdef OPENSSL_CAPIENG_DIALOG
+    {
+        HMODULE cryptui = LoadLibrary(TEXT("CRYPTUI.DLL"));
+        HMODULE kernel = GetModuleHandle(TEXT("KERNEL32.DLL"));
+        if (cryptui)
+            ctx->certselectdlg =
+                (CERTDLG) GetProcAddress(cryptui,
+                                         "CryptUIDlgSelectCertificateFromStore");
+        if (kernel)
+            ctx->getconswindow =
+                (GETCONSWIN) GetProcAddress(kernel, "GetConsoleWindow");
+        if (cryptui && !OPENSSL_isservice())
+            ctx->client_cert_select = cert_select_dialog;
+    }
+# endif
+
+    /* See if there is RSA+AES CSP */
+    if (CryptAcquireContextW(&hprov, NULL, rsa_aes_cspname, PROV_RSA_AES,
+                             CRYPT_VERIFYCONTEXT)) {
+        use_aes_csp = 1;
+        CryptReleaseContext(hprov, 0);
+    }
+
+    return 1;
+
+ memerr:
+    CAPIerr(CAPI_F_CAPI_INIT, ERR_R_MALLOC_FAILURE);
+    return 0;
+
+    return 1;
+}
+
+static int capi_destroy(ENGINE *e)
+{
+    RSA_meth_free(capi_rsa_method);
+    capi_rsa_method = NULL;
+# ifndef OPENSSL_NO_DSA
+    DSA_meth_free(capi_dsa_method);
+    capi_dsa_method = NULL;
+# endif
+    ERR_unload_CAPI_strings();
+    return 1;
+}
+
+static int capi_finish(ENGINE *e)
+{
+    CAPI_CTX *ctx;
+    ctx = ENGINE_get_ex_data(e, capi_idx);
+    capi_ctx_free(ctx);
+    ENGINE_set_ex_data(e, capi_idx, NULL);
+    return 1;
+}
+
+/*
+ * CryptoAPI key application data. This contains a handle to the private key
+ * container (for sign operations) and a handle to the key (for decrypt
+ * operations).
+ */
+
+struct CAPI_KEY_st {
+    /* Associated certificate context (if any) */
+    PCCERT_CONTEXT pcert;
+    HCRYPTPROV hprov;
+    HCRYPTKEY key;
+    DWORD keyspec;
+};
+
+static int bind_capi(ENGINE *e)
+{
+    capi_rsa_method = RSA_meth_new("CryptoAPI RSA method", 0);
+    if (capi_rsa_method == NULL)
+        return 0;
+# ifndef OPENSSL_NO_DSA
+    capi_dsa_method = DSA_meth_new("CryptoAPI DSA method", 0);
+    if (capi_dsa_method == NULL)
+        goto memerr;
+# endif
+    if (!ENGINE_set_id(e, engine_capi_id)
+        || !ENGINE_set_name(e, engine_capi_name)
+        || !ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL)
+        || !ENGINE_set_init_function(e, capi_init)
+        || !ENGINE_set_finish_function(e, capi_finish)
+        || !ENGINE_set_destroy_function(e, capi_destroy)
+        || !ENGINE_set_RSA(e, capi_rsa_method)
+# ifndef OPENSSL_NO_DSA
+        || !ENGINE_set_DSA(e, capi_dsa_method)
+# endif
+        || !ENGINE_set_load_privkey_function(e, capi_load_privkey)
+        || !ENGINE_set_load_ssl_client_cert_function(e,
+                                                     capi_load_ssl_client_cert)
+        || !ENGINE_set_cmd_defns(e, capi_cmd_defns)
+        || !ENGINE_set_ctrl_function(e, capi_ctrl))
+        goto memerr;
+    ERR_load_CAPI_strings();
+
+    return 1;
+ memerr:
+    RSA_meth_free(capi_rsa_method);
+    capi_rsa_method = NULL;
+# ifndef OPENSSL_NO_DSA
+    DSA_meth_free(capi_dsa_method);
+    capi_dsa_method = NULL;
+# endif
+    return 0;
+}
+
+# ifndef OPENSSL_NO_DYNAMIC_ENGINE
+static int bind_helper(ENGINE *e, const char *id)
+{
+    if (id && (strcmp(id, engine_capi_id) != 0))
+        return 0;
+    if (!bind_capi(e))
+        return 0;
+    return 1;
+}
+
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
+# else
+static ENGINE *engine_capi(void)
+{
+    ENGINE *ret = ENGINE_new();
+    if (ret == NULL)
+        return NULL;
+    if (!bind_capi(ret)) {
+        ENGINE_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+void engine_load_capi_int(void)
+{
+    /* Copied from eng_[openssl|dyn].c */
+    ENGINE *toadd = engine_capi();
+    if (!toadd)
+        return;
+    ENGINE_add(toadd);
+    ENGINE_free(toadd);
+    ERR_clear_error();
+}
+# endif
+
+static int lend_tobn(BIGNUM *bn, unsigned char *bin, int binlen)
+{
+    int i;
+    /*
+     * Reverse buffer in place: since this is a keyblob structure that will
+     * be freed up after conversion anyway it doesn't matter if we change
+     * it.
+     */
+    for (i = 0; i < binlen / 2; i++) {
+        unsigned char c;
+        c = bin[i];
+        bin[i] = bin[binlen - i - 1];
+        bin[binlen - i - 1] = c;
+    }
+
+    if (!BN_bin2bn(bin, binlen, bn))
+        return 0;
+    return 1;
+}
+
+/* Given a CAPI_KEY get an EVP_PKEY structure */
+
+static EVP_PKEY *capi_get_pkey(ENGINE *eng, CAPI_KEY *key)
+{
+    unsigned char *pubkey = NULL;
+    DWORD len;
+    BLOBHEADER *bh;
+    RSA *rkey = NULL;
+    DSA *dkey = NULL;
+    EVP_PKEY *ret = NULL;
+    if (!CryptExportKey(key->key, 0, PUBLICKEYBLOB, 0, NULL, &len)) {
+        CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR);
+        capi_addlasterror();
+        return NULL;
+    }
+
+    pubkey = OPENSSL_malloc(len);
+
+    if (pubkey == NULL)
+        goto memerr;
+
+    if (!CryptExportKey(key->key, 0, PUBLICKEYBLOB, 0, pubkey, &len)) {
+        CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_PUBKEY_EXPORT_ERROR);
+        capi_addlasterror();
+        goto err;
+    }
+
+    bh = (BLOBHEADER *) pubkey;
+    if (bh->bType != PUBLICKEYBLOB) {
+        CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_INVALID_PUBLIC_KEY_BLOB);
+        goto err;
+    }
+    if (bh->aiKeyAlg == CALG_RSA_SIGN || bh->aiKeyAlg == CALG_RSA_KEYX) {
+        RSAPUBKEY *rp;
+        DWORD rsa_modlen;
+        BIGNUM *e = NULL, *n = NULL;
+        unsigned char *rsa_modulus;
+        rp = (RSAPUBKEY *) (bh + 1);
+        if (rp->magic != 0x31415352) {
+            char magstr[10];
+            BIO_snprintf(magstr, 10, "%lx", rp->magic);
+            CAPIerr(CAPI_F_CAPI_GET_PKEY,
+                    CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER);
+            ERR_add_error_data(2, "magic=0x", magstr);
+            goto err;
+        }
+        rsa_modulus = (unsigned char *)(rp + 1);
+        rkey = RSA_new_method(eng);
+        if (!rkey)
+            goto memerr;
+
+        e = BN_new();
+        n = BN_new();
+
+        if (e == NULL || n == NULL) {
+            BN_free(e);
+            BN_free(n);
+            goto memerr;
+        }
+
+        RSA_set0_key(rkey, n, e, NULL);
+
+        if (!BN_set_word(e, rp->pubexp))
+            goto memerr;
+
+        rsa_modlen = rp->bitlen / 8;
+        if (!lend_tobn(n, rsa_modulus, rsa_modlen))
+            goto memerr;
+
+        RSA_set_ex_data(rkey, rsa_capi_idx, key);
+
+        if ((ret = EVP_PKEY_new()) == NULL)
+            goto memerr;
+
+        EVP_PKEY_assign_RSA(ret, rkey);
+        rkey = NULL;
+
+# ifndef OPENSSL_NO_DSA
+    } else if (bh->aiKeyAlg == CALG_DSS_SIGN) {
+        DSSPUBKEY *dp;
+        DWORD dsa_plen;
+        unsigned char *btmp;
+        BIGNUM *p, *q, *g, *pub_key;
+        dp = (DSSPUBKEY *) (bh + 1);
+        if (dp->magic != 0x31535344) {
+            char magstr[10];
+            BIO_snprintf(magstr, 10, "%lx", dp->magic);
+            CAPIerr(CAPI_F_CAPI_GET_PKEY,
+                    CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER);
+            ERR_add_error_data(2, "magic=0x", magstr);
+            goto err;
+        }
+        dsa_plen = dp->bitlen / 8;
+        btmp = (unsigned char *)(dp + 1);
+        dkey = DSA_new_method(eng);
+        if (!dkey)
+            goto memerr;
+        p = BN_new();
+        q = BN_new();
+        g = BN_new();
+        pub_key = BN_new();
+        if (p == NULL || q == NULL || g == NULL || pub_key == NULL) {
+            BN_free(p);
+            BN_free(q);
+            BN_free(g);
+            BN_free(pub_key);
+            goto memerr;
+        }
+        DSA_set0_pqg(dkey, p, q, g);
+        DSA_set0_key(dkey, pub_key, NULL);
+        if (!lend_tobn(p, btmp, dsa_plen))
+            goto memerr;
+        btmp += dsa_plen;
+        if (!lend_tobn(q, btmp, 20))
+            goto memerr;
+        btmp += 20;
+        if (!lend_tobn(g, btmp, dsa_plen))
+            goto memerr;
+        btmp += dsa_plen;
+        if (!lend_tobn(pub_key, btmp, dsa_plen))
+            goto memerr;
+        btmp += dsa_plen;
+
+        DSA_set_ex_data(dkey, dsa_capi_idx, key);
+
+        if ((ret = EVP_PKEY_new()) == NULL)
+            goto memerr;
+
+        EVP_PKEY_assign_DSA(ret, dkey);
+        dkey = NULL;
+# endif
+    } else {
+        char algstr[10];
+        BIO_snprintf(algstr, 10, "%ux", bh->aiKeyAlg);
+        CAPIerr(CAPI_F_CAPI_GET_PKEY,
+                CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM);
+        ERR_add_error_data(2, "aiKeyAlg=0x", algstr);
+        goto err;
+    }
+
+ err:
+    OPENSSL_free(pubkey);
+    if (!ret) {
+        RSA_free(rkey);
+# ifndef OPENSSL_NO_DSA
+        DSA_free(dkey);
+# endif
+    }
+
+    return ret;
+
+ memerr:
+    CAPIerr(CAPI_F_CAPI_GET_PKEY, ERR_R_MALLOC_FAILURE);
+    goto err;
+
+}
+
+static EVP_PKEY *capi_load_privkey(ENGINE *eng, const char *key_id,
+                                   UI_METHOD *ui_method, void *callback_data)
+{
+    CAPI_CTX *ctx;
+    CAPI_KEY *key;
+    EVP_PKEY *ret;
+    ctx = ENGINE_get_ex_data(eng, capi_idx);
+
+    if (!ctx) {
+        CAPIerr(CAPI_F_CAPI_LOAD_PRIVKEY, CAPI_R_CANT_FIND_CAPI_CONTEXT);
+        return NULL;
+    }
+
+    key = capi_find_key(ctx, key_id);
+
+    if (!key)
+        return NULL;
+
+    ret = capi_get_pkey(eng, key);
+
+    if (!ret)
+        capi_free_key(key);
+    return ret;
+
+}
+
+/* CryptoAPI RSA operations */
+
+int capi_rsa_priv_enc(int flen, const unsigned char *from,
+                      unsigned char *to, RSA *rsa, int padding)
+{
+    CAPIerr(CAPI_F_CAPI_RSA_PRIV_ENC, CAPI_R_FUNCTION_NOT_SUPPORTED);
+    return -1;
+}
+
+int capi_rsa_sign(int dtype, const unsigned char *m, unsigned int m_len,
+                  unsigned char *sigret, unsigned int *siglen, const RSA *rsa)
+{
+    ALG_ID alg;
+    HCRYPTHASH hash;
+    DWORD slen;
+    unsigned int i;
+    int ret = -1;
+    CAPI_KEY *capi_key;
+    CAPI_CTX *ctx;
+
+    ctx = ENGINE_get_ex_data(RSA_get0_engine(rsa), capi_idx);
+
+    CAPI_trace(ctx, "Called CAPI_rsa_sign()\n");
+
+    capi_key = RSA_get_ex_data(rsa, rsa_capi_idx);
+    if (!capi_key) {
+        CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_GET_KEY);
+        return -1;
+    }
+    /* Convert the signature type to a CryptoAPI algorithm ID */
+    switch (dtype) {
+    case NID_sha256:
+        alg = CALG_SHA_256;
+        break;
+
+    case NID_sha384:
+        alg = CALG_SHA_384;
+        break;
+
+    case NID_sha512:
+        alg = CALG_SHA_512;
+        break;
+
+    case NID_sha1:
+        alg = CALG_SHA1;
+        break;
+
+    case NID_md5:
+        alg = CALG_MD5;
+        break;
+
+    case NID_md5_sha1:
+        alg = CALG_SSL3_SHAMD5;
+        break;
+    default:
+        {
+            char algstr[10];
+            BIO_snprintf(algstr, 10, "%x", dtype);
+            CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_UNSUPPORTED_ALGORITHM_NID);
+            ERR_add_error_data(2, "NID=0x", algstr);
+            return -1;
+        }
+    }
+
+    /* Create the hash object */
+    if (!CryptCreateHash(capi_key->hprov, alg, 0, 0, &hash)) {
+        CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_CREATE_HASH_OBJECT);
+        capi_addlasterror();
+        return -1;
+    }
+    /* Set the hash value to the value passed */
+
+    if (!CryptSetHashParam(hash, HP_HASHVAL, (unsigned char *)m, 0)) {
+        CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_SET_HASH_VALUE);
+        capi_addlasterror();
+        goto err;
+    }
+
+    /* Finally sign it */
+    slen = RSA_size(rsa);
+    if (!CryptSignHash(hash, capi_key->keyspec, NULL, 0, sigret, &slen)) {
+        CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_ERROR_SIGNING_HASH);
+        capi_addlasterror();
+        goto err;
+    } else {
+        ret = 1;
+        /* Inplace byte reversal of signature */
+        for (i = 0; i < slen / 2; i++) {
+            unsigned char c;
+            c = sigret[i];
+            sigret[i] = sigret[slen - i - 1];
+            sigret[slen - i - 1] = c;
+        }
+        *siglen = slen;
+    }
+
+    /* Now cleanup */
+
+ err:
+    CryptDestroyHash(hash);
+
+    return ret;
+}
+
+int capi_rsa_priv_dec(int flen, const unsigned char *from,
+                      unsigned char *to, RSA *rsa, int padding)
+{
+    int i;
+    unsigned char *tmpbuf;
+    CAPI_KEY *capi_key;
+    CAPI_CTX *ctx;
+    DWORD flags = 0;
+    DWORD dlen;
+
+    if (flen <= 0)
+        return flen;
+
+    ctx = ENGINE_get_ex_data(RSA_get0_engine(rsa), capi_idx);
+
+    CAPI_trace(ctx, "Called capi_rsa_priv_dec()\n");
+
+    capi_key = RSA_get_ex_data(rsa, rsa_capi_idx);
+    if (!capi_key) {
+        CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_CANT_GET_KEY);
+        return -1;
+    }
+
+    switch (padding) {
+    case RSA_PKCS1_PADDING:
+        /* Nothing to do */
+        break;
+#ifdef CRYPT_DECRYPT_RSA_NO_PADDING_CHECK
+    case RSA_NO_PADDING:
+        flags = CRYPT_DECRYPT_RSA_NO_PADDING_CHECK;
+        break;
+#endif
+    default:
+        {
+            char errstr[10];
+            BIO_snprintf(errstr, 10, "%d", padding);
+            CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_UNSUPPORTED_PADDING);
+            ERR_add_error_data(2, "padding=", errstr);
+            return -1;
+        }
+    }
+
+    /* Create temp reverse order version of input */
+    if ((tmpbuf = OPENSSL_malloc(flen)) == NULL) {
+        CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+    for (i = 0; i < flen; i++)
+        tmpbuf[flen - i - 1] = from[i];
+
+    /* Finally decrypt it */
+    dlen = flen;
+    if (!CryptDecrypt(capi_key->key, 0, TRUE, flags, tmpbuf, &dlen)) {
+        CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_DECRYPT_ERROR);
+        capi_addlasterror();
+        OPENSSL_cleanse(tmpbuf, dlen);
+        OPENSSL_free(tmpbuf);
+        return -1;
+    } else {
+        memcpy(to, tmpbuf, (flen = (int)dlen));
+    }
+    OPENSSL_cleanse(tmpbuf, flen);
+    OPENSSL_free(tmpbuf);
+
+    return flen;
+}
+
+static int capi_rsa_free(RSA *rsa)
+{
+    CAPI_KEY *capi_key;
+    capi_key = RSA_get_ex_data(rsa, rsa_capi_idx);
+    capi_free_key(capi_key);
+    RSA_set_ex_data(rsa, rsa_capi_idx, 0);
+    return 1;
+}
+
+# ifndef OPENSSL_NO_DSA
+/* CryptoAPI DSA operations */
+
+static DSA_SIG *capi_dsa_do_sign(const unsigned char *digest, int dlen,
+                                 DSA *dsa)
+{
+    HCRYPTHASH hash;
+    DWORD slen;
+    DSA_SIG *ret = NULL;
+    CAPI_KEY *capi_key;
+    CAPI_CTX *ctx;
+    unsigned char csigbuf[40];
+
+    ctx = ENGINE_get_ex_data(DSA_get0_engine(dsa), capi_idx);
+
+    CAPI_trace(ctx, "Called CAPI_dsa_do_sign()\n");
+
+    capi_key = DSA_get_ex_data(dsa, dsa_capi_idx);
+
+    if (!capi_key) {
+        CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_CANT_GET_KEY);
+        return NULL;
+    }
+
+    if (dlen != 20) {
+        CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_INVALID_DIGEST_LENGTH);
+        return NULL;
+    }
+
+    /* Create the hash object */
+    if (!CryptCreateHash(capi_key->hprov, CALG_SHA1, 0, 0, &hash)) {
+        CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_CANT_CREATE_HASH_OBJECT);
+        capi_addlasterror();
+        return NULL;
+    }
+
+    /* Set the hash value to the value passed */
+    if (!CryptSetHashParam(hash, HP_HASHVAL, (unsigned char *)digest, 0)) {
+        CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_CANT_SET_HASH_VALUE);
+        capi_addlasterror();
+        goto err;
+    }
+
+    /* Finally sign it */
+    slen = sizeof(csigbuf);
+    if (!CryptSignHash(hash, capi_key->keyspec, NULL, 0, csigbuf, &slen)) {
+        CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_ERROR_SIGNING_HASH);
+        capi_addlasterror();
+        goto err;
+    } else {
+        BIGNUM *r = BN_new(), *s = BN_new();
+
+        if (r == NULL || s == NULL
+            || !lend_tobn(r, csigbuf, 20)
+            || !lend_tobn(s, csigbuf + 20, 20)
+            || (ret = DSA_SIG_new()) == NULL) {
+            BN_free(r); /* BN_free checks for BIGNUM * being NULL */
+            BN_free(s);
+            goto err;
+        }
+        DSA_SIG_set0(ret, r, s);
+    }
+
+    /* Now cleanup */
+
+ err:
+    OPENSSL_cleanse(csigbuf, 40);
+    CryptDestroyHash(hash);
+    return ret;
+}
+
+static int capi_dsa_free(DSA *dsa)
+{
+    CAPI_KEY *capi_key;
+    capi_key = DSA_get_ex_data(dsa, dsa_capi_idx);
+    capi_free_key(capi_key);
+    DSA_set_ex_data(dsa, dsa_capi_idx, 0);
+    return 1;
+}
+# endif
+
+static void capi_vtrace(CAPI_CTX *ctx, int level, char *format,
+                        va_list argptr)
+{
+    BIO *out;
+
+    if (!ctx || (ctx->debug_level < level) || (!ctx->debug_file))
+        return;
+    out = BIO_new_file(ctx->debug_file, "a+");
+    if (out == NULL) {
+        CAPIerr(CAPI_F_CAPI_VTRACE, CAPI_R_FILE_OPEN_ERROR);
+        return;
+    }
+    BIO_vprintf(out, format, argptr);
+    BIO_free(out);
+}
+
+static void CAPI_trace(CAPI_CTX *ctx, char *format, ...)
+{
+    va_list args;
+    va_start(args, format);
+    capi_vtrace(ctx, CAPI_DBG_TRACE, format, args);
+    va_end(args);
+}
+
+static void capi_addlasterror(void)
+{
+    capi_adderror(GetLastError());
+}
+
+static void capi_adderror(DWORD err)
+{
+    char errstr[10];
+    BIO_snprintf(errstr, 10, "%lX", err);
+    ERR_add_error_data(2, "Error code= 0x", errstr);
+}
+
+static char *wide_to_asc(LPCWSTR wstr)
+{
+    char *str;
+    int len_0, sz;
+
+    if (!wstr)
+        return NULL;
+    len_0 = (int)wcslen(wstr) + 1; /* WideCharToMultiByte expects int */
+    sz = WideCharToMultiByte(CP_ACP, 0, wstr, len_0, NULL, 0, NULL, NULL);
+    if (!sz) {
+        CAPIerr(CAPI_F_WIDE_TO_ASC, CAPI_R_WIN32_ERROR);
+        return NULL;
+    }
+    str = OPENSSL_malloc(sz);
+    if (str == NULL) {
+        CAPIerr(CAPI_F_WIDE_TO_ASC, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    if (!WideCharToMultiByte(CP_ACP, 0, wstr, len_0, str, sz, NULL, NULL)) {
+        OPENSSL_free(str);
+        CAPIerr(CAPI_F_WIDE_TO_ASC, CAPI_R_WIN32_ERROR);
+        return NULL;
+    }
+    return str;
+}
+
+static int capi_get_provname(CAPI_CTX *ctx, LPSTR *pname, DWORD *ptype,
+                             DWORD idx)
+{
+    DWORD len, err;
+    LPTSTR name;
+    CAPI_trace(ctx, "capi_get_provname, index=%d\n", idx);
+    if (!CryptEnumProviders(idx, NULL, 0, ptype, NULL, &len)) {
+        err = GetLastError();
+        if (err == ERROR_NO_MORE_ITEMS)
+            return 2;
+        CAPIerr(CAPI_F_CAPI_GET_PROVNAME, CAPI_R_CRYPTENUMPROVIDERS_ERROR);
+        capi_adderror(err);
+        return 0;
+    }
+    name = OPENSSL_malloc(len);
+    if (name == NULL) {
+        CAPIerr(CAPI_F_CAPI_GET_PROVNAME, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    if (!CryptEnumProviders(idx, NULL, 0, ptype, name, &len)) {
+        err = GetLastError();
+        OPENSSL_free(name);
+        if (err == ERROR_NO_MORE_ITEMS)
+            return 2;
+        CAPIerr(CAPI_F_CAPI_GET_PROVNAME, CAPI_R_CRYPTENUMPROVIDERS_ERROR);
+        capi_adderror(err);
+        return 0;
+    }
+    if (sizeof(TCHAR) != sizeof(char)) {
+        *pname = wide_to_asc((WCHAR *)name);
+        OPENSSL_free(name);
+        if (*pname == NULL)
+            return 0;
+    } else {
+        *pname = (char *)name;
+    }
+    CAPI_trace(ctx, "capi_get_provname, returned name=%s, type=%d\n", *pname,
+               *ptype);
+
+    return 1;
+}
+
+static int capi_list_providers(CAPI_CTX *ctx, BIO *out)
+{
+    DWORD idx, ptype;
+    int ret;
+    LPSTR provname = NULL;
+    CAPI_trace(ctx, "capi_list_providers\n");
+    BIO_printf(out, "Available CSPs:\n");
+    for (idx = 0;; idx++) {
+        ret = capi_get_provname(ctx, &provname, &ptype, idx);
+        if (ret == 2)
+            break;
+        if (ret == 0)
+            break;
+        BIO_printf(out, "%lu. %s, type %lu\n", idx, provname, ptype);
+        OPENSSL_free(provname);
+    }
+    return 1;
+}
+
+static int capi_list_containers(CAPI_CTX *ctx, BIO *out)
+{
+    int ret = 1;
+    HCRYPTPROV hprov;
+    DWORD err, idx, flags, buflen = 0, clen;
+    LPSTR cname;
+    LPWSTR cspname = NULL;
+
+    CAPI_trace(ctx, "Listing containers CSP=%s, type = %d\n", ctx->cspname,
+               ctx->csptype);
+    if (ctx->cspname != NULL) {
+        if ((clen = MultiByteToWideChar(CP_ACP, 0, ctx->cspname, -1,
+                                        NULL, 0))) {
+            cspname = alloca(clen * sizeof(WCHAR));
+            MultiByteToWideChar(CP_ACP, 0, ctx->cspname, -1, (WCHAR *)cspname,
+                                clen);
+        }
+        if (cspname == NULL) {
+            CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, ERR_R_MALLOC_FAILURE);
+            capi_addlasterror();
+            return 0;
+        }
+    }
+    if (!CryptAcquireContextW(&hprov, NULL, cspname, ctx->csptype,
+                              CRYPT_VERIFYCONTEXT)) {
+        CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS,
+                CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
+        capi_addlasterror();
+        return 0;
+    }
+    if (!CryptGetProvParam(hprov, PP_ENUMCONTAINERS, NULL, &buflen,
+                           CRYPT_FIRST)) {
+        CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_ENUMCONTAINERS_ERROR);
+        capi_addlasterror();
+        CryptReleaseContext(hprov, 0);
+        return 0;
+    }
+    CAPI_trace(ctx, "Got max container len %d\n", buflen);
+    if (buflen == 0)
+        buflen = 1024;
+    cname = OPENSSL_malloc(buflen);
+    if (cname == NULL) {
+        CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    for (idx = 0;; idx++) {
+        clen = buflen;
+        cname[0] = 0;
+
+        if (idx == 0)
+            flags = CRYPT_FIRST;
+        else
+            flags = 0;
+        if (!CryptGetProvParam(hprov, PP_ENUMCONTAINERS, (BYTE *)cname,
+                               &clen, flags)) {
+            err = GetLastError();
+            if (err == ERROR_NO_MORE_ITEMS)
+                goto done;
+            CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_ENUMCONTAINERS_ERROR);
+            capi_adderror(err);
+            goto err;
+        }
+        CAPI_trace(ctx, "Container name %s, len=%d, index=%d, flags=%d\n",
+                   cname, clen, idx, flags);
+        if (!cname[0] && (clen == buflen)) {
+            CAPI_trace(ctx, "Enumerate bug: using workaround\n");
+            goto done;
+        }
+        BIO_printf(out, "%lu. %s\n", idx, cname);
+    }
+ err:
+
+    ret = 0;
+
+ done:
+    OPENSSL_free(cname);
+    CryptReleaseContext(hprov, 0);
+
+    return ret;
+}
+
+static CRYPT_KEY_PROV_INFO *capi_get_prov_info(CAPI_CTX *ctx,
+                                               PCCERT_CONTEXT cert)
+{
+    DWORD len;
+    CRYPT_KEY_PROV_INFO *pinfo;
+
+    if (!CertGetCertificateContextProperty(cert, CERT_KEY_PROV_INFO_PROP_ID,
+                                           NULL, &len))
+        return NULL;
+    pinfo = OPENSSL_malloc(len);
+    if (pinfo == NULL) {
+        CAPIerr(CAPI_F_CAPI_GET_PROV_INFO, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    if (!CertGetCertificateContextProperty(cert, CERT_KEY_PROV_INFO_PROP_ID,
+                                           pinfo, &len)) {
+        CAPIerr(CAPI_F_CAPI_GET_PROV_INFO,
+                CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO);
+        capi_addlasterror();
+        OPENSSL_free(pinfo);
+        return NULL;
+    }
+    return pinfo;
+}
+
+static void capi_dump_prov_info(CAPI_CTX *ctx, BIO *out,
+                                CRYPT_KEY_PROV_INFO *pinfo)
+{
+    char *provname = NULL, *contname = NULL;
+    if (!pinfo) {
+        BIO_printf(out, "  No Private Key\n");
+        return;
+    }
+    provname = wide_to_asc(pinfo->pwszProvName);
+    contname = wide_to_asc(pinfo->pwszContainerName);
+    if (!provname || !contname)
+        goto err;
+
+    BIO_printf(out, "  Private Key Info:\n");
+    BIO_printf(out, "    Provider Name:  %s, Provider Type %lu\n", provname,
+               pinfo->dwProvType);
+    BIO_printf(out, "    Container Name: %s, Key Type %lu\n", contname,
+               pinfo->dwKeySpec);
+ err:
+    OPENSSL_free(provname);
+    OPENSSL_free(contname);
+}
+
+static char *capi_cert_get_fname(CAPI_CTX *ctx, PCCERT_CONTEXT cert)
+{
+    LPWSTR wfname;
+    DWORD dlen;
+
+    CAPI_trace(ctx, "capi_cert_get_fname\n");
+    if (!CertGetCertificateContextProperty(cert, CERT_FRIENDLY_NAME_PROP_ID,
+                                           NULL, &dlen))
+        return NULL;
+    wfname = OPENSSL_malloc(dlen);
+    if (wfname == NULL)
+        return NULL;
+    if (CertGetCertificateContextProperty(cert, CERT_FRIENDLY_NAME_PROP_ID,
+                                          wfname, &dlen)) {
+        char *fname = wide_to_asc(wfname);
+        OPENSSL_free(wfname);
+        return fname;
+    }
+    CAPIerr(CAPI_F_CAPI_CERT_GET_FNAME, CAPI_R_ERROR_GETTING_FRIENDLY_NAME);
+    capi_addlasterror();
+
+    OPENSSL_free(wfname);
+    return NULL;
+}
+
+static void capi_dump_cert(CAPI_CTX *ctx, BIO *out, PCCERT_CONTEXT cert)
+{
+    X509 *x;
+    const unsigned char *p;
+    unsigned long flags = ctx->dump_flags;
+    if (flags & CAPI_DMP_FNAME) {
+        char *fname;
+        fname = capi_cert_get_fname(ctx, cert);
+        if (fname) {
+            BIO_printf(out, "  Friendly Name \"%s\"\n", fname);
+            OPENSSL_free(fname);
+        } else {
+            BIO_printf(out, "  <No Friendly Name>\n");
+        }
+    }
+
+    p = cert->pbCertEncoded;
+    x = d2i_X509(NULL, &p, cert->cbCertEncoded);
+    if (!x)
+        BIO_printf(out, "  <Can't parse certificate>\n");
+    if (flags & CAPI_DMP_SUMMARY) {
+        BIO_printf(out, "  Subject: ");
+        X509_NAME_print_ex(out, X509_get_subject_name(x), 0, XN_FLAG_ONELINE);
+        BIO_printf(out, "\n  Issuer: ");
+        X509_NAME_print_ex(out, X509_get_issuer_name(x), 0, XN_FLAG_ONELINE);
+        BIO_printf(out, "\n");
+    }
+    if (flags & CAPI_DMP_FULL)
+        X509_print_ex(out, x, XN_FLAG_ONELINE, 0);
+
+    if (flags & CAPI_DMP_PKEYINFO) {
+        CRYPT_KEY_PROV_INFO *pinfo;
+        pinfo = capi_get_prov_info(ctx, cert);
+        capi_dump_prov_info(ctx, out, pinfo);
+        OPENSSL_free(pinfo);
+    }
+
+    if (flags & CAPI_DMP_PEM)
+        PEM_write_bio_X509(out, x);
+    X509_free(x);
+}
+
+static HCERTSTORE capi_open_store(CAPI_CTX *ctx, char *storename)
+{
+    HCERTSTORE hstore;
+
+    if (!storename)
+        storename = ctx->storename;
+    if (!storename)
+        storename = "MY";
+    CAPI_trace(ctx, "Opening certificate store %s\n", storename);
+
+    hstore = CertOpenStore(CERT_STORE_PROV_SYSTEM_A, 0, 0,
+                           ctx->store_flags, storename);
+    if (!hstore) {
+        CAPIerr(CAPI_F_CAPI_OPEN_STORE, CAPI_R_ERROR_OPENING_STORE);
+        capi_addlasterror();
+    }
+    return hstore;
+}
+
+int capi_list_certs(CAPI_CTX *ctx, BIO *out, char *id)
+{
+    char *storename;
+    int idx;
+    int ret = 1;
+    HCERTSTORE hstore;
+    PCCERT_CONTEXT cert = NULL;
+
+    storename = ctx->storename;
+    if (!storename)
+        storename = "MY";
+    CAPI_trace(ctx, "Listing certs for store %s\n", storename);
+
+    hstore = capi_open_store(ctx, storename);
+    if (!hstore)
+        return 0;
+    if (id) {
+        cert = capi_find_cert(ctx, id, hstore);
+        if (!cert) {
+            ret = 0;
+            goto err;
+        }
+        capi_dump_cert(ctx, out, cert);
+        CertFreeCertificateContext(cert);
+    } else {
+        for (idx = 0;; idx++) {
+            cert = CertEnumCertificatesInStore(hstore, cert);
+            if (!cert)
+                break;
+            BIO_printf(out, "Certificate %d\n", idx);
+            capi_dump_cert(ctx, out, cert);
+        }
+    }
+ err:
+    CertCloseStore(hstore, 0);
+    return ret;
+}
+
+static PCCERT_CONTEXT capi_find_cert(CAPI_CTX *ctx, const char *id,
+                                     HCERTSTORE hstore)
+{
+    PCCERT_CONTEXT cert = NULL;
+    char *fname = NULL;
+    int match;
+    switch (ctx->lookup_method) {
+    case CAPI_LU_SUBSTR:
+        return CertFindCertificateInStore(hstore, X509_ASN_ENCODING, 0,
+                                          CERT_FIND_SUBJECT_STR_A, id, NULL);
+    case CAPI_LU_FNAME:
+        for (;;) {
+            cert = CertEnumCertificatesInStore(hstore, cert);
+            if (!cert)
+                return NULL;
+            fname = capi_cert_get_fname(ctx, cert);
+            if (fname) {
+                if (strcmp(fname, id))
+                    match = 0;
+                else
+                    match = 1;
+                OPENSSL_free(fname);
+                if (match)
+                    return cert;
+            }
+        }
+    default:
+        return NULL;
+    }
+}
+
+static CAPI_KEY *capi_get_key(CAPI_CTX *ctx, const WCHAR *contname,
+                              const WCHAR *provname, DWORD ptype,
+                              DWORD keyspec)
+{
+    DWORD dwFlags = 0;
+    CAPI_KEY *key = OPENSSL_malloc(sizeof(*key));
+
+    if (key == NULL)
+        return NULL;
+    /* If PROV_RSA_AES supported use it instead */
+    if (ptype == PROV_RSA_FULL && use_aes_csp &&
+        wcscmp(provname, rsa_enh_cspname) == 0) {
+        provname = rsa_aes_cspname;
+        ptype = PROV_RSA_AES;
+    }
+    if (ctx && ctx->debug_level >= CAPI_DBG_TRACE && ctx->debug_file) {
+        /*
+         * above 'if' is [complementary] copy from CAPI_trace and serves
+         * as optimization to minimize [below] malloc-ations
+         */
+        char *_contname = wide_to_asc(contname);
+        char *_provname = wide_to_asc(provname);
+
+        CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s, type=%d\n",
+                   _contname, _provname, ptype);
+        OPENSSL_free(_provname);
+        OPENSSL_free(_contname);
+    }
+    if (ctx->store_flags & CERT_SYSTEM_STORE_LOCAL_MACHINE)
+        dwFlags = CRYPT_MACHINE_KEYSET;
+    if (!CryptAcquireContextW(&key->hprov, contname, provname, ptype,
+                              dwFlags)) {
+        CAPIerr(CAPI_F_CAPI_GET_KEY, CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
+        capi_addlasterror();
+        goto err;
+    }
+    if (!CryptGetUserKey(key->hprov, keyspec, &key->key)) {
+        CAPIerr(CAPI_F_CAPI_GET_KEY, CAPI_R_GETUSERKEY_ERROR);
+        capi_addlasterror();
+        CryptReleaseContext(key->hprov, 0);
+        goto err;
+    }
+    key->keyspec = keyspec;
+    key->pcert = NULL;
+    return key;
+
+ err:
+    OPENSSL_free(key);
+    return NULL;
+}
+
+static CAPI_KEY *capi_get_cert_key(CAPI_CTX *ctx, PCCERT_CONTEXT cert)
+{
+    CAPI_KEY *key = NULL;
+    CRYPT_KEY_PROV_INFO *pinfo = NULL;
+
+    pinfo = capi_get_prov_info(ctx, cert);
+
+    if (pinfo != NULL)
+        key = capi_get_key(ctx, pinfo->pwszContainerName, pinfo->pwszProvName,
+                           pinfo->dwProvType, pinfo->dwKeySpec);
+
+    OPENSSL_free(pinfo);
+    return key;
+}
+
+CAPI_KEY *capi_find_key(CAPI_CTX *ctx, const char *id)
+{
+    PCCERT_CONTEXT cert;
+    HCERTSTORE hstore;
+    CAPI_KEY *key = NULL;
+
+    switch (ctx->lookup_method) {
+    case CAPI_LU_SUBSTR:
+    case CAPI_LU_FNAME:
+        hstore = capi_open_store(ctx, NULL);
+        if (!hstore)
+            return NULL;
+        cert = capi_find_cert(ctx, id, hstore);
+        if (cert) {
+            key = capi_get_cert_key(ctx, cert);
+            CertFreeCertificateContext(cert);
+        }
+        CertCloseStore(hstore, 0);
+        break;
+
+    case CAPI_LU_CONTNAME:
+        {
+            WCHAR *contname, *provname;
+            DWORD len;
+
+            if ((len = MultiByteToWideChar(CP_ACP, 0, id, -1, NULL, 0)) &&
+                (contname = alloca(len * sizeof(WCHAR)),
+                 MultiByteToWideChar(CP_ACP, 0, id, -1, contname, len)) &&
+                (len = MultiByteToWideChar(CP_ACP, 0, ctx->cspname, -1,
+                                           NULL, 0)) &&
+                (provname = alloca(len * sizeof(WCHAR)),
+                 MultiByteToWideChar(CP_ACP, 0, ctx->cspname, -1,
+                                     provname, len)))
+                key = capi_get_key(ctx, contname, provname,
+                                   ctx->csptype, ctx->keytype);
+        }
+        break;
+    }
+
+    return key;
+}
+
+void capi_free_key(CAPI_KEY *key)
+{
+    if (!key)
+        return;
+    CryptDestroyKey(key->key);
+    CryptReleaseContext(key->hprov, 0);
+    if (key->pcert)
+        CertFreeCertificateContext(key->pcert);
+    OPENSSL_free(key);
+}
+
+/* Initialize a CAPI_CTX structure */
+
+static CAPI_CTX *capi_ctx_new(void)
+{
+    CAPI_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
+
+    if (ctx == NULL) {
+        CAPIerr(CAPI_F_CAPI_CTX_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    ctx->csptype = PROV_RSA_FULL;
+    ctx->dump_flags = CAPI_DMP_SUMMARY | CAPI_DMP_FNAME;
+    ctx->keytype = AT_KEYEXCHANGE;
+    ctx->store_flags = CERT_STORE_OPEN_EXISTING_FLAG |
+        CERT_STORE_READONLY_FLAG | CERT_SYSTEM_STORE_CURRENT_USER;
+    ctx->lookup_method = CAPI_LU_SUBSTR;
+    ctx->client_cert_select = cert_select_simple;
+    return ctx;
+}
+
+static void capi_ctx_free(CAPI_CTX *ctx)
+{
+    CAPI_trace(ctx, "Calling capi_ctx_free with %lx\n", ctx);
+    if (!ctx)
+        return;
+    OPENSSL_free(ctx->cspname);
+    OPENSSL_free(ctx->debug_file);
+    OPENSSL_free(ctx->storename);
+    OPENSSL_free(ctx->ssl_client_store);
+    OPENSSL_free(ctx);
+}
+
+static int capi_ctx_set_provname(CAPI_CTX *ctx, LPSTR pname, DWORD type,
+                                 int check)
+{
+    LPSTR tmpcspname;
+
+    CAPI_trace(ctx, "capi_ctx_set_provname, name=%s, type=%d\n", pname, type);
+    if (check) {
+        HCRYPTPROV hprov;
+        LPWSTR name = NULL;
+        DWORD len;
+
+        if ((len = MultiByteToWideChar(CP_ACP, 0, pname, -1, NULL, 0))) {
+            name = alloca(len * sizeof(WCHAR));
+            MultiByteToWideChar(CP_ACP, 0, pname, -1, (WCHAR *)name, len);
+        }
+        if (name == NULL || !CryptAcquireContextW(&hprov, NULL, name, type,
+                                                  CRYPT_VERIFYCONTEXT)) {
+            CAPIerr(CAPI_F_CAPI_CTX_SET_PROVNAME,
+                    CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
+            capi_addlasterror();
+            return 0;
+        }
+        CryptReleaseContext(hprov, 0);
+    }
+    tmpcspname = OPENSSL_strdup(pname);
+    if (tmpcspname == NULL) {
+        CAPIerr(CAPI_F_CAPI_CTX_SET_PROVNAME, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    OPENSSL_free(ctx->cspname);
+    ctx->cspname = tmpcspname;
+    ctx->csptype = type;
+    return 1;
+}
+
+static int capi_ctx_set_provname_idx(CAPI_CTX *ctx, int idx)
+{
+    LPSTR pname;
+    DWORD type;
+    int res;
+    if (capi_get_provname(ctx, &pname, &type, idx) != 1)
+        return 0;
+    res = capi_ctx_set_provname(ctx, pname, type, 0);
+    OPENSSL_free(pname);
+    return res;
+}
+
+static int cert_issuer_match(STACK_OF(X509_NAME) *ca_dn, X509 *x)
+{
+    int i;
+    X509_NAME *nm;
+    /* Special case: empty list: match anything */
+    if (sk_X509_NAME_num(ca_dn) <= 0)
+        return 1;
+    for (i = 0; i < sk_X509_NAME_num(ca_dn); i++) {
+        nm = sk_X509_NAME_value(ca_dn, i);
+        if (!X509_NAME_cmp(nm, X509_get_issuer_name(x)))
+            return 1;
+    }
+    return 0;
+}
+
+static int capi_load_ssl_client_cert(ENGINE *e, SSL *ssl,
+                                     STACK_OF(X509_NAME) *ca_dn, X509 **pcert,
+                                     EVP_PKEY **pkey, STACK_OF(X509) **pother,
+                                     UI_METHOD *ui_method,
+                                     void *callback_data)
+{
+    STACK_OF(X509) *certs = NULL;
+    X509 *x;
+    char *storename;
+    const unsigned char *p;
+    int i, client_cert_idx;
+    HCERTSTORE hstore;
+    PCCERT_CONTEXT cert = NULL, excert = NULL;
+    CAPI_CTX *ctx;
+    CAPI_KEY *key;
+    ctx = ENGINE_get_ex_data(e, capi_idx);
+
+    *pcert = NULL;
+    *pkey = NULL;
+
+    storename = ctx->ssl_client_store;
+    if (!storename)
+        storename = "MY";
+
+    hstore = capi_open_store(ctx, storename);
+    if (!hstore)
+        return 0;
+    /* Enumerate all certificates collect any matches */
+    for (i = 0;; i++) {
+        cert = CertEnumCertificatesInStore(hstore, cert);
+        if (!cert)
+            break;
+        p = cert->pbCertEncoded;
+        x = d2i_X509(NULL, &p, cert->cbCertEncoded);
+        if (!x) {
+            CAPI_trace(ctx, "Can't Parse Certificate %d\n", i);
+            continue;
+        }
+        if (cert_issuer_match(ca_dn, x)
+            && X509_check_purpose(x, X509_PURPOSE_SSL_CLIENT, 0)) {
+            key = capi_get_cert_key(ctx, cert);
+            if (!key) {
+                X509_free(x);
+                continue;
+            }
+            /*
+             * Match found: attach extra data to it so we can retrieve the
+             * key later.
+             */
+            excert = CertDuplicateCertificateContext(cert);
+            key->pcert = excert;
+            X509_set_ex_data(x, cert_capi_idx, key);
+
+            if (!certs)
+                certs = sk_X509_new_null();
+
+            sk_X509_push(certs, x);
+        } else {
+            X509_free(x);
+        }
+    }
+
+    if (cert)
+        CertFreeCertificateContext(cert);
+    if (hstore)
+        CertCloseStore(hstore, 0);
+
+    if (!certs)
+        return 0;
+
+    /* Select the appropriate certificate */
+
+    client_cert_idx = ctx->client_cert_select(e, ssl, certs);
+
+    /* Set the selected certificate and free the rest */
+
+    for (i = 0; i < sk_X509_num(certs); i++) {
+        x = sk_X509_value(certs, i);
+        if (i == client_cert_idx)
+            *pcert = x;
+        else {
+            key = X509_get_ex_data(x, cert_capi_idx);
+            capi_free_key(key);
+            X509_free(x);
+        }
+    }
+
+    sk_X509_free(certs);
+
+    if (!*pcert)
+        return 0;
+
+    /* Setup key for selected certificate */
+
+    key = X509_get_ex_data(*pcert, cert_capi_idx);
+    *pkey = capi_get_pkey(e, key);
+    X509_set_ex_data(*pcert, cert_capi_idx, NULL);
+
+    return 1;
+
+}
+
+/* Simple client cert selection function: always select first */
+
+static int cert_select_simple(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs)
+{
+    return 0;
+}
+
+# ifdef OPENSSL_CAPIENG_DIALOG
+
+/*
+ * More complex cert selection function, using standard function
+ * CryptUIDlgSelectCertificateFromStore() to produce a dialog box.
+ */
+
+/*
+ * Definitions which are in cryptuiapi.h but this is not present in older
+ * versions of headers.
+ */
+
+#  ifndef CRYPTUI_SELECT_LOCATION_COLUMN
+#   define CRYPTUI_SELECT_LOCATION_COLUMN                   0x000000010
+#   define CRYPTUI_SELECT_INTENDEDUSE_COLUMN                0x000000004
+#  endif
+
+#  define dlg_title L"OpenSSL Application SSL Client Certificate Selection"
+#  define dlg_prompt L"Select a certificate to use for authentication"
+#  define dlg_columns      CRYPTUI_SELECT_LOCATION_COLUMN \
+                        |CRYPTUI_SELECT_INTENDEDUSE_COLUMN
+
+static int cert_select_dialog(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs)
+{
+    X509 *x;
+    HCERTSTORE dstore;
+    PCCERT_CONTEXT cert;
+    CAPI_CTX *ctx;
+    CAPI_KEY *key;
+    HWND hwnd;
+    int i, idx = -1;
+    if (sk_X509_num(certs) == 1)
+        return 0;
+    ctx = ENGINE_get_ex_data(e, capi_idx);
+    /* Create an in memory store of certificates */
+    dstore = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
+                           CERT_STORE_CREATE_NEW_FLAG, NULL);
+    if (!dstore) {
+        CAPIerr(CAPI_F_CERT_SELECT_DIALOG, CAPI_R_ERROR_CREATING_STORE);
+        capi_addlasterror();
+        goto err;
+    }
+    /* Add all certificates to store */
+    for (i = 0; i < sk_X509_num(certs); i++) {
+        x = sk_X509_value(certs, i);
+        key = X509_get_ex_data(x, cert_capi_idx);
+
+        if (!CertAddCertificateContextToStore(dstore, key->pcert,
+                                              CERT_STORE_ADD_NEW, NULL)) {
+            CAPIerr(CAPI_F_CERT_SELECT_DIALOG, CAPI_R_ERROR_ADDING_CERT);
+            capi_addlasterror();
+            goto err;
+        }
+
+    }
+    hwnd = GetForegroundWindow();
+    if (!hwnd)
+        hwnd = GetActiveWindow();
+    if (!hwnd && ctx->getconswindow)
+        hwnd = ctx->getconswindow();
+    /* Call dialog to select one */
+    cert = ctx->certselectdlg(dstore, hwnd, dlg_title, dlg_prompt,
+                              dlg_columns, 0, NULL);
+
+    /* Find matching cert from list */
+    if (cert) {
+        for (i = 0; i < sk_X509_num(certs); i++) {
+            x = sk_X509_value(certs, i);
+            key = X509_get_ex_data(x, cert_capi_idx);
+            if (CertCompareCertificate
+                (X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, cert->pCertInfo,
+                 key->pcert->pCertInfo)) {
+                idx = i;
+                break;
+            }
+        }
+    }
+
+ err:
+    if (dstore)
+        CertCloseStore(dstore, 0);
+    return idx;
+
+}
+# endif
+
+#else                           /* !__COMPILE_CAPIENG */
+# include <openssl/engine.h>
+# ifndef OPENSSL_NO_DYNAMIC_ENGINE
+OPENSSL_EXPORT
+    int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns);
+OPENSSL_EXPORT
+    int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns)
+{
+    return 0;
+}
+
+IMPLEMENT_DYNAMIC_CHECK_FN()
+# else
+void engine_load_capi_int(void);
+void engine_load_capi_int(void)
+{
+}
+# endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/engines/e_capi.ec b/trunk/3rdparty/openssl-1.1-fit/engines/e_capi.ec
new file mode 100644
index 000000000..d9c7aa510
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/engines/e_capi.ec
@@ -0,0 +1,3 @@
+# The INPUT HEADER is scanned for declarations
+# LIBNAME       INPUT HEADER                    ERROR-TABLE FILE
+L CAPI          e_capi_err.h                    e_capi_err.c
diff --git a/trunk/3rdparty/openssl-1.1-fit/engines/e_capi.txt b/trunk/3rdparty/openssl-1.1-fit/engines/e_capi.txt
new file mode 100644
index 000000000..3f34cdf6b
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/engines/e_capi.txt
@@ -0,0 +1,62 @@
+# Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# Function codes
+CAPI_F_CAPI_CERT_GET_FNAME:99:capi_cert_get_fname
+CAPI_F_CAPI_CTRL:100:capi_ctrl
+CAPI_F_CAPI_CTX_NEW:101:capi_ctx_new
+CAPI_F_CAPI_CTX_SET_PROVNAME:102:capi_ctx_set_provname
+CAPI_F_CAPI_DSA_DO_SIGN:114:capi_dsa_do_sign
+CAPI_F_CAPI_GET_KEY:103:capi_get_key
+CAPI_F_CAPI_GET_PKEY:115:capi_get_pkey
+CAPI_F_CAPI_GET_PROVNAME:104:capi_get_provname
+CAPI_F_CAPI_GET_PROV_INFO:105:capi_get_prov_info
+CAPI_F_CAPI_INIT:106:capi_init
+CAPI_F_CAPI_LIST_CONTAINERS:107:capi_list_containers
+CAPI_F_CAPI_LOAD_PRIVKEY:108:capi_load_privkey
+CAPI_F_CAPI_OPEN_STORE:109:capi_open_store
+CAPI_F_CAPI_RSA_PRIV_DEC:110:capi_rsa_priv_dec
+CAPI_F_CAPI_RSA_PRIV_ENC:111:capi_rsa_priv_enc
+CAPI_F_CAPI_RSA_SIGN:112:capi_rsa_sign
+CAPI_F_CAPI_VTRACE:118:capi_vtrace
+CAPI_F_CERT_SELECT_DIALOG:117:cert_select_dialog
+CAPI_F_CLIENT_CERT_SELECT:116:*
+CAPI_F_WIDE_TO_ASC:113:wide_to_asc
+
+#Reason codes
+CAPI_R_CANT_CREATE_HASH_OBJECT:100:cant create hash object
+CAPI_R_CANT_FIND_CAPI_CONTEXT:101:cant find capi context
+CAPI_R_CANT_GET_KEY:102:cant get key
+CAPI_R_CANT_SET_HASH_VALUE:103:cant set hash value
+CAPI_R_CRYPTACQUIRECONTEXT_ERROR:104:cryptacquirecontext error
+CAPI_R_CRYPTENUMPROVIDERS_ERROR:105:cryptenumproviders error
+CAPI_R_DECRYPT_ERROR:106:decrypt error
+CAPI_R_ENGINE_NOT_INITIALIZED:107:engine not initialized
+CAPI_R_ENUMCONTAINERS_ERROR:108:enumcontainers error
+CAPI_R_ERROR_ADDING_CERT:109:error adding cert
+CAPI_R_ERROR_CREATING_STORE:110:error creating store
+CAPI_R_ERROR_GETTING_FRIENDLY_NAME:111:error getting friendly name
+CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO:112:error getting key provider info
+CAPI_R_ERROR_OPENING_STORE:113:error opening store
+CAPI_R_ERROR_SIGNING_HASH:114:error signing hash
+CAPI_R_FILE_OPEN_ERROR:115:file open error
+CAPI_R_FUNCTION_NOT_SUPPORTED:116:function not supported
+CAPI_R_GETUSERKEY_ERROR:117:getuserkey error
+CAPI_R_INVALID_DIGEST_LENGTH:118:invalid digest length
+CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER:119:\
+	invalid dsa public key blob magic number
+CAPI_R_INVALID_LOOKUP_METHOD:120:invalid lookup method
+CAPI_R_INVALID_PUBLIC_KEY_BLOB:121:invalid public key blob
+CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER:122:\
+	invalid rsa public key blob magic number
+CAPI_R_PUBKEY_EXPORT_ERROR:123:pubkey export error
+CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR:124:pubkey export length error
+CAPI_R_UNKNOWN_COMMAND:125:unknown command
+CAPI_R_UNSUPPORTED_ALGORITHM_NID:126:unsupported algorithm nid
+CAPI_R_UNSUPPORTED_PADDING:127:unsupported padding
+CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM:128:unsupported public key algorithm
+CAPI_R_WIN32_ERROR:129:win32 error
diff --git a/trunk/3rdparty/openssl-1.1-fit/engines/e_capi_err.c b/trunk/3rdparty/openssl-1.1-fit/engines/e_capi_err.c
new file mode 100644
index 000000000..b72bc51a8
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/engines/e_capi_err.c
@@ -0,0 +1,119 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include "e_capi_err.h"
+
+#ifndef OPENSSL_NO_ERR
+
+static ERR_STRING_DATA CAPI_str_functs[] = {
+    {ERR_PACK(0, CAPI_F_CAPI_CERT_GET_FNAME, 0), "capi_cert_get_fname"},
+    {ERR_PACK(0, CAPI_F_CAPI_CTRL, 0), "capi_ctrl"},
+    {ERR_PACK(0, CAPI_F_CAPI_CTX_NEW, 0), "capi_ctx_new"},
+    {ERR_PACK(0, CAPI_F_CAPI_CTX_SET_PROVNAME, 0), "capi_ctx_set_provname"},
+    {ERR_PACK(0, CAPI_F_CAPI_DSA_DO_SIGN, 0), "capi_dsa_do_sign"},
+    {ERR_PACK(0, CAPI_F_CAPI_GET_KEY, 0), "capi_get_key"},
+    {ERR_PACK(0, CAPI_F_CAPI_GET_PKEY, 0), "capi_get_pkey"},
+    {ERR_PACK(0, CAPI_F_CAPI_GET_PROVNAME, 0), "capi_get_provname"},
+    {ERR_PACK(0, CAPI_F_CAPI_GET_PROV_INFO, 0), "capi_get_prov_info"},
+    {ERR_PACK(0, CAPI_F_CAPI_INIT, 0), "capi_init"},
+    {ERR_PACK(0, CAPI_F_CAPI_LIST_CONTAINERS, 0), "capi_list_containers"},
+    {ERR_PACK(0, CAPI_F_CAPI_LOAD_PRIVKEY, 0), "capi_load_privkey"},
+    {ERR_PACK(0, CAPI_F_CAPI_OPEN_STORE, 0), "capi_open_store"},
+    {ERR_PACK(0, CAPI_F_CAPI_RSA_PRIV_DEC, 0), "capi_rsa_priv_dec"},
+    {ERR_PACK(0, CAPI_F_CAPI_RSA_PRIV_ENC, 0), "capi_rsa_priv_enc"},
+    {ERR_PACK(0, CAPI_F_CAPI_RSA_SIGN, 0), "capi_rsa_sign"},
+    {ERR_PACK(0, CAPI_F_CAPI_VTRACE, 0), "capi_vtrace"},
+    {ERR_PACK(0, CAPI_F_CERT_SELECT_DIALOG, 0), "cert_select_dialog"},
+    {ERR_PACK(0, CAPI_F_CLIENT_CERT_SELECT, 0), ""},
+    {ERR_PACK(0, CAPI_F_WIDE_TO_ASC, 0), "wide_to_asc"},
+    {0, NULL}
+};
+
+static ERR_STRING_DATA CAPI_str_reasons[] = {
+    {ERR_PACK(0, 0, CAPI_R_CANT_CREATE_HASH_OBJECT), "cant create hash object"},
+    {ERR_PACK(0, 0, CAPI_R_CANT_FIND_CAPI_CONTEXT), "cant find capi context"},
+    {ERR_PACK(0, 0, CAPI_R_CANT_GET_KEY), "cant get key"},
+    {ERR_PACK(0, 0, CAPI_R_CANT_SET_HASH_VALUE), "cant set hash value"},
+    {ERR_PACK(0, 0, CAPI_R_CRYPTACQUIRECONTEXT_ERROR),
+    "cryptacquirecontext error"},
+    {ERR_PACK(0, 0, CAPI_R_CRYPTENUMPROVIDERS_ERROR),
+    "cryptenumproviders error"},
+    {ERR_PACK(0, 0, CAPI_R_DECRYPT_ERROR), "decrypt error"},
+    {ERR_PACK(0, 0, CAPI_R_ENGINE_NOT_INITIALIZED), "engine not initialized"},
+    {ERR_PACK(0, 0, CAPI_R_ENUMCONTAINERS_ERROR), "enumcontainers error"},
+    {ERR_PACK(0, 0, CAPI_R_ERROR_ADDING_CERT), "error adding cert"},
+    {ERR_PACK(0, 0, CAPI_R_ERROR_CREATING_STORE), "error creating store"},
+    {ERR_PACK(0, 0, CAPI_R_ERROR_GETTING_FRIENDLY_NAME),
+    "error getting friendly name"},
+    {ERR_PACK(0, 0, CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO),
+    "error getting key provider info"},
+    {ERR_PACK(0, 0, CAPI_R_ERROR_OPENING_STORE), "error opening store"},
+    {ERR_PACK(0, 0, CAPI_R_ERROR_SIGNING_HASH), "error signing hash"},
+    {ERR_PACK(0, 0, CAPI_R_FILE_OPEN_ERROR), "file open error"},
+    {ERR_PACK(0, 0, CAPI_R_FUNCTION_NOT_SUPPORTED), "function not supported"},
+    {ERR_PACK(0, 0, CAPI_R_GETUSERKEY_ERROR), "getuserkey error"},
+    {ERR_PACK(0, 0, CAPI_R_INVALID_DIGEST_LENGTH), "invalid digest length"},
+    {ERR_PACK(0, 0, CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER),
+    "invalid dsa public key blob magic number"},
+    {ERR_PACK(0, 0, CAPI_R_INVALID_LOOKUP_METHOD), "invalid lookup method"},
+    {ERR_PACK(0, 0, CAPI_R_INVALID_PUBLIC_KEY_BLOB), "invalid public key blob"},
+    {ERR_PACK(0, 0, CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER),
+    "invalid rsa public key blob magic number"},
+    {ERR_PACK(0, 0, CAPI_R_PUBKEY_EXPORT_ERROR), "pubkey export error"},
+    {ERR_PACK(0, 0, CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR),
+    "pubkey export length error"},
+    {ERR_PACK(0, 0, CAPI_R_UNKNOWN_COMMAND), "unknown command"},
+    {ERR_PACK(0, 0, CAPI_R_UNSUPPORTED_ALGORITHM_NID),
+    "unsupported algorithm nid"},
+    {ERR_PACK(0, 0, CAPI_R_UNSUPPORTED_PADDING), "unsupported padding"},
+    {ERR_PACK(0, 0, CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM),
+    "unsupported public key algorithm"},
+    {ERR_PACK(0, 0, CAPI_R_WIN32_ERROR), "win32 error"},
+    {0, NULL}
+};
+
+#endif
+
+static int lib_code = 0;
+static int error_loaded = 0;
+
+static int ERR_load_CAPI_strings(void)
+{
+    if (lib_code == 0)
+        lib_code = ERR_get_next_error_library();
+
+    if (!error_loaded) {
+#ifndef OPENSSL_NO_ERR
+        ERR_load_strings(lib_code, CAPI_str_functs);
+        ERR_load_strings(lib_code, CAPI_str_reasons);
+#endif
+        error_loaded = 1;
+    }
+    return 1;
+}
+
+static void ERR_unload_CAPI_strings(void)
+{
+    if (error_loaded) {
+#ifndef OPENSSL_NO_ERR
+        ERR_unload_strings(lib_code, CAPI_str_functs);
+        ERR_unload_strings(lib_code, CAPI_str_reasons);
+#endif
+        error_loaded = 0;
+    }
+}
+
+static void ERR_CAPI_error(int function, int reason, char *file, int line)
+{
+    if (lib_code == 0)
+        lib_code = ERR_get_next_error_library();
+    ERR_PUT_error(lib_code, function, reason, file, line);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/engines/e_capi_err.h b/trunk/3rdparty/openssl-1.1-fit/engines/e_capi_err.h
new file mode 100644
index 000000000..e034c98ca
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/engines/e_capi_err.h
@@ -0,0 +1,75 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CAPIERR_H
+# define HEADER_CAPIERR_H
+
+# define CAPIerr(f, r) ERR_CAPI_error((f), (r), OPENSSL_FILE, OPENSSL_LINE)
+
+
+/*
+ * CAPI function codes.
+ */
+# define CAPI_F_CAPI_CERT_GET_FNAME                       99
+# define CAPI_F_CAPI_CTRL                                 100
+# define CAPI_F_CAPI_CTX_NEW                              101
+# define CAPI_F_CAPI_CTX_SET_PROVNAME                     102
+# define CAPI_F_CAPI_DSA_DO_SIGN                          114
+# define CAPI_F_CAPI_GET_KEY                              103
+# define CAPI_F_CAPI_GET_PKEY                             115
+# define CAPI_F_CAPI_GET_PROVNAME                         104
+# define CAPI_F_CAPI_GET_PROV_INFO                        105
+# define CAPI_F_CAPI_INIT                                 106
+# define CAPI_F_CAPI_LIST_CONTAINERS                      107
+# define CAPI_F_CAPI_LOAD_PRIVKEY                         108
+# define CAPI_F_CAPI_OPEN_STORE                           109
+# define CAPI_F_CAPI_RSA_PRIV_DEC                         110
+# define CAPI_F_CAPI_RSA_PRIV_ENC                         111
+# define CAPI_F_CAPI_RSA_SIGN                             112
+# define CAPI_F_CAPI_VTRACE                               118
+# define CAPI_F_CERT_SELECT_DIALOG                        117
+# define CAPI_F_CLIENT_CERT_SELECT                        116
+# define CAPI_F_WIDE_TO_ASC                               113
+
+/*
+ * CAPI reason codes.
+ */
+# define CAPI_R_CANT_CREATE_HASH_OBJECT                   100
+# define CAPI_R_CANT_FIND_CAPI_CONTEXT                    101
+# define CAPI_R_CANT_GET_KEY                              102
+# define CAPI_R_CANT_SET_HASH_VALUE                       103
+# define CAPI_R_CRYPTACQUIRECONTEXT_ERROR                 104
+# define CAPI_R_CRYPTENUMPROVIDERS_ERROR                  105
+# define CAPI_R_DECRYPT_ERROR                             106
+# define CAPI_R_ENGINE_NOT_INITIALIZED                    107
+# define CAPI_R_ENUMCONTAINERS_ERROR                      108
+# define CAPI_R_ERROR_ADDING_CERT                         109
+# define CAPI_R_ERROR_CREATING_STORE                      110
+# define CAPI_R_ERROR_GETTING_FRIENDLY_NAME               111
+# define CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO           112
+# define CAPI_R_ERROR_OPENING_STORE                       113
+# define CAPI_R_ERROR_SIGNING_HASH                        114
+# define CAPI_R_FILE_OPEN_ERROR                           115
+# define CAPI_R_FUNCTION_NOT_SUPPORTED                    116
+# define CAPI_R_GETUSERKEY_ERROR                          117
+# define CAPI_R_INVALID_DIGEST_LENGTH                     118
+# define CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER  119
+# define CAPI_R_INVALID_LOOKUP_METHOD                     120
+# define CAPI_R_INVALID_PUBLIC_KEY_BLOB                   121
+# define CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER  122
+# define CAPI_R_PUBKEY_EXPORT_ERROR                       123
+# define CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR                124
+# define CAPI_R_UNKNOWN_COMMAND                           125
+# define CAPI_R_UNSUPPORTED_ALGORITHM_NID                 126
+# define CAPI_R_UNSUPPORTED_PADDING                       127
+# define CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM          128
+# define CAPI_R_WIN32_ERROR                               129
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/engines/e_dasync.c b/trunk/3rdparty/openssl-1.1-fit/engines/e_dasync.c
new file mode 100644
index 000000000..5cdacb66a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/engines/e_dasync.c
@@ -0,0 +1,785 @@
+/*
+ * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#if defined(_WIN32)
+# include <windows.h>
+#endif
+
+#include <stdio.h>
+#include <string.h>
+
+#include <openssl/engine.h>
+#include <openssl/sha.h>
+#include <openssl/aes.h>
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/async.h>
+#include <openssl/bn.h>
+#include <openssl/crypto.h>
+#include <openssl/ssl.h>
+#include <openssl/modes.h>
+
+#if defined(OPENSSL_SYS_UNIX) && defined(OPENSSL_THREADS)
+# undef ASYNC_POSIX
+# define ASYNC_POSIX
+# include <unistd.h>
+#elif defined(_WIN32)
+# undef ASYNC_WIN
+# define ASYNC_WIN
+#endif
+
+#include "e_dasync_err.c"
+
+/* Engine Id and Name */
+static const char *engine_dasync_id = "dasync";
+static const char *engine_dasync_name = "Dummy Async engine support";
+
+
+/* Engine Lifetime functions */
+static int dasync_destroy(ENGINE *e);
+static int dasync_init(ENGINE *e);
+static int dasync_finish(ENGINE *e);
+void engine_load_dasync_int(void);
+
+
+/* Set up digests. Just SHA1 for now */
+static int dasync_digests(ENGINE *e, const EVP_MD **digest,
+                          const int **nids, int nid);
+
+static void dummy_pause_job(void);
+
+/* SHA1 */
+static int dasync_sha1_init(EVP_MD_CTX *ctx);
+static int dasync_sha1_update(EVP_MD_CTX *ctx, const void *data,
+                             size_t count);
+static int dasync_sha1_final(EVP_MD_CTX *ctx, unsigned char *md);
+
+/*
+ * Holds the EVP_MD object for sha1 in this engine. Set up once only during
+ * engine bind and can then be reused many times.
+ */
+static EVP_MD *_hidden_sha1_md = NULL;
+static const EVP_MD *dasync_sha1(void)
+{
+    return _hidden_sha1_md;
+}
+static void destroy_digests(void)
+{
+    EVP_MD_meth_free(_hidden_sha1_md);
+    _hidden_sha1_md = NULL;
+}
+
+static int dasync_digest_nids(const int **nids)
+{
+    static int digest_nids[2] = { 0, 0 };
+    static int pos = 0;
+    static int init = 0;
+
+    if (!init) {
+        const EVP_MD *md;
+        if ((md = dasync_sha1()) != NULL)
+            digest_nids[pos++] = EVP_MD_type(md);
+        digest_nids[pos] = 0;
+        init = 1;
+    }
+    *nids = digest_nids;
+    return pos;
+}
+
+/* RSA */
+
+static int dasync_pub_enc(int flen, const unsigned char *from,
+                    unsigned char *to, RSA *rsa, int padding);
+static int dasync_pub_dec(int flen, const unsigned char *from,
+                    unsigned char *to, RSA *rsa, int padding);
+static int dasync_rsa_priv_enc(int flen, const unsigned char *from,
+                      unsigned char *to, RSA *rsa, int padding);
+static int dasync_rsa_priv_dec(int flen, const unsigned char *from,
+                      unsigned char *to, RSA *rsa, int padding);
+static int dasync_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+                              BN_CTX *ctx);
+
+static int dasync_rsa_init(RSA *rsa);
+static int dasync_rsa_finish(RSA *rsa);
+
+static RSA_METHOD *dasync_rsa_method = NULL;
+
+/* AES */
+
+static int dasync_aes128_cbc_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+                                  void *ptr);
+static int dasync_aes128_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                                  const unsigned char *iv, int enc);
+static int dasync_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                    const unsigned char *in, size_t inl);
+static int dasync_aes128_cbc_cleanup(EVP_CIPHER_CTX *ctx);
+
+static int dasync_aes128_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
+                                             int arg, void *ptr);
+static int dasync_aes128_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
+                                                 const unsigned char *key,
+                                                 const unsigned char *iv,
+                                                 int enc);
+static int dasync_aes128_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx,
+                                               unsigned char *out,
+                                               const unsigned char *in,
+                                               size_t inl);
+static int dasync_aes128_cbc_hmac_sha1_cleanup(EVP_CIPHER_CTX *ctx);
+
+struct dasync_pipeline_ctx {
+    void *inner_cipher_data;
+    unsigned int numpipes;
+    unsigned char **inbufs;
+    unsigned char **outbufs;
+    size_t *lens;
+    unsigned char tlsaad[SSL_MAX_PIPELINES][EVP_AEAD_TLS1_AAD_LEN];
+    unsigned int aadctr;
+};
+
+/*
+ * Holds the EVP_CIPHER object for aes_128_cbc in this engine. Set up once only
+ * during engine bind and can then be reused many times.
+ */
+static EVP_CIPHER *_hidden_aes_128_cbc = NULL;
+static const EVP_CIPHER *dasync_aes_128_cbc(void)
+{
+    return _hidden_aes_128_cbc;
+}
+
+/*
+ * Holds the EVP_CIPHER object for aes_128_cbc_hmac_sha1 in this engine. Set up
+ * once only during engine bind and can then be reused many times.
+ *
+ * This 'stitched' cipher depends on the EVP_aes_128_cbc_hmac_sha1() cipher,
+ * which is implemented only if the AES-NI instruction set extension is available
+ * (see OPENSSL_IA32CAP(3)). If that's not the case, then this cipher will not
+ * be available either.
+ *
+ * Note: Since it is a legacy mac-then-encrypt cipher, modern TLS peers (which
+ * negotiate the encrypt-then-mac extension) won't negotiate it anyway.
+ */
+static EVP_CIPHER *_hidden_aes_128_cbc_hmac_sha1 = NULL;
+static const EVP_CIPHER *dasync_aes_128_cbc_hmac_sha1(void)
+{
+    return _hidden_aes_128_cbc_hmac_sha1;
+}
+
+static void destroy_ciphers(void)
+{
+    EVP_CIPHER_meth_free(_hidden_aes_128_cbc);
+    EVP_CIPHER_meth_free(_hidden_aes_128_cbc_hmac_sha1);
+    _hidden_aes_128_cbc = NULL;
+    _hidden_aes_128_cbc_hmac_sha1 = NULL;
+}
+
+static int dasync_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+                                   const int **nids, int nid);
+
+static int dasync_cipher_nids[] = {
+    NID_aes_128_cbc,
+    NID_aes_128_cbc_hmac_sha1,
+    0
+};
+
+static int bind_dasync(ENGINE *e)
+{
+    /* Setup RSA_METHOD */
+    if ((dasync_rsa_method = RSA_meth_new("Dummy Async RSA method", 0)) == NULL
+        || RSA_meth_set_pub_enc(dasync_rsa_method, dasync_pub_enc) == 0
+        || RSA_meth_set_pub_dec(dasync_rsa_method, dasync_pub_dec) == 0
+        || RSA_meth_set_priv_enc(dasync_rsa_method, dasync_rsa_priv_enc) == 0
+        || RSA_meth_set_priv_dec(dasync_rsa_method, dasync_rsa_priv_dec) == 0
+        || RSA_meth_set_mod_exp(dasync_rsa_method, dasync_rsa_mod_exp) == 0
+        || RSA_meth_set_bn_mod_exp(dasync_rsa_method, BN_mod_exp_mont) == 0
+        || RSA_meth_set_init(dasync_rsa_method, dasync_rsa_init) == 0
+        || RSA_meth_set_finish(dasync_rsa_method, dasync_rsa_finish) == 0) {
+        DASYNCerr(DASYNC_F_BIND_DASYNC, DASYNC_R_INIT_FAILED);
+        return 0;
+    }
+
+    /* Ensure the dasync error handling is set up */
+    ERR_load_DASYNC_strings();
+
+    if (!ENGINE_set_id(e, engine_dasync_id)
+        || !ENGINE_set_name(e, engine_dasync_name)
+        || !ENGINE_set_RSA(e, dasync_rsa_method)
+        || !ENGINE_set_digests(e, dasync_digests)
+        || !ENGINE_set_ciphers(e, dasync_ciphers)
+        || !ENGINE_set_destroy_function(e, dasync_destroy)
+        || !ENGINE_set_init_function(e, dasync_init)
+        || !ENGINE_set_finish_function(e, dasync_finish)) {
+        DASYNCerr(DASYNC_F_BIND_DASYNC, DASYNC_R_INIT_FAILED);
+        return 0;
+    }
+
+    /*
+     * Set up the EVP_CIPHER and EVP_MD objects for the ciphers/digests
+     * supplied by this engine
+     */
+    _hidden_sha1_md = EVP_MD_meth_new(NID_sha1, NID_sha1WithRSAEncryption);
+    if (_hidden_sha1_md == NULL
+        || !EVP_MD_meth_set_result_size(_hidden_sha1_md, SHA_DIGEST_LENGTH)
+        || !EVP_MD_meth_set_input_blocksize(_hidden_sha1_md, SHA_CBLOCK)
+        || !EVP_MD_meth_set_app_datasize(_hidden_sha1_md,
+                                         sizeof(EVP_MD *) + sizeof(SHA_CTX))
+        || !EVP_MD_meth_set_flags(_hidden_sha1_md, EVP_MD_FLAG_DIGALGID_ABSENT)
+        || !EVP_MD_meth_set_init(_hidden_sha1_md, dasync_sha1_init)
+        || !EVP_MD_meth_set_update(_hidden_sha1_md, dasync_sha1_update)
+        || !EVP_MD_meth_set_final(_hidden_sha1_md, dasync_sha1_final)) {
+        EVP_MD_meth_free(_hidden_sha1_md);
+        _hidden_sha1_md = NULL;
+    }
+
+    _hidden_aes_128_cbc = EVP_CIPHER_meth_new(NID_aes_128_cbc,
+                                              16 /* block size */,
+                                              16 /* key len */);
+    if (_hidden_aes_128_cbc == NULL
+            || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc,16)
+            || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc,
+                                          EVP_CIPH_FLAG_DEFAULT_ASN1
+                                          | EVP_CIPH_CBC_MODE
+                                          | EVP_CIPH_FLAG_PIPELINE)
+            || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc,
+                                         dasync_aes128_init_key)
+            || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc,
+                                              dasync_aes128_cbc_cipher)
+            || !EVP_CIPHER_meth_set_cleanup(_hidden_aes_128_cbc,
+                                            dasync_aes128_cbc_cleanup)
+            || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_cbc,
+                                         dasync_aes128_cbc_ctrl)
+            || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc,
+                                sizeof(struct dasync_pipeline_ctx))) {
+        EVP_CIPHER_meth_free(_hidden_aes_128_cbc);
+        _hidden_aes_128_cbc = NULL;
+    }
+
+    _hidden_aes_128_cbc_hmac_sha1 = EVP_CIPHER_meth_new(
+                                                NID_aes_128_cbc_hmac_sha1,
+                                                16 /* block size */,
+                                                16 /* key len */);
+    if (_hidden_aes_128_cbc_hmac_sha1 == NULL
+            || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc_hmac_sha1,16)
+            || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc_hmac_sha1,
+                                            EVP_CIPH_CBC_MODE
+                                          | EVP_CIPH_FLAG_DEFAULT_ASN1
+                                          | EVP_CIPH_FLAG_AEAD_CIPHER
+                                          | EVP_CIPH_FLAG_PIPELINE)
+            || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc_hmac_sha1,
+                                         dasync_aes128_cbc_hmac_sha1_init_key)
+            || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc_hmac_sha1,
+                                            dasync_aes128_cbc_hmac_sha1_cipher)
+            || !EVP_CIPHER_meth_set_cleanup(_hidden_aes_128_cbc_hmac_sha1,
+                                            dasync_aes128_cbc_hmac_sha1_cleanup)
+            || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_cbc_hmac_sha1,
+                                         dasync_aes128_cbc_hmac_sha1_ctrl)
+            || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc_hmac_sha1,
+                                sizeof(struct dasync_pipeline_ctx))) {
+        EVP_CIPHER_meth_free(_hidden_aes_128_cbc_hmac_sha1);
+        _hidden_aes_128_cbc_hmac_sha1 = NULL;
+    }
+
+    return 1;
+}
+
+# ifndef OPENSSL_NO_DYNAMIC_ENGINE
+static int bind_helper(ENGINE *e, const char *id)
+{
+    if (id && (strcmp(id, engine_dasync_id) != 0))
+        return 0;
+    if (!bind_dasync(e))
+        return 0;
+    return 1;
+}
+
+IMPLEMENT_DYNAMIC_CHECK_FN()
+    IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
+# endif
+
+static ENGINE *engine_dasync(void)
+{
+    ENGINE *ret = ENGINE_new();
+    if (!ret)
+        return NULL;
+    if (!bind_dasync(ret)) {
+        ENGINE_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+void engine_load_dasync_int(void)
+{
+    ENGINE *toadd = engine_dasync();
+    if (!toadd)
+        return;
+    ENGINE_add(toadd);
+    ENGINE_free(toadd);
+    ERR_clear_error();
+}
+
+static int dasync_init(ENGINE *e)
+{
+    return 1;
+}
+
+
+static int dasync_finish(ENGINE *e)
+{
+    return 1;
+}
+
+
+static int dasync_destroy(ENGINE *e)
+{
+    destroy_digests();
+    destroy_ciphers();
+    RSA_meth_free(dasync_rsa_method);
+    ERR_unload_DASYNC_strings();
+    return 1;
+}
+
+static int dasync_digests(ENGINE *e, const EVP_MD **digest,
+                          const int **nids, int nid)
+{
+    int ok = 1;
+    if (!digest) {
+        /* We are returning a list of supported nids */
+        return dasync_digest_nids(nids);
+    }
+    /* We are being asked for a specific digest */
+    switch (nid) {
+    case NID_sha1:
+        *digest = dasync_sha1();
+        break;
+    default:
+        ok = 0;
+        *digest = NULL;
+        break;
+    }
+    return ok;
+}
+
+static int dasync_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+                                   const int **nids, int nid)
+{
+    int ok = 1;
+    if (cipher == NULL) {
+        /* We are returning a list of supported nids */
+        *nids = dasync_cipher_nids;
+        return (sizeof(dasync_cipher_nids) -
+                1) / sizeof(dasync_cipher_nids[0]);
+    }
+    /* We are being asked for a specific cipher */
+    switch (nid) {
+    case NID_aes_128_cbc:
+        *cipher = dasync_aes_128_cbc();
+        break;
+    case NID_aes_128_cbc_hmac_sha1:
+        *cipher = dasync_aes_128_cbc_hmac_sha1();
+        break;
+    default:
+        ok = 0;
+        *cipher = NULL;
+        break;
+    }
+    return ok;
+}
+
+static void wait_cleanup(ASYNC_WAIT_CTX *ctx, const void *key,
+                         OSSL_ASYNC_FD readfd, void *pvwritefd)
+{
+    OSSL_ASYNC_FD *pwritefd = (OSSL_ASYNC_FD *)pvwritefd;
+#if defined(ASYNC_WIN)
+    CloseHandle(readfd);
+    CloseHandle(*pwritefd);
+#elif defined(ASYNC_POSIX)
+    close(readfd);
+    close(*pwritefd);
+#endif
+    OPENSSL_free(pwritefd);
+}
+
+#define DUMMY_CHAR 'X'
+
+static void dummy_pause_job(void) {
+    ASYNC_JOB *job;
+    ASYNC_WAIT_CTX *waitctx;
+    OSSL_ASYNC_FD pipefds[2] = {0, 0};
+    OSSL_ASYNC_FD *writefd;
+#if defined(ASYNC_WIN)
+    DWORD numwritten, numread;
+    char buf = DUMMY_CHAR;
+#elif defined(ASYNC_POSIX)
+    char buf = DUMMY_CHAR;
+#endif
+
+    if ((job = ASYNC_get_current_job()) == NULL)
+        return;
+
+    waitctx = ASYNC_get_wait_ctx(job);
+
+    if (ASYNC_WAIT_CTX_get_fd(waitctx, engine_dasync_id, &pipefds[0],
+                              (void **)&writefd)) {
+        pipefds[1] = *writefd;
+    } else {
+        writefd = OPENSSL_malloc(sizeof(*writefd));
+        if (writefd == NULL)
+            return;
+#if defined(ASYNC_WIN)
+        if (CreatePipe(&pipefds[0], &pipefds[1], NULL, 256) == 0) {
+            OPENSSL_free(writefd);
+            return;
+        }
+#elif defined(ASYNC_POSIX)
+        if (pipe(pipefds) != 0) {
+            OPENSSL_free(writefd);
+            return;
+        }
+#endif
+        *writefd = pipefds[1];
+
+        if (!ASYNC_WAIT_CTX_set_wait_fd(waitctx, engine_dasync_id, pipefds[0],
+                                        writefd, wait_cleanup)) {
+            wait_cleanup(waitctx, engine_dasync_id, pipefds[0], writefd);
+            return;
+        }
+    }
+    /*
+     * In the Dummy async engine we are cheating. We signal that the job
+     * is complete by waking it before the call to ASYNC_pause_job(). A real
+     * async engine would only wake when the job was actually complete
+     */
+#if defined(ASYNC_WIN)
+    WriteFile(pipefds[1], &buf, 1, &numwritten, NULL);
+#elif defined(ASYNC_POSIX)
+    if (write(pipefds[1], &buf, 1) < 0)
+        return;
+#endif
+
+    /* Ignore errors - we carry on anyway */
+    ASYNC_pause_job();
+
+    /* Clear the wake signal */
+#if defined(ASYNC_WIN)
+    ReadFile(pipefds[0], &buf, 1, &numread, NULL);
+#elif defined(ASYNC_POSIX)
+    if (read(pipefds[0], &buf, 1) < 0)
+        return;
+#endif
+}
+
+/*
+ * SHA1 implementation. At the moment we just defer to the standard
+ * implementation
+ */
+#undef data
+#define data(ctx) ((SHA_CTX *)EVP_MD_CTX_md_data(ctx))
+static int dasync_sha1_init(EVP_MD_CTX *ctx)
+{
+    dummy_pause_job();
+
+    return SHA1_Init(data(ctx));
+}
+
+static int dasync_sha1_update(EVP_MD_CTX *ctx, const void *data,
+                             size_t count)
+{
+    dummy_pause_job();
+
+    return SHA1_Update(data(ctx), data, (size_t)count);
+}
+
+static int dasync_sha1_final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    dummy_pause_job();
+
+    return SHA1_Final(md, data(ctx));
+}
+
+/*
+ * RSA implementation
+ */
+
+static int dasync_pub_enc(int flen, const unsigned char *from,
+                    unsigned char *to, RSA *rsa, int padding) {
+    /* Ignore errors - we carry on anyway */
+    dummy_pause_job();
+    return RSA_meth_get_pub_enc(RSA_PKCS1_OpenSSL())
+        (flen, from, to, rsa, padding);
+}
+
+static int dasync_pub_dec(int flen, const unsigned char *from,
+                    unsigned char *to, RSA *rsa, int padding) {
+    /* Ignore errors - we carry on anyway */
+    dummy_pause_job();
+    return RSA_meth_get_pub_dec(RSA_PKCS1_OpenSSL())
+        (flen, from, to, rsa, padding);
+}
+
+static int dasync_rsa_priv_enc(int flen, const unsigned char *from,
+                      unsigned char *to, RSA *rsa, int padding)
+{
+    /* Ignore errors - we carry on anyway */
+    dummy_pause_job();
+    return RSA_meth_get_priv_enc(RSA_PKCS1_OpenSSL())
+        (flen, from, to, rsa, padding);
+}
+
+static int dasync_rsa_priv_dec(int flen, const unsigned char *from,
+                      unsigned char *to, RSA *rsa, int padding)
+{
+    /* Ignore errors - we carry on anyway */
+    dummy_pause_job();
+    return RSA_meth_get_priv_dec(RSA_PKCS1_OpenSSL())
+        (flen, from, to, rsa, padding);
+}
+
+static int dasync_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
+{
+    /* Ignore errors - we carry on anyway */
+    dummy_pause_job();
+    return RSA_meth_get_mod_exp(RSA_PKCS1_OpenSSL())(r0, I, rsa, ctx);
+}
+
+static int dasync_rsa_init(RSA *rsa)
+{
+    return RSA_meth_get_init(RSA_PKCS1_OpenSSL())(rsa);
+}
+static int dasync_rsa_finish(RSA *rsa)
+{
+    return RSA_meth_get_finish(RSA_PKCS1_OpenSSL())(rsa);
+}
+
+/* Cipher helper functions */
+
+static int dasync_cipher_ctrl_helper(EVP_CIPHER_CTX *ctx, int type, int arg,
+                                     void *ptr, int aeadcapable)
+{
+    int ret;
+    struct dasync_pipeline_ctx *pipe_ctx =
+        (struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
+
+    if (pipe_ctx == NULL)
+        return 0;
+
+    switch (type) {
+        case EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS:
+            pipe_ctx->numpipes = arg;
+            pipe_ctx->outbufs = (unsigned char **)ptr;
+            break;
+
+        case EVP_CTRL_SET_PIPELINE_INPUT_BUFS:
+            pipe_ctx->numpipes = arg;
+            pipe_ctx->inbufs = (unsigned char **)ptr;
+            break;
+
+        case EVP_CTRL_SET_PIPELINE_INPUT_LENS:
+            pipe_ctx->numpipes = arg;
+            pipe_ctx->lens = (size_t *)ptr;
+            break;
+
+        case EVP_CTRL_AEAD_SET_MAC_KEY:
+            if (!aeadcapable)
+                return -1;
+            EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx->inner_cipher_data);
+            ret = EVP_CIPHER_meth_get_ctrl(EVP_aes_128_cbc_hmac_sha1())
+                                          (ctx, type, arg, ptr);
+            EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx);
+            return ret;
+
+        case EVP_CTRL_AEAD_TLS1_AAD:
+        {
+            unsigned char *p = ptr;
+            unsigned int len;
+
+            if (!aeadcapable || arg != EVP_AEAD_TLS1_AAD_LEN)
+                return -1;
+
+            if (pipe_ctx->aadctr >= SSL_MAX_PIPELINES)
+                return -1;
+
+            memcpy(pipe_ctx->tlsaad[pipe_ctx->aadctr], ptr,
+                   EVP_AEAD_TLS1_AAD_LEN);
+            pipe_ctx->aadctr++;
+
+            len = p[arg - 2] << 8 | p[arg - 1];
+
+            if (EVP_CIPHER_CTX_encrypting(ctx)) {
+                if ((p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) {
+                    if (len < AES_BLOCK_SIZE)
+                        return 0;
+                    len -= AES_BLOCK_SIZE;
+                }
+
+                return ((len + SHA_DIGEST_LENGTH + AES_BLOCK_SIZE)
+                        & -AES_BLOCK_SIZE) - len;
+            } else {
+                return SHA_DIGEST_LENGTH;
+            }
+        }
+
+        default:
+            return 0;
+    }
+
+    return 1;
+}
+
+static int dasync_cipher_init_key_helper(EVP_CIPHER_CTX *ctx,
+                                         const unsigned char *key,
+                                         const unsigned char *iv, int enc,
+                                         const EVP_CIPHER *cipher)
+{
+    int ret;
+    struct dasync_pipeline_ctx *pipe_ctx =
+        (struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
+
+    if (pipe_ctx->inner_cipher_data == NULL
+            && EVP_CIPHER_impl_ctx_size(cipher) != 0) {
+        pipe_ctx->inner_cipher_data = OPENSSL_zalloc(
+            EVP_CIPHER_impl_ctx_size(cipher));
+        if (pipe_ctx->inner_cipher_data == NULL) {
+            DASYNCerr(DASYNC_F_DASYNC_CIPHER_INIT_KEY_HELPER,
+                        ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+    }
+
+    pipe_ctx->numpipes = 0;
+    pipe_ctx->aadctr = 0;
+
+    EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx->inner_cipher_data);
+    ret = EVP_CIPHER_meth_get_init(cipher)(ctx, key, iv, enc);
+    EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx);
+
+    return ret;
+}
+
+static int dasync_cipher_helper(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t inl,
+                                const EVP_CIPHER *cipher)
+{
+    int ret = 1;
+    unsigned int i, pipes;
+    struct dasync_pipeline_ctx *pipe_ctx =
+        (struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
+
+    pipes = pipe_ctx->numpipes;
+    EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx->inner_cipher_data);
+    if (pipes == 0) {
+        if (pipe_ctx->aadctr != 0) {
+            if (pipe_ctx->aadctr != 1)
+                return -1;
+            EVP_CIPHER_meth_get_ctrl(cipher)
+                                    (ctx, EVP_CTRL_AEAD_TLS1_AAD,
+                                     EVP_AEAD_TLS1_AAD_LEN,
+                                     pipe_ctx->tlsaad[0]);
+        }
+        ret = EVP_CIPHER_meth_get_do_cipher(cipher)
+                                           (ctx, out, in, inl);
+    } else {
+        if (pipe_ctx->aadctr > 0 && pipe_ctx->aadctr != pipes)
+            return -1;
+        for (i = 0; i < pipes; i++) {
+            if (pipe_ctx->aadctr > 0) {
+                EVP_CIPHER_meth_get_ctrl(cipher)
+                                        (ctx, EVP_CTRL_AEAD_TLS1_AAD,
+                                         EVP_AEAD_TLS1_AAD_LEN,
+                                         pipe_ctx->tlsaad[i]);
+            }
+            ret = ret && EVP_CIPHER_meth_get_do_cipher(cipher)
+                                (ctx, pipe_ctx->outbufs[i], pipe_ctx->inbufs[i],
+                                 pipe_ctx->lens[i]);
+        }
+        pipe_ctx->numpipes = 0;
+    }
+    pipe_ctx->aadctr = 0;
+    EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx);
+    return ret;
+}
+
+static int dasync_cipher_cleanup_helper(EVP_CIPHER_CTX *ctx,
+                                        const EVP_CIPHER *cipher)
+{
+    struct dasync_pipeline_ctx *pipe_ctx =
+        (struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
+
+    OPENSSL_clear_free(pipe_ctx->inner_cipher_data,
+                       EVP_CIPHER_impl_ctx_size(cipher));
+
+    return 1;
+}
+
+/*
+ * AES128 CBC Implementation
+ */
+
+static int dasync_aes128_cbc_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+                                  void *ptr)
+{
+    return dasync_cipher_ctrl_helper(ctx, type, arg, ptr, 0);
+}
+
+static int dasync_aes128_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc)
+{
+    return dasync_cipher_init_key_helper(ctx, key, iv, enc, EVP_aes_128_cbc());
+}
+
+static int dasync_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                               const unsigned char *in, size_t inl)
+{
+    return dasync_cipher_helper(ctx, out, in, inl, EVP_aes_128_cbc());
+}
+
+static int dasync_aes128_cbc_cleanup(EVP_CIPHER_CTX *ctx)
+{
+    return dasync_cipher_cleanup_helper(ctx, EVP_aes_128_cbc());
+}
+
+
+/*
+ * AES128 CBC HMAC SHA1 Implementation
+ */
+
+static int dasync_aes128_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
+                                             int arg, void *ptr)
+{
+    return dasync_cipher_ctrl_helper(ctx, type, arg, ptr, 1);
+}
+
+static int dasync_aes128_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
+                                                const unsigned char *key,
+                                                const unsigned char *iv,
+                                                int enc)
+{
+    /*
+     * We can safely assume that EVP_aes_128_cbc_hmac_sha1() != NULL,
+     * see comment before the definition of dasync_aes_128_cbc_hmac_sha1().
+     */
+    return dasync_cipher_init_key_helper(ctx, key, iv, enc,
+                                         EVP_aes_128_cbc_hmac_sha1());
+}
+
+static int dasync_aes128_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx,
+                                               unsigned char *out,
+                                               const unsigned char *in,
+                                               size_t inl)
+{
+    return dasync_cipher_helper(ctx, out, in, inl, EVP_aes_128_cbc_hmac_sha1());
+}
+
+static int dasync_aes128_cbc_hmac_sha1_cleanup(EVP_CIPHER_CTX *ctx)
+{
+    /*
+     * We can safely assume that EVP_aes_128_cbc_hmac_sha1() != NULL,
+     * see comment before the definition of dasync_aes_128_cbc_hmac_sha1().
+     */
+    return dasync_cipher_cleanup_helper(ctx, EVP_aes_128_cbc_hmac_sha1());
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/engines/e_dasync.ec b/trunk/3rdparty/openssl-1.1-fit/engines/e_dasync.ec
new file mode 100644
index 000000000..3d56ebcc5
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/engines/e_dasync.ec
@@ -0,0 +1,3 @@
+# The INPUT HEADER is scanned for declarations
+# LIBNAME       INPUT HEADER                    ERROR-TABLE FILE
+L DASYNC        e_dasync_err.h                  e_dasync_err.c
diff --git a/trunk/3rdparty/openssl-1.1-fit/engines/e_dasync.txt b/trunk/3rdparty/openssl-1.1-fit/engines/e_dasync.txt
new file mode 100644
index 000000000..bff64bcf2
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/engines/e_dasync.txt
@@ -0,0 +1,22 @@
+# Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# Function codes
+DASYNC_F_BIND_DASYNC:107:bind_dasync
+DASYNC_F_CIPHER_AES_128_CBC_CODE:100:*
+DASYNC_F_DASYNC_AES128_CBC_HMAC_SHA1_INIT_KEY:109:*
+DASYNC_F_DASYNC_AES128_INIT_KEY:108:*
+DASYNC_F_DASYNC_BN_MOD_EXP:101:*
+DASYNC_F_DASYNC_CIPHER_INIT_KEY_HELPER:110:dasync_cipher_init_key_helper
+DASYNC_F_DASYNC_MOD_EXP:102:*
+DASYNC_F_DASYNC_PRIVATE_DECRYPT:103:*
+DASYNC_F_DASYNC_PRIVATE_ENCRYPT:104:*
+DASYNC_F_DASYNC_PUBLIC_DECRYPT:105:*
+DASYNC_F_DASYNC_PUBLIC_ENCRYPT:106:*
+
+#Reason codes
+DASYNC_R_INIT_FAILED:100:init failed
diff --git a/trunk/3rdparty/openssl-1.1-fit/engines/e_dasync_err.c b/trunk/3rdparty/openssl-1.1-fit/engines/e_dasync_err.c
new file mode 100644
index 000000000..794fb710c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/engines/e_dasync_err.c
@@ -0,0 +1,73 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include "e_dasync_err.h"
+
+#ifndef OPENSSL_NO_ERR
+
+static ERR_STRING_DATA DASYNC_str_functs[] = {
+    {ERR_PACK(0, DASYNC_F_BIND_DASYNC, 0), "bind_dasync"},
+    {ERR_PACK(0, DASYNC_F_CIPHER_AES_128_CBC_CODE, 0), ""},
+    {ERR_PACK(0, DASYNC_F_DASYNC_AES128_CBC_HMAC_SHA1_INIT_KEY, 0), ""},
+    {ERR_PACK(0, DASYNC_F_DASYNC_AES128_INIT_KEY, 0), ""},
+    {ERR_PACK(0, DASYNC_F_DASYNC_BN_MOD_EXP, 0), ""},
+    {ERR_PACK(0, DASYNC_F_DASYNC_CIPHER_INIT_KEY_HELPER, 0),
+     "dasync_cipher_init_key_helper"},
+    {ERR_PACK(0, DASYNC_F_DASYNC_MOD_EXP, 0), ""},
+    {ERR_PACK(0, DASYNC_F_DASYNC_PRIVATE_DECRYPT, 0), ""},
+    {ERR_PACK(0, DASYNC_F_DASYNC_PRIVATE_ENCRYPT, 0), ""},
+    {ERR_PACK(0, DASYNC_F_DASYNC_PUBLIC_DECRYPT, 0), ""},
+    {ERR_PACK(0, DASYNC_F_DASYNC_PUBLIC_ENCRYPT, 0), ""},
+    {0, NULL}
+};
+
+static ERR_STRING_DATA DASYNC_str_reasons[] = {
+    {ERR_PACK(0, 0, DASYNC_R_INIT_FAILED), "init failed"},
+    {0, NULL}
+};
+
+#endif
+
+static int lib_code = 0;
+static int error_loaded = 0;
+
+static int ERR_load_DASYNC_strings(void)
+{
+    if (lib_code == 0)
+        lib_code = ERR_get_next_error_library();
+
+    if (!error_loaded) {
+#ifndef OPENSSL_NO_ERR
+        ERR_load_strings(lib_code, DASYNC_str_functs);
+        ERR_load_strings(lib_code, DASYNC_str_reasons);
+#endif
+        error_loaded = 1;
+    }
+    return 1;
+}
+
+static void ERR_unload_DASYNC_strings(void)
+{
+    if (error_loaded) {
+#ifndef OPENSSL_NO_ERR
+        ERR_unload_strings(lib_code, DASYNC_str_functs);
+        ERR_unload_strings(lib_code, DASYNC_str_reasons);
+#endif
+        error_loaded = 0;
+    }
+}
+
+static void ERR_DASYNC_error(int function, int reason, char *file, int line)
+{
+    if (lib_code == 0)
+        lib_code = ERR_get_next_error_library();
+    ERR_PUT_error(lib_code, function, reason, file, line);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/engines/e_dasync_err.h b/trunk/3rdparty/openssl-1.1-fit/engines/e_dasync_err.h
new file mode 100644
index 000000000..7c2c02787
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/engines/e_dasync_err.h
@@ -0,0 +1,37 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_DASYNCERR_H
+# define HEADER_DASYNCERR_H
+
+# define DASYNCerr(f, r) ERR_DASYNC_error((f), (r), OPENSSL_FILE, OPENSSL_LINE)
+
+
+/*
+ * DASYNC function codes.
+ */
+# define DASYNC_F_BIND_DASYNC                             107
+# define DASYNC_F_CIPHER_AES_128_CBC_CODE                 100
+# define DASYNC_F_DASYNC_AES128_CBC_HMAC_SHA1_INIT_KEY    109
+# define DASYNC_F_DASYNC_AES128_INIT_KEY                  108
+# define DASYNC_F_DASYNC_BN_MOD_EXP                       101
+# define DASYNC_F_DASYNC_CIPHER_INIT_KEY_HELPER           110
+# define DASYNC_F_DASYNC_MOD_EXP                          102
+# define DASYNC_F_DASYNC_PRIVATE_DECRYPT                  103
+# define DASYNC_F_DASYNC_PRIVATE_ENCRYPT                  104
+# define DASYNC_F_DASYNC_PUBLIC_DECRYPT                   105
+# define DASYNC_F_DASYNC_PUBLIC_ENCRYPT                   106
+
+/*
+ * DASYNC reason codes.
+ */
+# define DASYNC_R_INIT_FAILED                             100
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/engines/e_ossltest.c b/trunk/3rdparty/openssl-1.1-fit/engines/e_ossltest.c
new file mode 100644
index 000000000..64376247c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/engines/e_ossltest.c
@@ -0,0 +1,696 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This is the OSSLTEST engine. It provides deliberately crippled digest
+ * implementations for test purposes. It is highly insecure and must NOT be
+ * used for any purpose except testing
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include <openssl/engine.h>
+#include <openssl/sha.h>
+#include <openssl/md5.h>
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/modes.h>
+#include <openssl/aes.h>
+#include <openssl/rand.h>
+#include <openssl/crypto.h>
+
+#include "e_ossltest_err.c"
+
+/* Engine Id and Name */
+static const char *engine_ossltest_id = "ossltest";
+static const char *engine_ossltest_name = "OpenSSL Test engine support";
+
+
+/* Engine Lifetime functions */
+static int ossltest_destroy(ENGINE *e);
+static int ossltest_init(ENGINE *e);
+static int ossltest_finish(ENGINE *e);
+void ENGINE_load_ossltest(void);
+
+
+/* Set up digests */
+static int ossltest_digests(ENGINE *e, const EVP_MD **digest,
+                          const int **nids, int nid);
+static const RAND_METHOD *ossltest_rand_method(void);
+
+/* MD5 */
+static int digest_md5_init(EVP_MD_CTX *ctx);
+static int digest_md5_update(EVP_MD_CTX *ctx, const void *data,
+                             size_t count);
+static int digest_md5_final(EVP_MD_CTX *ctx, unsigned char *md);
+
+static EVP_MD *_hidden_md5_md = NULL;
+static const EVP_MD *digest_md5(void)
+{
+    if (_hidden_md5_md == NULL) {
+        EVP_MD *md;
+
+        if ((md = EVP_MD_meth_new(NID_md5, NID_md5WithRSAEncryption)) == NULL
+            || !EVP_MD_meth_set_result_size(md, MD5_DIGEST_LENGTH)
+            || !EVP_MD_meth_set_input_blocksize(md, MD5_CBLOCK)
+            || !EVP_MD_meth_set_app_datasize(md,
+                                             sizeof(EVP_MD *) + sizeof(MD5_CTX))
+            || !EVP_MD_meth_set_flags(md, 0)
+            || !EVP_MD_meth_set_init(md, digest_md5_init)
+            || !EVP_MD_meth_set_update(md, digest_md5_update)
+            || !EVP_MD_meth_set_final(md, digest_md5_final)) {
+            EVP_MD_meth_free(md);
+            md = NULL;
+        }
+        _hidden_md5_md = md;
+    }
+    return _hidden_md5_md;
+}
+
+/* SHA1 */
+static int digest_sha1_init(EVP_MD_CTX *ctx);
+static int digest_sha1_update(EVP_MD_CTX *ctx, const void *data,
+                              size_t count);
+static int digest_sha1_final(EVP_MD_CTX *ctx, unsigned char *md);
+
+static EVP_MD *_hidden_sha1_md = NULL;
+static const EVP_MD *digest_sha1(void)
+{
+    if (_hidden_sha1_md == NULL) {
+        EVP_MD *md;
+
+        if ((md = EVP_MD_meth_new(NID_sha1, NID_sha1WithRSAEncryption)) == NULL
+            || !EVP_MD_meth_set_result_size(md, SHA_DIGEST_LENGTH)
+            || !EVP_MD_meth_set_input_blocksize(md, SHA_CBLOCK)
+            || !EVP_MD_meth_set_app_datasize(md,
+                                             sizeof(EVP_MD *) + sizeof(SHA_CTX))
+            || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT)
+            || !EVP_MD_meth_set_init(md, digest_sha1_init)
+            || !EVP_MD_meth_set_update(md, digest_sha1_update)
+            || !EVP_MD_meth_set_final(md, digest_sha1_final)) {
+            EVP_MD_meth_free(md);
+            md = NULL;
+        }
+        _hidden_sha1_md = md;
+    }
+    return _hidden_sha1_md;
+}
+
+/* SHA256 */
+static int digest_sha256_init(EVP_MD_CTX *ctx);
+static int digest_sha256_update(EVP_MD_CTX *ctx, const void *data,
+                                size_t count);
+static int digest_sha256_final(EVP_MD_CTX *ctx, unsigned char *md);
+
+static EVP_MD *_hidden_sha256_md = NULL;
+static const EVP_MD *digest_sha256(void)
+{
+    if (_hidden_sha256_md == NULL) {
+        EVP_MD *md;
+
+        if ((md = EVP_MD_meth_new(NID_sha256, NID_sha256WithRSAEncryption)) == NULL
+            || !EVP_MD_meth_set_result_size(md, SHA256_DIGEST_LENGTH)
+            || !EVP_MD_meth_set_input_blocksize(md, SHA256_CBLOCK)
+            || !EVP_MD_meth_set_app_datasize(md,
+                                             sizeof(EVP_MD *) + sizeof(SHA256_CTX))
+            || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT)
+            || !EVP_MD_meth_set_init(md, digest_sha256_init)
+            || !EVP_MD_meth_set_update(md, digest_sha256_update)
+            || !EVP_MD_meth_set_final(md, digest_sha256_final)) {
+            EVP_MD_meth_free(md);
+            md = NULL;
+        }
+        _hidden_sha256_md = md;
+    }
+    return _hidden_sha256_md;
+}
+
+/* SHA384/SHA512 */
+static int digest_sha384_init(EVP_MD_CTX *ctx);
+static int digest_sha512_init(EVP_MD_CTX *ctx);
+static int digest_sha512_update(EVP_MD_CTX *ctx, const void *data,
+                                size_t count);
+static int digest_sha384_final(EVP_MD_CTX *ctx, unsigned char *md);
+static int digest_sha512_final(EVP_MD_CTX *ctx, unsigned char *md);
+
+static EVP_MD *_hidden_sha384_md = NULL;
+static const EVP_MD *digest_sha384(void)
+{
+    if (_hidden_sha384_md == NULL) {
+        EVP_MD *md;
+
+        if ((md = EVP_MD_meth_new(NID_sha384, NID_sha384WithRSAEncryption)) == NULL
+            || !EVP_MD_meth_set_result_size(md, SHA384_DIGEST_LENGTH)
+            || !EVP_MD_meth_set_input_blocksize(md, SHA512_CBLOCK)
+            || !EVP_MD_meth_set_app_datasize(md,
+                                             sizeof(EVP_MD *) + sizeof(SHA512_CTX))
+            || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT)
+            || !EVP_MD_meth_set_init(md, digest_sha384_init)
+            || !EVP_MD_meth_set_update(md, digest_sha512_update)
+            || !EVP_MD_meth_set_final(md, digest_sha384_final)) {
+            EVP_MD_meth_free(md);
+            md = NULL;
+        }
+        _hidden_sha384_md = md;
+    }
+    return _hidden_sha384_md;
+}
+static EVP_MD *_hidden_sha512_md = NULL;
+static const EVP_MD *digest_sha512(void)
+{
+    if (_hidden_sha512_md == NULL) {
+        EVP_MD *md;
+
+        if ((md = EVP_MD_meth_new(NID_sha512, NID_sha512WithRSAEncryption)) == NULL
+            || !EVP_MD_meth_set_result_size(md, SHA512_DIGEST_LENGTH)
+            || !EVP_MD_meth_set_input_blocksize(md, SHA512_CBLOCK)
+            || !EVP_MD_meth_set_app_datasize(md,
+                                             sizeof(EVP_MD *) + sizeof(SHA512_CTX))
+            || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT)
+            || !EVP_MD_meth_set_init(md, digest_sha512_init)
+            || !EVP_MD_meth_set_update(md, digest_sha512_update)
+            || !EVP_MD_meth_set_final(md, digest_sha512_final)) {
+            EVP_MD_meth_free(md);
+            md = NULL;
+        }
+        _hidden_sha512_md = md;
+    }
+    return _hidden_sha512_md;
+}
+static void destroy_digests(void)
+{
+    EVP_MD_meth_free(_hidden_md5_md);
+    _hidden_md5_md = NULL;
+    EVP_MD_meth_free(_hidden_sha1_md);
+    _hidden_sha1_md = NULL;
+    EVP_MD_meth_free(_hidden_sha256_md);
+    _hidden_sha256_md = NULL;
+    EVP_MD_meth_free(_hidden_sha384_md);
+    _hidden_sha384_md = NULL;
+    EVP_MD_meth_free(_hidden_sha512_md);
+    _hidden_sha512_md = NULL;
+}
+static int ossltest_digest_nids(const int **nids)
+{
+    static int digest_nids[6] = { 0, 0, 0, 0, 0, 0 };
+    static int pos = 0;
+    static int init = 0;
+
+    if (!init) {
+        const EVP_MD *md;
+        if ((md = digest_md5()) != NULL)
+            digest_nids[pos++] = EVP_MD_type(md);
+        if ((md = digest_sha1()) != NULL)
+            digest_nids[pos++] = EVP_MD_type(md);
+        if ((md = digest_sha256()) != NULL)
+            digest_nids[pos++] = EVP_MD_type(md);
+        if ((md = digest_sha384()) != NULL)
+            digest_nids[pos++] = EVP_MD_type(md);
+        if ((md = digest_sha512()) != NULL)
+            digest_nids[pos++] = EVP_MD_type(md);
+        digest_nids[pos] = 0;
+        init = 1;
+    }
+    *nids = digest_nids;
+    return pos;
+}
+
+/* Setup ciphers */
+static int ossltest_ciphers(ENGINE *, const EVP_CIPHER **,
+                            const int **, int);
+
+static int ossltest_cipher_nids[] = {
+    NID_aes_128_cbc, NID_aes_128_gcm, 0
+};
+
+/* AES128 */
+
+int ossltest_aes128_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc);
+int ossltest_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                               const unsigned char *in, size_t inl);
+int ossltest_aes128_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc);
+int ossltest_aes128_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                               const unsigned char *in, size_t inl);
+static int ossltest_aes128_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+                                    void *ptr);
+
+static EVP_CIPHER *_hidden_aes_128_cbc = NULL;
+static const EVP_CIPHER *ossltest_aes_128_cbc(void)
+{
+    if (_hidden_aes_128_cbc == NULL
+        && ((_hidden_aes_128_cbc = EVP_CIPHER_meth_new(NID_aes_128_cbc,
+                                                       16 /* block size */,
+                                                       16 /* key len */)) == NULL
+            || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc,16)
+            || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc,
+                                          EVP_CIPH_FLAG_DEFAULT_ASN1
+                                          | EVP_CIPH_CBC_MODE)
+            || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc,
+                                         ossltest_aes128_init_key)
+            || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc,
+                                              ossltest_aes128_cbc_cipher)
+            || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc,
+                                                  EVP_CIPHER_impl_ctx_size(EVP_aes_128_cbc())))) {
+        EVP_CIPHER_meth_free(_hidden_aes_128_cbc);
+        _hidden_aes_128_cbc = NULL;
+    }
+    return _hidden_aes_128_cbc;
+}
+static EVP_CIPHER *_hidden_aes_128_gcm = NULL;
+
+#define AES_GCM_FLAGS   (EVP_CIPH_FLAG_DEFAULT_ASN1 \
+                | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
+                | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \
+                | EVP_CIPH_CUSTOM_COPY |EVP_CIPH_FLAG_AEAD_CIPHER \
+                | EVP_CIPH_GCM_MODE)
+
+static const EVP_CIPHER *ossltest_aes_128_gcm(void)
+{
+    if (_hidden_aes_128_gcm == NULL
+        && ((_hidden_aes_128_gcm = EVP_CIPHER_meth_new(NID_aes_128_gcm,
+                                                       1 /* block size */,
+                                                       16 /* key len */)) == NULL
+            || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_gcm,12)
+            || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_gcm, AES_GCM_FLAGS)
+            || !EVP_CIPHER_meth_set_init(_hidden_aes_128_gcm,
+                                         ossltest_aes128_gcm_init_key)
+            || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_gcm,
+                                              ossltest_aes128_gcm_cipher)
+            || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_gcm,
+                                              ossltest_aes128_gcm_ctrl)
+            || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_gcm,
+                              EVP_CIPHER_impl_ctx_size(EVP_aes_128_gcm())))) {
+        EVP_CIPHER_meth_free(_hidden_aes_128_gcm);
+        _hidden_aes_128_gcm = NULL;
+    }
+    return _hidden_aes_128_gcm;
+}
+
+static void destroy_ciphers(void)
+{
+    EVP_CIPHER_meth_free(_hidden_aes_128_cbc);
+    EVP_CIPHER_meth_free(_hidden_aes_128_gcm);
+    _hidden_aes_128_cbc = NULL;
+}
+
+static int bind_ossltest(ENGINE *e)
+{
+    /* Ensure the ossltest error handling is set up */
+    ERR_load_OSSLTEST_strings();
+
+    if (!ENGINE_set_id(e, engine_ossltest_id)
+        || !ENGINE_set_name(e, engine_ossltest_name)
+        || !ENGINE_set_digests(e, ossltest_digests)
+        || !ENGINE_set_ciphers(e, ossltest_ciphers)
+        || !ENGINE_set_RAND(e, ossltest_rand_method())
+        || !ENGINE_set_destroy_function(e, ossltest_destroy)
+        || !ENGINE_set_init_function(e, ossltest_init)
+        || !ENGINE_set_finish_function(e, ossltest_finish)) {
+        OSSLTESTerr(OSSLTEST_F_BIND_OSSLTEST, OSSLTEST_R_INIT_FAILED);
+        return 0;
+    }
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+static int bind_helper(ENGINE *e, const char *id)
+{
+    if (id && (strcmp(id, engine_ossltest_id) != 0))
+        return 0;
+    if (!bind_ossltest(e))
+        return 0;
+    return 1;
+}
+
+IMPLEMENT_DYNAMIC_CHECK_FN()
+    IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
+#endif
+
+static ENGINE *engine_ossltest(void)
+{
+    ENGINE *ret = ENGINE_new();
+    if (ret == NULL)
+        return NULL;
+    if (!bind_ossltest(ret)) {
+        ENGINE_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+void ENGINE_load_ossltest(void)
+{
+    /* Copied from eng_[openssl|dyn].c */
+    ENGINE *toadd = engine_ossltest();
+    if (!toadd)
+        return;
+    ENGINE_add(toadd);
+    ENGINE_free(toadd);
+    ERR_clear_error();
+}
+
+
+static int ossltest_init(ENGINE *e)
+{
+    return 1;
+}
+
+
+static int ossltest_finish(ENGINE *e)
+{
+    return 1;
+}
+
+
+static int ossltest_destroy(ENGINE *e)
+{
+    destroy_digests();
+    destroy_ciphers();
+    ERR_unload_OSSLTEST_strings();
+    return 1;
+}
+
+static int ossltest_digests(ENGINE *e, const EVP_MD **digest,
+                          const int **nids, int nid)
+{
+    int ok = 1;
+    if (!digest) {
+        /* We are returning a list of supported nids */
+        return ossltest_digest_nids(nids);
+    }
+    /* We are being asked for a specific digest */
+    switch (nid) {
+    case NID_md5:
+        *digest = digest_md5();
+        break;
+    case NID_sha1:
+        *digest = digest_sha1();
+        break;
+    case NID_sha256:
+        *digest = digest_sha256();
+        break;
+    case NID_sha384:
+        *digest = digest_sha384();
+        break;
+    case NID_sha512:
+        *digest = digest_sha512();
+        break;
+    default:
+        ok = 0;
+        *digest = NULL;
+        break;
+    }
+    return ok;
+}
+
+static int ossltest_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+                          const int **nids, int nid)
+{
+    int ok = 1;
+    if (!cipher) {
+        /* We are returning a list of supported nids */
+        *nids = ossltest_cipher_nids;
+        return (sizeof(ossltest_cipher_nids) - 1)
+               / sizeof(ossltest_cipher_nids[0]);
+    }
+    /* We are being asked for a specific cipher */
+    switch (nid) {
+    case NID_aes_128_cbc:
+        *cipher = ossltest_aes_128_cbc();
+        break;
+    case NID_aes_128_gcm:
+        *cipher = ossltest_aes_128_gcm();
+        break;
+    default:
+        ok = 0;
+        *cipher = NULL;
+        break;
+    }
+    return ok;
+}
+
+static void fill_known_data(unsigned char *md, unsigned int len)
+{
+    unsigned int i;
+
+    for (i=0; i<len; i++) {
+        md[i] = (unsigned char)(i & 0xff);
+    }
+}
+
+/*
+ * MD5 implementation. We go through the motions of doing MD5 by deferring to
+ * the standard implementation. Then we overwrite the result with a will defined
+ * value, so that all "MD5" digests using the test engine always end up with
+ * the same value.
+ */
+#undef data
+#define data(ctx) ((MD5_CTX *)EVP_MD_CTX_md_data(ctx))
+static int digest_md5_init(EVP_MD_CTX *ctx)
+{
+    return MD5_Init(data(ctx));
+}
+
+static int digest_md5_update(EVP_MD_CTX *ctx, const void *data,
+                             size_t count)
+{
+    return MD5_Update(data(ctx), data, (size_t)count);
+}
+
+static int digest_md5_final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    int ret;
+    ret = MD5_Final(md, data(ctx));
+
+    if (ret > 0) {
+        fill_known_data(md, MD5_DIGEST_LENGTH);
+    }
+    return ret;
+}
+
+/*
+ * SHA1 implementation.
+ */
+#undef data
+#define data(ctx) ((SHA_CTX *)EVP_MD_CTX_md_data(ctx))
+static int digest_sha1_init(EVP_MD_CTX *ctx)
+{
+    return SHA1_Init(data(ctx));
+}
+
+static int digest_sha1_update(EVP_MD_CTX *ctx, const void *data,
+                              size_t count)
+{
+    return SHA1_Update(data(ctx), data, (size_t)count);
+}
+
+static int digest_sha1_final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    int ret;
+    ret = SHA1_Final(md, data(ctx));
+
+    if (ret > 0) {
+        fill_known_data(md, SHA_DIGEST_LENGTH);
+    }
+    return ret;
+}
+
+/*
+ * SHA256 implementation.
+ */
+#undef data
+#define data(ctx) ((SHA256_CTX *)EVP_MD_CTX_md_data(ctx))
+static int digest_sha256_init(EVP_MD_CTX *ctx)
+{
+    return SHA256_Init(data(ctx));
+}
+
+static int digest_sha256_update(EVP_MD_CTX *ctx, const void *data,
+                                size_t count)
+{
+    return SHA256_Update(data(ctx), data, (size_t)count);
+}
+
+static int digest_sha256_final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    int ret;
+    ret = SHA256_Final(md, data(ctx));
+
+    if (ret > 0) {
+        fill_known_data(md, SHA256_DIGEST_LENGTH);
+    }
+    return ret;
+}
+
+/*
+ * SHA384/512 implementation.
+ */
+#undef data
+#define data(ctx) ((SHA512_CTX *)EVP_MD_CTX_md_data(ctx))
+static int digest_sha384_init(EVP_MD_CTX *ctx)
+{
+    return SHA384_Init(data(ctx));
+}
+
+static int digest_sha512_init(EVP_MD_CTX *ctx)
+{
+    return SHA512_Init(data(ctx));
+}
+
+static int digest_sha512_update(EVP_MD_CTX *ctx, const void *data,
+                                size_t count)
+{
+    return SHA512_Update(data(ctx), data, (size_t)count);
+}
+
+static int digest_sha384_final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    int ret;
+    /* Actually uses SHA512_Final! */
+    ret = SHA512_Final(md, data(ctx));
+
+    if (ret > 0) {
+        fill_known_data(md, SHA384_DIGEST_LENGTH);
+    }
+    return ret;
+}
+
+static int digest_sha512_final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    int ret;
+    ret = SHA512_Final(md, data(ctx));
+
+    if (ret > 0) {
+        fill_known_data(md, SHA512_DIGEST_LENGTH);
+    }
+    return ret;
+}
+
+/*
+ * AES128 Implementation
+ */
+
+int ossltest_aes128_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc)
+{
+    return EVP_CIPHER_meth_get_init(EVP_aes_128_cbc()) (ctx, key, iv, enc);
+}
+
+int ossltest_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                               const unsigned char *in, size_t inl)
+{
+    unsigned char *tmpbuf;
+    int ret;
+
+    tmpbuf = OPENSSL_malloc(inl);
+
+    /* OPENSSL_malloc will return NULL if inl == 0 */
+    if (tmpbuf == NULL && inl > 0)
+        return -1;
+
+    /* Remember what we were asked to encrypt */
+    if (tmpbuf != NULL)
+        memcpy(tmpbuf, in, inl);
+
+    /* Go through the motions of encrypting it */
+    ret = EVP_CIPHER_meth_get_do_cipher(EVP_aes_128_cbc())(ctx, out, in, inl);
+
+    /* Throw it all away and just use the plaintext as the output */
+    if (tmpbuf != NULL)
+        memcpy(out, tmpbuf, inl);
+    OPENSSL_free(tmpbuf);
+
+    return ret;
+}
+
+int ossltest_aes128_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc)
+{
+    return EVP_CIPHER_meth_get_init(EVP_aes_128_gcm()) (ctx, key, iv, enc);
+}
+
+
+int ossltest_aes128_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                               const unsigned char *in, size_t inl)
+{
+    unsigned char *tmpbuf = OPENSSL_malloc(inl);
+
+    /* OPENSSL_malloc will return NULL if inl == 0 */
+    if (tmpbuf == NULL && inl > 0)
+        return -1;
+
+    /* Remember what we were asked to encrypt */
+    if (tmpbuf != NULL)
+        memcpy(tmpbuf, in, inl);
+
+    /* Go through the motions of encrypting it */
+    EVP_CIPHER_meth_get_do_cipher(EVP_aes_128_gcm())(ctx, out, in, inl);
+
+    /* Throw it all away and just use the plaintext as the output */
+    if (tmpbuf != NULL && out != NULL)
+        memcpy(out, tmpbuf, inl);
+    OPENSSL_free(tmpbuf);
+
+    return inl;
+}
+
+static int ossltest_aes128_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+                                    void *ptr)
+{
+    /* Pass the ctrl down */
+    int ret = EVP_CIPHER_meth_get_ctrl(EVP_aes_128_gcm())(ctx, type, arg, ptr);
+
+    if (ret <= 0)
+        return ret;
+
+    switch(type) {
+    case EVP_CTRL_AEAD_GET_TAG:
+        /* Always give the same tag */
+        memset(ptr, 0, EVP_GCM_TLS_TAG_LEN);
+        break;
+
+    default:
+        break;
+    }
+
+    return 1;
+}
+
+static int ossltest_rand_bytes(unsigned char *buf, int num)
+{
+    unsigned char val = 1;
+
+    while (--num >= 0)
+        *buf++ = val++;
+    return 1;
+}
+
+static int ossltest_rand_status(void)
+{
+    return 1;
+}
+
+static const RAND_METHOD *ossltest_rand_method(void)
+{
+
+    static RAND_METHOD osslt_rand_meth = {
+        NULL,
+        ossltest_rand_bytes,
+        NULL,
+        NULL,
+        ossltest_rand_bytes,
+        ossltest_rand_status
+    };
+
+    return &osslt_rand_meth;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/engines/e_ossltest.ec b/trunk/3rdparty/openssl-1.1-fit/engines/e_ossltest.ec
new file mode 100644
index 000000000..a4a55ecb3
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/engines/e_ossltest.ec
@@ -0,0 +1,3 @@
+# The INPUT HEADER is scanned for declarations
+# LIBNAME       INPUT HEADER                    ERROR-TABLE FILE
+L OSSLTEST      e_ossltest_err.h                e_ossltest_err.c
diff --git a/trunk/3rdparty/openssl-1.1-fit/engines/e_ossltest.txt b/trunk/3rdparty/openssl-1.1-fit/engines/e_ossltest.txt
new file mode 100644
index 000000000..2b2e31a07
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/engines/e_ossltest.txt
@@ -0,0 +1,13 @@
+# Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# Function codes
+OSSLTEST_F_BIND_OSSLTEST:100:bind_ossltest
+OSSLTEST_F_OSSLTEST_AES128_INIT_KEY:101:*
+
+#Reason codes
+OSSLTEST_R_INIT_FAILED:100:init failed
diff --git a/trunk/3rdparty/openssl-1.1-fit/engines/e_ossltest_err.c b/trunk/3rdparty/openssl-1.1-fit/engines/e_ossltest_err.c
new file mode 100644
index 000000000..920a13a69
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/engines/e_ossltest_err.c
@@ -0,0 +1,63 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include "e_ossltest_err.h"
+
+#ifndef OPENSSL_NO_ERR
+
+static ERR_STRING_DATA OSSLTEST_str_functs[] = {
+    {ERR_PACK(0, OSSLTEST_F_BIND_OSSLTEST, 0), "bind_ossltest"},
+    {ERR_PACK(0, OSSLTEST_F_OSSLTEST_AES128_INIT_KEY, 0), ""},
+    {0, NULL}
+};
+
+static ERR_STRING_DATA OSSLTEST_str_reasons[] = {
+    {ERR_PACK(0, 0, OSSLTEST_R_INIT_FAILED), "init failed"},
+    {0, NULL}
+};
+
+#endif
+
+static int lib_code = 0;
+static int error_loaded = 0;
+
+static int ERR_load_OSSLTEST_strings(void)
+{
+    if (lib_code == 0)
+        lib_code = ERR_get_next_error_library();
+
+    if (!error_loaded) {
+#ifndef OPENSSL_NO_ERR
+        ERR_load_strings(lib_code, OSSLTEST_str_functs);
+        ERR_load_strings(lib_code, OSSLTEST_str_reasons);
+#endif
+        error_loaded = 1;
+    }
+    return 1;
+}
+
+static void ERR_unload_OSSLTEST_strings(void)
+{
+    if (error_loaded) {
+#ifndef OPENSSL_NO_ERR
+        ERR_unload_strings(lib_code, OSSLTEST_str_functs);
+        ERR_unload_strings(lib_code, OSSLTEST_str_reasons);
+#endif
+        error_loaded = 0;
+    }
+}
+
+static void ERR_OSSLTEST_error(int function, int reason, char *file, int line)
+{
+    if (lib_code == 0)
+        lib_code = ERR_get_next_error_library();
+    ERR_PUT_error(lib_code, function, reason, file, line);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/engines/e_ossltest_err.h b/trunk/3rdparty/openssl-1.1-fit/engines/e_ossltest_err.h
new file mode 100644
index 000000000..e745c1a23
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/engines/e_ossltest_err.h
@@ -0,0 +1,28 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_OSSLTESTERR_H
+# define HEADER_OSSLTESTERR_H
+
+# define OSSLTESTerr(f, r) ERR_OSSLTEST_error((f), (r), OPENSSL_FILE, OPENSSL_LINE)
+
+
+/*
+ * OSSLTEST function codes.
+ */
+# define OSSLTEST_F_BIND_OSSLTEST                         100
+# define OSSLTEST_F_OSSLTEST_AES128_INIT_KEY              101
+
+/*
+ * OSSLTEST reason codes.
+ */
+# define OSSLTEST_R_INIT_FAILED                           100
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/engines/e_padlock.c b/trunk/3rdparty/openssl-1.1-fit/engines/e_padlock.c
new file mode 100644
index 000000000..f6b1f1698
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/engines/e_padlock.c
@@ -0,0 +1,747 @@
+/*
+ * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include <openssl/opensslconf.h>
+#include <openssl/crypto.h>
+#include <openssl/engine.h>
+#include <openssl/evp.h>
+#include <openssl/aes.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+#include <openssl/modes.h>
+
+#ifndef OPENSSL_NO_HW
+# ifndef OPENSSL_NO_HW_PADLOCK
+
+/* Attempt to have a single source for both 0.9.7 and 0.9.8 :-) */
+#  if (OPENSSL_VERSION_NUMBER >= 0x00908000L)
+#   ifndef OPENSSL_NO_DYNAMIC_ENGINE
+#    define DYNAMIC_ENGINE
+#   endif
+#  elif (OPENSSL_VERSION_NUMBER >= 0x00907000L)
+#   ifdef ENGINE_DYNAMIC_SUPPORT
+#    define DYNAMIC_ENGINE
+#   endif
+#  else
+#   error "Only OpenSSL >= 0.9.7 is supported"
+#  endif
+
+/*
+ * VIA PadLock AES is available *ONLY* on some x86 CPUs. Not only that it
+ * doesn't exist elsewhere, but it even can't be compiled on other platforms!
+ */
+
+#  undef COMPILE_HW_PADLOCK
+#  if !defined(I386_ONLY) && defined(PADLOCK_ASM)
+#   define COMPILE_HW_PADLOCK
+#   ifdef OPENSSL_NO_DYNAMIC_ENGINE
+static ENGINE *ENGINE_padlock(void);
+#   endif
+#  endif
+
+#  ifdef OPENSSL_NO_DYNAMIC_ENGINE
+void engine_load_padlock_int(void);
+void engine_load_padlock_int(void)
+{
+/* On non-x86 CPUs it just returns. */
+#   ifdef COMPILE_HW_PADLOCK
+    ENGINE *toadd = ENGINE_padlock();
+    if (!toadd)
+        return;
+    ENGINE_add(toadd);
+    ENGINE_free(toadd);
+    ERR_clear_error();
+#   endif
+}
+
+#  endif
+
+#  ifdef COMPILE_HW_PADLOCK
+
+/* Function for ENGINE detection and control */
+static int padlock_available(void);
+static int padlock_init(ENGINE *e);
+
+/* RNG Stuff */
+static RAND_METHOD padlock_rand;
+
+/* Cipher Stuff */
+static int padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+                           const int **nids, int nid);
+
+/* Engine names */
+static const char *padlock_id = "padlock";
+static char padlock_name[100];
+
+/* Available features */
+static int padlock_use_ace = 0; /* Advanced Cryptography Engine */
+static int padlock_use_rng = 0; /* Random Number Generator */
+
+/* ===== Engine "management" functions ===== */
+
+/* Prepare the ENGINE structure for registration */
+static int padlock_bind_helper(ENGINE *e)
+{
+    /* Check available features */
+    padlock_available();
+
+    /*
+     * RNG is currently disabled for reasons discussed in commentary just
+     * before padlock_rand_bytes function.
+     */
+    padlock_use_rng = 0;
+
+    /* Generate a nice engine name with available features */
+    BIO_snprintf(padlock_name, sizeof(padlock_name),
+                 "VIA PadLock (%s, %s)",
+                 padlock_use_rng ? "RNG" : "no-RNG",
+                 padlock_use_ace ? "ACE" : "no-ACE");
+
+    /* Register everything or return with an error */
+    if (!ENGINE_set_id(e, padlock_id) ||
+        !ENGINE_set_name(e, padlock_name) ||
+        !ENGINE_set_init_function(e, padlock_init) ||
+        (padlock_use_ace && !ENGINE_set_ciphers(e, padlock_ciphers)) ||
+        (padlock_use_rng && !ENGINE_set_RAND(e, &padlock_rand))) {
+        return 0;
+    }
+
+    /* Everything looks good */
+    return 1;
+}
+
+#   ifdef OPENSSL_NO_DYNAMIC_ENGINE
+/* Constructor */
+static ENGINE *ENGINE_padlock(void)
+{
+    ENGINE *eng = ENGINE_new();
+
+    if (eng == NULL) {
+        return NULL;
+    }
+
+    if (!padlock_bind_helper(eng)) {
+        ENGINE_free(eng);
+        return NULL;
+    }
+
+    return eng;
+}
+#   endif
+
+/* Check availability of the engine */
+static int padlock_init(ENGINE *e)
+{
+    return (padlock_use_rng || padlock_use_ace);
+}
+
+/*
+ * This stuff is needed if this ENGINE is being compiled into a
+ * self-contained shared-library.
+ */
+#   ifdef DYNAMIC_ENGINE
+static int padlock_bind_fn(ENGINE *e, const char *id)
+{
+    if (id && (strcmp(id, padlock_id) != 0)) {
+        return 0;
+    }
+
+    if (!padlock_bind_helper(e)) {
+        return 0;
+    }
+
+    return 1;
+}
+
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(padlock_bind_fn)
+#   endif                       /* DYNAMIC_ENGINE */
+/* ===== Here comes the "real" engine ===== */
+
+/* Some AES-related constants */
+#   define AES_BLOCK_SIZE          16
+#   define AES_KEY_SIZE_128        16
+#   define AES_KEY_SIZE_192        24
+#   define AES_KEY_SIZE_256        32
+    /*
+     * Here we store the status information relevant to the current context.
+     */
+    /*
+     * BIG FAT WARNING: Inline assembler in PADLOCK_XCRYPT_ASM() depends on
+     * the order of items in this structure.  Don't blindly modify, reorder,
+     * etc!
+     */
+struct padlock_cipher_data {
+    unsigned char iv[AES_BLOCK_SIZE]; /* Initialization vector */
+    union {
+        unsigned int pad[4];
+        struct {
+            int rounds:4;
+            int dgst:1;         /* n/a in C3 */
+            int align:1;        /* n/a in C3 */
+            int ciphr:1;        /* n/a in C3 */
+            unsigned int keygen:1;
+            int interm:1;
+            unsigned int encdec:1;
+            int ksize:2;
+        } b;
+    } cword;                    /* Control word */
+    AES_KEY ks;                 /* Encryption key */
+};
+
+/* Interface to assembler module */
+unsigned int padlock_capability(void);
+void padlock_key_bswap(AES_KEY *key);
+void padlock_verify_context(struct padlock_cipher_data *ctx);
+void padlock_reload_key(void);
+void padlock_aes_block(void *out, const void *inp,
+                       struct padlock_cipher_data *ctx);
+int padlock_ecb_encrypt(void *out, const void *inp,
+                        struct padlock_cipher_data *ctx, size_t len);
+int padlock_cbc_encrypt(void *out, const void *inp,
+                        struct padlock_cipher_data *ctx, size_t len);
+int padlock_cfb_encrypt(void *out, const void *inp,
+                        struct padlock_cipher_data *ctx, size_t len);
+int padlock_ofb_encrypt(void *out, const void *inp,
+                        struct padlock_cipher_data *ctx, size_t len);
+int padlock_ctr32_encrypt(void *out, const void *inp,
+                          struct padlock_cipher_data *ctx, size_t len);
+int padlock_xstore(void *out, int edx);
+void padlock_sha1_oneshot(void *ctx, const void *inp, size_t len);
+void padlock_sha1(void *ctx, const void *inp, size_t len);
+void padlock_sha256_oneshot(void *ctx, const void *inp, size_t len);
+void padlock_sha256(void *ctx, const void *inp, size_t len);
+
+/*
+ * Load supported features of the CPU to see if the PadLock is available.
+ */
+static int padlock_available(void)
+{
+    unsigned int edx = padlock_capability();
+
+    /* Fill up some flags */
+    padlock_use_ace = ((edx & (0x3 << 6)) == (0x3 << 6));
+    padlock_use_rng = ((edx & (0x3 << 2)) == (0x3 << 2));
+
+    return padlock_use_ace + padlock_use_rng;
+}
+
+/* ===== AES encryption/decryption ===== */
+
+#   if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb)
+#    define NID_aes_128_cfb NID_aes_128_cfb128
+#   endif
+
+#   if defined(NID_aes_128_ofb128) && ! defined (NID_aes_128_ofb)
+#    define NID_aes_128_ofb NID_aes_128_ofb128
+#   endif
+
+#   if defined(NID_aes_192_cfb128) && ! defined (NID_aes_192_cfb)
+#    define NID_aes_192_cfb NID_aes_192_cfb128
+#   endif
+
+#   if defined(NID_aes_192_ofb128) && ! defined (NID_aes_192_ofb)
+#    define NID_aes_192_ofb NID_aes_192_ofb128
+#   endif
+
+#   if defined(NID_aes_256_cfb128) && ! defined (NID_aes_256_cfb)
+#    define NID_aes_256_cfb NID_aes_256_cfb128
+#   endif
+
+#   if defined(NID_aes_256_ofb128) && ! defined (NID_aes_256_ofb)
+#    define NID_aes_256_ofb NID_aes_256_ofb128
+#   endif
+
+/* List of supported ciphers. */
+static const int padlock_cipher_nids[] = {
+    NID_aes_128_ecb,
+    NID_aes_128_cbc,
+    NID_aes_128_cfb,
+    NID_aes_128_ofb,
+    NID_aes_128_ctr,
+
+    NID_aes_192_ecb,
+    NID_aes_192_cbc,
+    NID_aes_192_cfb,
+    NID_aes_192_ofb,
+    NID_aes_192_ctr,
+
+    NID_aes_256_ecb,
+    NID_aes_256_cbc,
+    NID_aes_256_cfb,
+    NID_aes_256_ofb,
+    NID_aes_256_ctr
+};
+
+static int padlock_cipher_nids_num = (sizeof(padlock_cipher_nids) /
+                                      sizeof(padlock_cipher_nids[0]));
+
+/* Function prototypes ... */
+static int padlock_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                                const unsigned char *iv, int enc);
+
+#   define NEAREST_ALIGNED(ptr) ( (unsigned char *)(ptr) +         \
+        ( (0x10 - ((size_t)(ptr) & 0x0F)) & 0x0F )      )
+#   define ALIGNED_CIPHER_DATA(ctx) ((struct padlock_cipher_data *)\
+        NEAREST_ALIGNED(EVP_CIPHER_CTX_get_cipher_data(ctx)))
+
+static int
+padlock_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
+                   const unsigned char *in_arg, size_t nbytes)
+{
+    return padlock_ecb_encrypt(out_arg, in_arg,
+                               ALIGNED_CIPHER_DATA(ctx), nbytes);
+}
+
+static int
+padlock_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
+                   const unsigned char *in_arg, size_t nbytes)
+{
+    struct padlock_cipher_data *cdata = ALIGNED_CIPHER_DATA(ctx);
+    int ret;
+
+    memcpy(cdata->iv, EVP_CIPHER_CTX_iv(ctx), AES_BLOCK_SIZE);
+    if ((ret = padlock_cbc_encrypt(out_arg, in_arg, cdata, nbytes)))
+        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), cdata->iv, AES_BLOCK_SIZE);
+    return ret;
+}
+
+static int
+padlock_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
+                   const unsigned char *in_arg, size_t nbytes)
+{
+    struct padlock_cipher_data *cdata = ALIGNED_CIPHER_DATA(ctx);
+    size_t chunk;
+
+    if ((chunk = EVP_CIPHER_CTX_num(ctx))) {   /* borrow chunk variable */
+        unsigned char *ivp = EVP_CIPHER_CTX_iv_noconst(ctx);
+
+        if (chunk >= AES_BLOCK_SIZE)
+            return 0;           /* bogus value */
+
+        if (EVP_CIPHER_CTX_encrypting(ctx))
+            while (chunk < AES_BLOCK_SIZE && nbytes != 0) {
+                ivp[chunk] = *(out_arg++) = *(in_arg++) ^ ivp[chunk];
+                chunk++, nbytes--;
+        } else
+            while (chunk < AES_BLOCK_SIZE && nbytes != 0) {
+                unsigned char c = *(in_arg++);
+                *(out_arg++) = c ^ ivp[chunk];
+                ivp[chunk++] = c, nbytes--;
+            }
+
+        EVP_CIPHER_CTX_set_num(ctx, chunk % AES_BLOCK_SIZE);
+    }
+
+    if (nbytes == 0)
+        return 1;
+
+    memcpy(cdata->iv, EVP_CIPHER_CTX_iv(ctx), AES_BLOCK_SIZE);
+
+    if ((chunk = nbytes & ~(AES_BLOCK_SIZE - 1))) {
+        if (!padlock_cfb_encrypt(out_arg, in_arg, cdata, chunk))
+            return 0;
+        nbytes -= chunk;
+    }
+
+    if (nbytes) {
+        unsigned char *ivp = cdata->iv;
+
+        out_arg += chunk;
+        in_arg += chunk;
+        EVP_CIPHER_CTX_set_num(ctx, nbytes);
+        if (cdata->cword.b.encdec) {
+            cdata->cword.b.encdec = 0;
+            padlock_reload_key();
+            padlock_aes_block(ivp, ivp, cdata);
+            cdata->cword.b.encdec = 1;
+            padlock_reload_key();
+            while (nbytes) {
+                unsigned char c = *(in_arg++);
+                *(out_arg++) = c ^ *ivp;
+                *(ivp++) = c, nbytes--;
+            }
+        } else {
+            padlock_reload_key();
+            padlock_aes_block(ivp, ivp, cdata);
+            padlock_reload_key();
+            while (nbytes) {
+                *ivp = *(out_arg++) = *(in_arg++) ^ *ivp;
+                ivp++, nbytes--;
+            }
+        }
+    }
+
+    memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), cdata->iv, AES_BLOCK_SIZE);
+
+    return 1;
+}
+
+static int
+padlock_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
+                   const unsigned char *in_arg, size_t nbytes)
+{
+    struct padlock_cipher_data *cdata = ALIGNED_CIPHER_DATA(ctx);
+    size_t chunk;
+
+    /*
+     * ctx->num is maintained in byte-oriented modes, such as CFB and OFB...
+     */
+    if ((chunk = EVP_CIPHER_CTX_num(ctx))) {   /* borrow chunk variable */
+        unsigned char *ivp = EVP_CIPHER_CTX_iv_noconst(ctx);
+
+        if (chunk >= AES_BLOCK_SIZE)
+            return 0;           /* bogus value */
+
+        while (chunk < AES_BLOCK_SIZE && nbytes != 0) {
+            *(out_arg++) = *(in_arg++) ^ ivp[chunk];
+            chunk++, nbytes--;
+        }
+
+        EVP_CIPHER_CTX_set_num(ctx, chunk % AES_BLOCK_SIZE);
+    }
+
+    if (nbytes == 0)
+        return 1;
+
+    memcpy(cdata->iv, EVP_CIPHER_CTX_iv(ctx), AES_BLOCK_SIZE);
+
+    if ((chunk = nbytes & ~(AES_BLOCK_SIZE - 1))) {
+        if (!padlock_ofb_encrypt(out_arg, in_arg, cdata, chunk))
+            return 0;
+        nbytes -= chunk;
+    }
+
+    if (nbytes) {
+        unsigned char *ivp = cdata->iv;
+
+        out_arg += chunk;
+        in_arg += chunk;
+        EVP_CIPHER_CTX_set_num(ctx, nbytes);
+        padlock_reload_key();   /* empirically found */
+        padlock_aes_block(ivp, ivp, cdata);
+        padlock_reload_key();   /* empirically found */
+        while (nbytes) {
+            *(out_arg++) = *(in_arg++) ^ *ivp;
+            ivp++, nbytes--;
+        }
+    }
+
+    memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), cdata->iv, AES_BLOCK_SIZE);
+
+    return 1;
+}
+
+static void padlock_ctr32_encrypt_glue(const unsigned char *in,
+                                       unsigned char *out, size_t blocks,
+                                       struct padlock_cipher_data *ctx,
+                                       const unsigned char *ivec)
+{
+    memcpy(ctx->iv, ivec, AES_BLOCK_SIZE);
+    padlock_ctr32_encrypt(out, in, ctx, AES_BLOCK_SIZE * blocks);
+}
+
+static int
+padlock_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
+                   const unsigned char *in_arg, size_t nbytes)
+{
+    struct padlock_cipher_data *cdata = ALIGNED_CIPHER_DATA(ctx);
+    unsigned int num = EVP_CIPHER_CTX_num(ctx);
+
+    CRYPTO_ctr128_encrypt_ctr32(in_arg, out_arg, nbytes,
+                                cdata, EVP_CIPHER_CTX_iv_noconst(ctx),
+                                EVP_CIPHER_CTX_buf_noconst(ctx), &num,
+                                (ctr128_f) padlock_ctr32_encrypt_glue);
+
+    EVP_CIPHER_CTX_set_num(ctx, (size_t)num);
+    return 1;
+}
+
+#   define EVP_CIPHER_block_size_ECB       AES_BLOCK_SIZE
+#   define EVP_CIPHER_block_size_CBC       AES_BLOCK_SIZE
+#   define EVP_CIPHER_block_size_OFB       1
+#   define EVP_CIPHER_block_size_CFB       1
+#   define EVP_CIPHER_block_size_CTR       1
+
+/*
+ * Declaring so many ciphers by hand would be a pain. Instead introduce a bit
+ * of preprocessor magic :-)
+ */
+#   define DECLARE_AES_EVP(ksize,lmode,umode)      \
+static EVP_CIPHER *_hidden_aes_##ksize##_##lmode = NULL; \
+static const EVP_CIPHER *padlock_aes_##ksize##_##lmode(void) \
+{                                                                       \
+    if (_hidden_aes_##ksize##_##lmode == NULL                           \
+        && ((_hidden_aes_##ksize##_##lmode =                            \
+             EVP_CIPHER_meth_new(NID_aes_##ksize##_##lmode,             \
+                                 EVP_CIPHER_block_size_##umode,         \
+                                 AES_KEY_SIZE_##ksize)) == NULL         \
+            || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_##ksize##_##lmode, \
+                                              AES_BLOCK_SIZE)           \
+            || !EVP_CIPHER_meth_set_flags(_hidden_aes_##ksize##_##lmode, \
+                                          0 | EVP_CIPH_##umode##_MODE)  \
+            || !EVP_CIPHER_meth_set_init(_hidden_aes_##ksize##_##lmode, \
+                                         padlock_aes_init_key)          \
+            || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_##ksize##_##lmode, \
+                                              padlock_##lmode##_cipher) \
+            || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_##ksize##_##lmode, \
+                                                  sizeof(struct padlock_cipher_data) + 16) \
+            || !EVP_CIPHER_meth_set_set_asn1_params(_hidden_aes_##ksize##_##lmode, \
+                                                    EVP_CIPHER_set_asn1_iv) \
+            || !EVP_CIPHER_meth_set_get_asn1_params(_hidden_aes_##ksize##_##lmode, \
+                                                    EVP_CIPHER_get_asn1_iv))) { \
+        EVP_CIPHER_meth_free(_hidden_aes_##ksize##_##lmode);            \
+        _hidden_aes_##ksize##_##lmode = NULL;                           \
+    }                                                                   \
+    return _hidden_aes_##ksize##_##lmode;                               \
+}
+
+DECLARE_AES_EVP(128, ecb, ECB)
+DECLARE_AES_EVP(128, cbc, CBC)
+DECLARE_AES_EVP(128, cfb, CFB)
+DECLARE_AES_EVP(128, ofb, OFB)
+DECLARE_AES_EVP(128, ctr, CTR)
+
+DECLARE_AES_EVP(192, ecb, ECB)
+DECLARE_AES_EVP(192, cbc, CBC)
+DECLARE_AES_EVP(192, cfb, CFB)
+DECLARE_AES_EVP(192, ofb, OFB)
+DECLARE_AES_EVP(192, ctr, CTR)
+
+DECLARE_AES_EVP(256, ecb, ECB)
+DECLARE_AES_EVP(256, cbc, CBC)
+DECLARE_AES_EVP(256, cfb, CFB)
+DECLARE_AES_EVP(256, ofb, OFB)
+DECLARE_AES_EVP(256, ctr, CTR)
+
+static int
+padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids,
+                int nid)
+{
+    /* No specific cipher => return a list of supported nids ... */
+    if (!cipher) {
+        *nids = padlock_cipher_nids;
+        return padlock_cipher_nids_num;
+    }
+
+    /* ... or the requested "cipher" otherwise */
+    switch (nid) {
+    case NID_aes_128_ecb:
+        *cipher = padlock_aes_128_ecb();
+        break;
+    case NID_aes_128_cbc:
+        *cipher = padlock_aes_128_cbc();
+        break;
+    case NID_aes_128_cfb:
+        *cipher = padlock_aes_128_cfb();
+        break;
+    case NID_aes_128_ofb:
+        *cipher = padlock_aes_128_ofb();
+        break;
+    case NID_aes_128_ctr:
+        *cipher = padlock_aes_128_ctr();
+        break;
+
+    case NID_aes_192_ecb:
+        *cipher = padlock_aes_192_ecb();
+        break;
+    case NID_aes_192_cbc:
+        *cipher = padlock_aes_192_cbc();
+        break;
+    case NID_aes_192_cfb:
+        *cipher = padlock_aes_192_cfb();
+        break;
+    case NID_aes_192_ofb:
+        *cipher = padlock_aes_192_ofb();
+        break;
+    case NID_aes_192_ctr:
+        *cipher = padlock_aes_192_ctr();
+        break;
+
+    case NID_aes_256_ecb:
+        *cipher = padlock_aes_256_ecb();
+        break;
+    case NID_aes_256_cbc:
+        *cipher = padlock_aes_256_cbc();
+        break;
+    case NID_aes_256_cfb:
+        *cipher = padlock_aes_256_cfb();
+        break;
+    case NID_aes_256_ofb:
+        *cipher = padlock_aes_256_ofb();
+        break;
+    case NID_aes_256_ctr:
+        *cipher = padlock_aes_256_ctr();
+        break;
+
+    default:
+        /* Sorry, we don't support this NID */
+        *cipher = NULL;
+        return 0;
+    }
+
+    return 1;
+}
+
+/* Prepare the encryption key for PadLock usage */
+static int
+padlock_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                     const unsigned char *iv, int enc)
+{
+    struct padlock_cipher_data *cdata;
+    int key_len = EVP_CIPHER_CTX_key_length(ctx) * 8;
+    unsigned long mode = EVP_CIPHER_CTX_mode(ctx);
+
+    if (key == NULL)
+        return 0;               /* ERROR */
+
+    cdata = ALIGNED_CIPHER_DATA(ctx);
+    memset(cdata, 0, sizeof(*cdata));
+
+    /* Prepare Control word. */
+    if (mode == EVP_CIPH_OFB_MODE || mode == EVP_CIPH_CTR_MODE)
+        cdata->cword.b.encdec = 0;
+    else
+        cdata->cword.b.encdec = (EVP_CIPHER_CTX_encrypting(ctx) == 0);
+    cdata->cword.b.rounds = 10 + (key_len - 128) / 32;
+    cdata->cword.b.ksize = (key_len - 128) / 64;
+
+    switch (key_len) {
+    case 128:
+        /*
+         * PadLock can generate an extended key for AES128 in hardware
+         */
+        memcpy(cdata->ks.rd_key, key, AES_KEY_SIZE_128);
+        cdata->cword.b.keygen = 0;
+        break;
+
+    case 192:
+    case 256:
+        /*
+         * Generate an extended AES key in software. Needed for AES192/AES256
+         */
+        /*
+         * Well, the above applies to Stepping 8 CPUs and is listed as
+         * hardware errata. They most likely will fix it at some point and
+         * then a check for stepping would be due here.
+         */
+        if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
+            && !enc)
+            AES_set_decrypt_key(key, key_len, &cdata->ks);
+        else
+            AES_set_encrypt_key(key, key_len, &cdata->ks);
+#   ifndef AES_ASM
+        /*
+         * OpenSSL C functions use byte-swapped extended key.
+         */
+        padlock_key_bswap(&cdata->ks);
+#   endif
+        cdata->cword.b.keygen = 1;
+        break;
+
+    default:
+        /* ERROR */
+        return 0;
+    }
+
+    /*
+     * This is done to cover for cases when user reuses the
+     * context for new key. The catch is that if we don't do
+     * this, padlock_eas_cipher might proceed with old key...
+     */
+    padlock_reload_key();
+
+    return 1;
+}
+
+/* ===== Random Number Generator ===== */
+/*
+ * This code is not engaged. The reason is that it does not comply
+ * with recommendations for VIA RNG usage for secure applications
+ * (posted at http://www.via.com.tw/en/viac3/c3.jsp) nor does it
+ * provide meaningful error control...
+ */
+/*
+ * Wrapper that provides an interface between the API and the raw PadLock
+ * RNG
+ */
+static int padlock_rand_bytes(unsigned char *output, int count)
+{
+    unsigned int eax, buf;
+
+    while (count >= 8) {
+        eax = padlock_xstore(output, 0);
+        if (!(eax & (1 << 6)))
+            return 0;           /* RNG disabled */
+        /* this ---vv--- covers DC bias, Raw Bits and String Filter */
+        if (eax & (0x1F << 10))
+            return 0;
+        if ((eax & 0x1F) == 0)
+            continue;           /* no data, retry... */
+        if ((eax & 0x1F) != 8)
+            return 0;           /* fatal failure...  */
+        output += 8;
+        count -= 8;
+    }
+    while (count > 0) {
+        eax = padlock_xstore(&buf, 3);
+        if (!(eax & (1 << 6)))
+            return 0;           /* RNG disabled */
+        /* this ---vv--- covers DC bias, Raw Bits and String Filter */
+        if (eax & (0x1F << 10))
+            return 0;
+        if ((eax & 0x1F) == 0)
+            continue;           /* no data, retry... */
+        if ((eax & 0x1F) != 1)
+            return 0;           /* fatal failure...  */
+        *output++ = (unsigned char)buf;
+        count--;
+    }
+    OPENSSL_cleanse(&buf, sizeof(buf));
+
+    return 1;
+}
+
+/* Dummy but necessary function */
+static int padlock_rand_status(void)
+{
+    return 1;
+}
+
+/* Prepare structure for registration */
+static RAND_METHOD padlock_rand = {
+    NULL,                       /* seed */
+    padlock_rand_bytes,         /* bytes */
+    NULL,                       /* cleanup */
+    NULL,                       /* add */
+    padlock_rand_bytes,         /* pseudorand */
+    padlock_rand_status,        /* rand status */
+};
+
+#  endif                        /* COMPILE_HW_PADLOCK */
+# endif                         /* !OPENSSL_NO_HW_PADLOCK */
+#endif                          /* !OPENSSL_NO_HW */
+
+#if defined(OPENSSL_NO_HW) || defined(OPENSSL_NO_HW_PADLOCK) \
+        || !defined(COMPILE_HW_PADLOCK)
+# ifndef OPENSSL_NO_DYNAMIC_ENGINE
+OPENSSL_EXPORT
+    int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns);
+OPENSSL_EXPORT
+    int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns)
+{
+    return 0;
+}
+
+IMPLEMENT_DYNAMIC_CHECK_FN()
+# endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/external/perl/Downloaded.txt b/trunk/3rdparty/openssl-1.1-fit/external/perl/Downloaded.txt
new file mode 100644
index 000000000..af0c20a3e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/external/perl/Downloaded.txt
@@ -0,0 +1,13 @@
+Intro
+-----
+
+If we find a useful Perl module that isn't one of the core Perl
+modules, we may choose to bundle it with the OpenSSL source.
+
+Here, we simply list those modules and where we downloaded them from.
+
+Downloaded and bundled Perl modules
+-----------------------------------
+
+Text::Template 1.46 was downloaded from
+http://search.cpan.org/CPAN/authors/id/M/MJ/MJD/Text-Template-1.46.tar.gz
diff --git a/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/Artistic b/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/Artistic
new file mode 100644
index 000000000..5f221241e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/Artistic
@@ -0,0 +1,131 @@
+
+
+
+
+			 The "Artistic License"
+
+				Preamble
+
+The intent of this document is to state the conditions under which a
+Package may be copied, such that the Copyright Holder maintains some
+semblance of artistic control over the development of the package,
+while giving the users of the package the right to use and distribute
+the Package in a more-or-less customary fashion, plus the right to make
+reasonable modifications.
+
+Definitions:
+
+	"Package" refers to the collection of files distributed by the
+	Copyright Holder, and derivatives of that collection of files
+	created through textual modification.
+
+	"Standard Version" refers to such a Package if it has not been
+	modified, or has been modified in accordance with the wishes
+	of the Copyright Holder as specified below.
+
+	"Copyright Holder" is whoever is named in the copyright or
+	copyrights for the package.
+
+	"You" is you, if you're thinking about copying or distributing
+	this Package.
+
+	"Reasonable copying fee" is whatever you can justify on the
+	basis of media cost, duplication charges, time of people involved,
+	and so on.  (You will not be required to justify it to the
+	Copyright Holder, but only to the computing community at large
+	as a market that must bear the fee.)
+
+	"Freely Available" means that no fee is charged for the item
+	itself, though there may be fees involved in handling the item.
+	It also means that recipients of the item may redistribute it
+	under the same conditions they received it.
+
+1. You may make and give away verbatim copies of the source form of the
+Standard Version of this Package without restriction, provided that you
+duplicate all of the original copyright notices and associated disclaimers.
+
+2. You may apply bug fixes, portability fixes and other modifications
+derived from the Public Domain or from the Copyright Holder.  A Package
+modified in such a way shall still be considered the Standard Version.
+
+3. You may otherwise modify your copy of this Package in any way, provided
+that you insert a prominent notice in each changed file stating how and
+when you changed that file, and provided that you do at least ONE of the
+following:
+
+    a) place your modifications in the Public Domain or otherwise make them
+    Freely Available, such as by posting said modifications to Usenet or
+    an equivalent medium, or placing the modifications on a major archive
+    site such as uunet.uu.net, or by allowing the Copyright Holder to include
+    your modifications in the Standard Version of the Package.
+
+    b) use the modified Package only within your corporation or organization.
+
+    c) rename any non-standard executables so the names do not conflict
+    with standard executables, which must also be provided, and provide
+    a separate manual page for each non-standard executable that clearly
+    documents how it differs from the Standard Version.
+
+    d) make other distribution arrangements with the Copyright Holder.
+
+4. You may distribute the programs of this Package in object code or
+executable form, provided that you do at least ONE of the following:
+
+    a) distribute a Standard Version of the executables and library files,
+    together with instructions (in the manual page or equivalent) on where
+    to get the Standard Version.
+
+    b) accompany the distribution with the machine-readable source of
+    the Package with your modifications.
+
+    c) give non-standard executables non-standard names, and clearly
+    document the differences in manual pages (or equivalent), together
+    with instructions on where to get the Standard Version.
+
+    d) make other distribution arrangements with the Copyright Holder.
+
+5. You may charge a reasonable copying fee for any distribution of this
+Package.  You may charge any fee you choose for support of this
+Package.  You may not charge a fee for this Package itself.  However,
+you may distribute this Package in aggregate with other (possibly
+commercial) programs as part of a larger (possibly commercial) software
+distribution provided that you do not advertise this Package as a
+product of your own.  You may embed this Package's interpreter within
+an executable of yours (by linking); this shall be construed as a mere
+form of aggregation, provided that the complete Standard Version of the
+interpreter is so embedded.
+
+6. The scripts and library files supplied as input to or produced as
+output from the programs of this Package do not automatically fall
+under the copyright of this Package, but belong to whoever generated
+them, and may be sold commercially, and may be aggregated with this
+Package.  If such scripts or library files are aggregated with this
+Package via the so-called "undump" or "unexec" methods of producing a
+binary executable image, then distribution of such an image shall
+neither be construed as a distribution of this Package nor shall it
+fall under the restrictions of Paragraphs 3 and 4, provided that you do
+not represent such an executable image as a Standard Version of this
+Package.
+
+7. C subroutines (or comparably compiled subroutines in other
+languages) supplied by you and linked into this Package in order to
+emulate subroutines and variables of the language defined by this
+Package shall not be considered part of this Package, but are the
+equivalent of input as in Paragraph 6, provided these subroutines do
+not change the language in any way that would cause it to fail the
+regression tests for the language.
+
+8. Aggregation of this Package with a commercial distribution is always
+permitted provided that the use of this Package is embedded; that is,
+when no overt attempt is made to make this Package's interfaces visible
+to the end user of the commercial distribution.  Such use shall not be
+construed as a distribution of this Package.
+
+9. The name of the Copyright Holder may not be used to endorse or promote
+products derived from this software without specific prior written permission.
+
+10. THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR
+IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+
+				The End
diff --git a/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/COPYING b/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/COPYING
new file mode 100644
index 000000000..a3f6b12ee
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/COPYING
@@ -0,0 +1,340 @@
+		    GNU GENERAL PUBLIC LICENSE
+		       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+                          59 Temple Place - Suite 330, Boston, MA
+                          02111-1307, USA.
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+			    Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Library General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+		    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+			    NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+		     END OF TERMS AND CONDITIONS
+
+	Appendix: How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) 19yy  <name of author>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+    Gnomovision version 69, Copyright (C) 19yy name of author
+    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary.  Here is a sample; alter the names:
+
+  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+  `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+  <signature of Ty Coon>, 1 April 1989
+  Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs.  If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library.  If this is what you want to do, use the GNU Library General
+Public License instead of this License.
diff --git a/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/INSTALL b/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/INSTALL
new file mode 100644
index 000000000..7c5e4c6bd
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/INSTALL
@@ -0,0 +1,31 @@
+
+To install:
+
+	perl Makefile.PL
+
+to construct the Makefile, then
+
+	make test
+
+to test the package.  If it fails any tests, please send me the output
+of `make test' and `perl -V'.  I'll tell you whether it is safe to go
+ahead, or I'll provide a fix.
+
+If it passes the tests, use
+
+	make install
+
+to install it.
+
+Detailed documentation is at the bottom of the lib/Text/Template.pm
+file.  You may be able to view it with the following command:
+
+        perldoc Text::Template
+ 
+Or:
+
+        perldoc lib/Text/Template.pm
+
+If you have problems, send me mail:
+
+mjd-perl-template+@plover.com
diff --git a/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/MANIFEST b/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/MANIFEST
new file mode 100644
index 000000000..22460fe8b
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/MANIFEST
@@ -0,0 +1,25 @@
+MANIFEST
+COPYING
+Artistic
+Makefile.PL
+INSTALL
+README
+lib/Text/Template.pm
+lib/Text/Template/Preprocess.pm
+t/00-version.t
+t/01-basic.t
+t/02-hash.t
+t/03-out.t
+t/04-safe.t
+t/05-safe2.t
+t/06-ofh.t
+t/07-safe3.t
+t/08-exported.t
+t/09-error.t
+t/10-delimiters.t
+t/11-prepend.t
+t/12-preprocess.t
+t/13-taint.t
+t/14-broken.t
+META.yml                                 Module meta-data (added by MakeMaker)
+META.json                                Module JSON meta-data (added by MakeMaker)
diff --git a/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/META.json b/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/META.json
new file mode 100644
index 000000000..6b335eb94
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/META.json
@@ -0,0 +1,39 @@
+{
+   "abstract" : "unknown",
+   "author" : [
+      "unknown"
+   ],
+   "dynamic_config" : 1,
+   "generated_by" : "ExtUtils::MakeMaker version 6.62, CPAN::Meta::Converter version 2.120630",
+   "license" : [
+      "unknown"
+   ],
+   "meta-spec" : {
+      "url" : "http://search.cpan.org/perldoc?CPAN::Meta::Spec",
+      "version" : "2"
+   },
+   "name" : "Text-Template",
+   "no_index" : {
+      "directory" : [
+         "t",
+         "inc"
+      ]
+   },
+   "prereqs" : {
+      "build" : {
+         "requires" : {
+            "ExtUtils::MakeMaker" : "0"
+         }
+      },
+      "configure" : {
+         "requires" : {
+            "ExtUtils::MakeMaker" : "0"
+         }
+      },
+      "runtime" : {
+         "requires" : {}
+      }
+   },
+   "release_status" : "stable",
+   "version" : "1.46"
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/META.yml b/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/META.yml
new file mode 100644
index 000000000..a2e271594
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/META.yml
@@ -0,0 +1,21 @@
+---
+abstract: unknown
+author:
+  - unknown
+build_requires:
+  ExtUtils::MakeMaker: 0
+configure_requires:
+  ExtUtils::MakeMaker: 0
+dynamic_config: 1
+generated_by: 'ExtUtils::MakeMaker version 6.62, CPAN::Meta::Converter version 2.120630'
+license: unknown
+meta-spec:
+  url: http://module-build.sourceforge.net/META-spec-v1.4.html
+  version: 1.4
+name: Text-Template
+no_index:
+  directory:
+    - t
+    - inc
+requires: {}
+version: 1.46
diff --git a/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/Makefile.PL b/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/Makefile.PL
new file mode 100644
index 000000000..491e03cb0
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/Makefile.PL
@@ -0,0 +1,7 @@
+use ExtUtils::MakeMaker;
+WriteMakefile(
+	      NAME => 'Text::Template',
+	      VERSION_FROM => 'lib/Text/Template.pm',
+#	      'linkext' => {LINKTYPE => ''},
+	      'dist' => {COMPRESS => 'gzip', SUFFIX => 'gz'},
+);
diff --git a/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/README b/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/README
new file mode 100644
index 000000000..e184d8cd2
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/README
@@ -0,0 +1,339 @@
+
+Text::Template v1.46
+
+This is a library for generating form letters, building HTML pages, or
+filling in templates generally.  A `template' is a piece of text that
+has little Perl programs embedded in it here and there.  When you
+`fill in' a template, you evaluate the little programs and replace
+them with their values.  
+
+Here's an example of a template:
+
+	Dear {$title} {$lastname},
+
+	It has come to our attention that you are delinquent in your
+	{$monthname[$last_paid_month]} payment.  Please remit
+	${sprintf("%.2f", $amount)} immediately, or your patellae may
+	be needlessly endangered.
+
+			Love,
+
+			Mark "{nickname(rand 20)}" Dominus
+
+
+The result of filling in this template is a string, which might look
+something like this:
+
+	Dear Mr. Gates,
+
+	It has come to our attention that you are delinquent in your
+	February payment.  Please remit
+	$392.12 immediately, or your patellae may
+	be needlessly endangered.
+
+
+			Love,
+
+			Mark "Vizopteryx" Dominus
+
+You can store a template in a file outside your program.  People can
+modify the template without modifying the program.  You can separate
+the formatting details from the main code, and put the formatting
+parts of the program into the template.  That prevents code bloat and
+encourages functional separation.
+
+You can fill in the template in a `Safe' compartment.  This means that
+if you don't trust the person who wrote the code in the template, you
+won't have to worry that they are tampering with your program when you
+execute it.  
+
+----------------------------------------------------------------
+
+Text::Template was originally released some time in late 1995 or early
+1996.  After three years of study and investigation, I rewrote it from
+scratch in January 1999.  The new version, 1.0, was much faster,
+delivered better functionality and was almost 100% backward-compatible
+with the previous beta versions.
+
+I have added a number of useful features and conveniences since the
+1.0 release, while still retaining backward compatibility.  With one
+merely cosmetic change, the current version of Text::Template passes
+the test suite that the old beta versions passed.
+
+Questions or comments should be addressed to
+mjd-perl-template+@plover.com.  This address goes directly to me, and
+not to anyone else; it is not a mailing list address.
+
+To receive occasional announcements of new versions of T::T, send an
+empty note to mjd-perl-template-request@plover.com.  This mailing list
+is not for discussion; it is for announcements only.  Therefore, there
+is no address for sending messages to the list.
+
+You can get the most recent version of Text::Template, news, comments,
+and other collateral information from
+<URL:http://www.plover.com/~mjd/perl/Template/>.
+
+----------------------------------------------------------------
+
+What's new in v1.46 since v1.44:
+
+        Thanks to Rik Signes, there is a new
+        Text::Template->append_text_to_output method, which
+        Text::Template always uses whenever it wants to emit output.
+        You can subclass this to get control over the output, for
+        example for postprocessing.
+
+        A spurious warning is no longer emitted when the TYPE
+        parameter to ->new is omitted.
+
+----------------------------------------------------------------
+What's new in v1.44 since v1.43: 
+
+This is a maintentance release.  There are no feature changes.
+
+        _scrubpkg, which was responsible for eptying out temporary
+        packages after the module had done with them, wasn't always
+        working; the result was memory-leaks in long-running
+        applications.  This should be fixed now, and there is a test
+        in the test suite for it.
+
+        Minor changes to the test suite to prevent spurious errors.
+
+        Minor documentation changes.
+
+----------------------------------------------------------------
+What's new in v1.43 since v1.42:
+
+        The ->new method now fails immediately and sets
+        $Text::Template::ERROR if the file that is named by a filename
+        argument does not exist or cannot be opened for some other
+        reason.  Formerly, the constructor would succeed and the
+        ->fill_in call would fail.
+
+----------------------------------------------------------------
+
+What's new in v1.42 since v1.41:
+
+This is a maintentance release.  There are no feature changes.
+
+        Fixed a bug relating to use of UNTAINT under perl 5.005_03 and
+        possibly other versions.
+
+        Taint-related tests are now more comprehensive.
+----------------------------------------------------------------
+
+What's new in v1.41 since v1.40:
+
+This is a maintentance release.  There are no feature changes.
+
+        Tests now work correctly on Windows systems and possibly on
+        other non-unix systems.
+
+----------------------------------------------------------------
+
+What's new in v1.40 since v1.31:
+
+        New UNTAINT option tells the module that it is safe to 'eval'
+        code even though it has come from a file or filehandle.
+
+        Code added to prevent memory leaks when filling many
+        templates.  Thanks to Itamar Almeida de Carvalho.
+
+        Bug fix:  $OUT was not correctly initialized when used in
+        conjunction with SAFE.
+
+        You may now use a glob ref when passing a filehandle to the
+        ->new funcion.  Formerly, a glob was reuqired.
+
+        New subclass:  Text::Template::Preprocess.  Just like
+        Text::Template, but you may supply a PREPROCESS option in the
+        constructor or the fill_in call; this is a function which
+        receives each code fragment prior to evaluation, and which may
+        modify and return the fragment; the modified fragment is what
+        is evaluated.
+
+        Error messages passed to BROKEN subroutines will now report
+        the correct line number of the template at which the error
+        occurred:
+
+                Illegal division by zero at template line 37.
+
+        If the template comes from a file, the filename will be
+        reported as well:
+
+                Illegal division by zero at catalog.tmpl line 37.
+
+
+        INCOMPATIBLE CHANGE:
+
+        The format of the default error message has changed.  It used
+        to look like:
+
+                Program fragment at line 30 delivered error ``Illegal division by zero''
+
+        It now looks like:
+
+                Program fragment delivered error ``Illegal division by zero at catalog.tmpl line 37''
+
+        Note that the default message used to report the line number
+        at which the program fragment began; it now reports the line
+        number at which the error actually occurred.
+
+----------------------------------------------------------------
+What's new in v1.31 since v1.23:
+
+	Just bug fixes---fill_in_string was failing.  Thanks to 
+        Donald L. Greer Jr. for the test case.
+
+----------------------------------------------------------------
+What's new in v1.23 since v1.22:
+
+	Small bug fix:  DELIMITER and other arguments were being
+	ignored in calls to fill_in_file and fill_this_in.  (Thanks to
+	Jonathan Roy for reporting this.)
+
+----------------------------------------------------------------
+What's new in v1.22 since v1.20:
+
+	You can now specify that certain Perl statements be prepended
+	to the beginning of every program fragment in a template,
+	either per template, or for all templates, or for the duration
+	of only one call to fill_in.  This is useful, for example, if
+	you want to enable `strict' checks in your templates but you
+	don't want to manually add `use strict' to the front of every
+	program fragment everywhere.
+
+----------------------------------------------------------------
+What's new in v1.20 since v1.12:
+
+	You can now specify that the program fragment delimiters are
+	strings other than { and }.  This has three interesting
+	effects: First, it changes the delimiter strings.  Second, it
+	disables the special meaning of \, so you have to be really,
+	really sure that the delimiters will not appear in your
+	templates.  And third, because of the simplifications
+	introduced by the elimination of \ processing, template
+	parsing is 20-25% faster.
+
+	See the manual section on `Alternative Delimiters'.
+
+	Fixed bug having to do with undefined values in HASH options.
+	In particular, Text::Template no longer generates a warning if
+	you try to give a variable an undefined value.
+
+----------------------------------------------------------------
+
+What's new in v1.12 since v1.11:
+
+	I forgot to say that Text::Template ISA Exporter, so the
+	exported functions never got exported.  Duhhh!
+
+	Template TYPEs are now case-insensitive.  The `new' method now
+	diagnoses attempts to use an invalid TYPE.
+
+	More tests for these things.
+
+----------------------------------------------------------------
+
+What's new in v1.11 since v1.10:
+
+	Fixed a bug in the way backslashes were processed.  The 1.10
+	behavior was incompatible with the beta versions and was also
+	inconvenient.  (`\n' in templates was replaced with `n' before
+	it was given to Perl for evaluation.)  The new behavior is
+	also incompatible with the beta versions, but it is only a
+	little bit incompatible, and it is probbaly better.
+
+	Documentation for the new behavior, and tests for the bug.
+
+----------------------------------------------------------------
+
+What's new in v1.10 since v1.03:
+
+	New OUTPUT option delivers template results directly to a
+	filehandle instead of making them into a string.  Saves space
+	and time. 
+
+	PACKAGE and HASH now work intelligently with SAFE.
+
+	Fragments may now output data directly to the template, rather
+	than having to arrange to return it as a return value at the
+	end.  This means that where you used to have to write this:
+
+			{ my $blist = '';
+		          foreach $i (@items) {
+		            $blist .= qq{  * $i\n};
+		          }    
+		          $blist;
+		        } 
+
+	You can now write this instead, because $OUT is special.
+
+			{ foreach $i (@items) {
+		            $OUT.= "  * $i\n";
+		          }    
+		        } 
+
+	(`A spoonful of sugar makes the medicine go down.')
+
+	Fixed some small bugs.  Worked around a bug in Perl that does
+	the wrong thing with $x = <Y> when $x contains a glob.
+
+	More documentation.  Errors fixed.
+
+	Lots more tests.  
+
+----------------------------------------------------------------
+
+What's new in v1.03 since v1.0:
+
+	Code added to support HASH option to fill_in.
+	(Incl. `_gensym' function.)
+	
+	Documentation for HASH.
+	
+	New test file for HASH.
+	
+	Note about failure of lexical variables to propagate into
+ 	templates.  Why does this surprise people?
+	
+	Bug fix: program fragments are evaluated in an environment with
+ 	`no strict' by default.  Otherwise, you get a lot of `Global
+ 	symbol "$v" requires explicit package name' failures.  Why didn't
+ 	the test program pick this up?  Because the only variable the test
+ 	program ever used was `$a', which is exempt.  Duhhhhh.
+	
+	Fixed the test program.
+	
+	Various minor documentation fixes.
+
+
+
+----------------------------------------------------------------
+
+Improvements of 1.0 over the old 0.1beta:
+
+New features:
+
+      At least twice as fast 
+
+      Better support for filling out the same template more than once 
+
+      Now supports evaluation of program fragments in Safe
+      compartments. (Thanks, Jonathan!)  
+
+      Better argument syntax 
+
+      More convenience functions 
+
+      The parser is much better and simpler. 
+
+      Once a template is parsed, the parsed version is stored so that
+      it needn't be parsed again.  
+
+      BROKEN function behavior is rationalized. You can now pass an
+      arbitrary argument to your BROKEN function, or return a value
+      from it to the main program.  
+
+      Documentation overhauled. 
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/lib/Text/Template.pm b/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/lib/Text/Template.pm
new file mode 100644
index 000000000..dc4f3bac7
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/lib/Text/Template.pm
@@ -0,0 +1,1973 @@
+# -*- perl -*-
+# Text::Template.pm
+#
+# Fill in `templates'
+#
+# Copyright 2013 M. J. Dominus.
+# You may copy and distribute this program under the
+# same terms as Perl iteself.  
+# If in doubt, write to mjd-perl-template+@plover.com for a license.
+#
+# Version 1.46
+
+package Text::Template;
+require 5.004;
+use Exporter;
+@ISA = qw(Exporter);
+@EXPORT_OK = qw(fill_in_file fill_in_string TTerror);
+use vars '$ERROR';
+use strict;
+
+$Text::Template::VERSION = '1.46';
+my %GLOBAL_PREPEND = ('Text::Template' => '');
+
+sub Version {
+  $Text::Template::VERSION;
+}
+
+sub _param {
+  my $kk;
+  my ($k, %h) = @_;
+  for $kk ($k, "\u$k", "\U$k", "-$k", "-\u$k", "-\U$k") {
+    return $h{$kk} if exists $h{$kk};
+  }
+  return;
+}
+
+sub always_prepend
+{
+  my $pack = shift;
+  my $old = $GLOBAL_PREPEND{$pack};
+  $GLOBAL_PREPEND{$pack} = shift;
+  $old;
+}
+
+{
+  my %LEGAL_TYPE;
+  BEGIN { 
+    %LEGAL_TYPE = map {$_=>1} qw(FILE FILEHANDLE STRING ARRAY);
+  }
+  sub new {
+    my $pack = shift;
+    my %a = @_;
+    my $stype = uc(_param('type', %a) || "FILE");
+    my $source = _param('source', %a);
+    my $untaint = _param('untaint', %a);
+    my $prepend = _param('prepend', %a);
+    my $alt_delim = _param('delimiters', %a);
+    my $broken = _param('broken', %a);
+    unless (defined $source) {
+      require Carp;
+      Carp::croak("Usage: $ {pack}::new(TYPE => ..., SOURCE => ...)");
+    }
+    unless ($LEGAL_TYPE{$stype}) {
+      require Carp;
+      Carp::croak("Illegal value `$stype' for TYPE parameter");
+    }
+    my $self = {TYPE => $stype,
+		PREPEND => $prepend,
+                UNTAINT => $untaint,
+                BROKEN => $broken,
+		(defined $alt_delim ? (DELIM => $alt_delim) : ()),
+	       };
+    # Under 5.005_03, if any of $stype, $prepend, $untaint, or $broken
+    # are tainted, all the others become tainted too as a result of
+    # sharing the expression with them.  We install $source separately
+    # to prevent it from acquiring a spurious taint.
+    $self->{SOURCE} = $source;
+
+    bless $self => $pack;
+    return unless $self->_acquire_data;
+    
+    $self;
+  }
+}
+
+# Convert template objects of various types to type STRING,
+# in which the template data is embedded in the object itself.
+sub _acquire_data {
+  my ($self) = @_;
+  my $type = $self->{TYPE};
+  if ($type eq 'STRING') {
+    # nothing necessary    
+  } elsif ($type eq 'FILE') {
+    my $data = _load_text($self->{SOURCE});
+    unless (defined $data) {
+      # _load_text already set $ERROR
+      return undef;
+    }
+    if ($self->{UNTAINT} && _is_clean($self->{SOURCE})) {
+      _unconditionally_untaint($data);
+    }
+    $self->{TYPE} = 'STRING';
+    $self->{FILENAME} = $self->{SOURCE};
+    $self->{SOURCE} = $data;
+  } elsif ($type eq 'ARRAY') {
+    $self->{TYPE} = 'STRING';
+    $self->{SOURCE} = join '', @{$self->{SOURCE}};
+  } elsif ($type eq 'FILEHANDLE') {
+    $self->{TYPE} = 'STRING';
+    local $/;
+    my $fh = $self->{SOURCE};
+    my $data = <$fh>; # Extra assignment avoids bug in Solaris perl5.00[45].
+    if ($self->{UNTAINT}) {
+      _unconditionally_untaint($data);
+    }
+    $self->{SOURCE} = $data;
+  } else {
+    # This should have been caught long ago, so it represents a 
+    # drastic `can't-happen' sort of failure
+    my $pack = ref $self;
+    die "Can only acquire data for $pack objects of subtype STRING, but this is $type; aborting";
+  }
+  $self->{DATA_ACQUIRED} = 1;
+}
+
+sub source {
+  my ($self) = @_;
+  $self->_acquire_data unless $self->{DATA_ACQUIRED};
+  return $self->{SOURCE};
+}
+
+sub set_source_data {
+  my ($self, $newdata) = @_;
+  $self->{SOURCE} = $newdata;
+  $self->{DATA_ACQUIRED} = 1;
+  $self->{TYPE} = 'STRING';
+  1;
+}
+
+sub compile {
+  my $self = shift;
+
+  return 1 if $self->{TYPE} eq 'PREPARSED';
+
+  return undef unless $self->_acquire_data;
+  unless ($self->{TYPE} eq 'STRING') {
+    my $pack = ref $self;
+    # This should have been caught long ago, so it represents a 
+    # drastic `can't-happen' sort of failure
+    die "Can only compile $pack objects of subtype STRING, but this is $self->{TYPE}; aborting";
+  }
+
+  my @tokens;
+  my $delim_pats = shift() || $self->{DELIM};
+
+  
+
+  my ($t_open, $t_close) = ('{', '}');
+  my $DELIM;			# Regex matches a delimiter if $delim_pats
+  if (defined $delim_pats) {
+    ($t_open, $t_close) = @$delim_pats;
+    $DELIM = "(?:(?:\Q$t_open\E)|(?:\Q$t_close\E))";
+    @tokens = split /($DELIM|\n)/, $self->{SOURCE};
+  } else {
+    @tokens = split /(\\\\(?=\\*[{}])|\\[{}]|[{}\n])/, $self->{SOURCE};
+  }
+  my $state = 'TEXT';
+  my $depth = 0;
+  my $lineno = 1;
+  my @content;
+  my $cur_item = '';
+  my $prog_start;
+  while (@tokens) {
+    my $t = shift @tokens;
+    next if $t eq '';
+    if ($t eq $t_open) {	# Brace or other opening delimiter
+      if ($depth == 0) {
+	push @content, [$state, $cur_item, $lineno] if $cur_item ne '';
+	$cur_item = '';
+	$state = 'PROG';
+	$prog_start = $lineno;
+      } else {
+	$cur_item .= $t;
+      }
+      $depth++;
+    } elsif ($t eq $t_close) {	# Brace or other closing delimiter
+      $depth--;
+      if ($depth < 0) {
+	$ERROR = "Unmatched close brace at line $lineno";
+	return undef;
+      } elsif ($depth == 0) {
+	push @content, [$state, $cur_item, $prog_start] if $cur_item ne '';
+	$state = 'TEXT';
+	$cur_item = '';
+      } else {
+	$cur_item .= $t;
+      }
+    } elsif (!$delim_pats && $t eq '\\\\') { # precedes \\\..\\\{ or \\\..\\\}
+      $cur_item .= '\\';
+    } elsif (!$delim_pats && $t =~ /^\\([{}])$/) { # Escaped (literal) brace?
+	$cur_item .= $1;
+    } elsif ($t eq "\n") {	# Newline
+      $lineno++;
+      $cur_item .= $t;
+    } else {			# Anything else
+      $cur_item .= $t;
+    }
+  }
+
+  if ($state eq 'PROG') {
+    $ERROR = "End of data inside program text that began at line $prog_start";
+    return undef;
+  } elsif ($state eq 'TEXT') {
+    push @content, [$state, $cur_item, $lineno] if $cur_item ne '';
+  } else {
+    die "Can't happen error #1";
+  }
+  
+  $self->{TYPE} = 'PREPARSED';
+  $self->{SOURCE} = \@content;
+  1;
+}
+
+sub prepend_text {
+  my ($self) = @_;
+  my $t = $self->{PREPEND};
+  unless (defined $t) {
+    $t = $GLOBAL_PREPEND{ref $self};
+    unless (defined $t) {
+      $t = $GLOBAL_PREPEND{'Text::Template'};
+    }
+  }
+  $self->{PREPEND} = $_[1] if $#_ >= 1;
+  return $t;
+}
+
+sub fill_in {
+  my $fi_self = shift;
+  my %fi_a = @_;
+
+  unless ($fi_self->{TYPE} eq 'PREPARSED') {
+    my $delims = _param('delimiters', %fi_a);
+    my @delim_arg = (defined $delims ? ($delims) : ());
+    $fi_self->compile(@delim_arg)
+      or return undef;
+  }
+
+  my $fi_varhash = _param('hash', %fi_a);
+  my $fi_package = _param('package', %fi_a) ;
+  my $fi_broken  = 
+    _param('broken', %fi_a)  || $fi_self->{BROKEN} || \&_default_broken;
+  my $fi_broken_arg = _param('broken_arg', %fi_a) || [];
+  my $fi_safe = _param('safe', %fi_a);
+  my $fi_ofh = _param('output', %fi_a);
+  my $fi_eval_package;
+  my $fi_scrub_package = 0;
+  my $fi_filename = _param('filename') || $fi_self->{FILENAME} || 'template';
+
+  my $fi_prepend = _param('prepend', %fi_a);
+  unless (defined $fi_prepend) {
+    $fi_prepend = $fi_self->prepend_text;
+  }
+
+  if (defined $fi_safe) {
+    $fi_eval_package = 'main';
+  } elsif (defined $fi_package) {
+    $fi_eval_package = $fi_package;
+  } elsif (defined $fi_varhash) {
+    $fi_eval_package = _gensym();
+    $fi_scrub_package = 1;
+  } else {
+    $fi_eval_package = caller;
+  }
+
+  my $fi_install_package;
+  if (defined $fi_varhash) {
+    if (defined $fi_package) {
+      $fi_install_package = $fi_package;
+    } elsif (defined $fi_safe) {
+      $fi_install_package = $fi_safe->root;
+    } else {
+      $fi_install_package = $fi_eval_package; # The gensymmed one
+    }
+    _install_hash($fi_varhash => $fi_install_package);
+  }
+
+  if (defined $fi_package && defined $fi_safe) {
+    no strict 'refs';
+    # Big fat magic here: Fix it so that the user-specified package
+    # is the default one available in the safe compartment.
+    *{$fi_safe->root . '::'} = \%{$fi_package . '::'};   # LOD
+  }
+
+  my $fi_r = '';
+  my $fi_item;
+  foreach $fi_item (@{$fi_self->{SOURCE}}) {
+    my ($fi_type, $fi_text, $fi_lineno) = @$fi_item;
+    if ($fi_type eq 'TEXT') {
+      $fi_self->append_text_to_output(
+        text   => $fi_text,
+        handle => $fi_ofh,
+        out    => \$fi_r,
+        type   => $fi_type,
+      );
+    } elsif ($fi_type eq 'PROG') {
+      no strict;
+      my $fi_lcomment = "#line $fi_lineno $fi_filename";
+      my $fi_progtext = 
+        "package $fi_eval_package; $fi_prepend;\n$fi_lcomment\n$fi_text;";
+      my $fi_res;
+      my $fi_eval_err = '';
+      if ($fi_safe) {
+        $fi_safe->reval(q{undef $OUT});
+	$fi_res = $fi_safe->reval($fi_progtext);
+	$fi_eval_err = $@;
+	my $OUT = $fi_safe->reval('$OUT');
+	$fi_res = $OUT if defined $OUT;
+      } else {
+	my $OUT;
+	$fi_res = eval $fi_progtext;
+	$fi_eval_err = $@;
+	$fi_res = $OUT if defined $OUT;
+      }
+
+      # If the value of the filled-in text really was undef,
+      # change it to an explicit empty string to avoid undefined
+      # value warnings later.
+      $fi_res = '' unless defined $fi_res;
+
+      if ($fi_eval_err) {
+	$fi_res = $fi_broken->(text => $fi_text,
+			       error => $fi_eval_err,
+			       lineno => $fi_lineno,
+			       arg => $fi_broken_arg,
+			       );
+	if (defined $fi_res) {
+          $fi_self->append_text_to_output(
+            text   => $fi_res,
+            handle => $fi_ofh,
+            out    => \$fi_r,
+            type   => $fi_type,
+          );
+	} else {
+	  return $fi_res;		# Undefined means abort processing
+	}
+      } else {
+        $fi_self->append_text_to_output(
+          text   => $fi_res,
+          handle => $fi_ofh,
+          out    => \$fi_r,
+          type   => $fi_type,
+        );
+      }
+    } else {
+      die "Can't happen error #2";
+    }
+  }
+
+  _scrubpkg($fi_eval_package) if $fi_scrub_package;
+  defined $fi_ofh ? 1 : $fi_r;
+}
+
+sub append_text_to_output {
+  my ($self, %arg) = @_;
+
+  if (defined $arg{handle}) {
+    print { $arg{handle} } $arg{text};
+  } else {
+    ${ $arg{out} } .= $arg{text};
+  }
+
+  return;
+}
+
+sub fill_this_in {
+  my $pack = shift;
+  my $text = shift;
+  my $templ = $pack->new(TYPE => 'STRING', SOURCE => $text, @_)
+    or return undef;
+  $templ->compile or return undef;
+  my $result = $templ->fill_in(@_);
+  $result;
+}
+
+sub fill_in_string {
+  my $string = shift;
+  my $package = _param('package', @_);
+  push @_, 'package' => scalar(caller) unless defined $package;
+  Text::Template->fill_this_in($string, @_);
+}
+
+sub fill_in_file {
+  my $fn = shift;
+  my $templ = Text::Template->new(TYPE => 'FILE', SOURCE => $fn, @_)
+    or return undef;
+  $templ->compile or return undef;
+  my $text = $templ->fill_in(@_);
+  $text;
+}
+
+sub _default_broken {
+  my %a = @_;
+  my $prog_text = $a{text};
+  my $err = $a{error};
+  my $lineno = $a{lineno};
+  chomp $err;
+#  $err =~ s/\s+at .*//s;
+  "Program fragment delivered error ``$err''";
+}
+
+sub _load_text {
+  my $fn = shift;
+  local *F;
+  unless (open F, $fn) {
+    $ERROR = "Couldn't open file $fn: $!";
+    return undef;
+  }
+  local $/;
+  <F>;
+}
+
+sub _is_clean {
+  my $z;
+  eval { ($z = join('', @_)), eval '#' . substr($z,0,0); 1 }   # LOD
+}
+
+sub _unconditionally_untaint {
+  for (@_) {
+    ($_) = /(.*)/s;
+  }
+}
+
+{
+  my $seqno = 0;
+  sub _gensym {
+    __PACKAGE__ . '::GEN' . $seqno++;
+  }
+  sub _scrubpkg {
+    my $s = shift;
+    $s =~ s/^Text::Template:://;
+    no strict 'refs';
+    my $hash = $Text::Template::{$s."::"};
+    foreach my $key (keys %$hash) {
+      undef $hash->{$key};
+    }
+  }
+}
+  
+# Given a hashful of variables (or a list of such hashes)
+# install the variables into the specified package,
+# overwriting whatever variables were there before.
+sub _install_hash {
+  my $hashlist = shift;
+  my $dest = shift;
+  if (UNIVERSAL::isa($hashlist, 'HASH')) {
+    $hashlist = [$hashlist];
+  }
+  my $hash;
+  foreach $hash (@$hashlist) {
+    my $name;
+    foreach $name (keys %$hash) {
+      my $val = $hash->{$name};
+      no strict 'refs';
+      local *SYM = *{"$ {dest}::$name"};
+      if (! defined $val) {
+	delete ${"$ {dest}::"}{$name};
+      } elsif (ref $val) {
+	*SYM = $val;
+      } else {
+ 	*SYM = \$val;
+      }
+    }
+  }
+}
+
+sub TTerror { $ERROR }
+
+1;
+
+
+=head1 NAME 
+
+Text::Template - Expand template text with embedded Perl
+
+=head1 VERSION
+
+This file documents C<Text::Template> version B<1.46>
+
+=head1 SYNOPSIS
+
+ use Text::Template;
+
+
+ $template = Text::Template->new(TYPE => 'FILE',  SOURCE => 'filename.tmpl');
+ $template = Text::Template->new(TYPE => 'ARRAY', SOURCE => [ ... ] );
+ $template = Text::Template->new(TYPE => 'FILEHANDLE', SOURCE => $fh );
+ $template = Text::Template->new(TYPE => 'STRING', SOURCE => '...' );
+ $template = Text::Template->new(PREPEND => q{use strict;}, ...);
+
+ # Use a different template file syntax:
+ $template = Text::Template->new(DELIMITERS => [$open, $close], ...);
+
+ $recipient = 'King';
+ $text = $template->fill_in();  # Replaces `{$recipient}' with `King'
+ print $text;
+
+ $T::recipient = 'Josh';
+ $text = $template->fill_in(PACKAGE => T);
+
+ # Pass many variables explicitly
+ $hash = { recipient => 'Abed-Nego',
+           friends => [ 'me', 'you' ],
+           enemies => { loathsome => 'Bill Gates',
+                        fearsome => 'Larry Ellison' },
+         };
+ $text = $template->fill_in(HASH => $hash, ...);
+ # $recipient is Abed-Nego,
+ # @friends is ( 'me', 'you' ),
+ # %enemies is ( loathsome => ..., fearsome => ... )
+
+
+ # Call &callback in case of programming errors in template
+ $text = $template->fill_in(BROKEN => \&callback, BROKEN_ARG => $ref, ...);
+
+ # Evaluate program fragments in Safe compartment with restricted permissions
+ $text = $template->fill_in(SAFE => $compartment, ...);
+
+ # Print result text instead of returning it
+ $success = $template->fill_in(OUTPUT => \*FILEHANDLE, ...);
+
+ # Parse template with different template file syntax:
+ $text = $template->fill_in(DELIMITERS => [$open, $close], ...);
+ # Note that this is *faster* than using the default delimiters
+
+ # Prepend specified perl code to each fragment before evaluating:
+ $text = $template->fill_in(PREPEND => q{use strict 'vars';}, ...);
+
+ use Text::Template 'fill_in_string';
+ $text = fill_in_string( <<EOM, PACKAGE => 'T', ...);
+ Dear {$recipient},
+ Pay me at once.
+        Love, 
+         G.V.
+ EOM
+
+ use Text::Template 'fill_in_file';
+ $text = fill_in_file($filename, ...);
+
+ # All templates will always have `use strict vars' attached to all fragments
+ Text::Template->always_prepend(q{use strict 'vars';});
+
+=head1 DESCRIPTION
+
+This is a library for generating form letters, building HTML pages, or
+filling in templates generally.  A `template' is a piece of text that
+has little Perl programs embedded in it here and there.  When you
+`fill in' a template, you evaluate the little programs and replace
+them with their values.  
+
+You can store a template in a file outside your program.  People can
+modify the template without modifying the program.  You can separate
+the formatting details from the main code, and put the formatting
+parts of the program into the template.  That prevents code bloat and
+encourages functional separation.
+
+=head2 Example
+
+Here's an example of a template, which we'll suppose is stored in the
+file C<formletter.tmpl>:
+
+	Dear {$title} {$lastname},
+
+	It has come to our attention that you are delinquent in your
+	{$monthname[$last_paid_month]} payment.  Please remit
+	${sprintf("%.2f", $amount)} immediately, or your patellae may
+	be needlessly endangered.
+
+			Love,
+
+			Mark "Vizopteryx" Dominus
+
+
+The result of filling in this template is a string, which might look
+something like this:
+
+	Dear Mr. Gates,
+
+	It has come to our attention that you are delinquent in your
+	February payment.  Please remit
+	$392.12 immediately, or your patellae may
+	be needlessly endangered.
+
+
+			Love,
+
+			Mark "Vizopteryx" Dominus
+
+Here is a complete program that transforms the example
+template into the example result, and prints it out:
+
+	use Text::Template;
+
+	my $template = Text::Template->new(SOURCE => 'formletter.tmpl')
+	  or die "Couldn't construct template: $Text::Template::ERROR";
+
+	my @monthname = qw(January February March April May June
+                           July August September October November December);
+	my %vars = (title => 'Mr.',
+		    firstname => 'Bill',
+		    lastname => 'Gates',
+		    last_paid_month => 1,   # February
+		    amount => 392.12,
+		    monthname => \@monthname,
+		   );
+
+	my $result = $template->fill_in(HASH => \%vars);
+
+	if (defined $result) { print $result }
+	else { die "Couldn't fill in template: $Text::Template::ERROR" }
+
+
+=head2 Philosophy
+
+When people make a template module like this one, they almost always
+start by inventing a special syntax for substitutions.  For example,
+they build it so that a string like C<%%VAR%%> is replaced with the
+value of C<$VAR>.  Then they realize the need extra formatting, so
+they put in some special syntax for formatting.  Then they need a
+loop, so they invent a loop syntax.  Pretty soon they have a new
+little template language.
+
+This approach has two problems: First, their little language is
+crippled. If you need to do something the author hasn't thought of,
+you lose.  Second: Who wants to learn another language?  You already
+know Perl, so why not use it?
+
+C<Text::Template> templates are programmed in I<Perl>.  You embed Perl
+code in your template, with C<{> at the beginning and C<}> at the end.
+If you want a variable interpolated, you write it the way you would in
+Perl.  If you need to make a loop, you can use any of the Perl loop
+constructions.  All the Perl built-in functions are available.
+
+=head1 Details
+
+=head2 Template Parsing
+
+The C<Text::Template> module scans the template source.  An open brace
+C<{> begins a program fragment, which continues until the matching
+close brace C<}>.  When the template is filled in, the program
+fragments are evaluated, and each one is replaced with the resulting
+value to yield the text that is returned.
+
+A backslash C<\> in front of a brace (or another backslash that is in
+front of a brace) escapes its special meaning.  The result of filling
+out this template:
+
+	\{ The sum of 1 and 2 is {1+2}  \}
+
+is
+
+	{ The sum of 1 and 2 is 3  }
+
+If you have an unmatched brace, C<Text::Template> will return a
+failure code and a warning about where the problem is.  Backslashes
+that do not precede a brace are passed through unchanged.  If you have
+a template like this:
+
+	{ "String that ends in a newline.\n" }
+
+The backslash inside the string is passed through to Perl unchanged,
+so the C<\n> really does turn into a newline.  See the note at the end
+for details about the way backslashes work.  Backslash processing is
+I<not> done when you specify alternative delimiters with the
+C<DELIMITERS> option.  (See L<"Alternative Delimiters">, below.)
+
+Each program fragment should be a sequence of Perl statements, which
+are evaluated the usual way.  The result of the last statement
+executed will be evaluted in scalar context; the result of this
+statement is a string, which is interpolated into the template in
+place of the program fragment itself.
+
+The fragments are evaluated in order, and side effects from earlier
+fragments will persist into later fragments:
+
+	{$x = @things; ''}The Lord High Chamberlain has gotten {$x}
+	things for me this year.  
+	{ $diff = $x - 17; 
+	  $more = 'more'
+	  if ($diff == 0) {
+	    $diff = 'no';
+	  } elsif ($diff < 0) {
+	    $more = 'fewer';
+	  } 
+          '';
+	} 
+	That is {$diff} {$more} than he gave me last year.
+
+The value of C<$x> set in the first line will persist into the next
+fragment that begins on the third line, and the values of C<$diff> and
+C<$more> set in the second fragment will persist and be interpolated
+into the last line.  The output will look something like this:
+
+	The Lord High Chamberlain has gotten 42
+	things for me this year.  
+
+	That is 25 more than he gave me last year.
+
+That is all the syntax there is.  
+
+=head2 The C<$OUT> variable
+
+There is one special trick you can play in a template.  Here is the
+motivation for it:  Suppose you are going to pass an array, C<@items>,
+into the template, and you want the template to generate a bulleted
+list with a header, like this:
+
+	Here is a list of the things I have got for you since 1907:
+	  * Ivory
+	  * Apes
+	  * Peacocks
+	  * ...
+
+One way to do it is with a template like this:
+
+	Here is a list of the things I have got for you since 1907:
+	{ my $blist = '';
+          foreach $i (@items) {
+            $blist .= qq{  * $i\n};
+          }    
+          $blist;
+        } 
+
+Here we construct the list in a variable called C<$blist>, which we
+return at the end.  This is a little cumbersome.  There is a shortcut.
+
+Inside of templates, there is a special variable called C<$OUT>.
+Anything you append to this variable will appear in the output of the
+template.  Also, if you use C<$OUT> in a program fragment, the normal
+behavior, of replacing the fragment with its return value, is
+disabled; instead the fragment is replaced with the value of C<$OUT>.
+This means that you can write the template above like this:
+
+	Here is a list of the things I have got for you since 1907:
+	{ foreach $i (@items) {
+            $OUT .= "  * $i\n";
+          }    
+        } 
+
+C<$OUT> is reinitialized to the empty string at the start of each
+program fragment.  It is private to C<Text::Template>, so 
+you can't use a variable named C<$OUT> in your template without
+invoking the special behavior.
+
+=head2 General Remarks
+
+All C<Text::Template> functions return C<undef> on failure, and set the
+variable C<$Text::Template::ERROR> to contain an explanation of what
+went wrong.  For example, if you try to create a template from a file
+that does not exist, C<$Text::Template::ERROR> will contain something like:
+
+	Couldn't open file xyz.tmpl: No such file or directory
+
+=head2 C<new>
+
+	$template = new Text::Template ( TYPE => ..., SOURCE => ... );
+
+This creates and returns a new template object.  C<new> returns
+C<undef> and sets C<$Text::Template::ERROR> if it can't create the
+template object.  C<SOURCE> says where the template source code will
+come from.  C<TYPE> says what kind of object the source is.
+
+The most common type of source is a file:
+
+	new Text::Template ( TYPE => 'FILE', SOURCE => $filename );
+
+This reads the template from the specified file.  The filename is
+opened with the Perl C<open> command, so it can be a pipe or anything
+else that makes sense with C<open>.
+
+The C<TYPE> can also be C<STRING>, in which case the C<SOURCE> should
+be a string:
+
+	new Text::Template ( TYPE => 'STRING', 
+                             SOURCE => "This is the actual template!" );
+
+The C<TYPE> can be C<ARRAY>, in which case the source should be a
+reference to an array of strings.  The concatenation of these strings
+is the template:
+
+	new Text::Template ( TYPE => 'ARRAY', 
+                             SOURCE => [ "This is ", "the actual", 
+                                         " template!",
+                                       ]
+                           );
+
+The C<TYPE> can be FILEHANDLE, in which case the source should be an
+open filehandle (such as you got from the C<FileHandle> or C<IO::*>
+packages, or a glob, or a reference to a glob).  In this case
+C<Text::Template> will read the text from the filehandle up to
+end-of-file, and that text is the template:
+
+	# Read template source code from STDIN:
+	new Text::Template ( TYPE => 'FILEHANDLE', 
+                             SOURCE => \*STDIN  );
+
+
+If you omit the C<TYPE> attribute, it's taken to be C<FILE>.
+C<SOURCE> is required.  If you omit it, the program will abort.
+
+The words C<TYPE> and C<SOURCE> can be spelled any of the following ways:
+
+	TYPE	SOURCE
+	Type	Source
+	type	source
+	-TYPE	-SOURCE
+	-Type	-Source
+	-type	-source
+
+Pick a style you like and stick with it.
+
+=over 4
+
+=item C<DELIMITERS>
+
+You may also add a C<DELIMITERS> option.  If this option is present,
+its value should be a reference to an array of two strings.  The first
+string is the string that signals the beginning of each program
+fragment, and the second string is the string that signals the end of
+each program fragment.  See L<"Alternative Delimiters">, below.
+
+=item C<UNTAINT>
+
+If your program is running in taint mode, you may have problems if
+your templates are stored in files.  Data read from files is
+considered 'untrustworthy', and taint mode will not allow you to
+evaluate the Perl code in the file.  (It is afraid that a malicious
+person might have tampered with the file.)
+
+In some environments, however, local files are trustworthy.  You can
+tell C<Text::Template> that a certain file is trustworthy by supplying
+C<UNTAINT =E<gt> 1> in the call to C<new>.  This will tell
+C<Text::Template> to disable taint checks on template code that has
+come from a file, as long as the filename itself is considered
+trustworthy.  It will also disable taint checks on template code that
+comes from a filehandle.  When used with C<TYPE =E<gt> 'string'> or C<TYPE
+=E<gt> 'array'>, it has no effect.
+
+See L<perlsec> for more complete information about tainting.
+
+Thanks to Steve Palincsar, Gerard Vreeswijk, and Dr. Christoph Baehr
+for help with this feature.
+
+=item C<PREPEND>
+
+This option is passed along to the C<fill_in> call unless it is
+overridden in the arguments to C<fill_in>.  See L<C<PREPEND> feature
+and using C<strict> in templates> below.
+
+=item C<BROKEN>
+
+This option is passed along to the C<fill_in> call unless it is
+overridden in the arguments to C<fill_in>.  See L<C<BROKEN>> below.
+
+=back
+
+=head2 C<compile>
+
+	$template->compile()
+
+Loads all the template text from the template's source, parses and
+compiles it.  If successful, returns true; otherwise returns false and
+sets C<$Text::Template::ERROR>.  If the template is already compiled,
+it returns true and does nothing.  
+
+You don't usually need to invoke this function, because C<fill_in>
+(see below) compiles the template if it isn't compiled already.
+
+If there is an argument to this function, it must be a reference to an
+array containing alternative delimiter strings.  See C<"Alternative
+Delimiters">, below.
+
+=head2 C<fill_in>
+
+	$template->fill_in(OPTIONS);
+
+Fills in a template.  Returns the resulting text if successful.
+Otherwise, returns C<undef>  and sets C<$Text::Template::ERROR>.
+
+The I<OPTIONS> are a hash, or a list of key-value pairs.  You can
+write the key names in any of the six usual styles as above; this
+means that where this manual says C<PACKAGE> (for example) you can
+actually use any of
+
+	PACKAGE Package package -PACKAGE -Package -package
+
+Pick a style you like and stick with it.  The all-lowercase versions
+may yield spurious warnings about
+
+	Ambiguous use of package => resolved to "package"
+
+so you might like to avoid them and use the capitalized versions.
+
+At present, there are eight legal options:  C<PACKAGE>, C<BROKEN>,
+C<BROKEN_ARG>, C<SAFE>, C<HASH>, C<OUTPUT>, and C<DELIMITERS>.
+
+=over 4
+
+=item C<PACKAGE>
+
+C<PACKAGE> specifies the name of a package in which the program
+fragments should be evaluated.  The default is to use the package from
+which C<fill_in> was called.  For example, consider this template:
+
+	The value of the variable x is {$x}.
+
+If you use C<$template-E<gt>fill_in(PACKAGE =E<gt> 'R')> , then the C<$x> in
+the template is actually replaced with the value of C<$R::x>.  If you
+omit the C<PACKAGE> option, C<$x> will be replaced with the value of
+the C<$x> variable in the package that actually called C<fill_in>.
+
+You should almost always use C<PACKAGE>.  If you don't, and your
+template makes changes to variables, those changes will be propagated
+back into the main program.  Evaluating the template in a private
+package helps prevent this.  The template can still modify variables
+in your program if it wants to, but it will have to do so explicitly.
+See the section at the end on `Security'.
+
+Here's an example of using C<PACKAGE>:
+
+	Your Royal Highness,
+
+	Enclosed please find a list of things I have gotten
+	for you since 1907:
+
+	{ foreach $item (@items) {
+            $item_no++;
+	    $OUT .= " $item_no. \u$item\n";
+	  }
+	}
+
+	Signed,
+	Lord High Chamberlain
+
+We want to pass in an array which will be assigned to the array
+C<@items>.  Here's how to do that:
+
+
+	@items = ('ivory', 'apes', 'peacocks', );
+	$template->fill_in();
+
+This is not very safe.  The reason this isn't as safe is that if you
+had a variable named C<$item_no> in scope in your program at the point
+you called C<fill_in>, its value would be clobbered by the act of
+filling out the template.  The problem is the same as if you had
+written a subroutine that used those variables in the same way that
+the template does.  (C<$OUT> is special in templates and is always
+safe.)
+
+One solution to this is to make the C<$item_no> variable private to the
+template by declaring it with C<my>.  If the template does this, you
+are safe.
+
+But if you use the C<PACKAGE> option, you will probably be safe even
+if the template does I<not> declare its variables with C<my>:
+
+	@Q::items = ('ivory', 'apes', 'peacocks', );
+	$template->fill_in(PACKAGE => 'Q');
+
+In this case the template will clobber the variable C<$Q::item_no>,
+which is not related to the one your program was using.
+
+Templates cannot affect variables in the main program that are
+declared with C<my>, unless you give the template references to those
+variables.
+
+=item C<HASH>
+
+You may not want to put the template variables into a package.
+Packages can be hard to manage:  You can't copy them, for example.
+C<HASH> provides an alternative.  
+
+The value for C<HASH> should be a reference to a hash that maps
+variable names to values.  For example, 
+
+	$template->fill_in(HASH => { recipient => "The King",
+				     items => ['gold', 'frankincense', 'myrrh'],
+	                             object => \$self,
+				   });
+
+will fill out the template and use C<"The King"> as the value of
+C<$recipient> and the list of items as the value of C<@items>.  Note
+that we pass an array reference, but inside the template it appears as
+an array.  In general, anything other than a simple string or number
+should be passed by reference.
+
+We also want to pass an object, which is in C<$self>; note that we
+pass a reference to the object, C<\$self> instead.  Since we've passed
+a reference to a scalar, inside the template the object appears as
+C<$object>.  
+
+The full details of how it works are a little involved, so you might
+want to skip to the next section.
+
+Suppose the key in the hash is I<key> and the value is I<value>.  
+
+=over 4
+
+=item *
+
+If the I<value> is C<undef>, then any variables named C<$key>,
+C<@key>, C<%key>, etc., are undefined.  
+
+=item *
+
+If the I<value> is a string or a number, then C<$key> is set to that
+value in the template.
+
+=item *
+
+For anything else, you must pass a reference.
+
+If the I<value> is a reference to an array, then C<@key> is set to
+that array.  If the I<value> is a reference to a hash, then C<%key> is
+set to that hash.  Similarly if I<value> is any other kind of
+reference.  This means that
+
+	var => "foo"
+
+and
+
+	var => \"foo"
+
+have almost exactly the same effect.  (The difference is that in the
+former case, the value is copied, and in the latter case it is
+aliased.)  
+
+=item *
+
+In particular, if you want the template to get an object or any kind,
+you must pass a reference to it:
+
+	$template->fill_in(HASH => { database_handle => \$dbh, ... });
+
+If you do this, the template will have a variable C<$database_handle>
+which is the database handle object.  If you leave out the C<\>, the
+template will have a hash C<%database_handle>, which exposes the
+internal structure of the database handle object; you don't want that.
+
+=back
+
+Normally, the way this works is by allocating a private package,
+loading all the variables into the package, and then filling out the
+template as if you had specified that package.  A new package is
+allocated each time.  However, if you I<also> use the C<PACKAGE>
+option, C<Text::Template> loads the variables into the package you
+specified, and they stay there after the call returns.  Subsequent
+calls to C<fill_in> that use the same package will pick up the values
+you loaded in.
+
+If the argument of C<HASH> is a reference to an array instead of a
+reference to a hash, then the array should contain a list of hashes
+whose contents are loaded into the template package one after the
+other.  You can use this feature if you want to combine several sets
+of variables.  For example, one set of variables might be the defaults
+for a fill-in form, and the second set might be the user inputs, which
+override the defaults when they are present:
+
+	$template->fill_in(HASH => [\%defaults, \%user_input]);
+
+You can also use this to set two variables with the same name:
+
+	$template->fill_in(HASH => [{ v => "The King" },
+                                    { v => [1,2,3] },
+	                           ]
+                          );
+
+This sets C<$v> to C<"The King"> and C<@v> to C<(1,2,3)>.	
+
+=item C<BROKEN>
+
+If any of the program fragments fails to compile or aborts for any
+reason, and you have set the C<BROKEN> option to a function reference,
+C<Text::Template> will invoke the function.  This function is called
+the I<C<BROKEN> function>.  The C<BROKEN> function will tell
+C<Text::Template> what to do next.  
+
+If the C<BROKEN> function returns C<undef>, C<Text::Template> will
+immediately abort processing the template and return the text that it
+has accumulated so far.  If your function does this, it should set a
+flag that you can examine after C<fill_in> returns so that you can
+tell whether there was a premature return or not. 
+
+If the C<BROKEN> function returns any other value, that value will be
+interpolated into the template as if that value had been the return
+value of the program fragment to begin with.  For example, if the
+C<BROKEN> function returns an error string, the error string will be
+interpolated into the output of the template in place of the program
+fragment that cased the error.
+
+If you don't specify a C<BROKEN> function, C<Text::Template> supplies
+a default one that returns something like
+
+	Program fragment delivered error ``Illegal division by 0 at
+	template line 37''
+
+(Note that the format of this message has changed slightly since
+version 1.31.)  The return value of the C<BROKEN> function is
+interpolated into the template at the place the error occurred, so
+that this template:
+
+	(3+4)*5 = { 3+4)*5 }
+
+yields this result:
+
+	(3+4)*5 = Program fragment delivered error ``syntax error at template line 1''
+
+If you specify a value for the C<BROKEN> attribute, it should be a
+reference to a function that C<fill_in> can call instead of the
+default function.
+
+C<fill_in> will pass a hash to the C<broken> function.
+The hash will have at least these three members:
+
+=over 4
+
+=item C<text>
+
+The source code of the program fragment that failed
+
+=item C<error>
+
+The text of the error message (C<$@>) generated by eval.
+
+The text has been modified to omit the trailing newline and to include
+the name of the template file (if there was one).  The line number
+counts from the beginning of the template, not from the beginning of
+the failed program fragment.
+
+=item C<lineno>
+
+The line number of the template at which the program fragment began.
+
+=back
+
+There may also be an C<arg> member.  See C<BROKEN_ARG>, below
+
+=item C<BROKEN_ARG>
+
+If you supply the C<BROKEN_ARG> option to C<fill_in>, the value of the
+option is passed to the C<BROKEN> function whenever it is called.  The
+default C<BROKEN> function ignores the C<BROKEN_ARG>, but you can
+write a custom C<BROKEN> function that uses the C<BROKEN_ARG> to get
+more information about what went wrong. 
+
+The C<BROKEN> function could also use the C<BROKEN_ARG> as a reference
+to store an error message or some other information that it wants to
+communicate back to the caller.  For example:
+
+	$error = '';
+
+	sub my_broken {	
+	   my %args = @_;
+	   my $err_ref = $args{arg};
+	   ...
+	   $$err_ref = "Some error message";
+	   return undef;
+	}
+
+	$template->fill_in(BROKEN => \&my_broken,
+			   BROKEN_ARG => \$error,
+			  );
+
+	if ($error) {
+	  die "It didn't work: $error";
+	}
+
+If one of the program fragments in the template fails, it will call
+the C<BROKEN> function, C<my_broken>, and pass it the C<BROKEN_ARG>,
+which is a reference to C<$error>.  C<my_broken> can store an error
+message into C<$error> this way.  Then the function that called
+C<fill_in> can see if C<my_broken> has left an error message for it
+to find, and proceed accordingly.
+
+=item C<SAFE>
+
+If you give C<fill_in> a C<SAFE> option, its value should be a safe
+compartment object from the C<Safe> package.  All evaluation of
+program fragments will be performed in this compartment.  See L<Safe>
+for full details about such compartments and how to restrict the
+operations that can be performed in them.
+
+If you use the C<PACKAGE> option with C<SAFE>, the package you specify
+will be placed into the safe compartment and evaluation will take
+place in that package as usual.  
+
+If not, C<SAFE> operation is a little different from the default.
+Usually, if you don't specify a package, evaluation of program
+fragments occurs in the package from which the template was invoked.
+But in C<SAFE> mode the evaluation occurs inside the safe compartment
+and cannot affect the calling package.  Normally, if you use C<HASH>
+without C<PACKAGE>, the hash variables are imported into a private,
+one-use-only package.  But if you use C<HASH> and C<SAFE> together
+without C<PACKAGE>, the hash variables will just be loaded into the
+root namespace of the C<Safe> compartment.
+
+=item C<OUTPUT>
+
+If your template is going to generate a lot of text that you are just
+going to print out again anyway,  you can save memory by having
+C<Text::Template> print out the text as it is generated instead of
+making it into a big string and returning the string.  If you supply
+the C<OUTPUT> option to C<fill_in>, the value should be a filehandle.
+The generated text will be printed to this filehandle as it is
+constructed.  For example:
+
+	$template->fill_in(OUTPUT => \*STDOUT, ...);
+
+fills in the C<$template> as usual, but the results are immediately
+printed to STDOUT.  This may result in the output appearing more
+quickly than it would have otherwise.
+
+If you use C<OUTPUT>, the return value from C<fill_in> is still true on
+success and false on failure, but the complete text is not returned to
+the caller.
+
+=item C<PREPEND>
+
+You can have some Perl code prepended automatically to the beginning
+of every program fragment.  See L<C<PREPEND> feature and using
+C<strict> in templates> below.
+
+=item C<DELIMITERS>
+
+If this option is present, its value should be a reference to a list
+of two strings.  The first string is the string that signals the
+beginning of each program fragment, and the second string is the
+string that signals the end of each program fragment.  See
+L<"Alternative Delimiters">, below.  
+
+If you specify C<DELIMITERS> in the call to C<fill_in>, they override
+any delimiters you set when you created the template object with
+C<new>. 
+
+=back
+
+=head1 Convenience Functions
+
+=head2 C<fill_this_in>
+
+The basic way to fill in a template is to create a template object and
+then call C<fill_in> on it.   This is useful if you want to fill in
+the same template more than once.
+
+In some programs, this can be cumbersome.  C<fill_this_in> accepts a
+string, which contains the template, and a list of options, which are
+passed to C<fill_in> as above.  It constructs the template object for
+you, fills it in as specified, and returns the results.  It returns
+C<undef> and sets C<$Text::Template::ERROR> if it couldn't generate
+any results.
+
+An example:
+
+	$Q::name = 'Donald';
+	$Q::amount = 141.61;
+	$Q::part = 'hyoid bone';
+
+	$text = Text::Template->fill_this_in( <<'EOM', PACKAGE => Q);
+	Dear {$name},
+	You owe me \\${sprintf('%.2f', $amount)}.  
+	Pay or I will break your {$part}.
+		Love,
+		Grand Vizopteryx of Irkutsk.
+	EOM
+
+Notice how we included the template in-line in the program by using a
+`here document' with the C<E<lt>E<lt>> notation.
+
+C<fill_this_in> is a deprecated feature.  It is only here for
+backwards compatibility, and may be removed in some far-future version
+in C<Text::Template>.  You should use C<fill_in_string> instead.  It
+is described in the next section.
+
+=head2 C<fill_in_string>
+
+It is stupid that C<fill_this_in> is a class method.  It should have
+been just an imported function, so that you could omit the
+C<Text::Template-E<gt>> in the example above.  But I made the mistake
+four years ago and it is too late to change it.
+
+C<fill_in_string> is exactly like C<fill_this_in> except that it is
+not a method and you can omit the C<Text::Template-E<gt>> and just say
+
+	print fill_in_string(<<'EOM', ...);
+	Dear {$name},
+	  ...
+	EOM
+
+To use C<fill_in_string>, you need to say
+
+	use Text::Template 'fill_in_string';
+
+at the top of your program.   You should probably use
+C<fill_in_string> instead of C<fill_this_in>.
+
+=head2 C<fill_in_file>
+
+If you import C<fill_in_file>, you can say
+
+	$text = fill_in_file(filename, ...);
+
+The C<...> are passed to C<fill_in> as above.  The filename is the
+name of the file that contains the template you want to fill in.  It
+returns the result text. or C<undef>, as usual.
+
+If you are going to fill in the same file more than once in the same
+program you should use the longer C<new> / C<fill_in> sequence instead.
+It will be a lot faster because it only has to read and parse the file
+once.
+
+=head2 Including files into templates
+
+People always ask for this.  ``Why don't you have an include
+function?'' they want to know.  The short answer is this is Perl, and
+Perl already has an include function.  If you want it, you can just put
+
+	{qx{cat filename}}
+
+into your template.  VoilE<agrave>.
+
+If you don't want to use C<cat>, you can write a little four-line
+function that opens a file and dumps out its contents, and call it
+from the template.  I wrote one for you.  In the template, you can say
+
+	{Text::Template::_load_text(filename)}
+
+If that is too verbose, here is a trick.  Suppose the template package
+that you are going to be mentioning in the C<fill_in> call is package
+C<Q>.  Then in the main program, write
+
+	*Q::include = \&Text::Template::_load_text;
+
+This imports the C<_load_text> function into package C<Q> with the
+name C<include>.  From then on, any template that you fill in with
+package C<Q> can say
+
+	{include(filename)}
+
+to insert the text from the named file at that point.  If you are
+using the C<HASH> option instead, just put C<include =E<gt>
+\&Text::Template::_load_text> into the hash instead of importing it
+explicitly.
+
+Suppose you don't want to insert a plain text file, but rather you
+want to include one template within another?  Just use C<fill_in_file>
+in the template itself:
+
+	{Text::Template::fill_in_file(filename)}
+
+You can do the same importing trick if this is too much to type.
+
+=head1 Miscellaneous
+
+=head2 C<my> variables
+
+People are frequently surprised when this doesn't work:
+
+	my $recipient = 'The King';
+	my $text = fill_in_file('formletter.tmpl');
+
+The text C<The King> doesn't get into the form letter.  Why not?
+Because C<$recipient> is a C<my> variable, and the whole point of
+C<my> variables is that they're private and inaccessible except in the
+scope in which they're declared.  The template is not part of that
+scope, so the template can't see C<$recipient>.  
+
+If that's not the behavior you want, don't use C<my>.  C<my> means a
+private variable, and in this case you don't want the variable to be
+private.  Put the variables into package variables in some other
+package, and use the C<PACKAGE> option to C<fill_in>:
+
+	$Q::recipient = $recipient;
+	my $text = fill_in_file('formletter.tmpl', PACKAGE => 'Q');
+	
+
+or pass the names and values in a hash with the C<HASH> option:
+
+	my $text = fill_in_file('formletter.tmpl', HASH => { recipient => $recipient });
+
+=head2 Security Matters
+
+All variables are evaluated in the package you specify with the
+C<PACKAGE> option of C<fill_in>.  if you use this option, and if your
+templates don't do anything egregiously stupid, you won't have to
+worry that evaluation of the little programs will creep out into the
+rest of your program and wreck something.
+
+Nevertheless, there's really no way (except with C<Safe>) to protect
+against a template that says
+
+	{ $Important::Secret::Security::Enable = 0; 
+	  # Disable security checks in this program 
+	}
+
+or
+
+	{ $/ = "ho ho ho";   # Sabotage future uses of <FH>.
+	  # $/ is always a global variable
+	}
+
+or even
+
+	{ system("rm -rf /") }
+
+so B<don't> go filling in templates unless you're sure you know what's
+in them.  If you're worried, or you can't trust the person who wrote
+the template, use the C<SAFE> option.
+
+A final warning: program fragments run a small risk of accidentally
+clobbering local variables in the C<fill_in> function itself.  These
+variables all have names that begin with C<$fi_>, so if you stay away
+from those names you'll be safe.  (Of course, if you're a real wizard
+you can tamper with them deliberately for exciting effects; this is
+actually how C<$OUT> works.)  I can fix this, but it will make the
+package slower to do it, so I would prefer not to.  If you are worried
+about this, send me mail and I will show you what to do about it.
+
+=head2 Alternative Delimiters
+
+Lorenzo Valdettaro pointed out that if you are using C<Text::Template>
+to generate TeX output, the choice of braces as the program fragment
+delimiters makes you suffer suffer suffer.  Starting in version 1.20,
+you can change the choice of delimiters to something other than curly
+braces.
+
+In either the C<new()> call or the C<fill_in()> call, you can specify
+an alternative set of delimiters with the C<DELIMITERS> option.  For
+example, if you would like code fragments to be delimited by C<[@-->
+and C<--@]> instead of C<{> and C<}>, use
+
+	... DELIMITERS => [ '[@--', '--@]' ], ...
+
+Note that these delimiters are I<literal strings>, not regexes.  (I
+tried for regexes, but it complicates the lexical analysis too much.)
+Note also that C<DELIMITERS> disables the special meaning of the
+backslash, so if you want to include the delimiters in the literal
+text of your template file, you are out of luck---it is up to you to
+choose delimiters that do not conflict with what you are doing.  The
+delimiter strings may still appear inside of program fragments as long
+as they nest properly.  This means that if for some reason you
+absolutely must have a program fragment that mentions one of the
+delimiters, like this:
+
+	[@--
+		print "Oh no, a delimiter: --@]\n"
+	--@]
+
+you may be able to make it work by doing this instead:
+
+	[@--
+		# Fake matching delimiter in a comment: [@--
+		print "Oh no, a delimiter: --@]\n"
+	--@]
+
+It may be safer to choose delimiters that begin with a newline
+character.  
+
+Because the parsing of templates is simplified by the absence of
+backslash escapes, using alternative C<DELIMITERS> may speed up the
+parsing process by 20-25%.  This shows that my original choice of C<{>
+and C<}> was very bad. 
+
+=head2 C<PREPEND> feature and using C<strict> in templates
+
+Suppose you would like to use C<strict> in your templates to detect
+undeclared variables and the like.  But each code fragment is a
+separate lexical scope, so you have to turn on C<strict> at the top of
+each and every code fragment:
+
+	{ use strict;
+	  use vars '$foo';
+	  $foo = 14;
+	  ...
+	}
+
+	...
+
+	{ # we forgot to put `use strict' here
+	  my $result = $boo + 12;    # $boo is misspelled and should be $foo
+	  # No error is raised on `$boo'
+	}
+
+Because we didn't put C<use strict> at the top of the second fragment,
+it was only active in the first fragment, and we didn't get any
+C<strict> checking in the second fragment.  Then we mispelled C<$foo>
+and the error wasn't caught.  
+
+C<Text::Template> version 1.22 and higher has a new feature to make
+this easier.  You can specify that any text at all be automatically
+added to the beginning of each program fragment.  
+
+When you make a call to C<fill_in>, you can specify a
+
+	PREPEND => 'some perl statements here'
+
+option; the statements will be prepended to each program fragment for
+that one call only.  Suppose that the C<fill_in> call included a
+
+	PREPEND => 'use strict;'
+
+option, and that the template looked like this:
+
+	{ use vars '$foo';
+	  $foo = 14;
+	  ...
+	}
+
+	...
+
+	{ my $result = $boo + 12;    # $boo is misspelled and should be $foo
+	  ...
+	}
+
+The code in the second fragment would fail, because C<$boo> has not
+been declared.  C<use strict> was implied, even though you did not
+write it explicitly, because the C<PREPEND> option added it for you
+automatically.
+
+There are two other ways to do this.  At the time you create the
+template object with C<new>, you can also supply a C<PREPEND> option,
+in which case the statements will be prepended each time you fill in
+that template.  If the C<fill_in> call has its own C<PREPEND> option,
+this overrides the one specified at the time you created the
+template.  Finally, you can make the class method call
+
+	Text::Template->always_prepend('perl statements');
+
+If you do this, then call calls to C<fill_in> for I<any> template will
+attach the perl statements to the beginning of each program fragment,
+except where overridden by C<PREPEND> options to C<new> or C<fill_in>.
+
+=head2 Prepending in Derived Classes
+
+This section is technical, and you should skip it on the first few
+readings. 
+
+Normally there are three places that prepended text could come from.
+It could come from the C<PREPEND> option in the C<fill_in> call, from
+the C<PREPEND> option in the C<new> call that created the template
+object, or from the argument of the C<always_prepend> call.
+C<Text::Template> looks for these three things in order and takes the
+first one that it finds.
+
+In a subclass of C<Text::Template>, this last possibility is
+ambiguous.  Suppose C<S> is a subclass of C<Text::Template>.  Should 
+
+	Text::Template->always_prepend(...);
+
+affect objects in class C<Derived>?  The answer is that you can have it
+either way.  
+
+The C<always_prepend> value for C<Text::Template> is normally stored
+in  a hash variable named C<%GLOBAL_PREPEND> under the key
+C<Text::Template>.  When C<Text::Template> looks to see what text to
+prepend, it first looks in the template object itself, and if not, it
+looks in C<$GLOBAL_PREPEND{I<class>}> where I<class> is the class to
+which the template object belongs.  If it doesn't find any value, it
+looks in C<$GLOBAL_PREPEND{'Text::Template'}>.  This means that
+objects in class C<Derived> I<will> be affected by
+
+	Text::Template->always_prepend(...);
+
+I<unless> there is also a call to
+
+	Derived->always_prepend(...);
+
+So when you're designing your derived class, you can arrange to have
+your objects ignore C<Text::Template::always_prepend> calls by simply
+putting C<Derived-E<gt>always_prepend('')> at the top of your module.
+
+Of course, there is also a final escape hatch: Templates support a
+C<prepend_text> that is used to look up the appropriate text to be
+prepended at C<fill_in> time.  Your derived class can override this
+method to get an arbitrary effect.
+
+=head2 JavaScript
+
+Jennifer D. St Clair asks:
+
+	> Most of my pages contain JavaScript and Stylesheets.
+        > How do I change the template identifier?  
+
+Jennifer is worried about the braces in the JavaScript being taken as
+the delimiters of the Perl program fragments.  Of course, disaster
+will ensue when perl tries to evaluate these as if they were Perl
+programs.  The best choice is to find some unambiguous delimiter
+strings that you can use in your template instead of curly braces, and
+then use the C<DELIMITERS> option.  However, if you can't do this for
+some reason, there are  two easy workarounds:
+
+1. You can put C<\> in front of C<{>, C<}>, or C<\> to remove its
+special meaning.  So, for example, instead of
+
+	    if (br== "n3") { 
+		// etc.
+	    }
+
+you can put
+
+	    if (br== "n3") \{ 
+		// etc.
+	    \}
+
+and it'll come out of the template engine the way you want.
+
+But here is another method that is probably better.  To see how it
+works, first consider what happens if you put this into a template:
+
+	    { 'foo' }
+
+Since it's in braces, it gets evaluated, and obviously, this is going
+to turn into
+
+	    foo
+
+So now here's the trick: In Perl, C<q{...}> is the same as C<'...'>.
+So if we wrote
+
+	    {q{foo}}
+
+it would turn into 
+
+	    foo
+
+So for your JavaScript, just write
+
+	    {q{if (br== "n3") { 
+	  	 // etc.
+	       }}
+	    }
+
+and it'll come out as
+
+	      if (br== "n3") { 
+	  	  // etc.
+	      }
+
+which is what you want.
+
+
+=head2 Shut Up!
+
+People sometimes try to put an initialization section at the top of
+their templates, like this:
+
+	{ ...
+	  $var = 17;
+	}
+
+Then they complain because there is a C<17> at the top of the output
+that they didn't want to have there.  
+
+Remember that a program fragment is replaced with its own return
+value, and that in Perl the return value of a code block is the value
+of the last expression that was evaluated, which in this case is 17.
+If it didn't do that, you wouldn't be able to write C<{$recipient}>
+and have the recipient filled in.
+
+To prevent the 17 from appearing in the output is very simple:
+
+	{ ...
+	  $var = 17;
+	  '';
+	}
+
+Now the last expression evaluated yields the empty string, which is
+invisible.  If you don't like the way this looks, use
+
+	{ ...
+	  $var = 17;
+	  ($SILENTLY);
+	}
+
+instead.  Presumably, C<$SILENTLY> has no value, so nothing will be
+interpolated.  This is what is known as a `trick'.
+
+=head2 Compatibility
+
+Every effort has been made to make this module compatible with older
+versions.  The only known exceptions follow:
+
+The output format of the default C<BROKEN> subroutine has changed
+twice, most recently between versions 1.31 and 1.40.
+
+Starting in version 1.10, the C<$OUT> variable is arrogated for a
+special meaning.  If you had templates before version 1.10 that
+happened to use a variable named C<$OUT>, you will have to change them
+to use some other variable or all sorts of strangeness will result.
+
+Between versions 0.1b and 1.00 the behavior of the \ metacharacter
+changed.  In 0.1b, \\ was special everywhere, and the template
+processor always replaced it with a single backslash before passing
+the code to Perl for evaluation.  The rule now is more complicated but
+probably more convenient.  See the section on backslash processing,
+below, for a full discussion.
+
+=head2 Backslash Processing
+
+In C<Text::Template> beta versions, the backslash was special whenever
+it appeared before a brace or another backslash.  That meant that
+while C<{"\n"}> did indeed generate a newline, C<{"\\"}> did not
+generate a backslash, because the code passed to Perl for evaluation
+was C<"\"> which is a syntax error.  If you wanted a backslash, you
+would have had to write C<{"\\\\"}>.
+
+In C<Text::Template> versions 1.00 through 1.10, there was a bug:
+Backslash was special everywhere.  In these versions, C<{"\n"}>
+generated the letter C<n>.
+
+The bug has been corrected in version 1.11, but I did not go back to
+exactly the old rule, because I did not like the idea of having to
+write C<{"\\\\"}> to get one backslash.  The rule is now more
+complicated to remember, but probably easier to use.  The rule is now:
+Backslashes are always passed to Perl unchanged I<unless> they occur
+as part of a sequence like C<\\\\\\{> or C<\\\\\\}>.  In these
+contexts, they are special; C<\\> is replaced with C<\>, and C<\{> and
+C<\}> signal a literal brace. 
+
+Examples:
+
+	\{ foo \}
+
+is I<not> evaluated, because the C<\> before the braces signals that
+they should be taken literally.  The result in the output looks like this: 
+
+	{ foo }
+
+
+This is a syntax error:
+
+	{ "foo}" }
+
+because C<Text::Template> thinks that the code ends at the first C<}>,
+and then gets upset when it sees the second one.  To make this work
+correctly, use
+
+	{ "foo\}" }
+
+This passes C<"foo}"> to Perl for evaluation.  Note there's no C<\> in
+the evaluated code.  If you really want a C<\> in the evaluated code,
+use
+
+	{ "foo\\\}" }
+
+This passes C<"foo\}"> to Perl for evaluation.
+
+Starting with C<Text::Template> version 1.20, backslash processing is
+disabled if you use the C<DELIMITERS> option to specify alternative
+delimiter strings.
+
+=head2 A short note about C<$Text::Template::ERROR>
+
+In the past some people have fretted about `violating the package
+boundary' by examining a variable inside the C<Text::Template>
+package.  Don't feel this way.  C<$Text::Template::ERROR> is part of
+the published, official interface to this package.  It is perfectly OK
+to inspect this variable.  The interface is not going to change.
+
+If it really, really bothers you, you can import a function called
+C<TTerror> that returns the current value of the C<$ERROR> variable.
+So you can say:
+
+	use Text::Template 'TTerror';
+
+	my $template = new Text::Template (SOURCE => $filename);
+	unless ($template) {
+	  my $err = TTerror;
+	  die "Couldn't make template: $err; aborting";
+	}
+
+I don't see what benefit this has over just doing this:
+
+	use Text::Template;
+
+	my $template = new Text::Template (SOURCE => $filename)
+	  or die "Couldn't make template: $Text::Template::ERROR; aborting";
+
+But if it makes you happy to do it that way, go ahead.
+
+=head2 Sticky Widgets in Template Files
+
+The C<CGI> module provides functions for `sticky widgets', which are
+form input controls that retain their values from one page to the
+next.   Sometimes people want to know how to include these widgets
+into their template output.
+
+It's totally straightforward.  Just call the C<CGI> functions from
+inside the template:
+
+	{ $q->checkbox_group(NAME => 'toppings',
+		  	     LINEBREAK => true,
+			     COLUMNS => 3,
+			     VALUES => \@toppings,
+			    );
+	}
+
+=head2 Automatic preprocessing of program fragments
+
+It may be useful to preprocess the program fragments before they are
+evaluated.  See C<Text::Template::Preprocess> for more details.
+
+=head2 Automatic postprocessing of template hunks
+
+It may be useful to process hunks of output before they are appended to
+the result text.  For this, subclass and replace the C<append_text_to_result>
+method.  It is passed a list of pairs with these entries:
+
+  handle - a filehandle to which to print the desired output
+  out    - a ref to a string to which to append, to use if handle is not given
+  text   - the text that will be appended
+  type   - where the text came from: TEXT for literal text, PROG for code
+
+=head2 Author
+
+Mark Jason Dominus, Plover Systems
+
+Please send questions and other remarks about this software to
+C<mjd-perl-template+@plover.com>
+
+You can join a very low-volume (E<lt>10 messages per year) mailing
+list for announcements about this package.  Send an empty note to
+C<mjd-perl-template-request@plover.com> to join.
+
+For updates, visit C<http://www.plover.com/~mjd/perl/Template/>.
+
+=head2 Support?
+
+This software is version 1.46.  It may have bugs.  Suggestions and bug
+reports are always welcome.  Send them to
+C<mjd-perl-template+@plover.com>.  (That is my address, not the address
+of the mailing list.  The mailing list address is a secret.)
+
+=head1 LICENSE
+
+    Text::Template version 1.46
+    Copyright 2013 Mark Jason Dominus
+
+    This program is free software; you can redistribute it and/or
+    modify it under the terms of the GNU General Public License as
+    published by the Free Software Foundation; either version 2 of the
+    License, or (at your option) any later version.  You may also can
+    redistribute it and/or modify it under the terms of the Perl
+    Artistic License.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received copies of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+
+=head1 THANKS
+
+Many thanks to the following people for offering support,
+encouragement, advice, bug reports, and all the other good stuff.  
+
+David H. Adler /
+Joel Appelbaum /
+Klaus Arnhold /
+AntE<oacute>nio AragE<atilde>o /
+Kevin Atteson /
+Chris.Brezil /
+Mike Brodhead /
+Tom Brown /
+Dr. Frank Bucolo /
+Tim Bunce /
+Juan E. Camacho /
+Itamar Almeida de Carvalho /
+Joseph Cheek /
+Gene Damon /
+San Deng /
+Bob Dougherty /
+Marek Grac /
+Dan Franklin /
+gary at dls.net /
+Todd A. Green /
+Donald L. Greer Jr. /
+Michelangelo Grigni /
+Zac Hansen /
+Tom Henry /
+Jarko Hietaniemi /
+Matt X. Hunter /
+Robert M. Ioffe /
+Daniel LaLiberte /
+Reuven M. Lerner /
+Trip Lilley / 
+Yannis Livassof /
+Val Luck /
+Kevin Madsen /
+David Marshall /
+James Mastros /
+Joel Meulenberg /
+Jason Moore /
+Sergey Myasnikov /
+Chris Nandor /
+Bek Oberin /
+Steve Palincsar /
+Ron Pero /
+Hans Persson /
+Sean Roehnelt /
+Jonathan Roy /
+Shabbir J. Safdar /
+Jennifer D. St Clair /
+Uwe Schneider /
+Randal L. Schwartz /
+Michael G Schwern /
+Yonat Sharon /
+Brian C. Shensky /
+Niklas Skoglund /
+Tom Snee /
+Fred Steinberg /
+Hans Stoop /
+Michael J. Suzio /
+Dennis Taylor /
+James H. Thompson /
+Shad Todd /
+Lieven Tomme /
+Lorenzo Valdettaro /
+Larry Virden /
+Andy Wardley /
+Archie Warnock /
+Chris Wesley /
+Matt Womer /
+Andrew G Wood /
+Daini Xie /
+Michaely Yeung
+
+Special thanks to:
+
+=over 2
+
+=item Jonathan Roy 
+
+for telling me how to do the C<Safe> support (I spent two years
+worrying about it, and then Jonathan pointed out that it was trivial.)
+
+=item Ranjit Bhatnagar 
+
+for demanding less verbose fragments like they have in ASP, for
+helping me figure out the Right Thing, and, especially, for talking me
+out of adding any new syntax.  These discussions resulted in the
+C<$OUT> feature.
+
+=back
+
+=head2 Bugs and Caveats
+
+C<my> variables in C<fill_in> are still susceptible to being clobbered
+by template evaluation.  They all begin with C<fi_>, so avoid those
+names in your templates.
+
+The line number information will be wrong if the template's lines are
+not terminated by C<"\n">.  You should let me know if this is a
+problem.  If you do, I will fix it.
+
+The C<$OUT> variable has a special meaning in templates, so you cannot
+use it as if it were a regular variable.
+
+There are not quite enough tests in the test suite.
+
+=cut
diff --git a/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/lib/Text/Template/Preprocess.pm b/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/lib/Text/Template/Preprocess.pm
new file mode 100644
index 000000000..1e41037bd
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/lib/Text/Template/Preprocess.pm
@@ -0,0 +1,144 @@
+
+package Text::Template::Preprocess;
+use Text::Template;
+@ISA = qw(Text::Template);
+$Text::Template::Preprocess::VERSION = 1.46;
+
+sub fill_in {
+  my $self = shift;
+  my (%args) = @_;
+  my $pp = $args{PREPROCESSOR} || $self->{PREPROCESSOR} ;
+  if ($pp) {
+    local $_ = $self->source();
+#    print "# fill_in: before <$_>\n";
+    &$pp;
+#    print "# fill_in: after <$_>\n";
+    $self->set_source_data($_);
+  }
+  $self->SUPER::fill_in(@_);
+}
+
+sub preprocessor {
+  my ($self, $pp) = @_;
+  my $old_pp = $self->{PREPROCESSOR};
+  $self->{PREPROCESSOR} = $pp if @_ > 1;  # OK to pass $pp=undef
+  $old_pp;
+}
+
+1;
+
+
+=head1 NAME 
+
+Text::Template::Preprocess - Expand template text with embedded Perl
+
+=head1 VERSION
+
+This file documents C<Text::Template::Preprocess> version B<1.46>
+
+=head1 SYNOPSIS
+
+ use Text::Template::Preprocess;
+
+ my $t = Text::Template::Preprocess->new(...);  # identical to Text::Template
+
+ # Fill in template, but preprocess each code fragment with pp().
+ my $result = $t->fill_in(..., PREPROCESSOR => \&pp);
+
+ my $old_pp = $t->preprocessor(\&new_pp);
+
+=head1 DESCRIPTION
+
+C<Text::Template::Preprocess> provides a new C<PREPROCESSOR> option to
+C<fill_in>.  If the C<PREPROCESSOR> option is supplied, it must be a
+reference to a preprocessor subroutine.  When filling out a template,
+C<Text::Template::Preprocessor> will use this subroutine to preprocess
+the program fragment prior to evaluating the code.
+
+The preprocessor subroutine will be called repeatedly, once for each
+program fragment.  The program fragment will be in C<$_>.  The
+subroutine should modify the contents of C<$_> and return.
+C<Text::Template::Preprocess> will then execute contents of C<$_> and
+insert the result into the appropriate part of the template.
+
+C<Text::Template::Preprocess> objects also support a utility method,
+C<preprocessor()>, which sets a new preprocessor for the object.  This
+preprocessor is used for all subsequent calls to C<fill_in> except
+where overridden by an explicit C<PREPROCESSOR> option.
+C<preprocessor()> returns the previous default preprocessor function,
+or undefined if there wasn't one.  When invoked with no arguments,
+C<preprocessor()> returns the object's current default preprocessor
+function without changing it.
+
+In all other respects, C<Text::Template::Preprocess> is identical to
+C<Text::Template>.
+
+=head1 WHY?
+
+One possible purpose:  If your files contain a lot of JavaScript, like
+this:
+
+
+        Plain text here...
+        { perl code }
+        <script language=JavaScript>
+     	      if (br== "n3") { 
+	  	  // etc.
+	      }
+        </script>
+        { more perl code }
+        More plain text...
+
+You don't want C<Text::Template> to confuse the curly braces in the
+JavaScript program with executable Perl code.  One strategy:
+
+        sub quote_scripts {
+          s(<script(.*?)</script>)(q{$1})gsi;
+        }
+
+Then use C<PREPROCESSOR =E<gt> \&quote_scripts>.  This will transform 
+
+
+
+=head1 SEE ALSO
+
+L<Text::Template>
+
+=head1 AUTHOR
+
+
+Mark Jason Dominus, Plover Systems
+
+Please send questions and other remarks about this software to
+C<mjd-perl-template+@plover.com>
+
+You can join a very low-volume (E<lt>10 messages per year) mailing
+list for announcements about this package.  Send an empty note to
+C<mjd-perl-template-request@plover.com> to join.
+
+For updates, visit C<http://www.plover.com/~mjd/perl/Template/>.
+
+=head1 LICENSE
+
+    Text::Template::Preprocess version 1.46
+    Copyright 2013 Mark Jason Dominus
+
+    This program is free software; you can redistribute it and/or
+    modify it under the terms of the GNU General Public License as
+    published by the Free Software Foundation; either version 2 of the
+    License, or (at your option) any later version.  You may also can
+    redistribute it and/or modify it under the terms of the Perl
+    Artistic License.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received copies of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+
+=cut
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/t/00-version.t b/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/t/00-version.t
new file mode 100644
index 000000000..5f9560f89
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/t/00-version.t
@@ -0,0 +1,11 @@
+#!perl
+
+use Text::Template;
+print "1..1\n";
+
+if ($Text::Template::VERSION == 1.46) {
+        print "ok 1\n";
+} else {
+        print "not ok 1\n";
+}
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/t/01-basic.t b/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/t/01-basic.t
new file mode 100644
index 000000000..be43390c6
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/t/01-basic.t
@@ -0,0 +1,266 @@
+#!perl
+#
+# Tests of basic, essential functionality
+#
+
+use Text::Template;
+$X::v = $Y::v = 0;		# Suppress `var used only once'
+
+print "1..31\n";
+
+$n=1;
+
+$template_1 = <<EOM;
+We will put value of \$v (which is "abc") here -> {\$v}
+We will evaluate 1+1 here -> {1 + 1}
+EOM
+
+# (1) Construct temporary template file for testing
+# file operations
+$TEMPFILE = "tt$$";
+open(TMP, "> $TEMPFILE") or print "not ok $n\n" && &abort("Couldn\'t write tempfile $TEMPFILE: $!");
+print TMP $template_1;
+close TMP;
+print "ok $n\n"; $n++;
+
+# (2) Build template from file
+$template = new Text::Template ('type' => 'FILE', 'source' => $TEMPFILE);
+if (defined($template)) {
+  print "ok $n\n";
+} else {
+  print "not ok $n $Text::Template::ERROR\n";
+}
+$n++;
+
+# (3) Fill in template from file
+$X::v = "abc";	
+$resultX = <<EOM;
+We will put value of \$v (which is "abc") here -> abc
+We will evaluate 1+1 here -> 2
+EOM
+$Y::v = "ABC";	
+$resultY = <<EOM;
+We will put value of \$v (which is "abc") here -> ABC
+We will evaluate 1+1 here -> 2
+EOM
+
+$text = $template->fill_in('package' => X);
+if ($text eq $resultX) {
+  print "ok $n\n";
+} else {
+  print "not ok $n\n";
+}
+$n++;
+
+# (4) Fill in same template again
+$text = $template->fill_in('package' => Y);
+if ($text eq $resultY) {
+  print "ok $n\n";
+} else {
+  print "not ok $n\n";
+}
+$n++;
+
+
+
+# (5) Simple test of `fill_this_in'
+$text = Text::Template->fill_this_in( $template_1, 'package' => X);
+if ($text eq $resultX) {
+  print "ok $n\n";
+} else {
+  print "not ok $n\n";
+}
+$n++;
+
+# (6) test creation of template from filehandle
+if (open (TMPL, "< $TEMPFILE")) {
+  $template = new Text::Template ('type' => 'FILEHANDLE', 
+				  'source' => *TMPL);
+  if (defined($template)) {
+    print "ok $n\n";
+  } else {
+    print "not ok $n $Text::Template::ERROR\n";
+  }
+  $n++;
+
+# (7) test filling in of template from filehandle
+  $text = $template->fill_in('package' => X);
+  if ($text eq $resultX) {
+    print "ok $n\n";
+  } else {
+    print "not ok $n\n";
+  }
+  $n++;
+
+# (8) test second fill_in on same template object
+  $text = $template->fill_in('package' => Y);
+  if ($text eq $resultY) {
+    print "ok $n\n";
+  } else {
+    print "not ok $n\n";
+  }
+  $n++;
+  close TMPL;
+} else {
+  print "not ok $n\n";  $n++;
+  print "not ok $n\n";  $n++;
+  print "not ok $n\n";  $n++;
+}
+
+
+# (9) test creation of template from array
+$template = new Text::Template 
+    ('type' => 'ARRAY', 
+     'source' => [ 
+		  'We will put value of $v (which is "abc") here -> {$v}',
+		  "\n",
+		  'We will evaluate 1+1 here -> {1+1}',
+		  "\n",
+		  ]);
+if (defined($template)) {
+  print "ok $n\n";
+} else {
+  print "not ok $n $Text::Template::ERROR\n";
+}
+$n++;
+
+# (10) test filling in of template from array
+$text = $template->fill_in('package' => X);
+if ($text eq $resultX) {
+  print "ok $n\n";
+} else {
+  print "not ok $n\n";
+}
+$n++;
+
+# (11) test second fill_in on same array template object
+$text = $template->fill_in('package' => Y);
+if ($text eq $resultY) {
+  print "ok $n\n";
+} else {
+  print "not ok $n\n";
+  print STDERR "$resultX\n---\n$text";
+  unless (!defined($text)) { print STDERR "ERROR: $Text::Template::ERROR\n"};
+}
+$n++;
+
+
+
+# (12) Make sure \ is working properly
+# Test added for version 1.11
+my $tmpl = Text::Template->new(TYPE => 'STRING',
+			       SOURCE => 'B{"\\}"}C{"\\{"}D',
+			       );
+# This should fail if the \ are not interpreted properly.
+my $text = $tmpl->fill_in();
+print +($text eq "B}C{D" ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (13) Make sure \ is working properly
+# Test added for version 1.11
+$tmpl = Text::Template->new(TYPE => 'STRING',
+			    SOURCE => qq{A{"\t"}B},
+			   );
+# Symptom of old problem:  ALL \ were special in templates, so
+# The lexer would return (A, PROGTEXT("t"), B), and the
+# result text would be AtB instead of A(tab)B.
+$text = $tmpl->fill_in();
+
+print +($text eq "A\tB" ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (14-27) Make sure \ is working properly
+# Test added for version 1.11
+# This is a sort of general test.
+my @tests = ('{""}' => '',	# (14)
+	     '{"}"}' => undef,  # (15)
+	     '{"\\}"}' => '}',	# One backslash
+	     '{"\\\\}"}' => undef, # Two backslashes
+	     '{"\\\\\\}"}' => '}', # Three backslashes
+	     '{"\\\\\\\\}"}' => undef, # Four backslashes
+	     '{"\\\\\\\\\\}"}' => '\}', # Five backslashes  (20)
+	     '{"x20"}' => 'x20',
+	     '{"\\x20"}' => ' ',	# One backslash
+	     '{"\\\\x20"}' => '\\x20', # Two backslashes
+	     '{"\\\\\\x20"}' => '\\ ', # Three backslashes
+	     '{"\\\\\\\\x20"}' => '\\\\x20', # Four backslashes  (25)
+	     '{"\\\\\\\\\\x20"}' => '\\\\ ', # Five backslashes
+	     '{"\\x20\\}"}' => ' }', # (27)
+	    );
+
+my $i;
+for ($i=0; $i<@tests; $i+=2) {
+  my $tmpl = Text::Template->new(TYPE => 'STRING',
+				 SOURCE => $tests[$i],
+				);
+  my $text = $tmpl->fill_in;
+  my $result = $tests[$i+1];
+  my $ok = (! defined $text && ! defined $result
+	    || $text eq $result);
+  unless ($ok) {
+    print STDERR "($n) expected .$result., got .$text.\n";
+  }
+  print +($ok ? '' : 'not '), "ok $n\n";
+  $n++;
+}
+
+
+# (28-30) I discovered that you can't pass a glob ref as your filehandle.
+# MJD 20010827
+# (28) test creation of template from filehandle
+if (open (TMPL, "< $TEMPFILE")) {
+  $template = new Text::Template ('type' => 'FILEHANDLE', 
+				  'source' => \*TMPL);
+  if (defined($template)) {
+    print "ok $n\n";
+  } else {
+    print "not ok $n $Text::Template::ERROR\n";
+  }
+  $n++;
+
+# (29) test filling in of template from filehandle
+  $text = $template->fill_in('package' => X);
+  if ($text eq $resultX) {
+    print "ok $n\n";
+  } else {
+    print "not ok $n\n";
+  }
+  $n++;
+
+# (30) test second fill_in on same template object
+  $text = $template->fill_in('package' => Y);
+  if ($text eq $resultY) {
+    print "ok $n\n";
+  } else {
+    print "not ok $n\n";
+  }
+  $n++;
+  close TMPL;
+} else {
+  print "not ok $n\n";  $n++;
+  print "not ok $n\n";  $n++;
+  print "not ok $n\n";  $n++;
+}
+
+# (31) Test _scrubpkg for leakiness
+$Text::Template::GEN0::test = 1;
+Text::Template::_scrubpkg('Text::Template::GEN0');
+if ($Text::Template::GEN0::test) {
+  print "not ok $n\n";
+} else {
+  print "ok $n\n";
+}
+$n++;
+
+
+END {unlink $TEMPFILE;}
+
+exit;
+
+
+
+
+sub abort {
+  unlink $TEMPFILE;
+  die $_[0];
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/t/02-hash.t b/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/t/02-hash.t
new file mode 100644
index 000000000..29ba51a40
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/t/02-hash.t
@@ -0,0 +1,111 @@
+#!perl
+#
+# test apparatus for Text::Template module
+# still incomplete.
+
+use Text::Template;
+
+die "This is the test program for Text::Template version 1.46.
+You are using version $Text::Template::VERSION instead.
+That does not make sense.\n
+Aborting"
+  unless $Text::Template::VERSION == 1.46;
+
+
+print "1..12\n";
+
+$n=1;
+
+$template = 'We will put value of $v (which is "good") here -> {$v}';
+
+$v = 'oops (main)';
+$Q::v = 'oops (Q)';
+
+$vars = { 'v' => \'good' };
+
+# (1) Build template from string
+$template = new Text::Template ('type' => 'STRING', 'source' => $template);
+print +($template ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (2) Fill in template in anonymous package
+$result2 = 'We will put value of $v (which is "good") here -> good';
+$text = $template->fill_in(HASH => $vars);
+print +($text eq $result2 ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (3) Did we clobber the main variable?
+print +($v eq 'oops (main)' ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (4) Fill in same template again
+$result4 = 'We will put value of $v (which is "good") here -> good';
+$text = $template->fill_in(HASH => $vars);
+print +($text eq $result4 ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (5) Now with a package
+$result5 = 'We will put value of $v (which is "good") here -> good';
+$text = $template->fill_in(HASH => $vars, PACKAGE => 'Q');
+print +($text eq $result5 ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (6) We expect to have clobbered the Q variable.
+print +($Q::v eq 'good' ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (7) Now let's try it without a package
+$result7 = 'We will put value of $v (which is "good") here -> good';
+$text = $template->fill_in(HASH => $vars);
+print +($text eq $result7 ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (8-11) Now what does it do when we pass a hash with undefined values?
+# Roy says it does something bad. (Added for 1.20.)
+my $WARNINGS = 0;
+{
+  local $SIG{__WARN__} = sub {$WARNINGS++};
+  local $^W = 1;       # Make sure this is on for this test
+  $template8 = 'We will put value of $v (which is "good") here -> {defined $v ? "bad" : "good"}';
+  $result8 = 'We will put value of $v (which is "good") here -> good';
+  my $template = 
+    new Text::Template ('type' => 'STRING', 'source' => $template8);
+  my $text = $template->fill_in(HASH => {'v' => undef});
+  # (8) Did we generate a warning?
+  print +($WARNINGS == 0 ? '' : 'not '), "ok $n\n";
+  $n++;
+  
+  # (9) Was the output correct?
+  print +($text eq $result8 ? '' : 'not '), "ok $n\n";
+  $n++;
+
+  # (10-11) Let's try that again, with a twist this time
+  $WARNINGS = 0;
+  $text = $template->fill_in(HASH => [{'v' => 17}, {'v' => undef}]);
+  # (10) Did we generate a warning?
+  print +($WARNINGS == 0 ? '' : 'not '), "ok $n\n";
+  $n++;
+  
+  # (11) Was the output correct?
+  if ($] < 5.005) {
+    print "ok $n # skipped -- not supported before 5.005\n";
+  } else {
+    print +($text eq $result8 ? '' : 'not '), "ok $n\n";
+  }
+  $n++;
+}
+
+
+# (12) Now we'll test the multiple-hash option  (Added for 1.20.)
+$text = Text::Template::fill_in_string(q{$v: {$v}.  @v: [{"@v"}].},
+				       HASH => [{'v' => 17}, 
+						{'v' => ['a', 'b', 'c']},
+						{'v' => \23},
+					       ]);
+$result = q{$v: 23.  @v: [a b c].};
+print +($text eq $result ? '' : 'not '), "ok $n\n";
+$n++;
+
+
+exit;
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/t/03-out.t b/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/t/03-out.t
new file mode 100644
index 000000000..0ba65a54d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/t/03-out.t
@@ -0,0 +1,56 @@
+#!perl
+#
+# test apparatus for Text::Template module
+# still incomplete.
+#
+
+use Text::Template;
+
+die "This is the test program for Text::Template version 1.46
+You are using version $Text::Template::VERSION instead.
+That does not make sense.\n
+Aborting"
+  unless $Text::Template::VERSION == 1.46;
+
+print "1..1\n";
+
+$n=1;
+
+$template = q{
+This line should have a 3: {1+2}
+
+This line should have several numbers:
+{ $t = ''; foreach $n (1 .. 20) { $t .= $n . ' ' } $t }
+};
+
+$templateOUT = q{
+This line should have a 3: { $OUT = 1+2 }
+
+This line should have several numbers:
+{ foreach $n (1 .. 20) { $OUT .= $n . ' ' } }
+};
+
+# Build templates from string
+$template = new Text::Template ('type' => 'STRING', 'source' => $template)
+  or die;
+$templateOUT = new Text::Template ('type' => 'STRING', 'source' => $templateOUT)
+  or die;
+
+# Fill in templates
+$text = $template->fill_in()
+  or die;
+$textOUT = $templateOUT->fill_in()
+  or die;
+
+# (1) They should be the same
+print +($text eq $textOUT ? '' : 'not '), "ok $n\n";
+$n++;
+
+# Missing:  Test this feature in Safe compartments; 
+# it's a totally different code path.
+# Decision: Put that into safe.t, because that file should
+# be skipped when Safe.pm is unavailable.
+
+
+exit;
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/t/04-safe.t b/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/t/04-safe.t
new file mode 100644
index 000000000..4c07121b4
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/t/04-safe.t
@@ -0,0 +1,161 @@
+#!perl
+#
+# test apparatus for Text::Template module
+# still incomplete.
+
+use Text::Template;
+
+BEGIN {
+  eval "use Safe";
+  if ($@) {
+    print "1..0\n";
+    exit 0;
+  }
+}
+
+die "This is the test program for Text::Template version 1.46.
+You are using version $Text::Template::VERSION instead.
+That does not make sense.\n
+Aborting"
+  unless $Text::Template::VERSION == 1.46;
+
+print "1..16\n";
+
+if ($^O eq 'MacOS') {
+  $BADOP = qq{};
+  $FAILURE = q{};
+} else {
+  $BADOP = qq{kill 0};
+  $FAILURE = q{Program fragment at line 1 delivered error ``kill trapped by operation mask''};
+}
+
+$n=1;
+$v = $v = 119;
+
+$c = new Safe or die;
+
+$goodtemplate = q{This should succeed: { $v }};
+$goodoutput   = q{This should succeed: 119};
+
+$template1 = new Text::Template ('type' => 'STRING', 'source' => $goodtemplate)
+  or die;
+$template2 = new Text::Template ('type' => 'STRING', 'source' => $goodtemplate)
+  or die;
+
+$text1 = $template1->fill_in();
+$text2 = $template1->fill_in(SAFE => $c);
+$ERR2 = $@;
+$text3 = $template2->fill_in(SAFE => $c);
+$ERR3 = $@;
+
+# (1)(2)(3) None of these should have failed.
+print +(defined $text1 ? '' : 'not '), "ok $n\n";
+$n++;
+print +(defined $text2 ? '' : 'not '), "ok $n\n";
+$n++;
+print +(defined $text3 ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (4) Safe and non-safe fills of different template objects with the
+# same template text should yield the same result.
+# print +($text1 eq $text3 ? '' : 'not '), "ok $n\n";
+# (4) voided this test:  it's not true, because the unsafe fill
+# uses package main, while the safe fill uses the secret safe package.
+# We could alias the secret safe package to be identical to main,
+# but that wouldn't be safe.  If you want the aliasing, you have to
+# request it explicitly with `PACKAGE'.
+print "ok $n\n";
+$n++;
+
+# (5) Safe and non-safe fills of the same template object
+# should yield the same result.
+# (5) voided this test for the same reason as #4.
+# print +($text1 eq $text2 ? '' : 'not '), "ok $n\n";
+print "ok $n\n";
+$n++;
+
+# (6) Make sure the output was actually correct
+print +($text1 eq $goodoutput ? '' : 'not '), "ok $n\n";
+$n++;
+
+
+$badtemplate     = qq{This should fail: { $BADOP; 'NOFAIL' }};
+$badnosafeoutput = q{This should fail: NOFAIL};
+$badsafeoutput   = q{This should fail: Program fragment delivered error ``kill trapped by operation mask at template line 1.''};
+
+$template1 = new Text::Template ('type' => 'STRING', 'source' => $badtemplate)
+  or die;
+$template2 = new Text::Template ('type' => 'STRING', 'source' => $badtemplate)
+  or die;
+
+$text1 = $template1->fill_in();
+$text2 = $template1->fill_in(SAFE => $c);
+$ERR2 = $@;
+$text3 = $template2->fill_in(SAFE => $c);
+$ERR3 = $@;
+$text4 = $template1->fill_in();
+
+# (7)(8)(9)(10) None of these should have failed.
+print +(defined $text1 ? '' : 'not '), "ok $n\n";
+$n++;
+print +(defined $text2 ? '' : 'not '), "ok $n\n";
+$n++;
+print +(defined $text3 ? '' : 'not '), "ok $n\n";
+$n++;
+print +(defined $text4 ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (11) text1 and text4 should be the same (using safe in between
+# didn't change anything.)
+print +($text1 eq $text4 ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (12) text2 and text3 should be the same (same template text in different
+# objects
+print +($text2 eq $text3 ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (13) text1 should yield badnosafeoutput
+print +($text1 eq $badnosafeoutput ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (14) text2 should yield badsafeoutput
+$text2 =~ s/'kill'/kill/;  # 5.8.1 added quote marks around the op name
+print "# expected: <$badsafeoutput>\n# got     : <$text2>\n";
+print +($text2 eq $badsafeoutput ? '' : 'not '), "ok $n\n";
+$n++;
+
+
+$template = q{{$x=1}{$x+1}};
+
+$template1 = new Text::Template ('type' => 'STRING', 'source' => $template)
+  or die;
+$template2 = new Text::Template ('type' => 'STRING', 'source' => $template)
+  or die;
+
+$text1 = $template1->fill_in();
+$text2 = $template1->fill_in(SAFE => new Safe);
+
+# (15) Do effects persist in safe compartments?
+print +($text1 eq $text2 ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (16) Try the BROKEN routine in safe compartments
+sub my_broken { 
+  my %a = @_; $a{error} =~ s/ at.*//s;
+  "OK! text:$a{text} error:$a{error} lineno:$a{lineno} arg:$a{arg}" ;
+}
+$templateB = new Text::Template (TYPE => 'STRING', SOURCE => '{die}')
+    or die;
+$text1 = $templateB->fill_in(BROKEN => \&my_broken, 
+			     BROKEN_ARG => 'barg',
+			     SAFE => new Safe,
+			     );
+$result1 = qq{OK! text:die error:Died lineno:1 arg:barg};
+print +($text1 eq $result1 ? '' : 'not '), "ok $n\n";
+$n++;
+
+
+
+exit;
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/t/05-safe2.t b/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/t/05-safe2.t
new file mode 100644
index 000000000..03534770f
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/t/05-safe2.t
@@ -0,0 +1,105 @@
+#!perl
+#
+# test apparatus for Text::Template module
+# still incomplete.
+
+use Text::Template;
+
+BEGIN {
+  eval "use Safe";
+  if ($@) {
+    print "1..0\n";
+    exit 0;
+  }
+}
+
+die "This is the test program for Text::Template version 1.46.
+You are using version $Text::Template::VERSION instead.
+That does not make sense.\n
+Aborting"
+  unless $Text::Template::VERSION == 1.46;
+
+print "1..12\n";
+$n = 1;
+
+$c = new Safe or die;
+
+# Test handling of packages and importing.
+$c->reval('$P = "safe root"');
+$P = $P = 'main';
+$Q::P = $Q::P = 'Q';
+
+# How to effectively test the gensymming?
+
+$t = new Text::Template TYPE => 'STRING', SOURCE => 'package is {$P}'
+    or die;
+
+# (1) Default behavior: Inherit from calling package, `main' in this case.
+$text = $t->fill_in();
+print +($text eq 'package is main' ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (2) When a package is specified, we should use that package instead.
+$text = $t->fill_in(PACKAGE => 'Q');
+print +($text eq 'package is Q' ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (3) When no package is specified in safe mode, we should use the
+# default safe root.
+$text = $t->fill_in(SAFE => $c);
+print +($text eq 'package is safe root' ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (4) When a package is specified in safe mode, we should use the
+# default safe root, after aliasing to the specified package
+$text = $t->fill_in(SAFE => $c, PACKAGE => Q);
+print +($text eq 'package is Q' ? '' : 'not '), "ok $n\n";
+$n++;
+
+# Now let's see if hash vars are installed properly into safe templates
+$t = new Text::Template TYPE => 'STRING', SOURCE => 'hash is {$H}'
+    or die;
+
+# (5) First in default mode
+$text = $t->fill_in(HASH => {H => 'good5'} );
+print +($text eq 'hash is good5' ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (6) Now in packages
+$text = $t->fill_in(HASH => {H => 'good6'}, PACKAGE => 'Q' );
+print +($text eq 'hash is good6' ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (7) Now in the default root of the safe compartment
+$text = $t->fill_in(HASH => {H => 'good7'}, SAFE => $c );
+print +($text eq 'hash is good7' ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (8) Now in the default root after aliasing to a package that
+# got the hash stuffed in
+$text = $t->fill_in(HASH => {H => 'good8'}, SAFE => $c, PACKAGE => 'Q2' );
+print +($text eq 'hash is good8' ? '' : 'not '), "ok $n\n";
+$n++;
+
+# Now let's make sure that none of the packages leaked on each other.
+# (9) This var should NOT have been installed into the main package
+print +(defined $H ? 'not ' : ''), "ok $n\n";
+$H=$H;
+$n++;
+
+# (10) good6 was overwritten in test 7, so there's nothing to test for here.
+print "ok $n\n";
+$n++;
+
+# (11) this value overwrote the one from test 6.
+print +($Q::H eq 'good7' ? '' : 'not '), "ok $n\n";
+$Q::H = $Q::H;
+$n++;
+
+# (12) 
+print +($Q2::H eq 'good8' ? '' : 'not '), "ok $n\n";
+$Q2::H = $Q2::H;
+$n++;
+
+
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/t/06-ofh.t b/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/t/06-ofh.t
new file mode 100644
index 000000000..6865ad194
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/t/06-ofh.t
@@ -0,0 +1,39 @@
+#!perl
+#
+# test apparatus for Text::Template module
+# still incomplete.
+
+use Text::Template;
+
+die "This is the test program for Text::Template version 1.46.
+You are using version $Text::Template::VERSION instead.
+That does not make sense.\n
+Aborting"
+  unless $Text::Template::VERSION == 1.46;
+
+print "1..2\n";
+
+$n=1;
+
+$template = new Text::Template TYPE => STRING, SOURCE => q{My process ID is {$$}};
+$of = "t$$";
+END { unlink $of }
+open O, "> $of" or die;
+
+$text = $template->fill_in(OUTPUT => \*O);
+
+# (1) No $text should have been constructed.  Return value should be true.
+print +($text eq '1' ? '' : 'not '), "ok $n\n";
+$n++;
+
+close O or die;
+open I, "< $of" or die;
+{ local $/; $t = <I> }
+close I;
+
+# (2) The text should have been printed to the file
+print +($t eq "My process ID is $$" ? '' : 'not '), "ok $n\n";
+$n++;
+
+exit;
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/t/07-safe3.t b/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/t/07-safe3.t
new file mode 100644
index 000000000..5f438f614
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/t/07-safe3.t
@@ -0,0 +1,91 @@
+#!perl
+#
+# test apparatus for Text::Template module
+
+use Text::Template;
+
+BEGIN {
+  eval "use Safe";
+  if ($@) {
+    print "1..0\n";
+    exit 0;
+  }
+}
+
+die "This is the test program for Text::Template version 1.46.
+You are using version $Text::Template::VERSION instead.
+That does not make sense.\n
+Aborting"
+  unless $Text::Template::VERSION == 1.46;
+
+print "1..3\n";
+
+$n=1;
+
+# Test the OUT feature with safe compartments
+
+$template = q{
+This line should have a 3: {1+2}
+
+This line should have several numbers:
+{ $t = ''; foreach $n (1 .. 20) { $t .= $n . ' ' } $t }
+};
+
+$templateOUT = q{
+This line should have a 3: { $OUT = 1+2 }
+
+This line should have several numbers:
+{ foreach $n (1 .. 20) { $OUT .= $n . ' ' } }
+};
+
+$c = new Safe;
+
+# Build templates from string
+$template = new Text::Template ('type' => 'STRING', 'source' => $template,
+			       SAFE => $c)
+  or die;
+$templateOUT = new Text::Template ('type' => 'STRING', 'source' => $templateOUT,
+				  SAFE => $c)
+  or die;
+
+# Fill in templates
+$text = $template->fill_in()
+  or die;
+$textOUT = $templateOUT->fill_in()
+  or die;
+
+# (1) They should be the same
+print +($text eq $textOUT ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (2-3)  "Joel Appelbaum" <joel@orbz.com> <000701c0ac2c$aed1d6e0$0201a8c0@prime>
+# "Contrary to the documentation the $OUT variable is not always
+# undefined at the start of each program fragment.  The $OUT variable
+# is never undefined after it is used once if you are using the SAFE
+# option.  The result is that every fragment after the fragment that
+# $OUT was used in is replaced by the old $OUT value instead of the
+# result of the fragment.  This holds true even after the
+# Text::Template object goes out of scope and a new one is created!"
+#
+# Also reported by Daini Xie.
+
+{
+  my $template = q{{$OUT = 'x'}y{$OUT .= 'z'}};
+  my $expected = "xyz";
+  my $s = Safe->new;
+  my $o = Text::Template->new(type => 'string',
+                              source => $template,
+                             );
+  for (1..2) {
+    my $r = $o->fill_in(SAFE => $s);
+    if ($r ne $expected) {
+      print "not ok $n # <$r>\n";
+    } else {
+      print "ok $n\n";
+    }
+    $n++;
+  }
+}
+
+exit;
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/t/08-exported.t b/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/t/08-exported.t
new file mode 100644
index 000000000..ef9cfafde
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/t/08-exported.t
@@ -0,0 +1,75 @@
+#!perl
+#
+# test apparatus for Text::Template module
+# still incomplete.
+
+use Text::Template 'fill_in_file', 'fill_in_string';
+
+die "This is the test program for Text::Template version 1.46.
+You are using version $Text::Template::VERSION instead.
+That does not make sense.\n
+Aborting"
+  unless $Text::Template::VERSION == 1.46;
+
+print "1..6\n";
+
+$n=1;
+$Q::n = $Q::n = 119; 
+
+# (1) Test fill_in_string
+$out = fill_in_string('The value of $n is {$n}.', PACKAGE => 'Q' );
+print +($out eq 'The value of $n is 119.' ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (2) Test fill_in_file
+$TEMPFILE = "tt$$";
+open F, "> $TEMPFILE" or die "Couldn't open test file: $!; aborting";
+print F 'The value of $n is {$n}.', "\n";
+close F or die "Couldn't write test file: $!; aborting";
+$R::n = $R::n = 8128; 
+
+$out = fill_in_file($TEMPFILE, PACKAGE => 'R');
+print +($out eq "The value of \$n is 8128.\n" ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (3) Jonathan Roy reported this bug:
+open F, "> $TEMPFILE" or die "Couldn't open test file: $!; aborting";
+print F "With a message here? [% \$var %]\n";
+close F  or die "Couldn't close test file: $!; aborting";
+$out = fill_in_file($TEMPFILE, DELIMITERS => ['[%', '%]'],
+		    HASH => { "var" => \"It is good!" });
+print +($out eq "With a message here? It is good!\n" ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (4) It probably occurs in fill_this_in also:
+$out = 
+  Text::Template->fill_this_in("With a message here? [% \$var %]\n",
+                      DELIMITERS => ['[%', '%]'],
+                      HASH => { "var" => \"It is good!" });
+print +($out eq "With a message here? It is good!\n" ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (5) This test failed in 1.25.  It was supplied by Donald L. Greer Jr.
+# Note that it's different from (1)  in that there's no explicit 
+# package=> argument.
+use vars qw($string $foo $r);
+$string='Hello {$foo}';
+$foo="Don";
+$r = fill_in_string($string);
+print (($r eq 'Hello Don' ? '' : 'not '), 'ok ', $n++, "\n");
+
+# (6) This test failed in 1.25.  It's a variation on (5)
+package Q2;
+use Text::Template 'fill_in_string';
+use vars qw($string $foo $r);
+$string='Hello {$foo}';
+$foo="Don";
+$r = fill_in_string($string);
+print (($r eq 'Hello Don' ? '' : 'not '), 'ok ', $main::n++, "\n");
+
+package main;
+
+END { $TEMPFILE && unlink $TEMPFILE }
+
+exit;
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/t/09-error.t b/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/t/09-error.t
new file mode 100644
index 000000000..40f9fac6c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/t/09-error.t
@@ -0,0 +1,63 @@
+#!perl
+#
+# test apparatus for Text::Template module
+# still incomplete.
+
+use Text::Template;
+
+die "This is the test program for Text::Template version 1.46.
+You are using version $Text::Template::VERSION instead.
+That does not make sense.\n
+Aborting"
+  unless $Text::Template::VERSION == 1.46;
+
+print "1..5\n";
+$n = 1;
+
+# (1-2) Missing source
+eval {
+  Text::Template->new();
+};
+unless ($@ =~ /^\QUsage: Text::Template::new(TYPE => ..., SOURCE => ...)/) {
+  print STDERR $@;
+  print "not ";
+}
+print "ok $n\n";
+$n++;
+
+eval {
+  Text::Template->new(TYPE => 'FILE');
+};
+if ($@ =~ /^\QUsage: Text::Template::new(TYPE => ..., SOURCE => ...)/) {
+  print "ok $n\n";
+} else {
+  print STDERR $@;
+  print "not ok $n\n";
+}
+$n++;
+
+# (3) Invalid type
+eval {
+  Text::Template->new(TYPE => 'wlunch', SOURCE => 'fish food');
+};
+if ($@ =~ /^\QIllegal value `WLUNCH' for TYPE parameter/) {
+  print "ok $n\n";
+} else {
+  print STDERR $@;
+  print "not ok $n\n";
+}
+$n++;
+
+# (4-5) File does not exist
+my $o = Text::Template->new(TYPE => 'file', 
+                            SOURCE => 'this file does not exist');
+print $o ? "not ok $n\n" : "ok $n\n";
+$n++;
+print defined($Text::Template::ERROR) 
+      && $Text::Template::ERROR =~ /^Couldn't open file/
+  ? "ok $n\n" : "not ok $n\n";
+$n++;
+
+
+exit;
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/t/10-delimiters.t b/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/t/10-delimiters.t
new file mode 100644
index 000000000..f74d591cc
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/t/10-delimiters.t
@@ -0,0 +1,99 @@
+#!perl
+#
+# Tests for user-specified delimiter functions
+# These tests first appeared in version 1.20.
+
+use Text::Template;
+
+die "This is the test program for Text::Template version 1.46.
+You are using version $Text::Template::VERSION instead.
+That does not make sense.\n
+Aborting"
+  unless $Text::Template::VERSION == 1.46;
+
+print "1..18\n";
+$n = 1;
+
+# (1) Try a simple delimiter: <<..>>
+# First with the delimiters specified at object creation time
+$V = $V = 119;
+$template = q{The value of $V is <<$V>>.};
+$result = q{The value of $V is 119.};
+$template1 = Text::Template->new(TYPE => STRING, 
+				 SOURCE => $template,
+				 DELIMITERS => ['<<', '>>']
+				)
+  or die "Couldn't construct template object: $Text::Template::ERROR; aborting";
+$text = $template1->fill_in();
+print +($text eq $result ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (2) Now with delimiter choice deferred until fill-in time.
+$template1 = Text::Template->new(TYPE => STRING, SOURCE => $template);
+$text = $template1->fill_in(DELIMITERS => ['<<', '>>']);
+print +($text eq $result ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (3) Now we'll try using regex metacharacters
+# First with the delimiters specified at object creation time
+$template = q{The value of $V is [$V].};
+$template1 = Text::Template->new(TYPE => STRING, 
+				 SOURCE => $template,
+				 DELIMITERS => ['[', ']']
+				)
+  or die "Couldn't construct template object: $Text::Template::ERROR; aborting";
+$text = $template1->fill_in();
+print +($text eq $result ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (4) Now with delimiter choice deferred until fill-in time.
+$template1 = Text::Template->new(TYPE => STRING, SOURCE => $template);
+$text = $template1->fill_in(DELIMITERS => ['[', ']']);
+print +($text eq $result ? '' : 'not '), "ok $n\n";
+$n++;
+
+
+
+# (5-18) Make sure \ is working properly
+# (That is to say, it is ignored.)
+# These tests are similar to those in 01-basic.t.
+my @tests = ('{""}' => '',	# (5)
+
+	     # Backslashes don't matter
+	     '{"}"}' => undef,
+	     '{"\\}"}' => undef,	# One backslash
+	     '{"\\\\}"}' => undef, # Two backslashes
+	     '{"\\\\\\}"}' => undef, # Three backslashes 
+	     '{"\\\\\\\\}"}' => undef, # Four backslashes (10)
+	     '{"\\\\\\\\\\}"}' => undef, # Five backslashes
+	     
+	     # Backslashes are always passed directly to Perl
+	     '{"x20"}' => 'x20',
+	     '{"\\x20"}' => ' ',	# One backslash
+	     '{"\\\\x20"}' => '\\x20', # Two backslashes
+	     '{"\\\\\\x20"}' => '\\ ', # Three backslashes (15)
+	     '{"\\\\\\\\x20"}' => '\\\\x20', # Four backslashes
+	     '{"\\\\\\\\\\x20"}' => '\\\\ ', # Five backslashes
+	     '{"\\x20\\}"}' => undef, # (18)
+	    );
+
+my $i;
+for ($i=0; $i<@tests; $i+=2) {
+  my $tmpl = Text::Template->new(TYPE => 'STRING',
+				 SOURCE => $tests[$i],
+				 DELIMITERS => ['{', '}'],
+				);
+  my $text = $tmpl->fill_in;
+  my $result = $tests[$i+1];
+  my $ok = (! defined $text && ! defined $result
+	    || $text eq $result);
+  unless ($ok) {
+    print STDERR "($n) expected .$result., got .$text.\n";
+  }
+  print +($ok ? '' : 'not '), "ok $n\n";
+  $n++;
+}
+
+
+exit;
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/t/11-prepend.t b/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/t/11-prepend.t
new file mode 100644
index 000000000..fe242e589
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/t/11-prepend.t
@@ -0,0 +1,94 @@
+#!perl
+#
+# Tests for PREPEND features
+# These tests first appeared in version 1.22.
+
+use Text::Template;
+
+die "This is the test program for Text::Template version 1.46
+You are using version $Text::Template::VERSION instead.
+That does not make sense.\n
+Aborting"
+  unless $Text::Template::VERSION == 1.46;
+
+print "1..9\n";
+my $n = 1;
+
+@Emptyclass1::ISA = 'Text::Template';
+@Emptyclass2::ISA = 'Text::Template';
+
+my $tin = q{The value of $foo is: {$foo}};
+
+Text::Template->always_prepend(q{$foo = "global"});
+
+$tmpl1 = Text::Template->new(TYPE => 'STRING',
+				SOURCE => $tin,		
+			      );
+
+$tmpl2 = Text::Template->new(TYPE => 'STRING',
+			     SOURCE => $tin,		
+			     PREPEND => q{$foo = "template"},
+			     );
+
+$tmpl1->compile;
+$tmpl2->compile;
+
+$t1 = $tmpl1->fill_in(PACKAGE => 'T1');
+$t2 = $tmpl2->fill_in(PACKAGE => 'T2');
+$t3 = $tmpl2->fill_in(PREPEND => q{$foo = "fillin"}, PACKAGE => 'T3');
+
+($t1 eq 'The value of $foo is: global') or print "not ";
+print "ok $n\n"; $n++;
+($t2 eq 'The value of $foo is: template') or print "not ";
+print "ok $n\n"; $n++;
+($t3 eq 'The value of $foo is: fillin') or print "not ";
+print "ok $n\n"; $n++;
+
+Emptyclass1->always_prepend(q{$foo = 'Emptyclass global';});
+$tmpl1 = Emptyclass1->new(TYPE => 'STRING',
+				SOURCE => $tin,		
+			      );
+
+$tmpl2 = Emptyclass1->new(TYPE => 'STRING',
+			     SOURCE => $tin,		
+			     PREPEND => q{$foo = "template"},
+			     );
+
+$tmpl1->compile;
+$tmpl2->compile;
+
+$t1 = $tmpl1->fill_in(PACKAGE => 'T4');
+$t2 = $tmpl2->fill_in(PACKAGE => 'T5');
+$t3 = $tmpl2->fill_in(PREPEND => q{$foo = "fillin"}, PACKAGE => 'T6');
+
+($t1 eq 'The value of $foo is: Emptyclass global') or print "not ";
+print "ok $n\n"; $n++;
+($t2 eq 'The value of $foo is: template') or print "not ";
+print "ok $n\n"; $n++;
+($t3 eq 'The value of $foo is: fillin') or print "not ";
+print "ok $n\n"; $n++;
+
+$tmpl1 = Emptyclass2->new(TYPE => 'STRING',
+				SOURCE => $tin,		
+			      );
+
+$tmpl2 = Emptyclass2->new(TYPE => 'STRING',
+			     SOURCE => $tin,		
+			     PREPEND => q{$foo = "template"},
+			     );
+
+$tmpl1->compile;
+$tmpl2->compile;
+
+$t1 = $tmpl1->fill_in(PACKAGE => 'T4');
+$t2 = $tmpl2->fill_in(PACKAGE => 'T5');
+$t3 = $tmpl2->fill_in(PREPEND => q{$foo = "fillin"}, PACKAGE => 'T6');
+
+($t1 eq 'The value of $foo is: global') or print "not ";
+print "ok $n\n"; $n++;
+($t2 eq 'The value of $foo is: template') or print "not ";
+print "ok $n\n"; $n++;
+($t3 eq 'The value of $foo is: fillin') or print "not ";
+print "ok $n\n"; $n++;
+
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/t/12-preprocess.t b/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/t/12-preprocess.t
new file mode 100644
index 000000000..60b6b0c65
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/t/12-preprocess.t
@@ -0,0 +1,52 @@
+#!perl
+#
+# Tests for PREPROCESSOR features
+# These tests first appeared in version 1.25.
+
+use Text::Template::Preprocess;
+
+die "This is the test program for Text::Template::Preprocess version 1.46.
+You are using version $Text::Template::Preprocess::VERSION instead.
+That does not make sense.\n
+Aborting"
+  unless $Text::Template::Preprocess::VERSION == 1.46;
+
+$TMPFILE = "tt$$";
+
+print "1..8\n";
+my $n = 1;
+
+my $py = sub { tr/x/y/ };
+my $pz = sub { tr/x/z/ };
+
+my $t = 'xxx The value of $x is {$x}';
+my $outx = 'xxx The value of $x is 119';
+my $outy = 'yyy The value of $y is 23';
+my $outz = 'zzz The value of $z is 5';
+open TF, "> $TMPFILE" or die "Couldn't open test file: $!; aborting";
+print TF $t;
+close TF;
+
+@result = ($outx, $outy, $outz, $outz);
+for my $trial (1, 0) {
+  for my $test (0 .. 3) {
+    my $tmpl;
+    if ($trial == 0) {
+      $tmpl = new Text::Template::Preprocess 
+	(TYPE => 'STRING', SOURCE => $t) or die;
+    } else {
+      open TF, "< $TMPFILE" or die "Couldn't open test file: $!; aborting";
+      $tmpl = new Text::Template::Preprocess 
+	(TYPE => 'FILEHANDLE', SOURCE => \*TF) or die;
+    }
+    $tmpl->preprocessor($py) if ($test & 1) == 1;
+    my @args = ((($test & 2) == 2) ? (PREPROCESSOR => $pz) : ());
+    my $o = $tmpl->fill_in(@args, 
+			   HASH => {x => 119, 'y' => 23, z => 5});
+#    print STDERR "$o/$result[$test]\n";
+    print +(($o eq $result[$test]) ? '' : 'not '), "ok $n\n";
+    $n++;
+  }
+}
+
+unlink $TMPFILE;
diff --git a/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/t/13-taint.t b/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/t/13-taint.t
new file mode 100644
index 000000000..d92a37463
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/t/13-taint.t
@@ -0,0 +1,119 @@
+#!perl -T
+# Tests for taint-mode features
+
+use lib 'blib/lib';
+use Text::Template;
+
+die "This is the test program for Text::Template version 1.46.
+You are using version $Text::Template::VERSION instead.
+That does not make sense.\n
+Aborting"
+  unless $Text::Template::VERSION == 1.46;
+
+my $r = int(rand(10000));
+my $file = "tt$r";
+
+# makes its arguments tainted
+sub taint {
+  for (@_) {
+    $_ .= substr($0,0,0);       # LOD
+  }
+}
+
+
+print "1..21\n";
+
+my $n =1;
+print "ok ", $n++, "\n";
+
+my $template = 'The value of $n is {$n}.';
+
+open T, "> $file" or die "Couldn't write temporary file $file: $!";
+print T $template, "\n";
+close T or die "Couldn't finish temporary file $file: $!";
+
+sub should_fail {
+  my $obj = Text::Template->new(@_);
+  eval {$obj->fill_in()};
+  if ($@) {
+    print "ok $n # $@\n";
+  } else {
+    print "not ok $n # (didn't fail)\n";
+  }
+  $n++;
+}
+
+sub should_work {
+  my $obj = Text::Template->new(@_);
+  eval {$obj->fill_in()};
+  if ($@) {
+    print "not ok $n # $@\n";
+  } else {
+    print "ok $n\n";
+  }
+  $n++;
+}
+
+sub should_be_tainted {
+  if (Text::Template::_is_clean($_[0])) {
+    print "not ok $n\n"; $n++; return;
+  }
+  print "ok $n\n"; $n++; return; 
+}
+
+sub should_be_clean {
+  unless (Text::Template::_is_clean($_[0])) {
+    print "not ok $n\n"; $n++; return;
+  }
+  print "ok $n\n"; $n++; return; 
+}
+
+# Tainted filename should die with and without UNTAINT option
+# untainted filename should die without UNTAINT option
+# filehandle should die without UNTAINT option
+# string and array with tainted data should die either way
+
+# (2)-(7)
+my $tfile = $file;
+taint($tfile);
+should_be_tainted($tfile);
+should_be_clean($file);
+should_fail TYPE => 'file', SOURCE => $tfile;
+should_fail TYPE => 'file', SOURCE => $tfile, UNTAINT => 1;
+should_fail TYPE => 'file', SOURCE => $file;
+should_work TYPE => 'file', SOURCE => $file, UNTAINT => 1;
+
+# (8-9)
+open H, "< $file" or die "Couldn't open $file for reading: $!; aborting";
+should_fail TYPE => 'filehandle', SOURCE => \*H;
+close H;
+open H, "< $file" or die "Couldn't open $file for reading: $!; aborting";
+should_work TYPE => 'filehandle', SOURCE => \*H, UNTAINT => 1;
+close H;
+
+# (10-15)
+my $ttemplate = $template;
+taint($ttemplate);
+should_be_tainted($ttemplate);
+should_be_clean($template);
+should_fail TYPE => 'string', SOURCE => $ttemplate;
+should_fail TYPE => 'string', SOURCE => $ttemplate, UNTAINT => 1;
+should_work TYPE => 'string', SOURCE => $template;
+should_work TYPE => 'string', SOURCE => $template, UNTAINT => 1;
+
+# (16-19)
+my $array = [ $template ];
+my $tarray = [ $ttemplate ];
+should_fail TYPE => 'array', SOURCE => $tarray;
+should_fail TYPE => 'array', SOURCE => $tarray, UNTAINT => 1;
+should_work TYPE => 'array', SOURCE => $array;
+should_work TYPE => 'array', SOURCE => $array, UNTAINT => 1;
+
+# (20-21) Test _unconditionally_untaint utility function
+Text::Template::_unconditionally_untaint($ttemplate);
+should_be_clean($ttemplate);
+Text::Template::_unconditionally_untaint($tfile);
+should_be_clean($tfile);
+
+END { unlink $file }
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/t/14-broken.t b/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/t/14-broken.t
new file mode 100644
index 000000000..d362395cf
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/external/perl/Text-Template-1.46/t/14-broken.t
@@ -0,0 +1,82 @@
+#!perl
+# test apparatus for Text::Template module
+
+use Text::Template;
+
+print "1..5\n";
+
+$n=1;
+
+die "This is the test program for Text::Template version 1.46.
+You are using version $Text::Template::VERSION instead.
+That does not make sense.\n
+Aborting"
+  unless $Text::Template::VERSION == 1.46;
+
+# (1) basic error delivery
+{ my $r = Text::Template->new(TYPE => 'string',
+                              SOURCE => '{1/0}',
+                             )->fill_in();
+  if ($r eq q{Program fragment delivered error ``Illegal division by zero at template line 1.''}) {
+    print "ok $n\n";
+  } else {
+    print "not ok $n\n# $r\n";
+  }
+  $n++;
+}
+
+# (2) BROKEN sub called in ->new?
+{ my $r = Text::Template->new(TYPE => 'string',
+                              SOURCE => '{1/0}',
+                              BROKEN => sub {'---'},
+                             )->fill_in();
+  if ($r eq q{---}) {
+    print "ok $n\n";
+  } else {
+    print "not ok $n\n# $r\n";
+  }
+  $n++;
+}
+
+# (3) BROKEN sub called in ->fill_in?
+{ my $r = Text::Template->new(TYPE => 'string',
+                              SOURCE => '{1/0}',
+                             )->fill_in(BROKEN => sub {'---'});
+  if ($r eq q{---}) {
+    print "ok $n\n";
+  } else {
+    print "not ok $n\n# $r\n";
+  }
+  $n++;
+}
+
+# (4) BROKEN sub passed correct args when called in ->new?
+{ my $r = Text::Template->new(TYPE => 'string',
+                              SOURCE => '{1/0}',
+                              BROKEN => sub { my %a = @_;
+                                qq{$a{lineno},$a{error},$a{text}}
+                              },
+                             )->fill_in();
+  if ($r eq qq{1,Illegal division by zero at template line 1.\n,1/0}) {
+    print "ok $n\n";
+  } else {
+    print "not ok $n\n# $r\n";
+  }
+  $n++;
+}
+
+# (5) BROKEN sub passed correct args when called in ->fill_in?
+{ my $r = Text::Template->new(TYPE => 'string',
+                              SOURCE => '{1/0}',
+                             )->fill_in(BROKEN => 
+                                        sub { my %a = @_;
+                                              qq{$a{lineno},$a{error},$a{text}}
+                                            });
+  if ($r eq qq{1,Illegal division by zero at template line 1.\n,1/0}) {
+    print "ok $n\n";
+  } else {
+    print "not ok $n\n# $r\n";
+  }
+  $n++;
+}
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/external/perl/transfer/Text/Template.pm b/trunk/3rdparty/openssl-1.1-fit/external/perl/transfer/Text/Template.pm
new file mode 100644
index 000000000..b21f87531
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/external/perl/transfer/Text/Template.pm
@@ -0,0 +1,23 @@
+# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# Quick transfer to the downloaded Text::Template
+
+package transfer::Text::Template;
+$VERSION = 1.46;
+
+BEGIN {
+    use File::Spec::Functions;
+    use File::Basename;
+    use lib catdir(dirname(__FILE__), "..", "..", "Text-Template-1.46", "lib");
+    # Some unpackers on VMS convert periods in directory names to underscores
+    use lib catdir(dirname(__FILE__), "..", "..", "Text-Template-1_46", "lib");
+    use Text::Template;
+    shift @INC;                 # Takes away the effect of use lib
+    shift @INC;                 # Takes away the effect of use lib
+}
+1;
diff --git a/trunk/3rdparty/openssl-1.1-fit/fuzz/README.md b/trunk/3rdparty/openssl-1.1-fit/fuzz/README.md
new file mode 100644
index 000000000..44c73f857
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/fuzz/README.md
@@ -0,0 +1,131 @@
+# I Can Haz Fuzz?
+
+LibFuzzer
+=========
+
+Or, how to fuzz OpenSSL with [libfuzzer](http://llvm.org/docs/LibFuzzer.html).
+
+Starting from a vanilla+OpenSSH server Ubuntu install.
+
+Use Chrome's handy recent build of clang. Older versions may also work.
+
+    $ sudo apt-get install git
+    $ mkdir git-work
+    $ git clone https://chromium.googlesource.com/chromium/src/tools/clang
+    $ clang/scripts/update.py
+
+You may want to git pull and re-run the update from time to time.
+
+Update your path:
+
+    $ PATH=~/third_party/llvm-build/Release+Asserts/bin/:$PATH
+
+Get and build libFuzzer (there is a git mirror at
+https://github.com/llvm-mirror/llvm/tree/master/lib/Fuzzer if you prefer):
+
+    $ cd
+    $ sudo apt-get install subversion
+    $ mkdir svn-work
+    $ cd svn-work
+    $ svn co https://llvm.org/svn/llvm-project/compiler-rt/trunk/lib/fuzzer Fuzzer
+    $ cd Fuzzer
+    $ clang++ -c -g -O2 -std=c++11 *.cpp
+    $ ar r libFuzzer.a *.o
+    $ ranlib libFuzzer.a
+
+Configure for fuzzing:
+
+    $ CC=clang ./config enable-fuzz-libfuzzer \
+            --with-fuzzer-include=../../svn-work/Fuzzer \
+            --with-fuzzer-lib=../../svn-work/Fuzzer/libFuzzer.a \
+            -DPEDANTIC enable-asan enable-ubsan no-shared \
+            -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION \
+            -fsanitize-coverage=trace-pc-guard,indirect-calls,trace-cmp \
+            enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment enable-tls1_3 \
+            enable-weak-ssl-ciphers enable-rc5 enable-md2 \
+            enable-ssl3 enable-ssl3-method enable-nextprotoneg \
+            --debug
+    $ sudo apt-get install make
+    $ LDCMD=clang++ make -j
+    $ fuzz/helper.py $FUZZER
+
+Where $FUZZER is one of the executables in `fuzz/`.
+
+If you get a crash, you should find a corresponding input file in
+`fuzz/corpora/$FUZZER-crash/`.
+
+AFL
+===
+
+Configure for fuzzing:
+
+    $ sudo apt-get install afl-clang
+    $ CC=afl-clang-fast ./config enable-fuzz-afl no-shared -DPEDANTIC \
+        enable-tls1_3 enable-weak-ssl-ciphers enable-rc5 enable-md2 \
+        enable-ssl3 enable-ssl3-method enable-nextprotoneg \
+        enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment \
+        --debug
+    $ make
+
+The following options can also be enabled: enable-asan, enable-ubsan, enable-msan
+
+Run one of the fuzzers:
+
+    $ afl-fuzz -i fuzz/corpora/$FUZZER -o fuzz/corpora/$FUZZER/out fuzz/$FUZZER
+
+Where $FUZZER is one of the executables in `fuzz/`.
+
+Reproducing issues
+==================
+
+If a fuzzer generates a reproducible error, you can reproduce the problem using
+the fuzz/*-test binaries and the file generated by the fuzzer. They binaries
+don't need to be build for fuzzing, there is no need to set CC or the call
+config with enable-fuzz-* or -fsanitize-coverage, but some of the other options
+above might be needed. For instance the enable-asan or enable-ubsan option might
+be useful to show you when the problem happens. For the client and server fuzzer
+it might be needed to use -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION to
+reproduce the generated random numbers.
+
+To reproduce the crash you can run:
+
+    $ fuzz/$FUZZER-test $file
+
+Random numbers
+==============
+
+The client and server fuzzer normally generate random numbers as part of the TLS
+connection setup. This results in the coverage of the fuzzing corpus changing
+depending on the random numbers. This also has an effect for coverage of the
+rest of the test suite and you see the coverage change for each commit even when
+no code has been modified.
+
+Since we want to maximize the coverage of the fuzzing corpus, the client and
+server fuzzer will use predictable numbers instead of the random numbers. This
+is controlled by the FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION define.
+
+The coverage depends on the way the numbers are generated. We don't disable any
+check of hashes, but the corpus has the correct hash in it for the random
+numbers that were generated. For instance the client fuzzer will always generate
+the same client hello with the same random number in it, and so the server, as
+emulated by the file, can be generated for that client hello.
+
+Coverage changes
+================
+
+Since the corpus depends on the default behaviour of the client and the server,
+changes in what they send by default will have an impact on the coverage. The
+corpus will need to be updated in that case.
+
+Updating the corpus
+===================
+
+The client and server corpus is generated with multiple config options:
+- The options as documented above
+- Without enable-ec_nistp_64_gcc_128 and without --debug
+- With no-asm
+- Using 32 bit
+- A default config, plus options needed to generate the fuzzer.
+
+The libfuzzer merge option is used to add the additional coverage
+from each config to the minimal set.
diff --git a/trunk/3rdparty/openssl-1.1-fit/fuzz/asn1.c b/trunk/3rdparty/openssl-1.1-fit/fuzz/asn1.c
new file mode 100644
index 000000000..fd2271bf5
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/fuzz/asn1.c
@@ -0,0 +1,352 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+/*
+ * Fuzz ASN.1 parsing for various data structures. Specify which on the
+ * command line:
+ *
+ * asn1 <data structure>
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/dh.h>
+#include <openssl/ec.h>
+#include <openssl/ocsp.h>
+#include <openssl/pkcs12.h>
+#include <openssl/rsa.h>
+#include <openssl/ts.h>
+#include <openssl/x509v3.h>
+#include <openssl/cms.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/ssl.h>
+#include "fuzzer.h"
+
+#include "rand.inc"
+
+static ASN1_ITEM_EXP *item_type[] = {
+    ASN1_ITEM_ref(ACCESS_DESCRIPTION),
+#ifndef OPENSSL_NO_RFC3779
+    ASN1_ITEM_ref(ASIdentifierChoice),
+    ASN1_ITEM_ref(ASIdentifiers),
+    ASN1_ITEM_ref(ASIdOrRange),
+#endif
+    ASN1_ITEM_ref(ASN1_ANY),
+    ASN1_ITEM_ref(ASN1_BIT_STRING),
+    ASN1_ITEM_ref(ASN1_BMPSTRING),
+    ASN1_ITEM_ref(ASN1_BOOLEAN),
+    ASN1_ITEM_ref(ASN1_ENUMERATED),
+    ASN1_ITEM_ref(ASN1_FBOOLEAN),
+    ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
+    ASN1_ITEM_ref(ASN1_GENERALSTRING),
+    ASN1_ITEM_ref(ASN1_IA5STRING),
+    ASN1_ITEM_ref(ASN1_INTEGER),
+    ASN1_ITEM_ref(ASN1_NULL),
+    ASN1_ITEM_ref(ASN1_OBJECT),
+    ASN1_ITEM_ref(ASN1_OCTET_STRING),
+    ASN1_ITEM_ref(ASN1_OCTET_STRING_NDEF),
+    ASN1_ITEM_ref(ASN1_PRINTABLE),
+    ASN1_ITEM_ref(ASN1_PRINTABLESTRING),
+    ASN1_ITEM_ref(ASN1_SEQUENCE),
+    ASN1_ITEM_ref(ASN1_SEQUENCE_ANY),
+    ASN1_ITEM_ref(ASN1_SET_ANY),
+    ASN1_ITEM_ref(ASN1_T61STRING),
+    ASN1_ITEM_ref(ASN1_TBOOLEAN),
+    ASN1_ITEM_ref(ASN1_TIME),
+    ASN1_ITEM_ref(ASN1_UNIVERSALSTRING),
+    ASN1_ITEM_ref(ASN1_UTCTIME),
+    ASN1_ITEM_ref(ASN1_UTF8STRING),
+    ASN1_ITEM_ref(ASN1_VISIBLESTRING),
+#ifndef OPENSSL_NO_RFC3779
+    ASN1_ITEM_ref(ASRange),
+#endif
+    ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
+    ASN1_ITEM_ref(AUTHORITY_KEYID),
+    ASN1_ITEM_ref(BASIC_CONSTRAINTS),
+    ASN1_ITEM_ref(BIGNUM),
+    ASN1_ITEM_ref(CBIGNUM),
+    ASN1_ITEM_ref(CERTIFICATEPOLICIES),
+#ifndef OPENSSL_NO_CMS
+    ASN1_ITEM_ref(CMS_ContentInfo),
+    ASN1_ITEM_ref(CMS_ReceiptRequest),
+    ASN1_ITEM_ref(CRL_DIST_POINTS),
+#endif
+#ifndef OPENSSL_NO_DH
+    ASN1_ITEM_ref(DHparams),
+#endif
+    ASN1_ITEM_ref(DIRECTORYSTRING),
+    ASN1_ITEM_ref(DISPLAYTEXT),
+    ASN1_ITEM_ref(DIST_POINT),
+    ASN1_ITEM_ref(DIST_POINT_NAME),
+#ifndef OPENSSL_NO_EC
+    ASN1_ITEM_ref(ECPARAMETERS),
+    ASN1_ITEM_ref(ECPKPARAMETERS),
+#endif
+    ASN1_ITEM_ref(EDIPARTYNAME),
+    ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
+    ASN1_ITEM_ref(GENERAL_NAME),
+    ASN1_ITEM_ref(GENERAL_NAMES),
+    ASN1_ITEM_ref(GENERAL_SUBTREE),
+#ifndef OPENSSL_NO_RFC3779
+    ASN1_ITEM_ref(IPAddressChoice),
+    ASN1_ITEM_ref(IPAddressFamily),
+    ASN1_ITEM_ref(IPAddressOrRange),
+    ASN1_ITEM_ref(IPAddressRange),
+#endif
+    ASN1_ITEM_ref(ISSUING_DIST_POINT),
+#if OPENSSL_API_COMPAT < 0x10200000L
+    ASN1_ITEM_ref(LONG),
+#endif
+    ASN1_ITEM_ref(NAME_CONSTRAINTS),
+    ASN1_ITEM_ref(NETSCAPE_CERT_SEQUENCE),
+    ASN1_ITEM_ref(NETSCAPE_SPKAC),
+    ASN1_ITEM_ref(NETSCAPE_SPKI),
+    ASN1_ITEM_ref(NOTICEREF),
+#ifndef OPENSSL_NO_OCSP
+    ASN1_ITEM_ref(OCSP_BASICRESP),
+    ASN1_ITEM_ref(OCSP_CERTID),
+    ASN1_ITEM_ref(OCSP_CERTSTATUS),
+    ASN1_ITEM_ref(OCSP_CRLID),
+    ASN1_ITEM_ref(OCSP_ONEREQ),
+    ASN1_ITEM_ref(OCSP_REQINFO),
+    ASN1_ITEM_ref(OCSP_REQUEST),
+    ASN1_ITEM_ref(OCSP_RESPBYTES),
+    ASN1_ITEM_ref(OCSP_RESPDATA),
+    ASN1_ITEM_ref(OCSP_RESPID),
+    ASN1_ITEM_ref(OCSP_RESPONSE),
+    ASN1_ITEM_ref(OCSP_REVOKEDINFO),
+    ASN1_ITEM_ref(OCSP_SERVICELOC),
+    ASN1_ITEM_ref(OCSP_SIGNATURE),
+    ASN1_ITEM_ref(OCSP_SINGLERESP),
+#endif
+    ASN1_ITEM_ref(OTHERNAME),
+    ASN1_ITEM_ref(PBE2PARAM),
+    ASN1_ITEM_ref(PBEPARAM),
+    ASN1_ITEM_ref(PBKDF2PARAM),
+    ASN1_ITEM_ref(PKCS12),
+    ASN1_ITEM_ref(PKCS12_AUTHSAFES),
+    ASN1_ITEM_ref(PKCS12_BAGS),
+    ASN1_ITEM_ref(PKCS12_MAC_DATA),
+    ASN1_ITEM_ref(PKCS12_SAFEBAG),
+    ASN1_ITEM_ref(PKCS12_SAFEBAGS),
+    ASN1_ITEM_ref(PKCS7),
+    ASN1_ITEM_ref(PKCS7_ATTR_SIGN),
+    ASN1_ITEM_ref(PKCS7_ATTR_VERIFY),
+    ASN1_ITEM_ref(PKCS7_DIGEST),
+    ASN1_ITEM_ref(PKCS7_ENC_CONTENT),
+    ASN1_ITEM_ref(PKCS7_ENCRYPT),
+    ASN1_ITEM_ref(PKCS7_ENVELOPE),
+    ASN1_ITEM_ref(PKCS7_ISSUER_AND_SERIAL),
+    ASN1_ITEM_ref(PKCS7_RECIP_INFO),
+    ASN1_ITEM_ref(PKCS7_SIGNED),
+    ASN1_ITEM_ref(PKCS7_SIGN_ENVELOPE),
+    ASN1_ITEM_ref(PKCS7_SIGNER_INFO),
+    ASN1_ITEM_ref(PKCS8_PRIV_KEY_INFO),
+    ASN1_ITEM_ref(PKEY_USAGE_PERIOD),
+    ASN1_ITEM_ref(POLICY_CONSTRAINTS),
+    ASN1_ITEM_ref(POLICYINFO),
+    ASN1_ITEM_ref(POLICY_MAPPING),
+    ASN1_ITEM_ref(POLICY_MAPPINGS),
+    ASN1_ITEM_ref(POLICYQUALINFO),
+    ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION),
+    ASN1_ITEM_ref(PROXY_POLICY),
+    ASN1_ITEM_ref(RSA_OAEP_PARAMS),
+    ASN1_ITEM_ref(RSAPrivateKey),
+    ASN1_ITEM_ref(RSA_PSS_PARAMS),
+    ASN1_ITEM_ref(RSAPublicKey),
+    ASN1_ITEM_ref(SXNET),
+    ASN1_ITEM_ref(SXNETID),
+    ASN1_ITEM_ref(USERNOTICE),
+    ASN1_ITEM_ref(X509),
+    ASN1_ITEM_ref(X509_ALGOR),
+    ASN1_ITEM_ref(X509_ALGORS),
+    ASN1_ITEM_ref(X509_ATTRIBUTE),
+    ASN1_ITEM_ref(X509_CERT_AUX),
+    ASN1_ITEM_ref(X509_CINF),
+    ASN1_ITEM_ref(X509_CRL),
+    ASN1_ITEM_ref(X509_CRL_INFO),
+    ASN1_ITEM_ref(X509_EXTENSION),
+    ASN1_ITEM_ref(X509_EXTENSIONS),
+    ASN1_ITEM_ref(X509_NAME),
+    ASN1_ITEM_ref(X509_NAME_ENTRY),
+    ASN1_ITEM_ref(X509_PUBKEY),
+    ASN1_ITEM_ref(X509_REQ),
+    ASN1_ITEM_ref(X509_REQ_INFO),
+    ASN1_ITEM_ref(X509_REVOKED),
+    ASN1_ITEM_ref(X509_SIG),
+    ASN1_ITEM_ref(X509_VAL),
+#if OPENSSL_API_COMPAT < 0x10200000L
+    ASN1_ITEM_ref(ZLONG),
+#endif
+    ASN1_ITEM_ref(INT32),
+    ASN1_ITEM_ref(ZINT32),
+    ASN1_ITEM_ref(UINT32),
+    ASN1_ITEM_ref(ZUINT32),
+    ASN1_ITEM_ref(INT64),
+    ASN1_ITEM_ref(ZINT64),
+    ASN1_ITEM_ref(UINT64),
+    ASN1_ITEM_ref(ZUINT64),
+    NULL
+};
+
+static ASN1_PCTX *pctx;
+
+#define DO_TEST(TYPE, D2I, I2D, PRINT) { \
+    const unsigned char *p = buf; \
+    unsigned char *der = NULL; \
+    TYPE *type = D2I(NULL, &p, len); \
+    \
+    if (type != NULL) { \
+        int len2; \
+        BIO *bio = BIO_new(BIO_s_null()); \
+        \
+        PRINT(bio, type); \
+        BIO_free(bio); \
+        len2 = I2D(type, &der); \
+        if (len2 != 0) {} \
+        OPENSSL_free(der); \
+        TYPE ## _free(type); \
+    } \
+}
+
+#define DO_TEST_PRINT_OFFSET(TYPE, D2I, I2D, PRINT) { \
+    const unsigned char *p = buf; \
+    unsigned char *der = NULL; \
+    TYPE *type = D2I(NULL, &p, len); \
+    \
+    if (type != NULL) { \
+        BIO *bio = BIO_new(BIO_s_null()); \
+        \
+        PRINT(bio, type, 0); \
+        BIO_free(bio); \
+        I2D(type, &der); \
+        OPENSSL_free(der); \
+        TYPE ## _free(type); \
+    } \
+}
+
+#define DO_TEST_PRINT_PCTX(TYPE, D2I, I2D, PRINT) { \
+    const unsigned char *p = buf; \
+    unsigned char *der = NULL; \
+    TYPE *type = D2I(NULL, &p, len); \
+    \
+    if (type != NULL) { \
+        BIO *bio = BIO_new(BIO_s_null()); \
+        \
+        PRINT(bio, type, 0, pctx); \
+        BIO_free(bio); \
+        I2D(type, &der); \
+        OPENSSL_free(der); \
+        TYPE ## _free(type); \
+    } \
+}
+
+
+#define DO_TEST_NO_PRINT(TYPE, D2I, I2D) { \
+    const unsigned char *p = buf; \
+    unsigned char *der = NULL; \
+    TYPE *type = D2I(NULL, &p, len); \
+    \
+    if (type != NULL) { \
+        BIO *bio = BIO_new(BIO_s_null()); \
+        \
+        BIO_free(bio); \
+        I2D(type, &der); \
+        OPENSSL_free(der); \
+        TYPE ## _free(type); \
+    } \
+}
+
+
+int FuzzerInitialize(int *argc, char ***argv)
+{
+    pctx = ASN1_PCTX_new();
+    ASN1_PCTX_set_flags(pctx, ASN1_PCTX_FLAGS_SHOW_ABSENT |
+        ASN1_PCTX_FLAGS_SHOW_SEQUENCE | ASN1_PCTX_FLAGS_SHOW_SSOF |
+        ASN1_PCTX_FLAGS_SHOW_TYPE | ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME);
+    ASN1_PCTX_set_str_flags(pctx, ASN1_STRFLGS_UTF8_CONVERT |
+        ASN1_STRFLGS_SHOW_TYPE | ASN1_STRFLGS_DUMP_ALL);
+
+    OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+    OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
+    ERR_get_state();
+    CRYPTO_free_ex_index(0, -1);
+    FuzzerSetRand();
+
+    return 1;
+}
+
+int FuzzerTestOneInput(const uint8_t *buf, size_t len)
+{
+    int n;
+
+
+    for (n = 0; item_type[n] != NULL; ++n) {
+        const uint8_t *b = buf;
+        unsigned char *der = NULL;
+        const ASN1_ITEM *i = ASN1_ITEM_ptr(item_type[n]);
+        ASN1_VALUE *o = ASN1_item_d2i(NULL, &b, len, i);
+
+        if (o != NULL) {
+            BIO *bio = BIO_new(BIO_s_null());
+
+            ASN1_item_print(bio, o, 4, i, pctx);
+            BIO_free(bio);
+            ASN1_item_i2d(o, &der, i);
+            OPENSSL_free(der);
+            ASN1_item_free(o, i);
+        }
+    }
+
+#ifndef OPENSSL_NO_TS
+    DO_TEST(TS_REQ, d2i_TS_REQ, i2d_TS_REQ, TS_REQ_print_bio);
+    DO_TEST(TS_MSG_IMPRINT, d2i_TS_MSG_IMPRINT, i2d_TS_MSG_IMPRINT, TS_MSG_IMPRINT_print_bio);
+    DO_TEST(TS_RESP, d2i_TS_RESP, i2d_TS_RESP, TS_RESP_print_bio);
+    DO_TEST(TS_STATUS_INFO, d2i_TS_STATUS_INFO, i2d_TS_STATUS_INFO, TS_STATUS_INFO_print_bio);
+    DO_TEST(TS_TST_INFO, d2i_TS_TST_INFO, i2d_TS_TST_INFO, TS_TST_INFO_print_bio);
+    DO_TEST_NO_PRINT(TS_ACCURACY, d2i_TS_ACCURACY, i2d_TS_ACCURACY);
+    DO_TEST_NO_PRINT(ESS_ISSUER_SERIAL, d2i_ESS_ISSUER_SERIAL, i2d_ESS_ISSUER_SERIAL);
+    DO_TEST_NO_PRINT(ESS_CERT_ID, d2i_ESS_CERT_ID, i2d_ESS_CERT_ID);
+    DO_TEST_NO_PRINT(ESS_SIGNING_CERT, d2i_ESS_SIGNING_CERT, i2d_ESS_SIGNING_CERT);
+#endif
+#ifndef OPENSSL_NO_DH
+    DO_TEST(DH, d2i_DHparams, i2d_DHparams, DHparams_print);
+    DO_TEST(DH, d2i_DHxparams, i2d_DHxparams, DHparams_print);
+#endif
+#ifndef OPENSSL_NO_DSA
+    DO_TEST_NO_PRINT(DSA_SIG, d2i_DSA_SIG, i2d_DSA_SIG);
+    DO_TEST_PRINT_OFFSET(DSA, d2i_DSAPrivateKey, i2d_DSAPrivateKey, DSA_print);
+    DO_TEST_PRINT_OFFSET(DSA, d2i_DSAPublicKey, i2d_DSAPublicKey, DSA_print);
+    DO_TEST(DSA, d2i_DSAparams, i2d_DSAparams, DSAparams_print);
+#endif
+    DO_TEST_PRINT_OFFSET(RSA, d2i_RSAPublicKey, i2d_RSAPublicKey, RSA_print);
+#ifndef OPENSSL_NO_EC
+    DO_TEST_PRINT_OFFSET(EC_GROUP, d2i_ECPKParameters, i2d_ECPKParameters, ECPKParameters_print);
+    DO_TEST_PRINT_OFFSET(EC_KEY, d2i_ECPrivateKey, i2d_ECPrivateKey, EC_KEY_print);
+    DO_TEST(EC_KEY, d2i_ECParameters, i2d_ECParameters, ECParameters_print);
+    DO_TEST_NO_PRINT(ECDSA_SIG, d2i_ECDSA_SIG, i2d_ECDSA_SIG);
+#endif
+    DO_TEST_PRINT_PCTX(EVP_PKEY, d2i_AutoPrivateKey, i2d_PrivateKey, EVP_PKEY_print_private);
+    DO_TEST(SSL_SESSION, d2i_SSL_SESSION, i2d_SSL_SESSION, SSL_SESSION_print);
+
+    ERR_clear_error();
+
+    return 0;
+}
+
+void FuzzerCleanup(void)
+{
+    ASN1_PCTX_free(pctx);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/fuzz/asn1parse.c b/trunk/3rdparty/openssl-1.1-fit/fuzz/asn1parse.c
new file mode 100644
index 000000000..cf5ef72a1
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/fuzz/asn1parse.c
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+/*
+ * Fuzz the parser used for dumping ASN.1 using "openssl asn1parse".
+ */
+
+#include <stdio.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include "fuzzer.h"
+
+static BIO *bio_out;
+
+int FuzzerInitialize(int *argc, char ***argv)
+{
+    bio_out = BIO_new_file("/dev/null", "w");
+    OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+    ERR_get_state();
+    CRYPTO_free_ex_index(0, -1);
+    return 1;
+}
+
+int FuzzerTestOneInput(const uint8_t *buf, size_t len)
+{
+    (void)ASN1_parse_dump(bio_out, buf, len, 0, 0);
+    ERR_clear_error();
+    return 0;
+}
+
+void FuzzerCleanup(void)
+{
+    BIO_free(bio_out);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/fuzz/bignum.c b/trunk/3rdparty/openssl-1.1-fit/fuzz/bignum.c
new file mode 100644
index 000000000..c5136601b
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/fuzz/bignum.c
@@ -0,0 +1,109 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+/*
+ * Confirm that a^b mod c agrees when calculated cleverly vs naively, for
+ * random a, b and c.
+ */
+
+#include <stdio.h>
+#include <openssl/bn.h>
+#include <openssl/err.h>
+#include "fuzzer.h"
+
+
+int FuzzerInitialize(int *argc, char ***argv)
+{
+    OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+    ERR_get_state();
+
+    return 1;
+}
+
+int FuzzerTestOneInput(const uint8_t *buf, size_t len)
+{
+    int success = 0;
+    size_t l1 = 0, l2 = 0, l3 = 0;
+    int s1 = 0, s3 = 0;
+    BN_CTX *ctx;
+    BIGNUM *b1;
+    BIGNUM *b2;
+    BIGNUM *b3;
+    BIGNUM *b4;
+    BIGNUM *b5;
+
+    b1 = BN_new();
+    b2 = BN_new();
+    b3 = BN_new();
+    b4 = BN_new();
+    b5 = BN_new();
+    ctx = BN_CTX_new();
+
+    /* Divide the input into three parts, using the values of the first two
+     * bytes to choose lengths, which generate b1, b2 and b3. Use three bits
+     * of the third byte to choose signs for the three numbers.
+     */
+    if (len > 2) {
+        len -= 3;
+        l1 = (buf[0] * len) / 255;
+        ++buf;
+        l2 = (buf[0] * (len - l1)) / 255;
+        ++buf;
+        l3 = len - l1 - l2;
+
+        s1 = buf[0] & 1;
+        s3 = buf[0] & 4;
+        ++buf;
+    }
+    OPENSSL_assert(BN_bin2bn(buf, l1, b1) == b1);
+    BN_set_negative(b1, s1);
+    OPENSSL_assert(BN_bin2bn(buf + l1, l2, b2) == b2);
+    OPENSSL_assert(BN_bin2bn(buf + l1 + l2, l3, b3) == b3);
+    BN_set_negative(b3, s3);
+
+    /* mod 0 is undefined */
+    if (BN_is_zero(b3)) {
+        success = 1;
+        goto done;
+    }
+
+    OPENSSL_assert(BN_mod_exp(b4, b1, b2, b3, ctx));
+    OPENSSL_assert(BN_mod_exp_simple(b5, b1, b2, b3, ctx));
+
+    success = BN_cmp(b4, b5) == 0;
+    if (!success) {
+        BN_print_fp(stdout, b1);
+        putchar('\n');
+        BN_print_fp(stdout, b2);
+        putchar('\n');
+        BN_print_fp(stdout, b3);
+        putchar('\n');
+        BN_print_fp(stdout, b4);
+        putchar('\n');
+        BN_print_fp(stdout, b5);
+        putchar('\n');
+    }
+
+ done:
+    OPENSSL_assert(success);
+    BN_free(b1);
+    BN_free(b2);
+    BN_free(b3);
+    BN_free(b4);
+    BN_free(b5);
+    BN_CTX_free(ctx);
+    ERR_clear_error();
+
+    return 0;
+}
+
+void FuzzerCleanup(void)
+{
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/fuzz/bndiv.c b/trunk/3rdparty/openssl-1.1-fit/fuzz/bndiv.c
new file mode 100644
index 000000000..e9c70bbd4
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/fuzz/bndiv.c
@@ -0,0 +1,131 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+/*
+ * Confirm that if (d, r) = a / b, then b * d + r == a, and that sign(d) ==
+ * sign(a), and 0 <= r <= b
+ */
+
+#include <stdio.h>
+#include <openssl/bn.h>
+#include <openssl/err.h>
+#include "fuzzer.h"
+
+/* 256 kB */
+#define MAX_LEN (256 * 1000)
+
+static BN_CTX *ctx;
+static BIGNUM *b1;
+static BIGNUM *b2;
+static BIGNUM *b3;
+static BIGNUM *b4;
+static BIGNUM *b5;
+
+int FuzzerInitialize(int *argc, char ***argv)
+{
+    b1 = BN_new();
+    b2 = BN_new();
+    b3 = BN_new();
+    b4 = BN_new();
+    b5 = BN_new();
+    ctx = BN_CTX_new();
+
+    OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+    ERR_get_state();
+
+    return 1;
+}
+
+int FuzzerTestOneInput(const uint8_t *buf, size_t len)
+{
+    int success = 0;
+    size_t l1 = 0, l2 = 0;
+    /* s1 and s2 will be the signs for b1 and b2. */
+    int s1 = 0, s2 = 0;
+
+    /* limit the size of the input to avoid timeout */
+    if (len > MAX_LEN)
+        len = MAX_LEN;
+
+    /* We are going to split the buffer in two, sizes l1 and l2, giving b1 and
+     * b2.
+     */
+    if (len > 0) {
+        --len;
+        /* Use first byte to divide the remaining buffer into 3Fths. I admit
+         * this disallows some number sizes. If it matters, better ideas are
+         * welcome (Ben).
+         */
+        l1 = ((buf[0] & 0x3f) * len) / 0x3f;
+        s1 = buf[0] & 0x40;
+        s2 = buf[0] & 0x80;
+        ++buf;
+        l2 = len - l1;
+    }
+    OPENSSL_assert(BN_bin2bn(buf, l1, b1) == b1);
+    BN_set_negative(b1, s1);
+    OPENSSL_assert(BN_bin2bn(buf + l1, l2, b2) == b2);
+    BN_set_negative(b2, s2);
+
+    /* divide by 0 is an error */
+    if (BN_is_zero(b2)) {
+        success = 1;
+        goto done;
+    }
+
+    OPENSSL_assert(BN_div(b3, b4, b1, b2, ctx));
+    if (BN_is_zero(b1))
+        success = BN_is_zero(b3) && BN_is_zero(b4);
+    else if (BN_is_negative(b1))
+        success = (BN_is_negative(b3) != BN_is_negative(b2) || BN_is_zero(b3))
+            && (BN_is_negative(b4) || BN_is_zero(b4));
+    else
+        success = (BN_is_negative(b3) == BN_is_negative(b2)  || BN_is_zero(b3))
+            && (!BN_is_negative(b4) || BN_is_zero(b4));
+    OPENSSL_assert(BN_mul(b5, b3, b2, ctx));
+    OPENSSL_assert(BN_add(b5, b5, b4));
+
+    success = success && BN_cmp(b5, b1) == 0;
+    if (!success) {
+        BN_print_fp(stdout, b1);
+        putchar('\n');
+        BN_print_fp(stdout, b2);
+        putchar('\n');
+        BN_print_fp(stdout, b3);
+        putchar('\n');
+        BN_print_fp(stdout, b4);
+        putchar('\n');
+        BN_print_fp(stdout, b5);
+        putchar('\n');
+        printf("%d %d %d %d %d %d %d\n", BN_is_negative(b1),
+               BN_is_negative(b2),
+               BN_is_negative(b3), BN_is_negative(b4), BN_is_zero(b4),
+               BN_is_negative(b3) != BN_is_negative(b2)
+               && (BN_is_negative(b4) || BN_is_zero(b4)),
+               BN_cmp(b5, b1));
+        puts("----\n");
+    }
+
+ done:
+    OPENSSL_assert(success);
+    ERR_clear_error();
+
+    return 0;
+}
+
+void FuzzerCleanup(void)
+{
+    BN_free(b1);
+    BN_free(b2);
+    BN_free(b3);
+    BN_free(b4);
+    BN_free(b5);
+    BN_CTX_free(ctx);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/fuzz/build.info b/trunk/3rdparty/openssl-1.1-fit/fuzz/build.info
new file mode 100644
index 000000000..cde03d344
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/fuzz/build.info
@@ -0,0 +1,121 @@
+{- use File::Spec::Functions;
+   our $ex_inc = $withargs{fuzzer_include} &&
+       (file_name_is_absolute($withargs{fuzzer_include}) ?
+        $withargs{fuzzer_include} : catdir(updir(), $withargs{fuzzer_include}));
+   our $ex_lib = $withargs{fuzzer_lib} &&
+       (file_name_is_absolute($withargs{fuzzer_lib}) ?
+        $withargs{fuzzer_lib} : catfile(updir(), $withargs{fuzzer_lib}));
+   ""
+-}
+
+IF[{- !$disabled{"fuzz-afl"} || !$disabled{"fuzz-libfuzzer"} -}]
+  PROGRAMS_NO_INST=asn1 asn1parse bignum bndiv client conf crl server x509
+
+  IF[{- !$disabled{"cms"} -}]
+    PROGRAMS_NO_INST=cms
+  ENDIF
+
+  IF[{- !$disabled{"ct"} -}]
+    PROGRAMS_NO_INST=ct
+  ENDIF
+
+  SOURCE[asn1]=asn1.c driver.c
+  INCLUDE[asn1]=../include {- $ex_inc -}
+  DEPEND[asn1]=../libcrypto ../libssl {- $ex_lib -}
+
+  SOURCE[asn1parse]=asn1parse.c driver.c
+  INCLUDE[asn1parse]=../include {- $ex_inc -}
+  DEPEND[asn1parse]=../libcrypto {- $ex_lib -}
+
+  SOURCE[bignum]=bignum.c driver.c
+  INCLUDE[bignum]=../include {- $ex_inc -}
+  DEPEND[bignum]=../libcrypto {- $ex_lib -}
+
+  SOURCE[bndiv]=bndiv.c driver.c
+  INCLUDE[bndiv]=../include {- $ex_inc -}
+  DEPEND[bndiv]=../libcrypto {- $ex_lib -}
+
+  SOURCE[client]=client.c driver.c
+  INCLUDE[client]=../include {- $ex_inc -}
+  DEPEND[client]=../libcrypto ../libssl {- $ex_lib -}
+
+  SOURCE[cms]=cms.c driver.c
+  INCLUDE[cms]=../include {- $ex_inc -}
+  DEPEND[cms]=../libcrypto {- $ex_lib -}
+
+  SOURCE[conf]=conf.c driver.c
+  INCLUDE[conf]=../include {- $ex_inc -}
+  DEPEND[conf]=../libcrypto {- $ex_lib -}
+
+  SOURCE[crl]=crl.c driver.c
+  INCLUDE[crl]=../include {- $ex_inc -}
+  DEPEND[crl]=../libcrypto {- $ex_lib -}
+
+  SOURCE[ct]=ct.c driver.c
+  INCLUDE[ct]=../include {- $ex_inc -}
+  DEPEND[ct]=../libcrypto {- $ex_lib -}
+
+  SOURCE[server]=server.c driver.c
+  INCLUDE[server]=../include {- $ex_inc -}
+  DEPEND[server]=../libcrypto ../libssl {- $ex_lib -}
+
+  SOURCE[x509]=x509.c driver.c
+  INCLUDE[x509]=../include {- $ex_inc -}
+  DEPEND[x509]=../libcrypto {- $ex_lib -}
+ENDIF
+
+IF[{- !$disabled{tests} -}]
+  PROGRAMS_NO_INST=asn1-test asn1parse-test bignum-test bndiv-test client-test conf-test crl-test server-test x509-test
+
+  IF[{- !$disabled{"cms"} -}]
+    PROGRAMS_NO_INST=cms-test
+  ENDIF
+
+  IF[{- !$disabled{"ct"} -}]
+    PROGRAMS_NO_INST=ct-test
+  ENDIF
+
+  SOURCE[asn1-test]=asn1.c test-corpus.c
+  INCLUDE[asn1-test]=../include
+  DEPEND[asn1-test]=../libcrypto ../libssl
+
+  SOURCE[asn1parse-test]=asn1parse.c test-corpus.c
+  INCLUDE[asn1parse-test]=../include
+  DEPEND[asn1parse-test]=../libcrypto
+
+  SOURCE[bignum-test]=bignum.c test-corpus.c
+  INCLUDE[bignum-test]=../include
+  DEPEND[bignum-test]=../libcrypto
+
+  SOURCE[bndiv-test]=bndiv.c test-corpus.c
+  INCLUDE[bndiv-test]=../include
+  DEPEND[bndiv-test]=../libcrypto
+
+  SOURCE[client-test]=client.c test-corpus.c
+  INCLUDE[client-test]=../include
+  DEPEND[client-test]=../libcrypto ../libssl
+
+  SOURCE[cms-test]=cms.c test-corpus.c
+  INCLUDE[cms-test]=../include
+  DEPEND[cms-test]=../libcrypto
+
+  SOURCE[conf-test]=conf.c test-corpus.c
+  INCLUDE[conf-test]=../include
+  DEPEND[conf-test]=../libcrypto
+
+  SOURCE[crl-test]=crl.c test-corpus.c
+  INCLUDE[crl-test]=../include
+  DEPEND[crl-test]=../libcrypto
+
+  SOURCE[ct-test]=ct.c test-corpus.c
+  INCLUDE[ct-test]=../include
+  DEPEND[ct-test]=../libcrypto
+
+  SOURCE[server-test]=server.c test-corpus.c
+  INCLUDE[server-test]=../include
+  DEPEND[server-test]=../libcrypto ../libssl
+
+  SOURCE[x509-test]=x509.c test-corpus.c
+  INCLUDE[x509-test]=../include
+  DEPEND[x509-test]=../libcrypto
+ENDIF
diff --git a/trunk/3rdparty/openssl-1.1-fit/fuzz/client.c b/trunk/3rdparty/openssl-1.1-fit/fuzz/client.c
new file mode 100644
index 000000000..7ce609ca6
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/fuzz/client.c
@@ -0,0 +1,102 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+#include <time.h>
+#include <openssl/rand.h>
+#include <openssl/ssl.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/ec.h>
+#include <openssl/dh.h>
+#include <openssl/err.h>
+#include "fuzzer.h"
+
+#include "rand.inc"
+
+/* unused, to avoid warning. */
+static int idx;
+
+#define FUZZTIME 1485898104
+
+#define TIME_IMPL(t) { if (t != NULL) *t = FUZZTIME; return FUZZTIME; }
+
+/*
+ * This might not work in all cases (and definitely not on Windows
+ * because of the way linkers are) and callees can still get the
+ * current time instead of the fixed time. This will just result
+ * in things not being fully reproducible and have a slightly
+ * different coverage.
+ */
+#if !defined(_WIN32)
+time_t time(time_t *t) TIME_IMPL(t)
+#endif
+
+int FuzzerInitialize(int *argc, char ***argv)
+{
+    STACK_OF(SSL_COMP) *comp_methods;
+
+    OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_ASYNC, NULL);
+    OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
+    ERR_get_state();
+    CRYPTO_free_ex_index(0, -1);
+    idx = SSL_get_ex_data_X509_STORE_CTX_idx();
+    FuzzerSetRand();
+    comp_methods = SSL_COMP_get_compression_methods();
+    if (comp_methods != NULL)
+        sk_SSL_COMP_sort(comp_methods);
+
+    return 1;
+}
+
+int FuzzerTestOneInput(const uint8_t *buf, size_t len)
+{
+    SSL *client;
+    BIO *in;
+    BIO *out;
+    SSL_CTX *ctx;
+
+    if (len == 0)
+        return 0;
+
+    /*
+     * TODO: use the ossltest engine (optionally?) to disable crypto checks.
+     */
+
+    /* This only fuzzes the initial flow from the client so far. */
+    ctx = SSL_CTX_new(SSLv23_method());
+
+    client = SSL_new(ctx);
+    OPENSSL_assert(SSL_set_min_proto_version(client, 0) == 1);
+    OPENSSL_assert(SSL_set_cipher_list(client, "ALL:eNULL:@SECLEVEL=0") == 1);
+    SSL_set_tlsext_host_name(client, "localhost");
+    in = BIO_new(BIO_s_mem());
+    out = BIO_new(BIO_s_mem());
+    SSL_set_bio(client, in, out);
+    SSL_set_connect_state(client);
+    OPENSSL_assert((size_t)BIO_write(in, buf, len) == len);
+    if (SSL_do_handshake(client) == 1) {
+        /* Keep reading application data until error or EOF. */
+        uint8_t tmp[1024];
+        for (;;) {
+            if (SSL_read(client, tmp, sizeof(tmp)) <= 0) {
+                break;
+            }
+        }
+    }
+    SSL_free(client);
+    ERR_clear_error();
+    SSL_CTX_free(ctx);
+
+    return 0;
+}
+
+void FuzzerCleanup(void)
+{
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/fuzz/cms.c b/trunk/3rdparty/openssl-1.1-fit/fuzz/cms.c
new file mode 100644
index 000000000..959ef9365
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/fuzz/cms.c
@@ -0,0 +1,55 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+/*
+ * Test CMS DER parsing.
+ */
+
+#include <openssl/bio.h>
+#include <openssl/cms.h>
+#include <openssl/err.h>
+#include "fuzzer.h"
+
+int FuzzerInitialize(int *argc, char ***argv)
+{
+    OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+    ERR_get_state();
+    CRYPTO_free_ex_index(0, -1);
+    return 1;
+}
+
+int FuzzerTestOneInput(const uint8_t *buf, size_t len)
+{
+    CMS_ContentInfo *cms;
+    BIO *in;
+
+    if (len == 0)
+        return 0;
+
+    in = BIO_new(BIO_s_mem());
+    OPENSSL_assert((size_t)BIO_write(in, buf, len) == len);
+    cms = d2i_CMS_bio(in, NULL);
+    if (cms != NULL) {
+        BIO *out = BIO_new(BIO_s_null());
+
+        i2d_CMS_bio(out, cms);
+        BIO_free(out);
+        CMS_ContentInfo_free(cms);
+    }
+
+    BIO_free(in);
+    ERR_clear_error();
+
+    return 0;
+}
+
+void FuzzerCleanup(void)
+{
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/fuzz/conf.c b/trunk/3rdparty/openssl-1.1-fit/fuzz/conf.c
new file mode 100644
index 000000000..87fe85709
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/fuzz/conf.c
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+/*
+ * Test configuration parsing.
+ */
+
+#include <openssl/conf.h>
+#include <openssl/err.h>
+#include "fuzzer.h"
+
+int FuzzerInitialize(int *argc, char ***argv)
+{
+    OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+    ERR_get_state();
+    return 1;
+}
+
+int FuzzerTestOneInput(const uint8_t *buf, size_t len)
+{
+    CONF *conf;
+    BIO *in;
+    long eline;
+
+    if (len == 0)
+        return 0;
+
+    conf = NCONF_new(NULL);
+    in = BIO_new(BIO_s_mem());
+    OPENSSL_assert((size_t)BIO_write(in, buf, len) == len);
+    NCONF_load_bio(conf, in, &eline);
+    NCONF_free(conf);
+    BIO_free(in);
+    ERR_clear_error();
+
+    return 0;
+}
+
+void FuzzerCleanup(void)
+{
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/fuzz/crl.c b/trunk/3rdparty/openssl-1.1-fit/fuzz/crl.c
new file mode 100644
index 000000000..e4b0192f0
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/fuzz/crl.c
@@ -0,0 +1,47 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+#include <openssl/x509.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include "fuzzer.h"
+
+int FuzzerInitialize(int *argc, char ***argv)
+{
+    OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+    ERR_get_state();
+    CRYPTO_free_ex_index(0, -1);
+    return 1;
+}
+
+int FuzzerTestOneInput(const uint8_t *buf, size_t len)
+{
+    const unsigned char *p = buf;
+    unsigned char *der = NULL;
+
+    X509_CRL *crl = d2i_X509_CRL(NULL, &p, len);
+    if (crl != NULL) {
+        BIO *bio = BIO_new(BIO_s_null());
+        X509_CRL_print(bio, crl);
+        BIO_free(bio);
+
+        i2d_X509_CRL(crl, &der);
+        OPENSSL_free(der);
+
+        X509_CRL_free(crl);
+    }
+    ERR_clear_error();
+
+    return 0;
+}
+
+void FuzzerCleanup(void)
+{
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/fuzz/ct.c b/trunk/3rdparty/openssl-1.1-fit/fuzz/ct.c
new file mode 100644
index 000000000..72dd79871
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/fuzz/ct.c
@@ -0,0 +1,51 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+/*
+ * Fuzz the SCT parser.
+ */
+
+#include <stdio.h>
+#include <openssl/ct.h>
+#include <openssl/err.h>
+#include "fuzzer.h"
+
+int FuzzerInitialize(int *argc, char ***argv)
+{
+    OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+    CRYPTO_free_ex_index(0, -1);
+    ERR_get_state();
+    return 1;
+}
+
+int FuzzerTestOneInput(const uint8_t *buf, size_t len)
+{
+    const uint8_t **pp = &buf;
+    unsigned char *der = NULL;
+    STACK_OF(SCT) *scts = d2i_SCT_LIST(NULL, pp, len);
+    if (scts != NULL) {
+        BIO *bio = BIO_new(BIO_s_null());
+        SCT_LIST_print(scts, bio, 4, "\n", NULL);
+        BIO_free(bio);
+
+        if (i2d_SCT_LIST(scts, &der)) {
+            /* Silence unused result warning */
+        }
+        OPENSSL_free(der);
+
+        SCT_LIST_free(scts);
+    }
+    ERR_clear_error();
+    return 0;
+}
+
+void FuzzerCleanup(void)
+{
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/fuzz/driver.c b/trunk/3rdparty/openssl-1.1-fit/fuzz/driver.c
new file mode 100644
index 000000000..54d67de20
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/fuzz/driver.c
@@ -0,0 +1,55 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+#include <stdint.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <openssl/opensslconf.h>
+#include "fuzzer.h"
+
+#ifndef OPENSSL_NO_FUZZ_LIBFUZZER
+
+int LLVMFuzzerInitialize(int *argc, char ***argv);
+int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len);
+
+int LLVMFuzzerInitialize(int *argc, char ***argv)
+{
+    return FuzzerInitialize(argc, argv);
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len)
+{
+    return FuzzerTestOneInput(buf, len);
+}
+
+#elif !defined(OPENSSL_NO_FUZZ_AFL)
+
+#define BUF_SIZE 65536
+
+int main(int argc, char** argv)
+{
+    FuzzerInitialize(&argc, &argv);
+
+    while (__AFL_LOOP(10000)) {
+        uint8_t *buf = malloc(BUF_SIZE);
+        size_t size = read(0, buf, BUF_SIZE);
+
+        FuzzerTestOneInput(buf, size);
+        free(buf);
+    }
+
+    FuzzerCleanup();
+    return 0;
+}
+
+#else
+
+#error "Unsupported fuzzer"
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/fuzz/fuzzer.h b/trunk/3rdparty/openssl-1.1-fit/fuzz/fuzzer.h
new file mode 100644
index 000000000..fcc0d2527
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/fuzz/fuzzer.h
@@ -0,0 +1,14 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+int FuzzerTestOneInput(const uint8_t *buf, size_t len);
+int FuzzerInitialize(int *argc, char ***argv);
+void FuzzerCleanup(void);
+void FuzzerSetRand(void);
diff --git a/trunk/3rdparty/openssl-1.1-fit/fuzz/helper.py b/trunk/3rdparty/openssl-1.1-fit/fuzz/helper.py
new file mode 100755
index 000000000..e83ea00c0
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/fuzz/helper.py
@@ -0,0 +1,52 @@
+#!/usr/bin/python
+#
+# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+"""Fuzzing helper, creates and uses corpus/crash directories.
+
+fuzzer.py <fuzzer> <extra fuzzer arguments>
+"""
+
+import os
+import subprocess
+import sys
+
+FUZZER = sys.argv[1]
+
+THIS_DIR = os.path.abspath(os.path.dirname(__file__))
+CORPORA_DIR = os.path.abspath(os.path.join(THIS_DIR, "corpora"))
+
+FUZZER_DIR = os.path.abspath(os.path.join(CORPORA_DIR, FUZZER))
+if not os.path.isdir(FUZZER_DIR):
+    os.mkdir(FUZZER_DIR)
+
+corpora = []
+
+def _create(d):
+    dd = os.path.abspath(os.path.join(CORPORA_DIR, d))
+    if not os.path.isdir(dd):
+        os.mkdir(dd)
+    corpora.append(dd)
+
+def _add(d):
+    dd = os.path.abspath(os.path.join(CORPORA_DIR, d))
+    if os.path.isdir(dd):
+        corpora.append(dd)
+
+def main():
+    _create(FUZZER)
+    _create(FUZZER + "-crash")
+    _add(FUZZER + "-seed")
+
+    cmd = ([os.path.abspath(os.path.join(THIS_DIR, FUZZER))]  + sys.argv[2:]
+           + ["-artifact_prefix=" + corpora[1] + "/"] + corpora)
+    print(" ".join(cmd))
+    subprocess.call(cmd)
+
+if __name__ == "__main__":
+    main()
diff --git a/trunk/3rdparty/openssl-1.1-fit/fuzz/mkfuzzoids.pl b/trunk/3rdparty/openssl-1.1-fit/fuzz/mkfuzzoids.pl
new file mode 100755
index 000000000..0153a031a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/fuzz/mkfuzzoids.pl
@@ -0,0 +1,32 @@
+#! /usr/bin/env perl
+# Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+my $obj_dat_h = $ARGV[0];
+
+# Output year depends on the date on the input file and the script.
+my $YEAR = [localtime([stat($0)]->[9])]->[5] + 1900;
+my $iYEAR = [localtime([stat($obj_dat_h)]->[9])]->[5] + 1900;
+$YEAR = $iYEAR if $iYEAR > $YEAR;
+
+open IN, '<', $obj_dat_h
+    || die "Couldn't open $obj_dat_h : $!\n";
+
+while(<IN>) {
+    s|\R$||;                    # Better chomp
+
+    next unless m|^\s+((0x[0-9A-F][0-9A-F],)*)\s+/\*\s\[\s*\d+\]\s(OBJ_\w+)\s\*/$|;
+
+    my $OID = $1;
+    my $OBJname = $3;
+
+    $OID =~ s|0x|\\x|g;
+    $OID =~ s|,||g;
+
+    print "$OBJname=\"$OID\"\n";
+}
+close IN;
diff --git a/trunk/3rdparty/openssl-1.1-fit/fuzz/oids.txt b/trunk/3rdparty/openssl-1.1-fit/fuzz/oids.txt
new file mode 100644
index 000000000..fe363fd37
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/fuzz/oids.txt
@@ -0,0 +1,1065 @@
+OBJ_rsadsi="\x2A\x86\x48\x86\xF7\x0D"
+OBJ_pkcs="\x2A\x86\x48\x86\xF7\x0D\x01"
+OBJ_md2="\x2A\x86\x48\x86\xF7\x0D\x02\x02"
+OBJ_md5="\x2A\x86\x48\x86\xF7\x0D\x02\x05"
+OBJ_rc4="\x2A\x86\x48\x86\xF7\x0D\x03\x04"
+OBJ_rsaEncryption="\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01"
+OBJ_md2WithRSAEncryption="\x2A\x86\x48\x86\xF7\x0D\x01\x01\x02"
+OBJ_md5WithRSAEncryption="\x2A\x86\x48\x86\xF7\x0D\x01\x01\x04"
+OBJ_pbeWithMD2AndDES_CBC="\x2A\x86\x48\x86\xF7\x0D\x01\x05\x01"
+OBJ_pbeWithMD5AndDES_CBC="\x2A\x86\x48\x86\xF7\x0D\x01\x05\x03"
+OBJ_X500="\x55"
+OBJ_X509="\x55\x04"
+OBJ_commonName="\x55\x04\x03"
+OBJ_countryName="\x55\x04\x06"
+OBJ_localityName="\x55\x04\x07"
+OBJ_stateOrProvinceName="\x55\x04\x08"
+OBJ_organizationName="\x55\x04\x0A"
+OBJ_organizationalUnitName="\x55\x04\x0B"
+OBJ_rsa="\x55\x08\x01\x01"
+OBJ_pkcs7="\x2A\x86\x48\x86\xF7\x0D\x01\x07"
+OBJ_pkcs7_data="\x2A\x86\x48\x86\xF7\x0D\x01\x07\x01"
+OBJ_pkcs7_signed="\x2A\x86\x48\x86\xF7\x0D\x01\x07\x02"
+OBJ_pkcs7_enveloped="\x2A\x86\x48\x86\xF7\x0D\x01\x07\x03"
+OBJ_pkcs7_signedAndEnveloped="\x2A\x86\x48\x86\xF7\x0D\x01\x07\x04"
+OBJ_pkcs7_digest="\x2A\x86\x48\x86\xF7\x0D\x01\x07\x05"
+OBJ_pkcs7_encrypted="\x2A\x86\x48\x86\xF7\x0D\x01\x07\x06"
+OBJ_pkcs3="\x2A\x86\x48\x86\xF7\x0D\x01\x03"
+OBJ_dhKeyAgreement="\x2A\x86\x48\x86\xF7\x0D\x01\x03\x01"
+OBJ_des_ecb="\x2B\x0E\x03\x02\x06"
+OBJ_des_cfb64="\x2B\x0E\x03\x02\x09"
+OBJ_des_cbc="\x2B\x0E\x03\x02\x07"
+OBJ_des_ede_ecb="\x2B\x0E\x03\x02\x11"
+OBJ_idea_cbc="\x2B\x06\x01\x04\x01\x81\x3C\x07\x01\x01\x02"
+OBJ_rc2_cbc="\x2A\x86\x48\x86\xF7\x0D\x03\x02"
+OBJ_sha="\x2B\x0E\x03\x02\x12"
+OBJ_shaWithRSAEncryption="\x2B\x0E\x03\x02\x0F"
+OBJ_des_ede3_cbc="\x2A\x86\x48\x86\xF7\x0D\x03\x07"
+OBJ_des_ofb64="\x2B\x0E\x03\x02\x08"
+OBJ_pkcs9="\x2A\x86\x48\x86\xF7\x0D\x01\x09"
+OBJ_pkcs9_emailAddress="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01"
+OBJ_pkcs9_unstructuredName="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x02"
+OBJ_pkcs9_contentType="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x03"
+OBJ_pkcs9_messageDigest="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x04"
+OBJ_pkcs9_signingTime="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x05"
+OBJ_pkcs9_countersignature="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x06"
+OBJ_pkcs9_challengePassword="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x07"
+OBJ_pkcs9_unstructuredAddress="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x08"
+OBJ_pkcs9_extCertAttributes="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x09"
+OBJ_netscape="\x60\x86\x48\x01\x86\xF8\x42"
+OBJ_netscape_cert_extension="\x60\x86\x48\x01\x86\xF8\x42\x01"
+OBJ_netscape_data_type="\x60\x86\x48\x01\x86\xF8\x42\x02"
+OBJ_sha1="\x2B\x0E\x03\x02\x1A"
+OBJ_sha1WithRSAEncryption="\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05"
+OBJ_dsaWithSHA="\x2B\x0E\x03\x02\x0D"
+OBJ_dsa_2="\x2B\x0E\x03\x02\x0C"
+OBJ_pbeWithSHA1AndRC2_CBC="\x2A\x86\x48\x86\xF7\x0D\x01\x05\x0B"
+OBJ_id_pbkdf2="\x2A\x86\x48\x86\xF7\x0D\x01\x05\x0C"
+OBJ_dsaWithSHA1_2="\x2B\x0E\x03\x02\x1B"
+OBJ_netscape_cert_type="\x60\x86\x48\x01\x86\xF8\x42\x01\x01"
+OBJ_netscape_base_url="\x60\x86\x48\x01\x86\xF8\x42\x01\x02"
+OBJ_netscape_revocation_url="\x60\x86\x48\x01\x86\xF8\x42\x01\x03"
+OBJ_netscape_ca_revocation_url="\x60\x86\x48\x01\x86\xF8\x42\x01\x04"
+OBJ_netscape_renewal_url="\x60\x86\x48\x01\x86\xF8\x42\x01\x07"
+OBJ_netscape_ca_policy_url="\x60\x86\x48\x01\x86\xF8\x42\x01\x08"
+OBJ_netscape_ssl_server_name="\x60\x86\x48\x01\x86\xF8\x42\x01\x0C"
+OBJ_netscape_comment="\x60\x86\x48\x01\x86\xF8\x42\x01\x0D"
+OBJ_netscape_cert_sequence="\x60\x86\x48\x01\x86\xF8\x42\x02\x05"
+OBJ_id_ce="\x55\x1D"
+OBJ_subject_key_identifier="\x55\x1D\x0E"
+OBJ_key_usage="\x55\x1D\x0F"
+OBJ_private_key_usage_period="\x55\x1D\x10"
+OBJ_subject_alt_name="\x55\x1D\x11"
+OBJ_issuer_alt_name="\x55\x1D\x12"
+OBJ_basic_constraints="\x55\x1D\x13"
+OBJ_crl_number="\x55\x1D\x14"
+OBJ_certificate_policies="\x55\x1D\x20"
+OBJ_authority_key_identifier="\x55\x1D\x23"
+OBJ_bf_cbc="\x2B\x06\x01\x04\x01\x97\x55\x01\x02"
+OBJ_mdc2="\x55\x08\x03\x65"
+OBJ_mdc2WithRSA="\x55\x08\x03\x64"
+OBJ_givenName="\x55\x04\x2A"
+OBJ_surname="\x55\x04\x04"
+OBJ_initials="\x55\x04\x2B"
+OBJ_uniqueIdentifier="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x2C"
+OBJ_crl_distribution_points="\x55\x1D\x1F"
+OBJ_md5WithRSA="\x2B\x0E\x03\x02\x03"
+OBJ_serialNumber="\x55\x04\x05"
+OBJ_title="\x55\x04\x0C"
+OBJ_description="\x55\x04\x0D"
+OBJ_cast5_cbc="\x2A\x86\x48\x86\xF6\x7D\x07\x42\x0A"
+OBJ_pbeWithMD5AndCast5_CBC="\x2A\x86\x48\x86\xF6\x7D\x07\x42\x0C"
+OBJ_dsaWithSHA1="\x2A\x86\x48\xCE\x38\x04\x03"
+OBJ_sha1WithRSA="\x2B\x0E\x03\x02\x1D"
+OBJ_dsa="\x2A\x86\x48\xCE\x38\x04\x01"
+OBJ_ripemd160="\x2B\x24\x03\x02\x01"
+OBJ_ripemd160WithRSA="\x2B\x24\x03\x03\x01\x02"
+OBJ_rc5_cbc="\x2A\x86\x48\x86\xF7\x0D\x03\x08"
+OBJ_zlib_compression="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x03\x08"
+OBJ_ext_key_usage="\x55\x1D\x25"
+OBJ_id_pkix="\x2B\x06\x01\x05\x05\x07"
+OBJ_id_kp="\x2B\x06\x01\x05\x05\x07\x03"
+OBJ_server_auth="\x2B\x06\x01\x05\x05\x07\x03\x01"
+OBJ_client_auth="\x2B\x06\x01\x05\x05\x07\x03\x02"
+OBJ_code_sign="\x2B\x06\x01\x05\x05\x07\x03\x03"
+OBJ_email_protect="\x2B\x06\x01\x05\x05\x07\x03\x04"
+OBJ_time_stamp="\x2B\x06\x01\x05\x05\x07\x03\x08"
+OBJ_ms_code_ind="\x2B\x06\x01\x04\x01\x82\x37\x02\x01\x15"
+OBJ_ms_code_com="\x2B\x06\x01\x04\x01\x82\x37\x02\x01\x16"
+OBJ_ms_ctl_sign="\x2B\x06\x01\x04\x01\x82\x37\x0A\x03\x01"
+OBJ_ms_sgc="\x2B\x06\x01\x04\x01\x82\x37\x0A\x03\x03"
+OBJ_ms_efs="\x2B\x06\x01\x04\x01\x82\x37\x0A\x03\x04"
+OBJ_ns_sgc="\x60\x86\x48\x01\x86\xF8\x42\x04\x01"
+OBJ_delta_crl="\x55\x1D\x1B"
+OBJ_crl_reason="\x55\x1D\x15"
+OBJ_invalidity_date="\x55\x1D\x18"
+OBJ_sxnet="\x2B\x65\x01\x04\x01"
+OBJ_pbe_WithSHA1And128BitRC4="\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x01\x01"
+OBJ_pbe_WithSHA1And40BitRC4="\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x01\x02"
+OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC="\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x01\x03"
+OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC="\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x01\x04"
+OBJ_pbe_WithSHA1And128BitRC2_CBC="\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x01\x05"
+OBJ_pbe_WithSHA1And40BitRC2_CBC="\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x01\x06"
+OBJ_keyBag="\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x0A\x01\x01"
+OBJ_pkcs8ShroudedKeyBag="\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x0A\x01\x02"
+OBJ_certBag="\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x0A\x01\x03"
+OBJ_crlBag="\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x0A\x01\x04"
+OBJ_secretBag="\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x0A\x01\x05"
+OBJ_safeContentsBag="\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x0A\x01\x06"
+OBJ_friendlyName="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x14"
+OBJ_localKeyID="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x15"
+OBJ_x509Certificate="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x16\x01"
+OBJ_sdsiCertificate="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x16\x02"
+OBJ_x509Crl="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x17\x01"
+OBJ_pbes2="\x2A\x86\x48\x86\xF7\x0D\x01\x05\x0D"
+OBJ_pbmac1="\x2A\x86\x48\x86\xF7\x0D\x01\x05\x0E"
+OBJ_hmacWithSHA1="\x2A\x86\x48\x86\xF7\x0D\x02\x07"
+OBJ_id_qt_cps="\x2B\x06\x01\x05\x05\x07\x02\x01"
+OBJ_id_qt_unotice="\x2B\x06\x01\x05\x05\x07\x02\x02"
+OBJ_SMIMECapabilities="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x0F"
+OBJ_pbeWithMD2AndRC2_CBC="\x2A\x86\x48\x86\xF7\x0D\x01\x05\x04"
+OBJ_pbeWithMD5AndRC2_CBC="\x2A\x86\x48\x86\xF7\x0D\x01\x05\x06"
+OBJ_pbeWithSHA1AndDES_CBC="\x2A\x86\x48\x86\xF7\x0D\x01\x05\x0A"
+OBJ_ms_ext_req="\x2B\x06\x01\x04\x01\x82\x37\x02\x01\x0E"
+OBJ_ext_req="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x0E"
+OBJ_name="\x55\x04\x29"
+OBJ_dnQualifier="\x55\x04\x2E"
+OBJ_id_pe="\x2B\x06\x01\x05\x05\x07\x01"
+OBJ_id_ad="\x2B\x06\x01\x05\x05\x07\x30"
+OBJ_info_access="\x2B\x06\x01\x05\x05\x07\x01\x01"
+OBJ_ad_OCSP="\x2B\x06\x01\x05\x05\x07\x30\x01"
+OBJ_ad_ca_issuers="\x2B\x06\x01\x05\x05\x07\x30\x02"
+OBJ_OCSP_sign="\x2B\x06\x01\x05\x05\x07\x03\x09"
+OBJ_member_body="\x2A"
+OBJ_ISO_US="\x2A\x86\x48"
+OBJ_X9_57="\x2A\x86\x48\xCE\x38"
+OBJ_X9cm="\x2A\x86\x48\xCE\x38\x04"
+OBJ_pkcs1="\x2A\x86\x48\x86\xF7\x0D\x01\x01"
+OBJ_pkcs5="\x2A\x86\x48\x86\xF7\x0D\x01\x05"
+OBJ_SMIME="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10"
+OBJ_id_smime_mod="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x00"
+OBJ_id_smime_ct="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01"
+OBJ_id_smime_aa="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02"
+OBJ_id_smime_alg="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x03"
+OBJ_id_smime_cd="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x04"
+OBJ_id_smime_spq="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x05"
+OBJ_id_smime_cti="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x06"
+OBJ_id_smime_mod_cms="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x00\x01"
+OBJ_id_smime_mod_ess="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x00\x02"
+OBJ_id_smime_mod_oid="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x00\x03"
+OBJ_id_smime_mod_msg_v3="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x00\x04"
+OBJ_id_smime_mod_ets_eSignature_88="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x00\x05"
+OBJ_id_smime_mod_ets_eSignature_97="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x00\x06"
+OBJ_id_smime_mod_ets_eSigPolicy_88="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x00\x07"
+OBJ_id_smime_mod_ets_eSigPolicy_97="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x00\x08"
+OBJ_id_smime_ct_receipt="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x01"
+OBJ_id_smime_ct_authData="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x02"
+OBJ_id_smime_ct_publishCert="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x03"
+OBJ_id_smime_ct_TSTInfo="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x04"
+OBJ_id_smime_ct_TDTInfo="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x05"
+OBJ_id_smime_ct_contentInfo="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x06"
+OBJ_id_smime_ct_DVCSRequestData="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x07"
+OBJ_id_smime_ct_DVCSResponseData="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x08"
+OBJ_id_smime_aa_receiptRequest="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x01"
+OBJ_id_smime_aa_securityLabel="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x02"
+OBJ_id_smime_aa_mlExpandHistory="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x03"
+OBJ_id_smime_aa_contentHint="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x04"
+OBJ_id_smime_aa_msgSigDigest="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x05"
+OBJ_id_smime_aa_encapContentType="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x06"
+OBJ_id_smime_aa_contentIdentifier="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x07"
+OBJ_id_smime_aa_macValue="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x08"
+OBJ_id_smime_aa_equivalentLabels="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x09"
+OBJ_id_smime_aa_contentReference="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x0A"
+OBJ_id_smime_aa_encrypKeyPref="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x0B"
+OBJ_id_smime_aa_signingCertificate="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x0C"
+OBJ_id_smime_aa_smimeEncryptCerts="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x0D"
+OBJ_id_smime_aa_timeStampToken="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x0E"
+OBJ_id_smime_aa_ets_sigPolicyId="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x0F"
+OBJ_id_smime_aa_ets_commitmentType="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x10"
+OBJ_id_smime_aa_ets_signerLocation="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x11"
+OBJ_id_smime_aa_ets_signerAttr="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x12"
+OBJ_id_smime_aa_ets_otherSigCert="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x13"
+OBJ_id_smime_aa_ets_contentTimestamp="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x14"
+OBJ_id_smime_aa_ets_CertificateRefs="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x15"
+OBJ_id_smime_aa_ets_RevocationRefs="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x16"
+OBJ_id_smime_aa_ets_certValues="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x17"
+OBJ_id_smime_aa_ets_revocationValues="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x18"
+OBJ_id_smime_aa_ets_escTimeStamp="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x19"
+OBJ_id_smime_aa_ets_certCRLTimestamp="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x1A"
+OBJ_id_smime_aa_ets_archiveTimeStamp="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x1B"
+OBJ_id_smime_aa_signatureType="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x1C"
+OBJ_id_smime_aa_dvcs_dvc="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x1D"
+OBJ_id_smime_alg_ESDHwith3DES="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x03\x01"
+OBJ_id_smime_alg_ESDHwithRC2="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x03\x02"
+OBJ_id_smime_alg_3DESwrap="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x03\x03"
+OBJ_id_smime_alg_RC2wrap="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x03\x04"
+OBJ_id_smime_alg_ESDH="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x03\x05"
+OBJ_id_smime_alg_CMS3DESwrap="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x03\x06"
+OBJ_id_smime_alg_CMSRC2wrap="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x03\x07"
+OBJ_id_smime_cd_ldap="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x04\x01"
+OBJ_id_smime_spq_ets_sqt_uri="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x05\x01"
+OBJ_id_smime_spq_ets_sqt_unotice="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x05\x02"
+OBJ_id_smime_cti_ets_proofOfOrigin="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x06\x01"
+OBJ_id_smime_cti_ets_proofOfReceipt="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x06\x02"
+OBJ_id_smime_cti_ets_proofOfDelivery="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x06\x03"
+OBJ_id_smime_cti_ets_proofOfSender="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x06\x04"
+OBJ_id_smime_cti_ets_proofOfApproval="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x06\x05"
+OBJ_id_smime_cti_ets_proofOfCreation="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x06\x06"
+OBJ_md4="\x2A\x86\x48\x86\xF7\x0D\x02\x04"
+OBJ_id_pkix_mod="\x2B\x06\x01\x05\x05\x07\x00"
+OBJ_id_qt="\x2B\x06\x01\x05\x05\x07\x02"
+OBJ_id_it="\x2B\x06\x01\x05\x05\x07\x04"
+OBJ_id_pkip="\x2B\x06\x01\x05\x05\x07\x05"
+OBJ_id_alg="\x2B\x06\x01\x05\x05\x07\x06"
+OBJ_id_cmc="\x2B\x06\x01\x05\x05\x07\x07"
+OBJ_id_on="\x2B\x06\x01\x05\x05\x07\x08"
+OBJ_id_pda="\x2B\x06\x01\x05\x05\x07\x09"
+OBJ_id_aca="\x2B\x06\x01\x05\x05\x07\x0A"
+OBJ_id_qcs="\x2B\x06\x01\x05\x05\x07\x0B"
+OBJ_id_cct="\x2B\x06\x01\x05\x05\x07\x0C"
+OBJ_id_pkix1_explicit_88="\x2B\x06\x01\x05\x05\x07\x00\x01"
+OBJ_id_pkix1_implicit_88="\x2B\x06\x01\x05\x05\x07\x00\x02"
+OBJ_id_pkix1_explicit_93="\x2B\x06\x01\x05\x05\x07\x00\x03"
+OBJ_id_pkix1_implicit_93="\x2B\x06\x01\x05\x05\x07\x00\x04"
+OBJ_id_mod_crmf="\x2B\x06\x01\x05\x05\x07\x00\x05"
+OBJ_id_mod_cmc="\x2B\x06\x01\x05\x05\x07\x00\x06"
+OBJ_id_mod_kea_profile_88="\x2B\x06\x01\x05\x05\x07\x00\x07"
+OBJ_id_mod_kea_profile_93="\x2B\x06\x01\x05\x05\x07\x00\x08"
+OBJ_id_mod_cmp="\x2B\x06\x01\x05\x05\x07\x00\x09"
+OBJ_id_mod_qualified_cert_88="\x2B\x06\x01\x05\x05\x07\x00\x0A"
+OBJ_id_mod_qualified_cert_93="\x2B\x06\x01\x05\x05\x07\x00\x0B"
+OBJ_id_mod_attribute_cert="\x2B\x06\x01\x05\x05\x07\x00\x0C"
+OBJ_id_mod_timestamp_protocol="\x2B\x06\x01\x05\x05\x07\x00\x0D"
+OBJ_id_mod_ocsp="\x2B\x06\x01\x05\x05\x07\x00\x0E"
+OBJ_id_mod_dvcs="\x2B\x06\x01\x05\x05\x07\x00\x0F"
+OBJ_id_mod_cmp2000="\x2B\x06\x01\x05\x05\x07\x00\x10"
+OBJ_biometricInfo="\x2B\x06\x01\x05\x05\x07\x01\x02"
+OBJ_qcStatements="\x2B\x06\x01\x05\x05\x07\x01\x03"
+OBJ_ac_auditEntity="\x2B\x06\x01\x05\x05\x07\x01\x04"
+OBJ_ac_targeting="\x2B\x06\x01\x05\x05\x07\x01\x05"
+OBJ_aaControls="\x2B\x06\x01\x05\x05\x07\x01\x06"
+OBJ_sbgp_ipAddrBlock="\x2B\x06\x01\x05\x05\x07\x01\x07"
+OBJ_sbgp_autonomousSysNum="\x2B\x06\x01\x05\x05\x07\x01\x08"
+OBJ_sbgp_routerIdentifier="\x2B\x06\x01\x05\x05\x07\x01\x09"
+OBJ_textNotice="\x2B\x06\x01\x05\x05\x07\x02\x03"
+OBJ_ipsecEndSystem="\x2B\x06\x01\x05\x05\x07\x03\x05"
+OBJ_ipsecTunnel="\x2B\x06\x01\x05\x05\x07\x03\x06"
+OBJ_ipsecUser="\x2B\x06\x01\x05\x05\x07\x03\x07"
+OBJ_dvcs="\x2B\x06\x01\x05\x05\x07\x03\x0A"
+OBJ_id_it_caProtEncCert="\x2B\x06\x01\x05\x05\x07\x04\x01"
+OBJ_id_it_signKeyPairTypes="\x2B\x06\x01\x05\x05\x07\x04\x02"
+OBJ_id_it_encKeyPairTypes="\x2B\x06\x01\x05\x05\x07\x04\x03"
+OBJ_id_it_preferredSymmAlg="\x2B\x06\x01\x05\x05\x07\x04\x04"
+OBJ_id_it_caKeyUpdateInfo="\x2B\x06\x01\x05\x05\x07\x04\x05"
+OBJ_id_it_currentCRL="\x2B\x06\x01\x05\x05\x07\x04\x06"
+OBJ_id_it_unsupportedOIDs="\x2B\x06\x01\x05\x05\x07\x04\x07"
+OBJ_id_it_subscriptionRequest="\x2B\x06\x01\x05\x05\x07\x04\x08"
+OBJ_id_it_subscriptionResponse="\x2B\x06\x01\x05\x05\x07\x04\x09"
+OBJ_id_it_keyPairParamReq="\x2B\x06\x01\x05\x05\x07\x04\x0A"
+OBJ_id_it_keyPairParamRep="\x2B\x06\x01\x05\x05\x07\x04\x0B"
+OBJ_id_it_revPassphrase="\x2B\x06\x01\x05\x05\x07\x04\x0C"
+OBJ_id_it_implicitConfirm="\x2B\x06\x01\x05\x05\x07\x04\x0D"
+OBJ_id_it_confirmWaitTime="\x2B\x06\x01\x05\x05\x07\x04\x0E"
+OBJ_id_it_origPKIMessage="\x2B\x06\x01\x05\x05\x07\x04\x0F"
+OBJ_id_regCtrl="\x2B\x06\x01\x05\x05\x07\x05\x01"
+OBJ_id_regInfo="\x2B\x06\x01\x05\x05\x07\x05\x02"
+OBJ_id_regCtrl_regToken="\x2B\x06\x01\x05\x05\x07\x05\x01\x01"
+OBJ_id_regCtrl_authenticator="\x2B\x06\x01\x05\x05\x07\x05\x01\x02"
+OBJ_id_regCtrl_pkiPublicationInfo="\x2B\x06\x01\x05\x05\x07\x05\x01\x03"
+OBJ_id_regCtrl_pkiArchiveOptions="\x2B\x06\x01\x05\x05\x07\x05\x01\x04"
+OBJ_id_regCtrl_oldCertID="\x2B\x06\x01\x05\x05\x07\x05\x01\x05"
+OBJ_id_regCtrl_protocolEncrKey="\x2B\x06\x01\x05\x05\x07\x05\x01\x06"
+OBJ_id_regInfo_utf8Pairs="\x2B\x06\x01\x05\x05\x07\x05\x02\x01"
+OBJ_id_regInfo_certReq="\x2B\x06\x01\x05\x05\x07\x05\x02\x02"
+OBJ_id_alg_des40="\x2B\x06\x01\x05\x05\x07\x06\x01"
+OBJ_id_alg_noSignature="\x2B\x06\x01\x05\x05\x07\x06\x02"
+OBJ_id_alg_dh_sig_hmac_sha1="\x2B\x06\x01\x05\x05\x07\x06\x03"
+OBJ_id_alg_dh_pop="\x2B\x06\x01\x05\x05\x07\x06\x04"
+OBJ_id_cmc_statusInfo="\x2B\x06\x01\x05\x05\x07\x07\x01"
+OBJ_id_cmc_identification="\x2B\x06\x01\x05\x05\x07\x07\x02"
+OBJ_id_cmc_identityProof="\x2B\x06\x01\x05\x05\x07\x07\x03"
+OBJ_id_cmc_dataReturn="\x2B\x06\x01\x05\x05\x07\x07\x04"
+OBJ_id_cmc_transactionId="\x2B\x06\x01\x05\x05\x07\x07\x05"
+OBJ_id_cmc_senderNonce="\x2B\x06\x01\x05\x05\x07\x07\x06"
+OBJ_id_cmc_recipientNonce="\x2B\x06\x01\x05\x05\x07\x07\x07"
+OBJ_id_cmc_addExtensions="\x2B\x06\x01\x05\x05\x07\x07\x08"
+OBJ_id_cmc_encryptedPOP="\x2B\x06\x01\x05\x05\x07\x07\x09"
+OBJ_id_cmc_decryptedPOP="\x2B\x06\x01\x05\x05\x07\x07\x0A"
+OBJ_id_cmc_lraPOPWitness="\x2B\x06\x01\x05\x05\x07\x07\x0B"
+OBJ_id_cmc_getCert="\x2B\x06\x01\x05\x05\x07\x07\x0F"
+OBJ_id_cmc_getCRL="\x2B\x06\x01\x05\x05\x07\x07\x10"
+OBJ_id_cmc_revokeRequest="\x2B\x06\x01\x05\x05\x07\x07\x11"
+OBJ_id_cmc_regInfo="\x2B\x06\x01\x05\x05\x07\x07\x12"
+OBJ_id_cmc_responseInfo="\x2B\x06\x01\x05\x05\x07\x07\x13"
+OBJ_id_cmc_queryPending="\x2B\x06\x01\x05\x05\x07\x07\x15"
+OBJ_id_cmc_popLinkRandom="\x2B\x06\x01\x05\x05\x07\x07\x16"
+OBJ_id_cmc_popLinkWitness="\x2B\x06\x01\x05\x05\x07\x07\x17"
+OBJ_id_cmc_confirmCertAcceptance="\x2B\x06\x01\x05\x05\x07\x07\x18"
+OBJ_id_on_personalData="\x2B\x06\x01\x05\x05\x07\x08\x01"
+OBJ_id_pda_dateOfBirth="\x2B\x06\x01\x05\x05\x07\x09\x01"
+OBJ_id_pda_placeOfBirth="\x2B\x06\x01\x05\x05\x07\x09\x02"
+OBJ_id_pda_gender="\x2B\x06\x01\x05\x05\x07\x09\x03"
+OBJ_id_pda_countryOfCitizenship="\x2B\x06\x01\x05\x05\x07\x09\x04"
+OBJ_id_pda_countryOfResidence="\x2B\x06\x01\x05\x05\x07\x09\x05"
+OBJ_id_aca_authenticationInfo="\x2B\x06\x01\x05\x05\x07\x0A\x01"
+OBJ_id_aca_accessIdentity="\x2B\x06\x01\x05\x05\x07\x0A\x02"
+OBJ_id_aca_chargingIdentity="\x2B\x06\x01\x05\x05\x07\x0A\x03"
+OBJ_id_aca_group="\x2B\x06\x01\x05\x05\x07\x0A\x04"
+OBJ_id_aca_role="\x2B\x06\x01\x05\x05\x07\x0A\x05"
+OBJ_id_qcs_pkixQCSyntax_v1="\x2B\x06\x01\x05\x05\x07\x0B\x01"
+OBJ_id_cct_crs="\x2B\x06\x01\x05\x05\x07\x0C\x01"
+OBJ_id_cct_PKIData="\x2B\x06\x01\x05\x05\x07\x0C\x02"
+OBJ_id_cct_PKIResponse="\x2B\x06\x01\x05\x05\x07\x0C\x03"
+OBJ_ad_timeStamping="\x2B\x06\x01\x05\x05\x07\x30\x03"
+OBJ_ad_dvcs="\x2B\x06\x01\x05\x05\x07\x30\x04"
+OBJ_id_pkix_OCSP_basic="\x2B\x06\x01\x05\x05\x07\x30\x01\x01"
+OBJ_id_pkix_OCSP_Nonce="\x2B\x06\x01\x05\x05\x07\x30\x01\x02"
+OBJ_id_pkix_OCSP_CrlID="\x2B\x06\x01\x05\x05\x07\x30\x01\x03"
+OBJ_id_pkix_OCSP_acceptableResponses="\x2B\x06\x01\x05\x05\x07\x30\x01\x04"
+OBJ_id_pkix_OCSP_noCheck="\x2B\x06\x01\x05\x05\x07\x30\x01\x05"
+OBJ_id_pkix_OCSP_archiveCutoff="\x2B\x06\x01\x05\x05\x07\x30\x01\x06"
+OBJ_id_pkix_OCSP_serviceLocator="\x2B\x06\x01\x05\x05\x07\x30\x01\x07"
+OBJ_id_pkix_OCSP_extendedStatus="\x2B\x06\x01\x05\x05\x07\x30\x01\x08"
+OBJ_id_pkix_OCSP_valid="\x2B\x06\x01\x05\x05\x07\x30\x01\x09"
+OBJ_id_pkix_OCSP_path="\x2B\x06\x01\x05\x05\x07\x30\x01\x0A"
+OBJ_id_pkix_OCSP_trustRoot="\x2B\x06\x01\x05\x05\x07\x30\x01\x0B"
+OBJ_algorithm="\x2B\x0E\x03\x02"
+OBJ_rsaSignature="\x2B\x0E\x03\x02\x0B"
+OBJ_X500algorithms="\x55\x08"
+OBJ_org="\x2B"
+OBJ_dod="\x2B\x06"
+OBJ_iana="\x2B\x06\x01"
+OBJ_Directory="\x2B\x06\x01\x01"
+OBJ_Management="\x2B\x06\x01\x02"
+OBJ_Experimental="\x2B\x06\x01\x03"
+OBJ_Private="\x2B\x06\x01\x04"
+OBJ_Security="\x2B\x06\x01\x05"
+OBJ_SNMPv2="\x2B\x06\x01\x06"
+OBJ_Mail="\x2B\x06\x01\x07"
+OBJ_Enterprises="\x2B\x06\x01\x04\x01"
+OBJ_dcObject="\x2B\x06\x01\x04\x01\x8B\x3A\x82\x58"
+OBJ_domainComponent="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x19"
+OBJ_Domain="\x09\x92\x26\x89\x93\xF2\x2C\x64\x04\x0D"
+OBJ_selected_attribute_types="\x55\x01\x05"
+OBJ_clearance="\x55\x01\x05\x37"
+OBJ_md4WithRSAEncryption="\x2A\x86\x48\x86\xF7\x0D\x01\x01\x03"
+OBJ_ac_proxying="\x2B\x06\x01\x05\x05\x07\x01\x0A"
+OBJ_sinfo_access="\x2B\x06\x01\x05\x05\x07\x01\x0B"
+OBJ_id_aca_encAttrs="\x2B\x06\x01\x05\x05\x07\x0A\x06"
+OBJ_role="\x55\x04\x48"
+OBJ_policy_constraints="\x55\x1D\x24"
+OBJ_target_information="\x55\x1D\x37"
+OBJ_no_rev_avail="\x55\x1D\x38"
+OBJ_ansi_X9_62="\x2A\x86\x48\xCE\x3D"
+OBJ_X9_62_prime_field="\x2A\x86\x48\xCE\x3D\x01\x01"
+OBJ_X9_62_characteristic_two_field="\x2A\x86\x48\xCE\x3D\x01\x02"
+OBJ_X9_62_id_ecPublicKey="\x2A\x86\x48\xCE\x3D\x02\x01"
+OBJ_X9_62_prime192v1="\x2A\x86\x48\xCE\x3D\x03\x01\x01"
+OBJ_X9_62_prime192v2="\x2A\x86\x48\xCE\x3D\x03\x01\x02"
+OBJ_X9_62_prime192v3="\x2A\x86\x48\xCE\x3D\x03\x01\x03"
+OBJ_X9_62_prime239v1="\x2A\x86\x48\xCE\x3D\x03\x01\x04"
+OBJ_X9_62_prime239v2="\x2A\x86\x48\xCE\x3D\x03\x01\x05"
+OBJ_X9_62_prime239v3="\x2A\x86\x48\xCE\x3D\x03\x01\x06"
+OBJ_X9_62_prime256v1="\x2A\x86\x48\xCE\x3D\x03\x01\x07"
+OBJ_ecdsa_with_SHA1="\x2A\x86\x48\xCE\x3D\x04\x01"
+OBJ_ms_csp_name="\x2B\x06\x01\x04\x01\x82\x37\x11\x01"
+OBJ_aes_128_ecb="\x60\x86\x48\x01\x65\x03\x04\x01\x01"
+OBJ_aes_128_cbc="\x60\x86\x48\x01\x65\x03\x04\x01\x02"
+OBJ_aes_128_ofb128="\x60\x86\x48\x01\x65\x03\x04\x01\x03"
+OBJ_aes_128_cfb128="\x60\x86\x48\x01\x65\x03\x04\x01\x04"
+OBJ_aes_192_ecb="\x60\x86\x48\x01\x65\x03\x04\x01\x15"
+OBJ_aes_192_cbc="\x60\x86\x48\x01\x65\x03\x04\x01\x16"
+OBJ_aes_192_ofb128="\x60\x86\x48\x01\x65\x03\x04\x01\x17"
+OBJ_aes_192_cfb128="\x60\x86\x48\x01\x65\x03\x04\x01\x18"
+OBJ_aes_256_ecb="\x60\x86\x48\x01\x65\x03\x04\x01\x29"
+OBJ_aes_256_cbc="\x60\x86\x48\x01\x65\x03\x04\x01\x2A"
+OBJ_aes_256_ofb128="\x60\x86\x48\x01\x65\x03\x04\x01\x2B"
+OBJ_aes_256_cfb128="\x60\x86\x48\x01\x65\x03\x04\x01\x2C"
+OBJ_hold_instruction_code="\x55\x1D\x17"
+OBJ_hold_instruction_none="\x2A\x86\x48\xCE\x38\x02\x01"
+OBJ_hold_instruction_call_issuer="\x2A\x86\x48\xCE\x38\x02\x02"
+OBJ_hold_instruction_reject="\x2A\x86\x48\xCE\x38\x02\x03"
+OBJ_data="\x09"
+OBJ_pss="\x09\x92\x26"
+OBJ_ucl="\x09\x92\x26\x89\x93\xF2\x2C"
+OBJ_pilot="\x09\x92\x26\x89\x93\xF2\x2C\x64"
+OBJ_pilotAttributeType="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01"
+OBJ_pilotAttributeSyntax="\x09\x92\x26\x89\x93\xF2\x2C\x64\x03"
+OBJ_pilotObjectClass="\x09\x92\x26\x89\x93\xF2\x2C\x64\x04"
+OBJ_pilotGroups="\x09\x92\x26\x89\x93\xF2\x2C\x64\x0A"
+OBJ_iA5StringSyntax="\x09\x92\x26\x89\x93\xF2\x2C\x64\x03\x04"
+OBJ_caseIgnoreIA5StringSyntax="\x09\x92\x26\x89\x93\xF2\x2C\x64\x03\x05"
+OBJ_pilotObject="\x09\x92\x26\x89\x93\xF2\x2C\x64\x04\x03"
+OBJ_pilotPerson="\x09\x92\x26\x89\x93\xF2\x2C\x64\x04\x04"
+OBJ_account="\x09\x92\x26\x89\x93\xF2\x2C\x64\x04\x05"
+OBJ_document="\x09\x92\x26\x89\x93\xF2\x2C\x64\x04\x06"
+OBJ_room="\x09\x92\x26\x89\x93\xF2\x2C\x64\x04\x07"
+OBJ_documentSeries="\x09\x92\x26\x89\x93\xF2\x2C\x64\x04\x09"
+OBJ_rFC822localPart="\x09\x92\x26\x89\x93\xF2\x2C\x64\x04\x0E"
+OBJ_dNSDomain="\x09\x92\x26\x89\x93\xF2\x2C\x64\x04\x0F"
+OBJ_domainRelatedObject="\x09\x92\x26\x89\x93\xF2\x2C\x64\x04\x11"
+OBJ_friendlyCountry="\x09\x92\x26\x89\x93\xF2\x2C\x64\x04\x12"
+OBJ_simpleSecurityObject="\x09\x92\x26\x89\x93\xF2\x2C\x64\x04\x13"
+OBJ_pilotOrganization="\x09\x92\x26\x89\x93\xF2\x2C\x64\x04\x14"
+OBJ_pilotDSA="\x09\x92\x26\x89\x93\xF2\x2C\x64\x04\x15"
+OBJ_qualityLabelledData="\x09\x92\x26\x89\x93\xF2\x2C\x64\x04\x16"
+OBJ_userId="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x01"
+OBJ_textEncodedORAddress="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x02"
+OBJ_rfc822Mailbox="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x03"
+OBJ_info="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x04"
+OBJ_favouriteDrink="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x05"
+OBJ_roomNumber="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x06"
+OBJ_photo="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x07"
+OBJ_userClass="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x08"
+OBJ_host="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x09"
+OBJ_manager="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x0A"
+OBJ_documentIdentifier="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x0B"
+OBJ_documentTitle="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x0C"
+OBJ_documentVersion="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x0D"
+OBJ_documentAuthor="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x0E"
+OBJ_documentLocation="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x0F"
+OBJ_homeTelephoneNumber="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x14"
+OBJ_secretary="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x15"
+OBJ_otherMailbox="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x16"
+OBJ_lastModifiedTime="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x17"
+OBJ_lastModifiedBy="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x18"
+OBJ_aRecord="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x1A"
+OBJ_pilotAttributeType27="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x1B"
+OBJ_mXRecord="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x1C"
+OBJ_nSRecord="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x1D"
+OBJ_sOARecord="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x1E"
+OBJ_cNAMERecord="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x1F"
+OBJ_associatedDomain="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x25"
+OBJ_associatedName="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x26"
+OBJ_homePostalAddress="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x27"
+OBJ_personalTitle="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x28"
+OBJ_mobileTelephoneNumber="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x29"
+OBJ_pagerTelephoneNumber="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x2A"
+OBJ_friendlyCountryName="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x2B"
+OBJ_organizationalStatus="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x2D"
+OBJ_janetMailbox="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x2E"
+OBJ_mailPreferenceOption="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x2F"
+OBJ_buildingName="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x30"
+OBJ_dSAQuality="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x31"
+OBJ_singleLevelQuality="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x32"
+OBJ_subtreeMinimumQuality="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x33"
+OBJ_subtreeMaximumQuality="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x34"
+OBJ_personalSignature="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x35"
+OBJ_dITRedirect="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x36"
+OBJ_audio="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x37"
+OBJ_documentPublisher="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x38"
+OBJ_x500UniqueIdentifier="\x55\x04\x2D"
+OBJ_mime_mhs="\x2B\x06\x01\x07\x01"
+OBJ_mime_mhs_headings="\x2B\x06\x01\x07\x01\x01"
+OBJ_mime_mhs_bodies="\x2B\x06\x01\x07\x01\x02"
+OBJ_id_hex_partial_message="\x2B\x06\x01\x07\x01\x01\x01"
+OBJ_id_hex_multipart_message="\x2B\x06\x01\x07\x01\x01\x02"
+OBJ_generationQualifier="\x55\x04\x2C"
+OBJ_pseudonym="\x55\x04\x41"
+OBJ_id_set="\x67\x2A"
+OBJ_set_ctype="\x67\x2A\x00"
+OBJ_set_msgExt="\x67\x2A\x01"
+OBJ_set_attr="\x67\x2A\x03"
+OBJ_set_policy="\x67\x2A\x05"
+OBJ_set_certExt="\x67\x2A\x07"
+OBJ_set_brand="\x67\x2A\x08"
+OBJ_setct_PANData="\x67\x2A\x00\x00"
+OBJ_setct_PANToken="\x67\x2A\x00\x01"
+OBJ_setct_PANOnly="\x67\x2A\x00\x02"
+OBJ_setct_OIData="\x67\x2A\x00\x03"
+OBJ_setct_PI="\x67\x2A\x00\x04"
+OBJ_setct_PIData="\x67\x2A\x00\x05"
+OBJ_setct_PIDataUnsigned="\x67\x2A\x00\x06"
+OBJ_setct_HODInput="\x67\x2A\x00\x07"
+OBJ_setct_AuthResBaggage="\x67\x2A\x00\x08"
+OBJ_setct_AuthRevReqBaggage="\x67\x2A\x00\x09"
+OBJ_setct_AuthRevResBaggage="\x67\x2A\x00\x0A"
+OBJ_setct_CapTokenSeq="\x67\x2A\x00\x0B"
+OBJ_setct_PInitResData="\x67\x2A\x00\x0C"
+OBJ_setct_PI_TBS="\x67\x2A\x00\x0D"
+OBJ_setct_PResData="\x67\x2A\x00\x0E"
+OBJ_setct_AuthReqTBS="\x67\x2A\x00\x10"
+OBJ_setct_AuthResTBS="\x67\x2A\x00\x11"
+OBJ_setct_AuthResTBSX="\x67\x2A\x00\x12"
+OBJ_setct_AuthTokenTBS="\x67\x2A\x00\x13"
+OBJ_setct_CapTokenData="\x67\x2A\x00\x14"
+OBJ_setct_CapTokenTBS="\x67\x2A\x00\x15"
+OBJ_setct_AcqCardCodeMsg="\x67\x2A\x00\x16"
+OBJ_setct_AuthRevReqTBS="\x67\x2A\x00\x17"
+OBJ_setct_AuthRevResData="\x67\x2A\x00\x18"
+OBJ_setct_AuthRevResTBS="\x67\x2A\x00\x19"
+OBJ_setct_CapReqTBS="\x67\x2A\x00\x1A"
+OBJ_setct_CapReqTBSX="\x67\x2A\x00\x1B"
+OBJ_setct_CapResData="\x67\x2A\x00\x1C"
+OBJ_setct_CapRevReqTBS="\x67\x2A\x00\x1D"
+OBJ_setct_CapRevReqTBSX="\x67\x2A\x00\x1E"
+OBJ_setct_CapRevResData="\x67\x2A\x00\x1F"
+OBJ_setct_CredReqTBS="\x67\x2A\x00\x20"
+OBJ_setct_CredReqTBSX="\x67\x2A\x00\x21"
+OBJ_setct_CredResData="\x67\x2A\x00\x22"
+OBJ_setct_CredRevReqTBS="\x67\x2A\x00\x23"
+OBJ_setct_CredRevReqTBSX="\x67\x2A\x00\x24"
+OBJ_setct_CredRevResData="\x67\x2A\x00\x25"
+OBJ_setct_PCertReqData="\x67\x2A\x00\x26"
+OBJ_setct_PCertResTBS="\x67\x2A\x00\x27"
+OBJ_setct_BatchAdminReqData="\x67\x2A\x00\x28"
+OBJ_setct_BatchAdminResData="\x67\x2A\x00\x29"
+OBJ_setct_CardCInitResTBS="\x67\x2A\x00\x2A"
+OBJ_setct_MeAqCInitResTBS="\x67\x2A\x00\x2B"
+OBJ_setct_RegFormResTBS="\x67\x2A\x00\x2C"
+OBJ_setct_CertReqData="\x67\x2A\x00\x2D"
+OBJ_setct_CertReqTBS="\x67\x2A\x00\x2E"
+OBJ_setct_CertResData="\x67\x2A\x00\x2F"
+OBJ_setct_CertInqReqTBS="\x67\x2A\x00\x30"
+OBJ_setct_ErrorTBS="\x67\x2A\x00\x31"
+OBJ_setct_PIDualSignedTBE="\x67\x2A\x00\x32"
+OBJ_setct_PIUnsignedTBE="\x67\x2A\x00\x33"
+OBJ_setct_AuthReqTBE="\x67\x2A\x00\x34"
+OBJ_setct_AuthResTBE="\x67\x2A\x00\x35"
+OBJ_setct_AuthResTBEX="\x67\x2A\x00\x36"
+OBJ_setct_AuthTokenTBE="\x67\x2A\x00\x37"
+OBJ_setct_CapTokenTBE="\x67\x2A\x00\x38"
+OBJ_setct_CapTokenTBEX="\x67\x2A\x00\x39"
+OBJ_setct_AcqCardCodeMsgTBE="\x67\x2A\x00\x3A"
+OBJ_setct_AuthRevReqTBE="\x67\x2A\x00\x3B"
+OBJ_setct_AuthRevResTBE="\x67\x2A\x00\x3C"
+OBJ_setct_AuthRevResTBEB="\x67\x2A\x00\x3D"
+OBJ_setct_CapReqTBE="\x67\x2A\x00\x3E"
+OBJ_setct_CapReqTBEX="\x67\x2A\x00\x3F"
+OBJ_setct_CapResTBE="\x67\x2A\x00\x40"
+OBJ_setct_CapRevReqTBE="\x67\x2A\x00\x41"
+OBJ_setct_CapRevReqTBEX="\x67\x2A\x00\x42"
+OBJ_setct_CapRevResTBE="\x67\x2A\x00\x43"
+OBJ_setct_CredReqTBE="\x67\x2A\x00\x44"
+OBJ_setct_CredReqTBEX="\x67\x2A\x00\x45"
+OBJ_setct_CredResTBE="\x67\x2A\x00\x46"
+OBJ_setct_CredRevReqTBE="\x67\x2A\x00\x47"
+OBJ_setct_CredRevReqTBEX="\x67\x2A\x00\x48"
+OBJ_setct_CredRevResTBE="\x67\x2A\x00\x49"
+OBJ_setct_BatchAdminReqTBE="\x67\x2A\x00\x4A"
+OBJ_setct_BatchAdminResTBE="\x67\x2A\x00\x4B"
+OBJ_setct_RegFormReqTBE="\x67\x2A\x00\x4C"
+OBJ_setct_CertReqTBE="\x67\x2A\x00\x4D"
+OBJ_setct_CertReqTBEX="\x67\x2A\x00\x4E"
+OBJ_setct_CertResTBE="\x67\x2A\x00\x4F"
+OBJ_setct_CRLNotificationTBS="\x67\x2A\x00\x50"
+OBJ_setct_CRLNotificationResTBS="\x67\x2A\x00\x51"
+OBJ_setct_BCIDistributionTBS="\x67\x2A\x00\x52"
+OBJ_setext_genCrypt="\x67\x2A\x01\x01"
+OBJ_setext_miAuth="\x67\x2A\x01\x03"
+OBJ_setext_pinSecure="\x67\x2A\x01\x04"
+OBJ_setext_pinAny="\x67\x2A\x01\x05"
+OBJ_setext_track2="\x67\x2A\x01\x07"
+OBJ_setext_cv="\x67\x2A\x01\x08"
+OBJ_set_policy_root="\x67\x2A\x05\x00"
+OBJ_setCext_hashedRoot="\x67\x2A\x07\x00"
+OBJ_setCext_certType="\x67\x2A\x07\x01"
+OBJ_setCext_merchData="\x67\x2A\x07\x02"
+OBJ_setCext_cCertRequired="\x67\x2A\x07\x03"
+OBJ_setCext_tunneling="\x67\x2A\x07\x04"
+OBJ_setCext_setExt="\x67\x2A\x07\x05"
+OBJ_setCext_setQualf="\x67\x2A\x07\x06"
+OBJ_setCext_PGWYcapabilities="\x67\x2A\x07\x07"
+OBJ_setCext_TokenIdentifier="\x67\x2A\x07\x08"
+OBJ_setCext_Track2Data="\x67\x2A\x07\x09"
+OBJ_setCext_TokenType="\x67\x2A\x07\x0A"
+OBJ_setCext_IssuerCapabilities="\x67\x2A\x07\x0B"
+OBJ_setAttr_Cert="\x67\x2A\x03\x00"
+OBJ_setAttr_PGWYcap="\x67\x2A\x03\x01"
+OBJ_setAttr_TokenType="\x67\x2A\x03\x02"
+OBJ_setAttr_IssCap="\x67\x2A\x03\x03"
+OBJ_set_rootKeyThumb="\x67\x2A\x03\x00\x00"
+OBJ_set_addPolicy="\x67\x2A\x03\x00\x01"
+OBJ_setAttr_Token_EMV="\x67\x2A\x03\x02\x01"
+OBJ_setAttr_Token_B0Prime="\x67\x2A\x03\x02\x02"
+OBJ_setAttr_IssCap_CVM="\x67\x2A\x03\x03\x03"
+OBJ_setAttr_IssCap_T2="\x67\x2A\x03\x03\x04"
+OBJ_setAttr_IssCap_Sig="\x67\x2A\x03\x03\x05"
+OBJ_setAttr_GenCryptgrm="\x67\x2A\x03\x03\x03\x01"
+OBJ_setAttr_T2Enc="\x67\x2A\x03\x03\x04\x01"
+OBJ_setAttr_T2cleartxt="\x67\x2A\x03\x03\x04\x02"
+OBJ_setAttr_TokICCsig="\x67\x2A\x03\x03\x05\x01"
+OBJ_setAttr_SecDevSig="\x67\x2A\x03\x03\x05\x02"
+OBJ_set_brand_IATA_ATA="\x67\x2A\x08\x01"
+OBJ_set_brand_Diners="\x67\x2A\x08\x1E"
+OBJ_set_brand_AmericanExpress="\x67\x2A\x08\x22"
+OBJ_set_brand_JCB="\x67\x2A\x08\x23"
+OBJ_set_brand_Visa="\x67\x2A\x08\x04"
+OBJ_set_brand_MasterCard="\x67\x2A\x08\x05"
+OBJ_set_brand_Novus="\x67\x2A\x08\xAE\x7B"
+OBJ_des_cdmf="\x2A\x86\x48\x86\xF7\x0D\x03\x0A"
+OBJ_rsaOAEPEncryptionSET="\x2A\x86\x48\x86\xF7\x0D\x01\x01\x06"
+OBJ_international_organizations="\x67"
+OBJ_ms_smartcard_login="\x2B\x06\x01\x04\x01\x82\x37\x14\x02\x02"
+OBJ_ms_upn="\x2B\x06\x01\x04\x01\x82\x37\x14\x02\x03"
+OBJ_streetAddress="\x55\x04\x09"
+OBJ_postalCode="\x55\x04\x11"
+OBJ_id_ppl="\x2B\x06\x01\x05\x05\x07\x15"
+OBJ_proxyCertInfo="\x2B\x06\x01\x05\x05\x07\x01\x0E"
+OBJ_id_ppl_anyLanguage="\x2B\x06\x01\x05\x05\x07\x15\x00"
+OBJ_id_ppl_inheritAll="\x2B\x06\x01\x05\x05\x07\x15\x01"
+OBJ_name_constraints="\x55\x1D\x1E"
+OBJ_Independent="\x2B\x06\x01\x05\x05\x07\x15\x02"
+OBJ_sha256WithRSAEncryption="\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B"
+OBJ_sha384WithRSAEncryption="\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0C"
+OBJ_sha512WithRSAEncryption="\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0D"
+OBJ_sha224WithRSAEncryption="\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0E"
+OBJ_sha256="\x60\x86\x48\x01\x65\x03\x04\x02\x01"
+OBJ_sha384="\x60\x86\x48\x01\x65\x03\x04\x02\x02"
+OBJ_sha512="\x60\x86\x48\x01\x65\x03\x04\x02\x03"
+OBJ_sha224="\x60\x86\x48\x01\x65\x03\x04\x02\x04"
+OBJ_identified_organization="\x2B"
+OBJ_certicom_arc="\x2B\x81\x04"
+OBJ_wap="\x67\x2B"
+OBJ_wap_wsg="\x67\x2B\x01"
+OBJ_X9_62_id_characteristic_two_basis="\x2A\x86\x48\xCE\x3D\x01\x02\x03"
+OBJ_X9_62_onBasis="\x2A\x86\x48\xCE\x3D\x01\x02\x03\x01"
+OBJ_X9_62_tpBasis="\x2A\x86\x48\xCE\x3D\x01\x02\x03\x02"
+OBJ_X9_62_ppBasis="\x2A\x86\x48\xCE\x3D\x01\x02\x03\x03"
+OBJ_X9_62_c2pnb163v1="\x2A\x86\x48\xCE\x3D\x03\x00\x01"
+OBJ_X9_62_c2pnb163v2="\x2A\x86\x48\xCE\x3D\x03\x00\x02"
+OBJ_X9_62_c2pnb163v3="\x2A\x86\x48\xCE\x3D\x03\x00\x03"
+OBJ_X9_62_c2pnb176v1="\x2A\x86\x48\xCE\x3D\x03\x00\x04"
+OBJ_X9_62_c2tnb191v1="\x2A\x86\x48\xCE\x3D\x03\x00\x05"
+OBJ_X9_62_c2tnb191v2="\x2A\x86\x48\xCE\x3D\x03\x00\x06"
+OBJ_X9_62_c2tnb191v3="\x2A\x86\x48\xCE\x3D\x03\x00\x07"
+OBJ_X9_62_c2onb191v4="\x2A\x86\x48\xCE\x3D\x03\x00\x08"
+OBJ_X9_62_c2onb191v5="\x2A\x86\x48\xCE\x3D\x03\x00\x09"
+OBJ_X9_62_c2pnb208w1="\x2A\x86\x48\xCE\x3D\x03\x00\x0A"
+OBJ_X9_62_c2tnb239v1="\x2A\x86\x48\xCE\x3D\x03\x00\x0B"
+OBJ_X9_62_c2tnb239v2="\x2A\x86\x48\xCE\x3D\x03\x00\x0C"
+OBJ_X9_62_c2tnb239v3="\x2A\x86\x48\xCE\x3D\x03\x00\x0D"
+OBJ_X9_62_c2onb239v4="\x2A\x86\x48\xCE\x3D\x03\x00\x0E"
+OBJ_X9_62_c2onb239v5="\x2A\x86\x48\xCE\x3D\x03\x00\x0F"
+OBJ_X9_62_c2pnb272w1="\x2A\x86\x48\xCE\x3D\x03\x00\x10"
+OBJ_X9_62_c2pnb304w1="\x2A\x86\x48\xCE\x3D\x03\x00\x11"
+OBJ_X9_62_c2tnb359v1="\x2A\x86\x48\xCE\x3D\x03\x00\x12"
+OBJ_X9_62_c2pnb368w1="\x2A\x86\x48\xCE\x3D\x03\x00\x13"
+OBJ_X9_62_c2tnb431r1="\x2A\x86\x48\xCE\x3D\x03\x00\x14"
+OBJ_secp112r1="\x2B\x81\x04\x00\x06"
+OBJ_secp112r2="\x2B\x81\x04\x00\x07"
+OBJ_secp128r1="\x2B\x81\x04\x00\x1C"
+OBJ_secp128r2="\x2B\x81\x04\x00\x1D"
+OBJ_secp160k1="\x2B\x81\x04\x00\x09"
+OBJ_secp160r1="\x2B\x81\x04\x00\x08"
+OBJ_secp160r2="\x2B\x81\x04\x00\x1E"
+OBJ_secp192k1="\x2B\x81\x04\x00\x1F"
+OBJ_secp224k1="\x2B\x81\x04\x00\x20"
+OBJ_secp224r1="\x2B\x81\x04\x00\x21"
+OBJ_secp256k1="\x2B\x81\x04\x00\x0A"
+OBJ_secp384r1="\x2B\x81\x04\x00\x22"
+OBJ_secp521r1="\x2B\x81\x04\x00\x23"
+OBJ_sect113r1="\x2B\x81\x04\x00\x04"
+OBJ_sect113r2="\x2B\x81\x04\x00\x05"
+OBJ_sect131r1="\x2B\x81\x04\x00\x16"
+OBJ_sect131r2="\x2B\x81\x04\x00\x17"
+OBJ_sect163k1="\x2B\x81\x04\x00\x01"
+OBJ_sect163r1="\x2B\x81\x04\x00\x02"
+OBJ_sect163r2="\x2B\x81\x04\x00\x0F"
+OBJ_sect193r1="\x2B\x81\x04\x00\x18"
+OBJ_sect193r2="\x2B\x81\x04\x00\x19"
+OBJ_sect233k1="\x2B\x81\x04\x00\x1A"
+OBJ_sect233r1="\x2B\x81\x04\x00\x1B"
+OBJ_sect239k1="\x2B\x81\x04\x00\x03"
+OBJ_sect283k1="\x2B\x81\x04\x00\x10"
+OBJ_sect283r1="\x2B\x81\x04\x00\x11"
+OBJ_sect409k1="\x2B\x81\x04\x00\x24"
+OBJ_sect409r1="\x2B\x81\x04\x00\x25"
+OBJ_sect571k1="\x2B\x81\x04\x00\x26"
+OBJ_sect571r1="\x2B\x81\x04\x00\x27"
+OBJ_wap_wsg_idm_ecid_wtls1="\x67\x2B\x01\x04\x01"
+OBJ_wap_wsg_idm_ecid_wtls3="\x67\x2B\x01\x04\x03"
+OBJ_wap_wsg_idm_ecid_wtls4="\x67\x2B\x01\x04\x04"
+OBJ_wap_wsg_idm_ecid_wtls5="\x67\x2B\x01\x04\x05"
+OBJ_wap_wsg_idm_ecid_wtls6="\x67\x2B\x01\x04\x06"
+OBJ_wap_wsg_idm_ecid_wtls7="\x67\x2B\x01\x04\x07"
+OBJ_wap_wsg_idm_ecid_wtls8="\x67\x2B\x01\x04\x08"
+OBJ_wap_wsg_idm_ecid_wtls9="\x67\x2B\x01\x04\x09"
+OBJ_wap_wsg_idm_ecid_wtls10="\x67\x2B\x01\x04\x0A"
+OBJ_wap_wsg_idm_ecid_wtls11="\x67\x2B\x01\x04\x0B"
+OBJ_wap_wsg_idm_ecid_wtls12="\x67\x2B\x01\x04\x0C"
+OBJ_any_policy="\x55\x1D\x20\x00"
+OBJ_policy_mappings="\x55\x1D\x21"
+OBJ_inhibit_any_policy="\x55\x1D\x36"
+OBJ_camellia_128_cbc="\x2A\x83\x08\x8C\x9A\x4B\x3D\x01\x01\x01\x02"
+OBJ_camellia_192_cbc="\x2A\x83\x08\x8C\x9A\x4B\x3D\x01\x01\x01\x03"
+OBJ_camellia_256_cbc="\x2A\x83\x08\x8C\x9A\x4B\x3D\x01\x01\x01\x04"
+OBJ_camellia_128_ecb="\x03\xA2\x31\x05\x03\x01\x09\x01"
+OBJ_camellia_192_ecb="\x03\xA2\x31\x05\x03\x01\x09\x15"
+OBJ_camellia_256_ecb="\x03\xA2\x31\x05\x03\x01\x09\x29"
+OBJ_camellia_128_cfb128="\x03\xA2\x31\x05\x03\x01\x09\x04"
+OBJ_camellia_192_cfb128="\x03\xA2\x31\x05\x03\x01\x09\x18"
+OBJ_camellia_256_cfb128="\x03\xA2\x31\x05\x03\x01\x09\x2C"
+OBJ_camellia_128_ofb128="\x03\xA2\x31\x05\x03\x01\x09\x03"
+OBJ_camellia_192_ofb128="\x03\xA2\x31\x05\x03\x01\x09\x17"
+OBJ_camellia_256_ofb128="\x03\xA2\x31\x05\x03\x01\x09\x2B"
+OBJ_subject_directory_attributes="\x55\x1D\x09"
+OBJ_issuing_distribution_point="\x55\x1D\x1C"
+OBJ_certificate_issuer="\x55\x1D\x1D"
+OBJ_kisa="\x2A\x83\x1A\x8C\x9A\x44"
+OBJ_seed_ecb="\x2A\x83\x1A\x8C\x9A\x44\x01\x03"
+OBJ_seed_cbc="\x2A\x83\x1A\x8C\x9A\x44\x01\x04"
+OBJ_seed_ofb128="\x2A\x83\x1A\x8C\x9A\x44\x01\x06"
+OBJ_seed_cfb128="\x2A\x83\x1A\x8C\x9A\x44\x01\x05"
+OBJ_hmac_md5="\x2B\x06\x01\x05\x05\x08\x01\x01"
+OBJ_hmac_sha1="\x2B\x06\x01\x05\x05\x08\x01\x02"
+OBJ_id_PasswordBasedMAC="\x2A\x86\x48\x86\xF6\x7D\x07\x42\x0D"
+OBJ_id_DHBasedMac="\x2A\x86\x48\x86\xF6\x7D\x07\x42\x1E"
+OBJ_id_it_suppLangTags="\x2B\x06\x01\x05\x05\x07\x04\x10"
+OBJ_caRepository="\x2B\x06\x01\x05\x05\x07\x30\x05"
+OBJ_id_smime_ct_compressedData="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x09"
+OBJ_id_ct_asciiTextWithCRLF="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x1B"
+OBJ_id_aes128_wrap="\x60\x86\x48\x01\x65\x03\x04\x01\x05"
+OBJ_id_aes192_wrap="\x60\x86\x48\x01\x65\x03\x04\x01\x19"
+OBJ_id_aes256_wrap="\x60\x86\x48\x01\x65\x03\x04\x01\x2D"
+OBJ_ecdsa_with_Recommended="\x2A\x86\x48\xCE\x3D\x04\x02"
+OBJ_ecdsa_with_Specified="\x2A\x86\x48\xCE\x3D\x04\x03"
+OBJ_ecdsa_with_SHA224="\x2A\x86\x48\xCE\x3D\x04\x03\x01"
+OBJ_ecdsa_with_SHA256="\x2A\x86\x48\xCE\x3D\x04\x03\x02"
+OBJ_ecdsa_with_SHA384="\x2A\x86\x48\xCE\x3D\x04\x03\x03"
+OBJ_ecdsa_with_SHA512="\x2A\x86\x48\xCE\x3D\x04\x03\x04"
+OBJ_hmacWithMD5="\x2A\x86\x48\x86\xF7\x0D\x02\x06"
+OBJ_hmacWithSHA224="\x2A\x86\x48\x86\xF7\x0D\x02\x08"
+OBJ_hmacWithSHA256="\x2A\x86\x48\x86\xF7\x0D\x02\x09"
+OBJ_hmacWithSHA384="\x2A\x86\x48\x86\xF7\x0D\x02\x0A"
+OBJ_hmacWithSHA512="\x2A\x86\x48\x86\xF7\x0D\x02\x0B"
+OBJ_dsa_with_SHA224="\x60\x86\x48\x01\x65\x03\x04\x03\x01"
+OBJ_dsa_with_SHA256="\x60\x86\x48\x01\x65\x03\x04\x03\x02"
+OBJ_whirlpool="\x28\xCF\x06\x03\x00\x37"
+OBJ_cryptopro="\x2A\x85\x03\x02\x02"
+OBJ_cryptocom="\x2A\x85\x03\x02\x09"
+OBJ_id_GostR3411_94_with_GostR3410_2001="\x2A\x85\x03\x02\x02\x03"
+OBJ_id_GostR3411_94_with_GostR3410_94="\x2A\x85\x03\x02\x02\x04"
+OBJ_id_GostR3411_94="\x2A\x85\x03\x02\x02\x09"
+OBJ_id_HMACGostR3411_94="\x2A\x85\x03\x02\x02\x0A"
+OBJ_id_GostR3410_2001="\x2A\x85\x03\x02\x02\x13"
+OBJ_id_GostR3410_94="\x2A\x85\x03\x02\x02\x14"
+OBJ_id_Gost28147_89="\x2A\x85\x03\x02\x02\x15"
+OBJ_id_Gost28147_89_MAC="\x2A\x85\x03\x02\x02\x16"
+OBJ_id_GostR3411_94_prf="\x2A\x85\x03\x02\x02\x17"
+OBJ_id_GostR3410_2001DH="\x2A\x85\x03\x02\x02\x62"
+OBJ_id_GostR3410_94DH="\x2A\x85\x03\x02\x02\x63"
+OBJ_id_Gost28147_89_CryptoPro_KeyMeshing="\x2A\x85\x03\x02\x02\x0E\x01"
+OBJ_id_Gost28147_89_None_KeyMeshing="\x2A\x85\x03\x02\x02\x0E\x00"
+OBJ_id_GostR3411_94_TestParamSet="\x2A\x85\x03\x02\x02\x1E\x00"
+OBJ_id_GostR3411_94_CryptoProParamSet="\x2A\x85\x03\x02\x02\x1E\x01"
+OBJ_id_Gost28147_89_TestParamSet="\x2A\x85\x03\x02\x02\x1F\x00"
+OBJ_id_Gost28147_89_CryptoPro_A_ParamSet="\x2A\x85\x03\x02\x02\x1F\x01"
+OBJ_id_Gost28147_89_CryptoPro_B_ParamSet="\x2A\x85\x03\x02\x02\x1F\x02"
+OBJ_id_Gost28147_89_CryptoPro_C_ParamSet="\x2A\x85\x03\x02\x02\x1F\x03"
+OBJ_id_Gost28147_89_CryptoPro_D_ParamSet="\x2A\x85\x03\x02\x02\x1F\x04"
+OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet="\x2A\x85\x03\x02\x02\x1F\x05"
+OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet="\x2A\x85\x03\x02\x02\x1F\x06"
+OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet="\x2A\x85\x03\x02\x02\x1F\x07"
+OBJ_id_GostR3410_94_TestParamSet="\x2A\x85\x03\x02\x02\x20\x00"
+OBJ_id_GostR3410_94_CryptoPro_A_ParamSet="\x2A\x85\x03\x02\x02\x20\x02"
+OBJ_id_GostR3410_94_CryptoPro_B_ParamSet="\x2A\x85\x03\x02\x02\x20\x03"
+OBJ_id_GostR3410_94_CryptoPro_C_ParamSet="\x2A\x85\x03\x02\x02\x20\x04"
+OBJ_id_GostR3410_94_CryptoPro_D_ParamSet="\x2A\x85\x03\x02\x02\x20\x05"
+OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet="\x2A\x85\x03\x02\x02\x21\x01"
+OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet="\x2A\x85\x03\x02\x02\x21\x02"
+OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet="\x2A\x85\x03\x02\x02\x21\x03"
+OBJ_id_GostR3410_2001_TestParamSet="\x2A\x85\x03\x02\x02\x23\x00"
+OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet="\x2A\x85\x03\x02\x02\x23\x01"
+OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet="\x2A\x85\x03\x02\x02\x23\x02"
+OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet="\x2A\x85\x03\x02\x02\x23\x03"
+OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet="\x2A\x85\x03\x02\x02\x24\x00"
+OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet="\x2A\x85\x03\x02\x02\x24\x01"
+OBJ_id_GostR3410_94_a="\x2A\x85\x03\x02\x02\x14\x01"
+OBJ_id_GostR3410_94_aBis="\x2A\x85\x03\x02\x02\x14\x02"
+OBJ_id_GostR3410_94_b="\x2A\x85\x03\x02\x02\x14\x03"
+OBJ_id_GostR3410_94_bBis="\x2A\x85\x03\x02\x02\x14\x04"
+OBJ_id_Gost28147_89_cc="\x2A\x85\x03\x02\x09\x01\x06\x01"
+OBJ_id_GostR3410_94_cc="\x2A\x85\x03\x02\x09\x01\x05\x03"
+OBJ_id_GostR3410_2001_cc="\x2A\x85\x03\x02\x09\x01\x05\x04"
+OBJ_id_GostR3411_94_with_GostR3410_94_cc="\x2A\x85\x03\x02\x09\x01\x03\x03"
+OBJ_id_GostR3411_94_with_GostR3410_2001_cc="\x2A\x85\x03\x02\x09\x01\x03\x04"
+OBJ_id_GostR3410_2001_ParamSet_cc="\x2A\x85\x03\x02\x09\x01\x08\x01"
+OBJ_LocalKeySet="\x2B\x06\x01\x04\x01\x82\x37\x11\x02"
+OBJ_freshest_crl="\x55\x1D\x2E"
+OBJ_id_on_permanentIdentifier="\x2B\x06\x01\x05\x05\x07\x08\x03"
+OBJ_searchGuide="\x55\x04\x0E"
+OBJ_businessCategory="\x55\x04\x0F"
+OBJ_postalAddress="\x55\x04\x10"
+OBJ_postOfficeBox="\x55\x04\x12"
+OBJ_physicalDeliveryOfficeName="\x55\x04\x13"
+OBJ_telephoneNumber="\x55\x04\x14"
+OBJ_telexNumber="\x55\x04\x15"
+OBJ_teletexTerminalIdentifier="\x55\x04\x16"
+OBJ_facsimileTelephoneNumber="\x55\x04\x17"
+OBJ_x121Address="\x55\x04\x18"
+OBJ_internationaliSDNNumber="\x55\x04\x19"
+OBJ_registeredAddress="\x55\x04\x1A"
+OBJ_destinationIndicator="\x55\x04\x1B"
+OBJ_preferredDeliveryMethod="\x55\x04\x1C"
+OBJ_presentationAddress="\x55\x04\x1D"
+OBJ_supportedApplicationContext="\x55\x04\x1E"
+OBJ_member="\x55\x04\x1F"
+OBJ_owner="\x55\x04\x20"
+OBJ_roleOccupant="\x55\x04\x21"
+OBJ_seeAlso="\x55\x04\x22"
+OBJ_userPassword="\x55\x04\x23"
+OBJ_userCertificate="\x55\x04\x24"
+OBJ_cACertificate="\x55\x04\x25"
+OBJ_authorityRevocationList="\x55\x04\x26"
+OBJ_certificateRevocationList="\x55\x04\x27"
+OBJ_crossCertificatePair="\x55\x04\x28"
+OBJ_enhancedSearchGuide="\x55\x04\x2F"
+OBJ_protocolInformation="\x55\x04\x30"
+OBJ_distinguishedName="\x55\x04\x31"
+OBJ_uniqueMember="\x55\x04\x32"
+OBJ_houseIdentifier="\x55\x04\x33"
+OBJ_supportedAlgorithms="\x55\x04\x34"
+OBJ_deltaRevocationList="\x55\x04\x35"
+OBJ_dmdName="\x55\x04\x36"
+OBJ_id_alg_PWRI_KEK="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x03\x09"
+OBJ_aes_128_gcm="\x60\x86\x48\x01\x65\x03\x04\x01\x06"
+OBJ_aes_128_ccm="\x60\x86\x48\x01\x65\x03\x04\x01\x07"
+OBJ_id_aes128_wrap_pad="\x60\x86\x48\x01\x65\x03\x04\x01\x08"
+OBJ_aes_192_gcm="\x60\x86\x48\x01\x65\x03\x04\x01\x1A"
+OBJ_aes_192_ccm="\x60\x86\x48\x01\x65\x03\x04\x01\x1B"
+OBJ_id_aes192_wrap_pad="\x60\x86\x48\x01\x65\x03\x04\x01\x1C"
+OBJ_aes_256_gcm="\x60\x86\x48\x01\x65\x03\x04\x01\x2E"
+OBJ_aes_256_ccm="\x60\x86\x48\x01\x65\x03\x04\x01\x2F"
+OBJ_id_aes256_wrap_pad="\x60\x86\x48\x01\x65\x03\x04\x01\x30"
+OBJ_id_camellia128_wrap="\x2A\x83\x08\x8C\x9A\x4B\x3D\x01\x01\x03\x02"
+OBJ_id_camellia192_wrap="\x2A\x83\x08\x8C\x9A\x4B\x3D\x01\x01\x03\x03"
+OBJ_id_camellia256_wrap="\x2A\x83\x08\x8C\x9A\x4B\x3D\x01\x01\x03\x04"
+OBJ_anyExtendedKeyUsage="\x55\x1D\x25\x00"
+OBJ_mgf1="\x2A\x86\x48\x86\xF7\x0D\x01\x01\x08"
+OBJ_rsassaPss="\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0A"
+OBJ_aes_128_xts="\x2B\x6F\x02\x8C\x53\x00\x01\x01"
+OBJ_aes_256_xts="\x2B\x6F\x02\x8C\x53\x00\x01\x02"
+OBJ_rsaesOaep="\x2A\x86\x48\x86\xF7\x0D\x01\x01\x07"
+OBJ_dhpublicnumber="\x2A\x86\x48\xCE\x3E\x02\x01"
+OBJ_brainpoolP160r1="\x2B\x24\x03\x03\x02\x08\x01\x01\x01"
+OBJ_brainpoolP160t1="\x2B\x24\x03\x03\x02\x08\x01\x01\x02"
+OBJ_brainpoolP192r1="\x2B\x24\x03\x03\x02\x08\x01\x01\x03"
+OBJ_brainpoolP192t1="\x2B\x24\x03\x03\x02\x08\x01\x01\x04"
+OBJ_brainpoolP224r1="\x2B\x24\x03\x03\x02\x08\x01\x01\x05"
+OBJ_brainpoolP224t1="\x2B\x24\x03\x03\x02\x08\x01\x01\x06"
+OBJ_brainpoolP256r1="\x2B\x24\x03\x03\x02\x08\x01\x01\x07"
+OBJ_brainpoolP256t1="\x2B\x24\x03\x03\x02\x08\x01\x01\x08"
+OBJ_brainpoolP320r1="\x2B\x24\x03\x03\x02\x08\x01\x01\x09"
+OBJ_brainpoolP320t1="\x2B\x24\x03\x03\x02\x08\x01\x01\x0A"
+OBJ_brainpoolP384r1="\x2B\x24\x03\x03\x02\x08\x01\x01\x0B"
+OBJ_brainpoolP384t1="\x2B\x24\x03\x03\x02\x08\x01\x01\x0C"
+OBJ_brainpoolP512r1="\x2B\x24\x03\x03\x02\x08\x01\x01\x0D"
+OBJ_brainpoolP512t1="\x2B\x24\x03\x03\x02\x08\x01\x01\x0E"
+OBJ_pSpecified="\x2A\x86\x48\x86\xF7\x0D\x01\x01\x09"
+OBJ_dhSinglePass_stdDH_sha1kdf_scheme="\x2B\x81\x05\x10\x86\x48\x3F\x00\x02"
+OBJ_dhSinglePass_stdDH_sha224kdf_scheme="\x2B\x81\x04\x01\x0B\x00"
+OBJ_dhSinglePass_stdDH_sha256kdf_scheme="\x2B\x81\x04\x01\x0B\x01"
+OBJ_dhSinglePass_stdDH_sha384kdf_scheme="\x2B\x81\x04\x01\x0B\x02"
+OBJ_dhSinglePass_stdDH_sha512kdf_scheme="\x2B\x81\x04\x01\x0B\x03"
+OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme="\x2B\x81\x05\x10\x86\x48\x3F\x00\x03"
+OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme="\x2B\x81\x04\x01\x0E\x00"
+OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme="\x2B\x81\x04\x01\x0E\x01"
+OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme="\x2B\x81\x04\x01\x0E\x02"
+OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme="\x2B\x81\x04\x01\x0E\x03"
+OBJ_ct_precert_scts="\x2B\x06\x01\x04\x01\xD6\x79\x02\x04\x02"
+OBJ_ct_precert_poison="\x2B\x06\x01\x04\x01\xD6\x79\x02\x04\x03"
+OBJ_ct_precert_signer="\x2B\x06\x01\x04\x01\xD6\x79\x02\x04\x04"
+OBJ_ct_cert_scts="\x2B\x06\x01\x04\x01\xD6\x79\x02\x04\x05"
+OBJ_jurisdictionLocalityName="\x2B\x06\x01\x04\x01\x82\x37\x3C\x02\x01\x01"
+OBJ_jurisdictionStateOrProvinceName="\x2B\x06\x01\x04\x01\x82\x37\x3C\x02\x01\x02"
+OBJ_jurisdictionCountryName="\x2B\x06\x01\x04\x01\x82\x37\x3C\x02\x01\x03"
+OBJ_camellia_128_gcm="\x03\xA2\x31\x05\x03\x01\x09\x06"
+OBJ_camellia_128_ccm="\x03\xA2\x31\x05\x03\x01\x09\x07"
+OBJ_camellia_128_ctr="\x03\xA2\x31\x05\x03\x01\x09\x09"
+OBJ_camellia_128_cmac="\x03\xA2\x31\x05\x03\x01\x09\x0A"
+OBJ_camellia_192_gcm="\x03\xA2\x31\x05\x03\x01\x09\x1A"
+OBJ_camellia_192_ccm="\x03\xA2\x31\x05\x03\x01\x09\x1B"
+OBJ_camellia_192_ctr="\x03\xA2\x31\x05\x03\x01\x09\x1D"
+OBJ_camellia_192_cmac="\x03\xA2\x31\x05\x03\x01\x09\x1E"
+OBJ_camellia_256_gcm="\x03\xA2\x31\x05\x03\x01\x09\x2E"
+OBJ_camellia_256_ccm="\x03\xA2\x31\x05\x03\x01\x09\x2F"
+OBJ_camellia_256_ctr="\x03\xA2\x31\x05\x03\x01\x09\x31"
+OBJ_camellia_256_cmac="\x03\xA2\x31\x05\x03\x01\x09\x32"
+OBJ_id_scrypt="\x2B\x06\x01\x04\x01\xDA\x47\x04\x0B"
+OBJ_id_tc26="\x2A\x85\x03\x07\x01"
+OBJ_id_tc26_algorithms="\x2A\x85\x03\x07\x01\x01"
+OBJ_id_tc26_sign="\x2A\x85\x03\x07\x01\x01\x01"
+OBJ_id_GostR3410_2012_256="\x2A\x85\x03\x07\x01\x01\x01\x01"
+OBJ_id_GostR3410_2012_512="\x2A\x85\x03\x07\x01\x01\x01\x02"
+OBJ_id_tc26_digest="\x2A\x85\x03\x07\x01\x01\x02"
+OBJ_id_GostR3411_2012_256="\x2A\x85\x03\x07\x01\x01\x02\x02"
+OBJ_id_GostR3411_2012_512="\x2A\x85\x03\x07\x01\x01\x02\x03"
+OBJ_id_tc26_signwithdigest="\x2A\x85\x03\x07\x01\x01\x03"
+OBJ_id_tc26_signwithdigest_gost3410_2012_256="\x2A\x85\x03\x07\x01\x01\x03\x02"
+OBJ_id_tc26_signwithdigest_gost3410_2012_512="\x2A\x85\x03\x07\x01\x01\x03\x03"
+OBJ_id_tc26_mac="\x2A\x85\x03\x07\x01\x01\x04"
+OBJ_id_tc26_hmac_gost_3411_2012_256="\x2A\x85\x03\x07\x01\x01\x04\x01"
+OBJ_id_tc26_hmac_gost_3411_2012_512="\x2A\x85\x03\x07\x01\x01\x04\x02"
+OBJ_id_tc26_cipher="\x2A\x85\x03\x07\x01\x01\x05"
+OBJ_id_tc26_agreement="\x2A\x85\x03\x07\x01\x01\x06"
+OBJ_id_tc26_agreement_gost_3410_2012_256="\x2A\x85\x03\x07\x01\x01\x06\x01"
+OBJ_id_tc26_agreement_gost_3410_2012_512="\x2A\x85\x03\x07\x01\x01\x06\x02"
+OBJ_id_tc26_constants="\x2A\x85\x03\x07\x01\x02"
+OBJ_id_tc26_sign_constants="\x2A\x85\x03\x07\x01\x02\x01"
+OBJ_id_tc26_gost_3410_2012_512_constants="\x2A\x85\x03\x07\x01\x02\x01\x02"
+OBJ_id_tc26_gost_3410_2012_512_paramSetTest="\x2A\x85\x03\x07\x01\x02\x01\x02\x00"
+OBJ_id_tc26_gost_3410_2012_512_paramSetA="\x2A\x85\x03\x07\x01\x02\x01\x02\x01"
+OBJ_id_tc26_gost_3410_2012_512_paramSetB="\x2A\x85\x03\x07\x01\x02\x01\x02\x02"
+OBJ_id_tc26_digest_constants="\x2A\x85\x03\x07\x01\x02\x02"
+OBJ_id_tc26_cipher_constants="\x2A\x85\x03\x07\x01\x02\x05"
+OBJ_id_tc26_gost_28147_constants="\x2A\x85\x03\x07\x01\x02\x05\x01"
+OBJ_id_tc26_gost_28147_param_Z="\x2A\x85\x03\x07\x01\x02\x05\x01\x01"
+OBJ_INN="\x2A\x85\x03\x03\x81\x03\x01\x01"
+OBJ_OGRN="\x2A\x85\x03\x64\x01"
+OBJ_SNILS="\x2A\x85\x03\x64\x03"
+OBJ_subjectSignTool="\x2A\x85\x03\x64\x6F"
+OBJ_issuerSignTool="\x2A\x85\x03\x64\x70"
+OBJ_tlsfeature="\x2B\x06\x01\x05\x05\x07\x01\x18"
+OBJ_ipsec_IKE="\x2B\x06\x01\x05\x05\x07\x03\x11"
+OBJ_capwapAC="\x2B\x06\x01\x05\x05\x07\x03\x12"
+OBJ_capwapWTP="\x2B\x06\x01\x05\x05\x07\x03\x13"
+OBJ_sshClient="\x2B\x06\x01\x05\x05\x07\x03\x15"
+OBJ_sshServer="\x2B\x06\x01\x05\x05\x07\x03\x16"
+OBJ_sendRouter="\x2B\x06\x01\x05\x05\x07\x03\x17"
+OBJ_sendProxiedRouter="\x2B\x06\x01\x05\x05\x07\x03\x18"
+OBJ_sendOwner="\x2B\x06\x01\x05\x05\x07\x03\x19"
+OBJ_sendProxiedOwner="\x2B\x06\x01\x05\x05\x07\x03\x1A"
+OBJ_id_pkinit="\x2B\x06\x01\x05\x02\x03"
+OBJ_pkInitClientAuth="\x2B\x06\x01\x05\x02\x03\x04"
+OBJ_pkInitKDC="\x2B\x06\x01\x05\x02\x03\x05"
+OBJ_X25519="\x2B\x65\x6E"
+OBJ_X448="\x2B\x65\x6F"
+OBJ_blake2b512="\x2B\x06\x01\x04\x01\x8D\x3A\x0C\x02\x01\x10"
+OBJ_blake2s256="\x2B\x06\x01\x04\x01\x8D\x3A\x0C\x02\x02\x08"
+OBJ_id_smime_ct_contentCollection="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x13"
+OBJ_id_smime_ct_authEnvelopedData="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x17"
+OBJ_id_ct_xml="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x1C"
+OBJ_aria_128_ecb="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x01"
+OBJ_aria_128_cbc="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x02"
+OBJ_aria_128_cfb128="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x03"
+OBJ_aria_128_ofb128="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x04"
+OBJ_aria_128_ctr="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x05"
+OBJ_aria_192_ecb="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x06"
+OBJ_aria_192_cbc="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x07"
+OBJ_aria_192_cfb128="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x08"
+OBJ_aria_192_ofb128="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x09"
+OBJ_aria_192_ctr="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x0A"
+OBJ_aria_256_ecb="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x0B"
+OBJ_aria_256_cbc="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x0C"
+OBJ_aria_256_cfb128="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x0D"
+OBJ_aria_256_ofb128="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x0E"
+OBJ_aria_256_ctr="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x0F"
+OBJ_id_smime_aa_signingCertificateV2="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x2F"
+OBJ_ED25519="\x2B\x65\x70"
+OBJ_ED448="\x2B\x65\x71"
+OBJ_organizationIdentifier="\x55\x04\x61"
+OBJ_countryCode3c="\x55\x04\x62"
+OBJ_countryCode3n="\x55\x04\x63"
+OBJ_dnsName="\x55\x04\x64"
+OBJ_x509ExtAdmission="\x2B\x24\x08\x03\x03"
+OBJ_sha512_224="\x60\x86\x48\x01\x65\x03\x04\x02\x05"
+OBJ_sha512_256="\x60\x86\x48\x01\x65\x03\x04\x02\x06"
+OBJ_sha3_224="\x60\x86\x48\x01\x65\x03\x04\x02\x07"
+OBJ_sha3_256="\x60\x86\x48\x01\x65\x03\x04\x02\x08"
+OBJ_sha3_384="\x60\x86\x48\x01\x65\x03\x04\x02\x09"
+OBJ_sha3_512="\x60\x86\x48\x01\x65\x03\x04\x02\x0A"
+OBJ_shake128="\x60\x86\x48\x01\x65\x03\x04\x02\x0B"
+OBJ_shake256="\x60\x86\x48\x01\x65\x03\x04\x02\x0C"
+OBJ_hmac_sha3_224="\x60\x86\x48\x01\x65\x03\x04\x02\x0D"
+OBJ_hmac_sha3_256="\x60\x86\x48\x01\x65\x03\x04\x02\x0E"
+OBJ_hmac_sha3_384="\x60\x86\x48\x01\x65\x03\x04\x02\x0F"
+OBJ_hmac_sha3_512="\x60\x86\x48\x01\x65\x03\x04\x02\x10"
+OBJ_dsa_with_SHA384="\x60\x86\x48\x01\x65\x03\x04\x03\x03"
+OBJ_dsa_with_SHA512="\x60\x86\x48\x01\x65\x03\x04\x03\x04"
+OBJ_dsa_with_SHA3_224="\x60\x86\x48\x01\x65\x03\x04\x03\x05"
+OBJ_dsa_with_SHA3_256="\x60\x86\x48\x01\x65\x03\x04\x03\x06"
+OBJ_dsa_with_SHA3_384="\x60\x86\x48\x01\x65\x03\x04\x03\x07"
+OBJ_dsa_with_SHA3_512="\x60\x86\x48\x01\x65\x03\x04\x03\x08"
+OBJ_ecdsa_with_SHA3_224="\x60\x86\x48\x01\x65\x03\x04\x03\x09"
+OBJ_ecdsa_with_SHA3_256="\x60\x86\x48\x01\x65\x03\x04\x03\x0A"
+OBJ_ecdsa_with_SHA3_384="\x60\x86\x48\x01\x65\x03\x04\x03\x0B"
+OBJ_ecdsa_with_SHA3_512="\x60\x86\x48\x01\x65\x03\x04\x03\x0C"
+OBJ_RSA_SHA3_224="\x60\x86\x48\x01\x65\x03\x04\x03\x0D"
+OBJ_RSA_SHA3_256="\x60\x86\x48\x01\x65\x03\x04\x03\x0E"
+OBJ_RSA_SHA3_384="\x60\x86\x48\x01\x65\x03\x04\x03\x0F"
+OBJ_RSA_SHA3_512="\x60\x86\x48\x01\x65\x03\x04\x03\x10"
+OBJ_aria_128_ccm="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x25"
+OBJ_aria_192_ccm="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x26"
+OBJ_aria_256_ccm="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x27"
+OBJ_aria_128_gcm="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x22"
+OBJ_aria_192_gcm="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x23"
+OBJ_aria_256_gcm="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x24"
+OBJ_cmcCA="\x2B\x06\x01\x05\x05\x07\x03\x1B"
+OBJ_cmcRA="\x2B\x06\x01\x05\x05\x07\x03\x1C"
+OBJ_sm4_ecb="\x2A\x81\x1C\xCF\x55\x01\x68\x01"
+OBJ_sm4_cbc="\x2A\x81\x1C\xCF\x55\x01\x68\x02"
+OBJ_sm4_ofb128="\x2A\x81\x1C\xCF\x55\x01\x68\x03"
+OBJ_sm4_cfb1="\x2A\x81\x1C\xCF\x55\x01\x68\x05"
+OBJ_sm4_cfb128="\x2A\x81\x1C\xCF\x55\x01\x68\x04"
+OBJ_sm4_cfb8="\x2A\x81\x1C\xCF\x55\x01\x68\x06"
+OBJ_sm4_ctr="\x2A\x81\x1C\xCF\x55\x01\x68\x07"
+OBJ_ISO_CN="\x2A\x81\x1C"
+OBJ_oscca="\x2A\x81\x1C\xCF\x55"
+OBJ_sm_scheme="\x2A\x81\x1C\xCF\x55\x01"
+OBJ_sm3="\x2A\x81\x1C\xCF\x55\x01\x83\x11"
+OBJ_sm3WithRSAEncryption="\x2A\x81\x1C\xCF\x55\x01\x83\x78"
+OBJ_sha512_224WithRSAEncryption="\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0F"
+OBJ_sha512_256WithRSAEncryption="\x2A\x86\x48\x86\xF7\x0D\x01\x01\x10"
+OBJ_id_tc26_gost_3410_2012_256_constants="\x2A\x85\x03\x07\x01\x02\x01\x01"
+OBJ_id_tc26_gost_3410_2012_256_paramSetA="\x2A\x85\x03\x07\x01\x02\x01\x01\x01"
+OBJ_id_tc26_gost_3410_2012_512_paramSetC="\x2A\x85\x03\x07\x01\x02\x01\x02\x03"
+OBJ_ISO_UA="\x2A\x86\x24"
+OBJ_ua_pki="\x2A\x86\x24\x02\x01\x01\x01"
+OBJ_dstu28147="\x2A\x86\x24\x02\x01\x01\x01\x01\x01\x01"
+OBJ_dstu28147_ofb="\x2A\x86\x24\x02\x01\x01\x01\x01\x01\x01\x02"
+OBJ_dstu28147_cfb="\x2A\x86\x24\x02\x01\x01\x01\x01\x01\x01\x03"
+OBJ_dstu28147_wrap="\x2A\x86\x24\x02\x01\x01\x01\x01\x01\x01\x05"
+OBJ_hmacWithDstu34311="\x2A\x86\x24\x02\x01\x01\x01\x01\x01\x02"
+OBJ_dstu34311="\x2A\x86\x24\x02\x01\x01\x01\x01\x02\x01"
+OBJ_dstu4145le="\x2A\x86\x24\x02\x01\x01\x01\x01\x03\x01\x01"
+OBJ_dstu4145be="\x2A\x86\x24\x02\x01\x01\x01\x01\x03\x01\x01\x01\x01"
+OBJ_uacurve0="\x2A\x86\x24\x02\x01\x01\x01\x01\x03\x01\x01\x02\x00"
+OBJ_uacurve1="\x2A\x86\x24\x02\x01\x01\x01\x01\x03\x01\x01\x02\x01"
+OBJ_uacurve2="\x2A\x86\x24\x02\x01\x01\x01\x01\x03\x01\x01\x02\x02"
+OBJ_uacurve3="\x2A\x86\x24\x02\x01\x01\x01\x01\x03\x01\x01\x02\x03"
+OBJ_uacurve4="\x2A\x86\x24\x02\x01\x01\x01\x01\x03\x01\x01\x02\x04"
+OBJ_uacurve5="\x2A\x86\x24\x02\x01\x01\x01\x01\x03\x01\x01\x02\x05"
+OBJ_uacurve6="\x2A\x86\x24\x02\x01\x01\x01\x01\x03\x01\x01\x02\x06"
+OBJ_uacurve7="\x2A\x86\x24\x02\x01\x01\x01\x01\x03\x01\x01\x02\x07"
+OBJ_uacurve8="\x2A\x86\x24\x02\x01\x01\x01\x01\x03\x01\x01\x02\x08"
+OBJ_uacurve9="\x2A\x86\x24\x02\x01\x01\x01\x01\x03\x01\x01\x02\x09"
+OBJ_ieee="\x2B\x6F"
+OBJ_ieee_siswg="\x2B\x6F\x02\x8C\x53"
+OBJ_sm2="\x2A\x81\x1C\xCF\x55\x01\x82\x2D"
+OBJ_id_tc26_cipher_gostr3412_2015_magma="\x2A\x85\x03\x07\x01\x01\x05\x01"
+OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm="\x2A\x85\x03\x07\x01\x01\x05\x01\x01"
+OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac="\x2A\x85\x03\x07\x01\x01\x05\x01\x02"
+OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik="\x2A\x85\x03\x07\x01\x01\x05\x02"
+OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm="\x2A\x85\x03\x07\x01\x01\x05\x02\x01"
+OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac="\x2A\x85\x03\x07\x01\x01\x05\x02\x02"
+OBJ_id_tc26_wrap="\x2A\x85\x03\x07\x01\x01\x07"
+OBJ_id_tc26_wrap_gostr3412_2015_magma="\x2A\x85\x03\x07\x01\x01\x07\x01"
+OBJ_id_tc26_wrap_gostr3412_2015_magma_kexp15="\x2A\x85\x03\x07\x01\x01\x07\x01\x01"
+OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik="\x2A\x85\x03\x07\x01\x01\x07\x02"
+OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15="\x2A\x85\x03\x07\x01\x01\x07\x01\x01"
+OBJ_id_tc26_gost_3410_2012_256_paramSetB="\x2A\x85\x03\x07\x01\x02\x01\x01\x02"
+OBJ_id_tc26_gost_3410_2012_256_paramSetC="\x2A\x85\x03\x07\x01\x02\x01\x01\x03"
+OBJ_id_tc26_gost_3410_2012_256_paramSetD="\x2A\x85\x03\x07\x01\x02\x01\x01\x04"
+OBJ_hmacWithSHA512_224="\x2A\x86\x48\x86\xF7\x0D\x02\x0C"
+OBJ_hmacWithSHA512_256="\x2A\x86\x48\x86\xF7\x0D\x02\x0D"
diff --git a/trunk/3rdparty/openssl-1.1-fit/fuzz/rand.inc b/trunk/3rdparty/openssl-1.1-fit/fuzz/rand.inc
new file mode 100644
index 000000000..f8b3277b9
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/fuzz/rand.inc
@@ -0,0 +1,40 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+#include <openssl/rand.h>
+
+static int fuzz_bytes(unsigned char *buf, int num)
+{
+    unsigned char val = 1;
+
+    while (--num >= 0)
+        *buf++ = val++;
+    return 1;
+}
+
+static int fuzz_status(void)
+{
+    return 1;
+}
+
+static RAND_METHOD fuzz_rand_method = {
+    NULL,
+    fuzz_bytes,
+    NULL,
+    NULL,
+    fuzz_bytes,
+    fuzz_status
+};
+
+void FuzzerSetRand(void)
+{
+    RAND_set_rand_method(&fuzz_rand_method);
+}
+
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/fuzz/server.c b/trunk/3rdparty/openssl-1.1-fit/fuzz/server.c
new file mode 100644
index 000000000..2d392ac88
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/fuzz/server.c
@@ -0,0 +1,650 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+/* Shamelessly copied from BoringSSL and converted to C. */
+
+/* Test first part of SSL server handshake. */
+
+#include <time.h>
+#include <openssl/rand.h>
+#include <openssl/ssl.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/ec.h>
+#include <openssl/dh.h>
+#include <openssl/err.h>
+#include "fuzzer.h"
+
+#include "rand.inc"
+
+static const uint8_t kCertificateDER[] = {
+    0x30, 0x82, 0x02, 0xff, 0x30, 0x82, 0x01, 0xe7, 0xa0, 0x03, 0x02, 0x01,
+    0x02, 0x02, 0x11, 0x00, 0xb1, 0x84, 0xee, 0x34, 0x99, 0x98, 0x76, 0xfb,
+    0x6f, 0xb2, 0x15, 0xc8, 0x47, 0x79, 0x05, 0x9b, 0x30, 0x0d, 0x06, 0x09,
+    0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30,
+    0x12, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x07,
+    0x41, 0x63, 0x6d, 0x65, 0x20, 0x43, 0x6f, 0x30, 0x1e, 0x17, 0x0d, 0x31,
+    0x35, 0x31, 0x31, 0x30, 0x37, 0x30, 0x30, 0x32, 0x34, 0x35, 0x36, 0x5a,
+    0x17, 0x0d, 0x31, 0x36, 0x31, 0x31, 0x30, 0x36, 0x30, 0x30, 0x32, 0x34,
+    0x35, 0x36, 0x5a, 0x30, 0x12, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55,
+    0x04, 0x0a, 0x13, 0x07, 0x41, 0x63, 0x6d, 0x65, 0x20, 0x43, 0x6f, 0x30,
+    0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
+    0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30,
+    0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xce, 0x47, 0xcb, 0x11,
+    0xbb, 0xd2, 0x9d, 0x8e, 0x9e, 0xd2, 0x1e, 0x14, 0xaf, 0xc7, 0xea, 0xb6,
+    0xc9, 0x38, 0x2a, 0x6f, 0xb3, 0x7e, 0xfb, 0xbc, 0xfc, 0x59, 0x42, 0xb9,
+    0x56, 0xf0, 0x4c, 0x3f, 0xf7, 0x31, 0x84, 0xbe, 0xac, 0x03, 0x9e, 0x71,
+    0x91, 0x85, 0xd8, 0x32, 0xbd, 0x00, 0xea, 0xac, 0x65, 0xf6, 0x03, 0xc8,
+    0x0f, 0x8b, 0xfd, 0x6e, 0x58, 0x88, 0x04, 0x41, 0x92, 0x74, 0xa6, 0x57,
+    0x2e, 0x8e, 0x88, 0xd5, 0x3d, 0xda, 0x14, 0x3e, 0x63, 0x88, 0x22, 0xe3,
+    0x53, 0xe9, 0xba, 0x39, 0x09, 0xac, 0xfb, 0xd0, 0x4c, 0xf2, 0x3c, 0x20,
+    0xd6, 0x97, 0xe6, 0xed, 0xf1, 0x62, 0x1e, 0xe5, 0xc9, 0x48, 0xa0, 0xca,
+    0x2e, 0x3c, 0x14, 0x5a, 0x82, 0xd4, 0xed, 0xb1, 0xe3, 0x43, 0xc1, 0x2a,
+    0x59, 0xa5, 0xb9, 0xc8, 0x48, 0xa7, 0x39, 0x23, 0x74, 0xa7, 0x37, 0xb0,
+    0x6f, 0xc3, 0x64, 0x99, 0x6c, 0xa2, 0x82, 0xc8, 0xf6, 0xdb, 0x86, 0x40,
+    0xce, 0xd1, 0x85, 0x9f, 0xce, 0x69, 0xf4, 0x15, 0x2a, 0x23, 0xca, 0xea,
+    0xb7, 0x7b, 0xdf, 0xfb, 0x43, 0x5f, 0xff, 0x7a, 0x49, 0x49, 0x0e, 0xe7,
+    0x02, 0x51, 0x45, 0x13, 0xe8, 0x90, 0x64, 0x21, 0x0c, 0x26, 0x2b, 0x5d,
+    0xfc, 0xe4, 0xb5, 0x86, 0x89, 0x43, 0x22, 0x4c, 0xf3, 0x3b, 0xf3, 0x09,
+    0xc4, 0xa4, 0x10, 0x80, 0xf2, 0x46, 0xe2, 0x46, 0x8f, 0x76, 0x50, 0xbf,
+    0xaf, 0x2b, 0x90, 0x1b, 0x78, 0xc7, 0xcf, 0xc1, 0x77, 0xd0, 0xfb, 0xa9,
+    0xfb, 0xc9, 0x66, 0x5a, 0xc5, 0x9b, 0x31, 0x41, 0x67, 0x01, 0xbe, 0x33,
+    0x10, 0xba, 0x05, 0x58, 0xed, 0x76, 0x53, 0xde, 0x5d, 0xc1, 0xe8, 0xbb,
+    0x9f, 0xf1, 0xcd, 0xfb, 0xdf, 0x64, 0x7f, 0xd7, 0x18, 0xab, 0x0f, 0x94,
+    0x28, 0x95, 0x4a, 0xcc, 0x6a, 0xa9, 0x50, 0xc7, 0x05, 0x47, 0x10, 0x41,
+    0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x50, 0x30, 0x4e, 0x30, 0x0e, 0x06,
+    0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x05,
+    0xa0, 0x30, 0x13, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x0c, 0x30, 0x0a,
+    0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x30, 0x0c,
+    0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00,
+    0x30, 0x19, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x12, 0x30, 0x10, 0x82,
+    0x0e, 0x66, 0x75, 0x7a, 0x7a, 0x2e, 0x62, 0x6f, 0x72, 0x69, 0x6e, 0x67,
+    0x73, 0x73, 0x6c, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
+    0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x92,
+    0xde, 0xef, 0x96, 0x06, 0x7b, 0xff, 0x71, 0x7d, 0x4e, 0xa0, 0x7d, 0xae,
+    0xb8, 0x22, 0xb4, 0x2c, 0xf7, 0x96, 0x9c, 0x37, 0x1d, 0x8f, 0xe7, 0xd9,
+    0x47, 0xff, 0x3f, 0xe9, 0x35, 0x95, 0x0e, 0xdd, 0xdc, 0x7f, 0xc8, 0x8a,
+    0x1e, 0x36, 0x1d, 0x38, 0x47, 0xfc, 0x76, 0xd2, 0x1f, 0x98, 0xa1, 0x36,
+    0xac, 0xc8, 0x70, 0x38, 0x0a, 0x3d, 0x51, 0x8d, 0x0f, 0x03, 0x1b, 0xef,
+    0x62, 0xa1, 0xcb, 0x2b, 0x4a, 0x8c, 0x12, 0x2b, 0x54, 0x50, 0x9a, 0x6b,
+    0xfe, 0xaf, 0xd9, 0xf6, 0xbf, 0x58, 0x11, 0x58, 0x5e, 0xe5, 0x86, 0x1e,
+    0x3b, 0x6b, 0x30, 0x7e, 0x72, 0x89, 0xe8, 0x6b, 0x7b, 0xb7, 0xaf, 0xef,
+    0x8b, 0xa9, 0x3e, 0xb0, 0xcd, 0x0b, 0xef, 0xb0, 0x0c, 0x96, 0x2b, 0xc5,
+    0x3b, 0xd5, 0xf1, 0xc2, 0xae, 0x3a, 0x60, 0xd9, 0x0f, 0x75, 0x37, 0x55,
+    0x4d, 0x62, 0xd2, 0xed, 0x96, 0xac, 0x30, 0x6b, 0xda, 0xa1, 0x48, 0x17,
+    0x96, 0x23, 0x85, 0x9a, 0x57, 0x77, 0xe9, 0x22, 0xa2, 0x37, 0x03, 0xba,
+    0x49, 0x77, 0x40, 0x3b, 0x76, 0x4b, 0xda, 0xc1, 0x04, 0x57, 0x55, 0x34,
+    0x22, 0x83, 0x45, 0x29, 0xab, 0x2e, 0x11, 0xff, 0x0d, 0xab, 0x55, 0xb1,
+    0xa7, 0x58, 0x59, 0x05, 0x25, 0xf9, 0x1e, 0x3d, 0xb7, 0xac, 0x04, 0x39,
+    0x2c, 0xf9, 0xaf, 0xb8, 0x68, 0xfb, 0x8e, 0x35, 0x71, 0x32, 0xff, 0x70,
+    0xe9, 0x46, 0x6d, 0x5c, 0x06, 0x90, 0x88, 0x23, 0x48, 0x0c, 0x50, 0xeb,
+    0x0a, 0xa9, 0xae, 0xe8, 0xfc, 0xbe, 0xa5, 0x76, 0x94, 0xd7, 0x64, 0x22,
+    0x38, 0x98, 0x17, 0xa4, 0x3a, 0xa7, 0x59, 0x9f, 0x1d, 0x3b, 0x75, 0x90,
+    0x1a, 0x81, 0xef, 0x19, 0xfb, 0x2b, 0xb7, 0xa7, 0x64, 0x61, 0x22, 0xa4,
+    0x6f, 0x7b, 0xfa, 0x58, 0xbb, 0x8c, 0x4e, 0x77, 0x67, 0xd0, 0x5d, 0x58,
+    0x76, 0x8a, 0xbb,
+};
+
+static const uint8_t kRSAPrivateKeyDER[] = {
+    0x30, 0x82, 0x04, 0xa5, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
+    0xce, 0x47, 0xcb, 0x11, 0xbb, 0xd2, 0x9d, 0x8e, 0x9e, 0xd2, 0x1e, 0x14,
+    0xaf, 0xc7, 0xea, 0xb6, 0xc9, 0x38, 0x2a, 0x6f, 0xb3, 0x7e, 0xfb, 0xbc,
+    0xfc, 0x59, 0x42, 0xb9, 0x56, 0xf0, 0x4c, 0x3f, 0xf7, 0x31, 0x84, 0xbe,
+    0xac, 0x03, 0x9e, 0x71, 0x91, 0x85, 0xd8, 0x32, 0xbd, 0x00, 0xea, 0xac,
+    0x65, 0xf6, 0x03, 0xc8, 0x0f, 0x8b, 0xfd, 0x6e, 0x58, 0x88, 0x04, 0x41,
+    0x92, 0x74, 0xa6, 0x57, 0x2e, 0x8e, 0x88, 0xd5, 0x3d, 0xda, 0x14, 0x3e,
+    0x63, 0x88, 0x22, 0xe3, 0x53, 0xe9, 0xba, 0x39, 0x09, 0xac, 0xfb, 0xd0,
+    0x4c, 0xf2, 0x3c, 0x20, 0xd6, 0x97, 0xe6, 0xed, 0xf1, 0x62, 0x1e, 0xe5,
+    0xc9, 0x48, 0xa0, 0xca, 0x2e, 0x3c, 0x14, 0x5a, 0x82, 0xd4, 0xed, 0xb1,
+    0xe3, 0x43, 0xc1, 0x2a, 0x59, 0xa5, 0xb9, 0xc8, 0x48, 0xa7, 0x39, 0x23,
+    0x74, 0xa7, 0x37, 0xb0, 0x6f, 0xc3, 0x64, 0x99, 0x6c, 0xa2, 0x82, 0xc8,
+    0xf6, 0xdb, 0x86, 0x40, 0xce, 0xd1, 0x85, 0x9f, 0xce, 0x69, 0xf4, 0x15,
+    0x2a, 0x23, 0xca, 0xea, 0xb7, 0x7b, 0xdf, 0xfb, 0x43, 0x5f, 0xff, 0x7a,
+    0x49, 0x49, 0x0e, 0xe7, 0x02, 0x51, 0x45, 0x13, 0xe8, 0x90, 0x64, 0x21,
+    0x0c, 0x26, 0x2b, 0x5d, 0xfc, 0xe4, 0xb5, 0x86, 0x89, 0x43, 0x22, 0x4c,
+    0xf3, 0x3b, 0xf3, 0x09, 0xc4, 0xa4, 0x10, 0x80, 0xf2, 0x46, 0xe2, 0x46,
+    0x8f, 0x76, 0x50, 0xbf, 0xaf, 0x2b, 0x90, 0x1b, 0x78, 0xc7, 0xcf, 0xc1,
+    0x77, 0xd0, 0xfb, 0xa9, 0xfb, 0xc9, 0x66, 0x5a, 0xc5, 0x9b, 0x31, 0x41,
+    0x67, 0x01, 0xbe, 0x33, 0x10, 0xba, 0x05, 0x58, 0xed, 0x76, 0x53, 0xde,
+    0x5d, 0xc1, 0xe8, 0xbb, 0x9f, 0xf1, 0xcd, 0xfb, 0xdf, 0x64, 0x7f, 0xd7,
+    0x18, 0xab, 0x0f, 0x94, 0x28, 0x95, 0x4a, 0xcc, 0x6a, 0xa9, 0x50, 0xc7,
+    0x05, 0x47, 0x10, 0x41, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
+    0x01, 0x00, 0xa8, 0x47, 0xb9, 0x4a, 0x06, 0x47, 0x93, 0x71, 0x3d, 0xef,
+    0x7b, 0xca, 0xb4, 0x7c, 0x0a, 0xe6, 0x82, 0xd0, 0xe7, 0x0d, 0xa9, 0x08,
+    0xf6, 0xa4, 0xfd, 0xd8, 0x73, 0xae, 0x6f, 0x56, 0x29, 0x5e, 0x25, 0x72,
+    0xa8, 0x30, 0x44, 0x73, 0xcf, 0x56, 0x26, 0xb9, 0x61, 0xde, 0x42, 0x81,
+    0xf4, 0xf0, 0x1f, 0x5d, 0xcb, 0x47, 0xf2, 0x26, 0xe9, 0xe0, 0x93, 0x28,
+    0xa3, 0x10, 0x3b, 0x42, 0x1e, 0x51, 0x11, 0x12, 0x06, 0x5e, 0xaf, 0xce,
+    0xb0, 0xa5, 0x14, 0xdd, 0x82, 0x58, 0xa1, 0xa4, 0x12, 0xdf, 0x65, 0x1d,
+    0x51, 0x70, 0x64, 0xd5, 0x58, 0x68, 0x11, 0xa8, 0x6a, 0x23, 0xc2, 0xbf,
+    0xa1, 0x25, 0x24, 0x47, 0xb3, 0xa4, 0x3c, 0x83, 0x96, 0xb7, 0x1f, 0xf4,
+    0x44, 0xd4, 0xd1, 0xe9, 0xfc, 0x33, 0x68, 0x5e, 0xe2, 0x68, 0x99, 0x9c,
+    0x91, 0xe8, 0x72, 0xc9, 0xd7, 0x8c, 0x80, 0x20, 0x8e, 0x77, 0x83, 0x4d,
+    0xe4, 0xab, 0xf9, 0x74, 0xa1, 0xdf, 0xd3, 0xc0, 0x0d, 0x5b, 0x05, 0x51,
+    0xc2, 0x6f, 0xb2, 0x91, 0x02, 0xec, 0xc0, 0x02, 0x1a, 0x5c, 0x91, 0x05,
+    0xf1, 0xe3, 0xfa, 0x65, 0xc2, 0xad, 0x24, 0xe6, 0xe5, 0x3c, 0xb6, 0x16,
+    0xf1, 0xa1, 0x67, 0x1a, 0x9d, 0x37, 0x56, 0xbf, 0x01, 0xd7, 0x3b, 0x35,
+    0x30, 0x57, 0x73, 0xf4, 0xf0, 0x5e, 0xa7, 0xe8, 0x0a, 0xc1, 0x94, 0x17,
+    0xcf, 0x0a, 0xbd, 0xf5, 0x31, 0xa7, 0x2d, 0xf7, 0xf5, 0xd9, 0x8c, 0xc2,
+    0x01, 0xbd, 0xda, 0x16, 0x8e, 0xb9, 0x30, 0x40, 0xa6, 0x6e, 0xbd, 0xcd,
+    0x4d, 0x84, 0x67, 0x4e, 0x0b, 0xce, 0xd5, 0xef, 0xf8, 0x08, 0x63, 0x02,
+    0xc6, 0xc7, 0xf7, 0x67, 0x92, 0xe2, 0x23, 0x9d, 0x27, 0x22, 0x1d, 0xc6,
+    0x67, 0x5e, 0x66, 0xbf, 0x03, 0xb8, 0xa9, 0x67, 0xd4, 0x39, 0xd8, 0x75,
+    0xfa, 0xe8, 0xed, 0x56, 0xb8, 0x81, 0x02, 0x81, 0x81, 0x00, 0xf7, 0x46,
+    0x68, 0xc6, 0x13, 0xf8, 0xba, 0x0f, 0x83, 0xdb, 0x05, 0xa8, 0x25, 0x00,
+    0x70, 0x9c, 0x9e, 0x8b, 0x12, 0x34, 0x0d, 0x96, 0xcf, 0x0d, 0x98, 0x9b,
+    0x8d, 0x9c, 0x96, 0x78, 0xd1, 0x3c, 0x01, 0x8c, 0xb9, 0x35, 0x5c, 0x20,
+    0x42, 0xb4, 0x38, 0xe3, 0xd6, 0x54, 0xe7, 0x55, 0xd6, 0x26, 0x8a, 0x0c,
+    0xf6, 0x1f, 0xe0, 0x04, 0xc1, 0x22, 0x42, 0x19, 0x61, 0xc4, 0x94, 0x7c,
+    0x07, 0x2e, 0x80, 0x52, 0xfe, 0x8d, 0xe6, 0x92, 0x3a, 0x91, 0xfe, 0x72,
+    0x99, 0xe1, 0x2a, 0x73, 0x76, 0xb1, 0x24, 0x20, 0x67, 0xde, 0x28, 0xcb,
+    0x0e, 0xe6, 0x52, 0xb5, 0xfa, 0xfb, 0x8b, 0x1e, 0x6a, 0x1d, 0x09, 0x26,
+    0xb9, 0xa7, 0x61, 0xba, 0xf8, 0x79, 0xd2, 0x66, 0x57, 0x28, 0xd7, 0x31,
+    0xb5, 0x0b, 0x27, 0x19, 0x1e, 0x6f, 0x46, 0xfc, 0x54, 0x95, 0xeb, 0x78,
+    0x01, 0xb6, 0xd9, 0x79, 0x5a, 0x4d, 0x02, 0x81, 0x81, 0x00, 0xd5, 0x8f,
+    0x16, 0x53, 0x2f, 0x57, 0x93, 0xbf, 0x09, 0x75, 0xbf, 0x63, 0x40, 0x3d,
+    0x27, 0xfd, 0x23, 0x21, 0xde, 0x9b, 0xe9, 0x73, 0x3f, 0x49, 0x02, 0xd2,
+    0x38, 0x96, 0xcf, 0xc3, 0xba, 0x92, 0x07, 0x87, 0x52, 0xa9, 0x35, 0xe3,
+    0x0c, 0xe4, 0x2f, 0x05, 0x7b, 0x37, 0xa5, 0x40, 0x9c, 0x3b, 0x94, 0xf7,
+    0xad, 0xa0, 0xee, 0x3a, 0xa8, 0xfb, 0x1f, 0x11, 0x1f, 0xd8, 0x9a, 0x80,
+    0x42, 0x3d, 0x7f, 0xa4, 0xb8, 0x9a, 0xaa, 0xea, 0x72, 0xc1, 0xe3, 0xed,
+    0x06, 0x60, 0x92, 0x37, 0xf9, 0xba, 0xfb, 0x9e, 0xed, 0x05, 0xa6, 0xd4,
+    0x72, 0x68, 0x4f, 0x63, 0xfe, 0xd6, 0x10, 0x0d, 0x4f, 0x0a, 0x93, 0xc6,
+    0xb9, 0xd7, 0xaf, 0xfd, 0xd9, 0x57, 0x7d, 0xcb, 0x75, 0xe8, 0x93, 0x2b,
+    0xae, 0x4f, 0xea, 0xd7, 0x30, 0x0b, 0x58, 0x44, 0x82, 0x0f, 0x84, 0x5d,
+    0x62, 0x11, 0x78, 0xea, 0x5f, 0xc5, 0x02, 0x81, 0x81, 0x00, 0x82, 0x0c,
+    0xc1, 0xe6, 0x0b, 0x72, 0xf1, 0x48, 0x5f, 0xac, 0xbd, 0x98, 0xe5, 0x7d,
+    0x09, 0xbd, 0x15, 0x95, 0x47, 0x09, 0xa1, 0x6c, 0x03, 0x91, 0xbf, 0x05,
+    0x70, 0xc1, 0x3e, 0x52, 0x64, 0x99, 0x0e, 0xa7, 0x98, 0x70, 0xfb, 0xf6,
+    0xeb, 0x9e, 0x25, 0x9d, 0x8e, 0x88, 0x30, 0xf2, 0xf0, 0x22, 0x6c, 0xd0,
+    0xcc, 0x51, 0x8f, 0x5c, 0x70, 0xc7, 0x37, 0xc4, 0x69, 0xab, 0x1d, 0xfc,
+    0xed, 0x3a, 0x03, 0xbb, 0xa2, 0xad, 0xb6, 0xea, 0x89, 0x6b, 0x67, 0x4b,
+    0x96, 0xaa, 0xd9, 0xcc, 0xc8, 0x4b, 0xfa, 0x18, 0x21, 0x08, 0xb2, 0xa3,
+    0xb9, 0x3e, 0x61, 0x99, 0xdc, 0x5a, 0x97, 0x9c, 0x73, 0x6a, 0xb9, 0xf9,
+    0x68, 0x03, 0x24, 0x5f, 0x55, 0x77, 0x9c, 0xb4, 0xbe, 0x7a, 0x78, 0x53,
+    0x68, 0x48, 0x69, 0x53, 0xc8, 0xb1, 0xf5, 0xbf, 0x98, 0x2d, 0x11, 0x1e,
+    0x98, 0xa8, 0x36, 0x50, 0xa0, 0xb1, 0x02, 0x81, 0x81, 0x00, 0x90, 0x88,
+    0x30, 0x71, 0xc7, 0xfe, 0x9b, 0x6d, 0x95, 0x37, 0x6d, 0x79, 0xfc, 0x85,
+    0xe7, 0x44, 0x78, 0xbc, 0x79, 0x6e, 0x47, 0x86, 0xc9, 0xf3, 0xdd, 0xc6,
+    0xec, 0xa9, 0x94, 0x9f, 0x40, 0xeb, 0x87, 0xd0, 0xdb, 0xee, 0xcd, 0x1b,
+    0x87, 0x23, 0xff, 0x76, 0xd4, 0x37, 0x8a, 0xcd, 0xb9, 0x6e, 0xd1, 0x98,
+    0xf6, 0x97, 0x8d, 0xe3, 0x81, 0x6d, 0xc3, 0x4e, 0xd1, 0xa0, 0xc4, 0x9f,
+    0xbd, 0x34, 0xe5, 0xe8, 0x53, 0x4f, 0xca, 0x10, 0xb5, 0xed, 0xe7, 0x16,
+    0x09, 0x54, 0xde, 0x60, 0xa7, 0xd1, 0x16, 0x6e, 0x2e, 0xb7, 0xbe, 0x7a,
+    0xd5, 0x9b, 0x26, 0xef, 0xe4, 0x0e, 0x77, 0xfa, 0xa9, 0xdd, 0xdc, 0xb9,
+    0x88, 0x19, 0x23, 0x70, 0xc7, 0xe1, 0x60, 0xaf, 0x8c, 0x73, 0x04, 0xf7,
+    0x71, 0x17, 0x81, 0x36, 0x75, 0xbb, 0x97, 0xd7, 0x75, 0xb6, 0x8e, 0xbc,
+    0xac, 0x9c, 0x6a, 0x9b, 0x24, 0x89, 0x02, 0x81, 0x80, 0x5a, 0x2b, 0xc7,
+    0x6b, 0x8c, 0x65, 0xdb, 0x04, 0x73, 0xab, 0x25, 0xe1, 0x5b, 0xbc, 0x3c,
+    0xcf, 0x5a, 0x3c, 0x04, 0xae, 0x97, 0x2e, 0xfd, 0xa4, 0x97, 0x1f, 0x05,
+    0x17, 0x27, 0xac, 0x7c, 0x30, 0x85, 0xb4, 0x82, 0x3f, 0x5b, 0xb7, 0x94,
+    0x3b, 0x7f, 0x6c, 0x0c, 0xc7, 0x16, 0xc6, 0xa0, 0xbd, 0x80, 0xb0, 0x81,
+    0xde, 0xa0, 0x23, 0xa6, 0xf6, 0x75, 0x33, 0x51, 0x35, 0xa2, 0x75, 0x55,
+    0x70, 0x4d, 0x42, 0xbb, 0xcf, 0x54, 0xe4, 0xdb, 0x2d, 0x88, 0xa0, 0x7a,
+    0xf2, 0x17, 0xa7, 0xdd, 0x13, 0x44, 0x9f, 0x5f, 0x6b, 0x2c, 0x42, 0x42,
+    0x8b, 0x13, 0x4d, 0xf9, 0x5b, 0xf8, 0x33, 0x42, 0xd9, 0x9e, 0x50, 0x1c,
+    0x7c, 0xbc, 0xfa, 0x62, 0x85, 0x0b, 0xcf, 0x99, 0xda, 0x9e, 0x04, 0x90,
+    0xb2, 0xc6, 0xb2, 0x0a, 0x2a, 0x7c, 0x6d, 0x6a, 0x40, 0xfc, 0xf5, 0x50,
+    0x98, 0x46, 0x89, 0x82, 0x40,
+};
+
+
+#ifndef OPENSSL_NO_EC
+/*
+ *  -----BEGIN EC PRIVATE KEY-----
+ *  MHcCAQEEIJLyl7hJjpQL/RhP1x2zS79xdiPJQB683gWeqcqHPeZkoAoGCCqGSM49
+ *  AwEHoUQDQgAEdsjygVYjjaKBF4CNECVllNf017p5/MxNSWDoTHy9I2GeDwEDDazI
+ *  D/xy8JiYjtPKVE/Zqwbmivp2UwtH28a7NQ==
+ *  -----END EC PRIVATE KEY-----
+ */
+static const char ECDSAPrivateKeyPEM[] = {
+    0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x45,
+    0x43, 0x20, 0x50, 0x52, 0x49, 0x56, 0x41, 0x54, 0x45, 0x20, 0x4b, 0x45,
+    0x59, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a, 0x4d, 0x48, 0x63, 0x43, 0x41,
+    0x51, 0x45, 0x45, 0x49, 0x4a, 0x4c, 0x79, 0x6c, 0x37, 0x68, 0x4a, 0x6a,
+    0x70, 0x51, 0x4c, 0x2f, 0x52, 0x68, 0x50, 0x31, 0x78, 0x32, 0x7a, 0x53,
+    0x37, 0x39, 0x78, 0x64, 0x69, 0x50, 0x4a, 0x51, 0x42, 0x36, 0x38, 0x33,
+    0x67, 0x57, 0x65, 0x71, 0x63, 0x71, 0x48, 0x50, 0x65, 0x5a, 0x6b, 0x6f,
+    0x41, 0x6f, 0x47, 0x43, 0x43, 0x71, 0x47, 0x53, 0x4d, 0x34, 0x39, 0x0a,
+    0x41, 0x77, 0x45, 0x48, 0x6f, 0x55, 0x51, 0x44, 0x51, 0x67, 0x41, 0x45,
+    0x64, 0x73, 0x6a, 0x79, 0x67, 0x56, 0x59, 0x6a, 0x6a, 0x61, 0x4b, 0x42,
+    0x46, 0x34, 0x43, 0x4e, 0x45, 0x43, 0x56, 0x6c, 0x6c, 0x4e, 0x66, 0x30,
+    0x31, 0x37, 0x70, 0x35, 0x2f, 0x4d, 0x78, 0x4e, 0x53, 0x57, 0x44, 0x6f,
+    0x54, 0x48, 0x79, 0x39, 0x49, 0x32, 0x47, 0x65, 0x44, 0x77, 0x45, 0x44,
+    0x44, 0x61, 0x7a, 0x49, 0x0a, 0x44, 0x2f, 0x78, 0x79, 0x38, 0x4a, 0x69,
+    0x59, 0x6a, 0x74, 0x50, 0x4b, 0x56, 0x45, 0x2f, 0x5a, 0x71, 0x77, 0x62,
+    0x6d, 0x69, 0x76, 0x70, 0x32, 0x55, 0x77, 0x74, 0x48, 0x32, 0x38, 0x61,
+    0x37, 0x4e, 0x51, 0x3d, 0x3d, 0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x45,
+    0x4e, 0x44, 0x20, 0x45, 0x43, 0x20, 0x50, 0x52, 0x49, 0x56, 0x41, 0x54,
+    0x45, 0x20, 0x4b, 0x45, 0x59, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a
+};
+
+/*
+ * -----BEGIN CERTIFICATE-----
+ *  MIIBXzCCAQagAwIBAgIJAK6/Yvf/ain6MAoGCCqGSM49BAMCMBIxEDAOBgNVBAoM
+ *  B0FjbWUgQ28wHhcNMTYxMjI1MTEzOTI3WhcNMjYxMjI1MTEzOTI3WjASMRAwDgYD
+ *  VQQKDAdBY21lIENvMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdsjygVYjjaKB
+ *  F4CNECVllNf017p5/MxNSWDoTHy9I2GeDwEDDazID/xy8JiYjtPKVE/Zqwbmivp2
+ *  UwtH28a7NaNFMEMwCQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwEwYDVR0lBAwwCgYI
+ *  KwYBBQUHAwEwFAYDVR0RBA0wC4IJbG9jYWxob3N0MAoGCCqGSM49BAMCA0cAMEQC
+ *  IEzr3t/jejVE9oSnBp8c3P2p+lDLVRrB8zxLyjZvirUXAiAyQPaE9MNcL8/nRpuu
+ *  99I1enCSmWIAJ57IwuJ/n1d45Q==
+ *  -----END CERTIFICATE-----
+ */
+static const char ECDSACertPEM[] = {
+    0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x43,
+    0x45, 0x52, 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x2d, 0x2d,
+    0x2d, 0x2d, 0x2d, 0x0a, 0x4d, 0x49, 0x49, 0x42, 0x58, 0x7a, 0x43, 0x43,
+    0x41, 0x51, 0x61, 0x67, 0x41, 0x77, 0x49, 0x42, 0x41, 0x67, 0x49, 0x4a,
+    0x41, 0x4b, 0x36, 0x2f, 0x59, 0x76, 0x66, 0x2f, 0x61, 0x69, 0x6e, 0x36,
+    0x4d, 0x41, 0x6f, 0x47, 0x43, 0x43, 0x71, 0x47, 0x53, 0x4d, 0x34, 0x39,
+    0x42, 0x41, 0x4d, 0x43, 0x4d, 0x42, 0x49, 0x78, 0x45, 0x44, 0x41, 0x4f,
+    0x42, 0x67, 0x4e, 0x56, 0x42, 0x41, 0x6f, 0x4d, 0x0a, 0x42, 0x30, 0x46,
+    0x6a, 0x62, 0x57, 0x55, 0x67, 0x51, 0x32, 0x38, 0x77, 0x48, 0x68, 0x63,
+    0x4e, 0x4d, 0x54, 0x59, 0x78, 0x4d, 0x6a, 0x49, 0x31, 0x4d, 0x54, 0x45,
+    0x7a, 0x4f, 0x54, 0x49, 0x33, 0x57, 0x68, 0x63, 0x4e, 0x4d, 0x6a, 0x59,
+    0x78, 0x4d, 0x6a, 0x49, 0x31, 0x4d, 0x54, 0x45, 0x7a, 0x4f, 0x54, 0x49,
+    0x33, 0x57, 0x6a, 0x41, 0x53, 0x4d, 0x52, 0x41, 0x77, 0x44, 0x67, 0x59,
+    0x44, 0x0a, 0x56, 0x51, 0x51, 0x4b, 0x44, 0x41, 0x64, 0x42, 0x59, 0x32,
+    0x31, 0x6c, 0x49, 0x45, 0x4e, 0x76, 0x4d, 0x46, 0x6b, 0x77, 0x45, 0x77,
+    0x59, 0x48, 0x4b, 0x6f, 0x5a, 0x49, 0x7a, 0x6a, 0x30, 0x43, 0x41, 0x51,
+    0x59, 0x49, 0x4b, 0x6f, 0x5a, 0x49, 0x7a, 0x6a, 0x30, 0x44, 0x41, 0x51,
+    0x63, 0x44, 0x51, 0x67, 0x41, 0x45, 0x64, 0x73, 0x6a, 0x79, 0x67, 0x56,
+    0x59, 0x6a, 0x6a, 0x61, 0x4b, 0x42, 0x0a, 0x46, 0x34, 0x43, 0x4e, 0x45,
+    0x43, 0x56, 0x6c, 0x6c, 0x4e, 0x66, 0x30, 0x31, 0x37, 0x70, 0x35, 0x2f,
+    0x4d, 0x78, 0x4e, 0x53, 0x57, 0x44, 0x6f, 0x54, 0x48, 0x79, 0x39, 0x49,
+    0x32, 0x47, 0x65, 0x44, 0x77, 0x45, 0x44, 0x44, 0x61, 0x7a, 0x49, 0x44,
+    0x2f, 0x78, 0x79, 0x38, 0x4a, 0x69, 0x59, 0x6a, 0x74, 0x50, 0x4b, 0x56,
+    0x45, 0x2f, 0x5a, 0x71, 0x77, 0x62, 0x6d, 0x69, 0x76, 0x70, 0x32, 0x0a,
+    0x55, 0x77, 0x74, 0x48, 0x32, 0x38, 0x61, 0x37, 0x4e, 0x61, 0x4e, 0x46,
+    0x4d, 0x45, 0x4d, 0x77, 0x43, 0x51, 0x59, 0x44, 0x56, 0x52, 0x30, 0x54,
+    0x42, 0x41, 0x49, 0x77, 0x41, 0x44, 0x41, 0x4c, 0x42, 0x67, 0x4e, 0x56,
+    0x48, 0x51, 0x38, 0x45, 0x42, 0x41, 0x4d, 0x43, 0x42, 0x61, 0x41, 0x77,
+    0x45, 0x77, 0x59, 0x44, 0x56, 0x52, 0x30, 0x6c, 0x42, 0x41, 0x77, 0x77,
+    0x43, 0x67, 0x59, 0x49, 0x0a, 0x4b, 0x77, 0x59, 0x42, 0x42, 0x51, 0x55,
+    0x48, 0x41, 0x77, 0x45, 0x77, 0x46, 0x41, 0x59, 0x44, 0x56, 0x52, 0x30,
+    0x52, 0x42, 0x41, 0x30, 0x77, 0x43, 0x34, 0x49, 0x4a, 0x62, 0x47, 0x39,
+    0x6a, 0x59, 0x57, 0x78, 0x6f, 0x62, 0x33, 0x4e, 0x30, 0x4d, 0x41, 0x6f,
+    0x47, 0x43, 0x43, 0x71, 0x47, 0x53, 0x4d, 0x34, 0x39, 0x42, 0x41, 0x4d,
+    0x43, 0x41, 0x30, 0x63, 0x41, 0x4d, 0x45, 0x51, 0x43, 0x0a, 0x49, 0x45,
+    0x7a, 0x72, 0x33, 0x74, 0x2f, 0x6a, 0x65, 0x6a, 0x56, 0x45, 0x39, 0x6f,
+    0x53, 0x6e, 0x42, 0x70, 0x38, 0x63, 0x33, 0x50, 0x32, 0x70, 0x2b, 0x6c,
+    0x44, 0x4c, 0x56, 0x52, 0x72, 0x42, 0x38, 0x7a, 0x78, 0x4c, 0x79, 0x6a,
+    0x5a, 0x76, 0x69, 0x72, 0x55, 0x58, 0x41, 0x69, 0x41, 0x79, 0x51, 0x50,
+    0x61, 0x45, 0x39, 0x4d, 0x4e, 0x63, 0x4c, 0x38, 0x2f, 0x6e, 0x52, 0x70,
+    0x75, 0x75, 0x0a, 0x39, 0x39, 0x49, 0x31, 0x65, 0x6e, 0x43, 0x53, 0x6d,
+    0x57, 0x49, 0x41, 0x4a, 0x35, 0x37, 0x49, 0x77, 0x75, 0x4a, 0x2f, 0x6e,
+    0x31, 0x64, 0x34, 0x35, 0x51, 0x3d, 0x3d, 0x0a, 0x2d, 0x2d, 0x2d, 0x2d,
+    0x2d, 0x45, 0x4e, 0x44, 0x20, 0x43, 0x45, 0x52, 0x54, 0x49, 0x46, 0x49,
+    0x43, 0x41, 0x54, 0x45, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a
+};
+#endif
+
+#ifndef OPENSSL_NO_DSA
+/*
+ * -----BEGIN DSA PRIVATE KEY-----
+ * MIIBuwIBAAKBgQDdkFKzNABLOha7Eqj7004+p5fhtR6bxpujToMmSZTYi8igVVXP
+ * Wzf03ULKS5UKjA6WpR6EiZAhm+PdxusZ5xfAuRZLdKy0bgxn1f348Rwh+EQNaEM8
+ * 0TGcnw5ijwKmSw5yyHPDWdiHzoqEBlhAf8Nl22YTXax/clsc/pu/RRLAdwIVAIEg
+ * QqWRf/1EIZZcgM65Qpd65YuxAoGBAKBauV/RuloFHoSy5iWXESDywiS380tN5974
+ * GukGwoYdZo5uSIH6ahpeNSef0MbHGAzr7ZVEnhCQfRAwH1gRvSHoq/Rbmcvtd3r+
+ * QtQHOwvQHgLAynhI4i73c794czHaR+439bmcaSwDnQduRM85Mho/jiiZzAVPxBmG
+ * POIMWNXXAoGAI6Ep5IE7yn3JzkXO9B6tC3bbDM+ZzuuInwZLbtZ8lim7Dsqabg4k
+ * 2YbE4R95Bnfwnjsyl80mq/DbQN5lAHBvjDrkC6ItojBGKI3+iIrqGUEJdxvl4ulj
+ * F0PmSD7zvIG8BfocKOel+EHH0YryExiW6krV1KW2ZRmJrqSFw6KCjV0CFFQFbPfU
+ * xy5PmKytJmXR8BmppkIO
+ * -----END DSA PRIVATE KEY-----
+ */
+static const char DSAPrivateKeyPEM[] = {
+    0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x44,
+    0x53, 0x41, 0x20, 0x50, 0x52, 0x49, 0x56, 0x41, 0x54, 0x45, 0x20, 0x4b,
+    0x45, 0x59, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a, 0x4d, 0x49, 0x49, 0x42,
+    0x75, 0x77, 0x49, 0x42, 0x41, 0x41, 0x4b, 0x42, 0x67, 0x51, 0x44, 0x64,
+    0x6b, 0x46, 0x4b, 0x7a, 0x4e, 0x41, 0x42, 0x4c, 0x4f, 0x68, 0x61, 0x37,
+    0x45, 0x71, 0x6a, 0x37, 0x30, 0x30, 0x34, 0x2b, 0x70, 0x35, 0x66, 0x68,
+    0x74, 0x52, 0x36, 0x62, 0x78, 0x70, 0x75, 0x6a, 0x54, 0x6f, 0x4d, 0x6d,
+    0x53, 0x5a, 0x54, 0x59, 0x69, 0x38, 0x69, 0x67, 0x56, 0x56, 0x58, 0x50,
+    0x0a, 0x57, 0x7a, 0x66, 0x30, 0x33, 0x55, 0x4c, 0x4b, 0x53, 0x35, 0x55,
+    0x4b, 0x6a, 0x41, 0x36, 0x57, 0x70, 0x52, 0x36, 0x45, 0x69, 0x5a, 0x41,
+    0x68, 0x6d, 0x2b, 0x50, 0x64, 0x78, 0x75, 0x73, 0x5a, 0x35, 0x78, 0x66,
+    0x41, 0x75, 0x52, 0x5a, 0x4c, 0x64, 0x4b, 0x79, 0x30, 0x62, 0x67, 0x78,
+    0x6e, 0x31, 0x66, 0x33, 0x34, 0x38, 0x52, 0x77, 0x68, 0x2b, 0x45, 0x51,
+    0x4e, 0x61, 0x45, 0x4d, 0x38, 0x0a, 0x30, 0x54, 0x47, 0x63, 0x6e, 0x77,
+    0x35, 0x69, 0x6a, 0x77, 0x4b, 0x6d, 0x53, 0x77, 0x35, 0x79, 0x79, 0x48,
+    0x50, 0x44, 0x57, 0x64, 0x69, 0x48, 0x7a, 0x6f, 0x71, 0x45, 0x42, 0x6c,
+    0x68, 0x41, 0x66, 0x38, 0x4e, 0x6c, 0x32, 0x32, 0x59, 0x54, 0x58, 0x61,
+    0x78, 0x2f, 0x63, 0x6c, 0x73, 0x63, 0x2f, 0x70, 0x75, 0x2f, 0x52, 0x52,
+    0x4c, 0x41, 0x64, 0x77, 0x49, 0x56, 0x41, 0x49, 0x45, 0x67, 0x0a, 0x51,
+    0x71, 0x57, 0x52, 0x66, 0x2f, 0x31, 0x45, 0x49, 0x5a, 0x5a, 0x63, 0x67,
+    0x4d, 0x36, 0x35, 0x51, 0x70, 0x64, 0x36, 0x35, 0x59, 0x75, 0x78, 0x41,
+    0x6f, 0x47, 0x42, 0x41, 0x4b, 0x42, 0x61, 0x75, 0x56, 0x2f, 0x52, 0x75,
+    0x6c, 0x6f, 0x46, 0x48, 0x6f, 0x53, 0x79, 0x35, 0x69, 0x57, 0x58, 0x45,
+    0x53, 0x44, 0x79, 0x77, 0x69, 0x53, 0x33, 0x38, 0x30, 0x74, 0x4e, 0x35,
+    0x39, 0x37, 0x34, 0x0a, 0x47, 0x75, 0x6b, 0x47, 0x77, 0x6f, 0x59, 0x64,
+    0x5a, 0x6f, 0x35, 0x75, 0x53, 0x49, 0x48, 0x36, 0x61, 0x68, 0x70, 0x65,
+    0x4e, 0x53, 0x65, 0x66, 0x30, 0x4d, 0x62, 0x48, 0x47, 0x41, 0x7a, 0x72,
+    0x37, 0x5a, 0x56, 0x45, 0x6e, 0x68, 0x43, 0x51, 0x66, 0x52, 0x41, 0x77,
+    0x48, 0x31, 0x67, 0x52, 0x76, 0x53, 0x48, 0x6f, 0x71, 0x2f, 0x52, 0x62,
+    0x6d, 0x63, 0x76, 0x74, 0x64, 0x33, 0x72, 0x2b, 0x0a, 0x51, 0x74, 0x51,
+    0x48, 0x4f, 0x77, 0x76, 0x51, 0x48, 0x67, 0x4c, 0x41, 0x79, 0x6e, 0x68,
+    0x49, 0x34, 0x69, 0x37, 0x33, 0x63, 0x37, 0x39, 0x34, 0x63, 0x7a, 0x48,
+    0x61, 0x52, 0x2b, 0x34, 0x33, 0x39, 0x62, 0x6d, 0x63, 0x61, 0x53, 0x77,
+    0x44, 0x6e, 0x51, 0x64, 0x75, 0x52, 0x4d, 0x38, 0x35, 0x4d, 0x68, 0x6f,
+    0x2f, 0x6a, 0x69, 0x69, 0x5a, 0x7a, 0x41, 0x56, 0x50, 0x78, 0x42, 0x6d,
+    0x47, 0x0a, 0x50, 0x4f, 0x49, 0x4d, 0x57, 0x4e, 0x58, 0x58, 0x41, 0x6f,
+    0x47, 0x41, 0x49, 0x36, 0x45, 0x70, 0x35, 0x49, 0x45, 0x37, 0x79, 0x6e,
+    0x33, 0x4a, 0x7a, 0x6b, 0x58, 0x4f, 0x39, 0x42, 0x36, 0x74, 0x43, 0x33,
+    0x62, 0x62, 0x44, 0x4d, 0x2b, 0x5a, 0x7a, 0x75, 0x75, 0x49, 0x6e, 0x77,
+    0x5a, 0x4c, 0x62, 0x74, 0x5a, 0x38, 0x6c, 0x69, 0x6d, 0x37, 0x44, 0x73,
+    0x71, 0x61, 0x62, 0x67, 0x34, 0x6b, 0x0a, 0x32, 0x59, 0x62, 0x45, 0x34,
+    0x52, 0x39, 0x35, 0x42, 0x6e, 0x66, 0x77, 0x6e, 0x6a, 0x73, 0x79, 0x6c,
+    0x38, 0x30, 0x6d, 0x71, 0x2f, 0x44, 0x62, 0x51, 0x4e, 0x35, 0x6c, 0x41,
+    0x48, 0x42, 0x76, 0x6a, 0x44, 0x72, 0x6b, 0x43, 0x36, 0x49, 0x74, 0x6f,
+    0x6a, 0x42, 0x47, 0x4b, 0x49, 0x33, 0x2b, 0x69, 0x49, 0x72, 0x71, 0x47,
+    0x55, 0x45, 0x4a, 0x64, 0x78, 0x76, 0x6c, 0x34, 0x75, 0x6c, 0x6a, 0x0a,
+    0x46, 0x30, 0x50, 0x6d, 0x53, 0x44, 0x37, 0x7a, 0x76, 0x49, 0x47, 0x38,
+    0x42, 0x66, 0x6f, 0x63, 0x4b, 0x4f, 0x65, 0x6c, 0x2b, 0x45, 0x48, 0x48,
+    0x30, 0x59, 0x72, 0x79, 0x45, 0x78, 0x69, 0x57, 0x36, 0x6b, 0x72, 0x56,
+    0x31, 0x4b, 0x57, 0x32, 0x5a, 0x52, 0x6d, 0x4a, 0x72, 0x71, 0x53, 0x46,
+    0x77, 0x36, 0x4b, 0x43, 0x6a, 0x56, 0x30, 0x43, 0x46, 0x46, 0x51, 0x46,
+    0x62, 0x50, 0x66, 0x55, 0x0a, 0x78, 0x79, 0x35, 0x50, 0x6d, 0x4b, 0x79,
+    0x74, 0x4a, 0x6d, 0x58, 0x52, 0x38, 0x42, 0x6d, 0x70, 0x70, 0x6b, 0x49,
+    0x4f, 0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x45, 0x4e, 0x44, 0x20, 0x44,
+    0x53, 0x41, 0x20, 0x50, 0x52, 0x49, 0x56, 0x41, 0x54, 0x45, 0x20, 0x4b,
+    0x45, 0x59, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a
+};
+
+/*
+ * -----BEGIN CERTIFICATE-----
+ * MIICqTCCAmegAwIBAgIJAILDGUk37fWGMAsGCWCGSAFlAwQDAjASMRAwDgYDVQQK
+ * DAdBY21lIENvMB4XDTE2MTIyNTEzMjUzNloXDTI2MTIyNTEzMjUzNlowEjEQMA4G
+ * A1UECgwHQWNtZSBDbzCCAbcwggEsBgcqhkjOOAQBMIIBHwKBgQDdkFKzNABLOha7
+ * Eqj7004+p5fhtR6bxpujToMmSZTYi8igVVXPWzf03ULKS5UKjA6WpR6EiZAhm+Pd
+ * xusZ5xfAuRZLdKy0bgxn1f348Rwh+EQNaEM80TGcnw5ijwKmSw5yyHPDWdiHzoqE
+ * BlhAf8Nl22YTXax/clsc/pu/RRLAdwIVAIEgQqWRf/1EIZZcgM65Qpd65YuxAoGB
+ * AKBauV/RuloFHoSy5iWXESDywiS380tN5974GukGwoYdZo5uSIH6ahpeNSef0MbH
+ * GAzr7ZVEnhCQfRAwH1gRvSHoq/Rbmcvtd3r+QtQHOwvQHgLAynhI4i73c794czHa
+ * R+439bmcaSwDnQduRM85Mho/jiiZzAVPxBmGPOIMWNXXA4GEAAKBgCOhKeSBO8p9
+ * yc5FzvQerQt22wzPmc7riJ8GS27WfJYpuw7Kmm4OJNmGxOEfeQZ38J47MpfNJqvw
+ * 20DeZQBwb4w65AuiLaIwRiiN/oiK6hlBCXcb5eLpYxdD5kg+87yBvAX6HCjnpfhB
+ * x9GK8hMYlupK1dSltmUZia6khcOigo1do0UwQzAJBgNVHRMEAjAAMAsGA1UdDwQE
+ * AwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAUBgNVHREEDTALgglsb2NhbGhvc3Qw
+ * CwYJYIZIAWUDBAMCAy8AMCwCFClxInXTRWNJEWdi5ilNr/fbM1bKAhQy4B7wtmfd
+ * I+zV6g3w9qBkNqStpA==
+ * -----END CERTIFICATE-----
+ */
+static const char DSACertPEM[] = {
+    0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x43,
+    0x45, 0x52, 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x2d, 0x2d,
+    0x2d, 0x2d, 0x2d, 0x0a, 0x4d, 0x49, 0x49, 0x43, 0x71, 0x54, 0x43, 0x43,
+    0x41, 0x6d, 0x65, 0x67, 0x41, 0x77, 0x49, 0x42, 0x41, 0x67, 0x49, 0x4a,
+    0x41, 0x49, 0x4c, 0x44, 0x47, 0x55, 0x6b, 0x33, 0x37, 0x66, 0x57, 0x47,
+    0x4d, 0x41, 0x73, 0x47, 0x43, 0x57, 0x43, 0x47, 0x53, 0x41, 0x46, 0x6c,
+    0x41, 0x77, 0x51, 0x44, 0x41, 0x6a, 0x41, 0x53, 0x4d, 0x52, 0x41, 0x77,
+    0x44, 0x67, 0x59, 0x44, 0x56, 0x51, 0x51, 0x4b, 0x0a, 0x44, 0x41, 0x64,
+    0x42, 0x59, 0x32, 0x31, 0x6c, 0x49, 0x45, 0x4e, 0x76, 0x4d, 0x42, 0x34,
+    0x58, 0x44, 0x54, 0x45, 0x32, 0x4d, 0x54, 0x49, 0x79, 0x4e, 0x54, 0x45,
+    0x7a, 0x4d, 0x6a, 0x55, 0x7a, 0x4e, 0x6c, 0x6f, 0x58, 0x44, 0x54, 0x49,
+    0x32, 0x4d, 0x54, 0x49, 0x79, 0x4e, 0x54, 0x45, 0x7a, 0x4d, 0x6a, 0x55,
+    0x7a, 0x4e, 0x6c, 0x6f, 0x77, 0x45, 0x6a, 0x45, 0x51, 0x4d, 0x41, 0x34,
+    0x47, 0x0a, 0x41, 0x31, 0x55, 0x45, 0x43, 0x67, 0x77, 0x48, 0x51, 0x57,
+    0x4e, 0x74, 0x5a, 0x53, 0x42, 0x44, 0x62, 0x7a, 0x43, 0x43, 0x41, 0x62,
+    0x63, 0x77, 0x67, 0x67, 0x45, 0x73, 0x42, 0x67, 0x63, 0x71, 0x68, 0x6b,
+    0x6a, 0x4f, 0x4f, 0x41, 0x51, 0x42, 0x4d, 0x49, 0x49, 0x42, 0x48, 0x77,
+    0x4b, 0x42, 0x67, 0x51, 0x44, 0x64, 0x6b, 0x46, 0x4b, 0x7a, 0x4e, 0x41,
+    0x42, 0x4c, 0x4f, 0x68, 0x61, 0x37, 0x0a, 0x45, 0x71, 0x6a, 0x37, 0x30,
+    0x30, 0x34, 0x2b, 0x70, 0x35, 0x66, 0x68, 0x74, 0x52, 0x36, 0x62, 0x78,
+    0x70, 0x75, 0x6a, 0x54, 0x6f, 0x4d, 0x6d, 0x53, 0x5a, 0x54, 0x59, 0x69,
+    0x38, 0x69, 0x67, 0x56, 0x56, 0x58, 0x50, 0x57, 0x7a, 0x66, 0x30, 0x33,
+    0x55, 0x4c, 0x4b, 0x53, 0x35, 0x55, 0x4b, 0x6a, 0x41, 0x36, 0x57, 0x70,
+    0x52, 0x36, 0x45, 0x69, 0x5a, 0x41, 0x68, 0x6d, 0x2b, 0x50, 0x64, 0x0a,
+    0x78, 0x75, 0x73, 0x5a, 0x35, 0x78, 0x66, 0x41, 0x75, 0x52, 0x5a, 0x4c,
+    0x64, 0x4b, 0x79, 0x30, 0x62, 0x67, 0x78, 0x6e, 0x31, 0x66, 0x33, 0x34,
+    0x38, 0x52, 0x77, 0x68, 0x2b, 0x45, 0x51, 0x4e, 0x61, 0x45, 0x4d, 0x38,
+    0x30, 0x54, 0x47, 0x63, 0x6e, 0x77, 0x35, 0x69, 0x6a, 0x77, 0x4b, 0x6d,
+    0x53, 0x77, 0x35, 0x79, 0x79, 0x48, 0x50, 0x44, 0x57, 0x64, 0x69, 0x48,
+    0x7a, 0x6f, 0x71, 0x45, 0x0a, 0x42, 0x6c, 0x68, 0x41, 0x66, 0x38, 0x4e,
+    0x6c, 0x32, 0x32, 0x59, 0x54, 0x58, 0x61, 0x78, 0x2f, 0x63, 0x6c, 0x73,
+    0x63, 0x2f, 0x70, 0x75, 0x2f, 0x52, 0x52, 0x4c, 0x41, 0x64, 0x77, 0x49,
+    0x56, 0x41, 0x49, 0x45, 0x67, 0x51, 0x71, 0x57, 0x52, 0x66, 0x2f, 0x31,
+    0x45, 0x49, 0x5a, 0x5a, 0x63, 0x67, 0x4d, 0x36, 0x35, 0x51, 0x70, 0x64,
+    0x36, 0x35, 0x59, 0x75, 0x78, 0x41, 0x6f, 0x47, 0x42, 0x0a, 0x41, 0x4b,
+    0x42, 0x61, 0x75, 0x56, 0x2f, 0x52, 0x75, 0x6c, 0x6f, 0x46, 0x48, 0x6f,
+    0x53, 0x79, 0x35, 0x69, 0x57, 0x58, 0x45, 0x53, 0x44, 0x79, 0x77, 0x69,
+    0x53, 0x33, 0x38, 0x30, 0x74, 0x4e, 0x35, 0x39, 0x37, 0x34, 0x47, 0x75,
+    0x6b, 0x47, 0x77, 0x6f, 0x59, 0x64, 0x5a, 0x6f, 0x35, 0x75, 0x53, 0x49,
+    0x48, 0x36, 0x61, 0x68, 0x70, 0x65, 0x4e, 0x53, 0x65, 0x66, 0x30, 0x4d,
+    0x62, 0x48, 0x0a, 0x47, 0x41, 0x7a, 0x72, 0x37, 0x5a, 0x56, 0x45, 0x6e,
+    0x68, 0x43, 0x51, 0x66, 0x52, 0x41, 0x77, 0x48, 0x31, 0x67, 0x52, 0x76,
+    0x53, 0x48, 0x6f, 0x71, 0x2f, 0x52, 0x62, 0x6d, 0x63, 0x76, 0x74, 0x64,
+    0x33, 0x72, 0x2b, 0x51, 0x74, 0x51, 0x48, 0x4f, 0x77, 0x76, 0x51, 0x48,
+    0x67, 0x4c, 0x41, 0x79, 0x6e, 0x68, 0x49, 0x34, 0x69, 0x37, 0x33, 0x63,
+    0x37, 0x39, 0x34, 0x63, 0x7a, 0x48, 0x61, 0x0a, 0x52, 0x2b, 0x34, 0x33,
+    0x39, 0x62, 0x6d, 0x63, 0x61, 0x53, 0x77, 0x44, 0x6e, 0x51, 0x64, 0x75,
+    0x52, 0x4d, 0x38, 0x35, 0x4d, 0x68, 0x6f, 0x2f, 0x6a, 0x69, 0x69, 0x5a,
+    0x7a, 0x41, 0x56, 0x50, 0x78, 0x42, 0x6d, 0x47, 0x50, 0x4f, 0x49, 0x4d,
+    0x57, 0x4e, 0x58, 0x58, 0x41, 0x34, 0x47, 0x45, 0x41, 0x41, 0x4b, 0x42,
+    0x67, 0x43, 0x4f, 0x68, 0x4b, 0x65, 0x53, 0x42, 0x4f, 0x38, 0x70, 0x39,
+    0x0a, 0x79, 0x63, 0x35, 0x46, 0x7a, 0x76, 0x51, 0x65, 0x72, 0x51, 0x74,
+    0x32, 0x32, 0x77, 0x7a, 0x50, 0x6d, 0x63, 0x37, 0x72, 0x69, 0x4a, 0x38,
+    0x47, 0x53, 0x32, 0x37, 0x57, 0x66, 0x4a, 0x59, 0x70, 0x75, 0x77, 0x37,
+    0x4b, 0x6d, 0x6d, 0x34, 0x4f, 0x4a, 0x4e, 0x6d, 0x47, 0x78, 0x4f, 0x45,
+    0x66, 0x65, 0x51, 0x5a, 0x33, 0x38, 0x4a, 0x34, 0x37, 0x4d, 0x70, 0x66,
+    0x4e, 0x4a, 0x71, 0x76, 0x77, 0x0a, 0x32, 0x30, 0x44, 0x65, 0x5a, 0x51,
+    0x42, 0x77, 0x62, 0x34, 0x77, 0x36, 0x35, 0x41, 0x75, 0x69, 0x4c, 0x61,
+    0x49, 0x77, 0x52, 0x69, 0x69, 0x4e, 0x2f, 0x6f, 0x69, 0x4b, 0x36, 0x68,
+    0x6c, 0x42, 0x43, 0x58, 0x63, 0x62, 0x35, 0x65, 0x4c, 0x70, 0x59, 0x78,
+    0x64, 0x44, 0x35, 0x6b, 0x67, 0x2b, 0x38, 0x37, 0x79, 0x42, 0x76, 0x41,
+    0x58, 0x36, 0x48, 0x43, 0x6a, 0x6e, 0x70, 0x66, 0x68, 0x42, 0x0a, 0x78,
+    0x39, 0x47, 0x4b, 0x38, 0x68, 0x4d, 0x59, 0x6c, 0x75, 0x70, 0x4b, 0x31,
+    0x64, 0x53, 0x6c, 0x74, 0x6d, 0x55, 0x5a, 0x69, 0x61, 0x36, 0x6b, 0x68,
+    0x63, 0x4f, 0x69, 0x67, 0x6f, 0x31, 0x64, 0x6f, 0x30, 0x55, 0x77, 0x51,
+    0x7a, 0x41, 0x4a, 0x42, 0x67, 0x4e, 0x56, 0x48, 0x52, 0x4d, 0x45, 0x41,
+    0x6a, 0x41, 0x41, 0x4d, 0x41, 0x73, 0x47, 0x41, 0x31, 0x55, 0x64, 0x44,
+    0x77, 0x51, 0x45, 0x0a, 0x41, 0x77, 0x49, 0x46, 0x6f, 0x44, 0x41, 0x54,
+    0x42, 0x67, 0x4e, 0x56, 0x48, 0x53, 0x55, 0x45, 0x44, 0x44, 0x41, 0x4b,
+    0x42, 0x67, 0x67, 0x72, 0x42, 0x67, 0x45, 0x46, 0x42, 0x51, 0x63, 0x44,
+    0x41, 0x54, 0x41, 0x55, 0x42, 0x67, 0x4e, 0x56, 0x48, 0x52, 0x45, 0x45,
+    0x44, 0x54, 0x41, 0x4c, 0x67, 0x67, 0x6c, 0x73, 0x62, 0x32, 0x4e, 0x68,
+    0x62, 0x47, 0x68, 0x76, 0x63, 0x33, 0x51, 0x77, 0x0a, 0x43, 0x77, 0x59,
+    0x4a, 0x59, 0x49, 0x5a, 0x49, 0x41, 0x57, 0x55, 0x44, 0x42, 0x41, 0x4d,
+    0x43, 0x41, 0x79, 0x38, 0x41, 0x4d, 0x43, 0x77, 0x43, 0x46, 0x43, 0x6c,
+    0x78, 0x49, 0x6e, 0x58, 0x54, 0x52, 0x57, 0x4e, 0x4a, 0x45, 0x57, 0x64,
+    0x69, 0x35, 0x69, 0x6c, 0x4e, 0x72, 0x2f, 0x66, 0x62, 0x4d, 0x31, 0x62,
+    0x4b, 0x41, 0x68, 0x51, 0x79, 0x34, 0x42, 0x37, 0x77, 0x74, 0x6d, 0x66,
+    0x64, 0x0a, 0x49, 0x2b, 0x7a, 0x56, 0x36, 0x67, 0x33, 0x77, 0x39, 0x71,
+    0x42, 0x6b, 0x4e, 0x71, 0x53, 0x74, 0x70, 0x41, 0x3d, 0x3d, 0x0a, 0x2d,
+    0x2d, 0x2d, 0x2d, 0x2d, 0x45, 0x4e, 0x44, 0x20, 0x43, 0x45, 0x52, 0x54,
+    0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d,
+    0x0a
+};
+#endif
+
+/* unused, to avoid warning. */
+static int idx;
+
+#define FUZZTIME 1485898104
+
+#define TIME_IMPL(t) { if (t != NULL) *t = FUZZTIME; return FUZZTIME; }
+
+/*
+ * This might not work in all cases (and definitely not on Windows
+ * because of the way linkers are) and callees can still get the
+ * current time instead of the fixed time. This will just result
+ * in things not being fully reproducible and have a slightly
+ * different coverage.
+ */
+#if !defined(_WIN32)
+time_t time(time_t *t) TIME_IMPL(t)
+#endif
+
+int FuzzerInitialize(int *argc, char ***argv)
+{
+    STACK_OF(SSL_COMP) *comp_methods;
+
+    OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_ASYNC, NULL);
+    OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
+    ERR_get_state();
+    CRYPTO_free_ex_index(0, -1);
+    idx = SSL_get_ex_data_X509_STORE_CTX_idx();
+    FuzzerSetRand();
+    comp_methods = SSL_COMP_get_compression_methods();
+    if (comp_methods != NULL)
+        sk_SSL_COMP_sort(comp_methods);
+
+    return 1;
+}
+
+int FuzzerTestOneInput(const uint8_t *buf, size_t len)
+{
+    SSL *server;
+    BIO *in;
+    BIO *out;
+#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DSA)
+    BIO *bio_buf;
+#endif
+    SSL_CTX *ctx;
+    int ret;
+    RSA *privkey;
+    const uint8_t *bufp;
+    EVP_PKEY *pkey;
+    X509 *cert;
+#ifndef OPENSSL_NO_EC
+    EC_KEY *ecdsakey = NULL;
+#endif
+#ifndef OPENSSL_NO_DSA
+    DSA *dsakey = NULL;
+#endif
+    uint8_t opt;
+
+    if (len < 2)
+        return 0;
+
+    /*
+     * TODO: use the ossltest engine (optionally?) to disable crypto checks.
+     */
+
+    /* This only fuzzes the initial flow from the client so far. */
+    ctx = SSL_CTX_new(SSLv23_method());
+
+    ret = SSL_CTX_set_min_proto_version(ctx, 0);
+    OPENSSL_assert(ret == 1);
+    ret = SSL_CTX_set_cipher_list(ctx, "ALL:eNULL:@SECLEVEL=0");
+    OPENSSL_assert(ret == 1);
+
+    /* RSA */
+    bufp = kRSAPrivateKeyDER;
+    privkey = d2i_RSAPrivateKey(NULL, &bufp, sizeof(kRSAPrivateKeyDER));
+    OPENSSL_assert(privkey != NULL);
+    pkey = EVP_PKEY_new();
+    EVP_PKEY_assign_RSA(pkey, privkey);
+    ret = SSL_CTX_use_PrivateKey(ctx, pkey);
+    OPENSSL_assert(ret == 1);
+    EVP_PKEY_free(pkey);
+
+    bufp = kCertificateDER;
+    cert = d2i_X509(NULL, &bufp, sizeof(kCertificateDER));
+    OPENSSL_assert(cert != NULL);
+    ret = SSL_CTX_use_certificate(ctx, cert);
+    OPENSSL_assert(ret == 1);
+    X509_free(cert);
+
+#ifndef OPENSSL_NO_EC
+    /* ECDSA */
+    bio_buf = BIO_new(BIO_s_mem());
+    OPENSSL_assert((size_t)BIO_write(bio_buf, ECDSAPrivateKeyPEM, sizeof(ECDSAPrivateKeyPEM)) == sizeof(ECDSAPrivateKeyPEM));
+    ecdsakey = PEM_read_bio_ECPrivateKey(bio_buf, NULL, NULL, NULL);
+    ERR_print_errors_fp(stderr);
+    OPENSSL_assert(ecdsakey != NULL);
+    BIO_free(bio_buf);
+    pkey = EVP_PKEY_new();
+    EVP_PKEY_assign_EC_KEY(pkey, ecdsakey);
+    ret = SSL_CTX_use_PrivateKey(ctx, pkey);
+    OPENSSL_assert(ret == 1);
+    EVP_PKEY_free(pkey);
+
+    bio_buf = BIO_new(BIO_s_mem());
+    OPENSSL_assert((size_t)BIO_write(bio_buf, ECDSACertPEM, sizeof(ECDSACertPEM)) == sizeof(ECDSACertPEM));
+    cert = PEM_read_bio_X509(bio_buf, NULL, NULL, NULL);
+    OPENSSL_assert(cert != NULL);
+    BIO_free(bio_buf);
+    ret = SSL_CTX_use_certificate(ctx, cert);
+    OPENSSL_assert(ret == 1);
+    X509_free(cert);
+#endif
+
+#ifndef OPENSSL_NO_DSA
+    /* DSA */
+    bio_buf = BIO_new(BIO_s_mem());
+    OPENSSL_assert((size_t)BIO_write(bio_buf, DSAPrivateKeyPEM, sizeof(DSAPrivateKeyPEM)) == sizeof(DSAPrivateKeyPEM));
+    dsakey = PEM_read_bio_DSAPrivateKey(bio_buf, NULL, NULL, NULL);
+    ERR_print_errors_fp(stderr);
+    OPENSSL_assert(dsakey != NULL);
+    BIO_free(bio_buf);
+    pkey = EVP_PKEY_new();
+    EVP_PKEY_assign_DSA(pkey, dsakey);
+    ret = SSL_CTX_use_PrivateKey(ctx, pkey);
+    OPENSSL_assert(ret == 1);
+    EVP_PKEY_free(pkey);
+
+    bio_buf = BIO_new(BIO_s_mem());
+    OPENSSL_assert((size_t)BIO_write(bio_buf, DSACertPEM, sizeof(DSACertPEM)) == sizeof(DSACertPEM));
+    cert = PEM_read_bio_X509(bio_buf, NULL, NULL, NULL);
+    OPENSSL_assert(cert != NULL);
+    BIO_free(bio_buf);
+    ret = SSL_CTX_use_certificate(ctx, cert);
+    OPENSSL_assert(ret == 1);
+    X509_free(cert);
+#endif
+
+    /* TODO: Set up support for SRP and PSK */
+
+    server = SSL_new(ctx);
+    in = BIO_new(BIO_s_mem());
+    out = BIO_new(BIO_s_mem());
+    SSL_set_bio(server, in, out);
+    SSL_set_accept_state(server);
+
+    opt = (uint8_t)buf[len-1];
+    len--;
+
+    OPENSSL_assert((size_t)BIO_write(in, buf, len) == len);
+
+    if ((opt & 0x01) != 0)
+    {
+        do {
+            char early_buf[16384];
+            size_t early_len;
+            ret = SSL_read_early_data(server, early_buf, sizeof(early_buf), &early_len);
+
+            if (ret != SSL_READ_EARLY_DATA_SUCCESS)
+                break;
+        } while (1);
+    }
+
+    if (SSL_do_handshake(server) == 1) {
+        /* Keep reading application data until error or EOF. */
+        uint8_t tmp[1024];
+        for (;;) {
+            if (SSL_read(server, tmp, sizeof(tmp)) <= 0) {
+                break;
+            }
+        }
+    }
+    SSL_free(server);
+    ERR_clear_error();
+    SSL_CTX_free(ctx);
+
+    return 0;
+}
+
+void FuzzerCleanup(void)
+{
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/fuzz/test-corpus.c b/trunk/3rdparty/openssl-1.1-fit/fuzz/test-corpus.c
new file mode 100644
index 000000000..86be5337e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/fuzz/test-corpus.c
@@ -0,0 +1,104 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+/*
+ * Given a list of files, run each of them through the fuzzer.  Note that
+ * failure will be indicated by some kind of crash. Switching on things like
+ * asan improves the test.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/stat.h>
+#include <openssl/crypto.h>
+#include "fuzzer.h"
+#include "internal/o_dir.h"
+
+#if defined(_WIN32) && defined(_MAX_PATH)
+# define PATH_MAX _MAX_PATH
+#endif
+
+#ifndef PATH_MAX
+# define PATH_MAX 4096
+#endif
+
+# if !defined(S_ISREG)
+#   define S_ISREG(m) ((m) & S_IFREG)
+# endif
+
+static void testfile(const char *pathname)
+{
+    struct stat st;
+    FILE *f;
+    unsigned char *buf;
+    size_t s;
+
+    if (stat(pathname, &st) < 0 || !S_ISREG(st.st_mode))
+        return;
+    printf("# %s\n", pathname);
+    fflush(stdout);
+    f = fopen(pathname, "rb");
+    if (f == NULL)
+        return;
+    buf = malloc(st.st_size);
+    if (buf != NULL) {
+        s = fread(buf, 1, st.st_size, f);
+        OPENSSL_assert(s == (size_t)st.st_size);
+        FuzzerTestOneInput(buf, s);
+        free(buf);
+    }
+    fclose(f);
+}
+
+int main(int argc, char **argv) {
+    int n;
+
+    FuzzerInitialize(&argc, &argv);
+
+    for (n = 1; n < argc; ++n) {
+        size_t dirname_len = strlen(argv[n]);
+        const char *filename = NULL;
+        char *pathname = NULL;
+        OPENSSL_DIR_CTX *ctx = NULL;
+        int wasdir = 0;
+
+        /*
+         * We start with trying to read the given path as a directory.
+         */
+        while ((filename = OPENSSL_DIR_read(&ctx, argv[n])) != NULL) {
+            wasdir = 1;
+            if (pathname == NULL) {
+                pathname = malloc(PATH_MAX);
+                if (pathname == NULL)
+                    break;
+                strcpy(pathname, argv[n]);
+#ifdef __VMS
+                if (strchr(":<]", pathname[dirname_len - 1]) == NULL)
+#endif
+                    pathname[dirname_len++] = '/';
+                pathname[dirname_len] = '\0';
+            }
+            strcpy(pathname + dirname_len, filename);
+            testfile(pathname);
+        }
+        OPENSSL_DIR_end(&ctx);
+
+        /* If it wasn't a directory, treat it as a file instead */
+        if (!wasdir)
+            testfile(argv[n]);
+
+        free(pathname);
+    }
+
+    FuzzerCleanup();
+
+    return 0;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/fuzz/x509.c b/trunk/3rdparty/openssl-1.1-fit/fuzz/x509.c
new file mode 100644
index 000000000..926287da4
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/fuzz/x509.c
@@ -0,0 +1,51 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+#include <openssl/x509.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#include "fuzzer.h"
+
+#include "rand.inc"
+
+int FuzzerInitialize(int *argc, char ***argv)
+{
+    OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+    ERR_get_state();
+    CRYPTO_free_ex_index(0, -1);
+    FuzzerSetRand();
+    return 1;
+}
+
+int FuzzerTestOneInput(const uint8_t *buf, size_t len)
+{
+    const unsigned char *p = buf;
+    unsigned char *der = NULL;
+
+    X509 *x509 = d2i_X509(NULL, &p, len);
+    if (x509 != NULL) {
+        BIO *bio = BIO_new(BIO_s_null());
+        /* This will load and print the public key as well as extensions */
+        X509_print(bio, x509);
+        BIO_free(bio);
+
+        i2d_X509(x509, &der);
+        OPENSSL_free(der);
+
+        X509_free(x509);
+    }
+    ERR_clear_error();
+    return 0;
+}
+
+void FuzzerCleanup(void)
+{
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/internal/__DECC_INCLUDE_EPILOGUE.H b/trunk/3rdparty/openssl-1.1-fit/include/internal/__DECC_INCLUDE_EPILOGUE.H
new file mode 100644
index 000000000..c350018ad
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/internal/__DECC_INCLUDE_EPILOGUE.H
@@ -0,0 +1,16 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This file is only used by HP C on VMS, and is included automatically
+ * after each header file from this directory
+ */
+
+/* restore state.  Must correspond to the save in __decc_include_prologue.h */
+#pragma names restore
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/internal/__DECC_INCLUDE_PROLOGUE.H b/trunk/3rdparty/openssl-1.1-fit/include/internal/__DECC_INCLUDE_PROLOGUE.H
new file mode 100644
index 000000000..9a9c777f9
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/internal/__DECC_INCLUDE_PROLOGUE.H
@@ -0,0 +1,20 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This file is only used by HP C on VMS, and is included automatically
+ * after each header file from this directory
+ */
+
+/* save state */
+#pragma names save
+/* have the compiler shorten symbols larger than 31 chars to 23 chars
+ * followed by a 8 hex char CRC
+ */
+#pragma names as_is,shortened
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/internal/bio.h b/trunk/3rdparty/openssl-1.1-fit/include/internal/bio.h
new file mode 100644
index 000000000..c343b2762
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/internal/bio.h
@@ -0,0 +1,33 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/bio.h>
+
+struct bio_method_st {
+    int type;
+    char *name;
+    int (*bwrite) (BIO *, const char *, size_t, size_t *);
+    int (*bwrite_old) (BIO *, const char *, int);
+    int (*bread) (BIO *, char *, size_t, size_t *);
+    int (*bread_old) (BIO *, char *, int);
+    int (*bputs) (BIO *, const char *);
+    int (*bgets) (BIO *, char *, int);
+    long (*ctrl) (BIO *, int, long, void *);
+    int (*create) (BIO *);
+    int (*destroy) (BIO *);
+    long (*callback_ctrl) (BIO *, int, BIO_info_cb *);
+};
+
+void bio_free_ex_data(BIO *bio);
+void bio_cleanup(void);
+
+
+/* Old style to new style BIO_METHOD conversion functions */
+int bwrite_conv(BIO *bio, const char *data, size_t datal, size_t *written);
+int bread_conv(BIO *bio, char *data, size_t datal, size_t *read);
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/internal/comp.h b/trunk/3rdparty/openssl-1.1-fit/include/internal/comp.h
new file mode 100644
index 000000000..ac6e38b47
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/internal/comp.h
@@ -0,0 +1,12 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/comp.h>
+
+void comp_zlib_cleanup_int(void);
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/internal/conf.h b/trunk/3rdparty/openssl-1.1-fit/include/internal/conf.h
new file mode 100644
index 000000000..29bc9f963
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/internal/conf.h
@@ -0,0 +1,30 @@
+/*
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_INTERNAL_CONF_H
+# define HEADER_INTERNAL_CONF_H
+
+#include <openssl/conf.h>
+
+#define DEFAULT_CONF_MFLAGS \
+    (CONF_MFLAGS_DEFAULT_SECTION | \
+     CONF_MFLAGS_IGNORE_MISSING_FILE | \
+     CONF_MFLAGS_IGNORE_RETURN_CODES)
+
+struct ossl_init_settings_st {
+    char *filename;
+    char *appname;
+    unsigned long flags;
+};
+
+int openssl_config_int(const OPENSSL_INIT_SETTINGS *);
+void openssl_no_config_int(void);
+void conf_modules_free_int(void);
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/internal/constant_time_locl.h b/trunk/3rdparty/openssl-1.1-fit/include/internal/constant_time_locl.h
new file mode 100644
index 000000000..cde30f406
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/internal/constant_time_locl.h
@@ -0,0 +1,333 @@
+/*
+ * Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CONSTANT_TIME_LOCL_H
+# define HEADER_CONSTANT_TIME_LOCL_H
+
+# include <stdlib.h>
+# include <string.h>
+# include <openssl/e_os2.h>              /* For 'ossl_inline' */
+
+/*-
+ * The boolean methods return a bitmask of all ones (0xff...f) for true
+ * and 0 for false. This is useful for choosing a value based on the result
+ * of a conditional in constant time. For example,
+ *      if (a < b) {
+ *        c = a;
+ *      } else {
+ *        c = b;
+ *      }
+ * can be written as
+ *      unsigned int lt = constant_time_lt(a, b);
+ *      c = constant_time_select(lt, a, b);
+ */
+
+/* Returns the given value with the MSB copied to all the other bits. */
+static ossl_inline unsigned int constant_time_msb(unsigned int a);
+/* Convenience method for uint32_t. */
+static ossl_inline uint32_t constant_time_msb_32(uint32_t a);
+/* Convenience method for uint64_t. */
+static ossl_inline uint64_t constant_time_msb_64(uint64_t a);
+
+/* Returns 0xff..f if a < b and 0 otherwise. */
+static ossl_inline unsigned int constant_time_lt(unsigned int a,
+                                                 unsigned int b);
+/* Convenience method for getting an 8-bit mask. */
+static ossl_inline unsigned char constant_time_lt_8(unsigned int a,
+                                                    unsigned int b);
+/* Convenience method for uint64_t. */
+static ossl_inline uint64_t constant_time_lt_64(uint64_t a, uint64_t b);
+
+/* Returns 0xff..f if a >= b and 0 otherwise. */
+static ossl_inline unsigned int constant_time_ge(unsigned int a,
+                                                 unsigned int b);
+/* Convenience method for getting an 8-bit mask. */
+static ossl_inline unsigned char constant_time_ge_8(unsigned int a,
+                                                    unsigned int b);
+
+/* Returns 0xff..f if a == 0 and 0 otherwise. */
+static ossl_inline unsigned int constant_time_is_zero(unsigned int a);
+/* Convenience method for getting an 8-bit mask. */
+static ossl_inline unsigned char constant_time_is_zero_8(unsigned int a);
+/* Convenience method for getting a 32-bit mask. */
+static ossl_inline uint32_t constant_time_is_zero_32(uint32_t a);
+
+/* Returns 0xff..f if a == b and 0 otherwise. */
+static ossl_inline unsigned int constant_time_eq(unsigned int a,
+                                                 unsigned int b);
+/* Convenience method for getting an 8-bit mask. */
+static ossl_inline unsigned char constant_time_eq_8(unsigned int a,
+                                                    unsigned int b);
+/* Signed integers. */
+static ossl_inline unsigned int constant_time_eq_int(int a, int b);
+/* Convenience method for getting an 8-bit mask. */
+static ossl_inline unsigned char constant_time_eq_int_8(int a, int b);
+
+/*-
+ * Returns (mask & a) | (~mask & b).
+ *
+ * When |mask| is all 1s or all 0s (as returned by the methods above),
+ * the select methods return either |a| (if |mask| is nonzero) or |b|
+ * (if |mask| is zero).
+ */
+static ossl_inline unsigned int constant_time_select(unsigned int mask,
+                                                     unsigned int a,
+                                                     unsigned int b);
+/* Convenience method for unsigned chars. */
+static ossl_inline unsigned char constant_time_select_8(unsigned char mask,
+                                                        unsigned char a,
+                                                        unsigned char b);
+
+/* Convenience method for uint32_t. */
+static ossl_inline uint32_t constant_time_select_32(uint32_t mask, uint32_t a,
+                                                    uint32_t b);
+
+/* Convenience method for uint64_t. */
+static ossl_inline uint64_t constant_time_select_64(uint64_t mask, uint64_t a,
+                                                    uint64_t b);
+/* Convenience method for signed integers. */
+static ossl_inline int constant_time_select_int(unsigned int mask, int a,
+                                                int b);
+
+
+static ossl_inline unsigned int constant_time_msb(unsigned int a)
+{
+    return 0 - (a >> (sizeof(a) * 8 - 1));
+}
+
+
+static ossl_inline uint32_t constant_time_msb_32(uint32_t a)
+{
+    return 0 - (a >> 31);
+}
+
+static ossl_inline uint64_t constant_time_msb_64(uint64_t a)
+{
+    return 0 - (a >> 63);
+}
+
+static ossl_inline size_t constant_time_msb_s(size_t a)
+{
+    return 0 - (a >> (sizeof(a) * 8 - 1));
+}
+
+static ossl_inline unsigned int constant_time_lt(unsigned int a,
+                                                 unsigned int b)
+{
+    return constant_time_msb(a ^ ((a ^ b) | ((a - b) ^ b)));
+}
+
+static ossl_inline size_t constant_time_lt_s(size_t a, size_t b)
+{
+    return constant_time_msb_s(a ^ ((a ^ b) | ((a - b) ^ b)));
+}
+
+static ossl_inline unsigned char constant_time_lt_8(unsigned int a,
+                                                    unsigned int b)
+{
+    return (unsigned char)constant_time_lt(a, b);
+}
+
+static ossl_inline uint64_t constant_time_lt_64(uint64_t a, uint64_t b)
+{
+    return constant_time_msb_64(a ^ ((a ^ b) | ((a - b) ^ b)));
+}
+
+static ossl_inline unsigned int constant_time_ge(unsigned int a,
+                                                 unsigned int b)
+{
+    return ~constant_time_lt(a, b);
+}
+
+static ossl_inline size_t constant_time_ge_s(size_t a, size_t b)
+{
+    return ~constant_time_lt_s(a, b);
+}
+
+static ossl_inline unsigned char constant_time_ge_8(unsigned int a,
+                                                    unsigned int b)
+{
+    return (unsigned char)constant_time_ge(a, b);
+}
+
+static ossl_inline unsigned char constant_time_ge_8_s(size_t a, size_t b)
+{
+    return (unsigned char)constant_time_ge_s(a, b);
+}
+
+static ossl_inline unsigned int constant_time_is_zero(unsigned int a)
+{
+    return constant_time_msb(~a & (a - 1));
+}
+
+static ossl_inline size_t constant_time_is_zero_s(size_t a)
+{
+    return constant_time_msb_s(~a & (a - 1));
+}
+
+static ossl_inline unsigned char constant_time_is_zero_8(unsigned int a)
+{
+    return (unsigned char)constant_time_is_zero(a);
+}
+
+static ossl_inline uint32_t constant_time_is_zero_32(uint32_t a)
+{
+    return constant_time_msb_32(~a & (a - 1));
+}
+
+static ossl_inline unsigned int constant_time_eq(unsigned int a,
+                                                 unsigned int b)
+{
+    return constant_time_is_zero(a ^ b);
+}
+
+static ossl_inline size_t constant_time_eq_s(size_t a, size_t b)
+{
+    return constant_time_is_zero_s(a ^ b);
+}
+
+static ossl_inline unsigned char constant_time_eq_8(unsigned int a,
+                                                    unsigned int b)
+{
+    return (unsigned char)constant_time_eq(a, b);
+}
+
+static ossl_inline unsigned char constant_time_eq_8_s(size_t a, size_t b)
+{
+    return (unsigned char)constant_time_eq_s(a, b);
+}
+
+static ossl_inline unsigned int constant_time_eq_int(int a, int b)
+{
+    return constant_time_eq((unsigned)(a), (unsigned)(b));
+}
+
+static ossl_inline unsigned char constant_time_eq_int_8(int a, int b)
+{
+    return constant_time_eq_8((unsigned)(a), (unsigned)(b));
+}
+
+static ossl_inline unsigned int constant_time_select(unsigned int mask,
+                                                     unsigned int a,
+                                                     unsigned int b)
+{
+    return (mask & a) | (~mask & b);
+}
+
+static ossl_inline size_t constant_time_select_s(size_t mask,
+                                                 size_t a,
+                                                 size_t b)
+{
+    return (mask & a) | (~mask & b);
+}
+
+static ossl_inline unsigned char constant_time_select_8(unsigned char mask,
+                                                        unsigned char a,
+                                                        unsigned char b)
+{
+    return (unsigned char)constant_time_select(mask, a, b);
+}
+
+static ossl_inline int constant_time_select_int(unsigned int mask, int a,
+                                                int b)
+{
+    return (int)constant_time_select(mask, (unsigned)(a), (unsigned)(b));
+}
+
+static ossl_inline int constant_time_select_int_s(size_t mask, int a, int b)
+{
+    return (int)constant_time_select((unsigned)mask, (unsigned)(a),
+                                      (unsigned)(b));
+}
+
+static ossl_inline uint32_t constant_time_select_32(uint32_t mask, uint32_t a,
+                                                    uint32_t b)
+{
+    return (mask & a) | (~mask & b);
+}
+
+static ossl_inline uint64_t constant_time_select_64(uint64_t mask, uint64_t a,
+                                                    uint64_t b)
+{
+    return (mask & a) | (~mask & b);
+}
+
+/*
+ * mask must be 0xFFFFFFFF or 0x00000000.
+ *
+ * if (mask) {
+ *     uint32_t tmp = *a;
+ *
+ *     *a = *b;
+ *     *b = tmp;
+ * }
+ */
+static ossl_inline void constant_time_cond_swap_32(uint32_t mask, uint32_t *a,
+                                                   uint32_t *b)
+{
+    uint32_t xor = *a ^ *b;
+
+    xor &= mask;
+    *a ^= xor;
+    *b ^= xor;
+}
+
+/*
+ * mask must be 0xFFFFFFFF or 0x00000000.
+ *
+ * if (mask) {
+ *     uint64_t tmp = *a;
+ *
+ *     *a = *b;
+ *     *b = tmp;
+ * }
+ */
+static ossl_inline void constant_time_cond_swap_64(uint64_t mask, uint64_t *a,
+                                                   uint64_t *b)
+{
+    uint64_t xor = *a ^ *b;
+
+    xor &= mask;
+    *a ^= xor;
+    *b ^= xor;
+}
+
+/*
+ * table is a two dimensional array of bytes. Each row has rowsize elements.
+ * Copies row number idx into out. rowsize and numrows are not considered
+ * private.
+ */
+static ossl_inline void constant_time_lookup(void *out,
+                                             const void *table,
+                                             size_t rowsize,
+                                             size_t numrows,
+                                             size_t idx)
+{
+    size_t i, j;
+    const unsigned char *tablec = (const unsigned char *)table;
+    unsigned char *outc = (unsigned char *)out;
+    unsigned char mask;
+
+    memset(out, 0, rowsize);
+
+    /* Note idx may underflow - but that is well defined */
+    for (i = 0; i < numrows; i++, idx--) {
+        mask = (unsigned char)constant_time_is_zero_s(idx);
+        for (j = 0; j < rowsize; j++)
+            *(outc + j) |= constant_time_select_8(mask, *(tablec++), 0);
+    }
+}
+
+/*
+ * Expected usage pattern is to unconditionally set error and then
+ * wipe it if there was no actual error. |clear| is 1 or 0.
+ */
+void err_clear_last_constant_time(int clear);
+
+#endif                          /* HEADER_CONSTANT_TIME_LOCL_H */
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/internal/cryptlib.h b/trunk/3rdparty/openssl-1.1-fit/include/internal/cryptlib.h
new file mode 100644
index 000000000..b4d76d5f2
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/internal/cryptlib.h
@@ -0,0 +1,98 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CRYPTLIB_H
+# define HEADER_CRYPTLIB_H
+
+# include <stdlib.h>
+# include <string.h>
+
+# ifdef OPENSSL_USE_APPLINK
+#  undef BIO_FLAGS_UPLINK
+#  define BIO_FLAGS_UPLINK 0x8000
+#  include "ms/uplink.h"
+# endif
+
+# include <openssl/crypto.h>
+# include <openssl/buffer.h>
+# include <openssl/bio.h>
+# include <openssl/err.h>
+# include "internal/nelem.h"
+
+#ifdef NDEBUG
+# define ossl_assert(x) ((x) != 0)
+#else
+__owur static ossl_inline int ossl_assert_int(int expr, const char *exprstr,
+                                              const char *file, int line)
+{
+    if (!expr)
+        OPENSSL_die(exprstr, file, line);
+
+    return expr;
+}
+
+# define ossl_assert(x) ossl_assert_int((x) != 0, "Assertion failed: "#x, \
+                                         __FILE__, __LINE__)
+
+#endif
+
+typedef struct ex_callback_st EX_CALLBACK;
+
+DEFINE_STACK_OF(EX_CALLBACK)
+
+typedef struct app_mem_info_st APP_INFO;
+
+typedef struct mem_st MEM;
+DEFINE_LHASH_OF(MEM);
+
+# define OPENSSL_CONF             "openssl.cnf"
+
+# ifndef OPENSSL_SYS_VMS
+#  define X509_CERT_AREA          OPENSSLDIR
+#  define X509_CERT_DIR           OPENSSLDIR "/certs"
+#  define X509_CERT_FILE          OPENSSLDIR "/cert.pem"
+#  define X509_PRIVATE_DIR        OPENSSLDIR "/private"
+#  define CTLOG_FILE              OPENSSLDIR "/ct_log_list.cnf"
+# else
+#  define X509_CERT_AREA          "OSSL$DATAROOT:[000000]"
+#  define X509_CERT_DIR           "OSSL$DATAROOT:[CERTS]"
+#  define X509_CERT_FILE          "OSSL$DATAROOT:[000000]cert.pem"
+#  define X509_PRIVATE_DIR        "OSSL$DATAROOT:[PRIVATE]"
+#  define CTLOG_FILE              "OSSL$DATAROOT:[000000]ct_log_list.cnf"
+# endif
+
+# define X509_CERT_DIR_EVP        "SSL_CERT_DIR"
+# define X509_CERT_FILE_EVP       "SSL_CERT_FILE"
+# define CTLOG_FILE_EVP           "CTLOG_FILE"
+
+/* size of string representations */
+# define DECIMAL_SIZE(type)      ((sizeof(type)*8+2)/3+1)
+# define HEX_SIZE(type)          (sizeof(type)*2)
+
+void OPENSSL_cpuid_setup(void);
+extern unsigned int OPENSSL_ia32cap_P[];
+void OPENSSL_showfatal(const char *fmta, ...);
+void crypto_cleanup_all_ex_data_int(void);
+int openssl_init_fork_handlers(void);
+
+char *ossl_safe_getenv(const char *name);
+
+extern CRYPTO_RWLOCK *memdbg_lock;
+int openssl_strerror_r(int errnum, char *buf, size_t buflen);
+# if !defined(OPENSSL_NO_STDIO)
+FILE *openssl_fopen(const char *filename, const char *mode);
+# else
+void *openssl_fopen(const char *filename, const char *mode);
+# endif
+
+uint32_t OPENSSL_rdtsc(void);
+size_t OPENSSL_instrument_bus(unsigned int *, size_t);
+size_t OPENSSL_instrument_bus2(unsigned int *, size_t, size_t);
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/internal/dane.h b/trunk/3rdparty/openssl-1.1-fit/include/internal/dane.h
new file mode 100644
index 000000000..a1cb5488b
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/internal/dane.h
@@ -0,0 +1,103 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_INTERNAL_DANE_H
+#define HEADER_INTERNAL_DANE_H
+
+#include <openssl/safestack.h>
+
+/*-
+ * Certificate usages:
+ * https://tools.ietf.org/html/rfc6698#section-2.1.1
+ */
+#define DANETLS_USAGE_PKIX_TA   0
+#define DANETLS_USAGE_PKIX_EE   1
+#define DANETLS_USAGE_DANE_TA   2
+#define DANETLS_USAGE_DANE_EE   3
+#define DANETLS_USAGE_LAST      DANETLS_USAGE_DANE_EE
+
+/*-
+ * Selectors:
+ * https://tools.ietf.org/html/rfc6698#section-2.1.2
+ */
+#define DANETLS_SELECTOR_CERT   0
+#define DANETLS_SELECTOR_SPKI   1
+#define DANETLS_SELECTOR_LAST   DANETLS_SELECTOR_SPKI
+
+/*-
+ * Matching types:
+ * https://tools.ietf.org/html/rfc6698#section-2.1.3
+ */
+#define DANETLS_MATCHING_FULL   0
+#define DANETLS_MATCHING_2256   1
+#define DANETLS_MATCHING_2512   2
+#define DANETLS_MATCHING_LAST   DANETLS_MATCHING_2512
+
+typedef struct danetls_record_st {
+    uint8_t usage;
+    uint8_t selector;
+    uint8_t mtype;
+    unsigned char *data;
+    size_t dlen;
+    EVP_PKEY *spki;
+} danetls_record;
+
+DEFINE_STACK_OF(danetls_record)
+
+/*
+ * Shared DANE context
+ */
+struct dane_ctx_st {
+    const EVP_MD  **mdevp;      /* mtype -> digest */
+    uint8_t        *mdord;      /* mtype -> preference */
+    uint8_t         mdmax;      /* highest supported mtype */
+    unsigned long   flags;      /* feature bitmask */
+};
+
+/*
+ * Per connection DANE state
+ */
+struct ssl_dane_st {
+    struct dane_ctx_st *dctx;
+    STACK_OF(danetls_record) *trecs;
+    STACK_OF(X509) *certs;      /* DANE-TA(2) Cert(0) Full(0) certs */
+    danetls_record *mtlsa;      /* Matching TLSA record */
+    X509           *mcert;      /* DANE matched cert */
+    uint32_t        umask;      /* Usages present */
+    int             mdpth;      /* Depth of matched cert */
+    int             pdpth;      /* Depth of PKIX trust */
+    unsigned long   flags;      /* feature bitmask */
+};
+
+#define DANETLS_ENABLED(dane)  \
+    ((dane) != NULL && sk_danetls_record_num((dane)->trecs) > 0)
+
+#define DANETLS_USAGE_BIT(u)   (((uint32_t)1) << u)
+
+#define DANETLS_PKIX_TA_MASK (DANETLS_USAGE_BIT(DANETLS_USAGE_PKIX_TA))
+#define DANETLS_PKIX_EE_MASK (DANETLS_USAGE_BIT(DANETLS_USAGE_PKIX_EE))
+#define DANETLS_DANE_TA_MASK (DANETLS_USAGE_BIT(DANETLS_USAGE_DANE_TA))
+#define DANETLS_DANE_EE_MASK (DANETLS_USAGE_BIT(DANETLS_USAGE_DANE_EE))
+
+#define DANETLS_PKIX_MASK (DANETLS_PKIX_TA_MASK | DANETLS_PKIX_EE_MASK)
+#define DANETLS_DANE_MASK (DANETLS_DANE_TA_MASK | DANETLS_DANE_EE_MASK)
+#define DANETLS_TA_MASK (DANETLS_PKIX_TA_MASK | DANETLS_DANE_TA_MASK)
+#define DANETLS_EE_MASK (DANETLS_PKIX_EE_MASK | DANETLS_DANE_EE_MASK)
+
+#define DANETLS_HAS_PKIX(dane) ((dane) && ((dane)->umask & DANETLS_PKIX_MASK))
+#define DANETLS_HAS_DANE(dane) ((dane) && ((dane)->umask & DANETLS_DANE_MASK))
+#define DANETLS_HAS_TA(dane)   ((dane) && ((dane)->umask & DANETLS_TA_MASK))
+#define DANETLS_HAS_EE(dane)   ((dane) && ((dane)->umask & DANETLS_EE_MASK))
+
+#define DANETLS_HAS_PKIX_TA(dane) ((dane)&&((dane)->umask & DANETLS_PKIX_TA_MASK))
+#define DANETLS_HAS_PKIX_EE(dane) ((dane)&&((dane)->umask & DANETLS_PKIX_EE_MASK))
+#define DANETLS_HAS_DANE_TA(dane) ((dane)&&((dane)->umask & DANETLS_DANE_TA_MASK))
+#define DANETLS_HAS_DANE_EE(dane) ((dane)&&((dane)->umask & DANETLS_DANE_EE_MASK))
+
+#endif /* HEADER_INTERNAL_DANE_H */
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/internal/dso.h b/trunk/3rdparty/openssl-1.1-fit/include/internal/dso.h
new file mode 100644
index 000000000..eb5f7d53c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/internal/dso.h
@@ -0,0 +1,165 @@
+/*
+ * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_DSO_H
+# define HEADER_DSO_H
+
+# include <openssl/crypto.h>
+# include "internal/dsoerr.h"
+
+/* These values are used as commands to DSO_ctrl() */
+# define DSO_CTRL_GET_FLAGS      1
+# define DSO_CTRL_SET_FLAGS      2
+# define DSO_CTRL_OR_FLAGS       3
+
+/*
+ * By default, DSO_load() will translate the provided filename into a form
+ * typical for the platform using the dso_name_converter function of the
+ * method. Eg. win32 will transform "blah" into "blah.dll", and dlfcn will
+ * transform it into "libblah.so". This callback could even utilise the
+ * DSO_METHOD's converter too if it only wants to override behaviour for
+ * one or two possible DSO methods. However, the following flag can be
+ * set in a DSO to prevent *any* native name-translation at all - eg. if
+ * the caller has prompted the user for a path to a driver library so the
+ * filename should be interpreted as-is.
+ */
+# define DSO_FLAG_NO_NAME_TRANSLATION            0x01
+/*
+ * An extra flag to give if only the extension should be added as
+ * translation.  This is obviously only of importance on Unix and other
+ * operating systems where the translation also may prefix the name with
+ * something, like 'lib', and ignored everywhere else. This flag is also
+ * ignored if DSO_FLAG_NO_NAME_TRANSLATION is used at the same time.
+ */
+# define DSO_FLAG_NAME_TRANSLATION_EXT_ONLY      0x02
+
+/*
+ * Don't unload the DSO when we call DSO_free()
+ */
+# define DSO_FLAG_NO_UNLOAD_ON_FREE              0x04
+
+/*
+ * This flag loads the library with public symbols. Meaning: The exported
+ * symbols of this library are public to all libraries loaded after this
+ * library. At the moment only implemented in unix.
+ */
+# define DSO_FLAG_GLOBAL_SYMBOLS                 0x20
+
+typedef void (*DSO_FUNC_TYPE) (void);
+
+typedef struct dso_st DSO;
+typedef struct dso_meth_st DSO_METHOD;
+
+/*
+ * The function prototype used for method functions (or caller-provided
+ * callbacks) that transform filenames. They are passed a DSO structure
+ * pointer (or NULL if they are to be used independently of a DSO object) and
+ * a filename to transform. They should either return NULL (if there is an
+ * error condition) or a newly allocated string containing the transformed
+ * form that the caller will need to free with OPENSSL_free() when done.
+ */
+typedef char *(*DSO_NAME_CONVERTER_FUNC)(DSO *, const char *);
+/*
+ * The function prototype used for method functions (or caller-provided
+ * callbacks) that merge two file specifications. They are passed a DSO
+ * structure pointer (or NULL if they are to be used independently of a DSO
+ * object) and two file specifications to merge. They should either return
+ * NULL (if there is an error condition) or a newly allocated string
+ * containing the result of merging that the caller will need to free with
+ * OPENSSL_free() when done. Here, merging means that bits and pieces are
+ * taken from each of the file specifications and added together in whatever
+ * fashion that is sensible for the DSO method in question.  The only rule
+ * that really applies is that if the two specification contain pieces of the
+ * same type, the copy from the first string takes priority.  One could see
+ * it as the first specification is the one given by the user and the second
+ * being a bunch of defaults to add on if they're missing in the first.
+ */
+typedef char *(*DSO_MERGER_FUNC)(DSO *, const char *, const char *);
+
+DSO *DSO_new(void);
+int DSO_free(DSO *dso);
+int DSO_flags(DSO *dso);
+int DSO_up_ref(DSO *dso);
+long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg);
+
+/*
+ * These functions can be used to get/set the platform-independent filename
+ * used for a DSO. NB: set will fail if the DSO is already loaded.
+ */
+const char *DSO_get_filename(DSO *dso);
+int DSO_set_filename(DSO *dso, const char *filename);
+/*
+ * This function will invoke the DSO's name_converter callback to translate a
+ * filename, or if the callback isn't set it will instead use the DSO_METHOD's
+ * converter. If "filename" is NULL, the "filename" in the DSO itself will be
+ * used. If the DSO_FLAG_NO_NAME_TRANSLATION flag is set, then the filename is
+ * simply duplicated. NB: This function is usually called from within a
+ * DSO_METHOD during the processing of a DSO_load() call, and is exposed so
+ * that caller-created DSO_METHODs can do the same thing. A non-NULL return
+ * value will need to be OPENSSL_free()'d.
+ */
+char *DSO_convert_filename(DSO *dso, const char *filename);
+/*
+ * This function will invoke the DSO's merger callback to merge two file
+ * specifications, or if the callback isn't set it will instead use the
+ * DSO_METHOD's merger.  A non-NULL return value will need to be
+ * OPENSSL_free()'d.
+ */
+char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2);
+
+/*
+ * The all-singing all-dancing load function, you normally pass NULL for the
+ * first and third parameters. Use DSO_up_ref and DSO_free for subsequent
+ * reference count handling. Any flags passed in will be set in the
+ * constructed DSO after its init() function but before the load operation.
+ * If 'dso' is non-NULL, 'flags' is ignored.
+ */
+DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags);
+
+/* This function binds to a function inside a shared library. */
+DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname);
+
+/*
+ * This method is the default, but will beg, borrow, or steal whatever method
+ * should be the default on any particular platform (including
+ * DSO_METH_null() if necessary).
+ */
+DSO_METHOD *DSO_METHOD_openssl(void);
+
+/*
+ * This function writes null-terminated pathname of DSO module containing
+ * 'addr' into 'sz' large caller-provided 'path' and returns the number of
+ * characters [including trailing zero] written to it. If 'sz' is 0 or
+ * negative, 'path' is ignored and required amount of characters [including
+ * trailing zero] to accommodate pathname is returned. If 'addr' is NULL, then
+ * pathname of cryptolib itself is returned. Negative or zero return value
+ * denotes error.
+ */
+int DSO_pathbyaddr(void *addr, char *path, int sz);
+
+/*
+ * Like DSO_pathbyaddr() but instead returns a handle to the DSO for the symbol
+ * or NULL on error.
+ */
+DSO *DSO_dsobyaddr(void *addr, int flags);
+
+/*
+ * This function should be used with caution! It looks up symbols in *all*
+ * loaded modules and if module gets unloaded by somebody else attempt to
+ * dereference the pointer is doomed to have fatal consequences. Primary
+ * usage for this function is to probe *core* system functionality, e.g.
+ * check if getnameinfo(3) is available at run-time without bothering about
+ * OS-specific details such as libc.so.versioning or where does it actually
+ * reside: in libc itself or libsocket.
+ */
+void *DSO_global_lookup(const char *name);
+
+int ERR_load_DSO_strings(void);
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/internal/dsoerr.h b/trunk/3rdparty/openssl-1.1-fit/include/internal/dsoerr.h
new file mode 100644
index 000000000..a54a18545
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/internal/dsoerr.h
@@ -0,0 +1,83 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_DSOERR_H
+# define HEADER_DSOERR_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_DSO
+
+#  ifdef  __cplusplus
+extern "C"
+#  endif
+int ERR_load_DSO_strings(void);
+
+/*
+ * DSO function codes.
+ */
+#  define DSO_F_DLFCN_BIND_FUNC                            100
+#  define DSO_F_DLFCN_LOAD                                 102
+#  define DSO_F_DLFCN_MERGER                               130
+#  define DSO_F_DLFCN_NAME_CONVERTER                       123
+#  define DSO_F_DLFCN_UNLOAD                               103
+#  define DSO_F_DL_BIND_FUNC                               104
+#  define DSO_F_DL_LOAD                                    106
+#  define DSO_F_DL_MERGER                                  131
+#  define DSO_F_DL_NAME_CONVERTER                          124
+#  define DSO_F_DL_UNLOAD                                  107
+#  define DSO_F_DSO_BIND_FUNC                              108
+#  define DSO_F_DSO_CONVERT_FILENAME                       126
+#  define DSO_F_DSO_CTRL                                   110
+#  define DSO_F_DSO_FREE                                   111
+#  define DSO_F_DSO_GET_FILENAME                           127
+#  define DSO_F_DSO_GLOBAL_LOOKUP                          139
+#  define DSO_F_DSO_LOAD                                   112
+#  define DSO_F_DSO_MERGE                                  132
+#  define DSO_F_DSO_NEW_METHOD                             113
+#  define DSO_F_DSO_PATHBYADDR                             105
+#  define DSO_F_DSO_SET_FILENAME                           129
+#  define DSO_F_DSO_UP_REF                                 114
+#  define DSO_F_VMS_BIND_SYM                               115
+#  define DSO_F_VMS_LOAD                                   116
+#  define DSO_F_VMS_MERGER                                 133
+#  define DSO_F_VMS_UNLOAD                                 117
+#  define DSO_F_WIN32_BIND_FUNC                            101
+#  define DSO_F_WIN32_GLOBALLOOKUP                         142
+#  define DSO_F_WIN32_JOINER                               135
+#  define DSO_F_WIN32_LOAD                                 120
+#  define DSO_F_WIN32_MERGER                               134
+#  define DSO_F_WIN32_NAME_CONVERTER                       125
+#  define DSO_F_WIN32_PATHBYADDR                           109
+#  define DSO_F_WIN32_SPLITTER                             136
+#  define DSO_F_WIN32_UNLOAD                               121
+
+/*
+ * DSO reason codes.
+ */
+#  define DSO_R_CTRL_FAILED                                100
+#  define DSO_R_DSO_ALREADY_LOADED                         110
+#  define DSO_R_EMPTY_FILE_STRUCTURE                       113
+#  define DSO_R_FAILURE                                    114
+#  define DSO_R_FILENAME_TOO_BIG                           101
+#  define DSO_R_FINISH_FAILED                              102
+#  define DSO_R_INCORRECT_FILE_SYNTAX                      115
+#  define DSO_R_LOAD_FAILED                                103
+#  define DSO_R_NAME_TRANSLATION_FAILED                    109
+#  define DSO_R_NO_FILENAME                                111
+#  define DSO_R_NULL_HANDLE                                104
+#  define DSO_R_SET_FILENAME_FAILED                        112
+#  define DSO_R_STACK_ERROR                                105
+#  define DSO_R_SYM_FAILURE                                106
+#  define DSO_R_UNLOAD_FAILED                              107
+#  define DSO_R_UNSUPPORTED                                108
+
+# endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/internal/err.h b/trunk/3rdparty/openssl-1.1-fit/include/internal/err.h
new file mode 100644
index 000000000..d46b8bdb2
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/internal/err.h
@@ -0,0 +1,15 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef INTERNAL_ERR_H
+# define INTERNAL_ERR_H
+
+void err_free_strings_int(void);
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/internal/nelem.h b/trunk/3rdparty/openssl-1.1-fit/include/internal/nelem.h
new file mode 100644
index 000000000..d65a21a9f
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/internal/nelem.h
@@ -0,0 +1,14 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_NELEM_H
+# define HEADER_NELEM_H
+
+# define OSSL_NELEM(x)    (sizeof(x)/sizeof((x)[0]))
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/internal/numbers.h b/trunk/3rdparty/openssl-1.1-fit/include/internal/numbers.h
new file mode 100644
index 000000000..31931df3c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/internal/numbers.h
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_NUMBERS_H
+# define HEADER_NUMBERS_H
+
+# include <limits.h>
+
+# if (-1 & 3) == 0x03		/* Two's complement */
+
+#  define __MAXUINT__(T) ((T) -1)
+#  define __MAXINT__(T) ((T) ((((T) 1) << ((sizeof(T) * CHAR_BIT) - 1)) ^ __MAXUINT__(T)))
+#  define __MININT__(T) (-__MAXINT__(T) - 1)
+
+# elif (-1 & 3) == 0x02		/* One's complement */
+
+#  define __MAXUINT__(T) (((T) -1) + 1)
+#  define __MAXINT__(T) ((T) ((((T) 1) << ((sizeof(T) * CHAR_BIT) - 1)) ^ __MAXUINT__(T)))
+#  define __MININT__(T) (-__MAXINT__(T))
+
+# elif (-1 & 3) == 0x01		/* Sign/magnitude */
+
+#  define __MAXINT__(T) ((T) (((((T) 1) << ((sizeof(T) * CHAR_BIT) - 2)) - 1) | (((T) 1) << ((sizeof(T) * CHAR_BIT) - 2))))
+#  define __MAXUINT__(T) ((T) (__MAXINT__(T) | (((T) 1) << ((sizeof(T) * CHAR_BIT) - 1))))
+#  define __MININT__(T) (-__MAXINT__(T))
+
+# else
+
+#  error "do not know the integer encoding on this architecture"
+
+# endif
+
+# ifndef INT8_MAX
+#  define INT8_MIN __MININT__(int8_t)
+#  define INT8_MAX __MAXINT__(int8_t)
+#  define UINT8_MAX __MAXUINT__(uint8_t)
+# endif
+
+# ifndef INT16_MAX
+#  define INT16_MIN __MININT__(int16_t)
+#  define INT16_MAX __MAXINT__(int16_t)
+#  define UINT16_MAX __MAXUINT__(uint16_t)
+# endif
+
+# ifndef INT32_MAX
+#  define INT32_MIN __MININT__(int32_t)
+#  define INT32_MAX __MAXINT__(int32_t)
+#  define UINT32_MAX __MAXUINT__(uint32_t)
+# endif
+
+# ifndef INT64_MAX
+#  define INT64_MIN __MININT__(int64_t)
+#  define INT64_MAX __MAXINT__(int64_t)
+#  define UINT64_MAX __MAXUINT__(uint64_t)
+# endif
+
+# ifndef SIZE_MAX
+#  define SIZE_MAX __MAXUINT__(size_t)
+# endif
+
+#endif
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/internal/o_dir.h b/trunk/3rdparty/openssl-1.1-fit/include/internal/o_dir.h
new file mode 100644
index 000000000..e7b55e0c1
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/internal/o_dir.h
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This file is dual-licensed and is also available under the following
+ * terms:
+ *
+ * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef O_DIR_H
+# define O_DIR_H
+
+typedef struct OPENSSL_dir_context_st OPENSSL_DIR_CTX;
+
+/*
+ * returns NULL on error or end-of-directory. If it is end-of-directory,
+ * errno will be zero
+ */
+const char *OPENSSL_DIR_read(OPENSSL_DIR_CTX **ctx, const char *directory);
+/* returns 1 on success, 0 on error */
+int OPENSSL_DIR_end(OPENSSL_DIR_CTX **ctx);
+
+#endif                          /* LPDIR_H */
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/internal/o_str.h b/trunk/3rdparty/openssl-1.1-fit/include/internal/o_str.h
new file mode 100644
index 000000000..86403c9ee
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/internal/o_str.h
@@ -0,0 +1,17 @@
+/*
+ * Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_O_STR_H
+# define HEADER_O_STR_H
+
+# include <stddef.h>            /* to get size_t */
+
+int OPENSSL_memcmp(const void *p1, const void *p2, size_t n);
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/internal/refcount.h b/trunk/3rdparty/openssl-1.1-fit/include/internal/refcount.h
new file mode 100644
index 000000000..75d70a641
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/internal/refcount.h
@@ -0,0 +1,140 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+#ifndef HEADER_INTERNAL_REFCOUNT_H
+# define HEADER_INTERNAL_REFCOUNT_H
+
+/* Used to checking reference counts, most while doing perl5 stuff :-) */
+# if defined(OPENSSL_NO_STDIO)
+#  if defined(REF_PRINT)
+#   error "REF_PRINT requires stdio"
+#  endif
+# endif
+
+# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L \
+     && !defined(__STDC_NO_ATOMICS__)
+#  include <stdatomic.h>
+#  define HAVE_C11_ATOMICS
+# endif
+
+# if defined(HAVE_C11_ATOMICS) && defined(ATOMIC_INT_LOCK_FREE) \
+     && ATOMIC_INT_LOCK_FREE > 0
+
+#  define HAVE_ATOMICS 1
+
+typedef _Atomic int CRYPTO_REF_COUNT;
+
+static inline int CRYPTO_UP_REF(_Atomic int *val, int *ret, void *lock)
+{
+    *ret = atomic_fetch_add_explicit(val, 1, memory_order_relaxed) + 1;
+    return 1;
+}
+
+/*
+ * Changes to shared structure other than reference counter have to be
+ * serialized. And any kind of serialization implies a release fence. This
+ * means that by the time reference counter is decremented all other
+ * changes are visible on all processors. Hence decrement itself can be
+ * relaxed. In case it hits zero, object will be destructed. Since it's
+ * last use of the object, destructor programmer might reason that access
+ * to mutable members doesn't have to be serialized anymore, which would
+ * otherwise imply an acquire fence. Hence conditional acquire fence...
+ */
+static inline int CRYPTO_DOWN_REF(_Atomic int *val, int *ret, void *lock)
+{
+    *ret = atomic_fetch_sub_explicit(val, 1, memory_order_relaxed) - 1;
+    if (*ret == 0)
+        atomic_thread_fence(memory_order_acquire);
+    return 1;
+}
+
+# elif defined(__GNUC__) && defined(__ATOMIC_RELAXED) && __GCC_ATOMIC_INT_LOCK_FREE > 0
+
+#  define HAVE_ATOMICS 1
+
+typedef int CRYPTO_REF_COUNT;
+
+static __inline__ int CRYPTO_UP_REF(int *val, int *ret, void *lock)
+{
+    *ret = __atomic_fetch_add(val, 1, __ATOMIC_RELAXED) + 1;
+    return 1;
+}
+
+static __inline__ int CRYPTO_DOWN_REF(int *val, int *ret, void *lock)
+{
+    *ret = __atomic_fetch_sub(val, 1, __ATOMIC_RELAXED) - 1;
+    if (*ret == 0)
+        __atomic_thread_fence(__ATOMIC_ACQUIRE);
+    return 1;
+}
+
+# elif defined(_MSC_VER) && _MSC_VER>=1200
+
+#  define HAVE_ATOMICS 1
+
+typedef volatile int CRYPTO_REF_COUNT;
+
+#  if (defined(_M_ARM) && _M_ARM>=7) || defined(_M_ARM64)
+#   include <intrin.h>
+#   if defined(_M_ARM64) && !defined(_ARM_BARRIER_ISH)
+#    define _ARM_BARRIER_ISH _ARM64_BARRIER_ISH
+#   endif
+
+static __inline int CRYPTO_UP_REF(volatile int *val, int *ret, void *lock)
+{
+    *ret = _InterlockedExchangeAdd_nf(val, 1) + 1;
+    return 1;
+}
+
+static __inline int CRYPTO_DOWN_REF(volatile int *val, int *ret, void *lock)
+{
+    *ret = _InterlockedExchangeAdd_nf(val, -1) - 1;
+    if (*ret == 0)
+        __dmb(_ARM_BARRIER_ISH);
+    return 1;
+}
+#  else
+#   pragma intrinsic(_InterlockedExchangeAdd)
+
+static __inline int CRYPTO_UP_REF(volatile int *val, int *ret, void *lock)
+{
+    *ret = _InterlockedExchangeAdd(val, 1) + 1;
+    return 1;
+}
+
+static __inline int CRYPTO_DOWN_REF(volatile int *val, int *ret, void *lock)
+{
+    *ret = _InterlockedExchangeAdd(val, -1) - 1;
+    return 1;
+}
+#  endif
+
+# else
+
+typedef int CRYPTO_REF_COUNT;
+
+# define CRYPTO_UP_REF(val, ret, lock) CRYPTO_atomic_add(val, 1, ret, lock)
+# define CRYPTO_DOWN_REF(val, ret, lock) CRYPTO_atomic_add(val, -1, ret, lock)
+
+# endif
+
+# if !defined(NDEBUG) && !defined(OPENSSL_NO_STDIO)
+#  define REF_ASSERT_ISNT(test) \
+    (void)((test) ? (OPENSSL_die("refcount error", __FILE__, __LINE__), 1) : 0)
+# else
+#  define REF_ASSERT_ISNT(i)
+# endif
+
+# ifdef REF_PRINT
+#  define REF_PRINT_COUNT(a, b) \
+        fprintf(stderr, "%p:%4d:%s\n", b, b->references, a)
+# else
+#  define REF_PRINT_COUNT(a, b)
+# endif
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/internal/sockets.h b/trunk/3rdparty/openssl-1.1-fit/include/internal/sockets.h
new file mode 100644
index 000000000..5bb0355f0
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/internal/sockets.h
@@ -0,0 +1,155 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+
+#ifndef HEADER_INTERNAL_SOCKETS
+# define HEADER_INTERNAL_SOCKETS
+
+# if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)
+#  define NO_SYS_PARAM_H
+# endif
+# ifdef WIN32
+#  define NO_SYS_UN_H
+# endif
+# ifdef OPENSSL_SYS_VMS
+#  define NO_SYS_PARAM_H
+#  define NO_SYS_UN_H
+# endif
+
+# ifdef OPENSSL_NO_SOCK
+
+# elif defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
+#  if defined(__DJGPP__)
+#   include <sys/socket.h>
+#   include <sys/un.h>
+#   include <tcp.h>
+#   include <netdb.h>
+#  elif defined(_WIN32_WCE) && _WIN32_WCE<410
+#   define getservbyname _masked_declaration_getservbyname
+#  endif
+#  if !defined(IPPROTO_IP)
+    /* winsock[2].h was included already? */
+#   include <winsock.h>
+#  endif
+#  ifdef getservbyname
+     /* this is used to be wcecompat/include/winsock_extras.h */
+#   undef getservbyname
+struct servent *PASCAL getservbyname(const char *, const char *);
+#  endif
+
+#  ifdef _WIN64
+/*
+ * Even though sizeof(SOCKET) is 8, it's safe to cast it to int, because
+ * the value constitutes an index in per-process table of limited size
+ * and not a real pointer. And we also depend on fact that all processors
+ * Windows run on happen to be two's-complement, which allows to
+ * interchange INVALID_SOCKET and -1.
+ */
+#   define socket(d,t,p)   ((int)socket(d,t,p))
+#   define accept(s,f,l)   ((int)accept(s,f,l))
+#  endif
+
+# else
+
+#  ifndef NO_SYS_PARAM_H
+#   include <sys/param.h>
+#  endif
+#  ifdef OPENSSL_SYS_VXWORKS
+#   include <time.h>
+#  endif
+
+#  include <netdb.h>
+#  if defined(OPENSSL_SYS_VMS_NODECC)
+#   include <socket.h>
+#   include <in.h>
+#   include <inet.h>
+#  else
+#   include <sys/socket.h>
+#   ifndef NO_SYS_UN_H
+#    include <sys/un.h>
+#    ifndef UNIX_PATH_MAX
+#     define UNIX_PATH_MAX sizeof(((struct sockaddr_un *)NULL)->sun_path)
+#    endif
+#   endif
+#   ifdef FILIO_H
+#    include <sys/filio.h> /* FIONBIO in some SVR4, e.g. unixware, solaris */
+#   endif
+#   include <netinet/in.h>
+#   include <arpa/inet.h>
+#   include <netinet/tcp.h>
+#  endif
+
+#  ifdef OPENSSL_SYS_AIX
+#   include <sys/select.h>
+#  endif
+
+#  ifndef VMS
+#   include <sys/ioctl.h>
+#  else
+#   if !defined(TCPIP_TYPE_SOCKETSHR) && defined(__VMS_VER) && (__VMS_VER > 70000000)
+     /* ioctl is only in VMS > 7.0 and when socketshr is not used */
+#    include <sys/ioctl.h>
+#   endif
+#   include <unixio.h>
+#   if defined(TCPIP_TYPE_SOCKETSHR)
+#    include <socketshr.h>
+#   endif
+#  endif
+
+#  ifndef INVALID_SOCKET
+#   define INVALID_SOCKET      (-1)
+#  endif
+# endif
+
+/*
+ * Some IPv6 implementations are broken, you can disable them in known
+ * bad versions.
+ */
+# if !defined(OPENSSL_USE_IPV6)
+#  if defined(AF_INET6)
+#   define OPENSSL_USE_IPV6 1
+#  else
+#   define OPENSSL_USE_IPV6 0
+#  endif
+# endif
+
+# define get_last_socket_error() errno
+# define clear_socket_error()    errno=0
+
+# if defined(OPENSSL_SYS_WINDOWS)
+#  undef get_last_socket_error
+#  undef clear_socket_error
+#  define get_last_socket_error() WSAGetLastError()
+#  define clear_socket_error()    WSASetLastError(0)
+#  define readsocket(s,b,n)       recv((s),(b),(n),0)
+#  define writesocket(s,b,n)      send((s),(b),(n),0)
+# elif defined(__DJGPP__)
+#  define WATT32
+#  define WATT32_NO_OLDIES
+#  define closesocket(s)          close_s(s)
+#  define readsocket(s,b,n)       read_s(s,b,n)
+#  define writesocket(s,b,n)      send(s,b,n,0)
+# elif defined(OPENSSL_SYS_VMS)
+#  define ioctlsocket(a,b,c)      ioctl(a,b,c)
+#  define closesocket(s)          close(s)
+#  define readsocket(s,b,n)       recv((s),(b),(n),0)
+#  define writesocket(s,b,n)      send((s),(b),(n),0)
+# elif defined(OPENSSL_SYS_VXWORKS)
+#  define ioctlsocket(a,b,c)          ioctl((a),(b),(int)(c))
+#  define closesocket(s)              close(s)
+#  define readsocket(s,b,n)           read((s),(b),(n))
+#  define writesocket(s,b,n)          write((s),(char *)(b),(n))
+# else
+#  define ioctlsocket(a,b,c)      ioctl(a,b,c)
+#  define closesocket(s)          close(s)
+#  define readsocket(s,b,n)       read((s),(b),(n))
+#  define writesocket(s,b,n)      write((s),(b),(n))
+# endif
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/internal/sslconf.h b/trunk/3rdparty/openssl-1.1-fit/include/internal/sslconf.h
new file mode 100644
index 000000000..d538f8614
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/internal/sslconf.h
@@ -0,0 +1,20 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_SSLCONF_H
+# define HEADER_SSLCONF_H
+
+typedef struct ssl_conf_cmd_st SSL_CONF_CMD;
+
+const SSL_CONF_CMD *conf_ssl_get(size_t idx, const char **name, size_t *cnt);
+int conf_ssl_name_find(const char *name, size_t *idx);
+void conf_ssl_get_cmd(const SSL_CONF_CMD *cmd, size_t idx, char **cmdstr,
+                      char **arg);
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/internal/thread_once.h b/trunk/3rdparty/openssl-1.1-fit/include/internal/thread_once.h
new file mode 100644
index 000000000..8a25d04d2
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/internal/thread_once.h
@@ -0,0 +1,137 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+
+/*
+ * DEFINE_RUN_ONCE: Define an initialiser function that should be run exactly
+ * once. It takes no arguments and returns and int result (1 for success or
+ * 0 for failure). Typical usage might be:
+ *
+ * DEFINE_RUN_ONCE(myinitfunc)
+ * {
+ *     do_some_initialisation();
+ *     if (init_is_successful())
+ *         return 1;
+ *
+ *     return 0;
+ * }
+ */
+#define DEFINE_RUN_ONCE(init)                   \
+    static int init(void);                     \
+    int init##_ossl_ret_ = 0;                   \
+    void init##_ossl_(void)                     \
+    {                                           \
+        init##_ossl_ret_ = init();              \
+    }                                           \
+    static int init(void)
+
+/*
+ * DECLARE_RUN_ONCE: Declare an initialiser function that should be run exactly
+ * once that has been defined in another file via DEFINE_RUN_ONCE().
+ */
+#define DECLARE_RUN_ONCE(init)                  \
+    extern int init##_ossl_ret_;                \
+    void init##_ossl_(void);
+
+/*
+ * DEFINE_RUN_ONCE_STATIC: Define an initialiser function that should be run
+ * exactly once. This function will be declared as static within the file. It
+ * takes no arguments and returns and int result (1 for success or 0 for
+ * failure). Typical usage might be:
+ *
+ * DEFINE_RUN_ONCE_STATIC(myinitfunc)
+ * {
+ *     do_some_initialisation();
+ *     if (init_is_successful())
+ *         return 1;
+ *
+ *     return 0;
+ * }
+ */
+#define DEFINE_RUN_ONCE_STATIC(init)            \
+    static int init(void);                     \
+    static int init##_ossl_ret_ = 0;            \
+    static void init##_ossl_(void)              \
+    {                                           \
+        init##_ossl_ret_ = init();              \
+    }                                           \
+    static int init(void)
+
+/*
+ * DEFINE_RUN_ONCE_STATIC_ALT: Define an alternative initialiser function. This
+ * function will be declared as static within the file. It takes no arguments
+ * and returns an int result (1 for success or 0 for failure). An alternative
+ * initialiser function is expected to be associated with a primary initialiser
+ * function defined via DEFINE_ONCE_STATIC where both functions use the same
+ * CRYPTO_ONCE object to synchronise. Where an alternative initialiser function
+ * is used only one of the primary or the alternative initialiser function will
+ * ever be called - and that function will be called exactly once. Definitition
+ * of an alternative initialiser function MUST occur AFTER the definition of the
+ * primary initialiser function.
+ *
+ * Typical usage might be:
+ *
+ * DEFINE_RUN_ONCE_STATIC(myinitfunc)
+ * {
+ *     do_some_initialisation();
+ *     if (init_is_successful())
+ *         return 1;
+ *
+ *     return 0;
+ * }
+ *
+ * DEFINE_RUN_ONCE_STATIC_ALT(myaltinitfunc, myinitfunc)
+ * {
+ *     do_some_alternative_initialisation();
+ *     if (init_is_successful())
+ *         return 1;
+ *
+ *     return 0;
+ * }
+ */
+#define DEFINE_RUN_ONCE_STATIC_ALT(initalt, init) \
+    static int initalt(void);                     \
+    static void initalt##_ossl_(void)             \
+    {                                             \
+        init##_ossl_ret_ = initalt();             \
+    }                                             \
+    static int initalt(void)
+
+/*
+ * RUN_ONCE - use CRYPTO_THREAD_run_once, and check if the init succeeded
+ * @once: pointer to static object of type CRYPTO_ONCE
+ * @init: function name that was previously given to DEFINE_RUN_ONCE,
+ *        DEFINE_RUN_ONCE_STATIC or DECLARE_RUN_ONCE.  This function
+ *        must return 1 for success or 0 for failure.
+ *
+ * The return value is 1 on success (*) or 0 in case of error.
+ *
+ * (*) by convention, since the init function must return 1 on success.
+ */
+#define RUN_ONCE(once, init)                                            \
+    (CRYPTO_THREAD_run_once(once, init##_ossl_) ? init##_ossl_ret_ : 0)
+
+/*
+ * RUN_ONCE_ALT - use CRYPTO_THREAD_run_once, to run an alternative initialiser
+ *                function and check if that initialisation succeeded
+ * @once:    pointer to static object of type CRYPTO_ONCE
+ * @initalt: alternative initialiser function name that was previously given to
+ *           DEFINE_RUN_ONCE_STATIC_ALT.  This function must return 1 for
+ *           success or 0 for failure.
+ * @init:    primary initialiser function name that was previously given to
+ *           DEFINE_RUN_ONCE_STATIC.  This function must return 1 for success or
+ *           0 for failure.
+ *
+ * The return value is 1 on success (*) or 0 in case of error.
+ *
+ * (*) by convention, since the init function must return 1 on success.
+ */
+#define RUN_ONCE_ALT(once, initalt, init)                               \
+    (CRYPTO_THREAD_run_once(once, initalt##_ossl_) ? init##_ossl_ret_ : 0)
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/internal/tsan_assist.h b/trunk/3rdparty/openssl-1.1-fit/include/internal/tsan_assist.h
new file mode 100644
index 000000000..38ba0c7eb
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/internal/tsan_assist.h
@@ -0,0 +1,144 @@
+/*
+ * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Contemporary compilers implement lock-free atomic memory access
+ * primitives that facilitate writing "thread-opportunistic" or even real
+ * multi-threading low-overhead code. "Thread-opportunistic" is when
+ * exact result is not required, e.g. some statistics, or execution flow
+ * doesn't have to be unambiguous. Simplest example is lazy "constant"
+ * initialization when one can synchronize on variable itself, e.g.
+ *
+ * if (var == NOT_YET_INITIALIZED)
+ *     var = function_returning_same_value();
+ *
+ * This does work provided that loads and stores are single-instuction
+ * operations (and integer ones are on *all* supported platforms), but
+ * it upsets Thread Sanitizer. Suggested solution is
+ *
+ * if (tsan_load(&var) == NOT_YET_INITIALIZED)
+ *     tsan_store(&var, function_returning_same_value());
+ *
+ * Production machine code would be the same, so one can wonder why
+ * bother. Having Thread Sanitizer accept "thread-opportunistic" code
+ * allows to move on trouble-shooting real bugs.
+ *
+ * Resolving Thread Sanitizer nits was the initial purpose for this module,
+ * but it was later extended with more nuanced primitives that are useful
+ * even in "non-opportunistic" scenarios. Most notably verifying if a shared
+ * structure is fully initialized and bypassing the initialization lock.
+ * It's suggested to view macros defined in this module as "annotations" for
+ * thread-safe lock-free code, "Thread-Safe ANnotations"...
+ *
+ * It's assumed that ATOMIC_{LONG|INT}_LOCK_FREE are assigned same value as
+ * ATOMIC_POINTER_LOCK_FREE. And check for >= 2 ensures that corresponding
+ * code is inlined. It should be noted that statistics counters become
+ * accurate in such case.
+ *
+ * Special note about TSAN_QUALIFIER. It might be undesired to use it in
+ * a shared header. Because whether operation on specific variable or member
+ * is atomic or not might be irrelevant in other modules. In such case one
+ * can use TSAN_QUALIFIER in cast specifically when it has to count.
+ */
+
+#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L \
+    && !defined(__STDC_NO_ATOMICS__)
+# include <stdatomic.h>
+
+# if defined(ATOMIC_POINTER_LOCK_FREE) \
+          && ATOMIC_POINTER_LOCK_FREE >= 2
+#  define TSAN_QUALIFIER _Atomic
+#  define tsan_load(ptr) atomic_load_explicit((ptr), memory_order_relaxed)
+#  define tsan_store(ptr, val) atomic_store_explicit((ptr), (val), memory_order_relaxed)
+#  define tsan_counter(ptr) atomic_fetch_add_explicit((ptr), 1, memory_order_relaxed)
+#  define tsan_decr(ptr) atomic_fetch_add_explicit((ptr), -1, memory_order_relaxed)
+#  define tsan_ld_acq(ptr) atomic_load_explicit((ptr), memory_order_acquire)
+#  define tsan_st_rel(ptr, val) atomic_store_explicit((ptr), (val), memory_order_release)
+# endif
+
+#elif defined(__GNUC__) && defined(__ATOMIC_RELAXED)
+
+# if defined(__GCC_ATOMIC_POINTER_LOCK_FREE) \
+          && __GCC_ATOMIC_POINTER_LOCK_FREE >= 2
+#  define TSAN_QUALIFIER volatile
+#  define tsan_load(ptr) __atomic_load_n((ptr), __ATOMIC_RELAXED)
+#  define tsan_store(ptr, val) __atomic_store_n((ptr), (val), __ATOMIC_RELAXED)
+#  define tsan_counter(ptr) __atomic_fetch_add((ptr), 1, __ATOMIC_RELAXED)
+#  define tsan_decr(ptr) __atomic_fetch_add((ptr), -1, __ATOMIC_RELAXED)
+#  define tsan_ld_acq(ptr) __atomic_load_n((ptr), __ATOMIC_ACQUIRE)
+#  define tsan_st_rel(ptr, val) __atomic_store_n((ptr), (val), __ATOMIC_RELEASE)
+# endif
+
+#elif defined(_MSC_VER) && _MSC_VER>=1200 \
+      && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \
+          defined(_M_ARM64) || (defined(_M_ARM) && _M_ARM >= 7))
+/*
+ * There is subtle dependency on /volatile:<iso|ms> command-line option.
+ * "ms" implies same semantic as memory_order_acquire for loads and
+ * memory_order_release for stores, while "iso" - memory_order_relaxed for
+ * either. Real complication is that defaults are different on x86 and ARM.
+ * There is explanation for that, "ms" is backward compatible with earlier
+ * compiler versions, while multi-processor ARM can be viewed as brand new
+ * platform to MSC and its users, and with non-relaxed semantic taking toll
+ * with additional instructions and penalties, it kind of makes sense to
+ * default to "iso"...
+ */
+# define TSAN_QUALIFIER volatile
+# if defined(_M_ARM) || defined(_M_ARM64)
+#  define _InterlockedExchangeAdd _InterlockedExchangeAdd_nf
+#  pragma intrinsic(_InterlockedExchangeAdd_nf)
+#  pragma intrinsic(__iso_volatile_load32, __iso_volatile_store32)
+#  ifdef _WIN64
+#   define _InterlockedExchangeAdd64 _InterlockedExchangeAdd64_nf
+#   pragma intrinsic(_InterlockedExchangeAdd64_nf)
+#   pragma intrinsic(__iso_volatile_load64, __iso_volatile_store64)
+#   define tsan_load(ptr) (sizeof(*(ptr)) == 8 ? __iso_volatile_load64(ptr) \
+                                               : __iso_volatile_load32(ptr))
+#   define tsan_store(ptr, val) (sizeof(*(ptr)) == 8 ? __iso_volatile_store64((ptr), (val)) \
+                                                     : __iso_volatile_store32((ptr), (val)))
+#  else
+#   define tsan_load(ptr) __iso_volatile_load32(ptr)
+#   define tsan_store(ptr, val) __iso_volatile_store32((ptr), (val))
+#  endif
+# else
+#  define tsan_load(ptr) (*(ptr))
+#  define tsan_store(ptr, val) (*(ptr) = (val))
+# endif
+# pragma intrinsic(_InterlockedExchangeAdd)
+# ifdef _WIN64
+#  pragma intrinsic(_InterlockedExchangeAdd64)
+#  define tsan_counter(ptr) (sizeof(*(ptr)) == 8 ? _InterlockedExchangeAdd64((ptr), 1) \
+                                                 : _InterlockedExchangeAdd((ptr), 1))
+#  define tsan_decr(ptr) (sizeof(*(ptr)) == 8 ? _InterlockedExchangeAdd64((ptr), -1) \
+                                                 : _InterlockedExchangeAdd((ptr), -1))
+# else
+#  define tsan_counter(ptr) _InterlockedExchangeAdd((ptr), 1)
+#  define tsan_decr(ptr) _InterlockedExchangeAdd((ptr), -1)
+# endif
+# if !defined(_ISO_VOLATILE)
+#  define tsan_ld_acq(ptr) (*(ptr))
+#  define tsan_st_rel(ptr, val) (*(ptr) = (val))
+# endif
+
+#endif
+
+#ifndef TSAN_QUALIFIER
+
+# define TSAN_QUALIFIER volatile
+# define tsan_load(ptr) (*(ptr))
+# define tsan_store(ptr, val) (*(ptr) = (val))
+# define tsan_counter(ptr) ((*(ptr))++)
+# define tsan_decr(ptr) ((*(ptr))--)
+/*
+ * Lack of tsan_ld_acq and tsan_ld_rel means that compiler support is not
+ * sophisticated enough to support them. Code that relies on them should be
+ * protected with #ifdef tsan_ld_acq with locked fallback.
+ */
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/__DECC_INCLUDE_EPILOGUE.H b/trunk/3rdparty/openssl-1.1-fit/include/openssl/__DECC_INCLUDE_EPILOGUE.H
new file mode 100644
index 000000000..c350018ad
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/__DECC_INCLUDE_EPILOGUE.H
@@ -0,0 +1,16 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This file is only used by HP C on VMS, and is included automatically
+ * after each header file from this directory
+ */
+
+/* restore state.  Must correspond to the save in __decc_include_prologue.h */
+#pragma names restore
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/__DECC_INCLUDE_PROLOGUE.H b/trunk/3rdparty/openssl-1.1-fit/include/openssl/__DECC_INCLUDE_PROLOGUE.H
new file mode 100644
index 000000000..9a9c777f9
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/__DECC_INCLUDE_PROLOGUE.H
@@ -0,0 +1,20 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This file is only used by HP C on VMS, and is included automatically
+ * after each header file from this directory
+ */
+
+/* save state */
+#pragma names save
+/* have the compiler shorten symbols larger than 31 chars to 23 chars
+ * followed by a 8 hex char CRC
+ */
+#pragma names as_is,shortened
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/aes.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/aes.h
new file mode 100644
index 000000000..245c552ab
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/aes.h
@@ -0,0 +1,92 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_AES_H
+# define HEADER_AES_H
+
+# include <openssl/opensslconf.h>
+
+# include <stddef.h>
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+# define AES_ENCRYPT     1
+# define AES_DECRYPT     0
+
+/*
+ * Because array size can't be a const in C, the following two are macros.
+ * Both sizes are in bytes.
+ */
+# define AES_MAXNR 14
+# define AES_BLOCK_SIZE 16
+
+/* This should be a hidden type, but EVP requires that the size be known */
+struct aes_key_st {
+# ifdef AES_LONG
+    unsigned long rd_key[4 * (AES_MAXNR + 1)];
+# else
+    unsigned int rd_key[4 * (AES_MAXNR + 1)];
+# endif
+    int rounds;
+};
+typedef struct aes_key_st AES_KEY;
+
+const char *AES_options(void);
+
+int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+                        AES_KEY *key);
+int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+                        AES_KEY *key);
+
+void AES_encrypt(const unsigned char *in, unsigned char *out,
+                 const AES_KEY *key);
+void AES_decrypt(const unsigned char *in, unsigned char *out,
+                 const AES_KEY *key);
+
+void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                     const AES_KEY *key, const int enc);
+void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                     size_t length, const AES_KEY *key,
+                     unsigned char *ivec, const int enc);
+void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t length, const AES_KEY *key,
+                        unsigned char *ivec, int *num, const int enc);
+void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
+                      size_t length, const AES_KEY *key,
+                      unsigned char *ivec, int *num, const int enc);
+void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
+                      size_t length, const AES_KEY *key,
+                      unsigned char *ivec, int *num, const int enc);
+void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t length, const AES_KEY *key,
+                        unsigned char *ivec, int *num);
+/* NB: the IV is _two_ blocks long */
+void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
+                     size_t length, const AES_KEY *key,
+                     unsigned char *ivec, const int enc);
+/* NB: the IV is _four_ blocks long */
+void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t length, const AES_KEY *key,
+                        const AES_KEY *key2, const unsigned char *ivec,
+                        const int enc);
+
+int AES_wrap_key(AES_KEY *key, const unsigned char *iv,
+                 unsigned char *out,
+                 const unsigned char *in, unsigned int inlen);
+int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
+                   unsigned char *out,
+                   const unsigned char *in, unsigned int inlen);
+
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/asn1.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/asn1.h
new file mode 100644
index 000000000..9522eec18
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/asn1.h
@@ -0,0 +1,886 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_ASN1_H
+# define HEADER_ASN1_H
+
+# include <time.h>
+# include <openssl/e_os2.h>
+# include <openssl/opensslconf.h>
+# include <openssl/bio.h>
+# include <openssl/safestack.h>
+# include <openssl/asn1err.h>
+# include <openssl/symhacks.h>
+
+# include <openssl/ossl_typ.h>
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  include <openssl/bn.h>
+# endif
+
+# ifdef OPENSSL_BUILD_SHLIBCRYPTO
+#  undef OPENSSL_EXTERN
+#  define OPENSSL_EXTERN OPENSSL_EXPORT
+# endif
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# define V_ASN1_UNIVERSAL                0x00
+# define V_ASN1_APPLICATION              0x40
+# define V_ASN1_CONTEXT_SPECIFIC         0x80
+# define V_ASN1_PRIVATE                  0xc0
+
+# define V_ASN1_CONSTRUCTED              0x20
+# define V_ASN1_PRIMITIVE_TAG            0x1f
+# define V_ASN1_PRIMATIVE_TAG /*compat*/ V_ASN1_PRIMITIVE_TAG
+
+# define V_ASN1_APP_CHOOSE               -2/* let the recipient choose */
+# define V_ASN1_OTHER                    -3/* used in ASN1_TYPE */
+# define V_ASN1_ANY                      -4/* used in ASN1 template code */
+
+# define V_ASN1_UNDEF                    -1
+/* ASN.1 tag values */
+# define V_ASN1_EOC                      0
+# define V_ASN1_BOOLEAN                  1 /**/
+# define V_ASN1_INTEGER                  2
+# define V_ASN1_BIT_STRING               3
+# define V_ASN1_OCTET_STRING             4
+# define V_ASN1_NULL                     5
+# define V_ASN1_OBJECT                   6
+# define V_ASN1_OBJECT_DESCRIPTOR        7
+# define V_ASN1_EXTERNAL                 8
+# define V_ASN1_REAL                     9
+# define V_ASN1_ENUMERATED               10
+# define V_ASN1_UTF8STRING               12
+# define V_ASN1_SEQUENCE                 16
+# define V_ASN1_SET                      17
+# define V_ASN1_NUMERICSTRING            18 /**/
+# define V_ASN1_PRINTABLESTRING          19
+# define V_ASN1_T61STRING                20
+# define V_ASN1_TELETEXSTRING            20/* alias */
+# define V_ASN1_VIDEOTEXSTRING           21 /**/
+# define V_ASN1_IA5STRING                22
+# define V_ASN1_UTCTIME                  23
+# define V_ASN1_GENERALIZEDTIME          24 /**/
+# define V_ASN1_GRAPHICSTRING            25 /**/
+# define V_ASN1_ISO64STRING              26 /**/
+# define V_ASN1_VISIBLESTRING            26/* alias */
+# define V_ASN1_GENERALSTRING            27 /**/
+# define V_ASN1_UNIVERSALSTRING          28 /**/
+# define V_ASN1_BMPSTRING                30
+
+/*
+ * NB the constants below are used internally by ASN1_INTEGER
+ * and ASN1_ENUMERATED to indicate the sign. They are *not* on
+ * the wire tag values.
+ */
+
+# define V_ASN1_NEG                      0x100
+# define V_ASN1_NEG_INTEGER              (2 | V_ASN1_NEG)
+# define V_ASN1_NEG_ENUMERATED           (10 | V_ASN1_NEG)
+
+/* For use with d2i_ASN1_type_bytes() */
+# define B_ASN1_NUMERICSTRING    0x0001
+# define B_ASN1_PRINTABLESTRING  0x0002
+# define B_ASN1_T61STRING        0x0004
+# define B_ASN1_TELETEXSTRING    0x0004
+# define B_ASN1_VIDEOTEXSTRING   0x0008
+# define B_ASN1_IA5STRING        0x0010
+# define B_ASN1_GRAPHICSTRING    0x0020
+# define B_ASN1_ISO64STRING      0x0040
+# define B_ASN1_VISIBLESTRING    0x0040
+# define B_ASN1_GENERALSTRING    0x0080
+# define B_ASN1_UNIVERSALSTRING  0x0100
+# define B_ASN1_OCTET_STRING     0x0200
+# define B_ASN1_BIT_STRING       0x0400
+# define B_ASN1_BMPSTRING        0x0800
+# define B_ASN1_UNKNOWN          0x1000
+# define B_ASN1_UTF8STRING       0x2000
+# define B_ASN1_UTCTIME          0x4000
+# define B_ASN1_GENERALIZEDTIME  0x8000
+# define B_ASN1_SEQUENCE         0x10000
+/* For use with ASN1_mbstring_copy() */
+# define MBSTRING_FLAG           0x1000
+# define MBSTRING_UTF8           (MBSTRING_FLAG)
+# define MBSTRING_ASC            (MBSTRING_FLAG|1)
+# define MBSTRING_BMP            (MBSTRING_FLAG|2)
+# define MBSTRING_UNIV           (MBSTRING_FLAG|4)
+# define SMIME_OLDMIME           0x400
+# define SMIME_CRLFEOL           0x800
+# define SMIME_STREAM            0x1000
+    struct X509_algor_st;
+DEFINE_STACK_OF(X509_ALGOR)
+
+# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */
+/*
+ * This indicates that the ASN1_STRING is not a real value but just a place
+ * holder for the location where indefinite length constructed data should be
+ * inserted in the memory buffer
+ */
+# define ASN1_STRING_FLAG_NDEF 0x010
+
+/*
+ * This flag is used by the CMS code to indicate that a string is not
+ * complete and is a place holder for content when it had all been accessed.
+ * The flag will be reset when content has been written to it.
+ */
+
+# define ASN1_STRING_FLAG_CONT 0x020
+/*
+ * This flag is used by ASN1 code to indicate an ASN1_STRING is an MSTRING
+ * type.
+ */
+# define ASN1_STRING_FLAG_MSTRING 0x040
+/* String is embedded and only content should be freed */
+# define ASN1_STRING_FLAG_EMBED 0x080
+/* String should be parsed in RFC 5280's time format */
+# define ASN1_STRING_FLAG_X509_TIME 0x100
+/* This is the base type that holds just about everything :-) */
+struct asn1_string_st {
+    int length;
+    int type;
+    unsigned char *data;
+    /*
+     * The value of the following field depends on the type being held.  It
+     * is mostly being used for BIT_STRING so if the input data has a
+     * non-zero 'unused bits' value, it will be handled correctly
+     */
+    long flags;
+};
+
+/*
+ * ASN1_ENCODING structure: this is used to save the received encoding of an
+ * ASN1 type. This is useful to get round problems with invalid encodings
+ * which can break signatures.
+ */
+
+typedef struct ASN1_ENCODING_st {
+    unsigned char *enc;         /* DER encoding */
+    long len;                   /* Length of encoding */
+    int modified;               /* set to 1 if 'enc' is invalid */
+} ASN1_ENCODING;
+
+/* Used with ASN1 LONG type: if a long is set to this it is omitted */
+# define ASN1_LONG_UNDEF 0x7fffffffL
+
+# define STABLE_FLAGS_MALLOC     0x01
+/*
+ * A zero passed to ASN1_STRING_TABLE_new_add for the flags is interpreted
+ * as "don't change" and STABLE_FLAGS_MALLOC is always set. By setting
+ * STABLE_FLAGS_MALLOC only we can clear the existing value. Use the alias
+ * STABLE_FLAGS_CLEAR to reflect this.
+ */
+# define STABLE_FLAGS_CLEAR      STABLE_FLAGS_MALLOC
+# define STABLE_NO_MASK          0x02
+# define DIRSTRING_TYPE  \
+ (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_BMPSTRING|B_ASN1_UTF8STRING)
+# define PKCS9STRING_TYPE (DIRSTRING_TYPE|B_ASN1_IA5STRING)
+
+typedef struct asn1_string_table_st {
+    int nid;
+    long minsize;
+    long maxsize;
+    unsigned long mask;
+    unsigned long flags;
+} ASN1_STRING_TABLE;
+
+DEFINE_STACK_OF(ASN1_STRING_TABLE)
+
+/* size limits: this stuff is taken straight from RFC2459 */
+
+# define ub_name                         32768
+# define ub_common_name                  64
+# define ub_locality_name                128
+# define ub_state_name                   128
+# define ub_organization_name            64
+# define ub_organization_unit_name       64
+# define ub_title                        64
+# define ub_email_address                128
+
+/*
+ * Declarations for template structures: for full definitions see asn1t.h
+ */
+typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE;
+typedef struct ASN1_TLC_st ASN1_TLC;
+/* This is just an opaque pointer */
+typedef struct ASN1_VALUE_st ASN1_VALUE;
+
+/* Declare ASN1 functions: the implement macro in in asn1t.h */
+
+# define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type)
+
+# define DECLARE_ASN1_ALLOC_FUNCTIONS(type) \
+        DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, type)
+
+# define DECLARE_ASN1_FUNCTIONS_name(type, name) \
+        DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
+        DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name)
+
+# define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \
+        DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
+        DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name)
+
+# define DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \
+        type *d2i_##name(type **a, const unsigned char **in, long len); \
+        int i2d_##name(type *a, unsigned char **out); \
+        DECLARE_ASN1_ITEM(itname)
+
+# define DECLARE_ASN1_ENCODE_FUNCTIONS_const(type, name) \
+        type *d2i_##name(type **a, const unsigned char **in, long len); \
+        int i2d_##name(const type *a, unsigned char **out); \
+        DECLARE_ASN1_ITEM(name)
+
+# define DECLARE_ASN1_NDEF_FUNCTION(name) \
+        int i2d_##name##_NDEF(name *a, unsigned char **out);
+
+# define DECLARE_ASN1_FUNCTIONS_const(name) \
+        DECLARE_ASN1_ALLOC_FUNCTIONS(name) \
+        DECLARE_ASN1_ENCODE_FUNCTIONS_const(name, name)
+
+# define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
+        type *name##_new(void); \
+        void name##_free(type *a);
+
+# define DECLARE_ASN1_PRINT_FUNCTION(stname) \
+        DECLARE_ASN1_PRINT_FUNCTION_fname(stname, stname)
+
+# define DECLARE_ASN1_PRINT_FUNCTION_fname(stname, fname) \
+        int fname##_print_ctx(BIO *out, stname *x, int indent, \
+                                         const ASN1_PCTX *pctx);
+
+# define D2I_OF(type) type *(*)(type **,const unsigned char **,long)
+# define I2D_OF(type) int (*)(type *,unsigned char **)
+# define I2D_OF_const(type) int (*)(const type *,unsigned char **)
+
+# define CHECKED_D2I_OF(type, d2i) \
+    ((d2i_of_void*) (1 ? d2i : ((D2I_OF(type))0)))
+# define CHECKED_I2D_OF(type, i2d) \
+    ((i2d_of_void*) (1 ? i2d : ((I2D_OF(type))0)))
+# define CHECKED_NEW_OF(type, xnew) \
+    ((void *(*)(void)) (1 ? xnew : ((type *(*)(void))0)))
+# define CHECKED_PTR_OF(type, p) \
+    ((void*) (1 ? p : (type*)0))
+# define CHECKED_PPTR_OF(type, p) \
+    ((void**) (1 ? p : (type**)0))
+
+# define TYPEDEF_D2I_OF(type) typedef type *d2i_of_##type(type **,const unsigned char **,long)
+# define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(type *,unsigned char **)
+# define TYPEDEF_D2I2D_OF(type) TYPEDEF_D2I_OF(type); TYPEDEF_I2D_OF(type)
+
+TYPEDEF_D2I2D_OF(void);
+
+/*-
+ * The following macros and typedefs allow an ASN1_ITEM
+ * to be embedded in a structure and referenced. Since
+ * the ASN1_ITEM pointers need to be globally accessible
+ * (possibly from shared libraries) they may exist in
+ * different forms. On platforms that support it the
+ * ASN1_ITEM structure itself will be globally exported.
+ * Other platforms will export a function that returns
+ * an ASN1_ITEM pointer.
+ *
+ * To handle both cases transparently the macros below
+ * should be used instead of hard coding an ASN1_ITEM
+ * pointer in a structure.
+ *
+ * The structure will look like this:
+ *
+ * typedef struct SOMETHING_st {
+ *      ...
+ *      ASN1_ITEM_EXP *iptr;
+ *      ...
+ * } SOMETHING;
+ *
+ * It would be initialised as e.g.:
+ *
+ * SOMETHING somevar = {...,ASN1_ITEM_ref(X509),...};
+ *
+ * and the actual pointer extracted with:
+ *
+ * const ASN1_ITEM *it = ASN1_ITEM_ptr(somevar.iptr);
+ *
+ * Finally an ASN1_ITEM pointer can be extracted from an
+ * appropriate reference with: ASN1_ITEM_rptr(X509). This
+ * would be used when a function takes an ASN1_ITEM * argument.
+ *
+ */
+
+# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+/* ASN1_ITEM pointer exported type */
+typedef const ASN1_ITEM ASN1_ITEM_EXP;
+
+/* Macro to obtain ASN1_ITEM pointer from exported type */
+#  define ASN1_ITEM_ptr(iptr) (iptr)
+
+/* Macro to include ASN1_ITEM pointer from base type */
+#  define ASN1_ITEM_ref(iptr) (&(iptr##_it))
+
+#  define ASN1_ITEM_rptr(ref) (&(ref##_it))
+
+#  define DECLARE_ASN1_ITEM(name) \
+        OPENSSL_EXTERN const ASN1_ITEM name##_it;
+
+# else
+
+/*
+ * Platforms that can't easily handle shared global variables are declared as
+ * functions returning ASN1_ITEM pointers.
+ */
+
+/* ASN1_ITEM pointer exported type */
+typedef const ASN1_ITEM *ASN1_ITEM_EXP (void);
+
+/* Macro to obtain ASN1_ITEM pointer from exported type */
+#  define ASN1_ITEM_ptr(iptr) (iptr())
+
+/* Macro to include ASN1_ITEM pointer from base type */
+#  define ASN1_ITEM_ref(iptr) (iptr##_it)
+
+#  define ASN1_ITEM_rptr(ref) (ref##_it())
+
+#  define DECLARE_ASN1_ITEM(name) \
+        const ASN1_ITEM * name##_it(void);
+
+# endif
+
+/* Parameters used by ASN1_STRING_print_ex() */
+
+/*
+ * These determine which characters to escape: RFC2253 special characters,
+ * control characters and MSB set characters
+ */
+
+# define ASN1_STRFLGS_ESC_2253           1
+# define ASN1_STRFLGS_ESC_CTRL           2
+# define ASN1_STRFLGS_ESC_MSB            4
+
+/*
+ * This flag determines how we do escaping: normally RC2253 backslash only,
+ * set this to use backslash and quote.
+ */
+
+# define ASN1_STRFLGS_ESC_QUOTE          8
+
+/* These three flags are internal use only. */
+
+/* Character is a valid PrintableString character */
+# define CHARTYPE_PRINTABLESTRING        0x10
+/* Character needs escaping if it is the first character */
+# define CHARTYPE_FIRST_ESC_2253         0x20
+/* Character needs escaping if it is the last character */
+# define CHARTYPE_LAST_ESC_2253          0x40
+
+/*
+ * NB the internal flags are safely reused below by flags handled at the top
+ * level.
+ */
+
+/*
+ * If this is set we convert all character strings to UTF8 first
+ */
+
+# define ASN1_STRFLGS_UTF8_CONVERT       0x10
+
+/*
+ * If this is set we don't attempt to interpret content: just assume all
+ * strings are 1 byte per character. This will produce some pretty odd
+ * looking output!
+ */
+
+# define ASN1_STRFLGS_IGNORE_TYPE        0x20
+
+/* If this is set we include the string type in the output */
+# define ASN1_STRFLGS_SHOW_TYPE          0x40
+
+/*
+ * This determines which strings to display and which to 'dump' (hex dump of
+ * content octets or DER encoding). We can only dump non character strings or
+ * everything. If we don't dump 'unknown' they are interpreted as character
+ * strings with 1 octet per character and are subject to the usual escaping
+ * options.
+ */
+
+# define ASN1_STRFLGS_DUMP_ALL           0x80
+# define ASN1_STRFLGS_DUMP_UNKNOWN       0x100
+
+/*
+ * These determine what 'dumping' does, we can dump the content octets or the
+ * DER encoding: both use the RFC2253 #XXXXX notation.
+ */
+
+# define ASN1_STRFLGS_DUMP_DER           0x200
+
+/*
+ * This flag specifies that RC2254 escaping shall be performed.
+ */
+#define ASN1_STRFLGS_ESC_2254           0x400
+
+/*
+ * All the string flags consistent with RFC2253, escaping control characters
+ * isn't essential in RFC2253 but it is advisable anyway.
+ */
+
+# define ASN1_STRFLGS_RFC2253    (ASN1_STRFLGS_ESC_2253 | \
+                                ASN1_STRFLGS_ESC_CTRL | \
+                                ASN1_STRFLGS_ESC_MSB | \
+                                ASN1_STRFLGS_UTF8_CONVERT | \
+                                ASN1_STRFLGS_DUMP_UNKNOWN | \
+                                ASN1_STRFLGS_DUMP_DER)
+
+DEFINE_STACK_OF(ASN1_INTEGER)
+
+DEFINE_STACK_OF(ASN1_GENERALSTRING)
+
+DEFINE_STACK_OF(ASN1_UTF8STRING)
+
+typedef struct asn1_type_st {
+    int type;
+    union {
+        char *ptr;
+        ASN1_BOOLEAN boolean;
+        ASN1_STRING *asn1_string;
+        ASN1_OBJECT *object;
+        ASN1_INTEGER *integer;
+        ASN1_ENUMERATED *enumerated;
+        ASN1_BIT_STRING *bit_string;
+        ASN1_OCTET_STRING *octet_string;
+        ASN1_PRINTABLESTRING *printablestring;
+        ASN1_T61STRING *t61string;
+        ASN1_IA5STRING *ia5string;
+        ASN1_GENERALSTRING *generalstring;
+        ASN1_BMPSTRING *bmpstring;
+        ASN1_UNIVERSALSTRING *universalstring;
+        ASN1_UTCTIME *utctime;
+        ASN1_GENERALIZEDTIME *generalizedtime;
+        ASN1_VISIBLESTRING *visiblestring;
+        ASN1_UTF8STRING *utf8string;
+        /*
+         * set and sequence are left complete and still contain the set or
+         * sequence bytes
+         */
+        ASN1_STRING *set;
+        ASN1_STRING *sequence;
+        ASN1_VALUE *asn1_value;
+    } value;
+} ASN1_TYPE;
+
+DEFINE_STACK_OF(ASN1_TYPE)
+
+typedef STACK_OF(ASN1_TYPE) ASN1_SEQUENCE_ANY;
+
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SET_ANY)
+
+/* This is used to contain a list of bit names */
+typedef struct BIT_STRING_BITNAME_st {
+    int bitnum;
+    const char *lname;
+    const char *sname;
+} BIT_STRING_BITNAME;
+
+# define B_ASN1_TIME \
+                        B_ASN1_UTCTIME | \
+                        B_ASN1_GENERALIZEDTIME
+
+# define B_ASN1_PRINTABLE \
+                        B_ASN1_NUMERICSTRING| \
+                        B_ASN1_PRINTABLESTRING| \
+                        B_ASN1_T61STRING| \
+                        B_ASN1_IA5STRING| \
+                        B_ASN1_BIT_STRING| \
+                        B_ASN1_UNIVERSALSTRING|\
+                        B_ASN1_BMPSTRING|\
+                        B_ASN1_UTF8STRING|\
+                        B_ASN1_SEQUENCE|\
+                        B_ASN1_UNKNOWN
+
+# define B_ASN1_DIRECTORYSTRING \
+                        B_ASN1_PRINTABLESTRING| \
+                        B_ASN1_TELETEXSTRING|\
+                        B_ASN1_BMPSTRING|\
+                        B_ASN1_UNIVERSALSTRING|\
+                        B_ASN1_UTF8STRING
+
+# define B_ASN1_DISPLAYTEXT \
+                        B_ASN1_IA5STRING| \
+                        B_ASN1_VISIBLESTRING| \
+                        B_ASN1_BMPSTRING|\
+                        B_ASN1_UTF8STRING
+
+DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)
+
+int ASN1_TYPE_get(const ASN1_TYPE *a);
+void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
+int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value);
+int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b);
+
+ASN1_TYPE *ASN1_TYPE_pack_sequence(const ASN1_ITEM *it, void *s, ASN1_TYPE **t);
+void *ASN1_TYPE_unpack_sequence(const ASN1_ITEM *it, const ASN1_TYPE *t);
+
+ASN1_OBJECT *ASN1_OBJECT_new(void);
+void ASN1_OBJECT_free(ASN1_OBJECT *a);
+int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp);
+ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
+                             long length);
+
+DECLARE_ASN1_ITEM(ASN1_OBJECT)
+
+DEFINE_STACK_OF(ASN1_OBJECT)
+
+ASN1_STRING *ASN1_STRING_new(void);
+void ASN1_STRING_free(ASN1_STRING *a);
+void ASN1_STRING_clear_free(ASN1_STRING *a);
+int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str);
+ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *a);
+ASN1_STRING *ASN1_STRING_type_new(int type);
+int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b);
+  /*
+   * Since this is used to store all sorts of things, via macros, for now,
+   * make its data void *
+   */
+int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len);
+void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len);
+int ASN1_STRING_length(const ASN1_STRING *x);
+void ASN1_STRING_length_set(ASN1_STRING *x, int n);
+int ASN1_STRING_type(const ASN1_STRING *x);
+DEPRECATEDIN_1_1_0(unsigned char *ASN1_STRING_data(ASN1_STRING *x))
+const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x);
+
+DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING)
+int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, int length);
+int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value);
+int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n);
+int ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a,
+                          const unsigned char *flags, int flags_len);
+
+int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
+                               BIT_STRING_BITNAME *tbl, int indent);
+int ASN1_BIT_STRING_num_asc(const char *name, BIT_STRING_BITNAME *tbl);
+int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, const char *name, int value,
+                            BIT_STRING_BITNAME *tbl);
+
+DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER)
+ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
+                                long length);
+ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x);
+int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y);
+
+DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED)
+
+int ASN1_UTCTIME_check(const ASN1_UTCTIME *a);
+ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t);
+ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
+                               int offset_day, long offset_sec);
+int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str);
+int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
+
+int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *a);
+ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
+                                               time_t t);
+ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s,
+                                               time_t t, int offset_day,
+                                               long offset_sec);
+int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str);
+
+int ASN1_TIME_diff(int *pday, int *psec,
+                   const ASN1_TIME *from, const ASN1_TIME *to);
+
+DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING)
+ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *a);
+int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a,
+                          const ASN1_OCTET_STRING *b);
+int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data,
+                          int len);
+
+DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_UTF8STRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_NULL)
+DECLARE_ASN1_FUNCTIONS(ASN1_BMPSTRING)
+
+int UTF8_getc(const unsigned char *str, int len, unsigned long *val);
+int UTF8_putc(unsigned char *str, int len, unsigned long value);
+
+DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE)
+
+DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING)
+DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT)
+DECLARE_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_T61STRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_IA5STRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_GENERALSTRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_UTCTIME)
+DECLARE_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME)
+DECLARE_ASN1_FUNCTIONS(ASN1_TIME)
+
+DECLARE_ASN1_ITEM(ASN1_OCTET_STRING_NDEF)
+
+ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t);
+ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t,
+                         int offset_day, long offset_sec);
+int ASN1_TIME_check(const ASN1_TIME *t);
+ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t,
+                                                   ASN1_GENERALIZEDTIME **out);
+int ASN1_TIME_set_string(ASN1_TIME *s, const char *str);
+int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str);
+int ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm);
+int ASN1_TIME_normalize(ASN1_TIME *s);
+int ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t);
+int ASN1_TIME_compare(const ASN1_TIME *a, const ASN1_TIME *b);
+
+int i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a);
+int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size);
+int i2a_ASN1_ENUMERATED(BIO *bp, const ASN1_ENUMERATED *a);
+int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size);
+int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a);
+int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size);
+int i2a_ASN1_STRING(BIO *bp, const ASN1_STRING *a, int type);
+int i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a);
+
+int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num);
+ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len,
+                                const char *sn, const char *ln);
+
+int ASN1_INTEGER_get_int64(int64_t *pr, const ASN1_INTEGER *a);
+int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r);
+int ASN1_INTEGER_get_uint64(uint64_t *pr, const ASN1_INTEGER *a);
+int ASN1_INTEGER_set_uint64(ASN1_INTEGER *a, uint64_t r);
+
+int ASN1_INTEGER_set(ASN1_INTEGER *a, long v);
+long ASN1_INTEGER_get(const ASN1_INTEGER *a);
+ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai);
+BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn);
+
+int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_ENUMERATED *a);
+int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t r);
+
+
+int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v);
+long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a);
+ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai);
+BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, BIGNUM *bn);
+
+/* General */
+/* given a string, return the correct type, max is the maximum length */
+int ASN1_PRINTABLE_type(const unsigned char *s, int max);
+
+unsigned long ASN1_tag2bit(int tag);
+
+/* SPECIALS */
+int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
+                    int *pclass, long omax);
+int ASN1_check_infinite_end(unsigned char **p, long len);
+int ASN1_const_check_infinite_end(const unsigned char **p, long len);
+void ASN1_put_object(unsigned char **pp, int constructed, int length,
+                     int tag, int xclass);
+int ASN1_put_eoc(unsigned char **pp);
+int ASN1_object_size(int constructed, int length, int tag);
+
+/* Used to implement other functions */
+void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x);
+
+# define ASN1_dup_of(type,i2d,d2i,x) \
+    ((type*)ASN1_dup(CHECKED_I2D_OF(type, i2d), \
+                     CHECKED_D2I_OF(type, d2i), \
+                     CHECKED_PTR_OF(type, x)))
+
+# define ASN1_dup_of_const(type,i2d,d2i,x) \
+    ((type*)ASN1_dup(CHECKED_I2D_OF(const type, i2d), \
+                     CHECKED_D2I_OF(type, d2i), \
+                     CHECKED_PTR_OF(const type, x)))
+
+void *ASN1_item_dup(const ASN1_ITEM *it, void *x);
+
+/* ASN1 alloc/free macros for when a type is only used internally */
+
+# define M_ASN1_new_of(type) (type *)ASN1_item_new(ASN1_ITEM_rptr(type))
+# define M_ASN1_free_of(x, type) \
+                ASN1_item_free(CHECKED_PTR_OF(type, x), ASN1_ITEM_rptr(type))
+
+# ifndef OPENSSL_NO_STDIO
+void *ASN1_d2i_fp(void *(*xnew) (void), d2i_of_void *d2i, FILE *in, void **x);
+
+#  define ASN1_d2i_fp_of(type,xnew,d2i,in,x) \
+    ((type*)ASN1_d2i_fp(CHECKED_NEW_OF(type, xnew), \
+                        CHECKED_D2I_OF(type, d2i), \
+                        in, \
+                        CHECKED_PPTR_OF(type, x)))
+
+void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x);
+int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x);
+
+#  define ASN1_i2d_fp_of(type,i2d,out,x) \
+    (ASN1_i2d_fp(CHECKED_I2D_OF(type, i2d), \
+                 out, \
+                 CHECKED_PTR_OF(type, x)))
+
+#  define ASN1_i2d_fp_of_const(type,i2d,out,x) \
+    (ASN1_i2d_fp(CHECKED_I2D_OF(const type, i2d), \
+                 out, \
+                 CHECKED_PTR_OF(const type, x)))
+
+int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x);
+int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flags);
+# endif
+
+int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in);
+
+void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x);
+
+#  define ASN1_d2i_bio_of(type,xnew,d2i,in,x) \
+    ((type*)ASN1_d2i_bio( CHECKED_NEW_OF(type, xnew), \
+                          CHECKED_D2I_OF(type, d2i), \
+                          in, \
+                          CHECKED_PPTR_OF(type, x)))
+
+void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x);
+int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x);
+
+#  define ASN1_i2d_bio_of(type,i2d,out,x) \
+    (ASN1_i2d_bio(CHECKED_I2D_OF(type, i2d), \
+                  out, \
+                  CHECKED_PTR_OF(type, x)))
+
+#  define ASN1_i2d_bio_of_const(type,i2d,out,x) \
+    (ASN1_i2d_bio(CHECKED_I2D_OF(const type, i2d), \
+                  out, \
+                  CHECKED_PTR_OF(const type, x)))
+
+int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x);
+int ASN1_UTCTIME_print(BIO *fp, const ASN1_UTCTIME *a);
+int ASN1_GENERALIZEDTIME_print(BIO *fp, const ASN1_GENERALIZEDTIME *a);
+int ASN1_TIME_print(BIO *fp, const ASN1_TIME *a);
+int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v);
+int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags);
+int ASN1_buf_print(BIO *bp, const unsigned char *buf, size_t buflen, int off);
+int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num,
+                  unsigned char *buf, int off);
+int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent);
+int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent,
+                    int dump);
+const char *ASN1_tag2str(int tag);
+
+/* Used to load and write Netscape format cert */
+
+int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s);
+
+int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len);
+int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_len);
+int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num,
+                                  unsigned char *data, int len);
+int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
+                                  unsigned char *data, int max_len);
+
+void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it);
+
+ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it,
+                            ASN1_OCTET_STRING **oct);
+
+void ASN1_STRING_set_default_mask(unsigned long mask);
+int ASN1_STRING_set_default_mask_asc(const char *p);
+unsigned long ASN1_STRING_get_default_mask(void);
+int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len,
+                       int inform, unsigned long mask);
+int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
+                        int inform, unsigned long mask,
+                        long minsize, long maxsize);
+
+ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out,
+                                    const unsigned char *in, int inlen,
+                                    int inform, int nid);
+ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid);
+int ASN1_STRING_TABLE_add(int, long, long, unsigned long, unsigned long);
+void ASN1_STRING_TABLE_cleanup(void);
+
+/* ASN1 template functions */
+
+/* Old API compatible functions */
+ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it);
+void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it);
+ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **val, const unsigned char **in,
+                          long len, const ASN1_ITEM *it);
+int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);
+int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out,
+                       const ASN1_ITEM *it);
+
+void ASN1_add_oid_module(void);
+void ASN1_add_stable_module(void);
+
+ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf);
+ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf);
+int ASN1_str2mask(const char *str, unsigned long *pmask);
+
+/* ASN1 Print flags */
+
+/* Indicate missing OPTIONAL fields */
+# define ASN1_PCTX_FLAGS_SHOW_ABSENT             0x001
+/* Mark start and end of SEQUENCE */
+# define ASN1_PCTX_FLAGS_SHOW_SEQUENCE           0x002
+/* Mark start and end of SEQUENCE/SET OF */
+# define ASN1_PCTX_FLAGS_SHOW_SSOF               0x004
+/* Show the ASN1 type of primitives */
+# define ASN1_PCTX_FLAGS_SHOW_TYPE               0x008
+/* Don't show ASN1 type of ANY */
+# define ASN1_PCTX_FLAGS_NO_ANY_TYPE             0x010
+/* Don't show ASN1 type of MSTRINGs */
+# define ASN1_PCTX_FLAGS_NO_MSTRING_TYPE         0x020
+/* Don't show field names in SEQUENCE */
+# define ASN1_PCTX_FLAGS_NO_FIELD_NAME           0x040
+/* Show structure names of each SEQUENCE field */
+# define ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME  0x080
+/* Don't show structure name even at top level */
+# define ASN1_PCTX_FLAGS_NO_STRUCT_NAME          0x100
+
+int ASN1_item_print(BIO *out, ASN1_VALUE *ifld, int indent,
+                    const ASN1_ITEM *it, const ASN1_PCTX *pctx);
+ASN1_PCTX *ASN1_PCTX_new(void);
+void ASN1_PCTX_free(ASN1_PCTX *p);
+unsigned long ASN1_PCTX_get_flags(const ASN1_PCTX *p);
+void ASN1_PCTX_set_flags(ASN1_PCTX *p, unsigned long flags);
+unsigned long ASN1_PCTX_get_nm_flags(const ASN1_PCTX *p);
+void ASN1_PCTX_set_nm_flags(ASN1_PCTX *p, unsigned long flags);
+unsigned long ASN1_PCTX_get_cert_flags(const ASN1_PCTX *p);
+void ASN1_PCTX_set_cert_flags(ASN1_PCTX *p, unsigned long flags);
+unsigned long ASN1_PCTX_get_oid_flags(const ASN1_PCTX *p);
+void ASN1_PCTX_set_oid_flags(ASN1_PCTX *p, unsigned long flags);
+unsigned long ASN1_PCTX_get_str_flags(const ASN1_PCTX *p);
+void ASN1_PCTX_set_str_flags(ASN1_PCTX *p, unsigned long flags);
+
+ASN1_SCTX *ASN1_SCTX_new(int (*scan_cb) (ASN1_SCTX *ctx));
+void ASN1_SCTX_free(ASN1_SCTX *p);
+const ASN1_ITEM *ASN1_SCTX_get_item(ASN1_SCTX *p);
+const ASN1_TEMPLATE *ASN1_SCTX_get_template(ASN1_SCTX *p);
+unsigned long ASN1_SCTX_get_flags(ASN1_SCTX *p);
+void ASN1_SCTX_set_app_data(ASN1_SCTX *p, void *data);
+void *ASN1_SCTX_get_app_data(ASN1_SCTX *p);
+
+const BIO_METHOD *BIO_f_asn1(void);
+
+BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it);
+
+int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
+                        const ASN1_ITEM *it);
+int PEM_write_bio_ASN1_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
+                              const char *hdr, const ASN1_ITEM *it);
+int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
+                     int ctype_nid, int econt_nid,
+                     STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it);
+ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it);
+int SMIME_crlf_copy(BIO *in, BIO *out, int flags);
+int SMIME_text(BIO *in, BIO *out);
+
+const ASN1_ITEM *ASN1_ITEM_lookup(const char *name);
+const ASN1_ITEM *ASN1_ITEM_get(size_t i);
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/asn1_mac.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/asn1_mac.h
new file mode 100644
index 000000000..7ac1782a3
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/asn1_mac.h
@@ -0,0 +1,10 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#error "This file is obsolete; please update your software."
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/asn1err.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/asn1err.h
new file mode 100644
index 000000000..5a91126db
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/asn1err.h
@@ -0,0 +1,252 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_ASN1ERR_H
+# define HEADER_ASN1ERR_H
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_ASN1_strings(void);
+
+/*
+ * ASN1 function codes.
+ */
+# define ASN1_F_A2D_ASN1_OBJECT                           100
+# define ASN1_F_A2I_ASN1_INTEGER                          102
+# define ASN1_F_A2I_ASN1_STRING                           103
+# define ASN1_F_APPEND_EXP                                176
+# define ASN1_F_ASN1_BIO_INIT                             113
+# define ASN1_F_ASN1_BIT_STRING_SET_BIT                   183
+# define ASN1_F_ASN1_CB                                   177
+# define ASN1_F_ASN1_CHECK_TLEN                           104
+# define ASN1_F_ASN1_COLLECT                              106
+# define ASN1_F_ASN1_D2I_EX_PRIMITIVE                     108
+# define ASN1_F_ASN1_D2I_FP                               109
+# define ASN1_F_ASN1_D2I_READ_BIO                         107
+# define ASN1_F_ASN1_DIGEST                               184
+# define ASN1_F_ASN1_DO_ADB                               110
+# define ASN1_F_ASN1_DO_LOCK                              233
+# define ASN1_F_ASN1_DUP                                  111
+# define ASN1_F_ASN1_ENC_SAVE                             115
+# define ASN1_F_ASN1_EX_C2I                               204
+# define ASN1_F_ASN1_FIND_END                             190
+# define ASN1_F_ASN1_GENERALIZEDTIME_ADJ                  216
+# define ASN1_F_ASN1_GENERATE_V3                          178
+# define ASN1_F_ASN1_GET_INT64                            224
+# define ASN1_F_ASN1_GET_OBJECT                           114
+# define ASN1_F_ASN1_GET_UINT64                           225
+# define ASN1_F_ASN1_I2D_BIO                              116
+# define ASN1_F_ASN1_I2D_FP                               117
+# define ASN1_F_ASN1_ITEM_D2I_FP                          206
+# define ASN1_F_ASN1_ITEM_DUP                             191
+# define ASN1_F_ASN1_ITEM_EMBED_D2I                       120
+# define ASN1_F_ASN1_ITEM_EMBED_NEW                       121
+# define ASN1_F_ASN1_ITEM_FLAGS_I2D                       118
+# define ASN1_F_ASN1_ITEM_I2D_BIO                         192
+# define ASN1_F_ASN1_ITEM_I2D_FP                          193
+# define ASN1_F_ASN1_ITEM_PACK                            198
+# define ASN1_F_ASN1_ITEM_SIGN                            195
+# define ASN1_F_ASN1_ITEM_SIGN_CTX                        220
+# define ASN1_F_ASN1_ITEM_UNPACK                          199
+# define ASN1_F_ASN1_ITEM_VERIFY                          197
+# define ASN1_F_ASN1_MBSTRING_NCOPY                       122
+# define ASN1_F_ASN1_OBJECT_NEW                           123
+# define ASN1_F_ASN1_OUTPUT_DATA                          214
+# define ASN1_F_ASN1_PCTX_NEW                             205
+# define ASN1_F_ASN1_PRIMITIVE_NEW                        119
+# define ASN1_F_ASN1_SCTX_NEW                             221
+# define ASN1_F_ASN1_SIGN                                 128
+# define ASN1_F_ASN1_STR2TYPE                             179
+# define ASN1_F_ASN1_STRING_GET_INT64                     227
+# define ASN1_F_ASN1_STRING_GET_UINT64                    230
+# define ASN1_F_ASN1_STRING_SET                           186
+# define ASN1_F_ASN1_STRING_TABLE_ADD                     129
+# define ASN1_F_ASN1_STRING_TO_BN                         228
+# define ASN1_F_ASN1_STRING_TYPE_NEW                      130
+# define ASN1_F_ASN1_TEMPLATE_EX_D2I                      132
+# define ASN1_F_ASN1_TEMPLATE_NEW                         133
+# define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I                   131
+# define ASN1_F_ASN1_TIME_ADJ                             217
+# define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING             134
+# define ASN1_F_ASN1_TYPE_GET_OCTETSTRING                 135
+# define ASN1_F_ASN1_UTCTIME_ADJ                          218
+# define ASN1_F_ASN1_VERIFY                               137
+# define ASN1_F_B64_READ_ASN1                             209
+# define ASN1_F_B64_WRITE_ASN1                            210
+# define ASN1_F_BIO_NEW_NDEF                              208
+# define ASN1_F_BITSTR_CB                                 180
+# define ASN1_F_BN_TO_ASN1_STRING                         229
+# define ASN1_F_C2I_ASN1_BIT_STRING                       189
+# define ASN1_F_C2I_ASN1_INTEGER                          194
+# define ASN1_F_C2I_ASN1_OBJECT                           196
+# define ASN1_F_C2I_IBUF                                  226
+# define ASN1_F_C2I_UINT64_INT                            101
+# define ASN1_F_COLLECT_DATA                              140
+# define ASN1_F_D2I_ASN1_OBJECT                           147
+# define ASN1_F_D2I_ASN1_UINTEGER                         150
+# define ASN1_F_D2I_AUTOPRIVATEKEY                        207
+# define ASN1_F_D2I_PRIVATEKEY                            154
+# define ASN1_F_D2I_PUBLICKEY                             155
+# define ASN1_F_DO_BUF                                    142
+# define ASN1_F_DO_CREATE                                 124
+# define ASN1_F_DO_DUMP                                   125
+# define ASN1_F_DO_TCREATE                                222
+# define ASN1_F_I2A_ASN1_OBJECT                           126
+# define ASN1_F_I2D_ASN1_BIO_STREAM                       211
+# define ASN1_F_I2D_ASN1_OBJECT                           143
+# define ASN1_F_I2D_DSA_PUBKEY                            161
+# define ASN1_F_I2D_EC_PUBKEY                             181
+# define ASN1_F_I2D_PRIVATEKEY                            163
+# define ASN1_F_I2D_PUBLICKEY                             164
+# define ASN1_F_I2D_RSA_PUBKEY                            165
+# define ASN1_F_LONG_C2I                                  166
+# define ASN1_F_NDEF_PREFIX                               127
+# define ASN1_F_NDEF_SUFFIX                               136
+# define ASN1_F_OID_MODULE_INIT                           174
+# define ASN1_F_PARSE_TAGGING                             182
+# define ASN1_F_PKCS5_PBE2_SET_IV                         167
+# define ASN1_F_PKCS5_PBE2_SET_SCRYPT                     231
+# define ASN1_F_PKCS5_PBE_SET                             202
+# define ASN1_F_PKCS5_PBE_SET0_ALGOR                      215
+# define ASN1_F_PKCS5_PBKDF2_SET                          219
+# define ASN1_F_PKCS5_SCRYPT_SET                          232
+# define ASN1_F_SMIME_READ_ASN1                           212
+# define ASN1_F_SMIME_TEXT                                213
+# define ASN1_F_STABLE_GET                                138
+# define ASN1_F_STBL_MODULE_INIT                          223
+# define ASN1_F_UINT32_C2I                                105
+# define ASN1_F_UINT32_NEW                                139
+# define ASN1_F_UINT64_C2I                                112
+# define ASN1_F_UINT64_NEW                                141
+# define ASN1_F_X509_CRL_ADD0_REVOKED                     169
+# define ASN1_F_X509_INFO_NEW                             170
+# define ASN1_F_X509_NAME_ENCODE                          203
+# define ASN1_F_X509_NAME_EX_D2I                          158
+# define ASN1_F_X509_NAME_EX_NEW                          171
+# define ASN1_F_X509_PKEY_NEW                             173
+
+/*
+ * ASN1 reason codes.
+ */
+# define ASN1_R_ADDING_OBJECT                             171
+# define ASN1_R_ASN1_PARSE_ERROR                          203
+# define ASN1_R_ASN1_SIG_PARSE_ERROR                      204
+# define ASN1_R_AUX_ERROR                                 100
+# define ASN1_R_BAD_OBJECT_HEADER                         102
+# define ASN1_R_BMPSTRING_IS_WRONG_LENGTH                 214
+# define ASN1_R_BN_LIB                                    105
+# define ASN1_R_BOOLEAN_IS_WRONG_LENGTH                   106
+# define ASN1_R_BUFFER_TOO_SMALL                          107
+# define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER           108
+# define ASN1_R_CONTEXT_NOT_INITIALISED                   217
+# define ASN1_R_DATA_IS_WRONG                             109
+# define ASN1_R_DECODE_ERROR                              110
+# define ASN1_R_DEPTH_EXCEEDED                            174
+# define ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED         198
+# define ASN1_R_ENCODE_ERROR                              112
+# define ASN1_R_ERROR_GETTING_TIME                        173
+# define ASN1_R_ERROR_LOADING_SECTION                     172
+# define ASN1_R_ERROR_SETTING_CIPHER_PARAMS               114
+# define ASN1_R_EXPECTING_AN_INTEGER                      115
+# define ASN1_R_EXPECTING_AN_OBJECT                       116
+# define ASN1_R_EXPLICIT_LENGTH_MISMATCH                  119
+# define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED              120
+# define ASN1_R_FIELD_MISSING                             121
+# define ASN1_R_FIRST_NUM_TOO_LARGE                       122
+# define ASN1_R_HEADER_TOO_LONG                           123
+# define ASN1_R_ILLEGAL_BITSTRING_FORMAT                  175
+# define ASN1_R_ILLEGAL_BOOLEAN                           176
+# define ASN1_R_ILLEGAL_CHARACTERS                        124
+# define ASN1_R_ILLEGAL_FORMAT                            177
+# define ASN1_R_ILLEGAL_HEX                               178
+# define ASN1_R_ILLEGAL_IMPLICIT_TAG                      179
+# define ASN1_R_ILLEGAL_INTEGER                           180
+# define ASN1_R_ILLEGAL_NEGATIVE_VALUE                    226
+# define ASN1_R_ILLEGAL_NESTED_TAGGING                    181
+# define ASN1_R_ILLEGAL_NULL                              125
+# define ASN1_R_ILLEGAL_NULL_VALUE                        182
+# define ASN1_R_ILLEGAL_OBJECT                            183
+# define ASN1_R_ILLEGAL_OPTIONAL_ANY                      126
+# define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE          170
+# define ASN1_R_ILLEGAL_PADDING                           221
+# define ASN1_R_ILLEGAL_TAGGED_ANY                        127
+# define ASN1_R_ILLEGAL_TIME_VALUE                        184
+# define ASN1_R_ILLEGAL_ZERO_CONTENT                      222
+# define ASN1_R_INTEGER_NOT_ASCII_FORMAT                  185
+# define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG                128
+# define ASN1_R_INVALID_BIT_STRING_BITS_LEFT              220
+# define ASN1_R_INVALID_BMPSTRING_LENGTH                  129
+# define ASN1_R_INVALID_DIGIT                             130
+# define ASN1_R_INVALID_MIME_TYPE                         205
+# define ASN1_R_INVALID_MODIFIER                          186
+# define ASN1_R_INVALID_NUMBER                            187
+# define ASN1_R_INVALID_OBJECT_ENCODING                   216
+# define ASN1_R_INVALID_SCRYPT_PARAMETERS                 227
+# define ASN1_R_INVALID_SEPARATOR                         131
+# define ASN1_R_INVALID_STRING_TABLE_VALUE                218
+# define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH            133
+# define ASN1_R_INVALID_UTF8STRING                        134
+# define ASN1_R_INVALID_VALUE                             219
+# define ASN1_R_LIST_ERROR                                188
+# define ASN1_R_MIME_NO_CONTENT_TYPE                      206
+# define ASN1_R_MIME_PARSE_ERROR                          207
+# define ASN1_R_MIME_SIG_PARSE_ERROR                      208
+# define ASN1_R_MISSING_EOC                               137
+# define ASN1_R_MISSING_SECOND_NUMBER                     138
+# define ASN1_R_MISSING_VALUE                             189
+# define ASN1_R_MSTRING_NOT_UNIVERSAL                     139
+# define ASN1_R_MSTRING_WRONG_TAG                         140
+# define ASN1_R_NESTED_ASN1_STRING                        197
+# define ASN1_R_NESTED_TOO_DEEP                           201
+# define ASN1_R_NON_HEX_CHARACTERS                        141
+# define ASN1_R_NOT_ASCII_FORMAT                          190
+# define ASN1_R_NOT_ENOUGH_DATA                           142
+# define ASN1_R_NO_CONTENT_TYPE                           209
+# define ASN1_R_NO_MATCHING_CHOICE_TYPE                   143
+# define ASN1_R_NO_MULTIPART_BODY_FAILURE                 210
+# define ASN1_R_NO_MULTIPART_BOUNDARY                     211
+# define ASN1_R_NO_SIG_CONTENT_TYPE                       212
+# define ASN1_R_NULL_IS_WRONG_LENGTH                      144
+# define ASN1_R_OBJECT_NOT_ASCII_FORMAT                   191
+# define ASN1_R_ODD_NUMBER_OF_CHARS                       145
+# define ASN1_R_SECOND_NUMBER_TOO_LARGE                   147
+# define ASN1_R_SEQUENCE_LENGTH_MISMATCH                  148
+# define ASN1_R_SEQUENCE_NOT_CONSTRUCTED                  149
+# define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG              192
+# define ASN1_R_SHORT_LINE                                150
+# define ASN1_R_SIG_INVALID_MIME_TYPE                     213
+# define ASN1_R_STREAMING_NOT_SUPPORTED                   202
+# define ASN1_R_STRING_TOO_LONG                           151
+# define ASN1_R_STRING_TOO_SHORT                          152
+# define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154
+# define ASN1_R_TIME_NOT_ASCII_FORMAT                     193
+# define ASN1_R_TOO_LARGE                                 223
+# define ASN1_R_TOO_LONG                                  155
+# define ASN1_R_TOO_SMALL                                 224
+# define ASN1_R_TYPE_NOT_CONSTRUCTED                      156
+# define ASN1_R_TYPE_NOT_PRIMITIVE                        195
+# define ASN1_R_UNEXPECTED_EOC                            159
+# define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH           215
+# define ASN1_R_UNKNOWN_FORMAT                            160
+# define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM          161
+# define ASN1_R_UNKNOWN_OBJECT_TYPE                       162
+# define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE                   163
+# define ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM               199
+# define ASN1_R_UNKNOWN_TAG                               194
+# define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE           164
+# define ASN1_R_UNSUPPORTED_CIPHER                        228
+# define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE               167
+# define ASN1_R_UNSUPPORTED_TYPE                          196
+# define ASN1_R_WRONG_INTEGER_TYPE                        225
+# define ASN1_R_WRONG_PUBLIC_KEY_TYPE                     200
+# define ASN1_R_WRONG_TAG                                 168
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/asn1t.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/asn1t.h
new file mode 100644
index 000000000..a450ba0d9
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/asn1t.h
@@ -0,0 +1,945 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_ASN1T_H
+# define HEADER_ASN1T_H
+
+# include <stddef.h>
+# include <openssl/e_os2.h>
+# include <openssl/asn1.h>
+
+# ifdef OPENSSL_BUILD_SHLIBCRYPTO
+#  undef OPENSSL_EXTERN
+#  define OPENSSL_EXTERN OPENSSL_EXPORT
+# endif
+
+/* ASN1 template defines, structures and functions */
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */
+#  define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr))
+
+/* Macros for start and end of ASN1_ITEM definition */
+
+#  define ASN1_ITEM_start(itname) \
+        const ASN1_ITEM itname##_it = {
+
+#  define static_ASN1_ITEM_start(itname) \
+        static const ASN1_ITEM itname##_it = {
+
+#  define ASN1_ITEM_end(itname)                 \
+                };
+
+# else
+
+/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */
+#  define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)((iptr)()))
+
+/* Macros for start and end of ASN1_ITEM definition */
+
+#  define ASN1_ITEM_start(itname) \
+        const ASN1_ITEM * itname##_it(void) \
+        { \
+                static const ASN1_ITEM local_it = {
+
+#  define static_ASN1_ITEM_start(itname) \
+        static ASN1_ITEM_start(itname)
+
+#  define ASN1_ITEM_end(itname) \
+                }; \
+        return &local_it; \
+        }
+
+# endif
+
+/* Macros to aid ASN1 template writing */
+
+# define ASN1_ITEM_TEMPLATE(tname) \
+        static const ASN1_TEMPLATE tname##_item_tt
+
+# define ASN1_ITEM_TEMPLATE_END(tname) \
+        ;\
+        ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_PRIMITIVE,\
+                -1,\
+                &tname##_item_tt,\
+                0,\
+                NULL,\
+                0,\
+                #tname \
+        ASN1_ITEM_end(tname)
+# define static_ASN1_ITEM_TEMPLATE_END(tname) \
+        ;\
+        static_ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_PRIMITIVE,\
+                -1,\
+                &tname##_item_tt,\
+                0,\
+                NULL,\
+                0,\
+                #tname \
+        ASN1_ITEM_end(tname)
+
+/* This is a ASN1 type which just embeds a template */
+
+/*-
+ * This pair helps declare a SEQUENCE. We can do:
+ *
+ *      ASN1_SEQUENCE(stname) = {
+ *              ... SEQUENCE components ...
+ *      } ASN1_SEQUENCE_END(stname)
+ *
+ *      This will produce an ASN1_ITEM called stname_it
+ *      for a structure called stname.
+ *
+ *      If you want the same structure but a different
+ *      name then use:
+ *
+ *      ASN1_SEQUENCE(itname) = {
+ *              ... SEQUENCE components ...
+ *      } ASN1_SEQUENCE_END_name(stname, itname)
+ *
+ *      This will create an item called itname_it using
+ *      a structure called stname.
+ */
+
+# define ASN1_SEQUENCE(tname) \
+        static const ASN1_TEMPLATE tname##_seq_tt[]
+
+# define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname)
+
+# define static_ASN1_SEQUENCE_END(stname) static_ASN1_SEQUENCE_END_name(stname, stname)
+
+# define ASN1_SEQUENCE_END_name(stname, tname) \
+        ;\
+        ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_SEQUENCE,\
+                V_ASN1_SEQUENCE,\
+                tname##_seq_tt,\
+                sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+                NULL,\
+                sizeof(stname),\
+                #tname \
+        ASN1_ITEM_end(tname)
+
+# define static_ASN1_SEQUENCE_END_name(stname, tname) \
+        ;\
+        static_ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_SEQUENCE,\
+                V_ASN1_SEQUENCE,\
+                tname##_seq_tt,\
+                sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+                NULL,\
+                sizeof(stname),\
+                #stname \
+        ASN1_ITEM_end(tname)
+
+# define ASN1_NDEF_SEQUENCE(tname) \
+        ASN1_SEQUENCE(tname)
+
+# define ASN1_NDEF_SEQUENCE_cb(tname, cb) \
+        ASN1_SEQUENCE_cb(tname, cb)
+
+# define ASN1_SEQUENCE_cb(tname, cb) \
+        static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
+        ASN1_SEQUENCE(tname)
+
+# define ASN1_BROKEN_SEQUENCE(tname) \
+        static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \
+        ASN1_SEQUENCE(tname)
+
+# define ASN1_SEQUENCE_ref(tname, cb) \
+        static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), offsetof(tname, lock), cb, 0}; \
+        ASN1_SEQUENCE(tname)
+
+# define ASN1_SEQUENCE_enc(tname, enc, cb) \
+        static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc)}; \
+        ASN1_SEQUENCE(tname)
+
+# define ASN1_NDEF_SEQUENCE_END(tname) \
+        ;\
+        ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_NDEF_SEQUENCE,\
+                V_ASN1_SEQUENCE,\
+                tname##_seq_tt,\
+                sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+                NULL,\
+                sizeof(tname),\
+                #tname \
+        ASN1_ITEM_end(tname)
+# define static_ASN1_NDEF_SEQUENCE_END(tname) \
+        ;\
+        static_ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_NDEF_SEQUENCE,\
+                V_ASN1_SEQUENCE,\
+                tname##_seq_tt,\
+                sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+                NULL,\
+                sizeof(tname),\
+                #tname \
+        ASN1_ITEM_end(tname)
+
+# define ASN1_BROKEN_SEQUENCE_END(stname) ASN1_SEQUENCE_END_ref(stname, stname)
+# define static_ASN1_BROKEN_SEQUENCE_END(stname) \
+        static_ASN1_SEQUENCE_END_ref(stname, stname)
+
+# define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
+
+# define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
+# define static_ASN1_SEQUENCE_END_cb(stname, tname) static_ASN1_SEQUENCE_END_ref(stname, tname)
+
+# define ASN1_SEQUENCE_END_ref(stname, tname) \
+        ;\
+        ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_SEQUENCE,\
+                V_ASN1_SEQUENCE,\
+                tname##_seq_tt,\
+                sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+                &tname##_aux,\
+                sizeof(stname),\
+                #tname \
+        ASN1_ITEM_end(tname)
+# define static_ASN1_SEQUENCE_END_ref(stname, tname) \
+        ;\
+        static_ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_SEQUENCE,\
+                V_ASN1_SEQUENCE,\
+                tname##_seq_tt,\
+                sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+                &tname##_aux,\
+                sizeof(stname),\
+                #stname \
+        ASN1_ITEM_end(tname)
+
+# define ASN1_NDEF_SEQUENCE_END_cb(stname, tname) \
+        ;\
+        ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_NDEF_SEQUENCE,\
+                V_ASN1_SEQUENCE,\
+                tname##_seq_tt,\
+                sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+                &tname##_aux,\
+                sizeof(stname),\
+                #stname \
+        ASN1_ITEM_end(tname)
+
+/*-
+ * This pair helps declare a CHOICE type. We can do:
+ *
+ *      ASN1_CHOICE(chname) = {
+ *              ... CHOICE options ...
+ *      ASN1_CHOICE_END(chname)
+ *
+ *      This will produce an ASN1_ITEM called chname_it
+ *      for a structure called chname. The structure
+ *      definition must look like this:
+ *      typedef struct {
+ *              int type;
+ *              union {
+ *                      ASN1_SOMETHING *opt1;
+ *                      ASN1_SOMEOTHER *opt2;
+ *              } value;
+ *      } chname;
+ *
+ *      the name of the selector must be 'type'.
+ *      to use an alternative selector name use the
+ *      ASN1_CHOICE_END_selector() version.
+ */
+
+# define ASN1_CHOICE(tname) \
+        static const ASN1_TEMPLATE tname##_ch_tt[]
+
+# define ASN1_CHOICE_cb(tname, cb) \
+        static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
+        ASN1_CHOICE(tname)
+
+# define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname)
+
+# define static_ASN1_CHOICE_END(stname) static_ASN1_CHOICE_END_name(stname, stname)
+
+# define ASN1_CHOICE_END_name(stname, tname) ASN1_CHOICE_END_selector(stname, tname, type)
+
+# define static_ASN1_CHOICE_END_name(stname, tname) static_ASN1_CHOICE_END_selector(stname, tname, type)
+
+# define ASN1_CHOICE_END_selector(stname, tname, selname) \
+        ;\
+        ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_CHOICE,\
+                offsetof(stname,selname) ,\
+                tname##_ch_tt,\
+                sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\
+                NULL,\
+                sizeof(stname),\
+                #stname \
+        ASN1_ITEM_end(tname)
+
+# define static_ASN1_CHOICE_END_selector(stname, tname, selname) \
+        ;\
+        static_ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_CHOICE,\
+                offsetof(stname,selname) ,\
+                tname##_ch_tt,\
+                sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\
+                NULL,\
+                sizeof(stname),\
+                #stname \
+        ASN1_ITEM_end(tname)
+
+# define ASN1_CHOICE_END_cb(stname, tname, selname) \
+        ;\
+        ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_CHOICE,\
+                offsetof(stname,selname) ,\
+                tname##_ch_tt,\
+                sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\
+                &tname##_aux,\
+                sizeof(stname),\
+                #stname \
+        ASN1_ITEM_end(tname)
+
+/* This helps with the template wrapper form of ASN1_ITEM */
+
+# define ASN1_EX_TEMPLATE_TYPE(flags, tag, name, type) { \
+        (flags), (tag), 0,\
+        #name, ASN1_ITEM_ref(type) }
+
+/* These help with SEQUENCE or CHOICE components */
+
+/* used to declare other types */
+
+# define ASN1_EX_TYPE(flags, tag, stname, field, type) { \
+        (flags), (tag), offsetof(stname, field),\
+        #field, ASN1_ITEM_ref(type) }
+
+/* implicit and explicit helper macros */
+
+# define ASN1_IMP_EX(stname, field, type, tag, ex) \
+         ASN1_EX_TYPE(ASN1_TFLG_IMPLICIT | (ex), tag, stname, field, type)
+
+# define ASN1_EXP_EX(stname, field, type, tag, ex) \
+         ASN1_EX_TYPE(ASN1_TFLG_EXPLICIT | (ex), tag, stname, field, type)
+
+/* Any defined by macros: the field used is in the table itself */
+
+# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
+#  define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) }
+#  define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) }
+# else
+#  define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, tblname##_adb }
+#  define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, tblname##_adb }
+# endif
+/* Plain simple type */
+# define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0,0, stname, field, type)
+/* Embedded simple type */
+# define ASN1_EMBED(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_EMBED,0, stname, field, type)
+
+/* OPTIONAL simple type */
+# define ASN1_OPT(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type)
+# define ASN1_OPT_EMBED(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL|ASN1_TFLG_EMBED, 0, stname, field, type)
+
+/* IMPLICIT tagged simple type */
+# define ASN1_IMP(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, 0)
+# define ASN1_IMP_EMBED(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_EMBED)
+
+/* IMPLICIT tagged OPTIONAL simple type */
+# define ASN1_IMP_OPT(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)
+# define ASN1_IMP_OPT_EMBED(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_EMBED)
+
+/* Same as above but EXPLICIT */
+
+# define ASN1_EXP(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, 0)
+# define ASN1_EXP_EMBED(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_EMBED)
+# define ASN1_EXP_OPT(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)
+# define ASN1_EXP_OPT_EMBED(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_EMBED)
+
+/* SEQUENCE OF type */
+# define ASN1_SEQUENCE_OF(stname, field, type) \
+                ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, stname, field, type)
+
+/* OPTIONAL SEQUENCE OF */
+# define ASN1_SEQUENCE_OF_OPT(stname, field, type) \
+                ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type)
+
+/* Same as above but for SET OF */
+
+# define ASN1_SET_OF(stname, field, type) \
+                ASN1_EX_TYPE(ASN1_TFLG_SET_OF, 0, stname, field, type)
+
+# define ASN1_SET_OF_OPT(stname, field, type) \
+                ASN1_EX_TYPE(ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type)
+
+/* Finally compound types of SEQUENCE, SET, IMPLICIT, EXPLICIT and OPTIONAL */
+
+# define ASN1_IMP_SET_OF(stname, field, type, tag) \
+                        ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF)
+
+# define ASN1_EXP_SET_OF(stname, field, type, tag) \
+                        ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF)
+
+# define ASN1_IMP_SET_OF_OPT(stname, field, type, tag) \
+                        ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL)
+
+# define ASN1_EXP_SET_OF_OPT(stname, field, type, tag) \
+                        ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL)
+
+# define ASN1_IMP_SEQUENCE_OF(stname, field, type, tag) \
+                        ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF)
+
+# define ASN1_IMP_SEQUENCE_OF_OPT(stname, field, type, tag) \
+                        ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)
+
+# define ASN1_EXP_SEQUENCE_OF(stname, field, type, tag) \
+                        ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF)
+
+# define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \
+                        ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)
+
+/* EXPLICIT using indefinite length constructed form */
+# define ASN1_NDEF_EXP(stname, field, type, tag) \
+                        ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_NDEF)
+
+/* EXPLICIT OPTIONAL using indefinite length constructed form */
+# define ASN1_NDEF_EXP_OPT(stname, field, type, tag) \
+                        ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_NDEF)
+
+/* Macros for the ASN1_ADB structure */
+
+# define ASN1_ADB(name) \
+        static const ASN1_ADB_TABLE name##_adbtbl[]
+
+# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#  define ASN1_ADB_END(name, flags, field, adb_cb, def, none) \
+        ;\
+        static const ASN1_ADB name##_adb = {\
+                flags,\
+                offsetof(name, field),\
+                adb_cb,\
+                name##_adbtbl,\
+                sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\
+                def,\
+                none\
+        }
+
+# else
+
+#  define ASN1_ADB_END(name, flags, field, adb_cb, def, none) \
+        ;\
+        static const ASN1_ITEM *name##_adb(void) \
+        { \
+        static const ASN1_ADB internal_adb = \
+                {\
+                flags,\
+                offsetof(name, field),\
+                adb_cb,\
+                name##_adbtbl,\
+                sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\
+                def,\
+                none\
+                }; \
+                return (const ASN1_ITEM *) &internal_adb; \
+        } \
+        void dummy_function(void)
+
+# endif
+
+# define ADB_ENTRY(val, template) {val, template}
+
+# define ASN1_ADB_TEMPLATE(name) \
+        static const ASN1_TEMPLATE name##_tt
+
+/*
+ * This is the ASN1 template structure that defines a wrapper round the
+ * actual type. It determines the actual position of the field in the value
+ * structure, various flags such as OPTIONAL and the field name.
+ */
+
+struct ASN1_TEMPLATE_st {
+    unsigned long flags;        /* Various flags */
+    long tag;                   /* tag, not used if no tagging */
+    unsigned long offset;       /* Offset of this field in structure */
+    const char *field_name;     /* Field name */
+    ASN1_ITEM_EXP *item;        /* Relevant ASN1_ITEM or ASN1_ADB */
+};
+
+/* Macro to extract ASN1_ITEM and ASN1_ADB pointer from ASN1_TEMPLATE */
+
+# define ASN1_TEMPLATE_item(t) (t->item_ptr)
+# define ASN1_TEMPLATE_adb(t) (t->item_ptr)
+
+typedef struct ASN1_ADB_TABLE_st ASN1_ADB_TABLE;
+typedef struct ASN1_ADB_st ASN1_ADB;
+
+struct ASN1_ADB_st {
+    unsigned long flags;        /* Various flags */
+    unsigned long offset;       /* Offset of selector field */
+    int (*adb_cb)(long *psel);  /* Application callback */
+    const ASN1_ADB_TABLE *tbl;  /* Table of possible types */
+    long tblcount;              /* Number of entries in tbl */
+    const ASN1_TEMPLATE *default_tt; /* Type to use if no match */
+    const ASN1_TEMPLATE *null_tt; /* Type to use if selector is NULL */
+};
+
+struct ASN1_ADB_TABLE_st {
+    long value;                 /* NID for an object or value for an int */
+    const ASN1_TEMPLATE tt;     /* item for this value */
+};
+
+/* template flags */
+
+/* Field is optional */
+# define ASN1_TFLG_OPTIONAL      (0x1)
+
+/* Field is a SET OF */
+# define ASN1_TFLG_SET_OF        (0x1 << 1)
+
+/* Field is a SEQUENCE OF */
+# define ASN1_TFLG_SEQUENCE_OF   (0x2 << 1)
+
+/*
+ * Special case: this refers to a SET OF that will be sorted into DER order
+ * when encoded *and* the corresponding STACK will be modified to match the
+ * new order.
+ */
+# define ASN1_TFLG_SET_ORDER     (0x3 << 1)
+
+/* Mask for SET OF or SEQUENCE OF */
+# define ASN1_TFLG_SK_MASK       (0x3 << 1)
+
+/*
+ * These flags mean the tag should be taken from the tag field. If EXPLICIT
+ * then the underlying type is used for the inner tag.
+ */
+
+/* IMPLICIT tagging */
+# define ASN1_TFLG_IMPTAG        (0x1 << 3)
+
+/* EXPLICIT tagging, inner tag from underlying type */
+# define ASN1_TFLG_EXPTAG        (0x2 << 3)
+
+# define ASN1_TFLG_TAG_MASK      (0x3 << 3)
+
+/* context specific IMPLICIT */
+# define ASN1_TFLG_IMPLICIT      (ASN1_TFLG_IMPTAG|ASN1_TFLG_CONTEXT)
+
+/* context specific EXPLICIT */
+# define ASN1_TFLG_EXPLICIT      (ASN1_TFLG_EXPTAG|ASN1_TFLG_CONTEXT)
+
+/*
+ * If tagging is in force these determine the type of tag to use. Otherwise
+ * the tag is determined by the underlying type. These values reflect the
+ * actual octet format.
+ */
+
+/* Universal tag */
+# define ASN1_TFLG_UNIVERSAL     (0x0<<6)
+/* Application tag */
+# define ASN1_TFLG_APPLICATION   (0x1<<6)
+/* Context specific tag */
+# define ASN1_TFLG_CONTEXT       (0x2<<6)
+/* Private tag */
+# define ASN1_TFLG_PRIVATE       (0x3<<6)
+
+# define ASN1_TFLG_TAG_CLASS     (0x3<<6)
+
+/*
+ * These are for ANY DEFINED BY type. In this case the 'item' field points to
+ * an ASN1_ADB structure which contains a table of values to decode the
+ * relevant type
+ */
+
+# define ASN1_TFLG_ADB_MASK      (0x3<<8)
+
+# define ASN1_TFLG_ADB_OID       (0x1<<8)
+
+# define ASN1_TFLG_ADB_INT       (0x1<<9)
+
+/*
+ * This flag when present in a SEQUENCE OF, SET OF or EXPLICIT causes
+ * indefinite length constructed encoding to be used if required.
+ */
+
+# define ASN1_TFLG_NDEF          (0x1<<11)
+
+/* Field is embedded and not a pointer */
+# define ASN1_TFLG_EMBED         (0x1 << 12)
+
+/* This is the actual ASN1 item itself */
+
+struct ASN1_ITEM_st {
+    char itype;                 /* The item type, primitive, SEQUENCE, CHOICE
+                                 * or extern */
+    long utype;                 /* underlying type */
+    const ASN1_TEMPLATE *templates; /* If SEQUENCE or CHOICE this contains
+                                     * the contents */
+    long tcount;                /* Number of templates if SEQUENCE or CHOICE */
+    const void *funcs;          /* functions that handle this type */
+    long size;                  /* Structure size (usually) */
+    const char *sname;          /* Structure name */
+};
+
+/*-
+ * These are values for the itype field and
+ * determine how the type is interpreted.
+ *
+ * For PRIMITIVE types the underlying type
+ * determines the behaviour if items is NULL.
+ *
+ * Otherwise templates must contain a single
+ * template and the type is treated in the
+ * same way as the type specified in the template.
+ *
+ * For SEQUENCE types the templates field points
+ * to the members, the size field is the
+ * structure size.
+ *
+ * For CHOICE types the templates field points
+ * to each possible member (typically a union)
+ * and the 'size' field is the offset of the
+ * selector.
+ *
+ * The 'funcs' field is used for application
+ * specific functions.
+ *
+ * The EXTERN type uses a new style d2i/i2d.
+ * The new style should be used where possible
+ * because it avoids things like the d2i IMPLICIT
+ * hack.
+ *
+ * MSTRING is a multiple string type, it is used
+ * for a CHOICE of character strings where the
+ * actual strings all occupy an ASN1_STRING
+ * structure. In this case the 'utype' field
+ * has a special meaning, it is used as a mask
+ * of acceptable types using the B_ASN1 constants.
+ *
+ * NDEF_SEQUENCE is the same as SEQUENCE except
+ * that it will use indefinite length constructed
+ * encoding if requested.
+ *
+ */
+
+# define ASN1_ITYPE_PRIMITIVE            0x0
+
+# define ASN1_ITYPE_SEQUENCE             0x1
+
+# define ASN1_ITYPE_CHOICE               0x2
+
+# define ASN1_ITYPE_EXTERN               0x4
+
+# define ASN1_ITYPE_MSTRING              0x5
+
+# define ASN1_ITYPE_NDEF_SEQUENCE        0x6
+
+/*
+ * Cache for ASN1 tag and length, so we don't keep re-reading it for things
+ * like CHOICE
+ */
+
+struct ASN1_TLC_st {
+    char valid;                 /* Values below are valid */
+    int ret;                    /* return value */
+    long plen;                  /* length */
+    int ptag;                   /* class value */
+    int pclass;                 /* class value */
+    int hdrlen;                 /* header length */
+};
+
+/* Typedefs for ASN1 function pointers */
+typedef int ASN1_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
+                        const ASN1_ITEM *it, int tag, int aclass, char opt,
+                        ASN1_TLC *ctx);
+
+typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
+                        const ASN1_ITEM *it, int tag, int aclass);
+typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
+typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+typedef int ASN1_ex_print_func(BIO *out, ASN1_VALUE **pval,
+                               int indent, const char *fname,
+                               const ASN1_PCTX *pctx);
+
+typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont,
+                               int *putype, const ASN1_ITEM *it);
+typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, const unsigned char *cont,
+                               int len, int utype, char *free_cont,
+                               const ASN1_ITEM *it);
+typedef int ASN1_primitive_print(BIO *out, ASN1_VALUE **pval,
+                                 const ASN1_ITEM *it, int indent,
+                                 const ASN1_PCTX *pctx);
+
+typedef struct ASN1_EXTERN_FUNCS_st {
+    void *app_data;
+    ASN1_ex_new_func *asn1_ex_new;
+    ASN1_ex_free_func *asn1_ex_free;
+    ASN1_ex_free_func *asn1_ex_clear;
+    ASN1_ex_d2i *asn1_ex_d2i;
+    ASN1_ex_i2d *asn1_ex_i2d;
+    ASN1_ex_print_func *asn1_ex_print;
+} ASN1_EXTERN_FUNCS;
+
+typedef struct ASN1_PRIMITIVE_FUNCS_st {
+    void *app_data;
+    unsigned long flags;
+    ASN1_ex_new_func *prim_new;
+    ASN1_ex_free_func *prim_free;
+    ASN1_ex_free_func *prim_clear;
+    ASN1_primitive_c2i *prim_c2i;
+    ASN1_primitive_i2c *prim_i2c;
+    ASN1_primitive_print *prim_print;
+} ASN1_PRIMITIVE_FUNCS;
+
+/*
+ * This is the ASN1_AUX structure: it handles various miscellaneous
+ * requirements. For example the use of reference counts and an informational
+ * callback. The "informational callback" is called at various points during
+ * the ASN1 encoding and decoding. It can be used to provide minor
+ * customisation of the structures used. This is most useful where the
+ * supplied routines *almost* do the right thing but need some extra help at
+ * a few points. If the callback returns zero then it is assumed a fatal
+ * error has occurred and the main operation should be abandoned. If major
+ * changes in the default behaviour are required then an external type is
+ * more appropriate.
+ */
+
+typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it,
+                        void *exarg);
+
+typedef struct ASN1_AUX_st {
+    void *app_data;
+    int flags;
+    int ref_offset;             /* Offset of reference value */
+    int ref_lock;               /* Lock type to use */
+    ASN1_aux_cb *asn1_cb;
+    int enc_offset;             /* Offset of ASN1_ENCODING structure */
+} ASN1_AUX;
+
+/* For print related callbacks exarg points to this structure */
+typedef struct ASN1_PRINT_ARG_st {
+    BIO *out;
+    int indent;
+    const ASN1_PCTX *pctx;
+} ASN1_PRINT_ARG;
+
+/* For streaming related callbacks exarg points to this structure */
+typedef struct ASN1_STREAM_ARG_st {
+    /* BIO to stream through */
+    BIO *out;
+    /* BIO with filters appended */
+    BIO *ndef_bio;
+    /* Streaming I/O boundary */
+    unsigned char **boundary;
+} ASN1_STREAM_ARG;
+
+/* Flags in ASN1_AUX */
+
+/* Use a reference count */
+# define ASN1_AFLG_REFCOUNT      1
+/* Save the encoding of structure (useful for signatures) */
+# define ASN1_AFLG_ENCODING      2
+/* The Sequence length is invalid */
+# define ASN1_AFLG_BROKEN        4
+
+/* operation values for asn1_cb */
+
+# define ASN1_OP_NEW_PRE         0
+# define ASN1_OP_NEW_POST        1
+# define ASN1_OP_FREE_PRE        2
+# define ASN1_OP_FREE_POST       3
+# define ASN1_OP_D2I_PRE         4
+# define ASN1_OP_D2I_POST        5
+# define ASN1_OP_I2D_PRE         6
+# define ASN1_OP_I2D_POST        7
+# define ASN1_OP_PRINT_PRE       8
+# define ASN1_OP_PRINT_POST      9
+# define ASN1_OP_STREAM_PRE      10
+# define ASN1_OP_STREAM_POST     11
+# define ASN1_OP_DETACHED_PRE    12
+# define ASN1_OP_DETACHED_POST   13
+
+/* Macro to implement a primitive type */
+# define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0)
+# define IMPLEMENT_ASN1_TYPE_ex(itname, vname, ex) \
+                                ASN1_ITEM_start(itname) \
+                                        ASN1_ITYPE_PRIMITIVE, V_##vname, NULL, 0, NULL, ex, #itname \
+                                ASN1_ITEM_end(itname)
+
+/* Macro to implement a multi string type */
+# define IMPLEMENT_ASN1_MSTRING(itname, mask) \
+                                ASN1_ITEM_start(itname) \
+                                        ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname \
+                                ASN1_ITEM_end(itname)
+
+# define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \
+        ASN1_ITEM_start(sname) \
+                ASN1_ITYPE_EXTERN, \
+                tag, \
+                NULL, \
+                0, \
+                &fptrs, \
+                0, \
+                #sname \
+        ASN1_ITEM_end(sname)
+
+/* Macro to implement standard functions in terms of ASN1_ITEM structures */
+
+# define IMPLEMENT_ASN1_FUNCTIONS(stname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, stname, stname)
+
+# define IMPLEMENT_ASN1_FUNCTIONS_name(stname, itname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, itname)
+
+# define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \
+                        IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname)
+
+# define IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(stname) \
+                IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(static, stname, stname, stname)
+
+# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname) \
+                IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname)
+
+# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(pre, stname, itname, fname) \
+        pre stname *fname##_new(void) \
+        { \
+                return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \
+        } \
+        pre void fname##_free(stname *a) \
+        { \
+                ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \
+        }
+
+# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \
+        stname *fname##_new(void) \
+        { \
+                return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \
+        } \
+        void fname##_free(stname *a) \
+        { \
+                ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \
+        }
+
+# define IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, fname) \
+        IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \
+        IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)
+
+# define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \
+        stname *d2i_##fname(stname **a, const unsigned char **in, long len) \
+        { \
+                return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\
+        } \
+        int i2d_##fname(stname *a, unsigned char **out) \
+        { \
+                return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
+        }
+
+# define IMPLEMENT_ASN1_NDEF_FUNCTION(stname) \
+        int i2d_##stname##_NDEF(stname *a, unsigned char **out) \
+        { \
+                return ASN1_item_ndef_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(stname));\
+        }
+
+# define IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(stname) \
+        static stname *d2i_##stname(stname **a, \
+                                   const unsigned char **in, long len) \
+        { \
+                return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, \
+                                               ASN1_ITEM_rptr(stname)); \
+        } \
+        static int i2d_##stname(stname *a, unsigned char **out) \
+        { \
+                return ASN1_item_i2d((ASN1_VALUE *)a, out, \
+                                     ASN1_ITEM_rptr(stname)); \
+        }
+
+/*
+ * This includes evil casts to remove const: they will go away when full ASN1
+ * constification is done.
+ */
+# define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
+        stname *d2i_##fname(stname **a, const unsigned char **in, long len) \
+        { \
+                return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\
+        } \
+        int i2d_##fname(const stname *a, unsigned char **out) \
+        { \
+                return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
+        }
+
+# define IMPLEMENT_ASN1_DUP_FUNCTION(stname) \
+        stname * stname##_dup(stname *x) \
+        { \
+        return ASN1_item_dup(ASN1_ITEM_rptr(stname), x); \
+        }
+
+# define IMPLEMENT_ASN1_PRINT_FUNCTION(stname) \
+        IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, stname, stname)
+
+# define IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, itname, fname) \
+        int fname##_print_ctx(BIO *out, stname *x, int indent, \
+                                                const ASN1_PCTX *pctx) \
+        { \
+                return ASN1_item_print(out, (ASN1_VALUE *)x, indent, \
+                        ASN1_ITEM_rptr(itname), pctx); \
+        }
+
+# define IMPLEMENT_ASN1_FUNCTIONS_const(name) \
+                IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name)
+
+# define IMPLEMENT_ASN1_FUNCTIONS_const_fname(stname, itname, fname) \
+        IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
+        IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)
+
+/* external definitions for primitive types */
+
+DECLARE_ASN1_ITEM(ASN1_BOOLEAN)
+DECLARE_ASN1_ITEM(ASN1_TBOOLEAN)
+DECLARE_ASN1_ITEM(ASN1_FBOOLEAN)
+DECLARE_ASN1_ITEM(ASN1_SEQUENCE)
+DECLARE_ASN1_ITEM(CBIGNUM)
+DECLARE_ASN1_ITEM(BIGNUM)
+DECLARE_ASN1_ITEM(INT32)
+DECLARE_ASN1_ITEM(ZINT32)
+DECLARE_ASN1_ITEM(UINT32)
+DECLARE_ASN1_ITEM(ZUINT32)
+DECLARE_ASN1_ITEM(INT64)
+DECLARE_ASN1_ITEM(ZINT64)
+DECLARE_ASN1_ITEM(UINT64)
+DECLARE_ASN1_ITEM(ZUINT64)
+
+# if OPENSSL_API_COMPAT < 0x10200000L
+/*
+ * LONG and ZLONG are strongly discouraged for use as stored data, as the
+ * underlying C type (long) differs in size depending on the architecture.
+ * They are designed with 32-bit longs in mind.
+ */
+DECLARE_ASN1_ITEM(LONG)
+DECLARE_ASN1_ITEM(ZLONG)
+# endif
+
+DEFINE_STACK_OF(ASN1_VALUE)
+
+/* Functions used internally by the ASN1 code */
+
+int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
+void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
+                     const ASN1_ITEM *it, int tag, int aclass, char opt,
+                     ASN1_TLC *ctx);
+
+int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
+                     const ASN1_ITEM *it, int tag, int aclass);
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/async.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/async.h
new file mode 100644
index 000000000..7052b8905
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/async.h
@@ -0,0 +1,76 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdlib.h>
+
+#ifndef HEADER_ASYNC_H
+# define HEADER_ASYNC_H
+
+#if defined(_WIN32)
+# if defined(BASETYPES) || defined(_WINDEF_H)
+/* application has to include <windows.h> to use this */
+#define OSSL_ASYNC_FD       HANDLE
+#define OSSL_BAD_ASYNC_FD   INVALID_HANDLE_VALUE
+# endif
+#else
+#define OSSL_ASYNC_FD       int
+#define OSSL_BAD_ASYNC_FD   -1
+#endif
+# include <openssl/asyncerr.h>
+
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+typedef struct async_job_st ASYNC_JOB;
+typedef struct async_wait_ctx_st ASYNC_WAIT_CTX;
+
+#define ASYNC_ERR      0
+#define ASYNC_NO_JOBS  1
+#define ASYNC_PAUSE    2
+#define ASYNC_FINISH   3
+
+int ASYNC_init_thread(size_t max_size, size_t init_size);
+void ASYNC_cleanup_thread(void);
+
+#ifdef OSSL_ASYNC_FD
+ASYNC_WAIT_CTX *ASYNC_WAIT_CTX_new(void);
+void ASYNC_WAIT_CTX_free(ASYNC_WAIT_CTX *ctx);
+int ASYNC_WAIT_CTX_set_wait_fd(ASYNC_WAIT_CTX *ctx, const void *key,
+                               OSSL_ASYNC_FD fd,
+                               void *custom_data,
+                               void (*cleanup)(ASYNC_WAIT_CTX *, const void *,
+                                               OSSL_ASYNC_FD, void *));
+int ASYNC_WAIT_CTX_get_fd(ASYNC_WAIT_CTX *ctx, const void *key,
+                        OSSL_ASYNC_FD *fd, void **custom_data);
+int ASYNC_WAIT_CTX_get_all_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *fd,
+                               size_t *numfds);
+int ASYNC_WAIT_CTX_get_changed_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *addfd,
+                                   size_t *numaddfds, OSSL_ASYNC_FD *delfd,
+                                   size_t *numdelfds);
+int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key);
+#endif
+
+int ASYNC_is_capable(void);
+
+int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret,
+                    int (*func)(void *), void *args, size_t size);
+int ASYNC_pause_job(void);
+
+ASYNC_JOB *ASYNC_get_current_job(void);
+ASYNC_WAIT_CTX *ASYNC_get_wait_ctx(ASYNC_JOB *job);
+void ASYNC_block_pause(void);
+void ASYNC_unblock_pause(void);
+
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/asyncerr.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/asyncerr.h
new file mode 100644
index 000000000..5497ba752
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/asyncerr.h
@@ -0,0 +1,38 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_ASYNCERR_H
+# define HEADER_ASYNCERR_H
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_ASYNC_strings(void);
+
+/*
+ * ASYNC function codes.
+ */
+# define ASYNC_F_ASYNC_CTX_NEW                            100
+# define ASYNC_F_ASYNC_INIT_THREAD                        101
+# define ASYNC_F_ASYNC_JOB_NEW                            102
+# define ASYNC_F_ASYNC_PAUSE_JOB                          103
+# define ASYNC_F_ASYNC_START_FUNC                         104
+# define ASYNC_F_ASYNC_START_JOB                          105
+# define ASYNC_F_ASYNC_WAIT_CTX_SET_WAIT_FD               106
+
+/*
+ * ASYNC reason codes.
+ */
+# define ASYNC_R_FAILED_TO_SET_POOL                       101
+# define ASYNC_R_FAILED_TO_SWAP_CONTEXT                   102
+# define ASYNC_R_INIT_FAILED                              105
+# define ASYNC_R_INVALID_POOL_SIZE                        103
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/bio.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/bio.h
new file mode 100644
index 000000000..2888b42da
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/bio.h
@@ -0,0 +1,804 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_BIO_H
+# define HEADER_BIO_H
+
+# include <openssl/e_os2.h>
+
+# ifndef OPENSSL_NO_STDIO
+#  include <stdio.h>
+# endif
+# include <stdarg.h>
+
+# include <openssl/crypto.h>
+# include <openssl/bioerr.h>
+
+# ifndef OPENSSL_NO_SCTP
+#  include <openssl/e_os2.h>
+# endif
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* There are the classes of BIOs */
+# define BIO_TYPE_DESCRIPTOR     0x0100 /* socket, fd, connect or accept */
+# define BIO_TYPE_FILTER         0x0200
+# define BIO_TYPE_SOURCE_SINK    0x0400
+
+/* These are the 'types' of BIOs */
+# define BIO_TYPE_NONE             0
+# define BIO_TYPE_MEM            ( 1|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_FILE           ( 2|BIO_TYPE_SOURCE_SINK)
+
+# define BIO_TYPE_FD             ( 4|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
+# define BIO_TYPE_SOCKET         ( 5|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
+# define BIO_TYPE_NULL           ( 6|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_SSL            ( 7|BIO_TYPE_FILTER)
+# define BIO_TYPE_MD             ( 8|BIO_TYPE_FILTER)
+# define BIO_TYPE_BUFFER         ( 9|BIO_TYPE_FILTER)
+# define BIO_TYPE_CIPHER         (10|BIO_TYPE_FILTER)
+# define BIO_TYPE_BASE64         (11|BIO_TYPE_FILTER)
+# define BIO_TYPE_CONNECT        (12|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
+# define BIO_TYPE_ACCEPT         (13|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
+
+# define BIO_TYPE_NBIO_TEST      (16|BIO_TYPE_FILTER)/* server proxy BIO */
+# define BIO_TYPE_NULL_FILTER    (17|BIO_TYPE_FILTER)
+# define BIO_TYPE_BIO            (19|BIO_TYPE_SOURCE_SINK)/* half a BIO pair */
+# define BIO_TYPE_LINEBUFFER     (20|BIO_TYPE_FILTER)
+# define BIO_TYPE_DGRAM          (21|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
+# define BIO_TYPE_ASN1           (22|BIO_TYPE_FILTER)
+# define BIO_TYPE_COMP           (23|BIO_TYPE_FILTER)
+# ifndef OPENSSL_NO_SCTP
+#  define BIO_TYPE_DGRAM_SCTP    (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
+# endif
+
+#define BIO_TYPE_START           128
+
+/*
+ * BIO_FILENAME_READ|BIO_CLOSE to open or close on free.
+ * BIO_set_fp(in,stdin,BIO_NOCLOSE);
+ */
+# define BIO_NOCLOSE             0x00
+# define BIO_CLOSE               0x01
+
+/*
+ * These are used in the following macros and are passed to BIO_ctrl()
+ */
+# define BIO_CTRL_RESET          1/* opt - rewind/zero etc */
+# define BIO_CTRL_EOF            2/* opt - are we at the eof */
+# define BIO_CTRL_INFO           3/* opt - extra tit-bits */
+# define BIO_CTRL_SET            4/* man - set the 'IO' type */
+# define BIO_CTRL_GET            5/* man - get the 'IO' type */
+# define BIO_CTRL_PUSH           6/* opt - internal, used to signify change */
+# define BIO_CTRL_POP            7/* opt - internal, used to signify change */
+# define BIO_CTRL_GET_CLOSE      8/* man - set the 'close' on free */
+# define BIO_CTRL_SET_CLOSE      9/* man - set the 'close' on free */
+# define BIO_CTRL_PENDING        10/* opt - is their more data buffered */
+# define BIO_CTRL_FLUSH          11/* opt - 'flush' buffered output */
+# define BIO_CTRL_DUP            12/* man - extra stuff for 'duped' BIO */
+# define BIO_CTRL_WPENDING       13/* opt - number of bytes still to write */
+# define BIO_CTRL_SET_CALLBACK   14/* opt - set callback function */
+# define BIO_CTRL_GET_CALLBACK   15/* opt - set callback function */
+
+# define BIO_CTRL_PEEK           29/* BIO_f_buffer special */
+# define BIO_CTRL_SET_FILENAME   30/* BIO_s_file special */
+
+/* dgram BIO stuff */
+# define BIO_CTRL_DGRAM_CONNECT       31/* BIO dgram special */
+# define BIO_CTRL_DGRAM_SET_CONNECTED 32/* allow for an externally connected
+                                         * socket to be passed in */
+# define BIO_CTRL_DGRAM_SET_RECV_TIMEOUT 33/* setsockopt, essentially */
+# define BIO_CTRL_DGRAM_GET_RECV_TIMEOUT 34/* getsockopt, essentially */
+# define BIO_CTRL_DGRAM_SET_SEND_TIMEOUT 35/* setsockopt, essentially */
+# define BIO_CTRL_DGRAM_GET_SEND_TIMEOUT 36/* getsockopt, essentially */
+
+# define BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP 37/* flag whether the last */
+# define BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP 38/* I/O operation tiemd out */
+
+/* #ifdef IP_MTU_DISCOVER */
+# define BIO_CTRL_DGRAM_MTU_DISCOVER       39/* set DF bit on egress packets */
+/* #endif */
+
+# define BIO_CTRL_DGRAM_QUERY_MTU          40/* as kernel for current MTU */
+# define BIO_CTRL_DGRAM_GET_FALLBACK_MTU   47
+# define BIO_CTRL_DGRAM_GET_MTU            41/* get cached value for MTU */
+# define BIO_CTRL_DGRAM_SET_MTU            42/* set cached value for MTU.
+                                              * want to use this if asking
+                                              * the kernel fails */
+
+# define BIO_CTRL_DGRAM_MTU_EXCEEDED       43/* check whether the MTU was
+                                              * exceed in the previous write
+                                              * operation */
+
+# define BIO_CTRL_DGRAM_GET_PEER           46
+# define BIO_CTRL_DGRAM_SET_PEER           44/* Destination for the data */
+
+# define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT   45/* Next DTLS handshake timeout
+                                              * to adjust socket timeouts */
+# define BIO_CTRL_DGRAM_SET_DONT_FRAG      48
+
+# define BIO_CTRL_DGRAM_GET_MTU_OVERHEAD   49
+
+/* Deliberately outside of OPENSSL_NO_SCTP - used in bss_dgram.c */
+#  define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE    50
+# ifndef OPENSSL_NO_SCTP
+/* SCTP stuff */
+#  define BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY                51
+#  define BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY               52
+#  define BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD               53
+#  define BIO_CTRL_DGRAM_SCTP_GET_SNDINFO         60
+#  define BIO_CTRL_DGRAM_SCTP_SET_SNDINFO         61
+#  define BIO_CTRL_DGRAM_SCTP_GET_RCVINFO         62
+#  define BIO_CTRL_DGRAM_SCTP_SET_RCVINFO         63
+#  define BIO_CTRL_DGRAM_SCTP_GET_PRINFO                  64
+#  define BIO_CTRL_DGRAM_SCTP_SET_PRINFO                  65
+#  define BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN               70
+# endif
+
+# define BIO_CTRL_DGRAM_SET_PEEK_MODE      71
+
+/* modifiers */
+# define BIO_FP_READ             0x02
+# define BIO_FP_WRITE            0x04
+# define BIO_FP_APPEND           0x08
+# define BIO_FP_TEXT             0x10
+
+# define BIO_FLAGS_READ          0x01
+# define BIO_FLAGS_WRITE         0x02
+# define BIO_FLAGS_IO_SPECIAL    0x04
+# define BIO_FLAGS_RWS (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL)
+# define BIO_FLAGS_SHOULD_RETRY  0x08
+# ifndef BIO_FLAGS_UPLINK
+/*
+ * "UPLINK" flag denotes file descriptors provided by application. It
+ * defaults to 0, as most platforms don't require UPLINK interface.
+ */
+#  define BIO_FLAGS_UPLINK        0
+# endif
+
+# define BIO_FLAGS_BASE64_NO_NL  0x100
+
+/*
+ * This is used with memory BIOs:
+ * BIO_FLAGS_MEM_RDONLY means we shouldn't free up or change the data in any way;
+ * BIO_FLAGS_NONCLEAR_RST means we shouldn't clear data on reset.
+ */
+# define BIO_FLAGS_MEM_RDONLY    0x200
+# define BIO_FLAGS_NONCLEAR_RST  0x400
+
+typedef union bio_addr_st BIO_ADDR;
+typedef struct bio_addrinfo_st BIO_ADDRINFO;
+
+int BIO_get_new_index(void);
+void BIO_set_flags(BIO *b, int flags);
+int BIO_test_flags(const BIO *b, int flags);
+void BIO_clear_flags(BIO *b, int flags);
+
+# define BIO_get_flags(b) BIO_test_flags(b, ~(0x0))
+# define BIO_set_retry_special(b) \
+                BIO_set_flags(b, (BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY))
+# define BIO_set_retry_read(b) \
+                BIO_set_flags(b, (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY))
+# define BIO_set_retry_write(b) \
+                BIO_set_flags(b, (BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY))
+
+/* These are normally used internally in BIOs */
+# define BIO_clear_retry_flags(b) \
+                BIO_clear_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY))
+# define BIO_get_retry_flags(b) \
+                BIO_test_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY))
+
+/* These should be used by the application to tell why we should retry */
+# define BIO_should_read(a)              BIO_test_flags(a, BIO_FLAGS_READ)
+# define BIO_should_write(a)             BIO_test_flags(a, BIO_FLAGS_WRITE)
+# define BIO_should_io_special(a)        BIO_test_flags(a, BIO_FLAGS_IO_SPECIAL)
+# define BIO_retry_type(a)               BIO_test_flags(a, BIO_FLAGS_RWS)
+# define BIO_should_retry(a)             BIO_test_flags(a, BIO_FLAGS_SHOULD_RETRY)
+
+/*
+ * The next three are used in conjunction with the BIO_should_io_special()
+ * condition.  After this returns true, BIO *BIO_get_retry_BIO(BIO *bio, int
+ * *reason); will walk the BIO stack and return the 'reason' for the special
+ * and the offending BIO. Given a BIO, BIO_get_retry_reason(bio) will return
+ * the code.
+ */
+/*
+ * Returned from the SSL bio when the certificate retrieval code had an error
+ */
+# define BIO_RR_SSL_X509_LOOKUP          0x01
+/* Returned from the connect BIO when a connect would have blocked */
+# define BIO_RR_CONNECT                  0x02
+/* Returned from the accept BIO when an accept would have blocked */
+# define BIO_RR_ACCEPT                   0x03
+
+/* These are passed by the BIO callback */
+# define BIO_CB_FREE     0x01
+# define BIO_CB_READ     0x02
+# define BIO_CB_WRITE    0x03
+# define BIO_CB_PUTS     0x04
+# define BIO_CB_GETS     0x05
+# define BIO_CB_CTRL     0x06
+
+/*
+ * The callback is called before and after the underling operation, The
+ * BIO_CB_RETURN flag indicates if it is after the call
+ */
+# define BIO_CB_RETURN   0x80
+# define BIO_CB_return(a) ((a)|BIO_CB_RETURN)
+# define BIO_cb_pre(a)   (!((a)&BIO_CB_RETURN))
+# define BIO_cb_post(a)  ((a)&BIO_CB_RETURN)
+
+typedef long (*BIO_callback_fn)(BIO *b, int oper, const char *argp, int argi,
+                                long argl, long ret);
+typedef long (*BIO_callback_fn_ex)(BIO *b, int oper, const char *argp,
+                                   size_t len, int argi,
+                                   long argl, int ret, size_t *processed);
+BIO_callback_fn BIO_get_callback(const BIO *b);
+void BIO_set_callback(BIO *b, BIO_callback_fn callback);
+
+BIO_callback_fn_ex BIO_get_callback_ex(const BIO *b);
+void BIO_set_callback_ex(BIO *b, BIO_callback_fn_ex callback);
+
+char *BIO_get_callback_arg(const BIO *b);
+void BIO_set_callback_arg(BIO *b, char *arg);
+
+typedef struct bio_method_st BIO_METHOD;
+
+const char *BIO_method_name(const BIO *b);
+int BIO_method_type(const BIO *b);
+
+typedef int BIO_info_cb(BIO *, int, int);
+typedef BIO_info_cb bio_info_cb;  /* backward compatibility */
+
+DEFINE_STACK_OF(BIO)
+
+/* Prefix and suffix callback in ASN1 BIO */
+typedef int asn1_ps_func (BIO *b, unsigned char **pbuf, int *plen,
+                          void *parg);
+
+# ifndef OPENSSL_NO_SCTP
+/* SCTP parameter structs */
+struct bio_dgram_sctp_sndinfo {
+    uint16_t snd_sid;
+    uint16_t snd_flags;
+    uint32_t snd_ppid;
+    uint32_t snd_context;
+};
+
+struct bio_dgram_sctp_rcvinfo {
+    uint16_t rcv_sid;
+    uint16_t rcv_ssn;
+    uint16_t rcv_flags;
+    uint32_t rcv_ppid;
+    uint32_t rcv_tsn;
+    uint32_t rcv_cumtsn;
+    uint32_t rcv_context;
+};
+
+struct bio_dgram_sctp_prinfo {
+    uint16_t pr_policy;
+    uint32_t pr_value;
+};
+# endif
+
+/*
+ * #define BIO_CONN_get_param_hostname BIO_ctrl
+ */
+
+# define BIO_C_SET_CONNECT                       100
+# define BIO_C_DO_STATE_MACHINE                  101
+# define BIO_C_SET_NBIO                          102
+/* # define BIO_C_SET_PROXY_PARAM                   103 */
+# define BIO_C_SET_FD                            104
+# define BIO_C_GET_FD                            105
+# define BIO_C_SET_FILE_PTR                      106
+# define BIO_C_GET_FILE_PTR                      107
+# define BIO_C_SET_FILENAME                      108
+# define BIO_C_SET_SSL                           109
+# define BIO_C_GET_SSL                           110
+# define BIO_C_SET_MD                            111
+# define BIO_C_GET_MD                            112
+# define BIO_C_GET_CIPHER_STATUS                 113
+# define BIO_C_SET_BUF_MEM                       114
+# define BIO_C_GET_BUF_MEM_PTR                   115
+# define BIO_C_GET_BUFF_NUM_LINES                116
+# define BIO_C_SET_BUFF_SIZE                     117
+# define BIO_C_SET_ACCEPT                        118
+# define BIO_C_SSL_MODE                          119
+# define BIO_C_GET_MD_CTX                        120
+/* # define BIO_C_GET_PROXY_PARAM                   121 */
+# define BIO_C_SET_BUFF_READ_DATA                122/* data to read first */
+# define BIO_C_GET_CONNECT                       123
+# define BIO_C_GET_ACCEPT                        124
+# define BIO_C_SET_SSL_RENEGOTIATE_BYTES         125
+# define BIO_C_GET_SSL_NUM_RENEGOTIATES          126
+# define BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT       127
+# define BIO_C_FILE_SEEK                         128
+# define BIO_C_GET_CIPHER_CTX                    129
+# define BIO_C_SET_BUF_MEM_EOF_RETURN            130/* return end of input
+                                                     * value */
+# define BIO_C_SET_BIND_MODE                     131
+# define BIO_C_GET_BIND_MODE                     132
+# define BIO_C_FILE_TELL                         133
+# define BIO_C_GET_SOCKS                         134
+# define BIO_C_SET_SOCKS                         135
+
+# define BIO_C_SET_WRITE_BUF_SIZE                136/* for BIO_s_bio */
+# define BIO_C_GET_WRITE_BUF_SIZE                137
+# define BIO_C_MAKE_BIO_PAIR                     138
+# define BIO_C_DESTROY_BIO_PAIR                  139
+# define BIO_C_GET_WRITE_GUARANTEE               140
+# define BIO_C_GET_READ_REQUEST                  141
+# define BIO_C_SHUTDOWN_WR                       142
+# define BIO_C_NREAD0                            143
+# define BIO_C_NREAD                             144
+# define BIO_C_NWRITE0                           145
+# define BIO_C_NWRITE                            146
+# define BIO_C_RESET_READ_REQUEST                147
+# define BIO_C_SET_MD_CTX                        148
+
+# define BIO_C_SET_PREFIX                        149
+# define BIO_C_GET_PREFIX                        150
+# define BIO_C_SET_SUFFIX                        151
+# define BIO_C_GET_SUFFIX                        152
+
+# define BIO_C_SET_EX_ARG                        153
+# define BIO_C_GET_EX_ARG                        154
+
+# define BIO_C_SET_CONNECT_MODE                  155
+
+# define BIO_set_app_data(s,arg)         BIO_set_ex_data(s,0,arg)
+# define BIO_get_app_data(s)             BIO_get_ex_data(s,0)
+
+# define BIO_set_nbio(b,n)             BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+
+# ifndef OPENSSL_NO_SOCK
+/* IP families we support, for BIO_s_connect() and BIO_s_accept() */
+/* Note: the underlying operating system may not support some of them */
+#  define BIO_FAMILY_IPV4                         4
+#  define BIO_FAMILY_IPV6                         6
+#  define BIO_FAMILY_IPANY                        256
+
+/* BIO_s_connect() */
+#  define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0, \
+                                                 (char *)(name))
+#  define BIO_set_conn_port(b,port)     BIO_ctrl(b,BIO_C_SET_CONNECT,1, \
+                                                 (char *)(port))
+#  define BIO_set_conn_address(b,addr)  BIO_ctrl(b,BIO_C_SET_CONNECT,2, \
+                                                 (char *)(addr))
+#  define BIO_set_conn_ip_family(b,f)   BIO_int_ctrl(b,BIO_C_SET_CONNECT,3,f)
+#  define BIO_get_conn_hostname(b)      ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0))
+#  define BIO_get_conn_port(b)          ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1))
+#  define BIO_get_conn_address(b)       ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2))
+#  define BIO_get_conn_ip_family(b)     BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL)
+#  define BIO_set_conn_mode(b,n)        BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL)
+
+/* BIO_s_accept() */
+#  define BIO_set_accept_name(b,name)   BIO_ctrl(b,BIO_C_SET_ACCEPT,0, \
+                                                 (char *)(name))
+#  define BIO_set_accept_port(b,port)   BIO_ctrl(b,BIO_C_SET_ACCEPT,1, \
+                                                 (char *)(port))
+#  define BIO_get_accept_name(b)        ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0))
+#  define BIO_get_accept_port(b)        ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,1))
+#  define BIO_get_peer_name(b)          ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,2))
+#  define BIO_get_peer_port(b)          ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,3))
+/* #define BIO_set_nbio(b,n)    BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */
+#  define BIO_set_nbio_accept(b,n)      BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(n)?(void *)"a":NULL)
+#  define BIO_set_accept_bios(b,bio)    BIO_ctrl(b,BIO_C_SET_ACCEPT,3, \
+                                                 (char *)(bio))
+#  define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f)
+#  define BIO_get_accept_ip_family(b)   BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL)
+
+/* Aliases kept for backward compatibility */
+#  define BIO_BIND_NORMAL                 0
+#  define BIO_BIND_REUSEADDR              BIO_SOCK_REUSEADDR
+#  define BIO_BIND_REUSEADDR_IF_UNUSED    BIO_SOCK_REUSEADDR
+#  define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL)
+#  define BIO_get_bind_mode(b)    BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL)
+
+/* BIO_s_accept() and BIO_s_connect() */
+#  define BIO_do_connect(b)       BIO_do_handshake(b)
+#  define BIO_do_accept(b)        BIO_do_handshake(b)
+# endif /* OPENSSL_NO_SOCK */
+
+# define BIO_do_handshake(b)     BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)
+
+/* BIO_s_datagram(), BIO_s_fd(), BIO_s_socket(), BIO_s_accept() and BIO_s_connect() */
+# define BIO_set_fd(b,fd,c)      BIO_int_ctrl(b,BIO_C_SET_FD,c,fd)
+# define BIO_get_fd(b,c)         BIO_ctrl(b,BIO_C_GET_FD,0,(char *)(c))
+
+/* BIO_s_file() */
+# define BIO_set_fp(b,fp,c)      BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)(fp))
+# define BIO_get_fp(b,fpp)       BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)(fpp))
+
+/* BIO_s_fd() and BIO_s_file() */
+# define BIO_seek(b,ofs) (int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL)
+# define BIO_tell(b)     (int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL)
+
+/*
+ * name is cast to lose const, but might be better to route through a
+ * function so we can do it safely
+ */
+# ifdef CONST_STRICT
+/*
+ * If you are wondering why this isn't defined, its because CONST_STRICT is
+ * purely a compile-time kludge to allow const to be checked.
+ */
+int BIO_read_filename(BIO *b, const char *name);
+# else
+#  define BIO_read_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \
+                BIO_CLOSE|BIO_FP_READ,(char *)(name))
+# endif
+# define BIO_write_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \
+                BIO_CLOSE|BIO_FP_WRITE,name)
+# define BIO_append_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \
+                BIO_CLOSE|BIO_FP_APPEND,name)
+# define BIO_rw_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \
+                BIO_CLOSE|BIO_FP_READ|BIO_FP_WRITE,name)
+
+/*
+ * WARNING WARNING, this ups the reference count on the read bio of the SSL
+ * structure.  This is because the ssl read BIO is now pointed to by the
+ * next_bio field in the bio.  So when you free the BIO, make sure you are
+ * doing a BIO_free_all() to catch the underlying BIO.
+ */
+# define BIO_set_ssl(b,ssl,c)    BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)(ssl))
+# define BIO_get_ssl(b,sslp)     BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)(sslp))
+# define BIO_set_ssl_mode(b,client)      BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL)
+# define BIO_set_ssl_renegotiate_bytes(b,num) \
+        BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL)
+# define BIO_get_num_renegotiates(b) \
+        BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL)
+# define BIO_set_ssl_renegotiate_timeout(b,seconds) \
+        BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL)
+
+/* defined in evp.h */
+/* #define BIO_set_md(b,md)     BIO_ctrl(b,BIO_C_SET_MD,1,(char *)(md)) */
+
+# define BIO_get_mem_data(b,pp)  BIO_ctrl(b,BIO_CTRL_INFO,0,(char *)(pp))
+# define BIO_set_mem_buf(b,bm,c) BIO_ctrl(b,BIO_C_SET_BUF_MEM,c,(char *)(bm))
+# define BIO_get_mem_ptr(b,pp)   BIO_ctrl(b,BIO_C_GET_BUF_MEM_PTR,0, \
+                                          (char *)(pp))
+# define BIO_set_mem_eof_return(b,v) \
+                                BIO_ctrl(b,BIO_C_SET_BUF_MEM_EOF_RETURN,v,NULL)
+
+/* For the BIO_f_buffer() type */
+# define BIO_get_buffer_num_lines(b)     BIO_ctrl(b,BIO_C_GET_BUFF_NUM_LINES,0,NULL)
+# define BIO_set_buffer_size(b,size)     BIO_ctrl(b,BIO_C_SET_BUFF_SIZE,size,NULL)
+# define BIO_set_read_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,0)
+# define BIO_set_write_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,1)
+# define BIO_set_buffer_read_data(b,buf,num) BIO_ctrl(b,BIO_C_SET_BUFF_READ_DATA,num,buf)
+
+/* Don't use the next one unless you know what you are doing :-) */
+# define BIO_dup_state(b,ret)    BIO_ctrl(b,BIO_CTRL_DUP,0,(char *)(ret))
+
+# define BIO_reset(b)            (int)BIO_ctrl(b,BIO_CTRL_RESET,0,NULL)
+# define BIO_eof(b)              (int)BIO_ctrl(b,BIO_CTRL_EOF,0,NULL)
+# define BIO_set_close(b,c)      (int)BIO_ctrl(b,BIO_CTRL_SET_CLOSE,(c),NULL)
+# define BIO_get_close(b)        (int)BIO_ctrl(b,BIO_CTRL_GET_CLOSE,0,NULL)
+# define BIO_pending(b)          (int)BIO_ctrl(b,BIO_CTRL_PENDING,0,NULL)
+# define BIO_wpending(b)         (int)BIO_ctrl(b,BIO_CTRL_WPENDING,0,NULL)
+/* ...pending macros have inappropriate return type */
+size_t BIO_ctrl_pending(BIO *b);
+size_t BIO_ctrl_wpending(BIO *b);
+# define BIO_flush(b)            (int)BIO_ctrl(b,BIO_CTRL_FLUSH,0,NULL)
+# define BIO_get_info_callback(b,cbp) (int)BIO_ctrl(b,BIO_CTRL_GET_CALLBACK,0, \
+                                                   cbp)
+# define BIO_set_info_callback(b,cb) (int)BIO_callback_ctrl(b,BIO_CTRL_SET_CALLBACK,cb)
+
+/* For the BIO_f_buffer() type */
+# define BIO_buffer_get_num_lines(b) BIO_ctrl(b,BIO_CTRL_GET,0,NULL)
+# define BIO_buffer_peek(b,s,l) BIO_ctrl(b,BIO_CTRL_PEEK,(l),(s))
+
+/* For BIO_s_bio() */
+# define BIO_set_write_buf_size(b,size) (int)BIO_ctrl(b,BIO_C_SET_WRITE_BUF_SIZE,size,NULL)
+# define BIO_get_write_buf_size(b,size) (size_t)BIO_ctrl(b,BIO_C_GET_WRITE_BUF_SIZE,size,NULL)
+# define BIO_make_bio_pair(b1,b2)   (int)BIO_ctrl(b1,BIO_C_MAKE_BIO_PAIR,0,b2)
+# define BIO_destroy_bio_pair(b)    (int)BIO_ctrl(b,BIO_C_DESTROY_BIO_PAIR,0,NULL)
+# define BIO_shutdown_wr(b) (int)BIO_ctrl(b, BIO_C_SHUTDOWN_WR, 0, NULL)
+/* macros with inappropriate type -- but ...pending macros use int too: */
+# define BIO_get_write_guarantee(b) (int)BIO_ctrl(b,BIO_C_GET_WRITE_GUARANTEE,0,NULL)
+# define BIO_get_read_request(b)    (int)BIO_ctrl(b,BIO_C_GET_READ_REQUEST,0,NULL)
+size_t BIO_ctrl_get_write_guarantee(BIO *b);
+size_t BIO_ctrl_get_read_request(BIO *b);
+int BIO_ctrl_reset_read_request(BIO *b);
+
+/* ctrl macros for dgram */
+# define BIO_ctrl_dgram_connect(b,peer)  \
+                     (int)BIO_ctrl(b,BIO_CTRL_DGRAM_CONNECT,0, (char *)(peer))
+# define BIO_ctrl_set_connected(b,peer) \
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_CONNECTED, 0, (char *)(peer))
+# define BIO_dgram_recv_timedout(b) \
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP, 0, NULL)
+# define BIO_dgram_send_timedout(b) \
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP, 0, NULL)
+# define BIO_dgram_get_peer(b,peer) \
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)(peer))
+# define BIO_dgram_set_peer(b,peer) \
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)(peer))
+# define BIO_dgram_get_mtu_overhead(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL)
+
+#define BIO_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO, l, p, newf, dupf, freef)
+int BIO_set_ex_data(BIO *bio, int idx, void *data);
+void *BIO_get_ex_data(BIO *bio, int idx);
+uint64_t BIO_number_read(BIO *bio);
+uint64_t BIO_number_written(BIO *bio);
+
+/* For BIO_f_asn1() */
+int BIO_asn1_set_prefix(BIO *b, asn1_ps_func *prefix,
+                        asn1_ps_func *prefix_free);
+int BIO_asn1_get_prefix(BIO *b, asn1_ps_func **pprefix,
+                        asn1_ps_func **pprefix_free);
+int BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix,
+                        asn1_ps_func *suffix_free);
+int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix,
+                        asn1_ps_func **psuffix_free);
+
+const BIO_METHOD *BIO_s_file(void);
+BIO *BIO_new_file(const char *filename, const char *mode);
+# ifndef OPENSSL_NO_STDIO
+BIO *BIO_new_fp(FILE *stream, int close_flag);
+# endif
+BIO *BIO_new(const BIO_METHOD *type);
+int BIO_free(BIO *a);
+void BIO_set_data(BIO *a, void *ptr);
+void *BIO_get_data(BIO *a);
+void BIO_set_init(BIO *a, int init);
+int BIO_get_init(BIO *a);
+void BIO_set_shutdown(BIO *a, int shut);
+int BIO_get_shutdown(BIO *a);
+void BIO_vfree(BIO *a);
+int BIO_up_ref(BIO *a);
+int BIO_read(BIO *b, void *data, int dlen);
+int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes);
+int BIO_gets(BIO *bp, char *buf, int size);
+int BIO_write(BIO *b, const void *data, int dlen);
+int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written);
+int BIO_puts(BIO *bp, const char *buf);
+int BIO_indent(BIO *b, int indent, int max);
+long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
+long BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp);
+void *BIO_ptr_ctrl(BIO *bp, int cmd, long larg);
+long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg);
+BIO *BIO_push(BIO *b, BIO *append);
+BIO *BIO_pop(BIO *b);
+void BIO_free_all(BIO *a);
+BIO *BIO_find_type(BIO *b, int bio_type);
+BIO *BIO_next(BIO *b);
+void BIO_set_next(BIO *b, BIO *next);
+BIO *BIO_get_retry_BIO(BIO *bio, int *reason);
+int BIO_get_retry_reason(BIO *bio);
+void BIO_set_retry_reason(BIO *bio, int reason);
+BIO *BIO_dup_chain(BIO *in);
+
+int BIO_nread0(BIO *bio, char **buf);
+int BIO_nread(BIO *bio, char **buf, int num);
+int BIO_nwrite0(BIO *bio, char **buf);
+int BIO_nwrite(BIO *bio, char **buf, int num);
+
+long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi,
+                        long argl, long ret);
+
+const BIO_METHOD *BIO_s_mem(void);
+const BIO_METHOD *BIO_s_secmem(void);
+BIO *BIO_new_mem_buf(const void *buf, int len);
+# ifndef OPENSSL_NO_SOCK
+const BIO_METHOD *BIO_s_socket(void);
+const BIO_METHOD *BIO_s_connect(void);
+const BIO_METHOD *BIO_s_accept(void);
+# endif
+const BIO_METHOD *BIO_s_fd(void);
+const BIO_METHOD *BIO_s_log(void);
+const BIO_METHOD *BIO_s_bio(void);
+const BIO_METHOD *BIO_s_null(void);
+const BIO_METHOD *BIO_f_null(void);
+const BIO_METHOD *BIO_f_buffer(void);
+const BIO_METHOD *BIO_f_linebuffer(void);
+const BIO_METHOD *BIO_f_nbio_test(void);
+# ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_datagram(void);
+int BIO_dgram_non_fatal_error(int error);
+BIO *BIO_new_dgram(int fd, int close_flag);
+#  ifndef OPENSSL_NO_SCTP
+const BIO_METHOD *BIO_s_datagram_sctp(void);
+BIO *BIO_new_dgram_sctp(int fd, int close_flag);
+int BIO_dgram_is_sctp(BIO *bio);
+int BIO_dgram_sctp_notification_cb(BIO *b,
+                                   void (*handle_notifications) (BIO *bio,
+                                                                 void *context,
+                                                                 void *buf),
+                                   void *context);
+int BIO_dgram_sctp_wait_for_dry(BIO *b);
+int BIO_dgram_sctp_msg_waiting(BIO *b);
+#  endif
+# endif
+
+# ifndef OPENSSL_NO_SOCK
+int BIO_sock_should_retry(int i);
+int BIO_sock_non_fatal_error(int error);
+# endif
+
+int BIO_fd_should_retry(int i);
+int BIO_fd_non_fatal_error(int error);
+int BIO_dump_cb(int (*cb) (const void *data, size_t len, void *u),
+                void *u, const char *s, int len);
+int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u),
+                       void *u, const char *s, int len, int indent);
+int BIO_dump(BIO *b, const char *bytes, int len);
+int BIO_dump_indent(BIO *b, const char *bytes, int len, int indent);
+# ifndef OPENSSL_NO_STDIO
+int BIO_dump_fp(FILE *fp, const char *s, int len);
+int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent);
+# endif
+int BIO_hex_string(BIO *out, int indent, int width, unsigned char *data,
+                   int datalen);
+
+# ifndef OPENSSL_NO_SOCK
+BIO_ADDR *BIO_ADDR_new(void);
+int BIO_ADDR_rawmake(BIO_ADDR *ap, int family,
+                     const void *where, size_t wherelen, unsigned short port);
+void BIO_ADDR_free(BIO_ADDR *);
+void BIO_ADDR_clear(BIO_ADDR *ap);
+int BIO_ADDR_family(const BIO_ADDR *ap);
+int BIO_ADDR_rawaddress(const BIO_ADDR *ap, void *p, size_t *l);
+unsigned short BIO_ADDR_rawport(const BIO_ADDR *ap);
+char *BIO_ADDR_hostname_string(const BIO_ADDR *ap, int numeric);
+char *BIO_ADDR_service_string(const BIO_ADDR *ap, int numeric);
+char *BIO_ADDR_path_string(const BIO_ADDR *ap);
+
+const BIO_ADDRINFO *BIO_ADDRINFO_next(const BIO_ADDRINFO *bai);
+int BIO_ADDRINFO_family(const BIO_ADDRINFO *bai);
+int BIO_ADDRINFO_socktype(const BIO_ADDRINFO *bai);
+int BIO_ADDRINFO_protocol(const BIO_ADDRINFO *bai);
+const BIO_ADDR *BIO_ADDRINFO_address(const BIO_ADDRINFO *bai);
+void BIO_ADDRINFO_free(BIO_ADDRINFO *bai);
+
+enum BIO_hostserv_priorities {
+    BIO_PARSE_PRIO_HOST, BIO_PARSE_PRIO_SERV
+};
+int BIO_parse_hostserv(const char *hostserv, char **host, char **service,
+                       enum BIO_hostserv_priorities hostserv_prio);
+enum BIO_lookup_type {
+    BIO_LOOKUP_CLIENT, BIO_LOOKUP_SERVER
+};
+int BIO_lookup(const char *host, const char *service,
+               enum BIO_lookup_type lookup_type,
+               int family, int socktype, BIO_ADDRINFO **res);
+int BIO_lookup_ex(const char *host, const char *service,
+                  int lookup_type, int family, int socktype, int protocol,
+                  BIO_ADDRINFO **res);
+int BIO_sock_error(int sock);
+int BIO_socket_ioctl(int fd, long type, void *arg);
+int BIO_socket_nbio(int fd, int mode);
+int BIO_sock_init(void);
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define BIO_sock_cleanup() while(0) continue
+# endif
+int BIO_set_tcp_ndelay(int sock, int turn_on);
+
+DEPRECATEDIN_1_1_0(struct hostent *BIO_gethostbyname(const char *name))
+DEPRECATEDIN_1_1_0(int BIO_get_port(const char *str, unsigned short *port_ptr))
+DEPRECATEDIN_1_1_0(int BIO_get_host_ip(const char *str, unsigned char *ip))
+DEPRECATEDIN_1_1_0(int BIO_get_accept_socket(char *host_port, int mode))
+DEPRECATEDIN_1_1_0(int BIO_accept(int sock, char **ip_port))
+
+union BIO_sock_info_u {
+    BIO_ADDR *addr;
+};
+enum BIO_sock_info_type {
+    BIO_SOCK_INFO_ADDRESS
+};
+int BIO_sock_info(int sock,
+                  enum BIO_sock_info_type type, union BIO_sock_info_u *info);
+
+#  define BIO_SOCK_REUSEADDR    0x01
+#  define BIO_SOCK_V6_ONLY      0x02
+#  define BIO_SOCK_KEEPALIVE    0x04
+#  define BIO_SOCK_NONBLOCK     0x08
+#  define BIO_SOCK_NODELAY      0x10
+
+int BIO_socket(int domain, int socktype, int protocol, int options);
+int BIO_connect(int sock, const BIO_ADDR *addr, int options);
+int BIO_bind(int sock, const BIO_ADDR *addr, int options);
+int BIO_listen(int sock, const BIO_ADDR *addr, int options);
+int BIO_accept_ex(int accept_sock, BIO_ADDR *addr, int options);
+int BIO_closesocket(int sock);
+
+BIO *BIO_new_socket(int sock, int close_flag);
+BIO *BIO_new_connect(const char *host_port);
+BIO *BIO_new_accept(const char *host_port);
+# endif /* OPENSSL_NO_SOCK*/
+
+BIO *BIO_new_fd(int fd, int close_flag);
+
+int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
+                     BIO **bio2, size_t writebuf2);
+/*
+ * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints.
+ * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default
+ * value.
+ */
+
+void BIO_copy_next_retry(BIO *b);
+
+/*
+ * long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);
+ */
+
+# define ossl_bio__attr__(x)
+# if defined(__GNUC__) && defined(__STDC_VERSION__) \
+    && !defined(__APPLE__)
+    /*
+     * Because we support the 'z' modifier, which made its appearance in C99,
+     * we can't use __attribute__ with pre C99 dialects.
+     */
+#  if __STDC_VERSION__ >= 199901L
+#   undef ossl_bio__attr__
+#   define ossl_bio__attr__ __attribute__
+#   if __GNUC__*10 + __GNUC_MINOR__ >= 44
+#    define ossl_bio__printf__ __gnu_printf__
+#   else
+#    define ossl_bio__printf__ __printf__
+#   endif
+#  endif
+# endif
+int BIO_printf(BIO *bio, const char *format, ...)
+ossl_bio__attr__((__format__(ossl_bio__printf__, 2, 3)));
+int BIO_vprintf(BIO *bio, const char *format, va_list args)
+ossl_bio__attr__((__format__(ossl_bio__printf__, 2, 0)));
+int BIO_snprintf(char *buf, size_t n, const char *format, ...)
+ossl_bio__attr__((__format__(ossl_bio__printf__, 3, 4)));
+int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
+ossl_bio__attr__((__format__(ossl_bio__printf__, 3, 0)));
+# undef ossl_bio__attr__
+# undef ossl_bio__printf__
+
+
+BIO_METHOD *BIO_meth_new(int type, const char *name);
+void BIO_meth_free(BIO_METHOD *biom);
+int (*BIO_meth_get_write(const BIO_METHOD *biom)) (BIO *, const char *, int);
+int (*BIO_meth_get_write_ex(const BIO_METHOD *biom)) (BIO *, const char *, size_t,
+                                                size_t *);
+int BIO_meth_set_write(BIO_METHOD *biom,
+                       int (*write) (BIO *, const char *, int));
+int BIO_meth_set_write_ex(BIO_METHOD *biom,
+                       int (*bwrite) (BIO *, const char *, size_t, size_t *));
+int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int);
+int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *);
+int BIO_meth_set_read(BIO_METHOD *biom,
+                      int (*read) (BIO *, char *, int));
+int BIO_meth_set_read_ex(BIO_METHOD *biom,
+                         int (*bread) (BIO *, char *, size_t, size_t *));
+int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *);
+int BIO_meth_set_puts(BIO_METHOD *biom,
+                      int (*puts) (BIO *, const char *));
+int (*BIO_meth_get_gets(const BIO_METHOD *biom)) (BIO *, char *, int);
+int BIO_meth_set_gets(BIO_METHOD *biom,
+                      int (*gets) (BIO *, char *, int));
+long (*BIO_meth_get_ctrl(const BIO_METHOD *biom)) (BIO *, int, long, void *);
+int BIO_meth_set_ctrl(BIO_METHOD *biom,
+                      long (*ctrl) (BIO *, int, long, void *));
+int (*BIO_meth_get_create(const BIO_METHOD *bion)) (BIO *);
+int BIO_meth_set_create(BIO_METHOD *biom, int (*create) (BIO *));
+int (*BIO_meth_get_destroy(const BIO_METHOD *biom)) (BIO *);
+int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *));
+long (*BIO_meth_get_callback_ctrl(const BIO_METHOD *biom))
+                                 (BIO *, int, BIO_info_cb *);
+int BIO_meth_set_callback_ctrl(BIO_METHOD *biom,
+                               long (*callback_ctrl) (BIO *, int,
+                                                      BIO_info_cb *));
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/bioerr.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/bioerr.h
new file mode 100644
index 000000000..f119a59c3
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/bioerr.h
@@ -0,0 +1,120 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_BIOERR_H
+# define HEADER_BIOERR_H
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_BIO_strings(void);
+
+/*
+ * BIO function codes.
+ */
+# define BIO_F_ACPT_STATE                                 100
+# define BIO_F_ADDRINFO_WRAP                              148
+# define BIO_F_ADDR_STRINGS                               134
+# define BIO_F_BIO_ACCEPT                                 101
+# define BIO_F_BIO_ACCEPT_EX                              137
+# define BIO_F_BIO_ACCEPT_NEW                             152
+# define BIO_F_BIO_ADDR_NEW                               144
+# define BIO_F_BIO_BIND                                   147
+# define BIO_F_BIO_CALLBACK_CTRL                          131
+# define BIO_F_BIO_CONNECT                                138
+# define BIO_F_BIO_CONNECT_NEW                            153
+# define BIO_F_BIO_CTRL                                   103
+# define BIO_F_BIO_GETS                                   104
+# define BIO_F_BIO_GET_HOST_IP                            106
+# define BIO_F_BIO_GET_NEW_INDEX                          102
+# define BIO_F_BIO_GET_PORT                               107
+# define BIO_F_BIO_LISTEN                                 139
+# define BIO_F_BIO_LOOKUP                                 135
+# define BIO_F_BIO_LOOKUP_EX                              143
+# define BIO_F_BIO_MAKE_PAIR                              121
+# define BIO_F_BIO_METH_NEW                               146
+# define BIO_F_BIO_NEW                                    108
+# define BIO_F_BIO_NEW_DGRAM_SCTP                         145
+# define BIO_F_BIO_NEW_FILE                               109
+# define BIO_F_BIO_NEW_MEM_BUF                            126
+# define BIO_F_BIO_NREAD                                  123
+# define BIO_F_BIO_NREAD0                                 124
+# define BIO_F_BIO_NWRITE                                 125
+# define BIO_F_BIO_NWRITE0                                122
+# define BIO_F_BIO_PARSE_HOSTSERV                         136
+# define BIO_F_BIO_PUTS                                   110
+# define BIO_F_BIO_READ                                   111
+# define BIO_F_BIO_READ_EX                                105
+# define BIO_F_BIO_READ_INTERN                            120
+# define BIO_F_BIO_SOCKET                                 140
+# define BIO_F_BIO_SOCKET_NBIO                            142
+# define BIO_F_BIO_SOCK_INFO                              141
+# define BIO_F_BIO_SOCK_INIT                              112
+# define BIO_F_BIO_WRITE                                  113
+# define BIO_F_BIO_WRITE_EX                               119
+# define BIO_F_BIO_WRITE_INTERN                           128
+# define BIO_F_BUFFER_CTRL                                114
+# define BIO_F_CONN_CTRL                                  127
+# define BIO_F_CONN_STATE                                 115
+# define BIO_F_DGRAM_SCTP_NEW                             149
+# define BIO_F_DGRAM_SCTP_READ                            132
+# define BIO_F_DGRAM_SCTP_WRITE                           133
+# define BIO_F_DOAPR_OUTCH                                150
+# define BIO_F_FILE_CTRL                                  116
+# define BIO_F_FILE_READ                                  130
+# define BIO_F_LINEBUFFER_CTRL                            129
+# define BIO_F_LINEBUFFER_NEW                             151
+# define BIO_F_MEM_WRITE                                  117
+# define BIO_F_NBIOF_NEW                                  154
+# define BIO_F_SLG_WRITE                                  155
+# define BIO_F_SSL_NEW                                    118
+
+/*
+ * BIO reason codes.
+ */
+# define BIO_R_ACCEPT_ERROR                               100
+# define BIO_R_ADDRINFO_ADDR_IS_NOT_AF_INET               141
+# define BIO_R_AMBIGUOUS_HOST_OR_SERVICE                  129
+# define BIO_R_BAD_FOPEN_MODE                             101
+# define BIO_R_BROKEN_PIPE                                124
+# define BIO_R_CONNECT_ERROR                              103
+# define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET          107
+# define BIO_R_GETSOCKNAME_ERROR                          132
+# define BIO_R_GETSOCKNAME_TRUNCATED_ADDRESS              133
+# define BIO_R_GETTING_SOCKTYPE                           134
+# define BIO_R_INVALID_ARGUMENT                           125
+# define BIO_R_INVALID_SOCKET                             135
+# define BIO_R_IN_USE                                     123
+# define BIO_R_LENGTH_TOO_LONG                            102
+# define BIO_R_LISTEN_V6_ONLY                             136
+# define BIO_R_LOOKUP_RETURNED_NOTHING                    142
+# define BIO_R_MALFORMED_HOST_OR_SERVICE                  130
+# define BIO_R_NBIO_CONNECT_ERROR                         110
+# define BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED        143
+# define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED           144
+# define BIO_R_NO_PORT_DEFINED                            113
+# define BIO_R_NO_SUCH_FILE                               128
+# define BIO_R_NULL_PARAMETER                             115
+# define BIO_R_UNABLE_TO_BIND_SOCKET                      117
+# define BIO_R_UNABLE_TO_CREATE_SOCKET                    118
+# define BIO_R_UNABLE_TO_KEEPALIVE                        137
+# define BIO_R_UNABLE_TO_LISTEN_SOCKET                    119
+# define BIO_R_UNABLE_TO_NODELAY                          138
+# define BIO_R_UNABLE_TO_REUSEADDR                        139
+# define BIO_R_UNAVAILABLE_IP_FAMILY                      145
+# define BIO_R_UNINITIALIZED                              120
+# define BIO_R_UNKNOWN_INFO_TYPE                          140
+# define BIO_R_UNSUPPORTED_IP_FAMILY                      146
+# define BIO_R_UNSUPPORTED_METHOD                         121
+# define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY                131
+# define BIO_R_WRITE_TO_READ_ONLY_BIO                     126
+# define BIO_R_WSASTARTUP                                 122
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/blowfish.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/blowfish.h
new file mode 100644
index 000000000..cd3e460e9
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/blowfish.h
@@ -0,0 +1,61 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_BLOWFISH_H
+# define HEADER_BLOWFISH_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_BF
+# include <openssl/e_os2.h>
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+# define BF_ENCRYPT      1
+# define BF_DECRYPT      0
+
+/*-
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * ! BF_LONG has to be at least 32 bits wide.                     !
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ */
+# define BF_LONG unsigned int
+
+# define BF_ROUNDS       16
+# define BF_BLOCK        8
+
+typedef struct bf_key_st {
+    BF_LONG P[BF_ROUNDS + 2];
+    BF_LONG S[4 * 256];
+} BF_KEY;
+
+void BF_set_key(BF_KEY *key, int len, const unsigned char *data);
+
+void BF_encrypt(BF_LONG *data, const BF_KEY *key);
+void BF_decrypt(BF_LONG *data, const BF_KEY *key);
+
+void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                    const BF_KEY *key, int enc);
+void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+                    const BF_KEY *schedule, unsigned char *ivec, int enc);
+void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                      long length, const BF_KEY *schedule,
+                      unsigned char *ivec, int *num, int enc);
+void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                      long length, const BF_KEY *schedule,
+                      unsigned char *ivec, int *num);
+const char *BF_options(void);
+
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/bn.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/bn.h
new file mode 100644
index 000000000..8af05d00e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/bn.h
@@ -0,0 +1,539 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_BN_H
+# define HEADER_BN_H
+
+# include <openssl/e_os2.h>
+# ifndef OPENSSL_NO_STDIO
+#  include <stdio.h>
+# endif
+# include <openssl/opensslconf.h>
+# include <openssl/ossl_typ.h>
+# include <openssl/crypto.h>
+# include <openssl/bnerr.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/*
+ * 64-bit processor with LP64 ABI
+ */
+# ifdef SIXTY_FOUR_BIT_LONG
+#  define BN_ULONG        unsigned long
+#  define BN_BYTES        8
+# endif
+
+/*
+ * 64-bit processor other than LP64 ABI
+ */
+# ifdef SIXTY_FOUR_BIT
+#  define BN_ULONG        unsigned long long
+#  define BN_BYTES        8
+# endif
+
+# ifdef THIRTY_TWO_BIT
+#  define BN_ULONG        unsigned int
+#  define BN_BYTES        4
+# endif
+
+# define BN_BITS2       (BN_BYTES * 8)
+# define BN_BITS        (BN_BITS2 * 2)
+# define BN_TBIT        ((BN_ULONG)1 << (BN_BITS2 - 1))
+
+# define BN_FLG_MALLOCED         0x01
+# define BN_FLG_STATIC_DATA      0x02
+
+/*
+ * avoid leaking exponent information through timing,
+ * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime,
+ * BN_div() will call BN_div_no_branch,
+ * BN_mod_inverse() will call BN_mod_inverse_no_branch.
+ */
+# define BN_FLG_CONSTTIME        0x04
+# define BN_FLG_SECURE           0x08
+
+# if OPENSSL_API_COMPAT < 0x00908000L
+/* deprecated name for the flag */
+#  define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME
+#  define BN_FLG_FREE            0x8000 /* used for debugging */
+# endif
+
+void BN_set_flags(BIGNUM *b, int n);
+int BN_get_flags(const BIGNUM *b, int n);
+
+/* Values for |top| in BN_rand() */
+#define BN_RAND_TOP_ANY    -1
+#define BN_RAND_TOP_ONE     0
+#define BN_RAND_TOP_TWO     1
+
+/* Values for |bottom| in BN_rand() */
+#define BN_RAND_BOTTOM_ANY  0
+#define BN_RAND_BOTTOM_ODD  1
+
+/*
+ * get a clone of a BIGNUM with changed flags, for *temporary* use only (the
+ * two BIGNUMs cannot be used in parallel!). Also only for *read only* use. The
+ * value |dest| should be a newly allocated BIGNUM obtained via BN_new() that
+ * has not been otherwise initialised or used.
+ */
+void BN_with_flags(BIGNUM *dest, const BIGNUM *b, int flags);
+
+/* Wrapper function to make using BN_GENCB easier */
+int BN_GENCB_call(BN_GENCB *cb, int a, int b);
+
+BN_GENCB *BN_GENCB_new(void);
+void BN_GENCB_free(BN_GENCB *cb);
+
+/* Populate a BN_GENCB structure with an "old"-style callback */
+void BN_GENCB_set_old(BN_GENCB *gencb, void (*callback) (int, int, void *),
+                      void *cb_arg);
+
+/* Populate a BN_GENCB structure with a "new"-style callback */
+void BN_GENCB_set(BN_GENCB *gencb, int (*callback) (int, int, BN_GENCB *),
+                  void *cb_arg);
+
+void *BN_GENCB_get_arg(BN_GENCB *cb);
+
+# define BN_prime_checks 0      /* default: select number of iterations based
+                                 * on the size of the number */
+
+/*
+ * BN_prime_checks_for_size() returns the number of Miller-Rabin iterations
+ * that will be done for checking that a random number is probably prime. The
+ * error rate for accepting a composite number as prime depends on the size of
+ * the prime |b|. The error rates used are for calculating an RSA key with 2 primes,
+ * and so the level is what you would expect for a key of double the size of the
+ * prime.
+ *
+ * This table is generated using the algorithm of FIPS PUB 186-4
+ * Digital Signature Standard (DSS), section F.1, page 117.
+ * (https://dx.doi.org/10.6028/NIST.FIPS.186-4)
+ *
+ * The following magma script was used to generate the output:
+ * securitybits:=125;
+ * k:=1024;
+ * for t:=1 to 65 do
+ *   for M:=3 to Floor(2*Sqrt(k-1)-1) do
+ *     S:=0;
+ *     // Sum over m
+ *     for m:=3 to M do
+ *       s:=0;
+ *       // Sum over j
+ *       for j:=2 to m do
+ *         s+:=(RealField(32)!2)^-(j+(k-1)/j);
+ *       end for;
+ *       S+:=2^(m-(m-1)*t)*s;
+ *     end for;
+ *     A:=2^(k-2-M*t);
+ *     B:=8*(Pi(RealField(32))^2-6)/3*2^(k-2)*S;
+ *     pkt:=2.00743*Log(2)*k*2^-k*(A+B);
+ *     seclevel:=Floor(-Log(2,pkt));
+ *     if seclevel ge securitybits then
+ *       printf "k: %5o, security: %o bits  (t: %o, M: %o)\n",k,seclevel,t,M;
+ *       break;
+ *     end if;
+ *   end for;
+ *   if seclevel ge securitybits then break; end if;
+ * end for;
+ *
+ * It can be run online at:
+ * http://magma.maths.usyd.edu.au/calc
+ *
+ * And will output:
+ * k:  1024, security: 129 bits  (t: 6, M: 23)
+ *
+ * k is the number of bits of the prime, securitybits is the level we want to
+ * reach.
+ *
+ * prime length | RSA key size | # MR tests | security level
+ * -------------+--------------|------------+---------------
+ *  (b) >= 6394 |     >= 12788 |          3 |        256 bit
+ *  (b) >= 3747 |     >=  7494 |          3 |        192 bit
+ *  (b) >= 1345 |     >=  2690 |          4 |        128 bit
+ *  (b) >= 1080 |     >=  2160 |          5 |        128 bit
+ *  (b) >=  852 |     >=  1704 |          5 |        112 bit
+ *  (b) >=  476 |     >=   952 |          5 |         80 bit
+ *  (b) >=  400 |     >=   800 |          6 |         80 bit
+ *  (b) >=  347 |     >=   694 |          7 |         80 bit
+ *  (b) >=  308 |     >=   616 |          8 |         80 bit
+ *  (b) >=   55 |     >=   110 |         27 |         64 bit
+ *  (b) >=    6 |     >=    12 |         34 |         64 bit
+ */
+
+# define BN_prime_checks_for_size(b) ((b) >= 3747 ?  3 : \
+                                (b) >=  1345 ?  4 : \
+                                (b) >=  476 ?  5 : \
+                                (b) >=  400 ?  6 : \
+                                (b) >=  347 ?  7 : \
+                                (b) >=  308 ?  8 : \
+                                (b) >=  55  ? 27 : \
+                                /* b >= 6 */ 34)
+
+# define BN_num_bytes(a) ((BN_num_bits(a)+7)/8)
+
+int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w);
+int BN_is_zero(const BIGNUM *a);
+int BN_is_one(const BIGNUM *a);
+int BN_is_word(const BIGNUM *a, const BN_ULONG w);
+int BN_is_odd(const BIGNUM *a);
+
+# define BN_one(a)       (BN_set_word((a),1))
+
+void BN_zero_ex(BIGNUM *a);
+
+# if OPENSSL_API_COMPAT >= 0x00908000L
+#  define BN_zero(a)      BN_zero_ex(a)
+# else
+#  define BN_zero(a)      (BN_set_word((a),0))
+# endif
+
+const BIGNUM *BN_value_one(void);
+char *BN_options(void);
+BN_CTX *BN_CTX_new(void);
+BN_CTX *BN_CTX_secure_new(void);
+void BN_CTX_free(BN_CTX *c);
+void BN_CTX_start(BN_CTX *ctx);
+BIGNUM *BN_CTX_get(BN_CTX *ctx);
+void BN_CTX_end(BN_CTX *ctx);
+int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
+int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom);
+int BN_rand_range(BIGNUM *rnd, const BIGNUM *range);
+int BN_priv_rand_range(BIGNUM *rnd, const BIGNUM *range);
+int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
+int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range);
+int BN_num_bits(const BIGNUM *a);
+int BN_num_bits_word(BN_ULONG l);
+int BN_security_bits(int L, int N);
+BIGNUM *BN_new(void);
+BIGNUM *BN_secure_new(void);
+void BN_clear_free(BIGNUM *a);
+BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
+void BN_swap(BIGNUM *a, BIGNUM *b);
+BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
+int BN_bn2bin(const BIGNUM *a, unsigned char *to);
+int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen);
+BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
+int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen);
+BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret);
+int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
+int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx);
+/** BN_set_negative sets sign of a BIGNUM
+ * \param  b  pointer to the BIGNUM object
+ * \param  n  0 if the BIGNUM b should be positive and a value != 0 otherwise
+ */
+void BN_set_negative(BIGNUM *b, int n);
+/** BN_is_negative returns 1 if the BIGNUM is negative
+ * \param  b  pointer to the BIGNUM object
+ * \return 1 if a < 0 and 0 otherwise
+ */
+int BN_is_negative(const BIGNUM *b);
+
+int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
+           BN_CTX *ctx);
+# define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx))
+int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx);
+int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
+               BN_CTX *ctx);
+int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                     const BIGNUM *m);
+int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
+               BN_CTX *ctx);
+int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                     const BIGNUM *m);
+int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
+               BN_CTX *ctx);
+int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m);
+int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m,
+                  BN_CTX *ctx);
+int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m);
+
+BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w);
+BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w);
+int BN_mul_word(BIGNUM *a, BN_ULONG w);
+int BN_add_word(BIGNUM *a, BN_ULONG w);
+int BN_sub_word(BIGNUM *a, BN_ULONG w);
+int BN_set_word(BIGNUM *a, BN_ULONG w);
+BN_ULONG BN_get_word(const BIGNUM *a);
+
+int BN_cmp(const BIGNUM *a, const BIGNUM *b);
+void BN_free(BIGNUM *a);
+int BN_is_bit_set(const BIGNUM *a, int n);
+int BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
+int BN_lshift1(BIGNUM *r, const BIGNUM *a);
+int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+
+int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+               const BIGNUM *m, BN_CTX *ctx);
+int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+                              const BIGNUM *m, BN_CTX *ctx,
+                              BN_MONT_CTX *in_mont);
+int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p,
+                         const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1,
+                     const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m,
+                     BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                      const BIGNUM *m, BN_CTX *ctx);
+
+int BN_mask_bits(BIGNUM *a, int n);
+# ifndef OPENSSL_NO_STDIO
+int BN_print_fp(FILE *fp, const BIGNUM *a);
+# endif
+int BN_print(BIO *bio, const BIGNUM *a);
+int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx);
+int BN_rshift(BIGNUM *r, const BIGNUM *a, int n);
+int BN_rshift1(BIGNUM *r, const BIGNUM *a);
+void BN_clear(BIGNUM *a);
+BIGNUM *BN_dup(const BIGNUM *a);
+int BN_ucmp(const BIGNUM *a, const BIGNUM *b);
+int BN_set_bit(BIGNUM *a, int n);
+int BN_clear_bit(BIGNUM *a, int n);
+char *BN_bn2hex(const BIGNUM *a);
+char *BN_bn2dec(const BIGNUM *a);
+int BN_hex2bn(BIGNUM **a, const char *str);
+int BN_dec2bn(BIGNUM **a, const char *str);
+int BN_asc2bn(BIGNUM **a, const char *str);
+int BN_gcd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); /* returns
+                                                                  * -2 for
+                                                                  * error */
+BIGNUM *BN_mod_inverse(BIGNUM *ret,
+                       const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx);
+BIGNUM *BN_mod_sqrt(BIGNUM *ret,
+                    const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx);
+
+void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords);
+
+/* Deprecated versions */
+DEPRECATEDIN_0_9_8(BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
+                                             const BIGNUM *add,
+                                             const BIGNUM *rem,
+                                             void (*callback) (int, int,
+                                                               void *),
+                                             void *cb_arg))
+DEPRECATEDIN_0_9_8(int
+                   BN_is_prime(const BIGNUM *p, int nchecks,
+                               void (*callback) (int, int, void *),
+                               BN_CTX *ctx, void *cb_arg))
+DEPRECATEDIN_0_9_8(int
+                   BN_is_prime_fasttest(const BIGNUM *p, int nchecks,
+                                        void (*callback) (int, int, void *),
+                                        BN_CTX *ctx, void *cb_arg,
+                                        int do_trial_division))
+
+/* Newer versions */
+int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add,
+                         const BIGNUM *rem, BN_GENCB *cb);
+int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb);
+int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx,
+                            int do_trial_division, BN_GENCB *cb);
+
+int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx);
+
+int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
+                            const BIGNUM *Xp, const BIGNUM *Xp1,
+                            const BIGNUM *Xp2, const BIGNUM *e, BN_CTX *ctx,
+                            BN_GENCB *cb);
+int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, BIGNUM *Xp1,
+                              BIGNUM *Xp2, const BIGNUM *Xp, const BIGNUM *e,
+                              BN_CTX *ctx, BN_GENCB *cb);
+
+BN_MONT_CTX *BN_MONT_CTX_new(void);
+int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                          BN_MONT_CTX *mont, BN_CTX *ctx);
+int BN_to_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
+                     BN_CTX *ctx);
+int BN_from_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
+                       BN_CTX *ctx);
+void BN_MONT_CTX_free(BN_MONT_CTX *mont);
+int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx);
+BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from);
+BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_RWLOCK *lock,
+                                    const BIGNUM *mod, BN_CTX *ctx);
+
+/* BN_BLINDING flags */
+# define BN_BLINDING_NO_UPDATE   0x00000001
+# define BN_BLINDING_NO_RECREATE 0x00000002
+
+BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod);
+void BN_BLINDING_free(BN_BLINDING *b);
+int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx);
+int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
+int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
+int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *);
+int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b,
+                          BN_CTX *);
+
+int BN_BLINDING_is_current_thread(BN_BLINDING *b);
+void BN_BLINDING_set_current_thread(BN_BLINDING *b);
+int BN_BLINDING_lock(BN_BLINDING *b);
+int BN_BLINDING_unlock(BN_BLINDING *b);
+
+unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
+void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
+BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
+                                      const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
+                                      int (*bn_mod_exp) (BIGNUM *r,
+                                                         const BIGNUM *a,
+                                                         const BIGNUM *p,
+                                                         const BIGNUM *m,
+                                                         BN_CTX *ctx,
+                                                         BN_MONT_CTX *m_ctx),
+                                      BN_MONT_CTX *m_ctx);
+
+DEPRECATEDIN_0_9_8(void BN_set_params(int mul, int high, int low, int mont))
+DEPRECATEDIN_0_9_8(int BN_get_params(int which)) /* 0, mul, 1 high, 2 low, 3
+                                                  * mont */
+
+BN_RECP_CTX *BN_RECP_CTX_new(void);
+void BN_RECP_CTX_free(BN_RECP_CTX *recp);
+int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *rdiv, BN_CTX *ctx);
+int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
+                          BN_RECP_CTX *recp, BN_CTX *ctx);
+int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                    const BIGNUM *m, BN_CTX *ctx);
+int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
+                BN_RECP_CTX *recp, BN_CTX *ctx);
+
+# ifndef OPENSSL_NO_EC2M
+
+/*
+ * Functions for arithmetic over binary polynomials represented by BIGNUMs.
+ * The BIGNUM::neg property of BIGNUMs representing binary polynomials is
+ * ignored. Note that input arguments are not const so that their bit arrays
+ * can be expanded to the appropriate size if needed.
+ */
+
+/*
+ * r = a + b
+ */
+int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+#  define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b)
+/*
+ * r=a mod p
+ */
+int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p);
+/* r = (a * b) mod p */
+int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                    const BIGNUM *p, BN_CTX *ctx);
+/* r = (a * a) mod p */
+int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+/* r = (1 / b) mod p */
+int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx);
+/* r = (a / b) mod p */
+int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                    const BIGNUM *p, BN_CTX *ctx);
+/* r = (a ^ b) mod p */
+int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                    const BIGNUM *p, BN_CTX *ctx);
+/* r = sqrt(a) mod p */
+int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                     BN_CTX *ctx);
+/* r^2 + r = a mod p */
+int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                           BN_CTX *ctx);
+#  define BN_GF2m_cmp(a, b) BN_ucmp((a), (b))
+/*-
+ * Some functions allow for representation of the irreducible polynomials
+ * as an unsigned int[], say p.  The irreducible f(t) is then of the form:
+ *     t^p[0] + t^p[1] + ... + t^p[k]
+ * where m = p[0] > p[1] > ... > p[k] = 0.
+ */
+/* r = a mod p */
+int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]);
+/* r = (a * b) mod p */
+int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                        const int p[], BN_CTX *ctx);
+/* r = (a * a) mod p */
+int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[],
+                        BN_CTX *ctx);
+/* r = (1 / b) mod p */
+int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const int p[],
+                        BN_CTX *ctx);
+/* r = (a / b) mod p */
+int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                        const int p[], BN_CTX *ctx);
+/* r = (a ^ b) mod p */
+int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                        const int p[], BN_CTX *ctx);
+/* r = sqrt(a) mod p */
+int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a,
+                         const int p[], BN_CTX *ctx);
+/* r^2 + r = a mod p */
+int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a,
+                               const int p[], BN_CTX *ctx);
+int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max);
+int BN_GF2m_arr2poly(const int p[], BIGNUM *a);
+
+# endif
+
+/*
+ * faster mod functions for the 'NIST primes' 0 <= a < p^2
+ */
+int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+
+const BIGNUM *BN_get0_nist_prime_192(void);
+const BIGNUM *BN_get0_nist_prime_224(void);
+const BIGNUM *BN_get0_nist_prime_256(void);
+const BIGNUM *BN_get0_nist_prime_384(void);
+const BIGNUM *BN_get0_nist_prime_521(void);
+
+int (*BN_nist_mod_func(const BIGNUM *p)) (BIGNUM *r, const BIGNUM *a,
+                                          const BIGNUM *field, BN_CTX *ctx);
+
+int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range,
+                          const BIGNUM *priv, const unsigned char *message,
+                          size_t message_len, BN_CTX *ctx);
+
+/* Primes from RFC 2409 */
+BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn);
+BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn);
+
+/* Primes from RFC 3526 */
+BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn);
+BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn);
+BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn);
+BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn);
+BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn);
+BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn);
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define get_rfc2409_prime_768 BN_get_rfc2409_prime_768
+#  define get_rfc2409_prime_1024 BN_get_rfc2409_prime_1024
+#  define get_rfc3526_prime_1536 BN_get_rfc3526_prime_1536
+#  define get_rfc3526_prime_2048 BN_get_rfc3526_prime_2048
+#  define get_rfc3526_prime_3072 BN_get_rfc3526_prime_3072
+#  define get_rfc3526_prime_4096 BN_get_rfc3526_prime_4096
+#  define get_rfc3526_prime_6144 BN_get_rfc3526_prime_6144
+#  define get_rfc3526_prime_8192 BN_get_rfc3526_prime_8192
+# endif
+
+int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom);
+
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/bnerr.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/bnerr.h
new file mode 100644
index 000000000..8a022cc06
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/bnerr.h
@@ -0,0 +1,96 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_BNERR_H
+# define HEADER_BNERR_H
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_BN_strings(void);
+
+/*
+ * BN function codes.
+ */
+# define BN_F_BNRAND                                      127
+# define BN_F_BNRAND_RANGE                                138
+# define BN_F_BN_BLINDING_CONVERT_EX                      100
+# define BN_F_BN_BLINDING_CREATE_PARAM                    128
+# define BN_F_BN_BLINDING_INVERT_EX                       101
+# define BN_F_BN_BLINDING_NEW                             102
+# define BN_F_BN_BLINDING_UPDATE                          103
+# define BN_F_BN_BN2DEC                                   104
+# define BN_F_BN_BN2HEX                                   105
+# define BN_F_BN_COMPUTE_WNAF                             142
+# define BN_F_BN_CTX_GET                                  116
+# define BN_F_BN_CTX_NEW                                  106
+# define BN_F_BN_CTX_START                                129
+# define BN_F_BN_DIV                                      107
+# define BN_F_BN_DIV_RECP                                 130
+# define BN_F_BN_EXP                                      123
+# define BN_F_BN_EXPAND_INTERNAL                          120
+# define BN_F_BN_GENCB_NEW                                143
+# define BN_F_BN_GENERATE_DSA_NONCE                       140
+# define BN_F_BN_GENERATE_PRIME_EX                        141
+# define BN_F_BN_GF2M_MOD                                 131
+# define BN_F_BN_GF2M_MOD_EXP                             132
+# define BN_F_BN_GF2M_MOD_MUL                             133
+# define BN_F_BN_GF2M_MOD_SOLVE_QUAD                      134
+# define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR                  135
+# define BN_F_BN_GF2M_MOD_SQR                             136
+# define BN_F_BN_GF2M_MOD_SQRT                            137
+# define BN_F_BN_LSHIFT                                   145
+# define BN_F_BN_MOD_EXP2_MONT                            118
+# define BN_F_BN_MOD_EXP_MONT                             109
+# define BN_F_BN_MOD_EXP_MONT_CONSTTIME                   124
+# define BN_F_BN_MOD_EXP_MONT_WORD                        117
+# define BN_F_BN_MOD_EXP_RECP                             125
+# define BN_F_BN_MOD_EXP_SIMPLE                           126
+# define BN_F_BN_MOD_INVERSE                              110
+# define BN_F_BN_MOD_INVERSE_NO_BRANCH                    139
+# define BN_F_BN_MOD_LSHIFT_QUICK                         119
+# define BN_F_BN_MOD_SQRT                                 121
+# define BN_F_BN_MONT_CTX_NEW                             149
+# define BN_F_BN_MPI2BN                                   112
+# define BN_F_BN_NEW                                      113
+# define BN_F_BN_POOL_GET                                 147
+# define BN_F_BN_RAND                                     114
+# define BN_F_BN_RAND_RANGE                               122
+# define BN_F_BN_RECP_CTX_NEW                             150
+# define BN_F_BN_RSHIFT                                   146
+# define BN_F_BN_SET_WORDS                                144
+# define BN_F_BN_STACK_PUSH                               148
+# define BN_F_BN_USUB                                     115
+
+/*
+ * BN reason codes.
+ */
+# define BN_R_ARG2_LT_ARG3                                100
+# define BN_R_BAD_RECIPROCAL                              101
+# define BN_R_BIGNUM_TOO_LONG                             114
+# define BN_R_BITS_TOO_SMALL                              118
+# define BN_R_CALLED_WITH_EVEN_MODULUS                    102
+# define BN_R_DIV_BY_ZERO                                 103
+# define BN_R_ENCODING_ERROR                              104
+# define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA                105
+# define BN_R_INPUT_NOT_REDUCED                           110
+# define BN_R_INVALID_LENGTH                              106
+# define BN_R_INVALID_RANGE                               115
+# define BN_R_INVALID_SHIFT                               119
+# define BN_R_NOT_A_SQUARE                                111
+# define BN_R_NOT_INITIALIZED                             107
+# define BN_R_NO_INVERSE                                  108
+# define BN_R_NO_SOLUTION                                 116
+# define BN_R_PRIVATE_KEY_TOO_LARGE                       117
+# define BN_R_P_IS_NOT_PRIME                              112
+# define BN_R_TOO_MANY_ITERATIONS                         113
+# define BN_R_TOO_MANY_TEMPORARY_VARIABLES                109
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/buffer.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/buffer.h
new file mode 100644
index 000000000..d2765766b
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/buffer.h
@@ -0,0 +1,58 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_BUFFER_H
+# define HEADER_BUFFER_H
+
+# include <openssl/ossl_typ.h>
+# ifndef HEADER_CRYPTO_H
+#  include <openssl/crypto.h>
+# endif
+# include <openssl/buffererr.h>
+
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# include <stddef.h>
+# include <sys/types.h>
+
+/*
+ * These names are outdated as of OpenSSL 1.1; a future release
+ * will move them to be deprecated.
+ */
+# define BUF_strdup(s) OPENSSL_strdup(s)
+# define BUF_strndup(s, size) OPENSSL_strndup(s, size)
+# define BUF_memdup(data, size) OPENSSL_memdup(data, size)
+# define BUF_strlcpy(dst, src, size)  OPENSSL_strlcpy(dst, src, size)
+# define BUF_strlcat(dst, src, size) OPENSSL_strlcat(dst, src, size)
+# define BUF_strnlen(str, maxlen) OPENSSL_strnlen(str, maxlen)
+
+struct buf_mem_st {
+    size_t length;              /* current number of bytes */
+    char *data;
+    size_t max;                 /* size of buffer */
+    unsigned long flags;
+};
+
+# define BUF_MEM_FLAG_SECURE  0x01
+
+BUF_MEM *BUF_MEM_new(void);
+BUF_MEM *BUF_MEM_new_ex(unsigned long flags);
+void BUF_MEM_free(BUF_MEM *a);
+size_t BUF_MEM_grow(BUF_MEM *str, size_t len);
+size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len);
+void BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz);
+
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/buffererr.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/buffererr.h
new file mode 100644
index 000000000..3aee13232
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/buffererr.h
@@ -0,0 +1,30 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_BUFERR_H
+# define HEADER_BUFERR_H
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_BUF_strings(void);
+
+/*
+ * BUF function codes.
+ */
+# define BUF_F_BUF_MEM_GROW                               100
+# define BUF_F_BUF_MEM_GROW_CLEAN                         105
+# define BUF_F_BUF_MEM_NEW                                101
+
+/*
+ * BUF reason codes.
+ */
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/camellia.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/camellia.h
new file mode 100644
index 000000000..151f3c134
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/camellia.h
@@ -0,0 +1,83 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CAMELLIA_H
+# define HEADER_CAMELLIA_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_CAMELLIA
+# include <stddef.h>
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# define CAMELLIA_ENCRYPT        1
+# define CAMELLIA_DECRYPT        0
+
+/*
+ * Because array size can't be a const in C, the following two are macros.
+ * Both sizes are in bytes.
+ */
+
+/* This should be a hidden type, but EVP requires that the size be known */
+
+# define CAMELLIA_BLOCK_SIZE 16
+# define CAMELLIA_TABLE_BYTE_LEN 272
+# define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / 4)
+
+typedef unsigned int KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN]; /* to match
+                                                               * with WORD */
+
+struct camellia_key_st {
+    union {
+        double d;               /* ensures 64-bit align */
+        KEY_TABLE_TYPE rd_key;
+    } u;
+    int grand_rounds;
+};
+typedef struct camellia_key_st CAMELLIA_KEY;
+
+int Camellia_set_key(const unsigned char *userKey, const int bits,
+                     CAMELLIA_KEY *key);
+
+void Camellia_encrypt(const unsigned char *in, unsigned char *out,
+                      const CAMELLIA_KEY *key);
+void Camellia_decrypt(const unsigned char *in, unsigned char *out,
+                      const CAMELLIA_KEY *key);
+
+void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                          const CAMELLIA_KEY *key, const int enc);
+void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                          size_t length, const CAMELLIA_KEY *key,
+                          unsigned char *ivec, const int enc);
+void Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t length, const CAMELLIA_KEY *key,
+                             unsigned char *ivec, int *num, const int enc);
+void Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t length, const CAMELLIA_KEY *key,
+                           unsigned char *ivec, int *num, const int enc);
+void Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t length, const CAMELLIA_KEY *key,
+                           unsigned char *ivec, int *num, const int enc);
+void Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t length, const CAMELLIA_KEY *key,
+                             unsigned char *ivec, int *num);
+void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t length, const CAMELLIA_KEY *key,
+                             unsigned char ivec[CAMELLIA_BLOCK_SIZE],
+                             unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE],
+                             unsigned int *num);
+
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/cast.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/cast.h
new file mode 100644
index 000000000..2cc89ae01
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/cast.h
@@ -0,0 +1,53 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CAST_H
+# define HEADER_CAST_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_CAST
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+# define CAST_ENCRYPT    1
+# define CAST_DECRYPT    0
+
+# define CAST_LONG unsigned int
+
+# define CAST_BLOCK      8
+# define CAST_KEY_LENGTH 16
+
+typedef struct cast_key_st {
+    CAST_LONG data[32];
+    int short_key;              /* Use reduced rounds for short key */
+} CAST_KEY;
+
+void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
+void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                      const CAST_KEY *key, int enc);
+void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key);
+void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key);
+void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                      long length, const CAST_KEY *ks, unsigned char *iv,
+                      int enc);
+void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                        long length, const CAST_KEY *schedule,
+                        unsigned char *ivec, int *num, int enc);
+void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                        long length, const CAST_KEY *schedule,
+                        unsigned char *ivec, int *num);
+
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/cmac.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/cmac.h
new file mode 100644
index 000000000..3535a9abf
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/cmac.h
@@ -0,0 +1,41 @@
+/*
+ * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CMAC_H
+# define HEADER_CMAC_H
+
+# ifndef OPENSSL_NO_CMAC
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# include <openssl/evp.h>
+
+/* Opaque */
+typedef struct CMAC_CTX_st CMAC_CTX;
+
+CMAC_CTX *CMAC_CTX_new(void);
+void CMAC_CTX_cleanup(CMAC_CTX *ctx);
+void CMAC_CTX_free(CMAC_CTX *ctx);
+EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx);
+int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in);
+
+int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
+              const EVP_CIPHER *cipher, ENGINE *impl);
+int CMAC_Update(CMAC_CTX *ctx, const void *data, size_t dlen);
+int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen);
+int CMAC_resume(CMAC_CTX *ctx);
+
+#ifdef  __cplusplus
+}
+#endif
+
+# endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/cms.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/cms.h
new file mode 100644
index 000000000..ddf37e56f
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/cms.h
@@ -0,0 +1,342 @@
+/*
+ * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CMS_H
+# define HEADER_CMS_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_CMS
+# include <openssl/x509.h>
+# include <openssl/x509v3.h>
+# include <openssl/cmserr.h>
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+typedef struct CMS_ContentInfo_st CMS_ContentInfo;
+typedef struct CMS_SignerInfo_st CMS_SignerInfo;
+typedef struct CMS_CertificateChoices CMS_CertificateChoices;
+typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
+typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
+typedef struct CMS_ReceiptRequest_st CMS_ReceiptRequest;
+typedef struct CMS_Receipt_st CMS_Receipt;
+typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey;
+typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute;
+
+DEFINE_STACK_OF(CMS_SignerInfo)
+DEFINE_STACK_OF(CMS_RecipientEncryptedKey)
+DEFINE_STACK_OF(CMS_RecipientInfo)
+DEFINE_STACK_OF(CMS_RevocationInfoChoice)
+DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
+DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
+DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
+
+# define CMS_SIGNERINFO_ISSUER_SERIAL    0
+# define CMS_SIGNERINFO_KEYIDENTIFIER    1
+
+# define CMS_RECIPINFO_NONE              -1
+# define CMS_RECIPINFO_TRANS             0
+# define CMS_RECIPINFO_AGREE             1
+# define CMS_RECIPINFO_KEK               2
+# define CMS_RECIPINFO_PASS              3
+# define CMS_RECIPINFO_OTHER             4
+
+/* S/MIME related flags */
+
+# define CMS_TEXT                        0x1
+# define CMS_NOCERTS                     0x2
+# define CMS_NO_CONTENT_VERIFY           0x4
+# define CMS_NO_ATTR_VERIFY              0x8
+# define CMS_NOSIGS                      \
+                        (CMS_NO_CONTENT_VERIFY|CMS_NO_ATTR_VERIFY)
+# define CMS_NOINTERN                    0x10
+# define CMS_NO_SIGNER_CERT_VERIFY       0x20
+# define CMS_NOVERIFY                    0x20
+# define CMS_DETACHED                    0x40
+# define CMS_BINARY                      0x80
+# define CMS_NOATTR                      0x100
+# define CMS_NOSMIMECAP                  0x200
+# define CMS_NOOLDMIMETYPE               0x400
+# define CMS_CRLFEOL                     0x800
+# define CMS_STREAM                      0x1000
+# define CMS_NOCRL                       0x2000
+# define CMS_PARTIAL                     0x4000
+# define CMS_REUSE_DIGEST                0x8000
+# define CMS_USE_KEYID                   0x10000
+# define CMS_DEBUG_DECRYPT               0x20000
+# define CMS_KEY_PARAM                   0x40000
+# define CMS_ASCIICRLF                   0x80000
+
+const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms);
+
+BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont);
+int CMS_dataFinal(CMS_ContentInfo *cms, BIO *bio);
+
+ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms);
+int CMS_is_detached(CMS_ContentInfo *cms);
+int CMS_set_detached(CMS_ContentInfo *cms, int detached);
+
+# ifdef HEADER_PEM_H
+DECLARE_PEM_rw_const(CMS, CMS_ContentInfo)
+# endif
+int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms);
+CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms);
+int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms);
+
+BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms);
+int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags);
+int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in,
+                             int flags);
+CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont);
+int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
+
+int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont,
+              unsigned int flags);
+
+CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
+                          STACK_OF(X509) *certs, BIO *data,
+                          unsigned int flags);
+
+CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
+                                  X509 *signcert, EVP_PKEY *pkey,
+                                  STACK_OF(X509) *certs, unsigned int flags);
+
+int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
+CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
+
+int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
+                      unsigned int flags);
+CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
+                                   unsigned int flags);
+
+int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
+                              const unsigned char *key, size_t keylen,
+                              BIO *dcont, BIO *out, unsigned int flags);
+
+CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
+                                           const unsigned char *key,
+                                           size_t keylen, unsigned int flags);
+
+int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
+                               const unsigned char *key, size_t keylen);
+
+int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
+               X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags);
+
+int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
+                       STACK_OF(X509) *certs,
+                       X509_STORE *store, unsigned int flags);
+
+STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms);
+
+CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
+                             const EVP_CIPHER *cipher, unsigned int flags);
+
+int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
+                BIO *dcont, BIO *out, unsigned int flags);
+
+int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert);
+int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
+                         unsigned char *key, size_t keylen,
+                         const unsigned char *id, size_t idlen);
+int CMS_decrypt_set1_password(CMS_ContentInfo *cms,
+                              unsigned char *pass, ossl_ssize_t passlen);
+
+STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms);
+int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
+EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri);
+CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
+CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
+                                           X509 *recip, unsigned int flags);
+int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey);
+int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert);
+int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
+                                     EVP_PKEY **pk, X509 **recip,
+                                     X509_ALGOR **palg);
+int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
+                                          ASN1_OCTET_STRING **keyid,
+                                          X509_NAME **issuer,
+                                          ASN1_INTEGER **sno);
+
+CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
+                                          unsigned char *key, size_t keylen,
+                                          unsigned char *id, size_t idlen,
+                                          ASN1_GENERALIZEDTIME *date,
+                                          ASN1_OBJECT *otherTypeId,
+                                          ASN1_TYPE *otherType);
+
+int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
+                                    X509_ALGOR **palg,
+                                    ASN1_OCTET_STRING **pid,
+                                    ASN1_GENERALIZEDTIME **pdate,
+                                    ASN1_OBJECT **potherid,
+                                    ASN1_TYPE **pothertype);
+
+int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri,
+                               unsigned char *key, size_t keylen);
+
+int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
+                                   const unsigned char *id, size_t idlen);
+
+int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri,
+                                    unsigned char *pass,
+                                    ossl_ssize_t passlen);
+
+CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
+                                               int iter, int wrap_nid,
+                                               int pbe_nid,
+                                               unsigned char *pass,
+                                               ossl_ssize_t passlen,
+                                               const EVP_CIPHER *kekciph);
+
+int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
+int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
+
+int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
+                   unsigned int flags);
+CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags);
+
+int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid);
+const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms);
+
+CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms);
+int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert);
+int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert);
+STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms);
+
+CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms);
+int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl);
+int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl);
+STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms);
+
+int CMS_SignedData_init(CMS_ContentInfo *cms);
+CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
+                                X509 *signer, EVP_PKEY *pk, const EVP_MD *md,
+                                unsigned int flags);
+EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si);
+EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si);
+STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms);
+
+void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer);
+int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si,
+                                  ASN1_OCTET_STRING **keyid,
+                                  X509_NAME **issuer, ASN1_INTEGER **sno);
+int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert);
+int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
+                           unsigned int flags);
+void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk,
+                              X509 **signer, X509_ALGOR **pdig,
+                              X509_ALGOR **psig);
+ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si);
+int CMS_SignerInfo_sign(CMS_SignerInfo *si);
+int CMS_SignerInfo_verify(CMS_SignerInfo *si);
+int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
+
+int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
+int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
+                            int algnid, int keysize);
+int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap);
+
+int CMS_signed_get_attr_count(const CMS_SignerInfo *si);
+int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
+                               int lastpos);
+int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, const ASN1_OBJECT *obj,
+                               int lastpos);
+X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc);
+X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc);
+int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
+int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si,
+                                const ASN1_OBJECT *obj, int type,
+                                const void *bytes, int len);
+int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si,
+                                int nid, int type,
+                                const void *bytes, int len);
+int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si,
+                                const char *attrname, int type,
+                                const void *bytes, int len);
+void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *oid,
+                                  int lastpos, int type);
+
+int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si);
+int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
+                                 int lastpos);
+int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si,
+                                 const ASN1_OBJECT *obj, int lastpos);
+X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc);
+X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc);
+int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
+int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si,
+                                  const ASN1_OBJECT *obj, int type,
+                                  const void *bytes, int len);
+int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si,
+                                  int nid, int type,
+                                  const void *bytes, int len);
+int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si,
+                                  const char *attrname, int type,
+                                  const void *bytes, int len);
+void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
+                                    int lastpos, int type);
+
+# ifdef HEADER_X509V3_H
+
+int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr);
+CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
+                                               int allorfirst,
+                                               STACK_OF(GENERAL_NAMES)
+                                               *receiptList, STACK_OF(GENERAL_NAMES)
+                                               *receiptsTo);
+int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
+void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
+                                    ASN1_STRING **pcid,
+                                    int *pallorfirst,
+                                    STACK_OF(GENERAL_NAMES) **plist,
+                                    STACK_OF(GENERAL_NAMES) **prto);
+# endif
+int CMS_RecipientInfo_kari_get0_alg(CMS_RecipientInfo *ri,
+                                    X509_ALGOR **palg,
+                                    ASN1_OCTET_STRING **pukm);
+STACK_OF(CMS_RecipientEncryptedKey)
+*CMS_RecipientInfo_kari_get0_reks(CMS_RecipientInfo *ri);
+
+int CMS_RecipientInfo_kari_get0_orig_id(CMS_RecipientInfo *ri,
+                                        X509_ALGOR **pubalg,
+                                        ASN1_BIT_STRING **pubkey,
+                                        ASN1_OCTET_STRING **keyid,
+                                        X509_NAME **issuer,
+                                        ASN1_INTEGER **sno);
+
+int CMS_RecipientInfo_kari_orig_id_cmp(CMS_RecipientInfo *ri, X509 *cert);
+
+int CMS_RecipientEncryptedKey_get0_id(CMS_RecipientEncryptedKey *rek,
+                                      ASN1_OCTET_STRING **keyid,
+                                      ASN1_GENERALIZEDTIME **tm,
+                                      CMS_OtherKeyAttribute **other,
+                                      X509_NAME **issuer, ASN1_INTEGER **sno);
+int CMS_RecipientEncryptedKey_cert_cmp(CMS_RecipientEncryptedKey *rek,
+                                       X509 *cert);
+int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk);
+EVP_CIPHER_CTX *CMS_RecipientInfo_kari_get0_ctx(CMS_RecipientInfo *ri);
+int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms,
+                                   CMS_RecipientInfo *ri,
+                                   CMS_RecipientEncryptedKey *rek);
+
+int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg,
+                          ASN1_OCTET_STRING *ukm, int keylen);
+
+/* Backward compatibility for spelling errors. */
+# define CMS_R_UNKNOWN_DIGEST_ALGORITM CMS_R_UNKNOWN_DIGEST_ALGORITHM
+# define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE \
+    CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE
+
+#  ifdef  __cplusplus
+}
+#  endif
+# endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/cmserr.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/cmserr.h
new file mode 100644
index 000000000..3f8ae26da
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/cmserr.h
@@ -0,0 +1,196 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CMSERR_H
+# define HEADER_CMSERR_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_CMS
+
+#  ifdef  __cplusplus
+extern "C"
+#  endif
+int ERR_load_CMS_strings(void);
+
+/*
+ * CMS function codes.
+ */
+#  define CMS_F_CHECK_CONTENT                              99
+#  define CMS_F_CMS_ADD0_CERT                              164
+#  define CMS_F_CMS_ADD0_RECIPIENT_KEY                     100
+#  define CMS_F_CMS_ADD0_RECIPIENT_PASSWORD                165
+#  define CMS_F_CMS_ADD1_RECEIPTREQUEST                    158
+#  define CMS_F_CMS_ADD1_RECIPIENT_CERT                    101
+#  define CMS_F_CMS_ADD1_SIGNER                            102
+#  define CMS_F_CMS_ADD1_SIGNINGTIME                       103
+#  define CMS_F_CMS_COMPRESS                               104
+#  define CMS_F_CMS_COMPRESSEDDATA_CREATE                  105
+#  define CMS_F_CMS_COMPRESSEDDATA_INIT_BIO                106
+#  define CMS_F_CMS_COPY_CONTENT                           107
+#  define CMS_F_CMS_COPY_MESSAGEDIGEST                     108
+#  define CMS_F_CMS_DATA                                   109
+#  define CMS_F_CMS_DATAFINAL                              110
+#  define CMS_F_CMS_DATAINIT                               111
+#  define CMS_F_CMS_DECRYPT                                112
+#  define CMS_F_CMS_DECRYPT_SET1_KEY                       113
+#  define CMS_F_CMS_DECRYPT_SET1_PASSWORD                  166
+#  define CMS_F_CMS_DECRYPT_SET1_PKEY                      114
+#  define CMS_F_CMS_DIGESTALGORITHM_FIND_CTX               115
+#  define CMS_F_CMS_DIGESTALGORITHM_INIT_BIO               116
+#  define CMS_F_CMS_DIGESTEDDATA_DO_FINAL                  117
+#  define CMS_F_CMS_DIGEST_VERIFY                          118
+#  define CMS_F_CMS_ENCODE_RECEIPT                         161
+#  define CMS_F_CMS_ENCRYPT                                119
+#  define CMS_F_CMS_ENCRYPTEDCONTENT_INIT                  179
+#  define CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO              120
+#  define CMS_F_CMS_ENCRYPTEDDATA_DECRYPT                  121
+#  define CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT                  122
+#  define CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY                 123
+#  define CMS_F_CMS_ENVELOPEDDATA_CREATE                   124
+#  define CMS_F_CMS_ENVELOPEDDATA_INIT_BIO                 125
+#  define CMS_F_CMS_ENVELOPED_DATA_INIT                    126
+#  define CMS_F_CMS_ENV_ASN1_CTRL                          171
+#  define CMS_F_CMS_FINAL                                  127
+#  define CMS_F_CMS_GET0_CERTIFICATE_CHOICES               128
+#  define CMS_F_CMS_GET0_CONTENT                           129
+#  define CMS_F_CMS_GET0_ECONTENT_TYPE                     130
+#  define CMS_F_CMS_GET0_ENVELOPED                         131
+#  define CMS_F_CMS_GET0_REVOCATION_CHOICES                132
+#  define CMS_F_CMS_GET0_SIGNED                            133
+#  define CMS_F_CMS_MSGSIGDIGEST_ADD1                      162
+#  define CMS_F_CMS_RECEIPTREQUEST_CREATE0                 159
+#  define CMS_F_CMS_RECEIPT_VERIFY                         160
+#  define CMS_F_CMS_RECIPIENTINFO_DECRYPT                  134
+#  define CMS_F_CMS_RECIPIENTINFO_ENCRYPT                  169
+#  define CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT             178
+#  define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG            175
+#  define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID        173
+#  define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS           172
+#  define CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP         174
+#  define CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT            135
+#  define CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT            136
+#  define CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID            137
+#  define CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP             138
+#  define CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP            139
+#  define CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT             140
+#  define CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT             141
+#  define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS           142
+#  define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID      143
+#  define CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT               167
+#  define CMS_F_CMS_RECIPIENTINFO_SET0_KEY                 144
+#  define CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD            168
+#  define CMS_F_CMS_RECIPIENTINFO_SET0_PKEY                145
+#  define CMS_F_CMS_SD_ASN1_CTRL                           170
+#  define CMS_F_CMS_SET1_IAS                               176
+#  define CMS_F_CMS_SET1_KEYID                             177
+#  define CMS_F_CMS_SET1_SIGNERIDENTIFIER                  146
+#  define CMS_F_CMS_SET_DETACHED                           147
+#  define CMS_F_CMS_SIGN                                   148
+#  define CMS_F_CMS_SIGNED_DATA_INIT                       149
+#  define CMS_F_CMS_SIGNERINFO_CONTENT_SIGN                150
+#  define CMS_F_CMS_SIGNERINFO_SIGN                        151
+#  define CMS_F_CMS_SIGNERINFO_VERIFY                      152
+#  define CMS_F_CMS_SIGNERINFO_VERIFY_CERT                 153
+#  define CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT              154
+#  define CMS_F_CMS_SIGN_RECEIPT                           163
+#  define CMS_F_CMS_STREAM                                 155
+#  define CMS_F_CMS_UNCOMPRESS                             156
+#  define CMS_F_CMS_VERIFY                                 157
+#  define CMS_F_KEK_UNWRAP_KEY                             180
+
+/*
+ * CMS reason codes.
+ */
+#  define CMS_R_ADD_SIGNER_ERROR                           99
+#  define CMS_R_CERTIFICATE_ALREADY_PRESENT                175
+#  define CMS_R_CERTIFICATE_HAS_NO_KEYID                   160
+#  define CMS_R_CERTIFICATE_VERIFY_ERROR                   100
+#  define CMS_R_CIPHER_INITIALISATION_ERROR                101
+#  define CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR      102
+#  define CMS_R_CMS_DATAFINAL_ERROR                        103
+#  define CMS_R_CMS_LIB                                    104
+#  define CMS_R_CONTENTIDENTIFIER_MISMATCH                 170
+#  define CMS_R_CONTENT_NOT_FOUND                          105
+#  define CMS_R_CONTENT_TYPE_MISMATCH                      171
+#  define CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA           106
+#  define CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA            107
+#  define CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA               108
+#  define CMS_R_CONTENT_VERIFY_ERROR                       109
+#  define CMS_R_CTRL_ERROR                                 110
+#  define CMS_R_CTRL_FAILURE                               111
+#  define CMS_R_DECRYPT_ERROR                              112
+#  define CMS_R_ERROR_GETTING_PUBLIC_KEY                   113
+#  define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE      114
+#  define CMS_R_ERROR_SETTING_KEY                          115
+#  define CMS_R_ERROR_SETTING_RECIPIENTINFO                116
+#  define CMS_R_INVALID_ENCRYPTED_KEY_LENGTH               117
+#  define CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER           176
+#  define CMS_R_INVALID_KEY_LENGTH                         118
+#  define CMS_R_MD_BIO_INIT_ERROR                          119
+#  define CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH       120
+#  define CMS_R_MESSAGEDIGEST_WRONG_LENGTH                 121
+#  define CMS_R_MSGSIGDIGEST_ERROR                         172
+#  define CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE          162
+#  define CMS_R_MSGSIGDIGEST_WRONG_LENGTH                  163
+#  define CMS_R_NEED_ONE_SIGNER                            164
+#  define CMS_R_NOT_A_SIGNED_RECEIPT                       165
+#  define CMS_R_NOT_ENCRYPTED_DATA                         122
+#  define CMS_R_NOT_KEK                                    123
+#  define CMS_R_NOT_KEY_AGREEMENT                          181
+#  define CMS_R_NOT_KEY_TRANSPORT                          124
+#  define CMS_R_NOT_PWRI                                   177
+#  define CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE            125
+#  define CMS_R_NO_CIPHER                                  126
+#  define CMS_R_NO_CONTENT                                 127
+#  define CMS_R_NO_CONTENT_TYPE                            173
+#  define CMS_R_NO_DEFAULT_DIGEST                          128
+#  define CMS_R_NO_DIGEST_SET                              129
+#  define CMS_R_NO_KEY                                     130
+#  define CMS_R_NO_KEY_OR_CERT                             174
+#  define CMS_R_NO_MATCHING_DIGEST                         131
+#  define CMS_R_NO_MATCHING_RECIPIENT                      132
+#  define CMS_R_NO_MATCHING_SIGNATURE                      166
+#  define CMS_R_NO_MSGSIGDIGEST                            167
+#  define CMS_R_NO_PASSWORD                                178
+#  define CMS_R_NO_PRIVATE_KEY                             133
+#  define CMS_R_NO_PUBLIC_KEY                              134
+#  define CMS_R_NO_RECEIPT_REQUEST                         168
+#  define CMS_R_NO_SIGNERS                                 135
+#  define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE     136
+#  define CMS_R_RECEIPT_DECODE_ERROR                       169
+#  define CMS_R_RECIPIENT_ERROR                            137
+#  define CMS_R_SIGNER_CERTIFICATE_NOT_FOUND               138
+#  define CMS_R_SIGNFINAL_ERROR                            139
+#  define CMS_R_SMIME_TEXT_ERROR                           140
+#  define CMS_R_STORE_INIT_ERROR                           141
+#  define CMS_R_TYPE_NOT_COMPRESSED_DATA                   142
+#  define CMS_R_TYPE_NOT_DATA                              143
+#  define CMS_R_TYPE_NOT_DIGESTED_DATA                     144
+#  define CMS_R_TYPE_NOT_ENCRYPTED_DATA                    145
+#  define CMS_R_TYPE_NOT_ENVELOPED_DATA                    146
+#  define CMS_R_UNABLE_TO_FINALIZE_CONTEXT                 147
+#  define CMS_R_UNKNOWN_CIPHER                             148
+#  define CMS_R_UNKNOWN_DIGEST_ALGORITHM                   149
+#  define CMS_R_UNKNOWN_ID                                 150
+#  define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM          151
+#  define CMS_R_UNSUPPORTED_CONTENT_TYPE                   152
+#  define CMS_R_UNSUPPORTED_KEK_ALGORITHM                  153
+#  define CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM       179
+#  define CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE             155
+#  define CMS_R_UNSUPPORTED_RECIPIENT_TYPE                 154
+#  define CMS_R_UNSUPPORTED_TYPE                           156
+#  define CMS_R_UNWRAP_ERROR                               157
+#  define CMS_R_UNWRAP_FAILURE                             180
+#  define CMS_R_VERIFICATION_FAILURE                       158
+#  define CMS_R_WRAP_ERROR                                 159
+
+# endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/comp.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/comp.h
new file mode 100644
index 000000000..d814d3cf2
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/comp.h
@@ -0,0 +1,53 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_COMP_H
+# define HEADER_COMP_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_COMP
+# include <openssl/crypto.h>
+# include <openssl/comperr.h>
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+
+
+COMP_CTX *COMP_CTX_new(COMP_METHOD *meth);
+const COMP_METHOD *COMP_CTX_get_method(const COMP_CTX *ctx);
+int COMP_CTX_get_type(const COMP_CTX* comp);
+int COMP_get_type(const COMP_METHOD *meth);
+const char *COMP_get_name(const COMP_METHOD *meth);
+void COMP_CTX_free(COMP_CTX *ctx);
+
+int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen,
+                        unsigned char *in, int ilen);
+int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
+                      unsigned char *in, int ilen);
+
+COMP_METHOD *COMP_zlib(void);
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+#define COMP_zlib_cleanup() while(0) continue
+#endif
+
+# ifdef HEADER_BIO_H
+#  ifdef ZLIB
+const BIO_METHOD *BIO_f_zlib(void);
+#  endif
+# endif
+
+
+#  ifdef  __cplusplus
+}
+#  endif
+# endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/comperr.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/comperr.h
new file mode 100644
index 000000000..edea63a68
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/comperr.h
@@ -0,0 +1,40 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_COMPERR_H
+# define HEADER_COMPERR_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_COMP
+
+#  ifdef  __cplusplus
+extern "C"
+#  endif
+int ERR_load_COMP_strings(void);
+
+/*
+ * COMP function codes.
+ */
+#  define COMP_F_BIO_ZLIB_FLUSH                            99
+#  define COMP_F_BIO_ZLIB_NEW                              100
+#  define COMP_F_BIO_ZLIB_READ                             101
+#  define COMP_F_BIO_ZLIB_WRITE                            102
+#  define COMP_F_COMP_CTX_NEW                              103
+
+/*
+ * COMP reason codes.
+ */
+#  define COMP_R_ZLIB_DEFLATE_ERROR                        99
+#  define COMP_R_ZLIB_INFLATE_ERROR                        100
+#  define COMP_R_ZLIB_NOT_SUPPORTED                        101
+
+# endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/conf.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/conf.h
new file mode 100644
index 000000000..7336cd2f1
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/conf.h
@@ -0,0 +1,168 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef  HEADER_CONF_H
+# define HEADER_CONF_H
+
+# include <openssl/bio.h>
+# include <openssl/lhash.h>
+# include <openssl/safestack.h>
+# include <openssl/e_os2.h>
+# include <openssl/ossl_typ.h>
+# include <openssl/conferr.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+typedef struct {
+    char *section;
+    char *name;
+    char *value;
+} CONF_VALUE;
+
+DEFINE_STACK_OF(CONF_VALUE)
+DEFINE_LHASH_OF(CONF_VALUE);
+
+struct conf_st;
+struct conf_method_st;
+typedef struct conf_method_st CONF_METHOD;
+
+struct conf_method_st {
+    const char *name;
+    CONF *(*create) (CONF_METHOD *meth);
+    int (*init) (CONF *conf);
+    int (*destroy) (CONF *conf);
+    int (*destroy_data) (CONF *conf);
+    int (*load_bio) (CONF *conf, BIO *bp, long *eline);
+    int (*dump) (const CONF *conf, BIO *bp);
+    int (*is_number) (const CONF *conf, char c);
+    int (*to_int) (const CONF *conf, char c);
+    int (*load) (CONF *conf, const char *name, long *eline);
+};
+
+/* Module definitions */
+
+typedef struct conf_imodule_st CONF_IMODULE;
+typedef struct conf_module_st CONF_MODULE;
+
+DEFINE_STACK_OF(CONF_MODULE)
+DEFINE_STACK_OF(CONF_IMODULE)
+
+/* DSO module function typedefs */
+typedef int conf_init_func (CONF_IMODULE *md, const CONF *cnf);
+typedef void conf_finish_func (CONF_IMODULE *md);
+
+# define CONF_MFLAGS_IGNORE_ERRORS       0x1
+# define CONF_MFLAGS_IGNORE_RETURN_CODES 0x2
+# define CONF_MFLAGS_SILENT              0x4
+# define CONF_MFLAGS_NO_DSO              0x8
+# define CONF_MFLAGS_IGNORE_MISSING_FILE 0x10
+# define CONF_MFLAGS_DEFAULT_SECTION     0x20
+
+int CONF_set_default_method(CONF_METHOD *meth);
+void CONF_set_nconf(CONF *conf, LHASH_OF(CONF_VALUE) *hash);
+LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file,
+                                long *eline);
+# ifndef OPENSSL_NO_STDIO
+LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp,
+                                   long *eline);
+# endif
+LHASH_OF(CONF_VALUE) *CONF_load_bio(LHASH_OF(CONF_VALUE) *conf, BIO *bp,
+                                    long *eline);
+STACK_OF(CONF_VALUE) *CONF_get_section(LHASH_OF(CONF_VALUE) *conf,
+                                       const char *section);
+char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf, const char *group,
+                      const char *name);
+long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group,
+                     const char *name);
+void CONF_free(LHASH_OF(CONF_VALUE) *conf);
+#ifndef OPENSSL_NO_STDIO
+int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out);
+#endif
+int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out);
+
+DEPRECATEDIN_1_1_0(void OPENSSL_config(const char *config_name))
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define OPENSSL_no_config() \
+    OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL)
+#endif
+
+/*
+ * New conf code.  The semantics are different from the functions above. If
+ * that wasn't the case, the above functions would have been replaced
+ */
+
+struct conf_st {
+    CONF_METHOD *meth;
+    void *meth_data;
+    LHASH_OF(CONF_VALUE) *data;
+};
+
+CONF *NCONF_new(CONF_METHOD *meth);
+CONF_METHOD *NCONF_default(void);
+CONF_METHOD *NCONF_WIN32(void);
+void NCONF_free(CONF *conf);
+void NCONF_free_data(CONF *conf);
+
+int NCONF_load(CONF *conf, const char *file, long *eline);
+# ifndef OPENSSL_NO_STDIO
+int NCONF_load_fp(CONF *conf, FILE *fp, long *eline);
+# endif
+int NCONF_load_bio(CONF *conf, BIO *bp, long *eline);
+STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,
+                                        const char *section);
+char *NCONF_get_string(const CONF *conf, const char *group, const char *name);
+int NCONF_get_number_e(const CONF *conf, const char *group, const char *name,
+                       long *result);
+#ifndef OPENSSL_NO_STDIO
+int NCONF_dump_fp(const CONF *conf, FILE *out);
+#endif
+int NCONF_dump_bio(const CONF *conf, BIO *out);
+
+#define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r)
+
+/* Module functions */
+
+int CONF_modules_load(const CONF *cnf, const char *appname,
+                      unsigned long flags);
+int CONF_modules_load_file(const char *filename, const char *appname,
+                           unsigned long flags);
+void CONF_modules_unload(int all);
+void CONF_modules_finish(void);
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define CONF_modules_free() while(0) continue
+#endif
+int CONF_module_add(const char *name, conf_init_func *ifunc,
+                    conf_finish_func *ffunc);
+
+const char *CONF_imodule_get_name(const CONF_IMODULE *md);
+const char *CONF_imodule_get_value(const CONF_IMODULE *md);
+void *CONF_imodule_get_usr_data(const CONF_IMODULE *md);
+void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data);
+CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md);
+unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md);
+void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags);
+void *CONF_module_get_usr_data(CONF_MODULE *pmod);
+void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data);
+
+char *CONF_get1_default_config_file(void);
+
+int CONF_parse_list(const char *list, int sep, int nospc,
+                    int (*list_cb) (const char *elem, int len, void *usr),
+                    void *arg);
+
+void OPENSSL_load_builtin_modules(void);
+
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/conf_api.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/conf_api.h
new file mode 100644
index 000000000..a0275ad79
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/conf_api.h
@@ -0,0 +1,40 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef  HEADER_CONF_API_H
+# define HEADER_CONF_API_H
+
+# include <openssl/lhash.h>
+# include <openssl/conf.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* Up until OpenSSL 0.9.5a, this was new_section */
+CONF_VALUE *_CONF_new_section(CONF *conf, const char *section);
+/* Up until OpenSSL 0.9.5a, this was get_section */
+CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section);
+/* Up until OpenSSL 0.9.5a, this was CONF_get_section */
+STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf,
+                                               const char *section);
+
+int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value);
+char *_CONF_get_string(const CONF *conf, const char *section,
+                       const char *name);
+long _CONF_get_number(const CONF *conf, const char *section,
+                      const char *name);
+
+int _CONF_new_data(CONF *conf);
+void _CONF_free_data(CONF *conf);
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/conferr.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/conferr.h
new file mode 100644
index 000000000..d1c92f45d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/conferr.h
@@ -0,0 +1,72 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CONFERR_H
+# define HEADER_CONFERR_H
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_CONF_strings(void);
+
+/*
+ * CONF function codes.
+ */
+# define CONF_F_CONF_DUMP_FP                              104
+# define CONF_F_CONF_LOAD                                 100
+# define CONF_F_CONF_LOAD_FP                              103
+# define CONF_F_CONF_PARSE_LIST                           119
+# define CONF_F_DEF_LOAD                                  120
+# define CONF_F_DEF_LOAD_BIO                              121
+# define CONF_F_GET_NEXT_FILE                             107
+# define CONF_F_MODULE_ADD                                122
+# define CONF_F_MODULE_INIT                               115
+# define CONF_F_MODULE_LOAD_DSO                           117
+# define CONF_F_MODULE_RUN                                118
+# define CONF_F_NCONF_DUMP_BIO                            105
+# define CONF_F_NCONF_DUMP_FP                             106
+# define CONF_F_NCONF_GET_NUMBER_E                        112
+# define CONF_F_NCONF_GET_SECTION                         108
+# define CONF_F_NCONF_GET_STRING                          109
+# define CONF_F_NCONF_LOAD                                113
+# define CONF_F_NCONF_LOAD_BIO                            110
+# define CONF_F_NCONF_LOAD_FP                             114
+# define CONF_F_NCONF_NEW                                 111
+# define CONF_F_PROCESS_INCLUDE                           116
+# define CONF_F_SSL_MODULE_INIT                           123
+# define CONF_F_STR_COPY                                  101
+
+/*
+ * CONF reason codes.
+ */
+# define CONF_R_ERROR_LOADING_DSO                         110
+# define CONF_R_LIST_CANNOT_BE_NULL                       115
+# define CONF_R_MISSING_CLOSE_SQUARE_BRACKET              100
+# define CONF_R_MISSING_EQUAL_SIGN                        101
+# define CONF_R_MISSING_INIT_FUNCTION                     112
+# define CONF_R_MODULE_INITIALIZATION_ERROR               109
+# define CONF_R_NO_CLOSE_BRACE                            102
+# define CONF_R_NO_CONF                                   105
+# define CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE           106
+# define CONF_R_NO_SECTION                                107
+# define CONF_R_NO_SUCH_FILE                              114
+# define CONF_R_NO_VALUE                                  108
+# define CONF_R_NUMBER_TOO_LARGE                          121
+# define CONF_R_RECURSIVE_DIRECTORY_INCLUDE               111
+# define CONF_R_SSL_COMMAND_SECTION_EMPTY                 117
+# define CONF_R_SSL_COMMAND_SECTION_NOT_FOUND             118
+# define CONF_R_SSL_SECTION_EMPTY                         119
+# define CONF_R_SSL_SECTION_NOT_FOUND                     120
+# define CONF_R_UNABLE_TO_CREATE_NEW_SECTION              103
+# define CONF_R_UNKNOWN_MODULE_NAME                       113
+# define CONF_R_VARIABLE_EXPANSION_TOO_LONG               116
+# define CONF_R_VARIABLE_HAS_NO_VALUE                     104
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/crypto.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/crypto.h
new file mode 100644
index 000000000..7d0b52623
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/crypto.h
@@ -0,0 +1,445 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CRYPTO_H
+# define HEADER_CRYPTO_H
+
+# include <stdlib.h>
+# include <time.h>
+
+# include <openssl/e_os2.h>
+
+# ifndef OPENSSL_NO_STDIO
+#  include <stdio.h>
+# endif
+
+# include <openssl/safestack.h>
+# include <openssl/opensslv.h>
+# include <openssl/ossl_typ.h>
+# include <openssl/opensslconf.h>
+# include <openssl/cryptoerr.h>
+
+# ifdef CHARSET_EBCDIC
+#  include <openssl/ebcdic.h>
+# endif
+
+/*
+ * Resolve problems on some operating systems with symbol names that clash
+ * one way or another
+ */
+# include <openssl/symhacks.h>
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  include <openssl/opensslv.h>
+# endif
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define SSLeay                  OpenSSL_version_num
+#  define SSLeay_version          OpenSSL_version
+#  define SSLEAY_VERSION_NUMBER   OPENSSL_VERSION_NUMBER
+#  define SSLEAY_VERSION          OPENSSL_VERSION
+#  define SSLEAY_CFLAGS           OPENSSL_CFLAGS
+#  define SSLEAY_BUILT_ON         OPENSSL_BUILT_ON
+#  define SSLEAY_PLATFORM         OPENSSL_PLATFORM
+#  define SSLEAY_DIR              OPENSSL_DIR
+
+/*
+ * Old type for allocating dynamic locks. No longer used. Use the new thread
+ * API instead.
+ */
+typedef struct {
+    int dummy;
+} CRYPTO_dynlock;
+
+# endif /* OPENSSL_API_COMPAT */
+
+typedef void CRYPTO_RWLOCK;
+
+CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void);
+int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock);
+int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock);
+int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock);
+void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock);
+
+int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock);
+
+/*
+ * The following can be used to detect memory leaks in the library. If
+ * used, it turns on malloc checking
+ */
+# define CRYPTO_MEM_CHECK_OFF     0x0   /* Control only */
+# define CRYPTO_MEM_CHECK_ON      0x1   /* Control and mode bit */
+# define CRYPTO_MEM_CHECK_ENABLE  0x2   /* Control and mode bit */
+# define CRYPTO_MEM_CHECK_DISABLE 0x3   /* Control only */
+
+struct crypto_ex_data_st {
+    STACK_OF(void) *sk;
+};
+DEFINE_STACK_OF(void)
+
+/*
+ * Per class, we have a STACK of function pointers.
+ */
+# define CRYPTO_EX_INDEX_SSL              0
+# define CRYPTO_EX_INDEX_SSL_CTX          1
+# define CRYPTO_EX_INDEX_SSL_SESSION      2
+# define CRYPTO_EX_INDEX_X509             3
+# define CRYPTO_EX_INDEX_X509_STORE       4
+# define CRYPTO_EX_INDEX_X509_STORE_CTX   5
+# define CRYPTO_EX_INDEX_DH               6
+# define CRYPTO_EX_INDEX_DSA              7
+# define CRYPTO_EX_INDEX_EC_KEY           8
+# define CRYPTO_EX_INDEX_RSA              9
+# define CRYPTO_EX_INDEX_ENGINE          10
+# define CRYPTO_EX_INDEX_UI              11
+# define CRYPTO_EX_INDEX_BIO             12
+# define CRYPTO_EX_INDEX_APP             13
+# define CRYPTO_EX_INDEX_UI_METHOD       14
+# define CRYPTO_EX_INDEX_DRBG            15
+# define CRYPTO_EX_INDEX__COUNT          16
+
+/* No longer needed, so this is a no-op */
+#define OPENSSL_malloc_init() while(0) continue
+
+int CRYPTO_mem_ctrl(int mode);
+
+# define OPENSSL_malloc(num) \
+        CRYPTO_malloc(num, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_zalloc(num) \
+        CRYPTO_zalloc(num, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_realloc(addr, num) \
+        CRYPTO_realloc(addr, num, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_clear_realloc(addr, old_num, num) \
+        CRYPTO_clear_realloc(addr, old_num, num, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_clear_free(addr, num) \
+        CRYPTO_clear_free(addr, num, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_free(addr) \
+        CRYPTO_free(addr, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_memdup(str, s) \
+        CRYPTO_memdup((str), s, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_strdup(str) \
+        CRYPTO_strdup(str, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_strndup(str, n) \
+        CRYPTO_strndup(str, n, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_secure_malloc(num) \
+        CRYPTO_secure_malloc(num, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_secure_zalloc(num) \
+        CRYPTO_secure_zalloc(num, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_secure_free(addr) \
+        CRYPTO_secure_free(addr, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_secure_clear_free(addr, num) \
+        CRYPTO_secure_clear_free(addr, num, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_secure_actual_size(ptr) \
+        CRYPTO_secure_actual_size(ptr)
+
+size_t OPENSSL_strlcpy(char *dst, const char *src, size_t siz);
+size_t OPENSSL_strlcat(char *dst, const char *src, size_t siz);
+size_t OPENSSL_strnlen(const char *str, size_t maxlen);
+char *OPENSSL_buf2hexstr(const unsigned char *buffer, long len);
+unsigned char *OPENSSL_hexstr2buf(const char *str, long *len);
+int OPENSSL_hexchar2int(unsigned char c);
+
+# define OPENSSL_MALLOC_MAX_NELEMS(type)  (((1U<<(sizeof(int)*8-1))-1)/sizeof(type))
+
+unsigned long OpenSSL_version_num(void);
+const char *OpenSSL_version(int type);
+# define OPENSSL_VERSION          0
+# define OPENSSL_CFLAGS           1
+# define OPENSSL_BUILT_ON         2
+# define OPENSSL_PLATFORM         3
+# define OPENSSL_DIR              4
+# define OPENSSL_ENGINES_DIR      5
+
+int OPENSSL_issetugid(void);
+
+typedef void CRYPTO_EX_new (void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+                           int idx, long argl, void *argp);
+typedef void CRYPTO_EX_free (void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+                             int idx, long argl, void *argp);
+typedef int CRYPTO_EX_dup (CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
+                           void *from_d, int idx, long argl, void *argp);
+__owur int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,
+                            CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
+                            CRYPTO_EX_free *free_func);
+/* No longer use an index. */
+int CRYPTO_free_ex_index(int class_index, int idx);
+
+/*
+ * Initialise/duplicate/free CRYPTO_EX_DATA variables corresponding to a
+ * given class (invokes whatever per-class callbacks are applicable)
+ */
+int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad);
+int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
+                       const CRYPTO_EX_DATA *from);
+
+void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad);
+
+/*
+ * Get/set data in a CRYPTO_EX_DATA variable corresponding to a particular
+ * index (relative to the class type involved)
+ */
+int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val);
+void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx);
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+/*
+ * This function cleans up all "ex_data" state. It mustn't be called under
+ * potential race-conditions.
+ */
+# define CRYPTO_cleanup_all_ex_data() while(0) continue
+
+/*
+ * The old locking functions have been removed completely without compatibility
+ * macros. This is because the old functions either could not properly report
+ * errors, or the returned error values were not clearly documented.
+ * Replacing the locking functions with no-ops would cause race condition
+ * issues in the affected applications. It is far better for them to fail at
+ * compile time.
+ * On the other hand, the locking callbacks are no longer used.  Consequently,
+ * the callback management functions can be safely replaced with no-op macros.
+ */
+#  define CRYPTO_num_locks()            (1)
+#  define CRYPTO_set_locking_callback(func)
+#  define CRYPTO_get_locking_callback()         (NULL)
+#  define CRYPTO_set_add_lock_callback(func)
+#  define CRYPTO_get_add_lock_callback()        (NULL)
+
+/*
+ * These defines where used in combination with the old locking callbacks,
+ * they are not called anymore, but old code that's not called might still
+ * use them.
+ */
+#  define CRYPTO_LOCK             1
+#  define CRYPTO_UNLOCK           2
+#  define CRYPTO_READ             4
+#  define CRYPTO_WRITE            8
+
+/* This structure is no longer used */
+typedef struct crypto_threadid_st {
+    int dummy;
+} CRYPTO_THREADID;
+/* Only use CRYPTO_THREADID_set_[numeric|pointer]() within callbacks */
+#  define CRYPTO_THREADID_set_numeric(id, val)
+#  define CRYPTO_THREADID_set_pointer(id, ptr)
+#  define CRYPTO_THREADID_set_callback(threadid_func)   (0)
+#  define CRYPTO_THREADID_get_callback()                (NULL)
+#  define CRYPTO_THREADID_current(id)
+#  define CRYPTO_THREADID_cmp(a, b)                     (-1)
+#  define CRYPTO_THREADID_cpy(dest, src)
+#  define CRYPTO_THREADID_hash(id)                      (0UL)
+
+#  if OPENSSL_API_COMPAT < 0x10000000L
+#   define CRYPTO_set_id_callback(func)
+#   define CRYPTO_get_id_callback()                     (NULL)
+#   define CRYPTO_thread_id()                           (0UL)
+#  endif /* OPENSSL_API_COMPAT < 0x10000000L */
+
+#  define CRYPTO_set_dynlock_create_callback(dyn_create_function)
+#  define CRYPTO_set_dynlock_lock_callback(dyn_lock_function)
+#  define CRYPTO_set_dynlock_destroy_callback(dyn_destroy_function)
+#  define CRYPTO_get_dynlock_create_callback()          (NULL)
+#  define CRYPTO_get_dynlock_lock_callback()            (NULL)
+#  define CRYPTO_get_dynlock_destroy_callback()         (NULL)
+# endif /* OPENSSL_API_COMPAT < 0x10100000L */
+
+int CRYPTO_set_mem_functions(
+        void *(*m) (size_t, const char *, int),
+        void *(*r) (void *, size_t, const char *, int),
+        void (*f) (void *, const char *, int));
+int CRYPTO_set_mem_debug(int flag);
+void CRYPTO_get_mem_functions(
+        void *(**m) (size_t, const char *, int),
+        void *(**r) (void *, size_t, const char *, int),
+        void (**f) (void *, const char *, int));
+
+void *CRYPTO_malloc(size_t num, const char *file, int line);
+void *CRYPTO_zalloc(size_t num, const char *file, int line);
+void *CRYPTO_memdup(const void *str, size_t siz, const char *file, int line);
+char *CRYPTO_strdup(const char *str, const char *file, int line);
+char *CRYPTO_strndup(const char *str, size_t s, const char *file, int line);
+void CRYPTO_free(void *ptr, const char *file, int line);
+void CRYPTO_clear_free(void *ptr, size_t num, const char *file, int line);
+void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line);
+void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num,
+                           const char *file, int line);
+
+int CRYPTO_secure_malloc_init(size_t sz, int minsize);
+int CRYPTO_secure_malloc_done(void);
+void *CRYPTO_secure_malloc(size_t num, const char *file, int line);
+void *CRYPTO_secure_zalloc(size_t num, const char *file, int line);
+void CRYPTO_secure_free(void *ptr, const char *file, int line);
+void CRYPTO_secure_clear_free(void *ptr, size_t num,
+                              const char *file, int line);
+int CRYPTO_secure_allocated(const void *ptr);
+int CRYPTO_secure_malloc_initialized(void);
+size_t CRYPTO_secure_actual_size(void *ptr);
+size_t CRYPTO_secure_used(void);
+
+void OPENSSL_cleanse(void *ptr, size_t len);
+
+# ifndef OPENSSL_NO_CRYPTO_MDEBUG
+#  define OPENSSL_mem_debug_push(info) \
+        CRYPTO_mem_debug_push(info, OPENSSL_FILE, OPENSSL_LINE)
+#  define OPENSSL_mem_debug_pop() \
+        CRYPTO_mem_debug_pop()
+int CRYPTO_mem_debug_push(const char *info, const char *file, int line);
+int CRYPTO_mem_debug_pop(void);
+void CRYPTO_get_alloc_counts(int *mcount, int *rcount, int *fcount);
+
+/*-
+ * Debugging functions (enabled by CRYPTO_set_mem_debug(1))
+ * The flag argument has the following significance:
+ *   0:   called before the actual memory allocation has taken place
+ *   1:   called after the actual memory allocation has taken place
+ */
+void CRYPTO_mem_debug_malloc(void *addr, size_t num, int flag,
+        const char *file, int line);
+void CRYPTO_mem_debug_realloc(void *addr1, void *addr2, size_t num, int flag,
+        const char *file, int line);
+void CRYPTO_mem_debug_free(void *addr, int flag,
+        const char *file, int line);
+
+int CRYPTO_mem_leaks_cb(int (*cb) (const char *str, size_t len, void *u),
+                        void *u);
+#  ifndef OPENSSL_NO_STDIO
+int CRYPTO_mem_leaks_fp(FILE *);
+#  endif
+int CRYPTO_mem_leaks(BIO *bio);
+# endif
+
+/* die if we have to */
+ossl_noreturn void OPENSSL_die(const char *assertion, const char *file, int line);
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define OpenSSLDie(f,l,a) OPENSSL_die((a),(f),(l))
+# endif
+# define OPENSSL_assert(e) \
+    (void)((e) ? 0 : (OPENSSL_die("assertion failed: " #e, OPENSSL_FILE, OPENSSL_LINE), 1))
+
+int OPENSSL_isservice(void);
+
+int FIPS_mode(void);
+int FIPS_mode_set(int r);
+
+void OPENSSL_init(void);
+# ifdef OPENSSL_SYS_UNIX
+void OPENSSL_fork_prepare(void);
+void OPENSSL_fork_parent(void);
+void OPENSSL_fork_child(void);
+# endif
+
+struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result);
+int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec);
+int OPENSSL_gmtime_diff(int *pday, int *psec,
+                        const struct tm *from, const struct tm *to);
+
+/*
+ * CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal.
+ * It takes an amount of time dependent on |len|, but independent of the
+ * contents of |a| and |b|. Unlike memcmp, it cannot be used to put elements
+ * into a defined order as the return value when a != b is undefined, other
+ * than to be non-zero.
+ */
+int CRYPTO_memcmp(const void * in_a, const void * in_b, size_t len);
+
+/* Standard initialisation options */
+# define OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS 0x00000001L
+# define OPENSSL_INIT_LOAD_CRYPTO_STRINGS    0x00000002L
+# define OPENSSL_INIT_ADD_ALL_CIPHERS        0x00000004L
+# define OPENSSL_INIT_ADD_ALL_DIGESTS        0x00000008L
+# define OPENSSL_INIT_NO_ADD_ALL_CIPHERS     0x00000010L
+# define OPENSSL_INIT_NO_ADD_ALL_DIGESTS     0x00000020L
+# define OPENSSL_INIT_LOAD_CONFIG            0x00000040L
+# define OPENSSL_INIT_NO_LOAD_CONFIG         0x00000080L
+# define OPENSSL_INIT_ASYNC                  0x00000100L
+# define OPENSSL_INIT_ENGINE_RDRAND          0x00000200L
+# define OPENSSL_INIT_ENGINE_DYNAMIC         0x00000400L
+# define OPENSSL_INIT_ENGINE_OPENSSL         0x00000800L
+# define OPENSSL_INIT_ENGINE_CRYPTODEV       0x00001000L
+# define OPENSSL_INIT_ENGINE_CAPI            0x00002000L
+# define OPENSSL_INIT_ENGINE_PADLOCK         0x00004000L
+# define OPENSSL_INIT_ENGINE_AFALG           0x00008000L
+/* OPENSSL_INIT_ZLIB                         0x00010000L */
+# define OPENSSL_INIT_ATFORK                 0x00020000L
+/* OPENSSL_INIT_BASE_ONLY                    0x00040000L */
+# define OPENSSL_INIT_NO_ATEXIT              0x00080000L
+/* OPENSSL_INIT flag range 0xfff00000 reserved for OPENSSL_init_ssl() */
+/* Max OPENSSL_INIT flag value is 0x80000000 */
+
+/* openssl and dasync not counted as builtin */
+# define OPENSSL_INIT_ENGINE_ALL_BUILTIN \
+    (OPENSSL_INIT_ENGINE_RDRAND | OPENSSL_INIT_ENGINE_DYNAMIC \
+    | OPENSSL_INIT_ENGINE_CRYPTODEV | OPENSSL_INIT_ENGINE_CAPI | \
+    OPENSSL_INIT_ENGINE_PADLOCK)
+
+
+/* Library initialisation functions */
+void OPENSSL_cleanup(void);
+int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
+int OPENSSL_atexit(void (*handler)(void));
+void OPENSSL_thread_stop(void);
+
+/* Low-level control of initialization */
+OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void);
+# ifndef OPENSSL_NO_STDIO
+int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *settings,
+                                     const char *config_filename);
+void OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *settings,
+                                        unsigned long flags);
+int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *settings,
+                                    const char *config_appname);
+# endif
+void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *settings);
+
+# if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG)
+#  if defined(_WIN32)
+#   if defined(BASETYPES) || defined(_WINDEF_H)
+/* application has to include <windows.h> in order to use this */
+typedef DWORD CRYPTO_THREAD_LOCAL;
+typedef DWORD CRYPTO_THREAD_ID;
+
+typedef LONG CRYPTO_ONCE;
+#    define CRYPTO_ONCE_STATIC_INIT 0
+#   endif
+#  else
+#   include <pthread.h>
+typedef pthread_once_t CRYPTO_ONCE;
+typedef pthread_key_t CRYPTO_THREAD_LOCAL;
+typedef pthread_t CRYPTO_THREAD_ID;
+
+#   define CRYPTO_ONCE_STATIC_INIT PTHREAD_ONCE_INIT
+#  endif
+# endif
+
+# if !defined(CRYPTO_ONCE_STATIC_INIT)
+typedef unsigned int CRYPTO_ONCE;
+typedef unsigned int CRYPTO_THREAD_LOCAL;
+typedef unsigned int CRYPTO_THREAD_ID;
+#  define CRYPTO_ONCE_STATIC_INIT 0
+# endif
+
+int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void));
+
+int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *));
+void *CRYPTO_THREAD_get_local(CRYPTO_THREAD_LOCAL *key);
+int CRYPTO_THREAD_set_local(CRYPTO_THREAD_LOCAL *key, void *val);
+int CRYPTO_THREAD_cleanup_local(CRYPTO_THREAD_LOCAL *key);
+
+CRYPTO_THREAD_ID CRYPTO_THREAD_get_current_id(void);
+int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b);
+
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/cryptoerr.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/cryptoerr.h
new file mode 100644
index 000000000..10723d045
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/cryptoerr.h
@@ -0,0 +1,56 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CRYPTOERR_H
+# define HEADER_CRYPTOERR_H
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+
+# include <openssl/symhacks.h>
+
+int ERR_load_CRYPTO_strings(void);
+
+/*
+ * CRYPTO function codes.
+ */
+# define CRYPTO_F_CMAC_CTX_NEW                            120
+# define CRYPTO_F_CRYPTO_DUP_EX_DATA                      110
+# define CRYPTO_F_CRYPTO_FREE_EX_DATA                     111
+# define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX                 100
+# define CRYPTO_F_CRYPTO_MEMDUP                           115
+# define CRYPTO_F_CRYPTO_NEW_EX_DATA                      112
+# define CRYPTO_F_CRYPTO_OCB128_COPY_CTX                  121
+# define CRYPTO_F_CRYPTO_OCB128_INIT                      122
+# define CRYPTO_F_CRYPTO_SET_EX_DATA                      102
+# define CRYPTO_F_FIPS_MODE_SET                           109
+# define CRYPTO_F_GET_AND_LOCK                            113
+# define CRYPTO_F_OPENSSL_ATEXIT                          114
+# define CRYPTO_F_OPENSSL_BUF2HEXSTR                      117
+# define CRYPTO_F_OPENSSL_FOPEN                           119
+# define CRYPTO_F_OPENSSL_HEXSTR2BUF                      118
+# define CRYPTO_F_OPENSSL_INIT_CRYPTO                     116
+# define CRYPTO_F_OPENSSL_LH_NEW                          126
+# define CRYPTO_F_OPENSSL_SK_DEEP_COPY                    127
+# define CRYPTO_F_OPENSSL_SK_DUP                          128
+# define CRYPTO_F_PKEY_HMAC_INIT                          123
+# define CRYPTO_F_PKEY_POLY1305_INIT                      124
+# define CRYPTO_F_PKEY_SIPHASH_INIT                       125
+# define CRYPTO_F_SK_RESERVE                              129
+
+/*
+ * CRYPTO reason codes.
+ */
+# define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED                 101
+# define CRYPTO_R_ILLEGAL_HEX_DIGIT                       102
+# define CRYPTO_R_ODD_NUMBER_OF_DIGITS                    103
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/ct.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/ct.h
new file mode 100644
index 000000000..d4262fa04
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/ct.h
@@ -0,0 +1,476 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CT_H
+# define HEADER_CT_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_CT
+# include <openssl/ossl_typ.h>
+# include <openssl/safestack.h>
+# include <openssl/x509.h>
+# include <openssl/cterr.h>
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+
+/* Minimum RSA key size, from RFC6962 */
+# define SCT_MIN_RSA_BITS 2048
+
+/* All hashes are SHA256 in v1 of Certificate Transparency */
+# define CT_V1_HASHLEN SHA256_DIGEST_LENGTH
+
+typedef enum {
+    CT_LOG_ENTRY_TYPE_NOT_SET = -1,
+    CT_LOG_ENTRY_TYPE_X509 = 0,
+    CT_LOG_ENTRY_TYPE_PRECERT = 1
+} ct_log_entry_type_t;
+
+typedef enum {
+    SCT_VERSION_NOT_SET = -1,
+    SCT_VERSION_V1 = 0
+} sct_version_t;
+
+typedef enum {
+    SCT_SOURCE_UNKNOWN,
+    SCT_SOURCE_TLS_EXTENSION,
+    SCT_SOURCE_X509V3_EXTENSION,
+    SCT_SOURCE_OCSP_STAPLED_RESPONSE
+} sct_source_t;
+
+typedef enum {
+    SCT_VALIDATION_STATUS_NOT_SET,
+    SCT_VALIDATION_STATUS_UNKNOWN_LOG,
+    SCT_VALIDATION_STATUS_VALID,
+    SCT_VALIDATION_STATUS_INVALID,
+    SCT_VALIDATION_STATUS_UNVERIFIED,
+    SCT_VALIDATION_STATUS_UNKNOWN_VERSION
+} sct_validation_status_t;
+
+DEFINE_STACK_OF(SCT)
+DEFINE_STACK_OF(CTLOG)
+
+/******************************************
+ * CT policy evaluation context functions *
+ ******************************************/
+
+/*
+ * Creates a new, empty policy evaluation context.
+ * The caller is responsible for calling CT_POLICY_EVAL_CTX_free when finished
+ * with the CT_POLICY_EVAL_CTX.
+ */
+CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void);
+
+/* Deletes a policy evaluation context and anything it owns. */
+void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx);
+
+/* Gets the peer certificate that the SCTs are for */
+X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx);
+
+/*
+ * Sets the certificate associated with the received SCTs.
+ * Increments the reference count of cert.
+ * Returns 1 on success, 0 otherwise.
+ */
+int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert);
+
+/* Gets the issuer of the aforementioned certificate */
+X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx);
+
+/*
+ * Sets the issuer of the certificate associated with the received SCTs.
+ * Increments the reference count of issuer.
+ * Returns 1 on success, 0 otherwise.
+ */
+int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer);
+
+/* Gets the CT logs that are trusted sources of SCTs */
+const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx);
+
+/* Sets the log store that is in use. It must outlive the CT_POLICY_EVAL_CTX. */
+void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx,
+                                               CTLOG_STORE *log_store);
+
+/*
+ * Gets the time, in milliseconds since the Unix epoch, that will be used as the
+ * current time when checking whether an SCT was issued in the future.
+ * Such SCTs will fail validation, as required by RFC6962.
+ */
+uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx);
+
+/*
+ * Sets the time to evaluate SCTs against, in milliseconds since the Unix epoch.
+ * If an SCT's timestamp is after this time, it will be interpreted as having
+ * been issued in the future. RFC6962 states that "TLS clients MUST reject SCTs
+ * whose timestamp is in the future", so an SCT will not validate in this case.
+ */
+void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms);
+
+/*****************
+ * SCT functions *
+ *****************/
+
+/*
+ * Creates a new, blank SCT.
+ * The caller is responsible for calling SCT_free when finished with the SCT.
+ */
+SCT *SCT_new(void);
+
+/*
+ * Creates a new SCT from some base64-encoded strings.
+ * The caller is responsible for calling SCT_free when finished with the SCT.
+ */
+SCT *SCT_new_from_base64(unsigned char version,
+                         const char *logid_base64,
+                         ct_log_entry_type_t entry_type,
+                         uint64_t timestamp,
+                         const char *extensions_base64,
+                         const char *signature_base64);
+
+/*
+ * Frees the SCT and the underlying data structures.
+ */
+void SCT_free(SCT *sct);
+
+/*
+ * Free a stack of SCTs, and the underlying SCTs themselves.
+ * Intended to be compatible with X509V3_EXT_FREE.
+ */
+void SCT_LIST_free(STACK_OF(SCT) *a);
+
+/*
+ * Returns the version of the SCT.
+ */
+sct_version_t SCT_get_version(const SCT *sct);
+
+/*
+ * Set the version of an SCT.
+ * Returns 1 on success, 0 if the version is unrecognized.
+ */
+__owur int SCT_set_version(SCT *sct, sct_version_t version);
+
+/*
+ * Returns the log entry type of the SCT.
+ */
+ct_log_entry_type_t SCT_get_log_entry_type(const SCT *sct);
+
+/*
+ * Set the log entry type of an SCT.
+ * Returns 1 on success, 0 otherwise.
+ */
+__owur int SCT_set_log_entry_type(SCT *sct, ct_log_entry_type_t entry_type);
+
+/*
+ * Gets the ID of the log that an SCT came from.
+ * Ownership of the log ID remains with the SCT.
+ * Returns the length of the log ID.
+ */
+size_t SCT_get0_log_id(const SCT *sct, unsigned char **log_id);
+
+/*
+ * Set the log ID of an SCT to point directly to the *log_id specified.
+ * The SCT takes ownership of the specified pointer.
+ * Returns 1 on success, 0 otherwise.
+ */
+__owur int SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len);
+
+/*
+ * Set the log ID of an SCT.
+ * This makes a copy of the log_id.
+ * Returns 1 on success, 0 otherwise.
+ */
+__owur int SCT_set1_log_id(SCT *sct, const unsigned char *log_id,
+                           size_t log_id_len);
+
+/*
+ * Returns the timestamp for the SCT (epoch time in milliseconds).
+ */
+uint64_t SCT_get_timestamp(const SCT *sct);
+
+/*
+ * Set the timestamp of an SCT (epoch time in milliseconds).
+ */
+void SCT_set_timestamp(SCT *sct, uint64_t timestamp);
+
+/*
+ * Return the NID for the signature used by the SCT.
+ * For CT v1, this will be either NID_sha256WithRSAEncryption or
+ * NID_ecdsa_with_SHA256 (or NID_undef if incorrect/unset).
+ */
+int SCT_get_signature_nid(const SCT *sct);
+
+/*
+ * Set the signature type of an SCT
+ * For CT v1, this should be either NID_sha256WithRSAEncryption or
+ * NID_ecdsa_with_SHA256.
+ * Returns 1 on success, 0 otherwise.
+ */
+__owur int SCT_set_signature_nid(SCT *sct, int nid);
+
+/*
+ * Set *ext to point to the extension data for the SCT. ext must not be NULL.
+ * The SCT retains ownership of this pointer.
+ * Returns length of the data pointed to.
+ */
+size_t SCT_get0_extensions(const SCT *sct, unsigned char **ext);
+
+/*
+ * Set the extensions of an SCT to point directly to the *ext specified.
+ * The SCT takes ownership of the specified pointer.
+ */
+void SCT_set0_extensions(SCT *sct, unsigned char *ext, size_t ext_len);
+
+/*
+ * Set the extensions of an SCT.
+ * This takes a copy of the ext.
+ * Returns 1 on success, 0 otherwise.
+ */
+__owur int SCT_set1_extensions(SCT *sct, const unsigned char *ext,
+                               size_t ext_len);
+
+/*
+ * Set *sig to point to the signature for the SCT. sig must not be NULL.
+ * The SCT retains ownership of this pointer.
+ * Returns length of the data pointed to.
+ */
+size_t SCT_get0_signature(const SCT *sct, unsigned char **sig);
+
+/*
+ * Set the signature of an SCT to point directly to the *sig specified.
+ * The SCT takes ownership of the specified pointer.
+ */
+void SCT_set0_signature(SCT *sct, unsigned char *sig, size_t sig_len);
+
+/*
+ * Set the signature of an SCT to be a copy of the *sig specified.
+ * Returns 1 on success, 0 otherwise.
+ */
+__owur int SCT_set1_signature(SCT *sct, const unsigned char *sig,
+                              size_t sig_len);
+
+/*
+ * The origin of this SCT, e.g. TLS extension, OCSP response, etc.
+ */
+sct_source_t SCT_get_source(const SCT *sct);
+
+/*
+ * Set the origin of this SCT, e.g. TLS extension, OCSP response, etc.
+ * Returns 1 on success, 0 otherwise.
+ */
+__owur int SCT_set_source(SCT *sct, sct_source_t source);
+
+/*
+ * Returns a text string describing the validation status of |sct|.
+ */
+const char *SCT_validation_status_string(const SCT *sct);
+
+/*
+ * Pretty-prints an |sct| to |out|.
+ * It will be indented by the number of spaces specified by |indent|.
+ * If |logs| is not NULL, it will be used to lookup the CT log that the SCT came
+ * from, so that the log name can be printed.
+ */
+void SCT_print(const SCT *sct, BIO *out, int indent, const CTLOG_STORE *logs);
+
+/*
+ * Pretty-prints an |sct_list| to |out|.
+ * It will be indented by the number of spaces specified by |indent|.
+ * SCTs will be delimited by |separator|.
+ * If |logs| is not NULL, it will be used to lookup the CT log that each SCT
+ * came from, so that the log names can be printed.
+ */
+void SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent,
+                    const char *separator, const CTLOG_STORE *logs);
+
+/*
+ * Gets the last result of validating this SCT.
+ * If it has not been validated yet, returns SCT_VALIDATION_STATUS_NOT_SET.
+ */
+sct_validation_status_t SCT_get_validation_status(const SCT *sct);
+
+/*
+ * Validates the given SCT with the provided context.
+ * Sets the "validation_status" field of the SCT.
+ * Returns 1 if the SCT is valid and the signature verifies.
+ * Returns 0 if the SCT is invalid or could not be verified.
+ * Returns -1 if an error occurs.
+ */
+__owur int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx);
+
+/*
+ * Validates the given list of SCTs with the provided context.
+ * Sets the "validation_status" field of each SCT.
+ * Returns 1 if there are no invalid SCTs and all signatures verify.
+ * Returns 0 if at least one SCT is invalid or could not be verified.
+ * Returns a negative integer if an error occurs.
+ */
+__owur int SCT_LIST_validate(const STACK_OF(SCT) *scts,
+                             CT_POLICY_EVAL_CTX *ctx);
+
+
+/*********************************
+ * SCT parsing and serialisation *
+ *********************************/
+
+/*
+ * Serialize (to TLS format) a stack of SCTs and return the length.
+ * "a" must not be NULL.
+ * If "pp" is NULL, just return the length of what would have been serialized.
+ * If "pp" is not NULL and "*pp" is null, function will allocate a new pointer
+ * for data that caller is responsible for freeing (only if function returns
+ * successfully).
+ * If "pp" is NULL and "*pp" is not NULL, caller is responsible for ensuring
+ * that "*pp" is large enough to accept all of the serialized data.
+ * Returns < 0 on error, >= 0 indicating bytes written (or would have been)
+ * on success.
+ */
+__owur int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp);
+
+/*
+ * Convert TLS format SCT list to a stack of SCTs.
+ * If "a" or "*a" is NULL, a new stack will be created that the caller is
+ * responsible for freeing (by calling SCT_LIST_free).
+ * "**pp" and "*pp" must not be NULL.
+ * Upon success, "*pp" will point to after the last bytes read, and a stack
+ * will be returned.
+ * Upon failure, a NULL pointer will be returned, and the position of "*pp" is
+ * not defined.
+ */
+STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp,
+                            size_t len);
+
+/*
+ * Serialize (to DER format) a stack of SCTs and return the length.
+ * "a" must not be NULL.
+ * If "pp" is NULL, just returns the length of what would have been serialized.
+ * If "pp" is not NULL and "*pp" is null, function will allocate a new pointer
+ * for data that caller is responsible for freeing (only if function returns
+ * successfully).
+ * If "pp" is NULL and "*pp" is not NULL, caller is responsible for ensuring
+ * that "*pp" is large enough to accept all of the serialized data.
+ * Returns < 0 on error, >= 0 indicating bytes written (or would have been)
+ * on success.
+ */
+__owur int i2d_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp);
+
+/*
+ * Parses an SCT list in DER format and returns it.
+ * If "a" or "*a" is NULL, a new stack will be created that the caller is
+ * responsible for freeing (by calling SCT_LIST_free).
+ * "**pp" and "*pp" must not be NULL.
+ * Upon success, "*pp" will point to after the last bytes read, and a stack
+ * will be returned.
+ * Upon failure, a NULL pointer will be returned, and the position of "*pp" is
+ * not defined.
+ */
+STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp,
+                            long len);
+
+/*
+ * Serialize (to TLS format) an |sct| and write it to |out|.
+ * If |out| is null, no SCT will be output but the length will still be returned.
+ * If |out| points to a null pointer, a string will be allocated to hold the
+ * TLS-format SCT. It is the responsibility of the caller to free it.
+ * If |out| points to an allocated string, the TLS-format SCT will be written
+ * to it.
+ * The length of the SCT in TLS format will be returned.
+ */
+__owur int i2o_SCT(const SCT *sct, unsigned char **out);
+
+/*
+ * Parses an SCT in TLS format and returns it.
+ * If |psct| is not null, it will end up pointing to the parsed SCT. If it
+ * already points to a non-null pointer, the pointer will be free'd.
+ * |in| should be a pointer to a string containing the TLS-format SCT.
+ * |in| will be advanced to the end of the SCT if parsing succeeds.
+ * |len| should be the length of the SCT in |in|.
+ * Returns NULL if an error occurs.
+ * If the SCT is an unsupported version, only the SCT's 'sct' and 'sct_len'
+ * fields will be populated (with |in| and |len| respectively).
+ */
+SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len);
+
+/********************
+ * CT log functions *
+ ********************/
+
+/*
+ * Creates a new CT log instance with the given |public_key| and |name|.
+ * Takes ownership of |public_key| but copies |name|.
+ * Returns NULL if malloc fails or if |public_key| cannot be converted to DER.
+ * Should be deleted by the caller using CTLOG_free when no longer needed.
+ */
+CTLOG *CTLOG_new(EVP_PKEY *public_key, const char *name);
+
+/*
+ * Creates a new CTLOG instance with the base64-encoded SubjectPublicKeyInfo DER
+ * in |pkey_base64|. The |name| is a string to help users identify this log.
+ * Returns 1 on success, 0 on failure.
+ * Should be deleted by the caller using CTLOG_free when no longer needed.
+ */
+int CTLOG_new_from_base64(CTLOG ** ct_log,
+                          const char *pkey_base64, const char *name);
+
+/*
+ * Deletes a CT log instance and its fields.
+ */
+void CTLOG_free(CTLOG *log);
+
+/* Gets the name of the CT log */
+const char *CTLOG_get0_name(const CTLOG *log);
+/* Gets the ID of the CT log */
+void CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id,
+                       size_t *log_id_len);
+/* Gets the public key of the CT log */
+EVP_PKEY *CTLOG_get0_public_key(const CTLOG *log);
+
+/**************************
+ * CT log store functions *
+ **************************/
+
+/*
+ * Creates a new CT log store.
+ * Should be deleted by the caller using CTLOG_STORE_free when no longer needed.
+ */
+CTLOG_STORE *CTLOG_STORE_new(void);
+
+/*
+ * Deletes a CT log store and all of the CT log instances held within.
+ */
+void CTLOG_STORE_free(CTLOG_STORE *store);
+
+/*
+ * Finds a CT log in the store based on its log ID.
+ * Returns the CT log, or NULL if no match is found.
+ */
+const CTLOG *CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store,
+                                        const uint8_t *log_id,
+                                        size_t log_id_len);
+
+/*
+ * Loads a CT log list into a |store| from a |file|.
+ * Returns 1 if loading is successful, or 0 otherwise.
+ */
+__owur int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file);
+
+/*
+ * Loads the default CT log list into a |store|.
+ * See internal/cryptlib.h for the environment variable and file path that are
+ * consulted to find the default file.
+ * Returns 1 if loading is successful, or 0 otherwise.
+ */
+__owur int CTLOG_STORE_load_default_file(CTLOG_STORE *store);
+
+#  ifdef  __cplusplus
+}
+#  endif
+# endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/cterr.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/cterr.h
new file mode 100644
index 000000000..764e1a220
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/cterr.h
@@ -0,0 +1,76 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CTERR_H
+# define HEADER_CTERR_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_CT
+
+#  ifdef  __cplusplus
+extern "C"
+#  endif
+int ERR_load_CT_strings(void);
+
+/*
+ * CT function codes.
+ */
+#  define CT_F_CTLOG_NEW                                   117
+#  define CT_F_CTLOG_NEW_FROM_BASE64                       118
+#  define CT_F_CTLOG_NEW_FROM_CONF                         119
+#  define CT_F_CTLOG_STORE_LOAD_CTX_NEW                    122
+#  define CT_F_CTLOG_STORE_LOAD_FILE                       123
+#  define CT_F_CTLOG_STORE_LOAD_LOG                        130
+#  define CT_F_CTLOG_STORE_NEW                             131
+#  define CT_F_CT_BASE64_DECODE                            124
+#  define CT_F_CT_POLICY_EVAL_CTX_NEW                      133
+#  define CT_F_CT_V1_LOG_ID_FROM_PKEY                      125
+#  define CT_F_I2O_SCT                                     107
+#  define CT_F_I2O_SCT_LIST                                108
+#  define CT_F_I2O_SCT_SIGNATURE                           109
+#  define CT_F_O2I_SCT                                     110
+#  define CT_F_O2I_SCT_LIST                                111
+#  define CT_F_O2I_SCT_SIGNATURE                           112
+#  define CT_F_SCT_CTX_NEW                                 126
+#  define CT_F_SCT_CTX_VERIFY                              128
+#  define CT_F_SCT_NEW                                     100
+#  define CT_F_SCT_NEW_FROM_BASE64                         127
+#  define CT_F_SCT_SET0_LOG_ID                             101
+#  define CT_F_SCT_SET1_EXTENSIONS                         114
+#  define CT_F_SCT_SET1_LOG_ID                             115
+#  define CT_F_SCT_SET1_SIGNATURE                          116
+#  define CT_F_SCT_SET_LOG_ENTRY_TYPE                      102
+#  define CT_F_SCT_SET_SIGNATURE_NID                       103
+#  define CT_F_SCT_SET_VERSION                             104
+
+/*
+ * CT reason codes.
+ */
+#  define CT_R_BASE64_DECODE_ERROR                         108
+#  define CT_R_INVALID_LOG_ID_LENGTH                       100
+#  define CT_R_LOG_CONF_INVALID                            109
+#  define CT_R_LOG_CONF_INVALID_KEY                        110
+#  define CT_R_LOG_CONF_MISSING_DESCRIPTION                111
+#  define CT_R_LOG_CONF_MISSING_KEY                        112
+#  define CT_R_LOG_KEY_INVALID                             113
+#  define CT_R_SCT_FUTURE_TIMESTAMP                        116
+#  define CT_R_SCT_INVALID                                 104
+#  define CT_R_SCT_INVALID_SIGNATURE                       107
+#  define CT_R_SCT_LIST_INVALID                            105
+#  define CT_R_SCT_LOG_ID_MISMATCH                         114
+#  define CT_R_SCT_NOT_SET                                 106
+#  define CT_R_SCT_UNSUPPORTED_VERSION                     115
+#  define CT_R_UNRECOGNIZED_SIGNATURE_NID                  101
+#  define CT_R_UNSUPPORTED_ENTRY_TYPE                      102
+#  define CT_R_UNSUPPORTED_VERSION                         103
+
+# endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/des.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/des.h
new file mode 100644
index 000000000..be4abbdfd
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/des.h
@@ -0,0 +1,174 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_DES_H
+# define HEADER_DES_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_DES
+# ifdef  __cplusplus
+extern "C" {
+# endif
+# include <openssl/e_os2.h>
+
+typedef unsigned int DES_LONG;
+
+# ifdef OPENSSL_BUILD_SHLIBCRYPTO
+#  undef OPENSSL_EXTERN
+#  define OPENSSL_EXTERN OPENSSL_EXPORT
+# endif
+
+typedef unsigned char DES_cblock[8];
+typedef /* const */ unsigned char const_DES_cblock[8];
+/*
+ * With "const", gcc 2.8.1 on Solaris thinks that DES_cblock * and
+ * const_DES_cblock * are incompatible pointer types.
+ */
+
+typedef struct DES_ks {
+    union {
+        DES_cblock cblock;
+        /*
+         * make sure things are correct size on machines with 8 byte longs
+         */
+        DES_LONG deslong[2];
+    } ks[16];
+} DES_key_schedule;
+
+# define DES_KEY_SZ      (sizeof(DES_cblock))
+# define DES_SCHEDULE_SZ (sizeof(DES_key_schedule))
+
+# define DES_ENCRYPT     1
+# define DES_DECRYPT     0
+
+# define DES_CBC_MODE    0
+# define DES_PCBC_MODE   1
+
+# define DES_ecb2_encrypt(i,o,k1,k2,e) \
+        DES_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
+
+# define DES_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
+        DES_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
+
+# define DES_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
+        DES_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
+
+# define DES_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
+        DES_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
+
+OPENSSL_DECLARE_GLOBAL(int, DES_check_key); /* defaults to false */
+# define DES_check_key OPENSSL_GLOBAL_REF(DES_check_key)
+
+const char *DES_options(void);
+void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,
+                      DES_key_schedule *ks1, DES_key_schedule *ks2,
+                      DES_key_schedule *ks3, int enc);
+DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output,
+                       long length, DES_key_schedule *schedule,
+                       const_DES_cblock *ivec);
+/* DES_cbc_encrypt does not update the IV!  Use DES_ncbc_encrypt instead. */
+void DES_cbc_encrypt(const unsigned char *input, unsigned char *output,
+                     long length, DES_key_schedule *schedule,
+                     DES_cblock *ivec, int enc);
+void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output,
+                      long length, DES_key_schedule *schedule,
+                      DES_cblock *ivec, int enc);
+void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output,
+                      long length, DES_key_schedule *schedule,
+                      DES_cblock *ivec, const_DES_cblock *inw,
+                      const_DES_cblock *outw, int enc);
+void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
+                     long length, DES_key_schedule *schedule,
+                     DES_cblock *ivec, int enc);
+void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output,
+                     DES_key_schedule *ks, int enc);
+
+/*
+ * This is the DES encryption function that gets called by just about every
+ * other DES routine in the library.  You should not use this function except
+ * to implement 'modes' of DES.  I say this because the functions that call
+ * this routine do the conversion from 'char *' to long, and this needs to be
+ * done to make sure 'non-aligned' memory access do not occur.  The
+ * characters are loaded 'little endian'. Data is a pointer to 2 unsigned
+ * long's and ks is the DES_key_schedule to use.  enc, is non zero specifies
+ * encryption, zero if decryption.
+ */
+void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc);
+
+/*
+ * This functions is the same as DES_encrypt1() except that the DES initial
+ * permutation (IP) and final permutation (FP) have been left out.  As for
+ * DES_encrypt1(), you should not use this function. It is used by the
+ * routines in the library that implement triple DES. IP() DES_encrypt2()
+ * DES_encrypt2() DES_encrypt2() FP() is the same as DES_encrypt1()
+ * DES_encrypt1() DES_encrypt1() except faster :-).
+ */
+void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc);
+
+void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1,
+                  DES_key_schedule *ks2, DES_key_schedule *ks3);
+void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1,
+                  DES_key_schedule *ks2, DES_key_schedule *ks3);
+void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output,
+                          long length,
+                          DES_key_schedule *ks1, DES_key_schedule *ks2,
+                          DES_key_schedule *ks3, DES_cblock *ivec, int enc);
+void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                            long length, DES_key_schedule *ks1,
+                            DES_key_schedule *ks2, DES_key_schedule *ks3,
+                            DES_cblock *ivec, int *num, int enc);
+void DES_ede3_cfb_encrypt(const unsigned char *in, unsigned char *out,
+                          int numbits, long length, DES_key_schedule *ks1,
+                          DES_key_schedule *ks2, DES_key_schedule *ks3,
+                          DES_cblock *ivec, int enc);
+void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                            long length, DES_key_schedule *ks1,
+                            DES_key_schedule *ks2, DES_key_schedule *ks3,
+                            DES_cblock *ivec, int *num);
+char *DES_fcrypt(const char *buf, const char *salt, char *ret);
+char *DES_crypt(const char *buf, const char *salt);
+void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
+                     long length, DES_key_schedule *schedule,
+                     DES_cblock *ivec);
+void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output,
+                      long length, DES_key_schedule *schedule,
+                      DES_cblock *ivec, int enc);
+DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[],
+                        long length, int out_count, DES_cblock *seed);
+int DES_random_key(DES_cblock *ret);
+void DES_set_odd_parity(DES_cblock *key);
+int DES_check_key_parity(const_DES_cblock *key);
+int DES_is_weak_key(const_DES_cblock *key);
+/*
+ * DES_set_key (= set_key = DES_key_sched = key_sched) calls
+ * DES_set_key_checked if global variable DES_check_key is set,
+ * DES_set_key_unchecked otherwise.
+ */
+int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule);
+int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule);
+int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule);
+void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule);
+void DES_string_to_key(const char *str, DES_cblock *key);
+void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2);
+void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                       long length, DES_key_schedule *schedule,
+                       DES_cblock *ivec, int *num, int enc);
+void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                       long length, DES_key_schedule *schedule,
+                       DES_cblock *ivec, int *num);
+
+# define DES_fixup_key_parity DES_set_odd_parity
+
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/dh.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/dh.h
new file mode 100644
index 000000000..3527540cd
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/dh.h
@@ -0,0 +1,340 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_DH_H
+# define HEADER_DH_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_DH
+# include <openssl/e_os2.h>
+# include <openssl/bio.h>
+# include <openssl/asn1.h>
+# include <openssl/ossl_typ.h>
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  include <openssl/bn.h>
+# endif
+# include <openssl/dherr.h>
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+# ifndef OPENSSL_DH_MAX_MODULUS_BITS
+#  define OPENSSL_DH_MAX_MODULUS_BITS    10000
+# endif
+
+# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
+
+# define DH_FLAG_CACHE_MONT_P     0x01
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+/*
+ * Does nothing. Previously this switched off constant time behaviour.
+ */
+#  define DH_FLAG_NO_EXP_CONSTTIME 0x00
+# endif
+
+/*
+ * If this flag is set the DH method is FIPS compliant and can be used in
+ * FIPS mode. This is set in the validated module method. If an application
+ * sets this flag in its own methods it is its responsibility to ensure the
+ * result is compliant.
+ */
+
+# define DH_FLAG_FIPS_METHOD                     0x0400
+
+/*
+ * If this flag is set the operations normally disabled in FIPS mode are
+ * permitted it is then the applications responsibility to ensure that the
+ * usage is compliant.
+ */
+
+# define DH_FLAG_NON_FIPS_ALLOW                  0x0400
+
+/* Already defined in ossl_typ.h */
+/* typedef struct dh_st DH; */
+/* typedef struct dh_method DH_METHOD; */
+
+DECLARE_ASN1_ITEM(DHparams)
+
+# define DH_GENERATOR_2          2
+/* #define DH_GENERATOR_3       3 */
+# define DH_GENERATOR_5          5
+
+/* DH_check error codes */
+# define DH_CHECK_P_NOT_PRIME            0x01
+# define DH_CHECK_P_NOT_SAFE_PRIME       0x02
+# define DH_UNABLE_TO_CHECK_GENERATOR    0x04
+# define DH_NOT_SUITABLE_GENERATOR       0x08
+# define DH_CHECK_Q_NOT_PRIME            0x10
+# define DH_CHECK_INVALID_Q_VALUE        0x20
+# define DH_CHECK_INVALID_J_VALUE        0x40
+
+/* DH_check_pub_key error codes */
+# define DH_CHECK_PUBKEY_TOO_SMALL       0x01
+# define DH_CHECK_PUBKEY_TOO_LARGE       0x02
+# define DH_CHECK_PUBKEY_INVALID         0x04
+
+/*
+ * primes p where (p-1)/2 is prime too are called "safe"; we define this for
+ * backward compatibility:
+ */
+# define DH_CHECK_P_NOT_STRONG_PRIME     DH_CHECK_P_NOT_SAFE_PRIME
+
+# define d2i_DHparams_fp(fp,x) \
+    (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
+                      (char *(*)())d2i_DHparams, \
+                      (fp), \
+                      (unsigned char **)(x))
+# define i2d_DHparams_fp(fp,x) \
+    ASN1_i2d_fp(i2d_DHparams,(fp), (unsigned char *)(x))
+# define d2i_DHparams_bio(bp,x) \
+    ASN1_d2i_bio_of(DH, DH_new, d2i_DHparams, bp, x)
+# define i2d_DHparams_bio(bp,x) \
+    ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x)
+
+# define d2i_DHxparams_fp(fp,x) \
+    (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
+                      (char *(*)())d2i_DHxparams, \
+                      (fp), \
+                      (unsigned char **)(x))
+# define i2d_DHxparams_fp(fp,x) \
+    ASN1_i2d_fp(i2d_DHxparams,(fp), (unsigned char *)(x))
+# define d2i_DHxparams_bio(bp,x) \
+    ASN1_d2i_bio_of(DH, DH_new, d2i_DHxparams, bp, x)
+# define i2d_DHxparams_bio(bp,x) \
+    ASN1_i2d_bio_of_const(DH, i2d_DHxparams, bp, x)
+
+DH *DHparams_dup(DH *);
+
+const DH_METHOD *DH_OpenSSL(void);
+
+void DH_set_default_method(const DH_METHOD *meth);
+const DH_METHOD *DH_get_default_method(void);
+int DH_set_method(DH *dh, const DH_METHOD *meth);
+DH *DH_new_method(ENGINE *engine);
+
+DH *DH_new(void);
+void DH_free(DH *dh);
+int DH_up_ref(DH *dh);
+int DH_bits(const DH *dh);
+int DH_size(const DH *dh);
+int DH_security_bits(const DH *dh);
+#define DH_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, l, p, newf, dupf, freef)
+int DH_set_ex_data(DH *d, int idx, void *arg);
+void *DH_get_ex_data(DH *d, int idx);
+
+/* Deprecated version */
+DEPRECATEDIN_0_9_8(DH *DH_generate_parameters(int prime_len, int generator,
+                                              void (*callback) (int, int,
+                                                                void *),
+                                              void *cb_arg))
+
+/* New version */
+int DH_generate_parameters_ex(DH *dh, int prime_len, int generator,
+                              BN_GENCB *cb);
+
+int DH_check_params_ex(const DH *dh);
+int DH_check_ex(const DH *dh);
+int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key);
+int DH_check_params(const DH *dh, int *ret);
+int DH_check(const DH *dh, int *codes);
+int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *codes);
+int DH_generate_key(DH *dh);
+int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
+int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh);
+DH *d2i_DHparams(DH **a, const unsigned char **pp, long length);
+int i2d_DHparams(const DH *a, unsigned char **pp);
+DH *d2i_DHxparams(DH **a, const unsigned char **pp, long length);
+int i2d_DHxparams(const DH *a, unsigned char **pp);
+# ifndef OPENSSL_NO_STDIO
+int DHparams_print_fp(FILE *fp, const DH *x);
+# endif
+int DHparams_print(BIO *bp, const DH *x);
+
+/* RFC 5114 parameters */
+DH *DH_get_1024_160(void);
+DH *DH_get_2048_224(void);
+DH *DH_get_2048_256(void);
+
+/* Named parameters, currently RFC7919 */
+DH *DH_new_by_nid(int nid);
+int DH_get_nid(const DH *dh);
+
+# ifndef OPENSSL_NO_CMS
+/* RFC2631 KDF */
+int DH_KDF_X9_42(unsigned char *out, size_t outlen,
+                 const unsigned char *Z, size_t Zlen,
+                 ASN1_OBJECT *key_oid,
+                 const unsigned char *ukm, size_t ukmlen, const EVP_MD *md);
+# endif
+
+void DH_get0_pqg(const DH *dh,
+                 const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
+int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
+void DH_get0_key(const DH *dh,
+                 const BIGNUM **pub_key, const BIGNUM **priv_key);
+int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key);
+const BIGNUM *DH_get0_p(const DH *dh);
+const BIGNUM *DH_get0_q(const DH *dh);
+const BIGNUM *DH_get0_g(const DH *dh);
+const BIGNUM *DH_get0_priv_key(const DH *dh);
+const BIGNUM *DH_get0_pub_key(const DH *dh);
+void DH_clear_flags(DH *dh, int flags);
+int DH_test_flags(const DH *dh, int flags);
+void DH_set_flags(DH *dh, int flags);
+ENGINE *DH_get0_engine(DH *d);
+long DH_get_length(const DH *dh);
+int DH_set_length(DH *dh, long length);
+
+DH_METHOD *DH_meth_new(const char *name, int flags);
+void DH_meth_free(DH_METHOD *dhm);
+DH_METHOD *DH_meth_dup(const DH_METHOD *dhm);
+const char *DH_meth_get0_name(const DH_METHOD *dhm);
+int DH_meth_set1_name(DH_METHOD *dhm, const char *name);
+int DH_meth_get_flags(const DH_METHOD *dhm);
+int DH_meth_set_flags(DH_METHOD *dhm, int flags);
+void *DH_meth_get0_app_data(const DH_METHOD *dhm);
+int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data);
+int (*DH_meth_get_generate_key(const DH_METHOD *dhm)) (DH *);
+int DH_meth_set_generate_key(DH_METHOD *dhm, int (*generate_key) (DH *));
+int (*DH_meth_get_compute_key(const DH_METHOD *dhm))
+        (unsigned char *key, const BIGNUM *pub_key, DH *dh);
+int DH_meth_set_compute_key(DH_METHOD *dhm,
+        int (*compute_key) (unsigned char *key, const BIGNUM *pub_key, DH *dh));
+int (*DH_meth_get_bn_mod_exp(const DH_METHOD *dhm))
+    (const DH *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *,
+     BN_CTX *, BN_MONT_CTX *);
+int DH_meth_set_bn_mod_exp(DH_METHOD *dhm,
+    int (*bn_mod_exp) (const DH *, BIGNUM *, const BIGNUM *, const BIGNUM *,
+                       const BIGNUM *, BN_CTX *, BN_MONT_CTX *));
+int (*DH_meth_get_init(const DH_METHOD *dhm))(DH *);
+int DH_meth_set_init(DH_METHOD *dhm, int (*init)(DH *));
+int (*DH_meth_get_finish(const DH_METHOD *dhm)) (DH *);
+int DH_meth_set_finish(DH_METHOD *dhm, int (*finish) (DH *));
+int (*DH_meth_get_generate_params(const DH_METHOD *dhm))
+        (DH *, int, int, BN_GENCB *);
+int DH_meth_set_generate_params(DH_METHOD *dhm,
+        int (*generate_params) (DH *, int, int, BN_GENCB *));
+
+
+# define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
+                        EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, len, NULL)
+
+# define EVP_PKEY_CTX_set_dh_paramgen_subprime_len(ctx, len) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
+                        EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN, len, NULL)
+
+# define EVP_PKEY_CTX_set_dh_paramgen_type(ctx, typ) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
+                        EVP_PKEY_CTRL_DH_PARAMGEN_TYPE, typ, NULL)
+
+# define EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, gen) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
+                        EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL)
+
+# define EVP_PKEY_CTX_set_dh_rfc5114(ctx, gen) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \
+                        EVP_PKEY_CTRL_DH_RFC5114, gen, NULL)
+
+# define EVP_PKEY_CTX_set_dhx_rfc5114(ctx, gen) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \
+                        EVP_PKEY_CTRL_DH_RFC5114, gen, NULL)
+
+# define EVP_PKEY_CTX_set_dh_nid(ctx, nid) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, \
+                        EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN, \
+                        EVP_PKEY_CTRL_DH_NID, nid, NULL)
+
+# define EVP_PKEY_CTX_set_dh_pad(ctx, pad) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_DERIVE, \
+                          EVP_PKEY_CTRL_DH_PAD, pad, NULL)
+
+# define EVP_PKEY_CTX_set_dh_kdf_type(ctx, kdf) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_DH_KDF_TYPE, kdf, NULL)
+
+# define EVP_PKEY_CTX_get_dh_kdf_type(ctx) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_DH_KDF_TYPE, -2, NULL)
+
+# define EVP_PKEY_CTX_set0_dh_kdf_oid(ctx, oid) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_DH_KDF_OID, 0, (void *)(oid))
+
+# define EVP_PKEY_CTX_get0_dh_kdf_oid(ctx, poid) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_GET_DH_KDF_OID, 0, (void *)(poid))
+
+# define EVP_PKEY_CTX_set_dh_kdf_md(ctx, md) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_DH_KDF_MD, 0, (void *)(md))
+
+# define EVP_PKEY_CTX_get_dh_kdf_md(ctx, pmd) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_GET_DH_KDF_MD, 0, (void *)(pmd))
+
+# define EVP_PKEY_CTX_set_dh_kdf_outlen(ctx, len) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_DH_KDF_OUTLEN, len, NULL)
+
+# define EVP_PKEY_CTX_get_dh_kdf_outlen(ctx, plen) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+                                EVP_PKEY_OP_DERIVE, \
+                        EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN, 0, (void *)(plen))
+
+# define EVP_PKEY_CTX_set0_dh_kdf_ukm(ctx, p, plen) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_DH_KDF_UKM, plen, (void *)(p))
+
+# define EVP_PKEY_CTX_get0_dh_kdf_ukm(ctx, p) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_GET_DH_KDF_UKM, 0, (void *)(p))
+
+# define EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN     (EVP_PKEY_ALG_CTRL + 1)
+# define EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR     (EVP_PKEY_ALG_CTRL + 2)
+# define EVP_PKEY_CTRL_DH_RFC5114                (EVP_PKEY_ALG_CTRL + 3)
+# define EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN  (EVP_PKEY_ALG_CTRL + 4)
+# define EVP_PKEY_CTRL_DH_PARAMGEN_TYPE          (EVP_PKEY_ALG_CTRL + 5)
+# define EVP_PKEY_CTRL_DH_KDF_TYPE               (EVP_PKEY_ALG_CTRL + 6)
+# define EVP_PKEY_CTRL_DH_KDF_MD                 (EVP_PKEY_ALG_CTRL + 7)
+# define EVP_PKEY_CTRL_GET_DH_KDF_MD             (EVP_PKEY_ALG_CTRL + 8)
+# define EVP_PKEY_CTRL_DH_KDF_OUTLEN             (EVP_PKEY_ALG_CTRL + 9)
+# define EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN         (EVP_PKEY_ALG_CTRL + 10)
+# define EVP_PKEY_CTRL_DH_KDF_UKM                (EVP_PKEY_ALG_CTRL + 11)
+# define EVP_PKEY_CTRL_GET_DH_KDF_UKM            (EVP_PKEY_ALG_CTRL + 12)
+# define EVP_PKEY_CTRL_DH_KDF_OID                (EVP_PKEY_ALG_CTRL + 13)
+# define EVP_PKEY_CTRL_GET_DH_KDF_OID            (EVP_PKEY_ALG_CTRL + 14)
+# define EVP_PKEY_CTRL_DH_NID                    (EVP_PKEY_ALG_CTRL + 15)
+# define EVP_PKEY_CTRL_DH_PAD                    (EVP_PKEY_ALG_CTRL + 16)
+
+/* KDF types */
+# define EVP_PKEY_DH_KDF_NONE                            1
+# ifndef OPENSSL_NO_CMS
+# define EVP_PKEY_DH_KDF_X9_42                           2
+# endif
+
+
+#  ifdef  __cplusplus
+}
+#  endif
+# endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/dherr.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/dherr.h
new file mode 100644
index 000000000..81e73f75c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/dherr.h
@@ -0,0 +1,84 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_DHERR_H
+# define HEADER_DHERR_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_DH
+
+#  ifdef  __cplusplus
+extern "C"
+#  endif
+int ERR_load_DH_strings(void);
+
+/*
+ * DH function codes.
+ */
+#  define DH_F_COMPUTE_KEY                                 102
+#  define DH_F_DHPARAMS_PRINT_FP                           101
+#  define DH_F_DH_BUILTIN_GENPARAMS                        106
+#  define DH_F_DH_CHECK_EX                                 121
+#  define DH_F_DH_CHECK_PARAMS_EX                          122
+#  define DH_F_DH_CHECK_PUB_KEY_EX                         123
+#  define DH_F_DH_CMS_DECRYPT                              114
+#  define DH_F_DH_CMS_SET_PEERKEY                          115
+#  define DH_F_DH_CMS_SET_SHARED_INFO                      116
+#  define DH_F_DH_METH_DUP                                 117
+#  define DH_F_DH_METH_NEW                                 118
+#  define DH_F_DH_METH_SET1_NAME                           119
+#  define DH_F_DH_NEW_BY_NID                               104
+#  define DH_F_DH_NEW_METHOD                               105
+#  define DH_F_DH_PARAM_DECODE                             107
+#  define DH_F_DH_PKEY_PUBLIC_CHECK                        124
+#  define DH_F_DH_PRIV_DECODE                              110
+#  define DH_F_DH_PRIV_ENCODE                              111
+#  define DH_F_DH_PUB_DECODE                               108
+#  define DH_F_DH_PUB_ENCODE                               109
+#  define DH_F_DO_DH_PRINT                                 100
+#  define DH_F_GENERATE_KEY                                103
+#  define DH_F_PKEY_DH_CTRL_STR                            120
+#  define DH_F_PKEY_DH_DERIVE                              112
+#  define DH_F_PKEY_DH_INIT                                125
+#  define DH_F_PKEY_DH_KEYGEN                              113
+
+/*
+ * DH reason codes.
+ */
+#  define DH_R_BAD_GENERATOR                               101
+#  define DH_R_BN_DECODE_ERROR                             109
+#  define DH_R_BN_ERROR                                    106
+#  define DH_R_CHECK_INVALID_J_VALUE                       115
+#  define DH_R_CHECK_INVALID_Q_VALUE                       116
+#  define DH_R_CHECK_PUBKEY_INVALID                        122
+#  define DH_R_CHECK_PUBKEY_TOO_LARGE                      123
+#  define DH_R_CHECK_PUBKEY_TOO_SMALL                      124
+#  define DH_R_CHECK_P_NOT_PRIME                           117
+#  define DH_R_CHECK_P_NOT_SAFE_PRIME                      118
+#  define DH_R_CHECK_Q_NOT_PRIME                           119
+#  define DH_R_DECODE_ERROR                                104
+#  define DH_R_INVALID_PARAMETER_NAME                      110
+#  define DH_R_INVALID_PARAMETER_NID                       114
+#  define DH_R_INVALID_PUBKEY                              102
+#  define DH_R_KDF_PARAMETER_ERROR                         112
+#  define DH_R_KEYS_NOT_SET                                108
+#  define DH_R_MISSING_PUBKEY                              125
+#  define DH_R_MODULUS_TOO_LARGE                           103
+#  define DH_R_NOT_SUITABLE_GENERATOR                      120
+#  define DH_R_NO_PARAMETERS_SET                           107
+#  define DH_R_NO_PRIVATE_VALUE                            100
+#  define DH_R_PARAMETER_ENCODING_ERROR                    105
+#  define DH_R_PEER_KEY_ERROR                              111
+#  define DH_R_SHARED_INFO_ERROR                           113
+#  define DH_R_UNABLE_TO_CHECK_GENERATOR                   121
+
+# endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/dsa.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/dsa.h
new file mode 100644
index 000000000..822eff347
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/dsa.h
@@ -0,0 +1,238 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_DSA_H
+# define HEADER_DSA_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_DSA
+# ifdef  __cplusplus
+extern "C" {
+# endif
+# include <openssl/e_os2.h>
+# include <openssl/bio.h>
+# include <openssl/crypto.h>
+# include <openssl/ossl_typ.h>
+# include <openssl/bn.h>
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  include <openssl/dh.h>
+# endif
+# include <openssl/dsaerr.h>
+
+# ifndef OPENSSL_DSA_MAX_MODULUS_BITS
+#  define OPENSSL_DSA_MAX_MODULUS_BITS   10000
+# endif
+
+# define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024
+
+# define DSA_FLAG_CACHE_MONT_P   0x01
+# if OPENSSL_API_COMPAT < 0x10100000L
+/*
+ * Does nothing. Previously this switched off constant time behaviour.
+ */
+#  define DSA_FLAG_NO_EXP_CONSTTIME       0x00
+# endif
+
+/*
+ * If this flag is set the DSA method is FIPS compliant and can be used in
+ * FIPS mode. This is set in the validated module method. If an application
+ * sets this flag in its own methods it is its responsibility to ensure the
+ * result is compliant.
+ */
+
+# define DSA_FLAG_FIPS_METHOD                    0x0400
+
+/*
+ * If this flag is set the operations normally disabled in FIPS mode are
+ * permitted it is then the applications responsibility to ensure that the
+ * usage is compliant.
+ */
+
+# define DSA_FLAG_NON_FIPS_ALLOW                 0x0400
+# define DSA_FLAG_FIPS_CHECKED                   0x0800
+
+/* Already defined in ossl_typ.h */
+/* typedef struct dsa_st DSA; */
+/* typedef struct dsa_method DSA_METHOD; */
+
+typedef struct DSA_SIG_st DSA_SIG;
+
+# define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \
+                (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x))
+# define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \
+                (unsigned char *)(x))
+# define d2i_DSAparams_bio(bp,x) ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAparams,bp,x)
+# define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio_of_const(DSA,i2d_DSAparams,bp,x)
+
+DSA *DSAparams_dup(DSA *x);
+DSA_SIG *DSA_SIG_new(void);
+void DSA_SIG_free(DSA_SIG *a);
+int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
+DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length);
+void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
+int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s);
+
+DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+int DSA_do_verify(const unsigned char *dgst, int dgst_len,
+                  DSA_SIG *sig, DSA *dsa);
+
+const DSA_METHOD *DSA_OpenSSL(void);
+
+void DSA_set_default_method(const DSA_METHOD *);
+const DSA_METHOD *DSA_get_default_method(void);
+int DSA_set_method(DSA *dsa, const DSA_METHOD *);
+const DSA_METHOD *DSA_get_method(DSA *d);
+
+DSA *DSA_new(void);
+DSA *DSA_new_method(ENGINE *engine);
+void DSA_free(DSA *r);
+/* "up" the DSA object's reference count */
+int DSA_up_ref(DSA *r);
+int DSA_size(const DSA *);
+int DSA_bits(const DSA *d);
+int DSA_security_bits(const DSA *d);
+        /* next 4 return -1 on error */
+DEPRECATEDIN_1_2_0(int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp))
+int DSA_sign(int type, const unsigned char *dgst, int dlen,
+             unsigned char *sig, unsigned int *siglen, DSA *dsa);
+int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
+               const unsigned char *sigbuf, int siglen, DSA *dsa);
+#define DSA_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, l, p, newf, dupf, freef)
+int DSA_set_ex_data(DSA *d, int idx, void *arg);
+void *DSA_get_ex_data(DSA *d, int idx);
+
+DSA *d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length);
+DSA *d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length);
+DSA *d2i_DSAparams(DSA **a, const unsigned char **pp, long length);
+
+/* Deprecated version */
+DEPRECATEDIN_0_9_8(DSA *DSA_generate_parameters(int bits,
+                                                unsigned char *seed,
+                                                int seed_len,
+                                                int *counter_ret,
+                                                unsigned long *h_ret, void
+                                                 (*callback) (int, int,
+                                                              void *),
+                                                void *cb_arg))
+
+/* New version */
+int DSA_generate_parameters_ex(DSA *dsa, int bits,
+                               const unsigned char *seed, int seed_len,
+                               int *counter_ret, unsigned long *h_ret,
+                               BN_GENCB *cb);
+
+int DSA_generate_key(DSA *a);
+int i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
+int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);
+int i2d_DSAparams(const DSA *a, unsigned char **pp);
+
+int DSAparams_print(BIO *bp, const DSA *x);
+int DSA_print(BIO *bp, const DSA *x, int off);
+# ifndef OPENSSL_NO_STDIO
+int DSAparams_print_fp(FILE *fp, const DSA *x);
+int DSA_print_fp(FILE *bp, const DSA *x, int off);
+# endif
+
+# define DSS_prime_checks 64
+/*
+ * Primality test according to FIPS PUB 186-4, Appendix C.3. Since we only
+ * have one value here we set the number of checks to 64 which is the 128 bit
+ * security level that is the highest level and valid for creating a 3072 bit
+ * DSA key.
+ */
+# define DSA_is_prime(n, callback, cb_arg) \
+        BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg)
+
+# ifndef OPENSSL_NO_DH
+/*
+ * Convert DSA structure (key or just parameters) into DH structure (be
+ * careful to avoid small subgroup attacks when using this!)
+ */
+DH *DSA_dup_DH(const DSA *r);
+# endif
+
+# define EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \
+                                EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL)
+
+# define EVP_PKEY_CTRL_DSA_PARAMGEN_BITS         (EVP_PKEY_ALG_CTRL + 1)
+# define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS       (EVP_PKEY_ALG_CTRL + 2)
+# define EVP_PKEY_CTRL_DSA_PARAMGEN_MD           (EVP_PKEY_ALG_CTRL + 3)
+
+void DSA_get0_pqg(const DSA *d,
+                  const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
+int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g);
+void DSA_get0_key(const DSA *d,
+                  const BIGNUM **pub_key, const BIGNUM **priv_key);
+int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key);
+const BIGNUM *DSA_get0_p(const DSA *d);
+const BIGNUM *DSA_get0_q(const DSA *d);
+const BIGNUM *DSA_get0_g(const DSA *d);
+const BIGNUM *DSA_get0_pub_key(const DSA *d);
+const BIGNUM *DSA_get0_priv_key(const DSA *d);
+void DSA_clear_flags(DSA *d, int flags);
+int DSA_test_flags(const DSA *d, int flags);
+void DSA_set_flags(DSA *d, int flags);
+ENGINE *DSA_get0_engine(DSA *d);
+
+DSA_METHOD *DSA_meth_new(const char *name, int flags);
+void DSA_meth_free(DSA_METHOD *dsam);
+DSA_METHOD *DSA_meth_dup(const DSA_METHOD *dsam);
+const char *DSA_meth_get0_name(const DSA_METHOD *dsam);
+int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name);
+int DSA_meth_get_flags(const DSA_METHOD *dsam);
+int DSA_meth_set_flags(DSA_METHOD *dsam, int flags);
+void *DSA_meth_get0_app_data(const DSA_METHOD *dsam);
+int DSA_meth_set0_app_data(DSA_METHOD *dsam, void *app_data);
+DSA_SIG *(*DSA_meth_get_sign(const DSA_METHOD *dsam))
+        (const unsigned char *, int, DSA *);
+int DSA_meth_set_sign(DSA_METHOD *dsam,
+                       DSA_SIG *(*sign) (const unsigned char *, int, DSA *));
+int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam))
+        (DSA *, BN_CTX *, BIGNUM **, BIGNUM **);
+int DSA_meth_set_sign_setup(DSA_METHOD *dsam,
+        int (*sign_setup) (DSA *, BN_CTX *, BIGNUM **, BIGNUM **));
+int (*DSA_meth_get_verify(const DSA_METHOD *dsam))
+        (const unsigned char *, int, DSA_SIG *, DSA *);
+int DSA_meth_set_verify(DSA_METHOD *dsam,
+    int (*verify) (const unsigned char *, int, DSA_SIG *, DSA *));
+int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam))
+        (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *,
+         const BIGNUM *, const BIGNUM *, BN_CTX *, BN_MONT_CTX *);
+int DSA_meth_set_mod_exp(DSA_METHOD *dsam,
+    int (*mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *,
+                    const BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *,
+                    BN_MONT_CTX *));
+int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam))
+    (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *,
+     BN_CTX *, BN_MONT_CTX *);
+int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam,
+    int (*bn_mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *,
+                       const BIGNUM *, BN_CTX *, BN_MONT_CTX *));
+int (*DSA_meth_get_init(const DSA_METHOD *dsam))(DSA *);
+int DSA_meth_set_init(DSA_METHOD *dsam, int (*init)(DSA *));
+int (*DSA_meth_get_finish(const DSA_METHOD *dsam)) (DSA *);
+int DSA_meth_set_finish(DSA_METHOD *dsam, int (*finish) (DSA *));
+int (*DSA_meth_get_paramgen(const DSA_METHOD *dsam))
+        (DSA *, int, const unsigned char *, int, int *, unsigned long *,
+         BN_GENCB *);
+int DSA_meth_set_paramgen(DSA_METHOD *dsam,
+        int (*paramgen) (DSA *, int, const unsigned char *, int, int *,
+                         unsigned long *, BN_GENCB *));
+int (*DSA_meth_get_keygen(const DSA_METHOD *dsam)) (DSA *);
+int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen) (DSA *));
+
+
+#  ifdef  __cplusplus
+}
+#  endif
+# endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/dsaerr.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/dsaerr.h
new file mode 100644
index 000000000..d94f97bba
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/dsaerr.h
@@ -0,0 +1,67 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_DSAERR_H
+# define HEADER_DSAERR_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_DSA
+
+#  ifdef  __cplusplus
+extern "C"
+#  endif
+int ERR_load_DSA_strings(void);
+
+/*
+ * DSA function codes.
+ */
+#  define DSA_F_DSAPARAMS_PRINT                            100
+#  define DSA_F_DSAPARAMS_PRINT_FP                         101
+#  define DSA_F_DSA_BUILTIN_PARAMGEN                       125
+#  define DSA_F_DSA_BUILTIN_PARAMGEN2                      126
+#  define DSA_F_DSA_DO_SIGN                                112
+#  define DSA_F_DSA_DO_VERIFY                              113
+#  define DSA_F_DSA_METH_DUP                               127
+#  define DSA_F_DSA_METH_NEW                               128
+#  define DSA_F_DSA_METH_SET1_NAME                         129
+#  define DSA_F_DSA_NEW_METHOD                             103
+#  define DSA_F_DSA_PARAM_DECODE                           119
+#  define DSA_F_DSA_PRINT_FP                               105
+#  define DSA_F_DSA_PRIV_DECODE                            115
+#  define DSA_F_DSA_PRIV_ENCODE                            116
+#  define DSA_F_DSA_PUB_DECODE                             117
+#  define DSA_F_DSA_PUB_ENCODE                             118
+#  define DSA_F_DSA_SIGN                                   106
+#  define DSA_F_DSA_SIGN_SETUP                             107
+#  define DSA_F_DSA_SIG_NEW                                102
+#  define DSA_F_OLD_DSA_PRIV_DECODE                        122
+#  define DSA_F_PKEY_DSA_CTRL                              120
+#  define DSA_F_PKEY_DSA_CTRL_STR                          104
+#  define DSA_F_PKEY_DSA_KEYGEN                            121
+
+/*
+ * DSA reason codes.
+ */
+#  define DSA_R_BAD_Q_VALUE                                102
+#  define DSA_R_BN_DECODE_ERROR                            108
+#  define DSA_R_BN_ERROR                                   109
+#  define DSA_R_DECODE_ERROR                               104
+#  define DSA_R_INVALID_DIGEST_TYPE                        106
+#  define DSA_R_INVALID_PARAMETERS                         112
+#  define DSA_R_MISSING_PARAMETERS                         101
+#  define DSA_R_MODULUS_TOO_LARGE                          103
+#  define DSA_R_NO_PARAMETERS_SET                          107
+#  define DSA_R_PARAMETER_ENCODING_ERROR                   105
+#  define DSA_R_Q_NOT_PRIME                                113
+#  define DSA_R_SEED_LEN_SMALL                             110
+
+# endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/dtls1.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/dtls1.h
new file mode 100644
index 000000000..a312e386c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/dtls1.h
@@ -0,0 +1,55 @@
+/*
+ * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_DTLS1_H
+# define HEADER_DTLS1_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# define DTLS1_VERSION                   0xFEFF
+# define DTLS1_2_VERSION                 0xFEFD
+# define DTLS_MIN_VERSION                DTLS1_VERSION
+# define DTLS_MAX_VERSION                DTLS1_2_VERSION
+# define DTLS1_VERSION_MAJOR             0xFE
+
+# define DTLS1_BAD_VER                   0x0100
+
+/* Special value for method supporting multiple versions */
+# define DTLS_ANY_VERSION                0x1FFFF
+
+/* lengths of messages */
+/*
+ * Actually the max cookie length in DTLS is 255. But we can't change this now
+ * due to compatibility concerns.
+ */
+# define DTLS1_COOKIE_LENGTH                     256
+
+# define DTLS1_RT_HEADER_LENGTH                  13
+
+# define DTLS1_HM_HEADER_LENGTH                  12
+
+# define DTLS1_HM_BAD_FRAGMENT                   -2
+# define DTLS1_HM_FRAGMENT_RETRY                 -3
+
+# define DTLS1_CCS_HEADER_LENGTH                  1
+
+# define DTLS1_AL_HEADER_LENGTH                   2
+
+/* Timeout multipliers (timeout slice is defined in apps/timeouts.h */
+# define DTLS1_TMO_READ_COUNT                      2
+# define DTLS1_TMO_WRITE_COUNT                     2
+
+# define DTLS1_TMO_ALERT_COUNT                     12
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/e_os2.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/e_os2.h
new file mode 100644
index 000000000..97a776cda
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/e_os2.h
@@ -0,0 +1,300 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_E_OS2_H
+# define HEADER_E_OS2_H
+
+# include <openssl/opensslconf.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/******************************************************************************
+ * Detect operating systems.  This probably needs completing.
+ * The result is that at least one OPENSSL_SYS_os macro should be defined.
+ * However, if none is defined, Unix is assumed.
+ **/
+
+# define OPENSSL_SYS_UNIX
+
+/* --------------------- Microsoft operating systems ---------------------- */
+
+/*
+ * Note that MSDOS actually denotes 32-bit environments running on top of
+ * MS-DOS, such as DJGPP one.
+ */
+# if defined(OPENSSL_SYS_MSDOS)
+#  undef OPENSSL_SYS_UNIX
+# endif
+
+/*
+ * For 32 bit environment, there seems to be the CygWin environment and then
+ * all the others that try to do the same thing Microsoft does...
+ */
+/*
+ * UEFI lives here because it might be built with a Microsoft toolchain and
+ * we need to avoid the false positive match on Windows.
+ */
+# if defined(OPENSSL_SYS_UEFI)
+#  undef OPENSSL_SYS_UNIX
+# elif defined(OPENSSL_SYS_UWIN)
+#  undef OPENSSL_SYS_UNIX
+#  define OPENSSL_SYS_WIN32_UWIN
+# else
+#  if defined(__CYGWIN__) || defined(OPENSSL_SYS_CYGWIN)
+#   define OPENSSL_SYS_WIN32_CYGWIN
+#  else
+#   if defined(_WIN32) || defined(OPENSSL_SYS_WIN32)
+#    undef OPENSSL_SYS_UNIX
+#    if !defined(OPENSSL_SYS_WIN32)
+#     define OPENSSL_SYS_WIN32
+#    endif
+#   endif
+#   if defined(_WIN64) || defined(OPENSSL_SYS_WIN64)
+#    undef OPENSSL_SYS_UNIX
+#    if !defined(OPENSSL_SYS_WIN64)
+#     define OPENSSL_SYS_WIN64
+#    endif
+#   endif
+#   if defined(OPENSSL_SYS_WINNT)
+#    undef OPENSSL_SYS_UNIX
+#   endif
+#   if defined(OPENSSL_SYS_WINCE)
+#    undef OPENSSL_SYS_UNIX
+#   endif
+#  endif
+# endif
+
+/* Anything that tries to look like Microsoft is "Windows" */
+# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN64) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE)
+#  undef OPENSSL_SYS_UNIX
+#  define OPENSSL_SYS_WINDOWS
+#  ifndef OPENSSL_SYS_MSDOS
+#   define OPENSSL_SYS_MSDOS
+#  endif
+# endif
+
+/*
+ * DLL settings.  This part is a bit tough, because it's up to the
+ * application implementor how he or she will link the application, so it
+ * requires some macro to be used.
+ */
+# ifdef OPENSSL_SYS_WINDOWS
+#  ifndef OPENSSL_OPT_WINDLL
+#   if defined(_WINDLL)         /* This is used when building OpenSSL to
+                                 * indicate that DLL linkage should be used */
+#    define OPENSSL_OPT_WINDLL
+#   endif
+#  endif
+# endif
+
+/* ------------------------------- OpenVMS -------------------------------- */
+# if defined(__VMS) || defined(VMS) || defined(OPENSSL_SYS_VMS)
+#  if !defined(OPENSSL_SYS_VMS)
+#   undef OPENSSL_SYS_UNIX
+#  endif
+#  define OPENSSL_SYS_VMS
+#  if defined(__DECC)
+#   define OPENSSL_SYS_VMS_DECC
+#  elif defined(__DECCXX)
+#   define OPENSSL_SYS_VMS_DECC
+#   define OPENSSL_SYS_VMS_DECCXX
+#  else
+#   define OPENSSL_SYS_VMS_NODECC
+#  endif
+# endif
+
+/* -------------------------------- Unix ---------------------------------- */
+# ifdef OPENSSL_SYS_UNIX
+#  if defined(linux) || defined(__linux__) && !defined(OPENSSL_SYS_LINUX)
+#   define OPENSSL_SYS_LINUX
+#  endif
+#  if defined(_AIX) && !defined(OPENSSL_SYS_AIX)
+#   define OPENSSL_SYS_AIX
+#  endif
+# endif
+
+/* -------------------------------- VOS ----------------------------------- */
+# if defined(__VOS__) && !defined(OPENSSL_SYS_VOS)
+#  define OPENSSL_SYS_VOS
+#  ifdef __HPPA__
+#   define OPENSSL_SYS_VOS_HPPA
+#  endif
+#  ifdef __IA32__
+#   define OPENSSL_SYS_VOS_IA32
+#  endif
+# endif
+
+/**
+ * That's it for OS-specific stuff
+ *****************************************************************************/
+
+/* Specials for I/O an exit */
+# ifdef OPENSSL_SYS_MSDOS
+#  define OPENSSL_UNISTD_IO <io.h>
+#  define OPENSSL_DECLARE_EXIT extern void exit(int);
+# else
+#  define OPENSSL_UNISTD_IO OPENSSL_UNISTD
+#  define OPENSSL_DECLARE_EXIT  /* declared in unistd.h */
+# endif
+
+/*-
+ * OPENSSL_EXTERN is normally used to declare a symbol with possible extra
+ * attributes to handle its presence in a shared library.
+ * OPENSSL_EXPORT is used to define a symbol with extra possible attributes
+ * to make it visible in a shared library.
+ * Care needs to be taken when a header file is used both to declare and
+ * define symbols.  Basically, for any library that exports some global
+ * variables, the following code must be present in the header file that
+ * declares them, before OPENSSL_EXTERN is used:
+ *
+ * #ifdef SOME_BUILD_FLAG_MACRO
+ * # undef OPENSSL_EXTERN
+ * # define OPENSSL_EXTERN OPENSSL_EXPORT
+ * #endif
+ *
+ * The default is to have OPENSSL_EXPORT and OPENSSL_EXTERN
+ * have some generally sensible values.
+ */
+
+# if defined(OPENSSL_SYS_WINDOWS) && defined(OPENSSL_OPT_WINDLL)
+#  define OPENSSL_EXPORT extern __declspec(dllexport)
+#  define OPENSSL_EXTERN extern __declspec(dllimport)
+# else
+#  define OPENSSL_EXPORT extern
+#  define OPENSSL_EXTERN extern
+# endif
+
+/*-
+ * Macros to allow global variables to be reached through function calls when
+ * required (if a shared library version requires it, for example.
+ * The way it's done allows definitions like this:
+ *
+ *      // in foobar.c
+ *      OPENSSL_IMPLEMENT_GLOBAL(int,foobar,0)
+ *      // in foobar.h
+ *      OPENSSL_DECLARE_GLOBAL(int,foobar);
+ *      #define foobar OPENSSL_GLOBAL_REF(foobar)
+ */
+# ifdef OPENSSL_EXPORT_VAR_AS_FUNCTION
+#  define OPENSSL_IMPLEMENT_GLOBAL(type,name,value)                      \
+        type *_shadow_##name(void)                                      \
+        { static type _hide_##name=value; return &_hide_##name; }
+#  define OPENSSL_DECLARE_GLOBAL(type,name) type *_shadow_##name(void)
+#  define OPENSSL_GLOBAL_REF(name) (*(_shadow_##name()))
+# else
+#  define OPENSSL_IMPLEMENT_GLOBAL(type,name,value) type _shadow_##name=value;
+#  define OPENSSL_DECLARE_GLOBAL(type,name) OPENSSL_EXPORT type _shadow_##name
+#  define OPENSSL_GLOBAL_REF(name) _shadow_##name
+# endif
+
+# ifdef _WIN32
+#  ifdef _WIN64
+#   define ossl_ssize_t __int64
+#   define OSSL_SSIZE_MAX _I64_MAX
+#  else
+#   define ossl_ssize_t int
+#   define OSSL_SSIZE_MAX INT_MAX
+#  endif
+# endif
+
+# if defined(OPENSSL_SYS_UEFI) && !defined(ossl_ssize_t)
+#  define ossl_ssize_t INTN
+#  define OSSL_SSIZE_MAX MAX_INTN
+# endif
+
+# ifndef ossl_ssize_t
+#  define ossl_ssize_t ssize_t
+#  if defined(SSIZE_MAX)
+#   define OSSL_SSIZE_MAX SSIZE_MAX
+#  elif defined(_POSIX_SSIZE_MAX)
+#   define OSSL_SSIZE_MAX _POSIX_SSIZE_MAX
+#  else
+#   define OSSL_SSIZE_MAX ((ssize_t)(SIZE_MAX>>1))
+#  endif
+# endif
+
+# ifdef DEBUG_UNUSED
+#  define __owur __attribute__((__warn_unused_result__))
+# else
+#  define __owur
+# endif
+
+/* Standard integer types */
+# if defined(OPENSSL_SYS_UEFI)
+typedef INT8 int8_t;
+typedef UINT8 uint8_t;
+typedef INT16 int16_t;
+typedef UINT16 uint16_t;
+typedef INT32 int32_t;
+typedef UINT32 uint32_t;
+typedef INT64 int64_t;
+typedef UINT64 uint64_t;
+# elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \
+     defined(__osf__) || defined(__sgi) || defined(__hpux) || \
+     defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__)
+#  include <inttypes.h>
+# elif defined(_MSC_VER) && _MSC_VER<=1500
+/*
+ * minimally required typdefs for systems not supporting inttypes.h or
+ * stdint.h: currently just older VC++
+ */
+typedef signed char int8_t;
+typedef unsigned char uint8_t;
+typedef short int16_t;
+typedef unsigned short uint16_t;
+typedef int int32_t;
+typedef unsigned int uint32_t;
+typedef __int64 int64_t;
+typedef unsigned __int64 uint64_t;
+# else
+#  include <stdint.h>
+# endif
+
+/* ossl_inline: portable inline definition usable in public headers */
+# if !defined(inline) && !defined(__cplusplus)
+#  if defined(__STDC_VERSION__) && __STDC_VERSION__>=199901L
+   /* just use inline */
+#   define ossl_inline inline
+#  elif defined(__GNUC__) && __GNUC__>=2
+#   define ossl_inline __inline__
+#  elif defined(_MSC_VER)
+  /*
+   * Visual Studio: inline is available in C++ only, however
+   * __inline is available for C, see
+   * http://msdn.microsoft.com/en-us/library/z8y1yy88.aspx
+   */
+#   define ossl_inline __inline
+#  else
+#   define ossl_inline
+#  endif
+# else
+#  define ossl_inline inline
+# endif
+
+# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L
+#  define ossl_noreturn _Noreturn
+# elif defined(__GNUC__) && __GNUC__ >= 2
+#  define ossl_noreturn __attribute__((noreturn))
+# else
+#  define ossl_noreturn
+# endif
+
+/* ossl_unused: portable unused attribute for use in public headers */
+# if defined(__GNUC__)
+#  define ossl_unused __attribute__((unused))
+# else
+#  define ossl_unused
+# endif
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/ebcdic.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/ebcdic.h
new file mode 100644
index 000000000..aa0128559
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/ebcdic.h
@@ -0,0 +1,33 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_EBCDIC_H
+# define HEADER_EBCDIC_H
+
+# include <stdlib.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* Avoid name clashes with other applications */
+# define os_toascii   _openssl_os_toascii
+# define os_toebcdic  _openssl_os_toebcdic
+# define ebcdic2ascii _openssl_ebcdic2ascii
+# define ascii2ebcdic _openssl_ascii2ebcdic
+
+extern const unsigned char os_toascii[256];
+extern const unsigned char os_toebcdic[256];
+void *ebcdic2ascii(void *dest, const void *srce, size_t count);
+void *ascii2ebcdic(void *dest, const void *srce, size_t count);
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/ec.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/ec.h
new file mode 100644
index 000000000..347cfb6d0
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/ec.h
@@ -0,0 +1,1478 @@
+/*
+ * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_EC_H
+# define HEADER_EC_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_EC
+# include <openssl/asn1.h>
+# include <openssl/symhacks.h>
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  include <openssl/bn.h>
+# endif
+# include <openssl/ecerr.h>
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+# ifndef OPENSSL_ECC_MAX_FIELD_BITS
+#  define OPENSSL_ECC_MAX_FIELD_BITS 661
+# endif
+
+/** Enum for the point conversion form as defined in X9.62 (ECDSA)
+ *  for the encoding of a elliptic curve point (x,y) */
+typedef enum {
+        /** the point is encoded as z||x, where the octet z specifies
+         *  which solution of the quadratic equation y is  */
+    POINT_CONVERSION_COMPRESSED = 2,
+        /** the point is encoded as z||x||y, where z is the octet 0x04  */
+    POINT_CONVERSION_UNCOMPRESSED = 4,
+        /** the point is encoded as z||x||y, where the octet z specifies
+         *  which solution of the quadratic equation y is  */
+    POINT_CONVERSION_HYBRID = 6
+} point_conversion_form_t;
+
+typedef struct ec_method_st EC_METHOD;
+typedef struct ec_group_st EC_GROUP;
+typedef struct ec_point_st EC_POINT;
+typedef struct ecpk_parameters_st ECPKPARAMETERS;
+typedef struct ec_parameters_st ECPARAMETERS;
+
+/********************************************************************/
+/*               EC_METHODs for curves over GF(p)                   */
+/********************************************************************/
+
+/** Returns the basic GFp ec methods which provides the basis for the
+ *  optimized methods.
+ *  \return  EC_METHOD object
+ */
+const EC_METHOD *EC_GFp_simple_method(void);
+
+/** Returns GFp methods using montgomery multiplication.
+ *  \return  EC_METHOD object
+ */
+const EC_METHOD *EC_GFp_mont_method(void);
+
+/** Returns GFp methods using optimized methods for NIST recommended curves
+ *  \return  EC_METHOD object
+ */
+const EC_METHOD *EC_GFp_nist_method(void);
+
+# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+/** Returns 64-bit optimized methods for nistp224
+ *  \return  EC_METHOD object
+ */
+const EC_METHOD *EC_GFp_nistp224_method(void);
+
+/** Returns 64-bit optimized methods for nistp256
+ *  \return  EC_METHOD object
+ */
+const EC_METHOD *EC_GFp_nistp256_method(void);
+
+/** Returns 64-bit optimized methods for nistp521
+ *  \return  EC_METHOD object
+ */
+const EC_METHOD *EC_GFp_nistp521_method(void);
+# endif
+
+# ifndef OPENSSL_NO_EC2M
+/********************************************************************/
+/*           EC_METHOD for curves over GF(2^m)                      */
+/********************************************************************/
+
+/** Returns the basic GF2m ec method
+ *  \return  EC_METHOD object
+ */
+const EC_METHOD *EC_GF2m_simple_method(void);
+
+# endif
+
+/********************************************************************/
+/*                   EC_GROUP functions                             */
+/********************************************************************/
+
+/** Creates a new EC_GROUP object
+ *  \param   meth  EC_METHOD to use
+ *  \return  newly created EC_GROUP object or NULL in case of an error.
+ */
+EC_GROUP *EC_GROUP_new(const EC_METHOD *meth);
+
+/** Frees a EC_GROUP object
+ *  \param  group  EC_GROUP object to be freed.
+ */
+void EC_GROUP_free(EC_GROUP *group);
+
+/** Clears and frees a EC_GROUP object
+ *  \param  group  EC_GROUP object to be cleared and freed.
+ */
+void EC_GROUP_clear_free(EC_GROUP *group);
+
+/** Copies EC_GROUP objects. Note: both EC_GROUPs must use the same EC_METHOD.
+ *  \param  dst  destination EC_GROUP object
+ *  \param  src  source EC_GROUP object
+ *  \return 1 on success and 0 if an error occurred.
+ */
+int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src);
+
+/** Creates a new EC_GROUP object and copies the copies the content
+ *  form src to the newly created EC_KEY object
+ *  \param  src  source EC_GROUP object
+ *  \return newly created EC_GROUP object or NULL in case of an error.
+ */
+EC_GROUP *EC_GROUP_dup(const EC_GROUP *src);
+
+/** Returns the EC_METHOD of the EC_GROUP object.
+ *  \param  group  EC_GROUP object
+ *  \return EC_METHOD used in this EC_GROUP object.
+ */
+const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group);
+
+/** Returns the field type of the EC_METHOD.
+ *  \param  meth  EC_METHOD object
+ *  \return NID of the underlying field type OID.
+ */
+int EC_METHOD_get_field_type(const EC_METHOD *meth);
+
+/** Sets the generator and it's order/cofactor of a EC_GROUP object.
+ *  \param  group      EC_GROUP object
+ *  \param  generator  EC_POINT object with the generator.
+ *  \param  order      the order of the group generated by the generator.
+ *  \param  cofactor   the index of the sub-group generated by the generator
+ *                     in the group of all points on the elliptic curve.
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,
+                           const BIGNUM *order, const BIGNUM *cofactor);
+
+/** Returns the generator of a EC_GROUP object.
+ *  \param  group  EC_GROUP object
+ *  \return the currently used generator (possibly NULL).
+ */
+const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group);
+
+/** Returns the montgomery data for order(Generator)
+ *  \param  group  EC_GROUP object
+ *  \return the currently used montgomery data (possibly NULL).
+*/
+BN_MONT_CTX *EC_GROUP_get_mont_data(const EC_GROUP *group);
+
+/** Gets the order of a EC_GROUP
+ *  \param  group  EC_GROUP object
+ *  \param  order  BIGNUM to which the order is copied
+ *  \param  ctx    unused
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx);
+
+/** Gets the order of an EC_GROUP
+ *  \param  group  EC_GROUP object
+ *  \return the group order
+ */
+const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group);
+
+/** Gets the number of bits of the order of an EC_GROUP
+ *  \param  group  EC_GROUP object
+ *  \return number of bits of group order.
+ */
+int EC_GROUP_order_bits(const EC_GROUP *group);
+
+/** Gets the cofactor of a EC_GROUP
+ *  \param  group     EC_GROUP object
+ *  \param  cofactor  BIGNUM to which the cofactor is copied
+ *  \param  ctx       unused
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor,
+                          BN_CTX *ctx);
+
+/** Gets the cofactor of an EC_GROUP
+ *  \param  group  EC_GROUP object
+ *  \return the group cofactor
+ */
+const BIGNUM *EC_GROUP_get0_cofactor(const EC_GROUP *group);
+
+/** Sets the name of a EC_GROUP object
+ *  \param  group  EC_GROUP object
+ *  \param  nid    NID of the curve name OID
+ */
+void EC_GROUP_set_curve_name(EC_GROUP *group, int nid);
+
+/** Returns the curve name of a EC_GROUP object
+ *  \param  group  EC_GROUP object
+ *  \return NID of the curve name OID or 0 if not set.
+ */
+int EC_GROUP_get_curve_name(const EC_GROUP *group);
+
+void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag);
+int EC_GROUP_get_asn1_flag(const EC_GROUP *group);
+
+void EC_GROUP_set_point_conversion_form(EC_GROUP *group,
+                                        point_conversion_form_t form);
+point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *);
+
+unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x);
+size_t EC_GROUP_get_seed_len(const EC_GROUP *);
+size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len);
+
+/** Sets the parameters of a ec curve defined by y^2 = x^3 + a*x + b (for GFp)
+ *  or y^2 + x*y = x^3 + a*x^2 + b (for GF2m)
+ *  \param  group  EC_GROUP object
+ *  \param  p      BIGNUM with the prime number (GFp) or the polynomial
+ *                 defining the underlying field (GF2m)
+ *  \param  a      BIGNUM with parameter a of the equation
+ *  \param  b      BIGNUM with parameter b of the equation
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_GROUP_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
+                       const BIGNUM *b, BN_CTX *ctx);
+
+/** Gets the parameters of the ec curve defined by y^2 = x^3 + a*x + b (for GFp)
+ *  or y^2 + x*y = x^3 + a*x^2 + b (for GF2m)
+ *  \param  group  EC_GROUP object
+ *  \param  p      BIGNUM with the prime number (GFp) or the polynomial
+ *                 defining the underlying field (GF2m)
+ *  \param  a      BIGNUM for parameter a of the equation
+ *  \param  b      BIGNUM for parameter b of the equation
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b,
+                       BN_CTX *ctx);
+
+/** Sets the parameters of an ec curve. Synonym for EC_GROUP_set_curve
+ *  \param  group  EC_GROUP object
+ *  \param  p      BIGNUM with the prime number (GFp) or the polynomial
+ *                 defining the underlying field (GF2m)
+ *  \param  a      BIGNUM with parameter a of the equation
+ *  \param  b      BIGNUM with parameter b of the equation
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+DEPRECATEDIN_1_2_0(int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p,
+                                              const BIGNUM *a, const BIGNUM *b,
+                                              BN_CTX *ctx))
+
+/** Gets the parameters of an ec curve. Synonym for EC_GROUP_get_curve
+ *  \param  group  EC_GROUP object
+ *  \param  p      BIGNUM with the prime number (GFp) or the polynomial
+ *                 defining the underlying field (GF2m)
+ *  \param  a      BIGNUM for parameter a of the equation
+ *  \param  b      BIGNUM for parameter b of the equation
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+DEPRECATEDIN_1_2_0(int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p,
+                                              BIGNUM *a, BIGNUM *b,
+                                              BN_CTX *ctx))
+
+# ifndef OPENSSL_NO_EC2M
+/** Sets the parameter of an ec curve. Synonym for EC_GROUP_set_curve
+ *  \param  group  EC_GROUP object
+ *  \param  p      BIGNUM with the prime number (GFp) or the polynomial
+ *                 defining the underlying field (GF2m)
+ *  \param  a      BIGNUM with parameter a of the equation
+ *  \param  b      BIGNUM with parameter b of the equation
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+DEPRECATEDIN_1_2_0(int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p,
+                                               const BIGNUM *a, const BIGNUM *b,
+                                               BN_CTX *ctx))
+
+/** Gets the parameters of an ec curve. Synonym for EC_GROUP_get_curve
+ *  \param  group  EC_GROUP object
+ *  \param  p      BIGNUM with the prime number (GFp) or the polynomial
+ *                 defining the underlying field (GF2m)
+ *  \param  a      BIGNUM for parameter a of the equation
+ *  \param  b      BIGNUM for parameter b of the equation
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+DEPRECATEDIN_1_2_0(int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p,
+                                               BIGNUM *a, BIGNUM *b,
+                                               BN_CTX *ctx))
+# endif
+/** Returns the number of bits needed to represent a field element
+ *  \param  group  EC_GROUP object
+ *  \return number of bits needed to represent a field element
+ */
+int EC_GROUP_get_degree(const EC_GROUP *group);
+
+/** Checks whether the parameter in the EC_GROUP define a valid ec group
+ *  \param  group  EC_GROUP object
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 if group is a valid ec group and 0 otherwise
+ */
+int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx);
+
+/** Checks whether the discriminant of the elliptic curve is zero or not
+ *  \param  group  EC_GROUP object
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 if the discriminant is not zero and 0 otherwise
+ */
+int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx);
+
+/** Compares two EC_GROUP objects
+ *  \param  a    first EC_GROUP object
+ *  \param  b    second EC_GROUP object
+ *  \param  ctx  BN_CTX object (optional)
+ *  \return 0 if the groups are equal, 1 if not, or -1 on error
+ */
+int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx);
+
+/*
+ * EC_GROUP_new_GF*() calls EC_GROUP_new() and EC_GROUP_set_GF*() after
+ * choosing an appropriate EC_METHOD
+ */
+
+/** Creates a new EC_GROUP object with the specified parameters defined
+ *  over GFp (defined by the equation y^2 = x^3 + a*x + b)
+ *  \param  p    BIGNUM with the prime number
+ *  \param  a    BIGNUM with the parameter a of the equation
+ *  \param  b    BIGNUM with the parameter b of the equation
+ *  \param  ctx  BN_CTX object (optional)
+ *  \return newly created EC_GROUP object with the specified parameters
+ */
+EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a,
+                                 const BIGNUM *b, BN_CTX *ctx);
+# ifndef OPENSSL_NO_EC2M
+/** Creates a new EC_GROUP object with the specified parameters defined
+ *  over GF2m (defined by the equation y^2 + x*y = x^3 + a*x^2 + b)
+ *  \param  p    BIGNUM with the polynomial defining the underlying field
+ *  \param  a    BIGNUM with the parameter a of the equation
+ *  \param  b    BIGNUM with the parameter b of the equation
+ *  \param  ctx  BN_CTX object (optional)
+ *  \return newly created EC_GROUP object with the specified parameters
+ */
+EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
+                                  const BIGNUM *b, BN_CTX *ctx);
+# endif
+
+/** Creates a EC_GROUP object with a curve specified by a NID
+ *  \param  nid  NID of the OID of the curve name
+ *  \return newly created EC_GROUP object with specified curve or NULL
+ *          if an error occurred
+ */
+EC_GROUP *EC_GROUP_new_by_curve_name(int nid);
+
+/** Creates a new EC_GROUP object from an ECPARAMETERS object
+ *  \param  params  pointer to the ECPARAMETERS object
+ *  \return newly created EC_GROUP object with specified curve or NULL
+ *          if an error occurred
+ */
+EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params);
+
+/** Creates an ECPARAMETERS object for the given EC_GROUP object.
+ *  \param  group   pointer to the EC_GROUP object
+ *  \param  params  pointer to an existing ECPARAMETERS object or NULL
+ *  \return pointer to the new ECPARAMETERS object or NULL
+ *          if an error occurred.
+ */
+ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group,
+                                        ECPARAMETERS *params);
+
+/** Creates a new EC_GROUP object from an ECPKPARAMETERS object
+ *  \param  params  pointer to an existing ECPKPARAMETERS object, or NULL
+ *  \return newly created EC_GROUP object with specified curve, or NULL
+ *          if an error occurred
+ */
+EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params);
+
+/** Creates an ECPKPARAMETERS object for the given EC_GROUP object.
+ *  \param  group   pointer to the EC_GROUP object
+ *  \param  params  pointer to an existing ECPKPARAMETERS object or NULL
+ *  \return pointer to the new ECPKPARAMETERS object or NULL
+ *          if an error occurred.
+ */
+ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group,
+                                            ECPKPARAMETERS *params);
+
+/********************************************************************/
+/*               handling of internal curves                        */
+/********************************************************************/
+
+typedef struct {
+    int nid;
+    const char *comment;
+} EC_builtin_curve;
+
+/*
+ * EC_builtin_curves(EC_builtin_curve *r, size_t size) returns number of all
+ * available curves or zero if a error occurred. In case r is not zero,
+ * nitems EC_builtin_curve structures are filled with the data of the first
+ * nitems internal groups
+ */
+size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems);
+
+const char *EC_curve_nid2nist(int nid);
+int EC_curve_nist2nid(const char *name);
+
+/********************************************************************/
+/*                    EC_POINT functions                            */
+/********************************************************************/
+
+/** Creates a new EC_POINT object for the specified EC_GROUP
+ *  \param  group  EC_GROUP the underlying EC_GROUP object
+ *  \return newly created EC_POINT object or NULL if an error occurred
+ */
+EC_POINT *EC_POINT_new(const EC_GROUP *group);
+
+/** Frees a EC_POINT object
+ *  \param  point  EC_POINT object to be freed
+ */
+void EC_POINT_free(EC_POINT *point);
+
+/** Clears and frees a EC_POINT object
+ *  \param  point  EC_POINT object to be cleared and freed
+ */
+void EC_POINT_clear_free(EC_POINT *point);
+
+/** Copies EC_POINT object
+ *  \param  dst  destination EC_POINT object
+ *  \param  src  source EC_POINT object
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src);
+
+/** Creates a new EC_POINT object and copies the content of the supplied
+ *  EC_POINT
+ *  \param  src    source EC_POINT object
+ *  \param  group  underlying the EC_GROUP object
+ *  \return newly created EC_POINT object or NULL if an error occurred
+ */
+EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group);
+
+/** Returns the EC_METHOD used in EC_POINT object
+ *  \param  point  EC_POINT object
+ *  \return the EC_METHOD used
+ */
+const EC_METHOD *EC_POINT_method_of(const EC_POINT *point);
+
+/** Sets a point to infinity (neutral element)
+ *  \param  group  underlying EC_GROUP object
+ *  \param  point  EC_POINT to set to infinity
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point);
+
+/** Sets the jacobian projective coordinates of a EC_POINT over GFp
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  x      BIGNUM with the x-coordinate
+ *  \param  y      BIGNUM with the y-coordinate
+ *  \param  z      BIGNUM with the z-coordinate
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group,
+                                             EC_POINT *p, const BIGNUM *x,
+                                             const BIGNUM *y, const BIGNUM *z,
+                                             BN_CTX *ctx);
+
+/** Gets the jacobian projective coordinates of a EC_POINT over GFp
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  x      BIGNUM for the x-coordinate
+ *  \param  y      BIGNUM for the y-coordinate
+ *  \param  z      BIGNUM for the z-coordinate
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
+                                             const EC_POINT *p, BIGNUM *x,
+                                             BIGNUM *y, BIGNUM *z,
+                                             BN_CTX *ctx);
+
+/** Sets the affine coordinates of an EC_POINT
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  x      BIGNUM with the x-coordinate
+ *  \param  y      BIGNUM with the y-coordinate
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *p,
+                                    const BIGNUM *x, const BIGNUM *y,
+                                    BN_CTX *ctx);
+
+/** Gets the affine coordinates of an EC_POINT.
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  x      BIGNUM for the x-coordinate
+ *  \param  y      BIGNUM for the y-coordinate
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_POINT_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *p,
+                                    BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
+
+/** Sets the affine coordinates of an EC_POINT. A synonym of
+ *  EC_POINT_set_affine_coordinates
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  x      BIGNUM with the x-coordinate
+ *  \param  y      BIGNUM with the y-coordinate
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+DEPRECATEDIN_1_2_0(int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group,
+                                                           EC_POINT *p,
+                                                           const BIGNUM *x,
+                                                           const BIGNUM *y,
+                                                           BN_CTX *ctx))
+
+/** Gets the affine coordinates of an EC_POINT. A synonym of
+ *  EC_POINT_get_affine_coordinates
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  x      BIGNUM for the x-coordinate
+ *  \param  y      BIGNUM for the y-coordinate
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+DEPRECATEDIN_1_2_0(int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
+                                                           const EC_POINT *p,
+                                                           BIGNUM *x,
+                                                           BIGNUM *y,
+                                                           BN_CTX *ctx))
+
+/** Sets the x9.62 compressed coordinates of a EC_POINT
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  x      BIGNUM with x-coordinate
+ *  \param  y_bit  integer with the y-Bit (either 0 or 1)
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *p,
+                                        const BIGNUM *x, int y_bit,
+                                        BN_CTX *ctx);
+
+/** Sets the x9.62 compressed coordinates of a EC_POINT. A synonym of
+ *  EC_POINT_set_compressed_coordinates
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  x      BIGNUM with x-coordinate
+ *  \param  y_bit  integer with the y-Bit (either 0 or 1)
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+DEPRECATEDIN_1_2_0(int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group,
+                                                               EC_POINT *p,
+                                                               const BIGNUM *x,
+                                                               int y_bit,
+                                                               BN_CTX *ctx))
+# ifndef OPENSSL_NO_EC2M
+/** Sets the affine coordinates of an EC_POINT. A synonym of
+ *  EC_POINT_set_affine_coordinates
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  x      BIGNUM with the x-coordinate
+ *  \param  y      BIGNUM with the y-coordinate
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+DEPRECATEDIN_1_2_0(int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group,
+                                                            EC_POINT *p,
+                                                            const BIGNUM *x,
+                                                            const BIGNUM *y,
+                                                            BN_CTX *ctx))
+
+/** Gets the affine coordinates of an EC_POINT. A synonym of
+ *  EC_POINT_get_affine_coordinates
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  x      BIGNUM for the x-coordinate
+ *  \param  y      BIGNUM for the y-coordinate
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+DEPRECATEDIN_1_2_0(int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group,
+                                                            const EC_POINT *p,
+                                                            BIGNUM *x,
+                                                            BIGNUM *y,
+                                                            BN_CTX *ctx))
+
+/** Sets the x9.62 compressed coordinates of a EC_POINT. A synonym of
+ *  EC_POINT_set_compressed_coordinates
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  x      BIGNUM with x-coordinate
+ *  \param  y_bit  integer with the y-Bit (either 0 or 1)
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+DEPRECATEDIN_1_2_0(int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group,
+                                                                EC_POINT *p,
+                                                                const BIGNUM *x,
+                                                                int y_bit,
+                                                                BN_CTX *ctx))
+# endif
+/** Encodes a EC_POINT object to a octet string
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  form   point conversion form
+ *  \param  buf    memory buffer for the result. If NULL the function returns
+ *                 required buffer size.
+ *  \param  len    length of the memory buffer
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return the length of the encoded octet string or 0 if an error occurred
+ */
+size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p,
+                          point_conversion_form_t form,
+                          unsigned char *buf, size_t len, BN_CTX *ctx);
+
+/** Decodes a EC_POINT from a octet string
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  buf    memory buffer with the encoded ec point
+ *  \param  len    length of the encoded ec point
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p,
+                       const unsigned char *buf, size_t len, BN_CTX *ctx);
+
+/** Encodes an EC_POINT object to an allocated octet string
+ *  \param  group  underlying EC_GROUP object
+ *  \param  point  EC_POINT object
+ *  \param  form   point conversion form
+ *  \param  pbuf   returns pointer to allocated buffer
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return the length of the encoded octet string or 0 if an error occurred
+ */
+size_t EC_POINT_point2buf(const EC_GROUP *group, const EC_POINT *point,
+                          point_conversion_form_t form,
+                          unsigned char **pbuf, BN_CTX *ctx);
+
+/* other interfaces to point2oct/oct2point: */
+BIGNUM *EC_POINT_point2bn(const EC_GROUP *, const EC_POINT *,
+                          point_conversion_form_t form, BIGNUM *, BN_CTX *);
+EC_POINT *EC_POINT_bn2point(const EC_GROUP *, const BIGNUM *,
+                            EC_POINT *, BN_CTX *);
+char *EC_POINT_point2hex(const EC_GROUP *, const EC_POINT *,
+                         point_conversion_form_t form, BN_CTX *);
+EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *,
+                             EC_POINT *, BN_CTX *);
+
+/********************************************************************/
+/*         functions for doing EC_POINT arithmetic                  */
+/********************************************************************/
+
+/** Computes the sum of two EC_POINT
+ *  \param  group  underlying EC_GROUP object
+ *  \param  r      EC_POINT object for the result (r = a + b)
+ *  \param  a      EC_POINT object with the first summand
+ *  \param  b      EC_POINT object with the second summand
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
+                 const EC_POINT *b, BN_CTX *ctx);
+
+/** Computes the double of a EC_POINT
+ *  \param  group  underlying EC_GROUP object
+ *  \param  r      EC_POINT object for the result (r = 2 * a)
+ *  \param  a      EC_POINT object
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
+                 BN_CTX *ctx);
+
+/** Computes the inverse of a EC_POINT
+ *  \param  group  underlying EC_GROUP object
+ *  \param  a      EC_POINT object to be inverted (it's used for the result as well)
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx);
+
+/** Checks whether the point is the neutral element of the group
+ *  \param  group  the underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \return 1 if the point is the neutral element and 0 otherwise
+ */
+int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p);
+
+/** Checks whether the point is on the curve
+ *  \param  group  underlying EC_GROUP object
+ *  \param  point  EC_POINT object to check
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 if the point is on the curve, 0 if not, or -1 on error
+ */
+int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
+                         BN_CTX *ctx);
+
+/** Compares two EC_POINTs
+ *  \param  group  underlying EC_GROUP object
+ *  \param  a      first EC_POINT object
+ *  \param  b      second EC_POINT object
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 if the points are not equal, 0 if they are, or -1 on error
+ */
+int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b,
+                 BN_CTX *ctx);
+
+int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx);
+int EC_POINTs_make_affine(const EC_GROUP *group, size_t num,
+                          EC_POINT *points[], BN_CTX *ctx);
+
+/** Computes r = generator * n + sum_{i=0}^{num-1} p[i] * m[i]
+ *  \param  group  underlying EC_GROUP object
+ *  \param  r      EC_POINT object for the result
+ *  \param  n      BIGNUM with the multiplier for the group generator (optional)
+ *  \param  num    number further summands
+ *  \param  p      array of size num of EC_POINT objects
+ *  \param  m      array of size num of BIGNUM objects
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n,
+                  size_t num, const EC_POINT *p[], const BIGNUM *m[],
+                  BN_CTX *ctx);
+
+/** Computes r = generator * n + q * m
+ *  \param  group  underlying EC_GROUP object
+ *  \param  r      EC_POINT object for the result
+ *  \param  n      BIGNUM with the multiplier for the group generator (optional)
+ *  \param  q      EC_POINT object with the first factor of the second summand
+ *  \param  m      BIGNUM with the second factor of the second summand
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n,
+                 const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx);
+
+/** Stores multiples of generator for faster point multiplication
+ *  \param  group  EC_GROUP object
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
+
+/** Reports whether a precomputation has been done
+ *  \param  group  EC_GROUP object
+ *  \return 1 if a pre-computation has been done and 0 otherwise
+ */
+int EC_GROUP_have_precompute_mult(const EC_GROUP *group);
+
+/********************************************************************/
+/*                       ASN1 stuff                                 */
+/********************************************************************/
+
+DECLARE_ASN1_ITEM(ECPKPARAMETERS)
+DECLARE_ASN1_ALLOC_FUNCTIONS(ECPKPARAMETERS)
+DECLARE_ASN1_ITEM(ECPARAMETERS)
+DECLARE_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS)
+
+/*
+ * EC_GROUP_get_basis_type() returns the NID of the basis type used to
+ * represent the field elements
+ */
+int EC_GROUP_get_basis_type(const EC_GROUP *);
+# ifndef OPENSSL_NO_EC2M
+int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k);
+int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1,
+                                   unsigned int *k2, unsigned int *k3);
+# endif
+
+# define OPENSSL_EC_EXPLICIT_CURVE  0x000
+# define OPENSSL_EC_NAMED_CURVE     0x001
+
+EC_GROUP *d2i_ECPKParameters(EC_GROUP **, const unsigned char **in, long len);
+int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out);
+
+# define d2i_ECPKParameters_bio(bp,x) ASN1_d2i_bio_of(EC_GROUP,NULL,d2i_ECPKParameters,bp,x)
+# define i2d_ECPKParameters_bio(bp,x) ASN1_i2d_bio_of_const(EC_GROUP,i2d_ECPKParameters,bp,x)
+# define d2i_ECPKParameters_fp(fp,x) (EC_GROUP *)ASN1_d2i_fp(NULL, \
+                (char *(*)())d2i_ECPKParameters,(fp),(unsigned char **)(x))
+# define i2d_ECPKParameters_fp(fp,x) ASN1_i2d_fp(i2d_ECPKParameters,(fp), \
+                (unsigned char *)(x))
+
+int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off);
+# ifndef OPENSSL_NO_STDIO
+int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off);
+# endif
+
+/********************************************************************/
+/*                      EC_KEY functions                            */
+/********************************************************************/
+
+/* some values for the encoding_flag */
+# define EC_PKEY_NO_PARAMETERS   0x001
+# define EC_PKEY_NO_PUBKEY       0x002
+
+/* some values for the flags field */
+# define EC_FLAG_NON_FIPS_ALLOW  0x1
+# define EC_FLAG_FIPS_CHECKED    0x2
+# define EC_FLAG_COFACTOR_ECDH   0x1000
+
+/** Creates a new EC_KEY object.
+ *  \return EC_KEY object or NULL if an error occurred.
+ */
+EC_KEY *EC_KEY_new(void);
+
+int EC_KEY_get_flags(const EC_KEY *key);
+
+void EC_KEY_set_flags(EC_KEY *key, int flags);
+
+void EC_KEY_clear_flags(EC_KEY *key, int flags);
+
+/** Creates a new EC_KEY object using a named curve as underlying
+ *  EC_GROUP object.
+ *  \param  nid  NID of the named curve.
+ *  \return EC_KEY object or NULL if an error occurred.
+ */
+EC_KEY *EC_KEY_new_by_curve_name(int nid);
+
+/** Frees a EC_KEY object.
+ *  \param  key  EC_KEY object to be freed.
+ */
+void EC_KEY_free(EC_KEY *key);
+
+/** Copies a EC_KEY object.
+ *  \param  dst  destination EC_KEY object
+ *  \param  src  src EC_KEY object
+ *  \return dst or NULL if an error occurred.
+ */
+EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src);
+
+/** Creates a new EC_KEY object and copies the content from src to it.
+ *  \param  src  the source EC_KEY object
+ *  \return newly created EC_KEY object or NULL if an error occurred.
+ */
+EC_KEY *EC_KEY_dup(const EC_KEY *src);
+
+/** Increases the internal reference count of a EC_KEY object.
+ *  \param  key  EC_KEY object
+ *  \return 1 on success and 0 if an error occurred.
+ */
+int EC_KEY_up_ref(EC_KEY *key);
+
+/** Returns the ENGINE object of a EC_KEY object
+ *  \param  eckey  EC_KEY object
+ *  \return the ENGINE object (possibly NULL).
+ */
+ENGINE *EC_KEY_get0_engine(const EC_KEY *eckey);
+
+/** Returns the EC_GROUP object of a EC_KEY object
+ *  \param  key  EC_KEY object
+ *  \return the EC_GROUP object (possibly NULL).
+ */
+const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key);
+
+/** Sets the EC_GROUP of a EC_KEY object.
+ *  \param  key    EC_KEY object
+ *  \param  group  EC_GROUP to use in the EC_KEY object (note: the EC_KEY
+ *                 object will use an own copy of the EC_GROUP).
+ *  \return 1 on success and 0 if an error occurred.
+ */
+int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group);
+
+/** Returns the private key of a EC_KEY object.
+ *  \param  key  EC_KEY object
+ *  \return a BIGNUM with the private key (possibly NULL).
+ */
+const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key);
+
+/** Sets the private key of a EC_KEY object.
+ *  \param  key  EC_KEY object
+ *  \param  prv  BIGNUM with the private key (note: the EC_KEY object
+ *               will use an own copy of the BIGNUM).
+ *  \return 1 on success and 0 if an error occurred.
+ */
+int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv);
+
+/** Returns the public key of a EC_KEY object.
+ *  \param  key  the EC_KEY object
+ *  \return a EC_POINT object with the public key (possibly NULL)
+ */
+const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key);
+
+/** Sets the public key of a EC_KEY object.
+ *  \param  key  EC_KEY object
+ *  \param  pub  EC_POINT object with the public key (note: the EC_KEY object
+ *               will use an own copy of the EC_POINT object).
+ *  \return 1 on success and 0 if an error occurred.
+ */
+int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub);
+
+unsigned EC_KEY_get_enc_flags(const EC_KEY *key);
+void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags);
+point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key);
+void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform);
+
+#define EC_KEY_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_EC_KEY, l, p, newf, dupf, freef)
+int EC_KEY_set_ex_data(EC_KEY *key, int idx, void *arg);
+void *EC_KEY_get_ex_data(const EC_KEY *key, int idx);
+
+/* wrapper functions for the underlying EC_GROUP object */
+void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag);
+
+/** Creates a table of pre-computed multiples of the generator to
+ *  accelerate further EC_KEY operations.
+ *  \param  key  EC_KEY object
+ *  \param  ctx  BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred.
+ */
+int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx);
+
+/** Creates a new ec private (and optional a new public) key.
+ *  \param  key  EC_KEY object
+ *  \return 1 on success and 0 if an error occurred.
+ */
+int EC_KEY_generate_key(EC_KEY *key);
+
+/** Verifies that a private and/or public key is valid.
+ *  \param  key  the EC_KEY object
+ *  \return 1 on success and 0 otherwise.
+ */
+int EC_KEY_check_key(const EC_KEY *key);
+
+/** Indicates if an EC_KEY can be used for signing.
+ *  \param  eckey  the EC_KEY object
+ *  \return 1 if can can sign and 0 otherwise.
+ */
+int EC_KEY_can_sign(const EC_KEY *eckey);
+
+/** Sets a public key from affine coordinates performing
+ *  necessary NIST PKV tests.
+ *  \param  key  the EC_KEY object
+ *  \param  x    public key x coordinate
+ *  \param  y    public key y coordinate
+ *  \return 1 on success and 0 otherwise.
+ */
+int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x,
+                                             BIGNUM *y);
+
+/** Encodes an EC_KEY public key to an allocated octet string
+ *  \param  key    key to encode
+ *  \param  form   point conversion form
+ *  \param  pbuf   returns pointer to allocated buffer
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return the length of the encoded octet string or 0 if an error occurred
+ */
+size_t EC_KEY_key2buf(const EC_KEY *key, point_conversion_form_t form,
+                      unsigned char **pbuf, BN_CTX *ctx);
+
+/** Decodes a EC_KEY public key from a octet string
+ *  \param  key    key to decode
+ *  \param  buf    memory buffer with the encoded ec point
+ *  \param  len    length of the encoded ec point
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+
+int EC_KEY_oct2key(EC_KEY *key, const unsigned char *buf, size_t len,
+                   BN_CTX *ctx);
+
+/** Decodes an EC_KEY private key from an octet string
+ *  \param  key    key to decode
+ *  \param  buf    memory buffer with the encoded private key
+ *  \param  len    length of the encoded key
+ *  \return 1 on success and 0 if an error occurred
+ */
+
+int EC_KEY_oct2priv(EC_KEY *key, const unsigned char *buf, size_t len);
+
+/** Encodes a EC_KEY private key to an octet string
+ *  \param  key    key to encode
+ *  \param  buf    memory buffer for the result. If NULL the function returns
+ *                 required buffer size.
+ *  \param  len    length of the memory buffer
+ *  \return the length of the encoded octet string or 0 if an error occurred
+ */
+
+size_t EC_KEY_priv2oct(const EC_KEY *key, unsigned char *buf, size_t len);
+
+/** Encodes an EC_KEY private key to an allocated octet string
+ *  \param  eckey  key to encode
+ *  \param  pbuf   returns pointer to allocated buffer
+ *  \return the length of the encoded octet string or 0 if an error occurred
+ */
+size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf);
+
+/********************************************************************/
+/*        de- and encoding functions for SEC1 ECPrivateKey          */
+/********************************************************************/
+
+/** Decodes a private key from a memory buffer.
+ *  \param  key  a pointer to a EC_KEY object which should be used (or NULL)
+ *  \param  in   pointer to memory with the DER encoded private key
+ *  \param  len  length of the DER encoded private key
+ *  \return the decoded private key or NULL if an error occurred.
+ */
+EC_KEY *d2i_ECPrivateKey(EC_KEY **key, const unsigned char **in, long len);
+
+/** Encodes a private key object and stores the result in a buffer.
+ *  \param  key  the EC_KEY object to encode
+ *  \param  out  the buffer for the result (if NULL the function returns number
+ *               of bytes needed).
+ *  \return 1 on success and 0 if an error occurred.
+ */
+int i2d_ECPrivateKey(EC_KEY *key, unsigned char **out);
+
+/********************************************************************/
+/*        de- and encoding functions for EC parameters              */
+/********************************************************************/
+
+/** Decodes ec parameter from a memory buffer.
+ *  \param  key  a pointer to a EC_KEY object which should be used (or NULL)
+ *  \param  in   pointer to memory with the DER encoded ec parameters
+ *  \param  len  length of the DER encoded ec parameters
+ *  \return a EC_KEY object with the decoded parameters or NULL if an error
+ *          occurred.
+ */
+EC_KEY *d2i_ECParameters(EC_KEY **key, const unsigned char **in, long len);
+
+/** Encodes ec parameter and stores the result in a buffer.
+ *  \param  key  the EC_KEY object with ec parameters to encode
+ *  \param  out  the buffer for the result (if NULL the function returns number
+ *               of bytes needed).
+ *  \return 1 on success and 0 if an error occurred.
+ */
+int i2d_ECParameters(EC_KEY *key, unsigned char **out);
+
+/********************************************************************/
+/*         de- and encoding functions for EC public key             */
+/*         (octet string, not DER -- hence 'o2i' and 'i2o')         */
+/********************************************************************/
+
+/** Decodes a ec public key from a octet string.
+ *  \param  key  a pointer to a EC_KEY object which should be used
+ *  \param  in   memory buffer with the encoded public key
+ *  \param  len  length of the encoded public key
+ *  \return EC_KEY object with decoded public key or NULL if an error
+ *          occurred.
+ */
+EC_KEY *o2i_ECPublicKey(EC_KEY **key, const unsigned char **in, long len);
+
+/** Encodes a ec public key in an octet string.
+ *  \param  key  the EC_KEY object with the public key
+ *  \param  out  the buffer for the result (if NULL the function returns number
+ *               of bytes needed).
+ *  \return 1 on success and 0 if an error occurred
+ */
+int i2o_ECPublicKey(const EC_KEY *key, unsigned char **out);
+
+/** Prints out the ec parameters on human readable form.
+ *  \param  bp   BIO object to which the information is printed
+ *  \param  key  EC_KEY object
+ *  \return 1 on success and 0 if an error occurred
+ */
+int ECParameters_print(BIO *bp, const EC_KEY *key);
+
+/** Prints out the contents of a EC_KEY object
+ *  \param  bp   BIO object to which the information is printed
+ *  \param  key  EC_KEY object
+ *  \param  off  line offset
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_KEY_print(BIO *bp, const EC_KEY *key, int off);
+
+# ifndef OPENSSL_NO_STDIO
+/** Prints out the ec parameters on human readable form.
+ *  \param  fp   file descriptor to which the information is printed
+ *  \param  key  EC_KEY object
+ *  \return 1 on success and 0 if an error occurred
+ */
+int ECParameters_print_fp(FILE *fp, const EC_KEY *key);
+
+/** Prints out the contents of a EC_KEY object
+ *  \param  fp   file descriptor to which the information is printed
+ *  \param  key  EC_KEY object
+ *  \param  off  line offset
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off);
+
+# endif
+
+const EC_KEY_METHOD *EC_KEY_OpenSSL(void);
+const EC_KEY_METHOD *EC_KEY_get_default_method(void);
+void EC_KEY_set_default_method(const EC_KEY_METHOD *meth);
+const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key);
+int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth);
+EC_KEY *EC_KEY_new_method(ENGINE *engine);
+
+/** The old name for ecdh_KDF_X9_63
+ *  The ECDH KDF specification has been mistakingly attributed to ANSI X9.62,
+ *  it is actually specified in ANSI X9.63.
+ *  This identifier is retained for backwards compatibility
+ */
+int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
+                   const unsigned char *Z, size_t Zlen,
+                   const unsigned char *sinfo, size_t sinfolen,
+                   const EVP_MD *md);
+
+int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
+                     const EC_KEY *ecdh,
+                     void *(*KDF) (const void *in, size_t inlen,
+                                   void *out, size_t *outlen));
+
+typedef struct ECDSA_SIG_st ECDSA_SIG;
+
+/** Allocates and initialize a ECDSA_SIG structure
+ *  \return pointer to a ECDSA_SIG structure or NULL if an error occurred
+ */
+ECDSA_SIG *ECDSA_SIG_new(void);
+
+/** frees a ECDSA_SIG structure
+ *  \param  sig  pointer to the ECDSA_SIG structure
+ */
+void ECDSA_SIG_free(ECDSA_SIG *sig);
+
+/** DER encode content of ECDSA_SIG object (note: this function modifies *pp
+ *  (*pp += length of the DER encoded signature)).
+ *  \param  sig  pointer to the ECDSA_SIG object
+ *  \param  pp   pointer to a unsigned char pointer for the output or NULL
+ *  \return the length of the DER encoded ECDSA_SIG object or 0
+ */
+int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp);
+
+/** Decodes a DER encoded ECDSA signature (note: this function changes *pp
+ *  (*pp += len)).
+ *  \param  sig  pointer to ECDSA_SIG pointer (may be NULL)
+ *  \param  pp   memory buffer with the DER encoded signature
+ *  \param  len  length of the buffer
+ *  \return pointer to the decoded ECDSA_SIG structure (or NULL)
+ */
+ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len);
+
+/** Accessor for r and s fields of ECDSA_SIG
+ *  \param  sig  pointer to ECDSA_SIG structure
+ *  \param  pr   pointer to BIGNUM pointer for r (may be NULL)
+ *  \param  ps   pointer to BIGNUM pointer for s (may be NULL)
+ */
+void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
+
+/** Accessor for r field of ECDSA_SIG
+ *  \param  sig  pointer to ECDSA_SIG structure
+ */
+const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig);
+
+/** Accessor for s field of ECDSA_SIG
+ *  \param  sig  pointer to ECDSA_SIG structure
+ */
+const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig);
+
+/** Setter for r and s fields of ECDSA_SIG
+ *  \param  sig  pointer to ECDSA_SIG structure
+ *  \param  r    pointer to BIGNUM for r (may be NULL)
+ *  \param  s    pointer to BIGNUM for s (may be NULL)
+ */
+int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);
+
+/** Computes the ECDSA signature of the given hash value using
+ *  the supplied private key and returns the created signature.
+ *  \param  dgst      pointer to the hash value
+ *  \param  dgst_len  length of the hash value
+ *  \param  eckey     EC_KEY object containing a private EC key
+ *  \return pointer to a ECDSA_SIG structure or NULL if an error occurred
+ */
+ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len,
+                         EC_KEY *eckey);
+
+/** Computes ECDSA signature of a given hash value using the supplied
+ *  private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
+ *  \param  dgst     pointer to the hash value to sign
+ *  \param  dgstlen  length of the hash value
+ *  \param  kinv     BIGNUM with a pre-computed inverse k (optional)
+ *  \param  rp       BIGNUM with a pre-computed rp value (optional),
+ *                   see ECDSA_sign_setup
+ *  \param  eckey    EC_KEY object containing a private EC key
+ *  \return pointer to a ECDSA_SIG structure or NULL if an error occurred
+ */
+ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen,
+                            const BIGNUM *kinv, const BIGNUM *rp,
+                            EC_KEY *eckey);
+
+/** Verifies that the supplied signature is a valid ECDSA
+ *  signature of the supplied hash value using the supplied public key.
+ *  \param  dgst      pointer to the hash value
+ *  \param  dgst_len  length of the hash value
+ *  \param  sig       ECDSA_SIG structure
+ *  \param  eckey     EC_KEY object containing a public EC key
+ *  \return 1 if the signature is valid, 0 if the signature is invalid
+ *          and -1 on error
+ */
+int ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
+                    const ECDSA_SIG *sig, EC_KEY *eckey);
+
+/** Precompute parts of the signing operation
+ *  \param  eckey  EC_KEY object containing a private EC key
+ *  \param  ctx    BN_CTX object (optional)
+ *  \param  kinv   BIGNUM pointer for the inverse of k
+ *  \param  rp     BIGNUM pointer for x coordinate of k * generator
+ *  \return 1 on success and 0 otherwise
+ */
+int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp);
+
+/** Computes ECDSA signature of a given hash value using the supplied
+ *  private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
+ *  \param  type     this parameter is ignored
+ *  \param  dgst     pointer to the hash value to sign
+ *  \param  dgstlen  length of the hash value
+ *  \param  sig      memory for the DER encoded created signature
+ *  \param  siglen   pointer to the length of the returned signature
+ *  \param  eckey    EC_KEY object containing a private EC key
+ *  \return 1 on success and 0 otherwise
+ */
+int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen,
+               unsigned char *sig, unsigned int *siglen, EC_KEY *eckey);
+
+/** Computes ECDSA signature of a given hash value using the supplied
+ *  private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
+ *  \param  type     this parameter is ignored
+ *  \param  dgst     pointer to the hash value to sign
+ *  \param  dgstlen  length of the hash value
+ *  \param  sig      buffer to hold the DER encoded signature
+ *  \param  siglen   pointer to the length of the returned signature
+ *  \param  kinv     BIGNUM with a pre-computed inverse k (optional)
+ *  \param  rp       BIGNUM with a pre-computed rp value (optional),
+ *                   see ECDSA_sign_setup
+ *  \param  eckey    EC_KEY object containing a private EC key
+ *  \return 1 on success and 0 otherwise
+ */
+int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen,
+                  unsigned char *sig, unsigned int *siglen,
+                  const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey);
+
+/** Verifies that the given signature is valid ECDSA signature
+ *  of the supplied hash value using the specified public key.
+ *  \param  type     this parameter is ignored
+ *  \param  dgst     pointer to the hash value
+ *  \param  dgstlen  length of the hash value
+ *  \param  sig      pointer to the DER encoded signature
+ *  \param  siglen   length of the DER encoded signature
+ *  \param  eckey    EC_KEY object containing a public EC key
+ *  \return 1 if the signature is valid, 0 if the signature is invalid
+ *          and -1 on error
+ */
+int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen,
+                 const unsigned char *sig, int siglen, EC_KEY *eckey);
+
+/** Returns the maximum length of the DER encoded signature
+ *  \param  eckey  EC_KEY object
+ *  \return numbers of bytes required for the DER encoded signature
+ */
+int ECDSA_size(const EC_KEY *eckey);
+
+/********************************************************************/
+/*  EC_KEY_METHOD constructors, destructors, writers and accessors  */
+/********************************************************************/
+
+EC_KEY_METHOD *EC_KEY_METHOD_new(const EC_KEY_METHOD *meth);
+void EC_KEY_METHOD_free(EC_KEY_METHOD *meth);
+void EC_KEY_METHOD_set_init(EC_KEY_METHOD *meth,
+                            int (*init)(EC_KEY *key),
+                            void (*finish)(EC_KEY *key),
+                            int (*copy)(EC_KEY *dest, const EC_KEY *src),
+                            int (*set_group)(EC_KEY *key, const EC_GROUP *grp),
+                            int (*set_private)(EC_KEY *key,
+                                               const BIGNUM *priv_key),
+                            int (*set_public)(EC_KEY *key,
+                                              const EC_POINT *pub_key));
+
+void EC_KEY_METHOD_set_keygen(EC_KEY_METHOD *meth,
+                              int (*keygen)(EC_KEY *key));
+
+void EC_KEY_METHOD_set_compute_key(EC_KEY_METHOD *meth,
+                                   int (*ckey)(unsigned char **psec,
+                                               size_t *pseclen,
+                                               const EC_POINT *pub_key,
+                                               const EC_KEY *ecdh));
+
+void EC_KEY_METHOD_set_sign(EC_KEY_METHOD *meth,
+                            int (*sign)(int type, const unsigned char *dgst,
+                                        int dlen, unsigned char *sig,
+                                        unsigned int *siglen,
+                                        const BIGNUM *kinv, const BIGNUM *r,
+                                        EC_KEY *eckey),
+                            int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in,
+                                              BIGNUM **kinvp, BIGNUM **rp),
+                            ECDSA_SIG *(*sign_sig)(const unsigned char *dgst,
+                                                   int dgst_len,
+                                                   const BIGNUM *in_kinv,
+                                                   const BIGNUM *in_r,
+                                                   EC_KEY *eckey));
+
+void EC_KEY_METHOD_set_verify(EC_KEY_METHOD *meth,
+                              int (*verify)(int type, const unsigned
+                                            char *dgst, int dgst_len,
+                                            const unsigned char *sigbuf,
+                                            int sig_len, EC_KEY *eckey),
+                              int (*verify_sig)(const unsigned char *dgst,
+                                                int dgst_len,
+                                                const ECDSA_SIG *sig,
+                                                EC_KEY *eckey));
+
+void EC_KEY_METHOD_get_init(const EC_KEY_METHOD *meth,
+                            int (**pinit)(EC_KEY *key),
+                            void (**pfinish)(EC_KEY *key),
+                            int (**pcopy)(EC_KEY *dest, const EC_KEY *src),
+                            int (**pset_group)(EC_KEY *key,
+                                               const EC_GROUP *grp),
+                            int (**pset_private)(EC_KEY *key,
+                                                 const BIGNUM *priv_key),
+                            int (**pset_public)(EC_KEY *key,
+                                                const EC_POINT *pub_key));
+
+void EC_KEY_METHOD_get_keygen(const EC_KEY_METHOD *meth,
+                              int (**pkeygen)(EC_KEY *key));
+
+void EC_KEY_METHOD_get_compute_key(const EC_KEY_METHOD *meth,
+                                   int (**pck)(unsigned char **psec,
+                                               size_t *pseclen,
+                                               const EC_POINT *pub_key,
+                                               const EC_KEY *ecdh));
+
+void EC_KEY_METHOD_get_sign(const EC_KEY_METHOD *meth,
+                            int (**psign)(int type, const unsigned char *dgst,
+                                          int dlen, unsigned char *sig,
+                                          unsigned int *siglen,
+                                          const BIGNUM *kinv, const BIGNUM *r,
+                                          EC_KEY *eckey),
+                            int (**psign_setup)(EC_KEY *eckey, BN_CTX *ctx_in,
+                                                BIGNUM **kinvp, BIGNUM **rp),
+                            ECDSA_SIG *(**psign_sig)(const unsigned char *dgst,
+                                                     int dgst_len,
+                                                     const BIGNUM *in_kinv,
+                                                     const BIGNUM *in_r,
+                                                     EC_KEY *eckey));
+
+void EC_KEY_METHOD_get_verify(const EC_KEY_METHOD *meth,
+                              int (**pverify)(int type, const unsigned
+                                              char *dgst, int dgst_len,
+                                              const unsigned char *sigbuf,
+                                              int sig_len, EC_KEY *eckey),
+                              int (**pverify_sig)(const unsigned char *dgst,
+                                                  int dgst_len,
+                                                  const ECDSA_SIG *sig,
+                                                  EC_KEY *eckey));
+
+# define ECParameters_dup(x) ASN1_dup_of(EC_KEY,i2d_ECParameters,d2i_ECParameters,x)
+
+# ifndef __cplusplus
+#  if defined(__SUNPRO_C)
+#   if __SUNPRO_C >= 0x520
+#    pragma error_messages (default,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE)
+#   endif
+#  endif
+# endif
+
+# define EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+                                EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN, \
+                                EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, nid, NULL)
+
+# define EVP_PKEY_CTX_set_ec_param_enc(ctx, flag) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+                                EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN, \
+                                EVP_PKEY_CTRL_EC_PARAM_ENC, flag, NULL)
+
+# define EVP_PKEY_CTX_set_ecdh_cofactor_mode(ctx, flag) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_EC_ECDH_COFACTOR, flag, NULL)
+
+# define EVP_PKEY_CTX_get_ecdh_cofactor_mode(ctx) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_EC_ECDH_COFACTOR, -2, NULL)
+
+# define EVP_PKEY_CTX_set_ecdh_kdf_type(ctx, kdf) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_EC_KDF_TYPE, kdf, NULL)
+
+# define EVP_PKEY_CTX_get_ecdh_kdf_type(ctx) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_EC_KDF_TYPE, -2, NULL)
+
+# define EVP_PKEY_CTX_set_ecdh_kdf_md(ctx, md) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_EC_KDF_MD, 0, (void *)(md))
+
+# define EVP_PKEY_CTX_get_ecdh_kdf_md(ctx, pmd) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_GET_EC_KDF_MD, 0, (void *)(pmd))
+
+# define EVP_PKEY_CTX_set_ecdh_kdf_outlen(ctx, len) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_EC_KDF_OUTLEN, len, NULL)
+
+# define EVP_PKEY_CTX_get_ecdh_kdf_outlen(ctx, plen) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN, 0, \
+                                (void *)(plen))
+
+# define EVP_PKEY_CTX_set0_ecdh_kdf_ukm(ctx, p, plen) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_EC_KDF_UKM, plen, (void *)(p))
+
+# define EVP_PKEY_CTX_get0_ecdh_kdf_ukm(ctx, p) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_GET_EC_KDF_UKM, 0, (void *)(p))
+
+/* SM2 will skip the operation check so no need to pass operation here */
+# define EVP_PKEY_CTX_set1_id(ctx, id, id_len) \
+        EVP_PKEY_CTX_ctrl(ctx, -1, -1, \
+                                EVP_PKEY_CTRL_SET1_ID, (int)id_len, (void*)(id))
+
+# define EVP_PKEY_CTX_get1_id(ctx, id) \
+        EVP_PKEY_CTX_ctrl(ctx, -1, -1, \
+                                EVP_PKEY_CTRL_GET1_ID, 0, (void*)(id))
+
+# define EVP_PKEY_CTX_get1_id_len(ctx, id_len) \
+        EVP_PKEY_CTX_ctrl(ctx, -1, -1, \
+                                EVP_PKEY_CTRL_GET1_ID_LEN, 0, (void*)(id_len))
+
+# define EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID             (EVP_PKEY_ALG_CTRL + 1)
+# define EVP_PKEY_CTRL_EC_PARAM_ENC                      (EVP_PKEY_ALG_CTRL + 2)
+# define EVP_PKEY_CTRL_EC_ECDH_COFACTOR                  (EVP_PKEY_ALG_CTRL + 3)
+# define EVP_PKEY_CTRL_EC_KDF_TYPE                       (EVP_PKEY_ALG_CTRL + 4)
+# define EVP_PKEY_CTRL_EC_KDF_MD                         (EVP_PKEY_ALG_CTRL + 5)
+# define EVP_PKEY_CTRL_GET_EC_KDF_MD                     (EVP_PKEY_ALG_CTRL + 6)
+# define EVP_PKEY_CTRL_EC_KDF_OUTLEN                     (EVP_PKEY_ALG_CTRL + 7)
+# define EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN                 (EVP_PKEY_ALG_CTRL + 8)
+# define EVP_PKEY_CTRL_EC_KDF_UKM                        (EVP_PKEY_ALG_CTRL + 9)
+# define EVP_PKEY_CTRL_GET_EC_KDF_UKM                    (EVP_PKEY_ALG_CTRL + 10)
+# define EVP_PKEY_CTRL_SET1_ID                           (EVP_PKEY_ALG_CTRL + 11)
+# define EVP_PKEY_CTRL_GET1_ID                           (EVP_PKEY_ALG_CTRL + 12)
+# define EVP_PKEY_CTRL_GET1_ID_LEN                       (EVP_PKEY_ALG_CTRL + 13)
+/* KDF types */
+# define EVP_PKEY_ECDH_KDF_NONE                          1
+# define EVP_PKEY_ECDH_KDF_X9_63                         2
+/** The old name for EVP_PKEY_ECDH_KDF_X9_63
+ *  The ECDH KDF specification has been mistakingly attributed to ANSI X9.62,
+ *  it is actually specified in ANSI X9.63.
+ *  This identifier is retained for backwards compatibility
+ */
+# define EVP_PKEY_ECDH_KDF_X9_62   EVP_PKEY_ECDH_KDF_X9_63
+
+
+#  ifdef  __cplusplus
+}
+#  endif
+# endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/ecdh.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/ecdh.h
new file mode 100644
index 000000000..681f3d5e5
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/ecdh.h
@@ -0,0 +1,10 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/ec.h>
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/ecdsa.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/ecdsa.h
new file mode 100644
index 000000000..681f3d5e5
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/ecdsa.h
@@ -0,0 +1,10 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/ec.h>
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/ecerr.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/ecerr.h
new file mode 100644
index 000000000..be313d285
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/ecerr.h
@@ -0,0 +1,271 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_ECERR_H
+# define HEADER_ECERR_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_EC
+
+#  ifdef  __cplusplus
+extern "C"
+#  endif
+int ERR_load_EC_strings(void);
+
+/*
+ * EC function codes.
+ */
+#  define EC_F_BN_TO_FELEM                                 224
+#  define EC_F_D2I_ECPARAMETERS                            144
+#  define EC_F_D2I_ECPKPARAMETERS                          145
+#  define EC_F_D2I_ECPRIVATEKEY                            146
+#  define EC_F_DO_EC_KEY_PRINT                             221
+#  define EC_F_ECDH_CMS_DECRYPT                            238
+#  define EC_F_ECDH_CMS_SET_SHARED_INFO                    239
+#  define EC_F_ECDH_COMPUTE_KEY                            246
+#  define EC_F_ECDH_SIMPLE_COMPUTE_KEY                     257
+#  define EC_F_ECDSA_DO_SIGN_EX                            251
+#  define EC_F_ECDSA_DO_VERIFY                             252
+#  define EC_F_ECDSA_SIGN_EX                               254
+#  define EC_F_ECDSA_SIGN_SETUP                            248
+#  define EC_F_ECDSA_SIG_NEW                               265
+#  define EC_F_ECDSA_VERIFY                                253
+#  define EC_F_ECD_ITEM_VERIFY                             270
+#  define EC_F_ECKEY_PARAM2TYPE                            223
+#  define EC_F_ECKEY_PARAM_DECODE                          212
+#  define EC_F_ECKEY_PRIV_DECODE                           213
+#  define EC_F_ECKEY_PRIV_ENCODE                           214
+#  define EC_F_ECKEY_PUB_DECODE                            215
+#  define EC_F_ECKEY_PUB_ENCODE                            216
+#  define EC_F_ECKEY_TYPE2PARAM                            220
+#  define EC_F_ECPARAMETERS_PRINT                          147
+#  define EC_F_ECPARAMETERS_PRINT_FP                       148
+#  define EC_F_ECPKPARAMETERS_PRINT                        149
+#  define EC_F_ECPKPARAMETERS_PRINT_FP                     150
+#  define EC_F_ECP_NISTZ256_GET_AFFINE                     240
+#  define EC_F_ECP_NISTZ256_INV_MOD_ORD                    275
+#  define EC_F_ECP_NISTZ256_MULT_PRECOMPUTE                243
+#  define EC_F_ECP_NISTZ256_POINTS_MUL                     241
+#  define EC_F_ECP_NISTZ256_PRE_COMP_NEW                   244
+#  define EC_F_ECP_NISTZ256_WINDOWED_MUL                   242
+#  define EC_F_ECX_KEY_OP                                  266
+#  define EC_F_ECX_PRIV_ENCODE                             267
+#  define EC_F_ECX_PUB_ENCODE                              268
+#  define EC_F_EC_ASN1_GROUP2CURVE                         153
+#  define EC_F_EC_ASN1_GROUP2FIELDID                       154
+#  define EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY           208
+#  define EC_F_EC_GF2M_SIMPLE_FIELD_INV                    296
+#  define EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT     159
+#  define EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE              195
+#  define EC_F_EC_GF2M_SIMPLE_LADDER_POST                  285
+#  define EC_F_EC_GF2M_SIMPLE_LADDER_PRE                   288
+#  define EC_F_EC_GF2M_SIMPLE_OCT2POINT                    160
+#  define EC_F_EC_GF2M_SIMPLE_POINT2OCT                    161
+#  define EC_F_EC_GF2M_SIMPLE_POINTS_MUL                   289
+#  define EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES 162
+#  define EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES 163
+#  define EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES   164
+#  define EC_F_EC_GFP_MONT_FIELD_DECODE                    133
+#  define EC_F_EC_GFP_MONT_FIELD_ENCODE                    134
+#  define EC_F_EC_GFP_MONT_FIELD_INV                       297
+#  define EC_F_EC_GFP_MONT_FIELD_MUL                       131
+#  define EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE                209
+#  define EC_F_EC_GFP_MONT_FIELD_SQR                       132
+#  define EC_F_EC_GFP_MONT_GROUP_SET_CURVE                 189
+#  define EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE             225
+#  define EC_F_EC_GFP_NISTP224_POINTS_MUL                  228
+#  define EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES 226
+#  define EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE             230
+#  define EC_F_EC_GFP_NISTP256_POINTS_MUL                  231
+#  define EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES 232
+#  define EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE             233
+#  define EC_F_EC_GFP_NISTP521_POINTS_MUL                  234
+#  define EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES 235
+#  define EC_F_EC_GFP_NIST_FIELD_MUL                       200
+#  define EC_F_EC_GFP_NIST_FIELD_SQR                       201
+#  define EC_F_EC_GFP_NIST_GROUP_SET_CURVE                 202
+#  define EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES             287
+#  define EC_F_EC_GFP_SIMPLE_FIELD_INV                     298
+#  define EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT      165
+#  define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE               166
+#  define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE                   102
+#  define EC_F_EC_GFP_SIMPLE_OCT2POINT                     103
+#  define EC_F_EC_GFP_SIMPLE_POINT2OCT                     104
+#  define EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE            137
+#  define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES  167
+#  define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES  168
+#  define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES    169
+#  define EC_F_EC_GROUP_CHECK                              170
+#  define EC_F_EC_GROUP_CHECK_DISCRIMINANT                 171
+#  define EC_F_EC_GROUP_COPY                               106
+#  define EC_F_EC_GROUP_GET_CURVE                          291
+#  define EC_F_EC_GROUP_GET_CURVE_GF2M                     172
+#  define EC_F_EC_GROUP_GET_CURVE_GFP                      130
+#  define EC_F_EC_GROUP_GET_DEGREE                         173
+#  define EC_F_EC_GROUP_GET_ECPARAMETERS                   261
+#  define EC_F_EC_GROUP_GET_ECPKPARAMETERS                 262
+#  define EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS              193
+#  define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS                194
+#  define EC_F_EC_GROUP_NEW                                108
+#  define EC_F_EC_GROUP_NEW_BY_CURVE_NAME                  174
+#  define EC_F_EC_GROUP_NEW_FROM_DATA                      175
+#  define EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS              263
+#  define EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS            264
+#  define EC_F_EC_GROUP_SET_CURVE                          292
+#  define EC_F_EC_GROUP_SET_CURVE_GF2M                     176
+#  define EC_F_EC_GROUP_SET_CURVE_GFP                      109
+#  define EC_F_EC_GROUP_SET_GENERATOR                      111
+#  define EC_F_EC_GROUP_SET_SEED                           286
+#  define EC_F_EC_KEY_CHECK_KEY                            177
+#  define EC_F_EC_KEY_COPY                                 178
+#  define EC_F_EC_KEY_GENERATE_KEY                         179
+#  define EC_F_EC_KEY_NEW                                  182
+#  define EC_F_EC_KEY_NEW_METHOD                           245
+#  define EC_F_EC_KEY_OCT2PRIV                             255
+#  define EC_F_EC_KEY_PRINT                                180
+#  define EC_F_EC_KEY_PRINT_FP                             181
+#  define EC_F_EC_KEY_PRIV2BUF                             279
+#  define EC_F_EC_KEY_PRIV2OCT                             256
+#  define EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES    229
+#  define EC_F_EC_KEY_SIMPLE_CHECK_KEY                     258
+#  define EC_F_EC_KEY_SIMPLE_OCT2PRIV                      259
+#  define EC_F_EC_KEY_SIMPLE_PRIV2OCT                      260
+#  define EC_F_EC_PKEY_CHECK                               273
+#  define EC_F_EC_PKEY_PARAM_CHECK                         274
+#  define EC_F_EC_POINTS_MAKE_AFFINE                       136
+#  define EC_F_EC_POINTS_MUL                               290
+#  define EC_F_EC_POINT_ADD                                112
+#  define EC_F_EC_POINT_BN2POINT                           280
+#  define EC_F_EC_POINT_CMP                                113
+#  define EC_F_EC_POINT_COPY                               114
+#  define EC_F_EC_POINT_DBL                                115
+#  define EC_F_EC_POINT_GET_AFFINE_COORDINATES             293
+#  define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M        183
+#  define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP         116
+#  define EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP    117
+#  define EC_F_EC_POINT_INVERT                             210
+#  define EC_F_EC_POINT_IS_AT_INFINITY                     118
+#  define EC_F_EC_POINT_IS_ON_CURVE                        119
+#  define EC_F_EC_POINT_MAKE_AFFINE                        120
+#  define EC_F_EC_POINT_NEW                                121
+#  define EC_F_EC_POINT_OCT2POINT                          122
+#  define EC_F_EC_POINT_POINT2BUF                          281
+#  define EC_F_EC_POINT_POINT2OCT                          123
+#  define EC_F_EC_POINT_SET_AFFINE_COORDINATES             294
+#  define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M        185
+#  define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP         124
+#  define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES         295
+#  define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M    186
+#  define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP     125
+#  define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP    126
+#  define EC_F_EC_POINT_SET_TO_INFINITY                    127
+#  define EC_F_EC_PRE_COMP_NEW                             196
+#  define EC_F_EC_SCALAR_MUL_LADDER                        284
+#  define EC_F_EC_WNAF_MUL                                 187
+#  define EC_F_EC_WNAF_PRECOMPUTE_MULT                     188
+#  define EC_F_I2D_ECPARAMETERS                            190
+#  define EC_F_I2D_ECPKPARAMETERS                          191
+#  define EC_F_I2D_ECPRIVATEKEY                            192
+#  define EC_F_I2O_ECPUBLICKEY                             151
+#  define EC_F_NISTP224_PRE_COMP_NEW                       227
+#  define EC_F_NISTP256_PRE_COMP_NEW                       236
+#  define EC_F_NISTP521_PRE_COMP_NEW                       237
+#  define EC_F_O2I_ECPUBLICKEY                             152
+#  define EC_F_OLD_EC_PRIV_DECODE                          222
+#  define EC_F_OSSL_ECDH_COMPUTE_KEY                       247
+#  define EC_F_OSSL_ECDSA_SIGN_SIG                         249
+#  define EC_F_OSSL_ECDSA_VERIFY_SIG                       250
+#  define EC_F_PKEY_ECD_CTRL                               271
+#  define EC_F_PKEY_ECD_DIGESTSIGN                         272
+#  define EC_F_PKEY_ECD_DIGESTSIGN25519                    276
+#  define EC_F_PKEY_ECD_DIGESTSIGN448                      277
+#  define EC_F_PKEY_ECX_DERIVE                             269
+#  define EC_F_PKEY_EC_CTRL                                197
+#  define EC_F_PKEY_EC_CTRL_STR                            198
+#  define EC_F_PKEY_EC_DERIVE                              217
+#  define EC_F_PKEY_EC_INIT                                282
+#  define EC_F_PKEY_EC_KDF_DERIVE                          283
+#  define EC_F_PKEY_EC_KEYGEN                              199
+#  define EC_F_PKEY_EC_PARAMGEN                            219
+#  define EC_F_PKEY_EC_SIGN                                218
+#  define EC_F_VALIDATE_ECX_DERIVE                         278
+
+/*
+ * EC reason codes.
+ */
+#  define EC_R_ASN1_ERROR                                  115
+#  define EC_R_BAD_SIGNATURE                               156
+#  define EC_R_BIGNUM_OUT_OF_RANGE                         144
+#  define EC_R_BUFFER_TOO_SMALL                            100
+#  define EC_R_CANNOT_INVERT                               165
+#  define EC_R_COORDINATES_OUT_OF_RANGE                    146
+#  define EC_R_CURVE_DOES_NOT_SUPPORT_ECDH                 160
+#  define EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING              159
+#  define EC_R_D2I_ECPKPARAMETERS_FAILURE                  117
+#  define EC_R_DECODE_ERROR                                142
+#  define EC_R_DISCRIMINANT_IS_ZERO                        118
+#  define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE                119
+#  define EC_R_FIELD_TOO_LARGE                             143
+#  define EC_R_GF2M_NOT_SUPPORTED                          147
+#  define EC_R_GROUP2PKPARAMETERS_FAILURE                  120
+#  define EC_R_I2D_ECPKPARAMETERS_FAILURE                  121
+#  define EC_R_INCOMPATIBLE_OBJECTS                        101
+#  define EC_R_INVALID_ARGUMENT                            112
+#  define EC_R_INVALID_COMPRESSED_POINT                    110
+#  define EC_R_INVALID_COMPRESSION_BIT                     109
+#  define EC_R_INVALID_CURVE                               141
+#  define EC_R_INVALID_DIGEST                              151
+#  define EC_R_INVALID_DIGEST_TYPE                         138
+#  define EC_R_INVALID_ENCODING                            102
+#  define EC_R_INVALID_FIELD                               103
+#  define EC_R_INVALID_FORM                                104
+#  define EC_R_INVALID_GROUP_ORDER                         122
+#  define EC_R_INVALID_KEY                                 116
+#  define EC_R_INVALID_OUTPUT_LENGTH                       161
+#  define EC_R_INVALID_PEER_KEY                            133
+#  define EC_R_INVALID_PENTANOMIAL_BASIS                   132
+#  define EC_R_INVALID_PRIVATE_KEY                         123
+#  define EC_R_INVALID_TRINOMIAL_BASIS                     137
+#  define EC_R_KDF_PARAMETER_ERROR                         148
+#  define EC_R_KEYS_NOT_SET                                140
+#  define EC_R_LADDER_POST_FAILURE                         136
+#  define EC_R_LADDER_PRE_FAILURE                          153
+#  define EC_R_LADDER_STEP_FAILURE                         162
+#  define EC_R_MISSING_PARAMETERS                          124
+#  define EC_R_MISSING_PRIVATE_KEY                         125
+#  define EC_R_NEED_NEW_SETUP_VALUES                       157
+#  define EC_R_NOT_A_NIST_PRIME                            135
+#  define EC_R_NOT_IMPLEMENTED                             126
+#  define EC_R_NOT_INITIALIZED                             111
+#  define EC_R_NO_PARAMETERS_SET                           139
+#  define EC_R_NO_PRIVATE_VALUE                            154
+#  define EC_R_OPERATION_NOT_SUPPORTED                     152
+#  define EC_R_PASSED_NULL_PARAMETER                       134
+#  define EC_R_PEER_KEY_ERROR                              149
+#  define EC_R_PKPARAMETERS2GROUP_FAILURE                  127
+#  define EC_R_POINT_ARITHMETIC_FAILURE                    155
+#  define EC_R_POINT_AT_INFINITY                           106
+#  define EC_R_POINT_COORDINATES_BLIND_FAILURE             163
+#  define EC_R_POINT_IS_NOT_ON_CURVE                       107
+#  define EC_R_RANDOM_NUMBER_GENERATION_FAILED             158
+#  define EC_R_SHARED_INFO_ERROR                           150
+#  define EC_R_SLOT_FULL                                   108
+#  define EC_R_UNDEFINED_GENERATOR                         113
+#  define EC_R_UNDEFINED_ORDER                             128
+#  define EC_R_UNKNOWN_COFACTOR                            164
+#  define EC_R_UNKNOWN_GROUP                               129
+#  define EC_R_UNKNOWN_ORDER                               114
+#  define EC_R_UNSUPPORTED_FIELD                           131
+#  define EC_R_WRONG_CURVE_PARAMETERS                      145
+#  define EC_R_WRONG_ORDER                                 130
+
+# endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/engine.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/engine.h
new file mode 100644
index 000000000..0780f0fb5
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/engine.h
@@ -0,0 +1,751 @@
+/*
+ * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_ENGINE_H
+# define HEADER_ENGINE_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_ENGINE
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  include <openssl/bn.h>
+#  include <openssl/rsa.h>
+#  include <openssl/dsa.h>
+#  include <openssl/dh.h>
+#  include <openssl/ec.h>
+#  include <openssl/rand.h>
+#  include <openssl/ui.h>
+#  include <openssl/err.h>
+# endif
+# include <openssl/ossl_typ.h>
+# include <openssl/symhacks.h>
+# include <openssl/x509.h>
+# include <openssl/engineerr.h>
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+/*
+ * These flags are used to control combinations of algorithm (methods) by
+ * bitwise "OR"ing.
+ */
+# define ENGINE_METHOD_RSA               (unsigned int)0x0001
+# define ENGINE_METHOD_DSA               (unsigned int)0x0002
+# define ENGINE_METHOD_DH                (unsigned int)0x0004
+# define ENGINE_METHOD_RAND              (unsigned int)0x0008
+# define ENGINE_METHOD_CIPHERS           (unsigned int)0x0040
+# define ENGINE_METHOD_DIGESTS           (unsigned int)0x0080
+# define ENGINE_METHOD_PKEY_METHS        (unsigned int)0x0200
+# define ENGINE_METHOD_PKEY_ASN1_METHS   (unsigned int)0x0400
+# define ENGINE_METHOD_EC                (unsigned int)0x0800
+/* Obvious all-or-nothing cases. */
+# define ENGINE_METHOD_ALL               (unsigned int)0xFFFF
+# define ENGINE_METHOD_NONE              (unsigned int)0x0000
+
+/*
+ * This(ese) flag(s) controls behaviour of the ENGINE_TABLE mechanism used
+ * internally to control registration of ENGINE implementations, and can be
+ * set by ENGINE_set_table_flags(). The "NOINIT" flag prevents attempts to
+ * initialise registered ENGINEs if they are not already initialised.
+ */
+# define ENGINE_TABLE_FLAG_NOINIT        (unsigned int)0x0001
+
+/* ENGINE flags that can be set by ENGINE_set_flags(). */
+/* Not used */
+/* #define ENGINE_FLAGS_MALLOCED        0x0001 */
+
+/*
+ * This flag is for ENGINEs that wish to handle the various 'CMD'-related
+ * control commands on their own. Without this flag, ENGINE_ctrl() handles
+ * these control commands on behalf of the ENGINE using their "cmd_defns"
+ * data.
+ */
+# define ENGINE_FLAGS_MANUAL_CMD_CTRL    (int)0x0002
+
+/*
+ * This flag is for ENGINEs who return new duplicate structures when found
+ * via "ENGINE_by_id()". When an ENGINE must store state (eg. if
+ * ENGINE_ctrl() commands are called in sequence as part of some stateful
+ * process like key-generation setup and execution), it can set this flag -
+ * then each attempt to obtain the ENGINE will result in it being copied into
+ * a new structure. Normally, ENGINEs don't declare this flag so
+ * ENGINE_by_id() just increments the existing ENGINE's structural reference
+ * count.
+ */
+# define ENGINE_FLAGS_BY_ID_COPY         (int)0x0004
+
+/*
+ * This flag if for an ENGINE that does not want its methods registered as
+ * part of ENGINE_register_all_complete() for example if the methods are not
+ * usable as default methods.
+ */
+
+# define ENGINE_FLAGS_NO_REGISTER_ALL    (int)0x0008
+
+/*
+ * ENGINEs can support their own command types, and these flags are used in
+ * ENGINE_CTRL_GET_CMD_FLAGS to indicate to the caller what kind of input
+ * each command expects. Currently only numeric and string input is
+ * supported. If a control command supports none of the _NUMERIC, _STRING, or
+ * _NO_INPUT options, then it is regarded as an "internal" control command -
+ * and not for use in config setting situations. As such, they're not
+ * available to the ENGINE_ctrl_cmd_string() function, only raw ENGINE_ctrl()
+ * access. Changes to this list of 'command types' should be reflected
+ * carefully in ENGINE_cmd_is_executable() and ENGINE_ctrl_cmd_string().
+ */
+
+/* accepts a 'long' input value (3rd parameter to ENGINE_ctrl) */
+# define ENGINE_CMD_FLAG_NUMERIC         (unsigned int)0x0001
+/*
+ * accepts string input (cast from 'void*' to 'const char *', 4th parameter
+ * to ENGINE_ctrl)
+ */
+# define ENGINE_CMD_FLAG_STRING          (unsigned int)0x0002
+/*
+ * Indicates that the control command takes *no* input. Ie. the control
+ * command is unparameterised.
+ */
+# define ENGINE_CMD_FLAG_NO_INPUT        (unsigned int)0x0004
+/*
+ * Indicates that the control command is internal. This control command won't
+ * be shown in any output, and is only usable through the ENGINE_ctrl_cmd()
+ * function.
+ */
+# define ENGINE_CMD_FLAG_INTERNAL        (unsigned int)0x0008
+
+/*
+ * NB: These 3 control commands are deprecated and should not be used.
+ * ENGINEs relying on these commands should compile conditional support for
+ * compatibility (eg. if these symbols are defined) but should also migrate
+ * the same functionality to their own ENGINE-specific control functions that
+ * can be "discovered" by calling applications. The fact these control
+ * commands wouldn't be "executable" (ie. usable by text-based config)
+ * doesn't change the fact that application code can find and use them
+ * without requiring per-ENGINE hacking.
+ */
+
+/*
+ * These flags are used to tell the ctrl function what should be done. All
+ * command numbers are shared between all engines, even if some don't make
+ * sense to some engines.  In such a case, they do nothing but return the
+ * error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED.
+ */
+# define ENGINE_CTRL_SET_LOGSTREAM               1
+# define ENGINE_CTRL_SET_PASSWORD_CALLBACK       2
+# define ENGINE_CTRL_HUP                         3/* Close and reinitialise
+                                                   * any handles/connections
+                                                   * etc. */
+# define ENGINE_CTRL_SET_USER_INTERFACE          4/* Alternative to callback */
+# define ENGINE_CTRL_SET_CALLBACK_DATA           5/* User-specific data, used
+                                                   * when calling the password
+                                                   * callback and the user
+                                                   * interface */
+# define ENGINE_CTRL_LOAD_CONFIGURATION          6/* Load a configuration,
+                                                   * given a string that
+                                                   * represents a file name
+                                                   * or so */
+# define ENGINE_CTRL_LOAD_SECTION                7/* Load data from a given
+                                                   * section in the already
+                                                   * loaded configuration */
+
+/*
+ * These control commands allow an application to deal with an arbitrary
+ * engine in a dynamic way. Warn: Negative return values indicate errors FOR
+ * THESE COMMANDS because zero is used to indicate 'end-of-list'. Other
+ * commands, including ENGINE-specific command types, return zero for an
+ * error. An ENGINE can choose to implement these ctrl functions, and can
+ * internally manage things however it chooses - it does so by setting the
+ * ENGINE_FLAGS_MANUAL_CMD_CTRL flag (using ENGINE_set_flags()). Otherwise
+ * the ENGINE_ctrl() code handles this on the ENGINE's behalf using the
+ * cmd_defns data (set using ENGINE_set_cmd_defns()). This means an ENGINE's
+ * ctrl() handler need only implement its own commands - the above "meta"
+ * commands will be taken care of.
+ */
+
+/*
+ * Returns non-zero if the supplied ENGINE has a ctrl() handler. If "not",
+ * then all the remaining control commands will return failure, so it is
+ * worth checking this first if the caller is trying to "discover" the
+ * engine's capabilities and doesn't want errors generated unnecessarily.
+ */
+# define ENGINE_CTRL_HAS_CTRL_FUNCTION           10
+/*
+ * Returns a positive command number for the first command supported by the
+ * engine. Returns zero if no ctrl commands are supported.
+ */
+# define ENGINE_CTRL_GET_FIRST_CMD_TYPE          11
+/*
+ * The 'long' argument specifies a command implemented by the engine, and the
+ * return value is the next command supported, or zero if there are no more.
+ */
+# define ENGINE_CTRL_GET_NEXT_CMD_TYPE           12
+/*
+ * The 'void*' argument is a command name (cast from 'const char *'), and the
+ * return value is the command that corresponds to it.
+ */
+# define ENGINE_CTRL_GET_CMD_FROM_NAME           13
+/*
+ * The next two allow a command to be converted into its corresponding string
+ * form. In each case, the 'long' argument supplies the command. In the
+ * NAME_LEN case, the return value is the length of the command name (not
+ * counting a trailing EOL). In the NAME case, the 'void*' argument must be a
+ * string buffer large enough, and it will be populated with the name of the
+ * command (WITH a trailing EOL).
+ */
+# define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD       14
+# define ENGINE_CTRL_GET_NAME_FROM_CMD           15
+/* The next two are similar but give a "short description" of a command. */
+# define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD       16
+# define ENGINE_CTRL_GET_DESC_FROM_CMD           17
+/*
+ * With this command, the return value is the OR'd combination of
+ * ENGINE_CMD_FLAG_*** values that indicate what kind of input a given
+ * engine-specific ctrl command expects.
+ */
+# define ENGINE_CTRL_GET_CMD_FLAGS               18
+
+/*
+ * ENGINE implementations should start the numbering of their own control
+ * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc).
+ */
+# define ENGINE_CMD_BASE                         200
+
+/*
+ * NB: These 2 nCipher "chil" control commands are deprecated, and their
+ * functionality is now available through ENGINE-specific control commands
+ * (exposed through the above-mentioned 'CMD'-handling). Code using these 2
+ * commands should be migrated to the more general command handling before
+ * these are removed.
+ */
+
+/* Flags specific to the nCipher "chil" engine */
+# define ENGINE_CTRL_CHIL_SET_FORKCHECK          100
+        /*
+         * Depending on the value of the (long)i argument, this sets or
+         * unsets the SimpleForkCheck flag in the CHIL API to enable or
+         * disable checking and workarounds for applications that fork().
+         */
+# define ENGINE_CTRL_CHIL_NO_LOCKING             101
+        /*
+         * This prevents the initialisation function from providing mutex
+         * callbacks to the nCipher library.
+         */
+
+/*
+ * If an ENGINE supports its own specific control commands and wishes the
+ * framework to handle the above 'ENGINE_CMD_***'-manipulation commands on
+ * its behalf, it should supply a null-terminated array of ENGINE_CMD_DEFN
+ * entries to ENGINE_set_cmd_defns(). It should also implement a ctrl()
+ * handler that supports the stated commands (ie. the "cmd_num" entries as
+ * described by the array). NB: The array must be ordered in increasing order
+ * of cmd_num. "null-terminated" means that the last ENGINE_CMD_DEFN element
+ * has cmd_num set to zero and/or cmd_name set to NULL.
+ */
+typedef struct ENGINE_CMD_DEFN_st {
+    unsigned int cmd_num;       /* The command number */
+    const char *cmd_name;       /* The command name itself */
+    const char *cmd_desc;       /* A short description of the command */
+    unsigned int cmd_flags;     /* The input the command expects */
+} ENGINE_CMD_DEFN;
+
+/* Generic function pointer */
+typedef int (*ENGINE_GEN_FUNC_PTR) (void);
+/* Generic function pointer taking no arguments */
+typedef int (*ENGINE_GEN_INT_FUNC_PTR) (ENGINE *);
+/* Specific control function pointer */
+typedef int (*ENGINE_CTRL_FUNC_PTR) (ENGINE *, int, long, void *,
+                                     void (*f) (void));
+/* Generic load_key function pointer */
+typedef EVP_PKEY *(*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *,
+                                         UI_METHOD *ui_method,
+                                         void *callback_data);
+typedef int (*ENGINE_SSL_CLIENT_CERT_PTR) (ENGINE *, SSL *ssl,
+                                           STACK_OF(X509_NAME) *ca_dn,
+                                           X509 **pcert, EVP_PKEY **pkey,
+                                           STACK_OF(X509) **pother,
+                                           UI_METHOD *ui_method,
+                                           void *callback_data);
+/*-
+ * These callback types are for an ENGINE's handler for cipher and digest logic.
+ * These handlers have these prototypes;
+ *   int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid);
+ *   int foo(ENGINE *e, const EVP_MD **digest, const int **nids, int nid);
+ * Looking at how to implement these handlers in the case of cipher support, if
+ * the framework wants the EVP_CIPHER for 'nid', it will call;
+ *   foo(e, &p_evp_cipher, NULL, nid);    (return zero for failure)
+ * If the framework wants a list of supported 'nid's, it will call;
+ *   foo(e, NULL, &p_nids, 0); (returns number of 'nids' or -1 for error)
+ */
+/*
+ * Returns to a pointer to the array of supported cipher 'nid's. If the
+ * second parameter is non-NULL it is set to the size of the returned array.
+ */
+typedef int (*ENGINE_CIPHERS_PTR) (ENGINE *, const EVP_CIPHER **,
+                                   const int **, int);
+typedef int (*ENGINE_DIGESTS_PTR) (ENGINE *, const EVP_MD **, const int **,
+                                   int);
+typedef int (*ENGINE_PKEY_METHS_PTR) (ENGINE *, EVP_PKEY_METHOD **,
+                                      const int **, int);
+typedef int (*ENGINE_PKEY_ASN1_METHS_PTR) (ENGINE *, EVP_PKEY_ASN1_METHOD **,
+                                           const int **, int);
+/*
+ * STRUCTURE functions ... all of these functions deal with pointers to
+ * ENGINE structures where the pointers have a "structural reference". This
+ * means that their reference is to allowed access to the structure but it
+ * does not imply that the structure is functional. To simply increment or
+ * decrement the structural reference count, use ENGINE_by_id and
+ * ENGINE_free. NB: This is not required when iterating using ENGINE_get_next
+ * as it will automatically decrement the structural reference count of the
+ * "current" ENGINE and increment the structural reference count of the
+ * ENGINE it returns (unless it is NULL).
+ */
+
+/* Get the first/last "ENGINE" type available. */
+ENGINE *ENGINE_get_first(void);
+ENGINE *ENGINE_get_last(void);
+/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */
+ENGINE *ENGINE_get_next(ENGINE *e);
+ENGINE *ENGINE_get_prev(ENGINE *e);
+/* Add another "ENGINE" type into the array. */
+int ENGINE_add(ENGINE *e);
+/* Remove an existing "ENGINE" type from the array. */
+int ENGINE_remove(ENGINE *e);
+/* Retrieve an engine from the list by its unique "id" value. */
+ENGINE *ENGINE_by_id(const char *id);
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define ENGINE_load_openssl() \
+    OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_OPENSSL, NULL)
+# define ENGINE_load_dynamic() \
+    OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_DYNAMIC, NULL)
+# ifndef OPENSSL_NO_STATIC_ENGINE
+#  define ENGINE_load_padlock() \
+    OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_PADLOCK, NULL)
+#  define ENGINE_load_capi() \
+    OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_CAPI, NULL)
+#  define ENGINE_load_afalg() \
+    OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_AFALG, NULL)
+# endif
+# define ENGINE_load_cryptodev() \
+    OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_CRYPTODEV, NULL)
+# define ENGINE_load_rdrand() \
+    OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_RDRAND, NULL)
+#endif
+void ENGINE_load_builtin_engines(void);
+
+/*
+ * Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
+ * "registry" handling.
+ */
+unsigned int ENGINE_get_table_flags(void);
+void ENGINE_set_table_flags(unsigned int flags);
+
+/*- Manage registration of ENGINEs per "table". For each type, there are 3
+ * functions;
+ *   ENGINE_register_***(e) - registers the implementation from 'e' (if it has one)
+ *   ENGINE_unregister_***(e) - unregister the implementation from 'e'
+ *   ENGINE_register_all_***() - call ENGINE_register_***() for each 'e' in the list
+ * Cleanup is automatically registered from each table when required.
+ */
+
+int ENGINE_register_RSA(ENGINE *e);
+void ENGINE_unregister_RSA(ENGINE *e);
+void ENGINE_register_all_RSA(void);
+
+int ENGINE_register_DSA(ENGINE *e);
+void ENGINE_unregister_DSA(ENGINE *e);
+void ENGINE_register_all_DSA(void);
+
+int ENGINE_register_EC(ENGINE *e);
+void ENGINE_unregister_EC(ENGINE *e);
+void ENGINE_register_all_EC(void);
+
+int ENGINE_register_DH(ENGINE *e);
+void ENGINE_unregister_DH(ENGINE *e);
+void ENGINE_register_all_DH(void);
+
+int ENGINE_register_RAND(ENGINE *e);
+void ENGINE_unregister_RAND(ENGINE *e);
+void ENGINE_register_all_RAND(void);
+
+int ENGINE_register_ciphers(ENGINE *e);
+void ENGINE_unregister_ciphers(ENGINE *e);
+void ENGINE_register_all_ciphers(void);
+
+int ENGINE_register_digests(ENGINE *e);
+void ENGINE_unregister_digests(ENGINE *e);
+void ENGINE_register_all_digests(void);
+
+int ENGINE_register_pkey_meths(ENGINE *e);
+void ENGINE_unregister_pkey_meths(ENGINE *e);
+void ENGINE_register_all_pkey_meths(void);
+
+int ENGINE_register_pkey_asn1_meths(ENGINE *e);
+void ENGINE_unregister_pkey_asn1_meths(ENGINE *e);
+void ENGINE_register_all_pkey_asn1_meths(void);
+
+/*
+ * These functions register all support from the above categories. Note, use
+ * of these functions can result in static linkage of code your application
+ * may not need. If you only need a subset of functionality, consider using
+ * more selective initialisation.
+ */
+int ENGINE_register_complete(ENGINE *e);
+int ENGINE_register_all_complete(void);
+
+/*
+ * Send parameterised control commands to the engine. The possibilities to
+ * send down an integer, a pointer to data or a function pointer are
+ * provided. Any of the parameters may or may not be NULL, depending on the
+ * command number. In actuality, this function only requires a structural
+ * (rather than functional) reference to an engine, but many control commands
+ * may require the engine be functional. The caller should be aware of trying
+ * commands that require an operational ENGINE, and only use functional
+ * references in such situations.
+ */
+int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void));
+
+/*
+ * This function tests if an ENGINE-specific command is usable as a
+ * "setting". Eg. in an application's config file that gets processed through
+ * ENGINE_ctrl_cmd_string(). If this returns zero, it is not available to
+ * ENGINE_ctrl_cmd_string(), only ENGINE_ctrl().
+ */
+int ENGINE_cmd_is_executable(ENGINE *e, int cmd);
+
+/*
+ * This function works like ENGINE_ctrl() with the exception of taking a
+ * command name instead of a command number, and can handle optional
+ * commands. See the comment on ENGINE_ctrl_cmd_string() for an explanation
+ * on how to use the cmd_name and cmd_optional.
+ */
+int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
+                    long i, void *p, void (*f) (void), int cmd_optional);
+
+/*
+ * This function passes a command-name and argument to an ENGINE. The
+ * cmd_name is converted to a command number and the control command is
+ * called using 'arg' as an argument (unless the ENGINE doesn't support such
+ * a command, in which case no control command is called). The command is
+ * checked for input flags, and if necessary the argument will be converted
+ * to a numeric value. If cmd_optional is non-zero, then if the ENGINE
+ * doesn't support the given cmd_name the return value will be success
+ * anyway. This function is intended for applications to use so that users
+ * (or config files) can supply engine-specific config data to the ENGINE at
+ * run-time to control behaviour of specific engines. As such, it shouldn't
+ * be used for calling ENGINE_ctrl() functions that return data, deal with
+ * binary data, or that are otherwise supposed to be used directly through
+ * ENGINE_ctrl() in application code. Any "return" data from an ENGINE_ctrl()
+ * operation in this function will be lost - the return value is interpreted
+ * as failure if the return value is zero, success otherwise, and this
+ * function returns a boolean value as a result. In other words, vendors of
+ * 'ENGINE'-enabled devices should write ENGINE implementations with
+ * parameterisations that work in this scheme, so that compliant ENGINE-based
+ * applications can work consistently with the same configuration for the
+ * same ENGINE-enabled devices, across applications.
+ */
+int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
+                           int cmd_optional);
+
+/*
+ * These functions are useful for manufacturing new ENGINE structures. They
+ * don't address reference counting at all - one uses them to populate an
+ * ENGINE structure with personalised implementations of things prior to
+ * using it directly or adding it to the builtin ENGINE list in OpenSSL.
+ * These are also here so that the ENGINE structure doesn't have to be
+ * exposed and break binary compatibility!
+ */
+ENGINE *ENGINE_new(void);
+int ENGINE_free(ENGINE *e);
+int ENGINE_up_ref(ENGINE *e);
+int ENGINE_set_id(ENGINE *e, const char *id);
+int ENGINE_set_name(ENGINE *e, const char *name);
+int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
+int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
+int ENGINE_set_EC(ENGINE *e, const EC_KEY_METHOD *ecdsa_meth);
+int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth);
+int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth);
+int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f);
+int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f);
+int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
+int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
+int ENGINE_set_load_privkey_function(ENGINE *e,
+                                     ENGINE_LOAD_KEY_PTR loadpriv_f);
+int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f);
+int ENGINE_set_load_ssl_client_cert_function(ENGINE *e,
+                                             ENGINE_SSL_CLIENT_CERT_PTR
+                                             loadssl_f);
+int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);
+int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);
+int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f);
+int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f);
+int ENGINE_set_flags(ENGINE *e, int flags);
+int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns);
+/* These functions allow control over any per-structure ENGINE data. */
+#define ENGINE_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, l, p, newf, dupf, freef)
+int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg);
+void *ENGINE_get_ex_data(const ENGINE *e, int idx);
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+/*
+ * This function previously cleaned up anything that needs it. Auto-deinit will
+ * now take care of it so it is no longer required to call this function.
+ */
+# define ENGINE_cleanup() while(0) continue
+#endif
+
+/*
+ * These return values from within the ENGINE structure. These can be useful
+ * with functional references as well as structural references - it depends
+ * which you obtained. Using the result for functional purposes if you only
+ * obtained a structural reference may be problematic!
+ */
+const char *ENGINE_get_id(const ENGINE *e);
+const char *ENGINE_get_name(const ENGINE *e);
+const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e);
+const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e);
+const EC_KEY_METHOD *ENGINE_get_EC(const ENGINE *e);
+const DH_METHOD *ENGINE_get_DH(const ENGINE *e);
+const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e);
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e);
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e);
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e);
+ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e);
+ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e);
+ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e);
+ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE
+                                                               *e);
+ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e);
+ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e);
+ENGINE_PKEY_METHS_PTR ENGINE_get_pkey_meths(const ENGINE *e);
+ENGINE_PKEY_ASN1_METHS_PTR ENGINE_get_pkey_asn1_meths(const ENGINE *e);
+const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid);
+const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid);
+const EVP_PKEY_METHOD *ENGINE_get_pkey_meth(ENGINE *e, int nid);
+const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid);
+const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e,
+                                                          const char *str,
+                                                          int len);
+const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe,
+                                                      const char *str,
+                                                      int len);
+const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e);
+int ENGINE_get_flags(const ENGINE *e);
+
+/*
+ * FUNCTIONAL functions. These functions deal with ENGINE structures that
+ * have (or will) be initialised for use. Broadly speaking, the structural
+ * functions are useful for iterating the list of available engine types,
+ * creating new engine types, and other "list" operations. These functions
+ * actually deal with ENGINEs that are to be used. As such these functions
+ * can fail (if applicable) when particular engines are unavailable - eg. if
+ * a hardware accelerator is not attached or not functioning correctly. Each
+ * ENGINE has 2 reference counts; structural and functional. Every time a
+ * functional reference is obtained or released, a corresponding structural
+ * reference is automatically obtained or released too.
+ */
+
+/*
+ * Initialise a engine type for use (or up its reference count if it's
+ * already in use). This will fail if the engine is not currently operational
+ * and cannot initialise.
+ */
+int ENGINE_init(ENGINE *e);
+/*
+ * Free a functional reference to a engine type. This does not require a
+ * corresponding call to ENGINE_free as it also releases a structural
+ * reference.
+ */
+int ENGINE_finish(ENGINE *e);
+
+/*
+ * The following functions handle keys that are stored in some secondary
+ * location, handled by the engine.  The storage may be on a card or
+ * whatever.
+ */
+EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
+                                  UI_METHOD *ui_method, void *callback_data);
+EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
+                                 UI_METHOD *ui_method, void *callback_data);
+int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
+                                STACK_OF(X509_NAME) *ca_dn, X509 **pcert,
+                                EVP_PKEY **ppkey, STACK_OF(X509) **pother,
+                                UI_METHOD *ui_method, void *callback_data);
+
+/*
+ * This returns a pointer for the current ENGINE structure that is (by
+ * default) performing any RSA operations. The value returned is an
+ * incremented reference, so it should be free'd (ENGINE_finish) before it is
+ * discarded.
+ */
+ENGINE *ENGINE_get_default_RSA(void);
+/* Same for the other "methods" */
+ENGINE *ENGINE_get_default_DSA(void);
+ENGINE *ENGINE_get_default_EC(void);
+ENGINE *ENGINE_get_default_DH(void);
+ENGINE *ENGINE_get_default_RAND(void);
+/*
+ * These functions can be used to get a functional reference to perform
+ * ciphering or digesting corresponding to "nid".
+ */
+ENGINE *ENGINE_get_cipher_engine(int nid);
+ENGINE *ENGINE_get_digest_engine(int nid);
+ENGINE *ENGINE_get_pkey_meth_engine(int nid);
+ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid);
+
+/*
+ * This sets a new default ENGINE structure for performing RSA operations. If
+ * the result is non-zero (success) then the ENGINE structure will have had
+ * its reference count up'd so the caller should still free their own
+ * reference 'e'.
+ */
+int ENGINE_set_default_RSA(ENGINE *e);
+int ENGINE_set_default_string(ENGINE *e, const char *def_list);
+/* Same for the other "methods" */
+int ENGINE_set_default_DSA(ENGINE *e);
+int ENGINE_set_default_EC(ENGINE *e);
+int ENGINE_set_default_DH(ENGINE *e);
+int ENGINE_set_default_RAND(ENGINE *e);
+int ENGINE_set_default_ciphers(ENGINE *e);
+int ENGINE_set_default_digests(ENGINE *e);
+int ENGINE_set_default_pkey_meths(ENGINE *e);
+int ENGINE_set_default_pkey_asn1_meths(ENGINE *e);
+
+/*
+ * The combination "set" - the flags are bitwise "OR"d from the
+ * ENGINE_METHOD_*** defines above. As with the "ENGINE_register_complete()"
+ * function, this function can result in unnecessary static linkage. If your
+ * application requires only specific functionality, consider using more
+ * selective functions.
+ */
+int ENGINE_set_default(ENGINE *e, unsigned int flags);
+
+void ENGINE_add_conf_module(void);
+
+/* Deprecated functions ... */
+/* int ENGINE_clear_defaults(void); */
+
+/**************************/
+/* DYNAMIC ENGINE SUPPORT */
+/**************************/
+
+/* Binary/behaviour compatibility levels */
+# define OSSL_DYNAMIC_VERSION            (unsigned long)0x00030000
+/*
+ * Binary versions older than this are too old for us (whether we're a loader
+ * or a loadee)
+ */
+# define OSSL_DYNAMIC_OLDEST             (unsigned long)0x00030000
+
+/*
+ * When compiling an ENGINE entirely as an external shared library, loadable
+ * by the "dynamic" ENGINE, these types are needed. The 'dynamic_fns'
+ * structure type provides the calling application's (or library's) error
+ * functionality and memory management function pointers to the loaded
+ * library. These should be used/set in the loaded library code so that the
+ * loading application's 'state' will be used/changed in all operations. The
+ * 'static_state' pointer allows the loaded library to know if it shares the
+ * same static data as the calling application (or library), and thus whether
+ * these callbacks need to be set or not.
+ */
+typedef void *(*dyn_MEM_malloc_fn) (size_t, const char *, int);
+typedef void *(*dyn_MEM_realloc_fn) (void *, size_t, const char *, int);
+typedef void (*dyn_MEM_free_fn) (void *, const char *, int);
+typedef struct st_dynamic_MEM_fns {
+    dyn_MEM_malloc_fn malloc_fn;
+    dyn_MEM_realloc_fn realloc_fn;
+    dyn_MEM_free_fn free_fn;
+} dynamic_MEM_fns;
+/*
+ * FIXME: Perhaps the memory and locking code (crypto.h) should declare and
+ * use these types so we (and any other dependent code) can simplify a bit??
+ */
+/* The top-level structure */
+typedef struct st_dynamic_fns {
+    void *static_state;
+    dynamic_MEM_fns mem_fns;
+} dynamic_fns;
+
+/*
+ * The version checking function should be of this prototype. NB: The
+ * ossl_version value passed in is the OSSL_DYNAMIC_VERSION of the loading
+ * code. If this function returns zero, it indicates a (potential) version
+ * incompatibility and the loaded library doesn't believe it can proceed.
+ * Otherwise, the returned value is the (latest) version supported by the
+ * loading library. The loader may still decide that the loaded code's
+ * version is unsatisfactory and could veto the load. The function is
+ * expected to be implemented with the symbol name "v_check", and a default
+ * implementation can be fully instantiated with
+ * IMPLEMENT_DYNAMIC_CHECK_FN().
+ */
+typedef unsigned long (*dynamic_v_check_fn) (unsigned long ossl_version);
+# define IMPLEMENT_DYNAMIC_CHECK_FN() \
+        OPENSSL_EXPORT unsigned long v_check(unsigned long v); \
+        OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \
+                if (v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \
+                return 0; }
+
+/*
+ * This function is passed the ENGINE structure to initialise with its own
+ * function and command settings. It should not adjust the structural or
+ * functional reference counts. If this function returns zero, (a) the load
+ * will be aborted, (b) the previous ENGINE state will be memcpy'd back onto
+ * the structure, and (c) the shared library will be unloaded. So
+ * implementations should do their own internal cleanup in failure
+ * circumstances otherwise they could leak. The 'id' parameter, if non-NULL,
+ * represents the ENGINE id that the loader is looking for. If this is NULL,
+ * the shared library can choose to return failure or to initialise a
+ * 'default' ENGINE. If non-NULL, the shared library must initialise only an
+ * ENGINE matching the passed 'id'. The function is expected to be
+ * implemented with the symbol name "bind_engine". A standard implementation
+ * can be instantiated with IMPLEMENT_DYNAMIC_BIND_FN(fn) where the parameter
+ * 'fn' is a callback function that populates the ENGINE structure and
+ * returns an int value (zero for failure). 'fn' should have prototype;
+ * [static] int fn(ENGINE *e, const char *id);
+ */
+typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id,
+                                    const dynamic_fns *fns);
+# define IMPLEMENT_DYNAMIC_BIND_FN(fn) \
+        OPENSSL_EXPORT \
+        int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); \
+        OPENSSL_EXPORT \
+        int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \
+            if (ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \
+            CRYPTO_set_mem_functions(fns->mem_fns.malloc_fn, \
+                                     fns->mem_fns.realloc_fn, \
+                                     fns->mem_fns.free_fn); \
+        skip_cbs: \
+            if (!fn(e, id)) return 0; \
+            return 1; }
+
+/*
+ * If the loading application (or library) and the loaded ENGINE library
+ * share the same static data (eg. they're both dynamically linked to the
+ * same libcrypto.so) we need a way to avoid trying to set system callbacks -
+ * this would fail, and for the same reason that it's unnecessary to try. If
+ * the loaded ENGINE has (or gets from through the loader) its own copy of
+ * the libcrypto static data, we will need to set the callbacks. The easiest
+ * way to detect this is to have a function that returns a pointer to some
+ * static data and let the loading application and loaded ENGINE compare
+ * their respective values.
+ */
+void *ENGINE_get_static_state(void);
+
+# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__DragonFly__)
+DEPRECATEDIN_1_1_0(void ENGINE_setup_bsd_cryptodev(void))
+# endif
+
+
+#  ifdef  __cplusplus
+}
+#  endif
+# endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/engineerr.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/engineerr.h
new file mode 100644
index 000000000..b4c036b21
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/engineerr.h
@@ -0,0 +1,107 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_ENGINEERR_H
+# define HEADER_ENGINEERR_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_ENGINE
+
+#  ifdef  __cplusplus
+extern "C"
+#  endif
+int ERR_load_ENGINE_strings(void);
+
+/*
+ * ENGINE function codes.
+ */
+#  define ENGINE_F_DIGEST_UPDATE                           198
+#  define ENGINE_F_DYNAMIC_CTRL                            180
+#  define ENGINE_F_DYNAMIC_GET_DATA_CTX                    181
+#  define ENGINE_F_DYNAMIC_LOAD                            182
+#  define ENGINE_F_DYNAMIC_SET_DATA_CTX                    183
+#  define ENGINE_F_ENGINE_ADD                              105
+#  define ENGINE_F_ENGINE_BY_ID                            106
+#  define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE                170
+#  define ENGINE_F_ENGINE_CTRL                             142
+#  define ENGINE_F_ENGINE_CTRL_CMD                         178
+#  define ENGINE_F_ENGINE_CTRL_CMD_STRING                  171
+#  define ENGINE_F_ENGINE_FINISH                           107
+#  define ENGINE_F_ENGINE_GET_CIPHER                       185
+#  define ENGINE_F_ENGINE_GET_DIGEST                       186
+#  define ENGINE_F_ENGINE_GET_FIRST                        195
+#  define ENGINE_F_ENGINE_GET_LAST                         196
+#  define ENGINE_F_ENGINE_GET_NEXT                         115
+#  define ENGINE_F_ENGINE_GET_PKEY_ASN1_METH               193
+#  define ENGINE_F_ENGINE_GET_PKEY_METH                    192
+#  define ENGINE_F_ENGINE_GET_PREV                         116
+#  define ENGINE_F_ENGINE_INIT                             119
+#  define ENGINE_F_ENGINE_LIST_ADD                         120
+#  define ENGINE_F_ENGINE_LIST_REMOVE                      121
+#  define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY                 150
+#  define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY                  151
+#  define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT             194
+#  define ENGINE_F_ENGINE_NEW                              122
+#  define ENGINE_F_ENGINE_PKEY_ASN1_FIND_STR               197
+#  define ENGINE_F_ENGINE_REMOVE                           123
+#  define ENGINE_F_ENGINE_SET_DEFAULT_STRING               189
+#  define ENGINE_F_ENGINE_SET_ID                           129
+#  define ENGINE_F_ENGINE_SET_NAME                         130
+#  define ENGINE_F_ENGINE_TABLE_REGISTER                   184
+#  define ENGINE_F_ENGINE_UNLOCKED_FINISH                  191
+#  define ENGINE_F_ENGINE_UP_REF                           190
+#  define ENGINE_F_INT_CLEANUP_ITEM                        199
+#  define ENGINE_F_INT_CTRL_HELPER                         172
+#  define ENGINE_F_INT_ENGINE_CONFIGURE                    188
+#  define ENGINE_F_INT_ENGINE_MODULE_INIT                  187
+#  define ENGINE_F_OSSL_HMAC_INIT                          200
+
+/*
+ * ENGINE reason codes.
+ */
+#  define ENGINE_R_ALREADY_LOADED                          100
+#  define ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER                133
+#  define ENGINE_R_CMD_NOT_EXECUTABLE                      134
+#  define ENGINE_R_COMMAND_TAKES_INPUT                     135
+#  define ENGINE_R_COMMAND_TAKES_NO_INPUT                  136
+#  define ENGINE_R_CONFLICTING_ENGINE_ID                   103
+#  define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED            119
+#  define ENGINE_R_DSO_FAILURE                             104
+#  define ENGINE_R_DSO_NOT_FOUND                           132
+#  define ENGINE_R_ENGINES_SECTION_ERROR                   148
+#  define ENGINE_R_ENGINE_CONFIGURATION_ERROR              102
+#  define ENGINE_R_ENGINE_IS_NOT_IN_LIST                   105
+#  define ENGINE_R_ENGINE_SECTION_ERROR                    149
+#  define ENGINE_R_FAILED_LOADING_PRIVATE_KEY              128
+#  define ENGINE_R_FAILED_LOADING_PUBLIC_KEY               129
+#  define ENGINE_R_FINISH_FAILED                           106
+#  define ENGINE_R_ID_OR_NAME_MISSING                      108
+#  define ENGINE_R_INIT_FAILED                             109
+#  define ENGINE_R_INTERNAL_LIST_ERROR                     110
+#  define ENGINE_R_INVALID_ARGUMENT                        143
+#  define ENGINE_R_INVALID_CMD_NAME                        137
+#  define ENGINE_R_INVALID_CMD_NUMBER                      138
+#  define ENGINE_R_INVALID_INIT_VALUE                      151
+#  define ENGINE_R_INVALID_STRING                          150
+#  define ENGINE_R_NOT_INITIALISED                         117
+#  define ENGINE_R_NOT_LOADED                              112
+#  define ENGINE_R_NO_CONTROL_FUNCTION                     120
+#  define ENGINE_R_NO_INDEX                                144
+#  define ENGINE_R_NO_LOAD_FUNCTION                        125
+#  define ENGINE_R_NO_REFERENCE                            130
+#  define ENGINE_R_NO_SUCH_ENGINE                          116
+#  define ENGINE_R_UNIMPLEMENTED_CIPHER                    146
+#  define ENGINE_R_UNIMPLEMENTED_DIGEST                    147
+#  define ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD         101
+#  define ENGINE_R_VERSION_INCOMPATIBILITY                 145
+
+# endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/err.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/err.h
new file mode 100644
index 000000000..6cae1a365
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/err.h
@@ -0,0 +1,273 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_ERR_H
+# define HEADER_ERR_H
+
+# include <openssl/e_os2.h>
+
+# ifndef OPENSSL_NO_STDIO
+#  include <stdio.h>
+#  include <stdlib.h>
+# endif
+
+# include <openssl/ossl_typ.h>
+# include <openssl/bio.h>
+# include <openssl/lhash.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# ifndef OPENSSL_NO_ERR
+#  define ERR_PUT_error(a,b,c,d,e)        ERR_put_error(a,b,c,d,e)
+# else
+#  define ERR_PUT_error(a,b,c,d,e)        ERR_put_error(a,b,c,NULL,0)
+# endif
+
+# include <errno.h>
+
+# define ERR_TXT_MALLOCED        0x01
+# define ERR_TXT_STRING          0x02
+
+# define ERR_FLAG_MARK           0x01
+
+# define ERR_NUM_ERRORS  16
+typedef struct err_state_st {
+    int err_flags[ERR_NUM_ERRORS];
+    unsigned long err_buffer[ERR_NUM_ERRORS];
+    char *err_data[ERR_NUM_ERRORS];
+    int err_data_flags[ERR_NUM_ERRORS];
+    const char *err_file[ERR_NUM_ERRORS];
+    int err_line[ERR_NUM_ERRORS];
+    int top, bottom;
+} ERR_STATE;
+
+/* library */
+# define ERR_LIB_NONE            1
+# define ERR_LIB_SYS             2
+# define ERR_LIB_BN              3
+# define ERR_LIB_RSA             4
+# define ERR_LIB_DH              5
+# define ERR_LIB_EVP             6
+# define ERR_LIB_BUF             7
+# define ERR_LIB_OBJ             8
+# define ERR_LIB_PEM             9
+# define ERR_LIB_DSA             10
+# define ERR_LIB_X509            11
+/* #define ERR_LIB_METH         12 */
+# define ERR_LIB_ASN1            13
+# define ERR_LIB_CONF            14
+# define ERR_LIB_CRYPTO          15
+# define ERR_LIB_EC              16
+# define ERR_LIB_SSL             20
+/* #define ERR_LIB_SSL23        21 */
+/* #define ERR_LIB_SSL2         22 */
+/* #define ERR_LIB_SSL3         23 */
+/* #define ERR_LIB_RSAREF       30 */
+/* #define ERR_LIB_PROXY        31 */
+# define ERR_LIB_BIO             32
+# define ERR_LIB_PKCS7           33
+# define ERR_LIB_X509V3          34
+# define ERR_LIB_PKCS12          35
+# define ERR_LIB_RAND            36
+# define ERR_LIB_DSO             37
+# define ERR_LIB_ENGINE          38
+# define ERR_LIB_OCSP            39
+# define ERR_LIB_UI              40
+# define ERR_LIB_COMP            41
+# define ERR_LIB_ECDSA           42
+# define ERR_LIB_ECDH            43
+# define ERR_LIB_OSSL_STORE      44
+# define ERR_LIB_FIPS            45
+# define ERR_LIB_CMS             46
+# define ERR_LIB_TS              47
+# define ERR_LIB_HMAC            48
+/* # define ERR_LIB_JPAKE       49 */
+# define ERR_LIB_CT              50
+# define ERR_LIB_ASYNC           51
+# define ERR_LIB_KDF             52
+# define ERR_LIB_SM2             53
+
+# define ERR_LIB_USER            128
+
+# define SYSerr(f,r)  ERR_PUT_error(ERR_LIB_SYS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define BNerr(f,r)   ERR_PUT_error(ERR_LIB_BN,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define RSAerr(f,r)  ERR_PUT_error(ERR_LIB_RSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define DHerr(f,r)   ERR_PUT_error(ERR_LIB_DH,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define EVPerr(f,r)  ERR_PUT_error(ERR_LIB_EVP,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define BUFerr(f,r)  ERR_PUT_error(ERR_LIB_BUF,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define OBJerr(f,r)  ERR_PUT_error(ERR_LIB_OBJ,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define PEMerr(f,r)  ERR_PUT_error(ERR_LIB_PEM,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define DSAerr(f,r)  ERR_PUT_error(ERR_LIB_DSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define ECerr(f,r)   ERR_PUT_error(ERR_LIB_EC,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define SSLerr(f,r)  ERR_PUT_error(ERR_LIB_SSL,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define BIOerr(f,r)  ERR_PUT_error(ERR_LIB_BIO,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define ECDSAerr(f,r)  ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define ECDHerr(f,r)  ERR_PUT_error(ERR_LIB_ECDH,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define OSSL_STOREerr(f,r) ERR_PUT_error(ERR_LIB_OSSL_STORE,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define CTerr(f,r) ERR_PUT_error(ERR_LIB_CT,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define ASYNCerr(f,r) ERR_PUT_error(ERR_LIB_ASYNC,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define KDFerr(f,r) ERR_PUT_error(ERR_LIB_KDF,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define SM2err(f,r) ERR_PUT_error(ERR_LIB_SM2,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+
+# define ERR_PACK(l,f,r) ( \
+        (((unsigned int)(l) & 0x0FF) << 24L) | \
+        (((unsigned int)(f) & 0xFFF) << 12L) | \
+        (((unsigned int)(r) & 0xFFF)       ) )
+# define ERR_GET_LIB(l)          (int)(((l) >> 24L) & 0x0FFL)
+# define ERR_GET_FUNC(l)         (int)(((l) >> 12L) & 0xFFFL)
+# define ERR_GET_REASON(l)       (int)( (l)         & 0xFFFL)
+# define ERR_FATAL_ERROR(l)      (int)( (l)         & ERR_R_FATAL)
+
+/* OS functions */
+# define SYS_F_FOPEN             1
+# define SYS_F_CONNECT           2
+# define SYS_F_GETSERVBYNAME     3
+# define SYS_F_SOCKET            4
+# define SYS_F_IOCTLSOCKET       5
+# define SYS_F_BIND              6
+# define SYS_F_LISTEN            7
+# define SYS_F_ACCEPT            8
+# define SYS_F_WSASTARTUP        9/* Winsock stuff */
+# define SYS_F_OPENDIR           10
+# define SYS_F_FREAD             11
+# define SYS_F_GETADDRINFO       12
+# define SYS_F_GETNAMEINFO       13
+# define SYS_F_SETSOCKOPT        14
+# define SYS_F_GETSOCKOPT        15
+# define SYS_F_GETSOCKNAME       16
+# define SYS_F_GETHOSTBYNAME     17
+# define SYS_F_FFLUSH            18
+# define SYS_F_OPEN              19
+# define SYS_F_CLOSE             20
+# define SYS_F_IOCTL             21
+# define SYS_F_STAT              22
+# define SYS_F_FCNTL             23
+# define SYS_F_FSTAT             24
+
+/* reasons */
+# define ERR_R_SYS_LIB   ERR_LIB_SYS/* 2 */
+# define ERR_R_BN_LIB    ERR_LIB_BN/* 3 */
+# define ERR_R_RSA_LIB   ERR_LIB_RSA/* 4 */
+# define ERR_R_DH_LIB    ERR_LIB_DH/* 5 */
+# define ERR_R_EVP_LIB   ERR_LIB_EVP/* 6 */
+# define ERR_R_BUF_LIB   ERR_LIB_BUF/* 7 */
+# define ERR_R_OBJ_LIB   ERR_LIB_OBJ/* 8 */
+# define ERR_R_PEM_LIB   ERR_LIB_PEM/* 9 */
+# define ERR_R_DSA_LIB   ERR_LIB_DSA/* 10 */
+# define ERR_R_X509_LIB  ERR_LIB_X509/* 11 */
+# define ERR_R_ASN1_LIB  ERR_LIB_ASN1/* 13 */
+# define ERR_R_EC_LIB    ERR_LIB_EC/* 16 */
+# define ERR_R_BIO_LIB   ERR_LIB_BIO/* 32 */
+# define ERR_R_PKCS7_LIB ERR_LIB_PKCS7/* 33 */
+# define ERR_R_X509V3_LIB ERR_LIB_X509V3/* 34 */
+# define ERR_R_ENGINE_LIB ERR_LIB_ENGINE/* 38 */
+# define ERR_R_UI_LIB    ERR_LIB_UI/* 40 */
+# define ERR_R_ECDSA_LIB ERR_LIB_ECDSA/* 42 */
+# define ERR_R_OSSL_STORE_LIB ERR_LIB_OSSL_STORE/* 44 */
+
+# define ERR_R_NESTED_ASN1_ERROR                 58
+# define ERR_R_MISSING_ASN1_EOS                  63
+
+/* fatal error */
+# define ERR_R_FATAL                             64
+# define ERR_R_MALLOC_FAILURE                    (1|ERR_R_FATAL)
+# define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED       (2|ERR_R_FATAL)
+# define ERR_R_PASSED_NULL_PARAMETER             (3|ERR_R_FATAL)
+# define ERR_R_INTERNAL_ERROR                    (4|ERR_R_FATAL)
+# define ERR_R_DISABLED                          (5|ERR_R_FATAL)
+# define ERR_R_INIT_FAIL                         (6|ERR_R_FATAL)
+# define ERR_R_PASSED_INVALID_ARGUMENT           (7)
+# define ERR_R_OPERATION_FAIL                    (8|ERR_R_FATAL)
+
+/*
+ * 99 is the maximum possible ERR_R_... code, higher values are reserved for
+ * the individual libraries
+ */
+
+typedef struct ERR_string_data_st {
+    unsigned long error;
+    const char *string;
+} ERR_STRING_DATA;
+
+DEFINE_LHASH_OF(ERR_STRING_DATA);
+
+void ERR_put_error(int lib, int func, int reason, const char *file, int line);
+void ERR_set_error_data(char *data, int flags);
+
+unsigned long ERR_get_error(void);
+unsigned long ERR_get_error_line(const char **file, int *line);
+unsigned long ERR_get_error_line_data(const char **file, int *line,
+                                      const char **data, int *flags);
+unsigned long ERR_peek_error(void);
+unsigned long ERR_peek_error_line(const char **file, int *line);
+unsigned long ERR_peek_error_line_data(const char **file, int *line,
+                                       const char **data, int *flags);
+unsigned long ERR_peek_last_error(void);
+unsigned long ERR_peek_last_error_line(const char **file, int *line);
+unsigned long ERR_peek_last_error_line_data(const char **file, int *line,
+                                            const char **data, int *flags);
+void ERR_clear_error(void);
+char *ERR_error_string(unsigned long e, char *buf);
+void ERR_error_string_n(unsigned long e, char *buf, size_t len);
+const char *ERR_lib_error_string(unsigned long e);
+const char *ERR_func_error_string(unsigned long e);
+const char *ERR_reason_error_string(unsigned long e);
+void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u),
+                         void *u);
+# ifndef OPENSSL_NO_STDIO
+void ERR_print_errors_fp(FILE *fp);
+# endif
+void ERR_print_errors(BIO *bp);
+void ERR_add_error_data(int num, ...);
+void ERR_add_error_vdata(int num, va_list args);
+int ERR_load_strings(int lib, ERR_STRING_DATA *str);
+int ERR_load_strings_const(const ERR_STRING_DATA *str);
+int ERR_unload_strings(int lib, ERR_STRING_DATA *str);
+int ERR_load_ERR_strings(void);
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define ERR_load_crypto_strings() \
+    OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL)
+# define ERR_free_strings() while(0) continue
+#endif
+
+DEPRECATEDIN_1_1_0(void ERR_remove_thread_state(void *))
+DEPRECATEDIN_1_0_0(void ERR_remove_state(unsigned long pid))
+ERR_STATE *ERR_get_state(void);
+
+int ERR_get_next_error_library(void);
+
+int ERR_set_mark(void);
+int ERR_pop_to_mark(void);
+int ERR_clear_last_mark(void);
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/evp.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/evp.h
new file mode 100644
index 000000000..9f05b5a3b
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/evp.h
@@ -0,0 +1,1633 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_ENVELOPE_H
+# define HEADER_ENVELOPE_H
+
+# include <openssl/opensslconf.h>
+# include <openssl/ossl_typ.h>
+# include <openssl/symhacks.h>
+# include <openssl/bio.h>
+# include <openssl/evperr.h>
+
+# define EVP_MAX_MD_SIZE                 64/* longest known is SHA512 */
+# define EVP_MAX_KEY_LENGTH              64
+# define EVP_MAX_IV_LENGTH               16
+# define EVP_MAX_BLOCK_LENGTH            32
+
+# define PKCS5_SALT_LEN                  8
+/* Default PKCS#5 iteration count */
+# define PKCS5_DEFAULT_ITER              2048
+
+# include <openssl/objects.h>
+
+# define EVP_PK_RSA      0x0001
+# define EVP_PK_DSA      0x0002
+# define EVP_PK_DH       0x0004
+# define EVP_PK_EC       0x0008
+# define EVP_PKT_SIGN    0x0010
+# define EVP_PKT_ENC     0x0020
+# define EVP_PKT_EXCH    0x0040
+# define EVP_PKS_RSA     0x0100
+# define EVP_PKS_DSA     0x0200
+# define EVP_PKS_EC      0x0400
+
+# define EVP_PKEY_NONE   NID_undef
+# define EVP_PKEY_RSA    NID_rsaEncryption
+# define EVP_PKEY_RSA2   NID_rsa
+# define EVP_PKEY_RSA_PSS NID_rsassaPss
+# define EVP_PKEY_DSA    NID_dsa
+# define EVP_PKEY_DSA1   NID_dsa_2
+# define EVP_PKEY_DSA2   NID_dsaWithSHA
+# define EVP_PKEY_DSA3   NID_dsaWithSHA1
+# define EVP_PKEY_DSA4   NID_dsaWithSHA1_2
+# define EVP_PKEY_DH     NID_dhKeyAgreement
+# define EVP_PKEY_DHX    NID_dhpublicnumber
+# define EVP_PKEY_EC     NID_X9_62_id_ecPublicKey
+# define EVP_PKEY_SM2    NID_sm2
+# define EVP_PKEY_HMAC   NID_hmac
+# define EVP_PKEY_CMAC   NID_cmac
+# define EVP_PKEY_SCRYPT NID_id_scrypt
+# define EVP_PKEY_TLS1_PRF NID_tls1_prf
+# define EVP_PKEY_HKDF   NID_hkdf
+# define EVP_PKEY_POLY1305 NID_poly1305
+# define EVP_PKEY_SIPHASH NID_siphash
+# define EVP_PKEY_X25519 NID_X25519
+# define EVP_PKEY_ED25519 NID_ED25519
+# define EVP_PKEY_X448 NID_X448
+# define EVP_PKEY_ED448 NID_ED448
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# define EVP_PKEY_MO_SIGN        0x0001
+# define EVP_PKEY_MO_VERIFY      0x0002
+# define EVP_PKEY_MO_ENCRYPT     0x0004
+# define EVP_PKEY_MO_DECRYPT     0x0008
+
+# ifndef EVP_MD
+EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type);
+EVP_MD *EVP_MD_meth_dup(const EVP_MD *md);
+void EVP_MD_meth_free(EVP_MD *md);
+
+int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize);
+int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize);
+int EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize);
+int EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags);
+int EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx));
+int EVP_MD_meth_set_update(EVP_MD *md, int (*update)(EVP_MD_CTX *ctx,
+                                                     const void *data,
+                                                     size_t count));
+int EVP_MD_meth_set_final(EVP_MD *md, int (*final)(EVP_MD_CTX *ctx,
+                                                   unsigned char *md));
+int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to,
+                                                 const EVP_MD_CTX *from));
+int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx));
+int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd,
+                                                 int p1, void *p2));
+
+int EVP_MD_meth_get_input_blocksize(const EVP_MD *md);
+int EVP_MD_meth_get_result_size(const EVP_MD *md);
+int EVP_MD_meth_get_app_datasize(const EVP_MD *md);
+unsigned long EVP_MD_meth_get_flags(const EVP_MD *md);
+int (*EVP_MD_meth_get_init(const EVP_MD *md))(EVP_MD_CTX *ctx);
+int (*EVP_MD_meth_get_update(const EVP_MD *md))(EVP_MD_CTX *ctx,
+                                                const void *data,
+                                                size_t count);
+int (*EVP_MD_meth_get_final(const EVP_MD *md))(EVP_MD_CTX *ctx,
+                                               unsigned char *md);
+int (*EVP_MD_meth_get_copy(const EVP_MD *md))(EVP_MD_CTX *to,
+                                              const EVP_MD_CTX *from);
+int (*EVP_MD_meth_get_cleanup(const EVP_MD *md))(EVP_MD_CTX *ctx);
+int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
+                                              int p1, void *p2);
+
+/* digest can only handle a single block */
+#  define EVP_MD_FLAG_ONESHOT     0x0001
+
+/* digest is extensible-output function, XOF */
+#  define EVP_MD_FLAG_XOF         0x0002
+
+/* DigestAlgorithmIdentifier flags... */
+
+#  define EVP_MD_FLAG_DIGALGID_MASK               0x0018
+
+/* NULL or absent parameter accepted. Use NULL */
+
+#  define EVP_MD_FLAG_DIGALGID_NULL               0x0000
+
+/* NULL or absent parameter accepted. Use NULL for PKCS#1 otherwise absent */
+
+#  define EVP_MD_FLAG_DIGALGID_ABSENT             0x0008
+
+/* Custom handling via ctrl */
+
+#  define EVP_MD_FLAG_DIGALGID_CUSTOM             0x0018
+
+/* Note if suitable for use in FIPS mode */
+#  define EVP_MD_FLAG_FIPS        0x0400
+
+/* Digest ctrls */
+
+#  define EVP_MD_CTRL_DIGALGID                    0x1
+#  define EVP_MD_CTRL_MICALG                      0x2
+#  define EVP_MD_CTRL_XOF_LEN                     0x3
+
+/* Minimum Algorithm specific ctrl value */
+
+#  define EVP_MD_CTRL_ALG_CTRL                    0x1000
+
+# endif                         /* !EVP_MD */
+
+/* values for EVP_MD_CTX flags */
+
+# define EVP_MD_CTX_FLAG_ONESHOT         0x0001/* digest update will be
+                                                * called once only */
+# define EVP_MD_CTX_FLAG_CLEANED         0x0002/* context has already been
+                                                * cleaned */
+# define EVP_MD_CTX_FLAG_REUSE           0x0004/* Don't free up ctx->md_data
+                                                * in EVP_MD_CTX_reset */
+/*
+ * FIPS and pad options are ignored in 1.0.0, definitions are here so we
+ * don't accidentally reuse the values for other purposes.
+ */
+
+# define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW  0x0008/* Allow use of non FIPS
+                                                * digest in FIPS mode */
+
+/*
+ * The following PAD options are also currently ignored in 1.0.0, digest
+ * parameters are handled through EVP_DigestSign*() and EVP_DigestVerify*()
+ * instead.
+ */
+# define EVP_MD_CTX_FLAG_PAD_MASK        0xF0/* RSA mode to use */
+# define EVP_MD_CTX_FLAG_PAD_PKCS1       0x00/* PKCS#1 v1.5 mode */
+# define EVP_MD_CTX_FLAG_PAD_X931        0x10/* X9.31 mode */
+# define EVP_MD_CTX_FLAG_PAD_PSS         0x20/* PSS mode */
+
+# define EVP_MD_CTX_FLAG_NO_INIT         0x0100/* Don't initialize md_data */
+/*
+ * Some functions such as EVP_DigestSign only finalise copies of internal
+ * contexts so additional data can be included after the finalisation call.
+ * This is inefficient if this functionality is not required: it is disabled
+ * if the following flag is set.
+ */
+# define EVP_MD_CTX_FLAG_FINALISE        0x0200
+/* NOTE: 0x0400 is reserved for internal usage in evp_int.h */
+
+EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len);
+EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher);
+void EVP_CIPHER_meth_free(EVP_CIPHER *cipher);
+
+int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len);
+int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags);
+int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size);
+int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher,
+                             int (*init) (EVP_CIPHER_CTX *ctx,
+                                          const unsigned char *key,
+                                          const unsigned char *iv,
+                                          int enc));
+int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher,
+                                  int (*do_cipher) (EVP_CIPHER_CTX *ctx,
+                                                    unsigned char *out,
+                                                    const unsigned char *in,
+                                                    size_t inl));
+int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher,
+                                int (*cleanup) (EVP_CIPHER_CTX *));
+int EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher,
+                                        int (*set_asn1_parameters) (EVP_CIPHER_CTX *,
+                                                                    ASN1_TYPE *));
+int EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher,
+                                        int (*get_asn1_parameters) (EVP_CIPHER_CTX *,
+                                                                    ASN1_TYPE *));
+int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher,
+                             int (*ctrl) (EVP_CIPHER_CTX *, int type,
+                                          int arg, void *ptr));
+
+int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx,
+                                                          const unsigned char *key,
+                                                          const unsigned char *iv,
+                                                          int enc);
+int (*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx,
+                                                               unsigned char *out,
+                                                               const unsigned char *in,
+                                                               size_t inl);
+int (*EVP_CIPHER_meth_get_cleanup(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *);
+int (*EVP_CIPHER_meth_get_set_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
+                                                                     ASN1_TYPE *);
+int (*EVP_CIPHER_meth_get_get_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
+                                                               ASN1_TYPE *);
+int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
+                                                          int type, int arg,
+                                                          void *ptr);
+
+/* Values for cipher flags */
+
+/* Modes for ciphers */
+
+# define         EVP_CIPH_STREAM_CIPHER          0x0
+# define         EVP_CIPH_ECB_MODE               0x1
+# define         EVP_CIPH_CBC_MODE               0x2
+# define         EVP_CIPH_CFB_MODE               0x3
+# define         EVP_CIPH_OFB_MODE               0x4
+# define         EVP_CIPH_CTR_MODE               0x5
+# define         EVP_CIPH_GCM_MODE               0x6
+# define         EVP_CIPH_CCM_MODE               0x7
+# define         EVP_CIPH_XTS_MODE               0x10001
+# define         EVP_CIPH_WRAP_MODE              0x10002
+# define         EVP_CIPH_OCB_MODE               0x10003
+# define         EVP_CIPH_MODE                   0xF0007
+/* Set if variable length cipher */
+# define         EVP_CIPH_VARIABLE_LENGTH        0x8
+/* Set if the iv handling should be done by the cipher itself */
+# define         EVP_CIPH_CUSTOM_IV              0x10
+/* Set if the cipher's init() function should be called if key is NULL */
+# define         EVP_CIPH_ALWAYS_CALL_INIT       0x20
+/* Call ctrl() to init cipher parameters */
+# define         EVP_CIPH_CTRL_INIT              0x40
+/* Don't use standard key length function */
+# define         EVP_CIPH_CUSTOM_KEY_LENGTH      0x80
+/* Don't use standard block padding */
+# define         EVP_CIPH_NO_PADDING             0x100
+/* cipher handles random key generation */
+# define         EVP_CIPH_RAND_KEY               0x200
+/* cipher has its own additional copying logic */
+# define         EVP_CIPH_CUSTOM_COPY            0x400
+/* Allow use default ASN1 get/set iv */
+# define         EVP_CIPH_FLAG_DEFAULT_ASN1      0x1000
+/* Buffer length in bits not bytes: CFB1 mode only */
+# define         EVP_CIPH_FLAG_LENGTH_BITS       0x2000
+/* Note if suitable for use in FIPS mode */
+# define         EVP_CIPH_FLAG_FIPS              0x4000
+/* Allow non FIPS cipher in FIPS mode */
+# define         EVP_CIPH_FLAG_NON_FIPS_ALLOW    0x8000
+/*
+ * Cipher handles any and all padding logic as well as finalisation.
+ */
+# define         EVP_CIPH_FLAG_CUSTOM_CIPHER     0x100000
+# define         EVP_CIPH_FLAG_AEAD_CIPHER       0x200000
+# define         EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0x400000
+/* Cipher can handle pipeline operations */
+# define         EVP_CIPH_FLAG_PIPELINE          0X800000
+
+/*
+ * Cipher context flag to indicate we can handle wrap mode: if allowed in
+ * older applications it could overflow buffers.
+ */
+
+# define         EVP_CIPHER_CTX_FLAG_WRAP_ALLOW  0x1
+
+/* ctrl() values */
+
+# define         EVP_CTRL_INIT                   0x0
+# define         EVP_CTRL_SET_KEY_LENGTH         0x1
+# define         EVP_CTRL_GET_RC2_KEY_BITS       0x2
+# define         EVP_CTRL_SET_RC2_KEY_BITS       0x3
+# define         EVP_CTRL_GET_RC5_ROUNDS         0x4
+# define         EVP_CTRL_SET_RC5_ROUNDS         0x5
+# define         EVP_CTRL_RAND_KEY               0x6
+# define         EVP_CTRL_PBE_PRF_NID            0x7
+# define         EVP_CTRL_COPY                   0x8
+# define         EVP_CTRL_AEAD_SET_IVLEN         0x9
+# define         EVP_CTRL_AEAD_GET_TAG           0x10
+# define         EVP_CTRL_AEAD_SET_TAG           0x11
+# define         EVP_CTRL_AEAD_SET_IV_FIXED      0x12
+# define         EVP_CTRL_GCM_SET_IVLEN          EVP_CTRL_AEAD_SET_IVLEN
+# define         EVP_CTRL_GCM_GET_TAG            EVP_CTRL_AEAD_GET_TAG
+# define         EVP_CTRL_GCM_SET_TAG            EVP_CTRL_AEAD_SET_TAG
+# define         EVP_CTRL_GCM_SET_IV_FIXED       EVP_CTRL_AEAD_SET_IV_FIXED
+# define         EVP_CTRL_GCM_IV_GEN             0x13
+# define         EVP_CTRL_CCM_SET_IVLEN          EVP_CTRL_AEAD_SET_IVLEN
+# define         EVP_CTRL_CCM_GET_TAG            EVP_CTRL_AEAD_GET_TAG
+# define         EVP_CTRL_CCM_SET_TAG            EVP_CTRL_AEAD_SET_TAG
+# define         EVP_CTRL_CCM_SET_IV_FIXED       EVP_CTRL_AEAD_SET_IV_FIXED
+# define         EVP_CTRL_CCM_SET_L              0x14
+# define         EVP_CTRL_CCM_SET_MSGLEN         0x15
+/*
+ * AEAD cipher deduces payload length and returns number of bytes required to
+ * store MAC and eventual padding. Subsequent call to EVP_Cipher even
+ * appends/verifies MAC.
+ */
+# define         EVP_CTRL_AEAD_TLS1_AAD          0x16
+/* Used by composite AEAD ciphers, no-op in GCM, CCM... */
+# define         EVP_CTRL_AEAD_SET_MAC_KEY       0x17
+/* Set the GCM invocation field, decrypt only */
+# define         EVP_CTRL_GCM_SET_IV_INV         0x18
+
+# define         EVP_CTRL_TLS1_1_MULTIBLOCK_AAD  0x19
+# define         EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT      0x1a
+# define         EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT      0x1b
+# define         EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE  0x1c
+
+# define         EVP_CTRL_SSL3_MASTER_SECRET             0x1d
+
+/* EVP_CTRL_SET_SBOX takes the char * specifying S-boxes */
+# define         EVP_CTRL_SET_SBOX                       0x1e
+/*
+ * EVP_CTRL_SBOX_USED takes a 'size_t' and 'char *', pointing at a
+ * pre-allocated buffer with specified size
+ */
+# define         EVP_CTRL_SBOX_USED                      0x1f
+/* EVP_CTRL_KEY_MESH takes 'size_t' number of bytes to mesh the key after,
+ * 0 switches meshing off
+ */
+# define         EVP_CTRL_KEY_MESH                       0x20
+/* EVP_CTRL_BLOCK_PADDING_MODE takes the padding mode */
+# define         EVP_CTRL_BLOCK_PADDING_MODE             0x21
+
+/* Set the output buffers to use for a pipelined operation */
+# define         EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS       0x22
+/* Set the input buffers to use for a pipelined operation */
+# define         EVP_CTRL_SET_PIPELINE_INPUT_BUFS        0x23
+/* Set the input buffer lengths to use for a pipelined operation */
+# define         EVP_CTRL_SET_PIPELINE_INPUT_LENS        0x24
+
+/* Padding modes */
+#define EVP_PADDING_PKCS7       1
+#define EVP_PADDING_ISO7816_4   2
+#define EVP_PADDING_ANSI923     3
+#define EVP_PADDING_ISO10126    4
+#define EVP_PADDING_ZERO        5
+
+/* RFC 5246 defines additional data to be 13 bytes in length */
+# define         EVP_AEAD_TLS1_AAD_LEN           13
+
+typedef struct {
+    unsigned char *out;
+    const unsigned char *inp;
+    size_t len;
+    unsigned int interleave;
+} EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM;
+
+/* GCM TLS constants */
+/* Length of fixed part of IV derived from PRF */
+# define EVP_GCM_TLS_FIXED_IV_LEN                        4
+/* Length of explicit part of IV part of TLS records */
+# define EVP_GCM_TLS_EXPLICIT_IV_LEN                     8
+/* Length of tag for TLS */
+# define EVP_GCM_TLS_TAG_LEN                             16
+
+/* CCM TLS constants */
+/* Length of fixed part of IV derived from PRF */
+# define EVP_CCM_TLS_FIXED_IV_LEN                        4
+/* Length of explicit part of IV part of TLS records */
+# define EVP_CCM_TLS_EXPLICIT_IV_LEN                     8
+/* Total length of CCM IV length for TLS */
+# define EVP_CCM_TLS_IV_LEN                              12
+/* Length of tag for TLS */
+# define EVP_CCM_TLS_TAG_LEN                             16
+/* Length of CCM8 tag for TLS */
+# define EVP_CCM8_TLS_TAG_LEN                            8
+
+/* Length of tag for TLS */
+# define EVP_CHACHAPOLY_TLS_TAG_LEN                      16
+
+typedef struct evp_cipher_info_st {
+    const EVP_CIPHER *cipher;
+    unsigned char iv[EVP_MAX_IV_LENGTH];
+} EVP_CIPHER_INFO;
+
+
+/* Password based encryption function */
+typedef int (EVP_PBE_KEYGEN) (EVP_CIPHER_CTX *ctx, const char *pass,
+                              int passlen, ASN1_TYPE *param,
+                              const EVP_CIPHER *cipher, const EVP_MD *md,
+                              int en_de);
+
+# ifndef OPENSSL_NO_RSA
+#  define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\
+                                        (char *)(rsa))
+# endif
+
+# ifndef OPENSSL_NO_DSA
+#  define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\
+                                        (char *)(dsa))
+# endif
+
+# ifndef OPENSSL_NO_DH
+#  define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,\
+                                        (char *)(dh))
+# endif
+
+# ifndef OPENSSL_NO_EC
+#  define EVP_PKEY_assign_EC_KEY(pkey,eckey) EVP_PKEY_assign((pkey),EVP_PKEY_EC,\
+                                        (char *)(eckey))
+# endif
+# ifndef OPENSSL_NO_SIPHASH
+#  define EVP_PKEY_assign_SIPHASH(pkey,shkey) EVP_PKEY_assign((pkey),EVP_PKEY_SIPHASH,\
+                                        (char *)(shkey))
+# endif
+
+# ifndef OPENSSL_NO_POLY1305
+#  define EVP_PKEY_assign_POLY1305(pkey,polykey) EVP_PKEY_assign((pkey),EVP_PKEY_POLY1305,\
+                                        (char *)(polykey))
+# endif
+
+/* Add some extra combinations */
+# define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))
+# define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a))
+# define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a))
+# define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a))
+
+int EVP_MD_type(const EVP_MD *md);
+# define EVP_MD_nid(e)                   EVP_MD_type(e)
+# define EVP_MD_name(e)                  OBJ_nid2sn(EVP_MD_nid(e))
+int EVP_MD_pkey_type(const EVP_MD *md);
+int EVP_MD_size(const EVP_MD *md);
+int EVP_MD_block_size(const EVP_MD *md);
+unsigned long EVP_MD_flags(const EVP_MD *md);
+
+const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
+int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx,
+                                             const void *data, size_t count);
+void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx,
+                              int (*update) (EVP_MD_CTX *ctx,
+                                             const void *data, size_t count));
+# define EVP_MD_CTX_size(e)              EVP_MD_size(EVP_MD_CTX_md(e))
+# define EVP_MD_CTX_block_size(e)        EVP_MD_block_size(EVP_MD_CTX_md(e))
+# define EVP_MD_CTX_type(e)              EVP_MD_type(EVP_MD_CTX_md(e))
+EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx);
+void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx);
+void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx);
+
+int EVP_CIPHER_nid(const EVP_CIPHER *cipher);
+# define EVP_CIPHER_name(e)              OBJ_nid2sn(EVP_CIPHER_nid(e))
+int EVP_CIPHER_block_size(const EVP_CIPHER *cipher);
+int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *cipher);
+int EVP_CIPHER_key_length(const EVP_CIPHER *cipher);
+int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher);
+unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher);
+# define EVP_CIPHER_mode(e)              (EVP_CIPHER_flags(e) & EVP_CIPH_MODE)
+
+const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx);
+int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx);
+int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx);
+int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx);
+int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx);
+int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx);
+const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx);
+const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx);
+unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx);
+unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx);
+int EVP_CIPHER_CTX_num(const EVP_CIPHER_CTX *ctx);
+void EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num);
+int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in);
+void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx);
+void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data);
+void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx);
+void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data);
+# define EVP_CIPHER_CTX_type(c)         EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c))
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define EVP_CIPHER_CTX_flags(c)       EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(c))
+# endif
+# define EVP_CIPHER_CTX_mode(c)         EVP_CIPHER_mode(EVP_CIPHER_CTX_cipher(c))
+
+# define EVP_ENCODE_LENGTH(l)    ((((l)+2)/3*4)+((l)/48+1)*2+80)
+# define EVP_DECODE_LENGTH(l)    (((l)+3)/4*3+80)
+
+# define EVP_SignInit_ex(a,b,c)          EVP_DigestInit_ex(a,b,c)
+# define EVP_SignInit(a,b)               EVP_DigestInit(a,b)
+# define EVP_SignUpdate(a,b,c)           EVP_DigestUpdate(a,b,c)
+# define EVP_VerifyInit_ex(a,b,c)        EVP_DigestInit_ex(a,b,c)
+# define EVP_VerifyInit(a,b)             EVP_DigestInit(a,b)
+# define EVP_VerifyUpdate(a,b,c)         EVP_DigestUpdate(a,b,c)
+# define EVP_OpenUpdate(a,b,c,d,e)       EVP_DecryptUpdate(a,b,c,d,e)
+# define EVP_SealUpdate(a,b,c,d,e)       EVP_EncryptUpdate(a,b,c,d,e)
+# define EVP_DigestSignUpdate(a,b,c)     EVP_DigestUpdate(a,b,c)
+# define EVP_DigestVerifyUpdate(a,b,c)   EVP_DigestUpdate(a,b,c)
+
+# ifdef CONST_STRICT
+void BIO_set_md(BIO *, const EVP_MD *md);
+# else
+#  define BIO_set_md(b,md)          BIO_ctrl(b,BIO_C_SET_MD,0,(char *)(md))
+# endif
+# define BIO_get_md(b,mdp)          BIO_ctrl(b,BIO_C_GET_MD,0,(char *)(mdp))
+# define BIO_get_md_ctx(b,mdcp)     BIO_ctrl(b,BIO_C_GET_MD_CTX,0, \
+                                             (char *)(mdcp))
+# define BIO_set_md_ctx(b,mdcp)     BIO_ctrl(b,BIO_C_SET_MD_CTX,0, \
+                                             (char *)(mdcp))
+# define BIO_get_cipher_status(b)   BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
+# define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0, \
+                                             (char *)(c_pp))
+
+/*__owur*/ int EVP_Cipher(EVP_CIPHER_CTX *c,
+                          unsigned char *out,
+                          const unsigned char *in, unsigned int inl);
+
+# define EVP_add_cipher_alias(n,alias) \
+        OBJ_NAME_add((alias),OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS,(n))
+# define EVP_add_digest_alias(n,alias) \
+        OBJ_NAME_add((alias),OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,(n))
+# define EVP_delete_cipher_alias(alias) \
+        OBJ_NAME_remove(alias,OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS);
+# define EVP_delete_digest_alias(alias) \
+        OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS);
+
+int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2);
+EVP_MD_CTX *EVP_MD_CTX_new(void);
+int EVP_MD_CTX_reset(EVP_MD_CTX *ctx);
+void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
+# define EVP_MD_CTX_create()     EVP_MD_CTX_new()
+# define EVP_MD_CTX_init(ctx)    EVP_MD_CTX_reset((ctx))
+# define EVP_MD_CTX_destroy(ctx) EVP_MD_CTX_free((ctx))
+__owur int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in);
+void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags);
+void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags);
+int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags);
+__owur int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type,
+                                 ENGINE *impl);
+__owur int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d,
+                                size_t cnt);
+__owur int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md,
+                                  unsigned int *s);
+__owur int EVP_Digest(const void *data, size_t count,
+                          unsigned char *md, unsigned int *size,
+                          const EVP_MD *type, ENGINE *impl);
+
+__owur int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in);
+__owur int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+__owur int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md,
+                           unsigned int *s);
+__owur int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md,
+                              size_t len);
+
+int EVP_read_pw_string(char *buf, int length, const char *prompt, int verify);
+int EVP_read_pw_string_min(char *buf, int minlen, int maxlen,
+                           const char *prompt, int verify);
+void EVP_set_pw_prompt(const char *prompt);
+char *EVP_get_pw_prompt(void);
+
+__owur int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
+                          const unsigned char *salt,
+                          const unsigned char *data, int datal, int count,
+                          unsigned char *key, unsigned char *iv);
+
+void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags);
+void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags);
+int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags);
+
+__owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+                           const unsigned char *key, const unsigned char *iv);
+/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
+                                  const EVP_CIPHER *cipher, ENGINE *impl,
+                                  const unsigned char *key,
+                                  const unsigned char *iv);
+/*__owur*/ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                 int *outl, const unsigned char *in, int inl);
+/*__owur*/ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                   int *outl);
+/*__owur*/ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                int *outl);
+
+__owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+                           const unsigned char *key, const unsigned char *iv);
+/*__owur*/ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
+                                  const EVP_CIPHER *cipher, ENGINE *impl,
+                                  const unsigned char *key,
+                                  const unsigned char *iv);
+/*__owur*/ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                 int *outl, const unsigned char *in, int inl);
+__owur int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+                            int *outl);
+/*__owur*/ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+                                   int *outl);
+
+__owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+                          const unsigned char *key, const unsigned char *iv,
+                          int enc);
+/*__owur*/ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
+                                 const EVP_CIPHER *cipher, ENGINE *impl,
+                                 const unsigned char *key,
+                                 const unsigned char *iv, int enc);
+__owur int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                            int *outl, const unsigned char *in, int inl);
+__owur int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+                           int *outl);
+__owur int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+                              int *outl);
+
+__owur int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s,
+                         EVP_PKEY *pkey);
+
+__owur int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret,
+                          size_t *siglen, const unsigned char *tbs,
+                          size_t tbslen);
+
+__owur int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
+                           unsigned int siglen, EVP_PKEY *pkey);
+
+__owur int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
+                            size_t siglen, const unsigned char *tbs,
+                            size_t tbslen);
+
+/*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                                  const EVP_MD *type, ENGINE *e,
+                                  EVP_PKEY *pkey);
+__owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
+                               size_t *siglen);
+
+__owur int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                                const EVP_MD *type, ENGINE *e,
+                                EVP_PKEY *pkey);
+__owur int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
+                                 size_t siglen);
+
+# ifndef OPENSSL_NO_RSA
+__owur int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+                        const unsigned char *ek, int ekl,
+                        const unsigned char *iv, EVP_PKEY *priv);
+__owur int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
+
+__owur int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+                        unsigned char **ek, int *ekl, unsigned char *iv,
+                        EVP_PKEY **pubk, int npubk);
+__owur int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
+# endif
+
+EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void);
+void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx);
+int EVP_ENCODE_CTX_copy(EVP_ENCODE_CTX *dctx, EVP_ENCODE_CTX *sctx);
+int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx);
+void EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
+int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
+                     const unsigned char *in, int inl);
+void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl);
+int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n);
+
+void EVP_DecodeInit(EVP_ENCODE_CTX *ctx);
+int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
+                     const unsigned char *in, int inl);
+int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned
+                    char *out, int *outl);
+int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n);
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define EVP_CIPHER_CTX_init(c)      EVP_CIPHER_CTX_reset(c)
+#  define EVP_CIPHER_CTX_cleanup(c)   EVP_CIPHER_CTX_reset(c)
+# endif
+EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);
+int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c);
+void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *c);
+int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);
+int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad);
+int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
+int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key);
+
+const BIO_METHOD *BIO_f_md(void);
+const BIO_METHOD *BIO_f_base64(void);
+const BIO_METHOD *BIO_f_cipher(void);
+const BIO_METHOD *BIO_f_reliable(void);
+__owur int BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k,
+                          const unsigned char *i, int enc);
+
+const EVP_MD *EVP_md_null(void);
+# ifndef OPENSSL_NO_MD2
+const EVP_MD *EVP_md2(void);
+# endif
+# ifndef OPENSSL_NO_MD4
+const EVP_MD *EVP_md4(void);
+# endif
+# ifndef OPENSSL_NO_MD5
+const EVP_MD *EVP_md5(void);
+const EVP_MD *EVP_md5_sha1(void);
+# endif
+# ifndef OPENSSL_NO_BLAKE2
+const EVP_MD *EVP_blake2b512(void);
+const EVP_MD *EVP_blake2s256(void);
+# endif
+const EVP_MD *EVP_sha1(void);
+const EVP_MD *EVP_sha224(void);
+const EVP_MD *EVP_sha256(void);
+const EVP_MD *EVP_sha384(void);
+const EVP_MD *EVP_sha512(void);
+const EVP_MD *EVP_sha512_224(void);
+const EVP_MD *EVP_sha512_256(void);
+const EVP_MD *EVP_sha3_224(void);
+const EVP_MD *EVP_sha3_256(void);
+const EVP_MD *EVP_sha3_384(void);
+const EVP_MD *EVP_sha3_512(void);
+const EVP_MD *EVP_shake128(void);
+const EVP_MD *EVP_shake256(void);
+# ifndef OPENSSL_NO_MDC2
+const EVP_MD *EVP_mdc2(void);
+# endif
+# ifndef OPENSSL_NO_RMD160
+const EVP_MD *EVP_ripemd160(void);
+# endif
+# ifndef OPENSSL_NO_WHIRLPOOL
+const EVP_MD *EVP_whirlpool(void);
+# endif
+# ifndef OPENSSL_NO_SM3
+const EVP_MD *EVP_sm3(void);
+# endif
+const EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */
+# ifndef OPENSSL_NO_DES
+const EVP_CIPHER *EVP_des_ecb(void);
+const EVP_CIPHER *EVP_des_ede(void);
+const EVP_CIPHER *EVP_des_ede3(void);
+const EVP_CIPHER *EVP_des_ede_ecb(void);
+const EVP_CIPHER *EVP_des_ede3_ecb(void);
+const EVP_CIPHER *EVP_des_cfb64(void);
+#  define EVP_des_cfb EVP_des_cfb64
+const EVP_CIPHER *EVP_des_cfb1(void);
+const EVP_CIPHER *EVP_des_cfb8(void);
+const EVP_CIPHER *EVP_des_ede_cfb64(void);
+#  define EVP_des_ede_cfb EVP_des_ede_cfb64
+const EVP_CIPHER *EVP_des_ede3_cfb64(void);
+#  define EVP_des_ede3_cfb EVP_des_ede3_cfb64
+const EVP_CIPHER *EVP_des_ede3_cfb1(void);
+const EVP_CIPHER *EVP_des_ede3_cfb8(void);
+const EVP_CIPHER *EVP_des_ofb(void);
+const EVP_CIPHER *EVP_des_ede_ofb(void);
+const EVP_CIPHER *EVP_des_ede3_ofb(void);
+const EVP_CIPHER *EVP_des_cbc(void);
+const EVP_CIPHER *EVP_des_ede_cbc(void);
+const EVP_CIPHER *EVP_des_ede3_cbc(void);
+const EVP_CIPHER *EVP_desx_cbc(void);
+const EVP_CIPHER *EVP_des_ede3_wrap(void);
+/*
+ * This should now be supported through the dev_crypto ENGINE. But also, why
+ * are rc4 and md5 declarations made here inside a "NO_DES" precompiler
+ * branch?
+ */
+# endif
+# ifndef OPENSSL_NO_RC4
+const EVP_CIPHER *EVP_rc4(void);
+const EVP_CIPHER *EVP_rc4_40(void);
+#  ifndef OPENSSL_NO_MD5
+const EVP_CIPHER *EVP_rc4_hmac_md5(void);
+#  endif
+# endif
+# ifndef OPENSSL_NO_IDEA
+const EVP_CIPHER *EVP_idea_ecb(void);
+const EVP_CIPHER *EVP_idea_cfb64(void);
+#  define EVP_idea_cfb EVP_idea_cfb64
+const EVP_CIPHER *EVP_idea_ofb(void);
+const EVP_CIPHER *EVP_idea_cbc(void);
+# endif
+# ifndef OPENSSL_NO_RC2
+const EVP_CIPHER *EVP_rc2_ecb(void);
+const EVP_CIPHER *EVP_rc2_cbc(void);
+const EVP_CIPHER *EVP_rc2_40_cbc(void);
+const EVP_CIPHER *EVP_rc2_64_cbc(void);
+const EVP_CIPHER *EVP_rc2_cfb64(void);
+#  define EVP_rc2_cfb EVP_rc2_cfb64
+const EVP_CIPHER *EVP_rc2_ofb(void);
+# endif
+# ifndef OPENSSL_NO_BF
+const EVP_CIPHER *EVP_bf_ecb(void);
+const EVP_CIPHER *EVP_bf_cbc(void);
+const EVP_CIPHER *EVP_bf_cfb64(void);
+#  define EVP_bf_cfb EVP_bf_cfb64
+const EVP_CIPHER *EVP_bf_ofb(void);
+# endif
+# ifndef OPENSSL_NO_CAST
+const EVP_CIPHER *EVP_cast5_ecb(void);
+const EVP_CIPHER *EVP_cast5_cbc(void);
+const EVP_CIPHER *EVP_cast5_cfb64(void);
+#  define EVP_cast5_cfb EVP_cast5_cfb64
+const EVP_CIPHER *EVP_cast5_ofb(void);
+# endif
+# ifndef OPENSSL_NO_RC5
+const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void);
+const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void);
+const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void);
+#  define EVP_rc5_32_12_16_cfb EVP_rc5_32_12_16_cfb64
+const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void);
+# endif
+const EVP_CIPHER *EVP_aes_128_ecb(void);
+const EVP_CIPHER *EVP_aes_128_cbc(void);
+const EVP_CIPHER *EVP_aes_128_cfb1(void);
+const EVP_CIPHER *EVP_aes_128_cfb8(void);
+const EVP_CIPHER *EVP_aes_128_cfb128(void);
+# define EVP_aes_128_cfb EVP_aes_128_cfb128
+const EVP_CIPHER *EVP_aes_128_ofb(void);
+const EVP_CIPHER *EVP_aes_128_ctr(void);
+const EVP_CIPHER *EVP_aes_128_ccm(void);
+const EVP_CIPHER *EVP_aes_128_gcm(void);
+const EVP_CIPHER *EVP_aes_128_xts(void);
+const EVP_CIPHER *EVP_aes_128_wrap(void);
+const EVP_CIPHER *EVP_aes_128_wrap_pad(void);
+# ifndef OPENSSL_NO_OCB
+const EVP_CIPHER *EVP_aes_128_ocb(void);
+# endif
+const EVP_CIPHER *EVP_aes_192_ecb(void);
+const EVP_CIPHER *EVP_aes_192_cbc(void);
+const EVP_CIPHER *EVP_aes_192_cfb1(void);
+const EVP_CIPHER *EVP_aes_192_cfb8(void);
+const EVP_CIPHER *EVP_aes_192_cfb128(void);
+# define EVP_aes_192_cfb EVP_aes_192_cfb128
+const EVP_CIPHER *EVP_aes_192_ofb(void);
+const EVP_CIPHER *EVP_aes_192_ctr(void);
+const EVP_CIPHER *EVP_aes_192_ccm(void);
+const EVP_CIPHER *EVP_aes_192_gcm(void);
+const EVP_CIPHER *EVP_aes_192_wrap(void);
+const EVP_CIPHER *EVP_aes_192_wrap_pad(void);
+# ifndef OPENSSL_NO_OCB
+const EVP_CIPHER *EVP_aes_192_ocb(void);
+# endif
+const EVP_CIPHER *EVP_aes_256_ecb(void);
+const EVP_CIPHER *EVP_aes_256_cbc(void);
+const EVP_CIPHER *EVP_aes_256_cfb1(void);
+const EVP_CIPHER *EVP_aes_256_cfb8(void);
+const EVP_CIPHER *EVP_aes_256_cfb128(void);
+# define EVP_aes_256_cfb EVP_aes_256_cfb128
+const EVP_CIPHER *EVP_aes_256_ofb(void);
+const EVP_CIPHER *EVP_aes_256_ctr(void);
+const EVP_CIPHER *EVP_aes_256_ccm(void);
+const EVP_CIPHER *EVP_aes_256_gcm(void);
+const EVP_CIPHER *EVP_aes_256_xts(void);
+const EVP_CIPHER *EVP_aes_256_wrap(void);
+const EVP_CIPHER *EVP_aes_256_wrap_pad(void);
+# ifndef OPENSSL_NO_OCB
+const EVP_CIPHER *EVP_aes_256_ocb(void);
+# endif
+const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void);
+const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void);
+const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha256(void);
+const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void);
+# ifndef OPENSSL_NO_ARIA
+const EVP_CIPHER *EVP_aria_128_ecb(void);
+const EVP_CIPHER *EVP_aria_128_cbc(void);
+const EVP_CIPHER *EVP_aria_128_cfb1(void);
+const EVP_CIPHER *EVP_aria_128_cfb8(void);
+const EVP_CIPHER *EVP_aria_128_cfb128(void);
+#  define EVP_aria_128_cfb EVP_aria_128_cfb128
+const EVP_CIPHER *EVP_aria_128_ctr(void);
+const EVP_CIPHER *EVP_aria_128_ofb(void);
+const EVP_CIPHER *EVP_aria_128_gcm(void);
+const EVP_CIPHER *EVP_aria_128_ccm(void);
+const EVP_CIPHER *EVP_aria_192_ecb(void);
+const EVP_CIPHER *EVP_aria_192_cbc(void);
+const EVP_CIPHER *EVP_aria_192_cfb1(void);
+const EVP_CIPHER *EVP_aria_192_cfb8(void);
+const EVP_CIPHER *EVP_aria_192_cfb128(void);
+#  define EVP_aria_192_cfb EVP_aria_192_cfb128
+const EVP_CIPHER *EVP_aria_192_ctr(void);
+const EVP_CIPHER *EVP_aria_192_ofb(void);
+const EVP_CIPHER *EVP_aria_192_gcm(void);
+const EVP_CIPHER *EVP_aria_192_ccm(void);
+const EVP_CIPHER *EVP_aria_256_ecb(void);
+const EVP_CIPHER *EVP_aria_256_cbc(void);
+const EVP_CIPHER *EVP_aria_256_cfb1(void);
+const EVP_CIPHER *EVP_aria_256_cfb8(void);
+const EVP_CIPHER *EVP_aria_256_cfb128(void);
+#  define EVP_aria_256_cfb EVP_aria_256_cfb128
+const EVP_CIPHER *EVP_aria_256_ctr(void);
+const EVP_CIPHER *EVP_aria_256_ofb(void);
+const EVP_CIPHER *EVP_aria_256_gcm(void);
+const EVP_CIPHER *EVP_aria_256_ccm(void);
+# endif
+# ifndef OPENSSL_NO_CAMELLIA
+const EVP_CIPHER *EVP_camellia_128_ecb(void);
+const EVP_CIPHER *EVP_camellia_128_cbc(void);
+const EVP_CIPHER *EVP_camellia_128_cfb1(void);
+const EVP_CIPHER *EVP_camellia_128_cfb8(void);
+const EVP_CIPHER *EVP_camellia_128_cfb128(void);
+#  define EVP_camellia_128_cfb EVP_camellia_128_cfb128
+const EVP_CIPHER *EVP_camellia_128_ofb(void);
+const EVP_CIPHER *EVP_camellia_128_ctr(void);
+const EVP_CIPHER *EVP_camellia_192_ecb(void);
+const EVP_CIPHER *EVP_camellia_192_cbc(void);
+const EVP_CIPHER *EVP_camellia_192_cfb1(void);
+const EVP_CIPHER *EVP_camellia_192_cfb8(void);
+const EVP_CIPHER *EVP_camellia_192_cfb128(void);
+#  define EVP_camellia_192_cfb EVP_camellia_192_cfb128
+const EVP_CIPHER *EVP_camellia_192_ofb(void);
+const EVP_CIPHER *EVP_camellia_192_ctr(void);
+const EVP_CIPHER *EVP_camellia_256_ecb(void);
+const EVP_CIPHER *EVP_camellia_256_cbc(void);
+const EVP_CIPHER *EVP_camellia_256_cfb1(void);
+const EVP_CIPHER *EVP_camellia_256_cfb8(void);
+const EVP_CIPHER *EVP_camellia_256_cfb128(void);
+#  define EVP_camellia_256_cfb EVP_camellia_256_cfb128
+const EVP_CIPHER *EVP_camellia_256_ofb(void);
+const EVP_CIPHER *EVP_camellia_256_ctr(void);
+# endif
+# ifndef OPENSSL_NO_CHACHA
+const EVP_CIPHER *EVP_chacha20(void);
+#  ifndef OPENSSL_NO_POLY1305
+const EVP_CIPHER *EVP_chacha20_poly1305(void);
+#  endif
+# endif
+
+# ifndef OPENSSL_NO_SEED
+const EVP_CIPHER *EVP_seed_ecb(void);
+const EVP_CIPHER *EVP_seed_cbc(void);
+const EVP_CIPHER *EVP_seed_cfb128(void);
+#  define EVP_seed_cfb EVP_seed_cfb128
+const EVP_CIPHER *EVP_seed_ofb(void);
+# endif
+
+# ifndef OPENSSL_NO_SM4
+const EVP_CIPHER *EVP_sm4_ecb(void);
+const EVP_CIPHER *EVP_sm4_cbc(void);
+const EVP_CIPHER *EVP_sm4_cfb128(void);
+#  define EVP_sm4_cfb EVP_sm4_cfb128
+const EVP_CIPHER *EVP_sm4_ofb(void);
+const EVP_CIPHER *EVP_sm4_ctr(void);
+# endif
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define OPENSSL_add_all_algorithms_conf() \
+    OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \
+                        | OPENSSL_INIT_ADD_ALL_DIGESTS \
+                        | OPENSSL_INIT_LOAD_CONFIG, NULL)
+#  define OPENSSL_add_all_algorithms_noconf() \
+    OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \
+                        | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL)
+
+#  ifdef OPENSSL_LOAD_CONF
+#   define OpenSSL_add_all_algorithms() OPENSSL_add_all_algorithms_conf()
+#  else
+#   define OpenSSL_add_all_algorithms() OPENSSL_add_all_algorithms_noconf()
+#  endif
+
+#  define OpenSSL_add_all_ciphers() \
+    OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL)
+#  define OpenSSL_add_all_digests() \
+    OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL)
+
+#  define EVP_cleanup() while(0) continue
+# endif
+
+int EVP_add_cipher(const EVP_CIPHER *cipher);
+int EVP_add_digest(const EVP_MD *digest);
+
+const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
+const EVP_MD *EVP_get_digestbyname(const char *name);
+
+void EVP_CIPHER_do_all(void (*fn) (const EVP_CIPHER *ciph,
+                                   const char *from, const char *to, void *x),
+                       void *arg);
+void EVP_CIPHER_do_all_sorted(void (*fn)
+                               (const EVP_CIPHER *ciph, const char *from,
+                                const char *to, void *x), void *arg);
+
+void EVP_MD_do_all(void (*fn) (const EVP_MD *ciph,
+                               const char *from, const char *to, void *x),
+                   void *arg);
+void EVP_MD_do_all_sorted(void (*fn)
+                           (const EVP_MD *ciph, const char *from,
+                            const char *to, void *x), void *arg);
+
+int EVP_PKEY_decrypt_old(unsigned char *dec_key,
+                         const unsigned char *enc_key, int enc_key_len,
+                         EVP_PKEY *private_key);
+int EVP_PKEY_encrypt_old(unsigned char *enc_key,
+                         const unsigned char *key, int key_len,
+                         EVP_PKEY *pub_key);
+int EVP_PKEY_type(int type);
+int EVP_PKEY_id(const EVP_PKEY *pkey);
+int EVP_PKEY_base_id(const EVP_PKEY *pkey);
+int EVP_PKEY_bits(const EVP_PKEY *pkey);
+int EVP_PKEY_security_bits(const EVP_PKEY *pkey);
+int EVP_PKEY_size(const EVP_PKEY *pkey);
+int EVP_PKEY_set_type(EVP_PKEY *pkey, int type);
+int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len);
+int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type);
+# ifndef OPENSSL_NO_ENGINE
+int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *e);
+# endif
+int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key);
+void *EVP_PKEY_get0(const EVP_PKEY *pkey);
+const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len);
+# ifndef OPENSSL_NO_POLY1305
+const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len);
+# endif
+# ifndef OPENSSL_NO_SIPHASH
+const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len);
+# endif
+
+# ifndef OPENSSL_NO_RSA
+struct rsa_st;
+int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, struct rsa_st *key);
+struct rsa_st *EVP_PKEY_get0_RSA(EVP_PKEY *pkey);
+struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
+# endif
+# ifndef OPENSSL_NO_DSA
+struct dsa_st;
+int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, struct dsa_st *key);
+struct dsa_st *EVP_PKEY_get0_DSA(EVP_PKEY *pkey);
+struct dsa_st *EVP_PKEY_get1_DSA(EVP_PKEY *pkey);
+# endif
+# ifndef OPENSSL_NO_DH
+struct dh_st;
+int EVP_PKEY_set1_DH(EVP_PKEY *pkey, struct dh_st *key);
+struct dh_st *EVP_PKEY_get0_DH(EVP_PKEY *pkey);
+struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
+# endif
+# ifndef OPENSSL_NO_EC
+struct ec_key_st;
+int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, struct ec_key_st *key);
+struct ec_key_st *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey);
+struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
+# endif
+
+EVP_PKEY *EVP_PKEY_new(void);
+int EVP_PKEY_up_ref(EVP_PKEY *pkey);
+void EVP_PKEY_free(EVP_PKEY *pkey);
+
+EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
+                        long length);
+int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp);
+
+EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
+                         long length);
+EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
+                             long length);
+int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp);
+
+int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from);
+int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey);
+int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode);
+int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b);
+
+int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b);
+
+int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey,
+                          int indent, ASN1_PCTX *pctx);
+int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey,
+                           int indent, ASN1_PCTX *pctx);
+int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey,
+                          int indent, ASN1_PCTX *pctx);
+
+int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid);
+
+int EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY *pkey,
+                                   const unsigned char *pt, size_t ptlen);
+size_t EVP_PKEY_get1_tls_encodedpoint(EVP_PKEY *pkey, unsigned char **ppt);
+
+int EVP_CIPHER_type(const EVP_CIPHER *ctx);
+
+/* calls methods */
+int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+
+/* These are used by EVP_CIPHER methods */
+int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+
+/* PKCS5 password based encryption */
+int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+                       ASN1_TYPE *param, const EVP_CIPHER *cipher,
+                       const EVP_MD *md, int en_de);
+int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
+                           const unsigned char *salt, int saltlen, int iter,
+                           int keylen, unsigned char *out);
+int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
+                      const unsigned char *salt, int saltlen, int iter,
+                      const EVP_MD *digest, int keylen, unsigned char *out);
+int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+                          ASN1_TYPE *param, const EVP_CIPHER *cipher,
+                          const EVP_MD *md, int en_de);
+
+#ifndef OPENSSL_NO_SCRYPT
+int EVP_PBE_scrypt(const char *pass, size_t passlen,
+                   const unsigned char *salt, size_t saltlen,
+                   uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem,
+                   unsigned char *key, size_t keylen);
+
+int PKCS5_v2_scrypt_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass,
+                             int passlen, ASN1_TYPE *param,
+                             const EVP_CIPHER *c, const EVP_MD *md, int en_de);
+#endif
+
+void PKCS5_PBE_add(void);
+
+int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
+                       ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de);
+
+/* PBE type */
+
+/* Can appear as the outermost AlgorithmIdentifier */
+# define EVP_PBE_TYPE_OUTER      0x0
+/* Is an PRF type OID */
+# define EVP_PBE_TYPE_PRF        0x1
+/* Is a PKCS#5 v2.0 KDF */
+# define EVP_PBE_TYPE_KDF        0x2
+
+int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid,
+                         int md_nid, EVP_PBE_KEYGEN *keygen);
+int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,
+                    EVP_PBE_KEYGEN *keygen);
+int EVP_PBE_find(int type, int pbe_nid, int *pcnid, int *pmnid,
+                 EVP_PBE_KEYGEN **pkeygen);
+void EVP_PBE_cleanup(void);
+int EVP_PBE_get(int *ptype, int *ppbe_nid, size_t num);
+
+# define ASN1_PKEY_ALIAS         0x1
+# define ASN1_PKEY_DYNAMIC       0x2
+# define ASN1_PKEY_SIGPARAM_NULL 0x4
+
+# define ASN1_PKEY_CTRL_PKCS7_SIGN       0x1
+# define ASN1_PKEY_CTRL_PKCS7_ENCRYPT    0x2
+# define ASN1_PKEY_CTRL_DEFAULT_MD_NID   0x3
+# define ASN1_PKEY_CTRL_CMS_SIGN         0x5
+# define ASN1_PKEY_CTRL_CMS_ENVELOPE     0x7
+# define ASN1_PKEY_CTRL_CMS_RI_TYPE      0x8
+
+# define ASN1_PKEY_CTRL_SET1_TLS_ENCPT   0x9
+# define ASN1_PKEY_CTRL_GET1_TLS_ENCPT   0xa
+
+int EVP_PKEY_asn1_get_count(void);
+const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx);
+const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type);
+const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe,
+                                                   const char *str, int len);
+int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth);
+int EVP_PKEY_asn1_add_alias(int to, int from);
+int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id,
+                            int *ppkey_flags, const char **pinfo,
+                            const char **ppem_str,
+                            const EVP_PKEY_ASN1_METHOD *ameth);
+
+const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(const EVP_PKEY *pkey);
+EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags,
+                                        const char *pem_str,
+                                        const char *info);
+void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst,
+                        const EVP_PKEY_ASN1_METHOD *src);
+void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth);
+void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth,
+                              int (*pub_decode) (EVP_PKEY *pk,
+                                                 X509_PUBKEY *pub),
+                              int (*pub_encode) (X509_PUBKEY *pub,
+                                                 const EVP_PKEY *pk),
+                              int (*pub_cmp) (const EVP_PKEY *a,
+                                              const EVP_PKEY *b),
+                              int (*pub_print) (BIO *out,
+                                                const EVP_PKEY *pkey,
+                                                int indent, ASN1_PCTX *pctx),
+                              int (*pkey_size) (const EVP_PKEY *pk),
+                              int (*pkey_bits) (const EVP_PKEY *pk));
+void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth,
+                               int (*priv_decode) (EVP_PKEY *pk,
+                                                   const PKCS8_PRIV_KEY_INFO
+                                                   *p8inf),
+                               int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8,
+                                                   const EVP_PKEY *pk),
+                               int (*priv_print) (BIO *out,
+                                                  const EVP_PKEY *pkey,
+                                                  int indent,
+                                                  ASN1_PCTX *pctx));
+void EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth,
+                             int (*param_decode) (EVP_PKEY *pkey,
+                                                  const unsigned char **pder,
+                                                  int derlen),
+                             int (*param_encode) (const EVP_PKEY *pkey,
+                                                  unsigned char **pder),
+                             int (*param_missing) (const EVP_PKEY *pk),
+                             int (*param_copy) (EVP_PKEY *to,
+                                                const EVP_PKEY *from),
+                             int (*param_cmp) (const EVP_PKEY *a,
+                                               const EVP_PKEY *b),
+                             int (*param_print) (BIO *out,
+                                                 const EVP_PKEY *pkey,
+                                                 int indent,
+                                                 ASN1_PCTX *pctx));
+
+void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth,
+                            void (*pkey_free) (EVP_PKEY *pkey));
+void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
+                            int (*pkey_ctrl) (EVP_PKEY *pkey, int op,
+                                              long arg1, void *arg2));
+void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth,
+                            int (*item_verify) (EVP_MD_CTX *ctx,
+                                                const ASN1_ITEM *it,
+                                                void *asn,
+                                                X509_ALGOR *a,
+                                                ASN1_BIT_STRING *sig,
+                                                EVP_PKEY *pkey),
+                            int (*item_sign) (EVP_MD_CTX *ctx,
+                                              const ASN1_ITEM *it,
+                                              void *asn,
+                                              X509_ALGOR *alg1,
+                                              X509_ALGOR *alg2,
+                                              ASN1_BIT_STRING *sig));
+
+void EVP_PKEY_asn1_set_siginf(EVP_PKEY_ASN1_METHOD *ameth,
+                              int (*siginf_set) (X509_SIG_INFO *siginf,
+                                                 const X509_ALGOR *alg,
+                                                 const ASN1_STRING *sig));
+
+void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth,
+                             int (*pkey_check) (const EVP_PKEY *pk));
+
+void EVP_PKEY_asn1_set_public_check(EVP_PKEY_ASN1_METHOD *ameth,
+                                    int (*pkey_pub_check) (const EVP_PKEY *pk));
+
+void EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth,
+                                   int (*pkey_param_check) (const EVP_PKEY *pk));
+
+void EVP_PKEY_asn1_set_set_priv_key(EVP_PKEY_ASN1_METHOD *ameth,
+                                    int (*set_priv_key) (EVP_PKEY *pk,
+                                                         const unsigned char
+                                                            *priv,
+                                                         size_t len));
+void EVP_PKEY_asn1_set_set_pub_key(EVP_PKEY_ASN1_METHOD *ameth,
+                                   int (*set_pub_key) (EVP_PKEY *pk,
+                                                       const unsigned char *pub,
+                                                       size_t len));
+void EVP_PKEY_asn1_set_get_priv_key(EVP_PKEY_ASN1_METHOD *ameth,
+                                    int (*get_priv_key) (const EVP_PKEY *pk,
+                                                         unsigned char *priv,
+                                                         size_t *len));
+void EVP_PKEY_asn1_set_get_pub_key(EVP_PKEY_ASN1_METHOD *ameth,
+                                   int (*get_pub_key) (const EVP_PKEY *pk,
+                                                       unsigned char *pub,
+                                                       size_t *len));
+
+void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth,
+                                     int (*pkey_security_bits) (const EVP_PKEY
+                                                                *pk));
+
+# define EVP_PKEY_OP_UNDEFINED           0
+# define EVP_PKEY_OP_PARAMGEN            (1<<1)
+# define EVP_PKEY_OP_KEYGEN              (1<<2)
+# define EVP_PKEY_OP_SIGN                (1<<3)
+# define EVP_PKEY_OP_VERIFY              (1<<4)
+# define EVP_PKEY_OP_VERIFYRECOVER       (1<<5)
+# define EVP_PKEY_OP_SIGNCTX             (1<<6)
+# define EVP_PKEY_OP_VERIFYCTX           (1<<7)
+# define EVP_PKEY_OP_ENCRYPT             (1<<8)
+# define EVP_PKEY_OP_DECRYPT             (1<<9)
+# define EVP_PKEY_OP_DERIVE              (1<<10)
+
+# define EVP_PKEY_OP_TYPE_SIG    \
+        (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY | EVP_PKEY_OP_VERIFYRECOVER \
+                | EVP_PKEY_OP_SIGNCTX | EVP_PKEY_OP_VERIFYCTX)
+
+# define EVP_PKEY_OP_TYPE_CRYPT \
+        (EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT)
+
+# define EVP_PKEY_OP_TYPE_NOGEN \
+        (EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_DERIVE)
+
+# define EVP_PKEY_OP_TYPE_GEN \
+                (EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN)
+
+# define  EVP_PKEY_CTX_set_signature_md(ctx, md) \
+                EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG,  \
+                                        EVP_PKEY_CTRL_MD, 0, (void *)(md))
+
+# define  EVP_PKEY_CTX_get_signature_md(ctx, pmd)        \
+                EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG,  \
+                                        EVP_PKEY_CTRL_GET_MD, 0, (void *)(pmd))
+
+# define  EVP_PKEY_CTX_set_mac_key(ctx, key, len)        \
+                EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_KEYGEN,  \
+                                  EVP_PKEY_CTRL_SET_MAC_KEY, len, (void *)(key))
+
+# define EVP_PKEY_CTRL_MD                1
+# define EVP_PKEY_CTRL_PEER_KEY          2
+
+# define EVP_PKEY_CTRL_PKCS7_ENCRYPT     3
+# define EVP_PKEY_CTRL_PKCS7_DECRYPT     4
+
+# define EVP_PKEY_CTRL_PKCS7_SIGN        5
+
+# define EVP_PKEY_CTRL_SET_MAC_KEY       6
+
+# define EVP_PKEY_CTRL_DIGESTINIT        7
+
+/* Used by GOST key encryption in TLS */
+# define EVP_PKEY_CTRL_SET_IV            8
+
+# define EVP_PKEY_CTRL_CMS_ENCRYPT       9
+# define EVP_PKEY_CTRL_CMS_DECRYPT       10
+# define EVP_PKEY_CTRL_CMS_SIGN          11
+
+# define EVP_PKEY_CTRL_CIPHER            12
+
+# define EVP_PKEY_CTRL_GET_MD            13
+
+# define EVP_PKEY_CTRL_SET_DIGEST_SIZE   14
+
+# define EVP_PKEY_ALG_CTRL               0x1000
+
+# define EVP_PKEY_FLAG_AUTOARGLEN        2
+/*
+ * Method handles all operations: don't assume any digest related defaults.
+ */
+# define EVP_PKEY_FLAG_SIGCTX_CUSTOM     4
+
+const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type);
+EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags);
+void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags,
+                             const EVP_PKEY_METHOD *meth);
+void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src);
+void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth);
+int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth);
+int EVP_PKEY_meth_remove(const EVP_PKEY_METHOD *pmeth);
+size_t EVP_PKEY_meth_get_count(void);
+const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx);
+
+EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e);
+EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e);
+EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *ctx);
+void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx);
+
+int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
+                      int cmd, int p1, void *p2);
+int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
+                          const char *value);
+int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype,
+                             int cmd, uint64_t value);
+
+int EVP_PKEY_CTX_str2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *str);
+int EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *hex);
+
+int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md);
+
+int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx);
+void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen);
+
+EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e,
+                               const unsigned char *key, int keylen);
+EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e,
+                                       const unsigned char *priv,
+                                       size_t len);
+EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e,
+                                      const unsigned char *pub,
+                                      size_t len);
+int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey, unsigned char *priv,
+                                 size_t *len);
+int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, unsigned char *pub,
+                                size_t *len);
+
+EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv,
+                                size_t len, const EVP_CIPHER *cipher);
+
+void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data);
+void *EVP_PKEY_CTX_get_data(EVP_PKEY_CTX *ctx);
+EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx);
+
+EVP_PKEY *EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx);
+
+void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data);
+void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx);
+
+int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
+                  unsigned char *sig, size_t *siglen,
+                  const unsigned char *tbs, size_t tbslen);
+int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
+                    const unsigned char *sig, size_t siglen,
+                    const unsigned char *tbs, size_t tbslen);
+int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
+                            unsigned char *rout, size_t *routlen,
+                            const unsigned char *sig, size_t siglen);
+int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx,
+                     unsigned char *out, size_t *outlen,
+                     const unsigned char *in, size_t inlen);
+int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
+                     unsigned char *out, size_t *outlen,
+                     const unsigned char *in, size_t inlen);
+
+int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
+int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
+
+typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
+
+int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
+int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
+int EVP_PKEY_check(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx);
+
+void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb);
+EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx);
+
+int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx);
+
+void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth,
+                            int (*init) (EVP_PKEY_CTX *ctx));
+
+void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth,
+                            int (*copy) (EVP_PKEY_CTX *dst,
+                                         EVP_PKEY_CTX *src));
+
+void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth,
+                               void (*cleanup) (EVP_PKEY_CTX *ctx));
+
+void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth,
+                                int (*paramgen_init) (EVP_PKEY_CTX *ctx),
+                                int (*paramgen) (EVP_PKEY_CTX *ctx,
+                                                 EVP_PKEY *pkey));
+
+void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth,
+                              int (*keygen_init) (EVP_PKEY_CTX *ctx),
+                              int (*keygen) (EVP_PKEY_CTX *ctx,
+                                             EVP_PKEY *pkey));
+
+void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth,
+                            int (*sign_init) (EVP_PKEY_CTX *ctx),
+                            int (*sign) (EVP_PKEY_CTX *ctx,
+                                         unsigned char *sig, size_t *siglen,
+                                         const unsigned char *tbs,
+                                         size_t tbslen));
+
+void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth,
+                              int (*verify_init) (EVP_PKEY_CTX *ctx),
+                              int (*verify) (EVP_PKEY_CTX *ctx,
+                                             const unsigned char *sig,
+                                             size_t siglen,
+                                             const unsigned char *tbs,
+                                             size_t tbslen));
+
+void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth,
+                                      int (*verify_recover_init) (EVP_PKEY_CTX
+                                                                  *ctx),
+                                      int (*verify_recover) (EVP_PKEY_CTX
+                                                             *ctx,
+                                                             unsigned char
+                                                             *sig,
+                                                             size_t *siglen,
+                                                             const unsigned
+                                                             char *tbs,
+                                                             size_t tbslen));
+
+void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth,
+                               int (*signctx_init) (EVP_PKEY_CTX *ctx,
+                                                    EVP_MD_CTX *mctx),
+                               int (*signctx) (EVP_PKEY_CTX *ctx,
+                                               unsigned char *sig,
+                                               size_t *siglen,
+                                               EVP_MD_CTX *mctx));
+
+void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth,
+                                 int (*verifyctx_init) (EVP_PKEY_CTX *ctx,
+                                                        EVP_MD_CTX *mctx),
+                                 int (*verifyctx) (EVP_PKEY_CTX *ctx,
+                                                   const unsigned char *sig,
+                                                   int siglen,
+                                                   EVP_MD_CTX *mctx));
+
+void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth,
+                               int (*encrypt_init) (EVP_PKEY_CTX *ctx),
+                               int (*encryptfn) (EVP_PKEY_CTX *ctx,
+                                                 unsigned char *out,
+                                                 size_t *outlen,
+                                                 const unsigned char *in,
+                                                 size_t inlen));
+
+void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth,
+                               int (*decrypt_init) (EVP_PKEY_CTX *ctx),
+                               int (*decrypt) (EVP_PKEY_CTX *ctx,
+                                               unsigned char *out,
+                                               size_t *outlen,
+                                               const unsigned char *in,
+                                               size_t inlen));
+
+void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth,
+                              int (*derive_init) (EVP_PKEY_CTX *ctx),
+                              int (*derive) (EVP_PKEY_CTX *ctx,
+                                             unsigned char *key,
+                                             size_t *keylen));
+
+void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
+                            int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1,
+                                         void *p2),
+                            int (*ctrl_str) (EVP_PKEY_CTX *ctx,
+                                             const char *type,
+                                             const char *value));
+
+void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth,
+                             int (*check) (EVP_PKEY *pkey));
+
+void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth,
+                                    int (*check) (EVP_PKEY *pkey));
+
+void EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth,
+                                   int (*check) (EVP_PKEY *pkey));
+
+void EVP_PKEY_meth_set_digest_custom(EVP_PKEY_METHOD *pmeth,
+                                     int (*digest_custom) (EVP_PKEY_CTX *ctx,
+                                                           EVP_MD_CTX *mctx));
+
+void EVP_PKEY_meth_get_init(const EVP_PKEY_METHOD *pmeth,
+                            int (**pinit) (EVP_PKEY_CTX *ctx));
+
+void EVP_PKEY_meth_get_copy(const EVP_PKEY_METHOD *pmeth,
+                            int (**pcopy) (EVP_PKEY_CTX *dst,
+                                           EVP_PKEY_CTX *src));
+
+void EVP_PKEY_meth_get_cleanup(const EVP_PKEY_METHOD *pmeth,
+                               void (**pcleanup) (EVP_PKEY_CTX *ctx));
+
+void EVP_PKEY_meth_get_paramgen(const EVP_PKEY_METHOD *pmeth,
+                                int (**pparamgen_init) (EVP_PKEY_CTX *ctx),
+                                int (**pparamgen) (EVP_PKEY_CTX *ctx,
+                                                   EVP_PKEY *pkey));
+
+void EVP_PKEY_meth_get_keygen(const EVP_PKEY_METHOD *pmeth,
+                              int (**pkeygen_init) (EVP_PKEY_CTX *ctx),
+                              int (**pkeygen) (EVP_PKEY_CTX *ctx,
+                                               EVP_PKEY *pkey));
+
+void EVP_PKEY_meth_get_sign(const EVP_PKEY_METHOD *pmeth,
+                            int (**psign_init) (EVP_PKEY_CTX *ctx),
+                            int (**psign) (EVP_PKEY_CTX *ctx,
+                                           unsigned char *sig, size_t *siglen,
+                                           const unsigned char *tbs,
+                                           size_t tbslen));
+
+void EVP_PKEY_meth_get_verify(const EVP_PKEY_METHOD *pmeth,
+                              int (**pverify_init) (EVP_PKEY_CTX *ctx),
+                              int (**pverify) (EVP_PKEY_CTX *ctx,
+                                               const unsigned char *sig,
+                                               size_t siglen,
+                                               const unsigned char *tbs,
+                                               size_t tbslen));
+
+void EVP_PKEY_meth_get_verify_recover(const EVP_PKEY_METHOD *pmeth,
+                                      int (**pverify_recover_init) (EVP_PKEY_CTX
+                                                                    *ctx),
+                                      int (**pverify_recover) (EVP_PKEY_CTX
+                                                               *ctx,
+                                                               unsigned char
+                                                               *sig,
+                                                               size_t *siglen,
+                                                               const unsigned
+                                                               char *tbs,
+                                                               size_t tbslen));
+
+void EVP_PKEY_meth_get_signctx(const EVP_PKEY_METHOD *pmeth,
+                               int (**psignctx_init) (EVP_PKEY_CTX *ctx,
+                                                      EVP_MD_CTX *mctx),
+                               int (**psignctx) (EVP_PKEY_CTX *ctx,
+                                                 unsigned char *sig,
+                                                 size_t *siglen,
+                                                 EVP_MD_CTX *mctx));
+
+void EVP_PKEY_meth_get_verifyctx(const EVP_PKEY_METHOD *pmeth,
+                                 int (**pverifyctx_init) (EVP_PKEY_CTX *ctx,
+                                                          EVP_MD_CTX *mctx),
+                                 int (**pverifyctx) (EVP_PKEY_CTX *ctx,
+                                                     const unsigned char *sig,
+                                                     int siglen,
+                                                     EVP_MD_CTX *mctx));
+
+void EVP_PKEY_meth_get_encrypt(const EVP_PKEY_METHOD *pmeth,
+                               int (**pencrypt_init) (EVP_PKEY_CTX *ctx),
+                               int (**pencryptfn) (EVP_PKEY_CTX *ctx,
+                                                   unsigned char *out,
+                                                   size_t *outlen,
+                                                   const unsigned char *in,
+                                                   size_t inlen));
+
+void EVP_PKEY_meth_get_decrypt(const EVP_PKEY_METHOD *pmeth,
+                               int (**pdecrypt_init) (EVP_PKEY_CTX *ctx),
+                               int (**pdecrypt) (EVP_PKEY_CTX *ctx,
+                                                 unsigned char *out,
+                                                 size_t *outlen,
+                                                 const unsigned char *in,
+                                                 size_t inlen));
+
+void EVP_PKEY_meth_get_derive(const EVP_PKEY_METHOD *pmeth,
+                              int (**pderive_init) (EVP_PKEY_CTX *ctx),
+                              int (**pderive) (EVP_PKEY_CTX *ctx,
+                                               unsigned char *key,
+                                               size_t *keylen));
+
+void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth,
+                            int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1,
+                                           void *p2),
+                            int (**pctrl_str) (EVP_PKEY_CTX *ctx,
+                                               const char *type,
+                                               const char *value));
+
+void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth,
+                             int (**pcheck) (EVP_PKEY *pkey));
+
+void EVP_PKEY_meth_get_public_check(const EVP_PKEY_METHOD *pmeth,
+                                    int (**pcheck) (EVP_PKEY *pkey));
+
+void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD *pmeth,
+                                   int (**pcheck) (EVP_PKEY *pkey));
+
+void EVP_PKEY_meth_get_digest_custom(EVP_PKEY_METHOD *pmeth,
+                                     int (**pdigest_custom) (EVP_PKEY_CTX *ctx,
+                                                             EVP_MD_CTX *mctx));
+void EVP_add_alg_module(void);
+
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/evperr.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/evperr.h
new file mode 100644
index 000000000..84f03eb3c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/evperr.h
@@ -0,0 +1,194 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_EVPERR_H
+# define HEADER_EVPERR_H
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_EVP_strings(void);
+
+/*
+ * EVP function codes.
+ */
+# define EVP_F_AESNI_INIT_KEY                             165
+# define EVP_F_AES_GCM_CTRL                               196
+# define EVP_F_AES_INIT_KEY                               133
+# define EVP_F_AES_OCB_CIPHER                             169
+# define EVP_F_AES_T4_INIT_KEY                            178
+# define EVP_F_AES_WRAP_CIPHER                            170
+# define EVP_F_ALG_MODULE_INIT                            177
+# define EVP_F_ARIA_CCM_INIT_KEY                          175
+# define EVP_F_ARIA_GCM_CTRL                              197
+# define EVP_F_ARIA_GCM_INIT_KEY                          176
+# define EVP_F_ARIA_INIT_KEY                              185
+# define EVP_F_B64_NEW                                    198
+# define EVP_F_CAMELLIA_INIT_KEY                          159
+# define EVP_F_CHACHA20_POLY1305_CTRL                     182
+# define EVP_F_CMLL_T4_INIT_KEY                           179
+# define EVP_F_DES_EDE3_WRAP_CIPHER                       171
+# define EVP_F_DO_SIGVER_INIT                             161
+# define EVP_F_ENC_NEW                                    199
+# define EVP_F_EVP_CIPHERINIT_EX                          123
+# define EVP_F_EVP_CIPHER_ASN1_TO_PARAM                   204
+# define EVP_F_EVP_CIPHER_CTX_COPY                        163
+# define EVP_F_EVP_CIPHER_CTX_CTRL                        124
+# define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH              122
+# define EVP_F_EVP_CIPHER_PARAM_TO_ASN1                   205
+# define EVP_F_EVP_DECRYPTFINAL_EX                        101
+# define EVP_F_EVP_DECRYPTUPDATE                          166
+# define EVP_F_EVP_DIGESTFINALXOF                         174
+# define EVP_F_EVP_DIGESTINIT_EX                          128
+# define EVP_F_EVP_ENCRYPTDECRYPTUPDATE                   219
+# define EVP_F_EVP_ENCRYPTFINAL_EX                        127
+# define EVP_F_EVP_ENCRYPTUPDATE                          167
+# define EVP_F_EVP_MD_CTX_COPY_EX                         110
+# define EVP_F_EVP_MD_SIZE                                162
+# define EVP_F_EVP_OPENINIT                               102
+# define EVP_F_EVP_PBE_ALG_ADD                            115
+# define EVP_F_EVP_PBE_ALG_ADD_TYPE                       160
+# define EVP_F_EVP_PBE_CIPHERINIT                         116
+# define EVP_F_EVP_PBE_SCRYPT                             181
+# define EVP_F_EVP_PKCS82PKEY                             111
+# define EVP_F_EVP_PKEY2PKCS8                             113
+# define EVP_F_EVP_PKEY_ASN1_ADD0                         188
+# define EVP_F_EVP_PKEY_CHECK                             186
+# define EVP_F_EVP_PKEY_COPY_PARAMETERS                   103
+# define EVP_F_EVP_PKEY_CTX_CTRL                          137
+# define EVP_F_EVP_PKEY_CTX_CTRL_STR                      150
+# define EVP_F_EVP_PKEY_CTX_DUP                           156
+# define EVP_F_EVP_PKEY_CTX_MD                            168
+# define EVP_F_EVP_PKEY_DECRYPT                           104
+# define EVP_F_EVP_PKEY_DECRYPT_INIT                      138
+# define EVP_F_EVP_PKEY_DECRYPT_OLD                       151
+# define EVP_F_EVP_PKEY_DERIVE                            153
+# define EVP_F_EVP_PKEY_DERIVE_INIT                       154
+# define EVP_F_EVP_PKEY_DERIVE_SET_PEER                   155
+# define EVP_F_EVP_PKEY_ENCRYPT                           105
+# define EVP_F_EVP_PKEY_ENCRYPT_INIT                      139
+# define EVP_F_EVP_PKEY_ENCRYPT_OLD                       152
+# define EVP_F_EVP_PKEY_GET0_DH                           119
+# define EVP_F_EVP_PKEY_GET0_DSA                          120
+# define EVP_F_EVP_PKEY_GET0_EC_KEY                       131
+# define EVP_F_EVP_PKEY_GET0_HMAC                         183
+# define EVP_F_EVP_PKEY_GET0_POLY1305                     184
+# define EVP_F_EVP_PKEY_GET0_RSA                          121
+# define EVP_F_EVP_PKEY_GET0_SIPHASH                      172
+# define EVP_F_EVP_PKEY_GET_RAW_PRIVATE_KEY               202
+# define EVP_F_EVP_PKEY_GET_RAW_PUBLIC_KEY                203
+# define EVP_F_EVP_PKEY_KEYGEN                            146
+# define EVP_F_EVP_PKEY_KEYGEN_INIT                       147
+# define EVP_F_EVP_PKEY_METH_ADD0                         194
+# define EVP_F_EVP_PKEY_METH_NEW                          195
+# define EVP_F_EVP_PKEY_NEW                               106
+# define EVP_F_EVP_PKEY_NEW_CMAC_KEY                      193
+# define EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY               191
+# define EVP_F_EVP_PKEY_NEW_RAW_PUBLIC_KEY                192
+# define EVP_F_EVP_PKEY_PARAMGEN                          148
+# define EVP_F_EVP_PKEY_PARAMGEN_INIT                     149
+# define EVP_F_EVP_PKEY_PARAM_CHECK                       189
+# define EVP_F_EVP_PKEY_PUBLIC_CHECK                      190
+# define EVP_F_EVP_PKEY_SET1_ENGINE                       187
+# define EVP_F_EVP_PKEY_SET_ALIAS_TYPE                    206
+# define EVP_F_EVP_PKEY_SIGN                              140
+# define EVP_F_EVP_PKEY_SIGN_INIT                         141
+# define EVP_F_EVP_PKEY_VERIFY                            142
+# define EVP_F_EVP_PKEY_VERIFY_INIT                       143
+# define EVP_F_EVP_PKEY_VERIFY_RECOVER                    144
+# define EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT               145
+# define EVP_F_EVP_SIGNFINAL                              107
+# define EVP_F_EVP_VERIFYFINAL                            108
+# define EVP_F_INT_CTX_NEW                                157
+# define EVP_F_OK_NEW                                     200
+# define EVP_F_PKCS5_PBE_KEYIVGEN                         117
+# define EVP_F_PKCS5_V2_PBE_KEYIVGEN                      118
+# define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN                   164
+# define EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN                   180
+# define EVP_F_PKEY_SET_TYPE                              158
+# define EVP_F_RC2_MAGIC_TO_METH                          109
+# define EVP_F_RC5_CTRL                                   125
+# define EVP_F_S390X_AES_GCM_CTRL                         201
+# define EVP_F_UPDATE                                     173
+
+/*
+ * EVP reason codes.
+ */
+# define EVP_R_AES_KEY_SETUP_FAILED                       143
+# define EVP_R_ARIA_KEY_SETUP_FAILED                      176
+# define EVP_R_BAD_DECRYPT                                100
+# define EVP_R_BUFFER_TOO_SMALL                           155
+# define EVP_R_CAMELLIA_KEY_SETUP_FAILED                  157
+# define EVP_R_CIPHER_PARAMETER_ERROR                     122
+# define EVP_R_COMMAND_NOT_SUPPORTED                      147
+# define EVP_R_COPY_ERROR                                 173
+# define EVP_R_CTRL_NOT_IMPLEMENTED                       132
+# define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED             133
+# define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH          138
+# define EVP_R_DECODE_ERROR                               114
+# define EVP_R_DIFFERENT_KEY_TYPES                        101
+# define EVP_R_DIFFERENT_PARAMETERS                       153
+# define EVP_R_ERROR_LOADING_SECTION                      165
+# define EVP_R_ERROR_SETTING_FIPS_MODE                    166
+# define EVP_R_EXPECTING_AN_HMAC_KEY                      174
+# define EVP_R_EXPECTING_AN_RSA_KEY                       127
+# define EVP_R_EXPECTING_A_DH_KEY                         128
+# define EVP_R_EXPECTING_A_DSA_KEY                        129
+# define EVP_R_EXPECTING_A_EC_KEY                         142
+# define EVP_R_EXPECTING_A_POLY1305_KEY                   164
+# define EVP_R_EXPECTING_A_SIPHASH_KEY                    175
+# define EVP_R_FIPS_MODE_NOT_SUPPORTED                    167
+# define EVP_R_GET_RAW_KEY_FAILED                         182
+# define EVP_R_ILLEGAL_SCRYPT_PARAMETERS                  171
+# define EVP_R_INITIALIZATION_ERROR                       134
+# define EVP_R_INPUT_NOT_INITIALIZED                      111
+# define EVP_R_INVALID_DIGEST                             152
+# define EVP_R_INVALID_FIPS_MODE                          168
+# define EVP_R_INVALID_KEY                                163
+# define EVP_R_INVALID_KEY_LENGTH                         130
+# define EVP_R_INVALID_OPERATION                          148
+# define EVP_R_KEYGEN_FAILURE                             120
+# define EVP_R_KEY_SETUP_FAILED                           180
+# define EVP_R_MEMORY_LIMIT_EXCEEDED                      172
+# define EVP_R_MESSAGE_DIGEST_IS_NULL                     159
+# define EVP_R_METHOD_NOT_SUPPORTED                       144
+# define EVP_R_MISSING_PARAMETERS                         103
+# define EVP_R_NOT_XOF_OR_INVALID_LENGTH                  178
+# define EVP_R_NO_CIPHER_SET                              131
+# define EVP_R_NO_DEFAULT_DIGEST                          158
+# define EVP_R_NO_DIGEST_SET                              139
+# define EVP_R_NO_KEY_SET                                 154
+# define EVP_R_NO_OPERATION_SET                           149
+# define EVP_R_ONLY_ONESHOT_SUPPORTED                     177
+# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE   150
+# define EVP_R_OPERATON_NOT_INITIALIZED                   151
+# define EVP_R_PARTIALLY_OVERLAPPING                      162
+# define EVP_R_PBKDF2_ERROR                               181
+# define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 179
+# define EVP_R_PRIVATE_KEY_DECODE_ERROR                   145
+# define EVP_R_PRIVATE_KEY_ENCODE_ERROR                   146
+# define EVP_R_PUBLIC_KEY_NOT_RSA                         106
+# define EVP_R_UNKNOWN_CIPHER                             160
+# define EVP_R_UNKNOWN_DIGEST                             161
+# define EVP_R_UNKNOWN_OPTION                             169
+# define EVP_R_UNKNOWN_PBE_ALGORITHM                      121
+# define EVP_R_UNSUPPORTED_ALGORITHM                      156
+# define EVP_R_UNSUPPORTED_CIPHER                         107
+# define EVP_R_UNSUPPORTED_KEYLENGTH                      123
+# define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION        124
+# define EVP_R_UNSUPPORTED_KEY_SIZE                       108
+# define EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS               135
+# define EVP_R_UNSUPPORTED_PRF                            125
+# define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM          118
+# define EVP_R_UNSUPPORTED_SALT_TYPE                      126
+# define EVP_R_WRAP_MODE_NOT_ALLOWED                      170
+# define EVP_R_WRONG_FINAL_BLOCK_LENGTH                   109
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/hmac.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/hmac.h
new file mode 100644
index 000000000..458efc1d5
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/hmac.h
@@ -0,0 +1,51 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_HMAC_H
+# define HEADER_HMAC_H
+
+# include <openssl/opensslconf.h>
+
+# include <openssl/evp.h>
+
+# if OPENSSL_API_COMPAT < 0x10200000L
+#  define HMAC_MAX_MD_CBLOCK      128    /* Deprecated */
+# endif
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+size_t HMAC_size(const HMAC_CTX *e);
+HMAC_CTX *HMAC_CTX_new(void);
+int HMAC_CTX_reset(HMAC_CTX *ctx);
+void HMAC_CTX_free(HMAC_CTX *ctx);
+
+DEPRECATEDIN_1_1_0(__owur int HMAC_Init(HMAC_CTX *ctx, const void *key, int len,
+                     const EVP_MD *md))
+
+/*__owur*/ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
+                            const EVP_MD *md, ENGINE *impl);
+/*__owur*/ int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data,
+                           size_t len);
+/*__owur*/ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md,
+                          unsigned int *len);
+unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
+                    const unsigned char *d, size_t n, unsigned char *md,
+                    unsigned int *md_len);
+__owur int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx);
+
+void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags);
+const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx);
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/idea.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/idea.h
new file mode 100644
index 000000000..4334f3ea7
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/idea.h
@@ -0,0 +1,64 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_IDEA_H
+# define HEADER_IDEA_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_IDEA
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+typedef unsigned int IDEA_INT;
+
+# define IDEA_ENCRYPT    1
+# define IDEA_DECRYPT    0
+
+# define IDEA_BLOCK      8
+# define IDEA_KEY_LENGTH 16
+
+typedef struct idea_key_st {
+    IDEA_INT data[9][6];
+} IDEA_KEY_SCHEDULE;
+
+const char *IDEA_options(void);
+void IDEA_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                      IDEA_KEY_SCHEDULE *ks);
+void IDEA_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks);
+void IDEA_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk);
+void IDEA_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                      long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,
+                      int enc);
+void IDEA_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                        long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,
+                        int *num, int enc);
+void IDEA_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                        long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,
+                        int *num);
+void IDEA_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks);
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define idea_options          IDEA_options
+#  define idea_ecb_encrypt      IDEA_ecb_encrypt
+#  define idea_set_encrypt_key  IDEA_set_encrypt_key
+#  define idea_set_decrypt_key  IDEA_set_decrypt_key
+#  define idea_cbc_encrypt      IDEA_cbc_encrypt
+#  define idea_cfb64_encrypt    IDEA_cfb64_encrypt
+#  define idea_ofb64_encrypt    IDEA_ofb64_encrypt
+#  define idea_encrypt          IDEA_encrypt
+# endif
+
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/kdf.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/kdf.h
new file mode 100644
index 000000000..5abd4c371
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/kdf.h
@@ -0,0 +1,97 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_KDF_H
+# define HEADER_KDF_H
+
+# include <openssl/kdferr.h>
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# define EVP_PKEY_CTRL_TLS_MD                   (EVP_PKEY_ALG_CTRL)
+# define EVP_PKEY_CTRL_TLS_SECRET               (EVP_PKEY_ALG_CTRL + 1)
+# define EVP_PKEY_CTRL_TLS_SEED                 (EVP_PKEY_ALG_CTRL + 2)
+# define EVP_PKEY_CTRL_HKDF_MD                  (EVP_PKEY_ALG_CTRL + 3)
+# define EVP_PKEY_CTRL_HKDF_SALT                (EVP_PKEY_ALG_CTRL + 4)
+# define EVP_PKEY_CTRL_HKDF_KEY                 (EVP_PKEY_ALG_CTRL + 5)
+# define EVP_PKEY_CTRL_HKDF_INFO                (EVP_PKEY_ALG_CTRL + 6)
+# define EVP_PKEY_CTRL_HKDF_MODE                (EVP_PKEY_ALG_CTRL + 7)
+# define EVP_PKEY_CTRL_PASS                     (EVP_PKEY_ALG_CTRL + 8)
+# define EVP_PKEY_CTRL_SCRYPT_SALT              (EVP_PKEY_ALG_CTRL + 9)
+# define EVP_PKEY_CTRL_SCRYPT_N                 (EVP_PKEY_ALG_CTRL + 10)
+# define EVP_PKEY_CTRL_SCRYPT_R                 (EVP_PKEY_ALG_CTRL + 11)
+# define EVP_PKEY_CTRL_SCRYPT_P                 (EVP_PKEY_ALG_CTRL + 12)
+# define EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES      (EVP_PKEY_ALG_CTRL + 13)
+
+# define EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND 0
+# define EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY       1
+# define EVP_PKEY_HKDEF_MODE_EXPAND_ONLY        2
+
+# define EVP_PKEY_CTX_set_tls1_prf_md(pctx, md) \
+            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                              EVP_PKEY_CTRL_TLS_MD, 0, (void *)(md))
+
+# define EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, sec, seclen) \
+            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                              EVP_PKEY_CTRL_TLS_SECRET, seclen, (void *)(sec))
+
+# define EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed, seedlen) \
+            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                              EVP_PKEY_CTRL_TLS_SEED, seedlen, (void *)(seed))
+
+# define EVP_PKEY_CTX_set_hkdf_md(pctx, md) \
+            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                              EVP_PKEY_CTRL_HKDF_MD, 0, (void *)(md))
+
+# define EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, saltlen) \
+            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                              EVP_PKEY_CTRL_HKDF_SALT, saltlen, (void *)(salt))
+
+# define EVP_PKEY_CTX_set1_hkdf_key(pctx, key, keylen) \
+            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                              EVP_PKEY_CTRL_HKDF_KEY, keylen, (void *)(key))
+
+# define EVP_PKEY_CTX_add1_hkdf_info(pctx, info, infolen) \
+            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                              EVP_PKEY_CTRL_HKDF_INFO, infolen, (void *)(info))
+
+# define EVP_PKEY_CTX_hkdf_mode(pctx, mode) \
+            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                              EVP_PKEY_CTRL_HKDF_MODE, mode, NULL)
+
+# define EVP_PKEY_CTX_set1_pbe_pass(pctx, pass, passlen) \
+            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                            EVP_PKEY_CTRL_PASS, passlen, (void *)(pass))
+
+# define EVP_PKEY_CTX_set1_scrypt_salt(pctx, salt, saltlen) \
+            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                            EVP_PKEY_CTRL_SCRYPT_SALT, saltlen, (void *)(salt))
+
+# define EVP_PKEY_CTX_set_scrypt_N(pctx, n) \
+            EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                            EVP_PKEY_CTRL_SCRYPT_N, n)
+
+# define EVP_PKEY_CTX_set_scrypt_r(pctx, r) \
+            EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                            EVP_PKEY_CTRL_SCRYPT_R, r)
+
+# define EVP_PKEY_CTX_set_scrypt_p(pctx, p) \
+            EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                            EVP_PKEY_CTRL_SCRYPT_P, p)
+
+# define EVP_PKEY_CTX_set_scrypt_maxmem_bytes(pctx, maxmem_bytes) \
+            EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                            EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES, maxmem_bytes)
+
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/kdferr.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/kdferr.h
new file mode 100644
index 000000000..6437c271d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/kdferr.h
@@ -0,0 +1,51 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_KDFERR_H
+# define HEADER_KDFERR_H
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_KDF_strings(void);
+
+/*
+ * KDF function codes.
+ */
+# define KDF_F_PKEY_HKDF_CTRL_STR                         103
+# define KDF_F_PKEY_HKDF_DERIVE                           102
+# define KDF_F_PKEY_HKDF_INIT                             108
+# define KDF_F_PKEY_SCRYPT_CTRL_STR                       104
+# define KDF_F_PKEY_SCRYPT_CTRL_UINT64                    105
+# define KDF_F_PKEY_SCRYPT_DERIVE                         109
+# define KDF_F_PKEY_SCRYPT_INIT                           106
+# define KDF_F_PKEY_SCRYPT_SET_MEMBUF                     107
+# define KDF_F_PKEY_TLS1_PRF_CTRL_STR                     100
+# define KDF_F_PKEY_TLS1_PRF_DERIVE                       101
+# define KDF_F_PKEY_TLS1_PRF_INIT                         110
+# define KDF_F_TLS1_PRF_ALG                               111
+
+/*
+ * KDF reason codes.
+ */
+# define KDF_R_INVALID_DIGEST                             100
+# define KDF_R_MISSING_ITERATION_COUNT                    109
+# define KDF_R_MISSING_KEY                                104
+# define KDF_R_MISSING_MESSAGE_DIGEST                     105
+# define KDF_R_MISSING_PARAMETER                          101
+# define KDF_R_MISSING_PASS                               110
+# define KDF_R_MISSING_SALT                               111
+# define KDF_R_MISSING_SECRET                             107
+# define KDF_R_MISSING_SEED                               106
+# define KDF_R_UNKNOWN_PARAMETER_TYPE                     103
+# define KDF_R_VALUE_ERROR                                108
+# define KDF_R_VALUE_MISSING                              102
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/lhash.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/lhash.h
new file mode 100644
index 000000000..47b99d17f
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/lhash.h
@@ -0,0 +1,242 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Header for dynamic hash table routines Author - Eric Young
+ */
+
+#ifndef HEADER_LHASH_H
+# define HEADER_LHASH_H
+
+# include <openssl/e_os2.h>
+# include <openssl/bio.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+typedef struct lhash_node_st OPENSSL_LH_NODE;
+typedef int (*OPENSSL_LH_COMPFUNC) (const void *, const void *);
+typedef unsigned long (*OPENSSL_LH_HASHFUNC) (const void *);
+typedef void (*OPENSSL_LH_DOALL_FUNC) (void *);
+typedef void (*OPENSSL_LH_DOALL_FUNCARG) (void *, void *);
+typedef struct lhash_st OPENSSL_LHASH;
+
+/*
+ * Macros for declaring and implementing type-safe wrappers for LHASH
+ * callbacks. This way, callbacks can be provided to LHASH structures without
+ * function pointer casting and the macro-defined callbacks provide
+ * per-variable casting before deferring to the underlying type-specific
+ * callbacks. NB: It is possible to place a "static" in front of both the
+ * DECLARE and IMPLEMENT macros if the functions are strictly internal.
+ */
+
+/* First: "hash" functions */
+# define DECLARE_LHASH_HASH_FN(name, o_type) \
+        unsigned long name##_LHASH_HASH(const void *);
+# define IMPLEMENT_LHASH_HASH_FN(name, o_type) \
+        unsigned long name##_LHASH_HASH(const void *arg) { \
+                const o_type *a = arg; \
+                return name##_hash(a); }
+# define LHASH_HASH_FN(name) name##_LHASH_HASH
+
+/* Second: "compare" functions */
+# define DECLARE_LHASH_COMP_FN(name, o_type) \
+        int name##_LHASH_COMP(const void *, const void *);
+# define IMPLEMENT_LHASH_COMP_FN(name, o_type) \
+        int name##_LHASH_COMP(const void *arg1, const void *arg2) { \
+                const o_type *a = arg1;             \
+                const o_type *b = arg2; \
+                return name##_cmp(a,b); }
+# define LHASH_COMP_FN(name) name##_LHASH_COMP
+
+/* Fourth: "doall_arg" functions */
+# define DECLARE_LHASH_DOALL_ARG_FN(name, o_type, a_type) \
+        void name##_LHASH_DOALL_ARG(void *, void *);
+# define IMPLEMENT_LHASH_DOALL_ARG_FN(name, o_type, a_type) \
+        void name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \
+                o_type *a = arg1; \
+                a_type *b = arg2; \
+                name##_doall_arg(a, b); }
+# define LHASH_DOALL_ARG_FN(name) name##_LHASH_DOALL_ARG
+
+
+# define LH_LOAD_MULT    256
+
+int OPENSSL_LH_error(OPENSSL_LHASH *lh);
+OPENSSL_LHASH *OPENSSL_LH_new(OPENSSL_LH_HASHFUNC h, OPENSSL_LH_COMPFUNC c);
+void OPENSSL_LH_free(OPENSSL_LHASH *lh);
+void *OPENSSL_LH_insert(OPENSSL_LHASH *lh, void *data);
+void *OPENSSL_LH_delete(OPENSSL_LHASH *lh, const void *data);
+void *OPENSSL_LH_retrieve(OPENSSL_LHASH *lh, const void *data);
+void OPENSSL_LH_doall(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNC func);
+void OPENSSL_LH_doall_arg(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNCARG func, void *arg);
+unsigned long OPENSSL_LH_strhash(const char *c);
+unsigned long OPENSSL_LH_num_items(const OPENSSL_LHASH *lh);
+unsigned long OPENSSL_LH_get_down_load(const OPENSSL_LHASH *lh);
+void OPENSSL_LH_set_down_load(OPENSSL_LHASH *lh, unsigned long down_load);
+
+# ifndef OPENSSL_NO_STDIO
+void OPENSSL_LH_stats(const OPENSSL_LHASH *lh, FILE *fp);
+void OPENSSL_LH_node_stats(const OPENSSL_LHASH *lh, FILE *fp);
+void OPENSSL_LH_node_usage_stats(const OPENSSL_LHASH *lh, FILE *fp);
+# endif
+void OPENSSL_LH_stats_bio(const OPENSSL_LHASH *lh, BIO *out);
+void OPENSSL_LH_node_stats_bio(const OPENSSL_LHASH *lh, BIO *out);
+void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out);
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define _LHASH OPENSSL_LHASH
+#  define LHASH_NODE OPENSSL_LH_NODE
+#  define lh_error OPENSSL_LH_error
+#  define lh_new OPENSSL_LH_new
+#  define lh_free OPENSSL_LH_free
+#  define lh_insert OPENSSL_LH_insert
+#  define lh_delete OPENSSL_LH_delete
+#  define lh_retrieve OPENSSL_LH_retrieve
+#  define lh_doall OPENSSL_LH_doall
+#  define lh_doall_arg OPENSSL_LH_doall_arg
+#  define lh_strhash OPENSSL_LH_strhash
+#  define lh_num_items OPENSSL_LH_num_items
+#  ifndef OPENSSL_NO_STDIO
+#   define lh_stats OPENSSL_LH_stats
+#   define lh_node_stats OPENSSL_LH_node_stats
+#   define lh_node_usage_stats OPENSSL_LH_node_usage_stats
+#  endif
+#  define lh_stats_bio OPENSSL_LH_stats_bio
+#  define lh_node_stats_bio OPENSSL_LH_node_stats_bio
+#  define lh_node_usage_stats_bio OPENSSL_LH_node_usage_stats_bio
+# endif
+
+/* Type checking... */
+
+# define LHASH_OF(type) struct lhash_st_##type
+
+# define DEFINE_LHASH_OF(type) \
+    LHASH_OF(type) { union lh_##type##_dummy { void* d1; unsigned long d2; int d3; } dummy; }; \
+    static ossl_inline LHASH_OF(type) * \
+        lh_##type##_new(unsigned long (*hfn)(const type *), \
+                        int (*cfn)(const type *, const type *)) \
+    { \
+        return (LHASH_OF(type) *) \
+            OPENSSL_LH_new((OPENSSL_LH_HASHFUNC)hfn, (OPENSSL_LH_COMPFUNC)cfn); \
+    } \
+    static ossl_unused ossl_inline void lh_##type##_free(LHASH_OF(type) *lh) \
+    { \
+        OPENSSL_LH_free((OPENSSL_LHASH *)lh); \
+    } \
+    static ossl_unused ossl_inline type *lh_##type##_insert(LHASH_OF(type) *lh, type *d) \
+    { \
+        return (type *)OPENSSL_LH_insert((OPENSSL_LHASH *)lh, d); \
+    } \
+    static ossl_unused ossl_inline type *lh_##type##_delete(LHASH_OF(type) *lh, const type *d) \
+    { \
+        return (type *)OPENSSL_LH_delete((OPENSSL_LHASH *)lh, d); \
+    } \
+    static ossl_unused ossl_inline type *lh_##type##_retrieve(LHASH_OF(type) *lh, const type *d) \
+    { \
+        return (type *)OPENSSL_LH_retrieve((OPENSSL_LHASH *)lh, d); \
+    } \
+    static ossl_unused ossl_inline int lh_##type##_error(LHASH_OF(type) *lh) \
+    { \
+        return OPENSSL_LH_error((OPENSSL_LHASH *)lh); \
+    } \
+    static ossl_unused ossl_inline unsigned long lh_##type##_num_items(LHASH_OF(type) *lh) \
+    { \
+        return OPENSSL_LH_num_items((OPENSSL_LHASH *)lh); \
+    } \
+    static ossl_unused ossl_inline void lh_##type##_node_stats_bio(const LHASH_OF(type) *lh, BIO *out) \
+    { \
+        OPENSSL_LH_node_stats_bio((const OPENSSL_LHASH *)lh, out); \
+    } \
+    static ossl_unused ossl_inline void lh_##type##_node_usage_stats_bio(const LHASH_OF(type) *lh, BIO *out) \
+    { \
+        OPENSSL_LH_node_usage_stats_bio((const OPENSSL_LHASH *)lh, out); \
+    } \
+    static ossl_unused ossl_inline void lh_##type##_stats_bio(const LHASH_OF(type) *lh, BIO *out) \
+    { \
+        OPENSSL_LH_stats_bio((const OPENSSL_LHASH *)lh, out); \
+    } \
+    static ossl_unused ossl_inline unsigned long lh_##type##_get_down_load(LHASH_OF(type) *lh) \
+    { \
+        return OPENSSL_LH_get_down_load((OPENSSL_LHASH *)lh); \
+    } \
+    static ossl_unused ossl_inline void lh_##type##_set_down_load(LHASH_OF(type) *lh, unsigned long dl) \
+    { \
+        OPENSSL_LH_set_down_load((OPENSSL_LHASH *)lh, dl); \
+    } \
+    static ossl_unused ossl_inline void lh_##type##_doall(LHASH_OF(type) *lh, \
+                                                          void (*doall)(type *)) \
+    { \
+        OPENSSL_LH_doall((OPENSSL_LHASH *)lh, (OPENSSL_LH_DOALL_FUNC)doall); \
+    } \
+    LHASH_OF(type)
+
+#define IMPLEMENT_LHASH_DOALL_ARG_CONST(type, argtype) \
+    int_implement_lhash_doall(type, argtype, const type)
+
+#define IMPLEMENT_LHASH_DOALL_ARG(type, argtype) \
+    int_implement_lhash_doall(type, argtype, type)
+
+#define int_implement_lhash_doall(type, argtype, cbargtype) \
+    static ossl_unused ossl_inline void \
+        lh_##type##_doall_##argtype(LHASH_OF(type) *lh, \
+                                   void (*fn)(cbargtype *, argtype *), \
+                                   argtype *arg) \
+    { \
+        OPENSSL_LH_doall_arg((OPENSSL_LHASH *)lh, (OPENSSL_LH_DOALL_FUNCARG)fn, (void *)arg); \
+    } \
+    LHASH_OF(type)
+
+DEFINE_LHASH_OF(OPENSSL_STRING);
+# ifdef _MSC_VER
+/*
+ * push and pop this warning:
+ *   warning C4090: 'function': different 'const' qualifiers
+ */
+#  pragma warning (push)
+#  pragma warning (disable: 4090)
+# endif
+
+DEFINE_LHASH_OF(OPENSSL_CSTRING);
+
+# ifdef _MSC_VER
+#  pragma warning (pop)
+# endif
+
+/*
+ * If called without higher optimization (min. -xO3) the Oracle Developer
+ * Studio compiler generates code for the defined (static inline) functions
+ * above.
+ * This would later lead to the linker complaining about missing symbols when
+ * this header file is included but the resulting object is not linked against
+ * the Crypto library (openssl#6912).
+ */
+# ifdef __SUNPRO_C
+#  pragma weak OPENSSL_LH_new
+#  pragma weak OPENSSL_LH_free
+#  pragma weak OPENSSL_LH_insert
+#  pragma weak OPENSSL_LH_delete
+#  pragma weak OPENSSL_LH_retrieve
+#  pragma weak OPENSSL_LH_error
+#  pragma weak OPENSSL_LH_num_items
+#  pragma weak OPENSSL_LH_node_stats_bio
+#  pragma weak OPENSSL_LH_node_usage_stats_bio
+#  pragma weak OPENSSL_LH_stats_bio
+#  pragma weak OPENSSL_LH_get_down_load
+#  pragma weak OPENSSL_LH_set_down_load
+#  pragma weak OPENSSL_LH_doall
+#  pragma weak OPENSSL_LH_doall_arg
+# endif /* __SUNPRO_C */
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/md2.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/md2.h
new file mode 100644
index 000000000..7faf8e3d6
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/md2.h
@@ -0,0 +1,44 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_MD2_H
+# define HEADER_MD2_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_MD2
+# include <stddef.h>
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+typedef unsigned char MD2_INT;
+
+# define MD2_DIGEST_LENGTH       16
+# define MD2_BLOCK               16
+
+typedef struct MD2state_st {
+    unsigned int num;
+    unsigned char data[MD2_BLOCK];
+    MD2_INT cksm[MD2_BLOCK];
+    MD2_INT state[MD2_BLOCK];
+} MD2_CTX;
+
+const char *MD2_options(void);
+int MD2_Init(MD2_CTX *c);
+int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len);
+int MD2_Final(unsigned char *md, MD2_CTX *c);
+unsigned char *MD2(const unsigned char *d, size_t n, unsigned char *md);
+
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/md4.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/md4.h
new file mode 100644
index 000000000..940e29db4
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/md4.h
@@ -0,0 +1,51 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_MD4_H
+# define HEADER_MD4_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_MD4
+# include <openssl/e_os2.h>
+# include <stddef.h>
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+/*-
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * ! MD4_LONG has to be at least 32 bits wide.                     !
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ */
+# define MD4_LONG unsigned int
+
+# define MD4_CBLOCK      64
+# define MD4_LBLOCK      (MD4_CBLOCK/4)
+# define MD4_DIGEST_LENGTH 16
+
+typedef struct MD4state_st {
+    MD4_LONG A, B, C, D;
+    MD4_LONG Nl, Nh;
+    MD4_LONG data[MD4_LBLOCK];
+    unsigned int num;
+} MD4_CTX;
+
+int MD4_Init(MD4_CTX *c);
+int MD4_Update(MD4_CTX *c, const void *data, size_t len);
+int MD4_Final(unsigned char *md, MD4_CTX *c);
+unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md);
+void MD4_Transform(MD4_CTX *c, const unsigned char *b);
+
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/md5.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/md5.h
new file mode 100644
index 000000000..2deb77211
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/md5.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_MD5_H
+# define HEADER_MD5_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_MD5
+# include <openssl/e_os2.h>
+# include <stddef.h>
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+/*
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * ! MD5_LONG has to be at least 32 bits wide.                     !
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ */
+# define MD5_LONG unsigned int
+
+# define MD5_CBLOCK      64
+# define MD5_LBLOCK      (MD5_CBLOCK/4)
+# define MD5_DIGEST_LENGTH 16
+
+typedef struct MD5state_st {
+    MD5_LONG A, B, C, D;
+    MD5_LONG Nl, Nh;
+    MD5_LONG data[MD5_LBLOCK];
+    unsigned int num;
+} MD5_CTX;
+
+int MD5_Init(MD5_CTX *c);
+int MD5_Update(MD5_CTX *c, const void *data, size_t len);
+int MD5_Final(unsigned char *md, MD5_CTX *c);
+unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md);
+void MD5_Transform(MD5_CTX *c, const unsigned char *b);
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/mdc2.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/mdc2.h
new file mode 100644
index 000000000..aabd2bfaa
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/mdc2.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_MDC2_H
+# define HEADER_MDC2_H
+
+# include <openssl/opensslconf.h>
+
+#ifndef OPENSSL_NO_MDC2
+# include <stdlib.h>
+# include <openssl/des.h>
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+# define MDC2_BLOCK              8
+# define MDC2_DIGEST_LENGTH      16
+
+typedef struct mdc2_ctx_st {
+    unsigned int num;
+    unsigned char data[MDC2_BLOCK];
+    DES_cblock h, hh;
+    int pad_type;               /* either 1 or 2, default 1 */
+} MDC2_CTX;
+
+int MDC2_Init(MDC2_CTX *c);
+int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len);
+int MDC2_Final(unsigned char *md, MDC2_CTX *c);
+unsigned char *MDC2(const unsigned char *d, size_t n, unsigned char *md);
+
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/modes.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/modes.h
new file mode 100644
index 000000000..d544f98d5
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/modes.h
@@ -0,0 +1,208 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_MODES_H
+# define HEADER_MODES_H
+
+# include <stddef.h>
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+typedef void (*block128_f) (const unsigned char in[16],
+                            unsigned char out[16], const void *key);
+
+typedef void (*cbc128_f) (const unsigned char *in, unsigned char *out,
+                          size_t len, const void *key,
+                          unsigned char ivec[16], int enc);
+
+typedef void (*ctr128_f) (const unsigned char *in, unsigned char *out,
+                          size_t blocks, const void *key,
+                          const unsigned char ivec[16]);
+
+typedef void (*ccm128_f) (const unsigned char *in, unsigned char *out,
+                          size_t blocks, const void *key,
+                          const unsigned char ivec[16],
+                          unsigned char cmac[16]);
+
+void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const void *key,
+                           unsigned char ivec[16], block128_f block);
+void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const void *key,
+                           unsigned char ivec[16], block128_f block);
+
+void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const void *key,
+                           unsigned char ivec[16],
+                           unsigned char ecount_buf[16], unsigned int *num,
+                           block128_f block);
+
+void CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out,
+                                 size_t len, const void *key,
+                                 unsigned char ivec[16],
+                                 unsigned char ecount_buf[16],
+                                 unsigned int *num, ctr128_f ctr);
+
+void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const void *key,
+                           unsigned char ivec[16], int *num,
+                           block128_f block);
+
+void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const void *key,
+                           unsigned char ivec[16], int *num,
+                           int enc, block128_f block);
+void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t length, const void *key,
+                             unsigned char ivec[16], int *num,
+                             int enc, block128_f block);
+void CRYPTO_cfb128_1_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t bits, const void *key,
+                             unsigned char ivec[16], int *num,
+                             int enc, block128_f block);
+
+size_t CRYPTO_cts128_encrypt_block(const unsigned char *in,
+                                   unsigned char *out, size_t len,
+                                   const void *key, unsigned char ivec[16],
+                                   block128_f block);
+size_t CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t len, const void *key,
+                             unsigned char ivec[16], cbc128_f cbc);
+size_t CRYPTO_cts128_decrypt_block(const unsigned char *in,
+                                   unsigned char *out, size_t len,
+                                   const void *key, unsigned char ivec[16],
+                                   block128_f block);
+size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out,
+                             size_t len, const void *key,
+                             unsigned char ivec[16], cbc128_f cbc);
+
+size_t CRYPTO_nistcts128_encrypt_block(const unsigned char *in,
+                                       unsigned char *out, size_t len,
+                                       const void *key,
+                                       unsigned char ivec[16],
+                                       block128_f block);
+size_t CRYPTO_nistcts128_encrypt(const unsigned char *in, unsigned char *out,
+                                 size_t len, const void *key,
+                                 unsigned char ivec[16], cbc128_f cbc);
+size_t CRYPTO_nistcts128_decrypt_block(const unsigned char *in,
+                                       unsigned char *out, size_t len,
+                                       const void *key,
+                                       unsigned char ivec[16],
+                                       block128_f block);
+size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out,
+                                 size_t len, const void *key,
+                                 unsigned char ivec[16], cbc128_f cbc);
+
+typedef struct gcm128_context GCM128_CONTEXT;
+
+GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block);
+void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block);
+void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const unsigned char *iv,
+                         size_t len);
+int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const unsigned char *aad,
+                      size_t len);
+int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
+                          const unsigned char *in, unsigned char *out,
+                          size_t len);
+int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
+                          const unsigned char *in, unsigned char *out,
+                          size_t len);
+int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
+                                const unsigned char *in, unsigned char *out,
+                                size_t len, ctr128_f stream);
+int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
+                                const unsigned char *in, unsigned char *out,
+                                size_t len, ctr128_f stream);
+int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag,
+                         size_t len);
+void CRYPTO_gcm128_tag(GCM128_CONTEXT *ctx, unsigned char *tag, size_t len);
+void CRYPTO_gcm128_release(GCM128_CONTEXT *ctx);
+
+typedef struct ccm128_context CCM128_CONTEXT;
+
+void CRYPTO_ccm128_init(CCM128_CONTEXT *ctx,
+                        unsigned int M, unsigned int L, void *key,
+                        block128_f block);
+int CRYPTO_ccm128_setiv(CCM128_CONTEXT *ctx, const unsigned char *nonce,
+                        size_t nlen, size_t mlen);
+void CRYPTO_ccm128_aad(CCM128_CONTEXT *ctx, const unsigned char *aad,
+                       size_t alen);
+int CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx, const unsigned char *inp,
+                          unsigned char *out, size_t len);
+int CRYPTO_ccm128_decrypt(CCM128_CONTEXT *ctx, const unsigned char *inp,
+                          unsigned char *out, size_t len);
+int CRYPTO_ccm128_encrypt_ccm64(CCM128_CONTEXT *ctx, const unsigned char *inp,
+                                unsigned char *out, size_t len,
+                                ccm128_f stream);
+int CRYPTO_ccm128_decrypt_ccm64(CCM128_CONTEXT *ctx, const unsigned char *inp,
+                                unsigned char *out, size_t len,
+                                ccm128_f stream);
+size_t CRYPTO_ccm128_tag(CCM128_CONTEXT *ctx, unsigned char *tag, size_t len);
+
+typedef struct xts128_context XTS128_CONTEXT;
+
+int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx,
+                          const unsigned char iv[16],
+                          const unsigned char *inp, unsigned char *out,
+                          size_t len, int enc);
+
+size_t CRYPTO_128_wrap(void *key, const unsigned char *iv,
+                       unsigned char *out,
+                       const unsigned char *in, size_t inlen,
+                       block128_f block);
+
+size_t CRYPTO_128_unwrap(void *key, const unsigned char *iv,
+                         unsigned char *out,
+                         const unsigned char *in, size_t inlen,
+                         block128_f block);
+size_t CRYPTO_128_wrap_pad(void *key, const unsigned char *icv,
+                           unsigned char *out, const unsigned char *in,
+                           size_t inlen, block128_f block);
+size_t CRYPTO_128_unwrap_pad(void *key, const unsigned char *icv,
+                             unsigned char *out, const unsigned char *in,
+                             size_t inlen, block128_f block);
+
+# ifndef OPENSSL_NO_OCB
+typedef struct ocb128_context OCB128_CONTEXT;
+
+typedef void (*ocb128_f) (const unsigned char *in, unsigned char *out,
+                          size_t blocks, const void *key,
+                          size_t start_block_num,
+                          unsigned char offset_i[16],
+                          const unsigned char L_[][16],
+                          unsigned char checksum[16]);
+
+OCB128_CONTEXT *CRYPTO_ocb128_new(void *keyenc, void *keydec,
+                                  block128_f encrypt, block128_f decrypt,
+                                  ocb128_f stream);
+int CRYPTO_ocb128_init(OCB128_CONTEXT *ctx, void *keyenc, void *keydec,
+                       block128_f encrypt, block128_f decrypt,
+                       ocb128_f stream);
+int CRYPTO_ocb128_copy_ctx(OCB128_CONTEXT *dest, OCB128_CONTEXT *src,
+                           void *keyenc, void *keydec);
+int CRYPTO_ocb128_setiv(OCB128_CONTEXT *ctx, const unsigned char *iv,
+                        size_t len, size_t taglen);
+int CRYPTO_ocb128_aad(OCB128_CONTEXT *ctx, const unsigned char *aad,
+                      size_t len);
+int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx, const unsigned char *in,
+                          unsigned char *out, size_t len);
+int CRYPTO_ocb128_decrypt(OCB128_CONTEXT *ctx, const unsigned char *in,
+                          unsigned char *out, size_t len);
+int CRYPTO_ocb128_finish(OCB128_CONTEXT *ctx, const unsigned char *tag,
+                         size_t len);
+int CRYPTO_ocb128_tag(OCB128_CONTEXT *ctx, unsigned char *tag, size_t len);
+void CRYPTO_ocb128_cleanup(OCB128_CONTEXT *ctx);
+# endif                          /* OPENSSL_NO_OCB */
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/obj_mac.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/obj_mac.h
new file mode 100644
index 000000000..31fad4640
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/obj_mac.h
@@ -0,0 +1,5198 @@
+/*
+ * WARNING: do not edit!
+ * Generated by crypto/objects/objects.pl
+ *
+ * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#define SN_undef                        "UNDEF"
+#define LN_undef                        "undefined"
+#define NID_undef                       0
+#define OBJ_undef                       0L
+
+#define SN_itu_t                "ITU-T"
+#define LN_itu_t                "itu-t"
+#define NID_itu_t               645
+#define OBJ_itu_t               0L
+
+#define NID_ccitt               404
+#define OBJ_ccitt               OBJ_itu_t
+
+#define SN_iso          "ISO"
+#define LN_iso          "iso"
+#define NID_iso         181
+#define OBJ_iso         1L
+
+#define SN_joint_iso_itu_t              "JOINT-ISO-ITU-T"
+#define LN_joint_iso_itu_t              "joint-iso-itu-t"
+#define NID_joint_iso_itu_t             646
+#define OBJ_joint_iso_itu_t             2L
+
+#define NID_joint_iso_ccitt             393
+#define OBJ_joint_iso_ccitt             OBJ_joint_iso_itu_t
+
+#define SN_member_body          "member-body"
+#define LN_member_body          "ISO Member Body"
+#define NID_member_body         182
+#define OBJ_member_body         OBJ_iso,2L
+
+#define SN_identified_organization              "identified-organization"
+#define NID_identified_organization             676
+#define OBJ_identified_organization             OBJ_iso,3L
+
+#define SN_hmac_md5             "HMAC-MD5"
+#define LN_hmac_md5             "hmac-md5"
+#define NID_hmac_md5            780
+#define OBJ_hmac_md5            OBJ_identified_organization,6L,1L,5L,5L,8L,1L,1L
+
+#define SN_hmac_sha1            "HMAC-SHA1"
+#define LN_hmac_sha1            "hmac-sha1"
+#define NID_hmac_sha1           781
+#define OBJ_hmac_sha1           OBJ_identified_organization,6L,1L,5L,5L,8L,1L,2L
+
+#define SN_x509ExtAdmission             "x509ExtAdmission"
+#define LN_x509ExtAdmission             "Professional Information or basis for Admission"
+#define NID_x509ExtAdmission            1093
+#define OBJ_x509ExtAdmission            OBJ_identified_organization,36L,8L,3L,3L
+
+#define SN_certicom_arc         "certicom-arc"
+#define NID_certicom_arc                677
+#define OBJ_certicom_arc                OBJ_identified_organization,132L
+
+#define SN_ieee         "ieee"
+#define NID_ieee                1170
+#define OBJ_ieee                OBJ_identified_organization,111L
+
+#define SN_ieee_siswg           "ieee-siswg"
+#define LN_ieee_siswg           "IEEE Security in Storage Working Group"
+#define NID_ieee_siswg          1171
+#define OBJ_ieee_siswg          OBJ_ieee,2L,1619L
+
+#define SN_international_organizations          "international-organizations"
+#define LN_international_organizations          "International Organizations"
+#define NID_international_organizations         647
+#define OBJ_international_organizations         OBJ_joint_iso_itu_t,23L
+
+#define SN_wap          "wap"
+#define NID_wap         678
+#define OBJ_wap         OBJ_international_organizations,43L
+
+#define SN_wap_wsg              "wap-wsg"
+#define NID_wap_wsg             679
+#define OBJ_wap_wsg             OBJ_wap,1L
+
+#define SN_selected_attribute_types             "selected-attribute-types"
+#define LN_selected_attribute_types             "Selected Attribute Types"
+#define NID_selected_attribute_types            394
+#define OBJ_selected_attribute_types            OBJ_joint_iso_itu_t,5L,1L,5L
+
+#define SN_clearance            "clearance"
+#define NID_clearance           395
+#define OBJ_clearance           OBJ_selected_attribute_types,55L
+
+#define SN_ISO_US               "ISO-US"
+#define LN_ISO_US               "ISO US Member Body"
+#define NID_ISO_US              183
+#define OBJ_ISO_US              OBJ_member_body,840L
+
+#define SN_X9_57                "X9-57"
+#define LN_X9_57                "X9.57"
+#define NID_X9_57               184
+#define OBJ_X9_57               OBJ_ISO_US,10040L
+
+#define SN_X9cm         "X9cm"
+#define LN_X9cm         "X9.57 CM ?"
+#define NID_X9cm                185
+#define OBJ_X9cm                OBJ_X9_57,4L
+
+#define SN_ISO_CN               "ISO-CN"
+#define LN_ISO_CN               "ISO CN Member Body"
+#define NID_ISO_CN              1140
+#define OBJ_ISO_CN              OBJ_member_body,156L
+
+#define SN_oscca                "oscca"
+#define NID_oscca               1141
+#define OBJ_oscca               OBJ_ISO_CN,10197L
+
+#define SN_sm_scheme            "sm-scheme"
+#define NID_sm_scheme           1142
+#define OBJ_sm_scheme           OBJ_oscca,1L
+
+#define SN_dsa          "DSA"
+#define LN_dsa          "dsaEncryption"
+#define NID_dsa         116
+#define OBJ_dsa         OBJ_X9cm,1L
+
+#define SN_dsaWithSHA1          "DSA-SHA1"
+#define LN_dsaWithSHA1          "dsaWithSHA1"
+#define NID_dsaWithSHA1         113
+#define OBJ_dsaWithSHA1         OBJ_X9cm,3L
+
+#define SN_ansi_X9_62           "ansi-X9-62"
+#define LN_ansi_X9_62           "ANSI X9.62"
+#define NID_ansi_X9_62          405
+#define OBJ_ansi_X9_62          OBJ_ISO_US,10045L
+
+#define OBJ_X9_62_id_fieldType          OBJ_ansi_X9_62,1L
+
+#define SN_X9_62_prime_field            "prime-field"
+#define NID_X9_62_prime_field           406
+#define OBJ_X9_62_prime_field           OBJ_X9_62_id_fieldType,1L
+
+#define SN_X9_62_characteristic_two_field               "characteristic-two-field"
+#define NID_X9_62_characteristic_two_field              407
+#define OBJ_X9_62_characteristic_two_field              OBJ_X9_62_id_fieldType,2L
+
+#define SN_X9_62_id_characteristic_two_basis            "id-characteristic-two-basis"
+#define NID_X9_62_id_characteristic_two_basis           680
+#define OBJ_X9_62_id_characteristic_two_basis           OBJ_X9_62_characteristic_two_field,3L
+
+#define SN_X9_62_onBasis                "onBasis"
+#define NID_X9_62_onBasis               681
+#define OBJ_X9_62_onBasis               OBJ_X9_62_id_characteristic_two_basis,1L
+
+#define SN_X9_62_tpBasis                "tpBasis"
+#define NID_X9_62_tpBasis               682
+#define OBJ_X9_62_tpBasis               OBJ_X9_62_id_characteristic_two_basis,2L
+
+#define SN_X9_62_ppBasis                "ppBasis"
+#define NID_X9_62_ppBasis               683
+#define OBJ_X9_62_ppBasis               OBJ_X9_62_id_characteristic_two_basis,3L
+
+#define OBJ_X9_62_id_publicKeyType              OBJ_ansi_X9_62,2L
+
+#define SN_X9_62_id_ecPublicKey         "id-ecPublicKey"
+#define NID_X9_62_id_ecPublicKey                408
+#define OBJ_X9_62_id_ecPublicKey                OBJ_X9_62_id_publicKeyType,1L
+
+#define OBJ_X9_62_ellipticCurve         OBJ_ansi_X9_62,3L
+
+#define OBJ_X9_62_c_TwoCurve            OBJ_X9_62_ellipticCurve,0L
+
+#define SN_X9_62_c2pnb163v1             "c2pnb163v1"
+#define NID_X9_62_c2pnb163v1            684
+#define OBJ_X9_62_c2pnb163v1            OBJ_X9_62_c_TwoCurve,1L
+
+#define SN_X9_62_c2pnb163v2             "c2pnb163v2"
+#define NID_X9_62_c2pnb163v2            685
+#define OBJ_X9_62_c2pnb163v2            OBJ_X9_62_c_TwoCurve,2L
+
+#define SN_X9_62_c2pnb163v3             "c2pnb163v3"
+#define NID_X9_62_c2pnb163v3            686
+#define OBJ_X9_62_c2pnb163v3            OBJ_X9_62_c_TwoCurve,3L
+
+#define SN_X9_62_c2pnb176v1             "c2pnb176v1"
+#define NID_X9_62_c2pnb176v1            687
+#define OBJ_X9_62_c2pnb176v1            OBJ_X9_62_c_TwoCurve,4L
+
+#define SN_X9_62_c2tnb191v1             "c2tnb191v1"
+#define NID_X9_62_c2tnb191v1            688
+#define OBJ_X9_62_c2tnb191v1            OBJ_X9_62_c_TwoCurve,5L
+
+#define SN_X9_62_c2tnb191v2             "c2tnb191v2"
+#define NID_X9_62_c2tnb191v2            689
+#define OBJ_X9_62_c2tnb191v2            OBJ_X9_62_c_TwoCurve,6L
+
+#define SN_X9_62_c2tnb191v3             "c2tnb191v3"
+#define NID_X9_62_c2tnb191v3            690
+#define OBJ_X9_62_c2tnb191v3            OBJ_X9_62_c_TwoCurve,7L
+
+#define SN_X9_62_c2onb191v4             "c2onb191v4"
+#define NID_X9_62_c2onb191v4            691
+#define OBJ_X9_62_c2onb191v4            OBJ_X9_62_c_TwoCurve,8L
+
+#define SN_X9_62_c2onb191v5             "c2onb191v5"
+#define NID_X9_62_c2onb191v5            692
+#define OBJ_X9_62_c2onb191v5            OBJ_X9_62_c_TwoCurve,9L
+
+#define SN_X9_62_c2pnb208w1             "c2pnb208w1"
+#define NID_X9_62_c2pnb208w1            693
+#define OBJ_X9_62_c2pnb208w1            OBJ_X9_62_c_TwoCurve,10L
+
+#define SN_X9_62_c2tnb239v1             "c2tnb239v1"
+#define NID_X9_62_c2tnb239v1            694
+#define OBJ_X9_62_c2tnb239v1            OBJ_X9_62_c_TwoCurve,11L
+
+#define SN_X9_62_c2tnb239v2             "c2tnb239v2"
+#define NID_X9_62_c2tnb239v2            695
+#define OBJ_X9_62_c2tnb239v2            OBJ_X9_62_c_TwoCurve,12L
+
+#define SN_X9_62_c2tnb239v3             "c2tnb239v3"
+#define NID_X9_62_c2tnb239v3            696
+#define OBJ_X9_62_c2tnb239v3            OBJ_X9_62_c_TwoCurve,13L
+
+#define SN_X9_62_c2onb239v4             "c2onb239v4"
+#define NID_X9_62_c2onb239v4            697
+#define OBJ_X9_62_c2onb239v4            OBJ_X9_62_c_TwoCurve,14L
+
+#define SN_X9_62_c2onb239v5             "c2onb239v5"
+#define NID_X9_62_c2onb239v5            698
+#define OBJ_X9_62_c2onb239v5            OBJ_X9_62_c_TwoCurve,15L
+
+#define SN_X9_62_c2pnb272w1             "c2pnb272w1"
+#define NID_X9_62_c2pnb272w1            699
+#define OBJ_X9_62_c2pnb272w1            OBJ_X9_62_c_TwoCurve,16L
+
+#define SN_X9_62_c2pnb304w1             "c2pnb304w1"
+#define NID_X9_62_c2pnb304w1            700
+#define OBJ_X9_62_c2pnb304w1            OBJ_X9_62_c_TwoCurve,17L
+
+#define SN_X9_62_c2tnb359v1             "c2tnb359v1"
+#define NID_X9_62_c2tnb359v1            701
+#define OBJ_X9_62_c2tnb359v1            OBJ_X9_62_c_TwoCurve,18L
+
+#define SN_X9_62_c2pnb368w1             "c2pnb368w1"
+#define NID_X9_62_c2pnb368w1            702
+#define OBJ_X9_62_c2pnb368w1            OBJ_X9_62_c_TwoCurve,19L
+
+#define SN_X9_62_c2tnb431r1             "c2tnb431r1"
+#define NID_X9_62_c2tnb431r1            703
+#define OBJ_X9_62_c2tnb431r1            OBJ_X9_62_c_TwoCurve,20L
+
+#define OBJ_X9_62_primeCurve            OBJ_X9_62_ellipticCurve,1L
+
+#define SN_X9_62_prime192v1             "prime192v1"
+#define NID_X9_62_prime192v1            409
+#define OBJ_X9_62_prime192v1            OBJ_X9_62_primeCurve,1L
+
+#define SN_X9_62_prime192v2             "prime192v2"
+#define NID_X9_62_prime192v2            410
+#define OBJ_X9_62_prime192v2            OBJ_X9_62_primeCurve,2L
+
+#define SN_X9_62_prime192v3             "prime192v3"
+#define NID_X9_62_prime192v3            411
+#define OBJ_X9_62_prime192v3            OBJ_X9_62_primeCurve,3L
+
+#define SN_X9_62_prime239v1             "prime239v1"
+#define NID_X9_62_prime239v1            412
+#define OBJ_X9_62_prime239v1            OBJ_X9_62_primeCurve,4L
+
+#define SN_X9_62_prime239v2             "prime239v2"
+#define NID_X9_62_prime239v2            413
+#define OBJ_X9_62_prime239v2            OBJ_X9_62_primeCurve,5L
+
+#define SN_X9_62_prime239v3             "prime239v3"
+#define NID_X9_62_prime239v3            414
+#define OBJ_X9_62_prime239v3            OBJ_X9_62_primeCurve,6L
+
+#define SN_X9_62_prime256v1             "prime256v1"
+#define NID_X9_62_prime256v1            415
+#define OBJ_X9_62_prime256v1            OBJ_X9_62_primeCurve,7L
+
+#define OBJ_X9_62_id_ecSigType          OBJ_ansi_X9_62,4L
+
+#define SN_ecdsa_with_SHA1              "ecdsa-with-SHA1"
+#define NID_ecdsa_with_SHA1             416
+#define OBJ_ecdsa_with_SHA1             OBJ_X9_62_id_ecSigType,1L
+
+#define SN_ecdsa_with_Recommended               "ecdsa-with-Recommended"
+#define NID_ecdsa_with_Recommended              791
+#define OBJ_ecdsa_with_Recommended              OBJ_X9_62_id_ecSigType,2L
+
+#define SN_ecdsa_with_Specified         "ecdsa-with-Specified"
+#define NID_ecdsa_with_Specified                792
+#define OBJ_ecdsa_with_Specified                OBJ_X9_62_id_ecSigType,3L
+
+#define SN_ecdsa_with_SHA224            "ecdsa-with-SHA224"
+#define NID_ecdsa_with_SHA224           793
+#define OBJ_ecdsa_with_SHA224           OBJ_ecdsa_with_Specified,1L
+
+#define SN_ecdsa_with_SHA256            "ecdsa-with-SHA256"
+#define NID_ecdsa_with_SHA256           794
+#define OBJ_ecdsa_with_SHA256           OBJ_ecdsa_with_Specified,2L
+
+#define SN_ecdsa_with_SHA384            "ecdsa-with-SHA384"
+#define NID_ecdsa_with_SHA384           795
+#define OBJ_ecdsa_with_SHA384           OBJ_ecdsa_with_Specified,3L
+
+#define SN_ecdsa_with_SHA512            "ecdsa-with-SHA512"
+#define NID_ecdsa_with_SHA512           796
+#define OBJ_ecdsa_with_SHA512           OBJ_ecdsa_with_Specified,4L
+
+#define OBJ_secg_ellipticCurve          OBJ_certicom_arc,0L
+
+#define SN_secp112r1            "secp112r1"
+#define NID_secp112r1           704
+#define OBJ_secp112r1           OBJ_secg_ellipticCurve,6L
+
+#define SN_secp112r2            "secp112r2"
+#define NID_secp112r2           705
+#define OBJ_secp112r2           OBJ_secg_ellipticCurve,7L
+
+#define SN_secp128r1            "secp128r1"
+#define NID_secp128r1           706
+#define OBJ_secp128r1           OBJ_secg_ellipticCurve,28L
+
+#define SN_secp128r2            "secp128r2"
+#define NID_secp128r2           707
+#define OBJ_secp128r2           OBJ_secg_ellipticCurve,29L
+
+#define SN_secp160k1            "secp160k1"
+#define NID_secp160k1           708
+#define OBJ_secp160k1           OBJ_secg_ellipticCurve,9L
+
+#define SN_secp160r1            "secp160r1"
+#define NID_secp160r1           709
+#define OBJ_secp160r1           OBJ_secg_ellipticCurve,8L
+
+#define SN_secp160r2            "secp160r2"
+#define NID_secp160r2           710
+#define OBJ_secp160r2           OBJ_secg_ellipticCurve,30L
+
+#define SN_secp192k1            "secp192k1"
+#define NID_secp192k1           711
+#define OBJ_secp192k1           OBJ_secg_ellipticCurve,31L
+
+#define SN_secp224k1            "secp224k1"
+#define NID_secp224k1           712
+#define OBJ_secp224k1           OBJ_secg_ellipticCurve,32L
+
+#define SN_secp224r1            "secp224r1"
+#define NID_secp224r1           713
+#define OBJ_secp224r1           OBJ_secg_ellipticCurve,33L
+
+#define SN_secp256k1            "secp256k1"
+#define NID_secp256k1           714
+#define OBJ_secp256k1           OBJ_secg_ellipticCurve,10L
+
+#define SN_secp384r1            "secp384r1"
+#define NID_secp384r1           715
+#define OBJ_secp384r1           OBJ_secg_ellipticCurve,34L
+
+#define SN_secp521r1            "secp521r1"
+#define NID_secp521r1           716
+#define OBJ_secp521r1           OBJ_secg_ellipticCurve,35L
+
+#define SN_sect113r1            "sect113r1"
+#define NID_sect113r1           717
+#define OBJ_sect113r1           OBJ_secg_ellipticCurve,4L
+
+#define SN_sect113r2            "sect113r2"
+#define NID_sect113r2           718
+#define OBJ_sect113r2           OBJ_secg_ellipticCurve,5L
+
+#define SN_sect131r1            "sect131r1"
+#define NID_sect131r1           719
+#define OBJ_sect131r1           OBJ_secg_ellipticCurve,22L
+
+#define SN_sect131r2            "sect131r2"
+#define NID_sect131r2           720
+#define OBJ_sect131r2           OBJ_secg_ellipticCurve,23L
+
+#define SN_sect163k1            "sect163k1"
+#define NID_sect163k1           721
+#define OBJ_sect163k1           OBJ_secg_ellipticCurve,1L
+
+#define SN_sect163r1            "sect163r1"
+#define NID_sect163r1           722
+#define OBJ_sect163r1           OBJ_secg_ellipticCurve,2L
+
+#define SN_sect163r2            "sect163r2"
+#define NID_sect163r2           723
+#define OBJ_sect163r2           OBJ_secg_ellipticCurve,15L
+
+#define SN_sect193r1            "sect193r1"
+#define NID_sect193r1           724
+#define OBJ_sect193r1           OBJ_secg_ellipticCurve,24L
+
+#define SN_sect193r2            "sect193r2"
+#define NID_sect193r2           725
+#define OBJ_sect193r2           OBJ_secg_ellipticCurve,25L
+
+#define SN_sect233k1            "sect233k1"
+#define NID_sect233k1           726
+#define OBJ_sect233k1           OBJ_secg_ellipticCurve,26L
+
+#define SN_sect233r1            "sect233r1"
+#define NID_sect233r1           727
+#define OBJ_sect233r1           OBJ_secg_ellipticCurve,27L
+
+#define SN_sect239k1            "sect239k1"
+#define NID_sect239k1           728
+#define OBJ_sect239k1           OBJ_secg_ellipticCurve,3L
+
+#define SN_sect283k1            "sect283k1"
+#define NID_sect283k1           729
+#define OBJ_sect283k1           OBJ_secg_ellipticCurve,16L
+
+#define SN_sect283r1            "sect283r1"
+#define NID_sect283r1           730
+#define OBJ_sect283r1           OBJ_secg_ellipticCurve,17L
+
+#define SN_sect409k1            "sect409k1"
+#define NID_sect409k1           731
+#define OBJ_sect409k1           OBJ_secg_ellipticCurve,36L
+
+#define SN_sect409r1            "sect409r1"
+#define NID_sect409r1           732
+#define OBJ_sect409r1           OBJ_secg_ellipticCurve,37L
+
+#define SN_sect571k1            "sect571k1"
+#define NID_sect571k1           733
+#define OBJ_sect571k1           OBJ_secg_ellipticCurve,38L
+
+#define SN_sect571r1            "sect571r1"
+#define NID_sect571r1           734
+#define OBJ_sect571r1           OBJ_secg_ellipticCurve,39L
+
+#define OBJ_wap_wsg_idm_ecid            OBJ_wap_wsg,4L
+
+#define SN_wap_wsg_idm_ecid_wtls1               "wap-wsg-idm-ecid-wtls1"
+#define NID_wap_wsg_idm_ecid_wtls1              735
+#define OBJ_wap_wsg_idm_ecid_wtls1              OBJ_wap_wsg_idm_ecid,1L
+
+#define SN_wap_wsg_idm_ecid_wtls3               "wap-wsg-idm-ecid-wtls3"
+#define NID_wap_wsg_idm_ecid_wtls3              736
+#define OBJ_wap_wsg_idm_ecid_wtls3              OBJ_wap_wsg_idm_ecid,3L
+
+#define SN_wap_wsg_idm_ecid_wtls4               "wap-wsg-idm-ecid-wtls4"
+#define NID_wap_wsg_idm_ecid_wtls4              737
+#define OBJ_wap_wsg_idm_ecid_wtls4              OBJ_wap_wsg_idm_ecid,4L
+
+#define SN_wap_wsg_idm_ecid_wtls5               "wap-wsg-idm-ecid-wtls5"
+#define NID_wap_wsg_idm_ecid_wtls5              738
+#define OBJ_wap_wsg_idm_ecid_wtls5              OBJ_wap_wsg_idm_ecid,5L
+
+#define SN_wap_wsg_idm_ecid_wtls6               "wap-wsg-idm-ecid-wtls6"
+#define NID_wap_wsg_idm_ecid_wtls6              739
+#define OBJ_wap_wsg_idm_ecid_wtls6              OBJ_wap_wsg_idm_ecid,6L
+
+#define SN_wap_wsg_idm_ecid_wtls7               "wap-wsg-idm-ecid-wtls7"
+#define NID_wap_wsg_idm_ecid_wtls7              740
+#define OBJ_wap_wsg_idm_ecid_wtls7              OBJ_wap_wsg_idm_ecid,7L
+
+#define SN_wap_wsg_idm_ecid_wtls8               "wap-wsg-idm-ecid-wtls8"
+#define NID_wap_wsg_idm_ecid_wtls8              741
+#define OBJ_wap_wsg_idm_ecid_wtls8              OBJ_wap_wsg_idm_ecid,8L
+
+#define SN_wap_wsg_idm_ecid_wtls9               "wap-wsg-idm-ecid-wtls9"
+#define NID_wap_wsg_idm_ecid_wtls9              742
+#define OBJ_wap_wsg_idm_ecid_wtls9              OBJ_wap_wsg_idm_ecid,9L
+
+#define SN_wap_wsg_idm_ecid_wtls10              "wap-wsg-idm-ecid-wtls10"
+#define NID_wap_wsg_idm_ecid_wtls10             743
+#define OBJ_wap_wsg_idm_ecid_wtls10             OBJ_wap_wsg_idm_ecid,10L
+
+#define SN_wap_wsg_idm_ecid_wtls11              "wap-wsg-idm-ecid-wtls11"
+#define NID_wap_wsg_idm_ecid_wtls11             744
+#define OBJ_wap_wsg_idm_ecid_wtls11             OBJ_wap_wsg_idm_ecid,11L
+
+#define SN_wap_wsg_idm_ecid_wtls12              "wap-wsg-idm-ecid-wtls12"
+#define NID_wap_wsg_idm_ecid_wtls12             745
+#define OBJ_wap_wsg_idm_ecid_wtls12             OBJ_wap_wsg_idm_ecid,12L
+
+#define SN_cast5_cbc            "CAST5-CBC"
+#define LN_cast5_cbc            "cast5-cbc"
+#define NID_cast5_cbc           108
+#define OBJ_cast5_cbc           OBJ_ISO_US,113533L,7L,66L,10L
+
+#define SN_cast5_ecb            "CAST5-ECB"
+#define LN_cast5_ecb            "cast5-ecb"
+#define NID_cast5_ecb           109
+
+#define SN_cast5_cfb64          "CAST5-CFB"
+#define LN_cast5_cfb64          "cast5-cfb"
+#define NID_cast5_cfb64         110
+
+#define SN_cast5_ofb64          "CAST5-OFB"
+#define LN_cast5_ofb64          "cast5-ofb"
+#define NID_cast5_ofb64         111
+
+#define LN_pbeWithMD5AndCast5_CBC               "pbeWithMD5AndCast5CBC"
+#define NID_pbeWithMD5AndCast5_CBC              112
+#define OBJ_pbeWithMD5AndCast5_CBC              OBJ_ISO_US,113533L,7L,66L,12L
+
+#define SN_id_PasswordBasedMAC          "id-PasswordBasedMAC"
+#define LN_id_PasswordBasedMAC          "password based MAC"
+#define NID_id_PasswordBasedMAC         782
+#define OBJ_id_PasswordBasedMAC         OBJ_ISO_US,113533L,7L,66L,13L
+
+#define SN_id_DHBasedMac                "id-DHBasedMac"
+#define LN_id_DHBasedMac                "Diffie-Hellman based MAC"
+#define NID_id_DHBasedMac               783
+#define OBJ_id_DHBasedMac               OBJ_ISO_US,113533L,7L,66L,30L
+
+#define SN_rsadsi               "rsadsi"
+#define LN_rsadsi               "RSA Data Security, Inc."
+#define NID_rsadsi              1
+#define OBJ_rsadsi              OBJ_ISO_US,113549L
+
+#define SN_pkcs         "pkcs"
+#define LN_pkcs         "RSA Data Security, Inc. PKCS"
+#define NID_pkcs                2
+#define OBJ_pkcs                OBJ_rsadsi,1L
+
+#define SN_pkcs1                "pkcs1"
+#define NID_pkcs1               186
+#define OBJ_pkcs1               OBJ_pkcs,1L
+
+#define LN_rsaEncryption                "rsaEncryption"
+#define NID_rsaEncryption               6
+#define OBJ_rsaEncryption               OBJ_pkcs1,1L
+
+#define SN_md2WithRSAEncryption         "RSA-MD2"
+#define LN_md2WithRSAEncryption         "md2WithRSAEncryption"
+#define NID_md2WithRSAEncryption                7
+#define OBJ_md2WithRSAEncryption                OBJ_pkcs1,2L
+
+#define SN_md4WithRSAEncryption         "RSA-MD4"
+#define LN_md4WithRSAEncryption         "md4WithRSAEncryption"
+#define NID_md4WithRSAEncryption                396
+#define OBJ_md4WithRSAEncryption                OBJ_pkcs1,3L
+
+#define SN_md5WithRSAEncryption         "RSA-MD5"
+#define LN_md5WithRSAEncryption         "md5WithRSAEncryption"
+#define NID_md5WithRSAEncryption                8
+#define OBJ_md5WithRSAEncryption                OBJ_pkcs1,4L
+
+#define SN_sha1WithRSAEncryption                "RSA-SHA1"
+#define LN_sha1WithRSAEncryption                "sha1WithRSAEncryption"
+#define NID_sha1WithRSAEncryption               65
+#define OBJ_sha1WithRSAEncryption               OBJ_pkcs1,5L
+
+#define SN_rsaesOaep            "RSAES-OAEP"
+#define LN_rsaesOaep            "rsaesOaep"
+#define NID_rsaesOaep           919
+#define OBJ_rsaesOaep           OBJ_pkcs1,7L
+
+#define SN_mgf1         "MGF1"
+#define LN_mgf1         "mgf1"
+#define NID_mgf1                911
+#define OBJ_mgf1                OBJ_pkcs1,8L
+
+#define SN_pSpecified           "PSPECIFIED"
+#define LN_pSpecified           "pSpecified"
+#define NID_pSpecified          935
+#define OBJ_pSpecified          OBJ_pkcs1,9L
+
+#define SN_rsassaPss            "RSASSA-PSS"
+#define LN_rsassaPss            "rsassaPss"
+#define NID_rsassaPss           912
+#define OBJ_rsassaPss           OBJ_pkcs1,10L
+
+#define SN_sha256WithRSAEncryption              "RSA-SHA256"
+#define LN_sha256WithRSAEncryption              "sha256WithRSAEncryption"
+#define NID_sha256WithRSAEncryption             668
+#define OBJ_sha256WithRSAEncryption             OBJ_pkcs1,11L
+
+#define SN_sha384WithRSAEncryption              "RSA-SHA384"
+#define LN_sha384WithRSAEncryption              "sha384WithRSAEncryption"
+#define NID_sha384WithRSAEncryption             669
+#define OBJ_sha384WithRSAEncryption             OBJ_pkcs1,12L
+
+#define SN_sha512WithRSAEncryption              "RSA-SHA512"
+#define LN_sha512WithRSAEncryption              "sha512WithRSAEncryption"
+#define NID_sha512WithRSAEncryption             670
+#define OBJ_sha512WithRSAEncryption             OBJ_pkcs1,13L
+
+#define SN_sha224WithRSAEncryption              "RSA-SHA224"
+#define LN_sha224WithRSAEncryption              "sha224WithRSAEncryption"
+#define NID_sha224WithRSAEncryption             671
+#define OBJ_sha224WithRSAEncryption             OBJ_pkcs1,14L
+
+#define SN_sha512_224WithRSAEncryption          "RSA-SHA512/224"
+#define LN_sha512_224WithRSAEncryption          "sha512-224WithRSAEncryption"
+#define NID_sha512_224WithRSAEncryption         1145
+#define OBJ_sha512_224WithRSAEncryption         OBJ_pkcs1,15L
+
+#define SN_sha512_256WithRSAEncryption          "RSA-SHA512/256"
+#define LN_sha512_256WithRSAEncryption          "sha512-256WithRSAEncryption"
+#define NID_sha512_256WithRSAEncryption         1146
+#define OBJ_sha512_256WithRSAEncryption         OBJ_pkcs1,16L
+
+#define SN_pkcs3                "pkcs3"
+#define NID_pkcs3               27
+#define OBJ_pkcs3               OBJ_pkcs,3L
+
+#define LN_dhKeyAgreement               "dhKeyAgreement"
+#define NID_dhKeyAgreement              28
+#define OBJ_dhKeyAgreement              OBJ_pkcs3,1L
+
+#define SN_pkcs5                "pkcs5"
+#define NID_pkcs5               187
+#define OBJ_pkcs5               OBJ_pkcs,5L
+
+#define SN_pbeWithMD2AndDES_CBC         "PBE-MD2-DES"
+#define LN_pbeWithMD2AndDES_CBC         "pbeWithMD2AndDES-CBC"
+#define NID_pbeWithMD2AndDES_CBC                9
+#define OBJ_pbeWithMD2AndDES_CBC                OBJ_pkcs5,1L
+
+#define SN_pbeWithMD5AndDES_CBC         "PBE-MD5-DES"
+#define LN_pbeWithMD5AndDES_CBC         "pbeWithMD5AndDES-CBC"
+#define NID_pbeWithMD5AndDES_CBC                10
+#define OBJ_pbeWithMD5AndDES_CBC                OBJ_pkcs5,3L
+
+#define SN_pbeWithMD2AndRC2_CBC         "PBE-MD2-RC2-64"
+#define LN_pbeWithMD2AndRC2_CBC         "pbeWithMD2AndRC2-CBC"
+#define NID_pbeWithMD2AndRC2_CBC                168
+#define OBJ_pbeWithMD2AndRC2_CBC                OBJ_pkcs5,4L
+
+#define SN_pbeWithMD5AndRC2_CBC         "PBE-MD5-RC2-64"
+#define LN_pbeWithMD5AndRC2_CBC         "pbeWithMD5AndRC2-CBC"
+#define NID_pbeWithMD5AndRC2_CBC                169
+#define OBJ_pbeWithMD5AndRC2_CBC                OBJ_pkcs5,6L
+
+#define SN_pbeWithSHA1AndDES_CBC                "PBE-SHA1-DES"
+#define LN_pbeWithSHA1AndDES_CBC                "pbeWithSHA1AndDES-CBC"
+#define NID_pbeWithSHA1AndDES_CBC               170
+#define OBJ_pbeWithSHA1AndDES_CBC               OBJ_pkcs5,10L
+
+#define SN_pbeWithSHA1AndRC2_CBC                "PBE-SHA1-RC2-64"
+#define LN_pbeWithSHA1AndRC2_CBC                "pbeWithSHA1AndRC2-CBC"
+#define NID_pbeWithSHA1AndRC2_CBC               68
+#define OBJ_pbeWithSHA1AndRC2_CBC               OBJ_pkcs5,11L
+
+#define LN_id_pbkdf2            "PBKDF2"
+#define NID_id_pbkdf2           69
+#define OBJ_id_pbkdf2           OBJ_pkcs5,12L
+
+#define LN_pbes2                "PBES2"
+#define NID_pbes2               161
+#define OBJ_pbes2               OBJ_pkcs5,13L
+
+#define LN_pbmac1               "PBMAC1"
+#define NID_pbmac1              162
+#define OBJ_pbmac1              OBJ_pkcs5,14L
+
+#define SN_pkcs7                "pkcs7"
+#define NID_pkcs7               20
+#define OBJ_pkcs7               OBJ_pkcs,7L
+
+#define LN_pkcs7_data           "pkcs7-data"
+#define NID_pkcs7_data          21
+#define OBJ_pkcs7_data          OBJ_pkcs7,1L
+
+#define LN_pkcs7_signed         "pkcs7-signedData"
+#define NID_pkcs7_signed                22
+#define OBJ_pkcs7_signed                OBJ_pkcs7,2L
+
+#define LN_pkcs7_enveloped              "pkcs7-envelopedData"
+#define NID_pkcs7_enveloped             23
+#define OBJ_pkcs7_enveloped             OBJ_pkcs7,3L
+
+#define LN_pkcs7_signedAndEnveloped             "pkcs7-signedAndEnvelopedData"
+#define NID_pkcs7_signedAndEnveloped            24
+#define OBJ_pkcs7_signedAndEnveloped            OBJ_pkcs7,4L
+
+#define LN_pkcs7_digest         "pkcs7-digestData"
+#define NID_pkcs7_digest                25
+#define OBJ_pkcs7_digest                OBJ_pkcs7,5L
+
+#define LN_pkcs7_encrypted              "pkcs7-encryptedData"
+#define NID_pkcs7_encrypted             26
+#define OBJ_pkcs7_encrypted             OBJ_pkcs7,6L
+
+#define SN_pkcs9                "pkcs9"
+#define NID_pkcs9               47
+#define OBJ_pkcs9               OBJ_pkcs,9L
+
+#define LN_pkcs9_emailAddress           "emailAddress"
+#define NID_pkcs9_emailAddress          48
+#define OBJ_pkcs9_emailAddress          OBJ_pkcs9,1L
+
+#define LN_pkcs9_unstructuredName               "unstructuredName"
+#define NID_pkcs9_unstructuredName              49
+#define OBJ_pkcs9_unstructuredName              OBJ_pkcs9,2L
+
+#define LN_pkcs9_contentType            "contentType"
+#define NID_pkcs9_contentType           50
+#define OBJ_pkcs9_contentType           OBJ_pkcs9,3L
+
+#define LN_pkcs9_messageDigest          "messageDigest"
+#define NID_pkcs9_messageDigest         51
+#define OBJ_pkcs9_messageDigest         OBJ_pkcs9,4L
+
+#define LN_pkcs9_signingTime            "signingTime"
+#define NID_pkcs9_signingTime           52
+#define OBJ_pkcs9_signingTime           OBJ_pkcs9,5L
+
+#define LN_pkcs9_countersignature               "countersignature"
+#define NID_pkcs9_countersignature              53
+#define OBJ_pkcs9_countersignature              OBJ_pkcs9,6L
+
+#define LN_pkcs9_challengePassword              "challengePassword"
+#define NID_pkcs9_challengePassword             54
+#define OBJ_pkcs9_challengePassword             OBJ_pkcs9,7L
+
+#define LN_pkcs9_unstructuredAddress            "unstructuredAddress"
+#define NID_pkcs9_unstructuredAddress           55
+#define OBJ_pkcs9_unstructuredAddress           OBJ_pkcs9,8L
+
+#define LN_pkcs9_extCertAttributes              "extendedCertificateAttributes"
+#define NID_pkcs9_extCertAttributes             56
+#define OBJ_pkcs9_extCertAttributes             OBJ_pkcs9,9L
+
+#define SN_ext_req              "extReq"
+#define LN_ext_req              "Extension Request"
+#define NID_ext_req             172
+#define OBJ_ext_req             OBJ_pkcs9,14L
+
+#define SN_SMIMECapabilities            "SMIME-CAPS"
+#define LN_SMIMECapabilities            "S/MIME Capabilities"
+#define NID_SMIMECapabilities           167
+#define OBJ_SMIMECapabilities           OBJ_pkcs9,15L
+
+#define SN_SMIME                "SMIME"
+#define LN_SMIME                "S/MIME"
+#define NID_SMIME               188
+#define OBJ_SMIME               OBJ_pkcs9,16L
+
+#define SN_id_smime_mod         "id-smime-mod"
+#define NID_id_smime_mod                189
+#define OBJ_id_smime_mod                OBJ_SMIME,0L
+
+#define SN_id_smime_ct          "id-smime-ct"
+#define NID_id_smime_ct         190
+#define OBJ_id_smime_ct         OBJ_SMIME,1L
+
+#define SN_id_smime_aa          "id-smime-aa"
+#define NID_id_smime_aa         191
+#define OBJ_id_smime_aa         OBJ_SMIME,2L
+
+#define SN_id_smime_alg         "id-smime-alg"
+#define NID_id_smime_alg                192
+#define OBJ_id_smime_alg                OBJ_SMIME,3L
+
+#define SN_id_smime_cd          "id-smime-cd"
+#define NID_id_smime_cd         193
+#define OBJ_id_smime_cd         OBJ_SMIME,4L
+
+#define SN_id_smime_spq         "id-smime-spq"
+#define NID_id_smime_spq                194
+#define OBJ_id_smime_spq                OBJ_SMIME,5L
+
+#define SN_id_smime_cti         "id-smime-cti"
+#define NID_id_smime_cti                195
+#define OBJ_id_smime_cti                OBJ_SMIME,6L
+
+#define SN_id_smime_mod_cms             "id-smime-mod-cms"
+#define NID_id_smime_mod_cms            196
+#define OBJ_id_smime_mod_cms            OBJ_id_smime_mod,1L
+
+#define SN_id_smime_mod_ess             "id-smime-mod-ess"
+#define NID_id_smime_mod_ess            197
+#define OBJ_id_smime_mod_ess            OBJ_id_smime_mod,2L
+
+#define SN_id_smime_mod_oid             "id-smime-mod-oid"
+#define NID_id_smime_mod_oid            198
+#define OBJ_id_smime_mod_oid            OBJ_id_smime_mod,3L
+
+#define SN_id_smime_mod_msg_v3          "id-smime-mod-msg-v3"
+#define NID_id_smime_mod_msg_v3         199
+#define OBJ_id_smime_mod_msg_v3         OBJ_id_smime_mod,4L
+
+#define SN_id_smime_mod_ets_eSignature_88               "id-smime-mod-ets-eSignature-88"
+#define NID_id_smime_mod_ets_eSignature_88              200
+#define OBJ_id_smime_mod_ets_eSignature_88              OBJ_id_smime_mod,5L
+
+#define SN_id_smime_mod_ets_eSignature_97               "id-smime-mod-ets-eSignature-97"
+#define NID_id_smime_mod_ets_eSignature_97              201
+#define OBJ_id_smime_mod_ets_eSignature_97              OBJ_id_smime_mod,6L
+
+#define SN_id_smime_mod_ets_eSigPolicy_88               "id-smime-mod-ets-eSigPolicy-88"
+#define NID_id_smime_mod_ets_eSigPolicy_88              202
+#define OBJ_id_smime_mod_ets_eSigPolicy_88              OBJ_id_smime_mod,7L
+
+#define SN_id_smime_mod_ets_eSigPolicy_97               "id-smime-mod-ets-eSigPolicy-97"
+#define NID_id_smime_mod_ets_eSigPolicy_97              203
+#define OBJ_id_smime_mod_ets_eSigPolicy_97              OBJ_id_smime_mod,8L
+
+#define SN_id_smime_ct_receipt          "id-smime-ct-receipt"
+#define NID_id_smime_ct_receipt         204
+#define OBJ_id_smime_ct_receipt         OBJ_id_smime_ct,1L
+
+#define SN_id_smime_ct_authData         "id-smime-ct-authData"
+#define NID_id_smime_ct_authData                205
+#define OBJ_id_smime_ct_authData                OBJ_id_smime_ct,2L
+
+#define SN_id_smime_ct_publishCert              "id-smime-ct-publishCert"
+#define NID_id_smime_ct_publishCert             206
+#define OBJ_id_smime_ct_publishCert             OBJ_id_smime_ct,3L
+
+#define SN_id_smime_ct_TSTInfo          "id-smime-ct-TSTInfo"
+#define NID_id_smime_ct_TSTInfo         207
+#define OBJ_id_smime_ct_TSTInfo         OBJ_id_smime_ct,4L
+
+#define SN_id_smime_ct_TDTInfo          "id-smime-ct-TDTInfo"
+#define NID_id_smime_ct_TDTInfo         208
+#define OBJ_id_smime_ct_TDTInfo         OBJ_id_smime_ct,5L
+
+#define SN_id_smime_ct_contentInfo              "id-smime-ct-contentInfo"
+#define NID_id_smime_ct_contentInfo             209
+#define OBJ_id_smime_ct_contentInfo             OBJ_id_smime_ct,6L
+
+#define SN_id_smime_ct_DVCSRequestData          "id-smime-ct-DVCSRequestData"
+#define NID_id_smime_ct_DVCSRequestData         210
+#define OBJ_id_smime_ct_DVCSRequestData         OBJ_id_smime_ct,7L
+
+#define SN_id_smime_ct_DVCSResponseData         "id-smime-ct-DVCSResponseData"
+#define NID_id_smime_ct_DVCSResponseData                211
+#define OBJ_id_smime_ct_DVCSResponseData                OBJ_id_smime_ct,8L
+
+#define SN_id_smime_ct_compressedData           "id-smime-ct-compressedData"
+#define NID_id_smime_ct_compressedData          786
+#define OBJ_id_smime_ct_compressedData          OBJ_id_smime_ct,9L
+
+#define SN_id_smime_ct_contentCollection                "id-smime-ct-contentCollection"
+#define NID_id_smime_ct_contentCollection               1058
+#define OBJ_id_smime_ct_contentCollection               OBJ_id_smime_ct,19L
+
+#define SN_id_smime_ct_authEnvelopedData                "id-smime-ct-authEnvelopedData"
+#define NID_id_smime_ct_authEnvelopedData               1059
+#define OBJ_id_smime_ct_authEnvelopedData               OBJ_id_smime_ct,23L
+
+#define SN_id_ct_asciiTextWithCRLF              "id-ct-asciiTextWithCRLF"
+#define NID_id_ct_asciiTextWithCRLF             787
+#define OBJ_id_ct_asciiTextWithCRLF             OBJ_id_smime_ct,27L
+
+#define SN_id_ct_xml            "id-ct-xml"
+#define NID_id_ct_xml           1060
+#define OBJ_id_ct_xml           OBJ_id_smime_ct,28L
+
+#define SN_id_smime_aa_receiptRequest           "id-smime-aa-receiptRequest"
+#define NID_id_smime_aa_receiptRequest          212
+#define OBJ_id_smime_aa_receiptRequest          OBJ_id_smime_aa,1L
+
+#define SN_id_smime_aa_securityLabel            "id-smime-aa-securityLabel"
+#define NID_id_smime_aa_securityLabel           213
+#define OBJ_id_smime_aa_securityLabel           OBJ_id_smime_aa,2L
+
+#define SN_id_smime_aa_mlExpandHistory          "id-smime-aa-mlExpandHistory"
+#define NID_id_smime_aa_mlExpandHistory         214
+#define OBJ_id_smime_aa_mlExpandHistory         OBJ_id_smime_aa,3L
+
+#define SN_id_smime_aa_contentHint              "id-smime-aa-contentHint"
+#define NID_id_smime_aa_contentHint             215
+#define OBJ_id_smime_aa_contentHint             OBJ_id_smime_aa,4L
+
+#define SN_id_smime_aa_msgSigDigest             "id-smime-aa-msgSigDigest"
+#define NID_id_smime_aa_msgSigDigest            216
+#define OBJ_id_smime_aa_msgSigDigest            OBJ_id_smime_aa,5L
+
+#define SN_id_smime_aa_encapContentType         "id-smime-aa-encapContentType"
+#define NID_id_smime_aa_encapContentType                217
+#define OBJ_id_smime_aa_encapContentType                OBJ_id_smime_aa,6L
+
+#define SN_id_smime_aa_contentIdentifier                "id-smime-aa-contentIdentifier"
+#define NID_id_smime_aa_contentIdentifier               218
+#define OBJ_id_smime_aa_contentIdentifier               OBJ_id_smime_aa,7L
+
+#define SN_id_smime_aa_macValue         "id-smime-aa-macValue"
+#define NID_id_smime_aa_macValue                219
+#define OBJ_id_smime_aa_macValue                OBJ_id_smime_aa,8L
+
+#define SN_id_smime_aa_equivalentLabels         "id-smime-aa-equivalentLabels"
+#define NID_id_smime_aa_equivalentLabels                220
+#define OBJ_id_smime_aa_equivalentLabels                OBJ_id_smime_aa,9L
+
+#define SN_id_smime_aa_contentReference         "id-smime-aa-contentReference"
+#define NID_id_smime_aa_contentReference                221
+#define OBJ_id_smime_aa_contentReference                OBJ_id_smime_aa,10L
+
+#define SN_id_smime_aa_encrypKeyPref            "id-smime-aa-encrypKeyPref"
+#define NID_id_smime_aa_encrypKeyPref           222
+#define OBJ_id_smime_aa_encrypKeyPref           OBJ_id_smime_aa,11L
+
+#define SN_id_smime_aa_signingCertificate               "id-smime-aa-signingCertificate"
+#define NID_id_smime_aa_signingCertificate              223
+#define OBJ_id_smime_aa_signingCertificate              OBJ_id_smime_aa,12L
+
+#define SN_id_smime_aa_smimeEncryptCerts                "id-smime-aa-smimeEncryptCerts"
+#define NID_id_smime_aa_smimeEncryptCerts               224
+#define OBJ_id_smime_aa_smimeEncryptCerts               OBJ_id_smime_aa,13L
+
+#define SN_id_smime_aa_timeStampToken           "id-smime-aa-timeStampToken"
+#define NID_id_smime_aa_timeStampToken          225
+#define OBJ_id_smime_aa_timeStampToken          OBJ_id_smime_aa,14L
+
+#define SN_id_smime_aa_ets_sigPolicyId          "id-smime-aa-ets-sigPolicyId"
+#define NID_id_smime_aa_ets_sigPolicyId         226
+#define OBJ_id_smime_aa_ets_sigPolicyId         OBJ_id_smime_aa,15L
+
+#define SN_id_smime_aa_ets_commitmentType               "id-smime-aa-ets-commitmentType"
+#define NID_id_smime_aa_ets_commitmentType              227
+#define OBJ_id_smime_aa_ets_commitmentType              OBJ_id_smime_aa,16L
+
+#define SN_id_smime_aa_ets_signerLocation               "id-smime-aa-ets-signerLocation"
+#define NID_id_smime_aa_ets_signerLocation              228
+#define OBJ_id_smime_aa_ets_signerLocation              OBJ_id_smime_aa,17L
+
+#define SN_id_smime_aa_ets_signerAttr           "id-smime-aa-ets-signerAttr"
+#define NID_id_smime_aa_ets_signerAttr          229
+#define OBJ_id_smime_aa_ets_signerAttr          OBJ_id_smime_aa,18L
+
+#define SN_id_smime_aa_ets_otherSigCert         "id-smime-aa-ets-otherSigCert"
+#define NID_id_smime_aa_ets_otherSigCert                230
+#define OBJ_id_smime_aa_ets_otherSigCert                OBJ_id_smime_aa,19L
+
+#define SN_id_smime_aa_ets_contentTimestamp             "id-smime-aa-ets-contentTimestamp"
+#define NID_id_smime_aa_ets_contentTimestamp            231
+#define OBJ_id_smime_aa_ets_contentTimestamp            OBJ_id_smime_aa,20L
+
+#define SN_id_smime_aa_ets_CertificateRefs              "id-smime-aa-ets-CertificateRefs"
+#define NID_id_smime_aa_ets_CertificateRefs             232
+#define OBJ_id_smime_aa_ets_CertificateRefs             OBJ_id_smime_aa,21L
+
+#define SN_id_smime_aa_ets_RevocationRefs               "id-smime-aa-ets-RevocationRefs"
+#define NID_id_smime_aa_ets_RevocationRefs              233
+#define OBJ_id_smime_aa_ets_RevocationRefs              OBJ_id_smime_aa,22L
+
+#define SN_id_smime_aa_ets_certValues           "id-smime-aa-ets-certValues"
+#define NID_id_smime_aa_ets_certValues          234
+#define OBJ_id_smime_aa_ets_certValues          OBJ_id_smime_aa,23L
+
+#define SN_id_smime_aa_ets_revocationValues             "id-smime-aa-ets-revocationValues"
+#define NID_id_smime_aa_ets_revocationValues            235
+#define OBJ_id_smime_aa_ets_revocationValues            OBJ_id_smime_aa,24L
+
+#define SN_id_smime_aa_ets_escTimeStamp         "id-smime-aa-ets-escTimeStamp"
+#define NID_id_smime_aa_ets_escTimeStamp                236
+#define OBJ_id_smime_aa_ets_escTimeStamp                OBJ_id_smime_aa,25L
+
+#define SN_id_smime_aa_ets_certCRLTimestamp             "id-smime-aa-ets-certCRLTimestamp"
+#define NID_id_smime_aa_ets_certCRLTimestamp            237
+#define OBJ_id_smime_aa_ets_certCRLTimestamp            OBJ_id_smime_aa,26L
+
+#define SN_id_smime_aa_ets_archiveTimeStamp             "id-smime-aa-ets-archiveTimeStamp"
+#define NID_id_smime_aa_ets_archiveTimeStamp            238
+#define OBJ_id_smime_aa_ets_archiveTimeStamp            OBJ_id_smime_aa,27L
+
+#define SN_id_smime_aa_signatureType            "id-smime-aa-signatureType"
+#define NID_id_smime_aa_signatureType           239
+#define OBJ_id_smime_aa_signatureType           OBJ_id_smime_aa,28L
+
+#define SN_id_smime_aa_dvcs_dvc         "id-smime-aa-dvcs-dvc"
+#define NID_id_smime_aa_dvcs_dvc                240
+#define OBJ_id_smime_aa_dvcs_dvc                OBJ_id_smime_aa,29L
+
+#define SN_id_smime_aa_signingCertificateV2             "id-smime-aa-signingCertificateV2"
+#define NID_id_smime_aa_signingCertificateV2            1086
+#define OBJ_id_smime_aa_signingCertificateV2            OBJ_id_smime_aa,47L
+
+#define SN_id_smime_alg_ESDHwith3DES            "id-smime-alg-ESDHwith3DES"
+#define NID_id_smime_alg_ESDHwith3DES           241
+#define OBJ_id_smime_alg_ESDHwith3DES           OBJ_id_smime_alg,1L
+
+#define SN_id_smime_alg_ESDHwithRC2             "id-smime-alg-ESDHwithRC2"
+#define NID_id_smime_alg_ESDHwithRC2            242
+#define OBJ_id_smime_alg_ESDHwithRC2            OBJ_id_smime_alg,2L
+
+#define SN_id_smime_alg_3DESwrap                "id-smime-alg-3DESwrap"
+#define NID_id_smime_alg_3DESwrap               243
+#define OBJ_id_smime_alg_3DESwrap               OBJ_id_smime_alg,3L
+
+#define SN_id_smime_alg_RC2wrap         "id-smime-alg-RC2wrap"
+#define NID_id_smime_alg_RC2wrap                244
+#define OBJ_id_smime_alg_RC2wrap                OBJ_id_smime_alg,4L
+
+#define SN_id_smime_alg_ESDH            "id-smime-alg-ESDH"
+#define NID_id_smime_alg_ESDH           245
+#define OBJ_id_smime_alg_ESDH           OBJ_id_smime_alg,5L
+
+#define SN_id_smime_alg_CMS3DESwrap             "id-smime-alg-CMS3DESwrap"
+#define NID_id_smime_alg_CMS3DESwrap            246
+#define OBJ_id_smime_alg_CMS3DESwrap            OBJ_id_smime_alg,6L
+
+#define SN_id_smime_alg_CMSRC2wrap              "id-smime-alg-CMSRC2wrap"
+#define NID_id_smime_alg_CMSRC2wrap             247
+#define OBJ_id_smime_alg_CMSRC2wrap             OBJ_id_smime_alg,7L
+
+#define SN_id_alg_PWRI_KEK              "id-alg-PWRI-KEK"
+#define NID_id_alg_PWRI_KEK             893
+#define OBJ_id_alg_PWRI_KEK             OBJ_id_smime_alg,9L
+
+#define SN_id_smime_cd_ldap             "id-smime-cd-ldap"
+#define NID_id_smime_cd_ldap            248
+#define OBJ_id_smime_cd_ldap            OBJ_id_smime_cd,1L
+
+#define SN_id_smime_spq_ets_sqt_uri             "id-smime-spq-ets-sqt-uri"
+#define NID_id_smime_spq_ets_sqt_uri            249
+#define OBJ_id_smime_spq_ets_sqt_uri            OBJ_id_smime_spq,1L
+
+#define SN_id_smime_spq_ets_sqt_unotice         "id-smime-spq-ets-sqt-unotice"
+#define NID_id_smime_spq_ets_sqt_unotice                250
+#define OBJ_id_smime_spq_ets_sqt_unotice                OBJ_id_smime_spq,2L
+
+#define SN_id_smime_cti_ets_proofOfOrigin               "id-smime-cti-ets-proofOfOrigin"
+#define NID_id_smime_cti_ets_proofOfOrigin              251
+#define OBJ_id_smime_cti_ets_proofOfOrigin              OBJ_id_smime_cti,1L
+
+#define SN_id_smime_cti_ets_proofOfReceipt              "id-smime-cti-ets-proofOfReceipt"
+#define NID_id_smime_cti_ets_proofOfReceipt             252
+#define OBJ_id_smime_cti_ets_proofOfReceipt             OBJ_id_smime_cti,2L
+
+#define SN_id_smime_cti_ets_proofOfDelivery             "id-smime-cti-ets-proofOfDelivery"
+#define NID_id_smime_cti_ets_proofOfDelivery            253
+#define OBJ_id_smime_cti_ets_proofOfDelivery            OBJ_id_smime_cti,3L
+
+#define SN_id_smime_cti_ets_proofOfSender               "id-smime-cti-ets-proofOfSender"
+#define NID_id_smime_cti_ets_proofOfSender              254
+#define OBJ_id_smime_cti_ets_proofOfSender              OBJ_id_smime_cti,4L
+
+#define SN_id_smime_cti_ets_proofOfApproval             "id-smime-cti-ets-proofOfApproval"
+#define NID_id_smime_cti_ets_proofOfApproval            255
+#define OBJ_id_smime_cti_ets_proofOfApproval            OBJ_id_smime_cti,5L
+
+#define SN_id_smime_cti_ets_proofOfCreation             "id-smime-cti-ets-proofOfCreation"
+#define NID_id_smime_cti_ets_proofOfCreation            256
+#define OBJ_id_smime_cti_ets_proofOfCreation            OBJ_id_smime_cti,6L
+
+#define LN_friendlyName         "friendlyName"
+#define NID_friendlyName                156
+#define OBJ_friendlyName                OBJ_pkcs9,20L
+
+#define LN_localKeyID           "localKeyID"
+#define NID_localKeyID          157
+#define OBJ_localKeyID          OBJ_pkcs9,21L
+
+#define SN_ms_csp_name          "CSPName"
+#define LN_ms_csp_name          "Microsoft CSP Name"
+#define NID_ms_csp_name         417
+#define OBJ_ms_csp_name         1L,3L,6L,1L,4L,1L,311L,17L,1L
+
+#define SN_LocalKeySet          "LocalKeySet"
+#define LN_LocalKeySet          "Microsoft Local Key set"
+#define NID_LocalKeySet         856
+#define OBJ_LocalKeySet         1L,3L,6L,1L,4L,1L,311L,17L,2L
+
+#define OBJ_certTypes           OBJ_pkcs9,22L
+
+#define LN_x509Certificate              "x509Certificate"
+#define NID_x509Certificate             158
+#define OBJ_x509Certificate             OBJ_certTypes,1L
+
+#define LN_sdsiCertificate              "sdsiCertificate"
+#define NID_sdsiCertificate             159
+#define OBJ_sdsiCertificate             OBJ_certTypes,2L
+
+#define OBJ_crlTypes            OBJ_pkcs9,23L
+
+#define LN_x509Crl              "x509Crl"
+#define NID_x509Crl             160
+#define OBJ_x509Crl             OBJ_crlTypes,1L
+
+#define OBJ_pkcs12              OBJ_pkcs,12L
+
+#define OBJ_pkcs12_pbeids               OBJ_pkcs12,1L
+
+#define SN_pbe_WithSHA1And128BitRC4             "PBE-SHA1-RC4-128"
+#define LN_pbe_WithSHA1And128BitRC4             "pbeWithSHA1And128BitRC4"
+#define NID_pbe_WithSHA1And128BitRC4            144
+#define OBJ_pbe_WithSHA1And128BitRC4            OBJ_pkcs12_pbeids,1L
+
+#define SN_pbe_WithSHA1And40BitRC4              "PBE-SHA1-RC4-40"
+#define LN_pbe_WithSHA1And40BitRC4              "pbeWithSHA1And40BitRC4"
+#define NID_pbe_WithSHA1And40BitRC4             145
+#define OBJ_pbe_WithSHA1And40BitRC4             OBJ_pkcs12_pbeids,2L
+
+#define SN_pbe_WithSHA1And3_Key_TripleDES_CBC           "PBE-SHA1-3DES"
+#define LN_pbe_WithSHA1And3_Key_TripleDES_CBC           "pbeWithSHA1And3-KeyTripleDES-CBC"
+#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC          146
+#define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC          OBJ_pkcs12_pbeids,3L
+
+#define SN_pbe_WithSHA1And2_Key_TripleDES_CBC           "PBE-SHA1-2DES"
+#define LN_pbe_WithSHA1And2_Key_TripleDES_CBC           "pbeWithSHA1And2-KeyTripleDES-CBC"
+#define NID_pbe_WithSHA1And2_Key_TripleDES_CBC          147
+#define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC          OBJ_pkcs12_pbeids,4L
+
+#define SN_pbe_WithSHA1And128BitRC2_CBC         "PBE-SHA1-RC2-128"
+#define LN_pbe_WithSHA1And128BitRC2_CBC         "pbeWithSHA1And128BitRC2-CBC"
+#define NID_pbe_WithSHA1And128BitRC2_CBC                148
+#define OBJ_pbe_WithSHA1And128BitRC2_CBC                OBJ_pkcs12_pbeids,5L
+
+#define SN_pbe_WithSHA1And40BitRC2_CBC          "PBE-SHA1-RC2-40"
+#define LN_pbe_WithSHA1And40BitRC2_CBC          "pbeWithSHA1And40BitRC2-CBC"
+#define NID_pbe_WithSHA1And40BitRC2_CBC         149
+#define OBJ_pbe_WithSHA1And40BitRC2_CBC         OBJ_pkcs12_pbeids,6L
+
+#define OBJ_pkcs12_Version1             OBJ_pkcs12,10L
+
+#define OBJ_pkcs12_BagIds               OBJ_pkcs12_Version1,1L
+
+#define LN_keyBag               "keyBag"
+#define NID_keyBag              150
+#define OBJ_keyBag              OBJ_pkcs12_BagIds,1L
+
+#define LN_pkcs8ShroudedKeyBag          "pkcs8ShroudedKeyBag"
+#define NID_pkcs8ShroudedKeyBag         151
+#define OBJ_pkcs8ShroudedKeyBag         OBJ_pkcs12_BagIds,2L
+
+#define LN_certBag              "certBag"
+#define NID_certBag             152
+#define OBJ_certBag             OBJ_pkcs12_BagIds,3L
+
+#define LN_crlBag               "crlBag"
+#define NID_crlBag              153
+#define OBJ_crlBag              OBJ_pkcs12_BagIds,4L
+
+#define LN_secretBag            "secretBag"
+#define NID_secretBag           154
+#define OBJ_secretBag           OBJ_pkcs12_BagIds,5L
+
+#define LN_safeContentsBag              "safeContentsBag"
+#define NID_safeContentsBag             155
+#define OBJ_safeContentsBag             OBJ_pkcs12_BagIds,6L
+
+#define SN_md2          "MD2"
+#define LN_md2          "md2"
+#define NID_md2         3
+#define OBJ_md2         OBJ_rsadsi,2L,2L
+
+#define SN_md4          "MD4"
+#define LN_md4          "md4"
+#define NID_md4         257
+#define OBJ_md4         OBJ_rsadsi,2L,4L
+
+#define SN_md5          "MD5"
+#define LN_md5          "md5"
+#define NID_md5         4
+#define OBJ_md5         OBJ_rsadsi,2L,5L
+
+#define SN_md5_sha1             "MD5-SHA1"
+#define LN_md5_sha1             "md5-sha1"
+#define NID_md5_sha1            114
+
+#define LN_hmacWithMD5          "hmacWithMD5"
+#define NID_hmacWithMD5         797
+#define OBJ_hmacWithMD5         OBJ_rsadsi,2L,6L
+
+#define LN_hmacWithSHA1         "hmacWithSHA1"
+#define NID_hmacWithSHA1                163
+#define OBJ_hmacWithSHA1                OBJ_rsadsi,2L,7L
+
+#define SN_sm2          "SM2"
+#define LN_sm2          "sm2"
+#define NID_sm2         1172
+#define OBJ_sm2         OBJ_sm_scheme,301L
+
+#define SN_sm3          "SM3"
+#define LN_sm3          "sm3"
+#define NID_sm3         1143
+#define OBJ_sm3         OBJ_sm_scheme,401L
+
+#define SN_sm3WithRSAEncryption         "RSA-SM3"
+#define LN_sm3WithRSAEncryption         "sm3WithRSAEncryption"
+#define NID_sm3WithRSAEncryption                1144
+#define OBJ_sm3WithRSAEncryption                OBJ_sm_scheme,504L
+
+#define LN_hmacWithSHA224               "hmacWithSHA224"
+#define NID_hmacWithSHA224              798
+#define OBJ_hmacWithSHA224              OBJ_rsadsi,2L,8L
+
+#define LN_hmacWithSHA256               "hmacWithSHA256"
+#define NID_hmacWithSHA256              799
+#define OBJ_hmacWithSHA256              OBJ_rsadsi,2L,9L
+
+#define LN_hmacWithSHA384               "hmacWithSHA384"
+#define NID_hmacWithSHA384              800
+#define OBJ_hmacWithSHA384              OBJ_rsadsi,2L,10L
+
+#define LN_hmacWithSHA512               "hmacWithSHA512"
+#define NID_hmacWithSHA512              801
+#define OBJ_hmacWithSHA512              OBJ_rsadsi,2L,11L
+
+#define LN_hmacWithSHA512_224           "hmacWithSHA512-224"
+#define NID_hmacWithSHA512_224          1193
+#define OBJ_hmacWithSHA512_224          OBJ_rsadsi,2L,12L
+
+#define LN_hmacWithSHA512_256           "hmacWithSHA512-256"
+#define NID_hmacWithSHA512_256          1194
+#define OBJ_hmacWithSHA512_256          OBJ_rsadsi,2L,13L
+
+#define SN_rc2_cbc              "RC2-CBC"
+#define LN_rc2_cbc              "rc2-cbc"
+#define NID_rc2_cbc             37
+#define OBJ_rc2_cbc             OBJ_rsadsi,3L,2L
+
+#define SN_rc2_ecb              "RC2-ECB"
+#define LN_rc2_ecb              "rc2-ecb"
+#define NID_rc2_ecb             38
+
+#define SN_rc2_cfb64            "RC2-CFB"
+#define LN_rc2_cfb64            "rc2-cfb"
+#define NID_rc2_cfb64           39
+
+#define SN_rc2_ofb64            "RC2-OFB"
+#define LN_rc2_ofb64            "rc2-ofb"
+#define NID_rc2_ofb64           40
+
+#define SN_rc2_40_cbc           "RC2-40-CBC"
+#define LN_rc2_40_cbc           "rc2-40-cbc"
+#define NID_rc2_40_cbc          98
+
+#define SN_rc2_64_cbc           "RC2-64-CBC"
+#define LN_rc2_64_cbc           "rc2-64-cbc"
+#define NID_rc2_64_cbc          166
+
+#define SN_rc4          "RC4"
+#define LN_rc4          "rc4"
+#define NID_rc4         5
+#define OBJ_rc4         OBJ_rsadsi,3L,4L
+
+#define SN_rc4_40               "RC4-40"
+#define LN_rc4_40               "rc4-40"
+#define NID_rc4_40              97
+
+#define SN_des_ede3_cbc         "DES-EDE3-CBC"
+#define LN_des_ede3_cbc         "des-ede3-cbc"
+#define NID_des_ede3_cbc                44
+#define OBJ_des_ede3_cbc                OBJ_rsadsi,3L,7L
+
+#define SN_rc5_cbc              "RC5-CBC"
+#define LN_rc5_cbc              "rc5-cbc"
+#define NID_rc5_cbc             120
+#define OBJ_rc5_cbc             OBJ_rsadsi,3L,8L
+
+#define SN_rc5_ecb              "RC5-ECB"
+#define LN_rc5_ecb              "rc5-ecb"
+#define NID_rc5_ecb             121
+
+#define SN_rc5_cfb64            "RC5-CFB"
+#define LN_rc5_cfb64            "rc5-cfb"
+#define NID_rc5_cfb64           122
+
+#define SN_rc5_ofb64            "RC5-OFB"
+#define LN_rc5_ofb64            "rc5-ofb"
+#define NID_rc5_ofb64           123
+
+#define SN_ms_ext_req           "msExtReq"
+#define LN_ms_ext_req           "Microsoft Extension Request"
+#define NID_ms_ext_req          171
+#define OBJ_ms_ext_req          1L,3L,6L,1L,4L,1L,311L,2L,1L,14L
+
+#define SN_ms_code_ind          "msCodeInd"
+#define LN_ms_code_ind          "Microsoft Individual Code Signing"
+#define NID_ms_code_ind         134
+#define OBJ_ms_code_ind         1L,3L,6L,1L,4L,1L,311L,2L,1L,21L
+
+#define SN_ms_code_com          "msCodeCom"
+#define LN_ms_code_com          "Microsoft Commercial Code Signing"
+#define NID_ms_code_com         135
+#define OBJ_ms_code_com         1L,3L,6L,1L,4L,1L,311L,2L,1L,22L
+
+#define SN_ms_ctl_sign          "msCTLSign"
+#define LN_ms_ctl_sign          "Microsoft Trust List Signing"
+#define NID_ms_ctl_sign         136
+#define OBJ_ms_ctl_sign         1L,3L,6L,1L,4L,1L,311L,10L,3L,1L
+
+#define SN_ms_sgc               "msSGC"
+#define LN_ms_sgc               "Microsoft Server Gated Crypto"
+#define NID_ms_sgc              137
+#define OBJ_ms_sgc              1L,3L,6L,1L,4L,1L,311L,10L,3L,3L
+
+#define SN_ms_efs               "msEFS"
+#define LN_ms_efs               "Microsoft Encrypted File System"
+#define NID_ms_efs              138
+#define OBJ_ms_efs              1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
+
+#define SN_ms_smartcard_login           "msSmartcardLogin"
+#define LN_ms_smartcard_login           "Microsoft Smartcardlogin"
+#define NID_ms_smartcard_login          648
+#define OBJ_ms_smartcard_login          1L,3L,6L,1L,4L,1L,311L,20L,2L,2L
+
+#define SN_ms_upn               "msUPN"
+#define LN_ms_upn               "Microsoft Universal Principal Name"
+#define NID_ms_upn              649
+#define OBJ_ms_upn              1L,3L,6L,1L,4L,1L,311L,20L,2L,3L
+
+#define SN_idea_cbc             "IDEA-CBC"
+#define LN_idea_cbc             "idea-cbc"
+#define NID_idea_cbc            34
+#define OBJ_idea_cbc            1L,3L,6L,1L,4L,1L,188L,7L,1L,1L,2L
+
+#define SN_idea_ecb             "IDEA-ECB"
+#define LN_idea_ecb             "idea-ecb"
+#define NID_idea_ecb            36
+
+#define SN_idea_cfb64           "IDEA-CFB"
+#define LN_idea_cfb64           "idea-cfb"
+#define NID_idea_cfb64          35
+
+#define SN_idea_ofb64           "IDEA-OFB"
+#define LN_idea_ofb64           "idea-ofb"
+#define NID_idea_ofb64          46
+
+#define SN_bf_cbc               "BF-CBC"
+#define LN_bf_cbc               "bf-cbc"
+#define NID_bf_cbc              91
+#define OBJ_bf_cbc              1L,3L,6L,1L,4L,1L,3029L,1L,2L
+
+#define SN_bf_ecb               "BF-ECB"
+#define LN_bf_ecb               "bf-ecb"
+#define NID_bf_ecb              92
+
+#define SN_bf_cfb64             "BF-CFB"
+#define LN_bf_cfb64             "bf-cfb"
+#define NID_bf_cfb64            93
+
+#define SN_bf_ofb64             "BF-OFB"
+#define LN_bf_ofb64             "bf-ofb"
+#define NID_bf_ofb64            94
+
+#define SN_id_pkix              "PKIX"
+#define NID_id_pkix             127
+#define OBJ_id_pkix             1L,3L,6L,1L,5L,5L,7L
+
+#define SN_id_pkix_mod          "id-pkix-mod"
+#define NID_id_pkix_mod         258
+#define OBJ_id_pkix_mod         OBJ_id_pkix,0L
+
+#define SN_id_pe                "id-pe"
+#define NID_id_pe               175
+#define OBJ_id_pe               OBJ_id_pkix,1L
+
+#define SN_id_qt                "id-qt"
+#define NID_id_qt               259
+#define OBJ_id_qt               OBJ_id_pkix,2L
+
+#define SN_id_kp                "id-kp"
+#define NID_id_kp               128
+#define OBJ_id_kp               OBJ_id_pkix,3L
+
+#define SN_id_it                "id-it"
+#define NID_id_it               260
+#define OBJ_id_it               OBJ_id_pkix,4L
+
+#define SN_id_pkip              "id-pkip"
+#define NID_id_pkip             261
+#define OBJ_id_pkip             OBJ_id_pkix,5L
+
+#define SN_id_alg               "id-alg"
+#define NID_id_alg              262
+#define OBJ_id_alg              OBJ_id_pkix,6L
+
+#define SN_id_cmc               "id-cmc"
+#define NID_id_cmc              263
+#define OBJ_id_cmc              OBJ_id_pkix,7L
+
+#define SN_id_on                "id-on"
+#define NID_id_on               264
+#define OBJ_id_on               OBJ_id_pkix,8L
+
+#define SN_id_pda               "id-pda"
+#define NID_id_pda              265
+#define OBJ_id_pda              OBJ_id_pkix,9L
+
+#define SN_id_aca               "id-aca"
+#define NID_id_aca              266
+#define OBJ_id_aca              OBJ_id_pkix,10L
+
+#define SN_id_qcs               "id-qcs"
+#define NID_id_qcs              267
+#define OBJ_id_qcs              OBJ_id_pkix,11L
+
+#define SN_id_cct               "id-cct"
+#define NID_id_cct              268
+#define OBJ_id_cct              OBJ_id_pkix,12L
+
+#define SN_id_ppl               "id-ppl"
+#define NID_id_ppl              662
+#define OBJ_id_ppl              OBJ_id_pkix,21L
+
+#define SN_id_ad                "id-ad"
+#define NID_id_ad               176
+#define OBJ_id_ad               OBJ_id_pkix,48L
+
+#define SN_id_pkix1_explicit_88         "id-pkix1-explicit-88"
+#define NID_id_pkix1_explicit_88                269
+#define OBJ_id_pkix1_explicit_88                OBJ_id_pkix_mod,1L
+
+#define SN_id_pkix1_implicit_88         "id-pkix1-implicit-88"
+#define NID_id_pkix1_implicit_88                270
+#define OBJ_id_pkix1_implicit_88                OBJ_id_pkix_mod,2L
+
+#define SN_id_pkix1_explicit_93         "id-pkix1-explicit-93"
+#define NID_id_pkix1_explicit_93                271
+#define OBJ_id_pkix1_explicit_93                OBJ_id_pkix_mod,3L
+
+#define SN_id_pkix1_implicit_93         "id-pkix1-implicit-93"
+#define NID_id_pkix1_implicit_93                272
+#define OBJ_id_pkix1_implicit_93                OBJ_id_pkix_mod,4L
+
+#define SN_id_mod_crmf          "id-mod-crmf"
+#define NID_id_mod_crmf         273
+#define OBJ_id_mod_crmf         OBJ_id_pkix_mod,5L
+
+#define SN_id_mod_cmc           "id-mod-cmc"
+#define NID_id_mod_cmc          274
+#define OBJ_id_mod_cmc          OBJ_id_pkix_mod,6L
+
+#define SN_id_mod_kea_profile_88                "id-mod-kea-profile-88"
+#define NID_id_mod_kea_profile_88               275
+#define OBJ_id_mod_kea_profile_88               OBJ_id_pkix_mod,7L
+
+#define SN_id_mod_kea_profile_93                "id-mod-kea-profile-93"
+#define NID_id_mod_kea_profile_93               276
+#define OBJ_id_mod_kea_profile_93               OBJ_id_pkix_mod,8L
+
+#define SN_id_mod_cmp           "id-mod-cmp"
+#define NID_id_mod_cmp          277
+#define OBJ_id_mod_cmp          OBJ_id_pkix_mod,9L
+
+#define SN_id_mod_qualified_cert_88             "id-mod-qualified-cert-88"
+#define NID_id_mod_qualified_cert_88            278
+#define OBJ_id_mod_qualified_cert_88            OBJ_id_pkix_mod,10L
+
+#define SN_id_mod_qualified_cert_93             "id-mod-qualified-cert-93"
+#define NID_id_mod_qualified_cert_93            279
+#define OBJ_id_mod_qualified_cert_93            OBJ_id_pkix_mod,11L
+
+#define SN_id_mod_attribute_cert                "id-mod-attribute-cert"
+#define NID_id_mod_attribute_cert               280
+#define OBJ_id_mod_attribute_cert               OBJ_id_pkix_mod,12L
+
+#define SN_id_mod_timestamp_protocol            "id-mod-timestamp-protocol"
+#define NID_id_mod_timestamp_protocol           281
+#define OBJ_id_mod_timestamp_protocol           OBJ_id_pkix_mod,13L
+
+#define SN_id_mod_ocsp          "id-mod-ocsp"
+#define NID_id_mod_ocsp         282
+#define OBJ_id_mod_ocsp         OBJ_id_pkix_mod,14L
+
+#define SN_id_mod_dvcs          "id-mod-dvcs"
+#define NID_id_mod_dvcs         283
+#define OBJ_id_mod_dvcs         OBJ_id_pkix_mod,15L
+
+#define SN_id_mod_cmp2000               "id-mod-cmp2000"
+#define NID_id_mod_cmp2000              284
+#define OBJ_id_mod_cmp2000              OBJ_id_pkix_mod,16L
+
+#define SN_info_access          "authorityInfoAccess"
+#define LN_info_access          "Authority Information Access"
+#define NID_info_access         177
+#define OBJ_info_access         OBJ_id_pe,1L
+
+#define SN_biometricInfo                "biometricInfo"
+#define LN_biometricInfo                "Biometric Info"
+#define NID_biometricInfo               285
+#define OBJ_biometricInfo               OBJ_id_pe,2L
+
+#define SN_qcStatements         "qcStatements"
+#define NID_qcStatements                286
+#define OBJ_qcStatements                OBJ_id_pe,3L
+
+#define SN_ac_auditEntity               "ac-auditEntity"
+#define NID_ac_auditEntity              287
+#define OBJ_ac_auditEntity              OBJ_id_pe,4L
+
+#define SN_ac_targeting         "ac-targeting"
+#define NID_ac_targeting                288
+#define OBJ_ac_targeting                OBJ_id_pe,5L
+
+#define SN_aaControls           "aaControls"
+#define NID_aaControls          289
+#define OBJ_aaControls          OBJ_id_pe,6L
+
+#define SN_sbgp_ipAddrBlock             "sbgp-ipAddrBlock"
+#define NID_sbgp_ipAddrBlock            290
+#define OBJ_sbgp_ipAddrBlock            OBJ_id_pe,7L
+
+#define SN_sbgp_autonomousSysNum                "sbgp-autonomousSysNum"
+#define NID_sbgp_autonomousSysNum               291
+#define OBJ_sbgp_autonomousSysNum               OBJ_id_pe,8L
+
+#define SN_sbgp_routerIdentifier                "sbgp-routerIdentifier"
+#define NID_sbgp_routerIdentifier               292
+#define OBJ_sbgp_routerIdentifier               OBJ_id_pe,9L
+
+#define SN_ac_proxying          "ac-proxying"
+#define NID_ac_proxying         397
+#define OBJ_ac_proxying         OBJ_id_pe,10L
+
+#define SN_sinfo_access         "subjectInfoAccess"
+#define LN_sinfo_access         "Subject Information Access"
+#define NID_sinfo_access                398
+#define OBJ_sinfo_access                OBJ_id_pe,11L
+
+#define SN_proxyCertInfo                "proxyCertInfo"
+#define LN_proxyCertInfo                "Proxy Certificate Information"
+#define NID_proxyCertInfo               663
+#define OBJ_proxyCertInfo               OBJ_id_pe,14L
+
+#define SN_tlsfeature           "tlsfeature"
+#define LN_tlsfeature           "TLS Feature"
+#define NID_tlsfeature          1020
+#define OBJ_tlsfeature          OBJ_id_pe,24L
+
+#define SN_id_qt_cps            "id-qt-cps"
+#define LN_id_qt_cps            "Policy Qualifier CPS"
+#define NID_id_qt_cps           164
+#define OBJ_id_qt_cps           OBJ_id_qt,1L
+
+#define SN_id_qt_unotice                "id-qt-unotice"
+#define LN_id_qt_unotice                "Policy Qualifier User Notice"
+#define NID_id_qt_unotice               165
+#define OBJ_id_qt_unotice               OBJ_id_qt,2L
+
+#define SN_textNotice           "textNotice"
+#define NID_textNotice          293
+#define OBJ_textNotice          OBJ_id_qt,3L
+
+#define SN_server_auth          "serverAuth"
+#define LN_server_auth          "TLS Web Server Authentication"
+#define NID_server_auth         129
+#define OBJ_server_auth         OBJ_id_kp,1L
+
+#define SN_client_auth          "clientAuth"
+#define LN_client_auth          "TLS Web Client Authentication"
+#define NID_client_auth         130
+#define OBJ_client_auth         OBJ_id_kp,2L
+
+#define SN_code_sign            "codeSigning"
+#define LN_code_sign            "Code Signing"
+#define NID_code_sign           131
+#define OBJ_code_sign           OBJ_id_kp,3L
+
+#define SN_email_protect                "emailProtection"
+#define LN_email_protect                "E-mail Protection"
+#define NID_email_protect               132
+#define OBJ_email_protect               OBJ_id_kp,4L
+
+#define SN_ipsecEndSystem               "ipsecEndSystem"
+#define LN_ipsecEndSystem               "IPSec End System"
+#define NID_ipsecEndSystem              294
+#define OBJ_ipsecEndSystem              OBJ_id_kp,5L
+
+#define SN_ipsecTunnel          "ipsecTunnel"
+#define LN_ipsecTunnel          "IPSec Tunnel"
+#define NID_ipsecTunnel         295
+#define OBJ_ipsecTunnel         OBJ_id_kp,6L
+
+#define SN_ipsecUser            "ipsecUser"
+#define LN_ipsecUser            "IPSec User"
+#define NID_ipsecUser           296
+#define OBJ_ipsecUser           OBJ_id_kp,7L
+
+#define SN_time_stamp           "timeStamping"
+#define LN_time_stamp           "Time Stamping"
+#define NID_time_stamp          133
+#define OBJ_time_stamp          OBJ_id_kp,8L
+
+#define SN_OCSP_sign            "OCSPSigning"
+#define LN_OCSP_sign            "OCSP Signing"
+#define NID_OCSP_sign           180
+#define OBJ_OCSP_sign           OBJ_id_kp,9L
+
+#define SN_dvcs         "DVCS"
+#define LN_dvcs         "dvcs"
+#define NID_dvcs                297
+#define OBJ_dvcs                OBJ_id_kp,10L
+
+#define SN_ipsec_IKE            "ipsecIKE"
+#define LN_ipsec_IKE            "ipsec Internet Key Exchange"
+#define NID_ipsec_IKE           1022
+#define OBJ_ipsec_IKE           OBJ_id_kp,17L
+
+#define SN_capwapAC             "capwapAC"
+#define LN_capwapAC             "Ctrl/provision WAP Access"
+#define NID_capwapAC            1023
+#define OBJ_capwapAC            OBJ_id_kp,18L
+
+#define SN_capwapWTP            "capwapWTP"
+#define LN_capwapWTP            "Ctrl/Provision WAP Termination"
+#define NID_capwapWTP           1024
+#define OBJ_capwapWTP           OBJ_id_kp,19L
+
+#define SN_sshClient            "secureShellClient"
+#define LN_sshClient            "SSH Client"
+#define NID_sshClient           1025
+#define OBJ_sshClient           OBJ_id_kp,21L
+
+#define SN_sshServer            "secureShellServer"
+#define LN_sshServer            "SSH Server"
+#define NID_sshServer           1026
+#define OBJ_sshServer           OBJ_id_kp,22L
+
+#define SN_sendRouter           "sendRouter"
+#define LN_sendRouter           "Send Router"
+#define NID_sendRouter          1027
+#define OBJ_sendRouter          OBJ_id_kp,23L
+
+#define SN_sendProxiedRouter            "sendProxiedRouter"
+#define LN_sendProxiedRouter            "Send Proxied Router"
+#define NID_sendProxiedRouter           1028
+#define OBJ_sendProxiedRouter           OBJ_id_kp,24L
+
+#define SN_sendOwner            "sendOwner"
+#define LN_sendOwner            "Send Owner"
+#define NID_sendOwner           1029
+#define OBJ_sendOwner           OBJ_id_kp,25L
+
+#define SN_sendProxiedOwner             "sendProxiedOwner"
+#define LN_sendProxiedOwner             "Send Proxied Owner"
+#define NID_sendProxiedOwner            1030
+#define OBJ_sendProxiedOwner            OBJ_id_kp,26L
+
+#define SN_cmcCA                "cmcCA"
+#define LN_cmcCA                "CMC Certificate Authority"
+#define NID_cmcCA               1131
+#define OBJ_cmcCA               OBJ_id_kp,27L
+
+#define SN_cmcRA                "cmcRA"
+#define LN_cmcRA                "CMC Registration Authority"
+#define NID_cmcRA               1132
+#define OBJ_cmcRA               OBJ_id_kp,28L
+
+#define SN_id_it_caProtEncCert          "id-it-caProtEncCert"
+#define NID_id_it_caProtEncCert         298
+#define OBJ_id_it_caProtEncCert         OBJ_id_it,1L
+
+#define SN_id_it_signKeyPairTypes               "id-it-signKeyPairTypes"
+#define NID_id_it_signKeyPairTypes              299
+#define OBJ_id_it_signKeyPairTypes              OBJ_id_it,2L
+
+#define SN_id_it_encKeyPairTypes                "id-it-encKeyPairTypes"
+#define NID_id_it_encKeyPairTypes               300
+#define OBJ_id_it_encKeyPairTypes               OBJ_id_it,3L
+
+#define SN_id_it_preferredSymmAlg               "id-it-preferredSymmAlg"
+#define NID_id_it_preferredSymmAlg              301
+#define OBJ_id_it_preferredSymmAlg              OBJ_id_it,4L
+
+#define SN_id_it_caKeyUpdateInfo                "id-it-caKeyUpdateInfo"
+#define NID_id_it_caKeyUpdateInfo               302
+#define OBJ_id_it_caKeyUpdateInfo               OBJ_id_it,5L
+
+#define SN_id_it_currentCRL             "id-it-currentCRL"
+#define NID_id_it_currentCRL            303
+#define OBJ_id_it_currentCRL            OBJ_id_it,6L
+
+#define SN_id_it_unsupportedOIDs                "id-it-unsupportedOIDs"
+#define NID_id_it_unsupportedOIDs               304
+#define OBJ_id_it_unsupportedOIDs               OBJ_id_it,7L
+
+#define SN_id_it_subscriptionRequest            "id-it-subscriptionRequest"
+#define NID_id_it_subscriptionRequest           305
+#define OBJ_id_it_subscriptionRequest           OBJ_id_it,8L
+
+#define SN_id_it_subscriptionResponse           "id-it-subscriptionResponse"
+#define NID_id_it_subscriptionResponse          306
+#define OBJ_id_it_subscriptionResponse          OBJ_id_it,9L
+
+#define SN_id_it_keyPairParamReq                "id-it-keyPairParamReq"
+#define NID_id_it_keyPairParamReq               307
+#define OBJ_id_it_keyPairParamReq               OBJ_id_it,10L
+
+#define SN_id_it_keyPairParamRep                "id-it-keyPairParamRep"
+#define NID_id_it_keyPairParamRep               308
+#define OBJ_id_it_keyPairParamRep               OBJ_id_it,11L
+
+#define SN_id_it_revPassphrase          "id-it-revPassphrase"
+#define NID_id_it_revPassphrase         309
+#define OBJ_id_it_revPassphrase         OBJ_id_it,12L
+
+#define SN_id_it_implicitConfirm                "id-it-implicitConfirm"
+#define NID_id_it_implicitConfirm               310
+#define OBJ_id_it_implicitConfirm               OBJ_id_it,13L
+
+#define SN_id_it_confirmWaitTime                "id-it-confirmWaitTime"
+#define NID_id_it_confirmWaitTime               311
+#define OBJ_id_it_confirmWaitTime               OBJ_id_it,14L
+
+#define SN_id_it_origPKIMessage         "id-it-origPKIMessage"
+#define NID_id_it_origPKIMessage                312
+#define OBJ_id_it_origPKIMessage                OBJ_id_it,15L
+
+#define SN_id_it_suppLangTags           "id-it-suppLangTags"
+#define NID_id_it_suppLangTags          784
+#define OBJ_id_it_suppLangTags          OBJ_id_it,16L
+
+#define SN_id_regCtrl           "id-regCtrl"
+#define NID_id_regCtrl          313
+#define OBJ_id_regCtrl          OBJ_id_pkip,1L
+
+#define SN_id_regInfo           "id-regInfo"
+#define NID_id_regInfo          314
+#define OBJ_id_regInfo          OBJ_id_pkip,2L
+
+#define SN_id_regCtrl_regToken          "id-regCtrl-regToken"
+#define NID_id_regCtrl_regToken         315
+#define OBJ_id_regCtrl_regToken         OBJ_id_regCtrl,1L
+
+#define SN_id_regCtrl_authenticator             "id-regCtrl-authenticator"
+#define NID_id_regCtrl_authenticator            316
+#define OBJ_id_regCtrl_authenticator            OBJ_id_regCtrl,2L
+
+#define SN_id_regCtrl_pkiPublicationInfo                "id-regCtrl-pkiPublicationInfo"
+#define NID_id_regCtrl_pkiPublicationInfo               317
+#define OBJ_id_regCtrl_pkiPublicationInfo               OBJ_id_regCtrl,3L
+
+#define SN_id_regCtrl_pkiArchiveOptions         "id-regCtrl-pkiArchiveOptions"
+#define NID_id_regCtrl_pkiArchiveOptions                318
+#define OBJ_id_regCtrl_pkiArchiveOptions                OBJ_id_regCtrl,4L
+
+#define SN_id_regCtrl_oldCertID         "id-regCtrl-oldCertID"
+#define NID_id_regCtrl_oldCertID                319
+#define OBJ_id_regCtrl_oldCertID                OBJ_id_regCtrl,5L
+
+#define SN_id_regCtrl_protocolEncrKey           "id-regCtrl-protocolEncrKey"
+#define NID_id_regCtrl_protocolEncrKey          320
+#define OBJ_id_regCtrl_protocolEncrKey          OBJ_id_regCtrl,6L
+
+#define SN_id_regInfo_utf8Pairs         "id-regInfo-utf8Pairs"
+#define NID_id_regInfo_utf8Pairs                321
+#define OBJ_id_regInfo_utf8Pairs                OBJ_id_regInfo,1L
+
+#define SN_id_regInfo_certReq           "id-regInfo-certReq"
+#define NID_id_regInfo_certReq          322
+#define OBJ_id_regInfo_certReq          OBJ_id_regInfo,2L
+
+#define SN_id_alg_des40         "id-alg-des40"
+#define NID_id_alg_des40                323
+#define OBJ_id_alg_des40                OBJ_id_alg,1L
+
+#define SN_id_alg_noSignature           "id-alg-noSignature"
+#define NID_id_alg_noSignature          324
+#define OBJ_id_alg_noSignature          OBJ_id_alg,2L
+
+#define SN_id_alg_dh_sig_hmac_sha1              "id-alg-dh-sig-hmac-sha1"
+#define NID_id_alg_dh_sig_hmac_sha1             325
+#define OBJ_id_alg_dh_sig_hmac_sha1             OBJ_id_alg,3L
+
+#define SN_id_alg_dh_pop                "id-alg-dh-pop"
+#define NID_id_alg_dh_pop               326
+#define OBJ_id_alg_dh_pop               OBJ_id_alg,4L
+
+#define SN_id_cmc_statusInfo            "id-cmc-statusInfo"
+#define NID_id_cmc_statusInfo           327
+#define OBJ_id_cmc_statusInfo           OBJ_id_cmc,1L
+
+#define SN_id_cmc_identification                "id-cmc-identification"
+#define NID_id_cmc_identification               328
+#define OBJ_id_cmc_identification               OBJ_id_cmc,2L
+
+#define SN_id_cmc_identityProof         "id-cmc-identityProof"
+#define NID_id_cmc_identityProof                329
+#define OBJ_id_cmc_identityProof                OBJ_id_cmc,3L
+
+#define SN_id_cmc_dataReturn            "id-cmc-dataReturn"
+#define NID_id_cmc_dataReturn           330
+#define OBJ_id_cmc_dataReturn           OBJ_id_cmc,4L
+
+#define SN_id_cmc_transactionId         "id-cmc-transactionId"
+#define NID_id_cmc_transactionId                331
+#define OBJ_id_cmc_transactionId                OBJ_id_cmc,5L
+
+#define SN_id_cmc_senderNonce           "id-cmc-senderNonce"
+#define NID_id_cmc_senderNonce          332
+#define OBJ_id_cmc_senderNonce          OBJ_id_cmc,6L
+
+#define SN_id_cmc_recipientNonce                "id-cmc-recipientNonce"
+#define NID_id_cmc_recipientNonce               333
+#define OBJ_id_cmc_recipientNonce               OBJ_id_cmc,7L
+
+#define SN_id_cmc_addExtensions         "id-cmc-addExtensions"
+#define NID_id_cmc_addExtensions                334
+#define OBJ_id_cmc_addExtensions                OBJ_id_cmc,8L
+
+#define SN_id_cmc_encryptedPOP          "id-cmc-encryptedPOP"
+#define NID_id_cmc_encryptedPOP         335
+#define OBJ_id_cmc_encryptedPOP         OBJ_id_cmc,9L
+
+#define SN_id_cmc_decryptedPOP          "id-cmc-decryptedPOP"
+#define NID_id_cmc_decryptedPOP         336
+#define OBJ_id_cmc_decryptedPOP         OBJ_id_cmc,10L
+
+#define SN_id_cmc_lraPOPWitness         "id-cmc-lraPOPWitness"
+#define NID_id_cmc_lraPOPWitness                337
+#define OBJ_id_cmc_lraPOPWitness                OBJ_id_cmc,11L
+
+#define SN_id_cmc_getCert               "id-cmc-getCert"
+#define NID_id_cmc_getCert              338
+#define OBJ_id_cmc_getCert              OBJ_id_cmc,15L
+
+#define SN_id_cmc_getCRL                "id-cmc-getCRL"
+#define NID_id_cmc_getCRL               339
+#define OBJ_id_cmc_getCRL               OBJ_id_cmc,16L
+
+#define SN_id_cmc_revokeRequest         "id-cmc-revokeRequest"
+#define NID_id_cmc_revokeRequest                340
+#define OBJ_id_cmc_revokeRequest                OBJ_id_cmc,17L
+
+#define SN_id_cmc_regInfo               "id-cmc-regInfo"
+#define NID_id_cmc_regInfo              341
+#define OBJ_id_cmc_regInfo              OBJ_id_cmc,18L
+
+#define SN_id_cmc_responseInfo          "id-cmc-responseInfo"
+#define NID_id_cmc_responseInfo         342
+#define OBJ_id_cmc_responseInfo         OBJ_id_cmc,19L
+
+#define SN_id_cmc_queryPending          "id-cmc-queryPending"
+#define NID_id_cmc_queryPending         343
+#define OBJ_id_cmc_queryPending         OBJ_id_cmc,21L
+
+#define SN_id_cmc_popLinkRandom         "id-cmc-popLinkRandom"
+#define NID_id_cmc_popLinkRandom                344
+#define OBJ_id_cmc_popLinkRandom                OBJ_id_cmc,22L
+
+#define SN_id_cmc_popLinkWitness                "id-cmc-popLinkWitness"
+#define NID_id_cmc_popLinkWitness               345
+#define OBJ_id_cmc_popLinkWitness               OBJ_id_cmc,23L
+
+#define SN_id_cmc_confirmCertAcceptance         "id-cmc-confirmCertAcceptance"
+#define NID_id_cmc_confirmCertAcceptance                346
+#define OBJ_id_cmc_confirmCertAcceptance                OBJ_id_cmc,24L
+
+#define SN_id_on_personalData           "id-on-personalData"
+#define NID_id_on_personalData          347
+#define OBJ_id_on_personalData          OBJ_id_on,1L
+
+#define SN_id_on_permanentIdentifier            "id-on-permanentIdentifier"
+#define LN_id_on_permanentIdentifier            "Permanent Identifier"
+#define NID_id_on_permanentIdentifier           858
+#define OBJ_id_on_permanentIdentifier           OBJ_id_on,3L
+
+#define SN_id_pda_dateOfBirth           "id-pda-dateOfBirth"
+#define NID_id_pda_dateOfBirth          348
+#define OBJ_id_pda_dateOfBirth          OBJ_id_pda,1L
+
+#define SN_id_pda_placeOfBirth          "id-pda-placeOfBirth"
+#define NID_id_pda_placeOfBirth         349
+#define OBJ_id_pda_placeOfBirth         OBJ_id_pda,2L
+
+#define SN_id_pda_gender                "id-pda-gender"
+#define NID_id_pda_gender               351
+#define OBJ_id_pda_gender               OBJ_id_pda,3L
+
+#define SN_id_pda_countryOfCitizenship          "id-pda-countryOfCitizenship"
+#define NID_id_pda_countryOfCitizenship         352
+#define OBJ_id_pda_countryOfCitizenship         OBJ_id_pda,4L
+
+#define SN_id_pda_countryOfResidence            "id-pda-countryOfResidence"
+#define NID_id_pda_countryOfResidence           353
+#define OBJ_id_pda_countryOfResidence           OBJ_id_pda,5L
+
+#define SN_id_aca_authenticationInfo            "id-aca-authenticationInfo"
+#define NID_id_aca_authenticationInfo           354
+#define OBJ_id_aca_authenticationInfo           OBJ_id_aca,1L
+
+#define SN_id_aca_accessIdentity                "id-aca-accessIdentity"
+#define NID_id_aca_accessIdentity               355
+#define OBJ_id_aca_accessIdentity               OBJ_id_aca,2L
+
+#define SN_id_aca_chargingIdentity              "id-aca-chargingIdentity"
+#define NID_id_aca_chargingIdentity             356
+#define OBJ_id_aca_chargingIdentity             OBJ_id_aca,3L
+
+#define SN_id_aca_group         "id-aca-group"
+#define NID_id_aca_group                357
+#define OBJ_id_aca_group                OBJ_id_aca,4L
+
+#define SN_id_aca_role          "id-aca-role"
+#define NID_id_aca_role         358
+#define OBJ_id_aca_role         OBJ_id_aca,5L
+
+#define SN_id_aca_encAttrs              "id-aca-encAttrs"
+#define NID_id_aca_encAttrs             399
+#define OBJ_id_aca_encAttrs             OBJ_id_aca,6L
+
+#define SN_id_qcs_pkixQCSyntax_v1               "id-qcs-pkixQCSyntax-v1"
+#define NID_id_qcs_pkixQCSyntax_v1              359
+#define OBJ_id_qcs_pkixQCSyntax_v1              OBJ_id_qcs,1L
+
+#define SN_id_cct_crs           "id-cct-crs"
+#define NID_id_cct_crs          360
+#define OBJ_id_cct_crs          OBJ_id_cct,1L
+
+#define SN_id_cct_PKIData               "id-cct-PKIData"
+#define NID_id_cct_PKIData              361
+#define OBJ_id_cct_PKIData              OBJ_id_cct,2L
+
+#define SN_id_cct_PKIResponse           "id-cct-PKIResponse"
+#define NID_id_cct_PKIResponse          362
+#define OBJ_id_cct_PKIResponse          OBJ_id_cct,3L
+
+#define SN_id_ppl_anyLanguage           "id-ppl-anyLanguage"
+#define LN_id_ppl_anyLanguage           "Any language"
+#define NID_id_ppl_anyLanguage          664
+#define OBJ_id_ppl_anyLanguage          OBJ_id_ppl,0L
+
+#define SN_id_ppl_inheritAll            "id-ppl-inheritAll"
+#define LN_id_ppl_inheritAll            "Inherit all"
+#define NID_id_ppl_inheritAll           665
+#define OBJ_id_ppl_inheritAll           OBJ_id_ppl,1L
+
+#define SN_Independent          "id-ppl-independent"
+#define LN_Independent          "Independent"
+#define NID_Independent         667
+#define OBJ_Independent         OBJ_id_ppl,2L
+
+#define SN_ad_OCSP              "OCSP"
+#define LN_ad_OCSP              "OCSP"
+#define NID_ad_OCSP             178
+#define OBJ_ad_OCSP             OBJ_id_ad,1L
+
+#define SN_ad_ca_issuers                "caIssuers"
+#define LN_ad_ca_issuers                "CA Issuers"
+#define NID_ad_ca_issuers               179
+#define OBJ_ad_ca_issuers               OBJ_id_ad,2L
+
+#define SN_ad_timeStamping              "ad_timestamping"
+#define LN_ad_timeStamping              "AD Time Stamping"
+#define NID_ad_timeStamping             363
+#define OBJ_ad_timeStamping             OBJ_id_ad,3L
+
+#define SN_ad_dvcs              "AD_DVCS"
+#define LN_ad_dvcs              "ad dvcs"
+#define NID_ad_dvcs             364
+#define OBJ_ad_dvcs             OBJ_id_ad,4L
+
+#define SN_caRepository         "caRepository"
+#define LN_caRepository         "CA Repository"
+#define NID_caRepository                785
+#define OBJ_caRepository                OBJ_id_ad,5L
+
+#define OBJ_id_pkix_OCSP                OBJ_ad_OCSP
+
+#define SN_id_pkix_OCSP_basic           "basicOCSPResponse"
+#define LN_id_pkix_OCSP_basic           "Basic OCSP Response"
+#define NID_id_pkix_OCSP_basic          365
+#define OBJ_id_pkix_OCSP_basic          OBJ_id_pkix_OCSP,1L
+
+#define SN_id_pkix_OCSP_Nonce           "Nonce"
+#define LN_id_pkix_OCSP_Nonce           "OCSP Nonce"
+#define NID_id_pkix_OCSP_Nonce          366
+#define OBJ_id_pkix_OCSP_Nonce          OBJ_id_pkix_OCSP,2L
+
+#define SN_id_pkix_OCSP_CrlID           "CrlID"
+#define LN_id_pkix_OCSP_CrlID           "OCSP CRL ID"
+#define NID_id_pkix_OCSP_CrlID          367
+#define OBJ_id_pkix_OCSP_CrlID          OBJ_id_pkix_OCSP,3L
+
+#define SN_id_pkix_OCSP_acceptableResponses             "acceptableResponses"
+#define LN_id_pkix_OCSP_acceptableResponses             "Acceptable OCSP Responses"
+#define NID_id_pkix_OCSP_acceptableResponses            368
+#define OBJ_id_pkix_OCSP_acceptableResponses            OBJ_id_pkix_OCSP,4L
+
+#define SN_id_pkix_OCSP_noCheck         "noCheck"
+#define LN_id_pkix_OCSP_noCheck         "OCSP No Check"
+#define NID_id_pkix_OCSP_noCheck                369
+#define OBJ_id_pkix_OCSP_noCheck                OBJ_id_pkix_OCSP,5L
+
+#define SN_id_pkix_OCSP_archiveCutoff           "archiveCutoff"
+#define LN_id_pkix_OCSP_archiveCutoff           "OCSP Archive Cutoff"
+#define NID_id_pkix_OCSP_archiveCutoff          370
+#define OBJ_id_pkix_OCSP_archiveCutoff          OBJ_id_pkix_OCSP,6L
+
+#define SN_id_pkix_OCSP_serviceLocator          "serviceLocator"
+#define LN_id_pkix_OCSP_serviceLocator          "OCSP Service Locator"
+#define NID_id_pkix_OCSP_serviceLocator         371
+#define OBJ_id_pkix_OCSP_serviceLocator         OBJ_id_pkix_OCSP,7L
+
+#define SN_id_pkix_OCSP_extendedStatus          "extendedStatus"
+#define LN_id_pkix_OCSP_extendedStatus          "Extended OCSP Status"
+#define NID_id_pkix_OCSP_extendedStatus         372
+#define OBJ_id_pkix_OCSP_extendedStatus         OBJ_id_pkix_OCSP,8L
+
+#define SN_id_pkix_OCSP_valid           "valid"
+#define NID_id_pkix_OCSP_valid          373
+#define OBJ_id_pkix_OCSP_valid          OBJ_id_pkix_OCSP,9L
+
+#define SN_id_pkix_OCSP_path            "path"
+#define NID_id_pkix_OCSP_path           374
+#define OBJ_id_pkix_OCSP_path           OBJ_id_pkix_OCSP,10L
+
+#define SN_id_pkix_OCSP_trustRoot               "trustRoot"
+#define LN_id_pkix_OCSP_trustRoot               "Trust Root"
+#define NID_id_pkix_OCSP_trustRoot              375
+#define OBJ_id_pkix_OCSP_trustRoot              OBJ_id_pkix_OCSP,11L
+
+#define SN_algorithm            "algorithm"
+#define LN_algorithm            "algorithm"
+#define NID_algorithm           376
+#define OBJ_algorithm           1L,3L,14L,3L,2L
+
+#define SN_md5WithRSA           "RSA-NP-MD5"
+#define LN_md5WithRSA           "md5WithRSA"
+#define NID_md5WithRSA          104
+#define OBJ_md5WithRSA          OBJ_algorithm,3L
+
+#define SN_des_ecb              "DES-ECB"
+#define LN_des_ecb              "des-ecb"
+#define NID_des_ecb             29
+#define OBJ_des_ecb             OBJ_algorithm,6L
+
+#define SN_des_cbc              "DES-CBC"
+#define LN_des_cbc              "des-cbc"
+#define NID_des_cbc             31
+#define OBJ_des_cbc             OBJ_algorithm,7L
+
+#define SN_des_ofb64            "DES-OFB"
+#define LN_des_ofb64            "des-ofb"
+#define NID_des_ofb64           45
+#define OBJ_des_ofb64           OBJ_algorithm,8L
+
+#define SN_des_cfb64            "DES-CFB"
+#define LN_des_cfb64            "des-cfb"
+#define NID_des_cfb64           30
+#define OBJ_des_cfb64           OBJ_algorithm,9L
+
+#define SN_rsaSignature         "rsaSignature"
+#define NID_rsaSignature                377
+#define OBJ_rsaSignature                OBJ_algorithm,11L
+
+#define SN_dsa_2                "DSA-old"
+#define LN_dsa_2                "dsaEncryption-old"
+#define NID_dsa_2               67
+#define OBJ_dsa_2               OBJ_algorithm,12L
+
+#define SN_dsaWithSHA           "DSA-SHA"
+#define LN_dsaWithSHA           "dsaWithSHA"
+#define NID_dsaWithSHA          66
+#define OBJ_dsaWithSHA          OBJ_algorithm,13L
+
+#define SN_shaWithRSAEncryption         "RSA-SHA"
+#define LN_shaWithRSAEncryption         "shaWithRSAEncryption"
+#define NID_shaWithRSAEncryption                42
+#define OBJ_shaWithRSAEncryption                OBJ_algorithm,15L
+
+#define SN_des_ede_ecb          "DES-EDE"
+#define LN_des_ede_ecb          "des-ede"
+#define NID_des_ede_ecb         32
+#define OBJ_des_ede_ecb         OBJ_algorithm,17L
+
+#define SN_des_ede3_ecb         "DES-EDE3"
+#define LN_des_ede3_ecb         "des-ede3"
+#define NID_des_ede3_ecb                33
+
+#define SN_des_ede_cbc          "DES-EDE-CBC"
+#define LN_des_ede_cbc          "des-ede-cbc"
+#define NID_des_ede_cbc         43
+
+#define SN_des_ede_cfb64                "DES-EDE-CFB"
+#define LN_des_ede_cfb64                "des-ede-cfb"
+#define NID_des_ede_cfb64               60
+
+#define SN_des_ede3_cfb64               "DES-EDE3-CFB"
+#define LN_des_ede3_cfb64               "des-ede3-cfb"
+#define NID_des_ede3_cfb64              61
+
+#define SN_des_ede_ofb64                "DES-EDE-OFB"
+#define LN_des_ede_ofb64                "des-ede-ofb"
+#define NID_des_ede_ofb64               62
+
+#define SN_des_ede3_ofb64               "DES-EDE3-OFB"
+#define LN_des_ede3_ofb64               "des-ede3-ofb"
+#define NID_des_ede3_ofb64              63
+
+#define SN_desx_cbc             "DESX-CBC"
+#define LN_desx_cbc             "desx-cbc"
+#define NID_desx_cbc            80
+
+#define SN_sha          "SHA"
+#define LN_sha          "sha"
+#define NID_sha         41
+#define OBJ_sha         OBJ_algorithm,18L
+
+#define SN_sha1         "SHA1"
+#define LN_sha1         "sha1"
+#define NID_sha1                64
+#define OBJ_sha1                OBJ_algorithm,26L
+
+#define SN_dsaWithSHA1_2                "DSA-SHA1-old"
+#define LN_dsaWithSHA1_2                "dsaWithSHA1-old"
+#define NID_dsaWithSHA1_2               70
+#define OBJ_dsaWithSHA1_2               OBJ_algorithm,27L
+
+#define SN_sha1WithRSA          "RSA-SHA1-2"
+#define LN_sha1WithRSA          "sha1WithRSA"
+#define NID_sha1WithRSA         115
+#define OBJ_sha1WithRSA         OBJ_algorithm,29L
+
+#define SN_ripemd160            "RIPEMD160"
+#define LN_ripemd160            "ripemd160"
+#define NID_ripemd160           117
+#define OBJ_ripemd160           1L,3L,36L,3L,2L,1L
+
+#define SN_ripemd160WithRSA             "RSA-RIPEMD160"
+#define LN_ripemd160WithRSA             "ripemd160WithRSA"
+#define NID_ripemd160WithRSA            119
+#define OBJ_ripemd160WithRSA            1L,3L,36L,3L,3L,1L,2L
+
+#define SN_blake2b512           "BLAKE2b512"
+#define LN_blake2b512           "blake2b512"
+#define NID_blake2b512          1056
+#define OBJ_blake2b512          1L,3L,6L,1L,4L,1L,1722L,12L,2L,1L,16L
+
+#define SN_blake2s256           "BLAKE2s256"
+#define LN_blake2s256           "blake2s256"
+#define NID_blake2s256          1057
+#define OBJ_blake2s256          1L,3L,6L,1L,4L,1L,1722L,12L,2L,2L,8L
+
+#define SN_sxnet                "SXNetID"
+#define LN_sxnet                "Strong Extranet ID"
+#define NID_sxnet               143
+#define OBJ_sxnet               1L,3L,101L,1L,4L,1L
+
+#define SN_X500         "X500"
+#define LN_X500         "directory services (X.500)"
+#define NID_X500                11
+#define OBJ_X500                2L,5L
+
+#define SN_X509         "X509"
+#define NID_X509                12
+#define OBJ_X509                OBJ_X500,4L
+
+#define SN_commonName           "CN"
+#define LN_commonName           "commonName"
+#define NID_commonName          13
+#define OBJ_commonName          OBJ_X509,3L
+
+#define SN_surname              "SN"
+#define LN_surname              "surname"
+#define NID_surname             100
+#define OBJ_surname             OBJ_X509,4L
+
+#define LN_serialNumber         "serialNumber"
+#define NID_serialNumber                105
+#define OBJ_serialNumber                OBJ_X509,5L
+
+#define SN_countryName          "C"
+#define LN_countryName          "countryName"
+#define NID_countryName         14
+#define OBJ_countryName         OBJ_X509,6L
+
+#define SN_localityName         "L"
+#define LN_localityName         "localityName"
+#define NID_localityName                15
+#define OBJ_localityName                OBJ_X509,7L
+
+#define SN_stateOrProvinceName          "ST"
+#define LN_stateOrProvinceName          "stateOrProvinceName"
+#define NID_stateOrProvinceName         16
+#define OBJ_stateOrProvinceName         OBJ_X509,8L
+
+#define SN_streetAddress                "street"
+#define LN_streetAddress                "streetAddress"
+#define NID_streetAddress               660
+#define OBJ_streetAddress               OBJ_X509,9L
+
+#define SN_organizationName             "O"
+#define LN_organizationName             "organizationName"
+#define NID_organizationName            17
+#define OBJ_organizationName            OBJ_X509,10L
+
+#define SN_organizationalUnitName               "OU"
+#define LN_organizationalUnitName               "organizationalUnitName"
+#define NID_organizationalUnitName              18
+#define OBJ_organizationalUnitName              OBJ_X509,11L
+
+#define SN_title                "title"
+#define LN_title                "title"
+#define NID_title               106
+#define OBJ_title               OBJ_X509,12L
+
+#define LN_description          "description"
+#define NID_description         107
+#define OBJ_description         OBJ_X509,13L
+
+#define LN_searchGuide          "searchGuide"
+#define NID_searchGuide         859
+#define OBJ_searchGuide         OBJ_X509,14L
+
+#define LN_businessCategory             "businessCategory"
+#define NID_businessCategory            860
+#define OBJ_businessCategory            OBJ_X509,15L
+
+#define LN_postalAddress                "postalAddress"
+#define NID_postalAddress               861
+#define OBJ_postalAddress               OBJ_X509,16L
+
+#define LN_postalCode           "postalCode"
+#define NID_postalCode          661
+#define OBJ_postalCode          OBJ_X509,17L
+
+#define LN_postOfficeBox                "postOfficeBox"
+#define NID_postOfficeBox               862
+#define OBJ_postOfficeBox               OBJ_X509,18L
+
+#define LN_physicalDeliveryOfficeName           "physicalDeliveryOfficeName"
+#define NID_physicalDeliveryOfficeName          863
+#define OBJ_physicalDeliveryOfficeName          OBJ_X509,19L
+
+#define LN_telephoneNumber              "telephoneNumber"
+#define NID_telephoneNumber             864
+#define OBJ_telephoneNumber             OBJ_X509,20L
+
+#define LN_telexNumber          "telexNumber"
+#define NID_telexNumber         865
+#define OBJ_telexNumber         OBJ_X509,21L
+
+#define LN_teletexTerminalIdentifier            "teletexTerminalIdentifier"
+#define NID_teletexTerminalIdentifier           866
+#define OBJ_teletexTerminalIdentifier           OBJ_X509,22L
+
+#define LN_facsimileTelephoneNumber             "facsimileTelephoneNumber"
+#define NID_facsimileTelephoneNumber            867
+#define OBJ_facsimileTelephoneNumber            OBJ_X509,23L
+
+#define LN_x121Address          "x121Address"
+#define NID_x121Address         868
+#define OBJ_x121Address         OBJ_X509,24L
+
+#define LN_internationaliSDNNumber              "internationaliSDNNumber"
+#define NID_internationaliSDNNumber             869
+#define OBJ_internationaliSDNNumber             OBJ_X509,25L
+
+#define LN_registeredAddress            "registeredAddress"
+#define NID_registeredAddress           870
+#define OBJ_registeredAddress           OBJ_X509,26L
+
+#define LN_destinationIndicator         "destinationIndicator"
+#define NID_destinationIndicator                871
+#define OBJ_destinationIndicator                OBJ_X509,27L
+
+#define LN_preferredDeliveryMethod              "preferredDeliveryMethod"
+#define NID_preferredDeliveryMethod             872
+#define OBJ_preferredDeliveryMethod             OBJ_X509,28L
+
+#define LN_presentationAddress          "presentationAddress"
+#define NID_presentationAddress         873
+#define OBJ_presentationAddress         OBJ_X509,29L
+
+#define LN_supportedApplicationContext          "supportedApplicationContext"
+#define NID_supportedApplicationContext         874
+#define OBJ_supportedApplicationContext         OBJ_X509,30L
+
+#define SN_member               "member"
+#define NID_member              875
+#define OBJ_member              OBJ_X509,31L
+
+#define SN_owner                "owner"
+#define NID_owner               876
+#define OBJ_owner               OBJ_X509,32L
+
+#define LN_roleOccupant         "roleOccupant"
+#define NID_roleOccupant                877
+#define OBJ_roleOccupant                OBJ_X509,33L
+
+#define SN_seeAlso              "seeAlso"
+#define NID_seeAlso             878
+#define OBJ_seeAlso             OBJ_X509,34L
+
+#define LN_userPassword         "userPassword"
+#define NID_userPassword                879
+#define OBJ_userPassword                OBJ_X509,35L
+
+#define LN_userCertificate              "userCertificate"
+#define NID_userCertificate             880
+#define OBJ_userCertificate             OBJ_X509,36L
+
+#define LN_cACertificate                "cACertificate"
+#define NID_cACertificate               881
+#define OBJ_cACertificate               OBJ_X509,37L
+
+#define LN_authorityRevocationList              "authorityRevocationList"
+#define NID_authorityRevocationList             882
+#define OBJ_authorityRevocationList             OBJ_X509,38L
+
+#define LN_certificateRevocationList            "certificateRevocationList"
+#define NID_certificateRevocationList           883
+#define OBJ_certificateRevocationList           OBJ_X509,39L
+
+#define LN_crossCertificatePair         "crossCertificatePair"
+#define NID_crossCertificatePair                884
+#define OBJ_crossCertificatePair                OBJ_X509,40L
+
+#define SN_name         "name"
+#define LN_name         "name"
+#define NID_name                173
+#define OBJ_name                OBJ_X509,41L
+
+#define SN_givenName            "GN"
+#define LN_givenName            "givenName"
+#define NID_givenName           99
+#define OBJ_givenName           OBJ_X509,42L
+
+#define SN_initials             "initials"
+#define LN_initials             "initials"
+#define NID_initials            101
+#define OBJ_initials            OBJ_X509,43L
+
+#define LN_generationQualifier          "generationQualifier"
+#define NID_generationQualifier         509
+#define OBJ_generationQualifier         OBJ_X509,44L
+
+#define LN_x500UniqueIdentifier         "x500UniqueIdentifier"
+#define NID_x500UniqueIdentifier                503
+#define OBJ_x500UniqueIdentifier                OBJ_X509,45L
+
+#define SN_dnQualifier          "dnQualifier"
+#define LN_dnQualifier          "dnQualifier"
+#define NID_dnQualifier         174
+#define OBJ_dnQualifier         OBJ_X509,46L
+
+#define LN_enhancedSearchGuide          "enhancedSearchGuide"
+#define NID_enhancedSearchGuide         885
+#define OBJ_enhancedSearchGuide         OBJ_X509,47L
+
+#define LN_protocolInformation          "protocolInformation"
+#define NID_protocolInformation         886
+#define OBJ_protocolInformation         OBJ_X509,48L
+
+#define LN_distinguishedName            "distinguishedName"
+#define NID_distinguishedName           887
+#define OBJ_distinguishedName           OBJ_X509,49L
+
+#define LN_uniqueMember         "uniqueMember"
+#define NID_uniqueMember                888
+#define OBJ_uniqueMember                OBJ_X509,50L
+
+#define LN_houseIdentifier              "houseIdentifier"
+#define NID_houseIdentifier             889
+#define OBJ_houseIdentifier             OBJ_X509,51L
+
+#define LN_supportedAlgorithms          "supportedAlgorithms"
+#define NID_supportedAlgorithms         890
+#define OBJ_supportedAlgorithms         OBJ_X509,52L
+
+#define LN_deltaRevocationList          "deltaRevocationList"
+#define NID_deltaRevocationList         891
+#define OBJ_deltaRevocationList         OBJ_X509,53L
+
+#define SN_dmdName              "dmdName"
+#define NID_dmdName             892
+#define OBJ_dmdName             OBJ_X509,54L
+
+#define LN_pseudonym            "pseudonym"
+#define NID_pseudonym           510
+#define OBJ_pseudonym           OBJ_X509,65L
+
+#define SN_role         "role"
+#define LN_role         "role"
+#define NID_role                400
+#define OBJ_role                OBJ_X509,72L
+
+#define LN_organizationIdentifier               "organizationIdentifier"
+#define NID_organizationIdentifier              1089
+#define OBJ_organizationIdentifier              OBJ_X509,97L
+
+#define SN_countryCode3c                "c3"
+#define LN_countryCode3c                "countryCode3c"
+#define NID_countryCode3c               1090
+#define OBJ_countryCode3c               OBJ_X509,98L
+
+#define SN_countryCode3n                "n3"
+#define LN_countryCode3n                "countryCode3n"
+#define NID_countryCode3n               1091
+#define OBJ_countryCode3n               OBJ_X509,99L
+
+#define LN_dnsName              "dnsName"
+#define NID_dnsName             1092
+#define OBJ_dnsName             OBJ_X509,100L
+
+#define SN_X500algorithms               "X500algorithms"
+#define LN_X500algorithms               "directory services - algorithms"
+#define NID_X500algorithms              378
+#define OBJ_X500algorithms              OBJ_X500,8L
+
+#define SN_rsa          "RSA"
+#define LN_rsa          "rsa"
+#define NID_rsa         19
+#define OBJ_rsa         OBJ_X500algorithms,1L,1L
+
+#define SN_mdc2WithRSA          "RSA-MDC2"
+#define LN_mdc2WithRSA          "mdc2WithRSA"
+#define NID_mdc2WithRSA         96
+#define OBJ_mdc2WithRSA         OBJ_X500algorithms,3L,100L
+
+#define SN_mdc2         "MDC2"
+#define LN_mdc2         "mdc2"
+#define NID_mdc2                95
+#define OBJ_mdc2                OBJ_X500algorithms,3L,101L
+
+#define SN_id_ce                "id-ce"
+#define NID_id_ce               81
+#define OBJ_id_ce               OBJ_X500,29L
+
+#define SN_subject_directory_attributes         "subjectDirectoryAttributes"
+#define LN_subject_directory_attributes         "X509v3 Subject Directory Attributes"
+#define NID_subject_directory_attributes                769
+#define OBJ_subject_directory_attributes                OBJ_id_ce,9L
+
+#define SN_subject_key_identifier               "subjectKeyIdentifier"
+#define LN_subject_key_identifier               "X509v3 Subject Key Identifier"
+#define NID_subject_key_identifier              82
+#define OBJ_subject_key_identifier              OBJ_id_ce,14L
+
+#define SN_key_usage            "keyUsage"
+#define LN_key_usage            "X509v3 Key Usage"
+#define NID_key_usage           83
+#define OBJ_key_usage           OBJ_id_ce,15L
+
+#define SN_private_key_usage_period             "privateKeyUsagePeriod"
+#define LN_private_key_usage_period             "X509v3 Private Key Usage Period"
+#define NID_private_key_usage_period            84
+#define OBJ_private_key_usage_period            OBJ_id_ce,16L
+
+#define SN_subject_alt_name             "subjectAltName"
+#define LN_subject_alt_name             "X509v3 Subject Alternative Name"
+#define NID_subject_alt_name            85
+#define OBJ_subject_alt_name            OBJ_id_ce,17L
+
+#define SN_issuer_alt_name              "issuerAltName"
+#define LN_issuer_alt_name              "X509v3 Issuer Alternative Name"
+#define NID_issuer_alt_name             86
+#define OBJ_issuer_alt_name             OBJ_id_ce,18L
+
+#define SN_basic_constraints            "basicConstraints"
+#define LN_basic_constraints            "X509v3 Basic Constraints"
+#define NID_basic_constraints           87
+#define OBJ_basic_constraints           OBJ_id_ce,19L
+
+#define SN_crl_number           "crlNumber"
+#define LN_crl_number           "X509v3 CRL Number"
+#define NID_crl_number          88
+#define OBJ_crl_number          OBJ_id_ce,20L
+
+#define SN_crl_reason           "CRLReason"
+#define LN_crl_reason           "X509v3 CRL Reason Code"
+#define NID_crl_reason          141
+#define OBJ_crl_reason          OBJ_id_ce,21L
+
+#define SN_invalidity_date              "invalidityDate"
+#define LN_invalidity_date              "Invalidity Date"
+#define NID_invalidity_date             142
+#define OBJ_invalidity_date             OBJ_id_ce,24L
+
+#define SN_delta_crl            "deltaCRL"
+#define LN_delta_crl            "X509v3 Delta CRL Indicator"
+#define NID_delta_crl           140
+#define OBJ_delta_crl           OBJ_id_ce,27L
+
+#define SN_issuing_distribution_point           "issuingDistributionPoint"
+#define LN_issuing_distribution_point           "X509v3 Issuing Distribution Point"
+#define NID_issuing_distribution_point          770
+#define OBJ_issuing_distribution_point          OBJ_id_ce,28L
+
+#define SN_certificate_issuer           "certificateIssuer"
+#define LN_certificate_issuer           "X509v3 Certificate Issuer"
+#define NID_certificate_issuer          771
+#define OBJ_certificate_issuer          OBJ_id_ce,29L
+
+#define SN_name_constraints             "nameConstraints"
+#define LN_name_constraints             "X509v3 Name Constraints"
+#define NID_name_constraints            666
+#define OBJ_name_constraints            OBJ_id_ce,30L
+
+#define SN_crl_distribution_points              "crlDistributionPoints"
+#define LN_crl_distribution_points              "X509v3 CRL Distribution Points"
+#define NID_crl_distribution_points             103
+#define OBJ_crl_distribution_points             OBJ_id_ce,31L
+
+#define SN_certificate_policies         "certificatePolicies"
+#define LN_certificate_policies         "X509v3 Certificate Policies"
+#define NID_certificate_policies                89
+#define OBJ_certificate_policies                OBJ_id_ce,32L
+
+#define SN_any_policy           "anyPolicy"
+#define LN_any_policy           "X509v3 Any Policy"
+#define NID_any_policy          746
+#define OBJ_any_policy          OBJ_certificate_policies,0L
+
+#define SN_policy_mappings              "policyMappings"
+#define LN_policy_mappings              "X509v3 Policy Mappings"
+#define NID_policy_mappings             747
+#define OBJ_policy_mappings             OBJ_id_ce,33L
+
+#define SN_authority_key_identifier             "authorityKeyIdentifier"
+#define LN_authority_key_identifier             "X509v3 Authority Key Identifier"
+#define NID_authority_key_identifier            90
+#define OBJ_authority_key_identifier            OBJ_id_ce,35L
+
+#define SN_policy_constraints           "policyConstraints"
+#define LN_policy_constraints           "X509v3 Policy Constraints"
+#define NID_policy_constraints          401
+#define OBJ_policy_constraints          OBJ_id_ce,36L
+
+#define SN_ext_key_usage                "extendedKeyUsage"
+#define LN_ext_key_usage                "X509v3 Extended Key Usage"
+#define NID_ext_key_usage               126
+#define OBJ_ext_key_usage               OBJ_id_ce,37L
+
+#define SN_freshest_crl         "freshestCRL"
+#define LN_freshest_crl         "X509v3 Freshest CRL"
+#define NID_freshest_crl                857
+#define OBJ_freshest_crl                OBJ_id_ce,46L
+
+#define SN_inhibit_any_policy           "inhibitAnyPolicy"
+#define LN_inhibit_any_policy           "X509v3 Inhibit Any Policy"
+#define NID_inhibit_any_policy          748
+#define OBJ_inhibit_any_policy          OBJ_id_ce,54L
+
+#define SN_target_information           "targetInformation"
+#define LN_target_information           "X509v3 AC Targeting"
+#define NID_target_information          402
+#define OBJ_target_information          OBJ_id_ce,55L
+
+#define SN_no_rev_avail         "noRevAvail"
+#define LN_no_rev_avail         "X509v3 No Revocation Available"
+#define NID_no_rev_avail                403
+#define OBJ_no_rev_avail                OBJ_id_ce,56L
+
+#define SN_anyExtendedKeyUsage          "anyExtendedKeyUsage"
+#define LN_anyExtendedKeyUsage          "Any Extended Key Usage"
+#define NID_anyExtendedKeyUsage         910
+#define OBJ_anyExtendedKeyUsage         OBJ_ext_key_usage,0L
+
+#define SN_netscape             "Netscape"
+#define LN_netscape             "Netscape Communications Corp."
+#define NID_netscape            57
+#define OBJ_netscape            2L,16L,840L,1L,113730L
+
+#define SN_netscape_cert_extension              "nsCertExt"
+#define LN_netscape_cert_extension              "Netscape Certificate Extension"
+#define NID_netscape_cert_extension             58
+#define OBJ_netscape_cert_extension             OBJ_netscape,1L
+
+#define SN_netscape_data_type           "nsDataType"
+#define LN_netscape_data_type           "Netscape Data Type"
+#define NID_netscape_data_type          59
+#define OBJ_netscape_data_type          OBJ_netscape,2L
+
+#define SN_netscape_cert_type           "nsCertType"
+#define LN_netscape_cert_type           "Netscape Cert Type"
+#define NID_netscape_cert_type          71
+#define OBJ_netscape_cert_type          OBJ_netscape_cert_extension,1L
+
+#define SN_netscape_base_url            "nsBaseUrl"
+#define LN_netscape_base_url            "Netscape Base Url"
+#define NID_netscape_base_url           72
+#define OBJ_netscape_base_url           OBJ_netscape_cert_extension,2L
+
+#define SN_netscape_revocation_url              "nsRevocationUrl"
+#define LN_netscape_revocation_url              "Netscape Revocation Url"
+#define NID_netscape_revocation_url             73
+#define OBJ_netscape_revocation_url             OBJ_netscape_cert_extension,3L
+
+#define SN_netscape_ca_revocation_url           "nsCaRevocationUrl"
+#define LN_netscape_ca_revocation_url           "Netscape CA Revocation Url"
+#define NID_netscape_ca_revocation_url          74
+#define OBJ_netscape_ca_revocation_url          OBJ_netscape_cert_extension,4L
+
+#define SN_netscape_renewal_url         "nsRenewalUrl"
+#define LN_netscape_renewal_url         "Netscape Renewal Url"
+#define NID_netscape_renewal_url                75
+#define OBJ_netscape_renewal_url                OBJ_netscape_cert_extension,7L
+
+#define SN_netscape_ca_policy_url               "nsCaPolicyUrl"
+#define LN_netscape_ca_policy_url               "Netscape CA Policy Url"
+#define NID_netscape_ca_policy_url              76
+#define OBJ_netscape_ca_policy_url              OBJ_netscape_cert_extension,8L
+
+#define SN_netscape_ssl_server_name             "nsSslServerName"
+#define LN_netscape_ssl_server_name             "Netscape SSL Server Name"
+#define NID_netscape_ssl_server_name            77
+#define OBJ_netscape_ssl_server_name            OBJ_netscape_cert_extension,12L
+
+#define SN_netscape_comment             "nsComment"
+#define LN_netscape_comment             "Netscape Comment"
+#define NID_netscape_comment            78
+#define OBJ_netscape_comment            OBJ_netscape_cert_extension,13L
+
+#define SN_netscape_cert_sequence               "nsCertSequence"
+#define LN_netscape_cert_sequence               "Netscape Certificate Sequence"
+#define NID_netscape_cert_sequence              79
+#define OBJ_netscape_cert_sequence              OBJ_netscape_data_type,5L
+
+#define SN_ns_sgc               "nsSGC"
+#define LN_ns_sgc               "Netscape Server Gated Crypto"
+#define NID_ns_sgc              139
+#define OBJ_ns_sgc              OBJ_netscape,4L,1L
+
+#define SN_org          "ORG"
+#define LN_org          "org"
+#define NID_org         379
+#define OBJ_org         OBJ_iso,3L
+
+#define SN_dod          "DOD"
+#define LN_dod          "dod"
+#define NID_dod         380
+#define OBJ_dod         OBJ_org,6L
+
+#define SN_iana         "IANA"
+#define LN_iana         "iana"
+#define NID_iana                381
+#define OBJ_iana                OBJ_dod,1L
+
+#define OBJ_internet            OBJ_iana
+
+#define SN_Directory            "directory"
+#define LN_Directory            "Directory"
+#define NID_Directory           382
+#define OBJ_Directory           OBJ_internet,1L
+
+#define SN_Management           "mgmt"
+#define LN_Management           "Management"
+#define NID_Management          383
+#define OBJ_Management          OBJ_internet,2L
+
+#define SN_Experimental         "experimental"
+#define LN_Experimental         "Experimental"
+#define NID_Experimental                384
+#define OBJ_Experimental                OBJ_internet,3L
+
+#define SN_Private              "private"
+#define LN_Private              "Private"
+#define NID_Private             385
+#define OBJ_Private             OBJ_internet,4L
+
+#define SN_Security             "security"
+#define LN_Security             "Security"
+#define NID_Security            386
+#define OBJ_Security            OBJ_internet,5L
+
+#define SN_SNMPv2               "snmpv2"
+#define LN_SNMPv2               "SNMPv2"
+#define NID_SNMPv2              387
+#define OBJ_SNMPv2              OBJ_internet,6L
+
+#define LN_Mail         "Mail"
+#define NID_Mail                388
+#define OBJ_Mail                OBJ_internet,7L
+
+#define SN_Enterprises          "enterprises"
+#define LN_Enterprises          "Enterprises"
+#define NID_Enterprises         389
+#define OBJ_Enterprises         OBJ_Private,1L
+
+#define SN_dcObject             "dcobject"
+#define LN_dcObject             "dcObject"
+#define NID_dcObject            390
+#define OBJ_dcObject            OBJ_Enterprises,1466L,344L
+
+#define SN_mime_mhs             "mime-mhs"
+#define LN_mime_mhs             "MIME MHS"
+#define NID_mime_mhs            504
+#define OBJ_mime_mhs            OBJ_Mail,1L
+
+#define SN_mime_mhs_headings            "mime-mhs-headings"
+#define LN_mime_mhs_headings            "mime-mhs-headings"
+#define NID_mime_mhs_headings           505
+#define OBJ_mime_mhs_headings           OBJ_mime_mhs,1L
+
+#define SN_mime_mhs_bodies              "mime-mhs-bodies"
+#define LN_mime_mhs_bodies              "mime-mhs-bodies"
+#define NID_mime_mhs_bodies             506
+#define OBJ_mime_mhs_bodies             OBJ_mime_mhs,2L
+
+#define SN_id_hex_partial_message               "id-hex-partial-message"
+#define LN_id_hex_partial_message               "id-hex-partial-message"
+#define NID_id_hex_partial_message              507
+#define OBJ_id_hex_partial_message              OBJ_mime_mhs_headings,1L
+
+#define SN_id_hex_multipart_message             "id-hex-multipart-message"
+#define LN_id_hex_multipart_message             "id-hex-multipart-message"
+#define NID_id_hex_multipart_message            508
+#define OBJ_id_hex_multipart_message            OBJ_mime_mhs_headings,2L
+
+#define SN_zlib_compression             "ZLIB"
+#define LN_zlib_compression             "zlib compression"
+#define NID_zlib_compression            125
+#define OBJ_zlib_compression            OBJ_id_smime_alg,8L
+
+#define OBJ_csor                2L,16L,840L,1L,101L,3L
+
+#define OBJ_nistAlgorithms              OBJ_csor,4L
+
+#define OBJ_aes         OBJ_nistAlgorithms,1L
+
+#define SN_aes_128_ecb          "AES-128-ECB"
+#define LN_aes_128_ecb          "aes-128-ecb"
+#define NID_aes_128_ecb         418
+#define OBJ_aes_128_ecb         OBJ_aes,1L
+
+#define SN_aes_128_cbc          "AES-128-CBC"
+#define LN_aes_128_cbc          "aes-128-cbc"
+#define NID_aes_128_cbc         419
+#define OBJ_aes_128_cbc         OBJ_aes,2L
+
+#define SN_aes_128_ofb128               "AES-128-OFB"
+#define LN_aes_128_ofb128               "aes-128-ofb"
+#define NID_aes_128_ofb128              420
+#define OBJ_aes_128_ofb128              OBJ_aes,3L
+
+#define SN_aes_128_cfb128               "AES-128-CFB"
+#define LN_aes_128_cfb128               "aes-128-cfb"
+#define NID_aes_128_cfb128              421
+#define OBJ_aes_128_cfb128              OBJ_aes,4L
+
+#define SN_id_aes128_wrap               "id-aes128-wrap"
+#define NID_id_aes128_wrap              788
+#define OBJ_id_aes128_wrap              OBJ_aes,5L
+
+#define SN_aes_128_gcm          "id-aes128-GCM"
+#define LN_aes_128_gcm          "aes-128-gcm"
+#define NID_aes_128_gcm         895
+#define OBJ_aes_128_gcm         OBJ_aes,6L
+
+#define SN_aes_128_ccm          "id-aes128-CCM"
+#define LN_aes_128_ccm          "aes-128-ccm"
+#define NID_aes_128_ccm         896
+#define OBJ_aes_128_ccm         OBJ_aes,7L
+
+#define SN_id_aes128_wrap_pad           "id-aes128-wrap-pad"
+#define NID_id_aes128_wrap_pad          897
+#define OBJ_id_aes128_wrap_pad          OBJ_aes,8L
+
+#define SN_aes_192_ecb          "AES-192-ECB"
+#define LN_aes_192_ecb          "aes-192-ecb"
+#define NID_aes_192_ecb         422
+#define OBJ_aes_192_ecb         OBJ_aes,21L
+
+#define SN_aes_192_cbc          "AES-192-CBC"
+#define LN_aes_192_cbc          "aes-192-cbc"
+#define NID_aes_192_cbc         423
+#define OBJ_aes_192_cbc         OBJ_aes,22L
+
+#define SN_aes_192_ofb128               "AES-192-OFB"
+#define LN_aes_192_ofb128               "aes-192-ofb"
+#define NID_aes_192_ofb128              424
+#define OBJ_aes_192_ofb128              OBJ_aes,23L
+
+#define SN_aes_192_cfb128               "AES-192-CFB"
+#define LN_aes_192_cfb128               "aes-192-cfb"
+#define NID_aes_192_cfb128              425
+#define OBJ_aes_192_cfb128              OBJ_aes,24L
+
+#define SN_id_aes192_wrap               "id-aes192-wrap"
+#define NID_id_aes192_wrap              789
+#define OBJ_id_aes192_wrap              OBJ_aes,25L
+
+#define SN_aes_192_gcm          "id-aes192-GCM"
+#define LN_aes_192_gcm          "aes-192-gcm"
+#define NID_aes_192_gcm         898
+#define OBJ_aes_192_gcm         OBJ_aes,26L
+
+#define SN_aes_192_ccm          "id-aes192-CCM"
+#define LN_aes_192_ccm          "aes-192-ccm"
+#define NID_aes_192_ccm         899
+#define OBJ_aes_192_ccm         OBJ_aes,27L
+
+#define SN_id_aes192_wrap_pad           "id-aes192-wrap-pad"
+#define NID_id_aes192_wrap_pad          900
+#define OBJ_id_aes192_wrap_pad          OBJ_aes,28L
+
+#define SN_aes_256_ecb          "AES-256-ECB"
+#define LN_aes_256_ecb          "aes-256-ecb"
+#define NID_aes_256_ecb         426
+#define OBJ_aes_256_ecb         OBJ_aes,41L
+
+#define SN_aes_256_cbc          "AES-256-CBC"
+#define LN_aes_256_cbc          "aes-256-cbc"
+#define NID_aes_256_cbc         427
+#define OBJ_aes_256_cbc         OBJ_aes,42L
+
+#define SN_aes_256_ofb128               "AES-256-OFB"
+#define LN_aes_256_ofb128               "aes-256-ofb"
+#define NID_aes_256_ofb128              428
+#define OBJ_aes_256_ofb128              OBJ_aes,43L
+
+#define SN_aes_256_cfb128               "AES-256-CFB"
+#define LN_aes_256_cfb128               "aes-256-cfb"
+#define NID_aes_256_cfb128              429
+#define OBJ_aes_256_cfb128              OBJ_aes,44L
+
+#define SN_id_aes256_wrap               "id-aes256-wrap"
+#define NID_id_aes256_wrap              790
+#define OBJ_id_aes256_wrap              OBJ_aes,45L
+
+#define SN_aes_256_gcm          "id-aes256-GCM"
+#define LN_aes_256_gcm          "aes-256-gcm"
+#define NID_aes_256_gcm         901
+#define OBJ_aes_256_gcm         OBJ_aes,46L
+
+#define SN_aes_256_ccm          "id-aes256-CCM"
+#define LN_aes_256_ccm          "aes-256-ccm"
+#define NID_aes_256_ccm         902
+#define OBJ_aes_256_ccm         OBJ_aes,47L
+
+#define SN_id_aes256_wrap_pad           "id-aes256-wrap-pad"
+#define NID_id_aes256_wrap_pad          903
+#define OBJ_id_aes256_wrap_pad          OBJ_aes,48L
+
+#define SN_aes_128_xts          "AES-128-XTS"
+#define LN_aes_128_xts          "aes-128-xts"
+#define NID_aes_128_xts         913
+#define OBJ_aes_128_xts         OBJ_ieee_siswg,0L,1L,1L
+
+#define SN_aes_256_xts          "AES-256-XTS"
+#define LN_aes_256_xts          "aes-256-xts"
+#define NID_aes_256_xts         914
+#define OBJ_aes_256_xts         OBJ_ieee_siswg,0L,1L,2L
+
+#define SN_aes_128_cfb1         "AES-128-CFB1"
+#define LN_aes_128_cfb1         "aes-128-cfb1"
+#define NID_aes_128_cfb1                650
+
+#define SN_aes_192_cfb1         "AES-192-CFB1"
+#define LN_aes_192_cfb1         "aes-192-cfb1"
+#define NID_aes_192_cfb1                651
+
+#define SN_aes_256_cfb1         "AES-256-CFB1"
+#define LN_aes_256_cfb1         "aes-256-cfb1"
+#define NID_aes_256_cfb1                652
+
+#define SN_aes_128_cfb8         "AES-128-CFB8"
+#define LN_aes_128_cfb8         "aes-128-cfb8"
+#define NID_aes_128_cfb8                653
+
+#define SN_aes_192_cfb8         "AES-192-CFB8"
+#define LN_aes_192_cfb8         "aes-192-cfb8"
+#define NID_aes_192_cfb8                654
+
+#define SN_aes_256_cfb8         "AES-256-CFB8"
+#define LN_aes_256_cfb8         "aes-256-cfb8"
+#define NID_aes_256_cfb8                655
+
+#define SN_aes_128_ctr          "AES-128-CTR"
+#define LN_aes_128_ctr          "aes-128-ctr"
+#define NID_aes_128_ctr         904
+
+#define SN_aes_192_ctr          "AES-192-CTR"
+#define LN_aes_192_ctr          "aes-192-ctr"
+#define NID_aes_192_ctr         905
+
+#define SN_aes_256_ctr          "AES-256-CTR"
+#define LN_aes_256_ctr          "aes-256-ctr"
+#define NID_aes_256_ctr         906
+
+#define SN_aes_128_ocb          "AES-128-OCB"
+#define LN_aes_128_ocb          "aes-128-ocb"
+#define NID_aes_128_ocb         958
+
+#define SN_aes_192_ocb          "AES-192-OCB"
+#define LN_aes_192_ocb          "aes-192-ocb"
+#define NID_aes_192_ocb         959
+
+#define SN_aes_256_ocb          "AES-256-OCB"
+#define LN_aes_256_ocb          "aes-256-ocb"
+#define NID_aes_256_ocb         960
+
+#define SN_des_cfb1             "DES-CFB1"
+#define LN_des_cfb1             "des-cfb1"
+#define NID_des_cfb1            656
+
+#define SN_des_cfb8             "DES-CFB8"
+#define LN_des_cfb8             "des-cfb8"
+#define NID_des_cfb8            657
+
+#define SN_des_ede3_cfb1                "DES-EDE3-CFB1"
+#define LN_des_ede3_cfb1                "des-ede3-cfb1"
+#define NID_des_ede3_cfb1               658
+
+#define SN_des_ede3_cfb8                "DES-EDE3-CFB8"
+#define LN_des_ede3_cfb8                "des-ede3-cfb8"
+#define NID_des_ede3_cfb8               659
+
+#define OBJ_nist_hashalgs               OBJ_nistAlgorithms,2L
+
+#define SN_sha256               "SHA256"
+#define LN_sha256               "sha256"
+#define NID_sha256              672
+#define OBJ_sha256              OBJ_nist_hashalgs,1L
+
+#define SN_sha384               "SHA384"
+#define LN_sha384               "sha384"
+#define NID_sha384              673
+#define OBJ_sha384              OBJ_nist_hashalgs,2L
+
+#define SN_sha512               "SHA512"
+#define LN_sha512               "sha512"
+#define NID_sha512              674
+#define OBJ_sha512              OBJ_nist_hashalgs,3L
+
+#define SN_sha224               "SHA224"
+#define LN_sha224               "sha224"
+#define NID_sha224              675
+#define OBJ_sha224              OBJ_nist_hashalgs,4L
+
+#define SN_sha512_224           "SHA512-224"
+#define LN_sha512_224           "sha512-224"
+#define NID_sha512_224          1094
+#define OBJ_sha512_224          OBJ_nist_hashalgs,5L
+
+#define SN_sha512_256           "SHA512-256"
+#define LN_sha512_256           "sha512-256"
+#define NID_sha512_256          1095
+#define OBJ_sha512_256          OBJ_nist_hashalgs,6L
+
+#define SN_sha3_224             "SHA3-224"
+#define LN_sha3_224             "sha3-224"
+#define NID_sha3_224            1096
+#define OBJ_sha3_224            OBJ_nist_hashalgs,7L
+
+#define SN_sha3_256             "SHA3-256"
+#define LN_sha3_256             "sha3-256"
+#define NID_sha3_256            1097
+#define OBJ_sha3_256            OBJ_nist_hashalgs,8L
+
+#define SN_sha3_384             "SHA3-384"
+#define LN_sha3_384             "sha3-384"
+#define NID_sha3_384            1098
+#define OBJ_sha3_384            OBJ_nist_hashalgs,9L
+
+#define SN_sha3_512             "SHA3-512"
+#define LN_sha3_512             "sha3-512"
+#define NID_sha3_512            1099
+#define OBJ_sha3_512            OBJ_nist_hashalgs,10L
+
+#define SN_shake128             "SHAKE128"
+#define LN_shake128             "shake128"
+#define NID_shake128            1100
+#define OBJ_shake128            OBJ_nist_hashalgs,11L
+
+#define SN_shake256             "SHAKE256"
+#define LN_shake256             "shake256"
+#define NID_shake256            1101
+#define OBJ_shake256            OBJ_nist_hashalgs,12L
+
+#define SN_hmac_sha3_224                "id-hmacWithSHA3-224"
+#define LN_hmac_sha3_224                "hmac-sha3-224"
+#define NID_hmac_sha3_224               1102
+#define OBJ_hmac_sha3_224               OBJ_nist_hashalgs,13L
+
+#define SN_hmac_sha3_256                "id-hmacWithSHA3-256"
+#define LN_hmac_sha3_256                "hmac-sha3-256"
+#define NID_hmac_sha3_256               1103
+#define OBJ_hmac_sha3_256               OBJ_nist_hashalgs,14L
+
+#define SN_hmac_sha3_384                "id-hmacWithSHA3-384"
+#define LN_hmac_sha3_384                "hmac-sha3-384"
+#define NID_hmac_sha3_384               1104
+#define OBJ_hmac_sha3_384               OBJ_nist_hashalgs,15L
+
+#define SN_hmac_sha3_512                "id-hmacWithSHA3-512"
+#define LN_hmac_sha3_512                "hmac-sha3-512"
+#define NID_hmac_sha3_512               1105
+#define OBJ_hmac_sha3_512               OBJ_nist_hashalgs,16L
+
+#define OBJ_dsa_with_sha2               OBJ_nistAlgorithms,3L
+
+#define SN_dsa_with_SHA224              "dsa_with_SHA224"
+#define NID_dsa_with_SHA224             802
+#define OBJ_dsa_with_SHA224             OBJ_dsa_with_sha2,1L
+
+#define SN_dsa_with_SHA256              "dsa_with_SHA256"
+#define NID_dsa_with_SHA256             803
+#define OBJ_dsa_with_SHA256             OBJ_dsa_with_sha2,2L
+
+#define OBJ_sigAlgs             OBJ_nistAlgorithms,3L
+
+#define SN_dsa_with_SHA384              "id-dsa-with-sha384"
+#define LN_dsa_with_SHA384              "dsa_with_SHA384"
+#define NID_dsa_with_SHA384             1106
+#define OBJ_dsa_with_SHA384             OBJ_sigAlgs,3L
+
+#define SN_dsa_with_SHA512              "id-dsa-with-sha512"
+#define LN_dsa_with_SHA512              "dsa_with_SHA512"
+#define NID_dsa_with_SHA512             1107
+#define OBJ_dsa_with_SHA512             OBJ_sigAlgs,4L
+
+#define SN_dsa_with_SHA3_224            "id-dsa-with-sha3-224"
+#define LN_dsa_with_SHA3_224            "dsa_with_SHA3-224"
+#define NID_dsa_with_SHA3_224           1108
+#define OBJ_dsa_with_SHA3_224           OBJ_sigAlgs,5L
+
+#define SN_dsa_with_SHA3_256            "id-dsa-with-sha3-256"
+#define LN_dsa_with_SHA3_256            "dsa_with_SHA3-256"
+#define NID_dsa_with_SHA3_256           1109
+#define OBJ_dsa_with_SHA3_256           OBJ_sigAlgs,6L
+
+#define SN_dsa_with_SHA3_384            "id-dsa-with-sha3-384"
+#define LN_dsa_with_SHA3_384            "dsa_with_SHA3-384"
+#define NID_dsa_with_SHA3_384           1110
+#define OBJ_dsa_with_SHA3_384           OBJ_sigAlgs,7L
+
+#define SN_dsa_with_SHA3_512            "id-dsa-with-sha3-512"
+#define LN_dsa_with_SHA3_512            "dsa_with_SHA3-512"
+#define NID_dsa_with_SHA3_512           1111
+#define OBJ_dsa_with_SHA3_512           OBJ_sigAlgs,8L
+
+#define SN_ecdsa_with_SHA3_224          "id-ecdsa-with-sha3-224"
+#define LN_ecdsa_with_SHA3_224          "ecdsa_with_SHA3-224"
+#define NID_ecdsa_with_SHA3_224         1112
+#define OBJ_ecdsa_with_SHA3_224         OBJ_sigAlgs,9L
+
+#define SN_ecdsa_with_SHA3_256          "id-ecdsa-with-sha3-256"
+#define LN_ecdsa_with_SHA3_256          "ecdsa_with_SHA3-256"
+#define NID_ecdsa_with_SHA3_256         1113
+#define OBJ_ecdsa_with_SHA3_256         OBJ_sigAlgs,10L
+
+#define SN_ecdsa_with_SHA3_384          "id-ecdsa-with-sha3-384"
+#define LN_ecdsa_with_SHA3_384          "ecdsa_with_SHA3-384"
+#define NID_ecdsa_with_SHA3_384         1114
+#define OBJ_ecdsa_with_SHA3_384         OBJ_sigAlgs,11L
+
+#define SN_ecdsa_with_SHA3_512          "id-ecdsa-with-sha3-512"
+#define LN_ecdsa_with_SHA3_512          "ecdsa_with_SHA3-512"
+#define NID_ecdsa_with_SHA3_512         1115
+#define OBJ_ecdsa_with_SHA3_512         OBJ_sigAlgs,12L
+
+#define SN_RSA_SHA3_224         "id-rsassa-pkcs1-v1_5-with-sha3-224"
+#define LN_RSA_SHA3_224         "RSA-SHA3-224"
+#define NID_RSA_SHA3_224                1116
+#define OBJ_RSA_SHA3_224                OBJ_sigAlgs,13L
+
+#define SN_RSA_SHA3_256         "id-rsassa-pkcs1-v1_5-with-sha3-256"
+#define LN_RSA_SHA3_256         "RSA-SHA3-256"
+#define NID_RSA_SHA3_256                1117
+#define OBJ_RSA_SHA3_256                OBJ_sigAlgs,14L
+
+#define SN_RSA_SHA3_384         "id-rsassa-pkcs1-v1_5-with-sha3-384"
+#define LN_RSA_SHA3_384         "RSA-SHA3-384"
+#define NID_RSA_SHA3_384                1118
+#define OBJ_RSA_SHA3_384                OBJ_sigAlgs,15L
+
+#define SN_RSA_SHA3_512         "id-rsassa-pkcs1-v1_5-with-sha3-512"
+#define LN_RSA_SHA3_512         "RSA-SHA3-512"
+#define NID_RSA_SHA3_512                1119
+#define OBJ_RSA_SHA3_512                OBJ_sigAlgs,16L
+
+#define SN_hold_instruction_code                "holdInstructionCode"
+#define LN_hold_instruction_code                "Hold Instruction Code"
+#define NID_hold_instruction_code               430
+#define OBJ_hold_instruction_code               OBJ_id_ce,23L
+
+#define OBJ_holdInstruction             OBJ_X9_57,2L
+
+#define SN_hold_instruction_none                "holdInstructionNone"
+#define LN_hold_instruction_none                "Hold Instruction None"
+#define NID_hold_instruction_none               431
+#define OBJ_hold_instruction_none               OBJ_holdInstruction,1L
+
+#define SN_hold_instruction_call_issuer         "holdInstructionCallIssuer"
+#define LN_hold_instruction_call_issuer         "Hold Instruction Call Issuer"
+#define NID_hold_instruction_call_issuer                432
+#define OBJ_hold_instruction_call_issuer                OBJ_holdInstruction,2L
+
+#define SN_hold_instruction_reject              "holdInstructionReject"
+#define LN_hold_instruction_reject              "Hold Instruction Reject"
+#define NID_hold_instruction_reject             433
+#define OBJ_hold_instruction_reject             OBJ_holdInstruction,3L
+
+#define SN_data         "data"
+#define NID_data                434
+#define OBJ_data                OBJ_itu_t,9L
+
+#define SN_pss          "pss"
+#define NID_pss         435
+#define OBJ_pss         OBJ_data,2342L
+
+#define SN_ucl          "ucl"
+#define NID_ucl         436
+#define OBJ_ucl         OBJ_pss,19200300L
+
+#define SN_pilot                "pilot"
+#define NID_pilot               437
+#define OBJ_pilot               OBJ_ucl,100L
+
+#define LN_pilotAttributeType           "pilotAttributeType"
+#define NID_pilotAttributeType          438
+#define OBJ_pilotAttributeType          OBJ_pilot,1L
+
+#define LN_pilotAttributeSyntax         "pilotAttributeSyntax"
+#define NID_pilotAttributeSyntax                439
+#define OBJ_pilotAttributeSyntax                OBJ_pilot,3L
+
+#define LN_pilotObjectClass             "pilotObjectClass"
+#define NID_pilotObjectClass            440
+#define OBJ_pilotObjectClass            OBJ_pilot,4L
+
+#define LN_pilotGroups          "pilotGroups"
+#define NID_pilotGroups         441
+#define OBJ_pilotGroups         OBJ_pilot,10L
+
+#define LN_iA5StringSyntax              "iA5StringSyntax"
+#define NID_iA5StringSyntax             442
+#define OBJ_iA5StringSyntax             OBJ_pilotAttributeSyntax,4L
+
+#define LN_caseIgnoreIA5StringSyntax            "caseIgnoreIA5StringSyntax"
+#define NID_caseIgnoreIA5StringSyntax           443
+#define OBJ_caseIgnoreIA5StringSyntax           OBJ_pilotAttributeSyntax,5L
+
+#define LN_pilotObject          "pilotObject"
+#define NID_pilotObject         444
+#define OBJ_pilotObject         OBJ_pilotObjectClass,3L
+
+#define LN_pilotPerson          "pilotPerson"
+#define NID_pilotPerson         445
+#define OBJ_pilotPerson         OBJ_pilotObjectClass,4L
+
+#define SN_account              "account"
+#define NID_account             446
+#define OBJ_account             OBJ_pilotObjectClass,5L
+
+#define SN_document             "document"
+#define NID_document            447
+#define OBJ_document            OBJ_pilotObjectClass,6L
+
+#define SN_room         "room"
+#define NID_room                448
+#define OBJ_room                OBJ_pilotObjectClass,7L
+
+#define LN_documentSeries               "documentSeries"
+#define NID_documentSeries              449
+#define OBJ_documentSeries              OBJ_pilotObjectClass,9L
+
+#define SN_Domain               "domain"
+#define LN_Domain               "Domain"
+#define NID_Domain              392
+#define OBJ_Domain              OBJ_pilotObjectClass,13L
+
+#define LN_rFC822localPart              "rFC822localPart"
+#define NID_rFC822localPart             450
+#define OBJ_rFC822localPart             OBJ_pilotObjectClass,14L
+
+#define LN_dNSDomain            "dNSDomain"
+#define NID_dNSDomain           451
+#define OBJ_dNSDomain           OBJ_pilotObjectClass,15L
+
+#define LN_domainRelatedObject          "domainRelatedObject"
+#define NID_domainRelatedObject         452
+#define OBJ_domainRelatedObject         OBJ_pilotObjectClass,17L
+
+#define LN_friendlyCountry              "friendlyCountry"
+#define NID_friendlyCountry             453
+#define OBJ_friendlyCountry             OBJ_pilotObjectClass,18L
+
+#define LN_simpleSecurityObject         "simpleSecurityObject"
+#define NID_simpleSecurityObject                454
+#define OBJ_simpleSecurityObject                OBJ_pilotObjectClass,19L
+
+#define LN_pilotOrganization            "pilotOrganization"
+#define NID_pilotOrganization           455
+#define OBJ_pilotOrganization           OBJ_pilotObjectClass,20L
+
+#define LN_pilotDSA             "pilotDSA"
+#define NID_pilotDSA            456
+#define OBJ_pilotDSA            OBJ_pilotObjectClass,21L
+
+#define LN_qualityLabelledData          "qualityLabelledData"
+#define NID_qualityLabelledData         457
+#define OBJ_qualityLabelledData         OBJ_pilotObjectClass,22L
+
+#define SN_userId               "UID"
+#define LN_userId               "userId"
+#define NID_userId              458
+#define OBJ_userId              OBJ_pilotAttributeType,1L
+
+#define LN_textEncodedORAddress         "textEncodedORAddress"
+#define NID_textEncodedORAddress                459
+#define OBJ_textEncodedORAddress                OBJ_pilotAttributeType,2L
+
+#define SN_rfc822Mailbox                "mail"
+#define LN_rfc822Mailbox                "rfc822Mailbox"
+#define NID_rfc822Mailbox               460
+#define OBJ_rfc822Mailbox               OBJ_pilotAttributeType,3L
+
+#define SN_info         "info"
+#define NID_info                461
+#define OBJ_info                OBJ_pilotAttributeType,4L
+
+#define LN_favouriteDrink               "favouriteDrink"
+#define NID_favouriteDrink              462
+#define OBJ_favouriteDrink              OBJ_pilotAttributeType,5L
+
+#define LN_roomNumber           "roomNumber"
+#define NID_roomNumber          463
+#define OBJ_roomNumber          OBJ_pilotAttributeType,6L
+
+#define SN_photo                "photo"
+#define NID_photo               464
+#define OBJ_photo               OBJ_pilotAttributeType,7L
+
+#define LN_userClass            "userClass"
+#define NID_userClass           465
+#define OBJ_userClass           OBJ_pilotAttributeType,8L
+
+#define SN_host         "host"
+#define NID_host                466
+#define OBJ_host                OBJ_pilotAttributeType,9L
+
+#define SN_manager              "manager"
+#define NID_manager             467
+#define OBJ_manager             OBJ_pilotAttributeType,10L
+
+#define LN_documentIdentifier           "documentIdentifier"
+#define NID_documentIdentifier          468
+#define OBJ_documentIdentifier          OBJ_pilotAttributeType,11L
+
+#define LN_documentTitle                "documentTitle"
+#define NID_documentTitle               469
+#define OBJ_documentTitle               OBJ_pilotAttributeType,12L
+
+#define LN_documentVersion              "documentVersion"
+#define NID_documentVersion             470
+#define OBJ_documentVersion             OBJ_pilotAttributeType,13L
+
+#define LN_documentAuthor               "documentAuthor"
+#define NID_documentAuthor              471
+#define OBJ_documentAuthor              OBJ_pilotAttributeType,14L
+
+#define LN_documentLocation             "documentLocation"
+#define NID_documentLocation            472
+#define OBJ_documentLocation            OBJ_pilotAttributeType,15L
+
+#define LN_homeTelephoneNumber          "homeTelephoneNumber"
+#define NID_homeTelephoneNumber         473
+#define OBJ_homeTelephoneNumber         OBJ_pilotAttributeType,20L
+
+#define SN_secretary            "secretary"
+#define NID_secretary           474
+#define OBJ_secretary           OBJ_pilotAttributeType,21L
+
+#define LN_otherMailbox         "otherMailbox"
+#define NID_otherMailbox                475
+#define OBJ_otherMailbox                OBJ_pilotAttributeType,22L
+
+#define LN_lastModifiedTime             "lastModifiedTime"
+#define NID_lastModifiedTime            476
+#define OBJ_lastModifiedTime            OBJ_pilotAttributeType,23L
+
+#define LN_lastModifiedBy               "lastModifiedBy"
+#define NID_lastModifiedBy              477
+#define OBJ_lastModifiedBy              OBJ_pilotAttributeType,24L
+
+#define SN_domainComponent              "DC"
+#define LN_domainComponent              "domainComponent"
+#define NID_domainComponent             391
+#define OBJ_domainComponent             OBJ_pilotAttributeType,25L
+
+#define LN_aRecord              "aRecord"
+#define NID_aRecord             478
+#define OBJ_aRecord             OBJ_pilotAttributeType,26L
+
+#define LN_pilotAttributeType27         "pilotAttributeType27"
+#define NID_pilotAttributeType27                479
+#define OBJ_pilotAttributeType27                OBJ_pilotAttributeType,27L
+
+#define LN_mXRecord             "mXRecord"
+#define NID_mXRecord            480
+#define OBJ_mXRecord            OBJ_pilotAttributeType,28L
+
+#define LN_nSRecord             "nSRecord"
+#define NID_nSRecord            481
+#define OBJ_nSRecord            OBJ_pilotAttributeType,29L
+
+#define LN_sOARecord            "sOARecord"
+#define NID_sOARecord           482
+#define OBJ_sOARecord           OBJ_pilotAttributeType,30L
+
+#define LN_cNAMERecord          "cNAMERecord"
+#define NID_cNAMERecord         483
+#define OBJ_cNAMERecord         OBJ_pilotAttributeType,31L
+
+#define LN_associatedDomain             "associatedDomain"
+#define NID_associatedDomain            484
+#define OBJ_associatedDomain            OBJ_pilotAttributeType,37L
+
+#define LN_associatedName               "associatedName"
+#define NID_associatedName              485
+#define OBJ_associatedName              OBJ_pilotAttributeType,38L
+
+#define LN_homePostalAddress            "homePostalAddress"
+#define NID_homePostalAddress           486
+#define OBJ_homePostalAddress           OBJ_pilotAttributeType,39L
+
+#define LN_personalTitle                "personalTitle"
+#define NID_personalTitle               487
+#define OBJ_personalTitle               OBJ_pilotAttributeType,40L
+
+#define LN_mobileTelephoneNumber                "mobileTelephoneNumber"
+#define NID_mobileTelephoneNumber               488
+#define OBJ_mobileTelephoneNumber               OBJ_pilotAttributeType,41L
+
+#define LN_pagerTelephoneNumber         "pagerTelephoneNumber"
+#define NID_pagerTelephoneNumber                489
+#define OBJ_pagerTelephoneNumber                OBJ_pilotAttributeType,42L
+
+#define LN_friendlyCountryName          "friendlyCountryName"
+#define NID_friendlyCountryName         490
+#define OBJ_friendlyCountryName         OBJ_pilotAttributeType,43L
+
+#define SN_uniqueIdentifier             "uid"
+#define LN_uniqueIdentifier             "uniqueIdentifier"
+#define NID_uniqueIdentifier            102
+#define OBJ_uniqueIdentifier            OBJ_pilotAttributeType,44L
+
+#define LN_organizationalStatus         "organizationalStatus"
+#define NID_organizationalStatus                491
+#define OBJ_organizationalStatus                OBJ_pilotAttributeType,45L
+
+#define LN_janetMailbox         "janetMailbox"
+#define NID_janetMailbox                492
+#define OBJ_janetMailbox                OBJ_pilotAttributeType,46L
+
+#define LN_mailPreferenceOption         "mailPreferenceOption"
+#define NID_mailPreferenceOption                493
+#define OBJ_mailPreferenceOption                OBJ_pilotAttributeType,47L
+
+#define LN_buildingName         "buildingName"
+#define NID_buildingName                494
+#define OBJ_buildingName                OBJ_pilotAttributeType,48L
+
+#define LN_dSAQuality           "dSAQuality"
+#define NID_dSAQuality          495
+#define OBJ_dSAQuality          OBJ_pilotAttributeType,49L
+
+#define LN_singleLevelQuality           "singleLevelQuality"
+#define NID_singleLevelQuality          496
+#define OBJ_singleLevelQuality          OBJ_pilotAttributeType,50L
+
+#define LN_subtreeMinimumQuality                "subtreeMinimumQuality"
+#define NID_subtreeMinimumQuality               497
+#define OBJ_subtreeMinimumQuality               OBJ_pilotAttributeType,51L
+
+#define LN_subtreeMaximumQuality                "subtreeMaximumQuality"
+#define NID_subtreeMaximumQuality               498
+#define OBJ_subtreeMaximumQuality               OBJ_pilotAttributeType,52L
+
+#define LN_personalSignature            "personalSignature"
+#define NID_personalSignature           499
+#define OBJ_personalSignature           OBJ_pilotAttributeType,53L
+
+#define LN_dITRedirect          "dITRedirect"
+#define NID_dITRedirect         500
+#define OBJ_dITRedirect         OBJ_pilotAttributeType,54L
+
+#define SN_audio                "audio"
+#define NID_audio               501
+#define OBJ_audio               OBJ_pilotAttributeType,55L
+
+#define LN_documentPublisher            "documentPublisher"
+#define NID_documentPublisher           502
+#define OBJ_documentPublisher           OBJ_pilotAttributeType,56L
+
+#define SN_id_set               "id-set"
+#define LN_id_set               "Secure Electronic Transactions"
+#define NID_id_set              512
+#define OBJ_id_set              OBJ_international_organizations,42L
+
+#define SN_set_ctype            "set-ctype"
+#define LN_set_ctype            "content types"
+#define NID_set_ctype           513
+#define OBJ_set_ctype           OBJ_id_set,0L
+
+#define SN_set_msgExt           "set-msgExt"
+#define LN_set_msgExt           "message extensions"
+#define NID_set_msgExt          514
+#define OBJ_set_msgExt          OBJ_id_set,1L
+
+#define SN_set_attr             "set-attr"
+#define NID_set_attr            515
+#define OBJ_set_attr            OBJ_id_set,3L
+
+#define SN_set_policy           "set-policy"
+#define NID_set_policy          516
+#define OBJ_set_policy          OBJ_id_set,5L
+
+#define SN_set_certExt          "set-certExt"
+#define LN_set_certExt          "certificate extensions"
+#define NID_set_certExt         517
+#define OBJ_set_certExt         OBJ_id_set,7L
+
+#define SN_set_brand            "set-brand"
+#define NID_set_brand           518
+#define OBJ_set_brand           OBJ_id_set,8L
+
+#define SN_setct_PANData                "setct-PANData"
+#define NID_setct_PANData               519
+#define OBJ_setct_PANData               OBJ_set_ctype,0L
+
+#define SN_setct_PANToken               "setct-PANToken"
+#define NID_setct_PANToken              520
+#define OBJ_setct_PANToken              OBJ_set_ctype,1L
+
+#define SN_setct_PANOnly                "setct-PANOnly"
+#define NID_setct_PANOnly               521
+#define OBJ_setct_PANOnly               OBJ_set_ctype,2L
+
+#define SN_setct_OIData         "setct-OIData"
+#define NID_setct_OIData                522
+#define OBJ_setct_OIData                OBJ_set_ctype,3L
+
+#define SN_setct_PI             "setct-PI"
+#define NID_setct_PI            523
+#define OBJ_setct_PI            OBJ_set_ctype,4L
+
+#define SN_setct_PIData         "setct-PIData"
+#define NID_setct_PIData                524
+#define OBJ_setct_PIData                OBJ_set_ctype,5L
+
+#define SN_setct_PIDataUnsigned         "setct-PIDataUnsigned"
+#define NID_setct_PIDataUnsigned                525
+#define OBJ_setct_PIDataUnsigned                OBJ_set_ctype,6L
+
+#define SN_setct_HODInput               "setct-HODInput"
+#define NID_setct_HODInput              526
+#define OBJ_setct_HODInput              OBJ_set_ctype,7L
+
+#define SN_setct_AuthResBaggage         "setct-AuthResBaggage"
+#define NID_setct_AuthResBaggage                527
+#define OBJ_setct_AuthResBaggage                OBJ_set_ctype,8L
+
+#define SN_setct_AuthRevReqBaggage              "setct-AuthRevReqBaggage"
+#define NID_setct_AuthRevReqBaggage             528
+#define OBJ_setct_AuthRevReqBaggage             OBJ_set_ctype,9L
+
+#define SN_setct_AuthRevResBaggage              "setct-AuthRevResBaggage"
+#define NID_setct_AuthRevResBaggage             529
+#define OBJ_setct_AuthRevResBaggage             OBJ_set_ctype,10L
+
+#define SN_setct_CapTokenSeq            "setct-CapTokenSeq"
+#define NID_setct_CapTokenSeq           530
+#define OBJ_setct_CapTokenSeq           OBJ_set_ctype,11L
+
+#define SN_setct_PInitResData           "setct-PInitResData"
+#define NID_setct_PInitResData          531
+#define OBJ_setct_PInitResData          OBJ_set_ctype,12L
+
+#define SN_setct_PI_TBS         "setct-PI-TBS"
+#define NID_setct_PI_TBS                532
+#define OBJ_setct_PI_TBS                OBJ_set_ctype,13L
+
+#define SN_setct_PResData               "setct-PResData"
+#define NID_setct_PResData              533
+#define OBJ_setct_PResData              OBJ_set_ctype,14L
+
+#define SN_setct_AuthReqTBS             "setct-AuthReqTBS"
+#define NID_setct_AuthReqTBS            534
+#define OBJ_setct_AuthReqTBS            OBJ_set_ctype,16L
+
+#define SN_setct_AuthResTBS             "setct-AuthResTBS"
+#define NID_setct_AuthResTBS            535
+#define OBJ_setct_AuthResTBS            OBJ_set_ctype,17L
+
+#define SN_setct_AuthResTBSX            "setct-AuthResTBSX"
+#define NID_setct_AuthResTBSX           536
+#define OBJ_setct_AuthResTBSX           OBJ_set_ctype,18L
+
+#define SN_setct_AuthTokenTBS           "setct-AuthTokenTBS"
+#define NID_setct_AuthTokenTBS          537
+#define OBJ_setct_AuthTokenTBS          OBJ_set_ctype,19L
+
+#define SN_setct_CapTokenData           "setct-CapTokenData"
+#define NID_setct_CapTokenData          538
+#define OBJ_setct_CapTokenData          OBJ_set_ctype,20L
+
+#define SN_setct_CapTokenTBS            "setct-CapTokenTBS"
+#define NID_setct_CapTokenTBS           539
+#define OBJ_setct_CapTokenTBS           OBJ_set_ctype,21L
+
+#define SN_setct_AcqCardCodeMsg         "setct-AcqCardCodeMsg"
+#define NID_setct_AcqCardCodeMsg                540
+#define OBJ_setct_AcqCardCodeMsg                OBJ_set_ctype,22L
+
+#define SN_setct_AuthRevReqTBS          "setct-AuthRevReqTBS"
+#define NID_setct_AuthRevReqTBS         541
+#define OBJ_setct_AuthRevReqTBS         OBJ_set_ctype,23L
+
+#define SN_setct_AuthRevResData         "setct-AuthRevResData"
+#define NID_setct_AuthRevResData                542
+#define OBJ_setct_AuthRevResData                OBJ_set_ctype,24L
+
+#define SN_setct_AuthRevResTBS          "setct-AuthRevResTBS"
+#define NID_setct_AuthRevResTBS         543
+#define OBJ_setct_AuthRevResTBS         OBJ_set_ctype,25L
+
+#define SN_setct_CapReqTBS              "setct-CapReqTBS"
+#define NID_setct_CapReqTBS             544
+#define OBJ_setct_CapReqTBS             OBJ_set_ctype,26L
+
+#define SN_setct_CapReqTBSX             "setct-CapReqTBSX"
+#define NID_setct_CapReqTBSX            545
+#define OBJ_setct_CapReqTBSX            OBJ_set_ctype,27L
+
+#define SN_setct_CapResData             "setct-CapResData"
+#define NID_setct_CapResData            546
+#define OBJ_setct_CapResData            OBJ_set_ctype,28L
+
+#define SN_setct_CapRevReqTBS           "setct-CapRevReqTBS"
+#define NID_setct_CapRevReqTBS          547
+#define OBJ_setct_CapRevReqTBS          OBJ_set_ctype,29L
+
+#define SN_setct_CapRevReqTBSX          "setct-CapRevReqTBSX"
+#define NID_setct_CapRevReqTBSX         548
+#define OBJ_setct_CapRevReqTBSX         OBJ_set_ctype,30L
+
+#define SN_setct_CapRevResData          "setct-CapRevResData"
+#define NID_setct_CapRevResData         549
+#define OBJ_setct_CapRevResData         OBJ_set_ctype,31L
+
+#define SN_setct_CredReqTBS             "setct-CredReqTBS"
+#define NID_setct_CredReqTBS            550
+#define OBJ_setct_CredReqTBS            OBJ_set_ctype,32L
+
+#define SN_setct_CredReqTBSX            "setct-CredReqTBSX"
+#define NID_setct_CredReqTBSX           551
+#define OBJ_setct_CredReqTBSX           OBJ_set_ctype,33L
+
+#define SN_setct_CredResData            "setct-CredResData"
+#define NID_setct_CredResData           552
+#define OBJ_setct_CredResData           OBJ_set_ctype,34L
+
+#define SN_setct_CredRevReqTBS          "setct-CredRevReqTBS"
+#define NID_setct_CredRevReqTBS         553
+#define OBJ_setct_CredRevReqTBS         OBJ_set_ctype,35L
+
+#define SN_setct_CredRevReqTBSX         "setct-CredRevReqTBSX"
+#define NID_setct_CredRevReqTBSX                554
+#define OBJ_setct_CredRevReqTBSX                OBJ_set_ctype,36L
+
+#define SN_setct_CredRevResData         "setct-CredRevResData"
+#define NID_setct_CredRevResData                555
+#define OBJ_setct_CredRevResData                OBJ_set_ctype,37L
+
+#define SN_setct_PCertReqData           "setct-PCertReqData"
+#define NID_setct_PCertReqData          556
+#define OBJ_setct_PCertReqData          OBJ_set_ctype,38L
+
+#define SN_setct_PCertResTBS            "setct-PCertResTBS"
+#define NID_setct_PCertResTBS           557
+#define OBJ_setct_PCertResTBS           OBJ_set_ctype,39L
+
+#define SN_setct_BatchAdminReqData              "setct-BatchAdminReqData"
+#define NID_setct_BatchAdminReqData             558
+#define OBJ_setct_BatchAdminReqData             OBJ_set_ctype,40L
+
+#define SN_setct_BatchAdminResData              "setct-BatchAdminResData"
+#define NID_setct_BatchAdminResData             559
+#define OBJ_setct_BatchAdminResData             OBJ_set_ctype,41L
+
+#define SN_setct_CardCInitResTBS                "setct-CardCInitResTBS"
+#define NID_setct_CardCInitResTBS               560
+#define OBJ_setct_CardCInitResTBS               OBJ_set_ctype,42L
+
+#define SN_setct_MeAqCInitResTBS                "setct-MeAqCInitResTBS"
+#define NID_setct_MeAqCInitResTBS               561
+#define OBJ_setct_MeAqCInitResTBS               OBJ_set_ctype,43L
+
+#define SN_setct_RegFormResTBS          "setct-RegFormResTBS"
+#define NID_setct_RegFormResTBS         562
+#define OBJ_setct_RegFormResTBS         OBJ_set_ctype,44L
+
+#define SN_setct_CertReqData            "setct-CertReqData"
+#define NID_setct_CertReqData           563
+#define OBJ_setct_CertReqData           OBJ_set_ctype,45L
+
+#define SN_setct_CertReqTBS             "setct-CertReqTBS"
+#define NID_setct_CertReqTBS            564
+#define OBJ_setct_CertReqTBS            OBJ_set_ctype,46L
+
+#define SN_setct_CertResData            "setct-CertResData"
+#define NID_setct_CertResData           565
+#define OBJ_setct_CertResData           OBJ_set_ctype,47L
+
+#define SN_setct_CertInqReqTBS          "setct-CertInqReqTBS"
+#define NID_setct_CertInqReqTBS         566
+#define OBJ_setct_CertInqReqTBS         OBJ_set_ctype,48L
+
+#define SN_setct_ErrorTBS               "setct-ErrorTBS"
+#define NID_setct_ErrorTBS              567
+#define OBJ_setct_ErrorTBS              OBJ_set_ctype,49L
+
+#define SN_setct_PIDualSignedTBE                "setct-PIDualSignedTBE"
+#define NID_setct_PIDualSignedTBE               568
+#define OBJ_setct_PIDualSignedTBE               OBJ_set_ctype,50L
+
+#define SN_setct_PIUnsignedTBE          "setct-PIUnsignedTBE"
+#define NID_setct_PIUnsignedTBE         569
+#define OBJ_setct_PIUnsignedTBE         OBJ_set_ctype,51L
+
+#define SN_setct_AuthReqTBE             "setct-AuthReqTBE"
+#define NID_setct_AuthReqTBE            570
+#define OBJ_setct_AuthReqTBE            OBJ_set_ctype,52L
+
+#define SN_setct_AuthResTBE             "setct-AuthResTBE"
+#define NID_setct_AuthResTBE            571
+#define OBJ_setct_AuthResTBE            OBJ_set_ctype,53L
+
+#define SN_setct_AuthResTBEX            "setct-AuthResTBEX"
+#define NID_setct_AuthResTBEX           572
+#define OBJ_setct_AuthResTBEX           OBJ_set_ctype,54L
+
+#define SN_setct_AuthTokenTBE           "setct-AuthTokenTBE"
+#define NID_setct_AuthTokenTBE          573
+#define OBJ_setct_AuthTokenTBE          OBJ_set_ctype,55L
+
+#define SN_setct_CapTokenTBE            "setct-CapTokenTBE"
+#define NID_setct_CapTokenTBE           574
+#define OBJ_setct_CapTokenTBE           OBJ_set_ctype,56L
+
+#define SN_setct_CapTokenTBEX           "setct-CapTokenTBEX"
+#define NID_setct_CapTokenTBEX          575
+#define OBJ_setct_CapTokenTBEX          OBJ_set_ctype,57L
+
+#define SN_setct_AcqCardCodeMsgTBE              "setct-AcqCardCodeMsgTBE"
+#define NID_setct_AcqCardCodeMsgTBE             576
+#define OBJ_setct_AcqCardCodeMsgTBE             OBJ_set_ctype,58L
+
+#define SN_setct_AuthRevReqTBE          "setct-AuthRevReqTBE"
+#define NID_setct_AuthRevReqTBE         577
+#define OBJ_setct_AuthRevReqTBE         OBJ_set_ctype,59L
+
+#define SN_setct_AuthRevResTBE          "setct-AuthRevResTBE"
+#define NID_setct_AuthRevResTBE         578
+#define OBJ_setct_AuthRevResTBE         OBJ_set_ctype,60L
+
+#define SN_setct_AuthRevResTBEB         "setct-AuthRevResTBEB"
+#define NID_setct_AuthRevResTBEB                579
+#define OBJ_setct_AuthRevResTBEB                OBJ_set_ctype,61L
+
+#define SN_setct_CapReqTBE              "setct-CapReqTBE"
+#define NID_setct_CapReqTBE             580
+#define OBJ_setct_CapReqTBE             OBJ_set_ctype,62L
+
+#define SN_setct_CapReqTBEX             "setct-CapReqTBEX"
+#define NID_setct_CapReqTBEX            581
+#define OBJ_setct_CapReqTBEX            OBJ_set_ctype,63L
+
+#define SN_setct_CapResTBE              "setct-CapResTBE"
+#define NID_setct_CapResTBE             582
+#define OBJ_setct_CapResTBE             OBJ_set_ctype,64L
+
+#define SN_setct_CapRevReqTBE           "setct-CapRevReqTBE"
+#define NID_setct_CapRevReqTBE          583
+#define OBJ_setct_CapRevReqTBE          OBJ_set_ctype,65L
+
+#define SN_setct_CapRevReqTBEX          "setct-CapRevReqTBEX"
+#define NID_setct_CapRevReqTBEX         584
+#define OBJ_setct_CapRevReqTBEX         OBJ_set_ctype,66L
+
+#define SN_setct_CapRevResTBE           "setct-CapRevResTBE"
+#define NID_setct_CapRevResTBE          585
+#define OBJ_setct_CapRevResTBE          OBJ_set_ctype,67L
+
+#define SN_setct_CredReqTBE             "setct-CredReqTBE"
+#define NID_setct_CredReqTBE            586
+#define OBJ_setct_CredReqTBE            OBJ_set_ctype,68L
+
+#define SN_setct_CredReqTBEX            "setct-CredReqTBEX"
+#define NID_setct_CredReqTBEX           587
+#define OBJ_setct_CredReqTBEX           OBJ_set_ctype,69L
+
+#define SN_setct_CredResTBE             "setct-CredResTBE"
+#define NID_setct_CredResTBE            588
+#define OBJ_setct_CredResTBE            OBJ_set_ctype,70L
+
+#define SN_setct_CredRevReqTBE          "setct-CredRevReqTBE"
+#define NID_setct_CredRevReqTBE         589
+#define OBJ_setct_CredRevReqTBE         OBJ_set_ctype,71L
+
+#define SN_setct_CredRevReqTBEX         "setct-CredRevReqTBEX"
+#define NID_setct_CredRevReqTBEX                590
+#define OBJ_setct_CredRevReqTBEX                OBJ_set_ctype,72L
+
+#define SN_setct_CredRevResTBE          "setct-CredRevResTBE"
+#define NID_setct_CredRevResTBE         591
+#define OBJ_setct_CredRevResTBE         OBJ_set_ctype,73L
+
+#define SN_setct_BatchAdminReqTBE               "setct-BatchAdminReqTBE"
+#define NID_setct_BatchAdminReqTBE              592
+#define OBJ_setct_BatchAdminReqTBE              OBJ_set_ctype,74L
+
+#define SN_setct_BatchAdminResTBE               "setct-BatchAdminResTBE"
+#define NID_setct_BatchAdminResTBE              593
+#define OBJ_setct_BatchAdminResTBE              OBJ_set_ctype,75L
+
+#define SN_setct_RegFormReqTBE          "setct-RegFormReqTBE"
+#define NID_setct_RegFormReqTBE         594
+#define OBJ_setct_RegFormReqTBE         OBJ_set_ctype,76L
+
+#define SN_setct_CertReqTBE             "setct-CertReqTBE"
+#define NID_setct_CertReqTBE            595
+#define OBJ_setct_CertReqTBE            OBJ_set_ctype,77L
+
+#define SN_setct_CertReqTBEX            "setct-CertReqTBEX"
+#define NID_setct_CertReqTBEX           596
+#define OBJ_setct_CertReqTBEX           OBJ_set_ctype,78L
+
+#define SN_setct_CertResTBE             "setct-CertResTBE"
+#define NID_setct_CertResTBE            597
+#define OBJ_setct_CertResTBE            OBJ_set_ctype,79L
+
+#define SN_setct_CRLNotificationTBS             "setct-CRLNotificationTBS"
+#define NID_setct_CRLNotificationTBS            598
+#define OBJ_setct_CRLNotificationTBS            OBJ_set_ctype,80L
+
+#define SN_setct_CRLNotificationResTBS          "setct-CRLNotificationResTBS"
+#define NID_setct_CRLNotificationResTBS         599
+#define OBJ_setct_CRLNotificationResTBS         OBJ_set_ctype,81L
+
+#define SN_setct_BCIDistributionTBS             "setct-BCIDistributionTBS"
+#define NID_setct_BCIDistributionTBS            600
+#define OBJ_setct_BCIDistributionTBS            OBJ_set_ctype,82L
+
+#define SN_setext_genCrypt              "setext-genCrypt"
+#define LN_setext_genCrypt              "generic cryptogram"
+#define NID_setext_genCrypt             601
+#define OBJ_setext_genCrypt             OBJ_set_msgExt,1L
+
+#define SN_setext_miAuth                "setext-miAuth"
+#define LN_setext_miAuth                "merchant initiated auth"
+#define NID_setext_miAuth               602
+#define OBJ_setext_miAuth               OBJ_set_msgExt,3L
+
+#define SN_setext_pinSecure             "setext-pinSecure"
+#define NID_setext_pinSecure            603
+#define OBJ_setext_pinSecure            OBJ_set_msgExt,4L
+
+#define SN_setext_pinAny                "setext-pinAny"
+#define NID_setext_pinAny               604
+#define OBJ_setext_pinAny               OBJ_set_msgExt,5L
+
+#define SN_setext_track2                "setext-track2"
+#define NID_setext_track2               605
+#define OBJ_setext_track2               OBJ_set_msgExt,7L
+
+#define SN_setext_cv            "setext-cv"
+#define LN_setext_cv            "additional verification"
+#define NID_setext_cv           606
+#define OBJ_setext_cv           OBJ_set_msgExt,8L
+
+#define SN_set_policy_root              "set-policy-root"
+#define NID_set_policy_root             607
+#define OBJ_set_policy_root             OBJ_set_policy,0L
+
+#define SN_setCext_hashedRoot           "setCext-hashedRoot"
+#define NID_setCext_hashedRoot          608
+#define OBJ_setCext_hashedRoot          OBJ_set_certExt,0L
+
+#define SN_setCext_certType             "setCext-certType"
+#define NID_setCext_certType            609
+#define OBJ_setCext_certType            OBJ_set_certExt,1L
+
+#define SN_setCext_merchData            "setCext-merchData"
+#define NID_setCext_merchData           610
+#define OBJ_setCext_merchData           OBJ_set_certExt,2L
+
+#define SN_setCext_cCertRequired                "setCext-cCertRequired"
+#define NID_setCext_cCertRequired               611
+#define OBJ_setCext_cCertRequired               OBJ_set_certExt,3L
+
+#define SN_setCext_tunneling            "setCext-tunneling"
+#define NID_setCext_tunneling           612
+#define OBJ_setCext_tunneling           OBJ_set_certExt,4L
+
+#define SN_setCext_setExt               "setCext-setExt"
+#define NID_setCext_setExt              613
+#define OBJ_setCext_setExt              OBJ_set_certExt,5L
+
+#define SN_setCext_setQualf             "setCext-setQualf"
+#define NID_setCext_setQualf            614
+#define OBJ_setCext_setQualf            OBJ_set_certExt,6L
+
+#define SN_setCext_PGWYcapabilities             "setCext-PGWYcapabilities"
+#define NID_setCext_PGWYcapabilities            615
+#define OBJ_setCext_PGWYcapabilities            OBJ_set_certExt,7L
+
+#define SN_setCext_TokenIdentifier              "setCext-TokenIdentifier"
+#define NID_setCext_TokenIdentifier             616
+#define OBJ_setCext_TokenIdentifier             OBJ_set_certExt,8L
+
+#define SN_setCext_Track2Data           "setCext-Track2Data"
+#define NID_setCext_Track2Data          617
+#define OBJ_setCext_Track2Data          OBJ_set_certExt,9L
+
+#define SN_setCext_TokenType            "setCext-TokenType"
+#define NID_setCext_TokenType           618
+#define OBJ_setCext_TokenType           OBJ_set_certExt,10L
+
+#define SN_setCext_IssuerCapabilities           "setCext-IssuerCapabilities"
+#define NID_setCext_IssuerCapabilities          619
+#define OBJ_setCext_IssuerCapabilities          OBJ_set_certExt,11L
+
+#define SN_setAttr_Cert         "setAttr-Cert"
+#define NID_setAttr_Cert                620
+#define OBJ_setAttr_Cert                OBJ_set_attr,0L
+
+#define SN_setAttr_PGWYcap              "setAttr-PGWYcap"
+#define LN_setAttr_PGWYcap              "payment gateway capabilities"
+#define NID_setAttr_PGWYcap             621
+#define OBJ_setAttr_PGWYcap             OBJ_set_attr,1L
+
+#define SN_setAttr_TokenType            "setAttr-TokenType"
+#define NID_setAttr_TokenType           622
+#define OBJ_setAttr_TokenType           OBJ_set_attr,2L
+
+#define SN_setAttr_IssCap               "setAttr-IssCap"
+#define LN_setAttr_IssCap               "issuer capabilities"
+#define NID_setAttr_IssCap              623
+#define OBJ_setAttr_IssCap              OBJ_set_attr,3L
+
+#define SN_set_rootKeyThumb             "set-rootKeyThumb"
+#define NID_set_rootKeyThumb            624
+#define OBJ_set_rootKeyThumb            OBJ_setAttr_Cert,0L
+
+#define SN_set_addPolicy                "set-addPolicy"
+#define NID_set_addPolicy               625
+#define OBJ_set_addPolicy               OBJ_setAttr_Cert,1L
+
+#define SN_setAttr_Token_EMV            "setAttr-Token-EMV"
+#define NID_setAttr_Token_EMV           626
+#define OBJ_setAttr_Token_EMV           OBJ_setAttr_TokenType,1L
+
+#define SN_setAttr_Token_B0Prime                "setAttr-Token-B0Prime"
+#define NID_setAttr_Token_B0Prime               627
+#define OBJ_setAttr_Token_B0Prime               OBJ_setAttr_TokenType,2L
+
+#define SN_setAttr_IssCap_CVM           "setAttr-IssCap-CVM"
+#define NID_setAttr_IssCap_CVM          628
+#define OBJ_setAttr_IssCap_CVM          OBJ_setAttr_IssCap,3L
+
+#define SN_setAttr_IssCap_T2            "setAttr-IssCap-T2"
+#define NID_setAttr_IssCap_T2           629
+#define OBJ_setAttr_IssCap_T2           OBJ_setAttr_IssCap,4L
+
+#define SN_setAttr_IssCap_Sig           "setAttr-IssCap-Sig"
+#define NID_setAttr_IssCap_Sig          630
+#define OBJ_setAttr_IssCap_Sig          OBJ_setAttr_IssCap,5L
+
+#define SN_setAttr_GenCryptgrm          "setAttr-GenCryptgrm"
+#define LN_setAttr_GenCryptgrm          "generate cryptogram"
+#define NID_setAttr_GenCryptgrm         631
+#define OBJ_setAttr_GenCryptgrm         OBJ_setAttr_IssCap_CVM,1L
+
+#define SN_setAttr_T2Enc                "setAttr-T2Enc"
+#define LN_setAttr_T2Enc                "encrypted track 2"
+#define NID_setAttr_T2Enc               632
+#define OBJ_setAttr_T2Enc               OBJ_setAttr_IssCap_T2,1L
+
+#define SN_setAttr_T2cleartxt           "setAttr-T2cleartxt"
+#define LN_setAttr_T2cleartxt           "cleartext track 2"
+#define NID_setAttr_T2cleartxt          633
+#define OBJ_setAttr_T2cleartxt          OBJ_setAttr_IssCap_T2,2L
+
+#define SN_setAttr_TokICCsig            "setAttr-TokICCsig"
+#define LN_setAttr_TokICCsig            "ICC or token signature"
+#define NID_setAttr_TokICCsig           634
+#define OBJ_setAttr_TokICCsig           OBJ_setAttr_IssCap_Sig,1L
+
+#define SN_setAttr_SecDevSig            "setAttr-SecDevSig"
+#define LN_setAttr_SecDevSig            "secure device signature"
+#define NID_setAttr_SecDevSig           635
+#define OBJ_setAttr_SecDevSig           OBJ_setAttr_IssCap_Sig,2L
+
+#define SN_set_brand_IATA_ATA           "set-brand-IATA-ATA"
+#define NID_set_brand_IATA_ATA          636
+#define OBJ_set_brand_IATA_ATA          OBJ_set_brand,1L
+
+#define SN_set_brand_Diners             "set-brand-Diners"
+#define NID_set_brand_Diners            637
+#define OBJ_set_brand_Diners            OBJ_set_brand,30L
+
+#define SN_set_brand_AmericanExpress            "set-brand-AmericanExpress"
+#define NID_set_brand_AmericanExpress           638
+#define OBJ_set_brand_AmericanExpress           OBJ_set_brand,34L
+
+#define SN_set_brand_JCB                "set-brand-JCB"
+#define NID_set_brand_JCB               639
+#define OBJ_set_brand_JCB               OBJ_set_brand,35L
+
+#define SN_set_brand_Visa               "set-brand-Visa"
+#define NID_set_brand_Visa              640
+#define OBJ_set_brand_Visa              OBJ_set_brand,4L
+
+#define SN_set_brand_MasterCard         "set-brand-MasterCard"
+#define NID_set_brand_MasterCard                641
+#define OBJ_set_brand_MasterCard                OBJ_set_brand,5L
+
+#define SN_set_brand_Novus              "set-brand-Novus"
+#define NID_set_brand_Novus             642
+#define OBJ_set_brand_Novus             OBJ_set_brand,6011L
+
+#define SN_des_cdmf             "DES-CDMF"
+#define LN_des_cdmf             "des-cdmf"
+#define NID_des_cdmf            643
+#define OBJ_des_cdmf            OBJ_rsadsi,3L,10L
+
+#define SN_rsaOAEPEncryptionSET         "rsaOAEPEncryptionSET"
+#define NID_rsaOAEPEncryptionSET                644
+#define OBJ_rsaOAEPEncryptionSET                OBJ_rsadsi,1L,1L,6L
+
+#define SN_ipsec3               "Oakley-EC2N-3"
+#define LN_ipsec3               "ipsec3"
+#define NID_ipsec3              749
+
+#define SN_ipsec4               "Oakley-EC2N-4"
+#define LN_ipsec4               "ipsec4"
+#define NID_ipsec4              750
+
+#define SN_whirlpool            "whirlpool"
+#define NID_whirlpool           804
+#define OBJ_whirlpool           OBJ_iso,0L,10118L,3L,0L,55L
+
+#define SN_cryptopro            "cryptopro"
+#define NID_cryptopro           805
+#define OBJ_cryptopro           OBJ_member_body,643L,2L,2L
+
+#define SN_cryptocom            "cryptocom"
+#define NID_cryptocom           806
+#define OBJ_cryptocom           OBJ_member_body,643L,2L,9L
+
+#define SN_id_tc26              "id-tc26"
+#define NID_id_tc26             974
+#define OBJ_id_tc26             OBJ_member_body,643L,7L,1L
+
+#define SN_id_GostR3411_94_with_GostR3410_2001          "id-GostR3411-94-with-GostR3410-2001"
+#define LN_id_GostR3411_94_with_GostR3410_2001          "GOST R 34.11-94 with GOST R 34.10-2001"
+#define NID_id_GostR3411_94_with_GostR3410_2001         807
+#define OBJ_id_GostR3411_94_with_GostR3410_2001         OBJ_cryptopro,3L
+
+#define SN_id_GostR3411_94_with_GostR3410_94            "id-GostR3411-94-with-GostR3410-94"
+#define LN_id_GostR3411_94_with_GostR3410_94            "GOST R 34.11-94 with GOST R 34.10-94"
+#define NID_id_GostR3411_94_with_GostR3410_94           808
+#define OBJ_id_GostR3411_94_with_GostR3410_94           OBJ_cryptopro,4L
+
+#define SN_id_GostR3411_94              "md_gost94"
+#define LN_id_GostR3411_94              "GOST R 34.11-94"
+#define NID_id_GostR3411_94             809
+#define OBJ_id_GostR3411_94             OBJ_cryptopro,9L
+
+#define SN_id_HMACGostR3411_94          "id-HMACGostR3411-94"
+#define LN_id_HMACGostR3411_94          "HMAC GOST 34.11-94"
+#define NID_id_HMACGostR3411_94         810
+#define OBJ_id_HMACGostR3411_94         OBJ_cryptopro,10L
+
+#define SN_id_GostR3410_2001            "gost2001"
+#define LN_id_GostR3410_2001            "GOST R 34.10-2001"
+#define NID_id_GostR3410_2001           811
+#define OBJ_id_GostR3410_2001           OBJ_cryptopro,19L
+
+#define SN_id_GostR3410_94              "gost94"
+#define LN_id_GostR3410_94              "GOST R 34.10-94"
+#define NID_id_GostR3410_94             812
+#define OBJ_id_GostR3410_94             OBJ_cryptopro,20L
+
+#define SN_id_Gost28147_89              "gost89"
+#define LN_id_Gost28147_89              "GOST 28147-89"
+#define NID_id_Gost28147_89             813
+#define OBJ_id_Gost28147_89             OBJ_cryptopro,21L
+
+#define SN_gost89_cnt           "gost89-cnt"
+#define NID_gost89_cnt          814
+
+#define SN_gost89_cnt_12                "gost89-cnt-12"
+#define NID_gost89_cnt_12               975
+
+#define SN_gost89_cbc           "gost89-cbc"
+#define NID_gost89_cbc          1009
+
+#define SN_gost89_ecb           "gost89-ecb"
+#define NID_gost89_ecb          1010
+
+#define SN_gost89_ctr           "gost89-ctr"
+#define NID_gost89_ctr          1011
+
+#define SN_id_Gost28147_89_MAC          "gost-mac"
+#define LN_id_Gost28147_89_MAC          "GOST 28147-89 MAC"
+#define NID_id_Gost28147_89_MAC         815
+#define OBJ_id_Gost28147_89_MAC         OBJ_cryptopro,22L
+
+#define SN_gost_mac_12          "gost-mac-12"
+#define NID_gost_mac_12         976
+
+#define SN_id_GostR3411_94_prf          "prf-gostr3411-94"
+#define LN_id_GostR3411_94_prf          "GOST R 34.11-94 PRF"
+#define NID_id_GostR3411_94_prf         816
+#define OBJ_id_GostR3411_94_prf         OBJ_cryptopro,23L
+
+#define SN_id_GostR3410_2001DH          "id-GostR3410-2001DH"
+#define LN_id_GostR3410_2001DH          "GOST R 34.10-2001 DH"
+#define NID_id_GostR3410_2001DH         817
+#define OBJ_id_GostR3410_2001DH         OBJ_cryptopro,98L
+
+#define SN_id_GostR3410_94DH            "id-GostR3410-94DH"
+#define LN_id_GostR3410_94DH            "GOST R 34.10-94 DH"
+#define NID_id_GostR3410_94DH           818
+#define OBJ_id_GostR3410_94DH           OBJ_cryptopro,99L
+
+#define SN_id_Gost28147_89_CryptoPro_KeyMeshing         "id-Gost28147-89-CryptoPro-KeyMeshing"
+#define NID_id_Gost28147_89_CryptoPro_KeyMeshing                819
+#define OBJ_id_Gost28147_89_CryptoPro_KeyMeshing                OBJ_cryptopro,14L,1L
+
+#define SN_id_Gost28147_89_None_KeyMeshing              "id-Gost28147-89-None-KeyMeshing"
+#define NID_id_Gost28147_89_None_KeyMeshing             820
+#define OBJ_id_Gost28147_89_None_KeyMeshing             OBJ_cryptopro,14L,0L
+
+#define SN_id_GostR3411_94_TestParamSet         "id-GostR3411-94-TestParamSet"
+#define NID_id_GostR3411_94_TestParamSet                821
+#define OBJ_id_GostR3411_94_TestParamSet                OBJ_cryptopro,30L,0L
+
+#define SN_id_GostR3411_94_CryptoProParamSet            "id-GostR3411-94-CryptoProParamSet"
+#define NID_id_GostR3411_94_CryptoProParamSet           822
+#define OBJ_id_GostR3411_94_CryptoProParamSet           OBJ_cryptopro,30L,1L
+
+#define SN_id_Gost28147_89_TestParamSet         "id-Gost28147-89-TestParamSet"
+#define NID_id_Gost28147_89_TestParamSet                823
+#define OBJ_id_Gost28147_89_TestParamSet                OBJ_cryptopro,31L,0L
+
+#define SN_id_Gost28147_89_CryptoPro_A_ParamSet         "id-Gost28147-89-CryptoPro-A-ParamSet"
+#define NID_id_Gost28147_89_CryptoPro_A_ParamSet                824
+#define OBJ_id_Gost28147_89_CryptoPro_A_ParamSet                OBJ_cryptopro,31L,1L
+
+#define SN_id_Gost28147_89_CryptoPro_B_ParamSet         "id-Gost28147-89-CryptoPro-B-ParamSet"
+#define NID_id_Gost28147_89_CryptoPro_B_ParamSet                825
+#define OBJ_id_Gost28147_89_CryptoPro_B_ParamSet                OBJ_cryptopro,31L,2L
+
+#define SN_id_Gost28147_89_CryptoPro_C_ParamSet         "id-Gost28147-89-CryptoPro-C-ParamSet"
+#define NID_id_Gost28147_89_CryptoPro_C_ParamSet                826
+#define OBJ_id_Gost28147_89_CryptoPro_C_ParamSet                OBJ_cryptopro,31L,3L
+
+#define SN_id_Gost28147_89_CryptoPro_D_ParamSet         "id-Gost28147-89-CryptoPro-D-ParamSet"
+#define NID_id_Gost28147_89_CryptoPro_D_ParamSet                827
+#define OBJ_id_Gost28147_89_CryptoPro_D_ParamSet                OBJ_cryptopro,31L,4L
+
+#define SN_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet         "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet"
+#define NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet                828
+#define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet                OBJ_cryptopro,31L,5L
+
+#define SN_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet         "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet"
+#define NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet                829
+#define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet                OBJ_cryptopro,31L,6L
+
+#define SN_id_Gost28147_89_CryptoPro_RIC_1_ParamSet             "id-Gost28147-89-CryptoPro-RIC-1-ParamSet"
+#define NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet            830
+#define OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet            OBJ_cryptopro,31L,7L
+
+#define SN_id_GostR3410_94_TestParamSet         "id-GostR3410-94-TestParamSet"
+#define NID_id_GostR3410_94_TestParamSet                831
+#define OBJ_id_GostR3410_94_TestParamSet                OBJ_cryptopro,32L,0L
+
+#define SN_id_GostR3410_94_CryptoPro_A_ParamSet         "id-GostR3410-94-CryptoPro-A-ParamSet"
+#define NID_id_GostR3410_94_CryptoPro_A_ParamSet                832
+#define OBJ_id_GostR3410_94_CryptoPro_A_ParamSet                OBJ_cryptopro,32L,2L
+
+#define SN_id_GostR3410_94_CryptoPro_B_ParamSet         "id-GostR3410-94-CryptoPro-B-ParamSet"
+#define NID_id_GostR3410_94_CryptoPro_B_ParamSet                833
+#define OBJ_id_GostR3410_94_CryptoPro_B_ParamSet                OBJ_cryptopro,32L,3L
+
+#define SN_id_GostR3410_94_CryptoPro_C_ParamSet         "id-GostR3410-94-CryptoPro-C-ParamSet"
+#define NID_id_GostR3410_94_CryptoPro_C_ParamSet                834
+#define OBJ_id_GostR3410_94_CryptoPro_C_ParamSet                OBJ_cryptopro,32L,4L
+
+#define SN_id_GostR3410_94_CryptoPro_D_ParamSet         "id-GostR3410-94-CryptoPro-D-ParamSet"
+#define NID_id_GostR3410_94_CryptoPro_D_ParamSet                835
+#define OBJ_id_GostR3410_94_CryptoPro_D_ParamSet                OBJ_cryptopro,32L,5L
+
+#define SN_id_GostR3410_94_CryptoPro_XchA_ParamSet              "id-GostR3410-94-CryptoPro-XchA-ParamSet"
+#define NID_id_GostR3410_94_CryptoPro_XchA_ParamSet             836
+#define OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet             OBJ_cryptopro,33L,1L
+
+#define SN_id_GostR3410_94_CryptoPro_XchB_ParamSet              "id-GostR3410-94-CryptoPro-XchB-ParamSet"
+#define NID_id_GostR3410_94_CryptoPro_XchB_ParamSet             837
+#define OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet             OBJ_cryptopro,33L,2L
+
+#define SN_id_GostR3410_94_CryptoPro_XchC_ParamSet              "id-GostR3410-94-CryptoPro-XchC-ParamSet"
+#define NID_id_GostR3410_94_CryptoPro_XchC_ParamSet             838
+#define OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet             OBJ_cryptopro,33L,3L
+
+#define SN_id_GostR3410_2001_TestParamSet               "id-GostR3410-2001-TestParamSet"
+#define NID_id_GostR3410_2001_TestParamSet              839
+#define OBJ_id_GostR3410_2001_TestParamSet              OBJ_cryptopro,35L,0L
+
+#define SN_id_GostR3410_2001_CryptoPro_A_ParamSet               "id-GostR3410-2001-CryptoPro-A-ParamSet"
+#define NID_id_GostR3410_2001_CryptoPro_A_ParamSet              840
+#define OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet              OBJ_cryptopro,35L,1L
+
+#define SN_id_GostR3410_2001_CryptoPro_B_ParamSet               "id-GostR3410-2001-CryptoPro-B-ParamSet"
+#define NID_id_GostR3410_2001_CryptoPro_B_ParamSet              841
+#define OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet              OBJ_cryptopro,35L,2L
+
+#define SN_id_GostR3410_2001_CryptoPro_C_ParamSet               "id-GostR3410-2001-CryptoPro-C-ParamSet"
+#define NID_id_GostR3410_2001_CryptoPro_C_ParamSet              842
+#define OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet              OBJ_cryptopro,35L,3L
+
+#define SN_id_GostR3410_2001_CryptoPro_XchA_ParamSet            "id-GostR3410-2001-CryptoPro-XchA-ParamSet"
+#define NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet           843
+#define OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet           OBJ_cryptopro,36L,0L
+
+#define SN_id_GostR3410_2001_CryptoPro_XchB_ParamSet            "id-GostR3410-2001-CryptoPro-XchB-ParamSet"
+#define NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet           844
+#define OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet           OBJ_cryptopro,36L,1L
+
+#define SN_id_GostR3410_94_a            "id-GostR3410-94-a"
+#define NID_id_GostR3410_94_a           845
+#define OBJ_id_GostR3410_94_a           OBJ_id_GostR3410_94,1L
+
+#define SN_id_GostR3410_94_aBis         "id-GostR3410-94-aBis"
+#define NID_id_GostR3410_94_aBis                846
+#define OBJ_id_GostR3410_94_aBis                OBJ_id_GostR3410_94,2L
+
+#define SN_id_GostR3410_94_b            "id-GostR3410-94-b"
+#define NID_id_GostR3410_94_b           847
+#define OBJ_id_GostR3410_94_b           OBJ_id_GostR3410_94,3L
+
+#define SN_id_GostR3410_94_bBis         "id-GostR3410-94-bBis"
+#define NID_id_GostR3410_94_bBis                848
+#define OBJ_id_GostR3410_94_bBis                OBJ_id_GostR3410_94,4L
+
+#define SN_id_Gost28147_89_cc           "id-Gost28147-89-cc"
+#define LN_id_Gost28147_89_cc           "GOST 28147-89 Cryptocom ParamSet"
+#define NID_id_Gost28147_89_cc          849
+#define OBJ_id_Gost28147_89_cc          OBJ_cryptocom,1L,6L,1L
+
+#define SN_id_GostR3410_94_cc           "gost94cc"
+#define LN_id_GostR3410_94_cc           "GOST 34.10-94 Cryptocom"
+#define NID_id_GostR3410_94_cc          850
+#define OBJ_id_GostR3410_94_cc          OBJ_cryptocom,1L,5L,3L
+
+#define SN_id_GostR3410_2001_cc         "gost2001cc"
+#define LN_id_GostR3410_2001_cc         "GOST 34.10-2001 Cryptocom"
+#define NID_id_GostR3410_2001_cc                851
+#define OBJ_id_GostR3410_2001_cc                OBJ_cryptocom,1L,5L,4L
+
+#define SN_id_GostR3411_94_with_GostR3410_94_cc         "id-GostR3411-94-with-GostR3410-94-cc"
+#define LN_id_GostR3411_94_with_GostR3410_94_cc         "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom"
+#define NID_id_GostR3411_94_with_GostR3410_94_cc                852
+#define OBJ_id_GostR3411_94_with_GostR3410_94_cc                OBJ_cryptocom,1L,3L,3L
+
+#define SN_id_GostR3411_94_with_GostR3410_2001_cc               "id-GostR3411-94-with-GostR3410-2001-cc"
+#define LN_id_GostR3411_94_with_GostR3410_2001_cc               "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom"
+#define NID_id_GostR3411_94_with_GostR3410_2001_cc              853
+#define OBJ_id_GostR3411_94_with_GostR3410_2001_cc              OBJ_cryptocom,1L,3L,4L
+
+#define SN_id_GostR3410_2001_ParamSet_cc                "id-GostR3410-2001-ParamSet-cc"
+#define LN_id_GostR3410_2001_ParamSet_cc                "GOST R 3410-2001 Parameter Set Cryptocom"
+#define NID_id_GostR3410_2001_ParamSet_cc               854
+#define OBJ_id_GostR3410_2001_ParamSet_cc               OBJ_cryptocom,1L,8L,1L
+
+#define SN_id_tc26_algorithms           "id-tc26-algorithms"
+#define NID_id_tc26_algorithms          977
+#define OBJ_id_tc26_algorithms          OBJ_id_tc26,1L
+
+#define SN_id_tc26_sign         "id-tc26-sign"
+#define NID_id_tc26_sign                978
+#define OBJ_id_tc26_sign                OBJ_id_tc26_algorithms,1L
+
+#define SN_id_GostR3410_2012_256                "gost2012_256"
+#define LN_id_GostR3410_2012_256                "GOST R 34.10-2012 with 256 bit modulus"
+#define NID_id_GostR3410_2012_256               979
+#define OBJ_id_GostR3410_2012_256               OBJ_id_tc26_sign,1L
+
+#define SN_id_GostR3410_2012_512                "gost2012_512"
+#define LN_id_GostR3410_2012_512                "GOST R 34.10-2012 with 512 bit modulus"
+#define NID_id_GostR3410_2012_512               980
+#define OBJ_id_GostR3410_2012_512               OBJ_id_tc26_sign,2L
+
+#define SN_id_tc26_digest               "id-tc26-digest"
+#define NID_id_tc26_digest              981
+#define OBJ_id_tc26_digest              OBJ_id_tc26_algorithms,2L
+
+#define SN_id_GostR3411_2012_256                "md_gost12_256"
+#define LN_id_GostR3411_2012_256                "GOST R 34.11-2012 with 256 bit hash"
+#define NID_id_GostR3411_2012_256               982
+#define OBJ_id_GostR3411_2012_256               OBJ_id_tc26_digest,2L
+
+#define SN_id_GostR3411_2012_512                "md_gost12_512"
+#define LN_id_GostR3411_2012_512                "GOST R 34.11-2012 with 512 bit hash"
+#define NID_id_GostR3411_2012_512               983
+#define OBJ_id_GostR3411_2012_512               OBJ_id_tc26_digest,3L
+
+#define SN_id_tc26_signwithdigest               "id-tc26-signwithdigest"
+#define NID_id_tc26_signwithdigest              984
+#define OBJ_id_tc26_signwithdigest              OBJ_id_tc26_algorithms,3L
+
+#define SN_id_tc26_signwithdigest_gost3410_2012_256             "id-tc26-signwithdigest-gost3410-2012-256"
+#define LN_id_tc26_signwithdigest_gost3410_2012_256             "GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)"
+#define NID_id_tc26_signwithdigest_gost3410_2012_256            985
+#define OBJ_id_tc26_signwithdigest_gost3410_2012_256            OBJ_id_tc26_signwithdigest,2L
+
+#define SN_id_tc26_signwithdigest_gost3410_2012_512             "id-tc26-signwithdigest-gost3410-2012-512"
+#define LN_id_tc26_signwithdigest_gost3410_2012_512             "GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)"
+#define NID_id_tc26_signwithdigest_gost3410_2012_512            986
+#define OBJ_id_tc26_signwithdigest_gost3410_2012_512            OBJ_id_tc26_signwithdigest,3L
+
+#define SN_id_tc26_mac          "id-tc26-mac"
+#define NID_id_tc26_mac         987
+#define OBJ_id_tc26_mac         OBJ_id_tc26_algorithms,4L
+
+#define SN_id_tc26_hmac_gost_3411_2012_256              "id-tc26-hmac-gost-3411-2012-256"
+#define LN_id_tc26_hmac_gost_3411_2012_256              "HMAC GOST 34.11-2012 256 bit"
+#define NID_id_tc26_hmac_gost_3411_2012_256             988
+#define OBJ_id_tc26_hmac_gost_3411_2012_256             OBJ_id_tc26_mac,1L
+
+#define SN_id_tc26_hmac_gost_3411_2012_512              "id-tc26-hmac-gost-3411-2012-512"
+#define LN_id_tc26_hmac_gost_3411_2012_512              "HMAC GOST 34.11-2012 512 bit"
+#define NID_id_tc26_hmac_gost_3411_2012_512             989
+#define OBJ_id_tc26_hmac_gost_3411_2012_512             OBJ_id_tc26_mac,2L
+
+#define SN_id_tc26_cipher               "id-tc26-cipher"
+#define NID_id_tc26_cipher              990
+#define OBJ_id_tc26_cipher              OBJ_id_tc26_algorithms,5L
+
+#define SN_id_tc26_cipher_gostr3412_2015_magma          "id-tc26-cipher-gostr3412-2015-magma"
+#define NID_id_tc26_cipher_gostr3412_2015_magma         1173
+#define OBJ_id_tc26_cipher_gostr3412_2015_magma         OBJ_id_tc26_cipher,1L
+
+#define SN_id_tc26_cipher_gostr3412_2015_magma_ctracpkm         "id-tc26-cipher-gostr3412-2015-magma-ctracpkm"
+#define NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm                1174
+#define OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm                OBJ_id_tc26_cipher_gostr3412_2015_magma,1L
+
+#define SN_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac            "id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac"
+#define NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac           1175
+#define OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac           OBJ_id_tc26_cipher_gostr3412_2015_magma,2L
+
+#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik             "id-tc26-cipher-gostr3412-2015-kuznyechik"
+#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik            1176
+#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik            OBJ_id_tc26_cipher,2L
+
+#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm            "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm"
+#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm           1177
+#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm           OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik,1L
+
+#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac               "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac"
+#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac              1178
+#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac              OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik,2L
+
+#define SN_id_tc26_agreement            "id-tc26-agreement"
+#define NID_id_tc26_agreement           991
+#define OBJ_id_tc26_agreement           OBJ_id_tc26_algorithms,6L
+
+#define SN_id_tc26_agreement_gost_3410_2012_256         "id-tc26-agreement-gost-3410-2012-256"
+#define NID_id_tc26_agreement_gost_3410_2012_256                992
+#define OBJ_id_tc26_agreement_gost_3410_2012_256                OBJ_id_tc26_agreement,1L
+
+#define SN_id_tc26_agreement_gost_3410_2012_512         "id-tc26-agreement-gost-3410-2012-512"
+#define NID_id_tc26_agreement_gost_3410_2012_512                993
+#define OBJ_id_tc26_agreement_gost_3410_2012_512                OBJ_id_tc26_agreement,2L
+
+#define SN_id_tc26_wrap         "id-tc26-wrap"
+#define NID_id_tc26_wrap                1179
+#define OBJ_id_tc26_wrap                OBJ_id_tc26_algorithms,7L
+
+#define SN_id_tc26_wrap_gostr3412_2015_magma            "id-tc26-wrap-gostr3412-2015-magma"
+#define NID_id_tc26_wrap_gostr3412_2015_magma           1180
+#define OBJ_id_tc26_wrap_gostr3412_2015_magma           OBJ_id_tc26_wrap,1L
+
+#define SN_id_tc26_wrap_gostr3412_2015_magma_kexp15             "id-tc26-wrap-gostr3412-2015-magma-kexp15"
+#define NID_id_tc26_wrap_gostr3412_2015_magma_kexp15            1181
+#define OBJ_id_tc26_wrap_gostr3412_2015_magma_kexp15            OBJ_id_tc26_wrap_gostr3412_2015_magma,1L
+
+#define SN_id_tc26_wrap_gostr3412_2015_kuznyechik               "id-tc26-wrap-gostr3412-2015-kuznyechik"
+#define NID_id_tc26_wrap_gostr3412_2015_kuznyechik              1182
+#define OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik              OBJ_id_tc26_wrap,2L
+
+#define SN_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15                "id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15"
+#define NID_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15               1183
+#define OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15               OBJ_id_tc26_wrap_gostr3412_2015_magma,1L
+
+#define SN_id_tc26_constants            "id-tc26-constants"
+#define NID_id_tc26_constants           994
+#define OBJ_id_tc26_constants           OBJ_id_tc26,2L
+
+#define SN_id_tc26_sign_constants               "id-tc26-sign-constants"
+#define NID_id_tc26_sign_constants              995
+#define OBJ_id_tc26_sign_constants              OBJ_id_tc26_constants,1L
+
+#define SN_id_tc26_gost_3410_2012_256_constants         "id-tc26-gost-3410-2012-256-constants"
+#define NID_id_tc26_gost_3410_2012_256_constants                1147
+#define OBJ_id_tc26_gost_3410_2012_256_constants                OBJ_id_tc26_sign_constants,1L
+
+#define SN_id_tc26_gost_3410_2012_256_paramSetA         "id-tc26-gost-3410-2012-256-paramSetA"
+#define LN_id_tc26_gost_3410_2012_256_paramSetA         "GOST R 34.10-2012 (256 bit) ParamSet A"
+#define NID_id_tc26_gost_3410_2012_256_paramSetA                1148
+#define OBJ_id_tc26_gost_3410_2012_256_paramSetA                OBJ_id_tc26_gost_3410_2012_256_constants,1L
+
+#define SN_id_tc26_gost_3410_2012_256_paramSetB         "id-tc26-gost-3410-2012-256-paramSetB"
+#define LN_id_tc26_gost_3410_2012_256_paramSetB         "GOST R 34.10-2012 (256 bit) ParamSet B"
+#define NID_id_tc26_gost_3410_2012_256_paramSetB                1184
+#define OBJ_id_tc26_gost_3410_2012_256_paramSetB                OBJ_id_tc26_gost_3410_2012_256_constants,2L
+
+#define SN_id_tc26_gost_3410_2012_256_paramSetC         "id-tc26-gost-3410-2012-256-paramSetC"
+#define LN_id_tc26_gost_3410_2012_256_paramSetC         "GOST R 34.10-2012 (256 bit) ParamSet C"
+#define NID_id_tc26_gost_3410_2012_256_paramSetC                1185
+#define OBJ_id_tc26_gost_3410_2012_256_paramSetC                OBJ_id_tc26_gost_3410_2012_256_constants,3L
+
+#define SN_id_tc26_gost_3410_2012_256_paramSetD         "id-tc26-gost-3410-2012-256-paramSetD"
+#define LN_id_tc26_gost_3410_2012_256_paramSetD         "GOST R 34.10-2012 (256 bit) ParamSet D"
+#define NID_id_tc26_gost_3410_2012_256_paramSetD                1186
+#define OBJ_id_tc26_gost_3410_2012_256_paramSetD                OBJ_id_tc26_gost_3410_2012_256_constants,4L
+
+#define SN_id_tc26_gost_3410_2012_512_constants         "id-tc26-gost-3410-2012-512-constants"
+#define NID_id_tc26_gost_3410_2012_512_constants                996
+#define OBJ_id_tc26_gost_3410_2012_512_constants                OBJ_id_tc26_sign_constants,2L
+
+#define SN_id_tc26_gost_3410_2012_512_paramSetTest              "id-tc26-gost-3410-2012-512-paramSetTest"
+#define LN_id_tc26_gost_3410_2012_512_paramSetTest              "GOST R 34.10-2012 (512 bit) testing parameter set"
+#define NID_id_tc26_gost_3410_2012_512_paramSetTest             997
+#define OBJ_id_tc26_gost_3410_2012_512_paramSetTest             OBJ_id_tc26_gost_3410_2012_512_constants,0L
+
+#define SN_id_tc26_gost_3410_2012_512_paramSetA         "id-tc26-gost-3410-2012-512-paramSetA"
+#define LN_id_tc26_gost_3410_2012_512_paramSetA         "GOST R 34.10-2012 (512 bit) ParamSet A"
+#define NID_id_tc26_gost_3410_2012_512_paramSetA                998
+#define OBJ_id_tc26_gost_3410_2012_512_paramSetA                OBJ_id_tc26_gost_3410_2012_512_constants,1L
+
+#define SN_id_tc26_gost_3410_2012_512_paramSetB         "id-tc26-gost-3410-2012-512-paramSetB"
+#define LN_id_tc26_gost_3410_2012_512_paramSetB         "GOST R 34.10-2012 (512 bit) ParamSet B"
+#define NID_id_tc26_gost_3410_2012_512_paramSetB                999
+#define OBJ_id_tc26_gost_3410_2012_512_paramSetB                OBJ_id_tc26_gost_3410_2012_512_constants,2L
+
+#define SN_id_tc26_gost_3410_2012_512_paramSetC         "id-tc26-gost-3410-2012-512-paramSetC"
+#define LN_id_tc26_gost_3410_2012_512_paramSetC         "GOST R 34.10-2012 (512 bit) ParamSet C"
+#define NID_id_tc26_gost_3410_2012_512_paramSetC                1149
+#define OBJ_id_tc26_gost_3410_2012_512_paramSetC                OBJ_id_tc26_gost_3410_2012_512_constants,3L
+
+#define SN_id_tc26_digest_constants             "id-tc26-digest-constants"
+#define NID_id_tc26_digest_constants            1000
+#define OBJ_id_tc26_digest_constants            OBJ_id_tc26_constants,2L
+
+#define SN_id_tc26_cipher_constants             "id-tc26-cipher-constants"
+#define NID_id_tc26_cipher_constants            1001
+#define OBJ_id_tc26_cipher_constants            OBJ_id_tc26_constants,5L
+
+#define SN_id_tc26_gost_28147_constants         "id-tc26-gost-28147-constants"
+#define NID_id_tc26_gost_28147_constants                1002
+#define OBJ_id_tc26_gost_28147_constants                OBJ_id_tc26_cipher_constants,1L
+
+#define SN_id_tc26_gost_28147_param_Z           "id-tc26-gost-28147-param-Z"
+#define LN_id_tc26_gost_28147_param_Z           "GOST 28147-89 TC26 parameter set"
+#define NID_id_tc26_gost_28147_param_Z          1003
+#define OBJ_id_tc26_gost_28147_param_Z          OBJ_id_tc26_gost_28147_constants,1L
+
+#define SN_INN          "INN"
+#define LN_INN          "INN"
+#define NID_INN         1004
+#define OBJ_INN         OBJ_member_body,643L,3L,131L,1L,1L
+
+#define SN_OGRN         "OGRN"
+#define LN_OGRN         "OGRN"
+#define NID_OGRN                1005
+#define OBJ_OGRN                OBJ_member_body,643L,100L,1L
+
+#define SN_SNILS                "SNILS"
+#define LN_SNILS                "SNILS"
+#define NID_SNILS               1006
+#define OBJ_SNILS               OBJ_member_body,643L,100L,3L
+
+#define SN_subjectSignTool              "subjectSignTool"
+#define LN_subjectSignTool              "Signing Tool of Subject"
+#define NID_subjectSignTool             1007
+#define OBJ_subjectSignTool             OBJ_member_body,643L,100L,111L
+
+#define SN_issuerSignTool               "issuerSignTool"
+#define LN_issuerSignTool               "Signing Tool of Issuer"
+#define NID_issuerSignTool              1008
+#define OBJ_issuerSignTool              OBJ_member_body,643L,100L,112L
+
+#define SN_grasshopper_ecb              "grasshopper-ecb"
+#define NID_grasshopper_ecb             1012
+
+#define SN_grasshopper_ctr              "grasshopper-ctr"
+#define NID_grasshopper_ctr             1013
+
+#define SN_grasshopper_ofb              "grasshopper-ofb"
+#define NID_grasshopper_ofb             1014
+
+#define SN_grasshopper_cbc              "grasshopper-cbc"
+#define NID_grasshopper_cbc             1015
+
+#define SN_grasshopper_cfb              "grasshopper-cfb"
+#define NID_grasshopper_cfb             1016
+
+#define SN_grasshopper_mac              "grasshopper-mac"
+#define NID_grasshopper_mac             1017
+
+#define SN_magma_ecb            "magma-ecb"
+#define NID_magma_ecb           1187
+
+#define SN_magma_ctr            "magma-ctr"
+#define NID_magma_ctr           1188
+
+#define SN_magma_ofb            "magma-ofb"
+#define NID_magma_ofb           1189
+
+#define SN_magma_cbc            "magma-cbc"
+#define NID_magma_cbc           1190
+
+#define SN_magma_cfb            "magma-cfb"
+#define NID_magma_cfb           1191
+
+#define SN_magma_mac            "magma-mac"
+#define NID_magma_mac           1192
+
+#define SN_camellia_128_cbc             "CAMELLIA-128-CBC"
+#define LN_camellia_128_cbc             "camellia-128-cbc"
+#define NID_camellia_128_cbc            751
+#define OBJ_camellia_128_cbc            1L,2L,392L,200011L,61L,1L,1L,1L,2L
+
+#define SN_camellia_192_cbc             "CAMELLIA-192-CBC"
+#define LN_camellia_192_cbc             "camellia-192-cbc"
+#define NID_camellia_192_cbc            752
+#define OBJ_camellia_192_cbc            1L,2L,392L,200011L,61L,1L,1L,1L,3L
+
+#define SN_camellia_256_cbc             "CAMELLIA-256-CBC"
+#define LN_camellia_256_cbc             "camellia-256-cbc"
+#define NID_camellia_256_cbc            753
+#define OBJ_camellia_256_cbc            1L,2L,392L,200011L,61L,1L,1L,1L,4L
+
+#define SN_id_camellia128_wrap          "id-camellia128-wrap"
+#define NID_id_camellia128_wrap         907
+#define OBJ_id_camellia128_wrap         1L,2L,392L,200011L,61L,1L,1L,3L,2L
+
+#define SN_id_camellia192_wrap          "id-camellia192-wrap"
+#define NID_id_camellia192_wrap         908
+#define OBJ_id_camellia192_wrap         1L,2L,392L,200011L,61L,1L,1L,3L,3L
+
+#define SN_id_camellia256_wrap          "id-camellia256-wrap"
+#define NID_id_camellia256_wrap         909
+#define OBJ_id_camellia256_wrap         1L,2L,392L,200011L,61L,1L,1L,3L,4L
+
+#define OBJ_ntt_ds              0L,3L,4401L,5L
+
+#define OBJ_camellia            OBJ_ntt_ds,3L,1L,9L
+
+#define SN_camellia_128_ecb             "CAMELLIA-128-ECB"
+#define LN_camellia_128_ecb             "camellia-128-ecb"
+#define NID_camellia_128_ecb            754
+#define OBJ_camellia_128_ecb            OBJ_camellia,1L
+
+#define SN_camellia_128_ofb128          "CAMELLIA-128-OFB"
+#define LN_camellia_128_ofb128          "camellia-128-ofb"
+#define NID_camellia_128_ofb128         766
+#define OBJ_camellia_128_ofb128         OBJ_camellia,3L
+
+#define SN_camellia_128_cfb128          "CAMELLIA-128-CFB"
+#define LN_camellia_128_cfb128          "camellia-128-cfb"
+#define NID_camellia_128_cfb128         757
+#define OBJ_camellia_128_cfb128         OBJ_camellia,4L
+
+#define SN_camellia_128_gcm             "CAMELLIA-128-GCM"
+#define LN_camellia_128_gcm             "camellia-128-gcm"
+#define NID_camellia_128_gcm            961
+#define OBJ_camellia_128_gcm            OBJ_camellia,6L
+
+#define SN_camellia_128_ccm             "CAMELLIA-128-CCM"
+#define LN_camellia_128_ccm             "camellia-128-ccm"
+#define NID_camellia_128_ccm            962
+#define OBJ_camellia_128_ccm            OBJ_camellia,7L
+
+#define SN_camellia_128_ctr             "CAMELLIA-128-CTR"
+#define LN_camellia_128_ctr             "camellia-128-ctr"
+#define NID_camellia_128_ctr            963
+#define OBJ_camellia_128_ctr            OBJ_camellia,9L
+
+#define SN_camellia_128_cmac            "CAMELLIA-128-CMAC"
+#define LN_camellia_128_cmac            "camellia-128-cmac"
+#define NID_camellia_128_cmac           964
+#define OBJ_camellia_128_cmac           OBJ_camellia,10L
+
+#define SN_camellia_192_ecb             "CAMELLIA-192-ECB"
+#define LN_camellia_192_ecb             "camellia-192-ecb"
+#define NID_camellia_192_ecb            755
+#define OBJ_camellia_192_ecb            OBJ_camellia,21L
+
+#define SN_camellia_192_ofb128          "CAMELLIA-192-OFB"
+#define LN_camellia_192_ofb128          "camellia-192-ofb"
+#define NID_camellia_192_ofb128         767
+#define OBJ_camellia_192_ofb128         OBJ_camellia,23L
+
+#define SN_camellia_192_cfb128          "CAMELLIA-192-CFB"
+#define LN_camellia_192_cfb128          "camellia-192-cfb"
+#define NID_camellia_192_cfb128         758
+#define OBJ_camellia_192_cfb128         OBJ_camellia,24L
+
+#define SN_camellia_192_gcm             "CAMELLIA-192-GCM"
+#define LN_camellia_192_gcm             "camellia-192-gcm"
+#define NID_camellia_192_gcm            965
+#define OBJ_camellia_192_gcm            OBJ_camellia,26L
+
+#define SN_camellia_192_ccm             "CAMELLIA-192-CCM"
+#define LN_camellia_192_ccm             "camellia-192-ccm"
+#define NID_camellia_192_ccm            966
+#define OBJ_camellia_192_ccm            OBJ_camellia,27L
+
+#define SN_camellia_192_ctr             "CAMELLIA-192-CTR"
+#define LN_camellia_192_ctr             "camellia-192-ctr"
+#define NID_camellia_192_ctr            967
+#define OBJ_camellia_192_ctr            OBJ_camellia,29L
+
+#define SN_camellia_192_cmac            "CAMELLIA-192-CMAC"
+#define LN_camellia_192_cmac            "camellia-192-cmac"
+#define NID_camellia_192_cmac           968
+#define OBJ_camellia_192_cmac           OBJ_camellia,30L
+
+#define SN_camellia_256_ecb             "CAMELLIA-256-ECB"
+#define LN_camellia_256_ecb             "camellia-256-ecb"
+#define NID_camellia_256_ecb            756
+#define OBJ_camellia_256_ecb            OBJ_camellia,41L
+
+#define SN_camellia_256_ofb128          "CAMELLIA-256-OFB"
+#define LN_camellia_256_ofb128          "camellia-256-ofb"
+#define NID_camellia_256_ofb128         768
+#define OBJ_camellia_256_ofb128         OBJ_camellia,43L
+
+#define SN_camellia_256_cfb128          "CAMELLIA-256-CFB"
+#define LN_camellia_256_cfb128          "camellia-256-cfb"
+#define NID_camellia_256_cfb128         759
+#define OBJ_camellia_256_cfb128         OBJ_camellia,44L
+
+#define SN_camellia_256_gcm             "CAMELLIA-256-GCM"
+#define LN_camellia_256_gcm             "camellia-256-gcm"
+#define NID_camellia_256_gcm            969
+#define OBJ_camellia_256_gcm            OBJ_camellia,46L
+
+#define SN_camellia_256_ccm             "CAMELLIA-256-CCM"
+#define LN_camellia_256_ccm             "camellia-256-ccm"
+#define NID_camellia_256_ccm            970
+#define OBJ_camellia_256_ccm            OBJ_camellia,47L
+
+#define SN_camellia_256_ctr             "CAMELLIA-256-CTR"
+#define LN_camellia_256_ctr             "camellia-256-ctr"
+#define NID_camellia_256_ctr            971
+#define OBJ_camellia_256_ctr            OBJ_camellia,49L
+
+#define SN_camellia_256_cmac            "CAMELLIA-256-CMAC"
+#define LN_camellia_256_cmac            "camellia-256-cmac"
+#define NID_camellia_256_cmac           972
+#define OBJ_camellia_256_cmac           OBJ_camellia,50L
+
+#define SN_camellia_128_cfb1            "CAMELLIA-128-CFB1"
+#define LN_camellia_128_cfb1            "camellia-128-cfb1"
+#define NID_camellia_128_cfb1           760
+
+#define SN_camellia_192_cfb1            "CAMELLIA-192-CFB1"
+#define LN_camellia_192_cfb1            "camellia-192-cfb1"
+#define NID_camellia_192_cfb1           761
+
+#define SN_camellia_256_cfb1            "CAMELLIA-256-CFB1"
+#define LN_camellia_256_cfb1            "camellia-256-cfb1"
+#define NID_camellia_256_cfb1           762
+
+#define SN_camellia_128_cfb8            "CAMELLIA-128-CFB8"
+#define LN_camellia_128_cfb8            "camellia-128-cfb8"
+#define NID_camellia_128_cfb8           763
+
+#define SN_camellia_192_cfb8            "CAMELLIA-192-CFB8"
+#define LN_camellia_192_cfb8            "camellia-192-cfb8"
+#define NID_camellia_192_cfb8           764
+
+#define SN_camellia_256_cfb8            "CAMELLIA-256-CFB8"
+#define LN_camellia_256_cfb8            "camellia-256-cfb8"
+#define NID_camellia_256_cfb8           765
+
+#define OBJ_aria                1L,2L,410L,200046L,1L,1L
+
+#define SN_aria_128_ecb         "ARIA-128-ECB"
+#define LN_aria_128_ecb         "aria-128-ecb"
+#define NID_aria_128_ecb                1065
+#define OBJ_aria_128_ecb                OBJ_aria,1L
+
+#define SN_aria_128_cbc         "ARIA-128-CBC"
+#define LN_aria_128_cbc         "aria-128-cbc"
+#define NID_aria_128_cbc                1066
+#define OBJ_aria_128_cbc                OBJ_aria,2L
+
+#define SN_aria_128_cfb128              "ARIA-128-CFB"
+#define LN_aria_128_cfb128              "aria-128-cfb"
+#define NID_aria_128_cfb128             1067
+#define OBJ_aria_128_cfb128             OBJ_aria,3L
+
+#define SN_aria_128_ofb128              "ARIA-128-OFB"
+#define LN_aria_128_ofb128              "aria-128-ofb"
+#define NID_aria_128_ofb128             1068
+#define OBJ_aria_128_ofb128             OBJ_aria,4L
+
+#define SN_aria_128_ctr         "ARIA-128-CTR"
+#define LN_aria_128_ctr         "aria-128-ctr"
+#define NID_aria_128_ctr                1069
+#define OBJ_aria_128_ctr                OBJ_aria,5L
+
+#define SN_aria_192_ecb         "ARIA-192-ECB"
+#define LN_aria_192_ecb         "aria-192-ecb"
+#define NID_aria_192_ecb                1070
+#define OBJ_aria_192_ecb                OBJ_aria,6L
+
+#define SN_aria_192_cbc         "ARIA-192-CBC"
+#define LN_aria_192_cbc         "aria-192-cbc"
+#define NID_aria_192_cbc                1071
+#define OBJ_aria_192_cbc                OBJ_aria,7L
+
+#define SN_aria_192_cfb128              "ARIA-192-CFB"
+#define LN_aria_192_cfb128              "aria-192-cfb"
+#define NID_aria_192_cfb128             1072
+#define OBJ_aria_192_cfb128             OBJ_aria,8L
+
+#define SN_aria_192_ofb128              "ARIA-192-OFB"
+#define LN_aria_192_ofb128              "aria-192-ofb"
+#define NID_aria_192_ofb128             1073
+#define OBJ_aria_192_ofb128             OBJ_aria,9L
+
+#define SN_aria_192_ctr         "ARIA-192-CTR"
+#define LN_aria_192_ctr         "aria-192-ctr"
+#define NID_aria_192_ctr                1074
+#define OBJ_aria_192_ctr                OBJ_aria,10L
+
+#define SN_aria_256_ecb         "ARIA-256-ECB"
+#define LN_aria_256_ecb         "aria-256-ecb"
+#define NID_aria_256_ecb                1075
+#define OBJ_aria_256_ecb                OBJ_aria,11L
+
+#define SN_aria_256_cbc         "ARIA-256-CBC"
+#define LN_aria_256_cbc         "aria-256-cbc"
+#define NID_aria_256_cbc                1076
+#define OBJ_aria_256_cbc                OBJ_aria,12L
+
+#define SN_aria_256_cfb128              "ARIA-256-CFB"
+#define LN_aria_256_cfb128              "aria-256-cfb"
+#define NID_aria_256_cfb128             1077
+#define OBJ_aria_256_cfb128             OBJ_aria,13L
+
+#define SN_aria_256_ofb128              "ARIA-256-OFB"
+#define LN_aria_256_ofb128              "aria-256-ofb"
+#define NID_aria_256_ofb128             1078
+#define OBJ_aria_256_ofb128             OBJ_aria,14L
+
+#define SN_aria_256_ctr         "ARIA-256-CTR"
+#define LN_aria_256_ctr         "aria-256-ctr"
+#define NID_aria_256_ctr                1079
+#define OBJ_aria_256_ctr                OBJ_aria,15L
+
+#define SN_aria_128_cfb1                "ARIA-128-CFB1"
+#define LN_aria_128_cfb1                "aria-128-cfb1"
+#define NID_aria_128_cfb1               1080
+
+#define SN_aria_192_cfb1                "ARIA-192-CFB1"
+#define LN_aria_192_cfb1                "aria-192-cfb1"
+#define NID_aria_192_cfb1               1081
+
+#define SN_aria_256_cfb1                "ARIA-256-CFB1"
+#define LN_aria_256_cfb1                "aria-256-cfb1"
+#define NID_aria_256_cfb1               1082
+
+#define SN_aria_128_cfb8                "ARIA-128-CFB8"
+#define LN_aria_128_cfb8                "aria-128-cfb8"
+#define NID_aria_128_cfb8               1083
+
+#define SN_aria_192_cfb8                "ARIA-192-CFB8"
+#define LN_aria_192_cfb8                "aria-192-cfb8"
+#define NID_aria_192_cfb8               1084
+
+#define SN_aria_256_cfb8                "ARIA-256-CFB8"
+#define LN_aria_256_cfb8                "aria-256-cfb8"
+#define NID_aria_256_cfb8               1085
+
+#define SN_aria_128_ccm         "ARIA-128-CCM"
+#define LN_aria_128_ccm         "aria-128-ccm"
+#define NID_aria_128_ccm                1120
+#define OBJ_aria_128_ccm                OBJ_aria,37L
+
+#define SN_aria_192_ccm         "ARIA-192-CCM"
+#define LN_aria_192_ccm         "aria-192-ccm"
+#define NID_aria_192_ccm                1121
+#define OBJ_aria_192_ccm                OBJ_aria,38L
+
+#define SN_aria_256_ccm         "ARIA-256-CCM"
+#define LN_aria_256_ccm         "aria-256-ccm"
+#define NID_aria_256_ccm                1122
+#define OBJ_aria_256_ccm                OBJ_aria,39L
+
+#define SN_aria_128_gcm         "ARIA-128-GCM"
+#define LN_aria_128_gcm         "aria-128-gcm"
+#define NID_aria_128_gcm                1123
+#define OBJ_aria_128_gcm                OBJ_aria,34L
+
+#define SN_aria_192_gcm         "ARIA-192-GCM"
+#define LN_aria_192_gcm         "aria-192-gcm"
+#define NID_aria_192_gcm                1124
+#define OBJ_aria_192_gcm                OBJ_aria,35L
+
+#define SN_aria_256_gcm         "ARIA-256-GCM"
+#define LN_aria_256_gcm         "aria-256-gcm"
+#define NID_aria_256_gcm                1125
+#define OBJ_aria_256_gcm                OBJ_aria,36L
+
+#define SN_kisa         "KISA"
+#define LN_kisa         "kisa"
+#define NID_kisa                773
+#define OBJ_kisa                OBJ_member_body,410L,200004L
+
+#define SN_seed_ecb             "SEED-ECB"
+#define LN_seed_ecb             "seed-ecb"
+#define NID_seed_ecb            776
+#define OBJ_seed_ecb            OBJ_kisa,1L,3L
+
+#define SN_seed_cbc             "SEED-CBC"
+#define LN_seed_cbc             "seed-cbc"
+#define NID_seed_cbc            777
+#define OBJ_seed_cbc            OBJ_kisa,1L,4L
+
+#define SN_seed_cfb128          "SEED-CFB"
+#define LN_seed_cfb128          "seed-cfb"
+#define NID_seed_cfb128         779
+#define OBJ_seed_cfb128         OBJ_kisa,1L,5L
+
+#define SN_seed_ofb128          "SEED-OFB"
+#define LN_seed_ofb128          "seed-ofb"
+#define NID_seed_ofb128         778
+#define OBJ_seed_ofb128         OBJ_kisa,1L,6L
+
+#define SN_sm4_ecb              "SM4-ECB"
+#define LN_sm4_ecb              "sm4-ecb"
+#define NID_sm4_ecb             1133
+#define OBJ_sm4_ecb             OBJ_sm_scheme,104L,1L
+
+#define SN_sm4_cbc              "SM4-CBC"
+#define LN_sm4_cbc              "sm4-cbc"
+#define NID_sm4_cbc             1134
+#define OBJ_sm4_cbc             OBJ_sm_scheme,104L,2L
+
+#define SN_sm4_ofb128           "SM4-OFB"
+#define LN_sm4_ofb128           "sm4-ofb"
+#define NID_sm4_ofb128          1135
+#define OBJ_sm4_ofb128          OBJ_sm_scheme,104L,3L
+
+#define SN_sm4_cfb128           "SM4-CFB"
+#define LN_sm4_cfb128           "sm4-cfb"
+#define NID_sm4_cfb128          1137
+#define OBJ_sm4_cfb128          OBJ_sm_scheme,104L,4L
+
+#define SN_sm4_cfb1             "SM4-CFB1"
+#define LN_sm4_cfb1             "sm4-cfb1"
+#define NID_sm4_cfb1            1136
+#define OBJ_sm4_cfb1            OBJ_sm_scheme,104L,5L
+
+#define SN_sm4_cfb8             "SM4-CFB8"
+#define LN_sm4_cfb8             "sm4-cfb8"
+#define NID_sm4_cfb8            1138
+#define OBJ_sm4_cfb8            OBJ_sm_scheme,104L,6L
+
+#define SN_sm4_ctr              "SM4-CTR"
+#define LN_sm4_ctr              "sm4-ctr"
+#define NID_sm4_ctr             1139
+#define OBJ_sm4_ctr             OBJ_sm_scheme,104L,7L
+
+#define SN_hmac         "HMAC"
+#define LN_hmac         "hmac"
+#define NID_hmac                855
+
+#define SN_cmac         "CMAC"
+#define LN_cmac         "cmac"
+#define NID_cmac                894
+
+#define SN_rc4_hmac_md5         "RC4-HMAC-MD5"
+#define LN_rc4_hmac_md5         "rc4-hmac-md5"
+#define NID_rc4_hmac_md5                915
+
+#define SN_aes_128_cbc_hmac_sha1                "AES-128-CBC-HMAC-SHA1"
+#define LN_aes_128_cbc_hmac_sha1                "aes-128-cbc-hmac-sha1"
+#define NID_aes_128_cbc_hmac_sha1               916
+
+#define SN_aes_192_cbc_hmac_sha1                "AES-192-CBC-HMAC-SHA1"
+#define LN_aes_192_cbc_hmac_sha1                "aes-192-cbc-hmac-sha1"
+#define NID_aes_192_cbc_hmac_sha1               917
+
+#define SN_aes_256_cbc_hmac_sha1                "AES-256-CBC-HMAC-SHA1"
+#define LN_aes_256_cbc_hmac_sha1                "aes-256-cbc-hmac-sha1"
+#define NID_aes_256_cbc_hmac_sha1               918
+
+#define SN_aes_128_cbc_hmac_sha256              "AES-128-CBC-HMAC-SHA256"
+#define LN_aes_128_cbc_hmac_sha256              "aes-128-cbc-hmac-sha256"
+#define NID_aes_128_cbc_hmac_sha256             948
+
+#define SN_aes_192_cbc_hmac_sha256              "AES-192-CBC-HMAC-SHA256"
+#define LN_aes_192_cbc_hmac_sha256              "aes-192-cbc-hmac-sha256"
+#define NID_aes_192_cbc_hmac_sha256             949
+
+#define SN_aes_256_cbc_hmac_sha256              "AES-256-CBC-HMAC-SHA256"
+#define LN_aes_256_cbc_hmac_sha256              "aes-256-cbc-hmac-sha256"
+#define NID_aes_256_cbc_hmac_sha256             950
+
+#define SN_chacha20_poly1305            "ChaCha20-Poly1305"
+#define LN_chacha20_poly1305            "chacha20-poly1305"
+#define NID_chacha20_poly1305           1018
+
+#define SN_chacha20             "ChaCha20"
+#define LN_chacha20             "chacha20"
+#define NID_chacha20            1019
+
+#define SN_dhpublicnumber               "dhpublicnumber"
+#define LN_dhpublicnumber               "X9.42 DH"
+#define NID_dhpublicnumber              920
+#define OBJ_dhpublicnumber              OBJ_ISO_US,10046L,2L,1L
+
+#define SN_brainpoolP160r1              "brainpoolP160r1"
+#define NID_brainpoolP160r1             921
+#define OBJ_brainpoolP160r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,1L
+
+#define SN_brainpoolP160t1              "brainpoolP160t1"
+#define NID_brainpoolP160t1             922
+#define OBJ_brainpoolP160t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,2L
+
+#define SN_brainpoolP192r1              "brainpoolP192r1"
+#define NID_brainpoolP192r1             923
+#define OBJ_brainpoolP192r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,3L
+
+#define SN_brainpoolP192t1              "brainpoolP192t1"
+#define NID_brainpoolP192t1             924
+#define OBJ_brainpoolP192t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,4L
+
+#define SN_brainpoolP224r1              "brainpoolP224r1"
+#define NID_brainpoolP224r1             925
+#define OBJ_brainpoolP224r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,5L
+
+#define SN_brainpoolP224t1              "brainpoolP224t1"
+#define NID_brainpoolP224t1             926
+#define OBJ_brainpoolP224t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,6L
+
+#define SN_brainpoolP256r1              "brainpoolP256r1"
+#define NID_brainpoolP256r1             927
+#define OBJ_brainpoolP256r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,7L
+
+#define SN_brainpoolP256t1              "brainpoolP256t1"
+#define NID_brainpoolP256t1             928
+#define OBJ_brainpoolP256t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,8L
+
+#define SN_brainpoolP320r1              "brainpoolP320r1"
+#define NID_brainpoolP320r1             929
+#define OBJ_brainpoolP320r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,9L
+
+#define SN_brainpoolP320t1              "brainpoolP320t1"
+#define NID_brainpoolP320t1             930
+#define OBJ_brainpoolP320t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,10L
+
+#define SN_brainpoolP384r1              "brainpoolP384r1"
+#define NID_brainpoolP384r1             931
+#define OBJ_brainpoolP384r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,11L
+
+#define SN_brainpoolP384t1              "brainpoolP384t1"
+#define NID_brainpoolP384t1             932
+#define OBJ_brainpoolP384t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,12L
+
+#define SN_brainpoolP512r1              "brainpoolP512r1"
+#define NID_brainpoolP512r1             933
+#define OBJ_brainpoolP512r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,13L
+
+#define SN_brainpoolP512t1              "brainpoolP512t1"
+#define NID_brainpoolP512t1             934
+#define OBJ_brainpoolP512t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,14L
+
+#define OBJ_x9_63_scheme                1L,3L,133L,16L,840L,63L,0L
+
+#define OBJ_secg_scheme         OBJ_certicom_arc,1L
+
+#define SN_dhSinglePass_stdDH_sha1kdf_scheme            "dhSinglePass-stdDH-sha1kdf-scheme"
+#define NID_dhSinglePass_stdDH_sha1kdf_scheme           936
+#define OBJ_dhSinglePass_stdDH_sha1kdf_scheme           OBJ_x9_63_scheme,2L
+
+#define SN_dhSinglePass_stdDH_sha224kdf_scheme          "dhSinglePass-stdDH-sha224kdf-scheme"
+#define NID_dhSinglePass_stdDH_sha224kdf_scheme         937
+#define OBJ_dhSinglePass_stdDH_sha224kdf_scheme         OBJ_secg_scheme,11L,0L
+
+#define SN_dhSinglePass_stdDH_sha256kdf_scheme          "dhSinglePass-stdDH-sha256kdf-scheme"
+#define NID_dhSinglePass_stdDH_sha256kdf_scheme         938
+#define OBJ_dhSinglePass_stdDH_sha256kdf_scheme         OBJ_secg_scheme,11L,1L
+
+#define SN_dhSinglePass_stdDH_sha384kdf_scheme          "dhSinglePass-stdDH-sha384kdf-scheme"
+#define NID_dhSinglePass_stdDH_sha384kdf_scheme         939
+#define OBJ_dhSinglePass_stdDH_sha384kdf_scheme         OBJ_secg_scheme,11L,2L
+
+#define SN_dhSinglePass_stdDH_sha512kdf_scheme          "dhSinglePass-stdDH-sha512kdf-scheme"
+#define NID_dhSinglePass_stdDH_sha512kdf_scheme         940
+#define OBJ_dhSinglePass_stdDH_sha512kdf_scheme         OBJ_secg_scheme,11L,3L
+
+#define SN_dhSinglePass_cofactorDH_sha1kdf_scheme               "dhSinglePass-cofactorDH-sha1kdf-scheme"
+#define NID_dhSinglePass_cofactorDH_sha1kdf_scheme              941
+#define OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme              OBJ_x9_63_scheme,3L
+
+#define SN_dhSinglePass_cofactorDH_sha224kdf_scheme             "dhSinglePass-cofactorDH-sha224kdf-scheme"
+#define NID_dhSinglePass_cofactorDH_sha224kdf_scheme            942
+#define OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme            OBJ_secg_scheme,14L,0L
+
+#define SN_dhSinglePass_cofactorDH_sha256kdf_scheme             "dhSinglePass-cofactorDH-sha256kdf-scheme"
+#define NID_dhSinglePass_cofactorDH_sha256kdf_scheme            943
+#define OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme            OBJ_secg_scheme,14L,1L
+
+#define SN_dhSinglePass_cofactorDH_sha384kdf_scheme             "dhSinglePass-cofactorDH-sha384kdf-scheme"
+#define NID_dhSinglePass_cofactorDH_sha384kdf_scheme            944
+#define OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme            OBJ_secg_scheme,14L,2L
+
+#define SN_dhSinglePass_cofactorDH_sha512kdf_scheme             "dhSinglePass-cofactorDH-sha512kdf-scheme"
+#define NID_dhSinglePass_cofactorDH_sha512kdf_scheme            945
+#define OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme            OBJ_secg_scheme,14L,3L
+
+#define SN_dh_std_kdf           "dh-std-kdf"
+#define NID_dh_std_kdf          946
+
+#define SN_dh_cofactor_kdf              "dh-cofactor-kdf"
+#define NID_dh_cofactor_kdf             947
+
+#define SN_ct_precert_scts              "ct_precert_scts"
+#define LN_ct_precert_scts              "CT Precertificate SCTs"
+#define NID_ct_precert_scts             951
+#define OBJ_ct_precert_scts             1L,3L,6L,1L,4L,1L,11129L,2L,4L,2L
+
+#define SN_ct_precert_poison            "ct_precert_poison"
+#define LN_ct_precert_poison            "CT Precertificate Poison"
+#define NID_ct_precert_poison           952
+#define OBJ_ct_precert_poison           1L,3L,6L,1L,4L,1L,11129L,2L,4L,3L
+
+#define SN_ct_precert_signer            "ct_precert_signer"
+#define LN_ct_precert_signer            "CT Precertificate Signer"
+#define NID_ct_precert_signer           953
+#define OBJ_ct_precert_signer           1L,3L,6L,1L,4L,1L,11129L,2L,4L,4L
+
+#define SN_ct_cert_scts         "ct_cert_scts"
+#define LN_ct_cert_scts         "CT Certificate SCTs"
+#define NID_ct_cert_scts                954
+#define OBJ_ct_cert_scts                1L,3L,6L,1L,4L,1L,11129L,2L,4L,5L
+
+#define SN_jurisdictionLocalityName             "jurisdictionL"
+#define LN_jurisdictionLocalityName             "jurisdictionLocalityName"
+#define NID_jurisdictionLocalityName            955
+#define OBJ_jurisdictionLocalityName            1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,1L
+
+#define SN_jurisdictionStateOrProvinceName              "jurisdictionST"
+#define LN_jurisdictionStateOrProvinceName              "jurisdictionStateOrProvinceName"
+#define NID_jurisdictionStateOrProvinceName             956
+#define OBJ_jurisdictionStateOrProvinceName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,2L
+
+#define SN_jurisdictionCountryName              "jurisdictionC"
+#define LN_jurisdictionCountryName              "jurisdictionCountryName"
+#define NID_jurisdictionCountryName             957
+#define OBJ_jurisdictionCountryName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L
+
+#define SN_id_scrypt            "id-scrypt"
+#define LN_id_scrypt            "scrypt"
+#define NID_id_scrypt           973
+#define OBJ_id_scrypt           1L,3L,6L,1L,4L,1L,11591L,4L,11L
+
+#define SN_tls1_prf             "TLS1-PRF"
+#define LN_tls1_prf             "tls1-prf"
+#define NID_tls1_prf            1021
+
+#define SN_hkdf         "HKDF"
+#define LN_hkdf         "hkdf"
+#define NID_hkdf                1036
+
+#define SN_id_pkinit            "id-pkinit"
+#define NID_id_pkinit           1031
+#define OBJ_id_pkinit           1L,3L,6L,1L,5L,2L,3L
+
+#define SN_pkInitClientAuth             "pkInitClientAuth"
+#define LN_pkInitClientAuth             "PKINIT Client Auth"
+#define NID_pkInitClientAuth            1032
+#define OBJ_pkInitClientAuth            OBJ_id_pkinit,4L
+
+#define SN_pkInitKDC            "pkInitKDC"
+#define LN_pkInitKDC            "Signing KDC Response"
+#define NID_pkInitKDC           1033
+#define OBJ_pkInitKDC           OBJ_id_pkinit,5L
+
+#define SN_X25519               "X25519"
+#define NID_X25519              1034
+#define OBJ_X25519              1L,3L,101L,110L
+
+#define SN_X448         "X448"
+#define NID_X448                1035
+#define OBJ_X448                1L,3L,101L,111L
+
+#define SN_ED25519              "ED25519"
+#define NID_ED25519             1087
+#define OBJ_ED25519             1L,3L,101L,112L
+
+#define SN_ED448                "ED448"
+#define NID_ED448               1088
+#define OBJ_ED448               1L,3L,101L,113L
+
+#define SN_kx_rsa               "KxRSA"
+#define LN_kx_rsa               "kx-rsa"
+#define NID_kx_rsa              1037
+
+#define SN_kx_ecdhe             "KxECDHE"
+#define LN_kx_ecdhe             "kx-ecdhe"
+#define NID_kx_ecdhe            1038
+
+#define SN_kx_dhe               "KxDHE"
+#define LN_kx_dhe               "kx-dhe"
+#define NID_kx_dhe              1039
+
+#define SN_kx_ecdhe_psk         "KxECDHE-PSK"
+#define LN_kx_ecdhe_psk         "kx-ecdhe-psk"
+#define NID_kx_ecdhe_psk                1040
+
+#define SN_kx_dhe_psk           "KxDHE-PSK"
+#define LN_kx_dhe_psk           "kx-dhe-psk"
+#define NID_kx_dhe_psk          1041
+
+#define SN_kx_rsa_psk           "KxRSA_PSK"
+#define LN_kx_rsa_psk           "kx-rsa-psk"
+#define NID_kx_rsa_psk          1042
+
+#define SN_kx_psk               "KxPSK"
+#define LN_kx_psk               "kx-psk"
+#define NID_kx_psk              1043
+
+#define SN_kx_srp               "KxSRP"
+#define LN_kx_srp               "kx-srp"
+#define NID_kx_srp              1044
+
+#define SN_kx_gost              "KxGOST"
+#define LN_kx_gost              "kx-gost"
+#define NID_kx_gost             1045
+
+#define SN_kx_any               "KxANY"
+#define LN_kx_any               "kx-any"
+#define NID_kx_any              1063
+
+#define SN_auth_rsa             "AuthRSA"
+#define LN_auth_rsa             "auth-rsa"
+#define NID_auth_rsa            1046
+
+#define SN_auth_ecdsa           "AuthECDSA"
+#define LN_auth_ecdsa           "auth-ecdsa"
+#define NID_auth_ecdsa          1047
+
+#define SN_auth_psk             "AuthPSK"
+#define LN_auth_psk             "auth-psk"
+#define NID_auth_psk            1048
+
+#define SN_auth_dss             "AuthDSS"
+#define LN_auth_dss             "auth-dss"
+#define NID_auth_dss            1049
+
+#define SN_auth_gost01          "AuthGOST01"
+#define LN_auth_gost01          "auth-gost01"
+#define NID_auth_gost01         1050
+
+#define SN_auth_gost12          "AuthGOST12"
+#define LN_auth_gost12          "auth-gost12"
+#define NID_auth_gost12         1051
+
+#define SN_auth_srp             "AuthSRP"
+#define LN_auth_srp             "auth-srp"
+#define NID_auth_srp            1052
+
+#define SN_auth_null            "AuthNULL"
+#define LN_auth_null            "auth-null"
+#define NID_auth_null           1053
+
+#define SN_auth_any             "AuthANY"
+#define LN_auth_any             "auth-any"
+#define NID_auth_any            1064
+
+#define SN_poly1305             "Poly1305"
+#define LN_poly1305             "poly1305"
+#define NID_poly1305            1061
+
+#define SN_siphash              "SipHash"
+#define LN_siphash              "siphash"
+#define NID_siphash             1062
+
+#define SN_ffdhe2048            "ffdhe2048"
+#define NID_ffdhe2048           1126
+
+#define SN_ffdhe3072            "ffdhe3072"
+#define NID_ffdhe3072           1127
+
+#define SN_ffdhe4096            "ffdhe4096"
+#define NID_ffdhe4096           1128
+
+#define SN_ffdhe6144            "ffdhe6144"
+#define NID_ffdhe6144           1129
+
+#define SN_ffdhe8192            "ffdhe8192"
+#define NID_ffdhe8192           1130
+
+#define SN_ISO_UA               "ISO-UA"
+#define NID_ISO_UA              1150
+#define OBJ_ISO_UA              OBJ_member_body,804L
+
+#define SN_ua_pki               "ua-pki"
+#define NID_ua_pki              1151
+#define OBJ_ua_pki              OBJ_ISO_UA,2L,1L,1L,1L
+
+#define SN_dstu28147            "dstu28147"
+#define LN_dstu28147            "DSTU Gost 28147-2009"
+#define NID_dstu28147           1152
+#define OBJ_dstu28147           OBJ_ua_pki,1L,1L,1L
+
+#define SN_dstu28147_ofb                "dstu28147-ofb"
+#define LN_dstu28147_ofb                "DSTU Gost 28147-2009 OFB mode"
+#define NID_dstu28147_ofb               1153
+#define OBJ_dstu28147_ofb               OBJ_dstu28147,2L
+
+#define SN_dstu28147_cfb                "dstu28147-cfb"
+#define LN_dstu28147_cfb                "DSTU Gost 28147-2009 CFB mode"
+#define NID_dstu28147_cfb               1154
+#define OBJ_dstu28147_cfb               OBJ_dstu28147,3L
+
+#define SN_dstu28147_wrap               "dstu28147-wrap"
+#define LN_dstu28147_wrap               "DSTU Gost 28147-2009 key wrap"
+#define NID_dstu28147_wrap              1155
+#define OBJ_dstu28147_wrap              OBJ_dstu28147,5L
+
+#define SN_hmacWithDstu34311            "hmacWithDstu34311"
+#define LN_hmacWithDstu34311            "HMAC DSTU Gost 34311-95"
+#define NID_hmacWithDstu34311           1156
+#define OBJ_hmacWithDstu34311           OBJ_ua_pki,1L,1L,2L
+
+#define SN_dstu34311            "dstu34311"
+#define LN_dstu34311            "DSTU Gost 34311-95"
+#define NID_dstu34311           1157
+#define OBJ_dstu34311           OBJ_ua_pki,1L,2L,1L
+
+#define SN_dstu4145le           "dstu4145le"
+#define LN_dstu4145le           "DSTU 4145-2002 little endian"
+#define NID_dstu4145le          1158
+#define OBJ_dstu4145le          OBJ_ua_pki,1L,3L,1L,1L
+
+#define SN_dstu4145be           "dstu4145be"
+#define LN_dstu4145be           "DSTU 4145-2002 big endian"
+#define NID_dstu4145be          1159
+#define OBJ_dstu4145be          OBJ_dstu4145le,1L,1L
+
+#define SN_uacurve0             "uacurve0"
+#define LN_uacurve0             "DSTU curve 0"
+#define NID_uacurve0            1160
+#define OBJ_uacurve0            OBJ_dstu4145le,2L,0L
+
+#define SN_uacurve1             "uacurve1"
+#define LN_uacurve1             "DSTU curve 1"
+#define NID_uacurve1            1161
+#define OBJ_uacurve1            OBJ_dstu4145le,2L,1L
+
+#define SN_uacurve2             "uacurve2"
+#define LN_uacurve2             "DSTU curve 2"
+#define NID_uacurve2            1162
+#define OBJ_uacurve2            OBJ_dstu4145le,2L,2L
+
+#define SN_uacurve3             "uacurve3"
+#define LN_uacurve3             "DSTU curve 3"
+#define NID_uacurve3            1163
+#define OBJ_uacurve3            OBJ_dstu4145le,2L,3L
+
+#define SN_uacurve4             "uacurve4"
+#define LN_uacurve4             "DSTU curve 4"
+#define NID_uacurve4            1164
+#define OBJ_uacurve4            OBJ_dstu4145le,2L,4L
+
+#define SN_uacurve5             "uacurve5"
+#define LN_uacurve5             "DSTU curve 5"
+#define NID_uacurve5            1165
+#define OBJ_uacurve5            OBJ_dstu4145le,2L,5L
+
+#define SN_uacurve6             "uacurve6"
+#define LN_uacurve6             "DSTU curve 6"
+#define NID_uacurve6            1166
+#define OBJ_uacurve6            OBJ_dstu4145le,2L,6L
+
+#define SN_uacurve7             "uacurve7"
+#define LN_uacurve7             "DSTU curve 7"
+#define NID_uacurve7            1167
+#define OBJ_uacurve7            OBJ_dstu4145le,2L,7L
+
+#define SN_uacurve8             "uacurve8"
+#define LN_uacurve8             "DSTU curve 8"
+#define NID_uacurve8            1168
+#define OBJ_uacurve8            OBJ_dstu4145le,2L,8L
+
+#define SN_uacurve9             "uacurve9"
+#define LN_uacurve9             "DSTU curve 9"
+#define NID_uacurve9            1169
+#define OBJ_uacurve9            OBJ_dstu4145le,2L,9L
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/objects.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/objects.h
new file mode 100644
index 000000000..5e8b5762f
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/objects.h
@@ -0,0 +1,175 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_OBJECTS_H
+# define HEADER_OBJECTS_H
+
+# include <openssl/obj_mac.h>
+# include <openssl/bio.h>
+# include <openssl/asn1.h>
+# include <openssl/objectserr.h>
+
+# define OBJ_NAME_TYPE_UNDEF             0x00
+# define OBJ_NAME_TYPE_MD_METH           0x01
+# define OBJ_NAME_TYPE_CIPHER_METH       0x02
+# define OBJ_NAME_TYPE_PKEY_METH         0x03
+# define OBJ_NAME_TYPE_COMP_METH         0x04
+# define OBJ_NAME_TYPE_NUM               0x05
+
+# define OBJ_NAME_ALIAS                  0x8000
+
+# define OBJ_BSEARCH_VALUE_ON_NOMATCH            0x01
+# define OBJ_BSEARCH_FIRST_VALUE_ON_MATCH        0x02
+
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+typedef struct obj_name_st {
+    int type;
+    int alias;
+    const char *name;
+    const char *data;
+} OBJ_NAME;
+
+# define         OBJ_create_and_add_object(a,b,c) OBJ_create(a,b,c)
+
+int OBJ_NAME_init(void);
+int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *),
+                       int (*cmp_func) (const char *, const char *),
+                       void (*free_func) (const char *, int, const char *));
+const char *OBJ_NAME_get(const char *name, int type);
+int OBJ_NAME_add(const char *name, int type, const char *data);
+int OBJ_NAME_remove(const char *name, int type);
+void OBJ_NAME_cleanup(int type); /* -1 for everything */
+void OBJ_NAME_do_all(int type, void (*fn) (const OBJ_NAME *, void *arg),
+                     void *arg);
+void OBJ_NAME_do_all_sorted(int type,
+                            void (*fn) (const OBJ_NAME *, void *arg),
+                            void *arg);
+
+ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o);
+ASN1_OBJECT *OBJ_nid2obj(int n);
+const char *OBJ_nid2ln(int n);
+const char *OBJ_nid2sn(int n);
+int OBJ_obj2nid(const ASN1_OBJECT *o);
+ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name);
+int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name);
+int OBJ_txt2nid(const char *s);
+int OBJ_ln2nid(const char *s);
+int OBJ_sn2nid(const char *s);
+int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b);
+const void *OBJ_bsearch_(const void *key, const void *base, int num, int size,
+                         int (*cmp) (const void *, const void *));
+const void *OBJ_bsearch_ex_(const void *key, const void *base, int num,
+                            int size,
+                            int (*cmp) (const void *, const void *),
+                            int flags);
+
+# define _DECLARE_OBJ_BSEARCH_CMP_FN(scope, type1, type2, nm)    \
+  static int nm##_cmp_BSEARCH_CMP_FN(const void *, const void *); \
+  static int nm##_cmp(type1 const *, type2 const *); \
+  scope type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num)
+
+# define DECLARE_OBJ_BSEARCH_CMP_FN(type1, type2, cmp)   \
+  _DECLARE_OBJ_BSEARCH_CMP_FN(static, type1, type2, cmp)
+# define DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm)     \
+  type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num)
+
+/*-
+ * Unsolved problem: if a type is actually a pointer type, like
+ * nid_triple is, then its impossible to get a const where you need
+ * it. Consider:
+ *
+ * typedef int nid_triple[3];
+ * const void *a_;
+ * const nid_triple const *a = a_;
+ *
+ * The assignment discards a const because what you really want is:
+ *
+ * const int const * const *a = a_;
+ *
+ * But if you do that, you lose the fact that a is an array of 3 ints,
+ * which breaks comparison functions.
+ *
+ * Thus we end up having to cast, sadly, or unpack the
+ * declarations. Or, as I finally did in this case, declare nid_triple
+ * to be a struct, which it should have been in the first place.
+ *
+ * Ben, August 2008.
+ *
+ * Also, strictly speaking not all types need be const, but handling
+ * the non-constness means a lot of complication, and in practice
+ * comparison routines do always not touch their arguments.
+ */
+
+# define IMPLEMENT_OBJ_BSEARCH_CMP_FN(type1, type2, nm)  \
+  static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_)    \
+      { \
+      type1 const *a = a_; \
+      type2 const *b = b_; \
+      return nm##_cmp(a,b); \
+      } \
+  static type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \
+      { \
+      return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \
+                                        nm##_cmp_BSEARCH_CMP_FN); \
+      } \
+      extern void dummy_prototype(void)
+
+# define IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm)   \
+  static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_)    \
+      { \
+      type1 const *a = a_; \
+      type2 const *b = b_; \
+      return nm##_cmp(a,b); \
+      } \
+  type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \
+      { \
+      return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \
+                                        nm##_cmp_BSEARCH_CMP_FN); \
+      } \
+      extern void dummy_prototype(void)
+
+# define OBJ_bsearch(type1,key,type2,base,num,cmp)                              \
+  ((type2 *)OBJ_bsearch_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \
+                         num,sizeof(type2),                             \
+                         ((void)CHECKED_PTR_OF(type1,cmp##_type_1),     \
+                          (void)CHECKED_PTR_OF(type2,cmp##_type_2),     \
+                          cmp##_BSEARCH_CMP_FN)))
+
+# define OBJ_bsearch_ex(type1,key,type2,base,num,cmp,flags)                      \
+  ((type2 *)OBJ_bsearch_ex_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \
+                         num,sizeof(type2),                             \
+                         ((void)CHECKED_PTR_OF(type1,cmp##_type_1),     \
+                          (void)type_2=CHECKED_PTR_OF(type2,cmp##_type_2), \
+                          cmp##_BSEARCH_CMP_FN)),flags)
+
+int OBJ_new_nid(int num);
+int OBJ_add_object(const ASN1_OBJECT *obj);
+int OBJ_create(const char *oid, const char *sn, const char *ln);
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define OBJ_cleanup() while(0) continue
+#endif
+int OBJ_create_objects(BIO *in);
+
+size_t OBJ_length(const ASN1_OBJECT *obj);
+const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj);
+
+int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid);
+int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid);
+int OBJ_add_sigid(int signid, int dig_id, int pkey_id);
+void OBJ_sigid_free(void);
+
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/objectserr.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/objectserr.h
new file mode 100644
index 000000000..02308dfac
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/objectserr.h
@@ -0,0 +1,38 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_OBJERR_H
+# define HEADER_OBJERR_H
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_OBJ_strings(void);
+
+/*
+ * OBJ function codes.
+ */
+# define OBJ_F_OBJ_ADD_OBJECT                             105
+# define OBJ_F_OBJ_ADD_SIGID                              107
+# define OBJ_F_OBJ_CREATE                                 100
+# define OBJ_F_OBJ_DUP                                    101
+# define OBJ_F_OBJ_NAME_NEW_INDEX                         106
+# define OBJ_F_OBJ_NID2LN                                 102
+# define OBJ_F_OBJ_NID2OBJ                                103
+# define OBJ_F_OBJ_NID2SN                                 104
+# define OBJ_F_OBJ_TXT2OBJ                                108
+
+/*
+ * OBJ reason codes.
+ */
+# define OBJ_R_OID_EXISTS                                 102
+# define OBJ_R_UNKNOWN_NID                                101
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/ocsp.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/ocsp.h
new file mode 100644
index 000000000..0a17166b5
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/ocsp.h
@@ -0,0 +1,352 @@
+/*
+ * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_OCSP_H
+# define HEADER_OCSP_H
+
+#include <openssl/opensslconf.h>
+
+/*
+ * These definitions are outside the OPENSSL_NO_OCSP guard because although for
+ * historical reasons they have OCSP_* names, they can actually be used
+ * independently of OCSP. E.g. see RFC5280
+ */
+/*-
+ *   CRLReason ::= ENUMERATED {
+ *        unspecified             (0),
+ *        keyCompromise           (1),
+ *        cACompromise            (2),
+ *        affiliationChanged      (3),
+ *        superseded              (4),
+ *        cessationOfOperation    (5),
+ *        certificateHold         (6),
+ *        removeFromCRL           (8) }
+ */
+#  define OCSP_REVOKED_STATUS_NOSTATUS               -1
+#  define OCSP_REVOKED_STATUS_UNSPECIFIED             0
+#  define OCSP_REVOKED_STATUS_KEYCOMPROMISE           1
+#  define OCSP_REVOKED_STATUS_CACOMPROMISE            2
+#  define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED      3
+#  define OCSP_REVOKED_STATUS_SUPERSEDED              4
+#  define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION    5
+#  define OCSP_REVOKED_STATUS_CERTIFICATEHOLD         6
+#  define OCSP_REVOKED_STATUS_REMOVEFROMCRL           8
+
+
+# ifndef OPENSSL_NO_OCSP
+
+#  include <openssl/ossl_typ.h>
+#  include <openssl/x509.h>
+#  include <openssl/x509v3.h>
+#  include <openssl/safestack.h>
+#  include <openssl/ocsperr.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* Various flags and values */
+
+#  define OCSP_DEFAULT_NONCE_LENGTH       16
+
+#  define OCSP_NOCERTS                    0x1
+#  define OCSP_NOINTERN                   0x2
+#  define OCSP_NOSIGS                     0x4
+#  define OCSP_NOCHAIN                    0x8
+#  define OCSP_NOVERIFY                   0x10
+#  define OCSP_NOEXPLICIT                 0x20
+#  define OCSP_NOCASIGN                   0x40
+#  define OCSP_NODELEGATED                0x80
+#  define OCSP_NOCHECKS                   0x100
+#  define OCSP_TRUSTOTHER                 0x200
+#  define OCSP_RESPID_KEY                 0x400
+#  define OCSP_NOTIME                     0x800
+
+typedef struct ocsp_cert_id_st OCSP_CERTID;
+
+DEFINE_STACK_OF(OCSP_CERTID)
+
+typedef struct ocsp_one_request_st OCSP_ONEREQ;
+
+DEFINE_STACK_OF(OCSP_ONEREQ)
+
+typedef struct ocsp_req_info_st OCSP_REQINFO;
+typedef struct ocsp_signature_st OCSP_SIGNATURE;
+typedef struct ocsp_request_st OCSP_REQUEST;
+
+#  define OCSP_RESPONSE_STATUS_SUCCESSFUL           0
+#  define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST     1
+#  define OCSP_RESPONSE_STATUS_INTERNALERROR        2
+#  define OCSP_RESPONSE_STATUS_TRYLATER             3
+#  define OCSP_RESPONSE_STATUS_SIGREQUIRED          5
+#  define OCSP_RESPONSE_STATUS_UNAUTHORIZED         6
+
+typedef struct ocsp_resp_bytes_st OCSP_RESPBYTES;
+
+#  define V_OCSP_RESPID_NAME 0
+#  define V_OCSP_RESPID_KEY  1
+
+DEFINE_STACK_OF(OCSP_RESPID)
+
+typedef struct ocsp_revoked_info_st OCSP_REVOKEDINFO;
+
+#  define V_OCSP_CERTSTATUS_GOOD    0
+#  define V_OCSP_CERTSTATUS_REVOKED 1
+#  define V_OCSP_CERTSTATUS_UNKNOWN 2
+
+typedef struct ocsp_cert_status_st OCSP_CERTSTATUS;
+typedef struct ocsp_single_response_st OCSP_SINGLERESP;
+
+DEFINE_STACK_OF(OCSP_SINGLERESP)
+
+typedef struct ocsp_response_data_st OCSP_RESPDATA;
+
+typedef struct ocsp_basic_response_st OCSP_BASICRESP;
+
+typedef struct ocsp_crl_id_st OCSP_CRLID;
+typedef struct ocsp_service_locator_st OCSP_SERVICELOC;
+
+#  define PEM_STRING_OCSP_REQUEST "OCSP REQUEST"
+#  define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE"
+
+#  define d2i_OCSP_REQUEST_bio(bp,p) ASN1_d2i_bio_of(OCSP_REQUEST,OCSP_REQUEST_new,d2i_OCSP_REQUEST,bp,p)
+
+#  define d2i_OCSP_RESPONSE_bio(bp,p) ASN1_d2i_bio_of(OCSP_RESPONSE,OCSP_RESPONSE_new,d2i_OCSP_RESPONSE,bp,p)
+
+#  define PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \
+     (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST, \
+     bp,(char **)(x),cb,NULL)
+
+#  define PEM_read_bio_OCSP_RESPONSE(bp,x,cb)(OCSP_RESPONSE *)PEM_ASN1_read_bio(\
+     (char *(*)())d2i_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE, \
+     bp,(char **)(x),cb,NULL)
+
+#  define PEM_write_bio_OCSP_REQUEST(bp,o) \
+    PEM_ASN1_write_bio((int (*)())i2d_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,\
+                        bp,(char *)(o), NULL,NULL,0,NULL,NULL)
+
+#  define PEM_write_bio_OCSP_RESPONSE(bp,o) \
+    PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\
+                        bp,(char *)(o), NULL,NULL,0,NULL,NULL)
+
+#  define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio_of(OCSP_RESPONSE,i2d_OCSP_RESPONSE,bp,o)
+
+#  define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio_of(OCSP_REQUEST,i2d_OCSP_REQUEST,bp,o)
+
+#  define ASN1_BIT_STRING_digest(data,type,md,len) \
+        ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len)
+
+#  define OCSP_CERTSTATUS_dup(cs)\
+                (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\
+                (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs))
+
+OCSP_CERTID *OCSP_CERTID_dup(OCSP_CERTID *id);
+
+OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req);
+OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req,
+                               int maxline);
+int OCSP_REQ_CTX_nbio(OCSP_REQ_CTX *rctx);
+int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx);
+OCSP_REQ_CTX *OCSP_REQ_CTX_new(BIO *io, int maxline);
+void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx);
+void OCSP_set_max_response_length(OCSP_REQ_CTX *rctx, unsigned long len);
+int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const ASN1_ITEM *it,
+                     ASN1_VALUE *val);
+int OCSP_REQ_CTX_nbio_d2i(OCSP_REQ_CTX *rctx, ASN1_VALUE **pval,
+                          const ASN1_ITEM *it);
+BIO *OCSP_REQ_CTX_get0_mem_bio(OCSP_REQ_CTX *rctx);
+int OCSP_REQ_CTX_http(OCSP_REQ_CTX *rctx, const char *op, const char *path);
+int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req);
+int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx,
+                             const char *name, const char *value);
+
+OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject,
+                             const X509 *issuer);
+
+OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
+                              const X509_NAME *issuerName,
+                              const ASN1_BIT_STRING *issuerKey,
+                              const ASN1_INTEGER *serialNumber);
+
+OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid);
+
+int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len);
+int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len);
+int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs);
+int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req);
+
+int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm);
+int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert);
+
+int OCSP_request_sign(OCSP_REQUEST *req,
+                      X509 *signer,
+                      EVP_PKEY *key,
+                      const EVP_MD *dgst,
+                      STACK_OF(X509) *certs, unsigned long flags);
+
+int OCSP_response_status(OCSP_RESPONSE *resp);
+OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp);
+
+const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs);
+const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs);
+const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs);
+int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer,
+                          STACK_OF(X509) *extra_certs);
+
+int OCSP_resp_count(OCSP_BASICRESP *bs);
+OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx);
+const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(const OCSP_BASICRESP* bs);
+const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs);
+int OCSP_resp_get0_id(const OCSP_BASICRESP *bs,
+                      const ASN1_OCTET_STRING **pid,
+                      const X509_NAME **pname);
+int OCSP_resp_get1_id(const OCSP_BASICRESP *bs,
+                      ASN1_OCTET_STRING **pid,
+                      X509_NAME **pname);
+
+int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last);
+int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,
+                            ASN1_GENERALIZEDTIME **revtime,
+                            ASN1_GENERALIZEDTIME **thisupd,
+                            ASN1_GENERALIZEDTIME **nextupd);
+int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status,
+                          int *reason,
+                          ASN1_GENERALIZEDTIME **revtime,
+                          ASN1_GENERALIZEDTIME **thisupd,
+                          ASN1_GENERALIZEDTIME **nextupd);
+int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
+                        ASN1_GENERALIZEDTIME *nextupd, long sec, long maxsec);
+
+int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs,
+                        X509_STORE *store, unsigned long flags);
+
+int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath,
+                   int *pssl);
+
+int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
+int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
+
+int OCSP_request_onereq_count(OCSP_REQUEST *req);
+OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i);
+OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one);
+int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,
+                      ASN1_OCTET_STRING **pikeyHash,
+                      ASN1_INTEGER **pserial, OCSP_CERTID *cid);
+int OCSP_request_is_signed(OCSP_REQUEST *req);
+OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs);
+OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp,
+                                        OCSP_CERTID *cid,
+                                        int status, int reason,
+                                        ASN1_TIME *revtime,
+                                        ASN1_TIME *thisupd,
+                                        ASN1_TIME *nextupd);
+int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert);
+int OCSP_basic_sign(OCSP_BASICRESP *brsp,
+                    X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
+                    STACK_OF(X509) *certs, unsigned long flags);
+int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp,
+                        X509 *signer, EVP_MD_CTX *ctx,
+                        STACK_OF(X509) *certs, unsigned long flags);
+int OCSP_RESPID_set_by_name(OCSP_RESPID *respid, X509 *cert);
+int OCSP_RESPID_set_by_key(OCSP_RESPID *respid, X509 *cert);
+int OCSP_RESPID_match(OCSP_RESPID *respid, X509 *cert);
+
+X509_EXTENSION *OCSP_crlID_new(const char *url, long *n, char *tim);
+
+X509_EXTENSION *OCSP_accept_responses_new(char **oids);
+
+X509_EXTENSION *OCSP_archive_cutoff_new(char *tim);
+
+X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, const char **urls);
+
+int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x);
+int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos);
+int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, const ASN1_OBJECT *obj,
+                                int lastpos);
+int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos);
+X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc);
+X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc);
+void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit,
+                                int *idx);
+int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit,
+                              unsigned long flags);
+int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc);
+
+int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x);
+int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos);
+int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, const ASN1_OBJECT *obj, int lastpos);
+int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos);
+X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc);
+X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc);
+void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx);
+int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit,
+                             unsigned long flags);
+int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc);
+
+int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x);
+int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos);
+int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, const ASN1_OBJECT *obj,
+                                  int lastpos);
+int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit,
+                                       int lastpos);
+X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc);
+X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc);
+void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit,
+                                  int *idx);
+int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value,
+                                int crit, unsigned long flags);
+int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc);
+
+int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x);
+int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos);
+int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, const ASN1_OBJECT *obj,
+                                   int lastpos);
+int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit,
+                                        int lastpos);
+X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc);
+X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc);
+void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit,
+                                   int *idx);
+int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value,
+                                 int crit, unsigned long flags);
+int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc);
+const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *x);
+
+DECLARE_ASN1_FUNCTIONS(OCSP_SINGLERESP)
+DECLARE_ASN1_FUNCTIONS(OCSP_CERTSTATUS)
+DECLARE_ASN1_FUNCTIONS(OCSP_REVOKEDINFO)
+DECLARE_ASN1_FUNCTIONS(OCSP_BASICRESP)
+DECLARE_ASN1_FUNCTIONS(OCSP_RESPDATA)
+DECLARE_ASN1_FUNCTIONS(OCSP_RESPID)
+DECLARE_ASN1_FUNCTIONS(OCSP_RESPONSE)
+DECLARE_ASN1_FUNCTIONS(OCSP_RESPBYTES)
+DECLARE_ASN1_FUNCTIONS(OCSP_ONEREQ)
+DECLARE_ASN1_FUNCTIONS(OCSP_CERTID)
+DECLARE_ASN1_FUNCTIONS(OCSP_REQUEST)
+DECLARE_ASN1_FUNCTIONS(OCSP_SIGNATURE)
+DECLARE_ASN1_FUNCTIONS(OCSP_REQINFO)
+DECLARE_ASN1_FUNCTIONS(OCSP_CRLID)
+DECLARE_ASN1_FUNCTIONS(OCSP_SERVICELOC)
+
+const char *OCSP_response_status_str(long s);
+const char *OCSP_cert_status_str(long s);
+const char *OCSP_crl_reason_str(long s);
+
+int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *a, unsigned long flags);
+int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags);
+
+int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
+                      X509_STORE *st, unsigned long flags);
+
+
+#  ifdef  __cplusplus
+}
+#  endif
+# endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/ocsperr.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/ocsperr.h
new file mode 100644
index 000000000..7d93b12d4
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/ocsperr.h
@@ -0,0 +1,74 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_OCSPERR_H
+# define HEADER_OCSPERR_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_OCSP
+
+#  ifdef  __cplusplus
+extern "C"
+#  endif
+int ERR_load_OCSP_strings(void);
+
+/*
+ * OCSP function codes.
+ */
+#  define OCSP_F_D2I_OCSP_NONCE                            102
+#  define OCSP_F_OCSP_BASIC_ADD1_STATUS                    103
+#  define OCSP_F_OCSP_BASIC_SIGN                           104
+#  define OCSP_F_OCSP_BASIC_SIGN_CTX                       119
+#  define OCSP_F_OCSP_BASIC_VERIFY                         105
+#  define OCSP_F_OCSP_CERT_ID_NEW                          101
+#  define OCSP_F_OCSP_CHECK_DELEGATED                      106
+#  define OCSP_F_OCSP_CHECK_IDS                            107
+#  define OCSP_F_OCSP_CHECK_ISSUER                         108
+#  define OCSP_F_OCSP_CHECK_VALIDITY                       115
+#  define OCSP_F_OCSP_MATCH_ISSUERID                       109
+#  define OCSP_F_OCSP_PARSE_URL                            114
+#  define OCSP_F_OCSP_REQUEST_SIGN                         110
+#  define OCSP_F_OCSP_REQUEST_VERIFY                       116
+#  define OCSP_F_OCSP_RESPONSE_GET1_BASIC                  111
+#  define OCSP_F_PARSE_HTTP_LINE1                          118
+
+/*
+ * OCSP reason codes.
+ */
+#  define OCSP_R_CERTIFICATE_VERIFY_ERROR                  101
+#  define OCSP_R_DIGEST_ERR                                102
+#  define OCSP_R_ERROR_IN_NEXTUPDATE_FIELD                 122
+#  define OCSP_R_ERROR_IN_THISUPDATE_FIELD                 123
+#  define OCSP_R_ERROR_PARSING_URL                         121
+#  define OCSP_R_MISSING_OCSPSIGNING_USAGE                 103
+#  define OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE              124
+#  define OCSP_R_NOT_BASIC_RESPONSE                        104
+#  define OCSP_R_NO_CERTIFICATES_IN_CHAIN                  105
+#  define OCSP_R_NO_RESPONSE_DATA                          108
+#  define OCSP_R_NO_REVOKED_TIME                           109
+#  define OCSP_R_NO_SIGNER_KEY                             130
+#  define OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE    110
+#  define OCSP_R_REQUEST_NOT_SIGNED                        128
+#  define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA      111
+#  define OCSP_R_ROOT_CA_NOT_TRUSTED                       112
+#  define OCSP_R_SERVER_RESPONSE_ERROR                     114
+#  define OCSP_R_SERVER_RESPONSE_PARSE_ERROR               115
+#  define OCSP_R_SIGNATURE_FAILURE                         117
+#  define OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND              118
+#  define OCSP_R_STATUS_EXPIRED                            125
+#  define OCSP_R_STATUS_NOT_YET_VALID                      126
+#  define OCSP_R_STATUS_TOO_OLD                            127
+#  define OCSP_R_UNKNOWN_MESSAGE_DIGEST                    119
+#  define OCSP_R_UNKNOWN_NID                               120
+#  define OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE            129
+
+# endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/opensslconf.h.in b/trunk/3rdparty/openssl-1.1-fit/include/openssl/opensslconf.h.in
new file mode 100644
index 000000000..bc98cad51
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/opensslconf.h.in
@@ -0,0 +1,155 @@
+/*
+ * {- join("\n * ", @autowarntext) -}
+ *
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslv.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# error OPENSSL_ALGORITHM_DEFINES no longer supported
+#endif
+
+/*
+ * OpenSSL was configured with the following options:
+ */
+
+{- if (@{$config{openssl_sys_defines}}) {
+      foreach (@{$config{openssl_sys_defines}}) {
+	$OUT .= "#ifndef $_\n";
+	$OUT .= "# define $_ 1\n";
+	$OUT .= "#endif\n";
+      }
+    }
+    foreach (@{$config{openssl_api_defines}}) {
+        (my $macro, my $value) = $_ =~ /^(.*?)=(.*?)$/;
+        $OUT .= "#define $macro $value\n";
+    }
+    if (@{$config{openssl_algorithm_defines}}) {
+      foreach (@{$config{openssl_algorithm_defines}}) {
+	$OUT .= "#ifndef $_\n";
+	$OUT .= "# define $_\n";
+	$OUT .= "#endif\n";
+      }
+    }
+    if (@{$config{openssl_thread_defines}}) {
+      foreach (@{$config{openssl_thread_defines}}) {
+	$OUT .= "#ifndef $_\n";
+	$OUT .= "# define $_\n";
+	$OUT .= "#endif\n";
+      }
+    }
+    if (@{$config{openssl_other_defines}}) {
+      foreach (@{$config{openssl_other_defines}}) {
+	$OUT .= "#ifndef $_\n";
+	$OUT .= "# define $_\n";
+	$OUT .= "#endif\n";
+      }
+    }
+    "";
+-}
+
+/*
+ * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers
+ * don't like that.  This will hopefully silence them.
+ */
+#define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy;
+
+/*
+ * Applications should use -DOPENSSL_API_COMPAT=<version> to suppress the
+ * declarations of functions deprecated in or before <version>. Otherwise, they
+ * still won't see them if the library has been built to disable deprecated
+ * functions.
+ */
+#ifndef DECLARE_DEPRECATED
+# define DECLARE_DEPRECATED(f)   f;
+# ifdef __GNUC__
+#  if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
+#   undef DECLARE_DEPRECATED
+#   define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
+#  endif
+# endif
+#endif
+
+#ifndef OPENSSL_FILE
+# ifdef OPENSSL_NO_FILENAMES
+#  define OPENSSL_FILE ""
+#  define OPENSSL_LINE 0
+# else
+#  define OPENSSL_FILE __FILE__
+#  define OPENSSL_LINE __LINE__
+# endif
+#endif
+
+#ifndef OPENSSL_MIN_API
+# define OPENSSL_MIN_API 0
+#endif
+
+#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API
+# undef OPENSSL_API_COMPAT
+# define OPENSSL_API_COMPAT OPENSSL_MIN_API
+#endif
+
+/*
+ * Do not deprecate things to be deprecated in version 1.2.0 before the
+ * OpenSSL version number matches.
+ */
+#if OPENSSL_VERSION_NUMBER < 0x10200000L
+# define DEPRECATEDIN_1_2_0(f)   f;
+#elif OPENSSL_API_COMPAT < 0x10200000L
+# define DEPRECATEDIN_1_2_0(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_2_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define DEPRECATEDIN_1_1_0(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_1_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x10000000L
+# define DEPRECATEDIN_1_0_0(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_0_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x00908000L
+# define DEPRECATEDIN_0_9_8(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_0_9_8(f)
+#endif
+
+/* Generate 80386 code? */
+{- $config{processor} eq "386" ? "#define" : "#undef" -} I386_ONLY
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD {- $target{unistd} -}
+
+{- $config{export_var_as_fn} ? "#define" : "#undef" -} OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+/*
+ * The following are cipher-specific, but are part of the public API.
+ */
+#if !defined(OPENSSL_SYS_UEFI)
+{- $config{bn_ll} ? "# define" : "# undef" -} BN_LLONG
+/* Only one for the following should be defined */
+{- $config{b64l} ? "# define" : "# undef" -} SIXTY_FOUR_BIT_LONG
+{- $config{b64}  ? "# define" : "# undef" -} SIXTY_FOUR_BIT
+{- $config{b32}  ? "# define" : "# undef" -} THIRTY_TWO_BIT
+#endif
+
+#define RC4_INT {- $config{rc4_int} -}
+
+#ifdef  __cplusplus
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/opensslv.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/opensslv.h
new file mode 100644
index 000000000..a4aa45bd2
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/opensslv.h
@@ -0,0 +1,101 @@
+/*
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_OPENSSLV_H
+# define HEADER_OPENSSLV_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/*-
+ * Numeric release version identifier:
+ * MNNFFPPS: major minor fix patch status
+ * The status nibble has one of the values 0 for development, 1 to e for betas
+ * 1 to 14, and f for release.  The patch level is exactly that.
+ * For example:
+ * 0.9.3-dev      0x00903000
+ * 0.9.3-beta1    0x00903001
+ * 0.9.3-beta2-dev 0x00903002
+ * 0.9.3-beta2    0x00903002 (same as ...beta2-dev)
+ * 0.9.3          0x0090300f
+ * 0.9.3a         0x0090301f
+ * 0.9.4          0x0090400f
+ * 1.2.3z         0x102031af
+ *
+ * For continuity reasons (because 0.9.5 is already out, and is coded
+ * 0x00905100), between 0.9.5 and 0.9.6 the coding of the patch level
+ * part is slightly different, by setting the highest bit.  This means
+ * that 0.9.5a looks like this: 0x0090581f.  At 0.9.6, we can start
+ * with 0x0090600S...
+ *
+ * (Prior to 0.9.3-dev a different scheme was used: 0.9.2b is 0x0922.)
+ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
+ *  major minor fix final patch/beta)
+ */
+# define OPENSSL_VERSION_NUMBER  0x1010102fL
+# define OPENSSL_VERSION_TEXT    "OpenSSL 1.1.1b  26 Feb 2019"
+
+/*-
+ * The macros below are to be used for shared library (.so, .dll, ...)
+ * versioning.  That kind of versioning works a bit differently between
+ * operating systems.  The most usual scheme is to set a major and a minor
+ * number, and have the runtime loader check that the major number is equal
+ * to what it was at application link time, while the minor number has to
+ * be greater or equal to what it was at application link time.  With this
+ * scheme, the version number is usually part of the file name, like this:
+ *
+ *      libcrypto.so.0.9
+ *
+ * Some unixen also make a softlink with the major version number only:
+ *
+ *      libcrypto.so.0
+ *
+ * On Tru64 and IRIX 6.x it works a little bit differently.  There, the
+ * shared library version is stored in the file, and is actually a series
+ * of versions, separated by colons.  The rightmost version present in the
+ * library when linking an application is stored in the application to be
+ * matched at run time.  When the application is run, a check is done to
+ * see if the library version stored in the application matches any of the
+ * versions in the version string of the library itself.
+ * This version string can be constructed in any way, depending on what
+ * kind of matching is desired.  However, to implement the same scheme as
+ * the one used in the other unixen, all compatible versions, from lowest
+ * to highest, should be part of the string.  Consecutive builds would
+ * give the following versions strings:
+ *
+ *      3.0
+ *      3.0:3.1
+ *      3.0:3.1:3.2
+ *      4.0
+ *      4.0:4.1
+ *
+ * Notice how version 4 is completely incompatible with version, and
+ * therefore give the breach you can see.
+ *
+ * There may be other schemes as well that I haven't yet discovered.
+ *
+ * So, here's the way it works here: first of all, the library version
+ * number doesn't need at all to match the overall OpenSSL version.
+ * However, it's nice and more understandable if it actually does.
+ * The current library version is stored in the macro SHLIB_VERSION_NUMBER,
+ * which is just a piece of text in the format "M.m.e" (Major, minor, edit).
+ * For the sake of Tru64, IRIX, and any other OS that behaves in similar ways,
+ * we need to keep a history of version numbers, which is done in the
+ * macro SHLIB_VERSION_HISTORY.  The numbers are separated by colons and
+ * should only keep the versions that are binary compatible with the current.
+ */
+# define SHLIB_VERSION_HISTORY ""
+# define SHLIB_VERSION_NUMBER "1.1"
+
+
+#ifdef  __cplusplus
+}
+#endif
+#endif                          /* HEADER_OPENSSLV_H */
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/ossl_typ.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/ossl_typ.h
new file mode 100644
index 000000000..7993ca28f
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/ossl_typ.h
@@ -0,0 +1,196 @@
+/*
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_OPENSSL_TYPES_H
+# define HEADER_OPENSSL_TYPES_H
+
+#include <limits.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# include <openssl/e_os2.h>
+
+# ifdef NO_ASN1_TYPEDEFS
+#  define ASN1_INTEGER            ASN1_STRING
+#  define ASN1_ENUMERATED         ASN1_STRING
+#  define ASN1_BIT_STRING         ASN1_STRING
+#  define ASN1_OCTET_STRING       ASN1_STRING
+#  define ASN1_PRINTABLESTRING    ASN1_STRING
+#  define ASN1_T61STRING          ASN1_STRING
+#  define ASN1_IA5STRING          ASN1_STRING
+#  define ASN1_UTCTIME            ASN1_STRING
+#  define ASN1_GENERALIZEDTIME    ASN1_STRING
+#  define ASN1_TIME               ASN1_STRING
+#  define ASN1_GENERALSTRING      ASN1_STRING
+#  define ASN1_UNIVERSALSTRING    ASN1_STRING
+#  define ASN1_BMPSTRING          ASN1_STRING
+#  define ASN1_VISIBLESTRING      ASN1_STRING
+#  define ASN1_UTF8STRING         ASN1_STRING
+#  define ASN1_BOOLEAN            int
+#  define ASN1_NULL               int
+# else
+typedef struct asn1_string_st ASN1_INTEGER;
+typedef struct asn1_string_st ASN1_ENUMERATED;
+typedef struct asn1_string_st ASN1_BIT_STRING;
+typedef struct asn1_string_st ASN1_OCTET_STRING;
+typedef struct asn1_string_st ASN1_PRINTABLESTRING;
+typedef struct asn1_string_st ASN1_T61STRING;
+typedef struct asn1_string_st ASN1_IA5STRING;
+typedef struct asn1_string_st ASN1_GENERALSTRING;
+typedef struct asn1_string_st ASN1_UNIVERSALSTRING;
+typedef struct asn1_string_st ASN1_BMPSTRING;
+typedef struct asn1_string_st ASN1_UTCTIME;
+typedef struct asn1_string_st ASN1_TIME;
+typedef struct asn1_string_st ASN1_GENERALIZEDTIME;
+typedef struct asn1_string_st ASN1_VISIBLESTRING;
+typedef struct asn1_string_st ASN1_UTF8STRING;
+typedef struct asn1_string_st ASN1_STRING;
+typedef int ASN1_BOOLEAN;
+typedef int ASN1_NULL;
+# endif
+
+typedef struct asn1_object_st ASN1_OBJECT;
+
+typedef struct ASN1_ITEM_st ASN1_ITEM;
+typedef struct asn1_pctx_st ASN1_PCTX;
+typedef struct asn1_sctx_st ASN1_SCTX;
+
+# ifdef _WIN32
+#  undef X509_NAME
+#  undef X509_EXTENSIONS
+#  undef PKCS7_ISSUER_AND_SERIAL
+#  undef PKCS7_SIGNER_INFO
+#  undef OCSP_REQUEST
+#  undef OCSP_RESPONSE
+# endif
+
+# ifdef BIGNUM
+#  undef BIGNUM
+# endif
+struct dane_st;
+typedef struct bio_st BIO;
+typedef struct bignum_st BIGNUM;
+typedef struct bignum_ctx BN_CTX;
+typedef struct bn_blinding_st BN_BLINDING;
+typedef struct bn_mont_ctx_st BN_MONT_CTX;
+typedef struct bn_recp_ctx_st BN_RECP_CTX;
+typedef struct bn_gencb_st BN_GENCB;
+
+typedef struct buf_mem_st BUF_MEM;
+
+typedef struct evp_cipher_st EVP_CIPHER;
+typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX;
+typedef struct evp_md_st EVP_MD;
+typedef struct evp_md_ctx_st EVP_MD_CTX;
+typedef struct evp_pkey_st EVP_PKEY;
+
+typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD;
+
+typedef struct evp_pkey_method_st EVP_PKEY_METHOD;
+typedef struct evp_pkey_ctx_st EVP_PKEY_CTX;
+
+typedef struct evp_Encode_Ctx_st EVP_ENCODE_CTX;
+
+typedef struct hmac_ctx_st HMAC_CTX;
+
+typedef struct dh_st DH;
+typedef struct dh_method DH_METHOD;
+
+typedef struct dsa_st DSA;
+typedef struct dsa_method DSA_METHOD;
+
+typedef struct rsa_st RSA;
+typedef struct rsa_meth_st RSA_METHOD;
+
+typedef struct ec_key_st EC_KEY;
+typedef struct ec_key_method_st EC_KEY_METHOD;
+
+typedef struct rand_meth_st RAND_METHOD;
+typedef struct rand_drbg_st RAND_DRBG;
+
+typedef struct ssl_dane_st SSL_DANE;
+typedef struct x509_st X509;
+typedef struct X509_algor_st X509_ALGOR;
+typedef struct X509_crl_st X509_CRL;
+typedef struct x509_crl_method_st X509_CRL_METHOD;
+typedef struct x509_revoked_st X509_REVOKED;
+typedef struct X509_name_st X509_NAME;
+typedef struct X509_pubkey_st X509_PUBKEY;
+typedef struct x509_store_st X509_STORE;
+typedef struct x509_store_ctx_st X509_STORE_CTX;
+
+typedef struct x509_object_st X509_OBJECT;
+typedef struct x509_lookup_st X509_LOOKUP;
+typedef struct x509_lookup_method_st X509_LOOKUP_METHOD;
+typedef struct X509_VERIFY_PARAM_st X509_VERIFY_PARAM;
+
+typedef struct x509_sig_info_st X509_SIG_INFO;
+
+typedef struct pkcs8_priv_key_info_st PKCS8_PRIV_KEY_INFO;
+
+typedef struct v3_ext_ctx X509V3_CTX;
+typedef struct conf_st CONF;
+typedef struct ossl_init_settings_st OPENSSL_INIT_SETTINGS;
+
+typedef struct ui_st UI;
+typedef struct ui_method_st UI_METHOD;
+
+typedef struct engine_st ENGINE;
+typedef struct ssl_st SSL;
+typedef struct ssl_ctx_st SSL_CTX;
+
+typedef struct comp_ctx_st COMP_CTX;
+typedef struct comp_method_st COMP_METHOD;
+
+typedef struct X509_POLICY_NODE_st X509_POLICY_NODE;
+typedef struct X509_POLICY_LEVEL_st X509_POLICY_LEVEL;
+typedef struct X509_POLICY_TREE_st X509_POLICY_TREE;
+typedef struct X509_POLICY_CACHE_st X509_POLICY_CACHE;
+
+typedef struct AUTHORITY_KEYID_st AUTHORITY_KEYID;
+typedef struct DIST_POINT_st DIST_POINT;
+typedef struct ISSUING_DIST_POINT_st ISSUING_DIST_POINT;
+typedef struct NAME_CONSTRAINTS_st NAME_CONSTRAINTS;
+
+typedef struct crypto_ex_data_st CRYPTO_EX_DATA;
+
+typedef struct ocsp_req_ctx_st OCSP_REQ_CTX;
+typedef struct ocsp_response_st OCSP_RESPONSE;
+typedef struct ocsp_responder_id_st OCSP_RESPID;
+
+typedef struct sct_st SCT;
+typedef struct sct_ctx_st SCT_CTX;
+typedef struct ctlog_st CTLOG;
+typedef struct ctlog_store_st CTLOG_STORE;
+typedef struct ct_policy_eval_ctx_st CT_POLICY_EVAL_CTX;
+
+typedef struct ossl_store_info_st OSSL_STORE_INFO;
+typedef struct ossl_store_search_st OSSL_STORE_SEARCH;
+
+#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \
+    defined(INTMAX_MAX) && defined(UINTMAX_MAX)
+typedef intmax_t ossl_intmax_t;
+typedef uintmax_t ossl_uintmax_t;
+#else
+/*
+ * Not long long, because the C-library can only be expected to provide
+ * strtoll(), strtoull() at the same time as intmax_t and strtoimax(),
+ * strtoumax().  Since we use these for parsing arguments, we need the
+ * conversion functions, not just the sizes.
+ */
+typedef long ossl_intmax_t;
+typedef unsigned long ossl_uintmax_t;
+#endif
+
+#ifdef  __cplusplus
+}
+#endif
+#endif                          /* def HEADER_OPENSSL_TYPES_H */
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/pem.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/pem.h
new file mode 100644
index 000000000..2ef5b5d04
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/pem.h
@@ -0,0 +1,378 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_PEM_H
+# define HEADER_PEM_H
+
+# include <openssl/e_os2.h>
+# include <openssl/bio.h>
+# include <openssl/safestack.h>
+# include <openssl/evp.h>
+# include <openssl/x509.h>
+# include <openssl/pemerr.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# define PEM_BUFSIZE             1024
+
+# define PEM_STRING_X509_OLD     "X509 CERTIFICATE"
+# define PEM_STRING_X509         "CERTIFICATE"
+# define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE"
+# define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST"
+# define PEM_STRING_X509_REQ     "CERTIFICATE REQUEST"
+# define PEM_STRING_X509_CRL     "X509 CRL"
+# define PEM_STRING_EVP_PKEY     "ANY PRIVATE KEY"
+# define PEM_STRING_PUBLIC       "PUBLIC KEY"
+# define PEM_STRING_RSA          "RSA PRIVATE KEY"
+# define PEM_STRING_RSA_PUBLIC   "RSA PUBLIC KEY"
+# define PEM_STRING_DSA          "DSA PRIVATE KEY"
+# define PEM_STRING_DSA_PUBLIC   "DSA PUBLIC KEY"
+# define PEM_STRING_PKCS7        "PKCS7"
+# define PEM_STRING_PKCS7_SIGNED "PKCS #7 SIGNED DATA"
+# define PEM_STRING_PKCS8        "ENCRYPTED PRIVATE KEY"
+# define PEM_STRING_PKCS8INF     "PRIVATE KEY"
+# define PEM_STRING_DHPARAMS     "DH PARAMETERS"
+# define PEM_STRING_DHXPARAMS    "X9.42 DH PARAMETERS"
+# define PEM_STRING_SSL_SESSION  "SSL SESSION PARAMETERS"
+# define PEM_STRING_DSAPARAMS    "DSA PARAMETERS"
+# define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY"
+# define PEM_STRING_ECPARAMETERS "EC PARAMETERS"
+# define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
+# define PEM_STRING_PARAMETERS   "PARAMETERS"
+# define PEM_STRING_CMS          "CMS"
+
+# define PEM_TYPE_ENCRYPTED      10
+# define PEM_TYPE_MIC_ONLY       20
+# define PEM_TYPE_MIC_CLEAR      30
+# define PEM_TYPE_CLEAR          40
+
+/*
+ * These macros make the PEM_read/PEM_write functions easier to maintain and
+ * write. Now they are all implemented with either: IMPLEMENT_PEM_rw(...) or
+ * IMPLEMENT_PEM_rw_cb(...)
+ */
+
+# ifdef OPENSSL_NO_STDIO
+
+#  define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/
+#  define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/
+#  define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) /**/
+#  define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) /**/
+#  define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) /**/
+# else
+
+#  define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \
+type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\
+{ \
+return PEM_ASN1_read((d2i_of_void *)d2i_##asn1, str,fp,(void **)x,cb,u); \
+}
+
+#  define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \
+int PEM_write_##name(FILE *fp, type *x) \
+{ \
+return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,NULL,NULL,0,NULL,NULL); \
+}
+
+#  define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \
+int PEM_write_##name(FILE *fp, const type *x) \
+{ \
+return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,(void *)x,NULL,NULL,0,NULL,NULL); \
+}
+
+#  define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \
+int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
+             unsigned char *kstr, int klen, pem_password_cb *cb, \
+                  void *u) \
+        { \
+        return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \
+        }
+
+#  define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \
+int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
+             unsigned char *kstr, int klen, pem_password_cb *cb, \
+                  void *u) \
+        { \
+        return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \
+        }
+
+# endif
+
+# define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
+type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\
+{ \
+return PEM_ASN1_read_bio((d2i_of_void *)d2i_##asn1, str,bp,(void **)x,cb,u); \
+}
+
+# define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
+int PEM_write_bio_##name(BIO *bp, type *x) \
+{ \
+return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,NULL,NULL,0,NULL,NULL); \
+}
+
+# define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \
+int PEM_write_bio_##name(BIO *bp, const type *x) \
+{ \
+return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,NULL,NULL,0,NULL,NULL); \
+}
+
+# define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
+int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
+             unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \
+        { \
+        return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,enc,kstr,klen,cb,u); \
+        }
+
+# define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \
+int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
+             unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \
+        { \
+        return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,enc,kstr,klen,cb,u); \
+        }
+
+# define IMPLEMENT_PEM_write(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_fp(name, type, str, asn1)
+
+# define IMPLEMENT_PEM_write_const(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_fp_const(name, type, str, asn1)
+
+# define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1)
+
+# define IMPLEMENT_PEM_write_cb_const(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1)
+
+# define IMPLEMENT_PEM_read(name, type, str, asn1) \
+        IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
+        IMPLEMENT_PEM_read_fp(name, type, str, asn1)
+
+# define IMPLEMENT_PEM_rw(name, type, str, asn1) \
+        IMPLEMENT_PEM_read(name, type, str, asn1) \
+        IMPLEMENT_PEM_write(name, type, str, asn1)
+
+# define IMPLEMENT_PEM_rw_const(name, type, str, asn1) \
+        IMPLEMENT_PEM_read(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_const(name, type, str, asn1)
+
+# define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \
+        IMPLEMENT_PEM_read(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_cb(name, type, str, asn1)
+
+/* These are the same except they are for the declarations */
+
+# if defined(OPENSSL_NO_STDIO)
+
+#  define DECLARE_PEM_read_fp(name, type) /**/
+#  define DECLARE_PEM_write_fp(name, type) /**/
+#  define DECLARE_PEM_write_fp_const(name, type) /**/
+#  define DECLARE_PEM_write_cb_fp(name, type) /**/
+# else
+
+#  define DECLARE_PEM_read_fp(name, type) \
+        type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u);
+
+#  define DECLARE_PEM_write_fp(name, type) \
+        int PEM_write_##name(FILE *fp, type *x);
+
+#  define DECLARE_PEM_write_fp_const(name, type) \
+        int PEM_write_##name(FILE *fp, const type *x);
+
+#  define DECLARE_PEM_write_cb_fp(name, type) \
+        int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
+             unsigned char *kstr, int klen, pem_password_cb *cb, void *u);
+
+# endif
+
+#  define DECLARE_PEM_read_bio(name, type) \
+        type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u);
+
+#  define DECLARE_PEM_write_bio(name, type) \
+        int PEM_write_bio_##name(BIO *bp, type *x);
+
+#  define DECLARE_PEM_write_bio_const(name, type) \
+        int PEM_write_bio_##name(BIO *bp, const type *x);
+
+#  define DECLARE_PEM_write_cb_bio(name, type) \
+        int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
+             unsigned char *kstr, int klen, pem_password_cb *cb, void *u);
+
+# define DECLARE_PEM_write(name, type) \
+        DECLARE_PEM_write_bio(name, type) \
+        DECLARE_PEM_write_fp(name, type)
+# define DECLARE_PEM_write_const(name, type) \
+        DECLARE_PEM_write_bio_const(name, type) \
+        DECLARE_PEM_write_fp_const(name, type)
+# define DECLARE_PEM_write_cb(name, type) \
+        DECLARE_PEM_write_cb_bio(name, type) \
+        DECLARE_PEM_write_cb_fp(name, type)
+# define DECLARE_PEM_read(name, type) \
+        DECLARE_PEM_read_bio(name, type) \
+        DECLARE_PEM_read_fp(name, type)
+# define DECLARE_PEM_rw(name, type) \
+        DECLARE_PEM_read(name, type) \
+        DECLARE_PEM_write(name, type)
+# define DECLARE_PEM_rw_const(name, type) \
+        DECLARE_PEM_read(name, type) \
+        DECLARE_PEM_write_const(name, type)
+# define DECLARE_PEM_rw_cb(name, type) \
+        DECLARE_PEM_read(name, type) \
+        DECLARE_PEM_write_cb(name, type)
+typedef int pem_password_cb (char *buf, int size, int rwflag, void *userdata);
+
+int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher);
+int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *len,
+                  pem_password_cb *callback, void *u);
+
+int PEM_read_bio(BIO *bp, char **name, char **header,
+                 unsigned char **data, long *len);
+#   define PEM_FLAG_SECURE             0x1
+#   define PEM_FLAG_EAY_COMPATIBLE     0x2
+#   define PEM_FLAG_ONLY_B64           0x4
+int PEM_read_bio_ex(BIO *bp, char **name, char **header,
+                    unsigned char **data, long *len, unsigned int flags);
+int PEM_bytes_read_bio_secmem(unsigned char **pdata, long *plen, char **pnm,
+                              const char *name, BIO *bp, pem_password_cb *cb,
+                              void *u);
+int PEM_write_bio(BIO *bp, const char *name, const char *hdr,
+                  const unsigned char *data, long len);
+int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm,
+                       const char *name, BIO *bp, pem_password_cb *cb,
+                       void *u);
+void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x,
+                        pem_password_cb *cb, void *u);
+int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x,
+                       const EVP_CIPHER *enc, unsigned char *kstr, int klen,
+                       pem_password_cb *cb, void *u);
+
+STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk,
+                                            pem_password_cb *cb, void *u);
+int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
+                            unsigned char *kstr, int klen,
+                            pem_password_cb *cd, void *u);
+
+#ifndef OPENSSL_NO_STDIO
+int PEM_read(FILE *fp, char **name, char **header,
+             unsigned char **data, long *len);
+int PEM_write(FILE *fp, const char *name, const char *hdr,
+              const unsigned char *data, long len);
+void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,
+                    pem_password_cb *cb, void *u);
+int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
+                   void *x, const EVP_CIPHER *enc, unsigned char *kstr,
+                   int klen, pem_password_cb *callback, void *u);
+STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
+                                        pem_password_cb *cb, void *u);
+#endif
+
+int PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type);
+int PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *d, unsigned int cnt);
+int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
+                  unsigned int *siglen, EVP_PKEY *pkey);
+
+/* The default pem_password_cb that's used internally */
+int PEM_def_callback(char *buf, int num, int rwflag, void *userdata);
+void PEM_proc_type(char *buf, int type);
+void PEM_dek_info(char *buf, const char *type, int len, char *str);
+
+# include <openssl/symhacks.h>
+
+DECLARE_PEM_rw(X509, X509)
+DECLARE_PEM_rw(X509_AUX, X509)
+DECLARE_PEM_rw(X509_REQ, X509_REQ)
+DECLARE_PEM_write(X509_REQ_NEW, X509_REQ)
+DECLARE_PEM_rw(X509_CRL, X509_CRL)
+DECLARE_PEM_rw(PKCS7, PKCS7)
+DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE)
+DECLARE_PEM_rw(PKCS8, X509_SIG)
+DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
+# ifndef OPENSSL_NO_RSA
+DECLARE_PEM_rw_cb(RSAPrivateKey, RSA)
+DECLARE_PEM_rw_const(RSAPublicKey, RSA)
+DECLARE_PEM_rw(RSA_PUBKEY, RSA)
+# endif
+# ifndef OPENSSL_NO_DSA
+DECLARE_PEM_rw_cb(DSAPrivateKey, DSA)
+DECLARE_PEM_rw(DSA_PUBKEY, DSA)
+DECLARE_PEM_rw_const(DSAparams, DSA)
+# endif
+# ifndef OPENSSL_NO_EC
+DECLARE_PEM_rw_const(ECPKParameters, EC_GROUP)
+DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY)
+DECLARE_PEM_rw(EC_PUBKEY, EC_KEY)
+# endif
+# ifndef OPENSSL_NO_DH
+DECLARE_PEM_rw_const(DHparams, DH)
+DECLARE_PEM_write_const(DHxparams, DH)
+# endif
+DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY)
+DECLARE_PEM_rw(PUBKEY, EVP_PKEY)
+
+int PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x,
+                                         const EVP_CIPHER *enc,
+                                         unsigned char *kstr, int klen,
+                                         pem_password_cb *cb, void *u);
+
+int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
+                                      char *kstr, int klen,
+                                      pem_password_cb *cb, void *u);
+int PEM_write_bio_PKCS8PrivateKey(BIO *, EVP_PKEY *, const EVP_CIPHER *,
+                                  char *, int, pem_password_cb *, void *);
+int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                            char *kstr, int klen,
+                            pem_password_cb *cb, void *u);
+int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
+                                char *kstr, int klen,
+                                pem_password_cb *cb, void *u);
+EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
+                                  void *u);
+
+# ifndef OPENSSL_NO_STDIO
+int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                           char *kstr, int klen,
+                           pem_password_cb *cb, void *u);
+int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid,
+                               char *kstr, int klen,
+                               pem_password_cb *cb, void *u);
+int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid,
+                                  char *kstr, int klen,
+                                  pem_password_cb *cb, void *u);
+
+EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb,
+                                 void *u);
+
+int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                              char *kstr, int klen, pem_password_cb *cd,
+                              void *u);
+# endif
+EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x);
+int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x);
+
+# ifndef OPENSSL_NO_DSA
+EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length);
+EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length);
+EVP_PKEY *b2i_PrivateKey_bio(BIO *in);
+EVP_PKEY *b2i_PublicKey_bio(BIO *in);
+int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk);
+int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk);
+#  ifndef OPENSSL_NO_RC4
+EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u);
+int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel,
+                pem_password_cb *cb, void *u);
+#  endif
+# endif
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/pem2.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/pem2.h
new file mode 100644
index 000000000..038fe790a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/pem2.h
@@ -0,0 +1,13 @@
+/*
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_PEM2_H
+# define HEADER_PEM2_H
+# include <openssl/pemerr.h>
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/pemerr.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/pemerr.h
new file mode 100644
index 000000000..cd61b823d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/pemerr.h
@@ -0,0 +1,99 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_PEMERR_H
+# define HEADER_PEMERR_H
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_PEM_strings(void);
+
+/*
+ * PEM function codes.
+ */
+# define PEM_F_B2I_DSS                                    127
+# define PEM_F_B2I_PVK_BIO                                128
+# define PEM_F_B2I_RSA                                    129
+# define PEM_F_CHECK_BITLEN_DSA                           130
+# define PEM_F_CHECK_BITLEN_RSA                           131
+# define PEM_F_D2I_PKCS8PRIVATEKEY_BIO                    120
+# define PEM_F_D2I_PKCS8PRIVATEKEY_FP                     121
+# define PEM_F_DO_B2I                                     132
+# define PEM_F_DO_B2I_BIO                                 133
+# define PEM_F_DO_BLOB_HEADER                             134
+# define PEM_F_DO_I2B                                     146
+# define PEM_F_DO_PK8PKEY                                 126
+# define PEM_F_DO_PK8PKEY_FP                              125
+# define PEM_F_DO_PVK_BODY                                135
+# define PEM_F_DO_PVK_HEADER                              136
+# define PEM_F_GET_HEADER_AND_DATA                        143
+# define PEM_F_GET_NAME                                   144
+# define PEM_F_I2B_PVK                                    137
+# define PEM_F_I2B_PVK_BIO                                138
+# define PEM_F_LOAD_IV                                    101
+# define PEM_F_PEM_ASN1_READ                              102
+# define PEM_F_PEM_ASN1_READ_BIO                          103
+# define PEM_F_PEM_ASN1_WRITE                             104
+# define PEM_F_PEM_ASN1_WRITE_BIO                         105
+# define PEM_F_PEM_DEF_CALLBACK                           100
+# define PEM_F_PEM_DO_HEADER                              106
+# define PEM_F_PEM_GET_EVP_CIPHER_INFO                    107
+# define PEM_F_PEM_READ                                   108
+# define PEM_F_PEM_READ_BIO                               109
+# define PEM_F_PEM_READ_BIO_DHPARAMS                      141
+# define PEM_F_PEM_READ_BIO_EX                            145
+# define PEM_F_PEM_READ_BIO_PARAMETERS                    140
+# define PEM_F_PEM_READ_BIO_PRIVATEKEY                    123
+# define PEM_F_PEM_READ_DHPARAMS                          142
+# define PEM_F_PEM_READ_PRIVATEKEY                        124
+# define PEM_F_PEM_SIGNFINAL                              112
+# define PEM_F_PEM_WRITE                                  113
+# define PEM_F_PEM_WRITE_BIO                              114
+# define PEM_F_PEM_WRITE_PRIVATEKEY                       139
+# define PEM_F_PEM_X509_INFO_READ                         115
+# define PEM_F_PEM_X509_INFO_READ_BIO                     116
+# define PEM_F_PEM_X509_INFO_WRITE_BIO                    117
+
+/*
+ * PEM reason codes.
+ */
+# define PEM_R_BAD_BASE64_DECODE                          100
+# define PEM_R_BAD_DECRYPT                                101
+# define PEM_R_BAD_END_LINE                               102
+# define PEM_R_BAD_IV_CHARS                               103
+# define PEM_R_BAD_MAGIC_NUMBER                           116
+# define PEM_R_BAD_PASSWORD_READ                          104
+# define PEM_R_BAD_VERSION_NUMBER                         117
+# define PEM_R_BIO_WRITE_FAILURE                          118
+# define PEM_R_CIPHER_IS_NULL                             127
+# define PEM_R_ERROR_CONVERTING_PRIVATE_KEY               115
+# define PEM_R_EXPECTING_PRIVATE_KEY_BLOB                 119
+# define PEM_R_EXPECTING_PUBLIC_KEY_BLOB                  120
+# define PEM_R_HEADER_TOO_LONG                            128
+# define PEM_R_INCONSISTENT_HEADER                        121
+# define PEM_R_KEYBLOB_HEADER_PARSE_ERROR                 122
+# define PEM_R_KEYBLOB_TOO_SHORT                          123
+# define PEM_R_MISSING_DEK_IV                             129
+# define PEM_R_NOT_DEK_INFO                               105
+# define PEM_R_NOT_ENCRYPTED                              106
+# define PEM_R_NOT_PROC_TYPE                              107
+# define PEM_R_NO_START_LINE                              108
+# define PEM_R_PROBLEMS_GETTING_PASSWORD                  109
+# define PEM_R_PVK_DATA_TOO_SHORT                         124
+# define PEM_R_PVK_TOO_SHORT                              125
+# define PEM_R_READ_KEY                                   111
+# define PEM_R_SHORT_HEADER                               112
+# define PEM_R_UNEXPECTED_DEK_IV                          130
+# define PEM_R_UNSUPPORTED_CIPHER                         113
+# define PEM_R_UNSUPPORTED_ENCRYPTION                     114
+# define PEM_R_UNSUPPORTED_KEY_COMPONENTS                 126
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/pkcs12.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/pkcs12.h
new file mode 100644
index 000000000..3f43dad6d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/pkcs12.h
@@ -0,0 +1,223 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_PKCS12_H
+# define HEADER_PKCS12_H
+
+# include <openssl/bio.h>
+# include <openssl/x509.h>
+# include <openssl/pkcs12err.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# define PKCS12_KEY_ID   1
+# define PKCS12_IV_ID    2
+# define PKCS12_MAC_ID   3
+
+/* Default iteration count */
+# ifndef PKCS12_DEFAULT_ITER
+#  define PKCS12_DEFAULT_ITER     PKCS5_DEFAULT_ITER
+# endif
+
+# define PKCS12_MAC_KEY_LENGTH 20
+
+# define PKCS12_SALT_LEN 8
+
+/* It's not clear if these are actually needed... */
+# define PKCS12_key_gen PKCS12_key_gen_utf8
+# define PKCS12_add_friendlyname PKCS12_add_friendlyname_utf8
+
+/* MS key usage constants */
+
+# define KEY_EX  0x10
+# define KEY_SIG 0x80
+
+typedef struct PKCS12_MAC_DATA_st PKCS12_MAC_DATA;
+
+typedef struct PKCS12_st PKCS12;
+
+typedef struct PKCS12_SAFEBAG_st PKCS12_SAFEBAG;
+
+DEFINE_STACK_OF(PKCS12_SAFEBAG)
+
+typedef struct pkcs12_bag_st PKCS12_BAGS;
+
+# define PKCS12_ERROR    0
+# define PKCS12_OK       1
+
+/* Compatibility macros */
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+
+# define M_PKCS12_bag_type PKCS12_bag_type
+# define M_PKCS12_cert_bag_type PKCS12_cert_bag_type
+# define M_PKCS12_crl_bag_type PKCS12_cert_bag_type
+
+# define PKCS12_certbag2x509 PKCS12_SAFEBAG_get1_cert
+# define PKCS12_certbag2scrl PKCS12_SAFEBAG_get1_crl
+# define PKCS12_bag_type PKCS12_SAFEBAG_get_nid
+# define PKCS12_cert_bag_type PKCS12_SAFEBAG_get_bag_nid
+# define PKCS12_x5092certbag PKCS12_SAFEBAG_create_cert
+# define PKCS12_x509crl2certbag PKCS12_SAFEBAG_create_crl
+# define PKCS12_MAKE_KEYBAG PKCS12_SAFEBAG_create0_p8inf
+# define PKCS12_MAKE_SHKEYBAG PKCS12_SAFEBAG_create_pkcs8_encrypt
+
+#endif
+
+DEPRECATEDIN_1_1_0(ASN1_TYPE *PKCS12_get_attr(const PKCS12_SAFEBAG *bag, int attr_nid))
+
+ASN1_TYPE *PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid);
+int PKCS12_mac_present(const PKCS12 *p12);
+void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac,
+                     const X509_ALGOR **pmacalg,
+                     const ASN1_OCTET_STRING **psalt,
+                     const ASN1_INTEGER **piter,
+                     const PKCS12 *p12);
+
+const ASN1_TYPE *PKCS12_SAFEBAG_get0_attr(const PKCS12_SAFEBAG *bag,
+                                          int attr_nid);
+const ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG *bag);
+int PKCS12_SAFEBAG_get_nid(const PKCS12_SAFEBAG *bag);
+int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag);
+
+X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag);
+X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag);
+const STACK_OF(PKCS12_SAFEBAG) *
+PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag);
+const PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(const PKCS12_SAFEBAG *bag);
+const X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(const PKCS12_SAFEBAG *bag);
+
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_cert(X509 *x509);
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl);
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8);
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8);
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid,
+                                                    const char *pass,
+                                                    int passlen,
+                                                    unsigned char *salt,
+                                                    int saltlen, int iter,
+                                                    PKCS8_PRIV_KEY_INFO *p8inf);
+
+PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it,
+                                         int nid1, int nid2);
+PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(const X509_SIG *p8, const char *pass,
+                                   int passlen);
+PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag,
+                                         const char *pass, int passlen);
+X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
+                        const char *pass, int passlen, unsigned char *salt,
+                        int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8);
+X509_SIG *PKCS8_set0_pbe(const char *pass, int passlen,
+                        PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe);
+PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk);
+STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7);
+PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
+                             unsigned char *salt, int saltlen, int iter,
+                             STACK_OF(PKCS12_SAFEBAG) *bags);
+STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass,
+                                                  int passlen);
+
+int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes);
+STACK_OF(PKCS7) *PKCS12_unpack_authsafes(const PKCS12 *p12);
+
+int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name,
+                          int namelen);
+int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,
+                                int namelen);
+int PKCS12_add_friendlyname_utf8(PKCS12_SAFEBAG *bag, const char *name,
+                                 int namelen);
+int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name,
+                           int namelen);
+int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag,
+                                const unsigned char *name, int namelen);
+int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage);
+ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs,
+                               int attr_nid);
+char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
+const STACK_OF(X509_ATTRIBUTE) *
+PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag);
+unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
+                                const char *pass, int passlen,
+                                const unsigned char *in, int inlen,
+                                unsigned char **data, int *datalen,
+                                int en_de);
+void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it,
+                              const char *pass, int passlen,
+                              const ASN1_OCTET_STRING *oct, int zbuf);
+ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor,
+                                           const ASN1_ITEM *it,
+                                           const char *pass, int passlen,
+                                           void *obj, int zbuf);
+PKCS12 *PKCS12_init(int mode);
+int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
+                       int saltlen, int id, int iter, int n,
+                       unsigned char *out, const EVP_MD *md_type);
+int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
+                       int saltlen, int id, int iter, int n,
+                       unsigned char *out, const EVP_MD *md_type);
+int PKCS12_key_gen_utf8(const char *pass, int passlen, unsigned char *salt,
+                        int saltlen, int id, int iter, int n,
+                        unsigned char *out, const EVP_MD *md_type);
+int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+                        ASN1_TYPE *param, const EVP_CIPHER *cipher,
+                        const EVP_MD *md_type, int en_de);
+int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
+                   unsigned char *mac, unsigned int *maclen);
+int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen);
+int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
+                   unsigned char *salt, int saltlen, int iter,
+                   const EVP_MD *md_type);
+int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt,
+                     int saltlen, const EVP_MD *md_type);
+unsigned char *OPENSSL_asc2uni(const char *asc, int asclen,
+                               unsigned char **uni, int *unilen);
+char *OPENSSL_uni2asc(const unsigned char *uni, int unilen);
+unsigned char *OPENSSL_utf82uni(const char *asc, int asclen,
+                                unsigned char **uni, int *unilen);
+char *OPENSSL_uni2utf8(const unsigned char *uni, int unilen);
+
+DECLARE_ASN1_FUNCTIONS(PKCS12)
+DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA)
+DECLARE_ASN1_FUNCTIONS(PKCS12_SAFEBAG)
+DECLARE_ASN1_FUNCTIONS(PKCS12_BAGS)
+
+DECLARE_ASN1_ITEM(PKCS12_SAFEBAGS)
+DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES)
+
+void PKCS12_PBE_add(void);
+int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
+                 STACK_OF(X509) **ca);
+PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey,
+                      X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
+                      int iter, int mac_iter, int keytype);
+
+PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
+PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
+                               EVP_PKEY *key, int key_usage, int iter,
+                               int key_nid, const char *pass);
+int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
+                    int safe_nid, int iter, const char *pass);
+PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid);
+
+int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12);
+# ifndef OPENSSL_NO_STDIO
+int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12);
+# endif
+PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12);
+# ifndef OPENSSL_NO_STDIO
+PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12);
+# endif
+int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass);
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/pkcs12err.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/pkcs12err.h
new file mode 100644
index 000000000..c7184ffe7
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/pkcs12err.h
@@ -0,0 +1,77 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_PKCS12ERR_H
+# define HEADER_PKCS12ERR_H
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_PKCS12_strings(void);
+
+/*
+ * PKCS12 function codes.
+ */
+# define PKCS12_F_OPENSSL_ASC2UNI                         121
+# define PKCS12_F_OPENSSL_UNI2ASC                         124
+# define PKCS12_F_OPENSSL_UNI2UTF8                        127
+# define PKCS12_F_OPENSSL_UTF82UNI                        129
+# define PKCS12_F_PKCS12_CREATE                           105
+# define PKCS12_F_PKCS12_GEN_MAC                          107
+# define PKCS12_F_PKCS12_INIT                             109
+# define PKCS12_F_PKCS12_ITEM_DECRYPT_D2I                 106
+# define PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT                 108
+# define PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG                117
+# define PKCS12_F_PKCS12_KEY_GEN_ASC                      110
+# define PKCS12_F_PKCS12_KEY_GEN_UNI                      111
+# define PKCS12_F_PKCS12_KEY_GEN_UTF8                     116
+# define PKCS12_F_PKCS12_NEWPASS                          128
+# define PKCS12_F_PKCS12_PACK_P7DATA                      114
+# define PKCS12_F_PKCS12_PACK_P7ENCDATA                   115
+# define PKCS12_F_PKCS12_PARSE                            118
+# define PKCS12_F_PKCS12_PBE_CRYPT                        119
+# define PKCS12_F_PKCS12_PBE_KEYIVGEN                     120
+# define PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF            112
+# define PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8            113
+# define PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT     133
+# define PKCS12_F_PKCS12_SETUP_MAC                        122
+# define PKCS12_F_PKCS12_SET_MAC                          123
+# define PKCS12_F_PKCS12_UNPACK_AUTHSAFES                 130
+# define PKCS12_F_PKCS12_UNPACK_P7DATA                    131
+# define PKCS12_F_PKCS12_VERIFY_MAC                       126
+# define PKCS12_F_PKCS8_ENCRYPT                           125
+# define PKCS12_F_PKCS8_SET0_PBE                          132
+
+/*
+ * PKCS12 reason codes.
+ */
+# define PKCS12_R_CANT_PACK_STRUCTURE                     100
+# define PKCS12_R_CONTENT_TYPE_NOT_DATA                   121
+# define PKCS12_R_DECODE_ERROR                            101
+# define PKCS12_R_ENCODE_ERROR                            102
+# define PKCS12_R_ENCRYPT_ERROR                           103
+# define PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE       120
+# define PKCS12_R_INVALID_NULL_ARGUMENT                   104
+# define PKCS12_R_INVALID_NULL_PKCS12_POINTER             105
+# define PKCS12_R_IV_GEN_ERROR                            106
+# define PKCS12_R_KEY_GEN_ERROR                           107
+# define PKCS12_R_MAC_ABSENT                              108
+# define PKCS12_R_MAC_GENERATION_ERROR                    109
+# define PKCS12_R_MAC_SETUP_ERROR                         110
+# define PKCS12_R_MAC_STRING_SET_ERROR                    111
+# define PKCS12_R_MAC_VERIFY_FAILURE                      113
+# define PKCS12_R_PARSE_ERROR                             114
+# define PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR           115
+# define PKCS12_R_PKCS12_CIPHERFINAL_ERROR                116
+# define PKCS12_R_PKCS12_PBE_CRYPT_ERROR                  117
+# define PKCS12_R_UNKNOWN_DIGEST_ALGORITHM                118
+# define PKCS12_R_UNSUPPORTED_PKCS12_MODE                 119
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/pkcs7.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/pkcs7.h
new file mode 100644
index 000000000..9b66e002d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/pkcs7.h
@@ -0,0 +1,319 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_PKCS7_H
+# define HEADER_PKCS7_H
+
+# include <openssl/asn1.h>
+# include <openssl/bio.h>
+# include <openssl/e_os2.h>
+
+# include <openssl/symhacks.h>
+# include <openssl/ossl_typ.h>
+# include <openssl/pkcs7err.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/*-
+Encryption_ID           DES-CBC
+Digest_ID               MD5
+Digest_Encryption_ID    rsaEncryption
+Key_Encryption_ID       rsaEncryption
+*/
+
+typedef struct pkcs7_issuer_and_serial_st {
+    X509_NAME *issuer;
+    ASN1_INTEGER *serial;
+} PKCS7_ISSUER_AND_SERIAL;
+
+typedef struct pkcs7_signer_info_st {
+    ASN1_INTEGER *version;      /* version 1 */
+    PKCS7_ISSUER_AND_SERIAL *issuer_and_serial;
+    X509_ALGOR *digest_alg;
+    STACK_OF(X509_ATTRIBUTE) *auth_attr; /* [ 0 ] */
+    X509_ALGOR *digest_enc_alg;
+    ASN1_OCTET_STRING *enc_digest;
+    STACK_OF(X509_ATTRIBUTE) *unauth_attr; /* [ 1 ] */
+    /* The private key to sign with */
+    EVP_PKEY *pkey;
+} PKCS7_SIGNER_INFO;
+
+DEFINE_STACK_OF(PKCS7_SIGNER_INFO)
+
+typedef struct pkcs7_recip_info_st {
+    ASN1_INTEGER *version;      /* version 0 */
+    PKCS7_ISSUER_AND_SERIAL *issuer_and_serial;
+    X509_ALGOR *key_enc_algor;
+    ASN1_OCTET_STRING *enc_key;
+    X509 *cert;                 /* get the pub-key from this */
+} PKCS7_RECIP_INFO;
+
+DEFINE_STACK_OF(PKCS7_RECIP_INFO)
+
+typedef struct pkcs7_signed_st {
+    ASN1_INTEGER *version;      /* version 1 */
+    STACK_OF(X509_ALGOR) *md_algs; /* md used */
+    STACK_OF(X509) *cert;       /* [ 0 ] */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
+    struct pkcs7_st *contents;
+} PKCS7_SIGNED;
+/*
+ * The above structure is very very similar to PKCS7_SIGN_ENVELOPE. How about
+ * merging the two
+ */
+
+typedef struct pkcs7_enc_content_st {
+    ASN1_OBJECT *content_type;
+    X509_ALGOR *algorithm;
+    ASN1_OCTET_STRING *enc_data; /* [ 0 ] */
+    const EVP_CIPHER *cipher;
+} PKCS7_ENC_CONTENT;
+
+typedef struct pkcs7_enveloped_st {
+    ASN1_INTEGER *version;      /* version 0 */
+    STACK_OF(PKCS7_RECIP_INFO) *recipientinfo;
+    PKCS7_ENC_CONTENT *enc_data;
+} PKCS7_ENVELOPE;
+
+typedef struct pkcs7_signedandenveloped_st {
+    ASN1_INTEGER *version;      /* version 1 */
+    STACK_OF(X509_ALGOR) *md_algs; /* md used */
+    STACK_OF(X509) *cert;       /* [ 0 ] */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
+    PKCS7_ENC_CONTENT *enc_data;
+    STACK_OF(PKCS7_RECIP_INFO) *recipientinfo;
+} PKCS7_SIGN_ENVELOPE;
+
+typedef struct pkcs7_digest_st {
+    ASN1_INTEGER *version;      /* version 0 */
+    X509_ALGOR *md;             /* md used */
+    struct pkcs7_st *contents;
+    ASN1_OCTET_STRING *digest;
+} PKCS7_DIGEST;
+
+typedef struct pkcs7_encrypted_st {
+    ASN1_INTEGER *version;      /* version 0 */
+    PKCS7_ENC_CONTENT *enc_data;
+} PKCS7_ENCRYPT;
+
+typedef struct pkcs7_st {
+    /*
+     * The following is non NULL if it contains ASN1 encoding of this
+     * structure
+     */
+    unsigned char *asn1;
+    long length;
+# define PKCS7_S_HEADER  0
+# define PKCS7_S_BODY    1
+# define PKCS7_S_TAIL    2
+    int state;                  /* used during processing */
+    int detached;
+    ASN1_OBJECT *type;
+    /* content as defined by the type */
+    /*
+     * all encryption/message digests are applied to the 'contents', leaving
+     * out the 'type' field.
+     */
+    union {
+        char *ptr;
+        /* NID_pkcs7_data */
+        ASN1_OCTET_STRING *data;
+        /* NID_pkcs7_signed */
+        PKCS7_SIGNED *sign;
+        /* NID_pkcs7_enveloped */
+        PKCS7_ENVELOPE *enveloped;
+        /* NID_pkcs7_signedAndEnveloped */
+        PKCS7_SIGN_ENVELOPE *signed_and_enveloped;
+        /* NID_pkcs7_digest */
+        PKCS7_DIGEST *digest;
+        /* NID_pkcs7_encrypted */
+        PKCS7_ENCRYPT *encrypted;
+        /* Anything else */
+        ASN1_TYPE *other;
+    } d;
+} PKCS7;
+
+DEFINE_STACK_OF(PKCS7)
+
+# define PKCS7_OP_SET_DETACHED_SIGNATURE 1
+# define PKCS7_OP_GET_DETACHED_SIGNATURE 2
+
+# define PKCS7_get_signed_attributes(si) ((si)->auth_attr)
+# define PKCS7_get_attributes(si)        ((si)->unauth_attr)
+
+# define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed)
+# define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted)
+# define PKCS7_type_is_enveloped(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_enveloped)
+# define PKCS7_type_is_signedAndEnveloped(a) \
+                (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped)
+# define PKCS7_type_is_data(a)   (OBJ_obj2nid((a)->type) == NID_pkcs7_data)
+# define PKCS7_type_is_digest(a)   (OBJ_obj2nid((a)->type) == NID_pkcs7_digest)
+
+# define PKCS7_set_detached(p,v) \
+                PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL)
+# define PKCS7_get_detached(p) \
+                PKCS7_ctrl(p,PKCS7_OP_GET_DETACHED_SIGNATURE,0,NULL)
+
+# define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7))
+
+/* S/MIME related flags */
+
+# define PKCS7_TEXT              0x1
+# define PKCS7_NOCERTS           0x2
+# define PKCS7_NOSIGS            0x4
+# define PKCS7_NOCHAIN           0x8
+# define PKCS7_NOINTERN          0x10
+# define PKCS7_NOVERIFY          0x20
+# define PKCS7_DETACHED          0x40
+# define PKCS7_BINARY            0x80
+# define PKCS7_NOATTR            0x100
+# define PKCS7_NOSMIMECAP        0x200
+# define PKCS7_NOOLDMIMETYPE     0x400
+# define PKCS7_CRLFEOL           0x800
+# define PKCS7_STREAM            0x1000
+# define PKCS7_NOCRL             0x2000
+# define PKCS7_PARTIAL           0x4000
+# define PKCS7_REUSE_DIGEST      0x8000
+# define PKCS7_NO_DUAL_CONTENT   0x10000
+
+/* Flags: for compatibility with older code */
+
+# define SMIME_TEXT      PKCS7_TEXT
+# define SMIME_NOCERTS   PKCS7_NOCERTS
+# define SMIME_NOSIGS    PKCS7_NOSIGS
+# define SMIME_NOCHAIN   PKCS7_NOCHAIN
+# define SMIME_NOINTERN  PKCS7_NOINTERN
+# define SMIME_NOVERIFY  PKCS7_NOVERIFY
+# define SMIME_DETACHED  PKCS7_DETACHED
+# define SMIME_BINARY    PKCS7_BINARY
+# define SMIME_NOATTR    PKCS7_NOATTR
+
+/* CRLF ASCII canonicalisation */
+# define SMIME_ASCIICRLF         0x80000
+
+DECLARE_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL)
+
+int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,
+                                   const EVP_MD *type, unsigned char *md,
+                                   unsigned int *len);
+# ifndef OPENSSL_NO_STDIO
+PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7);
+int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7);
+# endif
+PKCS7 *PKCS7_dup(PKCS7 *p7);
+PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7);
+int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7);
+int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags);
+int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags);
+
+DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO)
+DECLARE_ASN1_FUNCTIONS(PKCS7_RECIP_INFO)
+DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNED)
+DECLARE_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT)
+DECLARE_ASN1_FUNCTIONS(PKCS7_ENVELOPE)
+DECLARE_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE)
+DECLARE_ASN1_FUNCTIONS(PKCS7_DIGEST)
+DECLARE_ASN1_FUNCTIONS(PKCS7_ENCRYPT)
+DECLARE_ASN1_FUNCTIONS(PKCS7)
+
+DECLARE_ASN1_ITEM(PKCS7_ATTR_SIGN)
+DECLARE_ASN1_ITEM(PKCS7_ATTR_VERIFY)
+
+DECLARE_ASN1_NDEF_FUNCTION(PKCS7)
+DECLARE_ASN1_PRINT_FUNCTION(PKCS7)
+
+long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg);
+
+int PKCS7_set_type(PKCS7 *p7, int type);
+int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other);
+int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data);
+int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
+                          const EVP_MD *dgst);
+int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si);
+int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
+int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
+int PKCS7_content_new(PKCS7 *p7, int nid);
+int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx,
+                     BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si);
+int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
+                          X509 *x509);
+
+BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio);
+int PKCS7_dataFinal(PKCS7 *p7, BIO *bio);
+BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert);
+
+PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509,
+                                       EVP_PKEY *pkey, const EVP_MD *dgst);
+X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si);
+int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md);
+STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7);
+
+PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509);
+void PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk,
+                                 X509_ALGOR **pdig, X509_ALGOR **psig);
+void PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc);
+int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri);
+int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509);
+int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher);
+int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7);
+
+PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx);
+ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk);
+int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int type,
+                               void *data);
+int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
+                        void *value);
+ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid);
+ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid);
+int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
+                                STACK_OF(X509_ATTRIBUTE) *sk);
+int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,
+                         STACK_OF(X509_ATTRIBUTE) *sk);
+
+PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
+                  BIO *data, int flags);
+
+PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7,
+                                         X509 *signcert, EVP_PKEY *pkey,
+                                         const EVP_MD *md, int flags);
+
+int PKCS7_final(PKCS7 *p7, BIO *data, int flags);
+int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
+                 BIO *indata, BIO *out, int flags);
+STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs,
+                                   int flags);
+PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
+                     int flags);
+int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data,
+                  int flags);
+
+int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si,
+                              STACK_OF(X509_ALGOR) *cap);
+STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si);
+int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg);
+
+int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid);
+int PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t);
+int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si,
+                             const unsigned char *md, int mdlen);
+
+int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags);
+PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont);
+
+BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7);
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/pkcs7err.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/pkcs7err.h
new file mode 100644
index 000000000..0ba418d78
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/pkcs7err.h
@@ -0,0 +1,99 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_PKCS7ERR_H
+# define HEADER_PKCS7ERR_H
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_PKCS7_strings(void);
+
+/*
+ * PKCS7 function codes.
+ */
+# define PKCS7_F_DO_PKCS7_SIGNED_ATTRIB                   136
+# define PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME           135
+# define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP                118
+# define PKCS7_F_PKCS7_ADD_CERTIFICATE                    100
+# define PKCS7_F_PKCS7_ADD_CRL                            101
+# define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO                 102
+# define PKCS7_F_PKCS7_ADD_SIGNATURE                      131
+# define PKCS7_F_PKCS7_ADD_SIGNER                         103
+# define PKCS7_F_PKCS7_BIO_ADD_DIGEST                     125
+# define PKCS7_F_PKCS7_COPY_EXISTING_DIGEST               138
+# define PKCS7_F_PKCS7_CTRL                               104
+# define PKCS7_F_PKCS7_DATADECODE                         112
+# define PKCS7_F_PKCS7_DATAFINAL                          128
+# define PKCS7_F_PKCS7_DATAINIT                           105
+# define PKCS7_F_PKCS7_DATAVERIFY                         107
+# define PKCS7_F_PKCS7_DECRYPT                            114
+# define PKCS7_F_PKCS7_DECRYPT_RINFO                      133
+# define PKCS7_F_PKCS7_ENCODE_RINFO                       132
+# define PKCS7_F_PKCS7_ENCRYPT                            115
+# define PKCS7_F_PKCS7_FINAL                              134
+# define PKCS7_F_PKCS7_FIND_DIGEST                        127
+# define PKCS7_F_PKCS7_GET0_SIGNERS                       124
+# define PKCS7_F_PKCS7_RECIP_INFO_SET                     130
+# define PKCS7_F_PKCS7_SET_CIPHER                         108
+# define PKCS7_F_PKCS7_SET_CONTENT                        109
+# define PKCS7_F_PKCS7_SET_DIGEST                         126
+# define PKCS7_F_PKCS7_SET_TYPE                           110
+# define PKCS7_F_PKCS7_SIGN                               116
+# define PKCS7_F_PKCS7_SIGNATUREVERIFY                    113
+# define PKCS7_F_PKCS7_SIGNER_INFO_SET                    129
+# define PKCS7_F_PKCS7_SIGNER_INFO_SIGN                   139
+# define PKCS7_F_PKCS7_SIGN_ADD_SIGNER                    137
+# define PKCS7_F_PKCS7_SIMPLE_SMIMECAP                    119
+# define PKCS7_F_PKCS7_VERIFY                             117
+
+/*
+ * PKCS7 reason codes.
+ */
+# define PKCS7_R_CERTIFICATE_VERIFY_ERROR                 117
+# define PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER          144
+# define PKCS7_R_CIPHER_NOT_INITIALIZED                   116
+# define PKCS7_R_CONTENT_AND_DATA_PRESENT                 118
+# define PKCS7_R_CTRL_ERROR                               152
+# define PKCS7_R_DECRYPT_ERROR                            119
+# define PKCS7_R_DIGEST_FAILURE                           101
+# define PKCS7_R_ENCRYPTION_CTRL_FAILURE                  149
+# define PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 150
+# define PKCS7_R_ERROR_ADDING_RECIPIENT                   120
+# define PKCS7_R_ERROR_SETTING_CIPHER                     121
+# define PKCS7_R_INVALID_NULL_POINTER                     143
+# define PKCS7_R_INVALID_SIGNED_DATA_TYPE                 155
+# define PKCS7_R_NO_CONTENT                               122
+# define PKCS7_R_NO_DEFAULT_DIGEST                        151
+# define PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND            154
+# define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE         115
+# define PKCS7_R_NO_SIGNATURES_ON_DATA                    123
+# define PKCS7_R_NO_SIGNERS                               142
+# define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE     104
+# define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR                124
+# define PKCS7_R_PKCS7_ADD_SIGNER_ERROR                   153
+# define PKCS7_R_PKCS7_DATASIGN                           145
+# define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE   127
+# define PKCS7_R_SIGNATURE_FAILURE                        105
+# define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND             128
+# define PKCS7_R_SIGNING_CTRL_FAILURE                     147
+# define PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE  148
+# define PKCS7_R_SMIME_TEXT_ERROR                         129
+# define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE               106
+# define PKCS7_R_UNABLE_TO_FIND_MEM_BIO                   107
+# define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST            108
+# define PKCS7_R_UNKNOWN_DIGEST_TYPE                      109
+# define PKCS7_R_UNKNOWN_OPERATION                        110
+# define PKCS7_R_UNSUPPORTED_CIPHER_TYPE                  111
+# define PKCS7_R_UNSUPPORTED_CONTENT_TYPE                 112
+# define PKCS7_R_WRONG_CONTENT_TYPE                       113
+# define PKCS7_R_WRONG_PKCS7_TYPE                         114
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/rand.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/rand.h
new file mode 100644
index 000000000..38a2a2718
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/rand.h
@@ -0,0 +1,77 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_RAND_H
+# define HEADER_RAND_H
+
+# include <stdlib.h>
+# include <openssl/ossl_typ.h>
+# include <openssl/e_os2.h>
+# include <openssl/randerr.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+struct rand_meth_st {
+    int (*seed) (const void *buf, int num);
+    int (*bytes) (unsigned char *buf, int num);
+    void (*cleanup) (void);
+    int (*add) (const void *buf, int num, double randomness);
+    int (*pseudorand) (unsigned char *buf, int num);
+    int (*status) (void);
+};
+
+int RAND_set_rand_method(const RAND_METHOD *meth);
+const RAND_METHOD *RAND_get_rand_method(void);
+# ifndef OPENSSL_NO_ENGINE
+int RAND_set_rand_engine(ENGINE *engine);
+# endif
+
+RAND_METHOD *RAND_OpenSSL(void);
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#   define RAND_cleanup() while(0) continue
+# endif
+int RAND_bytes(unsigned char *buf, int num);
+int RAND_priv_bytes(unsigned char *buf, int num);
+DEPRECATEDIN_1_1_0(int RAND_pseudo_bytes(unsigned char *buf, int num))
+
+void RAND_seed(const void *buf, int num);
+void RAND_keep_random_devices_open(int keep);
+
+# if defined(__ANDROID__) && defined(__NDK_FPABI__)
+__NDK_FPABI__	/* __attribute__((pcs("aapcs"))) on ARM */
+# endif
+void RAND_add(const void *buf, int num, double randomness);
+int RAND_load_file(const char *file, long max_bytes);
+int RAND_write_file(const char *file);
+const char *RAND_file_name(char *file, size_t num);
+int RAND_status(void);
+
+# ifndef OPENSSL_NO_EGD
+int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes);
+int RAND_egd(const char *path);
+int RAND_egd_bytes(const char *path, int bytes);
+# endif
+
+int RAND_poll(void);
+
+# if defined(_WIN32) && (defined(BASETYPES) || defined(_WINDEF_H))
+/* application has to include <windows.h> in order to use these */
+DEPRECATEDIN_1_1_0(void RAND_screen(void))
+DEPRECATEDIN_1_1_0(int RAND_event(UINT, WPARAM, LPARAM))
+# endif
+
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/rand_drbg.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/rand_drbg.h
new file mode 100644
index 000000000..45b731b73
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/rand_drbg.h
@@ -0,0 +1,130 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_DRBG_RAND_H
+# define HEADER_DRBG_RAND_H
+
+# include <time.h>
+# include <openssl/ossl_typ.h>
+# include <openssl/obj_mac.h>
+
+/*
+ * RAND_DRBG  flags
+ *
+ * Note: if new flags are added, the constant `rand_drbg_used_flags`
+ *       in drbg_lib.c needs to be updated accordingly.
+ */
+
+/* In CTR mode, disable derivation function ctr_df */
+# define RAND_DRBG_FLAG_CTR_NO_DF            0x1
+
+
+# if OPENSSL_API_COMPAT < 0x10200000L
+/* This #define was replaced by an internal constant and should not be used. */
+#  define RAND_DRBG_USED_FLAGS  (RAND_DRBG_FLAG_CTR_NO_DF)
+# endif
+
+/*
+ * Default security strength (in the sense of [NIST SP 800-90Ar1])
+ *
+ * NIST SP 800-90Ar1 supports the strength of the DRBG being smaller than that
+ * of the cipher by collecting less entropy. The current DRBG implementation
+ * does not take RAND_DRBG_STRENGTH into account and sets the strength of the
+ * DRBG to that of the cipher.
+ *
+ * RAND_DRBG_STRENGTH is currently only used for the legacy RAND
+ * implementation.
+ *
+ * Currently supported ciphers are: NID_aes_128_ctr, NID_aes_192_ctr and
+ * NID_aes_256_ctr
+ */
+# define RAND_DRBG_STRENGTH             256
+/* Default drbg type */
+# define RAND_DRBG_TYPE                 NID_aes_256_ctr
+/* Default drbg flags */
+# define RAND_DRBG_FLAGS                0
+
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+/*
+ * Object lifetime functions.
+ */
+RAND_DRBG *RAND_DRBG_new(int type, unsigned int flags, RAND_DRBG *parent);
+RAND_DRBG *RAND_DRBG_secure_new(int type, unsigned int flags, RAND_DRBG *parent);
+int RAND_DRBG_set(RAND_DRBG *drbg, int type, unsigned int flags);
+int RAND_DRBG_set_defaults(int type, unsigned int flags);
+int RAND_DRBG_instantiate(RAND_DRBG *drbg,
+                          const unsigned char *pers, size_t perslen);
+int RAND_DRBG_uninstantiate(RAND_DRBG *drbg);
+void RAND_DRBG_free(RAND_DRBG *drbg);
+
+/*
+ * Object "use" functions.
+ */
+int RAND_DRBG_reseed(RAND_DRBG *drbg,
+                     const unsigned char *adin, size_t adinlen,
+                     int prediction_resistance);
+int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen,
+                       int prediction_resistance,
+                       const unsigned char *adin, size_t adinlen);
+int RAND_DRBG_bytes(RAND_DRBG *drbg, unsigned char *out, size_t outlen);
+
+int RAND_DRBG_set_reseed_interval(RAND_DRBG *drbg, unsigned int interval);
+int RAND_DRBG_set_reseed_time_interval(RAND_DRBG *drbg, time_t interval);
+
+int RAND_DRBG_set_reseed_defaults(
+                                  unsigned int master_reseed_interval,
+                                  unsigned int slave_reseed_interval,
+                                  time_t master_reseed_time_interval,
+                                  time_t slave_reseed_time_interval
+                                  );
+
+RAND_DRBG *RAND_DRBG_get0_master(void);
+RAND_DRBG *RAND_DRBG_get0_public(void);
+RAND_DRBG *RAND_DRBG_get0_private(void);
+
+/*
+ * EXDATA
+ */
+# define RAND_DRBG_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DRBG, l, p, newf, dupf, freef)
+int RAND_DRBG_set_ex_data(RAND_DRBG *drbg, int idx, void *arg);
+void *RAND_DRBG_get_ex_data(const RAND_DRBG *drbg, int idx);
+
+/*
+ * Callback function typedefs
+ */
+typedef size_t (*RAND_DRBG_get_entropy_fn)(RAND_DRBG *drbg,
+                                           unsigned char **pout,
+                                           int entropy, size_t min_len,
+                                           size_t max_len,
+                                           int prediction_resistance);
+typedef void (*RAND_DRBG_cleanup_entropy_fn)(RAND_DRBG *ctx,
+                                             unsigned char *out, size_t outlen);
+typedef size_t (*RAND_DRBG_get_nonce_fn)(RAND_DRBG *drbg, unsigned char **pout,
+                                         int entropy, size_t min_len,
+                                         size_t max_len);
+typedef void (*RAND_DRBG_cleanup_nonce_fn)(RAND_DRBG *drbg,
+                                           unsigned char *out, size_t outlen);
+
+int RAND_DRBG_set_callbacks(RAND_DRBG *drbg,
+                            RAND_DRBG_get_entropy_fn get_entropy,
+                            RAND_DRBG_cleanup_entropy_fn cleanup_entropy,
+                            RAND_DRBG_get_nonce_fn get_nonce,
+                            RAND_DRBG_cleanup_nonce_fn cleanup_nonce);
+
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/randerr.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/randerr.h
new file mode 100644
index 000000000..599a2a18d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/randerr.h
@@ -0,0 +1,89 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_RANDERR_H
+# define HEADER_RANDERR_H
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_RAND_strings(void);
+
+/*
+ * RAND function codes.
+ */
+# define RAND_F_DRBG_BYTES                                101
+# define RAND_F_DRBG_GET_ENTROPY                          105
+# define RAND_F_DRBG_SETUP                                117
+# define RAND_F_GET_ENTROPY                               106
+# define RAND_F_RAND_BYTES                                100
+# define RAND_F_RAND_DRBG_ENABLE_LOCKING                  119
+# define RAND_F_RAND_DRBG_GENERATE                        107
+# define RAND_F_RAND_DRBG_GET_ENTROPY                     120
+# define RAND_F_RAND_DRBG_GET_NONCE                       123
+# define RAND_F_RAND_DRBG_INSTANTIATE                     108
+# define RAND_F_RAND_DRBG_NEW                             109
+# define RAND_F_RAND_DRBG_RESEED                          110
+# define RAND_F_RAND_DRBG_RESTART                         102
+# define RAND_F_RAND_DRBG_SET                             104
+# define RAND_F_RAND_DRBG_SET_DEFAULTS                    121
+# define RAND_F_RAND_DRBG_UNINSTANTIATE                   118
+# define RAND_F_RAND_LOAD_FILE                            111
+# define RAND_F_RAND_POOL_ACQUIRE_ENTROPY                 122
+# define RAND_F_RAND_POOL_ADD                             103
+# define RAND_F_RAND_POOL_ADD_BEGIN                       113
+# define RAND_F_RAND_POOL_ADD_END                         114
+# define RAND_F_RAND_POOL_ATTACH                          124
+# define RAND_F_RAND_POOL_BYTES_NEEDED                    115
+# define RAND_F_RAND_POOL_NEW                             116
+# define RAND_F_RAND_WRITE_FILE                           112
+
+/*
+ * RAND reason codes.
+ */
+# define RAND_R_ADDITIONAL_INPUT_TOO_LONG                 102
+# define RAND_R_ALREADY_INSTANTIATED                      103
+# define RAND_R_ARGUMENT_OUT_OF_RANGE                     105
+# define RAND_R_CANNOT_OPEN_FILE                          121
+# define RAND_R_DRBG_ALREADY_INITIALIZED                  129
+# define RAND_R_DRBG_NOT_INITIALISED                      104
+# define RAND_R_ENTROPY_INPUT_TOO_LONG                    106
+# define RAND_R_ENTROPY_OUT_OF_RANGE                      124
+# define RAND_R_ERROR_ENTROPY_POOL_WAS_IGNORED            127
+# define RAND_R_ERROR_INITIALISING_DRBG                   107
+# define RAND_R_ERROR_INSTANTIATING_DRBG                  108
+# define RAND_R_ERROR_RETRIEVING_ADDITIONAL_INPUT         109
+# define RAND_R_ERROR_RETRIEVING_ENTROPY                  110
+# define RAND_R_ERROR_RETRIEVING_NONCE                    111
+# define RAND_R_FAILED_TO_CREATE_LOCK                     126
+# define RAND_R_FUNC_NOT_IMPLEMENTED                      101
+# define RAND_R_FWRITE_ERROR                              123
+# define RAND_R_GENERATE_ERROR                            112
+# define RAND_R_INTERNAL_ERROR                            113
+# define RAND_R_IN_ERROR_STATE                            114
+# define RAND_R_NOT_A_REGULAR_FILE                        122
+# define RAND_R_NOT_INSTANTIATED                          115
+# define RAND_R_NO_DRBG_IMPLEMENTATION_SELECTED           128
+# define RAND_R_PARENT_LOCKING_NOT_ENABLED                130
+# define RAND_R_PARENT_STRENGTH_TOO_WEAK                  131
+# define RAND_R_PERSONALISATION_STRING_TOO_LONG           116
+# define RAND_R_PREDICTION_RESISTANCE_NOT_SUPPORTED       133
+# define RAND_R_PRNG_NOT_SEEDED                           100
+# define RAND_R_RANDOM_POOL_OVERFLOW                      125
+# define RAND_R_RANDOM_POOL_UNDERFLOW                     134
+# define RAND_R_REQUEST_TOO_LARGE_FOR_DRBG                117
+# define RAND_R_RESEED_ERROR                              118
+# define RAND_R_SELFTEST_FAILURE                          119
+# define RAND_R_TOO_LITTLE_NONCE_REQUESTED                135
+# define RAND_R_TOO_MUCH_NONCE_REQUESTED                  136
+# define RAND_R_UNSUPPORTED_DRBG_FLAGS                    132
+# define RAND_R_UNSUPPORTED_DRBG_TYPE                     120
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/rc2.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/rc2.h
new file mode 100644
index 000000000..585f9e4c3
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/rc2.h
@@ -0,0 +1,51 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_RC2_H
+# define HEADER_RC2_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_RC2
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+typedef unsigned int RC2_INT;
+
+# define RC2_ENCRYPT     1
+# define RC2_DECRYPT     0
+
+# define RC2_BLOCK       8
+# define RC2_KEY_LENGTH  16
+
+typedef struct rc2_key_st {
+    RC2_INT data[64];
+} RC2_KEY;
+
+void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits);
+void RC2_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                     RC2_KEY *key, int enc);
+void RC2_encrypt(unsigned long *data, RC2_KEY *key);
+void RC2_decrypt(unsigned long *data, RC2_KEY *key);
+void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+                     RC2_KEY *ks, unsigned char *iv, int enc);
+void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                       long length, RC2_KEY *schedule, unsigned char *ivec,
+                       int *num, int enc);
+void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                       long length, RC2_KEY *schedule, unsigned char *ivec,
+                       int *num);
+
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/rc4.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/rc4.h
new file mode 100644
index 000000000..86803b37f
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/rc4.h
@@ -0,0 +1,36 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_RC4_H
+# define HEADER_RC4_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_RC4
+# include <stddef.h>
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+typedef struct rc4_key_st {
+    RC4_INT x, y;
+    RC4_INT data[256];
+} RC4_KEY;
+
+const char *RC4_options(void);
+void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
+void RC4(RC4_KEY *key, size_t len, const unsigned char *indata,
+         unsigned char *outdata);
+
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/rc5.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/rc5.h
new file mode 100644
index 000000000..793f88e4e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/rc5.h
@@ -0,0 +1,63 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_RC5_H
+# define HEADER_RC5_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_RC5
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+# define RC5_ENCRYPT     1
+# define RC5_DECRYPT     0
+
+# define RC5_32_INT unsigned int
+
+# define RC5_32_BLOCK            8
+# define RC5_32_KEY_LENGTH       16/* This is a default, max is 255 */
+
+/*
+ * This are the only values supported.  Tweak the code if you want more The
+ * most supported modes will be RC5-32/12/16 RC5-32/16/8
+ */
+# define RC5_8_ROUNDS    8
+# define RC5_12_ROUNDS   12
+# define RC5_16_ROUNDS   16
+
+typedef struct rc5_key_st {
+    /* Number of rounds */
+    int rounds;
+    RC5_32_INT data[2 * (RC5_16_ROUNDS + 1)];
+} RC5_32_KEY;
+
+void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data,
+                    int rounds);
+void RC5_32_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                        RC5_32_KEY *key, int enc);
+void RC5_32_encrypt(unsigned long *data, RC5_32_KEY *key);
+void RC5_32_decrypt(unsigned long *data, RC5_32_KEY *key);
+void RC5_32_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                        long length, RC5_32_KEY *ks, unsigned char *iv,
+                        int enc);
+void RC5_32_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                          long length, RC5_32_KEY *schedule,
+                          unsigned char *ivec, int *num, int enc);
+void RC5_32_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                          long length, RC5_32_KEY *schedule,
+                          unsigned char *ivec, int *num);
+
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/ripemd.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/ripemd.h
new file mode 100644
index 000000000..c42026aa4
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/ripemd.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_RIPEMD_H
+# define HEADER_RIPEMD_H
+
+# include <openssl/opensslconf.h>
+
+#ifndef OPENSSL_NO_RMD160
+# include <openssl/e_os2.h>
+# include <stddef.h>
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+# define RIPEMD160_LONG unsigned int
+
+# define RIPEMD160_CBLOCK        64
+# define RIPEMD160_LBLOCK        (RIPEMD160_CBLOCK/4)
+# define RIPEMD160_DIGEST_LENGTH 20
+
+typedef struct RIPEMD160state_st {
+    RIPEMD160_LONG A, B, C, D, E;
+    RIPEMD160_LONG Nl, Nh;
+    RIPEMD160_LONG data[RIPEMD160_LBLOCK];
+    unsigned int num;
+} RIPEMD160_CTX;
+
+int RIPEMD160_Init(RIPEMD160_CTX *c);
+int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len);
+int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);
+unsigned char *RIPEMD160(const unsigned char *d, size_t n, unsigned char *md);
+void RIPEMD160_Transform(RIPEMD160_CTX *c, const unsigned char *b);
+
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/rsa.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/rsa.h
new file mode 100644
index 000000000..cdce1264e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/rsa.h
@@ -0,0 +1,512 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_RSA_H
+# define HEADER_RSA_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_RSA
+# include <openssl/asn1.h>
+# include <openssl/bio.h>
+# include <openssl/crypto.h>
+# include <openssl/ossl_typ.h>
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  include <openssl/bn.h>
+# endif
+# include <openssl/rsaerr.h>
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+/* The types RSA and RSA_METHOD are defined in ossl_typ.h */
+
+# ifndef OPENSSL_RSA_MAX_MODULUS_BITS
+#  define OPENSSL_RSA_MAX_MODULUS_BITS   16384
+# endif
+
+# define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024
+
+# ifndef OPENSSL_RSA_SMALL_MODULUS_BITS
+#  define OPENSSL_RSA_SMALL_MODULUS_BITS 3072
+# endif
+# ifndef OPENSSL_RSA_MAX_PUBEXP_BITS
+
+/* exponent limit enforced for "large" modulus only */
+#  define OPENSSL_RSA_MAX_PUBEXP_BITS    64
+# endif
+
+# define RSA_3   0x3L
+# define RSA_F4  0x10001L
+
+/* based on RFC 8017 appendix A.1.2 */
+# define RSA_ASN1_VERSION_DEFAULT        0
+# define RSA_ASN1_VERSION_MULTI          1
+
+# define RSA_DEFAULT_PRIME_NUM           2
+
+# define RSA_METHOD_FLAG_NO_CHECK        0x0001/* don't check pub/private
+                                                * match */
+
+# define RSA_FLAG_CACHE_PUBLIC           0x0002
+# define RSA_FLAG_CACHE_PRIVATE          0x0004
+# define RSA_FLAG_BLINDING               0x0008
+# define RSA_FLAG_THREAD_SAFE            0x0010
+/*
+ * This flag means the private key operations will be handled by rsa_mod_exp
+ * and that they do not depend on the private key components being present:
+ * for example a key stored in external hardware. Without this flag
+ * bn_mod_exp gets called when private key components are absent.
+ */
+# define RSA_FLAG_EXT_PKEY               0x0020
+
+/*
+ * new with 0.9.6j and 0.9.7b; the built-in
+ * RSA implementation now uses blinding by
+ * default (ignoring RSA_FLAG_BLINDING),
+ * but other engines might not need it
+ */
+# define RSA_FLAG_NO_BLINDING            0x0080
+# if OPENSSL_API_COMPAT < 0x10100000L
+/*
+ * Does nothing. Previously this switched off constant time behaviour.
+ */
+#  define RSA_FLAG_NO_CONSTTIME           0x0000
+# endif
+# if OPENSSL_API_COMPAT < 0x00908000L
+/* deprecated name for the flag*/
+/*
+ * new with 0.9.7h; the built-in RSA
+ * implementation now uses constant time
+ * modular exponentiation for secret exponents
+ * by default. This flag causes the
+ * faster variable sliding window method to
+ * be used for all exponents.
+ */
+#  define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME
+# endif
+
+# define EVP_PKEY_CTX_set_rsa_padding(ctx, pad) \
+        RSA_pkey_ctx_ctrl(ctx, -1, EVP_PKEY_CTRL_RSA_PADDING, pad, NULL)
+
+# define EVP_PKEY_CTX_get_rsa_padding(ctx, ppad) \
+        RSA_pkey_ctx_ctrl(ctx, -1, EVP_PKEY_CTRL_GET_RSA_PADDING, 0, ppad)
+
+# define EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, len) \
+        RSA_pkey_ctx_ctrl(ctx, (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \
+                          EVP_PKEY_CTRL_RSA_PSS_SALTLEN, len, NULL)
+/* Salt length matches digest */
+# define RSA_PSS_SALTLEN_DIGEST -1
+/* Verify only: auto detect salt length */
+# define RSA_PSS_SALTLEN_AUTO   -2
+/* Set salt length to maximum possible */
+# define RSA_PSS_SALTLEN_MAX    -3
+/* Old compatible max salt length for sign only */
+# define RSA_PSS_SALTLEN_MAX_SIGN    -2
+
+# define EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(ctx, len) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, \
+                          EVP_PKEY_CTRL_RSA_PSS_SALTLEN, len, NULL)
+
+# define EVP_PKEY_CTX_get_rsa_pss_saltlen(ctx, plen) \
+        RSA_pkey_ctx_ctrl(ctx, (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \
+                          EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN, 0, plen)
+
+# define EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits) \
+        RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_KEYGEN, \
+                          EVP_PKEY_CTRL_RSA_KEYGEN_BITS, bits, NULL)
+
+# define EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp) \
+        RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_KEYGEN, \
+                          EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp)
+
+# define EVP_PKEY_CTX_set_rsa_keygen_primes(ctx, primes) \
+        RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_KEYGEN, \
+                          EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES, primes, NULL)
+
+# define  EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, md) \
+        RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, \
+                          EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)(md))
+
+# define  EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(ctx, md) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, \
+                          EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)(md))
+
+# define  EVP_PKEY_CTX_set_rsa_oaep_md(ctx, md) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT,  \
+                          EVP_PKEY_CTRL_RSA_OAEP_MD, 0, (void *)(md))
+
+# define  EVP_PKEY_CTX_get_rsa_mgf1_md(ctx, pmd) \
+        RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, \
+                          EVP_PKEY_CTRL_GET_RSA_MGF1_MD, 0, (void *)(pmd))
+
+# define  EVP_PKEY_CTX_get_rsa_oaep_md(ctx, pmd) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT,  \
+                          EVP_PKEY_CTRL_GET_RSA_OAEP_MD, 0, (void *)(pmd))
+
+# define  EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, l, llen) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT,  \
+                          EVP_PKEY_CTRL_RSA_OAEP_LABEL, llen, (void *)(l))
+
+# define  EVP_PKEY_CTX_get0_rsa_oaep_label(ctx, l) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT,  \
+                          EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL, 0, (void *)(l))
+
+# define  EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS,  \
+                          EVP_PKEY_OP_KEYGEN, EVP_PKEY_CTRL_MD,  \
+                          0, (void *)(md))
+
+# define EVP_PKEY_CTRL_RSA_PADDING       (EVP_PKEY_ALG_CTRL + 1)
+# define EVP_PKEY_CTRL_RSA_PSS_SALTLEN   (EVP_PKEY_ALG_CTRL + 2)
+
+# define EVP_PKEY_CTRL_RSA_KEYGEN_BITS   (EVP_PKEY_ALG_CTRL + 3)
+# define EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP (EVP_PKEY_ALG_CTRL + 4)
+# define EVP_PKEY_CTRL_RSA_MGF1_MD       (EVP_PKEY_ALG_CTRL + 5)
+
+# define EVP_PKEY_CTRL_GET_RSA_PADDING           (EVP_PKEY_ALG_CTRL + 6)
+# define EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN       (EVP_PKEY_ALG_CTRL + 7)
+# define EVP_PKEY_CTRL_GET_RSA_MGF1_MD           (EVP_PKEY_ALG_CTRL + 8)
+
+# define EVP_PKEY_CTRL_RSA_OAEP_MD       (EVP_PKEY_ALG_CTRL + 9)
+# define EVP_PKEY_CTRL_RSA_OAEP_LABEL    (EVP_PKEY_ALG_CTRL + 10)
+
+# define EVP_PKEY_CTRL_GET_RSA_OAEP_MD   (EVP_PKEY_ALG_CTRL + 11)
+# define EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 12)
+
+# define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES  (EVP_PKEY_ALG_CTRL + 13)
+
+# define RSA_PKCS1_PADDING       1
+# define RSA_SSLV23_PADDING      2
+# define RSA_NO_PADDING          3
+# define RSA_PKCS1_OAEP_PADDING  4
+# define RSA_X931_PADDING        5
+/* EVP_PKEY_ only */
+# define RSA_PKCS1_PSS_PADDING   6
+
+# define RSA_PKCS1_PADDING_SIZE  11
+
+# define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,arg)
+# define RSA_get_app_data(s)             RSA_get_ex_data(s,0)
+
+RSA *RSA_new(void);
+RSA *RSA_new_method(ENGINE *engine);
+int RSA_bits(const RSA *rsa);
+int RSA_size(const RSA *rsa);
+int RSA_security_bits(const RSA *rsa);
+
+int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
+int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q);
+int RSA_set0_crt_params(RSA *r,BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp);
+int RSA_set0_multi_prime_params(RSA *r, BIGNUM *primes[], BIGNUM *exps[],
+                                BIGNUM *coeffs[], int pnum);
+void RSA_get0_key(const RSA *r,
+                  const BIGNUM **n, const BIGNUM **e, const BIGNUM **d);
+void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q);
+int RSA_get_multi_prime_extra_count(const RSA *r);
+int RSA_get0_multi_prime_factors(const RSA *r, const BIGNUM *primes[]);
+void RSA_get0_crt_params(const RSA *r,
+                         const BIGNUM **dmp1, const BIGNUM **dmq1,
+                         const BIGNUM **iqmp);
+int RSA_get0_multi_prime_crt_params(const RSA *r, const BIGNUM *exps[],
+                                    const BIGNUM *coeffs[]);
+const BIGNUM *RSA_get0_n(const RSA *d);
+const BIGNUM *RSA_get0_e(const RSA *d);
+const BIGNUM *RSA_get0_d(const RSA *d);
+const BIGNUM *RSA_get0_p(const RSA *d);
+const BIGNUM *RSA_get0_q(const RSA *d);
+const BIGNUM *RSA_get0_dmp1(const RSA *r);
+const BIGNUM *RSA_get0_dmq1(const RSA *r);
+const BIGNUM *RSA_get0_iqmp(const RSA *r);
+void RSA_clear_flags(RSA *r, int flags);
+int RSA_test_flags(const RSA *r, int flags);
+void RSA_set_flags(RSA *r, int flags);
+int RSA_get_version(RSA *r);
+ENGINE *RSA_get0_engine(const RSA *r);
+
+/* Deprecated version */
+DEPRECATEDIN_0_9_8(RSA *RSA_generate_key(int bits, unsigned long e, void
+                                         (*callback) (int, int, void *),
+                                         void *cb_arg))
+
+/* New version */
+int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
+/* Multi-prime version */
+int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes,
+                                 BIGNUM *e, BN_GENCB *cb);
+
+int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1,
+                       BIGNUM *q2, const BIGNUM *Xp1, const BIGNUM *Xp2,
+                       const BIGNUM *Xp, const BIGNUM *Xq1, const BIGNUM *Xq2,
+                       const BIGNUM *Xq, const BIGNUM *e, BN_GENCB *cb);
+int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e,
+                             BN_GENCB *cb);
+
+int RSA_check_key(const RSA *);
+int RSA_check_key_ex(const RSA *, BN_GENCB *cb);
+        /* next 4 return -1 on error */
+int RSA_public_encrypt(int flen, const unsigned char *from,
+                       unsigned char *to, RSA *rsa, int padding);
+int RSA_private_encrypt(int flen, const unsigned char *from,
+                        unsigned char *to, RSA *rsa, int padding);
+int RSA_public_decrypt(int flen, const unsigned char *from,
+                       unsigned char *to, RSA *rsa, int padding);
+int RSA_private_decrypt(int flen, const unsigned char *from,
+                        unsigned char *to, RSA *rsa, int padding);
+void RSA_free(RSA *r);
+/* "up" the RSA object's reference count */
+int RSA_up_ref(RSA *r);
+
+int RSA_flags(const RSA *r);
+
+void RSA_set_default_method(const RSA_METHOD *meth);
+const RSA_METHOD *RSA_get_default_method(void);
+const RSA_METHOD *RSA_null_method(void);
+const RSA_METHOD *RSA_get_method(const RSA *rsa);
+int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
+
+/* these are the actual RSA functions */
+const RSA_METHOD *RSA_PKCS1_OpenSSL(void);
+
+int RSA_pkey_ctx_ctrl(EVP_PKEY_CTX *ctx, int optype, int cmd, int p1, void *p2);
+
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPublicKey)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPrivateKey)
+
+typedef struct rsa_pss_params_st {
+    X509_ALGOR *hashAlgorithm;
+    X509_ALGOR *maskGenAlgorithm;
+    ASN1_INTEGER *saltLength;
+    ASN1_INTEGER *trailerField;
+    /* Decoded hash algorithm from maskGenAlgorithm */
+    X509_ALGOR *maskHash;
+} RSA_PSS_PARAMS;
+
+DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS)
+
+typedef struct rsa_oaep_params_st {
+    X509_ALGOR *hashFunc;
+    X509_ALGOR *maskGenFunc;
+    X509_ALGOR *pSourceFunc;
+    /* Decoded hash algorithm from maskGenFunc */
+    X509_ALGOR *maskHash;
+} RSA_OAEP_PARAMS;
+
+DECLARE_ASN1_FUNCTIONS(RSA_OAEP_PARAMS)
+
+# ifndef OPENSSL_NO_STDIO
+int RSA_print_fp(FILE *fp, const RSA *r, int offset);
+# endif
+
+int RSA_print(BIO *bp, const RSA *r, int offset);
+
+/*
+ * The following 2 functions sign and verify a X509_SIG ASN1 object inside
+ * PKCS#1 padded RSA encryption
+ */
+int RSA_sign(int type, const unsigned char *m, unsigned int m_length,
+             unsigned char *sigret, unsigned int *siglen, RSA *rsa);
+int RSA_verify(int type, const unsigned char *m, unsigned int m_length,
+               const unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+
+/*
+ * The following 2 function sign and verify a ASN1_OCTET_STRING object inside
+ * PKCS#1 padded RSA encryption
+ */
+int RSA_sign_ASN1_OCTET_STRING(int type,
+                               const unsigned char *m, unsigned int m_length,
+                               unsigned char *sigret, unsigned int *siglen,
+                               RSA *rsa);
+int RSA_verify_ASN1_OCTET_STRING(int type, const unsigned char *m,
+                                 unsigned int m_length, unsigned char *sigbuf,
+                                 unsigned int siglen, RSA *rsa);
+
+int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
+void RSA_blinding_off(RSA *rsa);
+BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *ctx);
+
+int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
+                                 const unsigned char *f, int fl);
+int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
+                                   const unsigned char *f, int fl,
+                                   int rsa_len);
+int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
+                                 const unsigned char *f, int fl);
+int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
+                                   const unsigned char *f, int fl,
+                                   int rsa_len);
+int PKCS1_MGF1(unsigned char *mask, long len, const unsigned char *seed,
+               long seedlen, const EVP_MD *dgst);
+int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
+                               const unsigned char *f, int fl,
+                               const unsigned char *p, int pl);
+int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
+                                 const unsigned char *f, int fl, int rsa_len,
+                                 const unsigned char *p, int pl);
+int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
+                                    const unsigned char *from, int flen,
+                                    const unsigned char *param, int plen,
+                                    const EVP_MD *md, const EVP_MD *mgf1md);
+int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
+                                      const unsigned char *from, int flen,
+                                      int num, const unsigned char *param,
+                                      int plen, const EVP_MD *md,
+                                      const EVP_MD *mgf1md);
+int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
+                           const unsigned char *f, int fl);
+int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
+                             const unsigned char *f, int fl, int rsa_len);
+int RSA_padding_add_none(unsigned char *to, int tlen, const unsigned char *f,
+                         int fl);
+int RSA_padding_check_none(unsigned char *to, int tlen,
+                           const unsigned char *f, int fl, int rsa_len);
+int RSA_padding_add_X931(unsigned char *to, int tlen, const unsigned char *f,
+                         int fl);
+int RSA_padding_check_X931(unsigned char *to, int tlen,
+                           const unsigned char *f, int fl, int rsa_len);
+int RSA_X931_hash_id(int nid);
+
+int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
+                         const EVP_MD *Hash, const unsigned char *EM,
+                         int sLen);
+int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
+                              const unsigned char *mHash, const EVP_MD *Hash,
+                              int sLen);
+
+int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
+                              const EVP_MD *Hash, const EVP_MD *mgf1Hash,
+                              const unsigned char *EM, int sLen);
+
+int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
+                                   const unsigned char *mHash,
+                                   const EVP_MD *Hash, const EVP_MD *mgf1Hash,
+                                   int sLen);
+
+#define RSA_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, l, p, newf, dupf, freef)
+int RSA_set_ex_data(RSA *r, int idx, void *arg);
+void *RSA_get_ex_data(const RSA *r, int idx);
+
+RSA *RSAPublicKey_dup(RSA *rsa);
+RSA *RSAPrivateKey_dup(RSA *rsa);
+
+/*
+ * If this flag is set the RSA method is FIPS compliant and can be used in
+ * FIPS mode. This is set in the validated module method. If an application
+ * sets this flag in its own methods it is its responsibility to ensure the
+ * result is compliant.
+ */
+
+# define RSA_FLAG_FIPS_METHOD                    0x0400
+
+/*
+ * If this flag is set the operations normally disabled in FIPS mode are
+ * permitted it is then the applications responsibility to ensure that the
+ * usage is compliant.
+ */
+
+# define RSA_FLAG_NON_FIPS_ALLOW                 0x0400
+/*
+ * Application has decided PRNG is good enough to generate a key: don't
+ * check.
+ */
+# define RSA_FLAG_CHECKED                        0x0800
+
+RSA_METHOD *RSA_meth_new(const char *name, int flags);
+void RSA_meth_free(RSA_METHOD *meth);
+RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth);
+const char *RSA_meth_get0_name(const RSA_METHOD *meth);
+int RSA_meth_set1_name(RSA_METHOD *meth, const char *name);
+int RSA_meth_get_flags(const RSA_METHOD *meth);
+int RSA_meth_set_flags(RSA_METHOD *meth, int flags);
+void *RSA_meth_get0_app_data(const RSA_METHOD *meth);
+int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data);
+int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth))
+    (int flen, const unsigned char *from,
+     unsigned char *to, RSA *rsa, int padding);
+int RSA_meth_set_pub_enc(RSA_METHOD *rsa,
+                         int (*pub_enc) (int flen, const unsigned char *from,
+                                         unsigned char *to, RSA *rsa,
+                                         int padding));
+int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth))
+    (int flen, const unsigned char *from,
+     unsigned char *to, RSA *rsa, int padding);
+int RSA_meth_set_pub_dec(RSA_METHOD *rsa,
+                         int (*pub_dec) (int flen, const unsigned char *from,
+                                         unsigned char *to, RSA *rsa,
+                                         int padding));
+int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth))
+    (int flen, const unsigned char *from,
+     unsigned char *to, RSA *rsa, int padding);
+int RSA_meth_set_priv_enc(RSA_METHOD *rsa,
+                          int (*priv_enc) (int flen, const unsigned char *from,
+                                           unsigned char *to, RSA *rsa,
+                                           int padding));
+int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth))
+    (int flen, const unsigned char *from,
+     unsigned char *to, RSA *rsa, int padding);
+int RSA_meth_set_priv_dec(RSA_METHOD *rsa,
+                          int (*priv_dec) (int flen, const unsigned char *from,
+                                           unsigned char *to, RSA *rsa,
+                                           int padding));
+int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth))
+    (BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx);
+int RSA_meth_set_mod_exp(RSA_METHOD *rsa,
+                         int (*mod_exp) (BIGNUM *r0, const BIGNUM *i, RSA *rsa,
+                                         BN_CTX *ctx));
+int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth))
+    (BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+     const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+int RSA_meth_set_bn_mod_exp(RSA_METHOD *rsa,
+                            int (*bn_mod_exp) (BIGNUM *r,
+                                               const BIGNUM *a,
+                                               const BIGNUM *p,
+                                               const BIGNUM *m,
+                                               BN_CTX *ctx,
+                                               BN_MONT_CTX *m_ctx));
+int (*RSA_meth_get_init(const RSA_METHOD *meth)) (RSA *rsa);
+int RSA_meth_set_init(RSA_METHOD *rsa, int (*init) (RSA *rsa));
+int (*RSA_meth_get_finish(const RSA_METHOD *meth)) (RSA *rsa);
+int RSA_meth_set_finish(RSA_METHOD *rsa, int (*finish) (RSA *rsa));
+int (*RSA_meth_get_sign(const RSA_METHOD *meth))
+    (int type,
+     const unsigned char *m, unsigned int m_length,
+     unsigned char *sigret, unsigned int *siglen,
+     const RSA *rsa);
+int RSA_meth_set_sign(RSA_METHOD *rsa,
+                      int (*sign) (int type, const unsigned char *m,
+                                   unsigned int m_length,
+                                   unsigned char *sigret, unsigned int *siglen,
+                                   const RSA *rsa));
+int (*RSA_meth_get_verify(const RSA_METHOD *meth))
+    (int dtype, const unsigned char *m,
+     unsigned int m_length, const unsigned char *sigbuf,
+     unsigned int siglen, const RSA *rsa);
+int RSA_meth_set_verify(RSA_METHOD *rsa,
+                        int (*verify) (int dtype, const unsigned char *m,
+                                       unsigned int m_length,
+                                       const unsigned char *sigbuf,
+                                       unsigned int siglen, const RSA *rsa));
+int (*RSA_meth_get_keygen(const RSA_METHOD *meth))
+    (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
+int RSA_meth_set_keygen(RSA_METHOD *rsa,
+                        int (*keygen) (RSA *rsa, int bits, BIGNUM *e,
+                                       BN_GENCB *cb));
+int (*RSA_meth_get_multi_prime_keygen(const RSA_METHOD *meth))
+    (RSA *rsa, int bits, int primes, BIGNUM *e, BN_GENCB *cb);
+int RSA_meth_set_multi_prime_keygen(RSA_METHOD *meth,
+                                    int (*keygen) (RSA *rsa, int bits,
+                                                   int primes, BIGNUM *e,
+                                                   BN_GENCB *cb));
+
+#  ifdef  __cplusplus
+}
+#  endif
+# endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/rsaerr.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/rsaerr.h
new file mode 100644
index 000000000..d5bc01c10
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/rsaerr.h
@@ -0,0 +1,162 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_RSAERR_H
+# define HEADER_RSAERR_H
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_RSA_strings(void);
+
+/*
+ * RSA function codes.
+ */
+# define RSA_F_CHECK_PADDING_MD                           140
+# define RSA_F_ENCODE_PKCS1                               146
+# define RSA_F_INT_RSA_VERIFY                             145
+# define RSA_F_OLD_RSA_PRIV_DECODE                        147
+# define RSA_F_PKEY_PSS_INIT                              165
+# define RSA_F_PKEY_RSA_CTRL                              143
+# define RSA_F_PKEY_RSA_CTRL_STR                          144
+# define RSA_F_PKEY_RSA_SIGN                              142
+# define RSA_F_PKEY_RSA_VERIFY                            149
+# define RSA_F_PKEY_RSA_VERIFYRECOVER                     141
+# define RSA_F_RSA_ALGOR_TO_MD                            156
+# define RSA_F_RSA_BUILTIN_KEYGEN                         129
+# define RSA_F_RSA_CHECK_KEY                              123
+# define RSA_F_RSA_CHECK_KEY_EX                           160
+# define RSA_F_RSA_CMS_DECRYPT                            159
+# define RSA_F_RSA_CMS_VERIFY                             158
+# define RSA_F_RSA_ITEM_VERIFY                            148
+# define RSA_F_RSA_METH_DUP                               161
+# define RSA_F_RSA_METH_NEW                               162
+# define RSA_F_RSA_METH_SET1_NAME                         163
+# define RSA_F_RSA_MGF1_TO_MD                             157
+# define RSA_F_RSA_MULTIP_INFO_NEW                        166
+# define RSA_F_RSA_NEW_METHOD                             106
+# define RSA_F_RSA_NULL                                   124
+# define RSA_F_RSA_NULL_PRIVATE_DECRYPT                   132
+# define RSA_F_RSA_NULL_PRIVATE_ENCRYPT                   133
+# define RSA_F_RSA_NULL_PUBLIC_DECRYPT                    134
+# define RSA_F_RSA_NULL_PUBLIC_ENCRYPT                    135
+# define RSA_F_RSA_OSSL_PRIVATE_DECRYPT                   101
+# define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT                   102
+# define RSA_F_RSA_OSSL_PUBLIC_DECRYPT                    103
+# define RSA_F_RSA_OSSL_PUBLIC_ENCRYPT                    104
+# define RSA_F_RSA_PADDING_ADD_NONE                       107
+# define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP                 121
+# define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1            154
+# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS                  125
+# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1             152
+# define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1               108
+# define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2               109
+# define RSA_F_RSA_PADDING_ADD_SSLV23                     110
+# define RSA_F_RSA_PADDING_ADD_X931                       127
+# define RSA_F_RSA_PADDING_CHECK_NONE                     111
+# define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP               122
+# define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1          153
+# define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1             112
+# define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2             113
+# define RSA_F_RSA_PADDING_CHECK_SSLV23                   114
+# define RSA_F_RSA_PADDING_CHECK_X931                     128
+# define RSA_F_RSA_PARAM_DECODE                           164
+# define RSA_F_RSA_PRINT                                  115
+# define RSA_F_RSA_PRINT_FP                               116
+# define RSA_F_RSA_PRIV_DECODE                            150
+# define RSA_F_RSA_PRIV_ENCODE                            138
+# define RSA_F_RSA_PSS_GET_PARAM                          151
+# define RSA_F_RSA_PSS_TO_CTX                             155
+# define RSA_F_RSA_PUB_DECODE                             139
+# define RSA_F_RSA_SETUP_BLINDING                         136
+# define RSA_F_RSA_SIGN                                   117
+# define RSA_F_RSA_SIGN_ASN1_OCTET_STRING                 118
+# define RSA_F_RSA_VERIFY                                 119
+# define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING               120
+# define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1                  126
+# define RSA_F_SETUP_TBUF                                 167
+
+/*
+ * RSA reason codes.
+ */
+# define RSA_R_ALGORITHM_MISMATCH                         100
+# define RSA_R_BAD_E_VALUE                                101
+# define RSA_R_BAD_FIXED_HEADER_DECRYPT                   102
+# define RSA_R_BAD_PAD_BYTE_COUNT                         103
+# define RSA_R_BAD_SIGNATURE                              104
+# define RSA_R_BLOCK_TYPE_IS_NOT_01                       106
+# define RSA_R_BLOCK_TYPE_IS_NOT_02                       107
+# define RSA_R_DATA_GREATER_THAN_MOD_LEN                  108
+# define RSA_R_DATA_TOO_LARGE                             109
+# define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE                110
+# define RSA_R_DATA_TOO_LARGE_FOR_MODULUS                 132
+# define RSA_R_DATA_TOO_SMALL                             111
+# define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE                122
+# define RSA_R_DIGEST_DOES_NOT_MATCH                      158
+# define RSA_R_DIGEST_NOT_ALLOWED                         145
+# define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY                 112
+# define RSA_R_DMP1_NOT_CONGRUENT_TO_D                    124
+# define RSA_R_DMQ1_NOT_CONGRUENT_TO_D                    125
+# define RSA_R_D_E_NOT_CONGRUENT_TO_1                     123
+# define RSA_R_FIRST_OCTET_INVALID                        133
+# define RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE        144
+# define RSA_R_INVALID_DIGEST                             157
+# define RSA_R_INVALID_DIGEST_LENGTH                      143
+# define RSA_R_INVALID_HEADER                             137
+# define RSA_R_INVALID_LABEL                              160
+# define RSA_R_INVALID_MESSAGE_LENGTH                     131
+# define RSA_R_INVALID_MGF1_MD                            156
+# define RSA_R_INVALID_MULTI_PRIME_KEY                    167
+# define RSA_R_INVALID_OAEP_PARAMETERS                    161
+# define RSA_R_INVALID_PADDING                            138
+# define RSA_R_INVALID_PADDING_MODE                       141
+# define RSA_R_INVALID_PSS_PARAMETERS                     149
+# define RSA_R_INVALID_PSS_SALTLEN                        146
+# define RSA_R_INVALID_SALT_LENGTH                        150
+# define RSA_R_INVALID_TRAILER                            139
+# define RSA_R_INVALID_X931_DIGEST                        142
+# define RSA_R_IQMP_NOT_INVERSE_OF_Q                      126
+# define RSA_R_KEY_PRIME_NUM_INVALID                      165
+# define RSA_R_KEY_SIZE_TOO_SMALL                         120
+# define RSA_R_LAST_OCTET_INVALID                         134
+# define RSA_R_MGF1_DIGEST_NOT_ALLOWED                    152
+# define RSA_R_MODULUS_TOO_LARGE                          105
+# define RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R            168
+# define RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D             169
+# define RSA_R_MP_R_NOT_PRIME                             170
+# define RSA_R_NO_PUBLIC_EXPONENT                         140
+# define RSA_R_NULL_BEFORE_BLOCK_MISSING                  113
+# define RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES         172
+# define RSA_R_N_DOES_NOT_EQUAL_P_Q                       127
+# define RSA_R_OAEP_DECODING_ERROR                        121
+# define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE   148
+# define RSA_R_PADDING_CHECK_FAILED                       114
+# define RSA_R_PKCS_DECODING_ERROR                        159
+# define RSA_R_PSS_SALTLEN_TOO_SMALL                      164
+# define RSA_R_P_NOT_PRIME                                128
+# define RSA_R_Q_NOT_PRIME                                129
+# define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED               130
+# define RSA_R_SLEN_CHECK_FAILED                          136
+# define RSA_R_SLEN_RECOVERY_FAILED                       135
+# define RSA_R_SSLV3_ROLLBACK_ATTACK                      115
+# define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116
+# define RSA_R_UNKNOWN_ALGORITHM_TYPE                     117
+# define RSA_R_UNKNOWN_DIGEST                             166
+# define RSA_R_UNKNOWN_MASK_DIGEST                        151
+# define RSA_R_UNKNOWN_PADDING_TYPE                       118
+# define RSA_R_UNSUPPORTED_ENCRYPTION_TYPE                162
+# define RSA_R_UNSUPPORTED_LABEL_SOURCE                   163
+# define RSA_R_UNSUPPORTED_MASK_ALGORITHM                 153
+# define RSA_R_UNSUPPORTED_MASK_PARAMETER                 154
+# define RSA_R_UNSUPPORTED_SIGNATURE_TYPE                 155
+# define RSA_R_VALUE_MISSING                              147
+# define RSA_R_WRONG_SIGNATURE_LENGTH                     119
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/safestack.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/safestack.h
new file mode 100644
index 000000000..38b557897
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/safestack.h
@@ -0,0 +1,207 @@
+/*
+ * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_SAFESTACK_H
+# define HEADER_SAFESTACK_H
+
+# include <openssl/stack.h>
+# include <openssl/e_os2.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# define STACK_OF(type) struct stack_st_##type
+
+# define SKM_DEFINE_STACK_OF(t1, t2, t3) \
+    STACK_OF(t1); \
+    typedef int (*sk_##t1##_compfunc)(const t3 * const *a, const t3 *const *b); \
+    typedef void (*sk_##t1##_freefunc)(t3 *a); \
+    typedef t3 * (*sk_##t1##_copyfunc)(const t3 *a); \
+    static ossl_unused ossl_inline int sk_##t1##_num(const STACK_OF(t1) *sk) \
+    { \
+        return OPENSSL_sk_num((const OPENSSL_STACK *)sk); \
+    } \
+    static ossl_unused ossl_inline t2 *sk_##t1##_value(const STACK_OF(t1) *sk, int idx) \
+    { \
+        return (t2 *)OPENSSL_sk_value((const OPENSSL_STACK *)sk, idx); \
+    } \
+    static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_new(sk_##t1##_compfunc compare) \
+    { \
+        return (STACK_OF(t1) *)OPENSSL_sk_new((OPENSSL_sk_compfunc)compare); \
+    } \
+    static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_new_null(void) \
+    { \
+        return (STACK_OF(t1) *)OPENSSL_sk_new_null(); \
+    } \
+    static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_new_reserve(sk_##t1##_compfunc compare, int n) \
+    { \
+        return (STACK_OF(t1) *)OPENSSL_sk_new_reserve((OPENSSL_sk_compfunc)compare, n); \
+    } \
+    static ossl_unused ossl_inline int sk_##t1##_reserve(STACK_OF(t1) *sk, int n) \
+    { \
+        return OPENSSL_sk_reserve((OPENSSL_STACK *)sk, n); \
+    } \
+    static ossl_unused ossl_inline void sk_##t1##_free(STACK_OF(t1) *sk) \
+    { \
+        OPENSSL_sk_free((OPENSSL_STACK *)sk); \
+    } \
+    static ossl_unused ossl_inline void sk_##t1##_zero(STACK_OF(t1) *sk) \
+    { \
+        OPENSSL_sk_zero((OPENSSL_STACK *)sk); \
+    } \
+    static ossl_unused ossl_inline t2 *sk_##t1##_delete(STACK_OF(t1) *sk, int i) \
+    { \
+        return (t2 *)OPENSSL_sk_delete((OPENSSL_STACK *)sk, i); \
+    } \
+    static ossl_unused ossl_inline t2 *sk_##t1##_delete_ptr(STACK_OF(t1) *sk, t2 *ptr) \
+    { \
+        return (t2 *)OPENSSL_sk_delete_ptr((OPENSSL_STACK *)sk, \
+                                           (const void *)ptr); \
+    } \
+    static ossl_unused ossl_inline int sk_##t1##_push(STACK_OF(t1) *sk, t2 *ptr) \
+    { \
+        return OPENSSL_sk_push((OPENSSL_STACK *)sk, (const void *)ptr); \
+    } \
+    static ossl_unused ossl_inline int sk_##t1##_unshift(STACK_OF(t1) *sk, t2 *ptr) \
+    { \
+        return OPENSSL_sk_unshift((OPENSSL_STACK *)sk, (const void *)ptr); \
+    } \
+    static ossl_unused ossl_inline t2 *sk_##t1##_pop(STACK_OF(t1) *sk) \
+    { \
+        return (t2 *)OPENSSL_sk_pop((OPENSSL_STACK *)sk); \
+    } \
+    static ossl_unused ossl_inline t2 *sk_##t1##_shift(STACK_OF(t1) *sk) \
+    { \
+        return (t2 *)OPENSSL_sk_shift((OPENSSL_STACK *)sk); \
+    } \
+    static ossl_unused ossl_inline void sk_##t1##_pop_free(STACK_OF(t1) *sk, sk_##t1##_freefunc freefunc) \
+    { \
+        OPENSSL_sk_pop_free((OPENSSL_STACK *)sk, (OPENSSL_sk_freefunc)freefunc); \
+    } \
+    static ossl_unused ossl_inline int sk_##t1##_insert(STACK_OF(t1) *sk, t2 *ptr, int idx) \
+    { \
+        return OPENSSL_sk_insert((OPENSSL_STACK *)sk, (const void *)ptr, idx); \
+    } \
+    static ossl_unused ossl_inline t2 *sk_##t1##_set(STACK_OF(t1) *sk, int idx, t2 *ptr) \
+    { \
+        return (t2 *)OPENSSL_sk_set((OPENSSL_STACK *)sk, idx, (const void *)ptr); \
+    } \
+    static ossl_unused ossl_inline int sk_##t1##_find(STACK_OF(t1) *sk, t2 *ptr) \
+    { \
+        return OPENSSL_sk_find((OPENSSL_STACK *)sk, (const void *)ptr); \
+    } \
+    static ossl_unused ossl_inline int sk_##t1##_find_ex(STACK_OF(t1) *sk, t2 *ptr) \
+    { \
+        return OPENSSL_sk_find_ex((OPENSSL_STACK *)sk, (const void *)ptr); \
+    } \
+    static ossl_unused ossl_inline void sk_##t1##_sort(STACK_OF(t1) *sk) \
+    { \
+        OPENSSL_sk_sort((OPENSSL_STACK *)sk); \
+    } \
+    static ossl_unused ossl_inline int sk_##t1##_is_sorted(const STACK_OF(t1) *sk) \
+    { \
+        return OPENSSL_sk_is_sorted((const OPENSSL_STACK *)sk); \
+    } \
+    static ossl_unused ossl_inline STACK_OF(t1) * sk_##t1##_dup(const STACK_OF(t1) *sk) \
+    { \
+        return (STACK_OF(t1) *)OPENSSL_sk_dup((const OPENSSL_STACK *)sk); \
+    } \
+    static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_deep_copy(const STACK_OF(t1) *sk, \
+                                                    sk_##t1##_copyfunc copyfunc, \
+                                                    sk_##t1##_freefunc freefunc) \
+    { \
+        return (STACK_OF(t1) *)OPENSSL_sk_deep_copy((const OPENSSL_STACK *)sk, \
+                                            (OPENSSL_sk_copyfunc)copyfunc, \
+                                            (OPENSSL_sk_freefunc)freefunc); \
+    } \
+    static ossl_unused ossl_inline sk_##t1##_compfunc sk_##t1##_set_cmp_func(STACK_OF(t1) *sk, sk_##t1##_compfunc compare) \
+    { \
+        return (sk_##t1##_compfunc)OPENSSL_sk_set_cmp_func((OPENSSL_STACK *)sk, (OPENSSL_sk_compfunc)compare); \
+    }
+
+# define DEFINE_SPECIAL_STACK_OF(t1, t2) SKM_DEFINE_STACK_OF(t1, t2, t2)
+# define DEFINE_STACK_OF(t) SKM_DEFINE_STACK_OF(t, t, t)
+# define DEFINE_SPECIAL_STACK_OF_CONST(t1, t2) \
+            SKM_DEFINE_STACK_OF(t1, const t2, t2)
+# define DEFINE_STACK_OF_CONST(t) SKM_DEFINE_STACK_OF(t, const t, t)
+
+/*-
+ * Strings are special: normally an lhash entry will point to a single
+ * (somewhat) mutable object. In the case of strings:
+ *
+ * a) Instead of a single char, there is an array of chars, NUL-terminated.
+ * b) The string may have be immutable.
+ *
+ * So, they need their own declarations. Especially important for
+ * type-checking tools, such as Deputy.
+ *
+ * In practice, however, it appears to be hard to have a const
+ * string. For now, I'm settling for dealing with the fact it is a
+ * string at all.
+ */
+typedef char *OPENSSL_STRING;
+typedef const char *OPENSSL_CSTRING;
+
+/*-
+ * Confusingly, LHASH_OF(STRING) deals with char ** throughout, but
+ * STACK_OF(STRING) is really more like STACK_OF(char), only, as mentioned
+ * above, instead of a single char each entry is a NUL-terminated array of
+ * chars. So, we have to implement STRING specially for STACK_OF. This is
+ * dealt with in the autogenerated macros below.
+ */
+DEFINE_SPECIAL_STACK_OF(OPENSSL_STRING, char)
+DEFINE_SPECIAL_STACK_OF_CONST(OPENSSL_CSTRING, char)
+
+/*
+ * Similarly, we sometimes use a block of characters, NOT nul-terminated.
+ * These should also be distinguished from "normal" stacks.
+ */
+typedef void *OPENSSL_BLOCK;
+DEFINE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
+
+/*
+ * If called without higher optimization (min. -xO3) the Oracle Developer
+ * Studio compiler generates code for the defined (static inline) functions
+ * above.
+ * This would later lead to the linker complaining about missing symbols when
+ * this header file is included but the resulting object is not linked against
+ * the Crypto library (openssl#6912).
+ */
+# ifdef __SUNPRO_C
+#  pragma weak OPENSSL_sk_num
+#  pragma weak OPENSSL_sk_value
+#  pragma weak OPENSSL_sk_new
+#  pragma weak OPENSSL_sk_new_null
+#  pragma weak OPENSSL_sk_new_reserve
+#  pragma weak OPENSSL_sk_reserve
+#  pragma weak OPENSSL_sk_free
+#  pragma weak OPENSSL_sk_zero
+#  pragma weak OPENSSL_sk_delete
+#  pragma weak OPENSSL_sk_delete_ptr
+#  pragma weak OPENSSL_sk_push
+#  pragma weak OPENSSL_sk_unshift
+#  pragma weak OPENSSL_sk_pop
+#  pragma weak OPENSSL_sk_shift
+#  pragma weak OPENSSL_sk_pop_free
+#  pragma weak OPENSSL_sk_insert
+#  pragma weak OPENSSL_sk_set
+#  pragma weak OPENSSL_sk_find
+#  pragma weak OPENSSL_sk_find_ex
+#  pragma weak OPENSSL_sk_sort
+#  pragma weak OPENSSL_sk_is_sorted
+#  pragma weak OPENSSL_sk_dup
+#  pragma weak OPENSSL_sk_deep_copy
+#  pragma weak OPENSSL_sk_set_cmp_func
+# endif /* __SUNPRO_C */
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/seed.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/seed.h
new file mode 100644
index 000000000..de10b0857
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/seed.h
@@ -0,0 +1,96 @@
+/*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Neither the name of author nor the names of its contributors may
+ *    be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef HEADER_SEED_H
+# define HEADER_SEED_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_SEED
+# include <openssl/e_os2.h>
+# include <openssl/crypto.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* look whether we need 'long' to get 32 bits */
+# ifdef AES_LONG
+#  ifndef SEED_LONG
+#   define SEED_LONG 1
+#  endif
+# endif
+
+# include <sys/types.h>
+
+# define SEED_BLOCK_SIZE 16
+# define SEED_KEY_LENGTH 16
+
+typedef struct seed_key_st {
+# ifdef SEED_LONG
+    unsigned long data[32];
+# else
+    unsigned int data[32];
+# endif
+} SEED_KEY_SCHEDULE;
+
+void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH],
+                  SEED_KEY_SCHEDULE *ks);
+
+void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE],
+                  unsigned char d[SEED_BLOCK_SIZE],
+                  const SEED_KEY_SCHEDULE *ks);
+void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE],
+                  unsigned char d[SEED_BLOCK_SIZE],
+                  const SEED_KEY_SCHEDULE *ks);
+
+void SEED_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                      const SEED_KEY_SCHEDULE *ks, int enc);
+void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out, size_t len,
+                      const SEED_KEY_SCHEDULE *ks,
+                      unsigned char ivec[SEED_BLOCK_SIZE], int enc);
+void SEED_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+                         size_t len, const SEED_KEY_SCHEDULE *ks,
+                         unsigned char ivec[SEED_BLOCK_SIZE], int *num,
+                         int enc);
+void SEED_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+                         size_t len, const SEED_KEY_SCHEDULE *ks,
+                         unsigned char ivec[SEED_BLOCK_SIZE], int *num);
+
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/sha.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/sha.h
new file mode 100644
index 000000000..6a1eb0de8
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/sha.h
@@ -0,0 +1,119 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_SHA_H
+# define HEADER_SHA_H
+
+# include <openssl/e_os2.h>
+# include <stddef.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/*-
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * ! SHA_LONG has to be at least 32 bits wide.                    !
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ */
+# define SHA_LONG unsigned int
+
+# define SHA_LBLOCK      16
+# define SHA_CBLOCK      (SHA_LBLOCK*4)/* SHA treats input data as a
+                                        * contiguous array of 32 bit wide
+                                        * big-endian values. */
+# define SHA_LAST_BLOCK  (SHA_CBLOCK-8)
+# define SHA_DIGEST_LENGTH 20
+
+typedef struct SHAstate_st {
+    SHA_LONG h0, h1, h2, h3, h4;
+    SHA_LONG Nl, Nh;
+    SHA_LONG data[SHA_LBLOCK];
+    unsigned int num;
+} SHA_CTX;
+
+int SHA1_Init(SHA_CTX *c);
+int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
+int SHA1_Final(unsigned char *md, SHA_CTX *c);
+unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md);
+void SHA1_Transform(SHA_CTX *c, const unsigned char *data);
+
+# define SHA256_CBLOCK   (SHA_LBLOCK*4)/* SHA-256 treats input data as a
+                                        * contiguous array of 32 bit wide
+                                        * big-endian values. */
+
+typedef struct SHA256state_st {
+    SHA_LONG h[8];
+    SHA_LONG Nl, Nh;
+    SHA_LONG data[SHA_LBLOCK];
+    unsigned int num, md_len;
+} SHA256_CTX;
+
+int SHA224_Init(SHA256_CTX *c);
+int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);
+int SHA224_Final(unsigned char *md, SHA256_CTX *c);
+unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md);
+int SHA256_Init(SHA256_CTX *c);
+int SHA256_Update(SHA256_CTX *c, const void *data, size_t len);
+int SHA256_Final(unsigned char *md, SHA256_CTX *c);
+unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md);
+void SHA256_Transform(SHA256_CTX *c, const unsigned char *data);
+
+# define SHA224_DIGEST_LENGTH    28
+# define SHA256_DIGEST_LENGTH    32
+# define SHA384_DIGEST_LENGTH    48
+# define SHA512_DIGEST_LENGTH    64
+
+/*
+ * Unlike 32-bit digest algorithms, SHA-512 *relies* on SHA_LONG64
+ * being exactly 64-bit wide. See Implementation Notes in sha512.c
+ * for further details.
+ */
+/*
+ * SHA-512 treats input data as a
+ * contiguous array of 64 bit
+ * wide big-endian values.
+ */
+# define SHA512_CBLOCK   (SHA_LBLOCK*8)
+# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
+#  define SHA_LONG64 unsigned __int64
+#  define U64(C)     C##UI64
+# elif defined(__arch64__)
+#  define SHA_LONG64 unsigned long
+#  define U64(C)     C##UL
+# else
+#  define SHA_LONG64 unsigned long long
+#  define U64(C)     C##ULL
+# endif
+
+typedef struct SHA512state_st {
+    SHA_LONG64 h[8];
+    SHA_LONG64 Nl, Nh;
+    union {
+        SHA_LONG64 d[SHA_LBLOCK];
+        unsigned char p[SHA512_CBLOCK];
+    } u;
+    unsigned int num, md_len;
+} SHA512_CTX;
+
+int SHA384_Init(SHA512_CTX *c);
+int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
+int SHA384_Final(unsigned char *md, SHA512_CTX *c);
+unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md);
+int SHA512_Init(SHA512_CTX *c);
+int SHA512_Update(SHA512_CTX *c, const void *data, size_t len);
+int SHA512_Final(unsigned char *md, SHA512_CTX *c);
+unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md);
+void SHA512_Transform(SHA512_CTX *c, const unsigned char *data);
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/srp.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/srp.h
new file mode 100644
index 000000000..aaf13558e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/srp.h
@@ -0,0 +1,135 @@
+/*
+ * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2004, EdelKey Project. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Christophe Renou and Peter Sylvester,
+ * for the EdelKey project.
+ */
+
+#ifndef HEADER_SRP_H
+# define HEADER_SRP_H
+
+#include <openssl/opensslconf.h>
+
+#ifndef OPENSSL_NO_SRP
+# include <stdio.h>
+# include <string.h>
+# include <openssl/safestack.h>
+# include <openssl/bn.h>
+# include <openssl/crypto.h>
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+typedef struct SRP_gN_cache_st {
+    char *b64_bn;
+    BIGNUM *bn;
+} SRP_gN_cache;
+
+
+DEFINE_STACK_OF(SRP_gN_cache)
+
+typedef struct SRP_user_pwd_st {
+    /* Owned by us. */
+    char *id;
+    BIGNUM *s;
+    BIGNUM *v;
+    /* Not owned by us. */
+    const BIGNUM *g;
+    const BIGNUM *N;
+    /* Owned by us. */
+    char *info;
+} SRP_user_pwd;
+
+void SRP_user_pwd_free(SRP_user_pwd *user_pwd);
+
+DEFINE_STACK_OF(SRP_user_pwd)
+
+typedef struct SRP_VBASE_st {
+    STACK_OF(SRP_user_pwd) *users_pwd;
+    STACK_OF(SRP_gN_cache) *gN_cache;
+/* to simulate a user */
+    char *seed_key;
+    const BIGNUM *default_g;
+    const BIGNUM *default_N;
+} SRP_VBASE;
+
+/*
+ * Internal structure storing N and g pair
+ */
+typedef struct SRP_gN_st {
+    char *id;
+    const BIGNUM *g;
+    const BIGNUM *N;
+} SRP_gN;
+
+DEFINE_STACK_OF(SRP_gN)
+
+SRP_VBASE *SRP_VBASE_new(char *seed_key);
+void SRP_VBASE_free(SRP_VBASE *vb);
+int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file);
+
+/* This method ignores the configured seed and fails for an unknown user. */
+DEPRECATEDIN_1_1_0(SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username))
+/* NOTE: unlike in SRP_VBASE_get_by_user, caller owns the returned pointer.*/
+SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username);
+
+char *SRP_create_verifier(const char *user, const char *pass, char **salt,
+                          char **verifier, const char *N, const char *g);
+int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
+                           BIGNUM **verifier, const BIGNUM *N,
+                           const BIGNUM *g);
+
+# define SRP_NO_ERROR 0
+# define SRP_ERR_VBASE_INCOMPLETE_FILE 1
+# define SRP_ERR_VBASE_BN_LIB 2
+# define SRP_ERR_OPEN_FILE 3
+# define SRP_ERR_MEMORY 4
+
+# define DB_srptype      0
+# define DB_srpverifier  1
+# define DB_srpsalt      2
+# define DB_srpid        3
+# define DB_srpgN        4
+# define DB_srpinfo      5
+# undef  DB_NUMBER
+# define DB_NUMBER       6
+
+# define DB_SRP_INDEX    'I'
+# define DB_SRP_VALID    'V'
+# define DB_SRP_REVOKED  'R'
+# define DB_SRP_MODIF    'v'
+
+/* see srp.c */
+char *SRP_check_known_gN_param(const BIGNUM *g, const BIGNUM *N);
+SRP_gN *SRP_get_default_gN(const char *id);
+
+/* server side .... */
+BIGNUM *SRP_Calc_server_key(const BIGNUM *A, const BIGNUM *v, const BIGNUM *u,
+                            const BIGNUM *b, const BIGNUM *N);
+BIGNUM *SRP_Calc_B(const BIGNUM *b, const BIGNUM *N, const BIGNUM *g,
+                   const BIGNUM *v);
+int SRP_Verify_A_mod_N(const BIGNUM *A, const BIGNUM *N);
+BIGNUM *SRP_Calc_u(const BIGNUM *A, const BIGNUM *B, const BIGNUM *N);
+
+/* client side .... */
+BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass);
+BIGNUM *SRP_Calc_A(const BIGNUM *a, const BIGNUM *N, const BIGNUM *g);
+BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g,
+                            const BIGNUM *x, const BIGNUM *a, const BIGNUM *u);
+int SRP_Verify_B_mod_N(const BIGNUM *B, const BIGNUM *N);
+
+# define SRP_MINIMAL_N 1024
+
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/srtp.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/srtp.h
new file mode 100644
index 000000000..0b57c2356
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/srtp.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * DTLS code by Eric Rescorla <ekr@rtfm.com>
+ *
+ * Copyright (C) 2006, Network Resonance, Inc. Copyright (C) 2011, RTFM, Inc.
+ */
+
+#ifndef HEADER_D1_SRTP_H
+# define HEADER_D1_SRTP_H
+
+# include <openssl/ssl.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# define SRTP_AES128_CM_SHA1_80 0x0001
+# define SRTP_AES128_CM_SHA1_32 0x0002
+# define SRTP_AES128_F8_SHA1_80 0x0003
+# define SRTP_AES128_F8_SHA1_32 0x0004
+# define SRTP_NULL_SHA1_80      0x0005
+# define SRTP_NULL_SHA1_32      0x0006
+
+/* AEAD SRTP protection profiles from RFC 7714 */
+# define SRTP_AEAD_AES_128_GCM  0x0007
+# define SRTP_AEAD_AES_256_GCM  0x0008
+
+# ifndef OPENSSL_NO_SRTP
+
+__owur int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles);
+__owur int SSL_set_tlsext_use_srtp(SSL *ssl, const char *profiles);
+
+__owur STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl);
+__owur SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);
+
+# endif
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/ssl.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/ssl.h
new file mode 100644
index 000000000..48e1152a2
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/ssl.h
@@ -0,0 +1,2438 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_SSL_H
+# define HEADER_SSL_H
+
+# include <openssl/e_os2.h>
+# include <openssl/opensslconf.h>
+# include <openssl/comp.h>
+# include <openssl/bio.h>
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  include <openssl/x509.h>
+#  include <openssl/crypto.h>
+#  include <openssl/buffer.h>
+# endif
+# include <openssl/lhash.h>
+# include <openssl/pem.h>
+# include <openssl/hmac.h>
+# include <openssl/async.h>
+
+# include <openssl/safestack.h>
+# include <openssl/symhacks.h>
+# include <openssl/ct.h>
+# include <openssl/sslerr.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* OpenSSL version number for ASN.1 encoding of the session information */
+/*-
+ * Version 0 - initial version
+ * Version 1 - added the optional peer certificate
+ */
+# define SSL_SESSION_ASN1_VERSION 0x0001
+
+# define SSL_MAX_SSL_SESSION_ID_LENGTH           32
+# define SSL_MAX_SID_CTX_LENGTH                  32
+
+# define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES     (512/8)
+# define SSL_MAX_KEY_ARG_LENGTH                  8
+# define SSL_MAX_MASTER_KEY_LENGTH               48
+
+/* The maximum number of encrypt/decrypt pipelines we can support */
+# define SSL_MAX_PIPELINES  32
+
+/* text strings for the ciphers */
+
+/* These are used to specify which ciphers to use and not to use */
+
+# define SSL_TXT_LOW             "LOW"
+# define SSL_TXT_MEDIUM          "MEDIUM"
+# define SSL_TXT_HIGH            "HIGH"
+# define SSL_TXT_FIPS            "FIPS"
+
+# define SSL_TXT_aNULL           "aNULL"
+# define SSL_TXT_eNULL           "eNULL"
+# define SSL_TXT_NULL            "NULL"
+
+# define SSL_TXT_kRSA            "kRSA"
+# define SSL_TXT_kDHr            "kDHr"/* this cipher class has been removed */
+# define SSL_TXT_kDHd            "kDHd"/* this cipher class has been removed */
+# define SSL_TXT_kDH             "kDH"/* this cipher class has been removed */
+# define SSL_TXT_kEDH            "kEDH"/* alias for kDHE */
+# define SSL_TXT_kDHE            "kDHE"
+# define SSL_TXT_kECDHr          "kECDHr"/* this cipher class has been removed */
+# define SSL_TXT_kECDHe          "kECDHe"/* this cipher class has been removed */
+# define SSL_TXT_kECDH           "kECDH"/* this cipher class has been removed */
+# define SSL_TXT_kEECDH          "kEECDH"/* alias for kECDHE */
+# define SSL_TXT_kECDHE          "kECDHE"
+# define SSL_TXT_kPSK            "kPSK"
+# define SSL_TXT_kRSAPSK         "kRSAPSK"
+# define SSL_TXT_kECDHEPSK       "kECDHEPSK"
+# define SSL_TXT_kDHEPSK         "kDHEPSK"
+# define SSL_TXT_kGOST           "kGOST"
+# define SSL_TXT_kSRP            "kSRP"
+
+# define SSL_TXT_aRSA            "aRSA"
+# define SSL_TXT_aDSS            "aDSS"
+# define SSL_TXT_aDH             "aDH"/* this cipher class has been removed */
+# define SSL_TXT_aECDH           "aECDH"/* this cipher class has been removed */
+# define SSL_TXT_aECDSA          "aECDSA"
+# define SSL_TXT_aPSK            "aPSK"
+# define SSL_TXT_aGOST94         "aGOST94"
+# define SSL_TXT_aGOST01         "aGOST01"
+# define SSL_TXT_aGOST12         "aGOST12"
+# define SSL_TXT_aGOST           "aGOST"
+# define SSL_TXT_aSRP            "aSRP"
+
+# define SSL_TXT_DSS             "DSS"
+# define SSL_TXT_DH              "DH"
+# define SSL_TXT_DHE             "DHE"/* same as "kDHE:-ADH" */
+# define SSL_TXT_EDH             "EDH"/* alias for DHE */
+# define SSL_TXT_ADH             "ADH"
+# define SSL_TXT_RSA             "RSA"
+# define SSL_TXT_ECDH            "ECDH"
+# define SSL_TXT_EECDH           "EECDH"/* alias for ECDHE" */
+# define SSL_TXT_ECDHE           "ECDHE"/* same as "kECDHE:-AECDH" */
+# define SSL_TXT_AECDH           "AECDH"
+# define SSL_TXT_ECDSA           "ECDSA"
+# define SSL_TXT_PSK             "PSK"
+# define SSL_TXT_SRP             "SRP"
+
+# define SSL_TXT_DES             "DES"
+# define SSL_TXT_3DES            "3DES"
+# define SSL_TXT_RC4             "RC4"
+# define SSL_TXT_RC2             "RC2"
+# define SSL_TXT_IDEA            "IDEA"
+# define SSL_TXT_SEED            "SEED"
+# define SSL_TXT_AES128          "AES128"
+# define SSL_TXT_AES256          "AES256"
+# define SSL_TXT_AES             "AES"
+# define SSL_TXT_AES_GCM         "AESGCM"
+# define SSL_TXT_AES_CCM         "AESCCM"
+# define SSL_TXT_AES_CCM_8       "AESCCM8"
+# define SSL_TXT_CAMELLIA128     "CAMELLIA128"
+# define SSL_TXT_CAMELLIA256     "CAMELLIA256"
+# define SSL_TXT_CAMELLIA        "CAMELLIA"
+# define SSL_TXT_CHACHA20        "CHACHA20"
+# define SSL_TXT_GOST            "GOST89"
+# define SSL_TXT_ARIA            "ARIA"
+# define SSL_TXT_ARIA_GCM        "ARIAGCM"
+# define SSL_TXT_ARIA128         "ARIA128"
+# define SSL_TXT_ARIA256         "ARIA256"
+
+# define SSL_TXT_MD5             "MD5"
+# define SSL_TXT_SHA1            "SHA1"
+# define SSL_TXT_SHA             "SHA"/* same as "SHA1" */
+# define SSL_TXT_GOST94          "GOST94"
+# define SSL_TXT_GOST89MAC       "GOST89MAC"
+# define SSL_TXT_GOST12          "GOST12"
+# define SSL_TXT_GOST89MAC12     "GOST89MAC12"
+# define SSL_TXT_SHA256          "SHA256"
+# define SSL_TXT_SHA384          "SHA384"
+
+# define SSL_TXT_SSLV3           "SSLv3"
+# define SSL_TXT_TLSV1           "TLSv1"
+# define SSL_TXT_TLSV1_1         "TLSv1.1"
+# define SSL_TXT_TLSV1_2         "TLSv1.2"
+
+# define SSL_TXT_ALL             "ALL"
+
+/*-
+ * COMPLEMENTOF* definitions. These identifiers are used to (de-select)
+ * ciphers normally not being used.
+ * Example: "RC4" will activate all ciphers using RC4 including ciphers
+ * without authentication, which would normally disabled by DEFAULT (due
+ * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT"
+ * will make sure that it is also disabled in the specific selection.
+ * COMPLEMENTOF* identifiers are portable between version, as adjustments
+ * to the default cipher setup will also be included here.
+ *
+ * COMPLEMENTOFDEFAULT does not experience the same special treatment that
+ * DEFAULT gets, as only selection is being done and no sorting as needed
+ * for DEFAULT.
+ */
+# define SSL_TXT_CMPALL          "COMPLEMENTOFALL"
+# define SSL_TXT_CMPDEF          "COMPLEMENTOFDEFAULT"
+
+/*
+ * The following cipher list is used by default. It also is substituted when
+ * an application-defined cipher list string starts with 'DEFAULT'.
+ * This applies to ciphersuites for TLSv1.2 and below.
+ */
+# define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL"
+/* This is the default set of TLSv1.3 ciphersuites */
+# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
+#  define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
+                                   "TLS_CHACHA20_POLY1305_SHA256:" \
+                                   "TLS_AES_128_GCM_SHA256"
+# else
+#  define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
+                                   "TLS_AES_128_GCM_SHA256"
+#endif
+/*
+ * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
+ * starts with a reasonable order, and all we have to do for DEFAULT is
+ * throwing out anonymous and unencrypted ciphersuites! (The latter are not
+ * actually enabled by ALL, but "ALL:RSA" would enable some of them.)
+ */
+
+/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
+# define SSL_SENT_SHUTDOWN       1
+# define SSL_RECEIVED_SHUTDOWN   2
+
+#ifdef __cplusplus
+}
+#endif
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# define SSL_FILETYPE_ASN1       X509_FILETYPE_ASN1
+# define SSL_FILETYPE_PEM        X509_FILETYPE_PEM
+
+/*
+ * This is needed to stop compilers complaining about the 'struct ssl_st *'
+ * function parameters used to prototype callbacks in SSL_CTX.
+ */
+typedef struct ssl_st *ssl_crock_st;
+typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT;
+typedef struct ssl_method_st SSL_METHOD;
+typedef struct ssl_cipher_st SSL_CIPHER;
+typedef struct ssl_session_st SSL_SESSION;
+typedef struct tls_sigalgs_st TLS_SIGALGS;
+typedef struct ssl_conf_ctx_st SSL_CONF_CTX;
+typedef struct ssl_comp_st SSL_COMP;
+
+STACK_OF(SSL_CIPHER);
+STACK_OF(SSL_COMP);
+
+/* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/
+typedef struct srtp_protection_profile_st {
+    const char *name;
+    unsigned long id;
+} SRTP_PROTECTION_PROFILE;
+
+DEFINE_STACK_OF(SRTP_PROTECTION_PROFILE)
+
+typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data,
+                                            int len, void *arg);
+typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len,
+                                        STACK_OF(SSL_CIPHER) *peer_ciphers,
+                                        const SSL_CIPHER **cipher, void *arg);
+
+/* Extension context codes */
+/* This extension is only allowed in TLS */
+#define SSL_EXT_TLS_ONLY                        0x0001
+/* This extension is only allowed in DTLS */
+#define SSL_EXT_DTLS_ONLY                       0x0002
+/* Some extensions may be allowed in DTLS but we don't implement them for it */
+#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x0004
+/* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */
+#define SSL_EXT_SSL3_ALLOWED                    0x0008
+/* Extension is only defined for TLS1.2 and below */
+#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x0010
+/* Extension is only defined for TLS1.3 and above */
+#define SSL_EXT_TLS1_3_ONLY                     0x0020
+/* Ignore this extension during parsing if we are resuming */
+#define SSL_EXT_IGNORE_ON_RESUMPTION            0x0040
+#define SSL_EXT_CLIENT_HELLO                    0x0080
+/* Really means TLS1.2 or below */
+#define SSL_EXT_TLS1_2_SERVER_HELLO             0x0100
+#define SSL_EXT_TLS1_3_SERVER_HELLO             0x0200
+#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x0400
+#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x0800
+#define SSL_EXT_TLS1_3_CERTIFICATE              0x1000
+#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x2000
+#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x4000
+
+/* Typedefs for handling custom extensions */
+
+typedef int (*custom_ext_add_cb)(SSL *s, unsigned int ext_type,
+                                 const unsigned char **out, size_t *outlen,
+                                 int *al, void *add_arg);
+
+typedef void (*custom_ext_free_cb)(SSL *s, unsigned int ext_type,
+                                   const unsigned char *out, void *add_arg);
+
+typedef int (*custom_ext_parse_cb)(SSL *s, unsigned int ext_type,
+                                   const unsigned char *in, size_t inlen,
+                                   int *al, void *parse_arg);
+
+
+typedef int (*SSL_custom_ext_add_cb_ex)(SSL *s, unsigned int ext_type,
+                                        unsigned int context,
+                                        const unsigned char **out,
+                                        size_t *outlen, X509 *x,
+                                        size_t chainidx,
+                                        int *al, void *add_arg);
+
+typedef void (*SSL_custom_ext_free_cb_ex)(SSL *s, unsigned int ext_type,
+                                          unsigned int context,
+                                          const unsigned char *out,
+                                          void *add_arg);
+
+typedef int (*SSL_custom_ext_parse_cb_ex)(SSL *s, unsigned int ext_type,
+                                          unsigned int context,
+                                          const unsigned char *in,
+                                          size_t inlen, X509 *x,
+                                          size_t chainidx,
+                                          int *al, void *parse_arg);
+
+/* Typedef for verification callback */
+typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx);
+
+/*
+ * Some values are reserved until OpenSSL 1.2.0 because they were previously
+ * included in SSL_OP_ALL in a 1.1.x release.
+ *
+ * Reserved value (until OpenSSL 1.2.0)                  0x00000001U
+ * Reserved value (until OpenSSL 1.2.0)                  0x00000002U
+ */
+/* Allow initial connection to servers that don't support RI */
+# define SSL_OP_LEGACY_SERVER_CONNECT                    0x00000004U
+
+/* Reserved value (until OpenSSL 1.2.0)                  0x00000008U */
+# define SSL_OP_TLSEXT_PADDING                           0x00000010U
+/* Reserved value (until OpenSSL 1.2.0)                  0x00000020U */
+# define SSL_OP_SAFARI_ECDHE_ECDSA_BUG                   0x00000040U
+/*
+ * Reserved value (until OpenSSL 1.2.0)                  0x00000080U
+ * Reserved value (until OpenSSL 1.2.0)                  0x00000100U
+ * Reserved value (until OpenSSL 1.2.0)                  0x00000200U
+ */
+
+/* In TLSv1.3 allow a non-(ec)dhe based kex_mode */
+# define SSL_OP_ALLOW_NO_DHE_KEX                         0x00000400U
+
+/*
+ * Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added in
+ * OpenSSL 0.9.6d.  Usually (depending on the application protocol) the
+ * workaround is not needed.  Unfortunately some broken SSL/TLS
+ * implementations cannot handle it at all, which is why we include it in
+ * SSL_OP_ALL. Added in 0.9.6e
+ */
+# define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS              0x00000800U
+
+/* DTLS options */
+# define SSL_OP_NO_QUERY_MTU                             0x00001000U
+/* Turn on Cookie Exchange (on relevant for servers) */
+# define SSL_OP_COOKIE_EXCHANGE                          0x00002000U
+/* Don't use RFC4507 ticket extension */
+# define SSL_OP_NO_TICKET                                0x00004000U
+# ifndef OPENSSL_NO_DTLS1_METHOD
+/* Use Cisco's "speshul" version of DTLS_BAD_VER
+ * (only with deprecated DTLSv1_client_method())  */
+#  define SSL_OP_CISCO_ANYCONNECT                        0x00008000U
+# endif
+
+/* As server, disallow session resumption on renegotiation */
+# define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION   0x00010000U
+/* Don't use compression even if supported */
+# define SSL_OP_NO_COMPRESSION                           0x00020000U
+/* Permit unsafe legacy renegotiation */
+# define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION        0x00040000U
+/* Disable encrypt-then-mac */
+# define SSL_OP_NO_ENCRYPT_THEN_MAC                      0x00080000U
+
+/*
+ * Enable TLSv1.3 Compatibility mode. This is on by default. A future version
+ * of OpenSSL may have this disabled by default.
+ */
+# define SSL_OP_ENABLE_MIDDLEBOX_COMPAT                  0x00100000U
+
+/* Prioritize Chacha20Poly1305 when client does.
+ * Modifies SSL_OP_CIPHER_SERVER_PREFERENCE */
+# define SSL_OP_PRIORITIZE_CHACHA                        0x00200000U
+
+/*
+ * Set on servers to choose the cipher according to the server's preferences
+ */
+# define SSL_OP_CIPHER_SERVER_PREFERENCE                 0x00400000U
+/*
+ * If set, a server will allow a client to issue a SSLv3.0 version number as
+ * latest version supported in the premaster secret, even when TLSv1.0
+ * (version 3.1) was announced in the client hello. Normally this is
+ * forbidden to prevent version rollback attacks.
+ */
+# define SSL_OP_TLS_ROLLBACK_BUG                         0x00800000U
+
+/*
+ * Switches off automatic TLSv1.3 anti-replay protection for early data. This
+ * is a server-side option only (no effect on the client).
+ */
+# define SSL_OP_NO_ANTI_REPLAY                           0x01000000U
+
+# define SSL_OP_NO_SSLv3                                 0x02000000U
+# define SSL_OP_NO_TLSv1                                 0x04000000U
+# define SSL_OP_NO_TLSv1_2                               0x08000000U
+# define SSL_OP_NO_TLSv1_1                               0x10000000U
+# define SSL_OP_NO_TLSv1_3                               0x20000000U
+
+# define SSL_OP_NO_DTLSv1                                0x04000000U
+# define SSL_OP_NO_DTLSv1_2                              0x08000000U
+
+# define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv3|\
+        SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2|SSL_OP_NO_TLSv1_3)
+# define SSL_OP_NO_DTLS_MASK (SSL_OP_NO_DTLSv1|SSL_OP_NO_DTLSv1_2)
+
+/* Disallow all renegotiation */
+# define SSL_OP_NO_RENEGOTIATION                         0x40000000U
+
+/*
+ * Make server add server-hello extension from early version of cryptopro
+ * draft, when GOST ciphersuite is negotiated. Required for interoperability
+ * with CryptoPro CSP 3.x
+ */
+# define SSL_OP_CRYPTOPRO_TLSEXT_BUG                     0x80000000U
+
+/*
+ * SSL_OP_ALL: various bug workarounds that should be rather harmless.
+ * This used to be 0x000FFFFFL before 0.9.7.
+ * This used to be 0x80000BFFU before 1.1.1.
+ */
+# define SSL_OP_ALL        (SSL_OP_CRYPTOPRO_TLSEXT_BUG|\
+                            SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS|\
+                            SSL_OP_LEGACY_SERVER_CONNECT|\
+                            SSL_OP_TLSEXT_PADDING|\
+                            SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
+
+/* OBSOLETE OPTIONS: retained for compatibility */
+
+/* Removed from OpenSSL 1.1.0. Was 0x00000001L */
+/* Related to removed SSLv2. */
+# define SSL_OP_MICROSOFT_SESS_ID_BUG                    0x0
+/* Removed from OpenSSL 1.1.0. Was 0x00000002L */
+/* Related to removed SSLv2. */
+# define SSL_OP_NETSCAPE_CHALLENGE_BUG                   0x0
+/* Removed from OpenSSL 0.9.8q and 1.0.0c. Was 0x00000008L */
+/* Dead forever, see CVE-2010-4180 */
+# define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG         0x0
+/* Removed from OpenSSL 1.0.1h and 1.0.2. Was 0x00000010L */
+/* Refers to ancient SSLREF and SSLv2. */
+# define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG              0x0
+/* Removed from OpenSSL 1.1.0. Was 0x00000020 */
+# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER               0x0
+/* Removed from OpenSSL 0.9.7h and 0.9.8b. Was 0x00000040L */
+# define SSL_OP_MSIE_SSLV2_RSA_PADDING                   0x0
+/* Removed from OpenSSL 1.1.0. Was 0x00000080 */
+/* Ancient SSLeay version. */
+# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG                 0x0
+/* Removed from OpenSSL 1.1.0. Was 0x00000100L */
+# define SSL_OP_TLS_D5_BUG                               0x0
+/* Removed from OpenSSL 1.1.0. Was 0x00000200L */
+# define SSL_OP_TLS_BLOCK_PADDING_BUG                    0x0
+/* Removed from OpenSSL 1.1.0. Was 0x00080000L */
+# define SSL_OP_SINGLE_ECDH_USE                          0x0
+/* Removed from OpenSSL 1.1.0. Was 0x00100000L */
+# define SSL_OP_SINGLE_DH_USE                            0x0
+/* Removed from OpenSSL 1.0.1k and 1.0.2. Was 0x00200000L */
+# define SSL_OP_EPHEMERAL_RSA                            0x0
+/* Removed from OpenSSL 1.1.0. Was 0x01000000L */
+# define SSL_OP_NO_SSLv2                                 0x0
+/* Removed from OpenSSL 1.0.1. Was 0x08000000L */
+# define SSL_OP_PKCS1_CHECK_1                            0x0
+/* Removed from OpenSSL 1.0.1. Was 0x10000000L */
+# define SSL_OP_PKCS1_CHECK_2                            0x0
+/* Removed from OpenSSL 1.1.0. Was 0x20000000L */
+# define SSL_OP_NETSCAPE_CA_DN_BUG                       0x0
+/* Removed from OpenSSL 1.1.0. Was 0x40000000L */
+# define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG          0x0
+
+/*
+ * Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
+ * when just a single record has been written):
+ */
+# define SSL_MODE_ENABLE_PARTIAL_WRITE       0x00000001U
+/*
+ * Make it possible to retry SSL_write() with changed buffer location (buffer
+ * contents must stay the same!); this is not the default to avoid the
+ * misconception that non-blocking SSL_write() behaves like non-blocking
+ * write():
+ */
+# define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002U
+/*
+ * Never bother the application with retries if the transport is blocking:
+ */
+# define SSL_MODE_AUTO_RETRY 0x00000004U
+/* Don't attempt to automatically build certificate chain */
+# define SSL_MODE_NO_AUTO_CHAIN 0x00000008U
+/*
+ * Save RAM by releasing read and write buffers when they're empty. (SSL3 and
+ * TLS only.) Released buffers are freed.
+ */
+# define SSL_MODE_RELEASE_BUFFERS 0x00000010U
+/*
+ * Send the current time in the Random fields of the ClientHello and
+ * ServerHello records for compatibility with hypothetical implementations
+ * that require it.
+ */
+# define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020U
+# define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040U
+/*
+ * Send TLS_FALLBACK_SCSV in the ClientHello. To be set only by applications
+ * that reconnect with a downgraded protocol version; see
+ * draft-ietf-tls-downgrade-scsv-00 for details. DO NOT ENABLE THIS if your
+ * application attempts a normal handshake. Only use this in explicit
+ * fallback retries, following the guidance in
+ * draft-ietf-tls-downgrade-scsv-00.
+ */
+# define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080U
+/*
+ * Support Asynchronous operation
+ */
+# define SSL_MODE_ASYNC 0x00000100U
+
+/*
+ * When using DTLS/SCTP, include the terminating zero in the label
+ * used for computing the endpoint-pair shared secret. Required for
+ * interoperability with implementations having this bug like these
+ * older version of OpenSSL:
+ * - OpenSSL 1.0.0 series
+ * - OpenSSL 1.0.1 series
+ * - OpenSSL 1.0.2 series
+ * - OpenSSL 1.1.0 series
+ * - OpenSSL 1.1.1 and 1.1.1a
+ */
+# define SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG 0x00000400U
+
+/* Cert related flags */
+/*
+ * Many implementations ignore some aspects of the TLS standards such as
+ * enforcing certificate chain algorithms. When this is set we enforce them.
+ */
+# define SSL_CERT_FLAG_TLS_STRICT                0x00000001U
+
+/* Suite B modes, takes same values as certificate verify flags */
+# define SSL_CERT_FLAG_SUITEB_128_LOS_ONLY       0x10000
+/* Suite B 192 bit only mode */
+# define SSL_CERT_FLAG_SUITEB_192_LOS            0x20000
+/* Suite B 128 bit mode allowing 192 bit algorithms */
+# define SSL_CERT_FLAG_SUITEB_128_LOS            0x30000
+
+/* Perform all sorts of protocol violations for testing purposes */
+# define SSL_CERT_FLAG_BROKEN_PROTOCOL           0x10000000
+
+/* Flags for building certificate chains */
+/* Treat any existing certificates as untrusted CAs */
+# define SSL_BUILD_CHAIN_FLAG_UNTRUSTED          0x1
+/* Don't include root CA in chain */
+# define SSL_BUILD_CHAIN_FLAG_NO_ROOT            0x2
+/* Just check certificates already there */
+# define SSL_BUILD_CHAIN_FLAG_CHECK              0x4
+/* Ignore verification errors */
+# define SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR       0x8
+/* Clear verification errors from queue */
+# define SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR        0x10
+
+/* Flags returned by SSL_check_chain */
+/* Certificate can be used with this session */
+# define CERT_PKEY_VALID         0x1
+/* Certificate can also be used for signing */
+# define CERT_PKEY_SIGN          0x2
+/* EE certificate signing algorithm OK */
+# define CERT_PKEY_EE_SIGNATURE  0x10
+/* CA signature algorithms OK */
+# define CERT_PKEY_CA_SIGNATURE  0x20
+/* EE certificate parameters OK */
+# define CERT_PKEY_EE_PARAM      0x40
+/* CA certificate parameters OK */
+# define CERT_PKEY_CA_PARAM      0x80
+/* Signing explicitly allowed as opposed to SHA1 fallback */
+# define CERT_PKEY_EXPLICIT_SIGN 0x100
+/* Client CA issuer names match (always set for server cert) */
+# define CERT_PKEY_ISSUER_NAME   0x200
+/* Cert type matches client types (always set for server cert) */
+# define CERT_PKEY_CERT_TYPE     0x400
+/* Cert chain suitable to Suite B */
+# define CERT_PKEY_SUITEB        0x800
+
+# define SSL_CONF_FLAG_CMDLINE           0x1
+# define SSL_CONF_FLAG_FILE              0x2
+# define SSL_CONF_FLAG_CLIENT            0x4
+# define SSL_CONF_FLAG_SERVER            0x8
+# define SSL_CONF_FLAG_SHOW_ERRORS       0x10
+# define SSL_CONF_FLAG_CERTIFICATE       0x20
+# define SSL_CONF_FLAG_REQUIRE_PRIVATE   0x40
+/* Configuration value types */
+# define SSL_CONF_TYPE_UNKNOWN           0x0
+# define SSL_CONF_TYPE_STRING            0x1
+# define SSL_CONF_TYPE_FILE              0x2
+# define SSL_CONF_TYPE_DIR               0x3
+# define SSL_CONF_TYPE_NONE              0x4
+
+/* Maximum length of the application-controlled segment of a a TLSv1.3 cookie */
+# define SSL_COOKIE_LENGTH                       4096
+
+/*
+ * Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, they
+ * cannot be used to clear bits.
+ */
+
+unsigned long SSL_CTX_get_options(const SSL_CTX *ctx);
+unsigned long SSL_get_options(const SSL *s);
+unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op);
+unsigned long SSL_clear_options(SSL *s, unsigned long op);
+unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op);
+unsigned long SSL_set_options(SSL *s, unsigned long op);
+
+# define SSL_CTX_set_mode(ctx,op) \
+        SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL)
+# define SSL_CTX_clear_mode(ctx,op) \
+        SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL)
+# define SSL_CTX_get_mode(ctx) \
+        SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL)
+# define SSL_clear_mode(ssl,op) \
+        SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL)
+# define SSL_set_mode(ssl,op) \
+        SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL)
+# define SSL_get_mode(ssl) \
+        SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL)
+# define SSL_set_mtu(ssl, mtu) \
+        SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL)
+# define DTLS_set_link_mtu(ssl, mtu) \
+        SSL_ctrl((ssl),DTLS_CTRL_SET_LINK_MTU,(mtu),NULL)
+# define DTLS_get_link_min_mtu(ssl) \
+        SSL_ctrl((ssl),DTLS_CTRL_GET_LINK_MIN_MTU,0,NULL)
+
+# define SSL_get_secure_renegotiation_support(ssl) \
+        SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL)
+
+# ifndef OPENSSL_NO_HEARTBEATS
+#  define SSL_heartbeat(ssl) \
+        SSL_ctrl((ssl),SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT,0,NULL)
+# endif
+
+# define SSL_CTX_set_cert_flags(ctx,op) \
+        SSL_CTX_ctrl((ctx),SSL_CTRL_CERT_FLAGS,(op),NULL)
+# define SSL_set_cert_flags(s,op) \
+        SSL_ctrl((s),SSL_CTRL_CERT_FLAGS,(op),NULL)
+# define SSL_CTX_clear_cert_flags(ctx,op) \
+        SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_CERT_FLAGS,(op),NULL)
+# define SSL_clear_cert_flags(s,op) \
+        SSL_ctrl((s),SSL_CTRL_CLEAR_CERT_FLAGS,(op),NULL)
+
+void SSL_CTX_set_msg_callback(SSL_CTX *ctx,
+                              void (*cb) (int write_p, int version,
+                                          int content_type, const void *buf,
+                                          size_t len, SSL *ssl, void *arg));
+void SSL_set_msg_callback(SSL *ssl,
+                          void (*cb) (int write_p, int version,
+                                      int content_type, const void *buf,
+                                      size_t len, SSL *ssl, void *arg));
+# define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
+# define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
+
+# define SSL_get_extms_support(s) \
+        SSL_ctrl((s),SSL_CTRL_GET_EXTMS_SUPPORT,0,NULL)
+
+# ifndef OPENSSL_NO_SRP
+
+/* see tls_srp.c */
+__owur int SSL_SRP_CTX_init(SSL *s);
+__owur int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx);
+int SSL_SRP_CTX_free(SSL *ctx);
+int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx);
+__owur int SSL_srp_server_param_with_username(SSL *s, int *ad);
+__owur int SRP_Calc_A_param(SSL *s);
+
+# endif
+
+/* 100k max cert list */
+# define SSL_MAX_CERT_LIST_DEFAULT 1024*100
+
+# define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT      (1024*20)
+
+/*
+ * This callback type is used inside SSL_CTX, SSL, and in the functions that
+ * set them. It is used to override the generation of SSL/TLS session IDs in
+ * a server. Return value should be zero on an error, non-zero to proceed.
+ * Also, callbacks should themselves check if the id they generate is unique
+ * otherwise the SSL handshake will fail with an error - callbacks can do
+ * this using the 'ssl' value they're passed by;
+ * SSL_has_matching_session_id(ssl, id, *id_len) The length value passed in
+ * is set at the maximum size the session ID can be. In SSLv3/TLSv1 it is 32
+ * bytes. The callback can alter this length to be less if desired. It is
+ * also an error for the callback to set the size to zero.
+ */
+typedef int (*GEN_SESSION_CB) (SSL *ssl, unsigned char *id,
+                               unsigned int *id_len);
+
+# define SSL_SESS_CACHE_OFF                      0x0000
+# define SSL_SESS_CACHE_CLIENT                   0x0001
+# define SSL_SESS_CACHE_SERVER                   0x0002
+# define SSL_SESS_CACHE_BOTH     (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)
+# define SSL_SESS_CACHE_NO_AUTO_CLEAR            0x0080
+/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */
+# define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP       0x0100
+# define SSL_SESS_CACHE_NO_INTERNAL_STORE        0x0200
+# define SSL_SESS_CACHE_NO_INTERNAL \
+        (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE)
+
+LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx);
+# define SSL_CTX_sess_number(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL)
+# define SSL_CTX_sess_connect(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL)
+# define SSL_CTX_sess_connect_good(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL)
+# define SSL_CTX_sess_connect_renegotiate(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL)
+# define SSL_CTX_sess_accept(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL)
+# define SSL_CTX_sess_accept_renegotiate(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL)
+# define SSL_CTX_sess_accept_good(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL)
+# define SSL_CTX_sess_hits(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL)
+# define SSL_CTX_sess_cb_hits(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL)
+# define SSL_CTX_sess_misses(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL)
+# define SSL_CTX_sess_timeouts(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL)
+# define SSL_CTX_sess_cache_full(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL)
+
+void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
+                             int (*new_session_cb) (struct ssl_st *ssl,
+                                                    SSL_SESSION *sess));
+int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)) (struct ssl_st *ssl,
+                                              SSL_SESSION *sess);
+void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
+                                void (*remove_session_cb) (struct ssl_ctx_st
+                                                           *ctx,
+                                                           SSL_SESSION *sess));
+void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (struct ssl_ctx_st *ctx,
+                                                  SSL_SESSION *sess);
+void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
+                             SSL_SESSION *(*get_session_cb) (struct ssl_st
+                                                             *ssl,
+                                                             const unsigned char
+                                                             *data, int len,
+                                                             int *copy));
+SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (struct ssl_st *ssl,
+                                                       const unsigned char *data,
+                                                       int len, int *copy);
+void SSL_CTX_set_info_callback(SSL_CTX *ctx,
+                               void (*cb) (const SSL *ssl, int type, int val));
+void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type,
+                                                 int val);
+void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
+                                int (*client_cert_cb) (SSL *ssl, X509 **x509,
+                                                       EVP_PKEY **pkey));
+int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx)) (SSL *ssl, X509 **x509,
+                                                 EVP_PKEY **pkey);
+# ifndef OPENSSL_NO_ENGINE
+__owur int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
+# endif
+void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
+                                    int (*app_gen_cookie_cb) (SSL *ssl,
+                                                              unsigned char
+                                                              *cookie,
+                                                              unsigned int
+                                                              *cookie_len));
+void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
+                                  int (*app_verify_cookie_cb) (SSL *ssl,
+                                                               const unsigned
+                                                               char *cookie,
+                                                               unsigned int
+                                                               cookie_len));
+
+void SSL_CTX_set_stateless_cookie_generate_cb(
+    SSL_CTX *ctx,
+    int (*gen_stateless_cookie_cb) (SSL *ssl,
+                                    unsigned char *cookie,
+                                    size_t *cookie_len));
+void SSL_CTX_set_stateless_cookie_verify_cb(
+    SSL_CTX *ctx,
+    int (*verify_stateless_cookie_cb) (SSL *ssl,
+                                       const unsigned char *cookie,
+                                       size_t cookie_len));
+# ifndef OPENSSL_NO_NEXTPROTONEG
+
+typedef int (*SSL_CTX_npn_advertised_cb_func)(SSL *ssl,
+                                              const unsigned char **out,
+                                              unsigned int *outlen,
+                                              void *arg);
+void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s,
+                                           SSL_CTX_npn_advertised_cb_func cb,
+                                           void *arg);
+#  define SSL_CTX_set_npn_advertised_cb SSL_CTX_set_next_protos_advertised_cb
+
+typedef int (*SSL_CTX_npn_select_cb_func)(SSL *s,
+                                          unsigned char **out,
+                                          unsigned char *outlen,
+                                          const unsigned char *in,
+                                          unsigned int inlen,
+                                          void *arg);
+void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s,
+                                      SSL_CTX_npn_select_cb_func cb,
+                                      void *arg);
+#  define SSL_CTX_set_npn_select_cb SSL_CTX_set_next_proto_select_cb
+
+void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
+                                    unsigned *len);
+#  define SSL_get0_npn_negotiated SSL_get0_next_proto_negotiated
+# endif
+
+__owur int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
+                                 const unsigned char *in, unsigned int inlen,
+                                 const unsigned char *client,
+                                 unsigned int client_len);
+
+# define OPENSSL_NPN_UNSUPPORTED 0
+# define OPENSSL_NPN_NEGOTIATED  1
+# define OPENSSL_NPN_NO_OVERLAP  2
+
+__owur int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
+                                   unsigned int protos_len);
+__owur int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
+                               unsigned int protos_len);
+typedef int (*SSL_CTX_alpn_select_cb_func)(SSL *ssl,
+                                           const unsigned char **out,
+                                           unsigned char *outlen,
+                                           const unsigned char *in,
+                                           unsigned int inlen,
+                                           void *arg);
+void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
+                                SSL_CTX_alpn_select_cb_func cb,
+                                void *arg);
+void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
+                            unsigned int *len);
+
+# ifndef OPENSSL_NO_PSK
+/*
+ * the maximum length of the buffer given to callbacks containing the
+ * resulting identity/psk
+ */
+#  define PSK_MAX_IDENTITY_LEN 128
+#  define PSK_MAX_PSK_LEN 256
+typedef unsigned int (*SSL_psk_client_cb_func)(SSL *ssl,
+                                               const char *hint,
+                                               char *identity,
+                                               unsigned int max_identity_len,
+                                               unsigned char *psk,
+                                               unsigned int max_psk_len);
+void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb);
+void SSL_set_psk_client_callback(SSL *ssl, SSL_psk_client_cb_func cb);
+
+typedef unsigned int (*SSL_psk_server_cb_func)(SSL *ssl,
+                                               const char *identity,
+                                               unsigned char *psk,
+                                               unsigned int max_psk_len);
+void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb);
+void SSL_set_psk_server_callback(SSL *ssl, SSL_psk_server_cb_func cb);
+
+__owur int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint);
+__owur int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint);
+const char *SSL_get_psk_identity_hint(const SSL *s);
+const char *SSL_get_psk_identity(const SSL *s);
+# endif
+
+typedef int (*SSL_psk_find_session_cb_func)(SSL *ssl,
+                                            const unsigned char *identity,
+                                            size_t identity_len,
+                                            SSL_SESSION **sess);
+typedef int (*SSL_psk_use_session_cb_func)(SSL *ssl, const EVP_MD *md,
+                                           const unsigned char **id,
+                                           size_t *idlen,
+                                           SSL_SESSION **sess);
+
+void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb);
+void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx,
+                                           SSL_psk_find_session_cb_func cb);
+void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb);
+void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx,
+                                          SSL_psk_use_session_cb_func cb);
+
+/* Register callbacks to handle custom TLS Extensions for client or server. */
+
+__owur int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx,
+                                         unsigned int ext_type);
+
+__owur int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx,
+                                         unsigned int ext_type,
+                                         custom_ext_add_cb add_cb,
+                                         custom_ext_free_cb free_cb,
+                                         void *add_arg,
+                                         custom_ext_parse_cb parse_cb,
+                                         void *parse_arg);
+
+__owur int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx,
+                                         unsigned int ext_type,
+                                         custom_ext_add_cb add_cb,
+                                         custom_ext_free_cb free_cb,
+                                         void *add_arg,
+                                         custom_ext_parse_cb parse_cb,
+                                         void *parse_arg);
+
+__owur int SSL_CTX_add_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
+                                  unsigned int context,
+                                  SSL_custom_ext_add_cb_ex add_cb,
+                                  SSL_custom_ext_free_cb_ex free_cb,
+                                  void *add_arg,
+                                  SSL_custom_ext_parse_cb_ex parse_cb,
+                                  void *parse_arg);
+
+__owur int SSL_extension_supported(unsigned int ext_type);
+
+# define SSL_NOTHING            1
+# define SSL_WRITING            2
+# define SSL_READING            3
+# define SSL_X509_LOOKUP        4
+# define SSL_ASYNC_PAUSED       5
+# define SSL_ASYNC_NO_JOBS      6
+# define SSL_CLIENT_HELLO_CB    7
+
+/* These will only be used when doing non-blocking IO */
+# define SSL_want_nothing(s)         (SSL_want(s) == SSL_NOTHING)
+# define SSL_want_read(s)            (SSL_want(s) == SSL_READING)
+# define SSL_want_write(s)           (SSL_want(s) == SSL_WRITING)
+# define SSL_want_x509_lookup(s)     (SSL_want(s) == SSL_X509_LOOKUP)
+# define SSL_want_async(s)           (SSL_want(s) == SSL_ASYNC_PAUSED)
+# define SSL_want_async_job(s)       (SSL_want(s) == SSL_ASYNC_NO_JOBS)
+# define SSL_want_client_hello_cb(s) (SSL_want(s) == SSL_CLIENT_HELLO_CB)
+
+# define SSL_MAC_FLAG_READ_MAC_STREAM 1
+# define SSL_MAC_FLAG_WRITE_MAC_STREAM 2
+
+/*
+ * A callback for logging out TLS key material. This callback should log out
+ * |line| followed by a newline.
+ */
+typedef void (*SSL_CTX_keylog_cb_func)(const SSL *ssl, const char *line);
+
+/*
+ * SSL_CTX_set_keylog_callback configures a callback to log key material. This
+ * is intended for debugging use with tools like Wireshark. The cb function
+ * should log line followed by a newline.
+ */
+void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb);
+
+/*
+ * SSL_CTX_get_keylog_callback returns the callback configured by
+ * SSL_CTX_set_keylog_callback.
+ */
+SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx);
+
+int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data);
+uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx);
+int SSL_set_max_early_data(SSL *s, uint32_t max_early_data);
+uint32_t SSL_get_max_early_data(const SSL *s);
+int SSL_CTX_set_recv_max_early_data(SSL_CTX *ctx, uint32_t recv_max_early_data);
+uint32_t SSL_CTX_get_recv_max_early_data(const SSL_CTX *ctx);
+int SSL_set_recv_max_early_data(SSL *s, uint32_t recv_max_early_data);
+uint32_t SSL_get_recv_max_early_data(const SSL *s);
+
+#ifdef __cplusplus
+}
+#endif
+
+# include <openssl/ssl2.h>
+# include <openssl/ssl3.h>
+# include <openssl/tls1.h>      /* This is mostly sslv3 with a few tweaks */
+# include <openssl/dtls1.h>     /* Datagram TLS */
+# include <openssl/srtp.h>      /* Support for the use_srtp extension */
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/*
+ * These need to be after the above set of includes due to a compiler bug
+ * in VisualStudio 2015
+ */
+DEFINE_STACK_OF_CONST(SSL_CIPHER)
+DEFINE_STACK_OF(SSL_COMP)
+
+/* compatibility */
+# define SSL_set_app_data(s,arg)         (SSL_set_ex_data(s,0,(char *)(arg)))
+# define SSL_get_app_data(s)             (SSL_get_ex_data(s,0))
+# define SSL_SESSION_set_app_data(s,a)   (SSL_SESSION_set_ex_data(s,0, \
+                                                                  (char *)(a)))
+# define SSL_SESSION_get_app_data(s)     (SSL_SESSION_get_ex_data(s,0))
+# define SSL_CTX_get_app_data(ctx)       (SSL_CTX_get_ex_data(ctx,0))
+# define SSL_CTX_set_app_data(ctx,arg)   (SSL_CTX_set_ex_data(ctx,0, \
+                                                              (char *)(arg)))
+DEPRECATEDIN_1_1_0(void SSL_set_debug(SSL *s, int debug))
+
+/* TLSv1.3 KeyUpdate message types */
+/* -1 used so that this is an invalid value for the on-the-wire protocol */
+#define SSL_KEY_UPDATE_NONE             -1
+/* Values as defined for the on-the-wire protocol */
+#define SSL_KEY_UPDATE_NOT_REQUESTED     0
+#define SSL_KEY_UPDATE_REQUESTED         1
+
+/*
+ * The valid handshake states (one for each type message sent and one for each
+ * type of message received). There are also two "special" states:
+ * TLS = TLS or DTLS state
+ * DTLS = DTLS specific state
+ * CR/SR = Client Read/Server Read
+ * CW/SW = Client Write/Server Write
+ *
+ * The "special" states are:
+ * TLS_ST_BEFORE = No handshake has been initiated yet
+ * TLS_ST_OK = A handshake has been successfully completed
+ */
+typedef enum {
+    TLS_ST_BEFORE,
+    TLS_ST_OK,
+    DTLS_ST_CR_HELLO_VERIFY_REQUEST,
+    TLS_ST_CR_SRVR_HELLO,
+    TLS_ST_CR_CERT,
+    TLS_ST_CR_CERT_STATUS,
+    TLS_ST_CR_KEY_EXCH,
+    TLS_ST_CR_CERT_REQ,
+    TLS_ST_CR_SRVR_DONE,
+    TLS_ST_CR_SESSION_TICKET,
+    TLS_ST_CR_CHANGE,
+    TLS_ST_CR_FINISHED,
+    TLS_ST_CW_CLNT_HELLO,
+    TLS_ST_CW_CERT,
+    TLS_ST_CW_KEY_EXCH,
+    TLS_ST_CW_CERT_VRFY,
+    TLS_ST_CW_CHANGE,
+    TLS_ST_CW_NEXT_PROTO,
+    TLS_ST_CW_FINISHED,
+    TLS_ST_SW_HELLO_REQ,
+    TLS_ST_SR_CLNT_HELLO,
+    DTLS_ST_SW_HELLO_VERIFY_REQUEST,
+    TLS_ST_SW_SRVR_HELLO,
+    TLS_ST_SW_CERT,
+    TLS_ST_SW_KEY_EXCH,
+    TLS_ST_SW_CERT_REQ,
+    TLS_ST_SW_SRVR_DONE,
+    TLS_ST_SR_CERT,
+    TLS_ST_SR_KEY_EXCH,
+    TLS_ST_SR_CERT_VRFY,
+    TLS_ST_SR_NEXT_PROTO,
+    TLS_ST_SR_CHANGE,
+    TLS_ST_SR_FINISHED,
+    TLS_ST_SW_SESSION_TICKET,
+    TLS_ST_SW_CERT_STATUS,
+    TLS_ST_SW_CHANGE,
+    TLS_ST_SW_FINISHED,
+    TLS_ST_SW_ENCRYPTED_EXTENSIONS,
+    TLS_ST_CR_ENCRYPTED_EXTENSIONS,
+    TLS_ST_CR_CERT_VRFY,
+    TLS_ST_SW_CERT_VRFY,
+    TLS_ST_CR_HELLO_REQ,
+    TLS_ST_SW_KEY_UPDATE,
+    TLS_ST_CW_KEY_UPDATE,
+    TLS_ST_SR_KEY_UPDATE,
+    TLS_ST_CR_KEY_UPDATE,
+    TLS_ST_EARLY_DATA,
+    TLS_ST_PENDING_EARLY_DATA_END,
+    TLS_ST_CW_END_OF_EARLY_DATA,
+    TLS_ST_SR_END_OF_EARLY_DATA
+} OSSL_HANDSHAKE_STATE;
+
+/*
+ * Most of the following state values are no longer used and are defined to be
+ * the closest equivalent value in the current state machine code. Not all
+ * defines have an equivalent and are set to a dummy value (-1). SSL_ST_CONNECT
+ * and SSL_ST_ACCEPT are still in use in the definition of SSL_CB_ACCEPT_LOOP,
+ * SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP and SSL_CB_CONNECT_EXIT.
+ */
+
+# define SSL_ST_CONNECT                  0x1000
+# define SSL_ST_ACCEPT                   0x2000
+
+# define SSL_ST_MASK                     0x0FFF
+
+# define SSL_CB_LOOP                     0x01
+# define SSL_CB_EXIT                     0x02
+# define SSL_CB_READ                     0x04
+# define SSL_CB_WRITE                    0x08
+# define SSL_CB_ALERT                    0x4000/* used in callback */
+# define SSL_CB_READ_ALERT               (SSL_CB_ALERT|SSL_CB_READ)
+# define SSL_CB_WRITE_ALERT              (SSL_CB_ALERT|SSL_CB_WRITE)
+# define SSL_CB_ACCEPT_LOOP              (SSL_ST_ACCEPT|SSL_CB_LOOP)
+# define SSL_CB_ACCEPT_EXIT              (SSL_ST_ACCEPT|SSL_CB_EXIT)
+# define SSL_CB_CONNECT_LOOP             (SSL_ST_CONNECT|SSL_CB_LOOP)
+# define SSL_CB_CONNECT_EXIT             (SSL_ST_CONNECT|SSL_CB_EXIT)
+# define SSL_CB_HANDSHAKE_START          0x10
+# define SSL_CB_HANDSHAKE_DONE           0x20
+
+/* Is the SSL_connection established? */
+# define SSL_in_connect_init(a)          (SSL_in_init(a) && !SSL_is_server(a))
+# define SSL_in_accept_init(a)           (SSL_in_init(a) && SSL_is_server(a))
+int SSL_in_init(const SSL *s);
+int SSL_in_before(const SSL *s);
+int SSL_is_init_finished(const SSL *s);
+
+/*
+ * The following 3 states are kept in ssl->rlayer.rstate when reads fail, you
+ * should not need these
+ */
+# define SSL_ST_READ_HEADER                      0xF0
+# define SSL_ST_READ_BODY                        0xF1
+# define SSL_ST_READ_DONE                        0xF2
+
+/*-
+ * Obtain latest Finished message
+ *   -- that we sent (SSL_get_finished)
+ *   -- that we expected from peer (SSL_get_peer_finished).
+ * Returns length (0 == no Finished so far), copies up to 'count' bytes.
+ */
+size_t SSL_get_finished(const SSL *s, void *buf, size_t count);
+size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
+
+/*
+ * use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 3 options are
+ * 'ored' with SSL_VERIFY_PEER if they are desired
+ */
+# define SSL_VERIFY_NONE                 0x00
+# define SSL_VERIFY_PEER                 0x01
+# define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02
+# define SSL_VERIFY_CLIENT_ONCE          0x04
+# define SSL_VERIFY_POST_HANDSHAKE       0x08
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define OpenSSL_add_ssl_algorithms()   SSL_library_init()
+#  define SSLeay_add_ssl_algorithms()    SSL_library_init()
+# endif
+
+/* More backward compatibility */
+# define SSL_get_cipher(s) \
+                SSL_CIPHER_get_name(SSL_get_current_cipher(s))
+# define SSL_get_cipher_bits(s,np) \
+                SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np)
+# define SSL_get_cipher_version(s) \
+                SSL_CIPHER_get_version(SSL_get_current_cipher(s))
+# define SSL_get_cipher_name(s) \
+                SSL_CIPHER_get_name(SSL_get_current_cipher(s))
+# define SSL_get_time(a)         SSL_SESSION_get_time(a)
+# define SSL_set_time(a,b)       SSL_SESSION_set_time((a),(b))
+# define SSL_get_timeout(a)      SSL_SESSION_get_timeout(a)
+# define SSL_set_timeout(a,b)    SSL_SESSION_set_timeout((a),(b))
+
+# define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id)
+# define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id)
+
+DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
+# define SSL_AD_REASON_OFFSET            1000/* offset to get SSL_R_... value
+                                              * from SSL_AD_... */
+/* These alert types are for SSLv3 and TLSv1 */
+# define SSL_AD_CLOSE_NOTIFY             SSL3_AD_CLOSE_NOTIFY
+/* fatal */
+# define SSL_AD_UNEXPECTED_MESSAGE       SSL3_AD_UNEXPECTED_MESSAGE
+/* fatal */
+# define SSL_AD_BAD_RECORD_MAC           SSL3_AD_BAD_RECORD_MAC
+# define SSL_AD_DECRYPTION_FAILED        TLS1_AD_DECRYPTION_FAILED
+# define SSL_AD_RECORD_OVERFLOW          TLS1_AD_RECORD_OVERFLOW
+/* fatal */
+# define SSL_AD_DECOMPRESSION_FAILURE    SSL3_AD_DECOMPRESSION_FAILURE
+/* fatal */
+# define SSL_AD_HANDSHAKE_FAILURE        SSL3_AD_HANDSHAKE_FAILURE
+/* Not for TLS */
+# define SSL_AD_NO_CERTIFICATE           SSL3_AD_NO_CERTIFICATE
+# define SSL_AD_BAD_CERTIFICATE          SSL3_AD_BAD_CERTIFICATE
+# define SSL_AD_UNSUPPORTED_CERTIFICATE  SSL3_AD_UNSUPPORTED_CERTIFICATE
+# define SSL_AD_CERTIFICATE_REVOKED      SSL3_AD_CERTIFICATE_REVOKED
+# define SSL_AD_CERTIFICATE_EXPIRED      SSL3_AD_CERTIFICATE_EXPIRED
+# define SSL_AD_CERTIFICATE_UNKNOWN      SSL3_AD_CERTIFICATE_UNKNOWN
+/* fatal */
+# define SSL_AD_ILLEGAL_PARAMETER        SSL3_AD_ILLEGAL_PARAMETER
+/* fatal */
+# define SSL_AD_UNKNOWN_CA               TLS1_AD_UNKNOWN_CA
+/* fatal */
+# define SSL_AD_ACCESS_DENIED            TLS1_AD_ACCESS_DENIED
+/* fatal */
+# define SSL_AD_DECODE_ERROR             TLS1_AD_DECODE_ERROR
+# define SSL_AD_DECRYPT_ERROR            TLS1_AD_DECRYPT_ERROR
+/* fatal */
+# define SSL_AD_EXPORT_RESTRICTION       TLS1_AD_EXPORT_RESTRICTION
+/* fatal */
+# define SSL_AD_PROTOCOL_VERSION         TLS1_AD_PROTOCOL_VERSION
+/* fatal */
+# define SSL_AD_INSUFFICIENT_SECURITY    TLS1_AD_INSUFFICIENT_SECURITY
+/* fatal */
+# define SSL_AD_INTERNAL_ERROR           TLS1_AD_INTERNAL_ERROR
+# define SSL_AD_USER_CANCELLED           TLS1_AD_USER_CANCELLED
+# define SSL_AD_NO_RENEGOTIATION         TLS1_AD_NO_RENEGOTIATION
+# define SSL_AD_MISSING_EXTENSION        TLS13_AD_MISSING_EXTENSION
+# define SSL_AD_CERTIFICATE_REQUIRED     TLS13_AD_CERTIFICATE_REQUIRED
+# define SSL_AD_UNSUPPORTED_EXTENSION    TLS1_AD_UNSUPPORTED_EXTENSION
+# define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE
+# define SSL_AD_UNRECOGNIZED_NAME        TLS1_AD_UNRECOGNIZED_NAME
+# define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE
+# define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE
+/* fatal */
+# define SSL_AD_UNKNOWN_PSK_IDENTITY     TLS1_AD_UNKNOWN_PSK_IDENTITY
+/* fatal */
+# define SSL_AD_INAPPROPRIATE_FALLBACK   TLS1_AD_INAPPROPRIATE_FALLBACK
+# define SSL_AD_NO_APPLICATION_PROTOCOL  TLS1_AD_NO_APPLICATION_PROTOCOL
+# define SSL_ERROR_NONE                  0
+# define SSL_ERROR_SSL                   1
+# define SSL_ERROR_WANT_READ             2
+# define SSL_ERROR_WANT_WRITE            3
+# define SSL_ERROR_WANT_X509_LOOKUP      4
+# define SSL_ERROR_SYSCALL               5/* look at error stack/return
+                                           * value/errno */
+# define SSL_ERROR_ZERO_RETURN           6
+# define SSL_ERROR_WANT_CONNECT          7
+# define SSL_ERROR_WANT_ACCEPT           8
+# define SSL_ERROR_WANT_ASYNC            9
+# define SSL_ERROR_WANT_ASYNC_JOB       10
+# define SSL_ERROR_WANT_CLIENT_HELLO_CB 11
+# define SSL_CTRL_SET_TMP_DH                     3
+# define SSL_CTRL_SET_TMP_ECDH                   4
+# define SSL_CTRL_SET_TMP_DH_CB                  6
+# define SSL_CTRL_GET_CLIENT_CERT_REQUEST        9
+# define SSL_CTRL_GET_NUM_RENEGOTIATIONS         10
+# define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS       11
+# define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS       12
+# define SSL_CTRL_GET_FLAGS                      13
+# define SSL_CTRL_EXTRA_CHAIN_CERT               14
+# define SSL_CTRL_SET_MSG_CALLBACK               15
+# define SSL_CTRL_SET_MSG_CALLBACK_ARG           16
+/* only applies to datagram connections */
+# define SSL_CTRL_SET_MTU                17
+/* Stats */
+# define SSL_CTRL_SESS_NUMBER                    20
+# define SSL_CTRL_SESS_CONNECT                   21
+# define SSL_CTRL_SESS_CONNECT_GOOD              22
+# define SSL_CTRL_SESS_CONNECT_RENEGOTIATE       23
+# define SSL_CTRL_SESS_ACCEPT                    24
+# define SSL_CTRL_SESS_ACCEPT_GOOD               25
+# define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE        26
+# define SSL_CTRL_SESS_HIT                       27
+# define SSL_CTRL_SESS_CB_HIT                    28
+# define SSL_CTRL_SESS_MISSES                    29
+# define SSL_CTRL_SESS_TIMEOUTS                  30
+# define SSL_CTRL_SESS_CACHE_FULL                31
+# define SSL_CTRL_MODE                           33
+# define SSL_CTRL_GET_READ_AHEAD                 40
+# define SSL_CTRL_SET_READ_AHEAD                 41
+# define SSL_CTRL_SET_SESS_CACHE_SIZE            42
+# define SSL_CTRL_GET_SESS_CACHE_SIZE            43
+# define SSL_CTRL_SET_SESS_CACHE_MODE            44
+# define SSL_CTRL_GET_SESS_CACHE_MODE            45
+# define SSL_CTRL_GET_MAX_CERT_LIST              50
+# define SSL_CTRL_SET_MAX_CERT_LIST              51
+# define SSL_CTRL_SET_MAX_SEND_FRAGMENT          52
+/* see tls1.h for macros based on these */
+# define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB       53
+# define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG      54
+# define SSL_CTRL_SET_TLSEXT_HOSTNAME            55
+# define SSL_CTRL_SET_TLSEXT_DEBUG_CB            56
+# define SSL_CTRL_SET_TLSEXT_DEBUG_ARG           57
+# define SSL_CTRL_GET_TLSEXT_TICKET_KEYS         58
+# define SSL_CTRL_SET_TLSEXT_TICKET_KEYS         59
+/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT    60 */
+/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61 */
+/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62 */
+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB       63
+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG   64
+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE     65
+# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS     66
+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS     67
+# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS      68
+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS      69
+# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP        70
+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP        71
+# define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB       72
+# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB    75
+# define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB                76
+# define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB             77
+# define SSL_CTRL_SET_SRP_ARG            78
+# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME               79
+# define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH               80
+# define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD               81
+# ifndef OPENSSL_NO_HEARTBEATS
+#  define SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT               85
+#  define SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING        86
+#  define SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS    87
+# endif
+# define DTLS_CTRL_GET_TIMEOUT           73
+# define DTLS_CTRL_HANDLE_TIMEOUT        74
+# define SSL_CTRL_GET_RI_SUPPORT                 76
+# define SSL_CTRL_CLEAR_MODE                     78
+# define SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB      79
+# define SSL_CTRL_GET_EXTRA_CHAIN_CERTS          82
+# define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS        83
+# define SSL_CTRL_CHAIN                          88
+# define SSL_CTRL_CHAIN_CERT                     89
+# define SSL_CTRL_GET_GROUPS                     90
+# define SSL_CTRL_SET_GROUPS                     91
+# define SSL_CTRL_SET_GROUPS_LIST                92
+# define SSL_CTRL_GET_SHARED_GROUP               93
+# define SSL_CTRL_SET_SIGALGS                    97
+# define SSL_CTRL_SET_SIGALGS_LIST               98
+# define SSL_CTRL_CERT_FLAGS                     99
+# define SSL_CTRL_CLEAR_CERT_FLAGS               100
+# define SSL_CTRL_SET_CLIENT_SIGALGS             101
+# define SSL_CTRL_SET_CLIENT_SIGALGS_LIST        102
+# define SSL_CTRL_GET_CLIENT_CERT_TYPES          103
+# define SSL_CTRL_SET_CLIENT_CERT_TYPES          104
+# define SSL_CTRL_BUILD_CERT_CHAIN               105
+# define SSL_CTRL_SET_VERIFY_CERT_STORE          106
+# define SSL_CTRL_SET_CHAIN_CERT_STORE           107
+# define SSL_CTRL_GET_PEER_SIGNATURE_NID         108
+# define SSL_CTRL_GET_PEER_TMP_KEY               109
+# define SSL_CTRL_GET_RAW_CIPHERLIST             110
+# define SSL_CTRL_GET_EC_POINT_FORMATS           111
+# define SSL_CTRL_GET_CHAIN_CERTS                115
+# define SSL_CTRL_SELECT_CURRENT_CERT            116
+# define SSL_CTRL_SET_CURRENT_CERT               117
+# define SSL_CTRL_SET_DH_AUTO                    118
+# define DTLS_CTRL_SET_LINK_MTU                  120
+# define DTLS_CTRL_GET_LINK_MIN_MTU              121
+# define SSL_CTRL_GET_EXTMS_SUPPORT              122
+# define SSL_CTRL_SET_MIN_PROTO_VERSION          123
+# define SSL_CTRL_SET_MAX_PROTO_VERSION          124
+# define SSL_CTRL_SET_SPLIT_SEND_FRAGMENT        125
+# define SSL_CTRL_SET_MAX_PIPELINES              126
+# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE     127
+# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB       128
+# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG   129
+# define SSL_CTRL_GET_MIN_PROTO_VERSION          130
+# define SSL_CTRL_GET_MAX_PROTO_VERSION          131
+# define SSL_CTRL_GET_SIGNATURE_NID              132
+# define SSL_CTRL_GET_TMP_KEY                    133
+# define SSL_CERT_SET_FIRST                      1
+# define SSL_CERT_SET_NEXT                       2
+# define SSL_CERT_SET_SERVER                     3
+# define DTLSv1_get_timeout(ssl, arg) \
+        SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)(arg))
+# define DTLSv1_handle_timeout(ssl) \
+        SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL)
+# define SSL_num_renegotiations(ssl) \
+        SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL)
+# define SSL_clear_num_renegotiations(ssl) \
+        SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL)
+# define SSL_total_renegotiations(ssl) \
+        SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL)
+# define SSL_CTX_set_tmp_dh(ctx,dh) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)(dh))
+# define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)(ecdh))
+# define SSL_CTX_set_dh_auto(ctx, onoff) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_DH_AUTO,onoff,NULL)
+# define SSL_set_dh_auto(s, onoff) \
+        SSL_ctrl(s,SSL_CTRL_SET_DH_AUTO,onoff,NULL)
+# define SSL_set_tmp_dh(ssl,dh) \
+        SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)(dh))
+# define SSL_set_tmp_ecdh(ssl,ecdh) \
+        SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)(ecdh))
+# define SSL_CTX_add_extra_chain_cert(ctx,x509) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)(x509))
+# define SSL_CTX_get_extra_chain_certs(ctx,px509) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509)
+# define SSL_CTX_get_extra_chain_certs_only(ctx,px509) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,1,px509)
+# define SSL_CTX_clear_extra_chain_certs(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL)
+# define SSL_CTX_set0_chain(ctx,sk) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)(sk))
+# define SSL_CTX_set1_chain(ctx,sk) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,1,(char *)(sk))
+# define SSL_CTX_add0_chain_cert(ctx,x509) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,0,(char *)(x509))
+# define SSL_CTX_add1_chain_cert(ctx,x509) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)(x509))
+# define SSL_CTX_get0_chain_certs(ctx,px509) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERTS,0,px509)
+# define SSL_CTX_clear_chain_certs(ctx) \
+        SSL_CTX_set0_chain(ctx,NULL)
+# define SSL_CTX_build_cert_chain(ctx, flags) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL)
+# define SSL_CTX_select_current_cert(ctx,x509) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)(x509))
+# define SSL_CTX_set_current_cert(ctx, op) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURRENT_CERT, op, NULL)
+# define SSL_CTX_set0_verify_cert_store(ctx,st) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)(st))
+# define SSL_CTX_set1_verify_cert_store(ctx,st) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)(st))
+# define SSL_CTX_set0_chain_cert_store(ctx,st) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)(st))
+# define SSL_CTX_set1_chain_cert_store(ctx,st) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)(st))
+# define SSL_set0_chain(ctx,sk) \
+        SSL_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)(sk))
+# define SSL_set1_chain(ctx,sk) \
+        SSL_ctrl(ctx,SSL_CTRL_CHAIN,1,(char *)(sk))
+# define SSL_add0_chain_cert(ctx,x509) \
+        SSL_ctrl(ctx,SSL_CTRL_CHAIN_CERT,0,(char *)(x509))
+# define SSL_add1_chain_cert(ctx,x509) \
+        SSL_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)(x509))
+# define SSL_get0_chain_certs(ctx,px509) \
+        SSL_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERTS,0,px509)
+# define SSL_clear_chain_certs(ctx) \
+        SSL_set0_chain(ctx,NULL)
+# define SSL_build_cert_chain(s, flags) \
+        SSL_ctrl(s,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL)
+# define SSL_select_current_cert(ctx,x509) \
+        SSL_ctrl(ctx,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)(x509))
+# define SSL_set_current_cert(ctx,op) \
+        SSL_ctrl(ctx,SSL_CTRL_SET_CURRENT_CERT, op, NULL)
+# define SSL_set0_verify_cert_store(s,st) \
+        SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)(st))
+# define SSL_set1_verify_cert_store(s,st) \
+        SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)(st))
+# define SSL_set0_chain_cert_store(s,st) \
+        SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)(st))
+# define SSL_set1_chain_cert_store(s,st) \
+        SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)(st))
+# define SSL_get1_groups(ctx, s) \
+        SSL_ctrl(ctx,SSL_CTRL_GET_GROUPS,0,(char *)(s))
+# define SSL_CTX_set1_groups(ctx, glist, glistlen) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(char *)(glist))
+# define SSL_CTX_set1_groups_list(ctx, s) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS_LIST,0,(char *)(s))
+# define SSL_set1_groups(ctx, glist, glistlen) \
+        SSL_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(char *)(glist))
+# define SSL_set1_groups_list(ctx, s) \
+        SSL_ctrl(ctx,SSL_CTRL_SET_GROUPS_LIST,0,(char *)(s))
+# define SSL_get_shared_group(s, n) \
+        SSL_ctrl(s,SSL_CTRL_GET_SHARED_GROUP,n,NULL)
+# define SSL_CTX_set1_sigalgs(ctx, slist, slistlen) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)(slist))
+# define SSL_CTX_set1_sigalgs_list(ctx, s) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)(s))
+# define SSL_set1_sigalgs(ctx, slist, slistlen) \
+        SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)(slist))
+# define SSL_set1_sigalgs_list(ctx, s) \
+        SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)(s))
+# define SSL_CTX_set1_client_sigalgs(ctx, slist, slistlen) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,slistlen,(int *)(slist))
+# define SSL_CTX_set1_client_sigalgs_list(ctx, s) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)(s))
+# define SSL_set1_client_sigalgs(ctx, slist, slistlen) \
+        SSL_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,clistlen,(int *)(slist))
+# define SSL_set1_client_sigalgs_list(ctx, s) \
+        SSL_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)(s))
+# define SSL_get0_certificate_types(s, clist) \
+        SSL_ctrl(s, SSL_CTRL_GET_CLIENT_CERT_TYPES, 0, (char *)(clist))
+# define SSL_CTX_set1_client_certificate_types(ctx, clist, clistlen) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen, \
+                     (char *)(clist))
+# define SSL_set1_client_certificate_types(s, clist, clistlen) \
+        SSL_ctrl(s,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen,(char *)(clist))
+# define SSL_get_signature_nid(s, pn) \
+        SSL_ctrl(s,SSL_CTRL_GET_SIGNATURE_NID,0,pn)
+# define SSL_get_peer_signature_nid(s, pn) \
+        SSL_ctrl(s,SSL_CTRL_GET_PEER_SIGNATURE_NID,0,pn)
+# define SSL_get_peer_tmp_key(s, pk) \
+        SSL_ctrl(s,SSL_CTRL_GET_PEER_TMP_KEY,0,pk)
+# define SSL_get_tmp_key(s, pk) \
+        SSL_ctrl(s,SSL_CTRL_GET_TMP_KEY,0,pk)
+# define SSL_get0_raw_cipherlist(s, plst) \
+        SSL_ctrl(s,SSL_CTRL_GET_RAW_CIPHERLIST,0,plst)
+# define SSL_get0_ec_point_formats(s, plst) \
+        SSL_ctrl(s,SSL_CTRL_GET_EC_POINT_FORMATS,0,plst)
+# define SSL_CTX_set_min_proto_version(ctx, version) \
+        SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL)
+# define SSL_CTX_set_max_proto_version(ctx, version) \
+        SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL)
+# define SSL_CTX_get_min_proto_version(ctx) \
+        SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL)
+# define SSL_CTX_get_max_proto_version(ctx) \
+        SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL)
+# define SSL_set_min_proto_version(s, version) \
+        SSL_ctrl(s, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL)
+# define SSL_set_max_proto_version(s, version) \
+        SSL_ctrl(s, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL)
+# define SSL_get_min_proto_version(s) \
+        SSL_ctrl(s, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL)
+# define SSL_get_max_proto_version(s) \
+        SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL)
+
+/* Backwards compatibility, original 1.1.0 names */
+# define SSL_CTRL_GET_SERVER_TMP_KEY \
+         SSL_CTRL_GET_PEER_TMP_KEY
+# define SSL_get_server_tmp_key(s, pk) \
+         SSL_get_peer_tmp_key(s, pk)
+
+/*
+ * The following symbol names are old and obsolete. They are kept
+ * for compatibility reasons only and should not be used anymore.
+ */
+# define SSL_CTRL_GET_CURVES           SSL_CTRL_GET_GROUPS
+# define SSL_CTRL_SET_CURVES           SSL_CTRL_SET_GROUPS
+# define SSL_CTRL_SET_CURVES_LIST      SSL_CTRL_SET_GROUPS_LIST
+# define SSL_CTRL_GET_SHARED_CURVE     SSL_CTRL_GET_SHARED_GROUP
+
+# define SSL_get1_curves               SSL_get1_groups
+# define SSL_CTX_set1_curves           SSL_CTX_set1_groups
+# define SSL_CTX_set1_curves_list      SSL_CTX_set1_groups_list
+# define SSL_set1_curves               SSL_set1_groups
+# define SSL_set1_curves_list          SSL_set1_groups_list
+# define SSL_get_shared_curve          SSL_get_shared_group
+
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+/* Provide some compatibility macros for removed functionality. */
+#  define SSL_CTX_need_tmp_RSA(ctx)                0
+#  define SSL_CTX_set_tmp_rsa(ctx,rsa)             1
+#  define SSL_need_tmp_RSA(ssl)                    0
+#  define SSL_set_tmp_rsa(ssl,rsa)                 1
+#  define SSL_CTX_set_ecdh_auto(dummy, onoff)      ((onoff) != 0)
+#  define SSL_set_ecdh_auto(dummy, onoff)          ((onoff) != 0)
+/*
+ * We "pretend" to call the callback to avoid warnings about unused static
+ * functions.
+ */
+#  define SSL_CTX_set_tmp_rsa_callback(ctx, cb)    while(0) (cb)(NULL, 0, 0)
+#  define SSL_set_tmp_rsa_callback(ssl, cb)        while(0) (cb)(NULL, 0, 0)
+# endif
+__owur const BIO_METHOD *BIO_f_ssl(void);
+__owur BIO *BIO_new_ssl(SSL_CTX *ctx, int client);
+__owur BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
+__owur BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
+__owur int BIO_ssl_copy_session_id(BIO *to, BIO *from);
+void BIO_ssl_shutdown(BIO *ssl_bio);
+
+__owur int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str);
+__owur SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
+int SSL_CTX_up_ref(SSL_CTX *ctx);
+void SSL_CTX_free(SSL_CTX *);
+__owur long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
+__owur long SSL_CTX_get_timeout(const SSL_CTX *ctx);
+__owur X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
+void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *);
+void SSL_CTX_set1_cert_store(SSL_CTX *, X509_STORE *);
+__owur int SSL_want(const SSL *s);
+__owur int SSL_clear(SSL *s);
+
+void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm);
+
+__owur const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
+__owur const SSL_CIPHER *SSL_get_pending_cipher(const SSL *s);
+__owur int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits);
+__owur const char *SSL_CIPHER_get_version(const SSL_CIPHER *c);
+__owur const char *SSL_CIPHER_get_name(const SSL_CIPHER *c);
+__owur const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c);
+__owur const char *OPENSSL_cipher_name(const char *rfc_name);
+__owur uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c);
+__owur uint16_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c);
+__owur int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c);
+__owur int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c);
+__owur const EVP_MD *SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c);
+__owur int SSL_CIPHER_is_aead(const SSL_CIPHER *c);
+
+__owur int SSL_get_fd(const SSL *s);
+__owur int SSL_get_rfd(const SSL *s);
+__owur int SSL_get_wfd(const SSL *s);
+__owur const char *SSL_get_cipher_list(const SSL *s, int n);
+__owur char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size);
+__owur int SSL_get_read_ahead(const SSL *s);
+__owur int SSL_pending(const SSL *s);
+__owur int SSL_has_pending(const SSL *s);
+# ifndef OPENSSL_NO_SOCK
+__owur int SSL_set_fd(SSL *s, int fd);
+__owur int SSL_set_rfd(SSL *s, int fd);
+__owur int SSL_set_wfd(SSL *s, int fd);
+# endif
+void SSL_set0_rbio(SSL *s, BIO *rbio);
+void SSL_set0_wbio(SSL *s, BIO *wbio);
+void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio);
+__owur BIO *SSL_get_rbio(const SSL *s);
+__owur BIO *SSL_get_wbio(const SSL *s);
+__owur int SSL_set_cipher_list(SSL *s, const char *str);
+__owur int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str);
+__owur int SSL_set_ciphersuites(SSL *s, const char *str);
+void SSL_set_read_ahead(SSL *s, int yes);
+__owur int SSL_get_verify_mode(const SSL *s);
+__owur int SSL_get_verify_depth(const SSL *s);
+__owur SSL_verify_cb SSL_get_verify_callback(const SSL *s);
+void SSL_set_verify(SSL *s, int mode, SSL_verify_cb callback);
+void SSL_set_verify_depth(SSL *s, int depth);
+void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg);
+# ifndef OPENSSL_NO_RSA
+__owur int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
+__owur int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d,
+                                      long len);
+# endif
+__owur int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
+__owur int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d,
+                                   long len);
+__owur int SSL_use_certificate(SSL *ssl, X509 *x);
+__owur int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len);
+__owur int SSL_use_cert_and_key(SSL *ssl, X509 *x509, EVP_PKEY *privatekey,
+                                STACK_OF(X509) *chain, int override);
+
+
+/* serverinfo file format versions */
+# define SSL_SERVERINFOV1   1
+# define SSL_SERVERINFOV2   2
+
+/* Set serverinfo data for the current active cert. */
+__owur int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo,
+                                  size_t serverinfo_length);
+__owur int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version,
+                                     const unsigned char *serverinfo,
+                                     size_t serverinfo_length);
+__owur int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file);
+
+#ifndef OPENSSL_NO_RSA
+__owur int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
+#endif
+
+__owur int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
+__owur int SSL_use_certificate_file(SSL *ssl, const char *file, int type);
+
+#ifndef OPENSSL_NO_RSA
+__owur int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file,
+                                          int type);
+#endif
+__owur int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file,
+                                       int type);
+__owur int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file,
+                                        int type);
+/* PEM type */
+__owur int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file);
+__owur int SSL_use_certificate_chain_file(SSL *ssl, const char *file);
+__owur STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
+__owur int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
+                                               const char *file);
+int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
+                                       const char *dir);
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define SSL_load_error_strings() \
+    OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \
+                     | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL)
+# endif
+
+__owur const char *SSL_state_string(const SSL *s);
+__owur const char *SSL_rstate_string(const SSL *s);
+__owur const char *SSL_state_string_long(const SSL *s);
+__owur const char *SSL_rstate_string_long(const SSL *s);
+__owur long SSL_SESSION_get_time(const SSL_SESSION *s);
+__owur long SSL_SESSION_set_time(SSL_SESSION *s, long t);
+__owur long SSL_SESSION_get_timeout(const SSL_SESSION *s);
+__owur long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
+__owur int SSL_SESSION_get_protocol_version(const SSL_SESSION *s);
+__owur int SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version);
+
+__owur const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s);
+__owur int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname);
+void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s,
+                                    const unsigned char **alpn,
+                                    size_t *len);
+__owur int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s,
+                                          const unsigned char *alpn,
+                                          size_t len);
+__owur const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s);
+__owur int SSL_SESSION_set_cipher(SSL_SESSION *s, const SSL_CIPHER *cipher);
+__owur int SSL_SESSION_has_ticket(const SSL_SESSION *s);
+__owur unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s);
+void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick,
+                             size_t *len);
+__owur uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *s);
+__owur int SSL_SESSION_set_max_early_data(SSL_SESSION *s,
+                                          uint32_t max_early_data);
+__owur int SSL_copy_session_id(SSL *to, const SSL *from);
+__owur X509 *SSL_SESSION_get0_peer(SSL_SESSION *s);
+__owur int SSL_SESSION_set1_id_context(SSL_SESSION *s,
+                                       const unsigned char *sid_ctx,
+                                       unsigned int sid_ctx_len);
+__owur int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid,
+                               unsigned int sid_len);
+__owur int SSL_SESSION_is_resumable(const SSL_SESSION *s);
+
+__owur SSL_SESSION *SSL_SESSION_new(void);
+__owur SSL_SESSION *SSL_SESSION_dup(SSL_SESSION *src);
+const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
+                                        unsigned int *len);
+const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s,
+                                                 unsigned int *len);
+__owur unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s);
+# ifndef OPENSSL_NO_STDIO
+int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses);
+# endif
+int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses);
+int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x);
+int SSL_SESSION_up_ref(SSL_SESSION *ses);
+void SSL_SESSION_free(SSL_SESSION *ses);
+__owur int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp);
+__owur int SSL_set_session(SSL *to, SSL_SESSION *session);
+int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *session);
+int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *session);
+__owur int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb);
+__owur int SSL_set_generate_session_id(SSL *s, GEN_SESSION_CB cb);
+__owur int SSL_has_matching_session_id(const SSL *s,
+                                       const unsigned char *id,
+                                       unsigned int id_len);
+SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
+                             long length);
+
+# ifdef HEADER_X509_H
+__owur X509 *SSL_get_peer_certificate(const SSL *s);
+# endif
+
+__owur STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s);
+
+__owur int SSL_CTX_get_verify_mode(const SSL_CTX *ctx);
+__owur int SSL_CTX_get_verify_depth(const SSL_CTX *ctx);
+__owur SSL_verify_cb SSL_CTX_get_verify_callback(const SSL_CTX *ctx);
+void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, SSL_verify_cb callback);
+void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth);
+void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
+                                      int (*cb) (X509_STORE_CTX *, void *),
+                                      void *arg);
+void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg),
+                         void *arg);
+# ifndef OPENSSL_NO_RSA
+__owur int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
+__owur int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d,
+                                          long len);
+# endif
+__owur int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
+__owur int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx,
+                                       const unsigned char *d, long len);
+__owur int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
+__owur int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len,
+                                        const unsigned char *d);
+__owur int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x509, EVP_PKEY *privatekey,
+                                    STACK_OF(X509) *chain, int override);
+
+void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
+void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
+pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx);
+void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx);
+void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb);
+void SSL_set_default_passwd_cb_userdata(SSL *s, void *u);
+pem_password_cb *SSL_get_default_passwd_cb(SSL *s);
+void *SSL_get_default_passwd_cb_userdata(SSL *s);
+
+__owur int SSL_CTX_check_private_key(const SSL_CTX *ctx);
+__owur int SSL_check_private_key(const SSL *ctx);
+
+__owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx,
+                                          const unsigned char *sid_ctx,
+                                          unsigned int sid_ctx_len);
+
+SSL *SSL_new(SSL_CTX *ctx);
+int SSL_up_ref(SSL *s);
+int SSL_is_dtls(const SSL *s);
+__owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
+                                      unsigned int sid_ctx_len);
+
+__owur int SSL_CTX_set_purpose(SSL_CTX *ctx, int purpose);
+__owur int SSL_set_purpose(SSL *ssl, int purpose);
+__owur int SSL_CTX_set_trust(SSL_CTX *ctx, int trust);
+__owur int SSL_set_trust(SSL *ssl, int trust);
+
+__owur int SSL_set1_host(SSL *s, const char *hostname);
+__owur int SSL_add1_host(SSL *s, const char *hostname);
+__owur const char *SSL_get0_peername(SSL *s);
+void SSL_set_hostflags(SSL *s, unsigned int flags);
+
+__owur int SSL_CTX_dane_enable(SSL_CTX *ctx);
+__owur int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md,
+                                  uint8_t mtype, uint8_t ord);
+__owur int SSL_dane_enable(SSL *s, const char *basedomain);
+__owur int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector,
+                             uint8_t mtype, unsigned const char *data, size_t dlen);
+__owur int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki);
+__owur int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector,
+                              uint8_t *mtype, unsigned const char **data,
+                              size_t *dlen);
+/*
+ * Bridge opacity barrier between libcrypt and libssl, also needed to support
+ * offline testing in test/danetest.c
+ */
+SSL_DANE *SSL_get0_dane(SSL *ssl);
+/*
+ * DANE flags
+ */
+unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags);
+unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags);
+unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags);
+unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags);
+
+__owur int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm);
+__owur int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm);
+
+__owur X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx);
+__owur X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl);
+
+# ifndef OPENSSL_NO_SRP
+int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name);
+int SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password);
+int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength);
+int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx,
+                                        char *(*cb) (SSL *, void *));
+int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx,
+                                          int (*cb) (SSL *, void *));
+int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx,
+                                      int (*cb) (SSL *, int *, void *));
+int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg);
+
+int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g,
+                             BIGNUM *sa, BIGNUM *v, char *info);
+int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass,
+                                const char *grp);
+
+__owur BIGNUM *SSL_get_srp_g(SSL *s);
+__owur BIGNUM *SSL_get_srp_N(SSL *s);
+
+__owur char *SSL_get_srp_username(SSL *s);
+__owur char *SSL_get_srp_userinfo(SSL *s);
+# endif
+
+/*
+ * ClientHello callback and helpers.
+ */
+
+# define SSL_CLIENT_HELLO_SUCCESS 1
+# define SSL_CLIENT_HELLO_ERROR   0
+# define SSL_CLIENT_HELLO_RETRY   (-1)
+
+typedef int (*SSL_client_hello_cb_fn) (SSL *s, int *al, void *arg);
+void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn cb,
+                                 void *arg);
+int SSL_client_hello_isv2(SSL *s);
+unsigned int SSL_client_hello_get0_legacy_version(SSL *s);
+size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out);
+size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out);
+size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out);
+size_t SSL_client_hello_get0_compression_methods(SSL *s,
+                                                 const unsigned char **out);
+int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen);
+int SSL_client_hello_get0_ext(SSL *s, unsigned int type,
+                              const unsigned char **out, size_t *outlen);
+
+void SSL_certs_clear(SSL *s);
+void SSL_free(SSL *ssl);
+# ifdef OSSL_ASYNC_FD
+/*
+ * Windows application developer has to include windows.h to use these.
+ */
+__owur int SSL_waiting_for_async(SSL *s);
+__owur int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds);
+__owur int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd,
+                                     size_t *numaddfds, OSSL_ASYNC_FD *delfd,
+                                     size_t *numdelfds);
+# endif
+__owur int SSL_accept(SSL *ssl);
+__owur int SSL_stateless(SSL *s);
+__owur int SSL_connect(SSL *ssl);
+__owur int SSL_read(SSL *ssl, void *buf, int num);
+__owur int SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes);
+
+# define SSL_READ_EARLY_DATA_ERROR   0
+# define SSL_READ_EARLY_DATA_SUCCESS 1
+# define SSL_READ_EARLY_DATA_FINISH  2
+
+__owur int SSL_read_early_data(SSL *s, void *buf, size_t num,
+                               size_t *readbytes);
+__owur int SSL_peek(SSL *ssl, void *buf, int num);
+__owur int SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes);
+__owur int SSL_write(SSL *ssl, const void *buf, int num);
+__owur int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written);
+__owur int SSL_write_early_data(SSL *s, const void *buf, size_t num,
+                                size_t *written);
+long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg);
+long SSL_callback_ctrl(SSL *, int, void (*)(void));
+long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg);
+long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void));
+
+# define SSL_EARLY_DATA_NOT_SENT    0
+# define SSL_EARLY_DATA_REJECTED    1
+# define SSL_EARLY_DATA_ACCEPTED    2
+
+__owur int SSL_get_early_data_status(const SSL *s);
+
+__owur int SSL_get_error(const SSL *s, int ret_code);
+__owur const char *SSL_get_version(const SSL *s);
+
+/* This sets the 'default' SSL version that SSL_new() will create */
+__owur int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);
+
+# ifndef OPENSSL_NO_SSL3_METHOD
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_method(void)) /* SSLv3 */
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_server_method(void))
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_client_method(void))
+# endif
+
+#define SSLv23_method           TLS_method
+#define SSLv23_server_method    TLS_server_method
+#define SSLv23_client_method    TLS_client_method
+
+/* Negotiate highest available SSL/TLS version */
+__owur const SSL_METHOD *TLS_method(void);
+__owur const SSL_METHOD *TLS_server_method(void);
+__owur const SSL_METHOD *TLS_client_method(void);
+
+# ifndef OPENSSL_NO_TLS1_METHOD
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_method(void)) /* TLSv1.0 */
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_server_method(void))
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_client_method(void))
+# endif
+
+# ifndef OPENSSL_NO_TLS1_1_METHOD
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_method(void)) /* TLSv1.1 */
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_server_method(void))
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_client_method(void))
+# endif
+
+# ifndef OPENSSL_NO_TLS1_2_METHOD
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_method(void)) /* TLSv1.2 */
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_server_method(void))
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_client_method(void))
+# endif
+
+# ifndef OPENSSL_NO_DTLS1_METHOD
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_method(void)) /* DTLSv1.0 */
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_server_method(void))
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_client_method(void))
+# endif
+
+# ifndef OPENSSL_NO_DTLS1_2_METHOD
+/* DTLSv1.2 */
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_method(void))
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_server_method(void))
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_client_method(void))
+# endif
+
+__owur const SSL_METHOD *DTLS_method(void); /* DTLS 1.0 and 1.2 */
+__owur const SSL_METHOD *DTLS_server_method(void); /* DTLS 1.0 and 1.2 */
+__owur const SSL_METHOD *DTLS_client_method(void); /* DTLS 1.0 and 1.2 */
+
+__owur size_t DTLS_get_data_mtu(const SSL *s);
+
+__owur STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s);
+__owur STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx);
+__owur STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s);
+__owur STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s);
+
+__owur int SSL_do_handshake(SSL *s);
+int SSL_key_update(SSL *s, int updatetype);
+int SSL_get_key_update_type(const SSL *s);
+int SSL_renegotiate(SSL *s);
+int SSL_renegotiate_abbreviated(SSL *s);
+__owur int SSL_renegotiate_pending(const SSL *s);
+int SSL_shutdown(SSL *s);
+__owur int SSL_verify_client_post_handshake(SSL *s);
+void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val);
+void SSL_set_post_handshake_auth(SSL *s, int val);
+
+__owur const SSL_METHOD *SSL_CTX_get_ssl_method(const SSL_CTX *ctx);
+__owur const SSL_METHOD *SSL_get_ssl_method(const SSL *s);
+__owur int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method);
+__owur const char *SSL_alert_type_string_long(int value);
+__owur const char *SSL_alert_type_string(int value);
+__owur const char *SSL_alert_desc_string_long(int value);
+__owur const char *SSL_alert_desc_string(int value);
+
+void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
+void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
+__owur const STACK_OF(X509_NAME) *SSL_get0_CA_list(const SSL *s);
+__owur const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx);
+__owur int SSL_add1_to_CA_list(SSL *ssl, const X509 *x);
+__owur int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x);
+__owur const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s);
+
+void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
+void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
+__owur STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);
+__owur STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s);
+__owur int SSL_add_client_CA(SSL *ssl, X509 *x);
+__owur int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x);
+
+void SSL_set_connect_state(SSL *s);
+void SSL_set_accept_state(SSL *s);
+
+__owur long SSL_get_default_timeout(const SSL *s);
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define SSL_library_init() OPENSSL_init_ssl(0, NULL)
+# endif
+
+__owur char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size);
+__owur STACK_OF(X509_NAME) *SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk);
+
+__owur SSL *SSL_dup(SSL *ssl);
+
+__owur X509 *SSL_get_certificate(const SSL *ssl);
+/*
+ * EVP_PKEY
+ */
+struct evp_pkey_st *SSL_get_privatekey(const SSL *ssl);
+
+__owur X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx);
+__owur EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx);
+
+void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode);
+__owur int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
+void SSL_set_quiet_shutdown(SSL *ssl, int mode);
+__owur int SSL_get_quiet_shutdown(const SSL *ssl);
+void SSL_set_shutdown(SSL *ssl, int mode);
+__owur int SSL_get_shutdown(const SSL *ssl);
+__owur int SSL_version(const SSL *ssl);
+__owur int SSL_client_version(const SSL *s);
+__owur int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
+__owur int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx);
+__owur int SSL_CTX_set_default_verify_file(SSL_CTX *ctx);
+__owur int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
+                                         const char *CApath);
+# define SSL_get0_session SSL_get_session/* just peek at pointer */
+__owur SSL_SESSION *SSL_get_session(const SSL *ssl);
+__owur SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */
+__owur SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
+SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx);
+void SSL_set_info_callback(SSL *ssl,
+                           void (*cb) (const SSL *ssl, int type, int val));
+void (*SSL_get_info_callback(const SSL *ssl)) (const SSL *ssl, int type,
+                                               int val);
+__owur OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl);
+
+void SSL_set_verify_result(SSL *ssl, long v);
+__owur long SSL_get_verify_result(const SSL *ssl);
+__owur STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s);
+
+__owur size_t SSL_get_client_random(const SSL *ssl, unsigned char *out,
+                                    size_t outlen);
+__owur size_t SSL_get_server_random(const SSL *ssl, unsigned char *out,
+                                    size_t outlen);
+__owur size_t SSL_SESSION_get_master_key(const SSL_SESSION *sess,
+                                         unsigned char *out, size_t outlen);
+__owur int SSL_SESSION_set1_master_key(SSL_SESSION *sess,
+                                       const unsigned char *in, size_t len);
+uint8_t SSL_SESSION_get_max_fragment_length(const SSL_SESSION *sess);
+
+#define SSL_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, l, p, newf, dupf, freef)
+__owur int SSL_set_ex_data(SSL *ssl, int idx, void *data);
+void *SSL_get_ex_data(const SSL *ssl, int idx);
+#define SSL_SESSION_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, l, p, newf, dupf, freef)
+__owur int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data);
+void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss, int idx);
+#define SSL_CTX_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, l, p, newf, dupf, freef)
+__owur int SSL_CTX_set_ex_data(SSL_CTX *ssl, int idx, void *data);
+void *SSL_CTX_get_ex_data(const SSL_CTX *ssl, int idx);
+
+__owur int SSL_get_ex_data_X509_STORE_CTX_idx(void);
+
+# define SSL_CTX_sess_set_cache_size(ctx,t) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL)
+# define SSL_CTX_sess_get_cache_size(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL)
+# define SSL_CTX_set_session_cache_mode(ctx,m) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL)
+# define SSL_CTX_get_session_cache_mode(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL)
+
+# define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx)
+# define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m)
+# define SSL_CTX_get_read_ahead(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL)
+# define SSL_CTX_set_read_ahead(ctx,m) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL)
+# define SSL_CTX_get_max_cert_list(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
+# define SSL_CTX_set_max_cert_list(ctx,m) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
+# define SSL_get_max_cert_list(ssl) \
+        SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
+# define SSL_set_max_cert_list(ssl,m) \
+        SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
+
+# define SSL_CTX_set_max_send_fragment(ctx,m) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
+# define SSL_set_max_send_fragment(ssl,m) \
+        SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
+# define SSL_CTX_set_split_send_fragment(ctx,m) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SPLIT_SEND_FRAGMENT,m,NULL)
+# define SSL_set_split_send_fragment(ssl,m) \
+        SSL_ctrl(ssl,SSL_CTRL_SET_SPLIT_SEND_FRAGMENT,m,NULL)
+# define SSL_CTX_set_max_pipelines(ctx,m) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_PIPELINES,m,NULL)
+# define SSL_set_max_pipelines(ssl,m) \
+        SSL_ctrl(ssl,SSL_CTRL_SET_MAX_PIPELINES,m,NULL)
+
+void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len);
+void SSL_set_default_read_buffer_len(SSL *s, size_t len);
+
+# ifndef OPENSSL_NO_DH
+/* NB: the |keylength| is only applicable when is_export is true */
+void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
+                                 DH *(*dh) (SSL *ssl, int is_export,
+                                            int keylength));
+void SSL_set_tmp_dh_callback(SSL *ssl,
+                             DH *(*dh) (SSL *ssl, int is_export,
+                                        int keylength));
+# endif
+
+__owur const COMP_METHOD *SSL_get_current_compression(const SSL *s);
+__owur const COMP_METHOD *SSL_get_current_expansion(const SSL *s);
+__owur const char *SSL_COMP_get_name(const COMP_METHOD *comp);
+__owur const char *SSL_COMP_get0_name(const SSL_COMP *comp);
+__owur int SSL_COMP_get_id(const SSL_COMP *comp);
+STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
+__owur STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP)
+                                                             *meths);
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define SSL_COMP_free_compression_methods() while(0) continue
+# endif
+__owur int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm);
+
+const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr);
+int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c);
+int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c);
+int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len,
+                             int isv2format, STACK_OF(SSL_CIPHER) **sk,
+                             STACK_OF(SSL_CIPHER) **scsvs);
+
+/* TLS extensions functions */
+__owur int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len);
+
+__owur int SSL_set_session_ticket_ext_cb(SSL *s,
+                                         tls_session_ticket_ext_cb_fn cb,
+                                         void *arg);
+
+/* Pre-shared secret session resumption functions */
+__owur int SSL_set_session_secret_cb(SSL *s,
+                                     tls_session_secret_cb_fn session_secret_cb,
+                                     void *arg);
+
+void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx,
+                                                int (*cb) (SSL *ssl,
+                                                           int
+                                                           is_forward_secure));
+
+void SSL_set_not_resumable_session_callback(SSL *ssl,
+                                            int (*cb) (SSL *ssl,
+                                                       int is_forward_secure));
+
+void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx,
+                                         size_t (*cb) (SSL *ssl, int type,
+                                                       size_t len, void *arg));
+void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg);
+void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx);
+int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size);
+
+void SSL_set_record_padding_callback(SSL *ssl,
+                                    size_t (*cb) (SSL *ssl, int type,
+                                                  size_t len, void *arg));
+void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg);
+void *SSL_get_record_padding_callback_arg(const SSL *ssl);
+int SSL_set_block_padding(SSL *ssl, size_t block_size);
+
+int SSL_set_num_tickets(SSL *s, size_t num_tickets);
+size_t SSL_get_num_tickets(const SSL *s);
+int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets);
+size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx);
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define SSL_cache_hit(s) SSL_session_reused(s)
+# endif
+
+__owur int SSL_session_reused(SSL *s);
+__owur int SSL_is_server(const SSL *s);
+
+__owur __owur SSL_CONF_CTX *SSL_CONF_CTX_new(void);
+int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx);
+void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx);
+unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags);
+__owur unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx,
+                                             unsigned int flags);
+__owur int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *pre);
+
+void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl);
+void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx);
+
+__owur int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value);
+__owur int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv);
+__owur int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd);
+
+void SSL_add_ssl_module(void);
+int SSL_config(SSL *s, const char *name);
+int SSL_CTX_config(SSL_CTX *ctx, const char *name);
+
+# ifndef OPENSSL_NO_SSL_TRACE
+void SSL_trace(int write_p, int version, int content_type,
+               const void *buf, size_t len, SSL *ssl, void *arg);
+# endif
+
+# ifndef OPENSSL_NO_SOCK
+int DTLSv1_listen(SSL *s, BIO_ADDR *client);
+# endif
+
+# ifndef OPENSSL_NO_CT
+
+/*
+ * A callback for verifying that the received SCTs are sufficient.
+ * Expected to return 1 if they are sufficient, otherwise 0.
+ * May return a negative integer if an error occurs.
+ * A connection should be aborted if the SCTs are deemed insufficient.
+ */
+typedef int (*ssl_ct_validation_cb)(const CT_POLICY_EVAL_CTX *ctx,
+                                    const STACK_OF(SCT) *scts, void *arg);
+
+/*
+ * Sets a |callback| that is invoked upon receipt of ServerHelloDone to validate
+ * the received SCTs.
+ * If the callback returns a non-positive result, the connection is terminated.
+ * Call this function before beginning a handshake.
+ * If a NULL |callback| is provided, SCT validation is disabled.
+ * |arg| is arbitrary userdata that will be passed to the callback whenever it
+ * is invoked. Ownership of |arg| remains with the caller.
+ *
+ * NOTE: A side-effect of setting a CT callback is that an OCSP stapled response
+ *       will be requested.
+ */
+int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback,
+                                   void *arg);
+int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx,
+                                       ssl_ct_validation_cb callback,
+                                       void *arg);
+#define SSL_disable_ct(s) \
+        ((void) SSL_set_validation_callback((s), NULL, NULL))
+#define SSL_CTX_disable_ct(ctx) \
+        ((void) SSL_CTX_set_validation_callback((ctx), NULL, NULL))
+
+/*
+ * The validation type enumerates the available behaviours of the built-in SSL
+ * CT validation callback selected via SSL_enable_ct() and SSL_CTX_enable_ct().
+ * The underlying callback is a static function in libssl.
+ */
+enum {
+    SSL_CT_VALIDATION_PERMISSIVE = 0,
+    SSL_CT_VALIDATION_STRICT
+};
+
+/*
+ * Enable CT by setting up a callback that implements one of the built-in
+ * validation variants.  The SSL_CT_VALIDATION_PERMISSIVE variant always
+ * continues the handshake, the application can make appropriate decisions at
+ * handshake completion.  The SSL_CT_VALIDATION_STRICT variant requires at
+ * least one valid SCT, or else handshake termination will be requested.  The
+ * handshake may continue anyway if SSL_VERIFY_NONE is in effect.
+ */
+int SSL_enable_ct(SSL *s, int validation_mode);
+int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode);
+
+/*
+ * Report whether a non-NULL callback is enabled.
+ */
+int SSL_ct_is_enabled(const SSL *s);
+int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx);
+
+/* Gets the SCTs received from a connection */
+const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s);
+
+/*
+ * Loads the CT log list from the default location.
+ * If a CTLOG_STORE has previously been set using SSL_CTX_set_ctlog_store,
+ * the log information loaded from this file will be appended to the
+ * CTLOG_STORE.
+ * Returns 1 on success, 0 otherwise.
+ */
+int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx);
+
+/*
+ * Loads the CT log list from the specified file path.
+ * If a CTLOG_STORE has previously been set using SSL_CTX_set_ctlog_store,
+ * the log information loaded from this file will be appended to the
+ * CTLOG_STORE.
+ * Returns 1 on success, 0 otherwise.
+ */
+int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path);
+
+/*
+ * Sets the CT log list used by all SSL connections created from this SSL_CTX.
+ * Ownership of the CTLOG_STORE is transferred to the SSL_CTX.
+ */
+void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE *logs);
+
+/*
+ * Gets the CT log list used by all SSL connections created from this SSL_CTX.
+ * This will be NULL unless one of the following functions has been called:
+ * - SSL_CTX_set_default_ctlog_list_file
+ * - SSL_CTX_set_ctlog_list_file
+ * - SSL_CTX_set_ctlog_store
+ */
+const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx);
+
+# endif /* OPENSSL_NO_CT */
+
+/* What the "other" parameter contains in security callback */
+/* Mask for type */
+# define SSL_SECOP_OTHER_TYPE    0xffff0000
+# define SSL_SECOP_OTHER_NONE    0
+# define SSL_SECOP_OTHER_CIPHER  (1 << 16)
+# define SSL_SECOP_OTHER_CURVE   (2 << 16)
+# define SSL_SECOP_OTHER_DH      (3 << 16)
+# define SSL_SECOP_OTHER_PKEY    (4 << 16)
+# define SSL_SECOP_OTHER_SIGALG  (5 << 16)
+# define SSL_SECOP_OTHER_CERT    (6 << 16)
+
+/* Indicated operation refers to peer key or certificate */
+# define SSL_SECOP_PEER          0x1000
+
+/* Values for "op" parameter in security callback */
+
+/* Called to filter ciphers */
+/* Ciphers client supports */
+# define SSL_SECOP_CIPHER_SUPPORTED      (1 | SSL_SECOP_OTHER_CIPHER)
+/* Cipher shared by client/server */
+# define SSL_SECOP_CIPHER_SHARED         (2 | SSL_SECOP_OTHER_CIPHER)
+/* Sanity check of cipher server selects */
+# define SSL_SECOP_CIPHER_CHECK          (3 | SSL_SECOP_OTHER_CIPHER)
+/* Curves supported by client */
+# define SSL_SECOP_CURVE_SUPPORTED       (4 | SSL_SECOP_OTHER_CURVE)
+/* Curves shared by client/server */
+# define SSL_SECOP_CURVE_SHARED          (5 | SSL_SECOP_OTHER_CURVE)
+/* Sanity check of curve server selects */
+# define SSL_SECOP_CURVE_CHECK           (6 | SSL_SECOP_OTHER_CURVE)
+/* Temporary DH key */
+# define SSL_SECOP_TMP_DH                (7 | SSL_SECOP_OTHER_PKEY)
+/* SSL/TLS version */
+# define SSL_SECOP_VERSION               (9 | SSL_SECOP_OTHER_NONE)
+/* Session tickets */
+# define SSL_SECOP_TICKET                (10 | SSL_SECOP_OTHER_NONE)
+/* Supported signature algorithms sent to peer */
+# define SSL_SECOP_SIGALG_SUPPORTED      (11 | SSL_SECOP_OTHER_SIGALG)
+/* Shared signature algorithm */
+# define SSL_SECOP_SIGALG_SHARED         (12 | SSL_SECOP_OTHER_SIGALG)
+/* Sanity check signature algorithm allowed */
+# define SSL_SECOP_SIGALG_CHECK          (13 | SSL_SECOP_OTHER_SIGALG)
+/* Used to get mask of supported public key signature algorithms */
+# define SSL_SECOP_SIGALG_MASK           (14 | SSL_SECOP_OTHER_SIGALG)
+/* Use to see if compression is allowed */
+# define SSL_SECOP_COMPRESSION           (15 | SSL_SECOP_OTHER_NONE)
+/* EE key in certificate */
+# define SSL_SECOP_EE_KEY                (16 | SSL_SECOP_OTHER_CERT)
+/* CA key in certificate */
+# define SSL_SECOP_CA_KEY                (17 | SSL_SECOP_OTHER_CERT)
+/* CA digest algorithm in certificate */
+# define SSL_SECOP_CA_MD                 (18 | SSL_SECOP_OTHER_CERT)
+/* Peer EE key in certificate */
+# define SSL_SECOP_PEER_EE_KEY           (SSL_SECOP_EE_KEY | SSL_SECOP_PEER)
+/* Peer CA key in certificate */
+# define SSL_SECOP_PEER_CA_KEY           (SSL_SECOP_CA_KEY | SSL_SECOP_PEER)
+/* Peer CA digest algorithm in certificate */
+# define SSL_SECOP_PEER_CA_MD            (SSL_SECOP_CA_MD | SSL_SECOP_PEER)
+
+void SSL_set_security_level(SSL *s, int level);
+__owur int SSL_get_security_level(const SSL *s);
+void SSL_set_security_callback(SSL *s,
+                               int (*cb) (const SSL *s, const SSL_CTX *ctx,
+                                          int op, int bits, int nid,
+                                          void *other, void *ex));
+int (*SSL_get_security_callback(const SSL *s)) (const SSL *s,
+                                                const SSL_CTX *ctx, int op,
+                                                int bits, int nid, void *other,
+                                                void *ex);
+void SSL_set0_security_ex_data(SSL *s, void *ex);
+__owur void *SSL_get0_security_ex_data(const SSL *s);
+
+void SSL_CTX_set_security_level(SSL_CTX *ctx, int level);
+__owur int SSL_CTX_get_security_level(const SSL_CTX *ctx);
+void SSL_CTX_set_security_callback(SSL_CTX *ctx,
+                                   int (*cb) (const SSL *s, const SSL_CTX *ctx,
+                                              int op, int bits, int nid,
+                                              void *other, void *ex));
+int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (const SSL *s,
+                                                          const SSL_CTX *ctx,
+                                                          int op, int bits,
+                                                          int nid,
+                                                          void *other,
+                                                          void *ex);
+void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex);
+__owur void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx);
+
+/* OPENSSL_INIT flag 0x010000 reserved for internal use */
+# define OPENSSL_INIT_NO_LOAD_SSL_STRINGS    0x00100000L
+# define OPENSSL_INIT_LOAD_SSL_STRINGS       0x00200000L
+
+# define OPENSSL_INIT_SSL_DEFAULT \
+        (OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS)
+
+int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
+
+# ifndef OPENSSL_NO_UNIT_TEST
+__owur const struct openssl_ssl_test_functions *SSL_test_functions(void);
+# endif
+
+__owur int SSL_free_buffers(SSL *ssl);
+__owur int SSL_alloc_buffers(SSL *ssl);
+
+/* Status codes passed to the decrypt session ticket callback. Some of these
+ * are for internal use only and are never passed to the callback. */
+typedef int SSL_TICKET_STATUS;
+
+/* Support for ticket appdata */
+/* fatal error, malloc failure */
+# define SSL_TICKET_FATAL_ERR_MALLOC 0
+/* fatal error, either from parsing or decrypting the ticket */
+# define SSL_TICKET_FATAL_ERR_OTHER  1
+/* No ticket present */
+# define SSL_TICKET_NONE             2
+/* Empty ticket present */
+# define SSL_TICKET_EMPTY            3
+/* the ticket couldn't be decrypted */
+# define SSL_TICKET_NO_DECRYPT       4
+/* a ticket was successfully decrypted */
+# define SSL_TICKET_SUCCESS          5
+/* same as above but the ticket needs to be renewed */
+# define SSL_TICKET_SUCCESS_RENEW    6
+
+/* Return codes for the decrypt session ticket callback */
+typedef int SSL_TICKET_RETURN;
+
+/* An error occurred */
+#define SSL_TICKET_RETURN_ABORT             0
+/* Do not use the ticket, do not send a renewed ticket to the client */
+#define SSL_TICKET_RETURN_IGNORE            1
+/* Do not use the ticket, send a renewed ticket to the client */
+#define SSL_TICKET_RETURN_IGNORE_RENEW      2
+/* Use the ticket, do not send a renewed ticket to the client */
+#define SSL_TICKET_RETURN_USE               3
+/* Use the ticket, send a renewed ticket to the client */
+#define SSL_TICKET_RETURN_USE_RENEW         4
+
+typedef int (*SSL_CTX_generate_session_ticket_fn)(SSL *s, void *arg);
+typedef SSL_TICKET_RETURN (*SSL_CTX_decrypt_session_ticket_fn)(SSL *s, SSL_SESSION *ss,
+                                                               const unsigned char *keyname,
+                                                               size_t keyname_length,
+                                                               SSL_TICKET_STATUS status,
+                                                               void *arg);
+int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx,
+                                  SSL_CTX_generate_session_ticket_fn gen_cb,
+                                  SSL_CTX_decrypt_session_ticket_fn dec_cb,
+                                  void *arg);
+int SSL_SESSION_set1_ticket_appdata(SSL_SESSION *ss, const void *data, size_t len);
+int SSL_SESSION_get0_ticket_appdata(SSL_SESSION *ss, void **data, size_t *len);
+
+extern const char SSL_version_str[];
+
+typedef unsigned int (*DTLS_timer_cb)(SSL *s, unsigned int timer_us);
+
+void DTLS_set_timer_cb(SSL *s, DTLS_timer_cb cb);
+
+
+typedef int (*SSL_allow_early_data_cb_fn)(SSL *s, void *arg);
+void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx,
+                                     SSL_allow_early_data_cb_fn cb,
+                                     void *arg);
+void SSL_set_allow_early_data_cb(SSL *s,
+                                 SSL_allow_early_data_cb_fn cb,
+                                 void *arg);
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/ssl2.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/ssl2.h
new file mode 100644
index 000000000..5321bd272
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/ssl2.h
@@ -0,0 +1,24 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_SSL2_H
+# define HEADER_SSL2_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# define SSL2_VERSION            0x0002
+
+# define SSL2_MT_CLIENT_HELLO            1
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/ssl3.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/ssl3.h
new file mode 100644
index 000000000..8d01fcc48
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/ssl3.h
@@ -0,0 +1,339 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_SSL3_H
+# define HEADER_SSL3_H
+
+# include <openssl/comp.h>
+# include <openssl/buffer.h>
+# include <openssl/evp.h>
+# include <openssl/ssl.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/*
+ * Signalling cipher suite value from RFC 5746
+ * (TLS_EMPTY_RENEGOTIATION_INFO_SCSV)
+ */
+# define SSL3_CK_SCSV                            0x030000FF
+
+/*
+ * Signalling cipher suite value from draft-ietf-tls-downgrade-scsv-00
+ * (TLS_FALLBACK_SCSV)
+ */
+# define SSL3_CK_FALLBACK_SCSV                   0x03005600
+
+# define SSL3_CK_RSA_NULL_MD5                    0x03000001
+# define SSL3_CK_RSA_NULL_SHA                    0x03000002
+# define SSL3_CK_RSA_RC4_40_MD5                  0x03000003
+# define SSL3_CK_RSA_RC4_128_MD5                 0x03000004
+# define SSL3_CK_RSA_RC4_128_SHA                 0x03000005
+# define SSL3_CK_RSA_RC2_40_MD5                  0x03000006
+# define SSL3_CK_RSA_IDEA_128_SHA                0x03000007
+# define SSL3_CK_RSA_DES_40_CBC_SHA              0x03000008
+# define SSL3_CK_RSA_DES_64_CBC_SHA              0x03000009
+# define SSL3_CK_RSA_DES_192_CBC3_SHA            0x0300000A
+
+# define SSL3_CK_DH_DSS_DES_40_CBC_SHA           0x0300000B
+# define SSL3_CK_DH_DSS_DES_64_CBC_SHA           0x0300000C
+# define SSL3_CK_DH_DSS_DES_192_CBC3_SHA         0x0300000D
+# define SSL3_CK_DH_RSA_DES_40_CBC_SHA           0x0300000E
+# define SSL3_CK_DH_RSA_DES_64_CBC_SHA           0x0300000F
+# define SSL3_CK_DH_RSA_DES_192_CBC3_SHA         0x03000010
+
+# define SSL3_CK_DHE_DSS_DES_40_CBC_SHA          0x03000011
+# define SSL3_CK_EDH_DSS_DES_40_CBC_SHA          SSL3_CK_DHE_DSS_DES_40_CBC_SHA
+# define SSL3_CK_DHE_DSS_DES_64_CBC_SHA          0x03000012
+# define SSL3_CK_EDH_DSS_DES_64_CBC_SHA          SSL3_CK_DHE_DSS_DES_64_CBC_SHA
+# define SSL3_CK_DHE_DSS_DES_192_CBC3_SHA        0x03000013
+# define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA        SSL3_CK_DHE_DSS_DES_192_CBC3_SHA
+# define SSL3_CK_DHE_RSA_DES_40_CBC_SHA          0x03000014
+# define SSL3_CK_EDH_RSA_DES_40_CBC_SHA          SSL3_CK_DHE_RSA_DES_40_CBC_SHA
+# define SSL3_CK_DHE_RSA_DES_64_CBC_SHA          0x03000015
+# define SSL3_CK_EDH_RSA_DES_64_CBC_SHA          SSL3_CK_DHE_RSA_DES_64_CBC_SHA
+# define SSL3_CK_DHE_RSA_DES_192_CBC3_SHA        0x03000016
+# define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA        SSL3_CK_DHE_RSA_DES_192_CBC3_SHA
+
+# define SSL3_CK_ADH_RC4_40_MD5                  0x03000017
+# define SSL3_CK_ADH_RC4_128_MD5                 0x03000018
+# define SSL3_CK_ADH_DES_40_CBC_SHA              0x03000019
+# define SSL3_CK_ADH_DES_64_CBC_SHA              0x0300001A
+# define SSL3_CK_ADH_DES_192_CBC_SHA             0x0300001B
+
+/* a bundle of RFC standard cipher names, generated from ssl3_ciphers[] */
+# define SSL3_RFC_RSA_NULL_MD5                   "TLS_RSA_WITH_NULL_MD5"
+# define SSL3_RFC_RSA_NULL_SHA                   "TLS_RSA_WITH_NULL_SHA"
+# define SSL3_RFC_RSA_DES_192_CBC3_SHA           "TLS_RSA_WITH_3DES_EDE_CBC_SHA"
+# define SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA       "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA"
+# define SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA       "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA"
+# define SSL3_RFC_ADH_DES_192_CBC_SHA            "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA"
+# define SSL3_RFC_RSA_IDEA_128_SHA               "TLS_RSA_WITH_IDEA_CBC_SHA"
+# define SSL3_RFC_RSA_RC4_128_MD5                "TLS_RSA_WITH_RC4_128_MD5"
+# define SSL3_RFC_RSA_RC4_128_SHA                "TLS_RSA_WITH_RC4_128_SHA"
+# define SSL3_RFC_ADH_RC4_128_MD5                "TLS_DH_anon_WITH_RC4_128_MD5"
+
+# define SSL3_TXT_RSA_NULL_MD5                   "NULL-MD5"
+# define SSL3_TXT_RSA_NULL_SHA                   "NULL-SHA"
+# define SSL3_TXT_RSA_RC4_40_MD5                 "EXP-RC4-MD5"
+# define SSL3_TXT_RSA_RC4_128_MD5                "RC4-MD5"
+# define SSL3_TXT_RSA_RC4_128_SHA                "RC4-SHA"
+# define SSL3_TXT_RSA_RC2_40_MD5                 "EXP-RC2-CBC-MD5"
+# define SSL3_TXT_RSA_IDEA_128_SHA               "IDEA-CBC-SHA"
+# define SSL3_TXT_RSA_DES_40_CBC_SHA             "EXP-DES-CBC-SHA"
+# define SSL3_TXT_RSA_DES_64_CBC_SHA             "DES-CBC-SHA"
+# define SSL3_TXT_RSA_DES_192_CBC3_SHA           "DES-CBC3-SHA"
+
+# define SSL3_TXT_DH_DSS_DES_40_CBC_SHA          "EXP-DH-DSS-DES-CBC-SHA"
+# define SSL3_TXT_DH_DSS_DES_64_CBC_SHA          "DH-DSS-DES-CBC-SHA"
+# define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA        "DH-DSS-DES-CBC3-SHA"
+# define SSL3_TXT_DH_RSA_DES_40_CBC_SHA          "EXP-DH-RSA-DES-CBC-SHA"
+# define SSL3_TXT_DH_RSA_DES_64_CBC_SHA          "DH-RSA-DES-CBC-SHA"
+# define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA        "DH-RSA-DES-CBC3-SHA"
+
+# define SSL3_TXT_DHE_DSS_DES_40_CBC_SHA         "EXP-DHE-DSS-DES-CBC-SHA"
+# define SSL3_TXT_DHE_DSS_DES_64_CBC_SHA         "DHE-DSS-DES-CBC-SHA"
+# define SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA       "DHE-DSS-DES-CBC3-SHA"
+# define SSL3_TXT_DHE_RSA_DES_40_CBC_SHA         "EXP-DHE-RSA-DES-CBC-SHA"
+# define SSL3_TXT_DHE_RSA_DES_64_CBC_SHA         "DHE-RSA-DES-CBC-SHA"
+# define SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA       "DHE-RSA-DES-CBC3-SHA"
+
+/*
+ * This next block of six "EDH" labels is for backward compatibility with
+ * older versions of OpenSSL.  New code should use the six "DHE" labels above
+ * instead:
+ */
+# define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA         "EXP-EDH-DSS-DES-CBC-SHA"
+# define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA         "EDH-DSS-DES-CBC-SHA"
+# define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA       "EDH-DSS-DES-CBC3-SHA"
+# define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA         "EXP-EDH-RSA-DES-CBC-SHA"
+# define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA         "EDH-RSA-DES-CBC-SHA"
+# define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA       "EDH-RSA-DES-CBC3-SHA"
+
+# define SSL3_TXT_ADH_RC4_40_MD5                 "EXP-ADH-RC4-MD5"
+# define SSL3_TXT_ADH_RC4_128_MD5                "ADH-RC4-MD5"
+# define SSL3_TXT_ADH_DES_40_CBC_SHA             "EXP-ADH-DES-CBC-SHA"
+# define SSL3_TXT_ADH_DES_64_CBC_SHA             "ADH-DES-CBC-SHA"
+# define SSL3_TXT_ADH_DES_192_CBC_SHA            "ADH-DES-CBC3-SHA"
+
+# define SSL3_SSL_SESSION_ID_LENGTH              32
+# define SSL3_MAX_SSL_SESSION_ID_LENGTH          32
+
+# define SSL3_MASTER_SECRET_SIZE                 48
+# define SSL3_RANDOM_SIZE                        32
+# define SSL3_SESSION_ID_SIZE                    32
+# define SSL3_RT_HEADER_LENGTH                   5
+
+# define SSL3_HM_HEADER_LENGTH                  4
+
+# ifndef SSL3_ALIGN_PAYLOAD
+ /*
+  * Some will argue that this increases memory footprint, but it's not
+  * actually true. Point is that malloc has to return at least 64-bit aligned
+  * pointers, meaning that allocating 5 bytes wastes 3 bytes in either case.
+  * Suggested pre-gaping simply moves these wasted bytes from the end of
+  * allocated region to its front, but makes data payload aligned, which
+  * improves performance:-)
+  */
+#  define SSL3_ALIGN_PAYLOAD                     8
+# else
+#  if (SSL3_ALIGN_PAYLOAD&(SSL3_ALIGN_PAYLOAD-1))!=0
+#   error "insane SSL3_ALIGN_PAYLOAD"
+#   undef SSL3_ALIGN_PAYLOAD
+#  endif
+# endif
+
+/*
+ * This is the maximum MAC (digest) size used by the SSL library. Currently
+ * maximum of 20 is used by SHA1, but we reserve for future extension for
+ * 512-bit hashes.
+ */
+
+# define SSL3_RT_MAX_MD_SIZE                     64
+
+/*
+ * Maximum block size used in all ciphersuites. Currently 16 for AES.
+ */
+
+# define SSL_RT_MAX_CIPHER_BLOCK_SIZE            16
+
+# define SSL3_RT_MAX_EXTRA                       (16384)
+
+/* Maximum plaintext length: defined by SSL/TLS standards */
+# define SSL3_RT_MAX_PLAIN_LENGTH                16384
+/* Maximum compression overhead: defined by SSL/TLS standards */
+# define SSL3_RT_MAX_COMPRESSED_OVERHEAD         1024
+
+/*
+ * The standards give a maximum encryption overhead of 1024 bytes. In
+ * practice the value is lower than this. The overhead is the maximum number
+ * of padding bytes (256) plus the mac size.
+ */
+# define SSL3_RT_MAX_ENCRYPTED_OVERHEAD        (256 + SSL3_RT_MAX_MD_SIZE)
+# define SSL3_RT_MAX_TLS13_ENCRYPTED_OVERHEAD  256
+
+/*
+ * OpenSSL currently only uses a padding length of at most one block so the
+ * send overhead is smaller.
+ */
+
+# define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \
+                        (SSL_RT_MAX_CIPHER_BLOCK_SIZE + SSL3_RT_MAX_MD_SIZE)
+
+/* If compression isn't used don't include the compression overhead */
+
+# ifdef OPENSSL_NO_COMP
+#  define SSL3_RT_MAX_COMPRESSED_LENGTH           SSL3_RT_MAX_PLAIN_LENGTH
+# else
+#  define SSL3_RT_MAX_COMPRESSED_LENGTH   \
+            (SSL3_RT_MAX_PLAIN_LENGTH+SSL3_RT_MAX_COMPRESSED_OVERHEAD)
+# endif
+# define SSL3_RT_MAX_ENCRYPTED_LENGTH    \
+            (SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH)
+# define SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH \
+            (SSL3_RT_MAX_PLAIN_LENGTH + SSL3_RT_MAX_TLS13_ENCRYPTED_OVERHEAD)
+# define SSL3_RT_MAX_PACKET_SIZE         \
+            (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
+
+# define SSL3_MD_CLIENT_FINISHED_CONST   "\x43\x4C\x4E\x54"
+# define SSL3_MD_SERVER_FINISHED_CONST   "\x53\x52\x56\x52"
+
+# define SSL3_VERSION                    0x0300
+# define SSL3_VERSION_MAJOR              0x03
+# define SSL3_VERSION_MINOR              0x00
+
+# define SSL3_RT_CHANGE_CIPHER_SPEC      20
+# define SSL3_RT_ALERT                   21
+# define SSL3_RT_HANDSHAKE               22
+# define SSL3_RT_APPLICATION_DATA        23
+# define DTLS1_RT_HEARTBEAT              24
+
+/* Pseudo content types to indicate additional parameters */
+# define TLS1_RT_CRYPTO                  0x1000
+# define TLS1_RT_CRYPTO_PREMASTER        (TLS1_RT_CRYPTO | 0x1)
+# define TLS1_RT_CRYPTO_CLIENT_RANDOM    (TLS1_RT_CRYPTO | 0x2)
+# define TLS1_RT_CRYPTO_SERVER_RANDOM    (TLS1_RT_CRYPTO | 0x3)
+# define TLS1_RT_CRYPTO_MASTER           (TLS1_RT_CRYPTO | 0x4)
+
+# define TLS1_RT_CRYPTO_READ             0x0000
+# define TLS1_RT_CRYPTO_WRITE            0x0100
+# define TLS1_RT_CRYPTO_MAC              (TLS1_RT_CRYPTO | 0x5)
+# define TLS1_RT_CRYPTO_KEY              (TLS1_RT_CRYPTO | 0x6)
+# define TLS1_RT_CRYPTO_IV               (TLS1_RT_CRYPTO | 0x7)
+# define TLS1_RT_CRYPTO_FIXED_IV         (TLS1_RT_CRYPTO | 0x8)
+
+/* Pseudo content types for SSL/TLS header info */
+# define SSL3_RT_HEADER                  0x100
+# define SSL3_RT_INNER_CONTENT_TYPE      0x101
+
+# define SSL3_AL_WARNING                 1
+# define SSL3_AL_FATAL                   2
+
+# define SSL3_AD_CLOSE_NOTIFY             0
+# define SSL3_AD_UNEXPECTED_MESSAGE      10/* fatal */
+# define SSL3_AD_BAD_RECORD_MAC          20/* fatal */
+# define SSL3_AD_DECOMPRESSION_FAILURE   30/* fatal */
+# define SSL3_AD_HANDSHAKE_FAILURE       40/* fatal */
+# define SSL3_AD_NO_CERTIFICATE          41
+# define SSL3_AD_BAD_CERTIFICATE         42
+# define SSL3_AD_UNSUPPORTED_CERTIFICATE 43
+# define SSL3_AD_CERTIFICATE_REVOKED     44
+# define SSL3_AD_CERTIFICATE_EXPIRED     45
+# define SSL3_AD_CERTIFICATE_UNKNOWN     46
+# define SSL3_AD_ILLEGAL_PARAMETER       47/* fatal */
+
+# define TLS1_HB_REQUEST         1
+# define TLS1_HB_RESPONSE        2
+
+
+# define SSL3_CT_RSA_SIGN                        1
+# define SSL3_CT_DSS_SIGN                        2
+# define SSL3_CT_RSA_FIXED_DH                    3
+# define SSL3_CT_DSS_FIXED_DH                    4
+# define SSL3_CT_RSA_EPHEMERAL_DH                5
+# define SSL3_CT_DSS_EPHEMERAL_DH                6
+# define SSL3_CT_FORTEZZA_DMS                    20
+/*
+ * SSL3_CT_NUMBER is used to size arrays and it must be large enough to
+ * contain all of the cert types defined for *either* SSLv3 and TLSv1.
+ */
+# define SSL3_CT_NUMBER                  10
+
+# if defined(TLS_CT_NUMBER)
+#  if TLS_CT_NUMBER != SSL3_CT_NUMBER
+#    error "SSL/TLS CT_NUMBER values do not match"
+#  endif
+# endif
+
+/* No longer used as of OpenSSL 1.1.1 */
+# define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS       0x0001
+
+/* Removed from OpenSSL 1.1.0 */
+# define TLS1_FLAGS_TLS_PADDING_BUG              0x0
+
+# define TLS1_FLAGS_SKIP_CERT_VERIFY             0x0010
+
+/* Set if we encrypt then mac instead of usual mac then encrypt */
+# define TLS1_FLAGS_ENCRYPT_THEN_MAC_READ        0x0100
+# define TLS1_FLAGS_ENCRYPT_THEN_MAC             TLS1_FLAGS_ENCRYPT_THEN_MAC_READ
+
+/* Set if extended master secret extension received from peer */
+# define TLS1_FLAGS_RECEIVED_EXTMS               0x0200
+
+# define TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE       0x0400
+
+# define TLS1_FLAGS_STATELESS                    0x0800
+
+# define SSL3_MT_HELLO_REQUEST                   0
+# define SSL3_MT_CLIENT_HELLO                    1
+# define SSL3_MT_SERVER_HELLO                    2
+# define SSL3_MT_NEWSESSION_TICKET               4
+# define SSL3_MT_END_OF_EARLY_DATA               5
+# define SSL3_MT_ENCRYPTED_EXTENSIONS            8
+# define SSL3_MT_CERTIFICATE                     11
+# define SSL3_MT_SERVER_KEY_EXCHANGE             12
+# define SSL3_MT_CERTIFICATE_REQUEST             13
+# define SSL3_MT_SERVER_DONE                     14
+# define SSL3_MT_CERTIFICATE_VERIFY              15
+# define SSL3_MT_CLIENT_KEY_EXCHANGE             16
+# define SSL3_MT_FINISHED                        20
+# define SSL3_MT_CERTIFICATE_URL                 21
+# define SSL3_MT_CERTIFICATE_STATUS              22
+# define SSL3_MT_SUPPLEMENTAL_DATA               23
+# define SSL3_MT_KEY_UPDATE                      24
+# ifndef OPENSSL_NO_NEXTPROTONEG
+#  define SSL3_MT_NEXT_PROTO                     67
+# endif
+# define SSL3_MT_MESSAGE_HASH                    254
+# define DTLS1_MT_HELLO_VERIFY_REQUEST           3
+
+/* Dummy message type for handling CCS like a normal handshake message */
+# define SSL3_MT_CHANGE_CIPHER_SPEC              0x0101
+
+# define SSL3_MT_CCS                             1
+
+/* These are used when changing over to a new cipher */
+# define SSL3_CC_READ            0x001
+# define SSL3_CC_WRITE           0x002
+# define SSL3_CC_CLIENT          0x010
+# define SSL3_CC_SERVER          0x020
+# define SSL3_CC_EARLY           0x040
+# define SSL3_CC_HANDSHAKE       0x080
+# define SSL3_CC_APPLICATION     0x100
+# define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE)
+# define SSL3_CHANGE_CIPHER_SERVER_READ  (SSL3_CC_SERVER|SSL3_CC_READ)
+# define SSL3_CHANGE_CIPHER_CLIENT_READ  (SSL3_CC_CLIENT|SSL3_CC_READ)
+# define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE)
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/sslerr.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/sslerr.h
new file mode 100644
index 000000000..a50a075b4
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/sslerr.h
@@ -0,0 +1,768 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_SSLERR_H
+# define HEADER_SSLERR_H
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_SSL_strings(void);
+
+/*
+ * SSL function codes.
+ */
+# define SSL_F_ADD_CLIENT_KEY_SHARE_EXT                   438
+# define SSL_F_ADD_KEY_SHARE                              512
+# define SSL_F_BYTES_TO_CIPHER_LIST                       519
+# define SSL_F_CHECK_SUITEB_CIPHER_LIST                   331
+# define SSL_F_CIPHERSUITE_CB                             622
+# define SSL_F_CONSTRUCT_CA_NAMES                         552
+# define SSL_F_CONSTRUCT_KEY_EXCHANGE_TBS                 553
+# define SSL_F_CONSTRUCT_STATEFUL_TICKET                  636
+# define SSL_F_CONSTRUCT_STATELESS_TICKET                 637
+# define SSL_F_CREATE_SYNTHETIC_MESSAGE_HASH              539
+# define SSL_F_CREATE_TICKET_PREQUEL                      638
+# define SSL_F_CT_MOVE_SCTS                               345
+# define SSL_F_CT_STRICT                                  349
+# define SSL_F_CUSTOM_EXT_ADD                             554
+# define SSL_F_CUSTOM_EXT_PARSE                           555
+# define SSL_F_D2I_SSL_SESSION                            103
+# define SSL_F_DANE_CTX_ENABLE                            347
+# define SSL_F_DANE_MTYPE_SET                             393
+# define SSL_F_DANE_TLSA_ADD                              394
+# define SSL_F_DERIVE_SECRET_KEY_AND_IV                   514
+# define SSL_F_DO_DTLS1_WRITE                             245
+# define SSL_F_DO_SSL3_WRITE                              104
+# define SSL_F_DTLS1_BUFFER_RECORD                        247
+# define SSL_F_DTLS1_CHECK_TIMEOUT_NUM                    318
+# define SSL_F_DTLS1_HEARTBEAT                            305
+# define SSL_F_DTLS1_HM_FRAGMENT_NEW                      623
+# define SSL_F_DTLS1_PREPROCESS_FRAGMENT                  288
+# define SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS             424
+# define SSL_F_DTLS1_PROCESS_RECORD                       257
+# define SSL_F_DTLS1_READ_BYTES                           258
+# define SSL_F_DTLS1_READ_FAILED                          339
+# define SSL_F_DTLS1_RETRANSMIT_MESSAGE                   390
+# define SSL_F_DTLS1_WRITE_APP_DATA_BYTES                 268
+# define SSL_F_DTLS1_WRITE_BYTES                          545
+# define SSL_F_DTLSV1_LISTEN                              350
+# define SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC          371
+# define SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST        385
+# define SSL_F_DTLS_GET_REASSEMBLED_MESSAGE               370
+# define SSL_F_DTLS_PROCESS_HELLO_VERIFY                  386
+# define SSL_F_DTLS_RECORD_LAYER_NEW                      635
+# define SSL_F_DTLS_WAIT_FOR_DRY                          592
+# define SSL_F_EARLY_DATA_COUNT_OK                        532
+# define SSL_F_FINAL_EARLY_DATA                           556
+# define SSL_F_FINAL_EC_PT_FORMATS                        485
+# define SSL_F_FINAL_EMS                                  486
+# define SSL_F_FINAL_KEY_SHARE                            503
+# define SSL_F_FINAL_MAXFRAGMENTLEN                       557
+# define SSL_F_FINAL_RENEGOTIATE                          483
+# define SSL_F_FINAL_SERVER_NAME                          558
+# define SSL_F_FINAL_SIG_ALGS                             497
+# define SSL_F_GET_CERT_VERIFY_TBS_DATA                   588
+# define SSL_F_NSS_KEYLOG_INT                             500
+# define SSL_F_OPENSSL_INIT_SSL                           342
+# define SSL_F_OSSL_STATEM_CLIENT13_READ_TRANSITION       436
+# define SSL_F_OSSL_STATEM_CLIENT13_WRITE_TRANSITION      598
+# define SSL_F_OSSL_STATEM_CLIENT_CONSTRUCT_MESSAGE       430
+# define SSL_F_OSSL_STATEM_CLIENT_POST_PROCESS_MESSAGE    593
+# define SSL_F_OSSL_STATEM_CLIENT_PROCESS_MESSAGE         594
+# define SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION         417
+# define SSL_F_OSSL_STATEM_CLIENT_WRITE_TRANSITION        599
+# define SSL_F_OSSL_STATEM_SERVER13_READ_TRANSITION       437
+# define SSL_F_OSSL_STATEM_SERVER13_WRITE_TRANSITION      600
+# define SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE       431
+# define SSL_F_OSSL_STATEM_SERVER_POST_PROCESS_MESSAGE    601
+# define SSL_F_OSSL_STATEM_SERVER_POST_WORK               602
+# define SSL_F_OSSL_STATEM_SERVER_PROCESS_MESSAGE         603
+# define SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION         418
+# define SSL_F_OSSL_STATEM_SERVER_WRITE_TRANSITION        604
+# define SSL_F_PARSE_CA_NAMES                             541
+# define SSL_F_PITEM_NEW                                  624
+# define SSL_F_PQUEUE_NEW                                 625
+# define SSL_F_PROCESS_KEY_SHARE_EXT                      439
+# define SSL_F_READ_STATE_MACHINE                         352
+# define SSL_F_SET_CLIENT_CIPHERSUITE                     540
+# define SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET          595
+# define SSL_F_SRP_GENERATE_SERVER_MASTER_SECRET          589
+# define SSL_F_SRP_VERIFY_SERVER_PARAM                    596
+# define SSL_F_SSL3_CHANGE_CIPHER_STATE                   129
+# define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM              130
+# define SSL_F_SSL3_CTRL                                  213
+# define SSL_F_SSL3_CTX_CTRL                              133
+# define SSL_F_SSL3_DIGEST_CACHED_RECORDS                 293
+# define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC                 292
+# define SSL_F_SSL3_ENC                                   608
+# define SSL_F_SSL3_FINAL_FINISH_MAC                      285
+# define SSL_F_SSL3_FINISH_MAC                            587
+# define SSL_F_SSL3_GENERATE_KEY_BLOCK                    238
+# define SSL_F_SSL3_GENERATE_MASTER_SECRET                388
+# define SSL_F_SSL3_GET_RECORD                            143
+# define SSL_F_SSL3_INIT_FINISHED_MAC                     397
+# define SSL_F_SSL3_OUTPUT_CERT_CHAIN                     147
+# define SSL_F_SSL3_READ_BYTES                            148
+# define SSL_F_SSL3_READ_N                                149
+# define SSL_F_SSL3_SETUP_KEY_BLOCK                       157
+# define SSL_F_SSL3_SETUP_READ_BUFFER                     156
+# define SSL_F_SSL3_SETUP_WRITE_BUFFER                    291
+# define SSL_F_SSL3_WRITE_BYTES                           158
+# define SSL_F_SSL3_WRITE_PENDING                         159
+# define SSL_F_SSL_ADD_CERT_CHAIN                         316
+# define SSL_F_SSL_ADD_CERT_TO_BUF                        319
+# define SSL_F_SSL_ADD_CERT_TO_WPACKET                    493
+# define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT        298
+# define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT                 277
+# define SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT           307
+# define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK         215
+# define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK        216
+# define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT        299
+# define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT                 278
+# define SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT           308
+# define SSL_F_SSL_BAD_METHOD                             160
+# define SSL_F_SSL_BUILD_CERT_CHAIN                       332
+# define SSL_F_SSL_BYTES_TO_CIPHER_LIST                   161
+# define SSL_F_SSL_CACHE_CIPHERLIST                       520
+# define SSL_F_SSL_CERT_ADD0_CHAIN_CERT                   346
+# define SSL_F_SSL_CERT_DUP                               221
+# define SSL_F_SSL_CERT_NEW                               162
+# define SSL_F_SSL_CERT_SET0_CHAIN                        340
+# define SSL_F_SSL_CHECK_PRIVATE_KEY                      163
+# define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT               280
+# define SSL_F_SSL_CHECK_SRP_EXT_CLIENTHELLO              606
+# define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG            279
+# define SSL_F_SSL_CHOOSE_CLIENT_VERSION                  607
+# define SSL_F_SSL_CIPHER_DESCRIPTION                     626
+# define SSL_F_SSL_CIPHER_LIST_TO_BYTES                   425
+# define SSL_F_SSL_CIPHER_PROCESS_RULESTR                 230
+# define SSL_F_SSL_CIPHER_STRENGTH_SORT                   231
+# define SSL_F_SSL_CLEAR                                  164
+# define SSL_F_SSL_CLIENT_HELLO_GET1_EXTENSIONS_PRESENT   627
+# define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD            165
+# define SSL_F_SSL_CONF_CMD                               334
+# define SSL_F_SSL_CREATE_CIPHER_LIST                     166
+# define SSL_F_SSL_CTRL                                   232
+# define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY                  168
+# define SSL_F_SSL_CTX_ENABLE_CT                          398
+# define SSL_F_SSL_CTX_MAKE_PROFILES                      309
+# define SSL_F_SSL_CTX_NEW                                169
+# define SSL_F_SSL_CTX_SET_ALPN_PROTOS                    343
+# define SSL_F_SSL_CTX_SET_CIPHER_LIST                    269
+# define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE             290
+# define SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK         396
+# define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT             219
+# define SSL_F_SSL_CTX_SET_SSL_VERSION                    170
+# define SSL_F_SSL_CTX_SET_TLSEXT_MAX_FRAGMENT_LENGTH     551
+# define SSL_F_SSL_CTX_USE_CERTIFICATE                    171
+# define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1               172
+# define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE               173
+# define SSL_F_SSL_CTX_USE_PRIVATEKEY                     174
+# define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1                175
+# define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE                176
+# define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT              272
+# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY                  177
+# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1             178
+# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE             179
+# define SSL_F_SSL_CTX_USE_SERVERINFO                     336
+# define SSL_F_SSL_CTX_USE_SERVERINFO_EX                  543
+# define SSL_F_SSL_CTX_USE_SERVERINFO_FILE                337
+# define SSL_F_SSL_DANE_DUP                               403
+# define SSL_F_SSL_DANE_ENABLE                            395
+# define SSL_F_SSL_DERIVE                                 590
+# define SSL_F_SSL_DO_CONFIG                              391
+# define SSL_F_SSL_DO_HANDSHAKE                           180
+# define SSL_F_SSL_DUP_CA_LIST                            408
+# define SSL_F_SSL_ENABLE_CT                              402
+# define SSL_F_SSL_GENERATE_PKEY_GROUP                    559
+# define SSL_F_SSL_GENERATE_SESSION_ID                    547
+# define SSL_F_SSL_GET_NEW_SESSION                        181
+# define SSL_F_SSL_GET_PREV_SESSION                       217
+# define SSL_F_SSL_GET_SERVER_CERT_INDEX                  322
+# define SSL_F_SSL_GET_SIGN_PKEY                          183
+# define SSL_F_SSL_HANDSHAKE_HASH                         560
+# define SSL_F_SSL_INIT_WBIO_BUFFER                       184
+# define SSL_F_SSL_KEY_UPDATE                             515
+# define SSL_F_SSL_LOAD_CLIENT_CA_FILE                    185
+# define SSL_F_SSL_LOG_MASTER_SECRET                      498
+# define SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE            499
+# define SSL_F_SSL_MODULE_INIT                            392
+# define SSL_F_SSL_NEW                                    186
+# define SSL_F_SSL_NEXT_PROTO_VALIDATE                    565
+# define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT      300
+# define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT               302
+# define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT         310
+# define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT      301
+# define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT               303
+# define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT         311
+# define SSL_F_SSL_PEEK                                   270
+# define SSL_F_SSL_PEEK_EX                                432
+# define SSL_F_SSL_PEEK_INTERNAL                          522
+# define SSL_F_SSL_READ                                   223
+# define SSL_F_SSL_READ_EARLY_DATA                        529
+# define SSL_F_SSL_READ_EX                                434
+# define SSL_F_SSL_READ_INTERNAL                          523
+# define SSL_F_SSL_RENEGOTIATE                            516
+# define SSL_F_SSL_RENEGOTIATE_ABBREVIATED                546
+# define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT                320
+# define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT                321
+# define SSL_F_SSL_SESSION_DUP                            348
+# define SSL_F_SSL_SESSION_NEW                            189
+# define SSL_F_SSL_SESSION_PRINT_FP                       190
+# define SSL_F_SSL_SESSION_SET1_ID                        423
+# define SSL_F_SSL_SESSION_SET1_ID_CONTEXT                312
+# define SSL_F_SSL_SET_ALPN_PROTOS                        344
+# define SSL_F_SSL_SET_CERT                               191
+# define SSL_F_SSL_SET_CERT_AND_KEY                       621
+# define SSL_F_SSL_SET_CIPHER_LIST                        271
+# define SSL_F_SSL_SET_CT_VALIDATION_CALLBACK             399
+# define SSL_F_SSL_SET_FD                                 192
+# define SSL_F_SSL_SET_PKEY                               193
+# define SSL_F_SSL_SET_RFD                                194
+# define SSL_F_SSL_SET_SESSION                            195
+# define SSL_F_SSL_SET_SESSION_ID_CONTEXT                 218
+# define SSL_F_SSL_SET_SESSION_TICKET_EXT                 294
+# define SSL_F_SSL_SET_TLSEXT_MAX_FRAGMENT_LENGTH         550
+# define SSL_F_SSL_SET_WFD                                196
+# define SSL_F_SSL_SHUTDOWN                               224
+# define SSL_F_SSL_SRP_CTX_INIT                           313
+# define SSL_F_SSL_START_ASYNC_JOB                        389
+# define SSL_F_SSL_UNDEFINED_FUNCTION                     197
+# define SSL_F_SSL_UNDEFINED_VOID_FUNCTION                244
+# define SSL_F_SSL_USE_CERTIFICATE                        198
+# define SSL_F_SSL_USE_CERTIFICATE_ASN1                   199
+# define SSL_F_SSL_USE_CERTIFICATE_FILE                   200
+# define SSL_F_SSL_USE_PRIVATEKEY                         201
+# define SSL_F_SSL_USE_PRIVATEKEY_ASN1                    202
+# define SSL_F_SSL_USE_PRIVATEKEY_FILE                    203
+# define SSL_F_SSL_USE_PSK_IDENTITY_HINT                  273
+# define SSL_F_SSL_USE_RSAPRIVATEKEY                      204
+# define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1                 205
+# define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE                 206
+# define SSL_F_SSL_VALIDATE_CT                            400
+# define SSL_F_SSL_VERIFY_CERT_CHAIN                      207
+# define SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE           616
+# define SSL_F_SSL_WRITE                                  208
+# define SSL_F_SSL_WRITE_EARLY_DATA                       526
+# define SSL_F_SSL_WRITE_EARLY_FINISH                     527
+# define SSL_F_SSL_WRITE_EX                               433
+# define SSL_F_SSL_WRITE_INTERNAL                         524
+# define SSL_F_STATE_MACHINE                              353
+# define SSL_F_TLS12_CHECK_PEER_SIGALG                    333
+# define SSL_F_TLS12_COPY_SIGALGS                         533
+# define SSL_F_TLS13_CHANGE_CIPHER_STATE                  440
+# define SSL_F_TLS13_ENC                                  609
+# define SSL_F_TLS13_FINAL_FINISH_MAC                     605
+# define SSL_F_TLS13_GENERATE_SECRET                      591
+# define SSL_F_TLS13_HKDF_EXPAND                          561
+# define SSL_F_TLS13_RESTORE_HANDSHAKE_DIGEST_FOR_PHA     617
+# define SSL_F_TLS13_SAVE_HANDSHAKE_DIGEST_FOR_PHA        618
+# define SSL_F_TLS13_SETUP_KEY_BLOCK                      441
+# define SSL_F_TLS1_CHANGE_CIPHER_STATE                   209
+# define SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS            341
+# define SSL_F_TLS1_ENC                                   401
+# define SSL_F_TLS1_EXPORT_KEYING_MATERIAL                314
+# define SSL_F_TLS1_GET_CURVELIST                         338
+# define SSL_F_TLS1_PRF                                   284
+# define SSL_F_TLS1_SAVE_U16                              628
+# define SSL_F_TLS1_SETUP_KEY_BLOCK                       211
+# define SSL_F_TLS1_SET_GROUPS                            629
+# define SSL_F_TLS1_SET_RAW_SIGALGS                       630
+# define SSL_F_TLS1_SET_SERVER_SIGALGS                    335
+# define SSL_F_TLS1_SET_SHARED_SIGALGS                    631
+# define SSL_F_TLS1_SET_SIGALGS                           632
+# define SSL_F_TLS_CHOOSE_SIGALG                          513
+# define SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK          354
+# define SSL_F_TLS_COLLECT_EXTENSIONS                     435
+# define SSL_F_TLS_CONSTRUCT_CERTIFICATE_AUTHORITIES      542
+# define SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST          372
+# define SSL_F_TLS_CONSTRUCT_CERT_STATUS                  429
+# define SSL_F_TLS_CONSTRUCT_CERT_STATUS_BODY             494
+# define SSL_F_TLS_CONSTRUCT_CERT_VERIFY                  496
+# define SSL_F_TLS_CONSTRUCT_CHANGE_CIPHER_SPEC           427
+# define SSL_F_TLS_CONSTRUCT_CKE_DHE                      404
+# define SSL_F_TLS_CONSTRUCT_CKE_ECDHE                    405
+# define SSL_F_TLS_CONSTRUCT_CKE_GOST                     406
+# define SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE             407
+# define SSL_F_TLS_CONSTRUCT_CKE_RSA                      409
+# define SSL_F_TLS_CONSTRUCT_CKE_SRP                      410
+# define SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE           484
+# define SSL_F_TLS_CONSTRUCT_CLIENT_HELLO                 487
+# define SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE          488
+# define SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY                489
+# define SSL_F_TLS_CONSTRUCT_CTOS_ALPN                    466
+# define SSL_F_TLS_CONSTRUCT_CTOS_CERTIFICATE             355
+# define SSL_F_TLS_CONSTRUCT_CTOS_COOKIE                  535
+# define SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA              530
+# define SSL_F_TLS_CONSTRUCT_CTOS_EC_PT_FORMATS           467
+# define SSL_F_TLS_CONSTRUCT_CTOS_EMS                     468
+# define SSL_F_TLS_CONSTRUCT_CTOS_ETM                     469
+# define SSL_F_TLS_CONSTRUCT_CTOS_HELLO                   356
+# define SSL_F_TLS_CONSTRUCT_CTOS_KEY_EXCHANGE            357
+# define SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE               470
+# define SSL_F_TLS_CONSTRUCT_CTOS_MAXFRAGMENTLEN          549
+# define SSL_F_TLS_CONSTRUCT_CTOS_NPN                     471
+# define SSL_F_TLS_CONSTRUCT_CTOS_PADDING                 472
+# define SSL_F_TLS_CONSTRUCT_CTOS_POST_HANDSHAKE_AUTH     619
+# define SSL_F_TLS_CONSTRUCT_CTOS_PSK                     501
+# define SSL_F_TLS_CONSTRUCT_CTOS_PSK_KEX_MODES           509
+# define SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE             473
+# define SSL_F_TLS_CONSTRUCT_CTOS_SCT                     474
+# define SSL_F_TLS_CONSTRUCT_CTOS_SERVER_NAME             475
+# define SSL_F_TLS_CONSTRUCT_CTOS_SESSION_TICKET          476
+# define SSL_F_TLS_CONSTRUCT_CTOS_SIG_ALGS                477
+# define SSL_F_TLS_CONSTRUCT_CTOS_SRP                     478
+# define SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST          479
+# define SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS        480
+# define SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS      481
+# define SSL_F_TLS_CONSTRUCT_CTOS_USE_SRTP                482
+# define SSL_F_TLS_CONSTRUCT_CTOS_VERIFY                  358
+# define SSL_F_TLS_CONSTRUCT_ENCRYPTED_EXTENSIONS         443
+# define SSL_F_TLS_CONSTRUCT_END_OF_EARLY_DATA            536
+# define SSL_F_TLS_CONSTRUCT_EXTENSIONS                   447
+# define SSL_F_TLS_CONSTRUCT_FINISHED                     359
+# define SSL_F_TLS_CONSTRUCT_HELLO_REQUEST                373
+# define SSL_F_TLS_CONSTRUCT_HELLO_RETRY_REQUEST          510
+# define SSL_F_TLS_CONSTRUCT_KEY_UPDATE                   517
+# define SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET           428
+# define SSL_F_TLS_CONSTRUCT_NEXT_PROTO                   426
+# define SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE           490
+# define SSL_F_TLS_CONSTRUCT_SERVER_HELLO                 491
+# define SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE          492
+# define SSL_F_TLS_CONSTRUCT_STOC_ALPN                    451
+# define SSL_F_TLS_CONSTRUCT_STOC_CERTIFICATE             374
+# define SSL_F_TLS_CONSTRUCT_STOC_COOKIE                  613
+# define SSL_F_TLS_CONSTRUCT_STOC_CRYPTOPRO_BUG           452
+# define SSL_F_TLS_CONSTRUCT_STOC_DONE                    375
+# define SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA              531
+# define SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA_INFO         525
+# define SSL_F_TLS_CONSTRUCT_STOC_EC_PT_FORMATS           453
+# define SSL_F_TLS_CONSTRUCT_STOC_EMS                     454
+# define SSL_F_TLS_CONSTRUCT_STOC_ETM                     455
+# define SSL_F_TLS_CONSTRUCT_STOC_HELLO                   376
+# define SSL_F_TLS_CONSTRUCT_STOC_KEY_EXCHANGE            377
+# define SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE               456
+# define SSL_F_TLS_CONSTRUCT_STOC_MAXFRAGMENTLEN          548
+# define SSL_F_TLS_CONSTRUCT_STOC_NEXT_PROTO_NEG          457
+# define SSL_F_TLS_CONSTRUCT_STOC_PSK                     504
+# define SSL_F_TLS_CONSTRUCT_STOC_RENEGOTIATE             458
+# define SSL_F_TLS_CONSTRUCT_STOC_SERVER_NAME             459
+# define SSL_F_TLS_CONSTRUCT_STOC_SESSION_TICKET          460
+# define SSL_F_TLS_CONSTRUCT_STOC_STATUS_REQUEST          461
+# define SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS        544
+# define SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS      611
+# define SSL_F_TLS_CONSTRUCT_STOC_USE_SRTP                462
+# define SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO        521
+# define SSL_F_TLS_FINISH_HANDSHAKE                       597
+# define SSL_F_TLS_GET_MESSAGE_BODY                       351
+# define SSL_F_TLS_GET_MESSAGE_HEADER                     387
+# define SSL_F_TLS_HANDLE_ALPN                            562
+# define SSL_F_TLS_HANDLE_STATUS_REQUEST                  563
+# define SSL_F_TLS_PARSE_CERTIFICATE_AUTHORITIES          566
+# define SSL_F_TLS_PARSE_CLIENTHELLO_TLSEXT               449
+# define SSL_F_TLS_PARSE_CTOS_ALPN                        567
+# define SSL_F_TLS_PARSE_CTOS_COOKIE                      614
+# define SSL_F_TLS_PARSE_CTOS_EARLY_DATA                  568
+# define SSL_F_TLS_PARSE_CTOS_EC_PT_FORMATS               569
+# define SSL_F_TLS_PARSE_CTOS_EMS                         570
+# define SSL_F_TLS_PARSE_CTOS_KEY_SHARE                   463
+# define SSL_F_TLS_PARSE_CTOS_MAXFRAGMENTLEN              571
+# define SSL_F_TLS_PARSE_CTOS_POST_HANDSHAKE_AUTH         620
+# define SSL_F_TLS_PARSE_CTOS_PSK                         505
+# define SSL_F_TLS_PARSE_CTOS_PSK_KEX_MODES               572
+# define SSL_F_TLS_PARSE_CTOS_RENEGOTIATE                 464
+# define SSL_F_TLS_PARSE_CTOS_SERVER_NAME                 573
+# define SSL_F_TLS_PARSE_CTOS_SESSION_TICKET              574
+# define SSL_F_TLS_PARSE_CTOS_SIG_ALGS                    575
+# define SSL_F_TLS_PARSE_CTOS_SIG_ALGS_CERT               615
+# define SSL_F_TLS_PARSE_CTOS_SRP                         576
+# define SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST              577
+# define SSL_F_TLS_PARSE_CTOS_SUPPORTED_GROUPS            578
+# define SSL_F_TLS_PARSE_CTOS_USE_SRTP                    465
+# define SSL_F_TLS_PARSE_STOC_ALPN                        579
+# define SSL_F_TLS_PARSE_STOC_COOKIE                      534
+# define SSL_F_TLS_PARSE_STOC_EARLY_DATA                  538
+# define SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO             528
+# define SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS               580
+# define SSL_F_TLS_PARSE_STOC_KEY_SHARE                   445
+# define SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN              581
+# define SSL_F_TLS_PARSE_STOC_NPN                         582
+# define SSL_F_TLS_PARSE_STOC_PSK                         502
+# define SSL_F_TLS_PARSE_STOC_RENEGOTIATE                 448
+# define SSL_F_TLS_PARSE_STOC_SCT                         564
+# define SSL_F_TLS_PARSE_STOC_SERVER_NAME                 583
+# define SSL_F_TLS_PARSE_STOC_SESSION_TICKET              584
+# define SSL_F_TLS_PARSE_STOC_STATUS_REQUEST              585
+# define SSL_F_TLS_PARSE_STOC_SUPPORTED_VERSIONS          612
+# define SSL_F_TLS_PARSE_STOC_USE_SRTP                    446
+# define SSL_F_TLS_POST_PROCESS_CLIENT_HELLO              378
+# define SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE       384
+# define SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE             360
+# define SSL_F_TLS_PROCESS_AS_HELLO_RETRY_REQUEST         610
+# define SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST            361
+# define SSL_F_TLS_PROCESS_CERT_STATUS                    362
+# define SSL_F_TLS_PROCESS_CERT_STATUS_BODY               495
+# define SSL_F_TLS_PROCESS_CERT_VERIFY                    379
+# define SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC             363
+# define SSL_F_TLS_PROCESS_CKE_DHE                        411
+# define SSL_F_TLS_PROCESS_CKE_ECDHE                      412
+# define SSL_F_TLS_PROCESS_CKE_GOST                       413
+# define SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE               414
+# define SSL_F_TLS_PROCESS_CKE_RSA                        415
+# define SSL_F_TLS_PROCESS_CKE_SRP                        416
+# define SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE             380
+# define SSL_F_TLS_PROCESS_CLIENT_HELLO                   381
+# define SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE            382
+# define SSL_F_TLS_PROCESS_ENCRYPTED_EXTENSIONS           444
+# define SSL_F_TLS_PROCESS_END_OF_EARLY_DATA              537
+# define SSL_F_TLS_PROCESS_FINISHED                       364
+# define SSL_F_TLS_PROCESS_HELLO_REQ                      507
+# define SSL_F_TLS_PROCESS_HELLO_RETRY_REQUEST            511
+# define SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT          442
+# define SSL_F_TLS_PROCESS_KEY_EXCHANGE                   365
+# define SSL_F_TLS_PROCESS_KEY_UPDATE                     518
+# define SSL_F_TLS_PROCESS_NEW_SESSION_TICKET             366
+# define SSL_F_TLS_PROCESS_NEXT_PROTO                     383
+# define SSL_F_TLS_PROCESS_SERVER_CERTIFICATE             367
+# define SSL_F_TLS_PROCESS_SERVER_DONE                    368
+# define SSL_F_TLS_PROCESS_SERVER_HELLO                   369
+# define SSL_F_TLS_PROCESS_SKE_DHE                        419
+# define SSL_F_TLS_PROCESS_SKE_ECDHE                      420
+# define SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE               421
+# define SSL_F_TLS_PROCESS_SKE_SRP                        422
+# define SSL_F_TLS_PSK_DO_BINDER                          506
+# define SSL_F_TLS_SCAN_CLIENTHELLO_TLSEXT                450
+# define SSL_F_TLS_SETUP_HANDSHAKE                        508
+# define SSL_F_USE_CERTIFICATE_CHAIN_FILE                 220
+# define SSL_F_WPACKET_INTERN_INIT_LEN                    633
+# define SSL_F_WPACKET_START_SUB_PACKET_LEN__             634
+# define SSL_F_WRITE_STATE_MACHINE                        586
+
+/*
+ * SSL reason codes.
+ */
+# define SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY        291
+# define SSL_R_APP_DATA_IN_HANDSHAKE                      100
+# define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
+# define SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE       143
+# define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE     158
+# define SSL_R_BAD_CHANGE_CIPHER_SPEC                     103
+# define SSL_R_BAD_CIPHER                                 186
+# define SSL_R_BAD_DATA                                   390
+# define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK              106
+# define SSL_R_BAD_DECOMPRESSION                          107
+# define SSL_R_BAD_DH_VALUE                               102
+# define SSL_R_BAD_DIGEST_LENGTH                          111
+# define SSL_R_BAD_EARLY_DATA                             233
+# define SSL_R_BAD_ECC_CERT                               304
+# define SSL_R_BAD_ECPOINT                                306
+# define SSL_R_BAD_EXTENSION                              110
+# define SSL_R_BAD_HANDSHAKE_LENGTH                       332
+# define SSL_R_BAD_HANDSHAKE_STATE                        236
+# define SSL_R_BAD_HELLO_REQUEST                          105
+# define SSL_R_BAD_HRR_VERSION                            263
+# define SSL_R_BAD_KEY_SHARE                              108
+# define SSL_R_BAD_KEY_UPDATE                             122
+# define SSL_R_BAD_LEGACY_VERSION                         292
+# define SSL_R_BAD_LENGTH                                 271
+# define SSL_R_BAD_PACKET                                 240
+# define SSL_R_BAD_PACKET_LENGTH                          115
+# define SSL_R_BAD_PROTOCOL_VERSION_NUMBER                116
+# define SSL_R_BAD_PSK                                    219
+# define SSL_R_BAD_PSK_IDENTITY                           114
+# define SSL_R_BAD_RECORD_TYPE                            443
+# define SSL_R_BAD_RSA_ENCRYPT                            119
+# define SSL_R_BAD_SIGNATURE                              123
+# define SSL_R_BAD_SRP_A_LENGTH                           347
+# define SSL_R_BAD_SRP_PARAMETERS                         371
+# define SSL_R_BAD_SRTP_MKI_VALUE                         352
+# define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST           353
+# define SSL_R_BAD_SSL_FILETYPE                           124
+# define SSL_R_BAD_VALUE                                  384
+# define SSL_R_BAD_WRITE_RETRY                            127
+# define SSL_R_BINDER_DOES_NOT_VERIFY                     253
+# define SSL_R_BIO_NOT_SET                                128
+# define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG                  129
+# define SSL_R_BN_LIB                                     130
+# define SSL_R_CALLBACK_FAILED                            234
+# define SSL_R_CANNOT_CHANGE_CIPHER                       109
+# define SSL_R_CA_DN_LENGTH_MISMATCH                      131
+# define SSL_R_CA_KEY_TOO_SMALL                           397
+# define SSL_R_CA_MD_TOO_WEAK                             398
+# define SSL_R_CCS_RECEIVED_EARLY                         133
+# define SSL_R_CERTIFICATE_VERIFY_FAILED                  134
+# define SSL_R_CERT_CB_ERROR                              377
+# define SSL_R_CERT_LENGTH_MISMATCH                       135
+# define SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED             218
+# define SSL_R_CIPHER_CODE_WRONG_LENGTH                   137
+# define SSL_R_CIPHER_OR_HASH_UNAVAILABLE                 138
+# define SSL_R_CLIENTHELLO_TLSEXT                         226
+# define SSL_R_COMPRESSED_LENGTH_TOO_LONG                 140
+# define SSL_R_COMPRESSION_DISABLED                       343
+# define SSL_R_COMPRESSION_FAILURE                        141
+# define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE    307
+# define SSL_R_COMPRESSION_LIBRARY_ERROR                  142
+# define SSL_R_CONNECTION_TYPE_NOT_SET                    144
+# define SSL_R_CONTEXT_NOT_DANE_ENABLED                   167
+# define SSL_R_COOKIE_GEN_CALLBACK_FAILURE                400
+# define SSL_R_COOKIE_MISMATCH                            308
+# define SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED       206
+# define SSL_R_DANE_ALREADY_ENABLED                       172
+# define SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL            173
+# define SSL_R_DANE_NOT_ENABLED                           175
+# define SSL_R_DANE_TLSA_BAD_CERTIFICATE                  180
+# define SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE            184
+# define SSL_R_DANE_TLSA_BAD_DATA_LENGTH                  189
+# define SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH                192
+# define SSL_R_DANE_TLSA_BAD_MATCHING_TYPE                200
+# define SSL_R_DANE_TLSA_BAD_PUBLIC_KEY                   201
+# define SSL_R_DANE_TLSA_BAD_SELECTOR                     202
+# define SSL_R_DANE_TLSA_NULL_DATA                        203
+# define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED              145
+# define SSL_R_DATA_LENGTH_TOO_LONG                       146
+# define SSL_R_DECRYPTION_FAILED                          147
+# define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC        281
+# define SSL_R_DH_KEY_TOO_SMALL                           394
+# define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG            148
+# define SSL_R_DIGEST_CHECK_FAILED                        149
+# define SSL_R_DTLS_MESSAGE_TOO_BIG                       334
+# define SSL_R_DUPLICATE_COMPRESSION_ID                   309
+# define SSL_R_ECC_CERT_NOT_FOR_SIGNING                   318
+# define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE              374
+# define SSL_R_EE_KEY_TOO_SMALL                           399
+# define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST         354
+# define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                  150
+# define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              151
+# define SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN             204
+# define SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE                  194
+# define SSL_R_EXCESSIVE_MESSAGE_SIZE                     152
+# define SSL_R_EXTENSION_NOT_RECEIVED                     279
+# define SSL_R_EXTRA_DATA_IN_MESSAGE                      153
+# define SSL_R_EXT_LENGTH_MISMATCH                        163
+# define SSL_R_FAILED_TO_INIT_ASYNC                       405
+# define SSL_R_FRAGMENTED_CLIENT_HELLO                    401
+# define SSL_R_GOT_A_FIN_BEFORE_A_CCS                     154
+# define SSL_R_HTTPS_PROXY_REQUEST                        155
+# define SSL_R_HTTP_REQUEST                               156
+# define SSL_R_ILLEGAL_POINT_COMPRESSION                  162
+# define SSL_R_ILLEGAL_SUITEB_DIGEST                      380
+# define SSL_R_INAPPROPRIATE_FALLBACK                     373
+# define SSL_R_INCONSISTENT_COMPRESSION                   340
+# define SSL_R_INCONSISTENT_EARLY_DATA_ALPN               222
+# define SSL_R_INCONSISTENT_EARLY_DATA_SNI                231
+# define SSL_R_INCONSISTENT_EXTMS                         104
+# define SSL_R_INSUFFICIENT_SECURITY                      241
+# define SSL_R_INVALID_ALERT                              205
+# define SSL_R_INVALID_CCS_MESSAGE                        260
+# define SSL_R_INVALID_CERTIFICATE_OR_ALG                 238
+# define SSL_R_INVALID_COMMAND                            280
+# define SSL_R_INVALID_COMPRESSION_ALGORITHM              341
+# define SSL_R_INVALID_CONFIG                             283
+# define SSL_R_INVALID_CONFIGURATION_NAME                 113
+# define SSL_R_INVALID_CONTEXT                            282
+# define SSL_R_INVALID_CT_VALIDATION_TYPE                 212
+# define SSL_R_INVALID_KEY_UPDATE_TYPE                    120
+# define SSL_R_INVALID_MAX_EARLY_DATA                     174
+# define SSL_R_INVALID_NULL_CMD_NAME                      385
+# define SSL_R_INVALID_SEQUENCE_NUMBER                    402
+# define SSL_R_INVALID_SERVERINFO_DATA                    388
+# define SSL_R_INVALID_SESSION_ID                         999
+# define SSL_R_INVALID_SRP_USERNAME                       357
+# define SSL_R_INVALID_STATUS_RESPONSE                    328
+# define SSL_R_INVALID_TICKET_KEYS_LENGTH                 325
+# define SSL_R_LENGTH_MISMATCH                            159
+# define SSL_R_LENGTH_TOO_LONG                            404
+# define SSL_R_LENGTH_TOO_SHORT                           160
+# define SSL_R_LIBRARY_BUG                                274
+# define SSL_R_LIBRARY_HAS_NO_CIPHERS                     161
+# define SSL_R_MISSING_DSA_SIGNING_CERT                   165
+# define SSL_R_MISSING_ECDSA_SIGNING_CERT                 381
+# define SSL_R_MISSING_FATAL                              256
+# define SSL_R_MISSING_PARAMETERS                         290
+# define SSL_R_MISSING_RSA_CERTIFICATE                    168
+# define SSL_R_MISSING_RSA_ENCRYPTING_CERT                169
+# define SSL_R_MISSING_RSA_SIGNING_CERT                   170
+# define SSL_R_MISSING_SIGALGS_EXTENSION                  112
+# define SSL_R_MISSING_SIGNING_CERT                       221
+# define SSL_R_MISSING_SRP_PARAM                          358
+# define SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION         209
+# define SSL_R_MISSING_TMP_DH_KEY                         171
+# define SSL_R_MISSING_TMP_ECDH_KEY                       311
+# define SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA     293
+# define SSL_R_NOT_ON_RECORD_BOUNDARY                     182
+# define SSL_R_NOT_REPLACING_CERTIFICATE                  289
+# define SSL_R_NOT_SERVER                                 284
+# define SSL_R_NO_APPLICATION_PROTOCOL                    235
+# define SSL_R_NO_CERTIFICATES_RETURNED                   176
+# define SSL_R_NO_CERTIFICATE_ASSIGNED                    177
+# define SSL_R_NO_CERTIFICATE_SET                         179
+# define SSL_R_NO_CHANGE_FOLLOWING_HRR                    214
+# define SSL_R_NO_CIPHERS_AVAILABLE                       181
+# define SSL_R_NO_CIPHERS_SPECIFIED                       183
+# define SSL_R_NO_CIPHER_MATCH                            185
+# define SSL_R_NO_CLIENT_CERT_METHOD                      331
+# define SSL_R_NO_COMPRESSION_SPECIFIED                   187
+# define SSL_R_NO_COOKIE_CALLBACK_SET                     287
+# define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER           330
+# define SSL_R_NO_METHOD_SPECIFIED                        188
+# define SSL_R_NO_PEM_EXTENSIONS                          389
+# define SSL_R_NO_PRIVATE_KEY_ASSIGNED                    190
+# define SSL_R_NO_PROTOCOLS_AVAILABLE                     191
+# define SSL_R_NO_RENEGOTIATION                           339
+# define SSL_R_NO_REQUIRED_DIGEST                         324
+# define SSL_R_NO_SHARED_CIPHER                           193
+# define SSL_R_NO_SHARED_GROUPS                           410
+# define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS             376
+# define SSL_R_NO_SRTP_PROFILES                           359
+# define SSL_R_NO_SUITABLE_KEY_SHARE                      101
+# define SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM            118
+# define SSL_R_NO_VALID_SCTS                              216
+# define SSL_R_NO_VERIFY_COOKIE_CALLBACK                  403
+# define SSL_R_NULL_SSL_CTX                               195
+# define SSL_R_NULL_SSL_METHOD_PASSED                     196
+# define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED            197
+# define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344
+# define SSL_R_OVERFLOW_ERROR                             237
+# define SSL_R_PACKET_LENGTH_TOO_LONG                     198
+# define SSL_R_PARSE_TLSEXT                               227
+# define SSL_R_PATH_TOO_LONG                              270
+# define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE          199
+# define SSL_R_PEM_NAME_BAD_PREFIX                        391
+# define SSL_R_PEM_NAME_TOO_SHORT                         392
+# define SSL_R_PIPELINE_FAILURE                           406
+# define SSL_R_POST_HANDSHAKE_AUTH_ENCODING_ERR           278
+# define SSL_R_PRIVATE_KEY_MISMATCH                       288
+# define SSL_R_PROTOCOL_IS_SHUTDOWN                       207
+# define SSL_R_PSK_IDENTITY_NOT_FOUND                     223
+# define SSL_R_PSK_NO_CLIENT_CB                           224
+# define SSL_R_PSK_NO_SERVER_CB                           225
+# define SSL_R_READ_BIO_NOT_SET                           211
+# define SSL_R_READ_TIMEOUT_EXPIRED                       312
+# define SSL_R_RECORD_LENGTH_MISMATCH                     213
+# define SSL_R_RECORD_TOO_SMALL                           298
+# define SSL_R_RENEGOTIATE_EXT_TOO_LONG                   335
+# define SSL_R_RENEGOTIATION_ENCODING_ERR                 336
+# define SSL_R_RENEGOTIATION_MISMATCH                     337
+# define SSL_R_REQUEST_PENDING                            285
+# define SSL_R_REQUEST_SENT                               286
+# define SSL_R_REQUIRED_CIPHER_MISSING                    215
+# define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING     342
+# define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING           345
+# define SSL_R_SCT_VERIFICATION_FAILED                    208
+# define SSL_R_SERVERHELLO_TLSEXT                         275
+# define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED           277
+# define SSL_R_SHUTDOWN_WHILE_IN_INIT                     407
+# define SSL_R_SIGNATURE_ALGORITHMS_ERROR                 360
+# define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE      220
+# define SSL_R_SRP_A_CALC                                 361
+# define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES           362
+# define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG      363
+# define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE            364
+# define SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH       232
+# define SSL_R_SSL3_EXT_INVALID_SERVERNAME                319
+# define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE           320
+# define SSL_R_SSL3_SESSION_ID_TOO_LONG                   300
+# define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE                1042
+# define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC                 1020
+# define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED            1045
+# define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED            1044
+# define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN            1046
+# define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE          1030
+# define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE              1040
+# define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER              1047
+# define SSL_R_SSLV3_ALERT_NO_CERTIFICATE                 1041
+# define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE             1010
+# define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE        1043
+# define SSL_R_SSL_COMMAND_SECTION_EMPTY                  117
+# define SSL_R_SSL_COMMAND_SECTION_NOT_FOUND              125
+# define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION         228
+# define SSL_R_SSL_HANDSHAKE_FAILURE                      229
+# define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS                 230
+# define SSL_R_SSL_NEGATIVE_LENGTH                        372
+# define SSL_R_SSL_SECTION_EMPTY                          126
+# define SSL_R_SSL_SECTION_NOT_FOUND                      136
+# define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED             301
+# define SSL_R_SSL_SESSION_ID_CONFLICT                    302
+# define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG            273
+# define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH              303
+# define SSL_R_SSL_SESSION_ID_TOO_LONG                    408
+# define SSL_R_SSL_SESSION_VERSION_MISMATCH               210
+# define SSL_R_STILL_IN_INIT                              121
+# define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED          1116
+# define SSL_R_TLSV13_ALERT_MISSING_EXTENSION             1109
+# define SSL_R_TLSV1_ALERT_ACCESS_DENIED                  1049
+# define SSL_R_TLSV1_ALERT_DECODE_ERROR                   1050
+# define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED              1021
+# define SSL_R_TLSV1_ALERT_DECRYPT_ERROR                  1051
+# define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION             1060
+# define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK         1086
+# define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY          1071
+# define SSL_R_TLSV1_ALERT_INTERNAL_ERROR                 1080
+# define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION               1100
+# define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION               1070
+# define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW                1022
+# define SSL_R_TLSV1_ALERT_UNKNOWN_CA                     1048
+# define SSL_R_TLSV1_ALERT_USER_CANCELLED                 1090
+# define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE           1114
+# define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE      1113
+# define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE             1111
+# define SSL_R_TLSV1_UNRECOGNIZED_NAME                    1112
+# define SSL_R_TLSV1_UNSUPPORTED_EXTENSION                1110
+# define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT           365
+# define SSL_R_TLS_HEARTBEAT_PENDING                      366
+# define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL                 367
+# define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST             157
+# define SSL_R_TOO_MANY_KEY_UPDATES                       132
+# define SSL_R_TOO_MANY_WARN_ALERTS                       409
+# define SSL_R_TOO_MUCH_EARLY_DATA                        164
+# define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS             314
+# define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS       239
+# define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES           242
+# define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES          243
+# define SSL_R_UNEXPECTED_CCS_MESSAGE                     262
+# define SSL_R_UNEXPECTED_END_OF_EARLY_DATA               178
+# define SSL_R_UNEXPECTED_MESSAGE                         244
+# define SSL_R_UNEXPECTED_RECORD                          245
+# define SSL_R_UNINITIALIZED                              276
+# define SSL_R_UNKNOWN_ALERT_TYPE                         246
+# define SSL_R_UNKNOWN_CERTIFICATE_TYPE                   247
+# define SSL_R_UNKNOWN_CIPHER_RETURNED                    248
+# define SSL_R_UNKNOWN_CIPHER_TYPE                        249
+# define SSL_R_UNKNOWN_CMD_NAME                           386
+# define SSL_R_UNKNOWN_COMMAND                            139
+# define SSL_R_UNKNOWN_DIGEST                             368
+# define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE                  250
+# define SSL_R_UNKNOWN_PKEY_TYPE                          251
+# define SSL_R_UNKNOWN_PROTOCOL                           252
+# define SSL_R_UNKNOWN_SSL_VERSION                        254
+# define SSL_R_UNKNOWN_STATE                              255
+# define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED       338
+# define SSL_R_UNSOLICITED_EXTENSION                      217
+# define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM          257
+# define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE                 315
+# define SSL_R_UNSUPPORTED_PROTOCOL                       258
+# define SSL_R_UNSUPPORTED_SSL_VERSION                    259
+# define SSL_R_UNSUPPORTED_STATUS_TYPE                    329
+# define SSL_R_USE_SRTP_NOT_NEGOTIATED                    369
+# define SSL_R_VERSION_TOO_HIGH                           166
+# define SSL_R_VERSION_TOO_LOW                            396
+# define SSL_R_WRONG_CERTIFICATE_TYPE                     383
+# define SSL_R_WRONG_CIPHER_RETURNED                      261
+# define SSL_R_WRONG_CURVE                                378
+# define SSL_R_WRONG_SIGNATURE_LENGTH                     264
+# define SSL_R_WRONG_SIGNATURE_SIZE                       265
+# define SSL_R_WRONG_SIGNATURE_TYPE                       370
+# define SSL_R_WRONG_SSL_VERSION                          266
+# define SSL_R_WRONG_VERSION_NUMBER                       267
+# define SSL_R_X509_LIB                                   268
+# define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS           269
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/stack.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/stack.h
new file mode 100644
index 000000000..cfc075057
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/stack.h
@@ -0,0 +1,83 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_STACK_H
+# define HEADER_STACK_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+typedef struct stack_st OPENSSL_STACK; /* Use STACK_OF(...) instead */
+
+typedef int (*OPENSSL_sk_compfunc)(const void *, const void *);
+typedef void (*OPENSSL_sk_freefunc)(void *);
+typedef void *(*OPENSSL_sk_copyfunc)(const void *);
+
+int OPENSSL_sk_num(const OPENSSL_STACK *);
+void *OPENSSL_sk_value(const OPENSSL_STACK *, int);
+
+void *OPENSSL_sk_set(OPENSSL_STACK *st, int i, const void *data);
+
+OPENSSL_STACK *OPENSSL_sk_new(OPENSSL_sk_compfunc cmp);
+OPENSSL_STACK *OPENSSL_sk_new_null(void);
+OPENSSL_STACK *OPENSSL_sk_new_reserve(OPENSSL_sk_compfunc c, int n);
+int OPENSSL_sk_reserve(OPENSSL_STACK *st, int n);
+void OPENSSL_sk_free(OPENSSL_STACK *);
+void OPENSSL_sk_pop_free(OPENSSL_STACK *st, void (*func) (void *));
+OPENSSL_STACK *OPENSSL_sk_deep_copy(const OPENSSL_STACK *,
+                                    OPENSSL_sk_copyfunc c,
+                                    OPENSSL_sk_freefunc f);
+int OPENSSL_sk_insert(OPENSSL_STACK *sk, const void *data, int where);
+void *OPENSSL_sk_delete(OPENSSL_STACK *st, int loc);
+void *OPENSSL_sk_delete_ptr(OPENSSL_STACK *st, const void *p);
+int OPENSSL_sk_find(OPENSSL_STACK *st, const void *data);
+int OPENSSL_sk_find_ex(OPENSSL_STACK *st, const void *data);
+int OPENSSL_sk_push(OPENSSL_STACK *st, const void *data);
+int OPENSSL_sk_unshift(OPENSSL_STACK *st, const void *data);
+void *OPENSSL_sk_shift(OPENSSL_STACK *st);
+void *OPENSSL_sk_pop(OPENSSL_STACK *st);
+void OPENSSL_sk_zero(OPENSSL_STACK *st);
+OPENSSL_sk_compfunc OPENSSL_sk_set_cmp_func(OPENSSL_STACK *sk,
+                                            OPENSSL_sk_compfunc cmp);
+OPENSSL_STACK *OPENSSL_sk_dup(const OPENSSL_STACK *st);
+void OPENSSL_sk_sort(OPENSSL_STACK *st);
+int OPENSSL_sk_is_sorted(const OPENSSL_STACK *st);
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define _STACK OPENSSL_STACK
+#  define sk_num OPENSSL_sk_num
+#  define sk_value OPENSSL_sk_value
+#  define sk_set OPENSSL_sk_set
+#  define sk_new OPENSSL_sk_new
+#  define sk_new_null OPENSSL_sk_new_null
+#  define sk_free OPENSSL_sk_free
+#  define sk_pop_free OPENSSL_sk_pop_free
+#  define sk_deep_copy OPENSSL_sk_deep_copy
+#  define sk_insert OPENSSL_sk_insert
+#  define sk_delete OPENSSL_sk_delete
+#  define sk_delete_ptr OPENSSL_sk_delete_ptr
+#  define sk_find OPENSSL_sk_find
+#  define sk_find_ex OPENSSL_sk_find_ex
+#  define sk_push OPENSSL_sk_push
+#  define sk_unshift OPENSSL_sk_unshift
+#  define sk_shift OPENSSL_sk_shift
+#  define sk_pop OPENSSL_sk_pop
+#  define sk_zero OPENSSL_sk_zero
+#  define sk_set_cmp_func OPENSSL_sk_set_cmp_func
+#  define sk_dup OPENSSL_sk_dup
+#  define sk_sort OPENSSL_sk_sort
+#  define sk_is_sorted OPENSSL_sk_is_sorted
+# endif
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/store.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/store.h
new file mode 100644
index 000000000..7b43e8bd0
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/store.h
@@ -0,0 +1,266 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_OSSL_STORE_H
+# define HEADER_OSSL_STORE_H
+
+# include <stdarg.h>
+# include <openssl/ossl_typ.h>
+# include <openssl/pem.h>
+# include <openssl/storeerr.h>
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+/*-
+ *  The main OSSL_STORE functions.
+ *  ------------------------------
+ *
+ *  These allow applications to open a channel to a resource with supported
+ *  data (keys, certs, crls, ...), read the data a piece at a time and decide
+ *  what to do with it, and finally close.
+ */
+
+typedef struct ossl_store_ctx_st OSSL_STORE_CTX;
+
+/*
+ * Typedef for the OSSL_STORE_INFO post processing callback.  This can be used
+ * to massage the given OSSL_STORE_INFO, or to drop it entirely (by returning
+ * NULL).
+ */
+typedef OSSL_STORE_INFO *(*OSSL_STORE_post_process_info_fn)(OSSL_STORE_INFO *,
+                                                            void *);
+
+/*
+ * Open a channel given a URI.  The given UI method will be used any time the
+ * loader needs extra input, for example when a password or pin is needed, and
+ * will be passed the same user data every time it's needed in this context.
+ *
+ * Returns a context reference which represents the channel to communicate
+ * through.
+ */
+OSSL_STORE_CTX *OSSL_STORE_open(const char *uri, const UI_METHOD *ui_method,
+                                void *ui_data,
+                                OSSL_STORE_post_process_info_fn post_process,
+                                void *post_process_data);
+
+/*
+ * Control / fine tune the OSSL_STORE channel.  |cmd| determines what is to be
+ * done, and depends on the underlying loader (use OSSL_STORE_get0_scheme to
+ * determine which loader is used), except for common commands (see below).
+ * Each command takes different arguments.
+ */
+int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ... /* args */);
+int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd, va_list args);
+
+/*
+ * Common ctrl commands that different loaders may choose to support.
+ */
+/* int on = 0 or 1; STORE_ctrl(ctx, STORE_C_USE_SECMEM, &on); */
+# define OSSL_STORE_C_USE_SECMEM      1
+/* Where custom commands start */
+# define OSSL_STORE_C_CUSTOM_START    100
+
+/*
+ * Read one data item (a key, a cert, a CRL) that is supported by the OSSL_STORE
+ * functionality, given a context.
+ * Returns a OSSL_STORE_INFO pointer, from which OpenSSL typed data can be
+ * extracted with OSSL_STORE_INFO_get0_PKEY(), OSSL_STORE_INFO_get0_CERT(), ...
+ * NULL is returned on error, which may include that the data found at the URI
+ * can't be figured out for certain or is ambiguous.
+ */
+OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx);
+
+/*
+ * Check if end of data (end of file) is reached
+ * Returns 1 on end, 0 otherwise.
+ */
+int OSSL_STORE_eof(OSSL_STORE_CTX *ctx);
+
+/*
+ * Check if an error occured
+ * Returns 1 if it did, 0 otherwise.
+ */
+int OSSL_STORE_error(OSSL_STORE_CTX *ctx);
+
+/*
+ * Close the channel
+ * Returns 1 on success, 0 on error.
+ */
+int OSSL_STORE_close(OSSL_STORE_CTX *ctx);
+
+
+/*-
+ *  Extracting OpenSSL types from and creating new OSSL_STORE_INFOs
+ *  ---------------------------------------------------------------
+ */
+
+/*
+ * Types of data that can be ossl_stored in a OSSL_STORE_INFO.
+ * OSSL_STORE_INFO_NAME is typically found when getting a listing of
+ * available "files" / "tokens" / what have you.
+ */
+# define OSSL_STORE_INFO_NAME           1   /* char * */
+# define OSSL_STORE_INFO_PARAMS         2   /* EVP_PKEY * */
+# define OSSL_STORE_INFO_PKEY           3   /* EVP_PKEY * */
+# define OSSL_STORE_INFO_CERT           4   /* X509 * */
+# define OSSL_STORE_INFO_CRL            5   /* X509_CRL * */
+
+/*
+ * Functions to generate OSSL_STORE_INFOs, one function for each type we
+ * support having in them, as well as a generic constructor.
+ *
+ * In all cases, ownership of the object is transfered to the OSSL_STORE_INFO
+ * and will therefore be freed when the OSSL_STORE_INFO is freed.
+ */
+OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name);
+int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc);
+OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(EVP_PKEY *params);
+OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey);
+OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509);
+OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl);
+
+/*
+ * Functions to try to extract data from a OSSL_STORE_INFO.
+ */
+int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *info);
+const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *info);
+char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *info);
+const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO *info);
+char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *info);
+EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *info);
+EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *info);
+EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *info);
+EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *info);
+X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *info);
+X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *info);
+X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *info);
+X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *info);
+
+const char *OSSL_STORE_INFO_type_string(int type);
+
+/*
+ * Free the OSSL_STORE_INFO
+ */
+void OSSL_STORE_INFO_free(OSSL_STORE_INFO *info);
+
+
+/*-
+ *  Functions to construct a search URI from a base URI and search criteria
+ *  -----------------------------------------------------------------------
+ */
+
+/* OSSL_STORE search types */
+# define OSSL_STORE_SEARCH_BY_NAME              1 /* subject in certs, issuer in CRLs */
+# define OSSL_STORE_SEARCH_BY_ISSUER_SERIAL     2
+# define OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT   3
+# define OSSL_STORE_SEARCH_BY_ALIAS             4
+
+/* To check what search types the scheme handler supports */
+int OSSL_STORE_supports_search(OSSL_STORE_CTX *ctx, int search_type);
+
+/* Search term constructors */
+/*
+ * The input is considered to be owned by the caller, and must therefore
+ * remain present throughout the lifetime of the returned OSSL_STORE_SEARCH
+ */
+OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(X509_NAME *name);
+OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME *name,
+                                                      const ASN1_INTEGER
+                                                      *serial);
+OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD *digest,
+                                                        const unsigned char
+                                                        *bytes, size_t len);
+OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_alias(const char *alias);
+
+/* Search term destructor */
+void OSSL_STORE_SEARCH_free(OSSL_STORE_SEARCH *search);
+
+/* Search term accessors */
+int OSSL_STORE_SEARCH_get_type(const OSSL_STORE_SEARCH *criterion);
+X509_NAME *OSSL_STORE_SEARCH_get0_name(OSSL_STORE_SEARCH *criterion);
+const ASN1_INTEGER *OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH
+                                                  *criterion);
+const unsigned char *OSSL_STORE_SEARCH_get0_bytes(const OSSL_STORE_SEARCH
+                                                  *criterion, size_t *length);
+const char *OSSL_STORE_SEARCH_get0_string(const OSSL_STORE_SEARCH *criterion);
+const EVP_MD *OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH *criterion);
+
+/*
+ * Add search criterion and expected return type (which can be unspecified)
+ * to the loading channel.  This MUST happen before the first OSSL_STORE_load().
+ */
+int OSSL_STORE_expect(OSSL_STORE_CTX *ctx, int expected_type);
+int OSSL_STORE_find(OSSL_STORE_CTX *ctx, OSSL_STORE_SEARCH *search);
+
+
+/*-
+ *  Function to register a loader for the given URI scheme.
+ *  -------------------------------------------------------
+ *
+ *  The loader receives all the main components of an URI except for the
+ *  scheme.
+ */
+
+typedef struct ossl_store_loader_st OSSL_STORE_LOADER;
+OSSL_STORE_LOADER *OSSL_STORE_LOADER_new(ENGINE *e, const char *scheme);
+const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader);
+const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
+/* struct ossl_store_loader_ctx_st is defined differently by each loader */
+typedef struct ossl_store_loader_ctx_st OSSL_STORE_LOADER_CTX;
+typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_open_fn)(const OSSL_STORE_LOADER
+                                                     *loader,
+                                                     const char *uri,
+                                                     const UI_METHOD *ui_method,
+                                                     void *ui_data);
+int OSSL_STORE_LOADER_set_open(OSSL_STORE_LOADER *loader,
+                               OSSL_STORE_open_fn open_function);
+typedef int (*OSSL_STORE_ctrl_fn)(OSSL_STORE_LOADER_CTX *ctx, int cmd,
+                                  va_list args);
+int OSSL_STORE_LOADER_set_ctrl(OSSL_STORE_LOADER *loader,
+                               OSSL_STORE_ctrl_fn ctrl_function);
+typedef int (*OSSL_STORE_expect_fn)(OSSL_STORE_LOADER_CTX *ctx, int expected);
+int OSSL_STORE_LOADER_set_expect(OSSL_STORE_LOADER *loader,
+                                 OSSL_STORE_expect_fn expect_function);
+typedef int (*OSSL_STORE_find_fn)(OSSL_STORE_LOADER_CTX *ctx,
+                                  OSSL_STORE_SEARCH *criteria);
+int OSSL_STORE_LOADER_set_find(OSSL_STORE_LOADER *loader,
+                               OSSL_STORE_find_fn find_function);
+typedef OSSL_STORE_INFO *(*OSSL_STORE_load_fn)(OSSL_STORE_LOADER_CTX *ctx,
+                                               const UI_METHOD *ui_method,
+                                               void *ui_data);
+int OSSL_STORE_LOADER_set_load(OSSL_STORE_LOADER *loader,
+                               OSSL_STORE_load_fn load_function);
+typedef int (*OSSL_STORE_eof_fn)(OSSL_STORE_LOADER_CTX *ctx);
+int OSSL_STORE_LOADER_set_eof(OSSL_STORE_LOADER *loader,
+                              OSSL_STORE_eof_fn eof_function);
+typedef int (*OSSL_STORE_error_fn)(OSSL_STORE_LOADER_CTX *ctx);
+int OSSL_STORE_LOADER_set_error(OSSL_STORE_LOADER *loader,
+                                OSSL_STORE_error_fn error_function);
+typedef int (*OSSL_STORE_close_fn)(OSSL_STORE_LOADER_CTX *ctx);
+int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader,
+                                OSSL_STORE_close_fn close_function);
+void OSSL_STORE_LOADER_free(OSSL_STORE_LOADER *loader);
+
+int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader);
+OSSL_STORE_LOADER *OSSL_STORE_unregister_loader(const char *scheme);
+
+/*-
+ *  Functions to list STORE loaders
+ *  -------------------------------
+ */
+int OSSL_STORE_do_all_loaders(void (*do_function) (const OSSL_STORE_LOADER
+                                                   *loader, void *do_arg),
+                              void *do_arg);
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/storeerr.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/storeerr.h
new file mode 100644
index 000000000..33d0ab790
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/storeerr.h
@@ -0,0 +1,87 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_OSSL_STOREERR_H
+# define HEADER_OSSL_STOREERR_H
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_OSSL_STORE_strings(void);
+
+/*
+ * OSSL_STORE function codes.
+ */
+# define OSSL_STORE_F_FILE_CTRL                           129
+# define OSSL_STORE_F_FILE_FIND                           138
+# define OSSL_STORE_F_FILE_GET_PASS                       118
+# define OSSL_STORE_F_FILE_LOAD                           119
+# define OSSL_STORE_F_FILE_LOAD_TRY_DECODE                124
+# define OSSL_STORE_F_FILE_NAME_TO_URI                    126
+# define OSSL_STORE_F_FILE_OPEN                           120
+# define OSSL_STORE_F_OSSL_STORE_ATTACH_PEM_BIO           127
+# define OSSL_STORE_F_OSSL_STORE_EXPECT                   130
+# define OSSL_STORE_F_OSSL_STORE_FILE_ATTACH_PEM_BIO_INT  128
+# define OSSL_STORE_F_OSSL_STORE_FIND                     131
+# define OSSL_STORE_F_OSSL_STORE_GET0_LOADER_INT          100
+# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_CERT           101
+# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_CRL            102
+# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME           103
+# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION 135
+# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_PARAMS         104
+# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_PKEY           105
+# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_CERT            106
+# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_CRL             107
+# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED        123
+# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_NAME            109
+# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_PARAMS          110
+# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_PKEY            111
+# define OSSL_STORE_F_OSSL_STORE_INFO_SET0_NAME_DESCRIPTION 134
+# define OSSL_STORE_F_OSSL_STORE_INIT_ONCE                112
+# define OSSL_STORE_F_OSSL_STORE_LOADER_NEW               113
+# define OSSL_STORE_F_OSSL_STORE_OPEN                     114
+# define OSSL_STORE_F_OSSL_STORE_OPEN_INT                 115
+# define OSSL_STORE_F_OSSL_STORE_REGISTER_LOADER_INT      117
+# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ALIAS          132
+# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ISSUER_SERIAL  133
+# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT 136
+# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_NAME           137
+# define OSSL_STORE_F_OSSL_STORE_UNREGISTER_LOADER_INT    116
+# define OSSL_STORE_F_TRY_DECODE_PARAMS                   121
+# define OSSL_STORE_F_TRY_DECODE_PKCS12                   122
+# define OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED           125
+
+/*
+ * OSSL_STORE reason codes.
+ */
+# define OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE              107
+# define OSSL_STORE_R_BAD_PASSWORD_READ                   115
+# define OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC          113
+# define OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST 121
+# define OSSL_STORE_R_INVALID_SCHEME                      106
+# define OSSL_STORE_R_IS_NOT_A                            112
+# define OSSL_STORE_R_LOADER_INCOMPLETE                   116
+# define OSSL_STORE_R_LOADING_STARTED                     117
+# define OSSL_STORE_R_NOT_A_CERTIFICATE                   100
+# define OSSL_STORE_R_NOT_A_CRL                           101
+# define OSSL_STORE_R_NOT_A_KEY                           102
+# define OSSL_STORE_R_NOT_A_NAME                          103
+# define OSSL_STORE_R_NOT_PARAMETERS                      104
+# define OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR           114
+# define OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE               108
+# define OSSL_STORE_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES 119
+# define OSSL_STORE_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED 109
+# define OSSL_STORE_R_UNREGISTERED_SCHEME                 105
+# define OSSL_STORE_R_UNSUPPORTED_CONTENT_TYPE            110
+# define OSSL_STORE_R_UNSUPPORTED_OPERATION               118
+# define OSSL_STORE_R_UNSUPPORTED_SEARCH_TYPE             120
+# define OSSL_STORE_R_URI_AUTHORITY_UNSUPPORTED           111
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/symhacks.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/symhacks.h
new file mode 100644
index 000000000..156ea6e4e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/symhacks.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_SYMHACKS_H
+# define HEADER_SYMHACKS_H
+
+# include <openssl/e_os2.h>
+
+/* Case insensitive linking causes problems.... */
+# if defined(OPENSSL_SYS_VMS)
+#  undef ERR_load_CRYPTO_strings
+#  define ERR_load_CRYPTO_strings                 ERR_load_CRYPTOlib_strings
+#  undef OCSP_crlID_new
+#  define OCSP_crlID_new                          OCSP_crlID2_new
+
+#  undef d2i_ECPARAMETERS
+#  define d2i_ECPARAMETERS                        d2i_UC_ECPARAMETERS
+#  undef i2d_ECPARAMETERS
+#  define i2d_ECPARAMETERS                        i2d_UC_ECPARAMETERS
+#  undef d2i_ECPKPARAMETERS
+#  define d2i_ECPKPARAMETERS                      d2i_UC_ECPKPARAMETERS
+#  undef i2d_ECPKPARAMETERS
+#  define i2d_ECPKPARAMETERS                      i2d_UC_ECPKPARAMETERS
+
+/* This one clashes with CMS_data_create */
+#  undef cms_Data_create
+#  define cms_Data_create                         priv_cms_Data_create
+
+# endif
+
+#endif                          /* ! defined HEADER_VMS_IDHACKS_H */
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/tls1.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/tls1.h
new file mode 100644
index 000000000..e13b5dd4b
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/tls1.h
@@ -0,0 +1,1237 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_TLS1_H
+# define HEADER_TLS1_H
+
+# include <openssl/buffer.h>
+# include <openssl/x509.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* Default security level if not overridden at config time */
+# ifndef OPENSSL_TLS_SECURITY_LEVEL
+#  define OPENSSL_TLS_SECURITY_LEVEL 1
+# endif
+
+# define TLS1_VERSION                    0x0301
+# define TLS1_1_VERSION                  0x0302
+# define TLS1_2_VERSION                  0x0303
+# define TLS1_3_VERSION                  0x0304
+# define TLS_MAX_VERSION                 TLS1_3_VERSION
+
+/* Special value for method supporting multiple versions */
+# define TLS_ANY_VERSION                 0x10000
+
+# define TLS1_VERSION_MAJOR              0x03
+# define TLS1_VERSION_MINOR              0x01
+
+# define TLS1_1_VERSION_MAJOR            0x03
+# define TLS1_1_VERSION_MINOR            0x02
+
+# define TLS1_2_VERSION_MAJOR            0x03
+# define TLS1_2_VERSION_MINOR            0x03
+
+# define TLS1_get_version(s) \
+        ((SSL_version(s) >> 8) == TLS1_VERSION_MAJOR ? SSL_version(s) : 0)
+
+# define TLS1_get_client_version(s) \
+        ((SSL_client_version(s) >> 8) == TLS1_VERSION_MAJOR ? SSL_client_version(s) : 0)
+
+# define TLS1_AD_DECRYPTION_FAILED       21
+# define TLS1_AD_RECORD_OVERFLOW         22
+# define TLS1_AD_UNKNOWN_CA              48/* fatal */
+# define TLS1_AD_ACCESS_DENIED           49/* fatal */
+# define TLS1_AD_DECODE_ERROR            50/* fatal */
+# define TLS1_AD_DECRYPT_ERROR           51
+# define TLS1_AD_EXPORT_RESTRICTION      60/* fatal */
+# define TLS1_AD_PROTOCOL_VERSION        70/* fatal */
+# define TLS1_AD_INSUFFICIENT_SECURITY   71/* fatal */
+# define TLS1_AD_INTERNAL_ERROR          80/* fatal */
+# define TLS1_AD_INAPPROPRIATE_FALLBACK  86/* fatal */
+# define TLS1_AD_USER_CANCELLED          90
+# define TLS1_AD_NO_RENEGOTIATION        100
+/* TLSv1.3 alerts */
+# define TLS13_AD_MISSING_EXTENSION      109 /* fatal */
+# define TLS13_AD_CERTIFICATE_REQUIRED   116 /* fatal */
+/* codes 110-114 are from RFC3546 */
+# define TLS1_AD_UNSUPPORTED_EXTENSION   110
+# define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111
+# define TLS1_AD_UNRECOGNIZED_NAME       112
+# define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113
+# define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114
+# define TLS1_AD_UNKNOWN_PSK_IDENTITY    115/* fatal */
+# define TLS1_AD_NO_APPLICATION_PROTOCOL 120 /* fatal */
+
+/* ExtensionType values from RFC3546 / RFC4366 / RFC6066 */
+# define TLSEXT_TYPE_server_name                 0
+# define TLSEXT_TYPE_max_fragment_length         1
+# define TLSEXT_TYPE_client_certificate_url      2
+# define TLSEXT_TYPE_trusted_ca_keys             3
+# define TLSEXT_TYPE_truncated_hmac              4
+# define TLSEXT_TYPE_status_request              5
+/* ExtensionType values from RFC4681 */
+# define TLSEXT_TYPE_user_mapping                6
+/* ExtensionType values from RFC5878 */
+# define TLSEXT_TYPE_client_authz                7
+# define TLSEXT_TYPE_server_authz                8
+/* ExtensionType values from RFC6091 */
+# define TLSEXT_TYPE_cert_type           9
+
+/* ExtensionType values from RFC4492 */
+/*
+ * Prior to TLSv1.3 the supported_groups extension was known as
+ * elliptic_curves
+ */
+# define TLSEXT_TYPE_supported_groups            10
+# define TLSEXT_TYPE_elliptic_curves             TLSEXT_TYPE_supported_groups
+# define TLSEXT_TYPE_ec_point_formats            11
+
+
+/* ExtensionType value from RFC5054 */
+# define TLSEXT_TYPE_srp                         12
+
+/* ExtensionType values from RFC5246 */
+# define TLSEXT_TYPE_signature_algorithms        13
+
+/* ExtensionType value from RFC5764 */
+# define TLSEXT_TYPE_use_srtp    14
+
+/* ExtensionType value from RFC5620 */
+# define TLSEXT_TYPE_heartbeat   15
+
+/* ExtensionType value from RFC7301 */
+# define TLSEXT_TYPE_application_layer_protocol_negotiation 16
+
+/*
+ * Extension type for Certificate Transparency
+ * https://tools.ietf.org/html/rfc6962#section-3.3.1
+ */
+# define TLSEXT_TYPE_signed_certificate_timestamp    18
+
+/*
+ * ExtensionType value for TLS padding extension.
+ * http://tools.ietf.org/html/draft-agl-tls-padding
+ */
+# define TLSEXT_TYPE_padding     21
+
+/* ExtensionType value from RFC7366 */
+# define TLSEXT_TYPE_encrypt_then_mac    22
+
+/* ExtensionType value from RFC7627 */
+# define TLSEXT_TYPE_extended_master_secret      23
+
+/* ExtensionType value from RFC4507 */
+# define TLSEXT_TYPE_session_ticket              35
+
+/* As defined for TLS1.3 */
+# define TLSEXT_TYPE_psk                         41
+# define TLSEXT_TYPE_early_data                  42
+# define TLSEXT_TYPE_supported_versions          43
+# define TLSEXT_TYPE_cookie                      44
+# define TLSEXT_TYPE_psk_kex_modes               45
+# define TLSEXT_TYPE_certificate_authorities     47
+# define TLSEXT_TYPE_post_handshake_auth         49
+# define TLSEXT_TYPE_signature_algorithms_cert   50
+# define TLSEXT_TYPE_key_share                   51
+
+/* Temporary extension type */
+# define TLSEXT_TYPE_renegotiate                 0xff01
+
+# ifndef OPENSSL_NO_NEXTPROTONEG
+/* This is not an IANA defined extension number */
+#  define TLSEXT_TYPE_next_proto_neg              13172
+# endif
+
+/* NameType value from RFC3546 */
+# define TLSEXT_NAMETYPE_host_name 0
+/* status request value from RFC3546 */
+# define TLSEXT_STATUSTYPE_ocsp 1
+
+/* ECPointFormat values from RFC4492 */
+# define TLSEXT_ECPOINTFORMAT_first                      0
+# define TLSEXT_ECPOINTFORMAT_uncompressed               0
+# define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime  1
+# define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2  2
+# define TLSEXT_ECPOINTFORMAT_last                       2
+
+/* Signature and hash algorithms from RFC5246 */
+# define TLSEXT_signature_anonymous                      0
+# define TLSEXT_signature_rsa                            1
+# define TLSEXT_signature_dsa                            2
+# define TLSEXT_signature_ecdsa                          3
+# define TLSEXT_signature_gostr34102001                  237
+# define TLSEXT_signature_gostr34102012_256              238
+# define TLSEXT_signature_gostr34102012_512              239
+
+/* Total number of different signature algorithms */
+# define TLSEXT_signature_num                            7
+
+# define TLSEXT_hash_none                                0
+# define TLSEXT_hash_md5                                 1
+# define TLSEXT_hash_sha1                                2
+# define TLSEXT_hash_sha224                              3
+# define TLSEXT_hash_sha256                              4
+# define TLSEXT_hash_sha384                              5
+# define TLSEXT_hash_sha512                              6
+# define TLSEXT_hash_gostr3411                           237
+# define TLSEXT_hash_gostr34112012_256                   238
+# define TLSEXT_hash_gostr34112012_512                   239
+
+/* Total number of different digest algorithms */
+
+# define TLSEXT_hash_num                                 10
+
+/* Flag set for unrecognised algorithms */
+# define TLSEXT_nid_unknown                              0x1000000
+
+/* ECC curves */
+
+# define TLSEXT_curve_P_256                              23
+# define TLSEXT_curve_P_384                              24
+
+/* OpenSSL value to disable maximum fragment length extension */
+# define TLSEXT_max_fragment_length_DISABLED    0
+/* Allowed values for max fragment length extension */
+# define TLSEXT_max_fragment_length_512         1
+# define TLSEXT_max_fragment_length_1024        2
+# define TLSEXT_max_fragment_length_2048        3
+# define TLSEXT_max_fragment_length_4096        4
+
+int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode);
+int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode);
+
+# define TLSEXT_MAXLEN_host_name 255
+
+__owur const char *SSL_get_servername(const SSL *s, const int type);
+__owur int SSL_get_servername_type(const SSL *s);
+/*
+ * SSL_export_keying_material exports a value derived from the master secret,
+ * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and
+ * optional context. (Since a zero length context is allowed, the |use_context|
+ * flag controls whether a context is included.) It returns 1 on success and
+ * 0 or -1 otherwise.
+ */
+__owur int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
+                                      const char *label, size_t llen,
+                                      const unsigned char *context,
+                                      size_t contextlen, int use_context);
+
+/*
+ * SSL_export_keying_material_early exports a value derived from the
+ * early exporter master secret, as specified in
+ * https://tools.ietf.org/html/draft-ietf-tls-tls13-23. It writes
+ * |olen| bytes to |out| given a label and optional context. It
+ * returns 1 on success and 0 otherwise.
+ */
+__owur int SSL_export_keying_material_early(SSL *s, unsigned char *out,
+                                            size_t olen, const char *label,
+                                            size_t llen,
+                                            const unsigned char *context,
+                                            size_t contextlen);
+
+int SSL_get_peer_signature_type_nid(const SSL *s, int *pnid);
+int SSL_get_signature_type_nid(const SSL *s, int *pnid);
+
+int SSL_get_sigalgs(SSL *s, int idx,
+                    int *psign, int *phash, int *psignandhash,
+                    unsigned char *rsig, unsigned char *rhash);
+
+int SSL_get_shared_sigalgs(SSL *s, int idx,
+                           int *psign, int *phash, int *psignandhash,
+                           unsigned char *rsig, unsigned char *rhash);
+
+__owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain);
+
+# define SSL_set_tlsext_host_name(s,name) \
+        SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,\
+                (void *)name)
+
+# define SSL_set_tlsext_debug_callback(ssl, cb) \
+        SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,\
+                (void (*)(void))cb)
+
+# define SSL_set_tlsext_debug_arg(ssl, arg) \
+        SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0,arg)
+
+# define SSL_get_tlsext_status_type(ssl) \
+        SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE,0,NULL)
+
+# define SSL_set_tlsext_status_type(ssl, type) \
+        SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type,NULL)
+
+# define SSL_get_tlsext_status_exts(ssl, arg) \
+        SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0,arg)
+
+# define SSL_set_tlsext_status_exts(ssl, arg) \
+        SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0,arg)
+
+# define SSL_get_tlsext_status_ids(ssl, arg) \
+        SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0,arg)
+
+# define SSL_set_tlsext_status_ids(ssl, arg) \
+        SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0,arg)
+
+# define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \
+        SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0,arg)
+
+# define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \
+        SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen,arg)
+
+# define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \
+        SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,\
+                (void (*)(void))cb)
+
+# define SSL_TLSEXT_ERR_OK 0
+# define SSL_TLSEXT_ERR_ALERT_WARNING 1
+# define SSL_TLSEXT_ERR_ALERT_FATAL 2
+# define SSL_TLSEXT_ERR_NOACK 3
+
+# define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0,arg)
+
+# define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_TLSEXT_TICKET_KEYS,keylen,keys)
+# define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_TICKET_KEYS,keylen,keys)
+
+# define SSL_CTX_get_tlsext_status_cb(ssl, cb) \
+        SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB,0,(void *)cb)
+# define SSL_CTX_set_tlsext_status_cb(ssl, cb) \
+        SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,\
+                (void (*)(void))cb)
+
+# define SSL_CTX_get_tlsext_status_arg(ssl, arg) \
+        SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG,0,arg)
+# define SSL_CTX_set_tlsext_status_arg(ssl, arg) \
+        SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0,arg)
+
+# define SSL_CTX_set_tlsext_status_type(ssl, type) \
+        SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type,NULL)
+
+# define SSL_CTX_get_tlsext_status_type(ssl) \
+        SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE,0,NULL)
+
+# define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
+        SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,\
+                (void (*)(void))cb)
+
+# ifndef OPENSSL_NO_HEARTBEATS
+#  define SSL_DTLSEXT_HB_ENABLED                   0x01
+#  define SSL_DTLSEXT_HB_DONT_SEND_REQUESTS        0x02
+#  define SSL_DTLSEXT_HB_DONT_RECV_REQUESTS        0x04
+#  define SSL_get_dtlsext_heartbeat_pending(ssl) \
+        SSL_ctrl(ssl,SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING,0,NULL)
+#  define SSL_set_dtlsext_heartbeat_no_requests(ssl, arg) \
+        SSL_ctrl(ssl,SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS,arg,NULL)
+
+#  if OPENSSL_API_COMPAT < 0x10100000L
+#   define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT \
+        SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT
+#   define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING \
+        SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING
+#   define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS \
+        SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS
+#   define SSL_TLSEXT_HB_ENABLED \
+        SSL_DTLSEXT_HB_ENABLED
+#   define SSL_TLSEXT_HB_DONT_SEND_REQUESTS \
+        SSL_DTLSEXT_HB_DONT_SEND_REQUESTS
+#   define SSL_TLSEXT_HB_DONT_RECV_REQUESTS \
+        SSL_DTLSEXT_HB_DONT_RECV_REQUESTS
+#   define SSL_get_tlsext_heartbeat_pending(ssl) \
+        SSL_get_dtlsext_heartbeat_pending(ssl)
+#   define SSL_set_tlsext_heartbeat_no_requests(ssl, arg) \
+        SSL_set_dtlsext_heartbeat_no_requests(ssl,arg)
+#  endif
+# endif
+
+/* PSK ciphersuites from 4279 */
+# define TLS1_CK_PSK_WITH_RC4_128_SHA                    0x0300008A
+# define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA               0x0300008B
+# define TLS1_CK_PSK_WITH_AES_128_CBC_SHA                0x0300008C
+# define TLS1_CK_PSK_WITH_AES_256_CBC_SHA                0x0300008D
+# define TLS1_CK_DHE_PSK_WITH_RC4_128_SHA                0x0300008E
+# define TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA           0x0300008F
+# define TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA            0x03000090
+# define TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA            0x03000091
+# define TLS1_CK_RSA_PSK_WITH_RC4_128_SHA                0x03000092
+# define TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA           0x03000093
+# define TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA            0x03000094
+# define TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA            0x03000095
+
+/* PSK ciphersuites from 5487 */
+# define TLS1_CK_PSK_WITH_AES_128_GCM_SHA256             0x030000A8
+# define TLS1_CK_PSK_WITH_AES_256_GCM_SHA384             0x030000A9
+# define TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256         0x030000AA
+# define TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384         0x030000AB
+# define TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256         0x030000AC
+# define TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384         0x030000AD
+# define TLS1_CK_PSK_WITH_AES_128_CBC_SHA256             0x030000AE
+# define TLS1_CK_PSK_WITH_AES_256_CBC_SHA384             0x030000AF
+# define TLS1_CK_PSK_WITH_NULL_SHA256                    0x030000B0
+# define TLS1_CK_PSK_WITH_NULL_SHA384                    0x030000B1
+# define TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256         0x030000B2
+# define TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384         0x030000B3
+# define TLS1_CK_DHE_PSK_WITH_NULL_SHA256                0x030000B4
+# define TLS1_CK_DHE_PSK_WITH_NULL_SHA384                0x030000B5
+# define TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256         0x030000B6
+# define TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384         0x030000B7
+# define TLS1_CK_RSA_PSK_WITH_NULL_SHA256                0x030000B8
+# define TLS1_CK_RSA_PSK_WITH_NULL_SHA384                0x030000B9
+
+/* NULL PSK ciphersuites from RFC4785 */
+# define TLS1_CK_PSK_WITH_NULL_SHA                       0x0300002C
+# define TLS1_CK_DHE_PSK_WITH_NULL_SHA                   0x0300002D
+# define TLS1_CK_RSA_PSK_WITH_NULL_SHA                   0x0300002E
+
+/* AES ciphersuites from RFC3268 */
+# define TLS1_CK_RSA_WITH_AES_128_SHA                    0x0300002F
+# define TLS1_CK_DH_DSS_WITH_AES_128_SHA                 0x03000030
+# define TLS1_CK_DH_RSA_WITH_AES_128_SHA                 0x03000031
+# define TLS1_CK_DHE_DSS_WITH_AES_128_SHA                0x03000032
+# define TLS1_CK_DHE_RSA_WITH_AES_128_SHA                0x03000033
+# define TLS1_CK_ADH_WITH_AES_128_SHA                    0x03000034
+# define TLS1_CK_RSA_WITH_AES_256_SHA                    0x03000035
+# define TLS1_CK_DH_DSS_WITH_AES_256_SHA                 0x03000036
+# define TLS1_CK_DH_RSA_WITH_AES_256_SHA                 0x03000037
+# define TLS1_CK_DHE_DSS_WITH_AES_256_SHA                0x03000038
+# define TLS1_CK_DHE_RSA_WITH_AES_256_SHA                0x03000039
+# define TLS1_CK_ADH_WITH_AES_256_SHA                    0x0300003A
+
+/* TLS v1.2 ciphersuites */
+# define TLS1_CK_RSA_WITH_NULL_SHA256                    0x0300003B
+# define TLS1_CK_RSA_WITH_AES_128_SHA256                 0x0300003C
+# define TLS1_CK_RSA_WITH_AES_256_SHA256                 0x0300003D
+# define TLS1_CK_DH_DSS_WITH_AES_128_SHA256              0x0300003E
+# define TLS1_CK_DH_RSA_WITH_AES_128_SHA256              0x0300003F
+# define TLS1_CK_DHE_DSS_WITH_AES_128_SHA256             0x03000040
+
+/* Camellia ciphersuites from RFC4132 */
+# define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA           0x03000041
+# define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA        0x03000042
+# define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA        0x03000043
+# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA       0x03000044
+# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA       0x03000045
+# define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA           0x03000046
+
+/* TLS v1.2 ciphersuites */
+# define TLS1_CK_DHE_RSA_WITH_AES_128_SHA256             0x03000067
+# define TLS1_CK_DH_DSS_WITH_AES_256_SHA256              0x03000068
+# define TLS1_CK_DH_RSA_WITH_AES_256_SHA256              0x03000069
+# define TLS1_CK_DHE_DSS_WITH_AES_256_SHA256             0x0300006A
+# define TLS1_CK_DHE_RSA_WITH_AES_256_SHA256             0x0300006B
+# define TLS1_CK_ADH_WITH_AES_128_SHA256                 0x0300006C
+# define TLS1_CK_ADH_WITH_AES_256_SHA256                 0x0300006D
+
+/* Camellia ciphersuites from RFC4132 */
+# define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA           0x03000084
+# define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA        0x03000085
+# define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA        0x03000086
+# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA       0x03000087
+# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA       0x03000088
+# define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA           0x03000089
+
+/* SEED ciphersuites from RFC4162 */
+# define TLS1_CK_RSA_WITH_SEED_SHA                       0x03000096
+# define TLS1_CK_DH_DSS_WITH_SEED_SHA                    0x03000097
+# define TLS1_CK_DH_RSA_WITH_SEED_SHA                    0x03000098
+# define TLS1_CK_DHE_DSS_WITH_SEED_SHA                   0x03000099
+# define TLS1_CK_DHE_RSA_WITH_SEED_SHA                   0x0300009A
+# define TLS1_CK_ADH_WITH_SEED_SHA                       0x0300009B
+
+/* TLS v1.2 GCM ciphersuites from RFC5288 */
+# define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256             0x0300009C
+# define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384             0x0300009D
+# define TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256         0x0300009E
+# define TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384         0x0300009F
+# define TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256          0x030000A0
+# define TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384          0x030000A1
+# define TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256         0x030000A2
+# define TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384         0x030000A3
+# define TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256          0x030000A4
+# define TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384          0x030000A5
+# define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256             0x030000A6
+# define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384             0x030000A7
+
+/* CCM ciphersuites from RFC6655 */
+# define TLS1_CK_RSA_WITH_AES_128_CCM                    0x0300C09C
+# define TLS1_CK_RSA_WITH_AES_256_CCM                    0x0300C09D
+# define TLS1_CK_DHE_RSA_WITH_AES_128_CCM                0x0300C09E
+# define TLS1_CK_DHE_RSA_WITH_AES_256_CCM                0x0300C09F
+# define TLS1_CK_RSA_WITH_AES_128_CCM_8                  0x0300C0A0
+# define TLS1_CK_RSA_WITH_AES_256_CCM_8                  0x0300C0A1
+# define TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8              0x0300C0A2
+# define TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8              0x0300C0A3
+# define TLS1_CK_PSK_WITH_AES_128_CCM                    0x0300C0A4
+# define TLS1_CK_PSK_WITH_AES_256_CCM                    0x0300C0A5
+# define TLS1_CK_DHE_PSK_WITH_AES_128_CCM                0x0300C0A6
+# define TLS1_CK_DHE_PSK_WITH_AES_256_CCM                0x0300C0A7
+# define TLS1_CK_PSK_WITH_AES_128_CCM_8                  0x0300C0A8
+# define TLS1_CK_PSK_WITH_AES_256_CCM_8                  0x0300C0A9
+# define TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8              0x0300C0AA
+# define TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8              0x0300C0AB
+
+/* CCM ciphersuites from RFC7251 */
+# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM            0x0300C0AC
+# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM            0x0300C0AD
+# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8          0x0300C0AE
+# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8          0x0300C0AF
+
+/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */
+# define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256                0x030000BA
+# define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256             0x030000BB
+# define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256             0x030000BC
+# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256            0x030000BD
+# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256            0x030000BE
+# define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256                0x030000BF
+
+# define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256                0x030000C0
+# define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256             0x030000C1
+# define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256             0x030000C2
+# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256            0x030000C3
+# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256            0x030000C4
+# define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256                0x030000C5
+
+/* ECC ciphersuites from RFC4492 */
+# define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA                0x0300C001
+# define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA             0x0300C002
+# define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA        0x0300C003
+# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA         0x0300C004
+# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA         0x0300C005
+
+# define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA               0x0300C006
+# define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA            0x0300C007
+# define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA       0x0300C008
+# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA        0x0300C009
+# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA        0x0300C00A
+
+# define TLS1_CK_ECDH_RSA_WITH_NULL_SHA                  0x0300C00B
+# define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA               0x0300C00C
+# define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA          0x0300C00D
+# define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA           0x0300C00E
+# define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA           0x0300C00F
+
+# define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA                 0x0300C010
+# define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA              0x0300C011
+# define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA         0x0300C012
+# define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA          0x0300C013
+# define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA          0x0300C014
+
+# define TLS1_CK_ECDH_anon_WITH_NULL_SHA                 0x0300C015
+# define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA              0x0300C016
+# define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA         0x0300C017
+# define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA          0x0300C018
+# define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA          0x0300C019
+
+/* SRP ciphersuites from RFC 5054 */
+# define TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA           0x0300C01A
+# define TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA       0x0300C01B
+# define TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA       0x0300C01C
+# define TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA            0x0300C01D
+# define TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA        0x0300C01E
+# define TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA        0x0300C01F
+# define TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA            0x0300C020
+# define TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA        0x0300C021
+# define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA        0x0300C022
+
+/* ECDH HMAC based ciphersuites from RFC5289 */
+# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256         0x0300C023
+# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384         0x0300C024
+# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256          0x0300C025
+# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384          0x0300C026
+# define TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256           0x0300C027
+# define TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384           0x0300C028
+# define TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256            0x0300C029
+# define TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384            0x0300C02A
+
+/* ECDH GCM based ciphersuites from RFC5289 */
+# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256     0x0300C02B
+# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384     0x0300C02C
+# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256      0x0300C02D
+# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384      0x0300C02E
+# define TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256       0x0300C02F
+# define TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384       0x0300C030
+# define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256        0x0300C031
+# define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384        0x0300C032
+
+/* ECDHE PSK ciphersuites from RFC5489 */
+# define TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA              0x0300C033
+# define TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA         0x0300C034
+# define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA          0x0300C035
+# define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA          0x0300C036
+
+# define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256       0x0300C037
+# define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384       0x0300C038
+
+/* NULL PSK ciphersuites from RFC4785 */
+# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA                 0x0300C039
+# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256              0x0300C03A
+# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384              0x0300C03B
+
+/* Camellia-CBC ciphersuites from RFC6367 */
+# define TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C072
+# define TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C073
+# define TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256  0x0300C074
+# define TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384  0x0300C075
+# define TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256   0x0300C076
+# define TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384   0x0300C077
+# define TLS1_CK_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256    0x0300C078
+# define TLS1_CK_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384    0x0300C079
+
+# define TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256         0x0300C094
+# define TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384         0x0300C095
+# define TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256     0x0300C096
+# define TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384     0x0300C097
+# define TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256     0x0300C098
+# define TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384     0x0300C099
+# define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256   0x0300C09A
+# define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384   0x0300C09B
+
+/* draft-ietf-tls-chacha20-poly1305-03 */
+# define TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305         0x0300CCA8
+# define TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305       0x0300CCA9
+# define TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305           0x0300CCAA
+# define TLS1_CK_PSK_WITH_CHACHA20_POLY1305               0x0300CCAB
+# define TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305         0x0300CCAC
+# define TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305           0x0300CCAD
+# define TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305           0x0300CCAE
+
+/* TLS v1.3 ciphersuites */
+# define TLS1_3_CK_AES_128_GCM_SHA256                     0x03001301
+# define TLS1_3_CK_AES_256_GCM_SHA384                     0x03001302
+# define TLS1_3_CK_CHACHA20_POLY1305_SHA256               0x03001303
+# define TLS1_3_CK_AES_128_CCM_SHA256                     0x03001304
+# define TLS1_3_CK_AES_128_CCM_8_SHA256                   0x03001305
+
+/* Aria ciphersuites from RFC6209 */
+# define TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256             0x0300C050
+# define TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384             0x0300C051
+# define TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256         0x0300C052
+# define TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384         0x0300C053
+# define TLS1_CK_DH_RSA_WITH_ARIA_128_GCM_SHA256          0x0300C054
+# define TLS1_CK_DH_RSA_WITH_ARIA_256_GCM_SHA384          0x0300C055
+# define TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256         0x0300C056
+# define TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384         0x0300C057
+# define TLS1_CK_DH_DSS_WITH_ARIA_128_GCM_SHA256          0x0300C058
+# define TLS1_CK_DH_DSS_WITH_ARIA_256_GCM_SHA384          0x0300C059
+# define TLS1_CK_DH_anon_WITH_ARIA_128_GCM_SHA256         0x0300C05A
+# define TLS1_CK_DH_anon_WITH_ARIA_256_GCM_SHA384         0x0300C05B
+# define TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256     0x0300C05C
+# define TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384     0x0300C05D
+# define TLS1_CK_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256      0x0300C05E
+# define TLS1_CK_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384      0x0300C05F
+# define TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256       0x0300C060
+# define TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384       0x0300C061
+# define TLS1_CK_ECDH_RSA_WITH_ARIA_128_GCM_SHA256        0x0300C062
+# define TLS1_CK_ECDH_RSA_WITH_ARIA_256_GCM_SHA384        0x0300C063
+# define TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256             0x0300C06A
+# define TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384             0x0300C06B
+# define TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256         0x0300C06C
+# define TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384         0x0300C06D
+# define TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256         0x0300C06E
+# define TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384         0x0300C06F
+
+/* a bundle of RFC standard cipher names, generated from ssl3_ciphers[] */
+# define TLS1_RFC_RSA_WITH_AES_128_SHA                   "TLS_RSA_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_DHE_DSS_WITH_AES_128_SHA               "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_DHE_RSA_WITH_AES_128_SHA               "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_ADH_WITH_AES_128_SHA                   "TLS_DH_anon_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_RSA_WITH_AES_256_SHA                   "TLS_RSA_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_DHE_DSS_WITH_AES_256_SHA               "TLS_DHE_DSS_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_DHE_RSA_WITH_AES_256_SHA               "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_ADH_WITH_AES_256_SHA                   "TLS_DH_anon_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_RSA_WITH_NULL_SHA256                   "TLS_RSA_WITH_NULL_SHA256"
+# define TLS1_RFC_RSA_WITH_AES_128_SHA256                "TLS_RSA_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_RSA_WITH_AES_256_SHA256                "TLS_RSA_WITH_AES_256_CBC_SHA256"
+# define TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256            "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256            "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256            "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"
+# define TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256            "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"
+# define TLS1_RFC_ADH_WITH_AES_128_SHA256                "TLS_DH_anon_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_ADH_WITH_AES_256_SHA256                "TLS_DH_anon_WITH_AES_256_CBC_SHA256"
+# define TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256            "TLS_RSA_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384            "TLS_RSA_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256        "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384        "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256        "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384        "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256            "TLS_DH_anon_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384            "TLS_DH_anon_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_RSA_WITH_AES_128_CCM                   "TLS_RSA_WITH_AES_128_CCM"
+# define TLS1_RFC_RSA_WITH_AES_256_CCM                   "TLS_RSA_WITH_AES_256_CCM"
+# define TLS1_RFC_DHE_RSA_WITH_AES_128_CCM               "TLS_DHE_RSA_WITH_AES_128_CCM"
+# define TLS1_RFC_DHE_RSA_WITH_AES_256_CCM               "TLS_DHE_RSA_WITH_AES_256_CCM"
+# define TLS1_RFC_RSA_WITH_AES_128_CCM_8                 "TLS_RSA_WITH_AES_128_CCM_8"
+# define TLS1_RFC_RSA_WITH_AES_256_CCM_8                 "TLS_RSA_WITH_AES_256_CCM_8"
+# define TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8             "TLS_DHE_RSA_WITH_AES_128_CCM_8"
+# define TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8             "TLS_DHE_RSA_WITH_AES_256_CCM_8"
+# define TLS1_RFC_PSK_WITH_AES_128_CCM                   "TLS_PSK_WITH_AES_128_CCM"
+# define TLS1_RFC_PSK_WITH_AES_256_CCM                   "TLS_PSK_WITH_AES_256_CCM"
+# define TLS1_RFC_DHE_PSK_WITH_AES_128_CCM               "TLS_DHE_PSK_WITH_AES_128_CCM"
+# define TLS1_RFC_DHE_PSK_WITH_AES_256_CCM               "TLS_DHE_PSK_WITH_AES_256_CCM"
+# define TLS1_RFC_PSK_WITH_AES_128_CCM_8                 "TLS_PSK_WITH_AES_128_CCM_8"
+# define TLS1_RFC_PSK_WITH_AES_256_CCM_8                 "TLS_PSK_WITH_AES_256_CCM_8"
+# define TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8             "TLS_PSK_DHE_WITH_AES_128_CCM_8"
+# define TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8             "TLS_PSK_DHE_WITH_AES_256_CCM_8"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM           "TLS_ECDHE_ECDSA_WITH_AES_128_CCM"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM           "TLS_ECDHE_ECDSA_WITH_AES_256_CCM"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8         "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8         "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8"
+# define TLS1_3_RFC_AES_128_GCM_SHA256                   "TLS_AES_128_GCM_SHA256"
+# define TLS1_3_RFC_AES_256_GCM_SHA384                   "TLS_AES_256_GCM_SHA384"
+# define TLS1_3_RFC_CHACHA20_POLY1305_SHA256             "TLS_CHACHA20_POLY1305_SHA256"
+# define TLS1_3_RFC_AES_128_CCM_SHA256                   "TLS_AES_128_CCM_SHA256"
+# define TLS1_3_RFC_AES_128_CCM_8_SHA256                 "TLS_AES_128_CCM_8_SHA256"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA              "TLS_ECDHE_ECDSA_WITH_NULL_SHA"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA      "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA       "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA       "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA                "TLS_ECDHE_RSA_WITH_NULL_SHA"
+# define TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA        "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA         "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA         "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_ECDH_anon_WITH_NULL_SHA                "TLS_ECDH_anon_WITH_NULL_SHA"
+# define TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA        "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA         "TLS_ECDH_anon_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA         "TLS_ECDH_anon_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256        "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384        "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"
+# define TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256          "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384          "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256    "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384    "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256      "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384      "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_PSK_WITH_NULL_SHA                      "TLS_PSK_WITH_NULL_SHA"
+# define TLS1_RFC_DHE_PSK_WITH_NULL_SHA                  "TLS_DHE_PSK_WITH_NULL_SHA"
+# define TLS1_RFC_RSA_PSK_WITH_NULL_SHA                  "TLS_RSA_PSK_WITH_NULL_SHA"
+# define TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA              "TLS_PSK_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_PSK_WITH_AES_128_CBC_SHA               "TLS_PSK_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_PSK_WITH_AES_256_CBC_SHA               "TLS_PSK_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA          "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA           "TLS_DHE_PSK_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA           "TLS_DHE_PSK_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA          "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA           "TLS_RSA_PSK_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA           "TLS_RSA_PSK_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256            "TLS_PSK_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384            "TLS_PSK_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256        "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384        "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256        "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384        "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256            "TLS_PSK_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384            "TLS_PSK_WITH_AES_256_CBC_SHA384"
+# define TLS1_RFC_PSK_WITH_NULL_SHA256                   "TLS_PSK_WITH_NULL_SHA256"
+# define TLS1_RFC_PSK_WITH_NULL_SHA384                   "TLS_PSK_WITH_NULL_SHA384"
+# define TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256        "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384        "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384"
+# define TLS1_RFC_DHE_PSK_WITH_NULL_SHA256               "TLS_DHE_PSK_WITH_NULL_SHA256"
+# define TLS1_RFC_DHE_PSK_WITH_NULL_SHA384               "TLS_DHE_PSK_WITH_NULL_SHA384"
+# define TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256        "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384        "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384"
+# define TLS1_RFC_RSA_PSK_WITH_NULL_SHA256               "TLS_RSA_PSK_WITH_NULL_SHA256"
+# define TLS1_RFC_RSA_PSK_WITH_NULL_SHA384               "TLS_RSA_PSK_WITH_NULL_SHA384"
+# define TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA        "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA         "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA         "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256      "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384      "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384"
+# define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA                "TLS_ECDHE_PSK_WITH_NULL_SHA"
+# define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256             "TLS_ECDHE_PSK_WITH_NULL_SHA256"
+# define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384             "TLS_ECDHE_PSK_WITH_NULL_SHA384"
+# define TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA          "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA      "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA      "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA           "TLS_SRP_SHA_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA       "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA       "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA           "TLS_SRP_SHA_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA       "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA       "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305         "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"
+# define TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305       "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305     "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"
+# define TLS1_RFC_PSK_WITH_CHACHA20_POLY1305             "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256"
+# define TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305       "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256"
+# define TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305         "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256"
+# define TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305         "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256"
+# define TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256       "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256   "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256   "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256       "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256       "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256"
+# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256   "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256"
+# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256   "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256"
+# define TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256       "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256"
+# define TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA          "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA"
+# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA      "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA"
+# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA      "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA"
+# define TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA          "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA"
+# define TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA          "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA"
+# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA      "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA"
+# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA      "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA"
+# define TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA          "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384"
+# define TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384"
+# define TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256       "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384       "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384"
+# define TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256   "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384   "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"
+# define TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256   "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384   "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384"
+# define TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"
+# define TLS1_RFC_RSA_WITH_SEED_SHA                      "TLS_RSA_WITH_SEED_CBC_SHA"
+# define TLS1_RFC_DHE_DSS_WITH_SEED_SHA                  "TLS_DHE_DSS_WITH_SEED_CBC_SHA"
+# define TLS1_RFC_DHE_RSA_WITH_SEED_SHA                  "TLS_DHE_RSA_WITH_SEED_CBC_SHA"
+# define TLS1_RFC_ADH_WITH_SEED_SHA                      "TLS_DH_anon_WITH_SEED_CBC_SHA"
+# define TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA             "TLS_ECDHE_PSK_WITH_RC4_128_SHA"
+# define TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA             "TLS_ECDH_anon_WITH_RC4_128_SHA"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA           "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"
+# define TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA             "TLS_ECDHE_RSA_WITH_RC4_128_SHA"
+# define TLS1_RFC_PSK_WITH_RC4_128_SHA                   "TLS_PSK_WITH_RC4_128_SHA"
+# define TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA               "TLS_RSA_PSK_WITH_RC4_128_SHA"
+# define TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA               "TLS_DHE_PSK_WITH_RC4_128_SHA"
+# define TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256           "TLS_RSA_WITH_ARIA_128_GCM_SHA256"
+# define TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384           "TLS_RSA_WITH_ARIA_256_GCM_SHA384"
+# define TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256       "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256"
+# define TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384       "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384"
+# define TLS1_RFC_DH_RSA_WITH_ARIA_128_GCM_SHA256        "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256"
+# define TLS1_RFC_DH_RSA_WITH_ARIA_256_GCM_SHA384        "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384"
+# define TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256       "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256"
+# define TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384       "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384"
+# define TLS1_RFC_DH_DSS_WITH_ARIA_128_GCM_SHA256        "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256"
+# define TLS1_RFC_DH_DSS_WITH_ARIA_256_GCM_SHA384        "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384"
+# define TLS1_RFC_DH_anon_WITH_ARIA_128_GCM_SHA256       "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256"
+# define TLS1_RFC_DH_anon_WITH_ARIA_256_GCM_SHA384       "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256   "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384   "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384"
+# define TLS1_RFC_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256    "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256"
+# define TLS1_RFC_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384    "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384"
+# define TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256     "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256"
+# define TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384     "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384"
+# define TLS1_RFC_ECDH_RSA_WITH_ARIA_128_GCM_SHA256      "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256"
+# define TLS1_RFC_ECDH_RSA_WITH_ARIA_256_GCM_SHA384      "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384"
+# define TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256           "TLS_PSK_WITH_ARIA_128_GCM_SHA256"
+# define TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384           "TLS_PSK_WITH_ARIA_256_GCM_SHA384"
+# define TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256       "TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256"
+# define TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384       "TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384"
+# define TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256       "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256"
+# define TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384       "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384"
+
+
+/*
+ * XXX Backward compatibility alert: Older versions of OpenSSL gave some DHE
+ * ciphers names with "EDH" instead of "DHE".  Going forward, we should be
+ * using DHE everywhere, though we may indefinitely maintain aliases for
+ * users or configurations that used "EDH"
+ */
+# define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA               "DHE-DSS-RC4-SHA"
+
+# define TLS1_TXT_PSK_WITH_NULL_SHA                      "PSK-NULL-SHA"
+# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA                  "DHE-PSK-NULL-SHA"
+# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA                  "RSA-PSK-NULL-SHA"
+
+/* AES ciphersuites from RFC3268 */
+# define TLS1_TXT_RSA_WITH_AES_128_SHA                   "AES128-SHA"
+# define TLS1_TXT_DH_DSS_WITH_AES_128_SHA                "DH-DSS-AES128-SHA"
+# define TLS1_TXT_DH_RSA_WITH_AES_128_SHA                "DH-RSA-AES128-SHA"
+# define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA               "DHE-DSS-AES128-SHA"
+# define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA               "DHE-RSA-AES128-SHA"
+# define TLS1_TXT_ADH_WITH_AES_128_SHA                   "ADH-AES128-SHA"
+
+# define TLS1_TXT_RSA_WITH_AES_256_SHA                   "AES256-SHA"
+# define TLS1_TXT_DH_DSS_WITH_AES_256_SHA                "DH-DSS-AES256-SHA"
+# define TLS1_TXT_DH_RSA_WITH_AES_256_SHA                "DH-RSA-AES256-SHA"
+# define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA               "DHE-DSS-AES256-SHA"
+# define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA               "DHE-RSA-AES256-SHA"
+# define TLS1_TXT_ADH_WITH_AES_256_SHA                   "ADH-AES256-SHA"
+
+/* ECC ciphersuites from RFC4492 */
+# define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA               "ECDH-ECDSA-NULL-SHA"
+# define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA            "ECDH-ECDSA-RC4-SHA"
+# define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA       "ECDH-ECDSA-DES-CBC3-SHA"
+# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA        "ECDH-ECDSA-AES128-SHA"
+# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA        "ECDH-ECDSA-AES256-SHA"
+
+# define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA              "ECDHE-ECDSA-NULL-SHA"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA           "ECDHE-ECDSA-RC4-SHA"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA      "ECDHE-ECDSA-DES-CBC3-SHA"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA       "ECDHE-ECDSA-AES128-SHA"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA       "ECDHE-ECDSA-AES256-SHA"
+
+# define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA                 "ECDH-RSA-NULL-SHA"
+# define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA              "ECDH-RSA-RC4-SHA"
+# define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA         "ECDH-RSA-DES-CBC3-SHA"
+# define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA          "ECDH-RSA-AES128-SHA"
+# define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA          "ECDH-RSA-AES256-SHA"
+
+# define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA                "ECDHE-RSA-NULL-SHA"
+# define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA             "ECDHE-RSA-RC4-SHA"
+# define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA        "ECDHE-RSA-DES-CBC3-SHA"
+# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA         "ECDHE-RSA-AES128-SHA"
+# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA         "ECDHE-RSA-AES256-SHA"
+
+# define TLS1_TXT_ECDH_anon_WITH_NULL_SHA                "AECDH-NULL-SHA"
+# define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA             "AECDH-RC4-SHA"
+# define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA        "AECDH-DES-CBC3-SHA"
+# define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA         "AECDH-AES128-SHA"
+# define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA         "AECDH-AES256-SHA"
+
+/* PSK ciphersuites from RFC 4279 */
+# define TLS1_TXT_PSK_WITH_RC4_128_SHA                   "PSK-RC4-SHA"
+# define TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA              "PSK-3DES-EDE-CBC-SHA"
+# define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA               "PSK-AES128-CBC-SHA"
+# define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA               "PSK-AES256-CBC-SHA"
+
+# define TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA               "DHE-PSK-RC4-SHA"
+# define TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA          "DHE-PSK-3DES-EDE-CBC-SHA"
+# define TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA           "DHE-PSK-AES128-CBC-SHA"
+# define TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA           "DHE-PSK-AES256-CBC-SHA"
+# define TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA               "RSA-PSK-RC4-SHA"
+# define TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA          "RSA-PSK-3DES-EDE-CBC-SHA"
+# define TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA           "RSA-PSK-AES128-CBC-SHA"
+# define TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA           "RSA-PSK-AES256-CBC-SHA"
+
+/* PSK ciphersuites from RFC 5487 */
+# define TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256            "PSK-AES128-GCM-SHA256"
+# define TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384            "PSK-AES256-GCM-SHA384"
+# define TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256        "DHE-PSK-AES128-GCM-SHA256"
+# define TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384        "DHE-PSK-AES256-GCM-SHA384"
+# define TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256        "RSA-PSK-AES128-GCM-SHA256"
+# define TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384        "RSA-PSK-AES256-GCM-SHA384"
+
+# define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256            "PSK-AES128-CBC-SHA256"
+# define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384            "PSK-AES256-CBC-SHA384"
+# define TLS1_TXT_PSK_WITH_NULL_SHA256                   "PSK-NULL-SHA256"
+# define TLS1_TXT_PSK_WITH_NULL_SHA384                   "PSK-NULL-SHA384"
+
+# define TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256        "DHE-PSK-AES128-CBC-SHA256"
+# define TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384        "DHE-PSK-AES256-CBC-SHA384"
+# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA256               "DHE-PSK-NULL-SHA256"
+# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA384               "DHE-PSK-NULL-SHA384"
+
+# define TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256        "RSA-PSK-AES128-CBC-SHA256"
+# define TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384        "RSA-PSK-AES256-CBC-SHA384"
+# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA256               "RSA-PSK-NULL-SHA256"
+# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA384               "RSA-PSK-NULL-SHA384"
+
+/* SRP ciphersuite from RFC 5054 */
+# define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA          "SRP-3DES-EDE-CBC-SHA"
+# define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA      "SRP-RSA-3DES-EDE-CBC-SHA"
+# define TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA      "SRP-DSS-3DES-EDE-CBC-SHA"
+# define TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA           "SRP-AES-128-CBC-SHA"
+# define TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA       "SRP-RSA-AES-128-CBC-SHA"
+# define TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA       "SRP-DSS-AES-128-CBC-SHA"
+# define TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA           "SRP-AES-256-CBC-SHA"
+# define TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA       "SRP-RSA-AES-256-CBC-SHA"
+# define TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA       "SRP-DSS-AES-256-CBC-SHA"
+
+/* Camellia ciphersuites from RFC4132 */
+# define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA          "CAMELLIA128-SHA"
+# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA       "DH-DSS-CAMELLIA128-SHA"
+# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA       "DH-RSA-CAMELLIA128-SHA"
+# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA      "DHE-DSS-CAMELLIA128-SHA"
+# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA      "DHE-RSA-CAMELLIA128-SHA"
+# define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA          "ADH-CAMELLIA128-SHA"
+
+# define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA          "CAMELLIA256-SHA"
+# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA       "DH-DSS-CAMELLIA256-SHA"
+# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA       "DH-RSA-CAMELLIA256-SHA"
+# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA      "DHE-DSS-CAMELLIA256-SHA"
+# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA      "DHE-RSA-CAMELLIA256-SHA"
+# define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA          "ADH-CAMELLIA256-SHA"
+
+/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */
+# define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256               "CAMELLIA128-SHA256"
+# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256            "DH-DSS-CAMELLIA128-SHA256"
+# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256            "DH-RSA-CAMELLIA128-SHA256"
+# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256           "DHE-DSS-CAMELLIA128-SHA256"
+# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256           "DHE-RSA-CAMELLIA128-SHA256"
+# define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256               "ADH-CAMELLIA128-SHA256"
+
+# define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256               "CAMELLIA256-SHA256"
+# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256            "DH-DSS-CAMELLIA256-SHA256"
+# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256            "DH-RSA-CAMELLIA256-SHA256"
+# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256           "DHE-DSS-CAMELLIA256-SHA256"
+# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256           "DHE-RSA-CAMELLIA256-SHA256"
+# define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256               "ADH-CAMELLIA256-SHA256"
+
+# define TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256               "PSK-CAMELLIA128-SHA256"
+# define TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384               "PSK-CAMELLIA256-SHA384"
+# define TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256           "DHE-PSK-CAMELLIA128-SHA256"
+# define TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384           "DHE-PSK-CAMELLIA256-SHA384"
+# define TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256           "RSA-PSK-CAMELLIA128-SHA256"
+# define TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384           "RSA-PSK-CAMELLIA256-SHA384"
+# define TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256         "ECDHE-PSK-CAMELLIA128-SHA256"
+# define TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384         "ECDHE-PSK-CAMELLIA256-SHA384"
+
+/* SEED ciphersuites from RFC4162 */
+# define TLS1_TXT_RSA_WITH_SEED_SHA                      "SEED-SHA"
+# define TLS1_TXT_DH_DSS_WITH_SEED_SHA                   "DH-DSS-SEED-SHA"
+# define TLS1_TXT_DH_RSA_WITH_SEED_SHA                   "DH-RSA-SEED-SHA"
+# define TLS1_TXT_DHE_DSS_WITH_SEED_SHA                  "DHE-DSS-SEED-SHA"
+# define TLS1_TXT_DHE_RSA_WITH_SEED_SHA                  "DHE-RSA-SEED-SHA"
+# define TLS1_TXT_ADH_WITH_SEED_SHA                      "ADH-SEED-SHA"
+
+/* TLS v1.2 ciphersuites */
+# define TLS1_TXT_RSA_WITH_NULL_SHA256                   "NULL-SHA256"
+# define TLS1_TXT_RSA_WITH_AES_128_SHA256                "AES128-SHA256"
+# define TLS1_TXT_RSA_WITH_AES_256_SHA256                "AES256-SHA256"
+# define TLS1_TXT_DH_DSS_WITH_AES_128_SHA256             "DH-DSS-AES128-SHA256"
+# define TLS1_TXT_DH_RSA_WITH_AES_128_SHA256             "DH-RSA-AES128-SHA256"
+# define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256            "DHE-DSS-AES128-SHA256"
+# define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256            "DHE-RSA-AES128-SHA256"
+# define TLS1_TXT_DH_DSS_WITH_AES_256_SHA256             "DH-DSS-AES256-SHA256"
+# define TLS1_TXT_DH_RSA_WITH_AES_256_SHA256             "DH-RSA-AES256-SHA256"
+# define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256            "DHE-DSS-AES256-SHA256"
+# define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256            "DHE-RSA-AES256-SHA256"
+# define TLS1_TXT_ADH_WITH_AES_128_SHA256                "ADH-AES128-SHA256"
+# define TLS1_TXT_ADH_WITH_AES_256_SHA256                "ADH-AES256-SHA256"
+
+/* TLS v1.2 GCM ciphersuites from RFC5288 */
+# define TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256            "AES128-GCM-SHA256"
+# define TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384            "AES256-GCM-SHA384"
+# define TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256        "DHE-RSA-AES128-GCM-SHA256"
+# define TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384        "DHE-RSA-AES256-GCM-SHA384"
+# define TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256         "DH-RSA-AES128-GCM-SHA256"
+# define TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384         "DH-RSA-AES256-GCM-SHA384"
+# define TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256        "DHE-DSS-AES128-GCM-SHA256"
+# define TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384        "DHE-DSS-AES256-GCM-SHA384"
+# define TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256         "DH-DSS-AES128-GCM-SHA256"
+# define TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384         "DH-DSS-AES256-GCM-SHA384"
+# define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256            "ADH-AES128-GCM-SHA256"
+# define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384            "ADH-AES256-GCM-SHA384"
+
+/* CCM ciphersuites from RFC6655 */
+# define TLS1_TXT_RSA_WITH_AES_128_CCM                   "AES128-CCM"
+# define TLS1_TXT_RSA_WITH_AES_256_CCM                   "AES256-CCM"
+# define TLS1_TXT_DHE_RSA_WITH_AES_128_CCM               "DHE-RSA-AES128-CCM"
+# define TLS1_TXT_DHE_RSA_WITH_AES_256_CCM               "DHE-RSA-AES256-CCM"
+
+# define TLS1_TXT_RSA_WITH_AES_128_CCM_8                 "AES128-CCM8"
+# define TLS1_TXT_RSA_WITH_AES_256_CCM_8                 "AES256-CCM8"
+# define TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8             "DHE-RSA-AES128-CCM8"
+# define TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8             "DHE-RSA-AES256-CCM8"
+
+# define TLS1_TXT_PSK_WITH_AES_128_CCM                   "PSK-AES128-CCM"
+# define TLS1_TXT_PSK_WITH_AES_256_CCM                   "PSK-AES256-CCM"
+# define TLS1_TXT_DHE_PSK_WITH_AES_128_CCM               "DHE-PSK-AES128-CCM"
+# define TLS1_TXT_DHE_PSK_WITH_AES_256_CCM               "DHE-PSK-AES256-CCM"
+
+# define TLS1_TXT_PSK_WITH_AES_128_CCM_8                 "PSK-AES128-CCM8"
+# define TLS1_TXT_PSK_WITH_AES_256_CCM_8                 "PSK-AES256-CCM8"
+# define TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8             "DHE-PSK-AES128-CCM8"
+# define TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8             "DHE-PSK-AES256-CCM8"
+
+/* CCM ciphersuites from RFC7251 */
+# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM       "ECDHE-ECDSA-AES128-CCM"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM       "ECDHE-ECDSA-AES256-CCM"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8     "ECDHE-ECDSA-AES128-CCM8"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8     "ECDHE-ECDSA-AES256-CCM8"
+
+/* ECDH HMAC based ciphersuites from RFC5289 */
+# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256    "ECDHE-ECDSA-AES128-SHA256"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384    "ECDHE-ECDSA-AES256-SHA384"
+# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256     "ECDH-ECDSA-AES128-SHA256"
+# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384     "ECDH-ECDSA-AES256-SHA384"
+# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256      "ECDHE-RSA-AES128-SHA256"
+# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384      "ECDHE-RSA-AES256-SHA384"
+# define TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256       "ECDH-RSA-AES128-SHA256"
+# define TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384       "ECDH-RSA-AES256-SHA384"
+
+/* ECDH GCM based ciphersuites from RFC5289 */
+# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256    "ECDHE-ECDSA-AES128-GCM-SHA256"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384    "ECDHE-ECDSA-AES256-GCM-SHA384"
+# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256     "ECDH-ECDSA-AES128-GCM-SHA256"
+# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384     "ECDH-ECDSA-AES256-GCM-SHA384"
+# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256      "ECDHE-RSA-AES128-GCM-SHA256"
+# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384      "ECDHE-RSA-AES256-GCM-SHA384"
+# define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256       "ECDH-RSA-AES128-GCM-SHA256"
+# define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384       "ECDH-RSA-AES256-GCM-SHA384"
+
+/* TLS v1.2 PSK GCM ciphersuites from RFC5487 */
+# define TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256            "PSK-AES128-GCM-SHA256"
+# define TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384            "PSK-AES256-GCM-SHA384"
+
+/* ECDHE PSK ciphersuites from RFC 5489 */
+# define TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA               "ECDHE-PSK-RC4-SHA"
+# define TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA          "ECDHE-PSK-3DES-EDE-CBC-SHA"
+# define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA           "ECDHE-PSK-AES128-CBC-SHA"
+# define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA           "ECDHE-PSK-AES256-CBC-SHA"
+
+# define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256        "ECDHE-PSK-AES128-CBC-SHA256"
+# define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384        "ECDHE-PSK-AES256-CBC-SHA384"
+
+# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA                  "ECDHE-PSK-NULL-SHA"
+# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256               "ECDHE-PSK-NULL-SHA256"
+# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384               "ECDHE-PSK-NULL-SHA384"
+
+/* Camellia-CBC ciphersuites from RFC6367 */
+# define TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-ECDSA-CAMELLIA128-SHA256"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-ECDSA-CAMELLIA256-SHA384"
+# define TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256  "ECDH-ECDSA-CAMELLIA128-SHA256"
+# define TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384  "ECDH-ECDSA-CAMELLIA256-SHA384"
+# define TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256   "ECDHE-RSA-CAMELLIA128-SHA256"
+# define TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384   "ECDHE-RSA-CAMELLIA256-SHA384"
+# define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256    "ECDH-RSA-CAMELLIA128-SHA256"
+# define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384    "ECDH-RSA-CAMELLIA256-SHA384"
+
+/* draft-ietf-tls-chacha20-poly1305-03 */
+# define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305         "ECDHE-RSA-CHACHA20-POLY1305"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305       "ECDHE-ECDSA-CHACHA20-POLY1305"
+# define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305           "DHE-RSA-CHACHA20-POLY1305"
+# define TLS1_TXT_PSK_WITH_CHACHA20_POLY1305               "PSK-CHACHA20-POLY1305"
+# define TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305         "ECDHE-PSK-CHACHA20-POLY1305"
+# define TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305           "DHE-PSK-CHACHA20-POLY1305"
+# define TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305           "RSA-PSK-CHACHA20-POLY1305"
+
+/* Aria ciphersuites from RFC6209 */
+# define TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256             "ARIA128-GCM-SHA256"
+# define TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384             "ARIA256-GCM-SHA384"
+# define TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256         "DHE-RSA-ARIA128-GCM-SHA256"
+# define TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384         "DHE-RSA-ARIA256-GCM-SHA384"
+# define TLS1_TXT_DH_RSA_WITH_ARIA_128_GCM_SHA256          "DH-RSA-ARIA128-GCM-SHA256"
+# define TLS1_TXT_DH_RSA_WITH_ARIA_256_GCM_SHA384          "DH-RSA-ARIA256-GCM-SHA384"
+# define TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256         "DHE-DSS-ARIA128-GCM-SHA256"
+# define TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384         "DHE-DSS-ARIA256-GCM-SHA384"
+# define TLS1_TXT_DH_DSS_WITH_ARIA_128_GCM_SHA256          "DH-DSS-ARIA128-GCM-SHA256"
+# define TLS1_TXT_DH_DSS_WITH_ARIA_256_GCM_SHA384          "DH-DSS-ARIA256-GCM-SHA384"
+# define TLS1_TXT_DH_anon_WITH_ARIA_128_GCM_SHA256         "ADH-ARIA128-GCM-SHA256"
+# define TLS1_TXT_DH_anon_WITH_ARIA_256_GCM_SHA384         "ADH-ARIA256-GCM-SHA384"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256     "ECDHE-ECDSA-ARIA128-GCM-SHA256"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384     "ECDHE-ECDSA-ARIA256-GCM-SHA384"
+# define TLS1_TXT_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256      "ECDH-ECDSA-ARIA128-GCM-SHA256"
+# define TLS1_TXT_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384      "ECDH-ECDSA-ARIA256-GCM-SHA384"
+# define TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256       "ECDHE-ARIA128-GCM-SHA256"
+# define TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384       "ECDHE-ARIA256-GCM-SHA384"
+# define TLS1_TXT_ECDH_RSA_WITH_ARIA_128_GCM_SHA256        "ECDH-ARIA128-GCM-SHA256"
+# define TLS1_TXT_ECDH_RSA_WITH_ARIA_256_GCM_SHA384        "ECDH-ARIA256-GCM-SHA384"
+# define TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256             "PSK-ARIA128-GCM-SHA256"
+# define TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384             "PSK-ARIA256-GCM-SHA384"
+# define TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256         "DHE-PSK-ARIA128-GCM-SHA256"
+# define TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384         "DHE-PSK-ARIA256-GCM-SHA384"
+# define TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256         "RSA-PSK-ARIA128-GCM-SHA256"
+# define TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384         "RSA-PSK-ARIA256-GCM-SHA384"
+
+# define TLS_CT_RSA_SIGN                 1
+# define TLS_CT_DSS_SIGN                 2
+# define TLS_CT_RSA_FIXED_DH             3
+# define TLS_CT_DSS_FIXED_DH             4
+# define TLS_CT_ECDSA_SIGN               64
+# define TLS_CT_RSA_FIXED_ECDH           65
+# define TLS_CT_ECDSA_FIXED_ECDH         66
+# define TLS_CT_GOST01_SIGN              22
+# define TLS_CT_GOST12_SIGN              238
+# define TLS_CT_GOST12_512_SIGN          239
+
+/*
+ * when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see
+ * comment there)
+ */
+# define TLS_CT_NUMBER                   10
+
+# if defined(SSL3_CT_NUMBER)
+#  if TLS_CT_NUMBER != SSL3_CT_NUMBER
+#    error "SSL/TLS CT_NUMBER values do not match"
+#  endif
+# endif
+
+# define TLS1_FINISH_MAC_LENGTH          12
+
+# define TLS_MD_MAX_CONST_SIZE                   22
+# define TLS_MD_CLIENT_FINISH_CONST              "client finished"
+# define TLS_MD_CLIENT_FINISH_CONST_SIZE         15
+# define TLS_MD_SERVER_FINISH_CONST              "server finished"
+# define TLS_MD_SERVER_FINISH_CONST_SIZE         15
+# define TLS_MD_KEY_EXPANSION_CONST              "key expansion"
+# define TLS_MD_KEY_EXPANSION_CONST_SIZE         13
+# define TLS_MD_CLIENT_WRITE_KEY_CONST           "client write key"
+# define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE      16
+# define TLS_MD_SERVER_WRITE_KEY_CONST           "server write key"
+# define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE      16
+# define TLS_MD_IV_BLOCK_CONST                   "IV block"
+# define TLS_MD_IV_BLOCK_CONST_SIZE              8
+# define TLS_MD_MASTER_SECRET_CONST              "master secret"
+# define TLS_MD_MASTER_SECRET_CONST_SIZE         13
+# define TLS_MD_EXTENDED_MASTER_SECRET_CONST     "extended master secret"
+# define TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE        22
+
+# ifdef CHARSET_EBCDIC
+#  undef TLS_MD_CLIENT_FINISH_CONST
+/*
+ * client finished
+ */
+#  define TLS_MD_CLIENT_FINISH_CONST    "\x63\x6c\x69\x65\x6e\x74\x20\x66\x69\x6e\x69\x73\x68\x65\x64"
+
+#  undef TLS_MD_SERVER_FINISH_CONST
+/*
+ * server finished
+ */
+#  define TLS_MD_SERVER_FINISH_CONST    "\x73\x65\x72\x76\x65\x72\x20\x66\x69\x6e\x69\x73\x68\x65\x64"
+
+#  undef TLS_MD_SERVER_WRITE_KEY_CONST
+/*
+ * server write key
+ */
+#  define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"
+
+#  undef TLS_MD_KEY_EXPANSION_CONST
+/*
+ * key expansion
+ */
+#  define TLS_MD_KEY_EXPANSION_CONST    "\x6b\x65\x79\x20\x65\x78\x70\x61\x6e\x73\x69\x6f\x6e"
+
+#  undef TLS_MD_CLIENT_WRITE_KEY_CONST
+/*
+ * client write key
+ */
+#  define TLS_MD_CLIENT_WRITE_KEY_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"
+
+#  undef TLS_MD_SERVER_WRITE_KEY_CONST
+/*
+ * server write key
+ */
+#  define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"
+
+#  undef TLS_MD_IV_BLOCK_CONST
+/*
+ * IV block
+ */
+#  define TLS_MD_IV_BLOCK_CONST         "\x49\x56\x20\x62\x6c\x6f\x63\x6b"
+
+#  undef TLS_MD_MASTER_SECRET_CONST
+/*
+ * master secret
+ */
+#  define TLS_MD_MASTER_SECRET_CONST    "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74"
+#  undef TLS_MD_EXTENDED_MASTER_SECRET_CONST
+/*
+ * extended master secret
+ */
+#  define TLS_MD_EXTENDED_MASTER_SECRET_CONST    "\x65\x78\x74\x65\x63\x64\x65\x64\x20\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74"
+# endif
+
+/* TLS Session Ticket extension struct */
+struct tls_session_ticket_ext_st {
+    unsigned short length;
+    void *data;
+};
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/ts.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/ts.h
new file mode 100644
index 000000000..3b58aa527
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/ts.h
@@ -0,0 +1,559 @@
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_TS_H
+# define HEADER_TS_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_TS
+# include <openssl/symhacks.h>
+# include <openssl/buffer.h>
+# include <openssl/evp.h>
+# include <openssl/bio.h>
+# include <openssl/asn1.h>
+# include <openssl/safestack.h>
+# include <openssl/rsa.h>
+# include <openssl/dsa.h>
+# include <openssl/dh.h>
+# include <openssl/tserr.h>
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+# include <openssl/x509.h>
+# include <openssl/x509v3.h>
+
+typedef struct TS_msg_imprint_st TS_MSG_IMPRINT;
+typedef struct TS_req_st TS_REQ;
+typedef struct TS_accuracy_st TS_ACCURACY;
+typedef struct TS_tst_info_st TS_TST_INFO;
+
+/* Possible values for status. */
+# define TS_STATUS_GRANTED                       0
+# define TS_STATUS_GRANTED_WITH_MODS             1
+# define TS_STATUS_REJECTION                     2
+# define TS_STATUS_WAITING                       3
+# define TS_STATUS_REVOCATION_WARNING            4
+# define TS_STATUS_REVOCATION_NOTIFICATION       5
+
+/* Possible values for failure_info. */
+# define TS_INFO_BAD_ALG                 0
+# define TS_INFO_BAD_REQUEST             2
+# define TS_INFO_BAD_DATA_FORMAT         5
+# define TS_INFO_TIME_NOT_AVAILABLE      14
+# define TS_INFO_UNACCEPTED_POLICY       15
+# define TS_INFO_UNACCEPTED_EXTENSION    16
+# define TS_INFO_ADD_INFO_NOT_AVAILABLE  17
+# define TS_INFO_SYSTEM_FAILURE          25
+
+
+typedef struct TS_status_info_st TS_STATUS_INFO;
+typedef struct ESS_issuer_serial ESS_ISSUER_SERIAL;
+typedef struct ESS_cert_id ESS_CERT_ID;
+typedef struct ESS_signing_cert ESS_SIGNING_CERT;
+
+DEFINE_STACK_OF(ESS_CERT_ID)
+
+typedef struct ESS_cert_id_v2_st ESS_CERT_ID_V2;
+typedef struct ESS_signing_cert_v2_st ESS_SIGNING_CERT_V2;
+
+DEFINE_STACK_OF(ESS_CERT_ID_V2)
+
+typedef struct TS_resp_st TS_RESP;
+
+TS_REQ *TS_REQ_new(void);
+void TS_REQ_free(TS_REQ *a);
+int i2d_TS_REQ(const TS_REQ *a, unsigned char **pp);
+TS_REQ *d2i_TS_REQ(TS_REQ **a, const unsigned char **pp, long length);
+
+TS_REQ *TS_REQ_dup(TS_REQ *a);
+
+#ifndef OPENSSL_NO_STDIO
+TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a);
+int i2d_TS_REQ_fp(FILE *fp, TS_REQ *a);
+#endif
+TS_REQ *d2i_TS_REQ_bio(BIO *fp, TS_REQ **a);
+int i2d_TS_REQ_bio(BIO *fp, TS_REQ *a);
+
+TS_MSG_IMPRINT *TS_MSG_IMPRINT_new(void);
+void TS_MSG_IMPRINT_free(TS_MSG_IMPRINT *a);
+int i2d_TS_MSG_IMPRINT(const TS_MSG_IMPRINT *a, unsigned char **pp);
+TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT(TS_MSG_IMPRINT **a,
+                                   const unsigned char **pp, long length);
+
+TS_MSG_IMPRINT *TS_MSG_IMPRINT_dup(TS_MSG_IMPRINT *a);
+
+#ifndef OPENSSL_NO_STDIO
+TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a);
+int i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a);
+#endif
+TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *bio, TS_MSG_IMPRINT **a);
+int i2d_TS_MSG_IMPRINT_bio(BIO *bio, TS_MSG_IMPRINT *a);
+
+TS_RESP *TS_RESP_new(void);
+void TS_RESP_free(TS_RESP *a);
+int i2d_TS_RESP(const TS_RESP *a, unsigned char **pp);
+TS_RESP *d2i_TS_RESP(TS_RESP **a, const unsigned char **pp, long length);
+TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token);
+TS_RESP *TS_RESP_dup(TS_RESP *a);
+
+#ifndef OPENSSL_NO_STDIO
+TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a);
+int i2d_TS_RESP_fp(FILE *fp, TS_RESP *a);
+#endif
+TS_RESP *d2i_TS_RESP_bio(BIO *bio, TS_RESP **a);
+int i2d_TS_RESP_bio(BIO *bio, TS_RESP *a);
+
+TS_STATUS_INFO *TS_STATUS_INFO_new(void);
+void TS_STATUS_INFO_free(TS_STATUS_INFO *a);
+int i2d_TS_STATUS_INFO(const TS_STATUS_INFO *a, unsigned char **pp);
+TS_STATUS_INFO *d2i_TS_STATUS_INFO(TS_STATUS_INFO **a,
+                                   const unsigned char **pp, long length);
+TS_STATUS_INFO *TS_STATUS_INFO_dup(TS_STATUS_INFO *a);
+
+TS_TST_INFO *TS_TST_INFO_new(void);
+void TS_TST_INFO_free(TS_TST_INFO *a);
+int i2d_TS_TST_INFO(const TS_TST_INFO *a, unsigned char **pp);
+TS_TST_INFO *d2i_TS_TST_INFO(TS_TST_INFO **a, const unsigned char **pp,
+                             long length);
+TS_TST_INFO *TS_TST_INFO_dup(TS_TST_INFO *a);
+
+#ifndef OPENSSL_NO_STDIO
+TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a);
+int i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a);
+#endif
+TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *bio, TS_TST_INFO **a);
+int i2d_TS_TST_INFO_bio(BIO *bio, TS_TST_INFO *a);
+
+TS_ACCURACY *TS_ACCURACY_new(void);
+void TS_ACCURACY_free(TS_ACCURACY *a);
+int i2d_TS_ACCURACY(const TS_ACCURACY *a, unsigned char **pp);
+TS_ACCURACY *d2i_TS_ACCURACY(TS_ACCURACY **a, const unsigned char **pp,
+                             long length);
+TS_ACCURACY *TS_ACCURACY_dup(TS_ACCURACY *a);
+
+ESS_ISSUER_SERIAL *ESS_ISSUER_SERIAL_new(void);
+void ESS_ISSUER_SERIAL_free(ESS_ISSUER_SERIAL *a);
+int i2d_ESS_ISSUER_SERIAL(const ESS_ISSUER_SERIAL *a, unsigned char **pp);
+ESS_ISSUER_SERIAL *d2i_ESS_ISSUER_SERIAL(ESS_ISSUER_SERIAL **a,
+                                         const unsigned char **pp,
+                                         long length);
+ESS_ISSUER_SERIAL *ESS_ISSUER_SERIAL_dup(ESS_ISSUER_SERIAL *a);
+
+ESS_CERT_ID *ESS_CERT_ID_new(void);
+void ESS_CERT_ID_free(ESS_CERT_ID *a);
+int i2d_ESS_CERT_ID(const ESS_CERT_ID *a, unsigned char **pp);
+ESS_CERT_ID *d2i_ESS_CERT_ID(ESS_CERT_ID **a, const unsigned char **pp,
+                             long length);
+ESS_CERT_ID *ESS_CERT_ID_dup(ESS_CERT_ID *a);
+
+ESS_SIGNING_CERT *ESS_SIGNING_CERT_new(void);
+void ESS_SIGNING_CERT_free(ESS_SIGNING_CERT *a);
+int i2d_ESS_SIGNING_CERT(const ESS_SIGNING_CERT *a, unsigned char **pp);
+ESS_SIGNING_CERT *d2i_ESS_SIGNING_CERT(ESS_SIGNING_CERT **a,
+                                       const unsigned char **pp, long length);
+ESS_SIGNING_CERT *ESS_SIGNING_CERT_dup(ESS_SIGNING_CERT *a);
+
+ESS_CERT_ID_V2 *ESS_CERT_ID_V2_new(void);
+void ESS_CERT_ID_V2_free(ESS_CERT_ID_V2 *a);
+int i2d_ESS_CERT_ID_V2(const ESS_CERT_ID_V2 *a, unsigned char **pp);
+ESS_CERT_ID_V2 *d2i_ESS_CERT_ID_V2(ESS_CERT_ID_V2 **a,
+                                   const unsigned char **pp, long length);
+ESS_CERT_ID_V2 *ESS_CERT_ID_V2_dup(ESS_CERT_ID_V2 *a);
+
+ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_new(void);
+void ESS_SIGNING_CERT_V2_free(ESS_SIGNING_CERT_V2 *a);
+int i2d_ESS_SIGNING_CERT_V2(const ESS_SIGNING_CERT_V2 *a, unsigned char **pp);
+ESS_SIGNING_CERT_V2 *d2i_ESS_SIGNING_CERT_V2(ESS_SIGNING_CERT_V2 **a,
+                                             const unsigned char **pp,
+                                             long length);
+ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_dup(ESS_SIGNING_CERT_V2 *a);
+
+int TS_REQ_set_version(TS_REQ *a, long version);
+long TS_REQ_get_version(const TS_REQ *a);
+
+int TS_STATUS_INFO_set_status(TS_STATUS_INFO *a, int i);
+const ASN1_INTEGER *TS_STATUS_INFO_get0_status(const TS_STATUS_INFO *a);
+
+const STACK_OF(ASN1_UTF8STRING) *
+TS_STATUS_INFO_get0_text(const TS_STATUS_INFO *a);
+
+const ASN1_BIT_STRING *
+TS_STATUS_INFO_get0_failure_info(const TS_STATUS_INFO *a);
+
+int TS_REQ_set_msg_imprint(TS_REQ *a, TS_MSG_IMPRINT *msg_imprint);
+TS_MSG_IMPRINT *TS_REQ_get_msg_imprint(TS_REQ *a);
+
+int TS_MSG_IMPRINT_set_algo(TS_MSG_IMPRINT *a, X509_ALGOR *alg);
+X509_ALGOR *TS_MSG_IMPRINT_get_algo(TS_MSG_IMPRINT *a);
+
+int TS_MSG_IMPRINT_set_msg(TS_MSG_IMPRINT *a, unsigned char *d, int len);
+ASN1_OCTET_STRING *TS_MSG_IMPRINT_get_msg(TS_MSG_IMPRINT *a);
+
+int TS_REQ_set_policy_id(TS_REQ *a, const ASN1_OBJECT *policy);
+ASN1_OBJECT *TS_REQ_get_policy_id(TS_REQ *a);
+
+int TS_REQ_set_nonce(TS_REQ *a, const ASN1_INTEGER *nonce);
+const ASN1_INTEGER *TS_REQ_get_nonce(const TS_REQ *a);
+
+int TS_REQ_set_cert_req(TS_REQ *a, int cert_req);
+int TS_REQ_get_cert_req(const TS_REQ *a);
+
+STACK_OF(X509_EXTENSION) *TS_REQ_get_exts(TS_REQ *a);
+void TS_REQ_ext_free(TS_REQ *a);
+int TS_REQ_get_ext_count(TS_REQ *a);
+int TS_REQ_get_ext_by_NID(TS_REQ *a, int nid, int lastpos);
+int TS_REQ_get_ext_by_OBJ(TS_REQ *a, const ASN1_OBJECT *obj, int lastpos);
+int TS_REQ_get_ext_by_critical(TS_REQ *a, int crit, int lastpos);
+X509_EXTENSION *TS_REQ_get_ext(TS_REQ *a, int loc);
+X509_EXTENSION *TS_REQ_delete_ext(TS_REQ *a, int loc);
+int TS_REQ_add_ext(TS_REQ *a, X509_EXTENSION *ex, int loc);
+void *TS_REQ_get_ext_d2i(TS_REQ *a, int nid, int *crit, int *idx);
+
+/* Function declarations for TS_REQ defined in ts/ts_req_print.c */
+
+int TS_REQ_print_bio(BIO *bio, TS_REQ *a);
+
+/* Function declarations for TS_RESP defined in ts/ts_resp_utils.c */
+
+int TS_RESP_set_status_info(TS_RESP *a, TS_STATUS_INFO *info);
+TS_STATUS_INFO *TS_RESP_get_status_info(TS_RESP *a);
+
+/* Caller loses ownership of PKCS7 and TS_TST_INFO objects. */
+void TS_RESP_set_tst_info(TS_RESP *a, PKCS7 *p7, TS_TST_INFO *tst_info);
+PKCS7 *TS_RESP_get_token(TS_RESP *a);
+TS_TST_INFO *TS_RESP_get_tst_info(TS_RESP *a);
+
+int TS_TST_INFO_set_version(TS_TST_INFO *a, long version);
+long TS_TST_INFO_get_version(const TS_TST_INFO *a);
+
+int TS_TST_INFO_set_policy_id(TS_TST_INFO *a, ASN1_OBJECT *policy_id);
+ASN1_OBJECT *TS_TST_INFO_get_policy_id(TS_TST_INFO *a);
+
+int TS_TST_INFO_set_msg_imprint(TS_TST_INFO *a, TS_MSG_IMPRINT *msg_imprint);
+TS_MSG_IMPRINT *TS_TST_INFO_get_msg_imprint(TS_TST_INFO *a);
+
+int TS_TST_INFO_set_serial(TS_TST_INFO *a, const ASN1_INTEGER *serial);
+const ASN1_INTEGER *TS_TST_INFO_get_serial(const TS_TST_INFO *a);
+
+int TS_TST_INFO_set_time(TS_TST_INFO *a, const ASN1_GENERALIZEDTIME *gtime);
+const ASN1_GENERALIZEDTIME *TS_TST_INFO_get_time(const TS_TST_INFO *a);
+
+int TS_TST_INFO_set_accuracy(TS_TST_INFO *a, TS_ACCURACY *accuracy);
+TS_ACCURACY *TS_TST_INFO_get_accuracy(TS_TST_INFO *a);
+
+int TS_ACCURACY_set_seconds(TS_ACCURACY *a, const ASN1_INTEGER *seconds);
+const ASN1_INTEGER *TS_ACCURACY_get_seconds(const TS_ACCURACY *a);
+
+int TS_ACCURACY_set_millis(TS_ACCURACY *a, const ASN1_INTEGER *millis);
+const ASN1_INTEGER *TS_ACCURACY_get_millis(const TS_ACCURACY *a);
+
+int TS_ACCURACY_set_micros(TS_ACCURACY *a, const ASN1_INTEGER *micros);
+const ASN1_INTEGER *TS_ACCURACY_get_micros(const TS_ACCURACY *a);
+
+int TS_TST_INFO_set_ordering(TS_TST_INFO *a, int ordering);
+int TS_TST_INFO_get_ordering(const TS_TST_INFO *a);
+
+int TS_TST_INFO_set_nonce(TS_TST_INFO *a, const ASN1_INTEGER *nonce);
+const ASN1_INTEGER *TS_TST_INFO_get_nonce(const TS_TST_INFO *a);
+
+int TS_TST_INFO_set_tsa(TS_TST_INFO *a, GENERAL_NAME *tsa);
+GENERAL_NAME *TS_TST_INFO_get_tsa(TS_TST_INFO *a);
+
+STACK_OF(X509_EXTENSION) *TS_TST_INFO_get_exts(TS_TST_INFO *a);
+void TS_TST_INFO_ext_free(TS_TST_INFO *a);
+int TS_TST_INFO_get_ext_count(TS_TST_INFO *a);
+int TS_TST_INFO_get_ext_by_NID(TS_TST_INFO *a, int nid, int lastpos);
+int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, const ASN1_OBJECT *obj,
+                               int lastpos);
+int TS_TST_INFO_get_ext_by_critical(TS_TST_INFO *a, int crit, int lastpos);
+X509_EXTENSION *TS_TST_INFO_get_ext(TS_TST_INFO *a, int loc);
+X509_EXTENSION *TS_TST_INFO_delete_ext(TS_TST_INFO *a, int loc);
+int TS_TST_INFO_add_ext(TS_TST_INFO *a, X509_EXTENSION *ex, int loc);
+void *TS_TST_INFO_get_ext_d2i(TS_TST_INFO *a, int nid, int *crit, int *idx);
+
+/*
+ * Declarations related to response generation, defined in ts/ts_resp_sign.c.
+ */
+
+/* Optional flags for response generation. */
+
+/* Don't include the TSA name in response. */
+# define TS_TSA_NAME             0x01
+
+/* Set ordering to true in response. */
+# define TS_ORDERING             0x02
+
+/*
+ * Include the signer certificate and the other specified certificates in
+ * the ESS signing certificate attribute beside the PKCS7 signed data.
+ * Only the signer certificates is included by default.
+ */
+# define TS_ESS_CERT_ID_CHAIN    0x04
+
+/* Forward declaration. */
+struct TS_resp_ctx;
+
+/* This must return a unique number less than 160 bits long. */
+typedef ASN1_INTEGER *(*TS_serial_cb) (struct TS_resp_ctx *, void *);
+
+/*
+ * This must return the seconds and microseconds since Jan 1, 1970 in the sec
+ * and usec variables allocated by the caller. Return non-zero for success
+ * and zero for failure.
+ */
+typedef int (*TS_time_cb) (struct TS_resp_ctx *, void *, long *sec,
+                           long *usec);
+
+/*
+ * This must process the given extension. It can modify the TS_TST_INFO
+ * object of the context. Return values: !0 (processed), 0 (error, it must
+ * set the status info/failure info of the response).
+ */
+typedef int (*TS_extension_cb) (struct TS_resp_ctx *, X509_EXTENSION *,
+                                void *);
+
+typedef struct TS_resp_ctx TS_RESP_CTX;
+
+DEFINE_STACK_OF_CONST(EVP_MD)
+
+/* Creates a response context that can be used for generating responses. */
+TS_RESP_CTX *TS_RESP_CTX_new(void);
+void TS_RESP_CTX_free(TS_RESP_CTX *ctx);
+
+/* This parameter must be set. */
+int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer);
+
+/* This parameter must be set. */
+int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key);
+
+int TS_RESP_CTX_set_signer_digest(TS_RESP_CTX *ctx,
+                                  const EVP_MD *signer_digest);
+int TS_RESP_CTX_set_ess_cert_id_digest(TS_RESP_CTX *ctx, const EVP_MD *md);
+
+/* This parameter must be set. */
+int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *def_policy);
+
+/* No additional certs are included in the response by default. */
+int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs);
+
+/*
+ * Adds a new acceptable policy, only the default policy is accepted by
+ * default.
+ */
+int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *policy);
+
+/*
+ * Adds a new acceptable message digest. Note that no message digests are
+ * accepted by default. The md argument is shared with the caller.
+ */
+int TS_RESP_CTX_add_md(TS_RESP_CTX *ctx, const EVP_MD *md);
+
+/* Accuracy is not included by default. */
+int TS_RESP_CTX_set_accuracy(TS_RESP_CTX *ctx,
+                             int secs, int millis, int micros);
+
+/*
+ * Clock precision digits, i.e. the number of decimal digits: '0' means sec,
+ * '3' msec, '6' usec, and so on. Default is 0.
+ */
+int TS_RESP_CTX_set_clock_precision_digits(TS_RESP_CTX *ctx,
+                                           unsigned clock_precision_digits);
+/* At most we accept usec precision. */
+# define TS_MAX_CLOCK_PRECISION_DIGITS   6
+
+/* Maximum status message length */
+# define TS_MAX_STATUS_LENGTH   (1024 * 1024)
+
+/* No flags are set by default. */
+void TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags);
+
+/* Default callback always returns a constant. */
+void TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data);
+
+/* Default callback uses the gettimeofday() and gmtime() system calls. */
+void TS_RESP_CTX_set_time_cb(TS_RESP_CTX *ctx, TS_time_cb cb, void *data);
+
+/*
+ * Default callback rejects all extensions. The extension callback is called
+ * when the TS_TST_INFO object is already set up and not signed yet.
+ */
+/* FIXME: extension handling is not tested yet. */
+void TS_RESP_CTX_set_extension_cb(TS_RESP_CTX *ctx,
+                                  TS_extension_cb cb, void *data);
+
+/* The following methods can be used in the callbacks. */
+int TS_RESP_CTX_set_status_info(TS_RESP_CTX *ctx,
+                                int status, const char *text);
+
+/* Sets the status info only if it is still TS_STATUS_GRANTED. */
+int TS_RESP_CTX_set_status_info_cond(TS_RESP_CTX *ctx,
+                                     int status, const char *text);
+
+int TS_RESP_CTX_add_failure_info(TS_RESP_CTX *ctx, int failure);
+
+/* The get methods below can be used in the extension callback. */
+TS_REQ *TS_RESP_CTX_get_request(TS_RESP_CTX *ctx);
+
+TS_TST_INFO *TS_RESP_CTX_get_tst_info(TS_RESP_CTX *ctx);
+
+/*
+ * Creates the signed TS_TST_INFO and puts it in TS_RESP.
+ * In case of errors it sets the status info properly.
+ * Returns NULL only in case of memory allocation/fatal error.
+ */
+TS_RESP *TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio);
+
+/*
+ * Declarations related to response verification,
+ * they are defined in ts/ts_resp_verify.c.
+ */
+
+int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs,
+                             X509_STORE *store, X509 **signer_out);
+
+/* Context structure for the generic verify method. */
+
+/* Verify the signer's certificate and the signature of the response. */
+# define TS_VFY_SIGNATURE        (1u << 0)
+/* Verify the version number of the response. */
+# define TS_VFY_VERSION          (1u << 1)
+/* Verify if the policy supplied by the user matches the policy of the TSA. */
+# define TS_VFY_POLICY           (1u << 2)
+/*
+ * Verify the message imprint provided by the user. This flag should not be
+ * specified with TS_VFY_DATA.
+ */
+# define TS_VFY_IMPRINT          (1u << 3)
+/*
+ * Verify the message imprint computed by the verify method from the user
+ * provided data and the MD algorithm of the response. This flag should not
+ * be specified with TS_VFY_IMPRINT.
+ */
+# define TS_VFY_DATA             (1u << 4)
+/* Verify the nonce value. */
+# define TS_VFY_NONCE            (1u << 5)
+/* Verify if the TSA name field matches the signer certificate. */
+# define TS_VFY_SIGNER           (1u << 6)
+/* Verify if the TSA name field equals to the user provided name. */
+# define TS_VFY_TSA_NAME         (1u << 7)
+
+/* You can use the following convenience constants. */
+# define TS_VFY_ALL_IMPRINT      (TS_VFY_SIGNATURE       \
+                                 | TS_VFY_VERSION       \
+                                 | TS_VFY_POLICY        \
+                                 | TS_VFY_IMPRINT       \
+                                 | TS_VFY_NONCE         \
+                                 | TS_VFY_SIGNER        \
+                                 | TS_VFY_TSA_NAME)
+# define TS_VFY_ALL_DATA         (TS_VFY_SIGNATURE       \
+                                 | TS_VFY_VERSION       \
+                                 | TS_VFY_POLICY        \
+                                 | TS_VFY_DATA          \
+                                 | TS_VFY_NONCE         \
+                                 | TS_VFY_SIGNER        \
+                                 | TS_VFY_TSA_NAME)
+
+typedef struct TS_verify_ctx TS_VERIFY_CTX;
+
+int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response);
+int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token);
+
+/*
+ * Declarations related to response verification context,
+ */
+TS_VERIFY_CTX *TS_VERIFY_CTX_new(void);
+void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx);
+void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx);
+void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx);
+int TS_VERIFY_CTX_set_flags(TS_VERIFY_CTX *ctx, int f);
+int TS_VERIFY_CTX_add_flags(TS_VERIFY_CTX *ctx, int f);
+BIO *TS_VERIFY_CTX_set_data(TS_VERIFY_CTX *ctx, BIO *b);
+unsigned char *TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx,
+                                         unsigned char *hexstr, long len);
+X509_STORE *TS_VERIFY_CTX_set_store(TS_VERIFY_CTX *ctx, X509_STORE *s);
+STACK_OF(X509) *TS_VERIFY_CTS_set_certs(TS_VERIFY_CTX *ctx, STACK_OF(X509) *certs);
+
+/*-
+ * If ctx is NULL, it allocates and returns a new object, otherwise
+ * it returns ctx. It initialises all the members as follows:
+ * flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE)
+ * certs = NULL
+ * store = NULL
+ * policy = policy from the request or NULL if absent (in this case
+ *      TS_VFY_POLICY is cleared from flags as well)
+ * md_alg = MD algorithm from request
+ * imprint, imprint_len = imprint from request
+ * data = NULL
+ * nonce, nonce_len = nonce from the request or NULL if absent (in this case
+ *      TS_VFY_NONCE is cleared from flags as well)
+ * tsa_name = NULL
+ * Important: after calling this method TS_VFY_SIGNATURE should be added!
+ */
+TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx);
+
+/* Function declarations for TS_RESP defined in ts/ts_resp_print.c */
+
+int TS_RESP_print_bio(BIO *bio, TS_RESP *a);
+int TS_STATUS_INFO_print_bio(BIO *bio, TS_STATUS_INFO *a);
+int TS_TST_INFO_print_bio(BIO *bio, TS_TST_INFO *a);
+
+/* Common utility functions defined in ts/ts_lib.c */
+
+int TS_ASN1_INTEGER_print_bio(BIO *bio, const ASN1_INTEGER *num);
+int TS_OBJ_print_bio(BIO *bio, const ASN1_OBJECT *obj);
+int TS_ext_print_bio(BIO *bio, const STACK_OF(X509_EXTENSION) *extensions);
+int TS_X509_ALGOR_print_bio(BIO *bio, const X509_ALGOR *alg);
+int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *msg);
+
+/*
+ * Function declarations for handling configuration options, defined in
+ * ts/ts_conf.c
+ */
+
+X509 *TS_CONF_load_cert(const char *file);
+STACK_OF(X509) *TS_CONF_load_certs(const char *file);
+EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass);
+const char *TS_CONF_get_tsa_section(CONF *conf, const char *section);
+int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb,
+                       TS_RESP_CTX *ctx);
+#ifndef OPENSSL_NO_ENGINE
+int TS_CONF_set_crypto_device(CONF *conf, const char *section,
+                              const char *device);
+int TS_CONF_set_default_engine(const char *name);
+#endif
+int TS_CONF_set_signer_cert(CONF *conf, const char *section,
+                            const char *cert, TS_RESP_CTX *ctx);
+int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs,
+                      TS_RESP_CTX *ctx);
+int TS_CONF_set_signer_key(CONF *conf, const char *section,
+                           const char *key, const char *pass,
+                           TS_RESP_CTX *ctx);
+int TS_CONF_set_signer_digest(CONF *conf, const char *section,
+                               const char *md, TS_RESP_CTX *ctx);
+int TS_CONF_set_def_policy(CONF *conf, const char *section,
+                           const char *policy, TS_RESP_CTX *ctx);
+int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx);
+int TS_CONF_set_digests(CONF *conf, const char *section, TS_RESP_CTX *ctx);
+int TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx);
+int TS_CONF_set_clock_precision_digits(CONF *conf, const char *section,
+                                       TS_RESP_CTX *ctx);
+int TS_CONF_set_ordering(CONF *conf, const char *section, TS_RESP_CTX *ctx);
+int TS_CONF_set_tsa_name(CONF *conf, const char *section, TS_RESP_CTX *ctx);
+int TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section,
+                                  TS_RESP_CTX *ctx);
+int TS_CONF_set_ess_cert_id_digest(CONF *conf, const char *section,
+                                      TS_RESP_CTX *ctx);
+
+#  ifdef  __cplusplus
+}
+#  endif
+# endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/tserr.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/tserr.h
new file mode 100644
index 000000000..3e0492565
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/tserr.h
@@ -0,0 +1,128 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_TSERR_H
+# define HEADER_TSERR_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_TS
+
+#  ifdef  __cplusplus
+extern "C"
+#  endif
+int ERR_load_TS_strings(void);
+
+/*
+ * TS function codes.
+ */
+#  define TS_F_DEF_SERIAL_CB                               110
+#  define TS_F_DEF_TIME_CB                                 111
+#  define TS_F_ESS_ADD_SIGNING_CERT                        112
+#  define TS_F_ESS_ADD_SIGNING_CERT_V2                     147
+#  define TS_F_ESS_CERT_ID_NEW_INIT                        113
+#  define TS_F_ESS_CERT_ID_V2_NEW_INIT                     156
+#  define TS_F_ESS_SIGNING_CERT_NEW_INIT                   114
+#  define TS_F_ESS_SIGNING_CERT_V2_NEW_INIT                157
+#  define TS_F_INT_TS_RESP_VERIFY_TOKEN                    149
+#  define TS_F_PKCS7_TO_TS_TST_INFO                        148
+#  define TS_F_TS_ACCURACY_SET_MICROS                      115
+#  define TS_F_TS_ACCURACY_SET_MILLIS                      116
+#  define TS_F_TS_ACCURACY_SET_SECONDS                     117
+#  define TS_F_TS_CHECK_IMPRINTS                           100
+#  define TS_F_TS_CHECK_NONCES                             101
+#  define TS_F_TS_CHECK_POLICY                             102
+#  define TS_F_TS_CHECK_SIGNING_CERTS                      103
+#  define TS_F_TS_CHECK_STATUS_INFO                        104
+#  define TS_F_TS_COMPUTE_IMPRINT                          145
+#  define TS_F_TS_CONF_INVALID                             151
+#  define TS_F_TS_CONF_LOAD_CERT                           153
+#  define TS_F_TS_CONF_LOAD_CERTS                          154
+#  define TS_F_TS_CONF_LOAD_KEY                            155
+#  define TS_F_TS_CONF_LOOKUP_FAIL                         152
+#  define TS_F_TS_CONF_SET_DEFAULT_ENGINE                  146
+#  define TS_F_TS_GET_STATUS_TEXT                          105
+#  define TS_F_TS_MSG_IMPRINT_SET_ALGO                     118
+#  define TS_F_TS_REQ_SET_MSG_IMPRINT                      119
+#  define TS_F_TS_REQ_SET_NONCE                            120
+#  define TS_F_TS_REQ_SET_POLICY_ID                        121
+#  define TS_F_TS_RESP_CREATE_RESPONSE                     122
+#  define TS_F_TS_RESP_CREATE_TST_INFO                     123
+#  define TS_F_TS_RESP_CTX_ADD_FAILURE_INFO                124
+#  define TS_F_TS_RESP_CTX_ADD_MD                          125
+#  define TS_F_TS_RESP_CTX_ADD_POLICY                      126
+#  define TS_F_TS_RESP_CTX_NEW                             127
+#  define TS_F_TS_RESP_CTX_SET_ACCURACY                    128
+#  define TS_F_TS_RESP_CTX_SET_CERTS                       129
+#  define TS_F_TS_RESP_CTX_SET_DEF_POLICY                  130
+#  define TS_F_TS_RESP_CTX_SET_SIGNER_CERT                 131
+#  define TS_F_TS_RESP_CTX_SET_STATUS_INFO                 132
+#  define TS_F_TS_RESP_GET_POLICY                          133
+#  define TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION          134
+#  define TS_F_TS_RESP_SET_STATUS_INFO                     135
+#  define TS_F_TS_RESP_SET_TST_INFO                        150
+#  define TS_F_TS_RESP_SIGN                                136
+#  define TS_F_TS_RESP_VERIFY_SIGNATURE                    106
+#  define TS_F_TS_TST_INFO_SET_ACCURACY                    137
+#  define TS_F_TS_TST_INFO_SET_MSG_IMPRINT                 138
+#  define TS_F_TS_TST_INFO_SET_NONCE                       139
+#  define TS_F_TS_TST_INFO_SET_POLICY_ID                   140
+#  define TS_F_TS_TST_INFO_SET_SERIAL                      141
+#  define TS_F_TS_TST_INFO_SET_TIME                        142
+#  define TS_F_TS_TST_INFO_SET_TSA                         143
+#  define TS_F_TS_VERIFY                                   108
+#  define TS_F_TS_VERIFY_CERT                              109
+#  define TS_F_TS_VERIFY_CTX_NEW                           144
+
+/*
+ * TS reason codes.
+ */
+#  define TS_R_BAD_PKCS7_TYPE                              132
+#  define TS_R_BAD_TYPE                                    133
+#  define TS_R_CANNOT_LOAD_CERT                            137
+#  define TS_R_CANNOT_LOAD_KEY                             138
+#  define TS_R_CERTIFICATE_VERIFY_ERROR                    100
+#  define TS_R_COULD_NOT_SET_ENGINE                        127
+#  define TS_R_COULD_NOT_SET_TIME                          115
+#  define TS_R_DETACHED_CONTENT                            134
+#  define TS_R_ESS_ADD_SIGNING_CERT_ERROR                  116
+#  define TS_R_ESS_ADD_SIGNING_CERT_V2_ERROR               139
+#  define TS_R_ESS_SIGNING_CERTIFICATE_ERROR               101
+#  define TS_R_INVALID_NULL_POINTER                        102
+#  define TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE          117
+#  define TS_R_MESSAGE_IMPRINT_MISMATCH                    103
+#  define TS_R_NONCE_MISMATCH                              104
+#  define TS_R_NONCE_NOT_RETURNED                          105
+#  define TS_R_NO_CONTENT                                  106
+#  define TS_R_NO_TIME_STAMP_TOKEN                         107
+#  define TS_R_PKCS7_ADD_SIGNATURE_ERROR                   118
+#  define TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR                 119
+#  define TS_R_PKCS7_TO_TS_TST_INFO_FAILED                 129
+#  define TS_R_POLICY_MISMATCH                             108
+#  define TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE      120
+#  define TS_R_RESPONSE_SETUP_ERROR                        121
+#  define TS_R_SIGNATURE_FAILURE                           109
+#  define TS_R_THERE_MUST_BE_ONE_SIGNER                    110
+#  define TS_R_TIME_SYSCALL_ERROR                          122
+#  define TS_R_TOKEN_NOT_PRESENT                           130
+#  define TS_R_TOKEN_PRESENT                               131
+#  define TS_R_TSA_NAME_MISMATCH                           111
+#  define TS_R_TSA_UNTRUSTED                               112
+#  define TS_R_TST_INFO_SETUP_ERROR                        123
+#  define TS_R_TS_DATASIGN                                 124
+#  define TS_R_UNACCEPTABLE_POLICY                         125
+#  define TS_R_UNSUPPORTED_MD_ALGORITHM                    126
+#  define TS_R_UNSUPPORTED_VERSION                         113
+#  define TS_R_VAR_BAD_VALUE                               135
+#  define TS_R_VAR_LOOKUP_FAILURE                          136
+#  define TS_R_WRONG_CONTENT_TYPE                          114
+
+# endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/txt_db.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/txt_db.h
new file mode 100644
index 000000000..ec981a439
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/txt_db.h
@@ -0,0 +1,57 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_TXT_DB_H
+# define HEADER_TXT_DB_H
+
+# include <openssl/opensslconf.h>
+# include <openssl/bio.h>
+# include <openssl/safestack.h>
+# include <openssl/lhash.h>
+
+# define DB_ERROR_OK                     0
+# define DB_ERROR_MALLOC                 1
+# define DB_ERROR_INDEX_CLASH            2
+# define DB_ERROR_INDEX_OUT_OF_RANGE     3
+# define DB_ERROR_NO_INDEX               4
+# define DB_ERROR_INSERT_INDEX_CLASH     5
+# define DB_ERROR_WRONG_NUM_FIELDS       6
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+typedef OPENSSL_STRING *OPENSSL_PSTRING;
+DEFINE_SPECIAL_STACK_OF(OPENSSL_PSTRING, OPENSSL_STRING)
+
+typedef struct txt_db_st {
+    int num_fields;
+    STACK_OF(OPENSSL_PSTRING) *data;
+    LHASH_OF(OPENSSL_STRING) **index;
+    int (**qual) (OPENSSL_STRING *);
+    long error;
+    long arg1;
+    long arg2;
+    OPENSSL_STRING *arg_row;
+} TXT_DB;
+
+TXT_DB *TXT_DB_read(BIO *in, int num);
+long TXT_DB_write(BIO *out, TXT_DB *db);
+int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *),
+                        OPENSSL_LH_HASHFUNC hash, OPENSSL_LH_COMPFUNC cmp);
+void TXT_DB_free(TXT_DB *db);
+OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx,
+                                    OPENSSL_STRING *value);
+int TXT_DB_insert(TXT_DB *db, OPENSSL_STRING *value);
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/ui.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/ui.h
new file mode 100644
index 000000000..7c721ec81
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/ui.h
@@ -0,0 +1,368 @@
+/*
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_UI_H
+# define HEADER_UI_H
+
+# include <openssl/opensslconf.h>
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  include <openssl/crypto.h>
+# endif
+# include <openssl/safestack.h>
+# include <openssl/pem.h>
+# include <openssl/ossl_typ.h>
+# include <openssl/uierr.h>
+
+/* For compatibility reasons, the macro OPENSSL_NO_UI is currently retained */
+# if OPENSSL_API_COMPAT < 0x10200000L
+#  ifdef OPENSSL_NO_UI_CONSOLE
+#   define OPENSSL_NO_UI
+#  endif
+# endif
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+/*
+ * All the following functions return -1 or NULL on error and in some cases
+ * (UI_process()) -2 if interrupted or in some other way cancelled. When
+ * everything is fine, they return 0, a positive value or a non-NULL pointer,
+ * all depending on their purpose.
+ */
+
+/* Creators and destructor.   */
+UI *UI_new(void);
+UI *UI_new_method(const UI_METHOD *method);
+void UI_free(UI *ui);
+
+/*-
+   The following functions are used to add strings to be printed and prompt
+   strings to prompt for data.  The names are UI_{add,dup}_<function>_string
+   and UI_{add,dup}_input_boolean.
+
+   UI_{add,dup}_<function>_string have the following meanings:
+        add     add a text or prompt string.  The pointers given to these
+                functions are used verbatim, no copying is done.
+        dup     make a copy of the text or prompt string, then add the copy
+                to the collection of strings in the user interface.
+        <function>
+                The function is a name for the functionality that the given
+                string shall be used for.  It can be one of:
+                        input   use the string as data prompt.
+                        verify  use the string as verification prompt.  This
+                                is used to verify a previous input.
+                        info    use the string for informational output.
+                        error   use the string for error output.
+   Honestly, there's currently no difference between info and error for the
+   moment.
+
+   UI_{add,dup}_input_boolean have the same semantics for "add" and "dup",
+   and are typically used when one wants to prompt for a yes/no response.
+
+   All of the functions in this group take a UI and a prompt string.
+   The string input and verify addition functions also take a flag argument,
+   a buffer for the result to end up with, a minimum input size and a maximum
+   input size (the result buffer MUST be large enough to be able to contain
+   the maximum number of characters).  Additionally, the verify addition
+   functions takes another buffer to compare the result against.
+   The boolean input functions take an action description string (which should
+   be safe to ignore if the expected user action is obvious, for example with
+   a dialog box with an OK button and a Cancel button), a string of acceptable
+   characters to mean OK and to mean Cancel.  The two last strings are checked
+   to make sure they don't have common characters.  Additionally, the same
+   flag argument as for the string input is taken, as well as a result buffer.
+   The result buffer is required to be at least one byte long.  Depending on
+   the answer, the first character from the OK or the Cancel character strings
+   will be stored in the first byte of the result buffer.  No NUL will be
+   added, so the result is *not* a string.
+
+   On success, the all return an index of the added information.  That index
+   is useful when retrieving results with UI_get0_result(). */
+int UI_add_input_string(UI *ui, const char *prompt, int flags,
+                        char *result_buf, int minsize, int maxsize);
+int UI_dup_input_string(UI *ui, const char *prompt, int flags,
+                        char *result_buf, int minsize, int maxsize);
+int UI_add_verify_string(UI *ui, const char *prompt, int flags,
+                         char *result_buf, int minsize, int maxsize,
+                         const char *test_buf);
+int UI_dup_verify_string(UI *ui, const char *prompt, int flags,
+                         char *result_buf, int minsize, int maxsize,
+                         const char *test_buf);
+int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc,
+                         const char *ok_chars, const char *cancel_chars,
+                         int flags, char *result_buf);
+int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
+                         const char *ok_chars, const char *cancel_chars,
+                         int flags, char *result_buf);
+int UI_add_info_string(UI *ui, const char *text);
+int UI_dup_info_string(UI *ui, const char *text);
+int UI_add_error_string(UI *ui, const char *text);
+int UI_dup_error_string(UI *ui, const char *text);
+
+/* These are the possible flags.  They can be or'ed together. */
+/* Use to have echoing of input */
+# define UI_INPUT_FLAG_ECHO              0x01
+/*
+ * Use a default password.  Where that password is found is completely up to
+ * the application, it might for example be in the user data set with
+ * UI_add_user_data().  It is not recommended to have more than one input in
+ * each UI being marked with this flag, or the application might get
+ * confused.
+ */
+# define UI_INPUT_FLAG_DEFAULT_PWD       0x02
+
+/*-
+ * The user of these routines may want to define flags of their own.  The core
+ * UI won't look at those, but will pass them on to the method routines.  They
+ * must use higher bits so they don't get confused with the UI bits above.
+ * UI_INPUT_FLAG_USER_BASE tells which is the lowest bit to use.  A good
+ * example of use is this:
+ *
+ *    #define MY_UI_FLAG1       (0x01 << UI_INPUT_FLAG_USER_BASE)
+ *
+*/
+# define UI_INPUT_FLAG_USER_BASE 16
+
+/*-
+ * The following function helps construct a prompt.  object_desc is a
+ * textual short description of the object, for example "pass phrase",
+ * and object_name is the name of the object (might be a card name or
+ * a file name.
+ * The returned string shall always be allocated on the heap with
+ * OPENSSL_malloc(), and need to be free'd with OPENSSL_free().
+ *
+ * If the ui_method doesn't contain a pointer to a user-defined prompt
+ * constructor, a default string is built, looking like this:
+ *
+ *       "Enter {object_desc} for {object_name}:"
+ *
+ * So, if object_desc has the value "pass phrase" and object_name has
+ * the value "foo.key", the resulting string is:
+ *
+ *       "Enter pass phrase for foo.key:"
+*/
+char *UI_construct_prompt(UI *ui_method,
+                          const char *object_desc, const char *object_name);
+
+/*
+ * The following function is used to store a pointer to user-specific data.
+ * Any previous such pointer will be returned and replaced.
+ *
+ * For callback purposes, this function makes a lot more sense than using
+ * ex_data, since the latter requires that different parts of OpenSSL or
+ * applications share the same ex_data index.
+ *
+ * Note that the UI_OpenSSL() method completely ignores the user data. Other
+ * methods may not, however.
+ */
+void *UI_add_user_data(UI *ui, void *user_data);
+/*
+ * Alternatively, this function is used to duplicate the user data.
+ * This uses the duplicator method function.  The destroy function will
+ * be used to free the user data in this case.
+ */
+int UI_dup_user_data(UI *ui, void *user_data);
+/* We need a user data retrieving function as well.  */
+void *UI_get0_user_data(UI *ui);
+
+/* Return the result associated with a prompt given with the index i. */
+const char *UI_get0_result(UI *ui, int i);
+int UI_get_result_length(UI *ui, int i);
+
+/* When all strings have been added, process the whole thing. */
+int UI_process(UI *ui);
+
+/*
+ * Give a user interface parameterised control commands.  This can be used to
+ * send down an integer, a data pointer or a function pointer, as well as be
+ * used to get information from a UI.
+ */
+int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void));
+
+/* The commands */
+/*
+ * Use UI_CONTROL_PRINT_ERRORS with the value 1 to have UI_process print the
+ * OpenSSL error stack before printing any info or added error messages and
+ * before any prompting.
+ */
+# define UI_CTRL_PRINT_ERRORS            1
+/*
+ * Check if a UI_process() is possible to do again with the same instance of
+ * a user interface.  This makes UI_ctrl() return 1 if it is redoable, and 0
+ * if not.
+ */
+# define UI_CTRL_IS_REDOABLE             2
+
+/* Some methods may use extra data */
+# define UI_set_app_data(s,arg)         UI_set_ex_data(s,0,arg)
+# define UI_get_app_data(s)             UI_get_ex_data(s,0)
+
+# define UI_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI, l, p, newf, dupf, freef)
+int UI_set_ex_data(UI *r, int idx, void *arg);
+void *UI_get_ex_data(UI *r, int idx);
+
+/* Use specific methods instead of the built-in one */
+void UI_set_default_method(const UI_METHOD *meth);
+const UI_METHOD *UI_get_default_method(void);
+const UI_METHOD *UI_get_method(UI *ui);
+const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth);
+
+# ifndef OPENSSL_NO_UI_CONSOLE
+
+/* The method with all the built-in thingies */
+UI_METHOD *UI_OpenSSL(void);
+
+# endif
+
+/*
+ * NULL method.  Literally does nothing, but may serve as a placeholder
+ * to avoid internal default.
+ */
+const UI_METHOD *UI_null(void);
+
+/* ---------- For method writers ---------- */
+/*-
+   A method contains a number of functions that implement the low level
+   of the User Interface.  The functions are:
+
+        an opener       This function starts a session, maybe by opening
+                        a channel to a tty, or by opening a window.
+        a writer        This function is called to write a given string,
+                        maybe to the tty, maybe as a field label in a
+                        window.
+        a flusher       This function is called to flush everything that
+                        has been output so far.  It can be used to actually
+                        display a dialog box after it has been built.
+        a reader        This function is called to read a given prompt,
+                        maybe from the tty, maybe from a field in a
+                        window.  Note that it's called with all string
+                        structures, not only the prompt ones, so it must
+                        check such things itself.
+        a closer        This function closes the session, maybe by closing
+                        the channel to the tty, or closing the window.
+
+   All these functions are expected to return:
+
+        0       on error.
+        1       on success.
+        -1      on out-of-band events, for example if some prompting has
+                been canceled (by pressing Ctrl-C, for example).  This is
+                only checked when returned by the flusher or the reader.
+
+   The way this is used, the opener is first called, then the writer for all
+   strings, then the flusher, then the reader for all strings and finally the
+   closer.  Note that if you want to prompt from a terminal or other command
+   line interface, the best is to have the reader also write the prompts
+   instead of having the writer do it.  If you want to prompt from a dialog
+   box, the writer can be used to build up the contents of the box, and the
+   flusher to actually display the box and run the event loop until all data
+   has been given, after which the reader only grabs the given data and puts
+   them back into the UI strings.
+
+   All method functions take a UI as argument.  Additionally, the writer and
+   the reader take a UI_STRING.
+*/
+
+/*
+ * The UI_STRING type is the data structure that contains all the needed info
+ * about a string or a prompt, including test data for a verification prompt.
+ */
+typedef struct ui_string_st UI_STRING;
+DEFINE_STACK_OF(UI_STRING)
+
+/*
+ * The different types of strings that are currently supported. This is only
+ * needed by method authors.
+ */
+enum UI_string_types {
+    UIT_NONE = 0,
+    UIT_PROMPT,                 /* Prompt for a string */
+    UIT_VERIFY,                 /* Prompt for a string and verify */
+    UIT_BOOLEAN,                /* Prompt for a yes/no response */
+    UIT_INFO,                   /* Send info to the user */
+    UIT_ERROR                   /* Send an error message to the user */
+};
+
+/* Create and manipulate methods */
+UI_METHOD *UI_create_method(const char *name);
+void UI_destroy_method(UI_METHOD *ui_method);
+int UI_method_set_opener(UI_METHOD *method, int (*opener) (UI *ui));
+int UI_method_set_writer(UI_METHOD *method,
+                         int (*writer) (UI *ui, UI_STRING *uis));
+int UI_method_set_flusher(UI_METHOD *method, int (*flusher) (UI *ui));
+int UI_method_set_reader(UI_METHOD *method,
+                         int (*reader) (UI *ui, UI_STRING *uis));
+int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui));
+int UI_method_set_data_duplicator(UI_METHOD *method,
+                                  void *(*duplicator) (UI *ui, void *ui_data),
+                                  void (*destructor)(UI *ui, void *ui_data));
+int UI_method_set_prompt_constructor(UI_METHOD *method,
+                                     char *(*prompt_constructor) (UI *ui,
+                                                                  const char
+                                                                  *object_desc,
+                                                                  const char
+                                                                  *object_name));
+int UI_method_set_ex_data(UI_METHOD *method, int idx, void *data);
+int (*UI_method_get_opener(const UI_METHOD *method)) (UI *);
+int (*UI_method_get_writer(const UI_METHOD *method)) (UI *, UI_STRING *);
+int (*UI_method_get_flusher(const UI_METHOD *method)) (UI *);
+int (*UI_method_get_reader(const UI_METHOD *method)) (UI *, UI_STRING *);
+int (*UI_method_get_closer(const UI_METHOD *method)) (UI *);
+char *(*UI_method_get_prompt_constructor(const UI_METHOD *method))
+    (UI *, const char *, const char *);
+void *(*UI_method_get_data_duplicator(const UI_METHOD *method)) (UI *, void *);
+void (*UI_method_get_data_destructor(const UI_METHOD *method)) (UI *, void *);
+const void *UI_method_get_ex_data(const UI_METHOD *method, int idx);
+
+/*
+ * The following functions are helpers for method writers to access relevant
+ * data from a UI_STRING.
+ */
+
+/* Return type of the UI_STRING */
+enum UI_string_types UI_get_string_type(UI_STRING *uis);
+/* Return input flags of the UI_STRING */
+int UI_get_input_flags(UI_STRING *uis);
+/* Return the actual string to output (the prompt, info or error) */
+const char *UI_get0_output_string(UI_STRING *uis);
+/*
+ * Return the optional action string to output (the boolean prompt
+ * instruction)
+ */
+const char *UI_get0_action_string(UI_STRING *uis);
+/* Return the result of a prompt */
+const char *UI_get0_result_string(UI_STRING *uis);
+int UI_get_result_string_length(UI_STRING *uis);
+/*
+ * Return the string to test the result against.  Only useful with verifies.
+ */
+const char *UI_get0_test_string(UI_STRING *uis);
+/* Return the required minimum size of the result */
+int UI_get_result_minsize(UI_STRING *uis);
+/* Return the required maximum size of the result */
+int UI_get_result_maxsize(UI_STRING *uis);
+/* Set the result of a UI_STRING. */
+int UI_set_result(UI *ui, UI_STRING *uis, const char *result);
+int UI_set_result_ex(UI *ui, UI_STRING *uis, const char *result, int len);
+
+/* A couple of popular utility functions */
+int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt,
+                           int verify);
+int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt,
+                    int verify);
+UI_METHOD *UI_UTIL_wrap_read_pem_callback(pem_password_cb *cb, int rwflag);
+
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/uierr.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/uierr.h
new file mode 100644
index 000000000..72fd9a9db
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/uierr.h
@@ -0,0 +1,61 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_UIERR_H
+# define HEADER_UIERR_H
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_UI_strings(void);
+
+/*
+ * UI function codes.
+ */
+# define UI_F_CLOSE_CONSOLE                               115
+# define UI_F_ECHO_CONSOLE                                116
+# define UI_F_GENERAL_ALLOCATE_BOOLEAN                    108
+# define UI_F_GENERAL_ALLOCATE_PROMPT                     109
+# define UI_F_NOECHO_CONSOLE                              117
+# define UI_F_OPEN_CONSOLE                                114
+# define UI_F_UI_CONSTRUCT_PROMPT                         121
+# define UI_F_UI_CREATE_METHOD                            112
+# define UI_F_UI_CTRL                                     111
+# define UI_F_UI_DUP_ERROR_STRING                         101
+# define UI_F_UI_DUP_INFO_STRING                          102
+# define UI_F_UI_DUP_INPUT_BOOLEAN                        110
+# define UI_F_UI_DUP_INPUT_STRING                         103
+# define UI_F_UI_DUP_USER_DATA                            118
+# define UI_F_UI_DUP_VERIFY_STRING                        106
+# define UI_F_UI_GET0_RESULT                              107
+# define UI_F_UI_GET_RESULT_LENGTH                        119
+# define UI_F_UI_NEW_METHOD                               104
+# define UI_F_UI_PROCESS                                  113
+# define UI_F_UI_SET_RESULT                               105
+# define UI_F_UI_SET_RESULT_EX                            120
+
+/*
+ * UI reason codes.
+ */
+# define UI_R_COMMON_OK_AND_CANCEL_CHARACTERS             104
+# define UI_R_INDEX_TOO_LARGE                             102
+# define UI_R_INDEX_TOO_SMALL                             103
+# define UI_R_NO_RESULT_BUFFER                            105
+# define UI_R_PROCESSING_ERROR                            107
+# define UI_R_RESULT_TOO_LARGE                            100
+# define UI_R_RESULT_TOO_SMALL                            101
+# define UI_R_SYSASSIGN_ERROR                             109
+# define UI_R_SYSDASSGN_ERROR                             110
+# define UI_R_SYSQIOW_ERROR                               111
+# define UI_R_UNKNOWN_CONTROL_COMMAND                     106
+# define UI_R_UNKNOWN_TTYGET_ERRNO_VALUE                  108
+# define UI_R_USER_DATA_DUPLICATION_UNSUPPORTED           112
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/whrlpool.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/whrlpool.h
new file mode 100644
index 000000000..20ea3503b
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/whrlpool.h
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_WHRLPOOL_H
+# define HEADER_WHRLPOOL_H
+
+#include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_WHIRLPOOL
+# include <openssl/e_os2.h>
+# include <stddef.h>
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+# define WHIRLPOOL_DIGEST_LENGTH (512/8)
+# define WHIRLPOOL_BBLOCK        512
+# define WHIRLPOOL_COUNTER       (256/8)
+
+typedef struct {
+    union {
+        unsigned char c[WHIRLPOOL_DIGEST_LENGTH];
+        /* double q is here to ensure 64-bit alignment */
+        double q[WHIRLPOOL_DIGEST_LENGTH / sizeof(double)];
+    } H;
+    unsigned char data[WHIRLPOOL_BBLOCK / 8];
+    unsigned int bitoff;
+    size_t bitlen[WHIRLPOOL_COUNTER / sizeof(size_t)];
+} WHIRLPOOL_CTX;
+
+int WHIRLPOOL_Init(WHIRLPOOL_CTX *c);
+int WHIRLPOOL_Update(WHIRLPOOL_CTX *c, const void *inp, size_t bytes);
+void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *inp, size_t bits);
+int WHIRLPOOL_Final(unsigned char *md, WHIRLPOOL_CTX *c);
+unsigned char *WHIRLPOOL(const void *inp, size_t bytes, unsigned char *md);
+
+# ifdef __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/x509.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/x509.h
new file mode 100644
index 000000000..39ca0ba57
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/x509.h
@@ -0,0 +1,1047 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_X509_H
+# define HEADER_X509_H
+
+# include <openssl/e_os2.h>
+# include <openssl/ossl_typ.h>
+# include <openssl/symhacks.h>
+# include <openssl/buffer.h>
+# include <openssl/evp.h>
+# include <openssl/bio.h>
+# include <openssl/asn1.h>
+# include <openssl/safestack.h>
+# include <openssl/ec.h>
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  include <openssl/rsa.h>
+#  include <openssl/dsa.h>
+#  include <openssl/dh.h>
+# endif
+
+# include <openssl/sha.h>
+# include <openssl/x509err.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+
+/* Flags for X509_get_signature_info() */
+/* Signature info is valid */
+# define X509_SIG_INFO_VALID     0x1
+/* Signature is suitable for TLS use */
+# define X509_SIG_INFO_TLS       0x2
+
+# define X509_FILETYPE_PEM       1
+# define X509_FILETYPE_ASN1      2
+# define X509_FILETYPE_DEFAULT   3
+
+# define X509v3_KU_DIGITAL_SIGNATURE     0x0080
+# define X509v3_KU_NON_REPUDIATION       0x0040
+# define X509v3_KU_KEY_ENCIPHERMENT      0x0020
+# define X509v3_KU_DATA_ENCIPHERMENT     0x0010
+# define X509v3_KU_KEY_AGREEMENT         0x0008
+# define X509v3_KU_KEY_CERT_SIGN         0x0004
+# define X509v3_KU_CRL_SIGN              0x0002
+# define X509v3_KU_ENCIPHER_ONLY         0x0001
+# define X509v3_KU_DECIPHER_ONLY         0x8000
+# define X509v3_KU_UNDEF                 0xffff
+
+struct X509_algor_st {
+    ASN1_OBJECT *algorithm;
+    ASN1_TYPE *parameter;
+} /* X509_ALGOR */ ;
+
+typedef STACK_OF(X509_ALGOR) X509_ALGORS;
+
+typedef struct X509_val_st {
+    ASN1_TIME *notBefore;
+    ASN1_TIME *notAfter;
+} X509_VAL;
+
+typedef struct X509_sig_st X509_SIG;
+
+typedef struct X509_name_entry_st X509_NAME_ENTRY;
+
+DEFINE_STACK_OF(X509_NAME_ENTRY)
+
+DEFINE_STACK_OF(X509_NAME)
+
+# define X509_EX_V_NETSCAPE_HACK         0x8000
+# define X509_EX_V_INIT                  0x0001
+typedef struct X509_extension_st X509_EXTENSION;
+
+typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS;
+
+DEFINE_STACK_OF(X509_EXTENSION)
+
+typedef struct x509_attributes_st X509_ATTRIBUTE;
+
+DEFINE_STACK_OF(X509_ATTRIBUTE)
+
+typedef struct X509_req_info_st X509_REQ_INFO;
+
+typedef struct X509_req_st X509_REQ;
+
+typedef struct x509_cert_aux_st X509_CERT_AUX;
+
+typedef struct x509_cinf_st X509_CINF;
+
+DEFINE_STACK_OF(X509)
+
+/* This is used for a table of trust checking functions */
+
+typedef struct x509_trust_st {
+    int trust;
+    int flags;
+    int (*check_trust) (struct x509_trust_st *, X509 *, int);
+    char *name;
+    int arg1;
+    void *arg2;
+} X509_TRUST;
+
+DEFINE_STACK_OF(X509_TRUST)
+
+/* standard trust ids */
+
+# define X509_TRUST_DEFAULT      0 /* Only valid in purpose settings */
+
+# define X509_TRUST_COMPAT       1
+# define X509_TRUST_SSL_CLIENT   2
+# define X509_TRUST_SSL_SERVER   3
+# define X509_TRUST_EMAIL        4
+# define X509_TRUST_OBJECT_SIGN  5
+# define X509_TRUST_OCSP_SIGN    6
+# define X509_TRUST_OCSP_REQUEST 7
+# define X509_TRUST_TSA          8
+
+/* Keep these up to date! */
+# define X509_TRUST_MIN          1
+# define X509_TRUST_MAX          8
+
+/* trust_flags values */
+# define X509_TRUST_DYNAMIC      (1U << 0)
+# define X509_TRUST_DYNAMIC_NAME (1U << 1)
+/* No compat trust if self-signed, preempts "DO_SS" */
+# define X509_TRUST_NO_SS_COMPAT (1U << 2)
+/* Compat trust if no explicit accepted trust EKUs */
+# define X509_TRUST_DO_SS_COMPAT (1U << 3)
+/* Accept "anyEKU" as a wildcard trust OID */
+# define X509_TRUST_OK_ANY_EKU   (1U << 4)
+
+/* check_trust return codes */
+
+# define X509_TRUST_TRUSTED      1
+# define X509_TRUST_REJECTED     2
+# define X509_TRUST_UNTRUSTED    3
+
+/* Flags for X509_print_ex() */
+
+# define X509_FLAG_COMPAT                0
+# define X509_FLAG_NO_HEADER             1L
+# define X509_FLAG_NO_VERSION            (1L << 1)
+# define X509_FLAG_NO_SERIAL             (1L << 2)
+# define X509_FLAG_NO_SIGNAME            (1L << 3)
+# define X509_FLAG_NO_ISSUER             (1L << 4)
+# define X509_FLAG_NO_VALIDITY           (1L << 5)
+# define X509_FLAG_NO_SUBJECT            (1L << 6)
+# define X509_FLAG_NO_PUBKEY             (1L << 7)
+# define X509_FLAG_NO_EXTENSIONS         (1L << 8)
+# define X509_FLAG_NO_SIGDUMP            (1L << 9)
+# define X509_FLAG_NO_AUX                (1L << 10)
+# define X509_FLAG_NO_ATTRIBUTES         (1L << 11)
+# define X509_FLAG_NO_IDS                (1L << 12)
+
+/* Flags specific to X509_NAME_print_ex() */
+
+/* The field separator information */
+
+# define XN_FLAG_SEP_MASK        (0xf << 16)
+
+# define XN_FLAG_COMPAT          0/* Traditional; use old X509_NAME_print */
+# define XN_FLAG_SEP_COMMA_PLUS  (1 << 16)/* RFC2253 ,+ */
+# define XN_FLAG_SEP_CPLUS_SPC   (2 << 16)/* ,+ spaced: more readable */
+# define XN_FLAG_SEP_SPLUS_SPC   (3 << 16)/* ;+ spaced */
+# define XN_FLAG_SEP_MULTILINE   (4 << 16)/* One line per field */
+
+# define XN_FLAG_DN_REV          (1 << 20)/* Reverse DN order */
+
+/* How the field name is shown */
+
+# define XN_FLAG_FN_MASK         (0x3 << 21)
+
+# define XN_FLAG_FN_SN           0/* Object short name */
+# define XN_FLAG_FN_LN           (1 << 21)/* Object long name */
+# define XN_FLAG_FN_OID          (2 << 21)/* Always use OIDs */
+# define XN_FLAG_FN_NONE         (3 << 21)/* No field names */
+
+# define XN_FLAG_SPC_EQ          (1 << 23)/* Put spaces round '=' */
+
+/*
+ * This determines if we dump fields we don't recognise: RFC2253 requires
+ * this.
+ */
+
+# define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24)
+
+# define XN_FLAG_FN_ALIGN        (1 << 25)/* Align field names to 20
+                                           * characters */
+
+/* Complete set of RFC2253 flags */
+
+# define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \
+                        XN_FLAG_SEP_COMMA_PLUS | \
+                        XN_FLAG_DN_REV | \
+                        XN_FLAG_FN_SN | \
+                        XN_FLAG_DUMP_UNKNOWN_FIELDS)
+
+/* readable oneline form */
+
+# define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \
+                        ASN1_STRFLGS_ESC_QUOTE | \
+                        XN_FLAG_SEP_CPLUS_SPC | \
+                        XN_FLAG_SPC_EQ | \
+                        XN_FLAG_FN_SN)
+
+/* readable multiline form */
+
+# define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \
+                        ASN1_STRFLGS_ESC_MSB | \
+                        XN_FLAG_SEP_MULTILINE | \
+                        XN_FLAG_SPC_EQ | \
+                        XN_FLAG_FN_LN | \
+                        XN_FLAG_FN_ALIGN)
+
+DEFINE_STACK_OF(X509_REVOKED)
+
+typedef struct X509_crl_info_st X509_CRL_INFO;
+
+DEFINE_STACK_OF(X509_CRL)
+
+typedef struct private_key_st {
+    int version;
+    /* The PKCS#8 data types */
+    X509_ALGOR *enc_algor;
+    ASN1_OCTET_STRING *enc_pkey; /* encrypted pub key */
+    /* When decrypted, the following will not be NULL */
+    EVP_PKEY *dec_pkey;
+    /* used to encrypt and decrypt */
+    int key_length;
+    char *key_data;
+    int key_free;               /* true if we should auto free key_data */
+    /* expanded version of 'enc_algor' */
+    EVP_CIPHER_INFO cipher;
+} X509_PKEY;
+
+typedef struct X509_info_st {
+    X509 *x509;
+    X509_CRL *crl;
+    X509_PKEY *x_pkey;
+    EVP_CIPHER_INFO enc_cipher;
+    int enc_len;
+    char *enc_data;
+} X509_INFO;
+
+DEFINE_STACK_OF(X509_INFO)
+
+/*
+ * The next 2 structures and their 8 routines are used to manipulate Netscape's
+ * spki structures - useful if you are writing a CA web page
+ */
+typedef struct Netscape_spkac_st {
+    X509_PUBKEY *pubkey;
+    ASN1_IA5STRING *challenge;  /* challenge sent in atlas >= PR2 */
+} NETSCAPE_SPKAC;
+
+typedef struct Netscape_spki_st {
+    NETSCAPE_SPKAC *spkac;      /* signed public key and challenge */
+    X509_ALGOR sig_algor;
+    ASN1_BIT_STRING *signature;
+} NETSCAPE_SPKI;
+
+/* Netscape certificate sequence structure */
+typedef struct Netscape_certificate_sequence {
+    ASN1_OBJECT *type;
+    STACK_OF(X509) *certs;
+} NETSCAPE_CERT_SEQUENCE;
+
+/*- Unused (and iv length is wrong)
+typedef struct CBCParameter_st
+        {
+        unsigned char iv[8];
+        } CBC_PARAM;
+*/
+
+/* Password based encryption structure */
+
+typedef struct PBEPARAM_st {
+    ASN1_OCTET_STRING *salt;
+    ASN1_INTEGER *iter;
+} PBEPARAM;
+
+/* Password based encryption V2 structures */
+
+typedef struct PBE2PARAM_st {
+    X509_ALGOR *keyfunc;
+    X509_ALGOR *encryption;
+} PBE2PARAM;
+
+typedef struct PBKDF2PARAM_st {
+/* Usually OCTET STRING but could be anything */
+    ASN1_TYPE *salt;
+    ASN1_INTEGER *iter;
+    ASN1_INTEGER *keylength;
+    X509_ALGOR *prf;
+} PBKDF2PARAM;
+
+#ifndef OPENSSL_NO_SCRYPT
+typedef struct SCRYPT_PARAMS_st {
+    ASN1_OCTET_STRING *salt;
+    ASN1_INTEGER *costParameter;
+    ASN1_INTEGER *blockSize;
+    ASN1_INTEGER *parallelizationParameter;
+    ASN1_INTEGER *keyLength;
+} SCRYPT_PARAMS;
+#endif
+
+#ifdef  __cplusplus
+}
+#endif
+
+# include <openssl/x509_vfy.h>
+# include <openssl/pkcs7.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# define X509_EXT_PACK_UNKNOWN   1
+# define X509_EXT_PACK_STRING    2
+
+# define         X509_extract_key(x)     X509_get_pubkey(x)/*****/
+# define         X509_REQ_extract_key(a) X509_REQ_get_pubkey(a)
+# define         X509_name_cmp(a,b)      X509_NAME_cmp((a),(b))
+
+void X509_CRL_set_default_method(const X509_CRL_METHOD *meth);
+X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl),
+                                     int (*crl_free) (X509_CRL *crl),
+                                     int (*crl_lookup) (X509_CRL *crl,
+                                                        X509_REVOKED **ret,
+                                                        ASN1_INTEGER *ser,
+                                                        X509_NAME *issuer),
+                                     int (*crl_verify) (X509_CRL *crl,
+                                                        EVP_PKEY *pk));
+void X509_CRL_METHOD_free(X509_CRL_METHOD *m);
+
+void X509_CRL_set_meth_data(X509_CRL *crl, void *dat);
+void *X509_CRL_get_meth_data(X509_CRL *crl);
+
+const char *X509_verify_cert_error_string(long n);
+
+int X509_verify(X509 *a, EVP_PKEY *r);
+
+int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r);
+int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r);
+int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r);
+
+NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *str, int len);
+char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x);
+EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x);
+int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey);
+
+int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki);
+
+int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent);
+int X509_signature_print(BIO *bp, const X509_ALGOR *alg,
+                         const ASN1_STRING *sig);
+
+int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
+int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx);
+# ifndef OPENSSL_NO_OCSP
+int X509_http_nbio(OCSP_REQ_CTX *rctx, X509 **pcert);
+# endif
+int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md);
+int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx);
+int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md);
+int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx);
+# ifndef OPENSSL_NO_OCSP
+int X509_CRL_http_nbio(OCSP_REQ_CTX *rctx, X509_CRL **pcrl);
+# endif
+int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md);
+
+int X509_pubkey_digest(const X509 *data, const EVP_MD *type,
+                       unsigned char *md, unsigned int *len);
+int X509_digest(const X509 *data, const EVP_MD *type,
+                unsigned char *md, unsigned int *len);
+int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type,
+                    unsigned char *md, unsigned int *len);
+int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type,
+                    unsigned char *md, unsigned int *len);
+int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type,
+                     unsigned char *md, unsigned int *len);
+
+# ifndef OPENSSL_NO_STDIO
+X509 *d2i_X509_fp(FILE *fp, X509 **x509);
+int i2d_X509_fp(FILE *fp, X509 *x509);
+X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl);
+int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl);
+X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req);
+int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req);
+#  ifndef OPENSSL_NO_RSA
+RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa);
+int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa);
+RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa);
+int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa);
+RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa);
+int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa);
+#  endif
+#  ifndef OPENSSL_NO_DSA
+DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa);
+int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa);
+DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa);
+int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa);
+#  endif
+#  ifndef OPENSSL_NO_EC
+EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey);
+int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey);
+EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey);
+int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey);
+#  endif
+X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8);
+int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8);
+PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
+                                                PKCS8_PRIV_KEY_INFO **p8inf);
+int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf);
+int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key);
+int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey);
+EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
+int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
+# endif
+
+X509 *d2i_X509_bio(BIO *bp, X509 **x509);
+int i2d_X509_bio(BIO *bp, X509 *x509);
+X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl);
+int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl);
+X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req);
+int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req);
+#  ifndef OPENSSL_NO_RSA
+RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa);
+int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa);
+RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa);
+int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa);
+RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa);
+int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa);
+#  endif
+#  ifndef OPENSSL_NO_DSA
+DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa);
+int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa);
+DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa);
+int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa);
+#  endif
+#  ifndef OPENSSL_NO_EC
+EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey);
+int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *eckey);
+EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey);
+int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey);
+#  endif
+X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8);
+int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8);
+PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
+                                                 PKCS8_PRIV_KEY_INFO **p8inf);
+int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf);
+int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key);
+int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey);
+EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
+int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
+
+X509 *X509_dup(X509 *x509);
+X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa);
+X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex);
+X509_CRL *X509_CRL_dup(X509_CRL *crl);
+X509_REVOKED *X509_REVOKED_dup(X509_REVOKED *rev);
+X509_REQ *X509_REQ_dup(X509_REQ *req);
+X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn);
+int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype,
+                    void *pval);
+void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype,
+                     const void **ppval, const X509_ALGOR *algor);
+void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md);
+int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b);
+
+X509_NAME *X509_NAME_dup(X509_NAME *xn);
+X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
+
+int X509_cmp_time(const ASN1_TIME *s, time_t *t);
+int X509_cmp_current_time(const ASN1_TIME *s);
+ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *t);
+ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s,
+                            int offset_day, long offset_sec, time_t *t);
+ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj);
+
+const char *X509_get_default_cert_area(void);
+const char *X509_get_default_cert_dir(void);
+const char *X509_get_default_cert_file(void);
+const char *X509_get_default_cert_dir_env(void);
+const char *X509_get_default_cert_file_env(void);
+const char *X509_get_default_private_dir(void);
+
+X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
+X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey);
+
+DECLARE_ASN1_FUNCTIONS(X509_ALGOR)
+DECLARE_ASN1_ENCODE_FUNCTIONS(X509_ALGORS, X509_ALGORS, X509_ALGORS)
+DECLARE_ASN1_FUNCTIONS(X509_VAL)
+
+DECLARE_ASN1_FUNCTIONS(X509_PUBKEY)
+
+int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
+EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key);
+EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key);
+int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain);
+long X509_get_pathlen(X509 *x);
+int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp);
+EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length);
+# ifndef OPENSSL_NO_RSA
+int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp);
+RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length);
+# endif
+# ifndef OPENSSL_NO_DSA
+int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp);
+DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length);
+# endif
+# ifndef OPENSSL_NO_EC
+int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp);
+EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length);
+# endif
+
+DECLARE_ASN1_FUNCTIONS(X509_SIG)
+void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg,
+                   const ASN1_OCTET_STRING **pdigest);
+void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg,
+                   ASN1_OCTET_STRING **pdigest);
+
+DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO)
+DECLARE_ASN1_FUNCTIONS(X509_REQ)
+
+DECLARE_ASN1_FUNCTIONS(X509_ATTRIBUTE)
+X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value);
+
+DECLARE_ASN1_FUNCTIONS(X509_EXTENSION)
+DECLARE_ASN1_ENCODE_FUNCTIONS(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS)
+
+DECLARE_ASN1_FUNCTIONS(X509_NAME_ENTRY)
+
+DECLARE_ASN1_FUNCTIONS(X509_NAME)
+
+int X509_NAME_set(X509_NAME **xn, X509_NAME *name);
+
+DECLARE_ASN1_FUNCTIONS(X509_CINF)
+
+DECLARE_ASN1_FUNCTIONS(X509)
+DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX)
+
+#define X509_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, l, p, newf, dupf, freef)
+int X509_set_ex_data(X509 *r, int idx, void *arg);
+void *X509_get_ex_data(X509 *r, int idx);
+int i2d_X509_AUX(X509 *a, unsigned char **pp);
+X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length);
+
+int i2d_re_X509_tbs(X509 *x, unsigned char **pp);
+
+int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid,
+                      int *secbits, uint32_t *flags);
+void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid,
+                       int secbits, uint32_t flags);
+
+int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits,
+                            uint32_t *flags);
+
+void X509_get0_signature(const ASN1_BIT_STRING **psig,
+                         const X509_ALGOR **palg, const X509 *x);
+int X509_get_signature_nid(const X509 *x);
+
+int X509_trusted(const X509 *x);
+int X509_alias_set1(X509 *x, const unsigned char *name, int len);
+int X509_keyid_set1(X509 *x, const unsigned char *id, int len);
+unsigned char *X509_alias_get0(X509 *x, int *len);
+unsigned char *X509_keyid_get0(X509 *x, int *len);
+int (*X509_TRUST_set_default(int (*trust) (int, X509 *, int))) (int, X509 *,
+                                                                int);
+int X509_TRUST_set(int *t, int trust);
+int X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj);
+int X509_add1_reject_object(X509 *x, const ASN1_OBJECT *obj);
+void X509_trust_clear(X509 *x);
+void X509_reject_clear(X509 *x);
+
+STACK_OF(ASN1_OBJECT) *X509_get0_trust_objects(X509 *x);
+STACK_OF(ASN1_OBJECT) *X509_get0_reject_objects(X509 *x);
+
+DECLARE_ASN1_FUNCTIONS(X509_REVOKED)
+DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO)
+DECLARE_ASN1_FUNCTIONS(X509_CRL)
+
+int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
+int X509_CRL_get0_by_serial(X509_CRL *crl,
+                            X509_REVOKED **ret, ASN1_INTEGER *serial);
+int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x);
+
+X509_PKEY *X509_PKEY_new(void);
+void X509_PKEY_free(X509_PKEY *a);
+
+DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI)
+DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC)
+DECLARE_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE)
+
+X509_INFO *X509_INFO_new(void);
+void X509_INFO_free(X509_INFO *a);
+char *X509_NAME_oneline(const X509_NAME *a, char *buf, int size);
+
+int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *algor1,
+                ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey);
+
+int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
+                unsigned char *md, unsigned int *len);
+
+int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1,
+              X509_ALGOR *algor2, ASN1_BIT_STRING *signature,
+              char *data, EVP_PKEY *pkey, const EVP_MD *type);
+
+int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *data,
+                     unsigned char *md, unsigned int *len);
+
+int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *algor1,
+                     ASN1_BIT_STRING *signature, void *data, EVP_PKEY *pkey);
+
+int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1,
+                   X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *data,
+                   EVP_PKEY *pkey, const EVP_MD *type);
+int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1,
+                       X509_ALGOR *algor2, ASN1_BIT_STRING *signature,
+                       void *asn, EVP_MD_CTX *ctx);
+
+long X509_get_version(const X509 *x);
+int X509_set_version(X509 *x, long version);
+int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial);
+ASN1_INTEGER *X509_get_serialNumber(X509 *x);
+const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x);
+int X509_set_issuer_name(X509 *x, X509_NAME *name);
+X509_NAME *X509_get_issuer_name(const X509 *a);
+int X509_set_subject_name(X509 *x, X509_NAME *name);
+X509_NAME *X509_get_subject_name(const X509 *a);
+const ASN1_TIME * X509_get0_notBefore(const X509 *x);
+ASN1_TIME *X509_getm_notBefore(const X509 *x);
+int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm);
+const ASN1_TIME *X509_get0_notAfter(const X509 *x);
+ASN1_TIME *X509_getm_notAfter(const X509 *x);
+int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm);
+int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
+int X509_up_ref(X509 *x);
+int X509_get_signature_type(const X509 *x);
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define X509_get_notBefore X509_getm_notBefore
+#  define X509_get_notAfter X509_getm_notAfter
+#  define X509_set_notBefore X509_set1_notBefore
+#  define X509_set_notAfter X509_set1_notAfter
+#endif
+
+
+/*
+ * This one is only used so that a binary form can output, as in
+ * i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x), &buf)
+ */
+X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x);
+const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x);
+void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid,
+                    const ASN1_BIT_STRING **psuid);
+const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x);
+
+EVP_PKEY *X509_get0_pubkey(const X509 *x);
+EVP_PKEY *X509_get_pubkey(X509 *x);
+ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x);
+int X509_certificate_type(const X509 *x, const EVP_PKEY *pubkey);
+
+long X509_REQ_get_version(const X509_REQ *req);
+int X509_REQ_set_version(X509_REQ *x, long version);
+X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req);
+int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name);
+void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig,
+                             const X509_ALGOR **palg);
+int X509_REQ_get_signature_nid(const X509_REQ *req);
+int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp);
+int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
+EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
+EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req);
+X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req);
+int X509_REQ_extension_nid(int nid);
+int *X509_REQ_get_extension_nids(void);
+void X509_REQ_set_extension_nids(int *nids);
+STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req);
+int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
+                                int nid);
+int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts);
+int X509_REQ_get_attr_count(const X509_REQ *req);
+int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos);
+int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, const ASN1_OBJECT *obj,
+                             int lastpos);
+X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc);
+X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc);
+int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr);
+int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
+                              const ASN1_OBJECT *obj, int type,
+                              const unsigned char *bytes, int len);
+int X509_REQ_add1_attr_by_NID(X509_REQ *req,
+                              int nid, int type,
+                              const unsigned char *bytes, int len);
+int X509_REQ_add1_attr_by_txt(X509_REQ *req,
+                              const char *attrname, int type,
+                              const unsigned char *bytes, int len);
+
+int X509_CRL_set_version(X509_CRL *x, long version);
+int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
+int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm);
+int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm);
+int X509_CRL_sort(X509_CRL *crl);
+int X509_CRL_up_ref(X509_CRL *crl);
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define X509_CRL_set_lastUpdate X509_CRL_set1_lastUpdate
+#  define X509_CRL_set_nextUpdate X509_CRL_set1_nextUpdate
+#endif
+
+long X509_CRL_get_version(const X509_CRL *crl);
+const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl);
+const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl);
+DEPRECATEDIN_1_1_0(ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl))
+DEPRECATEDIN_1_1_0(ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl))
+X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl);
+const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl);
+STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl);
+void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig,
+                             const X509_ALGOR **palg);
+int X509_CRL_get_signature_nid(const X509_CRL *crl);
+int i2d_re_X509_CRL_tbs(X509_CRL *req, unsigned char **pp);
+
+const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *x);
+int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial);
+const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *x);
+int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm);
+const STACK_OF(X509_EXTENSION) *
+X509_REVOKED_get0_extensions(const X509_REVOKED *r);
+
+X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
+                        EVP_PKEY *skey, const EVP_MD *md, unsigned int flags);
+
+int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey);
+
+int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey);
+int X509_chain_check_suiteb(int *perror_depth,
+                            X509 *x, STACK_OF(X509) *chain,
+                            unsigned long flags);
+int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags);
+STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);
+
+int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
+unsigned long X509_issuer_and_serial_hash(X509 *a);
+
+int X509_issuer_name_cmp(const X509 *a, const X509 *b);
+unsigned long X509_issuer_name_hash(X509 *a);
+
+int X509_subject_name_cmp(const X509 *a, const X509 *b);
+unsigned long X509_subject_name_hash(X509 *x);
+
+# ifndef OPENSSL_NO_MD5
+unsigned long X509_issuer_name_hash_old(X509 *a);
+unsigned long X509_subject_name_hash_old(X509 *x);
+# endif
+
+int X509_cmp(const X509 *a, const X509 *b);
+int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);
+unsigned long X509_NAME_hash(X509_NAME *x);
+unsigned long X509_NAME_hash_old(X509_NAME *x);
+
+int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b);
+int X509_CRL_match(const X509_CRL *a, const X509_CRL *b);
+int X509_aux_print(BIO *out, X509 *x, int indent);
+# ifndef OPENSSL_NO_STDIO
+int X509_print_ex_fp(FILE *bp, X509 *x, unsigned long nmflag,
+                     unsigned long cflag);
+int X509_print_fp(FILE *bp, X509 *x);
+int X509_CRL_print_fp(FILE *bp, X509_CRL *x);
+int X509_REQ_print_fp(FILE *bp, X509_REQ *req);
+int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent,
+                          unsigned long flags);
+# endif
+
+int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase);
+int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent,
+                       unsigned long flags);
+int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflag,
+                  unsigned long cflag);
+int X509_print(BIO *bp, X509 *x);
+int X509_ocspid_print(BIO *bp, X509 *x);
+int X509_CRL_print_ex(BIO *out, X509_CRL *x, unsigned long nmflag);
+int X509_CRL_print(BIO *bp, X509_CRL *x);
+int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag,
+                      unsigned long cflag);
+int X509_REQ_print(BIO *bp, X509_REQ *req);
+
+int X509_NAME_entry_count(const X509_NAME *name);
+int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len);
+int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj,
+                              char *buf, int len);
+
+/*
+ * NOTE: you should be passing -1, not 0 as lastpos. The functions that use
+ * lastpos, search after that position on.
+ */
+int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos);
+int X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj,
+                               int lastpos);
+X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc);
+X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
+int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne,
+                        int loc, int set);
+int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type,
+                               const unsigned char *bytes, int len, int loc,
+                               int set);
+int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
+                               const unsigned char *bytes, int len, int loc,
+                               int set);
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
+                                               const char *field, int type,
+                                               const unsigned char *bytes,
+                                               int len);
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
+                                               int type,
+                                               const unsigned char *bytes,
+                                               int len);
+int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type,
+                               const unsigned char *bytes, int len, int loc,
+                               int set);
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
+                                               const ASN1_OBJECT *obj, int type,
+                                               const unsigned char *bytes,
+                                               int len);
+int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj);
+int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
+                             const unsigned char *bytes, int len);
+ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne);
+ASN1_STRING * X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne);
+int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne);
+
+int X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder,
+                       size_t *pderlen);
+
+int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x);
+int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x,
+                          int nid, int lastpos);
+int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x,
+                          const ASN1_OBJECT *obj, int lastpos);
+int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x,
+                               int crit, int lastpos);
+X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc);
+X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc);
+STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
+                                         X509_EXTENSION *ex, int loc);
+
+int X509_get_ext_count(const X509 *x);
+int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos);
+int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, int lastpos);
+int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos);
+X509_EXTENSION *X509_get_ext(const X509 *x, int loc);
+X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
+int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
+void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx);
+int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
+                      unsigned long flags);
+
+int X509_CRL_get_ext_count(const X509_CRL *x);
+int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos);
+int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj,
+                            int lastpos);
+int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos);
+X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc);
+X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
+int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);
+void *X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit, int *idx);
+int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,
+                          unsigned long flags);
+
+int X509_REVOKED_get_ext_count(const X509_REVOKED *x);
+int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos);
+int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, const ASN1_OBJECT *obj,
+                                int lastpos);
+int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit,
+                                     int lastpos);
+X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc);
+X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc);
+int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc);
+void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *x, int nid, int *crit,
+                               int *idx);
+int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit,
+                              unsigned long flags);
+
+X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex,
+                                             int nid, int crit,
+                                             ASN1_OCTET_STRING *data);
+X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
+                                             const ASN1_OBJECT *obj, int crit,
+                                             ASN1_OCTET_STRING *data);
+int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj);
+int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit);
+int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data);
+ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex);
+ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);
+int X509_EXTENSION_get_critical(const X509_EXTENSION *ex);
+
+int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x);
+int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
+                           int lastpos);
+int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk,
+                           const ASN1_OBJECT *obj, int lastpos);
+X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc);
+X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc);
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
+                                           X509_ATTRIBUTE *attr);
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE)
+                                                  **x, const ASN1_OBJECT *obj,
+                                                  int type,
+                                                  const unsigned char *bytes,
+                                                  int len);
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE)
+                                                  **x, int nid, int type,
+                                                  const unsigned char *bytes,
+                                                  int len);
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE)
+                                                  **x, const char *attrname,
+                                                  int type,
+                                                  const unsigned char *bytes,
+                                                  int len);
+void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x,
+                              const ASN1_OBJECT *obj, int lastpos, int type);
+X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
+                                             int atrtype, const void *data,
+                                             int len);
+X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
+                                             const ASN1_OBJECT *obj,
+                                             int atrtype, const void *data,
+                                             int len);
+X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
+                                             const char *atrname, int type,
+                                             const unsigned char *bytes,
+                                             int len);
+int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj);
+int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
+                             const void *data, int len);
+void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, int atrtype,
+                               void *data);
+int X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr);
+ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr);
+ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx);
+
+int EVP_PKEY_get_attr_count(const EVP_PKEY *key);
+int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, int lastpos);
+int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, const ASN1_OBJECT *obj,
+                             int lastpos);
+X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc);
+X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc);
+int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr);
+int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key,
+                              const ASN1_OBJECT *obj, int type,
+                              const unsigned char *bytes, int len);
+int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key,
+                              int nid, int type,
+                              const unsigned char *bytes, int len);
+int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key,
+                              const char *attrname, int type,
+                              const unsigned char *bytes, int len);
+
+int X509_verify_cert(X509_STORE_CTX *ctx);
+
+/* lookup a cert from a X509 STACK */
+X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name,
+                                     ASN1_INTEGER *serial);
+X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name);
+
+DECLARE_ASN1_FUNCTIONS(PBEPARAM)
+DECLARE_ASN1_FUNCTIONS(PBE2PARAM)
+DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM)
+#ifndef OPENSSL_NO_SCRYPT
+DECLARE_ASN1_FUNCTIONS(SCRYPT_PARAMS)
+#endif
+
+int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
+                         const unsigned char *salt, int saltlen);
+
+X509_ALGOR *PKCS5_pbe_set(int alg, int iter,
+                          const unsigned char *salt, int saltlen);
+X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
+                           unsigned char *salt, int saltlen);
+X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
+                              unsigned char *salt, int saltlen,
+                              unsigned char *aiv, int prf_nid);
+
+#ifndef OPENSSL_NO_SCRYPT
+X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher,
+                                  const unsigned char *salt, int saltlen,
+                                  unsigned char *aiv, uint64_t N, uint64_t r,
+                                  uint64_t p);
+#endif
+
+X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
+                             int prf_nid, int keylen);
+
+/* PKCS#8 utilities */
+
+DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
+
+EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8);
+PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey);
+
+int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj,
+                    int version, int ptype, void *pval,
+                    unsigned char *penc, int penclen);
+int PKCS8_pkey_get0(const ASN1_OBJECT **ppkalg,
+                    const unsigned char **pk, int *ppklen,
+                    const X509_ALGOR **pa, const PKCS8_PRIV_KEY_INFO *p8);
+
+const STACK_OF(X509_ATTRIBUTE) *
+PKCS8_pkey_get0_attrs(const PKCS8_PRIV_KEY_INFO *p8);
+int PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int nid, int type,
+                                const unsigned char *bytes, int len);
+
+int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
+                           int ptype, void *pval,
+                           unsigned char *penc, int penclen);
+int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg,
+                           const unsigned char **pk, int *ppklen,
+                           X509_ALGOR **pa, X509_PUBKEY *pub);
+
+int X509_check_trust(X509 *x, int id, int flags);
+int X509_TRUST_get_count(void);
+X509_TRUST *X509_TRUST_get0(int idx);
+int X509_TRUST_get_by_id(int id);
+int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int),
+                   const char *name, int arg1, void *arg2);
+void X509_TRUST_cleanup(void);
+int X509_TRUST_get_flags(const X509_TRUST *xp);
+char *X509_TRUST_get0_name(const X509_TRUST *xp);
+int X509_TRUST_get_trust(const X509_TRUST *xp);
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/x509_vfy.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/x509_vfy.h
new file mode 100644
index 000000000..adb8bce7c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/x509_vfy.h
@@ -0,0 +1,628 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_X509_VFY_H
+# define HEADER_X509_VFY_H
+
+/*
+ * Protect against recursion, x509.h and x509_vfy.h each include the other.
+ */
+# ifndef HEADER_X509_H
+#  include <openssl/x509.h>
+# endif
+
+# include <openssl/opensslconf.h>
+# include <openssl/lhash.h>
+# include <openssl/bio.h>
+# include <openssl/crypto.h>
+# include <openssl/symhacks.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/*-
+SSL_CTX -> X509_STORE
+                -> X509_LOOKUP
+                        ->X509_LOOKUP_METHOD
+                -> X509_LOOKUP
+                        ->X509_LOOKUP_METHOD
+
+SSL     -> X509_STORE_CTX
+                ->X509_STORE
+
+The X509_STORE holds the tables etc for verification stuff.
+A X509_STORE_CTX is used while validating a single certificate.
+The X509_STORE has X509_LOOKUPs for looking up certs.
+The X509_STORE then calls a function to actually verify the
+certificate chain.
+*/
+
+typedef enum {
+    X509_LU_NONE = 0,
+    X509_LU_X509, X509_LU_CRL
+} X509_LOOKUP_TYPE;
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+#define X509_LU_RETRY   -1
+#define X509_LU_FAIL    0
+#endif
+
+DEFINE_STACK_OF(X509_LOOKUP)
+DEFINE_STACK_OF(X509_OBJECT)
+DEFINE_STACK_OF(X509_VERIFY_PARAM)
+
+int X509_STORE_set_depth(X509_STORE *store, int depth);
+
+typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *);
+typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *);
+typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer,
+                                            X509_STORE_CTX *ctx, X509 *x);
+typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx,
+                                              X509 *x, X509 *issuer);
+typedef int (*X509_STORE_CTX_check_revocation_fn)(X509_STORE_CTX *ctx);
+typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx,
+                                         X509_CRL **crl, X509 *x);
+typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl);
+typedef int (*X509_STORE_CTX_cert_crl_fn)(X509_STORE_CTX *ctx,
+                                          X509_CRL *crl, X509 *x);
+typedef int (*X509_STORE_CTX_check_policy_fn)(X509_STORE_CTX *ctx);
+typedef STACK_OF(X509) *(*X509_STORE_CTX_lookup_certs_fn)(X509_STORE_CTX *ctx,
+                                                          X509_NAME *nm);
+typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)(X509_STORE_CTX *ctx,
+                                                             X509_NAME *nm);
+typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx);
+
+
+void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
+
+# define X509_STORE_CTX_set_app_data(ctx,data) \
+        X509_STORE_CTX_set_ex_data(ctx,0,data)
+# define X509_STORE_CTX_get_app_data(ctx) \
+        X509_STORE_CTX_get_ex_data(ctx,0)
+
+# define X509_L_FILE_LOAD        1
+# define X509_L_ADD_DIR          2
+
+# define X509_LOOKUP_load_file(x,name,type) \
+                X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL)
+
+# define X509_LOOKUP_add_dir(x,name,type) \
+                X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL)
+
+# define         X509_V_OK                                       0
+# define         X509_V_ERR_UNSPECIFIED                          1
+# define         X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT            2
+# define         X509_V_ERR_UNABLE_TO_GET_CRL                    3
+# define         X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE     4
+# define         X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE      5
+# define         X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY   6
+# define         X509_V_ERR_CERT_SIGNATURE_FAILURE               7
+# define         X509_V_ERR_CRL_SIGNATURE_FAILURE                8
+# define         X509_V_ERR_CERT_NOT_YET_VALID                   9
+# define         X509_V_ERR_CERT_HAS_EXPIRED                     10
+# define         X509_V_ERR_CRL_NOT_YET_VALID                    11
+# define         X509_V_ERR_CRL_HAS_EXPIRED                      12
+# define         X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD       13
+# define         X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD        14
+# define         X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD       15
+# define         X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD       16
+# define         X509_V_ERR_OUT_OF_MEM                           17
+# define         X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT          18
+# define         X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN            19
+# define         X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY    20
+# define         X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE      21
+# define         X509_V_ERR_CERT_CHAIN_TOO_LONG                  22
+# define         X509_V_ERR_CERT_REVOKED                         23
+# define         X509_V_ERR_INVALID_CA                           24
+# define         X509_V_ERR_PATH_LENGTH_EXCEEDED                 25
+# define         X509_V_ERR_INVALID_PURPOSE                      26
+# define         X509_V_ERR_CERT_UNTRUSTED                       27
+# define         X509_V_ERR_CERT_REJECTED                        28
+/* These are 'informational' when looking for issuer cert */
+# define         X509_V_ERR_SUBJECT_ISSUER_MISMATCH              29
+# define         X509_V_ERR_AKID_SKID_MISMATCH                   30
+# define         X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH          31
+# define         X509_V_ERR_KEYUSAGE_NO_CERTSIGN                 32
+# define         X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER             33
+# define         X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION         34
+# define         X509_V_ERR_KEYUSAGE_NO_CRL_SIGN                 35
+# define         X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION     36
+# define         X509_V_ERR_INVALID_NON_CA                       37
+# define         X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED           38
+# define         X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE        39
+# define         X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED       40
+# define         X509_V_ERR_INVALID_EXTENSION                    41
+# define         X509_V_ERR_INVALID_POLICY_EXTENSION             42
+# define         X509_V_ERR_NO_EXPLICIT_POLICY                   43
+# define         X509_V_ERR_DIFFERENT_CRL_SCOPE                  44
+# define         X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE        45
+# define         X509_V_ERR_UNNESTED_RESOURCE                    46
+# define         X509_V_ERR_PERMITTED_VIOLATION                  47
+# define         X509_V_ERR_EXCLUDED_VIOLATION                   48
+# define         X509_V_ERR_SUBTREE_MINMAX                       49
+/* The application is not happy */
+# define         X509_V_ERR_APPLICATION_VERIFICATION             50
+# define         X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE          51
+# define         X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX        52
+# define         X509_V_ERR_UNSUPPORTED_NAME_SYNTAX              53
+# define         X509_V_ERR_CRL_PATH_VALIDATION_ERROR            54
+/* Another issuer check debug option */
+# define         X509_V_ERR_PATH_LOOP                            55
+/* Suite B mode algorithm violation */
+# define         X509_V_ERR_SUITE_B_INVALID_VERSION              56
+# define         X509_V_ERR_SUITE_B_INVALID_ALGORITHM            57
+# define         X509_V_ERR_SUITE_B_INVALID_CURVE                58
+# define         X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM  59
+# define         X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED              60
+# define         X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61
+/* Host, email and IP check errors */
+# define         X509_V_ERR_HOSTNAME_MISMATCH                    62
+# define         X509_V_ERR_EMAIL_MISMATCH                       63
+# define         X509_V_ERR_IP_ADDRESS_MISMATCH                  64
+/* DANE TLSA errors */
+# define         X509_V_ERR_DANE_NO_MATCH                        65
+/* security level errors */
+# define         X509_V_ERR_EE_KEY_TOO_SMALL                     66
+# define         X509_V_ERR_CA_KEY_TOO_SMALL                     67
+# define         X509_V_ERR_CA_MD_TOO_WEAK                       68
+/* Caller error */
+# define         X509_V_ERR_INVALID_CALL                         69
+/* Issuer lookup error */
+# define         X509_V_ERR_STORE_LOOKUP                         70
+/* Certificate transparency */
+# define         X509_V_ERR_NO_VALID_SCTS                        71
+
+# define         X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION         72
+/* OCSP status errors */
+# define         X509_V_ERR_OCSP_VERIFY_NEEDED                   73  /* Need OCSP verification */
+# define         X509_V_ERR_OCSP_VERIFY_FAILED                   74  /* Couldn't verify cert through OCSP */
+# define         X509_V_ERR_OCSP_CERT_UNKNOWN                    75  /* Certificate wasn't recognized by the OCSP responder */
+
+/* Certificate verify flags */
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define X509_V_FLAG_CB_ISSUER_CHECK             0x0   /* Deprecated */
+# endif
+/* Use check time instead of current time */
+# define X509_V_FLAG_USE_CHECK_TIME              0x2
+/* Lookup CRLs */
+# define X509_V_FLAG_CRL_CHECK                   0x4
+/* Lookup CRLs for whole chain */
+# define X509_V_FLAG_CRL_CHECK_ALL               0x8
+/* Ignore unhandled critical extensions */
+# define X509_V_FLAG_IGNORE_CRITICAL             0x10
+/* Disable workarounds for broken certificates */
+# define X509_V_FLAG_X509_STRICT                 0x20
+/* Enable proxy certificate validation */
+# define X509_V_FLAG_ALLOW_PROXY_CERTS           0x40
+/* Enable policy checking */
+# define X509_V_FLAG_POLICY_CHECK                0x80
+/* Policy variable require-explicit-policy */
+# define X509_V_FLAG_EXPLICIT_POLICY             0x100
+/* Policy variable inhibit-any-policy */
+# define X509_V_FLAG_INHIBIT_ANY                 0x200
+/* Policy variable inhibit-policy-mapping */
+# define X509_V_FLAG_INHIBIT_MAP                 0x400
+/* Notify callback that policy is OK */
+# define X509_V_FLAG_NOTIFY_POLICY               0x800
+/* Extended CRL features such as indirect CRLs, alternate CRL signing keys */
+# define X509_V_FLAG_EXTENDED_CRL_SUPPORT        0x1000
+/* Delta CRL support */
+# define X509_V_FLAG_USE_DELTAS                  0x2000
+/* Check self-signed CA signature */
+# define X509_V_FLAG_CHECK_SS_SIGNATURE          0x4000
+/* Use trusted store first */
+# define X509_V_FLAG_TRUSTED_FIRST               0x8000
+/* Suite B 128 bit only mode: not normally used */
+# define X509_V_FLAG_SUITEB_128_LOS_ONLY         0x10000
+/* Suite B 192 bit only mode */
+# define X509_V_FLAG_SUITEB_192_LOS              0x20000
+/* Suite B 128 bit mode allowing 192 bit algorithms */
+# define X509_V_FLAG_SUITEB_128_LOS              0x30000
+/* Allow partial chains if at least one certificate is in trusted store */
+# define X509_V_FLAG_PARTIAL_CHAIN               0x80000
+/*
+ * If the initial chain is not trusted, do not attempt to build an alternative
+ * chain. Alternate chain checking was introduced in 1.1.0. Setting this flag
+ * will force the behaviour to match that of previous versions.
+ */
+# define X509_V_FLAG_NO_ALT_CHAINS               0x100000
+/* Do not check certificate/CRL validity against current time */
+# define X509_V_FLAG_NO_CHECK_TIME               0x200000
+
+# define X509_VP_FLAG_DEFAULT                    0x1
+# define X509_VP_FLAG_OVERWRITE                  0x2
+# define X509_VP_FLAG_RESET_FLAGS                0x4
+# define X509_VP_FLAG_LOCKED                     0x8
+# define X509_VP_FLAG_ONCE                       0x10
+
+/* Internal use: mask of policy related options */
+# define X509_V_FLAG_POLICY_MASK (X509_V_FLAG_POLICY_CHECK \
+                                | X509_V_FLAG_EXPLICIT_POLICY \
+                                | X509_V_FLAG_INHIBIT_ANY \
+                                | X509_V_FLAG_INHIBIT_MAP)
+
+int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type,
+                               X509_NAME *name);
+X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,
+                                             X509_LOOKUP_TYPE type,
+                                             X509_NAME *name);
+X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h,
+                                        X509_OBJECT *x);
+int X509_OBJECT_up_ref_count(X509_OBJECT *a);
+X509_OBJECT *X509_OBJECT_new(void);
+void X509_OBJECT_free(X509_OBJECT *a);
+X509_LOOKUP_TYPE X509_OBJECT_get_type(const X509_OBJECT *a);
+X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a);
+int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj);
+X509_CRL *X509_OBJECT_get0_X509_CRL(X509_OBJECT *a);
+int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj);
+X509_STORE *X509_STORE_new(void);
+void X509_STORE_free(X509_STORE *v);
+int X509_STORE_lock(X509_STORE *ctx);
+int X509_STORE_unlock(X509_STORE *ctx);
+int X509_STORE_up_ref(X509_STORE *v);
+STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *v);
+
+STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st, X509_NAME *nm);
+STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(X509_STORE_CTX *st, X509_NAME *nm);
+int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
+int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
+int X509_STORE_set_trust(X509_STORE *ctx, int trust);
+int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm);
+X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx);
+
+void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
+#define X509_STORE_set_verify_func(ctx, func) \
+            X509_STORE_set_verify((ctx),(func))
+void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
+                               X509_STORE_CTX_verify_fn verify);
+X509_STORE_CTX_verify_fn X509_STORE_get_verify(X509_STORE *ctx);
+void X509_STORE_set_verify_cb(X509_STORE *ctx,
+                              X509_STORE_CTX_verify_cb verify_cb);
+# define X509_STORE_set_verify_cb_func(ctx,func) \
+            X509_STORE_set_verify_cb((ctx),(func))
+X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE *ctx);
+void X509_STORE_set_get_issuer(X509_STORE *ctx,
+                               X509_STORE_CTX_get_issuer_fn get_issuer);
+X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE *ctx);
+void X509_STORE_set_check_issued(X509_STORE *ctx,
+                                 X509_STORE_CTX_check_issued_fn check_issued);
+X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE *ctx);
+void X509_STORE_set_check_revocation(X509_STORE *ctx,
+                                     X509_STORE_CTX_check_revocation_fn check_revocation);
+X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(X509_STORE *ctx);
+void X509_STORE_set_get_crl(X509_STORE *ctx,
+                            X509_STORE_CTX_get_crl_fn get_crl);
+X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(X509_STORE *ctx);
+void X509_STORE_set_check_crl(X509_STORE *ctx,
+                              X509_STORE_CTX_check_crl_fn check_crl);
+X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(X509_STORE *ctx);
+void X509_STORE_set_cert_crl(X509_STORE *ctx,
+                             X509_STORE_CTX_cert_crl_fn cert_crl);
+X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(X509_STORE *ctx);
+void X509_STORE_set_check_policy(X509_STORE *ctx,
+                                 X509_STORE_CTX_check_policy_fn check_policy);
+X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(X509_STORE *ctx);
+void X509_STORE_set_lookup_certs(X509_STORE *ctx,
+                                 X509_STORE_CTX_lookup_certs_fn lookup_certs);
+X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(X509_STORE *ctx);
+void X509_STORE_set_lookup_crls(X509_STORE *ctx,
+                                X509_STORE_CTX_lookup_crls_fn lookup_crls);
+#define X509_STORE_set_lookup_crls_cb(ctx, func) \
+    X509_STORE_set_lookup_crls((ctx), (func))
+X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(X509_STORE *ctx);
+void X509_STORE_set_cleanup(X509_STORE *ctx,
+                            X509_STORE_CTX_cleanup_fn cleanup);
+X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(X509_STORE *ctx);
+
+#define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef)
+int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data);
+void *X509_STORE_get_ex_data(X509_STORE *ctx, int idx);
+
+X509_STORE_CTX *X509_STORE_CTX_new(void);
+
+int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
+
+void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
+int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
+                        X509 *x509, STACK_OF(X509) *chain);
+void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
+void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
+
+X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx);
+X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx);
+STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
+void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
+                                  X509_STORE_CTX_verify_cb verify);
+X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx);
+X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx);
+X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(X509_STORE_CTX *ctx);
+X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx);
+X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(X509_STORE_CTX *ctx);
+X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(X509_STORE_CTX *ctx);
+X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(X509_STORE_CTX *ctx);
+X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(X509_STORE_CTX *ctx);
+X509_STORE_CTX_check_policy_fn X509_STORE_CTX_get_check_policy(X509_STORE_CTX *ctx);
+X509_STORE_CTX_lookup_certs_fn X509_STORE_CTX_get_lookup_certs(X509_STORE_CTX *ctx);
+X509_STORE_CTX_lookup_crls_fn X509_STORE_CTX_get_lookup_crls(X509_STORE_CTX *ctx);
+X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(X509_STORE_CTX *ctx);
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define X509_STORE_CTX_get_chain X509_STORE_CTX_get0_chain
+# define X509_STORE_CTX_set_chain X509_STORE_CTX_set0_untrusted
+# define X509_STORE_CTX_trusted_stack X509_STORE_CTX_set0_trusted_stack
+# define X509_STORE_get_by_subject X509_STORE_CTX_get_by_subject
+# define X509_STORE_get1_certs X509_STORE_CTX_get1_certs
+# define X509_STORE_get1_crls X509_STORE_CTX_get1_crls
+/* the following macro is misspelled; use X509_STORE_get1_certs instead */
+# define X509_STORE_get1_cert X509_STORE_CTX_get1_certs
+/* the following macro is misspelled; use X509_STORE_get1_crls instead */
+# define X509_STORE_get1_crl X509_STORE_CTX_get1_crls
+#endif
+
+X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
+X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
+X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
+
+typedef int (*X509_LOOKUP_ctrl_fn)(X509_LOOKUP *ctx, int cmd, const char *argc,
+                                   long argl, char **ret);
+typedef int (*X509_LOOKUP_get_by_subject_fn)(X509_LOOKUP *ctx,
+                                             X509_LOOKUP_TYPE type,
+                                             X509_NAME *name,
+                                             X509_OBJECT *ret);
+typedef int (*X509_LOOKUP_get_by_issuer_serial_fn)(X509_LOOKUP *ctx,
+                                                   X509_LOOKUP_TYPE type,
+                                                   X509_NAME *name,
+                                                   ASN1_INTEGER *serial,
+                                                   X509_OBJECT *ret);
+typedef int (*X509_LOOKUP_get_by_fingerprint_fn)(X509_LOOKUP *ctx,
+                                                 X509_LOOKUP_TYPE type,
+                                                 const unsigned char* bytes,
+                                                 int len,
+                                                 X509_OBJECT *ret);
+typedef int (*X509_LOOKUP_get_by_alias_fn)(X509_LOOKUP *ctx,
+                                           X509_LOOKUP_TYPE type,
+                                           const char *str,
+                                           int len,
+                                           X509_OBJECT *ret);
+
+X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name);
+void X509_LOOKUP_meth_free(X509_LOOKUP_METHOD *method);
+
+int X509_LOOKUP_meth_set_new_item(X509_LOOKUP_METHOD *method,
+                                  int (*new_item) (X509_LOOKUP *ctx));
+int (*X509_LOOKUP_meth_get_new_item(const X509_LOOKUP_METHOD* method))
+    (X509_LOOKUP *ctx);
+
+int X509_LOOKUP_meth_set_free(X509_LOOKUP_METHOD *method,
+                              void (*free_fn) (X509_LOOKUP *ctx));
+void (*X509_LOOKUP_meth_get_free(const X509_LOOKUP_METHOD* method))
+    (X509_LOOKUP *ctx);
+
+int X509_LOOKUP_meth_set_init(X509_LOOKUP_METHOD *method,
+                              int (*init) (X509_LOOKUP *ctx));
+int (*X509_LOOKUP_meth_get_init(const X509_LOOKUP_METHOD* method))
+    (X509_LOOKUP *ctx);
+
+int X509_LOOKUP_meth_set_shutdown(X509_LOOKUP_METHOD *method,
+                                  int (*shutdown) (X509_LOOKUP *ctx));
+int (*X509_LOOKUP_meth_get_shutdown(const X509_LOOKUP_METHOD* method))
+    (X509_LOOKUP *ctx);
+
+int X509_LOOKUP_meth_set_ctrl(X509_LOOKUP_METHOD *method,
+                              X509_LOOKUP_ctrl_fn ctrl_fn);
+X509_LOOKUP_ctrl_fn X509_LOOKUP_meth_get_ctrl(const X509_LOOKUP_METHOD *method);
+
+int X509_LOOKUP_meth_set_get_by_subject(X509_LOOKUP_METHOD *method,
+                                        X509_LOOKUP_get_by_subject_fn fn);
+X509_LOOKUP_get_by_subject_fn X509_LOOKUP_meth_get_get_by_subject(
+    const X509_LOOKUP_METHOD *method);
+
+int X509_LOOKUP_meth_set_get_by_issuer_serial(X509_LOOKUP_METHOD *method,
+    X509_LOOKUP_get_by_issuer_serial_fn fn);
+X509_LOOKUP_get_by_issuer_serial_fn X509_LOOKUP_meth_get_get_by_issuer_serial(
+    const X509_LOOKUP_METHOD *method);
+
+int X509_LOOKUP_meth_set_get_by_fingerprint(X509_LOOKUP_METHOD *method,
+    X509_LOOKUP_get_by_fingerprint_fn fn);
+X509_LOOKUP_get_by_fingerprint_fn X509_LOOKUP_meth_get_get_by_fingerprint(
+    const X509_LOOKUP_METHOD *method);
+
+int X509_LOOKUP_meth_set_get_by_alias(X509_LOOKUP_METHOD *method,
+                                      X509_LOOKUP_get_by_alias_fn fn);
+X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias(
+    const X509_LOOKUP_METHOD *method);
+
+
+int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
+int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
+
+int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type,
+                                  X509_NAME *name, X509_OBJECT *ret);
+X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs,
+                                               X509_LOOKUP_TYPE type,
+                                               X509_NAME *name);
+
+int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
+                     long argl, char **ret);
+
+int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type);
+int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type);
+int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type);
+
+X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method);
+void X509_LOOKUP_free(X509_LOOKUP *ctx);
+int X509_LOOKUP_init(X509_LOOKUP *ctx);
+int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                           X509_NAME *name, X509_OBJECT *ret);
+int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                                 X509_NAME *name, ASN1_INTEGER *serial,
+                                 X509_OBJECT *ret);
+int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                               const unsigned char *bytes, int len,
+                               X509_OBJECT *ret);
+int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                         const char *str, int len, X509_OBJECT *ret);
+int X509_LOOKUP_set_method_data(X509_LOOKUP *ctx, void *data);
+void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx);
+X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx);
+int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
+
+int X509_STORE_load_locations(X509_STORE *ctx,
+                              const char *file, const char *dir);
+int X509_STORE_set_default_paths(X509_STORE *ctx);
+
+#define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef)
+int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data);
+void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx);
+int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s);
+int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth);
+X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x);
+X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx);
+X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx);
+X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx);
+STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx);
+STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set_cert(X509_STORE_CTX *c, X509 *x);
+void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk);
+void X509_STORE_CTX_set0_crls(X509_STORE_CTX *c, STACK_OF(X509_CRL) *sk);
+int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
+int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust);
+int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
+                                   int purpose, int trust);
+void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags);
+void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
+                             time_t t);
+
+X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx);
+int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx);
+int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx);
+
+X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param);
+int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name);
+
+/*
+ * Bridge opacity barrier between libcrypt and libssl, also needed to support
+ * offline testing in test/danetest.c
+ */
+void X509_STORE_CTX_set0_dane(X509_STORE_CTX *ctx, SSL_DANE *dane);
+#define DANE_FLAG_NO_DANE_EE_NAMECHECKS (1L << 0)
+
+/* X509_VERIFY_PARAM functions */
+
+X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void);
+void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param);
+int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *to,
+                              const X509_VERIFY_PARAM *from);
+int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,
+                           const X509_VERIFY_PARAM *from);
+int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name);
+int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param,
+                                unsigned long flags);
+int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,
+                                  unsigned long flags);
+unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param);
+int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose);
+int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust);
+void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth);
+void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param, int auth_level);
+time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param);
+void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t);
+int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
+                                  ASN1_OBJECT *policy);
+int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
+                                    STACK_OF(ASN1_OBJECT) *policies);
+
+int X509_VERIFY_PARAM_set_inh_flags(X509_VERIFY_PARAM *param,
+                                    uint32_t flags);
+uint32_t X509_VERIFY_PARAM_get_inh_flags(const X509_VERIFY_PARAM *param);
+
+int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
+                                const char *name, size_t namelen);
+int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
+                                const char *name, size_t namelen);
+void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
+                                     unsigned int flags);
+unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param);
+char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *);
+void X509_VERIFY_PARAM_move_peername(X509_VERIFY_PARAM *, X509_VERIFY_PARAM *);
+int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
+                                 const char *email, size_t emaillen);
+int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
+                              const unsigned char *ip, size_t iplen);
+int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param,
+                                  const char *ipasc);
+
+int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param);
+int X509_VERIFY_PARAM_get_auth_level(const X509_VERIFY_PARAM *param);
+const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param);
+
+int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param);
+int X509_VERIFY_PARAM_get_count(void);
+const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id);
+const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name);
+void X509_VERIFY_PARAM_table_cleanup(void);
+
+/* Non positive return values are errors */
+#define X509_PCY_TREE_FAILURE  -2 /* Failure to satisfy explicit policy */
+#define X509_PCY_TREE_INVALID  -1 /* Inconsistent or invalid extensions */
+#define X509_PCY_TREE_INTERNAL  0 /* Internal error, most likely malloc */
+
+/*
+ * Positive return values form a bit mask, all but the first are internal to
+ * the library and don't appear in results from X509_policy_check().
+ */
+#define X509_PCY_TREE_VALID     1 /* The policy tree is valid */
+#define X509_PCY_TREE_EMPTY     2 /* The policy tree is empty */
+#define X509_PCY_TREE_EXPLICIT  4 /* Explicit policy required */
+
+int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
+                      STACK_OF(X509) *certs,
+                      STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags);
+
+void X509_policy_tree_free(X509_POLICY_TREE *tree);
+
+int X509_policy_tree_level_count(const X509_POLICY_TREE *tree);
+X509_POLICY_LEVEL *X509_policy_tree_get0_level(const X509_POLICY_TREE *tree,
+                                               int i);
+
+STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_policies(const
+                                                           X509_POLICY_TREE
+                                                           *tree);
+
+STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_user_policies(const
+                                                                X509_POLICY_TREE
+                                                                *tree);
+
+int X509_policy_level_node_count(X509_POLICY_LEVEL *level);
+
+X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level,
+                                              int i);
+
+const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node);
+
+STACK_OF(POLICYQUALINFO) *X509_policy_node_get0_qualifiers(const
+                                                           X509_POLICY_NODE
+                                                           *node);
+const X509_POLICY_NODE *X509_policy_node_get0_parent(const X509_POLICY_NODE
+                                                     *node);
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/x509err.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/x509err.h
new file mode 100644
index 000000000..b1d6a8709
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/x509err.h
@@ -0,0 +1,125 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_X509ERR_H
+# define HEADER_X509ERR_H
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_X509_strings(void);
+
+/*
+ * X509 function codes.
+ */
+# define X509_F_ADD_CERT_DIR                              100
+# define X509_F_BUILD_CHAIN                               106
+# define X509_F_BY_FILE_CTRL                              101
+# define X509_F_CHECK_NAME_CONSTRAINTS                    149
+# define X509_F_CHECK_POLICY                              145
+# define X509_F_DANE_I2D                                  107
+# define X509_F_DIR_CTRL                                  102
+# define X509_F_GET_CERT_BY_SUBJECT                       103
+# define X509_F_I2D_X509_AUX                              151
+# define X509_F_LOOKUP_CERTS_SK                           152
+# define X509_F_NETSCAPE_SPKI_B64_DECODE                  129
+# define X509_F_NETSCAPE_SPKI_B64_ENCODE                  130
+# define X509_F_NEW_DIR                                   153
+# define X509_F_X509AT_ADD1_ATTR                          135
+# define X509_F_X509V3_ADD_EXT                            104
+# define X509_F_X509_ATTRIBUTE_CREATE_BY_NID              136
+# define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ              137
+# define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT              140
+# define X509_F_X509_ATTRIBUTE_GET0_DATA                  139
+# define X509_F_X509_ATTRIBUTE_SET1_DATA                  138
+# define X509_F_X509_CHECK_PRIVATE_KEY                    128
+# define X509_F_X509_CRL_DIFF                             105
+# define X509_F_X509_CRL_METHOD_NEW                       154
+# define X509_F_X509_CRL_PRINT_FP                         147
+# define X509_F_X509_EXTENSION_CREATE_BY_NID              108
+# define X509_F_X509_EXTENSION_CREATE_BY_OBJ              109
+# define X509_F_X509_GET_PUBKEY_PARAMETERS                110
+# define X509_F_X509_LOAD_CERT_CRL_FILE                   132
+# define X509_F_X509_LOAD_CERT_FILE                       111
+# define X509_F_X509_LOAD_CRL_FILE                        112
+# define X509_F_X509_LOOKUP_METH_NEW                      160
+# define X509_F_X509_LOOKUP_NEW                           155
+# define X509_F_X509_NAME_ADD_ENTRY                       113
+# define X509_F_X509_NAME_CANON                           156
+# define X509_F_X509_NAME_ENTRY_CREATE_BY_NID             114
+# define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT             131
+# define X509_F_X509_NAME_ENTRY_SET_OBJECT                115
+# define X509_F_X509_NAME_ONELINE                         116
+# define X509_F_X509_NAME_PRINT                           117
+# define X509_F_X509_OBJECT_NEW                           150
+# define X509_F_X509_PRINT_EX_FP                          118
+# define X509_F_X509_PUBKEY_DECODE                        148
+# define X509_F_X509_PUBKEY_GET0                          119
+# define X509_F_X509_PUBKEY_SET                           120
+# define X509_F_X509_REQ_CHECK_PRIVATE_KEY                144
+# define X509_F_X509_REQ_PRINT_EX                         121
+# define X509_F_X509_REQ_PRINT_FP                         122
+# define X509_F_X509_REQ_TO_X509                          123
+# define X509_F_X509_STORE_ADD_CERT                       124
+# define X509_F_X509_STORE_ADD_CRL                        125
+# define X509_F_X509_STORE_ADD_LOOKUP                     157
+# define X509_F_X509_STORE_CTX_GET1_ISSUER                146
+# define X509_F_X509_STORE_CTX_INIT                       143
+# define X509_F_X509_STORE_CTX_NEW                        142
+# define X509_F_X509_STORE_CTX_PURPOSE_INHERIT            134
+# define X509_F_X509_STORE_NEW                            158
+# define X509_F_X509_TO_X509_REQ                          126
+# define X509_F_X509_TRUST_ADD                            133
+# define X509_F_X509_TRUST_SET                            141
+# define X509_F_X509_VERIFY_CERT                          127
+# define X509_F_X509_VERIFY_PARAM_NEW                     159
+
+/*
+ * X509 reason codes.
+ */
+# define X509_R_AKID_MISMATCH                             110
+# define X509_R_BAD_SELECTOR                              133
+# define X509_R_BAD_X509_FILETYPE                         100
+# define X509_R_BASE64_DECODE_ERROR                       118
+# define X509_R_CANT_CHECK_DH_KEY                         114
+# define X509_R_CERT_ALREADY_IN_HASH_TABLE                101
+# define X509_R_CRL_ALREADY_DELTA                         127
+# define X509_R_CRL_VERIFY_FAILURE                        131
+# define X509_R_IDP_MISMATCH                              128
+# define X509_R_INVALID_DIRECTORY                         113
+# define X509_R_INVALID_FIELD_NAME                        119
+# define X509_R_INVALID_TRUST                             123
+# define X509_R_ISSUER_MISMATCH                           129
+# define X509_R_KEY_TYPE_MISMATCH                         115
+# define X509_R_KEY_VALUES_MISMATCH                       116
+# define X509_R_LOADING_CERT_DIR                          103
+# define X509_R_LOADING_DEFAULTS                          104
+# define X509_R_METHOD_NOT_SUPPORTED                      124
+# define X509_R_NAME_TOO_LONG                             134
+# define X509_R_NEWER_CRL_NOT_NEWER                       132
+# define X509_R_NO_CERTIFICATE_FOUND                      135
+# define X509_R_NO_CERTIFICATE_OR_CRL_FOUND               136
+# define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY              105
+# define X509_R_NO_CRL_FOUND                              137
+# define X509_R_NO_CRL_NUMBER                             130
+# define X509_R_PUBLIC_KEY_DECODE_ERROR                   125
+# define X509_R_PUBLIC_KEY_ENCODE_ERROR                   126
+# define X509_R_SHOULD_RETRY                              106
+# define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN        107
+# define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY            108
+# define X509_R_UNKNOWN_KEY_TYPE                          117
+# define X509_R_UNKNOWN_NID                               109
+# define X509_R_UNKNOWN_PURPOSE_ID                        121
+# define X509_R_UNKNOWN_TRUST_ID                          120
+# define X509_R_UNSUPPORTED_ALGORITHM                     111
+# define X509_R_WRONG_LOOKUP_TYPE                         112
+# define X509_R_WRONG_TYPE                                122
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/x509v3.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/x509v3.h
new file mode 100644
index 000000000..fe1791c68
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/x509v3.h
@@ -0,0 +1,935 @@
+/*
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_X509V3_H
+# define HEADER_X509V3_H
+
+# include <openssl/bio.h>
+# include <openssl/x509.h>
+# include <openssl/conf.h>
+# include <openssl/x509v3err.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Forward reference */
+struct v3_ext_method;
+struct v3_ext_ctx;
+
+/* Useful typedefs */
+
+typedef void *(*X509V3_EXT_NEW)(void);
+typedef void (*X509V3_EXT_FREE) (void *);
+typedef void *(*X509V3_EXT_D2I)(void *, const unsigned char **, long);
+typedef int (*X509V3_EXT_I2D) (void *, unsigned char **);
+typedef STACK_OF(CONF_VALUE) *
+    (*X509V3_EXT_I2V) (const struct v3_ext_method *method, void *ext,
+                       STACK_OF(CONF_VALUE) *extlist);
+typedef void *(*X509V3_EXT_V2I)(const struct v3_ext_method *method,
+                                struct v3_ext_ctx *ctx,
+                                STACK_OF(CONF_VALUE) *values);
+typedef char *(*X509V3_EXT_I2S)(const struct v3_ext_method *method,
+                                void *ext);
+typedef void *(*X509V3_EXT_S2I)(const struct v3_ext_method *method,
+                                struct v3_ext_ctx *ctx, const char *str);
+typedef int (*X509V3_EXT_I2R) (const struct v3_ext_method *method, void *ext,
+                               BIO *out, int indent);
+typedef void *(*X509V3_EXT_R2I)(const struct v3_ext_method *method,
+                                struct v3_ext_ctx *ctx, const char *str);
+
+/* V3 extension structure */
+
+struct v3_ext_method {
+    int ext_nid;
+    int ext_flags;
+/* If this is set the following four fields are ignored */
+    ASN1_ITEM_EXP *it;
+/* Old style ASN1 calls */
+    X509V3_EXT_NEW ext_new;
+    X509V3_EXT_FREE ext_free;
+    X509V3_EXT_D2I d2i;
+    X509V3_EXT_I2D i2d;
+/* The following pair is used for string extensions */
+    X509V3_EXT_I2S i2s;
+    X509V3_EXT_S2I s2i;
+/* The following pair is used for multi-valued extensions */
+    X509V3_EXT_I2V i2v;
+    X509V3_EXT_V2I v2i;
+/* The following are used for raw extensions */
+    X509V3_EXT_I2R i2r;
+    X509V3_EXT_R2I r2i;
+    void *usr_data;             /* Any extension specific data */
+};
+
+typedef struct X509V3_CONF_METHOD_st {
+    char *(*get_string) (void *db, const char *section, const char *value);
+    STACK_OF(CONF_VALUE) *(*get_section) (void *db, const char *section);
+    void (*free_string) (void *db, char *string);
+    void (*free_section) (void *db, STACK_OF(CONF_VALUE) *section);
+} X509V3_CONF_METHOD;
+
+/* Context specific info */
+struct v3_ext_ctx {
+# define CTX_TEST 0x1
+# define X509V3_CTX_REPLACE 0x2
+    int flags;
+    X509 *issuer_cert;
+    X509 *subject_cert;
+    X509_REQ *subject_req;
+    X509_CRL *crl;
+    X509V3_CONF_METHOD *db_meth;
+    void *db;
+/* Maybe more here */
+};
+
+typedef struct v3_ext_method X509V3_EXT_METHOD;
+
+DEFINE_STACK_OF(X509V3_EXT_METHOD)
+
+/* ext_flags values */
+# define X509V3_EXT_DYNAMIC      0x1
+# define X509V3_EXT_CTX_DEP      0x2
+# define X509V3_EXT_MULTILINE    0x4
+
+typedef BIT_STRING_BITNAME ENUMERATED_NAMES;
+
+typedef struct BASIC_CONSTRAINTS_st {
+    int ca;
+    ASN1_INTEGER *pathlen;
+} BASIC_CONSTRAINTS;
+
+typedef struct PKEY_USAGE_PERIOD_st {
+    ASN1_GENERALIZEDTIME *notBefore;
+    ASN1_GENERALIZEDTIME *notAfter;
+} PKEY_USAGE_PERIOD;
+
+typedef struct otherName_st {
+    ASN1_OBJECT *type_id;
+    ASN1_TYPE *value;
+} OTHERNAME;
+
+typedef struct EDIPartyName_st {
+    ASN1_STRING *nameAssigner;
+    ASN1_STRING *partyName;
+} EDIPARTYNAME;
+
+typedef struct GENERAL_NAME_st {
+# define GEN_OTHERNAME   0
+# define GEN_EMAIL       1
+# define GEN_DNS         2
+# define GEN_X400        3
+# define GEN_DIRNAME     4
+# define GEN_EDIPARTY    5
+# define GEN_URI         6
+# define GEN_IPADD       7
+# define GEN_RID         8
+    int type;
+    union {
+        char *ptr;
+        OTHERNAME *otherName;   /* otherName */
+        ASN1_IA5STRING *rfc822Name;
+        ASN1_IA5STRING *dNSName;
+        ASN1_TYPE *x400Address;
+        X509_NAME *directoryName;
+        EDIPARTYNAME *ediPartyName;
+        ASN1_IA5STRING *uniformResourceIdentifier;
+        ASN1_OCTET_STRING *iPAddress;
+        ASN1_OBJECT *registeredID;
+        /* Old names */
+        ASN1_OCTET_STRING *ip;  /* iPAddress */
+        X509_NAME *dirn;        /* dirn */
+        ASN1_IA5STRING *ia5;    /* rfc822Name, dNSName,
+                                 * uniformResourceIdentifier */
+        ASN1_OBJECT *rid;       /* registeredID */
+        ASN1_TYPE *other;       /* x400Address */
+    } d;
+} GENERAL_NAME;
+
+typedef struct ACCESS_DESCRIPTION_st {
+    ASN1_OBJECT *method;
+    GENERAL_NAME *location;
+} ACCESS_DESCRIPTION;
+
+typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
+
+typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE;
+
+typedef STACK_OF(ASN1_INTEGER) TLS_FEATURE;
+
+DEFINE_STACK_OF(GENERAL_NAME)
+typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
+DEFINE_STACK_OF(GENERAL_NAMES)
+
+DEFINE_STACK_OF(ACCESS_DESCRIPTION)
+
+typedef struct DIST_POINT_NAME_st {
+    int type;
+    union {
+        GENERAL_NAMES *fullname;
+        STACK_OF(X509_NAME_ENTRY) *relativename;
+    } name;
+/* If relativename then this contains the full distribution point name */
+    X509_NAME *dpname;
+} DIST_POINT_NAME;
+/* All existing reasons */
+# define CRLDP_ALL_REASONS       0x807f
+
+# define CRL_REASON_NONE                         -1
+# define CRL_REASON_UNSPECIFIED                  0
+# define CRL_REASON_KEY_COMPROMISE               1
+# define CRL_REASON_CA_COMPROMISE                2
+# define CRL_REASON_AFFILIATION_CHANGED          3
+# define CRL_REASON_SUPERSEDED                   4
+# define CRL_REASON_CESSATION_OF_OPERATION       5
+# define CRL_REASON_CERTIFICATE_HOLD             6
+# define CRL_REASON_REMOVE_FROM_CRL              8
+# define CRL_REASON_PRIVILEGE_WITHDRAWN          9
+# define CRL_REASON_AA_COMPROMISE                10
+
+struct DIST_POINT_st {
+    DIST_POINT_NAME *distpoint;
+    ASN1_BIT_STRING *reasons;
+    GENERAL_NAMES *CRLissuer;
+    int dp_reasons;
+};
+
+typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS;
+
+DEFINE_STACK_OF(DIST_POINT)
+
+struct AUTHORITY_KEYID_st {
+    ASN1_OCTET_STRING *keyid;
+    GENERAL_NAMES *issuer;
+    ASN1_INTEGER *serial;
+};
+
+/* Strong extranet structures */
+
+typedef struct SXNET_ID_st {
+    ASN1_INTEGER *zone;
+    ASN1_OCTET_STRING *user;
+} SXNETID;
+
+DEFINE_STACK_OF(SXNETID)
+
+typedef struct SXNET_st {
+    ASN1_INTEGER *version;
+    STACK_OF(SXNETID) *ids;
+} SXNET;
+
+typedef struct NOTICEREF_st {
+    ASN1_STRING *organization;
+    STACK_OF(ASN1_INTEGER) *noticenos;
+} NOTICEREF;
+
+typedef struct USERNOTICE_st {
+    NOTICEREF *noticeref;
+    ASN1_STRING *exptext;
+} USERNOTICE;
+
+typedef struct POLICYQUALINFO_st {
+    ASN1_OBJECT *pqualid;
+    union {
+        ASN1_IA5STRING *cpsuri;
+        USERNOTICE *usernotice;
+        ASN1_TYPE *other;
+    } d;
+} POLICYQUALINFO;
+
+DEFINE_STACK_OF(POLICYQUALINFO)
+
+typedef struct POLICYINFO_st {
+    ASN1_OBJECT *policyid;
+    STACK_OF(POLICYQUALINFO) *qualifiers;
+} POLICYINFO;
+
+typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES;
+
+DEFINE_STACK_OF(POLICYINFO)
+
+typedef struct POLICY_MAPPING_st {
+    ASN1_OBJECT *issuerDomainPolicy;
+    ASN1_OBJECT *subjectDomainPolicy;
+} POLICY_MAPPING;
+
+DEFINE_STACK_OF(POLICY_MAPPING)
+
+typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS;
+
+typedef struct GENERAL_SUBTREE_st {
+    GENERAL_NAME *base;
+    ASN1_INTEGER *minimum;
+    ASN1_INTEGER *maximum;
+} GENERAL_SUBTREE;
+
+DEFINE_STACK_OF(GENERAL_SUBTREE)
+
+struct NAME_CONSTRAINTS_st {
+    STACK_OF(GENERAL_SUBTREE) *permittedSubtrees;
+    STACK_OF(GENERAL_SUBTREE) *excludedSubtrees;
+};
+
+typedef struct POLICY_CONSTRAINTS_st {
+    ASN1_INTEGER *requireExplicitPolicy;
+    ASN1_INTEGER *inhibitPolicyMapping;
+} POLICY_CONSTRAINTS;
+
+/* Proxy certificate structures, see RFC 3820 */
+typedef struct PROXY_POLICY_st {
+    ASN1_OBJECT *policyLanguage;
+    ASN1_OCTET_STRING *policy;
+} PROXY_POLICY;
+
+typedef struct PROXY_CERT_INFO_EXTENSION_st {
+    ASN1_INTEGER *pcPathLengthConstraint;
+    PROXY_POLICY *proxyPolicy;
+} PROXY_CERT_INFO_EXTENSION;
+
+DECLARE_ASN1_FUNCTIONS(PROXY_POLICY)
+DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)
+
+struct ISSUING_DIST_POINT_st {
+    DIST_POINT_NAME *distpoint;
+    int onlyuser;
+    int onlyCA;
+    ASN1_BIT_STRING *onlysomereasons;
+    int indirectCRL;
+    int onlyattr;
+};
+
+/* Values in idp_flags field */
+/* IDP present */
+# define IDP_PRESENT     0x1
+/* IDP values inconsistent */
+# define IDP_INVALID     0x2
+/* onlyuser true */
+# define IDP_ONLYUSER    0x4
+/* onlyCA true */
+# define IDP_ONLYCA      0x8
+/* onlyattr true */
+# define IDP_ONLYATTR    0x10
+/* indirectCRL true */
+# define IDP_INDIRECT    0x20
+/* onlysomereasons present */
+# define IDP_REASONS     0x40
+
+# define X509V3_conf_err(val) ERR_add_error_data(6, \
+                        "section:", (val)->section, \
+                        ",name:", (val)->name, ",value:", (val)->value)
+
+# define X509V3_set_ctx_test(ctx) \
+                        X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST)
+# define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL;
+
+# define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \
+                        0,0,0,0, \
+                        0,0, \
+                        (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \
+                        (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \
+                        NULL, NULL, \
+                        table}
+
+# define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \
+                        0,0,0,0, \
+                        (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \
+                        (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \
+                        0,0,0,0, \
+                        NULL}
+
+# define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
+
+/* X509_PURPOSE stuff */
+
+# define EXFLAG_BCONS            0x1
+# define EXFLAG_KUSAGE           0x2
+# define EXFLAG_XKUSAGE          0x4
+# define EXFLAG_NSCERT           0x8
+
+# define EXFLAG_CA               0x10
+/* Really self issued not necessarily self signed */
+# define EXFLAG_SI               0x20
+# define EXFLAG_V1               0x40
+# define EXFLAG_INVALID          0x80
+/* EXFLAG_SET is set to indicate that some values have been precomputed */
+# define EXFLAG_SET              0x100
+# define EXFLAG_CRITICAL         0x200
+# define EXFLAG_PROXY            0x400
+
+# define EXFLAG_INVALID_POLICY   0x800
+# define EXFLAG_FRESHEST         0x1000
+/* Self signed */
+# define EXFLAG_SS               0x2000
+
+# define KU_DIGITAL_SIGNATURE    0x0080
+# define KU_NON_REPUDIATION      0x0040
+# define KU_KEY_ENCIPHERMENT     0x0020
+# define KU_DATA_ENCIPHERMENT    0x0010
+# define KU_KEY_AGREEMENT        0x0008
+# define KU_KEY_CERT_SIGN        0x0004
+# define KU_CRL_SIGN             0x0002
+# define KU_ENCIPHER_ONLY        0x0001
+# define KU_DECIPHER_ONLY        0x8000
+
+# define NS_SSL_CLIENT           0x80
+# define NS_SSL_SERVER           0x40
+# define NS_SMIME                0x20
+# define NS_OBJSIGN              0x10
+# define NS_SSL_CA               0x04
+# define NS_SMIME_CA             0x02
+# define NS_OBJSIGN_CA           0x01
+# define NS_ANY_CA               (NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA)
+
+# define XKU_SSL_SERVER          0x1
+# define XKU_SSL_CLIENT          0x2
+# define XKU_SMIME               0x4
+# define XKU_CODE_SIGN           0x8
+# define XKU_SGC                 0x10
+# define XKU_OCSP_SIGN           0x20
+# define XKU_TIMESTAMP           0x40
+# define XKU_DVCS                0x80
+# define XKU_ANYEKU              0x100
+
+# define X509_PURPOSE_DYNAMIC    0x1
+# define X509_PURPOSE_DYNAMIC_NAME       0x2
+
+typedef struct x509_purpose_st {
+    int purpose;
+    int trust;                  /* Default trust ID */
+    int flags;
+    int (*check_purpose) (const struct x509_purpose_st *, const X509 *, int);
+    char *name;
+    char *sname;
+    void *usr_data;
+} X509_PURPOSE;
+
+# define X509_PURPOSE_SSL_CLIENT         1
+# define X509_PURPOSE_SSL_SERVER         2
+# define X509_PURPOSE_NS_SSL_SERVER      3
+# define X509_PURPOSE_SMIME_SIGN         4
+# define X509_PURPOSE_SMIME_ENCRYPT      5
+# define X509_PURPOSE_CRL_SIGN           6
+# define X509_PURPOSE_ANY                7
+# define X509_PURPOSE_OCSP_HELPER        8
+# define X509_PURPOSE_TIMESTAMP_SIGN     9
+
+# define X509_PURPOSE_MIN                1
+# define X509_PURPOSE_MAX                9
+
+/* Flags for X509V3_EXT_print() */
+
+# define X509V3_EXT_UNKNOWN_MASK         (0xfL << 16)
+/* Return error for unknown extensions */
+# define X509V3_EXT_DEFAULT              0
+/* Print error for unknown extensions */
+# define X509V3_EXT_ERROR_UNKNOWN        (1L << 16)
+/* ASN1 parse unknown extensions */
+# define X509V3_EXT_PARSE_UNKNOWN        (2L << 16)
+/* BIO_dump unknown extensions */
+# define X509V3_EXT_DUMP_UNKNOWN         (3L << 16)
+
+/* Flags for X509V3_add1_i2d */
+
+# define X509V3_ADD_OP_MASK              0xfL
+# define X509V3_ADD_DEFAULT              0L
+# define X509V3_ADD_APPEND               1L
+# define X509V3_ADD_REPLACE              2L
+# define X509V3_ADD_REPLACE_EXISTING     3L
+# define X509V3_ADD_KEEP_EXISTING        4L
+# define X509V3_ADD_DELETE               5L
+# define X509V3_ADD_SILENT               0x10
+
+DEFINE_STACK_OF(X509_PURPOSE)
+
+DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS)
+
+DECLARE_ASN1_FUNCTIONS(SXNET)
+DECLARE_ASN1_FUNCTIONS(SXNETID)
+
+int SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, int userlen);
+int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user,
+                       int userlen);
+int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, const char *user,
+                         int userlen);
+
+ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, const char *zone);
+ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone);
+ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone);
+
+DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID)
+
+DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD)
+
+DECLARE_ASN1_FUNCTIONS(GENERAL_NAME)
+GENERAL_NAME *GENERAL_NAME_dup(GENERAL_NAME *a);
+int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b);
+
+ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
+                                     X509V3_CTX *ctx,
+                                     STACK_OF(CONF_VALUE) *nval);
+STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
+                                          ASN1_BIT_STRING *bits,
+                                          STACK_OF(CONF_VALUE) *extlist);
+char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5);
+ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
+                                   X509V3_CTX *ctx, const char *str);
+
+STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
+                                       GENERAL_NAME *gen,
+                                       STACK_OF(CONF_VALUE) *ret);
+int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen);
+
+DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES)
+
+STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
+                                        GENERAL_NAMES *gen,
+                                        STACK_OF(CONF_VALUE) *extlist);
+GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method,
+                                 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+
+DECLARE_ASN1_FUNCTIONS(OTHERNAME)
+DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME)
+int OTHERNAME_cmp(OTHERNAME *a, OTHERNAME *b);
+void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value);
+void *GENERAL_NAME_get0_value(GENERAL_NAME *a, int *ptype);
+int GENERAL_NAME_set0_othername(GENERAL_NAME *gen,
+                                ASN1_OBJECT *oid, ASN1_TYPE *value);
+int GENERAL_NAME_get0_otherName(GENERAL_NAME *gen,
+                                ASN1_OBJECT **poid, ASN1_TYPE **pvalue);
+
+char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
+                            const ASN1_OCTET_STRING *ia5);
+ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
+                                         X509V3_CTX *ctx, const char *str);
+
+DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)
+int i2a_ACCESS_DESCRIPTION(BIO *bp, const ACCESS_DESCRIPTION *a);
+
+DECLARE_ASN1_ALLOC_FUNCTIONS(TLS_FEATURE)
+
+DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES)
+DECLARE_ASN1_FUNCTIONS(POLICYINFO)
+DECLARE_ASN1_FUNCTIONS(POLICYQUALINFO)
+DECLARE_ASN1_FUNCTIONS(USERNOTICE)
+DECLARE_ASN1_FUNCTIONS(NOTICEREF)
+
+DECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS)
+DECLARE_ASN1_FUNCTIONS(DIST_POINT)
+DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME)
+DECLARE_ASN1_FUNCTIONS(ISSUING_DIST_POINT)
+
+int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname);
+
+int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc);
+int NAME_CONSTRAINTS_check_CN(X509 *x, NAME_CONSTRAINTS *nc);
+
+DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)
+DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
+
+DECLARE_ASN1_ITEM(POLICY_MAPPING)
+DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING)
+DECLARE_ASN1_ITEM(POLICY_MAPPINGS)
+
+DECLARE_ASN1_ITEM(GENERAL_SUBTREE)
+DECLARE_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
+
+DECLARE_ASN1_ITEM(NAME_CONSTRAINTS)
+DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
+
+DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)
+DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS)
+
+GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
+                               const X509V3_EXT_METHOD *method,
+                               X509V3_CTX *ctx, int gen_type,
+                               const char *value, int is_nc);
+
+# ifdef HEADER_CONF_H
+GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method,
+                               X509V3_CTX *ctx, CONF_VALUE *cnf);
+GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
+                                  const X509V3_EXT_METHOD *method,
+                                  X509V3_CTX *ctx, CONF_VALUE *cnf,
+                                  int is_nc);
+void X509V3_conf_free(CONF_VALUE *val);
+
+X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
+                                     const char *value);
+X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name,
+                                 const char *value);
+int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section,
+                            STACK_OF(X509_EXTENSION) **sk);
+int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
+                         X509 *cert);
+int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
+                             X509_REQ *req);
+int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
+                             X509_CRL *crl);
+
+X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf,
+                                    X509V3_CTX *ctx, int ext_nid,
+                                    const char *value);
+X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
+                                const char *name, const char *value);
+int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
+                        const char *section, X509 *cert);
+int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
+                            const char *section, X509_REQ *req);
+int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
+                            const char *section, X509_CRL *crl);
+
+int X509V3_add_value_bool_nf(const char *name, int asn1_bool,
+                             STACK_OF(CONF_VALUE) **extlist);
+int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool);
+int X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint);
+void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf);
+void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash);
+# endif
+
+char *X509V3_get_string(X509V3_CTX *ctx, const char *name, const char *section);
+STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section);
+void X509V3_string_free(X509V3_CTX *ctx, char *str);
+void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section);
+void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
+                    X509_REQ *req, X509_CRL *crl, int flags);
+
+int X509V3_add_value(const char *name, const char *value,
+                     STACK_OF(CONF_VALUE) **extlist);
+int X509V3_add_value_uchar(const char *name, const unsigned char *value,
+                           STACK_OF(CONF_VALUE) **extlist);
+int X509V3_add_value_bool(const char *name, int asn1_bool,
+                          STACK_OF(CONF_VALUE) **extlist);
+int X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint,
+                         STACK_OF(CONF_VALUE) **extlist);
+char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const ASN1_INTEGER *aint);
+ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const char *value);
+char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, const ASN1_ENUMERATED *aint);
+char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth,
+                                const ASN1_ENUMERATED *aint);
+int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
+int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist);
+int X509V3_EXT_add_alias(int nid_to, int nid_from);
+void X509V3_EXT_cleanup(void);
+
+const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext);
+const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
+int X509V3_add_standard_extensions(void);
+STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line);
+void *X509V3_EXT_d2i(X509_EXTENSION *ext);
+void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
+                     int *idx);
+
+X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
+int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
+                    int crit, unsigned long flags);
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+/* The new declarations are in crypto.h, but the old ones were here. */
+# define hex_to_string OPENSSL_buf2hexstr
+# define string_to_hex OPENSSL_hexstr2buf
+#endif
+
+void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
+                        int ml);
+int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag,
+                     int indent);
+#ifndef OPENSSL_NO_STDIO
+int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
+#endif
+int X509V3_extensions_print(BIO *out, const char *title,
+                            const STACK_OF(X509_EXTENSION) *exts,
+                            unsigned long flag, int indent);
+
+int X509_check_ca(X509 *x);
+int X509_check_purpose(X509 *x, int id, int ca);
+int X509_supported_extension(X509_EXTENSION *ex);
+int X509_PURPOSE_set(int *p, int purpose);
+int X509_check_issued(X509 *issuer, X509 *subject);
+int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid);
+void X509_set_proxy_flag(X509 *x);
+void X509_set_proxy_pathlen(X509 *x, long l);
+long X509_get_proxy_pathlen(X509 *x);
+
+uint32_t X509_get_extension_flags(X509 *x);
+uint32_t X509_get_key_usage(X509 *x);
+uint32_t X509_get_extended_key_usage(X509 *x);
+const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x);
+const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x);
+
+int X509_PURPOSE_get_count(void);
+X509_PURPOSE *X509_PURPOSE_get0(int idx);
+int X509_PURPOSE_get_by_sname(const char *sname);
+int X509_PURPOSE_get_by_id(int id);
+int X509_PURPOSE_add(int id, int trust, int flags,
+                     int (*ck) (const X509_PURPOSE *, const X509 *, int),
+                     const char *name, const char *sname, void *arg);
+char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp);
+char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp);
+int X509_PURPOSE_get_trust(const X509_PURPOSE *xp);
+void X509_PURPOSE_cleanup(void);
+int X509_PURPOSE_get_id(const X509_PURPOSE *);
+
+STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x);
+STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x);
+void X509_email_free(STACK_OF(OPENSSL_STRING) *sk);
+STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x);
+/* Flags for X509_check_* functions */
+
+/*
+ * Always check subject name for host match even if subject alt names present
+ */
+# define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT    0x1
+/* Disable wildcard matching for dnsName fields and common name. */
+# define X509_CHECK_FLAG_NO_WILDCARDS    0x2
+/* Wildcards must not match a partial label. */
+# define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS 0x4
+/* Allow (non-partial) wildcards to match multiple labels. */
+# define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS 0x8
+/* Constraint verifier subdomain patterns to match a single labels. */
+# define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10
+/* Never check the subject CN */
+# define X509_CHECK_FLAG_NEVER_CHECK_SUBJECT    0x20
+/*
+ * Match reference identifiers starting with "." to any sub-domain.
+ * This is a non-public flag, turned on implicitly when the subject
+ * reference identity is a DNS name.
+ */
+# define _X509_CHECK_FLAG_DOT_SUBDOMAINS 0x8000
+
+int X509_check_host(X509 *x, const char *chk, size_t chklen,
+                    unsigned int flags, char **peername);
+int X509_check_email(X509 *x, const char *chk, size_t chklen,
+                     unsigned int flags);
+int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen,
+                  unsigned int flags);
+int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags);
+
+ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc);
+ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc);
+int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk,
+                             unsigned long chtype);
+
+void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent);
+DEFINE_STACK_OF(X509_POLICY_NODE)
+
+#ifndef OPENSSL_NO_RFC3779
+typedef struct ASRange_st {
+    ASN1_INTEGER *min, *max;
+} ASRange;
+
+# define ASIdOrRange_id          0
+# define ASIdOrRange_range       1
+
+typedef struct ASIdOrRange_st {
+    int type;
+    union {
+        ASN1_INTEGER *id;
+        ASRange *range;
+    } u;
+} ASIdOrRange;
+
+typedef STACK_OF(ASIdOrRange) ASIdOrRanges;
+DEFINE_STACK_OF(ASIdOrRange)
+
+# define ASIdentifierChoice_inherit              0
+# define ASIdentifierChoice_asIdsOrRanges        1
+
+typedef struct ASIdentifierChoice_st {
+    int type;
+    union {
+        ASN1_NULL *inherit;
+        ASIdOrRanges *asIdsOrRanges;
+    } u;
+} ASIdentifierChoice;
+
+typedef struct ASIdentifiers_st {
+    ASIdentifierChoice *asnum, *rdi;
+} ASIdentifiers;
+
+DECLARE_ASN1_FUNCTIONS(ASRange)
+DECLARE_ASN1_FUNCTIONS(ASIdOrRange)
+DECLARE_ASN1_FUNCTIONS(ASIdentifierChoice)
+DECLARE_ASN1_FUNCTIONS(ASIdentifiers)
+
+typedef struct IPAddressRange_st {
+    ASN1_BIT_STRING *min, *max;
+} IPAddressRange;
+
+# define IPAddressOrRange_addressPrefix  0
+# define IPAddressOrRange_addressRange   1
+
+typedef struct IPAddressOrRange_st {
+    int type;
+    union {
+        ASN1_BIT_STRING *addressPrefix;
+        IPAddressRange *addressRange;
+    } u;
+} IPAddressOrRange;
+
+typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges;
+DEFINE_STACK_OF(IPAddressOrRange)
+
+# define IPAddressChoice_inherit                 0
+# define IPAddressChoice_addressesOrRanges       1
+
+typedef struct IPAddressChoice_st {
+    int type;
+    union {
+        ASN1_NULL *inherit;
+        IPAddressOrRanges *addressesOrRanges;
+    } u;
+} IPAddressChoice;
+
+typedef struct IPAddressFamily_st {
+    ASN1_OCTET_STRING *addressFamily;
+    IPAddressChoice *ipAddressChoice;
+} IPAddressFamily;
+
+typedef STACK_OF(IPAddressFamily) IPAddrBlocks;
+DEFINE_STACK_OF(IPAddressFamily)
+
+DECLARE_ASN1_FUNCTIONS(IPAddressRange)
+DECLARE_ASN1_FUNCTIONS(IPAddressOrRange)
+DECLARE_ASN1_FUNCTIONS(IPAddressChoice)
+DECLARE_ASN1_FUNCTIONS(IPAddressFamily)
+
+/*
+ * API tag for elements of the ASIdentifer SEQUENCE.
+ */
+# define V3_ASID_ASNUM   0
+# define V3_ASID_RDI     1
+
+/*
+ * AFI values, assigned by IANA.  It'd be nice to make the AFI
+ * handling code totally generic, but there are too many little things
+ * that would need to be defined for other address families for it to
+ * be worth the trouble.
+ */
+# define IANA_AFI_IPV4   1
+# define IANA_AFI_IPV6   2
+
+/*
+ * Utilities to construct and extract values from RFC3779 extensions,
+ * since some of the encodings (particularly for IP address prefixes
+ * and ranges) are a bit tedious to work with directly.
+ */
+int X509v3_asid_add_inherit(ASIdentifiers *asid, int which);
+int X509v3_asid_add_id_or_range(ASIdentifiers *asid, int which,
+                                ASN1_INTEGER *min, ASN1_INTEGER *max);
+int X509v3_addr_add_inherit(IPAddrBlocks *addr,
+                            const unsigned afi, const unsigned *safi);
+int X509v3_addr_add_prefix(IPAddrBlocks *addr,
+                           const unsigned afi, const unsigned *safi,
+                           unsigned char *a, const int prefixlen);
+int X509v3_addr_add_range(IPAddrBlocks *addr,
+                          const unsigned afi, const unsigned *safi,
+                          unsigned char *min, unsigned char *max);
+unsigned X509v3_addr_get_afi(const IPAddressFamily *f);
+int X509v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi,
+                          unsigned char *min, unsigned char *max,
+                          const int length);
+
+/*
+ * Canonical forms.
+ */
+int X509v3_asid_is_canonical(ASIdentifiers *asid);
+int X509v3_addr_is_canonical(IPAddrBlocks *addr);
+int X509v3_asid_canonize(ASIdentifiers *asid);
+int X509v3_addr_canonize(IPAddrBlocks *addr);
+
+/*
+ * Tests for inheritance and containment.
+ */
+int X509v3_asid_inherits(ASIdentifiers *asid);
+int X509v3_addr_inherits(IPAddrBlocks *addr);
+int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b);
+int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b);
+
+/*
+ * Check whether RFC 3779 extensions nest properly in chains.
+ */
+int X509v3_asid_validate_path(X509_STORE_CTX *);
+int X509v3_addr_validate_path(X509_STORE_CTX *);
+int X509v3_asid_validate_resource_set(STACK_OF(X509) *chain,
+                                      ASIdentifiers *ext,
+                                      int allow_inheritance);
+int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain,
+                                      IPAddrBlocks *ext, int allow_inheritance);
+
+#endif                         /* OPENSSL_NO_RFC3779 */
+
+DEFINE_STACK_OF(ASN1_STRING)
+
+/*
+ * Admission Syntax
+ */
+typedef struct NamingAuthority_st NAMING_AUTHORITY;
+typedef struct ProfessionInfo_st PROFESSION_INFO;
+typedef struct Admissions_st ADMISSIONS;
+typedef struct AdmissionSyntax_st ADMISSION_SYNTAX;
+DECLARE_ASN1_FUNCTIONS(NAMING_AUTHORITY)
+DECLARE_ASN1_FUNCTIONS(PROFESSION_INFO)
+DECLARE_ASN1_FUNCTIONS(ADMISSIONS)
+DECLARE_ASN1_FUNCTIONS(ADMISSION_SYNTAX)
+DEFINE_STACK_OF(ADMISSIONS)
+DEFINE_STACK_OF(PROFESSION_INFO)
+typedef STACK_OF(PROFESSION_INFO) PROFESSION_INFOS;
+
+const ASN1_OBJECT *NAMING_AUTHORITY_get0_authorityId(
+    const NAMING_AUTHORITY *n);
+const ASN1_IA5STRING *NAMING_AUTHORITY_get0_authorityURL(
+    const NAMING_AUTHORITY *n);
+const ASN1_STRING *NAMING_AUTHORITY_get0_authorityText(
+    const NAMING_AUTHORITY *n);
+void NAMING_AUTHORITY_set0_authorityId(NAMING_AUTHORITY *n,
+    ASN1_OBJECT* namingAuthorityId);
+void NAMING_AUTHORITY_set0_authorityURL(NAMING_AUTHORITY *n,
+    ASN1_IA5STRING* namingAuthorityUrl);
+void NAMING_AUTHORITY_set0_authorityText(NAMING_AUTHORITY *n,
+    ASN1_STRING* namingAuthorityText);
+
+const GENERAL_NAME *ADMISSION_SYNTAX_get0_admissionAuthority(
+    const ADMISSION_SYNTAX *as);
+void ADMISSION_SYNTAX_set0_admissionAuthority(
+    ADMISSION_SYNTAX *as, GENERAL_NAME *aa);
+const STACK_OF(ADMISSIONS) *ADMISSION_SYNTAX_get0_contentsOfAdmissions(
+    const ADMISSION_SYNTAX *as);
+void ADMISSION_SYNTAX_set0_contentsOfAdmissions(
+    ADMISSION_SYNTAX *as, STACK_OF(ADMISSIONS) *a);
+const GENERAL_NAME *ADMISSIONS_get0_admissionAuthority(const ADMISSIONS *a);
+void ADMISSIONS_set0_admissionAuthority(ADMISSIONS *a, GENERAL_NAME *aa);
+const NAMING_AUTHORITY *ADMISSIONS_get0_namingAuthority(const ADMISSIONS *a);
+void ADMISSIONS_set0_namingAuthority(ADMISSIONS *a, NAMING_AUTHORITY *na);
+const PROFESSION_INFOS *ADMISSIONS_get0_professionInfos(const ADMISSIONS *a);
+void ADMISSIONS_set0_professionInfos(ADMISSIONS *a, PROFESSION_INFOS *pi);
+const ASN1_OCTET_STRING *PROFESSION_INFO_get0_addProfessionInfo(
+    const PROFESSION_INFO *pi);
+void PROFESSION_INFO_set0_addProfessionInfo(
+    PROFESSION_INFO *pi, ASN1_OCTET_STRING *aos);
+const NAMING_AUTHORITY *PROFESSION_INFO_get0_namingAuthority(
+    const PROFESSION_INFO *pi);
+void PROFESSION_INFO_set0_namingAuthority(
+    PROFESSION_INFO *pi, NAMING_AUTHORITY *na);
+const STACK_OF(ASN1_STRING) *PROFESSION_INFO_get0_professionItems(
+    const PROFESSION_INFO *pi);
+void PROFESSION_INFO_set0_professionItems(
+    PROFESSION_INFO *pi, STACK_OF(ASN1_STRING) *as);
+const STACK_OF(ASN1_OBJECT) *PROFESSION_INFO_get0_professionOIDs(
+    const PROFESSION_INFO *pi);
+void PROFESSION_INFO_set0_professionOIDs(
+    PROFESSION_INFO *pi, STACK_OF(ASN1_OBJECT) *po);
+const ASN1_PRINTABLESTRING *PROFESSION_INFO_get0_registrationNumber(
+    const PROFESSION_INFO *pi);
+void PROFESSION_INFO_set0_registrationNumber(
+    PROFESSION_INFO *pi, ASN1_PRINTABLESTRING *rn);
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/x509v3err.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/x509v3err.h
new file mode 100644
index 000000000..6b3df12b6
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/x509v3err.h
@@ -0,0 +1,158 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_X509V3ERR_H
+# define HEADER_X509V3ERR_H
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_X509V3_strings(void);
+
+/*
+ * X509V3 function codes.
+ */
+# define X509V3_F_A2I_GENERAL_NAME                        164
+# define X509V3_F_ADDR_VALIDATE_PATH_INTERNAL             166
+# define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE             161
+# define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL         162
+# define X509V3_F_BIGNUM_TO_STRING                        167
+# define X509V3_F_COPY_EMAIL                              122
+# define X509V3_F_COPY_ISSUER                             123
+# define X509V3_F_DO_DIRNAME                              144
+# define X509V3_F_DO_EXT_I2D                              135
+# define X509V3_F_DO_EXT_NCONF                            151
+# define X509V3_F_GNAMES_FROM_SECTNAME                    156
+# define X509V3_F_I2S_ASN1_ENUMERATED                     121
+# define X509V3_F_I2S_ASN1_IA5STRING                      149
+# define X509V3_F_I2S_ASN1_INTEGER                        120
+# define X509V3_F_I2V_AUTHORITY_INFO_ACCESS               138
+# define X509V3_F_LEVEL_ADD_NODE                          168
+# define X509V3_F_NOTICE_SECTION                          132
+# define X509V3_F_NREF_NOS                                133
+# define X509V3_F_POLICY_CACHE_CREATE                     169
+# define X509V3_F_POLICY_CACHE_NEW                        170
+# define X509V3_F_POLICY_DATA_NEW                         171
+# define X509V3_F_POLICY_SECTION                          131
+# define X509V3_F_PROCESS_PCI_VALUE                       150
+# define X509V3_F_R2I_CERTPOL                             130
+# define X509V3_F_R2I_PCI                                 155
+# define X509V3_F_S2I_ASN1_IA5STRING                      100
+# define X509V3_F_S2I_ASN1_INTEGER                        108
+# define X509V3_F_S2I_ASN1_OCTET_STRING                   112
+# define X509V3_F_S2I_SKEY_ID                             115
+# define X509V3_F_SET_DIST_POINT_NAME                     158
+# define X509V3_F_SXNET_ADD_ID_ASC                        125
+# define X509V3_F_SXNET_ADD_ID_INTEGER                    126
+# define X509V3_F_SXNET_ADD_ID_ULONG                      127
+# define X509V3_F_SXNET_GET_ID_ASC                        128
+# define X509V3_F_SXNET_GET_ID_ULONG                      129
+# define X509V3_F_TREE_INIT                               172
+# define X509V3_F_V2I_ASIDENTIFIERS                       163
+# define X509V3_F_V2I_ASN1_BIT_STRING                     101
+# define X509V3_F_V2I_AUTHORITY_INFO_ACCESS               139
+# define X509V3_F_V2I_AUTHORITY_KEYID                     119
+# define X509V3_F_V2I_BASIC_CONSTRAINTS                   102
+# define X509V3_F_V2I_CRLD                                134
+# define X509V3_F_V2I_EXTENDED_KEY_USAGE                  103
+# define X509V3_F_V2I_GENERAL_NAMES                       118
+# define X509V3_F_V2I_GENERAL_NAME_EX                     117
+# define X509V3_F_V2I_IDP                                 157
+# define X509V3_F_V2I_IPADDRBLOCKS                        159
+# define X509V3_F_V2I_ISSUER_ALT                          153
+# define X509V3_F_V2I_NAME_CONSTRAINTS                    147
+# define X509V3_F_V2I_POLICY_CONSTRAINTS                  146
+# define X509V3_F_V2I_POLICY_MAPPINGS                     145
+# define X509V3_F_V2I_SUBJECT_ALT                         154
+# define X509V3_F_V2I_TLS_FEATURE                         165
+# define X509V3_F_V3_GENERIC_EXTENSION                    116
+# define X509V3_F_X509V3_ADD1_I2D                         140
+# define X509V3_F_X509V3_ADD_VALUE                        105
+# define X509V3_F_X509V3_EXT_ADD                          104
+# define X509V3_F_X509V3_EXT_ADD_ALIAS                    106
+# define X509V3_F_X509V3_EXT_I2D                          136
+# define X509V3_F_X509V3_EXT_NCONF                        152
+# define X509V3_F_X509V3_GET_SECTION                      142
+# define X509V3_F_X509V3_GET_STRING                       143
+# define X509V3_F_X509V3_GET_VALUE_BOOL                   110
+# define X509V3_F_X509V3_PARSE_LIST                       109
+# define X509V3_F_X509_PURPOSE_ADD                        137
+# define X509V3_F_X509_PURPOSE_SET                        141
+
+/*
+ * X509V3 reason codes.
+ */
+# define X509V3_R_BAD_IP_ADDRESS                          118
+# define X509V3_R_BAD_OBJECT                              119
+# define X509V3_R_BN_DEC2BN_ERROR                         100
+# define X509V3_R_BN_TO_ASN1_INTEGER_ERROR                101
+# define X509V3_R_DIRNAME_ERROR                           149
+# define X509V3_R_DISTPOINT_ALREADY_SET                   160
+# define X509V3_R_DUPLICATE_ZONE_ID                       133
+# define X509V3_R_ERROR_CONVERTING_ZONE                   131
+# define X509V3_R_ERROR_CREATING_EXTENSION                144
+# define X509V3_R_ERROR_IN_EXTENSION                      128
+# define X509V3_R_EXPECTED_A_SECTION_NAME                 137
+# define X509V3_R_EXTENSION_EXISTS                        145
+# define X509V3_R_EXTENSION_NAME_ERROR                    115
+# define X509V3_R_EXTENSION_NOT_FOUND                     102
+# define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED         103
+# define X509V3_R_EXTENSION_VALUE_ERROR                   116
+# define X509V3_R_ILLEGAL_EMPTY_EXTENSION                 151
+# define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG             152
+# define X509V3_R_INVALID_ASNUMBER                        162
+# define X509V3_R_INVALID_ASRANGE                         163
+# define X509V3_R_INVALID_BOOLEAN_STRING                  104
+# define X509V3_R_INVALID_EXTENSION_STRING                105
+# define X509V3_R_INVALID_INHERITANCE                     165
+# define X509V3_R_INVALID_IPADDRESS                       166
+# define X509V3_R_INVALID_MULTIPLE_RDNS                   161
+# define X509V3_R_INVALID_NAME                            106
+# define X509V3_R_INVALID_NULL_ARGUMENT                   107
+# define X509V3_R_INVALID_NULL_NAME                       108
+# define X509V3_R_INVALID_NULL_VALUE                      109
+# define X509V3_R_INVALID_NUMBER                          140
+# define X509V3_R_INVALID_NUMBERS                         141
+# define X509V3_R_INVALID_OBJECT_IDENTIFIER               110
+# define X509V3_R_INVALID_OPTION                          138
+# define X509V3_R_INVALID_POLICY_IDENTIFIER               134
+# define X509V3_R_INVALID_PROXY_POLICY_SETTING            153
+# define X509V3_R_INVALID_PURPOSE                         146
+# define X509V3_R_INVALID_SAFI                            164
+# define X509V3_R_INVALID_SECTION                         135
+# define X509V3_R_INVALID_SYNTAX                          143
+# define X509V3_R_ISSUER_DECODE_ERROR                     126
+# define X509V3_R_MISSING_VALUE                           124
+# define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS           142
+# define X509V3_R_NO_CONFIG_DATABASE                      136
+# define X509V3_R_NO_ISSUER_CERTIFICATE                   121
+# define X509V3_R_NO_ISSUER_DETAILS                       127
+# define X509V3_R_NO_POLICY_IDENTIFIER                    139
+# define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED   154
+# define X509V3_R_NO_PUBLIC_KEY                           114
+# define X509V3_R_NO_SUBJECT_DETAILS                      125
+# define X509V3_R_OPERATION_NOT_DEFINED                   148
+# define X509V3_R_OTHERNAME_ERROR                         147
+# define X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED         155
+# define X509V3_R_POLICY_PATH_LENGTH                      156
+# define X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED      157
+# define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159
+# define X509V3_R_SECTION_NOT_FOUND                       150
+# define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS            122
+# define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID              123
+# define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT             111
+# define X509V3_R_UNKNOWN_EXTENSION                       129
+# define X509V3_R_UNKNOWN_EXTENSION_NAME                  130
+# define X509V3_R_UNKNOWN_OPTION                          120
+# define X509V3_R_UNSUPPORTED_OPTION                      117
+# define X509V3_R_UNSUPPORTED_TYPE                        167
+# define X509V3_R_USER_TOO_LONG                           132
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/ms/applink.c b/trunk/3rdparty/openssl-1.1-fit/ms/applink.c
new file mode 100644
index 000000000..238dbff35
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ms/applink.c
@@ -0,0 +1,138 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#define APPLINK_STDIN   1
+#define APPLINK_STDOUT  2
+#define APPLINK_STDERR  3
+#define APPLINK_FPRINTF 4
+#define APPLINK_FGETS   5
+#define APPLINK_FREAD   6
+#define APPLINK_FWRITE  7
+#define APPLINK_FSETMOD 8
+#define APPLINK_FEOF    9
+#define APPLINK_FCLOSE  10      /* should not be used */
+
+#define APPLINK_FOPEN   11      /* solely for completeness */
+#define APPLINK_FSEEK   12
+#define APPLINK_FTELL   13
+#define APPLINK_FFLUSH  14
+#define APPLINK_FERROR  15
+#define APPLINK_CLEARERR 16
+#define APPLINK_FILENO  17      /* to be used with below */
+
+#define APPLINK_OPEN    18      /* formally can't be used, as flags can vary */
+#define APPLINK_READ    19
+#define APPLINK_WRITE   20
+#define APPLINK_LSEEK   21
+#define APPLINK_CLOSE   22
+#define APPLINK_MAX     22      /* always same as last macro */
+
+#ifndef APPMACROS_ONLY
+# include <stdio.h>
+# include <io.h>
+# include <fcntl.h>
+
+static void *app_stdin(void)
+{
+    return stdin;
+}
+
+static void *app_stdout(void)
+{
+    return stdout;
+}
+
+static void *app_stderr(void)
+{
+    return stderr;
+}
+
+static int app_feof(FILE *fp)
+{
+    return feof(fp);
+}
+
+static int app_ferror(FILE *fp)
+{
+    return ferror(fp);
+}
+
+static void app_clearerr(FILE *fp)
+{
+    clearerr(fp);
+}
+
+static int app_fileno(FILE *fp)
+{
+    return _fileno(fp);
+}
+
+static int app_fsetmod(FILE *fp, char mod)
+{
+    return _setmode(_fileno(fp), mod == 'b' ? _O_BINARY : _O_TEXT);
+}
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+__declspec(dllexport)
+void **
+# if defined(__BORLANDC__)
+/*
+ * __stdcall appears to be the only way to get the name
+ * decoration right with Borland C. Otherwise it works
+ * purely incidentally, as we pass no parameters.
+ */
+__stdcall
+# else
+__cdecl
+# endif
+OPENSSL_Applink(void)
+{
+    static int once = 1;
+    static void *OPENSSL_ApplinkTable[APPLINK_MAX + 1] =
+        { (void *)APPLINK_MAX };
+
+    if (once) {
+        OPENSSL_ApplinkTable[APPLINK_STDIN] = app_stdin;
+        OPENSSL_ApplinkTable[APPLINK_STDOUT] = app_stdout;
+        OPENSSL_ApplinkTable[APPLINK_STDERR] = app_stderr;
+        OPENSSL_ApplinkTable[APPLINK_FPRINTF] = fprintf;
+        OPENSSL_ApplinkTable[APPLINK_FGETS] = fgets;
+        OPENSSL_ApplinkTable[APPLINK_FREAD] = fread;
+        OPENSSL_ApplinkTable[APPLINK_FWRITE] = fwrite;
+        OPENSSL_ApplinkTable[APPLINK_FSETMOD] = app_fsetmod;
+        OPENSSL_ApplinkTable[APPLINK_FEOF] = app_feof;
+        OPENSSL_ApplinkTable[APPLINK_FCLOSE] = fclose;
+
+        OPENSSL_ApplinkTable[APPLINK_FOPEN] = fopen;
+        OPENSSL_ApplinkTable[APPLINK_FSEEK] = fseek;
+        OPENSSL_ApplinkTable[APPLINK_FTELL] = ftell;
+        OPENSSL_ApplinkTable[APPLINK_FFLUSH] = fflush;
+        OPENSSL_ApplinkTable[APPLINK_FERROR] = app_ferror;
+        OPENSSL_ApplinkTable[APPLINK_CLEARERR] = app_clearerr;
+        OPENSSL_ApplinkTable[APPLINK_FILENO] = app_fileno;
+
+        OPENSSL_ApplinkTable[APPLINK_OPEN] = _open;
+        OPENSSL_ApplinkTable[APPLINK_READ] = _read;
+        OPENSSL_ApplinkTable[APPLINK_WRITE] = _write;
+        OPENSSL_ApplinkTable[APPLINK_LSEEK] = _lseek;
+        OPENSSL_ApplinkTable[APPLINK_CLOSE] = _close;
+
+        once = 0;
+    }
+
+    return OPENSSL_ApplinkTable;
+}
+
+#ifdef __cplusplus
+}
+#endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/ms/cmp.pl b/trunk/3rdparty/openssl-1.1-fit/ms/cmp.pl
new file mode 100755
index 000000000..265ce56ed
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ms/cmp.pl
@@ -0,0 +1,53 @@
+#! /usr/bin/env perl
+# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+($#ARGV == 1) || die "usage: cmp.pl <file1> <file2>\n";
+
+open(IN0,"<$ARGV[0]") || die "unable to open $ARGV[0]\n";
+open(IN1,"<$ARGV[1]") || die "unable to open $ARGV[1]\n";
+binmode IN0;
+binmode IN1;
+
+$tot=0;
+$ret=1;
+for (;;)
+{
+    $n1=sysread(IN0,$b1,4096);
+    $n2=sysread(IN1,$b2,4096);
+
+    last if ($n1 != $n2);
+    last if ($b1 ne $b2);
+    last if ($n1 < 0);
+    if ($n1 == 0)
+    {
+        $ret=0;
+        last;
+    }
+    $tot+=$n1;
+}
+
+close(IN0);
+close(IN1);
+if ($ret)
+{
+    printf STDERR "$ARGV[0] and $ARGV[1] are different\n";
+    @a1=unpack("C*",$b1);
+    @a2=unpack("C*",$b2);
+    for ($i=0; $i<=$#a1; $i++)
+    {
+        if ($a1[$i] ne $a2[$i])
+        {
+            printf "%02X %02X <<\n",$a1[$i],$a2[$i];
+            last;
+        }
+    }
+    $nm=$tot+$n1;
+    $tot+=$i+1;
+    printf STDERR "diff at char $tot of $nm\n";
+}
+exit($ret);
diff --git a/trunk/3rdparty/openssl-1.1-fit/ms/uplink-common.pl b/trunk/3rdparty/openssl-1.1-fit/ms/uplink-common.pl
new file mode 100755
index 000000000..e2ab59456
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ms/uplink-common.pl
@@ -0,0 +1,28 @@
+#! /usr/bin/env perl
+# Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# pull APPLINK_MAX value from applink.c...
+$applink_c=$0;
+$applink_c=~s|[^/\\]+$||g;
+$applink_c.="applink.c";
+open(INPUT,$applink_c) || die "can't open $applink_c: $!";
+@max=grep {/APPLINK_MAX\s+(\d+)/} <INPUT>;
+close(INPUT);
+($#max==0) or die "can't find APPLINK_MAX in $applink_c";
+
+$max[0]=~/APPLINK_MAX\s+(\d+)/;
+$N=$1;	# number of entries in OPENSSL_UplinkTable not including
+	# OPENSSL_UplinkTable[0], which contains this value...
+
+1;
+
+# Idea is to fill the OPENSSL_UplinkTable with pointers to stubs
+# which invoke 'void OPENSSL_Uplink (ULONG_PTR *table,int index)';
+# and then dereference themselves. Latter shall result in endless
+# loop *unless* OPENSSL_Uplink does not replace 'table[index]' with
+# something else, e.g. as 'table[index]=unimplemented;'...
diff --git a/trunk/3rdparty/openssl-1.1-fit/ms/uplink-ia64.pl b/trunk/3rdparty/openssl-1.1-fit/ms/uplink-ia64.pl
new file mode 100755
index 000000000..0636f13e7
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ms/uplink-ia64.pl
@@ -0,0 +1,61 @@
+#! /usr/bin/env perl
+# Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+$output = pop;
+open STDOUT,">$output";
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}.");
+
+require "uplink-common.pl";
+
+local $V=8;	# max number of args uplink functions may accept...
+my $loc0 = "r".(32+$V);
+print <<___;
+.text
+.global	OPENSSL_Uplink#
+.type	OPENSSL_Uplink#,\@function
+
+___
+for ($i=1;$i<=$N;$i++) {
+print <<___;
+.proc	lazy$i#
+lazy$i:
+	.prologue
+{ .mii;	.save	ar.pfs,$loc0
+	alloc	loc0=ar.pfs,$V,3,2,0
+	.save	b0,loc1
+	mov	loc1=b0
+	addl	loc2=\@ltoff(OPENSSL_UplinkTable#),gp	};;
+	.body
+{ .mmi;	ld8	out0=[loc2]
+	mov	out1=$i					};;
+{ .mib;	add	loc2=8*$i,out0
+	br.call.sptk.many	b0=OPENSSL_Uplink#	};;
+{ .mmi;	ld8	r31=[loc2];;
+	ld8	r30=[r31],8				};;
+{ .mii;	ld8	gp=[r31]
+	mov	b6=r30
+	mov	b0=loc1					};;
+{ .mib;	mov	ar.pfs=loc0
+	br.many	b6					};;
+.endp	lazy$i#
+
+___
+}
+print <<___;
+.data
+.global OPENSSL_UplinkTable#
+OPENSSL_UplinkTable:    data8   $N      // amount of following entries
+___
+for ($i=1;$i<=$N;$i++) {   print "      data8   \@fptr(lazy$i#)\n";   }
+print <<___;
+.size   OPENSSL_UplinkTable,.-OPENSSL_UplinkTable#
+___
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/ms/uplink-x86.pl b/trunk/3rdparty/openssl-1.1-fit/ms/uplink-x86.pl
new file mode 100755
index 000000000..e79cff72d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ms/uplink-x86.pl
@@ -0,0 +1,44 @@
+#! /usr/bin/env perl
+# Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC, "${dir}.", "${dir}../crypto/perlasm");
+require "x86asm.pl";
+
+require "uplink-common.pl";
+
+$output = pop;
+open STDOUT,">$output";
+
+&asm_init($ARGV[0]);
+
+&external_label("OPENSSL_Uplink");
+&public_label("OPENSSL_UplinkTable");
+
+for ($i=1;$i<=$N;$i++) {
+&function_begin_B("_\$lazy${i}");
+	&lea	("eax",&DWP(&label("OPENSSL_UplinkTable")));
+	&push	($i);
+	&push	("eax");
+	&call	(&label("OPENSSL_Uplink"));
+	&pop	("eax");
+	&add	("esp",4);
+	&jmp_ptr(&DWP(4*$i,"eax"));
+&function_end_B("_\$lazy${i}");
+}
+
+&dataseg();
+&align(4);
+&set_label("OPENSSL_UplinkTable");
+&data_word($N);
+for ($i=1;$i<=$N;$i++) {
+&data_word(&label("_\$lazy${i}"));
+}
+&asm_finish();
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/ms/uplink-x86_64.pl b/trunk/3rdparty/openssl-1.1-fit/ms/uplink-x86_64.pl
new file mode 100755
index 000000000..1f244504c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ms/uplink-x86_64.pl
@@ -0,0 +1,71 @@
+#! /usr/bin/env perl
+# Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+$output=pop;
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+open OUT,"| \"$^X\" \"${dir}../crypto/perlasm/x86_64-xlate.pl\" \"$output\"";
+*STDOUT=*OUT;
+push(@INC,"${dir}.");
+
+require "uplink-common.pl";
+
+$prefix="_lazy";
+
+print <<___;
+.text
+.extern	OPENSSL_Uplink
+.globl	OPENSSL_UplinkTable
+___
+for ($i=1;$i<=$N;$i++) {
+print <<___;
+.type	$prefix${i},\@abi-omnipotent
+.align	16
+$prefix${i}:
+	.byte	0x48,0x83,0xEC,0x28	# sub rsp,40
+	mov	%rcx,48(%rsp)
+	mov	%rdx,56(%rsp)
+	mov	%r8,64(%rsp)
+	mov	%r9,72(%rsp)
+	lea	OPENSSL_UplinkTable(%rip),%rcx
+	mov	\$$i,%rdx
+	call	OPENSSL_Uplink
+	mov	48(%rsp),%rcx
+	mov	56(%rsp),%rdx
+	mov	64(%rsp),%r8
+	mov	72(%rsp),%r9
+	lea	OPENSSL_UplinkTable(%rip),%rax
+	add	\$40,%rsp
+	jmp	*8*$i(%rax)
+$prefix${i}_end:
+.size	$prefix${i},.-$prefix${i}
+___
+}
+print <<___;
+.data
+OPENSSL_UplinkTable:
+        .quad   $N
+___
+for ($i=1;$i<=$N;$i++) {   print "      .quad   $prefix$i\n";   }
+print <<___;
+.section	.pdata,"r"
+.align		4
+___
+for ($i=1;$i<=$N;$i++) {
+print <<___;
+	.rva	$prefix${i},$prefix${i}_end,${prefix}_unwind_info
+___
+}
+print <<___;
+.section	.xdata,"r"
+.align		8
+${prefix}_unwind_info:
+	.byte	0x01,0x04,0x01,0x00
+	.byte	0x04,0x42,0x00,0x00
+___
+
+close STDOUT;
diff --git a/trunk/3rdparty/openssl-1.1-fit/ms/uplink.c b/trunk/3rdparty/openssl-1.1-fit/ms/uplink.c
new file mode 100644
index 000000000..cd4e96b78
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ms/uplink.c
@@ -0,0 +1,135 @@
+/*
+ * Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#if (defined(_WIN64) || defined(_WIN32_WCE)) && !defined(UNICODE)
+# define UNICODE
+#endif
+#if defined(UNICODE) && !defined(_UNICODE)
+# define _UNICODE
+#endif
+#if defined(_UNICODE) && !defined(UNICODE)
+# define UNICODE
+#endif
+
+#include <windows.h>
+#include <tchar.h>
+#include <stdio.h>
+#include "uplink.h"
+void OPENSSL_showfatal(const char *, ...);
+
+static TCHAR msg[128];
+
+static void unimplemented(void)
+{
+    OPENSSL_showfatal(sizeof(TCHAR) == sizeof(char) ? "%s\n" : "%S\n", msg);
+    TerminateProcess(GetCurrentProcess(), 1);
+}
+
+void OPENSSL_Uplink(volatile void **table, int index)
+{
+    static HMODULE volatile apphandle = NULL;
+    static void **volatile applinktable = NULL;
+    int len;
+    void (*func) (void) = unimplemented;
+    HANDLE h;
+    void **p;
+
+    /*
+     * Note that the below code is not MT-safe in respect to msg buffer, but
+     * what's the worst thing that can happen? Error message might be
+     * misleading or corrupted. As error condition is fatal and should never
+     * be risen, I accept the risk...
+     */
+    /*
+     * One can argue that I should have used InterlockedExchangePointer or
+     * something to update static variables and table[]. Well, store
+     * instructions are as atomic as they can get and assigned values are
+     * effectively constant... So that volatile qualifier should be
+     * sufficient [it prohibits compiler to reorder memory access
+     * instructions].
+     */
+    do {
+        len = _sntprintf(msg, sizeof(msg) / sizeof(TCHAR),
+                         _T("OPENSSL_Uplink(%p,%02X): "), table, index);
+        _tcscpy(msg + len, _T("unimplemented function"));
+
+        if ((h = apphandle) == NULL) {
+            if ((h = GetModuleHandle(NULL)) == NULL) {
+                apphandle = (HMODULE) - 1;
+                _tcscpy(msg + len, _T("no host application"));
+                break;
+            }
+            apphandle = h;
+        }
+        if ((h = apphandle) == (HMODULE) - 1) /* revalidate */
+            break;
+
+        if (applinktable == NULL) {
+            void **(*applink) ();
+
+            applink = (void **(*)())GetProcAddress(h, "OPENSSL_Applink");
+            if (applink == NULL) {
+                apphandle = (HMODULE) - 1;
+                _tcscpy(msg + len, _T("no OPENSSL_Applink"));
+                break;
+            }
+            p = (*applink) ();
+            if (p == NULL) {
+                apphandle = (HMODULE) - 1;
+                _tcscpy(msg + len, _T("no ApplinkTable"));
+                break;
+            }
+            applinktable = p;
+        } else
+            p = applinktable;
+
+        if (index > (int)p[0])
+            break;
+
+        if (p[index])
+            func = p[index];
+    } while (0);
+
+    table[index] = func;
+}
+
+#if defined(_MSC_VER) && defined(_M_IX86)
+# define LAZY(i)         \
+__declspec(naked) static void lazy##i (void) {  \
+        _asm    push i                          \
+        _asm    push OFFSET OPENSSL_UplinkTable \
+        _asm    call OPENSSL_Uplink             \
+        _asm    add  esp,8                      \
+        _asm    jmp  OPENSSL_UplinkTable+4*i    }
+
+# if APPLINK_MAX>25
+#  error "Add more stubs..."
+# endif
+/* make some in advance... */
+LAZY(1) LAZY(2) LAZY(3) LAZY(4) LAZY(5)
+    LAZY(6) LAZY(7) LAZY(8) LAZY(9) LAZY(10)
+    LAZY(11) LAZY(12) LAZY(13) LAZY(14) LAZY(15)
+    LAZY(16) LAZY(17) LAZY(18) LAZY(19) LAZY(20)
+    LAZY(21) LAZY(22) LAZY(23) LAZY(24) LAZY(25)
+void *OPENSSL_UplinkTable[] = {
+    (void *)APPLINK_MAX,
+    lazy1, lazy2, lazy3, lazy4, lazy5,
+    lazy6, lazy7, lazy8, lazy9, lazy10,
+    lazy11, lazy12, lazy13, lazy14, lazy15,
+    lazy16, lazy17, lazy18, lazy19, lazy20,
+    lazy21, lazy22, lazy23, lazy24, lazy25,
+};
+#endif
+
+#ifdef SELFTEST
+main()
+{
+    UP_fprintf(UP_stdout, "hello, world!\n");
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/ms/uplink.h b/trunk/3rdparty/openssl-1.1-fit/ms/uplink.h
new file mode 100644
index 000000000..f6cd0380a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ms/uplink.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#define APPMACROS_ONLY
+#include "applink.c"
+
+extern void *OPENSSL_UplinkTable[];
+
+#define UP_stdin  (*(void *(*)(void))OPENSSL_UplinkTable[APPLINK_STDIN])()
+#define UP_stdout (*(void *(*)(void))OPENSSL_UplinkTable[APPLINK_STDOUT])()
+#define UP_stderr (*(void *(*)(void))OPENSSL_UplinkTable[APPLINK_STDERR])()
+#define UP_fprintf (*(int (*)(void *,const char *,...))OPENSSL_UplinkTable[APPLINK_FPRINTF])
+#define UP_fgets  (*(char *(*)(char *,int,void *))OPENSSL_UplinkTable[APPLINK_FGETS])
+#define UP_fread  (*(size_t (*)(void *,size_t,size_t,void *))OPENSSL_UplinkTable[APPLINK_FREAD])
+#define UP_fwrite (*(size_t (*)(const void *,size_t,size_t,void *))OPENSSL_UplinkTable[APPLINK_FWRITE])
+#define UP_fsetmod (*(int (*)(void *,char))OPENSSL_UplinkTable[APPLINK_FSETMOD])
+#define UP_feof   (*(int (*)(void *))OPENSSL_UplinkTable[APPLINK_FEOF])
+#define UP_fclose (*(int (*)(void *))OPENSSL_UplinkTable[APPLINK_FCLOSE])
+
+#define UP_fopen  (*(void *(*)(const char *,const char *))OPENSSL_UplinkTable[APPLINK_FOPEN])
+#define UP_fseek  (*(int (*)(void *,long,int))OPENSSL_UplinkTable[APPLINK_FSEEK])
+#define UP_ftell  (*(long (*)(void *))OPENSSL_UplinkTable[APPLINK_FTELL])
+#define UP_fflush (*(int (*)(void *))OPENSSL_UplinkTable[APPLINK_FFLUSH])
+#define UP_ferror (*(int (*)(void *))OPENSSL_UplinkTable[APPLINK_FERROR])
+#define UP_clearerr (*(void (*)(void *))OPENSSL_UplinkTable[APPLINK_CLEARERR])
+#define UP_fileno (*(int (*)(void *))OPENSSL_UplinkTable[APPLINK_FILENO])
+
+#define UP_open   (*(int (*)(const char *,int,...))OPENSSL_UplinkTable[APPLINK_OPEN])
+#define UP_read   (*(ossl_ssize_t (*)(int,void *,size_t))OPENSSL_UplinkTable[APPLINK_READ])
+#define UP_write  (*(ossl_ssize_t (*)(int,const void *,size_t))OPENSSL_UplinkTable[APPLINK_WRITE])
+#define UP_lseek  (*(long (*)(int,long,int))OPENSSL_UplinkTable[APPLINK_LSEEK])
+#define UP_close  (*(int (*)(int))OPENSSL_UplinkTable[APPLINK_CLOSE])
diff --git a/trunk/3rdparty/openssl-1.1-fit/os-dep/haiku.h b/trunk/3rdparty/openssl-1.1-fit/os-dep/haiku.h
new file mode 100644
index 000000000..7e908efaa
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/os-dep/haiku.h
@@ -0,0 +1,2 @@
+#include <sys/select.h>
+#include <sys/time.h>
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/bio_ssl.c b/trunk/3rdparty/openssl-1.1-fit/ssl/bio_ssl.c
new file mode 100644
index 000000000..d1876d8b8
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/bio_ssl.c
@@ -0,0 +1,505 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <openssl/crypto.h>
+#include "internal/bio.h"
+#include <openssl/err.h>
+#include "ssl_locl.h"
+
+static int ssl_write(BIO *h, const char *buf, size_t size, size_t *written);
+static int ssl_read(BIO *b, char *buf, size_t size, size_t *readbytes);
+static int ssl_puts(BIO *h, const char *str);
+static long ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int ssl_new(BIO *h);
+static int ssl_free(BIO *data);
+static long ssl_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
+typedef struct bio_ssl_st {
+    SSL *ssl;                   /* The ssl handle :-) */
+    /* re-negotiate every time the total number of bytes is this size */
+    int num_renegotiates;
+    unsigned long renegotiate_count;
+    size_t byte_count;
+    unsigned long renegotiate_timeout;
+    unsigned long last_time;
+} BIO_SSL;
+
+static const BIO_METHOD methods_sslp = {
+    BIO_TYPE_SSL,
+    "ssl",
+    ssl_write,
+    NULL,                       /* ssl_write_old, */
+    ssl_read,
+    NULL,                       /* ssl_read_old,  */
+    ssl_puts,
+    NULL,                       /* ssl_gets,      */
+    ssl_ctrl,
+    ssl_new,
+    ssl_free,
+    ssl_callback_ctrl,
+};
+
+const BIO_METHOD *BIO_f_ssl(void)
+{
+    return &methods_sslp;
+}
+
+static int ssl_new(BIO *bi)
+{
+    BIO_SSL *bs = OPENSSL_zalloc(sizeof(*bs));
+
+    if (bs == NULL) {
+        BIOerr(BIO_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    BIO_set_init(bi, 0);
+    BIO_set_data(bi, bs);
+    /* Clear all flags */
+    BIO_clear_flags(bi, ~0);
+
+    return 1;
+}
+
+static int ssl_free(BIO *a)
+{
+    BIO_SSL *bs;
+
+    if (a == NULL)
+        return 0;
+    bs = BIO_get_data(a);
+    if (bs->ssl != NULL)
+        SSL_shutdown(bs->ssl);
+    if (BIO_get_shutdown(a)) {
+        if (BIO_get_init(a))
+            SSL_free(bs->ssl);
+        /* Clear all flags */
+        BIO_clear_flags(a, ~0);
+        BIO_set_init(a, 0);
+    }
+    OPENSSL_free(bs);
+    return 1;
+}
+
+static int ssl_read(BIO *b, char *buf, size_t size, size_t *readbytes)
+{
+    int ret = 1;
+    BIO_SSL *sb;
+    SSL *ssl;
+    int retry_reason = 0;
+    int r = 0;
+
+    if (buf == NULL)
+        return 0;
+    sb = BIO_get_data(b);
+    ssl = sb->ssl;
+
+    BIO_clear_retry_flags(b);
+
+    ret = ssl_read_internal(ssl, buf, size, readbytes);
+
+    switch (SSL_get_error(ssl, ret)) {
+    case SSL_ERROR_NONE:
+        if (sb->renegotiate_count > 0) {
+            sb->byte_count += *readbytes;
+            if (sb->byte_count > sb->renegotiate_count) {
+                sb->byte_count = 0;
+                sb->num_renegotiates++;
+                SSL_renegotiate(ssl);
+                r = 1;
+            }
+        }
+        if ((sb->renegotiate_timeout > 0) && (!r)) {
+            unsigned long tm;
+
+            tm = (unsigned long)time(NULL);
+            if (tm > sb->last_time + sb->renegotiate_timeout) {
+                sb->last_time = tm;
+                sb->num_renegotiates++;
+                SSL_renegotiate(ssl);
+            }
+        }
+
+        break;
+    case SSL_ERROR_WANT_READ:
+        BIO_set_retry_read(b);
+        break;
+    case SSL_ERROR_WANT_WRITE:
+        BIO_set_retry_write(b);
+        break;
+    case SSL_ERROR_WANT_X509_LOOKUP:
+        BIO_set_retry_special(b);
+        retry_reason = BIO_RR_SSL_X509_LOOKUP;
+        break;
+    case SSL_ERROR_WANT_ACCEPT:
+        BIO_set_retry_special(b);
+        retry_reason = BIO_RR_ACCEPT;
+        break;
+    case SSL_ERROR_WANT_CONNECT:
+        BIO_set_retry_special(b);
+        retry_reason = BIO_RR_CONNECT;
+        break;
+    case SSL_ERROR_SYSCALL:
+    case SSL_ERROR_SSL:
+    case SSL_ERROR_ZERO_RETURN:
+    default:
+        break;
+    }
+
+    BIO_set_retry_reason(b, retry_reason);
+
+    return ret;
+}
+
+static int ssl_write(BIO *b, const char *buf, size_t size, size_t *written)
+{
+    int ret, r = 0;
+    int retry_reason = 0;
+    SSL *ssl;
+    BIO_SSL *bs;
+
+    if (buf == NULL)
+        return 0;
+    bs = BIO_get_data(b);
+    ssl = bs->ssl;
+
+    BIO_clear_retry_flags(b);
+
+    ret = ssl_write_internal(ssl, buf, size, written);
+
+    switch (SSL_get_error(ssl, ret)) {
+    case SSL_ERROR_NONE:
+        if (bs->renegotiate_count > 0) {
+            bs->byte_count += *written;
+            if (bs->byte_count > bs->renegotiate_count) {
+                bs->byte_count = 0;
+                bs->num_renegotiates++;
+                SSL_renegotiate(ssl);
+                r = 1;
+            }
+        }
+        if ((bs->renegotiate_timeout > 0) && (!r)) {
+            unsigned long tm;
+
+            tm = (unsigned long)time(NULL);
+            if (tm > bs->last_time + bs->renegotiate_timeout) {
+                bs->last_time = tm;
+                bs->num_renegotiates++;
+                SSL_renegotiate(ssl);
+            }
+        }
+        break;
+    case SSL_ERROR_WANT_WRITE:
+        BIO_set_retry_write(b);
+        break;
+    case SSL_ERROR_WANT_READ:
+        BIO_set_retry_read(b);
+        break;
+    case SSL_ERROR_WANT_X509_LOOKUP:
+        BIO_set_retry_special(b);
+        retry_reason = BIO_RR_SSL_X509_LOOKUP;
+        break;
+    case SSL_ERROR_WANT_CONNECT:
+        BIO_set_retry_special(b);
+        retry_reason = BIO_RR_CONNECT;
+    case SSL_ERROR_SYSCALL:
+    case SSL_ERROR_SSL:
+    default:
+        break;
+    }
+
+    BIO_set_retry_reason(b, retry_reason);
+
+    return ret;
+}
+
+static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    SSL **sslp, *ssl;
+    BIO_SSL *bs, *dbs;
+    BIO *dbio, *bio;
+    long ret = 1;
+    BIO *next;
+
+    bs = BIO_get_data(b);
+    next = BIO_next(b);
+    ssl = bs->ssl;
+    if ((ssl == NULL) && (cmd != BIO_C_SET_SSL))
+        return 0;
+    switch (cmd) {
+    case BIO_CTRL_RESET:
+        SSL_shutdown(ssl);
+
+        if (ssl->handshake_func == ssl->method->ssl_connect)
+            SSL_set_connect_state(ssl);
+        else if (ssl->handshake_func == ssl->method->ssl_accept)
+            SSL_set_accept_state(ssl);
+
+        if (!SSL_clear(ssl)) {
+            ret = 0;
+            break;
+        }
+
+        if (next != NULL)
+            ret = BIO_ctrl(next, cmd, num, ptr);
+        else if (ssl->rbio != NULL)
+            ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
+        else
+            ret = 1;
+        break;
+    case BIO_CTRL_INFO:
+        ret = 0;
+        break;
+    case BIO_C_SSL_MODE:
+        if (num)                /* client mode */
+            SSL_set_connect_state(ssl);
+        else
+            SSL_set_accept_state(ssl);
+        break;
+    case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT:
+        ret = bs->renegotiate_timeout;
+        if (num < 60)
+            num = 5;
+        bs->renegotiate_timeout = (unsigned long)num;
+        bs->last_time = (unsigned long)time(NULL);
+        break;
+    case BIO_C_SET_SSL_RENEGOTIATE_BYTES:
+        ret = bs->renegotiate_count;
+        if ((long)num >= 512)
+            bs->renegotiate_count = (unsigned long)num;
+        break;
+    case BIO_C_GET_SSL_NUM_RENEGOTIATES:
+        ret = bs->num_renegotiates;
+        break;
+    case BIO_C_SET_SSL:
+        if (ssl != NULL) {
+            ssl_free(b);
+            if (!ssl_new(b))
+                return 0;
+        }
+        BIO_set_shutdown(b, num);
+        ssl = (SSL *)ptr;
+        bs->ssl = ssl;
+        bio = SSL_get_rbio(ssl);
+        if (bio != NULL) {
+            if (next != NULL)
+                BIO_push(bio, next);
+            BIO_set_next(b, bio);
+            BIO_up_ref(bio);
+        }
+        BIO_set_init(b, 1);
+        break;
+    case BIO_C_GET_SSL:
+        if (ptr != NULL) {
+            sslp = (SSL **)ptr;
+            *sslp = ssl;
+        } else
+            ret = 0;
+        break;
+    case BIO_CTRL_GET_CLOSE:
+        ret = BIO_get_shutdown(b);
+        break;
+    case BIO_CTRL_SET_CLOSE:
+        BIO_set_shutdown(b, (int)num);
+        break;
+    case BIO_CTRL_WPENDING:
+        ret = BIO_ctrl(ssl->wbio, cmd, num, ptr);
+        break;
+    case BIO_CTRL_PENDING:
+        ret = SSL_pending(ssl);
+        if (ret == 0)
+            ret = BIO_pending(ssl->rbio);
+        break;
+    case BIO_CTRL_FLUSH:
+        BIO_clear_retry_flags(b);
+        ret = BIO_ctrl(ssl->wbio, cmd, num, ptr);
+        BIO_copy_next_retry(b);
+        break;
+    case BIO_CTRL_PUSH:
+        if ((next != NULL) && (next != ssl->rbio)) {
+            /*
+             * We are going to pass ownership of next to the SSL object...but
+             * we don't own a reference to pass yet - so up ref
+             */
+            BIO_up_ref(next);
+            SSL_set_bio(ssl, next, next);
+        }
+        break;
+    case BIO_CTRL_POP:
+        /* Only detach if we are the BIO explicitly being popped */
+        if (b == ptr) {
+            /* This will clear the reference we obtained during push */
+            SSL_set_bio(ssl, NULL, NULL);
+        }
+        break;
+    case BIO_C_DO_STATE_MACHINE:
+        BIO_clear_retry_flags(b);
+
+        BIO_set_retry_reason(b, 0);
+        ret = (int)SSL_do_handshake(ssl);
+
+        switch (SSL_get_error(ssl, (int)ret)) {
+        case SSL_ERROR_WANT_READ:
+            BIO_set_flags(b, BIO_FLAGS_READ | BIO_FLAGS_SHOULD_RETRY);
+            break;
+        case SSL_ERROR_WANT_WRITE:
+            BIO_set_flags(b, BIO_FLAGS_WRITE | BIO_FLAGS_SHOULD_RETRY);
+            break;
+        case SSL_ERROR_WANT_CONNECT:
+            BIO_set_flags(b, BIO_FLAGS_IO_SPECIAL | BIO_FLAGS_SHOULD_RETRY);
+            BIO_set_retry_reason(b, BIO_get_retry_reason(next));
+            break;
+        case SSL_ERROR_WANT_X509_LOOKUP:
+            BIO_set_retry_special(b);
+            BIO_set_retry_reason(b, BIO_RR_SSL_X509_LOOKUP);
+            break;
+        default:
+            break;
+        }
+        break;
+    case BIO_CTRL_DUP:
+        dbio = (BIO *)ptr;
+        dbs = BIO_get_data(dbio);
+        SSL_free(dbs->ssl);
+        dbs->ssl = SSL_dup(ssl);
+        dbs->num_renegotiates = bs->num_renegotiates;
+        dbs->renegotiate_count = bs->renegotiate_count;
+        dbs->byte_count = bs->byte_count;
+        dbs->renegotiate_timeout = bs->renegotiate_timeout;
+        dbs->last_time = bs->last_time;
+        ret = (dbs->ssl != NULL);
+        break;
+    case BIO_C_GET_FD:
+        ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
+        break;
+    case BIO_CTRL_SET_CALLBACK:
+        ret = 0; /* use callback ctrl */
+        break;
+    default:
+        ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
+        break;
+    }
+    return ret;
+}
+
+static long ssl_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
+{
+    SSL *ssl;
+    BIO_SSL *bs;
+    long ret = 1;
+
+    bs = BIO_get_data(b);
+    ssl = bs->ssl;
+    switch (cmd) {
+    case BIO_CTRL_SET_CALLBACK:
+        ret = BIO_callback_ctrl(ssl->rbio, cmd, fp);
+        break;
+    default:
+        ret = 0;
+        break;
+    }
+    return ret;
+}
+
+static int ssl_puts(BIO *bp, const char *str)
+{
+    int n, ret;
+
+    n = strlen(str);
+    ret = BIO_write(bp, str, n);
+    return ret;
+}
+
+BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx)
+{
+#ifndef OPENSSL_NO_SOCK
+    BIO *ret = NULL, *buf = NULL, *ssl = NULL;
+
+    if ((buf = BIO_new(BIO_f_buffer())) == NULL)
+        return NULL;
+    if ((ssl = BIO_new_ssl_connect(ctx)) == NULL)
+        goto err;
+    if ((ret = BIO_push(buf, ssl)) == NULL)
+        goto err;
+    return ret;
+ err:
+    BIO_free(buf);
+    BIO_free(ssl);
+#endif
+    return NULL;
+}
+
+BIO *BIO_new_ssl_connect(SSL_CTX *ctx)
+{
+#ifndef OPENSSL_NO_SOCK
+    BIO *ret = NULL, *con = NULL, *ssl = NULL;
+
+    if ((con = BIO_new(BIO_s_connect())) == NULL)
+        return NULL;
+    if ((ssl = BIO_new_ssl(ctx, 1)) == NULL)
+        goto err;
+    if ((ret = BIO_push(ssl, con)) == NULL)
+        goto err;
+    return ret;
+ err:
+    BIO_free(con);
+#endif
+    return NULL;
+}
+
+BIO *BIO_new_ssl(SSL_CTX *ctx, int client)
+{
+    BIO *ret;
+    SSL *ssl;
+
+    if ((ret = BIO_new(BIO_f_ssl())) == NULL)
+        return NULL;
+    if ((ssl = SSL_new(ctx)) == NULL) {
+        BIO_free(ret);
+        return NULL;
+    }
+    if (client)
+        SSL_set_connect_state(ssl);
+    else
+        SSL_set_accept_state(ssl);
+
+    BIO_set_ssl(ret, ssl, BIO_CLOSE);
+    return ret;
+}
+
+int BIO_ssl_copy_session_id(BIO *t, BIO *f)
+{
+    BIO_SSL *tdata, *fdata;
+    t = BIO_find_type(t, BIO_TYPE_SSL);
+    f = BIO_find_type(f, BIO_TYPE_SSL);
+    if ((t == NULL) || (f == NULL))
+        return 0;
+    tdata = BIO_get_data(t);
+    fdata = BIO_get_data(f);
+    if ((tdata->ssl == NULL) || (fdata->ssl == NULL))
+        return 0;
+    if (!SSL_copy_session_id(tdata->ssl, (fdata->ssl)))
+        return 0;
+    return 1;
+}
+
+void BIO_ssl_shutdown(BIO *b)
+{
+    BIO_SSL *bdata;
+
+    for (; b != NULL; b = BIO_next(b)) {
+        if (BIO_method_type(b) != BIO_TYPE_SSL)
+            continue;
+        bdata = BIO_get_data(b);
+        if (bdata != NULL && bdata->ssl != NULL)
+            SSL_shutdown(bdata->ssl);
+    }
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/build.info b/trunk/3rdparty/openssl-1.1-fit/ssl/build.info
new file mode 100644
index 000000000..bb2f1deb5
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/build.info
@@ -0,0 +1,15 @@
+LIBS=../libssl
+SOURCE[../libssl]=\
+        pqueue.c packet.c \
+        statem/statem_srvr.c statem/statem_clnt.c  s3_lib.c  s3_enc.c record/rec_layer_s3.c \
+        statem/statem_lib.c statem/extensions.c statem/extensions_srvr.c \
+        statem/extensions_clnt.c statem/extensions_cust.c s3_cbc.c s3_msg.c \
+        methods.c   t1_lib.c  t1_enc.c tls13_enc.c \
+        d1_lib.c  record/rec_layer_d1.c d1_msg.c \
+        statem/statem_dtls.c d1_srtp.c \
+        ssl_lib.c ssl_cert.c ssl_sess.c \
+        ssl_ciph.c ssl_stat.c ssl_rsa.c \
+        ssl_asn1.c ssl_txt.c ssl_init.c ssl_conf.c  ssl_mcnf.c \
+        bio_ssl.c ssl_err.c tls_srp.c t1_trce.c ssl_utst.c \
+        record/ssl3_buffer.c record/ssl3_record.c record/dtls1_bitmap.c \
+        statem/statem.c record/ssl3_record_tls13.c
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/d1_lib.c b/trunk/3rdparty/openssl-1.1-fit/ssl/d1_lib.c
new file mode 100644
index 000000000..fcda32754
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/d1_lib.c
@@ -0,0 +1,972 @@
+/*
+ * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include <stdio.h>
+#include <openssl/objects.h>
+#include <openssl/rand.h>
+#include "ssl_locl.h"
+
+static void get_current_time(struct timeval *t);
+static int dtls1_handshake_write(SSL *s);
+static size_t dtls1_link_min_mtu(void);
+
+/* XDTLS:  figure out the right values */
+static const size_t g_probable_mtu[] = { 1500, 512, 256 };
+
+const SSL3_ENC_METHOD DTLSv1_enc_data = {
+    tls1_enc,
+    tls1_mac,
+    tls1_setup_key_block,
+    tls1_generate_master_secret,
+    tls1_change_cipher_state,
+    tls1_final_finish_mac,
+    TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
+    TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
+    tls1_alert_code,
+    tls1_export_keying_material,
+    SSL_ENC_FLAG_DTLS | SSL_ENC_FLAG_EXPLICIT_IV,
+    dtls1_set_handshake_header,
+    dtls1_close_construct_packet,
+    dtls1_handshake_write
+};
+
+const SSL3_ENC_METHOD DTLSv1_2_enc_data = {
+    tls1_enc,
+    tls1_mac,
+    tls1_setup_key_block,
+    tls1_generate_master_secret,
+    tls1_change_cipher_state,
+    tls1_final_finish_mac,
+    TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
+    TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
+    tls1_alert_code,
+    tls1_export_keying_material,
+    SSL_ENC_FLAG_DTLS | SSL_ENC_FLAG_EXPLICIT_IV | SSL_ENC_FLAG_SIGALGS
+        | SSL_ENC_FLAG_SHA256_PRF | SSL_ENC_FLAG_TLS1_2_CIPHERS,
+    dtls1_set_handshake_header,
+    dtls1_close_construct_packet,
+    dtls1_handshake_write
+};
+
+long dtls1_default_timeout(void)
+{
+    /*
+     * 2 hours, the 24 hours mentioned in the DTLSv1 spec is way too long for
+     * http, the cache would over fill
+     */
+    return (60 * 60 * 2);
+}
+
+int dtls1_new(SSL *s)
+{
+    DTLS1_STATE *d1;
+
+    if (!DTLS_RECORD_LAYER_new(&s->rlayer)) {
+        return 0;
+    }
+
+    if (!ssl3_new(s))
+        return 0;
+    if ((d1 = OPENSSL_zalloc(sizeof(*d1))) == NULL) {
+        ssl3_free(s);
+        return 0;
+    }
+
+    d1->buffered_messages = pqueue_new();
+    d1->sent_messages = pqueue_new();
+
+    if (s->server) {
+        d1->cookie_len = sizeof(s->d1->cookie);
+    }
+
+    d1->link_mtu = 0;
+    d1->mtu = 0;
+
+    if (d1->buffered_messages == NULL || d1->sent_messages == NULL) {
+        pqueue_free(d1->buffered_messages);
+        pqueue_free(d1->sent_messages);
+        OPENSSL_free(d1);
+        ssl3_free(s);
+        return 0;
+    }
+
+    s->d1 = d1;
+
+    if (!s->method->ssl_clear(s))
+        return 0;
+
+    return 1;
+}
+
+static void dtls1_clear_queues(SSL *s)
+{
+    dtls1_clear_received_buffer(s);
+    dtls1_clear_sent_buffer(s);
+}
+
+void dtls1_clear_received_buffer(SSL *s)
+{
+    pitem *item = NULL;
+    hm_fragment *frag = NULL;
+
+    while ((item = pqueue_pop(s->d1->buffered_messages)) != NULL) {
+        frag = (hm_fragment *)item->data;
+        dtls1_hm_fragment_free(frag);
+        pitem_free(item);
+    }
+}
+
+void dtls1_clear_sent_buffer(SSL *s)
+{
+    pitem *item = NULL;
+    hm_fragment *frag = NULL;
+
+    while ((item = pqueue_pop(s->d1->sent_messages)) != NULL) {
+        frag = (hm_fragment *)item->data;
+        dtls1_hm_fragment_free(frag);
+        pitem_free(item);
+    }
+}
+
+
+void dtls1_free(SSL *s)
+{
+    DTLS_RECORD_LAYER_free(&s->rlayer);
+
+    ssl3_free(s);
+
+    dtls1_clear_queues(s);
+
+    pqueue_free(s->d1->buffered_messages);
+    pqueue_free(s->d1->sent_messages);
+
+    OPENSSL_free(s->d1);
+    s->d1 = NULL;
+}
+
+int dtls1_clear(SSL *s)
+{
+    pqueue *buffered_messages;
+    pqueue *sent_messages;
+    size_t mtu;
+    size_t link_mtu;
+
+    DTLS_RECORD_LAYER_clear(&s->rlayer);
+
+    if (s->d1) {
+        DTLS_timer_cb timer_cb = s->d1->timer_cb;
+
+        buffered_messages = s->d1->buffered_messages;
+        sent_messages = s->d1->sent_messages;
+        mtu = s->d1->mtu;
+        link_mtu = s->d1->link_mtu;
+
+        dtls1_clear_queues(s);
+
+        memset(s->d1, 0, sizeof(*s->d1));
+
+        /* Restore the timer callback from previous state */
+        s->d1->timer_cb = timer_cb;
+
+        if (s->server) {
+            s->d1->cookie_len = sizeof(s->d1->cookie);
+        }
+
+        if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) {
+            s->d1->mtu = mtu;
+            s->d1->link_mtu = link_mtu;
+        }
+
+        s->d1->buffered_messages = buffered_messages;
+        s->d1->sent_messages = sent_messages;
+    }
+
+    if (!ssl3_clear(s))
+        return 0;
+
+    if (s->method->version == DTLS_ANY_VERSION)
+        s->version = DTLS_MAX_VERSION;
+#ifndef OPENSSL_NO_DTLS1_METHOD
+    else if (s->options & SSL_OP_CISCO_ANYCONNECT)
+        s->client_version = s->version = DTLS1_BAD_VER;
+#endif
+    else
+        s->version = s->method->version;
+
+    return 1;
+}
+
+long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg)
+{
+    int ret = 0;
+
+    switch (cmd) {
+    case DTLS_CTRL_GET_TIMEOUT:
+        if (dtls1_get_timeout(s, (struct timeval *)parg) != NULL) {
+            ret = 1;
+        }
+        break;
+    case DTLS_CTRL_HANDLE_TIMEOUT:
+        ret = dtls1_handle_timeout(s);
+        break;
+    case DTLS_CTRL_SET_LINK_MTU:
+        if (larg < (long)dtls1_link_min_mtu())
+            return 0;
+        s->d1->link_mtu = larg;
+        return 1;
+    case DTLS_CTRL_GET_LINK_MIN_MTU:
+        return (long)dtls1_link_min_mtu();
+    case SSL_CTRL_SET_MTU:
+        /*
+         *  We may not have a BIO set yet so can't call dtls1_min_mtu()
+         *  We'll have to make do with dtls1_link_min_mtu() and max overhead
+         */
+        if (larg < (long)dtls1_link_min_mtu() - DTLS1_MAX_MTU_OVERHEAD)
+            return 0;
+        s->d1->mtu = larg;
+        return larg;
+    default:
+        ret = ssl3_ctrl(s, cmd, larg, parg);
+        break;
+    }
+    return ret;
+}
+
+void dtls1_start_timer(SSL *s)
+{
+    unsigned int sec, usec;
+
+#ifndef OPENSSL_NO_SCTP
+    /* Disable timer for SCTP */
+    if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
+        memset(&s->d1->next_timeout, 0, sizeof(s->d1->next_timeout));
+        return;
+    }
+#endif
+
+    /*
+     * If timer is not set, initialize duration with 1 second or
+     * a user-specified value if the timer callback is installed.
+     */
+    if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) {
+
+        if (s->d1->timer_cb != NULL)
+            s->d1->timeout_duration_us = s->d1->timer_cb(s, 0);
+        else
+            s->d1->timeout_duration_us = 1000000;
+    }
+
+    /* Set timeout to current time */
+    get_current_time(&(s->d1->next_timeout));
+
+    /* Add duration to current time */
+
+    sec  = s->d1->timeout_duration_us / 1000000;
+    usec = s->d1->timeout_duration_us - (sec * 1000000);
+
+    s->d1->next_timeout.tv_sec  += sec;
+    s->d1->next_timeout.tv_usec += usec;
+
+    if (s->d1->next_timeout.tv_usec >= 1000000) {
+        s->d1->next_timeout.tv_sec++;
+        s->d1->next_timeout.tv_usec -= 1000000;
+    }
+
+    BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
+             &(s->d1->next_timeout));
+}
+
+struct timeval *dtls1_get_timeout(SSL *s, struct timeval *timeleft)
+{
+    struct timeval timenow;
+
+    /* If no timeout is set, just return NULL */
+    if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) {
+        return NULL;
+    }
+
+    /* Get current time */
+    get_current_time(&timenow);
+
+    /* If timer already expired, set remaining time to 0 */
+    if (s->d1->next_timeout.tv_sec < timenow.tv_sec ||
+        (s->d1->next_timeout.tv_sec == timenow.tv_sec &&
+         s->d1->next_timeout.tv_usec <= timenow.tv_usec)) {
+        memset(timeleft, 0, sizeof(*timeleft));
+        return timeleft;
+    }
+
+    /* Calculate time left until timer expires */
+    memcpy(timeleft, &(s->d1->next_timeout), sizeof(struct timeval));
+    timeleft->tv_sec -= timenow.tv_sec;
+    timeleft->tv_usec -= timenow.tv_usec;
+    if (timeleft->tv_usec < 0) {
+        timeleft->tv_sec--;
+        timeleft->tv_usec += 1000000;
+    }
+
+    /*
+     * If remaining time is less than 15 ms, set it to 0 to prevent issues
+     * because of small divergences with socket timeouts.
+     */
+    if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000) {
+        memset(timeleft, 0, sizeof(*timeleft));
+    }
+
+    return timeleft;
+}
+
+int dtls1_is_timer_expired(SSL *s)
+{
+    struct timeval timeleft;
+
+    /* Get time left until timeout, return false if no timer running */
+    if (dtls1_get_timeout(s, &timeleft) == NULL) {
+        return 0;
+    }
+
+    /* Return false if timer is not expired yet */
+    if (timeleft.tv_sec > 0 || timeleft.tv_usec > 0) {
+        return 0;
+    }
+
+    /* Timer expired, so return true */
+    return 1;
+}
+
+void dtls1_double_timeout(SSL *s)
+{
+    s->d1->timeout_duration_us *= 2;
+    if (s->d1->timeout_duration_us > 60000000)
+        s->d1->timeout_duration_us = 60000000;
+    dtls1_start_timer(s);
+}
+
+void dtls1_stop_timer(SSL *s)
+{
+    /* Reset everything */
+    memset(&s->d1->timeout, 0, sizeof(s->d1->timeout));
+    memset(&s->d1->next_timeout, 0, sizeof(s->d1->next_timeout));
+    s->d1->timeout_duration_us = 1000000;
+    BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
+             &(s->d1->next_timeout));
+    /* Clear retransmission buffer */
+    dtls1_clear_sent_buffer(s);
+}
+
+int dtls1_check_timeout_num(SSL *s)
+{
+    size_t mtu;
+
+    s->d1->timeout.num_alerts++;
+
+    /* Reduce MTU after 2 unsuccessful retransmissions */
+    if (s->d1->timeout.num_alerts > 2
+        && !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
+        mtu =
+            BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
+        if (mtu < s->d1->mtu)
+            s->d1->mtu = mtu;
+    }
+
+    if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) {
+        /* fail the connection, enough alerts have been sent */
+        SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_DTLS1_CHECK_TIMEOUT_NUM,
+                 SSL_R_READ_TIMEOUT_EXPIRED);
+        return -1;
+    }
+
+    return 0;
+}
+
+int dtls1_handle_timeout(SSL *s)
+{
+    /* if no timer is expired, don't do anything */
+    if (!dtls1_is_timer_expired(s)) {
+        return 0;
+    }
+
+    if (s->d1->timer_cb != NULL)
+        s->d1->timeout_duration_us = s->d1->timer_cb(s, s->d1->timeout_duration_us);
+    else
+        dtls1_double_timeout(s);
+
+    if (dtls1_check_timeout_num(s) < 0) {
+        /* SSLfatal() already called */
+        return -1;
+    }
+
+    s->d1->timeout.read_timeouts++;
+    if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) {
+        s->d1->timeout.read_timeouts = 1;
+    }
+
+    dtls1_start_timer(s);
+    /* Calls SSLfatal() if required */
+    return dtls1_retransmit_buffered_messages(s);
+}
+
+static void get_current_time(struct timeval *t)
+{
+#if defined(_WIN32)
+    SYSTEMTIME st;
+    union {
+        unsigned __int64 ul;
+        FILETIME ft;
+    } now;
+
+    GetSystemTime(&st);
+    SystemTimeToFileTime(&st, &now.ft);
+    /* re-bias to 1/1/1970 */
+# ifdef  __MINGW32__
+    now.ul -= 116444736000000000ULL;
+# else
+    /* *INDENT-OFF* */
+    now.ul -= 116444736000000000UI64;
+    /* *INDENT-ON* */
+# endif
+    t->tv_sec = (long)(now.ul / 10000000);
+    t->tv_usec = ((int)(now.ul % 10000000)) / 10;
+#else
+    gettimeofday(t, NULL);
+#endif
+}
+
+#define LISTEN_SUCCESS              2
+#define LISTEN_SEND_VERIFY_REQUEST  1
+
+#ifndef OPENSSL_NO_SOCK
+int DTLSv1_listen(SSL *s, BIO_ADDR *client)
+{
+    int next, n, ret = 0;
+    unsigned char cookie[DTLS1_COOKIE_LENGTH];
+    unsigned char seq[SEQ_NUM_SIZE];
+    const unsigned char *data;
+    unsigned char *buf, *wbuf;
+    size_t fragoff, fraglen, msglen, reclen, align = 0;
+    unsigned int rectype, versmajor, msgseq, msgtype, clientvers, cookielen;
+    BIO *rbio, *wbio;
+    BIO_ADDR *tmpclient = NULL;
+    PACKET pkt, msgpkt, msgpayload, session, cookiepkt;
+
+    if (s->handshake_func == NULL) {
+        /* Not properly initialized yet */
+        SSL_set_accept_state(s);
+    }
+
+    /* Ensure there is no state left over from a previous invocation */
+    if (!SSL_clear(s))
+        return -1;
+
+    ERR_clear_error();
+
+    rbio = SSL_get_rbio(s);
+    wbio = SSL_get_wbio(s);
+
+    if (!rbio || !wbio) {
+        SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_BIO_NOT_SET);
+        return -1;
+    }
+
+    /*
+     * Note: This check deliberately excludes DTLS1_BAD_VER because that version
+     * requires the MAC to be calculated *including* the first ClientHello
+     * (without the cookie). Since DTLSv1_listen is stateless that cannot be
+     * supported. DTLS1_BAD_VER must use cookies in a stateful manner (e.g. via
+     * SSL_accept)
+     */
+    if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00)) {
+        SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_UNSUPPORTED_SSL_VERSION);
+        return -1;
+    }
+
+    if (!ssl3_setup_buffers(s)) {
+        /* SSLerr already called */
+        return -1;
+    }
+    buf = RECORD_LAYER_get_rbuf(&s->rlayer)->buf;
+    wbuf = RECORD_LAYER_get_wbuf(&s->rlayer)[0].buf;
+#if defined(SSL3_ALIGN_PAYLOAD)
+# if SSL3_ALIGN_PAYLOAD != 0
+    /*
+     * Using SSL3_RT_HEADER_LENGTH here instead of DTLS1_RT_HEADER_LENGTH for
+     * consistency with ssl3_read_n. In practice it should make no difference
+     * for sensible values of SSL3_ALIGN_PAYLOAD because the difference between
+     * SSL3_RT_HEADER_LENGTH and DTLS1_RT_HEADER_LENGTH is exactly 8
+     */
+    align = (size_t)buf + SSL3_RT_HEADER_LENGTH;
+    align = SSL3_ALIGN_PAYLOAD - 1 - ((align - 1) % SSL3_ALIGN_PAYLOAD);
+# endif
+#endif
+    buf += align;
+
+    do {
+        /* Get a packet */
+
+        clear_sys_error();
+        n = BIO_read(rbio, buf, SSL3_RT_MAX_PLAIN_LENGTH
+                                + DTLS1_RT_HEADER_LENGTH);
+        if (n <= 0) {
+            if (BIO_should_retry(rbio)) {
+                /* Non-blocking IO */
+                goto end;
+            }
+            return -1;
+        }
+
+        if (!PACKET_buf_init(&pkt, buf, n)) {
+            SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_INTERNAL_ERROR);
+            return -1;
+        }
+
+        /*
+         * Parse the received record. If there are any problems with it we just
+         * dump it - with no alert. RFC6347 says this "Unlike TLS, DTLS is
+         * resilient in the face of invalid records (e.g., invalid formatting,
+         * length, MAC, etc.).  In general, invalid records SHOULD be silently
+         * discarded, thus preserving the association; however, an error MAY be
+         * logged for diagnostic purposes."
+         */
+
+        /* this packet contained a partial record, dump it */
+        if (n < DTLS1_RT_HEADER_LENGTH) {
+            SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_RECORD_TOO_SMALL);
+            goto end;
+        }
+
+        if (s->msg_callback)
+            s->msg_callback(0, 0, SSL3_RT_HEADER, buf,
+                            DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg);
+
+        /* Get the record header */
+        if (!PACKET_get_1(&pkt, &rectype)
+            || !PACKET_get_1(&pkt, &versmajor)) {
+            SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_LENGTH_MISMATCH);
+            goto end;
+        }
+
+        if (rectype != SSL3_RT_HANDSHAKE) {
+            SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_UNEXPECTED_MESSAGE);
+            goto end;
+        }
+
+        /*
+         * Check record version number. We only check that the major version is
+         * the same.
+         */
+        if (versmajor != DTLS1_VERSION_MAJOR) {
+            SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_BAD_PROTOCOL_VERSION_NUMBER);
+            goto end;
+        }
+
+        if (!PACKET_forward(&pkt, 1)
+            /* Save the sequence number: 64 bits, with top 2 bytes = epoch */
+            || !PACKET_copy_bytes(&pkt, seq, SEQ_NUM_SIZE)
+            || !PACKET_get_length_prefixed_2(&pkt, &msgpkt)) {
+            SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_LENGTH_MISMATCH);
+            goto end;
+        }
+        reclen = PACKET_remaining(&msgpkt);
+        /*
+         * We allow data remaining at the end of the packet because there could
+         * be a second record (but we ignore it)
+         */
+
+        /* This is an initial ClientHello so the epoch has to be 0 */
+        if (seq[0] != 0 || seq[1] != 0) {
+            SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_UNEXPECTED_MESSAGE);
+            goto end;
+        }
+
+        /* Get a pointer to the raw message for the later callback */
+        data = PACKET_data(&msgpkt);
+
+        /* Finished processing the record header, now process the message */
+        if (!PACKET_get_1(&msgpkt, &msgtype)
+            || !PACKET_get_net_3_len(&msgpkt, &msglen)
+            || !PACKET_get_net_2(&msgpkt, &msgseq)
+            || !PACKET_get_net_3_len(&msgpkt, &fragoff)
+            || !PACKET_get_net_3_len(&msgpkt, &fraglen)
+            || !PACKET_get_sub_packet(&msgpkt, &msgpayload, fraglen)
+            || PACKET_remaining(&msgpkt) != 0) {
+            SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_LENGTH_MISMATCH);
+            goto end;
+        }
+
+        if (msgtype != SSL3_MT_CLIENT_HELLO) {
+            SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_UNEXPECTED_MESSAGE);
+            goto end;
+        }
+
+        /* Message sequence number can only be 0 or 1 */
+        if (msgseq > 2) {
+            SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_INVALID_SEQUENCE_NUMBER);
+            goto end;
+        }
+
+        /*
+         * We don't support fragment reassembly for ClientHellos whilst
+         * listening because that would require server side state (which is
+         * against the whole point of the ClientHello/HelloVerifyRequest
+         * mechanism). Instead we only look at the first ClientHello fragment
+         * and require that the cookie must be contained within it.
+         */
+        if (fragoff != 0 || fraglen > msglen) {
+            /* Non initial ClientHello fragment (or bad fragment) */
+            SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_FRAGMENTED_CLIENT_HELLO);
+            goto end;
+        }
+
+        if (s->msg_callback)
+            s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, data,
+                            fraglen + DTLS1_HM_HEADER_LENGTH, s,
+                            s->msg_callback_arg);
+
+        if (!PACKET_get_net_2(&msgpayload, &clientvers)) {
+            SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_LENGTH_MISMATCH);
+            goto end;
+        }
+
+        /*
+         * Verify client version is supported
+         */
+        if (DTLS_VERSION_LT(clientvers, (unsigned int)s->method->version) &&
+            s->method->version != DTLS_ANY_VERSION) {
+            SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_WRONG_VERSION_NUMBER);
+            goto end;
+        }
+
+        if (!PACKET_forward(&msgpayload, SSL3_RANDOM_SIZE)
+            || !PACKET_get_length_prefixed_1(&msgpayload, &session)
+            || !PACKET_get_length_prefixed_1(&msgpayload, &cookiepkt)) {
+            /*
+             * Could be malformed or the cookie does not fit within the initial
+             * ClientHello fragment. Either way we can't handle it.
+             */
+            SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_LENGTH_MISMATCH);
+            goto end;
+        }
+
+        /*
+         * Check if we have a cookie or not. If not we need to send a
+         * HelloVerifyRequest.
+         */
+        if (PACKET_remaining(&cookiepkt) == 0) {
+            next = LISTEN_SEND_VERIFY_REQUEST;
+        } else {
+            /*
+             * We have a cookie, so lets check it.
+             */
+            if (s->ctx->app_verify_cookie_cb == NULL) {
+                SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_NO_VERIFY_COOKIE_CALLBACK);
+                /* This is fatal */
+                return -1;
+            }
+            if (s->ctx->app_verify_cookie_cb(s, PACKET_data(&cookiepkt),
+                    (unsigned int)PACKET_remaining(&cookiepkt)) == 0) {
+                /*
+                 * We treat invalid cookies in the same was as no cookie as
+                 * per RFC6347
+                 */
+                next = LISTEN_SEND_VERIFY_REQUEST;
+            } else {
+                /* Cookie verification succeeded */
+                next = LISTEN_SUCCESS;
+            }
+        }
+
+        if (next == LISTEN_SEND_VERIFY_REQUEST) {
+            WPACKET wpkt;
+            unsigned int version;
+            size_t wreclen;
+
+            /*
+             * There was no cookie in the ClientHello so we need to send a
+             * HelloVerifyRequest. If this fails we do not worry about trying
+             * to resend, we just drop it.
+             */
+
+            /* Generate the cookie */
+            if (s->ctx->app_gen_cookie_cb == NULL ||
+                s->ctx->app_gen_cookie_cb(s, cookie, &cookielen) == 0 ||
+                cookielen > 255) {
+                SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_COOKIE_GEN_CALLBACK_FAILURE);
+                /* This is fatal */
+                return -1;
+            }
+
+            /*
+             * Special case: for hello verify request, client version 1.0 and we
+             * haven't decided which version to use yet send back using version
+             * 1.0 header: otherwise some clients will ignore it.
+             */
+            version = (s->method->version == DTLS_ANY_VERSION) ? DTLS1_VERSION
+                                                               : s->version;
+
+            /* Construct the record and message headers */
+            if (!WPACKET_init_static_len(&wpkt,
+                                         wbuf,
+                                         ssl_get_max_send_fragment(s)
+                                         + DTLS1_RT_HEADER_LENGTH,
+                                         0)
+                    || !WPACKET_put_bytes_u8(&wpkt, SSL3_RT_HANDSHAKE)
+                    || !WPACKET_put_bytes_u16(&wpkt, version)
+                       /*
+                        * Record sequence number is always the same as in the
+                        * received ClientHello
+                        */
+                    || !WPACKET_memcpy(&wpkt, seq, SEQ_NUM_SIZE)
+                       /* End of record, start sub packet for message */
+                    || !WPACKET_start_sub_packet_u16(&wpkt)
+                       /* Message type */
+                    || !WPACKET_put_bytes_u8(&wpkt,
+                                             DTLS1_MT_HELLO_VERIFY_REQUEST)
+                       /*
+                        * Message length - doesn't follow normal TLS convention:
+                        * the length isn't the last thing in the message header.
+                        * We'll need to fill this in later when we know the
+                        * length. Set it to zero for now
+                        */
+                    || !WPACKET_put_bytes_u24(&wpkt, 0)
+                       /*
+                        * Message sequence number is always 0 for a
+                        * HelloVerifyRequest
+                        */
+                    || !WPACKET_put_bytes_u16(&wpkt, 0)
+                       /*
+                        * We never fragment a HelloVerifyRequest, so fragment
+                        * offset is 0
+                        */
+                    || !WPACKET_put_bytes_u24(&wpkt, 0)
+                       /*
+                        * Fragment length is the same as message length, but
+                        * this *is* the last thing in the message header so we
+                        * can just start a sub-packet. No need to come back
+                        * later for this one.
+                        */
+                    || !WPACKET_start_sub_packet_u24(&wpkt)
+                       /* Create the actual HelloVerifyRequest body */
+                    || !dtls_raw_hello_verify_request(&wpkt, cookie, cookielen)
+                       /* Close message body */
+                    || !WPACKET_close(&wpkt)
+                       /* Close record body */
+                    || !WPACKET_close(&wpkt)
+                    || !WPACKET_get_total_written(&wpkt, &wreclen)
+                    || !WPACKET_finish(&wpkt)) {
+                SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_INTERNAL_ERROR);
+                WPACKET_cleanup(&wpkt);
+                /* This is fatal */
+                return -1;
+            }
+
+            /*
+             * Fix up the message len in the message header. Its the same as the
+             * fragment len which has been filled in by WPACKET, so just copy
+             * that. Destination for the message len is after the record header
+             * plus one byte for the message content type. The source is the
+             * last 3 bytes of the message header
+             */
+            memcpy(&wbuf[DTLS1_RT_HEADER_LENGTH + 1],
+                   &wbuf[DTLS1_RT_HEADER_LENGTH + DTLS1_HM_HEADER_LENGTH - 3],
+                   3);
+
+            if (s->msg_callback)
+                s->msg_callback(1, 0, SSL3_RT_HEADER, buf,
+                                DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg);
+
+            if ((tmpclient = BIO_ADDR_new()) == NULL) {
+                SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_MALLOC_FAILURE);
+                goto end;
+            }
+
+            /*
+             * This is unnecessary if rbio and wbio are one and the same - but
+             * maybe they're not. We ignore errors here - some BIOs do not
+             * support this.
+             */
+            if (BIO_dgram_get_peer(rbio, tmpclient) > 0) {
+                (void)BIO_dgram_set_peer(wbio, tmpclient);
+            }
+            BIO_ADDR_free(tmpclient);
+            tmpclient = NULL;
+
+            /* TODO(size_t): convert this call */
+            if (BIO_write(wbio, wbuf, wreclen) < (int)wreclen) {
+                if (BIO_should_retry(wbio)) {
+                    /*
+                     * Non-blocking IO...but we're stateless, so we're just
+                     * going to drop this packet.
+                     */
+                    goto end;
+                }
+                return -1;
+            }
+
+            if (BIO_flush(wbio) <= 0) {
+                if (BIO_should_retry(wbio)) {
+                    /*
+                     * Non-blocking IO...but we're stateless, so we're just
+                     * going to drop this packet.
+                     */
+                    goto end;
+                }
+                return -1;
+            }
+        }
+    } while (next != LISTEN_SUCCESS);
+
+    /*
+     * Set expected sequence numbers to continue the handshake.
+     */
+    s->d1->handshake_read_seq = 1;
+    s->d1->handshake_write_seq = 1;
+    s->d1->next_handshake_write_seq = 1;
+    DTLS_RECORD_LAYER_set_write_sequence(&s->rlayer, seq);
+
+    /*
+     * We are doing cookie exchange, so make sure we set that option in the
+     * SSL object
+     */
+    SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
+
+    /*
+     * Tell the state machine that we've done the initial hello verify
+     * exchange
+     */
+    ossl_statem_set_hello_verify_done(s);
+
+    /*
+     * Some BIOs may not support this. If we fail we clear the client address
+     */
+    if (BIO_dgram_get_peer(rbio, client) <= 0)
+        BIO_ADDR_clear(client);
+
+    /* Buffer the record in the processed_rcds queue */
+    if (!dtls_buffer_listen_record(s, reclen, seq, align))
+        return -1;
+
+    ret = 1;
+ end:
+    BIO_ADDR_free(tmpclient);
+    return ret;
+}
+#endif
+
+static int dtls1_handshake_write(SSL *s)
+{
+    return dtls1_do_write(s, SSL3_RT_HANDSHAKE);
+}
+
+int dtls1_shutdown(SSL *s)
+{
+    int ret;
+#ifndef OPENSSL_NO_SCTP
+    BIO *wbio;
+
+    wbio = SSL_get_wbio(s);
+    if (wbio != NULL && BIO_dgram_is_sctp(wbio) &&
+        !(s->shutdown & SSL_SENT_SHUTDOWN)) {
+        ret = BIO_dgram_sctp_wait_for_dry(wbio);
+        if (ret < 0)
+            return -1;
+
+        if (ret == 0)
+            BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 1,
+                     NULL);
+    }
+#endif
+    ret = ssl3_shutdown(s);
+#ifndef OPENSSL_NO_SCTP
+    BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 0, NULL);
+#endif
+    return ret;
+}
+
+int dtls1_query_mtu(SSL *s)
+{
+    if (s->d1->link_mtu) {
+        s->d1->mtu =
+            s->d1->link_mtu - BIO_dgram_get_mtu_overhead(SSL_get_wbio(s));
+        s->d1->link_mtu = 0;
+    }
+
+    /* AHA!  Figure out the MTU, and stick to the right size */
+    if (s->d1->mtu < dtls1_min_mtu(s)) {
+        if (!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
+            s->d1->mtu =
+                BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
+
+            /*
+             * I've seen the kernel return bogus numbers when it doesn't know
+             * (initial write), so just make sure we have a reasonable number
+             */
+            if (s->d1->mtu < dtls1_min_mtu(s)) {
+                /* Set to min mtu */
+                s->d1->mtu = dtls1_min_mtu(s);
+                BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU,
+                         (long)s->d1->mtu, NULL);
+            }
+        } else
+            return 0;
+    }
+    return 1;
+}
+
+static size_t dtls1_link_min_mtu(void)
+{
+    return (g_probable_mtu[(sizeof(g_probable_mtu) /
+                            sizeof(g_probable_mtu[0])) - 1]);
+}
+
+size_t dtls1_min_mtu(SSL *s)
+{
+    return dtls1_link_min_mtu() - BIO_dgram_get_mtu_overhead(SSL_get_wbio(s));
+}
+
+size_t DTLS_get_data_mtu(const SSL *s)
+{
+    size_t mac_overhead, int_overhead, blocksize, ext_overhead;
+    const SSL_CIPHER *ciph = SSL_get_current_cipher(s);
+    size_t mtu = s->d1->mtu;
+
+    if (ciph == NULL)
+        return 0;
+
+    if (!ssl_cipher_get_overhead(ciph, &mac_overhead, &int_overhead,
+                                 &blocksize, &ext_overhead))
+        return 0;
+
+    if (SSL_READ_ETM(s))
+        ext_overhead += mac_overhead;
+    else
+        int_overhead += mac_overhead;
+
+    /* Subtract external overhead (e.g. IV/nonce, separate MAC) */
+    if (ext_overhead + DTLS1_RT_HEADER_LENGTH >= mtu)
+        return 0;
+    mtu -= ext_overhead + DTLS1_RT_HEADER_LENGTH;
+
+    /* Round encrypted payload down to cipher block size (for CBC etc.)
+     * No check for overflow since 'mtu % blocksize' cannot exceed mtu. */
+    if (blocksize)
+        mtu -= (mtu % blocksize);
+
+    /* Subtract internal overhead (e.g. CBC padding len byte) */
+    if (int_overhead >= mtu)
+        return 0;
+    mtu -= int_overhead;
+
+    return mtu;
+}
+
+void DTLS_set_timer_cb(SSL *s, DTLS_timer_cb cb)
+{
+    s->d1->timer_cb = cb;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/d1_msg.c b/trunk/3rdparty/openssl-1.1-fit/ssl/d1_msg.c
new file mode 100644
index 000000000..5906e88ca
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/d1_msg.c
@@ -0,0 +1,73 @@
+/*
+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "ssl_locl.h"
+
+int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, size_t len,
+                               size_t *written)
+{
+    int i;
+
+    if (SSL_in_init(s) && !ossl_statem_get_in_handshake(s)) {
+        i = s->handshake_func(s);
+        if (i < 0)
+            return i;
+        if (i == 0) {
+            SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES,
+                   SSL_R_SSL_HANDSHAKE_FAILURE);
+            return -1;
+        }
+    }
+
+    if (len > SSL3_RT_MAX_PLAIN_LENGTH) {
+        SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES, SSL_R_DTLS_MESSAGE_TOO_BIG);
+        return -1;
+    }
+
+    return dtls1_write_bytes(s, type, buf_, len, written);
+}
+
+int dtls1_dispatch_alert(SSL *s)
+{
+    int i, j;
+    void (*cb) (const SSL *ssl, int type, int val) = NULL;
+    unsigned char buf[DTLS1_AL_HEADER_LENGTH];
+    unsigned char *ptr = &buf[0];
+    size_t written;
+
+    s->s3->alert_dispatch = 0;
+
+    memset(buf, 0, sizeof(buf));
+    *ptr++ = s->s3->send_alert[0];
+    *ptr++ = s->s3->send_alert[1];
+
+    i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), 0, &written);
+    if (i <= 0) {
+        s->s3->alert_dispatch = 1;
+        /* fprintf( stderr, "not done with alert\n" ); */
+    } else {
+        if (s->s3->send_alert[0] == SSL3_AL_FATAL)
+            (void)BIO_flush(s->wbio);
+
+        if (s->msg_callback)
+            s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert,
+                            2, s, s->msg_callback_arg);
+
+        if (s->info_callback != NULL)
+            cb = s->info_callback;
+        else if (s->ctx->info_callback != NULL)
+            cb = s->ctx->info_callback;
+
+        if (cb != NULL) {
+            j = (s->s3->send_alert[0] << 8) | s->s3->send_alert[1];
+            cb(s, SSL_CB_WRITE_ALERT, j);
+        }
+    }
+    return i;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/d1_srtp.c b/trunk/3rdparty/openssl-1.1-fit/ssl/d1_srtp.c
new file mode 100644
index 000000000..ff8f0c571
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/d1_srtp.c
@@ -0,0 +1,139 @@
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * DTLS code by Eric Rescorla <ekr@rtfm.com>
+ *
+ * Copyright (C) 2006, Network Resonance, Inc. Copyright (C) 2011, RTFM, Inc.
+ */
+
+#include <stdio.h>
+#include <openssl/objects.h>
+#include "ssl_locl.h"
+
+#ifndef OPENSSL_NO_SRTP
+
+static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = {
+    {
+     "SRTP_AES128_CM_SHA1_80",
+     SRTP_AES128_CM_SHA1_80,
+     },
+    {
+     "SRTP_AES128_CM_SHA1_32",
+     SRTP_AES128_CM_SHA1_32,
+     },
+    {
+     "SRTP_AEAD_AES_128_GCM",
+     SRTP_AEAD_AES_128_GCM,
+     },
+    {
+     "SRTP_AEAD_AES_256_GCM",
+     SRTP_AEAD_AES_256_GCM,
+     },
+    {0}
+};
+
+static int find_profile_by_name(char *profile_name,
+                                SRTP_PROTECTION_PROFILE **pptr, size_t len)
+{
+    SRTP_PROTECTION_PROFILE *p;
+
+    p = srtp_known_profiles;
+    while (p->name) {
+        if ((len == strlen(p->name))
+            && strncmp(p->name, profile_name, len) == 0) {
+            *pptr = p;
+            return 0;
+        }
+
+        p++;
+    }
+
+    return 1;
+}
+
+static int ssl_ctx_make_profiles(const char *profiles_string,
+                                 STACK_OF(SRTP_PROTECTION_PROFILE) **out)
+{
+    STACK_OF(SRTP_PROTECTION_PROFILE) *profiles;
+
+    char *col;
+    char *ptr = (char *)profiles_string;
+    SRTP_PROTECTION_PROFILE *p;
+
+    if ((profiles = sk_SRTP_PROTECTION_PROFILE_new_null()) == NULL) {
+        SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,
+               SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
+        return 1;
+    }
+
+    do {
+        col = strchr(ptr, ':');
+
+        if (!find_profile_by_name(ptr, &p, col ? (size_t)(col - ptr)
+                                               : strlen(ptr))) {
+            if (sk_SRTP_PROTECTION_PROFILE_find(profiles, p) >= 0) {
+                SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,
+                       SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
+                goto err;
+            }
+
+            if (!sk_SRTP_PROTECTION_PROFILE_push(profiles, p)) {
+                SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,
+                       SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
+                goto err;
+            }
+        } else {
+            SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,
+                   SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE);
+            goto err;
+        }
+
+        if (col)
+            ptr = col + 1;
+    } while (col);
+
+    sk_SRTP_PROTECTION_PROFILE_free(*out);
+
+    *out = profiles;
+
+    return 0;
+ err:
+    sk_SRTP_PROTECTION_PROFILE_free(profiles);
+    return 1;
+}
+
+int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles)
+{
+    return ssl_ctx_make_profiles(profiles, &ctx->srtp_profiles);
+}
+
+int SSL_set_tlsext_use_srtp(SSL *s, const char *profiles)
+{
+    return ssl_ctx_make_profiles(profiles, &s->srtp_profiles);
+}
+
+STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *s)
+{
+    if (s != NULL) {
+        if (s->srtp_profiles != NULL) {
+            return s->srtp_profiles;
+        } else if ((s->ctx != NULL) && (s->ctx->srtp_profiles != NULL)) {
+            return s->ctx->srtp_profiles;
+        }
+    }
+
+    return NULL;
+}
+
+SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s)
+{
+    return s->srtp_profile;
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/methods.c b/trunk/3rdparty/openssl-1.1-fit/ssl/methods.c
new file mode 100644
index 000000000..348efe467
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/methods.c
@@ -0,0 +1,278 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/objects.h>
+#include "ssl_locl.h"
+
+/*-
+ * TLS/SSLv3 methods
+ */
+
+IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0,
+                        TLS_method,
+                        ossl_statem_accept,
+                        ossl_statem_connect, TLSv1_2_enc_data)
+IMPLEMENT_tls_meth_func(TLS1_3_VERSION, 0, SSL_OP_NO_TLSv1_3,
+                        tlsv1_3_method,
+                        ossl_statem_accept,
+                        ossl_statem_connect, TLSv1_3_enc_data)
+#ifndef OPENSSL_NO_TLS1_2_METHOD
+IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2,
+                        tlsv1_2_method,
+                        ossl_statem_accept,
+                        ossl_statem_connect, TLSv1_2_enc_data)
+#endif
+#ifndef OPENSSL_NO_TLS1_1_METHOD
+IMPLEMENT_tls_meth_func(TLS1_1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1_1,
+                        tlsv1_1_method,
+                        ossl_statem_accept,
+                        ossl_statem_connect, TLSv1_1_enc_data)
+#endif
+#ifndef OPENSSL_NO_TLS1_METHOD
+IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1,
+                        tlsv1_method,
+                        ossl_statem_accept, ossl_statem_connect, TLSv1_enc_data)
+#endif
+#ifndef OPENSSL_NO_SSL3_METHOD
+IMPLEMENT_ssl3_meth_func(sslv3_method, ossl_statem_accept, ossl_statem_connect)
+#endif
+/*-
+ * TLS/SSLv3 server methods
+ */
+IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0,
+                        TLS_server_method,
+                        ossl_statem_accept,
+                        ssl_undefined_function, TLSv1_2_enc_data)
+IMPLEMENT_tls_meth_func(TLS1_3_VERSION, 0, SSL_OP_NO_TLSv1_3,
+                        tlsv1_3_server_method,
+                        ossl_statem_accept,
+                        ssl_undefined_function, TLSv1_3_enc_data)
+#ifndef OPENSSL_NO_TLS1_2_METHOD
+IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2,
+                        tlsv1_2_server_method,
+                        ossl_statem_accept,
+                        ssl_undefined_function, TLSv1_2_enc_data)
+#endif
+#ifndef OPENSSL_NO_TLS1_1_METHOD
+IMPLEMENT_tls_meth_func(TLS1_1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1_1,
+                        tlsv1_1_server_method,
+                        ossl_statem_accept,
+                        ssl_undefined_function, TLSv1_1_enc_data)
+#endif
+#ifndef OPENSSL_NO_TLS1_METHOD
+IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1,
+                        tlsv1_server_method,
+                        ossl_statem_accept,
+                        ssl_undefined_function, TLSv1_enc_data)
+#endif
+#ifndef OPENSSL_NO_SSL3_METHOD
+IMPLEMENT_ssl3_meth_func(sslv3_server_method,
+                         ossl_statem_accept, ssl_undefined_function)
+#endif
+/*-
+ * TLS/SSLv3 client methods
+ */
+IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0,
+                        TLS_client_method,
+                        ssl_undefined_function,
+                        ossl_statem_connect, TLSv1_2_enc_data)
+IMPLEMENT_tls_meth_func(TLS1_3_VERSION, 0, SSL_OP_NO_TLSv1_3,
+                        tlsv1_3_client_method,
+                        ssl_undefined_function,
+                        ossl_statem_connect, TLSv1_3_enc_data)
+#ifndef OPENSSL_NO_TLS1_2_METHOD
+IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2,
+                        tlsv1_2_client_method,
+                        ssl_undefined_function,
+                        ossl_statem_connect, TLSv1_2_enc_data)
+#endif
+#ifndef OPENSSL_NO_TLS1_1_METHOD
+IMPLEMENT_tls_meth_func(TLS1_1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1_1,
+                        tlsv1_1_client_method,
+                        ssl_undefined_function,
+                        ossl_statem_connect, TLSv1_1_enc_data)
+#endif
+#ifndef OPENSSL_NO_TLS1_METHOD
+IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1,
+                        tlsv1_client_method,
+                        ssl_undefined_function,
+                        ossl_statem_connect, TLSv1_enc_data)
+#endif
+#ifndef OPENSSL_NO_SSL3_METHOD
+IMPLEMENT_ssl3_meth_func(sslv3_client_method,
+                         ssl_undefined_function, ossl_statem_connect)
+#endif
+/*-
+ * DTLS methods
+ */
+#ifndef OPENSSL_NO_DTLS1_METHOD
+IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1,
+                          dtlsv1_method,
+                          ossl_statem_accept,
+                          ossl_statem_connect, DTLSv1_enc_data)
+#endif
+#ifndef OPENSSL_NO_DTLS1_2_METHOD
+IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2,
+                          dtlsv1_2_method,
+                          ossl_statem_accept,
+                          ossl_statem_connect, DTLSv1_2_enc_data)
+#endif
+IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0,
+                          DTLS_method,
+                          ossl_statem_accept,
+                          ossl_statem_connect, DTLSv1_2_enc_data)
+
+/*-
+ * DTLS server methods
+ */
+#ifndef OPENSSL_NO_DTLS1_METHOD
+IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1,
+                          dtlsv1_server_method,
+                          ossl_statem_accept,
+                          ssl_undefined_function, DTLSv1_enc_data)
+#endif
+#ifndef OPENSSL_NO_DTLS1_2_METHOD
+IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2,
+                          dtlsv1_2_server_method,
+                          ossl_statem_accept,
+                          ssl_undefined_function, DTLSv1_2_enc_data)
+#endif
+IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0,
+                          DTLS_server_method,
+                          ossl_statem_accept,
+                          ssl_undefined_function, DTLSv1_2_enc_data)
+
+/*-
+ * DTLS client methods
+ */
+#ifndef OPENSSL_NO_DTLS1_METHOD
+IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1,
+                          dtlsv1_client_method,
+                          ssl_undefined_function,
+                          ossl_statem_connect, DTLSv1_enc_data)
+IMPLEMENT_dtls1_meth_func(DTLS1_BAD_VER, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1,
+                          dtls_bad_ver_client_method,
+                          ssl_undefined_function,
+                          ossl_statem_connect, DTLSv1_enc_data)
+#endif
+#ifndef OPENSSL_NO_DTLS1_2_METHOD
+IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2,
+                          dtlsv1_2_client_method,
+                          ssl_undefined_function,
+                          ossl_statem_connect, DTLSv1_2_enc_data)
+#endif
+IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0,
+                          DTLS_client_method,
+                          ssl_undefined_function,
+                          ossl_statem_connect, DTLSv1_2_enc_data)
+#if OPENSSL_API_COMPAT < 0x10100000L
+# ifndef OPENSSL_NO_TLS1_2_METHOD
+const SSL_METHOD *TLSv1_2_method(void)
+{
+    return tlsv1_2_method();
+}
+
+const SSL_METHOD *TLSv1_2_server_method(void)
+{
+    return tlsv1_2_server_method();
+}
+
+const SSL_METHOD *TLSv1_2_client_method(void)
+{
+    return tlsv1_2_client_method();
+}
+# endif
+
+# ifndef OPENSSL_NO_TLS1_1_METHOD
+const SSL_METHOD *TLSv1_1_method(void)
+{
+    return tlsv1_1_method();
+}
+
+const SSL_METHOD *TLSv1_1_server_method(void)
+{
+    return tlsv1_1_server_method();
+}
+
+const SSL_METHOD *TLSv1_1_client_method(void)
+{
+    return tlsv1_1_client_method();
+}
+# endif
+
+# ifndef OPENSSL_NO_TLS1_METHOD
+const SSL_METHOD *TLSv1_method(void)
+{
+    return tlsv1_method();
+}
+
+const SSL_METHOD *TLSv1_server_method(void)
+{
+    return tlsv1_server_method();
+}
+
+const SSL_METHOD *TLSv1_client_method(void)
+{
+    return tlsv1_client_method();
+}
+# endif
+
+# ifndef OPENSSL_NO_SSL3_METHOD
+const SSL_METHOD *SSLv3_method(void)
+{
+    return sslv3_method();
+}
+
+const SSL_METHOD *SSLv3_server_method(void)
+{
+    return sslv3_server_method();
+}
+
+const SSL_METHOD *SSLv3_client_method(void)
+{
+    return sslv3_client_method();
+}
+# endif
+
+# ifndef OPENSSL_NO_DTLS1_2_METHOD
+const SSL_METHOD *DTLSv1_2_method(void)
+{
+    return dtlsv1_2_method();
+}
+
+const SSL_METHOD *DTLSv1_2_server_method(void)
+{
+    return dtlsv1_2_server_method();
+}
+
+const SSL_METHOD *DTLSv1_2_client_method(void)
+{
+    return dtlsv1_2_client_method();
+}
+# endif
+
+# ifndef OPENSSL_NO_DTLS1_METHOD
+const SSL_METHOD *DTLSv1_method(void)
+{
+    return dtlsv1_method();
+}
+
+const SSL_METHOD *DTLSv1_server_method(void)
+{
+    return dtlsv1_server_method();
+}
+
+const SSL_METHOD *DTLSv1_client_method(void)
+{
+    return dtlsv1_client_method();
+}
+# endif
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/packet.c b/trunk/3rdparty/openssl-1.1-fit/ssl/packet.c
new file mode 100644
index 000000000..95031430e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/packet.c
@@ -0,0 +1,424 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include "packet_locl.h"
+#include <openssl/sslerr.h>
+
+#define DEFAULT_BUF_SIZE    256
+
+int WPACKET_allocate_bytes(WPACKET *pkt, size_t len, unsigned char **allocbytes)
+{
+    if (!WPACKET_reserve_bytes(pkt, len, allocbytes))
+        return 0;
+
+    pkt->written += len;
+    pkt->curr += len;
+    return 1;
+}
+
+int WPACKET_sub_allocate_bytes__(WPACKET *pkt, size_t len,
+                                 unsigned char **allocbytes, size_t lenbytes)
+{
+    if (!WPACKET_start_sub_packet_len__(pkt, lenbytes)
+            || !WPACKET_allocate_bytes(pkt, len, allocbytes)
+            || !WPACKET_close(pkt))
+        return 0;
+
+    return 1;
+}
+
+#define GETBUF(p)   (((p)->staticbuf != NULL) \
+                     ? (p)->staticbuf : (unsigned char *)(p)->buf->data)
+
+int WPACKET_reserve_bytes(WPACKET *pkt, size_t len, unsigned char **allocbytes)
+{
+    /* Internal API, so should not fail */
+    if (!ossl_assert(pkt->subs != NULL && len != 0))
+        return 0;
+
+    if (pkt->maxsize - pkt->written < len)
+        return 0;
+
+    if (pkt->staticbuf == NULL && (pkt->buf->length - pkt->written < len)) {
+        size_t newlen;
+        size_t reflen;
+
+        reflen = (len > pkt->buf->length) ? len : pkt->buf->length;
+
+        if (reflen > SIZE_MAX / 2) {
+            newlen = SIZE_MAX;
+        } else {
+            newlen = reflen * 2;
+            if (newlen < DEFAULT_BUF_SIZE)
+                newlen = DEFAULT_BUF_SIZE;
+        }
+        if (BUF_MEM_grow(pkt->buf, newlen) == 0)
+            return 0;
+    }
+    if (allocbytes != NULL)
+        *allocbytes = WPACKET_get_curr(pkt);
+
+    return 1;
+}
+
+int WPACKET_sub_reserve_bytes__(WPACKET *pkt, size_t len,
+                                unsigned char **allocbytes, size_t lenbytes)
+{
+    if (!WPACKET_reserve_bytes(pkt, lenbytes + len, allocbytes))
+        return 0;
+
+    *allocbytes += lenbytes;
+
+    return 1;
+}
+
+static size_t maxmaxsize(size_t lenbytes)
+{
+    if (lenbytes >= sizeof(size_t) || lenbytes == 0)
+        return SIZE_MAX;
+
+    return ((size_t)1 << (lenbytes * 8)) - 1 + lenbytes;
+}
+
+static int wpacket_intern_init_len(WPACKET *pkt, size_t lenbytes)
+{
+    unsigned char *lenchars;
+
+    pkt->curr = 0;
+    pkt->written = 0;
+
+    if ((pkt->subs = OPENSSL_zalloc(sizeof(*pkt->subs))) == NULL) {
+        SSLerr(SSL_F_WPACKET_INTERN_INIT_LEN, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    if (lenbytes == 0)
+        return 1;
+
+    pkt->subs->pwritten = lenbytes;
+    pkt->subs->lenbytes = lenbytes;
+
+    if (!WPACKET_allocate_bytes(pkt, lenbytes, &lenchars)) {
+        OPENSSL_free(pkt->subs);
+        pkt->subs = NULL;
+        return 0;
+    }
+    pkt->subs->packet_len = lenchars - GETBUF(pkt);
+
+    return 1;
+}
+
+int WPACKET_init_static_len(WPACKET *pkt, unsigned char *buf, size_t len,
+                            size_t lenbytes)
+{
+    size_t max = maxmaxsize(lenbytes);
+
+    /* Internal API, so should not fail */
+    if (!ossl_assert(buf != NULL && len > 0))
+        return 0;
+
+    pkt->staticbuf = buf;
+    pkt->buf = NULL;
+    pkt->maxsize = (max < len) ? max : len;
+
+    return wpacket_intern_init_len(pkt, lenbytes);
+}
+
+int WPACKET_init_len(WPACKET *pkt, BUF_MEM *buf, size_t lenbytes)
+{
+    /* Internal API, so should not fail */
+    if (!ossl_assert(buf != NULL))
+        return 0;
+
+    pkt->staticbuf = NULL;
+    pkt->buf = buf;
+    pkt->maxsize = maxmaxsize(lenbytes);
+
+    return wpacket_intern_init_len(pkt, lenbytes);
+}
+
+int WPACKET_init(WPACKET *pkt, BUF_MEM *buf)
+{
+    return WPACKET_init_len(pkt, buf, 0);
+}
+
+int WPACKET_set_flags(WPACKET *pkt, unsigned int flags)
+{
+    /* Internal API, so should not fail */
+    if (!ossl_assert(pkt->subs != NULL))
+        return 0;
+
+    pkt->subs->flags = flags;
+
+    return 1;
+}
+
+/* Store the |value| of length |len| at location |data| */
+static int put_value(unsigned char *data, size_t value, size_t len)
+{
+    for (data += len - 1; len > 0; len--) {
+        *data = (unsigned char)(value & 0xff);
+        data--;
+        value >>= 8;
+    }
+
+    /* Check whether we could fit the value in the assigned number of bytes */
+    if (value > 0)
+        return 0;
+
+    return 1;
+}
+
+
+/*
+ * Internal helper function used by WPACKET_close(), WPACKET_finish() and
+ * WPACKET_fill_lengths() to close a sub-packet and write out its length if
+ * necessary. If |doclose| is 0 then it goes through the motions of closing
+ * (i.e. it fills in all the lengths), but doesn't actually close anything.
+ */
+static int wpacket_intern_close(WPACKET *pkt, WPACKET_SUB *sub, int doclose)
+{
+    size_t packlen = pkt->written - sub->pwritten;
+
+    if (packlen == 0
+            && (sub->flags & WPACKET_FLAGS_NON_ZERO_LENGTH) != 0)
+        return 0;
+
+    if (packlen == 0
+            && sub->flags & WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH) {
+        /* We can't handle this case. Return an error */
+        if (!doclose)
+            return 0;
+
+        /* Deallocate any bytes allocated for the length of the WPACKET */
+        if ((pkt->curr - sub->lenbytes) == sub->packet_len) {
+            pkt->written -= sub->lenbytes;
+            pkt->curr -= sub->lenbytes;
+        }
+
+        /* Don't write out the packet length */
+        sub->packet_len = 0;
+        sub->lenbytes = 0;
+    }
+
+    /* Write out the WPACKET length if needed */
+    if (sub->lenbytes > 0
+                && !put_value(&GETBUF(pkt)[sub->packet_len], packlen,
+                              sub->lenbytes))
+            return 0;
+
+    if (doclose) {
+        pkt->subs = sub->parent;
+        OPENSSL_free(sub);
+    }
+
+    return 1;
+}
+
+int WPACKET_fill_lengths(WPACKET *pkt)
+{
+    WPACKET_SUB *sub;
+
+    if (!ossl_assert(pkt->subs != NULL))
+        return 0;
+
+    for (sub = pkt->subs; sub != NULL; sub = sub->parent) {
+        if (!wpacket_intern_close(pkt, sub, 0))
+            return 0;
+    }
+
+    return 1;
+}
+
+int WPACKET_close(WPACKET *pkt)
+{
+    /*
+     * Internal API, so should not fail - but we do negative testing of this
+     * so no assert (otherwise the tests fail)
+     */
+    if (pkt->subs == NULL || pkt->subs->parent == NULL)
+        return 0;
+
+    return wpacket_intern_close(pkt, pkt->subs, 1);
+}
+
+int WPACKET_finish(WPACKET *pkt)
+{
+    int ret;
+
+    /*
+     * Internal API, so should not fail - but we do negative testing of this
+     * so no assert (otherwise the tests fail)
+     */
+    if (pkt->subs == NULL || pkt->subs->parent != NULL)
+        return 0;
+
+    ret = wpacket_intern_close(pkt, pkt->subs, 1);
+    if (ret) {
+        OPENSSL_free(pkt->subs);
+        pkt->subs = NULL;
+    }
+
+    return ret;
+}
+
+int WPACKET_start_sub_packet_len__(WPACKET *pkt, size_t lenbytes)
+{
+    WPACKET_SUB *sub;
+    unsigned char *lenchars;
+
+    /* Internal API, so should not fail */
+    if (!ossl_assert(pkt->subs != NULL))
+        return 0;
+
+    if ((sub = OPENSSL_zalloc(sizeof(*sub))) == NULL) {
+        SSLerr(SSL_F_WPACKET_START_SUB_PACKET_LEN__, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    sub->parent = pkt->subs;
+    pkt->subs = sub;
+    sub->pwritten = pkt->written + lenbytes;
+    sub->lenbytes = lenbytes;
+
+    if (lenbytes == 0) {
+        sub->packet_len = 0;
+        return 1;
+    }
+
+    if (!WPACKET_allocate_bytes(pkt, lenbytes, &lenchars))
+        return 0;
+    /* Convert to an offset in case the underlying BUF_MEM gets realloc'd */
+    sub->packet_len = lenchars - GETBUF(pkt);
+
+    return 1;
+}
+
+int WPACKET_start_sub_packet(WPACKET *pkt)
+{
+    return WPACKET_start_sub_packet_len__(pkt, 0);
+}
+
+int WPACKET_put_bytes__(WPACKET *pkt, unsigned int val, size_t size)
+{
+    unsigned char *data;
+
+    /* Internal API, so should not fail */
+    if (!ossl_assert(size <= sizeof(unsigned int))
+            || !WPACKET_allocate_bytes(pkt, size, &data)
+            || !put_value(data, val, size))
+        return 0;
+
+    return 1;
+}
+
+int WPACKET_set_max_size(WPACKET *pkt, size_t maxsize)
+{
+    WPACKET_SUB *sub;
+    size_t lenbytes;
+
+    /* Internal API, so should not fail */
+    if (!ossl_assert(pkt->subs != NULL))
+        return 0;
+
+    /* Find the WPACKET_SUB for the top level */
+    for (sub = pkt->subs; sub->parent != NULL; sub = sub->parent)
+        continue;
+
+    lenbytes = sub->lenbytes;
+    if (lenbytes == 0)
+        lenbytes = sizeof(pkt->maxsize);
+
+    if (maxmaxsize(lenbytes) < maxsize || maxsize < pkt->written)
+        return 0;
+
+    pkt->maxsize = maxsize;
+
+    return 1;
+}
+
+int WPACKET_memset(WPACKET *pkt, int ch, size_t len)
+{
+    unsigned char *dest;
+
+    if (len == 0)
+        return 1;
+
+    if (!WPACKET_allocate_bytes(pkt, len, &dest))
+        return 0;
+
+    memset(dest, ch, len);
+
+    return 1;
+}
+
+int WPACKET_memcpy(WPACKET *pkt, const void *src, size_t len)
+{
+    unsigned char *dest;
+
+    if (len == 0)
+        return 1;
+
+    if (!WPACKET_allocate_bytes(pkt, len, &dest))
+        return 0;
+
+    memcpy(dest, src, len);
+
+    return 1;
+}
+
+int WPACKET_sub_memcpy__(WPACKET *pkt, const void *src, size_t len,
+                         size_t lenbytes)
+{
+    if (!WPACKET_start_sub_packet_len__(pkt, lenbytes)
+            || !WPACKET_memcpy(pkt, src, len)
+            || !WPACKET_close(pkt))
+        return 0;
+
+    return 1;
+}
+
+int WPACKET_get_total_written(WPACKET *pkt, size_t *written)
+{
+    /* Internal API, so should not fail */
+    if (!ossl_assert(written != NULL))
+        return 0;
+
+    *written = pkt->written;
+
+    return 1;
+}
+
+int WPACKET_get_length(WPACKET *pkt, size_t *len)
+{
+    /* Internal API, so should not fail */
+    if (!ossl_assert(pkt->subs != NULL && len != NULL))
+        return 0;
+
+    *len = pkt->written - pkt->subs->pwritten;
+
+    return 1;
+}
+
+unsigned char *WPACKET_get_curr(WPACKET *pkt)
+{
+    return GETBUF(pkt) + pkt->curr;
+}
+
+void WPACKET_cleanup(WPACKET *pkt)
+{
+    WPACKET_SUB *sub, *parent;
+
+    for (sub = pkt->subs; sub != NULL; sub = parent) {
+        parent = sub->parent;
+        OPENSSL_free(sub);
+    }
+    pkt->subs = NULL;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/packet_locl.h b/trunk/3rdparty/openssl-1.1-fit/ssl/packet_locl.h
new file mode 100644
index 000000000..860360b8b
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/packet_locl.h
@@ -0,0 +1,874 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_PACKET_LOCL_H
+# define HEADER_PACKET_LOCL_H
+
+# include <string.h>
+# include <openssl/bn.h>
+# include <openssl/buffer.h>
+# include <openssl/crypto.h>
+# include <openssl/e_os2.h>
+
+# include "internal/numbers.h"
+
+typedef struct {
+    /* Pointer to where we are currently reading from */
+    const unsigned char *curr;
+    /* Number of bytes remaining */
+    size_t remaining;
+} PACKET;
+
+/* Internal unchecked shorthand; don't use outside this file. */
+static ossl_inline void packet_forward(PACKET *pkt, size_t len)
+{
+    pkt->curr += len;
+    pkt->remaining -= len;
+}
+
+/*
+ * Returns the number of bytes remaining to be read in the PACKET
+ */
+static ossl_inline size_t PACKET_remaining(const PACKET *pkt)
+{
+    return pkt->remaining;
+}
+
+/*
+ * Returns a pointer to the first byte after the packet data.
+ * Useful for integrating with non-PACKET parsing code.
+ * Specifically, we use PACKET_end() to verify that a d2i_... call
+ * has consumed the entire packet contents.
+ */
+static ossl_inline const unsigned char *PACKET_end(const PACKET *pkt)
+{
+    return pkt->curr + pkt->remaining;
+}
+
+/*
+ * Returns a pointer to the PACKET's current position.
+ * For use in non-PACKETized APIs.
+ */
+static ossl_inline const unsigned char *PACKET_data(const PACKET *pkt)
+{
+    return pkt->curr;
+}
+
+/*
+ * Initialise a PACKET with |len| bytes held in |buf|. This does not make a
+ * copy of the data so |buf| must be present for the whole time that the PACKET
+ * is being used.
+ */
+__owur static ossl_inline int PACKET_buf_init(PACKET *pkt,
+                                              const unsigned char *buf,
+                                              size_t len)
+{
+    /* Sanity check for negative values. */
+    if (len > (size_t)(SIZE_MAX / 2))
+        return 0;
+
+    pkt->curr = buf;
+    pkt->remaining = len;
+    return 1;
+}
+
+/* Initialize a PACKET to hold zero bytes. */
+static ossl_inline void PACKET_null_init(PACKET *pkt)
+{
+    pkt->curr = NULL;
+    pkt->remaining = 0;
+}
+
+/*
+ * Returns 1 if the packet has length |num| and its contents equal the |num|
+ * bytes read from |ptr|. Returns 0 otherwise (lengths or contents not equal).
+ * If lengths are equal, performs the comparison in constant time.
+ */
+__owur static ossl_inline int PACKET_equal(const PACKET *pkt, const void *ptr,
+                                           size_t num)
+{
+    if (PACKET_remaining(pkt) != num)
+        return 0;
+    return CRYPTO_memcmp(pkt->curr, ptr, num) == 0;
+}
+
+/*
+ * Peek ahead and initialize |subpkt| with the next |len| bytes read from |pkt|.
+ * Data is not copied: the |subpkt| packet will share its underlying buffer with
+ * the original |pkt|, so data wrapped by |pkt| must outlive the |subpkt|.
+ */
+__owur static ossl_inline int PACKET_peek_sub_packet(const PACKET *pkt,
+                                                     PACKET *subpkt, size_t len)
+{
+    if (PACKET_remaining(pkt) < len)
+        return 0;
+
+    return PACKET_buf_init(subpkt, pkt->curr, len);
+}
+
+/*
+ * Initialize |subpkt| with the next |len| bytes read from |pkt|. Data is not
+ * copied: the |subpkt| packet will share its underlying buffer with the
+ * original |pkt|, so data wrapped by |pkt| must outlive the |subpkt|.
+ */
+__owur static ossl_inline int PACKET_get_sub_packet(PACKET *pkt,
+                                                    PACKET *subpkt, size_t len)
+{
+    if (!PACKET_peek_sub_packet(pkt, subpkt, len))
+        return 0;
+
+    packet_forward(pkt, len);
+
+    return 1;
+}
+
+/*
+ * Peek ahead at 2 bytes in network order from |pkt| and store the value in
+ * |*data|
+ */
+__owur static ossl_inline int PACKET_peek_net_2(const PACKET *pkt,
+                                                unsigned int *data)
+{
+    if (PACKET_remaining(pkt) < 2)
+        return 0;
+
+    *data = ((unsigned int)(*pkt->curr)) << 8;
+    *data |= *(pkt->curr + 1);
+
+    return 1;
+}
+
+/* Equivalent of n2s */
+/* Get 2 bytes in network order from |pkt| and store the value in |*data| */
+__owur static ossl_inline int PACKET_get_net_2(PACKET *pkt, unsigned int *data)
+{
+    if (!PACKET_peek_net_2(pkt, data))
+        return 0;
+
+    packet_forward(pkt, 2);
+
+    return 1;
+}
+
+/* Same as PACKET_get_net_2() but for a size_t */
+__owur static ossl_inline int PACKET_get_net_2_len(PACKET *pkt, size_t *data)
+{
+    unsigned int i;
+    int ret = PACKET_get_net_2(pkt, &i);
+
+    if (ret)
+        *data = (size_t)i;
+
+    return ret;
+}
+
+/*
+ * Peek ahead at 3 bytes in network order from |pkt| and store the value in
+ * |*data|
+ */
+__owur static ossl_inline int PACKET_peek_net_3(const PACKET *pkt,
+                                                unsigned long *data)
+{
+    if (PACKET_remaining(pkt) < 3)
+        return 0;
+
+    *data = ((unsigned long)(*pkt->curr)) << 16;
+    *data |= ((unsigned long)(*(pkt->curr + 1))) << 8;
+    *data |= *(pkt->curr + 2);
+
+    return 1;
+}
+
+/* Equivalent of n2l3 */
+/* Get 3 bytes in network order from |pkt| and store the value in |*data| */
+__owur static ossl_inline int PACKET_get_net_3(PACKET *pkt, unsigned long *data)
+{
+    if (!PACKET_peek_net_3(pkt, data))
+        return 0;
+
+    packet_forward(pkt, 3);
+
+    return 1;
+}
+
+/* Same as PACKET_get_net_3() but for a size_t */
+__owur static ossl_inline int PACKET_get_net_3_len(PACKET *pkt, size_t *data)
+{
+    unsigned long i;
+    int ret = PACKET_get_net_3(pkt, &i);
+
+    if (ret)
+        *data = (size_t)i;
+
+    return ret;
+}
+
+/*
+ * Peek ahead at 4 bytes in network order from |pkt| and store the value in
+ * |*data|
+ */
+__owur static ossl_inline int PACKET_peek_net_4(const PACKET *pkt,
+                                                unsigned long *data)
+{
+    if (PACKET_remaining(pkt) < 4)
+        return 0;
+
+    *data = ((unsigned long)(*pkt->curr)) << 24;
+    *data |= ((unsigned long)(*(pkt->curr + 1))) << 16;
+    *data |= ((unsigned long)(*(pkt->curr + 2))) << 8;
+    *data |= *(pkt->curr + 3);
+
+    return 1;
+}
+
+/* Equivalent of n2l */
+/* Get 4 bytes in network order from |pkt| and store the value in |*data| */
+__owur static ossl_inline int PACKET_get_net_4(PACKET *pkt, unsigned long *data)
+{
+    if (!PACKET_peek_net_4(pkt, data))
+        return 0;
+
+    packet_forward(pkt, 4);
+
+    return 1;
+}
+
+/* Same as PACKET_get_net_4() but for a size_t */
+__owur static ossl_inline int PACKET_get_net_4_len(PACKET *pkt, size_t *data)
+{
+    unsigned long i;
+    int ret = PACKET_get_net_4(pkt, &i);
+
+    if (ret)
+        *data = (size_t)i;
+
+    return ret;
+}
+
+/* Peek ahead at 1 byte from |pkt| and store the value in |*data| */
+__owur static ossl_inline int PACKET_peek_1(const PACKET *pkt,
+                                            unsigned int *data)
+{
+    if (!PACKET_remaining(pkt))
+        return 0;
+
+    *data = *pkt->curr;
+
+    return 1;
+}
+
+/* Get 1 byte from |pkt| and store the value in |*data| */
+__owur static ossl_inline int PACKET_get_1(PACKET *pkt, unsigned int *data)
+{
+    if (!PACKET_peek_1(pkt, data))
+        return 0;
+
+    packet_forward(pkt, 1);
+
+    return 1;
+}
+
+/* Same as PACKET_get_1() but for a size_t */
+__owur static ossl_inline int PACKET_get_1_len(PACKET *pkt, size_t *data)
+{
+    unsigned int i;
+    int ret = PACKET_get_1(pkt, &i);
+
+    if (ret)
+        *data = (size_t)i;
+
+    return ret;
+}
+
+/*
+ * Peek ahead at 4 bytes in reverse network order from |pkt| and store the value
+ * in |*data|
+ */
+__owur static ossl_inline int PACKET_peek_4(const PACKET *pkt,
+                                            unsigned long *data)
+{
+    if (PACKET_remaining(pkt) < 4)
+        return 0;
+
+    *data = *pkt->curr;
+    *data |= ((unsigned long)(*(pkt->curr + 1))) << 8;
+    *data |= ((unsigned long)(*(pkt->curr + 2))) << 16;
+    *data |= ((unsigned long)(*(pkt->curr + 3))) << 24;
+
+    return 1;
+}
+
+/* Equivalent of c2l */
+/*
+ * Get 4 bytes in reverse network order from |pkt| and store the value in
+ * |*data|
+ */
+__owur static ossl_inline int PACKET_get_4(PACKET *pkt, unsigned long *data)
+{
+    if (!PACKET_peek_4(pkt, data))
+        return 0;
+
+    packet_forward(pkt, 4);
+
+    return 1;
+}
+
+/*
+ * Peek ahead at |len| bytes from the |pkt| and store a pointer to them in
+ * |*data|. This just points at the underlying buffer that |pkt| is using. The
+ * caller should not free this data directly (it will be freed when the
+ * underlying buffer gets freed
+ */
+__owur static ossl_inline int PACKET_peek_bytes(const PACKET *pkt,
+                                                const unsigned char **data,
+                                                size_t len)
+{
+    if (PACKET_remaining(pkt) < len)
+        return 0;
+
+    *data = pkt->curr;
+
+    return 1;
+}
+
+/*
+ * Read |len| bytes from the |pkt| and store a pointer to them in |*data|. This
+ * just points at the underlying buffer that |pkt| is using. The caller should
+ * not free this data directly (it will be freed when the underlying buffer gets
+ * freed
+ */
+__owur static ossl_inline int PACKET_get_bytes(PACKET *pkt,
+                                               const unsigned char **data,
+                                               size_t len)
+{
+    if (!PACKET_peek_bytes(pkt, data, len))
+        return 0;
+
+    packet_forward(pkt, len);
+
+    return 1;
+}
+
+/* Peek ahead at |len| bytes from |pkt| and copy them to |data| */
+__owur static ossl_inline int PACKET_peek_copy_bytes(const PACKET *pkt,
+                                                     unsigned char *data,
+                                                     size_t len)
+{
+    if (PACKET_remaining(pkt) < len)
+        return 0;
+
+    memcpy(data, pkt->curr, len);
+
+    return 1;
+}
+
+/*
+ * Read |len| bytes from |pkt| and copy them to |data|.
+ * The caller is responsible for ensuring that |data| can hold |len| bytes.
+ */
+__owur static ossl_inline int PACKET_copy_bytes(PACKET *pkt,
+                                                unsigned char *data, size_t len)
+{
+    if (!PACKET_peek_copy_bytes(pkt, data, len))
+        return 0;
+
+    packet_forward(pkt, len);
+
+    return 1;
+}
+
+/*
+ * Copy packet data to |dest|, and set |len| to the number of copied bytes.
+ * If the packet has more than |dest_len| bytes, nothing is copied.
+ * Returns 1 if the packet data fits in |dest_len| bytes, 0 otherwise.
+ * Does not forward PACKET position (because it is typically the last thing
+ * done with a given PACKET).
+ */
+__owur static ossl_inline int PACKET_copy_all(const PACKET *pkt,
+                                              unsigned char *dest,
+                                              size_t dest_len, size_t *len)
+{
+    if (PACKET_remaining(pkt) > dest_len) {
+        *len = 0;
+        return 0;
+    }
+    *len = pkt->remaining;
+    memcpy(dest, pkt->curr, pkt->remaining);
+    return 1;
+}
+
+/*
+ * Copy |pkt| bytes to a newly allocated buffer and store a pointer to the
+ * result in |*data|, and the length in |len|.
+ * If |*data| is not NULL, the old data is OPENSSL_free'd.
+ * If the packet is empty, or malloc fails, |*data| will be set to NULL.
+ * Returns 1 if the malloc succeeds and 0 otherwise.
+ * Does not forward PACKET position (because it is typically the last thing
+ * done with a given PACKET).
+ */
+__owur static ossl_inline int PACKET_memdup(const PACKET *pkt,
+                                            unsigned char **data, size_t *len)
+{
+    size_t length;
+
+    OPENSSL_free(*data);
+    *data = NULL;
+    *len = 0;
+
+    length = PACKET_remaining(pkt);
+
+    if (length == 0)
+        return 1;
+
+    *data = OPENSSL_memdup(pkt->curr, length);
+    if (*data == NULL)
+        return 0;
+
+    *len = length;
+    return 1;
+}
+
+/*
+ * Read a C string from |pkt| and copy to a newly allocated, NUL-terminated
+ * buffer. Store a pointer to the result in |*data|.
+ * If |*data| is not NULL, the old data is OPENSSL_free'd.
+ * If the data in |pkt| does not contain a NUL-byte, the entire data is
+ * copied and NUL-terminated.
+ * Returns 1 if the malloc succeeds and 0 otherwise.
+ * Does not forward PACKET position (because it is typically the last thing done
+ * with a given PACKET).
+ */
+__owur static ossl_inline int PACKET_strndup(const PACKET *pkt, char **data)
+{
+    OPENSSL_free(*data);
+
+    /* This will succeed on an empty packet, unless pkt->curr == NULL. */
+    *data = OPENSSL_strndup((const char *)pkt->curr, PACKET_remaining(pkt));
+    return (*data != NULL);
+}
+
+/* Returns 1 if |pkt| contains at least one 0-byte, 0 otherwise. */
+static ossl_inline int PACKET_contains_zero_byte(const PACKET *pkt)
+{
+    return memchr(pkt->curr, 0, pkt->remaining) != NULL;
+}
+
+/* Move the current reading position forward |len| bytes */
+__owur static ossl_inline int PACKET_forward(PACKET *pkt, size_t len)
+{
+    if (PACKET_remaining(pkt) < len)
+        return 0;
+
+    packet_forward(pkt, len);
+
+    return 1;
+}
+
+/*
+ * Reads a variable-length vector prefixed with a one-byte length, and stores
+ * the contents in |subpkt|. |pkt| can equal |subpkt|.
+ * Data is not copied: the |subpkt| packet will share its underlying buffer with
+ * the original |pkt|, so data wrapped by |pkt| must outlive the |subpkt|.
+ * Upon failure, the original |pkt| and |subpkt| are not modified.
+ */
+__owur static ossl_inline int PACKET_get_length_prefixed_1(PACKET *pkt,
+                                                           PACKET *subpkt)
+{
+    unsigned int length;
+    const unsigned char *data;
+    PACKET tmp = *pkt;
+    if (!PACKET_get_1(&tmp, &length) ||
+        !PACKET_get_bytes(&tmp, &data, (size_t)length)) {
+        return 0;
+    }
+
+    *pkt = tmp;
+    subpkt->curr = data;
+    subpkt->remaining = length;
+
+    return 1;
+}
+
+/*
+ * Like PACKET_get_length_prefixed_1, but additionally, fails when there are
+ * leftover bytes in |pkt|.
+ */
+__owur static ossl_inline int PACKET_as_length_prefixed_1(PACKET *pkt,
+                                                          PACKET *subpkt)
+{
+    unsigned int length;
+    const unsigned char *data;
+    PACKET tmp = *pkt;
+    if (!PACKET_get_1(&tmp, &length) ||
+        !PACKET_get_bytes(&tmp, &data, (size_t)length) ||
+        PACKET_remaining(&tmp) != 0) {
+        return 0;
+    }
+
+    *pkt = tmp;
+    subpkt->curr = data;
+    subpkt->remaining = length;
+
+    return 1;
+}
+
+/*
+ * Reads a variable-length vector prefixed with a two-byte length, and stores
+ * the contents in |subpkt|. |pkt| can equal |subpkt|.
+ * Data is not copied: the |subpkt| packet will share its underlying buffer with
+ * the original |pkt|, so data wrapped by |pkt| must outlive the |subpkt|.
+ * Upon failure, the original |pkt| and |subpkt| are not modified.
+ */
+__owur static ossl_inline int PACKET_get_length_prefixed_2(PACKET *pkt,
+                                                           PACKET *subpkt)
+{
+    unsigned int length;
+    const unsigned char *data;
+    PACKET tmp = *pkt;
+
+    if (!PACKET_get_net_2(&tmp, &length) ||
+        !PACKET_get_bytes(&tmp, &data, (size_t)length)) {
+        return 0;
+    }
+
+    *pkt = tmp;
+    subpkt->curr = data;
+    subpkt->remaining = length;
+
+    return 1;
+}
+
+/*
+ * Like PACKET_get_length_prefixed_2, but additionally, fails when there are
+ * leftover bytes in |pkt|.
+ */
+__owur static ossl_inline int PACKET_as_length_prefixed_2(PACKET *pkt,
+                                                          PACKET *subpkt)
+{
+    unsigned int length;
+    const unsigned char *data;
+    PACKET tmp = *pkt;
+
+    if (!PACKET_get_net_2(&tmp, &length) ||
+        !PACKET_get_bytes(&tmp, &data, (size_t)length) ||
+        PACKET_remaining(&tmp) != 0) {
+        return 0;
+    }
+
+    *pkt = tmp;
+    subpkt->curr = data;
+    subpkt->remaining = length;
+
+    return 1;
+}
+
+/*
+ * Reads a variable-length vector prefixed with a three-byte length, and stores
+ * the contents in |subpkt|. |pkt| can equal |subpkt|.
+ * Data is not copied: the |subpkt| packet will share its underlying buffer with
+ * the original |pkt|, so data wrapped by |pkt| must outlive the |subpkt|.
+ * Upon failure, the original |pkt| and |subpkt| are not modified.
+ */
+__owur static ossl_inline int PACKET_get_length_prefixed_3(PACKET *pkt,
+                                                           PACKET *subpkt)
+{
+    unsigned long length;
+    const unsigned char *data;
+    PACKET tmp = *pkt;
+    if (!PACKET_get_net_3(&tmp, &length) ||
+        !PACKET_get_bytes(&tmp, &data, (size_t)length)) {
+        return 0;
+    }
+
+    *pkt = tmp;
+    subpkt->curr = data;
+    subpkt->remaining = length;
+
+    return 1;
+}
+
+/* Writeable packets */
+
+typedef struct wpacket_sub WPACKET_SUB;
+struct wpacket_sub {
+    /* The parent WPACKET_SUB if we have one or NULL otherwise */
+    WPACKET_SUB *parent;
+
+    /*
+     * Offset into the buffer where the length of this WPACKET goes. We use an
+     * offset in case the buffer grows and gets reallocated.
+     */
+    size_t packet_len;
+
+    /* Number of bytes in the packet_len or 0 if we don't write the length */
+    size_t lenbytes;
+
+    /* Number of bytes written to the buf prior to this packet starting */
+    size_t pwritten;
+
+    /* Flags for this sub-packet */
+    unsigned int flags;
+};
+
+typedef struct wpacket_st WPACKET;
+struct wpacket_st {
+    /* The buffer where we store the output data */
+    BUF_MEM *buf;
+
+    /* Fixed sized buffer which can be used as an alternative to buf */
+    unsigned char *staticbuf;
+
+    /*
+     * Offset into the buffer where we are currently writing. We use an offset
+     * in case the buffer grows and gets reallocated.
+     */
+    size_t curr;
+
+    /* Number of bytes written so far */
+    size_t written;
+
+    /* Maximum number of bytes we will allow to be written to this WPACKET */
+    size_t maxsize;
+
+    /* Our sub-packets (always at least one if not finished) */
+    WPACKET_SUB *subs;
+};
+
+/* Flags */
+
+/* Default */
+#define WPACKET_FLAGS_NONE                      0
+
+/* Error on WPACKET_close() if no data written to the WPACKET */
+#define WPACKET_FLAGS_NON_ZERO_LENGTH           1
+
+/*
+ * Abandon all changes on WPACKET_close() if no data written to the WPACKET,
+ * i.e. this does not write out a zero packet length
+ */
+#define WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH    2
+
+
+/*
+ * Initialise a WPACKET with the buffer in |buf|. The buffer must exist
+ * for the whole time that the WPACKET is being used. Additionally |lenbytes| of
+ * data is preallocated at the start of the buffer to store the length of the
+ * WPACKET once we know it.
+ */
+int WPACKET_init_len(WPACKET *pkt, BUF_MEM *buf, size_t lenbytes);
+
+/*
+ * Same as WPACKET_init_len except there is no preallocation of the WPACKET
+ * length.
+ */
+int WPACKET_init(WPACKET *pkt, BUF_MEM *buf);
+
+/*
+ * Same as WPACKET_init_len except we do not use a growable BUF_MEM structure.
+ * A fixed buffer of memory |buf| of size |len| is used instead. A failure will
+ * occur if you attempt to write beyond the end of the buffer
+ */
+int WPACKET_init_static_len(WPACKET *pkt, unsigned char *buf, size_t len,
+                            size_t lenbytes);
+/*
+ * Set the flags to be applied to the current sub-packet
+ */
+int WPACKET_set_flags(WPACKET *pkt, unsigned int flags);
+
+/*
+ * Closes the most recent sub-packet. It also writes out the length of the
+ * packet to the required location (normally the start of the WPACKET) if
+ * appropriate. The top level WPACKET should be closed using WPACKET_finish()
+ * instead of this function.
+ */
+int WPACKET_close(WPACKET *pkt);
+
+/*
+ * The same as WPACKET_close() but only for the top most WPACKET. Additionally
+ * frees memory resources for this WPACKET.
+ */
+int WPACKET_finish(WPACKET *pkt);
+
+/*
+ * Iterate through all the sub-packets and write out their lengths as if they
+ * were being closed. The lengths will be overwritten with the final lengths
+ * when the sub-packets are eventually closed (which may be different if more
+ * data is added to the WPACKET). This function fails if a sub-packet is of 0
+ * length and WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH is set.
+ */
+int WPACKET_fill_lengths(WPACKET *pkt);
+
+/*
+ * Initialise a new sub-packet. Additionally |lenbytes| of data is preallocated
+ * at the start of the sub-packet to store its length once we know it. Don't
+ * call this directly. Use the convenience macros below instead.
+ */
+int WPACKET_start_sub_packet_len__(WPACKET *pkt, size_t lenbytes);
+
+/*
+ * Convenience macros for calling WPACKET_start_sub_packet_len with different
+ * lengths
+ */
+#define WPACKET_start_sub_packet_u8(pkt) \
+    WPACKET_start_sub_packet_len__((pkt), 1)
+#define WPACKET_start_sub_packet_u16(pkt) \
+    WPACKET_start_sub_packet_len__((pkt), 2)
+#define WPACKET_start_sub_packet_u24(pkt) \
+    WPACKET_start_sub_packet_len__((pkt), 3)
+#define WPACKET_start_sub_packet_u32(pkt) \
+    WPACKET_start_sub_packet_len__((pkt), 4)
+
+/*
+ * Same as WPACKET_start_sub_packet_len__() except no bytes are pre-allocated
+ * for the sub-packet length.
+ */
+int WPACKET_start_sub_packet(WPACKET *pkt);
+
+/*
+ * Allocate bytes in the WPACKET for the output. This reserves the bytes
+ * and counts them as "written", but doesn't actually do the writing. A pointer
+ * to the allocated bytes is stored in |*allocbytes|. |allocbytes| may be NULL.
+ * WARNING: the allocated bytes must be filled in immediately, without further
+ * WPACKET_* calls. If not then the underlying buffer may be realloc'd and
+ * change its location.
+ */
+int WPACKET_allocate_bytes(WPACKET *pkt, size_t len,
+                           unsigned char **allocbytes);
+
+/*
+ * The same as WPACKET_allocate_bytes() except additionally a new sub-packet is
+ * started for the allocated bytes, and then closed immediately afterwards. The
+ * number of length bytes for the sub-packet is in |lenbytes|. Don't call this
+ * directly. Use the convenience macros below instead.
+ */
+int WPACKET_sub_allocate_bytes__(WPACKET *pkt, size_t len,
+                                 unsigned char **allocbytes, size_t lenbytes);
+
+/*
+ * Convenience macros for calling WPACKET_sub_allocate_bytes with different
+ * lengths
+ */
+#define WPACKET_sub_allocate_bytes_u8(pkt, len, bytes) \
+    WPACKET_sub_allocate_bytes__((pkt), (len), (bytes), 1)
+#define WPACKET_sub_allocate_bytes_u16(pkt, len, bytes) \
+    WPACKET_sub_allocate_bytes__((pkt), (len), (bytes), 2)
+#define WPACKET_sub_allocate_bytes_u24(pkt, len, bytes) \
+    WPACKET_sub_allocate_bytes__((pkt), (len), (bytes), 3)
+#define WPACKET_sub_allocate_bytes_u32(pkt, len, bytes) \
+    WPACKET_sub_allocate_bytes__((pkt), (len), (bytes), 4)
+
+/*
+ * The same as WPACKET_allocate_bytes() except the reserved bytes are not
+ * actually counted as written. Typically this will be for when we don't know
+ * how big arbitrary data is going to be up front, but we do know what the
+ * maximum size will be. If this function is used, then it should be immediately
+ * followed by a WPACKET_allocate_bytes() call before any other WPACKET
+ * functions are called (unless the write to the allocated bytes is abandoned).
+ *
+ * For example: If we are generating a signature, then the size of that
+ * signature may not be known in advance. We can use WPACKET_reserve_bytes() to
+ * handle this:
+ *
+ *  if (!WPACKET_sub_reserve_bytes_u16(&pkt, EVP_PKEY_size(pkey), &sigbytes1)
+ *          || EVP_SignFinal(md_ctx, sigbytes1, &siglen, pkey) <= 0
+ *          || !WPACKET_sub_allocate_bytes_u16(&pkt, siglen, &sigbytes2)
+ *          || sigbytes1 != sigbytes2)
+ *      goto err;
+ */
+int WPACKET_reserve_bytes(WPACKET *pkt, size_t len, unsigned char **allocbytes);
+
+/*
+ * The "reserve_bytes" equivalent of WPACKET_sub_allocate_bytes__()
+ */
+int WPACKET_sub_reserve_bytes__(WPACKET *pkt, size_t len,
+                                 unsigned char **allocbytes, size_t lenbytes);
+
+/*
+ * Convenience macros for  WPACKET_sub_reserve_bytes with different lengths
+ */
+#define WPACKET_sub_reserve_bytes_u8(pkt, len, bytes) \
+    WPACKET_reserve_bytes__((pkt), (len), (bytes), 1)
+#define WPACKET_sub_reserve_bytes_u16(pkt, len, bytes) \
+    WPACKET_sub_reserve_bytes__((pkt), (len), (bytes), 2)
+#define WPACKET_sub_reserve_bytes_u24(pkt, len, bytes) \
+    WPACKET_sub_reserve_bytes__((pkt), (len), (bytes), 3)
+#define WPACKET_sub_reserve_bytes_u32(pkt, len, bytes) \
+    WPACKET_sub_reserve_bytes__((pkt), (len), (bytes), 4)
+
+/*
+ * Write the value stored in |val| into the WPACKET. The value will consume
+ * |bytes| amount of storage. An error will occur if |val| cannot be
+ * accommodated in |bytes| storage, e.g. attempting to write the value 256 into
+ * 1 byte will fail. Don't call this directly. Use the convenience macros below
+ * instead.
+ */
+int WPACKET_put_bytes__(WPACKET *pkt, unsigned int val, size_t bytes);
+
+/*
+ * Convenience macros for calling WPACKET_put_bytes with different
+ * lengths
+ */
+#define WPACKET_put_bytes_u8(pkt, val) \
+    WPACKET_put_bytes__((pkt), (val), 1)
+#define WPACKET_put_bytes_u16(pkt, val) \
+    WPACKET_put_bytes__((pkt), (val), 2)
+#define WPACKET_put_bytes_u24(pkt, val) \
+    WPACKET_put_bytes__((pkt), (val), 3)
+#define WPACKET_put_bytes_u32(pkt, val) \
+    WPACKET_put_bytes__((pkt), (val), 4)
+
+/* Set a maximum size that we will not allow the WPACKET to grow beyond */
+int WPACKET_set_max_size(WPACKET *pkt, size_t maxsize);
+
+/* Copy |len| bytes of data from |*src| into the WPACKET. */
+int WPACKET_memcpy(WPACKET *pkt, const void *src, size_t len);
+
+/* Set |len| bytes of data to |ch| into the WPACKET. */
+int WPACKET_memset(WPACKET *pkt, int ch, size_t len);
+
+/*
+ * Copy |len| bytes of data from |*src| into the WPACKET and prefix with its
+ * length (consuming |lenbytes| of data for the length). Don't call this
+ * directly. Use the convenience macros below instead.
+ */
+int WPACKET_sub_memcpy__(WPACKET *pkt, const void *src, size_t len,
+                       size_t lenbytes);
+
+/* Convenience macros for calling WPACKET_sub_memcpy with different lengths */
+#define WPACKET_sub_memcpy_u8(pkt, src, len) \
+    WPACKET_sub_memcpy__((pkt), (src), (len), 1)
+#define WPACKET_sub_memcpy_u16(pkt, src, len) \
+    WPACKET_sub_memcpy__((pkt), (src), (len), 2)
+#define WPACKET_sub_memcpy_u24(pkt, src, len) \
+    WPACKET_sub_memcpy__((pkt), (src), (len), 3)
+#define WPACKET_sub_memcpy_u32(pkt, src, len) \
+    WPACKET_sub_memcpy__((pkt), (src), (len), 4)
+
+/*
+ * Return the total number of bytes written so far to the underlying buffer
+ * including any storage allocated for length bytes
+ */
+int WPACKET_get_total_written(WPACKET *pkt, size_t *written);
+
+/*
+ * Returns the length of the current sub-packet. This excludes any bytes
+ * allocated for the length itself.
+ */
+int WPACKET_get_length(WPACKET *pkt, size_t *len);
+
+/*
+ * Returns a pointer to the current write location, but does not allocate any
+ * bytes.
+ */
+unsigned char *WPACKET_get_curr(WPACKET *pkt);
+
+/* Release resources in a WPACKET if a failure has occurred. */
+void WPACKET_cleanup(WPACKET *pkt);
+
+#endif                          /* HEADER_PACKET_LOCL_H */
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/pqueue.c b/trunk/3rdparty/openssl-1.1-fit/ssl/pqueue.c
new file mode 100644
index 000000000..548a7a443
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/pqueue.c
@@ -0,0 +1,158 @@
+/*
+ * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "ssl_locl.h"
+#include <openssl/bn.h>
+
+struct pqueue_st {
+    pitem *items;
+    int count;
+};
+
+pitem *pitem_new(unsigned char *prio64be, void *data)
+{
+    pitem *item = OPENSSL_malloc(sizeof(*item));
+
+    if (item == NULL) {
+        SSLerr(SSL_F_PITEM_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    memcpy(item->priority, prio64be, sizeof(item->priority));
+    item->data = data;
+    item->next = NULL;
+    return item;
+}
+
+void pitem_free(pitem *item)
+{
+    OPENSSL_free(item);
+}
+
+pqueue *pqueue_new(void)
+{
+    pqueue *pq = OPENSSL_zalloc(sizeof(*pq));
+
+    if (pq == NULL)
+        SSLerr(SSL_F_PQUEUE_NEW, ERR_R_MALLOC_FAILURE);
+
+    return pq;
+}
+
+void pqueue_free(pqueue *pq)
+{
+    OPENSSL_free(pq);
+}
+
+pitem *pqueue_insert(pqueue *pq, pitem *item)
+{
+    pitem *curr, *next;
+
+    if (pq->items == NULL) {
+        pq->items = item;
+        return item;
+    }
+
+    for (curr = NULL, next = pq->items;
+         next != NULL; curr = next, next = next->next) {
+        /*
+         * we can compare 64-bit value in big-endian encoding with memcmp:-)
+         */
+        int cmp = memcmp(next->priority, item->priority, 8);
+        if (cmp > 0) {          /* next > item */
+            item->next = next;
+
+            if (curr == NULL)
+                pq->items = item;
+            else
+                curr->next = item;
+
+            return item;
+        }
+
+        else if (cmp == 0)      /* duplicates not allowed */
+            return NULL;
+    }
+
+    item->next = NULL;
+    curr->next = item;
+
+    return item;
+}
+
+pitem *pqueue_peek(pqueue *pq)
+{
+    return pq->items;
+}
+
+pitem *pqueue_pop(pqueue *pq)
+{
+    pitem *item = pq->items;
+
+    if (pq->items != NULL)
+        pq->items = pq->items->next;
+
+    return item;
+}
+
+pitem *pqueue_find(pqueue *pq, unsigned char *prio64be)
+{
+    pitem *next;
+    pitem *found = NULL;
+
+    if (pq->items == NULL)
+        return NULL;
+
+    for (next = pq->items; next->next != NULL; next = next->next) {
+        if (memcmp(next->priority, prio64be, 8) == 0) {
+            found = next;
+            break;
+        }
+    }
+
+    /* check the one last node */
+    if (memcmp(next->priority, prio64be, 8) == 0)
+        found = next;
+
+    if (!found)
+        return NULL;
+
+    return found;
+}
+
+pitem *pqueue_iterator(pqueue *pq)
+{
+    return pqueue_peek(pq);
+}
+
+pitem *pqueue_next(piterator *item)
+{
+    pitem *ret;
+
+    if (item == NULL || *item == NULL)
+        return NULL;
+
+    /* *item != NULL */
+    ret = *item;
+    *item = (*item)->next;
+
+    return ret;
+}
+
+size_t pqueue_size(pqueue *pq)
+{
+    pitem *item = pq->items;
+    size_t count = 0;
+
+    while (item != NULL) {
+        count++;
+        item = item->next;
+    }
+    return count;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/record/README b/trunk/3rdparty/openssl-1.1-fit/ssl/record/README
new file mode 100644
index 000000000..987e9fd30
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/record/README
@@ -0,0 +1,74 @@
+Record Layer Design
+===================
+
+This file provides some guidance on the thinking behind the design of the
+record layer code to aid future maintenance.
+
+The record layer is divided into a number of components. At the time of writing
+there are four: SSL3_RECORD, SSL3_BUFFER, DLTS1_BITMAP and RECORD_LAYER. Each
+of these components is defined by:
+1) A struct definition of the same name as the component
+2) A set of source files that define the functions for that component
+3) A set of accessor macros
+
+All struct definitions are in record.h. The functions and macros are either
+defined in record.h or record_locl.h dependent on whether they are intended to
+be private to the record layer, or whether they form part of the API to the rest
+of libssl.
+
+The source files map to components as follows:
+
+dtls1_bitmap.c                                   -> DTLS1_BITMAP component
+ssl3_buffer.c                                    -> SSL3_BUFFER component
+ssl3_record.c                                    -> SSL3_RECORD component
+rec_layer_s3.c, rec_layer_d1.c                   -> RECORD_LAYER component
+
+The RECORD_LAYER component is a facade pattern, i.e. it provides a simplified
+interface to the record layer for the rest of libssl. The other 3 components are
+entirely private to the record layer and therefore should never be accessed
+directly by libssl.
+
+Any component can directly access its own members - they are private to that
+component, e.g. ssl3_buffer.c can access members of the SSL3_BUFFER struct
+without using a macro. No component can directly access the members of another
+component, e.g. ssl3_buffer cannot reach inside the RECORD_LAYER component to
+directly access its members. Instead components use accessor macros, so if code
+in ssl3_buffer.c wants to access the members of the RECORD_LAYER it uses the
+RECORD_LAYER_* macros.
+
+Conceptually it looks like this:
+
+                        libssl
+                           |
+---------------------------|-----record.h--------------------------------------
+                           |
+                    _______V______________
+                   |                      |
+                   |    RECORD_LAYER      |
+                   |                      |
+                   |    rec_layer_s3.c    |
+                   |          ^           |
+                   | _________|__________ |
+                   ||                    ||
+                   || DTLS1_RECORD_LAYER ||
+                   ||                    ||
+                   || rec_layer_d1.c     ||
+                   ||____________________||
+                   |______________________|
+        record_locl.h     ^   ^   ^
+         _________________|   |   |_________________
+        |                     |                     |
+   _____V_________      ______V________      _______V________
+  |               |    |               |    |                |
+  | SSL3_BUFFER   |    | SSL3_RECORD   |    | DTLS1_BITMAP   |
+  |               |--->|               |    |                |
+  | ssl3_buffer.c |    | ssl3_record.c |    | dtls1_bitmap.c |
+  |_______________|    |_______________|    |________________|
+
+
+The two RECORD_LAYER source files build on each other, i.e.
+the main one is rec_layer_s3.c which provides the core SSL/TLS layer. The second
+one is rec_layer_d1.c which builds off of the SSL/TLS code to provide DTLS
+specific capabilities. It uses some DTLS specific RECORD_LAYER component members
+which should only be accessed from rec_layer_d1.c. These are held in the
+DTLS1_RECORD_LAYER struct.
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/record/dtls1_bitmap.c b/trunk/3rdparty/openssl-1.1-fit/ssl/record/dtls1_bitmap.c
new file mode 100644
index 000000000..5923c5371
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/record/dtls1_bitmap.c
@@ -0,0 +1,78 @@
+/*
+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "../ssl_locl.h"
+#include "record_locl.h"
+
+/* mod 128 saturating subtract of two 64-bit values in big-endian order */
+static int satsub64be(const unsigned char *v1, const unsigned char *v2)
+{
+    int64_t ret;
+    uint64_t l1, l2;
+
+    n2l8(v1, l1);
+    n2l8(v2, l2);
+
+    ret = l1 - l2;
+
+    /* We do not permit wrap-around */
+    if (l1 > l2 && ret < 0)
+        return 128;
+    else if (l2 > l1 && ret > 0)
+        return -128;
+
+    if (ret > 128)
+        return 128;
+    else if (ret < -128)
+        return -128;
+    else
+        return (int)ret;
+}
+
+int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap)
+{
+    int cmp;
+    unsigned int shift;
+    const unsigned char *seq = s->rlayer.read_sequence;
+
+    cmp = satsub64be(seq, bitmap->max_seq_num);
+    if (cmp > 0) {
+        SSL3_RECORD_set_seq_num(RECORD_LAYER_get_rrec(&s->rlayer), seq);
+        return 1;               /* this record in new */
+    }
+    shift = -cmp;
+    if (shift >= sizeof(bitmap->map) * 8)
+        return 0;               /* stale, outside the window */
+    else if (bitmap->map & (1UL << shift))
+        return 0;               /* record previously received */
+
+    SSL3_RECORD_set_seq_num(RECORD_LAYER_get_rrec(&s->rlayer), seq);
+    return 1;
+}
+
+void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap)
+{
+    int cmp;
+    unsigned int shift;
+    const unsigned char *seq = RECORD_LAYER_get_read_sequence(&s->rlayer);
+
+    cmp = satsub64be(seq, bitmap->max_seq_num);
+    if (cmp > 0) {
+        shift = cmp;
+        if (shift < sizeof(bitmap->map) * 8)
+            bitmap->map <<= shift, bitmap->map |= 1UL;
+        else
+            bitmap->map = 1UL;
+        memcpy(bitmap->max_seq_num, seq, SEQ_NUM_SIZE);
+    } else {
+        shift = -cmp;
+        if (shift < sizeof(bitmap->map) * 8)
+            bitmap->map |= 1UL << shift;
+    }
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/record/rec_layer_d1.c b/trunk/3rdparty/openssl-1.1-fit/ssl/record/rec_layer_d1.c
new file mode 100644
index 000000000..cb5d54ef5
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/record/rec_layer_d1.c
@@ -0,0 +1,1059 @@
+/*
+ * Copyright 2005-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "../ssl_locl.h"
+#include <openssl/evp.h>
+#include <openssl/buffer.h>
+#include "record_locl.h"
+#include "../packet_locl.h"
+#include "internal/cryptlib.h"
+
+int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl)
+{
+    DTLS_RECORD_LAYER *d;
+
+    if ((d = OPENSSL_malloc(sizeof(*d))) == NULL) {
+        SSLerr(SSL_F_DTLS_RECORD_LAYER_NEW, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    rl->d = d;
+
+    d->unprocessed_rcds.q = pqueue_new();
+    d->processed_rcds.q = pqueue_new();
+    d->buffered_app_data.q = pqueue_new();
+
+    if (d->unprocessed_rcds.q == NULL || d->processed_rcds.q == NULL
+        || d->buffered_app_data.q == NULL) {
+        pqueue_free(d->unprocessed_rcds.q);
+        pqueue_free(d->processed_rcds.q);
+        pqueue_free(d->buffered_app_data.q);
+        OPENSSL_free(d);
+        rl->d = NULL;
+        return 0;
+    }
+
+    return 1;
+}
+
+void DTLS_RECORD_LAYER_free(RECORD_LAYER *rl)
+{
+    DTLS_RECORD_LAYER_clear(rl);
+    pqueue_free(rl->d->unprocessed_rcds.q);
+    pqueue_free(rl->d->processed_rcds.q);
+    pqueue_free(rl->d->buffered_app_data.q);
+    OPENSSL_free(rl->d);
+    rl->d = NULL;
+}
+
+void DTLS_RECORD_LAYER_clear(RECORD_LAYER *rl)
+{
+    DTLS_RECORD_LAYER *d;
+    pitem *item = NULL;
+    DTLS1_RECORD_DATA *rdata;
+    pqueue *unprocessed_rcds;
+    pqueue *processed_rcds;
+    pqueue *buffered_app_data;
+
+    d = rl->d;
+
+    while ((item = pqueue_pop(d->unprocessed_rcds.q)) != NULL) {
+        rdata = (DTLS1_RECORD_DATA *)item->data;
+        OPENSSL_free(rdata->rbuf.buf);
+        OPENSSL_free(item->data);
+        pitem_free(item);
+    }
+
+    while ((item = pqueue_pop(d->processed_rcds.q)) != NULL) {
+        rdata = (DTLS1_RECORD_DATA *)item->data;
+        OPENSSL_free(rdata->rbuf.buf);
+        OPENSSL_free(item->data);
+        pitem_free(item);
+    }
+
+    while ((item = pqueue_pop(d->buffered_app_data.q)) != NULL) {
+        rdata = (DTLS1_RECORD_DATA *)item->data;
+        OPENSSL_free(rdata->rbuf.buf);
+        OPENSSL_free(item->data);
+        pitem_free(item);
+    }
+
+    unprocessed_rcds = d->unprocessed_rcds.q;
+    processed_rcds = d->processed_rcds.q;
+    buffered_app_data = d->buffered_app_data.q;
+    memset(d, 0, sizeof(*d));
+    d->unprocessed_rcds.q = unprocessed_rcds;
+    d->processed_rcds.q = processed_rcds;
+    d->buffered_app_data.q = buffered_app_data;
+}
+
+void DTLS_RECORD_LAYER_set_saved_w_epoch(RECORD_LAYER *rl, unsigned short e)
+{
+    if (e == rl->d->w_epoch - 1) {
+        memcpy(rl->d->curr_write_sequence,
+               rl->write_sequence, sizeof(rl->write_sequence));
+        memcpy(rl->write_sequence,
+               rl->d->last_write_sequence, sizeof(rl->write_sequence));
+    } else if (e == rl->d->w_epoch + 1) {
+        memcpy(rl->d->last_write_sequence,
+               rl->write_sequence, sizeof(unsigned char[8]));
+        memcpy(rl->write_sequence,
+               rl->d->curr_write_sequence, sizeof(rl->write_sequence));
+    }
+    rl->d->w_epoch = e;
+}
+
+void DTLS_RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, unsigned char *seq)
+{
+    memcpy(rl->write_sequence, seq, SEQ_NUM_SIZE);
+}
+
+/* copy buffered record into SSL structure */
+static int dtls1_copy_record(SSL *s, pitem *item)
+{
+    DTLS1_RECORD_DATA *rdata;
+
+    rdata = (DTLS1_RECORD_DATA *)item->data;
+
+    SSL3_BUFFER_release(&s->rlayer.rbuf);
+
+    s->rlayer.packet = rdata->packet;
+    s->rlayer.packet_length = rdata->packet_length;
+    memcpy(&s->rlayer.rbuf, &(rdata->rbuf), sizeof(SSL3_BUFFER));
+    memcpy(&s->rlayer.rrec, &(rdata->rrec), sizeof(SSL3_RECORD));
+
+    /* Set proper sequence number for mac calculation */
+    memcpy(&(s->rlayer.read_sequence[2]), &(rdata->packet[5]), 6);
+
+    return 1;
+}
+
+int dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
+{
+    DTLS1_RECORD_DATA *rdata;
+    pitem *item;
+
+    /* Limit the size of the queue to prevent DOS attacks */
+    if (pqueue_size(queue->q) >= 100)
+        return 0;
+
+    rdata = OPENSSL_malloc(sizeof(*rdata));
+    item = pitem_new(priority, rdata);
+    if (rdata == NULL || item == NULL) {
+        OPENSSL_free(rdata);
+        pitem_free(item);
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_BUFFER_RECORD,
+                 ERR_R_INTERNAL_ERROR);
+        return -1;
+    }
+
+    rdata->packet = s->rlayer.packet;
+    rdata->packet_length = s->rlayer.packet_length;
+    memcpy(&(rdata->rbuf), &s->rlayer.rbuf, sizeof(SSL3_BUFFER));
+    memcpy(&(rdata->rrec), &s->rlayer.rrec, sizeof(SSL3_RECORD));
+
+    item->data = rdata;
+
+#ifndef OPENSSL_NO_SCTP
+    /* Store bio_dgram_sctp_rcvinfo struct */
+    if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
+        (SSL_get_state(s) == TLS_ST_SR_FINISHED
+         || SSL_get_state(s) == TLS_ST_CR_FINISHED)) {
+        BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_GET_RCVINFO,
+                 sizeof(rdata->recordinfo), &rdata->recordinfo);
+    }
+#endif
+
+    s->rlayer.packet = NULL;
+    s->rlayer.packet_length = 0;
+    memset(&s->rlayer.rbuf, 0, sizeof(s->rlayer.rbuf));
+    memset(&s->rlayer.rrec, 0, sizeof(s->rlayer.rrec));
+
+    if (!ssl3_setup_buffers(s)) {
+        /* SSLfatal() already called */
+        OPENSSL_free(rdata->rbuf.buf);
+        OPENSSL_free(rdata);
+        pitem_free(item);
+        return -1;
+    }
+
+    if (pqueue_insert(queue->q, item) == NULL) {
+        /* Must be a duplicate so ignore it */
+        OPENSSL_free(rdata->rbuf.buf);
+        OPENSSL_free(rdata);
+        pitem_free(item);
+    }
+
+    return 1;
+}
+
+int dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue)
+{
+    pitem *item;
+
+    item = pqueue_pop(queue->q);
+    if (item) {
+        dtls1_copy_record(s, item);
+
+        OPENSSL_free(item->data);
+        pitem_free(item);
+
+        return 1;
+    }
+
+    return 0;
+}
+
+/*
+ * retrieve a buffered record that belongs to the new epoch, i.e., not
+ * processed yet
+ */
+#define dtls1_get_unprocessed_record(s) \
+                   dtls1_retrieve_buffered_record((s), \
+                   &((s)->rlayer.d->unprocessed_rcds))
+
+int dtls1_process_buffered_records(SSL *s)
+{
+    pitem *item;
+    SSL3_BUFFER *rb;
+    SSL3_RECORD *rr;
+    DTLS1_BITMAP *bitmap;
+    unsigned int is_next_epoch;
+    int replayok = 1;
+
+    item = pqueue_peek(s->rlayer.d->unprocessed_rcds.q);
+    if (item) {
+        /* Check if epoch is current. */
+        if (s->rlayer.d->unprocessed_rcds.epoch != s->rlayer.d->r_epoch)
+            return 1;         /* Nothing to do. */
+
+        rr = RECORD_LAYER_get_rrec(&s->rlayer);
+
+        rb = RECORD_LAYER_get_rbuf(&s->rlayer);
+
+        if (SSL3_BUFFER_get_left(rb) > 0) {
+            /*
+             * We've still got data from the current packet to read. There could
+             * be a record from the new epoch in it - so don't overwrite it
+             * with the unprocessed records yet (we'll do it when we've
+             * finished reading the current packet).
+             */
+            return 1;
+        }
+
+        /* Process all the records. */
+        while (pqueue_peek(s->rlayer.d->unprocessed_rcds.q)) {
+            dtls1_get_unprocessed_record(s);
+            bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);
+            if (bitmap == NULL) {
+                /*
+                 * Should not happen. This will only ever be NULL when the
+                 * current record is from a different epoch. But that cannot
+                 * be the case because we already checked the epoch above
+                 */
+                 SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                          SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS,
+                          ERR_R_INTERNAL_ERROR);
+                 return 0;
+            }
+#ifndef OPENSSL_NO_SCTP
+            /* Only do replay check if no SCTP bio */
+            if (!BIO_dgram_is_sctp(SSL_get_rbio(s)))
+#endif
+            {
+                /*
+                 * Check whether this is a repeat, or aged record. We did this
+                 * check once already when we first received the record - but
+                 * we might have updated the window since then due to
+                 * records we subsequently processed.
+                 */
+                replayok = dtls1_record_replay_check(s, bitmap);
+            }
+
+            if (!replayok || !dtls1_process_record(s, bitmap)) {
+                if (ossl_statem_in_error(s)) {
+                    /* dtls1_process_record called SSLfatal() */
+                    return -1;
+                }
+                /* dump this record */
+                rr->length = 0;
+                RECORD_LAYER_reset_packet_length(&s->rlayer);
+                continue;
+            }
+
+            if (dtls1_buffer_record(s, &(s->rlayer.d->processed_rcds),
+                    SSL3_RECORD_get_seq_num(s->rlayer.rrec)) < 0) {
+                /* SSLfatal() already called */
+                return 0;
+            }
+        }
+    }
+
+    /*
+     * sync epoch numbers once all the unprocessed records have been
+     * processed
+     */
+    s->rlayer.d->processed_rcds.epoch = s->rlayer.d->r_epoch;
+    s->rlayer.d->unprocessed_rcds.epoch = s->rlayer.d->r_epoch + 1;
+
+    return 1;
+}
+
+/*-
+ * Return up to 'len' payload bytes received in 'type' records.
+ * 'type' is one of the following:
+ *
+ *   -  SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)
+ *   -  SSL3_RT_APPLICATION_DATA (when ssl3_read calls us)
+ *   -  0 (during a shutdown, no data has to be returned)
+ *
+ * If we don't have stored data to work from, read a SSL/TLS record first
+ * (possibly multiple records if we still don't have anything to return).
+ *
+ * This function must handle any surprises the peer may have for us, such as
+ * Alert records (e.g. close_notify) or renegotiation requests. ChangeCipherSpec
+ * messages are treated as if they were handshake messages *if* the |recd_type|
+ * argument is non NULL.
+ * Also if record payloads contain fragments too small to process, we store
+ * them until there is enough for the respective protocol (the record protocol
+ * may use arbitrary fragmentation and even interleaving):
+ *     Change cipher spec protocol
+ *             just 1 byte needed, no need for keeping anything stored
+ *     Alert protocol
+ *             2 bytes needed (AlertLevel, AlertDescription)
+ *     Handshake protocol
+ *             4 bytes needed (HandshakeType, uint24 length) -- we just have
+ *             to detect unexpected Client Hello and Hello Request messages
+ *             here, anything else is handled by higher layers
+ *     Application data protocol
+ *             none of our business
+ */
+int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
+                     size_t len, int peek, size_t *readbytes)
+{
+    int i, j, iret;
+    size_t n;
+    SSL3_RECORD *rr;
+    void (*cb) (const SSL *ssl, int type2, int val) = NULL;
+
+    if (!SSL3_BUFFER_is_initialised(&s->rlayer.rbuf)) {
+        /* Not initialized yet */
+        if (!ssl3_setup_buffers(s)) {
+            /* SSLfatal() already called */
+            return -1;
+        }
+    }
+
+    if ((type && (type != SSL3_RT_APPLICATION_DATA) &&
+         (type != SSL3_RT_HANDSHAKE)) ||
+        (peek && (type != SSL3_RT_APPLICATION_DATA))) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_READ_BYTES,
+                 ERR_R_INTERNAL_ERROR);
+        return -1;
+    }
+
+    if (!ossl_statem_get_in_handshake(s) && SSL_in_init(s)) {
+        /* type == SSL3_RT_APPLICATION_DATA */
+        i = s->handshake_func(s);
+        /* SSLfatal() already called if appropriate */
+        if (i < 0)
+            return i;
+        if (i == 0)
+            return -1;
+    }
+
+ start:
+    s->rwstate = SSL_NOTHING;
+
+    /*-
+     * s->s3->rrec.type         - is the type of record
+     * s->s3->rrec.data,    - data
+     * s->s3->rrec.off,     - offset into 'data' for next read
+     * s->s3->rrec.length,  - number of bytes.
+     */
+    rr = s->rlayer.rrec;
+
+    /*
+     * We are not handshaking and have no data yet, so process data buffered
+     * during the last handshake in advance, if any.
+     */
+    if (SSL_is_init_finished(s) && SSL3_RECORD_get_length(rr) == 0) {
+        pitem *item;
+        item = pqueue_pop(s->rlayer.d->buffered_app_data.q);
+        if (item) {
+#ifndef OPENSSL_NO_SCTP
+            /* Restore bio_dgram_sctp_rcvinfo struct */
+            if (BIO_dgram_is_sctp(SSL_get_rbio(s))) {
+                DTLS1_RECORD_DATA *rdata = (DTLS1_RECORD_DATA *)item->data;
+                BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_SET_RCVINFO,
+                         sizeof(rdata->recordinfo), &rdata->recordinfo);
+            }
+#endif
+
+            dtls1_copy_record(s, item);
+
+            OPENSSL_free(item->data);
+            pitem_free(item);
+        }
+    }
+
+    /* Check for timeout */
+    if (dtls1_handle_timeout(s) > 0) {
+        goto start;
+    } else if (ossl_statem_in_error(s)) {
+        /* dtls1_handle_timeout() has failed with a fatal error */
+        return -1;
+    }
+
+    /* get new packet if necessary */
+    if ((SSL3_RECORD_get_length(rr) == 0)
+        || (s->rlayer.rstate == SSL_ST_READ_BODY)) {
+        RECORD_LAYER_set_numrpipes(&s->rlayer, 0);
+        iret = dtls1_get_record(s);
+        if (iret <= 0) {
+            iret = dtls1_read_failed(s, iret);
+            /*
+             * Anything other than a timeout is an error. SSLfatal() already
+             * called if appropriate.
+             */
+            if (iret <= 0)
+                return iret;
+            else
+                goto start;
+        }
+        RECORD_LAYER_set_numrpipes(&s->rlayer, 1);
+    }
+
+    /*
+     * Reset the count of consecutive warning alerts if we've got a non-empty
+     * record that isn't an alert.
+     */
+    if (SSL3_RECORD_get_type(rr) != SSL3_RT_ALERT
+            && SSL3_RECORD_get_length(rr) != 0)
+        s->rlayer.alert_count = 0;
+
+    /* we now have a packet which can be read and processed */
+
+    if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
+                                   * reset by ssl3_get_finished */
+        && (SSL3_RECORD_get_type(rr) != SSL3_RT_HANDSHAKE)) {
+        /*
+         * We now have application data between CCS and Finished. Most likely
+         * the packets were reordered on their way, so buffer the application
+         * data for later processing rather than dropping the connection.
+         */
+        if (dtls1_buffer_record(s, &(s->rlayer.d->buffered_app_data),
+                                SSL3_RECORD_get_seq_num(rr)) < 0) {
+            /* SSLfatal() already called */
+            return -1;
+        }
+        SSL3_RECORD_set_length(rr, 0);
+        SSL3_RECORD_set_read(rr);
+        goto start;
+    }
+
+    /*
+     * If the other end has shut down, throw anything we read away (even in
+     * 'peek' mode)
+     */
+    if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
+        SSL3_RECORD_set_length(rr, 0);
+        SSL3_RECORD_set_read(rr);
+        s->rwstate = SSL_NOTHING;
+        return 0;
+    }
+
+    if (type == SSL3_RECORD_get_type(rr)
+        || (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC
+            && type == SSL3_RT_HANDSHAKE && recvd_type != NULL)) {
+        /*
+         * SSL3_RT_APPLICATION_DATA or
+         * SSL3_RT_HANDSHAKE or
+         * SSL3_RT_CHANGE_CIPHER_SPEC
+         */
+        /*
+         * make sure that we are not getting application data when we are
+         * doing a handshake for the first time
+         */
+        if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
+            (s->enc_read_ctx == NULL)) {
+            SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_DTLS1_READ_BYTES,
+                     SSL_R_APP_DATA_IN_HANDSHAKE);
+            return -1;
+        }
+
+        if (recvd_type != NULL)
+            *recvd_type = SSL3_RECORD_get_type(rr);
+
+        if (len == 0) {
+            /*
+             * Mark a zero length record as read. This ensures multiple calls to
+             * SSL_read() with a zero length buffer will eventually cause
+             * SSL_pending() to report data as being available.
+             */
+            if (SSL3_RECORD_get_length(rr) == 0)
+                SSL3_RECORD_set_read(rr);
+            return 0;
+        }
+
+        if (len > SSL3_RECORD_get_length(rr))
+            n = SSL3_RECORD_get_length(rr);
+        else
+            n = len;
+
+        memcpy(buf, &(SSL3_RECORD_get_data(rr)[SSL3_RECORD_get_off(rr)]), n);
+        if (peek) {
+            if (SSL3_RECORD_get_length(rr) == 0)
+                SSL3_RECORD_set_read(rr);
+        } else {
+            SSL3_RECORD_sub_length(rr, n);
+            SSL3_RECORD_add_off(rr, n);
+            if (SSL3_RECORD_get_length(rr) == 0) {
+                s->rlayer.rstate = SSL_ST_READ_HEADER;
+                SSL3_RECORD_set_off(rr, 0);
+                SSL3_RECORD_set_read(rr);
+            }
+        }
+#ifndef OPENSSL_NO_SCTP
+        /*
+         * We might had to delay a close_notify alert because of reordered
+         * app data. If there was an alert and there is no message to read
+         * anymore, finally set shutdown.
+         */
+        if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
+            s->d1->shutdown_received
+            && !BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
+            s->shutdown |= SSL_RECEIVED_SHUTDOWN;
+            return 0;
+        }
+#endif
+        *readbytes = n;
+        return 1;
+    }
+
+    /*
+     * If we get here, then type != rr->type; if we have a handshake message,
+     * then it was unexpected (Hello Request or Client Hello).
+     */
+
+    if (SSL3_RECORD_get_type(rr) == SSL3_RT_ALERT) {
+        unsigned int alert_level, alert_descr;
+        unsigned char *alert_bytes = SSL3_RECORD_get_data(rr)
+                                     + SSL3_RECORD_get_off(rr);
+        PACKET alert;
+
+        if (!PACKET_buf_init(&alert, alert_bytes, SSL3_RECORD_get_length(rr))
+                || !PACKET_get_1(&alert, &alert_level)
+                || !PACKET_get_1(&alert, &alert_descr)
+                || PACKET_remaining(&alert) != 0) {
+            SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_DTLS1_READ_BYTES,
+                     SSL_R_INVALID_ALERT);
+            return -1;
+        }
+
+        if (s->msg_callback)
+            s->msg_callback(0, s->version, SSL3_RT_ALERT, alert_bytes, 2, s,
+                            s->msg_callback_arg);
+
+        if (s->info_callback != NULL)
+            cb = s->info_callback;
+        else if (s->ctx->info_callback != NULL)
+            cb = s->ctx->info_callback;
+
+        if (cb != NULL) {
+            j = (alert_level << 8) | alert_descr;
+            cb(s, SSL_CB_READ_ALERT, j);
+        }
+
+        if (alert_level == SSL3_AL_WARNING) {
+            s->s3->warn_alert = alert_descr;
+            SSL3_RECORD_set_read(rr);
+
+            s->rlayer.alert_count++;
+            if (s->rlayer.alert_count == MAX_WARN_ALERT_COUNT) {
+                SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_DTLS1_READ_BYTES,
+                         SSL_R_TOO_MANY_WARN_ALERTS);
+                return -1;
+            }
+
+            if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
+#ifndef OPENSSL_NO_SCTP
+                /*
+                 * With SCTP and streams the socket may deliver app data
+                 * after a close_notify alert. We have to check this first so
+                 * that nothing gets discarded.
+                 */
+                if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
+                    BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
+                    s->d1->shutdown_received = 1;
+                    s->rwstate = SSL_READING;
+                    BIO_clear_retry_flags(SSL_get_rbio(s));
+                    BIO_set_retry_read(SSL_get_rbio(s));
+                    return -1;
+                }
+#endif
+                s->shutdown |= SSL_RECEIVED_SHUTDOWN;
+                return 0;
+            }
+        } else if (alert_level == SSL3_AL_FATAL) {
+            char tmp[16];
+
+            s->rwstate = SSL_NOTHING;
+            s->s3->fatal_alert = alert_descr;
+            SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_DTLS1_READ_BYTES,
+                     SSL_AD_REASON_OFFSET + alert_descr);
+            BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr);
+            ERR_add_error_data(2, "SSL alert number ", tmp);
+            s->shutdown |= SSL_RECEIVED_SHUTDOWN;
+            SSL3_RECORD_set_read(rr);
+            SSL_CTX_remove_session(s->session_ctx, s->session);
+            return 0;
+        } else {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_DTLS1_READ_BYTES,
+                     SSL_R_UNKNOWN_ALERT_TYPE);
+            return -1;
+        }
+
+        goto start;
+    }
+
+    if (s->shutdown & SSL_SENT_SHUTDOWN) { /* but we have not received a
+                                            * shutdown */
+        s->rwstate = SSL_NOTHING;
+        SSL3_RECORD_set_length(rr, 0);
+        SSL3_RECORD_set_read(rr);
+        return 0;
+    }
+
+    if (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC) {
+        /*
+         * We can't process a CCS now, because previous handshake messages
+         * are still missing, so just drop it.
+         */
+        SSL3_RECORD_set_length(rr, 0);
+        SSL3_RECORD_set_read(rr);
+        goto start;
+    }
+
+    /*
+     * Unexpected handshake message (Client Hello, or protocol violation)
+     */
+    if ((SSL3_RECORD_get_type(rr) == SSL3_RT_HANDSHAKE) &&
+            !ossl_statem_get_in_handshake(s)) {
+        struct hm_header_st msg_hdr;
+
+        /*
+         * This may just be a stale retransmit. Also sanity check that we have
+         * at least enough record bytes for a message header
+         */
+        if (SSL3_RECORD_get_epoch(rr) != s->rlayer.d->r_epoch
+                || SSL3_RECORD_get_length(rr) < DTLS1_HM_HEADER_LENGTH) {
+            SSL3_RECORD_set_length(rr, 0);
+            SSL3_RECORD_set_read(rr);
+            goto start;
+        }
+
+        dtls1_get_message_header(rr->data, &msg_hdr);
+
+        /*
+         * If we are server, we may have a repeated FINISHED of the client
+         * here, then retransmit our CCS and FINISHED.
+         */
+        if (msg_hdr.type == SSL3_MT_FINISHED) {
+            if (dtls1_check_timeout_num(s) < 0) {
+                /* SSLfatal) already called */
+                return -1;
+            }
+
+            if (dtls1_retransmit_buffered_messages(s) <= 0) {
+                /* Fail if we encountered a fatal error */
+                if (ossl_statem_in_error(s))
+                    return -1;
+            }
+            SSL3_RECORD_set_length(rr, 0);
+            SSL3_RECORD_set_read(rr);
+            if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
+                if (SSL3_BUFFER_get_left(&s->rlayer.rbuf) == 0) {
+                    /* no read-ahead left? */
+                    BIO *bio;
+
+                    s->rwstate = SSL_READING;
+                    bio = SSL_get_rbio(s);
+                    BIO_clear_retry_flags(bio);
+                    BIO_set_retry_read(bio);
+                    return -1;
+                }
+            }
+            goto start;
+        }
+
+        /*
+         * To get here we must be trying to read app data but found handshake
+         * data. But if we're trying to read app data, and we're not in init
+         * (which is tested for at the top of this function) then init must be
+         * finished
+         */
+        if (!ossl_assert(SSL_is_init_finished(s))) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_READ_BYTES,
+                     ERR_R_INTERNAL_ERROR);
+            return -1;
+        }
+
+        /* We found handshake data, so we're going back into init */
+        ossl_statem_set_in_init(s, 1);
+
+        i = s->handshake_func(s);
+        /* SSLfatal() called if appropriate */
+        if (i < 0)
+            return i;
+        if (i == 0)
+            return -1;
+
+        if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
+            if (SSL3_BUFFER_get_left(&s->rlayer.rbuf) == 0) {
+                /* no read-ahead left? */
+                BIO *bio;
+                /*
+                 * In the case where we try to read application data, but we
+                 * trigger an SSL handshake, we return -1 with the retry
+                 * option set.  Otherwise renegotiation may cause nasty
+                 * problems in the blocking world
+                 */
+                s->rwstate = SSL_READING;
+                bio = SSL_get_rbio(s);
+                BIO_clear_retry_flags(bio);
+                BIO_set_retry_read(bio);
+                return -1;
+            }
+        }
+        goto start;
+    }
+
+    switch (SSL3_RECORD_get_type(rr)) {
+    default:
+        SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_DTLS1_READ_BYTES,
+                 SSL_R_UNEXPECTED_RECORD);
+        return -1;
+    case SSL3_RT_CHANGE_CIPHER_SPEC:
+    case SSL3_RT_ALERT:
+    case SSL3_RT_HANDSHAKE:
+        /*
+         * we already handled all of these, with the possible exception of
+         * SSL3_RT_HANDSHAKE when ossl_statem_get_in_handshake(s) is true, but
+         * that should not happen when type != rr->type
+         */
+        SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_DTLS1_READ_BYTES,
+                 ERR_R_INTERNAL_ERROR);
+        return -1;
+    case SSL3_RT_APPLICATION_DATA:
+        /*
+         * At this point, we were expecting handshake data, but have
+         * application data.  If the library was running inside ssl3_read()
+         * (i.e. in_read_app_data is set) and it makes sense to read
+         * application data at this point (session renegotiation not yet
+         * started), we will indulge it.
+         */
+        if (s->s3->in_read_app_data &&
+            (s->s3->total_renegotiations != 0) &&
+            ossl_statem_app_data_allowed(s)) {
+            s->s3->in_read_app_data = 2;
+            return -1;
+        } else {
+            SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_DTLS1_READ_BYTES,
+                     SSL_R_UNEXPECTED_RECORD);
+            return -1;
+        }
+    }
+    /* not reached */
+}
+
+/*
+ * Call this to write data in records of type 'type' It will return <= 0 if
+ * not all data has been sent or non-blocking IO.
+ */
+int dtls1_write_bytes(SSL *s, int type, const void *buf, size_t len,
+                      size_t *written)
+{
+    int i;
+
+    if (!ossl_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_WRITE_BYTES,
+                 ERR_R_INTERNAL_ERROR);
+        return -1;
+    }
+    s->rwstate = SSL_NOTHING;
+    i = do_dtls1_write(s, type, buf, len, 0, written);
+    return i;
+}
+
+int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
+                   size_t len, int create_empty_fragment, size_t *written)
+{
+    unsigned char *p, *pseq;
+    int i, mac_size, clear = 0;
+    size_t prefix_len = 0;
+    int eivlen;
+    SSL3_RECORD wr;
+    SSL3_BUFFER *wb;
+    SSL_SESSION *sess;
+
+    wb = &s->rlayer.wbuf[0];
+
+    /*
+     * first check if there is a SSL3_BUFFER still being written out.  This
+     * will happen with non blocking IO
+     */
+    if (!ossl_assert(SSL3_BUFFER_get_left(wb) == 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    /* If we have an alert to send, lets send it */
+    if (s->s3->alert_dispatch) {
+        i = s->method->ssl_dispatch_alert(s);
+        if (i <= 0)
+            return i;
+        /* if it went, fall through and send more stuff */
+    }
+
+    if (len == 0 && !create_empty_fragment)
+        return 0;
+
+    if (len > ssl_get_max_send_fragment(s)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE,
+                 SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE);
+        return 0;
+    }
+
+    sess = s->session;
+
+    if ((sess == NULL) ||
+        (s->enc_write_ctx == NULL) || (EVP_MD_CTX_md(s->write_hash) == NULL))
+        clear = 1;
+
+    if (clear)
+        mac_size = 0;
+    else {
+        mac_size = EVP_MD_CTX_size(s->write_hash);
+        if (mac_size < 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE,
+                     SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE);
+            return -1;
+        }
+    }
+
+    p = SSL3_BUFFER_get_buf(wb) + prefix_len;
+
+    /* write the header */
+
+    *(p++) = type & 0xff;
+    SSL3_RECORD_set_type(&wr, type);
+    /*
+     * Special case: for hello verify request, client version 1.0 and we
+     * haven't decided which version to use yet send back using version 1.0
+     * header: otherwise some clients will ignore it.
+     */
+    if (s->method->version == DTLS_ANY_VERSION &&
+        s->max_proto_version != DTLS1_BAD_VER) {
+        *(p++) = DTLS1_VERSION >> 8;
+        *(p++) = DTLS1_VERSION & 0xff;
+    } else {
+        *(p++) = s->version >> 8;
+        *(p++) = s->version & 0xff;
+    }
+
+    /* field where we are to write out packet epoch, seq num and len */
+    pseq = p;
+    p += 10;
+
+    /* Explicit IV length, block ciphers appropriate version flag */
+    if (s->enc_write_ctx) {
+        int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx);
+        if (mode == EVP_CIPH_CBC_MODE) {
+            eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx);
+            if (eivlen <= 1)
+                eivlen = 0;
+        }
+        /* Need explicit part of IV for GCM mode */
+        else if (mode == EVP_CIPH_GCM_MODE)
+            eivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN;
+        else if (mode == EVP_CIPH_CCM_MODE)
+            eivlen = EVP_CCM_TLS_EXPLICIT_IV_LEN;
+        else
+            eivlen = 0;
+    } else
+        eivlen = 0;
+
+    /* lets setup the record stuff. */
+    SSL3_RECORD_set_data(&wr, p + eivlen); /* make room for IV in case of CBC */
+    SSL3_RECORD_set_length(&wr, len);
+    SSL3_RECORD_set_input(&wr, (unsigned char *)buf);
+
+    /*
+     * we now 'read' from wr.input, wr.length bytes into wr.data
+     */
+
+    /* first we compress */
+    if (s->compress != NULL) {
+        if (!ssl3_do_compress(s, &wr)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE,
+                     SSL_R_COMPRESSION_FAILURE);
+            return -1;
+        }
+    } else {
+        memcpy(SSL3_RECORD_get_data(&wr), SSL3_RECORD_get_input(&wr),
+               SSL3_RECORD_get_length(&wr));
+        SSL3_RECORD_reset_input(&wr);
+    }
+
+    /*
+     * we should still have the output to wr.data and the input from
+     * wr.input.  Length should be wr.length. wr.data still points in the
+     * wb->buf
+     */
+
+    if (!SSL_WRITE_ETM(s) && mac_size != 0) {
+        if (!s->method->ssl3_enc->mac(s, &wr,
+                                      &(p[SSL3_RECORD_get_length(&wr) + eivlen]),
+                                      1)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE,
+                     ERR_R_INTERNAL_ERROR);
+            return -1;
+        }
+        SSL3_RECORD_add_length(&wr, mac_size);
+    }
+
+    /* this is true regardless of mac size */
+    SSL3_RECORD_set_data(&wr, p);
+    SSL3_RECORD_reset_input(&wr);
+
+    if (eivlen)
+        SSL3_RECORD_add_length(&wr, eivlen);
+
+    if (s->method->ssl3_enc->enc(s, &wr, 1, 1) < 1) {
+        if (!ossl_statem_in_error(s)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE,
+                     ERR_R_INTERNAL_ERROR);
+        }
+        return -1;
+    }
+
+    if (SSL_WRITE_ETM(s) && mac_size != 0) {
+        if (!s->method->ssl3_enc->mac(s, &wr,
+                                      &(p[SSL3_RECORD_get_length(&wr)]), 1)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE,
+                     ERR_R_INTERNAL_ERROR);
+            return -1;
+        }
+        SSL3_RECORD_add_length(&wr, mac_size);
+    }
+
+    /* record length after mac and block padding */
+
+    /* there's only one epoch between handshake and app data */
+
+    s2n(s->rlayer.d->w_epoch, pseq);
+
+    memcpy(pseq, &(s->rlayer.write_sequence[2]), 6);
+    pseq += 6;
+    s2n(SSL3_RECORD_get_length(&wr), pseq);
+
+    if (s->msg_callback)
+        s->msg_callback(1, 0, SSL3_RT_HEADER, pseq - DTLS1_RT_HEADER_LENGTH,
+                        DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg);
+
+    /*
+     * we should now have wr.data pointing to the encrypted data, which is
+     * wr->length long
+     */
+    SSL3_RECORD_set_type(&wr, type); /* not needed but helps for debugging */
+    SSL3_RECORD_add_length(&wr, DTLS1_RT_HEADER_LENGTH);
+
+    ssl3_record_sequence_update(&(s->rlayer.write_sequence[0]));
+
+    if (create_empty_fragment) {
+        /*
+         * we are in a recursive call; just return the length, don't write
+         * out anything here
+         */
+        *written = wr.length;
+        return 1;
+    }
+
+    /* now let's set up wb */
+    SSL3_BUFFER_set_left(wb, prefix_len + SSL3_RECORD_get_length(&wr));
+    SSL3_BUFFER_set_offset(wb, 0);
+
+    /*
+     * memorize arguments so that ssl3_write_pending can detect bad write
+     * retries later
+     */
+    s->rlayer.wpend_tot = len;
+    s->rlayer.wpend_buf = buf;
+    s->rlayer.wpend_type = type;
+    s->rlayer.wpend_ret = len;
+
+    /* we now just need to write the buffer. Calls SSLfatal() as required. */
+    return ssl3_write_pending(s, type, buf, len, written);
+}
+
+DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,
+                               unsigned int *is_next_epoch)
+{
+
+    *is_next_epoch = 0;
+
+    /* In current epoch, accept HM, CCS, DATA, & ALERT */
+    if (rr->epoch == s->rlayer.d->r_epoch)
+        return &s->rlayer.d->bitmap;
+
+    /*
+     * Only HM and ALERT messages can be from the next epoch and only if we
+     * have already processed all of the unprocessed records from the last
+     * epoch
+     */
+    else if (rr->epoch == (unsigned long)(s->rlayer.d->r_epoch + 1) &&
+             s->rlayer.d->unprocessed_rcds.epoch != s->rlayer.d->r_epoch &&
+             (rr->type == SSL3_RT_HANDSHAKE || rr->type == SSL3_RT_ALERT)) {
+        *is_next_epoch = 1;
+        return &s->rlayer.d->next_bitmap;
+    }
+
+    return NULL;
+}
+
+void dtls1_reset_seq_numbers(SSL *s, int rw)
+{
+    unsigned char *seq;
+    unsigned int seq_bytes = sizeof(s->rlayer.read_sequence);
+
+    if (rw & SSL3_CC_READ) {
+        seq = s->rlayer.read_sequence;
+        s->rlayer.d->r_epoch++;
+        memcpy(&s->rlayer.d->bitmap, &s->rlayer.d->next_bitmap,
+               sizeof(s->rlayer.d->bitmap));
+        memset(&s->rlayer.d->next_bitmap, 0, sizeof(s->rlayer.d->next_bitmap));
+
+        /*
+         * We must not use any buffered messages received from the previous
+         * epoch
+         */
+        dtls1_clear_received_buffer(s);
+    } else {
+        seq = s->rlayer.write_sequence;
+        memcpy(s->rlayer.d->last_write_sequence, seq,
+               sizeof(s->rlayer.write_sequence));
+        s->rlayer.d->w_epoch++;
+    }
+
+    memset(seq, 0, seq_bytes);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/record/rec_layer_s3.c b/trunk/3rdparty/openssl-1.1-fit/ssl/record/rec_layer_s3.c
new file mode 100644
index 000000000..b2f97ef90
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/record/rec_layer_s3.c
@@ -0,0 +1,1771 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <limits.h>
+#include <errno.h>
+#include "../ssl_locl.h"
+#include <openssl/evp.h>
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include "record_locl.h"
+#include "../packet_locl.h"
+
+#if     defined(OPENSSL_SMALL_FOOTPRINT) || \
+        !(      defined(AES_ASM) &&     ( \
+                defined(__x86_64)       || defined(__x86_64__)  || \
+                defined(_M_AMD64)       || defined(_M_X64)      ) \
+        )
+# undef EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
+# define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0
+#endif
+
+void RECORD_LAYER_init(RECORD_LAYER *rl, SSL *s)
+{
+    rl->s = s;
+    RECORD_LAYER_set_first_record(&s->rlayer);
+    SSL3_RECORD_clear(rl->rrec, SSL_MAX_PIPELINES);
+}
+
+void RECORD_LAYER_clear(RECORD_LAYER *rl)
+{
+    rl->rstate = SSL_ST_READ_HEADER;
+
+    /*
+     * Do I need to clear read_ahead? As far as I can tell read_ahead did not
+     * previously get reset by SSL_clear...so I'll keep it that way..but is
+     * that right?
+     */
+
+    rl->packet = NULL;
+    rl->packet_length = 0;
+    rl->wnum = 0;
+    memset(rl->handshake_fragment, 0, sizeof(rl->handshake_fragment));
+    rl->handshake_fragment_len = 0;
+    rl->wpend_tot = 0;
+    rl->wpend_type = 0;
+    rl->wpend_ret = 0;
+    rl->wpend_buf = NULL;
+
+    SSL3_BUFFER_clear(&rl->rbuf);
+    ssl3_release_write_buffer(rl->s);
+    rl->numrpipes = 0;
+    SSL3_RECORD_clear(rl->rrec, SSL_MAX_PIPELINES);
+
+    RECORD_LAYER_reset_read_sequence(rl);
+    RECORD_LAYER_reset_write_sequence(rl);
+
+    if (rl->d)
+        DTLS_RECORD_LAYER_clear(rl);
+}
+
+void RECORD_LAYER_release(RECORD_LAYER *rl)
+{
+    if (SSL3_BUFFER_is_initialised(&rl->rbuf))
+        ssl3_release_read_buffer(rl->s);
+    if (rl->numwpipes > 0)
+        ssl3_release_write_buffer(rl->s);
+    SSL3_RECORD_release(rl->rrec, SSL_MAX_PIPELINES);
+}
+
+/* Checks if we have unprocessed read ahead data pending */
+int RECORD_LAYER_read_pending(const RECORD_LAYER *rl)
+{
+    return SSL3_BUFFER_get_left(&rl->rbuf) != 0;
+}
+
+/* Checks if we have decrypted unread record data pending */
+int RECORD_LAYER_processed_read_pending(const RECORD_LAYER *rl)
+{
+    size_t curr_rec = 0, num_recs = RECORD_LAYER_get_numrpipes(rl);
+    const SSL3_RECORD *rr = rl->rrec;
+
+    while (curr_rec < num_recs && SSL3_RECORD_is_read(&rr[curr_rec]))
+        curr_rec++;
+
+    return curr_rec < num_recs;
+}
+
+int RECORD_LAYER_write_pending(const RECORD_LAYER *rl)
+{
+    return (rl->numwpipes > 0)
+        && SSL3_BUFFER_get_left(&rl->wbuf[rl->numwpipes - 1]) != 0;
+}
+
+void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl)
+{
+    memset(rl->read_sequence, 0, sizeof(rl->read_sequence));
+}
+
+void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl)
+{
+    memset(rl->write_sequence, 0, sizeof(rl->write_sequence));
+}
+
+size_t ssl3_pending(const SSL *s)
+{
+    size_t i, num = 0;
+
+    if (s->rlayer.rstate == SSL_ST_READ_BODY)
+        return 0;
+
+    for (i = 0; i < RECORD_LAYER_get_numrpipes(&s->rlayer); i++) {
+        if (SSL3_RECORD_get_type(&s->rlayer.rrec[i])
+            != SSL3_RT_APPLICATION_DATA)
+            return 0;
+        num += SSL3_RECORD_get_length(&s->rlayer.rrec[i]);
+    }
+
+    return num;
+}
+
+void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len)
+{
+    ctx->default_read_buf_len = len;
+}
+
+void SSL_set_default_read_buffer_len(SSL *s, size_t len)
+{
+    SSL3_BUFFER_set_default_len(RECORD_LAYER_get_rbuf(&s->rlayer), len);
+}
+
+const char *SSL_rstate_string_long(const SSL *s)
+{
+    switch (s->rlayer.rstate) {
+    case SSL_ST_READ_HEADER:
+        return "read header";
+    case SSL_ST_READ_BODY:
+        return "read body";
+    case SSL_ST_READ_DONE:
+        return "read done";
+    default:
+        return "unknown";
+    }
+}
+
+const char *SSL_rstate_string(const SSL *s)
+{
+    switch (s->rlayer.rstate) {
+    case SSL_ST_READ_HEADER:
+        return "RH";
+    case SSL_ST_READ_BODY:
+        return "RB";
+    case SSL_ST_READ_DONE:
+        return "RD";
+    default:
+        return "unknown";
+    }
+}
+
+/*
+ * Return values are as per SSL_read()
+ */
+int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold,
+                size_t *readbytes)
+{
+    /*
+     * If extend == 0, obtain new n-byte packet; if extend == 1, increase
+     * packet by another n bytes. The packet will be in the sub-array of
+     * s->s3->rbuf.buf specified by s->packet and s->packet_length. (If
+     * s->rlayer.read_ahead is set, 'max' bytes may be stored in rbuf [plus
+     * s->packet_length bytes if extend == 1].)
+     * if clearold == 1, move the packet to the start of the buffer; if
+     * clearold == 0 then leave any old packets where they were
+     */
+    size_t len, left, align = 0;
+    unsigned char *pkt;
+    SSL3_BUFFER *rb;
+
+    if (n == 0)
+        return 0;
+
+    rb = &s->rlayer.rbuf;
+    if (rb->buf == NULL)
+        if (!ssl3_setup_read_buffer(s)) {
+            /* SSLfatal() already called */
+            return -1;
+        }
+
+    left = rb->left;
+#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
+    align = (size_t)rb->buf + SSL3_RT_HEADER_LENGTH;
+    align = SSL3_ALIGN_PAYLOAD - 1 - ((align - 1) % SSL3_ALIGN_PAYLOAD);
+#endif
+
+    if (!extend) {
+        /* start with empty packet ... */
+        if (left == 0)
+            rb->offset = align;
+        else if (align != 0 && left >= SSL3_RT_HEADER_LENGTH) {
+            /*
+             * check if next packet length is large enough to justify payload
+             * alignment...
+             */
+            pkt = rb->buf + rb->offset;
+            if (pkt[0] == SSL3_RT_APPLICATION_DATA
+                && (pkt[3] << 8 | pkt[4]) >= 128) {
+                /*
+                 * Note that even if packet is corrupted and its length field
+                 * is insane, we can only be led to wrong decision about
+                 * whether memmove will occur or not. Header values has no
+                 * effect on memmove arguments and therefore no buffer
+                 * overrun can be triggered.
+                 */
+                memmove(rb->buf + align, pkt, left);
+                rb->offset = align;
+            }
+        }
+        s->rlayer.packet = rb->buf + rb->offset;
+        s->rlayer.packet_length = 0;
+        /* ... now we can act as if 'extend' was set */
+    }
+
+    len = s->rlayer.packet_length;
+    pkt = rb->buf + align;
+    /*
+     * Move any available bytes to front of buffer: 'len' bytes already
+     * pointed to by 'packet', 'left' extra ones at the end
+     */
+    if (s->rlayer.packet != pkt && clearold == 1) {
+        memmove(pkt, s->rlayer.packet, len + left);
+        s->rlayer.packet = pkt;
+        rb->offset = len + align;
+    }
+
+    /*
+     * For DTLS/UDP reads should not span multiple packets because the read
+     * operation returns the whole packet at once (as long as it fits into
+     * the buffer).
+     */
+    if (SSL_IS_DTLS(s)) {
+        if (left == 0 && extend)
+            return 0;
+        if (left > 0 && n > left)
+            n = left;
+    }
+
+    /* if there is enough in the buffer from a previous read, take some */
+    if (left >= n) {
+        s->rlayer.packet_length += n;
+        rb->left = left - n;
+        rb->offset += n;
+        *readbytes = n;
+        return 1;
+    }
+
+    /* else we need to read more data */
+
+    if (n > rb->len - rb->offset) {
+        /* does not happen */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_N,
+                 ERR_R_INTERNAL_ERROR);
+        return -1;
+    }
+
+    /* We always act like read_ahead is set for DTLS */
+    if (!s->rlayer.read_ahead && !SSL_IS_DTLS(s))
+        /* ignore max parameter */
+        max = n;
+    else {
+        if (max < n)
+            max = n;
+        if (max > rb->len - rb->offset)
+            max = rb->len - rb->offset;
+    }
+
+    while (left < n) {
+        size_t bioread = 0;
+        int ret;
+
+        /*
+         * Now we have len+left bytes at the front of s->s3->rbuf.buf and
+         * need to read in more until we have len+n (up to len+max if
+         * possible)
+         */
+
+        clear_sys_error();
+        if (s->rbio != NULL) {
+            s->rwstate = SSL_READING;
+            /* TODO(size_t): Convert this function */
+            ret = BIO_read(s->rbio, pkt + len + left, max - left);
+            if (ret >= 0)
+                bioread = ret;
+        } else {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_N,
+                     SSL_R_READ_BIO_NOT_SET);
+            ret = -1;
+        }
+
+        if (ret <= 0) {
+            rb->left = left;
+            if (s->mode & SSL_MODE_RELEASE_BUFFERS && !SSL_IS_DTLS(s))
+                if (len + left == 0)
+                    ssl3_release_read_buffer(s);
+            return ret;
+        }
+        left += bioread;
+        /*
+         * reads should *never* span multiple packets for DTLS because the
+         * underlying transport protocol is message oriented as opposed to
+         * byte oriented as in the TLS case.
+         */
+        if (SSL_IS_DTLS(s)) {
+            if (n > left)
+                n = left;       /* makes the while condition false */
+        }
+    }
+
+    /* done reading, now the book-keeping */
+    rb->offset += n;
+    rb->left = left - n;
+    s->rlayer.packet_length += n;
+    s->rwstate = SSL_NOTHING;
+    *readbytes = n;
+    return 1;
+}
+
+/*
+ * Call this to write data in records of type 'type' It will return <= 0 if
+ * not all data has been sent or non-blocking IO.
+ */
+int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
+                     size_t *written)
+{
+    const unsigned char *buf = buf_;
+    size_t tot;
+    size_t n, max_send_fragment, split_send_fragment, maxpipes;
+#if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
+    size_t nw;
+#endif
+    SSL3_BUFFER *wb = &s->rlayer.wbuf[0];
+    int i;
+    size_t tmpwrit;
+
+    s->rwstate = SSL_NOTHING;
+    tot = s->rlayer.wnum;
+    /*
+     * ensure that if we end up with a smaller value of data to write out
+     * than the original len from a write which didn't complete for
+     * non-blocking I/O and also somehow ended up avoiding the check for
+     * this in ssl3_write_pending/SSL_R_BAD_WRITE_RETRY as it must never be
+     * possible to end up with (len-tot) as a large number that will then
+     * promptly send beyond the end of the users buffer ... so we trap and
+     * report the error in a way the user will notice
+     */
+    if ((len < s->rlayer.wnum)
+        || ((wb->left != 0) && (len < (s->rlayer.wnum + s->rlayer.wpend_tot)))) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_WRITE_BYTES,
+                 SSL_R_BAD_LENGTH);
+        return -1;
+    }
+
+    if (s->early_data_state == SSL_EARLY_DATA_WRITING
+            && !early_data_count_ok(s, len, 0, 1)) {
+        /* SSLfatal() already called */
+        return -1;
+    }
+
+    s->rlayer.wnum = 0;
+
+    /*
+     * When writing early data on the server side we could be "in_init" in
+     * between receiving the EoED and the CF - but we don't want to handle those
+     * messages yet.
+     */
+    if (SSL_in_init(s) && !ossl_statem_get_in_handshake(s)
+            && s->early_data_state != SSL_EARLY_DATA_UNAUTH_WRITING) {
+        i = s->handshake_func(s);
+        /* SSLfatal() already called */
+        if (i < 0)
+            return i;
+        if (i == 0) {
+            return -1;
+        }
+    }
+
+    /*
+     * first check if there is a SSL3_BUFFER still being written out.  This
+     * will happen with non blocking IO
+     */
+    if (wb->left != 0) {
+        /* SSLfatal() already called if appropriate */
+        i = ssl3_write_pending(s, type, &buf[tot], s->rlayer.wpend_tot,
+                               &tmpwrit);
+        if (i <= 0) {
+            /* XXX should we ssl3_release_write_buffer if i<0? */
+            s->rlayer.wnum = tot;
+            return i;
+        }
+        tot += tmpwrit;               /* this might be last fragment */
+    }
+#if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
+    /*
+     * Depending on platform multi-block can deliver several *times*
+     * better performance. Downside is that it has to allocate
+     * jumbo buffer to accommodate up to 8 records, but the
+     * compromise is considered worthy.
+     */
+    if (type == SSL3_RT_APPLICATION_DATA &&
+        len >= 4 * (max_send_fragment = ssl_get_max_send_fragment(s)) &&
+        s->compress == NULL && s->msg_callback == NULL &&
+        !SSL_WRITE_ETM(s) && SSL_USE_EXPLICIT_IV(s) &&
+        EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_write_ctx)) &
+        EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) {
+        unsigned char aad[13];
+        EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param;
+        size_t packlen;
+        int packleni;
+
+        /* minimize address aliasing conflicts */
+        if ((max_send_fragment & 0xfff) == 0)
+            max_send_fragment -= 512;
+
+        if (tot == 0 || wb->buf == NULL) { /* allocate jumbo buffer */
+            ssl3_release_write_buffer(s);
+
+            packlen = EVP_CIPHER_CTX_ctrl(s->enc_write_ctx,
+                                          EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE,
+                                          (int)max_send_fragment, NULL);
+
+            if (len >= 8 * max_send_fragment)
+                packlen *= 8;
+            else
+                packlen *= 4;
+
+            if (!ssl3_setup_write_buffer(s, 1, packlen)) {
+                /* SSLfatal() already called */
+                return -1;
+            }
+        } else if (tot == len) { /* done? */
+            /* free jumbo buffer */
+            ssl3_release_write_buffer(s);
+            *written = tot;
+            return 1;
+        }
+
+        n = (len - tot);
+        for (;;) {
+            if (n < 4 * max_send_fragment) {
+                /* free jumbo buffer */
+                ssl3_release_write_buffer(s);
+                break;
+            }
+
+            if (s->s3->alert_dispatch) {
+                i = s->method->ssl_dispatch_alert(s);
+                if (i <= 0) {
+                    /* SSLfatal() already called if appropriate */
+                    s->rlayer.wnum = tot;
+                    return i;
+                }
+            }
+
+            if (n >= 8 * max_send_fragment)
+                nw = max_send_fragment * (mb_param.interleave = 8);
+            else
+                nw = max_send_fragment * (mb_param.interleave = 4);
+
+            memcpy(aad, s->rlayer.write_sequence, 8);
+            aad[8] = type;
+            aad[9] = (unsigned char)(s->version >> 8);
+            aad[10] = (unsigned char)(s->version);
+            aad[11] = 0;
+            aad[12] = 0;
+            mb_param.out = NULL;
+            mb_param.inp = aad;
+            mb_param.len = nw;
+
+            packleni = EVP_CIPHER_CTX_ctrl(s->enc_write_ctx,
+                                          EVP_CTRL_TLS1_1_MULTIBLOCK_AAD,
+                                          sizeof(mb_param), &mb_param);
+            packlen = (size_t)packleni;
+            if (packleni <= 0 || packlen > wb->len) { /* never happens */
+                /* free jumbo buffer */
+                ssl3_release_write_buffer(s);
+                break;
+            }
+
+            mb_param.out = wb->buf;
+            mb_param.inp = &buf[tot];
+            mb_param.len = nw;
+
+            if (EVP_CIPHER_CTX_ctrl(s->enc_write_ctx,
+                                    EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT,
+                                    sizeof(mb_param), &mb_param) <= 0)
+                return -1;
+
+            s->rlayer.write_sequence[7] += mb_param.interleave;
+            if (s->rlayer.write_sequence[7] < mb_param.interleave) {
+                int j = 6;
+                while (j >= 0 && (++s->rlayer.write_sequence[j--]) == 0) ;
+            }
+
+            wb->offset = 0;
+            wb->left = packlen;
+
+            s->rlayer.wpend_tot = nw;
+            s->rlayer.wpend_buf = &buf[tot];
+            s->rlayer.wpend_type = type;
+            s->rlayer.wpend_ret = nw;
+
+            i = ssl3_write_pending(s, type, &buf[tot], nw, &tmpwrit);
+            if (i <= 0) {
+                /* SSLfatal() already called if appropriate */
+                if (i < 0 && (!s->wbio || !BIO_should_retry(s->wbio))) {
+                    /* free jumbo buffer */
+                    ssl3_release_write_buffer(s);
+                }
+                s->rlayer.wnum = tot;
+                return i;
+            }
+            if (tmpwrit == n) {
+                /* free jumbo buffer */
+                ssl3_release_write_buffer(s);
+                *written = tot + tmpwrit;
+                return 1;
+            }
+            n -= tmpwrit;
+            tot += tmpwrit;
+        }
+    } else
+#endif  /* !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK */
+    if (tot == len) {           /* done? */
+        if (s->mode & SSL_MODE_RELEASE_BUFFERS && !SSL_IS_DTLS(s))
+            ssl3_release_write_buffer(s);
+
+        *written = tot;
+        return 1;
+    }
+
+    n = (len - tot);
+
+    max_send_fragment = ssl_get_max_send_fragment(s);
+    split_send_fragment = ssl_get_split_send_fragment(s);
+    /*
+     * If max_pipelines is 0 then this means "undefined" and we default to
+     * 1 pipeline. Similarly if the cipher does not support pipelined
+     * processing then we also only use 1 pipeline, or if we're not using
+     * explicit IVs
+     */
+    maxpipes = s->max_pipelines;
+    if (maxpipes > SSL_MAX_PIPELINES) {
+        /*
+         * We should have prevented this when we set max_pipelines so we
+         * shouldn't get here
+         */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_WRITE_BYTES,
+                 ERR_R_INTERNAL_ERROR);
+        return -1;
+    }
+    if (maxpipes == 0
+        || s->enc_write_ctx == NULL
+        || !(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_write_ctx))
+             & EVP_CIPH_FLAG_PIPELINE)
+        || !SSL_USE_EXPLICIT_IV(s))
+        maxpipes = 1;
+    if (max_send_fragment == 0 || split_send_fragment == 0
+        || split_send_fragment > max_send_fragment) {
+        /*
+         * We should have prevented this when we set/get the split and max send
+         * fragments so we shouldn't get here
+         */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_WRITE_BYTES,
+                 ERR_R_INTERNAL_ERROR);
+        return -1;
+    }
+
+    for (;;) {
+        size_t pipelens[SSL_MAX_PIPELINES], tmppipelen, remain;
+        size_t numpipes, j;
+
+        if (n == 0)
+            numpipes = 1;
+        else
+            numpipes = ((n - 1) / split_send_fragment) + 1;
+        if (numpipes > maxpipes)
+            numpipes = maxpipes;
+
+        if (n / numpipes >= max_send_fragment) {
+            /*
+             * We have enough data to completely fill all available
+             * pipelines
+             */
+            for (j = 0; j < numpipes; j++) {
+                pipelens[j] = max_send_fragment;
+            }
+        } else {
+            /* We can partially fill all available pipelines */
+            tmppipelen = n / numpipes;
+            remain = n % numpipes;
+            for (j = 0; j < numpipes; j++) {
+                pipelens[j] = tmppipelen;
+                if (j < remain)
+                    pipelens[j]++;
+            }
+        }
+
+        i = do_ssl3_write(s, type, &(buf[tot]), pipelens, numpipes, 0,
+                          &tmpwrit);
+        if (i <= 0) {
+            /* SSLfatal() already called if appropriate */
+            /* XXX should we ssl3_release_write_buffer if i<0? */
+            s->rlayer.wnum = tot;
+            return i;
+        }
+
+        if (tmpwrit == n ||
+            (type == SSL3_RT_APPLICATION_DATA &&
+             (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) {
+            /*
+             * next chunk of data should get another prepended empty fragment
+             * in ciphersuites with known-IV weakness:
+             */
+            s->s3->empty_fragment_done = 0;
+
+            if ((i == (int)n) && s->mode & SSL_MODE_RELEASE_BUFFERS &&
+                !SSL_IS_DTLS(s))
+                ssl3_release_write_buffer(s);
+
+            *written = tot + tmpwrit;
+            return 1;
+        }
+
+        n -= tmpwrit;
+        tot += tmpwrit;
+    }
+}
+
+int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
+                  size_t *pipelens, size_t numpipes,
+                  int create_empty_fragment, size_t *written)
+{
+    WPACKET pkt[SSL_MAX_PIPELINES];
+    SSL3_RECORD wr[SSL_MAX_PIPELINES];
+    WPACKET *thispkt;
+    SSL3_RECORD *thiswr;
+    unsigned char *recordstart;
+    int i, mac_size, clear = 0;
+    size_t prefix_len = 0;
+    int eivlen = 0;
+    size_t align = 0;
+    SSL3_BUFFER *wb;
+    SSL_SESSION *sess;
+    size_t totlen = 0, len, wpinited = 0;
+    size_t j;
+
+    for (j = 0; j < numpipes; j++)
+        totlen += pipelens[j];
+    /*
+     * first check if there is a SSL3_BUFFER still being written out.  This
+     * will happen with non blocking IO
+     */
+    if (RECORD_LAYER_write_pending(&s->rlayer)) {
+        /* Calls SSLfatal() as required */
+        return ssl3_write_pending(s, type, buf, totlen, written);
+    }
+
+    /* If we have an alert to send, lets send it */
+    if (s->s3->alert_dispatch) {
+        i = s->method->ssl_dispatch_alert(s);
+        if (i <= 0) {
+            /* SSLfatal() already called if appropriate */
+            return i;
+        }
+        /* if it went, fall through and send more stuff */
+    }
+
+    if (s->rlayer.numwpipes < numpipes) {
+        if (!ssl3_setup_write_buffer(s, numpipes, 0)) {
+            /* SSLfatal() already called */
+            return -1;
+        }
+    }
+
+    if (totlen == 0 && !create_empty_fragment)
+        return 0;
+
+    sess = s->session;
+
+    if ((sess == NULL) ||
+        (s->enc_write_ctx == NULL) || (EVP_MD_CTX_md(s->write_hash) == NULL)) {
+        clear = s->enc_write_ctx ? 0 : 1; /* must be AEAD cipher */
+        mac_size = 0;
+    } else {
+        /* TODO(siz_t): Convert me */
+        mac_size = EVP_MD_CTX_size(s->write_hash);
+        if (mac_size < 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+    }
+
+    /*
+     * 'create_empty_fragment' is true only when this function calls itself
+     */
+    if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done) {
+        /*
+         * countermeasure against known-IV weakness in CBC ciphersuites (see
+         * http://www.openssl.org/~bodo/tls-cbc.txt)
+         */
+
+        if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA) {
+            /*
+             * recursive function call with 'create_empty_fragment' set; this
+             * prepares and buffers the data for an empty fragment (these
+             * 'prefix_len' bytes are sent out later together with the actual
+             * payload)
+             */
+            size_t tmppipelen = 0;
+            int ret;
+
+            ret = do_ssl3_write(s, type, buf, &tmppipelen, 1, 1, &prefix_len);
+            if (ret <= 0) {
+                /* SSLfatal() already called if appropriate */
+                goto err;
+            }
+
+            if (prefix_len >
+                (SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) {
+                /* insufficient space */
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                         ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+        }
+
+        s->s3->empty_fragment_done = 1;
+    }
+
+    if (create_empty_fragment) {
+        wb = &s->rlayer.wbuf[0];
+#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
+        /*
+         * extra fragment would be couple of cipher blocks, which would be
+         * multiple of SSL3_ALIGN_PAYLOAD, so if we want to align the real
+         * payload, then we can just pretend we simply have two headers.
+         */
+        align = (size_t)SSL3_BUFFER_get_buf(wb) + 2 * SSL3_RT_HEADER_LENGTH;
+        align = SSL3_ALIGN_PAYLOAD - 1 - ((align - 1) % SSL3_ALIGN_PAYLOAD);
+#endif
+        SSL3_BUFFER_set_offset(wb, align);
+        if (!WPACKET_init_static_len(&pkt[0], SSL3_BUFFER_get_buf(wb),
+                                     SSL3_BUFFER_get_len(wb), 0)
+                || !WPACKET_allocate_bytes(&pkt[0], align, NULL)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        wpinited = 1;
+    } else if (prefix_len) {
+        wb = &s->rlayer.wbuf[0];
+        if (!WPACKET_init_static_len(&pkt[0],
+                                     SSL3_BUFFER_get_buf(wb),
+                                     SSL3_BUFFER_get_len(wb), 0)
+                || !WPACKET_allocate_bytes(&pkt[0], SSL3_BUFFER_get_offset(wb)
+                                                    + prefix_len, NULL)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        wpinited = 1;
+    } else {
+        for (j = 0; j < numpipes; j++) {
+            thispkt = &pkt[j];
+
+            wb = &s->rlayer.wbuf[j];
+#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD != 0
+            align = (size_t)SSL3_BUFFER_get_buf(wb) + SSL3_RT_HEADER_LENGTH;
+            align = SSL3_ALIGN_PAYLOAD - 1 - ((align - 1) % SSL3_ALIGN_PAYLOAD);
+#endif
+            SSL3_BUFFER_set_offset(wb, align);
+            if (!WPACKET_init_static_len(thispkt, SSL3_BUFFER_get_buf(wb),
+                                         SSL3_BUFFER_get_len(wb), 0)
+                    || !WPACKET_allocate_bytes(thispkt, align, NULL)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                         ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            wpinited++;
+        }
+    }
+
+    /* Explicit IV length, block ciphers appropriate version flag */
+    if (s->enc_write_ctx && SSL_USE_EXPLICIT_IV(s) && !SSL_TREAT_AS_TLS13(s)) {
+        int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx);
+        if (mode == EVP_CIPH_CBC_MODE) {
+            /* TODO(size_t): Convert me */
+            eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx);
+            if (eivlen <= 1)
+                eivlen = 0;
+        } else if (mode == EVP_CIPH_GCM_MODE) {
+            /* Need explicit part of IV for GCM mode */
+            eivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN;
+        } else if (mode == EVP_CIPH_CCM_MODE) {
+            eivlen = EVP_CCM_TLS_EXPLICIT_IV_LEN;
+        }
+    }
+
+    totlen = 0;
+    /* Clear our SSL3_RECORD structures */
+    memset(wr, 0, sizeof(wr));
+    for (j = 0; j < numpipes; j++) {
+        unsigned int version = (s->version == TLS1_3_VERSION) ? TLS1_2_VERSION
+                                                              : s->version;
+        unsigned char *compressdata = NULL;
+        size_t maxcomplen;
+        unsigned int rectype;
+
+        thispkt = &pkt[j];
+        thiswr = &wr[j];
+
+        /*
+         * In TLSv1.3, once encrypting, we always use application data for the
+         * record type
+         */
+        if (SSL_TREAT_AS_TLS13(s)
+                && s->enc_write_ctx != NULL
+                && (s->statem.enc_write_state != ENC_WRITE_STATE_WRITE_PLAIN_ALERTS
+                    || type != SSL3_RT_ALERT))
+            rectype = SSL3_RT_APPLICATION_DATA;
+        else
+            rectype = type;
+        SSL3_RECORD_set_type(thiswr, rectype);
+
+        /*
+         * Some servers hang if initial client hello is larger than 256 bytes
+         * and record version number > TLS 1.0
+         */
+        if (SSL_get_state(s) == TLS_ST_CW_CLNT_HELLO
+                && !s->renegotiate
+                && TLS1_get_version(s) > TLS1_VERSION
+                && s->hello_retry_request == SSL_HRR_NONE)
+            version = TLS1_VERSION;
+        SSL3_RECORD_set_rec_version(thiswr, version);
+
+        maxcomplen = pipelens[j];
+        if (s->compress != NULL)
+            maxcomplen += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
+
+        /* write the header */
+        if (!WPACKET_put_bytes_u8(thispkt, rectype)
+                || !WPACKET_put_bytes_u16(thispkt, version)
+                || !WPACKET_start_sub_packet_u16(thispkt)
+                || (eivlen > 0
+                    && !WPACKET_allocate_bytes(thispkt, eivlen, NULL))
+                || (maxcomplen > 0
+                    && !WPACKET_reserve_bytes(thispkt, maxcomplen,
+                                              &compressdata))) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        /* lets setup the record stuff. */
+        SSL3_RECORD_set_data(thiswr, compressdata);
+        SSL3_RECORD_set_length(thiswr, pipelens[j]);
+        SSL3_RECORD_set_input(thiswr, (unsigned char *)&buf[totlen]);
+        totlen += pipelens[j];
+
+        /*
+         * we now 'read' from thiswr->input, thiswr->length bytes into
+         * thiswr->data
+         */
+
+        /* first we compress */
+        if (s->compress != NULL) {
+            if (!ssl3_do_compress(s, thiswr)
+                    || !WPACKET_allocate_bytes(thispkt, thiswr->length, NULL)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                         SSL_R_COMPRESSION_FAILURE);
+                goto err;
+            }
+        } else {
+            if (!WPACKET_memcpy(thispkt, thiswr->input, thiswr->length)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                         ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            SSL3_RECORD_reset_input(&wr[j]);
+        }
+
+        if (SSL_TREAT_AS_TLS13(s)
+                && s->enc_write_ctx != NULL
+                && (s->statem.enc_write_state != ENC_WRITE_STATE_WRITE_PLAIN_ALERTS
+                    || type != SSL3_RT_ALERT)) {
+            size_t rlen, max_send_fragment;
+
+            if (!WPACKET_put_bytes_u8(thispkt, type)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                         ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            SSL3_RECORD_add_length(thiswr, 1);
+
+            /* Add TLS1.3 padding */
+            max_send_fragment = ssl_get_max_send_fragment(s);
+            rlen = SSL3_RECORD_get_length(thiswr);
+            if (rlen < max_send_fragment) {
+                size_t padding = 0;
+                size_t max_padding = max_send_fragment - rlen;
+                if (s->record_padding_cb != NULL) {
+                    padding = s->record_padding_cb(s, type, rlen, s->record_padding_arg);
+                } else if (s->block_padding > 0) {
+                    size_t mask = s->block_padding - 1;
+                    size_t remainder;
+
+                    /* optimize for power of 2 */
+                    if ((s->block_padding & mask) == 0)
+                        remainder = rlen & mask;
+                    else
+                        remainder = rlen % s->block_padding;
+                    /* don't want to add a block of padding if we don't have to */
+                    if (remainder == 0)
+                        padding = 0;
+                    else
+                        padding = s->block_padding - remainder;
+                }
+                if (padding > 0) {
+                    /* do not allow the record to exceed max plaintext length */
+                    if (padding > max_padding)
+                        padding = max_padding;
+                    if (!WPACKET_memset(thispkt, 0, padding)) {
+                        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                                 ERR_R_INTERNAL_ERROR);
+                        goto err;
+                    }
+                    SSL3_RECORD_add_length(thiswr, padding);
+                }
+            }
+        }
+
+        /*
+         * we should still have the output to thiswr->data and the input from
+         * wr->input. Length should be thiswr->length. thiswr->data still points
+         * in the wb->buf
+         */
+
+        if (!SSL_WRITE_ETM(s) && mac_size != 0) {
+            unsigned char *mac;
+
+            if (!WPACKET_allocate_bytes(thispkt, mac_size, &mac)
+                    || !s->method->ssl3_enc->mac(s, thiswr, mac, 1)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                         ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+        }
+
+        /*
+         * Reserve some bytes for any growth that may occur during encryption.
+         * This will be at most one cipher block or the tag length if using
+         * AEAD. SSL_RT_MAX_CIPHER_BLOCK_SIZE covers either case.
+         */
+        if (!WPACKET_reserve_bytes(thispkt, SSL_RT_MAX_CIPHER_BLOCK_SIZE,
+                                   NULL)
+                   /*
+                    * We also need next the amount of bytes written to this
+                    * sub-packet
+                    */
+                || !WPACKET_get_length(thispkt, &len)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        /* Get a pointer to the start of this record excluding header */
+        recordstart = WPACKET_get_curr(thispkt) - len;
+
+        SSL3_RECORD_set_data(thiswr, recordstart);
+        SSL3_RECORD_reset_input(thiswr);
+        SSL3_RECORD_set_length(thiswr, len);
+    }
+
+    if (s->statem.enc_write_state == ENC_WRITE_STATE_WRITE_PLAIN_ALERTS) {
+        /*
+         * We haven't actually negotiated the version yet, but we're trying to
+         * send early data - so we need to use the tls13enc function.
+         */
+        if (tls13_enc(s, wr, numpipes, 1) < 1) {
+            if (!ossl_statem_in_error(s)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                         ERR_R_INTERNAL_ERROR);
+            }
+            goto err;
+        }
+    } else {
+        if (s->method->ssl3_enc->enc(s, wr, numpipes, 1) < 1) {
+            if (!ossl_statem_in_error(s)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                         ERR_R_INTERNAL_ERROR);
+            }
+            goto err;
+        }
+    }
+
+    for (j = 0; j < numpipes; j++) {
+        size_t origlen;
+
+        thispkt = &pkt[j];
+        thiswr = &wr[j];
+
+        /* Allocate bytes for the encryption overhead */
+        if (!WPACKET_get_length(thispkt, &origlen)
+                   /* Encryption should never shrink the data! */
+                || origlen > thiswr->length
+                || (thiswr->length > origlen
+                    && !WPACKET_allocate_bytes(thispkt,
+                                               thiswr->length - origlen, NULL))) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        if (SSL_WRITE_ETM(s) && mac_size != 0) {
+            unsigned char *mac;
+
+            if (!WPACKET_allocate_bytes(thispkt, mac_size, &mac)
+                    || !s->method->ssl3_enc->mac(s, thiswr, mac, 1)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                         ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            SSL3_RECORD_add_length(thiswr, mac_size);
+        }
+
+        if (!WPACKET_get_length(thispkt, &len)
+                || !WPACKET_close(thispkt)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        if (s->msg_callback) {
+            recordstart = WPACKET_get_curr(thispkt) - len
+                          - SSL3_RT_HEADER_LENGTH;
+            s->msg_callback(1, 0, SSL3_RT_HEADER, recordstart,
+                            SSL3_RT_HEADER_LENGTH, s,
+                            s->msg_callback_arg);
+
+            if (SSL_TREAT_AS_TLS13(s) && s->enc_write_ctx != NULL) {
+                unsigned char ctype = type;
+
+                s->msg_callback(1, s->version, SSL3_RT_INNER_CONTENT_TYPE,
+                                &ctype, 1, s, s->msg_callback_arg);
+            }
+        }
+
+        if (!WPACKET_finish(thispkt)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        /*
+         * we should now have thiswr->data pointing to the encrypted data, which
+         * is thiswr->length long
+         */
+        SSL3_RECORD_set_type(thiswr, type); /* not needed but helps for
+                                             * debugging */
+        SSL3_RECORD_add_length(thiswr, SSL3_RT_HEADER_LENGTH);
+
+        if (create_empty_fragment) {
+            /*
+             * we are in a recursive call; just return the length, don't write
+             * out anything here
+             */
+            if (j > 0) {
+                /* We should never be pipelining an empty fragment!! */
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                         ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            *written = SSL3_RECORD_get_length(thiswr);
+            return 1;
+        }
+
+        /* now let's set up wb */
+        SSL3_BUFFER_set_left(&s->rlayer.wbuf[j],
+                             prefix_len + SSL3_RECORD_get_length(thiswr));
+    }
+
+    /*
+     * memorize arguments so that ssl3_write_pending can detect bad write
+     * retries later
+     */
+    s->rlayer.wpend_tot = totlen;
+    s->rlayer.wpend_buf = buf;
+    s->rlayer.wpend_type = type;
+    s->rlayer.wpend_ret = totlen;
+
+    /* we now just need to write the buffer */
+    return ssl3_write_pending(s, type, buf, totlen, written);
+ err:
+    for (j = 0; j < wpinited; j++)
+        WPACKET_cleanup(&pkt[j]);
+    return -1;
+}
+
+/* if s->s3->wbuf.left != 0, we need to call this
+ *
+ * Return values are as per SSL_write()
+ */
+int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, size_t len,
+                       size_t *written)
+{
+    int i;
+    SSL3_BUFFER *wb = s->rlayer.wbuf;
+    size_t currbuf = 0;
+    size_t tmpwrit = 0;
+
+    if ((s->rlayer.wpend_tot > len)
+        || (!(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)
+            && (s->rlayer.wpend_buf != buf))
+        || (s->rlayer.wpend_type != type)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_WRITE_PENDING,
+                 SSL_R_BAD_WRITE_RETRY);
+        return -1;
+    }
+
+    for (;;) {
+        /* Loop until we find a buffer we haven't written out yet */
+        if (SSL3_BUFFER_get_left(&wb[currbuf]) == 0
+            && currbuf < s->rlayer.numwpipes - 1) {
+            currbuf++;
+            continue;
+        }
+        clear_sys_error();
+        if (s->wbio != NULL) {
+            s->rwstate = SSL_WRITING;
+            /* TODO(size_t): Convert this call */
+            i = BIO_write(s->wbio, (char *)
+                          &(SSL3_BUFFER_get_buf(&wb[currbuf])
+                            [SSL3_BUFFER_get_offset(&wb[currbuf])]),
+                          (unsigned int)SSL3_BUFFER_get_left(&wb[currbuf]));
+            if (i >= 0)
+                tmpwrit = i;
+        } else {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_WRITE_PENDING,
+                     SSL_R_BIO_NOT_SET);
+            i = -1;
+        }
+        if (i > 0 && tmpwrit == SSL3_BUFFER_get_left(&wb[currbuf])) {
+            SSL3_BUFFER_set_left(&wb[currbuf], 0);
+            SSL3_BUFFER_add_offset(&wb[currbuf], tmpwrit);
+            if (currbuf + 1 < s->rlayer.numwpipes)
+                continue;
+            s->rwstate = SSL_NOTHING;
+            *written = s->rlayer.wpend_ret;
+            return 1;
+        } else if (i <= 0) {
+            if (SSL_IS_DTLS(s)) {
+                /*
+                 * For DTLS, just drop it. That's kind of the whole point in
+                 * using a datagram service
+                 */
+                SSL3_BUFFER_set_left(&wb[currbuf], 0);
+            }
+            return i;
+        }
+        SSL3_BUFFER_add_offset(&wb[currbuf], tmpwrit);
+        SSL3_BUFFER_sub_left(&wb[currbuf], tmpwrit);
+    }
+}
+
+/*-
+ * Return up to 'len' payload bytes received in 'type' records.
+ * 'type' is one of the following:
+ *
+ *   -  SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)
+ *   -  SSL3_RT_APPLICATION_DATA (when ssl3_read calls us)
+ *   -  0 (during a shutdown, no data has to be returned)
+ *
+ * If we don't have stored data to work from, read a SSL/TLS record first
+ * (possibly multiple records if we still don't have anything to return).
+ *
+ * This function must handle any surprises the peer may have for us, such as
+ * Alert records (e.g. close_notify) or renegotiation requests. ChangeCipherSpec
+ * messages are treated as if they were handshake messages *if* the |recd_type|
+ * argument is non NULL.
+ * Also if record payloads contain fragments too small to process, we store
+ * them until there is enough for the respective protocol (the record protocol
+ * may use arbitrary fragmentation and even interleaving):
+ *     Change cipher spec protocol
+ *             just 1 byte needed, no need for keeping anything stored
+ *     Alert protocol
+ *             2 bytes needed (AlertLevel, AlertDescription)
+ *     Handshake protocol
+ *             4 bytes needed (HandshakeType, uint24 length) -- we just have
+ *             to detect unexpected Client Hello and Hello Request messages
+ *             here, anything else is handled by higher layers
+ *     Application data protocol
+ *             none of our business
+ */
+int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
+                    size_t len, int peek, size_t *readbytes)
+{
+    int i, j, ret;
+    size_t n, curr_rec, num_recs, totalbytes;
+    SSL3_RECORD *rr;
+    SSL3_BUFFER *rbuf;
+    void (*cb) (const SSL *ssl, int type2, int val) = NULL;
+    int is_tls13 = SSL_IS_TLS13(s);
+
+    rbuf = &s->rlayer.rbuf;
+
+    if (!SSL3_BUFFER_is_initialised(rbuf)) {
+        /* Not initialized yet */
+        if (!ssl3_setup_read_buffer(s)) {
+            /* SSLfatal() already called */
+            return -1;
+        }
+    }
+
+    if ((type && (type != SSL3_RT_APPLICATION_DATA)
+         && (type != SSL3_RT_HANDSHAKE)) || (peek
+                                             && (type !=
+                                                 SSL3_RT_APPLICATION_DATA))) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_BYTES,
+                 ERR_R_INTERNAL_ERROR);
+        return -1;
+    }
+
+    if ((type == SSL3_RT_HANDSHAKE) && (s->rlayer.handshake_fragment_len > 0))
+        /* (partially) satisfy request from storage */
+    {
+        unsigned char *src = s->rlayer.handshake_fragment;
+        unsigned char *dst = buf;
+        unsigned int k;
+
+        /* peek == 0 */
+        n = 0;
+        while ((len > 0) && (s->rlayer.handshake_fragment_len > 0)) {
+            *dst++ = *src++;
+            len--;
+            s->rlayer.handshake_fragment_len--;
+            n++;
+        }
+        /* move any remaining fragment bytes: */
+        for (k = 0; k < s->rlayer.handshake_fragment_len; k++)
+            s->rlayer.handshake_fragment[k] = *src++;
+
+        if (recvd_type != NULL)
+            *recvd_type = SSL3_RT_HANDSHAKE;
+
+        *readbytes = n;
+        return 1;
+    }
+
+    /*
+     * Now s->rlayer.handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE.
+     */
+
+    if (!ossl_statem_get_in_handshake(s) && SSL_in_init(s)) {
+        /* type == SSL3_RT_APPLICATION_DATA */
+        i = s->handshake_func(s);
+        /* SSLfatal() already called */
+        if (i < 0)
+            return i;
+        if (i == 0)
+            return -1;
+    }
+ start:
+    s->rwstate = SSL_NOTHING;
+
+    /*-
+     * For each record 'i' up to |num_recs]
+     * rr[i].type     - is the type of record
+     * rr[i].data,    - data
+     * rr[i].off,     - offset into 'data' for next read
+     * rr[i].length,  - number of bytes.
+     */
+    rr = s->rlayer.rrec;
+    num_recs = RECORD_LAYER_get_numrpipes(&s->rlayer);
+
+    do {
+        /* get new records if necessary */
+        if (num_recs == 0) {
+            ret = ssl3_get_record(s);
+            if (ret <= 0) {
+                /* SSLfatal() already called if appropriate */
+                return ret;
+            }
+            num_recs = RECORD_LAYER_get_numrpipes(&s->rlayer);
+            if (num_recs == 0) {
+                /* Shouldn't happen */
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_BYTES,
+                         ERR_R_INTERNAL_ERROR);
+                return -1;
+            }
+        }
+        /* Skip over any records we have already read */
+        for (curr_rec = 0;
+             curr_rec < num_recs && SSL3_RECORD_is_read(&rr[curr_rec]);
+             curr_rec++) ;
+        if (curr_rec == num_recs) {
+            RECORD_LAYER_set_numrpipes(&s->rlayer, 0);
+            num_recs = 0;
+            curr_rec = 0;
+        }
+    } while (num_recs == 0);
+    rr = &rr[curr_rec];
+
+    if (s->rlayer.handshake_fragment_len > 0
+            && SSL3_RECORD_get_type(rr) != SSL3_RT_HANDSHAKE
+            && SSL_IS_TLS13(s)) {
+        SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+                 SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA);
+        return -1;
+    }
+
+    /*
+     * Reset the count of consecutive warning alerts if we've got a non-empty
+     * record that isn't an alert.
+     */
+    if (SSL3_RECORD_get_type(rr) != SSL3_RT_ALERT
+            && SSL3_RECORD_get_length(rr) != 0)
+        s->rlayer.alert_count = 0;
+
+    /* we now have a packet which can be read and processed */
+
+    if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
+                                   * reset by ssl3_get_finished */
+        && (SSL3_RECORD_get_type(rr) != SSL3_RT_HANDSHAKE)) {
+        SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+                 SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
+        return -1;
+    }
+
+    /*
+     * If the other end has shut down, throw anything we read away (even in
+     * 'peek' mode)
+     */
+    if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
+        SSL3_RECORD_set_length(rr, 0);
+        s->rwstate = SSL_NOTHING;
+        return 0;
+    }
+
+    if (type == SSL3_RECORD_get_type(rr)
+        || (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC
+            && type == SSL3_RT_HANDSHAKE && recvd_type != NULL
+            && !is_tls13)) {
+        /*
+         * SSL3_RT_APPLICATION_DATA or
+         * SSL3_RT_HANDSHAKE or
+         * SSL3_RT_CHANGE_CIPHER_SPEC
+         */
+        /*
+         * make sure that we are not getting application data when we are
+         * doing a handshake for the first time
+         */
+        if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
+            (s->enc_read_ctx == NULL)) {
+            SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+                     SSL_R_APP_DATA_IN_HANDSHAKE);
+            return -1;
+        }
+
+        if (type == SSL3_RT_HANDSHAKE
+            && SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC
+            && s->rlayer.handshake_fragment_len > 0) {
+            SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+                     SSL_R_CCS_RECEIVED_EARLY);
+            return -1;
+        }
+
+        if (recvd_type != NULL)
+            *recvd_type = SSL3_RECORD_get_type(rr);
+
+        if (len == 0) {
+            /*
+             * Mark a zero length record as read. This ensures multiple calls to
+             * SSL_read() with a zero length buffer will eventually cause
+             * SSL_pending() to report data as being available.
+             */
+            if (SSL3_RECORD_get_length(rr) == 0)
+                SSL3_RECORD_set_read(rr);
+            return 0;
+        }
+
+        totalbytes = 0;
+        do {
+            if (len - totalbytes > SSL3_RECORD_get_length(rr))
+                n = SSL3_RECORD_get_length(rr);
+            else
+                n = len - totalbytes;
+
+            memcpy(buf, &(rr->data[rr->off]), n);
+            buf += n;
+            if (peek) {
+                /* Mark any zero length record as consumed CVE-2016-6305 */
+                if (SSL3_RECORD_get_length(rr) == 0)
+                    SSL3_RECORD_set_read(rr);
+            } else {
+                SSL3_RECORD_sub_length(rr, n);
+                SSL3_RECORD_add_off(rr, n);
+                if (SSL3_RECORD_get_length(rr) == 0) {
+                    s->rlayer.rstate = SSL_ST_READ_HEADER;
+                    SSL3_RECORD_set_off(rr, 0);
+                    SSL3_RECORD_set_read(rr);
+                }
+            }
+            if (SSL3_RECORD_get_length(rr) == 0
+                || (peek && n == SSL3_RECORD_get_length(rr))) {
+                curr_rec++;
+                rr++;
+            }
+            totalbytes += n;
+        } while (type == SSL3_RT_APPLICATION_DATA && curr_rec < num_recs
+                 && totalbytes < len);
+        if (totalbytes == 0) {
+            /* We must have read empty records. Get more data */
+            goto start;
+        }
+        if (!peek && curr_rec == num_recs
+            && (s->mode & SSL_MODE_RELEASE_BUFFERS)
+            && SSL3_BUFFER_get_left(rbuf) == 0)
+            ssl3_release_read_buffer(s);
+        *readbytes = totalbytes;
+        return 1;
+    }
+
+    /*
+     * If we get here, then type != rr->type; if we have a handshake message,
+     * then it was unexpected (Hello Request or Client Hello) or invalid (we
+     * were actually expecting a CCS).
+     */
+
+    /*
+     * Lets just double check that we've not got an SSLv2 record
+     */
+    if (rr->rec_version == SSL2_VERSION) {
+        /*
+         * Should never happen. ssl3_get_record() should only give us an SSLv2
+         * record back if this is the first packet and we are looking for an
+         * initial ClientHello. Therefore |type| should always be equal to
+         * |rr->type|. If not then something has gone horribly wrong
+         */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_BYTES,
+                 ERR_R_INTERNAL_ERROR);
+        return -1;
+    }
+
+    if (s->method->version == TLS_ANY_VERSION
+        && (s->server || rr->type != SSL3_RT_ALERT)) {
+        /*
+         * If we've got this far and still haven't decided on what version
+         * we're using then this must be a client side alert we're dealing with
+         * (we don't allow heartbeats yet). We shouldn't be receiving anything
+         * other than a ClientHello if we are a server.
+         */
+        s->version = rr->rec_version;
+        SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+                 SSL_R_UNEXPECTED_MESSAGE);
+        return -1;
+    }
+
+    /*-
+     * s->rlayer.handshake_fragment_len == 4  iff  rr->type == SSL3_RT_HANDSHAKE;
+     * (Possibly rr is 'empty' now, i.e. rr->length may be 0.)
+     */
+
+    if (SSL3_RECORD_get_type(rr) == SSL3_RT_ALERT) {
+        unsigned int alert_level, alert_descr;
+        unsigned char *alert_bytes = SSL3_RECORD_get_data(rr)
+                                     + SSL3_RECORD_get_off(rr);
+        PACKET alert;
+
+        if (!PACKET_buf_init(&alert, alert_bytes, SSL3_RECORD_get_length(rr))
+                || !PACKET_get_1(&alert, &alert_level)
+                || !PACKET_get_1(&alert, &alert_descr)
+                || PACKET_remaining(&alert) != 0) {
+            SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+                     SSL_R_INVALID_ALERT);
+            return -1;
+        }
+
+        if (s->msg_callback)
+            s->msg_callback(0, s->version, SSL3_RT_ALERT, alert_bytes, 2, s,
+                            s->msg_callback_arg);
+
+        if (s->info_callback != NULL)
+            cb = s->info_callback;
+        else if (s->ctx->info_callback != NULL)
+            cb = s->ctx->info_callback;
+
+        if (cb != NULL) {
+            j = (alert_level << 8) | alert_descr;
+            cb(s, SSL_CB_READ_ALERT, j);
+        }
+
+        if (alert_level == SSL3_AL_WARNING
+                || (is_tls13 && alert_descr == SSL_AD_USER_CANCELLED)) {
+            s->s3->warn_alert = alert_descr;
+            SSL3_RECORD_set_read(rr);
+
+            s->rlayer.alert_count++;
+            if (s->rlayer.alert_count == MAX_WARN_ALERT_COUNT) {
+                SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+                         SSL_R_TOO_MANY_WARN_ALERTS);
+                return -1;
+            }
+        }
+
+        /*
+         * Apart from close_notify the only other warning alert in TLSv1.3
+         * is user_cancelled - which we just ignore.
+         */
+        if (is_tls13 && alert_descr == SSL_AD_USER_CANCELLED) {
+            goto start;
+        } else if (alert_descr == SSL_AD_CLOSE_NOTIFY
+                && (is_tls13 || alert_level == SSL3_AL_WARNING)) {
+            s->shutdown |= SSL_RECEIVED_SHUTDOWN;
+            return 0;
+        } else if (alert_level == SSL3_AL_FATAL || is_tls13) {
+            char tmp[16];
+
+            s->rwstate = SSL_NOTHING;
+            s->s3->fatal_alert = alert_descr;
+            SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_READ_BYTES,
+                     SSL_AD_REASON_OFFSET + alert_descr);
+            BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr);
+            ERR_add_error_data(2, "SSL alert number ", tmp);
+            s->shutdown |= SSL_RECEIVED_SHUTDOWN;
+            SSL3_RECORD_set_read(rr);
+            SSL_CTX_remove_session(s->session_ctx, s->session);
+            return 0;
+        } else if (alert_descr == SSL_AD_NO_RENEGOTIATION) {
+            /*
+             * This is a warning but we receive it if we requested
+             * renegotiation and the peer denied it. Terminate with a fatal
+             * alert because if application tried to renegotiate it
+             * presumably had a good reason and expects it to succeed. In
+             * future we might have a renegotiation where we don't care if
+             * the peer refused it where we carry on.
+             */
+            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_SSL3_READ_BYTES,
+                     SSL_R_NO_RENEGOTIATION);
+            return -1;
+        } else if (alert_level == SSL3_AL_WARNING) {
+            /* We ignore any other warning alert in TLSv1.2 and below */
+            goto start;
+        }
+
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SSL3_READ_BYTES,
+                 SSL_R_UNKNOWN_ALERT_TYPE);
+        return -1;
+    }
+
+    if ((s->shutdown & SSL_SENT_SHUTDOWN) != 0) {
+        if (SSL3_RECORD_get_type(rr) == SSL3_RT_HANDSHAKE) {
+            BIO *rbio;
+
+            /*
+             * We ignore any handshake messages sent to us unless they are
+             * TLSv1.3 in which case we want to process them. For all other
+             * handshake messages we can't do anything reasonable with them
+             * because we are unable to write any response due to having already
+             * sent close_notify.
+             */
+            if (!SSL_IS_TLS13(s)) {
+                SSL3_RECORD_set_length(rr, 0);
+                SSL3_RECORD_set_read(rr);
+
+                if ((s->mode & SSL_MODE_AUTO_RETRY) != 0)
+                    goto start;
+
+                s->rwstate = SSL_READING;
+                rbio = SSL_get_rbio(s);
+                BIO_clear_retry_flags(rbio);
+                BIO_set_retry_read(rbio);
+                return -1;
+            }
+        } else {
+            /*
+             * The peer is continuing to send application data, but we have
+             * already sent close_notify. If this was expected we should have
+             * been called via SSL_read() and this would have been handled
+             * above.
+             * No alert sent because we already sent close_notify
+             */
+            SSL3_RECORD_set_length(rr, 0);
+            SSL3_RECORD_set_read(rr);
+            SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_READ_BYTES,
+                     SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY);
+            return -1;
+        }
+    }
+
+    /*
+     * For handshake data we have 'fragment' storage, so fill that so that we
+     * can process the header at a fixed place. This is done after the
+     * "SHUTDOWN" code above to avoid filling the fragment storage with data
+     * that we're just going to discard.
+     */
+    if (SSL3_RECORD_get_type(rr) == SSL3_RT_HANDSHAKE) {
+        size_t dest_maxlen = sizeof(s->rlayer.handshake_fragment);
+        unsigned char *dest = s->rlayer.handshake_fragment;
+        size_t *dest_len = &s->rlayer.handshake_fragment_len;
+
+        n = dest_maxlen - *dest_len; /* available space in 'dest' */
+        if (SSL3_RECORD_get_length(rr) < n)
+            n = SSL3_RECORD_get_length(rr); /* available bytes */
+
+        /* now move 'n' bytes: */
+        memcpy(dest + *dest_len,
+               SSL3_RECORD_get_data(rr) + SSL3_RECORD_get_off(rr), n);
+        SSL3_RECORD_add_off(rr, n);
+        SSL3_RECORD_sub_length(rr, n);
+        *dest_len += n;
+        if (SSL3_RECORD_get_length(rr) == 0)
+            SSL3_RECORD_set_read(rr);
+
+        if (*dest_len < dest_maxlen)
+            goto start;     /* fragment was too small */
+    }
+
+    if (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC) {
+        SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+                 SSL_R_CCS_RECEIVED_EARLY);
+        return -1;
+    }
+
+    /*
+     * Unexpected handshake message (ClientHello, NewSessionTicket (TLS1.3) or
+     * protocol violation)
+     */
+    if ((s->rlayer.handshake_fragment_len >= 4)
+            && !ossl_statem_get_in_handshake(s)) {
+        int ined = (s->early_data_state == SSL_EARLY_DATA_READING);
+
+        /* We found handshake data, so we're going back into init */
+        ossl_statem_set_in_init(s, 1);
+
+        i = s->handshake_func(s);
+        /* SSLfatal() already called if appropriate */
+        if (i < 0)
+            return i;
+        if (i == 0) {
+            return -1;
+        }
+
+        /*
+         * If we were actually trying to read early data and we found a
+         * handshake message, then we don't want to continue to try and read
+         * the application data any more. It won't be "early" now.
+         */
+        if (ined)
+            return -1;
+
+        if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
+            if (SSL3_BUFFER_get_left(rbuf) == 0) {
+                /* no read-ahead left? */
+                BIO *bio;
+                /*
+                 * In the case where we try to read application data, but we
+                 * trigger an SSL handshake, we return -1 with the retry
+                 * option set.  Otherwise renegotiation may cause nasty
+                 * problems in the blocking world
+                 */
+                s->rwstate = SSL_READING;
+                bio = SSL_get_rbio(s);
+                BIO_clear_retry_flags(bio);
+                BIO_set_retry_read(bio);
+                return -1;
+            }
+        }
+        goto start;
+    }
+
+    switch (SSL3_RECORD_get_type(rr)) {
+    default:
+        /*
+         * TLS 1.0 and 1.1 say you SHOULD ignore unrecognised record types, but
+         * TLS 1.2 says you MUST send an unexpected message alert. We use the
+         * TLS 1.2 behaviour for all protocol versions to prevent issues where
+         * no progress is being made and the peer continually sends unrecognised
+         * record types, using up resources processing them.
+         */
+        SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+                 SSL_R_UNEXPECTED_RECORD);
+        return -1;
+    case SSL3_RT_CHANGE_CIPHER_SPEC:
+    case SSL3_RT_ALERT:
+    case SSL3_RT_HANDSHAKE:
+        /*
+         * we already handled all of these, with the possible exception of
+         * SSL3_RT_HANDSHAKE when ossl_statem_get_in_handshake(s) is true, but
+         * that should not happen when type != rr->type
+         */
+        SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+                 ERR_R_INTERNAL_ERROR);
+        return -1;
+    case SSL3_RT_APPLICATION_DATA:
+        /*
+         * At this point, we were expecting handshake data, but have
+         * application data.  If the library was running inside ssl3_read()
+         * (i.e. in_read_app_data is set) and it makes sense to read
+         * application data at this point (session renegotiation not yet
+         * started), we will indulge it.
+         */
+        if (ossl_statem_app_data_allowed(s)) {
+            s->s3->in_read_app_data = 2;
+            return -1;
+        } else if (ossl_statem_skip_early_data(s)) {
+            /*
+             * This can happen after a client sends a CH followed by early_data,
+             * but the server responds with a HelloRetryRequest. The server
+             * reads the next record from the client expecting to find a
+             * plaintext ClientHello but gets a record which appears to be
+             * application data. The trial decrypt "works" because null
+             * decryption was applied. We just skip it and move on to the next
+             * record.
+             */
+            if (!early_data_count_ok(s, rr->length,
+                                     EARLY_DATA_CIPHERTEXT_OVERHEAD, 0)) {
+                /* SSLfatal() already called */
+                return -1;
+            }
+            SSL3_RECORD_set_read(rr);
+            goto start;
+        } else {
+            SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+                     SSL_R_UNEXPECTED_RECORD);
+            return -1;
+        }
+    }
+}
+
+void ssl3_record_sequence_update(unsigned char *seq)
+{
+    int i;
+
+    for (i = 7; i >= 0; i--) {
+        ++seq[i];
+        if (seq[i] != 0)
+            break;
+    }
+}
+
+/*
+ * Returns true if the current rrec was sent in SSLv2 backwards compatible
+ * format and false otherwise.
+ */
+int RECORD_LAYER_is_sslv2_record(RECORD_LAYER *rl)
+{
+    return SSL3_RECORD_is_sslv2_record(&rl->rrec[0]);
+}
+
+/*
+ * Returns the length in bytes of the current rrec
+ */
+size_t RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl)
+{
+    return SSL3_RECORD_get_length(&rl->rrec[0]);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/record/record.h b/trunk/3rdparty/openssl-1.1-fit/ssl/record/record.h
new file mode 100644
index 000000000..af56206e0
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/record/record.h
@@ -0,0 +1,236 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*****************************************************************************
+ *                                                                           *
+ * These structures should be considered PRIVATE to the record layer. No     *
+ * non-record layer code should be using these structures in any way.        *
+ *                                                                           *
+ *****************************************************************************/
+
+typedef struct ssl3_buffer_st {
+    /* at least SSL3_RT_MAX_PACKET_SIZE bytes, see ssl3_setup_buffers() */
+    unsigned char *buf;
+    /* default buffer size (or 0 if no default set) */
+    size_t default_len;
+    /* buffer size */
+    size_t len;
+    /* where to 'copy from' */
+    size_t offset;
+    /* how many bytes left */
+    size_t left;
+} SSL3_BUFFER;
+
+#define SEQ_NUM_SIZE                            8
+
+typedef struct ssl3_record_st {
+    /* Record layer version */
+    /* r */
+    int rec_version;
+    /* type of record */
+    /* r */
+    int type;
+    /* How many bytes available */
+    /* rw */
+    size_t length;
+    /*
+     * How many bytes were available before padding was removed? This is used
+     * to implement the MAC check in constant time for CBC records.
+     */
+    /* rw */
+    size_t orig_len;
+    /* read/write offset into 'buf' */
+    /* r */
+    size_t off;
+    /* pointer to the record data */
+    /* rw */
+    unsigned char *data;
+    /* where the decode bytes are */
+    /* rw */
+    unsigned char *input;
+    /* only used with decompression - malloc()ed */
+    /* r */
+    unsigned char *comp;
+    /* Whether the data from this record has already been read or not */
+    /* r */
+    unsigned int read;
+    /* epoch number, needed by DTLS1 */
+    /* r */
+    unsigned long epoch;
+    /* sequence number, needed by DTLS1 */
+    /* r */
+    unsigned char seq_num[SEQ_NUM_SIZE];
+} SSL3_RECORD;
+
+typedef struct dtls1_bitmap_st {
+    /* Track 32 packets on 32-bit systems and 64 - on 64-bit systems */
+    unsigned long map;
+    /* Max record number seen so far, 64-bit value in big-endian encoding */
+    unsigned char max_seq_num[SEQ_NUM_SIZE];
+} DTLS1_BITMAP;
+
+typedef struct record_pqueue_st {
+    unsigned short epoch;
+    struct pqueue_st *q;
+} record_pqueue;
+
+typedef struct dtls1_record_data_st {
+    unsigned char *packet;
+    size_t packet_length;
+    SSL3_BUFFER rbuf;
+    SSL3_RECORD rrec;
+#ifndef OPENSSL_NO_SCTP
+    struct bio_dgram_sctp_rcvinfo recordinfo;
+#endif
+} DTLS1_RECORD_DATA;
+
+typedef struct dtls_record_layer_st {
+    /*
+     * The current data and handshake epoch.  This is initially
+     * undefined, and starts at zero once the initial handshake is
+     * completed
+     */
+    unsigned short r_epoch;
+    unsigned short w_epoch;
+    /* records being received in the current epoch */
+    DTLS1_BITMAP bitmap;
+    /* renegotiation starts a new set of sequence numbers */
+    DTLS1_BITMAP next_bitmap;
+    /* Received handshake records (processed and unprocessed) */
+    record_pqueue unprocessed_rcds;
+    record_pqueue processed_rcds;
+    /*
+     * Buffered application records. Only for records between CCS and
+     * Finished to prevent either protocol violation or unnecessary message
+     * loss.
+     */
+    record_pqueue buffered_app_data;
+    /* save last and current sequence numbers for retransmissions */
+    unsigned char last_write_sequence[8];
+    unsigned char curr_write_sequence[8];
+} DTLS_RECORD_LAYER;
+
+/*****************************************************************************
+ *                                                                           *
+ * This structure should be considered "opaque" to anything outside of the   *
+ * record layer. No non-record layer code should be accessing the members of *
+ * this structure.                                                           *
+ *                                                                           *
+ *****************************************************************************/
+
+typedef struct record_layer_st {
+    /* The parent SSL structure */
+    SSL *s;
+    /*
+     * Read as many input bytes as possible (for
+     * non-blocking reads)
+     */
+    int read_ahead;
+    /* where we are when reading */
+    int rstate;
+    /* How many pipelines can be used to read data */
+    size_t numrpipes;
+    /* How many pipelines can be used to write data */
+    size_t numwpipes;
+    /* read IO goes into here */
+    SSL3_BUFFER rbuf;
+    /* write IO goes into here */
+    SSL3_BUFFER wbuf[SSL_MAX_PIPELINES];
+    /* each decoded record goes in here */
+    SSL3_RECORD rrec[SSL_MAX_PIPELINES];
+    /* used internally to point at a raw packet */
+    unsigned char *packet;
+    size_t packet_length;
+    /* number of bytes sent so far */
+    size_t wnum;
+    unsigned char handshake_fragment[4];
+    size_t handshake_fragment_len;
+    /* The number of consecutive empty records we have received */
+    size_t empty_record_count;
+    /* partial write - check the numbers match */
+    /* number bytes written */
+    size_t wpend_tot;
+    int wpend_type;
+    /* number of bytes submitted */
+    size_t wpend_ret;
+    const unsigned char *wpend_buf;
+    unsigned char read_sequence[SEQ_NUM_SIZE];
+    unsigned char write_sequence[SEQ_NUM_SIZE];
+    /* Set to true if this is the first record in a connection */
+    unsigned int is_first_record;
+    /* Count of the number of consecutive warning alerts received */
+    unsigned int alert_count;
+    DTLS_RECORD_LAYER *d;
+} RECORD_LAYER;
+
+/*****************************************************************************
+ *                                                                           *
+ * The following macros/functions represent the libssl internal API to the   *
+ * record layer. Any libssl code may call these functions/macros             *
+ *                                                                           *
+ *****************************************************************************/
+
+#define MIN_SSL2_RECORD_LEN     9
+
+#define RECORD_LAYER_set_read_ahead(rl, ra)     ((rl)->read_ahead = (ra))
+#define RECORD_LAYER_get_read_ahead(rl)         ((rl)->read_ahead)
+#define RECORD_LAYER_get_packet(rl)             ((rl)->packet)
+#define RECORD_LAYER_get_packet_length(rl)      ((rl)->packet_length)
+#define RECORD_LAYER_add_packet_length(rl, inc) ((rl)->packet_length += (inc))
+#define DTLS_RECORD_LAYER_get_w_epoch(rl)       ((rl)->d->w_epoch)
+#define DTLS_RECORD_LAYER_get_processed_rcds(rl) \
+                                                ((rl)->d->processed_rcds)
+#define DTLS_RECORD_LAYER_get_unprocessed_rcds(rl) \
+                                                ((rl)->d->unprocessed_rcds)
+#define RECORD_LAYER_get_rbuf(rl)               (&(rl)->rbuf)
+#define RECORD_LAYER_get_wbuf(rl)               ((rl)->wbuf)
+
+void RECORD_LAYER_init(RECORD_LAYER *rl, SSL *s);
+void RECORD_LAYER_clear(RECORD_LAYER *rl);
+void RECORD_LAYER_release(RECORD_LAYER *rl);
+int RECORD_LAYER_read_pending(const RECORD_LAYER *rl);
+int RECORD_LAYER_processed_read_pending(const RECORD_LAYER *rl);
+int RECORD_LAYER_write_pending(const RECORD_LAYER *rl);
+void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl);
+void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl);
+int RECORD_LAYER_is_sslv2_record(RECORD_LAYER *rl);
+size_t RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl);
+__owur size_t ssl3_pending(const SSL *s);
+__owur int ssl3_write_bytes(SSL *s, int type, const void *buf, size_t len,
+                            size_t *written);
+int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
+                  size_t *pipelens, size_t numpipes,
+                  int create_empty_fragment, size_t *written);
+__owur int ssl3_read_bytes(SSL *s, int type, int *recvd_type,
+                           unsigned char *buf, size_t len, int peek,
+                           size_t *readbytes);
+__owur int ssl3_setup_buffers(SSL *s);
+__owur int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int send);
+__owur int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send);
+__owur int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, size_t len,
+                              size_t *written);
+__owur int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int send);
+__owur int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send);
+__owur int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int send);
+int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl);
+void DTLS_RECORD_LAYER_free(RECORD_LAYER *rl);
+void DTLS_RECORD_LAYER_clear(RECORD_LAYER *rl);
+void DTLS_RECORD_LAYER_set_saved_w_epoch(RECORD_LAYER *rl, unsigned short e);
+void DTLS_RECORD_LAYER_clear(RECORD_LAYER *rl);
+void DTLS_RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, unsigned char *seq);
+__owur int dtls1_read_bytes(SSL *s, int type, int *recvd_type,
+                            unsigned char *buf, size_t len, int peek,
+                            size_t *readbytes);
+__owur int dtls1_write_bytes(SSL *s, int type, const void *buf, size_t len,
+                             size_t *written);
+int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
+                   size_t len, int create_empty_fragment, size_t *written);
+void dtls1_reset_seq_numbers(SSL *s, int rw);
+int dtls_buffer_listen_record(SSL *s, size_t len, unsigned char *seq,
+                              size_t off);
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/record/record_locl.h b/trunk/3rdparty/openssl-1.1-fit/ssl/record/record_locl.h
new file mode 100644
index 000000000..5e8dd7f70
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/record/record_locl.h
@@ -0,0 +1,116 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*****************************************************************************
+ *                                                                           *
+ * The following macros/functions are PRIVATE to the record layer. They      *
+ * should NOT be used outside of the record layer.                           *
+ *                                                                           *
+ *****************************************************************************/
+
+#define MAX_WARN_ALERT_COUNT    5
+
+/* Functions/macros provided by the RECORD_LAYER component */
+
+#define RECORD_LAYER_get_rrec(rl)               ((rl)->rrec)
+#define RECORD_LAYER_set_packet(rl, p)          ((rl)->packet = (p))
+#define RECORD_LAYER_reset_packet_length(rl)    ((rl)->packet_length = 0)
+#define RECORD_LAYER_get_rstate(rl)             ((rl)->rstate)
+#define RECORD_LAYER_set_rstate(rl, st)         ((rl)->rstate = (st))
+#define RECORD_LAYER_get_read_sequence(rl)      ((rl)->read_sequence)
+#define RECORD_LAYER_get_write_sequence(rl)     ((rl)->write_sequence)
+#define RECORD_LAYER_get_numrpipes(rl)          ((rl)->numrpipes)
+#define RECORD_LAYER_set_numrpipes(rl, n)       ((rl)->numrpipes = (n))
+#define RECORD_LAYER_inc_empty_record_count(rl) ((rl)->empty_record_count++)
+#define RECORD_LAYER_reset_empty_record_count(rl) \
+                                                ((rl)->empty_record_count = 0)
+#define RECORD_LAYER_get_empty_record_count(rl) ((rl)->empty_record_count)
+#define RECORD_LAYER_is_first_record(rl)        ((rl)->is_first_record)
+#define RECORD_LAYER_set_first_record(rl)       ((rl)->is_first_record = 1)
+#define RECORD_LAYER_clear_first_record(rl)     ((rl)->is_first_record = 0)
+#define DTLS_RECORD_LAYER_get_r_epoch(rl)       ((rl)->d->r_epoch)
+
+__owur int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold,
+                       size_t *readbytes);
+
+DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,
+                               unsigned int *is_next_epoch);
+int dtls1_process_buffered_records(SSL *s);
+int dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue);
+int dtls1_buffer_record(SSL *s, record_pqueue *q, unsigned char *priority);
+void ssl3_record_sequence_update(unsigned char *seq);
+
+/* Functions provided by the DTLS1_BITMAP component */
+
+int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap);
+void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap);
+
+/* Macros/functions provided by the SSL3_BUFFER component */
+
+#define SSL3_BUFFER_get_buf(b)              ((b)->buf)
+#define SSL3_BUFFER_set_buf(b, n)           ((b)->buf = (n))
+#define SSL3_BUFFER_get_len(b)              ((b)->len)
+#define SSL3_BUFFER_set_len(b, l)           ((b)->len = (l))
+#define SSL3_BUFFER_get_left(b)             ((b)->left)
+#define SSL3_BUFFER_set_left(b, l)          ((b)->left = (l))
+#define SSL3_BUFFER_sub_left(b, l)          ((b)->left -= (l))
+#define SSL3_BUFFER_get_offset(b)           ((b)->offset)
+#define SSL3_BUFFER_set_offset(b, o)        ((b)->offset = (o))
+#define SSL3_BUFFER_add_offset(b, o)        ((b)->offset += (o))
+#define SSL3_BUFFER_is_initialised(b)       ((b)->buf != NULL)
+#define SSL3_BUFFER_set_default_len(b, l)   ((b)->default_len = (l))
+
+void SSL3_BUFFER_clear(SSL3_BUFFER *b);
+void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, size_t n);
+void SSL3_BUFFER_release(SSL3_BUFFER *b);
+__owur int ssl3_setup_read_buffer(SSL *s);
+__owur int ssl3_setup_write_buffer(SSL *s, size_t numwpipes, size_t len);
+int ssl3_release_read_buffer(SSL *s);
+int ssl3_release_write_buffer(SSL *s);
+
+/* Macros/functions provided by the SSL3_RECORD component */
+
+#define SSL3_RECORD_get_type(r)                 ((r)->type)
+#define SSL3_RECORD_set_type(r, t)              ((r)->type = (t))
+#define SSL3_RECORD_set_rec_version(r, v)       ((r)->rec_version = (v))
+#define SSL3_RECORD_get_length(r)               ((r)->length)
+#define SSL3_RECORD_set_length(r, l)            ((r)->length = (l))
+#define SSL3_RECORD_add_length(r, l)            ((r)->length += (l))
+#define SSL3_RECORD_sub_length(r, l)            ((r)->length -= (l))
+#define SSL3_RECORD_get_data(r)                 ((r)->data)
+#define SSL3_RECORD_set_data(r, d)              ((r)->data = (d))
+#define SSL3_RECORD_get_input(r)                ((r)->input)
+#define SSL3_RECORD_set_input(r, i)             ((r)->input = (i))
+#define SSL3_RECORD_reset_input(r)              ((r)->input = (r)->data)
+#define SSL3_RECORD_get_seq_num(r)              ((r)->seq_num)
+#define SSL3_RECORD_get_off(r)                  ((r)->off)
+#define SSL3_RECORD_set_off(r, o)               ((r)->off = (o))
+#define SSL3_RECORD_add_off(r, o)               ((r)->off += (o))
+#define SSL3_RECORD_get_epoch(r)                ((r)->epoch)
+#define SSL3_RECORD_is_sslv2_record(r) \
+            ((r)->rec_version == SSL2_VERSION)
+#define SSL3_RECORD_is_read(r)                  ((r)->read)
+#define SSL3_RECORD_set_read(r)                 ((r)->read = 1)
+
+void SSL3_RECORD_clear(SSL3_RECORD *r, size_t);
+void SSL3_RECORD_release(SSL3_RECORD *r, size_t num_recs);
+void SSL3_RECORD_set_seq_num(SSL3_RECORD *r, const unsigned char *seq_num);
+int ssl3_get_record(SSL *s);
+__owur int ssl3_do_compress(SSL *ssl, SSL3_RECORD *wr);
+__owur int ssl3_do_uncompress(SSL *ssl, SSL3_RECORD *rr);
+int ssl3_cbc_copy_mac(unsigned char *out,
+                       const SSL3_RECORD *rec, size_t md_size);
+__owur int ssl3_cbc_remove_padding(SSL3_RECORD *rec,
+                                   size_t block_size, size_t mac_size);
+__owur int tls1_cbc_remove_padding(const SSL *s,
+                                   SSL3_RECORD *rec,
+                                   size_t block_size, size_t mac_size);
+int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap);
+__owur int dtls1_get_record(SSL *s);
+int early_data_count_ok(SSL *s, size_t length, size_t overhead, int send);
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/record/ssl3_buffer.c b/trunk/3rdparty/openssl-1.1-fit/ssl/record/ssl3_buffer.c
new file mode 100644
index 000000000..53bd4cb19
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/record/ssl3_buffer.c
@@ -0,0 +1,179 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "../ssl_locl.h"
+#include "record_locl.h"
+
+void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, size_t n)
+{
+    if (d != NULL)
+        memcpy(b->buf, d, n);
+    b->left = n;
+    b->offset = 0;
+}
+
+/*
+ * Clear the contents of an SSL3_BUFFER but retain any memory allocated. Also
+ * retains the default_len setting
+ */
+void SSL3_BUFFER_clear(SSL3_BUFFER *b)
+{
+    b->offset = 0;
+    b->left = 0;
+}
+
+void SSL3_BUFFER_release(SSL3_BUFFER *b)
+{
+    OPENSSL_free(b->buf);
+    b->buf = NULL;
+}
+
+int ssl3_setup_read_buffer(SSL *s)
+{
+    unsigned char *p;
+    size_t len, align = 0, headerlen;
+    SSL3_BUFFER *b;
+
+    b = RECORD_LAYER_get_rbuf(&s->rlayer);
+
+    if (SSL_IS_DTLS(s))
+        headerlen = DTLS1_RT_HEADER_LENGTH;
+    else
+        headerlen = SSL3_RT_HEADER_LENGTH;
+
+#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
+    align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1);
+#endif
+
+    if (b->buf == NULL) {
+        len = SSL3_RT_MAX_PLAIN_LENGTH
+            + SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
+#ifndef OPENSSL_NO_COMP
+        if (ssl_allow_compression(s))
+            len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
+#endif
+        if (b->default_len > len)
+            len = b->default_len;
+        if ((p = OPENSSL_malloc(len)) == NULL) {
+            /*
+             * We've got a malloc failure, and we're still initialising buffers.
+             * We assume we're so doomed that we won't even be able to send an
+             * alert.
+             */
+            SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_SETUP_READ_BUFFER,
+                     ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        b->buf = p;
+        b->len = len;
+    }
+
+    RECORD_LAYER_set_packet(&s->rlayer, &(b->buf[0]));
+    return 1;
+}
+
+int ssl3_setup_write_buffer(SSL *s, size_t numwpipes, size_t len)
+{
+    unsigned char *p;
+    size_t align = 0, headerlen;
+    SSL3_BUFFER *wb;
+    size_t currpipe;
+
+    s->rlayer.numwpipes = numwpipes;
+
+    if (len == 0) {
+        if (SSL_IS_DTLS(s))
+            headerlen = DTLS1_RT_HEADER_LENGTH + 1;
+        else
+            headerlen = SSL3_RT_HEADER_LENGTH;
+
+#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
+        align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1);
+#endif
+
+        len = ssl_get_max_send_fragment(s)
+            + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
+#ifndef OPENSSL_NO_COMP
+        if (ssl_allow_compression(s))
+            len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
+#endif
+        if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
+            len += headerlen + align + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
+    }
+
+    wb = RECORD_LAYER_get_wbuf(&s->rlayer);
+    for (currpipe = 0; currpipe < numwpipes; currpipe++) {
+        SSL3_BUFFER *thiswb = &wb[currpipe];
+
+        if (thiswb->buf != NULL && thiswb->len != len) {
+            OPENSSL_free(thiswb->buf);
+            thiswb->buf = NULL;         /* force reallocation */
+        }
+
+        if (thiswb->buf == NULL) {
+            p = OPENSSL_malloc(len);
+            if (p == NULL) {
+                s->rlayer.numwpipes = currpipe;
+                /*
+                 * We've got a malloc failure, and we're still initialising
+                 * buffers. We assume we're so doomed that we won't even be able
+                 * to send an alert.
+                 */
+                SSLfatal(s, SSL_AD_NO_ALERT,
+                         SSL_F_SSL3_SETUP_WRITE_BUFFER, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+            memset(thiswb, 0, sizeof(SSL3_BUFFER));
+            thiswb->buf = p;
+            thiswb->len = len;
+        }
+    }
+
+    return 1;
+}
+
+int ssl3_setup_buffers(SSL *s)
+{
+    if (!ssl3_setup_read_buffer(s)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+    if (!ssl3_setup_write_buffer(s, 1, 0)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+    return 1;
+}
+
+int ssl3_release_write_buffer(SSL *s)
+{
+    SSL3_BUFFER *wb;
+    size_t pipes;
+
+    pipes = s->rlayer.numwpipes;
+    while (pipes > 0) {
+        wb = &RECORD_LAYER_get_wbuf(&s->rlayer)[pipes - 1];
+
+        OPENSSL_free(wb->buf);
+        wb->buf = NULL;
+        pipes--;
+    }
+    s->rlayer.numwpipes = 0;
+    return 1;
+}
+
+int ssl3_release_read_buffer(SSL *s)
+{
+    SSL3_BUFFER *b;
+
+    b = RECORD_LAYER_get_rbuf(&s->rlayer);
+    OPENSSL_free(b->buf);
+    b->buf = NULL;
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/record/ssl3_record.c b/trunk/3rdparty/openssl-1.1-fit/ssl/record/ssl3_record.c
new file mode 100644
index 000000000..e59ac5a67
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/record/ssl3_record.c
@@ -0,0 +1,2057 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "../ssl_locl.h"
+#include "internal/constant_time_locl.h"
+#include <openssl/rand.h>
+#include "record_locl.h"
+#include "internal/cryptlib.h"
+
+static const unsigned char ssl3_pad_1[48] = {
+    0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+    0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+    0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+    0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+    0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+    0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36
+};
+
+static const unsigned char ssl3_pad_2[48] = {
+    0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+    0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+    0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+    0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+    0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+    0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c
+};
+
+/*
+ * Clear the contents of an SSL3_RECORD but retain any memory allocated
+ */
+void SSL3_RECORD_clear(SSL3_RECORD *r, size_t num_recs)
+{
+    unsigned char *comp;
+    size_t i;
+
+    for (i = 0; i < num_recs; i++) {
+        comp = r[i].comp;
+
+        memset(&r[i], 0, sizeof(*r));
+        r[i].comp = comp;
+    }
+}
+
+void SSL3_RECORD_release(SSL3_RECORD *r, size_t num_recs)
+{
+    size_t i;
+
+    for (i = 0; i < num_recs; i++) {
+        OPENSSL_free(r[i].comp);
+        r[i].comp = NULL;
+    }
+}
+
+void SSL3_RECORD_set_seq_num(SSL3_RECORD *r, const unsigned char *seq_num)
+{
+    memcpy(r->seq_num, seq_num, SEQ_NUM_SIZE);
+}
+
+/*
+ * Peeks ahead into "read_ahead" data to see if we have a whole record waiting
+ * for us in the buffer.
+ */
+static int ssl3_record_app_data_waiting(SSL *s)
+{
+    SSL3_BUFFER *rbuf;
+    size_t left, len;
+    unsigned char *p;
+
+    rbuf = RECORD_LAYER_get_rbuf(&s->rlayer);
+
+    p = SSL3_BUFFER_get_buf(rbuf);
+    if (p == NULL)
+        return 0;
+
+    left = SSL3_BUFFER_get_left(rbuf);
+
+    if (left < SSL3_RT_HEADER_LENGTH)
+        return 0;
+
+    p += SSL3_BUFFER_get_offset(rbuf);
+
+    /*
+     * We only check the type and record length, we will sanity check version
+     * etc later
+     */
+    if (*p != SSL3_RT_APPLICATION_DATA)
+        return 0;
+
+    p += 3;
+    n2s(p, len);
+
+    if (left < SSL3_RT_HEADER_LENGTH + len)
+        return 0;
+
+    return 1;
+}
+
+int early_data_count_ok(SSL *s, size_t length, size_t overhead, int send)
+{
+    uint32_t max_early_data;
+    SSL_SESSION *sess = s->session;
+
+    /*
+     * If we are a client then we always use the max_early_data from the
+     * session/psksession. Otherwise we go with the lowest out of the max early
+     * data set in the session and the configured max_early_data.
+     */
+    if (!s->server && sess->ext.max_early_data == 0) {
+        if (!ossl_assert(s->psksession != NULL
+                         && s->psksession->ext.max_early_data > 0)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_EARLY_DATA_COUNT_OK,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+        sess = s->psksession;
+    }
+
+    if (!s->server)
+        max_early_data = sess->ext.max_early_data;
+    else if (s->ext.early_data != SSL_EARLY_DATA_ACCEPTED)
+        max_early_data = s->recv_max_early_data;
+    else
+        max_early_data = s->recv_max_early_data < sess->ext.max_early_data
+                         ? s->recv_max_early_data : sess->ext.max_early_data;
+
+    if (max_early_data == 0) {
+        SSLfatal(s, send ? SSL_AD_INTERNAL_ERROR : SSL_AD_UNEXPECTED_MESSAGE,
+                 SSL_F_EARLY_DATA_COUNT_OK, SSL_R_TOO_MUCH_EARLY_DATA);
+        return 0;
+    }
+
+    /* If we are dealing with ciphertext we need to allow for the overhead */
+    max_early_data += overhead;
+
+    if (s->early_data_count + length > max_early_data) {
+        SSLfatal(s, send ? SSL_AD_INTERNAL_ERROR : SSL_AD_UNEXPECTED_MESSAGE,
+                 SSL_F_EARLY_DATA_COUNT_OK, SSL_R_TOO_MUCH_EARLY_DATA);
+        return 0;
+    }
+    s->early_data_count += length;
+
+    return 1;
+}
+
+/*
+ * MAX_EMPTY_RECORDS defines the number of consecutive, empty records that
+ * will be processed per call to ssl3_get_record. Without this limit an
+ * attacker could send empty records at a faster rate than we can process and
+ * cause ssl3_get_record to loop forever.
+ */
+#define MAX_EMPTY_RECORDS 32
+
+#define SSL2_RT_HEADER_LENGTH   2
+/*-
+ * Call this to get new input records.
+ * It will return <= 0 if more data is needed, normally due to an error
+ * or non-blocking IO.
+ * When it finishes, |numrpipes| records have been decoded. For each record 'i':
+ * rr[i].type    - is the type of record
+ * rr[i].data,   - data
+ * rr[i].length, - number of bytes
+ * Multiple records will only be returned if the record types are all
+ * SSL3_RT_APPLICATION_DATA. The number of records returned will always be <=
+ * |max_pipelines|
+ */
+/* used only by ssl3_read_bytes */
+int ssl3_get_record(SSL *s)
+{
+    int enc_err, rret;
+    int i;
+    size_t more, n;
+    SSL3_RECORD *rr, *thisrr;
+    SSL3_BUFFER *rbuf;
+    SSL_SESSION *sess;
+    unsigned char *p;
+    unsigned char md[EVP_MAX_MD_SIZE];
+    unsigned int version;
+    size_t mac_size;
+    int imac_size;
+    size_t num_recs = 0, max_recs, j;
+    PACKET pkt, sslv2pkt;
+    size_t first_rec_len;
+
+    rr = RECORD_LAYER_get_rrec(&s->rlayer);
+    rbuf = RECORD_LAYER_get_rbuf(&s->rlayer);
+    max_recs = s->max_pipelines;
+    if (max_recs == 0)
+        max_recs = 1;
+    sess = s->session;
+
+    do {
+        thisrr = &rr[num_recs];
+
+        /* check if we have the header */
+        if ((RECORD_LAYER_get_rstate(&s->rlayer) != SSL_ST_READ_BODY) ||
+            (RECORD_LAYER_get_packet_length(&s->rlayer)
+             < SSL3_RT_HEADER_LENGTH)) {
+            size_t sslv2len;
+            unsigned int type;
+
+            rret = ssl3_read_n(s, SSL3_RT_HEADER_LENGTH,
+                               SSL3_BUFFER_get_len(rbuf), 0,
+                               num_recs == 0 ? 1 : 0, &n);
+            if (rret <= 0)
+                return rret;     /* error or non-blocking */
+            RECORD_LAYER_set_rstate(&s->rlayer, SSL_ST_READ_BODY);
+
+            p = RECORD_LAYER_get_packet(&s->rlayer);
+            if (!PACKET_buf_init(&pkt, RECORD_LAYER_get_packet(&s->rlayer),
+                                 RECORD_LAYER_get_packet_length(&s->rlayer))) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GET_RECORD,
+                         ERR_R_INTERNAL_ERROR);
+                return -1;
+            }
+            sslv2pkt = pkt;
+            if (!PACKET_get_net_2_len(&sslv2pkt, &sslv2len)
+                    || !PACKET_get_1(&sslv2pkt, &type)) {
+                SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL3_GET_RECORD,
+                         ERR_R_INTERNAL_ERROR);
+                return -1;
+            }
+            /*
+             * The first record received by the server may be a V2ClientHello.
+             */
+            if (s->server && RECORD_LAYER_is_first_record(&s->rlayer)
+                    && (sslv2len & 0x8000) != 0
+                    && (type == SSL2_MT_CLIENT_HELLO)) {
+                /*
+                 *  SSLv2 style record
+                 *
+                 * |num_recs| here will actually always be 0 because
+                 * |num_recs > 0| only ever occurs when we are processing
+                 * multiple app data records - which we know isn't the case here
+                 * because it is an SSLv2ClientHello. We keep it using
+                 * |num_recs| for the sake of consistency
+                 */
+                thisrr->type = SSL3_RT_HANDSHAKE;
+                thisrr->rec_version = SSL2_VERSION;
+
+                thisrr->length = sslv2len & 0x7fff;
+
+                if (thisrr->length > SSL3_BUFFER_get_len(rbuf)
+                    - SSL2_RT_HEADER_LENGTH) {
+                    SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_SSL3_GET_RECORD,
+                             SSL_R_PACKET_LENGTH_TOO_LONG);
+                    return -1;
+                }
+
+                if (thisrr->length < MIN_SSL2_RECORD_LEN) {
+                    SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL3_GET_RECORD,
+                             SSL_R_LENGTH_TOO_SHORT);
+                    return -1;
+                }
+            } else {
+                /* SSLv3+ style record */
+                if (s->msg_callback)
+                    s->msg_callback(0, 0, SSL3_RT_HEADER, p, 5, s,
+                                    s->msg_callback_arg);
+
+                /* Pull apart the header into the SSL3_RECORD */
+                if (!PACKET_get_1(&pkt, &type)
+                        || !PACKET_get_net_2(&pkt, &version)
+                        || !PACKET_get_net_2_len(&pkt, &thisrr->length)) {
+                    SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL3_GET_RECORD,
+                             ERR_R_INTERNAL_ERROR);
+                    return -1;
+                }
+                thisrr->type = type;
+                thisrr->rec_version = version;
+
+                /*
+                 * Lets check version. In TLSv1.3 we only check this field
+                 * when encryption is occurring (see later check). For the
+                 * ServerHello after an HRR we haven't actually selected TLSv1.3
+                 * yet, but we still treat it as TLSv1.3, so we must check for
+                 * that explicitly
+                 */
+                if (!s->first_packet && !SSL_IS_TLS13(s)
+                        && s->hello_retry_request != SSL_HRR_PENDING
+                        && version != (unsigned int)s->version) {
+                    if ((s->version & 0xFF00) == (version & 0xFF00)
+                        && !s->enc_write_ctx && !s->write_hash) {
+                        if (thisrr->type == SSL3_RT_ALERT) {
+                            /*
+                             * The record is using an incorrect version number,
+                             * but what we've got appears to be an alert. We
+                             * haven't read the body yet to check whether its a
+                             * fatal or not - but chances are it is. We probably
+                             * shouldn't send a fatal alert back. We'll just
+                             * end.
+                             */
+                            SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_GET_RECORD,
+                                     SSL_R_WRONG_VERSION_NUMBER);
+                            return -1;
+                        }
+                        /*
+                         * Send back error using their minor version number :-)
+                         */
+                        s->version = (unsigned short)version;
+                    }
+                    SSLfatal(s, SSL_AD_PROTOCOL_VERSION, SSL_F_SSL3_GET_RECORD,
+                             SSL_R_WRONG_VERSION_NUMBER);
+                    return -1;
+                }
+
+                if ((version >> 8) != SSL3_VERSION_MAJOR) {
+                    if (RECORD_LAYER_is_first_record(&s->rlayer)) {
+                        /* Go back to start of packet, look at the five bytes
+                         * that we have. */
+                        p = RECORD_LAYER_get_packet(&s->rlayer);
+                        if (strncmp((char *)p, "GET ", 4) == 0 ||
+                            strncmp((char *)p, "POST ", 5) == 0 ||
+                            strncmp((char *)p, "HEAD ", 5) == 0 ||
+                            strncmp((char *)p, "PUT ", 4) == 0) {
+                            SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_GET_RECORD,
+                                     SSL_R_HTTP_REQUEST);
+                            return -1;
+                        } else if (strncmp((char *)p, "CONNE", 5) == 0) {
+                            SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_GET_RECORD,
+                                     SSL_R_HTTPS_PROXY_REQUEST);
+                            return -1;
+                        }
+
+                        /* Doesn't look like TLS - don't send an alert */
+                        SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_GET_RECORD,
+                                 SSL_R_WRONG_VERSION_NUMBER);
+                        return -1;
+                    } else {
+                        SSLfatal(s, SSL_AD_PROTOCOL_VERSION,
+                                 SSL_F_SSL3_GET_RECORD,
+                                 SSL_R_WRONG_VERSION_NUMBER);
+                        return -1;
+                    }
+                }
+
+                if (SSL_IS_TLS13(s) && s->enc_read_ctx != NULL) {
+                    if (thisrr->type != SSL3_RT_APPLICATION_DATA
+                            && (thisrr->type != SSL3_RT_CHANGE_CIPHER_SPEC
+                                || !SSL_IS_FIRST_HANDSHAKE(s))
+                            && (thisrr->type != SSL3_RT_ALERT
+                                || s->statem.enc_read_state
+                                   != ENC_READ_STATE_ALLOW_PLAIN_ALERTS)) {
+                        SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
+                                 SSL_F_SSL3_GET_RECORD, SSL_R_BAD_RECORD_TYPE);
+                        return -1;
+                    }
+                    if (thisrr->rec_version != TLS1_2_VERSION) {
+                        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL3_GET_RECORD,
+                                 SSL_R_WRONG_VERSION_NUMBER);
+                        return -1;
+                    }
+                }
+
+                if (thisrr->length >
+                    SSL3_BUFFER_get_len(rbuf) - SSL3_RT_HEADER_LENGTH) {
+                    SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_SSL3_GET_RECORD,
+                             SSL_R_PACKET_LENGTH_TOO_LONG);
+                    return -1;
+                }
+            }
+
+            /* now s->rlayer.rstate == SSL_ST_READ_BODY */
+        }
+
+        if (SSL_IS_TLS13(s)) {
+            if (thisrr->length > SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH) {
+                SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_SSL3_GET_RECORD,
+                         SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
+                return -1;
+            }
+        } else {
+            size_t len = SSL3_RT_MAX_ENCRYPTED_LENGTH;
+
+#ifndef OPENSSL_NO_COMP
+            /*
+             * If OPENSSL_NO_COMP is defined then SSL3_RT_MAX_ENCRYPTED_LENGTH
+             * does not include the compression overhead anyway.
+             */
+            if (s->expand == NULL)
+                len -= SSL3_RT_MAX_COMPRESSED_OVERHEAD;
+#endif
+
+            if (thisrr->length > len) {
+                SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_SSL3_GET_RECORD,
+                         SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
+                return -1;
+            }
+        }
+
+        /*
+         * s->rlayer.rstate == SSL_ST_READ_BODY, get and decode the data.
+         * Calculate how much more data we need to read for the rest of the
+         * record
+         */
+        if (thisrr->rec_version == SSL2_VERSION) {
+            more = thisrr->length + SSL2_RT_HEADER_LENGTH
+                - SSL3_RT_HEADER_LENGTH;
+        } else {
+            more = thisrr->length;
+        }
+        if (more > 0) {
+            /* now s->packet_length == SSL3_RT_HEADER_LENGTH */
+
+            rret = ssl3_read_n(s, more, more, 1, 0, &n);
+            if (rret <= 0)
+                return rret;     /* error or non-blocking io */
+        }
+
+        /* set state for later operations */
+        RECORD_LAYER_set_rstate(&s->rlayer, SSL_ST_READ_HEADER);
+
+        /*
+         * At this point, s->packet_length == SSL3_RT_HEADER_LENGTH
+         * + thisrr->length, or s->packet_length == SSL2_RT_HEADER_LENGTH
+         * + thisrr->length and we have that many bytes in s->packet
+         */
+        if (thisrr->rec_version == SSL2_VERSION) {
+            thisrr->input =
+                &(RECORD_LAYER_get_packet(&s->rlayer)[SSL2_RT_HEADER_LENGTH]);
+        } else {
+            thisrr->input =
+                &(RECORD_LAYER_get_packet(&s->rlayer)[SSL3_RT_HEADER_LENGTH]);
+        }
+
+        /*
+         * ok, we can now read from 's->packet' data into 'thisrr' thisrr->input
+         * points at thisrr->length bytes, which need to be copied into
+         * thisrr->data by either the decryption or by the decompression When
+         * the data is 'copied' into the thisrr->data buffer, thisrr->input will
+         * be pointed at the new buffer
+         */
+
+        /*
+         * We now have - encrypted [ MAC [ compressed [ plain ] ] ]
+         * thisrr->length bytes of encrypted compressed stuff.
+         */
+
+        /* decrypt in place in 'thisrr->input' */
+        thisrr->data = thisrr->input;
+        thisrr->orig_len = thisrr->length;
+
+        /* Mark this record as not read by upper layers yet */
+        thisrr->read = 0;
+
+        num_recs++;
+
+        /* we have pulled in a full packet so zero things */
+        RECORD_LAYER_reset_packet_length(&s->rlayer);
+        RECORD_LAYER_clear_first_record(&s->rlayer);
+    } while (num_recs < max_recs
+             && thisrr->type == SSL3_RT_APPLICATION_DATA
+             && SSL_USE_EXPLICIT_IV(s)
+             && s->enc_read_ctx != NULL
+             && (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_read_ctx))
+                 & EVP_CIPH_FLAG_PIPELINE)
+             && ssl3_record_app_data_waiting(s));
+
+    if (num_recs == 1
+            && thisrr->type == SSL3_RT_CHANGE_CIPHER_SPEC
+            && (SSL_IS_TLS13(s) || s->hello_retry_request != SSL_HRR_NONE)
+            && SSL_IS_FIRST_HANDSHAKE(s)) {
+        /*
+         * CCS messages must be exactly 1 byte long, containing the value 0x01
+         */
+        if (thisrr->length != 1 || thisrr->data[0] != 0x01) {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SSL3_GET_RECORD,
+                     SSL_R_INVALID_CCS_MESSAGE);
+            return -1;
+        }
+        /*
+         * CCS messages are ignored in TLSv1.3. We treat it like an empty
+         * handshake record
+         */
+        thisrr->type = SSL3_RT_HANDSHAKE;
+        RECORD_LAYER_inc_empty_record_count(&s->rlayer);
+        if (RECORD_LAYER_get_empty_record_count(&s->rlayer)
+            > MAX_EMPTY_RECORDS) {
+            SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_GET_RECORD,
+                     SSL_R_UNEXPECTED_CCS_MESSAGE);
+            return -1;
+        }
+        thisrr->read = 1;
+        RECORD_LAYER_set_numrpipes(&s->rlayer, 1);
+
+        return 1;
+    }
+
+    /*
+     * If in encrypt-then-mac mode calculate mac from encrypted record. All
+     * the details below are public so no timing details can leak.
+     */
+    if (SSL_READ_ETM(s) && s->read_hash) {
+        unsigned char *mac;
+        /* TODO(size_t): convert this to do size_t properly */
+        imac_size = EVP_MD_CTX_size(s->read_hash);
+        if (!ossl_assert(imac_size >= 0 && imac_size <= EVP_MAX_MD_SIZE)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GET_RECORD,
+                         ERR_LIB_EVP);
+                return -1;
+        }
+        mac_size = (size_t)imac_size;
+        for (j = 0; j < num_recs; j++) {
+            thisrr = &rr[j];
+
+            if (thisrr->length < mac_size) {
+                SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL3_GET_RECORD,
+                         SSL_R_LENGTH_TOO_SHORT);
+                return -1;
+            }
+            thisrr->length -= mac_size;
+            mac = thisrr->data + thisrr->length;
+            i = s->method->ssl3_enc->mac(s, thisrr, md, 0 /* not send */ );
+            if (i == 0 || CRYPTO_memcmp(md, mac, mac_size) != 0) {
+                SSLfatal(s, SSL_AD_BAD_RECORD_MAC, SSL_F_SSL3_GET_RECORD,
+                       SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
+                return -1;
+            }
+        }
+    }
+
+    first_rec_len = rr[0].length;
+
+    enc_err = s->method->ssl3_enc->enc(s, rr, num_recs, 0);
+
+    /*-
+     * enc_err is:
+     *    0: (in non-constant time) if the record is publicly invalid.
+     *    1: if the padding is valid
+     *    -1: if the padding is invalid
+     */
+    if (enc_err == 0) {
+        if (ossl_statem_in_error(s)) {
+            /* SSLfatal() already got called */
+            return -1;
+        }
+        if (num_recs == 1 && ossl_statem_skip_early_data(s)) {
+            /*
+             * Valid early_data that we cannot decrypt might fail here as
+             * publicly invalid. We treat it like an empty record.
+             */
+
+            thisrr = &rr[0];
+
+            if (!early_data_count_ok(s, thisrr->length,
+                                     EARLY_DATA_CIPHERTEXT_OVERHEAD, 0)) {
+                /* SSLfatal() already called */
+                return -1;
+            }
+
+            thisrr->length = 0;
+            thisrr->read = 1;
+            RECORD_LAYER_set_numrpipes(&s->rlayer, 1);
+            RECORD_LAYER_reset_read_sequence(&s->rlayer);
+            return 1;
+        }
+        SSLfatal(s, SSL_AD_DECRYPTION_FAILED, SSL_F_SSL3_GET_RECORD,
+                 SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
+        return -1;
+    }
+#ifdef SSL_DEBUG
+    printf("dec %lu\n", (unsigned long)rr[0].length);
+    {
+        size_t z;
+        for (z = 0; z < rr[0].length; z++)
+            printf("%02X%c", rr[0].data[z], ((z + 1) % 16) ? ' ' : '\n');
+    }
+    printf("\n");
+#endif
+
+    /* r->length is now the compressed data plus mac */
+    if ((sess != NULL) &&
+        (s->enc_read_ctx != NULL) &&
+        (!SSL_READ_ETM(s) && EVP_MD_CTX_md(s->read_hash) != NULL)) {
+        /* s->read_hash != NULL => mac_size != -1 */
+        unsigned char *mac = NULL;
+        unsigned char mac_tmp[EVP_MAX_MD_SIZE];
+
+        mac_size = EVP_MD_CTX_size(s->read_hash);
+        if (!ossl_assert(mac_size <= EVP_MAX_MD_SIZE)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GET_RECORD,
+                     ERR_R_INTERNAL_ERROR);
+            return -1;
+        }
+
+        for (j = 0; j < num_recs; j++) {
+            thisrr = &rr[j];
+            /*
+             * orig_len is the length of the record before any padding was
+             * removed. This is public information, as is the MAC in use,
+             * therefore we can safely process the record in a different amount
+             * of time if it's too short to possibly contain a MAC.
+             */
+            if (thisrr->orig_len < mac_size ||
+                /* CBC records must have a padding length byte too. */
+                (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
+                 thisrr->orig_len < mac_size + 1)) {
+                SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL3_GET_RECORD,
+                         SSL_R_LENGTH_TOO_SHORT);
+                return -1;
+            }
+
+            if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) {
+                /*
+                 * We update the length so that the TLS header bytes can be
+                 * constructed correctly but we need to extract the MAC in
+                 * constant time from within the record, without leaking the
+                 * contents of the padding bytes.
+                 */
+                mac = mac_tmp;
+                if (!ssl3_cbc_copy_mac(mac_tmp, thisrr, mac_size)) {
+                    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GET_RECORD,
+                             ERR_R_INTERNAL_ERROR);
+                    return -1;
+                }
+                thisrr->length -= mac_size;
+            } else {
+                /*
+                 * In this case there's no padding, so |rec->orig_len| equals
+                 * |rec->length| and we checked that there's enough bytes for
+                 * |mac_size| above.
+                 */
+                thisrr->length -= mac_size;
+                mac = &thisrr->data[thisrr->length];
+            }
+
+            i = s->method->ssl3_enc->mac(s, thisrr, md, 0 /* not send */ );
+            if (i == 0 || mac == NULL
+                || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)
+                enc_err = -1;
+            if (thisrr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size)
+                enc_err = -1;
+        }
+    }
+
+    if (enc_err < 0) {
+        if (ossl_statem_in_error(s)) {
+            /* We already called SSLfatal() */
+            return -1;
+        }
+        if (num_recs == 1 && ossl_statem_skip_early_data(s)) {
+            /*
+             * We assume this is unreadable early_data - we treat it like an
+             * empty record
+             */
+
+            /*
+             * The record length may have been modified by the mac check above
+             * so we use the previously saved value
+             */
+            if (!early_data_count_ok(s, first_rec_len,
+                                     EARLY_DATA_CIPHERTEXT_OVERHEAD, 0)) {
+                /* SSLfatal() already called */
+                return -1;
+            }
+
+            thisrr = &rr[0];
+            thisrr->length = 0;
+            thisrr->read = 1;
+            RECORD_LAYER_set_numrpipes(&s->rlayer, 1);
+            RECORD_LAYER_reset_read_sequence(&s->rlayer);
+            return 1;
+        }
+        /*
+         * A separate 'decryption_failed' alert was introduced with TLS 1.0,
+         * SSL 3.0 only has 'bad_record_mac'.  But unless a decryption
+         * failure is directly visible from the ciphertext anyway, we should
+         * not reveal which kind of error occurred -- this might become
+         * visible to an attacker (e.g. via a logfile)
+         */
+        SSLfatal(s, SSL_AD_BAD_RECORD_MAC, SSL_F_SSL3_GET_RECORD,
+                 SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
+        return -1;
+    }
+
+    for (j = 0; j < num_recs; j++) {
+        thisrr = &rr[j];
+
+        /* thisrr->length is now just compressed */
+        if (s->expand != NULL) {
+            if (thisrr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) {
+                SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_SSL3_GET_RECORD,
+                         SSL_R_COMPRESSED_LENGTH_TOO_LONG);
+                return -1;
+            }
+            if (!ssl3_do_uncompress(s, thisrr)) {
+                SSLfatal(s, SSL_AD_DECOMPRESSION_FAILURE, SSL_F_SSL3_GET_RECORD,
+                         SSL_R_BAD_DECOMPRESSION);
+                return -1;
+            }
+        }
+
+        if (SSL_IS_TLS13(s)
+                && s->enc_read_ctx != NULL
+                && thisrr->type != SSL3_RT_ALERT) {
+            size_t end;
+
+            if (thisrr->length == 0
+                    || thisrr->type != SSL3_RT_APPLICATION_DATA) {
+                SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_GET_RECORD,
+                         SSL_R_BAD_RECORD_TYPE);
+                return -1;
+            }
+
+            /* Strip trailing padding */
+            for (end = thisrr->length - 1; end > 0 && thisrr->data[end] == 0;
+                 end--)
+                continue;
+
+            thisrr->length = end;
+            thisrr->type = thisrr->data[end];
+            if (thisrr->type != SSL3_RT_APPLICATION_DATA
+                    && thisrr->type != SSL3_RT_ALERT
+                    && thisrr->type != SSL3_RT_HANDSHAKE) {
+                SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_GET_RECORD,
+                         SSL_R_BAD_RECORD_TYPE);
+                return -1;
+            }
+            if (s->msg_callback)
+                s->msg_callback(0, s->version, SSL3_RT_INNER_CONTENT_TYPE,
+                                &thisrr->data[end], 1, s, s->msg_callback_arg);
+        }
+
+        /*
+         * TLSv1.3 alert and handshake records are required to be non-zero in
+         * length.
+         */
+        if (SSL_IS_TLS13(s)
+                && (thisrr->type == SSL3_RT_HANDSHAKE
+                    || thisrr->type == SSL3_RT_ALERT)
+                && thisrr->length == 0) {
+            SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_GET_RECORD,
+                     SSL_R_BAD_LENGTH);
+            return -1;
+        }
+
+        if (thisrr->length > SSL3_RT_MAX_PLAIN_LENGTH) {
+            SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_SSL3_GET_RECORD,
+                     SSL_R_DATA_LENGTH_TOO_LONG);
+            return -1;
+        }
+
+        /* If received packet overflows current Max Fragment Length setting */
+        if (s->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(s->session)
+                && thisrr->length > GET_MAX_FRAGMENT_LENGTH(s->session)) {
+            SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_SSL3_GET_RECORD,
+                     SSL_R_DATA_LENGTH_TOO_LONG);
+            return -1;
+        }
+
+        thisrr->off = 0;
+        /*-
+         * So at this point the following is true
+         * thisrr->type   is the type of record
+         * thisrr->length == number of bytes in record
+         * thisrr->off    == offset to first valid byte
+         * thisrr->data   == where to take bytes from, increment after use :-).
+         */
+
+        /* just read a 0 length packet */
+        if (thisrr->length == 0) {
+            RECORD_LAYER_inc_empty_record_count(&s->rlayer);
+            if (RECORD_LAYER_get_empty_record_count(&s->rlayer)
+                > MAX_EMPTY_RECORDS) {
+                SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_GET_RECORD,
+                         SSL_R_RECORD_TOO_SMALL);
+                return -1;
+            }
+        } else {
+            RECORD_LAYER_reset_empty_record_count(&s->rlayer);
+        }
+    }
+
+    if (s->early_data_state == SSL_EARLY_DATA_READING) {
+        thisrr = &rr[0];
+        if (thisrr->type == SSL3_RT_APPLICATION_DATA
+                && !early_data_count_ok(s, thisrr->length, 0, 0)) {
+            /* SSLfatal already called */
+            return -1;
+        }
+    }
+
+    RECORD_LAYER_set_numrpipes(&s->rlayer, num_recs);
+    return 1;
+}
+
+int ssl3_do_uncompress(SSL *ssl, SSL3_RECORD *rr)
+{
+#ifndef OPENSSL_NO_COMP
+    int i;
+
+    if (rr->comp == NULL) {
+        rr->comp = (unsigned char *)
+            OPENSSL_malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);
+    }
+    if (rr->comp == NULL)
+        return 0;
+
+    /* TODO(size_t): Convert this call */
+    i = COMP_expand_block(ssl->expand, rr->comp,
+                          SSL3_RT_MAX_PLAIN_LENGTH, rr->data, (int)rr->length);
+    if (i < 0)
+        return 0;
+    else
+        rr->length = i;
+    rr->data = rr->comp;
+#endif
+    return 1;
+}
+
+int ssl3_do_compress(SSL *ssl, SSL3_RECORD *wr)
+{
+#ifndef OPENSSL_NO_COMP
+    int i;
+
+    /* TODO(size_t): Convert this call */
+    i = COMP_compress_block(ssl->compress, wr->data,
+                            (int)(wr->length + SSL3_RT_MAX_COMPRESSED_OVERHEAD),
+                            wr->input, (int)wr->length);
+    if (i < 0)
+        return 0;
+    else
+        wr->length = i;
+
+    wr->input = wr->data;
+#endif
+    return 1;
+}
+
+/*-
+ * ssl3_enc encrypts/decrypts |n_recs| records in |inrecs|.  Will call
+ * SSLfatal() for internal errors, but not otherwise.
+ *
+ * Returns:
+ *   0: (in non-constant time) if the record is publically invalid (i.e. too
+ *       short etc).
+ *   1: if the record's padding is valid / the encryption was successful.
+ *   -1: if the record's padding is invalid or, if sending, an internal error
+ *       occurred.
+ */
+int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int sending)
+{
+    SSL3_RECORD *rec;
+    EVP_CIPHER_CTX *ds;
+    size_t l, i;
+    size_t bs, mac_size = 0;
+    int imac_size;
+    const EVP_CIPHER *enc;
+
+    rec = inrecs;
+    /*
+     * We shouldn't ever be called with more than one record in the SSLv3 case
+     */
+    if (n_recs != 1)
+        return 0;
+    if (sending) {
+        ds = s->enc_write_ctx;
+        if (s->enc_write_ctx == NULL)
+            enc = NULL;
+        else
+            enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
+    } else {
+        ds = s->enc_read_ctx;
+        if (s->enc_read_ctx == NULL)
+            enc = NULL;
+        else
+            enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
+    }
+
+    if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) {
+        memmove(rec->data, rec->input, rec->length);
+        rec->input = rec->data;
+    } else {
+        l = rec->length;
+        /* TODO(size_t): Convert this call */
+        bs = EVP_CIPHER_CTX_block_size(ds);
+
+        /* COMPRESS */
+
+        if ((bs != 1) && sending) {
+            i = bs - (l % bs);
+
+            /* we need to add 'i-1' padding bytes */
+            l += i;
+            /*
+             * the last of these zero bytes will be overwritten with the
+             * padding length.
+             */
+            memset(&rec->input[rec->length], 0, i);
+            rec->length += i;
+            rec->input[l - 1] = (unsigned char)(i - 1);
+        }
+
+        if (!sending) {
+            if (l == 0 || l % bs != 0)
+                return 0;
+            /* otherwise, rec->length >= bs */
+        }
+
+        /* TODO(size_t): Convert this call */
+        if (EVP_Cipher(ds, rec->data, rec->input, (unsigned int)l) < 1)
+            return -1;
+
+        if (EVP_MD_CTX_md(s->read_hash) != NULL) {
+            /* TODO(size_t): convert me */
+            imac_size = EVP_MD_CTX_size(s->read_hash);
+            if (imac_size < 0) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_ENC,
+                         ERR_R_INTERNAL_ERROR);
+                return -1;
+            }
+            mac_size = (size_t)imac_size;
+        }
+        if ((bs != 1) && !sending)
+            return ssl3_cbc_remove_padding(rec, bs, mac_size);
+    }
+    return 1;
+}
+
+#define MAX_PADDING 256
+/*-
+ * tls1_enc encrypts/decrypts |n_recs| in |recs|.  Will call SSLfatal() for
+ * internal errors, but not otherwise.
+ *
+ * Returns:
+ *   0: (in non-constant time) if the record is publically invalid (i.e. too
+ *       short etc).
+ *   1: if the record's padding is valid / the encryption was successful.
+ *   -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
+ *       an internal error occurred.
+ */
+int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending)
+{
+    EVP_CIPHER_CTX *ds;
+    size_t reclen[SSL_MAX_PIPELINES];
+    unsigned char buf[SSL_MAX_PIPELINES][EVP_AEAD_TLS1_AAD_LEN];
+    int i, pad = 0, ret, tmpr;
+    size_t bs, mac_size = 0, ctr, padnum, loop;
+    unsigned char padval;
+    int imac_size;
+    const EVP_CIPHER *enc;
+
+    if (n_recs == 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    if (sending) {
+        if (EVP_MD_CTX_md(s->write_hash)) {
+            int n = EVP_MD_CTX_size(s->write_hash);
+            if (!ossl_assert(n >= 0)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
+                         ERR_R_INTERNAL_ERROR);
+                return -1;
+            }
+        }
+        ds = s->enc_write_ctx;
+        if (s->enc_write_ctx == NULL)
+            enc = NULL;
+        else {
+            int ivlen;
+            enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
+            /* For TLSv1.1 and later explicit IV */
+            if (SSL_USE_EXPLICIT_IV(s)
+                && EVP_CIPHER_mode(enc) == EVP_CIPH_CBC_MODE)
+                ivlen = EVP_CIPHER_iv_length(enc);
+            else
+                ivlen = 0;
+            if (ivlen > 1) {
+                for (ctr = 0; ctr < n_recs; ctr++) {
+                    if (recs[ctr].data != recs[ctr].input) {
+                        /*
+                         * we can't write into the input stream: Can this ever
+                         * happen?? (steve)
+                         */
+                        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
+                                 ERR_R_INTERNAL_ERROR);
+                        return -1;
+                    } else if (RAND_bytes(recs[ctr].input, ivlen) <= 0) {
+                        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
+                                 ERR_R_INTERNAL_ERROR);
+                        return -1;
+                    }
+                }
+            }
+        }
+    } else {
+        if (EVP_MD_CTX_md(s->read_hash)) {
+            int n = EVP_MD_CTX_size(s->read_hash);
+            if (!ossl_assert(n >= 0)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
+                         ERR_R_INTERNAL_ERROR);
+                return -1;
+            }
+        }
+        ds = s->enc_read_ctx;
+        if (s->enc_read_ctx == NULL)
+            enc = NULL;
+        else
+            enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
+    }
+
+    if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) {
+        for (ctr = 0; ctr < n_recs; ctr++) {
+            memmove(recs[ctr].data, recs[ctr].input, recs[ctr].length);
+            recs[ctr].input = recs[ctr].data;
+        }
+        ret = 1;
+    } else {
+        bs = EVP_CIPHER_block_size(EVP_CIPHER_CTX_cipher(ds));
+
+        if (n_recs > 1) {
+            if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ds))
+                  & EVP_CIPH_FLAG_PIPELINE)) {
+                /*
+                 * We shouldn't have been called with pipeline data if the
+                 * cipher doesn't support pipelining
+                 */
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
+                         SSL_R_PIPELINE_FAILURE);
+                return -1;
+            }
+        }
+        for (ctr = 0; ctr < n_recs; ctr++) {
+            reclen[ctr] = recs[ctr].length;
+
+            if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ds))
+                & EVP_CIPH_FLAG_AEAD_CIPHER) {
+                unsigned char *seq;
+
+                seq = sending ? RECORD_LAYER_get_write_sequence(&s->rlayer)
+                    : RECORD_LAYER_get_read_sequence(&s->rlayer);
+
+                if (SSL_IS_DTLS(s)) {
+                    /* DTLS does not support pipelining */
+                    unsigned char dtlsseq[9], *p = dtlsseq;
+
+                    s2n(sending ? DTLS_RECORD_LAYER_get_w_epoch(&s->rlayer) :
+                        DTLS_RECORD_LAYER_get_r_epoch(&s->rlayer), p);
+                    memcpy(p, &seq[2], 6);
+                    memcpy(buf[ctr], dtlsseq, 8);
+                } else {
+                    memcpy(buf[ctr], seq, 8);
+                    for (i = 7; i >= 0; i--) { /* increment */
+                        ++seq[i];
+                        if (seq[i] != 0)
+                            break;
+                    }
+                }
+
+                buf[ctr][8] = recs[ctr].type;
+                buf[ctr][9] = (unsigned char)(s->version >> 8);
+                buf[ctr][10] = (unsigned char)(s->version);
+                buf[ctr][11] = (unsigned char)(recs[ctr].length >> 8);
+                buf[ctr][12] = (unsigned char)(recs[ctr].length & 0xff);
+                pad = EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_AEAD_TLS1_AAD,
+                                          EVP_AEAD_TLS1_AAD_LEN, buf[ctr]);
+                if (pad <= 0) {
+                    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
+                             ERR_R_INTERNAL_ERROR);
+                    return -1;
+                }
+
+                if (sending) {
+                    reclen[ctr] += pad;
+                    recs[ctr].length += pad;
+                }
+
+            } else if ((bs != 1) && sending) {
+                padnum = bs - (reclen[ctr] % bs);
+
+                /* Add weird padding of upto 256 bytes */
+
+                if (padnum > MAX_PADDING) {
+                    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
+                             ERR_R_INTERNAL_ERROR);
+                    return -1;
+                }
+                /* we need to add 'padnum' padding bytes of value padval */
+                padval = (unsigned char)(padnum - 1);
+                for (loop = reclen[ctr]; loop < reclen[ctr] + padnum; loop++)
+                    recs[ctr].input[loop] = padval;
+                reclen[ctr] += padnum;
+                recs[ctr].length += padnum;
+            }
+
+            if (!sending) {
+                if (reclen[ctr] == 0 || reclen[ctr] % bs != 0)
+                    return 0;
+            }
+        }
+        if (n_recs > 1) {
+            unsigned char *data[SSL_MAX_PIPELINES];
+
+            /* Set the output buffers */
+            for (ctr = 0; ctr < n_recs; ctr++) {
+                data[ctr] = recs[ctr].data;
+            }
+            if (EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS,
+                                    (int)n_recs, data) <= 0) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
+                         SSL_R_PIPELINE_FAILURE);
+                return -1;
+            }
+            /* Set the input buffers */
+            for (ctr = 0; ctr < n_recs; ctr++) {
+                data[ctr] = recs[ctr].input;
+            }
+            if (EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_INPUT_BUFS,
+                                    (int)n_recs, data) <= 0
+                || EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_INPUT_LENS,
+                                       (int)n_recs, reclen) <= 0) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
+                         SSL_R_PIPELINE_FAILURE);
+                return -1;
+            }
+        }
+
+        /* TODO(size_t): Convert this call */
+        tmpr = EVP_Cipher(ds, recs[0].data, recs[0].input,
+                          (unsigned int)reclen[0]);
+        if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ds))
+             & EVP_CIPH_FLAG_CUSTOM_CIPHER)
+            ? (tmpr < 0)
+            : (tmpr == 0))
+            return -1;          /* AEAD can fail to verify MAC */
+
+        if (sending == 0) {
+            if (EVP_CIPHER_mode(enc) == EVP_CIPH_GCM_MODE) {
+                for (ctr = 0; ctr < n_recs; ctr++) {
+                    recs[ctr].data += EVP_GCM_TLS_EXPLICIT_IV_LEN;
+                    recs[ctr].input += EVP_GCM_TLS_EXPLICIT_IV_LEN;
+                    recs[ctr].length -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
+                }
+            } else if (EVP_CIPHER_mode(enc) == EVP_CIPH_CCM_MODE) {
+                for (ctr = 0; ctr < n_recs; ctr++) {
+                    recs[ctr].data += EVP_CCM_TLS_EXPLICIT_IV_LEN;
+                    recs[ctr].input += EVP_CCM_TLS_EXPLICIT_IV_LEN;
+                    recs[ctr].length -= EVP_CCM_TLS_EXPLICIT_IV_LEN;
+                }
+            }
+        }
+
+        ret = 1;
+        if (!SSL_READ_ETM(s) && EVP_MD_CTX_md(s->read_hash) != NULL) {
+            imac_size = EVP_MD_CTX_size(s->read_hash);
+            if (imac_size < 0) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
+                         ERR_R_INTERNAL_ERROR);
+                return -1;
+            }
+            mac_size = (size_t)imac_size;
+        }
+        if ((bs != 1) && !sending) {
+            int tmpret;
+            for (ctr = 0; ctr < n_recs; ctr++) {
+                tmpret = tls1_cbc_remove_padding(s, &recs[ctr], bs, mac_size);
+                /*
+                 * If tmpret == 0 then this means publicly invalid so we can
+                 * short circuit things here. Otherwise we must respect constant
+                 * time behaviour.
+                 */
+                if (tmpret == 0)
+                    return 0;
+                ret = constant_time_select_int(constant_time_eq_int(tmpret, 1),
+                                               ret, -1);
+            }
+        }
+        if (pad && !sending) {
+            for (ctr = 0; ctr < n_recs; ctr++) {
+                recs[ctr].length -= pad;
+            }
+        }
+    }
+    return ret;
+}
+
+int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending)
+{
+    unsigned char *mac_sec, *seq;
+    const EVP_MD_CTX *hash;
+    unsigned char *p, rec_char;
+    size_t md_size;
+    size_t npad;
+    int t;
+
+    if (sending) {
+        mac_sec = &(ssl->s3->write_mac_secret[0]);
+        seq = RECORD_LAYER_get_write_sequence(&ssl->rlayer);
+        hash = ssl->write_hash;
+    } else {
+        mac_sec = &(ssl->s3->read_mac_secret[0]);
+        seq = RECORD_LAYER_get_read_sequence(&ssl->rlayer);
+        hash = ssl->read_hash;
+    }
+
+    t = EVP_MD_CTX_size(hash);
+    if (t < 0)
+        return 0;
+    md_size = t;
+    npad = (48 / md_size) * md_size;
+
+    if (!sending &&
+        EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
+        ssl3_cbc_record_digest_supported(hash)) {
+        /*
+         * This is a CBC-encrypted record. We must avoid leaking any
+         * timing-side channel information about how many blocks of data we
+         * are hashing because that gives an attacker a timing-oracle.
+         */
+
+        /*-
+         * npad is, at most, 48 bytes and that's with MD5:
+         *   16 + 48 + 8 (sequence bytes) + 1 + 2 = 75.
+         *
+         * With SHA-1 (the largest hash speced for SSLv3) the hash size
+         * goes up 4, but npad goes down by 8, resulting in a smaller
+         * total size.
+         */
+        unsigned char header[75];
+        size_t j = 0;
+        memcpy(header + j, mac_sec, md_size);
+        j += md_size;
+        memcpy(header + j, ssl3_pad_1, npad);
+        j += npad;
+        memcpy(header + j, seq, 8);
+        j += 8;
+        header[j++] = rec->type;
+        header[j++] = (unsigned char)(rec->length >> 8);
+        header[j++] = (unsigned char)(rec->length & 0xff);
+
+        /* Final param == is SSLv3 */
+        if (ssl3_cbc_digest_record(hash,
+                                   md, &md_size,
+                                   header, rec->input,
+                                   rec->length + md_size, rec->orig_len,
+                                   mac_sec, md_size, 1) <= 0)
+            return 0;
+    } else {
+        unsigned int md_size_u;
+        /* Chop the digest off the end :-) */
+        EVP_MD_CTX *md_ctx = EVP_MD_CTX_new();
+
+        if (md_ctx == NULL)
+            return 0;
+
+        rec_char = rec->type;
+        p = md;
+        s2n(rec->length, p);
+        if (EVP_MD_CTX_copy_ex(md_ctx, hash) <= 0
+            || EVP_DigestUpdate(md_ctx, mac_sec, md_size) <= 0
+            || EVP_DigestUpdate(md_ctx, ssl3_pad_1, npad) <= 0
+            || EVP_DigestUpdate(md_ctx, seq, 8) <= 0
+            || EVP_DigestUpdate(md_ctx, &rec_char, 1) <= 0
+            || EVP_DigestUpdate(md_ctx, md, 2) <= 0
+            || EVP_DigestUpdate(md_ctx, rec->input, rec->length) <= 0
+            || EVP_DigestFinal_ex(md_ctx, md, NULL) <= 0
+            || EVP_MD_CTX_copy_ex(md_ctx, hash) <= 0
+            || EVP_DigestUpdate(md_ctx, mac_sec, md_size) <= 0
+            || EVP_DigestUpdate(md_ctx, ssl3_pad_2, npad) <= 0
+            || EVP_DigestUpdate(md_ctx, md, md_size) <= 0
+            || EVP_DigestFinal_ex(md_ctx, md, &md_size_u) <= 0) {
+            EVP_MD_CTX_free(md_ctx);
+            return 0;
+        }
+
+        EVP_MD_CTX_free(md_ctx);
+    }
+
+    ssl3_record_sequence_update(seq);
+    return 1;
+}
+
+int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending)
+{
+    unsigned char *seq;
+    EVP_MD_CTX *hash;
+    size_t md_size;
+    int i;
+    EVP_MD_CTX *hmac = NULL, *mac_ctx;
+    unsigned char header[13];
+    int stream_mac = (sending ? (ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM)
+                      : (ssl->mac_flags & SSL_MAC_FLAG_READ_MAC_STREAM));
+    int t;
+
+    if (sending) {
+        seq = RECORD_LAYER_get_write_sequence(&ssl->rlayer);
+        hash = ssl->write_hash;
+    } else {
+        seq = RECORD_LAYER_get_read_sequence(&ssl->rlayer);
+        hash = ssl->read_hash;
+    }
+
+    t = EVP_MD_CTX_size(hash);
+    if (!ossl_assert(t >= 0))
+        return 0;
+    md_size = t;
+
+    /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */
+    if (stream_mac) {
+        mac_ctx = hash;
+    } else {
+        hmac = EVP_MD_CTX_new();
+        if (hmac == NULL || !EVP_MD_CTX_copy(hmac, hash)) {
+            EVP_MD_CTX_free(hmac);
+            return 0;
+        }
+        mac_ctx = hmac;
+    }
+
+    if (SSL_IS_DTLS(ssl)) {
+        unsigned char dtlsseq[8], *p = dtlsseq;
+
+        s2n(sending ? DTLS_RECORD_LAYER_get_w_epoch(&ssl->rlayer) :
+            DTLS_RECORD_LAYER_get_r_epoch(&ssl->rlayer), p);
+        memcpy(p, &seq[2], 6);
+
+        memcpy(header, dtlsseq, 8);
+    } else
+        memcpy(header, seq, 8);
+
+    header[8] = rec->type;
+    header[9] = (unsigned char)(ssl->version >> 8);
+    header[10] = (unsigned char)(ssl->version);
+    header[11] = (unsigned char)(rec->length >> 8);
+    header[12] = (unsigned char)(rec->length & 0xff);
+
+    if (!sending && !SSL_READ_ETM(ssl) &&
+        EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
+        ssl3_cbc_record_digest_supported(mac_ctx)) {
+        /*
+         * This is a CBC-encrypted record. We must avoid leaking any
+         * timing-side channel information about how many blocks of data we
+         * are hashing because that gives an attacker a timing-oracle.
+         */
+        /* Final param == not SSLv3 */
+        if (ssl3_cbc_digest_record(mac_ctx,
+                                   md, &md_size,
+                                   header, rec->input,
+                                   rec->length + md_size, rec->orig_len,
+                                   ssl->s3->read_mac_secret,
+                                   ssl->s3->read_mac_secret_size, 0) <= 0) {
+            EVP_MD_CTX_free(hmac);
+            return 0;
+        }
+    } else {
+        /* TODO(size_t): Convert these calls */
+        if (EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)) <= 0
+            || EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length) <= 0
+            || EVP_DigestSignFinal(mac_ctx, md, &md_size) <= 0) {
+            EVP_MD_CTX_free(hmac);
+            return 0;
+        }
+    }
+
+    EVP_MD_CTX_free(hmac);
+
+#ifdef SSL_DEBUG
+    fprintf(stderr, "seq=");
+    {
+        int z;
+        for (z = 0; z < 8; z++)
+            fprintf(stderr, "%02X ", seq[z]);
+        fprintf(stderr, "\n");
+    }
+    fprintf(stderr, "rec=");
+    {
+        size_t z;
+        for (z = 0; z < rec->length; z++)
+            fprintf(stderr, "%02X ", rec->data[z]);
+        fprintf(stderr, "\n");
+    }
+#endif
+
+    if (!SSL_IS_DTLS(ssl)) {
+        for (i = 7; i >= 0; i--) {
+            ++seq[i];
+            if (seq[i] != 0)
+                break;
+        }
+    }
+#ifdef SSL_DEBUG
+    {
+        unsigned int z;
+        for (z = 0; z < md_size; z++)
+            fprintf(stderr, "%02X ", md[z]);
+        fprintf(stderr, "\n");
+    }
+#endif
+    return 1;
+}
+
+/*-
+ * ssl3_cbc_remove_padding removes padding from the decrypted, SSLv3, CBC
+ * record in |rec| by updating |rec->length| in constant time.
+ *
+ * block_size: the block size of the cipher used to encrypt the record.
+ * returns:
+ *   0: (in non-constant time) if the record is publicly invalid.
+ *   1: if the padding was valid
+ *  -1: otherwise.
+ */
+int ssl3_cbc_remove_padding(SSL3_RECORD *rec,
+                            size_t block_size, size_t mac_size)
+{
+    size_t padding_length;
+    size_t good;
+    const size_t overhead = 1 /* padding length byte */  + mac_size;
+
+    /*
+     * These lengths are all public so we can test them in non-constant time.
+     */
+    if (overhead > rec->length)
+        return 0;
+
+    padding_length = rec->data[rec->length - 1];
+    good = constant_time_ge_s(rec->length, padding_length + overhead);
+    /* SSLv3 requires that the padding is minimal. */
+    good &= constant_time_ge_s(block_size, padding_length + 1);
+    rec->length -= good & (padding_length + 1);
+    return constant_time_select_int_s(good, 1, -1);
+}
+
+/*-
+ * tls1_cbc_remove_padding removes the CBC padding from the decrypted, TLS, CBC
+ * record in |rec| in constant time and returns 1 if the padding is valid and
+ * -1 otherwise. It also removes any explicit IV from the start of the record
+ * without leaking any timing about whether there was enough space after the
+ * padding was removed.
+ *
+ * block_size: the block size of the cipher used to encrypt the record.
+ * returns:
+ *   0: (in non-constant time) if the record is publicly invalid.
+ *   1: if the padding was valid
+ *  -1: otherwise.
+ */
+int tls1_cbc_remove_padding(const SSL *s,
+                            SSL3_RECORD *rec,
+                            size_t block_size, size_t mac_size)
+{
+    size_t good;
+    size_t padding_length, to_check, i;
+    const size_t overhead = 1 /* padding length byte */  + mac_size;
+    /* Check if version requires explicit IV */
+    if (SSL_USE_EXPLICIT_IV(s)) {
+        /*
+         * These lengths are all public so we can test them in non-constant
+         * time.
+         */
+        if (overhead + block_size > rec->length)
+            return 0;
+        /* We can now safely skip explicit IV */
+        rec->data += block_size;
+        rec->input += block_size;
+        rec->length -= block_size;
+        rec->orig_len -= block_size;
+    } else if (overhead > rec->length)
+        return 0;
+
+    padding_length = rec->data[rec->length - 1];
+
+    if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_read_ctx)) &
+        EVP_CIPH_FLAG_AEAD_CIPHER) {
+        /* padding is already verified */
+        rec->length -= padding_length + 1;
+        return 1;
+    }
+
+    good = constant_time_ge_s(rec->length, overhead + padding_length);
+    /*
+     * The padding consists of a length byte at the end of the record and
+     * then that many bytes of padding, all with the same value as the length
+     * byte. Thus, with the length byte included, there are i+1 bytes of
+     * padding. We can't check just |padding_length+1| bytes because that
+     * leaks decrypted information. Therefore we always have to check the
+     * maximum amount of padding possible. (Again, the length of the record
+     * is public information so we can use it.)
+     */
+    to_check = 256;            /* maximum amount of padding, inc length byte. */
+    if (to_check > rec->length)
+        to_check = rec->length;
+
+    for (i = 0; i < to_check; i++) {
+        unsigned char mask = constant_time_ge_8_s(padding_length, i);
+        unsigned char b = rec->data[rec->length - 1 - i];
+        /*
+         * The final |padding_length+1| bytes should all have the value
+         * |padding_length|. Therefore the XOR should be zero.
+         */
+        good &= ~(mask & (padding_length ^ b));
+    }
+
+    /*
+     * If any of the final |padding_length+1| bytes had the wrong value, one
+     * or more of the lower eight bits of |good| will be cleared.
+     */
+    good = constant_time_eq_s(0xff, good & 0xff);
+    rec->length -= good & (padding_length + 1);
+
+    return constant_time_select_int_s(good, 1, -1);
+}
+
+/*-
+ * ssl3_cbc_copy_mac copies |md_size| bytes from the end of |rec| to |out| in
+ * constant time (independent of the concrete value of rec->length, which may
+ * vary within a 256-byte window).
+ *
+ * ssl3_cbc_remove_padding or tls1_cbc_remove_padding must be called prior to
+ * this function.
+ *
+ * On entry:
+ *   rec->orig_len >= md_size
+ *   md_size <= EVP_MAX_MD_SIZE
+ *
+ * If CBC_MAC_ROTATE_IN_PLACE is defined then the rotation is performed with
+ * variable accesses in a 64-byte-aligned buffer. Assuming that this fits into
+ * a single or pair of cache-lines, then the variable memory accesses don't
+ * actually affect the timing. CPUs with smaller cache-lines [if any] are
+ * not multi-core and are not considered vulnerable to cache-timing attacks.
+ */
+#define CBC_MAC_ROTATE_IN_PLACE
+
+int ssl3_cbc_copy_mac(unsigned char *out,
+                       const SSL3_RECORD *rec, size_t md_size)
+{
+#if defined(CBC_MAC_ROTATE_IN_PLACE)
+    unsigned char rotated_mac_buf[64 + EVP_MAX_MD_SIZE];
+    unsigned char *rotated_mac;
+#else
+    unsigned char rotated_mac[EVP_MAX_MD_SIZE];
+#endif
+
+    /*
+     * mac_end is the index of |rec->data| just after the end of the MAC.
+     */
+    size_t mac_end = rec->length;
+    size_t mac_start = mac_end - md_size;
+    size_t in_mac;
+    /*
+     * scan_start contains the number of bytes that we can ignore because the
+     * MAC's position can only vary by 255 bytes.
+     */
+    size_t scan_start = 0;
+    size_t i, j;
+    size_t rotate_offset;
+
+    if (!ossl_assert(rec->orig_len >= md_size
+                     && md_size <= EVP_MAX_MD_SIZE))
+        return 0;
+
+#if defined(CBC_MAC_ROTATE_IN_PLACE)
+    rotated_mac = rotated_mac_buf + ((0 - (size_t)rotated_mac_buf) & 63);
+#endif
+
+    /* This information is public so it's safe to branch based on it. */
+    if (rec->orig_len > md_size + 255 + 1)
+        scan_start = rec->orig_len - (md_size + 255 + 1);
+
+    in_mac = 0;
+    rotate_offset = 0;
+    memset(rotated_mac, 0, md_size);
+    for (i = scan_start, j = 0; i < rec->orig_len; i++) {
+        size_t mac_started = constant_time_eq_s(i, mac_start);
+        size_t mac_ended = constant_time_lt_s(i, mac_end);
+        unsigned char b = rec->data[i];
+
+        in_mac |= mac_started;
+        in_mac &= mac_ended;
+        rotate_offset |= j & mac_started;
+        rotated_mac[j++] |= b & in_mac;
+        j &= constant_time_lt_s(j, md_size);
+    }
+
+    /* Now rotate the MAC */
+#if defined(CBC_MAC_ROTATE_IN_PLACE)
+    j = 0;
+    for (i = 0; i < md_size; i++) {
+        /* in case cache-line is 32 bytes, touch second line */
+        ((volatile unsigned char *)rotated_mac)[rotate_offset ^ 32];
+        out[j++] = rotated_mac[rotate_offset++];
+        rotate_offset &= constant_time_lt_s(rotate_offset, md_size);
+    }
+#else
+    memset(out, 0, md_size);
+    rotate_offset = md_size - rotate_offset;
+    rotate_offset &= constant_time_lt_s(rotate_offset, md_size);
+    for (i = 0; i < md_size; i++) {
+        for (j = 0; j < md_size; j++)
+            out[j] |= rotated_mac[i] & constant_time_eq_8_s(j, rotate_offset);
+        rotate_offset++;
+        rotate_offset &= constant_time_lt_s(rotate_offset, md_size);
+    }
+#endif
+
+    return 1;
+}
+
+int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
+{
+    int i;
+    int enc_err;
+    SSL_SESSION *sess;
+    SSL3_RECORD *rr;
+    int imac_size;
+    size_t mac_size;
+    unsigned char md[EVP_MAX_MD_SIZE];
+
+    rr = RECORD_LAYER_get_rrec(&s->rlayer);
+    sess = s->session;
+
+    /*
+     * At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
+     * and we have that many bytes in s->packet
+     */
+    rr->input = &(RECORD_LAYER_get_packet(&s->rlayer)[DTLS1_RT_HEADER_LENGTH]);
+
+    /*
+     * ok, we can now read from 's->packet' data into 'rr' rr->input points
+     * at rr->length bytes, which need to be copied into rr->data by either
+     * the decryption or by the decompression When the data is 'copied' into
+     * the rr->data buffer, rr->input will be pointed at the new buffer
+     */
+
+    /*
+     * We now have - encrypted [ MAC [ compressed [ plain ] ] ] rr->length
+     * bytes of encrypted compressed stuff.
+     */
+
+    /* check is not needed I believe */
+    if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
+        SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_DTLS1_PROCESS_RECORD,
+                 SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
+        return 0;
+    }
+
+    /* decrypt in place in 'rr->input' */
+    rr->data = rr->input;
+    rr->orig_len = rr->length;
+
+    if (SSL_READ_ETM(s) && s->read_hash) {
+        unsigned char *mac;
+        mac_size = EVP_MD_CTX_size(s->read_hash);
+        if (!ossl_assert(mac_size <= EVP_MAX_MD_SIZE)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_PROCESS_RECORD,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+        if (rr->orig_len < mac_size) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_DTLS1_PROCESS_RECORD,
+                     SSL_R_LENGTH_TOO_SHORT);
+            return 0;
+        }
+        rr->length -= mac_size;
+        mac = rr->data + rr->length;
+        i = s->method->ssl3_enc->mac(s, rr, md, 0 /* not send */ );
+        if (i == 0 || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) {
+            SSLfatal(s, SSL_AD_BAD_RECORD_MAC, SSL_F_DTLS1_PROCESS_RECORD,
+                   SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
+            return 0;
+        }
+    }
+
+    enc_err = s->method->ssl3_enc->enc(s, rr, 1, 0);
+    /*-
+     * enc_err is:
+     *    0: (in non-constant time) if the record is publically invalid.
+     *    1: if the padding is valid
+     *   -1: if the padding is invalid
+     */
+    if (enc_err == 0) {
+        if (ossl_statem_in_error(s)) {
+            /* SSLfatal() got called */
+            return 0;
+        }
+        /* For DTLS we simply ignore bad packets. */
+        rr->length = 0;
+        RECORD_LAYER_reset_packet_length(&s->rlayer);
+        return 0;
+    }
+#ifdef SSL_DEBUG
+    printf("dec %ld\n", rr->length);
+    {
+        size_t z;
+        for (z = 0; z < rr->length; z++)
+            printf("%02X%c", rr->data[z], ((z + 1) % 16) ? ' ' : '\n');
+    }
+    printf("\n");
+#endif
+
+    /* r->length is now the compressed data plus mac */
+    if ((sess != NULL) && !SSL_READ_ETM(s) &&
+        (s->enc_read_ctx != NULL) && (EVP_MD_CTX_md(s->read_hash) != NULL)) {
+        /* s->read_hash != NULL => mac_size != -1 */
+        unsigned char *mac = NULL;
+        unsigned char mac_tmp[EVP_MAX_MD_SIZE];
+
+        /* TODO(size_t): Convert this to do size_t properly */
+        imac_size = EVP_MD_CTX_size(s->read_hash);
+        if (imac_size < 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_PROCESS_RECORD,
+                     ERR_LIB_EVP);
+            return 0;
+        }
+        mac_size = (size_t)imac_size;
+        if (!ossl_assert(mac_size <= EVP_MAX_MD_SIZE)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_PROCESS_RECORD,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+
+        /*
+         * orig_len is the length of the record before any padding was
+         * removed. This is public information, as is the MAC in use,
+         * therefore we can safely process the record in a different amount
+         * of time if it's too short to possibly contain a MAC.
+         */
+        if (rr->orig_len < mac_size ||
+            /* CBC records must have a padding length byte too. */
+            (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
+             rr->orig_len < mac_size + 1)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_DTLS1_PROCESS_RECORD,
+                     SSL_R_LENGTH_TOO_SHORT);
+            return 0;
+        }
+
+        if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) {
+            /*
+             * We update the length so that the TLS header bytes can be
+             * constructed correctly but we need to extract the MAC in
+             * constant time from within the record, without leaking the
+             * contents of the padding bytes.
+             */
+            mac = mac_tmp;
+            if (!ssl3_cbc_copy_mac(mac_tmp, rr, mac_size)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_PROCESS_RECORD,
+                         ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+            rr->length -= mac_size;
+        } else {
+            /*
+             * In this case there's no padding, so |rec->orig_len| equals
+             * |rec->length| and we checked that there's enough bytes for
+             * |mac_size| above.
+             */
+            rr->length -= mac_size;
+            mac = &rr->data[rr->length];
+        }
+
+        i = s->method->ssl3_enc->mac(s, rr, md, 0 /* not send */ );
+        if (i == 0 || mac == NULL
+            || CRYPTO_memcmp(md, mac, mac_size) != 0)
+            enc_err = -1;
+        if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size)
+            enc_err = -1;
+    }
+
+    if (enc_err < 0) {
+        /* decryption failed, silently discard message */
+        rr->length = 0;
+        RECORD_LAYER_reset_packet_length(&s->rlayer);
+        return 0;
+    }
+
+    /* r->length is now just compressed */
+    if (s->expand != NULL) {
+        if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) {
+            SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_DTLS1_PROCESS_RECORD,
+                     SSL_R_COMPRESSED_LENGTH_TOO_LONG);
+            return 0;
+        }
+        if (!ssl3_do_uncompress(s, rr)) {
+            SSLfatal(s, SSL_AD_DECOMPRESSION_FAILURE,
+                     SSL_F_DTLS1_PROCESS_RECORD, SSL_R_BAD_DECOMPRESSION);
+            return 0;
+        }
+    }
+
+    if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) {
+        SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_DTLS1_PROCESS_RECORD,
+                 SSL_R_DATA_LENGTH_TOO_LONG);
+        return 0;
+    }
+
+    rr->off = 0;
+    /*-
+     * So at this point the following is true
+     * ssl->s3->rrec.type   is the type of record
+     * ssl->s3->rrec.length == number of bytes in record
+     * ssl->s3->rrec.off    == offset to first valid byte
+     * ssl->s3->rrec.data   == where to take bytes from, increment
+     *                         after use :-).
+     */
+
+    /* we have pulled in a full packet so zero things */
+    RECORD_LAYER_reset_packet_length(&s->rlayer);
+
+    /* Mark receipt of record. */
+    dtls1_record_bitmap_update(s, bitmap);
+
+    return 1;
+}
+
+/*
+ * Retrieve a buffered record that belongs to the current epoch, i.e. processed
+ */
+#define dtls1_get_processed_record(s) \
+                   dtls1_retrieve_buffered_record((s), \
+                   &(DTLS_RECORD_LAYER_get_processed_rcds(&s->rlayer)))
+
+/*-
+ * Call this to get a new input record.
+ * It will return <= 0 if more data is needed, normally due to an error
+ * or non-blocking IO.
+ * When it finishes, one packet has been decoded and can be found in
+ * ssl->s3->rrec.type    - is the type of record
+ * ssl->s3->rrec.data,   - data
+ * ssl->s3->rrec.length, - number of bytes
+ */
+/* used only by dtls1_read_bytes */
+int dtls1_get_record(SSL *s)
+{
+    int ssl_major, ssl_minor;
+    int rret;
+    size_t more, n;
+    SSL3_RECORD *rr;
+    unsigned char *p = NULL;
+    unsigned short version;
+    DTLS1_BITMAP *bitmap;
+    unsigned int is_next_epoch;
+
+    rr = RECORD_LAYER_get_rrec(&s->rlayer);
+
+ again:
+    /*
+     * The epoch may have changed.  If so, process all the pending records.
+     * This is a non-blocking operation.
+     */
+    if (!dtls1_process_buffered_records(s)) {
+        /* SSLfatal() already called */
+        return -1;
+    }
+
+    /* if we're renegotiating, then there may be buffered records */
+    if (dtls1_get_processed_record(s))
+        return 1;
+
+    /* get something from the wire */
+
+    /* check if we have the header */
+    if ((RECORD_LAYER_get_rstate(&s->rlayer) != SSL_ST_READ_BODY) ||
+        (RECORD_LAYER_get_packet_length(&s->rlayer) < DTLS1_RT_HEADER_LENGTH)) {
+        rret = ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH,
+                           SSL3_BUFFER_get_len(&s->rlayer.rbuf), 0, 1, &n);
+        /* read timeout is handled by dtls1_read_bytes */
+        if (rret <= 0) {
+            /* SSLfatal() already called if appropriate */
+            return rret;         /* error or non-blocking */
+        }
+
+        /* this packet contained a partial record, dump it */
+        if (RECORD_LAYER_get_packet_length(&s->rlayer) !=
+            DTLS1_RT_HEADER_LENGTH) {
+            RECORD_LAYER_reset_packet_length(&s->rlayer);
+            goto again;
+        }
+
+        RECORD_LAYER_set_rstate(&s->rlayer, SSL_ST_READ_BODY);
+
+        p = RECORD_LAYER_get_packet(&s->rlayer);
+
+        if (s->msg_callback)
+            s->msg_callback(0, 0, SSL3_RT_HEADER, p, DTLS1_RT_HEADER_LENGTH,
+                            s, s->msg_callback_arg);
+
+        /* Pull apart the header into the DTLS1_RECORD */
+        rr->type = *(p++);
+        ssl_major = *(p++);
+        ssl_minor = *(p++);
+        version = (ssl_major << 8) | ssl_minor;
+
+        /* sequence number is 64 bits, with top 2 bytes = epoch */
+        n2s(p, rr->epoch);
+
+        memcpy(&(RECORD_LAYER_get_read_sequence(&s->rlayer)[2]), p, 6);
+        p += 6;
+
+        n2s(p, rr->length);
+        rr->read = 0;
+
+        /*
+         * Lets check the version. We tolerate alerts that don't have the exact
+         * version number (e.g. because of protocol version errors)
+         */
+        if (!s->first_packet && rr->type != SSL3_RT_ALERT) {
+            if (version != s->version) {
+                /* unexpected version, silently discard */
+                rr->length = 0;
+                rr->read = 1;
+                RECORD_LAYER_reset_packet_length(&s->rlayer);
+                goto again;
+            }
+        }
+
+        if ((version & 0xff00) != (s->version & 0xff00)) {
+            /* wrong version, silently discard record */
+            rr->length = 0;
+            rr->read = 1;
+            RECORD_LAYER_reset_packet_length(&s->rlayer);
+            goto again;
+        }
+
+        if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
+            /* record too long, silently discard it */
+            rr->length = 0;
+            rr->read = 1;
+            RECORD_LAYER_reset_packet_length(&s->rlayer);
+            goto again;
+        }
+
+        /* If received packet overflows own-client Max Fragment Length setting */
+        if (s->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(s->session)
+                && rr->length > GET_MAX_FRAGMENT_LENGTH(s->session)) {
+            /* record too long, silently discard it */
+            rr->length = 0;
+            rr->read = 1;
+            RECORD_LAYER_reset_packet_length(&s->rlayer);
+            goto again;
+        }
+
+        /* now s->rlayer.rstate == SSL_ST_READ_BODY */
+    }
+
+    /* s->rlayer.rstate == SSL_ST_READ_BODY, get and decode the data */
+
+    if (rr->length >
+        RECORD_LAYER_get_packet_length(&s->rlayer) - DTLS1_RT_HEADER_LENGTH) {
+        /* now s->packet_length == DTLS1_RT_HEADER_LENGTH */
+        more = rr->length;
+        rret = ssl3_read_n(s, more, more, 1, 1, &n);
+        /* this packet contained a partial record, dump it */
+        if (rret <= 0 || n != more) {
+            if (ossl_statem_in_error(s)) {
+                /* ssl3_read_n() called SSLfatal() */
+                return -1;
+            }
+            rr->length = 0;
+            rr->read = 1;
+            RECORD_LAYER_reset_packet_length(&s->rlayer);
+            goto again;
+        }
+
+        /*
+         * now n == rr->length, and s->packet_length ==
+         * DTLS1_RT_HEADER_LENGTH + rr->length
+         */
+    }
+    /* set state for later operations */
+    RECORD_LAYER_set_rstate(&s->rlayer, SSL_ST_READ_HEADER);
+
+    /* match epochs.  NULL means the packet is dropped on the floor */
+    bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);
+    if (bitmap == NULL) {
+        rr->length = 0;
+        RECORD_LAYER_reset_packet_length(&s->rlayer); /* dump this record */
+        goto again;             /* get another record */
+    }
+#ifndef OPENSSL_NO_SCTP
+    /* Only do replay check if no SCTP bio */
+    if (!BIO_dgram_is_sctp(SSL_get_rbio(s))) {
+#endif
+        /* Check whether this is a repeat, or aged record. */
+        /*
+         * TODO: Does it make sense to have replay protection in epoch 0 where
+         * we have no integrity negotiated yet?
+         */
+        if (!dtls1_record_replay_check(s, bitmap)) {
+            rr->length = 0;
+            rr->read = 1;
+            RECORD_LAYER_reset_packet_length(&s->rlayer); /* dump this record */
+            goto again;         /* get another record */
+        }
+#ifndef OPENSSL_NO_SCTP
+    }
+#endif
+
+    /* just read a 0 length packet */
+    if (rr->length == 0) {
+        rr->read = 1;
+        goto again;
+    }
+
+    /*
+     * If this record is from the next epoch (either HM or ALERT), and a
+     * handshake is currently in progress, buffer it since it cannot be
+     * processed at this time.
+     */
+    if (is_next_epoch) {
+        if ((SSL_in_init(s) || ossl_statem_get_in_handshake(s))) {
+            if (dtls1_buffer_record (s,
+                    &(DTLS_RECORD_LAYER_get_unprocessed_rcds(&s->rlayer)),
+                    rr->seq_num) < 0) {
+                /* SSLfatal() already called */
+                return -1;
+            }
+        }
+        rr->length = 0;
+        rr->read = 1;
+        RECORD_LAYER_reset_packet_length(&s->rlayer);
+        goto again;
+    }
+
+    if (!dtls1_process_record(s, bitmap)) {
+        if (ossl_statem_in_error(s)) {
+            /* dtls1_process_record() called SSLfatal */
+            return -1;
+        }
+        rr->length = 0;
+        rr->read = 1;
+        RECORD_LAYER_reset_packet_length(&s->rlayer); /* dump this record */
+        goto again;             /* get another record */
+    }
+
+    return 1;
+
+}
+
+int dtls_buffer_listen_record(SSL *s, size_t len, unsigned char *seq, size_t off)
+{
+    SSL3_RECORD *rr;
+
+    rr = RECORD_LAYER_get_rrec(&s->rlayer);
+    memset(rr, 0, sizeof(SSL3_RECORD));
+
+    rr->length = len;
+    rr->type = SSL3_RT_HANDSHAKE;
+    memcpy(rr->seq_num, seq, sizeof(rr->seq_num));
+    rr->off = off;
+
+    s->rlayer.packet = RECORD_LAYER_get_rbuf(&s->rlayer)->buf;
+    s->rlayer.packet_length = DTLS1_RT_HEADER_LENGTH + len;
+    rr->data = s->rlayer.packet + DTLS1_RT_HEADER_LENGTH;
+
+    if (dtls1_buffer_record(s, &(s->rlayer.d->processed_rcds),
+                            SSL3_RECORD_get_seq_num(s->rlayer.rrec)) <= 0) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/record/ssl3_record_tls13.c b/trunk/3rdparty/openssl-1.1-fit/ssl/record/ssl3_record_tls13.c
new file mode 100644
index 000000000..a11ed483e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/record/ssl3_record_tls13.c
@@ -0,0 +1,196 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "../ssl_locl.h"
+#include "record_locl.h"
+#include "internal/cryptlib.h"
+
+/*-
+ * tls13_enc encrypts/decrypts |n_recs| in |recs|. Will call SSLfatal() for
+ * internal errors, but not otherwise.
+ *
+ * Returns:
+ *    0: (in non-constant time) if the record is publically invalid (i.e. too
+ *        short etc).
+ *    1: if the record encryption was successful.
+ *   -1: if the record's AEAD-authenticator is invalid or, if sending,
+ *       an internal error occurred.
+ */
+int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending)
+{
+    EVP_CIPHER_CTX *ctx;
+    unsigned char iv[EVP_MAX_IV_LENGTH], recheader[SSL3_RT_HEADER_LENGTH];
+    size_t ivlen, taglen, offset, loop, hdrlen;
+    unsigned char *staticiv;
+    unsigned char *seq;
+    int lenu, lenf;
+    SSL3_RECORD *rec = &recs[0];
+    uint32_t alg_enc;
+    WPACKET wpkt;
+
+    if (n_recs != 1) {
+        /* Should not happen */
+        /* TODO(TLS1.3): Support pipelining */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC,
+                 ERR_R_INTERNAL_ERROR);
+        return -1;
+    }
+
+    if (sending) {
+        ctx = s->enc_write_ctx;
+        staticiv = s->write_iv;
+        seq = RECORD_LAYER_get_write_sequence(&s->rlayer);
+    } else {
+        ctx = s->enc_read_ctx;
+        staticiv = s->read_iv;
+        seq = RECORD_LAYER_get_read_sequence(&s->rlayer);
+    }
+
+    /*
+     * If we're sending an alert and ctx != NULL then we must be forcing
+     * plaintext alerts. If we're reading and ctx != NULL then we allow
+     * plaintext alerts at certain points in the handshake. If we've got this
+     * far then we have already validated that a plaintext alert is ok here.
+     */
+    if (ctx == NULL || rec->type == SSL3_RT_ALERT) {
+        memmove(rec->data, rec->input, rec->length);
+        rec->input = rec->data;
+        return 1;
+    }
+
+    ivlen = EVP_CIPHER_CTX_iv_length(ctx);
+
+    if (s->early_data_state == SSL_EARLY_DATA_WRITING
+            || s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY) {
+        if (s->session != NULL && s->session->ext.max_early_data > 0) {
+            alg_enc = s->session->cipher->algorithm_enc;
+        } else {
+            if (!ossl_assert(s->psksession != NULL
+                             && s->psksession->ext.max_early_data > 0)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC,
+                         ERR_R_INTERNAL_ERROR);
+                return -1;
+            }
+            alg_enc = s->psksession->cipher->algorithm_enc;
+        }
+    } else {
+        /*
+         * To get here we must have selected a ciphersuite - otherwise ctx would
+         * be NULL
+         */
+        if (!ossl_assert(s->s3->tmp.new_cipher != NULL)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC,
+                     ERR_R_INTERNAL_ERROR);
+            return -1;
+        }
+        alg_enc = s->s3->tmp.new_cipher->algorithm_enc;
+    }
+
+    if (alg_enc & SSL_AESCCM) {
+        if (alg_enc & (SSL_AES128CCM8 | SSL_AES256CCM8))
+            taglen = EVP_CCM8_TLS_TAG_LEN;
+         else
+            taglen = EVP_CCM_TLS_TAG_LEN;
+         if (sending && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen,
+                                         NULL) <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC,
+                     ERR_R_INTERNAL_ERROR);
+            return -1;
+        }
+    } else if (alg_enc & SSL_AESGCM) {
+        taglen = EVP_GCM_TLS_TAG_LEN;
+    } else if (alg_enc & SSL_CHACHA20) {
+        taglen = EVP_CHACHAPOLY_TLS_TAG_LEN;
+    } else {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC,
+                 ERR_R_INTERNAL_ERROR);
+        return -1;
+    }
+
+    if (!sending) {
+        /*
+         * Take off tag. There must be at least one byte of content type as
+         * well as the tag
+         */
+        if (rec->length < taglen + 1)
+            return 0;
+        rec->length -= taglen;
+    }
+
+    /* Set up IV */
+    if (ivlen < SEQ_NUM_SIZE) {
+        /* Should not happen */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC,
+                 ERR_R_INTERNAL_ERROR);
+        return -1;
+    }
+    offset = ivlen - SEQ_NUM_SIZE;
+    memcpy(iv, staticiv, offset);
+    for (loop = 0; loop < SEQ_NUM_SIZE; loop++)
+        iv[offset + loop] = staticiv[offset + loop] ^ seq[loop];
+
+    /* Increment the sequence counter */
+    for (loop = SEQ_NUM_SIZE; loop > 0; loop--) {
+        ++seq[loop - 1];
+        if (seq[loop - 1] != 0)
+            break;
+    }
+    if (loop == 0) {
+        /* Sequence has wrapped */
+        return -1;
+    }
+
+    /* TODO(size_t): lenu/lenf should be a size_t but EVP doesn't support it */
+    if (EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, sending) <= 0
+            || (!sending && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
+                                             taglen,
+                                             rec->data + rec->length) <= 0)) {
+        return -1;
+    }
+
+    /* Set up the AAD */
+    if (!WPACKET_init_static_len(&wpkt, recheader, sizeof(recheader), 0)
+            || !WPACKET_put_bytes_u8(&wpkt, rec->type)
+            || !WPACKET_put_bytes_u16(&wpkt, rec->rec_version)
+            || !WPACKET_put_bytes_u16(&wpkt, rec->length + taglen)
+            || !WPACKET_get_total_written(&wpkt, &hdrlen)
+            || hdrlen != SSL3_RT_HEADER_LENGTH
+            || !WPACKET_finish(&wpkt)) {
+        WPACKET_cleanup(&wpkt);
+        return -1;
+    }
+
+    /*
+     * For CCM we must explicitly set the total plaintext length before we add
+     * any AAD.
+     */
+    if (((alg_enc & SSL_AESCCM) != 0
+                 && EVP_CipherUpdate(ctx, NULL, &lenu, NULL,
+                                     (unsigned int)rec->length) <= 0)
+            || EVP_CipherUpdate(ctx, NULL, &lenu, recheader,
+                                sizeof(recheader)) <= 0
+            || EVP_CipherUpdate(ctx, rec->data, &lenu, rec->input,
+                                (unsigned int)rec->length) <= 0
+            || EVP_CipherFinal_ex(ctx, rec->data + lenu, &lenf) <= 0
+            || (size_t)(lenu + lenf) != rec->length) {
+        return -1;
+    }
+    if (sending) {
+        /* Add the tag */
+        if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen,
+                                rec->data + rec->length) <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC,
+                     ERR_R_INTERNAL_ERROR);
+            return -1;
+        }
+        rec->length += taglen;
+    }
+
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/s3_cbc.c b/trunk/3rdparty/openssl-1.1-fit/ssl/s3_cbc.c
new file mode 100644
index 000000000..8377d7fe1
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/s3_cbc.c
@@ -0,0 +1,487 @@
+/*
+ * Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/constant_time_locl.h"
+#include "ssl_locl.h"
+#include "internal/cryptlib.h"
+
+#include <openssl/md5.h>
+#include <openssl/sha.h>
+
+/*
+ * MAX_HASH_BIT_COUNT_BYTES is the maximum number of bytes in the hash's
+ * length field. (SHA-384/512 have 128-bit length.)
+ */
+#define MAX_HASH_BIT_COUNT_BYTES 16
+
+/*
+ * MAX_HASH_BLOCK_SIZE is the maximum hash block size that we'll support.
+ * Currently SHA-384/512 has a 128-byte block size and that's the largest
+ * supported by TLS.)
+ */
+#define MAX_HASH_BLOCK_SIZE 128
+
+/*
+ * u32toLE serialises an unsigned, 32-bit number (n) as four bytes at (p) in
+ * little-endian order. The value of p is advanced by four.
+ */
+#define u32toLE(n, p) \
+        (*((p)++)=(unsigned char)(n), \
+         *((p)++)=(unsigned char)(n>>8), \
+         *((p)++)=(unsigned char)(n>>16), \
+         *((p)++)=(unsigned char)(n>>24))
+
+/*
+ * These functions serialize the state of a hash and thus perform the
+ * standard "final" operation without adding the padding and length that such
+ * a function typically does.
+ */
+static void tls1_md5_final_raw(void *ctx, unsigned char *md_out)
+{
+    MD5_CTX *md5 = ctx;
+    u32toLE(md5->A, md_out);
+    u32toLE(md5->B, md_out);
+    u32toLE(md5->C, md_out);
+    u32toLE(md5->D, md_out);
+}
+
+static void tls1_sha1_final_raw(void *ctx, unsigned char *md_out)
+{
+    SHA_CTX *sha1 = ctx;
+    l2n(sha1->h0, md_out);
+    l2n(sha1->h1, md_out);
+    l2n(sha1->h2, md_out);
+    l2n(sha1->h3, md_out);
+    l2n(sha1->h4, md_out);
+}
+
+static void tls1_sha256_final_raw(void *ctx, unsigned char *md_out)
+{
+    SHA256_CTX *sha256 = ctx;
+    unsigned i;
+
+    for (i = 0; i < 8; i++) {
+        l2n(sha256->h[i], md_out);
+    }
+}
+
+static void tls1_sha512_final_raw(void *ctx, unsigned char *md_out)
+{
+    SHA512_CTX *sha512 = ctx;
+    unsigned i;
+
+    for (i = 0; i < 8; i++) {
+        l2n8(sha512->h[i], md_out);
+    }
+}
+
+#undef  LARGEST_DIGEST_CTX
+#define LARGEST_DIGEST_CTX SHA512_CTX
+
+/*
+ * ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function
+ * which ssl3_cbc_digest_record supports.
+ */
+char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx)
+{
+    switch (EVP_MD_CTX_type(ctx)) {
+    case NID_md5:
+    case NID_sha1:
+    case NID_sha224:
+    case NID_sha256:
+    case NID_sha384:
+    case NID_sha512:
+        return 1;
+    default:
+        return 0;
+    }
+}
+
+/*-
+ * ssl3_cbc_digest_record computes the MAC of a decrypted, padded SSLv3/TLS
+ * record.
+ *
+ *   ctx: the EVP_MD_CTX from which we take the hash function.
+ *     ssl3_cbc_record_digest_supported must return true for this EVP_MD_CTX.
+ *   md_out: the digest output. At most EVP_MAX_MD_SIZE bytes will be written.
+ *   md_out_size: if non-NULL, the number of output bytes is written here.
+ *   header: the 13-byte, TLS record header.
+ *   data: the record data itself, less any preceding explicit IV.
+ *   data_plus_mac_size: the secret, reported length of the data and MAC
+ *     once the padding has been removed.
+ *   data_plus_mac_plus_padding_size: the public length of the whole
+ *     record, including padding.
+ *   is_sslv3: non-zero if we are to use SSLv3. Otherwise, TLS.
+ *
+ * On entry: by virtue of having been through one of the remove_padding
+ * functions, above, we know that data_plus_mac_size is large enough to contain
+ * a padding byte and MAC. (If the padding was invalid, it might contain the
+ * padding too. )
+ * Returns 1 on success or 0 on error
+ */
+int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
+                           unsigned char *md_out,
+                           size_t *md_out_size,
+                           const unsigned char header[13],
+                           const unsigned char *data,
+                           size_t data_plus_mac_size,
+                           size_t data_plus_mac_plus_padding_size,
+                           const unsigned char *mac_secret,
+                           size_t mac_secret_length, char is_sslv3)
+{
+    union {
+        double align;
+        unsigned char c[sizeof(LARGEST_DIGEST_CTX)];
+    } md_state;
+    void (*md_final_raw) (void *ctx, unsigned char *md_out);
+    void (*md_transform) (void *ctx, const unsigned char *block);
+    size_t md_size, md_block_size = 64;
+    size_t sslv3_pad_length = 40, header_length, variance_blocks,
+        len, max_mac_bytes, num_blocks,
+        num_starting_blocks, k, mac_end_offset, c, index_a, index_b;
+    size_t bits;          /* at most 18 bits */
+    unsigned char length_bytes[MAX_HASH_BIT_COUNT_BYTES];
+    /* hmac_pad is the masked HMAC key. */
+    unsigned char hmac_pad[MAX_HASH_BLOCK_SIZE];
+    unsigned char first_block[MAX_HASH_BLOCK_SIZE];
+    unsigned char mac_out[EVP_MAX_MD_SIZE];
+    size_t i, j;
+    unsigned md_out_size_u;
+    EVP_MD_CTX *md_ctx = NULL;
+    /*
+     * mdLengthSize is the number of bytes in the length field that
+     * terminates * the hash.
+     */
+    size_t md_length_size = 8;
+    char length_is_big_endian = 1;
+    int ret;
+
+    /*
+     * This is a, hopefully redundant, check that allows us to forget about
+     * many possible overflows later in this function.
+     */
+    if (!ossl_assert(data_plus_mac_plus_padding_size < 1024 * 1024))
+        return 0;
+
+    switch (EVP_MD_CTX_type(ctx)) {
+    case NID_md5:
+        if (MD5_Init((MD5_CTX *)md_state.c) <= 0)
+            return 0;
+        md_final_raw = tls1_md5_final_raw;
+        md_transform =
+            (void (*)(void *ctx, const unsigned char *block))MD5_Transform;
+        md_size = 16;
+        sslv3_pad_length = 48;
+        length_is_big_endian = 0;
+        break;
+    case NID_sha1:
+        if (SHA1_Init((SHA_CTX *)md_state.c) <= 0)
+            return 0;
+        md_final_raw = tls1_sha1_final_raw;
+        md_transform =
+            (void (*)(void *ctx, const unsigned char *block))SHA1_Transform;
+        md_size = 20;
+        break;
+    case NID_sha224:
+        if (SHA224_Init((SHA256_CTX *)md_state.c) <= 0)
+            return 0;
+        md_final_raw = tls1_sha256_final_raw;
+        md_transform =
+            (void (*)(void *ctx, const unsigned char *block))SHA256_Transform;
+        md_size = 224 / 8;
+        break;
+    case NID_sha256:
+        if (SHA256_Init((SHA256_CTX *)md_state.c) <= 0)
+            return 0;
+        md_final_raw = tls1_sha256_final_raw;
+        md_transform =
+            (void (*)(void *ctx, const unsigned char *block))SHA256_Transform;
+        md_size = 32;
+        break;
+    case NID_sha384:
+        if (SHA384_Init((SHA512_CTX *)md_state.c) <= 0)
+            return 0;
+        md_final_raw = tls1_sha512_final_raw;
+        md_transform =
+            (void (*)(void *ctx, const unsigned char *block))SHA512_Transform;
+        md_size = 384 / 8;
+        md_block_size = 128;
+        md_length_size = 16;
+        break;
+    case NID_sha512:
+        if (SHA512_Init((SHA512_CTX *)md_state.c) <= 0)
+            return 0;
+        md_final_raw = tls1_sha512_final_raw;
+        md_transform =
+            (void (*)(void *ctx, const unsigned char *block))SHA512_Transform;
+        md_size = 64;
+        md_block_size = 128;
+        md_length_size = 16;
+        break;
+    default:
+        /*
+         * ssl3_cbc_record_digest_supported should have been called first to
+         * check that the hash function is supported.
+         */
+        if (md_out_size != NULL)
+            *md_out_size = 0;
+        return ossl_assert(0);
+    }
+
+    if (!ossl_assert(md_length_size <= MAX_HASH_BIT_COUNT_BYTES)
+            || !ossl_assert(md_block_size <= MAX_HASH_BLOCK_SIZE)
+            || !ossl_assert(md_size <= EVP_MAX_MD_SIZE))
+        return 0;
+
+    header_length = 13;
+    if (is_sslv3) {
+        header_length = mac_secret_length + sslv3_pad_length + 8 /* sequence
+                                                                  * number */  +
+            1 /* record type */  +
+            2 /* record length */ ;
+    }
+
+    /*
+     * variance_blocks is the number of blocks of the hash that we have to
+     * calculate in constant time because they could be altered by the
+     * padding value. In SSLv3, the padding must be minimal so the end of
+     * the plaintext varies by, at most, 15+20 = 35 bytes. (We conservatively
+     * assume that the MAC size varies from 0..20 bytes.) In case the 9 bytes
+     * of hash termination (0x80 + 64-bit length) don't fit in the final
+     * block, we say that the final two blocks can vary based on the padding.
+     * TLSv1 has MACs up to 48 bytes long (SHA-384) and the padding is not
+     * required to be minimal. Therefore we say that the final |variance_blocks|
+     * blocks can
+     * vary based on the padding. Later in the function, if the message is
+     * short and there obviously cannot be this many blocks then
+     * variance_blocks can be reduced.
+     */
+    variance_blocks = is_sslv3 ? 2 : ( ((255 + 1 + md_size + md_block_size - 1) / md_block_size) + 1);
+    /*
+     * From now on we're dealing with the MAC, which conceptually has 13
+     * bytes of `header' before the start of the data (TLS) or 71/75 bytes
+     * (SSLv3)
+     */
+    len = data_plus_mac_plus_padding_size + header_length;
+    /*
+     * max_mac_bytes contains the maximum bytes of bytes in the MAC,
+     * including * |header|, assuming that there's no padding.
+     */
+    max_mac_bytes = len - md_size - 1;
+    /* num_blocks is the maximum number of hash blocks. */
+    num_blocks =
+        (max_mac_bytes + 1 + md_length_size + md_block_size -
+         1) / md_block_size;
+    /*
+     * In order to calculate the MAC in constant time we have to handle the
+     * final blocks specially because the padding value could cause the end
+     * to appear somewhere in the final |variance_blocks| blocks and we can't
+     * leak where. However, |num_starting_blocks| worth of data can be hashed
+     * right away because no padding value can affect whether they are
+     * plaintext.
+     */
+    num_starting_blocks = 0;
+    /*
+     * k is the starting byte offset into the conceptual header||data where
+     * we start processing.
+     */
+    k = 0;
+    /*
+     * mac_end_offset is the index just past the end of the data to be MACed.
+     */
+    mac_end_offset = data_plus_mac_size + header_length - md_size;
+    /*
+     * c is the index of the 0x80 byte in the final hash block that contains
+     * application data.
+     */
+    c = mac_end_offset % md_block_size;
+    /*
+     * index_a is the hash block number that contains the 0x80 terminating
+     * value.
+     */
+    index_a = mac_end_offset / md_block_size;
+    /*
+     * index_b is the hash block number that contains the 64-bit hash length,
+     * in bits.
+     */
+    index_b = (mac_end_offset + md_length_size) / md_block_size;
+    /*
+     * bits is the hash-length in bits. It includes the additional hash block
+     * for the masked HMAC key, or whole of |header| in the case of SSLv3.
+     */
+
+    /*
+     * For SSLv3, if we're going to have any starting blocks then we need at
+     * least two because the header is larger than a single block.
+     */
+    if (num_blocks > variance_blocks + (is_sslv3 ? 1 : 0)) {
+        num_starting_blocks = num_blocks - variance_blocks;
+        k = md_block_size * num_starting_blocks;
+    }
+
+    bits = 8 * mac_end_offset;
+    if (!is_sslv3) {
+        /*
+         * Compute the initial HMAC block. For SSLv3, the padding and secret
+         * bytes are included in |header| because they take more than a
+         * single block.
+         */
+        bits += 8 * md_block_size;
+        memset(hmac_pad, 0, md_block_size);
+        if (!ossl_assert(mac_secret_length <= sizeof(hmac_pad)))
+            return 0;
+        memcpy(hmac_pad, mac_secret, mac_secret_length);
+        for (i = 0; i < md_block_size; i++)
+            hmac_pad[i] ^= 0x36;
+
+        md_transform(md_state.c, hmac_pad);
+    }
+
+    if (length_is_big_endian) {
+        memset(length_bytes, 0, md_length_size - 4);
+        length_bytes[md_length_size - 4] = (unsigned char)(bits >> 24);
+        length_bytes[md_length_size - 3] = (unsigned char)(bits >> 16);
+        length_bytes[md_length_size - 2] = (unsigned char)(bits >> 8);
+        length_bytes[md_length_size - 1] = (unsigned char)bits;
+    } else {
+        memset(length_bytes, 0, md_length_size);
+        length_bytes[md_length_size - 5] = (unsigned char)(bits >> 24);
+        length_bytes[md_length_size - 6] = (unsigned char)(bits >> 16);
+        length_bytes[md_length_size - 7] = (unsigned char)(bits >> 8);
+        length_bytes[md_length_size - 8] = (unsigned char)bits;
+    }
+
+    if (k > 0) {
+        if (is_sslv3) {
+            size_t overhang;
+
+            /*
+             * The SSLv3 header is larger than a single block. overhang is
+             * the number of bytes beyond a single block that the header
+             * consumes: either 7 bytes (SHA1) or 11 bytes (MD5). There are no
+             * ciphersuites in SSLv3 that are not SHA1 or MD5 based and
+             * therefore we can be confident that the header_length will be
+             * greater than |md_block_size|. However we add a sanity check just
+             * in case
+             */
+            if (header_length <= md_block_size) {
+                /* Should never happen */
+                return 0;
+            }
+            overhang = header_length - md_block_size;
+            md_transform(md_state.c, header);
+            memcpy(first_block, header + md_block_size, overhang);
+            memcpy(first_block + overhang, data, md_block_size - overhang);
+            md_transform(md_state.c, first_block);
+            for (i = 1; i < k / md_block_size - 1; i++)
+                md_transform(md_state.c, data + md_block_size * i - overhang);
+        } else {
+            /* k is a multiple of md_block_size. */
+            memcpy(first_block, header, 13);
+            memcpy(first_block + 13, data, md_block_size - 13);
+            md_transform(md_state.c, first_block);
+            for (i = 1; i < k / md_block_size; i++)
+                md_transform(md_state.c, data + md_block_size * i - 13);
+        }
+    }
+
+    memset(mac_out, 0, sizeof(mac_out));
+
+    /*
+     * We now process the final hash blocks. For each block, we construct it
+     * in constant time. If the |i==index_a| then we'll include the 0x80
+     * bytes and zero pad etc. For each block we selectively copy it, in
+     * constant time, to |mac_out|.
+     */
+    for (i = num_starting_blocks; i <= num_starting_blocks + variance_blocks;
+         i++) {
+        unsigned char block[MAX_HASH_BLOCK_SIZE];
+        unsigned char is_block_a = constant_time_eq_8_s(i, index_a);
+        unsigned char is_block_b = constant_time_eq_8_s(i, index_b);
+        for (j = 0; j < md_block_size; j++) {
+            unsigned char b = 0, is_past_c, is_past_cp1;
+            if (k < header_length)
+                b = header[k];
+            else if (k < data_plus_mac_plus_padding_size + header_length)
+                b = data[k - header_length];
+            k++;
+
+            is_past_c = is_block_a & constant_time_ge_8_s(j, c);
+            is_past_cp1 = is_block_a & constant_time_ge_8_s(j, c + 1);
+            /*
+             * If this is the block containing the end of the application
+             * data, and we are at the offset for the 0x80 value, then
+             * overwrite b with 0x80.
+             */
+            b = constant_time_select_8(is_past_c, 0x80, b);
+            /*
+             * If this block contains the end of the application data
+             * and we're past the 0x80 value then just write zero.
+             */
+            b = b & ~is_past_cp1;
+            /*
+             * If this is index_b (the final block), but not index_a (the end
+             * of the data), then the 64-bit length didn't fit into index_a
+             * and we're having to add an extra block of zeros.
+             */
+            b &= ~is_block_b | is_block_a;
+
+            /*
+             * The final bytes of one of the blocks contains the length.
+             */
+            if (j >= md_block_size - md_length_size) {
+                /* If this is index_b, write a length byte. */
+                b = constant_time_select_8(is_block_b,
+                                           length_bytes[j -
+                                                        (md_block_size -
+                                                         md_length_size)], b);
+            }
+            block[j] = b;
+        }
+
+        md_transform(md_state.c, block);
+        md_final_raw(md_state.c, block);
+        /* If this is index_b, copy the hash value to |mac_out|. */
+        for (j = 0; j < md_size; j++)
+            mac_out[j] |= block[j] & is_block_b;
+    }
+
+    md_ctx = EVP_MD_CTX_new();
+    if (md_ctx == NULL)
+        goto err;
+    if (EVP_DigestInit_ex(md_ctx, EVP_MD_CTX_md(ctx), NULL /* engine */ ) <= 0)
+        goto err;
+    if (is_sslv3) {
+        /* We repurpose |hmac_pad| to contain the SSLv3 pad2 block. */
+        memset(hmac_pad, 0x5c, sslv3_pad_length);
+
+        if (EVP_DigestUpdate(md_ctx, mac_secret, mac_secret_length) <= 0
+            || EVP_DigestUpdate(md_ctx, hmac_pad, sslv3_pad_length) <= 0
+            || EVP_DigestUpdate(md_ctx, mac_out, md_size) <= 0)
+            goto err;
+    } else {
+        /* Complete the HMAC in the standard manner. */
+        for (i = 0; i < md_block_size; i++)
+            hmac_pad[i] ^= 0x6a;
+
+        if (EVP_DigestUpdate(md_ctx, hmac_pad, md_block_size) <= 0
+            || EVP_DigestUpdate(md_ctx, mac_out, md_size) <= 0)
+            goto err;
+    }
+    /* TODO(size_t): Convert me */
+    ret = EVP_DigestFinal(md_ctx, md_out, &md_out_size_u);
+    if (ret && md_out_size)
+        *md_out_size = md_out_size_u;
+    EVP_MD_CTX_free(md_ctx);
+
+    return 1;
+ err:
+    EVP_MD_CTX_free(md_ctx);
+    return 0;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/s3_enc.c b/trunk/3rdparty/openssl-1.1-fit/ssl/s3_enc.c
new file mode 100644
index 000000000..2e185e9fb
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/s3_enc.c
@@ -0,0 +1,595 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "ssl_locl.h"
+#include <openssl/evp.h>
+#include <openssl/md5.h>
+#include "internal/cryptlib.h"
+
+static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
+{
+    EVP_MD_CTX *m5;
+    EVP_MD_CTX *s1;
+    unsigned char buf[16], smd[SHA_DIGEST_LENGTH];
+    unsigned char c = 'A';
+    unsigned int i, j, k;
+    int ret = 0;
+
+#ifdef CHARSET_EBCDIC
+    c = os_toascii[c];          /* 'A' in ASCII */
+#endif
+    k = 0;
+    m5 = EVP_MD_CTX_new();
+    s1 = EVP_MD_CTX_new();
+    if (m5 == NULL || s1 == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GENERATE_KEY_BLOCK,
+                 ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    EVP_MD_CTX_set_flags(m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+    for (i = 0; (int)i < num; i += MD5_DIGEST_LENGTH) {
+        k++;
+        if (k > sizeof(buf)) {
+            /* bug: 'buf' is too small for this ciphersuite */
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GENERATE_KEY_BLOCK,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        for (j = 0; j < k; j++)
+            buf[j] = c;
+        c++;
+        if (!EVP_DigestInit_ex(s1, EVP_sha1(), NULL)
+            || !EVP_DigestUpdate(s1, buf, k)
+            || !EVP_DigestUpdate(s1, s->session->master_key,
+                                 s->session->master_key_length)
+            || !EVP_DigestUpdate(s1, s->s3->server_random, SSL3_RANDOM_SIZE)
+            || !EVP_DigestUpdate(s1, s->s3->client_random, SSL3_RANDOM_SIZE)
+            || !EVP_DigestFinal_ex(s1, smd, NULL)
+            || !EVP_DigestInit_ex(m5, EVP_md5(), NULL)
+            || !EVP_DigestUpdate(m5, s->session->master_key,
+                                 s->session->master_key_length)
+            || !EVP_DigestUpdate(m5, smd, SHA_DIGEST_LENGTH)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GENERATE_KEY_BLOCK,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        if ((int)(i + MD5_DIGEST_LENGTH) > num) {
+            if (!EVP_DigestFinal_ex(m5, smd, NULL)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            memcpy(km, smd, (num - i));
+        } else {
+            if (!EVP_DigestFinal_ex(m5, km, NULL)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+        }
+
+        km += MD5_DIGEST_LENGTH;
+    }
+    OPENSSL_cleanse(smd, sizeof(smd));
+    ret = 1;
+ err:
+    EVP_MD_CTX_free(m5);
+    EVP_MD_CTX_free(s1);
+    return ret;
+}
+
+int ssl3_change_cipher_state(SSL *s, int which)
+{
+    unsigned char *p, *mac_secret;
+    unsigned char *ms, *key, *iv;
+    EVP_CIPHER_CTX *dd;
+    const EVP_CIPHER *c;
+#ifndef OPENSSL_NO_COMP
+    COMP_METHOD *comp;
+#endif
+    const EVP_MD *m;
+    int mdi;
+    size_t n, i, j, k, cl;
+    int reuse_dd = 0;
+
+    c = s->s3->tmp.new_sym_enc;
+    m = s->s3->tmp.new_hash;
+    /* m == NULL will lead to a crash later */
+    if (!ossl_assert(m != NULL)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+#ifndef OPENSSL_NO_COMP
+    if (s->s3->tmp.new_compression == NULL)
+        comp = NULL;
+    else
+        comp = s->s3->tmp.new_compression->method;
+#endif
+
+    if (which & SSL3_CC_READ) {
+        if (s->enc_read_ctx != NULL) {
+            reuse_dd = 1;
+        } else if ((s->enc_read_ctx = EVP_CIPHER_CTX_new()) == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
+                     ERR_R_MALLOC_FAILURE);
+            goto err;
+        } else {
+            /*
+             * make sure it's initialised in case we exit later with an error
+             */
+            EVP_CIPHER_CTX_reset(s->enc_read_ctx);
+        }
+        dd = s->enc_read_ctx;
+
+        if (ssl_replace_hash(&s->read_hash, m) == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+#ifndef OPENSSL_NO_COMP
+        /* COMPRESS */
+        COMP_CTX_free(s->expand);
+        s->expand = NULL;
+        if (comp != NULL) {
+            s->expand = COMP_CTX_new(comp);
+            if (s->expand == NULL) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_SSL3_CHANGE_CIPHER_STATE,
+                         SSL_R_COMPRESSION_LIBRARY_ERROR);
+                goto err;
+            }
+        }
+#endif
+        RECORD_LAYER_reset_read_sequence(&s->rlayer);
+        mac_secret = &(s->s3->read_mac_secret[0]);
+    } else {
+        s->statem.enc_write_state = ENC_WRITE_STATE_INVALID;
+        if (s->enc_write_ctx != NULL) {
+            reuse_dd = 1;
+        } else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
+                     ERR_R_MALLOC_FAILURE);
+            goto err;
+        } else {
+            /*
+             * make sure it's initialised in case we exit later with an error
+             */
+            EVP_CIPHER_CTX_reset(s->enc_write_ctx);
+        }
+        dd = s->enc_write_ctx;
+        if (ssl_replace_hash(&s->write_hash, m) == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
+                     ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+#ifndef OPENSSL_NO_COMP
+        /* COMPRESS */
+        COMP_CTX_free(s->compress);
+        s->compress = NULL;
+        if (comp != NULL) {
+            s->compress = COMP_CTX_new(comp);
+            if (s->compress == NULL) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_SSL3_CHANGE_CIPHER_STATE,
+                         SSL_R_COMPRESSION_LIBRARY_ERROR);
+                goto err;
+            }
+        }
+#endif
+        RECORD_LAYER_reset_write_sequence(&s->rlayer);
+        mac_secret = &(s->s3->write_mac_secret[0]);
+    }
+
+    if (reuse_dd)
+        EVP_CIPHER_CTX_reset(dd);
+
+    p = s->s3->tmp.key_block;
+    mdi = EVP_MD_size(m);
+    if (mdi < 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    i = mdi;
+    cl = EVP_CIPHER_key_length(c);
+    j = cl;
+    k = EVP_CIPHER_iv_length(c);
+    if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
+        (which == SSL3_CHANGE_CIPHER_SERVER_READ)) {
+        ms = &(p[0]);
+        n = i + i;
+        key = &(p[n]);
+        n += j + j;
+        iv = &(p[n]);
+        n += k + k;
+    } else {
+        n = i;
+        ms = &(p[n]);
+        n += i + j;
+        key = &(p[n]);
+        n += j + k;
+        iv = &(p[n]);
+        n += k;
+    }
+
+    if (n > s->s3->tmp.key_block_length) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    memcpy(mac_secret, ms, i);
+
+    if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE))) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    s->statem.enc_write_state = ENC_WRITE_STATE_VALID;
+    return 1;
+ err:
+    return 0;
+}
+
+int ssl3_setup_key_block(SSL *s)
+{
+    unsigned char *p;
+    const EVP_CIPHER *c;
+    const EVP_MD *hash;
+    int num;
+    int ret = 0;
+    SSL_COMP *comp;
+
+    if (s->s3->tmp.key_block_length != 0)
+        return 1;
+
+    if (!ssl_cipher_get_evp(s->session, &c, &hash, NULL, NULL, &comp, 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_SETUP_KEY_BLOCK,
+                 SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
+        return 0;
+    }
+
+    s->s3->tmp.new_sym_enc = c;
+    s->s3->tmp.new_hash = hash;
+#ifdef OPENSSL_NO_COMP
+    s->s3->tmp.new_compression = NULL;
+#else
+    s->s3->tmp.new_compression = comp;
+#endif
+
+    num = EVP_MD_size(hash);
+    if (num < 0)
+        return 0;
+
+    num = EVP_CIPHER_key_length(c) + num + EVP_CIPHER_iv_length(c);
+    num *= 2;
+
+    ssl3_cleanup_key_block(s);
+
+    if ((p = OPENSSL_malloc(num)) == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_SETUP_KEY_BLOCK,
+                 ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    s->s3->tmp.key_block_length = num;
+    s->s3->tmp.key_block = p;
+
+    /* Calls SSLfatal() as required */
+    ret = ssl3_generate_key_block(s, p, num);
+
+    if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) {
+        /*
+         * enable vulnerability countermeasure for CBC ciphers with known-IV
+         * problem (http://www.openssl.org/~bodo/tls-cbc.txt)
+         */
+        s->s3->need_empty_fragments = 1;
+
+        if (s->session->cipher != NULL) {
+            if (s->session->cipher->algorithm_enc == SSL_eNULL)
+                s->s3->need_empty_fragments = 0;
+
+#ifndef OPENSSL_NO_RC4
+            if (s->session->cipher->algorithm_enc == SSL_RC4)
+                s->s3->need_empty_fragments = 0;
+#endif
+        }
+    }
+
+    return ret;
+}
+
+void ssl3_cleanup_key_block(SSL *s)
+{
+    OPENSSL_clear_free(s->s3->tmp.key_block, s->s3->tmp.key_block_length);
+    s->s3->tmp.key_block = NULL;
+    s->s3->tmp.key_block_length = 0;
+}
+
+int ssl3_init_finished_mac(SSL *s)
+{
+    BIO *buf = BIO_new(BIO_s_mem());
+
+    if (buf == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_INIT_FINISHED_MAC,
+                 ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ssl3_free_digest_list(s);
+    s->s3->handshake_buffer = buf;
+    (void)BIO_set_close(s->s3->handshake_buffer, BIO_CLOSE);
+    return 1;
+}
+
+/*
+ * Free digest list. Also frees handshake buffer since they are always freed
+ * together.
+ */
+
+void ssl3_free_digest_list(SSL *s)
+{
+    BIO_free(s->s3->handshake_buffer);
+    s->s3->handshake_buffer = NULL;
+    EVP_MD_CTX_free(s->s3->handshake_dgst);
+    s->s3->handshake_dgst = NULL;
+}
+
+int ssl3_finish_mac(SSL *s, const unsigned char *buf, size_t len)
+{
+    int ret;
+
+    if (s->s3->handshake_dgst == NULL) {
+        /* Note: this writes to a memory BIO so a failure is a fatal error */
+        if (len > INT_MAX) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINISH_MAC,
+                     SSL_R_OVERFLOW_ERROR);
+            return 0;
+        }
+        ret = BIO_write(s->s3->handshake_buffer, (void *)buf, (int)len);
+        if (ret <= 0 || ret != (int)len) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINISH_MAC,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+    } else {
+        ret = EVP_DigestUpdate(s->s3->handshake_dgst, buf, len);
+        if (!ret) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINISH_MAC,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+    }
+    return 1;
+}
+
+int ssl3_digest_cached_records(SSL *s, int keep)
+{
+    const EVP_MD *md;
+    long hdatalen;
+    void *hdata;
+
+    if (s->s3->handshake_dgst == NULL) {
+        hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
+        if (hdatalen <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS,
+                     SSL_R_BAD_HANDSHAKE_LENGTH);
+            return 0;
+        }
+
+        s->s3->handshake_dgst = EVP_MD_CTX_new();
+        if (s->s3->handshake_dgst == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS,
+                     ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+
+        md = ssl_handshake_md(s);
+        if (md == NULL || !EVP_DigestInit_ex(s->s3->handshake_dgst, md, NULL)
+            || !EVP_DigestUpdate(s->s3->handshake_dgst, hdata, hdatalen)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+    }
+    if (keep == 0) {
+        BIO_free(s->s3->handshake_buffer);
+        s->s3->handshake_buffer = NULL;
+    }
+
+    return 1;
+}
+
+size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t len,
+                             unsigned char *p)
+{
+    int ret;
+    EVP_MD_CTX *ctx = NULL;
+
+    if (!ssl3_digest_cached_records(s, 0)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    if (EVP_MD_CTX_type(s->s3->handshake_dgst) != NID_md5_sha1) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC,
+                 SSL_R_NO_REQUIRED_DIGEST);
+        return 0;
+    }
+
+    ctx = EVP_MD_CTX_new();
+    if (ctx == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC,
+                 ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    if (!EVP_MD_CTX_copy_ex(ctx, s->s3->handshake_dgst)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC,
+                 ERR_R_INTERNAL_ERROR);
+        ret = 0;
+        goto err;
+    }
+
+    ret = EVP_MD_CTX_size(ctx);
+    if (ret < 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC,
+                 ERR_R_INTERNAL_ERROR);
+        ret = 0;
+        goto err;
+    }
+
+    if ((sender != NULL && EVP_DigestUpdate(ctx, sender, len) <= 0)
+        || EVP_MD_CTX_ctrl(ctx, EVP_CTRL_SSL3_MASTER_SECRET,
+                           (int)s->session->master_key_length,
+                           s->session->master_key) <= 0
+        || EVP_DigestFinal_ex(ctx, p, NULL) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC,
+                 ERR_R_INTERNAL_ERROR);
+        ret = 0;
+    }
+
+ err:
+    EVP_MD_CTX_free(ctx);
+
+    return ret;
+}
+
+int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
+                                size_t len, size_t *secret_size)
+{
+    static const unsigned char *salt[3] = {
+#ifndef CHARSET_EBCDIC
+        (const unsigned char *)"A",
+        (const unsigned char *)"BB",
+        (const unsigned char *)"CCC",
+#else
+        (const unsigned char *)"\x41",
+        (const unsigned char *)"\x42\x42",
+        (const unsigned char *)"\x43\x43\x43",
+#endif
+    };
+    unsigned char buf[EVP_MAX_MD_SIZE];
+    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+    int i, ret = 1;
+    unsigned int n;
+    size_t ret_secret_size = 0;
+
+    if (ctx == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GENERATE_MASTER_SECRET,
+                 ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    for (i = 0; i < 3; i++) {
+        if (EVP_DigestInit_ex(ctx, s->ctx->sha1, NULL) <= 0
+            || EVP_DigestUpdate(ctx, salt[i],
+                                strlen((const char *)salt[i])) <= 0
+            || EVP_DigestUpdate(ctx, p, len) <= 0
+            || EVP_DigestUpdate(ctx, &(s->s3->client_random[0]),
+                                SSL3_RANDOM_SIZE) <= 0
+            || EVP_DigestUpdate(ctx, &(s->s3->server_random[0]),
+                                SSL3_RANDOM_SIZE) <= 0
+               /* TODO(size_t) : convert me */
+            || EVP_DigestFinal_ex(ctx, buf, &n) <= 0
+            || EVP_DigestInit_ex(ctx, s->ctx->md5, NULL) <= 0
+            || EVP_DigestUpdate(ctx, p, len) <= 0
+            || EVP_DigestUpdate(ctx, buf, n) <= 0
+            || EVP_DigestFinal_ex(ctx, out, &n) <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_SSL3_GENERATE_MASTER_SECRET, ERR_R_INTERNAL_ERROR);
+            ret = 0;
+            break;
+        }
+        out += n;
+        ret_secret_size += n;
+    }
+    EVP_MD_CTX_free(ctx);
+
+    OPENSSL_cleanse(buf, sizeof(buf));
+    if (ret)
+        *secret_size = ret_secret_size;
+    return ret;
+}
+
+int ssl3_alert_code(int code)
+{
+    switch (code) {
+    case SSL_AD_CLOSE_NOTIFY:
+        return SSL3_AD_CLOSE_NOTIFY;
+    case SSL_AD_UNEXPECTED_MESSAGE:
+        return SSL3_AD_UNEXPECTED_MESSAGE;
+    case SSL_AD_BAD_RECORD_MAC:
+        return SSL3_AD_BAD_RECORD_MAC;
+    case SSL_AD_DECRYPTION_FAILED:
+        return SSL3_AD_BAD_RECORD_MAC;
+    case SSL_AD_RECORD_OVERFLOW:
+        return SSL3_AD_BAD_RECORD_MAC;
+    case SSL_AD_DECOMPRESSION_FAILURE:
+        return SSL3_AD_DECOMPRESSION_FAILURE;
+    case SSL_AD_HANDSHAKE_FAILURE:
+        return SSL3_AD_HANDSHAKE_FAILURE;
+    case SSL_AD_NO_CERTIFICATE:
+        return SSL3_AD_NO_CERTIFICATE;
+    case SSL_AD_BAD_CERTIFICATE:
+        return SSL3_AD_BAD_CERTIFICATE;
+    case SSL_AD_UNSUPPORTED_CERTIFICATE:
+        return SSL3_AD_UNSUPPORTED_CERTIFICATE;
+    case SSL_AD_CERTIFICATE_REVOKED:
+        return SSL3_AD_CERTIFICATE_REVOKED;
+    case SSL_AD_CERTIFICATE_EXPIRED:
+        return SSL3_AD_CERTIFICATE_EXPIRED;
+    case SSL_AD_CERTIFICATE_UNKNOWN:
+        return SSL3_AD_CERTIFICATE_UNKNOWN;
+    case SSL_AD_ILLEGAL_PARAMETER:
+        return SSL3_AD_ILLEGAL_PARAMETER;
+    case SSL_AD_UNKNOWN_CA:
+        return SSL3_AD_BAD_CERTIFICATE;
+    case SSL_AD_ACCESS_DENIED:
+        return SSL3_AD_HANDSHAKE_FAILURE;
+    case SSL_AD_DECODE_ERROR:
+        return SSL3_AD_HANDSHAKE_FAILURE;
+    case SSL_AD_DECRYPT_ERROR:
+        return SSL3_AD_HANDSHAKE_FAILURE;
+    case SSL_AD_EXPORT_RESTRICTION:
+        return SSL3_AD_HANDSHAKE_FAILURE;
+    case SSL_AD_PROTOCOL_VERSION:
+        return SSL3_AD_HANDSHAKE_FAILURE;
+    case SSL_AD_INSUFFICIENT_SECURITY:
+        return SSL3_AD_HANDSHAKE_FAILURE;
+    case SSL_AD_INTERNAL_ERROR:
+        return SSL3_AD_HANDSHAKE_FAILURE;
+    case SSL_AD_USER_CANCELLED:
+        return SSL3_AD_HANDSHAKE_FAILURE;
+    case SSL_AD_NO_RENEGOTIATION:
+        return -1;            /* Don't send it :-) */
+    case SSL_AD_UNSUPPORTED_EXTENSION:
+        return SSL3_AD_HANDSHAKE_FAILURE;
+    case SSL_AD_CERTIFICATE_UNOBTAINABLE:
+        return SSL3_AD_HANDSHAKE_FAILURE;
+    case SSL_AD_UNRECOGNIZED_NAME:
+        return SSL3_AD_HANDSHAKE_FAILURE;
+    case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
+        return SSL3_AD_HANDSHAKE_FAILURE;
+    case SSL_AD_BAD_CERTIFICATE_HASH_VALUE:
+        return SSL3_AD_HANDSHAKE_FAILURE;
+    case SSL_AD_UNKNOWN_PSK_IDENTITY:
+        return TLS1_AD_UNKNOWN_PSK_IDENTITY;
+    case SSL_AD_INAPPROPRIATE_FALLBACK:
+        return TLS1_AD_INAPPROPRIATE_FALLBACK;
+    case SSL_AD_NO_APPLICATION_PROTOCOL:
+        return TLS1_AD_NO_APPLICATION_PROTOCOL;
+    case SSL_AD_CERTIFICATE_REQUIRED:
+        return SSL_AD_HANDSHAKE_FAILURE;
+    default:
+        return -1;
+    }
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/s3_lib.c b/trunk/3rdparty/openssl-1.1-fit/ssl/s3_lib.c
new file mode 100644
index 000000000..99ae48199
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/s3_lib.c
@@ -0,0 +1,4864 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/objects.h>
+#include "internal/nelem.h"
+#include "ssl_locl.h"
+#include <openssl/md5.h>
+#include <openssl/dh.h>
+#include <openssl/rand.h>
+#include "internal/cryptlib.h"
+
+#define TLS13_NUM_CIPHERS       OSSL_NELEM(tls13_ciphers)
+#define SSL3_NUM_CIPHERS        OSSL_NELEM(ssl3_ciphers)
+#define SSL3_NUM_SCSVS          OSSL_NELEM(ssl3_scsvs)
+
+/* TLSv1.3 downgrade protection sentinel values */
+const unsigned char tls11downgrade[] = {
+    0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
+};
+const unsigned char tls12downgrade[] = {
+    0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
+};
+
+/* The list of available TLSv1.3 ciphers */
+static SSL_CIPHER tls13_ciphers[] = {
+    {
+        1,
+        TLS1_3_RFC_AES_128_GCM_SHA256,
+        TLS1_3_RFC_AES_128_GCM_SHA256,
+        TLS1_3_CK_AES_128_GCM_SHA256,
+        SSL_kANY,
+        SSL_aANY,
+        SSL_AES128GCM,
+        SSL_AEAD,
+        TLS1_3_VERSION, TLS1_3_VERSION,
+        0, 0,
+        SSL_HIGH,
+        SSL_HANDSHAKE_MAC_SHA256,
+        128,
+        128,
+    }, {
+        1,
+        TLS1_3_RFC_AES_256_GCM_SHA384,
+        TLS1_3_RFC_AES_256_GCM_SHA384,
+        TLS1_3_CK_AES_256_GCM_SHA384,
+        SSL_kANY,
+        SSL_aANY,
+        SSL_AES256GCM,
+        SSL_AEAD,
+        TLS1_3_VERSION, TLS1_3_VERSION,
+        0, 0,
+        SSL_HIGH,
+        SSL_HANDSHAKE_MAC_SHA384,
+        256,
+        256,
+    },
+#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
+    {
+        1,
+        TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
+        TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
+        TLS1_3_CK_CHACHA20_POLY1305_SHA256,
+        SSL_kANY,
+        SSL_aANY,
+        SSL_CHACHA20POLY1305,
+        SSL_AEAD,
+        TLS1_3_VERSION, TLS1_3_VERSION,
+        0, 0,
+        SSL_HIGH,
+        SSL_HANDSHAKE_MAC_SHA256,
+        256,
+        256,
+    },
+#endif
+    {
+        1,
+        TLS1_3_RFC_AES_128_CCM_SHA256,
+        TLS1_3_RFC_AES_128_CCM_SHA256,
+        TLS1_3_CK_AES_128_CCM_SHA256,
+        SSL_kANY,
+        SSL_aANY,
+        SSL_AES128CCM,
+        SSL_AEAD,
+        TLS1_3_VERSION, TLS1_3_VERSION,
+        0, 0,
+        SSL_NOT_DEFAULT | SSL_HIGH,
+        SSL_HANDSHAKE_MAC_SHA256,
+        128,
+        128,
+    }, {
+        1,
+        TLS1_3_RFC_AES_128_CCM_8_SHA256,
+        TLS1_3_RFC_AES_128_CCM_8_SHA256,
+        TLS1_3_CK_AES_128_CCM_8_SHA256,
+        SSL_kANY,
+        SSL_aANY,
+        SSL_AES128CCM8,
+        SSL_AEAD,
+        TLS1_3_VERSION, TLS1_3_VERSION,
+        0, 0,
+        SSL_NOT_DEFAULT | SSL_HIGH,
+        SSL_HANDSHAKE_MAC_SHA256,
+        128,
+        128,
+    }
+};
+
+/*
+ * The list of available ciphers, mostly organized into the following
+ * groups:
+ *      Always there
+ *      EC
+ *      PSK
+ *      SRP (within that: RSA EC PSK)
+ *      Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED
+ *      Weak ciphers
+ */
+static SSL_CIPHER ssl3_ciphers[] = {
+    {
+     1,
+     SSL3_TXT_RSA_NULL_MD5,
+     SSL3_RFC_RSA_NULL_MD5,
+     SSL3_CK_RSA_NULL_MD5,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_eNULL,
+     SSL_MD5,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+    {
+     1,
+     SSL3_TXT_RSA_NULL_SHA,
+     SSL3_RFC_RSA_NULL_SHA,
+     SSL3_CK_RSA_NULL_SHA,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_eNULL,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     SSL3_TXT_RSA_DES_192_CBC3_SHA,
+     SSL3_RFC_RSA_DES_192_CBC3_SHA,
+     SSL3_CK_RSA_DES_192_CBC3_SHA,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_3DES,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+    {
+     1,
+     SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
+     SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA,
+     SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
+     SSL_kDHE,
+     SSL_aDSS,
+     SSL_3DES,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+    {
+     1,
+     SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
+     SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA,
+     SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_3DES,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+    {
+     1,
+     SSL3_TXT_ADH_DES_192_CBC_SHA,
+     SSL3_RFC_ADH_DES_192_CBC_SHA,
+     SSL3_CK_ADH_DES_192_CBC_SHA,
+     SSL_kDHE,
+     SSL_aNULL,
+     SSL_3DES,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+#endif
+    {
+     1,
+     TLS1_TXT_RSA_WITH_AES_128_SHA,
+     TLS1_RFC_RSA_WITH_AES_128_SHA,
+     TLS1_CK_RSA_WITH_AES_128_SHA,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_AES128,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
+     TLS1_RFC_DHE_DSS_WITH_AES_128_SHA,
+     TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
+     SSL_kDHE,
+     SSL_aDSS,
+     SSL_AES128,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
+     TLS1_RFC_DHE_RSA_WITH_AES_128_SHA,
+     TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_AES128,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ADH_WITH_AES_128_SHA,
+     TLS1_RFC_ADH_WITH_AES_128_SHA,
+     TLS1_CK_ADH_WITH_AES_128_SHA,
+     SSL_kDHE,
+     SSL_aNULL,
+     SSL_AES128,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_WITH_AES_256_SHA,
+     TLS1_RFC_RSA_WITH_AES_256_SHA,
+     TLS1_CK_RSA_WITH_AES_256_SHA,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_AES256,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
+     TLS1_RFC_DHE_DSS_WITH_AES_256_SHA,
+     TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
+     SSL_kDHE,
+     SSL_aDSS,
+     SSL_AES256,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
+     TLS1_RFC_DHE_RSA_WITH_AES_256_SHA,
+     TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_AES256,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ADH_WITH_AES_256_SHA,
+     TLS1_RFC_ADH_WITH_AES_256_SHA,
+     TLS1_CK_ADH_WITH_AES_256_SHA,
+     SSL_kDHE,
+     SSL_aNULL,
+     SSL_AES256,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_WITH_NULL_SHA256,
+     TLS1_RFC_RSA_WITH_NULL_SHA256,
+     TLS1_CK_RSA_WITH_NULL_SHA256,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_eNULL,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_WITH_AES_128_SHA256,
+     TLS1_RFC_RSA_WITH_AES_128_SHA256,
+     TLS1_CK_RSA_WITH_AES_128_SHA256,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_AES128,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_WITH_AES_256_SHA256,
+     TLS1_RFC_RSA_WITH_AES_256_SHA256,
+     TLS1_CK_RSA_WITH_AES_256_SHA256,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_AES256,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
+     TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256,
+     TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
+     SSL_kDHE,
+     SSL_aDSS,
+     SSL_AES128,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
+     TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256,
+     TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_AES128,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
+     TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256,
+     TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
+     SSL_kDHE,
+     SSL_aDSS,
+     SSL_AES256,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
+     TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256,
+     TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_AES256,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ADH_WITH_AES_128_SHA256,
+     TLS1_RFC_ADH_WITH_AES_128_SHA256,
+     TLS1_CK_ADH_WITH_AES_128_SHA256,
+     SSL_kDHE,
+     SSL_aNULL,
+     SSL_AES128,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ADH_WITH_AES_256_SHA256,
+     TLS1_RFC_ADH_WITH_AES_256_SHA256,
+     TLS1_CK_ADH_WITH_AES_256_SHA256,
+     SSL_kDHE,
+     SSL_aNULL,
+     SSL_AES256,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
+     TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256,
+     TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_AES128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
+     TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384,
+     TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_AES256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
+     TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256,
+     TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_AES128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
+     TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384,
+     TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_AES256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
+     TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256,
+     TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
+     SSL_kDHE,
+     SSL_aDSS,
+     SSL_AES128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
+     TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384,
+     TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
+     SSL_kDHE,
+     SSL_aDSS,
+     SSL_AES256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
+     TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256,
+     TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
+     SSL_kDHE,
+     SSL_aNULL,
+     SSL_AES128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
+     TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384,
+     TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
+     SSL_kDHE,
+     SSL_aNULL,
+     SSL_AES256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_WITH_AES_128_CCM,
+     TLS1_RFC_RSA_WITH_AES_128_CCM,
+     TLS1_CK_RSA_WITH_AES_128_CCM,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_AES128CCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_WITH_AES_256_CCM,
+     TLS1_RFC_RSA_WITH_AES_256_CCM,
+     TLS1_CK_RSA_WITH_AES_256_CCM,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_AES256CCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
+     TLS1_RFC_DHE_RSA_WITH_AES_128_CCM,
+     TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_AES128CCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
+     TLS1_RFC_DHE_RSA_WITH_AES_256_CCM,
+     TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_AES256CCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_WITH_AES_128_CCM_8,
+     TLS1_RFC_RSA_WITH_AES_128_CCM_8,
+     TLS1_CK_RSA_WITH_AES_128_CCM_8,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_AES128CCM8,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_WITH_AES_256_CCM_8,
+     TLS1_RFC_RSA_WITH_AES_256_CCM_8,
+     TLS1_CK_RSA_WITH_AES_256_CCM_8,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_AES256CCM8,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
+     TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8,
+     TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_AES128CCM8,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
+     TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8,
+     TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_AES256CCM8,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_PSK_WITH_AES_128_CCM,
+     TLS1_RFC_PSK_WITH_AES_128_CCM,
+     TLS1_CK_PSK_WITH_AES_128_CCM,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_AES128CCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_PSK_WITH_AES_256_CCM,
+     TLS1_RFC_PSK_WITH_AES_256_CCM,
+     TLS1_CK_PSK_WITH_AES_256_CCM,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_AES256CCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
+     TLS1_RFC_DHE_PSK_WITH_AES_128_CCM,
+     TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_AES128CCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
+     TLS1_RFC_DHE_PSK_WITH_AES_256_CCM,
+     TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_AES256CCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_PSK_WITH_AES_128_CCM_8,
+     TLS1_RFC_PSK_WITH_AES_128_CCM_8,
+     TLS1_CK_PSK_WITH_AES_128_CCM_8,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_AES128CCM8,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_PSK_WITH_AES_256_CCM_8,
+     TLS1_RFC_PSK_WITH_AES_256_CCM_8,
+     TLS1_CK_PSK_WITH_AES_256_CCM_8,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_AES256CCM8,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
+     TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8,
+     TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_AES128CCM8,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
+     TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8,
+     TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_AES256CCM8,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
+     TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM,
+     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_AES128CCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
+     TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM,
+     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_AES256CCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
+     TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8,
+     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_AES128CCM8,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
+     TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8,
+     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_AES256CCM8,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
+     TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA,
+     TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_eNULL,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
+     TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
+     TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_3DES,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+# endif
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+     TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_AES128,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+     TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_AES256,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
+     TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA,
+     TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
+     SSL_kECDHE,
+     SSL_aRSA,
+     SSL_eNULL,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
+     TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
+     TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
+     SSL_kECDHE,
+     SSL_aRSA,
+     SSL_3DES,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+# endif
+    {
+     1,
+     TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+     TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+     TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+     SSL_kECDHE,
+     SSL_aRSA,
+     SSL_AES128,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+     TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+     TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+     SSL_kECDHE,
+     SSL_aRSA,
+     SSL_AES256,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
+     TLS1_RFC_ECDH_anon_WITH_NULL_SHA,
+     TLS1_CK_ECDH_anon_WITH_NULL_SHA,
+     SSL_kECDHE,
+     SSL_aNULL,
+     SSL_eNULL,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
+     TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA,
+     TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
+     SSL_kECDHE,
+     SSL_aNULL,
+     SSL_3DES,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+# endif
+    {
+     1,
+     TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
+     TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA,
+     TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
+     SSL_kECDHE,
+     SSL_aNULL,
+     SSL_AES128,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
+     TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA,
+     TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
+     SSL_kECDHE,
+     SSL_aNULL,
+     SSL_AES256,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
+     TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256,
+     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_AES128,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
+     TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384,
+     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_AES256,
+     SSL_SHA384,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
+     TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256,
+     TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
+     SSL_kECDHE,
+     SSL_aRSA,
+     SSL_AES128,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
+     TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384,
+     TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
+     SSL_kECDHE,
+     SSL_aRSA,
+     SSL_AES256,
+     SSL_SHA384,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+     TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_AES128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+     TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_AES256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+     TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+     TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+     SSL_kECDHE,
+     SSL_aRSA,
+     SSL_AES128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+     TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+     TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+     SSL_kECDHE,
+     SSL_aRSA,
+     SSL_AES256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_PSK_WITH_NULL_SHA,
+     TLS1_RFC_PSK_WITH_NULL_SHA,
+     TLS1_CK_PSK_WITH_NULL_SHA,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_eNULL,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
+     TLS1_RFC_DHE_PSK_WITH_NULL_SHA,
+     TLS1_CK_DHE_PSK_WITH_NULL_SHA,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_eNULL,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
+     TLS1_RFC_RSA_PSK_WITH_NULL_SHA,
+     TLS1_CK_RSA_PSK_WITH_NULL_SHA,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_eNULL,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
+     TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA,
+     TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_3DES,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+# endif
+    {
+     1,
+     TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
+     TLS1_RFC_PSK_WITH_AES_128_CBC_SHA,
+     TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_AES128,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
+     TLS1_RFC_PSK_WITH_AES_256_CBC_SHA,
+     TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_AES256,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
+     TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
+     TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_3DES,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+# endif
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
+     TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA,
+     TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_AES128,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
+     TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA,
+     TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_AES256,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
+     TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
+     TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_3DES,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+# endif
+    {
+     1,
+     TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
+     TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA,
+     TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_AES128,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
+     TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA,
+     TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_AES256,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
+     TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256,
+     TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_AES128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
+     TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384,
+     TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_AES256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
+     TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256,
+     TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_AES128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
+     TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384,
+     TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_AES256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
+     TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256,
+     TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_AES128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
+     TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384,
+     TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_AES256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
+     TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256,
+     TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_AES128,
+     SSL_SHA256,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
+     TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384,
+     TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_AES256,
+     SSL_SHA384,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_PSK_WITH_NULL_SHA256,
+     TLS1_RFC_PSK_WITH_NULL_SHA256,
+     TLS1_CK_PSK_WITH_NULL_SHA256,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_eNULL,
+     SSL_SHA256,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+    {
+     1,
+     TLS1_TXT_PSK_WITH_NULL_SHA384,
+     TLS1_RFC_PSK_WITH_NULL_SHA384,
+     TLS1_CK_PSK_WITH_NULL_SHA384,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_eNULL,
+     SSL_SHA384,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     0,
+     0,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
+     TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256,
+     TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_AES128,
+     SSL_SHA256,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
+     TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384,
+     TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_AES256,
+     SSL_SHA384,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
+     TLS1_RFC_DHE_PSK_WITH_NULL_SHA256,
+     TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_eNULL,
+     SSL_SHA256,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
+     TLS1_RFC_DHE_PSK_WITH_NULL_SHA384,
+     TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_eNULL,
+     SSL_SHA384,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     0,
+     0,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
+     TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256,
+     TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_AES128,
+     SSL_SHA256,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
+     TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384,
+     TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_AES256,
+     SSL_SHA384,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
+     TLS1_RFC_RSA_PSK_WITH_NULL_SHA256,
+     TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_eNULL,
+     SSL_SHA256,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
+     TLS1_RFC_RSA_PSK_WITH_NULL_SHA384,
+     TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_eNULL,
+     SSL_SHA384,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     0,
+     0,
+     },
+#  ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
+     TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
+     TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
+     SSL_kECDHEPSK,
+     SSL_aPSK,
+     SSL_3DES,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+#  endif
+    {
+     1,
+     TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
+     TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA,
+     TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
+     SSL_kECDHEPSK,
+     SSL_aPSK,
+     SSL_AES128,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
+     TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA,
+     TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
+     SSL_kECDHEPSK,
+     SSL_aPSK,
+     SSL_AES256,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
+     TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
+     TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
+     SSL_kECDHEPSK,
+     SSL_aPSK,
+     SSL_AES128,
+     SSL_SHA256,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
+     TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
+     TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
+     SSL_kECDHEPSK,
+     SSL_aPSK,
+     SSL_AES256,
+     SSL_SHA384,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
+     TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA,
+     TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
+     SSL_kECDHEPSK,
+     SSL_aPSK,
+     SSL_eNULL,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
+     TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256,
+     TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
+     SSL_kECDHEPSK,
+     SSL_aPSK,
+     SSL_eNULL,
+     SSL_SHA256,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
+     TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384,
+     TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
+     SSL_kECDHEPSK,
+     SSL_aPSK,
+     SSL_eNULL,
+     SSL_SHA384,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     0,
+     0,
+     },
+
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
+     TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
+     TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
+     SSL_kSRP,
+     SSL_aSRP,
+     SSL_3DES,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+    {
+     1,
+     TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
+     TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
+     TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
+     SSL_kSRP,
+     SSL_aRSA,
+     SSL_3DES,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+    {
+     1,
+     TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
+     TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
+     TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
+     SSL_kSRP,
+     SSL_aDSS,
+     SSL_3DES,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+# endif
+    {
+     1,
+     TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
+     TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA,
+     TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
+     SSL_kSRP,
+     SSL_aSRP,
+     SSL_AES128,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
+     TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
+     TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
+     SSL_kSRP,
+     SSL_aRSA,
+     SSL_AES128,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
+     TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
+     TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
+     SSL_kSRP,
+     SSL_aDSS,
+     SSL_AES128,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
+     TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA,
+     TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
+     SSL_kSRP,
+     SSL_aSRP,
+     SSL_AES256,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
+     TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
+     TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
+     SSL_kSRP,
+     SSL_aRSA,
+     SSL_AES256,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
+     TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
+     TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
+     SSL_kSRP,
+     SSL_aDSS,
+     SSL_AES256,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+
+#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
+     TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305,
+     TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_CHACHA20POLY1305,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+     TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+     TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+     SSL_kECDHE,
+     SSL_aRSA,
+     SSL_CHACHA20POLY1305,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+     TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+     TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_CHACHA20POLY1305,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
+     TLS1_RFC_PSK_WITH_CHACHA20_POLY1305,
+     TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_CHACHA20POLY1305,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
+     TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305,
+     TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
+     SSL_kECDHEPSK,
+     SSL_aPSK,
+     SSL_CHACHA20POLY1305,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
+     TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305,
+     TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_CHACHA20POLY1305,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
+     TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305,
+     TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_CHACHA20POLY1305,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+#endif                          /* !defined(OPENSSL_NO_CHACHA) &&
+                                 * !defined(OPENSSL_NO_POLY1305) */
+
+#ifndef OPENSSL_NO_CAMELLIA
+    {
+     1,
+     TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_CAMELLIA128,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
+     SSL_kEDH,
+     SSL_aDSS,
+     SSL_CAMELLIA128,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+     SSL_kEDH,
+     SSL_aRSA,
+     SSL_CAMELLIA128,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
+     SSL_kEDH,
+     SSL_aNULL,
+     SSL_CAMELLIA128,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
+     TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256,
+     TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_CAMELLIA256,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
+     TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
+     TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
+     SSL_kEDH,
+     SSL_aDSS,
+     SSL_CAMELLIA256,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
+     TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
+     TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
+     SSL_kEDH,
+     SSL_aRSA,
+     SSL_CAMELLIA256,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
+     TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256,
+     TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
+     SSL_kEDH,
+     SSL_aNULL,
+     SSL_CAMELLIA256,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
+     TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA,
+     TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_CAMELLIA256,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
+     TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
+     TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
+     SSL_kDHE,
+     SSL_aDSS,
+     SSL_CAMELLIA256,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
+     TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
+     TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_CAMELLIA256,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
+     TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA,
+     TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
+     SSL_kDHE,
+     SSL_aNULL,
+     SSL_CAMELLIA256,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
+     TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA,
+     TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_CAMELLIA128,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
+     TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
+     TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
+     SSL_kDHE,
+     SSL_aDSS,
+     SSL_CAMELLIA128,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
+     TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
+     TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_CAMELLIA128,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
+     TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA,
+     TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
+     SSL_kDHE,
+     SSL_aNULL,
+     SSL_CAMELLIA128,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_CAMELLIA128,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_CAMELLIA256,
+     SSL_SHA384,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+     SSL_kECDHE,
+     SSL_aRSA,
+     SSL_CAMELLIA128,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
+     SSL_kECDHE,
+     SSL_aRSA,
+     SSL_CAMELLIA256,
+     SSL_SHA384,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_CAMELLIA128,
+     SSL_SHA256,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_CAMELLIA256,
+     SSL_SHA384,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_CAMELLIA128,
+     SSL_SHA256,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_CAMELLIA256,
+     SSL_SHA384,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_CAMELLIA128,
+     SSL_SHA256,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_CAMELLIA256,
+     SSL_SHA384,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+     SSL_kECDHEPSK,
+     SSL_aPSK,
+     SSL_CAMELLIA128,
+     SSL_SHA256,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+     SSL_kECDHEPSK,
+     SSL_aPSK,
+     SSL_CAMELLIA256,
+     SSL_SHA384,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+#endif                          /* OPENSSL_NO_CAMELLIA */
+
+#ifndef OPENSSL_NO_GOST
+    {
+     1,
+     "GOST2001-GOST89-GOST89",
+     "TLS_GOSTR341001_WITH_28147_CNT_IMIT",
+     0x3000081,
+     SSL_kGOST,
+     SSL_aGOST01,
+     SSL_eGOST2814789CNT,
+     SSL_GOST89MAC,
+     TLS1_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_HIGH,
+     SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
+     256,
+     256,
+     },
+    {
+     1,
+     "GOST2001-NULL-GOST94",
+     "TLS_GOSTR341001_WITH_NULL_GOSTR3411",
+     0x3000083,
+     SSL_kGOST,
+     SSL_aGOST01,
+     SSL_eNULL,
+     SSL_GOST94,
+     TLS1_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_STRONG_NONE,
+     SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
+     0,
+     0,
+     },
+    {
+     1,
+     "GOST2012-GOST8912-GOST8912",
+     NULL,
+     0x0300ff85,
+     SSL_kGOST,
+     SSL_aGOST12 | SSL_aGOST01,
+     SSL_eGOST2814789CNT12,
+     SSL_GOST89MAC12,
+     TLS1_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_HIGH,
+     SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
+     256,
+     256,
+     },
+    {
+     1,
+     "GOST2012-NULL-GOST12",
+     NULL,
+     0x0300ff87,
+     SSL_kGOST,
+     SSL_aGOST12 | SSL_aGOST01,
+     SSL_eNULL,
+     SSL_GOST12_256,
+     TLS1_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_STRONG_NONE,
+     SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
+     0,
+     0,
+     },
+#endif                          /* OPENSSL_NO_GOST */
+
+#ifndef OPENSSL_NO_IDEA
+    {
+     1,
+     SSL3_TXT_RSA_IDEA_128_SHA,
+     SSL3_RFC_RSA_IDEA_128_SHA,
+     SSL3_CK_RSA_IDEA_128_SHA,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_IDEA,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_1_VERSION,
+     DTLS1_BAD_VER, DTLS1_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+#endif
+
+#ifndef OPENSSL_NO_SEED
+    {
+     1,
+     TLS1_TXT_RSA_WITH_SEED_SHA,
+     TLS1_RFC_RSA_WITH_SEED_SHA,
+     TLS1_CK_RSA_WITH_SEED_SHA,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_SEED,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
+     TLS1_RFC_DHE_DSS_WITH_SEED_SHA,
+     TLS1_CK_DHE_DSS_WITH_SEED_SHA,
+     SSL_kDHE,
+     SSL_aDSS,
+     SSL_SEED,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
+     TLS1_RFC_DHE_RSA_WITH_SEED_SHA,
+     TLS1_CK_DHE_RSA_WITH_SEED_SHA,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_SEED,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ADH_WITH_SEED_SHA,
+     TLS1_RFC_ADH_WITH_SEED_SHA,
+     TLS1_CK_ADH_WITH_SEED_SHA,
+     SSL_kDHE,
+     SSL_aNULL,
+     SSL_SEED,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+#endif                          /* OPENSSL_NO_SEED */
+
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     SSL3_TXT_RSA_RC4_128_MD5,
+     SSL3_RFC_RSA_RC4_128_MD5,
+     SSL3_CK_RSA_RC4_128_MD5,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_RC4,
+     SSL_MD5,
+     SSL3_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     SSL3_TXT_RSA_RC4_128_SHA,
+     SSL3_RFC_RSA_RC4_128_SHA,
+     SSL3_CK_RSA_RC4_128_SHA,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_RC4,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     SSL3_TXT_ADH_RC4_128_MD5,
+     SSL3_RFC_ADH_RC4_128_MD5,
+     SSL3_CK_ADH_RC4_128_MD5,
+     SSL_kDHE,
+     SSL_aNULL,
+     SSL_RC4,
+     SSL_MD5,
+     SSL3_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
+     TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA,
+     TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
+     SSL_kECDHEPSK,
+     SSL_aPSK,
+     SSL_RC4,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
+     TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA,
+     TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
+     SSL_kECDHE,
+     SSL_aNULL,
+     SSL_RC4,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
+     TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA,
+     TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_RC4,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
+     TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA,
+     TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
+     SSL_kECDHE,
+     SSL_aRSA,
+     SSL_RC4,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_PSK_WITH_RC4_128_SHA,
+     TLS1_RFC_PSK_WITH_RC4_128_SHA,
+     TLS1_CK_PSK_WITH_RC4_128_SHA,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_RC4,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
+     TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA,
+     TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_RC4,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
+     TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA,
+     TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_RC4,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+#endif                          /* OPENSSL_NO_WEAK_SSL_CIPHERS */
+
+#ifndef OPENSSL_NO_ARIA
+    {
+     1,
+     TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256,
+     TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256,
+     TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_ARIA128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384,
+     TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384,
+     TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_ARIA256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
+     TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
+     TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_ARIA128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
+     TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
+     TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_ARIA256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
+     TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
+     TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
+     SSL_kDHE,
+     SSL_aDSS,
+     SSL_ARIA128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
+     TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
+     TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
+     SSL_kDHE,
+     SSL_aDSS,
+     SSL_ARIA256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
+     TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
+     TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_ARIA128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
+     TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
+     TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_ARIA256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
+     TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
+     TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
+     SSL_kECDHE,
+     SSL_aRSA,
+     SSL_ARIA128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
+     TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
+     TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
+     SSL_kECDHE,
+     SSL_aRSA,
+     SSL_ARIA256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256,
+     TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256,
+     TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_ARIA128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384,
+     TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384,
+     TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_ARIA256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
+     TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
+     TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_ARIA128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
+     TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
+     TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_ARIA256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
+     TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
+     TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_ARIA128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
+     TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
+     TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_ARIA256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+#endif /* OPENSSL_NO_ARIA */
+};
+
+/*
+ * The list of known Signalling Cipher-Suite Value "ciphers", non-valid
+ * values stuffed into the ciphers field of the wire protocol for signalling
+ * purposes.
+ */
+static SSL_CIPHER ssl3_scsvs[] = {
+    {
+     0,
+     "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
+     "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
+     SSL3_CK_SCSV,
+     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    },
+    {
+     0,
+     "TLS_FALLBACK_SCSV",
+     "TLS_FALLBACK_SCSV",
+     SSL3_CK_FALLBACK_SCSV,
+     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    },
+};
+
+static int cipher_compare(const void *a, const void *b)
+{
+    const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
+    const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
+
+    if (ap->id == bp->id)
+        return 0;
+    return ap->id < bp->id ? -1 : 1;
+}
+
+void ssl_sort_cipher_list(void)
+{
+    qsort(tls13_ciphers, TLS13_NUM_CIPHERS, sizeof(tls13_ciphers[0]),
+          cipher_compare);
+    qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(ssl3_ciphers[0]),
+          cipher_compare);
+    qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof(ssl3_scsvs[0]), cipher_compare);
+}
+
+static int ssl_undefined_function_1(SSL *ssl, unsigned char *r, size_t s,
+                                    const char * t, size_t u,
+                                    const unsigned char * v, size_t w, int x)
+{
+    (void)r;
+    (void)s;
+    (void)t;
+    (void)u;
+    (void)v;
+    (void)w;
+    (void)x;
+    return ssl_undefined_function(ssl);
+}
+
+const SSL3_ENC_METHOD SSLv3_enc_data = {
+    ssl3_enc,
+    n_ssl3_mac,
+    ssl3_setup_key_block,
+    ssl3_generate_master_secret,
+    ssl3_change_cipher_state,
+    ssl3_final_finish_mac,
+    SSL3_MD_CLIENT_FINISHED_CONST, 4,
+    SSL3_MD_SERVER_FINISHED_CONST, 4,
+    ssl3_alert_code,
+    ssl_undefined_function_1,
+    0,
+    ssl3_set_handshake_header,
+    tls_close_construct_packet,
+    ssl3_handshake_write
+};
+
+long ssl3_default_timeout(void)
+{
+    /*
+     * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
+     * http, the cache would over fill
+     */
+    return (60 * 60 * 2);
+}
+
+int ssl3_num_ciphers(void)
+{
+    return SSL3_NUM_CIPHERS;
+}
+
+const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
+{
+    if (u < SSL3_NUM_CIPHERS)
+        return &(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]);
+    else
+        return NULL;
+}
+
+int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype)
+{
+    /* No header in the event of a CCS */
+    if (htype == SSL3_MT_CHANGE_CIPHER_SPEC)
+        return 1;
+
+    /* Set the content type and 3 bytes for the message len */
+    if (!WPACKET_put_bytes_u8(pkt, htype)
+            || !WPACKET_start_sub_packet_u24(pkt))
+        return 0;
+
+    return 1;
+}
+
+int ssl3_handshake_write(SSL *s)
+{
+    return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
+}
+
+int ssl3_new(SSL *s)
+{
+    SSL3_STATE *s3;
+
+    if ((s3 = OPENSSL_zalloc(sizeof(*s3))) == NULL)
+        goto err;
+    s->s3 = s3;
+
+#ifndef OPENSSL_NO_SRP
+    if (!SSL_SRP_CTX_init(s))
+        goto err;
+#endif
+
+    if (!s->method->ssl_clear(s))
+        return 0;
+
+    return 1;
+ err:
+    return 0;
+}
+
+void ssl3_free(SSL *s)
+{
+    if (s == NULL || s->s3 == NULL)
+        return;
+
+    ssl3_cleanup_key_block(s);
+
+#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
+    EVP_PKEY_free(s->s3->peer_tmp);
+    s->s3->peer_tmp = NULL;
+    EVP_PKEY_free(s->s3->tmp.pkey);
+    s->s3->tmp.pkey = NULL;
+#endif
+
+    OPENSSL_free(s->s3->tmp.ctype);
+    sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
+    OPENSSL_free(s->s3->tmp.ciphers_raw);
+    OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
+    OPENSSL_free(s->s3->tmp.peer_sigalgs);
+    OPENSSL_free(s->s3->tmp.peer_cert_sigalgs);
+    ssl3_free_digest_list(s);
+    OPENSSL_free(s->s3->alpn_selected);
+    OPENSSL_free(s->s3->alpn_proposed);
+
+#ifndef OPENSSL_NO_SRP
+    SSL_SRP_CTX_free(s);
+#endif
+    OPENSSL_clear_free(s->s3, sizeof(*s->s3));
+    s->s3 = NULL;
+}
+
+int ssl3_clear(SSL *s)
+{
+    ssl3_cleanup_key_block(s);
+    OPENSSL_free(s->s3->tmp.ctype);
+    sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
+    OPENSSL_free(s->s3->tmp.ciphers_raw);
+    OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
+    OPENSSL_free(s->s3->tmp.peer_sigalgs);
+    OPENSSL_free(s->s3->tmp.peer_cert_sigalgs);
+
+#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
+    EVP_PKEY_free(s->s3->tmp.pkey);
+    EVP_PKEY_free(s->s3->peer_tmp);
+#endif                          /* !OPENSSL_NO_EC */
+
+    ssl3_free_digest_list(s);
+
+    OPENSSL_free(s->s3->alpn_selected);
+    OPENSSL_free(s->s3->alpn_proposed);
+
+    /* NULL/zero-out everything in the s3 struct */
+    memset(s->s3, 0, sizeof(*s->s3));
+
+    if (!ssl_free_wbio_buffer(s))
+        return 0;
+
+    s->version = SSL3_VERSION;
+
+#if !defined(OPENSSL_NO_NEXTPROTONEG)
+    OPENSSL_free(s->ext.npn);
+    s->ext.npn = NULL;
+    s->ext.npn_len = 0;
+#endif
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_SRP
+static char *srp_password_from_info_cb(SSL *s, void *arg)
+{
+    return OPENSSL_strdup(s->srp_ctx.info);
+}
+#endif
+
+static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
+
+long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
+{
+    int ret = 0;
+
+    switch (cmd) {
+    case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
+        break;
+    case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
+        ret = s->s3->num_renegotiations;
+        break;
+    case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
+        ret = s->s3->num_renegotiations;
+        s->s3->num_renegotiations = 0;
+        break;
+    case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
+        ret = s->s3->total_renegotiations;
+        break;
+    case SSL_CTRL_GET_FLAGS:
+        ret = (int)(s->s3->flags);
+        break;
+#ifndef OPENSSL_NO_DH
+    case SSL_CTRL_SET_TMP_DH:
+        {
+            DH *dh = (DH *)parg;
+            EVP_PKEY *pkdh = NULL;
+            if (dh == NULL) {
+                SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+                return ret;
+            }
+            pkdh = ssl_dh_to_pkey(dh);
+            if (pkdh == NULL) {
+                SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+            if (!ssl_security(s, SSL_SECOP_TMP_DH,
+                              EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
+                SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL);
+                EVP_PKEY_free(pkdh);
+                return ret;
+            }
+            EVP_PKEY_free(s->cert->dh_tmp);
+            s->cert->dh_tmp = pkdh;
+            ret = 1;
+        }
+        break;
+    case SSL_CTRL_SET_TMP_DH_CB:
+        {
+            SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+            return ret;
+        }
+    case SSL_CTRL_SET_DH_AUTO:
+        s->cert->dh_tmp_auto = larg;
+        return 1;
+#endif
+#ifndef OPENSSL_NO_EC
+    case SSL_CTRL_SET_TMP_ECDH:
+        {
+            const EC_GROUP *group = NULL;
+            int nid;
+
+            if (parg == NULL) {
+                SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+            }
+            group = EC_KEY_get0_group((const EC_KEY *)parg);
+            if (group == NULL) {
+                SSLerr(SSL_F_SSL3_CTRL, EC_R_MISSING_PARAMETERS);
+                return 0;
+            }
+            nid = EC_GROUP_get_curve_name(group);
+            if (nid == NID_undef)
+                return 0;
+            return tls1_set_groups(&s->ext.supportedgroups,
+                                   &s->ext.supportedgroups_len,
+                                   &nid, 1);
+        }
+        break;
+#endif                          /* !OPENSSL_NO_EC */
+    case SSL_CTRL_SET_TLSEXT_HOSTNAME:
+        /*
+         * TODO(OpenSSL1.2)
+         * This API is only used for a client to set what SNI it will request
+         * from the server, but we currently allow it to be used on servers
+         * as well, which is a programming error.  Currently we just clear
+         * the field in SSL_do_handshake() for server SSLs, but when we can
+         * make ABI-breaking changes, we may want to make use of this API
+         * an error on server SSLs.
+         */
+        if (larg == TLSEXT_NAMETYPE_host_name) {
+            size_t len;
+
+            OPENSSL_free(s->ext.hostname);
+            s->ext.hostname = NULL;
+
+            ret = 1;
+            if (parg == NULL)
+                break;
+            len = strlen((char *)parg);
+            if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
+                SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
+                return 0;
+            }
+            if ((s->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
+                SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+        } else {
+            SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
+            return 0;
+        }
+        break;
+    case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
+        s->ext.debug_arg = parg;
+        ret = 1;
+        break;
+
+    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
+        ret = s->ext.status_type;
+        break;
+
+    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
+        s->ext.status_type = larg;
+        ret = 1;
+        break;
+
+    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
+        *(STACK_OF(X509_EXTENSION) **)parg = s->ext.ocsp.exts;
+        ret = 1;
+        break;
+
+    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
+        s->ext.ocsp.exts = parg;
+        ret = 1;
+        break;
+
+    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
+        *(STACK_OF(OCSP_RESPID) **)parg = s->ext.ocsp.ids;
+        ret = 1;
+        break;
+
+    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
+        s->ext.ocsp.ids = parg;
+        ret = 1;
+        break;
+
+    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
+        *(unsigned char **)parg = s->ext.ocsp.resp;
+        if (s->ext.ocsp.resp_len == 0
+                || s->ext.ocsp.resp_len > LONG_MAX)
+            return -1;
+        return (long)s->ext.ocsp.resp_len;
+
+    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
+        OPENSSL_free(s->ext.ocsp.resp);
+        s->ext.ocsp.resp = parg;
+        s->ext.ocsp.resp_len = larg;
+        ret = 1;
+        break;
+
+#ifndef OPENSSL_NO_HEARTBEATS
+    case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT:
+    case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING:
+    case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS:
+        break;
+#endif
+
+    case SSL_CTRL_CHAIN:
+        if (larg)
+            return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
+        else
+            return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg);
+
+    case SSL_CTRL_CHAIN_CERT:
+        if (larg)
+            return ssl_cert_add1_chain_cert(s, NULL, (X509 *)parg);
+        else
+            return ssl_cert_add0_chain_cert(s, NULL, (X509 *)parg);
+
+    case SSL_CTRL_GET_CHAIN_CERTS:
+        *(STACK_OF(X509) **)parg = s->cert->key->chain;
+        break;
+
+    case SSL_CTRL_SELECT_CURRENT_CERT:
+        return ssl_cert_select_current(s->cert, (X509 *)parg);
+
+    case SSL_CTRL_SET_CURRENT_CERT:
+        if (larg == SSL_CERT_SET_SERVER) {
+            const SSL_CIPHER *cipher;
+            if (!s->server)
+                return 0;
+            cipher = s->s3->tmp.new_cipher;
+            if (cipher == NULL)
+                return 0;
+            /*
+             * No certificate for unauthenticated ciphersuites or using SRP
+             * authentication
+             */
+            if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
+                return 2;
+            if (s->s3->tmp.cert == NULL)
+                return 0;
+            s->cert->key = s->s3->tmp.cert;
+            return 1;
+        }
+        return ssl_cert_set_current(s->cert, larg);
+
+#ifndef OPENSSL_NO_EC
+    case SSL_CTRL_GET_GROUPS:
+        {
+            uint16_t *clist;
+            size_t clistlen;
+
+            if (!s->session)
+                return 0;
+            clist = s->session->ext.supportedgroups;
+            clistlen = s->session->ext.supportedgroups_len;
+            if (parg) {
+                size_t i;
+                int *cptr = parg;
+
+                for (i = 0; i < clistlen; i++) {
+                    const TLS_GROUP_INFO *cinf = tls1_group_id_lookup(clist[i]);
+
+                    if (cinf != NULL)
+                        cptr[i] = cinf->nid;
+                    else
+                        cptr[i] = TLSEXT_nid_unknown | clist[i];
+                }
+            }
+            return (int)clistlen;
+        }
+
+    case SSL_CTRL_SET_GROUPS:
+        return tls1_set_groups(&s->ext.supportedgroups,
+                               &s->ext.supportedgroups_len, parg, larg);
+
+    case SSL_CTRL_SET_GROUPS_LIST:
+        return tls1_set_groups_list(&s->ext.supportedgroups,
+                                    &s->ext.supportedgroups_len, parg);
+
+    case SSL_CTRL_GET_SHARED_GROUP:
+        {
+            uint16_t id = tls1_shared_group(s, larg);
+
+            if (larg != -1) {
+                const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
+
+                return ginf == NULL ? 0 : ginf->nid;
+            }
+            return id;
+        }
+#endif
+    case SSL_CTRL_SET_SIGALGS:
+        return tls1_set_sigalgs(s->cert, parg, larg, 0);
+
+    case SSL_CTRL_SET_SIGALGS_LIST:
+        return tls1_set_sigalgs_list(s->cert, parg, 0);
+
+    case SSL_CTRL_SET_CLIENT_SIGALGS:
+        return tls1_set_sigalgs(s->cert, parg, larg, 1);
+
+    case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
+        return tls1_set_sigalgs_list(s->cert, parg, 1);
+
+    case SSL_CTRL_GET_CLIENT_CERT_TYPES:
+        {
+            const unsigned char **pctype = parg;
+            if (s->server || !s->s3->tmp.cert_req)
+                return 0;
+            if (pctype)
+                *pctype = s->s3->tmp.ctype;
+            return s->s3->tmp.ctype_len;
+        }
+
+    case SSL_CTRL_SET_CLIENT_CERT_TYPES:
+        if (!s->server)
+            return 0;
+        return ssl3_set_req_cert_type(s->cert, parg, larg);
+
+    case SSL_CTRL_BUILD_CERT_CHAIN:
+        return ssl_build_cert_chain(s, NULL, larg);
+
+    case SSL_CTRL_SET_VERIFY_CERT_STORE:
+        return ssl_cert_set_cert_store(s->cert, parg, 0, larg);
+
+    case SSL_CTRL_SET_CHAIN_CERT_STORE:
+        return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
+
+    case SSL_CTRL_GET_PEER_SIGNATURE_NID:
+        if (s->s3->tmp.peer_sigalg == NULL)
+            return 0;
+        *(int *)parg = s->s3->tmp.peer_sigalg->hash;
+        return 1;
+
+    case SSL_CTRL_GET_SIGNATURE_NID:
+        if (s->s3->tmp.sigalg == NULL)
+            return 0;
+        *(int *)parg = s->s3->tmp.sigalg->hash;
+        return 1;
+
+    case SSL_CTRL_GET_PEER_TMP_KEY:
+#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
+        if (s->session == NULL || s->s3->peer_tmp == NULL) {
+            return 0;
+        } else {
+            EVP_PKEY_up_ref(s->s3->peer_tmp);
+            *(EVP_PKEY **)parg = s->s3->peer_tmp;
+            return 1;
+        }
+#else
+        return 0;
+#endif
+
+    case SSL_CTRL_GET_TMP_KEY:
+#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
+        if (s->session == NULL || s->s3->tmp.pkey == NULL) {
+            return 0;
+        } else {
+            EVP_PKEY_up_ref(s->s3->tmp.pkey);
+            *(EVP_PKEY **)parg = s->s3->tmp.pkey;
+            return 1;
+        }
+#else
+        return 0;
+#endif
+
+#ifndef OPENSSL_NO_EC
+    case SSL_CTRL_GET_EC_POINT_FORMATS:
+        {
+            SSL_SESSION *sess = s->session;
+            const unsigned char **pformat = parg;
+
+            if (sess == NULL || sess->ext.ecpointformats == NULL)
+                return 0;
+            *pformat = sess->ext.ecpointformats;
+            return (int)sess->ext.ecpointformats_len;
+        }
+#endif
+
+    default:
+        break;
+    }
+    return ret;
+}
+
+long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
+{
+    int ret = 0;
+
+    switch (cmd) {
+#ifndef OPENSSL_NO_DH
+    case SSL_CTRL_SET_TMP_DH_CB:
+        {
+            s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
+        }
+        break;
+#endif
+    case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
+        s->ext.debug_cb = (void (*)(SSL *, int, int,
+                                    const unsigned char *, int, void *))fp;
+        break;
+
+    case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
+        {
+            s->not_resumable_session_cb = (int (*)(SSL *, int))fp;
+        }
+        break;
+    default:
+        break;
+    }
+    return ret;
+}
+
+long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
+{
+    switch (cmd) {
+#ifndef OPENSSL_NO_DH
+    case SSL_CTRL_SET_TMP_DH:
+        {
+            DH *dh = (DH *)parg;
+            EVP_PKEY *pkdh = NULL;
+            if (dh == NULL) {
+                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+            }
+            pkdh = ssl_dh_to_pkey(dh);
+            if (pkdh == NULL) {
+                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+            if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
+                                  EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
+                SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
+                EVP_PKEY_free(pkdh);
+                return 0;
+            }
+            EVP_PKEY_free(ctx->cert->dh_tmp);
+            ctx->cert->dh_tmp = pkdh;
+            return 1;
+        }
+    case SSL_CTRL_SET_TMP_DH_CB:
+        {
+            SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+            return 0;
+        }
+    case SSL_CTRL_SET_DH_AUTO:
+        ctx->cert->dh_tmp_auto = larg;
+        return 1;
+#endif
+#ifndef OPENSSL_NO_EC
+    case SSL_CTRL_SET_TMP_ECDH:
+        {
+            const EC_GROUP *group = NULL;
+            int nid;
+
+            if (parg == NULL) {
+                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+            }
+            group = EC_KEY_get0_group((const EC_KEY *)parg);
+            if (group == NULL) {
+                SSLerr(SSL_F_SSL3_CTX_CTRL, EC_R_MISSING_PARAMETERS);
+                return 0;
+            }
+            nid = EC_GROUP_get_curve_name(group);
+            if (nid == NID_undef)
+                return 0;
+            return tls1_set_groups(&ctx->ext.supportedgroups,
+                                   &ctx->ext.supportedgroups_len,
+                                   &nid, 1);
+        }
+#endif                          /* !OPENSSL_NO_EC */
+    case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
+        ctx->ext.servername_arg = parg;
+        break;
+    case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
+    case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
+        {
+            unsigned char *keys = parg;
+            long tick_keylen = (sizeof(ctx->ext.tick_key_name) +
+                                sizeof(ctx->ext.secure->tick_hmac_key) +
+                                sizeof(ctx->ext.secure->tick_aes_key));
+            if (keys == NULL)
+                return tick_keylen;
+            if (larg != tick_keylen) {
+                SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
+                return 0;
+            }
+            if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
+                memcpy(ctx->ext.tick_key_name, keys,
+                       sizeof(ctx->ext.tick_key_name));
+                memcpy(ctx->ext.secure->tick_hmac_key,
+                       keys + sizeof(ctx->ext.tick_key_name),
+                       sizeof(ctx->ext.secure->tick_hmac_key));
+                memcpy(ctx->ext.secure->tick_aes_key,
+                       keys + sizeof(ctx->ext.tick_key_name) +
+                       sizeof(ctx->ext.secure->tick_hmac_key),
+                       sizeof(ctx->ext.secure->tick_aes_key));
+            } else {
+                memcpy(keys, ctx->ext.tick_key_name,
+                       sizeof(ctx->ext.tick_key_name));
+                memcpy(keys + sizeof(ctx->ext.tick_key_name),
+                       ctx->ext.secure->tick_hmac_key,
+                       sizeof(ctx->ext.secure->tick_hmac_key));
+                memcpy(keys + sizeof(ctx->ext.tick_key_name) +
+                       sizeof(ctx->ext.secure->tick_hmac_key),
+                       ctx->ext.secure->tick_aes_key,
+                       sizeof(ctx->ext.secure->tick_aes_key));
+            }
+            return 1;
+        }
+
+    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
+        return ctx->ext.status_type;
+
+    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
+        ctx->ext.status_type = larg;
+        break;
+
+    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
+        ctx->ext.status_arg = parg;
+        return 1;
+
+    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
+        *(void**)parg = ctx->ext.status_arg;
+        break;
+
+    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
+        *(int (**)(SSL*, void*))parg = ctx->ext.status_cb;
+        break;
+
+#ifndef OPENSSL_NO_SRP
+    case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
+        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
+        OPENSSL_free(ctx->srp_ctx.login);
+        ctx->srp_ctx.login = NULL;
+        if (parg == NULL)
+            break;
+        if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
+            SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
+            return 0;
+        }
+        if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
+            SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+        break;
+    case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
+        ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
+            srp_password_from_info_cb;
+        if (ctx->srp_ctx.info != NULL)
+            OPENSSL_free(ctx->srp_ctx.info);
+        if ((ctx->srp_ctx.info = BUF_strdup((char *)parg)) == NULL) {
+            SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+        break;
+    case SSL_CTRL_SET_SRP_ARG:
+        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
+        ctx->srp_ctx.SRP_cb_arg = parg;
+        break;
+
+    case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
+        ctx->srp_ctx.strength = larg;
+        break;
+#endif
+
+#ifndef OPENSSL_NO_EC
+    case SSL_CTRL_SET_GROUPS:
+        return tls1_set_groups(&ctx->ext.supportedgroups,
+                               &ctx->ext.supportedgroups_len,
+                               parg, larg);
+
+    case SSL_CTRL_SET_GROUPS_LIST:
+        return tls1_set_groups_list(&ctx->ext.supportedgroups,
+                                    &ctx->ext.supportedgroups_len,
+                                    parg);
+#endif
+    case SSL_CTRL_SET_SIGALGS:
+        return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
+
+    case SSL_CTRL_SET_SIGALGS_LIST:
+        return tls1_set_sigalgs_list(ctx->cert, parg, 0);
+
+    case SSL_CTRL_SET_CLIENT_SIGALGS:
+        return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
+
+    case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
+        return tls1_set_sigalgs_list(ctx->cert, parg, 1);
+
+    case SSL_CTRL_SET_CLIENT_CERT_TYPES:
+        return ssl3_set_req_cert_type(ctx->cert, parg, larg);
+
+    case SSL_CTRL_BUILD_CERT_CHAIN:
+        return ssl_build_cert_chain(NULL, ctx, larg);
+
+    case SSL_CTRL_SET_VERIFY_CERT_STORE:
+        return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
+
+    case SSL_CTRL_SET_CHAIN_CERT_STORE:
+        return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
+
+        /* A Thawte special :-) */
+    case SSL_CTRL_EXTRA_CHAIN_CERT:
+        if (ctx->extra_certs == NULL) {
+            if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
+                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+        }
+        if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
+            SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        break;
+
+    case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
+        if (ctx->extra_certs == NULL && larg == 0)
+            *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
+        else
+            *(STACK_OF(X509) **)parg = ctx->extra_certs;
+        break;
+
+    case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
+        sk_X509_pop_free(ctx->extra_certs, X509_free);
+        ctx->extra_certs = NULL;
+        break;
+
+    case SSL_CTRL_CHAIN:
+        if (larg)
+            return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
+        else
+            return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
+
+    case SSL_CTRL_CHAIN_CERT:
+        if (larg)
+            return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
+        else
+            return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
+
+    case SSL_CTRL_GET_CHAIN_CERTS:
+        *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
+        break;
+
+    case SSL_CTRL_SELECT_CURRENT_CERT:
+        return ssl_cert_select_current(ctx->cert, (X509 *)parg);
+
+    case SSL_CTRL_SET_CURRENT_CERT:
+        return ssl_cert_set_current(ctx->cert, larg);
+
+    default:
+        return 0;
+    }
+    return 1;
+}
+
+long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
+{
+    switch (cmd) {
+#ifndef OPENSSL_NO_DH
+    case SSL_CTRL_SET_TMP_DH_CB:
+        {
+            ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
+        }
+        break;
+#endif
+    case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
+        ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp;
+        break;
+
+    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
+        ctx->ext.status_cb = (int (*)(SSL *, void *))fp;
+        break;
+
+    case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
+        ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *,
+                                             unsigned char *,
+                                             EVP_CIPHER_CTX *,
+                                             HMAC_CTX *, int))fp;
+        break;
+
+#ifndef OPENSSL_NO_SRP
+    case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
+        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
+        ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
+        break;
+    case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
+        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
+        ctx->srp_ctx.TLS_ext_srp_username_callback =
+            (int (*)(SSL *, int *, void *))fp;
+        break;
+    case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
+        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
+        ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
+            (char *(*)(SSL *, void *))fp;
+        break;
+#endif
+    case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
+        {
+            ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
+        }
+        break;
+    default:
+        return 0;
+    }
+    return 1;
+}
+
+const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
+{
+    SSL_CIPHER c;
+    const SSL_CIPHER *cp;
+
+    c.id = id;
+    cp = OBJ_bsearch_ssl_cipher_id(&c, tls13_ciphers, TLS13_NUM_CIPHERS);
+    if (cp != NULL)
+        return cp;
+    cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
+    if (cp != NULL)
+        return cp;
+    return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS);
+}
+
+const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname)
+{
+    SSL_CIPHER *c = NULL, *tbl;
+    SSL_CIPHER *alltabs[] = {tls13_ciphers, ssl3_ciphers};
+    size_t i, j, tblsize[] = {TLS13_NUM_CIPHERS, SSL3_NUM_CIPHERS};
+
+    /* this is not efficient, necessary to optimize this? */
+    for (j = 0; j < OSSL_NELEM(alltabs); j++) {
+        for (i = 0, tbl = alltabs[j]; i < tblsize[j]; i++, tbl++) {
+            if (tbl->stdname == NULL)
+                continue;
+            if (strcmp(stdname, tbl->stdname) == 0) {
+                c = tbl;
+                break;
+            }
+        }
+    }
+    if (c == NULL) {
+        tbl = ssl3_scsvs;
+        for (i = 0; i < SSL3_NUM_SCSVS; i++, tbl++) {
+            if (strcmp(stdname, tbl->stdname) == 0) {
+                c = tbl;
+                break;
+            }
+        }
+    }
+    return c;
+}
+
+/*
+ * This function needs to check if the ciphers required are actually
+ * available
+ */
+const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
+{
+    return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG
+                                 | ((uint32_t)p[0] << 8L)
+                                 | (uint32_t)p[1]);
+}
+
+int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
+{
+    if ((c->id & 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG) {
+        *len = 0;
+        return 1;
+    }
+
+    if (!WPACKET_put_bytes_u16(pkt, c->id & 0xffff))
+        return 0;
+
+    *len = 2;
+    return 1;
+}
+
+/*
+ * ssl3_choose_cipher - choose a cipher from those offered by the client
+ * @s: SSL connection
+ * @clnt: ciphers offered by the client
+ * @srvr: ciphers enabled on the server?
+ *
+ * Returns the selected cipher or NULL when no common ciphers.
+ */
+const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
+                                     STACK_OF(SSL_CIPHER) *srvr)
+{
+    const SSL_CIPHER *c, *ret = NULL;
+    STACK_OF(SSL_CIPHER) *prio, *allow;
+    int i, ii, ok, prefer_sha256 = 0;
+    unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0;
+    const EVP_MD *mdsha256 = EVP_sha256();
+#ifndef OPENSSL_NO_CHACHA
+    STACK_OF(SSL_CIPHER) *prio_chacha = NULL;
+#endif
+
+    /* Let's see which ciphers we can support */
+
+    /*
+     * Do not set the compare functions, because this may lead to a
+     * reordering by "id". We want to keep the original ordering. We may pay
+     * a price in performance during sk_SSL_CIPHER_find(), but would have to
+     * pay with the price of sk_SSL_CIPHER_dup().
+     */
+
+#ifdef CIPHER_DEBUG
+    fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
+            (void *)srvr);
+    for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
+        c = sk_SSL_CIPHER_value(srvr, i);
+        fprintf(stderr, "%p:%s\n", (void *)c, c->name);
+    }
+    fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),
+            (void *)clnt);
+    for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
+        c = sk_SSL_CIPHER_value(clnt, i);
+        fprintf(stderr, "%p:%s\n", (void *)c, c->name);
+    }
+#endif
+
+    /* SUITE-B takes precedence over server preference and ChaCha priortiy */
+    if (tls1_suiteb(s)) {
+        prio = srvr;
+        allow = clnt;
+    } else if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
+        prio = srvr;
+        allow = clnt;
+#ifndef OPENSSL_NO_CHACHA
+        /* If ChaCha20 is at the top of the client preference list,
+           and there are ChaCha20 ciphers in the server list, then
+           temporarily prioritize all ChaCha20 ciphers in the servers list. */
+        if (s->options & SSL_OP_PRIORITIZE_CHACHA && sk_SSL_CIPHER_num(clnt) > 0) {
+            c = sk_SSL_CIPHER_value(clnt, 0);
+            if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
+                /* ChaCha20 is client preferred, check server... */
+                int num = sk_SSL_CIPHER_num(srvr);
+                int found = 0;
+                for (i = 0; i < num; i++) {
+                    c = sk_SSL_CIPHER_value(srvr, i);
+                    if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
+                        found = 1;
+                        break;
+                    }
+                }
+                if (found) {
+                    prio_chacha = sk_SSL_CIPHER_new_reserve(NULL, num);
+                    /* if reserve fails, then there's likely a memory issue */
+                    if (prio_chacha != NULL) {
+                        /* Put all ChaCha20 at the top, starting with the one we just found */
+                        sk_SSL_CIPHER_push(prio_chacha, c);
+                        for (i++; i < num; i++) {
+                            c = sk_SSL_CIPHER_value(srvr, i);
+                            if (c->algorithm_enc == SSL_CHACHA20POLY1305)
+                                sk_SSL_CIPHER_push(prio_chacha, c);
+                        }
+                        /* Pull in the rest */
+                        for (i = 0; i < num; i++) {
+                            c = sk_SSL_CIPHER_value(srvr, i);
+                            if (c->algorithm_enc != SSL_CHACHA20POLY1305)
+                                sk_SSL_CIPHER_push(prio_chacha, c);
+                        }
+                        prio = prio_chacha;
+                    }
+                }
+            }
+        }
+# endif
+    } else {
+        prio = clnt;
+        allow = srvr;
+    }
+
+    if (SSL_IS_TLS13(s)) {
+#ifndef OPENSSL_NO_PSK
+        int j;
+
+        /*
+         * If we allow "old" style PSK callbacks, and we have no certificate (so
+         * we're not going to succeed without a PSK anyway), and we're in
+         * TLSv1.3 then the default hash for a PSK is SHA-256 (as per the
+         * TLSv1.3 spec). Therefore we should prioritise ciphersuites using
+         * that.
+         */
+        if (s->psk_server_callback != NULL) {
+            for (j = 0; j < SSL_PKEY_NUM && !ssl_has_cert(s, j); j++);
+            if (j == SSL_PKEY_NUM) {
+                /* There are no certificates */
+                prefer_sha256 = 1;
+            }
+        }
+#endif
+    } else {
+        tls1_set_cert_validity(s);
+        ssl_set_masks(s);
+    }
+
+    for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
+        c = sk_SSL_CIPHER_value(prio, i);
+
+        /* Skip ciphers not supported by the protocol version */
+        if (!SSL_IS_DTLS(s) &&
+            ((s->version < c->min_tls) || (s->version > c->max_tls)))
+            continue;
+        if (SSL_IS_DTLS(s) &&
+            (DTLS_VERSION_LT(s->version, c->min_dtls) ||
+             DTLS_VERSION_GT(s->version, c->max_dtls)))
+            continue;
+
+        /*
+         * Since TLS 1.3 ciphersuites can be used with any auth or
+         * key exchange scheme skip tests.
+         */
+        if (!SSL_IS_TLS13(s)) {
+            mask_k = s->s3->tmp.mask_k;
+            mask_a = s->s3->tmp.mask_a;
+#ifndef OPENSSL_NO_SRP
+            if (s->srp_ctx.srp_Mask & SSL_kSRP) {
+                mask_k |= SSL_kSRP;
+                mask_a |= SSL_aSRP;
+            }
+#endif
+
+            alg_k = c->algorithm_mkey;
+            alg_a = c->algorithm_auth;
+
+#ifndef OPENSSL_NO_PSK
+            /* with PSK there must be server callback set */
+            if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
+                continue;
+#endif                          /* OPENSSL_NO_PSK */
+
+            ok = (alg_k & mask_k) && (alg_a & mask_a);
+#ifdef CIPHER_DEBUG
+            fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
+                    alg_a, mask_k, mask_a, (void *)c, c->name);
+#endif
+
+#ifndef OPENSSL_NO_EC
+            /*
+             * if we are considering an ECC cipher suite that uses an ephemeral
+             * EC key check it
+             */
+            if (alg_k & SSL_kECDHE)
+                ok = ok && tls1_check_ec_tmp_key(s, c->id);
+#endif                          /* OPENSSL_NO_EC */
+
+            if (!ok)
+                continue;
+        }
+        ii = sk_SSL_CIPHER_find(allow, c);
+        if (ii >= 0) {
+            /* Check security callback permits this cipher */
+            if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
+                              c->strength_bits, 0, (void *)c))
+                continue;
+#if !defined(OPENSSL_NO_EC)
+            if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
+                && s->s3->is_probably_safari) {
+                if (!ret)
+                    ret = sk_SSL_CIPHER_value(allow, ii);
+                continue;
+            }
+#endif
+            if (prefer_sha256) {
+                const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii);
+
+                if (ssl_md(tmp->algorithm2) == mdsha256) {
+                    ret = tmp;
+                    break;
+                }
+                if (ret == NULL)
+                    ret = tmp;
+                continue;
+            }
+            ret = sk_SSL_CIPHER_value(allow, ii);
+            break;
+        }
+    }
+#ifndef OPENSSL_NO_CHACHA
+    sk_SSL_CIPHER_free(prio_chacha);
+#endif
+    return ret;
+}
+
+int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt)
+{
+    uint32_t alg_k, alg_a = 0;
+
+    /* If we have custom certificate types set, use them */
+    if (s->cert->ctype)
+        return WPACKET_memcpy(pkt, s->cert->ctype, s->cert->ctype_len);
+    /* Get mask of algorithms disabled by signature list */
+    ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
+
+    alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+
+#ifndef OPENSSL_NO_GOST
+    if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST))
+            return WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
+                    && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_SIGN)
+                    && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_512_SIGN);
+#endif
+
+    if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
+#ifndef OPENSSL_NO_DH
+# ifndef OPENSSL_NO_RSA
+        if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH))
+            return 0;
+# endif
+# ifndef OPENSSL_NO_DSA
+        if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
+            return 0;
+# endif
+#endif                          /* !OPENSSL_NO_DH */
+    }
+#ifndef OPENSSL_NO_RSA
+    if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN))
+        return 0;
+#endif
+#ifndef OPENSSL_NO_DSA
+    if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN))
+        return 0;
+#endif
+#ifndef OPENSSL_NO_EC
+    /*
+     * ECDSA certs can be used with RSA cipher suites too so we don't
+     * need to check for SSL_kECDH or SSL_kECDHE
+     */
+    if (s->version >= TLS1_VERSION
+            && !(alg_a & SSL_aECDSA)
+            && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN))
+        return 0;
+#endif
+    return 1;
+}
+
+static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
+{
+    OPENSSL_free(c->ctype);
+    c->ctype = NULL;
+    c->ctype_len = 0;
+    if (p == NULL || len == 0)
+        return 1;
+    if (len > 0xff)
+        return 0;
+    c->ctype = OPENSSL_memdup(p, len);
+    if (c->ctype == NULL)
+        return 0;
+    c->ctype_len = len;
+    return 1;
+}
+
+int ssl3_shutdown(SSL *s)
+{
+    int ret;
+
+    /*
+     * Don't do anything much if we have not done the handshake or we don't
+     * want to send messages :-)
+     */
+    if (s->quiet_shutdown || SSL_in_before(s)) {
+        s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
+        return 1;
+    }
+
+    if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
+        s->shutdown |= SSL_SENT_SHUTDOWN;
+        ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
+        /*
+         * our shutdown alert has been sent now, and if it still needs to be
+         * written, s->s3->alert_dispatch will be true
+         */
+        if (s->s3->alert_dispatch)
+            return -1;        /* return WANT_WRITE */
+    } else if (s->s3->alert_dispatch) {
+        /* resend it if not sent */
+        ret = s->method->ssl_dispatch_alert(s);
+        if (ret == -1) {
+            /*
+             * we only get to return -1 here the 2nd/Nth invocation, we must
+             * have already signalled return 0 upon a previous invocation,
+             * return WANT_WRITE
+             */
+            return ret;
+        }
+    } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
+        size_t readbytes;
+        /*
+         * If we are waiting for a close from our peer, we are closed
+         */
+        s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &readbytes);
+        if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
+            return -1;        /* return WANT_READ */
+        }
+    }
+
+    if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
+        !s->s3->alert_dispatch)
+        return 1;
+    else
+        return 0;
+}
+
+int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written)
+{
+    clear_sys_error();
+    if (s->s3->renegotiate)
+        ssl3_renegotiate_check(s, 0);
+
+    return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
+                                      written);
+}
+
+static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek,
+                              size_t *readbytes)
+{
+    int ret;
+
+    clear_sys_error();
+    if (s->s3->renegotiate)
+        ssl3_renegotiate_check(s, 0);
+    s->s3->in_read_app_data = 1;
+    ret =
+        s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
+                                  peek, readbytes);
+    if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
+        /*
+         * ssl3_read_bytes decided to call s->handshake_func, which called
+         * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
+         * actually found application data and thinks that application data
+         * makes sense here; so disable handshake processing and try to read
+         * application data again.
+         */
+        ossl_statem_set_in_handshake(s, 1);
+        ret =
+            s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
+                                      len, peek, readbytes);
+        ossl_statem_set_in_handshake(s, 0);
+    } else
+        s->s3->in_read_app_data = 0;
+
+    return ret;
+}
+
+int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes)
+{
+    return ssl3_read_internal(s, buf, len, 0, readbytes);
+}
+
+int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes)
+{
+    return ssl3_read_internal(s, buf, len, 1, readbytes);
+}
+
+int ssl3_renegotiate(SSL *s)
+{
+    if (s->handshake_func == NULL)
+        return 1;
+
+    s->s3->renegotiate = 1;
+    return 1;
+}
+
+/*
+ * Check if we are waiting to do a renegotiation and if so whether now is a
+ * good time to do it. If |initok| is true then we are being called from inside
+ * the state machine so ignore the result of SSL_in_init(s). Otherwise we
+ * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we
+ * should do a renegotiation now and sets up the state machine for it. Otherwise
+ * returns 0.
+ */
+int ssl3_renegotiate_check(SSL *s, int initok)
+{
+    int ret = 0;
+
+    if (s->s3->renegotiate) {
+        if (!RECORD_LAYER_read_pending(&s->rlayer)
+            && !RECORD_LAYER_write_pending(&s->rlayer)
+            && (initok || !SSL_in_init(s))) {
+            /*
+             * if we are the server, and we have sent a 'RENEGOTIATE'
+             * message, we need to set the state machine into the renegotiate
+             * state.
+             */
+            ossl_statem_set_renegotiate(s);
+            s->s3->renegotiate = 0;
+            s->s3->num_renegotiations++;
+            s->s3->total_renegotiations++;
+            ret = 1;
+        }
+    }
+    return ret;
+}
+
+/*
+ * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
+ * handshake macs if required.
+ *
+ * If PSK and using SHA384 for TLS < 1.2 switch to default.
+ */
+long ssl_get_algorithm2(SSL *s)
+{
+    long alg2;
+    if (s->s3 == NULL || s->s3->tmp.new_cipher == NULL)
+        return -1;
+    alg2 = s->s3->tmp.new_cipher->algorithm2;
+    if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
+        if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
+            return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
+    } else if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK) {
+        if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
+            return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
+    }
+    return alg2;
+}
+
+/*
+ * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
+ * failure, 1 on success.
+ */
+int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len,
+                          DOWNGRADE dgrd)
+{
+    int send_time = 0, ret;
+
+    if (len < 4)
+        return 0;
+    if (server)
+        send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
+    else
+        send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
+    if (send_time) {
+        unsigned long Time = (unsigned long)time(NULL);
+        unsigned char *p = result;
+
+        l2n(Time, p);
+        ret = RAND_bytes(p, len - 4);
+    } else {
+        ret = RAND_bytes(result, len);
+    }
+
+    if (ret > 0) {
+        if (!ossl_assert(sizeof(tls11downgrade) < len)
+                || !ossl_assert(sizeof(tls12downgrade) < len))
+             return 0;
+        if (dgrd == DOWNGRADE_TO_1_2)
+            memcpy(result + len - sizeof(tls12downgrade), tls12downgrade,
+                   sizeof(tls12downgrade));
+        else if (dgrd == DOWNGRADE_TO_1_1)
+            memcpy(result + len - sizeof(tls11downgrade), tls11downgrade,
+                   sizeof(tls11downgrade));
+    }
+
+    return ret;
+}
+
+int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
+                               int free_pms)
+{
+    unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+    int ret = 0;
+
+    if (alg_k & SSL_PSK) {
+#ifndef OPENSSL_NO_PSK
+        unsigned char *pskpms, *t;
+        size_t psklen = s->s3->tmp.psklen;
+        size_t pskpmslen;
+
+        /* create PSK premaster_secret */
+
+        /* For plain PSK "other_secret" is psklen zeroes */
+        if (alg_k & SSL_kPSK)
+            pmslen = psklen;
+
+        pskpmslen = 4 + pmslen + psklen;
+        pskpms = OPENSSL_malloc(pskpmslen);
+        if (pskpms == NULL)
+            goto err;
+        t = pskpms;
+        s2n(pmslen, t);
+        if (alg_k & SSL_kPSK)
+            memset(t, 0, pmslen);
+        else
+            memcpy(t, pms, pmslen);
+        t += pmslen;
+        s2n(psklen, t);
+        memcpy(t, s->s3->tmp.psk, psklen);
+
+        OPENSSL_clear_free(s->s3->tmp.psk, psklen);
+        s->s3->tmp.psk = NULL;
+        if (!s->method->ssl3_enc->generate_master_secret(s,
+                    s->session->master_key,pskpms, pskpmslen,
+                    &s->session->master_key_length)) {
+            OPENSSL_clear_free(pskpms, pskpmslen);
+            /* SSLfatal() already called */
+            goto err;
+        }
+        OPENSSL_clear_free(pskpms, pskpmslen);
+#else
+        /* Should never happen */
+        goto err;
+#endif
+    } else {
+        if (!s->method->ssl3_enc->generate_master_secret(s,
+                s->session->master_key, pms, pmslen,
+                &s->session->master_key_length)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    }
+
+    ret = 1;
+ err:
+    if (pms) {
+        if (free_pms)
+            OPENSSL_clear_free(pms, pmslen);
+        else
+            OPENSSL_cleanse(pms, pmslen);
+    }
+    if (s->server == 0)
+        s->s3->tmp.pms = NULL;
+    return ret;
+}
+
+/* Generate a private key from parameters */
+EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm)
+{
+    EVP_PKEY_CTX *pctx = NULL;
+    EVP_PKEY *pkey = NULL;
+
+    if (pm == NULL)
+        return NULL;
+    pctx = EVP_PKEY_CTX_new(pm, NULL);
+    if (pctx == NULL)
+        goto err;
+    if (EVP_PKEY_keygen_init(pctx) <= 0)
+        goto err;
+    if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
+        EVP_PKEY_free(pkey);
+        pkey = NULL;
+    }
+
+    err:
+    EVP_PKEY_CTX_free(pctx);
+    return pkey;
+}
+#ifndef OPENSSL_NO_EC
+/* Generate a private key from a group ID */
+EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id)
+{
+    EVP_PKEY_CTX *pctx = NULL;
+    EVP_PKEY *pkey = NULL;
+    const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
+    uint16_t gtype;
+
+    if (ginf == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    gtype = ginf->flags & TLS_CURVE_TYPE;
+    if (gtype == TLS_CURVE_CUSTOM)
+        pctx = EVP_PKEY_CTX_new_id(ginf->nid, NULL);
+    else
+        pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
+    if (pctx == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
+                 ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (EVP_PKEY_keygen_init(pctx) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
+                 ERR_R_EVP_LIB);
+        goto err;
+    }
+    if (gtype != TLS_CURVE_CUSTOM
+            && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
+                 ERR_R_EVP_LIB);
+        goto err;
+    }
+    if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
+                 ERR_R_EVP_LIB);
+        EVP_PKEY_free(pkey);
+        pkey = NULL;
+    }
+
+ err:
+    EVP_PKEY_CTX_free(pctx);
+    return pkey;
+}
+
+/*
+ * Generate parameters from a group ID
+ */
+EVP_PKEY *ssl_generate_param_group(uint16_t id)
+{
+    EVP_PKEY_CTX *pctx = NULL;
+    EVP_PKEY *pkey = NULL;
+    const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
+
+    if (ginf == NULL)
+        goto err;
+
+    if ((ginf->flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
+        pkey = EVP_PKEY_new();
+        if (pkey != NULL && EVP_PKEY_set_type(pkey, ginf->nid))
+            return pkey;
+        EVP_PKEY_free(pkey);
+        return NULL;
+    }
+
+    pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
+    if (pctx == NULL)
+        goto err;
+    if (EVP_PKEY_paramgen_init(pctx) <= 0)
+        goto err;
+    if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0)
+        goto err;
+    if (EVP_PKEY_paramgen(pctx, &pkey) <= 0) {
+        EVP_PKEY_free(pkey);
+        pkey = NULL;
+    }
+
+ err:
+    EVP_PKEY_CTX_free(pctx);
+    return pkey;
+}
+#endif
+
+/* Derive secrets for ECDH/DH */
+int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
+{
+    int rv = 0;
+    unsigned char *pms = NULL;
+    size_t pmslen = 0;
+    EVP_PKEY_CTX *pctx;
+
+    if (privkey == NULL || pubkey == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    pctx = EVP_PKEY_CTX_new(privkey, NULL);
+
+    if (EVP_PKEY_derive_init(pctx) <= 0
+        || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
+        || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    pms = OPENSSL_malloc(pmslen);
+    if (pms == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
+                 ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    if (gensecret) {
+        /* SSLfatal() called as appropriate in the below functions */
+        if (SSL_IS_TLS13(s)) {
+            /*
+             * If we are resuming then we already generated the early secret
+             * when we created the ClientHello, so don't recreate it.
+             */
+            if (!s->hit)
+                rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL,
+                                           0,
+                                           (unsigned char *)&s->early_secret);
+            else
+                rv = 1;
+
+            rv = rv && tls13_generate_handshake_secret(s, pms, pmslen);
+        } else {
+            rv = ssl_generate_master_secret(s, pms, pmslen, 0);
+        }
+    } else {
+        /* Save premaster secret */
+        s->s3->tmp.pms = pms;
+        s->s3->tmp.pmslen = pmslen;
+        pms = NULL;
+        rv = 1;
+    }
+
+ err:
+    OPENSSL_clear_free(pms, pmslen);
+    EVP_PKEY_CTX_free(pctx);
+    return rv;
+}
+
+#ifndef OPENSSL_NO_DH
+EVP_PKEY *ssl_dh_to_pkey(DH *dh)
+{
+    EVP_PKEY *ret;
+    if (dh == NULL)
+        return NULL;
+    ret = EVP_PKEY_new();
+    if (EVP_PKEY_set1_DH(ret, dh) <= 0) {
+        EVP_PKEY_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/s3_msg.c b/trunk/3rdparty/openssl-1.1-fit/ssl/s3_msg.c
new file mode 100644
index 000000000..42382547f
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/s3_msg.c
@@ -0,0 +1,104 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "ssl_locl.h"
+
+int ssl3_do_change_cipher_spec(SSL *s)
+{
+    int i;
+
+    if (s->server)
+        i = SSL3_CHANGE_CIPHER_SERVER_READ;
+    else
+        i = SSL3_CHANGE_CIPHER_CLIENT_READ;
+
+    if (s->s3->tmp.key_block == NULL) {
+        if (s->session == NULL || s->session->master_key_length == 0) {
+            /* might happen if dtls1_read_bytes() calls this */
+            SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, SSL_R_CCS_RECEIVED_EARLY);
+            return 0;
+        }
+
+        s->session->cipher = s->s3->tmp.new_cipher;
+        if (!s->method->ssl3_enc->setup_key_block(s))
+            return 0;
+    }
+
+    if (!s->method->ssl3_enc->change_cipher_state(s, i))
+        return 0;
+
+    return 1;
+}
+
+int ssl3_send_alert(SSL *s, int level, int desc)
+{
+    /* Map tls/ssl alert value to correct one */
+    if (SSL_TREAT_AS_TLS13(s))
+        desc = tls13_alert_code(desc);
+    else
+        desc = s->method->ssl3_enc->alert_value(desc);
+    if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION)
+        desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have
+                                          * protocol_version alerts */
+    if (desc < 0)
+        return -1;
+    /* If a fatal one, remove from cache */
+    if ((level == SSL3_AL_FATAL) && (s->session != NULL))
+        SSL_CTX_remove_session(s->session_ctx, s->session);
+
+    s->s3->alert_dispatch = 1;
+    s->s3->send_alert[0] = level;
+    s->s3->send_alert[1] = desc;
+    if (!RECORD_LAYER_write_pending(&s->rlayer)) {
+        /* data still being written out? */
+        return s->method->ssl_dispatch_alert(s);
+    }
+    /*
+     * else data is still being written out, we will get written some time in
+     * the future
+     */
+    return -1;
+}
+
+int ssl3_dispatch_alert(SSL *s)
+{
+    int i, j;
+    size_t alertlen;
+    void (*cb) (const SSL *ssl, int type, int val) = NULL;
+    size_t written;
+
+    s->s3->alert_dispatch = 0;
+    alertlen = 2;
+    i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], &alertlen, 1, 0,
+                      &written);
+    if (i <= 0) {
+        s->s3->alert_dispatch = 1;
+    } else {
+        /*
+         * Alert sent to BIO - now flush. If the message does not get sent due
+         * to non-blocking IO, we will not worry too much.
+         */
+        (void)BIO_flush(s->wbio);
+
+        if (s->msg_callback)
+            s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert,
+                            2, s, s->msg_callback_arg);
+
+        if (s->info_callback != NULL)
+            cb = s->info_callback;
+        else if (s->ctx->info_callback != NULL)
+            cb = s->ctx->info_callback;
+
+        if (cb != NULL) {
+            j = (s->s3->send_alert[0] << 8) | s->s3->send_alert[1];
+            cb(s, SSL_CB_WRITE_ALERT, j);
+        }
+    }
+    return i;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_asn1.c b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_asn1.c
new file mode 100644
index 000000000..b56c5e96c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_asn1.c
@@ -0,0 +1,393 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include "ssl_locl.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+
+typedef struct {
+    uint32_t version;
+    int32_t ssl_version;
+    ASN1_OCTET_STRING *cipher;
+    ASN1_OCTET_STRING *comp_id;
+    ASN1_OCTET_STRING *master_key;
+    ASN1_OCTET_STRING *session_id;
+    ASN1_OCTET_STRING *key_arg;
+    int64_t time;
+    int64_t timeout;
+    X509 *peer;
+    ASN1_OCTET_STRING *session_id_context;
+    int32_t verify_result;
+    ASN1_OCTET_STRING *tlsext_hostname;
+    uint64_t tlsext_tick_lifetime_hint;
+    uint32_t tlsext_tick_age_add;
+    ASN1_OCTET_STRING *tlsext_tick;
+#ifndef OPENSSL_NO_PSK
+    ASN1_OCTET_STRING *psk_identity_hint;
+    ASN1_OCTET_STRING *psk_identity;
+#endif
+#ifndef OPENSSL_NO_SRP
+    ASN1_OCTET_STRING *srp_username;
+#endif
+    uint64_t flags;
+    uint32_t max_early_data;
+    ASN1_OCTET_STRING *alpn_selected;
+    uint32_t tlsext_max_fragment_len_mode;
+    ASN1_OCTET_STRING *ticket_appdata;
+} SSL_SESSION_ASN1;
+
+ASN1_SEQUENCE(SSL_SESSION_ASN1) = {
+    ASN1_EMBED(SSL_SESSION_ASN1, version, UINT32),
+    ASN1_EMBED(SSL_SESSION_ASN1, ssl_version, INT32),
+    ASN1_SIMPLE(SSL_SESSION_ASN1, cipher, ASN1_OCTET_STRING),
+    ASN1_SIMPLE(SSL_SESSION_ASN1, session_id, ASN1_OCTET_STRING),
+    ASN1_SIMPLE(SSL_SESSION_ASN1, master_key, ASN1_OCTET_STRING),
+    ASN1_IMP_OPT(SSL_SESSION_ASN1, key_arg, ASN1_OCTET_STRING, 0),
+    ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, time, ZINT64, 1),
+    ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, timeout, ZINT64, 2),
+    ASN1_EXP_OPT(SSL_SESSION_ASN1, peer, X509, 3),
+    ASN1_EXP_OPT(SSL_SESSION_ASN1, session_id_context, ASN1_OCTET_STRING, 4),
+    ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, verify_result, ZINT32, 5),
+    ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_hostname, ASN1_OCTET_STRING, 6),
+#ifndef OPENSSL_NO_PSK
+    ASN1_EXP_OPT(SSL_SESSION_ASN1, psk_identity_hint, ASN1_OCTET_STRING, 7),
+    ASN1_EXP_OPT(SSL_SESSION_ASN1, psk_identity, ASN1_OCTET_STRING, 8),
+#endif
+    ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, tlsext_tick_lifetime_hint, ZUINT64, 9),
+    ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_tick, ASN1_OCTET_STRING, 10),
+    ASN1_EXP_OPT(SSL_SESSION_ASN1, comp_id, ASN1_OCTET_STRING, 11),
+#ifndef OPENSSL_NO_SRP
+    ASN1_EXP_OPT(SSL_SESSION_ASN1, srp_username, ASN1_OCTET_STRING, 12),
+#endif
+    ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, flags, ZUINT64, 13),
+    ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, tlsext_tick_age_add, ZUINT32, 14),
+    ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, max_early_data, ZUINT32, 15),
+    ASN1_EXP_OPT(SSL_SESSION_ASN1, alpn_selected, ASN1_OCTET_STRING, 16),
+    ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, tlsext_max_fragment_len_mode, ZUINT32, 17),
+    ASN1_EXP_OPT(SSL_SESSION_ASN1, ticket_appdata, ASN1_OCTET_STRING, 18)
+} static_ASN1_SEQUENCE_END(SSL_SESSION_ASN1)
+
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(SSL_SESSION_ASN1)
+
+/* Utility functions for i2d_SSL_SESSION */
+
+/* Initialise OCTET STRING from buffer and length */
+
+static void ssl_session_oinit(ASN1_OCTET_STRING **dest, ASN1_OCTET_STRING *os,
+                              unsigned char *data, size_t len)
+{
+    os->data = data;
+    os->length = (int)len;
+    os->flags = 0;
+    *dest = os;
+}
+
+/* Initialise OCTET STRING from string */
+static void ssl_session_sinit(ASN1_OCTET_STRING **dest, ASN1_OCTET_STRING *os,
+                              char *data)
+{
+    if (data != NULL)
+        ssl_session_oinit(dest, os, (unsigned char *)data, strlen(data));
+    else
+        *dest = NULL;
+}
+
+int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
+{
+
+    SSL_SESSION_ASN1 as;
+
+    ASN1_OCTET_STRING cipher;
+    unsigned char cipher_data[2];
+    ASN1_OCTET_STRING master_key, session_id, sid_ctx;
+
+#ifndef OPENSSL_NO_COMP
+    ASN1_OCTET_STRING comp_id;
+    unsigned char comp_id_data;
+#endif
+    ASN1_OCTET_STRING tlsext_hostname, tlsext_tick;
+#ifndef OPENSSL_NO_SRP
+    ASN1_OCTET_STRING srp_username;
+#endif
+#ifndef OPENSSL_NO_PSK
+    ASN1_OCTET_STRING psk_identity, psk_identity_hint;
+#endif
+    ASN1_OCTET_STRING alpn_selected;
+    ASN1_OCTET_STRING ticket_appdata;
+
+    long l;
+
+    if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0)))
+        return 0;
+
+    memset(&as, 0, sizeof(as));
+
+    as.version = SSL_SESSION_ASN1_VERSION;
+    as.ssl_version = in->ssl_version;
+
+    if (in->cipher == NULL)
+        l = in->cipher_id;
+    else
+        l = in->cipher->id;
+    cipher_data[0] = ((unsigned char)(l >> 8L)) & 0xff;
+    cipher_data[1] = ((unsigned char)(l)) & 0xff;
+
+    ssl_session_oinit(&as.cipher, &cipher, cipher_data, 2);
+
+#ifndef OPENSSL_NO_COMP
+    if (in->compress_meth) {
+        comp_id_data = (unsigned char)in->compress_meth;
+        ssl_session_oinit(&as.comp_id, &comp_id, &comp_id_data, 1);
+    }
+#endif
+
+    ssl_session_oinit(&as.master_key, &master_key,
+                      in->master_key, in->master_key_length);
+
+    ssl_session_oinit(&as.session_id, &session_id,
+                      in->session_id, in->session_id_length);
+
+    ssl_session_oinit(&as.session_id_context, &sid_ctx,
+                      in->sid_ctx, in->sid_ctx_length);
+
+    as.time = in->time;
+    as.timeout = in->timeout;
+    as.verify_result = in->verify_result;
+
+    as.peer = in->peer;
+
+    ssl_session_sinit(&as.tlsext_hostname, &tlsext_hostname,
+                      in->ext.hostname);
+    if (in->ext.tick) {
+        ssl_session_oinit(&as.tlsext_tick, &tlsext_tick,
+                          in->ext.tick, in->ext.ticklen);
+    }
+    if (in->ext.tick_lifetime_hint > 0)
+        as.tlsext_tick_lifetime_hint = in->ext.tick_lifetime_hint;
+    as.tlsext_tick_age_add = in->ext.tick_age_add;
+#ifndef OPENSSL_NO_PSK
+    ssl_session_sinit(&as.psk_identity_hint, &psk_identity_hint,
+                      in->psk_identity_hint);
+    ssl_session_sinit(&as.psk_identity, &psk_identity, in->psk_identity);
+#endif                          /* OPENSSL_NO_PSK */
+#ifndef OPENSSL_NO_SRP
+    ssl_session_sinit(&as.srp_username, &srp_username, in->srp_username);
+#endif                          /* OPENSSL_NO_SRP */
+
+    as.flags = in->flags;
+    as.max_early_data = in->ext.max_early_data;
+
+    if (in->ext.alpn_selected == NULL)
+        as.alpn_selected = NULL;
+    else
+        ssl_session_oinit(&as.alpn_selected, &alpn_selected,
+                          in->ext.alpn_selected, in->ext.alpn_selected_len);
+
+    as.tlsext_max_fragment_len_mode = in->ext.max_fragment_len_mode;
+
+    if (in->ticket_appdata == NULL)
+        as.ticket_appdata = NULL;
+    else
+        ssl_session_oinit(&as.ticket_appdata, &ticket_appdata,
+                          in->ticket_appdata, in->ticket_appdata_len);
+
+    return i2d_SSL_SESSION_ASN1(&as, pp);
+
+}
+
+/* Utility functions for d2i_SSL_SESSION */
+
+/* OPENSSL_strndup an OCTET STRING */
+
+static int ssl_session_strndup(char **pdst, ASN1_OCTET_STRING *src)
+{
+    OPENSSL_free(*pdst);
+    *pdst = NULL;
+    if (src == NULL)
+        return 1;
+    *pdst = OPENSSL_strndup((char *)src->data, src->length);
+    if (*pdst == NULL)
+        return 0;
+    return 1;
+}
+
+/* Copy an OCTET STRING, return error if it exceeds maximum length */
+
+static int ssl_session_memcpy(unsigned char *dst, size_t *pdstlen,
+                              ASN1_OCTET_STRING *src, size_t maxlen)
+{
+    if (src == NULL) {
+        *pdstlen = 0;
+        return 1;
+    }
+    if (src->length < 0 || src->length > (int)maxlen)
+        return 0;
+    memcpy(dst, src->data, src->length);
+    *pdstlen = src->length;
+    return 1;
+}
+
+SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
+                             long length)
+{
+    long id;
+    size_t tmpl;
+    const unsigned char *p = *pp;
+    SSL_SESSION_ASN1 *as = NULL;
+    SSL_SESSION *ret = NULL;
+
+    as = d2i_SSL_SESSION_ASN1(NULL, &p, length);
+    /* ASN.1 code returns suitable error */
+    if (as == NULL)
+        goto err;
+
+    if (!a || !*a) {
+        ret = SSL_SESSION_new();
+        if (ret == NULL)
+            goto err;
+    } else {
+        ret = *a;
+    }
+
+    if (as->version != SSL_SESSION_ASN1_VERSION) {
+        SSLerr(SSL_F_D2I_SSL_SESSION, SSL_R_UNKNOWN_SSL_VERSION);
+        goto err;
+    }
+
+    if ((as->ssl_version >> 8) != SSL3_VERSION_MAJOR
+        && (as->ssl_version >> 8) != DTLS1_VERSION_MAJOR
+        && as->ssl_version != DTLS1_BAD_VER) {
+        SSLerr(SSL_F_D2I_SSL_SESSION, SSL_R_UNSUPPORTED_SSL_VERSION);
+        goto err;
+    }
+
+    ret->ssl_version = (int)as->ssl_version;
+
+    if (as->cipher->length != 2) {
+        SSLerr(SSL_F_D2I_SSL_SESSION, SSL_R_CIPHER_CODE_WRONG_LENGTH);
+        goto err;
+    }
+
+    id = 0x03000000L | ((unsigned long)as->cipher->data[0] << 8L)
+                     | (unsigned long)as->cipher->data[1];
+
+    ret->cipher_id = id;
+    ret->cipher = ssl3_get_cipher_by_id(id);
+    if (ret->cipher == NULL)
+        goto err;
+
+    if (!ssl_session_memcpy(ret->session_id, &ret->session_id_length,
+                            as->session_id, SSL3_MAX_SSL_SESSION_ID_LENGTH))
+        goto err;
+
+    if (!ssl_session_memcpy(ret->master_key, &tmpl,
+                            as->master_key, TLS13_MAX_RESUMPTION_PSK_LENGTH))
+        goto err;
+
+    ret->master_key_length = tmpl;
+
+    if (as->time != 0)
+        ret->time = (long)as->time;
+    else
+        ret->time = (long)time(NULL);
+
+    if (as->timeout != 0)
+        ret->timeout = (long)as->timeout;
+    else
+        ret->timeout = 3;
+
+    X509_free(ret->peer);
+    ret->peer = as->peer;
+    as->peer = NULL;
+
+    if (!ssl_session_memcpy(ret->sid_ctx, &ret->sid_ctx_length,
+                            as->session_id_context, SSL_MAX_SID_CTX_LENGTH))
+        goto err;
+
+    /* NB: this defaults to zero which is X509_V_OK */
+    ret->verify_result = as->verify_result;
+
+    if (!ssl_session_strndup(&ret->ext.hostname, as->tlsext_hostname))
+        goto err;
+
+#ifndef OPENSSL_NO_PSK
+    if (!ssl_session_strndup(&ret->psk_identity_hint, as->psk_identity_hint))
+        goto err;
+    if (!ssl_session_strndup(&ret->psk_identity, as->psk_identity))
+        goto err;
+#endif
+
+    ret->ext.tick_lifetime_hint = (unsigned long)as->tlsext_tick_lifetime_hint;
+    ret->ext.tick_age_add = as->tlsext_tick_age_add;
+    OPENSSL_free(ret->ext.tick);
+    if (as->tlsext_tick != NULL) {
+        ret->ext.tick = as->tlsext_tick->data;
+        ret->ext.ticklen = as->tlsext_tick->length;
+        as->tlsext_tick->data = NULL;
+    } else {
+        ret->ext.tick = NULL;
+    }
+#ifndef OPENSSL_NO_COMP
+    if (as->comp_id) {
+        if (as->comp_id->length != 1) {
+            SSLerr(SSL_F_D2I_SSL_SESSION, SSL_R_BAD_LENGTH);
+            goto err;
+        }
+        ret->compress_meth = as->comp_id->data[0];
+    } else {
+        ret->compress_meth = 0;
+    }
+#endif
+
+#ifndef OPENSSL_NO_SRP
+    if (!ssl_session_strndup(&ret->srp_username, as->srp_username))
+        goto err;
+#endif                          /* OPENSSL_NO_SRP */
+    /* Flags defaults to zero which is fine */
+    ret->flags = (int32_t)as->flags;
+    ret->ext.max_early_data = as->max_early_data;
+
+    OPENSSL_free(ret->ext.alpn_selected);
+    if (as->alpn_selected != NULL) {
+        ret->ext.alpn_selected = as->alpn_selected->data;
+        ret->ext.alpn_selected_len = as->alpn_selected->length;
+        as->alpn_selected->data = NULL;
+    } else {
+        ret->ext.alpn_selected = NULL;
+        ret->ext.alpn_selected_len = 0;
+    }
+
+    ret->ext.max_fragment_len_mode = as->tlsext_max_fragment_len_mode;
+
+    OPENSSL_free(ret->ticket_appdata);
+    if (as->ticket_appdata != NULL) {
+        ret->ticket_appdata = as->ticket_appdata->data;
+        ret->ticket_appdata_len = as->ticket_appdata->length;
+        as->ticket_appdata->data = NULL;
+    } else {
+        ret->ticket_appdata = NULL;
+        ret->ticket_appdata_len = 0;
+    }
+
+    M_ASN1_free_of(as, SSL_SESSION_ASN1);
+
+    if ((a != NULL) && (*a == NULL))
+        *a = ret;
+    *pp = p;
+    return ret;
+
+ err:
+    M_ASN1_free_of(as, SSL_SESSION_ASN1);
+    if ((a == NULL) || (*a != ret))
+        SSL_SESSION_free(ret);
+    return NULL;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_cert.c b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_cert.c
new file mode 100644
index 000000000..331450789
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_cert.c
@@ -0,0 +1,1040 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <sys/types.h>
+
+#include "internal/nelem.h"
+#include "internal/o_dir.h"
+#include <openssl/bio.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/dh.h>
+#include <openssl/bn.h>
+#include <openssl/crypto.h>
+#include "internal/refcount.h"
+#include "ssl_locl.h"
+#include "ssl_cert_table.h"
+#include "internal/thread_once.h"
+
+static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
+                                         int op, int bits, int nid, void *other,
+                                         void *ex);
+
+static CRYPTO_ONCE ssl_x509_store_ctx_once = CRYPTO_ONCE_STATIC_INIT;
+static volatile int ssl_x509_store_ctx_idx = -1;
+
+DEFINE_RUN_ONCE_STATIC(ssl_x509_store_ctx_init)
+{
+    ssl_x509_store_ctx_idx = X509_STORE_CTX_get_ex_new_index(0,
+                                                             "SSL for verify callback",
+                                                             NULL, NULL, NULL);
+    return ssl_x509_store_ctx_idx >= 0;
+}
+
+int SSL_get_ex_data_X509_STORE_CTX_idx(void)
+{
+
+    if (!RUN_ONCE(&ssl_x509_store_ctx_once, ssl_x509_store_ctx_init))
+        return -1;
+    return ssl_x509_store_ctx_idx;
+}
+
+CERT *ssl_cert_new(void)
+{
+    CERT *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        SSLerr(SSL_F_SSL_CERT_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ret->key = &(ret->pkeys[SSL_PKEY_RSA]);
+    ret->references = 1;
+    ret->sec_cb = ssl_security_default_callback;
+    ret->sec_level = OPENSSL_TLS_SECURITY_LEVEL;
+    ret->sec_ex = NULL;
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        SSLerr(SSL_F_SSL_CERT_NEW, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+
+    return ret;
+}
+
+CERT *ssl_cert_dup(CERT *cert)
+{
+    CERT *ret = OPENSSL_zalloc(sizeof(*ret));
+    int i;
+
+    if (ret == NULL) {
+        SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ret->references = 1;
+    ret->key = &ret->pkeys[cert->key - cert->pkeys];
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+#ifndef OPENSSL_NO_DH
+    if (cert->dh_tmp != NULL) {
+        ret->dh_tmp = cert->dh_tmp;
+        EVP_PKEY_up_ref(ret->dh_tmp);
+    }
+    ret->dh_tmp_cb = cert->dh_tmp_cb;
+    ret->dh_tmp_auto = cert->dh_tmp_auto;
+#endif
+
+    for (i = 0; i < SSL_PKEY_NUM; i++) {
+        CERT_PKEY *cpk = cert->pkeys + i;
+        CERT_PKEY *rpk = ret->pkeys + i;
+        if (cpk->x509 != NULL) {
+            rpk->x509 = cpk->x509;
+            X509_up_ref(rpk->x509);
+        }
+
+        if (cpk->privatekey != NULL) {
+            rpk->privatekey = cpk->privatekey;
+            EVP_PKEY_up_ref(cpk->privatekey);
+        }
+
+        if (cpk->chain) {
+            rpk->chain = X509_chain_up_ref(cpk->chain);
+            if (!rpk->chain) {
+                SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+        }
+        if (cert->pkeys[i].serverinfo != NULL) {
+            /* Just copy everything. */
+            ret->pkeys[i].serverinfo =
+                OPENSSL_malloc(cert->pkeys[i].serverinfo_length);
+            if (ret->pkeys[i].serverinfo == NULL) {
+                SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            ret->pkeys[i].serverinfo_length = cert->pkeys[i].serverinfo_length;
+            memcpy(ret->pkeys[i].serverinfo,
+                   cert->pkeys[i].serverinfo, cert->pkeys[i].serverinfo_length);
+        }
+    }
+
+    /* Configured sigalgs copied across */
+    if (cert->conf_sigalgs) {
+        ret->conf_sigalgs = OPENSSL_malloc(cert->conf_sigalgslen
+                                           * sizeof(*cert->conf_sigalgs));
+        if (ret->conf_sigalgs == NULL)
+            goto err;
+        memcpy(ret->conf_sigalgs, cert->conf_sigalgs,
+               cert->conf_sigalgslen * sizeof(*cert->conf_sigalgs));
+        ret->conf_sigalgslen = cert->conf_sigalgslen;
+    } else
+        ret->conf_sigalgs = NULL;
+
+    if (cert->client_sigalgs) {
+        ret->client_sigalgs = OPENSSL_malloc(cert->client_sigalgslen
+                                             * sizeof(*cert->client_sigalgs));
+        if (ret->client_sigalgs == NULL)
+            goto err;
+        memcpy(ret->client_sigalgs, cert->client_sigalgs,
+               cert->client_sigalgslen * sizeof(*cert->client_sigalgs));
+        ret->client_sigalgslen = cert->client_sigalgslen;
+    } else
+        ret->client_sigalgs = NULL;
+    /* Shared sigalgs also NULL */
+    ret->shared_sigalgs = NULL;
+    /* Copy any custom client certificate types */
+    if (cert->ctype) {
+        ret->ctype = OPENSSL_memdup(cert->ctype, cert->ctype_len);
+        if (ret->ctype == NULL)
+            goto err;
+        ret->ctype_len = cert->ctype_len;
+    }
+
+    ret->cert_flags = cert->cert_flags;
+
+    ret->cert_cb = cert->cert_cb;
+    ret->cert_cb_arg = cert->cert_cb_arg;
+
+    if (cert->verify_store) {
+        X509_STORE_up_ref(cert->verify_store);
+        ret->verify_store = cert->verify_store;
+    }
+
+    if (cert->chain_store) {
+        X509_STORE_up_ref(cert->chain_store);
+        ret->chain_store = cert->chain_store;
+    }
+
+    ret->sec_cb = cert->sec_cb;
+    ret->sec_level = cert->sec_level;
+    ret->sec_ex = cert->sec_ex;
+
+    if (!custom_exts_copy(&ret->custext, &cert->custext))
+        goto err;
+#ifndef OPENSSL_NO_PSK
+    if (cert->psk_identity_hint) {
+        ret->psk_identity_hint = OPENSSL_strdup(cert->psk_identity_hint);
+        if (ret->psk_identity_hint == NULL)
+            goto err;
+    }
+#endif
+    return ret;
+
+ err:
+    ssl_cert_free(ret);
+
+    return NULL;
+}
+
+/* Free up and clear all certificates and chains */
+
+void ssl_cert_clear_certs(CERT *c)
+{
+    int i;
+    if (c == NULL)
+        return;
+    for (i = 0; i < SSL_PKEY_NUM; i++) {
+        CERT_PKEY *cpk = c->pkeys + i;
+        X509_free(cpk->x509);
+        cpk->x509 = NULL;
+        EVP_PKEY_free(cpk->privatekey);
+        cpk->privatekey = NULL;
+        sk_X509_pop_free(cpk->chain, X509_free);
+        cpk->chain = NULL;
+        OPENSSL_free(cpk->serverinfo);
+        cpk->serverinfo = NULL;
+        cpk->serverinfo_length = 0;
+    }
+}
+
+void ssl_cert_free(CERT *c)
+{
+    int i;
+
+    if (c == NULL)
+        return;
+    CRYPTO_DOWN_REF(&c->references, &i, c->lock);
+    REF_PRINT_COUNT("CERT", c);
+    if (i > 0)
+        return;
+    REF_ASSERT_ISNT(i < 0);
+
+#ifndef OPENSSL_NO_DH
+    EVP_PKEY_free(c->dh_tmp);
+#endif
+
+    ssl_cert_clear_certs(c);
+    OPENSSL_free(c->conf_sigalgs);
+    OPENSSL_free(c->client_sigalgs);
+    OPENSSL_free(c->shared_sigalgs);
+    OPENSSL_free(c->ctype);
+    X509_STORE_free(c->verify_store);
+    X509_STORE_free(c->chain_store);
+    custom_exts_free(&c->custext);
+#ifndef OPENSSL_NO_PSK
+    OPENSSL_free(c->psk_identity_hint);
+#endif
+    CRYPTO_THREAD_lock_free(c->lock);
+    OPENSSL_free(c);
+}
+
+int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain)
+{
+    int i, r;
+    CERT_PKEY *cpk = s ? s->cert->key : ctx->cert->key;
+    if (!cpk)
+        return 0;
+    for (i = 0; i < sk_X509_num(chain); i++) {
+        r = ssl_security_cert(s, ctx, sk_X509_value(chain, i), 0, 0);
+        if (r != 1) {
+            SSLerr(SSL_F_SSL_CERT_SET0_CHAIN, r);
+            return 0;
+        }
+    }
+    sk_X509_pop_free(cpk->chain, X509_free);
+    cpk->chain = chain;
+    return 1;
+}
+
+int ssl_cert_set1_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain)
+{
+    STACK_OF(X509) *dchain;
+    if (!chain)
+        return ssl_cert_set0_chain(s, ctx, NULL);
+    dchain = X509_chain_up_ref(chain);
+    if (!dchain)
+        return 0;
+    if (!ssl_cert_set0_chain(s, ctx, dchain)) {
+        sk_X509_pop_free(dchain, X509_free);
+        return 0;
+    }
+    return 1;
+}
+
+int ssl_cert_add0_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x)
+{
+    int r;
+    CERT_PKEY *cpk = s ? s->cert->key : ctx->cert->key;
+    if (!cpk)
+        return 0;
+    r = ssl_security_cert(s, ctx, x, 0, 0);
+    if (r != 1) {
+        SSLerr(SSL_F_SSL_CERT_ADD0_CHAIN_CERT, r);
+        return 0;
+    }
+    if (!cpk->chain)
+        cpk->chain = sk_X509_new_null();
+    if (!cpk->chain || !sk_X509_push(cpk->chain, x))
+        return 0;
+    return 1;
+}
+
+int ssl_cert_add1_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x)
+{
+    if (!ssl_cert_add0_chain_cert(s, ctx, x))
+        return 0;
+    X509_up_ref(x);
+    return 1;
+}
+
+int ssl_cert_select_current(CERT *c, X509 *x)
+{
+    int i;
+    if (x == NULL)
+        return 0;
+    for (i = 0; i < SSL_PKEY_NUM; i++) {
+        CERT_PKEY *cpk = c->pkeys + i;
+        if (cpk->x509 == x && cpk->privatekey) {
+            c->key = cpk;
+            return 1;
+        }
+    }
+
+    for (i = 0; i < SSL_PKEY_NUM; i++) {
+        CERT_PKEY *cpk = c->pkeys + i;
+        if (cpk->privatekey && cpk->x509 && !X509_cmp(cpk->x509, x)) {
+            c->key = cpk;
+            return 1;
+        }
+    }
+    return 0;
+}
+
+int ssl_cert_set_current(CERT *c, long op)
+{
+    int i, idx;
+    if (!c)
+        return 0;
+    if (op == SSL_CERT_SET_FIRST)
+        idx = 0;
+    else if (op == SSL_CERT_SET_NEXT) {
+        idx = (int)(c->key - c->pkeys + 1);
+        if (idx >= SSL_PKEY_NUM)
+            return 0;
+    } else
+        return 0;
+    for (i = idx; i < SSL_PKEY_NUM; i++) {
+        CERT_PKEY *cpk = c->pkeys + i;
+        if (cpk->x509 && cpk->privatekey) {
+            c->key = cpk;
+            return 1;
+        }
+    }
+    return 0;
+}
+
+void ssl_cert_set_cert_cb(CERT *c, int (*cb) (SSL *ssl, void *arg), void *arg)
+{
+    c->cert_cb = cb;
+    c->cert_cb_arg = arg;
+}
+
+int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk)
+{
+    X509 *x;
+    int i = 0;
+    X509_STORE *verify_store;
+    X509_STORE_CTX *ctx = NULL;
+    X509_VERIFY_PARAM *param;
+
+    if ((sk == NULL) || (sk_X509_num(sk) == 0))
+        return 0;
+
+    if (s->cert->verify_store)
+        verify_store = s->cert->verify_store;
+    else
+        verify_store = s->ctx->cert_store;
+
+    ctx = X509_STORE_CTX_new();
+    if (ctx == NULL) {
+        SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    x = sk_X509_value(sk, 0);
+    if (!X509_STORE_CTX_init(ctx, verify_store, x, sk)) {
+        SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, ERR_R_X509_LIB);
+        goto end;
+    }
+    param = X509_STORE_CTX_get0_param(ctx);
+    /*
+     * XXX: Separate @AUTHSECLEVEL and @TLSSECLEVEL would be useful at some
+     * point, for now a single @SECLEVEL sets the same policy for TLS crypto
+     * and PKI authentication.
+     */
+    X509_VERIFY_PARAM_set_auth_level(param, SSL_get_security_level(s));
+
+    /* Set suite B flags if needed */
+    X509_STORE_CTX_set_flags(ctx, tls1_suiteb(s));
+    if (!X509_STORE_CTX_set_ex_data
+        (ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s)) {
+        goto end;
+    }
+
+    /* Verify via DANE if enabled */
+    if (DANETLS_ENABLED(&s->dane))
+        X509_STORE_CTX_set0_dane(ctx, &s->dane);
+
+    /*
+     * We need to inherit the verify parameters. These can be determined by
+     * the context: if its a server it will verify SSL client certificates or
+     * vice versa.
+     */
+
+    X509_STORE_CTX_set_default(ctx, s->server ? "ssl_client" : "ssl_server");
+    /*
+     * Anything non-default in "s->param" should overwrite anything in the ctx.
+     */
+    X509_VERIFY_PARAM_set1(param, s->param);
+
+    if (s->verify_callback)
+        X509_STORE_CTX_set_verify_cb(ctx, s->verify_callback);
+
+    if (s->ctx->app_verify_callback != NULL)
+        i = s->ctx->app_verify_callback(ctx, s->ctx->app_verify_arg);
+    else
+        i = X509_verify_cert(ctx);
+
+    s->verify_result = X509_STORE_CTX_get_error(ctx);
+    sk_X509_pop_free(s->verified_chain, X509_free);
+    s->verified_chain = NULL;
+    if (X509_STORE_CTX_get0_chain(ctx) != NULL) {
+        s->verified_chain = X509_STORE_CTX_get1_chain(ctx);
+        if (s->verified_chain == NULL) {
+            SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, ERR_R_MALLOC_FAILURE);
+            i = 0;
+        }
+    }
+
+    /* Move peername from the store context params to the SSL handle's */
+    X509_VERIFY_PARAM_move_peername(s->param, param);
+
+ end:
+    X509_STORE_CTX_free(ctx);
+    return i;
+}
+
+static void set0_CA_list(STACK_OF(X509_NAME) **ca_list,
+                        STACK_OF(X509_NAME) *name_list)
+{
+    sk_X509_NAME_pop_free(*ca_list, X509_NAME_free);
+    *ca_list = name_list;
+}
+
+STACK_OF(X509_NAME) *SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk)
+{
+    int i;
+    const int num = sk_X509_NAME_num(sk);
+    STACK_OF(X509_NAME) *ret;
+    X509_NAME *name;
+
+    ret = sk_X509_NAME_new_reserve(NULL, num);
+    if (ret == NULL) {
+        SSLerr(SSL_F_SSL_DUP_CA_LIST, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    for (i = 0; i < num; i++) {
+        name = X509_NAME_dup(sk_X509_NAME_value(sk, i));
+        if (name == NULL) {
+            SSLerr(SSL_F_SSL_DUP_CA_LIST, ERR_R_MALLOC_FAILURE);
+            sk_X509_NAME_pop_free(ret, X509_NAME_free);
+            return NULL;
+        }
+        sk_X509_NAME_push(ret, name);   /* Cannot fail after reserve call */
+    }
+    return ret;
+}
+
+void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list)
+{
+    set0_CA_list(&s->ca_names, name_list);
+}
+
+void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list)
+{
+    set0_CA_list(&ctx->ca_names, name_list);
+}
+
+const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx)
+{
+    return ctx->ca_names;
+}
+
+const STACK_OF(X509_NAME) *SSL_get0_CA_list(const SSL *s)
+{
+    return s->ca_names != NULL ? s->ca_names : s->ctx->ca_names;
+}
+
+void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list)
+{
+    set0_CA_list(&ctx->client_ca_names, name_list);
+}
+
+STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx)
+{
+    return ctx->client_ca_names;
+}
+
+void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list)
+{
+    set0_CA_list(&s->client_ca_names, name_list);
+}
+
+const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s)
+{
+    return s->s3 != NULL ? s->s3->tmp.peer_ca_names : NULL;
+}
+
+STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s)
+{
+    if (!s->server)
+        return s->s3 != NULL ?  s->s3->tmp.peer_ca_names : NULL;
+    return s->client_ca_names != NULL ?  s->client_ca_names
+                                      : s->ctx->client_ca_names;
+}
+
+static int add_ca_name(STACK_OF(X509_NAME) **sk, const X509 *x)
+{
+    X509_NAME *name;
+
+    if (x == NULL)
+        return 0;
+    if (*sk == NULL && ((*sk = sk_X509_NAME_new_null()) == NULL))
+        return 0;
+
+    if ((name = X509_NAME_dup(X509_get_subject_name(x))) == NULL)
+        return 0;
+
+    if (!sk_X509_NAME_push(*sk, name)) {
+        X509_NAME_free(name);
+        return 0;
+    }
+    return 1;
+}
+
+int SSL_add1_to_CA_list(SSL *ssl, const X509 *x)
+{
+    return add_ca_name(&ssl->ca_names, x);
+}
+
+int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x)
+{
+    return add_ca_name(&ctx->ca_names, x);
+}
+
+/*
+ * The following two are older names are to be replaced with
+ * SSL(_CTX)_add1_to_CA_list
+ */
+int SSL_add_client_CA(SSL *ssl, X509 *x)
+{
+    return add_ca_name(&ssl->client_ca_names, x);
+}
+
+int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
+{
+    return add_ca_name(&ctx->client_ca_names, x);
+}
+
+static int xname_cmp(const X509_NAME *a, const X509_NAME *b)
+{
+    unsigned char *abuf = NULL, *bbuf = NULL;
+    int alen, blen, ret;
+
+    /* X509_NAME_cmp() itself casts away constness in this way, so
+     * assume it's safe:
+     */
+    alen = i2d_X509_NAME((X509_NAME *)a, &abuf);
+    blen = i2d_X509_NAME((X509_NAME *)b, &bbuf);
+
+    if (alen < 0 || blen < 0)
+        ret = -2;
+    else if (alen != blen)
+        ret = alen - blen;
+    else /* alen == blen */
+        ret = memcmp(abuf, bbuf, alen);
+
+    OPENSSL_free(abuf);
+    OPENSSL_free(bbuf);
+
+    return ret;
+}
+
+static int xname_sk_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
+{
+    return xname_cmp(*a, *b);
+}
+
+static unsigned long xname_hash(const X509_NAME *a)
+{
+    return X509_NAME_hash((X509_NAME *)a);
+}
+
+/**
+ * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed;
+ * it doesn't really have anything to do with clients (except that a common use
+ * for a stack of CAs is to send it to the client). Actually, it doesn't have
+ * much to do with CAs, either, since it will load any old cert.
+ * \param file the file containing one or more certs.
+ * \return a ::STACK containing the certs.
+ */
+STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
+{
+    BIO *in = BIO_new(BIO_s_file());
+    X509 *x = NULL;
+    X509_NAME *xn = NULL;
+    STACK_OF(X509_NAME) *ret = NULL;
+    LHASH_OF(X509_NAME) *name_hash = lh_X509_NAME_new(xname_hash, xname_cmp);
+
+    if ((name_hash == NULL) || (in == NULL)) {
+        SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (!BIO_read_filename(in, file))
+        goto err;
+
+    for (;;) {
+        if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL)
+            break;
+        if (ret == NULL) {
+            ret = sk_X509_NAME_new_null();
+            if (ret == NULL) {
+                SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+        }
+        if ((xn = X509_get_subject_name(x)) == NULL)
+            goto err;
+        /* check for duplicates */
+        xn = X509_NAME_dup(xn);
+        if (xn == NULL)
+            goto err;
+        if (lh_X509_NAME_retrieve(name_hash, xn) != NULL) {
+            /* Duplicate. */
+            X509_NAME_free(xn);
+            xn = NULL;
+        } else {
+            lh_X509_NAME_insert(name_hash, xn);
+            if (!sk_X509_NAME_push(ret, xn))
+                goto err;
+        }
+    }
+    goto done;
+
+ err:
+    X509_NAME_free(xn);
+    sk_X509_NAME_pop_free(ret, X509_NAME_free);
+    ret = NULL;
+ done:
+    BIO_free(in);
+    X509_free(x);
+    lh_X509_NAME_free(name_hash);
+    if (ret != NULL)
+        ERR_clear_error();
+    return ret;
+}
+
+/**
+ * Add a file of certs to a stack.
+ * \param stack the stack to add to.
+ * \param file the file to add from. All certs in this file that are not
+ * already in the stack will be added.
+ * \return 1 for success, 0 for failure. Note that in the case of failure some
+ * certs may have been added to \c stack.
+ */
+
+int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
+                                        const char *file)
+{
+    BIO *in;
+    X509 *x = NULL;
+    X509_NAME *xn = NULL;
+    int ret = 1;
+    int (*oldcmp) (const X509_NAME *const *a, const X509_NAME *const *b);
+
+    oldcmp = sk_X509_NAME_set_cmp_func(stack, xname_sk_cmp);
+
+    in = BIO_new(BIO_s_file());
+
+    if (in == NULL) {
+        SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (!BIO_read_filename(in, file))
+        goto err;
+
+    for (;;) {
+        if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL)
+            break;
+        if ((xn = X509_get_subject_name(x)) == NULL)
+            goto err;
+        xn = X509_NAME_dup(xn);
+        if (xn == NULL)
+            goto err;
+        if (sk_X509_NAME_find(stack, xn) >= 0) {
+            /* Duplicate. */
+            X509_NAME_free(xn);
+        } else if (!sk_X509_NAME_push(stack, xn)) {
+            X509_NAME_free(xn);
+            goto err;
+        }
+    }
+
+    ERR_clear_error();
+    goto done;
+
+ err:
+    ret = 0;
+ done:
+    BIO_free(in);
+    X509_free(x);
+    (void)sk_X509_NAME_set_cmp_func(stack, oldcmp);
+    return ret;
+}
+
+/**
+ * Add a directory of certs to a stack.
+ * \param stack the stack to append to.
+ * \param dir the directory to append from. All files in this directory will be
+ * examined as potential certs. Any that are acceptable to
+ * SSL_add_dir_cert_subjects_to_stack() that are not already in the stack will be
+ * included.
+ * \return 1 for success, 0 for failure. Note that in the case of failure some
+ * certs may have been added to \c stack.
+ */
+
+int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
+                                       const char *dir)
+{
+    OPENSSL_DIR_CTX *d = NULL;
+    const char *filename;
+    int ret = 0;
+
+    /* Note that a side effect is that the CAs will be sorted by name */
+
+    while ((filename = OPENSSL_DIR_read(&d, dir))) {
+        char buf[1024];
+        int r;
+
+        if (strlen(dir) + strlen(filename) + 2 > sizeof(buf)) {
+            SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,
+                   SSL_R_PATH_TOO_LONG);
+            goto err;
+        }
+#ifdef OPENSSL_SYS_VMS
+        r = BIO_snprintf(buf, sizeof(buf), "%s%s", dir, filename);
+#else
+        r = BIO_snprintf(buf, sizeof(buf), "%s/%s", dir, filename);
+#endif
+        if (r <= 0 || r >= (int)sizeof(buf))
+            goto err;
+        if (!SSL_add_file_cert_subjects_to_stack(stack, buf))
+            goto err;
+    }
+
+    if (errno) {
+        SYSerr(SYS_F_OPENDIR, get_last_sys_error());
+        ERR_add_error_data(3, "OPENSSL_DIR_read(&ctx, '", dir, "')");
+        SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB);
+        goto err;
+    }
+
+    ret = 1;
+
+ err:
+    if (d)
+        OPENSSL_DIR_end(&d);
+
+    return ret;
+}
+
+/* Build a certificate chain for current certificate */
+int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags)
+{
+    CERT *c = s ? s->cert : ctx->cert;
+    CERT_PKEY *cpk = c->key;
+    X509_STORE *chain_store = NULL;
+    X509_STORE_CTX *xs_ctx = NULL;
+    STACK_OF(X509) *chain = NULL, *untrusted = NULL;
+    X509 *x;
+    int i, rv = 0;
+
+    if (!cpk->x509) {
+        SSLerr(SSL_F_SSL_BUILD_CERT_CHAIN, SSL_R_NO_CERTIFICATE_SET);
+        goto err;
+    }
+    /* Rearranging and check the chain: add everything to a store */
+    if (flags & SSL_BUILD_CHAIN_FLAG_CHECK) {
+        chain_store = X509_STORE_new();
+        if (chain_store == NULL)
+            goto err;
+        for (i = 0; i < sk_X509_num(cpk->chain); i++) {
+            x = sk_X509_value(cpk->chain, i);
+            if (!X509_STORE_add_cert(chain_store, x))
+                goto err;
+        }
+        /* Add EE cert too: it might be self signed */
+        if (!X509_STORE_add_cert(chain_store, cpk->x509))
+            goto err;
+    } else {
+        if (c->chain_store)
+            chain_store = c->chain_store;
+        else if (s)
+            chain_store = s->ctx->cert_store;
+        else
+            chain_store = ctx->cert_store;
+
+        if (flags & SSL_BUILD_CHAIN_FLAG_UNTRUSTED)
+            untrusted = cpk->chain;
+    }
+
+    xs_ctx = X509_STORE_CTX_new();
+    if (xs_ctx == NULL) {
+        SSLerr(SSL_F_SSL_BUILD_CERT_CHAIN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (!X509_STORE_CTX_init(xs_ctx, chain_store, cpk->x509, untrusted)) {
+        SSLerr(SSL_F_SSL_BUILD_CERT_CHAIN, ERR_R_X509_LIB);
+        goto err;
+    }
+    /* Set suite B flags if needed */
+    X509_STORE_CTX_set_flags(xs_ctx,
+                             c->cert_flags & SSL_CERT_FLAG_SUITEB_128_LOS);
+
+    i = X509_verify_cert(xs_ctx);
+    if (i <= 0 && flags & SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR) {
+        if (flags & SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR)
+            ERR_clear_error();
+        i = 1;
+        rv = 2;
+    }
+    if (i > 0)
+        chain = X509_STORE_CTX_get1_chain(xs_ctx);
+    if (i <= 0) {
+        SSLerr(SSL_F_SSL_BUILD_CERT_CHAIN, SSL_R_CERTIFICATE_VERIFY_FAILED);
+        i = X509_STORE_CTX_get_error(xs_ctx);
+        ERR_add_error_data(2, "Verify error:",
+                           X509_verify_cert_error_string(i));
+
+        goto err;
+    }
+    /* Remove EE certificate from chain */
+    x = sk_X509_shift(chain);
+    X509_free(x);
+    if (flags & SSL_BUILD_CHAIN_FLAG_NO_ROOT) {
+        if (sk_X509_num(chain) > 0) {
+            /* See if last cert is self signed */
+            x = sk_X509_value(chain, sk_X509_num(chain) - 1);
+            if (X509_get_extension_flags(x) & EXFLAG_SS) {
+                x = sk_X509_pop(chain);
+                X509_free(x);
+            }
+        }
+    }
+    /*
+     * Check security level of all CA certificates: EE will have been checked
+     * already.
+     */
+    for (i = 0; i < sk_X509_num(chain); i++) {
+        x = sk_X509_value(chain, i);
+        rv = ssl_security_cert(s, ctx, x, 0, 0);
+        if (rv != 1) {
+            SSLerr(SSL_F_SSL_BUILD_CERT_CHAIN, rv);
+            sk_X509_pop_free(chain, X509_free);
+            rv = 0;
+            goto err;
+        }
+    }
+    sk_X509_pop_free(cpk->chain, X509_free);
+    cpk->chain = chain;
+    if (rv == 0)
+        rv = 1;
+ err:
+    if (flags & SSL_BUILD_CHAIN_FLAG_CHECK)
+        X509_STORE_free(chain_store);
+    X509_STORE_CTX_free(xs_ctx);
+
+    return rv;
+}
+
+int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, int ref)
+{
+    X509_STORE **pstore;
+    if (chain)
+        pstore = &c->chain_store;
+    else
+        pstore = &c->verify_store;
+    X509_STORE_free(*pstore);
+    *pstore = store;
+    if (ref && store)
+        X509_STORE_up_ref(store);
+    return 1;
+}
+
+static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
+                                         int op, int bits, int nid, void *other,
+                                         void *ex)
+{
+    int level, minbits;
+    static const int minbits_table[5] = { 80, 112, 128, 192, 256 };
+    if (ctx)
+        level = SSL_CTX_get_security_level(ctx);
+    else
+        level = SSL_get_security_level(s);
+
+    if (level <= 0) {
+        /*
+         * No EDH keys weaker than 1024-bits even at level 0, otherwise,
+         * anything goes.
+         */
+        if (op == SSL_SECOP_TMP_DH && bits < 80)
+            return 0;
+        return 1;
+    }
+    if (level > 5)
+        level = 5;
+    minbits = minbits_table[level - 1];
+    switch (op) {
+    case SSL_SECOP_CIPHER_SUPPORTED:
+    case SSL_SECOP_CIPHER_SHARED:
+    case SSL_SECOP_CIPHER_CHECK:
+        {
+            const SSL_CIPHER *c = other;
+            /* No ciphers below security level */
+            if (bits < minbits)
+                return 0;
+            /* No unauthenticated ciphersuites */
+            if (c->algorithm_auth & SSL_aNULL)
+                return 0;
+            /* No MD5 mac ciphersuites */
+            if (c->algorithm_mac & SSL_MD5)
+                return 0;
+            /* SHA1 HMAC is 160 bits of security */
+            if (minbits > 160 && c->algorithm_mac & SSL_SHA1)
+                return 0;
+            /* Level 2: no RC4 */
+            if (level >= 2 && c->algorithm_enc == SSL_RC4)
+                return 0;
+            /* Level 3: forward secure ciphersuites only */
+            if (level >= 3 && c->min_tls != TLS1_3_VERSION &&
+                               !(c->algorithm_mkey & (SSL_kEDH | SSL_kEECDH)))
+                return 0;
+            break;
+        }
+    case SSL_SECOP_VERSION:
+        if (!SSL_IS_DTLS(s)) {
+            /* SSLv3 not allowed at level 2 */
+            if (nid <= SSL3_VERSION && level >= 2)
+                return 0;
+            /* TLS v1.1 and above only for level 3 */
+            if (nid <= TLS1_VERSION && level >= 3)
+                return 0;
+            /* TLS v1.2 only for level 4 and above */
+            if (nid <= TLS1_1_VERSION && level >= 4)
+                return 0;
+        } else {
+            /* DTLS v1.2 only for level 4 and above */
+            if (DTLS_VERSION_LT(nid, DTLS1_2_VERSION) && level >= 4)
+                return 0;
+        }
+        break;
+
+    case SSL_SECOP_COMPRESSION:
+        if (level >= 2)
+            return 0;
+        break;
+    case SSL_SECOP_TICKET:
+        if (level >= 3)
+            return 0;
+        break;
+    default:
+        if (bits < minbits)
+            return 0;
+    }
+    return 1;
+}
+
+int ssl_security(const SSL *s, int op, int bits, int nid, void *other)
+{
+    return s->cert->sec_cb(s, NULL, op, bits, nid, other, s->cert->sec_ex);
+}
+
+int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid, void *other)
+{
+    return ctx->cert->sec_cb(NULL, ctx, op, bits, nid, other,
+                             ctx->cert->sec_ex);
+}
+
+int ssl_cert_lookup_by_nid(int nid, size_t *pidx)
+{
+    size_t i;
+
+    for (i = 0; i < OSSL_NELEM(ssl_cert_info); i++) {
+        if (ssl_cert_info[i].nid == nid) {
+            *pidx = i;
+            return 1;
+        }
+    }
+
+    return 0;
+}
+
+const SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk, size_t *pidx)
+{
+    int nid = EVP_PKEY_id(pk);
+    size_t tmpidx;
+
+    if (nid == NID_undef)
+        return NULL;
+
+    if (!ssl_cert_lookup_by_nid(nid, &tmpidx))
+        return NULL;
+
+    if (pidx != NULL)
+        *pidx = tmpidx;
+
+    return &ssl_cert_info[tmpidx];
+}
+
+const SSL_CERT_LOOKUP *ssl_cert_lookup_by_idx(size_t idx)
+{
+    if (idx >= OSSL_NELEM(ssl_cert_info))
+        return NULL;
+    return &ssl_cert_info[idx];
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_cert_table.h b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_cert_table.h
new file mode 100644
index 000000000..0c47241c0
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_cert_table.h
@@ -0,0 +1,23 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Certificate table information. NB: table entries must match SSL_PKEY indices
+ */
+static const SSL_CERT_LOOKUP ssl_cert_info [] = {
+    {EVP_PKEY_RSA, SSL_aRSA}, /* SSL_PKEY_RSA */
+    {EVP_PKEY_RSA_PSS, SSL_aRSA}, /* SSL_PKEY_RSA_PSS_SIGN */
+    {EVP_PKEY_DSA, SSL_aDSS}, /* SSL_PKEY_DSA_SIGN */
+    {EVP_PKEY_EC, SSL_aECDSA}, /* SSL_PKEY_ECC */
+    {NID_id_GostR3410_2001, SSL_aGOST01}, /* SSL_PKEY_GOST01 */
+    {NID_id_GostR3410_2012_256, SSL_aGOST12}, /* SSL_PKEY_GOST12_256 */
+    {NID_id_GostR3410_2012_512, SSL_aGOST12}, /* SSL_PKEY_GOST12_512 */
+    {EVP_PKEY_ED25519, SSL_aECDSA}, /* SSL_PKEY_ED25519 */
+    {EVP_PKEY_ED448, SSL_aECDSA} /* SSL_PKEY_ED448 */
+};
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_ciph.c b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_ciph.c
new file mode 100644
index 000000000..b60d67aa0
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_ciph.c
@@ -0,0 +1,2163 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include <openssl/objects.h>
+#include <openssl/comp.h>
+#include <openssl/engine.h>
+#include <openssl/crypto.h>
+#include <openssl/conf.h>
+#include "internal/nelem.h"
+#include "ssl_locl.h"
+#include "internal/thread_once.h"
+#include "internal/cryptlib.h"
+
+#define SSL_ENC_DES_IDX         0
+#define SSL_ENC_3DES_IDX        1
+#define SSL_ENC_RC4_IDX         2
+#define SSL_ENC_RC2_IDX         3
+#define SSL_ENC_IDEA_IDX        4
+#define SSL_ENC_NULL_IDX        5
+#define SSL_ENC_AES128_IDX      6
+#define SSL_ENC_AES256_IDX      7
+#define SSL_ENC_CAMELLIA128_IDX 8
+#define SSL_ENC_CAMELLIA256_IDX 9
+#define SSL_ENC_GOST89_IDX      10
+#define SSL_ENC_SEED_IDX        11
+#define SSL_ENC_AES128GCM_IDX   12
+#define SSL_ENC_AES256GCM_IDX   13
+#define SSL_ENC_AES128CCM_IDX   14
+#define SSL_ENC_AES256CCM_IDX   15
+#define SSL_ENC_AES128CCM8_IDX  16
+#define SSL_ENC_AES256CCM8_IDX  17
+#define SSL_ENC_GOST8912_IDX    18
+#define SSL_ENC_CHACHA_IDX      19
+#define SSL_ENC_ARIA128GCM_IDX  20
+#define SSL_ENC_ARIA256GCM_IDX  21
+#define SSL_ENC_NUM_IDX         22
+
+/* NB: make sure indices in these tables match values above */
+
+typedef struct {
+    uint32_t mask;
+    int nid;
+} ssl_cipher_table;
+
+/* Table of NIDs for each cipher */
+static const ssl_cipher_table ssl_cipher_table_cipher[SSL_ENC_NUM_IDX] = {
+    {SSL_DES, NID_des_cbc},     /* SSL_ENC_DES_IDX 0 */
+    {SSL_3DES, NID_des_ede3_cbc}, /* SSL_ENC_3DES_IDX 1 */
+    {SSL_RC4, NID_rc4},         /* SSL_ENC_RC4_IDX 2 */
+    {SSL_RC2, NID_rc2_cbc},     /* SSL_ENC_RC2_IDX 3 */
+    {SSL_IDEA, NID_idea_cbc},   /* SSL_ENC_IDEA_IDX 4 */
+    {SSL_eNULL, NID_undef},     /* SSL_ENC_NULL_IDX 5 */
+    {SSL_AES128, NID_aes_128_cbc}, /* SSL_ENC_AES128_IDX 6 */
+    {SSL_AES256, NID_aes_256_cbc}, /* SSL_ENC_AES256_IDX 7 */
+    {SSL_CAMELLIA128, NID_camellia_128_cbc}, /* SSL_ENC_CAMELLIA128_IDX 8 */
+    {SSL_CAMELLIA256, NID_camellia_256_cbc}, /* SSL_ENC_CAMELLIA256_IDX 9 */
+    {SSL_eGOST2814789CNT, NID_gost89_cnt}, /* SSL_ENC_GOST89_IDX 10 */
+    {SSL_SEED, NID_seed_cbc},   /* SSL_ENC_SEED_IDX 11 */
+    {SSL_AES128GCM, NID_aes_128_gcm}, /* SSL_ENC_AES128GCM_IDX 12 */
+    {SSL_AES256GCM, NID_aes_256_gcm}, /* SSL_ENC_AES256GCM_IDX 13 */
+    {SSL_AES128CCM, NID_aes_128_ccm}, /* SSL_ENC_AES128CCM_IDX 14 */
+    {SSL_AES256CCM, NID_aes_256_ccm}, /* SSL_ENC_AES256CCM_IDX 15 */
+    {SSL_AES128CCM8, NID_aes_128_ccm}, /* SSL_ENC_AES128CCM8_IDX 16 */
+    {SSL_AES256CCM8, NID_aes_256_ccm}, /* SSL_ENC_AES256CCM8_IDX 17 */
+    {SSL_eGOST2814789CNT12, NID_gost89_cnt_12}, /* SSL_ENC_GOST8912_IDX 18 */
+    {SSL_CHACHA20POLY1305, NID_chacha20_poly1305}, /* SSL_ENC_CHACHA_IDX 19 */
+    {SSL_ARIA128GCM, NID_aria_128_gcm}, /* SSL_ENC_ARIA128GCM_IDX 20 */
+    {SSL_ARIA256GCM, NID_aria_256_gcm}, /* SSL_ENC_ARIA256GCM_IDX 21 */
+};
+
+static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX];
+
+#define SSL_COMP_NULL_IDX       0
+#define SSL_COMP_ZLIB_IDX       1
+#define SSL_COMP_NUM_IDX        2
+
+static STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
+
+#ifndef OPENSSL_NO_COMP
+static CRYPTO_ONCE ssl_load_builtin_comp_once = CRYPTO_ONCE_STATIC_INIT;
+#endif
+
+/*
+ * Constant SSL_MAX_DIGEST equal to size of digests array should be defined
+ * in the ssl_locl.h
+ */
+
+#define SSL_MD_NUM_IDX  SSL_MAX_DIGEST
+
+/* NB: make sure indices in this table matches values above */
+static const ssl_cipher_table ssl_cipher_table_mac[SSL_MD_NUM_IDX] = {
+    {SSL_MD5, NID_md5},         /* SSL_MD_MD5_IDX 0 */
+    {SSL_SHA1, NID_sha1},       /* SSL_MD_SHA1_IDX 1 */
+    {SSL_GOST94, NID_id_GostR3411_94}, /* SSL_MD_GOST94_IDX 2 */
+    {SSL_GOST89MAC, NID_id_Gost28147_89_MAC}, /* SSL_MD_GOST89MAC_IDX 3 */
+    {SSL_SHA256, NID_sha256},   /* SSL_MD_SHA256_IDX 4 */
+    {SSL_SHA384, NID_sha384},   /* SSL_MD_SHA384_IDX 5 */
+    {SSL_GOST12_256, NID_id_GostR3411_2012_256}, /* SSL_MD_GOST12_256_IDX 6 */
+    {SSL_GOST89MAC12, NID_gost_mac_12}, /* SSL_MD_GOST89MAC12_IDX 7 */
+    {SSL_GOST12_512, NID_id_GostR3411_2012_512}, /* SSL_MD_GOST12_512_IDX 8 */
+    {0, NID_md5_sha1},          /* SSL_MD_MD5_SHA1_IDX 9 */
+    {0, NID_sha224},            /* SSL_MD_SHA224_IDX 10 */
+    {0, NID_sha512}             /* SSL_MD_SHA512_IDX 11 */
+};
+
+static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = {
+    NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
+};
+
+/* *INDENT-OFF* */
+static const ssl_cipher_table ssl_cipher_table_kx[] = {
+    {SSL_kRSA,      NID_kx_rsa},
+    {SSL_kECDHE,    NID_kx_ecdhe},
+    {SSL_kDHE,      NID_kx_dhe},
+    {SSL_kECDHEPSK, NID_kx_ecdhe_psk},
+    {SSL_kDHEPSK,   NID_kx_dhe_psk},
+    {SSL_kRSAPSK,   NID_kx_rsa_psk},
+    {SSL_kPSK,      NID_kx_psk},
+    {SSL_kSRP,      NID_kx_srp},
+    {SSL_kGOST,     NID_kx_gost},
+    {SSL_kANY,      NID_kx_any}
+};
+
+static const ssl_cipher_table ssl_cipher_table_auth[] = {
+    {SSL_aRSA,    NID_auth_rsa},
+    {SSL_aECDSA,  NID_auth_ecdsa},
+    {SSL_aPSK,    NID_auth_psk},
+    {SSL_aDSS,    NID_auth_dss},
+    {SSL_aGOST01, NID_auth_gost01},
+    {SSL_aGOST12, NID_auth_gost12},
+    {SSL_aSRP,    NID_auth_srp},
+    {SSL_aNULL,   NID_auth_null},
+    {SSL_aANY,    NID_auth_any}
+};
+/* *INDENT-ON* */
+
+/* Utility function for table lookup */
+static int ssl_cipher_info_find(const ssl_cipher_table * table,
+                                size_t table_cnt, uint32_t mask)
+{
+    size_t i;
+    for (i = 0; i < table_cnt; i++, table++) {
+        if (table->mask == mask)
+            return (int)i;
+    }
+    return -1;
+}
+
+#define ssl_cipher_info_lookup(table, x) \
+    ssl_cipher_info_find(table, OSSL_NELEM(table), x)
+
+/*
+ * PKEY_TYPE for GOST89MAC is known in advance, but, because implementation
+ * is engine-provided, we'll fill it only if corresponding EVP_PKEY_METHOD is
+ * found
+ */
+static int ssl_mac_pkey_id[SSL_MD_NUM_IDX] = {
+    /* MD5, SHA, GOST94, MAC89 */
+    EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, NID_undef,
+    /* SHA256, SHA384, GOST2012_256, MAC89-12 */
+    EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, NID_undef,
+    /* GOST2012_512 */
+    EVP_PKEY_HMAC,
+    /* MD5/SHA1, SHA224, SHA512 */
+    NID_undef, NID_undef, NID_undef
+};
+
+static size_t ssl_mac_secret_size[SSL_MD_NUM_IDX];
+
+#define CIPHER_ADD      1
+#define CIPHER_KILL     2
+#define CIPHER_DEL      3
+#define CIPHER_ORD      4
+#define CIPHER_SPECIAL  5
+/*
+ * Bump the ciphers to the top of the list.
+ * This rule isn't currently supported by the public cipherstring API.
+ */
+#define CIPHER_BUMP     6
+
+typedef struct cipher_order_st {
+    const SSL_CIPHER *cipher;
+    int active;
+    int dead;
+    struct cipher_order_st *next, *prev;
+} CIPHER_ORDER;
+
+static const SSL_CIPHER cipher_aliases[] = {
+    /* "ALL" doesn't include eNULL (must be specifically enabled) */
+    {0, SSL_TXT_ALL, NULL, 0, 0, 0, ~SSL_eNULL},
+    /* "COMPLEMENTOFALL" */
+    {0, SSL_TXT_CMPALL, NULL, 0, 0, 0, SSL_eNULL},
+
+    /*
+     * "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in
+     * ALL!)
+     */
+    {0, SSL_TXT_CMPDEF, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_NOT_DEFAULT},
+
+    /*
+     * key exchange aliases (some of those using only a single bit here
+     * combine multiple key exchange algs according to the RFCs, e.g. kDHE
+     * combines DHE_DSS and DHE_RSA)
+     */
+    {0, SSL_TXT_kRSA, NULL, 0, SSL_kRSA},
+
+    {0, SSL_TXT_kEDH, NULL, 0, SSL_kDHE},
+    {0, SSL_TXT_kDHE, NULL, 0, SSL_kDHE},
+    {0, SSL_TXT_DH, NULL, 0, SSL_kDHE},
+
+    {0, SSL_TXT_kEECDH, NULL, 0, SSL_kECDHE},
+    {0, SSL_TXT_kECDHE, NULL, 0, SSL_kECDHE},
+    {0, SSL_TXT_ECDH, NULL, 0, SSL_kECDHE},
+
+    {0, SSL_TXT_kPSK, NULL, 0, SSL_kPSK},
+    {0, SSL_TXT_kRSAPSK, NULL, 0, SSL_kRSAPSK},
+    {0, SSL_TXT_kECDHEPSK, NULL, 0, SSL_kECDHEPSK},
+    {0, SSL_TXT_kDHEPSK, NULL, 0, SSL_kDHEPSK},
+    {0, SSL_TXT_kSRP, NULL, 0, SSL_kSRP},
+    {0, SSL_TXT_kGOST, NULL, 0, SSL_kGOST},
+
+    /* server authentication aliases */
+    {0, SSL_TXT_aRSA, NULL, 0, 0, SSL_aRSA},
+    {0, SSL_TXT_aDSS, NULL, 0, 0, SSL_aDSS},
+    {0, SSL_TXT_DSS, NULL, 0, 0, SSL_aDSS},
+    {0, SSL_TXT_aNULL, NULL, 0, 0, SSL_aNULL},
+    {0, SSL_TXT_aECDSA, NULL, 0, 0, SSL_aECDSA},
+    {0, SSL_TXT_ECDSA, NULL, 0, 0, SSL_aECDSA},
+    {0, SSL_TXT_aPSK, NULL, 0, 0, SSL_aPSK},
+    {0, SSL_TXT_aGOST01, NULL, 0, 0, SSL_aGOST01},
+    {0, SSL_TXT_aGOST12, NULL, 0, 0, SSL_aGOST12},
+    {0, SSL_TXT_aGOST, NULL, 0, 0, SSL_aGOST01 | SSL_aGOST12},
+    {0, SSL_TXT_aSRP, NULL, 0, 0, SSL_aSRP},
+
+    /* aliases combining key exchange and server authentication */
+    {0, SSL_TXT_EDH, NULL, 0, SSL_kDHE, ~SSL_aNULL},
+    {0, SSL_TXT_DHE, NULL, 0, SSL_kDHE, ~SSL_aNULL},
+    {0, SSL_TXT_EECDH, NULL, 0, SSL_kECDHE, ~SSL_aNULL},
+    {0, SSL_TXT_ECDHE, NULL, 0, SSL_kECDHE, ~SSL_aNULL},
+    {0, SSL_TXT_NULL, NULL, 0, 0, 0, SSL_eNULL},
+    {0, SSL_TXT_RSA, NULL, 0, SSL_kRSA, SSL_aRSA},
+    {0, SSL_TXT_ADH, NULL, 0, SSL_kDHE, SSL_aNULL},
+    {0, SSL_TXT_AECDH, NULL, 0, SSL_kECDHE, SSL_aNULL},
+    {0, SSL_TXT_PSK, NULL, 0, SSL_PSK},
+    {0, SSL_TXT_SRP, NULL, 0, SSL_kSRP},
+
+    /* symmetric encryption aliases */
+    {0, SSL_TXT_3DES, NULL, 0, 0, 0, SSL_3DES},
+    {0, SSL_TXT_RC4, NULL, 0, 0, 0, SSL_RC4},
+    {0, SSL_TXT_RC2, NULL, 0, 0, 0, SSL_RC2},
+    {0, SSL_TXT_IDEA, NULL, 0, 0, 0, SSL_IDEA},
+    {0, SSL_TXT_SEED, NULL, 0, 0, 0, SSL_SEED},
+    {0, SSL_TXT_eNULL, NULL, 0, 0, 0, SSL_eNULL},
+    {0, SSL_TXT_GOST, NULL, 0, 0, 0, SSL_eGOST2814789CNT | SSL_eGOST2814789CNT12},
+    {0, SSL_TXT_AES128, NULL, 0, 0, 0,
+     SSL_AES128 | SSL_AES128GCM | SSL_AES128CCM | SSL_AES128CCM8},
+    {0, SSL_TXT_AES256, NULL, 0, 0, 0,
+     SSL_AES256 | SSL_AES256GCM | SSL_AES256CCM | SSL_AES256CCM8},
+    {0, SSL_TXT_AES, NULL, 0, 0, 0, SSL_AES},
+    {0, SSL_TXT_AES_GCM, NULL, 0, 0, 0, SSL_AES128GCM | SSL_AES256GCM},
+    {0, SSL_TXT_AES_CCM, NULL, 0, 0, 0,
+     SSL_AES128CCM | SSL_AES256CCM | SSL_AES128CCM8 | SSL_AES256CCM8},
+    {0, SSL_TXT_AES_CCM_8, NULL, 0, 0, 0, SSL_AES128CCM8 | SSL_AES256CCM8},
+    {0, SSL_TXT_CAMELLIA128, NULL, 0, 0, 0, SSL_CAMELLIA128},
+    {0, SSL_TXT_CAMELLIA256, NULL, 0, 0, 0, SSL_CAMELLIA256},
+    {0, SSL_TXT_CAMELLIA, NULL, 0, 0, 0, SSL_CAMELLIA},
+    {0, SSL_TXT_CHACHA20, NULL, 0, 0, 0, SSL_CHACHA20},
+
+    {0, SSL_TXT_ARIA, NULL, 0, 0, 0, SSL_ARIA},
+    {0, SSL_TXT_ARIA_GCM, NULL, 0, 0, 0, SSL_ARIA128GCM | SSL_ARIA256GCM},
+    {0, SSL_TXT_ARIA128, NULL, 0, 0, 0, SSL_ARIA128GCM},
+    {0, SSL_TXT_ARIA256, NULL, 0, 0, 0, SSL_ARIA256GCM},
+
+    /* MAC aliases */
+    {0, SSL_TXT_MD5, NULL, 0, 0, 0, 0, SSL_MD5},
+    {0, SSL_TXT_SHA1, NULL, 0, 0, 0, 0, SSL_SHA1},
+    {0, SSL_TXT_SHA, NULL, 0, 0, 0, 0, SSL_SHA1},
+    {0, SSL_TXT_GOST94, NULL, 0, 0, 0, 0, SSL_GOST94},
+    {0, SSL_TXT_GOST89MAC, NULL, 0, 0, 0, 0, SSL_GOST89MAC | SSL_GOST89MAC12},
+    {0, SSL_TXT_SHA256, NULL, 0, 0, 0, 0, SSL_SHA256},
+    {0, SSL_TXT_SHA384, NULL, 0, 0, 0, 0, SSL_SHA384},
+    {0, SSL_TXT_GOST12, NULL, 0, 0, 0, 0, SSL_GOST12_256},
+
+    /* protocol version aliases */
+    {0, SSL_TXT_SSLV3, NULL, 0, 0, 0, 0, 0, SSL3_VERSION},
+    {0, SSL_TXT_TLSV1, NULL, 0, 0, 0, 0, 0, TLS1_VERSION},
+    {0, "TLSv1.0", NULL, 0, 0, 0, 0, 0, TLS1_VERSION},
+    {0, SSL_TXT_TLSV1_2, NULL, 0, 0, 0, 0, 0, TLS1_2_VERSION},
+
+    /* strength classes */
+    {0, SSL_TXT_LOW, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_LOW},
+    {0, SSL_TXT_MEDIUM, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_MEDIUM},
+    {0, SSL_TXT_HIGH, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_HIGH},
+    /* FIPS 140-2 approved ciphersuite */
+    {0, SSL_TXT_FIPS, NULL, 0, 0, 0, ~SSL_eNULL, 0, 0, 0, 0, 0, SSL_FIPS},
+
+    /* "EDH-" aliases to "DHE-" labels (for backward compatibility) */
+    {0, SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, NULL, 0,
+     SSL_kDHE, SSL_aDSS, SSL_3DES, SSL_SHA1, 0, 0, 0, 0, SSL_HIGH | SSL_FIPS},
+    {0, SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, NULL, 0,
+     SSL_kDHE, SSL_aRSA, SSL_3DES, SSL_SHA1, 0, 0, 0, 0, SSL_HIGH | SSL_FIPS},
+
+};
+
+/*
+ * Search for public key algorithm with given name and return its pkey_id if
+ * it is available. Otherwise return 0
+ */
+#ifdef OPENSSL_NO_ENGINE
+
+static int get_optional_pkey_id(const char *pkey_name)
+{
+    const EVP_PKEY_ASN1_METHOD *ameth;
+    int pkey_id = 0;
+    ameth = EVP_PKEY_asn1_find_str(NULL, pkey_name, -1);
+    if (ameth && EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL,
+                                         ameth) > 0)
+        return pkey_id;
+    return 0;
+}
+
+#else
+
+static int get_optional_pkey_id(const char *pkey_name)
+{
+    const EVP_PKEY_ASN1_METHOD *ameth;
+    ENGINE *tmpeng = NULL;
+    int pkey_id = 0;
+    ameth = EVP_PKEY_asn1_find_str(&tmpeng, pkey_name, -1);
+    if (ameth) {
+        if (EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL,
+                                    ameth) <= 0)
+            pkey_id = 0;
+    }
+    ENGINE_finish(tmpeng);
+    return pkey_id;
+}
+
+#endif
+
+/* masks of disabled algorithms */
+static uint32_t disabled_enc_mask;
+static uint32_t disabled_mac_mask;
+static uint32_t disabled_mkey_mask;
+static uint32_t disabled_auth_mask;
+
+int ssl_load_ciphers(void)
+{
+    size_t i;
+    const ssl_cipher_table *t;
+
+    disabled_enc_mask = 0;
+    ssl_sort_cipher_list();
+    for (i = 0, t = ssl_cipher_table_cipher; i < SSL_ENC_NUM_IDX; i++, t++) {
+        if (t->nid == NID_undef) {
+            ssl_cipher_methods[i] = NULL;
+        } else {
+            const EVP_CIPHER *cipher = EVP_get_cipherbynid(t->nid);
+            ssl_cipher_methods[i] = cipher;
+            if (cipher == NULL)
+                disabled_enc_mask |= t->mask;
+        }
+    }
+    disabled_mac_mask = 0;
+    for (i = 0, t = ssl_cipher_table_mac; i < SSL_MD_NUM_IDX; i++, t++) {
+        const EVP_MD *md = EVP_get_digestbynid(t->nid);
+        ssl_digest_methods[i] = md;
+        if (md == NULL) {
+            disabled_mac_mask |= t->mask;
+        } else {
+            int tmpsize = EVP_MD_size(md);
+            if (!ossl_assert(tmpsize >= 0))
+                return 0;
+            ssl_mac_secret_size[i] = tmpsize;
+        }
+    }
+    /* Make sure we can access MD5 and SHA1 */
+    if (!ossl_assert(ssl_digest_methods[SSL_MD_MD5_IDX] != NULL))
+        return 0;
+    if (!ossl_assert(ssl_digest_methods[SSL_MD_SHA1_IDX] != NULL))
+        return 0;
+
+    disabled_mkey_mask = 0;
+    disabled_auth_mask = 0;
+
+#ifdef OPENSSL_NO_RSA
+    disabled_mkey_mask |= SSL_kRSA | SSL_kRSAPSK;
+    disabled_auth_mask |= SSL_aRSA;
+#endif
+#ifdef OPENSSL_NO_DSA
+    disabled_auth_mask |= SSL_aDSS;
+#endif
+#ifdef OPENSSL_NO_DH
+    disabled_mkey_mask |= SSL_kDHE | SSL_kDHEPSK;
+#endif
+#ifdef OPENSSL_NO_EC
+    disabled_mkey_mask |= SSL_kECDHE | SSL_kECDHEPSK;
+    disabled_auth_mask |= SSL_aECDSA;
+#endif
+#ifdef OPENSSL_NO_PSK
+    disabled_mkey_mask |= SSL_PSK;
+    disabled_auth_mask |= SSL_aPSK;
+#endif
+#ifdef OPENSSL_NO_SRP
+    disabled_mkey_mask |= SSL_kSRP;
+#endif
+
+    /*
+     * Check for presence of GOST 34.10 algorithms, and if they are not
+     * present, disable appropriate auth and key exchange
+     */
+    ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac");
+    if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX])
+        ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX] = 32;
+    else
+        disabled_mac_mask |= SSL_GOST89MAC;
+
+    ssl_mac_pkey_id[SSL_MD_GOST89MAC12_IDX] =
+        get_optional_pkey_id("gost-mac-12");
+    if (ssl_mac_pkey_id[SSL_MD_GOST89MAC12_IDX])
+        ssl_mac_secret_size[SSL_MD_GOST89MAC12_IDX] = 32;
+    else
+        disabled_mac_mask |= SSL_GOST89MAC12;
+
+    if (!get_optional_pkey_id("gost2001"))
+        disabled_auth_mask |= SSL_aGOST01 | SSL_aGOST12;
+    if (!get_optional_pkey_id("gost2012_256"))
+        disabled_auth_mask |= SSL_aGOST12;
+    if (!get_optional_pkey_id("gost2012_512"))
+        disabled_auth_mask |= SSL_aGOST12;
+    /*
+     * Disable GOST key exchange if no GOST signature algs are available *
+     */
+    if ((disabled_auth_mask & (SSL_aGOST01 | SSL_aGOST12)) ==
+        (SSL_aGOST01 | SSL_aGOST12))
+        disabled_mkey_mask |= SSL_kGOST;
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_COMP
+
+static int sk_comp_cmp(const SSL_COMP *const *a, const SSL_COMP *const *b)
+{
+    return ((*a)->id - (*b)->id);
+}
+
+DEFINE_RUN_ONCE_STATIC(do_load_builtin_compressions)
+{
+    SSL_COMP *comp = NULL;
+    COMP_METHOD *method = COMP_zlib();
+
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+    ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp);
+
+    if (COMP_get_type(method) != NID_undef && ssl_comp_methods != NULL) {
+        comp = OPENSSL_malloc(sizeof(*comp));
+        if (comp != NULL) {
+            comp->method = method;
+            comp->id = SSL_COMP_ZLIB_IDX;
+            comp->name = COMP_get_name(method);
+            sk_SSL_COMP_push(ssl_comp_methods, comp);
+            sk_SSL_COMP_sort(ssl_comp_methods);
+        }
+    }
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+    return 1;
+}
+
+static int load_builtin_compressions(void)
+{
+    return RUN_ONCE(&ssl_load_builtin_comp_once, do_load_builtin_compressions);
+}
+#endif
+
+int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
+                       const EVP_MD **md, int *mac_pkey_type,
+                       size_t *mac_secret_size, SSL_COMP **comp, int use_etm)
+{
+    int i;
+    const SSL_CIPHER *c;
+
+    c = s->cipher;
+    if (c == NULL)
+        return 0;
+    if (comp != NULL) {
+        SSL_COMP ctmp;
+#ifndef OPENSSL_NO_COMP
+        if (!load_builtin_compressions()) {
+            /*
+             * Currently don't care, since a failure only means that
+             * ssl_comp_methods is NULL, which is perfectly OK
+             */
+        }
+#endif
+        *comp = NULL;
+        ctmp.id = s->compress_meth;
+        if (ssl_comp_methods != NULL) {
+            i = sk_SSL_COMP_find(ssl_comp_methods, &ctmp);
+            *comp = sk_SSL_COMP_value(ssl_comp_methods, i);
+        }
+        /* If were only interested in comp then return success */
+        if ((enc == NULL) && (md == NULL))
+            return 1;
+    }
+
+    if ((enc == NULL) || (md == NULL))
+        return 0;
+
+    i = ssl_cipher_info_lookup(ssl_cipher_table_cipher, c->algorithm_enc);
+
+    if (i == -1) {
+        *enc = NULL;
+    } else {
+        if (i == SSL_ENC_NULL_IDX)
+            *enc = EVP_enc_null();
+        else
+            *enc = ssl_cipher_methods[i];
+    }
+
+    i = ssl_cipher_info_lookup(ssl_cipher_table_mac, c->algorithm_mac);
+    if (i == -1) {
+        *md = NULL;
+        if (mac_pkey_type != NULL)
+            *mac_pkey_type = NID_undef;
+        if (mac_secret_size != NULL)
+            *mac_secret_size = 0;
+        if (c->algorithm_mac == SSL_AEAD)
+            mac_pkey_type = NULL;
+    } else {
+        *md = ssl_digest_methods[i];
+        if (mac_pkey_type != NULL)
+            *mac_pkey_type = ssl_mac_pkey_id[i];
+        if (mac_secret_size != NULL)
+            *mac_secret_size = ssl_mac_secret_size[i];
+    }
+
+    if ((*enc != NULL) &&
+        (*md != NULL || (EVP_CIPHER_flags(*enc) & EVP_CIPH_FLAG_AEAD_CIPHER))
+        && (!mac_pkey_type || *mac_pkey_type != NID_undef)) {
+        const EVP_CIPHER *evp;
+
+        if (use_etm)
+            return 1;
+
+        if (s->ssl_version >> 8 != TLS1_VERSION_MAJOR ||
+            s->ssl_version < TLS1_VERSION)
+            return 1;
+
+        if (c->algorithm_enc == SSL_RC4 &&
+            c->algorithm_mac == SSL_MD5 &&
+            (evp = EVP_get_cipherbyname("RC4-HMAC-MD5")))
+            *enc = evp, *md = NULL;
+        else if (c->algorithm_enc == SSL_AES128 &&
+                 c->algorithm_mac == SSL_SHA1 &&
+                 (evp = EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1")))
+            *enc = evp, *md = NULL;
+        else if (c->algorithm_enc == SSL_AES256 &&
+                 c->algorithm_mac == SSL_SHA1 &&
+                 (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1")))
+            *enc = evp, *md = NULL;
+        else if (c->algorithm_enc == SSL_AES128 &&
+                 c->algorithm_mac == SSL_SHA256 &&
+                 (evp = EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA256")))
+            *enc = evp, *md = NULL;
+        else if (c->algorithm_enc == SSL_AES256 &&
+                 c->algorithm_mac == SSL_SHA256 &&
+                 (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA256")))
+            *enc = evp, *md = NULL;
+        return 1;
+    } else {
+        return 0;
+    }
+}
+
+const EVP_MD *ssl_md(int idx)
+{
+    idx &= SSL_HANDSHAKE_MAC_MASK;
+    if (idx < 0 || idx >= SSL_MD_NUM_IDX)
+        return NULL;
+    return ssl_digest_methods[idx];
+}
+
+const EVP_MD *ssl_handshake_md(SSL *s)
+{
+    return ssl_md(ssl_get_algorithm2(s));
+}
+
+const EVP_MD *ssl_prf_md(SSL *s)
+{
+    return ssl_md(ssl_get_algorithm2(s) >> TLS1_PRF_DGST_SHIFT);
+}
+
+#define ITEM_SEP(a) \
+        (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ','))
+
+static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,
+                           CIPHER_ORDER **tail)
+{
+    if (curr == *tail)
+        return;
+    if (curr == *head)
+        *head = curr->next;
+    if (curr->prev != NULL)
+        curr->prev->next = curr->next;
+    if (curr->next != NULL)
+        curr->next->prev = curr->prev;
+    (*tail)->next = curr;
+    curr->prev = *tail;
+    curr->next = NULL;
+    *tail = curr;
+}
+
+static void ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr,
+                           CIPHER_ORDER **tail)
+{
+    if (curr == *head)
+        return;
+    if (curr == *tail)
+        *tail = curr->prev;
+    if (curr->next != NULL)
+        curr->next->prev = curr->prev;
+    if (curr->prev != NULL)
+        curr->prev->next = curr->next;
+    (*head)->prev = curr;
+    curr->next = *head;
+    curr->prev = NULL;
+    *head = curr;
+}
+
+static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
+                                       int num_of_ciphers,
+                                       uint32_t disabled_mkey,
+                                       uint32_t disabled_auth,
+                                       uint32_t disabled_enc,
+                                       uint32_t disabled_mac,
+                                       CIPHER_ORDER *co_list,
+                                       CIPHER_ORDER **head_p,
+                                       CIPHER_ORDER **tail_p)
+{
+    int i, co_list_num;
+    const SSL_CIPHER *c;
+
+    /*
+     * We have num_of_ciphers descriptions compiled in, depending on the
+     * method selected (SSLv3, TLSv1 etc).
+     * These will later be sorted in a linked list with at most num
+     * entries.
+     */
+
+    /* Get the initial list of ciphers */
+    co_list_num = 0;            /* actual count of ciphers */
+    for (i = 0; i < num_of_ciphers; i++) {
+        c = ssl_method->get_cipher(i);
+        /* drop those that use any of that is not available */
+        if (c == NULL || !c->valid)
+            continue;
+        if ((c->algorithm_mkey & disabled_mkey) ||
+            (c->algorithm_auth & disabled_auth) ||
+            (c->algorithm_enc & disabled_enc) ||
+            (c->algorithm_mac & disabled_mac))
+            continue;
+        if (((ssl_method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) == 0) &&
+            c->min_tls == 0)
+            continue;
+        if (((ssl_method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) != 0) &&
+            c->min_dtls == 0)
+            continue;
+
+        co_list[co_list_num].cipher = c;
+        co_list[co_list_num].next = NULL;
+        co_list[co_list_num].prev = NULL;
+        co_list[co_list_num].active = 0;
+        co_list_num++;
+    }
+
+    /*
+     * Prepare linked list from list entries
+     */
+    if (co_list_num > 0) {
+        co_list[0].prev = NULL;
+
+        if (co_list_num > 1) {
+            co_list[0].next = &co_list[1];
+
+            for (i = 1; i < co_list_num - 1; i++) {
+                co_list[i].prev = &co_list[i - 1];
+                co_list[i].next = &co_list[i + 1];
+            }
+
+            co_list[co_list_num - 1].prev = &co_list[co_list_num - 2];
+        }
+
+        co_list[co_list_num - 1].next = NULL;
+
+        *head_p = &co_list[0];
+        *tail_p = &co_list[co_list_num - 1];
+    }
+}
+
+static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list,
+                                       int num_of_group_aliases,
+                                       uint32_t disabled_mkey,
+                                       uint32_t disabled_auth,
+                                       uint32_t disabled_enc,
+                                       uint32_t disabled_mac,
+                                       CIPHER_ORDER *head)
+{
+    CIPHER_ORDER *ciph_curr;
+    const SSL_CIPHER **ca_curr;
+    int i;
+    uint32_t mask_mkey = ~disabled_mkey;
+    uint32_t mask_auth = ~disabled_auth;
+    uint32_t mask_enc = ~disabled_enc;
+    uint32_t mask_mac = ~disabled_mac;
+
+    /*
+     * First, add the real ciphers as already collected
+     */
+    ciph_curr = head;
+    ca_curr = ca_list;
+    while (ciph_curr != NULL) {
+        *ca_curr = ciph_curr->cipher;
+        ca_curr++;
+        ciph_curr = ciph_curr->next;
+    }
+
+    /*
+     * Now we add the available ones from the cipher_aliases[] table.
+     * They represent either one or more algorithms, some of which
+     * in any affected category must be supported (set in enabled_mask),
+     * or represent a cipher strength value (will be added in any case because algorithms=0).
+     */
+    for (i = 0; i < num_of_group_aliases; i++) {
+        uint32_t algorithm_mkey = cipher_aliases[i].algorithm_mkey;
+        uint32_t algorithm_auth = cipher_aliases[i].algorithm_auth;
+        uint32_t algorithm_enc = cipher_aliases[i].algorithm_enc;
+        uint32_t algorithm_mac = cipher_aliases[i].algorithm_mac;
+
+        if (algorithm_mkey)
+            if ((algorithm_mkey & mask_mkey) == 0)
+                continue;
+
+        if (algorithm_auth)
+            if ((algorithm_auth & mask_auth) == 0)
+                continue;
+
+        if (algorithm_enc)
+            if ((algorithm_enc & mask_enc) == 0)
+                continue;
+
+        if (algorithm_mac)
+            if ((algorithm_mac & mask_mac) == 0)
+                continue;
+
+        *ca_curr = (SSL_CIPHER *)(cipher_aliases + i);
+        ca_curr++;
+    }
+
+    *ca_curr = NULL;            /* end of list */
+}
+
+static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
+                                  uint32_t alg_auth, uint32_t alg_enc,
+                                  uint32_t alg_mac, int min_tls,
+                                  uint32_t algo_strength, int rule,
+                                  int32_t strength_bits, CIPHER_ORDER **head_p,
+                                  CIPHER_ORDER **tail_p)
+{
+    CIPHER_ORDER *head, *tail, *curr, *next, *last;
+    const SSL_CIPHER *cp;
+    int reverse = 0;
+
+#ifdef CIPHER_DEBUG
+    fprintf(stderr,
+            "Applying rule %d with %08x/%08x/%08x/%08x/%08x %08x (%d)\n",
+            rule, alg_mkey, alg_auth, alg_enc, alg_mac, min_tls,
+            algo_strength, strength_bits);
+#endif
+
+    if (rule == CIPHER_DEL || rule == CIPHER_BUMP)
+        reverse = 1;            /* needed to maintain sorting between currently
+                                 * deleted ciphers */
+
+    head = *head_p;
+    tail = *tail_p;
+
+    if (reverse) {
+        next = tail;
+        last = head;
+    } else {
+        next = head;
+        last = tail;
+    }
+
+    curr = NULL;
+    for (;;) {
+        if (curr == last)
+            break;
+
+        curr = next;
+
+        if (curr == NULL)
+            break;
+
+        next = reverse ? curr->prev : curr->next;
+
+        cp = curr->cipher;
+
+        /*
+         * Selection criteria is either the value of strength_bits
+         * or the algorithms used.
+         */
+        if (strength_bits >= 0) {
+            if (strength_bits != cp->strength_bits)
+                continue;
+        } else {
+#ifdef CIPHER_DEBUG
+            fprintf(stderr,
+                    "\nName: %s:\nAlgo = %08x/%08x/%08x/%08x/%08x Algo_strength = %08x\n",
+                    cp->name, cp->algorithm_mkey, cp->algorithm_auth,
+                    cp->algorithm_enc, cp->algorithm_mac, cp->min_tls,
+                    cp->algo_strength);
+#endif
+            if (cipher_id != 0 && (cipher_id != cp->id))
+                continue;
+            if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
+                continue;
+            if (alg_auth && !(alg_auth & cp->algorithm_auth))
+                continue;
+            if (alg_enc && !(alg_enc & cp->algorithm_enc))
+                continue;
+            if (alg_mac && !(alg_mac & cp->algorithm_mac))
+                continue;
+            if (min_tls && (min_tls != cp->min_tls))
+                continue;
+            if ((algo_strength & SSL_STRONG_MASK)
+                && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength))
+                continue;
+            if ((algo_strength & SSL_DEFAULT_MASK)
+                && !(algo_strength & SSL_DEFAULT_MASK & cp->algo_strength))
+                continue;
+        }
+
+#ifdef CIPHER_DEBUG
+        fprintf(stderr, "Action = %d\n", rule);
+#endif
+
+        /* add the cipher if it has not been added yet. */
+        if (rule == CIPHER_ADD) {
+            /* reverse == 0 */
+            if (!curr->active) {
+                ll_append_tail(&head, curr, &tail);
+                curr->active = 1;
+            }
+        }
+        /* Move the added cipher to this location */
+        else if (rule == CIPHER_ORD) {
+            /* reverse == 0 */
+            if (curr->active) {
+                ll_append_tail(&head, curr, &tail);
+            }
+        } else if (rule == CIPHER_DEL) {
+            /* reverse == 1 */
+            if (curr->active) {
+                /*
+                 * most recently deleted ciphersuites get best positions for
+                 * any future CIPHER_ADD (note that the CIPHER_DEL loop works
+                 * in reverse to maintain the order)
+                 */
+                ll_append_head(&head, curr, &tail);
+                curr->active = 0;
+            }
+        } else if (rule == CIPHER_BUMP) {
+            if (curr->active)
+                ll_append_head(&head, curr, &tail);
+        } else if (rule == CIPHER_KILL) {
+            /* reverse == 0 */
+            if (head == curr)
+                head = curr->next;
+            else
+                curr->prev->next = curr->next;
+            if (tail == curr)
+                tail = curr->prev;
+            curr->active = 0;
+            if (curr->next != NULL)
+                curr->next->prev = curr->prev;
+            if (curr->prev != NULL)
+                curr->prev->next = curr->next;
+            curr->next = NULL;
+            curr->prev = NULL;
+        }
+    }
+
+    *head_p = head;
+    *tail_p = tail;
+}
+
+static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
+                                    CIPHER_ORDER **tail_p)
+{
+    int32_t max_strength_bits;
+    int i, *number_uses;
+    CIPHER_ORDER *curr;
+
+    /*
+     * This routine sorts the ciphers with descending strength. The sorting
+     * must keep the pre-sorted sequence, so we apply the normal sorting
+     * routine as '+' movement to the end of the list.
+     */
+    max_strength_bits = 0;
+    curr = *head_p;
+    while (curr != NULL) {
+        if (curr->active && (curr->cipher->strength_bits > max_strength_bits))
+            max_strength_bits = curr->cipher->strength_bits;
+        curr = curr->next;
+    }
+
+    number_uses = OPENSSL_zalloc(sizeof(int) * (max_strength_bits + 1));
+    if (number_uses == NULL) {
+        SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    /*
+     * Now find the strength_bits values actually used
+     */
+    curr = *head_p;
+    while (curr != NULL) {
+        if (curr->active)
+            number_uses[curr->cipher->strength_bits]++;
+        curr = curr->next;
+    }
+    /*
+     * Go through the list of used strength_bits values in descending
+     * order.
+     */
+    for (i = max_strength_bits; i >= 0; i--)
+        if (number_uses[i] > 0)
+            ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, head_p,
+                                  tail_p);
+
+    OPENSSL_free(number_uses);
+    return 1;
+}
+
+static int ssl_cipher_process_rulestr(const char *rule_str,
+                                      CIPHER_ORDER **head_p,
+                                      CIPHER_ORDER **tail_p,
+                                      const SSL_CIPHER **ca_list, CERT *c)
+{
+    uint32_t alg_mkey, alg_auth, alg_enc, alg_mac, algo_strength;
+    int min_tls;
+    const char *l, *buf;
+    int j, multi, found, rule, retval, ok, buflen;
+    uint32_t cipher_id = 0;
+    char ch;
+
+    retval = 1;
+    l = rule_str;
+    for ( ; ; ) {
+        ch = *l;
+
+        if (ch == '\0')
+            break;              /* done */
+        if (ch == '-') {
+            rule = CIPHER_DEL;
+            l++;
+        } else if (ch == '+') {
+            rule = CIPHER_ORD;
+            l++;
+        } else if (ch == '!') {
+            rule = CIPHER_KILL;
+            l++;
+        } else if (ch == '@') {
+            rule = CIPHER_SPECIAL;
+            l++;
+        } else {
+            rule = CIPHER_ADD;
+        }
+
+        if (ITEM_SEP(ch)) {
+            l++;
+            continue;
+        }
+
+        alg_mkey = 0;
+        alg_auth = 0;
+        alg_enc = 0;
+        alg_mac = 0;
+        min_tls = 0;
+        algo_strength = 0;
+
+        for (;;) {
+            ch = *l;
+            buf = l;
+            buflen = 0;
+#ifndef CHARSET_EBCDIC
+            while (((ch >= 'A') && (ch <= 'Z')) ||
+                   ((ch >= '0') && (ch <= '9')) ||
+                   ((ch >= 'a') && (ch <= 'z')) ||
+                   (ch == '-') || (ch == '.') || (ch == '='))
+#else
+            while (isalnum((unsigned char)ch) || (ch == '-') || (ch == '.')
+                   || (ch == '='))
+#endif
+            {
+                ch = *(++l);
+                buflen++;
+            }
+
+            if (buflen == 0) {
+                /*
+                 * We hit something we cannot deal with,
+                 * it is no command or separator nor
+                 * alphanumeric, so we call this an error.
+                 */
+                SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, SSL_R_INVALID_COMMAND);
+                retval = found = 0;
+                l++;
+                break;
+            }
+
+            if (rule == CIPHER_SPECIAL) {
+                found = 0;      /* unused -- avoid compiler warning */
+                break;          /* special treatment */
+            }
+
+            /* check for multi-part specification */
+            if (ch == '+') {
+                multi = 1;
+                l++;
+            } else {
+                multi = 0;
+            }
+
+            /*
+             * Now search for the cipher alias in the ca_list. Be careful
+             * with the strncmp, because the "buflen" limitation
+             * will make the rule "ADH:SOME" and the cipher
+             * "ADH-MY-CIPHER" look like a match for buflen=3.
+             * So additionally check whether the cipher name found
+             * has the correct length. We can save a strlen() call:
+             * just checking for the '\0' at the right place is
+             * sufficient, we have to strncmp() anyway. (We cannot
+             * use strcmp(), because buf is not '\0' terminated.)
+             */
+            j = found = 0;
+            cipher_id = 0;
+            while (ca_list[j]) {
+                if (strncmp(buf, ca_list[j]->name, buflen) == 0
+                    && (ca_list[j]->name[buflen] == '\0')) {
+                    found = 1;
+                    break;
+                } else
+                    j++;
+            }
+
+            if (!found)
+                break;          /* ignore this entry */
+
+            if (ca_list[j]->algorithm_mkey) {
+                if (alg_mkey) {
+                    alg_mkey &= ca_list[j]->algorithm_mkey;
+                    if (!alg_mkey) {
+                        found = 0;
+                        break;
+                    }
+                } else {
+                    alg_mkey = ca_list[j]->algorithm_mkey;
+                }
+            }
+
+            if (ca_list[j]->algorithm_auth) {
+                if (alg_auth) {
+                    alg_auth &= ca_list[j]->algorithm_auth;
+                    if (!alg_auth) {
+                        found = 0;
+                        break;
+                    }
+                } else {
+                    alg_auth = ca_list[j]->algorithm_auth;
+                }
+            }
+
+            if (ca_list[j]->algorithm_enc) {
+                if (alg_enc) {
+                    alg_enc &= ca_list[j]->algorithm_enc;
+                    if (!alg_enc) {
+                        found = 0;
+                        break;
+                    }
+                } else {
+                    alg_enc = ca_list[j]->algorithm_enc;
+                }
+            }
+
+            if (ca_list[j]->algorithm_mac) {
+                if (alg_mac) {
+                    alg_mac &= ca_list[j]->algorithm_mac;
+                    if (!alg_mac) {
+                        found = 0;
+                        break;
+                    }
+                } else {
+                    alg_mac = ca_list[j]->algorithm_mac;
+                }
+            }
+
+            if (ca_list[j]->algo_strength & SSL_STRONG_MASK) {
+                if (algo_strength & SSL_STRONG_MASK) {
+                    algo_strength &=
+                        (ca_list[j]->algo_strength & SSL_STRONG_MASK) |
+                        ~SSL_STRONG_MASK;
+                    if (!(algo_strength & SSL_STRONG_MASK)) {
+                        found = 0;
+                        break;
+                    }
+                } else {
+                    algo_strength = ca_list[j]->algo_strength & SSL_STRONG_MASK;
+                }
+            }
+
+            if (ca_list[j]->algo_strength & SSL_DEFAULT_MASK) {
+                if (algo_strength & SSL_DEFAULT_MASK) {
+                    algo_strength &=
+                        (ca_list[j]->algo_strength & SSL_DEFAULT_MASK) |
+                        ~SSL_DEFAULT_MASK;
+                    if (!(algo_strength & SSL_DEFAULT_MASK)) {
+                        found = 0;
+                        break;
+                    }
+                } else {
+                    algo_strength |=
+                        ca_list[j]->algo_strength & SSL_DEFAULT_MASK;
+                }
+            }
+
+            if (ca_list[j]->valid) {
+                /*
+                 * explicit ciphersuite found; its protocol version does not
+                 * become part of the search pattern!
+                 */
+
+                cipher_id = ca_list[j]->id;
+            } else {
+                /*
+                 * not an explicit ciphersuite; only in this case, the
+                 * protocol version is considered part of the search pattern
+                 */
+
+                if (ca_list[j]->min_tls) {
+                    if (min_tls != 0 && min_tls != ca_list[j]->min_tls) {
+                        found = 0;
+                        break;
+                    } else {
+                        min_tls = ca_list[j]->min_tls;
+                    }
+                }
+            }
+
+            if (!multi)
+                break;
+        }
+
+        /*
+         * Ok, we have the rule, now apply it
+         */
+        if (rule == CIPHER_SPECIAL) { /* special command */
+            ok = 0;
+            if ((buflen == 8) && strncmp(buf, "STRENGTH", 8) == 0) {
+                ok = ssl_cipher_strength_sort(head_p, tail_p);
+            } else if (buflen == 10 && strncmp(buf, "SECLEVEL=", 9) == 0) {
+                int level = buf[9] - '0';
+                if (level < 0 || level > 5) {
+                    SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
+                           SSL_R_INVALID_COMMAND);
+                } else {
+                    c->sec_level = level;
+                    ok = 1;
+                }
+            } else {
+                SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, SSL_R_INVALID_COMMAND);
+            }
+            if (ok == 0)
+                retval = 0;
+            /*
+             * We do not support any "multi" options
+             * together with "@", so throw away the
+             * rest of the command, if any left, until
+             * end or ':' is found.
+             */
+            while ((*l != '\0') && !ITEM_SEP(*l))
+                l++;
+        } else if (found) {
+            ssl_cipher_apply_rule(cipher_id,
+                                  alg_mkey, alg_auth, alg_enc, alg_mac,
+                                  min_tls, algo_strength, rule, -1, head_p,
+                                  tail_p);
+        } else {
+            while ((*l != '\0') && !ITEM_SEP(*l))
+                l++;
+        }
+        if (*l == '\0')
+            break;              /* done */
+    }
+
+    return retval;
+}
+
+#ifndef OPENSSL_NO_EC
+static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
+                                    const char **prule_str)
+{
+    unsigned int suiteb_flags = 0, suiteb_comb2 = 0;
+    if (strncmp(*prule_str, "SUITEB128ONLY", 13) == 0) {
+        suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS_ONLY;
+    } else if (strncmp(*prule_str, "SUITEB128C2", 11) == 0) {
+        suiteb_comb2 = 1;
+        suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS;
+    } else if (strncmp(*prule_str, "SUITEB128", 9) == 0) {
+        suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS;
+    } else if (strncmp(*prule_str, "SUITEB192", 9) == 0) {
+        suiteb_flags = SSL_CERT_FLAG_SUITEB_192_LOS;
+    }
+
+    if (suiteb_flags) {
+        c->cert_flags &= ~SSL_CERT_FLAG_SUITEB_128_LOS;
+        c->cert_flags |= suiteb_flags;
+    } else {
+        suiteb_flags = c->cert_flags & SSL_CERT_FLAG_SUITEB_128_LOS;
+    }
+
+    if (!suiteb_flags)
+        return 1;
+    /* Check version: if TLS 1.2 ciphers allowed we can use Suite B */
+
+    if (!(meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS)) {
+        SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST,
+               SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE);
+        return 0;
+    }
+# ifndef OPENSSL_NO_EC
+    switch (suiteb_flags) {
+    case SSL_CERT_FLAG_SUITEB_128_LOS:
+        if (suiteb_comb2)
+            *prule_str = "ECDHE-ECDSA-AES256-GCM-SHA384";
+        else
+            *prule_str =
+                "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384";
+        break;
+    case SSL_CERT_FLAG_SUITEB_128_LOS_ONLY:
+        *prule_str = "ECDHE-ECDSA-AES128-GCM-SHA256";
+        break;
+    case SSL_CERT_FLAG_SUITEB_192_LOS:
+        *prule_str = "ECDHE-ECDSA-AES256-GCM-SHA384";
+        break;
+    }
+    return 1;
+# else
+    SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST, SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE);
+    return 0;
+# endif
+}
+#endif
+
+static int ciphersuite_cb(const char *elem, int len, void *arg)
+{
+    STACK_OF(SSL_CIPHER) *ciphersuites = (STACK_OF(SSL_CIPHER) *)arg;
+    const SSL_CIPHER *cipher;
+    /* Arbitrary sized temp buffer for the cipher name. Should be big enough */
+    char name[80];
+
+    if (len > (int)(sizeof(name) - 1)) {
+        SSLerr(SSL_F_CIPHERSUITE_CB, SSL_R_NO_CIPHER_MATCH);
+        return 0;
+    }
+
+    memcpy(name, elem, len);
+    name[len] = '\0';
+
+    cipher = ssl3_get_cipher_by_std_name(name);
+    if (cipher == NULL) {
+        SSLerr(SSL_F_CIPHERSUITE_CB, SSL_R_NO_CIPHER_MATCH);
+        return 0;
+    }
+
+    if (!sk_SSL_CIPHER_push(ciphersuites, cipher)) {
+        SSLerr(SSL_F_CIPHERSUITE_CB, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    return 1;
+}
+
+static __owur int set_ciphersuites(STACK_OF(SSL_CIPHER) **currciphers, const char *str)
+{
+    STACK_OF(SSL_CIPHER) *newciphers = sk_SSL_CIPHER_new_null();
+
+    if (newciphers == NULL)
+        return 0;
+
+    /* Parse the list. We explicitly allow an empty list */
+    if (*str != '\0'
+            && !CONF_parse_list(str, ':', 1, ciphersuite_cb, newciphers)) {
+        sk_SSL_CIPHER_free(newciphers);
+        return 0;
+    }
+    sk_SSL_CIPHER_free(*currciphers);
+    *currciphers = newciphers;
+
+    return 1;
+}
+
+static int update_cipher_list_by_id(STACK_OF(SSL_CIPHER) **cipher_list_by_id,
+                                    STACK_OF(SSL_CIPHER) *cipherstack)
+{
+    STACK_OF(SSL_CIPHER) *tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack);
+
+    if (tmp_cipher_list == NULL) {
+        return 0;
+    }
+
+    sk_SSL_CIPHER_free(*cipher_list_by_id);
+    *cipher_list_by_id = tmp_cipher_list;
+
+    (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id, ssl_cipher_ptr_id_cmp);
+    sk_SSL_CIPHER_sort(*cipher_list_by_id);
+
+    return 1;
+}
+
+static int update_cipher_list(STACK_OF(SSL_CIPHER) **cipher_list,
+                              STACK_OF(SSL_CIPHER) **cipher_list_by_id,
+                              STACK_OF(SSL_CIPHER) *tls13_ciphersuites)
+{
+    int i;
+    STACK_OF(SSL_CIPHER) *tmp_cipher_list = sk_SSL_CIPHER_dup(*cipher_list);
+
+    if (tmp_cipher_list == NULL)
+        return 0;
+
+    /*
+     * Delete any existing TLSv1.3 ciphersuites. These are always first in the
+     * list.
+     */
+    while (sk_SSL_CIPHER_num(tmp_cipher_list) > 0
+           && sk_SSL_CIPHER_value(tmp_cipher_list, 0)->min_tls
+              == TLS1_3_VERSION)
+        sk_SSL_CIPHER_delete(tmp_cipher_list, 0);
+
+    /* Insert the new TLSv1.3 ciphersuites */
+    for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++)
+        sk_SSL_CIPHER_insert(tmp_cipher_list,
+                             sk_SSL_CIPHER_value(tls13_ciphersuites, i), i);
+
+    if (!update_cipher_list_by_id(cipher_list_by_id, tmp_cipher_list))
+        return 0;
+
+    sk_SSL_CIPHER_free(*cipher_list);
+    *cipher_list = tmp_cipher_list;
+
+    return 1;
+}
+
+int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str)
+{
+    int ret = set_ciphersuites(&(ctx->tls13_ciphersuites), str);
+
+    if (ret && ctx->cipher_list != NULL) {
+        /* We already have a cipher_list, so we need to update it */
+        return update_cipher_list(&ctx->cipher_list, &ctx->cipher_list_by_id,
+                                  ctx->tls13_ciphersuites);
+    }
+
+    return ret;
+}
+
+int SSL_set_ciphersuites(SSL *s, const char *str)
+{
+    int ret = set_ciphersuites(&(s->tls13_ciphersuites), str);
+
+    if (ret && s->cipher_list != NULL) {
+        /* We already have a cipher_list, so we need to update it */
+        return update_cipher_list(&s->cipher_list, &s->cipher_list_by_id,
+                                  s->tls13_ciphersuites);
+    }
+
+    return ret;
+}
+
+STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
+                                             STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
+                                             STACK_OF(SSL_CIPHER) **cipher_list,
+                                             STACK_OF(SSL_CIPHER) **cipher_list_by_id,
+                                             const char *rule_str,
+                                             CERT *c)
+{
+    int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases, i;
+    uint32_t disabled_mkey, disabled_auth, disabled_enc, disabled_mac;
+    STACK_OF(SSL_CIPHER) *cipherstack;
+    const char *rule_p;
+    CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
+    const SSL_CIPHER **ca_list = NULL;
+
+    /*
+     * Return with error if nothing to do.
+     */
+    if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
+        return NULL;
+#ifndef OPENSSL_NO_EC
+    if (!check_suiteb_cipher_list(ssl_method, c, &rule_str))
+        return NULL;
+#endif
+
+    /*
+     * To reduce the work to do we only want to process the compiled
+     * in algorithms, so we first get the mask of disabled ciphers.
+     */
+
+    disabled_mkey = disabled_mkey_mask;
+    disabled_auth = disabled_auth_mask;
+    disabled_enc = disabled_enc_mask;
+    disabled_mac = disabled_mac_mask;
+
+    /*
+     * Now we have to collect the available ciphers from the compiled
+     * in ciphers. We cannot get more than the number compiled in, so
+     * it is used for allocation.
+     */
+    num_of_ciphers = ssl_method->num_ciphers();
+
+    co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers);
+    if (co_list == NULL) {
+        SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
+        return NULL;          /* Failure */
+    }
+
+    ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
+                               disabled_mkey, disabled_auth, disabled_enc,
+                               disabled_mac, co_list, &head, &tail);
+
+    /* Now arrange all ciphers by preference. */
+
+    /*
+     * Everything else being equal, prefer ephemeral ECDH over other key
+     * exchange mechanisms.
+     * For consistency, prefer ECDSA over RSA (though this only matters if the
+     * server has both certificates, and is using the DEFAULT, or a client
+     * preference).
+     */
+    ssl_cipher_apply_rule(0, SSL_kECDHE, SSL_aECDSA, 0, 0, 0, 0, CIPHER_ADD,
+                          -1, &head, &tail);
+    ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head,
+                          &tail);
+    ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head,
+                          &tail);
+
+    /* Within each strength group, we prefer GCM over CHACHA... */
+    ssl_cipher_apply_rule(0, 0, 0, SSL_AESGCM, 0, 0, 0, CIPHER_ADD, -1,
+                          &head, &tail);
+    ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20, 0, 0, 0, CIPHER_ADD, -1,
+                          &head, &tail);
+
+    /*
+     * ...and generally, our preferred cipher is AES.
+     * Note that AEADs will be bumped to take preference after sorting by
+     * strength.
+     */
+    ssl_cipher_apply_rule(0, 0, 0, SSL_AES ^ SSL_AESGCM, 0, 0, 0, CIPHER_ADD,
+                          -1, &head, &tail);
+
+    /* Temporarily enable everything else for sorting */
+    ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
+
+    /* Low priority for MD5 */
+    ssl_cipher_apply_rule(0, 0, 0, 0, SSL_MD5, 0, 0, CIPHER_ORD, -1, &head,
+                          &tail);
+
+    /*
+     * Move anonymous ciphers to the end.  Usually, these will remain
+     * disabled. (For applications that allow them, they aren't too bad, but
+     * we prefer authenticated ciphers.)
+     */
+    ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
+                          &tail);
+
+    ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
+                          &tail);
+    ssl_cipher_apply_rule(0, SSL_kPSK, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
+                          &tail);
+
+    /* RC4 is sort-of broken -- move to the end */
+    ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head,
+                          &tail);
+
+    /*
+     * Now sort by symmetric encryption strength.  The above ordering remains
+     * in force within each class
+     */
+    if (!ssl_cipher_strength_sort(&head, &tail)) {
+        OPENSSL_free(co_list);
+        return NULL;
+    }
+
+    /*
+     * Partially overrule strength sort to prefer TLS 1.2 ciphers/PRFs.
+     * TODO(openssl-team): is there an easier way to accomplish all this?
+     */
+    ssl_cipher_apply_rule(0, 0, 0, 0, 0, TLS1_2_VERSION, 0, CIPHER_BUMP, -1,
+                          &head, &tail);
+
+    /*
+     * Irrespective of strength, enforce the following order:
+     * (EC)DHE + AEAD > (EC)DHE > rest of AEAD > rest.
+     * Within each group, ciphers remain sorted by strength and previous
+     * preference, i.e.,
+     * 1) ECDHE > DHE
+     * 2) GCM > CHACHA
+     * 3) AES > rest
+     * 4) TLS 1.2 > legacy
+     *
+     * Because we now bump ciphers to the top of the list, we proceed in
+     * reverse order of preference.
+     */
+    ssl_cipher_apply_rule(0, 0, 0, 0, SSL_AEAD, 0, 0, CIPHER_BUMP, -1,
+                          &head, &tail);
+    ssl_cipher_apply_rule(0, SSL_kDHE | SSL_kECDHE, 0, 0, 0, 0, 0,
+                          CIPHER_BUMP, -1, &head, &tail);
+    ssl_cipher_apply_rule(0, SSL_kDHE | SSL_kECDHE, 0, 0, SSL_AEAD, 0, 0,
+                          CIPHER_BUMP, -1, &head, &tail);
+
+    /* Now disable everything (maintaining the ordering!) */
+    ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
+
+    /*
+     * We also need cipher aliases for selecting based on the rule_str.
+     * There might be two types of entries in the rule_str: 1) names
+     * of ciphers themselves 2) aliases for groups of ciphers.
+     * For 1) we need the available ciphers and for 2) the cipher
+     * groups of cipher_aliases added together in one list (otherwise
+     * we would be happy with just the cipher_aliases table).
+     */
+    num_of_group_aliases = OSSL_NELEM(cipher_aliases);
+    num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
+    ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max);
+    if (ca_list == NULL) {
+        OPENSSL_free(co_list);
+        SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
+        return NULL;          /* Failure */
+    }
+    ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
+                               disabled_mkey, disabled_auth, disabled_enc,
+                               disabled_mac, head);
+
+    /*
+     * If the rule_string begins with DEFAULT, apply the default rule
+     * before using the (possibly available) additional rules.
+     */
+    ok = 1;
+    rule_p = rule_str;
+    if (strncmp(rule_str, "DEFAULT", 7) == 0) {
+        ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
+                                        &head, &tail, ca_list, c);
+        rule_p += 7;
+        if (*rule_p == ':')
+            rule_p++;
+    }
+
+    if (ok && (strlen(rule_p) > 0))
+        ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list, c);
+
+    OPENSSL_free(ca_list);      /* Not needed anymore */
+
+    if (!ok) {                  /* Rule processing failure */
+        OPENSSL_free(co_list);
+        return NULL;
+    }
+
+    /*
+     * Allocate new "cipherstack" for the result, return with error
+     * if we cannot get one.
+     */
+    if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) {
+        OPENSSL_free(co_list);
+        return NULL;
+    }
+
+    /* Add TLSv1.3 ciphers first - we always prefer those if possible */
+    for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) {
+        if (!sk_SSL_CIPHER_push(cipherstack,
+                                sk_SSL_CIPHER_value(tls13_ciphersuites, i))) {
+            sk_SSL_CIPHER_free(cipherstack);
+            return NULL;
+        }
+    }
+
+    /*
+     * The cipher selection for the list is done. The ciphers are added
+     * to the resulting precedence to the STACK_OF(SSL_CIPHER).
+     */
+    for (curr = head; curr != NULL; curr = curr->next) {
+        if (curr->active) {
+            if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) {
+                OPENSSL_free(co_list);
+                sk_SSL_CIPHER_free(cipherstack);
+                return NULL;
+            }
+#ifdef CIPHER_DEBUG
+            fprintf(stderr, "<%s>\n", curr->cipher->name);
+#endif
+        }
+    }
+    OPENSSL_free(co_list);      /* Not needed any longer */
+
+    if (!update_cipher_list_by_id(cipher_list_by_id, cipherstack)) {
+        sk_SSL_CIPHER_free(cipherstack);
+        return NULL;
+    }
+    sk_SSL_CIPHER_free(*cipher_list);
+    *cipher_list = cipherstack;
+
+    return cipherstack;
+}
+
+char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
+{
+    const char *ver;
+    const char *kx, *au, *enc, *mac;
+    uint32_t alg_mkey, alg_auth, alg_enc, alg_mac;
+    static const char *format = "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s\n";
+
+    if (buf == NULL) {
+        len = 128;
+        if ((buf = OPENSSL_malloc(len)) == NULL) {
+            SSLerr(SSL_F_SSL_CIPHER_DESCRIPTION, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+    } else if (len < 128) {
+        return NULL;
+    }
+
+    alg_mkey = cipher->algorithm_mkey;
+    alg_auth = cipher->algorithm_auth;
+    alg_enc = cipher->algorithm_enc;
+    alg_mac = cipher->algorithm_mac;
+
+    ver = ssl_protocol_to_string(cipher->min_tls);
+
+    switch (alg_mkey) {
+    case SSL_kRSA:
+        kx = "RSA";
+        break;
+    case SSL_kDHE:
+        kx = "DH";
+        break;
+    case SSL_kECDHE:
+        kx = "ECDH";
+        break;
+    case SSL_kPSK:
+        kx = "PSK";
+        break;
+    case SSL_kRSAPSK:
+        kx = "RSAPSK";
+        break;
+    case SSL_kECDHEPSK:
+        kx = "ECDHEPSK";
+        break;
+    case SSL_kDHEPSK:
+        kx = "DHEPSK";
+        break;
+    case SSL_kSRP:
+        kx = "SRP";
+        break;
+    case SSL_kGOST:
+        kx = "GOST";
+        break;
+    case SSL_kANY:
+        kx = "any";
+        break;
+    default:
+        kx = "unknown";
+    }
+
+    switch (alg_auth) {
+    case SSL_aRSA:
+        au = "RSA";
+        break;
+    case SSL_aDSS:
+        au = "DSS";
+        break;
+    case SSL_aNULL:
+        au = "None";
+        break;
+    case SSL_aECDSA:
+        au = "ECDSA";
+        break;
+    case SSL_aPSK:
+        au = "PSK";
+        break;
+    case SSL_aSRP:
+        au = "SRP";
+        break;
+    case SSL_aGOST01:
+        au = "GOST01";
+        break;
+    /* New GOST ciphersuites have both SSL_aGOST12 and SSL_aGOST01 bits */
+    case (SSL_aGOST12 | SSL_aGOST01):
+        au = "GOST12";
+        break;
+    case SSL_aANY:
+        au = "any";
+        break;
+    default:
+        au = "unknown";
+        break;
+    }
+
+    switch (alg_enc) {
+    case SSL_DES:
+        enc = "DES(56)";
+        break;
+    case SSL_3DES:
+        enc = "3DES(168)";
+        break;
+    case SSL_RC4:
+        enc = "RC4(128)";
+        break;
+    case SSL_RC2:
+        enc = "RC2(128)";
+        break;
+    case SSL_IDEA:
+        enc = "IDEA(128)";
+        break;
+    case SSL_eNULL:
+        enc = "None";
+        break;
+    case SSL_AES128:
+        enc = "AES(128)";
+        break;
+    case SSL_AES256:
+        enc = "AES(256)";
+        break;
+    case SSL_AES128GCM:
+        enc = "AESGCM(128)";
+        break;
+    case SSL_AES256GCM:
+        enc = "AESGCM(256)";
+        break;
+    case SSL_AES128CCM:
+        enc = "AESCCM(128)";
+        break;
+    case SSL_AES256CCM:
+        enc = "AESCCM(256)";
+        break;
+    case SSL_AES128CCM8:
+        enc = "AESCCM8(128)";
+        break;
+    case SSL_AES256CCM8:
+        enc = "AESCCM8(256)";
+        break;
+    case SSL_CAMELLIA128:
+        enc = "Camellia(128)";
+        break;
+    case SSL_CAMELLIA256:
+        enc = "Camellia(256)";
+        break;
+    case SSL_ARIA128GCM:
+        enc = "ARIAGCM(128)";
+        break;
+    case SSL_ARIA256GCM:
+        enc = "ARIAGCM(256)";
+        break;
+    case SSL_SEED:
+        enc = "SEED(128)";
+        break;
+    case SSL_eGOST2814789CNT:
+    case SSL_eGOST2814789CNT12:
+        enc = "GOST89(256)";
+        break;
+    case SSL_CHACHA20POLY1305:
+        enc = "CHACHA20/POLY1305(256)";
+        break;
+    default:
+        enc = "unknown";
+        break;
+    }
+
+    switch (alg_mac) {
+    case SSL_MD5:
+        mac = "MD5";
+        break;
+    case SSL_SHA1:
+        mac = "SHA1";
+        break;
+    case SSL_SHA256:
+        mac = "SHA256";
+        break;
+    case SSL_SHA384:
+        mac = "SHA384";
+        break;
+    case SSL_AEAD:
+        mac = "AEAD";
+        break;
+    case SSL_GOST89MAC:
+    case SSL_GOST89MAC12:
+        mac = "GOST89";
+        break;
+    case SSL_GOST94:
+        mac = "GOST94";
+        break;
+    case SSL_GOST12_256:
+    case SSL_GOST12_512:
+        mac = "GOST2012";
+        break;
+    default:
+        mac = "unknown";
+        break;
+    }
+
+    BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac);
+
+    return buf;
+}
+
+const char *SSL_CIPHER_get_version(const SSL_CIPHER *c)
+{
+    if (c == NULL)
+        return "(NONE)";
+
+    /*
+     * Backwards-compatibility crutch.  In almost all contexts we report TLS
+     * 1.0 as "TLSv1", but for ciphers we report "TLSv1.0".
+     */
+    if (c->min_tls == TLS1_VERSION)
+        return "TLSv1.0";
+    return ssl_protocol_to_string(c->min_tls);
+}
+
+/* return the actual cipher being used */
+const char *SSL_CIPHER_get_name(const SSL_CIPHER *c)
+{
+    if (c != NULL)
+        return c->name;
+    return "(NONE)";
+}
+
+/* return the actual cipher being used in RFC standard name */
+const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c)
+{
+    if (c != NULL)
+        return c->stdname;
+    return "(NONE)";
+}
+
+/* return the OpenSSL name based on given RFC standard name */
+const char *OPENSSL_cipher_name(const char *stdname)
+{
+    const SSL_CIPHER *c;
+
+    if (stdname == NULL)
+        return "(NONE)";
+    c = ssl3_get_cipher_by_std_name(stdname);
+    return SSL_CIPHER_get_name(c);
+}
+
+/* number of bits for symmetric cipher */
+int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits)
+{
+    int ret = 0;
+
+    if (c != NULL) {
+        if (alg_bits != NULL)
+            *alg_bits = (int)c->alg_bits;
+        ret = (int)c->strength_bits;
+    }
+    return ret;
+}
+
+uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c)
+{
+    return c->id;
+}
+
+uint16_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c)
+{
+    return c->id & 0xFFFF;
+}
+
+SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
+{
+    SSL_COMP *ctmp;
+    int i, nn;
+
+    if ((n == 0) || (sk == NULL))
+        return NULL;
+    nn = sk_SSL_COMP_num(sk);
+    for (i = 0; i < nn; i++) {
+        ctmp = sk_SSL_COMP_value(sk, i);
+        if (ctmp->id == n)
+            return ctmp;
+    }
+    return NULL;
+}
+
+#ifdef OPENSSL_NO_COMP
+STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
+{
+    return NULL;
+}
+
+STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP)
+                                                      *meths)
+{
+    return meths;
+}
+
+int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
+{
+    return 1;
+}
+
+#else
+STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
+{
+    load_builtin_compressions();
+    return ssl_comp_methods;
+}
+
+STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP)
+                                                      *meths)
+{
+    STACK_OF(SSL_COMP) *old_meths = ssl_comp_methods;
+    ssl_comp_methods = meths;
+    return old_meths;
+}
+
+static void cmeth_free(SSL_COMP *cm)
+{
+    OPENSSL_free(cm);
+}
+
+void ssl_comp_free_compression_methods_int(void)
+{
+    STACK_OF(SSL_COMP) *old_meths = ssl_comp_methods;
+    ssl_comp_methods = NULL;
+    sk_SSL_COMP_pop_free(old_meths, cmeth_free);
+}
+
+int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
+{
+    SSL_COMP *comp;
+
+    if (cm == NULL || COMP_get_type(cm) == NID_undef)
+        return 1;
+
+    /*-
+     * According to draft-ietf-tls-compression-04.txt, the
+     * compression number ranges should be the following:
+     *
+     *   0 to  63:  methods defined by the IETF
+     *  64 to 192:  external party methods assigned by IANA
+     * 193 to 255:  reserved for private use
+     */
+    if (id < 193 || id > 255) {
+        SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,
+               SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE);
+        return 1;
+    }
+
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+    comp = OPENSSL_malloc(sizeof(*comp));
+    if (comp == NULL) {
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+        SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE);
+        return 1;
+    }
+
+    comp->id = id;
+    comp->method = cm;
+    load_builtin_compressions();
+    if (ssl_comp_methods && sk_SSL_COMP_find(ssl_comp_methods, comp) >= 0) {
+        OPENSSL_free(comp);
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+        SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,
+               SSL_R_DUPLICATE_COMPRESSION_ID);
+        return 1;
+    }
+    if (ssl_comp_methods == NULL || !sk_SSL_COMP_push(ssl_comp_methods, comp)) {
+        OPENSSL_free(comp);
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+        SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE);
+        return 1;
+    }
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+    return 0;
+}
+#endif
+
+const char *SSL_COMP_get_name(const COMP_METHOD *comp)
+{
+#ifndef OPENSSL_NO_COMP
+    return comp ? COMP_get_name(comp) : NULL;
+#else
+    return NULL;
+#endif
+}
+
+const char *SSL_COMP_get0_name(const SSL_COMP *comp)
+{
+#ifndef OPENSSL_NO_COMP
+    return comp->name;
+#else
+    return NULL;
+#endif
+}
+
+int SSL_COMP_get_id(const SSL_COMP *comp)
+{
+#ifndef OPENSSL_NO_COMP
+    return comp->id;
+#else
+    return -1;
+#endif
+}
+
+const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, const unsigned char *ptr,
+                                         int all)
+{
+    const SSL_CIPHER *c = ssl->method->get_cipher_by_char(ptr);
+
+    if (c == NULL || (!all && c->valid == 0))
+        return NULL;
+    return c;
+}
+
+const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr)
+{
+    return ssl->method->get_cipher_by_char(ptr);
+}
+
+int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c)
+{
+    int i;
+    if (c == NULL)
+        return NID_undef;
+    i = ssl_cipher_info_lookup(ssl_cipher_table_cipher, c->algorithm_enc);
+    if (i == -1)
+        return NID_undef;
+    return ssl_cipher_table_cipher[i].nid;
+}
+
+int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c)
+{
+    int i = ssl_cipher_info_lookup(ssl_cipher_table_mac, c->algorithm_mac);
+
+    if (i == -1)
+        return NID_undef;
+    return ssl_cipher_table_mac[i].nid;
+}
+
+int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c)
+{
+    int i = ssl_cipher_info_lookup(ssl_cipher_table_kx, c->algorithm_mkey);
+
+    if (i == -1)
+        return NID_undef;
+    return ssl_cipher_table_kx[i].nid;
+}
+
+int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c)
+{
+    int i = ssl_cipher_info_lookup(ssl_cipher_table_auth, c->algorithm_auth);
+
+    if (i == -1)
+        return NID_undef;
+    return ssl_cipher_table_auth[i].nid;
+}
+
+const EVP_MD *SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c)
+{
+    int idx = c->algorithm2 & SSL_HANDSHAKE_MAC_MASK;
+
+    if (idx < 0 || idx >= SSL_MD_NUM_IDX)
+        return NULL;
+    return ssl_digest_methods[idx];
+}
+
+int SSL_CIPHER_is_aead(const SSL_CIPHER *c)
+{
+    return (c->algorithm_mac & SSL_AEAD) ? 1 : 0;
+}
+
+int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead,
+                            size_t *int_overhead, size_t *blocksize,
+                            size_t *ext_overhead)
+{
+    size_t mac = 0, in = 0, blk = 0, out = 0;
+
+    /* Some hard-coded numbers for the CCM/Poly1305 MAC overhead
+     * because there are no handy #defines for those. */
+    if (c->algorithm_enc & (SSL_AESGCM | SSL_ARIAGCM)) {
+        out = EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
+    } else if (c->algorithm_enc & (SSL_AES128CCM | SSL_AES256CCM)) {
+        out = EVP_CCM_TLS_EXPLICIT_IV_LEN + 16;
+    } else if (c->algorithm_enc & (SSL_AES128CCM8 | SSL_AES256CCM8)) {
+        out = EVP_CCM_TLS_EXPLICIT_IV_LEN + 8;
+    } else if (c->algorithm_enc & SSL_CHACHA20POLY1305) {
+        out = 16;
+    } else if (c->algorithm_mac & SSL_AEAD) {
+        /* We're supposed to have handled all the AEAD modes above */
+        return 0;
+    } else {
+        /* Non-AEAD modes. Calculate MAC/cipher overhead separately */
+        int digest_nid = SSL_CIPHER_get_digest_nid(c);
+        const EVP_MD *e_md = EVP_get_digestbynid(digest_nid);
+
+        if (e_md == NULL)
+            return 0;
+
+        mac = EVP_MD_size(e_md);
+        if (c->algorithm_enc != SSL_eNULL) {
+            int cipher_nid = SSL_CIPHER_get_cipher_nid(c);
+            const EVP_CIPHER *e_ciph = EVP_get_cipherbynid(cipher_nid);
+
+            /* If it wasn't AEAD or SSL_eNULL, we expect it to be a
+               known CBC cipher. */
+            if (e_ciph == NULL ||
+                EVP_CIPHER_mode(e_ciph) != EVP_CIPH_CBC_MODE)
+                return 0;
+
+            in = 1; /* padding length byte */
+            out = EVP_CIPHER_iv_length(e_ciph);
+            blk = EVP_CIPHER_block_size(e_ciph);
+        }
+    }
+
+    *mac_overhead = mac;
+    *int_overhead = in;
+    *blocksize = blk;
+    *ext_overhead = out;
+
+    return 1;
+}
+
+int ssl_cert_is_disabled(size_t idx)
+{
+    const SSL_CERT_LOOKUP *cl = ssl_cert_lookup_by_idx(idx);
+
+    if (cl == NULL || (cl->amask & disabled_auth_mask) != 0)
+        return 1;
+    return 0;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_conf.c b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_conf.c
new file mode 100644
index 000000000..9c202708d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_conf.c
@@ -0,0 +1,993 @@
+/*
+ * Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "ssl_locl.h"
+#include <openssl/conf.h>
+#include <openssl/objects.h>
+#include <openssl/dh.h>
+#include "internal/nelem.h"
+
+/*
+ * structure holding name tables. This is used for permitted elements in lists
+ * such as TLSv1.
+ */
+
+typedef struct {
+    const char *name;
+    int namelen;
+    unsigned int name_flags;
+    unsigned long option_value;
+} ssl_flag_tbl;
+
+/* Switch table: use for single command line switches like no_tls2 */
+typedef struct {
+    unsigned long option_value;
+    unsigned int name_flags;
+} ssl_switch_tbl;
+
+/* Sense of name is inverted e.g. "TLSv1" will clear SSL_OP_NO_TLSv1 */
+#define SSL_TFLAG_INV   0x1
+/* Mask for type of flag referred to */
+#define SSL_TFLAG_TYPE_MASK 0xf00
+/* Flag is for options */
+#define SSL_TFLAG_OPTION    0x000
+/* Flag is for cert_flags */
+#define SSL_TFLAG_CERT      0x100
+/* Flag is for verify mode */
+#define SSL_TFLAG_VFY       0x200
+/* Option can only be used for clients */
+#define SSL_TFLAG_CLIENT SSL_CONF_FLAG_CLIENT
+/* Option can only be used for servers */
+#define SSL_TFLAG_SERVER SSL_CONF_FLAG_SERVER
+#define SSL_TFLAG_BOTH (SSL_TFLAG_CLIENT|SSL_TFLAG_SERVER)
+
+#define SSL_FLAG_TBL(str, flag) \
+        {str, (int)(sizeof(str) - 1), SSL_TFLAG_BOTH, flag}
+#define SSL_FLAG_TBL_SRV(str, flag) \
+        {str, (int)(sizeof(str) - 1), SSL_TFLAG_SERVER, flag}
+#define SSL_FLAG_TBL_CLI(str, flag) \
+        {str, (int)(sizeof(str) - 1), SSL_TFLAG_CLIENT, flag}
+#define SSL_FLAG_TBL_INV(str, flag) \
+        {str, (int)(sizeof(str) - 1), SSL_TFLAG_INV|SSL_TFLAG_BOTH, flag}
+#define SSL_FLAG_TBL_SRV_INV(str, flag) \
+        {str, (int)(sizeof(str) - 1), SSL_TFLAG_INV|SSL_TFLAG_SERVER, flag}
+#define SSL_FLAG_TBL_CERT(str, flag) \
+        {str, (int)(sizeof(str) - 1), SSL_TFLAG_CERT|SSL_TFLAG_BOTH, flag}
+
+#define SSL_FLAG_VFY_CLI(str, flag) \
+        {str, (int)(sizeof(str) - 1), SSL_TFLAG_VFY | SSL_TFLAG_CLIENT, flag}
+#define SSL_FLAG_VFY_SRV(str, flag) \
+        {str, (int)(sizeof(str) - 1), SSL_TFLAG_VFY | SSL_TFLAG_SERVER, flag}
+
+/*
+ * Opaque structure containing SSL configuration context.
+ */
+
+struct ssl_conf_ctx_st {
+    /*
+     * Various flags indicating (among other things) which options we will
+     * recognise.
+     */
+    unsigned int flags;
+    /* Prefix and length of commands */
+    char *prefix;
+    size_t prefixlen;
+    /* SSL_CTX or SSL structure to perform operations on */
+    SSL_CTX *ctx;
+    SSL *ssl;
+    /* Pointer to SSL or SSL_CTX options field or NULL if none */
+    uint32_t *poptions;
+    /* Certificate filenames for each type */
+    char *cert_filename[SSL_PKEY_NUM];
+    /* Pointer to SSL or SSL_CTX cert_flags or NULL if none */
+    uint32_t *pcert_flags;
+    /* Pointer to SSL or SSL_CTX verify_mode or NULL if none */
+    uint32_t *pvfy_flags;
+    /* Pointer to SSL or SSL_CTX min_version field or NULL if none */
+    int *min_version;
+    /* Pointer to SSL or SSL_CTX max_version field or NULL if none */
+    int *max_version;
+    /* Current flag table being worked on */
+    const ssl_flag_tbl *tbl;
+    /* Size of table */
+    size_t ntbl;
+    /* Client CA names */
+    STACK_OF(X509_NAME) *canames;
+};
+
+static void ssl_set_option(SSL_CONF_CTX *cctx, unsigned int name_flags,
+                           unsigned long option_value, int onoff)
+{
+    uint32_t *pflags;
+    if (cctx->poptions == NULL)
+        return;
+    if (name_flags & SSL_TFLAG_INV)
+        onoff ^= 1;
+    switch (name_flags & SSL_TFLAG_TYPE_MASK) {
+
+    case SSL_TFLAG_CERT:
+        pflags = cctx->pcert_flags;
+        break;
+
+    case SSL_TFLAG_VFY:
+        pflags = cctx->pvfy_flags;
+        break;
+
+    case SSL_TFLAG_OPTION:
+        pflags = cctx->poptions;
+        break;
+
+    default:
+        return;
+
+    }
+    if (onoff)
+        *pflags |= option_value;
+    else
+        *pflags &= ~option_value;
+}
+
+static int ssl_match_option(SSL_CONF_CTX *cctx, const ssl_flag_tbl *tbl,
+                            const char *name, int namelen, int onoff)
+{
+    /* If name not relevant for context skip */
+    if (!(cctx->flags & tbl->name_flags & SSL_TFLAG_BOTH))
+        return 0;
+    if (namelen == -1) {
+        if (strcmp(tbl->name, name))
+            return 0;
+    } else if (tbl->namelen != namelen || strncasecmp(tbl->name, name, namelen))
+        return 0;
+    ssl_set_option(cctx, tbl->name_flags, tbl->option_value, onoff);
+    return 1;
+}
+
+static int ssl_set_option_list(const char *elem, int len, void *usr)
+{
+    SSL_CONF_CTX *cctx = usr;
+    size_t i;
+    const ssl_flag_tbl *tbl;
+    int onoff = 1;
+    /*
+     * len == -1 indicates not being called in list context, just for single
+     * command line switches, so don't allow +, -.
+     */
+    if (elem == NULL)
+        return 0;
+    if (len != -1) {
+        if (*elem == '+') {
+            elem++;
+            len--;
+            onoff = 1;
+        } else if (*elem == '-') {
+            elem++;
+            len--;
+            onoff = 0;
+        }
+    }
+    for (i = 0, tbl = cctx->tbl; i < cctx->ntbl; i++, tbl++) {
+        if (ssl_match_option(cctx, tbl, elem, len, onoff))
+            return 1;
+    }
+    return 0;
+}
+
+/* Set supported signature algorithms */
+static int cmd_SignatureAlgorithms(SSL_CONF_CTX *cctx, const char *value)
+{
+    int rv;
+    if (cctx->ssl)
+        rv = SSL_set1_sigalgs_list(cctx->ssl, value);
+    /* NB: ctx == NULL performs syntax checking only */
+    else
+        rv = SSL_CTX_set1_sigalgs_list(cctx->ctx, value);
+    return rv > 0;
+}
+
+/* Set supported client signature algorithms */
+static int cmd_ClientSignatureAlgorithms(SSL_CONF_CTX *cctx, const char *value)
+{
+    int rv;
+    if (cctx->ssl)
+        rv = SSL_set1_client_sigalgs_list(cctx->ssl, value);
+    /* NB: ctx == NULL performs syntax checking only */
+    else
+        rv = SSL_CTX_set1_client_sigalgs_list(cctx->ctx, value);
+    return rv > 0;
+}
+
+static int cmd_Groups(SSL_CONF_CTX *cctx, const char *value)
+{
+    int rv;
+    if (cctx->ssl)
+        rv = SSL_set1_groups_list(cctx->ssl, value);
+    /* NB: ctx == NULL performs syntax checking only */
+    else
+        rv = SSL_CTX_set1_groups_list(cctx->ctx, value);
+    return rv > 0;
+}
+
+/* This is the old name for cmd_Groups - retained for backwards compatibility */
+static int cmd_Curves(SSL_CONF_CTX *cctx, const char *value)
+{
+    return cmd_Groups(cctx, value);
+}
+
+#ifndef OPENSSL_NO_EC
+/* ECDH temporary parameters */
+static int cmd_ECDHParameters(SSL_CONF_CTX *cctx, const char *value)
+{
+    int rv = 1;
+    EC_KEY *ecdh;
+    int nid;
+
+    /* Ignore values supported by 1.0.2 for the automatic selection */
+    if ((cctx->flags & SSL_CONF_FLAG_FILE)
+            && (strcasecmp(value, "+automatic") == 0
+                || strcasecmp(value, "automatic") == 0))
+        return 1;
+    if ((cctx->flags & SSL_CONF_FLAG_CMDLINE) &&
+        strcmp(value, "auto") == 0)
+        return 1;
+
+    nid = EC_curve_nist2nid(value);
+    if (nid == NID_undef)
+        nid = OBJ_sn2nid(value);
+    if (nid == 0)
+        return 0;
+    ecdh = EC_KEY_new_by_curve_name(nid);
+    if (!ecdh)
+        return 0;
+    if (cctx->ctx)
+        rv = SSL_CTX_set_tmp_ecdh(cctx->ctx, ecdh);
+    else if (cctx->ssl)
+        rv = SSL_set_tmp_ecdh(cctx->ssl, ecdh);
+    EC_KEY_free(ecdh);
+
+    return rv > 0;
+}
+#endif
+static int cmd_CipherString(SSL_CONF_CTX *cctx, const char *value)
+{
+    int rv = 1;
+
+    if (cctx->ctx)
+        rv = SSL_CTX_set_cipher_list(cctx->ctx, value);
+    if (cctx->ssl)
+        rv = SSL_set_cipher_list(cctx->ssl, value);
+    return rv > 0;
+}
+
+static int cmd_Ciphersuites(SSL_CONF_CTX *cctx, const char *value)
+{
+    int rv = 1;
+
+    if (cctx->ctx)
+        rv = SSL_CTX_set_ciphersuites(cctx->ctx, value);
+    if (cctx->ssl)
+        rv = SSL_set_ciphersuites(cctx->ssl, value);
+    return rv > 0;
+}
+
+static int cmd_Protocol(SSL_CONF_CTX *cctx, const char *value)
+{
+    static const ssl_flag_tbl ssl_protocol_list[] = {
+        SSL_FLAG_TBL_INV("ALL", SSL_OP_NO_SSL_MASK),
+        SSL_FLAG_TBL_INV("SSLv2", SSL_OP_NO_SSLv2),
+        SSL_FLAG_TBL_INV("SSLv3", SSL_OP_NO_SSLv3),
+        SSL_FLAG_TBL_INV("TLSv1", SSL_OP_NO_TLSv1),
+        SSL_FLAG_TBL_INV("TLSv1.1", SSL_OP_NO_TLSv1_1),
+        SSL_FLAG_TBL_INV("TLSv1.2", SSL_OP_NO_TLSv1_2),
+        SSL_FLAG_TBL_INV("TLSv1.3", SSL_OP_NO_TLSv1_3),
+        SSL_FLAG_TBL_INV("DTLSv1", SSL_OP_NO_DTLSv1),
+        SSL_FLAG_TBL_INV("DTLSv1.2", SSL_OP_NO_DTLSv1_2)
+    };
+    cctx->tbl = ssl_protocol_list;
+    cctx->ntbl = OSSL_NELEM(ssl_protocol_list);
+    return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx);
+}
+
+/*
+ * protocol_from_string - converts a protocol version string to a number
+ *
+ * Returns -1 on failure or the version on success
+ */
+static int protocol_from_string(const char *value)
+{
+    struct protocol_versions {
+        const char *name;
+        int version;
+    };
+    static const struct protocol_versions versions[] = {
+        {"None", 0},
+        {"SSLv3", SSL3_VERSION},
+        {"TLSv1", TLS1_VERSION},
+        {"TLSv1.1", TLS1_1_VERSION},
+        {"TLSv1.2", TLS1_2_VERSION},
+        {"TLSv1.3", TLS1_3_VERSION},
+        {"DTLSv1", DTLS1_VERSION},
+        {"DTLSv1.2", DTLS1_2_VERSION}
+    };
+    size_t i;
+    size_t n = OSSL_NELEM(versions);
+
+    for (i = 0; i < n; i++)
+        if (strcmp(versions[i].name, value) == 0)
+            return versions[i].version;
+    return -1;
+}
+
+static int min_max_proto(SSL_CONF_CTX *cctx, const char *value, int *bound)
+{
+    int method_version;
+    int new_version;
+
+    if (cctx->ctx != NULL)
+        method_version = cctx->ctx->method->version;
+    else if (cctx->ssl != NULL)
+        method_version = cctx->ssl->ctx->method->version;
+    else
+        return 0;
+    if ((new_version = protocol_from_string(value)) < 0)
+        return 0;
+    return ssl_set_version_bound(method_version, new_version, bound);
+}
+
+/*
+ * cmd_MinProtocol - Set min protocol version
+ * @cctx: config structure to save settings in
+ * @value: The min protocol version in string form
+ *
+ * Returns 1 on success and 0 on failure.
+ */
+static int cmd_MinProtocol(SSL_CONF_CTX *cctx, const char *value)
+{
+    return min_max_proto(cctx, value, cctx->min_version);
+}
+
+/*
+ * cmd_MaxProtocol - Set max protocol version
+ * @cctx: config structure to save settings in
+ * @value: The max protocol version in string form
+ *
+ * Returns 1 on success and 0 on failure.
+ */
+static int cmd_MaxProtocol(SSL_CONF_CTX *cctx, const char *value)
+{
+    return min_max_proto(cctx, value, cctx->max_version);
+}
+
+static int cmd_Options(SSL_CONF_CTX *cctx, const char *value)
+{
+    static const ssl_flag_tbl ssl_option_list[] = {
+        SSL_FLAG_TBL_INV("SessionTicket", SSL_OP_NO_TICKET),
+        SSL_FLAG_TBL_INV("EmptyFragments",
+                         SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS),
+        SSL_FLAG_TBL("Bugs", SSL_OP_ALL),
+        SSL_FLAG_TBL_INV("Compression", SSL_OP_NO_COMPRESSION),
+        SSL_FLAG_TBL_SRV("ServerPreference", SSL_OP_CIPHER_SERVER_PREFERENCE),
+        SSL_FLAG_TBL_SRV("NoResumptionOnRenegotiation",
+                         SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION),
+        SSL_FLAG_TBL_SRV("DHSingle", SSL_OP_SINGLE_DH_USE),
+        SSL_FLAG_TBL_SRV("ECDHSingle", SSL_OP_SINGLE_ECDH_USE),
+        SSL_FLAG_TBL("UnsafeLegacyRenegotiation",
+                     SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION),
+        SSL_FLAG_TBL_INV("EncryptThenMac", SSL_OP_NO_ENCRYPT_THEN_MAC),
+        SSL_FLAG_TBL("NoRenegotiation", SSL_OP_NO_RENEGOTIATION),
+        SSL_FLAG_TBL("AllowNoDHEKEX", SSL_OP_ALLOW_NO_DHE_KEX),
+        SSL_FLAG_TBL("PrioritizeChaCha", SSL_OP_PRIORITIZE_CHACHA),
+        SSL_FLAG_TBL("MiddleboxCompat", SSL_OP_ENABLE_MIDDLEBOX_COMPAT),
+        SSL_FLAG_TBL_INV("AntiReplay", SSL_OP_NO_ANTI_REPLAY)
+    };
+    if (value == NULL)
+        return -3;
+    cctx->tbl = ssl_option_list;
+    cctx->ntbl = OSSL_NELEM(ssl_option_list);
+    return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx);
+}
+
+static int cmd_VerifyMode(SSL_CONF_CTX *cctx, const char *value)
+{
+    static const ssl_flag_tbl ssl_vfy_list[] = {
+        SSL_FLAG_VFY_CLI("Peer", SSL_VERIFY_PEER),
+        SSL_FLAG_VFY_SRV("Request", SSL_VERIFY_PEER),
+        SSL_FLAG_VFY_SRV("Require",
+                         SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT),
+        SSL_FLAG_VFY_SRV("Once", SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE),
+        SSL_FLAG_VFY_SRV("RequestPostHandshake",
+                         SSL_VERIFY_PEER | SSL_VERIFY_POST_HANDSHAKE),
+        SSL_FLAG_VFY_SRV("RequirePostHandshake",
+                         SSL_VERIFY_PEER | SSL_VERIFY_POST_HANDSHAKE |
+                         SSL_VERIFY_FAIL_IF_NO_PEER_CERT),
+    };
+    if (value == NULL)
+        return -3;
+    cctx->tbl = ssl_vfy_list;
+    cctx->ntbl = OSSL_NELEM(ssl_vfy_list);
+    return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx);
+}
+
+static int cmd_Certificate(SSL_CONF_CTX *cctx, const char *value)
+{
+    int rv = 1;
+    CERT *c = NULL;
+    if (cctx->ctx) {
+        rv = SSL_CTX_use_certificate_chain_file(cctx->ctx, value);
+        c = cctx->ctx->cert;
+    }
+    if (cctx->ssl) {
+        rv = SSL_use_certificate_chain_file(cctx->ssl, value);
+        c = cctx->ssl->cert;
+    }
+    if (rv > 0 && c && cctx->flags & SSL_CONF_FLAG_REQUIRE_PRIVATE) {
+        char **pfilename = &cctx->cert_filename[c->key - c->pkeys];
+        OPENSSL_free(*pfilename);
+        *pfilename = OPENSSL_strdup(value);
+        if (!*pfilename)
+            rv = 0;
+    }
+
+    return rv > 0;
+}
+
+static int cmd_PrivateKey(SSL_CONF_CTX *cctx, const char *value)
+{
+    int rv = 1;
+    if (!(cctx->flags & SSL_CONF_FLAG_CERTIFICATE))
+        return -2;
+    if (cctx->ctx)
+        rv = SSL_CTX_use_PrivateKey_file(cctx->ctx, value, SSL_FILETYPE_PEM);
+    if (cctx->ssl)
+        rv = SSL_use_PrivateKey_file(cctx->ssl, value, SSL_FILETYPE_PEM);
+    return rv > 0;
+}
+
+static int cmd_ServerInfoFile(SSL_CONF_CTX *cctx, const char *value)
+{
+    int rv = 1;
+    if (cctx->ctx)
+        rv = SSL_CTX_use_serverinfo_file(cctx->ctx, value);
+    return rv > 0;
+}
+
+static int do_store(SSL_CONF_CTX *cctx,
+                    const char *CAfile, const char *CApath, int verify_store)
+{
+    CERT *cert;
+    X509_STORE **st;
+    if (cctx->ctx)
+        cert = cctx->ctx->cert;
+    else if (cctx->ssl)
+        cert = cctx->ssl->cert;
+    else
+        return 1;
+    st = verify_store ? &cert->verify_store : &cert->chain_store;
+    if (*st == NULL) {
+        *st = X509_STORE_new();
+        if (*st == NULL)
+            return 0;
+    }
+    return X509_STORE_load_locations(*st, CAfile, CApath) > 0;
+}
+
+static int cmd_ChainCAPath(SSL_CONF_CTX *cctx, const char *value)
+{
+    return do_store(cctx, NULL, value, 0);
+}
+
+static int cmd_ChainCAFile(SSL_CONF_CTX *cctx, const char *value)
+{
+    return do_store(cctx, value, NULL, 0);
+}
+
+static int cmd_VerifyCAPath(SSL_CONF_CTX *cctx, const char *value)
+{
+    return do_store(cctx, NULL, value, 1);
+}
+
+static int cmd_VerifyCAFile(SSL_CONF_CTX *cctx, const char *value)
+{
+    return do_store(cctx, value, NULL, 1);
+}
+
+static int cmd_RequestCAFile(SSL_CONF_CTX *cctx, const char *value)
+{
+    if (cctx->canames == NULL)
+        cctx->canames = sk_X509_NAME_new_null();
+    if (cctx->canames == NULL)
+        return 0;
+    return SSL_add_file_cert_subjects_to_stack(cctx->canames, value);
+}
+
+static int cmd_ClientCAFile(SSL_CONF_CTX *cctx, const char *value)
+{
+    return cmd_RequestCAFile(cctx, value);
+}
+
+static int cmd_RequestCAPath(SSL_CONF_CTX *cctx, const char *value)
+{
+    if (cctx->canames == NULL)
+        cctx->canames = sk_X509_NAME_new_null();
+    if (cctx->canames == NULL)
+        return 0;
+    return SSL_add_dir_cert_subjects_to_stack(cctx->canames, value);
+}
+
+static int cmd_ClientCAPath(SSL_CONF_CTX *cctx, const char *value)
+{
+    return cmd_RequestCAPath(cctx, value);
+}
+
+#ifndef OPENSSL_NO_DH
+static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value)
+{
+    int rv = 0;
+    DH *dh = NULL;
+    BIO *in = NULL;
+    if (cctx->ctx || cctx->ssl) {
+        in = BIO_new(BIO_s_file());
+        if (in == NULL)
+            goto end;
+        if (BIO_read_filename(in, value) <= 0)
+            goto end;
+        dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
+        if (dh == NULL)
+            goto end;
+    } else
+        return 1;
+    if (cctx->ctx)
+        rv = SSL_CTX_set_tmp_dh(cctx->ctx, dh);
+    if (cctx->ssl)
+        rv = SSL_set_tmp_dh(cctx->ssl, dh);
+ end:
+    DH_free(dh);
+    BIO_free(in);
+    return rv > 0;
+}
+#endif
+
+static int cmd_RecordPadding(SSL_CONF_CTX *cctx, const char *value)
+{
+    int rv = 0;
+    int block_size = atoi(value);
+
+    /*
+     * All we care about is a non-negative value,
+     * the setters check the range
+     */
+    if (block_size >= 0) {
+        if (cctx->ctx)
+            rv = SSL_CTX_set_block_padding(cctx->ctx, block_size);
+        if (cctx->ssl)
+            rv = SSL_set_block_padding(cctx->ssl, block_size);
+    }
+    return rv;
+}
+
+
+static int cmd_NumTickets(SSL_CONF_CTX *cctx, const char *value)
+{
+    int rv = 0;
+    int num_tickets = atoi(value);
+
+    if (num_tickets >= 0) {
+        if (cctx->ctx)
+            rv = SSL_CTX_set_num_tickets(cctx->ctx, num_tickets);
+        if (cctx->ssl)
+            rv = SSL_set_num_tickets(cctx->ssl, num_tickets);
+    }
+    return rv;
+}
+
+typedef struct {
+    int (*cmd) (SSL_CONF_CTX *cctx, const char *value);
+    const char *str_file;
+    const char *str_cmdline;
+    unsigned short flags;
+    unsigned short value_type;
+} ssl_conf_cmd_tbl;
+
+/* Table of supported parameters */
+
+#define SSL_CONF_CMD(name, cmdopt, flags, type) \
+        {cmd_##name, #name, cmdopt, flags, type}
+
+#define SSL_CONF_CMD_STRING(name, cmdopt, flags) \
+        SSL_CONF_CMD(name, cmdopt, flags, SSL_CONF_TYPE_STRING)
+
+#define SSL_CONF_CMD_SWITCH(name, flags) \
+        {0, NULL, name, flags, SSL_CONF_TYPE_NONE}
+
+/* See apps/apps.h if you change this table. */
+static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {
+    SSL_CONF_CMD_SWITCH("no_ssl3", 0),
+    SSL_CONF_CMD_SWITCH("no_tls1", 0),
+    SSL_CONF_CMD_SWITCH("no_tls1_1", 0),
+    SSL_CONF_CMD_SWITCH("no_tls1_2", 0),
+    SSL_CONF_CMD_SWITCH("no_tls1_3", 0),
+    SSL_CONF_CMD_SWITCH("bugs", 0),
+    SSL_CONF_CMD_SWITCH("no_comp", 0),
+    SSL_CONF_CMD_SWITCH("comp", 0),
+    SSL_CONF_CMD_SWITCH("ecdh_single", SSL_CONF_FLAG_SERVER),
+    SSL_CONF_CMD_SWITCH("no_ticket", 0),
+    SSL_CONF_CMD_SWITCH("serverpref", SSL_CONF_FLAG_SERVER),
+    SSL_CONF_CMD_SWITCH("legacy_renegotiation", 0),
+    SSL_CONF_CMD_SWITCH("legacy_server_connect", SSL_CONF_FLAG_SERVER),
+    SSL_CONF_CMD_SWITCH("no_renegotiation", 0),
+    SSL_CONF_CMD_SWITCH("no_resumption_on_reneg", SSL_CONF_FLAG_SERVER),
+    SSL_CONF_CMD_SWITCH("no_legacy_server_connect", SSL_CONF_FLAG_SERVER),
+    SSL_CONF_CMD_SWITCH("allow_no_dhe_kex", 0),
+    SSL_CONF_CMD_SWITCH("prioritize_chacha", SSL_CONF_FLAG_SERVER),
+    SSL_CONF_CMD_SWITCH("strict", 0),
+    SSL_CONF_CMD_SWITCH("no_middlebox", 0),
+    SSL_CONF_CMD_SWITCH("anti_replay", SSL_CONF_FLAG_SERVER),
+    SSL_CONF_CMD_SWITCH("no_anti_replay", SSL_CONF_FLAG_SERVER),
+    SSL_CONF_CMD_STRING(SignatureAlgorithms, "sigalgs", 0),
+    SSL_CONF_CMD_STRING(ClientSignatureAlgorithms, "client_sigalgs", 0),
+    SSL_CONF_CMD_STRING(Curves, "curves", 0),
+    SSL_CONF_CMD_STRING(Groups, "groups", 0),
+#ifndef OPENSSL_NO_EC
+    SSL_CONF_CMD_STRING(ECDHParameters, "named_curve", SSL_CONF_FLAG_SERVER),
+#endif
+    SSL_CONF_CMD_STRING(CipherString, "cipher", 0),
+    SSL_CONF_CMD_STRING(Ciphersuites, "ciphersuites", 0),
+    SSL_CONF_CMD_STRING(Protocol, NULL, 0),
+    SSL_CONF_CMD_STRING(MinProtocol, "min_protocol", 0),
+    SSL_CONF_CMD_STRING(MaxProtocol, "max_protocol", 0),
+    SSL_CONF_CMD_STRING(Options, NULL, 0),
+    SSL_CONF_CMD_STRING(VerifyMode, NULL, 0),
+    SSL_CONF_CMD(Certificate, "cert", SSL_CONF_FLAG_CERTIFICATE,
+                 SSL_CONF_TYPE_FILE),
+    SSL_CONF_CMD(PrivateKey, "key", SSL_CONF_FLAG_CERTIFICATE,
+                 SSL_CONF_TYPE_FILE),
+    SSL_CONF_CMD(ServerInfoFile, NULL,
+                 SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE,
+                 SSL_CONF_TYPE_FILE),
+    SSL_CONF_CMD(ChainCAPath, "chainCApath", SSL_CONF_FLAG_CERTIFICATE,
+                 SSL_CONF_TYPE_DIR),
+    SSL_CONF_CMD(ChainCAFile, "chainCAfile", SSL_CONF_FLAG_CERTIFICATE,
+                 SSL_CONF_TYPE_FILE),
+    SSL_CONF_CMD(VerifyCAPath, "verifyCApath", SSL_CONF_FLAG_CERTIFICATE,
+                 SSL_CONF_TYPE_DIR),
+    SSL_CONF_CMD(VerifyCAFile, "verifyCAfile", SSL_CONF_FLAG_CERTIFICATE,
+                 SSL_CONF_TYPE_FILE),
+    SSL_CONF_CMD(RequestCAFile, "requestCAFile", SSL_CONF_FLAG_CERTIFICATE,
+                 SSL_CONF_TYPE_FILE),
+    SSL_CONF_CMD(ClientCAFile, NULL,
+                 SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE,
+                 SSL_CONF_TYPE_FILE),
+    SSL_CONF_CMD(RequestCAPath, NULL, SSL_CONF_FLAG_CERTIFICATE,
+                 SSL_CONF_TYPE_DIR),
+    SSL_CONF_CMD(ClientCAPath, NULL,
+                 SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE,
+                 SSL_CONF_TYPE_DIR),
+#ifndef OPENSSL_NO_DH
+    SSL_CONF_CMD(DHParameters, "dhparam",
+                 SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE,
+                 SSL_CONF_TYPE_FILE),
+#endif
+    SSL_CONF_CMD_STRING(RecordPadding, "record_padding", 0),
+    SSL_CONF_CMD_STRING(NumTickets, "num_tickets", SSL_CONF_FLAG_SERVER),
+};
+
+/* Supported switches: must match order of switches in ssl_conf_cmds */
+static const ssl_switch_tbl ssl_cmd_switches[] = {
+    {SSL_OP_NO_SSLv3, 0},       /* no_ssl3 */
+    {SSL_OP_NO_TLSv1, 0},       /* no_tls1 */
+    {SSL_OP_NO_TLSv1_1, 0},     /* no_tls1_1 */
+    {SSL_OP_NO_TLSv1_2, 0},     /* no_tls1_2 */
+    {SSL_OP_NO_TLSv1_3, 0},     /* no_tls1_3 */
+    {SSL_OP_ALL, 0},            /* bugs */
+    {SSL_OP_NO_COMPRESSION, 0}, /* no_comp */
+    {SSL_OP_NO_COMPRESSION, SSL_TFLAG_INV}, /* comp */
+    {SSL_OP_SINGLE_ECDH_USE, 0}, /* ecdh_single */
+    {SSL_OP_NO_TICKET, 0},      /* no_ticket */
+    {SSL_OP_CIPHER_SERVER_PREFERENCE, 0}, /* serverpref */
+    /* legacy_renegotiation */
+    {SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, 0},
+    /* legacy_server_connect */
+    {SSL_OP_LEGACY_SERVER_CONNECT, 0},
+    /* no_renegotiation */
+    {SSL_OP_NO_RENEGOTIATION, 0},
+    /* no_resumption_on_reneg */
+    {SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION, 0},
+    /* no_legacy_server_connect */
+    {SSL_OP_LEGACY_SERVER_CONNECT, SSL_TFLAG_INV},
+    /* allow_no_dhe_kex */
+    {SSL_OP_ALLOW_NO_DHE_KEX, 0},
+    /* chacha reprioritization */
+    {SSL_OP_PRIORITIZE_CHACHA, 0},
+    {SSL_CERT_FLAG_TLS_STRICT, SSL_TFLAG_CERT}, /* strict */
+    /* no_middlebox */
+    {SSL_OP_ENABLE_MIDDLEBOX_COMPAT, SSL_TFLAG_INV},
+    /* anti_replay */
+    {SSL_OP_NO_ANTI_REPLAY, SSL_TFLAG_INV},
+    /* no_anti_replay */
+    {SSL_OP_NO_ANTI_REPLAY, 0},
+};
+
+static int ssl_conf_cmd_skip_prefix(SSL_CONF_CTX *cctx, const char **pcmd)
+{
+    if (!pcmd || !*pcmd)
+        return 0;
+    /* If a prefix is set, check and skip */
+    if (cctx->prefix) {
+        if (strlen(*pcmd) <= cctx->prefixlen)
+            return 0;
+        if (cctx->flags & SSL_CONF_FLAG_CMDLINE &&
+            strncmp(*pcmd, cctx->prefix, cctx->prefixlen))
+            return 0;
+        if (cctx->flags & SSL_CONF_FLAG_FILE &&
+            strncasecmp(*pcmd, cctx->prefix, cctx->prefixlen))
+            return 0;
+        *pcmd += cctx->prefixlen;
+    } else if (cctx->flags & SSL_CONF_FLAG_CMDLINE) {
+        if (**pcmd != '-' || !(*pcmd)[1])
+            return 0;
+        *pcmd += 1;
+    }
+    return 1;
+}
+
+/* Determine if a command is allowed according to cctx flags */
+static int ssl_conf_cmd_allowed(SSL_CONF_CTX *cctx, const ssl_conf_cmd_tbl * t)
+{
+    unsigned int tfl = t->flags;
+    unsigned int cfl = cctx->flags;
+    if ((tfl & SSL_CONF_FLAG_SERVER) && !(cfl & SSL_CONF_FLAG_SERVER))
+        return 0;
+    if ((tfl & SSL_CONF_FLAG_CLIENT) && !(cfl & SSL_CONF_FLAG_CLIENT))
+        return 0;
+    if ((tfl & SSL_CONF_FLAG_CERTIFICATE)
+        && !(cfl & SSL_CONF_FLAG_CERTIFICATE))
+        return 0;
+    return 1;
+}
+
+static const ssl_conf_cmd_tbl *ssl_conf_cmd_lookup(SSL_CONF_CTX *cctx,
+                                                   const char *cmd)
+{
+    const ssl_conf_cmd_tbl *t;
+    size_t i;
+    if (cmd == NULL)
+        return NULL;
+
+    /* Look for matching parameter name in table */
+    for (i = 0, t = ssl_conf_cmds; i < OSSL_NELEM(ssl_conf_cmds); i++, t++) {
+        if (ssl_conf_cmd_allowed(cctx, t)) {
+            if (cctx->flags & SSL_CONF_FLAG_CMDLINE) {
+                if (t->str_cmdline && strcmp(t->str_cmdline, cmd) == 0)
+                    return t;
+            }
+            if (cctx->flags & SSL_CONF_FLAG_FILE) {
+                if (t->str_file && strcasecmp(t->str_file, cmd) == 0)
+                    return t;
+            }
+        }
+    }
+    return NULL;
+}
+
+static int ctrl_switch_option(SSL_CONF_CTX *cctx, const ssl_conf_cmd_tbl * cmd)
+{
+    /* Find index of command in table */
+    size_t idx = cmd - ssl_conf_cmds;
+    const ssl_switch_tbl *scmd;
+    /* Sanity check index */
+    if (idx >= OSSL_NELEM(ssl_cmd_switches))
+        return 0;
+    /* Obtain switches entry with same index */
+    scmd = ssl_cmd_switches + idx;
+    ssl_set_option(cctx, scmd->name_flags, scmd->option_value, 1);
+    return 1;
+}
+
+int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value)
+{
+    const ssl_conf_cmd_tbl *runcmd;
+    if (cmd == NULL) {
+        SSLerr(SSL_F_SSL_CONF_CMD, SSL_R_INVALID_NULL_CMD_NAME);
+        return 0;
+    }
+
+    if (!ssl_conf_cmd_skip_prefix(cctx, &cmd))
+        return -2;
+
+    runcmd = ssl_conf_cmd_lookup(cctx, cmd);
+
+    if (runcmd) {
+        int rv;
+        if (runcmd->value_type == SSL_CONF_TYPE_NONE) {
+            return ctrl_switch_option(cctx, runcmd);
+        }
+        if (value == NULL)
+            return -3;
+        rv = runcmd->cmd(cctx, value);
+        if (rv > 0)
+            return 2;
+        if (rv == -2)
+            return -2;
+        if (cctx->flags & SSL_CONF_FLAG_SHOW_ERRORS) {
+            SSLerr(SSL_F_SSL_CONF_CMD, SSL_R_BAD_VALUE);
+            ERR_add_error_data(4, "cmd=", cmd, ", value=", value);
+        }
+        return 0;
+    }
+
+    if (cctx->flags & SSL_CONF_FLAG_SHOW_ERRORS) {
+        SSLerr(SSL_F_SSL_CONF_CMD, SSL_R_UNKNOWN_CMD_NAME);
+        ERR_add_error_data(2, "cmd=", cmd);
+    }
+
+    return -2;
+}
+
+int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv)
+{
+    int rv;
+    const char *arg = NULL, *argn;
+    if (pargc && *pargc == 0)
+        return 0;
+    if (!pargc || *pargc > 0)
+        arg = **pargv;
+    if (arg == NULL)
+        return 0;
+    if (!pargc || *pargc > 1)
+        argn = (*pargv)[1];
+    else
+        argn = NULL;
+    cctx->flags &= ~SSL_CONF_FLAG_FILE;
+    cctx->flags |= SSL_CONF_FLAG_CMDLINE;
+    rv = SSL_CONF_cmd(cctx, arg, argn);
+    if (rv > 0) {
+        /* Success: update pargc, pargv */
+        (*pargv) += rv;
+        if (pargc)
+            (*pargc) -= rv;
+        return rv;
+    }
+    /* Unknown switch: indicate no arguments processed */
+    if (rv == -2)
+        return 0;
+    /* Some error occurred processing command, return fatal error */
+    if (rv == 0)
+        return -1;
+    return rv;
+}
+
+int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd)
+{
+    if (ssl_conf_cmd_skip_prefix(cctx, &cmd)) {
+        const ssl_conf_cmd_tbl *runcmd;
+        runcmd = ssl_conf_cmd_lookup(cctx, cmd);
+        if (runcmd)
+            return runcmd->value_type;
+    }
+    return SSL_CONF_TYPE_UNKNOWN;
+}
+
+SSL_CONF_CTX *SSL_CONF_CTX_new(void)
+{
+    SSL_CONF_CTX *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    return ret;
+}
+
+int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx)
+{
+    /* See if any certificates are missing private keys */
+    size_t i;
+    CERT *c = NULL;
+    if (cctx->ctx)
+        c = cctx->ctx->cert;
+    else if (cctx->ssl)
+        c = cctx->ssl->cert;
+    if (c && cctx->flags & SSL_CONF_FLAG_REQUIRE_PRIVATE) {
+        for (i = 0; i < SSL_PKEY_NUM; i++) {
+            const char *p = cctx->cert_filename[i];
+            /*
+             * If missing private key try to load one from certificate file
+             */
+            if (p && !c->pkeys[i].privatekey) {
+                if (!cmd_PrivateKey(cctx, p))
+                    return 0;
+            }
+        }
+    }
+    if (cctx->canames) {
+        if (cctx->ssl)
+            SSL_set0_CA_list(cctx->ssl, cctx->canames);
+        else if (cctx->ctx)
+            SSL_CTX_set0_CA_list(cctx->ctx, cctx->canames);
+        else
+            sk_X509_NAME_pop_free(cctx->canames, X509_NAME_free);
+        cctx->canames = NULL;
+    }
+    return 1;
+}
+
+void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx)
+{
+    if (cctx) {
+        size_t i;
+        for (i = 0; i < SSL_PKEY_NUM; i++)
+            OPENSSL_free(cctx->cert_filename[i]);
+        OPENSSL_free(cctx->prefix);
+        sk_X509_NAME_pop_free(cctx->canames, X509_NAME_free);
+        OPENSSL_free(cctx);
+    }
+}
+
+unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags)
+{
+    cctx->flags |= flags;
+    return cctx->flags;
+}
+
+unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, unsigned int flags)
+{
+    cctx->flags &= ~flags;
+    return cctx->flags;
+}
+
+int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *pre)
+{
+    char *tmp = NULL;
+    if (pre) {
+        tmp = OPENSSL_strdup(pre);
+        if (tmp == NULL)
+            return 0;
+    }
+    OPENSSL_free(cctx->prefix);
+    cctx->prefix = tmp;
+    if (tmp)
+        cctx->prefixlen = strlen(tmp);
+    else
+        cctx->prefixlen = 0;
+    return 1;
+}
+
+void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl)
+{
+    cctx->ssl = ssl;
+    cctx->ctx = NULL;
+    if (ssl) {
+        cctx->poptions = &ssl->options;
+        cctx->min_version = &ssl->min_proto_version;
+        cctx->max_version = &ssl->max_proto_version;
+        cctx->pcert_flags = &ssl->cert->cert_flags;
+        cctx->pvfy_flags = &ssl->verify_mode;
+    } else {
+        cctx->poptions = NULL;
+        cctx->min_version = NULL;
+        cctx->max_version = NULL;
+        cctx->pcert_flags = NULL;
+        cctx->pvfy_flags = NULL;
+    }
+}
+
+void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx)
+{
+    cctx->ctx = ctx;
+    cctx->ssl = NULL;
+    if (ctx) {
+        cctx->poptions = &ctx->options;
+        cctx->min_version = &ctx->min_proto_version;
+        cctx->max_version = &ctx->max_proto_version;
+        cctx->pcert_flags = &ctx->cert->cert_flags;
+        cctx->pvfy_flags = &ctx->verify_mode;
+    } else {
+        cctx->poptions = NULL;
+        cctx->min_version = NULL;
+        cctx->max_version = NULL;
+        cctx->pcert_flags = NULL;
+        cctx->pvfy_flags = NULL;
+    }
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_err.c b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_err.c
new file mode 100644
index 000000000..4b12ed148
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_err.c
@@ -0,0 +1,1277 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/sslerr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA SSL_str_functs[] = {
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_ADD_CLIENT_KEY_SHARE_EXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_ADD_KEY_SHARE, 0), "add_key_share"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_BYTES_TO_CIPHER_LIST, 0),
+     "bytes_to_cipher_list"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_CHECK_SUITEB_CIPHER_LIST, 0),
+     "check_suiteb_cipher_list"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_CIPHERSUITE_CB, 0), "ciphersuite_cb"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_CONSTRUCT_CA_NAMES, 0), "construct_ca_names"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_CONSTRUCT_KEY_EXCHANGE_TBS, 0),
+     "construct_key_exchange_tbs"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_CONSTRUCT_STATEFUL_TICKET, 0),
+     "construct_stateful_ticket"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_CONSTRUCT_STATELESS_TICKET, 0),
+     "construct_stateless_ticket"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_CREATE_SYNTHETIC_MESSAGE_HASH, 0),
+     "create_synthetic_message_hash"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_CREATE_TICKET_PREQUEL, 0),
+     "create_ticket_prequel"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_CT_MOVE_SCTS, 0), "ct_move_scts"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_CT_STRICT, 0), "ct_strict"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_CUSTOM_EXT_ADD, 0), "custom_ext_add"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_CUSTOM_EXT_PARSE, 0), "custom_ext_parse"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_D2I_SSL_SESSION, 0), "d2i_SSL_SESSION"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DANE_CTX_ENABLE, 0), "dane_ctx_enable"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DANE_MTYPE_SET, 0), "dane_mtype_set"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DANE_TLSA_ADD, 0), "dane_tlsa_add"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DERIVE_SECRET_KEY_AND_IV, 0),
+     "derive_secret_key_and_iv"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DO_DTLS1_WRITE, 0), "do_dtls1_write"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DO_SSL3_WRITE, 0), "do_ssl3_write"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_BUFFER_RECORD, 0),
+     "dtls1_buffer_record"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_CHECK_TIMEOUT_NUM, 0),
+     "dtls1_check_timeout_num"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_HEARTBEAT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_HM_FRAGMENT_NEW, 0),
+     "dtls1_hm_fragment_new"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_PREPROCESS_FRAGMENT, 0),
+     "dtls1_preprocess_fragment"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS, 0),
+     "dtls1_process_buffered_records"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_PROCESS_RECORD, 0),
+     "dtls1_process_record"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_READ_BYTES, 0), "dtls1_read_bytes"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_READ_FAILED, 0), "dtls1_read_failed"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_RETRANSMIT_MESSAGE, 0),
+     "dtls1_retransmit_message"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_WRITE_APP_DATA_BYTES, 0),
+     "dtls1_write_app_data_bytes"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_WRITE_BYTES, 0), "dtls1_write_bytes"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLSV1_LISTEN, 0), "DTLSv1_listen"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC, 0),
+     "dtls_construct_change_cipher_spec"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST, 0),
+     "dtls_construct_hello_verify_request"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS_GET_REASSEMBLED_MESSAGE, 0),
+     "dtls_get_reassembled_message"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS_PROCESS_HELLO_VERIFY, 0),
+     "dtls_process_hello_verify"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS_RECORD_LAYER_NEW, 0),
+     "DTLS_RECORD_LAYER_new"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS_WAIT_FOR_DRY, 0), "dtls_wait_for_dry"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_EARLY_DATA_COUNT_OK, 0),
+     "early_data_count_ok"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_EARLY_DATA, 0), "final_early_data"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_EC_PT_FORMATS, 0),
+     "final_ec_pt_formats"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_EMS, 0), "final_ems"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_KEY_SHARE, 0), "final_key_share"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_MAXFRAGMENTLEN, 0),
+     "final_maxfragmentlen"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_RENEGOTIATE, 0), "final_renegotiate"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_SERVER_NAME, 0), "final_server_name"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_SIG_ALGS, 0), "final_sig_algs"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_GET_CERT_VERIFY_TBS_DATA, 0),
+     "get_cert_verify_tbs_data"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_NSS_KEYLOG_INT, 0), "nss_keylog_int"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_OPENSSL_INIT_SSL, 0), "OPENSSL_init_ssl"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_CLIENT13_READ_TRANSITION, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_CLIENT13_WRITE_TRANSITION, 0),
+     "ossl_statem_client13_write_transition"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_CLIENT_CONSTRUCT_MESSAGE, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_CLIENT_POST_PROCESS_MESSAGE, 0),
+     "ossl_statem_client_post_process_message"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_CLIENT_PROCESS_MESSAGE, 0),
+     "ossl_statem_client_process_message"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION, 0),
+     "ossl_statem_client_read_transition"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_CLIENT_WRITE_TRANSITION, 0),
+     "ossl_statem_client_write_transition"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER13_READ_TRANSITION, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER13_WRITE_TRANSITION, 0),
+     "ossl_statem_server13_write_transition"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER_POST_PROCESS_MESSAGE, 0),
+     "ossl_statem_server_post_process_message"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER_POST_WORK, 0),
+     "ossl_statem_server_post_work"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER_PROCESS_MESSAGE, 0),
+     "ossl_statem_server_process_message"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION, 0),
+     "ossl_statem_server_read_transition"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER_WRITE_TRANSITION, 0),
+     "ossl_statem_server_write_transition"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_PARSE_CA_NAMES, 0), "parse_ca_names"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_PITEM_NEW, 0), "pitem_new"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_PQUEUE_NEW, 0), "pqueue_new"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_PROCESS_KEY_SHARE_EXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_READ_STATE_MACHINE, 0), "read_state_machine"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SET_CLIENT_CIPHERSUITE, 0),
+     "set_client_ciphersuite"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET, 0),
+     "srp_generate_client_master_secret"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SRP_GENERATE_SERVER_MASTER_SECRET, 0),
+     "srp_generate_server_master_secret"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SRP_VERIFY_SERVER_PARAM, 0),
+     "srp_verify_server_param"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_CHANGE_CIPHER_STATE, 0),
+     "ssl3_change_cipher_state"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, 0),
+     "ssl3_check_cert_and_algorithm"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_CTRL, 0), "ssl3_ctrl"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_CTX_CTRL, 0), "ssl3_ctx_ctrl"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_DIGEST_CACHED_RECORDS, 0),
+     "ssl3_digest_cached_records"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, 0),
+     "ssl3_do_change_cipher_spec"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_ENC, 0), "ssl3_enc"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_FINAL_FINISH_MAC, 0),
+     "ssl3_final_finish_mac"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_FINISH_MAC, 0), "ssl3_finish_mac"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_GENERATE_KEY_BLOCK, 0),
+     "ssl3_generate_key_block"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_GENERATE_MASTER_SECRET, 0),
+     "ssl3_generate_master_secret"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_GET_RECORD, 0), "ssl3_get_record"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_INIT_FINISHED_MAC, 0),
+     "ssl3_init_finished_mac"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_OUTPUT_CERT_CHAIN, 0),
+     "ssl3_output_cert_chain"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_READ_BYTES, 0), "ssl3_read_bytes"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_READ_N, 0), "ssl3_read_n"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_SETUP_KEY_BLOCK, 0),
+     "ssl3_setup_key_block"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_SETUP_READ_BUFFER, 0),
+     "ssl3_setup_read_buffer"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_SETUP_WRITE_BUFFER, 0),
+     "ssl3_setup_write_buffer"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_WRITE_BYTES, 0), "ssl3_write_bytes"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_WRITE_PENDING, 0), "ssl3_write_pending"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_CERT_CHAIN, 0), "ssl_add_cert_chain"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_CERT_TO_BUF, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_CERT_TO_WPACKET, 0),
+     "ssl_add_cert_to_wpacket"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, 0),
+     "SSL_add_dir_cert_subjects_to_stack"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK, 0),
+     "SSL_add_file_cert_subjects_to_stack"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_BAD_METHOD, 0), "ssl_bad_method"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_BUILD_CERT_CHAIN, 0),
+     "ssl_build_cert_chain"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_BYTES_TO_CIPHER_LIST, 0),
+     "SSL_bytes_to_cipher_list"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CACHE_CIPHERLIST, 0),
+     "ssl_cache_cipherlist"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CERT_ADD0_CHAIN_CERT, 0),
+     "ssl_cert_add0_chain_cert"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CERT_DUP, 0), "ssl_cert_dup"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CERT_NEW, 0), "ssl_cert_new"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CERT_SET0_CHAIN, 0),
+     "ssl_cert_set0_chain"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CHECK_PRIVATE_KEY, 0),
+     "SSL_check_private_key"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CHECK_SRP_EXT_CLIENTHELLO, 0),
+     "ssl_check_srp_ext_ClientHello"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, 0),
+     "ssl_check_srvr_ecc_cert_and_alg"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CHOOSE_CLIENT_VERSION, 0),
+     "ssl_choose_client_version"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CIPHER_DESCRIPTION, 0),
+     "SSL_CIPHER_description"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CIPHER_LIST_TO_BYTES, 0),
+     "ssl_cipher_list_to_bytes"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CIPHER_PROCESS_RULESTR, 0),
+     "ssl_cipher_process_rulestr"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CIPHER_STRENGTH_SORT, 0),
+     "ssl_cipher_strength_sort"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CLEAR, 0), "SSL_clear"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CLIENT_HELLO_GET1_EXTENSIONS_PRESENT, 0),
+     "SSL_client_hello_get1_extensions_present"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, 0),
+     "SSL_COMP_add_compression_method"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CONF_CMD, 0), "SSL_CONF_cmd"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CREATE_CIPHER_LIST, 0),
+     "ssl_create_cipher_list"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTRL, 0), "SSL_ctrl"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, 0),
+     "SSL_CTX_check_private_key"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_ENABLE_CT, 0), "SSL_CTX_enable_ct"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_MAKE_PROFILES, 0),
+     "ssl_ctx_make_profiles"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_NEW, 0), "SSL_CTX_new"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_SET_ALPN_PROTOS, 0),
+     "SSL_CTX_set_alpn_protos"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_SET_CIPHER_LIST, 0),
+     "SSL_CTX_set_cipher_list"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, 0),
+     "SSL_CTX_set_client_cert_engine"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK, 0),
+     "SSL_CTX_set_ct_validation_callback"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT, 0),
+     "SSL_CTX_set_session_id_context"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_SET_SSL_VERSION, 0),
+     "SSL_CTX_set_ssl_version"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_SET_TLSEXT_MAX_FRAGMENT_LENGTH, 0),
+     "SSL_CTX_set_tlsext_max_fragment_length"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_CERTIFICATE, 0),
+     "SSL_CTX_use_certificate"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1, 0),
+     "SSL_CTX_use_certificate_ASN1"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, 0),
+     "SSL_CTX_use_certificate_file"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_PRIVATEKEY, 0),
+     "SSL_CTX_use_PrivateKey"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1, 0),
+     "SSL_CTX_use_PrivateKey_ASN1"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, 0),
+     "SSL_CTX_use_PrivateKey_file"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, 0),
+     "SSL_CTX_use_psk_identity_hint"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, 0),
+     "SSL_CTX_use_RSAPrivateKey"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1, 0),
+     "SSL_CTX_use_RSAPrivateKey_ASN1"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, 0),
+     "SSL_CTX_use_RSAPrivateKey_file"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_SERVERINFO, 0),
+     "SSL_CTX_use_serverinfo"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_SERVERINFO_EX, 0),
+     "SSL_CTX_use_serverinfo_ex"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_SERVERINFO_FILE, 0),
+     "SSL_CTX_use_serverinfo_file"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_DANE_DUP, 0), "ssl_dane_dup"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_DANE_ENABLE, 0), "SSL_dane_enable"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_DERIVE, 0), "ssl_derive"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_DO_CONFIG, 0), "ssl_do_config"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_DO_HANDSHAKE, 0), "SSL_do_handshake"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_DUP_CA_LIST, 0), "SSL_dup_CA_list"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ENABLE_CT, 0), "SSL_enable_ct"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_GENERATE_PKEY_GROUP, 0),
+     "ssl_generate_pkey_group"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_GENERATE_SESSION_ID, 0),
+     "ssl_generate_session_id"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_GET_NEW_SESSION, 0),
+     "ssl_get_new_session"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_GET_PREV_SESSION, 0),
+     "ssl_get_prev_session"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_GET_SERVER_CERT_INDEX, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_GET_SIGN_PKEY, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_HANDSHAKE_HASH, 0), "ssl_handshake_hash"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_INIT_WBIO_BUFFER, 0),
+     "ssl_init_wbio_buffer"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_KEY_UPDATE, 0), "SSL_key_update"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_LOAD_CLIENT_CA_FILE, 0),
+     "SSL_load_client_CA_file"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_LOG_MASTER_SECRET, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE, 0),
+     "ssl_log_rsa_client_key_exchange"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_MODULE_INIT, 0), "ssl_module_init"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_NEW, 0), "SSL_new"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_NEXT_PROTO_VALIDATE, 0),
+     "ssl_next_proto_validate"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PEEK, 0), "SSL_peek"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PEEK_EX, 0), "SSL_peek_ex"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PEEK_INTERNAL, 0), "ssl_peek_internal"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_READ, 0), "SSL_read"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_READ_EARLY_DATA, 0),
+     "SSL_read_early_data"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_READ_EX, 0), "SSL_read_ex"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_READ_INTERNAL, 0), "ssl_read_internal"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_RENEGOTIATE, 0), "SSL_renegotiate"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_RENEGOTIATE_ABBREVIATED, 0),
+     "SSL_renegotiate_abbreviated"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SESSION_DUP, 0), "ssl_session_dup"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SESSION_NEW, 0), "SSL_SESSION_new"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SESSION_PRINT_FP, 0),
+     "SSL_SESSION_print_fp"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SESSION_SET1_ID, 0),
+     "SSL_SESSION_set1_id"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SESSION_SET1_ID_CONTEXT, 0),
+     "SSL_SESSION_set1_id_context"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_ALPN_PROTOS, 0),
+     "SSL_set_alpn_protos"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_CERT, 0), "ssl_set_cert"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_CERT_AND_KEY, 0),
+     "ssl_set_cert_and_key"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_CIPHER_LIST, 0),
+     "SSL_set_cipher_list"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_CT_VALIDATION_CALLBACK, 0),
+     "SSL_set_ct_validation_callback"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_FD, 0), "SSL_set_fd"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_PKEY, 0), "ssl_set_pkey"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_RFD, 0), "SSL_set_rfd"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_SESSION, 0), "SSL_set_session"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_SESSION_ID_CONTEXT, 0),
+     "SSL_set_session_id_context"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_SESSION_TICKET_EXT, 0),
+     "SSL_set_session_ticket_ext"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_TLSEXT_MAX_FRAGMENT_LENGTH, 0),
+     "SSL_set_tlsext_max_fragment_length"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_WFD, 0), "SSL_set_wfd"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SHUTDOWN, 0), "SSL_shutdown"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SRP_CTX_INIT, 0), "SSL_SRP_CTX_init"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_START_ASYNC_JOB, 0),
+     "ssl_start_async_job"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_UNDEFINED_FUNCTION, 0),
+     "ssl_undefined_function"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_UNDEFINED_VOID_FUNCTION, 0),
+     "ssl_undefined_void_function"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_CERTIFICATE, 0),
+     "SSL_use_certificate"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_CERTIFICATE_ASN1, 0),
+     "SSL_use_certificate_ASN1"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_CERTIFICATE_FILE, 0),
+     "SSL_use_certificate_file"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_PRIVATEKEY, 0), "SSL_use_PrivateKey"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_PRIVATEKEY_ASN1, 0),
+     "SSL_use_PrivateKey_ASN1"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_PRIVATEKEY_FILE, 0),
+     "SSL_use_PrivateKey_file"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_PSK_IDENTITY_HINT, 0),
+     "SSL_use_psk_identity_hint"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_RSAPRIVATEKEY, 0),
+     "SSL_use_RSAPrivateKey"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1, 0),
+     "SSL_use_RSAPrivateKey_ASN1"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, 0),
+     "SSL_use_RSAPrivateKey_file"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_VALIDATE_CT, 0), "ssl_validate_ct"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_VERIFY_CERT_CHAIN, 0),
+     "ssl_verify_cert_chain"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, 0),
+     "SSL_verify_client_post_handshake"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_WRITE, 0), "SSL_write"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_WRITE_EARLY_DATA, 0),
+     "SSL_write_early_data"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_WRITE_EARLY_FINISH, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_WRITE_EX, 0), "SSL_write_ex"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_WRITE_INTERNAL, 0), "ssl_write_internal"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_STATE_MACHINE, 0), "state_machine"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS12_CHECK_PEER_SIGALG, 0),
+     "tls12_check_peer_sigalg"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS12_COPY_SIGALGS, 0), "tls12_copy_sigalgs"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS13_CHANGE_CIPHER_STATE, 0),
+     "tls13_change_cipher_state"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS13_ENC, 0), "tls13_enc"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS13_FINAL_FINISH_MAC, 0),
+     "tls13_final_finish_mac"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS13_GENERATE_SECRET, 0),
+     "tls13_generate_secret"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS13_HKDF_EXPAND, 0), "tls13_hkdf_expand"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS13_RESTORE_HANDSHAKE_DIGEST_FOR_PHA, 0),
+     "tls13_restore_handshake_digest_for_pha"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS13_SAVE_HANDSHAKE_DIGEST_FOR_PHA, 0),
+     "tls13_save_handshake_digest_for_pha"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS13_SETUP_KEY_BLOCK, 0),
+     "tls13_setup_key_block"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_CHANGE_CIPHER_STATE, 0),
+     "tls1_change_cipher_state"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_ENC, 0), "tls1_enc"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_EXPORT_KEYING_MATERIAL, 0),
+     "tls1_export_keying_material"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_GET_CURVELIST, 0), "tls1_get_curvelist"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_PRF, 0), "tls1_PRF"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_SAVE_U16, 0), "tls1_save_u16"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_SETUP_KEY_BLOCK, 0),
+     "tls1_setup_key_block"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_SET_GROUPS, 0), "tls1_set_groups"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_SET_RAW_SIGALGS, 0),
+     "tls1_set_raw_sigalgs"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_SET_SERVER_SIGALGS, 0),
+     "tls1_set_server_sigalgs"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_SET_SHARED_SIGALGS, 0),
+     "tls1_set_shared_sigalgs"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_SET_SIGALGS, 0), "tls1_set_sigalgs"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CHOOSE_SIGALG, 0), "tls_choose_sigalg"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK, 0),
+     "tls_client_key_exchange_post_work"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_COLLECT_EXTENSIONS, 0),
+     "tls_collect_extensions"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CERTIFICATE_AUTHORITIES, 0),
+     "tls_construct_certificate_authorities"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST, 0),
+     "tls_construct_certificate_request"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CERT_STATUS, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CERT_STATUS_BODY, 0),
+     "tls_construct_cert_status_body"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CERT_VERIFY, 0),
+     "tls_construct_cert_verify"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CHANGE_CIPHER_SPEC, 0),
+     "tls_construct_change_cipher_spec"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CKE_DHE, 0),
+     "tls_construct_cke_dhe"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CKE_ECDHE, 0),
+     "tls_construct_cke_ecdhe"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CKE_GOST, 0),
+     "tls_construct_cke_gost"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, 0),
+     "tls_construct_cke_psk_preamble"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CKE_RSA, 0),
+     "tls_construct_cke_rsa"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CKE_SRP, 0),
+     "tls_construct_cke_srp"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE, 0),
+     "tls_construct_client_certificate"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, 0),
+     "tls_construct_client_hello"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, 0),
+     "tls_construct_client_key_exchange"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_ALPN, 0),
+     "tls_construct_ctos_alpn"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_CERTIFICATE, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_COOKIE, 0),
+     "tls_construct_ctos_cookie"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA, 0),
+     "tls_construct_ctos_early_data"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_EC_PT_FORMATS, 0),
+     "tls_construct_ctos_ec_pt_formats"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_EMS, 0),
+     "tls_construct_ctos_ems"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_ETM, 0),
+     "tls_construct_ctos_etm"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_HELLO, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_KEY_EXCHANGE, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE, 0),
+     "tls_construct_ctos_key_share"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_MAXFRAGMENTLEN, 0),
+     "tls_construct_ctos_maxfragmentlen"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_NPN, 0),
+     "tls_construct_ctos_npn"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_PADDING, 0),
+     "tls_construct_ctos_padding"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_POST_HANDSHAKE_AUTH, 0),
+     "tls_construct_ctos_post_handshake_auth"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_PSK, 0),
+     "tls_construct_ctos_psk"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_PSK_KEX_MODES, 0),
+     "tls_construct_ctos_psk_kex_modes"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE, 0),
+     "tls_construct_ctos_renegotiate"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_SCT, 0),
+     "tls_construct_ctos_sct"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_SERVER_NAME, 0),
+     "tls_construct_ctos_server_name"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_SESSION_TICKET, 0),
+     "tls_construct_ctos_session_ticket"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_SIG_ALGS, 0),
+     "tls_construct_ctos_sig_algs"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_SRP, 0),
+     "tls_construct_ctos_srp"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST, 0),
+     "tls_construct_ctos_status_request"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS, 0),
+     "tls_construct_ctos_supported_groups"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS, 0),
+     "tls_construct_ctos_supported_versions"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_USE_SRTP, 0),
+     "tls_construct_ctos_use_srtp"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_VERIFY, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_ENCRYPTED_EXTENSIONS, 0),
+     "tls_construct_encrypted_extensions"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_END_OF_EARLY_DATA, 0),
+     "tls_construct_end_of_early_data"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_EXTENSIONS, 0),
+     "tls_construct_extensions"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_FINISHED, 0),
+     "tls_construct_finished"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_HELLO_REQUEST, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_HELLO_RETRY_REQUEST, 0),
+     "tls_construct_hello_retry_request"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_KEY_UPDATE, 0),
+     "tls_construct_key_update"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, 0),
+     "tls_construct_new_session_ticket"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_NEXT_PROTO, 0),
+     "tls_construct_next_proto"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE, 0),
+     "tls_construct_server_certificate"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_SERVER_HELLO, 0),
+     "tls_construct_server_hello"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, 0),
+     "tls_construct_server_key_exchange"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_ALPN, 0),
+     "tls_construct_stoc_alpn"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_CERTIFICATE, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_COOKIE, 0),
+     "tls_construct_stoc_cookie"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_CRYPTOPRO_BUG, 0),
+     "tls_construct_stoc_cryptopro_bug"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_DONE, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA, 0),
+     "tls_construct_stoc_early_data"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA_INFO, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_EC_PT_FORMATS, 0),
+     "tls_construct_stoc_ec_pt_formats"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_EMS, 0),
+     "tls_construct_stoc_ems"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_ETM, 0),
+     "tls_construct_stoc_etm"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_HELLO, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_KEY_EXCHANGE, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE, 0),
+     "tls_construct_stoc_key_share"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_MAXFRAGMENTLEN, 0),
+     "tls_construct_stoc_maxfragmentlen"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_NEXT_PROTO_NEG, 0),
+     "tls_construct_stoc_next_proto_neg"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_PSK, 0),
+     "tls_construct_stoc_psk"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_RENEGOTIATE, 0),
+     "tls_construct_stoc_renegotiate"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_SERVER_NAME, 0),
+     "tls_construct_stoc_server_name"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_SESSION_TICKET, 0),
+     "tls_construct_stoc_session_ticket"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_STATUS_REQUEST, 0),
+     "tls_construct_stoc_status_request"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS, 0),
+     "tls_construct_stoc_supported_groups"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS, 0),
+     "tls_construct_stoc_supported_versions"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_USE_SRTP, 0),
+     "tls_construct_stoc_use_srtp"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, 0),
+     "tls_early_post_process_client_hello"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_FINISH_HANDSHAKE, 0),
+     "tls_finish_handshake"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_GET_MESSAGE_BODY, 0),
+     "tls_get_message_body"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_GET_MESSAGE_HEADER, 0),
+     "tls_get_message_header"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_HANDLE_ALPN, 0), "tls_handle_alpn"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_HANDLE_STATUS_REQUEST, 0),
+     "tls_handle_status_request"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CERTIFICATE_AUTHORITIES, 0),
+     "tls_parse_certificate_authorities"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CLIENTHELLO_TLSEXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_ALPN, 0),
+     "tls_parse_ctos_alpn"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_COOKIE, 0),
+     "tls_parse_ctos_cookie"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_EARLY_DATA, 0),
+     "tls_parse_ctos_early_data"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_EC_PT_FORMATS, 0),
+     "tls_parse_ctos_ec_pt_formats"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_EMS, 0), "tls_parse_ctos_ems"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_KEY_SHARE, 0),
+     "tls_parse_ctos_key_share"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_MAXFRAGMENTLEN, 0),
+     "tls_parse_ctos_maxfragmentlen"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_POST_HANDSHAKE_AUTH, 0),
+     "tls_parse_ctos_post_handshake_auth"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_PSK, 0), "tls_parse_ctos_psk"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_PSK_KEX_MODES, 0),
+     "tls_parse_ctos_psk_kex_modes"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_RENEGOTIATE, 0),
+     "tls_parse_ctos_renegotiate"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_SERVER_NAME, 0),
+     "tls_parse_ctos_server_name"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_SESSION_TICKET, 0),
+     "tls_parse_ctos_session_ticket"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_SIG_ALGS, 0),
+     "tls_parse_ctos_sig_algs"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_SIG_ALGS_CERT, 0),
+     "tls_parse_ctos_sig_algs_cert"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_SRP, 0), "tls_parse_ctos_srp"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST, 0),
+     "tls_parse_ctos_status_request"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_SUPPORTED_GROUPS, 0),
+     "tls_parse_ctos_supported_groups"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_USE_SRTP, 0),
+     "tls_parse_ctos_use_srtp"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_ALPN, 0),
+     "tls_parse_stoc_alpn"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_COOKIE, 0),
+     "tls_parse_stoc_cookie"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_EARLY_DATA, 0),
+     "tls_parse_stoc_early_data"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS, 0),
+     "tls_parse_stoc_ec_pt_formats"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_KEY_SHARE, 0),
+     "tls_parse_stoc_key_share"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN, 0),
+     "tls_parse_stoc_maxfragmentlen"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_NPN, 0), "tls_parse_stoc_npn"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_PSK, 0), "tls_parse_stoc_psk"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_RENEGOTIATE, 0),
+     "tls_parse_stoc_renegotiate"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_SCT, 0), "tls_parse_stoc_sct"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_SERVER_NAME, 0),
+     "tls_parse_stoc_server_name"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_SESSION_TICKET, 0),
+     "tls_parse_stoc_session_ticket"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_STATUS_REQUEST, 0),
+     "tls_parse_stoc_status_request"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_SUPPORTED_VERSIONS, 0),
+     "tls_parse_stoc_supported_versions"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_USE_SRTP, 0),
+     "tls_parse_stoc_use_srtp"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_POST_PROCESS_CLIENT_HELLO, 0),
+     "tls_post_process_client_hello"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE, 0),
+     "tls_post_process_client_key_exchange"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE, 0),
+     "tls_prepare_client_certificate"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_AS_HELLO_RETRY_REQUEST, 0),
+     "tls_process_as_hello_retry_request"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, 0),
+     "tls_process_certificate_request"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CERT_STATUS, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CERT_STATUS_BODY, 0),
+     "tls_process_cert_status_body"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CERT_VERIFY, 0),
+     "tls_process_cert_verify"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC, 0),
+     "tls_process_change_cipher_spec"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CKE_DHE, 0),
+     "tls_process_cke_dhe"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CKE_ECDHE, 0),
+     "tls_process_cke_ecdhe"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CKE_GOST, 0),
+     "tls_process_cke_gost"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, 0),
+     "tls_process_cke_psk_preamble"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CKE_RSA, 0),
+     "tls_process_cke_rsa"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CKE_SRP, 0),
+     "tls_process_cke_srp"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, 0),
+     "tls_process_client_certificate"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CLIENT_HELLO, 0),
+     "tls_process_client_hello"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, 0),
+     "tls_process_client_key_exchange"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_ENCRYPTED_EXTENSIONS, 0),
+     "tls_process_encrypted_extensions"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_END_OF_EARLY_DATA, 0),
+     "tls_process_end_of_early_data"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_FINISHED, 0),
+     "tls_process_finished"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_HELLO_REQ, 0),
+     "tls_process_hello_req"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_HELLO_RETRY_REQUEST, 0),
+     "tls_process_hello_retry_request"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT, 0),
+     "tls_process_initial_server_flight"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_KEY_EXCHANGE, 0),
+     "tls_process_key_exchange"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_KEY_UPDATE, 0),
+     "tls_process_key_update"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, 0),
+     "tls_process_new_session_ticket"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_NEXT_PROTO, 0),
+     "tls_process_next_proto"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, 0),
+     "tls_process_server_certificate"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_SERVER_DONE, 0),
+     "tls_process_server_done"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_SERVER_HELLO, 0),
+     "tls_process_server_hello"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_SKE_DHE, 0),
+     "tls_process_ske_dhe"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_SKE_ECDHE, 0),
+     "tls_process_ske_ecdhe"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE, 0),
+     "tls_process_ske_psk_preamble"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_SKE_SRP, 0),
+     "tls_process_ske_srp"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PSK_DO_BINDER, 0), "tls_psk_do_binder"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_SCAN_CLIENTHELLO_TLSEXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_SETUP_HANDSHAKE, 0),
+     "tls_setup_handshake"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_USE_CERTIFICATE_CHAIN_FILE, 0),
+     "use_certificate_chain_file"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_WPACKET_INTERN_INIT_LEN, 0),
+     "wpacket_intern_init_len"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_WPACKET_START_SUB_PACKET_LEN__, 0),
+     "WPACKET_start_sub_packet_len__"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_WRITE_STATE_MACHINE, 0),
+     "write_state_machine"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA SSL_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY),
+    "application data after close notify"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_APP_DATA_IN_HANDSHAKE),
+    "app data in handshake"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT),
+    "attempt to reuse session in different context"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE),
+    "at least TLS 1.0 needed in FIPS mode"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE),
+    "at least (D)TLS 1.2 needed in Suite B mode"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_CHANGE_CIPHER_SPEC),
+    "bad change cipher spec"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_CIPHER), "bad cipher"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DATA), "bad data"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DATA_RETURNED_BY_CALLBACK),
+    "bad data returned by callback"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DECOMPRESSION), "bad decompression"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DH_VALUE), "bad dh value"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DIGEST_LENGTH), "bad digest length"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_EARLY_DATA), "bad early data"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_ECC_CERT), "bad ecc cert"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_ECPOINT), "bad ecpoint"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_EXTENSION), "bad extension"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_HANDSHAKE_LENGTH),
+    "bad handshake length"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_HANDSHAKE_STATE),
+    "bad handshake state"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_HELLO_REQUEST), "bad hello request"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_HRR_VERSION), "bad hrr version"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_KEY_SHARE), "bad key share"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_KEY_UPDATE), "bad key update"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_LEGACY_VERSION), "bad legacy version"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_LENGTH), "bad length"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PACKET), "bad packet"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PACKET_LENGTH), "bad packet length"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PROTOCOL_VERSION_NUMBER),
+    "bad protocol version number"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PSK), "bad psk"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PSK_IDENTITY), "bad psk identity"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_RECORD_TYPE), "bad record type"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_RSA_ENCRYPT), "bad rsa encrypt"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SIGNATURE), "bad signature"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SRP_A_LENGTH), "bad srp a length"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SRP_PARAMETERS), "bad srp parameters"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SRTP_MKI_VALUE), "bad srtp mki value"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST),
+    "bad srtp protection profile list"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SSL_FILETYPE), "bad ssl filetype"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_VALUE), "bad value"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_WRITE_RETRY), "bad write retry"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BINDER_DOES_NOT_VERIFY),
+    "binder does not verify"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BIO_NOT_SET), "bio not set"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BLOCK_CIPHER_PAD_IS_WRONG),
+    "block cipher pad is wrong"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BN_LIB), "bn lib"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CALLBACK_FAILED), "callback failed"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CANNOT_CHANGE_CIPHER),
+    "cannot change cipher"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CA_DN_LENGTH_MISMATCH),
+    "ca dn length mismatch"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CA_KEY_TOO_SMALL), "ca key too small"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CA_MD_TOO_WEAK), "ca md too weak"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CCS_RECEIVED_EARLY), "ccs received early"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CERTIFICATE_VERIFY_FAILED),
+    "certificate verify failed"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CERT_CB_ERROR), "cert cb error"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CERT_LENGTH_MISMATCH),
+    "cert length mismatch"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED),
+    "ciphersuite digest has changed"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CIPHER_CODE_WRONG_LENGTH),
+    "cipher code wrong length"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CIPHER_OR_HASH_UNAVAILABLE),
+    "cipher or hash unavailable"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CLIENTHELLO_TLSEXT), "clienthello tlsext"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COMPRESSED_LENGTH_TOO_LONG),
+    "compressed length too long"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COMPRESSION_DISABLED),
+    "compression disabled"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COMPRESSION_FAILURE),
+    "compression failure"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE),
+    "compression id not within private range"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COMPRESSION_LIBRARY_ERROR),
+    "compression library error"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CONNECTION_TYPE_NOT_SET),
+    "connection type not set"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CONTEXT_NOT_DANE_ENABLED),
+    "context not dane enabled"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COOKIE_GEN_CALLBACK_FAILURE),
+    "cookie gen callback failure"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COOKIE_MISMATCH), "cookie mismatch"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED),
+    "custom ext handler already installed"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_ALREADY_ENABLED),
+    "dane already enabled"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL),
+    "dane cannot override mtype full"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_NOT_ENABLED), "dane not enabled"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_CERTIFICATE),
+    "dane tlsa bad certificate"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE),
+    "dane tlsa bad certificate usage"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_DATA_LENGTH),
+    "dane tlsa bad data length"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH),
+    "dane tlsa bad digest length"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_MATCHING_TYPE),
+    "dane tlsa bad matching type"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_PUBLIC_KEY),
+    "dane tlsa bad public key"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_SELECTOR),
+    "dane tlsa bad selector"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_NULL_DATA),
+    "dane tlsa null data"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DATA_BETWEEN_CCS_AND_FINISHED),
+    "data between ccs and finished"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DATA_LENGTH_TOO_LONG),
+    "data length too long"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DECRYPTION_FAILED), "decryption failed"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC),
+    "decryption failed or bad record mac"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DH_KEY_TOO_SMALL), "dh key too small"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG),
+    "dh public value length is wrong"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DIGEST_CHECK_FAILED),
+    "digest check failed"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DTLS_MESSAGE_TOO_BIG),
+    "dtls message too big"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DUPLICATE_COMPRESSION_ID),
+    "duplicate compression id"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ECC_CERT_NOT_FOR_SIGNING),
+    "ecc cert not for signing"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE),
+    "ecdh required for suiteb mode"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EE_KEY_TOO_SMALL), "ee key too small"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST),
+    "empty srtp protection profile list"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ENCRYPTED_LENGTH_TOO_LONG),
+    "encrypted length too long"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST),
+    "error in received cipher list"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN),
+    "error setting tlsa base domain"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE),
+    "exceeds max fragment size"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EXCESSIVE_MESSAGE_SIZE),
+    "excessive message size"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EXTENSION_NOT_RECEIVED),
+    "extension not received"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EXTRA_DATA_IN_MESSAGE),
+    "extra data in message"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EXT_LENGTH_MISMATCH),
+    "ext length mismatch"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_FAILED_TO_INIT_ASYNC),
+    "failed to init async"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_FRAGMENTED_CLIENT_HELLO),
+    "fragmented client hello"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_GOT_A_FIN_BEFORE_A_CCS),
+    "got a fin before a ccs"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_HTTPS_PROXY_REQUEST),
+    "https proxy request"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_HTTP_REQUEST), "http request"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ILLEGAL_POINT_COMPRESSION),
+    "illegal point compression"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ILLEGAL_SUITEB_DIGEST),
+    "illegal Suite B digest"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INAPPROPRIATE_FALLBACK),
+    "inappropriate fallback"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INCONSISTENT_COMPRESSION),
+    "inconsistent compression"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INCONSISTENT_EARLY_DATA_ALPN),
+    "inconsistent early data alpn"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INCONSISTENT_EARLY_DATA_SNI),
+    "inconsistent early data sni"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INCONSISTENT_EXTMS), "inconsistent extms"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INSUFFICIENT_SECURITY),
+    "insufficient security"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_ALERT), "invalid alert"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CCS_MESSAGE),
+    "invalid ccs message"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CERTIFICATE_OR_ALG),
+    "invalid certificate or alg"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_COMMAND), "invalid command"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_COMPRESSION_ALGORITHM),
+    "invalid compression algorithm"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CONFIG), "invalid config"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CONFIGURATION_NAME),
+    "invalid configuration name"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CONTEXT), "invalid context"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CT_VALIDATION_TYPE),
+    "invalid ct validation type"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_KEY_UPDATE_TYPE),
+    "invalid key update type"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_MAX_EARLY_DATA),
+    "invalid max early data"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_NULL_CMD_NAME),
+    "invalid null cmd name"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_SEQUENCE_NUMBER),
+    "invalid sequence number"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_SERVERINFO_DATA),
+    "invalid serverinfo data"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_SESSION_ID), "invalid session id"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_SRP_USERNAME),
+    "invalid srp username"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_STATUS_RESPONSE),
+    "invalid status response"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_TICKET_KEYS_LENGTH),
+    "invalid ticket keys length"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LENGTH_MISMATCH), "length mismatch"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LENGTH_TOO_LONG), "length too long"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LENGTH_TOO_SHORT), "length too short"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LIBRARY_BUG), "library bug"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LIBRARY_HAS_NO_CIPHERS),
+    "library has no ciphers"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_DSA_SIGNING_CERT),
+    "missing dsa signing cert"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_ECDSA_SIGNING_CERT),
+    "missing ecdsa signing cert"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_FATAL), "missing fatal"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_PARAMETERS), "missing parameters"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_RSA_CERTIFICATE),
+    "missing rsa certificate"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_RSA_ENCRYPTING_CERT),
+    "missing rsa encrypting cert"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_RSA_SIGNING_CERT),
+    "missing rsa signing cert"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_SIGALGS_EXTENSION),
+    "missing sigalgs extension"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_SIGNING_CERT),
+    "missing signing cert"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_SRP_PARAM),
+    "can't find SRP server param"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION),
+    "missing supported groups extension"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_TMP_DH_KEY), "missing tmp dh key"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_TMP_ECDH_KEY),
+    "missing tmp ecdh key"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA),
+    "mixed handshake and non handshake data"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NOT_ON_RECORD_BOUNDARY),
+    "not on record boundary"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NOT_REPLACING_CERTIFICATE),
+    "not replacing certificate"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NOT_SERVER), "not server"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_APPLICATION_PROTOCOL),
+    "no application protocol"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CERTIFICATES_RETURNED),
+    "no certificates returned"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CERTIFICATE_ASSIGNED),
+    "no certificate assigned"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CERTIFICATE_SET), "no certificate set"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CHANGE_FOLLOWING_HRR),
+    "no change following hrr"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CIPHERS_AVAILABLE),
+    "no ciphers available"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CIPHERS_SPECIFIED),
+    "no ciphers specified"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CIPHER_MATCH), "no cipher match"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CLIENT_CERT_METHOD),
+    "no client cert method"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_COMPRESSION_SPECIFIED),
+    "no compression specified"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_COOKIE_CALLBACK_SET),
+    "no cookie callback set"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER),
+    "Peer haven't sent GOST certificate, required for selected ciphersuite"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_METHOD_SPECIFIED),
+    "no method specified"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_PEM_EXTENSIONS), "no pem extensions"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_PRIVATE_KEY_ASSIGNED),
+    "no private key assigned"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_PROTOCOLS_AVAILABLE),
+    "no protocols available"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_RENEGOTIATION), "no renegotiation"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_REQUIRED_DIGEST), "no required digest"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SHARED_CIPHER), "no shared cipher"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SHARED_GROUPS), "no shared groups"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS),
+    "no shared signature algorithms"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SRTP_PROFILES), "no srtp profiles"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SUITABLE_KEY_SHARE),
+    "no suitable key share"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM),
+    "no suitable signature algorithm"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_VALID_SCTS), "no valid scts"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_VERIFY_COOKIE_CALLBACK),
+    "no verify cookie callback"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NULL_SSL_CTX), "null ssl ctx"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NULL_SSL_METHOD_PASSED),
+    "null ssl method passed"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),
+    "old session cipher not returned"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED),
+    "old session compression algorithm not returned"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OVERFLOW_ERROR), "overflow error"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PACKET_LENGTH_TOO_LONG),
+    "packet length too long"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PARSE_TLSEXT), "parse tlsext"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PATH_TOO_LONG), "path too long"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE),
+    "peer did not return a certificate"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PEM_NAME_BAD_PREFIX),
+    "pem name bad prefix"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PEM_NAME_TOO_SHORT), "pem name too short"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PIPELINE_FAILURE), "pipeline failure"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_POST_HANDSHAKE_AUTH_ENCODING_ERR),
+    "post handshake auth encoding err"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PRIVATE_KEY_MISMATCH),
+    "private key mismatch"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PROTOCOL_IS_SHUTDOWN),
+    "protocol is shutdown"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PSK_IDENTITY_NOT_FOUND),
+    "psk identity not found"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PSK_NO_CLIENT_CB), "psk no client cb"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PSK_NO_SERVER_CB), "psk no server cb"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_READ_BIO_NOT_SET), "read bio not set"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_READ_TIMEOUT_EXPIRED),
+    "read timeout expired"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_RECORD_LENGTH_MISMATCH),
+    "record length mismatch"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_RECORD_TOO_SMALL), "record too small"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_RENEGOTIATE_EXT_TOO_LONG),
+    "renegotiate ext too long"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_RENEGOTIATION_ENCODING_ERR),
+    "renegotiation encoding err"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_RENEGOTIATION_MISMATCH),
+    "renegotiation mismatch"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_REQUEST_PENDING), "request pending"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_REQUEST_SENT), "request sent"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_REQUIRED_CIPHER_MISSING),
+    "required cipher missing"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING),
+    "required compression algorithm missing"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING),
+    "scsv received when renegotiating"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SCT_VERIFICATION_FAILED),
+    "sct verification failed"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SERVERHELLO_TLSEXT), "serverhello tlsext"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),
+    "session id context uninitialized"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SHUTDOWN_WHILE_IN_INIT),
+    "shutdown while in init"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SIGNATURE_ALGORITHMS_ERROR),
+    "signature algorithms error"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE),
+    "signature for non signing certificate"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SRP_A_CALC), "error with the srp params"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES),
+    "srtp could not allocate profiles"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG),
+    "srtp protection profile list too long"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE),
+    "srtp unknown protection profile"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH),
+    "ssl3 ext invalid max fragment length"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_EXT_INVALID_SERVERNAME),
+    "ssl3 ext invalid servername"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE),
+    "ssl3 ext invalid servername type"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_SESSION_ID_TOO_LONG),
+    "ssl3 session id too long"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_BAD_CERTIFICATE),
+    "sslv3 alert bad certificate"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_BAD_RECORD_MAC),
+    "sslv3 alert bad record mac"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED),
+    "sslv3 alert certificate expired"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED),
+    "sslv3 alert certificate revoked"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN),
+    "sslv3 alert certificate unknown"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE),
+    "sslv3 alert decompression failure"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE),
+    "sslv3 alert handshake failure"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER),
+    "sslv3 alert illegal parameter"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_NO_CERTIFICATE),
+    "sslv3 alert no certificate"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE),
+    "sslv3 alert unexpected message"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE),
+    "sslv3 alert unsupported certificate"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_COMMAND_SECTION_EMPTY),
+    "ssl command section empty"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_COMMAND_SECTION_NOT_FOUND),
+    "ssl command section not found"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION),
+    "ssl ctx has no default ssl version"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_HANDSHAKE_FAILURE),
+    "ssl handshake failure"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS),
+    "ssl library has no ciphers"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_NEGATIVE_LENGTH),
+    "ssl negative length"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SECTION_EMPTY), "ssl section empty"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SECTION_NOT_FOUND),
+    "ssl section not found"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_ID_CALLBACK_FAILED),
+    "ssl session id callback failed"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_ID_CONFLICT),
+    "ssl session id conflict"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG),
+    "ssl session id context too long"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH),
+    "ssl session id has bad length"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_ID_TOO_LONG),
+    "ssl session id too long"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_VERSION_MISMATCH),
+    "ssl session version mismatch"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_STILL_IN_INIT), "still in init"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED),
+    "tlsv13 alert certificate required"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV13_ALERT_MISSING_EXTENSION),
+    "tlsv13 alert missing extension"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_ACCESS_DENIED),
+    "tlsv1 alert access denied"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_DECODE_ERROR),
+    "tlsv1 alert decode error"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_DECRYPTION_FAILED),
+    "tlsv1 alert decryption failed"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_DECRYPT_ERROR),
+    "tlsv1 alert decrypt error"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION),
+    "tlsv1 alert export restriction"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK),
+    "tlsv1 alert inappropriate fallback"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY),
+    "tlsv1 alert insufficient security"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_INTERNAL_ERROR),
+    "tlsv1 alert internal error"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_NO_RENEGOTIATION),
+    "tlsv1 alert no renegotiation"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_PROTOCOL_VERSION),
+    "tlsv1 alert protocol version"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_RECORD_OVERFLOW),
+    "tlsv1 alert record overflow"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_UNKNOWN_CA),
+    "tlsv1 alert unknown ca"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_USER_CANCELLED),
+    "tlsv1 alert user cancelled"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE),
+    "tlsv1 bad certificate hash value"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE),
+    "tlsv1 bad certificate status response"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE),
+    "tlsv1 certificate unobtainable"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_UNRECOGNIZED_NAME),
+    "tlsv1 unrecognized name"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_UNSUPPORTED_EXTENSION),
+    "tlsv1 unsupported extension"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT),
+    "peer does not accept heartbeats"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_HEARTBEAT_PENDING),
+    "heartbeat request already pending"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL),
+    "tls illegal exporter label"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST),
+    "tls invalid ecpointformat list"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TOO_MANY_KEY_UPDATES),
+    "too many key updates"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TOO_MANY_WARN_ALERTS),
+    "too many warn alerts"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TOO_MUCH_EARLY_DATA),
+    "too much early data"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS),
+    "unable to find ecdh parameters"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS),
+    "unable to find public key parameters"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES),
+    "unable to load ssl3 md5 routines"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES),
+    "unable to load ssl3 sha1 routines"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_CCS_MESSAGE),
+    "unexpected ccs message"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_END_OF_EARLY_DATA),
+    "unexpected end of early data"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_MESSAGE), "unexpected message"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_RECORD), "unexpected record"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_ALERT_TYPE), "unknown alert type"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_CERTIFICATE_TYPE),
+    "unknown certificate type"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_CIPHER_RETURNED),
+    "unknown cipher returned"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_CIPHER_TYPE),
+    "unknown cipher type"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_CMD_NAME), "unknown cmd name"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_COMMAND), "unknown command"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_DIGEST), "unknown digest"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE),
+    "unknown key exchange type"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_PKEY_TYPE), "unknown pkey type"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_PROTOCOL), "unknown protocol"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_SSL_VERSION),
+    "unknown ssl version"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_STATE), "unknown state"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED),
+    "unsafe legacy renegotiation disabled"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSOLICITED_EXTENSION),
+    "unsolicited extension"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM),
+    "unsupported compression algorithm"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSUPPORTED_ELLIPTIC_CURVE),
+    "unsupported elliptic curve"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSUPPORTED_PROTOCOL),
+    "unsupported protocol"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSUPPORTED_SSL_VERSION),
+    "unsupported ssl version"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSUPPORTED_STATUS_TYPE),
+    "unsupported status type"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_USE_SRTP_NOT_NEGOTIATED),
+    "use srtp not negotiated"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_VERSION_TOO_HIGH), "version too high"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_VERSION_TOO_LOW), "version too low"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_CERTIFICATE_TYPE),
+    "wrong certificate type"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_CIPHER_RETURNED),
+    "wrong cipher returned"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_CURVE), "wrong curve"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_SIGNATURE_LENGTH),
+    "wrong signature length"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_SIGNATURE_SIZE),
+    "wrong signature size"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_SIGNATURE_TYPE),
+    "wrong signature type"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_SSL_VERSION), "wrong ssl version"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_VERSION_NUMBER),
+    "wrong version number"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_X509_LIB), "x509 lib"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS),
+    "x509 verification setup problems"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_SSL_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(SSL_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(SSL_str_functs);
+        ERR_load_strings_const(SSL_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_init.c b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_init.c
new file mode 100644
index 000000000..f0969fa9b
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_init.c
@@ -0,0 +1,221 @@
+/*
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+
+#include "internal/err.h"
+#include <openssl/crypto.h>
+#include <openssl/evp.h>
+#include "ssl_locl.h"
+#include "internal/thread_once.h"
+
+static int stopped;
+
+static void ssl_library_stop(void);
+
+static CRYPTO_ONCE ssl_base = CRYPTO_ONCE_STATIC_INIT;
+static int ssl_base_inited = 0;
+DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_base)
+{
+#ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: "
+            "Adding SSL ciphers and digests\n");
+#endif
+#ifndef OPENSSL_NO_DES
+    EVP_add_cipher(EVP_des_cbc());
+    EVP_add_cipher(EVP_des_ede3_cbc());
+#endif
+#ifndef OPENSSL_NO_IDEA
+    EVP_add_cipher(EVP_idea_cbc());
+#endif
+#ifndef OPENSSL_NO_RC4
+    EVP_add_cipher(EVP_rc4());
+# ifndef OPENSSL_NO_MD5
+    EVP_add_cipher(EVP_rc4_hmac_md5());
+# endif
+#endif
+#ifndef OPENSSL_NO_RC2
+    EVP_add_cipher(EVP_rc2_cbc());
+    /*
+     * Not actually used for SSL/TLS but this makes PKCS#12 work if an
+     * application only calls SSL_library_init().
+     */
+    EVP_add_cipher(EVP_rc2_40_cbc());
+#endif
+    EVP_add_cipher(EVP_aes_128_cbc());
+    EVP_add_cipher(EVP_aes_192_cbc());
+    EVP_add_cipher(EVP_aes_256_cbc());
+    EVP_add_cipher(EVP_aes_128_gcm());
+    EVP_add_cipher(EVP_aes_256_gcm());
+    EVP_add_cipher(EVP_aes_128_ccm());
+    EVP_add_cipher(EVP_aes_256_ccm());
+    EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1());
+    EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1());
+    EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256());
+    EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256());
+#ifndef OPENSSL_NO_ARIA
+    EVP_add_cipher(EVP_aria_128_gcm());
+    EVP_add_cipher(EVP_aria_256_gcm());
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+    EVP_add_cipher(EVP_camellia_128_cbc());
+    EVP_add_cipher(EVP_camellia_256_cbc());
+#endif
+#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
+    EVP_add_cipher(EVP_chacha20_poly1305());
+#endif
+
+#ifndef OPENSSL_NO_SEED
+    EVP_add_cipher(EVP_seed_cbc());
+#endif
+
+#ifndef OPENSSL_NO_MD5
+    EVP_add_digest(EVP_md5());
+    EVP_add_digest_alias(SN_md5, "ssl3-md5");
+    EVP_add_digest(EVP_md5_sha1());
+#endif
+    EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
+    EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
+    EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
+    EVP_add_digest(EVP_sha224());
+    EVP_add_digest(EVP_sha256());
+    EVP_add_digest(EVP_sha384());
+    EVP_add_digest(EVP_sha512());
+#ifndef OPENSSL_NO_COMP
+# ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: "
+            "SSL_COMP_get_compression_methods()\n");
+# endif
+    /*
+     * This will initialise the built-in compression algorithms. The value
+     * returned is a STACK_OF(SSL_COMP), but that can be discarded safely
+     */
+    SSL_COMP_get_compression_methods();
+#endif
+    /* initialize cipher/digest methods table */
+    if (!ssl_load_ciphers())
+        return 0;
+
+#ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: "
+            "SSL_add_ssl_module()\n");
+#endif
+    /*
+     * We ignore an error return here. Not much we can do - but not that bad
+     * either. We can still safely continue.
+     */
+    OPENSSL_atexit(ssl_library_stop);
+    ssl_base_inited = 1;
+    return 1;
+}
+
+static CRYPTO_ONCE ssl_strings = CRYPTO_ONCE_STATIC_INIT;
+static int ssl_strings_inited = 0;
+DEFINE_RUN_ONCE_STATIC(ossl_init_load_ssl_strings)
+{
+    /*
+     * OPENSSL_NO_AUTOERRINIT is provided here to prevent at compile time
+     * pulling in all the error strings during static linking
+     */
+#if !defined(OPENSSL_NO_ERR) && !defined(OPENSSL_NO_AUTOERRINIT)
+# ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_load_ssl_strings: "
+            "ERR_load_SSL_strings()\n");
+# endif
+    ERR_load_SSL_strings();
+    ssl_strings_inited = 1;
+#endif
+    return 1;
+}
+
+DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_load_ssl_strings,
+                           ossl_init_load_ssl_strings)
+{
+    /* Do nothing in this case */
+    return 1;
+}
+
+static void ssl_library_stop(void)
+{
+    /* Might be explicitly called and also by atexit */
+    if (stopped)
+        return;
+    stopped = 1;
+
+    if (ssl_base_inited) {
+#ifndef OPENSSL_NO_COMP
+# ifdef OPENSSL_INIT_DEBUG
+        fprintf(stderr, "OPENSSL_INIT: ssl_library_stop: "
+                "ssl_comp_free_compression_methods_int()\n");
+# endif
+        ssl_comp_free_compression_methods_int();
+#endif
+    }
+
+    if (ssl_strings_inited) {
+#ifdef OPENSSL_INIT_DEBUG
+        fprintf(stderr, "OPENSSL_INIT: ssl_library_stop: "
+                "err_free_strings_int()\n");
+#endif
+        /*
+         * If both crypto and ssl error strings are inited we will end up
+         * calling err_free_strings_int() twice - but that's ok. The second
+         * time will be a no-op. It's easier to do that than to try and track
+         * between the two libraries whether they have both been inited.
+         */
+        err_free_strings_int();
+    }
+}
+
+/*
+ * If this function is called with a non NULL settings value then it must be
+ * called prior to any threads making calls to any OpenSSL functions,
+ * i.e. passing a non-null settings value is assumed to be single-threaded.
+ */
+int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS * settings)
+{
+    static int stoperrset = 0;
+
+    if (stopped) {
+        if (!stoperrset) {
+            /*
+             * We only ever set this once to avoid getting into an infinite
+             * loop where the error system keeps trying to init and fails so
+             * sets an error etc
+             */
+            stoperrset = 1;
+            SSLerr(SSL_F_OPENSSL_INIT_SSL, ERR_R_INIT_FAIL);
+        }
+        return 0;
+    }
+
+    opts |= OPENSSL_INIT_ADD_ALL_CIPHERS
+         |  OPENSSL_INIT_ADD_ALL_DIGESTS;
+#ifndef OPENSSL_NO_AUTOLOAD_CONFIG
+    if ((opts & OPENSSL_INIT_NO_LOAD_CONFIG) == 0)
+        opts |= OPENSSL_INIT_LOAD_CONFIG;
+#endif
+
+    if (!OPENSSL_init_crypto(opts, settings))
+        return 0;
+
+    if (!RUN_ONCE(&ssl_base, ossl_init_ssl_base))
+        return 0;
+
+    if ((opts & OPENSSL_INIT_NO_LOAD_SSL_STRINGS)
+        && !RUN_ONCE_ALT(&ssl_strings, ossl_init_no_load_ssl_strings,
+                         ossl_init_load_ssl_strings))
+        return 0;
+
+    if ((opts & OPENSSL_INIT_LOAD_SSL_STRINGS)
+        && !RUN_ONCE(&ssl_strings, ossl_init_load_ssl_strings))
+        return 0;
+
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_lib.c b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_lib.c
new file mode 100644
index 000000000..4440a9ffe
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_lib.c
@@ -0,0 +1,5581 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "ssl_locl.h"
+#include <openssl/objects.h>
+#include <openssl/x509v3.h>
+#include <openssl/rand.h>
+#include <openssl/rand_drbg.h>
+#include <openssl/ocsp.h>
+#include <openssl/dh.h>
+#include <openssl/engine.h>
+#include <openssl/async.h>
+#include <openssl/ct.h>
+#include "internal/cryptlib.h"
+#include "internal/refcount.h"
+
+const char SSL_version_str[] = OPENSSL_VERSION_TEXT;
+
+static int ssl_undefined_function_1(SSL *ssl, SSL3_RECORD *r, size_t s, int t)
+{
+    (void)r;
+    (void)s;
+    (void)t;
+    return ssl_undefined_function(ssl);
+}
+
+static int ssl_undefined_function_2(SSL *ssl, SSL3_RECORD *r, unsigned char *s,
+                                    int t)
+{
+    (void)r;
+    (void)s;
+    (void)t;
+    return ssl_undefined_function(ssl);
+}
+
+static int ssl_undefined_function_3(SSL *ssl, unsigned char *r,
+                                    unsigned char *s, size_t t, size_t *u)
+{
+    (void)r;
+    (void)s;
+    (void)t;
+    (void)u;
+    return ssl_undefined_function(ssl);
+}
+
+static int ssl_undefined_function_4(SSL *ssl, int r)
+{
+    (void)r;
+    return ssl_undefined_function(ssl);
+}
+
+static size_t ssl_undefined_function_5(SSL *ssl, const char *r, size_t s,
+                                       unsigned char *t)
+{
+    (void)r;
+    (void)s;
+    (void)t;
+    return ssl_undefined_function(ssl);
+}
+
+static int ssl_undefined_function_6(int r)
+{
+    (void)r;
+    return ssl_undefined_function(NULL);
+}
+
+static int ssl_undefined_function_7(SSL *ssl, unsigned char *r, size_t s,
+                                    const char *t, size_t u,
+                                    const unsigned char *v, size_t w, int x)
+{
+    (void)r;
+    (void)s;
+    (void)t;
+    (void)u;
+    (void)v;
+    (void)w;
+    (void)x;
+    return ssl_undefined_function(ssl);
+}
+
+SSL3_ENC_METHOD ssl3_undef_enc_method = {
+    ssl_undefined_function_1,
+    ssl_undefined_function_2,
+    ssl_undefined_function,
+    ssl_undefined_function_3,
+    ssl_undefined_function_4,
+    ssl_undefined_function_5,
+    NULL,                       /* client_finished_label */
+    0,                          /* client_finished_label_len */
+    NULL,                       /* server_finished_label */
+    0,                          /* server_finished_label_len */
+    ssl_undefined_function_6,
+    ssl_undefined_function_7,
+};
+
+struct ssl_async_args {
+    SSL *s;
+    void *buf;
+    size_t num;
+    enum { READFUNC, WRITEFUNC, OTHERFUNC } type;
+    union {
+        int (*func_read) (SSL *, void *, size_t, size_t *);
+        int (*func_write) (SSL *, const void *, size_t, size_t *);
+        int (*func_other) (SSL *);
+    } f;
+};
+
+static const struct {
+    uint8_t mtype;
+    uint8_t ord;
+    int nid;
+} dane_mds[] = {
+    {
+        DANETLS_MATCHING_FULL, 0, NID_undef
+    },
+    {
+        DANETLS_MATCHING_2256, 1, NID_sha256
+    },
+    {
+        DANETLS_MATCHING_2512, 2, NID_sha512
+    },
+};
+
+static int dane_ctx_enable(struct dane_ctx_st *dctx)
+{
+    const EVP_MD **mdevp;
+    uint8_t *mdord;
+    uint8_t mdmax = DANETLS_MATCHING_LAST;
+    int n = ((int)mdmax) + 1;   /* int to handle PrivMatch(255) */
+    size_t i;
+
+    if (dctx->mdevp != NULL)
+        return 1;
+
+    mdevp = OPENSSL_zalloc(n * sizeof(*mdevp));
+    mdord = OPENSSL_zalloc(n * sizeof(*mdord));
+
+    if (mdord == NULL || mdevp == NULL) {
+        OPENSSL_free(mdord);
+        OPENSSL_free(mdevp);
+        SSLerr(SSL_F_DANE_CTX_ENABLE, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    /* Install default entries */
+    for (i = 0; i < OSSL_NELEM(dane_mds); ++i) {
+        const EVP_MD *md;
+
+        if (dane_mds[i].nid == NID_undef ||
+            (md = EVP_get_digestbynid(dane_mds[i].nid)) == NULL)
+            continue;
+        mdevp[dane_mds[i].mtype] = md;
+        mdord[dane_mds[i].mtype] = dane_mds[i].ord;
+    }
+
+    dctx->mdevp = mdevp;
+    dctx->mdord = mdord;
+    dctx->mdmax = mdmax;
+
+    return 1;
+}
+
+static void dane_ctx_final(struct dane_ctx_st *dctx)
+{
+    OPENSSL_free(dctx->mdevp);
+    dctx->mdevp = NULL;
+
+    OPENSSL_free(dctx->mdord);
+    dctx->mdord = NULL;
+    dctx->mdmax = 0;
+}
+
+static void tlsa_free(danetls_record *t)
+{
+    if (t == NULL)
+        return;
+    OPENSSL_free(t->data);
+    EVP_PKEY_free(t->spki);
+    OPENSSL_free(t);
+}
+
+static void dane_final(SSL_DANE *dane)
+{
+    sk_danetls_record_pop_free(dane->trecs, tlsa_free);
+    dane->trecs = NULL;
+
+    sk_X509_pop_free(dane->certs, X509_free);
+    dane->certs = NULL;
+
+    X509_free(dane->mcert);
+    dane->mcert = NULL;
+    dane->mtlsa = NULL;
+    dane->mdpth = -1;
+    dane->pdpth = -1;
+}
+
+/*
+ * dane_copy - Copy dane configuration, sans verification state.
+ */
+static int ssl_dane_dup(SSL *to, SSL *from)
+{
+    int num;
+    int i;
+
+    if (!DANETLS_ENABLED(&from->dane))
+        return 1;
+
+    num = sk_danetls_record_num(from->dane.trecs);
+    dane_final(&to->dane);
+    to->dane.flags = from->dane.flags;
+    to->dane.dctx = &to->ctx->dane;
+    to->dane.trecs = sk_danetls_record_new_reserve(NULL, num);
+
+    if (to->dane.trecs == NULL) {
+        SSLerr(SSL_F_SSL_DANE_DUP, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    for (i = 0; i < num; ++i) {
+        danetls_record *t = sk_danetls_record_value(from->dane.trecs, i);
+
+        if (SSL_dane_tlsa_add(to, t->usage, t->selector, t->mtype,
+                              t->data, t->dlen) <= 0)
+            return 0;
+    }
+    return 1;
+}
+
+static int dane_mtype_set(struct dane_ctx_st *dctx,
+                          const EVP_MD *md, uint8_t mtype, uint8_t ord)
+{
+    int i;
+
+    if (mtype == DANETLS_MATCHING_FULL && md != NULL) {
+        SSLerr(SSL_F_DANE_MTYPE_SET, SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL);
+        return 0;
+    }
+
+    if (mtype > dctx->mdmax) {
+        const EVP_MD **mdevp;
+        uint8_t *mdord;
+        int n = ((int)mtype) + 1;
+
+        mdevp = OPENSSL_realloc(dctx->mdevp, n * sizeof(*mdevp));
+        if (mdevp == NULL) {
+            SSLerr(SSL_F_DANE_MTYPE_SET, ERR_R_MALLOC_FAILURE);
+            return -1;
+        }
+        dctx->mdevp = mdevp;
+
+        mdord = OPENSSL_realloc(dctx->mdord, n * sizeof(*mdord));
+        if (mdord == NULL) {
+            SSLerr(SSL_F_DANE_MTYPE_SET, ERR_R_MALLOC_FAILURE);
+            return -1;
+        }
+        dctx->mdord = mdord;
+
+        /* Zero-fill any gaps */
+        for (i = dctx->mdmax + 1; i < mtype; ++i) {
+            mdevp[i] = NULL;
+            mdord[i] = 0;
+        }
+
+        dctx->mdmax = mtype;
+    }
+
+    dctx->mdevp[mtype] = md;
+    /* Coerce ordinal of disabled matching types to 0 */
+    dctx->mdord[mtype] = (md == NULL) ? 0 : ord;
+
+    return 1;
+}
+
+static const EVP_MD *tlsa_md_get(SSL_DANE *dane, uint8_t mtype)
+{
+    if (mtype > dane->dctx->mdmax)
+        return NULL;
+    return dane->dctx->mdevp[mtype];
+}
+
+static int dane_tlsa_add(SSL_DANE *dane,
+                         uint8_t usage,
+                         uint8_t selector,
+                         uint8_t mtype, unsigned const char *data, size_t dlen)
+{
+    danetls_record *t;
+    const EVP_MD *md = NULL;
+    int ilen = (int)dlen;
+    int i;
+    int num;
+
+    if (dane->trecs == NULL) {
+        SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_NOT_ENABLED);
+        return -1;
+    }
+
+    if (ilen < 0 || dlen != (size_t)ilen) {
+        SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_DATA_LENGTH);
+        return 0;
+    }
+
+    if (usage > DANETLS_USAGE_LAST) {
+        SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE);
+        return 0;
+    }
+
+    if (selector > DANETLS_SELECTOR_LAST) {
+        SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_SELECTOR);
+        return 0;
+    }
+
+    if (mtype != DANETLS_MATCHING_FULL) {
+        md = tlsa_md_get(dane, mtype);
+        if (md == NULL) {
+            SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_MATCHING_TYPE);
+            return 0;
+        }
+    }
+
+    if (md != NULL && dlen != (size_t)EVP_MD_size(md)) {
+        SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH);
+        return 0;
+    }
+    if (!data) {
+        SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_NULL_DATA);
+        return 0;
+    }
+
+    if ((t = OPENSSL_zalloc(sizeof(*t))) == NULL) {
+        SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+
+    t->usage = usage;
+    t->selector = selector;
+    t->mtype = mtype;
+    t->data = OPENSSL_malloc(dlen);
+    if (t->data == NULL) {
+        tlsa_free(t);
+        SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+    memcpy(t->data, data, dlen);
+    t->dlen = dlen;
+
+    /* Validate and cache full certificate or public key */
+    if (mtype == DANETLS_MATCHING_FULL) {
+        const unsigned char *p = data;
+        X509 *cert = NULL;
+        EVP_PKEY *pkey = NULL;
+
+        switch (selector) {
+        case DANETLS_SELECTOR_CERT:
+            if (!d2i_X509(&cert, &p, ilen) || p < data ||
+                dlen != (size_t)(p - data)) {
+                tlsa_free(t);
+                SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE);
+                return 0;
+            }
+            if (X509_get0_pubkey(cert) == NULL) {
+                tlsa_free(t);
+                SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE);
+                return 0;
+            }
+
+            if ((DANETLS_USAGE_BIT(usage) & DANETLS_TA_MASK) == 0) {
+                X509_free(cert);
+                break;
+            }
+
+            /*
+             * For usage DANE-TA(2), we support authentication via "2 0 0" TLSA
+             * records that contain full certificates of trust-anchors that are
+             * not present in the wire chain.  For usage PKIX-TA(0), we augment
+             * the chain with untrusted Full(0) certificates from DNS, in case
+             * they are missing from the chain.
+             */
+            if ((dane->certs == NULL &&
+                 (dane->certs = sk_X509_new_null()) == NULL) ||
+                !sk_X509_push(dane->certs, cert)) {
+                SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
+                X509_free(cert);
+                tlsa_free(t);
+                return -1;
+            }
+            break;
+
+        case DANETLS_SELECTOR_SPKI:
+            if (!d2i_PUBKEY(&pkey, &p, ilen) || p < data ||
+                dlen != (size_t)(p - data)) {
+                tlsa_free(t);
+                SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_PUBLIC_KEY);
+                return 0;
+            }
+
+            /*
+             * For usage DANE-TA(2), we support authentication via "2 1 0" TLSA
+             * records that contain full bare keys of trust-anchors that are
+             * not present in the wire chain.
+             */
+            if (usage == DANETLS_USAGE_DANE_TA)
+                t->spki = pkey;
+            else
+                EVP_PKEY_free(pkey);
+            break;
+        }
+    }
+
+    /*-
+     * Find the right insertion point for the new record.
+     *
+     * See crypto/x509/x509_vfy.c.  We sort DANE-EE(3) records first, so that
+     * they can be processed first, as they require no chain building, and no
+     * expiration or hostname checks.  Because DANE-EE(3) is numerically
+     * largest, this is accomplished via descending sort by "usage".
+     *
+     * We also sort in descending order by matching ordinal to simplify
+     * the implementation of digest agility in the verification code.
+     *
+     * The choice of order for the selector is not significant, so we
+     * use the same descending order for consistency.
+     */
+    num = sk_danetls_record_num(dane->trecs);
+    for (i = 0; i < num; ++i) {
+        danetls_record *rec = sk_danetls_record_value(dane->trecs, i);
+
+        if (rec->usage > usage)
+            continue;
+        if (rec->usage < usage)
+            break;
+        if (rec->selector > selector)
+            continue;
+        if (rec->selector < selector)
+            break;
+        if (dane->dctx->mdord[rec->mtype] > dane->dctx->mdord[mtype])
+            continue;
+        break;
+    }
+
+    if (!sk_danetls_record_insert(dane->trecs, t, i)) {
+        tlsa_free(t);
+        SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+    dane->umask |= DANETLS_USAGE_BIT(usage);
+
+    return 1;
+}
+
+/*
+ * Return 0 if there is only one version configured and it was disabled
+ * at configure time.  Return 1 otherwise.
+ */
+static int ssl_check_allowed_versions(int min_version, int max_version)
+{
+    int minisdtls = 0, maxisdtls = 0;
+
+    /* Figure out if we're doing DTLS versions or TLS versions */
+    if (min_version == DTLS1_BAD_VER
+        || min_version >> 8 == DTLS1_VERSION_MAJOR)
+        minisdtls = 1;
+    if (max_version == DTLS1_BAD_VER
+        || max_version >> 8 == DTLS1_VERSION_MAJOR)
+        maxisdtls = 1;
+    /* A wildcard version of 0 could be DTLS or TLS. */
+    if ((minisdtls && !maxisdtls && max_version != 0)
+        || (maxisdtls && !minisdtls && min_version != 0)) {
+        /* Mixing DTLS and TLS versions will lead to sadness; deny it. */
+        return 0;
+    }
+
+    if (minisdtls || maxisdtls) {
+        /* Do DTLS version checks. */
+        if (min_version == 0)
+            /* Ignore DTLS1_BAD_VER */
+            min_version = DTLS1_VERSION;
+        if (max_version == 0)
+            max_version = DTLS1_2_VERSION;
+#ifdef OPENSSL_NO_DTLS1_2
+        if (max_version == DTLS1_2_VERSION)
+            max_version = DTLS1_VERSION;
+#endif
+#ifdef OPENSSL_NO_DTLS1
+        if (min_version == DTLS1_VERSION)
+            min_version = DTLS1_2_VERSION;
+#endif
+        /* Done massaging versions; do the check. */
+        if (0
+#ifdef OPENSSL_NO_DTLS1
+            || (DTLS_VERSION_GE(min_version, DTLS1_VERSION)
+                && DTLS_VERSION_GE(DTLS1_VERSION, max_version))
+#endif
+#ifdef OPENSSL_NO_DTLS1_2
+            || (DTLS_VERSION_GE(min_version, DTLS1_2_VERSION)
+                && DTLS_VERSION_GE(DTLS1_2_VERSION, max_version))
+#endif
+            )
+            return 0;
+    } else {
+        /* Regular TLS version checks. */
+        if (min_version == 0)
+            min_version = SSL3_VERSION;
+        if (max_version == 0)
+            max_version = TLS1_3_VERSION;
+#ifdef OPENSSL_NO_TLS1_3
+        if (max_version == TLS1_3_VERSION)
+            max_version = TLS1_2_VERSION;
+#endif
+#ifdef OPENSSL_NO_TLS1_2
+        if (max_version == TLS1_2_VERSION)
+            max_version = TLS1_1_VERSION;
+#endif
+#ifdef OPENSSL_NO_TLS1_1
+        if (max_version == TLS1_1_VERSION)
+            max_version = TLS1_VERSION;
+#endif
+#ifdef OPENSSL_NO_TLS1
+        if (max_version == TLS1_VERSION)
+            max_version = SSL3_VERSION;
+#endif
+#ifdef OPENSSL_NO_SSL3
+        if (min_version == SSL3_VERSION)
+            min_version = TLS1_VERSION;
+#endif
+#ifdef OPENSSL_NO_TLS1
+        if (min_version == TLS1_VERSION)
+            min_version = TLS1_1_VERSION;
+#endif
+#ifdef OPENSSL_NO_TLS1_1
+        if (min_version == TLS1_1_VERSION)
+            min_version = TLS1_2_VERSION;
+#endif
+#ifdef OPENSSL_NO_TLS1_2
+        if (min_version == TLS1_2_VERSION)
+            min_version = TLS1_3_VERSION;
+#endif
+        /* Done massaging versions; do the check. */
+        if (0
+#ifdef OPENSSL_NO_SSL3
+            || (min_version <= SSL3_VERSION && SSL3_VERSION <= max_version)
+#endif
+#ifdef OPENSSL_NO_TLS1
+            || (min_version <= TLS1_VERSION && TLS1_VERSION <= max_version)
+#endif
+#ifdef OPENSSL_NO_TLS1_1
+            || (min_version <= TLS1_1_VERSION && TLS1_1_VERSION <= max_version)
+#endif
+#ifdef OPENSSL_NO_TLS1_2
+            || (min_version <= TLS1_2_VERSION && TLS1_2_VERSION <= max_version)
+#endif
+#ifdef OPENSSL_NO_TLS1_3
+            || (min_version <= TLS1_3_VERSION && TLS1_3_VERSION <= max_version)
+#endif
+            )
+            return 0;
+    }
+    return 1;
+}
+
+static void clear_ciphers(SSL *s)
+{
+    /* clear the current cipher */
+    ssl_clear_cipher_ctx(s);
+    ssl_clear_hash_ctx(&s->read_hash);
+    ssl_clear_hash_ctx(&s->write_hash);
+}
+
+int SSL_clear(SSL *s)
+{
+    if (s->method == NULL) {
+        SSLerr(SSL_F_SSL_CLEAR, SSL_R_NO_METHOD_SPECIFIED);
+        return 0;
+    }
+
+    if (ssl_clear_bad_session(s)) {
+        SSL_SESSION_free(s->session);
+        s->session = NULL;
+    }
+    SSL_SESSION_free(s->psksession);
+    s->psksession = NULL;
+    OPENSSL_free(s->psksession_id);
+    s->psksession_id = NULL;
+    s->psksession_id_len = 0;
+    s->hello_retry_request = 0;
+    s->sent_tickets = 0;
+
+    s->error = 0;
+    s->hit = 0;
+    s->shutdown = 0;
+
+    if (s->renegotiate) {
+        SSLerr(SSL_F_SSL_CLEAR, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    ossl_statem_clear(s);
+
+    s->version = s->method->version;
+    s->client_version = s->version;
+    s->rwstate = SSL_NOTHING;
+
+    BUF_MEM_free(s->init_buf);
+    s->init_buf = NULL;
+    clear_ciphers(s);
+    s->first_packet = 0;
+
+    s->key_update = SSL_KEY_UPDATE_NONE;
+
+    EVP_MD_CTX_free(s->pha_dgst);
+    s->pha_dgst = NULL;
+
+    /* Reset DANE verification result state */
+    s->dane.mdpth = -1;
+    s->dane.pdpth = -1;
+    X509_free(s->dane.mcert);
+    s->dane.mcert = NULL;
+    s->dane.mtlsa = NULL;
+
+    /* Clear the verification result peername */
+    X509_VERIFY_PARAM_move_peername(s->param, NULL);
+
+    /*
+     * Check to see if we were changed into a different method, if so, revert
+     * back.
+     */
+    if (s->method != s->ctx->method) {
+        s->method->ssl_free(s);
+        s->method = s->ctx->method;
+        if (!s->method->ssl_new(s))
+            return 0;
+    } else {
+        if (!s->method->ssl_clear(s))
+            return 0;
+    }
+
+    RECORD_LAYER_clear(&s->rlayer);
+
+    return 1;
+}
+
+/** Used to change an SSL_CTXs default SSL method type */
+int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
+{
+    STACK_OF(SSL_CIPHER) *sk;
+
+    ctx->method = meth;
+
+    if (!SSL_CTX_set_ciphersuites(ctx, TLS_DEFAULT_CIPHERSUITES)) {
+        SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
+        return 0;
+    }
+    sk = ssl_create_cipher_list(ctx->method,
+                                ctx->tls13_ciphersuites,
+                                &(ctx->cipher_list),
+                                &(ctx->cipher_list_by_id),
+                                SSL_DEFAULT_CIPHER_LIST, ctx->cert);
+    if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
+        SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
+        return 0;
+    }
+    return 1;
+}
+
+SSL *SSL_new(SSL_CTX *ctx)
+{
+    SSL *s;
+
+    if (ctx == NULL) {
+        SSLerr(SSL_F_SSL_NEW, SSL_R_NULL_SSL_CTX);
+        return NULL;
+    }
+    if (ctx->method == NULL) {
+        SSLerr(SSL_F_SSL_NEW, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
+        return NULL;
+    }
+
+    s = OPENSSL_zalloc(sizeof(*s));
+    if (s == NULL)
+        goto err;
+
+    s->references = 1;
+    s->lock = CRYPTO_THREAD_lock_new();
+    if (s->lock == NULL) {
+        OPENSSL_free(s);
+        s = NULL;
+        goto err;
+    }
+
+    RECORD_LAYER_init(&s->rlayer, s);
+
+    s->options = ctx->options;
+    s->dane.flags = ctx->dane.flags;
+    s->min_proto_version = ctx->min_proto_version;
+    s->max_proto_version = ctx->max_proto_version;
+    s->mode = ctx->mode;
+    s->max_cert_list = ctx->max_cert_list;
+    s->max_early_data = ctx->max_early_data;
+    s->recv_max_early_data = ctx->recv_max_early_data;
+    s->num_tickets = ctx->num_tickets;
+    s->pha_enabled = ctx->pha_enabled;
+
+    /* Shallow copy of the ciphersuites stack */
+    s->tls13_ciphersuites = sk_SSL_CIPHER_dup(ctx->tls13_ciphersuites);
+    if (s->tls13_ciphersuites == NULL)
+        goto err;
+
+    /*
+     * Earlier library versions used to copy the pointer to the CERT, not
+     * its contents; only when setting new parameters for the per-SSL
+     * copy, ssl_cert_new would be called (and the direct reference to
+     * the per-SSL_CTX settings would be lost, but those still were
+     * indirectly accessed for various purposes, and for that reason they
+     * used to be known as s->ctx->default_cert). Now we don't look at the
+     * SSL_CTX's CERT after having duplicated it once.
+     */
+    s->cert = ssl_cert_dup(ctx->cert);
+    if (s->cert == NULL)
+        goto err;
+
+    RECORD_LAYER_set_read_ahead(&s->rlayer, ctx->read_ahead);
+    s->msg_callback = ctx->msg_callback;
+    s->msg_callback_arg = ctx->msg_callback_arg;
+    s->verify_mode = ctx->verify_mode;
+    s->not_resumable_session_cb = ctx->not_resumable_session_cb;
+    s->record_padding_cb = ctx->record_padding_cb;
+    s->record_padding_arg = ctx->record_padding_arg;
+    s->block_padding = ctx->block_padding;
+    s->sid_ctx_length = ctx->sid_ctx_length;
+    if (!ossl_assert(s->sid_ctx_length <= sizeof(s->sid_ctx)))
+        goto err;
+    memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx));
+    s->verify_callback = ctx->default_verify_callback;
+    s->generate_session_id = ctx->generate_session_id;
+
+    s->param = X509_VERIFY_PARAM_new();
+    if (s->param == NULL)
+        goto err;
+    X509_VERIFY_PARAM_inherit(s->param, ctx->param);
+    s->quiet_shutdown = ctx->quiet_shutdown;
+
+    s->ext.max_fragment_len_mode = ctx->ext.max_fragment_len_mode;
+    s->max_send_fragment = ctx->max_send_fragment;
+    s->split_send_fragment = ctx->split_send_fragment;
+    s->max_pipelines = ctx->max_pipelines;
+    if (s->max_pipelines > 1)
+        RECORD_LAYER_set_read_ahead(&s->rlayer, 1);
+    if (ctx->default_read_buf_len > 0)
+        SSL_set_default_read_buffer_len(s, ctx->default_read_buf_len);
+
+    SSL_CTX_up_ref(ctx);
+    s->ctx = ctx;
+    s->ext.debug_cb = 0;
+    s->ext.debug_arg = NULL;
+    s->ext.ticket_expected = 0;
+    s->ext.status_type = ctx->ext.status_type;
+    s->ext.status_expected = 0;
+    s->ext.ocsp.ids = NULL;
+    s->ext.ocsp.exts = NULL;
+    s->ext.ocsp.resp = NULL;
+    s->ext.ocsp.resp_len = 0;
+    SSL_CTX_up_ref(ctx);
+    s->session_ctx = ctx;
+#ifndef OPENSSL_NO_EC
+    if (ctx->ext.ecpointformats) {
+        s->ext.ecpointformats =
+            OPENSSL_memdup(ctx->ext.ecpointformats,
+                           ctx->ext.ecpointformats_len);
+        if (!s->ext.ecpointformats)
+            goto err;
+        s->ext.ecpointformats_len =
+            ctx->ext.ecpointformats_len;
+    }
+    if (ctx->ext.supportedgroups) {
+        s->ext.supportedgroups =
+            OPENSSL_memdup(ctx->ext.supportedgroups,
+                           ctx->ext.supportedgroups_len
+                                * sizeof(*ctx->ext.supportedgroups));
+        if (!s->ext.supportedgroups)
+            goto err;
+        s->ext.supportedgroups_len = ctx->ext.supportedgroups_len;
+    }
+#endif
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    s->ext.npn = NULL;
+#endif
+
+    if (s->ctx->ext.alpn) {
+        s->ext.alpn = OPENSSL_malloc(s->ctx->ext.alpn_len);
+        if (s->ext.alpn == NULL)
+            goto err;
+        memcpy(s->ext.alpn, s->ctx->ext.alpn, s->ctx->ext.alpn_len);
+        s->ext.alpn_len = s->ctx->ext.alpn_len;
+    }
+
+    s->verified_chain = NULL;
+    s->verify_result = X509_V_OK;
+
+    s->default_passwd_callback = ctx->default_passwd_callback;
+    s->default_passwd_callback_userdata = ctx->default_passwd_callback_userdata;
+
+    s->method = ctx->method;
+
+    s->key_update = SSL_KEY_UPDATE_NONE;
+
+    s->allow_early_data_cb = ctx->allow_early_data_cb;
+    s->allow_early_data_cb_data = ctx->allow_early_data_cb_data;
+
+    if (!s->method->ssl_new(s))
+        goto err;
+
+    s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1;
+
+    if (!SSL_clear(s))
+        goto err;
+
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data))
+        goto err;
+
+#ifndef OPENSSL_NO_PSK
+    s->psk_client_callback = ctx->psk_client_callback;
+    s->psk_server_callback = ctx->psk_server_callback;
+#endif
+    s->psk_find_session_cb = ctx->psk_find_session_cb;
+    s->psk_use_session_cb = ctx->psk_use_session_cb;
+
+    s->job = NULL;
+
+#ifndef OPENSSL_NO_CT
+    if (!SSL_set_ct_validation_callback(s, ctx->ct_validation_callback,
+                                        ctx->ct_validation_callback_arg))
+        goto err;
+#endif
+
+    return s;
+ err:
+    SSL_free(s);
+    SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+int SSL_is_dtls(const SSL *s)
+{
+    return SSL_IS_DTLS(s) ? 1 : 0;
+}
+
+int SSL_up_ref(SSL *s)
+{
+    int i;
+
+    if (CRYPTO_UP_REF(&s->references, &i, s->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("SSL", s);
+    REF_ASSERT_ISNT(i < 2);
+    return ((i > 1) ? 1 : 0);
+}
+
+int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
+                                   unsigned int sid_ctx_len)
+{
+    if (sid_ctx_len > sizeof(ctx->sid_ctx)) {
+        SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,
+               SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
+        return 0;
+    }
+    ctx->sid_ctx_length = sid_ctx_len;
+    memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len);
+
+    return 1;
+}
+
+int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
+                               unsigned int sid_ctx_len)
+{
+    if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
+        SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,
+               SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
+        return 0;
+    }
+    ssl->sid_ctx_length = sid_ctx_len;
+    memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len);
+
+    return 1;
+}
+
+int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
+{
+    CRYPTO_THREAD_write_lock(ctx->lock);
+    ctx->generate_session_id = cb;
+    CRYPTO_THREAD_unlock(ctx->lock);
+    return 1;
+}
+
+int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)
+{
+    CRYPTO_THREAD_write_lock(ssl->lock);
+    ssl->generate_session_id = cb;
+    CRYPTO_THREAD_unlock(ssl->lock);
+    return 1;
+}
+
+int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
+                                unsigned int id_len)
+{
+    /*
+     * A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how
+     * we can "construct" a session to give us the desired check - i.e. to
+     * find if there's a session in the hash table that would conflict with
+     * any new session built out of this id/id_len and the ssl_version in use
+     * by this SSL.
+     */
+    SSL_SESSION r, *p;
+
+    if (id_len > sizeof(r.session_id))
+        return 0;
+
+    r.ssl_version = ssl->version;
+    r.session_id_length = id_len;
+    memcpy(r.session_id, id, id_len);
+
+    CRYPTO_THREAD_read_lock(ssl->session_ctx->lock);
+    p = lh_SSL_SESSION_retrieve(ssl->session_ctx->sessions, &r);
+    CRYPTO_THREAD_unlock(ssl->session_ctx->lock);
+    return (p != NULL);
+}
+
+int SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
+{
+    return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
+}
+
+int SSL_set_purpose(SSL *s, int purpose)
+{
+    return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
+}
+
+int SSL_CTX_set_trust(SSL_CTX *s, int trust)
+{
+    return X509_VERIFY_PARAM_set_trust(s->param, trust);
+}
+
+int SSL_set_trust(SSL *s, int trust)
+{
+    return X509_VERIFY_PARAM_set_trust(s->param, trust);
+}
+
+int SSL_set1_host(SSL *s, const char *hostname)
+{
+    return X509_VERIFY_PARAM_set1_host(s->param, hostname, 0);
+}
+
+int SSL_add1_host(SSL *s, const char *hostname)
+{
+    return X509_VERIFY_PARAM_add1_host(s->param, hostname, 0);
+}
+
+void SSL_set_hostflags(SSL *s, unsigned int flags)
+{
+    X509_VERIFY_PARAM_set_hostflags(s->param, flags);
+}
+
+const char *SSL_get0_peername(SSL *s)
+{
+    return X509_VERIFY_PARAM_get0_peername(s->param);
+}
+
+int SSL_CTX_dane_enable(SSL_CTX *ctx)
+{
+    return dane_ctx_enable(&ctx->dane);
+}
+
+unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags)
+{
+    unsigned long orig = ctx->dane.flags;
+
+    ctx->dane.flags |= flags;
+    return orig;
+}
+
+unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags)
+{
+    unsigned long orig = ctx->dane.flags;
+
+    ctx->dane.flags &= ~flags;
+    return orig;
+}
+
+int SSL_dane_enable(SSL *s, const char *basedomain)
+{
+    SSL_DANE *dane = &s->dane;
+
+    if (s->ctx->dane.mdmax == 0) {
+        SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_CONTEXT_NOT_DANE_ENABLED);
+        return 0;
+    }
+    if (dane->trecs != NULL) {
+        SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_DANE_ALREADY_ENABLED);
+        return 0;
+    }
+
+    /*
+     * Default SNI name.  This rejects empty names, while set1_host below
+     * accepts them and disables host name checks.  To avoid side-effects with
+     * invalid input, set the SNI name first.
+     */
+    if (s->ext.hostname == NULL) {
+        if (!SSL_set_tlsext_host_name(s, basedomain)) {
+            SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN);
+            return -1;
+        }
+    }
+
+    /* Primary RFC6125 reference identifier */
+    if (!X509_VERIFY_PARAM_set1_host(s->param, basedomain, 0)) {
+        SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN);
+        return -1;
+    }
+
+    dane->mdpth = -1;
+    dane->pdpth = -1;
+    dane->dctx = &s->ctx->dane;
+    dane->trecs = sk_danetls_record_new_null();
+
+    if (dane->trecs == NULL) {
+        SSLerr(SSL_F_SSL_DANE_ENABLE, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+    return 1;
+}
+
+unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags)
+{
+    unsigned long orig = ssl->dane.flags;
+
+    ssl->dane.flags |= flags;
+    return orig;
+}
+
+unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags)
+{
+    unsigned long orig = ssl->dane.flags;
+
+    ssl->dane.flags &= ~flags;
+    return orig;
+}
+
+int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki)
+{
+    SSL_DANE *dane = &s->dane;
+
+    if (!DANETLS_ENABLED(dane) || s->verify_result != X509_V_OK)
+        return -1;
+    if (dane->mtlsa) {
+        if (mcert)
+            *mcert = dane->mcert;
+        if (mspki)
+            *mspki = (dane->mcert == NULL) ? dane->mtlsa->spki : NULL;
+    }
+    return dane->mdpth;
+}
+
+int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector,
+                       uint8_t *mtype, unsigned const char **data, size_t *dlen)
+{
+    SSL_DANE *dane = &s->dane;
+
+    if (!DANETLS_ENABLED(dane) || s->verify_result != X509_V_OK)
+        return -1;
+    if (dane->mtlsa) {
+        if (usage)
+            *usage = dane->mtlsa->usage;
+        if (selector)
+            *selector = dane->mtlsa->selector;
+        if (mtype)
+            *mtype = dane->mtlsa->mtype;
+        if (data)
+            *data = dane->mtlsa->data;
+        if (dlen)
+            *dlen = dane->mtlsa->dlen;
+    }
+    return dane->mdpth;
+}
+
+SSL_DANE *SSL_get0_dane(SSL *s)
+{
+    return &s->dane;
+}
+
+int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector,
+                      uint8_t mtype, unsigned const char *data, size_t dlen)
+{
+    return dane_tlsa_add(&s->dane, usage, selector, mtype, data, dlen);
+}
+
+int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, uint8_t mtype,
+                           uint8_t ord)
+{
+    return dane_mtype_set(&ctx->dane, md, mtype, ord);
+}
+
+int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
+{
+    return X509_VERIFY_PARAM_set1(ctx->param, vpm);
+}
+
+int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
+{
+    return X509_VERIFY_PARAM_set1(ssl->param, vpm);
+}
+
+X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx)
+{
+    return ctx->param;
+}
+
+X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl)
+{
+    return ssl->param;
+}
+
+void SSL_certs_clear(SSL *s)
+{
+    ssl_cert_clear_certs(s->cert);
+}
+
+void SSL_free(SSL *s)
+{
+    int i;
+
+    if (s == NULL)
+        return;
+    CRYPTO_DOWN_REF(&s->references, &i, s->lock);
+    REF_PRINT_COUNT("SSL", s);
+    if (i > 0)
+        return;
+    REF_ASSERT_ISNT(i < 0);
+
+    X509_VERIFY_PARAM_free(s->param);
+    dane_final(&s->dane);
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
+
+    /* Ignore return value */
+    ssl_free_wbio_buffer(s);
+
+    BIO_free_all(s->wbio);
+    BIO_free_all(s->rbio);
+
+    BUF_MEM_free(s->init_buf);
+
+    /* add extra stuff */
+    sk_SSL_CIPHER_free(s->cipher_list);
+    sk_SSL_CIPHER_free(s->cipher_list_by_id);
+    sk_SSL_CIPHER_free(s->tls13_ciphersuites);
+
+    /* Make the next call work :-) */
+    if (s->session != NULL) {
+        ssl_clear_bad_session(s);
+        SSL_SESSION_free(s->session);
+    }
+    SSL_SESSION_free(s->psksession);
+    OPENSSL_free(s->psksession_id);
+
+    clear_ciphers(s);
+
+    ssl_cert_free(s->cert);
+    /* Free up if allocated */
+
+    OPENSSL_free(s->ext.hostname);
+    SSL_CTX_free(s->session_ctx);
+#ifndef OPENSSL_NO_EC
+    OPENSSL_free(s->ext.ecpointformats);
+    OPENSSL_free(s->ext.supportedgroups);
+#endif                          /* OPENSSL_NO_EC */
+    sk_X509_EXTENSION_pop_free(s->ext.ocsp.exts, X509_EXTENSION_free);
+#ifndef OPENSSL_NO_OCSP
+    sk_OCSP_RESPID_pop_free(s->ext.ocsp.ids, OCSP_RESPID_free);
+#endif
+#ifndef OPENSSL_NO_CT
+    SCT_LIST_free(s->scts);
+    OPENSSL_free(s->ext.scts);
+#endif
+    OPENSSL_free(s->ext.ocsp.resp);
+    OPENSSL_free(s->ext.alpn);
+    OPENSSL_free(s->ext.tls13_cookie);
+    OPENSSL_free(s->clienthello);
+    OPENSSL_free(s->pha_context);
+    EVP_MD_CTX_free(s->pha_dgst);
+
+    sk_X509_NAME_pop_free(s->ca_names, X509_NAME_free);
+    sk_X509_NAME_pop_free(s->client_ca_names, X509_NAME_free);
+
+    sk_X509_pop_free(s->verified_chain, X509_free);
+
+    if (s->method != NULL)
+        s->method->ssl_free(s);
+
+    RECORD_LAYER_release(&s->rlayer);
+
+    SSL_CTX_free(s->ctx);
+
+    ASYNC_WAIT_CTX_free(s->waitctx);
+
+#if !defined(OPENSSL_NO_NEXTPROTONEG)
+    OPENSSL_free(s->ext.npn);
+#endif
+
+#ifndef OPENSSL_NO_SRTP
+    sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
+#endif
+
+    CRYPTO_THREAD_lock_free(s->lock);
+
+    OPENSSL_free(s);
+}
+
+void SSL_set0_rbio(SSL *s, BIO *rbio)
+{
+    BIO_free_all(s->rbio);
+    s->rbio = rbio;
+}
+
+void SSL_set0_wbio(SSL *s, BIO *wbio)
+{
+    /*
+     * If the output buffering BIO is still in place, remove it
+     */
+    if (s->bbio != NULL)
+        s->wbio = BIO_pop(s->wbio);
+
+    BIO_free_all(s->wbio);
+    s->wbio = wbio;
+
+    /* Re-attach |bbio| to the new |wbio|. */
+    if (s->bbio != NULL)
+        s->wbio = BIO_push(s->bbio, s->wbio);
+}
+
+void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio)
+{
+    /*
+     * For historical reasons, this function has many different cases in
+     * ownership handling.
+     */
+
+    /* If nothing has changed, do nothing */
+    if (rbio == SSL_get_rbio(s) && wbio == SSL_get_wbio(s))
+        return;
+
+    /*
+     * If the two arguments are equal then one fewer reference is granted by the
+     * caller than we want to take
+     */
+    if (rbio != NULL && rbio == wbio)
+        BIO_up_ref(rbio);
+
+    /*
+     * If only the wbio is changed only adopt one reference.
+     */
+    if (rbio == SSL_get_rbio(s)) {
+        SSL_set0_wbio(s, wbio);
+        return;
+    }
+    /*
+     * There is an asymmetry here for historical reasons. If only the rbio is
+     * changed AND the rbio and wbio were originally different, then we only
+     * adopt one reference.
+     */
+    if (wbio == SSL_get_wbio(s) && SSL_get_rbio(s) != SSL_get_wbio(s)) {
+        SSL_set0_rbio(s, rbio);
+        return;
+    }
+
+    /* Otherwise, adopt both references. */
+    SSL_set0_rbio(s, rbio);
+    SSL_set0_wbio(s, wbio);
+}
+
+BIO *SSL_get_rbio(const SSL *s)
+{
+    return s->rbio;
+}
+
+BIO *SSL_get_wbio(const SSL *s)
+{
+    if (s->bbio != NULL) {
+        /*
+         * If |bbio| is active, the true caller-configured BIO is its
+         * |next_bio|.
+         */
+        return BIO_next(s->bbio);
+    }
+    return s->wbio;
+}
+
+int SSL_get_fd(const SSL *s)
+{
+    return SSL_get_rfd(s);
+}
+
+int SSL_get_rfd(const SSL *s)
+{
+    int ret = -1;
+    BIO *b, *r;
+
+    b = SSL_get_rbio(s);
+    r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
+    if (r != NULL)
+        BIO_get_fd(r, &ret);
+    return ret;
+}
+
+int SSL_get_wfd(const SSL *s)
+{
+    int ret = -1;
+    BIO *b, *r;
+
+    b = SSL_get_wbio(s);
+    r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
+    if (r != NULL)
+        BIO_get_fd(r, &ret);
+    return ret;
+}
+
+#ifndef OPENSSL_NO_SOCK
+int SSL_set_fd(SSL *s, int fd)
+{
+    int ret = 0;
+    BIO *bio = NULL;
+
+    bio = BIO_new(BIO_s_socket());
+
+    if (bio == NULL) {
+        SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
+        goto err;
+    }
+    BIO_set_fd(bio, fd, BIO_NOCLOSE);
+    SSL_set_bio(s, bio, bio);
+    ret = 1;
+ err:
+    return ret;
+}
+
+int SSL_set_wfd(SSL *s, int fd)
+{
+    BIO *rbio = SSL_get_rbio(s);
+
+    if (rbio == NULL || BIO_method_type(rbio) != BIO_TYPE_SOCKET
+        || (int)BIO_get_fd(rbio, NULL) != fd) {
+        BIO *bio = BIO_new(BIO_s_socket());
+
+        if (bio == NULL) {
+            SSLerr(SSL_F_SSL_SET_WFD, ERR_R_BUF_LIB);
+            return 0;
+        }
+        BIO_set_fd(bio, fd, BIO_NOCLOSE);
+        SSL_set0_wbio(s, bio);
+    } else {
+        BIO_up_ref(rbio);
+        SSL_set0_wbio(s, rbio);
+    }
+    return 1;
+}
+
+int SSL_set_rfd(SSL *s, int fd)
+{
+    BIO *wbio = SSL_get_wbio(s);
+
+    if (wbio == NULL || BIO_method_type(wbio) != BIO_TYPE_SOCKET
+        || ((int)BIO_get_fd(wbio, NULL) != fd)) {
+        BIO *bio = BIO_new(BIO_s_socket());
+
+        if (bio == NULL) {
+            SSLerr(SSL_F_SSL_SET_RFD, ERR_R_BUF_LIB);
+            return 0;
+        }
+        BIO_set_fd(bio, fd, BIO_NOCLOSE);
+        SSL_set0_rbio(s, bio);
+    } else {
+        BIO_up_ref(wbio);
+        SSL_set0_rbio(s, wbio);
+    }
+
+    return 1;
+}
+#endif
+
+/* return length of latest Finished message we sent, copy to 'buf' */
+size_t SSL_get_finished(const SSL *s, void *buf, size_t count)
+{
+    size_t ret = 0;
+
+    if (s->s3 != NULL) {
+        ret = s->s3->tmp.finish_md_len;
+        if (count > ret)
+            count = ret;
+        memcpy(buf, s->s3->tmp.finish_md, count);
+    }
+    return ret;
+}
+
+/* return length of latest Finished message we expected, copy to 'buf' */
+size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
+{
+    size_t ret = 0;
+
+    if (s->s3 != NULL) {
+        ret = s->s3->tmp.peer_finish_md_len;
+        if (count > ret)
+            count = ret;
+        memcpy(buf, s->s3->tmp.peer_finish_md, count);
+    }
+    return ret;
+}
+
+int SSL_get_verify_mode(const SSL *s)
+{
+    return s->verify_mode;
+}
+
+int SSL_get_verify_depth(const SSL *s)
+{
+    return X509_VERIFY_PARAM_get_depth(s->param);
+}
+
+int (*SSL_get_verify_callback(const SSL *s)) (int, X509_STORE_CTX *) {
+    return s->verify_callback;
+}
+
+int SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
+{
+    return ctx->verify_mode;
+}
+
+int SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
+{
+    return X509_VERIFY_PARAM_get_depth(ctx->param);
+}
+
+int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx)) (int, X509_STORE_CTX *) {
+    return ctx->default_verify_callback;
+}
+
+void SSL_set_verify(SSL *s, int mode,
+                    int (*callback) (int ok, X509_STORE_CTX *ctx))
+{
+    s->verify_mode = mode;
+    if (callback != NULL)
+        s->verify_callback = callback;
+}
+
+void SSL_set_verify_depth(SSL *s, int depth)
+{
+    X509_VERIFY_PARAM_set_depth(s->param, depth);
+}
+
+void SSL_set_read_ahead(SSL *s, int yes)
+{
+    RECORD_LAYER_set_read_ahead(&s->rlayer, yes);
+}
+
+int SSL_get_read_ahead(const SSL *s)
+{
+    return RECORD_LAYER_get_read_ahead(&s->rlayer);
+}
+
+int SSL_pending(const SSL *s)
+{
+    size_t pending = s->method->ssl_pending(s);
+
+    /*
+     * SSL_pending cannot work properly if read-ahead is enabled
+     * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), and it is
+     * impossible to fix since SSL_pending cannot report errors that may be
+     * observed while scanning the new data. (Note that SSL_pending() is
+     * often used as a boolean value, so we'd better not return -1.)
+     *
+     * SSL_pending also cannot work properly if the value >INT_MAX. In that case
+     * we just return INT_MAX.
+     */
+    return pending < INT_MAX ? (int)pending : INT_MAX;
+}
+
+int SSL_has_pending(const SSL *s)
+{
+    /*
+     * Similar to SSL_pending() but returns a 1 to indicate that we have
+     * unprocessed data available or 0 otherwise (as opposed to the number of
+     * bytes available). Unlike SSL_pending() this will take into account
+     * read_ahead data. A 1 return simply indicates that we have unprocessed
+     * data. That data may not result in any application data, or we may fail
+     * to parse the records for some reason.
+     */
+    if (RECORD_LAYER_processed_read_pending(&s->rlayer))
+        return 1;
+
+    return RECORD_LAYER_read_pending(&s->rlayer);
+}
+
+X509 *SSL_get_peer_certificate(const SSL *s)
+{
+    X509 *r;
+
+    if ((s == NULL) || (s->session == NULL))
+        r = NULL;
+    else
+        r = s->session->peer;
+
+    if (r == NULL)
+        return r;
+
+    X509_up_ref(r);
+
+    return r;
+}
+
+STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s)
+{
+    STACK_OF(X509) *r;
+
+    if ((s == NULL) || (s->session == NULL))
+        r = NULL;
+    else
+        r = s->session->peer_chain;
+
+    /*
+     * If we are a client, cert_chain includes the peer's own certificate; if
+     * we are a server, it does not.
+     */
+
+    return r;
+}
+
+/*
+ * Now in theory, since the calling process own 't' it should be safe to
+ * modify.  We need to be able to read f without being hassled
+ */
+int SSL_copy_session_id(SSL *t, const SSL *f)
+{
+    int i;
+    /* Do we need to to SSL locking? */
+    if (!SSL_set_session(t, SSL_get_session(f))) {
+        return 0;
+    }
+
+    /*
+     * what if we are setup for one protocol version but want to talk another
+     */
+    if (t->method != f->method) {
+        t->method->ssl_free(t);
+        t->method = f->method;
+        if (t->method->ssl_new(t) == 0)
+            return 0;
+    }
+
+    CRYPTO_UP_REF(&f->cert->references, &i, f->cert->lock);
+    ssl_cert_free(t->cert);
+    t->cert = f->cert;
+    if (!SSL_set_session_id_context(t, f->sid_ctx, (int)f->sid_ctx_length)) {
+        return 0;
+    }
+
+    return 1;
+}
+
+/* Fix this so it checks all the valid key/cert options */
+int SSL_CTX_check_private_key(const SSL_CTX *ctx)
+{
+    if ((ctx == NULL) || (ctx->cert->key->x509 == NULL)) {
+        SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED);
+        return 0;
+    }
+    if (ctx->cert->key->privatekey == NULL) {
+        SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
+        return 0;
+    }
+    return X509_check_private_key
+            (ctx->cert->key->x509, ctx->cert->key->privatekey);
+}
+
+/* Fix this function so that it takes an optional type parameter */
+int SSL_check_private_key(const SSL *ssl)
+{
+    if (ssl == NULL) {
+        SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if (ssl->cert->key->x509 == NULL) {
+        SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED);
+        return 0;
+    }
+    if (ssl->cert->key->privatekey == NULL) {
+        SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
+        return 0;
+    }
+    return X509_check_private_key(ssl->cert->key->x509,
+                                   ssl->cert->key->privatekey);
+}
+
+int SSL_waiting_for_async(SSL *s)
+{
+    if (s->job)
+        return 1;
+
+    return 0;
+}
+
+int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds)
+{
+    ASYNC_WAIT_CTX *ctx = s->waitctx;
+
+    if (ctx == NULL)
+        return 0;
+    return ASYNC_WAIT_CTX_get_all_fds(ctx, fds, numfds);
+}
+
+int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, size_t *numaddfds,
+                              OSSL_ASYNC_FD *delfd, size_t *numdelfds)
+{
+    ASYNC_WAIT_CTX *ctx = s->waitctx;
+
+    if (ctx == NULL)
+        return 0;
+    return ASYNC_WAIT_CTX_get_changed_fds(ctx, addfd, numaddfds, delfd,
+                                          numdelfds);
+}
+
+int SSL_accept(SSL *s)
+{
+    if (s->handshake_func == NULL) {
+        /* Not properly initialized yet */
+        SSL_set_accept_state(s);
+    }
+
+    return SSL_do_handshake(s);
+}
+
+int SSL_connect(SSL *s)
+{
+    if (s->handshake_func == NULL) {
+        /* Not properly initialized yet */
+        SSL_set_connect_state(s);
+    }
+
+    return SSL_do_handshake(s);
+}
+
+long SSL_get_default_timeout(const SSL *s)
+{
+    return s->method->get_timeout();
+}
+
+static int ssl_start_async_job(SSL *s, struct ssl_async_args *args,
+                               int (*func) (void *))
+{
+    int ret;
+    if (s->waitctx == NULL) {
+        s->waitctx = ASYNC_WAIT_CTX_new();
+        if (s->waitctx == NULL)
+            return -1;
+    }
+    switch (ASYNC_start_job(&s->job, s->waitctx, &ret, func, args,
+                            sizeof(struct ssl_async_args))) {
+    case ASYNC_ERR:
+        s->rwstate = SSL_NOTHING;
+        SSLerr(SSL_F_SSL_START_ASYNC_JOB, SSL_R_FAILED_TO_INIT_ASYNC);
+        return -1;
+    case ASYNC_PAUSE:
+        s->rwstate = SSL_ASYNC_PAUSED;
+        return -1;
+    case ASYNC_NO_JOBS:
+        s->rwstate = SSL_ASYNC_NO_JOBS;
+        return -1;
+    case ASYNC_FINISH:
+        s->job = NULL;
+        return ret;
+    default:
+        s->rwstate = SSL_NOTHING;
+        SSLerr(SSL_F_SSL_START_ASYNC_JOB, ERR_R_INTERNAL_ERROR);
+        /* Shouldn't happen */
+        return -1;
+    }
+}
+
+static int ssl_io_intern(void *vargs)
+{
+    struct ssl_async_args *args;
+    SSL *s;
+    void *buf;
+    size_t num;
+
+    args = (struct ssl_async_args *)vargs;
+    s = args->s;
+    buf = args->buf;
+    num = args->num;
+    switch (args->type) {
+    case READFUNC:
+        return args->f.func_read(s, buf, num, &s->asyncrw);
+    case WRITEFUNC:
+        return args->f.func_write(s, buf, num, &s->asyncrw);
+    case OTHERFUNC:
+        return args->f.func_other(s);
+    }
+    return -1;
+}
+
+int ssl_read_internal(SSL *s, void *buf, size_t num, size_t *readbytes)
+{
+    if (s->handshake_func == NULL) {
+        SSLerr(SSL_F_SSL_READ_INTERNAL, SSL_R_UNINITIALIZED);
+        return -1;
+    }
+
+    if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
+        s->rwstate = SSL_NOTHING;
+        return 0;
+    }
+
+    if (s->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY
+                || s->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY) {
+        SSLerr(SSL_F_SSL_READ_INTERNAL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    /*
+     * If we are a client and haven't received the ServerHello etc then we
+     * better do that
+     */
+    ossl_statem_check_finish_init(s, 0);
+
+    if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
+        struct ssl_async_args args;
+        int ret;
+
+        args.s = s;
+        args.buf = buf;
+        args.num = num;
+        args.type = READFUNC;
+        args.f.func_read = s->method->ssl_read;
+
+        ret = ssl_start_async_job(s, &args, ssl_io_intern);
+        *readbytes = s->asyncrw;
+        return ret;
+    } else {
+        return s->method->ssl_read(s, buf, num, readbytes);
+    }
+}
+
+int SSL_read(SSL *s, void *buf, int num)
+{
+    int ret;
+    size_t readbytes;
+
+    if (num < 0) {
+        SSLerr(SSL_F_SSL_READ, SSL_R_BAD_LENGTH);
+        return -1;
+    }
+
+    ret = ssl_read_internal(s, buf, (size_t)num, &readbytes);
+
+    /*
+     * The cast is safe here because ret should be <= INT_MAX because num is
+     * <= INT_MAX
+     */
+    if (ret > 0)
+        ret = (int)readbytes;
+
+    return ret;
+}
+
+int SSL_read_ex(SSL *s, void *buf, size_t num, size_t *readbytes)
+{
+    int ret = ssl_read_internal(s, buf, num, readbytes);
+
+    if (ret < 0)
+        ret = 0;
+    return ret;
+}
+
+int SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes)
+{
+    int ret;
+
+    if (!s->server) {
+        SSLerr(SSL_F_SSL_READ_EARLY_DATA, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return SSL_READ_EARLY_DATA_ERROR;
+    }
+
+    switch (s->early_data_state) {
+    case SSL_EARLY_DATA_NONE:
+        if (!SSL_in_before(s)) {
+            SSLerr(SSL_F_SSL_READ_EARLY_DATA,
+                   ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+            return SSL_READ_EARLY_DATA_ERROR;
+        }
+        /* fall through */
+
+    case SSL_EARLY_DATA_ACCEPT_RETRY:
+        s->early_data_state = SSL_EARLY_DATA_ACCEPTING;
+        ret = SSL_accept(s);
+        if (ret <= 0) {
+            /* NBIO or error */
+            s->early_data_state = SSL_EARLY_DATA_ACCEPT_RETRY;
+            return SSL_READ_EARLY_DATA_ERROR;
+        }
+        /* fall through */
+
+    case SSL_EARLY_DATA_READ_RETRY:
+        if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {
+            s->early_data_state = SSL_EARLY_DATA_READING;
+            ret = SSL_read_ex(s, buf, num, readbytes);
+            /*
+             * State machine will update early_data_state to
+             * SSL_EARLY_DATA_FINISHED_READING if we get an EndOfEarlyData
+             * message
+             */
+            if (ret > 0 || (ret <= 0 && s->early_data_state
+                                        != SSL_EARLY_DATA_FINISHED_READING)) {
+                s->early_data_state = SSL_EARLY_DATA_READ_RETRY;
+                return ret > 0 ? SSL_READ_EARLY_DATA_SUCCESS
+                               : SSL_READ_EARLY_DATA_ERROR;
+            }
+        } else {
+            s->early_data_state = SSL_EARLY_DATA_FINISHED_READING;
+        }
+        *readbytes = 0;
+        return SSL_READ_EARLY_DATA_FINISH;
+
+    default:
+        SSLerr(SSL_F_SSL_READ_EARLY_DATA, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return SSL_READ_EARLY_DATA_ERROR;
+    }
+}
+
+int SSL_get_early_data_status(const SSL *s)
+{
+    return s->ext.early_data;
+}
+
+static int ssl_peek_internal(SSL *s, void *buf, size_t num, size_t *readbytes)
+{
+    if (s->handshake_func == NULL) {
+        SSLerr(SSL_F_SSL_PEEK_INTERNAL, SSL_R_UNINITIALIZED);
+        return -1;
+    }
+
+    if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
+        return 0;
+    }
+    if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
+        struct ssl_async_args args;
+        int ret;
+
+        args.s = s;
+        args.buf = buf;
+        args.num = num;
+        args.type = READFUNC;
+        args.f.func_read = s->method->ssl_peek;
+
+        ret = ssl_start_async_job(s, &args, ssl_io_intern);
+        *readbytes = s->asyncrw;
+        return ret;
+    } else {
+        return s->method->ssl_peek(s, buf, num, readbytes);
+    }
+}
+
+int SSL_peek(SSL *s, void *buf, int num)
+{
+    int ret;
+    size_t readbytes;
+
+    if (num < 0) {
+        SSLerr(SSL_F_SSL_PEEK, SSL_R_BAD_LENGTH);
+        return -1;
+    }
+
+    ret = ssl_peek_internal(s, buf, (size_t)num, &readbytes);
+
+    /*
+     * The cast is safe here because ret should be <= INT_MAX because num is
+     * <= INT_MAX
+     */
+    if (ret > 0)
+        ret = (int)readbytes;
+
+    return ret;
+}
+
+
+int SSL_peek_ex(SSL *s, void *buf, size_t num, size_t *readbytes)
+{
+    int ret = ssl_peek_internal(s, buf, num, readbytes);
+
+    if (ret < 0)
+        ret = 0;
+    return ret;
+}
+
+int ssl_write_internal(SSL *s, const void *buf, size_t num, size_t *written)
+{
+    if (s->handshake_func == NULL) {
+        SSLerr(SSL_F_SSL_WRITE_INTERNAL, SSL_R_UNINITIALIZED);
+        return -1;
+    }
+
+    if (s->shutdown & SSL_SENT_SHUTDOWN) {
+        s->rwstate = SSL_NOTHING;
+        SSLerr(SSL_F_SSL_WRITE_INTERNAL, SSL_R_PROTOCOL_IS_SHUTDOWN);
+        return -1;
+    }
+
+    if (s->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY
+                || s->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY
+                || s->early_data_state == SSL_EARLY_DATA_READ_RETRY) {
+        SSLerr(SSL_F_SSL_WRITE_INTERNAL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    /* If we are a client and haven't sent the Finished we better do that */
+    ossl_statem_check_finish_init(s, 1);
+
+    if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
+        int ret;
+        struct ssl_async_args args;
+
+        args.s = s;
+        args.buf = (void *)buf;
+        args.num = num;
+        args.type = WRITEFUNC;
+        args.f.func_write = s->method->ssl_write;
+
+        ret = ssl_start_async_job(s, &args, ssl_io_intern);
+        *written = s->asyncrw;
+        return ret;
+    } else {
+        return s->method->ssl_write(s, buf, num, written);
+    }
+}
+
+int SSL_write(SSL *s, const void *buf, int num)
+{
+    int ret;
+    size_t written;
+
+    if (num < 0) {
+        SSLerr(SSL_F_SSL_WRITE, SSL_R_BAD_LENGTH);
+        return -1;
+    }
+
+    ret = ssl_write_internal(s, buf, (size_t)num, &written);
+
+    /*
+     * The cast is safe here because ret should be <= INT_MAX because num is
+     * <= INT_MAX
+     */
+    if (ret > 0)
+        ret = (int)written;
+
+    return ret;
+}
+
+int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written)
+{
+    int ret = ssl_write_internal(s, buf, num, written);
+
+    if (ret < 0)
+        ret = 0;
+    return ret;
+}
+
+int SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written)
+{
+    int ret, early_data_state;
+    size_t writtmp;
+    uint32_t partialwrite;
+
+    switch (s->early_data_state) {
+    case SSL_EARLY_DATA_NONE:
+        if (s->server
+                || !SSL_in_before(s)
+                || ((s->session == NULL || s->session->ext.max_early_data == 0)
+                     && (s->psk_use_session_cb == NULL))) {
+            SSLerr(SSL_F_SSL_WRITE_EARLY_DATA,
+                   ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+            return 0;
+        }
+        /* fall through */
+
+    case SSL_EARLY_DATA_CONNECT_RETRY:
+        s->early_data_state = SSL_EARLY_DATA_CONNECTING;
+        ret = SSL_connect(s);
+        if (ret <= 0) {
+            /* NBIO or error */
+            s->early_data_state = SSL_EARLY_DATA_CONNECT_RETRY;
+            return 0;
+        }
+        /* fall through */
+
+    case SSL_EARLY_DATA_WRITE_RETRY:
+        s->early_data_state = SSL_EARLY_DATA_WRITING;
+        /*
+         * We disable partial write for early data because we don't keep track
+         * of how many bytes we've written between the SSL_write_ex() call and
+         * the flush if the flush needs to be retried)
+         */
+        partialwrite = s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE;
+        s->mode &= ~SSL_MODE_ENABLE_PARTIAL_WRITE;
+        ret = SSL_write_ex(s, buf, num, &writtmp);
+        s->mode |= partialwrite;
+        if (!ret) {
+            s->early_data_state = SSL_EARLY_DATA_WRITE_RETRY;
+            return ret;
+        }
+        s->early_data_state = SSL_EARLY_DATA_WRITE_FLUSH;
+        /* fall through */
+
+    case SSL_EARLY_DATA_WRITE_FLUSH:
+        /* The buffering BIO is still in place so we need to flush it */
+        if (statem_flush(s) != 1)
+            return 0;
+        *written = num;
+        s->early_data_state = SSL_EARLY_DATA_WRITE_RETRY;
+        return 1;
+
+    case SSL_EARLY_DATA_FINISHED_READING:
+    case SSL_EARLY_DATA_READ_RETRY:
+        early_data_state = s->early_data_state;
+        /* We are a server writing to an unauthenticated client */
+        s->early_data_state = SSL_EARLY_DATA_UNAUTH_WRITING;
+        ret = SSL_write_ex(s, buf, num, written);
+        /* The buffering BIO is still in place */
+        if (ret)
+            (void)BIO_flush(s->wbio);
+        s->early_data_state = early_data_state;
+        return ret;
+
+    default:
+        SSLerr(SSL_F_SSL_WRITE_EARLY_DATA, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+}
+
+int SSL_shutdown(SSL *s)
+{
+    /*
+     * Note that this function behaves differently from what one might
+     * expect.  Return values are 0 for no success (yet), 1 for success; but
+     * calling it once is usually not enough, even if blocking I/O is used
+     * (see ssl3_shutdown).
+     */
+
+    if (s->handshake_func == NULL) {
+        SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED);
+        return -1;
+    }
+
+    if (!SSL_in_init(s)) {
+        if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
+            struct ssl_async_args args;
+
+            args.s = s;
+            args.type = OTHERFUNC;
+            args.f.func_other = s->method->ssl_shutdown;
+
+            return ssl_start_async_job(s, &args, ssl_io_intern);
+        } else {
+            return s->method->ssl_shutdown(s);
+        }
+    } else {
+        SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_SHUTDOWN_WHILE_IN_INIT);
+        return -1;
+    }
+}
+
+int SSL_key_update(SSL *s, int updatetype)
+{
+    /*
+     * TODO(TLS1.3): How will applications know whether TLSv1.3 has been
+     * negotiated, and that it is appropriate to call SSL_key_update() instead
+     * of SSL_renegotiate().
+     */
+    if (!SSL_IS_TLS13(s)) {
+        SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_WRONG_SSL_VERSION);
+        return 0;
+    }
+
+    if (updatetype != SSL_KEY_UPDATE_NOT_REQUESTED
+            && updatetype != SSL_KEY_UPDATE_REQUESTED) {
+        SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_INVALID_KEY_UPDATE_TYPE);
+        return 0;
+    }
+
+    if (!SSL_is_init_finished(s)) {
+        SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_STILL_IN_INIT);
+        return 0;
+    }
+
+    ossl_statem_set_in_init(s, 1);
+    s->key_update = updatetype;
+    return 1;
+}
+
+int SSL_get_key_update_type(const SSL *s)
+{
+    return s->key_update;
+}
+
+int SSL_renegotiate(SSL *s)
+{
+    if (SSL_IS_TLS13(s)) {
+        SSLerr(SSL_F_SSL_RENEGOTIATE, SSL_R_WRONG_SSL_VERSION);
+        return 0;
+    }
+
+    if ((s->options & SSL_OP_NO_RENEGOTIATION)) {
+        SSLerr(SSL_F_SSL_RENEGOTIATE, SSL_R_NO_RENEGOTIATION);
+        return 0;
+    }
+
+    s->renegotiate = 1;
+    s->new_session = 1;
+
+    return s->method->ssl_renegotiate(s);
+}
+
+int SSL_renegotiate_abbreviated(SSL *s)
+{
+    if (SSL_IS_TLS13(s)) {
+        SSLerr(SSL_F_SSL_RENEGOTIATE_ABBREVIATED, SSL_R_WRONG_SSL_VERSION);
+        return 0;
+    }
+
+    if ((s->options & SSL_OP_NO_RENEGOTIATION)) {
+        SSLerr(SSL_F_SSL_RENEGOTIATE_ABBREVIATED, SSL_R_NO_RENEGOTIATION);
+        return 0;
+    }
+
+    s->renegotiate = 1;
+    s->new_session = 0;
+
+    return s->method->ssl_renegotiate(s);
+}
+
+int SSL_renegotiate_pending(const SSL *s)
+{
+    /*
+     * becomes true when negotiation is requested; false again once a
+     * handshake has finished
+     */
+    return (s->renegotiate != 0);
+}
+
+long SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
+{
+    long l;
+
+    switch (cmd) {
+    case SSL_CTRL_GET_READ_AHEAD:
+        return RECORD_LAYER_get_read_ahead(&s->rlayer);
+    case SSL_CTRL_SET_READ_AHEAD:
+        l = RECORD_LAYER_get_read_ahead(&s->rlayer);
+        RECORD_LAYER_set_read_ahead(&s->rlayer, larg);
+        return l;
+
+    case SSL_CTRL_SET_MSG_CALLBACK_ARG:
+        s->msg_callback_arg = parg;
+        return 1;
+
+    case SSL_CTRL_MODE:
+        return (s->mode |= larg);
+    case SSL_CTRL_CLEAR_MODE:
+        return (s->mode &= ~larg);
+    case SSL_CTRL_GET_MAX_CERT_LIST:
+        return (long)s->max_cert_list;
+    case SSL_CTRL_SET_MAX_CERT_LIST:
+        if (larg < 0)
+            return 0;
+        l = (long)s->max_cert_list;
+        s->max_cert_list = (size_t)larg;
+        return l;
+    case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
+        if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
+            return 0;
+        s->max_send_fragment = larg;
+        if (s->max_send_fragment < s->split_send_fragment)
+            s->split_send_fragment = s->max_send_fragment;
+        return 1;
+    case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT:
+        if ((size_t)larg > s->max_send_fragment || larg == 0)
+            return 0;
+        s->split_send_fragment = larg;
+        return 1;
+    case SSL_CTRL_SET_MAX_PIPELINES:
+        if (larg < 1 || larg > SSL_MAX_PIPELINES)
+            return 0;
+        s->max_pipelines = larg;
+        if (larg > 1)
+            RECORD_LAYER_set_read_ahead(&s->rlayer, 1);
+        return 1;
+    case SSL_CTRL_GET_RI_SUPPORT:
+        if (s->s3)
+            return s->s3->send_connection_binding;
+        else
+            return 0;
+    case SSL_CTRL_CERT_FLAGS:
+        return (s->cert->cert_flags |= larg);
+    case SSL_CTRL_CLEAR_CERT_FLAGS:
+        return (s->cert->cert_flags &= ~larg);
+
+    case SSL_CTRL_GET_RAW_CIPHERLIST:
+        if (parg) {
+            if (s->s3->tmp.ciphers_raw == NULL)
+                return 0;
+            *(unsigned char **)parg = s->s3->tmp.ciphers_raw;
+            return (int)s->s3->tmp.ciphers_rawlen;
+        } else {
+            return TLS_CIPHER_LEN;
+        }
+    case SSL_CTRL_GET_EXTMS_SUPPORT:
+        if (!s->session || SSL_in_init(s) || ossl_statem_get_in_handshake(s))
+            return -1;
+        if (s->session->flags & SSL_SESS_FLAG_EXTMS)
+            return 1;
+        else
+            return 0;
+    case SSL_CTRL_SET_MIN_PROTO_VERSION:
+        return ssl_check_allowed_versions(larg, s->max_proto_version)
+               && ssl_set_version_bound(s->ctx->method->version, (int)larg,
+                                        &s->min_proto_version);
+    case SSL_CTRL_GET_MIN_PROTO_VERSION:
+        return s->min_proto_version;
+    case SSL_CTRL_SET_MAX_PROTO_VERSION:
+        return ssl_check_allowed_versions(s->min_proto_version, larg)
+               && ssl_set_version_bound(s->ctx->method->version, (int)larg,
+                                        &s->max_proto_version);
+    case SSL_CTRL_GET_MAX_PROTO_VERSION:
+        return s->max_proto_version;
+    default:
+        return s->method->ssl_ctrl(s, cmd, larg, parg);
+    }
+}
+
+long SSL_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
+{
+    switch (cmd) {
+    case SSL_CTRL_SET_MSG_CALLBACK:
+        s->msg_callback = (void (*)
+                           (int write_p, int version, int content_type,
+                            const void *buf, size_t len, SSL *ssl,
+                            void *arg))(fp);
+        return 1;
+
+    default:
+        return s->method->ssl_callback_ctrl(s, cmd, fp);
+    }
+}
+
+LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx)
+{
+    return ctx->sessions;
+}
+
+long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
+{
+    long l;
+    /* For some cases with ctx == NULL perform syntax checks */
+    if (ctx == NULL) {
+        switch (cmd) {
+#ifndef OPENSSL_NO_EC
+        case SSL_CTRL_SET_GROUPS_LIST:
+            return tls1_set_groups_list(NULL, NULL, parg);
+#endif
+        case SSL_CTRL_SET_SIGALGS_LIST:
+        case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
+            return tls1_set_sigalgs_list(NULL, parg, 0);
+        default:
+            return 0;
+        }
+    }
+
+    switch (cmd) {
+    case SSL_CTRL_GET_READ_AHEAD:
+        return ctx->read_ahead;
+    case SSL_CTRL_SET_READ_AHEAD:
+        l = ctx->read_ahead;
+        ctx->read_ahead = larg;
+        return l;
+
+    case SSL_CTRL_SET_MSG_CALLBACK_ARG:
+        ctx->msg_callback_arg = parg;
+        return 1;
+
+    case SSL_CTRL_GET_MAX_CERT_LIST:
+        return (long)ctx->max_cert_list;
+    case SSL_CTRL_SET_MAX_CERT_LIST:
+        if (larg < 0)
+            return 0;
+        l = (long)ctx->max_cert_list;
+        ctx->max_cert_list = (size_t)larg;
+        return l;
+
+    case SSL_CTRL_SET_SESS_CACHE_SIZE:
+        if (larg < 0)
+            return 0;
+        l = (long)ctx->session_cache_size;
+        ctx->session_cache_size = (size_t)larg;
+        return l;
+    case SSL_CTRL_GET_SESS_CACHE_SIZE:
+        return (long)ctx->session_cache_size;
+    case SSL_CTRL_SET_SESS_CACHE_MODE:
+        l = ctx->session_cache_mode;
+        ctx->session_cache_mode = larg;
+        return l;
+    case SSL_CTRL_GET_SESS_CACHE_MODE:
+        return ctx->session_cache_mode;
+
+    case SSL_CTRL_SESS_NUMBER:
+        return lh_SSL_SESSION_num_items(ctx->sessions);
+    case SSL_CTRL_SESS_CONNECT:
+        return tsan_load(&ctx->stats.sess_connect);
+    case SSL_CTRL_SESS_CONNECT_GOOD:
+        return tsan_load(&ctx->stats.sess_connect_good);
+    case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
+        return tsan_load(&ctx->stats.sess_connect_renegotiate);
+    case SSL_CTRL_SESS_ACCEPT:
+        return tsan_load(&ctx->stats.sess_accept);
+    case SSL_CTRL_SESS_ACCEPT_GOOD:
+        return tsan_load(&ctx->stats.sess_accept_good);
+    case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
+        return tsan_load(&ctx->stats.sess_accept_renegotiate);
+    case SSL_CTRL_SESS_HIT:
+        return tsan_load(&ctx->stats.sess_hit);
+    case SSL_CTRL_SESS_CB_HIT:
+        return tsan_load(&ctx->stats.sess_cb_hit);
+    case SSL_CTRL_SESS_MISSES:
+        return tsan_load(&ctx->stats.sess_miss);
+    case SSL_CTRL_SESS_TIMEOUTS:
+        return tsan_load(&ctx->stats.sess_timeout);
+    case SSL_CTRL_SESS_CACHE_FULL:
+        return tsan_load(&ctx->stats.sess_cache_full);
+    case SSL_CTRL_MODE:
+        return (ctx->mode |= larg);
+    case SSL_CTRL_CLEAR_MODE:
+        return (ctx->mode &= ~larg);
+    case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
+        if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
+            return 0;
+        ctx->max_send_fragment = larg;
+        if (ctx->max_send_fragment < ctx->split_send_fragment)
+            ctx->split_send_fragment = ctx->max_send_fragment;
+        return 1;
+    case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT:
+        if ((size_t)larg > ctx->max_send_fragment || larg == 0)
+            return 0;
+        ctx->split_send_fragment = larg;
+        return 1;
+    case SSL_CTRL_SET_MAX_PIPELINES:
+        if (larg < 1 || larg > SSL_MAX_PIPELINES)
+            return 0;
+        ctx->max_pipelines = larg;
+        return 1;
+    case SSL_CTRL_CERT_FLAGS:
+        return (ctx->cert->cert_flags |= larg);
+    case SSL_CTRL_CLEAR_CERT_FLAGS:
+        return (ctx->cert->cert_flags &= ~larg);
+    case SSL_CTRL_SET_MIN_PROTO_VERSION:
+        return ssl_check_allowed_versions(larg, ctx->max_proto_version)
+               && ssl_set_version_bound(ctx->method->version, (int)larg,
+                                        &ctx->min_proto_version);
+    case SSL_CTRL_GET_MIN_PROTO_VERSION:
+        return ctx->min_proto_version;
+    case SSL_CTRL_SET_MAX_PROTO_VERSION:
+        return ssl_check_allowed_versions(ctx->min_proto_version, larg)
+               && ssl_set_version_bound(ctx->method->version, (int)larg,
+                                        &ctx->max_proto_version);
+    case SSL_CTRL_GET_MAX_PROTO_VERSION:
+        return ctx->max_proto_version;
+    default:
+        return ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg);
+    }
+}
+
+long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
+{
+    switch (cmd) {
+    case SSL_CTRL_SET_MSG_CALLBACK:
+        ctx->msg_callback = (void (*)
+                             (int write_p, int version, int content_type,
+                              const void *buf, size_t len, SSL *ssl,
+                              void *arg))(fp);
+        return 1;
+
+    default:
+        return ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp);
+    }
+}
+
+int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
+{
+    if (a->id > b->id)
+        return 1;
+    if (a->id < b->id)
+        return -1;
+    return 0;
+}
+
+int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
+                          const SSL_CIPHER *const *bp)
+{
+    if ((*ap)->id > (*bp)->id)
+        return 1;
+    if ((*ap)->id < (*bp)->id)
+        return -1;
+    return 0;
+}
+
+/** return a STACK of the ciphers available for the SSL and in order of
+ * preference */
+STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
+{
+    if (s != NULL) {
+        if (s->cipher_list != NULL) {
+            return s->cipher_list;
+        } else if ((s->ctx != NULL) && (s->ctx->cipher_list != NULL)) {
+            return s->ctx->cipher_list;
+        }
+    }
+    return NULL;
+}
+
+STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s)
+{
+    if ((s == NULL) || (s->session == NULL) || !s->server)
+        return NULL;
+    return s->session->ciphers;
+}
+
+STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s)
+{
+    STACK_OF(SSL_CIPHER) *sk = NULL, *ciphers;
+    int i;
+
+    ciphers = SSL_get_ciphers(s);
+    if (!ciphers)
+        return NULL;
+    if (!ssl_set_client_disabled(s))
+        return NULL;
+    for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
+        const SSL_CIPHER *c = sk_SSL_CIPHER_value(ciphers, i);
+        if (!ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_SUPPORTED, 0)) {
+            if (!sk)
+                sk = sk_SSL_CIPHER_new_null();
+            if (!sk)
+                return NULL;
+            if (!sk_SSL_CIPHER_push(sk, c)) {
+                sk_SSL_CIPHER_free(sk);
+                return NULL;
+            }
+        }
+    }
+    return sk;
+}
+
+/** return a STACK of the ciphers available for the SSL and in order of
+ * algorithm id */
+STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s)
+{
+    if (s != NULL) {
+        if (s->cipher_list_by_id != NULL) {
+            return s->cipher_list_by_id;
+        } else if ((s->ctx != NULL) && (s->ctx->cipher_list_by_id != NULL)) {
+            return s->ctx->cipher_list_by_id;
+        }
+    }
+    return NULL;
+}
+
+/** The old interface to get the same thing as SSL_get_ciphers() */
+const char *SSL_get_cipher_list(const SSL *s, int n)
+{
+    const SSL_CIPHER *c;
+    STACK_OF(SSL_CIPHER) *sk;
+
+    if (s == NULL)
+        return NULL;
+    sk = SSL_get_ciphers(s);
+    if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n))
+        return NULL;
+    c = sk_SSL_CIPHER_value(sk, n);
+    if (c == NULL)
+        return NULL;
+    return c->name;
+}
+
+/** return a STACK of the ciphers available for the SSL_CTX and in order of
+ * preference */
+STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx)
+{
+    if (ctx != NULL)
+        return ctx->cipher_list;
+    return NULL;
+}
+
+/*
+ * Distinguish between ciphers controlled by set_ciphersuite() and
+ * set_cipher_list() when counting.
+ */
+static int cipher_list_tls12_num(STACK_OF(SSL_CIPHER) *sk)
+{
+    int i, num = 0;
+    const SSL_CIPHER *c;
+
+    if (sk == NULL)
+        return 0;
+    for (i = 0; i < sk_SSL_CIPHER_num(sk); ++i) {
+        c = sk_SSL_CIPHER_value(sk, i);
+        if (c->min_tls >= TLS1_3_VERSION)
+            continue;
+        num++;
+    }
+    return num;
+}
+
+/** specify the ciphers to be used by default by the SSL_CTX */
+int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
+{
+    STACK_OF(SSL_CIPHER) *sk;
+
+    sk = ssl_create_cipher_list(ctx->method, ctx->tls13_ciphersuites,
+                                &ctx->cipher_list, &ctx->cipher_list_by_id, str,
+                                ctx->cert);
+    /*
+     * ssl_create_cipher_list may return an empty stack if it was unable to
+     * find a cipher matching the given rule string (for example if the rule
+     * string specifies a cipher which has been disabled). This is not an
+     * error as far as ssl_create_cipher_list is concerned, and hence
+     * ctx->cipher_list and ctx->cipher_list_by_id has been updated.
+     */
+    if (sk == NULL)
+        return 0;
+    else if (cipher_list_tls12_num(sk) == 0) {
+        SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
+        return 0;
+    }
+    return 1;
+}
+
+/** specify the ciphers to be used by the SSL */
+int SSL_set_cipher_list(SSL *s, const char *str)
+{
+    STACK_OF(SSL_CIPHER) *sk;
+
+    sk = ssl_create_cipher_list(s->ctx->method, s->tls13_ciphersuites,
+                                &s->cipher_list, &s->cipher_list_by_id, str,
+                                s->cert);
+    /* see comment in SSL_CTX_set_cipher_list */
+    if (sk == NULL)
+        return 0;
+    else if (cipher_list_tls12_num(sk) == 0) {
+        SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
+        return 0;
+    }
+    return 1;
+}
+
+char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size)
+{
+    char *p;
+    STACK_OF(SSL_CIPHER) *clntsk, *srvrsk;
+    const SSL_CIPHER *c;
+    int i;
+
+    if (!s->server
+            || s->session == NULL
+            || s->session->ciphers == NULL
+            || size < 2)
+        return NULL;
+
+    p = buf;
+    clntsk = s->session->ciphers;
+    srvrsk = SSL_get_ciphers(s);
+    if (clntsk == NULL || srvrsk == NULL)
+        return NULL;
+
+    if (sk_SSL_CIPHER_num(clntsk) == 0 || sk_SSL_CIPHER_num(srvrsk) == 0)
+        return NULL;
+
+    for (i = 0; i < sk_SSL_CIPHER_num(clntsk); i++) {
+        int n;
+
+        c = sk_SSL_CIPHER_value(clntsk, i);
+        if (sk_SSL_CIPHER_find(srvrsk, c) < 0)
+            continue;
+
+        n = strlen(c->name);
+        if (n + 1 > size) {
+            if (p != buf)
+                --p;
+            *p = '\0';
+            return buf;
+        }
+        strcpy(p, c->name);
+        p += n;
+        *(p++) = ':';
+        size -= n + 1;
+    }
+    p[-1] = '\0';
+    return buf;
+}
+
+/** return a servername extension value if provided in Client Hello, or NULL.
+ * So far, only host_name types are defined (RFC 3546).
+ */
+
+const char *SSL_get_servername(const SSL *s, const int type)
+{
+    if (type != TLSEXT_NAMETYPE_host_name)
+        return NULL;
+
+    /*
+     * SNI is not negotiated in pre-TLS-1.3 resumption flows, so fake up an
+     * SNI value to return if we are resuming/resumed.  N.B. that we still
+     * call the relevant callbacks for such resumption flows, and callbacks
+     * might error out if there is not a SNI value available.
+     */
+    if (s->hit)
+        return s->session->ext.hostname;
+    return s->ext.hostname;
+}
+
+int SSL_get_servername_type(const SSL *s)
+{
+    if (s->session
+        && (!s->ext.hostname ? s->session->
+            ext.hostname : s->ext.hostname))
+        return TLSEXT_NAMETYPE_host_name;
+    return -1;
+}
+
+/*
+ * SSL_select_next_proto implements the standard protocol selection. It is
+ * expected that this function is called from the callback set by
+ * SSL_CTX_set_next_proto_select_cb. The protocol data is assumed to be a
+ * vector of 8-bit, length prefixed byte strings. The length byte itself is
+ * not included in the length. A byte string of length 0 is invalid. No byte
+ * string may be truncated. The current, but experimental algorithm for
+ * selecting the protocol is: 1) If the server doesn't support NPN then this
+ * is indicated to the callback. In this case, the client application has to
+ * abort the connection or have a default application level protocol. 2) If
+ * the server supports NPN, but advertises an empty list then the client
+ * selects the first protocol in its list, but indicates via the API that this
+ * fallback case was enacted. 3) Otherwise, the client finds the first
+ * protocol in the server's list that it supports and selects this protocol.
+ * This is because it's assumed that the server has better information about
+ * which protocol a client should use. 4) If the client doesn't support any
+ * of the server's advertised protocols, then this is treated the same as
+ * case 2. It returns either OPENSSL_NPN_NEGOTIATED if a common protocol was
+ * found, or OPENSSL_NPN_NO_OVERLAP if the fallback case was reached.
+ */
+int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
+                          const unsigned char *server,
+                          unsigned int server_len,
+                          const unsigned char *client, unsigned int client_len)
+{
+    unsigned int i, j;
+    const unsigned char *result;
+    int status = OPENSSL_NPN_UNSUPPORTED;
+
+    /*
+     * For each protocol in server preference order, see if we support it.
+     */
+    for (i = 0; i < server_len;) {
+        for (j = 0; j < client_len;) {
+            if (server[i] == client[j] &&
+                memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) {
+                /* We found a match */
+                result = &server[i];
+                status = OPENSSL_NPN_NEGOTIATED;
+                goto found;
+            }
+            j += client[j];
+            j++;
+        }
+        i += server[i];
+        i++;
+    }
+
+    /* There's no overlap between our protocols and the server's list. */
+    result = client;
+    status = OPENSSL_NPN_NO_OVERLAP;
+
+ found:
+    *out = (unsigned char *)result + 1;
+    *outlen = result[0];
+    return status;
+}
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+/*
+ * SSL_get0_next_proto_negotiated sets *data and *len to point to the
+ * client's requested protocol for this connection and returns 0. If the
+ * client didn't request any protocol, then *data is set to NULL. Note that
+ * the client can request any protocol it chooses. The value returned from
+ * this function need not be a member of the list of supported protocols
+ * provided by the callback.
+ */
+void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
+                                    unsigned *len)
+{
+    *data = s->ext.npn;
+    if (!*data) {
+        *len = 0;
+    } else {
+        *len = (unsigned int)s->ext.npn_len;
+    }
+}
+
+/*
+ * SSL_CTX_set_npn_advertised_cb sets a callback that is called when
+ * a TLS server needs a list of supported protocols for Next Protocol
+ * Negotiation. The returned list must be in wire format.  The list is
+ * returned by setting |out| to point to it and |outlen| to its length. This
+ * memory will not be modified, but one should assume that the SSL* keeps a
+ * reference to it. The callback should return SSL_TLSEXT_ERR_OK if it
+ * wishes to advertise. Otherwise, no such extension will be included in the
+ * ServerHello.
+ */
+void SSL_CTX_set_npn_advertised_cb(SSL_CTX *ctx,
+                                   SSL_CTX_npn_advertised_cb_func cb,
+                                   void *arg)
+{
+    ctx->ext.npn_advertised_cb = cb;
+    ctx->ext.npn_advertised_cb_arg = arg;
+}
+
+/*
+ * SSL_CTX_set_next_proto_select_cb sets a callback that is called when a
+ * client needs to select a protocol from the server's provided list. |out|
+ * must be set to point to the selected protocol (which may be within |in|).
+ * The length of the protocol name must be written into |outlen|. The
+ * server's advertised protocols are provided in |in| and |inlen|. The
+ * callback can assume that |in| is syntactically valid. The client must
+ * select a protocol. It is fatal to the connection if this callback returns
+ * a value other than SSL_TLSEXT_ERR_OK.
+ */
+void SSL_CTX_set_npn_select_cb(SSL_CTX *ctx,
+                               SSL_CTX_npn_select_cb_func cb,
+                               void *arg)
+{
+    ctx->ext.npn_select_cb = cb;
+    ctx->ext.npn_select_cb_arg = arg;
+}
+#endif
+
+/*
+ * SSL_CTX_set_alpn_protos sets the ALPN protocol list on |ctx| to |protos|.
+ * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
+ * length-prefixed strings). Returns 0 on success.
+ */
+int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
+                            unsigned int protos_len)
+{
+    OPENSSL_free(ctx->ext.alpn);
+    ctx->ext.alpn = OPENSSL_memdup(protos, protos_len);
+    if (ctx->ext.alpn == NULL) {
+        SSLerr(SSL_F_SSL_CTX_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE);
+        return 1;
+    }
+    ctx->ext.alpn_len = protos_len;
+
+    return 0;
+}
+
+/*
+ * SSL_set_alpn_protos sets the ALPN protocol list on |ssl| to |protos|.
+ * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
+ * length-prefixed strings). Returns 0 on success.
+ */
+int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
+                        unsigned int protos_len)
+{
+    OPENSSL_free(ssl->ext.alpn);
+    ssl->ext.alpn = OPENSSL_memdup(protos, protos_len);
+    if (ssl->ext.alpn == NULL) {
+        SSLerr(SSL_F_SSL_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE);
+        return 1;
+    }
+    ssl->ext.alpn_len = protos_len;
+
+    return 0;
+}
+
+/*
+ * SSL_CTX_set_alpn_select_cb sets a callback function on |ctx| that is
+ * called during ClientHello processing in order to select an ALPN protocol
+ * from the client's list of offered protocols.
+ */
+void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
+                                SSL_CTX_alpn_select_cb_func cb,
+                                void *arg)
+{
+    ctx->ext.alpn_select_cb = cb;
+    ctx->ext.alpn_select_cb_arg = arg;
+}
+
+/*
+ * SSL_get0_alpn_selected gets the selected ALPN protocol (if any) from |ssl|.
+ * On return it sets |*data| to point to |*len| bytes of protocol name
+ * (not including the leading length-prefix byte). If the server didn't
+ * respond with a negotiated protocol then |*len| will be zero.
+ */
+void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
+                            unsigned int *len)
+{
+    *data = NULL;
+    if (ssl->s3)
+        *data = ssl->s3->alpn_selected;
+    if (*data == NULL)
+        *len = 0;
+    else
+        *len = (unsigned int)ssl->s3->alpn_selected_len;
+}
+
+int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
+                               const char *label, size_t llen,
+                               const unsigned char *context, size_t contextlen,
+                               int use_context)
+{
+    if (s->version < TLS1_VERSION && s->version != DTLS1_BAD_VER)
+        return -1;
+
+    return s->method->ssl3_enc->export_keying_material(s, out, olen, label,
+                                                       llen, context,
+                                                       contextlen, use_context);
+}
+
+int SSL_export_keying_material_early(SSL *s, unsigned char *out, size_t olen,
+                                     const char *label, size_t llen,
+                                     const unsigned char *context,
+                                     size_t contextlen)
+{
+    if (s->version != TLS1_3_VERSION)
+        return 0;
+
+    return tls13_export_keying_material_early(s, out, olen, label, llen,
+                                              context, contextlen);
+}
+
+static unsigned long ssl_session_hash(const SSL_SESSION *a)
+{
+    const unsigned char *session_id = a->session_id;
+    unsigned long l;
+    unsigned char tmp_storage[4];
+
+    if (a->session_id_length < sizeof(tmp_storage)) {
+        memset(tmp_storage, 0, sizeof(tmp_storage));
+        memcpy(tmp_storage, a->session_id, a->session_id_length);
+        session_id = tmp_storage;
+    }
+
+    l = (unsigned long)
+        ((unsigned long)session_id[0]) |
+        ((unsigned long)session_id[1] << 8L) |
+        ((unsigned long)session_id[2] << 16L) |
+        ((unsigned long)session_id[3] << 24L);
+    return l;
+}
+
+/*
+ * NB: If this function (or indeed the hash function which uses a sort of
+ * coarser function than this one) is changed, ensure
+ * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on
+ * being able to construct an SSL_SESSION that will collide with any existing
+ * session with a matching session ID.
+ */
+static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
+{
+    if (a->ssl_version != b->ssl_version)
+        return 1;
+    if (a->session_id_length != b->session_id_length)
+        return 1;
+    return memcmp(a->session_id, b->session_id, a->session_id_length);
+}
+
+/*
+ * These wrapper functions should remain rather than redeclaring
+ * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each
+ * variable. The reason is that the functions aren't static, they're exposed
+ * via ssl.h.
+ */
+
+SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
+{
+    SSL_CTX *ret = NULL;
+
+    if (meth == NULL) {
+        SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_NULL_SSL_METHOD_PASSED);
+        return NULL;
+    }
+
+    if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL))
+        return NULL;
+
+    if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {
+        SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
+        goto err;
+    }
+    ret = OPENSSL_zalloc(sizeof(*ret));
+    if (ret == NULL)
+        goto err;
+
+    ret->method = meth;
+    ret->min_proto_version = 0;
+    ret->max_proto_version = 0;
+    ret->mode = SSL_MODE_AUTO_RETRY;
+    ret->session_cache_mode = SSL_SESS_CACHE_SERVER;
+    ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
+    /* We take the system default. */
+    ret->session_timeout = meth->get_timeout();
+    ret->references = 1;
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+    ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT;
+    ret->verify_mode = SSL_VERIFY_NONE;
+    if ((ret->cert = ssl_cert_new()) == NULL)
+        goto err;
+
+    ret->sessions = lh_SSL_SESSION_new(ssl_session_hash, ssl_session_cmp);
+    if (ret->sessions == NULL)
+        goto err;
+    ret->cert_store = X509_STORE_new();
+    if (ret->cert_store == NULL)
+        goto err;
+#ifndef OPENSSL_NO_CT
+    ret->ctlog_store = CTLOG_STORE_new();
+    if (ret->ctlog_store == NULL)
+        goto err;
+#endif
+
+    if (!SSL_CTX_set_ciphersuites(ret, TLS_DEFAULT_CIPHERSUITES))
+        goto err;
+
+    if (!ssl_create_cipher_list(ret->method,
+                                ret->tls13_ciphersuites,
+                                &ret->cipher_list, &ret->cipher_list_by_id,
+                                SSL_DEFAULT_CIPHER_LIST, ret->cert)
+        || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
+        SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
+        goto err2;
+    }
+
+    ret->param = X509_VERIFY_PARAM_new();
+    if (ret->param == NULL)
+        goto err;
+
+    if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) {
+        SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
+        goto err2;
+    }
+    if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) {
+        SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
+        goto err2;
+    }
+
+    if ((ret->ca_names = sk_X509_NAME_new_null()) == NULL)
+        goto err;
+
+    if ((ret->client_ca_names = sk_X509_NAME_new_null()) == NULL)
+        goto err;
+
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data))
+        goto err;
+
+    if ((ret->ext.secure = OPENSSL_secure_zalloc(sizeof(*ret->ext.secure))) == NULL)
+        goto err;
+
+    /* No compression for DTLS */
+    if (!(meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS))
+        ret->comp_methods = SSL_COMP_get_compression_methods();
+
+    ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
+    ret->split_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
+
+    /* Setup RFC5077 ticket keys */
+    if ((RAND_bytes(ret->ext.tick_key_name,
+                    sizeof(ret->ext.tick_key_name)) <= 0)
+        || (RAND_priv_bytes(ret->ext.secure->tick_hmac_key,
+                       sizeof(ret->ext.secure->tick_hmac_key)) <= 0)
+        || (RAND_priv_bytes(ret->ext.secure->tick_aes_key,
+                       sizeof(ret->ext.secure->tick_aes_key)) <= 0))
+        ret->options |= SSL_OP_NO_TICKET;
+
+    if (RAND_priv_bytes(ret->ext.cookie_hmac_key,
+                   sizeof(ret->ext.cookie_hmac_key)) <= 0)
+        goto err;
+
+#ifndef OPENSSL_NO_SRP
+    if (!SSL_CTX_SRP_CTX_init(ret))
+        goto err;
+#endif
+#ifndef OPENSSL_NO_ENGINE
+# ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
+#  define eng_strx(x)     #x
+#  define eng_str(x)      eng_strx(x)
+    /* Use specific client engine automatically... ignore errors */
+    {
+        ENGINE *eng;
+        eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
+        if (!eng) {
+            ERR_clear_error();
+            ENGINE_load_builtin_engines();
+            eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
+        }
+        if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng))
+            ERR_clear_error();
+    }
+# endif
+#endif
+    /*
+     * Default is to connect to non-RI servers. When RI is more widely
+     * deployed might change this.
+     */
+    ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
+    /*
+     * Disable compression by default to prevent CRIME. Applications can
+     * re-enable compression by configuring
+     * SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION);
+     * or by using the SSL_CONF library. Similarly we also enable TLSv1.3
+     * middlebox compatibility by default. This may be disabled by default in
+     * a later OpenSSL version.
+     */
+    ret->options |= SSL_OP_NO_COMPRESSION | SSL_OP_ENABLE_MIDDLEBOX_COMPAT;
+
+    ret->ext.status_type = TLSEXT_STATUSTYPE_nothing;
+
+    /*
+     * We cannot usefully set a default max_early_data here (which gets
+     * propagated in SSL_new(), for the following reason: setting the
+     * SSL field causes tls_construct_stoc_early_data() to tell the
+     * client that early data will be accepted when constructing a TLS 1.3
+     * session ticket, and the client will accordingly send us early data
+     * when using that ticket (if the client has early data to send).
+     * However, in order for the early data to actually be consumed by
+     * the application, the application must also have calls to
+     * SSL_read_early_data(); otherwise we'll just skip past the early data
+     * and ignore it.  So, since the application must add calls to
+     * SSL_read_early_data(), we also require them to add
+     * calls to SSL_CTX_set_max_early_data() in order to use early data,
+     * eliminating the bandwidth-wasting early data in the case described
+     * above.
+     */
+    ret->max_early_data = 0;
+
+    /*
+     * Default recv_max_early_data is a fully loaded single record. Could be
+     * split across multiple records in practice. We set this differently to
+     * max_early_data so that, in the default case, we do not advertise any
+     * support for early_data, but if a client were to send us some (e.g.
+     * because of an old, stale ticket) then we will tolerate it and skip over
+     * it.
+     */
+    ret->recv_max_early_data = SSL3_RT_MAX_PLAIN_LENGTH;
+
+    /* By default we send two session tickets automatically in TLSv1.3 */
+    ret->num_tickets = 2;
+
+    ssl_ctx_system_config(ret);
+
+    return ret;
+ err:
+    SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
+ err2:
+    SSL_CTX_free(ret);
+    return NULL;
+}
+
+int SSL_CTX_up_ref(SSL_CTX *ctx)
+{
+    int i;
+
+    if (CRYPTO_UP_REF(&ctx->references, &i, ctx->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("SSL_CTX", ctx);
+    REF_ASSERT_ISNT(i < 2);
+    return ((i > 1) ? 1 : 0);
+}
+
+void SSL_CTX_free(SSL_CTX *a)
+{
+    int i;
+
+    if (a == NULL)
+        return;
+
+    CRYPTO_DOWN_REF(&a->references, &i, a->lock);
+    REF_PRINT_COUNT("SSL_CTX", a);
+    if (i > 0)
+        return;
+    REF_ASSERT_ISNT(i < 0);
+
+    X509_VERIFY_PARAM_free(a->param);
+    dane_ctx_final(&a->dane);
+
+    /*
+     * Free internal session cache. However: the remove_cb() may reference
+     * the ex_data of SSL_CTX, thus the ex_data store can only be removed
+     * after the sessions were flushed.
+     * As the ex_data handling routines might also touch the session cache,
+     * the most secure solution seems to be: empty (flush) the cache, then
+     * free ex_data, then finally free the cache.
+     * (See ticket [openssl.org #212].)
+     */
+    if (a->sessions != NULL)
+        SSL_CTX_flush_sessions(a, 0);
+
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
+    lh_SSL_SESSION_free(a->sessions);
+    X509_STORE_free(a->cert_store);
+#ifndef OPENSSL_NO_CT
+    CTLOG_STORE_free(a->ctlog_store);
+#endif
+    sk_SSL_CIPHER_free(a->cipher_list);
+    sk_SSL_CIPHER_free(a->cipher_list_by_id);
+    sk_SSL_CIPHER_free(a->tls13_ciphersuites);
+    ssl_cert_free(a->cert);
+    sk_X509_NAME_pop_free(a->ca_names, X509_NAME_free);
+    sk_X509_NAME_pop_free(a->client_ca_names, X509_NAME_free);
+    sk_X509_pop_free(a->extra_certs, X509_free);
+    a->comp_methods = NULL;
+#ifndef OPENSSL_NO_SRTP
+    sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
+#endif
+#ifndef OPENSSL_NO_SRP
+    SSL_CTX_SRP_CTX_free(a);
+#endif
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_finish(a->client_cert_engine);
+#endif
+
+#ifndef OPENSSL_NO_EC
+    OPENSSL_free(a->ext.ecpointformats);
+    OPENSSL_free(a->ext.supportedgroups);
+#endif
+    OPENSSL_free(a->ext.alpn);
+    OPENSSL_secure_free(a->ext.secure);
+
+    CRYPTO_THREAD_lock_free(a->lock);
+
+    OPENSSL_free(a);
+}
+
+void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
+{
+    ctx->default_passwd_callback = cb;
+}
+
+void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u)
+{
+    ctx->default_passwd_callback_userdata = u;
+}
+
+pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx)
+{
+    return ctx->default_passwd_callback;
+}
+
+void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx)
+{
+    return ctx->default_passwd_callback_userdata;
+}
+
+void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb)
+{
+    s->default_passwd_callback = cb;
+}
+
+void SSL_set_default_passwd_cb_userdata(SSL *s, void *u)
+{
+    s->default_passwd_callback_userdata = u;
+}
+
+pem_password_cb *SSL_get_default_passwd_cb(SSL *s)
+{
+    return s->default_passwd_callback;
+}
+
+void *SSL_get_default_passwd_cb_userdata(SSL *s)
+{
+    return s->default_passwd_callback_userdata;
+}
+
+void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
+                                      int (*cb) (X509_STORE_CTX *, void *),
+                                      void *arg)
+{
+    ctx->app_verify_callback = cb;
+    ctx->app_verify_arg = arg;
+}
+
+void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
+                        int (*cb) (int, X509_STORE_CTX *))
+{
+    ctx->verify_mode = mode;
+    ctx->default_verify_callback = cb;
+}
+
+void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth)
+{
+    X509_VERIFY_PARAM_set_depth(ctx->param, depth);
+}
+
+void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg), void *arg)
+{
+    ssl_cert_set_cert_cb(c->cert, cb, arg);
+}
+
+void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg)
+{
+    ssl_cert_set_cert_cb(s->cert, cb, arg);
+}
+
+void ssl_set_masks(SSL *s)
+{
+    CERT *c = s->cert;
+    uint32_t *pvalid = s->s3->tmp.valid_flags;
+    int rsa_enc, rsa_sign, dh_tmp, dsa_sign;
+    unsigned long mask_k, mask_a;
+#ifndef OPENSSL_NO_EC
+    int have_ecc_cert, ecdsa_ok;
+#endif
+    if (c == NULL)
+        return;
+
+#ifndef OPENSSL_NO_DH
+    dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL || c->dh_tmp_auto);
+#else
+    dh_tmp = 0;
+#endif
+
+    rsa_enc = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID;
+    rsa_sign = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID;
+    dsa_sign = pvalid[SSL_PKEY_DSA_SIGN] & CERT_PKEY_VALID;
+#ifndef OPENSSL_NO_EC
+    have_ecc_cert = pvalid[SSL_PKEY_ECC] & CERT_PKEY_VALID;
+#endif
+    mask_k = 0;
+    mask_a = 0;
+
+#ifdef CIPHER_DEBUG
+    fprintf(stderr, "dht=%d re=%d rs=%d ds=%d\n",
+            dh_tmp, rsa_enc, rsa_sign, dsa_sign);
+#endif
+
+#ifndef OPENSSL_NO_GOST
+    if (ssl_has_cert(s, SSL_PKEY_GOST12_512)) {
+        mask_k |= SSL_kGOST;
+        mask_a |= SSL_aGOST12;
+    }
+    if (ssl_has_cert(s, SSL_PKEY_GOST12_256)) {
+        mask_k |= SSL_kGOST;
+        mask_a |= SSL_aGOST12;
+    }
+    if (ssl_has_cert(s, SSL_PKEY_GOST01)) {
+        mask_k |= SSL_kGOST;
+        mask_a |= SSL_aGOST01;
+    }
+#endif
+
+    if (rsa_enc)
+        mask_k |= SSL_kRSA;
+
+    if (dh_tmp)
+        mask_k |= SSL_kDHE;
+
+    /*
+     * If we only have an RSA-PSS certificate allow RSA authentication
+     * if TLS 1.2 and peer supports it.
+     */
+
+    if (rsa_enc || rsa_sign || (ssl_has_cert(s, SSL_PKEY_RSA_PSS_SIGN)
+                && pvalid[SSL_PKEY_RSA_PSS_SIGN] & CERT_PKEY_EXPLICIT_SIGN
+                && TLS1_get_version(s) == TLS1_2_VERSION))
+        mask_a |= SSL_aRSA;
+
+    if (dsa_sign) {
+        mask_a |= SSL_aDSS;
+    }
+
+    mask_a |= SSL_aNULL;
+
+    /*
+     * An ECC certificate may be usable for ECDH and/or ECDSA cipher suites
+     * depending on the key usage extension.
+     */
+#ifndef OPENSSL_NO_EC
+    if (have_ecc_cert) {
+        uint32_t ex_kusage;
+        ex_kusage = X509_get_key_usage(c->pkeys[SSL_PKEY_ECC].x509);
+        ecdsa_ok = ex_kusage & X509v3_KU_DIGITAL_SIGNATURE;
+        if (!(pvalid[SSL_PKEY_ECC] & CERT_PKEY_SIGN))
+            ecdsa_ok = 0;
+        if (ecdsa_ok)
+            mask_a |= SSL_aECDSA;
+    }
+    /* Allow Ed25519 for TLS 1.2 if peer supports it */
+    if (!(mask_a & SSL_aECDSA) && ssl_has_cert(s, SSL_PKEY_ED25519)
+            && pvalid[SSL_PKEY_ED25519] & CERT_PKEY_EXPLICIT_SIGN
+            && TLS1_get_version(s) == TLS1_2_VERSION)
+            mask_a |= SSL_aECDSA;
+
+    /* Allow Ed448 for TLS 1.2 if peer supports it */
+    if (!(mask_a & SSL_aECDSA) && ssl_has_cert(s, SSL_PKEY_ED448)
+            && pvalid[SSL_PKEY_ED448] & CERT_PKEY_EXPLICIT_SIGN
+            && TLS1_get_version(s) == TLS1_2_VERSION)
+            mask_a |= SSL_aECDSA;
+#endif
+
+#ifndef OPENSSL_NO_EC
+    mask_k |= SSL_kECDHE;
+#endif
+
+#ifndef OPENSSL_NO_PSK
+    mask_k |= SSL_kPSK;
+    mask_a |= SSL_aPSK;
+    if (mask_k & SSL_kRSA)
+        mask_k |= SSL_kRSAPSK;
+    if (mask_k & SSL_kDHE)
+        mask_k |= SSL_kDHEPSK;
+    if (mask_k & SSL_kECDHE)
+        mask_k |= SSL_kECDHEPSK;
+#endif
+
+    s->s3->tmp.mask_k = mask_k;
+    s->s3->tmp.mask_a = mask_a;
+}
+
+#ifndef OPENSSL_NO_EC
+
+int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
+{
+    if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aECDSA) {
+        /* key usage, if present, must allow signing */
+        if (!(X509_get_key_usage(x) & X509v3_KU_DIGITAL_SIGNATURE)) {
+            SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
+                   SSL_R_ECC_CERT_NOT_FOR_SIGNING);
+            return 0;
+        }
+    }
+    return 1;                   /* all checks are ok */
+}
+
+#endif
+
+int ssl_get_server_cert_serverinfo(SSL *s, const unsigned char **serverinfo,
+                                   size_t *serverinfo_length)
+{
+    CERT_PKEY *cpk = s->s3->tmp.cert;
+    *serverinfo_length = 0;
+
+    if (cpk == NULL || cpk->serverinfo == NULL)
+        return 0;
+
+    *serverinfo = cpk->serverinfo;
+    *serverinfo_length = cpk->serverinfo_length;
+    return 1;
+}
+
+void ssl_update_cache(SSL *s, int mode)
+{
+    int i;
+
+    /*
+     * If the session_id_length is 0, we are not supposed to cache it, and it
+     * would be rather hard to do anyway :-)
+     */
+    if (s->session->session_id_length == 0)
+        return;
+
+    /*
+     * If sid_ctx_length is 0 there is no specific application context
+     * associated with this session, so when we try to resume it and
+     * SSL_VERIFY_PEER is requested to verify the client identity, we have no
+     * indication that this is actually a session for the proper application
+     * context, and the *handshake* will fail, not just the resumption attempt.
+     * Do not cache (on the server) these sessions that are not resumable
+     * (clients can set SSL_VERIFY_PEER without needing a sid_ctx set).
+     */
+    if (s->server && s->session->sid_ctx_length == 0
+            && (s->verify_mode & SSL_VERIFY_PEER) != 0)
+        return;
+
+    i = s->session_ctx->session_cache_mode;
+    if ((i & mode) != 0
+        && (!s->hit || SSL_IS_TLS13(s))) {
+        /*
+         * Add the session to the internal cache. In server side TLSv1.3 we
+         * normally don't do this because by default it's a full stateless ticket
+         * with only a dummy session id so there is no reason to cache it,
+         * unless:
+         * - we are doing early_data, in which case we cache so that we can
+         *   detect replays
+         * - the application has set a remove_session_cb so needs to know about
+         *   session timeout events
+         * - SSL_OP_NO_TICKET is set in which case it is a stateful ticket
+         */
+        if ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) == 0
+                && (!SSL_IS_TLS13(s)
+                    || !s->server
+                    || (s->max_early_data > 0
+                        && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0)
+                    || s->session_ctx->remove_session_cb != NULL
+                    || (s->options & SSL_OP_NO_TICKET) != 0))
+            SSL_CTX_add_session(s->session_ctx, s->session);
+
+        /*
+         * Add the session to the external cache. We do this even in server side
+         * TLSv1.3 without early data because some applications just want to
+         * know about the creation of a session and aren't doing a full cache.
+         */
+        if (s->session_ctx->new_session_cb != NULL) {
+            SSL_SESSION_up_ref(s->session);
+            if (!s->session_ctx->new_session_cb(s, s->session))
+                SSL_SESSION_free(s->session);
+        }
+    }
+
+    /* auto flush every 255 connections */
+    if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && ((i & mode) == mode)) {
+        TSAN_QUALIFIER int *stat;
+        if (mode & SSL_SESS_CACHE_CLIENT)
+            stat = &s->session_ctx->stats.sess_connect_good;
+        else
+            stat = &s->session_ctx->stats.sess_accept_good;
+        if ((tsan_load(stat) & 0xff) == 0xff)
+            SSL_CTX_flush_sessions(s->session_ctx, (unsigned long)time(NULL));
+    }
+}
+
+const SSL_METHOD *SSL_CTX_get_ssl_method(const SSL_CTX *ctx)
+{
+    return ctx->method;
+}
+
+const SSL_METHOD *SSL_get_ssl_method(const SSL *s)
+{
+    return s->method;
+}
+
+int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth)
+{
+    int ret = 1;
+
+    if (s->method != meth) {
+        const SSL_METHOD *sm = s->method;
+        int (*hf) (SSL *) = s->handshake_func;
+
+        if (sm->version == meth->version)
+            s->method = meth;
+        else {
+            sm->ssl_free(s);
+            s->method = meth;
+            ret = s->method->ssl_new(s);
+        }
+
+        if (hf == sm->ssl_connect)
+            s->handshake_func = meth->ssl_connect;
+        else if (hf == sm->ssl_accept)
+            s->handshake_func = meth->ssl_accept;
+    }
+    return ret;
+}
+
+int SSL_get_error(const SSL *s, int i)
+{
+    int reason;
+    unsigned long l;
+    BIO *bio;
+
+    if (i > 0)
+        return SSL_ERROR_NONE;
+
+    /*
+     * Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake etc,
+     * where we do encode the error
+     */
+    if ((l = ERR_peek_error()) != 0) {
+        if (ERR_GET_LIB(l) == ERR_LIB_SYS)
+            return SSL_ERROR_SYSCALL;
+        else
+            return SSL_ERROR_SSL;
+    }
+
+    if (SSL_want_read(s)) {
+        bio = SSL_get_rbio(s);
+        if (BIO_should_read(bio))
+            return SSL_ERROR_WANT_READ;
+        else if (BIO_should_write(bio))
+            /*
+             * This one doesn't make too much sense ... We never try to write
+             * to the rbio, and an application program where rbio and wbio
+             * are separate couldn't even know what it should wait for.
+             * However if we ever set s->rwstate incorrectly (so that we have
+             * SSL_want_read(s) instead of SSL_want_write(s)) and rbio and
+             * wbio *are* the same, this test works around that bug; so it
+             * might be safer to keep it.
+             */
+            return SSL_ERROR_WANT_WRITE;
+        else if (BIO_should_io_special(bio)) {
+            reason = BIO_get_retry_reason(bio);
+            if (reason == BIO_RR_CONNECT)
+                return SSL_ERROR_WANT_CONNECT;
+            else if (reason == BIO_RR_ACCEPT)
+                return SSL_ERROR_WANT_ACCEPT;
+            else
+                return SSL_ERROR_SYSCALL; /* unknown */
+        }
+    }
+
+    if (SSL_want_write(s)) {
+        /* Access wbio directly - in order to use the buffered bio if present */
+        bio = s->wbio;
+        if (BIO_should_write(bio))
+            return SSL_ERROR_WANT_WRITE;
+        else if (BIO_should_read(bio))
+            /*
+             * See above (SSL_want_read(s) with BIO_should_write(bio))
+             */
+            return SSL_ERROR_WANT_READ;
+        else if (BIO_should_io_special(bio)) {
+            reason = BIO_get_retry_reason(bio);
+            if (reason == BIO_RR_CONNECT)
+                return SSL_ERROR_WANT_CONNECT;
+            else if (reason == BIO_RR_ACCEPT)
+                return SSL_ERROR_WANT_ACCEPT;
+            else
+                return SSL_ERROR_SYSCALL;
+        }
+    }
+    if (SSL_want_x509_lookup(s))
+        return SSL_ERROR_WANT_X509_LOOKUP;
+    if (SSL_want_async(s))
+        return SSL_ERROR_WANT_ASYNC;
+    if (SSL_want_async_job(s))
+        return SSL_ERROR_WANT_ASYNC_JOB;
+    if (SSL_want_client_hello_cb(s))
+        return SSL_ERROR_WANT_CLIENT_HELLO_CB;
+
+    if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
+        (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
+        return SSL_ERROR_ZERO_RETURN;
+
+    return SSL_ERROR_SYSCALL;
+}
+
+static int ssl_do_handshake_intern(void *vargs)
+{
+    struct ssl_async_args *args;
+    SSL *s;
+
+    args = (struct ssl_async_args *)vargs;
+    s = args->s;
+
+    return s->handshake_func(s);
+}
+
+int SSL_do_handshake(SSL *s)
+{
+    int ret = 1;
+
+    if (s->handshake_func == NULL) {
+        SSLerr(SSL_F_SSL_DO_HANDSHAKE, SSL_R_CONNECTION_TYPE_NOT_SET);
+        return -1;
+    }
+
+    ossl_statem_check_finish_init(s, -1);
+
+    s->method->ssl_renegotiate_check(s, 0);
+
+    if (SSL_in_init(s) || SSL_in_before(s)) {
+        if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
+            struct ssl_async_args args;
+
+            args.s = s;
+
+            ret = ssl_start_async_job(s, &args, ssl_do_handshake_intern);
+        } else {
+            ret = s->handshake_func(s);
+        }
+    }
+    return ret;
+}
+
+void SSL_set_accept_state(SSL *s)
+{
+    s->server = 1;
+    s->shutdown = 0;
+    ossl_statem_clear(s);
+    s->handshake_func = s->method->ssl_accept;
+    clear_ciphers(s);
+}
+
+void SSL_set_connect_state(SSL *s)
+{
+    s->server = 0;
+    s->shutdown = 0;
+    ossl_statem_clear(s);
+    s->handshake_func = s->method->ssl_connect;
+    clear_ciphers(s);
+}
+
+int ssl_undefined_function(SSL *s)
+{
+    SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+    return 0;
+}
+
+int ssl_undefined_void_function(void)
+{
+    SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION,
+           ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+    return 0;
+}
+
+int ssl_undefined_const_function(const SSL *s)
+{
+    return 0;
+}
+
+const SSL_METHOD *ssl_bad_method(int ver)
+{
+    SSLerr(SSL_F_SSL_BAD_METHOD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+    return NULL;
+}
+
+const char *ssl_protocol_to_string(int version)
+{
+    switch(version)
+    {
+    case TLS1_3_VERSION:
+        return "TLSv1.3";
+
+    case TLS1_2_VERSION:
+        return "TLSv1.2";
+
+    case TLS1_1_VERSION:
+        return "TLSv1.1";
+
+    case TLS1_VERSION:
+        return "TLSv1";
+
+    case SSL3_VERSION:
+        return "SSLv3";
+
+    case DTLS1_BAD_VER:
+        return "DTLSv0.9";
+
+    case DTLS1_VERSION:
+        return "DTLSv1";
+
+    case DTLS1_2_VERSION:
+        return "DTLSv1.2";
+
+    default:
+        return "unknown";
+    }
+}
+
+const char *SSL_get_version(const SSL *s)
+{
+    return ssl_protocol_to_string(s->version);
+}
+
+static int dup_ca_names(STACK_OF(X509_NAME) **dst, STACK_OF(X509_NAME) *src)
+{
+    STACK_OF(X509_NAME) *sk;
+    X509_NAME *xn;
+    int i;
+
+    if (src == NULL) {
+        *dst = NULL;
+        return 1;
+    }
+
+    if ((sk = sk_X509_NAME_new_null()) == NULL)
+        return 0;
+    for (i = 0; i < sk_X509_NAME_num(src); i++) {
+        xn = X509_NAME_dup(sk_X509_NAME_value(src, i));
+        if (xn == NULL) {
+            sk_X509_NAME_pop_free(sk, X509_NAME_free);
+            return 0;
+        }
+        if (sk_X509_NAME_insert(sk, xn, i) == 0) {
+            X509_NAME_free(xn);
+            sk_X509_NAME_pop_free(sk, X509_NAME_free);
+            return 0;
+        }
+    }
+    *dst = sk;
+
+    return 1;
+}
+
+SSL *SSL_dup(SSL *s)
+{
+    SSL *ret;
+    int i;
+
+    /* If we're not quiescent, just up_ref! */
+    if (!SSL_in_init(s) || !SSL_in_before(s)) {
+        CRYPTO_UP_REF(&s->references, &i, s->lock);
+        return s;
+    }
+
+    /*
+     * Otherwise, copy configuration state, and session if set.
+     */
+    if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL)
+        return NULL;
+
+    if (s->session != NULL) {
+        /*
+         * Arranges to share the same session via up_ref.  This "copies"
+         * session-id, SSL_METHOD, sid_ctx, and 'cert'
+         */
+        if (!SSL_copy_session_id(ret, s))
+            goto err;
+    } else {
+        /*
+         * No session has been established yet, so we have to expect that
+         * s->cert or ret->cert will be changed later -- they should not both
+         * point to the same object, and thus we can't use
+         * SSL_copy_session_id.
+         */
+        if (!SSL_set_ssl_method(ret, s->method))
+            goto err;
+
+        if (s->cert != NULL) {
+            ssl_cert_free(ret->cert);
+            ret->cert = ssl_cert_dup(s->cert);
+            if (ret->cert == NULL)
+                goto err;
+        }
+
+        if (!SSL_set_session_id_context(ret, s->sid_ctx,
+                                        (int)s->sid_ctx_length))
+            goto err;
+    }
+
+    if (!ssl_dane_dup(ret, s))
+        goto err;
+    ret->version = s->version;
+    ret->options = s->options;
+    ret->mode = s->mode;
+    SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s));
+    SSL_set_read_ahead(ret, SSL_get_read_ahead(s));
+    ret->msg_callback = s->msg_callback;
+    ret->msg_callback_arg = s->msg_callback_arg;
+    SSL_set_verify(ret, SSL_get_verify_mode(s), SSL_get_verify_callback(s));
+    SSL_set_verify_depth(ret, SSL_get_verify_depth(s));
+    ret->generate_session_id = s->generate_session_id;
+
+    SSL_set_info_callback(ret, SSL_get_info_callback(s));
+
+    /* copy app data, a little dangerous perhaps */
+    if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data))
+        goto err;
+
+    /* setup rbio, and wbio */
+    if (s->rbio != NULL) {
+        if (!BIO_dup_state(s->rbio, (char *)&ret->rbio))
+            goto err;
+    }
+    if (s->wbio != NULL) {
+        if (s->wbio != s->rbio) {
+            if (!BIO_dup_state(s->wbio, (char *)&ret->wbio))
+                goto err;
+        } else {
+            BIO_up_ref(ret->rbio);
+            ret->wbio = ret->rbio;
+        }
+    }
+
+    ret->server = s->server;
+    if (s->handshake_func) {
+        if (s->server)
+            SSL_set_accept_state(ret);
+        else
+            SSL_set_connect_state(ret);
+    }
+    ret->shutdown = s->shutdown;
+    ret->hit = s->hit;
+
+    ret->default_passwd_callback = s->default_passwd_callback;
+    ret->default_passwd_callback_userdata = s->default_passwd_callback_userdata;
+
+    X509_VERIFY_PARAM_inherit(ret->param, s->param);
+
+    /* dup the cipher_list and cipher_list_by_id stacks */
+    if (s->cipher_list != NULL) {
+        if ((ret->cipher_list = sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
+            goto err;
+    }
+    if (s->cipher_list_by_id != NULL)
+        if ((ret->cipher_list_by_id = sk_SSL_CIPHER_dup(s->cipher_list_by_id))
+            == NULL)
+            goto err;
+
+    /* Dup the client_CA list */
+    if (!dup_ca_names(&ret->ca_names, s->ca_names)
+            || !dup_ca_names(&ret->client_ca_names, s->client_ca_names))
+        goto err;
+
+    return ret;
+
+ err:
+    SSL_free(ret);
+    return NULL;
+}
+
+void ssl_clear_cipher_ctx(SSL *s)
+{
+    if (s->enc_read_ctx != NULL) {
+        EVP_CIPHER_CTX_free(s->enc_read_ctx);
+        s->enc_read_ctx = NULL;
+    }
+    if (s->enc_write_ctx != NULL) {
+        EVP_CIPHER_CTX_free(s->enc_write_ctx);
+        s->enc_write_ctx = NULL;
+    }
+#ifndef OPENSSL_NO_COMP
+    COMP_CTX_free(s->expand);
+    s->expand = NULL;
+    COMP_CTX_free(s->compress);
+    s->compress = NULL;
+#endif
+}
+
+X509 *SSL_get_certificate(const SSL *s)
+{
+    if (s->cert != NULL)
+        return s->cert->key->x509;
+    else
+        return NULL;
+}
+
+EVP_PKEY *SSL_get_privatekey(const SSL *s)
+{
+    if (s->cert != NULL)
+        return s->cert->key->privatekey;
+    else
+        return NULL;
+}
+
+X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx)
+{
+    if (ctx->cert != NULL)
+        return ctx->cert->key->x509;
+    else
+        return NULL;
+}
+
+EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx)
+{
+    if (ctx->cert != NULL)
+        return ctx->cert->key->privatekey;
+    else
+        return NULL;
+}
+
+const SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
+{
+    if ((s->session != NULL) && (s->session->cipher != NULL))
+        return s->session->cipher;
+    return NULL;
+}
+
+const SSL_CIPHER *SSL_get_pending_cipher(const SSL *s)
+{
+    return s->s3->tmp.new_cipher;
+}
+
+const COMP_METHOD *SSL_get_current_compression(const SSL *s)
+{
+#ifndef OPENSSL_NO_COMP
+    return s->compress ? COMP_CTX_get_method(s->compress) : NULL;
+#else
+    return NULL;
+#endif
+}
+
+const COMP_METHOD *SSL_get_current_expansion(const SSL *s)
+{
+#ifndef OPENSSL_NO_COMP
+    return s->expand ? COMP_CTX_get_method(s->expand) : NULL;
+#else
+    return NULL;
+#endif
+}
+
+int ssl_init_wbio_buffer(SSL *s)
+{
+    BIO *bbio;
+
+    if (s->bbio != NULL) {
+        /* Already buffered. */
+        return 1;
+    }
+
+    bbio = BIO_new(BIO_f_buffer());
+    if (bbio == NULL || !BIO_set_read_buffer_size(bbio, 1)) {
+        BIO_free(bbio);
+        SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER, ERR_R_BUF_LIB);
+        return 0;
+    }
+    s->bbio = bbio;
+    s->wbio = BIO_push(bbio, s->wbio);
+
+    return 1;
+}
+
+int ssl_free_wbio_buffer(SSL *s)
+{
+    /* callers ensure s is never null */
+    if (s->bbio == NULL)
+        return 1;
+
+    s->wbio = BIO_pop(s->wbio);
+    BIO_free(s->bbio);
+    s->bbio = NULL;
+
+    return 1;
+}
+
+void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode)
+{
+    ctx->quiet_shutdown = mode;
+}
+
+int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx)
+{
+    return ctx->quiet_shutdown;
+}
+
+void SSL_set_quiet_shutdown(SSL *s, int mode)
+{
+    s->quiet_shutdown = mode;
+}
+
+int SSL_get_quiet_shutdown(const SSL *s)
+{
+    return s->quiet_shutdown;
+}
+
+void SSL_set_shutdown(SSL *s, int mode)
+{
+    s->shutdown = mode;
+}
+
+int SSL_get_shutdown(const SSL *s)
+{
+    return s->shutdown;
+}
+
+int SSL_version(const SSL *s)
+{
+    return s->version;
+}
+
+int SSL_client_version(const SSL *s)
+{
+    return s->client_version;
+}
+
+SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl)
+{
+    return ssl->ctx;
+}
+
+SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx)
+{
+    CERT *new_cert;
+    if (ssl->ctx == ctx)
+        return ssl->ctx;
+    if (ctx == NULL)
+        ctx = ssl->session_ctx;
+    new_cert = ssl_cert_dup(ctx->cert);
+    if (new_cert == NULL) {
+        return NULL;
+    }
+
+    if (!custom_exts_copy_flags(&new_cert->custext, &ssl->cert->custext)) {
+        ssl_cert_free(new_cert);
+        return NULL;
+    }
+
+    ssl_cert_free(ssl->cert);
+    ssl->cert = new_cert;
+
+    /*
+     * Program invariant: |sid_ctx| has fixed size (SSL_MAX_SID_CTX_LENGTH),
+     * so setter APIs must prevent invalid lengths from entering the system.
+     */
+    if (!ossl_assert(ssl->sid_ctx_length <= sizeof(ssl->sid_ctx)))
+        return NULL;
+
+    /*
+     * If the session ID context matches that of the parent SSL_CTX,
+     * inherit it from the new SSL_CTX as well. If however the context does
+     * not match (i.e., it was set per-ssl with SSL_set_session_id_context),
+     * leave it unchanged.
+     */
+    if ((ssl->ctx != NULL) &&
+        (ssl->sid_ctx_length == ssl->ctx->sid_ctx_length) &&
+        (memcmp(ssl->sid_ctx, ssl->ctx->sid_ctx, ssl->sid_ctx_length) == 0)) {
+        ssl->sid_ctx_length = ctx->sid_ctx_length;
+        memcpy(&ssl->sid_ctx, &ctx->sid_ctx, sizeof(ssl->sid_ctx));
+    }
+
+    SSL_CTX_up_ref(ctx);
+    SSL_CTX_free(ssl->ctx);     /* decrement reference count */
+    ssl->ctx = ctx;
+
+    return ssl->ctx;
+}
+
+int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
+{
+    return X509_STORE_set_default_paths(ctx->cert_store);
+}
+
+int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx)
+{
+    X509_LOOKUP *lookup;
+
+    lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_hash_dir());
+    if (lookup == NULL)
+        return 0;
+    X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
+
+    /* Clear any errors if the default directory does not exist */
+    ERR_clear_error();
+
+    return 1;
+}
+
+int SSL_CTX_set_default_verify_file(SSL_CTX *ctx)
+{
+    X509_LOOKUP *lookup;
+
+    lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_file());
+    if (lookup == NULL)
+        return 0;
+
+    X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
+
+    /* Clear any errors if the default file does not exist */
+    ERR_clear_error();
+
+    return 1;
+}
+
+int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
+                                  const char *CApath)
+{
+    return X509_STORE_load_locations(ctx->cert_store, CAfile, CApath);
+}
+
+void SSL_set_info_callback(SSL *ssl,
+                           void (*cb) (const SSL *ssl, int type, int val))
+{
+    ssl->info_callback = cb;
+}
+
+/*
+ * One compiler (Diab DCC) doesn't like argument names in returned function
+ * pointer.
+ */
+void (*SSL_get_info_callback(const SSL *ssl)) (const SSL * /* ssl */ ,
+                                               int /* type */ ,
+                                               int /* val */ ) {
+    return ssl->info_callback;
+}
+
+void SSL_set_verify_result(SSL *ssl, long arg)
+{
+    ssl->verify_result = arg;
+}
+
+long SSL_get_verify_result(const SSL *ssl)
+{
+    return ssl->verify_result;
+}
+
+size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen)
+{
+    if (outlen == 0)
+        return sizeof(ssl->s3->client_random);
+    if (outlen > sizeof(ssl->s3->client_random))
+        outlen = sizeof(ssl->s3->client_random);
+    memcpy(out, ssl->s3->client_random, outlen);
+    return outlen;
+}
+
+size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen)
+{
+    if (outlen == 0)
+        return sizeof(ssl->s3->server_random);
+    if (outlen > sizeof(ssl->s3->server_random))
+        outlen = sizeof(ssl->s3->server_random);
+    memcpy(out, ssl->s3->server_random, outlen);
+    return outlen;
+}
+
+size_t SSL_SESSION_get_master_key(const SSL_SESSION *session,
+                                  unsigned char *out, size_t outlen)
+{
+    if (outlen == 0)
+        return session->master_key_length;
+    if (outlen > session->master_key_length)
+        outlen = session->master_key_length;
+    memcpy(out, session->master_key, outlen);
+    return outlen;
+}
+
+int SSL_SESSION_set1_master_key(SSL_SESSION *sess, const unsigned char *in,
+                                size_t len)
+{
+    if (len > sizeof(sess->master_key))
+        return 0;
+
+    memcpy(sess->master_key, in, len);
+    sess->master_key_length = len;
+    return 1;
+}
+
+
+int SSL_set_ex_data(SSL *s, int idx, void *arg)
+{
+    return CRYPTO_set_ex_data(&s->ex_data, idx, arg);
+}
+
+void *SSL_get_ex_data(const SSL *s, int idx)
+{
+    return CRYPTO_get_ex_data(&s->ex_data, idx);
+}
+
+int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg)
+{
+    return CRYPTO_set_ex_data(&s->ex_data, idx, arg);
+}
+
+void *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx)
+{
+    return CRYPTO_get_ex_data(&s->ex_data, idx);
+}
+
+X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx)
+{
+    return ctx->cert_store;
+}
+
+void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store)
+{
+    X509_STORE_free(ctx->cert_store);
+    ctx->cert_store = store;
+}
+
+void SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store)
+{
+    if (store != NULL)
+        X509_STORE_up_ref(store);
+    SSL_CTX_set_cert_store(ctx, store);
+}
+
+int SSL_want(const SSL *s)
+{
+    return s->rwstate;
+}
+
+/**
+ * \brief Set the callback for generating temporary DH keys.
+ * \param ctx the SSL context.
+ * \param dh the callback
+ */
+
+#ifndef OPENSSL_NO_DH
+void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
+                                 DH *(*dh) (SSL *ssl, int is_export,
+                                            int keylength))
+{
+    SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh);
+}
+
+void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh) (SSL *ssl, int is_export,
+                                                  int keylength))
+{
+    SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh);
+}
+#endif
+
+#ifndef OPENSSL_NO_PSK
+int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint)
+{
+    if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
+        SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG);
+        return 0;
+    }
+    OPENSSL_free(ctx->cert->psk_identity_hint);
+    if (identity_hint != NULL) {
+        ctx->cert->psk_identity_hint = OPENSSL_strdup(identity_hint);
+        if (ctx->cert->psk_identity_hint == NULL)
+            return 0;
+    } else
+        ctx->cert->psk_identity_hint = NULL;
+    return 1;
+}
+
+int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint)
+{
+    if (s == NULL)
+        return 0;
+
+    if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
+        SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG);
+        return 0;
+    }
+    OPENSSL_free(s->cert->psk_identity_hint);
+    if (identity_hint != NULL) {
+        s->cert->psk_identity_hint = OPENSSL_strdup(identity_hint);
+        if (s->cert->psk_identity_hint == NULL)
+            return 0;
+    } else
+        s->cert->psk_identity_hint = NULL;
+    return 1;
+}
+
+const char *SSL_get_psk_identity_hint(const SSL *s)
+{
+    if (s == NULL || s->session == NULL)
+        return NULL;
+    return s->session->psk_identity_hint;
+}
+
+const char *SSL_get_psk_identity(const SSL *s)
+{
+    if (s == NULL || s->session == NULL)
+        return NULL;
+    return s->session->psk_identity;
+}
+
+void SSL_set_psk_client_callback(SSL *s, SSL_psk_client_cb_func cb)
+{
+    s->psk_client_callback = cb;
+}
+
+void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb)
+{
+    ctx->psk_client_callback = cb;
+}
+
+void SSL_set_psk_server_callback(SSL *s, SSL_psk_server_cb_func cb)
+{
+    s->psk_server_callback = cb;
+}
+
+void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb)
+{
+    ctx->psk_server_callback = cb;
+}
+#endif
+
+void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb)
+{
+    s->psk_find_session_cb = cb;
+}
+
+void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx,
+                                           SSL_psk_find_session_cb_func cb)
+{
+    ctx->psk_find_session_cb = cb;
+}
+
+void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb)
+{
+    s->psk_use_session_cb = cb;
+}
+
+void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx,
+                                           SSL_psk_use_session_cb_func cb)
+{
+    ctx->psk_use_session_cb = cb;
+}
+
+void SSL_CTX_set_msg_callback(SSL_CTX *ctx,
+                              void (*cb) (int write_p, int version,
+                                          int content_type, const void *buf,
+                                          size_t len, SSL *ssl, void *arg))
+{
+    SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
+}
+
+void SSL_set_msg_callback(SSL *ssl,
+                          void (*cb) (int write_p, int version,
+                                      int content_type, const void *buf,
+                                      size_t len, SSL *ssl, void *arg))
+{
+    SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
+}
+
+void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx,
+                                                int (*cb) (SSL *ssl,
+                                                           int
+                                                           is_forward_secure))
+{
+    SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB,
+                          (void (*)(void))cb);
+}
+
+void SSL_set_not_resumable_session_callback(SSL *ssl,
+                                            int (*cb) (SSL *ssl,
+                                                       int is_forward_secure))
+{
+    SSL_callback_ctrl(ssl, SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB,
+                      (void (*)(void))cb);
+}
+
+void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx,
+                                         size_t (*cb) (SSL *ssl, int type,
+                                                       size_t len, void *arg))
+{
+    ctx->record_padding_cb = cb;
+}
+
+void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg)
+{
+    ctx->record_padding_arg = arg;
+}
+
+void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx)
+{
+    return ctx->record_padding_arg;
+}
+
+int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size)
+{
+    /* block size of 0 or 1 is basically no padding */
+    if (block_size == 1)
+        ctx->block_padding = 0;
+    else if (block_size <= SSL3_RT_MAX_PLAIN_LENGTH)
+        ctx->block_padding = block_size;
+    else
+        return 0;
+    return 1;
+}
+
+void SSL_set_record_padding_callback(SSL *ssl,
+                                     size_t (*cb) (SSL *ssl, int type,
+                                                   size_t len, void *arg))
+{
+    ssl->record_padding_cb = cb;
+}
+
+void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg)
+{
+    ssl->record_padding_arg = arg;
+}
+
+void *SSL_get_record_padding_callback_arg(const SSL *ssl)
+{
+    return ssl->record_padding_arg;
+}
+
+int SSL_set_block_padding(SSL *ssl, size_t block_size)
+{
+    /* block size of 0 or 1 is basically no padding */
+    if (block_size == 1)
+        ssl->block_padding = 0;
+    else if (block_size <= SSL3_RT_MAX_PLAIN_LENGTH)
+        ssl->block_padding = block_size;
+    else
+        return 0;
+    return 1;
+}
+
+int SSL_set_num_tickets(SSL *s, size_t num_tickets)
+{
+    s->num_tickets = num_tickets;
+
+    return 1;
+}
+
+size_t SSL_get_num_tickets(const SSL *s)
+{
+    return s->num_tickets;
+}
+
+int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets)
+{
+    ctx->num_tickets = num_tickets;
+
+    return 1;
+}
+
+size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx)
+{
+    return ctx->num_tickets;
+}
+
+/*
+ * Allocates new EVP_MD_CTX and sets pointer to it into given pointer
+ * variable, freeing EVP_MD_CTX previously stored in that variable, if any.
+ * If EVP_MD pointer is passed, initializes ctx with this |md|.
+ * Returns the newly allocated ctx;
+ */
+
+EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md)
+{
+    ssl_clear_hash_ctx(hash);
+    *hash = EVP_MD_CTX_new();
+    if (*hash == NULL || (md && EVP_DigestInit_ex(*hash, md, NULL) <= 0)) {
+        EVP_MD_CTX_free(*hash);
+        *hash = NULL;
+        return NULL;
+    }
+    return *hash;
+}
+
+void ssl_clear_hash_ctx(EVP_MD_CTX **hash)
+{
+
+    EVP_MD_CTX_free(*hash);
+    *hash = NULL;
+}
+
+/* Retrieve handshake hashes */
+int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen,
+                       size_t *hashlen)
+{
+    EVP_MD_CTX *ctx = NULL;
+    EVP_MD_CTX *hdgst = s->s3->handshake_dgst;
+    int hashleni = EVP_MD_CTX_size(hdgst);
+    int ret = 0;
+
+    if (hashleni < 0 || (size_t)hashleni > outlen) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_HANDSHAKE_HASH,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    ctx = EVP_MD_CTX_new();
+    if (ctx == NULL)
+        goto err;
+
+    if (!EVP_MD_CTX_copy_ex(ctx, hdgst)
+        || EVP_DigestFinal_ex(ctx, out, NULL) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_HANDSHAKE_HASH,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    *hashlen = hashleni;
+
+    ret = 1;
+ err:
+    EVP_MD_CTX_free(ctx);
+    return ret;
+}
+
+int SSL_session_reused(SSL *s)
+{
+    return s->hit;
+}
+
+int SSL_is_server(const SSL *s)
+{
+    return s->server;
+}
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+void SSL_set_debug(SSL *s, int debug)
+{
+    /* Old function was do-nothing anyway... */
+    (void)s;
+    (void)debug;
+}
+#endif
+
+void SSL_set_security_level(SSL *s, int level)
+{
+    s->cert->sec_level = level;
+}
+
+int SSL_get_security_level(const SSL *s)
+{
+    return s->cert->sec_level;
+}
+
+void SSL_set_security_callback(SSL *s,
+                               int (*cb) (const SSL *s, const SSL_CTX *ctx,
+                                          int op, int bits, int nid,
+                                          void *other, void *ex))
+{
+    s->cert->sec_cb = cb;
+}
+
+int (*SSL_get_security_callback(const SSL *s)) (const SSL *s,
+                                                const SSL_CTX *ctx, int op,
+                                                int bits, int nid, void *other,
+                                                void *ex) {
+    return s->cert->sec_cb;
+}
+
+void SSL_set0_security_ex_data(SSL *s, void *ex)
+{
+    s->cert->sec_ex = ex;
+}
+
+void *SSL_get0_security_ex_data(const SSL *s)
+{
+    return s->cert->sec_ex;
+}
+
+void SSL_CTX_set_security_level(SSL_CTX *ctx, int level)
+{
+    ctx->cert->sec_level = level;
+}
+
+int SSL_CTX_get_security_level(const SSL_CTX *ctx)
+{
+    return ctx->cert->sec_level;
+}
+
+void SSL_CTX_set_security_callback(SSL_CTX *ctx,
+                                   int (*cb) (const SSL *s, const SSL_CTX *ctx,
+                                              int op, int bits, int nid,
+                                              void *other, void *ex))
+{
+    ctx->cert->sec_cb = cb;
+}
+
+int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (const SSL *s,
+                                                          const SSL_CTX *ctx,
+                                                          int op, int bits,
+                                                          int nid,
+                                                          void *other,
+                                                          void *ex) {
+    return ctx->cert->sec_cb;
+}
+
+void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex)
+{
+    ctx->cert->sec_ex = ex;
+}
+
+void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx)
+{
+    return ctx->cert->sec_ex;
+}
+
+/*
+ * Get/Set/Clear options in SSL_CTX or SSL, formerly macros, now functions that
+ * can return unsigned long, instead of the generic long return value from the
+ * control interface.
+ */
+unsigned long SSL_CTX_get_options(const SSL_CTX *ctx)
+{
+    return ctx->options;
+}
+
+unsigned long SSL_get_options(const SSL *s)
+{
+    return s->options;
+}
+
+unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op)
+{
+    return ctx->options |= op;
+}
+
+unsigned long SSL_set_options(SSL *s, unsigned long op)
+{
+    return s->options |= op;
+}
+
+unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op)
+{
+    return ctx->options &= ~op;
+}
+
+unsigned long SSL_clear_options(SSL *s, unsigned long op)
+{
+    return s->options &= ~op;
+}
+
+STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s)
+{
+    return s->verified_chain;
+}
+
+IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
+
+#ifndef OPENSSL_NO_CT
+
+/*
+ * Moves SCTs from the |src| stack to the |dst| stack.
+ * The source of each SCT will be set to |origin|.
+ * If |dst| points to a NULL pointer, a new stack will be created and owned by
+ * the caller.
+ * Returns the number of SCTs moved, or a negative integer if an error occurs.
+ */
+static int ct_move_scts(STACK_OF(SCT) **dst, STACK_OF(SCT) *src,
+                        sct_source_t origin)
+{
+    int scts_moved = 0;
+    SCT *sct = NULL;
+
+    if (*dst == NULL) {
+        *dst = sk_SCT_new_null();
+        if (*dst == NULL) {
+            SSLerr(SSL_F_CT_MOVE_SCTS, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+
+    while ((sct = sk_SCT_pop(src)) != NULL) {
+        if (SCT_set_source(sct, origin) != 1)
+            goto err;
+
+        if (sk_SCT_push(*dst, sct) <= 0)
+            goto err;
+        scts_moved += 1;
+    }
+
+    return scts_moved;
+ err:
+    if (sct != NULL)
+        sk_SCT_push(src, sct);  /* Put the SCT back */
+    return -1;
+}
+
+/*
+ * Look for data collected during ServerHello and parse if found.
+ * Returns the number of SCTs extracted.
+ */
+static int ct_extract_tls_extension_scts(SSL *s)
+{
+    int scts_extracted = 0;
+
+    if (s->ext.scts != NULL) {
+        const unsigned char *p = s->ext.scts;
+        STACK_OF(SCT) *scts = o2i_SCT_LIST(NULL, &p, s->ext.scts_len);
+
+        scts_extracted = ct_move_scts(&s->scts, scts, SCT_SOURCE_TLS_EXTENSION);
+
+        SCT_LIST_free(scts);
+    }
+
+    return scts_extracted;
+}
+
+/*
+ * Checks for an OCSP response and then attempts to extract any SCTs found if it
+ * contains an SCT X509 extension. They will be stored in |s->scts|.
+ * Returns:
+ * - The number of SCTs extracted, assuming an OCSP response exists.
+ * - 0 if no OCSP response exists or it contains no SCTs.
+ * - A negative integer if an error occurs.
+ */
+static int ct_extract_ocsp_response_scts(SSL *s)
+{
+# ifndef OPENSSL_NO_OCSP
+    int scts_extracted = 0;
+    const unsigned char *p;
+    OCSP_BASICRESP *br = NULL;
+    OCSP_RESPONSE *rsp = NULL;
+    STACK_OF(SCT) *scts = NULL;
+    int i;
+
+    if (s->ext.ocsp.resp == NULL || s->ext.ocsp.resp_len == 0)
+        goto err;
+
+    p = s->ext.ocsp.resp;
+    rsp = d2i_OCSP_RESPONSE(NULL, &p, (int)s->ext.ocsp.resp_len);
+    if (rsp == NULL)
+        goto err;
+
+    br = OCSP_response_get1_basic(rsp);
+    if (br == NULL)
+        goto err;
+
+    for (i = 0; i < OCSP_resp_count(br); ++i) {
+        OCSP_SINGLERESP *single = OCSP_resp_get0(br, i);
+
+        if (single == NULL)
+            continue;
+
+        scts =
+            OCSP_SINGLERESP_get1_ext_d2i(single, NID_ct_cert_scts, NULL, NULL);
+        scts_extracted =
+            ct_move_scts(&s->scts, scts, SCT_SOURCE_OCSP_STAPLED_RESPONSE);
+        if (scts_extracted < 0)
+            goto err;
+    }
+ err:
+    SCT_LIST_free(scts);
+    OCSP_BASICRESP_free(br);
+    OCSP_RESPONSE_free(rsp);
+    return scts_extracted;
+# else
+    /* Behave as if no OCSP response exists */
+    return 0;
+# endif
+}
+
+/*
+ * Attempts to extract SCTs from the peer certificate.
+ * Return the number of SCTs extracted, or a negative integer if an error
+ * occurs.
+ */
+static int ct_extract_x509v3_extension_scts(SSL *s)
+{
+    int scts_extracted = 0;
+    X509 *cert = s->session != NULL ? s->session->peer : NULL;
+
+    if (cert != NULL) {
+        STACK_OF(SCT) *scts =
+            X509_get_ext_d2i(cert, NID_ct_precert_scts, NULL, NULL);
+
+        scts_extracted =
+            ct_move_scts(&s->scts, scts, SCT_SOURCE_X509V3_EXTENSION);
+
+        SCT_LIST_free(scts);
+    }
+
+    return scts_extracted;
+}
+
+/*
+ * Attempts to find all received SCTs by checking TLS extensions, the OCSP
+ * response (if it exists) and X509v3 extensions in the certificate.
+ * Returns NULL if an error occurs.
+ */
+const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s)
+{
+    if (!s->scts_parsed) {
+        if (ct_extract_tls_extension_scts(s) < 0 ||
+            ct_extract_ocsp_response_scts(s) < 0 ||
+            ct_extract_x509v3_extension_scts(s) < 0)
+            goto err;
+
+        s->scts_parsed = 1;
+    }
+    return s->scts;
+ err:
+    return NULL;
+}
+
+static int ct_permissive(const CT_POLICY_EVAL_CTX * ctx,
+                         const STACK_OF(SCT) *scts, void *unused_arg)
+{
+    return 1;
+}
+
+static int ct_strict(const CT_POLICY_EVAL_CTX * ctx,
+                     const STACK_OF(SCT) *scts, void *unused_arg)
+{
+    int count = scts != NULL ? sk_SCT_num(scts) : 0;
+    int i;
+
+    for (i = 0; i < count; ++i) {
+        SCT *sct = sk_SCT_value(scts, i);
+        int status = SCT_get_validation_status(sct);
+
+        if (status == SCT_VALIDATION_STATUS_VALID)
+            return 1;
+    }
+    SSLerr(SSL_F_CT_STRICT, SSL_R_NO_VALID_SCTS);
+    return 0;
+}
+
+int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback,
+                                   void *arg)
+{
+    /*
+     * Since code exists that uses the custom extension handler for CT, look
+     * for this and throw an error if they have already registered to use CT.
+     */
+    if (callback != NULL && SSL_CTX_has_client_custom_ext(s->ctx,
+                                                          TLSEXT_TYPE_signed_certificate_timestamp))
+    {
+        SSLerr(SSL_F_SSL_SET_CT_VALIDATION_CALLBACK,
+               SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED);
+        return 0;
+    }
+
+    if (callback != NULL) {
+        /*
+         * If we are validating CT, then we MUST accept SCTs served via OCSP
+         */
+        if (!SSL_set_tlsext_status_type(s, TLSEXT_STATUSTYPE_ocsp))
+            return 0;
+    }
+
+    s->ct_validation_callback = callback;
+    s->ct_validation_callback_arg = arg;
+
+    return 1;
+}
+
+int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx,
+                                       ssl_ct_validation_cb callback, void *arg)
+{
+    /*
+     * Since code exists that uses the custom extension handler for CT, look for
+     * this and throw an error if they have already registered to use CT.
+     */
+    if (callback != NULL && SSL_CTX_has_client_custom_ext(ctx,
+                                                          TLSEXT_TYPE_signed_certificate_timestamp))
+    {
+        SSLerr(SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK,
+               SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED);
+        return 0;
+    }
+
+    ctx->ct_validation_callback = callback;
+    ctx->ct_validation_callback_arg = arg;
+    return 1;
+}
+
+int SSL_ct_is_enabled(const SSL *s)
+{
+    return s->ct_validation_callback != NULL;
+}
+
+int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx)
+{
+    return ctx->ct_validation_callback != NULL;
+}
+
+int ssl_validate_ct(SSL *s)
+{
+    int ret = 0;
+    X509 *cert = s->session != NULL ? s->session->peer : NULL;
+    X509 *issuer;
+    SSL_DANE *dane = &s->dane;
+    CT_POLICY_EVAL_CTX *ctx = NULL;
+    const STACK_OF(SCT) *scts;
+
+    /*
+     * If no callback is set, the peer is anonymous, or its chain is invalid,
+     * skip SCT validation - just return success.  Applications that continue
+     * handshakes without certificates, with unverified chains, or pinned leaf
+     * certificates are outside the scope of the WebPKI and CT.
+     *
+     * The above exclusions notwithstanding the vast majority of peers will
+     * have rather ordinary certificate chains validated by typical
+     * applications that perform certificate verification and therefore will
+     * process SCTs when enabled.
+     */
+    if (s->ct_validation_callback == NULL || cert == NULL ||
+        s->verify_result != X509_V_OK ||
+        s->verified_chain == NULL || sk_X509_num(s->verified_chain) <= 1)
+        return 1;
+
+    /*
+     * CT not applicable for chains validated via DANE-TA(2) or DANE-EE(3)
+     * trust-anchors.  See https://tools.ietf.org/html/rfc7671#section-4.2
+     */
+    if (DANETLS_ENABLED(dane) && dane->mtlsa != NULL) {
+        switch (dane->mtlsa->usage) {
+        case DANETLS_USAGE_DANE_TA:
+        case DANETLS_USAGE_DANE_EE:
+            return 1;
+        }
+    }
+
+    ctx = CT_POLICY_EVAL_CTX_new();
+    if (ctx == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_VALIDATE_CT,
+                 ERR_R_MALLOC_FAILURE);
+        goto end;
+    }
+
+    issuer = sk_X509_value(s->verified_chain, 1);
+    CT_POLICY_EVAL_CTX_set1_cert(ctx, cert);
+    CT_POLICY_EVAL_CTX_set1_issuer(ctx, issuer);
+    CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(ctx, s->ctx->ctlog_store);
+    CT_POLICY_EVAL_CTX_set_time(
+            ctx, (uint64_t)SSL_SESSION_get_time(SSL_get0_session(s)) * 1000);
+
+    scts = SSL_get0_peer_scts(s);
+
+    /*
+     * This function returns success (> 0) only when all the SCTs are valid, 0
+     * when some are invalid, and < 0 on various internal errors (out of
+     * memory, etc.).  Having some, or even all, invalid SCTs is not sufficient
+     * reason to abort the handshake, that decision is up to the callback.
+     * Therefore, we error out only in the unexpected case that the return
+     * value is negative.
+     *
+     * XXX: One might well argue that the return value of this function is an
+     * unfortunate design choice.  Its job is only to determine the validation
+     * status of each of the provided SCTs.  So long as it correctly separates
+     * the wheat from the chaff it should return success.  Failure in this case
+     * ought to correspond to an inability to carry out its duties.
+     */
+    if (SCT_LIST_validate(scts, ctx) < 0) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_SSL_VALIDATE_CT,
+                 SSL_R_SCT_VERIFICATION_FAILED);
+        goto end;
+    }
+
+    ret = s->ct_validation_callback(ctx, scts, s->ct_validation_callback_arg);
+    if (ret < 0)
+        ret = 0;                /* This function returns 0 on failure */
+    if (!ret)
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_SSL_VALIDATE_CT,
+                 SSL_R_CALLBACK_FAILED);
+
+ end:
+    CT_POLICY_EVAL_CTX_free(ctx);
+    /*
+     * With SSL_VERIFY_NONE the session may be cached and re-used despite a
+     * failure return code here.  Also the application may wish the complete
+     * the handshake, and then disconnect cleanly at a higher layer, after
+     * checking the verification status of the completed connection.
+     *
+     * We therefore force a certificate verification failure which will be
+     * visible via SSL_get_verify_result() and cached as part of any resumed
+     * session.
+     *
+     * Note: the permissive callback is for information gathering only, always
+     * returns success, and does not affect verification status.  Only the
+     * strict callback or a custom application-specified callback can trigger
+     * connection failure or record a verification error.
+     */
+    if (ret <= 0)
+        s->verify_result = X509_V_ERR_NO_VALID_SCTS;
+    return ret;
+}
+
+int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode)
+{
+    switch (validation_mode) {
+    default:
+        SSLerr(SSL_F_SSL_CTX_ENABLE_CT, SSL_R_INVALID_CT_VALIDATION_TYPE);
+        return 0;
+    case SSL_CT_VALIDATION_PERMISSIVE:
+        return SSL_CTX_set_ct_validation_callback(ctx, ct_permissive, NULL);
+    case SSL_CT_VALIDATION_STRICT:
+        return SSL_CTX_set_ct_validation_callback(ctx, ct_strict, NULL);
+    }
+}
+
+int SSL_enable_ct(SSL *s, int validation_mode)
+{
+    switch (validation_mode) {
+    default:
+        SSLerr(SSL_F_SSL_ENABLE_CT, SSL_R_INVALID_CT_VALIDATION_TYPE);
+        return 0;
+    case SSL_CT_VALIDATION_PERMISSIVE:
+        return SSL_set_ct_validation_callback(s, ct_permissive, NULL);
+    case SSL_CT_VALIDATION_STRICT:
+        return SSL_set_ct_validation_callback(s, ct_strict, NULL);
+    }
+}
+
+int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx)
+{
+    return CTLOG_STORE_load_default_file(ctx->ctlog_store);
+}
+
+int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path)
+{
+    return CTLOG_STORE_load_file(ctx->ctlog_store, path);
+}
+
+void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE * logs)
+{
+    CTLOG_STORE_free(ctx->ctlog_store);
+    ctx->ctlog_store = logs;
+}
+
+const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx)
+{
+    return ctx->ctlog_store;
+}
+
+#endif  /* OPENSSL_NO_CT */
+
+void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn cb,
+                                 void *arg)
+{
+    c->client_hello_cb = cb;
+    c->client_hello_cb_arg = arg;
+}
+
+int SSL_client_hello_isv2(SSL *s)
+{
+    if (s->clienthello == NULL)
+        return 0;
+    return s->clienthello->isv2;
+}
+
+unsigned int SSL_client_hello_get0_legacy_version(SSL *s)
+{
+    if (s->clienthello == NULL)
+        return 0;
+    return s->clienthello->legacy_version;
+}
+
+size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out)
+{
+    if (s->clienthello == NULL)
+        return 0;
+    if (out != NULL)
+        *out = s->clienthello->random;
+    return SSL3_RANDOM_SIZE;
+}
+
+size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out)
+{
+    if (s->clienthello == NULL)
+        return 0;
+    if (out != NULL)
+        *out = s->clienthello->session_id;
+    return s->clienthello->session_id_len;
+}
+
+size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out)
+{
+    if (s->clienthello == NULL)
+        return 0;
+    if (out != NULL)
+        *out = PACKET_data(&s->clienthello->ciphersuites);
+    return PACKET_remaining(&s->clienthello->ciphersuites);
+}
+
+size_t SSL_client_hello_get0_compression_methods(SSL *s, const unsigned char **out)
+{
+    if (s->clienthello == NULL)
+        return 0;
+    if (out != NULL)
+        *out = s->clienthello->compressions;
+    return s->clienthello->compressions_len;
+}
+
+int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen)
+{
+    RAW_EXTENSION *ext;
+    int *present;
+    size_t num = 0, i;
+
+    if (s->clienthello == NULL || out == NULL || outlen == NULL)
+        return 0;
+    for (i = 0; i < s->clienthello->pre_proc_exts_len; i++) {
+        ext = s->clienthello->pre_proc_exts + i;
+        if (ext->present)
+            num++;
+    }
+    if ((present = OPENSSL_malloc(sizeof(*present) * num)) == NULL) {
+        SSLerr(SSL_F_SSL_CLIENT_HELLO_GET1_EXTENSIONS_PRESENT,
+               ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    for (i = 0; i < s->clienthello->pre_proc_exts_len; i++) {
+        ext = s->clienthello->pre_proc_exts + i;
+        if (ext->present) {
+            if (ext->received_order >= num)
+                goto err;
+            present[ext->received_order] = ext->type;
+        }
+    }
+    *out = present;
+    *outlen = num;
+    return 1;
+ err:
+    OPENSSL_free(present);
+    return 0;
+}
+
+int SSL_client_hello_get0_ext(SSL *s, unsigned int type, const unsigned char **out,
+                       size_t *outlen)
+{
+    size_t i;
+    RAW_EXTENSION *r;
+
+    if (s->clienthello == NULL)
+        return 0;
+    for (i = 0; i < s->clienthello->pre_proc_exts_len; ++i) {
+        r = s->clienthello->pre_proc_exts + i;
+        if (r->present && r->type == type) {
+            if (out != NULL)
+                *out = PACKET_data(&r->data);
+            if (outlen != NULL)
+                *outlen = PACKET_remaining(&r->data);
+            return 1;
+        }
+    }
+    return 0;
+}
+
+int SSL_free_buffers(SSL *ssl)
+{
+    RECORD_LAYER *rl = &ssl->rlayer;
+
+    if (RECORD_LAYER_read_pending(rl) || RECORD_LAYER_write_pending(rl))
+        return 0;
+
+    RECORD_LAYER_release(rl);
+    return 1;
+}
+
+int SSL_alloc_buffers(SSL *ssl)
+{
+    return ssl3_setup_buffers(ssl);
+}
+
+void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb)
+{
+    ctx->keylog_callback = cb;
+}
+
+SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx)
+{
+    return ctx->keylog_callback;
+}
+
+static int nss_keylog_int(const char *prefix,
+                          SSL *ssl,
+                          const uint8_t *parameter_1,
+                          size_t parameter_1_len,
+                          const uint8_t *parameter_2,
+                          size_t parameter_2_len)
+{
+    char *out = NULL;
+    char *cursor = NULL;
+    size_t out_len = 0;
+    size_t i;
+    size_t prefix_len;
+
+    if (ssl->ctx->keylog_callback == NULL)
+        return 1;
+
+    /*
+     * Our output buffer will contain the following strings, rendered with
+     * space characters in between, terminated by a NULL character: first the
+     * prefix, then the first parameter, then the second parameter. The
+     * meaning of each parameter depends on the specific key material being
+     * logged. Note that the first and second parameters are encoded in
+     * hexadecimal, so we need a buffer that is twice their lengths.
+     */
+    prefix_len = strlen(prefix);
+    out_len = prefix_len + (2 * parameter_1_len) + (2 * parameter_2_len) + 3;
+    if ((out = cursor = OPENSSL_malloc(out_len)) == NULL) {
+        SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, SSL_F_NSS_KEYLOG_INT,
+                 ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    strcpy(cursor, prefix);
+    cursor += prefix_len;
+    *cursor++ = ' ';
+
+    for (i = 0; i < parameter_1_len; i++) {
+        sprintf(cursor, "%02x", parameter_1[i]);
+        cursor += 2;
+    }
+    *cursor++ = ' ';
+
+    for (i = 0; i < parameter_2_len; i++) {
+        sprintf(cursor, "%02x", parameter_2[i]);
+        cursor += 2;
+    }
+    *cursor = '\0';
+
+    ssl->ctx->keylog_callback(ssl, (const char *)out);
+    OPENSSL_clear_free(out, out_len);
+    return 1;
+
+}
+
+int ssl_log_rsa_client_key_exchange(SSL *ssl,
+                                    const uint8_t *encrypted_premaster,
+                                    size_t encrypted_premaster_len,
+                                    const uint8_t *premaster,
+                                    size_t premaster_len)
+{
+    if (encrypted_premaster_len < 8) {
+        SSLfatal(ssl, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    /* We only want the first 8 bytes of the encrypted premaster as a tag. */
+    return nss_keylog_int("RSA",
+                          ssl,
+                          encrypted_premaster,
+                          8,
+                          premaster,
+                          premaster_len);
+}
+
+int ssl_log_secret(SSL *ssl,
+                   const char *label,
+                   const uint8_t *secret,
+                   size_t secret_len)
+{
+    return nss_keylog_int(label,
+                          ssl,
+                          ssl->s3->client_random,
+                          SSL3_RANDOM_SIZE,
+                          secret,
+                          secret_len);
+}
+
+#define SSLV2_CIPHER_LEN    3
+
+int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format)
+{
+    int n;
+
+    n = sslv2format ? SSLV2_CIPHER_LEN : TLS_CIPHER_LEN;
+
+    if (PACKET_remaining(cipher_suites) == 0) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SSL_CACHE_CIPHERLIST,
+                 SSL_R_NO_CIPHERS_SPECIFIED);
+        return 0;
+    }
+
+    if (PACKET_remaining(cipher_suites) % n != 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL_CACHE_CIPHERLIST,
+                 SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
+        return 0;
+    }
+
+    OPENSSL_free(s->s3->tmp.ciphers_raw);
+    s->s3->tmp.ciphers_raw = NULL;
+    s->s3->tmp.ciphers_rawlen = 0;
+
+    if (sslv2format) {
+        size_t numciphers = PACKET_remaining(cipher_suites) / n;
+        PACKET sslv2ciphers = *cipher_suites;
+        unsigned int leadbyte;
+        unsigned char *raw;
+
+        /*
+         * We store the raw ciphers list in SSLv3+ format so we need to do some
+         * preprocessing to convert the list first. If there are any SSLv2 only
+         * ciphersuites with a non-zero leading byte then we are going to
+         * slightly over allocate because we won't store those. But that isn't a
+         * problem.
+         */
+        raw = OPENSSL_malloc(numciphers * TLS_CIPHER_LEN);
+        s->s3->tmp.ciphers_raw = raw;
+        if (raw == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CACHE_CIPHERLIST,
+                     ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        for (s->s3->tmp.ciphers_rawlen = 0;
+             PACKET_remaining(&sslv2ciphers) > 0;
+             raw += TLS_CIPHER_LEN) {
+            if (!PACKET_get_1(&sslv2ciphers, &leadbyte)
+                    || (leadbyte == 0
+                        && !PACKET_copy_bytes(&sslv2ciphers, raw,
+                                              TLS_CIPHER_LEN))
+                    || (leadbyte != 0
+                        && !PACKET_forward(&sslv2ciphers, TLS_CIPHER_LEN))) {
+                SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL_CACHE_CIPHERLIST,
+                         SSL_R_BAD_PACKET);
+                OPENSSL_free(s->s3->tmp.ciphers_raw);
+                s->s3->tmp.ciphers_raw = NULL;
+                s->s3->tmp.ciphers_rawlen = 0;
+                return 0;
+            }
+            if (leadbyte == 0)
+                s->s3->tmp.ciphers_rawlen += TLS_CIPHER_LEN;
+        }
+    } else if (!PACKET_memdup(cipher_suites, &s->s3->tmp.ciphers_raw,
+                           &s->s3->tmp.ciphers_rawlen)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CACHE_CIPHERLIST,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    return 1;
+}
+
+int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len,
+                             int isv2format, STACK_OF(SSL_CIPHER) **sk,
+                             STACK_OF(SSL_CIPHER) **scsvs)
+{
+    PACKET pkt;
+
+    if (!PACKET_buf_init(&pkt, bytes, len))
+        return 0;
+    return bytes_to_cipher_list(s, &pkt, sk, scsvs, isv2format, 0);
+}
+
+int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
+                         STACK_OF(SSL_CIPHER) **skp,
+                         STACK_OF(SSL_CIPHER) **scsvs_out,
+                         int sslv2format, int fatal)
+{
+    const SSL_CIPHER *c;
+    STACK_OF(SSL_CIPHER) *sk = NULL;
+    STACK_OF(SSL_CIPHER) *scsvs = NULL;
+    int n;
+    /* 3 = SSLV2_CIPHER_LEN > TLS_CIPHER_LEN = 2. */
+    unsigned char cipher[SSLV2_CIPHER_LEN];
+
+    n = sslv2format ? SSLV2_CIPHER_LEN : TLS_CIPHER_LEN;
+
+    if (PACKET_remaining(cipher_suites) == 0) {
+        if (fatal)
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_BYTES_TO_CIPHER_LIST,
+                     SSL_R_NO_CIPHERS_SPECIFIED);
+        else
+            SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, SSL_R_NO_CIPHERS_SPECIFIED);
+        return 0;
+    }
+
+    if (PACKET_remaining(cipher_suites) % n != 0) {
+        if (fatal)
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_BYTES_TO_CIPHER_LIST,
+                     SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
+        else
+            SSLerr(SSL_F_BYTES_TO_CIPHER_LIST,
+                   SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
+        return 0;
+    }
+
+    sk = sk_SSL_CIPHER_new_null();
+    scsvs = sk_SSL_CIPHER_new_null();
+    if (sk == NULL || scsvs == NULL) {
+        if (fatal)
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_BYTES_TO_CIPHER_LIST,
+                     ERR_R_MALLOC_FAILURE);
+        else
+            SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    while (PACKET_copy_bytes(cipher_suites, cipher, n)) {
+        /*
+         * SSLv3 ciphers wrapped in an SSLv2-compatible ClientHello have the
+         * first byte set to zero, while true SSLv2 ciphers have a non-zero
+         * first byte. We don't support any true SSLv2 ciphers, so skip them.
+         */
+        if (sslv2format && cipher[0] != '\0')
+            continue;
+
+        /* For SSLv2-compat, ignore leading 0-byte. */
+        c = ssl_get_cipher_by_char(s, sslv2format ? &cipher[1] : cipher, 1);
+        if (c != NULL) {
+            if ((c->valid && !sk_SSL_CIPHER_push(sk, c)) ||
+                (!c->valid && !sk_SSL_CIPHER_push(scsvs, c))) {
+                if (fatal)
+                    SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                             SSL_F_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
+                else
+                    SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+        }
+    }
+    if (PACKET_remaining(cipher_suites) > 0) {
+        if (fatal)
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_BYTES_TO_CIPHER_LIST,
+                     SSL_R_BAD_LENGTH);
+        else
+            SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, SSL_R_BAD_LENGTH);
+        goto err;
+    }
+
+    if (skp != NULL)
+        *skp = sk;
+    else
+        sk_SSL_CIPHER_free(sk);
+    if (scsvs_out != NULL)
+        *scsvs_out = scsvs;
+    else
+        sk_SSL_CIPHER_free(scsvs);
+    return 1;
+ err:
+    sk_SSL_CIPHER_free(sk);
+    sk_SSL_CIPHER_free(scsvs);
+    return 0;
+}
+
+int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data)
+{
+    ctx->max_early_data = max_early_data;
+
+    return 1;
+}
+
+uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx)
+{
+    return ctx->max_early_data;
+}
+
+int SSL_set_max_early_data(SSL *s, uint32_t max_early_data)
+{
+    s->max_early_data = max_early_data;
+
+    return 1;
+}
+
+uint32_t SSL_get_max_early_data(const SSL *s)
+{
+    return s->max_early_data;
+}
+
+int SSL_CTX_set_recv_max_early_data(SSL_CTX *ctx, uint32_t recv_max_early_data)
+{
+    ctx->recv_max_early_data = recv_max_early_data;
+
+    return 1;
+}
+
+uint32_t SSL_CTX_get_recv_max_early_data(const SSL_CTX *ctx)
+{
+    return ctx->recv_max_early_data;
+}
+
+int SSL_set_recv_max_early_data(SSL *s, uint32_t recv_max_early_data)
+{
+    s->recv_max_early_data = recv_max_early_data;
+
+    return 1;
+}
+
+uint32_t SSL_get_recv_max_early_data(const SSL *s)
+{
+    return s->recv_max_early_data;
+}
+
+__owur unsigned int ssl_get_max_send_fragment(const SSL *ssl)
+{
+    /* Return any active Max Fragment Len extension */
+    if (ssl->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(ssl->session))
+        return GET_MAX_FRAGMENT_LENGTH(ssl->session);
+
+    /* return current SSL connection setting */
+    return ssl->max_send_fragment;
+}
+
+__owur unsigned int ssl_get_split_send_fragment(const SSL *ssl)
+{
+    /* Return a value regarding an active Max Fragment Len extension */
+    if (ssl->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(ssl->session)
+        && ssl->split_send_fragment > GET_MAX_FRAGMENT_LENGTH(ssl->session))
+        return GET_MAX_FRAGMENT_LENGTH(ssl->session);
+
+    /* else limit |split_send_fragment| to current |max_send_fragment| */
+    if (ssl->split_send_fragment > ssl->max_send_fragment)
+        return ssl->max_send_fragment;
+
+    /* return current SSL connection setting */
+    return ssl->split_send_fragment;
+}
+
+int SSL_stateless(SSL *s)
+{
+    int ret;
+
+    /* Ensure there is no state left over from a previous invocation */
+    if (!SSL_clear(s))
+        return 0;
+
+    ERR_clear_error();
+
+    s->s3->flags |= TLS1_FLAGS_STATELESS;
+    ret = SSL_accept(s);
+    s->s3->flags &= ~TLS1_FLAGS_STATELESS;
+
+    if (ret > 0 && s->ext.cookieok)
+        return 1;
+
+    if (s->hello_retry_request == SSL_HRR_PENDING && !ossl_statem_in_error(s))
+        return 0;
+
+    return -1;
+}
+
+void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val)
+{
+    ctx->pha_enabled = val;
+}
+
+void SSL_set_post_handshake_auth(SSL *ssl, int val)
+{
+    ssl->pha_enabled = val;
+}
+
+int SSL_verify_client_post_handshake(SSL *ssl)
+{
+    if (!SSL_IS_TLS13(ssl)) {
+        SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_WRONG_SSL_VERSION);
+        return 0;
+    }
+    if (!ssl->server) {
+        SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_NOT_SERVER);
+        return 0;
+    }
+
+    if (!SSL_is_init_finished(ssl)) {
+        SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_STILL_IN_INIT);
+        return 0;
+    }
+
+    switch (ssl->post_handshake_auth) {
+    case SSL_PHA_NONE:
+        SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_EXTENSION_NOT_RECEIVED);
+        return 0;
+    default:
+    case SSL_PHA_EXT_SENT:
+        SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, ERR_R_INTERNAL_ERROR);
+        return 0;
+    case SSL_PHA_EXT_RECEIVED:
+        break;
+    case SSL_PHA_REQUEST_PENDING:
+        SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_REQUEST_PENDING);
+        return 0;
+    case SSL_PHA_REQUESTED:
+        SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_REQUEST_SENT);
+        return 0;
+    }
+
+    ssl->post_handshake_auth = SSL_PHA_REQUEST_PENDING;
+
+    /* checks verify_mode and algorithm_auth */
+    if (!send_certificate_request(ssl)) {
+        ssl->post_handshake_auth = SSL_PHA_EXT_RECEIVED; /* restore on error */
+        SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_INVALID_CONFIG);
+        return 0;
+    }
+
+    ossl_statem_set_in_init(ssl, 1);
+    return 1;
+}
+
+int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx,
+                                  SSL_CTX_generate_session_ticket_fn gen_cb,
+                                  SSL_CTX_decrypt_session_ticket_fn dec_cb,
+                                  void *arg)
+{
+    ctx->generate_ticket_cb = gen_cb;
+    ctx->decrypt_ticket_cb = dec_cb;
+    ctx->ticket_cb_data = arg;
+    return 1;
+}
+
+void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx,
+                                     SSL_allow_early_data_cb_fn cb,
+                                     void *arg)
+{
+    ctx->allow_early_data_cb = cb;
+    ctx->allow_early_data_cb_data = arg;
+}
+
+void SSL_set_allow_early_data_cb(SSL *s,
+                                 SSL_allow_early_data_cb_fn cb,
+                                 void *arg)
+{
+    s->allow_early_data_cb = cb;
+    s->allow_early_data_cb_data = arg;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_locl.h b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_locl.h
new file mode 100644
index 000000000..f326399e0
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_locl.h
@@ -0,0 +1,2666 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_SSL_LOCL_H
+# define HEADER_SSL_LOCL_H
+
+# include "e_os.h"              /* struct timeval for DTLS */
+# include <stdlib.h>
+# include <time.h>
+# include <string.h>
+# include <errno.h>
+
+# include <openssl/buffer.h>
+# include <openssl/comp.h>
+# include <openssl/bio.h>
+# include <openssl/rsa.h>
+# include <openssl/dsa.h>
+# include <openssl/err.h>
+# include <openssl/ssl.h>
+# include <openssl/async.h>
+# include <openssl/symhacks.h>
+# include <openssl/ct.h>
+# include "record/record.h"
+# include "statem/statem.h"
+# include "packet_locl.h"
+# include "internal/dane.h"
+# include "internal/refcount.h"
+# include "internal/tsan_assist.h"
+
+# ifdef OPENSSL_BUILD_SHLIBSSL
+#  undef OPENSSL_EXTERN
+#  define OPENSSL_EXTERN OPENSSL_EXPORT
+# endif
+
+# define c2l(c,l)        (l = ((unsigned long)(*((c)++)))     , \
+                         l|=(((unsigned long)(*((c)++)))<< 8), \
+                         l|=(((unsigned long)(*((c)++)))<<16), \
+                         l|=(((unsigned long)(*((c)++)))<<24))
+
+/* NOTE - c is not incremented as per c2l */
+# define c2ln(c,l1,l2,n) { \
+                        c+=n; \
+                        l1=l2=0; \
+                        switch (n) { \
+                        case 8: l2 =((unsigned long)(*(--(c))))<<24; \
+                        case 7: l2|=((unsigned long)(*(--(c))))<<16; \
+                        case 6: l2|=((unsigned long)(*(--(c))))<< 8; \
+                        case 5: l2|=((unsigned long)(*(--(c))));     \
+                        case 4: l1 =((unsigned long)(*(--(c))))<<24; \
+                        case 3: l1|=((unsigned long)(*(--(c))))<<16; \
+                        case 2: l1|=((unsigned long)(*(--(c))))<< 8; \
+                        case 1: l1|=((unsigned long)(*(--(c))));     \
+                                } \
+                        }
+
+# define l2c(l,c)        (*((c)++)=(unsigned char)(((l)    )&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>24)&0xff))
+
+# define n2l(c,l)        (l =((unsigned long)(*((c)++)))<<24, \
+                         l|=((unsigned long)(*((c)++)))<<16, \
+                         l|=((unsigned long)(*((c)++)))<< 8, \
+                         l|=((unsigned long)(*((c)++))))
+
+# define n2l8(c,l)       (l =((uint64_t)(*((c)++)))<<56, \
+                         l|=((uint64_t)(*((c)++)))<<48, \
+                         l|=((uint64_t)(*((c)++)))<<40, \
+                         l|=((uint64_t)(*((c)++)))<<32, \
+                         l|=((uint64_t)(*((c)++)))<<24, \
+                         l|=((uint64_t)(*((c)++)))<<16, \
+                         l|=((uint64_t)(*((c)++)))<< 8, \
+                         l|=((uint64_t)(*((c)++))))
+
+
+# define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+                         *((c)++)=(unsigned char)(((l)    )&0xff))
+
+# define l2n6(l,c)       (*((c)++)=(unsigned char)(((l)>>40)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>32)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>24)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+                         *((c)++)=(unsigned char)(((l)    )&0xff))
+
+# define l2n8(l,c)       (*((c)++)=(unsigned char)(((l)>>56)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>48)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>40)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>32)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>24)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+                         *((c)++)=(unsigned char)(((l)    )&0xff))
+
+/* NOTE - c is not incremented as per l2c */
+# define l2cn(l1,l2,c,n) { \
+                        c+=n; \
+                        switch (n) { \
+                        case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
+                        case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
+                        case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
+                        case 5: *(--(c))=(unsigned char)(((l2)    )&0xff); \
+                        case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
+                        case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
+                        case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
+                        case 1: *(--(c))=(unsigned char)(((l1)    )&0xff); \
+                                } \
+                        }
+
+# define n2s(c,s)        ((s=(((unsigned int)((c)[0]))<< 8)| \
+                             (((unsigned int)((c)[1]))    )),(c)+=2)
+# define s2n(s,c)        (((c)[0]=(unsigned char)(((s)>> 8)&0xff), \
+                           (c)[1]=(unsigned char)(((s)    )&0xff)),(c)+=2)
+
+# define n2l3(c,l)       ((l =(((unsigned long)((c)[0]))<<16)| \
+                              (((unsigned long)((c)[1]))<< 8)| \
+                              (((unsigned long)((c)[2]))    )),(c)+=3)
+
+# define l2n3(l,c)       (((c)[0]=(unsigned char)(((l)>>16)&0xff), \
+                           (c)[1]=(unsigned char)(((l)>> 8)&0xff), \
+                           (c)[2]=(unsigned char)(((l)    )&0xff)),(c)+=3)
+
+/*
+ * DTLS version numbers are strange because they're inverted. Except for
+ * DTLS1_BAD_VER, which should be considered "lower" than the rest.
+ */
+# define dtls_ver_ordinal(v1) (((v1) == DTLS1_BAD_VER) ? 0xff00 : (v1))
+# define DTLS_VERSION_GT(v1, v2) (dtls_ver_ordinal(v1) < dtls_ver_ordinal(v2))
+# define DTLS_VERSION_GE(v1, v2) (dtls_ver_ordinal(v1) <= dtls_ver_ordinal(v2))
+# define DTLS_VERSION_LT(v1, v2) (dtls_ver_ordinal(v1) > dtls_ver_ordinal(v2))
+# define DTLS_VERSION_LE(v1, v2) (dtls_ver_ordinal(v1) >= dtls_ver_ordinal(v2))
+
+
+/*
+ * Define the Bitmasks for SSL_CIPHER.algorithms.
+ * This bits are used packed as dense as possible. If new methods/ciphers
+ * etc will be added, the bits a likely to change, so this information
+ * is for internal library use only, even though SSL_CIPHER.algorithms
+ * can be publicly accessed.
+ * Use the according functions for cipher management instead.
+ *
+ * The bit mask handling in the selection and sorting scheme in
+ * ssl_create_cipher_list() has only limited capabilities, reflecting
+ * that the different entities within are mutually exclusive:
+ * ONLY ONE BIT PER MASK CAN BE SET AT A TIME.
+ */
+
+/* Bits for algorithm_mkey (key exchange algorithm) */
+/* RSA key exchange */
+# define SSL_kRSA                0x00000001U
+/* tmp DH key no DH cert */
+# define SSL_kDHE                0x00000002U
+/* synonym */
+# define SSL_kEDH                SSL_kDHE
+/* ephemeral ECDH */
+# define SSL_kECDHE              0x00000004U
+/* synonym */
+# define SSL_kEECDH              SSL_kECDHE
+/* PSK */
+# define SSL_kPSK                0x00000008U
+/* GOST key exchange */
+# define SSL_kGOST               0x00000010U
+/* SRP */
+# define SSL_kSRP                0x00000020U
+
+# define SSL_kRSAPSK             0x00000040U
+# define SSL_kECDHEPSK           0x00000080U
+# define SSL_kDHEPSK             0x00000100U
+
+/* all PSK */
+
+# define SSL_PSK     (SSL_kPSK | SSL_kRSAPSK | SSL_kECDHEPSK | SSL_kDHEPSK)
+
+/* Any appropriate key exchange algorithm (for TLS 1.3 ciphersuites) */
+# define SSL_kANY                0x00000000U
+
+/* Bits for algorithm_auth (server authentication) */
+/* RSA auth */
+# define SSL_aRSA                0x00000001U
+/* DSS auth */
+# define SSL_aDSS                0x00000002U
+/* no auth (i.e. use ADH or AECDH) */
+# define SSL_aNULL               0x00000004U
+/* ECDSA auth*/
+# define SSL_aECDSA              0x00000008U
+/* PSK auth */
+# define SSL_aPSK                0x00000010U
+/* GOST R 34.10-2001 signature auth */
+# define SSL_aGOST01             0x00000020U
+/* SRP auth */
+# define SSL_aSRP                0x00000040U
+/* GOST R 34.10-2012 signature auth */
+# define SSL_aGOST12             0x00000080U
+/* Any appropriate signature auth (for TLS 1.3 ciphersuites) */
+# define SSL_aANY                0x00000000U
+/* All bits requiring a certificate */
+#define SSL_aCERT \
+    (SSL_aRSA | SSL_aDSS | SSL_aECDSA | SSL_aGOST01 | SSL_aGOST12)
+
+/* Bits for algorithm_enc (symmetric encryption) */
+# define SSL_DES                 0x00000001U
+# define SSL_3DES                0x00000002U
+# define SSL_RC4                 0x00000004U
+# define SSL_RC2                 0x00000008U
+# define SSL_IDEA                0x00000010U
+# define SSL_eNULL               0x00000020U
+# define SSL_AES128              0x00000040U
+# define SSL_AES256              0x00000080U
+# define SSL_CAMELLIA128         0x00000100U
+# define SSL_CAMELLIA256         0x00000200U
+# define SSL_eGOST2814789CNT     0x00000400U
+# define SSL_SEED                0x00000800U
+# define SSL_AES128GCM           0x00001000U
+# define SSL_AES256GCM           0x00002000U
+# define SSL_AES128CCM           0x00004000U
+# define SSL_AES256CCM           0x00008000U
+# define SSL_AES128CCM8          0x00010000U
+# define SSL_AES256CCM8          0x00020000U
+# define SSL_eGOST2814789CNT12   0x00040000U
+# define SSL_CHACHA20POLY1305    0x00080000U
+# define SSL_ARIA128GCM          0x00100000U
+# define SSL_ARIA256GCM          0x00200000U
+
+# define SSL_AESGCM              (SSL_AES128GCM | SSL_AES256GCM)
+# define SSL_AESCCM              (SSL_AES128CCM | SSL_AES256CCM | SSL_AES128CCM8 | SSL_AES256CCM8)
+# define SSL_AES                 (SSL_AES128|SSL_AES256|SSL_AESGCM|SSL_AESCCM)
+# define SSL_CAMELLIA            (SSL_CAMELLIA128|SSL_CAMELLIA256)
+# define SSL_CHACHA20            (SSL_CHACHA20POLY1305)
+# define SSL_ARIAGCM             (SSL_ARIA128GCM | SSL_ARIA256GCM)
+# define SSL_ARIA                (SSL_ARIAGCM)
+
+/* Bits for algorithm_mac (symmetric authentication) */
+
+# define SSL_MD5                 0x00000001U
+# define SSL_SHA1                0x00000002U
+# define SSL_GOST94      0x00000004U
+# define SSL_GOST89MAC   0x00000008U
+# define SSL_SHA256              0x00000010U
+# define SSL_SHA384              0x00000020U
+/* Not a real MAC, just an indication it is part of cipher */
+# define SSL_AEAD                0x00000040U
+# define SSL_GOST12_256          0x00000080U
+# define SSL_GOST89MAC12         0x00000100U
+# define SSL_GOST12_512          0x00000200U
+
+/*
+ * When adding new digest in the ssl_ciph.c and increment SSL_MD_NUM_IDX make
+ * sure to update this constant too
+ */
+
+# define SSL_MD_MD5_IDX  0
+# define SSL_MD_SHA1_IDX 1
+# define SSL_MD_GOST94_IDX 2
+# define SSL_MD_GOST89MAC_IDX 3
+# define SSL_MD_SHA256_IDX 4
+# define SSL_MD_SHA384_IDX 5
+# define SSL_MD_GOST12_256_IDX  6
+# define SSL_MD_GOST89MAC12_IDX 7
+# define SSL_MD_GOST12_512_IDX  8
+# define SSL_MD_MD5_SHA1_IDX 9
+# define SSL_MD_SHA224_IDX 10
+# define SSL_MD_SHA512_IDX 11
+# define SSL_MAX_DIGEST 12
+
+/* Bits for algorithm2 (handshake digests and other extra flags) */
+
+/* Bits 0-7 are handshake MAC */
+# define SSL_HANDSHAKE_MAC_MASK  0xFF
+# define SSL_HANDSHAKE_MAC_MD5_SHA1 SSL_MD_MD5_SHA1_IDX
+# define SSL_HANDSHAKE_MAC_SHA256   SSL_MD_SHA256_IDX
+# define SSL_HANDSHAKE_MAC_SHA384   SSL_MD_SHA384_IDX
+# define SSL_HANDSHAKE_MAC_GOST94 SSL_MD_GOST94_IDX
+# define SSL_HANDSHAKE_MAC_GOST12_256 SSL_MD_GOST12_256_IDX
+# define SSL_HANDSHAKE_MAC_GOST12_512 SSL_MD_GOST12_512_IDX
+# define SSL_HANDSHAKE_MAC_DEFAULT  SSL_HANDSHAKE_MAC_MD5_SHA1
+
+/* Bits 8-15 bits are PRF */
+# define TLS1_PRF_DGST_SHIFT 8
+# define TLS1_PRF_SHA1_MD5 (SSL_MD_MD5_SHA1_IDX << TLS1_PRF_DGST_SHIFT)
+# define TLS1_PRF_SHA256 (SSL_MD_SHA256_IDX << TLS1_PRF_DGST_SHIFT)
+# define TLS1_PRF_SHA384 (SSL_MD_SHA384_IDX << TLS1_PRF_DGST_SHIFT)
+# define TLS1_PRF_GOST94 (SSL_MD_GOST94_IDX << TLS1_PRF_DGST_SHIFT)
+# define TLS1_PRF_GOST12_256 (SSL_MD_GOST12_256_IDX << TLS1_PRF_DGST_SHIFT)
+# define TLS1_PRF_GOST12_512 (SSL_MD_GOST12_512_IDX << TLS1_PRF_DGST_SHIFT)
+# define TLS1_PRF            (SSL_MD_MD5_SHA1_IDX << TLS1_PRF_DGST_SHIFT)
+
+/*
+ * Stream MAC for GOST ciphersuites from cryptopro draft (currently this also
+ * goes into algorithm2)
+ */
+# define TLS1_STREAM_MAC 0x10000
+
+# define SSL_STRONG_MASK         0x0000001FU
+# define SSL_DEFAULT_MASK        0X00000020U
+
+# define SSL_STRONG_NONE         0x00000001U
+# define SSL_LOW                 0x00000002U
+# define SSL_MEDIUM              0x00000004U
+# define SSL_HIGH                0x00000008U
+# define SSL_FIPS                0x00000010U
+# define SSL_NOT_DEFAULT         0x00000020U
+
+/* we have used 0000003f - 26 bits left to go */
+
+/* Flag used on OpenSSL ciphersuite ids to indicate they are for SSLv3+ */
+# define SSL3_CK_CIPHERSUITE_FLAG                0x03000000
+
+/* Check if an SSL structure is using DTLS */
+# define SSL_IS_DTLS(s)  (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)
+
+/* Check if we are using TLSv1.3 */
+# define SSL_IS_TLS13(s) (!SSL_IS_DTLS(s) \
+                          && (s)->method->version >= TLS1_3_VERSION \
+                          && (s)->method->version != TLS_ANY_VERSION)
+
+# define SSL_TREAT_AS_TLS13(s) \
+    (SSL_IS_TLS13(s) || (s)->early_data_state == SSL_EARLY_DATA_CONNECTING \
+     || (s)->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY \
+     || (s)->early_data_state == SSL_EARLY_DATA_WRITING \
+     || (s)->early_data_state == SSL_EARLY_DATA_WRITE_RETRY \
+     || (s)->hello_retry_request == SSL_HRR_PENDING)
+
+# define SSL_IS_FIRST_HANDSHAKE(S) ((s)->s3->tmp.finish_md_len == 0 \
+                                    || (s)->s3->tmp.peer_finish_md_len == 0)
+
+/* See if we need explicit IV */
+# define SSL_USE_EXPLICIT_IV(s)  \
+                (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_EXPLICIT_IV)
+/*
+ * See if we use signature algorithms extension and signature algorithm
+ * before signatures.
+ */
+# define SSL_USE_SIGALGS(s)      \
+                        (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SIGALGS)
+/*
+ * Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2: may
+ * apply to others in future.
+ */
+# define SSL_USE_TLS1_2_CIPHERS(s)       \
+                (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS)
+/*
+ * Determine if a client can use TLS 1.2 ciphersuites: can't rely on method
+ * flags because it may not be set to correct version yet.
+ */
+# define SSL_CLIENT_USE_TLS1_2_CIPHERS(s)        \
+    ((!SSL_IS_DTLS(s) && s->client_version >= TLS1_2_VERSION) || \
+     (SSL_IS_DTLS(s) && DTLS_VERSION_GE(s->client_version, DTLS1_2_VERSION)))
+/*
+ * Determine if a client should send signature algorithms extension:
+ * as with TLS1.2 cipher we can't rely on method flags.
+ */
+# define SSL_CLIENT_USE_SIGALGS(s)        \
+    SSL_CLIENT_USE_TLS1_2_CIPHERS(s)
+
+# define IS_MAX_FRAGMENT_LENGTH_EXT_VALID(value) \
+    (((value) >= TLSEXT_max_fragment_length_512) && \
+     ((value) <= TLSEXT_max_fragment_length_4096))
+# define USE_MAX_FRAGMENT_LENGTH_EXT(session) \
+    IS_MAX_FRAGMENT_LENGTH_EXT_VALID(session->ext.max_fragment_len_mode)
+# define GET_MAX_FRAGMENT_LENGTH(session) \
+    (512U << (session->ext.max_fragment_len_mode - 1))
+
+# define SSL_READ_ETM(s) (s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC_READ)
+# define SSL_WRITE_ETM(s) (s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE)
+
+/* Mostly for SSLv3 */
+# define SSL_PKEY_RSA            0
+# define SSL_PKEY_RSA_PSS_SIGN   1
+# define SSL_PKEY_DSA_SIGN       2
+# define SSL_PKEY_ECC            3
+# define SSL_PKEY_GOST01         4
+# define SSL_PKEY_GOST12_256     5
+# define SSL_PKEY_GOST12_512     6
+# define SSL_PKEY_ED25519        7
+# define SSL_PKEY_ED448          8
+# define SSL_PKEY_NUM            9
+
+/*-
+ * SSL_kRSA <- RSA_ENC
+ * SSL_kDH  <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN)
+ * SSL_kDHE <- RSA_ENC | RSA_SIGN | DSA_SIGN
+ * SSL_aRSA <- RSA_ENC | RSA_SIGN
+ * SSL_aDSS <- DSA_SIGN
+ */
+
+/*-
+#define CERT_INVALID            0
+#define CERT_PUBLIC_KEY         1
+#define CERT_PRIVATE_KEY        2
+*/
+
+/* Post-Handshake Authentication state */
+typedef enum {
+    SSL_PHA_NONE = 0,
+    SSL_PHA_EXT_SENT,        /* client-side only: extension sent */
+    SSL_PHA_EXT_RECEIVED,    /* server-side only: extension received */
+    SSL_PHA_REQUEST_PENDING, /* server-side only: request pending */
+    SSL_PHA_REQUESTED        /* request received by client, or sent by server */
+} SSL_PHA_STATE;
+
+/* CipherSuite length. SSLv3 and all TLS versions. */
+# define TLS_CIPHER_LEN 2
+/* used to hold info on the particular ciphers used */
+struct ssl_cipher_st {
+    uint32_t valid;
+    const char *name;           /* text name */
+    const char *stdname;        /* RFC name */
+    uint32_t id;                /* id, 4 bytes, first is version */
+    /*
+     * changed in 1.0.0: these four used to be portions of a single value
+     * 'algorithms'
+     */
+    uint32_t algorithm_mkey;    /* key exchange algorithm */
+    uint32_t algorithm_auth;    /* server authentication */
+    uint32_t algorithm_enc;     /* symmetric encryption */
+    uint32_t algorithm_mac;     /* symmetric authentication */
+    int min_tls;                /* minimum SSL/TLS protocol version */
+    int max_tls;                /* maximum SSL/TLS protocol version */
+    int min_dtls;               /* minimum DTLS protocol version */
+    int max_dtls;               /* maximum DTLS protocol version */
+    uint32_t algo_strength;     /* strength and export flags */
+    uint32_t algorithm2;        /* Extra flags */
+    int32_t strength_bits;      /* Number of bits really used */
+    uint32_t alg_bits;          /* Number of bits for algorithm */
+};
+
+/* Used to hold SSL/TLS functions */
+struct ssl_method_st {
+    int version;
+    unsigned flags;
+    unsigned long mask;
+    int (*ssl_new) (SSL *s);
+    int (*ssl_clear) (SSL *s);
+    void (*ssl_free) (SSL *s);
+    int (*ssl_accept) (SSL *s);
+    int (*ssl_connect) (SSL *s);
+    int (*ssl_read) (SSL *s, void *buf, size_t len, size_t *readbytes);
+    int (*ssl_peek) (SSL *s, void *buf, size_t len, size_t *readbytes);
+    int (*ssl_write) (SSL *s, const void *buf, size_t len, size_t *written);
+    int (*ssl_shutdown) (SSL *s);
+    int (*ssl_renegotiate) (SSL *s);
+    int (*ssl_renegotiate_check) (SSL *s, int);
+    int (*ssl_read_bytes) (SSL *s, int type, int *recvd_type,
+                           unsigned char *buf, size_t len, int peek,
+                           size_t *readbytes);
+    int (*ssl_write_bytes) (SSL *s, int type, const void *buf_, size_t len,
+                            size_t *written);
+    int (*ssl_dispatch_alert) (SSL *s);
+    long (*ssl_ctrl) (SSL *s, int cmd, long larg, void *parg);
+    long (*ssl_ctx_ctrl) (SSL_CTX *ctx, int cmd, long larg, void *parg);
+    const SSL_CIPHER *(*get_cipher_by_char) (const unsigned char *ptr);
+    int (*put_cipher_by_char) (const SSL_CIPHER *cipher, WPACKET *pkt,
+                               size_t *len);
+    size_t (*ssl_pending) (const SSL *s);
+    int (*num_ciphers) (void);
+    const SSL_CIPHER *(*get_cipher) (unsigned ncipher);
+    long (*get_timeout) (void);
+    const struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
+    int (*ssl_version) (void);
+    long (*ssl_callback_ctrl) (SSL *s, int cb_id, void (*fp) (void));
+    long (*ssl_ctx_callback_ctrl) (SSL_CTX *s, int cb_id, void (*fp) (void));
+};
+
+/*
+ * Matches the length of PSK_MAX_PSK_LEN. We keep it the same value for
+ * consistency, even in the event of OPENSSL_NO_PSK being defined.
+ */
+# define TLS13_MAX_RESUMPTION_PSK_LENGTH      256
+
+/*-
+ * Lets make this into an ASN.1 type structure as follows
+ * SSL_SESSION_ID ::= SEQUENCE {
+ *      version                 INTEGER,        -- structure version number
+ *      SSLversion              INTEGER,        -- SSL version number
+ *      Cipher                  OCTET STRING,   -- the 3 byte cipher ID
+ *      Session_ID              OCTET STRING,   -- the Session ID
+ *      Master_key              OCTET STRING,   -- the master key
+ *      Key_Arg [ 0 ] IMPLICIT  OCTET STRING,   -- the optional Key argument
+ *      Time [ 1 ] EXPLICIT     INTEGER,        -- optional Start Time
+ *      Timeout [ 2 ] EXPLICIT  INTEGER,        -- optional Timeout ins seconds
+ *      Peer [ 3 ] EXPLICIT     X509,           -- optional Peer Certificate
+ *      Session_ID_context [ 4 ] EXPLICIT OCTET STRING,   -- the Session ID context
+ *      Verify_result [ 5 ] EXPLICIT INTEGER,   -- X509_V_... code for `Peer'
+ *      HostName [ 6 ] EXPLICIT OCTET STRING,   -- optional HostName from servername TLS extension
+ *      PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint
+ *      PSK_identity [ 8 ] EXPLICIT OCTET STRING,  -- optional PSK identity
+ *      Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket
+ *      Ticket [10]             EXPLICIT OCTET STRING, -- session ticket (clients only)
+ *      Compression_meth [11]   EXPLICIT OCTET STRING, -- optional compression method
+ *      SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username
+ *      flags [ 13 ] EXPLICIT INTEGER -- optional flags
+ *      }
+ * Look in ssl/ssl_asn1.c for more details
+ * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
+ */
+struct ssl_session_st {
+    int ssl_version;            /* what ssl version session info is being kept
+                                 * in here? */
+    size_t master_key_length;
+
+    /* TLSv1.3 early_secret used for external PSKs */
+    unsigned char early_secret[EVP_MAX_MD_SIZE];
+    /*
+     * For <=TLS1.2 this is the master_key. For TLS1.3 this is the resumption
+     * PSK
+     */
+    unsigned char master_key[TLS13_MAX_RESUMPTION_PSK_LENGTH];
+    /* session_id - valid? */
+    size_t session_id_length;
+    unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
+    /*
+     * this is used to determine whether the session is being reused in the
+     * appropriate context. It is up to the application to set this, via
+     * SSL_new
+     */
+    size_t sid_ctx_length;
+    unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
+# ifndef OPENSSL_NO_PSK
+    char *psk_identity_hint;
+    char *psk_identity;
+# endif
+    /*
+     * Used to indicate that session resumption is not allowed. Applications
+     * can also set this bit for a new session via not_resumable_session_cb
+     * to disable session caching and tickets.
+     */
+    int not_resumable;
+    /* This is the cert and type for the other end. */
+    X509 *peer;
+    int peer_type;
+    /* Certificate chain peer sent. */
+    STACK_OF(X509) *peer_chain;
+    /*
+     * when app_verify_callback accepts a session where the peer's
+     * certificate is not ok, we must remember the error for session reuse:
+     */
+    long verify_result;         /* only for servers */
+    CRYPTO_REF_COUNT references;
+    long timeout;
+    long time;
+    unsigned int compress_meth; /* Need to lookup the method */
+    const SSL_CIPHER *cipher;
+    unsigned long cipher_id;    /* when ASN.1 loaded, this needs to be used to
+                                 * load the 'cipher' structure */
+    STACK_OF(SSL_CIPHER) *ciphers; /* ciphers offered by the client */
+    CRYPTO_EX_DATA ex_data;     /* application specific data */
+    /*
+     * These are used to make removal of session-ids more efficient and to
+     * implement a maximum cache size.
+     */
+    struct ssl_session_st *prev, *next;
+
+    struct {
+        char *hostname;
+# ifndef OPENSSL_NO_EC
+        size_t ecpointformats_len;
+        unsigned char *ecpointformats; /* peer's list */
+# endif                         /* OPENSSL_NO_EC */
+        size_t supportedgroups_len;
+        uint16_t *supportedgroups; /* peer's list */
+    /* RFC4507 info */
+        unsigned char *tick; /* Session ticket */
+        size_t ticklen;      /* Session ticket length */
+        /* Session lifetime hint in seconds */
+        unsigned long tick_lifetime_hint;
+        uint32_t tick_age_add;
+        int tick_identity;
+        /* Max number of bytes that can be sent as early data */
+        uint32_t max_early_data;
+        /* The ALPN protocol selected for this session */
+        unsigned char *alpn_selected;
+        size_t alpn_selected_len;
+        /*
+         * Maximum Fragment Length as per RFC 4366.
+         * If this value does not contain RFC 4366 allowed values (1-4) then
+         * either the Maximum Fragment Length Negotiation failed or was not
+         * performed at all.
+         */
+        uint8_t max_fragment_len_mode;
+    } ext;
+# ifndef OPENSSL_NO_SRP
+    char *srp_username;
+# endif
+    unsigned char *ticket_appdata;
+    size_t ticket_appdata_len;
+    uint32_t flags;
+    CRYPTO_RWLOCK *lock;
+};
+
+/* Extended master secret support */
+# define SSL_SESS_FLAG_EXTMS             0x1
+
+# ifndef OPENSSL_NO_SRP
+
+typedef struct srp_ctx_st {
+    /* param for all the callbacks */
+    void *SRP_cb_arg;
+    /* set client Hello login callback */
+    int (*TLS_ext_srp_username_callback) (SSL *, int *, void *);
+    /* set SRP N/g param callback for verification */
+    int (*SRP_verify_param_callback) (SSL *, void *);
+    /* set SRP client passwd callback */
+    char *(*SRP_give_srp_client_pwd_callback) (SSL *, void *);
+    char *login;
+    BIGNUM *N, *g, *s, *B, *A;
+    BIGNUM *a, *b, *v;
+    char *info;
+    int strength;
+    unsigned long srp_Mask;
+} SRP_CTX;
+
+# endif
+
+typedef enum {
+    SSL_EARLY_DATA_NONE = 0,
+    SSL_EARLY_DATA_CONNECT_RETRY,
+    SSL_EARLY_DATA_CONNECTING,
+    SSL_EARLY_DATA_WRITE_RETRY,
+    SSL_EARLY_DATA_WRITING,
+    SSL_EARLY_DATA_WRITE_FLUSH,
+    SSL_EARLY_DATA_UNAUTH_WRITING,
+    SSL_EARLY_DATA_FINISHED_WRITING,
+    SSL_EARLY_DATA_ACCEPT_RETRY,
+    SSL_EARLY_DATA_ACCEPTING,
+    SSL_EARLY_DATA_READ_RETRY,
+    SSL_EARLY_DATA_READING,
+    SSL_EARLY_DATA_FINISHED_READING
+} SSL_EARLY_DATA_STATE;
+
+/*
+ * We check that the amount of unreadable early data doesn't exceed
+ * max_early_data. max_early_data is given in plaintext bytes. However if it is
+ * unreadable then we only know the number of ciphertext bytes. We also don't
+ * know how much the overhead should be because it depends on the ciphersuite.
+ * We make a small allowance. We assume 5 records of actual data plus the end
+ * of early data alert record. Each record has a tag and a content type byte.
+ * The longest tag length we know of is EVP_GCM_TLS_TAG_LEN. We don't count the
+ * content of the alert record either which is 2 bytes.
+ */
+# define EARLY_DATA_CIPHERTEXT_OVERHEAD ((6 * (EVP_GCM_TLS_TAG_LEN + 1)) + 2)
+
+/*
+ * The allowance we have between the client's calculated ticket age and our own.
+ * We allow for 10 seconds (units are in ms). If a ticket is presented and the
+ * client's age calculation is different by more than this than our own then we
+ * do not allow that ticket for early_data.
+ */
+# define TICKET_AGE_ALLOWANCE   (10 * 1000)
+
+#define MAX_COMPRESSIONS_SIZE   255
+
+struct ssl_comp_st {
+    int id;
+    const char *name;
+    COMP_METHOD *method;
+};
+
+typedef struct raw_extension_st {
+    /* Raw packet data for the extension */
+    PACKET data;
+    /* Set to 1 if the extension is present or 0 otherwise */
+    int present;
+    /* Set to 1 if we have already parsed the extension or 0 otherwise */
+    int parsed;
+    /* The type of this extension, i.e. a TLSEXT_TYPE_* value */
+    unsigned int type;
+    /* Track what order extensions are received in (0-based). */
+    size_t received_order;
+} RAW_EXTENSION;
+
+typedef struct {
+    unsigned int isv2;
+    unsigned int legacy_version;
+    unsigned char random[SSL3_RANDOM_SIZE];
+    size_t session_id_len;
+    unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
+    size_t dtls_cookie_len;
+    unsigned char dtls_cookie[DTLS1_COOKIE_LENGTH];
+    PACKET ciphersuites;
+    size_t compressions_len;
+    unsigned char compressions[MAX_COMPRESSIONS_SIZE];
+    PACKET extensions;
+    size_t pre_proc_exts_len;
+    RAW_EXTENSION *pre_proc_exts;
+} CLIENTHELLO_MSG;
+
+/*
+ * Extension index values NOTE: Any updates to these defines should be mirrored
+ * with equivalent updates to ext_defs in extensions.c
+ */
+typedef enum tlsext_index_en {
+    TLSEXT_IDX_renegotiate,
+    TLSEXT_IDX_server_name,
+    TLSEXT_IDX_max_fragment_length,
+    TLSEXT_IDX_srp,
+    TLSEXT_IDX_ec_point_formats,
+    TLSEXT_IDX_supported_groups,
+    TLSEXT_IDX_session_ticket,
+    TLSEXT_IDX_status_request,
+    TLSEXT_IDX_next_proto_neg,
+    TLSEXT_IDX_application_layer_protocol_negotiation,
+    TLSEXT_IDX_use_srtp,
+    TLSEXT_IDX_encrypt_then_mac,
+    TLSEXT_IDX_signed_certificate_timestamp,
+    TLSEXT_IDX_extended_master_secret,
+    TLSEXT_IDX_signature_algorithms_cert,
+    TLSEXT_IDX_post_handshake_auth,
+    TLSEXT_IDX_signature_algorithms,
+    TLSEXT_IDX_supported_versions,
+    TLSEXT_IDX_psk_kex_modes,
+    TLSEXT_IDX_key_share,
+    TLSEXT_IDX_cookie,
+    TLSEXT_IDX_cryptopro_bug,
+    TLSEXT_IDX_early_data,
+    TLSEXT_IDX_certificate_authorities,
+    TLSEXT_IDX_padding,
+    TLSEXT_IDX_psk,
+    /* Dummy index - must always be the last entry */
+    TLSEXT_IDX_num_builtins
+} TLSEXT_INDEX;
+
+DEFINE_LHASH_OF(SSL_SESSION);
+/* Needed in ssl_cert.c */
+DEFINE_LHASH_OF(X509_NAME);
+
+# define TLSEXT_KEYNAME_LENGTH  16
+# define TLSEXT_TICK_KEY_LENGTH 32
+
+typedef struct ssl_ctx_ext_secure_st {
+    unsigned char tick_hmac_key[TLSEXT_TICK_KEY_LENGTH];
+    unsigned char tick_aes_key[TLSEXT_TICK_KEY_LENGTH];
+} SSL_CTX_EXT_SECURE;
+
+struct ssl_ctx_st {
+    const SSL_METHOD *method;
+    STACK_OF(SSL_CIPHER) *cipher_list;
+    /* same as above but sorted for lookup */
+    STACK_OF(SSL_CIPHER) *cipher_list_by_id;
+    /* TLSv1.3 specific ciphersuites */
+    STACK_OF(SSL_CIPHER) *tls13_ciphersuites;
+    struct x509_store_st /* X509_STORE */ *cert_store;
+    LHASH_OF(SSL_SESSION) *sessions;
+    /*
+     * Most session-ids that will be cached, default is
+     * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited.
+     */
+    size_t session_cache_size;
+    struct ssl_session_st *session_cache_head;
+    struct ssl_session_st *session_cache_tail;
+    /*
+     * This can have one of 2 values, ored together, SSL_SESS_CACHE_CLIENT,
+     * SSL_SESS_CACHE_SERVER, Default is SSL_SESSION_CACHE_SERVER, which
+     * means only SSL_accept will cache SSL_SESSIONS.
+     */
+    uint32_t session_cache_mode;
+    /*
+     * If timeout is not 0, it is the default timeout value set when
+     * SSL_new() is called.  This has been put in to make life easier to set
+     * things up
+     */
+    long session_timeout;
+    /*
+     * If this callback is not null, it will be called each time a session id
+     * is added to the cache.  If this function returns 1, it means that the
+     * callback will do a SSL_SESSION_free() when it has finished using it.
+     * Otherwise, on 0, it means the callback has finished with it. If
+     * remove_session_cb is not null, it will be called when a session-id is
+     * removed from the cache.  After the call, OpenSSL will
+     * SSL_SESSION_free() it.
+     */
+    int (*new_session_cb) (struct ssl_st *ssl, SSL_SESSION *sess);
+    void (*remove_session_cb) (struct ssl_ctx_st *ctx, SSL_SESSION *sess);
+    SSL_SESSION *(*get_session_cb) (struct ssl_st *ssl,
+                                    const unsigned char *data, int len,
+                                    int *copy);
+    struct {
+        TSAN_QUALIFIER int sess_connect;       /* SSL new conn - started */
+        TSAN_QUALIFIER int sess_connect_renegotiate; /* SSL reneg - requested */
+        TSAN_QUALIFIER int sess_connect_good;  /* SSL new conne/reneg - finished */
+        TSAN_QUALIFIER int sess_accept;        /* SSL new accept - started */
+        TSAN_QUALIFIER int sess_accept_renegotiate; /* SSL reneg - requested */
+        TSAN_QUALIFIER int sess_accept_good;   /* SSL accept/reneg - finished */
+        TSAN_QUALIFIER int sess_miss;          /* session lookup misses */
+        TSAN_QUALIFIER int sess_timeout;       /* reuse attempt on timeouted session */
+        TSAN_QUALIFIER int sess_cache_full;    /* session removed due to full cache */
+        TSAN_QUALIFIER int sess_hit;           /* session reuse actually done */
+        TSAN_QUALIFIER int sess_cb_hit;        /* session-id that was not in
+                                                * the cache was passed back via
+                                                * the callback. This indicates
+                                                * that the application is
+                                                * supplying session-id's from
+                                                * other processes - spooky
+                                                * :-) */
+    } stats;
+
+    CRYPTO_REF_COUNT references;
+
+    /* if defined, these override the X509_verify_cert() calls */
+    int (*app_verify_callback) (X509_STORE_CTX *, void *);
+    void *app_verify_arg;
+    /*
+     * before OpenSSL 0.9.7, 'app_verify_arg' was ignored
+     * ('app_verify_callback' was called with just one argument)
+     */
+
+    /* Default password callback. */
+    pem_password_cb *default_passwd_callback;
+
+    /* Default password callback user data. */
+    void *default_passwd_callback_userdata;
+
+    /* get client cert callback */
+    int (*client_cert_cb) (SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+
+    /* cookie generate callback */
+    int (*app_gen_cookie_cb) (SSL *ssl, unsigned char *cookie,
+                              unsigned int *cookie_len);
+
+    /* verify cookie callback */
+    int (*app_verify_cookie_cb) (SSL *ssl, const unsigned char *cookie,
+                                 unsigned int cookie_len);
+
+    /* TLS1.3 app-controlled cookie generate callback */
+    int (*gen_stateless_cookie_cb) (SSL *ssl, unsigned char *cookie,
+                                    size_t *cookie_len);
+
+    /* TLS1.3 verify app-controlled cookie callback */
+    int (*verify_stateless_cookie_cb) (SSL *ssl, const unsigned char *cookie,
+                                       size_t cookie_len);
+
+    CRYPTO_EX_DATA ex_data;
+
+    const EVP_MD *md5;          /* For SSLv3/TLSv1 'ssl3-md5' */
+    const EVP_MD *sha1;         /* For SSLv3/TLSv1 'ssl3->sha1' */
+
+    STACK_OF(X509) *extra_certs;
+    STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */
+
+    /* Default values used when no per-SSL value is defined follow */
+
+    /* used if SSL's info_callback is NULL */
+    void (*info_callback) (const SSL *ssl, int type, int val);
+
+    /*
+     * What we put in certificate_authorities extension for TLS 1.3
+     * (ClientHello and CertificateRequest) or just client cert requests for
+     * earlier versions. If client_ca_names is populated then it is only used
+     * for client cert requests, and in preference to ca_names.
+     */
+    STACK_OF(X509_NAME) *ca_names;
+    STACK_OF(X509_NAME) *client_ca_names;
+
+    /*
+     * Default values to use in SSL structures follow (these are copied by
+     * SSL_new)
+     */
+
+    uint32_t options;
+    uint32_t mode;
+    int min_proto_version;
+    int max_proto_version;
+    size_t max_cert_list;
+
+    struct cert_st /* CERT */ *cert;
+    int read_ahead;
+
+    /* callback that allows applications to peek at protocol messages */
+    void (*msg_callback) (int write_p, int version, int content_type,
+                          const void *buf, size_t len, SSL *ssl, void *arg);
+    void *msg_callback_arg;
+
+    uint32_t verify_mode;
+    size_t sid_ctx_length;
+    unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
+    /* called 'verify_callback' in the SSL */
+    int (*default_verify_callback) (int ok, X509_STORE_CTX *ctx);
+
+    /* Default generate session ID callback. */
+    GEN_SESSION_CB generate_session_id;
+
+    X509_VERIFY_PARAM *param;
+
+    int quiet_shutdown;
+
+# ifndef OPENSSL_NO_CT
+    CTLOG_STORE *ctlog_store;   /* CT Log Store */
+    /*
+     * Validates that the SCTs (Signed Certificate Timestamps) are sufficient.
+     * If they are not, the connection should be aborted.
+     */
+    ssl_ct_validation_cb ct_validation_callback;
+    void *ct_validation_callback_arg;
+# endif
+
+    /*
+     * If we're using more than one pipeline how should we divide the data
+     * up between the pipes?
+     */
+    size_t split_send_fragment;
+    /*
+     * Maximum amount of data to send in one fragment. actual record size can
+     * be more than this due to padding and MAC overheads.
+     */
+    size_t max_send_fragment;
+
+    /* Up to how many pipelines should we use? If 0 then 1 is assumed */
+    size_t max_pipelines;
+
+    /* The default read buffer length to use (0 means not set) */
+    size_t default_read_buf_len;
+
+# ifndef OPENSSL_NO_ENGINE
+    /*
+     * Engine to pass requests for client certs to
+     */
+    ENGINE *client_cert_engine;
+# endif
+
+    /* ClientHello callback.  Mostly for extensions, but not entirely. */
+    SSL_client_hello_cb_fn client_hello_cb;
+    void *client_hello_cb_arg;
+
+    /* TLS extensions. */
+    struct {
+        /* TLS extensions servername callback */
+        int (*servername_cb) (SSL *, int *, void *);
+        void *servername_arg;
+        /* RFC 4507 session ticket keys */
+        unsigned char tick_key_name[TLSEXT_KEYNAME_LENGTH];
+        SSL_CTX_EXT_SECURE *secure;
+        /* Callback to support customisation of ticket key setting */
+        int (*ticket_key_cb) (SSL *ssl,
+                              unsigned char *name, unsigned char *iv,
+                              EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc);
+
+        /* certificate status request info */
+        /* Callback for status request */
+        int (*status_cb) (SSL *ssl, void *arg);
+        void *status_arg;
+        /* ext status type used for CSR extension (OCSP Stapling) */
+        int status_type;
+        /* RFC 4366 Maximum Fragment Length Negotiation */
+        uint8_t max_fragment_len_mode;
+
+# ifndef OPENSSL_NO_EC
+        /* EC extension values inherited by SSL structure */
+        size_t ecpointformats_len;
+        unsigned char *ecpointformats;
+        size_t supportedgroups_len;
+        uint16_t *supportedgroups;
+# endif                         /* OPENSSL_NO_EC */
+
+        /*
+         * ALPN information (we are in the process of transitioning from NPN to
+         * ALPN.)
+         */
+
+        /*-
+         * For a server, this contains a callback function that allows the
+         * server to select the protocol for the connection.
+         *   out: on successful return, this must point to the raw protocol
+         *        name (without the length prefix).
+         *   outlen: on successful return, this contains the length of |*out|.
+         *   in: points to the client's list of supported protocols in
+         *       wire-format.
+         *   inlen: the length of |in|.
+         */
+        int (*alpn_select_cb) (SSL *s,
+                               const unsigned char **out,
+                               unsigned char *outlen,
+                               const unsigned char *in,
+                               unsigned int inlen, void *arg);
+        void *alpn_select_cb_arg;
+
+        /*
+         * For a client, this contains the list of supported protocols in wire
+         * format.
+         */
+        unsigned char *alpn;
+        size_t alpn_len;
+
+# ifndef OPENSSL_NO_NEXTPROTONEG
+        /* Next protocol negotiation information */
+
+        /*
+         * For a server, this contains a callback function by which the set of
+         * advertised protocols can be provided.
+         */
+        SSL_CTX_npn_advertised_cb_func npn_advertised_cb;
+        void *npn_advertised_cb_arg;
+        /*
+         * For a client, this contains a callback function that selects the next
+         * protocol from the list provided by the server.
+         */
+        SSL_CTX_npn_select_cb_func npn_select_cb;
+        void *npn_select_cb_arg;
+# endif
+
+        unsigned char cookie_hmac_key[SHA256_DIGEST_LENGTH];
+    } ext;
+
+# ifndef OPENSSL_NO_PSK
+    SSL_psk_client_cb_func psk_client_callback;
+    SSL_psk_server_cb_func psk_server_callback;
+# endif
+    SSL_psk_find_session_cb_func psk_find_session_cb;
+    SSL_psk_use_session_cb_func psk_use_session_cb;
+
+# ifndef OPENSSL_NO_SRP
+    SRP_CTX srp_ctx;            /* ctx for SRP authentication */
+# endif
+
+    /* Shared DANE context */
+    struct dane_ctx_st dane;
+
+# ifndef OPENSSL_NO_SRTP
+    /* SRTP profiles we are willing to do from RFC 5764 */
+    STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
+# endif
+    /*
+     * Callback for disabling session caching and ticket support on a session
+     * basis, depending on the chosen cipher.
+     */
+    int (*not_resumable_session_cb) (SSL *ssl, int is_forward_secure);
+
+    CRYPTO_RWLOCK *lock;
+
+    /*
+     * Callback for logging key material for use with debugging tools like
+     * Wireshark. The callback should log `line` followed by a newline.
+     */
+    SSL_CTX_keylog_cb_func keylog_callback;
+
+    /*
+     * The maximum number of bytes advertised in session tickets that can be
+     * sent as early data.
+     */
+    uint32_t max_early_data;
+
+    /*
+     * The maximum number of bytes of early data that a server will tolerate
+     * (which should be at least as much as max_early_data).
+     */
+    uint32_t recv_max_early_data;
+
+    /* TLS1.3 padding callback */
+    size_t (*record_padding_cb)(SSL *s, int type, size_t len, void *arg);
+    void *record_padding_arg;
+    size_t block_padding;
+
+    /* Session ticket appdata */
+    SSL_CTX_generate_session_ticket_fn generate_ticket_cb;
+    SSL_CTX_decrypt_session_ticket_fn decrypt_ticket_cb;
+    void *ticket_cb_data;
+
+    /* The number of TLS1.3 tickets to automatically send */
+    size_t num_tickets;
+
+    /* Callback to determine if early_data is acceptable or not */
+    SSL_allow_early_data_cb_fn allow_early_data_cb;
+    void *allow_early_data_cb_data;
+
+    /* Do we advertise Post-handshake auth support? */
+    int pha_enabled;
+};
+
+struct ssl_st {
+    /*
+     * protocol version (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION,
+     * DTLS1_VERSION)
+     */
+    int version;
+    /* SSLv3 */
+    const SSL_METHOD *method;
+    /*
+     * There are 2 BIO's even though they are normally both the same.  This
+     * is so data can be read and written to different handlers
+     */
+    /* used by SSL_read */
+    BIO *rbio;
+    /* used by SSL_write */
+    BIO *wbio;
+    /* used during session-id reuse to concatenate messages */
+    BIO *bbio;
+    /*
+     * This holds a variable that indicates what we were doing when a 0 or -1
+     * is returned.  This is needed for non-blocking IO so we know what
+     * request needs re-doing when in SSL_accept or SSL_connect
+     */
+    int rwstate;
+    int (*handshake_func) (SSL *);
+    /*
+     * Imagine that here's a boolean member "init" that is switched as soon
+     * as SSL_set_{accept/connect}_state is called for the first time, so
+     * that "state" and "handshake_func" are properly initialized.  But as
+     * handshake_func is == 0 until then, we use this test instead of an
+     * "init" member.
+     */
+    /* are we the server side? */
+    int server;
+    /*
+     * Generate a new session or reuse an old one.
+     * NB: For servers, the 'new' session may actually be a previously
+     * cached session or even the previous session unless
+     * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set
+     */
+    int new_session;
+    /* don't send shutdown packets */
+    int quiet_shutdown;
+    /* we have shut things down, 0x01 sent, 0x02 for received */
+    int shutdown;
+    /* where we are */
+    OSSL_STATEM statem;
+    SSL_EARLY_DATA_STATE early_data_state;
+    BUF_MEM *init_buf;          /* buffer used during init */
+    void *init_msg;             /* pointer to handshake message body, set by
+                                 * ssl3_get_message() */
+    size_t init_num;               /* amount read/written */
+    size_t init_off;               /* amount read/written */
+    struct ssl3_state_st *s3;   /* SSLv3 variables */
+    struct dtls1_state_st *d1;  /* DTLSv1 variables */
+    /* callback that allows applications to peek at protocol messages */
+    void (*msg_callback) (int write_p, int version, int content_type,
+                          const void *buf, size_t len, SSL *ssl, void *arg);
+    void *msg_callback_arg;
+    int hit;                    /* reusing a previous session */
+    X509_VERIFY_PARAM *param;
+    /* Per connection DANE state */
+    SSL_DANE dane;
+    /* crypto */
+    STACK_OF(SSL_CIPHER) *cipher_list;
+    STACK_OF(SSL_CIPHER) *cipher_list_by_id;
+    /* TLSv1.3 specific ciphersuites */
+    STACK_OF(SSL_CIPHER) *tls13_ciphersuites;
+    /*
+     * These are the ones being used, the ones in SSL_SESSION are the ones to
+     * be 'copied' into these ones
+     */
+    uint32_t mac_flags;
+    /*
+     * The TLS1.3 secrets.
+     */
+    unsigned char early_secret[EVP_MAX_MD_SIZE];
+    unsigned char handshake_secret[EVP_MAX_MD_SIZE];
+    unsigned char master_secret[EVP_MAX_MD_SIZE];
+    unsigned char resumption_master_secret[EVP_MAX_MD_SIZE];
+    unsigned char client_finished_secret[EVP_MAX_MD_SIZE];
+    unsigned char server_finished_secret[EVP_MAX_MD_SIZE];
+    unsigned char server_finished_hash[EVP_MAX_MD_SIZE];
+    unsigned char handshake_traffic_hash[EVP_MAX_MD_SIZE];
+    unsigned char client_app_traffic_secret[EVP_MAX_MD_SIZE];
+    unsigned char server_app_traffic_secret[EVP_MAX_MD_SIZE];
+    unsigned char exporter_master_secret[EVP_MAX_MD_SIZE];
+    unsigned char early_exporter_master_secret[EVP_MAX_MD_SIZE];
+    EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */
+    unsigned char read_iv[EVP_MAX_IV_LENGTH]; /* TLSv1.3 static read IV */
+    EVP_MD_CTX *read_hash;      /* used for mac generation */
+    COMP_CTX *compress;         /* compression */
+    COMP_CTX *expand;           /* uncompress */
+    EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
+    unsigned char write_iv[EVP_MAX_IV_LENGTH]; /* TLSv1.3 static write IV */
+    EVP_MD_CTX *write_hash;     /* used for mac generation */
+    /* session info */
+    /* client cert? */
+    /* This is used to hold the server certificate used */
+    struct cert_st /* CERT */ *cert;
+
+    /*
+     * The hash of all messages prior to the CertificateVerify, and the length
+     * of that hash.
+     */
+    unsigned char cert_verify_hash[EVP_MAX_MD_SIZE];
+    size_t cert_verify_hash_len;
+
+    /* Flag to indicate whether we should send a HelloRetryRequest or not */
+    enum {SSL_HRR_NONE = 0, SSL_HRR_PENDING, SSL_HRR_COMPLETE}
+        hello_retry_request;
+
+    /*
+     * the session_id_context is used to ensure sessions are only reused in
+     * the appropriate context
+     */
+    size_t sid_ctx_length;
+    unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
+    /* This can also be in the session once a session is established */
+    SSL_SESSION *session;
+    /* TLSv1.3 PSK session */
+    SSL_SESSION *psksession;
+    unsigned char *psksession_id;
+    size_t psksession_id_len;
+    /* Default generate session ID callback. */
+    GEN_SESSION_CB generate_session_id;
+    /*
+     * The temporary TLSv1.3 session id. This isn't really a session id at all
+     * but is a random value sent in the legacy session id field.
+     */
+    unsigned char tmp_session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
+    size_t tmp_session_id_len;
+    /* Used in SSL3 */
+    /*
+     * 0 don't care about verify failure.
+     * 1 fail if verify fails
+     */
+    uint32_t verify_mode;
+    /* fail if callback returns 0 */
+    int (*verify_callback) (int ok, X509_STORE_CTX *ctx);
+    /* optional informational callback */
+    void (*info_callback) (const SSL *ssl, int type, int val);
+    /* error bytes to be written */
+    int error;
+    /* actual code */
+    int error_code;
+# ifndef OPENSSL_NO_PSK
+    SSL_psk_client_cb_func psk_client_callback;
+    SSL_psk_server_cb_func psk_server_callback;
+# endif
+    SSL_psk_find_session_cb_func psk_find_session_cb;
+    SSL_psk_use_session_cb_func psk_use_session_cb;
+
+    SSL_CTX *ctx;
+    /* Verified chain of peer */
+    STACK_OF(X509) *verified_chain;
+    long verify_result;
+    /* extra application data */
+    CRYPTO_EX_DATA ex_data;
+    /*
+     * What we put in certificate_authorities extension for TLS 1.3
+     * (ClientHello and CertificateRequest) or just client cert requests for
+     * earlier versions. If client_ca_names is populated then it is only used
+     * for client cert requests, and in preference to ca_names.
+     */
+    STACK_OF(X509_NAME) *ca_names;
+    STACK_OF(X509_NAME) *client_ca_names;
+    CRYPTO_REF_COUNT references;
+    /* protocol behaviour */
+    uint32_t options;
+    /* API behaviour */
+    uint32_t mode;
+    int min_proto_version;
+    int max_proto_version;
+    size_t max_cert_list;
+    int first_packet;
+    /*
+     * What was passed in ClientHello.legacy_version. Used for RSA pre-master
+     * secret and SSLv3/TLS (<=1.2) rollback check
+     */
+    int client_version;
+    /*
+     * If we're using more than one pipeline how should we divide the data
+     * up between the pipes?
+     */
+    size_t split_send_fragment;
+    /*
+     * Maximum amount of data to send in one fragment. actual record size can
+     * be more than this due to padding and MAC overheads.
+     */
+    size_t max_send_fragment;
+    /* Up to how many pipelines should we use? If 0 then 1 is assumed */
+    size_t max_pipelines;
+
+    struct {
+        /* Built-in extension flags */
+        uint8_t extflags[TLSEXT_IDX_num_builtins];
+        /* TLS extension debug callback */
+        void (*debug_cb)(SSL *s, int client_server, int type,
+                         const unsigned char *data, int len, void *arg);
+        void *debug_arg;
+        char *hostname;
+        /* certificate status request info */
+        /* Status type or -1 if no status type */
+        int status_type;
+        /* Raw extension data, if seen */
+        unsigned char *scts;
+        /* Length of raw extension data, if seen */
+        uint16_t scts_len;
+        /* Expect OCSP CertificateStatus message */
+        int status_expected;
+
+        struct {
+            /* OCSP status request only */
+            STACK_OF(OCSP_RESPID) *ids;
+            X509_EXTENSIONS *exts;
+            /* OCSP response received or to be sent */
+            unsigned char *resp;
+            size_t resp_len;
+        } ocsp;
+
+        /* RFC4507 session ticket expected to be received or sent */
+        int ticket_expected;
+# ifndef OPENSSL_NO_EC
+        size_t ecpointformats_len;
+        /* our list */
+        unsigned char *ecpointformats;
+# endif                         /* OPENSSL_NO_EC */
+        size_t supportedgroups_len;
+        /* our list */
+        uint16_t *supportedgroups;
+        /* TLS Session Ticket extension override */
+        TLS_SESSION_TICKET_EXT *session_ticket;
+        /* TLS Session Ticket extension callback */
+        tls_session_ticket_ext_cb_fn session_ticket_cb;
+        void *session_ticket_cb_arg;
+        /* TLS pre-shared secret session resumption */
+        tls_session_secret_cb_fn session_secret_cb;
+        void *session_secret_cb_arg;
+        /*
+         * For a client, this contains the list of supported protocols in wire
+         * format.
+         */
+        unsigned char *alpn;
+        size_t alpn_len;
+        /*
+         * Next protocol negotiation. For the client, this is the protocol that
+         * we sent in NextProtocol and is set when handling ServerHello
+         * extensions. For a server, this is the client's selected_protocol from
+         * NextProtocol and is set when handling the NextProtocol message, before
+         * the Finished message.
+         */
+        unsigned char *npn;
+        size_t npn_len;
+
+        /* The available PSK key exchange modes */
+        int psk_kex_mode;
+
+        /* Set to one if we have negotiated ETM */
+        int use_etm;
+
+        /* Are we expecting to receive early data? */
+        int early_data;
+        /* Is the session suitable for early data? */
+        int early_data_ok;
+
+        /* May be sent by a server in HRR. Must be echoed back in ClientHello */
+        unsigned char *tls13_cookie;
+        size_t tls13_cookie_len;
+        /* Have we received a cookie from the client? */
+        int cookieok;
+
+        /*
+         * Maximum Fragment Length as per RFC 4366.
+         * If this member contains one of the allowed values (1-4)
+         * then we should include Maximum Fragment Length Negotiation
+         * extension in Client Hello.
+         * Please note that value of this member does not have direct
+         * effect. The actual (binding) value is stored in SSL_SESSION,
+         * as this extension is optional on server side.
+         */
+        uint8_t max_fragment_len_mode;
+    } ext;
+
+    /*
+     * Parsed form of the ClientHello, kept around across client_hello_cb
+     * calls.
+     */
+    CLIENTHELLO_MSG *clienthello;
+
+    /*-
+     * no further mod of servername
+     * 0 : call the servername extension callback.
+     * 1 : prepare 2, allow last ack just after in server callback.
+     * 2 : don't call servername callback, no ack in server hello
+     */
+    int servername_done;
+# ifndef OPENSSL_NO_CT
+    /*
+     * Validates that the SCTs (Signed Certificate Timestamps) are sufficient.
+     * If they are not, the connection should be aborted.
+     */
+    ssl_ct_validation_cb ct_validation_callback;
+    /* User-supplied argument that is passed to the ct_validation_callback */
+    void *ct_validation_callback_arg;
+    /*
+     * Consolidated stack of SCTs from all sources.
+     * Lazily populated by CT_get_peer_scts(SSL*)
+     */
+    STACK_OF(SCT) *scts;
+    /* Have we attempted to find/parse SCTs yet? */
+    int scts_parsed;
+# endif
+    SSL_CTX *session_ctx;       /* initial ctx, used to store sessions */
+# ifndef OPENSSL_NO_SRTP
+    /* What we'll do */
+    STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
+    /* What's been chosen */
+    SRTP_PROTECTION_PROFILE *srtp_profile;
+# endif
+    /*-
+     * 1 if we are renegotiating.
+     * 2 if we are a server and are inside a handshake
+     * (i.e. not just sending a HelloRequest)
+     */
+    int renegotiate;
+    /* If sending a KeyUpdate is pending */
+    int key_update;
+    /* Post-handshake authentication state */
+    SSL_PHA_STATE post_handshake_auth;
+    int pha_enabled;
+    uint8_t* pha_context;
+    size_t pha_context_len;
+    int certreqs_sent;
+    EVP_MD_CTX *pha_dgst; /* this is just the digest through ClientFinished */
+
+# ifndef OPENSSL_NO_SRP
+    /* ctx for SRP authentication */
+    SRP_CTX srp_ctx;
+# endif
+    /*
+     * Callback for disabling session caching and ticket support on a session
+     * basis, depending on the chosen cipher.
+     */
+    int (*not_resumable_session_cb) (SSL *ssl, int is_forward_secure);
+    RECORD_LAYER rlayer;
+    /* Default password callback. */
+    pem_password_cb *default_passwd_callback;
+    /* Default password callback user data. */
+    void *default_passwd_callback_userdata;
+    /* Async Job info */
+    ASYNC_JOB *job;
+    ASYNC_WAIT_CTX *waitctx;
+    size_t asyncrw;
+
+    /*
+     * The maximum number of bytes advertised in session tickets that can be
+     * sent as early data.
+     */
+    uint32_t max_early_data;
+    /*
+     * The maximum number of bytes of early data that a server will tolerate
+     * (which should be at least as much as max_early_data).
+     */
+    uint32_t recv_max_early_data;
+
+    /*
+     * The number of bytes of early data received so far. If we accepted early
+     * data then this is a count of the plaintext bytes. If we rejected it then
+     * this is a count of the ciphertext bytes.
+     */
+    uint32_t early_data_count;
+
+    /* TLS1.3 padding callback */
+    size_t (*record_padding_cb)(SSL *s, int type, size_t len, void *arg);
+    void *record_padding_arg;
+    size_t block_padding;
+
+    CRYPTO_RWLOCK *lock;
+    RAND_DRBG *drbg;
+
+    /* The number of TLS1.3 tickets to automatically send */
+    size_t num_tickets;
+    /* The number of TLS1.3 tickets actually sent so far */
+    size_t sent_tickets;
+    /* The next nonce value to use when we send a ticket on this connection */
+    uint64_t next_ticket_nonce;
+
+    /* Callback to determine if early_data is acceptable or not */
+    SSL_allow_early_data_cb_fn allow_early_data_cb;
+    void *allow_early_data_cb_data;
+};
+
+/*
+ * Structure containing table entry of values associated with the signature
+ * algorithms (signature scheme) extension
+*/
+typedef struct sigalg_lookup_st {
+    /* TLS 1.3 signature scheme name */
+    const char *name;
+    /* Raw value used in extension */
+    uint16_t sigalg;
+    /* NID of hash algorithm or NID_undef if no hash */
+    int hash;
+    /* Index of hash algorithm or -1 if no hash algorithm */
+    int hash_idx;
+    /* NID of signature algorithm */
+    int sig;
+    /* Index of signature algorithm */
+    int sig_idx;
+    /* Combined hash and signature NID, if any */
+    int sigandhash;
+    /* Required public key curve (ECDSA only) */
+    int curve;
+} SIGALG_LOOKUP;
+
+typedef struct tls_group_info_st {
+    int nid;                    /* Curve NID */
+    int secbits;                /* Bits of security (from SP800-57) */
+    uint16_t flags;             /* Flags: currently just group type */
+} TLS_GROUP_INFO;
+
+/* flags values */
+# define TLS_CURVE_TYPE          0x3 /* Mask for group type */
+# define TLS_CURVE_PRIME         0x0
+# define TLS_CURVE_CHAR2         0x1
+# define TLS_CURVE_CUSTOM        0x2
+
+typedef struct cert_pkey_st CERT_PKEY;
+
+/*
+ * Structure containing table entry of certificate info corresponding to
+ * CERT_PKEY entries
+ */
+typedef struct {
+    int nid; /* NID of pubic key algorithm */
+    uint32_t amask; /* authmask corresponding to key type */
+} SSL_CERT_LOOKUP;
+
+typedef struct ssl3_state_st {
+    long flags;
+    size_t read_mac_secret_size;
+    unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
+    size_t write_mac_secret_size;
+    unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
+    unsigned char server_random[SSL3_RANDOM_SIZE];
+    unsigned char client_random[SSL3_RANDOM_SIZE];
+    /* flags for countermeasure against known-IV weakness */
+    int need_empty_fragments;
+    int empty_fragment_done;
+    /* used during startup, digest all incoming/outgoing packets */
+    BIO *handshake_buffer;
+    /*
+     * When handshake digest is determined, buffer is hashed and
+     * freed and MD_CTX for the required digest is stored here.
+     */
+    EVP_MD_CTX *handshake_dgst;
+    /*
+     * Set whenever an expected ChangeCipherSpec message is processed.
+     * Unset when the peer's Finished message is received.
+     * Unexpected ChangeCipherSpec messages trigger a fatal alert.
+     */
+    int change_cipher_spec;
+    int warn_alert;
+    int fatal_alert;
+    /*
+     * we allow one fatal and one warning alert to be outstanding, send close
+     * alert via the warning alert
+     */
+    int alert_dispatch;
+    unsigned char send_alert[2];
+    /*
+     * This flag is set when we should renegotiate ASAP, basically when there
+     * is no more data in the read or write buffers
+     */
+    int renegotiate;
+    int total_renegotiations;
+    int num_renegotiations;
+    int in_read_app_data;
+    struct {
+        /* actually only need to be 16+20 for SSLv3 and 12 for TLS */
+        unsigned char finish_md[EVP_MAX_MD_SIZE * 2];
+        size_t finish_md_len;
+        unsigned char peer_finish_md[EVP_MAX_MD_SIZE * 2];
+        size_t peer_finish_md_len;
+        size_t message_size;
+        int message_type;
+        /* used to hold the new cipher we are going to use */
+        const SSL_CIPHER *new_cipher;
+# if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
+        EVP_PKEY *pkey;         /* holds short lived DH/ECDH key */
+# endif
+        /* used for certificate requests */
+        int cert_req;
+        /* Certificate types in certificate request message. */
+        uint8_t *ctype;
+        size_t ctype_len;
+        /* Certificate authorities list peer sent */
+        STACK_OF(X509_NAME) *peer_ca_names;
+        size_t key_block_length;
+        unsigned char *key_block;
+        const EVP_CIPHER *new_sym_enc;
+        const EVP_MD *new_hash;
+        int new_mac_pkey_type;
+        size_t new_mac_secret_size;
+# ifndef OPENSSL_NO_COMP
+        const SSL_COMP *new_compression;
+# else
+        char *new_compression;
+# endif
+        int cert_request;
+        /* Raw values of the cipher list from a client */
+        unsigned char *ciphers_raw;
+        size_t ciphers_rawlen;
+        /* Temporary storage for premaster secret */
+        unsigned char *pms;
+        size_t pmslen;
+# ifndef OPENSSL_NO_PSK
+        /* Temporary storage for PSK key */
+        unsigned char *psk;
+        size_t psklen;
+# endif
+        /* Signature algorithm we actually use */
+        const SIGALG_LOOKUP *sigalg;
+        /* Pointer to certificate we use */
+        CERT_PKEY *cert;
+        /*
+         * signature algorithms peer reports: e.g. supported signature
+         * algorithms extension for server or as part of a certificate
+         * request for client.
+         * Keep track of the algorithms for TLS and X.509 usage separately.
+         */
+        uint16_t *peer_sigalgs;
+        uint16_t *peer_cert_sigalgs;
+        /* Size of above arrays */
+        size_t peer_sigalgslen;
+        size_t peer_cert_sigalgslen;
+        /* Sigalg peer actually uses */
+        const SIGALG_LOOKUP *peer_sigalg;
+        /*
+         * Set if corresponding CERT_PKEY can be used with current
+         * SSL session: e.g. appropriate curve, signature algorithms etc.
+         * If zero it can't be used at all.
+         */
+        uint32_t valid_flags[SSL_PKEY_NUM];
+        /*
+         * For servers the following masks are for the key and auth algorithms
+         * that are supported by the certs below. For clients they are masks of
+         * *disabled* algorithms based on the current session.
+         */
+        uint32_t mask_k;
+        uint32_t mask_a;
+        /*
+         * The following are used by the client to see if a cipher is allowed or
+         * not.  It contains the minimum and maximum version the client's using
+         * based on what it knows so far.
+         */
+        int min_ver;
+        int max_ver;
+    } tmp;
+
+    /* Connection binding to prevent renegotiation attacks */
+    unsigned char previous_client_finished[EVP_MAX_MD_SIZE];
+    size_t previous_client_finished_len;
+    unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
+    size_t previous_server_finished_len;
+    int send_connection_binding; /* TODOEKR */
+
+# ifndef OPENSSL_NO_NEXTPROTONEG
+    /*
+     * Set if we saw the Next Protocol Negotiation extension from our peer.
+     */
+    int npn_seen;
+# endif
+
+    /*
+     * ALPN information (we are in the process of transitioning from NPN to
+     * ALPN.)
+     */
+
+    /*
+     * In a server these point to the selected ALPN protocol after the
+     * ClientHello has been processed. In a client these contain the protocol
+     * that the server selected once the ServerHello has been processed.
+     */
+    unsigned char *alpn_selected;
+    size_t alpn_selected_len;
+    /* used by the server to know what options were proposed */
+    unsigned char *alpn_proposed;
+    size_t alpn_proposed_len;
+    /* used by the client to know if it actually sent alpn */
+    int alpn_sent;
+
+# ifndef OPENSSL_NO_EC
+    /*
+     * This is set to true if we believe that this is a version of Safari
+     * running on OS X 10.6 or newer. We wish to know this because Safari on
+     * 10.8 .. 10.8.3 has broken ECDHE-ECDSA support.
+     */
+    char is_probably_safari;
+# endif                         /* !OPENSSL_NO_EC */
+
+    /* For clients: peer temporary key */
+# if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
+    /* The group_id for the DH/ECDH key */
+    uint16_t group_id;
+    EVP_PKEY *peer_tmp;
+# endif
+
+} SSL3_STATE;
+
+/* DTLS structures */
+
+# ifndef OPENSSL_NO_SCTP
+#  define DTLS1_SCTP_AUTH_LABEL   "EXPORTER_DTLS_OVER_SCTP"
+# endif
+
+/* Max MTU overhead we know about so far is 40 for IPv6 + 8 for UDP */
+# define DTLS1_MAX_MTU_OVERHEAD                   48
+
+/*
+ * Flag used in message reuse to indicate the buffer contains the record
+ * header as well as the handshake message header.
+ */
+# define DTLS1_SKIP_RECORD_HEADER                 2
+
+struct dtls1_retransmit_state {
+    EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
+    EVP_MD_CTX *write_hash;     /* used for mac generation */
+    COMP_CTX *compress;         /* compression */
+    SSL_SESSION *session;
+    unsigned short epoch;
+};
+
+struct hm_header_st {
+    unsigned char type;
+    size_t msg_len;
+    unsigned short seq;
+    size_t frag_off;
+    size_t frag_len;
+    unsigned int is_ccs;
+    struct dtls1_retransmit_state saved_retransmit_state;
+};
+
+struct dtls1_timeout_st {
+    /* Number of read timeouts so far */
+    unsigned int read_timeouts;
+    /* Number of write timeouts so far */
+    unsigned int write_timeouts;
+    /* Number of alerts received so far */
+    unsigned int num_alerts;
+};
+
+typedef struct hm_fragment_st {
+    struct hm_header_st msg_header;
+    unsigned char *fragment;
+    unsigned char *reassembly;
+} hm_fragment;
+
+typedef struct pqueue_st pqueue;
+typedef struct pitem_st pitem;
+
+struct pitem_st {
+    unsigned char priority[8];  /* 64-bit value in big-endian encoding */
+    void *data;
+    pitem *next;
+};
+
+typedef struct pitem_st *piterator;
+
+pitem *pitem_new(unsigned char *prio64be, void *data);
+void pitem_free(pitem *item);
+pqueue *pqueue_new(void);
+void pqueue_free(pqueue *pq);
+pitem *pqueue_insert(pqueue *pq, pitem *item);
+pitem *pqueue_peek(pqueue *pq);
+pitem *pqueue_pop(pqueue *pq);
+pitem *pqueue_find(pqueue *pq, unsigned char *prio64be);
+pitem *pqueue_iterator(pqueue *pq);
+pitem *pqueue_next(piterator *iter);
+size_t pqueue_size(pqueue *pq);
+
+typedef struct dtls1_state_st {
+    unsigned char cookie[DTLS1_COOKIE_LENGTH];
+    size_t cookie_len;
+    unsigned int cookie_verified;
+    /* handshake message numbers */
+    unsigned short handshake_write_seq;
+    unsigned short next_handshake_write_seq;
+    unsigned short handshake_read_seq;
+    /* Buffered handshake messages */
+    pqueue *buffered_messages;
+    /* Buffered (sent) handshake records */
+    pqueue *sent_messages;
+    size_t link_mtu;      /* max on-the-wire DTLS packet size */
+    size_t mtu;           /* max DTLS packet size */
+    struct hm_header_st w_msg_hdr;
+    struct hm_header_st r_msg_hdr;
+    struct dtls1_timeout_st timeout;
+    /*
+     * Indicates when the last handshake msg sent will timeout
+     */
+    struct timeval next_timeout;
+    /* Timeout duration */
+    unsigned int timeout_duration_us;
+
+    unsigned int retransmitting;
+# ifndef OPENSSL_NO_SCTP
+    int shutdown_received;
+# endif
+
+    DTLS_timer_cb timer_cb;
+
+} DTLS1_STATE;
+
+# ifndef OPENSSL_NO_EC
+/*
+ * From ECC-TLS draft, used in encoding the curve type in ECParameters
+ */
+#  define EXPLICIT_PRIME_CURVE_TYPE  1
+#  define EXPLICIT_CHAR2_CURVE_TYPE  2
+#  define NAMED_CURVE_TYPE           3
+# endif                         /* OPENSSL_NO_EC */
+
+struct cert_pkey_st {
+    X509 *x509;
+    EVP_PKEY *privatekey;
+    /* Chain for this certificate */
+    STACK_OF(X509) *chain;
+    /*-
+     * serverinfo data for this certificate.  The data is in TLS Extension
+     * wire format, specifically it's a series of records like:
+     *   uint16_t extension_type; // (RFC 5246, 7.4.1.4, Extension)
+     *   uint16_t length;
+     *   uint8_t data[length];
+     */
+    unsigned char *serverinfo;
+    size_t serverinfo_length;
+};
+/* Retrieve Suite B flags */
+# define tls1_suiteb(s)  (s->cert->cert_flags & SSL_CERT_FLAG_SUITEB_128_LOS)
+/* Uses to check strict mode: suite B modes are always strict */
+# define SSL_CERT_FLAGS_CHECK_TLS_STRICT \
+        (SSL_CERT_FLAG_SUITEB_128_LOS|SSL_CERT_FLAG_TLS_STRICT)
+
+typedef enum {
+    ENDPOINT_CLIENT = 0,
+    ENDPOINT_SERVER,
+    ENDPOINT_BOTH
+} ENDPOINT;
+
+
+typedef struct {
+    unsigned short ext_type;
+    ENDPOINT role;
+    /* The context which this extension applies to */
+    unsigned int context;
+    /*
+     * Per-connection flags relating to this extension type: not used if
+     * part of an SSL_CTX structure.
+     */
+    uint32_t ext_flags;
+    SSL_custom_ext_add_cb_ex add_cb;
+    SSL_custom_ext_free_cb_ex free_cb;
+    void *add_arg;
+    SSL_custom_ext_parse_cb_ex parse_cb;
+    void *parse_arg;
+} custom_ext_method;
+
+/* ext_flags values */
+
+/*
+ * Indicates an extension has been received. Used to check for unsolicited or
+ * duplicate extensions.
+ */
+# define SSL_EXT_FLAG_RECEIVED   0x1
+/*
+ * Indicates an extension has been sent: used to enable sending of
+ * corresponding ServerHello extension.
+ */
+# define SSL_EXT_FLAG_SENT       0x2
+
+typedef struct {
+    custom_ext_method *meths;
+    size_t meths_count;
+} custom_ext_methods;
+
+typedef struct cert_st {
+    /* Current active set */
+    /*
+     * ALWAYS points to an element of the pkeys array
+     * Probably it would make more sense to store
+     * an index, not a pointer.
+     */
+    CERT_PKEY *key;
+# ifndef OPENSSL_NO_DH
+    EVP_PKEY *dh_tmp;
+    DH *(*dh_tmp_cb) (SSL *ssl, int is_export, int keysize);
+    int dh_tmp_auto;
+# endif
+    /* Flags related to certificates */
+    uint32_t cert_flags;
+    CERT_PKEY pkeys[SSL_PKEY_NUM];
+    /* Custom certificate types sent in certificate request message. */
+    uint8_t *ctype;
+    size_t ctype_len;
+    /*
+     * supported signature algorithms. When set on a client this is sent in
+     * the client hello as the supported signature algorithms extension. For
+     * servers it represents the signature algorithms we are willing to use.
+     */
+    uint16_t *conf_sigalgs;
+    /* Size of above array */
+    size_t conf_sigalgslen;
+    /*
+     * Client authentication signature algorithms, if not set then uses
+     * conf_sigalgs. On servers these will be the signature algorithms sent
+     * to the client in a certificate request for TLS 1.2. On a client this
+     * represents the signature algorithms we are willing to use for client
+     * authentication.
+     */
+    uint16_t *client_sigalgs;
+    /* Size of above array */
+    size_t client_sigalgslen;
+    /*
+     * Signature algorithms shared by client and server: cached because these
+     * are used most often.
+     */
+    const SIGALG_LOOKUP **shared_sigalgs;
+    size_t shared_sigalgslen;
+    /*
+     * Certificate setup callback: if set is called whenever a certificate
+     * may be required (client or server). the callback can then examine any
+     * appropriate parameters and setup any certificates required. This
+     * allows advanced applications to select certificates on the fly: for
+     * example based on supported signature algorithms or curves.
+     */
+    int (*cert_cb) (SSL *ssl, void *arg);
+    void *cert_cb_arg;
+    /*
+     * Optional X509_STORE for chain building or certificate validation If
+     * NULL the parent SSL_CTX store is used instead.
+     */
+    X509_STORE *chain_store;
+    X509_STORE *verify_store;
+    /* Custom extensions */
+    custom_ext_methods custext;
+    /* Security callback */
+    int (*sec_cb) (const SSL *s, const SSL_CTX *ctx, int op, int bits, int nid,
+                   void *other, void *ex);
+    /* Security level */
+    int sec_level;
+    void *sec_ex;
+# ifndef OPENSSL_NO_PSK
+    /* If not NULL psk identity hint to use for servers */
+    char *psk_identity_hint;
+# endif
+    CRYPTO_REF_COUNT references;             /* >1 only if SSL_copy_session_id is used */
+    CRYPTO_RWLOCK *lock;
+} CERT;
+
+# define FP_ICC  (int (*)(const void *,const void *))
+
+/*
+ * This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff It is a bit
+ * of a mess of functions, but hell, think of it as an opaque structure :-)
+ */
+typedef struct ssl3_enc_method {
+    int (*enc) (SSL *, SSL3_RECORD *, size_t, int);
+    int (*mac) (SSL *, SSL3_RECORD *, unsigned char *, int);
+    int (*setup_key_block) (SSL *);
+    int (*generate_master_secret) (SSL *, unsigned char *, unsigned char *,
+                                   size_t, size_t *);
+    int (*change_cipher_state) (SSL *, int);
+    size_t (*final_finish_mac) (SSL *, const char *, size_t, unsigned char *);
+    const char *client_finished_label;
+    size_t client_finished_label_len;
+    const char *server_finished_label;
+    size_t server_finished_label_len;
+    int (*alert_value) (int);
+    int (*export_keying_material) (SSL *, unsigned char *, size_t,
+                                   const char *, size_t,
+                                   const unsigned char *, size_t,
+                                   int use_context);
+    /* Various flags indicating protocol version requirements */
+    uint32_t enc_flags;
+    /* Set the handshake header */
+    int (*set_handshake_header) (SSL *s, WPACKET *pkt, int type);
+    /* Close construction of the handshake message */
+    int (*close_construct_packet) (SSL *s, WPACKET *pkt, int htype);
+    /* Write out handshake message */
+    int (*do_write) (SSL *s);
+} SSL3_ENC_METHOD;
+
+# define ssl_set_handshake_header(s, pkt, htype) \
+        s->method->ssl3_enc->set_handshake_header((s), (pkt), (htype))
+# define ssl_close_construct_packet(s, pkt, htype) \
+        s->method->ssl3_enc->close_construct_packet((s), (pkt), (htype))
+# define ssl_do_write(s)  s->method->ssl3_enc->do_write(s)
+
+/* Values for enc_flags */
+
+/* Uses explicit IV for CBC mode */
+# define SSL_ENC_FLAG_EXPLICIT_IV        0x1
+/* Uses signature algorithms extension */
+# define SSL_ENC_FLAG_SIGALGS            0x2
+/* Uses SHA256 default PRF */
+# define SSL_ENC_FLAG_SHA256_PRF         0x4
+/* Is DTLS */
+# define SSL_ENC_FLAG_DTLS               0x8
+/*
+ * Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2: may
+ * apply to others in future.
+ */
+# define SSL_ENC_FLAG_TLS1_2_CIPHERS     0x10
+
+# ifndef OPENSSL_NO_COMP
+/* Used for holding the relevant compression methods loaded into SSL_CTX */
+typedef struct ssl3_comp_st {
+    int comp_id;                /* The identifier byte for this compression
+                                 * type */
+    char *name;                 /* Text name used for the compression type */
+    COMP_METHOD *method;        /* The method :-) */
+} SSL3_COMP;
+# endif
+
+typedef enum downgrade_en {
+    DOWNGRADE_NONE,
+    DOWNGRADE_TO_1_2,
+    DOWNGRADE_TO_1_1
+} DOWNGRADE;
+
+/*
+ * Dummy status type for the status_type extension. Indicates no status type
+ * set
+ */
+#define TLSEXT_STATUSTYPE_nothing  -1
+
+/* Sigalgs values */
+#define TLSEXT_SIGALG_ecdsa_secp256r1_sha256                    0x0403
+#define TLSEXT_SIGALG_ecdsa_secp384r1_sha384                    0x0503
+#define TLSEXT_SIGALG_ecdsa_secp521r1_sha512                    0x0603
+#define TLSEXT_SIGALG_ecdsa_sha224                              0x0303
+#define TLSEXT_SIGALG_ecdsa_sha1                                0x0203
+#define TLSEXT_SIGALG_rsa_pss_rsae_sha256                       0x0804
+#define TLSEXT_SIGALG_rsa_pss_rsae_sha384                       0x0805
+#define TLSEXT_SIGALG_rsa_pss_rsae_sha512                       0x0806
+#define TLSEXT_SIGALG_rsa_pss_pss_sha256                        0x0809
+#define TLSEXT_SIGALG_rsa_pss_pss_sha384                        0x080a
+#define TLSEXT_SIGALG_rsa_pss_pss_sha512                        0x080b
+#define TLSEXT_SIGALG_rsa_pkcs1_sha256                          0x0401
+#define TLSEXT_SIGALG_rsa_pkcs1_sha384                          0x0501
+#define TLSEXT_SIGALG_rsa_pkcs1_sha512                          0x0601
+#define TLSEXT_SIGALG_rsa_pkcs1_sha224                          0x0301
+#define TLSEXT_SIGALG_rsa_pkcs1_sha1                            0x0201
+#define TLSEXT_SIGALG_dsa_sha256                                0x0402
+#define TLSEXT_SIGALG_dsa_sha384                                0x0502
+#define TLSEXT_SIGALG_dsa_sha512                                0x0602
+#define TLSEXT_SIGALG_dsa_sha224                                0x0302
+#define TLSEXT_SIGALG_dsa_sha1                                  0x0202
+#define TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256       0xeeee
+#define TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512       0xefef
+#define TLSEXT_SIGALG_gostr34102001_gostr3411                   0xeded
+
+#define TLSEXT_SIGALG_ed25519                                   0x0807
+#define TLSEXT_SIGALG_ed448                                     0x0808
+
+/* Known PSK key exchange modes */
+#define TLSEXT_KEX_MODE_KE                                      0x00
+#define TLSEXT_KEX_MODE_KE_DHE                                  0x01
+
+/*
+ * Internal representations of key exchange modes
+ */
+#define TLSEXT_KEX_MODE_FLAG_NONE                               0
+#define TLSEXT_KEX_MODE_FLAG_KE                                 1
+#define TLSEXT_KEX_MODE_FLAG_KE_DHE                             2
+
+/* An invalid index into the TLSv1.3 PSK identities */
+#define TLSEXT_PSK_BAD_IDENTITY                                 -1
+
+#define SSL_USE_PSS(s) (s->s3->tmp.peer_sigalg != NULL && \
+                        s->s3->tmp.peer_sigalg->sig == EVP_PKEY_RSA_PSS)
+
+/* A dummy signature value not valid for TLSv1.2 signature algs */
+#define TLSEXT_signature_rsa_pss                                0x0101
+
+/* TLSv1.3 downgrade protection sentinel values */
+extern const unsigned char tls11downgrade[8];
+extern const unsigned char tls12downgrade[8];
+
+extern SSL3_ENC_METHOD ssl3_undef_enc_method;
+
+__owur const SSL_METHOD *ssl_bad_method(int ver);
+__owur const SSL_METHOD *sslv3_method(void);
+__owur const SSL_METHOD *sslv3_server_method(void);
+__owur const SSL_METHOD *sslv3_client_method(void);
+__owur const SSL_METHOD *tlsv1_method(void);
+__owur const SSL_METHOD *tlsv1_server_method(void);
+__owur const SSL_METHOD *tlsv1_client_method(void);
+__owur const SSL_METHOD *tlsv1_1_method(void);
+__owur const SSL_METHOD *tlsv1_1_server_method(void);
+__owur const SSL_METHOD *tlsv1_1_client_method(void);
+__owur const SSL_METHOD *tlsv1_2_method(void);
+__owur const SSL_METHOD *tlsv1_2_server_method(void);
+__owur const SSL_METHOD *tlsv1_2_client_method(void);
+__owur const SSL_METHOD *tlsv1_3_method(void);
+__owur const SSL_METHOD *tlsv1_3_server_method(void);
+__owur const SSL_METHOD *tlsv1_3_client_method(void);
+__owur const SSL_METHOD *dtlsv1_method(void);
+__owur const SSL_METHOD *dtlsv1_server_method(void);
+__owur const SSL_METHOD *dtlsv1_client_method(void);
+__owur const SSL_METHOD *dtls_bad_ver_client_method(void);
+__owur const SSL_METHOD *dtlsv1_2_method(void);
+__owur const SSL_METHOD *dtlsv1_2_server_method(void);
+__owur const SSL_METHOD *dtlsv1_2_client_method(void);
+
+extern const SSL3_ENC_METHOD TLSv1_enc_data;
+extern const SSL3_ENC_METHOD TLSv1_1_enc_data;
+extern const SSL3_ENC_METHOD TLSv1_2_enc_data;
+extern const SSL3_ENC_METHOD TLSv1_3_enc_data;
+extern const SSL3_ENC_METHOD SSLv3_enc_data;
+extern const SSL3_ENC_METHOD DTLSv1_enc_data;
+extern const SSL3_ENC_METHOD DTLSv1_2_enc_data;
+
+/*
+ * Flags for SSL methods
+ */
+# define SSL_METHOD_NO_FIPS      (1U<<0)
+# define SSL_METHOD_NO_SUITEB    (1U<<1)
+
+# define IMPLEMENT_tls_meth_func(version, flags, mask, func_name, s_accept, \
+                                 s_connect, enc_data) \
+const SSL_METHOD *func_name(void)  \
+        { \
+        static const SSL_METHOD func_name##_data= { \
+                version, \
+                flags, \
+                mask, \
+                tls1_new, \
+                tls1_clear, \
+                tls1_free, \
+                s_accept, \
+                s_connect, \
+                ssl3_read, \
+                ssl3_peek, \
+                ssl3_write, \
+                ssl3_shutdown, \
+                ssl3_renegotiate, \
+                ssl3_renegotiate_check, \
+                ssl3_read_bytes, \
+                ssl3_write_bytes, \
+                ssl3_dispatch_alert, \
+                ssl3_ctrl, \
+                ssl3_ctx_ctrl, \
+                ssl3_get_cipher_by_char, \
+                ssl3_put_cipher_by_char, \
+                ssl3_pending, \
+                ssl3_num_ciphers, \
+                ssl3_get_cipher, \
+                tls1_default_timeout, \
+                &enc_data, \
+                ssl_undefined_void_function, \
+                ssl3_callback_ctrl, \
+                ssl3_ctx_callback_ctrl, \
+        }; \
+        return &func_name##_data; \
+        }
+
+# define IMPLEMENT_ssl3_meth_func(func_name, s_accept, s_connect) \
+const SSL_METHOD *func_name(void)  \
+        { \
+        static const SSL_METHOD func_name##_data= { \
+                SSL3_VERSION, \
+                SSL_METHOD_NO_FIPS | SSL_METHOD_NO_SUITEB, \
+                SSL_OP_NO_SSLv3, \
+                ssl3_new, \
+                ssl3_clear, \
+                ssl3_free, \
+                s_accept, \
+                s_connect, \
+                ssl3_read, \
+                ssl3_peek, \
+                ssl3_write, \
+                ssl3_shutdown, \
+                ssl3_renegotiate, \
+                ssl3_renegotiate_check, \
+                ssl3_read_bytes, \
+                ssl3_write_bytes, \
+                ssl3_dispatch_alert, \
+                ssl3_ctrl, \
+                ssl3_ctx_ctrl, \
+                ssl3_get_cipher_by_char, \
+                ssl3_put_cipher_by_char, \
+                ssl3_pending, \
+                ssl3_num_ciphers, \
+                ssl3_get_cipher, \
+                ssl3_default_timeout, \
+                &SSLv3_enc_data, \
+                ssl_undefined_void_function, \
+                ssl3_callback_ctrl, \
+                ssl3_ctx_callback_ctrl, \
+        }; \
+        return &func_name##_data; \
+        }
+
+# define IMPLEMENT_dtls1_meth_func(version, flags, mask, func_name, s_accept, \
+                                        s_connect, enc_data) \
+const SSL_METHOD *func_name(void)  \
+        { \
+        static const SSL_METHOD func_name##_data= { \
+                version, \
+                flags, \
+                mask, \
+                dtls1_new, \
+                dtls1_clear, \
+                dtls1_free, \
+                s_accept, \
+                s_connect, \
+                ssl3_read, \
+                ssl3_peek, \
+                ssl3_write, \
+                dtls1_shutdown, \
+                ssl3_renegotiate, \
+                ssl3_renegotiate_check, \
+                dtls1_read_bytes, \
+                dtls1_write_app_data_bytes, \
+                dtls1_dispatch_alert, \
+                dtls1_ctrl, \
+                ssl3_ctx_ctrl, \
+                ssl3_get_cipher_by_char, \
+                ssl3_put_cipher_by_char, \
+                ssl3_pending, \
+                ssl3_num_ciphers, \
+                ssl3_get_cipher, \
+                dtls1_default_timeout, \
+                &enc_data, \
+                ssl_undefined_void_function, \
+                ssl3_callback_ctrl, \
+                ssl3_ctx_callback_ctrl, \
+        }; \
+        return &func_name##_data; \
+        }
+
+struct openssl_ssl_test_functions {
+    int (*p_ssl_init_wbio_buffer) (SSL *s);
+    int (*p_ssl3_setup_buffers) (SSL *s);
+};
+
+const char *ssl_protocol_to_string(int version);
+
+/* Returns true if certificate and private key for 'idx' are present */
+static ossl_inline int ssl_has_cert(const SSL *s, int idx)
+{
+    if (idx < 0 || idx >= SSL_PKEY_NUM)
+        return 0;
+    return s->cert->pkeys[idx].x509 != NULL
+        && s->cert->pkeys[idx].privatekey != NULL;
+}
+
+static ossl_inline void tls1_get_peer_groups(SSL *s, const uint16_t **pgroups,
+                                             size_t *pgroupslen)
+{
+    *pgroups = s->session->ext.supportedgroups;
+    *pgroupslen = s->session->ext.supportedgroups_len;
+}
+
+# ifndef OPENSSL_UNIT_TEST
+
+__owur int ssl_read_internal(SSL *s, void *buf, size_t num, size_t *readbytes);
+__owur int ssl_write_internal(SSL *s, const void *buf, size_t num, size_t *written);
+void ssl_clear_cipher_ctx(SSL *s);
+int ssl_clear_bad_session(SSL *s);
+__owur CERT *ssl_cert_new(void);
+__owur CERT *ssl_cert_dup(CERT *cert);
+void ssl_cert_clear_certs(CERT *c);
+void ssl_cert_free(CERT *c);
+__owur int ssl_generate_session_id(SSL *s, SSL_SESSION *ss);
+__owur int ssl_get_new_session(SSL *s, int session);
+__owur SSL_SESSION *lookup_sess_in_cache(SSL *s, const unsigned char *sess_id,
+                                         size_t sess_id_len);
+__owur int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello);
+__owur SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket);
+__owur int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b);
+DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
+__owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
+                                 const SSL_CIPHER *const *bp);
+__owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
+                                                    STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
+                                                    STACK_OF(SSL_CIPHER) **cipher_list,
+                                                    STACK_OF(SSL_CIPHER) **cipher_list_by_id,
+                                                    const char *rule_str,
+                                                    CERT *c);
+__owur int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format);
+__owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
+                                STACK_OF(SSL_CIPHER) **skp,
+                                STACK_OF(SSL_CIPHER) **scsvs, int sslv2format,
+                                int fatal);
+void ssl_update_cache(SSL *s, int mode);
+__owur int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
+                              const EVP_MD **md, int *mac_pkey_type,
+                              size_t *mac_secret_size, SSL_COMP **comp,
+                              int use_etm);
+__owur int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead,
+                                   size_t *int_overhead, size_t *blocksize,
+                                   size_t *ext_overhead);
+__owur int ssl_cert_is_disabled(size_t idx);
+__owur const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl,
+                                                const unsigned char *ptr,
+                                                int all);
+__owur int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain);
+__owur int ssl_cert_set1_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain);
+__owur int ssl_cert_add0_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x);
+__owur int ssl_cert_add1_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x);
+__owur int ssl_cert_select_current(CERT *c, X509 *x);
+__owur int ssl_cert_set_current(CERT *c, long arg);
+void ssl_cert_set_cert_cb(CERT *c, int (*cb) (SSL *ssl, void *arg), void *arg);
+
+__owur int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk);
+__owur int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags);
+__owur int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain,
+                                   int ref);
+
+__owur int ssl_security(const SSL *s, int op, int bits, int nid, void *other);
+__owur int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid,
+                            void *other);
+
+__owur int ssl_cert_lookup_by_nid(int nid, size_t *pidx);
+__owur const SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk,
+                                                      size_t *pidx);
+__owur const SSL_CERT_LOOKUP *ssl_cert_lookup_by_idx(size_t idx);
+
+int ssl_undefined_function(SSL *s);
+__owur int ssl_undefined_void_function(void);
+__owur int ssl_undefined_const_function(const SSL *s);
+__owur int ssl_get_server_cert_serverinfo(SSL *s,
+                                          const unsigned char **serverinfo,
+                                          size_t *serverinfo_length);
+void ssl_set_masks(SSL *s);
+__owur STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
+__owur int ssl_x509err2alert(int type);
+void ssl_sort_cipher_list(void);
+int ssl_load_ciphers(void);
+__owur int ssl_fill_hello_random(SSL *s, int server, unsigned char *field,
+                                 size_t len, DOWNGRADE dgrd);
+__owur int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
+                                      int free_pms);
+__owur EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm);
+__owur int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey,
+                      int genmaster);
+__owur EVP_PKEY *ssl_dh_to_pkey(DH *dh);
+__owur unsigned int ssl_get_max_send_fragment(const SSL *ssl);
+__owur unsigned int ssl_get_split_send_fragment(const SSL *ssl);
+
+__owur const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id);
+__owur const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname);
+__owur const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
+__owur int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt,
+                                   size_t *len);
+int ssl3_init_finished_mac(SSL *s);
+__owur int ssl3_setup_key_block(SSL *s);
+__owur int ssl3_change_cipher_state(SSL *s, int which);
+void ssl3_cleanup_key_block(SSL *s);
+__owur int ssl3_do_write(SSL *s, int type);
+int ssl3_send_alert(SSL *s, int level, int desc);
+__owur int ssl3_generate_master_secret(SSL *s, unsigned char *out,
+                                       unsigned char *p, size_t len,
+                                       size_t *secret_size);
+__owur int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt);
+__owur int ssl3_num_ciphers(void);
+__owur const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
+int ssl3_renegotiate(SSL *ssl);
+int ssl3_renegotiate_check(SSL *ssl, int initok);
+__owur int ssl3_dispatch_alert(SSL *s);
+__owur size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t slen,
+                                    unsigned char *p);
+__owur int ssl3_finish_mac(SSL *s, const unsigned char *buf, size_t len);
+void ssl3_free_digest_list(SSL *s);
+__owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt,
+                                            CERT_PKEY *cpk);
+__owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,
+                                            STACK_OF(SSL_CIPHER) *clnt,
+                                            STACK_OF(SSL_CIPHER) *srvr);
+__owur int ssl3_digest_cached_records(SSL *s, int keep);
+__owur int ssl3_new(SSL *s);
+void ssl3_free(SSL *s);
+__owur int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes);
+__owur int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes);
+__owur int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written);
+__owur int ssl3_shutdown(SSL *s);
+int ssl3_clear(SSL *s);
+__owur long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg);
+__owur long ssl3_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg);
+__owur long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void));
+__owur long ssl3_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp) (void));
+
+__owur int ssl3_do_change_cipher_spec(SSL *ssl);
+__owur long ssl3_default_timeout(void);
+
+__owur int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype);
+__owur int tls_close_construct_packet(SSL *s, WPACKET *pkt, int htype);
+__owur int tls_setup_handshake(SSL *s);
+__owur int dtls1_set_handshake_header(SSL *s, WPACKET *pkt, int htype);
+__owur int dtls1_close_construct_packet(SSL *s, WPACKET *pkt, int htype);
+__owur int ssl3_handshake_write(SSL *s);
+
+__owur int ssl_allow_compression(SSL *s);
+
+__owur int ssl_version_supported(const SSL *s, int version,
+                                 const SSL_METHOD **meth);
+
+__owur int ssl_set_client_hello_version(SSL *s);
+__owur int ssl_check_version_downgrade(SSL *s);
+__owur int ssl_set_version_bound(int method_version, int version, int *bound);
+__owur int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello,
+                                     DOWNGRADE *dgrd);
+__owur int ssl_choose_client_version(SSL *s, int version,
+                                     RAW_EXTENSION *extensions);
+__owur int ssl_get_min_max_version(const SSL *s, int *min_version,
+                                   int *max_version, int *real_max);
+
+__owur long tls1_default_timeout(void);
+__owur int dtls1_do_write(SSL *s, int type);
+void dtls1_set_message_header(SSL *s,
+                              unsigned char mt,
+                              size_t len,
+                              size_t frag_off, size_t frag_len);
+
+int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, size_t len,
+                               size_t *written);
+
+__owur int dtls1_read_failed(SSL *s, int code);
+__owur int dtls1_buffer_message(SSL *s, int ccs);
+__owur int dtls1_retransmit_message(SSL *s, unsigned short seq, int *found);
+__owur int dtls1_get_queue_priority(unsigned short seq, int is_ccs);
+int dtls1_retransmit_buffered_messages(SSL *s);
+void dtls1_clear_received_buffer(SSL *s);
+void dtls1_clear_sent_buffer(SSL *s);
+void dtls1_get_message_header(unsigned char *data,
+                              struct hm_header_st *msg_hdr);
+__owur long dtls1_default_timeout(void);
+__owur struct timeval *dtls1_get_timeout(SSL *s, struct timeval *timeleft);
+__owur int dtls1_check_timeout_num(SSL *s);
+__owur int dtls1_handle_timeout(SSL *s);
+void dtls1_start_timer(SSL *s);
+void dtls1_stop_timer(SSL *s);
+__owur int dtls1_is_timer_expired(SSL *s);
+void dtls1_double_timeout(SSL *s);
+__owur int dtls_raw_hello_verify_request(WPACKET *pkt, unsigned char *cookie,
+                                         size_t cookie_len);
+__owur size_t dtls1_min_mtu(SSL *s);
+void dtls1_hm_fragment_free(hm_fragment *frag);
+__owur int dtls1_query_mtu(SSL *s);
+
+__owur int tls1_new(SSL *s);
+void tls1_free(SSL *s);
+int tls1_clear(SSL *s);
+
+__owur int dtls1_new(SSL *s);
+void dtls1_free(SSL *s);
+int dtls1_clear(SSL *s);
+long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg);
+__owur int dtls1_shutdown(SSL *s);
+
+__owur int dtls1_dispatch_alert(SSL *s);
+
+__owur int ssl_init_wbio_buffer(SSL *s);
+int ssl_free_wbio_buffer(SSL *s);
+
+__owur int tls1_change_cipher_state(SSL *s, int which);
+__owur int tls1_setup_key_block(SSL *s);
+__owur size_t tls1_final_finish_mac(SSL *s, const char *str, size_t slen,
+                                    unsigned char *p);
+__owur int tls1_generate_master_secret(SSL *s, unsigned char *out,
+                                       unsigned char *p, size_t len,
+                                       size_t *secret_size);
+__owur int tls13_setup_key_block(SSL *s);
+__owur size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen,
+                                     unsigned char *p);
+__owur int tls13_change_cipher_state(SSL *s, int which);
+__owur int tls13_update_key(SSL *s, int send);
+__owur int tls13_hkdf_expand(SSL *s, const EVP_MD *md,
+                             const unsigned char *secret,
+                             const unsigned char *label, size_t labellen,
+                             const unsigned char *data, size_t datalen,
+                             unsigned char *out, size_t outlen, int fatal);
+__owur int tls13_derive_key(SSL *s, const EVP_MD *md,
+                            const unsigned char *secret, unsigned char *key,
+                            size_t keylen);
+__owur int tls13_derive_iv(SSL *s, const EVP_MD *md,
+                           const unsigned char *secret, unsigned char *iv,
+                           size_t ivlen);
+__owur int tls13_derive_finishedkey(SSL *s, const EVP_MD *md,
+                                    const unsigned char *secret,
+                                    unsigned char *fin, size_t finlen);
+int tls13_generate_secret(SSL *s, const EVP_MD *md,
+                          const unsigned char *prevsecret,
+                          const unsigned char *insecret,
+                          size_t insecretlen,
+                          unsigned char *outsecret);
+__owur int tls13_generate_handshake_secret(SSL *s,
+                                           const unsigned char *insecret,
+                                           size_t insecretlen);
+__owur int tls13_generate_master_secret(SSL *s, unsigned char *out,
+                                        unsigned char *prev, size_t prevlen,
+                                        size_t *secret_size);
+__owur int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
+                                       const char *label, size_t llen,
+                                       const unsigned char *p, size_t plen,
+                                       int use_context);
+__owur int tls13_export_keying_material(SSL *s, unsigned char *out, size_t olen,
+                                        const char *label, size_t llen,
+                                        const unsigned char *context,
+                                        size_t contextlen, int use_context);
+__owur int tls13_export_keying_material_early(SSL *s, unsigned char *out,
+                                              size_t olen, const char *label,
+                                              size_t llen,
+                                              const unsigned char *context,
+                                              size_t contextlen);
+__owur int tls1_alert_code(int code);
+__owur int tls13_alert_code(int code);
+__owur int ssl3_alert_code(int code);
+
+#  ifndef OPENSSL_NO_EC
+__owur int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s);
+#  endif
+
+SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
+
+#  ifndef OPENSSL_NO_EC
+
+__owur const TLS_GROUP_INFO *tls1_group_id_lookup(uint16_t curve_id);
+__owur int tls1_check_group_id(SSL *s, uint16_t group_id, int check_own_curves);
+__owur uint16_t tls1_shared_group(SSL *s, int nmatch);
+__owur int tls1_set_groups(uint16_t **pext, size_t *pextlen,
+                           int *curves, size_t ncurves);
+__owur int tls1_set_groups_list(uint16_t **pext, size_t *pextlen,
+                                const char *str);
+void tls1_get_formatlist(SSL *s, const unsigned char **pformats,
+                         size_t *num_formats);
+__owur int tls1_check_ec_tmp_key(SSL *s, unsigned long id);
+__owur EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id);
+__owur EVP_PKEY *ssl_generate_param_group(uint16_t id);
+#  endif                        /* OPENSSL_NO_EC */
+
+__owur int tls_curve_allowed(SSL *s, uint16_t curve, int op);
+void tls1_get_supported_groups(SSL *s, const uint16_t **pgroups,
+                               size_t *pgroupslen);
+
+__owur int tls1_set_server_sigalgs(SSL *s);
+
+__owur SSL_TICKET_STATUS tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello,
+                                                    SSL_SESSION **ret);
+__owur SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick,
+                                            size_t eticklen,
+                                            const unsigned char *sess_id,
+                                            size_t sesslen, SSL_SESSION **psess);
+
+__owur int tls_use_ticket(SSL *s);
+
+void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op);
+
+__owur int tls1_set_sigalgs_list(CERT *c, const char *str, int client);
+__owur int tls1_set_raw_sigalgs(CERT *c, const uint16_t *psigs, size_t salglen,
+                                int client);
+__owur int tls1_set_sigalgs(CERT *c, const int *salg, size_t salglen,
+                            int client);
+int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
+                     int idx);
+void tls1_set_cert_validity(SSL *s);
+
+#  ifndef OPENSSL_NO_CT
+__owur int ssl_validate_ct(SSL *s);
+#  endif
+
+#  ifndef OPENSSL_NO_DH
+__owur DH *ssl_get_auto_dh(SSL *s);
+#  endif
+
+__owur int ssl_security_cert(SSL *s, SSL_CTX *ctx, X509 *x, int vfy, int is_ee);
+__owur int ssl_security_cert_chain(SSL *s, STACK_OF(X509) *sk, X509 *ex,
+                                   int vfy);
+
+int tls_choose_sigalg(SSL *s, int fatalerrs);
+
+__owur EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md);
+void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
+__owur long ssl_get_algorithm2(SSL *s);
+__owur int tls12_copy_sigalgs(SSL *s, WPACKET *pkt,
+                              const uint16_t *psig, size_t psiglen);
+__owur int tls1_save_u16(PACKET *pkt, uint16_t **pdest, size_t *pdestlen);
+__owur int tls1_save_sigalgs(SSL *s, PACKET *pkt, int cert);
+__owur int tls1_process_sigalgs(SSL *s);
+__owur int tls1_set_peer_legacy_sigalg(SSL *s, const EVP_PKEY *pkey);
+__owur int tls1_lookup_md(const SIGALG_LOOKUP *lu, const EVP_MD **pmd);
+__owur size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs);
+#  ifndef OPENSSL_NO_EC
+__owur int tls_check_sigalg_curve(const SSL *s, int curve);
+#  endif
+__owur int tls12_check_peer_sigalg(SSL *s, uint16_t, EVP_PKEY *pkey);
+__owur int ssl_set_client_disabled(SSL *s);
+__owur int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op, int echde);
+
+__owur int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen,
+                                 size_t *hashlen);
+__owur const EVP_MD *ssl_md(int idx);
+__owur const EVP_MD *ssl_handshake_md(SSL *s);
+__owur const EVP_MD *ssl_prf_md(SSL *s);
+
+/*
+ * ssl_log_rsa_client_key_exchange logs |premaster| to the SSL_CTX associated
+ * with |ssl|, if logging is enabled. It returns one on success and zero on
+ * failure. The entry is identified by the first 8 bytes of
+ * |encrypted_premaster|.
+ */
+__owur int ssl_log_rsa_client_key_exchange(SSL *ssl,
+                                           const uint8_t *encrypted_premaster,
+                                           size_t encrypted_premaster_len,
+                                           const uint8_t *premaster,
+                                           size_t premaster_len);
+
+/*
+ * ssl_log_secret logs |secret| to the SSL_CTX associated with |ssl|, if
+ * logging is available. It returns one on success and zero on failure. It tags
+ * the entry with |label|.
+ */
+__owur int ssl_log_secret(SSL *ssl, const char *label,
+                          const uint8_t *secret, size_t secret_len);
+
+#define MASTER_SECRET_LABEL "CLIENT_RANDOM"
+#define CLIENT_EARLY_LABEL "CLIENT_EARLY_TRAFFIC_SECRET"
+#define CLIENT_HANDSHAKE_LABEL "CLIENT_HANDSHAKE_TRAFFIC_SECRET"
+#define SERVER_HANDSHAKE_LABEL "SERVER_HANDSHAKE_TRAFFIC_SECRET"
+#define CLIENT_APPLICATION_LABEL "CLIENT_TRAFFIC_SECRET_0"
+#define SERVER_APPLICATION_LABEL "SERVER_TRAFFIC_SECRET_0"
+#define EARLY_EXPORTER_SECRET_LABEL "EARLY_EXPORTER_SECRET"
+#define EXPORTER_SECRET_LABEL "EXPORTER_SECRET"
+
+/* s3_cbc.c */
+__owur char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
+__owur int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
+                                  unsigned char *md_out,
+                                  size_t *md_out_size,
+                                  const unsigned char header[13],
+                                  const unsigned char *data,
+                                  size_t data_plus_mac_size,
+                                  size_t data_plus_mac_plus_padding_size,
+                                  const unsigned char *mac_secret,
+                                  size_t mac_secret_length, char is_sslv3);
+
+__owur int srp_generate_server_master_secret(SSL *s);
+__owur int srp_generate_client_master_secret(SSL *s);
+__owur int srp_verify_server_param(SSL *s);
+
+/* statem/statem_srvr.c */
+
+__owur int send_certificate_request(SSL *s);
+
+/* statem/extensions_cust.c */
+
+custom_ext_method *custom_ext_find(const custom_ext_methods *exts,
+                                   ENDPOINT role, unsigned int ext_type,
+                                   size_t *idx);
+
+void custom_ext_init(custom_ext_methods *meths);
+
+__owur int custom_ext_parse(SSL *s, unsigned int context, unsigned int ext_type,
+                            const unsigned char *ext_data, size_t ext_size,
+                            X509 *x, size_t chainidx);
+__owur int custom_ext_add(SSL *s, int context, WPACKET *pkt, X509 *x,
+                          size_t chainidx, int maxversion);
+
+__owur int custom_exts_copy(custom_ext_methods *dst,
+                            const custom_ext_methods *src);
+__owur int custom_exts_copy_flags(custom_ext_methods *dst,
+                                  const custom_ext_methods *src);
+void custom_exts_free(custom_ext_methods *exts);
+
+void ssl_comp_free_compression_methods_int(void);
+
+/* ssl_mcnf.c */
+void ssl_ctx_system_config(SSL_CTX *ctx);
+
+# else /* OPENSSL_UNIT_TEST */
+
+#  define ssl_init_wbio_buffer SSL_test_functions()->p_ssl_init_wbio_buffer
+#  define ssl3_setup_buffers SSL_test_functions()->p_ssl3_setup_buffers
+
+# endif
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_mcnf.c b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_mcnf.c
new file mode 100644
index 000000000..a0e265771
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_mcnf.c
@@ -0,0 +1,99 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/conf.h>
+#include <openssl/ssl.h>
+#include "ssl_locl.h"
+#include "internal/sslconf.h"
+
+/* SSL library configuration module. */
+
+void SSL_add_ssl_module(void)
+{
+    /* Do nothing. This will be added automatically by libcrypto */
+}
+
+static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name, int system)
+{
+    SSL_CONF_CTX *cctx = NULL;
+    size_t i, idx, cmd_count;
+    int rv = 0;
+    unsigned int flags;
+    const SSL_METHOD *meth;
+    const SSL_CONF_CMD *cmds;
+
+    if (s == NULL && ctx == NULL) {
+        SSLerr(SSL_F_SSL_DO_CONFIG, ERR_R_PASSED_NULL_PARAMETER);
+        goto err;
+    }
+
+    if (name == NULL && system)
+        name = "system_default";
+    if (!conf_ssl_name_find(name, &idx)) {
+        if (!system) {
+            SSLerr(SSL_F_SSL_DO_CONFIG, SSL_R_INVALID_CONFIGURATION_NAME);
+            ERR_add_error_data(2, "name=", name);
+        }
+        goto err;
+    }
+    cmds = conf_ssl_get(idx, &name, &cmd_count);
+    cctx = SSL_CONF_CTX_new();
+    if (cctx == NULL)
+        goto err;
+    flags = SSL_CONF_FLAG_FILE;
+    if (!system)
+        flags |= SSL_CONF_FLAG_CERTIFICATE | SSL_CONF_FLAG_REQUIRE_PRIVATE;
+    if (s != NULL) {
+        meth = s->method;
+        SSL_CONF_CTX_set_ssl(cctx, s);
+    } else {
+        meth = ctx->method;
+        SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
+    }
+    if (meth->ssl_accept != ssl_undefined_function)
+        flags |= SSL_CONF_FLAG_SERVER;
+    if (meth->ssl_connect != ssl_undefined_function)
+        flags |= SSL_CONF_FLAG_CLIENT;
+    SSL_CONF_CTX_set_flags(cctx, flags);
+    for (i = 0; i < cmd_count; i++) {
+        char *cmdstr, *arg;
+
+        conf_ssl_get_cmd(cmds, i, &cmdstr, &arg);
+        rv = SSL_CONF_cmd(cctx, cmdstr, arg);
+        if (rv <= 0) {
+            if (rv == -2)
+                SSLerr(SSL_F_SSL_DO_CONFIG, SSL_R_UNKNOWN_COMMAND);
+            else
+                SSLerr(SSL_F_SSL_DO_CONFIG, SSL_R_BAD_VALUE);
+            ERR_add_error_data(6, "section=", name, ", cmd=", cmdstr,
+                               ", arg=", arg);
+            goto err;
+        }
+    }
+    rv = SSL_CONF_CTX_finish(cctx);
+ err:
+    SSL_CONF_CTX_free(cctx);
+    return rv <= 0 ? 0 : 1;
+}
+
+int SSL_config(SSL *s, const char *name)
+{
+    return ssl_do_config(s, NULL, name, 0);
+}
+
+int SSL_CTX_config(SSL_CTX *ctx, const char *name)
+{
+    return ssl_do_config(NULL, ctx, name, 0);
+}
+
+void ssl_ctx_system_config(SSL_CTX *ctx)
+{
+    ssl_do_config(NULL, ctx, NULL, 1);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_rsa.c b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_rsa.c
new file mode 100644
index 000000000..172e15f92
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_rsa.c
@@ -0,0 +1,1148 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "ssl_locl.h"
+#include "packet_locl.h"
+#include <openssl/bio.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+
+static int ssl_set_cert(CERT *c, X509 *x509);
+static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
+
+#define  SYNTHV1CONTEXT     (SSL_EXT_TLS1_2_AND_BELOW_ONLY \
+                             | SSL_EXT_CLIENT_HELLO \
+                             | SSL_EXT_TLS1_2_SERVER_HELLO \
+                             | SSL_EXT_IGNORE_ON_RESUMPTION)
+
+int SSL_use_certificate(SSL *ssl, X509 *x)
+{
+    int rv;
+    if (x == NULL) {
+        SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    rv = ssl_security_cert(ssl, NULL, x, 0, 1);
+    if (rv != 1) {
+        SSLerr(SSL_F_SSL_USE_CERTIFICATE, rv);
+        return 0;
+    }
+
+    return ssl_set_cert(ssl->cert, x);
+}
+
+int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
+{
+    int j;
+    BIO *in;
+    int ret = 0;
+    X509 *x = NULL;
+
+    in = BIO_new(BIO_s_file());
+    if (in == NULL) {
+        SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB);
+        goto end;
+    }
+
+    if (BIO_read_filename(in, file) <= 0) {
+        SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
+        goto end;
+    }
+    if (type == SSL_FILETYPE_ASN1) {
+        j = ERR_R_ASN1_LIB;
+        x = d2i_X509_bio(in, NULL);
+    } else if (type == SSL_FILETYPE_PEM) {
+        j = ERR_R_PEM_LIB;
+        x = PEM_read_bio_X509(in, NULL, ssl->default_passwd_callback,
+                              ssl->default_passwd_callback_userdata);
+    } else {
+        SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
+        goto end;
+    }
+
+    if (x == NULL) {
+        SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, j);
+        goto end;
+    }
+
+    ret = SSL_use_certificate(ssl, x);
+ end:
+    X509_free(x);
+    BIO_free(in);
+    return ret;
+}
+
+int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len)
+{
+    X509 *x;
+    int ret;
+
+    x = d2i_X509(NULL, &d, (long)len);
+    if (x == NULL) {
+        SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB);
+        return 0;
+    }
+
+    ret = SSL_use_certificate(ssl, x);
+    X509_free(x);
+    return ret;
+}
+
+#ifndef OPENSSL_NO_RSA
+int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
+{
+    EVP_PKEY *pkey;
+    int ret;
+
+    if (rsa == NULL) {
+        SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if ((pkey = EVP_PKEY_new()) == NULL) {
+        SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB);
+        return 0;
+    }
+
+    RSA_up_ref(rsa);
+    if (EVP_PKEY_assign_RSA(pkey, rsa) <= 0) {
+        RSA_free(rsa);
+        EVP_PKEY_free(pkey);
+        return 0;
+    }
+
+    ret = ssl_set_pkey(ssl->cert, pkey);
+    EVP_PKEY_free(pkey);
+    return ret;
+}
+#endif
+
+static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
+{
+    size_t i;
+
+    if (ssl_cert_lookup_by_pkey(pkey, &i) == NULL) {
+        SSLerr(SSL_F_SSL_SET_PKEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
+        return 0;
+    }
+
+    if (c->pkeys[i].x509 != NULL) {
+        EVP_PKEY *pktmp;
+        pktmp = X509_get0_pubkey(c->pkeys[i].x509);
+        if (pktmp == NULL) {
+            SSLerr(SSL_F_SSL_SET_PKEY, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        /*
+         * The return code from EVP_PKEY_copy_parameters is deliberately
+         * ignored. Some EVP_PKEY types cannot do this.
+         */
+        EVP_PKEY_copy_parameters(pktmp, pkey);
+        ERR_clear_error();
+
+#ifndef OPENSSL_NO_RSA
+        /*
+         * Don't check the public/private key, this is mostly for smart
+         * cards.
+         */
+        if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA
+            && RSA_flags(EVP_PKEY_get0_RSA(pkey)) & RSA_METHOD_FLAG_NO_CHECK) ;
+        else
+#endif
+        if (!X509_check_private_key(c->pkeys[i].x509, pkey)) {
+            X509_free(c->pkeys[i].x509);
+            c->pkeys[i].x509 = NULL;
+            return 0;
+        }
+    }
+
+    EVP_PKEY_free(c->pkeys[i].privatekey);
+    EVP_PKEY_up_ref(pkey);
+    c->pkeys[i].privatekey = pkey;
+    c->key = &c->pkeys[i];
+    return 1;
+}
+
+#ifndef OPENSSL_NO_RSA
+int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
+{
+    int j, ret = 0;
+    BIO *in;
+    RSA *rsa = NULL;
+
+    in = BIO_new(BIO_s_file());
+    if (in == NULL) {
+        SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB);
+        goto end;
+    }
+
+    if (BIO_read_filename(in, file) <= 0) {
+        SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB);
+        goto end;
+    }
+    if (type == SSL_FILETYPE_ASN1) {
+        j = ERR_R_ASN1_LIB;
+        rsa = d2i_RSAPrivateKey_bio(in, NULL);
+    } else if (type == SSL_FILETYPE_PEM) {
+        j = ERR_R_PEM_LIB;
+        rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
+                                         ssl->default_passwd_callback,
+                                         ssl->default_passwd_callback_userdata);
+    } else {
+        SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
+        goto end;
+    }
+    if (rsa == NULL) {
+        SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, j);
+        goto end;
+    }
+    ret = SSL_use_RSAPrivateKey(ssl, rsa);
+    RSA_free(rsa);
+ end:
+    BIO_free(in);
+    return ret;
+}
+
+int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, long len)
+{
+    int ret;
+    const unsigned char *p;
+    RSA *rsa;
+
+    p = d;
+    if ((rsa = d2i_RSAPrivateKey(NULL, &p, (long)len)) == NULL) {
+        SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
+        return 0;
+    }
+
+    ret = SSL_use_RSAPrivateKey(ssl, rsa);
+    RSA_free(rsa);
+    return ret;
+}
+#endif                          /* !OPENSSL_NO_RSA */
+
+int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
+{
+    int ret;
+
+    if (pkey == NULL) {
+        SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    ret = ssl_set_pkey(ssl->cert, pkey);
+    return ret;
+}
+
+int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
+{
+    int j, ret = 0;
+    BIO *in;
+    EVP_PKEY *pkey = NULL;
+
+    in = BIO_new(BIO_s_file());
+    if (in == NULL) {
+        SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB);
+        goto end;
+    }
+
+    if (BIO_read_filename(in, file) <= 0) {
+        SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB);
+        goto end;
+    }
+    if (type == SSL_FILETYPE_PEM) {
+        j = ERR_R_PEM_LIB;
+        pkey = PEM_read_bio_PrivateKey(in, NULL,
+                                       ssl->default_passwd_callback,
+                                       ssl->default_passwd_callback_userdata);
+    } else if (type == SSL_FILETYPE_ASN1) {
+        j = ERR_R_ASN1_LIB;
+        pkey = d2i_PrivateKey_bio(in, NULL);
+    } else {
+        SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
+        goto end;
+    }
+    if (pkey == NULL) {
+        SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, j);
+        goto end;
+    }
+    ret = SSL_use_PrivateKey(ssl, pkey);
+    EVP_PKEY_free(pkey);
+ end:
+    BIO_free(in);
+    return ret;
+}
+
+int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d,
+                            long len)
+{
+    int ret;
+    const unsigned char *p;
+    EVP_PKEY *pkey;
+
+    p = d;
+    if ((pkey = d2i_PrivateKey(type, NULL, &p, (long)len)) == NULL) {
+        SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
+        return 0;
+    }
+
+    ret = SSL_use_PrivateKey(ssl, pkey);
+    EVP_PKEY_free(pkey);
+    return ret;
+}
+
+int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
+{
+    int rv;
+    if (x == NULL) {
+        SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    rv = ssl_security_cert(NULL, ctx, x, 0, 1);
+    if (rv != 1) {
+        SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, rv);
+        return 0;
+    }
+    return ssl_set_cert(ctx->cert, x);
+}
+
+static int ssl_set_cert(CERT *c, X509 *x)
+{
+    EVP_PKEY *pkey;
+    size_t i;
+
+    pkey = X509_get0_pubkey(x);
+    if (pkey == NULL) {
+        SSLerr(SSL_F_SSL_SET_CERT, SSL_R_X509_LIB);
+        return 0;
+    }
+
+    if (ssl_cert_lookup_by_pkey(pkey, &i) == NULL) {
+        SSLerr(SSL_F_SSL_SET_CERT, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
+        return 0;
+    }
+#ifndef OPENSSL_NO_EC
+    if (i == SSL_PKEY_ECC && !EC_KEY_can_sign(EVP_PKEY_get0_EC_KEY(pkey))) {
+        SSLerr(SSL_F_SSL_SET_CERT, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
+        return 0;
+    }
+#endif
+    if (c->pkeys[i].privatekey != NULL) {
+        /*
+         * The return code from EVP_PKEY_copy_parameters is deliberately
+         * ignored. Some EVP_PKEY types cannot do this.
+         */
+        EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey);
+        ERR_clear_error();
+
+#ifndef OPENSSL_NO_RSA
+        /*
+         * Don't check the public/private key, this is mostly for smart
+         * cards.
+         */
+        if (EVP_PKEY_id(c->pkeys[i].privatekey) == EVP_PKEY_RSA
+            && RSA_flags(EVP_PKEY_get0_RSA(c->pkeys[i].privatekey)) &
+            RSA_METHOD_FLAG_NO_CHECK) ;
+        else
+#endif                          /* OPENSSL_NO_RSA */
+        if (!X509_check_private_key(x, c->pkeys[i].privatekey)) {
+            /*
+             * don't fail for a cert/key mismatch, just free current private
+             * key (when switching to a different cert & key, first this
+             * function should be used, then ssl_set_pkey
+             */
+            EVP_PKEY_free(c->pkeys[i].privatekey);
+            c->pkeys[i].privatekey = NULL;
+            /* clear error queue */
+            ERR_clear_error();
+        }
+    }
+
+    X509_free(c->pkeys[i].x509);
+    X509_up_ref(x);
+    c->pkeys[i].x509 = x;
+    c->key = &(c->pkeys[i]);
+
+    return 1;
+}
+
+int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
+{
+    int j;
+    BIO *in;
+    int ret = 0;
+    X509 *x = NULL;
+
+    in = BIO_new(BIO_s_file());
+    if (in == NULL) {
+        SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB);
+        goto end;
+    }
+
+    if (BIO_read_filename(in, file) <= 0) {
+        SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
+        goto end;
+    }
+    if (type == SSL_FILETYPE_ASN1) {
+        j = ERR_R_ASN1_LIB;
+        x = d2i_X509_bio(in, NULL);
+    } else if (type == SSL_FILETYPE_PEM) {
+        j = ERR_R_PEM_LIB;
+        x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback,
+                              ctx->default_passwd_callback_userdata);
+    } else {
+        SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
+        goto end;
+    }
+
+    if (x == NULL) {
+        SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, j);
+        goto end;
+    }
+
+    ret = SSL_CTX_use_certificate(ctx, x);
+ end:
+    X509_free(x);
+    BIO_free(in);
+    return ret;
+}
+
+int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d)
+{
+    X509 *x;
+    int ret;
+
+    x = d2i_X509(NULL, &d, (long)len);
+    if (x == NULL) {
+        SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB);
+        return 0;
+    }
+
+    ret = SSL_CTX_use_certificate(ctx, x);
+    X509_free(x);
+    return ret;
+}
+
+#ifndef OPENSSL_NO_RSA
+int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
+{
+    int ret;
+    EVP_PKEY *pkey;
+
+    if (rsa == NULL) {
+        SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if ((pkey = EVP_PKEY_new()) == NULL) {
+        SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB);
+        return 0;
+    }
+
+    RSA_up_ref(rsa);
+    if (EVP_PKEY_assign_RSA(pkey, rsa) <= 0) {
+        RSA_free(rsa);
+        EVP_PKEY_free(pkey);
+        return 0;
+    }
+
+    ret = ssl_set_pkey(ctx->cert, pkey);
+    EVP_PKEY_free(pkey);
+    return ret;
+}
+
+int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
+{
+    int j, ret = 0;
+    BIO *in;
+    RSA *rsa = NULL;
+
+    in = BIO_new(BIO_s_file());
+    if (in == NULL) {
+        SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB);
+        goto end;
+    }
+
+    if (BIO_read_filename(in, file) <= 0) {
+        SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB);
+        goto end;
+    }
+    if (type == SSL_FILETYPE_ASN1) {
+        j = ERR_R_ASN1_LIB;
+        rsa = d2i_RSAPrivateKey_bio(in, NULL);
+    } else if (type == SSL_FILETYPE_PEM) {
+        j = ERR_R_PEM_LIB;
+        rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
+                                         ctx->default_passwd_callback,
+                                         ctx->default_passwd_callback_userdata);
+    } else {
+        SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
+        goto end;
+    }
+    if (rsa == NULL) {
+        SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, j);
+        goto end;
+    }
+    ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
+    RSA_free(rsa);
+ end:
+    BIO_free(in);
+    return ret;
+}
+
+int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d,
+                                   long len)
+{
+    int ret;
+    const unsigned char *p;
+    RSA *rsa;
+
+    p = d;
+    if ((rsa = d2i_RSAPrivateKey(NULL, &p, (long)len)) == NULL) {
+        SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
+        return 0;
+    }
+
+    ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
+    RSA_free(rsa);
+    return ret;
+}
+#endif                          /* !OPENSSL_NO_RSA */
+
+int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
+{
+    if (pkey == NULL) {
+        SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    return ssl_set_pkey(ctx->cert, pkey);
+}
+
+int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
+{
+    int j, ret = 0;
+    BIO *in;
+    EVP_PKEY *pkey = NULL;
+
+    in = BIO_new(BIO_s_file());
+    if (in == NULL) {
+        SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB);
+        goto end;
+    }
+
+    if (BIO_read_filename(in, file) <= 0) {
+        SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB);
+        goto end;
+    }
+    if (type == SSL_FILETYPE_PEM) {
+        j = ERR_R_PEM_LIB;
+        pkey = PEM_read_bio_PrivateKey(in, NULL,
+                                       ctx->default_passwd_callback,
+                                       ctx->default_passwd_callback_userdata);
+    } else if (type == SSL_FILETYPE_ASN1) {
+        j = ERR_R_ASN1_LIB;
+        pkey = d2i_PrivateKey_bio(in, NULL);
+    } else {
+        SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
+        goto end;
+    }
+    if (pkey == NULL) {
+        SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, j);
+        goto end;
+    }
+    ret = SSL_CTX_use_PrivateKey(ctx, pkey);
+    EVP_PKEY_free(pkey);
+ end:
+    BIO_free(in);
+    return ret;
+}
+
+int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx,
+                                const unsigned char *d, long len)
+{
+    int ret;
+    const unsigned char *p;
+    EVP_PKEY *pkey;
+
+    p = d;
+    if ((pkey = d2i_PrivateKey(type, NULL, &p, (long)len)) == NULL) {
+        SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
+        return 0;
+    }
+
+    ret = SSL_CTX_use_PrivateKey(ctx, pkey);
+    EVP_PKEY_free(pkey);
+    return ret;
+}
+
+/*
+ * Read a file that contains our certificate in "PEM" format, possibly
+ * followed by a sequence of CA certificates that should be sent to the peer
+ * in the Certificate message.
+ */
+static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file)
+{
+    BIO *in;
+    int ret = 0;
+    X509 *x = NULL;
+    pem_password_cb *passwd_callback;
+    void *passwd_callback_userdata;
+
+    ERR_clear_error();          /* clear error stack for
+                                 * SSL_CTX_use_certificate() */
+
+    if (ctx != NULL) {
+        passwd_callback = ctx->default_passwd_callback;
+        passwd_callback_userdata = ctx->default_passwd_callback_userdata;
+    } else {
+        passwd_callback = ssl->default_passwd_callback;
+        passwd_callback_userdata = ssl->default_passwd_callback_userdata;
+    }
+
+    in = BIO_new(BIO_s_file());
+    if (in == NULL) {
+        SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB);
+        goto end;
+    }
+
+    if (BIO_read_filename(in, file) <= 0) {
+        SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_SYS_LIB);
+        goto end;
+    }
+
+    x = PEM_read_bio_X509_AUX(in, NULL, passwd_callback,
+                              passwd_callback_userdata);
+    if (x == NULL) {
+        SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB);
+        goto end;
+    }
+
+    if (ctx)
+        ret = SSL_CTX_use_certificate(ctx, x);
+    else
+        ret = SSL_use_certificate(ssl, x);
+
+    if (ERR_peek_error() != 0)
+        ret = 0;                /* Key/certificate mismatch doesn't imply
+                                 * ret==0 ... */
+    if (ret) {
+        /*
+         * If we could set up our certificate, now proceed to the CA
+         * certificates.
+         */
+        X509 *ca;
+        int r;
+        unsigned long err;
+
+        if (ctx)
+            r = SSL_CTX_clear_chain_certs(ctx);
+        else
+            r = SSL_clear_chain_certs(ssl);
+
+        if (r == 0) {
+            ret = 0;
+            goto end;
+        }
+
+        while ((ca = PEM_read_bio_X509(in, NULL, passwd_callback,
+                                       passwd_callback_userdata))
+               != NULL) {
+            if (ctx)
+                r = SSL_CTX_add0_chain_cert(ctx, ca);
+            else
+                r = SSL_add0_chain_cert(ssl, ca);
+            /*
+             * Note that we must not free ca if it was successfully added to
+             * the chain (while we must free the main certificate, since its
+             * reference count is increased by SSL_CTX_use_certificate).
+             */
+            if (!r) {
+                X509_free(ca);
+                ret = 0;
+                goto end;
+            }
+        }
+        /* When the while loop ends, it's usually just EOF. */
+        err = ERR_peek_last_error();
+        if (ERR_GET_LIB(err) == ERR_LIB_PEM
+            && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)
+            ERR_clear_error();
+        else
+            ret = 0;            /* some real error */
+    }
+
+ end:
+    X509_free(x);
+    BIO_free(in);
+    return ret;
+}
+
+int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
+{
+    return use_certificate_chain_file(ctx, NULL, file);
+}
+
+int SSL_use_certificate_chain_file(SSL *ssl, const char *file)
+{
+    return use_certificate_chain_file(NULL, ssl, file);
+}
+
+static int serverinfo_find_extension(const unsigned char *serverinfo,
+                                     size_t serverinfo_length,
+                                     unsigned int extension_type,
+                                     const unsigned char **extension_data,
+                                     size_t *extension_length)
+{
+    PACKET pkt, data;
+
+    *extension_data = NULL;
+    *extension_length = 0;
+    if (serverinfo == NULL || serverinfo_length == 0)
+        return -1;
+
+    if (!PACKET_buf_init(&pkt, serverinfo, serverinfo_length))
+        return -1;
+
+    for (;;) {
+        unsigned int type = 0;
+        unsigned long context = 0;
+
+        /* end of serverinfo */
+        if (PACKET_remaining(&pkt) == 0)
+            return 0;           /* Extension not found */
+
+        if (!PACKET_get_net_4(&pkt, &context)
+                || !PACKET_get_net_2(&pkt, &type)
+                || !PACKET_get_length_prefixed_2(&pkt, &data))
+            return -1;
+
+        if (type == extension_type) {
+            *extension_data = PACKET_data(&data);
+            *extension_length = PACKET_remaining(&data);;
+            return 1;           /* Success */
+        }
+    }
+    /* Unreachable */
+}
+
+static int serverinfoex_srv_parse_cb(SSL *s, unsigned int ext_type,
+                                     unsigned int context,
+                                     const unsigned char *in,
+                                     size_t inlen, X509 *x, size_t chainidx,
+                                     int *al, void *arg)
+{
+
+    if (inlen != 0) {
+        *al = SSL_AD_DECODE_ERROR;
+        return 0;
+    }
+
+    return 1;
+}
+
+static int serverinfo_srv_parse_cb(SSL *s, unsigned int ext_type,
+                                   const unsigned char *in,
+                                   size_t inlen, int *al, void *arg)
+{
+    return serverinfoex_srv_parse_cb(s, ext_type, 0, in, inlen, NULL, 0, al,
+                                     arg);
+}
+
+static int serverinfoex_srv_add_cb(SSL *s, unsigned int ext_type,
+                                   unsigned int context,
+                                   const unsigned char **out,
+                                   size_t *outlen, X509 *x, size_t chainidx,
+                                   int *al, void *arg)
+{
+    const unsigned char *serverinfo = NULL;
+    size_t serverinfo_length = 0;
+
+    /* We only support extensions for the first Certificate */
+    if ((context & SSL_EXT_TLS1_3_CERTIFICATE) != 0 && chainidx > 0)
+        return 0;
+
+    /* Is there serverinfo data for the chosen server cert? */
+    if ((ssl_get_server_cert_serverinfo(s, &serverinfo,
+                                        &serverinfo_length)) != 0) {
+        /* Find the relevant extension from the serverinfo */
+        int retval = serverinfo_find_extension(serverinfo, serverinfo_length,
+                                               ext_type, out, outlen);
+        if (retval == -1) {
+            *al = SSL_AD_INTERNAL_ERROR;
+            return -1;          /* Error */
+        }
+        if (retval == 0)
+            return 0;           /* No extension found, don't send extension */
+        return 1;               /* Send extension */
+    }
+    return 0;                   /* No serverinfo data found, don't send
+                                 * extension */
+}
+
+static int serverinfo_srv_add_cb(SSL *s, unsigned int ext_type,
+                                 const unsigned char **out, size_t *outlen,
+                                 int *al, void *arg)
+{
+    return serverinfoex_srv_add_cb(s, ext_type, 0, out, outlen, NULL, 0, al,
+                                   arg);
+}
+
+/*
+ * With a NULL context, this function just checks that the serverinfo data
+ * parses correctly.  With a non-NULL context, it registers callbacks for
+ * the included extensions.
+ */
+static int serverinfo_process_buffer(unsigned int version,
+                                     const unsigned char *serverinfo,
+                                     size_t serverinfo_length, SSL_CTX *ctx)
+{
+    PACKET pkt;
+
+    if (serverinfo == NULL || serverinfo_length == 0)
+        return 0;
+
+    if (version != SSL_SERVERINFOV1 && version != SSL_SERVERINFOV2)
+        return 0;
+
+    if (!PACKET_buf_init(&pkt, serverinfo, serverinfo_length))
+        return 0;
+
+    while (PACKET_remaining(&pkt)) {
+        unsigned long context = 0;
+        unsigned int ext_type = 0;
+        PACKET data;
+
+        if ((version == SSL_SERVERINFOV2 && !PACKET_get_net_4(&pkt, &context))
+                || !PACKET_get_net_2(&pkt, &ext_type)
+                || !PACKET_get_length_prefixed_2(&pkt, &data))
+            return 0;
+
+        if (ctx == NULL)
+            continue;
+
+        /*
+         * The old style custom extensions API could be set separately for
+         * server/client, i.e. you could set one custom extension for a client,
+         * and *for the same extension in the same SSL_CTX* you could set a
+         * custom extension for the server as well. It seems quite weird to be
+         * setting a custom extension for both client and server in a single
+         * SSL_CTX - but theoretically possible. This isn't possible in the
+         * new API. Therefore, if we have V1 serverinfo we use the old API. We
+         * also use the old API even if we have V2 serverinfo but the context
+         * looks like an old style <= TLSv1.2 extension.
+         */
+        if (version == SSL_SERVERINFOV1 || context == SYNTHV1CONTEXT) {
+            if (!SSL_CTX_add_server_custom_ext(ctx, ext_type,
+                                               serverinfo_srv_add_cb,
+                                               NULL, NULL,
+                                               serverinfo_srv_parse_cb,
+                                               NULL))
+                return 0;
+        } else {
+            if (!SSL_CTX_add_custom_ext(ctx, ext_type, context,
+                                        serverinfoex_srv_add_cb,
+                                        NULL, NULL,
+                                        serverinfoex_srv_parse_cb,
+                                        NULL))
+                return 0;
+        }
+    }
+
+    return 1;
+}
+
+int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version,
+                              const unsigned char *serverinfo,
+                              size_t serverinfo_length)
+{
+    unsigned char *new_serverinfo;
+
+    if (ctx == NULL || serverinfo == NULL || serverinfo_length == 0) {
+        SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_EX, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if (!serverinfo_process_buffer(version, serverinfo, serverinfo_length,
+                                   NULL)) {
+        SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_EX, SSL_R_INVALID_SERVERINFO_DATA);
+        return 0;
+    }
+    if (ctx->cert->key == NULL) {
+        SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_EX, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    new_serverinfo = OPENSSL_realloc(ctx->cert->key->serverinfo,
+                                     serverinfo_length);
+    if (new_serverinfo == NULL) {
+        SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_EX, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ctx->cert->key->serverinfo = new_serverinfo;
+    memcpy(ctx->cert->key->serverinfo, serverinfo, serverinfo_length);
+    ctx->cert->key->serverinfo_length = serverinfo_length;
+
+    /*
+     * Now that the serverinfo is validated and stored, go ahead and
+     * register callbacks.
+     */
+    if (!serverinfo_process_buffer(version, serverinfo, serverinfo_length,
+                                   ctx)) {
+        SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_EX, SSL_R_INVALID_SERVERINFO_DATA);
+        return 0;
+    }
+    return 1;
+}
+
+int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo,
+                           size_t serverinfo_length)
+{
+    return SSL_CTX_use_serverinfo_ex(ctx, SSL_SERVERINFOV1, serverinfo,
+                                     serverinfo_length);
+}
+
+int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
+{
+    unsigned char *serverinfo = NULL;
+    unsigned char *tmp;
+    size_t serverinfo_length = 0;
+    unsigned char *extension = 0;
+    long extension_length = 0;
+    char *name = NULL;
+    char *header = NULL;
+    char namePrefix1[] = "SERVERINFO FOR ";
+    char namePrefix2[] = "SERVERINFOV2 FOR ";
+    int ret = 0;
+    BIO *bin = NULL;
+    size_t num_extensions = 0, contextoff = 0;
+
+    if (ctx == NULL || file == NULL) {
+        SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_PASSED_NULL_PARAMETER);
+        goto end;
+    }
+
+    bin = BIO_new(BIO_s_file());
+    if (bin == NULL) {
+        SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_BUF_LIB);
+        goto end;
+    }
+    if (BIO_read_filename(bin, file) <= 0) {
+        SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_SYS_LIB);
+        goto end;
+    }
+
+    for (num_extensions = 0;; num_extensions++) {
+        unsigned int version;
+
+        if (PEM_read_bio(bin, &name, &header, &extension, &extension_length)
+            == 0) {
+            /*
+             * There must be at least one extension in this file
+             */
+            if (num_extensions == 0) {
+                SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE,
+                       SSL_R_NO_PEM_EXTENSIONS);
+                goto end;
+            } else              /* End of file, we're done */
+                break;
+        }
+        /* Check that PEM name starts with "BEGIN SERVERINFO FOR " */
+        if (strlen(name) < strlen(namePrefix1)) {
+            SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_PEM_NAME_TOO_SHORT);
+            goto end;
+        }
+        if (strncmp(name, namePrefix1, strlen(namePrefix1)) == 0) {
+            version = SSL_SERVERINFOV1;
+        } else {
+            if (strlen(name) < strlen(namePrefix2)) {
+                SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE,
+                       SSL_R_PEM_NAME_TOO_SHORT);
+                goto end;
+            }
+            if (strncmp(name, namePrefix2, strlen(namePrefix2)) != 0) {
+                SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE,
+                       SSL_R_PEM_NAME_BAD_PREFIX);
+                goto end;
+            }
+            version = SSL_SERVERINFOV2;
+        }
+        /*
+         * Check that the decoded PEM data is plausible (valid length field)
+         */
+        if (version == SSL_SERVERINFOV1) {
+            /* 4 byte header: 2 bytes type, 2 bytes len */
+            if (extension_length < 4
+                    || (extension[2] << 8) + extension[3]
+                       != extension_length - 4) {
+                SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_BAD_DATA);
+                goto end;
+            }
+            /*
+             * File does not have a context value so we must take account of
+             * this later.
+             */
+            contextoff = 4;
+        } else {
+            /* 8 byte header: 4 bytes context, 2 bytes type, 2 bytes len */
+            if (extension_length < 8
+                    || (extension[6] << 8) + extension[7]
+                       != extension_length - 8) {
+                SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_BAD_DATA);
+                goto end;
+            }
+        }
+        /* Append the decoded extension to the serverinfo buffer */
+        tmp = OPENSSL_realloc(serverinfo, serverinfo_length + extension_length
+                                          + contextoff);
+        if (tmp == NULL) {
+            SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_MALLOC_FAILURE);
+            goto end;
+        }
+        serverinfo = tmp;
+        if (contextoff > 0) {
+            unsigned char *sinfo = serverinfo + serverinfo_length;
+
+            /* We know this only uses the last 2 bytes */
+            sinfo[0] = 0;
+            sinfo[1] = 0;
+            sinfo[2] = (SYNTHV1CONTEXT >> 8) & 0xff;
+            sinfo[3] = SYNTHV1CONTEXT & 0xff;
+        }
+        memcpy(serverinfo + serverinfo_length + contextoff,
+               extension, extension_length);
+        serverinfo_length += extension_length + contextoff;
+
+        OPENSSL_free(name);
+        name = NULL;
+        OPENSSL_free(header);
+        header = NULL;
+        OPENSSL_free(extension);
+        extension = NULL;
+    }
+
+    ret = SSL_CTX_use_serverinfo_ex(ctx, SSL_SERVERINFOV2, serverinfo,
+                                    serverinfo_length);
+ end:
+    /* SSL_CTX_use_serverinfo makes a local copy of the serverinfo. */
+    OPENSSL_free(name);
+    OPENSSL_free(header);
+    OPENSSL_free(extension);
+    OPENSSL_free(serverinfo);
+    BIO_free(bin);
+    return ret;
+}
+
+static int ssl_set_cert_and_key(SSL *ssl, SSL_CTX *ctx, X509 *x509, EVP_PKEY *privatekey,
+                                STACK_OF(X509) *chain, int override)
+{
+    int ret = 0;
+    size_t i;
+    int j;
+    int rv;
+    CERT *c = ssl != NULL ? ssl->cert : ctx->cert;
+    STACK_OF(X509) *dup_chain = NULL;
+    EVP_PKEY *pubkey = NULL;
+
+    /* Do all security checks before anything else */
+    rv = ssl_security_cert(ssl, ctx, x509, 0, 1);
+    if (rv != 1) {
+        SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, rv);
+        goto out;
+    }
+    for (j = 0; j < sk_X509_num(chain); j++) {
+        rv = ssl_security_cert(ssl, ctx, sk_X509_value(chain, j), 0, 0);
+        if (rv != 1) {
+            SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, rv);
+            goto out;
+        }
+    }
+
+    pubkey = X509_get_pubkey(x509); /* bumps reference */
+    if (pubkey == NULL)
+        goto out;
+    if (privatekey == NULL) {
+        privatekey = pubkey;
+    } else {
+        /* For RSA, which has no parameters, missing returns 0 */
+        if (EVP_PKEY_missing_parameters(privatekey)) {
+            if (EVP_PKEY_missing_parameters(pubkey)) {
+                /* nobody has parameters? - error */
+                SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, SSL_R_MISSING_PARAMETERS);
+                goto out;
+            } else {
+                /* copy to privatekey from pubkey */
+                EVP_PKEY_copy_parameters(privatekey, pubkey);
+            }
+        } else if (EVP_PKEY_missing_parameters(pubkey)) {
+            /* copy to pubkey from privatekey */
+            EVP_PKEY_copy_parameters(pubkey, privatekey);
+        } /* else both have parameters */
+
+        /* Copied from ssl_set_cert/pkey */
+#ifndef OPENSSL_NO_RSA
+        if ((EVP_PKEY_id(privatekey) == EVP_PKEY_RSA) &&
+            ((RSA_flags(EVP_PKEY_get0_RSA(privatekey)) & RSA_METHOD_FLAG_NO_CHECK)))
+            /* no-op */ ;
+        else
+#endif
+        /* check that key <-> cert match */
+        if (EVP_PKEY_cmp(pubkey, privatekey) != 1) {
+            SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, SSL_R_PRIVATE_KEY_MISMATCH);
+            goto out;
+        }
+    }
+    if (ssl_cert_lookup_by_pkey(pubkey, &i) == NULL) {
+        SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
+        goto out;
+    }
+
+    if (!override && (c->pkeys[i].x509 != NULL
+                      || c->pkeys[i].privatekey != NULL
+                      || c->pkeys[i].chain != NULL)) {
+        /* No override, and something already there */
+        SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, SSL_R_NOT_REPLACING_CERTIFICATE);
+        goto out;
+    }
+
+    if (chain != NULL) {
+        dup_chain = X509_chain_up_ref(chain);
+        if  (dup_chain == NULL) {
+            SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, ERR_R_MALLOC_FAILURE);
+            goto out;
+        }
+    }
+
+    sk_X509_pop_free(c->pkeys[i].chain, X509_free);
+    c->pkeys[i].chain = dup_chain;
+
+    X509_free(c->pkeys[i].x509);
+    X509_up_ref(x509);
+    c->pkeys[i].x509 = x509;
+
+    EVP_PKEY_free(c->pkeys[i].privatekey);
+    EVP_PKEY_up_ref(privatekey);
+    c->pkeys[i].privatekey = privatekey;
+
+    c->key = &(c->pkeys[i]);
+
+    ret = 1;
+ out:
+    EVP_PKEY_free(pubkey);
+    return ret;
+}
+
+int SSL_use_cert_and_key(SSL *ssl, X509 *x509, EVP_PKEY *privatekey,
+                         STACK_OF(X509) *chain, int override)
+{
+    return ssl_set_cert_and_key(ssl, NULL, x509, privatekey, chain, override);
+}
+
+int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x509, EVP_PKEY *privatekey,
+                             STACK_OF(X509) *chain, int override)
+{
+    return ssl_set_cert_and_key(NULL, ctx, x509, privatekey, chain, override);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_sess.c b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_sess.c
new file mode 100644
index 000000000..5ad2792a1
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_sess.c
@@ -0,0 +1,1317 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/rand.h>
+#include <openssl/engine.h>
+#include "internal/refcount.h"
+#include "internal/cryptlib.h"
+#include "ssl_locl.h"
+#include "statem/statem_locl.h"
+
+static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
+static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s);
+static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck);
+
+/*
+ * SSL_get_session() and SSL_get1_session() are problematic in TLS1.3 because,
+ * unlike in earlier protocol versions, the session ticket may not have been
+ * sent yet even though a handshake has finished. The session ticket data could
+ * come in sometime later...or even change if multiple session ticket messages
+ * are sent from the server. The preferred way for applications to obtain
+ * a resumable session is to use SSL_CTX_sess_set_new_cb().
+ */
+
+SSL_SESSION *SSL_get_session(const SSL *ssl)
+/* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */
+{
+    return ssl->session;
+}
+
+SSL_SESSION *SSL_get1_session(SSL *ssl)
+/* variant of SSL_get_session: caller really gets something */
+{
+    SSL_SESSION *sess;
+    /*
+     * Need to lock this all up rather than just use CRYPTO_add so that
+     * somebody doesn't free ssl->session between when we check it's non-null
+     * and when we up the reference count.
+     */
+    CRYPTO_THREAD_read_lock(ssl->lock);
+    sess = ssl->session;
+    if (sess)
+        SSL_SESSION_up_ref(sess);
+    CRYPTO_THREAD_unlock(ssl->lock);
+    return sess;
+}
+
+int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg)
+{
+    return CRYPTO_set_ex_data(&s->ex_data, idx, arg);
+}
+
+void *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx)
+{
+    return CRYPTO_get_ex_data(&s->ex_data, idx);
+}
+
+SSL_SESSION *SSL_SESSION_new(void)
+{
+    SSL_SESSION *ss;
+
+    if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL))
+        return NULL;
+
+    ss = OPENSSL_zalloc(sizeof(*ss));
+    if (ss == NULL) {
+        SSLerr(SSL_F_SSL_SESSION_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ss->verify_result = 1;      /* avoid 0 (= X509_V_OK) just in case */
+    ss->references = 1;
+    ss->timeout = 60 * 5 + 4;   /* 5 minute timeout by default */
+    ss->time = (unsigned long)time(NULL);
+    ss->lock = CRYPTO_THREAD_lock_new();
+    if (ss->lock == NULL) {
+        SSLerr(SSL_F_SSL_SESSION_NEW, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ss);
+        return NULL;
+    }
+
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data)) {
+        CRYPTO_THREAD_lock_free(ss->lock);
+        OPENSSL_free(ss);
+        return NULL;
+    }
+    return ss;
+}
+
+SSL_SESSION *SSL_SESSION_dup(SSL_SESSION *src)
+{
+    return ssl_session_dup(src, 1);
+}
+
+/*
+ * Create a new SSL_SESSION and duplicate the contents of |src| into it. If
+ * ticket == 0 then no ticket information is duplicated, otherwise it is.
+ */
+SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
+{
+    SSL_SESSION *dest;
+
+    dest = OPENSSL_malloc(sizeof(*src));
+    if (dest == NULL) {
+        goto err;
+    }
+    memcpy(dest, src, sizeof(*dest));
+
+    /*
+     * Set the various pointers to NULL so that we can call SSL_SESSION_free in
+     * the case of an error whilst halfway through constructing dest
+     */
+#ifndef OPENSSL_NO_PSK
+    dest->psk_identity_hint = NULL;
+    dest->psk_identity = NULL;
+#endif
+    dest->ciphers = NULL;
+    dest->ext.hostname = NULL;
+#ifndef OPENSSL_NO_EC
+    dest->ext.ecpointformats = NULL;
+    dest->ext.supportedgroups = NULL;
+#endif
+    dest->ext.tick = NULL;
+    dest->ext.alpn_selected = NULL;
+#ifndef OPENSSL_NO_SRP
+    dest->srp_username = NULL;
+#endif
+    dest->peer_chain = NULL;
+    dest->peer = NULL;
+    dest->ticket_appdata = NULL;
+    memset(&dest->ex_data, 0, sizeof(dest->ex_data));
+
+    /* We deliberately don't copy the prev and next pointers */
+    dest->prev = NULL;
+    dest->next = NULL;
+
+    dest->references = 1;
+
+    dest->lock = CRYPTO_THREAD_lock_new();
+    if (dest->lock == NULL)
+        goto err;
+
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, dest, &dest->ex_data))
+        goto err;
+
+    if (src->peer != NULL) {
+        if (!X509_up_ref(src->peer))
+            goto err;
+        dest->peer = src->peer;
+    }
+
+    if (src->peer_chain != NULL) {
+        dest->peer_chain = X509_chain_up_ref(src->peer_chain);
+        if (dest->peer_chain == NULL)
+            goto err;
+    }
+#ifndef OPENSSL_NO_PSK
+    if (src->psk_identity_hint) {
+        dest->psk_identity_hint = OPENSSL_strdup(src->psk_identity_hint);
+        if (dest->psk_identity_hint == NULL) {
+            goto err;
+        }
+    }
+    if (src->psk_identity) {
+        dest->psk_identity = OPENSSL_strdup(src->psk_identity);
+        if (dest->psk_identity == NULL) {
+            goto err;
+        }
+    }
+#endif
+
+    if (src->ciphers != NULL) {
+        dest->ciphers = sk_SSL_CIPHER_dup(src->ciphers);
+        if (dest->ciphers == NULL)
+            goto err;
+    }
+
+    if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL_SESSION,
+                            &dest->ex_data, &src->ex_data)) {
+        goto err;
+    }
+
+    if (src->ext.hostname) {
+        dest->ext.hostname = OPENSSL_strdup(src->ext.hostname);
+        if (dest->ext.hostname == NULL) {
+            goto err;
+        }
+    }
+#ifndef OPENSSL_NO_EC
+    if (src->ext.ecpointformats) {
+        dest->ext.ecpointformats =
+            OPENSSL_memdup(src->ext.ecpointformats,
+                           src->ext.ecpointformats_len);
+        if (dest->ext.ecpointformats == NULL)
+            goto err;
+    }
+    if (src->ext.supportedgroups) {
+        dest->ext.supportedgroups =
+            OPENSSL_memdup(src->ext.supportedgroups,
+                           src->ext.supportedgroups_len
+                                * sizeof(*src->ext.supportedgroups));
+        if (dest->ext.supportedgroups == NULL)
+            goto err;
+    }
+#endif
+
+    if (ticket != 0 && src->ext.tick != NULL) {
+        dest->ext.tick =
+            OPENSSL_memdup(src->ext.tick, src->ext.ticklen);
+        if (dest->ext.tick == NULL)
+            goto err;
+    } else {
+        dest->ext.tick_lifetime_hint = 0;
+        dest->ext.ticklen = 0;
+    }
+
+    if (src->ext.alpn_selected != NULL) {
+        dest->ext.alpn_selected = OPENSSL_memdup(src->ext.alpn_selected,
+                                                 src->ext.alpn_selected_len);
+        if (dest->ext.alpn_selected == NULL)
+            goto err;
+    }
+
+#ifndef OPENSSL_NO_SRP
+    if (src->srp_username) {
+        dest->srp_username = OPENSSL_strdup(src->srp_username);
+        if (dest->srp_username == NULL) {
+            goto err;
+        }
+    }
+#endif
+
+    if (src->ticket_appdata != NULL) {
+        dest->ticket_appdata =
+            OPENSSL_memdup(src->ticket_appdata, src->ticket_appdata_len);
+        if (dest->ticket_appdata == NULL)
+            goto err;
+    }
+
+    return dest;
+ err:
+    SSLerr(SSL_F_SSL_SESSION_DUP, ERR_R_MALLOC_FAILURE);
+    SSL_SESSION_free(dest);
+    return NULL;
+}
+
+const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
+{
+    if (len)
+        *len = (unsigned int)s->session_id_length;
+    return s->session_id;
+}
+const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s,
+                                                unsigned int *len)
+{
+    if (len != NULL)
+        *len = (unsigned int)s->sid_ctx_length;
+    return s->sid_ctx;
+}
+
+unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s)
+{
+    return s->compress_meth;
+}
+
+/*
+ * SSLv3/TLSv1 has 32 bytes (256 bits) of session ID space. As such, filling
+ * the ID with random junk repeatedly until we have no conflict is going to
+ * complete in one iteration pretty much "most" of the time (btw:
+ * understatement). So, if it takes us 10 iterations and we still can't avoid
+ * a conflict - well that's a reasonable point to call it quits. Either the
+ * RAND code is broken or someone is trying to open roughly very close to
+ * 2^256 SSL sessions to our server. How you might store that many sessions
+ * is perhaps a more interesting question ...
+ */
+
+#define MAX_SESS_ID_ATTEMPTS 10
+static int def_generate_session_id(SSL *ssl, unsigned char *id,
+                                   unsigned int *id_len)
+{
+    unsigned int retry = 0;
+    do
+        if (RAND_bytes(id, *id_len) <= 0)
+            return 0;
+    while (SSL_has_matching_session_id(ssl, id, *id_len) &&
+           (++retry < MAX_SESS_ID_ATTEMPTS)) ;
+    if (retry < MAX_SESS_ID_ATTEMPTS)
+        return 1;
+    /* else - woops a session_id match */
+    /*
+     * XXX We should also check the external cache -- but the probability of
+     * a collision is negligible, and we could not prevent the concurrent
+     * creation of sessions with identical IDs since we currently don't have
+     * means to atomically check whether a session ID already exists and make
+     * a reservation for it if it does not (this problem applies to the
+     * internal cache as well).
+     */
+    return 0;
+}
+
+int ssl_generate_session_id(SSL *s, SSL_SESSION *ss)
+{
+    unsigned int tmp;
+    GEN_SESSION_CB cb = def_generate_session_id;
+
+    switch (s->version) {
+    case SSL3_VERSION:
+    case TLS1_VERSION:
+    case TLS1_1_VERSION:
+    case TLS1_2_VERSION:
+    case TLS1_3_VERSION:
+    case DTLS1_BAD_VER:
+    case DTLS1_VERSION:
+    case DTLS1_2_VERSION:
+        ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
+        break;
+    default:
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_SESSION_ID,
+                 SSL_R_UNSUPPORTED_SSL_VERSION);
+        return 0;
+    }
+
+    /*-
+     * If RFC5077 ticket, use empty session ID (as server).
+     * Note that:
+     * (a) ssl_get_prev_session() does lookahead into the
+     *     ClientHello extensions to find the session ticket.
+     *     When ssl_get_prev_session() fails, statem_srvr.c calls
+     *     ssl_get_new_session() in tls_process_client_hello().
+     *     At that point, it has not yet parsed the extensions,
+     *     however, because of the lookahead, it already knows
+     *     whether a ticket is expected or not.
+     *
+     * (b) statem_clnt.c calls ssl_get_new_session() before parsing
+     *     ServerHello extensions, and before recording the session
+     *     ID received from the server, so this block is a noop.
+     */
+    if (s->ext.ticket_expected) {
+        ss->session_id_length = 0;
+        return 1;
+    }
+
+    /* Choose which callback will set the session ID */
+    CRYPTO_THREAD_read_lock(s->lock);
+    CRYPTO_THREAD_read_lock(s->session_ctx->lock);
+    if (s->generate_session_id)
+        cb = s->generate_session_id;
+    else if (s->session_ctx->generate_session_id)
+        cb = s->session_ctx->generate_session_id;
+    CRYPTO_THREAD_unlock(s->session_ctx->lock);
+    CRYPTO_THREAD_unlock(s->lock);
+    /* Choose a session ID */
+    memset(ss->session_id, 0, ss->session_id_length);
+    tmp = (int)ss->session_id_length;
+    if (!cb(s, ss->session_id, &tmp)) {
+        /* The callback failed */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_SESSION_ID,
+                 SSL_R_SSL_SESSION_ID_CALLBACK_FAILED);
+        return 0;
+    }
+    /*
+     * Don't allow the callback to set the session length to zero. nor
+     * set it higher than it was.
+     */
+    if (tmp == 0 || tmp > ss->session_id_length) {
+        /* The callback set an illegal length */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_SESSION_ID,
+                 SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH);
+        return 0;
+    }
+    ss->session_id_length = tmp;
+    /* Finally, check for a conflict */
+    if (SSL_has_matching_session_id(s, ss->session_id,
+                                    (unsigned int)ss->session_id_length)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_SESSION_ID,
+                 SSL_R_SSL_SESSION_ID_CONFLICT);
+        return 0;
+    }
+
+    return 1;
+}
+
+int ssl_get_new_session(SSL *s, int session)
+{
+    /* This gets used by clients and servers. */
+
+    SSL_SESSION *ss = NULL;
+
+    if ((ss = SSL_SESSION_new()) == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GET_NEW_SESSION,
+                 ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    /* If the context has a default timeout, use it */
+    if (s->session_ctx->session_timeout == 0)
+        ss->timeout = SSL_get_default_timeout(s);
+    else
+        ss->timeout = s->session_ctx->session_timeout;
+
+    SSL_SESSION_free(s->session);
+    s->session = NULL;
+
+    if (session) {
+        if (SSL_IS_TLS13(s)) {
+            /*
+             * We generate the session id while constructing the
+             * NewSessionTicket in TLSv1.3.
+             */
+            ss->session_id_length = 0;
+        } else if (!ssl_generate_session_id(s, ss)) {
+            /* SSLfatal() already called */
+            SSL_SESSION_free(ss);
+            return 0;
+        }
+
+    } else {
+        ss->session_id_length = 0;
+    }
+
+    if (s->sid_ctx_length > sizeof(ss->sid_ctx)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GET_NEW_SESSION,
+                 ERR_R_INTERNAL_ERROR);
+        SSL_SESSION_free(ss);
+        return 0;
+    }
+    memcpy(ss->sid_ctx, s->sid_ctx, s->sid_ctx_length);
+    ss->sid_ctx_length = s->sid_ctx_length;
+    s->session = ss;
+    ss->ssl_version = s->version;
+    ss->verify_result = X509_V_OK;
+
+    /* If client supports extended master secret set it in session */
+    if (s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS)
+        ss->flags |= SSL_SESS_FLAG_EXTMS;
+
+    return 1;
+}
+
+SSL_SESSION *lookup_sess_in_cache(SSL *s, const unsigned char *sess_id,
+                                  size_t sess_id_len)
+{
+    SSL_SESSION *ret = NULL;
+
+    if ((s->session_ctx->session_cache_mode
+         & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP) == 0) {
+        SSL_SESSION data;
+
+        data.ssl_version = s->version;
+        if (!ossl_assert(sess_id_len <= SSL_MAX_SSL_SESSION_ID_LENGTH))
+            return NULL;
+
+        memcpy(data.session_id, sess_id, sess_id_len);
+        data.session_id_length = sess_id_len;
+
+        CRYPTO_THREAD_read_lock(s->session_ctx->lock);
+        ret = lh_SSL_SESSION_retrieve(s->session_ctx->sessions, &data);
+        if (ret != NULL) {
+            /* don't allow other threads to steal it: */
+            SSL_SESSION_up_ref(ret);
+        }
+        CRYPTO_THREAD_unlock(s->session_ctx->lock);
+        if (ret == NULL)
+            tsan_counter(&s->session_ctx->stats.sess_miss);
+    }
+
+    if (ret == NULL && s->session_ctx->get_session_cb != NULL) {
+        int copy = 1;
+
+        ret = s->session_ctx->get_session_cb(s, sess_id, sess_id_len, &copy);
+
+        if (ret != NULL) {
+            tsan_counter(&s->session_ctx->stats.sess_cb_hit);
+
+            /*
+             * Increment reference count now if the session callback asks us
+             * to do so (note that if the session structures returned by the
+             * callback are shared between threads, it must handle the
+             * reference count itself [i.e. copy == 0], or things won't be
+             * thread-safe).
+             */
+            if (copy)
+                SSL_SESSION_up_ref(ret);
+
+            /*
+             * Add the externally cached session to the internal cache as
+             * well if and only if we are supposed to.
+             */
+            if ((s->session_ctx->session_cache_mode &
+                 SSL_SESS_CACHE_NO_INTERNAL_STORE) == 0) {
+                /*
+                 * Either return value of SSL_CTX_add_session should not
+                 * interrupt the session resumption process. The return
+                 * value is intentionally ignored.
+                 */
+                (void)SSL_CTX_add_session(s->session_ctx, ret);
+            }
+        }
+    }
+
+    return ret;
+}
+
+/*-
+ * ssl_get_prev attempts to find an SSL_SESSION to be used to resume this
+ * connection. It is only called by servers.
+ *
+ *   hello: The parsed ClientHello data
+ *
+ * Returns:
+ *   -1: fatal error
+ *    0: no session found
+ *    1: a session may have been found.
+ *
+ * Side effects:
+ *   - If a session is found then s->session is pointed at it (after freeing an
+ *     existing session if need be) and s->verify_result is set from the session.
+ *   - Both for new and resumed sessions, s->ext.ticket_expected is set to 1
+ *     if the server should issue a new session ticket (to 0 otherwise).
+ */
+int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello)
+{
+    /* This is used only by servers. */
+
+    SSL_SESSION *ret = NULL;
+    int fatal = 0;
+    int try_session_cache = 0;
+    SSL_TICKET_STATUS r;
+
+    if (SSL_IS_TLS13(s)) {
+        /*
+         * By default we will send a new ticket. This can be overridden in the
+         * ticket processing.
+         */
+        s->ext.ticket_expected = 1;
+        if (!tls_parse_extension(s, TLSEXT_IDX_psk_kex_modes,
+                                 SSL_EXT_CLIENT_HELLO, hello->pre_proc_exts,
+                                 NULL, 0)
+                || !tls_parse_extension(s, TLSEXT_IDX_psk, SSL_EXT_CLIENT_HELLO,
+                                        hello->pre_proc_exts, NULL, 0))
+            return -1;
+
+        ret = s->session;
+    } else {
+        /* sets s->ext.ticket_expected */
+        r = tls_get_ticket_from_client(s, hello, &ret);
+        switch (r) {
+        case SSL_TICKET_FATAL_ERR_MALLOC:
+        case SSL_TICKET_FATAL_ERR_OTHER:
+            fatal = 1;
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GET_PREV_SESSION,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        case SSL_TICKET_NONE:
+        case SSL_TICKET_EMPTY:
+            if (hello->session_id_len > 0) {
+                try_session_cache = 1;
+                ret = lookup_sess_in_cache(s, hello->session_id,
+                                           hello->session_id_len);
+            }
+            break;
+        case SSL_TICKET_NO_DECRYPT:
+        case SSL_TICKET_SUCCESS:
+        case SSL_TICKET_SUCCESS_RENEW:
+            break;
+        }
+    }
+
+    if (ret == NULL)
+        goto err;
+
+    /* Now ret is non-NULL and we own one of its reference counts. */
+
+    /* Check TLS version consistency */
+    if (ret->ssl_version != s->version)
+        goto err;
+
+    if (ret->sid_ctx_length != s->sid_ctx_length
+        || memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) {
+        /*
+         * We have the session requested by the client, but we don't want to
+         * use it in this context.
+         */
+        goto err;               /* treat like cache miss */
+    }
+
+    if ((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) {
+        /*
+         * We can't be sure if this session is being used out of context,
+         * which is especially important for SSL_VERIFY_PEER. The application
+         * should have used SSL[_CTX]_set_session_id_context. For this error
+         * case, we generate an error instead of treating the event like a
+         * cache miss (otherwise it would be easy for applications to
+         * effectively disable the session cache by accident without anyone
+         * noticing).
+         */
+
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GET_PREV_SESSION,
+                 SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
+        fatal = 1;
+        goto err;
+    }
+
+    if (ret->timeout < (long)(time(NULL) - ret->time)) { /* timeout */
+        tsan_counter(&s->session_ctx->stats.sess_timeout);
+        if (try_session_cache) {
+            /* session was from the cache, so remove it */
+            SSL_CTX_remove_session(s->session_ctx, ret);
+        }
+        goto err;
+    }
+
+    /* Check extended master secret extension consistency */
+    if (ret->flags & SSL_SESS_FLAG_EXTMS) {
+        /* If old session includes extms, but new does not: abort handshake */
+        if (!(s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS)) {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SSL_GET_PREV_SESSION,
+                     SSL_R_INCONSISTENT_EXTMS);
+            fatal = 1;
+            goto err;
+        }
+    } else if (s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) {
+        /* If new session includes extms, but old does not: do not resume */
+        goto err;
+    }
+
+    if (!SSL_IS_TLS13(s)) {
+        /* We already did this for TLS1.3 */
+        SSL_SESSION_free(s->session);
+        s->session = ret;
+    }
+
+    tsan_counter(&s->session_ctx->stats.sess_hit);
+    s->verify_result = s->session->verify_result;
+    return 1;
+
+ err:
+    if (ret != NULL) {
+        SSL_SESSION_free(ret);
+        /* In TLSv1.3 s->session was already set to ret, so we NULL it out */
+        if (SSL_IS_TLS13(s))
+            s->session = NULL;
+
+        if (!try_session_cache) {
+            /*
+             * The session was from a ticket, so we should issue a ticket for
+             * the new session
+             */
+            s->ext.ticket_expected = 1;
+        }
+    }
+    if (fatal)
+        return -1;
+
+    return 0;
+}
+
+int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
+{
+    int ret = 0;
+    SSL_SESSION *s;
+
+    /*
+     * add just 1 reference count for the SSL_CTX's session cache even though
+     * it has two ways of access: each session is in a doubly linked list and
+     * an lhash
+     */
+    SSL_SESSION_up_ref(c);
+    /*
+     * if session c is in already in cache, we take back the increment later
+     */
+
+    CRYPTO_THREAD_write_lock(ctx->lock);
+    s = lh_SSL_SESSION_insert(ctx->sessions, c);
+
+    /*
+     * s != NULL iff we already had a session with the given PID. In this
+     * case, s == c should hold (then we did not really modify
+     * ctx->sessions), or we're in trouble.
+     */
+    if (s != NULL && s != c) {
+        /* We *are* in trouble ... */
+        SSL_SESSION_list_remove(ctx, s);
+        SSL_SESSION_free(s);
+        /*
+         * ... so pretend the other session did not exist in cache (we cannot
+         * handle two SSL_SESSION structures with identical session ID in the
+         * same cache, which could happen e.g. when two threads concurrently
+         * obtain the same session from an external cache)
+         */
+        s = NULL;
+    } else if (s == NULL &&
+               lh_SSL_SESSION_retrieve(ctx->sessions, c) == NULL) {
+        /* s == NULL can also mean OOM error in lh_SSL_SESSION_insert ... */
+
+        /*
+         * ... so take back the extra reference and also don't add
+         * the session to the SSL_SESSION_list at this time
+         */
+        s = c;
+    }
+
+    /* Put at the head of the queue unless it is already in the cache */
+    if (s == NULL)
+        SSL_SESSION_list_add(ctx, c);
+
+    if (s != NULL) {
+        /*
+         * existing cache entry -- decrement previously incremented reference
+         * count because it already takes into account the cache
+         */
+
+        SSL_SESSION_free(s);    /* s == c */
+        ret = 0;
+    } else {
+        /*
+         * new cache entry -- remove old ones if cache has become too large
+         */
+
+        ret = 1;
+
+        if (SSL_CTX_sess_get_cache_size(ctx) > 0) {
+            while (SSL_CTX_sess_number(ctx) > SSL_CTX_sess_get_cache_size(ctx)) {
+                if (!remove_session_lock(ctx, ctx->session_cache_tail, 0))
+                    break;
+                else
+                    tsan_counter(&ctx->stats.sess_cache_full);
+            }
+        }
+    }
+    CRYPTO_THREAD_unlock(ctx->lock);
+    return ret;
+}
+
+int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c)
+{
+    return remove_session_lock(ctx, c, 1);
+}
+
+static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck)
+{
+    SSL_SESSION *r;
+    int ret = 0;
+
+    if ((c != NULL) && (c->session_id_length != 0)) {
+        if (lck)
+            CRYPTO_THREAD_write_lock(ctx->lock);
+        if ((r = lh_SSL_SESSION_retrieve(ctx->sessions, c)) != NULL) {
+            ret = 1;
+            r = lh_SSL_SESSION_delete(ctx->sessions, r);
+            SSL_SESSION_list_remove(ctx, r);
+        }
+        c->not_resumable = 1;
+
+        if (lck)
+            CRYPTO_THREAD_unlock(ctx->lock);
+
+        if (ctx->remove_session_cb != NULL)
+            ctx->remove_session_cb(ctx, c);
+
+        if (ret)
+            SSL_SESSION_free(r);
+    } else
+        ret = 0;
+    return ret;
+}
+
+void SSL_SESSION_free(SSL_SESSION *ss)
+{
+    int i;
+
+    if (ss == NULL)
+        return;
+    CRYPTO_DOWN_REF(&ss->references, &i, ss->lock);
+    REF_PRINT_COUNT("SSL_SESSION", ss);
+    if (i > 0)
+        return;
+    REF_ASSERT_ISNT(i < 0);
+
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
+
+    OPENSSL_cleanse(ss->master_key, sizeof(ss->master_key));
+    OPENSSL_cleanse(ss->session_id, sizeof(ss->session_id));
+    X509_free(ss->peer);
+    sk_X509_pop_free(ss->peer_chain, X509_free);
+    sk_SSL_CIPHER_free(ss->ciphers);
+    OPENSSL_free(ss->ext.hostname);
+    OPENSSL_free(ss->ext.tick);
+#ifndef OPENSSL_NO_EC
+    OPENSSL_free(ss->ext.ecpointformats);
+    ss->ext.ecpointformats = NULL;
+    ss->ext.ecpointformats_len = 0;
+    OPENSSL_free(ss->ext.supportedgroups);
+    ss->ext.supportedgroups = NULL;
+    ss->ext.supportedgroups_len = 0;
+#endif                          /* OPENSSL_NO_EC */
+#ifndef OPENSSL_NO_PSK
+    OPENSSL_free(ss->psk_identity_hint);
+    OPENSSL_free(ss->psk_identity);
+#endif
+#ifndef OPENSSL_NO_SRP
+    OPENSSL_free(ss->srp_username);
+#endif
+    OPENSSL_free(ss->ext.alpn_selected);
+    OPENSSL_free(ss->ticket_appdata);
+    CRYPTO_THREAD_lock_free(ss->lock);
+    OPENSSL_clear_free(ss, sizeof(*ss));
+}
+
+int SSL_SESSION_up_ref(SSL_SESSION *ss)
+{
+    int i;
+
+    if (CRYPTO_UP_REF(&ss->references, &i, ss->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("SSL_SESSION", ss);
+    REF_ASSERT_ISNT(i < 2);
+    return ((i > 1) ? 1 : 0);
+}
+
+int SSL_set_session(SSL *s, SSL_SESSION *session)
+{
+    ssl_clear_bad_session(s);
+    if (s->ctx->method != s->method) {
+        if (!SSL_set_ssl_method(s, s->ctx->method))
+            return 0;
+    }
+
+    if (session != NULL) {
+        SSL_SESSION_up_ref(session);
+        s->verify_result = session->verify_result;
+    }
+    SSL_SESSION_free(s->session);
+    s->session = session;
+
+    return 1;
+}
+
+int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid,
+                        unsigned int sid_len)
+{
+    if (sid_len > SSL_MAX_SSL_SESSION_ID_LENGTH) {
+      SSLerr(SSL_F_SSL_SESSION_SET1_ID,
+             SSL_R_SSL_SESSION_ID_TOO_LONG);
+      return 0;
+    }
+    s->session_id_length = sid_len;
+    if (sid != s->session_id)
+        memcpy(s->session_id, sid, sid_len);
+    return 1;
+}
+
+long SSL_SESSION_set_timeout(SSL_SESSION *s, long t)
+{
+    if (s == NULL)
+        return 0;
+    s->timeout = t;
+    return 1;
+}
+
+long SSL_SESSION_get_timeout(const SSL_SESSION *s)
+{
+    if (s == NULL)
+        return 0;
+    return s->timeout;
+}
+
+long SSL_SESSION_get_time(const SSL_SESSION *s)
+{
+    if (s == NULL)
+        return 0;
+    return s->time;
+}
+
+long SSL_SESSION_set_time(SSL_SESSION *s, long t)
+{
+    if (s == NULL)
+        return 0;
+    s->time = t;
+    return t;
+}
+
+int SSL_SESSION_get_protocol_version(const SSL_SESSION *s)
+{
+    return s->ssl_version;
+}
+
+int SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version)
+{
+    s->ssl_version = version;
+    return 1;
+}
+
+const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s)
+{
+    return s->cipher;
+}
+
+int SSL_SESSION_set_cipher(SSL_SESSION *s, const SSL_CIPHER *cipher)
+{
+    s->cipher = cipher;
+    return 1;
+}
+
+const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s)
+{
+    return s->ext.hostname;
+}
+
+int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname)
+{
+    OPENSSL_free(s->ext.hostname);
+    if (hostname == NULL) {
+        s->ext.hostname = NULL;
+        return 1;
+    }
+    s->ext.hostname = OPENSSL_strdup(hostname);
+
+    return s->ext.hostname != NULL;
+}
+
+int SSL_SESSION_has_ticket(const SSL_SESSION *s)
+{
+    return (s->ext.ticklen > 0) ? 1 : 0;
+}
+
+unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s)
+{
+    return s->ext.tick_lifetime_hint;
+}
+
+void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick,
+                             size_t *len)
+{
+    *len = s->ext.ticklen;
+    if (tick != NULL)
+        *tick = s->ext.tick;
+}
+
+uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *s)
+{
+    return s->ext.max_early_data;
+}
+
+int SSL_SESSION_set_max_early_data(SSL_SESSION *s, uint32_t max_early_data)
+{
+    s->ext.max_early_data = max_early_data;
+
+    return 1;
+}
+
+void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s,
+                                    const unsigned char **alpn,
+                                    size_t *len)
+{
+    *alpn = s->ext.alpn_selected;
+    *len = s->ext.alpn_selected_len;
+}
+
+int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, const unsigned char *alpn,
+                                   size_t len)
+{
+    OPENSSL_free(s->ext.alpn_selected);
+    if (alpn == NULL || len == 0) {
+        s->ext.alpn_selected = NULL;
+        s->ext.alpn_selected_len = 0;
+        return 1;
+    }
+    s->ext.alpn_selected = OPENSSL_memdup(alpn, len);
+    if (s->ext.alpn_selected == NULL) {
+        s->ext.alpn_selected_len = 0;
+        return 0;
+    }
+    s->ext.alpn_selected_len = len;
+
+    return 1;
+}
+
+X509 *SSL_SESSION_get0_peer(SSL_SESSION *s)
+{
+    return s->peer;
+}
+
+int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
+                                unsigned int sid_ctx_len)
+{
+    if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
+        SSLerr(SSL_F_SSL_SESSION_SET1_ID_CONTEXT,
+               SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
+        return 0;
+    }
+    s->sid_ctx_length = sid_ctx_len;
+    if (sid_ctx != s->sid_ctx)
+        memcpy(s->sid_ctx, sid_ctx, sid_ctx_len);
+
+    return 1;
+}
+
+int SSL_SESSION_is_resumable(const SSL_SESSION *s)
+{
+    /*
+     * In the case of EAP-FAST, we can have a pre-shared "ticket" without a
+     * session ID.
+     */
+    return !s->not_resumable
+           && (s->session_id_length > 0 || s->ext.ticklen > 0);
+}
+
+long SSL_CTX_set_timeout(SSL_CTX *s, long t)
+{
+    long l;
+    if (s == NULL)
+        return 0;
+    l = s->session_timeout;
+    s->session_timeout = t;
+    return l;
+}
+
+long SSL_CTX_get_timeout(const SSL_CTX *s)
+{
+    if (s == NULL)
+        return 0;
+    return s->session_timeout;
+}
+
+int SSL_set_session_secret_cb(SSL *s,
+                              tls_session_secret_cb_fn tls_session_secret_cb,
+                              void *arg)
+{
+    if (s == NULL)
+        return 0;
+    s->ext.session_secret_cb = tls_session_secret_cb;
+    s->ext.session_secret_cb_arg = arg;
+    return 1;
+}
+
+int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
+                                  void *arg)
+{
+    if (s == NULL)
+        return 0;
+    s->ext.session_ticket_cb = cb;
+    s->ext.session_ticket_cb_arg = arg;
+    return 1;
+}
+
+int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len)
+{
+    if (s->version >= TLS1_VERSION) {
+        OPENSSL_free(s->ext.session_ticket);
+        s->ext.session_ticket = NULL;
+        s->ext.session_ticket =
+            OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len);
+        if (s->ext.session_ticket == NULL) {
+            SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+
+        if (ext_data != NULL) {
+            s->ext.session_ticket->length = ext_len;
+            s->ext.session_ticket->data = s->ext.session_ticket + 1;
+            memcpy(s->ext.session_ticket->data, ext_data, ext_len);
+        } else {
+            s->ext.session_ticket->length = 0;
+            s->ext.session_ticket->data = NULL;
+        }
+
+        return 1;
+    }
+
+    return 0;
+}
+
+typedef struct timeout_param_st {
+    SSL_CTX *ctx;
+    long time;
+    LHASH_OF(SSL_SESSION) *cache;
+} TIMEOUT_PARAM;
+
+static void timeout_cb(SSL_SESSION *s, TIMEOUT_PARAM *p)
+{
+    if ((p->time == 0) || (p->time > (s->time + s->timeout))) { /* timeout */
+        /*
+         * The reason we don't call SSL_CTX_remove_session() is to save on
+         * locking overhead
+         */
+        (void)lh_SSL_SESSION_delete(p->cache, s);
+        SSL_SESSION_list_remove(p->ctx, s);
+        s->not_resumable = 1;
+        if (p->ctx->remove_session_cb != NULL)
+            p->ctx->remove_session_cb(p->ctx, s);
+        SSL_SESSION_free(s);
+    }
+}
+
+IMPLEMENT_LHASH_DOALL_ARG(SSL_SESSION, TIMEOUT_PARAM);
+
+void SSL_CTX_flush_sessions(SSL_CTX *s, long t)
+{
+    unsigned long i;
+    TIMEOUT_PARAM tp;
+
+    tp.ctx = s;
+    tp.cache = s->sessions;
+    if (tp.cache == NULL)
+        return;
+    tp.time = t;
+    CRYPTO_THREAD_write_lock(s->lock);
+    i = lh_SSL_SESSION_get_down_load(s->sessions);
+    lh_SSL_SESSION_set_down_load(s->sessions, 0);
+    lh_SSL_SESSION_doall_TIMEOUT_PARAM(tp.cache, timeout_cb, &tp);
+    lh_SSL_SESSION_set_down_load(s->sessions, i);
+    CRYPTO_THREAD_unlock(s->lock);
+}
+
+int ssl_clear_bad_session(SSL *s)
+{
+    if ((s->session != NULL) &&
+        !(s->shutdown & SSL_SENT_SHUTDOWN) &&
+        !(SSL_in_init(s) || SSL_in_before(s))) {
+        SSL_CTX_remove_session(s->session_ctx, s->session);
+        return 1;
+    } else
+        return 0;
+}
+
+/* locked by SSL_CTX in the calling function */
+static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s)
+{
+    if ((s->next == NULL) || (s->prev == NULL))
+        return;
+
+    if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail)) {
+        /* last element in list */
+        if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) {
+            /* only one element in list */
+            ctx->session_cache_head = NULL;
+            ctx->session_cache_tail = NULL;
+        } else {
+            ctx->session_cache_tail = s->prev;
+            s->prev->next = (SSL_SESSION *)&(ctx->session_cache_tail);
+        }
+    } else {
+        if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) {
+            /* first element in list */
+            ctx->session_cache_head = s->next;
+            s->next->prev = (SSL_SESSION *)&(ctx->session_cache_head);
+        } else {
+            /* middle of list */
+            s->next->prev = s->prev;
+            s->prev->next = s->next;
+        }
+    }
+    s->prev = s->next = NULL;
+}
+
+static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s)
+{
+    if ((s->next != NULL) && (s->prev != NULL))
+        SSL_SESSION_list_remove(ctx, s);
+
+    if (ctx->session_cache_head == NULL) {
+        ctx->session_cache_head = s;
+        ctx->session_cache_tail = s;
+        s->prev = (SSL_SESSION *)&(ctx->session_cache_head);
+        s->next = (SSL_SESSION *)&(ctx->session_cache_tail);
+    } else {
+        s->next = ctx->session_cache_head;
+        s->next->prev = s;
+        s->prev = (SSL_SESSION *)&(ctx->session_cache_head);
+        ctx->session_cache_head = s;
+    }
+}
+
+void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
+                             int (*cb) (struct ssl_st *ssl, SSL_SESSION *sess))
+{
+    ctx->new_session_cb = cb;
+}
+
+int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)) (SSL *ssl, SSL_SESSION *sess) {
+    return ctx->new_session_cb;
+}
+
+void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
+                                void (*cb) (SSL_CTX *ctx, SSL_SESSION *sess))
+{
+    ctx->remove_session_cb = cb;
+}
+
+void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (SSL_CTX *ctx,
+                                                  SSL_SESSION *sess) {
+    return ctx->remove_session_cb;
+}
+
+void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
+                             SSL_SESSION *(*cb) (struct ssl_st *ssl,
+                                                 const unsigned char *data,
+                                                 int len, int *copy))
+{
+    ctx->get_session_cb = cb;
+}
+
+SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (SSL *ssl,
+                                                       const unsigned char
+                                                       *data, int len,
+                                                       int *copy) {
+    return ctx->get_session_cb;
+}
+
+void SSL_CTX_set_info_callback(SSL_CTX *ctx,
+                               void (*cb) (const SSL *ssl, int type, int val))
+{
+    ctx->info_callback = cb;
+}
+
+void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type,
+                                                 int val) {
+    return ctx->info_callback;
+}
+
+void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
+                                int (*cb) (SSL *ssl, X509 **x509,
+                                           EVP_PKEY **pkey))
+{
+    ctx->client_cert_cb = cb;
+}
+
+int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx)) (SSL *ssl, X509 **x509,
+                                                 EVP_PKEY **pkey) {
+    return ctx->client_cert_cb;
+}
+
+#ifndef OPENSSL_NO_ENGINE
+int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e)
+{
+    if (!ENGINE_init(e)) {
+        SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, ERR_R_ENGINE_LIB);
+        return 0;
+    }
+    if (!ENGINE_get_ssl_client_cert_function(e)) {
+        SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE,
+               SSL_R_NO_CLIENT_CERT_METHOD);
+        ENGINE_finish(e);
+        return 0;
+    }
+    ctx->client_cert_engine = e;
+    return 1;
+}
+#endif
+
+void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
+                                    int (*cb) (SSL *ssl,
+                                               unsigned char *cookie,
+                                               unsigned int *cookie_len))
+{
+    ctx->app_gen_cookie_cb = cb;
+}
+
+void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
+                                  int (*cb) (SSL *ssl,
+                                             const unsigned char *cookie,
+                                             unsigned int cookie_len))
+{
+    ctx->app_verify_cookie_cb = cb;
+}
+
+int SSL_SESSION_set1_ticket_appdata(SSL_SESSION *ss, const void *data, size_t len)
+{
+    OPENSSL_free(ss->ticket_appdata);
+    ss->ticket_appdata_len = 0;
+    if (data == NULL || len == 0) {
+        ss->ticket_appdata = NULL;
+        return 1;
+    }
+    ss->ticket_appdata = OPENSSL_memdup(data, len);
+    if (ss->ticket_appdata != NULL) {
+        ss->ticket_appdata_len = len;
+        return 1;
+    }
+    return 0;
+}
+
+int SSL_SESSION_get0_ticket_appdata(SSL_SESSION *ss, void **data, size_t *len)
+{
+    *data = ss->ticket_appdata;
+    *len = ss->ticket_appdata_len;
+    return 1;
+}
+
+void SSL_CTX_set_stateless_cookie_generate_cb(
+    SSL_CTX *ctx,
+    int (*cb) (SSL *ssl,
+               unsigned char *cookie,
+               size_t *cookie_len))
+{
+    ctx->gen_stateless_cookie_cb = cb;
+}
+
+void SSL_CTX_set_stateless_cookie_verify_cb(
+    SSL_CTX *ctx,
+    int (*cb) (SSL *ssl,
+               const unsigned char *cookie,
+               size_t cookie_len))
+{
+    ctx->verify_stateless_cookie_cb = cb;
+}
+
+IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION)
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_stat.c b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_stat.c
new file mode 100644
index 000000000..179513b1a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_stat.c
@@ -0,0 +1,388 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "ssl_locl.h"
+
+const char *SSL_state_string_long(const SSL *s)
+{
+    if (ossl_statem_in_error(s))
+        return "error";
+
+    switch (SSL_get_state(s)) {
+    case TLS_ST_CR_CERT_STATUS:
+        return "SSLv3/TLS read certificate status";
+    case TLS_ST_CW_NEXT_PROTO:
+        return "SSLv3/TLS write next proto";
+    case TLS_ST_SR_NEXT_PROTO:
+        return "SSLv3/TLS read next proto";
+    case TLS_ST_SW_CERT_STATUS:
+        return "SSLv3/TLS write certificate status";
+    case TLS_ST_BEFORE:
+        return "before SSL initialization";
+    case TLS_ST_OK:
+        return "SSL negotiation finished successfully";
+    case TLS_ST_CW_CLNT_HELLO:
+        return "SSLv3/TLS write client hello";
+    case TLS_ST_CR_SRVR_HELLO:
+        return "SSLv3/TLS read server hello";
+    case TLS_ST_CR_CERT:
+        return "SSLv3/TLS read server certificate";
+    case TLS_ST_CR_KEY_EXCH:
+        return "SSLv3/TLS read server key exchange";
+    case TLS_ST_CR_CERT_REQ:
+        return "SSLv3/TLS read server certificate request";
+    case TLS_ST_CR_SESSION_TICKET:
+        return "SSLv3/TLS read server session ticket";
+    case TLS_ST_CR_SRVR_DONE:
+        return "SSLv3/TLS read server done";
+    case TLS_ST_CW_CERT:
+        return "SSLv3/TLS write client certificate";
+    case TLS_ST_CW_KEY_EXCH:
+        return "SSLv3/TLS write client key exchange";
+    case TLS_ST_CW_CERT_VRFY:
+        return "SSLv3/TLS write certificate verify";
+    case TLS_ST_CW_CHANGE:
+    case TLS_ST_SW_CHANGE:
+        return "SSLv3/TLS write change cipher spec";
+    case TLS_ST_CW_FINISHED:
+    case TLS_ST_SW_FINISHED:
+        return "SSLv3/TLS write finished";
+    case TLS_ST_CR_CHANGE:
+    case TLS_ST_SR_CHANGE:
+        return "SSLv3/TLS read change cipher spec";
+    case TLS_ST_CR_FINISHED:
+    case TLS_ST_SR_FINISHED:
+        return "SSLv3/TLS read finished";
+    case TLS_ST_SR_CLNT_HELLO:
+        return "SSLv3/TLS read client hello";
+    case TLS_ST_SW_HELLO_REQ:
+        return "SSLv3/TLS write hello request";
+    case TLS_ST_SW_SRVR_HELLO:
+        return "SSLv3/TLS write server hello";
+    case TLS_ST_SW_CERT:
+        return "SSLv3/TLS write certificate";
+    case TLS_ST_SW_KEY_EXCH:
+        return "SSLv3/TLS write key exchange";
+    case TLS_ST_SW_CERT_REQ:
+        return "SSLv3/TLS write certificate request";
+    case TLS_ST_SW_SESSION_TICKET:
+        return "SSLv3/TLS write session ticket";
+    case TLS_ST_SW_SRVR_DONE:
+        return "SSLv3/TLS write server done";
+    case TLS_ST_SR_CERT:
+        return "SSLv3/TLS read client certificate";
+    case TLS_ST_SR_KEY_EXCH:
+        return "SSLv3/TLS read client key exchange";
+    case TLS_ST_SR_CERT_VRFY:
+        return "SSLv3/TLS read certificate verify";
+    case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
+        return "DTLS1 read hello verify request";
+    case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
+        return "DTLS1 write hello verify request";
+    case TLS_ST_SW_ENCRYPTED_EXTENSIONS:
+        return "TLSv1.3 write encrypted extensions";
+    case TLS_ST_CR_ENCRYPTED_EXTENSIONS:
+        return "TLSv1.3 read encrypted extensions";
+    case TLS_ST_CR_CERT_VRFY:
+        return "TLSv1.3 read server certificate verify";
+    case TLS_ST_SW_CERT_VRFY:
+        return "TLSv1.3 write server certificate verify";
+    case TLS_ST_CR_HELLO_REQ:
+        return "SSLv3/TLS read hello request";
+    case TLS_ST_SW_KEY_UPDATE:
+        return "TLSv1.3 write server key update";
+    case TLS_ST_CW_KEY_UPDATE:
+        return "TLSv1.3 write client key update";
+    case TLS_ST_SR_KEY_UPDATE:
+        return "TLSv1.3 read client key update";
+    case TLS_ST_CR_KEY_UPDATE:
+        return "TLSv1.3 read server key update";
+    case TLS_ST_EARLY_DATA:
+        return "TLSv1.3 early data";
+    case TLS_ST_PENDING_EARLY_DATA_END:
+        return "TLSv1.3 pending early data end";
+    case TLS_ST_CW_END_OF_EARLY_DATA:
+        return "TLSv1.3 write end of early data";
+    case TLS_ST_SR_END_OF_EARLY_DATA:
+        return "TLSv1.3 read end of early data";
+    default:
+        return "unknown state";
+    }
+}
+
+const char *SSL_state_string(const SSL *s)
+{
+    if (ossl_statem_in_error(s))
+        return "SSLERR";
+
+    switch (SSL_get_state(s)) {
+    case TLS_ST_SR_NEXT_PROTO:
+        return "TRNP";
+    case TLS_ST_SW_SESSION_TICKET:
+        return "TWST";
+    case TLS_ST_SW_CERT_STATUS:
+        return "TWCS";
+    case TLS_ST_CR_CERT_STATUS:
+        return "TRCS";
+    case TLS_ST_CR_SESSION_TICKET:
+        return "TRST";
+    case TLS_ST_CW_NEXT_PROTO:
+        return "TWNP";
+    case TLS_ST_BEFORE:
+        return "PINIT ";
+    case TLS_ST_OK:
+        return "SSLOK ";
+    case TLS_ST_CW_CLNT_HELLO:
+        return "TWCH";
+    case TLS_ST_CR_SRVR_HELLO:
+        return "TRSH";
+    case TLS_ST_CR_CERT:
+        return "TRSC";
+    case TLS_ST_CR_KEY_EXCH:
+        return "TRSKE";
+    case TLS_ST_CR_CERT_REQ:
+        return "TRCR";
+    case TLS_ST_CR_SRVR_DONE:
+        return "TRSD";
+    case TLS_ST_CW_CERT:
+        return "TWCC";
+    case TLS_ST_CW_KEY_EXCH:
+        return "TWCKE";
+    case TLS_ST_CW_CERT_VRFY:
+        return "TWCV";
+    case TLS_ST_SW_CHANGE:
+    case TLS_ST_CW_CHANGE:
+        return "TWCCS";
+    case TLS_ST_SW_FINISHED:
+    case TLS_ST_CW_FINISHED:
+        return "TWFIN";
+    case TLS_ST_SR_CHANGE:
+    case TLS_ST_CR_CHANGE:
+        return "TRCCS";
+    case TLS_ST_SR_FINISHED:
+    case TLS_ST_CR_FINISHED:
+        return "TRFIN";
+    case TLS_ST_SW_HELLO_REQ:
+        return "TWHR";
+    case TLS_ST_SR_CLNT_HELLO:
+        return "TRCH";
+    case TLS_ST_SW_SRVR_HELLO:
+        return "TWSH";
+    case TLS_ST_SW_CERT:
+        return "TWSC";
+    case TLS_ST_SW_KEY_EXCH:
+        return "TWSKE";
+    case TLS_ST_SW_CERT_REQ:
+        return "TWCR";
+    case TLS_ST_SW_SRVR_DONE:
+        return "TWSD";
+    case TLS_ST_SR_CERT:
+        return "TRCC";
+    case TLS_ST_SR_KEY_EXCH:
+        return "TRCKE";
+    case TLS_ST_SR_CERT_VRFY:
+        return "TRCV";
+    case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
+        return "DRCHV";
+    case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
+        return "DWCHV";
+    case TLS_ST_SW_ENCRYPTED_EXTENSIONS:
+        return "TWEE";
+    case TLS_ST_CR_ENCRYPTED_EXTENSIONS:
+        return "TREE";
+    case TLS_ST_CR_CERT_VRFY:
+        return "TRSCV";
+    case TLS_ST_SW_CERT_VRFY:
+        return "TRSCV";
+    case TLS_ST_CR_HELLO_REQ:
+        return "TRHR";
+    case TLS_ST_SW_KEY_UPDATE:
+        return "TWSKU";
+    case TLS_ST_CW_KEY_UPDATE:
+        return "TWCKU";
+    case TLS_ST_SR_KEY_UPDATE:
+        return "TRCKU";
+    case TLS_ST_CR_KEY_UPDATE:
+        return "TRSKU";
+    case TLS_ST_EARLY_DATA:
+        return "TED";
+    case TLS_ST_PENDING_EARLY_DATA_END:
+        return "TPEDE";
+    case TLS_ST_CW_END_OF_EARLY_DATA:
+        return "TWEOED";
+    case TLS_ST_SR_END_OF_EARLY_DATA:
+        return "TWEOED";
+    default:
+        return "UNKWN ";
+    }
+}
+
+const char *SSL_alert_type_string_long(int value)
+{
+    switch (value >> 8) {
+    case SSL3_AL_WARNING:
+        return "warning";
+    case SSL3_AL_FATAL:
+        return "fatal";
+    default:
+        return "unknown";
+    }
+}
+
+const char *SSL_alert_type_string(int value)
+{
+    switch (value >> 8) {
+    case SSL3_AL_WARNING:
+        return "W";
+    case SSL3_AL_FATAL:
+        return "F";
+    default:
+        return "U";
+    }
+}
+
+const char *SSL_alert_desc_string(int value)
+{
+    switch (value & 0xff) {
+    case SSL3_AD_CLOSE_NOTIFY:
+        return "CN";
+    case SSL3_AD_UNEXPECTED_MESSAGE:
+        return "UM";
+    case SSL3_AD_BAD_RECORD_MAC:
+        return "BM";
+    case SSL3_AD_DECOMPRESSION_FAILURE:
+        return "DF";
+    case SSL3_AD_HANDSHAKE_FAILURE:
+        return "HF";
+    case SSL3_AD_NO_CERTIFICATE:
+        return "NC";
+    case SSL3_AD_BAD_CERTIFICATE:
+        return "BC";
+    case SSL3_AD_UNSUPPORTED_CERTIFICATE:
+        return "UC";
+    case SSL3_AD_CERTIFICATE_REVOKED:
+        return "CR";
+    case SSL3_AD_CERTIFICATE_EXPIRED:
+        return "CE";
+    case SSL3_AD_CERTIFICATE_UNKNOWN:
+        return "CU";
+    case SSL3_AD_ILLEGAL_PARAMETER:
+        return "IP";
+    case TLS1_AD_DECRYPTION_FAILED:
+        return "DC";
+    case TLS1_AD_RECORD_OVERFLOW:
+        return "RO";
+    case TLS1_AD_UNKNOWN_CA:
+        return "CA";
+    case TLS1_AD_ACCESS_DENIED:
+        return "AD";
+    case TLS1_AD_DECODE_ERROR:
+        return "DE";
+    case TLS1_AD_DECRYPT_ERROR:
+        return "CY";
+    case TLS1_AD_EXPORT_RESTRICTION:
+        return "ER";
+    case TLS1_AD_PROTOCOL_VERSION:
+        return "PV";
+    case TLS1_AD_INSUFFICIENT_SECURITY:
+        return "IS";
+    case TLS1_AD_INTERNAL_ERROR:
+        return "IE";
+    case TLS1_AD_USER_CANCELLED:
+        return "US";
+    case TLS1_AD_NO_RENEGOTIATION:
+        return "NR";
+    case TLS1_AD_UNSUPPORTED_EXTENSION:
+        return "UE";
+    case TLS1_AD_CERTIFICATE_UNOBTAINABLE:
+        return "CO";
+    case TLS1_AD_UNRECOGNIZED_NAME:
+        return "UN";
+    case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
+        return "BR";
+    case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE:
+        return "BH";
+    case TLS1_AD_UNKNOWN_PSK_IDENTITY:
+        return "UP";
+    default:
+        return "UK";
+    }
+}
+
+const char *SSL_alert_desc_string_long(int value)
+{
+    switch (value & 0xff) {
+    case SSL3_AD_CLOSE_NOTIFY:
+        return "close notify";
+    case SSL3_AD_UNEXPECTED_MESSAGE:
+        return "unexpected_message";
+    case SSL3_AD_BAD_RECORD_MAC:
+        return "bad record mac";
+    case SSL3_AD_DECOMPRESSION_FAILURE:
+        return "decompression failure";
+    case SSL3_AD_HANDSHAKE_FAILURE:
+        return "handshake failure";
+    case SSL3_AD_NO_CERTIFICATE:
+        return "no certificate";
+    case SSL3_AD_BAD_CERTIFICATE:
+        return "bad certificate";
+    case SSL3_AD_UNSUPPORTED_CERTIFICATE:
+        return "unsupported certificate";
+    case SSL3_AD_CERTIFICATE_REVOKED:
+        return "certificate revoked";
+    case SSL3_AD_CERTIFICATE_EXPIRED:
+        return "certificate expired";
+    case SSL3_AD_CERTIFICATE_UNKNOWN:
+        return "certificate unknown";
+    case SSL3_AD_ILLEGAL_PARAMETER:
+        return "illegal parameter";
+    case TLS1_AD_DECRYPTION_FAILED:
+        return "decryption failed";
+    case TLS1_AD_RECORD_OVERFLOW:
+        return "record overflow";
+    case TLS1_AD_UNKNOWN_CA:
+        return "unknown CA";
+    case TLS1_AD_ACCESS_DENIED:
+        return "access denied";
+    case TLS1_AD_DECODE_ERROR:
+        return "decode error";
+    case TLS1_AD_DECRYPT_ERROR:
+        return "decrypt error";
+    case TLS1_AD_EXPORT_RESTRICTION:
+        return "export restriction";
+    case TLS1_AD_PROTOCOL_VERSION:
+        return "protocol version";
+    case TLS1_AD_INSUFFICIENT_SECURITY:
+        return "insufficient security";
+    case TLS1_AD_INTERNAL_ERROR:
+        return "internal error";
+    case TLS1_AD_USER_CANCELLED:
+        return "user canceled";
+    case TLS1_AD_NO_RENEGOTIATION:
+        return "no renegotiation";
+    case TLS1_AD_UNSUPPORTED_EXTENSION:
+        return "unsupported extension";
+    case TLS1_AD_CERTIFICATE_UNOBTAINABLE:
+        return "certificate unobtainable";
+    case TLS1_AD_UNRECOGNIZED_NAME:
+        return "unrecognized name";
+    case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
+        return "bad certificate status response";
+    case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE:
+        return "bad certificate hash value";
+    case TLS1_AD_UNKNOWN_PSK_IDENTITY:
+        return "unknown PSK identity";
+    case TLS1_AD_NO_APPLICATION_PROTOCOL:
+        return "no application protocol";
+    default:
+        return "unknown";
+    }
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_txt.c b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_txt.c
new file mode 100644
index 000000000..cf6e4c3c0
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_txt.c
@@ -0,0 +1,203 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/buffer.h>
+#include "ssl_locl.h"
+
+#ifndef OPENSSL_NO_STDIO
+int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        SSLerr(SSL_F_SSL_SESSION_PRINT_FP, ERR_R_BUF_LIB);
+        return 0;
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = SSL_SESSION_print(b, x);
+    BIO_free(b);
+    return ret;
+}
+#endif
+
+int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
+{
+    size_t i;
+    const char *s;
+    int istls13;
+
+    if (x == NULL)
+        goto err;
+    istls13 = (x->ssl_version == TLS1_3_VERSION);
+    if (BIO_puts(bp, "SSL-Session:\n") <= 0)
+        goto err;
+    s = ssl_protocol_to_string(x->ssl_version);
+    if (BIO_printf(bp, "    Protocol  : %s\n", s) <= 0)
+        goto err;
+
+    if (x->cipher == NULL) {
+        if (((x->cipher_id) & 0xff000000) == 0x02000000) {
+            if (BIO_printf(bp, "    Cipher    : %06lX\n",
+                           x->cipher_id & 0xffffff) <= 0)
+                goto err;
+        } else {
+            if (BIO_printf(bp, "    Cipher    : %04lX\n",
+                           x->cipher_id & 0xffff) <= 0)
+                goto err;
+        }
+    } else {
+        if (BIO_printf(bp, "    Cipher    : %s\n",
+                       ((x->cipher->name == NULL) ? "unknown"
+                                                  : x->cipher->name)) <= 0)
+            goto err;
+    }
+    if (BIO_puts(bp, "    Session-ID: ") <= 0)
+        goto err;
+    for (i = 0; i < x->session_id_length; i++) {
+        if (BIO_printf(bp, "%02X", x->session_id[i]) <= 0)
+            goto err;
+    }
+    if (BIO_puts(bp, "\n    Session-ID-ctx: ") <= 0)
+        goto err;
+    for (i = 0; i < x->sid_ctx_length; i++) {
+        if (BIO_printf(bp, "%02X", x->sid_ctx[i]) <= 0)
+            goto err;
+    }
+    if (istls13) {
+        if (BIO_puts(bp, "\n    Resumption PSK: ") <= 0)
+            goto err;
+    } else if (BIO_puts(bp, "\n    Master-Key: ") <= 0)
+        goto err;
+    for (i = 0; i < x->master_key_length; i++) {
+        if (BIO_printf(bp, "%02X", x->master_key[i]) <= 0)
+            goto err;
+    }
+#ifndef OPENSSL_NO_PSK
+    if (BIO_puts(bp, "\n    PSK identity: ") <= 0)
+        goto err;
+    if (BIO_printf(bp, "%s", x->psk_identity ? x->psk_identity : "None") <= 0)
+        goto err;
+    if (BIO_puts(bp, "\n    PSK identity hint: ") <= 0)
+        goto err;
+    if (BIO_printf
+        (bp, "%s", x->psk_identity_hint ? x->psk_identity_hint : "None") <= 0)
+        goto err;
+#endif
+#ifndef OPENSSL_NO_SRP
+    if (BIO_puts(bp, "\n    SRP username: ") <= 0)
+        goto err;
+    if (BIO_printf(bp, "%s", x->srp_username ? x->srp_username : "None") <= 0)
+        goto err;
+#endif
+    if (x->ext.tick_lifetime_hint) {
+        if (BIO_printf(bp,
+                       "\n    TLS session ticket lifetime hint: %ld (seconds)",
+                       x->ext.tick_lifetime_hint) <= 0)
+            goto err;
+    }
+    if (x->ext.tick) {
+        if (BIO_puts(bp, "\n    TLS session ticket:\n") <= 0)
+            goto err;
+        /* TODO(size_t): Convert this call */
+        if (BIO_dump_indent
+            (bp, (const char *)x->ext.tick, (int)x->ext.ticklen, 4)
+            <= 0)
+            goto err;
+    }
+#ifndef OPENSSL_NO_COMP
+    if (x->compress_meth != 0) {
+        SSL_COMP *comp = NULL;
+
+        if (!ssl_cipher_get_evp(x, NULL, NULL, NULL, NULL, &comp, 0))
+            goto err;
+        if (comp == NULL) {
+            if (BIO_printf(bp, "\n    Compression: %d", x->compress_meth) <= 0)
+                goto err;
+        } else {
+            if (BIO_printf(bp, "\n    Compression: %d (%s)", comp->id,
+                           comp->name) <= 0)
+                goto err;
+        }
+    }
+#endif
+    if (x->time != 0L) {
+        if (BIO_printf(bp, "\n    Start Time: %ld", x->time) <= 0)
+            goto err;
+    }
+    if (x->timeout != 0L) {
+        if (BIO_printf(bp, "\n    Timeout   : %ld (sec)", x->timeout) <= 0)
+            goto err;
+    }
+    if (BIO_puts(bp, "\n") <= 0)
+        goto err;
+
+    if (BIO_puts(bp, "    Verify return code: ") <= 0)
+        goto err;
+    if (BIO_printf(bp, "%ld (%s)\n", x->verify_result,
+                   X509_verify_cert_error_string(x->verify_result)) <= 0)
+        goto err;
+
+    if (BIO_printf(bp, "    Extended master secret: %s\n",
+                   x->flags & SSL_SESS_FLAG_EXTMS ? "yes" : "no") <= 0)
+        goto err;
+
+    if (istls13) {
+        if (BIO_printf(bp, "    Max Early Data: %u\n",
+                       x->ext.max_early_data) <= 0)
+            goto err;
+    }
+
+    return 1;
+ err:
+    return 0;
+}
+
+/*
+ * print session id and master key in NSS keylog format (RSA
+ * Session-ID:<session id> Master-Key:<master key>)
+ */
+int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x)
+{
+    size_t i;
+
+    if (x == NULL)
+        goto err;
+    if (x->session_id_length == 0 || x->master_key_length == 0)
+        goto err;
+
+    /*
+     * the RSA prefix is required by the format's definition although there's
+     * nothing RSA-specific in the output, therefore, we don't have to check if
+     * the cipher suite is based on RSA
+     */
+    if (BIO_puts(bp, "RSA ") <= 0)
+        goto err;
+
+    if (BIO_puts(bp, "Session-ID:") <= 0)
+        goto err;
+    for (i = 0; i < x->session_id_length; i++) {
+        if (BIO_printf(bp, "%02X", x->session_id[i]) <= 0)
+            goto err;
+    }
+    if (BIO_puts(bp, " Master-Key:") <= 0)
+        goto err;
+    for (i = 0; i < x->master_key_length; i++) {
+        if (BIO_printf(bp, "%02X", x->master_key[i]) <= 0)
+            goto err;
+    }
+    if (BIO_puts(bp, "\n") <= 0)
+        goto err;
+
+    return 1;
+ err:
+    return 0;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_utst.c b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_utst.c
new file mode 100644
index 000000000..cea1bc270
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_utst.c
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "ssl_locl.h"
+
+#ifndef OPENSSL_NO_UNIT_TEST
+
+static const struct openssl_ssl_test_functions ssl_test_functions = {
+    ssl_init_wbio_buffer,
+    ssl3_setup_buffers,
+};
+
+const struct openssl_ssl_test_functions *SSL_test_functions(void)
+{
+    return &ssl_test_functions;
+}
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/statem/README b/trunk/3rdparty/openssl-1.1-fit/ssl/statem/README
new file mode 100644
index 000000000..145c69db8
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/statem/README
@@ -0,0 +1,63 @@
+State Machine Design
+====================
+
+This file provides some guidance on the thinking behind the design of the
+state machine code to aid future maintenance.
+
+The state machine code replaces an older state machine present in OpenSSL
+versions 1.0.2 and below. The new state machine has the following objectives:
+    - Remove duplication of state code between client and server
+    - Remove duplication of state code between TLS and DTLS
+    - Simplify transitions and bring the logic together in a single location
+      so that it is easier to validate
+    - Remove duplication of code between each of the message handling functions
+    - Receive a message first and then work out whether that is a valid
+      transition - not the other way around (the other way causes lots of issues
+      where we are expecting one type of message next but actually get something
+      else)
+    - Separate message flow state from handshake state (in order to better
+      understand each)
+      - message flow state = when to flush buffers; handling restarts in the
+        event of NBIO events; handling the common flow of steps for reading a
+        message and the common flow of steps for writing a message etc
+      - handshake state = what handshake message are we working on now
+    - Control complexity: only the state machine can change state: keep all
+      the state changes local to the state machine component
+
+The message flow state machine is divided into a reading sub-state machine and a
+writing sub-state machine. See the source comments in statem.c for a more
+detailed description of the various states and transitions possible.
+
+Conceptually the state machine component is designed as follows:
+
+                        libssl
+                           |
+---------------------------|-----statem.h--------------------------------------
+                           |
+                    _______V____________________
+                   |                            |
+                   |    statem.c                |
+                   |                            |
+                   |    Core state machine code |
+                   |____________________________|
+        statem_locl.h     ^          ^
+                 _________|          |_______
+                |                            |
+   _____________|____________   _____________|____________
+  |                          | |                          |
+  | statem_clnt.c            | | statem_srvr.c            |
+  |                          | |                          |
+  | TLS/DTLS client specific | | TLS/DTLS server specific |
+  | state machine code       | | state machine code       |
+  |__________________________| |__________________________|
+               |        |_______________|__       |
+               |        ________________|  |      |
+               |       |                   |      |
+   ____________V_______V________   ________V______V_______________
+  |                             | |                               |
+  | statem_both.c               | | statem_dtls.c                 |
+  |                             | |                               |
+  | Non core functions common   | | Non core functions common to  |
+  | to both servers and clients | | both DTLS servers and clients |
+  |_____________________________| |_______________________________|
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/statem/extensions.c b/trunk/3rdparty/openssl-1.1-fit/ssl/statem/extensions.c
new file mode 100644
index 000000000..c3d3441a1
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/statem/extensions.c
@@ -0,0 +1,1700 @@
+/*
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include "internal/nelem.h"
+#include "internal/cryptlib.h"
+#include "../ssl_locl.h"
+#include "statem_locl.h"
+#include "internal/cryptlib.h"
+
+static int final_renegotiate(SSL *s, unsigned int context, int sent);
+static int init_server_name(SSL *s, unsigned int context);
+static int final_server_name(SSL *s, unsigned int context, int sent);
+#ifndef OPENSSL_NO_EC
+static int final_ec_pt_formats(SSL *s, unsigned int context, int sent);
+#endif
+static int init_session_ticket(SSL *s, unsigned int context);
+#ifndef OPENSSL_NO_OCSP
+static int init_status_request(SSL *s, unsigned int context);
+#endif
+#ifndef OPENSSL_NO_NEXTPROTONEG
+static int init_npn(SSL *s, unsigned int context);
+#endif
+static int init_alpn(SSL *s, unsigned int context);
+static int final_alpn(SSL *s, unsigned int context, int sent);
+static int init_sig_algs_cert(SSL *s, unsigned int context);
+static int init_sig_algs(SSL *s, unsigned int context);
+static int init_certificate_authorities(SSL *s, unsigned int context);
+static EXT_RETURN tls_construct_certificate_authorities(SSL *s, WPACKET *pkt,
+                                                        unsigned int context,
+                                                        X509 *x,
+                                                        size_t chainidx);
+static int tls_parse_certificate_authorities(SSL *s, PACKET *pkt,
+                                             unsigned int context, X509 *x,
+                                             size_t chainidx);
+#ifndef OPENSSL_NO_SRP
+static int init_srp(SSL *s, unsigned int context);
+#endif
+static int init_etm(SSL *s, unsigned int context);
+static int init_ems(SSL *s, unsigned int context);
+static int final_ems(SSL *s, unsigned int context, int sent);
+static int init_psk_kex_modes(SSL *s, unsigned int context);
+#ifndef OPENSSL_NO_EC
+static int final_key_share(SSL *s, unsigned int context, int sent);
+#endif
+#ifndef OPENSSL_NO_SRTP
+static int init_srtp(SSL *s, unsigned int context);
+#endif
+static int final_sig_algs(SSL *s, unsigned int context, int sent);
+static int final_early_data(SSL *s, unsigned int context, int sent);
+static int final_maxfragmentlen(SSL *s, unsigned int context, int sent);
+static int init_post_handshake_auth(SSL *s, unsigned int context);
+
+/* Structure to define a built-in extension */
+typedef struct extensions_definition_st {
+    /* The defined type for the extension */
+    unsigned int type;
+    /*
+     * The context that this extension applies to, e.g. what messages and
+     * protocol versions
+     */
+    unsigned int context;
+    /*
+     * Initialise extension before parsing. Always called for relevant contexts
+     * even if extension not present
+     */
+    int (*init)(SSL *s, unsigned int context);
+    /* Parse extension sent from client to server */
+    int (*parse_ctos)(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                      size_t chainidx);
+    /* Parse extension send from server to client */
+    int (*parse_stoc)(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                      size_t chainidx);
+    /* Construct extension sent from server to client */
+    EXT_RETURN (*construct_stoc)(SSL *s, WPACKET *pkt, unsigned int context,
+                                 X509 *x, size_t chainidx);
+    /* Construct extension sent from client to server */
+    EXT_RETURN (*construct_ctos)(SSL *s, WPACKET *pkt, unsigned int context,
+                                 X509 *x, size_t chainidx);
+    /*
+     * Finalise extension after parsing. Always called where an extensions was
+     * initialised even if the extension was not present. |sent| is set to 1 if
+     * the extension was seen, or 0 otherwise.
+     */
+    int (*final)(SSL *s, unsigned int context, int sent);
+} EXTENSION_DEFINITION;
+
+/*
+ * Definitions of all built-in extensions. NOTE: Changes in the number or order
+ * of these extensions should be mirrored with equivalent changes to the
+ * indexes ( TLSEXT_IDX_* ) defined in ssl_locl.h.
+ * Each extension has an initialiser, a client and
+ * server side parser and a finaliser. The initialiser is called (if the
+ * extension is relevant to the given context) even if we did not see the
+ * extension in the message that we received. The parser functions are only
+ * called if we see the extension in the message. The finalisers are always
+ * called if the initialiser was called.
+ * There are also server and client side constructor functions which are always
+ * called during message construction if the extension is relevant for the
+ * given context.
+ * The initialisation, parsing, finalisation and construction functions are
+ * always called in the order defined in this list. Some extensions may depend
+ * on others having been processed first, so the order of this list is
+ * significant.
+ * The extension context is defined by a series of flags which specify which
+ * messages the extension is relevant to. These flags also specify whether the
+ * extension is relevant to a particular protocol or protocol version.
+ *
+ * TODO(TLS1.3): Make sure we have a test to check the consistency of these
+ *
+ * NOTE: WebSphere Application Server 7+ cannot handle empty extensions at
+ * the end, keep these extensions before signature_algorithm.
+ */
+#define INVALID_EXTENSION { 0x10000, 0, NULL, NULL, NULL, NULL, NULL, NULL }
+static const EXTENSION_DEFINITION ext_defs[] = {
+    {
+        TLSEXT_TYPE_renegotiate,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
+        | SSL_EXT_SSL3_ALLOWED | SSL_EXT_TLS1_2_AND_BELOW_ONLY,
+        NULL, tls_parse_ctos_renegotiate, tls_parse_stoc_renegotiate,
+        tls_construct_stoc_renegotiate, tls_construct_ctos_renegotiate,
+        final_renegotiate
+    },
+    {
+        TLSEXT_TYPE_server_name,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
+        | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS,
+        init_server_name,
+        tls_parse_ctos_server_name, tls_parse_stoc_server_name,
+        tls_construct_stoc_server_name, tls_construct_ctos_server_name,
+        final_server_name
+    },
+    {
+        TLSEXT_TYPE_max_fragment_length,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
+        | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS,
+        NULL, tls_parse_ctos_maxfragmentlen, tls_parse_stoc_maxfragmentlen,
+        tls_construct_stoc_maxfragmentlen, tls_construct_ctos_maxfragmentlen,
+        final_maxfragmentlen
+    },
+#ifndef OPENSSL_NO_SRP
+    {
+        TLSEXT_TYPE_srp,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_AND_BELOW_ONLY,
+        init_srp, tls_parse_ctos_srp, NULL, NULL, tls_construct_ctos_srp, NULL
+    },
+#else
+    INVALID_EXTENSION,
+#endif
+#ifndef OPENSSL_NO_EC
+    {
+        TLSEXT_TYPE_ec_point_formats,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
+        | SSL_EXT_TLS1_2_AND_BELOW_ONLY,
+        NULL, tls_parse_ctos_ec_pt_formats, tls_parse_stoc_ec_pt_formats,
+        tls_construct_stoc_ec_pt_formats, tls_construct_ctos_ec_pt_formats,
+        final_ec_pt_formats
+    },
+    {
+        /*
+         * "supported_groups" is spread across several specifications.
+         * It was originally specified as "elliptic_curves" in RFC 4492,
+         * and broadened to include named FFDH groups by RFC 7919.
+         * Both RFCs 4492 and 7919 do not include a provision for the server
+         * to indicate to the client the complete list of groups supported
+         * by the server, with the server instead just indicating the
+         * selected group for this connection in the ServerKeyExchange
+         * message.  TLS 1.3 adds a scheme for the server to indicate
+         * to the client its list of supported groups in the
+         * EncryptedExtensions message, but none of the relevant
+         * specifications permit sending supported_groups in the ServerHello.
+         * Nonetheless (possibly due to the close proximity to the
+         * "ec_point_formats" extension, which is allowed in the ServerHello),
+         * there are several servers that send this extension in the
+         * ServerHello anyway.  Up to and including the 1.1.0 release,
+         * we did not check for the presence of nonpermitted extensions,
+         * so to avoid a regression, we must permit this extension in the
+         * TLS 1.2 ServerHello as well.
+         *
+         * Note that there is no tls_parse_stoc_supported_groups function,
+         * so we do not perform any additional parsing, validation, or
+         * processing on the server's group list -- this is just a minimal
+         * change to preserve compatibility with these misbehaving servers.
+         */
+        TLSEXT_TYPE_supported_groups,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS
+        | SSL_EXT_TLS1_2_SERVER_HELLO,
+        NULL, tls_parse_ctos_supported_groups, NULL,
+        tls_construct_stoc_supported_groups,
+        tls_construct_ctos_supported_groups, NULL
+    },
+#else
+    INVALID_EXTENSION,
+    INVALID_EXTENSION,
+#endif
+    {
+        TLSEXT_TYPE_session_ticket,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
+        | SSL_EXT_TLS1_2_AND_BELOW_ONLY,
+        init_session_ticket, tls_parse_ctos_session_ticket,
+        tls_parse_stoc_session_ticket, tls_construct_stoc_session_ticket,
+        tls_construct_ctos_session_ticket, NULL
+    },
+#ifndef OPENSSL_NO_OCSP
+    {
+        TLSEXT_TYPE_status_request,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
+        | SSL_EXT_TLS1_3_CERTIFICATE | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST,
+        init_status_request, tls_parse_ctos_status_request,
+        tls_parse_stoc_status_request, tls_construct_stoc_status_request,
+        tls_construct_ctos_status_request, NULL
+    },
+#else
+    INVALID_EXTENSION,
+#endif
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    {
+        TLSEXT_TYPE_next_proto_neg,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
+        | SSL_EXT_TLS1_2_AND_BELOW_ONLY,
+        init_npn, tls_parse_ctos_npn, tls_parse_stoc_npn,
+        tls_construct_stoc_next_proto_neg, tls_construct_ctos_npn, NULL
+    },
+#else
+    INVALID_EXTENSION,
+#endif
+    {
+        /*
+         * Must appear in this list after server_name so that finalisation
+         * happens after server_name callbacks
+         */
+        TLSEXT_TYPE_application_layer_protocol_negotiation,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
+        | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS,
+        init_alpn, tls_parse_ctos_alpn, tls_parse_stoc_alpn,
+        tls_construct_stoc_alpn, tls_construct_ctos_alpn, final_alpn
+    },
+#ifndef OPENSSL_NO_SRTP
+    {
+        TLSEXT_TYPE_use_srtp,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
+        | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS | SSL_EXT_DTLS_ONLY,
+        init_srtp, tls_parse_ctos_use_srtp, tls_parse_stoc_use_srtp,
+        tls_construct_stoc_use_srtp, tls_construct_ctos_use_srtp, NULL
+    },
+#else
+    INVALID_EXTENSION,
+#endif
+    {
+        TLSEXT_TYPE_encrypt_then_mac,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
+        | SSL_EXT_TLS1_2_AND_BELOW_ONLY,
+        init_etm, tls_parse_ctos_etm, tls_parse_stoc_etm,
+        tls_construct_stoc_etm, tls_construct_ctos_etm, NULL
+    },
+#ifndef OPENSSL_NO_CT
+    {
+        TLSEXT_TYPE_signed_certificate_timestamp,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
+        | SSL_EXT_TLS1_3_CERTIFICATE | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST,
+        NULL,
+        /*
+         * No server side support for this, but can be provided by a custom
+         * extension. This is an exception to the rule that custom extensions
+         * cannot override built in ones.
+         */
+        NULL, tls_parse_stoc_sct, NULL, tls_construct_ctos_sct,  NULL
+    },
+#else
+    INVALID_EXTENSION,
+#endif
+    {
+        TLSEXT_TYPE_extended_master_secret,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
+        | SSL_EXT_TLS1_2_AND_BELOW_ONLY,
+        init_ems, tls_parse_ctos_ems, tls_parse_stoc_ems,
+        tls_construct_stoc_ems, tls_construct_ctos_ems, final_ems
+    },
+    {
+        TLSEXT_TYPE_signature_algorithms_cert,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST,
+        init_sig_algs_cert, tls_parse_ctos_sig_algs_cert,
+        tls_parse_ctos_sig_algs_cert,
+        /* We do not generate signature_algorithms_cert at present. */
+        NULL, NULL, NULL
+    },
+    {
+        TLSEXT_TYPE_post_handshake_auth,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_ONLY,
+        init_post_handshake_auth,
+        tls_parse_ctos_post_handshake_auth, NULL,
+        NULL, tls_construct_ctos_post_handshake_auth,
+        NULL,
+    },
+    {
+        TLSEXT_TYPE_signature_algorithms,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST,
+        init_sig_algs, tls_parse_ctos_sig_algs,
+        tls_parse_ctos_sig_algs, tls_construct_ctos_sig_algs,
+        tls_construct_ctos_sig_algs, final_sig_algs
+    },
+    {
+        TLSEXT_TYPE_supported_versions,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_SERVER_HELLO
+        | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST | SSL_EXT_TLS_IMPLEMENTATION_ONLY,
+        NULL,
+        /* Processed inline as part of version selection */
+        NULL, tls_parse_stoc_supported_versions,
+        tls_construct_stoc_supported_versions,
+        tls_construct_ctos_supported_versions, NULL
+    },
+    {
+        TLSEXT_TYPE_psk_kex_modes,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS_IMPLEMENTATION_ONLY
+        | SSL_EXT_TLS1_3_ONLY,
+        init_psk_kex_modes, tls_parse_ctos_psk_kex_modes, NULL, NULL,
+        tls_construct_ctos_psk_kex_modes, NULL
+    },
+#ifndef OPENSSL_NO_EC
+    {
+        /*
+         * Must be in this list after supported_groups. We need that to have
+         * been parsed before we do this one.
+         */
+        TLSEXT_TYPE_key_share,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_SERVER_HELLO
+        | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST | SSL_EXT_TLS_IMPLEMENTATION_ONLY
+        | SSL_EXT_TLS1_3_ONLY,
+        NULL, tls_parse_ctos_key_share, tls_parse_stoc_key_share,
+        tls_construct_stoc_key_share, tls_construct_ctos_key_share,
+        final_key_share
+    },
+#endif
+    {
+        /* Must be after key_share */
+        TLSEXT_TYPE_cookie,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST
+        | SSL_EXT_TLS_IMPLEMENTATION_ONLY | SSL_EXT_TLS1_3_ONLY,
+        NULL, tls_parse_ctos_cookie, tls_parse_stoc_cookie,
+        tls_construct_stoc_cookie, tls_construct_ctos_cookie, NULL
+    },
+    {
+        /*
+         * Special unsolicited ServerHello extension only used when
+         * SSL_OP_CRYPTOPRO_TLSEXT_BUG is set. We allow it in a ClientHello but
+         * ignore it.
+         */
+        TLSEXT_TYPE_cryptopro_bug,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
+        | SSL_EXT_TLS1_2_AND_BELOW_ONLY,
+        NULL, NULL, NULL, tls_construct_stoc_cryptopro_bug, NULL, NULL
+    },
+    {
+        TLSEXT_TYPE_early_data,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS
+        | SSL_EXT_TLS1_3_NEW_SESSION_TICKET | SSL_EXT_TLS1_3_ONLY,
+        NULL, tls_parse_ctos_early_data, tls_parse_stoc_early_data,
+        tls_construct_stoc_early_data, tls_construct_ctos_early_data,
+        final_early_data
+    },
+    {
+        TLSEXT_TYPE_certificate_authorities,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST
+        | SSL_EXT_TLS1_3_ONLY,
+        init_certificate_authorities,
+        tls_parse_certificate_authorities, tls_parse_certificate_authorities,
+        tls_construct_certificate_authorities,
+        tls_construct_certificate_authorities, NULL,
+    },
+    {
+        /* Must be immediately before pre_shared_key */
+        TLSEXT_TYPE_padding,
+        SSL_EXT_CLIENT_HELLO,
+        NULL,
+        /* We send this, but don't read it */
+        NULL, NULL, NULL, tls_construct_ctos_padding, NULL
+    },
+    {
+        /* Required by the TLSv1.3 spec to always be the last extension */
+        TLSEXT_TYPE_psk,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_SERVER_HELLO
+        | SSL_EXT_TLS_IMPLEMENTATION_ONLY | SSL_EXT_TLS1_3_ONLY,
+        NULL, tls_parse_ctos_psk, tls_parse_stoc_psk, tls_construct_stoc_psk,
+        tls_construct_ctos_psk, NULL
+    }
+};
+
+/* Check whether an extension's context matches the current context */
+static int validate_context(SSL *s, unsigned int extctx, unsigned int thisctx)
+{
+    /* Check we're allowed to use this extension in this context */
+    if ((thisctx & extctx) == 0)
+        return 0;
+
+    if (SSL_IS_DTLS(s)) {
+        if ((extctx & SSL_EXT_TLS_ONLY) != 0)
+            return 0;
+    } else if ((extctx & SSL_EXT_DTLS_ONLY) != 0) {
+        return 0;
+    }
+
+    return 1;
+}
+
+int tls_validate_all_contexts(SSL *s, unsigned int thisctx, RAW_EXTENSION *exts)
+{
+    size_t i, num_exts, builtin_num = OSSL_NELEM(ext_defs), offset;
+    RAW_EXTENSION *thisext;
+    unsigned int context;
+    ENDPOINT role = ENDPOINT_BOTH;
+
+    if ((thisctx & SSL_EXT_CLIENT_HELLO) != 0)
+        role = ENDPOINT_SERVER;
+    else if ((thisctx & SSL_EXT_TLS1_2_SERVER_HELLO) != 0)
+        role = ENDPOINT_CLIENT;
+
+    /* Calculate the number of extensions in the extensions list */
+    num_exts = builtin_num + s->cert->custext.meths_count;
+
+    for (thisext = exts, i = 0; i < num_exts; i++, thisext++) {
+        if (!thisext->present)
+            continue;
+
+        if (i < builtin_num) {
+            context = ext_defs[i].context;
+        } else {
+            custom_ext_method *meth = NULL;
+
+            meth = custom_ext_find(&s->cert->custext, role, thisext->type,
+                                   &offset);
+            if (!ossl_assert(meth != NULL))
+                return 0;
+            context = meth->context;
+        }
+
+        if (!validate_context(s, context, thisctx))
+            return 0;
+    }
+
+    return 1;
+}
+
+/*
+ * Verify whether we are allowed to use the extension |type| in the current
+ * |context|. Returns 1 to indicate the extension is allowed or unknown or 0 to
+ * indicate the extension is not allowed. If returning 1 then |*found| is set to
+ * the definition for the extension we found.
+ */
+static int verify_extension(SSL *s, unsigned int context, unsigned int type,
+                            custom_ext_methods *meths, RAW_EXTENSION *rawexlist,
+                            RAW_EXTENSION **found)
+{
+    size_t i;
+    size_t builtin_num = OSSL_NELEM(ext_defs);
+    const EXTENSION_DEFINITION *thisext;
+
+    for (i = 0, thisext = ext_defs; i < builtin_num; i++, thisext++) {
+        if (type == thisext->type) {
+            if (!validate_context(s, thisext->context, context))
+                return 0;
+
+            *found = &rawexlist[i];
+            return 1;
+        }
+    }
+
+    /* Check the custom extensions */
+    if (meths != NULL) {
+        size_t offset = 0;
+        ENDPOINT role = ENDPOINT_BOTH;
+        custom_ext_method *meth = NULL;
+
+        if ((context & SSL_EXT_CLIENT_HELLO) != 0)
+            role = ENDPOINT_SERVER;
+        else if ((context & SSL_EXT_TLS1_2_SERVER_HELLO) != 0)
+            role = ENDPOINT_CLIENT;
+
+        meth = custom_ext_find(meths, role, type, &offset);
+        if (meth != NULL) {
+            if (!validate_context(s, meth->context, context))
+                return 0;
+            *found = &rawexlist[offset + builtin_num];
+            return 1;
+        }
+    }
+
+    /* Unknown extension. We allow it */
+    *found = NULL;
+    return 1;
+}
+
+/*
+ * Check whether the context defined for an extension |extctx| means whether
+ * the extension is relevant for the current context |thisctx| or not. Returns
+ * 1 if the extension is relevant for this context, and 0 otherwise
+ */
+int extension_is_relevant(SSL *s, unsigned int extctx, unsigned int thisctx)
+{
+    int is_tls13;
+
+    /*
+     * For HRR we haven't selected the version yet but we know it will be
+     * TLSv1.3
+     */
+    if ((thisctx & SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST) != 0)
+        is_tls13 = 1;
+    else
+        is_tls13 = SSL_IS_TLS13(s);
+
+    if ((SSL_IS_DTLS(s)
+                && (extctx & SSL_EXT_TLS_IMPLEMENTATION_ONLY) != 0)
+            || (s->version == SSL3_VERSION
+                    && (extctx & SSL_EXT_SSL3_ALLOWED) == 0)
+            /*
+             * Note that SSL_IS_TLS13() means "TLS 1.3 has been negotiated",
+             * which is never true when generating the ClientHello.
+             * However, version negotiation *has* occurred by the time the
+             * ClientHello extensions are being parsed.
+             * Be careful to allow TLS 1.3-only extensions when generating
+             * the ClientHello.
+             */
+            || (is_tls13 && (extctx & SSL_EXT_TLS1_2_AND_BELOW_ONLY) != 0)
+            || (!is_tls13 && (extctx & SSL_EXT_TLS1_3_ONLY) != 0
+                && (thisctx & SSL_EXT_CLIENT_HELLO) == 0)
+            || (s->server && !is_tls13 && (extctx & SSL_EXT_TLS1_3_ONLY) != 0)
+            || (s->hit && (extctx & SSL_EXT_IGNORE_ON_RESUMPTION) != 0))
+        return 0;
+    return 1;
+}
+
+/*
+ * Gather a list of all the extensions from the data in |packet]. |context|
+ * tells us which message this extension is for. The raw extension data is
+ * stored in |*res| on success. We don't actually process the content of the
+ * extensions yet, except to check their types. This function also runs the
+ * initialiser functions for all known extensions if |init| is nonzero (whether
+ * we have collected them or not). If successful the caller is responsible for
+ * freeing the contents of |*res|.
+ *
+ * Per http://tools.ietf.org/html/rfc5246#section-7.4.1.4, there may not be
+ * more than one extension of the same type in a ClientHello or ServerHello.
+ * This function returns 1 if all extensions are unique and we have parsed their
+ * types, and 0 if the extensions contain duplicates, could not be successfully
+ * found, or an internal error occurred. We only check duplicates for
+ * extensions that we know about. We ignore others.
+ */
+int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context,
+                           RAW_EXTENSION **res, size_t *len, int init)
+{
+    PACKET extensions = *packet;
+    size_t i = 0;
+    size_t num_exts;
+    custom_ext_methods *exts = &s->cert->custext;
+    RAW_EXTENSION *raw_extensions = NULL;
+    const EXTENSION_DEFINITION *thisexd;
+
+    *res = NULL;
+
+    /*
+     * Initialise server side custom extensions. Client side is done during
+     * construction of extensions for the ClientHello.
+     */
+    if ((context & SSL_EXT_CLIENT_HELLO) != 0)
+        custom_ext_init(&s->cert->custext);
+
+    num_exts = OSSL_NELEM(ext_defs) + (exts != NULL ? exts->meths_count : 0);
+    raw_extensions = OPENSSL_zalloc(num_exts * sizeof(*raw_extensions));
+    if (raw_extensions == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_COLLECT_EXTENSIONS,
+                 ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    i = 0;
+    while (PACKET_remaining(&extensions) > 0) {
+        unsigned int type, idx;
+        PACKET extension;
+        RAW_EXTENSION *thisex;
+
+        if (!PACKET_get_net_2(&extensions, &type) ||
+            !PACKET_get_length_prefixed_2(&extensions, &extension)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_COLLECT_EXTENSIONS,
+                     SSL_R_BAD_EXTENSION);
+            goto err;
+        }
+        /*
+         * Verify this extension is allowed. We only check duplicates for
+         * extensions that we recognise. We also have a special case for the
+         * PSK extension, which must be the last one in the ClientHello.
+         */
+        if (!verify_extension(s, context, type, exts, raw_extensions, &thisex)
+                || (thisex != NULL && thisex->present == 1)
+                || (type == TLSEXT_TYPE_psk
+                    && (context & SSL_EXT_CLIENT_HELLO) != 0
+                    && PACKET_remaining(&extensions) != 0)) {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_COLLECT_EXTENSIONS,
+                     SSL_R_BAD_EXTENSION);
+            goto err;
+        }
+        idx = thisex - raw_extensions;
+        /*-
+         * Check that we requested this extension (if appropriate). Requests can
+         * be sent in the ClientHello and CertificateRequest. Unsolicited
+         * extensions can be sent in the NewSessionTicket. We only do this for
+         * the built-in extensions. Custom extensions have a different but
+         * similar check elsewhere.
+         * Special cases:
+         * - The HRR cookie extension is unsolicited
+         * - The renegotiate extension is unsolicited (the client signals
+         *   support via an SCSV)
+         * - The signed_certificate_timestamp extension can be provided by a
+         * custom extension or by the built-in version. We let the extension
+         * itself handle unsolicited response checks.
+         */
+        if (idx < OSSL_NELEM(ext_defs)
+                && (context & (SSL_EXT_CLIENT_HELLO
+                               | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST
+                               | SSL_EXT_TLS1_3_NEW_SESSION_TICKET)) == 0
+                && type != TLSEXT_TYPE_cookie
+                && type != TLSEXT_TYPE_renegotiate
+                && type != TLSEXT_TYPE_signed_certificate_timestamp
+                && (s->ext.extflags[idx] & SSL_EXT_FLAG_SENT) == 0
+#ifndef OPENSSL_NO_GOST
+                && !((context & SSL_EXT_TLS1_2_SERVER_HELLO) != 0
+                     && type == TLSEXT_TYPE_cryptopro_bug)
+#endif
+								) {
+            SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION,
+                     SSL_F_TLS_COLLECT_EXTENSIONS, SSL_R_UNSOLICITED_EXTENSION);
+            goto err;
+        }
+        if (thisex != NULL) {
+            thisex->data = extension;
+            thisex->present = 1;
+            thisex->type = type;
+            thisex->received_order = i++;
+            if (s->ext.debug_cb)
+                s->ext.debug_cb(s, !s->server, thisex->type,
+                                PACKET_data(&thisex->data),
+                                PACKET_remaining(&thisex->data),
+                                s->ext.debug_arg);
+        }
+    }
+
+    if (init) {
+        /*
+         * Initialise all known extensions relevant to this context,
+         * whether we have found them or not
+         */
+        for (thisexd = ext_defs, i = 0; i < OSSL_NELEM(ext_defs);
+             i++, thisexd++) {
+            if (thisexd->init != NULL && (thisexd->context & context) != 0
+                && extension_is_relevant(s, thisexd->context, context)
+                && !thisexd->init(s, context)) {
+                /* SSLfatal() already called */
+                goto err;
+            }
+        }
+    }
+
+    *res = raw_extensions;
+    if (len != NULL)
+        *len = num_exts;
+    return 1;
+
+ err:
+    OPENSSL_free(raw_extensions);
+    return 0;
+}
+
+/*
+ * Runs the parser for a given extension with index |idx|. |exts| contains the
+ * list of all parsed extensions previously collected by
+ * tls_collect_extensions(). The parser is only run if it is applicable for the
+ * given |context| and the parser has not already been run. If this is for a
+ * Certificate message, then we also provide the parser with the relevant
+ * Certificate |x| and its position in the |chainidx| with 0 being the first
+ * Certificate. Returns 1 on success or 0 on failure. If an extension is not
+ * present this counted as success.
+ */
+int tls_parse_extension(SSL *s, TLSEXT_INDEX idx, int context,
+                        RAW_EXTENSION *exts, X509 *x, size_t chainidx)
+{
+    RAW_EXTENSION *currext = &exts[idx];
+    int (*parser)(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                  size_t chainidx) = NULL;
+
+    /* Skip if the extension is not present */
+    if (!currext->present)
+        return 1;
+
+    /* Skip if we've already parsed this extension */
+    if (currext->parsed)
+        return 1;
+
+    currext->parsed = 1;
+
+    if (idx < OSSL_NELEM(ext_defs)) {
+        /* We are handling a built-in extension */
+        const EXTENSION_DEFINITION *extdef = &ext_defs[idx];
+
+        /* Check if extension is defined for our protocol. If not, skip */
+        if (!extension_is_relevant(s, extdef->context, context))
+            return 1;
+
+        parser = s->server ? extdef->parse_ctos : extdef->parse_stoc;
+
+        if (parser != NULL)
+            return parser(s, &currext->data, context, x, chainidx);
+
+        /*
+         * If the parser is NULL we fall through to the custom extension
+         * processing
+         */
+    }
+
+    /* Parse custom extensions */
+    return custom_ext_parse(s, context, currext->type,
+                            PACKET_data(&currext->data),
+                            PACKET_remaining(&currext->data),
+                            x, chainidx);
+}
+
+/*
+ * Parse all remaining extensions that have not yet been parsed. Also calls the
+ * finalisation for all extensions at the end if |fin| is nonzero, whether we
+ * collected them or not. Returns 1 for success or 0 for failure. If we are
+ * working on a Certificate message then we also pass the Certificate |x| and
+ * its position in the |chainidx|, with 0 being the first certificate.
+ */
+int tls_parse_all_extensions(SSL *s, int context, RAW_EXTENSION *exts, X509 *x,
+                             size_t chainidx, int fin)
+{
+    size_t i, numexts = OSSL_NELEM(ext_defs);
+    const EXTENSION_DEFINITION *thisexd;
+
+    /* Calculate the number of extensions in the extensions list */
+    numexts += s->cert->custext.meths_count;
+
+    /* Parse each extension in turn */
+    for (i = 0; i < numexts; i++) {
+        if (!tls_parse_extension(s, i, context, exts, x, chainidx)) {
+            /* SSLfatal() already called */
+            return 0;
+        }
+    }
+
+    if (fin) {
+        /*
+         * Finalise all known extensions relevant to this context,
+         * whether we have found them or not
+         */
+        for (i = 0, thisexd = ext_defs; i < OSSL_NELEM(ext_defs);
+             i++, thisexd++) {
+            if (thisexd->final != NULL && (thisexd->context & context) != 0
+                && !thisexd->final(s, context, exts[i].present)) {
+                /* SSLfatal() already called */
+                return 0;
+            }
+        }
+    }
+
+    return 1;
+}
+
+int should_add_extension(SSL *s, unsigned int extctx, unsigned int thisctx,
+                         int max_version)
+{
+    /* Skip if not relevant for our context */
+    if ((extctx & thisctx) == 0)
+        return 0;
+
+    /* Check if this extension is defined for our protocol. If not, skip */
+    if (!extension_is_relevant(s, extctx, thisctx)
+            || ((extctx & SSL_EXT_TLS1_3_ONLY) != 0
+                && (thisctx & SSL_EXT_CLIENT_HELLO) != 0
+                && (SSL_IS_DTLS(s) || max_version < TLS1_3_VERSION)))
+        return 0;
+
+    return 1;
+}
+
+/*
+ * Construct all the extensions relevant to the current |context| and write
+ * them to |pkt|. If this is an extension for a Certificate in a Certificate
+ * message, then |x| will be set to the Certificate we are handling, and
+ * |chainidx| will indicate the position in the chainidx we are processing (with
+ * 0 being the first in the chain). Returns 1 on success or 0 on failure. On a
+ * failure construction stops at the first extension to fail to construct.
+ */
+int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context,
+                             X509 *x, size_t chainidx)
+{
+    size_t i;
+    int min_version, max_version = 0, reason;
+    const EXTENSION_DEFINITION *thisexd;
+
+    if (!WPACKET_start_sub_packet_u16(pkt)
+               /*
+                * If extensions are of zero length then we don't even add the
+                * extensions length bytes to a ClientHello/ServerHello
+                * (for non-TLSv1.3).
+                */
+            || ((context &
+                 (SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO)) != 0
+                && !WPACKET_set_flags(pkt,
+                                     WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH))) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_EXTENSIONS,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    if ((context & SSL_EXT_CLIENT_HELLO) != 0) {
+        reason = ssl_get_min_max_version(s, &min_version, &max_version, NULL);
+        if (reason != 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_EXTENSIONS,
+                     reason);
+            return 0;
+        }
+    }
+
+    /* Add custom extensions first */
+    if ((context & SSL_EXT_CLIENT_HELLO) != 0) {
+        /* On the server side with initialise during ClientHello parsing */
+        custom_ext_init(&s->cert->custext);
+    }
+    if (!custom_ext_add(s, context, pkt, x, chainidx, max_version)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    for (i = 0, thisexd = ext_defs; i < OSSL_NELEM(ext_defs); i++, thisexd++) {
+        EXT_RETURN (*construct)(SSL *s, WPACKET *pkt, unsigned int context,
+                                X509 *x, size_t chainidx);
+        EXT_RETURN ret;
+
+        /* Skip if not relevant for our context */
+        if (!should_add_extension(s, thisexd->context, context, max_version))
+            continue;
+
+        construct = s->server ? thisexd->construct_stoc
+                              : thisexd->construct_ctos;
+
+        if (construct == NULL)
+            continue;
+
+        ret = construct(s, pkt, context, x, chainidx);
+        if (ret == EXT_RETURN_FAIL) {
+            /* SSLfatal() already called */
+            return 0;
+        }
+        if (ret == EXT_RETURN_SENT
+                && (context & (SSL_EXT_CLIENT_HELLO
+                               | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST
+                               | SSL_EXT_TLS1_3_NEW_SESSION_TICKET)) != 0)
+            s->ext.extflags[i] |= SSL_EXT_FLAG_SENT;
+    }
+
+    if (!WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_EXTENSIONS,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    return 1;
+}
+
+/*
+ * Built in extension finalisation and initialisation functions. All initialise
+ * or finalise the associated extension type for the given |context|. For
+ * finalisers |sent| is set to 1 if we saw the extension during parsing, and 0
+ * otherwise. These functions return 1 on success or 0 on failure.
+ */
+
+static int final_renegotiate(SSL *s, unsigned int context, int sent)
+{
+    if (!s->server) {
+        /*
+         * Check if we can connect to a server that doesn't support safe
+         * renegotiation
+         */
+        if (!(s->options & SSL_OP_LEGACY_SERVER_CONNECT)
+                && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)
+                && !sent) {
+            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_FINAL_RENEGOTIATE,
+                     SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
+            return 0;
+        }
+
+        return 1;
+    }
+
+    /* Need RI if renegotiating */
+    if (s->renegotiate
+            && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)
+            && !sent) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_FINAL_RENEGOTIATE,
+                 SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
+        return 0;
+    }
+
+
+    return 1;
+}
+
+static int init_server_name(SSL *s, unsigned int context)
+{
+    if (s->server) {
+        s->servername_done = 0;
+
+        OPENSSL_free(s->ext.hostname);
+        s->ext.hostname = NULL;
+    }
+
+    return 1;
+}
+
+static int final_server_name(SSL *s, unsigned int context, int sent)
+{
+    int ret = SSL_TLSEXT_ERR_NOACK;
+    int altmp = SSL_AD_UNRECOGNIZED_NAME;
+    int was_ticket = (SSL_get_options(s) & SSL_OP_NO_TICKET) == 0;
+
+    if (!ossl_assert(s->ctx != NULL) || !ossl_assert(s->session_ctx != NULL)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_FINAL_SERVER_NAME,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    if (s->ctx->ext.servername_cb != NULL)
+        ret = s->ctx->ext.servername_cb(s, &altmp,
+                                        s->ctx->ext.servername_arg);
+    else if (s->session_ctx->ext.servername_cb != NULL)
+        ret = s->session_ctx->ext.servername_cb(s, &altmp,
+                                       s->session_ctx->ext.servername_arg);
+
+    /*
+     * For servers, propagate the SNI hostname from the temporary
+     * storage in the SSL to the persistent SSL_SESSION, now that we
+     * know we accepted it.
+     * Clients make this copy when parsing the server's response to
+     * the extension, which is when they find out that the negotiation
+     * was successful.
+     */
+    if (s->server) {
+        /* TODO(OpenSSL1.2) revisit !sent case */
+        if (sent && ret == SSL_TLSEXT_ERR_OK && (!s->hit || SSL_IS_TLS13(s))) {
+            /* Only store the hostname in the session if we accepted it. */
+            OPENSSL_free(s->session->ext.hostname);
+            s->session->ext.hostname = OPENSSL_strdup(s->ext.hostname);
+            if (s->session->ext.hostname == NULL && s->ext.hostname != NULL) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_FINAL_SERVER_NAME,
+                         ERR_R_INTERNAL_ERROR);
+            }
+        }
+    }
+
+    /*
+     * If we switched contexts (whether here or in the client_hello callback),
+     * move the sess_accept increment from the session_ctx to the new
+     * context, to avoid the confusing situation of having sess_accept_good
+     * exceed sess_accept (zero) for the new context.
+     */
+    if (SSL_IS_FIRST_HANDSHAKE(s) && s->ctx != s->session_ctx) {
+        tsan_counter(&s->ctx->stats.sess_accept);
+        tsan_decr(&s->session_ctx->stats.sess_accept);
+    }
+
+    /*
+     * If we're expecting to send a ticket, and tickets were previously enabled,
+     * and now tickets are disabled, then turn off expected ticket.
+     * Also, if this is not a resumption, create a new session ID
+     */
+    if (ret == SSL_TLSEXT_ERR_OK && s->ext.ticket_expected
+            && was_ticket && (SSL_get_options(s) & SSL_OP_NO_TICKET) != 0) {
+        s->ext.ticket_expected = 0;
+        if (!s->hit) {
+            SSL_SESSION* ss = SSL_get_session(s);
+
+            if (ss != NULL) {
+                OPENSSL_free(ss->ext.tick);
+                ss->ext.tick = NULL;
+                ss->ext.ticklen = 0;
+                ss->ext.tick_lifetime_hint = 0;
+                ss->ext.tick_age_add = 0;
+                ss->ext.tick_identity = 0;
+                if (!ssl_generate_session_id(s, ss)) {
+                    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_FINAL_SERVER_NAME,
+                             ERR_R_INTERNAL_ERROR);
+                    return 0;
+                }
+            } else {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_FINAL_SERVER_NAME,
+                         ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+        }
+    }
+
+    switch (ret) {
+    case SSL_TLSEXT_ERR_ALERT_FATAL:
+        SSLfatal(s, altmp, SSL_F_FINAL_SERVER_NAME, SSL_R_CALLBACK_FAILED);
+        return 0;
+
+    case SSL_TLSEXT_ERR_ALERT_WARNING:
+        /* TLSv1.3 doesn't have warning alerts so we suppress this */
+        if (!SSL_IS_TLS13(s))
+            ssl3_send_alert(s, SSL3_AL_WARNING, altmp);
+        return 1;
+
+    case SSL_TLSEXT_ERR_NOACK:
+        s->servername_done = 0;
+        return 1;
+
+    default:
+        return 1;
+    }
+}
+
+#ifndef OPENSSL_NO_EC
+static int final_ec_pt_formats(SSL *s, unsigned int context, int sent)
+{
+    unsigned long alg_k, alg_a;
+
+    if (s->server)
+        return 1;
+
+    alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+    alg_a = s->s3->tmp.new_cipher->algorithm_auth;
+
+    /*
+     * If we are client and using an elliptic curve cryptography cipher
+     * suite, then if server returns an EC point formats lists extension it
+     * must contain uncompressed.
+     */
+    if (s->ext.ecpointformats != NULL
+            && s->ext.ecpointformats_len > 0
+            && s->session->ext.ecpointformats != NULL
+            && s->session->ext.ecpointformats_len > 0
+            && ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA))) {
+        /* we are using an ECC cipher */
+        size_t i;
+        unsigned char *list = s->session->ext.ecpointformats;
+
+        for (i = 0; i < s->session->ext.ecpointformats_len; i++) {
+            if (*list++ == TLSEXT_ECPOINTFORMAT_uncompressed)
+                break;
+        }
+        if (i == s->session->ext.ecpointformats_len) {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_FINAL_EC_PT_FORMATS,
+                     SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST);
+            return 0;
+        }
+    }
+
+    return 1;
+}
+#endif
+
+static int init_session_ticket(SSL *s, unsigned int context)
+{
+    if (!s->server)
+        s->ext.ticket_expected = 0;
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_OCSP
+static int init_status_request(SSL *s, unsigned int context)
+{
+    if (s->server) {
+        s->ext.status_type = TLSEXT_STATUSTYPE_nothing;
+    } else {
+        /*
+         * Ensure we get sensible values passed to tlsext_status_cb in the event
+         * that we don't receive a status message
+         */
+        OPENSSL_free(s->ext.ocsp.resp);
+        s->ext.ocsp.resp = NULL;
+        s->ext.ocsp.resp_len = 0;
+    }
+
+    return 1;
+}
+#endif
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+static int init_npn(SSL *s, unsigned int context)
+{
+    s->s3->npn_seen = 0;
+
+    return 1;
+}
+#endif
+
+static int init_alpn(SSL *s, unsigned int context)
+{
+    OPENSSL_free(s->s3->alpn_selected);
+    s->s3->alpn_selected = NULL;
+    s->s3->alpn_selected_len = 0;
+    if (s->server) {
+        OPENSSL_free(s->s3->alpn_proposed);
+        s->s3->alpn_proposed = NULL;
+        s->s3->alpn_proposed_len = 0;
+    }
+    return 1;
+}
+
+static int final_alpn(SSL *s, unsigned int context, int sent)
+{
+    if (!s->server && !sent && s->session->ext.alpn_selected != NULL)
+            s->ext.early_data_ok = 0;
+
+    if (!s->server || !SSL_IS_TLS13(s))
+        return 1;
+
+    /*
+     * Call alpn_select callback if needed.  Has to be done after SNI and
+     * cipher negotiation (HTTP/2 restricts permitted ciphers). In TLSv1.3
+     * we also have to do this before we decide whether to accept early_data.
+     * In TLSv1.3 we've already negotiated our cipher so we do this call now.
+     * For < TLSv1.3 we defer it until after cipher negotiation.
+     *
+     * On failure SSLfatal() already called.
+     */
+    return tls_handle_alpn(s);
+}
+
+static int init_sig_algs(SSL *s, unsigned int context)
+{
+    /* Clear any signature algorithms extension received */
+    OPENSSL_free(s->s3->tmp.peer_sigalgs);
+    s->s3->tmp.peer_sigalgs = NULL;
+
+    return 1;
+}
+
+static int init_sig_algs_cert(SSL *s, unsigned int context)
+{
+    /* Clear any signature algorithms extension received */
+    OPENSSL_free(s->s3->tmp.peer_cert_sigalgs);
+    s->s3->tmp.peer_cert_sigalgs = NULL;
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_SRP
+static int init_srp(SSL *s, unsigned int context)
+{
+    OPENSSL_free(s->srp_ctx.login);
+    s->srp_ctx.login = NULL;
+
+    return 1;
+}
+#endif
+
+static int init_etm(SSL *s, unsigned int context)
+{
+    s->ext.use_etm = 0;
+
+    return 1;
+}
+
+static int init_ems(SSL *s, unsigned int context)
+{
+    if (!s->server)
+        s->s3->flags &= ~TLS1_FLAGS_RECEIVED_EXTMS;
+
+    return 1;
+}
+
+static int final_ems(SSL *s, unsigned int context, int sent)
+{
+    if (!s->server && s->hit) {
+        /*
+         * Check extended master secret extension is consistent with
+         * original session.
+         */
+        if (!(s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) !=
+            !(s->session->flags & SSL_SESS_FLAG_EXTMS)) {
+            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_FINAL_EMS,
+                     SSL_R_INCONSISTENT_EXTMS);
+            return 0;
+        }
+    }
+
+    return 1;
+}
+
+static int init_certificate_authorities(SSL *s, unsigned int context)
+{
+    sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
+    s->s3->tmp.peer_ca_names = NULL;
+    return 1;
+}
+
+static EXT_RETURN tls_construct_certificate_authorities(SSL *s, WPACKET *pkt,
+                                                        unsigned int context,
+                                                        X509 *x,
+                                                        size_t chainidx)
+{
+    const STACK_OF(X509_NAME) *ca_sk = get_ca_names(s);
+
+    if (ca_sk == NULL || sk_X509_NAME_num(ca_sk) == 0)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_certificate_authorities)
+        || !WPACKET_start_sub_packet_u16(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CERTIFICATE_AUTHORITIES,
+               ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    if (!construct_ca_names(s, ca_sk, pkt)) {
+        /* SSLfatal() already called */
+        return EXT_RETURN_FAIL;
+    }
+
+    if (!WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CERTIFICATE_AUTHORITIES,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+static int tls_parse_certificate_authorities(SSL *s, PACKET *pkt,
+                                             unsigned int context, X509 *x,
+                                             size_t chainidx)
+{
+    if (!parse_ca_names(s, pkt))
+        return 0;
+    if (PACKET_remaining(pkt) != 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_PARSE_CERTIFICATE_AUTHORITIES, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+    return 1;
+}
+
+#ifndef OPENSSL_NO_SRTP
+static int init_srtp(SSL *s, unsigned int context)
+{
+    if (s->server)
+        s->srtp_profile = NULL;
+
+    return 1;
+}
+#endif
+
+static int final_sig_algs(SSL *s, unsigned int context, int sent)
+{
+    if (!sent && SSL_IS_TLS13(s) && !s->hit) {
+        SSLfatal(s, TLS13_AD_MISSING_EXTENSION, SSL_F_FINAL_SIG_ALGS,
+                 SSL_R_MISSING_SIGALGS_EXTENSION);
+        return 0;
+    }
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_EC
+static int final_key_share(SSL *s, unsigned int context, int sent)
+{
+    if (!SSL_IS_TLS13(s))
+        return 1;
+
+    /* Nothing to do for key_share in an HRR */
+    if ((context & SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST) != 0)
+        return 1;
+
+    /*
+     * If
+     *     we are a client
+     *     AND
+     *     we have no key_share
+     *     AND
+     *     (we are not resuming
+     *      OR the kex_mode doesn't allow non key_share resumes)
+     * THEN
+     *     fail;
+     */
+    if (!s->server
+            && !sent
+            && (!s->hit
+                || (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE) == 0)) {
+        /* Nothing left we can do - just fail */
+        SSLfatal(s, SSL_AD_MISSING_EXTENSION, SSL_F_FINAL_KEY_SHARE,
+                 SSL_R_NO_SUITABLE_KEY_SHARE);
+        return 0;
+    }
+    /*
+     * IF
+     *     we are a server
+     * THEN
+     *     IF
+     *         we have a suitable key_share
+     *     THEN
+     *         IF
+     *             we are stateless AND we have no cookie
+     *         THEN
+     *             send a HelloRetryRequest
+     *     ELSE
+     *         IF
+     *             we didn't already send a HelloRetryRequest
+     *             AND
+     *             the client sent a key_share extension
+     *             AND
+     *             (we are not resuming
+     *              OR the kex_mode allows key_share resumes)
+     *             AND
+     *             a shared group exists
+     *         THEN
+     *             send a HelloRetryRequest
+     *         ELSE IF
+     *             we are not resuming
+     *             OR
+     *             the kex_mode doesn't allow non key_share resumes
+     *         THEN
+     *             fail
+     *         ELSE IF
+     *             we are stateless AND we have no cookie
+     *         THEN
+     *             send a HelloRetryRequest
+     */
+    if (s->server) {
+        if (s->s3->peer_tmp != NULL) {
+            /* We have a suitable key_share */
+            if ((s->s3->flags & TLS1_FLAGS_STATELESS) != 0
+                    && !s->ext.cookieok) {
+                if (!ossl_assert(s->hello_retry_request == SSL_HRR_NONE)) {
+                    /*
+                     * If we are stateless then we wouldn't know about any
+                     * previously sent HRR - so how can this be anything other
+                     * than 0?
+                     */
+                    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_FINAL_KEY_SHARE,
+                             ERR_R_INTERNAL_ERROR);
+                    return 0;
+                }
+                s->hello_retry_request = SSL_HRR_PENDING;
+                return 1;
+            }
+        } else {
+            /* No suitable key_share */
+            if (s->hello_retry_request == SSL_HRR_NONE && sent
+                    && (!s->hit
+                        || (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE_DHE)
+                           != 0)) {
+                const uint16_t *pgroups, *clntgroups;
+                size_t num_groups, clnt_num_groups, i;
+                unsigned int group_id = 0;
+
+                /* Check if a shared group exists */
+
+                /* Get the clients list of supported groups. */
+                tls1_get_peer_groups(s, &clntgroups, &clnt_num_groups);
+                tls1_get_supported_groups(s, &pgroups, &num_groups);
+
+                /*
+                 * Find the first group we allow that is also in client's list
+                 */
+                for (i = 0; i < num_groups; i++) {
+                    group_id = pgroups[i];
+
+                    if (check_in_list(s, group_id, clntgroups, clnt_num_groups,
+                                      1))
+                        break;
+                }
+
+                if (i < num_groups) {
+                    /* A shared group exists so send a HelloRetryRequest */
+                    s->s3->group_id = group_id;
+                    s->hello_retry_request = SSL_HRR_PENDING;
+                    return 1;
+                }
+            }
+            if (!s->hit
+                    || (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE) == 0) {
+                /* Nothing left we can do - just fail */
+                SSLfatal(s, sent ? SSL_AD_HANDSHAKE_FAILURE
+                                 : SSL_AD_MISSING_EXTENSION,
+                         SSL_F_FINAL_KEY_SHARE, SSL_R_NO_SUITABLE_KEY_SHARE);
+                return 0;
+            }
+
+            if ((s->s3->flags & TLS1_FLAGS_STATELESS) != 0
+                    && !s->ext.cookieok) {
+                if (!ossl_assert(s->hello_retry_request == SSL_HRR_NONE)) {
+                    /*
+                     * If we are stateless then we wouldn't know about any
+                     * previously sent HRR - so how can this be anything other
+                     * than 0?
+                     */
+                    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_FINAL_KEY_SHARE,
+                             ERR_R_INTERNAL_ERROR);
+                    return 0;
+                }
+                s->hello_retry_request = SSL_HRR_PENDING;
+                return 1;
+            }
+        }
+
+        /*
+         * We have a key_share so don't send any more HelloRetryRequest
+         * messages
+         */
+        if (s->hello_retry_request == SSL_HRR_PENDING)
+            s->hello_retry_request = SSL_HRR_COMPLETE;
+    } else {
+        /*
+         * For a client side resumption with no key_share we need to generate
+         * the handshake secret (otherwise this is done during key_share
+         * processing).
+         */
+        if (!sent && !tls13_generate_handshake_secret(s, NULL, 0)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_FINAL_KEY_SHARE,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+    }
+
+    return 1;
+}
+#endif
+
+static int init_psk_kex_modes(SSL *s, unsigned int context)
+{
+    s->ext.psk_kex_mode = TLSEXT_KEX_MODE_FLAG_NONE;
+    return 1;
+}
+
+int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart,
+                      size_t binderoffset, const unsigned char *binderin,
+                      unsigned char *binderout, SSL_SESSION *sess, int sign,
+                      int external)
+{
+    EVP_PKEY *mackey = NULL;
+    EVP_MD_CTX *mctx = NULL;
+    unsigned char hash[EVP_MAX_MD_SIZE], binderkey[EVP_MAX_MD_SIZE];
+    unsigned char finishedkey[EVP_MAX_MD_SIZE], tmpbinder[EVP_MAX_MD_SIZE];
+    unsigned char *early_secret;
+    static const unsigned char resumption_label[] = "res binder";
+    static const unsigned char external_label[] = "ext binder";
+    const unsigned char *label;
+    size_t bindersize, labelsize, hashsize;
+    int hashsizei = EVP_MD_size(md);
+    int ret = -1;
+    int usepskfored = 0;
+
+    /* Ensure cast to size_t is safe */
+    if (!ossl_assert(hashsizei >= 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    hashsize = (size_t)hashsizei;
+
+    if (external
+            && s->early_data_state == SSL_EARLY_DATA_CONNECTING
+            && s->session->ext.max_early_data == 0
+            && sess->ext.max_early_data > 0)
+        usepskfored = 1;
+
+    if (external) {
+        label = external_label;
+        labelsize = sizeof(external_label) - 1;
+    } else {
+        label = resumption_label;
+        labelsize = sizeof(resumption_label) - 1;
+    }
+
+    /*
+     * Generate the early_secret. On the server side we've selected a PSK to
+     * resume with (internal or external) so we always do this. On the client
+     * side we do this for a non-external (i.e. resumption) PSK or external PSK
+     * that will be used for early_data so that it is in place for sending early
+     * data. For client side external PSK not being used for early_data we
+     * generate it but store it away for later use.
+     */
+    if (s->server || !external || usepskfored)
+        early_secret = (unsigned char *)s->early_secret;
+    else
+        early_secret = (unsigned char *)sess->early_secret;
+
+    if (!tls13_generate_secret(s, md, NULL, sess->master_key,
+                               sess->master_key_length, early_secret)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    /*
+     * Create the handshake hash for the binder key...the messages so far are
+     * empty!
+     */
+    mctx = EVP_MD_CTX_new();
+    if (mctx == NULL
+            || EVP_DigestInit_ex(mctx, md, NULL) <= 0
+            || EVP_DigestFinal_ex(mctx, hash, NULL) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    /* Generate the binder key */
+    if (!tls13_hkdf_expand(s, md, early_secret, label, labelsize, hash,
+                           hashsize, binderkey, hashsize, 1)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    /* Generate the finished key */
+    if (!tls13_derive_finishedkey(s, md, binderkey, finishedkey, hashsize)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    if (EVP_DigestInit_ex(mctx, md, NULL) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    /*
+     * Get a hash of the ClientHello up to the start of the binders. If we are
+     * following a HelloRetryRequest then this includes the hash of the first
+     * ClientHello and the HelloRetryRequest itself.
+     */
+    if (s->hello_retry_request == SSL_HRR_PENDING) {
+        size_t hdatalen;
+        long hdatalen_l;
+        void *hdata;
+
+        hdatalen = hdatalen_l =
+            BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
+        if (hdatalen_l <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
+                     SSL_R_BAD_HANDSHAKE_LENGTH);
+            goto err;
+        }
+
+        /*
+         * For servers the handshake buffer data will include the second
+         * ClientHello - which we don't want - so we need to take that bit off.
+         */
+        if (s->server) {
+            PACKET hashprefix, msg;
+
+            /* Find how many bytes are left after the first two messages */
+            if (!PACKET_buf_init(&hashprefix, hdata, hdatalen)
+                    || !PACKET_forward(&hashprefix, 1)
+                    || !PACKET_get_length_prefixed_3(&hashprefix, &msg)
+                    || !PACKET_forward(&hashprefix, 1)
+                    || !PACKET_get_length_prefixed_3(&hashprefix, &msg)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
+                         ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            hdatalen -= PACKET_remaining(&hashprefix);
+        }
+
+        if (EVP_DigestUpdate(mctx, hdata, hdatalen) <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+    }
+
+    if (EVP_DigestUpdate(mctx, msgstart, binderoffset) <= 0
+            || EVP_DigestFinal_ex(mctx, hash, NULL) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    mackey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, finishedkey,
+                                          hashsize);
+    if (mackey == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    if (!sign)
+        binderout = tmpbinder;
+
+    bindersize = hashsize;
+    if (EVP_DigestSignInit(mctx, NULL, md, NULL, mackey) <= 0
+            || EVP_DigestSignUpdate(mctx, hash, hashsize) <= 0
+            || EVP_DigestSignFinal(mctx, binderout, &bindersize) <= 0
+            || bindersize != hashsize) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    if (sign) {
+        ret = 1;
+    } else {
+        /* HMAC keys can't do EVP_DigestVerify* - use CRYPTO_memcmp instead */
+        ret = (CRYPTO_memcmp(binderin, binderout, hashsize) == 0);
+        if (!ret)
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PSK_DO_BINDER,
+                     SSL_R_BINDER_DOES_NOT_VERIFY);
+    }
+
+ err:
+    OPENSSL_cleanse(binderkey, sizeof(binderkey));
+    OPENSSL_cleanse(finishedkey, sizeof(finishedkey));
+    EVP_PKEY_free(mackey);
+    EVP_MD_CTX_free(mctx);
+
+    return ret;
+}
+
+static int final_early_data(SSL *s, unsigned int context, int sent)
+{
+    if (!sent)
+        return 1;
+
+    if (!s->server) {
+        if (context == SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS
+                && sent
+                && !s->ext.early_data_ok) {
+            /*
+             * If we get here then the server accepted our early_data but we
+             * later realised that it shouldn't have done (e.g. inconsistent
+             * ALPN)
+             */
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_FINAL_EARLY_DATA,
+                     SSL_R_BAD_EARLY_DATA);
+            return 0;
+        }
+
+        return 1;
+    }
+
+    if (s->max_early_data == 0
+            || !s->hit
+            || s->session->ext.tick_identity != 0
+            || s->early_data_state != SSL_EARLY_DATA_ACCEPTING
+            || !s->ext.early_data_ok
+            || s->hello_retry_request != SSL_HRR_NONE
+            || (s->ctx->allow_early_data_cb != NULL
+                && !s->ctx->allow_early_data_cb(s,
+                                         s->ctx->allow_early_data_cb_data))) {
+        s->ext.early_data = SSL_EARLY_DATA_REJECTED;
+    } else {
+        s->ext.early_data = SSL_EARLY_DATA_ACCEPTED;
+
+        if (!tls13_change_cipher_state(s,
+                    SSL3_CC_EARLY | SSL3_CHANGE_CIPHER_SERVER_READ)) {
+            /* SSLfatal() already called */
+            return 0;
+        }
+    }
+
+    return 1;
+}
+
+static int final_maxfragmentlen(SSL *s, unsigned int context, int sent)
+{
+    /*
+     * Session resumption on server-side with MFL extension active
+     *  BUT MFL extension packet was not resent (i.e. sent == 0)
+     */
+    if (s->server && s->hit && USE_MAX_FRAGMENT_LENGTH_EXT(s->session)
+            && !sent ) {
+        SSLfatal(s, SSL_AD_MISSING_EXTENSION, SSL_F_FINAL_MAXFRAGMENTLEN,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    /* Current SSL buffer is lower than requested MFL */
+    if (s->session && USE_MAX_FRAGMENT_LENGTH_EXT(s->session)
+            && s->max_send_fragment < GET_MAX_FRAGMENT_LENGTH(s->session))
+        /* trigger a larger buffer reallocation */
+        if (!ssl3_setup_buffers(s)) {
+            /* SSLfatal() already called */
+            return 0;
+        }
+
+    return 1;
+}
+
+static int init_post_handshake_auth(SSL *s, unsigned int context)
+{
+    s->post_handshake_auth = SSL_PHA_NONE;
+
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/statem/extensions_clnt.c b/trunk/3rdparty/openssl-1.1-fit/ssl/statem/extensions_clnt.c
new file mode 100644
index 000000000..ab4dbf671
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/statem/extensions_clnt.c
@@ -0,0 +1,1991 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/ocsp.h>
+#include "../ssl_locl.h"
+#include "internal/cryptlib.h"
+#include "statem_locl.h"
+
+EXT_RETURN tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt,
+                                          unsigned int context, X509 *x,
+                                          size_t chainidx)
+{
+    /* Add RI if renegotiating */
+    if (!s->renegotiate)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_renegotiate)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_sub_memcpy_u8(pkt, s->s3->previous_client_finished,
+                               s->s3->previous_client_finished_len)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+EXT_RETURN tls_construct_ctos_server_name(SSL *s, WPACKET *pkt,
+                                          unsigned int context, X509 *x,
+                                          size_t chainidx)
+{
+    if (s->ext.hostname == NULL)
+        return EXT_RETURN_NOT_SENT;
+
+    /* Add TLS extension servername to the Client Hello message */
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_server_name)
+               /* Sub-packet for server_name extension */
+            || !WPACKET_start_sub_packet_u16(pkt)
+               /* Sub-packet for servername list (always 1 hostname)*/
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_put_bytes_u8(pkt, TLSEXT_NAMETYPE_host_name)
+            || !WPACKET_sub_memcpy_u16(pkt, s->ext.hostname,
+                                       strlen(s->ext.hostname))
+            || !WPACKET_close(pkt)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_SERVER_NAME,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+/* Push a Max Fragment Len extension into ClientHello */
+EXT_RETURN tls_construct_ctos_maxfragmentlen(SSL *s, WPACKET *pkt,
+                                             unsigned int context, X509 *x,
+                                             size_t chainidx)
+{
+    if (s->ext.max_fragment_len_mode == TLSEXT_max_fragment_length_DISABLED)
+        return EXT_RETURN_NOT_SENT;
+
+    /* Add Max Fragment Length extension if client enabled it. */
+    /*-
+     * 4 bytes for this extension type and extension length
+     * 1 byte for the Max Fragment Length code value.
+     */
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_max_fragment_length)
+            /* Sub-packet for Max Fragment Length extension (1 byte) */
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_put_bytes_u8(pkt, s->ext.max_fragment_len_mode)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CTOS_MAXFRAGMENTLEN, ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+#ifndef OPENSSL_NO_SRP
+EXT_RETURN tls_construct_ctos_srp(SSL *s, WPACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx)
+{
+    /* Add SRP username if there is one */
+    if (s->srp_ctx.login == NULL)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_srp)
+               /* Sub-packet for SRP extension */
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_start_sub_packet_u8(pkt)
+               /* login must not be zero...internal error if so */
+            || !WPACKET_set_flags(pkt, WPACKET_FLAGS_NON_ZERO_LENGTH)
+            || !WPACKET_memcpy(pkt, s->srp_ctx.login,
+                               strlen(s->srp_ctx.login))
+            || !WPACKET_close(pkt)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_SRP,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+#endif
+
+#ifndef OPENSSL_NO_EC
+static int use_ecc(SSL *s)
+{
+    int i, end, ret = 0;
+    unsigned long alg_k, alg_a;
+    STACK_OF(SSL_CIPHER) *cipher_stack = NULL;
+
+    /* See if we support any ECC ciphersuites */
+    if (s->version == SSL3_VERSION)
+        return 0;
+
+    cipher_stack = SSL_get1_supported_ciphers(s);
+    end = sk_SSL_CIPHER_num(cipher_stack);
+    for (i = 0; i < end; i++) {
+        const SSL_CIPHER *c = sk_SSL_CIPHER_value(cipher_stack, i);
+
+        alg_k = c->algorithm_mkey;
+        alg_a = c->algorithm_auth;
+        if ((alg_k & (SSL_kECDHE | SSL_kECDHEPSK))
+                || (alg_a & SSL_aECDSA)
+                || c->min_tls >= TLS1_3_VERSION) {
+            ret = 1;
+            break;
+        }
+    }
+
+    sk_SSL_CIPHER_free(cipher_stack);
+    return ret;
+}
+
+EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt,
+                                            unsigned int context, X509 *x,
+                                            size_t chainidx)
+{
+    const unsigned char *pformats;
+    size_t num_formats;
+
+    if (!use_ecc(s))
+        return EXT_RETURN_NOT_SENT;
+
+    /* Add TLS extension ECPointFormats to the ClientHello message */
+    tls1_get_formatlist(s, &pformats, &num_formats);
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_ec_point_formats)
+               /* Sub-packet for formats extension */
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_sub_memcpy_u8(pkt, pformats, num_formats)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CTOS_EC_PT_FORMATS, ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt,
+                                               unsigned int context, X509 *x,
+                                               size_t chainidx)
+{
+    const uint16_t *pgroups = NULL;
+    size_t num_groups = 0, i;
+
+    if (!use_ecc(s))
+        return EXT_RETURN_NOT_SENT;
+
+    /*
+     * Add TLS extension supported_groups to the ClientHello message
+     */
+    /* TODO(TLS1.3): Add support for DHE groups */
+    tls1_get_supported_groups(s, &pgroups, &num_groups);
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_groups)
+               /* Sub-packet for supported_groups extension */
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_start_sub_packet_u16(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+    /* Copy curve ID if supported */
+    for (i = 0; i < num_groups; i++) {
+        uint16_t ctmp = pgroups[i];
+
+        if (tls_curve_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED)) {
+            if (!WPACKET_put_bytes_u16(pkt, ctmp)) {
+                    SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                             SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS,
+                             ERR_R_INTERNAL_ERROR);
+                    return EXT_RETURN_FAIL;
+                }
+        }
+    }
+    if (!WPACKET_close(pkt) || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+#endif
+
+EXT_RETURN tls_construct_ctos_session_ticket(SSL *s, WPACKET *pkt,
+                                             unsigned int context, X509 *x,
+                                             size_t chainidx)
+{
+    size_t ticklen;
+
+    if (!tls_use_ticket(s))
+        return EXT_RETURN_NOT_SENT;
+
+    if (!s->new_session && s->session != NULL
+            && s->session->ext.tick != NULL
+            && s->session->ssl_version != TLS1_3_VERSION) {
+        ticklen = s->session->ext.ticklen;
+    } else if (s->session && s->ext.session_ticket != NULL
+               && s->ext.session_ticket->data != NULL) {
+        ticklen = s->ext.session_ticket->length;
+        s->session->ext.tick = OPENSSL_malloc(ticklen);
+        if (s->session->ext.tick == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_CTOS_SESSION_TICKET,
+                     ERR_R_INTERNAL_ERROR);
+            return EXT_RETURN_FAIL;
+        }
+        memcpy(s->session->ext.tick,
+               s->ext.session_ticket->data, ticklen);
+        s->session->ext.ticklen = ticklen;
+    } else {
+        ticklen = 0;
+    }
+
+    if (ticklen == 0 && s->ext.session_ticket != NULL &&
+            s->ext.session_ticket->data == NULL)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_session_ticket)
+            || !WPACKET_sub_memcpy_u16(pkt, s->session->ext.tick, ticklen)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CTOS_SESSION_TICKET, ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+EXT_RETURN tls_construct_ctos_sig_algs(SSL *s, WPACKET *pkt,
+                                       unsigned int context, X509 *x,
+                                       size_t chainidx)
+{
+    size_t salglen;
+    const uint16_t *salg;
+
+    if (!SSL_CLIENT_USE_SIGALGS(s))
+        return EXT_RETURN_NOT_SENT;
+
+    salglen = tls12_get_psigalgs(s, 1, &salg);
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_signature_algorithms)
+               /* Sub-packet for sig-algs extension */
+            || !WPACKET_start_sub_packet_u16(pkt)
+               /* Sub-packet for the actual list */
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !tls12_copy_sigalgs(s, pkt, salg, salglen)
+            || !WPACKET_close(pkt)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_SIG_ALGS,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+#ifndef OPENSSL_NO_OCSP
+EXT_RETURN tls_construct_ctos_status_request(SSL *s, WPACKET *pkt,
+                                             unsigned int context, X509 *x,
+                                             size_t chainidx)
+{
+    int i;
+
+    /* This extension isn't defined for client Certificates */
+    if (x != NULL)
+        return EXT_RETURN_NOT_SENT;
+
+    if (s->ext.status_type != TLSEXT_STATUSTYPE_ocsp)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_status_request)
+               /* Sub-packet for status request extension */
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_put_bytes_u8(pkt, TLSEXT_STATUSTYPE_ocsp)
+               /* Sub-packet for the ids */
+            || !WPACKET_start_sub_packet_u16(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST, ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+    for (i = 0; i < sk_OCSP_RESPID_num(s->ext.ocsp.ids); i++) {
+        unsigned char *idbytes;
+        OCSP_RESPID *id = sk_OCSP_RESPID_value(s->ext.ocsp.ids, i);
+        int idlen = i2d_OCSP_RESPID(id, NULL);
+
+        if (idlen <= 0
+                   /* Sub-packet for an individual id */
+                || !WPACKET_sub_allocate_bytes_u16(pkt, idlen, &idbytes)
+                || i2d_OCSP_RESPID(id, &idbytes) != idlen) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST,
+                     ERR_R_INTERNAL_ERROR);
+            return EXT_RETURN_FAIL;
+        }
+    }
+    if (!WPACKET_close(pkt)
+            || !WPACKET_start_sub_packet_u16(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST, ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+    if (s->ext.ocsp.exts) {
+        unsigned char *extbytes;
+        int extlen = i2d_X509_EXTENSIONS(s->ext.ocsp.exts, NULL);
+
+        if (extlen < 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST,
+                     ERR_R_INTERNAL_ERROR);
+            return EXT_RETURN_FAIL;
+        }
+        if (!WPACKET_allocate_bytes(pkt, extlen, &extbytes)
+                || i2d_X509_EXTENSIONS(s->ext.ocsp.exts, &extbytes)
+                   != extlen) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST,
+                     ERR_R_INTERNAL_ERROR);
+            return EXT_RETURN_FAIL;
+       }
+    }
+    if (!WPACKET_close(pkt) || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST, ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+#endif
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+EXT_RETURN tls_construct_ctos_npn(SSL *s, WPACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx)
+{
+    if (s->ctx->ext.npn_select_cb == NULL || !SSL_IS_FIRST_HANDSHAKE(s))
+        return EXT_RETURN_NOT_SENT;
+
+    /*
+     * The client advertises an empty extension to indicate its support
+     * for Next Protocol Negotiation
+     */
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_next_proto_neg)
+            || !WPACKET_put_bytes_u16(pkt, 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_NPN,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+#endif
+
+EXT_RETURN tls_construct_ctos_alpn(SSL *s, WPACKET *pkt, unsigned int context,
+                                   X509 *x, size_t chainidx)
+{
+    s->s3->alpn_sent = 0;
+
+    if (s->ext.alpn == NULL || !SSL_IS_FIRST_HANDSHAKE(s))
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt,
+                TLSEXT_TYPE_application_layer_protocol_negotiation)
+               /* Sub-packet ALPN extension */
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_sub_memcpy_u16(pkt, s->ext.alpn, s->ext.alpn_len)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_ALPN,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+    s->s3->alpn_sent = 1;
+
+    return EXT_RETURN_SENT;
+}
+
+
+#ifndef OPENSSL_NO_SRTP
+EXT_RETURN tls_construct_ctos_use_srtp(SSL *s, WPACKET *pkt,
+                                       unsigned int context, X509 *x,
+                                       size_t chainidx)
+{
+    STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = SSL_get_srtp_profiles(s);
+    int i, end;
+
+    if (clnt == NULL)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_use_srtp)
+               /* Sub-packet for SRTP extension */
+            || !WPACKET_start_sub_packet_u16(pkt)
+               /* Sub-packet for the protection profile list */
+            || !WPACKET_start_sub_packet_u16(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_USE_SRTP,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    end = sk_SRTP_PROTECTION_PROFILE_num(clnt);
+    for (i = 0; i < end; i++) {
+        const SRTP_PROTECTION_PROFILE *prof =
+            sk_SRTP_PROTECTION_PROFILE_value(clnt, i);
+
+        if (prof == NULL || !WPACKET_put_bytes_u16(pkt, prof->id)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_CTOS_USE_SRTP, ERR_R_INTERNAL_ERROR);
+            return EXT_RETURN_FAIL;
+        }
+    }
+    if (!WPACKET_close(pkt)
+               /* Add an empty use_mki value */
+            || !WPACKET_put_bytes_u8(pkt, 0)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_USE_SRTP,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+#endif
+
+EXT_RETURN tls_construct_ctos_etm(SSL *s, WPACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx)
+{
+    if (s->options & SSL_OP_NO_ENCRYPT_THEN_MAC)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_encrypt_then_mac)
+            || !WPACKET_put_bytes_u16(pkt, 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_ETM,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+#ifndef OPENSSL_NO_CT
+EXT_RETURN tls_construct_ctos_sct(SSL *s, WPACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx)
+{
+    if (s->ct_validation_callback == NULL)
+        return EXT_RETURN_NOT_SENT;
+
+    /* Not defined for client Certificates */
+    if (x != NULL)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_signed_certificate_timestamp)
+            || !WPACKET_put_bytes_u16(pkt, 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_SCT,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+#endif
+
+EXT_RETURN tls_construct_ctos_ems(SSL *s, WPACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx)
+{
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_extended_master_secret)
+            || !WPACKET_put_bytes_u16(pkt, 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_EMS,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt,
+                                                 unsigned int context, X509 *x,
+                                                 size_t chainidx)
+{
+    int currv, min_version, max_version, reason;
+
+    reason = ssl_get_min_max_version(s, &min_version, &max_version, NULL);
+    if (reason != 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS, reason);
+        return EXT_RETURN_FAIL;
+    }
+
+    /*
+     * Don't include this if we can't negotiate TLSv1.3. We can do a straight
+     * comparison here because we will never be called in DTLS.
+     */
+    if (max_version < TLS1_3_VERSION)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_versions)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_start_sub_packet_u8(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    for (currv = max_version; currv >= min_version; currv--) {
+        if (!WPACKET_put_bytes_u16(pkt, currv)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS,
+                     ERR_R_INTERNAL_ERROR);
+            return EXT_RETURN_FAIL;
+        }
+    }
+    if (!WPACKET_close(pkt) || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+/*
+ * Construct a psk_kex_modes extension.
+ */
+EXT_RETURN tls_construct_ctos_psk_kex_modes(SSL *s, WPACKET *pkt,
+                                            unsigned int context, X509 *x,
+                                            size_t chainidx)
+{
+#ifndef OPENSSL_NO_TLS1_3
+    int nodhe = s->options & SSL_OP_ALLOW_NO_DHE_KEX;
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_psk_kex_modes)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_start_sub_packet_u8(pkt)
+            || !WPACKET_put_bytes_u8(pkt, TLSEXT_KEX_MODE_KE_DHE)
+            || (nodhe && !WPACKET_put_bytes_u8(pkt, TLSEXT_KEX_MODE_KE))
+            || !WPACKET_close(pkt)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CTOS_PSK_KEX_MODES, ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    s->ext.psk_kex_mode = TLSEXT_KEX_MODE_FLAG_KE_DHE;
+    if (nodhe)
+        s->ext.psk_kex_mode |= TLSEXT_KEX_MODE_FLAG_KE;
+#endif
+
+    return EXT_RETURN_SENT;
+}
+
+#ifndef OPENSSL_NO_TLS1_3
+static int add_key_share(SSL *s, WPACKET *pkt, unsigned int curve_id)
+{
+    unsigned char *encoded_point = NULL;
+    EVP_PKEY *key_share_key = NULL;
+    size_t encodedlen;
+
+    if (s->s3->tmp.pkey != NULL) {
+        if (!ossl_assert(s->hello_retry_request == SSL_HRR_PENDING)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_ADD_KEY_SHARE,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+        /*
+         * Could happen if we got an HRR that wasn't requesting a new key_share
+         */
+        key_share_key = s->s3->tmp.pkey;
+    } else {
+        key_share_key = ssl_generate_pkey_group(s, curve_id);
+        if (key_share_key == NULL) {
+            /* SSLfatal() already called */
+            return 0;
+        }
+    }
+
+    /* Encode the public key. */
+    encodedlen = EVP_PKEY_get1_tls_encodedpoint(key_share_key,
+                                                &encoded_point);
+    if (encodedlen == 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_ADD_KEY_SHARE, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    /* Create KeyShareEntry */
+    if (!WPACKET_put_bytes_u16(pkt, curve_id)
+            || !WPACKET_sub_memcpy_u16(pkt, encoded_point, encodedlen)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_ADD_KEY_SHARE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    /*
+     * TODO(TLS1.3): When changing to send more than one key_share we're
+     * going to need to be able to save more than one EVP_PKEY. For now
+     * we reuse the existing tmp.pkey
+     */
+    s->s3->tmp.pkey = key_share_key;
+    s->s3->group_id = curve_id;
+    OPENSSL_free(encoded_point);
+
+    return 1;
+ err:
+    if (s->s3->tmp.pkey == NULL)
+        EVP_PKEY_free(key_share_key);
+    OPENSSL_free(encoded_point);
+    return 0;
+}
+#endif
+
+EXT_RETURN tls_construct_ctos_key_share(SSL *s, WPACKET *pkt,
+                                        unsigned int context, X509 *x,
+                                        size_t chainidx)
+{
+#ifndef OPENSSL_NO_TLS1_3
+    size_t i, num_groups = 0;
+    const uint16_t *pgroups = NULL;
+    uint16_t curve_id = 0;
+
+    /* key_share extension */
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_key_share)
+               /* Extension data sub-packet */
+            || !WPACKET_start_sub_packet_u16(pkt)
+               /* KeyShare list sub-packet */
+            || !WPACKET_start_sub_packet_u16(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    tls1_get_supported_groups(s, &pgroups, &num_groups);
+
+    /*
+     * TODO(TLS1.3): Make the number of key_shares sent configurable. For
+     * now, just send one
+     */
+    if (s->s3->group_id != 0) {
+        curve_id = s->s3->group_id;
+    } else {
+        for (i = 0; i < num_groups; i++) {
+
+            if (!tls_curve_allowed(s, pgroups[i], SSL_SECOP_CURVE_SUPPORTED))
+                continue;
+
+            curve_id = pgroups[i];
+            break;
+        }
+    }
+
+    if (curve_id == 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE,
+                 SSL_R_NO_SUITABLE_KEY_SHARE);
+        return EXT_RETURN_FAIL;
+    }
+
+    if (!add_key_share(s, pkt, curve_id)) {
+        /* SSLfatal() already called */
+        return EXT_RETURN_FAIL;
+    }
+
+    if (!WPACKET_close(pkt) || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+    return EXT_RETURN_SENT;
+#else
+    return EXT_RETURN_NOT_SENT;
+#endif
+}
+
+EXT_RETURN tls_construct_ctos_cookie(SSL *s, WPACKET *pkt, unsigned int context,
+                                     X509 *x, size_t chainidx)
+{
+    EXT_RETURN ret = EXT_RETURN_FAIL;
+
+    /* Should only be set if we've had an HRR */
+    if (s->ext.tls13_cookie_len == 0)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_cookie)
+               /* Extension data sub-packet */
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_sub_memcpy_u16(pkt, s->ext.tls13_cookie,
+                                       s->ext.tls13_cookie_len)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_COOKIE,
+                 ERR_R_INTERNAL_ERROR);
+        goto end;
+    }
+
+    ret = EXT_RETURN_SENT;
+ end:
+    OPENSSL_free(s->ext.tls13_cookie);
+    s->ext.tls13_cookie = NULL;
+    s->ext.tls13_cookie_len = 0;
+
+    return ret;
+}
+
+EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt,
+                                         unsigned int context, X509 *x,
+                                         size_t chainidx)
+{
+#ifndef OPENSSL_NO_PSK
+    char identity[PSK_MAX_IDENTITY_LEN + 1];
+#endif  /* OPENSSL_NO_PSK */
+    const unsigned char *id = NULL;
+    size_t idlen = 0;
+    SSL_SESSION *psksess = NULL;
+    SSL_SESSION *edsess = NULL;
+    const EVP_MD *handmd = NULL;
+
+    if (s->hello_retry_request == SSL_HRR_PENDING)
+        handmd = ssl_handshake_md(s);
+
+    if (s->psk_use_session_cb != NULL
+            && (!s->psk_use_session_cb(s, handmd, &id, &idlen, &psksess)
+                || (psksess != NULL
+                    && psksess->ssl_version != TLS1_3_VERSION))) {
+        SSL_SESSION_free(psksess);
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA,
+                 SSL_R_BAD_PSK);
+        return EXT_RETURN_FAIL;
+    }
+
+#ifndef OPENSSL_NO_PSK
+    if (psksess == NULL && s->psk_client_callback != NULL) {
+        unsigned char psk[PSK_MAX_PSK_LEN];
+        size_t psklen = 0;
+
+        memset(identity, 0, sizeof(identity));
+        psklen = s->psk_client_callback(s, NULL, identity, sizeof(identity) - 1,
+                                        psk, sizeof(psk));
+
+        if (psklen > PSK_MAX_PSK_LEN) {
+            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                     SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA, ERR_R_INTERNAL_ERROR);
+            return EXT_RETURN_FAIL;
+        } else if (psklen > 0) {
+            const unsigned char tls13_aes128gcmsha256_id[] = { 0x13, 0x01 };
+            const SSL_CIPHER *cipher;
+
+            idlen = strlen(identity);
+            if (idlen > PSK_MAX_IDENTITY_LEN) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA,
+                         ERR_R_INTERNAL_ERROR);
+                return EXT_RETURN_FAIL;
+            }
+            id = (unsigned char *)identity;
+
+            /*
+             * We found a PSK using an old style callback. We don't know
+             * the digest so we default to SHA256 as per the TLSv1.3 spec
+             */
+            cipher = SSL_CIPHER_find(s, tls13_aes128gcmsha256_id);
+            if (cipher == NULL) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA,
+                         ERR_R_INTERNAL_ERROR);
+                return EXT_RETURN_FAIL;
+            }
+
+            psksess = SSL_SESSION_new();
+            if (psksess == NULL
+                    || !SSL_SESSION_set1_master_key(psksess, psk, psklen)
+                    || !SSL_SESSION_set_cipher(psksess, cipher)
+                    || !SSL_SESSION_set_protocol_version(psksess, TLS1_3_VERSION)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA,
+                         ERR_R_INTERNAL_ERROR);
+                OPENSSL_cleanse(psk, psklen);
+                return EXT_RETURN_FAIL;
+            }
+            OPENSSL_cleanse(psk, psklen);
+        }
+    }
+#endif  /* OPENSSL_NO_PSK */
+
+    SSL_SESSION_free(s->psksession);
+    s->psksession = psksess;
+    if (psksess != NULL) {
+        OPENSSL_free(s->psksession_id);
+        s->psksession_id = OPENSSL_memdup(id, idlen);
+        if (s->psksession_id == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA, ERR_R_INTERNAL_ERROR);
+            return EXT_RETURN_FAIL;
+        }
+        s->psksession_id_len = idlen;
+    }
+
+    if (s->early_data_state != SSL_EARLY_DATA_CONNECTING
+            || (s->session->ext.max_early_data == 0
+                && (psksess == NULL || psksess->ext.max_early_data == 0))) {
+        s->max_early_data = 0;
+        return EXT_RETURN_NOT_SENT;
+    }
+    edsess = s->session->ext.max_early_data != 0 ? s->session : psksess;
+    s->max_early_data = edsess->ext.max_early_data;
+
+    if (edsess->ext.hostname != NULL) {
+        if (s->ext.hostname == NULL
+                || (s->ext.hostname != NULL
+                    && strcmp(s->ext.hostname, edsess->ext.hostname) != 0)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA,
+                     SSL_R_INCONSISTENT_EARLY_DATA_SNI);
+            return EXT_RETURN_FAIL;
+        }
+    }
+
+    if ((s->ext.alpn == NULL && edsess->ext.alpn_selected != NULL)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA,
+                 SSL_R_INCONSISTENT_EARLY_DATA_ALPN);
+        return EXT_RETURN_FAIL;
+    }
+
+    /*
+     * Verify that we are offering an ALPN protocol consistent with the early
+     * data.
+     */
+    if (edsess->ext.alpn_selected != NULL) {
+        PACKET prots, alpnpkt;
+        int found = 0;
+
+        if (!PACKET_buf_init(&prots, s->ext.alpn, s->ext.alpn_len)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA, ERR_R_INTERNAL_ERROR);
+            return EXT_RETURN_FAIL;
+        }
+        while (PACKET_get_length_prefixed_1(&prots, &alpnpkt)) {
+            if (PACKET_equal(&alpnpkt, edsess->ext.alpn_selected,
+                             edsess->ext.alpn_selected_len)) {
+                found = 1;
+                break;
+            }
+        }
+        if (!found) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA,
+                     SSL_R_INCONSISTENT_EARLY_DATA_ALPN);
+            return EXT_RETURN_FAIL;
+        }
+    }
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_early_data)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    /*
+     * We set this to rejected here. Later, if the server acknowledges the
+     * extension, we set it to accepted.
+     */
+    s->ext.early_data = SSL_EARLY_DATA_REJECTED;
+    s->ext.early_data_ok = 1;
+
+    return EXT_RETURN_SENT;
+}
+
+#define F5_WORKAROUND_MIN_MSG_LEN   0xff
+#define F5_WORKAROUND_MAX_MSG_LEN   0x200
+
+/*
+ * PSK pre binder overhead =
+ *  2 bytes for TLSEXT_TYPE_psk
+ *  2 bytes for extension length
+ *  2 bytes for identities list length
+ *  2 bytes for identity length
+ *  4 bytes for obfuscated_ticket_age
+ *  2 bytes for binder list length
+ *  1 byte for binder length
+ * The above excludes the number of bytes for the identity itself and the
+ * subsequent binder bytes
+ */
+#define PSK_PRE_BINDER_OVERHEAD (2 + 2 + 2 + 2 + 4 + 2 + 1)
+
+EXT_RETURN tls_construct_ctos_padding(SSL *s, WPACKET *pkt,
+                                      unsigned int context, X509 *x,
+                                      size_t chainidx)
+{
+    unsigned char *padbytes;
+    size_t hlen;
+
+    if ((s->options & SSL_OP_TLSEXT_PADDING) == 0)
+        return EXT_RETURN_NOT_SENT;
+
+    /*
+     * Add padding to workaround bugs in F5 terminators. See RFC7685.
+     * This code calculates the length of all extensions added so far but
+     * excludes the PSK extension (because that MUST be written last). Therefore
+     * this extension MUST always appear second to last.
+     */
+    if (!WPACKET_get_total_written(pkt, &hlen)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_PADDING,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    /*
+     * If we're going to send a PSK then that will be written out after this
+     * extension, so we need to calculate how long it is going to be.
+     */
+    if (s->session->ssl_version == TLS1_3_VERSION
+            && s->session->ext.ticklen != 0
+            && s->session->cipher != NULL) {
+        const EVP_MD *md = ssl_md(s->session->cipher->algorithm2);
+
+        if (md != NULL) {
+            /*
+             * Add the fixed PSK overhead, the identity length and the binder
+             * length.
+             */
+            hlen +=  PSK_PRE_BINDER_OVERHEAD + s->session->ext.ticklen
+                     + EVP_MD_size(md);
+        }
+    }
+
+    if (hlen > F5_WORKAROUND_MIN_MSG_LEN && hlen < F5_WORKAROUND_MAX_MSG_LEN) {
+        /* Calculate the amount of padding we need to add */
+        hlen = F5_WORKAROUND_MAX_MSG_LEN - hlen;
+
+        /*
+         * Take off the size of extension header itself (2 bytes for type and
+         * 2 bytes for length bytes), but ensure that the extension is at least
+         * 1 byte long so as not to have an empty extension last (WebSphere 7.x,
+         * 8.x are intolerant of that condition)
+         */
+        if (hlen > 4)
+            hlen -= 4;
+        else
+            hlen = 1;
+
+        if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_padding)
+                || !WPACKET_sub_allocate_bytes_u16(pkt, hlen, &padbytes)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_PADDING,
+                     ERR_R_INTERNAL_ERROR);
+            return EXT_RETURN_FAIL;
+        }
+        memset(padbytes, 0, hlen);
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+/*
+ * Construct the pre_shared_key extension
+ */
+EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx)
+{
+#ifndef OPENSSL_NO_TLS1_3
+    uint32_t now, agesec, agems = 0;
+    size_t reshashsize = 0, pskhashsize = 0, binderoffset, msglen;
+    unsigned char *resbinder = NULL, *pskbinder = NULL, *msgstart = NULL;
+    const EVP_MD *handmd = NULL, *mdres = NULL, *mdpsk = NULL;
+    int dores = 0;
+
+    s->session->ext.tick_identity = TLSEXT_PSK_BAD_IDENTITY;
+
+    /*
+     * Note: At this stage of the code we only support adding a single
+     * resumption PSK. If we add support for multiple PSKs then the length
+     * calculations in the padding extension will need to be adjusted.
+     */
+
+    /*
+     * If this is an incompatible or new session then we have nothing to resume
+     * so don't add this extension.
+     */
+    if (s->session->ssl_version != TLS1_3_VERSION
+            || (s->session->ext.ticklen == 0 && s->psksession == NULL))
+        return EXT_RETURN_NOT_SENT;
+
+    if (s->hello_retry_request == SSL_HRR_PENDING)
+        handmd = ssl_handshake_md(s);
+
+    if (s->session->ext.ticklen != 0) {
+        /* Get the digest associated with the ciphersuite in the session */
+        if (s->session->cipher == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_PSK,
+                     ERR_R_INTERNAL_ERROR);
+            return EXT_RETURN_FAIL;
+        }
+        mdres = ssl_md(s->session->cipher->algorithm2);
+        if (mdres == NULL) {
+            /*
+             * Don't recognize this cipher so we can't use the session.
+             * Ignore it
+             */
+            goto dopsksess;
+        }
+
+        if (s->hello_retry_request == SSL_HRR_PENDING && mdres != handmd) {
+            /*
+             * Selected ciphersuite hash does not match the hash for the session
+             * so we can't use it.
+             */
+            goto dopsksess;
+        }
+
+        /*
+         * Technically the C standard just says time() returns a time_t and says
+         * nothing about the encoding of that type. In practice most
+         * implementations follow POSIX which holds it as an integral type in
+         * seconds since epoch. We've already made the assumption that we can do
+         * this in multiple places in the code, so portability shouldn't be an
+         * issue.
+         */
+        now = (uint32_t)time(NULL);
+        agesec = now - (uint32_t)s->session->time;
+        /*
+         * We calculate the age in seconds but the server may work in ms. Due to
+         * rounding errors we could overestimate the age by up to 1s. It is
+         * better to underestimate it. Otherwise, if the RTT is very short, when
+         * the server calculates the age reported by the client it could be
+         * bigger than the age calculated on the server - which should never
+         * happen.
+         */
+        if (agesec > 0)
+            agesec--;
+
+        if (s->session->ext.tick_lifetime_hint < agesec) {
+            /* Ticket is too old. Ignore it. */
+            goto dopsksess;
+        }
+
+        /*
+         * Calculate age in ms. We're just doing it to nearest second. Should be
+         * good enough.
+         */
+        agems = agesec * (uint32_t)1000;
+
+        if (agesec != 0 && agems / (uint32_t)1000 != agesec) {
+            /*
+             * Overflow. Shouldn't happen unless this is a *really* old session.
+             * If so we just ignore it.
+             */
+            goto dopsksess;
+        }
+
+        /*
+         * Obfuscate the age. Overflow here is fine, this addition is supposed
+         * to be mod 2^32.
+         */
+        agems += s->session->ext.tick_age_add;
+
+        reshashsize = EVP_MD_size(mdres);
+        dores = 1;
+    }
+
+ dopsksess:
+    if (!dores && s->psksession == NULL)
+        return EXT_RETURN_NOT_SENT;
+
+    if (s->psksession != NULL) {
+        mdpsk = ssl_md(s->psksession->cipher->algorithm2);
+        if (mdpsk == NULL) {
+            /*
+             * Don't recognize this cipher so we can't use the session.
+             * If this happens it's an application bug.
+             */
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_PSK,
+                     SSL_R_BAD_PSK);
+            return EXT_RETURN_FAIL;
+        }
+
+        if (s->hello_retry_request == SSL_HRR_PENDING && mdpsk != handmd) {
+            /*
+             * Selected ciphersuite hash does not match the hash for the PSK
+             * session. This is an application bug.
+             */
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_PSK,
+                     SSL_R_BAD_PSK);
+            return EXT_RETURN_FAIL;
+        }
+
+        pskhashsize = EVP_MD_size(mdpsk);
+    }
+
+    /* Create the extension, but skip over the binder for now */
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_psk)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_start_sub_packet_u16(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_PSK,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    if (dores) {
+        if (!WPACKET_sub_memcpy_u16(pkt, s->session->ext.tick,
+                                           s->session->ext.ticklen)
+                || !WPACKET_put_bytes_u32(pkt, agems)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_PSK,
+                     ERR_R_INTERNAL_ERROR);
+            return EXT_RETURN_FAIL;
+        }
+    }
+
+    if (s->psksession != NULL) {
+        if (!WPACKET_sub_memcpy_u16(pkt, s->psksession_id,
+                                    s->psksession_id_len)
+                || !WPACKET_put_bytes_u32(pkt, 0)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_PSK,
+                     ERR_R_INTERNAL_ERROR);
+            return EXT_RETURN_FAIL;
+        }
+    }
+
+    if (!WPACKET_close(pkt)
+            || !WPACKET_get_total_written(pkt, &binderoffset)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || (dores
+                && !WPACKET_sub_allocate_bytes_u8(pkt, reshashsize, &resbinder))
+            || (s->psksession != NULL
+                && !WPACKET_sub_allocate_bytes_u8(pkt, pskhashsize, &pskbinder))
+            || !WPACKET_close(pkt)
+            || !WPACKET_close(pkt)
+            || !WPACKET_get_total_written(pkt, &msglen)
+               /*
+                * We need to fill in all the sub-packet lengths now so we can
+                * calculate the HMAC of the message up to the binders
+                */
+            || !WPACKET_fill_lengths(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_PSK,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    msgstart = WPACKET_get_curr(pkt) - msglen;
+
+    if (dores
+            && tls_psk_do_binder(s, mdres, msgstart, binderoffset, NULL,
+                                 resbinder, s->session, 1, 0) != 1) {
+        /* SSLfatal() already called */
+        return EXT_RETURN_FAIL;
+    }
+
+    if (s->psksession != NULL
+            && tls_psk_do_binder(s, mdpsk, msgstart, binderoffset, NULL,
+                                 pskbinder, s->psksession, 1, 1) != 1) {
+        /* SSLfatal() already called */
+        return EXT_RETURN_FAIL;
+    }
+
+    if (dores)
+        s->session->ext.tick_identity = 0;
+    if (s->psksession != NULL)
+        s->psksession->ext.tick_identity = (dores ? 1 : 0);
+
+    return EXT_RETURN_SENT;
+#else
+    return EXT_RETURN_NOT_SENT;
+#endif
+}
+
+EXT_RETURN tls_construct_ctos_post_handshake_auth(SSL *s, WPACKET *pkt,
+                                                  unsigned int context,
+                                                  X509 *x, size_t chainidx)
+{
+#ifndef OPENSSL_NO_TLS1_3
+    if (!s->pha_enabled)
+        return EXT_RETURN_NOT_SENT;
+
+    /* construct extension - 0 length, no contents */
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_post_handshake_auth)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CTOS_POST_HANDSHAKE_AUTH,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    s->post_handshake_auth = SSL_PHA_EXT_SENT;
+
+    return EXT_RETURN_SENT;
+#else
+    return EXT_RETURN_NOT_SENT;
+#endif
+}
+
+
+/*
+ * Parse the server's renegotiation binding and abort if it's not right
+ */
+int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, unsigned int context,
+                               X509 *x, size_t chainidx)
+{
+    size_t expected_len = s->s3->previous_client_finished_len
+        + s->s3->previous_server_finished_len;
+    size_t ilen;
+    const unsigned char *data;
+
+    /* Check for logic errors */
+    if (!ossl_assert(expected_len == 0
+                     || s->s3->previous_client_finished_len != 0)
+        || !ossl_assert(expected_len == 0
+                        || s->s3->previous_server_finished_len != 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_RENEGOTIATE,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    /* Parse the length byte */
+    if (!PACKET_get_1_len(pkt, &ilen)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_RENEGOTIATE,
+                 SSL_R_RENEGOTIATION_ENCODING_ERR);
+        return 0;
+    }
+
+    /* Consistency check */
+    if (PACKET_remaining(pkt) != ilen) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_RENEGOTIATE,
+                 SSL_R_RENEGOTIATION_ENCODING_ERR);
+        return 0;
+    }
+
+    /* Check that the extension matches */
+    if (ilen != expected_len) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_RENEGOTIATE,
+                 SSL_R_RENEGOTIATION_MISMATCH);
+        return 0;
+    }
+
+    if (!PACKET_get_bytes(pkt, &data, s->s3->previous_client_finished_len)
+        || memcmp(data, s->s3->previous_client_finished,
+                  s->s3->previous_client_finished_len) != 0) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_RENEGOTIATE,
+                 SSL_R_RENEGOTIATION_MISMATCH);
+        return 0;
+    }
+
+    if (!PACKET_get_bytes(pkt, &data, s->s3->previous_server_finished_len)
+        || memcmp(data, s->s3->previous_server_finished,
+                  s->s3->previous_server_finished_len) != 0) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_RENEGOTIATE,
+                 SSL_R_RENEGOTIATION_MISMATCH);
+        return 0;
+    }
+    s->s3->send_connection_binding = 1;
+
+    return 1;
+}
+
+/* Parse the server's max fragment len extension packet */
+int tls_parse_stoc_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx)
+{
+    unsigned int value;
+
+    if (PACKET_remaining(pkt) != 1 || !PACKET_get_1(pkt, &value)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    /* |value| should contains a valid max-fragment-length code. */
+    if (!IS_MAX_FRAGMENT_LENGTH_EXT_VALID(value)) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                 SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN,
+                 SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH);
+        return 0;
+    }
+
+    /* Must be the same value as client-configured one who was sent to server */
+    /*-
+     * RFC 6066: if a client receives a maximum fragment length negotiation
+     * response that differs from the length it requested, ...
+     * It must abort with SSL_AD_ILLEGAL_PARAMETER alert
+     */
+    if (value != s->ext.max_fragment_len_mode) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                 SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN,
+                 SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH);
+        return 0;
+    }
+
+    /*
+     * Maximum Fragment Length Negotiation succeeded.
+     * The negotiated Maximum Fragment Length is binding now.
+     */
+    s->session->ext.max_fragment_len_mode = value;
+
+    return 1;
+}
+
+int tls_parse_stoc_server_name(SSL *s, PACKET *pkt, unsigned int context,
+                               X509 *x, size_t chainidx)
+{
+    if (s->ext.hostname == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_SERVER_NAME,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    if (PACKET_remaining(pkt) > 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_SERVER_NAME,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    if (!s->hit) {
+        if (s->session->ext.hostname != NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_SERVER_NAME,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+        s->session->ext.hostname = OPENSSL_strdup(s->ext.hostname);
+        if (s->session->ext.hostname == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_SERVER_NAME,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+    }
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_EC
+int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context,
+                                 X509 *x, size_t chainidx)
+{
+    size_t ecpointformats_len;
+    PACKET ecptformatlist;
+
+    if (!PACKET_as_length_prefixed_1(pkt, &ecptformatlist)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+    if (!s->hit) {
+        ecpointformats_len = PACKET_remaining(&ecptformatlist);
+        if (ecpointformats_len == 0) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS, SSL_R_BAD_LENGTH);
+            return 0;
+        }
+
+        s->session->ext.ecpointformats_len = 0;
+        OPENSSL_free(s->session->ext.ecpointformats);
+        s->session->ext.ecpointformats = OPENSSL_malloc(ecpointformats_len);
+        if (s->session->ext.ecpointformats == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS, ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+
+        s->session->ext.ecpointformats_len = ecpointformats_len;
+
+        if (!PACKET_copy_bytes(&ecptformatlist,
+                               s->session->ext.ecpointformats,
+                               ecpointformats_len)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS, ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+    }
+
+    return 1;
+}
+#endif
+
+int tls_parse_stoc_session_ticket(SSL *s, PACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx)
+{
+    if (s->ext.session_ticket_cb != NULL &&
+        !s->ext.session_ticket_cb(s, PACKET_data(pkt),
+                              PACKET_remaining(pkt),
+                              s->ext.session_ticket_cb_arg)) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                 SSL_F_TLS_PARSE_STOC_SESSION_TICKET, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    if (!tls_use_ticket(s)) {
+        SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION,
+                 SSL_F_TLS_PARSE_STOC_SESSION_TICKET, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+    if (PACKET_remaining(pkt) > 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_PARSE_STOC_SESSION_TICKET, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    s->ext.ticket_expected = 1;
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_OCSP
+int tls_parse_stoc_status_request(SSL *s, PACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx)
+{
+    if (context == SSL_EXT_TLS1_3_CERTIFICATE_REQUEST) {
+        /* We ignore this if the server sends a CertificateRequest */
+        /* TODO(TLS1.3): Add support for this */
+        return 1;
+    }
+
+    /*
+     * MUST only be sent if we've requested a status
+     * request message. In TLS <= 1.2 it must also be empty.
+     */
+    if (s->ext.status_type != TLSEXT_STATUSTYPE_ocsp) {
+        SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION,
+                 SSL_F_TLS_PARSE_STOC_STATUS_REQUEST, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+    if (!SSL_IS_TLS13(s) && PACKET_remaining(pkt) > 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_PARSE_STOC_STATUS_REQUEST, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    if (SSL_IS_TLS13(s)) {
+        /* We only know how to handle this if it's for the first Certificate in
+         * the chain. We ignore any other responses.
+         */
+        if (chainidx != 0)
+            return 1;
+
+        /* SSLfatal() already called */
+        return tls_process_cert_status_body(s, pkt);
+    }
+
+    /* Set flag to expect CertificateStatus message */
+    s->ext.status_expected = 1;
+
+    return 1;
+}
+#endif
+
+
+#ifndef OPENSSL_NO_CT
+int tls_parse_stoc_sct(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx)
+{
+    if (context == SSL_EXT_TLS1_3_CERTIFICATE_REQUEST) {
+        /* We ignore this if the server sends it in a CertificateRequest */
+        /* TODO(TLS1.3): Add support for this */
+        return 1;
+    }
+
+    /*
+     * Only take it if we asked for it - i.e if there is no CT validation
+     * callback set, then a custom extension MAY be processing it, so we
+     * need to let control continue to flow to that.
+     */
+    if (s->ct_validation_callback != NULL) {
+        size_t size = PACKET_remaining(pkt);
+
+        /* Simply copy it off for later processing */
+        OPENSSL_free(s->ext.scts);
+        s->ext.scts = NULL;
+
+        s->ext.scts_len = (uint16_t)size;
+        if (size > 0) {
+            s->ext.scts = OPENSSL_malloc(size);
+            if (s->ext.scts == NULL
+                    || !PACKET_copy_bytes(pkt, s->ext.scts, size)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_SCT,
+                         ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+        }
+    } else {
+        ENDPOINT role = (context & SSL_EXT_TLS1_2_SERVER_HELLO) != 0
+                        ? ENDPOINT_CLIENT : ENDPOINT_BOTH;
+
+        /*
+         * If we didn't ask for it then there must be a custom extension,
+         * otherwise this is unsolicited.
+         */
+        if (custom_ext_find(&s->cert->custext, role,
+                            TLSEXT_TYPE_signed_certificate_timestamp,
+                            NULL) == NULL) {
+            SSLfatal(s, TLS1_AD_UNSUPPORTED_EXTENSION, SSL_F_TLS_PARSE_STOC_SCT,
+                     SSL_R_BAD_EXTENSION);
+            return 0;
+        }
+
+        if (!custom_ext_parse(s, context,
+                             TLSEXT_TYPE_signed_certificate_timestamp,
+                             PACKET_data(pkt), PACKET_remaining(pkt),
+                             x, chainidx)) {
+            /* SSLfatal already called */
+            return 0;
+        }
+    }
+
+    return 1;
+}
+#endif
+
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+/*
+ * ssl_next_proto_validate validates a Next Protocol Negotiation block. No
+ * elements of zero length are allowed and the set of elements must exactly
+ * fill the length of the block. Returns 1 on success or 0 on failure.
+ */
+static int ssl_next_proto_validate(SSL *s, PACKET *pkt)
+{
+    PACKET tmp_protocol;
+
+    while (PACKET_remaining(pkt)) {
+        if (!PACKET_get_length_prefixed_1(pkt, &tmp_protocol)
+            || PACKET_remaining(&tmp_protocol) == 0) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL_NEXT_PROTO_VALIDATE,
+                     SSL_R_BAD_EXTENSION);
+            return 0;
+        }
+    }
+
+    return 1;
+}
+
+int tls_parse_stoc_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx)
+{
+    unsigned char *selected;
+    unsigned char selected_len;
+    PACKET tmppkt;
+
+    /* Check if we are in a renegotiation. If so ignore this extension */
+    if (!SSL_IS_FIRST_HANDSHAKE(s))
+        return 1;
+
+    /* We must have requested it. */
+    if (s->ctx->ext.npn_select_cb == NULL) {
+        SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION, SSL_F_TLS_PARSE_STOC_NPN,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    /* The data must be valid */
+    tmppkt = *pkt;
+    if (!ssl_next_proto_validate(s, &tmppkt)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+    if (s->ctx->ext.npn_select_cb(s, &selected, &selected_len,
+                                  PACKET_data(pkt),
+                                  PACKET_remaining(pkt),
+                                  s->ctx->ext.npn_select_cb_arg) !=
+             SSL_TLSEXT_ERR_OK) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PARSE_STOC_NPN,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    /*
+     * Could be non-NULL if server has sent multiple NPN extensions in
+     * a single Serverhello
+     */
+    OPENSSL_free(s->ext.npn);
+    s->ext.npn = OPENSSL_malloc(selected_len);
+    if (s->ext.npn == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_NPN,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    memcpy(s->ext.npn, selected, selected_len);
+    s->ext.npn_len = selected_len;
+    s->s3->npn_seen = 1;
+
+    return 1;
+}
+#endif
+
+int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                        size_t chainidx)
+{
+    size_t len;
+
+    /* We must have requested it. */
+    if (!s->s3->alpn_sent) {
+        SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION, SSL_F_TLS_PARSE_STOC_ALPN,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+    /*-
+     * The extension data consists of:
+     *   uint16 list_length
+     *   uint8 proto_length;
+     *   uint8 proto[proto_length];
+     */
+    if (!PACKET_get_net_2_len(pkt, &len)
+        || PACKET_remaining(pkt) != len || !PACKET_get_1_len(pkt, &len)
+        || PACKET_remaining(pkt) != len) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_ALPN,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+    OPENSSL_free(s->s3->alpn_selected);
+    s->s3->alpn_selected = OPENSSL_malloc(len);
+    if (s->s3->alpn_selected == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    if (!PACKET_copy_bytes(pkt, s->s3->alpn_selected, len)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_ALPN,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+    s->s3->alpn_selected_len = len;
+
+    if (s->session->ext.alpn_selected == NULL
+            || s->session->ext.alpn_selected_len != len
+            || memcmp(s->session->ext.alpn_selected, s->s3->alpn_selected, len)
+               != 0) {
+        /* ALPN not consistent with the old session so cannot use early_data */
+        s->ext.early_data_ok = 0;
+    }
+    if (!s->hit) {
+        /*
+         * This is a new session and so alpn_selected should have been
+         * initialised to NULL. We should update it with the selected ALPN.
+         */
+        if (!ossl_assert(s->session->ext.alpn_selected == NULL)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+        s->session->ext.alpn_selected =
+            OPENSSL_memdup(s->s3->alpn_selected, s->s3->alpn_selected_len);
+        if (s->session->ext.alpn_selected == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+        s->session->ext.alpn_selected_len = s->s3->alpn_selected_len;
+    }
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_SRTP
+int tls_parse_stoc_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                            size_t chainidx)
+{
+    unsigned int id, ct, mki;
+    int i;
+    STACK_OF(SRTP_PROTECTION_PROFILE) *clnt;
+    SRTP_PROTECTION_PROFILE *prof;
+
+    if (!PACKET_get_net_2(pkt, &ct) || ct != 2
+            || !PACKET_get_net_2(pkt, &id)
+            || !PACKET_get_1(pkt, &mki)
+            || PACKET_remaining(pkt) != 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_USE_SRTP,
+                 SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
+        return 0;
+    }
+
+    if (mki != 0) {
+        /* Must be no MKI, since we never offer one */
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_USE_SRTP,
+                 SSL_R_BAD_SRTP_MKI_VALUE);
+        return 0;
+    }
+
+    /* Throw an error if the server gave us an unsolicited extension */
+    clnt = SSL_get_srtp_profiles(s);
+    if (clnt == NULL) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_USE_SRTP,
+                 SSL_R_NO_SRTP_PROFILES);
+        return 0;
+    }
+
+    /*
+     * Check to see if the server gave us something we support (and
+     * presumably offered)
+     */
+    for (i = 0; i < sk_SRTP_PROTECTION_PROFILE_num(clnt); i++) {
+        prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i);
+
+        if (prof->id == id) {
+            s->srtp_profile = prof;
+            return 1;
+        }
+    }
+
+    SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_USE_SRTP,
+             SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
+    return 0;
+}
+#endif
+
+int tls_parse_stoc_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx)
+{
+    /* Ignore if inappropriate ciphersuite */
+    if (!(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC)
+            && s->s3->tmp.new_cipher->algorithm_mac != SSL_AEAD
+            && s->s3->tmp.new_cipher->algorithm_enc != SSL_RC4)
+        s->ext.use_etm = 1;
+
+    return 1;
+}
+
+int tls_parse_stoc_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx)
+{
+    s->s3->flags |= TLS1_FLAGS_RECEIVED_EXTMS;
+    if (!s->hit)
+        s->session->flags |= SSL_SESS_FLAG_EXTMS;
+
+    return 1;
+}
+
+int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context,
+                                      X509 *x, size_t chainidx)
+{
+    unsigned int version;
+
+    if (!PACKET_get_net_2(pkt, &version)
+            || PACKET_remaining(pkt) != 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_PARSE_STOC_SUPPORTED_VERSIONS,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+
+    /*
+     * The only protocol version we support which is valid in this extension in
+     * a ServerHello is TLSv1.3 therefore we shouldn't be getting anything else.
+     */
+    if (version != TLS1_3_VERSION) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                 SSL_F_TLS_PARSE_STOC_SUPPORTED_VERSIONS,
+                 SSL_R_BAD_PROTOCOL_VERSION_NUMBER);
+        return 0;
+    }
+
+    /* We ignore this extension for HRRs except to sanity check it */
+    if (context == SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST)
+        return 1;
+
+    /* We just set it here. We validate it in ssl_choose_client_version */
+    s->version = version;
+
+    return 1;
+}
+
+int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                             size_t chainidx)
+{
+#ifndef OPENSSL_NO_TLS1_3
+    unsigned int group_id;
+    PACKET encoded_pt;
+    EVP_PKEY *ckey = s->s3->tmp.pkey, *skey = NULL;
+
+    /* Sanity check */
+    if (ckey == NULL || s->s3->peer_tmp != NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_KEY_SHARE,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    if (!PACKET_get_net_2(pkt, &group_id)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_KEY_SHARE,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+
+    if ((context & SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST) != 0) {
+        const uint16_t *pgroups = NULL;
+        size_t i, num_groups;
+
+        if (PACKET_remaining(pkt) != 0) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_KEY_SHARE,
+                     SSL_R_LENGTH_MISMATCH);
+            return 0;
+        }
+
+        /*
+         * It is an error if the HelloRetryRequest wants a key_share that we
+         * already sent in the first ClientHello
+         */
+        if (group_id == s->s3->group_id) {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                     SSL_F_TLS_PARSE_STOC_KEY_SHARE, SSL_R_BAD_KEY_SHARE);
+            return 0;
+        }
+
+        /* Validate the selected group is one we support */
+        tls1_get_supported_groups(s, &pgroups, &num_groups);
+        for (i = 0; i < num_groups; i++) {
+            if (group_id == pgroups[i])
+                break;
+        }
+        if (i >= num_groups
+                || !tls_curve_allowed(s, group_id, SSL_SECOP_CURVE_SUPPORTED)) {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                     SSL_F_TLS_PARSE_STOC_KEY_SHARE, SSL_R_BAD_KEY_SHARE);
+            return 0;
+        }
+
+        s->s3->group_id = group_id;
+        EVP_PKEY_free(s->s3->tmp.pkey);
+        s->s3->tmp.pkey = NULL;
+        return 1;
+    }
+
+    if (group_id != s->s3->group_id) {
+        /*
+         * This isn't for the group that we sent in the original
+         * key_share!
+         */
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_KEY_SHARE,
+                 SSL_R_BAD_KEY_SHARE);
+        return 0;
+    }
+
+    if (!PACKET_as_length_prefixed_2(pkt, &encoded_pt)
+            || PACKET_remaining(&encoded_pt) == 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_KEY_SHARE,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+
+    skey = ssl_generate_pkey(ckey);
+    if (skey == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_KEY_SHARE,
+                 ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    if (!EVP_PKEY_set1_tls_encodedpoint(skey, PACKET_data(&encoded_pt),
+                                        PACKET_remaining(&encoded_pt))) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_KEY_SHARE,
+                 SSL_R_BAD_ECPOINT);
+        EVP_PKEY_free(skey);
+        return 0;
+    }
+
+    if (ssl_derive(s, ckey, skey, 1) == 0) {
+        /* SSLfatal() already called */
+        EVP_PKEY_free(skey);
+        return 0;
+    }
+    s->s3->peer_tmp = skey;
+#endif
+
+    return 1;
+}
+
+int tls_parse_stoc_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx)
+{
+    PACKET cookie;
+
+    if (!PACKET_as_length_prefixed_2(pkt, &cookie)
+            || !PACKET_memdup(&cookie, &s->ext.tls13_cookie,
+                              &s->ext.tls13_cookie_len)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_COOKIE,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+
+    return 1;
+}
+
+int tls_parse_stoc_early_data(SSL *s, PACKET *pkt, unsigned int context,
+                              X509 *x, size_t chainidx)
+{
+    if (context == SSL_EXT_TLS1_3_NEW_SESSION_TICKET) {
+        unsigned long max_early_data;
+
+        if (!PACKET_get_net_4(pkt, &max_early_data)
+                || PACKET_remaining(pkt) != 0) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_EARLY_DATA,
+                     SSL_R_INVALID_MAX_EARLY_DATA);
+            return 0;
+        }
+
+        s->session->ext.max_early_data = max_early_data;
+
+        return 1;
+    }
+
+    if (PACKET_remaining(pkt) != 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_EARLY_DATA,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    if (!s->ext.early_data_ok
+            || !s->hit
+            || s->session->ext.tick_identity != 0) {
+        /*
+         * If we get here then we didn't send early data, or we didn't resume
+         * using the first identity, or the SNI/ALPN is not consistent so the
+         * server should not be accepting it.
+         */
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_EARLY_DATA,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    s->ext.early_data = SSL_EARLY_DATA_ACCEPTED;
+
+    return 1;
+}
+
+int tls_parse_stoc_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx)
+{
+#ifndef OPENSSL_NO_TLS1_3
+    unsigned int identity;
+
+    if (!PACKET_get_net_2(pkt, &identity) || PACKET_remaining(pkt) != 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_PSK,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+
+    if (s->session->ext.tick_identity == (int)identity) {
+        s->hit = 1;
+        SSL_SESSION_free(s->psksession);
+        s->psksession = NULL;
+        return 1;
+    }
+
+    if (s->psksession == NULL
+            || s->psksession->ext.tick_identity != (int)identity) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_PSK,
+                 SSL_R_BAD_PSK_IDENTITY);
+        return 0;
+    }
+
+    /*
+     * If we used the external PSK for sending early_data then s->early_secret
+     * is already set up, so don't overwrite it. Otherwise we copy the
+     * early_secret across that we generated earlier.
+     */
+    if ((s->early_data_state != SSL_EARLY_DATA_WRITE_RETRY
+                && s->early_data_state != SSL_EARLY_DATA_FINISHED_WRITING)
+            || s->session->ext.max_early_data > 0
+            || s->psksession->ext.max_early_data == 0)
+        memcpy(s->early_secret, s->psksession->early_secret, EVP_MAX_MD_SIZE);
+
+    SSL_SESSION_free(s->session);
+    s->session = s->psksession;
+    s->psksession = NULL;
+    s->hit = 1;
+#endif
+
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/statem/extensions_cust.c b/trunk/3rdparty/openssl-1.1-fit/ssl/statem/extensions_cust.c
new file mode 100644
index 000000000..a4cdc81d6
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/statem/extensions_cust.c
@@ -0,0 +1,533 @@
+/*
+ * Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Custom extension utility functions */
+
+#include <openssl/ct.h>
+#include "../ssl_locl.h"
+#include "internal/cryptlib.h"
+#include "statem_locl.h"
+
+typedef struct {
+    void *add_arg;
+    custom_ext_add_cb add_cb;
+    custom_ext_free_cb free_cb;
+} custom_ext_add_cb_wrap;
+
+typedef struct {
+    void *parse_arg;
+    custom_ext_parse_cb parse_cb;
+} custom_ext_parse_cb_wrap;
+
+/*
+ * Provide thin wrapper callbacks which convert new style arguments to old style
+ */
+static int custom_ext_add_old_cb_wrap(SSL *s, unsigned int ext_type,
+                                      unsigned int context,
+                                      const unsigned char **out,
+                                      size_t *outlen, X509 *x, size_t chainidx,
+                                      int *al, void *add_arg)
+{
+    custom_ext_add_cb_wrap *add_cb_wrap = (custom_ext_add_cb_wrap *)add_arg;
+
+    if (add_cb_wrap->add_cb == NULL)
+        return 1;
+
+    return add_cb_wrap->add_cb(s, ext_type, out, outlen, al,
+                               add_cb_wrap->add_arg);
+}
+
+static void custom_ext_free_old_cb_wrap(SSL *s, unsigned int ext_type,
+                                        unsigned int context,
+                                        const unsigned char *out, void *add_arg)
+{
+    custom_ext_add_cb_wrap *add_cb_wrap = (custom_ext_add_cb_wrap *)add_arg;
+
+    if (add_cb_wrap->free_cb == NULL)
+        return;
+
+    add_cb_wrap->free_cb(s, ext_type, out, add_cb_wrap->add_arg);
+}
+
+static int custom_ext_parse_old_cb_wrap(SSL *s, unsigned int ext_type,
+                                        unsigned int context,
+                                        const unsigned char *in,
+                                        size_t inlen, X509 *x, size_t chainidx,
+                                        int *al, void *parse_arg)
+{
+    custom_ext_parse_cb_wrap *parse_cb_wrap =
+        (custom_ext_parse_cb_wrap *)parse_arg;
+
+    if (parse_cb_wrap->parse_cb == NULL)
+        return 1;
+
+    return parse_cb_wrap->parse_cb(s, ext_type, in, inlen, al,
+                                   parse_cb_wrap->parse_arg);
+}
+
+/*
+ * Find a custom extension from the list. The |role| param is there to
+ * support the legacy API where custom extensions for client and server could
+ * be set independently on the same SSL_CTX. It is set to ENDPOINT_SERVER if we
+ * are trying to find a method relevant to the server, ENDPOINT_CLIENT for the
+ * client, or ENDPOINT_BOTH for either
+ */
+custom_ext_method *custom_ext_find(const custom_ext_methods *exts,
+                                   ENDPOINT role, unsigned int ext_type,
+                                   size_t *idx)
+{
+    size_t i;
+    custom_ext_method *meth = exts->meths;
+
+    for (i = 0; i < exts->meths_count; i++, meth++) {
+        if (ext_type == meth->ext_type
+                && (role == ENDPOINT_BOTH || role == meth->role
+                    || meth->role == ENDPOINT_BOTH)) {
+            if (idx != NULL)
+                *idx = i;
+            return meth;
+        }
+    }
+    return NULL;
+}
+
+/*
+ * Initialise custom extensions flags to indicate neither sent nor received.
+ */
+void custom_ext_init(custom_ext_methods *exts)
+{
+    size_t i;
+    custom_ext_method *meth = exts->meths;
+
+    for (i = 0; i < exts->meths_count; i++, meth++)
+        meth->ext_flags = 0;
+}
+
+/* Pass received custom extension data to the application for parsing. */
+int custom_ext_parse(SSL *s, unsigned int context, unsigned int ext_type,
+                     const unsigned char *ext_data, size_t ext_size, X509 *x,
+                     size_t chainidx)
+{
+    int al;
+    custom_ext_methods *exts = &s->cert->custext;
+    custom_ext_method *meth;
+    ENDPOINT role = ENDPOINT_BOTH;
+
+    if ((context & (SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO)) != 0)
+        role = s->server ? ENDPOINT_SERVER : ENDPOINT_CLIENT;
+
+    meth = custom_ext_find(exts, role, ext_type, NULL);
+    /* If not found return success */
+    if (!meth)
+        return 1;
+
+    /* Check if extension is defined for our protocol. If not, skip */
+    if (!extension_is_relevant(s, meth->context, context))
+        return 1;
+
+    if ((context & (SSL_EXT_TLS1_2_SERVER_HELLO
+                    | SSL_EXT_TLS1_3_SERVER_HELLO
+                    | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS)) != 0) {
+        /*
+         * If it's ServerHello or EncryptedExtensions we can't have any
+         * extensions not sent in ClientHello.
+         */
+        if ((meth->ext_flags & SSL_EXT_FLAG_SENT) == 0) {
+            SSLfatal(s, TLS1_AD_UNSUPPORTED_EXTENSION, SSL_F_CUSTOM_EXT_PARSE,
+                     SSL_R_BAD_EXTENSION);
+            return 0;
+        }
+    }
+
+    /*
+     * Extensions received in the ClientHello are marked with the
+     * SSL_EXT_FLAG_RECEIVED. This is so we know to add the equivalent
+     * extensions in the ServerHello/EncryptedExtensions message
+     */
+    if ((context & SSL_EXT_CLIENT_HELLO) != 0)
+        meth->ext_flags |= SSL_EXT_FLAG_RECEIVED;
+
+    /* If no parse function set return success */
+    if (!meth->parse_cb)
+        return 1;
+
+    if (meth->parse_cb(s, ext_type, context, ext_data, ext_size, x, chainidx,
+                       &al, meth->parse_arg) <= 0) {
+        SSLfatal(s, al, SSL_F_CUSTOM_EXT_PARSE, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    return 1;
+}
+
+/*
+ * Request custom extension data from the application and add to the return
+ * buffer.
+ */
+int custom_ext_add(SSL *s, int context, WPACKET *pkt, X509 *x, size_t chainidx,
+                   int maxversion)
+{
+    custom_ext_methods *exts = &s->cert->custext;
+    custom_ext_method *meth;
+    size_t i;
+    int al;
+
+    for (i = 0; i < exts->meths_count; i++) {
+        const unsigned char *out = NULL;
+        size_t outlen = 0;
+
+        meth = exts->meths + i;
+
+        if (!should_add_extension(s, meth->context, context, maxversion))
+            continue;
+
+        if ((context & (SSL_EXT_TLS1_2_SERVER_HELLO
+                        | SSL_EXT_TLS1_3_SERVER_HELLO
+                        | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS
+                        | SSL_EXT_TLS1_3_CERTIFICATE
+                        | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST)) != 0) {
+            /* Only send extensions present in ClientHello. */
+            if (!(meth->ext_flags & SSL_EXT_FLAG_RECEIVED))
+                continue;
+        }
+        /*
+         * We skip it if the callback is absent - except for a ClientHello where
+         * we add an empty extension.
+         */
+        if ((context & SSL_EXT_CLIENT_HELLO) == 0 && meth->add_cb == NULL)
+            continue;
+
+        if (meth->add_cb != NULL) {
+            int cb_retval = meth->add_cb(s, meth->ext_type, context, &out,
+                                         &outlen, x, chainidx, &al,
+                                         meth->add_arg);
+
+            if (cb_retval < 0) {
+                SSLfatal(s, al, SSL_F_CUSTOM_EXT_ADD, SSL_R_CALLBACK_FAILED);
+                return 0;       /* error */
+            }
+            if (cb_retval == 0)
+                continue;       /* skip this extension */
+        }
+
+        if (!WPACKET_put_bytes_u16(pkt, meth->ext_type)
+                || !WPACKET_start_sub_packet_u16(pkt)
+                || (outlen > 0 && !WPACKET_memcpy(pkt, out, outlen))
+                || !WPACKET_close(pkt)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CUSTOM_EXT_ADD,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+        if ((context & SSL_EXT_CLIENT_HELLO) != 0) {
+            /*
+             * We can't send duplicates: code logic should prevent this.
+             */
+            if (!ossl_assert((meth->ext_flags & SSL_EXT_FLAG_SENT) == 0)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CUSTOM_EXT_ADD,
+                         ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+            /*
+             * Indicate extension has been sent: this is both a sanity check to
+             * ensure we don't send duplicate extensions and indicates that it
+             * is not an error if the extension is present in ServerHello.
+             */
+            meth->ext_flags |= SSL_EXT_FLAG_SENT;
+        }
+        if (meth->free_cb != NULL)
+            meth->free_cb(s, meth->ext_type, context, out, meth->add_arg);
+    }
+    return 1;
+}
+
+/* Copy the flags from src to dst for any extensions that exist in both */
+int custom_exts_copy_flags(custom_ext_methods *dst,
+                           const custom_ext_methods *src)
+{
+    size_t i;
+    custom_ext_method *methsrc = src->meths;
+
+    for (i = 0; i < src->meths_count; i++, methsrc++) {
+        custom_ext_method *methdst = custom_ext_find(dst, methsrc->role,
+                                                     methsrc->ext_type, NULL);
+
+        if (methdst == NULL)
+            continue;
+
+        methdst->ext_flags = methsrc->ext_flags;
+    }
+
+    return 1;
+}
+
+/* Copy table of custom extensions */
+int custom_exts_copy(custom_ext_methods *dst, const custom_ext_methods *src)
+{
+    size_t i;
+    int err = 0;
+
+    if (src->meths_count > 0) {
+        dst->meths =
+            OPENSSL_memdup(src->meths,
+                           sizeof(*src->meths) * src->meths_count);
+        if (dst->meths == NULL)
+            return 0;
+        dst->meths_count = src->meths_count;
+
+        for (i = 0; i < src->meths_count; i++) {
+            custom_ext_method *methsrc = src->meths + i;
+            custom_ext_method *methdst = dst->meths + i;
+
+            if (methsrc->add_cb != custom_ext_add_old_cb_wrap)
+                continue;
+
+            /*
+             * We have found an old style API wrapper. We need to copy the
+             * arguments too.
+             */
+
+            if (err) {
+                methdst->add_arg = NULL;
+                methdst->parse_arg = NULL;
+                continue;
+            }
+
+            methdst->add_arg = OPENSSL_memdup(methsrc->add_arg,
+                                              sizeof(custom_ext_add_cb_wrap));
+            methdst->parse_arg = OPENSSL_memdup(methsrc->parse_arg,
+                                            sizeof(custom_ext_parse_cb_wrap));
+
+            if (methdst->add_arg == NULL || methdst->parse_arg == NULL)
+                err = 1;
+        }
+    }
+
+    if (err) {
+        custom_exts_free(dst);
+        return 0;
+    }
+
+    return 1;
+}
+
+void custom_exts_free(custom_ext_methods *exts)
+{
+    size_t i;
+    custom_ext_method *meth;
+
+    for (i = 0, meth = exts->meths; i < exts->meths_count; i++, meth++) {
+        if (meth->add_cb != custom_ext_add_old_cb_wrap)
+            continue;
+
+        /* Old style API wrapper. Need to free the arguments too */
+        OPENSSL_free(meth->add_arg);
+        OPENSSL_free(meth->parse_arg);
+    }
+    OPENSSL_free(exts->meths);
+}
+
+/* Return true if a client custom extension exists, false otherwise */
+int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx, unsigned int ext_type)
+{
+    return custom_ext_find(&ctx->cert->custext, ENDPOINT_CLIENT, ext_type,
+                           NULL) != NULL;
+}
+
+static int add_custom_ext_intern(SSL_CTX *ctx, ENDPOINT role,
+                                 unsigned int ext_type,
+                                 unsigned int context,
+                                 SSL_custom_ext_add_cb_ex add_cb,
+                                 SSL_custom_ext_free_cb_ex free_cb,
+                                 void *add_arg,
+                                 SSL_custom_ext_parse_cb_ex parse_cb,
+                                 void *parse_arg)
+{
+    custom_ext_methods *exts = &ctx->cert->custext;
+    custom_ext_method *meth, *tmp;
+
+    /*
+     * Check application error: if add_cb is not set free_cb will never be
+     * called.
+     */
+    if (add_cb == NULL && free_cb != NULL)
+        return 0;
+
+#ifndef OPENSSL_NO_CT
+    /*
+     * We don't want applications registering callbacks for SCT extensions
+     * whilst simultaneously using the built-in SCT validation features, as
+     * these two things may not play well together.
+     */
+    if (ext_type == TLSEXT_TYPE_signed_certificate_timestamp
+            && (context & SSL_EXT_CLIENT_HELLO) != 0
+            && SSL_CTX_ct_is_enabled(ctx))
+        return 0;
+#endif
+
+    /*
+     * Don't add if extension supported internally, but make exception
+     * for extension types that previously were not supported, but now are.
+     */
+    if (SSL_extension_supported(ext_type)
+            && ext_type != TLSEXT_TYPE_signed_certificate_timestamp)
+        return 0;
+
+    /* Extension type must fit in 16 bits */
+    if (ext_type > 0xffff)
+        return 0;
+    /* Search for duplicate */
+    if (custom_ext_find(exts, role, ext_type, NULL))
+        return 0;
+    tmp = OPENSSL_realloc(exts->meths,
+                          (exts->meths_count + 1) * sizeof(custom_ext_method));
+    if (tmp == NULL)
+        return 0;
+
+    exts->meths = tmp;
+    meth = exts->meths + exts->meths_count;
+    memset(meth, 0, sizeof(*meth));
+    meth->role = role;
+    meth->context = context;
+    meth->parse_cb = parse_cb;
+    meth->add_cb = add_cb;
+    meth->free_cb = free_cb;
+    meth->ext_type = ext_type;
+    meth->add_arg = add_arg;
+    meth->parse_arg = parse_arg;
+    exts->meths_count++;
+    return 1;
+}
+
+static int add_old_custom_ext(SSL_CTX *ctx, ENDPOINT role,
+                              unsigned int ext_type,
+                              unsigned int context,
+                              custom_ext_add_cb add_cb,
+                              custom_ext_free_cb free_cb,
+                              void *add_arg,
+                              custom_ext_parse_cb parse_cb, void *parse_arg)
+{
+    custom_ext_add_cb_wrap *add_cb_wrap
+        = OPENSSL_malloc(sizeof(*add_cb_wrap));
+    custom_ext_parse_cb_wrap *parse_cb_wrap
+        = OPENSSL_malloc(sizeof(*parse_cb_wrap));
+    int ret;
+
+    if (add_cb_wrap == NULL || parse_cb_wrap == NULL) {
+        OPENSSL_free(add_cb_wrap);
+        OPENSSL_free(parse_cb_wrap);
+        return 0;
+    }
+
+    add_cb_wrap->add_arg = add_arg;
+    add_cb_wrap->add_cb = add_cb;
+    add_cb_wrap->free_cb = free_cb;
+    parse_cb_wrap->parse_arg = parse_arg;
+    parse_cb_wrap->parse_cb = parse_cb;
+
+    ret = add_custom_ext_intern(ctx, role, ext_type,
+                                context,
+                                custom_ext_add_old_cb_wrap,
+                                custom_ext_free_old_cb_wrap,
+                                add_cb_wrap,
+                                custom_ext_parse_old_cb_wrap,
+                                parse_cb_wrap);
+
+    if (!ret) {
+        OPENSSL_free(add_cb_wrap);
+        OPENSSL_free(parse_cb_wrap);
+    }
+
+    return ret;
+}
+
+/* Application level functions to add the old custom extension callbacks */
+int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
+                                  custom_ext_add_cb add_cb,
+                                  custom_ext_free_cb free_cb,
+                                  void *add_arg,
+                                  custom_ext_parse_cb parse_cb, void *parse_arg)
+{
+    return add_old_custom_ext(ctx, ENDPOINT_CLIENT, ext_type,
+                              SSL_EXT_TLS1_2_AND_BELOW_ONLY
+                              | SSL_EXT_CLIENT_HELLO
+                              | SSL_EXT_TLS1_2_SERVER_HELLO
+                              | SSL_EXT_IGNORE_ON_RESUMPTION,
+                              add_cb, free_cb, add_arg, parse_cb, parse_arg);
+}
+
+int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
+                                  custom_ext_add_cb add_cb,
+                                  custom_ext_free_cb free_cb,
+                                  void *add_arg,
+                                  custom_ext_parse_cb parse_cb, void *parse_arg)
+{
+    return add_old_custom_ext(ctx, ENDPOINT_SERVER, ext_type,
+                              SSL_EXT_TLS1_2_AND_BELOW_ONLY
+                              | SSL_EXT_CLIENT_HELLO
+                              | SSL_EXT_TLS1_2_SERVER_HELLO
+                              | SSL_EXT_IGNORE_ON_RESUMPTION,
+                              add_cb, free_cb, add_arg, parse_cb, parse_arg);
+}
+
+int SSL_CTX_add_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
+                           unsigned int context,
+                           SSL_custom_ext_add_cb_ex add_cb,
+                           SSL_custom_ext_free_cb_ex free_cb,
+                           void *add_arg,
+                           SSL_custom_ext_parse_cb_ex parse_cb, void *parse_arg)
+{
+    return add_custom_ext_intern(ctx, ENDPOINT_BOTH, ext_type, context, add_cb,
+                                 free_cb, add_arg, parse_cb, parse_arg);
+}
+
+int SSL_extension_supported(unsigned int ext_type)
+{
+    switch (ext_type) {
+        /* Internally supported extensions. */
+    case TLSEXT_TYPE_application_layer_protocol_negotiation:
+#ifndef OPENSSL_NO_EC
+    case TLSEXT_TYPE_ec_point_formats:
+    case TLSEXT_TYPE_supported_groups:
+    case TLSEXT_TYPE_key_share:
+#endif
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    case TLSEXT_TYPE_next_proto_neg:
+#endif
+    case TLSEXT_TYPE_padding:
+    case TLSEXT_TYPE_renegotiate:
+    case TLSEXT_TYPE_max_fragment_length:
+    case TLSEXT_TYPE_server_name:
+    case TLSEXT_TYPE_session_ticket:
+    case TLSEXT_TYPE_signature_algorithms:
+#ifndef OPENSSL_NO_SRP
+    case TLSEXT_TYPE_srp:
+#endif
+#ifndef OPENSSL_NO_OCSP
+    case TLSEXT_TYPE_status_request:
+#endif
+#ifndef OPENSSL_NO_CT
+    case TLSEXT_TYPE_signed_certificate_timestamp:
+#endif
+#ifndef OPENSSL_NO_SRTP
+    case TLSEXT_TYPE_use_srtp:
+#endif
+    case TLSEXT_TYPE_encrypt_then_mac:
+    case TLSEXT_TYPE_supported_versions:
+    case TLSEXT_TYPE_extended_master_secret:
+    case TLSEXT_TYPE_psk_kex_modes:
+    case TLSEXT_TYPE_cookie:
+    case TLSEXT_TYPE_early_data:
+    case TLSEXT_TYPE_certificate_authorities:
+    case TLSEXT_TYPE_psk:
+    case TLSEXT_TYPE_post_handshake_auth:
+        return 1;
+    default:
+        return 0;
+    }
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/statem/extensions_srvr.c b/trunk/3rdparty/openssl-1.1-fit/ssl/statem/extensions_srvr.c
new file mode 100644
index 000000000..0f2b22392
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/statem/extensions_srvr.c
@@ -0,0 +1,1959 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/ocsp.h>
+#include "../ssl_locl.h"
+#include "statem_locl.h"
+#include "internal/cryptlib.h"
+
+#define COOKIE_STATE_FORMAT_VERSION     0
+
+/*
+ * 2 bytes for packet length, 2 bytes for format version, 2 bytes for
+ * protocol version, 2 bytes for group id, 2 bytes for cipher id, 1 byte for
+ * key_share present flag, 4 bytes for timestamp, 2 bytes for the hashlen,
+ * EVP_MAX_MD_SIZE for transcript hash, 1 byte for app cookie length, app cookie
+ * length bytes, SHA256_DIGEST_LENGTH bytes for the HMAC of the whole thing.
+ */
+#define MAX_COOKIE_SIZE (2 + 2 + 2 + 2 + 2 + 1 + 4 + 2 + EVP_MAX_MD_SIZE + 1 \
+                         + SSL_COOKIE_LENGTH + SHA256_DIGEST_LENGTH)
+
+/*
+ * Message header + 2 bytes for protocol version + number of random bytes +
+ * + 1 byte for legacy session id length + number of bytes in legacy session id
+ * + 2 bytes for ciphersuite + 1 byte for legacy compression
+ * + 2 bytes for extension block length + 6 bytes for key_share extension
+ * + 4 bytes for cookie extension header + the number of bytes in the cookie
+ */
+#define MAX_HRR_SIZE    (SSL3_HM_HEADER_LENGTH + 2 + SSL3_RANDOM_SIZE + 1 \
+                         + SSL_MAX_SSL_SESSION_ID_LENGTH + 2 + 1 + 2 + 6 + 4 \
+                         + MAX_COOKIE_SIZE)
+
+/*
+ * Parse the client's renegotiation binding and abort if it's not right
+ */
+int tls_parse_ctos_renegotiate(SSL *s, PACKET *pkt, unsigned int context,
+                               X509 *x, size_t chainidx)
+{
+    unsigned int ilen;
+    const unsigned char *data;
+
+    /* Parse the length byte */
+    if (!PACKET_get_1(pkt, &ilen)
+        || !PACKET_get_bytes(pkt, &data, ilen)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_RENEGOTIATE,
+                 SSL_R_RENEGOTIATION_ENCODING_ERR);
+        return 0;
+    }
+
+    /* Check that the extension matches */
+    if (ilen != s->s3->previous_client_finished_len) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PARSE_CTOS_RENEGOTIATE,
+                 SSL_R_RENEGOTIATION_MISMATCH);
+        return 0;
+    }
+
+    if (memcmp(data, s->s3->previous_client_finished,
+               s->s3->previous_client_finished_len)) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PARSE_CTOS_RENEGOTIATE,
+                 SSL_R_RENEGOTIATION_MISMATCH);
+        return 0;
+    }
+
+    s->s3->send_connection_binding = 1;
+
+    return 1;
+}
+
+/*-
+ * The servername extension is treated as follows:
+ *
+ * - Only the hostname type is supported with a maximum length of 255.
+ * - The servername is rejected if too long or if it contains zeros,
+ *   in which case an fatal alert is generated.
+ * - The servername field is maintained together with the session cache.
+ * - When a session is resumed, the servername call back invoked in order
+ *   to allow the application to position itself to the right context.
+ * - The servername is acknowledged if it is new for a session or when
+ *   it is identical to a previously used for the same session.
+ *   Applications can control the behaviour.  They can at any time
+ *   set a 'desirable' servername for a new SSL object. This can be the
+ *   case for example with HTTPS when a Host: header field is received and
+ *   a renegotiation is requested. In this case, a possible servername
+ *   presented in the new client hello is only acknowledged if it matches
+ *   the value of the Host: field.
+ * - Applications must  use SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
+ *   if they provide for changing an explicit servername context for the
+ *   session, i.e. when the session has been established with a servername
+ *   extension.
+ * - On session reconnect, the servername extension may be absent.
+ */
+int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, unsigned int context,
+                               X509 *x, size_t chainidx)
+{
+    unsigned int servname_type;
+    PACKET sni, hostname;
+
+    if (!PACKET_as_length_prefixed_2(pkt, &sni)
+        /* ServerNameList must be at least 1 byte long. */
+        || PACKET_remaining(&sni) == 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_SERVER_NAME,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    /*
+     * Although the intent was for server_name to be extensible, RFC 4366
+     * was not clear about it; and so OpenSSL among other implementations,
+     * always and only allows a 'host_name' name types.
+     * RFC 6066 corrected the mistake but adding new name types
+     * is nevertheless no longer feasible, so act as if no other
+     * SNI types can exist, to simplify parsing.
+     *
+     * Also note that the RFC permits only one SNI value per type,
+     * i.e., we can only have a single hostname.
+     */
+    if (!PACKET_get_1(&sni, &servname_type)
+        || servname_type != TLSEXT_NAMETYPE_host_name
+        || !PACKET_as_length_prefixed_2(&sni, &hostname)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_SERVER_NAME,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    if (!s->hit || SSL_IS_TLS13(s)) {
+        if (PACKET_remaining(&hostname) > TLSEXT_MAXLEN_host_name) {
+            SSLfatal(s, SSL_AD_UNRECOGNIZED_NAME,
+                     SSL_F_TLS_PARSE_CTOS_SERVER_NAME,
+                     SSL_R_BAD_EXTENSION);
+            return 0;
+        }
+
+        if (PACKET_contains_zero_byte(&hostname)) {
+            SSLfatal(s, SSL_AD_UNRECOGNIZED_NAME,
+                     SSL_F_TLS_PARSE_CTOS_SERVER_NAME,
+                     SSL_R_BAD_EXTENSION);
+            return 0;
+        }
+
+        /*
+         * Store the requested SNI in the SSL as temporary storage.
+         * If we accept it, it will get stored in the SSL_SESSION as well.
+         */
+        OPENSSL_free(s->ext.hostname);
+        s->ext.hostname = NULL;
+        if (!PACKET_strndup(&hostname, &s->ext.hostname)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_SERVER_NAME,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+
+        s->servername_done = 1;
+    }
+    if (s->hit) {
+        /*
+         * TODO(openssl-team): if the SNI doesn't match, we MUST
+         * fall back to a full handshake.
+         */
+        s->servername_done = (s->session->ext.hostname != NULL)
+            && PACKET_equal(&hostname, s->session->ext.hostname,
+                            strlen(s->session->ext.hostname));
+
+        if (!s->servername_done && s->session->ext.hostname != NULL)
+            s->ext.early_data_ok = 0;
+    }
+
+    return 1;
+}
+
+int tls_parse_ctos_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx)
+{
+    unsigned int value;
+
+    if (PACKET_remaining(pkt) != 1 || !PACKET_get_1(pkt, &value)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_MAXFRAGMENTLEN,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    /* Received |value| should be a valid max-fragment-length code. */
+    if (!IS_MAX_FRAGMENT_LENGTH_EXT_VALID(value)) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                 SSL_F_TLS_PARSE_CTOS_MAXFRAGMENTLEN,
+                 SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH);
+        return 0;
+    }
+
+    /*
+     * RFC 6066:  The negotiated length applies for the duration of the session
+     * including session resumptions.
+     * We should receive the same code as in resumed session !
+     */
+    if (s->hit && s->session->ext.max_fragment_len_mode != value) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                 SSL_F_TLS_PARSE_CTOS_MAXFRAGMENTLEN,
+                 SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH);
+        return 0;
+    }
+
+    /*
+     * Store it in session, so it'll become binding for us
+     * and we'll include it in a next Server Hello.
+     */
+    s->session->ext.max_fragment_len_mode = value;
+    return 1;
+}
+
+#ifndef OPENSSL_NO_SRP
+int tls_parse_ctos_srp(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx)
+{
+    PACKET srp_I;
+
+    if (!PACKET_as_length_prefixed_1(pkt, &srp_I)
+            || PACKET_contains_zero_byte(&srp_I)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_PARSE_CTOS_SRP,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    /*
+     * TODO(openssl-team): currently, we re-authenticate the user
+     * upon resumption. Instead, we MUST ignore the login.
+     */
+    if (!PACKET_strndup(&srp_I, &s->srp_ctx.login)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_SRP,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    return 1;
+}
+#endif
+
+#ifndef OPENSSL_NO_EC
+int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context,
+                                 X509 *x, size_t chainidx)
+{
+    PACKET ec_point_format_list;
+
+    if (!PACKET_as_length_prefixed_1(pkt, &ec_point_format_list)
+        || PACKET_remaining(&ec_point_format_list) == 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_EC_PT_FORMATS,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    if (!s->hit) {
+        if (!PACKET_memdup(&ec_point_format_list,
+                           &s->session->ext.ecpointformats,
+                           &s->session->ext.ecpointformats_len)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_PARSE_CTOS_EC_PT_FORMATS, ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+    }
+
+    return 1;
+}
+#endif                          /* OPENSSL_NO_EC */
+
+int tls_parse_ctos_session_ticket(SSL *s, PACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx)
+{
+    if (s->ext.session_ticket_cb &&
+            !s->ext.session_ticket_cb(s, PACKET_data(pkt),
+                                  PACKET_remaining(pkt),
+                                  s->ext.session_ticket_cb_arg)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_PARSE_CTOS_SESSION_TICKET, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    return 1;
+}
+
+int tls_parse_ctos_sig_algs_cert(SSL *s, PACKET *pkt, unsigned int context,
+                                 X509 *x, size_t chainidx)
+{
+    PACKET supported_sig_algs;
+
+    if (!PACKET_as_length_prefixed_2(pkt, &supported_sig_algs)
+            || PACKET_remaining(&supported_sig_algs) == 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_PARSE_CTOS_SIG_ALGS_CERT, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    if (!s->hit && !tls1_save_sigalgs(s, &supported_sig_algs, 1)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_PARSE_CTOS_SIG_ALGS_CERT, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    return 1;
+}
+
+int tls_parse_ctos_sig_algs(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                            size_t chainidx)
+{
+    PACKET supported_sig_algs;
+
+    if (!PACKET_as_length_prefixed_2(pkt, &supported_sig_algs)
+            || PACKET_remaining(&supported_sig_algs) == 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_PARSE_CTOS_SIG_ALGS, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    if (!s->hit && !tls1_save_sigalgs(s, &supported_sig_algs, 0)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_PARSE_CTOS_SIG_ALGS, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_OCSP
+int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx)
+{
+    PACKET responder_id_list, exts;
+
+    /* We ignore this in a resumption handshake */
+    if (s->hit)
+        return 1;
+
+    /* Not defined if we get one of these in a client Certificate */
+    if (x != NULL)
+        return 1;
+
+    if (!PACKET_get_1(pkt, (unsigned int *)&s->ext.status_type)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    if (s->ext.status_type != TLSEXT_STATUSTYPE_ocsp) {
+        /*
+         * We don't know what to do with any other type so ignore it.
+         */
+        s->ext.status_type = TLSEXT_STATUSTYPE_nothing;
+        return 1;
+    }
+
+    if (!PACKET_get_length_prefixed_2 (pkt, &responder_id_list)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    /*
+     * We remove any OCSP_RESPIDs from a previous handshake
+     * to prevent unbounded memory growth - CVE-2016-6304
+     */
+    sk_OCSP_RESPID_pop_free(s->ext.ocsp.ids, OCSP_RESPID_free);
+    if (PACKET_remaining(&responder_id_list) > 0) {
+        s->ext.ocsp.ids = sk_OCSP_RESPID_new_null();
+        if (s->ext.ocsp.ids == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+    } else {
+        s->ext.ocsp.ids = NULL;
+    }
+
+    while (PACKET_remaining(&responder_id_list) > 0) {
+        OCSP_RESPID *id;
+        PACKET responder_id;
+        const unsigned char *id_data;
+
+        if (!PACKET_get_length_prefixed_2(&responder_id_list, &responder_id)
+                || PACKET_remaining(&responder_id) == 0) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST, SSL_R_BAD_EXTENSION);
+            return 0;
+        }
+
+        id_data = PACKET_data(&responder_id);
+        /* TODO(size_t): Convert d2i_* to size_t */
+        id = d2i_OCSP_RESPID(NULL, &id_data,
+                             (int)PACKET_remaining(&responder_id));
+        if (id == NULL) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST, SSL_R_BAD_EXTENSION);
+            return 0;
+        }
+
+        if (id_data != PACKET_end(&responder_id)) {
+            OCSP_RESPID_free(id);
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST, SSL_R_BAD_EXTENSION);
+
+            return 0;
+        }
+
+        if (!sk_OCSP_RESPID_push(s->ext.ocsp.ids, id)) {
+            OCSP_RESPID_free(id);
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST, ERR_R_INTERNAL_ERROR);
+
+            return 0;
+        }
+    }
+
+    /* Read in request_extensions */
+    if (!PACKET_as_length_prefixed_2(pkt, &exts)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    if (PACKET_remaining(&exts) > 0) {
+        const unsigned char *ext_data = PACKET_data(&exts);
+
+        sk_X509_EXTENSION_pop_free(s->ext.ocsp.exts,
+                                   X509_EXTENSION_free);
+        s->ext.ocsp.exts =
+            d2i_X509_EXTENSIONS(NULL, &ext_data, (int)PACKET_remaining(&exts));
+        if (s->ext.ocsp.exts == NULL || ext_data != PACKET_end(&exts)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST, SSL_R_BAD_EXTENSION);
+            return 0;
+        }
+    }
+
+    return 1;
+}
+#endif
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+int tls_parse_ctos_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx)
+{
+    /*
+     * We shouldn't accept this extension on a
+     * renegotiation.
+     */
+    if (SSL_IS_FIRST_HANDSHAKE(s))
+        s->s3->npn_seen = 1;
+
+    return 1;
+}
+#endif
+
+/*
+ * Save the ALPN extension in a ClientHello.|pkt| holds the contents of the ALPN
+ * extension, not including type and length. Returns: 1 on success, 0 on error.
+ */
+int tls_parse_ctos_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                        size_t chainidx)
+{
+    PACKET protocol_list, save_protocol_list, protocol;
+
+    if (!SSL_IS_FIRST_HANDSHAKE(s))
+        return 1;
+
+    if (!PACKET_as_length_prefixed_2(pkt, &protocol_list)
+        || PACKET_remaining(&protocol_list) < 2) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_ALPN,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    save_protocol_list = protocol_list;
+    do {
+        /* Protocol names can't be empty. */
+        if (!PACKET_get_length_prefixed_1(&protocol_list, &protocol)
+                || PACKET_remaining(&protocol) == 0) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_ALPN,
+                     SSL_R_BAD_EXTENSION);
+            return 0;
+        }
+    } while (PACKET_remaining(&protocol_list) != 0);
+
+    OPENSSL_free(s->s3->alpn_proposed);
+    s->s3->alpn_proposed = NULL;
+    s->s3->alpn_proposed_len = 0;
+    if (!PACKET_memdup(&save_protocol_list,
+                       &s->s3->alpn_proposed, &s->s3->alpn_proposed_len)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_ALPN,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_SRTP
+int tls_parse_ctos_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                            size_t chainidx)
+{
+    STACK_OF(SRTP_PROTECTION_PROFILE) *srvr;
+    unsigned int ct, mki_len, id;
+    int i, srtp_pref;
+    PACKET subpkt;
+
+    /* Ignore this if we have no SRTP profiles */
+    if (SSL_get_srtp_profiles(s) == NULL)
+        return 1;
+
+    /* Pull off the length of the cipher suite list  and check it is even */
+    if (!PACKET_get_net_2(pkt, &ct) || (ct & 1) != 0
+            || !PACKET_get_sub_packet(pkt, &subpkt, ct)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_USE_SRTP,
+               SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
+        return 0;
+    }
+
+    srvr = SSL_get_srtp_profiles(s);
+    s->srtp_profile = NULL;
+    /* Search all profiles for a match initially */
+    srtp_pref = sk_SRTP_PROTECTION_PROFILE_num(srvr);
+
+    while (PACKET_remaining(&subpkt)) {
+        if (!PACKET_get_net_2(&subpkt, &id)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_USE_SRTP,
+                     SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
+            return 0;
+        }
+
+        /*
+         * Only look for match in profiles of higher preference than
+         * current match.
+         * If no profiles have been have been configured then this
+         * does nothing.
+         */
+        for (i = 0; i < srtp_pref; i++) {
+            SRTP_PROTECTION_PROFILE *sprof =
+                sk_SRTP_PROTECTION_PROFILE_value(srvr, i);
+
+            if (sprof->id == id) {
+                s->srtp_profile = sprof;
+                srtp_pref = i;
+                break;
+            }
+        }
+    }
+
+    /* Now extract the MKI value as a sanity check, but discard it for now */
+    if (!PACKET_get_1(pkt, &mki_len)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_USE_SRTP,
+                 SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
+        return 0;
+    }
+
+    if (!PACKET_forward(pkt, mki_len)
+        || PACKET_remaining(pkt)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_USE_SRTP,
+                 SSL_R_BAD_SRTP_MKI_VALUE);
+        return 0;
+    }
+
+    return 1;
+}
+#endif
+
+int tls_parse_ctos_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx)
+{
+    if (!(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC))
+        s->ext.use_etm = 1;
+
+    return 1;
+}
+
+/*
+ * Process a psk_kex_modes extension received in the ClientHello. |pkt| contains
+ * the raw PACKET data for the extension. Returns 1 on success or 0 on failure.
+ */
+int tls_parse_ctos_psk_kex_modes(SSL *s, PACKET *pkt, unsigned int context,
+                                 X509 *x, size_t chainidx)
+{
+#ifndef OPENSSL_NO_TLS1_3
+    PACKET psk_kex_modes;
+    unsigned int mode;
+
+    if (!PACKET_as_length_prefixed_1(pkt, &psk_kex_modes)
+            || PACKET_remaining(&psk_kex_modes) == 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_PSK_KEX_MODES,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    while (PACKET_get_1(&psk_kex_modes, &mode)) {
+        if (mode == TLSEXT_KEX_MODE_KE_DHE)
+            s->ext.psk_kex_mode |= TLSEXT_KEX_MODE_FLAG_KE_DHE;
+        else if (mode == TLSEXT_KEX_MODE_KE
+                && (s->options & SSL_OP_ALLOW_NO_DHE_KEX) != 0)
+            s->ext.psk_kex_mode |= TLSEXT_KEX_MODE_FLAG_KE;
+    }
+#endif
+
+    return 1;
+}
+
+/*
+ * Process a key_share extension received in the ClientHello. |pkt| contains
+ * the raw PACKET data for the extension. Returns 1 on success or 0 on failure.
+ */
+int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                             size_t chainidx)
+{
+#ifndef OPENSSL_NO_TLS1_3
+    unsigned int group_id;
+    PACKET key_share_list, encoded_pt;
+    const uint16_t *clntgroups, *srvrgroups;
+    size_t clnt_num_groups, srvr_num_groups;
+    int found = 0;
+
+    if (s->hit && (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE_DHE) == 0)
+        return 1;
+
+    /* Sanity check */
+    if (s->s3->peer_tmp != NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_KEY_SHARE,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    if (!PACKET_as_length_prefixed_2(pkt, &key_share_list)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_KEY_SHARE,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+
+    /* Get our list of supported groups */
+    tls1_get_supported_groups(s, &srvrgroups, &srvr_num_groups);
+    /* Get the clients list of supported groups. */
+    tls1_get_peer_groups(s, &clntgroups, &clnt_num_groups);
+    if (clnt_num_groups == 0) {
+        /*
+         * This can only happen if the supported_groups extension was not sent,
+         * because we verify that the length is non-zero when we process that
+         * extension.
+         */
+        SSLfatal(s, SSL_AD_MISSING_EXTENSION, SSL_F_TLS_PARSE_CTOS_KEY_SHARE,
+                 SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION);
+        return 0;
+    }
+
+    if (s->s3->group_id != 0 && PACKET_remaining(&key_share_list) == 0) {
+        /*
+         * If we set a group_id already, then we must have sent an HRR
+         * requesting a new key_share. If we haven't got one then that is an
+         * error
+         */
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_CTOS_KEY_SHARE,
+                 SSL_R_BAD_KEY_SHARE);
+        return 0;
+    }
+
+    while (PACKET_remaining(&key_share_list) > 0) {
+        if (!PACKET_get_net_2(&key_share_list, &group_id)
+                || !PACKET_get_length_prefixed_2(&key_share_list, &encoded_pt)
+                || PACKET_remaining(&encoded_pt) == 0) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_KEY_SHARE,
+                     SSL_R_LENGTH_MISMATCH);
+            return 0;
+        }
+
+        /*
+         * If we already found a suitable key_share we loop through the
+         * rest to verify the structure, but don't process them.
+         */
+        if (found)
+            continue;
+
+        /*
+         * If we sent an HRR then the key_share sent back MUST be for the group
+         * we requested, and must be the only key_share sent.
+         */
+        if (s->s3->group_id != 0
+                && (group_id != s->s3->group_id
+                    || PACKET_remaining(&key_share_list) != 0)) {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                     SSL_F_TLS_PARSE_CTOS_KEY_SHARE, SSL_R_BAD_KEY_SHARE);
+            return 0;
+        }
+
+        /* Check if this share is in supported_groups sent from client */
+        if (!check_in_list(s, group_id, clntgroups, clnt_num_groups, 0)) {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                     SSL_F_TLS_PARSE_CTOS_KEY_SHARE, SSL_R_BAD_KEY_SHARE);
+            return 0;
+        }
+
+        /* Check if this share is for a group we can use */
+        if (!check_in_list(s, group_id, srvrgroups, srvr_num_groups, 1)) {
+            /* Share not suitable */
+            continue;
+        }
+
+        if ((s->s3->peer_tmp = ssl_generate_param_group(group_id)) == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_KEY_SHARE,
+                   SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
+            return 0;
+        }
+
+        s->s3->group_id = group_id;
+
+        if (!EVP_PKEY_set1_tls_encodedpoint(s->s3->peer_tmp,
+                PACKET_data(&encoded_pt),
+                PACKET_remaining(&encoded_pt))) {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                     SSL_F_TLS_PARSE_CTOS_KEY_SHARE, SSL_R_BAD_ECPOINT);
+            return 0;
+        }
+
+        found = 1;
+    }
+#endif
+
+    return 1;
+}
+
+int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                          size_t chainidx)
+{
+#ifndef OPENSSL_NO_TLS1_3
+    unsigned int format, version, key_share, group_id;
+    EVP_MD_CTX *hctx;
+    EVP_PKEY *pkey;
+    PACKET cookie, raw, chhash, appcookie;
+    WPACKET hrrpkt;
+    const unsigned char *data, *mdin, *ciphdata;
+    unsigned char hmac[SHA256_DIGEST_LENGTH];
+    unsigned char hrr[MAX_HRR_SIZE];
+    size_t rawlen, hmaclen, hrrlen, ciphlen;
+    unsigned long tm, now;
+
+    /* Ignore any cookie if we're not set up to verify it */
+    if (s->ctx->verify_stateless_cookie_cb == NULL
+            || (s->s3->flags & TLS1_FLAGS_STATELESS) == 0)
+        return 1;
+
+    if (!PACKET_as_length_prefixed_2(pkt, &cookie)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+
+    raw = cookie;
+    data = PACKET_data(&raw);
+    rawlen = PACKET_remaining(&raw);
+    if (rawlen < SHA256_DIGEST_LENGTH
+            || !PACKET_forward(&raw, rawlen - SHA256_DIGEST_LENGTH)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+    mdin = PACKET_data(&raw);
+
+    /* Verify the HMAC of the cookie */
+    hctx = EVP_MD_CTX_create();
+    pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL,
+                                        s->session_ctx->ext.cookie_hmac_key,
+                                        sizeof(s->session_ctx->ext
+                                               .cookie_hmac_key));
+    if (hctx == NULL || pkey == NULL) {
+        EVP_MD_CTX_free(hctx);
+        EVP_PKEY_free(pkey);
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                 ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    hmaclen = SHA256_DIGEST_LENGTH;
+    if (EVP_DigestSignInit(hctx, NULL, EVP_sha256(), NULL, pkey) <= 0
+            || EVP_DigestSign(hctx, hmac, &hmaclen, data,
+                              rawlen - SHA256_DIGEST_LENGTH) <= 0
+            || hmaclen != SHA256_DIGEST_LENGTH) {
+        EVP_MD_CTX_free(hctx);
+        EVP_PKEY_free(pkey);
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    EVP_MD_CTX_free(hctx);
+    EVP_PKEY_free(pkey);
+
+    if (CRYPTO_memcmp(hmac, mdin, SHA256_DIGEST_LENGTH) != 0) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                 SSL_R_COOKIE_MISMATCH);
+        return 0;
+    }
+
+    if (!PACKET_get_net_2(&cookie, &format)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+    /* Check the cookie format is something we recognise. Ignore it if not */
+    if (format != COOKIE_STATE_FORMAT_VERSION)
+        return 1;
+
+    /*
+     * The rest of these checks really shouldn't fail since we have verified the
+     * HMAC above.
+     */
+
+    /* Check the version number is sane */
+    if (!PACKET_get_net_2(&cookie, &version)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+    if (version != TLS1_3_VERSION) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                 SSL_R_BAD_PROTOCOL_VERSION_NUMBER);
+        return 0;
+    }
+
+    if (!PACKET_get_net_2(&cookie, &group_id)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+
+    ciphdata = PACKET_data(&cookie);
+    if (!PACKET_forward(&cookie, 2)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+    if (group_id != s->s3->group_id
+            || s->s3->tmp.new_cipher
+               != ssl_get_cipher_by_char(s, ciphdata, 0)) {
+        /*
+         * We chose a different cipher or group id this time around to what is
+         * in the cookie. Something must have changed.
+         */
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                 SSL_R_BAD_CIPHER);
+        return 0;
+    }
+
+    if (!PACKET_get_1(&cookie, &key_share)
+            || !PACKET_get_net_4(&cookie, &tm)
+            || !PACKET_get_length_prefixed_2(&cookie, &chhash)
+            || !PACKET_get_length_prefixed_1(&cookie, &appcookie)
+            || PACKET_remaining(&cookie) != SHA256_DIGEST_LENGTH) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+
+    /* We tolerate a cookie age of up to 10 minutes (= 60 * 10 seconds) */
+    now = (unsigned long)time(NULL);
+    if (tm > now || (now - tm) > 600) {
+        /* Cookie is stale. Ignore it */
+        return 1;
+    }
+
+    /* Verify the app cookie */
+    if (s->ctx->verify_stateless_cookie_cb(s, PACKET_data(&appcookie),
+                                     PACKET_remaining(&appcookie)) == 0) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                 SSL_R_COOKIE_MISMATCH);
+        return 0;
+    }
+
+    /*
+     * Reconstruct the HRR that we would have sent in response to the original
+     * ClientHello so we can add it to the transcript hash.
+     * Note: This won't work with custom HRR extensions
+     */
+    if (!WPACKET_init_static_len(&hrrpkt, hrr, sizeof(hrr), 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    if (!WPACKET_put_bytes_u8(&hrrpkt, SSL3_MT_SERVER_HELLO)
+            || !WPACKET_start_sub_packet_u24(&hrrpkt)
+            || !WPACKET_put_bytes_u16(&hrrpkt, TLS1_2_VERSION)
+            || !WPACKET_memcpy(&hrrpkt, hrrrandom, SSL3_RANDOM_SIZE)
+            || !WPACKET_sub_memcpy_u8(&hrrpkt, s->tmp_session_id,
+                                      s->tmp_session_id_len)
+            || !s->method->put_cipher_by_char(s->s3->tmp.new_cipher, &hrrpkt,
+                                              &ciphlen)
+            || !WPACKET_put_bytes_u8(&hrrpkt, 0)
+            || !WPACKET_start_sub_packet_u16(&hrrpkt)) {
+        WPACKET_cleanup(&hrrpkt);
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    if (!WPACKET_put_bytes_u16(&hrrpkt, TLSEXT_TYPE_supported_versions)
+            || !WPACKET_start_sub_packet_u16(&hrrpkt)
+            || !WPACKET_put_bytes_u16(&hrrpkt, s->version)
+            || !WPACKET_close(&hrrpkt)) {
+        WPACKET_cleanup(&hrrpkt);
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    if (key_share) {
+        if (!WPACKET_put_bytes_u16(&hrrpkt, TLSEXT_TYPE_key_share)
+                || !WPACKET_start_sub_packet_u16(&hrrpkt)
+                || !WPACKET_put_bytes_u16(&hrrpkt, s->s3->group_id)
+                || !WPACKET_close(&hrrpkt)) {
+            WPACKET_cleanup(&hrrpkt);
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+    }
+    if (!WPACKET_put_bytes_u16(&hrrpkt, TLSEXT_TYPE_cookie)
+            || !WPACKET_start_sub_packet_u16(&hrrpkt)
+            || !WPACKET_sub_memcpy_u16(&hrrpkt, data, rawlen)
+            || !WPACKET_close(&hrrpkt) /* cookie extension */
+            || !WPACKET_close(&hrrpkt) /* extension block */
+            || !WPACKET_close(&hrrpkt) /* message */
+            || !WPACKET_get_total_written(&hrrpkt, &hrrlen)
+            || !WPACKET_finish(&hrrpkt)) {
+        WPACKET_cleanup(&hrrpkt);
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    /* Reconstruct the transcript hash */
+    if (!create_synthetic_message_hash(s, PACKET_data(&chhash),
+                                       PACKET_remaining(&chhash), hrr,
+                                       hrrlen)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    /* Act as if this ClientHello came after a HelloRetryRequest */
+    s->hello_retry_request = 1;
+
+    s->ext.cookieok = 1;
+#endif
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_EC
+int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, unsigned int context,
+                                    X509 *x, size_t chainidx)
+{
+    PACKET supported_groups_list;
+
+    /* Each group is 2 bytes and we must have at least 1. */
+    if (!PACKET_as_length_prefixed_2(pkt, &supported_groups_list)
+            || PACKET_remaining(&supported_groups_list) == 0
+            || (PACKET_remaining(&supported_groups_list) % 2) != 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_PARSE_CTOS_SUPPORTED_GROUPS, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    if (!s->hit || SSL_IS_TLS13(s)) {
+        OPENSSL_free(s->session->ext.supportedgroups);
+        s->session->ext.supportedgroups = NULL;
+        s->session->ext.supportedgroups_len = 0;
+        if (!tls1_save_u16(&supported_groups_list,
+                           &s->session->ext.supportedgroups,
+                           &s->session->ext.supportedgroups_len)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_PARSE_CTOS_SUPPORTED_GROUPS,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+    }
+
+    return 1;
+}
+#endif
+
+int tls_parse_ctos_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx)
+{
+    /* The extension must always be empty */
+    if (PACKET_remaining(pkt) != 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_PARSE_CTOS_EMS, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    s->s3->flags |= TLS1_FLAGS_RECEIVED_EXTMS;
+
+    return 1;
+}
+
+
+int tls_parse_ctos_early_data(SSL *s, PACKET *pkt, unsigned int context,
+                              X509 *x, size_t chainidx)
+{
+    if (PACKET_remaining(pkt) != 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_PARSE_CTOS_EARLY_DATA, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    if (s->hello_retry_request != SSL_HRR_NONE) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                 SSL_F_TLS_PARSE_CTOS_EARLY_DATA, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    return 1;
+}
+
+static SSL_TICKET_STATUS tls_get_stateful_ticket(SSL *s, PACKET *tick,
+                                                 SSL_SESSION **sess)
+{
+    SSL_SESSION *tmpsess = NULL;
+
+    s->ext.ticket_expected = 1;
+
+    switch (PACKET_remaining(tick)) {
+        case 0:
+            return SSL_TICKET_EMPTY;
+
+        case SSL_MAX_SSL_SESSION_ID_LENGTH:
+            break;
+
+        default:
+            return SSL_TICKET_NO_DECRYPT;
+    }
+
+    tmpsess = lookup_sess_in_cache(s, PACKET_data(tick),
+                                   SSL_MAX_SSL_SESSION_ID_LENGTH);
+
+    if (tmpsess == NULL)
+        return SSL_TICKET_NO_DECRYPT;
+
+    *sess = tmpsess;
+    return SSL_TICKET_SUCCESS;
+}
+
+int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx)
+{
+    PACKET identities, binders, binder;
+    size_t binderoffset, hashsize;
+    SSL_SESSION *sess = NULL;
+    unsigned int id, i, ext = 0;
+    const EVP_MD *md = NULL;
+
+    /*
+     * If we have no PSK kex mode that we recognise then we can't resume so
+     * ignore this extension
+     */
+    if ((s->ext.psk_kex_mode
+            & (TLSEXT_KEX_MODE_FLAG_KE | TLSEXT_KEX_MODE_FLAG_KE_DHE)) == 0)
+        return 1;
+
+    if (!PACKET_get_length_prefixed_2(pkt, &identities)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_PARSE_CTOS_PSK, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    s->ext.ticket_expected = 0;
+    for (id = 0; PACKET_remaining(&identities) != 0; id++) {
+        PACKET identity;
+        unsigned long ticket_agel;
+        size_t idlen;
+
+        if (!PACKET_get_length_prefixed_2(&identities, &identity)
+                || !PACKET_get_net_4(&identities, &ticket_agel)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PARSE_CTOS_PSK, SSL_R_BAD_EXTENSION);
+            return 0;
+        }
+
+        idlen = PACKET_remaining(&identity);
+        if (s->psk_find_session_cb != NULL
+                && !s->psk_find_session_cb(s, PACKET_data(&identity), idlen,
+                                           &sess)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_PARSE_CTOS_PSK, SSL_R_BAD_EXTENSION);
+            return 0;
+        }
+
+#ifndef OPENSSL_NO_PSK
+        if(sess == NULL
+                && s->psk_server_callback != NULL
+                && idlen <= PSK_MAX_IDENTITY_LEN) {
+            char *pskid = NULL;
+            unsigned char pskdata[PSK_MAX_PSK_LEN];
+            unsigned int pskdatalen;
+
+            if (!PACKET_strndup(&identity, &pskid)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_PSK,
+                         ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+            pskdatalen = s->psk_server_callback(s, pskid, pskdata,
+                                                sizeof(pskdata));
+            OPENSSL_free(pskid);
+            if (pskdatalen > PSK_MAX_PSK_LEN) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_PSK,
+                         ERR_R_INTERNAL_ERROR);
+                return 0;
+            } else if (pskdatalen > 0) {
+                const SSL_CIPHER *cipher;
+                const unsigned char tls13_aes128gcmsha256_id[] = { 0x13, 0x01 };
+
+                /*
+                 * We found a PSK using an old style callback. We don't know
+                 * the digest so we default to SHA256 as per the TLSv1.3 spec
+                 */
+                cipher = SSL_CIPHER_find(s, tls13_aes128gcmsha256_id);
+                if (cipher == NULL) {
+                    OPENSSL_cleanse(pskdata, pskdatalen);
+                    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_PSK,
+                             ERR_R_INTERNAL_ERROR);
+                    return 0;
+                }
+
+                sess = SSL_SESSION_new();
+                if (sess == NULL
+                        || !SSL_SESSION_set1_master_key(sess, pskdata,
+                                                        pskdatalen)
+                        || !SSL_SESSION_set_cipher(sess, cipher)
+                        || !SSL_SESSION_set_protocol_version(sess,
+                                                             TLS1_3_VERSION)) {
+                    OPENSSL_cleanse(pskdata, pskdatalen);
+                    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_PSK,
+                             ERR_R_INTERNAL_ERROR);
+                    goto err;
+                }
+                OPENSSL_cleanse(pskdata, pskdatalen);
+            }
+        }
+#endif /* OPENSSL_NO_PSK */
+
+        if (sess != NULL) {
+            /* We found a PSK */
+            SSL_SESSION *sesstmp = ssl_session_dup(sess, 0);
+
+            if (sesstmp == NULL) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_PARSE_CTOS_PSK, ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+            SSL_SESSION_free(sess);
+            sess = sesstmp;
+
+            /*
+             * We've just been told to use this session for this context so
+             * make sure the sid_ctx matches up.
+             */
+            memcpy(sess->sid_ctx, s->sid_ctx, s->sid_ctx_length);
+            sess->sid_ctx_length = s->sid_ctx_length;
+            ext = 1;
+            if (id == 0)
+                s->ext.early_data_ok = 1;
+            s->ext.ticket_expected = 1;
+        } else {
+            uint32_t ticket_age = 0, now, agesec, agems;
+            int ret;
+
+            /*
+             * If we are using anti-replay protection then we behave as if
+             * SSL_OP_NO_TICKET is set - we are caching tickets anyway so there
+             * is no point in using full stateless tickets.
+             */
+            if ((s->options & SSL_OP_NO_TICKET) != 0
+                    || (s->max_early_data > 0
+                        && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0))
+                ret = tls_get_stateful_ticket(s, &identity, &sess);
+            else
+                ret = tls_decrypt_ticket(s, PACKET_data(&identity),
+                                         PACKET_remaining(&identity), NULL, 0,
+                                         &sess);
+
+            if (ret == SSL_TICKET_EMPTY) {
+                SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_PSK,
+                         SSL_R_BAD_EXTENSION);
+                return 0;
+            }
+
+            if (ret == SSL_TICKET_FATAL_ERR_MALLOC
+                    || ret == SSL_TICKET_FATAL_ERR_OTHER) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_PARSE_CTOS_PSK, ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+            if (ret == SSL_TICKET_NONE || ret == SSL_TICKET_NO_DECRYPT)
+                continue;
+
+            /* Check for replay */
+            if (s->max_early_data > 0
+                    && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0
+                    && !SSL_CTX_remove_session(s->session_ctx, sess)) {
+                SSL_SESSION_free(sess);
+                sess = NULL;
+                continue;
+            }
+
+            ticket_age = (uint32_t)ticket_agel;
+            now = (uint32_t)time(NULL);
+            agesec = now - (uint32_t)sess->time;
+            agems = agesec * (uint32_t)1000;
+            ticket_age -= sess->ext.tick_age_add;
+
+            /*
+             * For simplicity we do our age calculations in seconds. If the
+             * client does it in ms then it could appear that their ticket age
+             * is longer than ours (our ticket age calculation should always be
+             * slightly longer than the client's due to the network latency).
+             * Therefore we add 1000ms to our age calculation to adjust for
+             * rounding errors.
+             */
+            if (id == 0
+                    && sess->timeout >= (long)agesec
+                    && agems / (uint32_t)1000 == agesec
+                    && ticket_age <= agems + 1000
+                    && ticket_age + TICKET_AGE_ALLOWANCE >= agems + 1000) {
+                /*
+                 * Ticket age is within tolerance and not expired. We allow it
+                 * for early data
+                 */
+                s->ext.early_data_ok = 1;
+            }
+        }
+
+        md = ssl_md(sess->cipher->algorithm2);
+        if (md != ssl_md(s->s3->tmp.new_cipher->algorithm2)) {
+            /* The ciphersuite is not compatible with this session. */
+            SSL_SESSION_free(sess);
+            sess = NULL;
+            s->ext.early_data_ok = 0;
+            s->ext.ticket_expected = 0;
+            continue;
+        }
+        break;
+    }
+
+    if (sess == NULL)
+        return 1;
+
+    binderoffset = PACKET_data(pkt) - (const unsigned char *)s->init_buf->data;
+    hashsize = EVP_MD_size(md);
+
+    if (!PACKET_get_length_prefixed_2(pkt, &binders)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_PSK,
+                 SSL_R_BAD_EXTENSION);
+        goto err;
+    }
+
+    for (i = 0; i <= id; i++) {
+        if (!PACKET_get_length_prefixed_1(&binders, &binder)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_PSK,
+                     SSL_R_BAD_EXTENSION);
+            goto err;
+        }
+    }
+
+    if (PACKET_remaining(&binder) != hashsize) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_PSK,
+                 SSL_R_BAD_EXTENSION);
+        goto err;
+    }
+    if (tls_psk_do_binder(s, md, (const unsigned char *)s->init_buf->data,
+                          binderoffset, PACKET_data(&binder), NULL, sess, 0,
+                          ext) != 1) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    sess->ext.tick_identity = id;
+
+    SSL_SESSION_free(s->session);
+    s->session = sess;
+    return 1;
+err:
+    SSL_SESSION_free(sess);
+    return 0;
+}
+
+int tls_parse_ctos_post_handshake_auth(SSL *s, PACKET *pkt, unsigned int context,
+                                       X509 *x, size_t chainidx)
+{
+    if (PACKET_remaining(pkt) != 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_POST_HANDSHAKE_AUTH,
+                 SSL_R_POST_HANDSHAKE_AUTH_ENCODING_ERR);
+        return 0;
+    }
+
+    s->post_handshake_auth = SSL_PHA_EXT_RECEIVED;
+
+    return 1;
+}
+
+/*
+ * Add the server's renegotiation binding
+ */
+EXT_RETURN tls_construct_stoc_renegotiate(SSL *s, WPACKET *pkt,
+                                          unsigned int context, X509 *x,
+                                          size_t chainidx)
+{
+    if (!s->s3->send_connection_binding)
+        return EXT_RETURN_NOT_SENT;
+
+    /* Still add this even if SSL_OP_NO_RENEGOTIATION is set */
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_renegotiate)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_start_sub_packet_u8(pkt)
+            || !WPACKET_memcpy(pkt, s->s3->previous_client_finished,
+                               s->s3->previous_client_finished_len)
+            || !WPACKET_memcpy(pkt, s->s3->previous_server_finished,
+                               s->s3->previous_server_finished_len)
+            || !WPACKET_close(pkt)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_RENEGOTIATE,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+EXT_RETURN tls_construct_stoc_server_name(SSL *s, WPACKET *pkt,
+                                          unsigned int context, X509 *x,
+                                          size_t chainidx)
+{
+    if (s->hit || s->servername_done != 1
+            || s->ext.hostname == NULL)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_server_name)
+            || !WPACKET_put_bytes_u16(pkt, 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_SERVER_NAME,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+/* Add/include the server's max fragment len extension into ServerHello */
+EXT_RETURN tls_construct_stoc_maxfragmentlen(SSL *s, WPACKET *pkt,
+                                             unsigned int context, X509 *x,
+                                             size_t chainidx)
+{
+    if (!USE_MAX_FRAGMENT_LENGTH_EXT(s->session))
+        return EXT_RETURN_NOT_SENT;
+
+    /*-
+     * 4 bytes for this extension type and extension length
+     * 1 byte for the Max Fragment Length code value.
+     */
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_max_fragment_length)
+        || !WPACKET_start_sub_packet_u16(pkt)
+        || !WPACKET_put_bytes_u8(pkt, s->session->ext.max_fragment_len_mode)
+        || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_STOC_MAXFRAGMENTLEN, ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+#ifndef OPENSSL_NO_EC
+EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt,
+                                            unsigned int context, X509 *x,
+                                            size_t chainidx)
+{
+    unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+    unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
+    int using_ecc = ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA))
+                    && (s->session->ext.ecpointformats != NULL);
+    const unsigned char *plist;
+    size_t plistlen;
+
+    if (!using_ecc)
+        return EXT_RETURN_NOT_SENT;
+
+    tls1_get_formatlist(s, &plist, &plistlen);
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_ec_point_formats)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_sub_memcpy_u8(pkt, plist, plistlen)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_STOC_EC_PT_FORMATS, ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+#endif
+
+#ifndef OPENSSL_NO_EC
+EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt,
+                                               unsigned int context, X509 *x,
+                                               size_t chainidx)
+{
+    const uint16_t *groups;
+    size_t numgroups, i, first = 1;
+
+    /* s->s3->group_id is non zero if we accepted a key_share */
+    if (s->s3->group_id == 0)
+        return EXT_RETURN_NOT_SENT;
+
+    /* Get our list of supported groups */
+    tls1_get_supported_groups(s, &groups, &numgroups);
+    if (numgroups == 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS, ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    /* Copy group ID if supported */
+    for (i = 0; i < numgroups; i++) {
+        uint16_t group = groups[i];
+
+        if (tls_curve_allowed(s, group, SSL_SECOP_CURVE_SUPPORTED)) {
+            if (first) {
+                /*
+                 * Check if the client is already using our preferred group. If
+                 * so we don't need to add this extension
+                 */
+                if (s->s3->group_id == group)
+                    return EXT_RETURN_NOT_SENT;
+
+                /* Add extension header */
+                if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_groups)
+                           /* Sub-packet for supported_groups extension */
+                        || !WPACKET_start_sub_packet_u16(pkt)
+                        || !WPACKET_start_sub_packet_u16(pkt)) {
+                    SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                             SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS,
+                             ERR_R_INTERNAL_ERROR);
+                    return EXT_RETURN_FAIL;
+                }
+
+                first = 0;
+            }
+            if (!WPACKET_put_bytes_u16(pkt, group)) {
+                    SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                             SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS,
+                             ERR_R_INTERNAL_ERROR);
+                    return EXT_RETURN_FAIL;
+                }
+        }
+    }
+
+    if (!WPACKET_close(pkt) || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+#endif
+
+EXT_RETURN tls_construct_stoc_session_ticket(SSL *s, WPACKET *pkt,
+                                             unsigned int context, X509 *x,
+                                             size_t chainidx)
+{
+    if (!s->ext.ticket_expected || !tls_use_ticket(s)) {
+        s->ext.ticket_expected = 0;
+        return EXT_RETURN_NOT_SENT;
+    }
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_session_ticket)
+            || !WPACKET_put_bytes_u16(pkt, 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_STOC_SESSION_TICKET, ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+#ifndef OPENSSL_NO_OCSP
+EXT_RETURN tls_construct_stoc_status_request(SSL *s, WPACKET *pkt,
+                                             unsigned int context, X509 *x,
+                                             size_t chainidx)
+{
+    if (!s->ext.status_expected)
+        return EXT_RETURN_NOT_SENT;
+
+    if (SSL_IS_TLS13(s) && chainidx != 0)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_status_request)
+            || !WPACKET_start_sub_packet_u16(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_STOC_STATUS_REQUEST, ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    /*
+     * In TLSv1.3 we include the certificate status itself. In <= TLSv1.2 we
+     * send back an empty extension, with the certificate status appearing as a
+     * separate message
+     */
+    if (SSL_IS_TLS13(s) && !tls_construct_cert_status_body(s, pkt)) {
+       /* SSLfatal() already called */
+       return EXT_RETURN_FAIL;
+    }
+    if (!WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_STOC_STATUS_REQUEST, ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+#endif
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+EXT_RETURN tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt,
+                                             unsigned int context, X509 *x,
+                                             size_t chainidx)
+{
+    const unsigned char *npa;
+    unsigned int npalen;
+    int ret;
+    int npn_seen = s->s3->npn_seen;
+
+    s->s3->npn_seen = 0;
+    if (!npn_seen || s->ctx->ext.npn_advertised_cb == NULL)
+        return EXT_RETURN_NOT_SENT;
+
+    ret = s->ctx->ext.npn_advertised_cb(s, &npa, &npalen,
+                                        s->ctx->ext.npn_advertised_cb_arg);
+    if (ret == SSL_TLSEXT_ERR_OK) {
+        if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_next_proto_neg)
+                || !WPACKET_sub_memcpy_u16(pkt, npa, npalen)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_STOC_NEXT_PROTO_NEG,
+                     ERR_R_INTERNAL_ERROR);
+            return EXT_RETURN_FAIL;
+        }
+        s->s3->npn_seen = 1;
+    }
+
+    return EXT_RETURN_SENT;
+}
+#endif
+
+EXT_RETURN tls_construct_stoc_alpn(SSL *s, WPACKET *pkt, unsigned int context,
+                                   X509 *x, size_t chainidx)
+{
+    if (s->s3->alpn_selected == NULL)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt,
+                TLSEXT_TYPE_application_layer_protocol_negotiation)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_sub_memcpy_u8(pkt, s->s3->alpn_selected,
+                                      s->s3->alpn_selected_len)
+            || !WPACKET_close(pkt)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_STOC_ALPN, ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+#ifndef OPENSSL_NO_SRTP
+EXT_RETURN tls_construct_stoc_use_srtp(SSL *s, WPACKET *pkt,
+                                       unsigned int context, X509 *x,
+                                       size_t chainidx)
+{
+    if (s->srtp_profile == NULL)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_use_srtp)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_put_bytes_u16(pkt, 2)
+            || !WPACKET_put_bytes_u16(pkt, s->srtp_profile->id)
+            || !WPACKET_put_bytes_u8(pkt, 0)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_USE_SRTP,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+#endif
+
+EXT_RETURN tls_construct_stoc_etm(SSL *s, WPACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx)
+{
+    if (!s->ext.use_etm)
+        return EXT_RETURN_NOT_SENT;
+
+    /*
+     * Don't use encrypt_then_mac if AEAD or RC4 might want to disable
+     * for other cases too.
+     */
+    if (s->s3->tmp.new_cipher->algorithm_mac == SSL_AEAD
+        || s->s3->tmp.new_cipher->algorithm_enc == SSL_RC4
+        || s->s3->tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT
+        || s->s3->tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT12) {
+        s->ext.use_etm = 0;
+        return EXT_RETURN_NOT_SENT;
+    }
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_encrypt_then_mac)
+            || !WPACKET_put_bytes_u16(pkt, 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_ETM,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+EXT_RETURN tls_construct_stoc_ems(SSL *s, WPACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx)
+{
+    if ((s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) == 0)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_extended_master_secret)
+            || !WPACKET_put_bytes_u16(pkt, 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_EMS,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+EXT_RETURN tls_construct_stoc_supported_versions(SSL *s, WPACKET *pkt,
+                                                 unsigned int context, X509 *x,
+                                                 size_t chainidx)
+{
+    if (!ossl_assert(SSL_IS_TLS13(s))) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_versions)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_put_bytes_u16(pkt, s->version)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt,
+                                        unsigned int context, X509 *x,
+                                        size_t chainidx)
+{
+#ifndef OPENSSL_NO_TLS1_3
+    unsigned char *encodedPoint;
+    size_t encoded_pt_len = 0;
+    EVP_PKEY *ckey = s->s3->peer_tmp, *skey = NULL;
+
+    if (s->hello_retry_request == SSL_HRR_PENDING) {
+        if (ckey != NULL) {
+            /* Original key_share was acceptable so don't ask for another one */
+            return EXT_RETURN_NOT_SENT;
+        }
+        if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_key_share)
+                || !WPACKET_start_sub_packet_u16(pkt)
+                || !WPACKET_put_bytes_u16(pkt, s->s3->group_id)
+                || !WPACKET_close(pkt)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE,
+                     ERR_R_INTERNAL_ERROR);
+            return EXT_RETURN_FAIL;
+        }
+
+        return EXT_RETURN_SENT;
+    }
+
+    if (ckey == NULL) {
+        /* No key_share received from client - must be resuming */
+        if (!s->hit || !tls13_generate_handshake_secret(s, NULL, 0)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE, ERR_R_INTERNAL_ERROR);
+            return EXT_RETURN_FAIL;
+        }
+        return EXT_RETURN_NOT_SENT;
+    }
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_key_share)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_put_bytes_u16(pkt, s->s3->group_id)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE, ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    skey = ssl_generate_pkey(ckey);
+    if (skey == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE,
+                 ERR_R_MALLOC_FAILURE);
+        return EXT_RETURN_FAIL;
+    }
+
+    /* Generate encoding of server key */
+    encoded_pt_len = EVP_PKEY_get1_tls_encodedpoint(skey, &encodedPoint);
+    if (encoded_pt_len == 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE,
+                 ERR_R_EC_LIB);
+        EVP_PKEY_free(skey);
+        return EXT_RETURN_FAIL;
+    }
+
+    if (!WPACKET_sub_memcpy_u16(pkt, encodedPoint, encoded_pt_len)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE,
+                 ERR_R_INTERNAL_ERROR);
+        EVP_PKEY_free(skey);
+        OPENSSL_free(encodedPoint);
+        return EXT_RETURN_FAIL;
+    }
+    OPENSSL_free(encodedPoint);
+
+    /* This causes the crypto state to be updated based on the derived keys */
+    s->s3->tmp.pkey = skey;
+    if (ssl_derive(s, skey, ckey, 1) == 0) {
+        /* SSLfatal() already called */
+        return EXT_RETURN_FAIL;
+    }
+    return EXT_RETURN_SENT;
+#else
+    return EXT_RETURN_FAIL;
+#endif
+}
+
+EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context,
+                                     X509 *x, size_t chainidx)
+{
+#ifndef OPENSSL_NO_TLS1_3
+    unsigned char *hashval1, *hashval2, *appcookie1, *appcookie2, *cookie;
+    unsigned char *hmac, *hmac2;
+    size_t startlen, ciphlen, totcookielen, hashlen, hmaclen, appcookielen;
+    EVP_MD_CTX *hctx;
+    EVP_PKEY *pkey;
+    int ret = EXT_RETURN_FAIL;
+
+    if ((s->s3->flags & TLS1_FLAGS_STATELESS) == 0)
+        return EXT_RETURN_NOT_SENT;
+
+    if (s->ctx->gen_stateless_cookie_cb == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE,
+                 SSL_R_NO_COOKIE_CALLBACK_SET);
+        return EXT_RETURN_FAIL;
+    }
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_cookie)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_get_total_written(pkt, &startlen)
+            || !WPACKET_reserve_bytes(pkt, MAX_COOKIE_SIZE, &cookie)
+            || !WPACKET_put_bytes_u16(pkt, COOKIE_STATE_FORMAT_VERSION)
+            || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION)
+            || !WPACKET_put_bytes_u16(pkt, s->s3->group_id)
+            || !s->method->put_cipher_by_char(s->s3->tmp.new_cipher, pkt,
+                                              &ciphlen)
+               /* Is there a key_share extension present in this HRR? */
+            || !WPACKET_put_bytes_u8(pkt, s->s3->peer_tmp == NULL)
+            || !WPACKET_put_bytes_u32(pkt, (unsigned int)time(NULL))
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_reserve_bytes(pkt, EVP_MAX_MD_SIZE, &hashval1)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    /*
+     * Get the hash of the initial ClientHello. ssl_handshake_hash() operates
+     * on raw buffers, so we first reserve sufficient bytes (above) and then
+     * subsequently allocate them (below)
+     */
+    if (!ssl3_digest_cached_records(s, 0)
+            || !ssl_handshake_hash(s, hashval1, EVP_MAX_MD_SIZE, &hashlen)) {
+        /* SSLfatal() already called */
+        return EXT_RETURN_FAIL;
+    }
+
+    if (!WPACKET_allocate_bytes(pkt, hashlen, &hashval2)
+            || !ossl_assert(hashval1 == hashval2)
+            || !WPACKET_close(pkt)
+            || !WPACKET_start_sub_packet_u8(pkt)
+            || !WPACKET_reserve_bytes(pkt, SSL_COOKIE_LENGTH, &appcookie1)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    /* Generate the application cookie */
+    if (s->ctx->gen_stateless_cookie_cb(s, appcookie1, &appcookielen) == 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE,
+                 SSL_R_COOKIE_GEN_CALLBACK_FAILURE);
+        return EXT_RETURN_FAIL;
+    }
+
+    if (!WPACKET_allocate_bytes(pkt, appcookielen, &appcookie2)
+            || !ossl_assert(appcookie1 == appcookie2)
+            || !WPACKET_close(pkt)
+            || !WPACKET_get_total_written(pkt, &totcookielen)
+            || !WPACKET_reserve_bytes(pkt, SHA256_DIGEST_LENGTH, &hmac)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+    hmaclen = SHA256_DIGEST_LENGTH;
+
+    totcookielen -= startlen;
+    if (!ossl_assert(totcookielen <= MAX_COOKIE_SIZE - SHA256_DIGEST_LENGTH)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    /* HMAC the cookie */
+    hctx = EVP_MD_CTX_create();
+    pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL,
+                                        s->session_ctx->ext.cookie_hmac_key,
+                                        sizeof(s->session_ctx->ext
+                                               .cookie_hmac_key));
+    if (hctx == NULL || pkey == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE,
+                 ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (EVP_DigestSignInit(hctx, NULL, EVP_sha256(), NULL, pkey) <= 0
+            || EVP_DigestSign(hctx, hmac, &hmaclen, cookie,
+                              totcookielen) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    if (!ossl_assert(totcookielen + hmaclen <= MAX_COOKIE_SIZE)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    if (!WPACKET_allocate_bytes(pkt, hmaclen, &hmac2)
+            || !ossl_assert(hmac == hmac2)
+            || !ossl_assert(cookie == hmac - totcookielen)
+            || !WPACKET_close(pkt)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    ret = EXT_RETURN_SENT;
+
+ err:
+    EVP_MD_CTX_free(hctx);
+    EVP_PKEY_free(pkey);
+    return ret;
+#else
+    return EXT_RETURN_FAIL;
+#endif
+}
+
+EXT_RETURN tls_construct_stoc_cryptopro_bug(SSL *s, WPACKET *pkt,
+                                            unsigned int context, X509 *x,
+                                            size_t chainidx)
+{
+    const unsigned char cryptopro_ext[36] = {
+        0xfd, 0xe8,         /* 65000 */
+        0x00, 0x20,         /* 32 bytes length */
+        0x30, 0x1e, 0x30, 0x08, 0x06, 0x06, 0x2a, 0x85,
+        0x03, 0x02, 0x02, 0x09, 0x30, 0x08, 0x06, 0x06,
+        0x2a, 0x85, 0x03, 0x02, 0x02, 0x16, 0x30, 0x08,
+        0x06, 0x06, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x17
+    };
+
+    if (((s->s3->tmp.new_cipher->id & 0xFFFF) != 0x80
+         && (s->s3->tmp.new_cipher->id & 0xFFFF) != 0x81)
+            || (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG) == 0)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_memcpy(pkt, cryptopro_ext, sizeof(cryptopro_ext))) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_STOC_CRYPTOPRO_BUG, ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+EXT_RETURN tls_construct_stoc_early_data(SSL *s, WPACKET *pkt,
+                                         unsigned int context, X509 *x,
+                                         size_t chainidx)
+{
+    if (context == SSL_EXT_TLS1_3_NEW_SESSION_TICKET) {
+        if (s->max_early_data == 0)
+            return EXT_RETURN_NOT_SENT;
+
+        if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_early_data)
+                || !WPACKET_start_sub_packet_u16(pkt)
+                || !WPACKET_put_bytes_u32(pkt, s->max_early_data)
+                || !WPACKET_close(pkt)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA, ERR_R_INTERNAL_ERROR);
+            return EXT_RETURN_FAIL;
+        }
+
+        return EXT_RETURN_SENT;
+    }
+
+    if (s->ext.early_data != SSL_EARLY_DATA_ACCEPTED)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_early_data)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+EXT_RETURN tls_construct_stoc_psk(SSL *s, WPACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx)
+{
+    if (!s->hit)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_psk)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_put_bytes_u16(pkt, s->session->ext.tick_identity)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_STOC_PSK, ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/statem/statem.c b/trunk/3rdparty/openssl-1.1-fit/ssl/statem/statem.c
new file mode 100644
index 000000000..e3c5ec003
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/statem/statem.c
@@ -0,0 +1,972 @@
+/*
+ * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/rand.h>
+#include "../ssl_locl.h"
+#include "statem_locl.h"
+#include <assert.h>
+
+/*
+ * This file implements the SSL/TLS/DTLS state machines.
+ *
+ * There are two primary state machines:
+ *
+ * 1) Message flow state machine
+ * 2) Handshake state machine
+ *
+ * The Message flow state machine controls the reading and sending of messages
+ * including handling of non-blocking IO events, flushing of the underlying
+ * write BIO, handling unexpected messages, etc. It is itself broken into two
+ * separate sub-state machines which control reading and writing respectively.
+ *
+ * The Handshake state machine keeps track of the current SSL/TLS handshake
+ * state. Transitions of the handshake state are the result of events that
+ * occur within the Message flow state machine.
+ *
+ * Overall it looks like this:
+ *
+ * ---------------------------------------------            -------------------
+ * |                                           |            |                 |
+ * | Message flow state machine                |            |                 |
+ * |                                           |            |                 |
+ * | -------------------- -------------------- | Transition | Handshake state |
+ * | | MSG_FLOW_READING | | MSG_FLOW_WRITING | | Event      | machine         |
+ * | | sub-state        | | sub-state        | |----------->|                 |
+ * | | machine for      | | machine for      | |            |                 |
+ * | | reading messages | | writing messages | |            |                 |
+ * | -------------------- -------------------- |            |                 |
+ * |                                           |            |                 |
+ * ---------------------------------------------            -------------------
+ *
+ */
+
+/* Sub state machine return values */
+typedef enum {
+    /* Something bad happened or NBIO */
+    SUB_STATE_ERROR,
+    /* Sub state finished go to the next sub state */
+    SUB_STATE_FINISHED,
+    /* Sub state finished and handshake was completed */
+    SUB_STATE_END_HANDSHAKE
+} SUB_STATE_RETURN;
+
+static int state_machine(SSL *s, int server);
+static void init_read_state_machine(SSL *s);
+static SUB_STATE_RETURN read_state_machine(SSL *s);
+static void init_write_state_machine(SSL *s);
+static SUB_STATE_RETURN write_state_machine(SSL *s);
+
+OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl)
+{
+    return ssl->statem.hand_state;
+}
+
+int SSL_in_init(const SSL *s)
+{
+    return s->statem.in_init;
+}
+
+int SSL_is_init_finished(const SSL *s)
+{
+    return !(s->statem.in_init) && (s->statem.hand_state == TLS_ST_OK);
+}
+
+int SSL_in_before(const SSL *s)
+{
+    /*
+     * Historically being "in before" meant before anything had happened. In the
+     * current code though we remain in the "before" state for a while after we
+     * have started the handshake process (e.g. as a server waiting for the
+     * first message to arrive). There "in before" is taken to mean "in before"
+     * and not started any handshake process yet.
+     */
+    return (s->statem.hand_state == TLS_ST_BEFORE)
+        && (s->statem.state == MSG_FLOW_UNINITED);
+}
+
+/*
+ * Clear the state machine state and reset back to MSG_FLOW_UNINITED
+ */
+void ossl_statem_clear(SSL *s)
+{
+    s->statem.state = MSG_FLOW_UNINITED;
+    s->statem.hand_state = TLS_ST_BEFORE;
+    s->statem.in_init = 1;
+    s->statem.no_cert_verify = 0;
+}
+
+/*
+ * Set the state machine up ready for a renegotiation handshake
+ */
+void ossl_statem_set_renegotiate(SSL *s)
+{
+    s->statem.in_init = 1;
+    s->statem.request_state = TLS_ST_SW_HELLO_REQ;
+}
+
+/*
+ * Put the state machine into an error state and send an alert if appropriate.
+ * This is a permanent error for the current connection.
+ */
+void ossl_statem_fatal(SSL *s, int al, int func, int reason, const char *file,
+                       int line)
+{
+    ERR_put_error(ERR_LIB_SSL, func, reason, file, line);
+    /* We shouldn't call SSLfatal() twice. Once is enough */
+    if (s->statem.in_init && s->statem.state == MSG_FLOW_ERROR)
+      return;
+    s->statem.in_init = 1;
+    s->statem.state = MSG_FLOW_ERROR;
+    if (al != SSL_AD_NO_ALERT
+            && s->statem.enc_write_state != ENC_WRITE_STATE_INVALID)
+        ssl3_send_alert(s, SSL3_AL_FATAL, al);
+}
+
+/*
+ * This macro should only be called if we are already expecting to be in
+ * a fatal error state. We verify that we are, and set it if not (this would
+ * indicate a bug).
+ */
+#define check_fatal(s, f) \
+    do { \
+        if (!ossl_assert((s)->statem.in_init \
+                         && (s)->statem.state == MSG_FLOW_ERROR)) \
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, (f), \
+                     SSL_R_MISSING_FATAL); \
+    } while (0)
+
+/*
+ * Discover whether the current connection is in the error state.
+ *
+ * Valid return values are:
+ *   1: Yes
+ *   0: No
+ */
+int ossl_statem_in_error(const SSL *s)
+{
+    if (s->statem.state == MSG_FLOW_ERROR)
+        return 1;
+
+    return 0;
+}
+
+void ossl_statem_set_in_init(SSL *s, int init)
+{
+    s->statem.in_init = init;
+}
+
+int ossl_statem_get_in_handshake(SSL *s)
+{
+    return s->statem.in_handshake;
+}
+
+void ossl_statem_set_in_handshake(SSL *s, int inhand)
+{
+    if (inhand)
+        s->statem.in_handshake++;
+    else
+        s->statem.in_handshake--;
+}
+
+/* Are we in a sensible state to skip over unreadable early data? */
+int ossl_statem_skip_early_data(SSL *s)
+{
+    if (s->ext.early_data != SSL_EARLY_DATA_REJECTED)
+        return 0;
+
+    if (!s->server
+            || s->statem.hand_state != TLS_ST_EARLY_DATA
+            || s->hello_retry_request == SSL_HRR_COMPLETE)
+        return 0;
+
+    return 1;
+}
+
+/*
+ * Called when we are in SSL_read*(), SSL_write*(), or SSL_accept()
+ * /SSL_connect()/SSL_do_handshake(). Used to test whether we are in an early
+ * data state and whether we should attempt to move the handshake on if so.
+ * |sending| is 1 if we are attempting to send data (SSL_write*()), 0 if we are
+ * attempting to read data (SSL_read*()), or -1 if we are in SSL_do_handshake()
+ * or similar.
+ */
+void ossl_statem_check_finish_init(SSL *s, int sending)
+{
+    if (sending == -1) {
+        if (s->statem.hand_state == TLS_ST_PENDING_EARLY_DATA_END
+                || s->statem.hand_state == TLS_ST_EARLY_DATA) {
+            ossl_statem_set_in_init(s, 1);
+            if (s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY) {
+                /*
+                 * SSL_connect() or SSL_do_handshake() has been called directly.
+                 * We don't allow any more writing of early data.
+                 */
+                s->early_data_state = SSL_EARLY_DATA_FINISHED_WRITING;
+            }
+        }
+    } else if (!s->server) {
+        if ((sending && (s->statem.hand_state == TLS_ST_PENDING_EARLY_DATA_END
+                      || s->statem.hand_state == TLS_ST_EARLY_DATA)
+                  && s->early_data_state != SSL_EARLY_DATA_WRITING)
+                || (!sending && s->statem.hand_state == TLS_ST_EARLY_DATA)) {
+            ossl_statem_set_in_init(s, 1);
+            /*
+             * SSL_write() has been called directly. We don't allow any more
+             * writing of early data.
+             */
+            if (sending && s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY)
+                s->early_data_state = SSL_EARLY_DATA_FINISHED_WRITING;
+        }
+    } else {
+        if (s->early_data_state == SSL_EARLY_DATA_FINISHED_READING
+                && s->statem.hand_state == TLS_ST_EARLY_DATA)
+            ossl_statem_set_in_init(s, 1);
+    }
+}
+
+void ossl_statem_set_hello_verify_done(SSL *s)
+{
+    s->statem.state = MSG_FLOW_UNINITED;
+    s->statem.in_init = 1;
+    /*
+     * This will get reset (briefly) back to TLS_ST_BEFORE when we enter
+     * state_machine() because |state| is MSG_FLOW_UNINITED, but until then any
+     * calls to SSL_in_before() will return false. Also calls to
+     * SSL_state_string() and SSL_state_string_long() will return something
+     * sensible.
+     */
+    s->statem.hand_state = TLS_ST_SR_CLNT_HELLO;
+}
+
+int ossl_statem_connect(SSL *s)
+{
+    return state_machine(s, 0);
+}
+
+int ossl_statem_accept(SSL *s)
+{
+    return state_machine(s, 1);
+}
+
+typedef void (*info_cb) (const SSL *, int, int);
+
+static info_cb get_callback(SSL *s)
+{
+    if (s->info_callback != NULL)
+        return s->info_callback;
+    else if (s->ctx->info_callback != NULL)
+        return s->ctx->info_callback;
+
+    return NULL;
+}
+
+/*
+ * The main message flow state machine. We start in the MSG_FLOW_UNINITED or
+ * MSG_FLOW_FINISHED state and finish in MSG_FLOW_FINISHED. Valid states and
+ * transitions are as follows:
+ *
+ * MSG_FLOW_UNINITED     MSG_FLOW_FINISHED
+ *        |                       |
+ *        +-----------------------+
+ *        v
+ * MSG_FLOW_WRITING <---> MSG_FLOW_READING
+ *        |
+ *        V
+ * MSG_FLOW_FINISHED
+ *        |
+ *        V
+ *    [SUCCESS]
+ *
+ * We may exit at any point due to an error or NBIO event. If an NBIO event
+ * occurs then we restart at the point we left off when we are recalled.
+ * MSG_FLOW_WRITING and MSG_FLOW_READING have sub-state machines associated with them.
+ *
+ * In addition to the above there is also the MSG_FLOW_ERROR state. We can move
+ * into that state at any point in the event that an irrecoverable error occurs.
+ *
+ * Valid return values are:
+ *   1: Success
+ * <=0: NBIO or error
+ */
+static int state_machine(SSL *s, int server)
+{
+    BUF_MEM *buf = NULL;
+    void (*cb) (const SSL *ssl, int type, int val) = NULL;
+    OSSL_STATEM *st = &s->statem;
+    int ret = -1;
+    int ssret;
+
+    if (st->state == MSG_FLOW_ERROR) {
+        /* Shouldn't have been called if we're already in the error state */
+        return -1;
+    }
+
+    ERR_clear_error();
+    clear_sys_error();
+
+    cb = get_callback(s);
+
+    st->in_handshake++;
+    if (!SSL_in_init(s) || SSL_in_before(s)) {
+        /*
+         * If we are stateless then we already called SSL_clear() - don't do
+         * it again and clear the STATELESS flag itself.
+         */
+        if ((s->s3->flags & TLS1_FLAGS_STATELESS) == 0 && !SSL_clear(s))
+            return -1;
+    }
+#ifndef OPENSSL_NO_SCTP
+    if (SSL_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(s))) {
+        /*
+         * Notify SCTP BIO socket to enter handshake mode and prevent stream
+         * identifier other than 0.
+         */
+        BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
+                 st->in_handshake, NULL);
+    }
+#endif
+
+    /* Initialise state machine */
+    if (st->state == MSG_FLOW_UNINITED
+            || st->state == MSG_FLOW_FINISHED) {
+        if (st->state == MSG_FLOW_UNINITED) {
+            st->hand_state = TLS_ST_BEFORE;
+            st->request_state = TLS_ST_BEFORE;
+        }
+
+        s->server = server;
+        if (cb != NULL) {
+            if (SSL_IS_FIRST_HANDSHAKE(s) || !SSL_IS_TLS13(s))
+                cb(s, SSL_CB_HANDSHAKE_START, 1);
+        }
+
+        /*
+         * Fatal errors in this block don't send an alert because we have
+         * failed to even initialise properly. Sending an alert is probably
+         * doomed to failure.
+         */
+
+        if (SSL_IS_DTLS(s)) {
+            if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00) &&
+                (server || (s->version & 0xff00) != (DTLS1_BAD_VER & 0xff00))) {
+                SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_STATE_MACHINE,
+                         ERR_R_INTERNAL_ERROR);
+                goto end;
+            }
+        } else {
+            if ((s->version >> 8) != SSL3_VERSION_MAJOR) {
+                SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_STATE_MACHINE,
+                         ERR_R_INTERNAL_ERROR);
+                goto end;
+            }
+        }
+
+        if (!ssl_security(s, SSL_SECOP_VERSION, 0, s->version, NULL)) {
+            SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_STATE_MACHINE,
+                     ERR_R_INTERNAL_ERROR);
+            goto end;
+        }
+
+        if (s->init_buf == NULL) {
+            if ((buf = BUF_MEM_new()) == NULL) {
+                SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_STATE_MACHINE,
+                         ERR_R_INTERNAL_ERROR);
+                goto end;
+            }
+            if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
+                SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_STATE_MACHINE,
+                         ERR_R_INTERNAL_ERROR);
+                goto end;
+            }
+            s->init_buf = buf;
+            buf = NULL;
+        }
+
+        if (!ssl3_setup_buffers(s)) {
+            SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_STATE_MACHINE,
+                     ERR_R_INTERNAL_ERROR);
+            goto end;
+        }
+        s->init_num = 0;
+
+        /*
+         * Should have been reset by tls_process_finished, too.
+         */
+        s->s3->change_cipher_spec = 0;
+
+        /*
+         * Ok, we now need to push on a buffering BIO ...but not with
+         * SCTP
+         */
+#ifndef OPENSSL_NO_SCTP
+        if (!SSL_IS_DTLS(s) || !BIO_dgram_is_sctp(SSL_get_wbio(s)))
+#endif
+            if (!ssl_init_wbio_buffer(s)) {
+                SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_STATE_MACHINE,
+                         ERR_R_INTERNAL_ERROR);
+                goto end;
+            }
+
+        if ((SSL_in_before(s))
+                || s->renegotiate) {
+            if (!tls_setup_handshake(s)) {
+                /* SSLfatal() already called */
+                goto end;
+            }
+
+            if (SSL_IS_FIRST_HANDSHAKE(s))
+                st->read_state_first_init = 1;
+        }
+
+        st->state = MSG_FLOW_WRITING;
+        init_write_state_machine(s);
+    }
+
+    while (st->state != MSG_FLOW_FINISHED) {
+        if (st->state == MSG_FLOW_READING) {
+            ssret = read_state_machine(s);
+            if (ssret == SUB_STATE_FINISHED) {
+                st->state = MSG_FLOW_WRITING;
+                init_write_state_machine(s);
+            } else {
+                /* NBIO or error */
+                goto end;
+            }
+        } else if (st->state == MSG_FLOW_WRITING) {
+            ssret = write_state_machine(s);
+            if (ssret == SUB_STATE_FINISHED) {
+                st->state = MSG_FLOW_READING;
+                init_read_state_machine(s);
+            } else if (ssret == SUB_STATE_END_HANDSHAKE) {
+                st->state = MSG_FLOW_FINISHED;
+            } else {
+                /* NBIO or error */
+                goto end;
+            }
+        } else {
+            /* Error */
+            check_fatal(s, SSL_F_STATE_MACHINE);
+            SSLerr(SSL_F_STATE_MACHINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+            goto end;
+        }
+    }
+
+    ret = 1;
+
+ end:
+    st->in_handshake--;
+
+#ifndef OPENSSL_NO_SCTP
+    if (SSL_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(s))) {
+        /*
+         * Notify SCTP BIO socket to leave handshake mode and allow stream
+         * identifier other than 0.
+         */
+        BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
+                 st->in_handshake, NULL);
+    }
+#endif
+
+    BUF_MEM_free(buf);
+    if (cb != NULL) {
+        if (server)
+            cb(s, SSL_CB_ACCEPT_EXIT, ret);
+        else
+            cb(s, SSL_CB_CONNECT_EXIT, ret);
+    }
+    return ret;
+}
+
+/*
+ * Initialise the MSG_FLOW_READING sub-state machine
+ */
+static void init_read_state_machine(SSL *s)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    st->read_state = READ_STATE_HEADER;
+}
+
+static int grow_init_buf(SSL *s, size_t size) {
+
+    size_t msg_offset = (char *)s->init_msg - s->init_buf->data;
+
+    if (!BUF_MEM_grow_clean(s->init_buf, (int)size))
+        return 0;
+
+    if (size < msg_offset)
+        return 0;
+
+    s->init_msg = s->init_buf->data + msg_offset;
+
+    return 1;
+}
+
+/*
+ * This function implements the sub-state machine when the message flow is in
+ * MSG_FLOW_READING. The valid sub-states and transitions are:
+ *
+ * READ_STATE_HEADER <--+<-------------+
+ *        |             |              |
+ *        v             |              |
+ * READ_STATE_BODY -----+-->READ_STATE_POST_PROCESS
+ *        |                            |
+ *        +----------------------------+
+ *        v
+ * [SUB_STATE_FINISHED]
+ *
+ * READ_STATE_HEADER has the responsibility for reading in the message header
+ * and transitioning the state of the handshake state machine.
+ *
+ * READ_STATE_BODY reads in the rest of the message and then subsequently
+ * processes it.
+ *
+ * READ_STATE_POST_PROCESS is an optional step that may occur if some post
+ * processing activity performed on the message may block.
+ *
+ * Any of the above states could result in an NBIO event occurring in which case
+ * control returns to the calling application. When this function is recalled we
+ * will resume in the same state where we left off.
+ */
+static SUB_STATE_RETURN read_state_machine(SSL *s)
+{
+    OSSL_STATEM *st = &s->statem;
+    int ret, mt;
+    size_t len = 0;
+    int (*transition) (SSL *s, int mt);
+    PACKET pkt;
+    MSG_PROCESS_RETURN(*process_message) (SSL *s, PACKET *pkt);
+    WORK_STATE(*post_process_message) (SSL *s, WORK_STATE wst);
+    size_t (*max_message_size) (SSL *s);
+    void (*cb) (const SSL *ssl, int type, int val) = NULL;
+
+    cb = get_callback(s);
+
+    if (s->server) {
+        transition = ossl_statem_server_read_transition;
+        process_message = ossl_statem_server_process_message;
+        max_message_size = ossl_statem_server_max_message_size;
+        post_process_message = ossl_statem_server_post_process_message;
+    } else {
+        transition = ossl_statem_client_read_transition;
+        process_message = ossl_statem_client_process_message;
+        max_message_size = ossl_statem_client_max_message_size;
+        post_process_message = ossl_statem_client_post_process_message;
+    }
+
+    if (st->read_state_first_init) {
+        s->first_packet = 1;
+        st->read_state_first_init = 0;
+    }
+
+    while (1) {
+        switch (st->read_state) {
+        case READ_STATE_HEADER:
+            /* Get the state the peer wants to move to */
+            if (SSL_IS_DTLS(s)) {
+                /*
+                 * In DTLS we get the whole message in one go - header and body
+                 */
+                ret = dtls_get_message(s, &mt, &len);
+            } else {
+                ret = tls_get_message_header(s, &mt);
+            }
+
+            if (ret == 0) {
+                /* Could be non-blocking IO */
+                return SUB_STATE_ERROR;
+            }
+
+            if (cb != NULL) {
+                /* Notify callback of an impending state change */
+                if (s->server)
+                    cb(s, SSL_CB_ACCEPT_LOOP, 1);
+                else
+                    cb(s, SSL_CB_CONNECT_LOOP, 1);
+            }
+            /*
+             * Validate that we are allowed to move to the new state and move
+             * to that state if so
+             */
+            if (!transition(s, mt))
+                return SUB_STATE_ERROR;
+
+            if (s->s3->tmp.message_size > max_message_size(s)) {
+                SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_READ_STATE_MACHINE,
+                         SSL_R_EXCESSIVE_MESSAGE_SIZE);
+                return SUB_STATE_ERROR;
+            }
+
+            /* dtls_get_message already did this */
+            if (!SSL_IS_DTLS(s)
+                    && s->s3->tmp.message_size > 0
+                    && !grow_init_buf(s, s->s3->tmp.message_size
+                                         + SSL3_HM_HEADER_LENGTH)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_READ_STATE_MACHINE,
+                         ERR_R_BUF_LIB);
+                return SUB_STATE_ERROR;
+            }
+
+            st->read_state = READ_STATE_BODY;
+            /* Fall through */
+
+        case READ_STATE_BODY:
+            if (!SSL_IS_DTLS(s)) {
+                /* We already got this above for DTLS */
+                ret = tls_get_message_body(s, &len);
+                if (ret == 0) {
+                    /* Could be non-blocking IO */
+                    return SUB_STATE_ERROR;
+                }
+            }
+
+            s->first_packet = 0;
+            if (!PACKET_buf_init(&pkt, s->init_msg, len)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_READ_STATE_MACHINE,
+                         ERR_R_INTERNAL_ERROR);
+                return SUB_STATE_ERROR;
+            }
+            ret = process_message(s, &pkt);
+
+            /* Discard the packet data */
+            s->init_num = 0;
+
+            switch (ret) {
+            case MSG_PROCESS_ERROR:
+                check_fatal(s, SSL_F_READ_STATE_MACHINE);
+                return SUB_STATE_ERROR;
+
+            case MSG_PROCESS_FINISHED_READING:
+                if (SSL_IS_DTLS(s)) {
+                    dtls1_stop_timer(s);
+                }
+                return SUB_STATE_FINISHED;
+
+            case MSG_PROCESS_CONTINUE_PROCESSING:
+                st->read_state = READ_STATE_POST_PROCESS;
+                st->read_state_work = WORK_MORE_A;
+                break;
+
+            default:
+                st->read_state = READ_STATE_HEADER;
+                break;
+            }
+            break;
+
+        case READ_STATE_POST_PROCESS:
+            st->read_state_work = post_process_message(s, st->read_state_work);
+            switch (st->read_state_work) {
+            case WORK_ERROR:
+                check_fatal(s, SSL_F_READ_STATE_MACHINE);
+                /* Fall through */
+            case WORK_MORE_A:
+            case WORK_MORE_B:
+            case WORK_MORE_C:
+                return SUB_STATE_ERROR;
+
+            case WORK_FINISHED_CONTINUE:
+                st->read_state = READ_STATE_HEADER;
+                break;
+
+            case WORK_FINISHED_STOP:
+                if (SSL_IS_DTLS(s)) {
+                    dtls1_stop_timer(s);
+                }
+                return SUB_STATE_FINISHED;
+            }
+            break;
+
+        default:
+            /* Shouldn't happen */
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_READ_STATE_MACHINE,
+                     ERR_R_INTERNAL_ERROR);
+            return SUB_STATE_ERROR;
+        }
+    }
+}
+
+/*
+ * Send a previously constructed message to the peer.
+ */
+static int statem_do_write(SSL *s)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    if (st->hand_state == TLS_ST_CW_CHANGE
+        || st->hand_state == TLS_ST_SW_CHANGE) {
+        if (SSL_IS_DTLS(s))
+            return dtls1_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC);
+        else
+            return ssl3_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC);
+    } else {
+        return ssl_do_write(s);
+    }
+}
+
+/*
+ * Initialise the MSG_FLOW_WRITING sub-state machine
+ */
+static void init_write_state_machine(SSL *s)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    st->write_state = WRITE_STATE_TRANSITION;
+}
+
+/*
+ * This function implements the sub-state machine when the message flow is in
+ * MSG_FLOW_WRITING. The valid sub-states and transitions are:
+ *
+ * +-> WRITE_STATE_TRANSITION ------> [SUB_STATE_FINISHED]
+ * |             |
+ * |             v
+ * |      WRITE_STATE_PRE_WORK -----> [SUB_STATE_END_HANDSHAKE]
+ * |             |
+ * |             v
+ * |       WRITE_STATE_SEND
+ * |             |
+ * |             v
+ * |     WRITE_STATE_POST_WORK
+ * |             |
+ * +-------------+
+ *
+ * WRITE_STATE_TRANSITION transitions the state of the handshake state machine
+
+ * WRITE_STATE_PRE_WORK performs any work necessary to prepare the later
+ * sending of the message. This could result in an NBIO event occurring in
+ * which case control returns to the calling application. When this function
+ * is recalled we will resume in the same state where we left off.
+ *
+ * WRITE_STATE_SEND sends the message and performs any work to be done after
+ * sending.
+ *
+ * WRITE_STATE_POST_WORK performs any work necessary after the sending of the
+ * message has been completed. As for WRITE_STATE_PRE_WORK this could also
+ * result in an NBIO event.
+ */
+static SUB_STATE_RETURN write_state_machine(SSL *s)
+{
+    OSSL_STATEM *st = &s->statem;
+    int ret;
+    WRITE_TRAN(*transition) (SSL *s);
+    WORK_STATE(*pre_work) (SSL *s, WORK_STATE wst);
+    WORK_STATE(*post_work) (SSL *s, WORK_STATE wst);
+    int (*get_construct_message_f) (SSL *s, WPACKET *pkt,
+                                    int (**confunc) (SSL *s, WPACKET *pkt),
+                                    int *mt);
+    void (*cb) (const SSL *ssl, int type, int val) = NULL;
+    int (*confunc) (SSL *s, WPACKET *pkt);
+    int mt;
+    WPACKET pkt;
+
+    cb = get_callback(s);
+
+    if (s->server) {
+        transition = ossl_statem_server_write_transition;
+        pre_work = ossl_statem_server_pre_work;
+        post_work = ossl_statem_server_post_work;
+        get_construct_message_f = ossl_statem_server_construct_message;
+    } else {
+        transition = ossl_statem_client_write_transition;
+        pre_work = ossl_statem_client_pre_work;
+        post_work = ossl_statem_client_post_work;
+        get_construct_message_f = ossl_statem_client_construct_message;
+    }
+
+    while (1) {
+        switch (st->write_state) {
+        case WRITE_STATE_TRANSITION:
+            if (cb != NULL) {
+                /* Notify callback of an impending state change */
+                if (s->server)
+                    cb(s, SSL_CB_ACCEPT_LOOP, 1);
+                else
+                    cb(s, SSL_CB_CONNECT_LOOP, 1);
+            }
+            switch (transition(s)) {
+            case WRITE_TRAN_CONTINUE:
+                st->write_state = WRITE_STATE_PRE_WORK;
+                st->write_state_work = WORK_MORE_A;
+                break;
+
+            case WRITE_TRAN_FINISHED:
+                return SUB_STATE_FINISHED;
+                break;
+
+            case WRITE_TRAN_ERROR:
+                check_fatal(s, SSL_F_WRITE_STATE_MACHINE);
+                return SUB_STATE_ERROR;
+            }
+            break;
+
+        case WRITE_STATE_PRE_WORK:
+            switch (st->write_state_work = pre_work(s, st->write_state_work)) {
+            case WORK_ERROR:
+                check_fatal(s, SSL_F_WRITE_STATE_MACHINE);
+                /* Fall through */
+            case WORK_MORE_A:
+            case WORK_MORE_B:
+            case WORK_MORE_C:
+                return SUB_STATE_ERROR;
+
+            case WORK_FINISHED_CONTINUE:
+                st->write_state = WRITE_STATE_SEND;
+                break;
+
+            case WORK_FINISHED_STOP:
+                return SUB_STATE_END_HANDSHAKE;
+            }
+            if (!get_construct_message_f(s, &pkt, &confunc, &mt)) {
+                /* SSLfatal() already called */
+                return SUB_STATE_ERROR;
+            }
+            if (mt == SSL3_MT_DUMMY) {
+                /* Skip construction and sending. This isn't a "real" state */
+                st->write_state = WRITE_STATE_POST_WORK;
+                st->write_state_work = WORK_MORE_A;
+                break;
+            }
+            if (!WPACKET_init(&pkt, s->init_buf)
+                    || !ssl_set_handshake_header(s, &pkt, mt)) {
+                WPACKET_cleanup(&pkt);
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_WRITE_STATE_MACHINE,
+                         ERR_R_INTERNAL_ERROR);
+                return SUB_STATE_ERROR;
+            }
+            if (confunc != NULL && !confunc(s, &pkt)) {
+                WPACKET_cleanup(&pkt);
+                check_fatal(s, SSL_F_WRITE_STATE_MACHINE);
+                return SUB_STATE_ERROR;
+            }
+            if (!ssl_close_construct_packet(s, &pkt, mt)
+                    || !WPACKET_finish(&pkt)) {
+                WPACKET_cleanup(&pkt);
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_WRITE_STATE_MACHINE,
+                         ERR_R_INTERNAL_ERROR);
+                return SUB_STATE_ERROR;
+            }
+
+            /* Fall through */
+
+        case WRITE_STATE_SEND:
+            if (SSL_IS_DTLS(s) && st->use_timer) {
+                dtls1_start_timer(s);
+            }
+            ret = statem_do_write(s);
+            if (ret <= 0) {
+                return SUB_STATE_ERROR;
+            }
+            st->write_state = WRITE_STATE_POST_WORK;
+            st->write_state_work = WORK_MORE_A;
+            /* Fall through */
+
+        case WRITE_STATE_POST_WORK:
+            switch (st->write_state_work = post_work(s, st->write_state_work)) {
+            case WORK_ERROR:
+                check_fatal(s, SSL_F_WRITE_STATE_MACHINE);
+                /* Fall through */
+            case WORK_MORE_A:
+            case WORK_MORE_B:
+            case WORK_MORE_C:
+                return SUB_STATE_ERROR;
+
+            case WORK_FINISHED_CONTINUE:
+                st->write_state = WRITE_STATE_TRANSITION;
+                break;
+
+            case WORK_FINISHED_STOP:
+                return SUB_STATE_END_HANDSHAKE;
+            }
+            break;
+
+        default:
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_WRITE_STATE_MACHINE,
+                     ERR_R_INTERNAL_ERROR);
+            return SUB_STATE_ERROR;
+        }
+    }
+}
+
+/*
+ * Flush the write BIO
+ */
+int statem_flush(SSL *s)
+{
+    s->rwstate = SSL_WRITING;
+    if (BIO_flush(s->wbio) <= 0) {
+        return 0;
+    }
+    s->rwstate = SSL_NOTHING;
+
+    return 1;
+}
+
+/*
+ * Called by the record layer to determine whether application data is
+ * allowed to be received in the current handshake state or not.
+ *
+ * Return values are:
+ *   1: Yes (application data allowed)
+ *   0: No (application data not allowed)
+ */
+int ossl_statem_app_data_allowed(SSL *s)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    if (st->state == MSG_FLOW_UNINITED)
+        return 0;
+
+    if (!s->s3->in_read_app_data || (s->s3->total_renegotiations == 0))
+        return 0;
+
+    if (s->server) {
+        /*
+         * If we're a server and we haven't got as far as writing our
+         * ServerHello yet then we allow app data
+         */
+        if (st->hand_state == TLS_ST_BEFORE
+            || st->hand_state == TLS_ST_SR_CLNT_HELLO)
+            return 1;
+    } else {
+        /*
+         * If we're a client and we haven't read the ServerHello yet then we
+         * allow app data
+         */
+        if (st->hand_state == TLS_ST_CW_CLNT_HELLO)
+            return 1;
+    }
+
+    return 0;
+}
+
+/*
+ * This function returns 1 if TLS exporter is ready to export keying
+ * material, or 0 if otherwise.
+ */
+int ossl_statem_export_allowed(SSL *s)
+{
+    return s->s3->previous_server_finished_len != 0
+           && s->statem.hand_state != TLS_ST_SW_FINISHED;
+}
+
+/*
+ * Return 1 if early TLS exporter is ready to export keying material,
+ * or 0 if otherwise.
+ */
+int ossl_statem_export_early_allowed(SSL *s)
+{
+    /*
+     * The early exporter secret is only present on the server if we
+     * have accepted early_data. It is present on the client as long
+     * as we have sent early_data.
+     */
+    return s->ext.early_data == SSL_EARLY_DATA_ACCEPTED
+           || (!s->server && s->ext.early_data != SSL_EARLY_DATA_NOT_SENT);
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/statem/statem.h b/trunk/3rdparty/openssl-1.1-fit/ssl/statem/statem.h
new file mode 100644
index 000000000..144d930fc
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/statem/statem.h
@@ -0,0 +1,157 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*****************************************************************************
+ *                                                                           *
+ * These enums should be considered PRIVATE to the state machine. No         *
+ * non-state machine code should need to use these                           *
+ *                                                                           *
+ *****************************************************************************/
+/*
+ * Valid return codes used for functions performing work prior to or after
+ * sending or receiving a message
+ */
+typedef enum {
+    /* Something went wrong */
+    WORK_ERROR,
+    /* We're done working and there shouldn't be anything else to do after */
+    WORK_FINISHED_STOP,
+    /* We're done working move onto the next thing */
+    WORK_FINISHED_CONTINUE,
+    /* We're working on phase A */
+    WORK_MORE_A,
+    /* We're working on phase B */
+    WORK_MORE_B,
+    /* We're working on phase C */
+    WORK_MORE_C
+} WORK_STATE;
+
+/* Write transition return codes */
+typedef enum {
+    /* Something went wrong */
+    WRITE_TRAN_ERROR,
+    /* A transition was successfully completed and we should continue */
+    WRITE_TRAN_CONTINUE,
+    /* There is no more write work to be done */
+    WRITE_TRAN_FINISHED
+} WRITE_TRAN;
+
+/* Message flow states */
+typedef enum {
+    /* No handshake in progress */
+    MSG_FLOW_UNINITED,
+    /* A permanent error with this connection */
+    MSG_FLOW_ERROR,
+    /* We are reading messages */
+    MSG_FLOW_READING,
+    /* We are writing messages */
+    MSG_FLOW_WRITING,
+    /* Handshake has finished */
+    MSG_FLOW_FINISHED
+} MSG_FLOW_STATE;
+
+/* Read states */
+typedef enum {
+    READ_STATE_HEADER,
+    READ_STATE_BODY,
+    READ_STATE_POST_PROCESS
+} READ_STATE;
+
+/* Write states */
+typedef enum {
+    WRITE_STATE_TRANSITION,
+    WRITE_STATE_PRE_WORK,
+    WRITE_STATE_SEND,
+    WRITE_STATE_POST_WORK
+} WRITE_STATE;
+
+typedef enum {
+    /* The enc_write_ctx can be used normally */
+    ENC_WRITE_STATE_VALID,
+    /* The enc_write_ctx cannot be used */
+    ENC_WRITE_STATE_INVALID,
+    /* Write alerts in plaintext, but otherwise use the enc_write_ctx */
+    ENC_WRITE_STATE_WRITE_PLAIN_ALERTS
+} ENC_WRITE_STATES;
+
+typedef enum {
+    /* The enc_read_ctx can be used normally */
+    ENC_READ_STATE_VALID,
+    /* We may receive encrypted or plaintext alerts */
+    ENC_READ_STATE_ALLOW_PLAIN_ALERTS
+} ENC_READ_STATES;
+
+/*****************************************************************************
+ *                                                                           *
+ * This structure should be considered "opaque" to anything outside of the   *
+ * state machine. No non-state machine code should be accessing the members  *
+ * of this structure.                                                        *
+ *                                                                           *
+ *****************************************************************************/
+
+struct ossl_statem_st {
+    MSG_FLOW_STATE state;
+    WRITE_STATE write_state;
+    WORK_STATE write_state_work;
+    READ_STATE read_state;
+    WORK_STATE read_state_work;
+    OSSL_HANDSHAKE_STATE hand_state;
+    /* The handshake state requested by an API call (e.g. HelloRequest) */
+    OSSL_HANDSHAKE_STATE request_state;
+    int in_init;
+    int read_state_first_init;
+    /* true when we are actually in SSL_accept() or SSL_connect() */
+    int in_handshake;
+    /*
+     * True when are processing a "real" handshake that needs cleaning up (not
+     * just a HelloRequest or similar).
+     */
+    int cleanuphand;
+    /* Should we skip the CertificateVerify message? */
+    unsigned int no_cert_verify;
+    int use_timer;
+    ENC_WRITE_STATES enc_write_state;
+    ENC_READ_STATES enc_read_state;
+};
+typedef struct ossl_statem_st OSSL_STATEM;
+
+/*****************************************************************************
+ *                                                                           *
+ * The following macros/functions represent the libssl internal API to the   *
+ * state machine. Any libssl code may call these functions/macros            *
+ *                                                                           *
+ *****************************************************************************/
+
+__owur int ossl_statem_accept(SSL *s);
+__owur int ossl_statem_connect(SSL *s);
+void ossl_statem_clear(SSL *s);
+void ossl_statem_set_renegotiate(SSL *s);
+void ossl_statem_fatal(SSL *s, int al, int func, int reason, const char *file,
+                       int line);
+# define SSL_AD_NO_ALERT    -1
+# ifndef OPENSSL_NO_ERR
+#  define SSLfatal(s, al, f, r)  ossl_statem_fatal((s), (al), (f), (r), \
+                                                   OPENSSL_FILE, OPENSSL_LINE)
+# else
+#  define SSLfatal(s, al, f, r)  ossl_statem_fatal((s), (al), (f), (r), NULL, 0)
+# endif
+
+int ossl_statem_in_error(const SSL *s);
+void ossl_statem_set_in_init(SSL *s, int init);
+int ossl_statem_get_in_handshake(SSL *s);
+void ossl_statem_set_in_handshake(SSL *s, int inhand);
+__owur int ossl_statem_skip_early_data(SSL *s);
+void ossl_statem_check_finish_init(SSL *s, int send);
+void ossl_statem_set_hello_verify_done(SSL *s);
+__owur int ossl_statem_app_data_allowed(SSL *s);
+__owur int ossl_statem_export_allowed(SSL *s);
+__owur int ossl_statem_export_early_allowed(SSL *s);
+
+/* Flush the write BIO */
+int statem_flush(SSL *s);
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/statem/statem_clnt.c b/trunk/3rdparty/openssl-1.1-fit/ssl/statem/statem_clnt.c
new file mode 100644
index 000000000..e56d24dff
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/statem/statem_clnt.c
@@ -0,0 +1,3851 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include <assert.h>
+#include "../ssl_locl.h"
+#include "statem_locl.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/md5.h>
+#include <openssl/dh.h>
+#include <openssl/bn.h>
+#include <openssl/engine.h>
+#include <internal/cryptlib.h>
+
+static MSG_PROCESS_RETURN tls_process_as_hello_retry_request(SSL *s, PACKET *pkt);
+static MSG_PROCESS_RETURN tls_process_encrypted_extensions(SSL *s, PACKET *pkt);
+
+static ossl_inline int cert_req_allowed(SSL *s);
+static int key_exchange_expected(SSL *s);
+static int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
+                                    WPACKET *pkt);
+
+/*
+ * Is a CertificateRequest message allowed at the moment or not?
+ *
+ *  Return values are:
+ *  1: Yes
+ *  0: No
+ */
+static ossl_inline int cert_req_allowed(SSL *s)
+{
+    /* TLS does not like anon-DH with client cert */
+    if ((s->version > SSL3_VERSION
+         && (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL))
+        || (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aSRP | SSL_aPSK)))
+        return 0;
+
+    return 1;
+}
+
+/*
+ * Should we expect the ServerKeyExchange message or not?
+ *
+ *  Return values are:
+ *  1: Yes
+ *  0: No
+ */
+static int key_exchange_expected(SSL *s)
+{
+    long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+
+    /*
+     * Can't skip server key exchange if this is an ephemeral
+     * ciphersuite or for SRP
+     */
+    if (alg_k & (SSL_kDHE | SSL_kECDHE | SSL_kDHEPSK | SSL_kECDHEPSK
+                 | SSL_kSRP)) {
+        return 1;
+    }
+
+    return 0;
+}
+
+/*
+ * ossl_statem_client_read_transition() encapsulates the logic for the allowed
+ * handshake state transitions when a TLS1.3 client is reading messages from the
+ * server. The message type that the server has sent is provided in |mt|. The
+ * current state is in |s->statem.hand_state|.
+ *
+ * Return values are 1 for success (transition allowed) and  0 on error
+ * (transition not allowed)
+ */
+static int ossl_statem_client13_read_transition(SSL *s, int mt)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    /*
+     * Note: There is no case for TLS_ST_CW_CLNT_HELLO, because we haven't
+     * yet negotiated TLSv1.3 at that point so that is handled by
+     * ossl_statem_client_read_transition()
+     */
+
+    switch (st->hand_state) {
+    default:
+        break;
+
+    case TLS_ST_CW_CLNT_HELLO:
+        /*
+         * This must a ClientHello following a HelloRetryRequest, so the only
+         * thing we can get now is a ServerHello.
+         */
+        if (mt == SSL3_MT_SERVER_HELLO) {
+            st->hand_state = TLS_ST_CR_SRVR_HELLO;
+            return 1;
+        }
+        break;
+
+    case TLS_ST_CR_SRVR_HELLO:
+        if (mt == SSL3_MT_ENCRYPTED_EXTENSIONS) {
+            st->hand_state = TLS_ST_CR_ENCRYPTED_EXTENSIONS;
+            return 1;
+        }
+        break;
+
+    case TLS_ST_CR_ENCRYPTED_EXTENSIONS:
+        if (s->hit) {
+            if (mt == SSL3_MT_FINISHED) {
+                st->hand_state = TLS_ST_CR_FINISHED;
+                return 1;
+            }
+        } else {
+            if (mt == SSL3_MT_CERTIFICATE_REQUEST) {
+                st->hand_state = TLS_ST_CR_CERT_REQ;
+                return 1;
+            }
+            if (mt == SSL3_MT_CERTIFICATE) {
+                st->hand_state = TLS_ST_CR_CERT;
+                return 1;
+            }
+        }
+        break;
+
+    case TLS_ST_CR_CERT_REQ:
+        if (mt == SSL3_MT_CERTIFICATE) {
+            st->hand_state = TLS_ST_CR_CERT;
+            return 1;
+        }
+        break;
+
+    case TLS_ST_CR_CERT:
+        if (mt == SSL3_MT_CERTIFICATE_VERIFY) {
+            st->hand_state = TLS_ST_CR_CERT_VRFY;
+            return 1;
+        }
+        break;
+
+    case TLS_ST_CR_CERT_VRFY:
+        if (mt == SSL3_MT_FINISHED) {
+            st->hand_state = TLS_ST_CR_FINISHED;
+            return 1;
+        }
+        break;
+
+    case TLS_ST_OK:
+        if (mt == SSL3_MT_NEWSESSION_TICKET) {
+            st->hand_state = TLS_ST_CR_SESSION_TICKET;
+            return 1;
+        }
+        if (mt == SSL3_MT_KEY_UPDATE) {
+            st->hand_state = TLS_ST_CR_KEY_UPDATE;
+            return 1;
+        }
+        if (mt == SSL3_MT_CERTIFICATE_REQUEST) {
+#if DTLS_MAX_VERSION != DTLS1_2_VERSION
+# error TODO(DTLS1.3): Restore digest for PHA before adding message.
+#endif
+            if (!SSL_IS_DTLS(s) && s->post_handshake_auth == SSL_PHA_EXT_SENT) {
+                s->post_handshake_auth = SSL_PHA_REQUESTED;
+                /*
+                 * In TLS, this is called before the message is added to the
+                 * digest. In DTLS, this is expected to be called after adding
+                 * to the digest. Either move the digest restore, or add the
+                 * message here after the swap, or do it after the clientFinished?
+                 */
+                if (!tls13_restore_handshake_digest_for_pha(s)) {
+                    /* SSLfatal() already called */
+                    return 0;
+                }
+                st->hand_state = TLS_ST_CR_CERT_REQ;
+                return 1;
+            }
+        }
+        break;
+    }
+
+    /* No valid transition found */
+    return 0;
+}
+
+/*
+ * ossl_statem_client_read_transition() encapsulates the logic for the allowed
+ * handshake state transitions when the client is reading messages from the
+ * server. The message type that the server has sent is provided in |mt|. The
+ * current state is in |s->statem.hand_state|.
+ *
+ * Return values are 1 for success (transition allowed) and  0 on error
+ * (transition not allowed)
+ */
+int ossl_statem_client_read_transition(SSL *s, int mt)
+{
+    OSSL_STATEM *st = &s->statem;
+    int ske_expected;
+
+    /*
+     * Note that after writing the first ClientHello we don't know what version
+     * we are going to negotiate yet, so we don't take this branch until later.
+     */
+    if (SSL_IS_TLS13(s)) {
+        if (!ossl_statem_client13_read_transition(s, mt))
+            goto err;
+        return 1;
+    }
+
+    switch (st->hand_state) {
+    default:
+        break;
+
+    case TLS_ST_CW_CLNT_HELLO:
+        if (mt == SSL3_MT_SERVER_HELLO) {
+            st->hand_state = TLS_ST_CR_SRVR_HELLO;
+            return 1;
+        }
+
+        if (SSL_IS_DTLS(s)) {
+            if (mt == DTLS1_MT_HELLO_VERIFY_REQUEST) {
+                st->hand_state = DTLS_ST_CR_HELLO_VERIFY_REQUEST;
+                return 1;
+            }
+        }
+        break;
+
+    case TLS_ST_EARLY_DATA:
+        /*
+         * We've not actually selected TLSv1.3 yet, but we have sent early
+         * data. The only thing allowed now is a ServerHello or a
+         * HelloRetryRequest.
+         */
+        if (mt == SSL3_MT_SERVER_HELLO) {
+            st->hand_state = TLS_ST_CR_SRVR_HELLO;
+            return 1;
+        }
+        break;
+
+    case TLS_ST_CR_SRVR_HELLO:
+        if (s->hit) {
+            if (s->ext.ticket_expected) {
+                if (mt == SSL3_MT_NEWSESSION_TICKET) {
+                    st->hand_state = TLS_ST_CR_SESSION_TICKET;
+                    return 1;
+                }
+            } else if (mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
+                st->hand_state = TLS_ST_CR_CHANGE;
+                return 1;
+            }
+        } else {
+            if (SSL_IS_DTLS(s) && mt == DTLS1_MT_HELLO_VERIFY_REQUEST) {
+                st->hand_state = DTLS_ST_CR_HELLO_VERIFY_REQUEST;
+                return 1;
+            } else if (s->version >= TLS1_VERSION
+                       && s->ext.session_secret_cb != NULL
+                       && s->session->ext.tick != NULL
+                       && mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
+                /*
+                 * Normally, we can tell if the server is resuming the session
+                 * from the session ID. EAP-FAST (RFC 4851), however, relies on
+                 * the next server message after the ServerHello to determine if
+                 * the server is resuming.
+                 */
+                s->hit = 1;
+                st->hand_state = TLS_ST_CR_CHANGE;
+                return 1;
+            } else if (!(s->s3->tmp.new_cipher->algorithm_auth
+                         & (SSL_aNULL | SSL_aSRP | SSL_aPSK))) {
+                if (mt == SSL3_MT_CERTIFICATE) {
+                    st->hand_state = TLS_ST_CR_CERT;
+                    return 1;
+                }
+            } else {
+                ske_expected = key_exchange_expected(s);
+                /* SKE is optional for some PSK ciphersuites */
+                if (ske_expected
+                    || ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK)
+                        && mt == SSL3_MT_SERVER_KEY_EXCHANGE)) {
+                    if (mt == SSL3_MT_SERVER_KEY_EXCHANGE) {
+                        st->hand_state = TLS_ST_CR_KEY_EXCH;
+                        return 1;
+                    }
+                } else if (mt == SSL3_MT_CERTIFICATE_REQUEST
+                           && cert_req_allowed(s)) {
+                    st->hand_state = TLS_ST_CR_CERT_REQ;
+                    return 1;
+                } else if (mt == SSL3_MT_SERVER_DONE) {
+                    st->hand_state = TLS_ST_CR_SRVR_DONE;
+                    return 1;
+                }
+            }
+        }
+        break;
+
+    case TLS_ST_CR_CERT:
+        /*
+         * The CertificateStatus message is optional even if
+         * |ext.status_expected| is set
+         */
+        if (s->ext.status_expected && mt == SSL3_MT_CERTIFICATE_STATUS) {
+            st->hand_state = TLS_ST_CR_CERT_STATUS;
+            return 1;
+        }
+        /* Fall through */
+
+    case TLS_ST_CR_CERT_STATUS:
+        ske_expected = key_exchange_expected(s);
+        /* SKE is optional for some PSK ciphersuites */
+        if (ske_expected || ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK)
+                             && mt == SSL3_MT_SERVER_KEY_EXCHANGE)) {
+            if (mt == SSL3_MT_SERVER_KEY_EXCHANGE) {
+                st->hand_state = TLS_ST_CR_KEY_EXCH;
+                return 1;
+            }
+            goto err;
+        }
+        /* Fall through */
+
+    case TLS_ST_CR_KEY_EXCH:
+        if (mt == SSL3_MT_CERTIFICATE_REQUEST) {
+            if (cert_req_allowed(s)) {
+                st->hand_state = TLS_ST_CR_CERT_REQ;
+                return 1;
+            }
+            goto err;
+        }
+        /* Fall through */
+
+    case TLS_ST_CR_CERT_REQ:
+        if (mt == SSL3_MT_SERVER_DONE) {
+            st->hand_state = TLS_ST_CR_SRVR_DONE;
+            return 1;
+        }
+        break;
+
+    case TLS_ST_CW_FINISHED:
+        if (s->ext.ticket_expected) {
+            if (mt == SSL3_MT_NEWSESSION_TICKET) {
+                st->hand_state = TLS_ST_CR_SESSION_TICKET;
+                return 1;
+            }
+        } else if (mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
+            st->hand_state = TLS_ST_CR_CHANGE;
+            return 1;
+        }
+        break;
+
+    case TLS_ST_CR_SESSION_TICKET:
+        if (mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
+            st->hand_state = TLS_ST_CR_CHANGE;
+            return 1;
+        }
+        break;
+
+    case TLS_ST_CR_CHANGE:
+        if (mt == SSL3_MT_FINISHED) {
+            st->hand_state = TLS_ST_CR_FINISHED;
+            return 1;
+        }
+        break;
+
+    case TLS_ST_OK:
+        if (mt == SSL3_MT_HELLO_REQUEST) {
+            st->hand_state = TLS_ST_CR_HELLO_REQ;
+            return 1;
+        }
+        break;
+    }
+
+ err:
+    /* No valid transition found */
+    if (SSL_IS_DTLS(s) && mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
+        BIO *rbio;
+
+        /*
+         * CCS messages don't have a message sequence number so this is probably
+         * because of an out-of-order CCS. We'll just drop it.
+         */
+        s->init_num = 0;
+        s->rwstate = SSL_READING;
+        rbio = SSL_get_rbio(s);
+        BIO_clear_retry_flags(rbio);
+        BIO_set_retry_read(rbio);
+        return 0;
+    }
+    SSLfatal(s, SSL3_AD_UNEXPECTED_MESSAGE,
+             SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION,
+             SSL_R_UNEXPECTED_MESSAGE);
+    return 0;
+}
+
+/*
+ * ossl_statem_client13_write_transition() works out what handshake state to
+ * move to next when the TLSv1.3 client is writing messages to be sent to the
+ * server.
+ */
+static WRITE_TRAN ossl_statem_client13_write_transition(SSL *s)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    /*
+     * Note: There are no cases for TLS_ST_BEFORE because we haven't negotiated
+     * TLSv1.3 yet at that point. They are handled by
+     * ossl_statem_client_write_transition().
+     */
+    switch (st->hand_state) {
+    default:
+        /* Shouldn't happen */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_OSSL_STATEM_CLIENT13_WRITE_TRANSITION,
+                 ERR_R_INTERNAL_ERROR);
+        return WRITE_TRAN_ERROR;
+
+    case TLS_ST_CR_CERT_REQ:
+        if (s->post_handshake_auth == SSL_PHA_REQUESTED) {
+            st->hand_state = TLS_ST_CW_CERT;
+            return WRITE_TRAN_CONTINUE;
+        }
+        /*
+         * We should only get here if we received a CertificateRequest after
+         * we already sent close_notify
+         */
+        if (!ossl_assert((s->shutdown & SSL_SENT_SHUTDOWN) != 0)) {
+            /* Shouldn't happen - same as default case */
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_OSSL_STATEM_CLIENT13_WRITE_TRANSITION,
+                     ERR_R_INTERNAL_ERROR);
+            return WRITE_TRAN_ERROR;
+        }
+        st->hand_state = TLS_ST_OK;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_CR_FINISHED:
+        if (s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY
+                || s->early_data_state == SSL_EARLY_DATA_FINISHED_WRITING)
+            st->hand_state = TLS_ST_PENDING_EARLY_DATA_END;
+        else if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0
+                 && s->hello_retry_request == SSL_HRR_NONE)
+            st->hand_state = TLS_ST_CW_CHANGE;
+        else
+            st->hand_state = (s->s3->tmp.cert_req != 0) ? TLS_ST_CW_CERT
+                                                        : TLS_ST_CW_FINISHED;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_PENDING_EARLY_DATA_END:
+        if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {
+            st->hand_state = TLS_ST_CW_END_OF_EARLY_DATA;
+            return WRITE_TRAN_CONTINUE;
+        }
+        /* Fall through */
+
+    case TLS_ST_CW_END_OF_EARLY_DATA:
+    case TLS_ST_CW_CHANGE:
+        st->hand_state = (s->s3->tmp.cert_req != 0) ? TLS_ST_CW_CERT
+                                                    : TLS_ST_CW_FINISHED;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_CW_CERT:
+        /* If a non-empty Certificate we also send CertificateVerify */
+        st->hand_state = (s->s3->tmp.cert_req == 1) ? TLS_ST_CW_CERT_VRFY
+                                                    : TLS_ST_CW_FINISHED;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_CW_CERT_VRFY:
+        st->hand_state = TLS_ST_CW_FINISHED;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_CR_KEY_UPDATE:
+        if (s->key_update != SSL_KEY_UPDATE_NONE) {
+            st->hand_state = TLS_ST_CW_KEY_UPDATE;
+            return WRITE_TRAN_CONTINUE;
+        }
+        /* Fall through */
+
+    case TLS_ST_CW_KEY_UPDATE:
+    case TLS_ST_CR_SESSION_TICKET:
+    case TLS_ST_CW_FINISHED:
+        st->hand_state = TLS_ST_OK;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_OK:
+        if (s->key_update != SSL_KEY_UPDATE_NONE) {
+            st->hand_state = TLS_ST_CW_KEY_UPDATE;
+            return WRITE_TRAN_CONTINUE;
+        }
+
+        /* Try to read from the server instead */
+        return WRITE_TRAN_FINISHED;
+    }
+}
+
+/*
+ * ossl_statem_client_write_transition() works out what handshake state to
+ * move to next when the client is writing messages to be sent to the server.
+ */
+WRITE_TRAN ossl_statem_client_write_transition(SSL *s)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    /*
+     * Note that immediately before/after a ClientHello we don't know what
+     * version we are going to negotiate yet, so we don't take this branch until
+     * later
+     */
+    if (SSL_IS_TLS13(s))
+        return ossl_statem_client13_write_transition(s);
+
+    switch (st->hand_state) {
+    default:
+        /* Shouldn't happen */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_OSSL_STATEM_CLIENT_WRITE_TRANSITION,
+                 ERR_R_INTERNAL_ERROR);
+        return WRITE_TRAN_ERROR;
+
+    case TLS_ST_OK:
+        if (!s->renegotiate) {
+            /*
+             * We haven't requested a renegotiation ourselves so we must have
+             * received a message from the server. Better read it.
+             */
+            return WRITE_TRAN_FINISHED;
+        }
+        /* Renegotiation */
+        /* fall thru */
+    case TLS_ST_BEFORE:
+        st->hand_state = TLS_ST_CW_CLNT_HELLO;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_CW_CLNT_HELLO:
+        if (s->early_data_state == SSL_EARLY_DATA_CONNECTING) {
+            /*
+             * We are assuming this is a TLSv1.3 connection, although we haven't
+             * actually selected a version yet.
+             */
+            if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0)
+                st->hand_state = TLS_ST_CW_CHANGE;
+            else
+                st->hand_state = TLS_ST_EARLY_DATA;
+            return WRITE_TRAN_CONTINUE;
+        }
+        /*
+         * No transition at the end of writing because we don't know what
+         * we will be sent
+         */
+        return WRITE_TRAN_FINISHED;
+
+    case TLS_ST_CR_SRVR_HELLO:
+        /*
+         * We only get here in TLSv1.3. We just received an HRR, so issue a
+         * CCS unless middlebox compat mode is off, or we already issued one
+         * because we did early data.
+         */
+        if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0
+                && s->early_data_state != SSL_EARLY_DATA_FINISHED_WRITING)
+            st->hand_state = TLS_ST_CW_CHANGE;
+        else
+            st->hand_state = TLS_ST_CW_CLNT_HELLO;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_EARLY_DATA:
+        return WRITE_TRAN_FINISHED;
+
+    case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
+        st->hand_state = TLS_ST_CW_CLNT_HELLO;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_CR_SRVR_DONE:
+        if (s->s3->tmp.cert_req)
+            st->hand_state = TLS_ST_CW_CERT;
+        else
+            st->hand_state = TLS_ST_CW_KEY_EXCH;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_CW_CERT:
+        st->hand_state = TLS_ST_CW_KEY_EXCH;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_CW_KEY_EXCH:
+        /*
+         * For TLS, cert_req is set to 2, so a cert chain of nothing is
+         * sent, but no verify packet is sent
+         */
+        /*
+         * XXX: For now, we do not support client authentication in ECDH
+         * cipher suites with ECDH (rather than ECDSA) certificates. We
+         * need to skip the certificate verify message when client's
+         * ECDH public key is sent inside the client certificate.
+         */
+        if (s->s3->tmp.cert_req == 1) {
+            st->hand_state = TLS_ST_CW_CERT_VRFY;
+        } else {
+            st->hand_state = TLS_ST_CW_CHANGE;
+        }
+        if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) {
+            st->hand_state = TLS_ST_CW_CHANGE;
+        }
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_CW_CERT_VRFY:
+        st->hand_state = TLS_ST_CW_CHANGE;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_CW_CHANGE:
+        if (s->hello_retry_request == SSL_HRR_PENDING) {
+            st->hand_state = TLS_ST_CW_CLNT_HELLO;
+        } else if (s->early_data_state == SSL_EARLY_DATA_CONNECTING) {
+            st->hand_state = TLS_ST_EARLY_DATA;
+        } else {
+#if defined(OPENSSL_NO_NEXTPROTONEG)
+            st->hand_state = TLS_ST_CW_FINISHED;
+#else
+            if (!SSL_IS_DTLS(s) && s->s3->npn_seen)
+                st->hand_state = TLS_ST_CW_NEXT_PROTO;
+            else
+                st->hand_state = TLS_ST_CW_FINISHED;
+#endif
+        }
+        return WRITE_TRAN_CONTINUE;
+
+#if !defined(OPENSSL_NO_NEXTPROTONEG)
+    case TLS_ST_CW_NEXT_PROTO:
+        st->hand_state = TLS_ST_CW_FINISHED;
+        return WRITE_TRAN_CONTINUE;
+#endif
+
+    case TLS_ST_CW_FINISHED:
+        if (s->hit) {
+            st->hand_state = TLS_ST_OK;
+            return WRITE_TRAN_CONTINUE;
+        } else {
+            return WRITE_TRAN_FINISHED;
+        }
+
+    case TLS_ST_CR_FINISHED:
+        if (s->hit) {
+            st->hand_state = TLS_ST_CW_CHANGE;
+            return WRITE_TRAN_CONTINUE;
+        } else {
+            st->hand_state = TLS_ST_OK;
+            return WRITE_TRAN_CONTINUE;
+        }
+
+    case TLS_ST_CR_HELLO_REQ:
+        /*
+         * If we can renegotiate now then do so, otherwise wait for a more
+         * convenient time.
+         */
+        if (ssl3_renegotiate_check(s, 1)) {
+            if (!tls_setup_handshake(s)) {
+                /* SSLfatal() already called */
+                return WRITE_TRAN_ERROR;
+            }
+            st->hand_state = TLS_ST_CW_CLNT_HELLO;
+            return WRITE_TRAN_CONTINUE;
+        }
+        st->hand_state = TLS_ST_OK;
+        return WRITE_TRAN_CONTINUE;
+    }
+}
+
+/*
+ * Perform any pre work that needs to be done prior to sending a message from
+ * the client to the server.
+ */
+WORK_STATE ossl_statem_client_pre_work(SSL *s, WORK_STATE wst)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    switch (st->hand_state) {
+    default:
+        /* No pre work to be done */
+        break;
+
+    case TLS_ST_CW_CLNT_HELLO:
+        s->shutdown = 0;
+        if (SSL_IS_DTLS(s)) {
+            /* every DTLS ClientHello resets Finished MAC */
+            if (!ssl3_init_finished_mac(s)) {
+                /* SSLfatal() already called */
+                return WORK_ERROR;
+            }
+        }
+        break;
+
+    case TLS_ST_CW_CHANGE:
+        if (SSL_IS_DTLS(s)) {
+            if (s->hit) {
+                /*
+                 * We're into the last flight so we don't retransmit these
+                 * messages unless we need to.
+                 */
+                st->use_timer = 0;
+            }
+#ifndef OPENSSL_NO_SCTP
+            if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
+                /* Calls SSLfatal() as required */
+                return dtls_wait_for_dry(s);
+            }
+#endif
+        }
+        break;
+
+    case TLS_ST_PENDING_EARLY_DATA_END:
+        /*
+         * If we've been called by SSL_do_handshake()/SSL_write(), or we did not
+         * attempt to write early data before calling SSL_read() then we press
+         * on with the handshake. Otherwise we pause here.
+         */
+        if (s->early_data_state == SSL_EARLY_DATA_FINISHED_WRITING
+                || s->early_data_state == SSL_EARLY_DATA_NONE)
+            return WORK_FINISHED_CONTINUE;
+        /* Fall through */
+
+    case TLS_ST_EARLY_DATA:
+        return tls_finish_handshake(s, wst, 0, 1);
+
+    case TLS_ST_OK:
+        /* Calls SSLfatal() as required */
+        return tls_finish_handshake(s, wst, 1, 1);
+    }
+
+    return WORK_FINISHED_CONTINUE;
+}
+
+/*
+ * Perform any work that needs to be done after sending a message from the
+ * client to the server.
+ */
+WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    s->init_num = 0;
+
+    switch (st->hand_state) {
+    default:
+        /* No post work to be done */
+        break;
+
+    case TLS_ST_CW_CLNT_HELLO:
+        if (s->early_data_state == SSL_EARLY_DATA_CONNECTING
+                && s->max_early_data > 0) {
+            /*
+             * We haven't selected TLSv1.3 yet so we don't call the change
+             * cipher state function associated with the SSL_METHOD. Instead
+             * we call tls13_change_cipher_state() directly.
+             */
+            if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) == 0) {
+                if (!tls13_change_cipher_state(s,
+                            SSL3_CC_EARLY | SSL3_CHANGE_CIPHER_CLIENT_WRITE)) {
+                    /* SSLfatal() already called */
+                    return WORK_ERROR;
+                }
+            }
+            /* else we're in compat mode so we delay flushing until after CCS */
+        } else if (!statem_flush(s)) {
+            return WORK_MORE_A;
+        }
+
+        if (SSL_IS_DTLS(s)) {
+            /* Treat the next message as the first packet */
+            s->first_packet = 1;
+        }
+        break;
+
+    case TLS_ST_CW_END_OF_EARLY_DATA:
+        /*
+         * We set the enc_write_ctx back to NULL because we may end up writing
+         * in cleartext again if we get a HelloRetryRequest from the server.
+         */
+        EVP_CIPHER_CTX_free(s->enc_write_ctx);
+        s->enc_write_ctx = NULL;
+        break;
+
+    case TLS_ST_CW_KEY_EXCH:
+        if (tls_client_key_exchange_post_work(s) == 0) {
+            /* SSLfatal() already called */
+            return WORK_ERROR;
+        }
+        break;
+
+    case TLS_ST_CW_CHANGE:
+        if (SSL_IS_TLS13(s) || s->hello_retry_request == SSL_HRR_PENDING)
+            break;
+        if (s->early_data_state == SSL_EARLY_DATA_CONNECTING
+                    && s->max_early_data > 0) {
+            /*
+             * We haven't selected TLSv1.3 yet so we don't call the change
+             * cipher state function associated with the SSL_METHOD. Instead
+             * we call tls13_change_cipher_state() directly.
+             */
+            if (!tls13_change_cipher_state(s,
+                        SSL3_CC_EARLY | SSL3_CHANGE_CIPHER_CLIENT_WRITE))
+                return WORK_ERROR;
+            break;
+        }
+        s->session->cipher = s->s3->tmp.new_cipher;
+#ifdef OPENSSL_NO_COMP
+        s->session->compress_meth = 0;
+#else
+        if (s->s3->tmp.new_compression == NULL)
+            s->session->compress_meth = 0;
+        else
+            s->session->compress_meth = s->s3->tmp.new_compression->id;
+#endif
+        if (!s->method->ssl3_enc->setup_key_block(s)) {
+            /* SSLfatal() already called */
+            return WORK_ERROR;
+        }
+
+        if (!s->method->ssl3_enc->change_cipher_state(s,
+                                          SSL3_CHANGE_CIPHER_CLIENT_WRITE)) {
+            /* SSLfatal() already called */
+            return WORK_ERROR;
+        }
+
+        if (SSL_IS_DTLS(s)) {
+#ifndef OPENSSL_NO_SCTP
+            if (s->hit) {
+                /*
+                 * Change to new shared key of SCTP-Auth, will be ignored if
+                 * no SCTP used.
+                 */
+                BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY,
+                         0, NULL);
+            }
+#endif
+
+            dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
+        }
+        break;
+
+    case TLS_ST_CW_FINISHED:
+#ifndef OPENSSL_NO_SCTP
+        if (wst == WORK_MORE_A && SSL_IS_DTLS(s) && s->hit == 0) {
+            /*
+             * Change to new shared key of SCTP-Auth, will be ignored if
+             * no SCTP used.
+             */
+            BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY,
+                     0, NULL);
+        }
+#endif
+        if (statem_flush(s) != 1)
+            return WORK_MORE_B;
+
+        if (SSL_IS_TLS13(s)) {
+            if (!tls13_save_handshake_digest_for_pha(s)) {
+                /* SSLfatal() already called */
+                return WORK_ERROR;
+            }
+            if (s->post_handshake_auth != SSL_PHA_REQUESTED) {
+                if (!s->method->ssl3_enc->change_cipher_state(s,
+                        SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_CLIENT_WRITE)) {
+                    /* SSLfatal() already called */
+                    return WORK_ERROR;
+                }
+            }
+        }
+        break;
+
+    case TLS_ST_CW_KEY_UPDATE:
+        if (statem_flush(s) != 1)
+            return WORK_MORE_A;
+        if (!tls13_update_key(s, 1)) {
+            /* SSLfatal() already called */
+            return WORK_ERROR;
+        }
+        break;
+    }
+
+    return WORK_FINISHED_CONTINUE;
+}
+
+/*
+ * Get the message construction function and message type for sending from the
+ * client
+ *
+ * Valid return values are:
+ *   1: Success
+ *   0: Error
+ */
+int ossl_statem_client_construct_message(SSL *s, WPACKET *pkt,
+                                         confunc_f *confunc, int *mt)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    switch (st->hand_state) {
+    default:
+        /* Shouldn't happen */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_OSSL_STATEM_CLIENT_CONSTRUCT_MESSAGE,
+                 SSL_R_BAD_HANDSHAKE_STATE);
+        return 0;
+
+    case TLS_ST_CW_CHANGE:
+        if (SSL_IS_DTLS(s))
+            *confunc = dtls_construct_change_cipher_spec;
+        else
+            *confunc = tls_construct_change_cipher_spec;
+        *mt = SSL3_MT_CHANGE_CIPHER_SPEC;
+        break;
+
+    case TLS_ST_CW_CLNT_HELLO:
+        *confunc = tls_construct_client_hello;
+        *mt = SSL3_MT_CLIENT_HELLO;
+        break;
+
+    case TLS_ST_CW_END_OF_EARLY_DATA:
+        *confunc = tls_construct_end_of_early_data;
+        *mt = SSL3_MT_END_OF_EARLY_DATA;
+        break;
+
+    case TLS_ST_PENDING_EARLY_DATA_END:
+        *confunc = NULL;
+        *mt = SSL3_MT_DUMMY;
+        break;
+
+    case TLS_ST_CW_CERT:
+        *confunc = tls_construct_client_certificate;
+        *mt = SSL3_MT_CERTIFICATE;
+        break;
+
+    case TLS_ST_CW_KEY_EXCH:
+        *confunc = tls_construct_client_key_exchange;
+        *mt = SSL3_MT_CLIENT_KEY_EXCHANGE;
+        break;
+
+    case TLS_ST_CW_CERT_VRFY:
+        *confunc = tls_construct_cert_verify;
+        *mt = SSL3_MT_CERTIFICATE_VERIFY;
+        break;
+
+#if !defined(OPENSSL_NO_NEXTPROTONEG)
+    case TLS_ST_CW_NEXT_PROTO:
+        *confunc = tls_construct_next_proto;
+        *mt = SSL3_MT_NEXT_PROTO;
+        break;
+#endif
+    case TLS_ST_CW_FINISHED:
+        *confunc = tls_construct_finished;
+        *mt = SSL3_MT_FINISHED;
+        break;
+
+    case TLS_ST_CW_KEY_UPDATE:
+        *confunc = tls_construct_key_update;
+        *mt = SSL3_MT_KEY_UPDATE;
+        break;
+    }
+
+    return 1;
+}
+
+/*
+ * Returns the maximum allowed length for the current message that we are
+ * reading. Excludes the message header.
+ */
+size_t ossl_statem_client_max_message_size(SSL *s)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    switch (st->hand_state) {
+    default:
+        /* Shouldn't happen */
+        return 0;
+
+    case TLS_ST_CR_SRVR_HELLO:
+        return SERVER_HELLO_MAX_LENGTH;
+
+    case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
+        return HELLO_VERIFY_REQUEST_MAX_LENGTH;
+
+    case TLS_ST_CR_CERT:
+        return s->max_cert_list;
+
+    case TLS_ST_CR_CERT_VRFY:
+        return SSL3_RT_MAX_PLAIN_LENGTH;
+
+    case TLS_ST_CR_CERT_STATUS:
+        return SSL3_RT_MAX_PLAIN_LENGTH;
+
+    case TLS_ST_CR_KEY_EXCH:
+        return SERVER_KEY_EXCH_MAX_LENGTH;
+
+    case TLS_ST_CR_CERT_REQ:
+        /*
+         * Set to s->max_cert_list for compatibility with previous releases. In
+         * practice these messages can get quite long if servers are configured
+         * to provide a long list of acceptable CAs
+         */
+        return s->max_cert_list;
+
+    case TLS_ST_CR_SRVR_DONE:
+        return SERVER_HELLO_DONE_MAX_LENGTH;
+
+    case TLS_ST_CR_CHANGE:
+        if (s->version == DTLS1_BAD_VER)
+            return 3;
+        return CCS_MAX_LENGTH;
+
+    case TLS_ST_CR_SESSION_TICKET:
+        return SSL3_RT_MAX_PLAIN_LENGTH;
+
+    case TLS_ST_CR_FINISHED:
+        return FINISHED_MAX_LENGTH;
+
+    case TLS_ST_CR_ENCRYPTED_EXTENSIONS:
+        return ENCRYPTED_EXTENSIONS_MAX_LENGTH;
+
+    case TLS_ST_CR_KEY_UPDATE:
+        return KEY_UPDATE_MAX_LENGTH;
+    }
+}
+
+/*
+ * Process a message that the client has been received from the server.
+ */
+MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL *s, PACKET *pkt)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    switch (st->hand_state) {
+    default:
+        /* Shouldn't happen */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_OSSL_STATEM_CLIENT_PROCESS_MESSAGE,
+                 ERR_R_INTERNAL_ERROR);
+        return MSG_PROCESS_ERROR;
+
+    case TLS_ST_CR_SRVR_HELLO:
+        return tls_process_server_hello(s, pkt);
+
+    case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
+        return dtls_process_hello_verify(s, pkt);
+
+    case TLS_ST_CR_CERT:
+        return tls_process_server_certificate(s, pkt);
+
+    case TLS_ST_CR_CERT_VRFY:
+        return tls_process_cert_verify(s, pkt);
+
+    case TLS_ST_CR_CERT_STATUS:
+        return tls_process_cert_status(s, pkt);
+
+    case TLS_ST_CR_KEY_EXCH:
+        return tls_process_key_exchange(s, pkt);
+
+    case TLS_ST_CR_CERT_REQ:
+        return tls_process_certificate_request(s, pkt);
+
+    case TLS_ST_CR_SRVR_DONE:
+        return tls_process_server_done(s, pkt);
+
+    case TLS_ST_CR_CHANGE:
+        return tls_process_change_cipher_spec(s, pkt);
+
+    case TLS_ST_CR_SESSION_TICKET:
+        return tls_process_new_session_ticket(s, pkt);
+
+    case TLS_ST_CR_FINISHED:
+        return tls_process_finished(s, pkt);
+
+    case TLS_ST_CR_HELLO_REQ:
+        return tls_process_hello_req(s, pkt);
+
+    case TLS_ST_CR_ENCRYPTED_EXTENSIONS:
+        return tls_process_encrypted_extensions(s, pkt);
+
+    case TLS_ST_CR_KEY_UPDATE:
+        return tls_process_key_update(s, pkt);
+    }
+}
+
+/*
+ * Perform any further processing required following the receipt of a message
+ * from the server
+ */
+WORK_STATE ossl_statem_client_post_process_message(SSL *s, WORK_STATE wst)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    switch (st->hand_state) {
+    default:
+        /* Shouldn't happen */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_OSSL_STATEM_CLIENT_POST_PROCESS_MESSAGE,
+                 ERR_R_INTERNAL_ERROR);
+        return WORK_ERROR;
+
+    case TLS_ST_CR_CERT_VRFY:
+    case TLS_ST_CR_CERT_REQ:
+        return tls_prepare_client_certificate(s, wst);
+    }
+}
+
+int tls_construct_client_hello(SSL *s, WPACKET *pkt)
+{
+    unsigned char *p;
+    size_t sess_id_len;
+    int i, protverr;
+#ifndef OPENSSL_NO_COMP
+    SSL_COMP *comp;
+#endif
+    SSL_SESSION *sess = s->session;
+    unsigned char *session_id;
+
+    /* Work out what SSL/TLS/DTLS version to use */
+    protverr = ssl_set_client_hello_version(s);
+    if (protverr != 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO,
+                 protverr);
+        return 0;
+    }
+
+    if (sess == NULL
+            || !ssl_version_supported(s, sess->ssl_version, NULL)
+            || !SSL_SESSION_is_resumable(sess)) {
+        if (s->hello_retry_request == SSL_HRR_NONE
+                && !ssl_get_new_session(s, 0)) {
+            /* SSLfatal() already called */
+            return 0;
+        }
+    }
+    /* else use the pre-loaded session */
+
+    p = s->s3->client_random;
+
+    /*
+     * for DTLS if client_random is initialized, reuse it, we are
+     * required to use same upon reply to HelloVerify
+     */
+    if (SSL_IS_DTLS(s)) {
+        size_t idx;
+        i = 1;
+        for (idx = 0; idx < sizeof(s->s3->client_random); idx++) {
+            if (p[idx]) {
+                i = 0;
+                break;
+            }
+        }
+    } else {
+        i = (s->hello_retry_request == SSL_HRR_NONE);
+    }
+
+    if (i && ssl_fill_hello_random(s, 0, p, sizeof(s->s3->client_random),
+                                   DOWNGRADE_NONE) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    /*-
+     * version indicates the negotiated version: for example from
+     * an SSLv2/v3 compatible client hello). The client_version
+     * field is the maximum version we permit and it is also
+     * used in RSA encrypted premaster secrets. Some servers can
+     * choke if we initially report a higher version then
+     * renegotiate to a lower one in the premaster secret. This
+     * didn't happen with TLS 1.0 as most servers supported it
+     * but it can with TLS 1.1 or later if the server only supports
+     * 1.0.
+     *
+     * Possible scenario with previous logic:
+     *      1. Client hello indicates TLS 1.2
+     *      2. Server hello says TLS 1.0
+     *      3. RSA encrypted premaster secret uses 1.2.
+     *      4. Handshake proceeds using TLS 1.0.
+     *      5. Server sends hello request to renegotiate.
+     *      6. Client hello indicates TLS v1.0 as we now
+     *         know that is maximum server supports.
+     *      7. Server chokes on RSA encrypted premaster secret
+     *         containing version 1.0.
+     *
+     * For interoperability it should be OK to always use the
+     * maximum version we support in client hello and then rely
+     * on the checking of version to ensure the servers isn't
+     * being inconsistent: for example initially negotiating with
+     * TLS 1.0 and renegotiating with TLS 1.2. We do this by using
+     * client_version in client hello and not resetting it to
+     * the negotiated version.
+     *
+     * For TLS 1.3 we always set the ClientHello version to 1.2 and rely on the
+     * supported_versions extension for the real supported versions.
+     */
+    if (!WPACKET_put_bytes_u16(pkt, s->client_version)
+            || !WPACKET_memcpy(pkt, s->s3->client_random, SSL3_RANDOM_SIZE)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    /* Session ID */
+    session_id = s->session->session_id;
+    if (s->new_session || s->session->ssl_version == TLS1_3_VERSION) {
+        if (s->version == TLS1_3_VERSION
+                && (s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0) {
+            sess_id_len = sizeof(s->tmp_session_id);
+            s->tmp_session_id_len = sess_id_len;
+            session_id = s->tmp_session_id;
+            if (s->hello_retry_request == SSL_HRR_NONE
+                    && RAND_bytes(s->tmp_session_id, sess_id_len) <= 0) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_CONSTRUCT_CLIENT_HELLO,
+                         ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+        } else {
+            sess_id_len = 0;
+        }
+    } else {
+        assert(s->session->session_id_length <= sizeof(s->session->session_id));
+        sess_id_len = s->session->session_id_length;
+        if (s->version == TLS1_3_VERSION) {
+            s->tmp_session_id_len = sess_id_len;
+            memcpy(s->tmp_session_id, s->session->session_id, sess_id_len);
+        }
+    }
+    if (!WPACKET_start_sub_packet_u8(pkt)
+            || (sess_id_len != 0 && !WPACKET_memcpy(pkt, session_id,
+                                                    sess_id_len))
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    /* cookie stuff for DTLS */
+    if (SSL_IS_DTLS(s)) {
+        if (s->d1->cookie_len > sizeof(s->d1->cookie)
+                || !WPACKET_sub_memcpy_u8(pkt, s->d1->cookie,
+                                          s->d1->cookie_len)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+    }
+
+    /* Ciphers supported */
+    if (!WPACKET_start_sub_packet_u16(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    if (!ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), pkt)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+    if (!WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    /* COMPRESSION */
+    if (!WPACKET_start_sub_packet_u8(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+#ifndef OPENSSL_NO_COMP
+    if (ssl_allow_compression(s)
+            && s->ctx->comp_methods
+            && (SSL_IS_DTLS(s) || s->s3->tmp.max_ver < TLS1_3_VERSION)) {
+        int compnum = sk_SSL_COMP_num(s->ctx->comp_methods);
+        for (i = 0; i < compnum; i++) {
+            comp = sk_SSL_COMP_value(s->ctx->comp_methods, i);
+            if (!WPACKET_put_bytes_u8(pkt, comp->id)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_CONSTRUCT_CLIENT_HELLO,
+                         ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+        }
+    }
+#endif
+    /* Add the NULL method */
+    if (!WPACKET_put_bytes_u8(pkt, 0) || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    /* TLS extensions */
+    if (!tls_construct_extensions(s, pkt, SSL_EXT_CLIENT_HELLO, NULL, 0)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    return 1;
+}
+
+MSG_PROCESS_RETURN dtls_process_hello_verify(SSL *s, PACKET *pkt)
+{
+    size_t cookie_len;
+    PACKET cookiepkt;
+
+    if (!PACKET_forward(pkt, 2)
+        || !PACKET_get_length_prefixed_1(pkt, &cookiepkt)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_DTLS_PROCESS_HELLO_VERIFY,
+                 SSL_R_LENGTH_MISMATCH);
+        return MSG_PROCESS_ERROR;
+    }
+
+    cookie_len = PACKET_remaining(&cookiepkt);
+    if (cookie_len > sizeof(s->d1->cookie)) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_DTLS_PROCESS_HELLO_VERIFY,
+                 SSL_R_LENGTH_TOO_LONG);
+        return MSG_PROCESS_ERROR;
+    }
+
+    if (!PACKET_copy_bytes(&cookiepkt, s->d1->cookie, cookie_len)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_DTLS_PROCESS_HELLO_VERIFY,
+                 SSL_R_LENGTH_MISMATCH);
+        return MSG_PROCESS_ERROR;
+    }
+    s->d1->cookie_len = cookie_len;
+
+    return MSG_PROCESS_FINISHED_READING;
+}
+
+static int set_client_ciphersuite(SSL *s, const unsigned char *cipherchars)
+{
+    STACK_OF(SSL_CIPHER) *sk;
+    const SSL_CIPHER *c;
+    int i;
+
+    c = ssl_get_cipher_by_char(s, cipherchars, 0);
+    if (c == NULL) {
+        /* unknown cipher */
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SET_CLIENT_CIPHERSUITE,
+                 SSL_R_UNKNOWN_CIPHER_RETURNED);
+        return 0;
+    }
+    /*
+     * If it is a disabled cipher we either didn't send it in client hello,
+     * or it's not allowed for the selected protocol. So we return an error.
+     */
+    if (ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_CHECK, 1)) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SET_CLIENT_CIPHERSUITE,
+                 SSL_R_WRONG_CIPHER_RETURNED);
+        return 0;
+    }
+
+    sk = ssl_get_ciphers_by_id(s);
+    i = sk_SSL_CIPHER_find(sk, c);
+    if (i < 0) {
+        /* we did not say we would use this cipher */
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SET_CLIENT_CIPHERSUITE,
+                 SSL_R_WRONG_CIPHER_RETURNED);
+        return 0;
+    }
+
+    if (SSL_IS_TLS13(s) && s->s3->tmp.new_cipher != NULL
+            && s->s3->tmp.new_cipher->id != c->id) {
+        /* ServerHello selected a different ciphersuite to that in the HRR */
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SET_CLIENT_CIPHERSUITE,
+                 SSL_R_WRONG_CIPHER_RETURNED);
+        return 0;
+    }
+
+    /*
+     * Depending on the session caching (internal/external), the cipher
+     * and/or cipher_id values may not be set. Make sure that cipher_id is
+     * set and use it for comparison.
+     */
+    if (s->session->cipher != NULL)
+        s->session->cipher_id = s->session->cipher->id;
+    if (s->hit && (s->session->cipher_id != c->id)) {
+        if (SSL_IS_TLS13(s)) {
+            /*
+             * In TLSv1.3 it is valid for the server to select a different
+             * ciphersuite as long as the hash is the same.
+             */
+            if (ssl_md(c->algorithm2)
+                    != ssl_md(s->session->cipher->algorithm2)) {
+                SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                         SSL_F_SET_CLIENT_CIPHERSUITE,
+                         SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED);
+                return 0;
+            }
+        } else {
+            /*
+             * Prior to TLSv1.3 resuming a session always meant using the same
+             * ciphersuite.
+             */
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SET_CLIENT_CIPHERSUITE,
+                     SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
+            return 0;
+        }
+    }
+    s->s3->tmp.new_cipher = c;
+
+    return 1;
+}
+
+MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt)
+{
+    PACKET session_id, extpkt;
+    size_t session_id_len;
+    const unsigned char *cipherchars;
+    int hrr = 0;
+    unsigned int compression;
+    unsigned int sversion;
+    unsigned int context;
+    RAW_EXTENSION *extensions = NULL;
+#ifndef OPENSSL_NO_COMP
+    SSL_COMP *comp;
+#endif
+
+    if (!PACKET_get_net_2(pkt, &sversion)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO,
+                 SSL_R_LENGTH_MISMATCH);
+        goto err;
+    }
+
+    /* load the server random */
+    if (s->version == TLS1_3_VERSION
+            && sversion == TLS1_2_VERSION
+            && PACKET_remaining(pkt) >= SSL3_RANDOM_SIZE
+            && memcmp(hrrrandom, PACKET_data(pkt), SSL3_RANDOM_SIZE) == 0) {
+        s->hello_retry_request = SSL_HRR_PENDING;
+        hrr = 1;
+        if (!PACKET_forward(pkt, SSL3_RANDOM_SIZE)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO,
+                     SSL_R_LENGTH_MISMATCH);
+            goto err;
+        }
+    } else {
+        if (!PACKET_copy_bytes(pkt, s->s3->server_random, SSL3_RANDOM_SIZE)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO,
+                     SSL_R_LENGTH_MISMATCH);
+            goto err;
+        }
+    }
+
+    /* Get the session-id. */
+    if (!PACKET_get_length_prefixed_1(pkt, &session_id)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO,
+                 SSL_R_LENGTH_MISMATCH);
+        goto err;
+    }
+    session_id_len = PACKET_remaining(&session_id);
+    if (session_id_len > sizeof(s->session->session_id)
+        || session_id_len > SSL3_SESSION_ID_SIZE) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SERVER_HELLO,
+                 SSL_R_SSL3_SESSION_ID_TOO_LONG);
+        goto err;
+    }
+
+    if (!PACKET_get_bytes(pkt, &cipherchars, TLS_CIPHER_LEN)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO,
+                 SSL_R_LENGTH_MISMATCH);
+        goto err;
+    }
+
+    if (!PACKET_get_1(pkt, &compression)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO,
+                 SSL_R_LENGTH_MISMATCH);
+        goto err;
+    }
+
+    /* TLS extensions */
+    if (PACKET_remaining(pkt) == 0 && !hrr) {
+        PACKET_null_init(&extpkt);
+    } else if (!PACKET_as_length_prefixed_2(pkt, &extpkt)
+               || PACKET_remaining(pkt) != 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO,
+                 SSL_R_BAD_LENGTH);
+        goto err;
+    }
+
+    if (!hrr) {
+        if (!tls_collect_extensions(s, &extpkt,
+                                    SSL_EXT_TLS1_2_SERVER_HELLO
+                                    | SSL_EXT_TLS1_3_SERVER_HELLO,
+                                    &extensions, NULL, 1)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+
+        if (!ssl_choose_client_version(s, sversion, extensions)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    }
+
+    if (SSL_IS_TLS13(s) || hrr) {
+        if (compression != 0) {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                     SSL_F_TLS_PROCESS_SERVER_HELLO,
+                     SSL_R_INVALID_COMPRESSION_ALGORITHM);
+            goto err;
+        }
+
+        if (session_id_len != s->tmp_session_id_len
+                || memcmp(PACKET_data(&session_id), s->tmp_session_id,
+                          session_id_len) != 0) {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                     SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_INVALID_SESSION_ID);
+            goto err;
+        }
+    }
+
+    if (hrr) {
+        if (!set_client_ciphersuite(s, cipherchars)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+
+        return tls_process_as_hello_retry_request(s, &extpkt);
+    }
+
+    /*
+     * Now we have chosen the version we need to check again that the extensions
+     * are appropriate for this version.
+     */
+    context = SSL_IS_TLS13(s) ? SSL_EXT_TLS1_3_SERVER_HELLO
+                              : SSL_EXT_TLS1_2_SERVER_HELLO;
+    if (!tls_validate_all_contexts(s, context, extensions)) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SERVER_HELLO,
+                 SSL_R_BAD_EXTENSION);
+        goto err;
+    }
+
+    s->hit = 0;
+
+    if (SSL_IS_TLS13(s)) {
+        /*
+         * In TLSv1.3 a ServerHello message signals a key change so the end of
+         * the message must be on a record boundary.
+         */
+        if (RECORD_LAYER_processed_read_pending(&s->rlayer)) {
+            SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
+                     SSL_F_TLS_PROCESS_SERVER_HELLO,
+                     SSL_R_NOT_ON_RECORD_BOUNDARY);
+            goto err;
+        }
+
+        /* This will set s->hit if we are resuming */
+        if (!tls_parse_extension(s, TLSEXT_IDX_psk,
+                                 SSL_EXT_TLS1_3_SERVER_HELLO,
+                                 extensions, NULL, 0)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    } else {
+        /*
+         * Check if we can resume the session based on external pre-shared
+         * secret. EAP-FAST (RFC 4851) supports two types of session resumption.
+         * Resumption based on server-side state works with session IDs.
+         * Resumption based on pre-shared Protected Access Credentials (PACs)
+         * works by overriding the SessionTicket extension at the application
+         * layer, and does not send a session ID. (We do not know whether
+         * EAP-FAST servers would honour the session ID.) Therefore, the session
+         * ID alone is not a reliable indicator of session resumption, so we
+         * first check if we can resume, and later peek at the next handshake
+         * message to see if the server wants to resume.
+         */
+        if (s->version >= TLS1_VERSION
+                && s->ext.session_secret_cb != NULL && s->session->ext.tick) {
+            const SSL_CIPHER *pref_cipher = NULL;
+            /*
+             * s->session->master_key_length is a size_t, but this is an int for
+             * backwards compat reasons
+             */
+            int master_key_length;
+            master_key_length = sizeof(s->session->master_key);
+            if (s->ext.session_secret_cb(s, s->session->master_key,
+                                         &master_key_length,
+                                         NULL, &pref_cipher,
+                                         s->ext.session_secret_cb_arg)
+                     && master_key_length > 0) {
+                s->session->master_key_length = master_key_length;
+                s->session->cipher = pref_cipher ?
+                    pref_cipher : ssl_get_cipher_by_char(s, cipherchars, 0);
+            } else {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_PROCESS_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+        }
+
+        if (session_id_len != 0
+                && session_id_len == s->session->session_id_length
+                && memcmp(PACKET_data(&session_id), s->session->session_id,
+                          session_id_len) == 0)
+            s->hit = 1;
+    }
+
+    if (s->hit) {
+        if (s->sid_ctx_length != s->session->sid_ctx_length
+                || memcmp(s->session->sid_ctx, s->sid_ctx, s->sid_ctx_length)) {
+            /* actually a client application bug */
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                     SSL_F_TLS_PROCESS_SERVER_HELLO,
+                     SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
+            goto err;
+        }
+    } else {
+        /*
+         * If we were trying for session-id reuse but the server
+         * didn't resume, make a new SSL_SESSION.
+         * In the case of EAP-FAST and PAC, we do not send a session ID,
+         * so the PAC-based session secret is always preserved. It'll be
+         * overwritten if the server refuses resumption.
+         */
+        if (s->session->session_id_length > 0
+                || (SSL_IS_TLS13(s)
+                    && s->session->ext.tick_identity
+                       != TLSEXT_PSK_BAD_IDENTITY)) {
+            tsan_counter(&s->session_ctx->stats.sess_miss);
+            if (!ssl_get_new_session(s, 0)) {
+                /* SSLfatal() already called */
+                goto err;
+            }
+        }
+
+        s->session->ssl_version = s->version;
+        /*
+         * In TLSv1.2 and below we save the session id we were sent so we can
+         * resume it later. In TLSv1.3 the session id we were sent is just an
+         * echo of what we originally sent in the ClientHello and should not be
+         * used for resumption.
+         */
+        if (!SSL_IS_TLS13(s)) {
+            s->session->session_id_length = session_id_len;
+            /* session_id_len could be 0 */
+            if (session_id_len > 0)
+                memcpy(s->session->session_id, PACKET_data(&session_id),
+                       session_id_len);
+        }
+    }
+
+    /* Session version and negotiated protocol version should match */
+    if (s->version != s->session->ssl_version) {
+        SSLfatal(s, SSL_AD_PROTOCOL_VERSION, SSL_F_TLS_PROCESS_SERVER_HELLO,
+                 SSL_R_SSL_SESSION_VERSION_MISMATCH);
+        goto err;
+    }
+    /*
+     * Now that we know the version, update the check to see if it's an allowed
+     * version.
+     */
+    s->s3->tmp.min_ver = s->version;
+    s->s3->tmp.max_ver = s->version;
+
+    if (!set_client_ciphersuite(s, cipherchars)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+#ifdef OPENSSL_NO_COMP
+    if (compression != 0) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SERVER_HELLO,
+                 SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
+        goto err;
+    }
+    /*
+     * If compression is disabled we'd better not try to resume a session
+     * using compression.
+     */
+    if (s->session->compress_meth != 0) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PROCESS_SERVER_HELLO,
+                 SSL_R_INCONSISTENT_COMPRESSION);
+        goto err;
+    }
+#else
+    if (s->hit && compression != s->session->compress_meth) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SERVER_HELLO,
+                 SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED);
+        goto err;
+    }
+    if (compression == 0)
+        comp = NULL;
+    else if (!ssl_allow_compression(s)) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SERVER_HELLO,
+                 SSL_R_COMPRESSION_DISABLED);
+        goto err;
+    } else {
+        comp = ssl3_comp_find(s->ctx->comp_methods, compression);
+    }
+
+    if (compression != 0 && comp == NULL) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SERVER_HELLO,
+                 SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
+        goto err;
+    } else {
+        s->s3->tmp.new_compression = comp;
+    }
+#endif
+
+    if (!tls_parse_all_extensions(s, context, extensions, NULL, 0, 1)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+#ifndef OPENSSL_NO_SCTP
+    if (SSL_IS_DTLS(s) && s->hit) {
+        unsigned char sctpauthkey[64];
+        char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
+        size_t labellen;
+
+        /*
+         * Add new shared key for SCTP-Auth, will be ignored if
+         * no SCTP used.
+         */
+        memcpy(labelbuffer, DTLS1_SCTP_AUTH_LABEL,
+               sizeof(DTLS1_SCTP_AUTH_LABEL));
+
+        /* Don't include the terminating zero. */
+        labellen = sizeof(labelbuffer) - 1;
+        if (s->mode & SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG)
+            labellen += 1;
+
+        if (SSL_export_keying_material(s, sctpauthkey,
+                                       sizeof(sctpauthkey),
+                                       labelbuffer,
+                                       labellen, NULL, 0, 0) <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        BIO_ctrl(SSL_get_wbio(s),
+                 BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
+                 sizeof(sctpauthkey), sctpauthkey);
+    }
+#endif
+
+    /*
+     * In TLSv1.3 we have some post-processing to change cipher state, otherwise
+     * we're done with this message
+     */
+    if (SSL_IS_TLS13(s)
+            && (!s->method->ssl3_enc->setup_key_block(s)
+                || !s->method->ssl3_enc->change_cipher_state(s,
+                    SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_READ))) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    OPENSSL_free(extensions);
+    return MSG_PROCESS_CONTINUE_READING;
+ err:
+    OPENSSL_free(extensions);
+    return MSG_PROCESS_ERROR;
+}
+
+static MSG_PROCESS_RETURN tls_process_as_hello_retry_request(SSL *s,
+                                                             PACKET *extpkt)
+{
+    RAW_EXTENSION *extensions = NULL;
+
+    /*
+     * If we were sending early_data then the enc_write_ctx is now invalid and
+     * should not be used.
+     */
+    EVP_CIPHER_CTX_free(s->enc_write_ctx);
+    s->enc_write_ctx = NULL;
+
+    if (!tls_collect_extensions(s, extpkt, SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST,
+                                &extensions, NULL, 1)
+            || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST,
+                                         extensions, NULL, 0, 1)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    OPENSSL_free(extensions);
+    extensions = NULL;
+
+    if (s->ext.tls13_cookie_len == 0
+#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
+        && s->s3->tmp.pkey != NULL
+#endif
+        ) {
+        /*
+         * We didn't receive a cookie or a new key_share so the next
+         * ClientHello will not change
+         */
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                 SSL_F_TLS_PROCESS_AS_HELLO_RETRY_REQUEST,
+                 SSL_R_NO_CHANGE_FOLLOWING_HRR);
+        goto err;
+    }
+
+    /*
+     * Re-initialise the Transcript Hash. We're going to prepopulate it with
+     * a synthetic message_hash in place of ClientHello1.
+     */
+    if (!create_synthetic_message_hash(s, NULL, 0, NULL, 0)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    /*
+     * Add this message to the Transcript Hash. Normally this is done
+     * automatically prior to the message processing stage. However due to the
+     * need to create the synthetic message hash, we defer that step until now
+     * for HRR messages.
+     */
+    if (!ssl3_finish_mac(s, (unsigned char *)s->init_buf->data,
+                                s->init_num + SSL3_HM_HEADER_LENGTH)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    return MSG_PROCESS_FINISHED_READING;
+ err:
+    OPENSSL_free(extensions);
+    return MSG_PROCESS_ERROR;
+}
+
+MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt)
+{
+    int i;
+    MSG_PROCESS_RETURN ret = MSG_PROCESS_ERROR;
+    unsigned long cert_list_len, cert_len;
+    X509 *x = NULL;
+    const unsigned char *certstart, *certbytes;
+    STACK_OF(X509) *sk = NULL;
+    EVP_PKEY *pkey = NULL;
+    size_t chainidx, certidx;
+    unsigned int context = 0;
+    const SSL_CERT_LOOKUP *clu;
+
+    if ((sk = sk_X509_new_null()) == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,
+                 ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if ((SSL_IS_TLS13(s) && !PACKET_get_1(pkt, &context))
+            || context != 0
+            || !PACKET_get_net_3(pkt, &cert_list_len)
+            || PACKET_remaining(pkt) != cert_list_len
+            || PACKET_remaining(pkt) == 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,
+                 SSL_R_LENGTH_MISMATCH);
+        goto err;
+    }
+    for (chainidx = 0; PACKET_remaining(pkt); chainidx++) {
+        if (!PACKET_get_net_3(pkt, &cert_len)
+            || !PACKET_get_bytes(pkt, &certbytes, cert_len)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,
+                     SSL_R_CERT_LENGTH_MISMATCH);
+            goto err;
+        }
+
+        certstart = certbytes;
+        x = d2i_X509(NULL, (const unsigned char **)&certbytes, cert_len);
+        if (x == NULL) {
+            SSLfatal(s, SSL_AD_BAD_CERTIFICATE,
+                     SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, ERR_R_ASN1_LIB);
+            goto err;
+        }
+        if (certbytes != (certstart + cert_len)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,
+                     SSL_R_CERT_LENGTH_MISMATCH);
+            goto err;
+        }
+
+        if (SSL_IS_TLS13(s)) {
+            RAW_EXTENSION *rawexts = NULL;
+            PACKET extensions;
+
+            if (!PACKET_get_length_prefixed_2(pkt, &extensions)) {
+                SSLfatal(s, SSL_AD_DECODE_ERROR,
+                         SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,
+                         SSL_R_BAD_LENGTH);
+                goto err;
+            }
+            if (!tls_collect_extensions(s, &extensions,
+                                        SSL_EXT_TLS1_3_CERTIFICATE, &rawexts,
+                                        NULL, chainidx == 0)
+                || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_CERTIFICATE,
+                                             rawexts, x, chainidx,
+                                             PACKET_remaining(pkt) == 0)) {
+                OPENSSL_free(rawexts);
+                /* SSLfatal already called */
+                goto err;
+            }
+            OPENSSL_free(rawexts);
+        }
+
+        if (!sk_X509_push(sk, x)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,
+                     ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        x = NULL;
+    }
+
+    i = ssl_verify_cert_chain(s, sk);
+    /*
+     * The documented interface is that SSL_VERIFY_PEER should be set in order
+     * for client side verification of the server certificate to take place.
+     * However, historically the code has only checked that *any* flag is set
+     * to cause server verification to take place. Use of the other flags makes
+     * no sense in client mode. An attempt to clean up the semantics was
+     * reverted because at least one application *only* set
+     * SSL_VERIFY_FAIL_IF_NO_PEER_CERT. Prior to the clean up this still caused
+     * server verification to take place, after the clean up it silently did
+     * nothing. SSL_CTX_set_verify()/SSL_set_verify() cannot validate the flags
+     * sent to them because they are void functions. Therefore, we now use the
+     * (less clean) historic behaviour of performing validation if any flag is
+     * set. The *documented* interface remains the same.
+     */
+    if (s->verify_mode != SSL_VERIFY_NONE && i <= 0) {
+        SSLfatal(s, ssl_x509err2alert(s->verify_result),
+                 SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,
+                 SSL_R_CERTIFICATE_VERIFY_FAILED);
+        goto err;
+    }
+    ERR_clear_error();          /* but we keep s->verify_result */
+    if (i > 1) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                 SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, i);
+        goto err;
+    }
+
+    s->session->peer_chain = sk;
+    /*
+     * Inconsistency alert: cert_chain does include the peer's certificate,
+     * which we don't include in statem_srvr.c
+     */
+    x = sk_X509_value(sk, 0);
+    sk = NULL;
+
+    pkey = X509_get0_pubkey(x);
+
+    if (pkey == NULL || EVP_PKEY_missing_parameters(pkey)) {
+        x = NULL;
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,
+                 SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
+        goto err;
+    }
+
+    if ((clu = ssl_cert_lookup_by_pkey(pkey, &certidx)) == NULL) {
+        x = NULL;
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                 SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,
+                 SSL_R_UNKNOWN_CERTIFICATE_TYPE);
+        goto err;
+    }
+    /*
+     * Check certificate type is consistent with ciphersuite. For TLS 1.3
+     * skip check since TLS 1.3 ciphersuites can be used with any certificate
+     * type.
+     */
+    if (!SSL_IS_TLS13(s)) {
+        if ((clu->amask & s->s3->tmp.new_cipher->algorithm_auth) == 0) {
+            x = NULL;
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                     SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,
+                     SSL_R_WRONG_CERTIFICATE_TYPE);
+            goto err;
+        }
+    }
+    s->session->peer_type = certidx;
+
+    X509_free(s->session->peer);
+    X509_up_ref(x);
+    s->session->peer = x;
+    s->session->verify_result = s->verify_result;
+    x = NULL;
+
+    /* Save the current hash state for when we receive the CertificateVerify */
+    if (SSL_IS_TLS13(s)
+            && !ssl_handshake_hash(s, s->cert_verify_hash,
+                                   sizeof(s->cert_verify_hash),
+                                   &s->cert_verify_hash_len)) {
+        /* SSLfatal() already called */;
+        goto err;
+    }
+
+    ret = MSG_PROCESS_CONTINUE_READING;
+
+ err:
+    X509_free(x);
+    sk_X509_pop_free(sk, X509_free);
+    return ret;
+}
+
+static int tls_process_ske_psk_preamble(SSL *s, PACKET *pkt)
+{
+#ifndef OPENSSL_NO_PSK
+    PACKET psk_identity_hint;
+
+    /* PSK ciphersuites are preceded by an identity hint */
+
+    if (!PACKET_get_length_prefixed_2(pkt, &psk_identity_hint)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+
+    /*
+     * Store PSK identity hint for later use, hint is used in
+     * tls_construct_client_key_exchange.  Assume that the maximum length of
+     * a PSK identity hint can be as long as the maximum length of a PSK
+     * identity.
+     */
+    if (PACKET_remaining(&psk_identity_hint) > PSK_MAX_IDENTITY_LEN) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                 SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE,
+                 SSL_R_DATA_LENGTH_TOO_LONG);
+        return 0;
+    }
+
+    if (PACKET_remaining(&psk_identity_hint) == 0) {
+        OPENSSL_free(s->session->psk_identity_hint);
+        s->session->psk_identity_hint = NULL;
+    } else if (!PACKET_strndup(&psk_identity_hint,
+                               &s->session->psk_identity_hint)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    return 1;
+#else
+    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE,
+             ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+static int tls_process_ske_srp(SSL *s, PACKET *pkt, EVP_PKEY **pkey)
+{
+#ifndef OPENSSL_NO_SRP
+    PACKET prime, generator, salt, server_pub;
+
+    if (!PACKET_get_length_prefixed_2(pkt, &prime)
+        || !PACKET_get_length_prefixed_2(pkt, &generator)
+        || !PACKET_get_length_prefixed_1(pkt, &salt)
+        || !PACKET_get_length_prefixed_2(pkt, &server_pub)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SKE_SRP,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+
+    /* TODO(size_t): Convert BN_bin2bn() calls */
+    if ((s->srp_ctx.N =
+         BN_bin2bn(PACKET_data(&prime),
+                   (int)PACKET_remaining(&prime), NULL)) == NULL
+        || (s->srp_ctx.g =
+            BN_bin2bn(PACKET_data(&generator),
+                      (int)PACKET_remaining(&generator), NULL)) == NULL
+        || (s->srp_ctx.s =
+            BN_bin2bn(PACKET_data(&salt),
+                      (int)PACKET_remaining(&salt), NULL)) == NULL
+        || (s->srp_ctx.B =
+            BN_bin2bn(PACKET_data(&server_pub),
+                      (int)PACKET_remaining(&server_pub), NULL)) == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_SRP,
+                 ERR_R_BN_LIB);
+        return 0;
+    }
+
+    if (!srp_verify_server_param(s)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    /* We must check if there is a certificate */
+    if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aRSA | SSL_aDSS))
+        *pkey = X509_get0_pubkey(s->session->peer);
+
+    return 1;
+#else
+    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_SRP,
+             ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey)
+{
+#ifndef OPENSSL_NO_DH
+    PACKET prime, generator, pub_key;
+    EVP_PKEY *peer_tmp = NULL;
+
+    DH *dh = NULL;
+    BIGNUM *p = NULL, *g = NULL, *bnpub_key = NULL;
+
+    int check_bits = 0;
+
+    if (!PACKET_get_length_prefixed_2(pkt, &prime)
+        || !PACKET_get_length_prefixed_2(pkt, &generator)
+        || !PACKET_get_length_prefixed_2(pkt, &pub_key)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SKE_DHE,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+
+    peer_tmp = EVP_PKEY_new();
+    dh = DH_new();
+
+    if (peer_tmp == NULL || dh == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_DHE,
+                 ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* TODO(size_t): Convert these calls */
+    p = BN_bin2bn(PACKET_data(&prime), (int)PACKET_remaining(&prime), NULL);
+    g = BN_bin2bn(PACKET_data(&generator), (int)PACKET_remaining(&generator),
+                  NULL);
+    bnpub_key = BN_bin2bn(PACKET_data(&pub_key),
+                          (int)PACKET_remaining(&pub_key), NULL);
+    if (p == NULL || g == NULL || bnpub_key == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_DHE,
+                 ERR_R_BN_LIB);
+        goto err;
+    }
+
+    /* test non-zero pubkey */
+    if (BN_is_zero(bnpub_key)) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SKE_DHE,
+                 SSL_R_BAD_DH_VALUE);
+        goto err;
+    }
+
+    if (!DH_set0_pqg(dh, p, NULL, g)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_DHE,
+                 ERR_R_BN_LIB);
+        goto err;
+    }
+    p = g = NULL;
+
+    if (DH_check_params(dh, &check_bits) == 0 || check_bits != 0) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SKE_DHE,
+                 SSL_R_BAD_DH_VALUE);
+        goto err;
+    }
+
+    if (!DH_set0_key(dh, bnpub_key, NULL)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_DHE,
+                 ERR_R_BN_LIB);
+        goto err;
+    }
+    bnpub_key = NULL;
+
+    if (!ssl_security(s, SSL_SECOP_TMP_DH, DH_security_bits(dh), 0, dh)) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PROCESS_SKE_DHE,
+                 SSL_R_DH_KEY_TOO_SMALL);
+        goto err;
+    }
+
+    if (EVP_PKEY_assign_DH(peer_tmp, dh) == 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_DHE,
+                 ERR_R_EVP_LIB);
+        goto err;
+    }
+
+    s->s3->peer_tmp = peer_tmp;
+
+    /*
+     * FIXME: This makes assumptions about which ciphersuites come with
+     * public keys. We should have a less ad-hoc way of doing this
+     */
+    if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aRSA | SSL_aDSS))
+        *pkey = X509_get0_pubkey(s->session->peer);
+    /* else anonymous DH, so no certificate or pkey. */
+
+    return 1;
+
+ err:
+    BN_free(p);
+    BN_free(g);
+    BN_free(bnpub_key);
+    DH_free(dh);
+    EVP_PKEY_free(peer_tmp);
+
+    return 0;
+#else
+    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_DHE,
+             ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey)
+{
+#ifndef OPENSSL_NO_EC
+    PACKET encoded_pt;
+    unsigned int curve_type, curve_id;
+
+    /*
+     * Extract elliptic curve parameters and the server's ephemeral ECDH
+     * public key. We only support named (not generic) curves and
+     * ECParameters in this case is just three bytes.
+     */
+    if (!PACKET_get_1(pkt, &curve_type) || !PACKET_get_net_2(pkt, &curve_id)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SKE_ECDHE,
+                 SSL_R_LENGTH_TOO_SHORT);
+        return 0;
+    }
+    /*
+     * Check curve is named curve type and one of our preferences, if not
+     * server has sent an invalid curve.
+     */
+    if (curve_type != NAMED_CURVE_TYPE
+            || !tls1_check_group_id(s, curve_id, 1)) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SKE_ECDHE,
+                 SSL_R_WRONG_CURVE);
+        return 0;
+    }
+
+    if ((s->s3->peer_tmp = ssl_generate_param_group(curve_id)) == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_ECDHE,
+                 SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
+        return 0;
+    }
+
+    if (!PACKET_get_length_prefixed_1(pkt, &encoded_pt)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SKE_ECDHE,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+
+    if (!EVP_PKEY_set1_tls_encodedpoint(s->s3->peer_tmp,
+                                        PACKET_data(&encoded_pt),
+                                        PACKET_remaining(&encoded_pt))) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SKE_ECDHE,
+                 SSL_R_BAD_ECPOINT);
+        return 0;
+    }
+
+    /*
+     * The ECC/TLS specification does not mention the use of DSA to sign
+     * ECParameters in the server key exchange message. We do support RSA
+     * and ECDSA.
+     */
+    if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aECDSA)
+        *pkey = X509_get0_pubkey(s->session->peer);
+    else if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aRSA)
+        *pkey = X509_get0_pubkey(s->session->peer);
+    /* else anonymous ECDH, so no certificate or pkey. */
+
+    return 1;
+#else
+    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_ECDHE,
+             ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
+{
+    long alg_k;
+    EVP_PKEY *pkey = NULL;
+    EVP_MD_CTX *md_ctx = NULL;
+    EVP_PKEY_CTX *pctx = NULL;
+    PACKET save_param_start, signature;
+
+    alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+
+    save_param_start = *pkt;
+
+#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
+    EVP_PKEY_free(s->s3->peer_tmp);
+    s->s3->peer_tmp = NULL;
+#endif
+
+    if (alg_k & SSL_PSK) {
+        if (!tls_process_ske_psk_preamble(s, pkt)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    }
+
+    /* Nothing else to do for plain PSK or RSAPSK */
+    if (alg_k & (SSL_kPSK | SSL_kRSAPSK)) {
+    } else if (alg_k & SSL_kSRP) {
+        if (!tls_process_ske_srp(s, pkt, &pkey)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    } else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
+        if (!tls_process_ske_dhe(s, pkt, &pkey)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    } else if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) {
+        if (!tls_process_ske_ecdhe(s, pkt, &pkey)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    } else if (alg_k) {
+        SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_TLS_PROCESS_KEY_EXCHANGE,
+                 SSL_R_UNEXPECTED_MESSAGE);
+        goto err;
+    }
+
+    /* if it was signed, check the signature */
+    if (pkey != NULL) {
+        PACKET params;
+        int maxsig;
+        const EVP_MD *md = NULL;
+        unsigned char *tbs;
+        size_t tbslen;
+        int rv;
+
+        /*
+         * |pkt| now points to the beginning of the signature, so the difference
+         * equals the length of the parameters.
+         */
+        if (!PACKET_get_sub_packet(&save_param_start, &params,
+                                   PACKET_remaining(&save_param_start) -
+                                   PACKET_remaining(pkt))) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        if (SSL_USE_SIGALGS(s)) {
+            unsigned int sigalg;
+
+            if (!PACKET_get_net_2(pkt, &sigalg)) {
+                SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,
+                         SSL_R_LENGTH_TOO_SHORT);
+                goto err;
+            }
+            if (tls12_check_peer_sigalg(s, sigalg, pkey) <=0) {
+                /* SSLfatal() already called */
+                goto err;
+            }
+        } else if (!tls1_set_peer_legacy_sigalg(s, pkey)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        if (!tls1_lookup_md(s->s3->tmp.peer_sigalg, &md)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+#ifdef SSL_DEBUG
+        if (SSL_USE_SIGALGS(s))
+            fprintf(stderr, "USING TLSv1.2 HASH %s\n",
+                    md == NULL ? "n/a" : EVP_MD_name(md));
+#endif
+
+        if (!PACKET_get_length_prefixed_2(pkt, &signature)
+            || PACKET_remaining(pkt) != 0) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,
+                     SSL_R_LENGTH_MISMATCH);
+            goto err;
+        }
+        maxsig = EVP_PKEY_size(pkey);
+        if (maxsig < 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        /*
+         * Check signature length
+         */
+        if (PACKET_remaining(&signature) > (size_t)maxsig) {
+            /* wrong packet length */
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,
+                   SSL_R_WRONG_SIGNATURE_LENGTH);
+            goto err;
+        }
+
+        md_ctx = EVP_MD_CTX_new();
+        if (md_ctx == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,
+                     ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        if (EVP_DigestVerifyInit(md_ctx, &pctx, md, NULL, pkey) <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,
+                     ERR_R_EVP_LIB);
+            goto err;
+        }
+        if (SSL_USE_PSS(s)) {
+            if (EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) <= 0
+                || EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx,
+                                                RSA_PSS_SALTLEN_DIGEST) <= 0) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_EVP_LIB);
+                goto err;
+            }
+        }
+        tbslen = construct_key_exchange_tbs(s, &tbs, PACKET_data(&params),
+                                            PACKET_remaining(&params));
+        if (tbslen == 0) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+
+        rv = EVP_DigestVerify(md_ctx, PACKET_data(&signature),
+                              PACKET_remaining(&signature), tbs, tbslen);
+        OPENSSL_free(tbs);
+        if (rv <= 0) {
+            SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,
+                     SSL_R_BAD_SIGNATURE);
+            goto err;
+        }
+        EVP_MD_CTX_free(md_ctx);
+        md_ctx = NULL;
+    } else {
+        /* aNULL, aSRP or PSK do not need public keys */
+        if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
+            && !(alg_k & SSL_PSK)) {
+            /* Might be wrong key type, check it */
+            if (ssl3_check_cert_and_algorithm(s)) {
+                SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,
+                         SSL_R_BAD_DATA);
+            }
+            /* else this shouldn't happen, SSLfatal() already called */
+            goto err;
+        }
+        /* still data left over */
+        if (PACKET_remaining(pkt) != 0) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,
+                     SSL_R_EXTRA_DATA_IN_MESSAGE);
+            goto err;
+        }
+    }
+
+    return MSG_PROCESS_CONTINUE_READING;
+ err:
+    EVP_MD_CTX_free(md_ctx);
+    return MSG_PROCESS_ERROR;
+}
+
+MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt)
+{
+    size_t i;
+
+    /* Clear certificate validity flags */
+    for (i = 0; i < SSL_PKEY_NUM; i++)
+        s->s3->tmp.valid_flags[i] = 0;
+
+    if (SSL_IS_TLS13(s)) {
+        PACKET reqctx, extensions;
+        RAW_EXTENSION *rawexts = NULL;
+
+        if ((s->shutdown & SSL_SENT_SHUTDOWN) != 0) {
+            /*
+             * We already sent close_notify. This can only happen in TLSv1.3
+             * post-handshake messages. We can't reasonably respond to this, so
+             * we just ignore it
+             */
+            return MSG_PROCESS_FINISHED_READING;
+        }
+
+        /* Free and zero certificate types: it is not present in TLS 1.3 */
+        OPENSSL_free(s->s3->tmp.ctype);
+        s->s3->tmp.ctype = NULL;
+        s->s3->tmp.ctype_len = 0;
+        OPENSSL_free(s->pha_context);
+        s->pha_context = NULL;
+
+        if (!PACKET_get_length_prefixed_1(pkt, &reqctx) ||
+            !PACKET_memdup(&reqctx, &s->pha_context, &s->pha_context_len)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST,
+                     SSL_R_LENGTH_MISMATCH);
+            return MSG_PROCESS_ERROR;
+        }
+
+        if (!PACKET_get_length_prefixed_2(pkt, &extensions)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST,
+                     SSL_R_BAD_LENGTH);
+            return MSG_PROCESS_ERROR;
+        }
+        if (!tls_collect_extensions(s, &extensions,
+                                    SSL_EXT_TLS1_3_CERTIFICATE_REQUEST,
+                                    &rawexts, NULL, 1)
+            || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_CERTIFICATE_REQUEST,
+                                         rawexts, NULL, 0, 1)) {
+            /* SSLfatal() already called */
+            OPENSSL_free(rawexts);
+            return MSG_PROCESS_ERROR;
+        }
+        OPENSSL_free(rawexts);
+        if (!tls1_process_sigalgs(s)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST,
+                     SSL_R_BAD_LENGTH);
+            return MSG_PROCESS_ERROR;
+        }
+    } else {
+        PACKET ctypes;
+
+        /* get the certificate types */
+        if (!PACKET_get_length_prefixed_1(pkt, &ctypes)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST,
+                     SSL_R_LENGTH_MISMATCH);
+            return MSG_PROCESS_ERROR;
+        }
+
+        if (!PACKET_memdup(&ctypes, &s->s3->tmp.ctype, &s->s3->tmp.ctype_len)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST,
+                     ERR_R_INTERNAL_ERROR);
+            return MSG_PROCESS_ERROR;
+        }
+
+        if (SSL_USE_SIGALGS(s)) {
+            PACKET sigalgs;
+
+            if (!PACKET_get_length_prefixed_2(pkt, &sigalgs)) {
+                SSLfatal(s, SSL_AD_DECODE_ERROR,
+                         SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST,
+                         SSL_R_LENGTH_MISMATCH);
+                return MSG_PROCESS_ERROR;
+            }
+
+            /*
+             * Despite this being for certificates, preserve compatibility
+             * with pre-TLS 1.3 and use the regular sigalgs field.
+             */
+            if (!tls1_save_sigalgs(s, &sigalgs, 0)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST,
+                         SSL_R_SIGNATURE_ALGORITHMS_ERROR);
+                return MSG_PROCESS_ERROR;
+            }
+            if (!tls1_process_sigalgs(s)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST,
+                         ERR_R_MALLOC_FAILURE);
+                return MSG_PROCESS_ERROR;
+            }
+        }
+
+        /* get the CA RDNs */
+        if (!parse_ca_names(s, pkt)) {
+            /* SSLfatal() already called */
+            return MSG_PROCESS_ERROR;
+        }
+    }
+
+    if (PACKET_remaining(pkt) != 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST,
+                 SSL_R_LENGTH_MISMATCH);
+        return MSG_PROCESS_ERROR;
+    }
+
+    /* we should setup a certificate to return.... */
+    s->s3->tmp.cert_req = 1;
+
+    /*
+     * In TLSv1.3 we don't prepare the client certificate yet. We wait until
+     * after the CertificateVerify message has been received. This is because
+     * in TLSv1.3 the CertificateRequest arrives before the Certificate message
+     * but in TLSv1.2 it is the other way around. We want to make sure that
+     * SSL_get_peer_certificate() returns something sensible in
+     * client_cert_cb.
+     */
+    if (SSL_IS_TLS13(s) && s->post_handshake_auth != SSL_PHA_REQUESTED)
+        return MSG_PROCESS_CONTINUE_READING;
+
+    return MSG_PROCESS_CONTINUE_PROCESSING;
+}
+
+MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt)
+{
+    unsigned int ticklen;
+    unsigned long ticket_lifetime_hint, age_add = 0;
+    unsigned int sess_len;
+    RAW_EXTENSION *exts = NULL;
+    PACKET nonce;
+
+    PACKET_null_init(&nonce);
+
+    if (!PACKET_get_net_4(pkt, &ticket_lifetime_hint)
+        || (SSL_IS_TLS13(s)
+            && (!PACKET_get_net_4(pkt, &age_add)
+                || !PACKET_get_length_prefixed_1(pkt, &nonce)))
+        || !PACKET_get_net_2(pkt, &ticklen)
+        || (SSL_IS_TLS13(s) ? (ticklen == 0 || PACKET_remaining(pkt) < ticklen)
+                            : PACKET_remaining(pkt) != ticklen)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_NEW_SESSION_TICKET,
+                 SSL_R_LENGTH_MISMATCH);
+        goto err;
+    }
+
+    /*
+     * Server is allowed to change its mind (in <=TLSv1.2) and send an empty
+     * ticket. We already checked this TLSv1.3 case above, so it should never
+     * be 0 here in that instance
+     */
+    if (ticklen == 0)
+        return MSG_PROCESS_CONTINUE_READING;
+
+    /*
+     * Sessions must be immutable once they go into the session cache. Otherwise
+     * we can get multi-thread problems. Therefore we don't "update" sessions,
+     * we replace them with a duplicate. In TLSv1.3 we need to do this every
+     * time a NewSessionTicket arrives because those messages arrive
+     * post-handshake and the session may have already gone into the session
+     * cache.
+     */
+    if (SSL_IS_TLS13(s) || s->session->session_id_length > 0) {
+        SSL_SESSION *new_sess;
+
+        /*
+         * We reused an existing session, so we need to replace it with a new
+         * one
+         */
+        if ((new_sess = ssl_session_dup(s->session, 0)) == 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_PROCESS_NEW_SESSION_TICKET,
+                     ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        if ((s->session_ctx->session_cache_mode & SSL_SESS_CACHE_CLIENT) != 0
+                && !SSL_IS_TLS13(s)) {
+            /*
+             * In TLSv1.2 and below the arrival of a new tickets signals that
+             * any old ticket we were using is now out of date, so we remove the
+             * old session from the cache. We carry on if this fails
+             */
+            SSL_CTX_remove_session(s->session_ctx, s->session);
+        }
+
+        SSL_SESSION_free(s->session);
+        s->session = new_sess;
+    }
+
+    /*
+     * Technically the cast to long here is not guaranteed by the C standard -
+     * but we use it elsewhere, so this should be ok.
+     */
+    s->session->time = (long)time(NULL);
+
+    OPENSSL_free(s->session->ext.tick);
+    s->session->ext.tick = NULL;
+    s->session->ext.ticklen = 0;
+
+    s->session->ext.tick = OPENSSL_malloc(ticklen);
+    if (s->session->ext.tick == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_NEW_SESSION_TICKET,
+                 ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (!PACKET_copy_bytes(pkt, s->session->ext.tick, ticklen)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_NEW_SESSION_TICKET,
+                 SSL_R_LENGTH_MISMATCH);
+        goto err;
+    }
+
+    s->session->ext.tick_lifetime_hint = ticket_lifetime_hint;
+    s->session->ext.tick_age_add = age_add;
+    s->session->ext.ticklen = ticklen;
+
+    if (SSL_IS_TLS13(s)) {
+        PACKET extpkt;
+
+        if (!PACKET_as_length_prefixed_2(pkt, &extpkt)
+                || PACKET_remaining(pkt) != 0) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PROCESS_NEW_SESSION_TICKET,
+                     SSL_R_LENGTH_MISMATCH);
+            goto err;
+        }
+
+        if (!tls_collect_extensions(s, &extpkt,
+                                    SSL_EXT_TLS1_3_NEW_SESSION_TICKET, &exts,
+                                    NULL, 1)
+                || !tls_parse_all_extensions(s,
+                                             SSL_EXT_TLS1_3_NEW_SESSION_TICKET,
+                                             exts, NULL, 0, 1)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    }
+
+    /*
+     * There are two ways to detect a resumed ticket session. One is to set
+     * an appropriate session ID and then the server must return a match in
+     * ServerHello. This allows the normal client session ID matching to work
+     * and we know much earlier that the ticket has been accepted. The
+     * other way is to set zero length session ID when the ticket is
+     * presented and rely on the handshake to determine session resumption.
+     * We choose the former approach because this fits in with assumptions
+     * elsewhere in OpenSSL. The session ID is set to the SHA256 (or SHA1 is
+     * SHA256 is disabled) hash of the ticket.
+     */
+    /*
+     * TODO(size_t): we use sess_len here because EVP_Digest expects an int
+     * but s->session->session_id_length is a size_t
+     */
+    if (!EVP_Digest(s->session->ext.tick, ticklen,
+                    s->session->session_id, &sess_len,
+                    EVP_sha256(), NULL)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_NEW_SESSION_TICKET,
+                 ERR_R_EVP_LIB);
+        goto err;
+    }
+    s->session->session_id_length = sess_len;
+    s->session->not_resumable = 0;
+
+    /* This is a standalone message in TLSv1.3, so there is no more to read */
+    if (SSL_IS_TLS13(s)) {
+        const EVP_MD *md = ssl_handshake_md(s);
+        int hashleni = EVP_MD_size(md);
+        size_t hashlen;
+        static const unsigned char nonce_label[] = "resumption";
+
+        /* Ensure cast to size_t is safe */
+        if (!ossl_assert(hashleni >= 0)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_PROCESS_NEW_SESSION_TICKET,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        hashlen = (size_t)hashleni;
+
+        if (!tls13_hkdf_expand(s, md, s->resumption_master_secret,
+                               nonce_label,
+                               sizeof(nonce_label) - 1,
+                               PACKET_data(&nonce),
+                               PACKET_remaining(&nonce),
+                               s->session->master_key,
+                               hashlen, 1)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+        s->session->master_key_length = hashlen;
+
+        OPENSSL_free(exts);
+        ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
+        return MSG_PROCESS_FINISHED_READING;
+    }
+
+    return MSG_PROCESS_CONTINUE_READING;
+ err:
+    OPENSSL_free(exts);
+    return MSG_PROCESS_ERROR;
+}
+
+/*
+ * In TLSv1.3 this is called from the extensions code, otherwise it is used to
+ * parse a separate message. Returns 1 on success or 0 on failure
+ */
+int tls_process_cert_status_body(SSL *s, PACKET *pkt)
+{
+    size_t resplen;
+    unsigned int type;
+
+    if (!PACKET_get_1(pkt, &type)
+        || type != TLSEXT_STATUSTYPE_ocsp) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CERT_STATUS_BODY,
+                 SSL_R_UNSUPPORTED_STATUS_TYPE);
+        return 0;
+    }
+    if (!PACKET_get_net_3_len(pkt, &resplen)
+        || PACKET_remaining(pkt) != resplen) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CERT_STATUS_BODY,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+    s->ext.ocsp.resp = OPENSSL_malloc(resplen);
+    if (s->ext.ocsp.resp == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_STATUS_BODY,
+                 ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    if (!PACKET_copy_bytes(pkt, s->ext.ocsp.resp, resplen)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CERT_STATUS_BODY,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+    s->ext.ocsp.resp_len = resplen;
+
+    return 1;
+}
+
+
+MSG_PROCESS_RETURN tls_process_cert_status(SSL *s, PACKET *pkt)
+{
+    if (!tls_process_cert_status_body(s, pkt)) {
+        /* SSLfatal() already called */
+        return MSG_PROCESS_ERROR;
+    }
+
+    return MSG_PROCESS_CONTINUE_READING;
+}
+
+/*
+ * Perform miscellaneous checks and processing after we have received the
+ * server's initial flight. In TLS1.3 this is after the Server Finished message.
+ * In <=TLS1.2 this is after the ServerDone message. Returns 1 on success or 0
+ * on failure.
+ */
+int tls_process_initial_server_flight(SSL *s)
+{
+    /*
+     * at this point we check that we have the required stuff from
+     * the server
+     */
+    if (!ssl3_check_cert_and_algorithm(s)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    /*
+     * Call the ocsp status callback if needed. The |ext.ocsp.resp| and
+     * |ext.ocsp.resp_len| values will be set if we actually received a status
+     * message, or NULL and -1 otherwise
+     */
+    if (s->ext.status_type != TLSEXT_STATUSTYPE_nothing
+            && s->ctx->ext.status_cb != NULL) {
+        int ret = s->ctx->ext.status_cb(s, s->ctx->ext.status_arg);
+
+        if (ret == 0) {
+            SSLfatal(s, SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE,
+                     SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT,
+                     SSL_R_INVALID_STATUS_RESPONSE);
+            return 0;
+        }
+        if (ret < 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT,
+                     ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+    }
+#ifndef OPENSSL_NO_CT
+    if (s->ct_validation_callback != NULL) {
+        /* Note we validate the SCTs whether or not we abort on error */
+        if (!ssl_validate_ct(s) && (s->verify_mode & SSL_VERIFY_PEER)) {
+            /* SSLfatal() already called */
+            return 0;
+        }
+    }
+#endif
+
+    return 1;
+}
+
+MSG_PROCESS_RETURN tls_process_server_done(SSL *s, PACKET *pkt)
+{
+    if (PACKET_remaining(pkt) > 0) {
+        /* should contain no data */
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_DONE,
+                 SSL_R_LENGTH_MISMATCH);
+        return MSG_PROCESS_ERROR;
+    }
+#ifndef OPENSSL_NO_SRP
+    if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) {
+        if (SRP_Calc_A_param(s) <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SERVER_DONE,
+                     SSL_R_SRP_A_CALC);
+            return MSG_PROCESS_ERROR;
+        }
+    }
+#endif
+
+    if (!tls_process_initial_server_flight(s)) {
+        /* SSLfatal() already called */
+        return MSG_PROCESS_ERROR;
+    }
+
+    return MSG_PROCESS_FINISHED_READING;
+}
+
+static int tls_construct_cke_psk_preamble(SSL *s, WPACKET *pkt)
+{
+#ifndef OPENSSL_NO_PSK
+    int ret = 0;
+    /*
+     * The callback needs PSK_MAX_IDENTITY_LEN + 1 bytes to return a
+     * \0-terminated identity. The last byte is for us for simulating
+     * strnlen.
+     */
+    char identity[PSK_MAX_IDENTITY_LEN + 1];
+    size_t identitylen = 0;
+    unsigned char psk[PSK_MAX_PSK_LEN];
+    unsigned char *tmppsk = NULL;
+    char *tmpidentity = NULL;
+    size_t psklen = 0;
+
+    if (s->psk_client_callback == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE,
+                 SSL_R_PSK_NO_CLIENT_CB);
+        goto err;
+    }
+
+    memset(identity, 0, sizeof(identity));
+
+    psklen = s->psk_client_callback(s, s->session->psk_identity_hint,
+                                    identity, sizeof(identity) - 1,
+                                    psk, sizeof(psk));
+
+    if (psklen > PSK_MAX_PSK_LEN) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                 SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, ERR_R_INTERNAL_ERROR);
+        goto err;
+    } else if (psklen == 0) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                 SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE,
+                 SSL_R_PSK_IDENTITY_NOT_FOUND);
+        goto err;
+    }
+
+    identitylen = strlen(identity);
+    if (identitylen > PSK_MAX_IDENTITY_LEN) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    tmppsk = OPENSSL_memdup(psk, psklen);
+    tmpidentity = OPENSSL_strdup(identity);
+    if (tmppsk == NULL || tmpidentity == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE,
+                 ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    OPENSSL_free(s->s3->tmp.psk);
+    s->s3->tmp.psk = tmppsk;
+    s->s3->tmp.psklen = psklen;
+    tmppsk = NULL;
+    OPENSSL_free(s->session->psk_identity);
+    s->session->psk_identity = tmpidentity;
+    tmpidentity = NULL;
+
+    if (!WPACKET_sub_memcpy_u16(pkt, identity, identitylen))  {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    ret = 1;
+
+ err:
+    OPENSSL_cleanse(psk, psklen);
+    OPENSSL_cleanse(identity, sizeof(identity));
+    OPENSSL_clear_free(tmppsk, psklen);
+    OPENSSL_clear_free(tmpidentity, identitylen);
+
+    return ret;
+#else
+    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE,
+             ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+static int tls_construct_cke_rsa(SSL *s, WPACKET *pkt)
+{
+#ifndef OPENSSL_NO_RSA
+    unsigned char *encdata = NULL;
+    EVP_PKEY *pkey = NULL;
+    EVP_PKEY_CTX *pctx = NULL;
+    size_t enclen;
+    unsigned char *pms = NULL;
+    size_t pmslen = 0;
+
+    if (s->session->peer == NULL) {
+        /*
+         * We should always have a server certificate with SSL_kRSA.
+         */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    pkey = X509_get0_pubkey(s->session->peer);
+    if (EVP_PKEY_get0_RSA(pkey) == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    pmslen = SSL_MAX_MASTER_KEY_LENGTH;
+    pms = OPENSSL_malloc(pmslen);
+    if (pms == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA,
+                 ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    pms[0] = s->client_version >> 8;
+    pms[1] = s->client_version & 0xff;
+    /* TODO(size_t): Convert this function */
+    if (RAND_bytes(pms + 2, (int)(pmslen - 2)) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA,
+                 ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* Fix buf for TLS and beyond */
+    if (s->version > SSL3_VERSION && !WPACKET_start_sub_packet_u16(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    pctx = EVP_PKEY_CTX_new(pkey, NULL);
+    if (pctx == NULL || EVP_PKEY_encrypt_init(pctx) <= 0
+        || EVP_PKEY_encrypt(pctx, NULL, &enclen, pms, pmslen) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA,
+                 ERR_R_EVP_LIB);
+        goto err;
+    }
+    if (!WPACKET_allocate_bytes(pkt, enclen, &encdata)
+            || EVP_PKEY_encrypt(pctx, encdata, &enclen, pms, pmslen) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA,
+                 SSL_R_BAD_RSA_ENCRYPT);
+        goto err;
+    }
+    EVP_PKEY_CTX_free(pctx);
+    pctx = NULL;
+
+    /* Fix buf for TLS and beyond */
+    if (s->version > SSL3_VERSION && !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    /* Log the premaster secret, if logging is enabled. */
+    if (!ssl_log_rsa_client_key_exchange(s, encdata, enclen, pms, pmslen)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    s->s3->tmp.pms = pms;
+    s->s3->tmp.pmslen = pmslen;
+
+    return 1;
+ err:
+    OPENSSL_clear_free(pms, pmslen);
+    EVP_PKEY_CTX_free(pctx);
+
+    return 0;
+#else
+    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA,
+             ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+static int tls_construct_cke_dhe(SSL *s, WPACKET *pkt)
+{
+#ifndef OPENSSL_NO_DH
+    DH *dh_clnt = NULL;
+    const BIGNUM *pub_key;
+    EVP_PKEY *ckey = NULL, *skey = NULL;
+    unsigned char *keybytes = NULL;
+
+    skey = s->s3->peer_tmp;
+    if (skey == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_DHE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    ckey = ssl_generate_pkey(skey);
+    if (ckey == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_DHE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    dh_clnt = EVP_PKEY_get0_DH(ckey);
+
+    if (dh_clnt == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_DHE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    if (ssl_derive(s, ckey, skey, 0) == 0) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    /* send off the data */
+    DH_get0_key(dh_clnt, &pub_key, NULL);
+    if (!WPACKET_sub_allocate_bytes_u16(pkt, BN_num_bytes(pub_key),
+                                        &keybytes)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_DHE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    BN_bn2bin(pub_key, keybytes);
+    EVP_PKEY_free(ckey);
+
+    return 1;
+ err:
+    EVP_PKEY_free(ckey);
+    return 0;
+#else
+    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_DHE,
+             ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+static int tls_construct_cke_ecdhe(SSL *s, WPACKET *pkt)
+{
+#ifndef OPENSSL_NO_EC
+    unsigned char *encodedPoint = NULL;
+    size_t encoded_pt_len = 0;
+    EVP_PKEY *ckey = NULL, *skey = NULL;
+    int ret = 0;
+
+    skey = s->s3->peer_tmp;
+    if (skey == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_ECDHE,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    ckey = ssl_generate_pkey(skey);
+    if (ckey == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_ECDHE,
+                 ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (ssl_derive(s, ckey, skey, 0) == 0) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    /* Generate encoding of client key */
+    encoded_pt_len = EVP_PKEY_get1_tls_encodedpoint(ckey, &encodedPoint);
+
+    if (encoded_pt_len == 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_ECDHE,
+                 ERR_R_EC_LIB);
+        goto err;
+    }
+
+    if (!WPACKET_sub_memcpy_u8(pkt, encodedPoint, encoded_pt_len)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_ECDHE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    ret = 1;
+ err:
+    OPENSSL_free(encodedPoint);
+    EVP_PKEY_free(ckey);
+    return ret;
+#else
+    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_ECDHE,
+             ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+static int tls_construct_cke_gost(SSL *s, WPACKET *pkt)
+{
+#ifndef OPENSSL_NO_GOST
+    /* GOST key exchange message creation */
+    EVP_PKEY_CTX *pkey_ctx = NULL;
+    X509 *peer_cert;
+    size_t msglen;
+    unsigned int md_len;
+    unsigned char shared_ukm[32], tmp[256];
+    EVP_MD_CTX *ukm_hash = NULL;
+    int dgst_nid = NID_id_GostR3411_94;
+    unsigned char *pms = NULL;
+    size_t pmslen = 0;
+
+    if ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aGOST12) != 0)
+        dgst_nid = NID_id_GostR3411_2012_256;
+
+    /*
+     * Get server certificate PKEY and create ctx from it
+     */
+    peer_cert = s->session->peer;
+    if (!peer_cert) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_CONSTRUCT_CKE_GOST,
+               SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
+        return 0;
+    }
+
+    pkey_ctx = EVP_PKEY_CTX_new(X509_get0_pubkey(peer_cert), NULL);
+    if (pkey_ctx == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST,
+                 ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    /*
+     * If we have send a certificate, and certificate key
+     * parameters match those of server certificate, use
+     * certificate key for key exchange
+     */
+
+    /* Otherwise, generate ephemeral key pair */
+    pmslen = 32;
+    pms = OPENSSL_malloc(pmslen);
+    if (pms == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST,
+                 ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (EVP_PKEY_encrypt_init(pkey_ctx) <= 0
+        /* Generate session key
+         * TODO(size_t): Convert this function
+         */
+        || RAND_bytes(pms, (int)pmslen) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    };
+    /*
+     * Compute shared IV and store it in algorithm-specific context
+     * data
+     */
+    ukm_hash = EVP_MD_CTX_new();
+    if (ukm_hash == NULL
+        || EVP_DigestInit(ukm_hash, EVP_get_digestbynid(dgst_nid)) <= 0
+        || EVP_DigestUpdate(ukm_hash, s->s3->client_random,
+                            SSL3_RANDOM_SIZE) <= 0
+        || EVP_DigestUpdate(ukm_hash, s->s3->server_random,
+                            SSL3_RANDOM_SIZE) <= 0
+        || EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    EVP_MD_CTX_free(ukm_hash);
+    ukm_hash = NULL;
+    if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT,
+                          EVP_PKEY_CTRL_SET_IV, 8, shared_ukm) < 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST,
+                 SSL_R_LIBRARY_BUG);
+        goto err;
+    }
+    /* Make GOST keytransport blob message */
+    /*
+     * Encapsulate it into sequence
+     */
+    msglen = 255;
+    if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, pms, pmslen) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST,
+                 SSL_R_LIBRARY_BUG);
+        goto err;
+    }
+
+    if (!WPACKET_put_bytes_u8(pkt, V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED)
+            || (msglen >= 0x80 && !WPACKET_put_bytes_u8(pkt, 0x81))
+            || !WPACKET_sub_memcpy_u8(pkt, tmp, msglen)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    EVP_PKEY_CTX_free(pkey_ctx);
+    s->s3->tmp.pms = pms;
+    s->s3->tmp.pmslen = pmslen;
+
+    return 1;
+ err:
+    EVP_PKEY_CTX_free(pkey_ctx);
+    OPENSSL_clear_free(pms, pmslen);
+    EVP_MD_CTX_free(ukm_hash);
+    return 0;
+#else
+    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST,
+             ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+static int tls_construct_cke_srp(SSL *s, WPACKET *pkt)
+{
+#ifndef OPENSSL_NO_SRP
+    unsigned char *abytes = NULL;
+
+    if (s->srp_ctx.A == NULL
+            || !WPACKET_sub_allocate_bytes_u16(pkt, BN_num_bytes(s->srp_ctx.A),
+                                               &abytes)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_SRP,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    BN_bn2bin(s->srp_ctx.A, abytes);
+
+    OPENSSL_free(s->session->srp_username);
+    s->session->srp_username = OPENSSL_strdup(s->srp_ctx.login);
+    if (s->session->srp_username == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_SRP,
+                 ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    return 1;
+#else
+    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_SRP,
+             ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+int tls_construct_client_key_exchange(SSL *s, WPACKET *pkt)
+{
+    unsigned long alg_k;
+
+    alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+
+    /*
+     * All of the construct functions below call SSLfatal() if necessary so
+     * no need to do so here.
+     */
+    if ((alg_k & SSL_PSK)
+        && !tls_construct_cke_psk_preamble(s, pkt))
+        goto err;
+
+    if (alg_k & (SSL_kRSA | SSL_kRSAPSK)) {
+        if (!tls_construct_cke_rsa(s, pkt))
+            goto err;
+    } else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
+        if (!tls_construct_cke_dhe(s, pkt))
+            goto err;
+    } else if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) {
+        if (!tls_construct_cke_ecdhe(s, pkt))
+            goto err;
+    } else if (alg_k & SSL_kGOST) {
+        if (!tls_construct_cke_gost(s, pkt))
+            goto err;
+    } else if (alg_k & SSL_kSRP) {
+        if (!tls_construct_cke_srp(s, pkt))
+            goto err;
+    } else if (!(alg_k & SSL_kPSK)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    return 1;
+ err:
+    OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
+    s->s3->tmp.pms = NULL;
+#ifndef OPENSSL_NO_PSK
+    OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen);
+    s->s3->tmp.psk = NULL;
+#endif
+    return 0;
+}
+
+int tls_client_key_exchange_post_work(SSL *s)
+{
+    unsigned char *pms = NULL;
+    size_t pmslen = 0;
+
+    pms = s->s3->tmp.pms;
+    pmslen = s->s3->tmp.pmslen;
+
+#ifndef OPENSSL_NO_SRP
+    /* Check for SRP */
+    if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) {
+        if (!srp_generate_client_master_secret(s)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+        return 1;
+    }
+#endif
+
+    if (pms == NULL && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (!ssl_generate_master_secret(s, pms, pmslen, 1)) {
+        /* SSLfatal() already called */
+        /* ssl_generate_master_secret frees the pms even on error */
+        pms = NULL;
+        pmslen = 0;
+        goto err;
+    }
+    pms = NULL;
+    pmslen = 0;
+
+#ifndef OPENSSL_NO_SCTP
+    if (SSL_IS_DTLS(s)) {
+        unsigned char sctpauthkey[64];
+        char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
+        size_t labellen;
+
+        /*
+         * Add new shared key for SCTP-Auth, will be ignored if no SCTP
+         * used.
+         */
+        memcpy(labelbuffer, DTLS1_SCTP_AUTH_LABEL,
+               sizeof(DTLS1_SCTP_AUTH_LABEL));
+
+        /* Don't include the terminating zero. */
+        labellen = sizeof(labelbuffer) - 1;
+        if (s->mode & SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG)
+            labellen += 1;
+
+        if (SSL_export_keying_material(s, sctpauthkey,
+                                       sizeof(sctpauthkey), labelbuffer,
+                                       labellen, NULL, 0, 0) <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
+                 sizeof(sctpauthkey), sctpauthkey);
+    }
+#endif
+
+    return 1;
+ err:
+    OPENSSL_clear_free(pms, pmslen);
+    s->s3->tmp.pms = NULL;
+    return 0;
+}
+
+/*
+ * Check a certificate can be used for client authentication. Currently check
+ * cert exists, if we have a suitable digest for TLS 1.2 if static DH client
+ * certificates can be used and optionally checks suitability for Suite B.
+ */
+static int ssl3_check_client_certificate(SSL *s)
+{
+    /* If no suitable signature algorithm can't use certificate */
+    if (!tls_choose_sigalg(s, 0) || s->s3->tmp.sigalg == NULL)
+        return 0;
+    /*
+     * If strict mode check suitability of chain before using it. This also
+     * adjusts suite B digest if necessary.
+     */
+    if (s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT &&
+        !tls1_check_chain(s, NULL, NULL, NULL, -2))
+        return 0;
+    return 1;
+}
+
+WORK_STATE tls_prepare_client_certificate(SSL *s, WORK_STATE wst)
+{
+    X509 *x509 = NULL;
+    EVP_PKEY *pkey = NULL;
+    int i;
+
+    if (wst == WORK_MORE_A) {
+        /* Let cert callback update client certificates if required */
+        if (s->cert->cert_cb) {
+            i = s->cert->cert_cb(s, s->cert->cert_cb_arg);
+            if (i < 0) {
+                s->rwstate = SSL_X509_LOOKUP;
+                return WORK_MORE_A;
+            }
+            if (i == 0) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE,
+                         SSL_R_CALLBACK_FAILED);
+                return WORK_ERROR;
+            }
+            s->rwstate = SSL_NOTHING;
+        }
+        if (ssl3_check_client_certificate(s)) {
+            if (s->post_handshake_auth == SSL_PHA_REQUESTED) {
+                return WORK_FINISHED_STOP;
+            }
+            return WORK_FINISHED_CONTINUE;
+        }
+
+        /* Fall through to WORK_MORE_B */
+        wst = WORK_MORE_B;
+    }
+
+    /* We need to get a client cert */
+    if (wst == WORK_MORE_B) {
+        /*
+         * If we get an error, we need to ssl->rwstate=SSL_X509_LOOKUP;
+         * return(-1); We then get retied later
+         */
+        i = ssl_do_client_cert_cb(s, &x509, &pkey);
+        if (i < 0) {
+            s->rwstate = SSL_X509_LOOKUP;
+            return WORK_MORE_B;
+        }
+        s->rwstate = SSL_NOTHING;
+        if ((i == 1) && (pkey != NULL) && (x509 != NULL)) {
+            if (!SSL_use_certificate(s, x509) || !SSL_use_PrivateKey(s, pkey))
+                i = 0;
+        } else if (i == 1) {
+            i = 0;
+            SSLerr(SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE,
+                   SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
+        }
+
+        X509_free(x509);
+        EVP_PKEY_free(pkey);
+        if (i && !ssl3_check_client_certificate(s))
+            i = 0;
+        if (i == 0) {
+            if (s->version == SSL3_VERSION) {
+                s->s3->tmp.cert_req = 0;
+                ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_CERTIFICATE);
+                return WORK_FINISHED_CONTINUE;
+            } else {
+                s->s3->tmp.cert_req = 2;
+                if (!ssl3_digest_cached_records(s, 0)) {
+                    /* SSLfatal() already called */
+                    return WORK_ERROR;
+                }
+            }
+        }
+
+        if (s->post_handshake_auth == SSL_PHA_REQUESTED)
+            return WORK_FINISHED_STOP;
+        return WORK_FINISHED_CONTINUE;
+    }
+
+    /* Shouldn't ever get here */
+    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE,
+             ERR_R_INTERNAL_ERROR);
+    return WORK_ERROR;
+}
+
+int tls_construct_client_certificate(SSL *s, WPACKET *pkt)
+{
+    if (SSL_IS_TLS13(s)) {
+        if (s->pha_context == NULL) {
+            /* no context available, add 0-length context */
+            if (!WPACKET_put_bytes_u8(pkt, 0)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE, ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+        } else if (!WPACKET_sub_memcpy_u8(pkt, s->pha_context, s->pha_context_len)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE, ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+    }
+    if (!ssl3_output_cert_chain(s, pkt,
+                                (s->s3->tmp.cert_req == 2) ? NULL
+                                                           : s->cert->key)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    if (SSL_IS_TLS13(s)
+            && SSL_IS_FIRST_HANDSHAKE(s)
+            && (!s->method->ssl3_enc->change_cipher_state(s,
+                    SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_WRITE))) {
+        /*
+         * This is a fatal error, which leaves enc_write_ctx in an inconsistent
+         * state and thus ssl3_send_alert may crash.
+         */
+        SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE,
+                 SSL_R_CANNOT_CHANGE_CIPHER);
+        return 0;
+    }
+
+    return 1;
+}
+
+int ssl3_check_cert_and_algorithm(SSL *s)
+{
+    const SSL_CERT_LOOKUP *clu;
+    size_t idx;
+    long alg_k, alg_a;
+
+    alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+    alg_a = s->s3->tmp.new_cipher->algorithm_auth;
+
+    /* we don't have a certificate */
+    if (!(alg_a & SSL_aCERT))
+        return 1;
+
+    /* This is the passed certificate */
+    clu = ssl_cert_lookup_by_pkey(X509_get0_pubkey(s->session->peer), &idx);
+
+    /* Check certificate is recognised and suitable for cipher */
+    if (clu == NULL || (alg_a & clu->amask) == 0) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                 SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
+                 SSL_R_MISSING_SIGNING_CERT);
+        return 0;
+    }
+
+#ifndef OPENSSL_NO_EC
+    if (clu->amask & SSL_aECDSA) {
+        if (ssl_check_srvr_ecc_cert_and_alg(s->session->peer, s))
+            return 1;
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                 SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_BAD_ECC_CERT);
+        return 0;
+    }
+#endif
+#ifndef OPENSSL_NO_RSA
+    if (alg_k & (SSL_kRSA | SSL_kRSAPSK) && idx != SSL_PKEY_RSA) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                 SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
+                 SSL_R_MISSING_RSA_ENCRYPTING_CERT);
+        return 0;
+    }
+#endif
+#ifndef OPENSSL_NO_DH
+    if ((alg_k & SSL_kDHE) && (s->s3->peer_tmp == NULL)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+#endif
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+int tls_construct_next_proto(SSL *s, WPACKET *pkt)
+{
+    size_t len, padding_len;
+    unsigned char *padding = NULL;
+
+    len = s->ext.npn_len;
+    padding_len = 32 - ((len + 2) % 32);
+
+    if (!WPACKET_sub_memcpy_u8(pkt, s->ext.npn, len)
+            || !WPACKET_sub_allocate_bytes_u8(pkt, padding_len, &padding)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_NEXT_PROTO,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    memset(padding, 0, padding_len);
+
+    return 1;
+}
+#endif
+
+MSG_PROCESS_RETURN tls_process_hello_req(SSL *s, PACKET *pkt)
+{
+    if (PACKET_remaining(pkt) > 0) {
+        /* should contain no data */
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_HELLO_REQ,
+                 SSL_R_LENGTH_MISMATCH);
+        return MSG_PROCESS_ERROR;
+    }
+
+    if ((s->options & SSL_OP_NO_RENEGOTIATION)) {
+        ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
+        return MSG_PROCESS_FINISHED_READING;
+    }
+
+    /*
+     * This is a historical discrepancy (not in the RFC) maintained for
+     * compatibility reasons. If a TLS client receives a HelloRequest it will
+     * attempt an abbreviated handshake. However if a DTLS client receives a
+     * HelloRequest it will do a full handshake. Either behaviour is reasonable
+     * but doing one for TLS and another for DTLS is odd.
+     */
+    if (SSL_IS_DTLS(s))
+        SSL_renegotiate(s);
+    else
+        SSL_renegotiate_abbreviated(s);
+
+    return MSG_PROCESS_FINISHED_READING;
+}
+
+static MSG_PROCESS_RETURN tls_process_encrypted_extensions(SSL *s, PACKET *pkt)
+{
+    PACKET extensions;
+    RAW_EXTENSION *rawexts = NULL;
+
+    if (!PACKET_as_length_prefixed_2(pkt, &extensions)
+            || PACKET_remaining(pkt) != 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_ENCRYPTED_EXTENSIONS,
+                 SSL_R_LENGTH_MISMATCH);
+        goto err;
+    }
+
+    if (!tls_collect_extensions(s, &extensions,
+                                SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, &rawexts,
+                                NULL, 1)
+            || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS,
+                                         rawexts, NULL, 0, 1)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    OPENSSL_free(rawexts);
+    return MSG_PROCESS_CONTINUE_READING;
+
+ err:
+    OPENSSL_free(rawexts);
+    return MSG_PROCESS_ERROR;
+}
+
+int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
+{
+    int i = 0;
+#ifndef OPENSSL_NO_ENGINE
+    if (s->ctx->client_cert_engine) {
+        i = ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s,
+                                        SSL_get_client_CA_list(s),
+                                        px509, ppkey, NULL, NULL, NULL);
+        if (i != 0)
+            return i;
+    }
+#endif
+    if (s->ctx->client_cert_cb)
+        i = s->ctx->client_cert_cb(s, px509, ppkey);
+    return i;
+}
+
+int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, WPACKET *pkt)
+{
+    int i;
+    size_t totlen = 0, len, maxlen, maxverok = 0;
+    int empty_reneg_info_scsv = !s->renegotiate;
+
+    /* Set disabled masks for this session */
+    if (!ssl_set_client_disabled(s)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CIPHER_LIST_TO_BYTES,
+                 SSL_R_NO_PROTOCOLS_AVAILABLE);
+        return 0;
+    }
+
+    if (sk == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CIPHER_LIST_TO_BYTES,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH
+# if OPENSSL_MAX_TLS1_2_CIPHER_LENGTH < 6
+#  error Max cipher length too short
+# endif
+    /*
+     * Some servers hang if client hello > 256 bytes as hack workaround
+     * chop number of supported ciphers to keep it well below this if we
+     * use TLS v1.2
+     */
+    if (TLS1_get_version(s) >= TLS1_2_VERSION)
+        maxlen = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1;
+    else
+#endif
+        /* Maximum length that can be stored in 2 bytes. Length must be even */
+        maxlen = 0xfffe;
+
+    if (empty_reneg_info_scsv)
+        maxlen -= 2;
+    if (s->mode & SSL_MODE_SEND_FALLBACK_SCSV)
+        maxlen -= 2;
+
+    for (i = 0; i < sk_SSL_CIPHER_num(sk) && totlen < maxlen; i++) {
+        const SSL_CIPHER *c;
+
+        c = sk_SSL_CIPHER_value(sk, i);
+        /* Skip disabled ciphers */
+        if (ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_SUPPORTED, 0))
+            continue;
+
+        if (!s->method->put_cipher_by_char(c, pkt, &len)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CIPHER_LIST_TO_BYTES,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+
+        /* Sanity check that the maximum version we offer has ciphers enabled */
+        if (!maxverok) {
+            if (SSL_IS_DTLS(s)) {
+                if (DTLS_VERSION_GE(c->max_dtls, s->s3->tmp.max_ver)
+                        && DTLS_VERSION_LE(c->min_dtls, s->s3->tmp.max_ver))
+                    maxverok = 1;
+            } else {
+                if (c->max_tls >= s->s3->tmp.max_ver
+                        && c->min_tls <= s->s3->tmp.max_ver)
+                    maxverok = 1;
+            }
+        }
+
+        totlen += len;
+    }
+
+    if (totlen == 0 || !maxverok) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CIPHER_LIST_TO_BYTES,
+                 SSL_R_NO_CIPHERS_AVAILABLE);
+
+        if (!maxverok)
+            ERR_add_error_data(1, "No ciphers enabled for max supported "
+                                  "SSL/TLS version");
+
+        return 0;
+    }
+
+    if (totlen != 0) {
+        if (empty_reneg_info_scsv) {
+            static SSL_CIPHER scsv = {
+                0, NULL, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
+            };
+            if (!s->method->put_cipher_by_char(&scsv, pkt, &len)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_SSL_CIPHER_LIST_TO_BYTES, ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+        }
+        if (s->mode & SSL_MODE_SEND_FALLBACK_SCSV) {
+            static SSL_CIPHER scsv = {
+                0, NULL, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
+            };
+            if (!s->method->put_cipher_by_char(&scsv, pkt, &len)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_SSL_CIPHER_LIST_TO_BYTES, ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+        }
+    }
+
+    return 1;
+}
+
+int tls_construct_end_of_early_data(SSL *s, WPACKET *pkt)
+{
+    if (s->early_data_state != SSL_EARLY_DATA_WRITE_RETRY
+            && s->early_data_state != SSL_EARLY_DATA_FINISHED_WRITING) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_END_OF_EARLY_DATA,
+                 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+
+    s->early_data_state = SSL_EARLY_DATA_FINISHED_WRITING;
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/statem/statem_dtls.c b/trunk/3rdparty/openssl-1.1-fit/ssl/statem/statem_dtls.c
new file mode 100644
index 000000000..b016fa7cf
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/statem/statem_dtls.c
@@ -0,0 +1,1281 @@
+/*
+ * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <limits.h>
+#include <string.h>
+#include <stdio.h>
+#include "../ssl_locl.h"
+#include "statem_locl.h"
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+
+#define RSMBLY_BITMASK_SIZE(msg_len) (((msg_len) + 7) / 8)
+
+#define RSMBLY_BITMASK_MARK(bitmask, start, end) { \
+                        if ((end) - (start) <= 8) { \
+                                long ii; \
+                                for (ii = (start); ii < (end); ii++) bitmask[((ii) >> 3)] |= (1 << ((ii) & 7)); \
+                        } else { \
+                                long ii; \
+                                bitmask[((start) >> 3)] |= bitmask_start_values[((start) & 7)]; \
+                                for (ii = (((start) >> 3) + 1); ii < ((((end) - 1)) >> 3); ii++) bitmask[ii] = 0xff; \
+                                bitmask[(((end) - 1) >> 3)] |= bitmask_end_values[((end) & 7)]; \
+                        } }
+
+#define RSMBLY_BITMASK_IS_COMPLETE(bitmask, msg_len, is_complete) { \
+                        long ii; \
+                        is_complete = 1; \
+                        if (bitmask[(((msg_len) - 1) >> 3)] != bitmask_end_values[((msg_len) & 7)]) is_complete = 0; \
+                        if (is_complete) for (ii = (((msg_len) - 1) >> 3) - 1; ii >= 0 ; ii--) \
+                                if (bitmask[ii] != 0xff) { is_complete = 0; break; } }
+
+static unsigned char bitmask_start_values[] =
+    { 0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80 };
+static unsigned char bitmask_end_values[] =
+    { 0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f };
+
+static void dtls1_fix_message_header(SSL *s, size_t frag_off,
+                                     size_t frag_len);
+static unsigned char *dtls1_write_message_header(SSL *s, unsigned char *p);
+static void dtls1_set_message_header_int(SSL *s, unsigned char mt,
+                                         size_t len,
+                                         unsigned short seq_num,
+                                         size_t frag_off,
+                                         size_t frag_len);
+static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len);
+
+static hm_fragment *dtls1_hm_fragment_new(size_t frag_len, int reassembly)
+{
+    hm_fragment *frag = NULL;
+    unsigned char *buf = NULL;
+    unsigned char *bitmask = NULL;
+
+    if ((frag = OPENSSL_malloc(sizeof(*frag))) == NULL) {
+        SSLerr(SSL_F_DTLS1_HM_FRAGMENT_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if (frag_len) {
+        if ((buf = OPENSSL_malloc(frag_len)) == NULL) {
+            SSLerr(SSL_F_DTLS1_HM_FRAGMENT_NEW, ERR_R_MALLOC_FAILURE);
+            OPENSSL_free(frag);
+            return NULL;
+        }
+    }
+
+    /* zero length fragment gets zero frag->fragment */
+    frag->fragment = buf;
+
+    /* Initialize reassembly bitmask if necessary */
+    if (reassembly) {
+        bitmask = OPENSSL_zalloc(RSMBLY_BITMASK_SIZE(frag_len));
+        if (bitmask == NULL) {
+            SSLerr(SSL_F_DTLS1_HM_FRAGMENT_NEW, ERR_R_MALLOC_FAILURE);
+            OPENSSL_free(buf);
+            OPENSSL_free(frag);
+            return NULL;
+        }
+    }
+
+    frag->reassembly = bitmask;
+
+    return frag;
+}
+
+void dtls1_hm_fragment_free(hm_fragment *frag)
+{
+    if (!frag)
+        return;
+    if (frag->msg_header.is_ccs) {
+        EVP_CIPHER_CTX_free(frag->msg_header.
+                            saved_retransmit_state.enc_write_ctx);
+        EVP_MD_CTX_free(frag->msg_header.saved_retransmit_state.write_hash);
+    }
+    OPENSSL_free(frag->fragment);
+    OPENSSL_free(frag->reassembly);
+    OPENSSL_free(frag);
+}
+
+/*
+ * send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or
+ * SSL3_RT_CHANGE_CIPHER_SPEC)
+ */
+int dtls1_do_write(SSL *s, int type)
+{
+    int ret;
+    size_t written;
+    size_t curr_mtu;
+    int retry = 1;
+    size_t len, frag_off, mac_size, blocksize, used_len;
+
+    if (!dtls1_query_mtu(s))
+        return -1;
+
+    if (s->d1->mtu < dtls1_min_mtu(s))
+        /* should have something reasonable now */
+        return -1;
+
+    if (s->init_off == 0 && type == SSL3_RT_HANDSHAKE) {
+        if (!ossl_assert(s->init_num ==
+                         s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH))
+            return -1;
+    }
+
+    if (s->write_hash) {
+        if (s->enc_write_ctx
+            && (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_write_ctx)) &
+                EVP_CIPH_FLAG_AEAD_CIPHER) != 0)
+            mac_size = 0;
+        else
+            mac_size = EVP_MD_CTX_size(s->write_hash);
+    } else
+        mac_size = 0;
+
+    if (s->enc_write_ctx &&
+        (EVP_CIPHER_CTX_mode(s->enc_write_ctx) == EVP_CIPH_CBC_MODE))
+        blocksize = 2 * EVP_CIPHER_CTX_block_size(s->enc_write_ctx);
+    else
+        blocksize = 0;
+
+    frag_off = 0;
+    s->rwstate = SSL_NOTHING;
+
+    /* s->init_num shouldn't ever be < 0...but just in case */
+    while (s->init_num > 0) {
+        if (type == SSL3_RT_HANDSHAKE && s->init_off != 0) {
+            /* We must be writing a fragment other than the first one */
+
+            if (frag_off > 0) {
+                /* This is the first attempt at writing out this fragment */
+
+                if (s->init_off <= DTLS1_HM_HEADER_LENGTH) {
+                    /*
+                     * Each fragment that was already sent must at least have
+                     * contained the message header plus one other byte.
+                     * Therefore |init_off| must have progressed by at least
+                     * |DTLS1_HM_HEADER_LENGTH + 1| bytes. If not something went
+                     * wrong.
+                     */
+                    return -1;
+                }
+
+                /*
+                 * Adjust |init_off| and |init_num| to allow room for a new
+                 * message header for this fragment.
+                 */
+                s->init_off -= DTLS1_HM_HEADER_LENGTH;
+                s->init_num += DTLS1_HM_HEADER_LENGTH;
+            } else {
+                /*
+                 * We must have been called again after a retry so use the
+                 * fragment offset from our last attempt. We do not need
+                 * to adjust |init_off| and |init_num| as above, because
+                 * that should already have been done before the retry.
+                 */
+                frag_off = s->d1->w_msg_hdr.frag_off;
+            }
+        }
+
+        used_len = BIO_wpending(s->wbio) + DTLS1_RT_HEADER_LENGTH
+            + mac_size + blocksize;
+        if (s->d1->mtu > used_len)
+            curr_mtu = s->d1->mtu - used_len;
+        else
+            curr_mtu = 0;
+
+        if (curr_mtu <= DTLS1_HM_HEADER_LENGTH) {
+            /*
+             * grr.. we could get an error if MTU picked was wrong
+             */
+            ret = BIO_flush(s->wbio);
+            if (ret <= 0) {
+                s->rwstate = SSL_WRITING;
+                return ret;
+            }
+            used_len = DTLS1_RT_HEADER_LENGTH + mac_size + blocksize;
+            if (s->d1->mtu > used_len + DTLS1_HM_HEADER_LENGTH) {
+                curr_mtu = s->d1->mtu - used_len;
+            } else {
+                /* Shouldn't happen */
+                return -1;
+            }
+        }
+
+        /*
+         * We just checked that s->init_num > 0 so this cast should be safe
+         */
+        if (((unsigned int)s->init_num) > curr_mtu)
+            len = curr_mtu;
+        else
+            len = s->init_num;
+
+        if (len > s->max_send_fragment)
+            len = s->max_send_fragment;
+
+        /*
+         * XDTLS: this function is too long.  split out the CCS part
+         */
+        if (type == SSL3_RT_HANDSHAKE) {
+            if (len < DTLS1_HM_HEADER_LENGTH) {
+                /*
+                 * len is so small that we really can't do anything sensible
+                 * so fail
+                 */
+                return -1;
+            }
+            dtls1_fix_message_header(s, frag_off, len - DTLS1_HM_HEADER_LENGTH);
+
+            dtls1_write_message_header(s,
+                                       (unsigned char *)&s->init_buf->
+                                       data[s->init_off]);
+        }
+
+        ret = dtls1_write_bytes(s, type, &s->init_buf->data[s->init_off], len,
+                                &written);
+        if (ret < 0) {
+            /*
+             * might need to update MTU here, but we don't know which
+             * previous packet caused the failure -- so can't really
+             * retransmit anything.  continue as if everything is fine and
+             * wait for an alert to handle the retransmit
+             */
+            if (retry && BIO_ctrl(SSL_get_wbio(s),
+                                  BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0) {
+                if (!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
+                    if (!dtls1_query_mtu(s))
+                        return -1;
+                    /* Have one more go */
+                    retry = 0;
+                } else
+                    return -1;
+            } else {
+                return -1;
+            }
+        } else {
+
+            /*
+             * bad if this assert fails, only part of the handshake message
+             * got sent.  but why would this happen?
+             */
+            if (!ossl_assert(len == written))
+                return -1;
+
+            if (type == SSL3_RT_HANDSHAKE && !s->d1->retransmitting) {
+                /*
+                 * should not be done for 'Hello Request's, but in that case
+                 * we'll ignore the result anyway
+                 */
+                unsigned char *p =
+                    (unsigned char *)&s->init_buf->data[s->init_off];
+                const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
+                size_t xlen;
+
+                if (frag_off == 0 && s->version != DTLS1_BAD_VER) {
+                    /*
+                     * reconstruct message header is if it is being sent in
+                     * single fragment
+                     */
+                    *p++ = msg_hdr->type;
+                    l2n3(msg_hdr->msg_len, p);
+                    s2n(msg_hdr->seq, p);
+                    l2n3(0, p);
+                    l2n3(msg_hdr->msg_len, p);
+                    p -= DTLS1_HM_HEADER_LENGTH;
+                    xlen = written;
+                } else {
+                    p += DTLS1_HM_HEADER_LENGTH;
+                    xlen = written - DTLS1_HM_HEADER_LENGTH;
+                }
+
+                if (!ssl3_finish_mac(s, p, xlen))
+                    return -1;
+            }
+
+            if (written == s->init_num) {
+                if (s->msg_callback)
+                    s->msg_callback(1, s->version, type, s->init_buf->data,
+                                    (size_t)(s->init_off + s->init_num), s,
+                                    s->msg_callback_arg);
+
+                s->init_off = 0; /* done writing this message */
+                s->init_num = 0;
+
+                return 1;
+            }
+            s->init_off += written;
+            s->init_num -= written;
+            written -= DTLS1_HM_HEADER_LENGTH;
+            frag_off += written;
+
+            /*
+             * We save the fragment offset for the next fragment so we have it
+             * available in case of an IO retry. We don't know the length of the
+             * next fragment yet so just set that to 0 for now. It will be
+             * updated again later.
+             */
+            dtls1_fix_message_header(s, frag_off, 0);
+        }
+    }
+    return 0;
+}
+
+int dtls_get_message(SSL *s, int *mt, size_t *len)
+{
+    struct hm_header_st *msg_hdr;
+    unsigned char *p;
+    size_t msg_len;
+    size_t tmplen;
+    int errtype;
+
+    msg_hdr = &s->d1->r_msg_hdr;
+    memset(msg_hdr, 0, sizeof(*msg_hdr));
+
+ again:
+    if (!dtls_get_reassembled_message(s, &errtype, &tmplen)) {
+        if (errtype == DTLS1_HM_BAD_FRAGMENT
+                || errtype == DTLS1_HM_FRAGMENT_RETRY) {
+            /* bad fragment received */
+            goto again;
+        }
+        return 0;
+    }
+
+    *mt = s->s3->tmp.message_type;
+
+    p = (unsigned char *)s->init_buf->data;
+    *len = s->init_num;
+
+    if (*mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
+        if (s->msg_callback) {
+            s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC,
+                            p, 1, s, s->msg_callback_arg);
+        }
+        /*
+         * This isn't a real handshake message so skip the processing below.
+         */
+        return 1;
+    }
+
+    msg_len = msg_hdr->msg_len;
+
+    /* reconstruct message header */
+    *(p++) = msg_hdr->type;
+    l2n3(msg_len, p);
+    s2n(msg_hdr->seq, p);
+    l2n3(0, p);
+    l2n3(msg_len, p);
+    if (s->version != DTLS1_BAD_VER) {
+        p -= DTLS1_HM_HEADER_LENGTH;
+        msg_len += DTLS1_HM_HEADER_LENGTH;
+    }
+
+    /*
+     * If receiving Finished, record MAC of prior handshake messages for
+     * Finished verification.
+     */
+    if (*mt == SSL3_MT_FINISHED && !ssl3_take_mac(s)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    if (!ssl3_finish_mac(s, p, msg_len))
+        return 0;
+    if (s->msg_callback)
+        s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
+                        p, msg_len, s, s->msg_callback_arg);
+
+    memset(msg_hdr, 0, sizeof(*msg_hdr));
+
+    s->d1->handshake_read_seq++;
+
+    s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
+
+    return 1;
+}
+
+/*
+ * dtls1_max_handshake_message_len returns the maximum number of bytes
+ * permitted in a DTLS handshake message for |s|. The minimum is 16KB, but
+ * may be greater if the maximum certificate list size requires it.
+ */
+static size_t dtls1_max_handshake_message_len(const SSL *s)
+{
+    size_t max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH;
+    if (max_len < s->max_cert_list)
+        return s->max_cert_list;
+    return max_len;
+}
+
+static int dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr)
+{
+    size_t frag_off, frag_len, msg_len;
+
+    msg_len = msg_hdr->msg_len;
+    frag_off = msg_hdr->frag_off;
+    frag_len = msg_hdr->frag_len;
+
+    /* sanity checking */
+    if ((frag_off + frag_len) > msg_len
+            || msg_len > dtls1_max_handshake_message_len(s)) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_DTLS1_PREPROCESS_FRAGMENT,
+                 SSL_R_EXCESSIVE_MESSAGE_SIZE);
+        return 0;
+    }
+
+    if (s->d1->r_msg_hdr.frag_off == 0) { /* first fragment */
+        /*
+         * msg_len is limited to 2^24, but is effectively checked against
+         * dtls_max_handshake_message_len(s) above
+         */
+        if (!BUF_MEM_grow_clean(s->init_buf, msg_len + DTLS1_HM_HEADER_LENGTH)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_PREPROCESS_FRAGMENT,
+                     ERR_R_BUF_LIB);
+            return 0;
+        }
+
+        s->s3->tmp.message_size = msg_len;
+        s->d1->r_msg_hdr.msg_len = msg_len;
+        s->s3->tmp.message_type = msg_hdr->type;
+        s->d1->r_msg_hdr.type = msg_hdr->type;
+        s->d1->r_msg_hdr.seq = msg_hdr->seq;
+    } else if (msg_len != s->d1->r_msg_hdr.msg_len) {
+        /*
+         * They must be playing with us! BTW, failure to enforce upper limit
+         * would open possibility for buffer overrun.
+         */
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_DTLS1_PREPROCESS_FRAGMENT,
+                 SSL_R_EXCESSIVE_MESSAGE_SIZE);
+        return 0;
+    }
+
+    return 1;
+}
+
+/*
+ * Returns 1 if there is a buffered fragment available, 0 if not, or -1 on a
+ * fatal error.
+ */
+static int dtls1_retrieve_buffered_fragment(SSL *s, size_t *len)
+{
+    /*-
+     * (0) check whether the desired fragment is available
+     * if so:
+     * (1) copy over the fragment to s->init_buf->data[]
+     * (2) update s->init_num
+     */
+    pitem *item;
+    hm_fragment *frag;
+    int ret;
+
+    do {
+        item = pqueue_peek(s->d1->buffered_messages);
+        if (item == NULL)
+            return 0;
+
+        frag = (hm_fragment *)item->data;
+
+        if (frag->msg_header.seq < s->d1->handshake_read_seq) {
+            /* This is a stale message that has been buffered so clear it */
+            pqueue_pop(s->d1->buffered_messages);
+            dtls1_hm_fragment_free(frag);
+            pitem_free(item);
+            item = NULL;
+            frag = NULL;
+        }
+    } while (item == NULL);
+
+    /* Don't return if reassembly still in progress */
+    if (frag->reassembly != NULL)
+        return 0;
+
+    if (s->d1->handshake_read_seq == frag->msg_header.seq) {
+        size_t frag_len = frag->msg_header.frag_len;
+        pqueue_pop(s->d1->buffered_messages);
+
+        /* Calls SSLfatal() as required */
+        ret = dtls1_preprocess_fragment(s, &frag->msg_header);
+
+        if (ret && frag->msg_header.frag_len > 0) {
+            unsigned char *p =
+                (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
+            memcpy(&p[frag->msg_header.frag_off], frag->fragment,
+                   frag->msg_header.frag_len);
+        }
+
+        dtls1_hm_fragment_free(frag);
+        pitem_free(item);
+
+        if (ret) {
+            *len = frag_len;
+            return 1;
+        }
+
+        /* Fatal error */
+        s->init_num = 0;
+        return -1;
+    } else {
+        return 0;
+    }
+}
+
+static int
+dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr)
+{
+    hm_fragment *frag = NULL;
+    pitem *item = NULL;
+    int i = -1, is_complete;
+    unsigned char seq64be[8];
+    size_t frag_len = msg_hdr->frag_len;
+    size_t readbytes;
+
+    if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len ||
+        msg_hdr->msg_len > dtls1_max_handshake_message_len(s))
+        goto err;
+
+    if (frag_len == 0) {
+        return DTLS1_HM_FRAGMENT_RETRY;
+    }
+
+    /* Try to find item in queue */
+    memset(seq64be, 0, sizeof(seq64be));
+    seq64be[6] = (unsigned char)(msg_hdr->seq >> 8);
+    seq64be[7] = (unsigned char)msg_hdr->seq;
+    item = pqueue_find(s->d1->buffered_messages, seq64be);
+
+    if (item == NULL) {
+        frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1);
+        if (frag == NULL)
+            goto err;
+        memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
+        frag->msg_header.frag_len = frag->msg_header.msg_len;
+        frag->msg_header.frag_off = 0;
+    } else {
+        frag = (hm_fragment *)item->data;
+        if (frag->msg_header.msg_len != msg_hdr->msg_len) {
+            item = NULL;
+            frag = NULL;
+            goto err;
+        }
+    }
+
+    /*
+     * If message is already reassembled, this must be a retransmit and can
+     * be dropped. In this case item != NULL and so frag does not need to be
+     * freed.
+     */
+    if (frag->reassembly == NULL) {
+        unsigned char devnull[256];
+
+        while (frag_len) {
+            i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
+                                          devnull,
+                                          frag_len >
+                                          sizeof(devnull) ? sizeof(devnull) :
+                                          frag_len, 0, &readbytes);
+            if (i <= 0)
+                goto err;
+            frag_len -= readbytes;
+        }
+        return DTLS1_HM_FRAGMENT_RETRY;
+    }
+
+    /* read the body of the fragment (header has already been read */
+    i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
+                                  frag->fragment + msg_hdr->frag_off,
+                                  frag_len, 0, &readbytes);
+    if (i <= 0 || readbytes != frag_len)
+        i = -1;
+    if (i <= 0)
+        goto err;
+
+    RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off,
+                        (long)(msg_hdr->frag_off + frag_len));
+
+    if (!ossl_assert(msg_hdr->msg_len > 0))
+        goto err;
+    RSMBLY_BITMASK_IS_COMPLETE(frag->reassembly, (long)msg_hdr->msg_len,
+                               is_complete);
+
+    if (is_complete) {
+        OPENSSL_free(frag->reassembly);
+        frag->reassembly = NULL;
+    }
+
+    if (item == NULL) {
+        item = pitem_new(seq64be, frag);
+        if (item == NULL) {
+            i = -1;
+            goto err;
+        }
+
+        item = pqueue_insert(s->d1->buffered_messages, item);
+        /*
+         * pqueue_insert fails iff a duplicate item is inserted. However,
+         * |item| cannot be a duplicate. If it were, |pqueue_find|, above,
+         * would have returned it and control would never have reached this
+         * branch.
+         */
+        if (!ossl_assert(item != NULL))
+            goto err;
+    }
+
+    return DTLS1_HM_FRAGMENT_RETRY;
+
+ err:
+    if (item == NULL)
+        dtls1_hm_fragment_free(frag);
+    return -1;
+}
+
+static int
+dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr)
+{
+    int i = -1;
+    hm_fragment *frag = NULL;
+    pitem *item = NULL;
+    unsigned char seq64be[8];
+    size_t frag_len = msg_hdr->frag_len;
+    size_t readbytes;
+
+    if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len)
+        goto err;
+
+    /* Try to find item in queue, to prevent duplicate entries */
+    memset(seq64be, 0, sizeof(seq64be));
+    seq64be[6] = (unsigned char)(msg_hdr->seq >> 8);
+    seq64be[7] = (unsigned char)msg_hdr->seq;
+    item = pqueue_find(s->d1->buffered_messages, seq64be);
+
+    /*
+     * If we already have an entry and this one is a fragment, don't discard
+     * it and rather try to reassemble it.
+     */
+    if (item != NULL && frag_len != msg_hdr->msg_len)
+        item = NULL;
+
+    /*
+     * Discard the message if sequence number was already there, is too far
+     * in the future, already in the queue or if we received a FINISHED
+     * before the SERVER_HELLO, which then must be a stale retransmit.
+     */
+    if (msg_hdr->seq <= s->d1->handshake_read_seq ||
+        msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL ||
+        (s->d1->handshake_read_seq == 0 && msg_hdr->type == SSL3_MT_FINISHED)) {
+        unsigned char devnull[256];
+
+        while (frag_len) {
+            i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
+                                          devnull,
+                                          frag_len >
+                                          sizeof(devnull) ? sizeof(devnull) :
+                                          frag_len, 0, &readbytes);
+            if (i <= 0)
+                goto err;
+            frag_len -= readbytes;
+        }
+    } else {
+        if (frag_len != msg_hdr->msg_len) {
+            return dtls1_reassemble_fragment(s, msg_hdr);
+        }
+
+        if (frag_len > dtls1_max_handshake_message_len(s))
+            goto err;
+
+        frag = dtls1_hm_fragment_new(frag_len, 0);
+        if (frag == NULL)
+            goto err;
+
+        memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
+
+        if (frag_len) {
+            /*
+             * read the body of the fragment (header has already been read
+             */
+            i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
+                                          frag->fragment, frag_len, 0,
+                                          &readbytes);
+            if (i<=0 || readbytes != frag_len)
+                i = -1;
+            if (i <= 0)
+                goto err;
+        }
+
+        item = pitem_new(seq64be, frag);
+        if (item == NULL)
+            goto err;
+
+        item = pqueue_insert(s->d1->buffered_messages, item);
+        /*
+         * pqueue_insert fails iff a duplicate item is inserted. However,
+         * |item| cannot be a duplicate. If it were, |pqueue_find|, above,
+         * would have returned it. Then, either |frag_len| !=
+         * |msg_hdr->msg_len| in which case |item| is set to NULL and it will
+         * have been processed with |dtls1_reassemble_fragment|, above, or
+         * the record will have been discarded.
+         */
+        if (!ossl_assert(item != NULL))
+            goto err;
+    }
+
+    return DTLS1_HM_FRAGMENT_RETRY;
+
+ err:
+    if (item == NULL)
+        dtls1_hm_fragment_free(frag);
+    return 0;
+}
+
+static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len)
+{
+    unsigned char wire[DTLS1_HM_HEADER_LENGTH];
+    size_t mlen, frag_off, frag_len;
+    int i, ret, recvd_type;
+    struct hm_header_st msg_hdr;
+    size_t readbytes;
+
+    *errtype = 0;
+
+ redo:
+    /* see if we have the required fragment already */
+    ret = dtls1_retrieve_buffered_fragment(s, &frag_len);
+    if (ret < 0) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+    if (ret > 0) {
+        s->init_num = frag_len;
+        *len = frag_len;
+        return 1;
+    }
+
+    /* read handshake message header */
+    i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &recvd_type, wire,
+                                  DTLS1_HM_HEADER_LENGTH, 0, &readbytes);
+    if (i <= 0) {               /* nbio, or an error */
+        s->rwstate = SSL_READING;
+        *len = 0;
+        return 0;
+    }
+    if (recvd_type == SSL3_RT_CHANGE_CIPHER_SPEC) {
+        if (wire[0] != SSL3_MT_CCS) {
+            SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
+                     SSL_F_DTLS_GET_REASSEMBLED_MESSAGE,
+                     SSL_R_BAD_CHANGE_CIPHER_SPEC);
+            goto f_err;
+        }
+
+        memcpy(s->init_buf->data, wire, readbytes);
+        s->init_num = readbytes - 1;
+        s->init_msg = s->init_buf->data + 1;
+        s->s3->tmp.message_type = SSL3_MT_CHANGE_CIPHER_SPEC;
+        s->s3->tmp.message_size = readbytes - 1;
+        *len = readbytes - 1;
+        return 1;
+    }
+
+    /* Handshake fails if message header is incomplete */
+    if (readbytes != DTLS1_HM_HEADER_LENGTH) {
+        SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
+                 SSL_F_DTLS_GET_REASSEMBLED_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
+        goto f_err;
+    }
+
+    /* parse the message fragment header */
+    dtls1_get_message_header(wire, &msg_hdr);
+
+    mlen = msg_hdr.msg_len;
+    frag_off = msg_hdr.frag_off;
+    frag_len = msg_hdr.frag_len;
+
+    /*
+     * We must have at least frag_len bytes left in the record to be read.
+     * Fragments must not span records.
+     */
+    if (frag_len > RECORD_LAYER_get_rrec_length(&s->rlayer)) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                 SSL_F_DTLS_GET_REASSEMBLED_MESSAGE, SSL_R_BAD_LENGTH);
+        goto f_err;
+    }
+
+    /*
+     * if this is a future (or stale) message it gets buffered
+     * (or dropped)--no further processing at this time
+     * While listening, we accept seq 1 (ClientHello with cookie)
+     * although we're still expecting seq 0 (ClientHello)
+     */
+    if (msg_hdr.seq != s->d1->handshake_read_seq) {
+        *errtype = dtls1_process_out_of_seq_message(s, &msg_hdr);
+        return 0;
+    }
+
+    if (frag_len && frag_len < mlen) {
+        *errtype = dtls1_reassemble_fragment(s, &msg_hdr);
+        return 0;
+    }
+
+    if (!s->server
+            && s->d1->r_msg_hdr.frag_off == 0
+            && s->statem.hand_state != TLS_ST_OK
+            && wire[0] == SSL3_MT_HELLO_REQUEST) {
+        /*
+         * The server may always send 'Hello Request' messages -- we are
+         * doing a handshake anyway now, so ignore them if their format is
+         * correct. Does not count for 'Finished' MAC.
+         */
+        if (wire[1] == 0 && wire[2] == 0 && wire[3] == 0) {
+            if (s->msg_callback)
+                s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
+                                wire, DTLS1_HM_HEADER_LENGTH, s,
+                                s->msg_callback_arg);
+
+            s->init_num = 0;
+            goto redo;
+        } else {                /* Incorrectly formatted Hello request */
+
+            SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
+                     SSL_F_DTLS_GET_REASSEMBLED_MESSAGE,
+                     SSL_R_UNEXPECTED_MESSAGE);
+            goto f_err;
+        }
+    }
+
+    if (!dtls1_preprocess_fragment(s, &msg_hdr)) {
+        /* SSLfatal() already called */
+        goto f_err;
+    }
+
+    if (frag_len > 0) {
+        unsigned char *p =
+            (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
+
+        i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
+                                      &p[frag_off], frag_len, 0, &readbytes);
+
+        /*
+         * This shouldn't ever fail due to NBIO because we already checked
+         * that we have enough data in the record
+         */
+        if (i <= 0) {
+            s->rwstate = SSL_READING;
+            *len = 0;
+            return 0;
+        }
+    } else {
+        readbytes = 0;
+    }
+
+    /*
+     * XDTLS: an incorrectly formatted fragment should cause the handshake
+     * to fail
+     */
+    if (readbytes != frag_len) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                 SSL_F_DTLS_GET_REASSEMBLED_MESSAGE, SSL_R_BAD_LENGTH);
+        goto f_err;
+    }
+
+    /*
+     * Note that s->init_num is *not* used as current offset in
+     * s->init_buf->data, but as a counter summing up fragments' lengths: as
+     * soon as they sum up to handshake packet length, we assume we have got
+     * all the fragments.
+     */
+    *len = s->init_num = frag_len;
+    return 1;
+
+ f_err:
+    s->init_num = 0;
+    *len = 0;
+    return 0;
+}
+
+/*-
+ * for these 2 messages, we need to
+ * ssl->enc_read_ctx                    re-init
+ * ssl->rlayer.read_sequence            zero
+ * ssl->s3->read_mac_secret             re-init
+ * ssl->session->read_sym_enc           assign
+ * ssl->session->read_compression       assign
+ * ssl->session->read_hash              assign
+ */
+int dtls_construct_change_cipher_spec(SSL *s, WPACKET *pkt)
+{
+    if (s->version == DTLS1_BAD_VER) {
+        s->d1->next_handshake_write_seq++;
+
+        if (!WPACKET_put_bytes_u16(pkt, s->d1->handshake_write_seq)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+    }
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_SCTP
+/*
+ * Wait for a dry event. Should only be called at a point in the handshake
+ * where we are not expecting any data from the peer except an alert.
+ */
+WORK_STATE dtls_wait_for_dry(SSL *s)
+{
+    int ret, errtype;
+    size_t len;
+
+    /* read app data until dry event */
+    ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s));
+    if (ret < 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS_WAIT_FOR_DRY,
+                 ERR_R_INTERNAL_ERROR);
+        return WORK_ERROR;
+    }
+
+    if (ret == 0) {
+        /*
+         * We're not expecting any more messages from the peer at this point -
+         * but we could get an alert. If an alert is waiting then we will never
+         * return successfully. Therefore we attempt to read a message. This
+         * should never succeed but will process any waiting alerts.
+         */
+        if (dtls_get_reassembled_message(s, &errtype, &len)) {
+            /* The call succeeded! This should never happen */
+            SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_DTLS_WAIT_FOR_DRY,
+                     SSL_R_UNEXPECTED_MESSAGE);
+            return WORK_ERROR;
+        }
+
+        s->s3->in_read_app_data = 2;
+        s->rwstate = SSL_READING;
+        BIO_clear_retry_flags(SSL_get_rbio(s));
+        BIO_set_retry_read(SSL_get_rbio(s));
+        return WORK_MORE_A;
+    }
+    return WORK_FINISHED_CONTINUE;
+}
+#endif
+
+int dtls1_read_failed(SSL *s, int code)
+{
+    if (code > 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_DTLS1_READ_FAILED, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    if (!dtls1_is_timer_expired(s) || ossl_statem_in_error(s)) {
+        /*
+         * not a timeout, none of our business, let higher layers handle
+         * this.  in fact it's probably an error
+         */
+        return code;
+    }
+    /* done, no need to send a retransmit */
+    if (!SSL_in_init(s))
+    {
+        BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ);
+        return code;
+    }
+
+    return dtls1_handle_timeout(s);
+}
+
+int dtls1_get_queue_priority(unsigned short seq, int is_ccs)
+{
+    /*
+     * The index of the retransmission queue actually is the message sequence
+     * number, since the queue only contains messages of a single handshake.
+     * However, the ChangeCipherSpec has no message sequence number and so
+     * using only the sequence will result in the CCS and Finished having the
+     * same index. To prevent this, the sequence number is multiplied by 2.
+     * In case of a CCS 1 is subtracted. This does not only differ CSS and
+     * Finished, it also maintains the order of the index (important for
+     * priority queues) and fits in the unsigned short variable.
+     */
+    return seq * 2 - is_ccs;
+}
+
+int dtls1_retransmit_buffered_messages(SSL *s)
+{
+    pqueue *sent = s->d1->sent_messages;
+    piterator iter;
+    pitem *item;
+    hm_fragment *frag;
+    int found = 0;
+
+    iter = pqueue_iterator(sent);
+
+    for (item = pqueue_next(&iter); item != NULL; item = pqueue_next(&iter)) {
+        frag = (hm_fragment *)item->data;
+        if (dtls1_retransmit_message(s, (unsigned short)
+                                     dtls1_get_queue_priority
+                                     (frag->msg_header.seq,
+                                      frag->msg_header.is_ccs), &found) <= 0)
+            return -1;
+    }
+
+    return 1;
+}
+
+int dtls1_buffer_message(SSL *s, int is_ccs)
+{
+    pitem *item;
+    hm_fragment *frag;
+    unsigned char seq64be[8];
+
+    /*
+     * this function is called immediately after a message has been
+     * serialized
+     */
+    if (!ossl_assert(s->init_off == 0))
+        return 0;
+
+    frag = dtls1_hm_fragment_new(s->init_num, 0);
+    if (frag == NULL)
+        return 0;
+
+    memcpy(frag->fragment, s->init_buf->data, s->init_num);
+
+    if (is_ccs) {
+        /* For DTLS1_BAD_VER the header length is non-standard */
+        if (!ossl_assert(s->d1->w_msg_hdr.msg_len +
+                         ((s->version ==
+                           DTLS1_BAD_VER) ? 3 : DTLS1_CCS_HEADER_LENGTH)
+                         == (unsigned int)s->init_num))
+            return 0;
+    } else {
+        if (!ossl_assert(s->d1->w_msg_hdr.msg_len +
+                         DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num))
+            return 0;
+    }
+
+    frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len;
+    frag->msg_header.seq = s->d1->w_msg_hdr.seq;
+    frag->msg_header.type = s->d1->w_msg_hdr.type;
+    frag->msg_header.frag_off = 0;
+    frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len;
+    frag->msg_header.is_ccs = is_ccs;
+
+    /* save current state */
+    frag->msg_header.saved_retransmit_state.enc_write_ctx = s->enc_write_ctx;
+    frag->msg_header.saved_retransmit_state.write_hash = s->write_hash;
+    frag->msg_header.saved_retransmit_state.compress = s->compress;
+    frag->msg_header.saved_retransmit_state.session = s->session;
+    frag->msg_header.saved_retransmit_state.epoch =
+        DTLS_RECORD_LAYER_get_w_epoch(&s->rlayer);
+
+    memset(seq64be, 0, sizeof(seq64be));
+    seq64be[6] =
+        (unsigned
+         char)(dtls1_get_queue_priority(frag->msg_header.seq,
+                                        frag->msg_header.is_ccs) >> 8);
+    seq64be[7] =
+        (unsigned
+         char)(dtls1_get_queue_priority(frag->msg_header.seq,
+                                        frag->msg_header.is_ccs));
+
+    item = pitem_new(seq64be, frag);
+    if (item == NULL) {
+        dtls1_hm_fragment_free(frag);
+        return 0;
+    }
+
+    pqueue_insert(s->d1->sent_messages, item);
+    return 1;
+}
+
+int dtls1_retransmit_message(SSL *s, unsigned short seq, int *found)
+{
+    int ret;
+    /* XDTLS: for now assuming that read/writes are blocking */
+    pitem *item;
+    hm_fragment *frag;
+    unsigned long header_length;
+    unsigned char seq64be[8];
+    struct dtls1_retransmit_state saved_state;
+
+    /* XDTLS:  the requested message ought to be found, otherwise error */
+    memset(seq64be, 0, sizeof(seq64be));
+    seq64be[6] = (unsigned char)(seq >> 8);
+    seq64be[7] = (unsigned char)seq;
+
+    item = pqueue_find(s->d1->sent_messages, seq64be);
+    if (item == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_RETRANSMIT_MESSAGE,
+                 ERR_R_INTERNAL_ERROR);
+        *found = 0;
+        return 0;
+    }
+
+    *found = 1;
+    frag = (hm_fragment *)item->data;
+
+    if (frag->msg_header.is_ccs)
+        header_length = DTLS1_CCS_HEADER_LENGTH;
+    else
+        header_length = DTLS1_HM_HEADER_LENGTH;
+
+    memcpy(s->init_buf->data, frag->fragment,
+           frag->msg_header.msg_len + header_length);
+    s->init_num = frag->msg_header.msg_len + header_length;
+
+    dtls1_set_message_header_int(s, frag->msg_header.type,
+                                 frag->msg_header.msg_len,
+                                 frag->msg_header.seq, 0,
+                                 frag->msg_header.frag_len);
+
+    /* save current state */
+    saved_state.enc_write_ctx = s->enc_write_ctx;
+    saved_state.write_hash = s->write_hash;
+    saved_state.compress = s->compress;
+    saved_state.session = s->session;
+    saved_state.epoch = DTLS_RECORD_LAYER_get_w_epoch(&s->rlayer);
+
+    s->d1->retransmitting = 1;
+
+    /* restore state in which the message was originally sent */
+    s->enc_write_ctx = frag->msg_header.saved_retransmit_state.enc_write_ctx;
+    s->write_hash = frag->msg_header.saved_retransmit_state.write_hash;
+    s->compress = frag->msg_header.saved_retransmit_state.compress;
+    s->session = frag->msg_header.saved_retransmit_state.session;
+    DTLS_RECORD_LAYER_set_saved_w_epoch(&s->rlayer,
+                                        frag->msg_header.
+                                        saved_retransmit_state.epoch);
+
+    ret = dtls1_do_write(s, frag->msg_header.is_ccs ?
+                         SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE);
+
+    /* restore current state */
+    s->enc_write_ctx = saved_state.enc_write_ctx;
+    s->write_hash = saved_state.write_hash;
+    s->compress = saved_state.compress;
+    s->session = saved_state.session;
+    DTLS_RECORD_LAYER_set_saved_w_epoch(&s->rlayer, saved_state.epoch);
+
+    s->d1->retransmitting = 0;
+
+    (void)BIO_flush(s->wbio);
+    return ret;
+}
+
+void dtls1_set_message_header(SSL *s,
+                              unsigned char mt, size_t len,
+                              size_t frag_off, size_t frag_len)
+{
+    if (frag_off == 0) {
+        s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
+        s->d1->next_handshake_write_seq++;
+    }
+
+    dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq,
+                                 frag_off, frag_len);
+}
+
+/* don't actually do the writing, wait till the MTU has been retrieved */
+static void
+dtls1_set_message_header_int(SSL *s, unsigned char mt,
+                             size_t len, unsigned short seq_num,
+                             size_t frag_off, size_t frag_len)
+{
+    struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
+
+    msg_hdr->type = mt;
+    msg_hdr->msg_len = len;
+    msg_hdr->seq = seq_num;
+    msg_hdr->frag_off = frag_off;
+    msg_hdr->frag_len = frag_len;
+}
+
+static void
+dtls1_fix_message_header(SSL *s, size_t frag_off, size_t frag_len)
+{
+    struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
+
+    msg_hdr->frag_off = frag_off;
+    msg_hdr->frag_len = frag_len;
+}
+
+static unsigned char *dtls1_write_message_header(SSL *s, unsigned char *p)
+{
+    struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
+
+    *p++ = msg_hdr->type;
+    l2n3(msg_hdr->msg_len, p);
+
+    s2n(msg_hdr->seq, p);
+    l2n3(msg_hdr->frag_off, p);
+    l2n3(msg_hdr->frag_len, p);
+
+    return p;
+}
+
+void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr)
+{
+    memset(msg_hdr, 0, sizeof(*msg_hdr));
+    msg_hdr->type = *(data++);
+    n2l3(data, msg_hdr->msg_len);
+
+    n2s(data, msg_hdr->seq);
+    n2l3(data, msg_hdr->frag_off);
+    n2l3(data, msg_hdr->frag_len);
+}
+
+int dtls1_set_handshake_header(SSL *s, WPACKET *pkt, int htype)
+{
+    unsigned char *header;
+
+    if (htype == SSL3_MT_CHANGE_CIPHER_SPEC) {
+        s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
+        dtls1_set_message_header_int(s, SSL3_MT_CCS, 0,
+                                     s->d1->handshake_write_seq, 0, 0);
+        if (!WPACKET_put_bytes_u8(pkt, SSL3_MT_CCS))
+            return 0;
+    } else {
+        dtls1_set_message_header(s, htype, 0, 0, 0);
+        /*
+         * We allocate space at the start for the message header. This gets
+         * filled in later
+         */
+        if (!WPACKET_allocate_bytes(pkt, DTLS1_HM_HEADER_LENGTH, &header)
+                || !WPACKET_start_sub_packet(pkt))
+            return 0;
+    }
+
+    return 1;
+}
+
+int dtls1_close_construct_packet(SSL *s, WPACKET *pkt, int htype)
+{
+    size_t msglen;
+
+    if ((htype != SSL3_MT_CHANGE_CIPHER_SPEC && !WPACKET_close(pkt))
+            || !WPACKET_get_length(pkt, &msglen)
+            || msglen > INT_MAX)
+        return 0;
+
+    if (htype != SSL3_MT_CHANGE_CIPHER_SPEC) {
+        s->d1->w_msg_hdr.msg_len = msglen - DTLS1_HM_HEADER_LENGTH;
+        s->d1->w_msg_hdr.frag_len = msglen - DTLS1_HM_HEADER_LENGTH;
+    }
+    s->init_num = (int)msglen;
+    s->init_off = 0;
+
+    if (htype != DTLS1_MT_HELLO_VERIFY_REQUEST) {
+        /* Buffer the message to handle re-xmits */
+        if (!dtls1_buffer_message(s, htype == SSL3_MT_CHANGE_CIPHER_SPEC
+                                     ? 1 : 0))
+            return 0;
+    }
+
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/statem/statem_lib.c b/trunk/3rdparty/openssl-1.1-fit/ssl/statem/statem_lib.c
new file mode 100644
index 000000000..c0482b0a9
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/statem/statem_lib.c
@@ -0,0 +1,2403 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <limits.h>
+#include <string.h>
+#include <stdio.h>
+#include "../ssl_locl.h"
+#include "statem_locl.h"
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+
+/*
+ * Map error codes to TLS/SSL alart types.
+ */
+typedef struct x509err2alert_st {
+    int x509err;
+    int alert;
+} X509ERR2ALERT;
+
+/* Fixed value used in the ServerHello random field to identify an HRR */
+const unsigned char hrrrandom[] = {
+    0xcf, 0x21, 0xad, 0x74, 0xe5, 0x9a, 0x61, 0x11, 0xbe, 0x1d, 0x8c, 0x02,
+    0x1e, 0x65, 0xb8, 0x91, 0xc2, 0xa2, 0x11, 0x16, 0x7a, 0xbb, 0x8c, 0x5e,
+    0x07, 0x9e, 0x09, 0xe2, 0xc8, 0xa8, 0x33, 0x9c
+};
+
+/*
+ * send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or
+ * SSL3_RT_CHANGE_CIPHER_SPEC)
+ */
+int ssl3_do_write(SSL *s, int type)
+{
+    int ret;
+    size_t written = 0;
+
+    ret = ssl3_write_bytes(s, type, &s->init_buf->data[s->init_off],
+                           s->init_num, &written);
+    if (ret < 0)
+        return -1;
+    if (type == SSL3_RT_HANDSHAKE)
+        /*
+         * should not be done for 'Hello Request's, but in that case we'll
+         * ignore the result anyway
+         * TLS1.3 KeyUpdate and NewSessionTicket do not need to be added
+         */
+        if (!SSL_IS_TLS13(s) || (s->statem.hand_state != TLS_ST_SW_SESSION_TICKET
+                                 && s->statem.hand_state != TLS_ST_CW_KEY_UPDATE
+                                 && s->statem.hand_state != TLS_ST_SW_KEY_UPDATE))
+            if (!ssl3_finish_mac(s,
+                                 (unsigned char *)&s->init_buf->data[s->init_off],
+                                 written))
+                return -1;
+    if (written == s->init_num) {
+        if (s->msg_callback)
+            s->msg_callback(1, s->version, type, s->init_buf->data,
+                            (size_t)(s->init_off + s->init_num), s,
+                            s->msg_callback_arg);
+        return 1;
+    }
+    s->init_off += written;
+    s->init_num -= written;
+    return 0;
+}
+
+int tls_close_construct_packet(SSL *s, WPACKET *pkt, int htype)
+{
+    size_t msglen;
+
+    if ((htype != SSL3_MT_CHANGE_CIPHER_SPEC && !WPACKET_close(pkt))
+            || !WPACKET_get_length(pkt, &msglen)
+            || msglen > INT_MAX)
+        return 0;
+    s->init_num = (int)msglen;
+    s->init_off = 0;
+
+    return 1;
+}
+
+int tls_setup_handshake(SSL *s)
+{
+    if (!ssl3_init_finished_mac(s)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    /* Reset any extension flags */
+    memset(s->ext.extflags, 0, sizeof(s->ext.extflags));
+
+    if (s->server) {
+        STACK_OF(SSL_CIPHER) *ciphers = SSL_get_ciphers(s);
+        int i, ver_min, ver_max, ok = 0;
+
+        /*
+         * Sanity check that the maximum version we accept has ciphers
+         * enabled. For clients we do this check during construction of the
+         * ClientHello.
+         */
+        if (ssl_get_min_max_version(s, &ver_min, &ver_max, NULL) != 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_SETUP_HANDSHAKE,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+        for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
+            const SSL_CIPHER *c = sk_SSL_CIPHER_value(ciphers, i);
+
+            if (SSL_IS_DTLS(s)) {
+                if (DTLS_VERSION_GE(ver_max, c->min_dtls) &&
+                        DTLS_VERSION_LE(ver_max, c->max_dtls))
+                    ok = 1;
+            } else if (ver_max >= c->min_tls && ver_max <= c->max_tls) {
+                ok = 1;
+            }
+            if (ok)
+                break;
+        }
+        if (!ok) {
+            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_SETUP_HANDSHAKE,
+                     SSL_R_NO_CIPHERS_AVAILABLE);
+            ERR_add_error_data(1, "No ciphers enabled for max supported "
+                                  "SSL/TLS version");
+            return 0;
+        }
+        if (SSL_IS_FIRST_HANDSHAKE(s)) {
+            /* N.B. s->session_ctx == s->ctx here */
+            tsan_counter(&s->session_ctx->stats.sess_accept);
+        } else {
+            /* N.B. s->ctx may not equal s->session_ctx */
+            tsan_counter(&s->ctx->stats.sess_accept_renegotiate);
+
+            s->s3->tmp.cert_request = 0;
+        }
+    } else {
+        if (SSL_IS_FIRST_HANDSHAKE(s))
+            tsan_counter(&s->session_ctx->stats.sess_connect);
+        else
+            tsan_counter(&s->session_ctx->stats.sess_connect_renegotiate);
+
+        /* mark client_random uninitialized */
+        memset(s->s3->client_random, 0, sizeof(s->s3->client_random));
+        s->hit = 0;
+
+        s->s3->tmp.cert_req = 0;
+
+        if (SSL_IS_DTLS(s))
+            s->statem.use_timer = 1;
+    }
+
+    return 1;
+}
+
+/*
+ * Size of the to-be-signed TLS13 data, without the hash size itself:
+ * 64 bytes of value 32, 33 context bytes, 1 byte separator
+ */
+#define TLS13_TBS_START_SIZE            64
+#define TLS13_TBS_PREAMBLE_SIZE         (TLS13_TBS_START_SIZE + 33 + 1)
+
+static int get_cert_verify_tbs_data(SSL *s, unsigned char *tls13tbs,
+                                    void **hdata, size_t *hdatalen)
+{
+    static const char *servercontext = "TLS 1.3, server CertificateVerify";
+    static const char *clientcontext = "TLS 1.3, client CertificateVerify";
+
+    if (SSL_IS_TLS13(s)) {
+        size_t hashlen;
+
+        /* Set the first 64 bytes of to-be-signed data to octet 32 */
+        memset(tls13tbs, 32, TLS13_TBS_START_SIZE);
+        /* This copies the 33 bytes of context plus the 0 separator byte */
+        if (s->statem.hand_state == TLS_ST_CR_CERT_VRFY
+                 || s->statem.hand_state == TLS_ST_SW_CERT_VRFY)
+            strcpy((char *)tls13tbs + TLS13_TBS_START_SIZE, servercontext);
+        else
+            strcpy((char *)tls13tbs + TLS13_TBS_START_SIZE, clientcontext);
+
+        /*
+         * If we're currently reading then we need to use the saved handshake
+         * hash value. We can't use the current handshake hash state because
+         * that includes the CertVerify itself.
+         */
+        if (s->statem.hand_state == TLS_ST_CR_CERT_VRFY
+                || s->statem.hand_state == TLS_ST_SR_CERT_VRFY) {
+            memcpy(tls13tbs + TLS13_TBS_PREAMBLE_SIZE, s->cert_verify_hash,
+                   s->cert_verify_hash_len);
+            hashlen = s->cert_verify_hash_len;
+        } else if (!ssl_handshake_hash(s, tls13tbs + TLS13_TBS_PREAMBLE_SIZE,
+                                       EVP_MAX_MD_SIZE, &hashlen)) {
+            /* SSLfatal() already called */
+            return 0;
+        }
+
+        *hdata = tls13tbs;
+        *hdatalen = TLS13_TBS_PREAMBLE_SIZE + hashlen;
+    } else {
+        size_t retlen;
+        long retlen_l;
+
+        retlen = retlen_l = BIO_get_mem_data(s->s3->handshake_buffer, hdata);
+        if (retlen_l <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_GET_CERT_VERIFY_TBS_DATA,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+        *hdatalen = retlen;
+    }
+
+    return 1;
+}
+
+int tls_construct_cert_verify(SSL *s, WPACKET *pkt)
+{
+    EVP_PKEY *pkey = NULL;
+    const EVP_MD *md = NULL;
+    EVP_MD_CTX *mctx = NULL;
+    EVP_PKEY_CTX *pctx = NULL;
+    size_t hdatalen = 0, siglen = 0;
+    void *hdata;
+    unsigned char *sig = NULL;
+    unsigned char tls13tbs[TLS13_TBS_PREAMBLE_SIZE + EVP_MAX_MD_SIZE];
+    const SIGALG_LOOKUP *lu = s->s3->tmp.sigalg;
+
+    if (lu == NULL || s->s3->tmp.cert == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    pkey = s->s3->tmp.cert->privatekey;
+
+    if (pkey == NULL || !tls1_lookup_md(lu, &md)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    mctx = EVP_MD_CTX_new();
+    if (mctx == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY,
+                 ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* Get the data to be signed */
+    if (!get_cert_verify_tbs_data(s, tls13tbs, &hdata, &hdatalen)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    if (SSL_USE_SIGALGS(s) && !WPACKET_put_bytes_u16(pkt, lu->sigalg)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    siglen = EVP_PKEY_size(pkey);
+    sig = OPENSSL_malloc(siglen);
+    if (sig == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY,
+                 ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (EVP_DigestSignInit(mctx, &pctx, md, NULL, pkey) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY,
+                 ERR_R_EVP_LIB);
+        goto err;
+    }
+
+    if (lu->sig == EVP_PKEY_RSA_PSS) {
+        if (EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) <= 0
+            || EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx,
+                                                RSA_PSS_SALTLEN_DIGEST) <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY,
+                     ERR_R_EVP_LIB);
+            goto err;
+        }
+    }
+    if (s->version == SSL3_VERSION) {
+        if (EVP_DigestSignUpdate(mctx, hdata, hdatalen) <= 0
+            || !EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET,
+                                (int)s->session->master_key_length,
+                                s->session->master_key)
+            || EVP_DigestSignFinal(mctx, sig, &siglen) <= 0) {
+
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY,
+                     ERR_R_EVP_LIB);
+            goto err;
+        }
+    } else if (EVP_DigestSign(mctx, sig, &siglen, hdata, hdatalen) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY,
+                 ERR_R_EVP_LIB);
+        goto err;
+    }
+
+#ifndef OPENSSL_NO_GOST
+    {
+        int pktype = lu->sig;
+
+        if (pktype == NID_id_GostR3410_2001
+            || pktype == NID_id_GostR3410_2012_256
+            || pktype == NID_id_GostR3410_2012_512)
+            BUF_reverse(sig, NULL, siglen);
+    }
+#endif
+
+    if (!WPACKET_sub_memcpy_u16(pkt, sig, siglen)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    /* Digest cached records and discard handshake buffer */
+    if (!ssl3_digest_cached_records(s, 0)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    OPENSSL_free(sig);
+    EVP_MD_CTX_free(mctx);
+    return 1;
+ err:
+    OPENSSL_free(sig);
+    EVP_MD_CTX_free(mctx);
+    return 0;
+}
+
+MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
+{
+    EVP_PKEY *pkey = NULL;
+    const unsigned char *data;
+#ifndef OPENSSL_NO_GOST
+    unsigned char *gost_data = NULL;
+#endif
+    MSG_PROCESS_RETURN ret = MSG_PROCESS_ERROR;
+    int j;
+    unsigned int len;
+    X509 *peer;
+    const EVP_MD *md = NULL;
+    size_t hdatalen = 0;
+    void *hdata;
+    unsigned char tls13tbs[TLS13_TBS_PREAMBLE_SIZE + EVP_MAX_MD_SIZE];
+    EVP_MD_CTX *mctx = EVP_MD_CTX_new();
+    EVP_PKEY_CTX *pctx = NULL;
+
+    if (mctx == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY,
+                 ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    peer = s->session->peer;
+    pkey = X509_get0_pubkey(peer);
+    if (pkey == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    if (ssl_cert_lookup_by_pkey(pkey, NULL) == NULL) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_CERT_VERIFY,
+                 SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE);
+        goto err;
+    }
+
+    if (SSL_USE_SIGALGS(s)) {
+        unsigned int sigalg;
+
+        if (!PACKET_get_net_2(pkt, &sigalg)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY,
+                     SSL_R_BAD_PACKET);
+            goto err;
+        }
+        if (tls12_check_peer_sigalg(s, sigalg, pkey) <= 0) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    } else if (!tls1_set_peer_legacy_sigalg(s, pkey)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+    }
+
+    if (!tls1_lookup_md(s->s3->tmp.peer_sigalg, &md)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+#ifdef SSL_DEBUG
+    if (SSL_USE_SIGALGS(s))
+        fprintf(stderr, "USING TLSv1.2 HASH %s\n",
+                md == NULL ? "n/a" : EVP_MD_name(md));
+#endif
+
+    /* Check for broken implementations of GOST ciphersuites */
+    /*
+     * If key is GOST and len is exactly 64 or 128, it is signature without
+     * length field (CryptoPro implementations at least till TLS 1.2)
+     */
+#ifndef OPENSSL_NO_GOST
+    if (!SSL_USE_SIGALGS(s)
+        && ((PACKET_remaining(pkt) == 64
+             && (EVP_PKEY_id(pkey) == NID_id_GostR3410_2001
+                 || EVP_PKEY_id(pkey) == NID_id_GostR3410_2012_256))
+            || (PACKET_remaining(pkt) == 128
+                && EVP_PKEY_id(pkey) == NID_id_GostR3410_2012_512))) {
+        len = PACKET_remaining(pkt);
+    } else
+#endif
+    if (!PACKET_get_net_2(pkt, &len)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY,
+                 SSL_R_LENGTH_MISMATCH);
+        goto err;
+    }
+
+    j = EVP_PKEY_size(pkey);
+    if (((int)len > j) || ((int)PACKET_remaining(pkt) > j)
+        || (PACKET_remaining(pkt) == 0)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY,
+                 SSL_R_WRONG_SIGNATURE_SIZE);
+        goto err;
+    }
+    if (!PACKET_get_bytes(pkt, &data, len)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY,
+                 SSL_R_LENGTH_MISMATCH);
+        goto err;
+    }
+
+    if (!get_cert_verify_tbs_data(s, tls13tbs, &hdata, &hdatalen)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+#ifdef SSL_DEBUG
+    fprintf(stderr, "Using client verify alg %s\n",
+            md == NULL ? "n/a" : EVP_MD_name(md));
+#endif
+    if (EVP_DigestVerifyInit(mctx, &pctx, md, NULL, pkey) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY,
+                 ERR_R_EVP_LIB);
+        goto err;
+    }
+#ifndef OPENSSL_NO_GOST
+    {
+        int pktype = EVP_PKEY_id(pkey);
+        if (pktype == NID_id_GostR3410_2001
+            || pktype == NID_id_GostR3410_2012_256
+            || pktype == NID_id_GostR3410_2012_512) {
+            if ((gost_data = OPENSSL_malloc(len)) == NULL) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_PROCESS_CERT_VERIFY, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            BUF_reverse(gost_data, data, len);
+            data = gost_data;
+        }
+    }
+#endif
+
+    if (SSL_USE_PSS(s)) {
+        if (EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) <= 0
+            || EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx,
+                                                RSA_PSS_SALTLEN_DIGEST) <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY,
+                     ERR_R_EVP_LIB);
+            goto err;
+        }
+    }
+    if (s->version == SSL3_VERSION) {
+        if (EVP_DigestVerifyUpdate(mctx, hdata, hdatalen) <= 0
+                || !EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET,
+                                    (int)s->session->master_key_length,
+                                    s->session->master_key)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY,
+                     ERR_R_EVP_LIB);
+            goto err;
+        }
+        if (EVP_DigestVerifyFinal(mctx, data, len) <= 0) {
+            SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY,
+                     SSL_R_BAD_SIGNATURE);
+            goto err;
+        }
+    } else {
+        j = EVP_DigestVerify(mctx, data, len, hdata, hdatalen);
+        if (j <= 0) {
+            SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY,
+                     SSL_R_BAD_SIGNATURE);
+            goto err;
+        }
+    }
+
+    /*
+     * In TLSv1.3 on the client side we make sure we prepare the client
+     * certificate after the CertVerify instead of when we get the
+     * CertificateRequest. This is because in TLSv1.3 the CertificateRequest
+     * comes *before* the Certificate message. In TLSv1.2 it comes after. We
+     * want to make sure that SSL_get_peer_certificate() will return the actual
+     * server certificate from the client_cert_cb callback.
+     */
+    if (!s->server && SSL_IS_TLS13(s) && s->s3->tmp.cert_req == 1)
+        ret = MSG_PROCESS_CONTINUE_PROCESSING;
+    else
+        ret = MSG_PROCESS_CONTINUE_READING;
+ err:
+    BIO_free(s->s3->handshake_buffer);
+    s->s3->handshake_buffer = NULL;
+    EVP_MD_CTX_free(mctx);
+#ifndef OPENSSL_NO_GOST
+    OPENSSL_free(gost_data);
+#endif
+    return ret;
+}
+
+int tls_construct_finished(SSL *s, WPACKET *pkt)
+{
+    size_t finish_md_len;
+    const char *sender;
+    size_t slen;
+
+    /* This is a real handshake so make sure we clean it up at the end */
+    if (!s->server && s->post_handshake_auth != SSL_PHA_REQUESTED)
+        s->statem.cleanuphand = 1;
+
+    /*
+     * We only change the keys if we didn't already do this when we sent the
+     * client certificate
+     */
+    if (SSL_IS_TLS13(s)
+            && !s->server
+            && s->s3->tmp.cert_req == 0
+            && (!s->method->ssl3_enc->change_cipher_state(s,
+                    SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_WRITE))) {;
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    if (s->server) {
+        sender = s->method->ssl3_enc->server_finished_label;
+        slen = s->method->ssl3_enc->server_finished_label_len;
+    } else {
+        sender = s->method->ssl3_enc->client_finished_label;
+        slen = s->method->ssl3_enc->client_finished_label_len;
+    }
+
+    finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
+                                                          sender, slen,
+                                                          s->s3->tmp.finish_md);
+    if (finish_md_len == 0) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    s->s3->tmp.finish_md_len = finish_md_len;
+
+    if (!WPACKET_memcpy(pkt, s->s3->tmp.finish_md, finish_md_len)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_FINISHED,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    /*
+     * Log the master secret, if logging is enabled. We don't log it for
+     * TLSv1.3: there's a different key schedule for that.
+     */
+    if (!SSL_IS_TLS13(s) && !ssl_log_secret(s, MASTER_SECRET_LABEL,
+                                            s->session->master_key,
+                                            s->session->master_key_length)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    /*
+     * Copy the finished so we can use it for renegotiation checks
+     */
+    if (!ossl_assert(finish_md_len <= EVP_MAX_MD_SIZE)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_FINISHED,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    if (!s->server) {
+        memcpy(s->s3->previous_client_finished, s->s3->tmp.finish_md,
+               finish_md_len);
+        s->s3->previous_client_finished_len = finish_md_len;
+    } else {
+        memcpy(s->s3->previous_server_finished, s->s3->tmp.finish_md,
+               finish_md_len);
+        s->s3->previous_server_finished_len = finish_md_len;
+    }
+
+    return 1;
+}
+
+int tls_construct_key_update(SSL *s, WPACKET *pkt)
+{
+    if (!WPACKET_put_bytes_u8(pkt, s->key_update)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_KEY_UPDATE,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    s->key_update = SSL_KEY_UPDATE_NONE;
+    return 1;
+}
+
+MSG_PROCESS_RETURN tls_process_key_update(SSL *s, PACKET *pkt)
+{
+    unsigned int updatetype;
+
+    /*
+     * A KeyUpdate message signals a key change so the end of the message must
+     * be on a record boundary.
+     */
+    if (RECORD_LAYER_processed_read_pending(&s->rlayer)) {
+        SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_TLS_PROCESS_KEY_UPDATE,
+                 SSL_R_NOT_ON_RECORD_BOUNDARY);
+        return MSG_PROCESS_ERROR;
+    }
+
+    if (!PACKET_get_1(pkt, &updatetype)
+            || PACKET_remaining(pkt) != 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_KEY_UPDATE,
+                 SSL_R_BAD_KEY_UPDATE);
+        return MSG_PROCESS_ERROR;
+    }
+
+    /*
+     * There are only two defined key update types. Fail if we get a value we
+     * didn't recognise.
+     */
+    if (updatetype != SSL_KEY_UPDATE_NOT_REQUESTED
+            && updatetype != SSL_KEY_UPDATE_REQUESTED) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_KEY_UPDATE,
+                 SSL_R_BAD_KEY_UPDATE);
+        return MSG_PROCESS_ERROR;
+    }
+
+    /*
+     * If we get a request for us to update our sending keys too then, we need
+     * to additionally send a KeyUpdate message. However that message should
+     * not also request an update (otherwise we get into an infinite loop). We
+     * ignore a request for us to update our sending keys too if we already
+     * sent close_notify.
+     */
+    if (updatetype == SSL_KEY_UPDATE_REQUESTED
+            && (s->shutdown & SSL_SENT_SHUTDOWN) == 0)
+        s->key_update = SSL_KEY_UPDATE_NOT_REQUESTED;
+
+    if (!tls13_update_key(s, 0)) {
+        /* SSLfatal() already called */
+        return MSG_PROCESS_ERROR;
+    }
+
+    return MSG_PROCESS_FINISHED_READING;
+}
+
+/*
+ * ssl3_take_mac calculates the Finished MAC for the handshakes messages seen
+ * to far.
+ */
+int ssl3_take_mac(SSL *s)
+{
+    const char *sender;
+    size_t slen;
+
+    if (!s->server) {
+        sender = s->method->ssl3_enc->server_finished_label;
+        slen = s->method->ssl3_enc->server_finished_label_len;
+    } else {
+        sender = s->method->ssl3_enc->client_finished_label;
+        slen = s->method->ssl3_enc->client_finished_label_len;
+    }
+
+    s->s3->tmp.peer_finish_md_len =
+        s->method->ssl3_enc->final_finish_mac(s, sender, slen,
+                                              s->s3->tmp.peer_finish_md);
+
+    if (s->s3->tmp.peer_finish_md_len == 0) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    return 1;
+}
+
+MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt)
+{
+    size_t remain;
+
+    remain = PACKET_remaining(pkt);
+    /*
+     * 'Change Cipher Spec' is just a single byte, which should already have
+     * been consumed by ssl_get_message() so there should be no bytes left,
+     * unless we're using DTLS1_BAD_VER, which has an extra 2 bytes
+     */
+    if (SSL_IS_DTLS(s)) {
+        if ((s->version == DTLS1_BAD_VER
+             && remain != DTLS1_CCS_HEADER_LENGTH + 1)
+            || (s->version != DTLS1_BAD_VER
+                && remain != DTLS1_CCS_HEADER_LENGTH - 1)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC,
+                    SSL_R_BAD_CHANGE_CIPHER_SPEC);
+            return MSG_PROCESS_ERROR;
+        }
+    } else {
+        if (remain != 0) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC,
+                     SSL_R_BAD_CHANGE_CIPHER_SPEC);
+            return MSG_PROCESS_ERROR;
+        }
+    }
+
+    /* Check we have a cipher to change to */
+    if (s->s3->tmp.new_cipher == NULL) {
+        SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
+                 SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC, SSL_R_CCS_RECEIVED_EARLY);
+        return MSG_PROCESS_ERROR;
+    }
+
+    s->s3->change_cipher_spec = 1;
+    if (!ssl3_do_change_cipher_spec(s)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC,
+                 ERR_R_INTERNAL_ERROR);
+        return MSG_PROCESS_ERROR;
+    }
+
+    if (SSL_IS_DTLS(s)) {
+        dtls1_reset_seq_numbers(s, SSL3_CC_READ);
+
+        if (s->version == DTLS1_BAD_VER)
+            s->d1->handshake_read_seq++;
+
+#ifndef OPENSSL_NO_SCTP
+        /*
+         * Remember that a CCS has been received, so that an old key of
+         * SCTP-Auth can be deleted when a CCS is sent. Will be ignored if no
+         * SCTP is used
+         */
+        BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD, 1, NULL);
+#endif
+    }
+
+    return MSG_PROCESS_CONTINUE_READING;
+}
+
+MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt)
+{
+    size_t md_len;
+
+
+    /* This is a real handshake so make sure we clean it up at the end */
+    if (s->server) {
+        /*
+        * To get this far we must have read encrypted data from the client. We
+        * no longer tolerate unencrypted alerts. This value is ignored if less
+        * than TLSv1.3
+        */
+        s->statem.enc_read_state = ENC_READ_STATE_VALID;
+        if (s->post_handshake_auth != SSL_PHA_REQUESTED)
+            s->statem.cleanuphand = 1;
+        if (SSL_IS_TLS13(s) && !tls13_save_handshake_digest_for_pha(s)) {
+                /* SSLfatal() already called */
+                return MSG_PROCESS_ERROR;
+        }
+    }
+
+    /*
+     * In TLSv1.3 a Finished message signals a key change so the end of the
+     * message must be on a record boundary.
+     */
+    if (SSL_IS_TLS13(s) && RECORD_LAYER_processed_read_pending(&s->rlayer)) {
+        SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_TLS_PROCESS_FINISHED,
+                 SSL_R_NOT_ON_RECORD_BOUNDARY);
+        return MSG_PROCESS_ERROR;
+    }
+
+    /* If this occurs, we have missed a message */
+    if (!SSL_IS_TLS13(s) && !s->s3->change_cipher_spec) {
+        SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_TLS_PROCESS_FINISHED,
+                 SSL_R_GOT_A_FIN_BEFORE_A_CCS);
+        return MSG_PROCESS_ERROR;
+    }
+    s->s3->change_cipher_spec = 0;
+
+    md_len = s->s3->tmp.peer_finish_md_len;
+
+    if (md_len != PACKET_remaining(pkt)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_FINISHED,
+                 SSL_R_BAD_DIGEST_LENGTH);
+        return MSG_PROCESS_ERROR;
+    }
+
+    if (CRYPTO_memcmp(PACKET_data(pkt), s->s3->tmp.peer_finish_md,
+                      md_len) != 0) {
+        SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_F_TLS_PROCESS_FINISHED,
+                 SSL_R_DIGEST_CHECK_FAILED);
+        return MSG_PROCESS_ERROR;
+    }
+
+    /*
+     * Copy the finished so we can use it for renegotiation checks
+     */
+    if (!ossl_assert(md_len <= EVP_MAX_MD_SIZE)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_FINISHED,
+                 ERR_R_INTERNAL_ERROR);
+        return MSG_PROCESS_ERROR;
+    }
+    if (s->server) {
+        memcpy(s->s3->previous_client_finished, s->s3->tmp.peer_finish_md,
+               md_len);
+        s->s3->previous_client_finished_len = md_len;
+    } else {
+        memcpy(s->s3->previous_server_finished, s->s3->tmp.peer_finish_md,
+               md_len);
+        s->s3->previous_server_finished_len = md_len;
+    }
+
+    /*
+     * In TLS1.3 we also have to change cipher state and do any final processing
+     * of the initial server flight (if we are a client)
+     */
+    if (SSL_IS_TLS13(s)) {
+        if (s->server) {
+            if (s->post_handshake_auth != SSL_PHA_REQUESTED &&
+                    !s->method->ssl3_enc->change_cipher_state(s,
+                    SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_SERVER_READ)) {
+                /* SSLfatal() already called */
+                return MSG_PROCESS_ERROR;
+            }
+        } else {
+            if (!s->method->ssl3_enc->generate_master_secret(s,
+                    s->master_secret, s->handshake_secret, 0,
+                    &s->session->master_key_length)) {
+                /* SSLfatal() already called */
+                return MSG_PROCESS_ERROR;
+            }
+            if (!s->method->ssl3_enc->change_cipher_state(s,
+                    SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_CLIENT_READ)) {
+                /* SSLfatal() already called */
+                return MSG_PROCESS_ERROR;
+            }
+            if (!tls_process_initial_server_flight(s)) {
+                /* SSLfatal() already called */
+                return MSG_PROCESS_ERROR;
+            }
+        }
+    }
+
+    return MSG_PROCESS_FINISHED_READING;
+}
+
+int tls_construct_change_cipher_spec(SSL *s, WPACKET *pkt)
+{
+    if (!WPACKET_put_bytes_u8(pkt, SSL3_MT_CCS)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    return 1;
+}
+
+/* Add a certificate to the WPACKET */
+static int ssl_add_cert_to_wpacket(SSL *s, WPACKET *pkt, X509 *x, int chain)
+{
+    int len;
+    unsigned char *outbytes;
+
+    len = i2d_X509(x, NULL);
+    if (len < 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_ADD_CERT_TO_WPACKET,
+                 ERR_R_BUF_LIB);
+        return 0;
+    }
+    if (!WPACKET_sub_allocate_bytes_u24(pkt, len, &outbytes)
+            || i2d_X509(x, &outbytes) != len) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_ADD_CERT_TO_WPACKET,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    if (SSL_IS_TLS13(s)
+            && !tls_construct_extensions(s, pkt, SSL_EXT_TLS1_3_CERTIFICATE, x,
+                                         chain)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    return 1;
+}
+
+/* Add certificate chain to provided WPACKET */
+static int ssl_add_cert_chain(SSL *s, WPACKET *pkt, CERT_PKEY *cpk)
+{
+    int i, chain_count;
+    X509 *x;
+    STACK_OF(X509) *extra_certs;
+    STACK_OF(X509) *chain = NULL;
+    X509_STORE *chain_store;
+
+    if (cpk == NULL || cpk->x509 == NULL)
+        return 1;
+
+    x = cpk->x509;
+
+    /*
+     * If we have a certificate specific chain use it, else use parent ctx.
+     */
+    if (cpk->chain != NULL)
+        extra_certs = cpk->chain;
+    else
+        extra_certs = s->ctx->extra_certs;
+
+    if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || extra_certs)
+        chain_store = NULL;
+    else if (s->cert->chain_store)
+        chain_store = s->cert->chain_store;
+    else
+        chain_store = s->ctx->cert_store;
+
+    if (chain_store != NULL) {
+        X509_STORE_CTX *xs_ctx = X509_STORE_CTX_new();
+
+        if (xs_ctx == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_ADD_CERT_CHAIN,
+                     ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        if (!X509_STORE_CTX_init(xs_ctx, chain_store, x, NULL)) {
+            X509_STORE_CTX_free(xs_ctx);
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_ADD_CERT_CHAIN,
+                     ERR_R_X509_LIB);
+            return 0;
+        }
+        /*
+         * It is valid for the chain not to be complete (because normally we
+         * don't include the root cert in the chain). Therefore we deliberately
+         * ignore the error return from this call. We're not actually verifying
+         * the cert - we're just building as much of the chain as we can
+         */
+        (void)X509_verify_cert(xs_ctx);
+        /* Don't leave errors in the queue */
+        ERR_clear_error();
+        chain = X509_STORE_CTX_get0_chain(xs_ctx);
+        i = ssl_security_cert_chain(s, chain, NULL, 0);
+        if (i != 1) {
+#if 0
+            /* Dummy error calls so mkerr generates them */
+            SSLerr(SSL_F_SSL_ADD_CERT_CHAIN, SSL_R_EE_KEY_TOO_SMALL);
+            SSLerr(SSL_F_SSL_ADD_CERT_CHAIN, SSL_R_CA_KEY_TOO_SMALL);
+            SSLerr(SSL_F_SSL_ADD_CERT_CHAIN, SSL_R_CA_MD_TOO_WEAK);
+#endif
+            X509_STORE_CTX_free(xs_ctx);
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_ADD_CERT_CHAIN, i);
+            return 0;
+        }
+        chain_count = sk_X509_num(chain);
+        for (i = 0; i < chain_count; i++) {
+            x = sk_X509_value(chain, i);
+
+            if (!ssl_add_cert_to_wpacket(s, pkt, x, i)) {
+                /* SSLfatal() already called */
+                X509_STORE_CTX_free(xs_ctx);
+                return 0;
+            }
+        }
+        X509_STORE_CTX_free(xs_ctx);
+    } else {
+        i = ssl_security_cert_chain(s, extra_certs, x, 0);
+        if (i != 1) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_ADD_CERT_CHAIN, i);
+            return 0;
+        }
+        if (!ssl_add_cert_to_wpacket(s, pkt, x, 0)) {
+            /* SSLfatal() already called */
+            return 0;
+        }
+        for (i = 0; i < sk_X509_num(extra_certs); i++) {
+            x = sk_X509_value(extra_certs, i);
+            if (!ssl_add_cert_to_wpacket(s, pkt, x, i + 1)) {
+                /* SSLfatal() already called */
+                return 0;
+            }
+        }
+    }
+    return 1;
+}
+
+unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt, CERT_PKEY *cpk)
+{
+    if (!WPACKET_start_sub_packet_u24(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_OUTPUT_CERT_CHAIN,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    if (!ssl_add_cert_chain(s, pkt, cpk))
+        return 0;
+
+    if (!WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_OUTPUT_CERT_CHAIN,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    return 1;
+}
+
+/*
+ * Tidy up after the end of a handshake. In the case of SCTP this may result
+ * in NBIO events. If |clearbufs| is set then init_buf and the wbio buffer is
+ * freed up as well.
+ */
+WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs, int stop)
+{
+    void (*cb) (const SSL *ssl, int type, int val) = NULL;
+    int cleanuphand = s->statem.cleanuphand;
+
+    if (clearbufs) {
+        if (!SSL_IS_DTLS(s)) {
+            /*
+             * We don't do this in DTLS because we may still need the init_buf
+             * in case there are any unexpected retransmits
+             */
+            BUF_MEM_free(s->init_buf);
+            s->init_buf = NULL;
+        }
+        if (!ssl_free_wbio_buffer(s)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_FINISH_HANDSHAKE,
+                     ERR_R_INTERNAL_ERROR);
+            return WORK_ERROR;
+        }
+        s->init_num = 0;
+    }
+
+    if (SSL_IS_TLS13(s) && !s->server
+            && s->post_handshake_auth == SSL_PHA_REQUESTED)
+        s->post_handshake_auth = SSL_PHA_EXT_SENT;
+
+    /*
+     * Only set if there was a Finished message and this isn't after a TLSv1.3
+     * post handshake exchange
+     */
+    if (cleanuphand) {
+        /* skipped if we just sent a HelloRequest */
+        s->renegotiate = 0;
+        s->new_session = 0;
+        s->statem.cleanuphand = 0;
+        s->ext.ticket_expected = 0;
+
+        ssl3_cleanup_key_block(s);
+
+        if (s->server) {
+            /*
+             * In TLSv1.3 we update the cache as part of constructing the
+             * NewSessionTicket
+             */
+            if (!SSL_IS_TLS13(s))
+                ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
+
+            /* N.B. s->ctx may not equal s->session_ctx */
+            tsan_counter(&s->ctx->stats.sess_accept_good);
+            s->handshake_func = ossl_statem_accept;
+        } else {
+            if (SSL_IS_TLS13(s)) {
+                /*
+                 * We encourage applications to only use TLSv1.3 tickets once,
+                 * so we remove this one from the cache.
+                 */
+                if ((s->session_ctx->session_cache_mode
+                     & SSL_SESS_CACHE_CLIENT) != 0)
+                    SSL_CTX_remove_session(s->session_ctx, s->session);
+            } else {
+                /*
+                 * In TLSv1.3 we update the cache as part of processing the
+                 * NewSessionTicket
+                 */
+                ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
+            }
+            if (s->hit)
+                tsan_counter(&s->session_ctx->stats.sess_hit);
+
+            s->handshake_func = ossl_statem_connect;
+            tsan_counter(&s->session_ctx->stats.sess_connect_good);
+        }
+
+        if (SSL_IS_DTLS(s)) {
+            /* done with handshaking */
+            s->d1->handshake_read_seq = 0;
+            s->d1->handshake_write_seq = 0;
+            s->d1->next_handshake_write_seq = 0;
+            dtls1_clear_received_buffer(s);
+        }
+    }
+
+    if (s->info_callback != NULL)
+        cb = s->info_callback;
+    else if (s->ctx->info_callback != NULL)
+        cb = s->ctx->info_callback;
+
+    /* The callback may expect us to not be in init at handshake done */
+    ossl_statem_set_in_init(s, 0);
+
+    if (cb != NULL) {
+        if (cleanuphand
+                || !SSL_IS_TLS13(s)
+                || SSL_IS_FIRST_HANDSHAKE(s))
+            cb(s, SSL_CB_HANDSHAKE_DONE, 1);
+    }
+
+    if (!stop) {
+        /* If we've got more work to do we go back into init */
+        ossl_statem_set_in_init(s, 1);
+        return WORK_FINISHED_CONTINUE;
+    }
+
+    return WORK_FINISHED_STOP;
+}
+
+int tls_get_message_header(SSL *s, int *mt)
+{
+    /* s->init_num < SSL3_HM_HEADER_LENGTH */
+    int skip_message, i, recvd_type;
+    unsigned char *p;
+    size_t l, readbytes;
+
+    p = (unsigned char *)s->init_buf->data;
+
+    do {
+        while (s->init_num < SSL3_HM_HEADER_LENGTH) {
+            i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &recvd_type,
+                                          &p[s->init_num],
+                                          SSL3_HM_HEADER_LENGTH - s->init_num,
+                                          0, &readbytes);
+            if (i <= 0) {
+                s->rwstate = SSL_READING;
+                return 0;
+            }
+            if (recvd_type == SSL3_RT_CHANGE_CIPHER_SPEC) {
+                /*
+                 * A ChangeCipherSpec must be a single byte and may not occur
+                 * in the middle of a handshake message.
+                 */
+                if (s->init_num != 0 || readbytes != 1 || p[0] != SSL3_MT_CCS) {
+                    SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
+                             SSL_F_TLS_GET_MESSAGE_HEADER,
+                             SSL_R_BAD_CHANGE_CIPHER_SPEC);
+                    return 0;
+                }
+                if (s->statem.hand_state == TLS_ST_BEFORE
+                        && (s->s3->flags & TLS1_FLAGS_STATELESS) != 0) {
+                    /*
+                     * We are stateless and we received a CCS. Probably this is
+                     * from a client between the first and second ClientHellos.
+                     * We should ignore this, but return an error because we do
+                     * not return success until we see the second ClientHello
+                     * with a valid cookie.
+                     */
+                    return 0;
+                }
+                s->s3->tmp.message_type = *mt = SSL3_MT_CHANGE_CIPHER_SPEC;
+                s->init_num = readbytes - 1;
+                s->init_msg = s->init_buf->data;
+                s->s3->tmp.message_size = readbytes;
+                return 1;
+            } else if (recvd_type != SSL3_RT_HANDSHAKE) {
+                SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
+                         SSL_F_TLS_GET_MESSAGE_HEADER,
+                         SSL_R_CCS_RECEIVED_EARLY);
+                return 0;
+            }
+            s->init_num += readbytes;
+        }
+
+        skip_message = 0;
+        if (!s->server)
+            if (s->statem.hand_state != TLS_ST_OK
+                    && p[0] == SSL3_MT_HELLO_REQUEST)
+                /*
+                 * The server may always send 'Hello Request' messages --
+                 * we are doing a handshake anyway now, so ignore them if
+                 * their format is correct. Does not count for 'Finished'
+                 * MAC.
+                 */
+                if (p[1] == 0 && p[2] == 0 && p[3] == 0) {
+                    s->init_num = 0;
+                    skip_message = 1;
+
+                    if (s->msg_callback)
+                        s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
+                                        p, SSL3_HM_HEADER_LENGTH, s,
+                                        s->msg_callback_arg);
+                }
+    } while (skip_message);
+    /* s->init_num == SSL3_HM_HEADER_LENGTH */
+
+    *mt = *p;
+    s->s3->tmp.message_type = *(p++);
+
+    if (RECORD_LAYER_is_sslv2_record(&s->rlayer)) {
+        /*
+         * Only happens with SSLv3+ in an SSLv2 backward compatible
+         * ClientHello
+         *
+         * Total message size is the remaining record bytes to read
+         * plus the SSL3_HM_HEADER_LENGTH bytes that we already read
+         */
+        l = RECORD_LAYER_get_rrec_length(&s->rlayer)
+            + SSL3_HM_HEADER_LENGTH;
+        s->s3->tmp.message_size = l;
+
+        s->init_msg = s->init_buf->data;
+        s->init_num = SSL3_HM_HEADER_LENGTH;
+    } else {
+        n2l3(p, l);
+        /* BUF_MEM_grow takes an 'int' parameter */
+        if (l > (INT_MAX - SSL3_HM_HEADER_LENGTH)) {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_GET_MESSAGE_HEADER,
+                     SSL_R_EXCESSIVE_MESSAGE_SIZE);
+            return 0;
+        }
+        s->s3->tmp.message_size = l;
+
+        s->init_msg = s->init_buf->data + SSL3_HM_HEADER_LENGTH;
+        s->init_num = 0;
+    }
+
+    return 1;
+}
+
+int tls_get_message_body(SSL *s, size_t *len)
+{
+    size_t n, readbytes;
+    unsigned char *p;
+    int i;
+
+    if (s->s3->tmp.message_type == SSL3_MT_CHANGE_CIPHER_SPEC) {
+        /* We've already read everything in */
+        *len = (unsigned long)s->init_num;
+        return 1;
+    }
+
+    p = s->init_msg;
+    n = s->s3->tmp.message_size - s->init_num;
+    while (n > 0) {
+        i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
+                                      &p[s->init_num], n, 0, &readbytes);
+        if (i <= 0) {
+            s->rwstate = SSL_READING;
+            *len = 0;
+            return 0;
+        }
+        s->init_num += readbytes;
+        n -= readbytes;
+    }
+
+    /*
+     * If receiving Finished, record MAC of prior handshake messages for
+     * Finished verification.
+     */
+    if (*(s->init_buf->data) == SSL3_MT_FINISHED && !ssl3_take_mac(s)) {
+        /* SSLfatal() already called */
+        *len = 0;
+        return 0;
+    }
+
+    /* Feed this message into MAC computation. */
+    if (RECORD_LAYER_is_sslv2_record(&s->rlayer)) {
+        if (!ssl3_finish_mac(s, (unsigned char *)s->init_buf->data,
+                             s->init_num)) {
+            /* SSLfatal() already called */
+            *len = 0;
+            return 0;
+        }
+        if (s->msg_callback)
+            s->msg_callback(0, SSL2_VERSION, 0, s->init_buf->data,
+                            (size_t)s->init_num, s, s->msg_callback_arg);
+    } else {
+        /*
+         * We defer feeding in the HRR until later. We'll do it as part of
+         * processing the message
+         * The TLsv1.3 handshake transcript stops at the ClientFinished
+         * message.
+         */
+#define SERVER_HELLO_RANDOM_OFFSET  (SSL3_HM_HEADER_LENGTH + 2)
+        /* KeyUpdate and NewSessionTicket do not need to be added */
+        if (!SSL_IS_TLS13(s) || (s->s3->tmp.message_type != SSL3_MT_NEWSESSION_TICKET
+                                 && s->s3->tmp.message_type != SSL3_MT_KEY_UPDATE)) {
+            if (s->s3->tmp.message_type != SSL3_MT_SERVER_HELLO
+                    || s->init_num < SERVER_HELLO_RANDOM_OFFSET + SSL3_RANDOM_SIZE
+                    || memcmp(hrrrandom,
+                              s->init_buf->data + SERVER_HELLO_RANDOM_OFFSET,
+                              SSL3_RANDOM_SIZE) != 0) {
+                if (!ssl3_finish_mac(s, (unsigned char *)s->init_buf->data,
+                                     s->init_num + SSL3_HM_HEADER_LENGTH)) {
+                    /* SSLfatal() already called */
+                    *len = 0;
+                    return 0;
+                }
+            }
+        }
+        if (s->msg_callback)
+            s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data,
+                            (size_t)s->init_num + SSL3_HM_HEADER_LENGTH, s,
+                            s->msg_callback_arg);
+    }
+
+    *len = s->init_num;
+    return 1;
+}
+
+static const X509ERR2ALERT x509table[] = {
+    {X509_V_ERR_APPLICATION_VERIFICATION, SSL_AD_HANDSHAKE_FAILURE},
+    {X509_V_ERR_CA_KEY_TOO_SMALL, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_CA_MD_TOO_WEAK, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_CERT_CHAIN_TOO_LONG, SSL_AD_UNKNOWN_CA},
+    {X509_V_ERR_CERT_HAS_EXPIRED, SSL_AD_CERTIFICATE_EXPIRED},
+    {X509_V_ERR_CERT_NOT_YET_VALID, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_CERT_REJECTED, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_CERT_REVOKED, SSL_AD_CERTIFICATE_REVOKED},
+    {X509_V_ERR_CERT_SIGNATURE_FAILURE, SSL_AD_DECRYPT_ERROR},
+    {X509_V_ERR_CERT_UNTRUSTED, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_CRL_HAS_EXPIRED, SSL_AD_CERTIFICATE_EXPIRED},
+    {X509_V_ERR_CRL_NOT_YET_VALID, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_CRL_SIGNATURE_FAILURE, SSL_AD_DECRYPT_ERROR},
+    {X509_V_ERR_DANE_NO_MATCH, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT, SSL_AD_UNKNOWN_CA},
+    {X509_V_ERR_EE_KEY_TOO_SMALL, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_EMAIL_MISMATCH, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_HOSTNAME_MISMATCH, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_INVALID_CA, SSL_AD_UNKNOWN_CA},
+    {X509_V_ERR_INVALID_CALL, SSL_AD_INTERNAL_ERROR},
+    {X509_V_ERR_INVALID_PURPOSE, SSL_AD_UNSUPPORTED_CERTIFICATE},
+    {X509_V_ERR_IP_ADDRESS_MISMATCH, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_OUT_OF_MEM, SSL_AD_INTERNAL_ERROR},
+    {X509_V_ERR_PATH_LENGTH_EXCEEDED, SSL_AD_UNKNOWN_CA},
+    {X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN, SSL_AD_UNKNOWN_CA},
+    {X509_V_ERR_STORE_LOOKUP, SSL_AD_INTERNAL_ERROR},
+    {X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_UNABLE_TO_GET_CRL, SSL_AD_UNKNOWN_CA},
+    {X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER, SSL_AD_UNKNOWN_CA},
+    {X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT, SSL_AD_UNKNOWN_CA},
+    {X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, SSL_AD_UNKNOWN_CA},
+    {X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE, SSL_AD_UNKNOWN_CA},
+    {X509_V_ERR_UNSPECIFIED, SSL_AD_INTERNAL_ERROR},
+
+    /* Last entry; return this if we don't find the value above. */
+    {X509_V_OK, SSL_AD_CERTIFICATE_UNKNOWN}
+};
+
+int ssl_x509err2alert(int x509err)
+{
+    const X509ERR2ALERT *tp;
+
+    for (tp = x509table; tp->x509err != X509_V_OK; ++tp)
+        if (tp->x509err == x509err)
+            break;
+    return tp->alert;
+}
+
+int ssl_allow_compression(SSL *s)
+{
+    if (s->options & SSL_OP_NO_COMPRESSION)
+        return 0;
+    return ssl_security(s, SSL_SECOP_COMPRESSION, 0, 0, NULL);
+}
+
+static int version_cmp(const SSL *s, int a, int b)
+{
+    int dtls = SSL_IS_DTLS(s);
+
+    if (a == b)
+        return 0;
+    if (!dtls)
+        return a < b ? -1 : 1;
+    return DTLS_VERSION_LT(a, b) ? -1 : 1;
+}
+
+typedef struct {
+    int version;
+    const SSL_METHOD *(*cmeth) (void);
+    const SSL_METHOD *(*smeth) (void);
+} version_info;
+
+#if TLS_MAX_VERSION != TLS1_3_VERSION
+# error Code needs update for TLS_method() support beyond TLS1_3_VERSION.
+#endif
+
+/* Must be in order high to low */
+static const version_info tls_version_table[] = {
+#ifndef OPENSSL_NO_TLS1_3
+    {TLS1_3_VERSION, tlsv1_3_client_method, tlsv1_3_server_method},
+#else
+    {TLS1_3_VERSION, NULL, NULL},
+#endif
+#ifndef OPENSSL_NO_TLS1_2
+    {TLS1_2_VERSION, tlsv1_2_client_method, tlsv1_2_server_method},
+#else
+    {TLS1_2_VERSION, NULL, NULL},
+#endif
+#ifndef OPENSSL_NO_TLS1_1
+    {TLS1_1_VERSION, tlsv1_1_client_method, tlsv1_1_server_method},
+#else
+    {TLS1_1_VERSION, NULL, NULL},
+#endif
+#ifndef OPENSSL_NO_TLS1
+    {TLS1_VERSION, tlsv1_client_method, tlsv1_server_method},
+#else
+    {TLS1_VERSION, NULL, NULL},
+#endif
+#ifndef OPENSSL_NO_SSL3
+    {SSL3_VERSION, sslv3_client_method, sslv3_server_method},
+#else
+    {SSL3_VERSION, NULL, NULL},
+#endif
+    {0, NULL, NULL},
+};
+
+#if DTLS_MAX_VERSION != DTLS1_2_VERSION
+# error Code needs update for DTLS_method() support beyond DTLS1_2_VERSION.
+#endif
+
+/* Must be in order high to low */
+static const version_info dtls_version_table[] = {
+#ifndef OPENSSL_NO_DTLS1_2
+    {DTLS1_2_VERSION, dtlsv1_2_client_method, dtlsv1_2_server_method},
+#else
+    {DTLS1_2_VERSION, NULL, NULL},
+#endif
+#ifndef OPENSSL_NO_DTLS1
+    {DTLS1_VERSION, dtlsv1_client_method, dtlsv1_server_method},
+    {DTLS1_BAD_VER, dtls_bad_ver_client_method, NULL},
+#else
+    {DTLS1_VERSION, NULL, NULL},
+    {DTLS1_BAD_VER, NULL, NULL},
+#endif
+    {0, NULL, NULL},
+};
+
+/*
+ * ssl_method_error - Check whether an SSL_METHOD is enabled.
+ *
+ * @s: The SSL handle for the candidate method
+ * @method: the intended method.
+ *
+ * Returns 0 on success, or an SSL error reason on failure.
+ */
+static int ssl_method_error(const SSL *s, const SSL_METHOD *method)
+{
+    int version = method->version;
+
+    if ((s->min_proto_version != 0 &&
+         version_cmp(s, version, s->min_proto_version) < 0) ||
+        ssl_security(s, SSL_SECOP_VERSION, 0, version, NULL) == 0)
+        return SSL_R_VERSION_TOO_LOW;
+
+    if (s->max_proto_version != 0 &&
+        version_cmp(s, version, s->max_proto_version) > 0)
+        return SSL_R_VERSION_TOO_HIGH;
+
+    if ((s->options & method->mask) != 0)
+        return SSL_R_UNSUPPORTED_PROTOCOL;
+    if ((method->flags & SSL_METHOD_NO_SUITEB) != 0 && tls1_suiteb(s))
+        return SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE;
+
+    return 0;
+}
+
+/*
+ * Only called by servers. Returns 1 if the server has a TLSv1.3 capable
+ * certificate type, or has PSK or a certificate callback configured. Otherwise
+ * returns 0.
+ */
+static int is_tls13_capable(const SSL *s)
+{
+    int i;
+#ifndef OPENSSL_NO_EC
+    int curve;
+    EC_KEY *eckey;
+#endif
+
+#ifndef OPENSSL_NO_PSK
+    if (s->psk_server_callback != NULL)
+        return 1;
+#endif
+
+    if (s->psk_find_session_cb != NULL || s->cert->cert_cb != NULL)
+        return 1;
+
+    for (i = 0; i < SSL_PKEY_NUM; i++) {
+        /* Skip over certs disallowed for TLSv1.3 */
+        switch (i) {
+        case SSL_PKEY_DSA_SIGN:
+        case SSL_PKEY_GOST01:
+        case SSL_PKEY_GOST12_256:
+        case SSL_PKEY_GOST12_512:
+            continue;
+        default:
+            break;
+        }
+        if (!ssl_has_cert(s, i))
+            continue;
+#ifndef OPENSSL_NO_EC
+        if (i != SSL_PKEY_ECC)
+            return 1;
+        /*
+         * Prior to TLSv1.3 sig algs allowed any curve to be used. TLSv1.3 is
+         * more restrictive so check that our sig algs are consistent with this
+         * EC cert. See section 4.2.3 of RFC8446.
+         */
+        eckey = EVP_PKEY_get0_EC_KEY(s->cert->pkeys[SSL_PKEY_ECC].privatekey);
+        if (eckey == NULL)
+            continue;
+        curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(eckey));
+        if (tls_check_sigalg_curve(s, curve))
+            return 1;
+#else
+        return 1;
+#endif
+    }
+
+    return 0;
+}
+
+/*
+ * ssl_version_supported - Check that the specified `version` is supported by
+ * `SSL *` instance
+ *
+ * @s: The SSL handle for the candidate method
+ * @version: Protocol version to test against
+ *
+ * Returns 1 when supported, otherwise 0
+ */
+int ssl_version_supported(const SSL *s, int version, const SSL_METHOD **meth)
+{
+    const version_info *vent;
+    const version_info *table;
+
+    switch (s->method->version) {
+    default:
+        /* Version should match method version for non-ANY method */
+        return version_cmp(s, version, s->version) == 0;
+    case TLS_ANY_VERSION:
+        table = tls_version_table;
+        break;
+    case DTLS_ANY_VERSION:
+        table = dtls_version_table;
+        break;
+    }
+
+    for (vent = table;
+         vent->version != 0 && version_cmp(s, version, vent->version) <= 0;
+         ++vent) {
+        if (vent->cmeth != NULL
+                && version_cmp(s, version, vent->version) == 0
+                && ssl_method_error(s, vent->cmeth()) == 0
+                && (!s->server
+                    || version != TLS1_3_VERSION
+                    || is_tls13_capable(s))) {
+            if (meth != NULL)
+                *meth = vent->cmeth();
+            return 1;
+        }
+    }
+    return 0;
+}
+
+/*
+ * ssl_check_version_downgrade - In response to RFC7507 SCSV version
+ * fallback indication from a client check whether we're using the highest
+ * supported protocol version.
+ *
+ * @s server SSL handle.
+ *
+ * Returns 1 when using the highest enabled version, 0 otherwise.
+ */
+int ssl_check_version_downgrade(SSL *s)
+{
+    const version_info *vent;
+    const version_info *table;
+
+    /*
+     * Check that the current protocol is the highest enabled version
+     * (according to s->ctx->method, as version negotiation may have changed
+     * s->method).
+     */
+    if (s->version == s->ctx->method->version)
+        return 1;
+
+    /*
+     * Apparently we're using a version-flexible SSL_METHOD (not at its
+     * highest protocol version).
+     */
+    if (s->ctx->method->version == TLS_method()->version)
+        table = tls_version_table;
+    else if (s->ctx->method->version == DTLS_method()->version)
+        table = dtls_version_table;
+    else {
+        /* Unexpected state; fail closed. */
+        return 0;
+    }
+
+    for (vent = table; vent->version != 0; ++vent) {
+        if (vent->smeth != NULL && ssl_method_error(s, vent->smeth()) == 0)
+            return s->version == vent->version;
+    }
+    return 0;
+}
+
+/*
+ * ssl_set_version_bound - set an upper or lower bound on the supported (D)TLS
+ * protocols, provided the initial (D)TLS method is version-flexible.  This
+ * function sanity-checks the proposed value and makes sure the method is
+ * version-flexible, then sets the limit if all is well.
+ *
+ * @method_version: The version of the current SSL_METHOD.
+ * @version: the intended limit.
+ * @bound: pointer to limit to be updated.
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int ssl_set_version_bound(int method_version, int version, int *bound)
+{
+    if (version == 0) {
+        *bound = version;
+        return 1;
+    }
+
+    /*-
+     * Restrict TLS methods to TLS protocol versions.
+     * Restrict DTLS methods to DTLS protocol versions.
+     * Note, DTLS version numbers are decreasing, use comparison macros.
+     *
+     * Note that for both lower-bounds we use explicit versions, not
+     * (D)TLS_MIN_VERSION.  This is because we don't want to break user
+     * configurations.  If the MIN (supported) version ever rises, the user's
+     * "floor" remains valid even if no longer available.  We don't expect the
+     * MAX ceiling to ever get lower, so making that variable makes sense.
+     */
+    switch (method_version) {
+    default:
+        /*
+         * XXX For fixed version methods, should we always fail and not set any
+         * bounds, always succeed and not set any bounds, or set the bounds and
+         * arrange to fail later if they are not met?  At present fixed-version
+         * methods are not subject to controls that disable individual protocol
+         * versions.
+         */
+        return 0;
+
+    case TLS_ANY_VERSION:
+        if (version < SSL3_VERSION || version > TLS_MAX_VERSION)
+            return 0;
+        break;
+
+    case DTLS_ANY_VERSION:
+        if (DTLS_VERSION_GT(version, DTLS_MAX_VERSION) ||
+            DTLS_VERSION_LT(version, DTLS1_BAD_VER))
+            return 0;
+        break;
+    }
+
+    *bound = version;
+    return 1;
+}
+
+static void check_for_downgrade(SSL *s, int vers, DOWNGRADE *dgrd)
+{
+    if (vers == TLS1_2_VERSION
+            && ssl_version_supported(s, TLS1_3_VERSION, NULL)) {
+        *dgrd = DOWNGRADE_TO_1_2;
+    } else if (!SSL_IS_DTLS(s)
+            && vers < TLS1_2_VERSION
+               /*
+                * We need to ensure that a server that disables TLSv1.2
+                * (creating a hole between TLSv1.3 and TLSv1.1) can still
+                * complete handshakes with clients that support TLSv1.2 and
+                * below. Therefore we do not enable the sentinel if TLSv1.3 is
+                * enabled and TLSv1.2 is not.
+                */
+            && ssl_version_supported(s, TLS1_2_VERSION, NULL)) {
+        *dgrd = DOWNGRADE_TO_1_1;
+    } else {
+        *dgrd = DOWNGRADE_NONE;
+    }
+}
+
+/*
+ * ssl_choose_server_version - Choose server (D)TLS version.  Called when the
+ * client HELLO is received to select the final server protocol version and
+ * the version specific method.
+ *
+ * @s: server SSL handle.
+ *
+ * Returns 0 on success or an SSL error reason number on failure.
+ */
+int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
+{
+    /*-
+     * With version-flexible methods we have an initial state with:
+     *
+     *   s->method->version == (D)TLS_ANY_VERSION,
+     *   s->version == (D)TLS_MAX_VERSION.
+     *
+     * So we detect version-flexible methods via the method version, not the
+     * handle version.
+     */
+    int server_version = s->method->version;
+    int client_version = hello->legacy_version;
+    const version_info *vent;
+    const version_info *table;
+    int disabled = 0;
+    RAW_EXTENSION *suppversions;
+
+    s->client_version = client_version;
+
+    switch (server_version) {
+    default:
+        if (!SSL_IS_TLS13(s)) {
+            if (version_cmp(s, client_version, s->version) < 0)
+                return SSL_R_WRONG_SSL_VERSION;
+            *dgrd = DOWNGRADE_NONE;
+            /*
+             * If this SSL handle is not from a version flexible method we don't
+             * (and never did) check min/max FIPS or Suite B constraints.  Hope
+             * that's OK.  It is up to the caller to not choose fixed protocol
+             * versions they don't want.  If not, then easy to fix, just return
+             * ssl_method_error(s, s->method)
+             */
+            return 0;
+        }
+        /*
+         * Fall through if we are TLSv1.3 already (this means we must be after
+         * a HelloRetryRequest
+         */
+        /* fall thru */
+    case TLS_ANY_VERSION:
+        table = tls_version_table;
+        break;
+    case DTLS_ANY_VERSION:
+        table = dtls_version_table;
+        break;
+    }
+
+    suppversions = &hello->pre_proc_exts[TLSEXT_IDX_supported_versions];
+
+    /* If we did an HRR then supported versions is mandatory */
+    if (!suppversions->present && s->hello_retry_request != SSL_HRR_NONE)
+        return SSL_R_UNSUPPORTED_PROTOCOL;
+
+    if (suppversions->present && !SSL_IS_DTLS(s)) {
+        unsigned int candidate_vers = 0;
+        unsigned int best_vers = 0;
+        const SSL_METHOD *best_method = NULL;
+        PACKET versionslist;
+
+        suppversions->parsed = 1;
+
+        if (!PACKET_as_length_prefixed_1(&suppversions->data, &versionslist)) {
+            /* Trailing or invalid data? */
+            return SSL_R_LENGTH_MISMATCH;
+        }
+
+        /*
+         * The TLSv1.3 spec says the client MUST set this to TLS1_2_VERSION.
+         * The spec only requires servers to check that it isn't SSLv3:
+         * "Any endpoint receiving a Hello message with
+         * ClientHello.legacy_version or ServerHello.legacy_version set to
+         * 0x0300 MUST abort the handshake with a "protocol_version" alert."
+         * We are slightly stricter and require that it isn't SSLv3 or lower.
+         * We tolerate TLSv1 and TLSv1.1.
+         */
+        if (client_version <= SSL3_VERSION)
+            return SSL_R_BAD_LEGACY_VERSION;
+
+        while (PACKET_get_net_2(&versionslist, &candidate_vers)) {
+            if (version_cmp(s, candidate_vers, best_vers) <= 0)
+                continue;
+            if (ssl_version_supported(s, candidate_vers, &best_method))
+                best_vers = candidate_vers;
+        }
+        if (PACKET_remaining(&versionslist) != 0) {
+            /* Trailing data? */
+            return SSL_R_LENGTH_MISMATCH;
+        }
+
+        if (best_vers > 0) {
+            if (s->hello_retry_request != SSL_HRR_NONE) {
+                /*
+                 * This is after a HelloRetryRequest so we better check that we
+                 * negotiated TLSv1.3
+                 */
+                if (best_vers != TLS1_3_VERSION)
+                    return SSL_R_UNSUPPORTED_PROTOCOL;
+                return 0;
+            }
+            check_for_downgrade(s, best_vers, dgrd);
+            s->version = best_vers;
+            s->method = best_method;
+            return 0;
+        }
+        return SSL_R_UNSUPPORTED_PROTOCOL;
+    }
+
+    /*
+     * If the supported versions extension isn't present, then the highest
+     * version we can negotiate is TLSv1.2
+     */
+    if (version_cmp(s, client_version, TLS1_3_VERSION) >= 0)
+        client_version = TLS1_2_VERSION;
+
+    /*
+     * No supported versions extension, so we just use the version supplied in
+     * the ClientHello.
+     */
+    for (vent = table; vent->version != 0; ++vent) {
+        const SSL_METHOD *method;
+
+        if (vent->smeth == NULL ||
+            version_cmp(s, client_version, vent->version) < 0)
+            continue;
+        method = vent->smeth();
+        if (ssl_method_error(s, method) == 0) {
+            check_for_downgrade(s, vent->version, dgrd);
+            s->version = vent->version;
+            s->method = method;
+            return 0;
+        }
+        disabled = 1;
+    }
+    return disabled ? SSL_R_UNSUPPORTED_PROTOCOL : SSL_R_VERSION_TOO_LOW;
+}
+
+/*
+ * ssl_choose_client_version - Choose client (D)TLS version.  Called when the
+ * server HELLO is received to select the final client protocol version and
+ * the version specific method.
+ *
+ * @s: client SSL handle.
+ * @version: The proposed version from the server's HELLO.
+ * @extensions: The extensions received
+ *
+ * Returns 1 on success or 0 on error.
+ */
+int ssl_choose_client_version(SSL *s, int version, RAW_EXTENSION *extensions)
+{
+    const version_info *vent;
+    const version_info *table;
+    int ret, ver_min, ver_max, real_max, origv;
+
+    origv = s->version;
+    s->version = version;
+
+    /* This will overwrite s->version if the extension is present */
+    if (!tls_parse_extension(s, TLSEXT_IDX_supported_versions,
+                             SSL_EXT_TLS1_2_SERVER_HELLO
+                             | SSL_EXT_TLS1_3_SERVER_HELLO, extensions,
+                             NULL, 0)) {
+        s->version = origv;
+        return 0;
+    }
+
+    if (s->hello_retry_request != SSL_HRR_NONE
+            && s->version != TLS1_3_VERSION) {
+        s->version = origv;
+        SSLfatal(s, SSL_AD_PROTOCOL_VERSION, SSL_F_SSL_CHOOSE_CLIENT_VERSION,
+                 SSL_R_WRONG_SSL_VERSION);
+        return 0;
+    }
+
+    switch (s->method->version) {
+    default:
+        if (s->version != s->method->version) {
+            s->version = origv;
+            SSLfatal(s, SSL_AD_PROTOCOL_VERSION,
+                     SSL_F_SSL_CHOOSE_CLIENT_VERSION,
+                     SSL_R_WRONG_SSL_VERSION);
+            return 0;
+        }
+        /*
+         * If this SSL handle is not from a version flexible method we don't
+         * (and never did) check min/max, FIPS or Suite B constraints.  Hope
+         * that's OK.  It is up to the caller to not choose fixed protocol
+         * versions they don't want.  If not, then easy to fix, just return
+         * ssl_method_error(s, s->method)
+         */
+        return 1;
+    case TLS_ANY_VERSION:
+        table = tls_version_table;
+        break;
+    case DTLS_ANY_VERSION:
+        table = dtls_version_table;
+        break;
+    }
+
+    ret = ssl_get_min_max_version(s, &ver_min, &ver_max, &real_max);
+    if (ret != 0) {
+        s->version = origv;
+        SSLfatal(s, SSL_AD_PROTOCOL_VERSION,
+                 SSL_F_SSL_CHOOSE_CLIENT_VERSION, ret);
+        return 0;
+    }
+    if (SSL_IS_DTLS(s) ? DTLS_VERSION_LT(s->version, ver_min)
+                       : s->version < ver_min) {
+        s->version = origv;
+        SSLfatal(s, SSL_AD_PROTOCOL_VERSION,
+                 SSL_F_SSL_CHOOSE_CLIENT_VERSION, SSL_R_UNSUPPORTED_PROTOCOL);
+        return 0;
+    } else if (SSL_IS_DTLS(s) ? DTLS_VERSION_GT(s->version, ver_max)
+                              : s->version > ver_max) {
+        s->version = origv;
+        SSLfatal(s, SSL_AD_PROTOCOL_VERSION,
+                 SSL_F_SSL_CHOOSE_CLIENT_VERSION, SSL_R_UNSUPPORTED_PROTOCOL);
+        return 0;
+    }
+
+    if ((s->mode & SSL_MODE_SEND_FALLBACK_SCSV) == 0)
+        real_max = ver_max;
+
+    /* Check for downgrades */
+    if (s->version == TLS1_2_VERSION && real_max > s->version) {
+        if (memcmp(tls12downgrade,
+                   s->s3->server_random + SSL3_RANDOM_SIZE
+                                        - sizeof(tls12downgrade),
+                   sizeof(tls12downgrade)) == 0) {
+            s->version = origv;
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                     SSL_F_SSL_CHOOSE_CLIENT_VERSION,
+                     SSL_R_INAPPROPRIATE_FALLBACK);
+            return 0;
+        }
+    } else if (!SSL_IS_DTLS(s)
+               && s->version < TLS1_2_VERSION
+               && real_max > s->version) {
+        if (memcmp(tls11downgrade,
+                   s->s3->server_random + SSL3_RANDOM_SIZE
+                                        - sizeof(tls11downgrade),
+                   sizeof(tls11downgrade)) == 0) {
+            s->version = origv;
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                     SSL_F_SSL_CHOOSE_CLIENT_VERSION,
+                     SSL_R_INAPPROPRIATE_FALLBACK);
+            return 0;
+        }
+    }
+
+    for (vent = table; vent->version != 0; ++vent) {
+        if (vent->cmeth == NULL || s->version != vent->version)
+            continue;
+
+        s->method = vent->cmeth();
+        return 1;
+    }
+
+    s->version = origv;
+    SSLfatal(s, SSL_AD_PROTOCOL_VERSION, SSL_F_SSL_CHOOSE_CLIENT_VERSION,
+             SSL_R_UNSUPPORTED_PROTOCOL);
+    return 0;
+}
+
+/*
+ * ssl_get_min_max_version - get minimum and maximum protocol version
+ * @s: The SSL connection
+ * @min_version: The minimum supported version
+ * @max_version: The maximum supported version
+ * @real_max:    The highest version below the lowest compile time version hole
+ *               where that hole lies above at least one run-time enabled
+ *               protocol.
+ *
+ * Work out what version we should be using for the initial ClientHello if the
+ * version is initially (D)TLS_ANY_VERSION.  We apply any explicit SSL_OP_NO_xxx
+ * options, the MinProtocol and MaxProtocol configuration commands, any Suite B
+ * constraints and any floor imposed by the security level here,
+ * so we don't advertise the wrong protocol version to only reject the outcome later.
+ *
+ * Computing the right floor matters.  If, e.g., TLS 1.0 and 1.2 are enabled,
+ * TLS 1.1 is disabled, but the security level, Suite-B  and/or MinProtocol
+ * only allow TLS 1.2, we want to advertise TLS1.2, *not* TLS1.
+ *
+ * Returns 0 on success or an SSL error reason number on failure.  On failure
+ * min_version and max_version will also be set to 0.
+ */
+int ssl_get_min_max_version(const SSL *s, int *min_version, int *max_version,
+                            int *real_max)
+{
+    int version, tmp_real_max;
+    int hole;
+    const SSL_METHOD *single = NULL;
+    const SSL_METHOD *method;
+    const version_info *table;
+    const version_info *vent;
+
+    switch (s->method->version) {
+    default:
+        /*
+         * If this SSL handle is not from a version flexible method we don't
+         * (and never did) check min/max FIPS or Suite B constraints.  Hope
+         * that's OK.  It is up to the caller to not choose fixed protocol
+         * versions they don't want.  If not, then easy to fix, just return
+         * ssl_method_error(s, s->method)
+         */
+        *min_version = *max_version = s->version;
+        /*
+         * Providing a real_max only makes sense where we're using a version
+         * flexible method.
+         */
+        if (!ossl_assert(real_max == NULL))
+            return ERR_R_INTERNAL_ERROR;
+        return 0;
+    case TLS_ANY_VERSION:
+        table = tls_version_table;
+        break;
+    case DTLS_ANY_VERSION:
+        table = dtls_version_table;
+        break;
+    }
+
+    /*
+     * SSL_OP_NO_X disables all protocols above X *if* there are some protocols
+     * below X enabled. This is required in order to maintain the "version
+     * capability" vector contiguous. Any versions with a NULL client method
+     * (protocol version client is disabled at compile-time) is also a "hole".
+     *
+     * Our initial state is hole == 1, version == 0.  That is, versions above
+     * the first version in the method table are disabled (a "hole" above
+     * the valid protocol entries) and we don't have a selected version yet.
+     *
+     * Whenever "hole == 1", and we hit an enabled method, its version becomes
+     * the selected version, and the method becomes a candidate "single"
+     * method.  We're no longer in a hole, so "hole" becomes 0.
+     *
+     * If "hole == 0" and we hit an enabled method, then "single" is cleared,
+     * as we support a contiguous range of at least two methods.  If we hit
+     * a disabled method, then hole becomes true again, but nothing else
+     * changes yet, because all the remaining methods may be disabled too.
+     * If we again hit an enabled method after the new hole, it becomes
+     * selected, as we start from scratch.
+     */
+    *min_version = version = 0;
+    hole = 1;
+    if (real_max != NULL)
+        *real_max = 0;
+    tmp_real_max = 0;
+    for (vent = table; vent->version != 0; ++vent) {
+        /*
+         * A table entry with a NULL client method is still a hole in the
+         * "version capability" vector.
+         */
+        if (vent->cmeth == NULL) {
+            hole = 1;
+            tmp_real_max = 0;
+            continue;
+        }
+        method = vent->cmeth();
+
+        if (hole == 1 && tmp_real_max == 0)
+            tmp_real_max = vent->version;
+
+        if (ssl_method_error(s, method) != 0) {
+            hole = 1;
+        } else if (!hole) {
+            single = NULL;
+            *min_version = method->version;
+        } else {
+            if (real_max != NULL && tmp_real_max != 0)
+                *real_max = tmp_real_max;
+            version = (single = method)->version;
+            *min_version = version;
+            hole = 0;
+        }
+    }
+
+    *max_version = version;
+
+    /* Fail if everything is disabled */
+    if (version == 0)
+        return SSL_R_NO_PROTOCOLS_AVAILABLE;
+
+    return 0;
+}
+
+/*
+ * ssl_set_client_hello_version - Work out what version we should be using for
+ * the initial ClientHello.legacy_version field.
+ *
+ * @s: client SSL handle.
+ *
+ * Returns 0 on success or an SSL error reason number on failure.
+ */
+int ssl_set_client_hello_version(SSL *s)
+{
+    int ver_min, ver_max, ret;
+
+    /*
+     * In a renegotiation we always send the same client_version that we sent
+     * last time, regardless of which version we eventually negotiated.
+     */
+    if (!SSL_IS_FIRST_HANDSHAKE(s))
+        return 0;
+
+    ret = ssl_get_min_max_version(s, &ver_min, &ver_max, NULL);
+
+    if (ret != 0)
+        return ret;
+
+    s->version = ver_max;
+
+    /* TLS1.3 always uses TLS1.2 in the legacy_version field */
+    if (!SSL_IS_DTLS(s) && ver_max > TLS1_2_VERSION)
+        ver_max = TLS1_2_VERSION;
+
+    s->client_version = ver_max;
+    return 0;
+}
+
+/*
+ * Checks a list of |groups| to determine if the |group_id| is in it. If it is
+ * and |checkallow| is 1 then additionally check if the group is allowed to be
+ * used. Returns 1 if the group is in the list (and allowed if |checkallow| is
+ * 1) or 0 otherwise.
+ */
+#ifndef OPENSSL_NO_EC
+int check_in_list(SSL *s, uint16_t group_id, const uint16_t *groups,
+                  size_t num_groups, int checkallow)
+{
+    size_t i;
+
+    if (groups == NULL || num_groups == 0)
+        return 0;
+
+    for (i = 0; i < num_groups; i++) {
+        uint16_t group = groups[i];
+
+        if (group_id == group
+                && (!checkallow
+                    || tls_curve_allowed(s, group, SSL_SECOP_CURVE_CHECK))) {
+            return 1;
+        }
+    }
+
+    return 0;
+}
+#endif
+
+/* Replace ClientHello1 in the transcript hash with a synthetic message */
+int create_synthetic_message_hash(SSL *s, const unsigned char *hashval,
+                                  size_t hashlen, const unsigned char *hrr,
+                                  size_t hrrlen)
+{
+    unsigned char hashvaltmp[EVP_MAX_MD_SIZE];
+    unsigned char msghdr[SSL3_HM_HEADER_LENGTH];
+
+    memset(msghdr, 0, sizeof(msghdr));
+
+    if (hashval == NULL) {
+        hashval = hashvaltmp;
+        hashlen = 0;
+        /* Get the hash of the initial ClientHello */
+        if (!ssl3_digest_cached_records(s, 0)
+                || !ssl_handshake_hash(s, hashvaltmp, sizeof(hashvaltmp),
+                                       &hashlen)) {
+            /* SSLfatal() already called */
+            return 0;
+        }
+    }
+
+    /* Reinitialise the transcript hash */
+    if (!ssl3_init_finished_mac(s)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    /* Inject the synthetic message_hash message */
+    msghdr[0] = SSL3_MT_MESSAGE_HASH;
+    msghdr[SSL3_HM_HEADER_LENGTH - 1] = (unsigned char)hashlen;
+    if (!ssl3_finish_mac(s, msghdr, SSL3_HM_HEADER_LENGTH)
+            || !ssl3_finish_mac(s, hashval, hashlen)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    /*
+     * Now re-inject the HRR and current message if appropriate (we just deleted
+     * it when we reinitialised the transcript hash above). Only necessary after
+     * receiving a ClientHello2 with a cookie.
+     */
+    if (hrr != NULL
+            && (!ssl3_finish_mac(s, hrr, hrrlen)
+                || !ssl3_finish_mac(s, (unsigned char *)s->init_buf->data,
+                                    s->s3->tmp.message_size
+                                    + SSL3_HM_HEADER_LENGTH))) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    return 1;
+}
+
+static int ca_dn_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
+{
+    return X509_NAME_cmp(*a, *b);
+}
+
+int parse_ca_names(SSL *s, PACKET *pkt)
+{
+    STACK_OF(X509_NAME) *ca_sk = sk_X509_NAME_new(ca_dn_cmp);
+    X509_NAME *xn = NULL;
+    PACKET cadns;
+
+    if (ca_sk == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_PARSE_CA_NAMES,
+                 ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    /* get the CA RDNs */
+    if (!PACKET_get_length_prefixed_2(pkt, &cadns)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,SSL_F_PARSE_CA_NAMES,
+                 SSL_R_LENGTH_MISMATCH);
+        goto err;
+    }
+
+    while (PACKET_remaining(&cadns)) {
+        const unsigned char *namestart, *namebytes;
+        unsigned int name_len;
+
+        if (!PACKET_get_net_2(&cadns, &name_len)
+            || !PACKET_get_bytes(&cadns, &namebytes, name_len)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_PARSE_CA_NAMES,
+                     SSL_R_LENGTH_MISMATCH);
+            goto err;
+        }
+
+        namestart = namebytes;
+        if ((xn = d2i_X509_NAME(NULL, &namebytes, name_len)) == NULL) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_PARSE_CA_NAMES,
+                     ERR_R_ASN1_LIB);
+            goto err;
+        }
+        if (namebytes != (namestart + name_len)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_PARSE_CA_NAMES,
+                     SSL_R_CA_DN_LENGTH_MISMATCH);
+            goto err;
+        }
+
+        if (!sk_X509_NAME_push(ca_sk, xn)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_PARSE_CA_NAMES,
+                     ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        xn = NULL;
+    }
+
+    sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
+    s->s3->tmp.peer_ca_names = ca_sk;
+
+    return 1;
+
+ err:
+    sk_X509_NAME_pop_free(ca_sk, X509_NAME_free);
+    X509_NAME_free(xn);
+    return 0;
+}
+
+const STACK_OF(X509_NAME) *get_ca_names(SSL *s)
+{
+    const STACK_OF(X509_NAME) *ca_sk = NULL;;
+
+    if (s->server) {
+        ca_sk = SSL_get_client_CA_list(s);
+        if (ca_sk != NULL && sk_X509_NAME_num(ca_sk) == 0)
+            ca_sk = NULL;
+    }
+
+    if (ca_sk == NULL)
+        ca_sk = SSL_get0_CA_list(s);
+
+    return ca_sk;
+}
+
+int construct_ca_names(SSL *s, const STACK_OF(X509_NAME) *ca_sk, WPACKET *pkt)
+{
+    /* Start sub-packet for client CA list */
+    if (!WPACKET_start_sub_packet_u16(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_CA_NAMES,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    if (ca_sk != NULL) {
+        int i;
+
+        for (i = 0; i < sk_X509_NAME_num(ca_sk); i++) {
+            unsigned char *namebytes;
+            X509_NAME *name = sk_X509_NAME_value(ca_sk, i);
+            int namelen;
+
+            if (name == NULL
+                    || (namelen = i2d_X509_NAME(name, NULL)) < 0
+                    || !WPACKET_sub_allocate_bytes_u16(pkt, namelen,
+                                                       &namebytes)
+                    || i2d_X509_NAME(name, &namebytes) != namelen) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_CA_NAMES,
+                         ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+        }
+    }
+
+    if (!WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_CA_NAMES,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    return 1;
+}
+
+/* Create a buffer containing data to be signed for server key exchange */
+size_t construct_key_exchange_tbs(SSL *s, unsigned char **ptbs,
+                                  const void *param, size_t paramlen)
+{
+    size_t tbslen = 2 * SSL3_RANDOM_SIZE + paramlen;
+    unsigned char *tbs = OPENSSL_malloc(tbslen);
+
+    if (tbs == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_KEY_EXCHANGE_TBS,
+                 ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    memcpy(tbs, s->s3->client_random, SSL3_RANDOM_SIZE);
+    memcpy(tbs + SSL3_RANDOM_SIZE, s->s3->server_random, SSL3_RANDOM_SIZE);
+
+    memcpy(tbs + SSL3_RANDOM_SIZE * 2, param, paramlen);
+
+    *ptbs = tbs;
+    return tbslen;
+}
+
+/*
+ * Saves the current handshake digest for Post-Handshake Auth,
+ * Done after ClientFinished is processed, done exactly once
+ */
+int tls13_save_handshake_digest_for_pha(SSL *s)
+{
+    if (s->pha_dgst == NULL) {
+        if (!ssl3_digest_cached_records(s, 1))
+            /* SSLfatal() already called */
+            return 0;
+
+        s->pha_dgst = EVP_MD_CTX_new();
+        if (s->pha_dgst == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS13_SAVE_HANDSHAKE_DIGEST_FOR_PHA,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+        if (!EVP_MD_CTX_copy_ex(s->pha_dgst,
+                                s->s3->handshake_dgst)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS13_SAVE_HANDSHAKE_DIGEST_FOR_PHA,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+    }
+    return 1;
+}
+
+/*
+ * Restores the Post-Handshake Auth handshake digest
+ * Done just before sending/processing the Cert Request
+ */
+int tls13_restore_handshake_digest_for_pha(SSL *s)
+{
+    if (s->pha_dgst == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS13_RESTORE_HANDSHAKE_DIGEST_FOR_PHA,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    if (!EVP_MD_CTX_copy_ex(s->s3->handshake_dgst,
+                            s->pha_dgst)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS13_RESTORE_HANDSHAKE_DIGEST_FOR_PHA,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    return 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/statem/statem_locl.h b/trunk/3rdparty/openssl-1.1-fit/ssl/statem/statem_locl.h
new file mode 100644
index 000000000..e27c0c13a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/statem/statem_locl.h
@@ -0,0 +1,420 @@
+/*
+ * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*****************************************************************************
+ *                                                                           *
+ * The following definitions are PRIVATE to the state machine. They should   *
+ * NOT be used outside of the state machine.                                 *
+ *                                                                           *
+ *****************************************************************************/
+
+/* Max message length definitions */
+
+/* The spec allows for a longer length than this, but we limit it */
+#define HELLO_VERIFY_REQUEST_MAX_LENGTH 258
+#define END_OF_EARLY_DATA_MAX_LENGTH    0
+#define SERVER_HELLO_MAX_LENGTH         20000
+#define HELLO_RETRY_REQUEST_MAX_LENGTH  20000
+#define ENCRYPTED_EXTENSIONS_MAX_LENGTH 20000
+#define SERVER_KEY_EXCH_MAX_LENGTH      102400
+#define SERVER_HELLO_DONE_MAX_LENGTH    0
+#define KEY_UPDATE_MAX_LENGTH           1
+#define CCS_MAX_LENGTH                  1
+/* Max should actually be 36 but we are generous */
+#define FINISHED_MAX_LENGTH             64
+
+/* Dummy message type */
+#define SSL3_MT_DUMMY   -1
+
+extern const unsigned char hrrrandom[];
+
+/* Message processing return codes */
+typedef enum {
+    /* Something bad happened */
+    MSG_PROCESS_ERROR,
+    /* We've finished reading - swap to writing */
+    MSG_PROCESS_FINISHED_READING,
+    /*
+     * We've completed the main processing of this message but there is some
+     * post processing to be done.
+     */
+    MSG_PROCESS_CONTINUE_PROCESSING,
+    /* We've finished this message - read the next message */
+    MSG_PROCESS_CONTINUE_READING
+} MSG_PROCESS_RETURN;
+
+typedef int (*confunc_f) (SSL *s, WPACKET *pkt);
+
+int ssl3_take_mac(SSL *s);
+int check_in_list(SSL *s, uint16_t group_id, const uint16_t *groups,
+                  size_t num_groups, int checkallow);
+int create_synthetic_message_hash(SSL *s, const unsigned char *hashval,
+                                  size_t hashlen, const unsigned char *hrr,
+                                  size_t hrrlen);
+int parse_ca_names(SSL *s, PACKET *pkt);
+const STACK_OF(X509_NAME) *get_ca_names(SSL *s);
+int construct_ca_names(SSL *s, const STACK_OF(X509_NAME) *ca_sk, WPACKET *pkt);
+size_t construct_key_exchange_tbs(SSL *s, unsigned char **ptbs,
+                                  const void *param, size_t paramlen);
+
+/*
+ * TLS/DTLS client state machine functions
+ */
+int ossl_statem_client_read_transition(SSL *s, int mt);
+WRITE_TRAN ossl_statem_client_write_transition(SSL *s);
+WORK_STATE ossl_statem_client_pre_work(SSL *s, WORK_STATE wst);
+WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst);
+int ossl_statem_client_construct_message(SSL *s, WPACKET *pkt,
+                                         confunc_f *confunc, int *mt);
+size_t ossl_statem_client_max_message_size(SSL *s);
+MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL *s, PACKET *pkt);
+WORK_STATE ossl_statem_client_post_process_message(SSL *s, WORK_STATE wst);
+
+/*
+ * TLS/DTLS server state machine functions
+ */
+int ossl_statem_server_read_transition(SSL *s, int mt);
+WRITE_TRAN ossl_statem_server_write_transition(SSL *s);
+WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst);
+WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst);
+int ossl_statem_server_construct_message(SSL *s, WPACKET *pkt,
+                                         confunc_f *confunc,int *mt);
+size_t ossl_statem_server_max_message_size(SSL *s);
+MSG_PROCESS_RETURN ossl_statem_server_process_message(SSL *s, PACKET *pkt);
+WORK_STATE ossl_statem_server_post_process_message(SSL *s, WORK_STATE wst);
+
+/* Functions for getting new message data */
+__owur int tls_get_message_header(SSL *s, int *mt);
+__owur int tls_get_message_body(SSL *s, size_t *len);
+__owur int dtls_get_message(SSL *s, int *mt, size_t *len);
+
+/* Message construction and processing functions */
+__owur int tls_process_initial_server_flight(SSL *s);
+__owur MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt);
+__owur MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt);
+__owur int tls_construct_change_cipher_spec(SSL *s, WPACKET *pkt);
+__owur int dtls_construct_change_cipher_spec(SSL *s, WPACKET *pkt);
+
+__owur int tls_construct_finished(SSL *s, WPACKET *pkt);
+__owur int tls_construct_key_update(SSL *s, WPACKET *pkt);
+__owur MSG_PROCESS_RETURN tls_process_key_update(SSL *s, PACKET *pkt);
+__owur WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs,
+                                       int stop);
+__owur WORK_STATE dtls_wait_for_dry(SSL *s);
+
+/* some client-only functions */
+__owur int tls_construct_client_hello(SSL *s, WPACKET *pkt);
+__owur MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt);
+__owur MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt);
+__owur MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt);
+__owur int tls_process_cert_status_body(SSL *s, PACKET *pkt);
+__owur MSG_PROCESS_RETURN tls_process_cert_status(SSL *s, PACKET *pkt);
+__owur MSG_PROCESS_RETURN tls_process_server_done(SSL *s, PACKET *pkt);
+__owur int tls_construct_cert_verify(SSL *s, WPACKET *pkt);
+__owur WORK_STATE tls_prepare_client_certificate(SSL *s, WORK_STATE wst);
+__owur int tls_construct_client_certificate(SSL *s, WPACKET *pkt);
+__owur int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey);
+__owur int tls_construct_client_key_exchange(SSL *s, WPACKET *pkt);
+__owur int tls_client_key_exchange_post_work(SSL *s);
+__owur int tls_construct_cert_status_body(SSL *s, WPACKET *pkt);
+__owur int tls_construct_cert_status(SSL *s, WPACKET *pkt);
+__owur MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt);
+__owur MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt);
+__owur int ssl3_check_cert_and_algorithm(SSL *s);
+#ifndef OPENSSL_NO_NEXTPROTONEG
+__owur int tls_construct_next_proto(SSL *s, WPACKET *pkt);
+#endif
+__owur MSG_PROCESS_RETURN tls_process_hello_req(SSL *s, PACKET *pkt);
+__owur MSG_PROCESS_RETURN dtls_process_hello_verify(SSL *s, PACKET *pkt);
+__owur int tls_construct_end_of_early_data(SSL *s, WPACKET *pkt);
+
+/* some server-only functions */
+__owur MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt);
+__owur WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst);
+__owur int tls_construct_server_hello(SSL *s, WPACKET *pkt);
+__owur int dtls_construct_hello_verify_request(SSL *s, WPACKET *pkt);
+__owur int tls_construct_server_certificate(SSL *s, WPACKET *pkt);
+__owur int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt);
+__owur int tls_construct_certificate_request(SSL *s, WPACKET *pkt);
+__owur int tls_construct_server_done(SSL *s, WPACKET *pkt);
+__owur MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt);
+__owur MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt);
+__owur WORK_STATE tls_post_process_client_key_exchange(SSL *s, WORK_STATE wst);
+__owur MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt);
+#ifndef OPENSSL_NO_NEXTPROTONEG
+__owur MSG_PROCESS_RETURN tls_process_next_proto(SSL *s, PACKET *pkt);
+#endif
+__owur int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt);
+MSG_PROCESS_RETURN tls_process_end_of_early_data(SSL *s, PACKET *pkt);
+
+
+/* Extension processing */
+
+typedef enum ext_return_en {
+    EXT_RETURN_FAIL,
+    EXT_RETURN_SENT,
+    EXT_RETURN_NOT_SENT
+} EXT_RETURN;
+
+__owur int tls_validate_all_contexts(SSL *s, unsigned int thisctx,
+                                     RAW_EXTENSION *exts);
+__owur int extension_is_relevant(SSL *s, unsigned int extctx,
+                                 unsigned int thisctx);
+__owur int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context,
+                                  RAW_EXTENSION **res, size_t *len, int init);
+__owur int tls_parse_extension(SSL *s, TLSEXT_INDEX idx, int context,
+                               RAW_EXTENSION *exts,  X509 *x, size_t chainidx);
+__owur int tls_parse_all_extensions(SSL *s, int context, RAW_EXTENSION *exts,
+                                    X509 *x, size_t chainidx, int fin);
+__owur int should_add_extension(SSL *s, unsigned int extctx,
+                                unsigned int thisctx, int max_version);
+__owur int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context,
+                                    X509 *x, size_t chainidx);
+
+__owur int tls_psk_do_binder(SSL *s, const EVP_MD *md,
+                             const unsigned char *msgstart,
+                             size_t binderoffset, const unsigned char *binderin,
+                             unsigned char *binderout,
+                             SSL_SESSION *sess, int sign, int external);
+
+/* Server Extension processing */
+int tls_parse_ctos_renegotiate(SSL *s, PACKET *pkt, unsigned int context,
+                               X509 *x, size_t chainidx);
+int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, unsigned int context,
+                               X509 *x, size_t chainidx);
+int tls_parse_ctos_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx);
+#ifndef OPENSSL_NO_SRP
+int tls_parse_ctos_srp(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx);
+#endif
+int tls_parse_ctos_early_data(SSL *s, PACKET *pkt, unsigned int context,
+                              X509 *x, size_t chainidx);
+#ifndef OPENSSL_NO_EC
+int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context,
+                                 X509 *x, size_t chainidx);
+int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, unsigned int context,
+                                    X509 *x, size_t chainidxl);
+#endif
+int tls_parse_ctos_session_ticket(SSL *s, PACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx);
+int tls_parse_ctos_sig_algs_cert(SSL *s, PACKET *pkt, unsigned int context,
+                                 X509 *x, size_t chainidx);
+int tls_parse_ctos_sig_algs(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                            size_t chainidx);
+#ifndef OPENSSL_NO_OCSP
+int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx);
+#endif
+#ifndef OPENSSL_NO_NEXTPROTONEG
+int tls_parse_ctos_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx);
+#endif
+int tls_parse_ctos_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                        size_t chainidx);
+#ifndef OPENSSL_NO_SRTP
+int tls_parse_ctos_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                            size_t chainidx);
+#endif
+int tls_parse_ctos_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx);
+int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                             size_t chainidx);
+int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                          size_t chainidx);
+int tls_parse_ctos_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx);
+int tls_parse_ctos_psk_kex_modes(SSL *s, PACKET *pkt, unsigned int context,
+                                 X509 *x, size_t chainidx);
+int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx);
+int tls_parse_ctos_post_handshake_auth(SSL *, PACKET *pkt, unsigned int context,
+                                       X509 *x, size_t chainidx);
+
+EXT_RETURN tls_construct_stoc_renegotiate(SSL *s, WPACKET *pkt,
+                                          unsigned int context, X509 *x,
+                                          size_t chainidx);
+EXT_RETURN tls_construct_stoc_server_name(SSL *s, WPACKET *pkt,
+                                          unsigned int context, X509 *x,
+                                          size_t chainidx);
+EXT_RETURN tls_construct_stoc_early_data(SSL *s, WPACKET *pkt,
+                                         unsigned int context, X509 *x,
+                                         size_t chainidx);
+EXT_RETURN tls_construct_stoc_maxfragmentlen(SSL *s, WPACKET *pkt,
+                                             unsigned int context, X509 *x,
+                                             size_t chainidx);
+#ifndef OPENSSL_NO_EC
+EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt,
+                                            unsigned int context, X509 *x,
+                                            size_t chainidx);
+#endif
+EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt,
+                                               unsigned int context, X509 *x,
+                                               size_t chainidx);
+EXT_RETURN tls_construct_stoc_session_ticket(SSL *s, WPACKET *pkt,
+                                             unsigned int context, X509 *x,
+                                             size_t chainidx);
+#ifndef OPENSSL_NO_OCSP
+EXT_RETURN tls_construct_stoc_status_request(SSL *s, WPACKET *pkt,
+                                             unsigned int context, X509 *x,
+                                             size_t chainidx);
+#endif
+#ifndef OPENSSL_NO_NEXTPROTONEG
+EXT_RETURN tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt,
+                                             unsigned int context, X509 *x,
+                                             size_t chainidx);
+#endif
+EXT_RETURN tls_construct_stoc_alpn(SSL *s, WPACKET *pkt, unsigned int context,
+                                   X509 *x, size_t chainidx);
+#ifndef OPENSSL_NO_SRTP
+EXT_RETURN tls_construct_stoc_use_srtp(SSL *s, WPACKET *pkt, unsigned int context,
+                                X509 *x, size_t chainidx);
+#endif
+EXT_RETURN tls_construct_stoc_etm(SSL *s, WPACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx);
+EXT_RETURN tls_construct_stoc_ems(SSL *s, WPACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx);
+EXT_RETURN tls_construct_stoc_supported_versions(SSL *s, WPACKET *pkt,
+                                                 unsigned int context, X509 *x,
+                                                 size_t chainidx);
+EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt,
+                                        unsigned int context, X509 *x,
+                                        size_t chainidx);
+EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context,
+                                     X509 *x, size_t chainidx);
+/*
+ * Not in public headers as this is not an official extension. Only used when
+ * SSL_OP_CRYPTOPRO_TLSEXT_BUG is set.
+ */
+#define TLSEXT_TYPE_cryptopro_bug      0xfde8
+EXT_RETURN tls_construct_stoc_cryptopro_bug(SSL *s, WPACKET *pkt,
+                                            unsigned int context, X509 *x,
+                                            size_t chainidx);
+EXT_RETURN tls_construct_stoc_psk(SSL *s, WPACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx);
+
+/* Client Extension processing */
+EXT_RETURN tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt, unsigned int context,
+                                   X509 *x, size_t chainidx);
+EXT_RETURN tls_construct_ctos_server_name(SSL *s, WPACKET *pkt, unsigned int context,
+                                   X509 *x, size_t chainidx);
+EXT_RETURN tls_construct_ctos_maxfragmentlen(SSL *s, WPACKET *pkt, unsigned int context,
+                                             X509 *x, size_t chainidx);
+#ifndef OPENSSL_NO_SRP
+EXT_RETURN tls_construct_ctos_srp(SSL *s, WPACKET *pkt, unsigned int context, X509 *x,
+                           size_t chainidx);
+#endif
+#ifndef OPENSSL_NO_EC
+EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt,
+                                            unsigned int context, X509 *x,
+                                            size_t chainidx);
+EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt,
+                                               unsigned int context, X509 *x,
+                                               size_t chainidx);
+#endif
+EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt,
+                                         unsigned int context, X509 *x,
+                                         size_t chainidx);
+EXT_RETURN tls_construct_ctos_session_ticket(SSL *s, WPACKET *pkt,
+                                             unsigned int context, X509 *x,
+                                             size_t chainidx);
+EXT_RETURN tls_construct_ctos_sig_algs(SSL *s, WPACKET *pkt,
+                                       unsigned int context, X509 *x,
+                                       size_t chainidx);
+#ifndef OPENSSL_NO_OCSP
+EXT_RETURN tls_construct_ctos_status_request(SSL *s, WPACKET *pkt,
+                                             unsigned int context, X509 *x,
+                                             size_t chainidx);
+#endif
+#ifndef OPENSSL_NO_NEXTPROTONEG
+EXT_RETURN tls_construct_ctos_npn(SSL *s, WPACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx);
+#endif
+EXT_RETURN tls_construct_ctos_alpn(SSL *s, WPACKET *pkt, unsigned int context,
+                                   X509 *x, size_t chainidx);
+#ifndef OPENSSL_NO_SRTP
+EXT_RETURN tls_construct_ctos_use_srtp(SSL *s, WPACKET *pkt, unsigned int context,
+                                       X509 *x, size_t chainidx);
+#endif
+EXT_RETURN tls_construct_ctos_etm(SSL *s, WPACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx);
+#ifndef OPENSSL_NO_CT
+EXT_RETURN tls_construct_ctos_sct(SSL *s, WPACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx);
+#endif
+EXT_RETURN tls_construct_ctos_ems(SSL *s, WPACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx);
+EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt,
+                                                 unsigned int context, X509 *x,
+                                                 size_t chainidx);
+EXT_RETURN tls_construct_ctos_key_share(SSL *s, WPACKET *pkt,
+                                        unsigned int context, X509 *x,
+                                        size_t chainidx);
+EXT_RETURN tls_construct_ctos_psk_kex_modes(SSL *s, WPACKET *pkt,
+                                            unsigned int context, X509 *x,
+                                            size_t chainidx);
+EXT_RETURN tls_construct_ctos_cookie(SSL *s, WPACKET *pkt, unsigned int context,
+                                     X509 *x, size_t chainidx);
+EXT_RETURN tls_construct_ctos_padding(SSL *s, WPACKET *pkt,
+                                      unsigned int context, X509 *x,
+                                      size_t chainidx);
+EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx);
+EXT_RETURN tls_construct_ctos_post_handshake_auth(SSL *s, WPACKET *pkt, unsigned int context,
+                                                  X509 *x, size_t chainidx);
+
+int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, unsigned int context,
+                               X509 *x, size_t chainidx);
+int tls_parse_stoc_server_name(SSL *s, PACKET *pkt, unsigned int context,
+                               X509 *x, size_t chainidx);
+int tls_parse_stoc_early_data(SSL *s, PACKET *pkt, unsigned int context,
+                              X509 *x, size_t chainidx);
+int tls_parse_stoc_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx);
+#ifndef OPENSSL_NO_EC
+int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context,
+                                 X509 *x, size_t chainidx);
+#endif
+int tls_parse_stoc_session_ticket(SSL *s, PACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx);
+#ifndef OPENSSL_NO_OCSP
+int tls_parse_stoc_status_request(SSL *s, PACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx);
+#endif
+#ifndef OPENSSL_NO_CT
+int tls_parse_stoc_sct(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx);
+#endif
+#ifndef OPENSSL_NO_NEXTPROTONEG
+int tls_parse_stoc_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx);
+#endif
+int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                        size_t chainidx);
+#ifndef OPENSSL_NO_SRTP
+int tls_parse_stoc_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                            size_t chainidx);
+#endif
+int tls_parse_stoc_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx);
+int tls_parse_stoc_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx);
+int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context,
+                                      X509 *x, size_t chainidx);
+int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                             size_t chainidx);
+int tls_parse_stoc_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx);
+int tls_parse_stoc_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx);
+
+int tls_handle_alpn(SSL *s);
+
+int tls13_save_handshake_digest_for_pha(SSL *s);
+int tls13_restore_handshake_digest_for_pha(SSL *s);
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/statem/statem_srvr.c b/trunk/3rdparty/openssl-1.1-fit/ssl/statem/statem_srvr.c
new file mode 100644
index 000000000..6b8aae62c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/statem/statem_srvr.c
@@ -0,0 +1,4272 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "../ssl_locl.h"
+#include "statem_locl.h"
+#include "internal/constant_time_locl.h"
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/x509.h>
+#include <openssl/dh.h>
+#include <openssl/bn.h>
+#include <openssl/md5.h>
+
+#define TICKET_NONCE_SIZE       8
+
+static int tls_construct_encrypted_extensions(SSL *s, WPACKET *pkt);
+
+/*
+ * ossl_statem_server13_read_transition() encapsulates the logic for the allowed
+ * handshake state transitions when a TLSv1.3 server is reading messages from
+ * the client. The message type that the client has sent is provided in |mt|.
+ * The current state is in |s->statem.hand_state|.
+ *
+ * Return values are 1 for success (transition allowed) and  0 on error
+ * (transition not allowed)
+ */
+static int ossl_statem_server13_read_transition(SSL *s, int mt)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    /*
+     * Note: There is no case for TLS_ST_BEFORE because at that stage we have
+     * not negotiated TLSv1.3 yet, so that case is handled by
+     * ossl_statem_server_read_transition()
+     */
+    switch (st->hand_state) {
+    default:
+        break;
+
+    case TLS_ST_EARLY_DATA:
+        if (s->hello_retry_request == SSL_HRR_PENDING) {
+            if (mt == SSL3_MT_CLIENT_HELLO) {
+                st->hand_state = TLS_ST_SR_CLNT_HELLO;
+                return 1;
+            }
+            break;
+        } else if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {
+            if (mt == SSL3_MT_END_OF_EARLY_DATA) {
+                st->hand_state = TLS_ST_SR_END_OF_EARLY_DATA;
+                return 1;
+            }
+            break;
+        }
+        /* Fall through */
+
+    case TLS_ST_SR_END_OF_EARLY_DATA:
+    case TLS_ST_SW_FINISHED:
+        if (s->s3->tmp.cert_request) {
+            if (mt == SSL3_MT_CERTIFICATE) {
+                st->hand_state = TLS_ST_SR_CERT;
+                return 1;
+            }
+        } else {
+            if (mt == SSL3_MT_FINISHED) {
+                st->hand_state = TLS_ST_SR_FINISHED;
+                return 1;
+            }
+        }
+        break;
+
+    case TLS_ST_SR_CERT:
+        if (s->session->peer == NULL) {
+            if (mt == SSL3_MT_FINISHED) {
+                st->hand_state = TLS_ST_SR_FINISHED;
+                return 1;
+            }
+        } else {
+            if (mt == SSL3_MT_CERTIFICATE_VERIFY) {
+                st->hand_state = TLS_ST_SR_CERT_VRFY;
+                return 1;
+            }
+        }
+        break;
+
+    case TLS_ST_SR_CERT_VRFY:
+        if (mt == SSL3_MT_FINISHED) {
+            st->hand_state = TLS_ST_SR_FINISHED;
+            return 1;
+        }
+        break;
+
+    case TLS_ST_OK:
+        /*
+         * Its never ok to start processing handshake messages in the middle of
+         * early data (i.e. before we've received the end of early data alert)
+         */
+        if (s->early_data_state == SSL_EARLY_DATA_READING)
+            break;
+
+        if (mt == SSL3_MT_CERTIFICATE
+                && s->post_handshake_auth == SSL_PHA_REQUESTED) {
+            st->hand_state = TLS_ST_SR_CERT;
+            return 1;
+        }
+
+        if (mt == SSL3_MT_KEY_UPDATE) {
+            st->hand_state = TLS_ST_SR_KEY_UPDATE;
+            return 1;
+        }
+        break;
+    }
+
+    /* No valid transition found */
+    return 0;
+}
+
+/*
+ * ossl_statem_server_read_transition() encapsulates the logic for the allowed
+ * handshake state transitions when the server is reading messages from the
+ * client. The message type that the client has sent is provided in |mt|. The
+ * current state is in |s->statem.hand_state|.
+ *
+ * Return values are 1 for success (transition allowed) and  0 on error
+ * (transition not allowed)
+ */
+int ossl_statem_server_read_transition(SSL *s, int mt)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    if (SSL_IS_TLS13(s)) {
+        if (!ossl_statem_server13_read_transition(s, mt))
+            goto err;
+        return 1;
+    }
+
+    switch (st->hand_state) {
+    default:
+        break;
+
+    case TLS_ST_BEFORE:
+    case TLS_ST_OK:
+    case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
+        if (mt == SSL3_MT_CLIENT_HELLO) {
+            st->hand_state = TLS_ST_SR_CLNT_HELLO;
+            return 1;
+        }
+        break;
+
+    case TLS_ST_SW_SRVR_DONE:
+        /*
+         * If we get a CKE message after a ServerDone then either
+         * 1) We didn't request a Certificate
+         * OR
+         * 2) If we did request one then
+         *      a) We allow no Certificate to be returned
+         *      AND
+         *      b) We are running SSL3 (in TLS1.0+ the client must return a 0
+         *         list if we requested a certificate)
+         */
+        if (mt == SSL3_MT_CLIENT_KEY_EXCHANGE) {
+            if (s->s3->tmp.cert_request) {
+                if (s->version == SSL3_VERSION) {
+                    if ((s->verify_mode & SSL_VERIFY_PEER)
+                        && (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
+                        /*
+                         * This isn't an unexpected message as such - we're just
+                         * not going to accept it because we require a client
+                         * cert.
+                         */
+                        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                                 SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION,
+                                 SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
+                        return 0;
+                    }
+                    st->hand_state = TLS_ST_SR_KEY_EXCH;
+                    return 1;
+                }
+            } else {
+                st->hand_state = TLS_ST_SR_KEY_EXCH;
+                return 1;
+            }
+        } else if (s->s3->tmp.cert_request) {
+            if (mt == SSL3_MT_CERTIFICATE) {
+                st->hand_state = TLS_ST_SR_CERT;
+                return 1;
+            }
+        }
+        break;
+
+    case TLS_ST_SR_CERT:
+        if (mt == SSL3_MT_CLIENT_KEY_EXCHANGE) {
+            st->hand_state = TLS_ST_SR_KEY_EXCH;
+            return 1;
+        }
+        break;
+
+    case TLS_ST_SR_KEY_EXCH:
+        /*
+         * We should only process a CertificateVerify message if we have
+         * received a Certificate from the client. If so then |s->session->peer|
+         * will be non NULL. In some instances a CertificateVerify message is
+         * not required even if the peer has sent a Certificate (e.g. such as in
+         * the case of static DH). In that case |st->no_cert_verify| should be
+         * set.
+         */
+        if (s->session->peer == NULL || st->no_cert_verify) {
+            if (mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
+                /*
+                 * For the ECDH ciphersuites when the client sends its ECDH
+                 * pub key in a certificate, the CertificateVerify message is
+                 * not sent. Also for GOST ciphersuites when the client uses
+                 * its key from the certificate for key exchange.
+                 */
+                st->hand_state = TLS_ST_SR_CHANGE;
+                return 1;
+            }
+        } else {
+            if (mt == SSL3_MT_CERTIFICATE_VERIFY) {
+                st->hand_state = TLS_ST_SR_CERT_VRFY;
+                return 1;
+            }
+        }
+        break;
+
+    case TLS_ST_SR_CERT_VRFY:
+        if (mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
+            st->hand_state = TLS_ST_SR_CHANGE;
+            return 1;
+        }
+        break;
+
+    case TLS_ST_SR_CHANGE:
+#ifndef OPENSSL_NO_NEXTPROTONEG
+        if (s->s3->npn_seen) {
+            if (mt == SSL3_MT_NEXT_PROTO) {
+                st->hand_state = TLS_ST_SR_NEXT_PROTO;
+                return 1;
+            }
+        } else {
+#endif
+            if (mt == SSL3_MT_FINISHED) {
+                st->hand_state = TLS_ST_SR_FINISHED;
+                return 1;
+            }
+#ifndef OPENSSL_NO_NEXTPROTONEG
+        }
+#endif
+        break;
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    case TLS_ST_SR_NEXT_PROTO:
+        if (mt == SSL3_MT_FINISHED) {
+            st->hand_state = TLS_ST_SR_FINISHED;
+            return 1;
+        }
+        break;
+#endif
+
+    case TLS_ST_SW_FINISHED:
+        if (mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
+            st->hand_state = TLS_ST_SR_CHANGE;
+            return 1;
+        }
+        break;
+    }
+
+ err:
+    /* No valid transition found */
+    if (SSL_IS_DTLS(s) && mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
+        BIO *rbio;
+
+        /*
+         * CCS messages don't have a message sequence number so this is probably
+         * because of an out-of-order CCS. We'll just drop it.
+         */
+        s->init_num = 0;
+        s->rwstate = SSL_READING;
+        rbio = SSL_get_rbio(s);
+        BIO_clear_retry_flags(rbio);
+        BIO_set_retry_read(rbio);
+        return 0;
+    }
+    SSLfatal(s, SSL3_AD_UNEXPECTED_MESSAGE,
+             SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION,
+             SSL_R_UNEXPECTED_MESSAGE);
+    return 0;
+}
+
+/*
+ * Should we send a ServerKeyExchange message?
+ *
+ * Valid return values are:
+ *   1: Yes
+ *   0: No
+ */
+static int send_server_key_exchange(SSL *s)
+{
+    unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+
+    /*
+     * only send a ServerKeyExchange if DH or fortezza but we have a
+     * sign only certificate PSK: may send PSK identity hints For
+     * ECC ciphersuites, we send a serverKeyExchange message only if
+     * the cipher suite is either ECDH-anon or ECDHE. In other cases,
+     * the server certificate contains the server's public key for
+     * key exchange.
+     */
+    if (alg_k & (SSL_kDHE | SSL_kECDHE)
+        /*
+         * PSK: send ServerKeyExchange if PSK identity hint if
+         * provided
+         */
+#ifndef OPENSSL_NO_PSK
+        /* Only send SKE if we have identity hint for plain PSK */
+        || ((alg_k & (SSL_kPSK | SSL_kRSAPSK))
+            && s->cert->psk_identity_hint)
+        /* For other PSK always send SKE */
+        || (alg_k & (SSL_PSK & (SSL_kDHEPSK | SSL_kECDHEPSK)))
+#endif
+#ifndef OPENSSL_NO_SRP
+        /* SRP: send ServerKeyExchange */
+        || (alg_k & SSL_kSRP)
+#endif
+        ) {
+        return 1;
+    }
+
+    return 0;
+}
+
+/*
+ * Should we send a CertificateRequest message?
+ *
+ * Valid return values are:
+ *   1: Yes
+ *   0: No
+ */
+int send_certificate_request(SSL *s)
+{
+    if (
+           /* don't request cert unless asked for it: */
+           s->verify_mode & SSL_VERIFY_PEER
+           /*
+            * don't request if post-handshake-only unless doing
+            * post-handshake in TLSv1.3:
+            */
+           && (!SSL_IS_TLS13(s) || !(s->verify_mode & SSL_VERIFY_POST_HANDSHAKE)
+               || s->post_handshake_auth == SSL_PHA_REQUEST_PENDING)
+           /*
+            * if SSL_VERIFY_CLIENT_ONCE is set, don't request cert
+            * a second time:
+            */
+           && (s->certreqs_sent < 1 ||
+               !(s->verify_mode & SSL_VERIFY_CLIENT_ONCE))
+           /*
+            * never request cert in anonymous ciphersuites (see
+            * section "Certificate request" in SSL 3 drafts and in
+            * RFC 2246):
+            */
+           && (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
+               /*
+                * ... except when the application insists on
+                * verification (against the specs, but statem_clnt.c accepts
+                * this for SSL 3)
+                */
+               || (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))
+           /* don't request certificate for SRP auth */
+           && !(s->s3->tmp.new_cipher->algorithm_auth & SSL_aSRP)
+           /*
+            * With normal PSK Certificates and Certificate Requests
+            * are omitted
+            */
+           && !(s->s3->tmp.new_cipher->algorithm_auth & SSL_aPSK)) {
+        return 1;
+    }
+
+    return 0;
+}
+
+/*
+ * ossl_statem_server13_write_transition() works out what handshake state to
+ * move to next when a TLSv1.3 server is writing messages to be sent to the
+ * client.
+ */
+static WRITE_TRAN ossl_statem_server13_write_transition(SSL *s)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    /*
+     * No case for TLS_ST_BEFORE, because at that stage we have not negotiated
+     * TLSv1.3 yet, so that is handled by ossl_statem_server_write_transition()
+     */
+
+    switch (st->hand_state) {
+    default:
+        /* Shouldn't happen */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_OSSL_STATEM_SERVER13_WRITE_TRANSITION,
+                 ERR_R_INTERNAL_ERROR);
+        return WRITE_TRAN_ERROR;
+
+    case TLS_ST_OK:
+        if (s->key_update != SSL_KEY_UPDATE_NONE) {
+            st->hand_state = TLS_ST_SW_KEY_UPDATE;
+            return WRITE_TRAN_CONTINUE;
+        }
+        if (s->post_handshake_auth == SSL_PHA_REQUEST_PENDING) {
+            st->hand_state = TLS_ST_SW_CERT_REQ;
+            return WRITE_TRAN_CONTINUE;
+        }
+        /* Try to read from the client instead */
+        return WRITE_TRAN_FINISHED;
+
+    case TLS_ST_SR_CLNT_HELLO:
+        st->hand_state = TLS_ST_SW_SRVR_HELLO;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_SW_SRVR_HELLO:
+        if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0
+                && s->hello_retry_request != SSL_HRR_COMPLETE)
+            st->hand_state = TLS_ST_SW_CHANGE;
+        else if (s->hello_retry_request == SSL_HRR_PENDING)
+            st->hand_state = TLS_ST_EARLY_DATA;
+        else
+            st->hand_state = TLS_ST_SW_ENCRYPTED_EXTENSIONS;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_SW_CHANGE:
+        if (s->hello_retry_request == SSL_HRR_PENDING)
+            st->hand_state = TLS_ST_EARLY_DATA;
+        else
+            st->hand_state = TLS_ST_SW_ENCRYPTED_EXTENSIONS;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_SW_ENCRYPTED_EXTENSIONS:
+        if (s->hit)
+            st->hand_state = TLS_ST_SW_FINISHED;
+        else if (send_certificate_request(s))
+            st->hand_state = TLS_ST_SW_CERT_REQ;
+        else
+            st->hand_state = TLS_ST_SW_CERT;
+
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_SW_CERT_REQ:
+        if (s->post_handshake_auth == SSL_PHA_REQUEST_PENDING) {
+            s->post_handshake_auth = SSL_PHA_REQUESTED;
+            st->hand_state = TLS_ST_OK;
+        } else {
+            st->hand_state = TLS_ST_SW_CERT;
+        }
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_SW_CERT:
+        st->hand_state = TLS_ST_SW_CERT_VRFY;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_SW_CERT_VRFY:
+        st->hand_state = TLS_ST_SW_FINISHED;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_SW_FINISHED:
+        st->hand_state = TLS_ST_EARLY_DATA;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_EARLY_DATA:
+        return WRITE_TRAN_FINISHED;
+
+    case TLS_ST_SR_FINISHED:
+        /*
+         * Technically we have finished the handshake at this point, but we're
+         * going to remain "in_init" for now and write out any session tickets
+         * immediately.
+         */
+        if (s->post_handshake_auth == SSL_PHA_REQUESTED) {
+            s->post_handshake_auth = SSL_PHA_EXT_RECEIVED;
+        } else if (!s->ext.ticket_expected) {
+            /*
+             * If we're not going to renew the ticket then we just finish the
+             * handshake at this point.
+             */
+            st->hand_state = TLS_ST_OK;
+            return WRITE_TRAN_CONTINUE;
+        }
+        if (s->num_tickets > s->sent_tickets)
+            st->hand_state = TLS_ST_SW_SESSION_TICKET;
+        else
+            st->hand_state = TLS_ST_OK;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_SR_KEY_UPDATE:
+        if (s->key_update != SSL_KEY_UPDATE_NONE) {
+            st->hand_state = TLS_ST_SW_KEY_UPDATE;
+            return WRITE_TRAN_CONTINUE;
+        }
+        /* Fall through */
+
+    case TLS_ST_SW_KEY_UPDATE:
+        st->hand_state = TLS_ST_OK;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_SW_SESSION_TICKET:
+        /* In a resumption we only ever send a maximum of one new ticket.
+         * Following an initial handshake we send the number of tickets we have
+         * been configured for.
+         */
+        if (s->hit || s->num_tickets <= s->sent_tickets) {
+            /* We've written enough tickets out. */
+            st->hand_state = TLS_ST_OK;
+        }
+        return WRITE_TRAN_CONTINUE;
+    }
+}
+
+/*
+ * ossl_statem_server_write_transition() works out what handshake state to move
+ * to next when the server is writing messages to be sent to the client.
+ */
+WRITE_TRAN ossl_statem_server_write_transition(SSL *s)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    /*
+     * Note that before the ClientHello we don't know what version we are going
+     * to negotiate yet, so we don't take this branch until later
+     */
+
+    if (SSL_IS_TLS13(s))
+        return ossl_statem_server13_write_transition(s);
+
+    switch (st->hand_state) {
+    default:
+        /* Shouldn't happen */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_OSSL_STATEM_SERVER_WRITE_TRANSITION,
+                 ERR_R_INTERNAL_ERROR);
+        return WRITE_TRAN_ERROR;
+
+    case TLS_ST_OK:
+        if (st->request_state == TLS_ST_SW_HELLO_REQ) {
+            /* We must be trying to renegotiate */
+            st->hand_state = TLS_ST_SW_HELLO_REQ;
+            st->request_state = TLS_ST_BEFORE;
+            return WRITE_TRAN_CONTINUE;
+        }
+        /* Must be an incoming ClientHello */
+        if (!tls_setup_handshake(s)) {
+            /* SSLfatal() already called */
+            return WRITE_TRAN_ERROR;
+        }
+        /* Fall through */
+
+    case TLS_ST_BEFORE:
+        /* Just go straight to trying to read from the client */
+        return WRITE_TRAN_FINISHED;
+
+    case TLS_ST_SW_HELLO_REQ:
+        st->hand_state = TLS_ST_OK;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_SR_CLNT_HELLO:
+        if (SSL_IS_DTLS(s) && !s->d1->cookie_verified
+            && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE)) {
+            st->hand_state = DTLS_ST_SW_HELLO_VERIFY_REQUEST;
+        } else if (s->renegotiate == 0 && !SSL_IS_FIRST_HANDSHAKE(s)) {
+            /* We must have rejected the renegotiation */
+            st->hand_state = TLS_ST_OK;
+            return WRITE_TRAN_CONTINUE;
+        } else {
+            st->hand_state = TLS_ST_SW_SRVR_HELLO;
+        }
+        return WRITE_TRAN_CONTINUE;
+
+    case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
+        return WRITE_TRAN_FINISHED;
+
+    case TLS_ST_SW_SRVR_HELLO:
+        if (s->hit) {
+            if (s->ext.ticket_expected)
+                st->hand_state = TLS_ST_SW_SESSION_TICKET;
+            else
+                st->hand_state = TLS_ST_SW_CHANGE;
+        } else {
+            /* Check if it is anon DH or anon ECDH, */
+            /* normal PSK or SRP */
+            if (!(s->s3->tmp.new_cipher->algorithm_auth &
+                  (SSL_aNULL | SSL_aSRP | SSL_aPSK))) {
+                st->hand_state = TLS_ST_SW_CERT;
+            } else if (send_server_key_exchange(s)) {
+                st->hand_state = TLS_ST_SW_KEY_EXCH;
+            } else if (send_certificate_request(s)) {
+                st->hand_state = TLS_ST_SW_CERT_REQ;
+            } else {
+                st->hand_state = TLS_ST_SW_SRVR_DONE;
+            }
+        }
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_SW_CERT:
+        if (s->ext.status_expected) {
+            st->hand_state = TLS_ST_SW_CERT_STATUS;
+            return WRITE_TRAN_CONTINUE;
+        }
+        /* Fall through */
+
+    case TLS_ST_SW_CERT_STATUS:
+        if (send_server_key_exchange(s)) {
+            st->hand_state = TLS_ST_SW_KEY_EXCH;
+            return WRITE_TRAN_CONTINUE;
+        }
+        /* Fall through */
+
+    case TLS_ST_SW_KEY_EXCH:
+        if (send_certificate_request(s)) {
+            st->hand_state = TLS_ST_SW_CERT_REQ;
+            return WRITE_TRAN_CONTINUE;
+        }
+        /* Fall through */
+
+    case TLS_ST_SW_CERT_REQ:
+        st->hand_state = TLS_ST_SW_SRVR_DONE;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_SW_SRVR_DONE:
+        return WRITE_TRAN_FINISHED;
+
+    case TLS_ST_SR_FINISHED:
+        if (s->hit) {
+            st->hand_state = TLS_ST_OK;
+            return WRITE_TRAN_CONTINUE;
+        } else if (s->ext.ticket_expected) {
+            st->hand_state = TLS_ST_SW_SESSION_TICKET;
+        } else {
+            st->hand_state = TLS_ST_SW_CHANGE;
+        }
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_SW_SESSION_TICKET:
+        st->hand_state = TLS_ST_SW_CHANGE;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_SW_CHANGE:
+        st->hand_state = TLS_ST_SW_FINISHED;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_SW_FINISHED:
+        if (s->hit) {
+            return WRITE_TRAN_FINISHED;
+        }
+        st->hand_state = TLS_ST_OK;
+        return WRITE_TRAN_CONTINUE;
+    }
+}
+
+/*
+ * Perform any pre work that needs to be done prior to sending a message from
+ * the server to the client.
+ */
+WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    switch (st->hand_state) {
+    default:
+        /* No pre work to be done */
+        break;
+
+    case TLS_ST_SW_HELLO_REQ:
+        s->shutdown = 0;
+        if (SSL_IS_DTLS(s))
+            dtls1_clear_sent_buffer(s);
+        break;
+
+    case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
+        s->shutdown = 0;
+        if (SSL_IS_DTLS(s)) {
+            dtls1_clear_sent_buffer(s);
+            /* We don't buffer this message so don't use the timer */
+            st->use_timer = 0;
+        }
+        break;
+
+    case TLS_ST_SW_SRVR_HELLO:
+        if (SSL_IS_DTLS(s)) {
+            /*
+             * Messages we write from now on should be buffered and
+             * retransmitted if necessary, so we need to use the timer now
+             */
+            st->use_timer = 1;
+        }
+        break;
+
+    case TLS_ST_SW_SRVR_DONE:
+#ifndef OPENSSL_NO_SCTP
+        if (SSL_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(s))) {
+            /* Calls SSLfatal() as required */
+            return dtls_wait_for_dry(s);
+        }
+#endif
+        return WORK_FINISHED_CONTINUE;
+
+    case TLS_ST_SW_SESSION_TICKET:
+        if (SSL_IS_TLS13(s) && s->sent_tickets == 0) {
+            /*
+             * Actually this is the end of the handshake, but we're going
+             * straight into writing the session ticket out. So we finish off
+             * the handshake, but keep the various buffers active.
+             *
+             * Calls SSLfatal as required.
+             */
+            return tls_finish_handshake(s, wst, 0, 0);
+        } if (SSL_IS_DTLS(s)) {
+            /*
+             * We're into the last flight. We don't retransmit the last flight
+             * unless we need to, so we don't use the timer
+             */
+            st->use_timer = 0;
+        }
+        break;
+
+    case TLS_ST_SW_CHANGE:
+        if (SSL_IS_TLS13(s))
+            break;
+        s->session->cipher = s->s3->tmp.new_cipher;
+        if (!s->method->ssl3_enc->setup_key_block(s)) {
+            /* SSLfatal() already called */
+            return WORK_ERROR;
+        }
+        if (SSL_IS_DTLS(s)) {
+            /*
+             * We're into the last flight. We don't retransmit the last flight
+             * unless we need to, so we don't use the timer. This might have
+             * already been set to 0 if we sent a NewSessionTicket message,
+             * but we'll set it again here in case we didn't.
+             */
+            st->use_timer = 0;
+        }
+        return WORK_FINISHED_CONTINUE;
+
+    case TLS_ST_EARLY_DATA:
+        if (s->early_data_state != SSL_EARLY_DATA_ACCEPTING
+                && (s->s3->flags & TLS1_FLAGS_STATELESS) == 0)
+            return WORK_FINISHED_CONTINUE;
+        /* Fall through */
+
+    case TLS_ST_OK:
+        /* Calls SSLfatal() as required */
+        return tls_finish_handshake(s, wst, 1, 1);
+    }
+
+    return WORK_FINISHED_CONTINUE;
+}
+
+static ossl_inline int conn_is_closed(void)
+{
+    switch (get_last_sys_error()) {
+#if defined(EPIPE)
+    case EPIPE:
+        return 1;
+#endif
+#if defined(ECONNRESET)
+    case ECONNRESET:
+        return 1;
+#endif
+    default:
+        return 0;
+    }
+}
+
+/*
+ * Perform any work that needs to be done after sending a message from the
+ * server to the client.
+ */
+WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    s->init_num = 0;
+
+    switch (st->hand_state) {
+    default:
+        /* No post work to be done */
+        break;
+
+    case TLS_ST_SW_HELLO_REQ:
+        if (statem_flush(s) != 1)
+            return WORK_MORE_A;
+        if (!ssl3_init_finished_mac(s)) {
+            /* SSLfatal() already called */
+            return WORK_ERROR;
+        }
+        break;
+
+    case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
+        if (statem_flush(s) != 1)
+            return WORK_MORE_A;
+        /* HelloVerifyRequest resets Finished MAC */
+        if (s->version != DTLS1_BAD_VER && !ssl3_init_finished_mac(s)) {
+            /* SSLfatal() already called */
+            return WORK_ERROR;
+        }
+        /*
+         * The next message should be another ClientHello which we need to
+         * treat like it was the first packet
+         */
+        s->first_packet = 1;
+        break;
+
+    case TLS_ST_SW_SRVR_HELLO:
+        if (SSL_IS_TLS13(s) && s->hello_retry_request == SSL_HRR_PENDING) {
+            if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) == 0
+                    && statem_flush(s) != 1)
+                return WORK_MORE_A;
+            break;
+        }
+#ifndef OPENSSL_NO_SCTP
+        if (SSL_IS_DTLS(s) && s->hit) {
+            unsigned char sctpauthkey[64];
+            char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
+            size_t labellen;
+
+            /*
+             * Add new shared key for SCTP-Auth, will be ignored if no
+             * SCTP used.
+             */
+            memcpy(labelbuffer, DTLS1_SCTP_AUTH_LABEL,
+                   sizeof(DTLS1_SCTP_AUTH_LABEL));
+
+            /* Don't include the terminating zero. */
+            labellen = sizeof(labelbuffer) - 1;
+            if (s->mode & SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG)
+                labellen += 1;
+
+            if (SSL_export_keying_material(s, sctpauthkey,
+                                           sizeof(sctpauthkey), labelbuffer,
+                                           labellen, NULL, 0,
+                                           0) <= 0) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_OSSL_STATEM_SERVER_POST_WORK,
+                         ERR_R_INTERNAL_ERROR);
+                return WORK_ERROR;
+            }
+
+            BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
+                     sizeof(sctpauthkey), sctpauthkey);
+        }
+#endif
+        if (!SSL_IS_TLS13(s)
+                || ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0
+                    && s->hello_retry_request != SSL_HRR_COMPLETE))
+            break;
+        /* Fall through */
+
+    case TLS_ST_SW_CHANGE:
+        if (s->hello_retry_request == SSL_HRR_PENDING) {
+            if (!statem_flush(s))
+                return WORK_MORE_A;
+            break;
+        }
+
+        if (SSL_IS_TLS13(s)) {
+            if (!s->method->ssl3_enc->setup_key_block(s)
+                || !s->method->ssl3_enc->change_cipher_state(s,
+                        SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_SERVER_WRITE)) {
+                /* SSLfatal() already called */
+                return WORK_ERROR;
+            }
+
+            if (s->ext.early_data != SSL_EARLY_DATA_ACCEPTED
+                && !s->method->ssl3_enc->change_cipher_state(s,
+                        SSL3_CC_HANDSHAKE |SSL3_CHANGE_CIPHER_SERVER_READ)) {
+                /* SSLfatal() already called */
+                return WORK_ERROR;
+            }
+            /*
+             * We don't yet know whether the next record we are going to receive
+             * is an unencrypted alert, an encrypted alert, or an encrypted
+             * handshake message. We temporarily tolerate unencrypted alerts.
+             */
+            s->statem.enc_read_state = ENC_READ_STATE_ALLOW_PLAIN_ALERTS;
+            break;
+        }
+
+#ifndef OPENSSL_NO_SCTP
+        if (SSL_IS_DTLS(s) && !s->hit) {
+            /*
+             * Change to new shared key of SCTP-Auth, will be ignored if
+             * no SCTP used.
+             */
+            BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY,
+                     0, NULL);
+        }
+#endif
+        if (!s->method->ssl3_enc->change_cipher_state(s,
+                                                      SSL3_CHANGE_CIPHER_SERVER_WRITE))
+        {
+            /* SSLfatal() already called */
+            return WORK_ERROR;
+        }
+
+        if (SSL_IS_DTLS(s))
+            dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
+        break;
+
+    case TLS_ST_SW_SRVR_DONE:
+        if (statem_flush(s) != 1)
+            return WORK_MORE_A;
+        break;
+
+    case TLS_ST_SW_FINISHED:
+        if (statem_flush(s) != 1)
+            return WORK_MORE_A;
+#ifndef OPENSSL_NO_SCTP
+        if (SSL_IS_DTLS(s) && s->hit) {
+            /*
+             * Change to new shared key of SCTP-Auth, will be ignored if
+             * no SCTP used.
+             */
+            BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY,
+                     0, NULL);
+        }
+#endif
+        if (SSL_IS_TLS13(s)) {
+            if (!s->method->ssl3_enc->generate_master_secret(s,
+                        s->master_secret, s->handshake_secret, 0,
+                        &s->session->master_key_length)
+                || !s->method->ssl3_enc->change_cipher_state(s,
+                        SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_SERVER_WRITE))
+            /* SSLfatal() already called */
+            return WORK_ERROR;
+        }
+        break;
+
+    case TLS_ST_SW_CERT_REQ:
+        if (s->post_handshake_auth == SSL_PHA_REQUEST_PENDING) {
+            if (statem_flush(s) != 1)
+                return WORK_MORE_A;
+        }
+        break;
+
+    case TLS_ST_SW_KEY_UPDATE:
+        if (statem_flush(s) != 1)
+            return WORK_MORE_A;
+        if (!tls13_update_key(s, 1)) {
+            /* SSLfatal() already called */
+            return WORK_ERROR;
+        }
+        break;
+
+    case TLS_ST_SW_SESSION_TICKET:
+        clear_sys_error();
+        if (SSL_IS_TLS13(s) && statem_flush(s) != 1) {
+            if (SSL_get_error(s, 0) == SSL_ERROR_SYSCALL
+                    && conn_is_closed()) {
+                /*
+                 * We ignore connection closed errors in TLSv1.3 when sending a
+                 * NewSessionTicket and behave as if we were successful. This is
+                 * so that we are still able to read data sent to us by a client
+                 * that closes soon after the end of the handshake without
+                 * waiting to read our post-handshake NewSessionTickets.
+                 */
+                s->rwstate = SSL_NOTHING;
+                break;
+            }
+
+            return WORK_MORE_A;
+        }
+        break;
+    }
+
+    return WORK_FINISHED_CONTINUE;
+}
+
+/*
+ * Get the message construction function and message type for sending from the
+ * server
+ *
+ * Valid return values are:
+ *   1: Success
+ *   0: Error
+ */
+int ossl_statem_server_construct_message(SSL *s, WPACKET *pkt,
+                                         confunc_f *confunc, int *mt)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    switch (st->hand_state) {
+    default:
+        /* Shouldn't happen */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE,
+                 SSL_R_BAD_HANDSHAKE_STATE);
+        return 0;
+
+    case TLS_ST_SW_CHANGE:
+        if (SSL_IS_DTLS(s))
+            *confunc = dtls_construct_change_cipher_spec;
+        else
+            *confunc = tls_construct_change_cipher_spec;
+        *mt = SSL3_MT_CHANGE_CIPHER_SPEC;
+        break;
+
+    case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
+        *confunc = dtls_construct_hello_verify_request;
+        *mt = DTLS1_MT_HELLO_VERIFY_REQUEST;
+        break;
+
+    case TLS_ST_SW_HELLO_REQ:
+        /* No construction function needed */
+        *confunc = NULL;
+        *mt = SSL3_MT_HELLO_REQUEST;
+        break;
+
+    case TLS_ST_SW_SRVR_HELLO:
+        *confunc = tls_construct_server_hello;
+        *mt = SSL3_MT_SERVER_HELLO;
+        break;
+
+    case TLS_ST_SW_CERT:
+        *confunc = tls_construct_server_certificate;
+        *mt = SSL3_MT_CERTIFICATE;
+        break;
+
+    case TLS_ST_SW_CERT_VRFY:
+        *confunc = tls_construct_cert_verify;
+        *mt = SSL3_MT_CERTIFICATE_VERIFY;
+        break;
+
+
+    case TLS_ST_SW_KEY_EXCH:
+        *confunc = tls_construct_server_key_exchange;
+        *mt = SSL3_MT_SERVER_KEY_EXCHANGE;
+        break;
+
+    case TLS_ST_SW_CERT_REQ:
+        *confunc = tls_construct_certificate_request;
+        *mt = SSL3_MT_CERTIFICATE_REQUEST;
+        break;
+
+    case TLS_ST_SW_SRVR_DONE:
+        *confunc = tls_construct_server_done;
+        *mt = SSL3_MT_SERVER_DONE;
+        break;
+
+    case TLS_ST_SW_SESSION_TICKET:
+        *confunc = tls_construct_new_session_ticket;
+        *mt = SSL3_MT_NEWSESSION_TICKET;
+        break;
+
+    case TLS_ST_SW_CERT_STATUS:
+        *confunc = tls_construct_cert_status;
+        *mt = SSL3_MT_CERTIFICATE_STATUS;
+        break;
+
+    case TLS_ST_SW_FINISHED:
+        *confunc = tls_construct_finished;
+        *mt = SSL3_MT_FINISHED;
+        break;
+
+    case TLS_ST_EARLY_DATA:
+        *confunc = NULL;
+        *mt = SSL3_MT_DUMMY;
+        break;
+
+    case TLS_ST_SW_ENCRYPTED_EXTENSIONS:
+        *confunc = tls_construct_encrypted_extensions;
+        *mt = SSL3_MT_ENCRYPTED_EXTENSIONS;
+        break;
+
+    case TLS_ST_SW_KEY_UPDATE:
+        *confunc = tls_construct_key_update;
+        *mt = SSL3_MT_KEY_UPDATE;
+        break;
+    }
+
+    return 1;
+}
+
+/*
+ * Maximum size (excluding the Handshake header) of a ClientHello message,
+ * calculated as follows:
+ *
+ *  2 + # client_version
+ *  32 + # only valid length for random
+ *  1 + # length of session_id
+ *  32 + # maximum size for session_id
+ *  2 + # length of cipher suites
+ *  2^16-2 + # maximum length of cipher suites array
+ *  1 + # length of compression_methods
+ *  2^8-1 + # maximum length of compression methods
+ *  2 + # length of extensions
+ *  2^16-1 # maximum length of extensions
+ */
+#define CLIENT_HELLO_MAX_LENGTH         131396
+
+#define CLIENT_KEY_EXCH_MAX_LENGTH      2048
+#define NEXT_PROTO_MAX_LENGTH           514
+
+/*
+ * Returns the maximum allowed length for the current message that we are
+ * reading. Excludes the message header.
+ */
+size_t ossl_statem_server_max_message_size(SSL *s)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    switch (st->hand_state) {
+    default:
+        /* Shouldn't happen */
+        return 0;
+
+    case TLS_ST_SR_CLNT_HELLO:
+        return CLIENT_HELLO_MAX_LENGTH;
+
+    case TLS_ST_SR_END_OF_EARLY_DATA:
+        return END_OF_EARLY_DATA_MAX_LENGTH;
+
+    case TLS_ST_SR_CERT:
+        return s->max_cert_list;
+
+    case TLS_ST_SR_KEY_EXCH:
+        return CLIENT_KEY_EXCH_MAX_LENGTH;
+
+    case TLS_ST_SR_CERT_VRFY:
+        return SSL3_RT_MAX_PLAIN_LENGTH;
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    case TLS_ST_SR_NEXT_PROTO:
+        return NEXT_PROTO_MAX_LENGTH;
+#endif
+
+    case TLS_ST_SR_CHANGE:
+        return CCS_MAX_LENGTH;
+
+    case TLS_ST_SR_FINISHED:
+        return FINISHED_MAX_LENGTH;
+
+    case TLS_ST_SR_KEY_UPDATE:
+        return KEY_UPDATE_MAX_LENGTH;
+    }
+}
+
+/*
+ * Process a message that the server has received from the client.
+ */
+MSG_PROCESS_RETURN ossl_statem_server_process_message(SSL *s, PACKET *pkt)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    switch (st->hand_state) {
+    default:
+        /* Shouldn't happen */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_OSSL_STATEM_SERVER_PROCESS_MESSAGE,
+                 ERR_R_INTERNAL_ERROR);
+        return MSG_PROCESS_ERROR;
+
+    case TLS_ST_SR_CLNT_HELLO:
+        return tls_process_client_hello(s, pkt);
+
+    case TLS_ST_SR_END_OF_EARLY_DATA:
+        return tls_process_end_of_early_data(s, pkt);
+
+    case TLS_ST_SR_CERT:
+        return tls_process_client_certificate(s, pkt);
+
+    case TLS_ST_SR_KEY_EXCH:
+        return tls_process_client_key_exchange(s, pkt);
+
+    case TLS_ST_SR_CERT_VRFY:
+        return tls_process_cert_verify(s, pkt);
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    case TLS_ST_SR_NEXT_PROTO:
+        return tls_process_next_proto(s, pkt);
+#endif
+
+    case TLS_ST_SR_CHANGE:
+        return tls_process_change_cipher_spec(s, pkt);
+
+    case TLS_ST_SR_FINISHED:
+        return tls_process_finished(s, pkt);
+
+    case TLS_ST_SR_KEY_UPDATE:
+        return tls_process_key_update(s, pkt);
+
+    }
+}
+
+/*
+ * Perform any further processing required following the receipt of a message
+ * from the client
+ */
+WORK_STATE ossl_statem_server_post_process_message(SSL *s, WORK_STATE wst)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    switch (st->hand_state) {
+    default:
+        /* Shouldn't happen */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_OSSL_STATEM_SERVER_POST_PROCESS_MESSAGE,
+                 ERR_R_INTERNAL_ERROR);
+        return WORK_ERROR;
+
+    case TLS_ST_SR_CLNT_HELLO:
+        return tls_post_process_client_hello(s, wst);
+
+    case TLS_ST_SR_KEY_EXCH:
+        return tls_post_process_client_key_exchange(s, wst);
+    }
+}
+
+#ifndef OPENSSL_NO_SRP
+/* Returns 1 on success, 0 for retryable error, -1 for fatal error */
+static int ssl_check_srp_ext_ClientHello(SSL *s)
+{
+    int ret;
+    int al = SSL_AD_UNRECOGNIZED_NAME;
+
+    if ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) &&
+        (s->srp_ctx.TLS_ext_srp_username_callback != NULL)) {
+        if (s->srp_ctx.login == NULL) {
+            /*
+             * RFC 5054 says SHOULD reject, we do so if There is no srp
+             * login name
+             */
+            SSLfatal(s, SSL_AD_UNKNOWN_PSK_IDENTITY,
+                     SSL_F_SSL_CHECK_SRP_EXT_CLIENTHELLO,
+                     SSL_R_PSK_IDENTITY_NOT_FOUND);
+            return -1;
+        } else {
+            ret = SSL_srp_server_param_with_username(s, &al);
+            if (ret < 0)
+                return 0;
+            if (ret == SSL3_AL_FATAL) {
+                SSLfatal(s, al, SSL_F_SSL_CHECK_SRP_EXT_CLIENTHELLO,
+                         al == SSL_AD_UNKNOWN_PSK_IDENTITY
+                         ? SSL_R_PSK_IDENTITY_NOT_FOUND
+                         : SSL_R_CLIENTHELLO_TLSEXT);
+                return -1;
+            }
+        }
+    }
+    return 1;
+}
+#endif
+
+int dtls_raw_hello_verify_request(WPACKET *pkt, unsigned char *cookie,
+                                  size_t cookie_len)
+{
+    /* Always use DTLS 1.0 version: see RFC 6347 */
+    if (!WPACKET_put_bytes_u16(pkt, DTLS1_VERSION)
+            || !WPACKET_sub_memcpy_u8(pkt, cookie, cookie_len))
+        return 0;
+
+    return 1;
+}
+
+int dtls_construct_hello_verify_request(SSL *s, WPACKET *pkt)
+{
+    unsigned int cookie_leni;
+    if (s->ctx->app_gen_cookie_cb == NULL ||
+        s->ctx->app_gen_cookie_cb(s, s->d1->cookie,
+                                  &cookie_leni) == 0 ||
+        cookie_leni > 255) {
+        SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST,
+                 SSL_R_COOKIE_GEN_CALLBACK_FAILURE);
+        return 0;
+    }
+    s->d1->cookie_len = cookie_leni;
+
+    if (!dtls_raw_hello_verify_request(pkt, s->d1->cookie,
+                                              s->d1->cookie_len)) {
+        SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_EC
+/*-
+ * ssl_check_for_safari attempts to fingerprint Safari using OS X
+ * SecureTransport using the TLS extension block in |hello|.
+ * Safari, since 10.6, sends exactly these extensions, in this order:
+ *   SNI,
+ *   elliptic_curves
+ *   ec_point_formats
+ *   signature_algorithms (for TLSv1.2 only)
+ *
+ * We wish to fingerprint Safari because they broke ECDHE-ECDSA support in 10.8,
+ * but they advertise support. So enabling ECDHE-ECDSA ciphers breaks them.
+ * Sadly we cannot differentiate 10.6, 10.7 and 10.8.4 (which work), from
+ * 10.8..10.8.3 (which don't work).
+ */
+static void ssl_check_for_safari(SSL *s, const CLIENTHELLO_MSG *hello)
+{
+    static const unsigned char kSafariExtensionsBlock[] = {
+        0x00, 0x0a,             /* elliptic_curves extension */
+        0x00, 0x08,             /* 8 bytes */
+        0x00, 0x06,             /* 6 bytes of curve ids */
+        0x00, 0x17,             /* P-256 */
+        0x00, 0x18,             /* P-384 */
+        0x00, 0x19,             /* P-521 */
+
+        0x00, 0x0b,             /* ec_point_formats */
+        0x00, 0x02,             /* 2 bytes */
+        0x01,                   /* 1 point format */
+        0x00,                   /* uncompressed */
+        /* The following is only present in TLS 1.2 */
+        0x00, 0x0d,             /* signature_algorithms */
+        0x00, 0x0c,             /* 12 bytes */
+        0x00, 0x0a,             /* 10 bytes */
+        0x05, 0x01,             /* SHA-384/RSA */
+        0x04, 0x01,             /* SHA-256/RSA */
+        0x02, 0x01,             /* SHA-1/RSA */
+        0x04, 0x03,             /* SHA-256/ECDSA */
+        0x02, 0x03,             /* SHA-1/ECDSA */
+    };
+    /* Length of the common prefix (first two extensions). */
+    static const size_t kSafariCommonExtensionsLength = 18;
+    unsigned int type;
+    PACKET sni, tmppkt;
+    size_t ext_len;
+
+    tmppkt = hello->extensions;
+
+    if (!PACKET_forward(&tmppkt, 2)
+        || !PACKET_get_net_2(&tmppkt, &type)
+        || !PACKET_get_length_prefixed_2(&tmppkt, &sni)) {
+        return;
+    }
+
+    if (type != TLSEXT_TYPE_server_name)
+        return;
+
+    ext_len = TLS1_get_client_version(s) >= TLS1_2_VERSION ?
+        sizeof(kSafariExtensionsBlock) : kSafariCommonExtensionsLength;
+
+    s->s3->is_probably_safari = PACKET_equal(&tmppkt, kSafariExtensionsBlock,
+                                             ext_len);
+}
+#endif                          /* !OPENSSL_NO_EC */
+
+MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
+{
+    /* |cookie| will only be initialized for DTLS. */
+    PACKET session_id, compression, extensions, cookie;
+    static const unsigned char null_compression = 0;
+    CLIENTHELLO_MSG *clienthello = NULL;
+
+    /* Check if this is actually an unexpected renegotiation ClientHello */
+    if (s->renegotiate == 0 && !SSL_IS_FIRST_HANDSHAKE(s)) {
+        if (!ossl_assert(!SSL_IS_TLS13(s))) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        if ((s->options & SSL_OP_NO_RENEGOTIATION) != 0
+                || (!s->s3->send_connection_binding
+                    && (s->options
+                        & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) == 0)) {
+            ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
+            return MSG_PROCESS_FINISHED_READING;
+        }
+        s->renegotiate = 1;
+        s->new_session = 1;
+    }
+
+    clienthello = OPENSSL_zalloc(sizeof(*clienthello));
+    if (clienthello == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    /*
+     * First, parse the raw ClientHello data into the CLIENTHELLO_MSG structure.
+     */
+    clienthello->isv2 = RECORD_LAYER_is_sslv2_record(&s->rlayer);
+    PACKET_null_init(&cookie);
+
+    if (clienthello->isv2) {
+        unsigned int mt;
+
+        if (!SSL_IS_FIRST_HANDSHAKE(s)
+                || s->hello_retry_request != SSL_HRR_NONE) {
+            SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
+                     SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_UNEXPECTED_MESSAGE);
+            goto err;
+        }
+
+        /*-
+         * An SSLv3/TLSv1 backwards-compatible CLIENT-HELLO in an SSLv2
+         * header is sent directly on the wire, not wrapped as a TLS
+         * record. Our record layer just processes the message length and passes
+         * the rest right through. Its format is:
+         * Byte  Content
+         * 0-1   msg_length - decoded by the record layer
+         * 2     msg_type - s->init_msg points here
+         * 3-4   version
+         * 5-6   cipher_spec_length
+         * 7-8   session_id_length
+         * 9-10  challenge_length
+         * ...   ...
+         */
+
+        if (!PACKET_get_1(pkt, &mt)
+            || mt != SSL2_MT_CLIENT_HELLO) {
+            /*
+             * Should never happen. We should have tested this in the record
+             * layer in order to have determined that this is a SSLv2 record
+             * in the first place
+             */
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+    }
+
+    if (!PACKET_get_net_2(pkt, &clienthello->legacy_version)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,
+                 SSL_R_LENGTH_TOO_SHORT);
+        goto err;
+    }
+
+    /* Parse the message and load client random. */
+    if (clienthello->isv2) {
+        /*
+         * Handle an SSLv2 backwards compatible ClientHello
+         * Note, this is only for SSLv3+ using the backward compatible format.
+         * Real SSLv2 is not supported, and is rejected below.
+         */
+        unsigned int ciphersuite_len, session_id_len, challenge_len;
+        PACKET challenge;
+
+        if (!PACKET_get_net_2(pkt, &ciphersuite_len)
+            || !PACKET_get_net_2(pkt, &session_id_len)
+            || !PACKET_get_net_2(pkt, &challenge_len)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,
+                     SSL_R_RECORD_LENGTH_MISMATCH);
+            goto err;
+        }
+
+        if (session_id_len > SSL_MAX_SSL_SESSION_ID_LENGTH) {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                     SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
+            goto err;
+        }
+
+        if (!PACKET_get_sub_packet(pkt, &clienthello->ciphersuites,
+                                   ciphersuite_len)
+            || !PACKET_copy_bytes(pkt, clienthello->session_id, session_id_len)
+            || !PACKET_get_sub_packet(pkt, &challenge, challenge_len)
+            /* No extensions. */
+            || PACKET_remaining(pkt) != 0) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,
+                     SSL_R_RECORD_LENGTH_MISMATCH);
+            goto err;
+        }
+        clienthello->session_id_len = session_id_len;
+
+        /* Load the client random and compression list. We use SSL3_RANDOM_SIZE
+         * here rather than sizeof(clienthello->random) because that is the limit
+         * for SSLv3 and it is fixed. It won't change even if
+         * sizeof(clienthello->random) does.
+         */
+        challenge_len = challenge_len > SSL3_RANDOM_SIZE
+                        ? SSL3_RANDOM_SIZE : challenge_len;
+        memset(clienthello->random, 0, SSL3_RANDOM_SIZE);
+        if (!PACKET_copy_bytes(&challenge,
+                               clienthello->random + SSL3_RANDOM_SIZE -
+                               challenge_len, challenge_len)
+            /* Advertise only null compression. */
+            || !PACKET_buf_init(&compression, &null_compression, 1)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        PACKET_null_init(&clienthello->extensions);
+    } else {
+        /* Regular ClientHello. */
+        if (!PACKET_copy_bytes(pkt, clienthello->random, SSL3_RANDOM_SIZE)
+            || !PACKET_get_length_prefixed_1(pkt, &session_id)
+            || !PACKET_copy_all(&session_id, clienthello->session_id,
+                    SSL_MAX_SSL_SESSION_ID_LENGTH,
+                    &clienthello->session_id_len)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,
+                     SSL_R_LENGTH_MISMATCH);
+            goto err;
+        }
+
+        if (SSL_IS_DTLS(s)) {
+            if (!PACKET_get_length_prefixed_1(pkt, &cookie)) {
+                SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,
+                         SSL_R_LENGTH_MISMATCH);
+                goto err;
+            }
+            if (!PACKET_copy_all(&cookie, clienthello->dtls_cookie,
+                                 DTLS1_COOKIE_LENGTH,
+                                 &clienthello->dtls_cookie_len)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_PROCESS_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            /*
+             * If we require cookies and this ClientHello doesn't contain one,
+             * just return since we do not want to allocate any memory yet.
+             * So check cookie length...
+             */
+            if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) {
+                if (clienthello->dtls_cookie_len == 0) {
+                    OPENSSL_free(clienthello);
+                    return MSG_PROCESS_FINISHED_READING;
+                }
+            }
+        }
+
+        if (!PACKET_get_length_prefixed_2(pkt, &clienthello->ciphersuites)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,
+                     SSL_R_LENGTH_MISMATCH);
+            goto err;
+        }
+
+        if (!PACKET_get_length_prefixed_1(pkt, &compression)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,
+                     SSL_R_LENGTH_MISMATCH);
+            goto err;
+        }
+
+        /* Could be empty. */
+        if (PACKET_remaining(pkt) == 0) {
+            PACKET_null_init(&clienthello->extensions);
+        } else {
+            if (!PACKET_get_length_prefixed_2(pkt, &clienthello->extensions)
+                    || PACKET_remaining(pkt) != 0) {
+                SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,
+                         SSL_R_LENGTH_MISMATCH);
+                goto err;
+            }
+        }
+    }
+
+    if (!PACKET_copy_all(&compression, clienthello->compressions,
+                         MAX_COMPRESSIONS_SIZE,
+                         &clienthello->compressions_len)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    /* Preserve the raw extensions PACKET for later use */
+    extensions = clienthello->extensions;
+    if (!tls_collect_extensions(s, &extensions, SSL_EXT_CLIENT_HELLO,
+                                &clienthello->pre_proc_exts,
+                                &clienthello->pre_proc_exts_len, 1)) {
+        /* SSLfatal already been called */
+        goto err;
+    }
+    s->clienthello = clienthello;
+
+    return MSG_PROCESS_CONTINUE_PROCESSING;
+
+ err:
+    if (clienthello != NULL)
+        OPENSSL_free(clienthello->pre_proc_exts);
+    OPENSSL_free(clienthello);
+
+    return MSG_PROCESS_ERROR;
+}
+
+static int tls_early_post_process_client_hello(SSL *s)
+{
+    unsigned int j;
+    int i, al = SSL_AD_INTERNAL_ERROR;
+    int protverr;
+    size_t loop;
+    unsigned long id;
+#ifndef OPENSSL_NO_COMP
+    SSL_COMP *comp = NULL;
+#endif
+    const SSL_CIPHER *c;
+    STACK_OF(SSL_CIPHER) *ciphers = NULL;
+    STACK_OF(SSL_CIPHER) *scsvs = NULL;
+    CLIENTHELLO_MSG *clienthello = s->clienthello;
+    DOWNGRADE dgrd = DOWNGRADE_NONE;
+
+    /* Finished parsing the ClientHello, now we can start processing it */
+    /* Give the ClientHello callback a crack at things */
+    if (s->ctx->client_hello_cb != NULL) {
+        /* A failure in the ClientHello callback terminates the connection. */
+        switch (s->ctx->client_hello_cb(s, &al, s->ctx->client_hello_cb_arg)) {
+        case SSL_CLIENT_HELLO_SUCCESS:
+            break;
+        case SSL_CLIENT_HELLO_RETRY:
+            s->rwstate = SSL_CLIENT_HELLO_CB;
+            return -1;
+        case SSL_CLIENT_HELLO_ERROR:
+        default:
+            SSLfatal(s, al,
+                     SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                     SSL_R_CALLBACK_FAILED);
+            goto err;
+        }
+    }
+
+    /* Set up the client_random */
+    memcpy(s->s3->client_random, clienthello->random, SSL3_RANDOM_SIZE);
+
+    /* Choose the version */
+
+    if (clienthello->isv2) {
+        if (clienthello->legacy_version == SSL2_VERSION
+                || (clienthello->legacy_version & 0xff00)
+                   != (SSL3_VERSION_MAJOR << 8)) {
+            /*
+             * This is real SSLv2 or something completely unknown. We don't
+             * support it.
+             */
+            SSLfatal(s, SSL_AD_PROTOCOL_VERSION,
+                     SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                     SSL_R_UNKNOWN_PROTOCOL);
+            goto err;
+        }
+        /* SSLv3/TLS */
+        s->client_version = clienthello->legacy_version;
+    }
+    /*
+     * Do SSL/TLS version negotiation if applicable. For DTLS we just check
+     * versions are potentially compatible. Version negotiation comes later.
+     */
+    if (!SSL_IS_DTLS(s)) {
+        protverr = ssl_choose_server_version(s, clienthello, &dgrd);
+    } else if (s->method->version != DTLS_ANY_VERSION &&
+               DTLS_VERSION_LT((int)clienthello->legacy_version, s->version)) {
+        protverr = SSL_R_VERSION_TOO_LOW;
+    } else {
+        protverr = 0;
+    }
+
+    if (protverr) {
+        if (SSL_IS_FIRST_HANDSHAKE(s)) {
+            /* like ssl3_get_record, send alert using remote version number */
+            s->version = s->client_version = clienthello->legacy_version;
+        }
+        SSLfatal(s, SSL_AD_PROTOCOL_VERSION,
+                 SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, protverr);
+        goto err;
+    }
+
+    /* TLSv1.3 specifies that a ClientHello must end on a record boundary */
+    if (SSL_IS_TLS13(s) && RECORD_LAYER_processed_read_pending(&s->rlayer)) {
+        SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
+                 SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                 SSL_R_NOT_ON_RECORD_BOUNDARY);
+        goto err;
+    }
+
+    if (SSL_IS_DTLS(s)) {
+        /* Empty cookie was already handled above by returning early. */
+        if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) {
+            if (s->ctx->app_verify_cookie_cb != NULL) {
+                if (s->ctx->app_verify_cookie_cb(s, clienthello->dtls_cookie,
+                        clienthello->dtls_cookie_len) == 0) {
+                    SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                             SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                             SSL_R_COOKIE_MISMATCH);
+                    goto err;
+                    /* else cookie verification succeeded */
+                }
+                /* default verification */
+            } else if (s->d1->cookie_len != clienthello->dtls_cookie_len
+                    || memcmp(clienthello->dtls_cookie, s->d1->cookie,
+                              s->d1->cookie_len) != 0) {
+                SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                         SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                         SSL_R_COOKIE_MISMATCH);
+                goto err;
+            }
+            s->d1->cookie_verified = 1;
+        }
+        if (s->method->version == DTLS_ANY_VERSION) {
+            protverr = ssl_choose_server_version(s, clienthello, &dgrd);
+            if (protverr != 0) {
+                s->version = s->client_version;
+                SSLfatal(s, SSL_AD_PROTOCOL_VERSION,
+                         SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, protverr);
+                goto err;
+            }
+        }
+    }
+
+    s->hit = 0;
+
+    if (!ssl_cache_cipherlist(s, &clienthello->ciphersuites,
+                              clienthello->isv2) ||
+        !bytes_to_cipher_list(s, &clienthello->ciphersuites, &ciphers, &scsvs,
+                              clienthello->isv2, 1)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    s->s3->send_connection_binding = 0;
+    /* Check what signalling cipher-suite values were received. */
+    if (scsvs != NULL) {
+        for(i = 0; i < sk_SSL_CIPHER_num(scsvs); i++) {
+            c = sk_SSL_CIPHER_value(scsvs, i);
+            if (SSL_CIPHER_get_id(c) == SSL3_CK_SCSV) {
+                if (s->renegotiate) {
+                    /* SCSV is fatal if renegotiating */
+                    SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                             SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                             SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
+                    goto err;
+                }
+                s->s3->send_connection_binding = 1;
+            } else if (SSL_CIPHER_get_id(c) == SSL3_CK_FALLBACK_SCSV &&
+                       !ssl_check_version_downgrade(s)) {
+                /*
+                 * This SCSV indicates that the client previously tried
+                 * a higher version.  We should fail if the current version
+                 * is an unexpected downgrade, as that indicates that the first
+                 * connection may have been tampered with in order to trigger
+                 * an insecure downgrade.
+                 */
+                SSLfatal(s, SSL_AD_INAPPROPRIATE_FALLBACK,
+                         SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                         SSL_R_INAPPROPRIATE_FALLBACK);
+                goto err;
+            }
+        }
+    }
+
+    /* For TLSv1.3 we must select the ciphersuite *before* session resumption */
+    if (SSL_IS_TLS13(s)) {
+        const SSL_CIPHER *cipher =
+            ssl3_choose_cipher(s, ciphers, SSL_get_ciphers(s));
+
+        if (cipher == NULL) {
+            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                     SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                     SSL_R_NO_SHARED_CIPHER);
+            goto err;
+        }
+        if (s->hello_retry_request == SSL_HRR_PENDING
+                && (s->s3->tmp.new_cipher == NULL
+                    || s->s3->tmp.new_cipher->id != cipher->id)) {
+            /*
+             * A previous HRR picked a different ciphersuite to the one we
+             * just selected. Something must have changed.
+             */
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                     SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                     SSL_R_BAD_CIPHER);
+            goto err;
+        }
+        s->s3->tmp.new_cipher = cipher;
+    }
+
+    /* We need to do this before getting the session */
+    if (!tls_parse_extension(s, TLSEXT_IDX_extended_master_secret,
+                             SSL_EXT_CLIENT_HELLO,
+                             clienthello->pre_proc_exts, NULL, 0)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    /*
+     * We don't allow resumption in a backwards compatible ClientHello.
+     * TODO(openssl-team): in TLS1.1+, session_id MUST be empty.
+     *
+     * Versions before 0.9.7 always allow clients to resume sessions in
+     * renegotiation. 0.9.7 and later allow this by default, but optionally
+     * ignore resumption requests with flag
+     * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION (it's a new flag rather
+     * than a change to default behavior so that applications relying on
+     * this for security won't even compile against older library versions).
+     * 1.0.1 and later also have a function SSL_renegotiate_abbreviated() to
+     * request renegotiation but not a new session (s->new_session remains
+     * unset): for servers, this essentially just means that the
+     * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION setting will be
+     * ignored.
+     */
+    if (clienthello->isv2 ||
+        (s->new_session &&
+         (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION))) {
+        if (!ssl_get_new_session(s, 1)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    } else {
+        i = ssl_get_prev_session(s, clienthello);
+        if (i == 1) {
+            /* previous session */
+            s->hit = 1;
+        } else if (i == -1) {
+            /* SSLfatal() already called */
+            goto err;
+        } else {
+            /* i == 0 */
+            if (!ssl_get_new_session(s, 1)) {
+                /* SSLfatal() already called */
+                goto err;
+            }
+        }
+    }
+
+    if (SSL_IS_TLS13(s)) {
+        memcpy(s->tmp_session_id, s->clienthello->session_id,
+               s->clienthello->session_id_len);
+        s->tmp_session_id_len = s->clienthello->session_id_len;
+    }
+
+    /*
+     * If it is a hit, check that the cipher is in the list. In TLSv1.3 we check
+     * ciphersuite compatibility with the session as part of resumption.
+     */
+    if (!SSL_IS_TLS13(s) && s->hit) {
+        j = 0;
+        id = s->session->cipher->id;
+
+#ifdef CIPHER_DEBUG
+        fprintf(stderr, "client sent %d ciphers\n", sk_SSL_CIPHER_num(ciphers));
+#endif
+        for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
+            c = sk_SSL_CIPHER_value(ciphers, i);
+#ifdef CIPHER_DEBUG
+            fprintf(stderr, "client [%2d of %2d]:%s\n",
+                    i, sk_SSL_CIPHER_num(ciphers), SSL_CIPHER_get_name(c));
+#endif
+            if (c->id == id) {
+                j = 1;
+                break;
+            }
+        }
+        if (j == 0) {
+            /*
+             * we need to have the cipher in the cipher list if we are asked
+             * to reuse it
+             */
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                     SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                     SSL_R_REQUIRED_CIPHER_MISSING);
+            goto err;
+        }
+    }
+
+    for (loop = 0; loop < clienthello->compressions_len; loop++) {
+        if (clienthello->compressions[loop] == 0)
+            break;
+    }
+
+    if (loop >= clienthello->compressions_len) {
+        /* no compress */
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                 SSL_R_NO_COMPRESSION_SPECIFIED);
+        goto err;
+    }
+
+#ifndef OPENSSL_NO_EC
+    if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
+        ssl_check_for_safari(s, clienthello);
+#endif                          /* !OPENSSL_NO_EC */
+
+    /* TLS extensions */
+    if (!tls_parse_all_extensions(s, SSL_EXT_CLIENT_HELLO,
+                                  clienthello->pre_proc_exts, NULL, 0, 1)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    /*
+     * Check if we want to use external pre-shared secret for this handshake
+     * for not reused session only. We need to generate server_random before
+     * calling tls_session_secret_cb in order to allow SessionTicket
+     * processing to use it in key derivation.
+     */
+    {
+        unsigned char *pos;
+        pos = s->s3->server_random;
+        if (ssl_fill_hello_random(s, 1, pos, SSL3_RANDOM_SIZE, dgrd) <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+    }
+
+    if (!s->hit
+            && s->version >= TLS1_VERSION
+            && !SSL_IS_TLS13(s)
+            && !SSL_IS_DTLS(s)
+            && s->ext.session_secret_cb) {
+        const SSL_CIPHER *pref_cipher = NULL;
+        /*
+         * s->session->master_key_length is a size_t, but this is an int for
+         * backwards compat reasons
+         */
+        int master_key_length;
+
+        master_key_length = sizeof(s->session->master_key);
+        if (s->ext.session_secret_cb(s, s->session->master_key,
+                                     &master_key_length, ciphers,
+                                     &pref_cipher,
+                                     s->ext.session_secret_cb_arg)
+                && master_key_length > 0) {
+            s->session->master_key_length = master_key_length;
+            s->hit = 1;
+            s->session->ciphers = ciphers;
+            s->session->verify_result = X509_V_OK;
+
+            ciphers = NULL;
+
+            /* check if some cipher was preferred by call back */
+            if (pref_cipher == NULL)
+                pref_cipher = ssl3_choose_cipher(s, s->session->ciphers,
+                                                 SSL_get_ciphers(s));
+            if (pref_cipher == NULL) {
+                SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                         SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                         SSL_R_NO_SHARED_CIPHER);
+                goto err;
+            }
+
+            s->session->cipher = pref_cipher;
+            sk_SSL_CIPHER_free(s->cipher_list);
+            s->cipher_list = sk_SSL_CIPHER_dup(s->session->ciphers);
+            sk_SSL_CIPHER_free(s->cipher_list_by_id);
+            s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->session->ciphers);
+        }
+    }
+
+    /*
+     * Worst case, we will use the NULL compression, but if we have other
+     * options, we will now look for them.  We have complen-1 compression
+     * algorithms from the client, starting at q.
+     */
+    s->s3->tmp.new_compression = NULL;
+    if (SSL_IS_TLS13(s)) {
+        /*
+         * We already checked above that the NULL compression method appears in
+         * the list. Now we check there aren't any others (which is illegal in
+         * a TLSv1.3 ClientHello.
+         */
+        if (clienthello->compressions_len != 1) {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                     SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                     SSL_R_INVALID_COMPRESSION_ALGORITHM);
+            goto err;
+        }
+    }
+#ifndef OPENSSL_NO_COMP
+    /* This only happens if we have a cache hit */
+    else if (s->session->compress_meth != 0) {
+        int m, comp_id = s->session->compress_meth;
+        unsigned int k;
+        /* Perform sanity checks on resumed compression algorithm */
+        /* Can't disable compression */
+        if (!ssl_allow_compression(s)) {
+            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                     SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                     SSL_R_INCONSISTENT_COMPRESSION);
+            goto err;
+        }
+        /* Look for resumed compression method */
+        for (m = 0; m < sk_SSL_COMP_num(s->ctx->comp_methods); m++) {
+            comp = sk_SSL_COMP_value(s->ctx->comp_methods, m);
+            if (comp_id == comp->id) {
+                s->s3->tmp.new_compression = comp;
+                break;
+            }
+        }
+        if (s->s3->tmp.new_compression == NULL) {
+            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                     SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                     SSL_R_INVALID_COMPRESSION_ALGORITHM);
+            goto err;
+        }
+        /* Look for resumed method in compression list */
+        for (k = 0; k < clienthello->compressions_len; k++) {
+            if (clienthello->compressions[k] == comp_id)
+                break;
+        }
+        if (k >= clienthello->compressions_len) {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                     SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                     SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING);
+            goto err;
+        }
+    } else if (s->hit) {
+        comp = NULL;
+    } else if (ssl_allow_compression(s) && s->ctx->comp_methods) {
+        /* See if we have a match */
+        int m, nn, v, done = 0;
+        unsigned int o;
+
+        nn = sk_SSL_COMP_num(s->ctx->comp_methods);
+        for (m = 0; m < nn; m++) {
+            comp = sk_SSL_COMP_value(s->ctx->comp_methods, m);
+            v = comp->id;
+            for (o = 0; o < clienthello->compressions_len; o++) {
+                if (v == clienthello->compressions[o]) {
+                    done = 1;
+                    break;
+                }
+            }
+            if (done)
+                break;
+        }
+        if (done)
+            s->s3->tmp.new_compression = comp;
+        else
+            comp = NULL;
+    }
+#else
+    /*
+     * If compression is disabled we'd better not try to resume a session
+     * using compression.
+     */
+    if (s->session->compress_meth != 0) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                 SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                 SSL_R_INCONSISTENT_COMPRESSION);
+        goto err;
+    }
+#endif
+
+    /*
+     * Given s->session->ciphers and SSL_get_ciphers, we must pick a cipher
+     */
+
+    if (!s->hit || SSL_IS_TLS13(s)) {
+        sk_SSL_CIPHER_free(s->session->ciphers);
+        s->session->ciphers = ciphers;
+        if (ciphers == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        ciphers = NULL;
+    }
+
+    if (!s->hit) {
+#ifdef OPENSSL_NO_COMP
+        s->session->compress_meth = 0;
+#else
+        s->session->compress_meth = (comp == NULL) ? 0 : comp->id;
+#endif
+    }
+
+    sk_SSL_CIPHER_free(ciphers);
+    sk_SSL_CIPHER_free(scsvs);
+    OPENSSL_free(clienthello->pre_proc_exts);
+    OPENSSL_free(s->clienthello);
+    s->clienthello = NULL;
+    return 1;
+ err:
+    sk_SSL_CIPHER_free(ciphers);
+    sk_SSL_CIPHER_free(scsvs);
+    OPENSSL_free(clienthello->pre_proc_exts);
+    OPENSSL_free(s->clienthello);
+    s->clienthello = NULL;
+
+    return 0;
+}
+
+/*
+ * Call the status request callback if needed. Upon success, returns 1.
+ * Upon failure, returns 0.
+ */
+static int tls_handle_status_request(SSL *s)
+{
+    s->ext.status_expected = 0;
+
+    /*
+     * If status request then ask callback what to do. Note: this must be
+     * called after servername callbacks in case the certificate has changed,
+     * and must be called after the cipher has been chosen because this may
+     * influence which certificate is sent
+     */
+    if (s->ext.status_type != TLSEXT_STATUSTYPE_nothing && s->ctx != NULL
+            && s->ctx->ext.status_cb != NULL) {
+        int ret;
+
+        /* If no certificate can't return certificate status */
+        if (s->s3->tmp.cert != NULL) {
+            /*
+             * Set current certificate to one we will use so SSL_get_certificate
+             * et al can pick it up.
+             */
+            s->cert->key = s->s3->tmp.cert;
+            ret = s->ctx->ext.status_cb(s, s->ctx->ext.status_arg);
+            switch (ret) {
+                /* We don't want to send a status request response */
+            case SSL_TLSEXT_ERR_NOACK:
+                s->ext.status_expected = 0;
+                break;
+                /* status request response should be sent */
+            case SSL_TLSEXT_ERR_OK:
+                if (s->ext.ocsp.resp)
+                    s->ext.status_expected = 1;
+                break;
+                /* something bad happened */
+            case SSL_TLSEXT_ERR_ALERT_FATAL:
+            default:
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_HANDLE_STATUS_REQUEST,
+                         SSL_R_CLIENTHELLO_TLSEXT);
+                return 0;
+            }
+        }
+    }
+
+    return 1;
+}
+
+/*
+ * Call the alpn_select callback if needed. Upon success, returns 1.
+ * Upon failure, returns 0.
+ */
+int tls_handle_alpn(SSL *s)
+{
+    const unsigned char *selected = NULL;
+    unsigned char selected_len = 0;
+
+    if (s->ctx->ext.alpn_select_cb != NULL && s->s3->alpn_proposed != NULL) {
+        int r = s->ctx->ext.alpn_select_cb(s, &selected, &selected_len,
+                                           s->s3->alpn_proposed,
+                                           (unsigned int)s->s3->alpn_proposed_len,
+                                           s->ctx->ext.alpn_select_cb_arg);
+
+        if (r == SSL_TLSEXT_ERR_OK) {
+            OPENSSL_free(s->s3->alpn_selected);
+            s->s3->alpn_selected = OPENSSL_memdup(selected, selected_len);
+            if (s->s3->alpn_selected == NULL) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_HANDLE_ALPN,
+                         ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+            s->s3->alpn_selected_len = selected_len;
+#ifndef OPENSSL_NO_NEXTPROTONEG
+            /* ALPN takes precedence over NPN. */
+            s->s3->npn_seen = 0;
+#endif
+
+            /* Check ALPN is consistent with session */
+            if (s->session->ext.alpn_selected == NULL
+                        || selected_len != s->session->ext.alpn_selected_len
+                        || memcmp(selected, s->session->ext.alpn_selected,
+                                  selected_len) != 0) {
+                /* Not consistent so can't be used for early_data */
+                s->ext.early_data_ok = 0;
+
+                if (!s->hit) {
+                    /*
+                     * This is a new session and so alpn_selected should have
+                     * been initialised to NULL. We should update it with the
+                     * selected ALPN.
+                     */
+                    if (!ossl_assert(s->session->ext.alpn_selected == NULL)) {
+                        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                                 SSL_F_TLS_HANDLE_ALPN,
+                                 ERR_R_INTERNAL_ERROR);
+                        return 0;
+                    }
+                    s->session->ext.alpn_selected = OPENSSL_memdup(selected,
+                                                                   selected_len);
+                    if (s->session->ext.alpn_selected == NULL) {
+                        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                                 SSL_F_TLS_HANDLE_ALPN,
+                                 ERR_R_INTERNAL_ERROR);
+                        return 0;
+                    }
+                    s->session->ext.alpn_selected_len = selected_len;
+                }
+            }
+
+            return 1;
+        } else if (r != SSL_TLSEXT_ERR_NOACK) {
+            SSLfatal(s, SSL_AD_NO_APPLICATION_PROTOCOL, SSL_F_TLS_HANDLE_ALPN,
+                     SSL_R_NO_APPLICATION_PROTOCOL);
+            return 0;
+        }
+        /*
+         * If r == SSL_TLSEXT_ERR_NOACK then behave as if no callback was
+         * present.
+         */
+    }
+
+    /* Check ALPN is consistent with session */
+    if (s->session->ext.alpn_selected != NULL) {
+        /* Not consistent so can't be used for early_data */
+        s->ext.early_data_ok = 0;
+    }
+
+    return 1;
+}
+
+WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
+{
+    const SSL_CIPHER *cipher;
+
+    if (wst == WORK_MORE_A) {
+        int rv = tls_early_post_process_client_hello(s);
+        if (rv == 0) {
+            /* SSLfatal() was already called */
+            goto err;
+        }
+        if (rv < 0)
+            return WORK_MORE_A;
+        wst = WORK_MORE_B;
+    }
+    if (wst == WORK_MORE_B) {
+        if (!s->hit || SSL_IS_TLS13(s)) {
+            /* Let cert callback update server certificates if required */
+            if (!s->hit) {
+                if (s->cert->cert_cb != NULL) {
+                    int rv = s->cert->cert_cb(s, s->cert->cert_cb_arg);
+                    if (rv == 0) {
+                        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                                 SSL_F_TLS_POST_PROCESS_CLIENT_HELLO,
+                                 SSL_R_CERT_CB_ERROR);
+                        goto err;
+                    }
+                    if (rv < 0) {
+                        s->rwstate = SSL_X509_LOOKUP;
+                        return WORK_MORE_B;
+                    }
+                    s->rwstate = SSL_NOTHING;
+                }
+                if (!tls1_set_server_sigalgs(s)) {
+                    /* SSLfatal already called */
+                    goto err;
+                }
+            }
+
+            /* In TLSv1.3 we selected the ciphersuite before resumption */
+            if (!SSL_IS_TLS13(s)) {
+                cipher =
+                    ssl3_choose_cipher(s, s->session->ciphers, SSL_get_ciphers(s));
+
+                if (cipher == NULL) {
+                    SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                             SSL_F_TLS_POST_PROCESS_CLIENT_HELLO,
+                             SSL_R_NO_SHARED_CIPHER);
+                    goto err;
+                }
+                s->s3->tmp.new_cipher = cipher;
+            }
+            if (!s->hit) {
+                if (!tls_choose_sigalg(s, 1)) {
+                    /* SSLfatal already called */
+                    goto err;
+                }
+                /* check whether we should disable session resumption */
+                if (s->not_resumable_session_cb != NULL)
+                    s->session->not_resumable =
+                        s->not_resumable_session_cb(s,
+                            ((s->s3->tmp.new_cipher->algorithm_mkey
+                              & (SSL_kDHE | SSL_kECDHE)) != 0));
+                if (s->session->not_resumable)
+                    /* do not send a session ticket */
+                    s->ext.ticket_expected = 0;
+            }
+        } else {
+            /* Session-id reuse */
+            s->s3->tmp.new_cipher = s->session->cipher;
+        }
+
+        /*-
+         * we now have the following setup.
+         * client_random
+         * cipher_list          - our preferred list of ciphers
+         * ciphers              - the clients preferred list of ciphers
+         * compression          - basically ignored right now
+         * ssl version is set   - sslv3
+         * s->session           - The ssl session has been setup.
+         * s->hit               - session reuse flag
+         * s->s3->tmp.new_cipher- the new cipher to use.
+         */
+
+        /*
+         * Call status_request callback if needed. Has to be done after the
+         * certificate callbacks etc above.
+         */
+        if (!tls_handle_status_request(s)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+        /*
+         * Call alpn_select callback if needed.  Has to be done after SNI and
+         * cipher negotiation (HTTP/2 restricts permitted ciphers). In TLSv1.3
+         * we already did this because cipher negotiation happens earlier, and
+         * we must handle ALPN before we decide whether to accept early_data.
+         */
+        if (!SSL_IS_TLS13(s) && !tls_handle_alpn(s)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+
+        wst = WORK_MORE_C;
+    }
+#ifndef OPENSSL_NO_SRP
+    if (wst == WORK_MORE_C) {
+        int ret;
+        if ((ret = ssl_check_srp_ext_ClientHello(s)) == 0) {
+            /*
+             * callback indicates further work to be done
+             */
+            s->rwstate = SSL_X509_LOOKUP;
+            return WORK_MORE_C;
+        }
+        if (ret < 0) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    }
+#endif
+
+    return WORK_FINISHED_STOP;
+ err:
+    return WORK_ERROR;
+}
+
+int tls_construct_server_hello(SSL *s, WPACKET *pkt)
+{
+    int compm;
+    size_t sl, len;
+    int version;
+    unsigned char *session_id;
+    int usetls13 = SSL_IS_TLS13(s) || s->hello_retry_request == SSL_HRR_PENDING;
+
+    version = usetls13 ? TLS1_2_VERSION : s->version;
+    if (!WPACKET_put_bytes_u16(pkt, version)
+               /*
+                * Random stuff. Filling of the server_random takes place in
+                * tls_process_client_hello()
+                */
+            || !WPACKET_memcpy(pkt,
+                               s->hello_retry_request == SSL_HRR_PENDING
+                                   ? hrrrandom : s->s3->server_random,
+                               SSL3_RANDOM_SIZE)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_SERVER_HELLO,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    /*-
+     * There are several cases for the session ID to send
+     * back in the server hello:
+     * - For session reuse from the session cache,
+     *   we send back the old session ID.
+     * - If stateless session reuse (using a session ticket)
+     *   is successful, we send back the client's "session ID"
+     *   (which doesn't actually identify the session).
+     * - If it is a new session, we send back the new
+     *   session ID.
+     * - However, if we want the new session to be single-use,
+     *   we send back a 0-length session ID.
+     * - In TLSv1.3 we echo back the session id sent to us by the client
+     *   regardless
+     * s->hit is non-zero in either case of session reuse,
+     * so the following won't overwrite an ID that we're supposed
+     * to send back.
+     */
+    if (s->session->not_resumable ||
+        (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)
+         && !s->hit))
+        s->session->session_id_length = 0;
+
+    if (usetls13) {
+        sl = s->tmp_session_id_len;
+        session_id = s->tmp_session_id;
+    } else {
+        sl = s->session->session_id_length;
+        session_id = s->session->session_id;
+    }
+
+    if (sl > sizeof(s->session->session_id)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_SERVER_HELLO,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    /* set up the compression method */
+#ifdef OPENSSL_NO_COMP
+    compm = 0;
+#else
+    if (usetls13 || s->s3->tmp.new_compression == NULL)
+        compm = 0;
+    else
+        compm = s->s3->tmp.new_compression->id;
+#endif
+
+    if (!WPACKET_sub_memcpy_u8(pkt, session_id, sl)
+            || !s->method->put_cipher_by_char(s->s3->tmp.new_cipher, pkt, &len)
+            || !WPACKET_put_bytes_u8(pkt, compm)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_SERVER_HELLO,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    if (!tls_construct_extensions(s, pkt,
+                                  s->hello_retry_request == SSL_HRR_PENDING
+                                      ? SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST
+                                      : (SSL_IS_TLS13(s)
+                                          ? SSL_EXT_TLS1_3_SERVER_HELLO
+                                          : SSL_EXT_TLS1_2_SERVER_HELLO),
+                                  NULL, 0)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    if (s->hello_retry_request == SSL_HRR_PENDING) {
+        /* Ditch the session. We'll create a new one next time around */
+        SSL_SESSION_free(s->session);
+        s->session = NULL;
+        s->hit = 0;
+
+        /*
+         * Re-initialise the Transcript Hash. We're going to prepopulate it with
+         * a synthetic message_hash in place of ClientHello1.
+         */
+        if (!create_synthetic_message_hash(s, NULL, 0, NULL, 0)) {
+            /* SSLfatal() already called */
+            return 0;
+        }
+    } else if (!(s->verify_mode & SSL_VERIFY_PEER)
+                && !ssl3_digest_cached_records(s, 0)) {
+        /* SSLfatal() already called */;
+        return 0;
+    }
+
+    return 1;
+}
+
+int tls_construct_server_done(SSL *s, WPACKET *pkt)
+{
+    if (!s->s3->tmp.cert_request) {
+        if (!ssl3_digest_cached_records(s, 0)) {
+            /* SSLfatal() already called */
+            return 0;
+        }
+    }
+    return 1;
+}
+
+int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt)
+{
+#ifndef OPENSSL_NO_DH
+    EVP_PKEY *pkdh = NULL;
+#endif
+#ifndef OPENSSL_NO_EC
+    unsigned char *encodedPoint = NULL;
+    size_t encodedlen = 0;
+    int curve_id = 0;
+#endif
+    const SIGALG_LOOKUP *lu = s->s3->tmp.sigalg;
+    int i;
+    unsigned long type;
+    const BIGNUM *r[4];
+    EVP_MD_CTX *md_ctx = EVP_MD_CTX_new();
+    EVP_PKEY_CTX *pctx = NULL;
+    size_t paramlen, paramoffset;
+
+    if (!WPACKET_get_total_written(pkt, &paramoffset)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    if (md_ctx == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    type = s->s3->tmp.new_cipher->algorithm_mkey;
+
+    r[0] = r[1] = r[2] = r[3] = NULL;
+#ifndef OPENSSL_NO_PSK
+    /* Plain PSK or RSAPSK nothing to do */
+    if (type & (SSL_kPSK | SSL_kRSAPSK)) {
+    } else
+#endif                          /* !OPENSSL_NO_PSK */
+#ifndef OPENSSL_NO_DH
+    if (type & (SSL_kDHE | SSL_kDHEPSK)) {
+        CERT *cert = s->cert;
+
+        EVP_PKEY *pkdhp = NULL;
+        DH *dh;
+
+        if (s->cert->dh_tmp_auto) {
+            DH *dhp = ssl_get_auto_dh(s);
+            pkdh = EVP_PKEY_new();
+            if (pkdh == NULL || dhp == NULL) {
+                DH_free(dhp);
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                         ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            EVP_PKEY_assign_DH(pkdh, dhp);
+            pkdhp = pkdh;
+        } else {
+            pkdhp = cert->dh_tmp;
+        }
+        if ((pkdhp == NULL) && (s->cert->dh_tmp_cb != NULL)) {
+            DH *dhp = s->cert->dh_tmp_cb(s, 0, 1024);
+            pkdh = ssl_dh_to_pkey(dhp);
+            if (pkdh == NULL) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                         ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            pkdhp = pkdh;
+        }
+        if (pkdhp == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                     SSL_R_MISSING_TMP_DH_KEY);
+            goto err;
+        }
+        if (!ssl_security(s, SSL_SECOP_TMP_DH,
+                          EVP_PKEY_security_bits(pkdhp), 0, pkdhp)) {
+            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                     SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                     SSL_R_DH_KEY_TOO_SMALL);
+            goto err;
+        }
+        if (s->s3->tmp.pkey != NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        s->s3->tmp.pkey = ssl_generate_pkey(pkdhp);
+        if (s->s3->tmp.pkey == NULL) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+
+        dh = EVP_PKEY_get0_DH(s->s3->tmp.pkey);
+        if (dh == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        EVP_PKEY_free(pkdh);
+        pkdh = NULL;
+
+        DH_get0_pqg(dh, &r[0], NULL, &r[1]);
+        DH_get0_key(dh, &r[2], NULL);
+    } else
+#endif
+#ifndef OPENSSL_NO_EC
+    if (type & (SSL_kECDHE | SSL_kECDHEPSK)) {
+
+        if (s->s3->tmp.pkey != NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        /* Get NID of appropriate shared curve */
+        curve_id = tls1_shared_group(s, -2);
+        if (curve_id == 0) {
+            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                     SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                     SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
+            goto err;
+        }
+        s->s3->tmp.pkey = ssl_generate_pkey_group(s, curve_id);
+        /* Generate a new key for this curve */
+        if (s->s3->tmp.pkey == NULL) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+
+        /* Encode the public key. */
+        encodedlen = EVP_PKEY_get1_tls_encodedpoint(s->s3->tmp.pkey,
+                                                    &encodedPoint);
+        if (encodedlen == 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_EC_LIB);
+            goto err;
+        }
+
+        /*
+         * We'll generate the serverKeyExchange message explicitly so we
+         * can set these to NULLs
+         */
+        r[0] = NULL;
+        r[1] = NULL;
+        r[2] = NULL;
+        r[3] = NULL;
+    } else
+#endif                          /* !OPENSSL_NO_EC */
+#ifndef OPENSSL_NO_SRP
+    if (type & SSL_kSRP) {
+        if ((s->srp_ctx.N == NULL) ||
+            (s->srp_ctx.g == NULL) ||
+            (s->srp_ctx.s == NULL) || (s->srp_ctx.B == NULL)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                     SSL_R_MISSING_SRP_PARAM);
+            goto err;
+        }
+        r[0] = s->srp_ctx.N;
+        r[1] = s->srp_ctx.g;
+        r[2] = s->srp_ctx.s;
+        r[3] = s->srp_ctx.B;
+    } else
+#endif
+    {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                 SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
+        goto err;
+    }
+
+    if (((s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP)) != 0)
+        || ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK)) != 0) {
+        lu = NULL;
+    } else if (lu == NULL) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+#ifndef OPENSSL_NO_PSK
+    if (type & SSL_PSK) {
+        size_t len = (s->cert->psk_identity_hint == NULL)
+                        ? 0 : strlen(s->cert->psk_identity_hint);
+
+        /*
+         * It should not happen that len > PSK_MAX_IDENTITY_LEN - we already
+         * checked this when we set the identity hint - but just in case
+         */
+        if (len > PSK_MAX_IDENTITY_LEN
+                || !WPACKET_sub_memcpy_u16(pkt, s->cert->psk_identity_hint,
+                                           len)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+    }
+#endif
+
+    for (i = 0; i < 4 && r[i] != NULL; i++) {
+        unsigned char *binval;
+        int res;
+
+#ifndef OPENSSL_NO_SRP
+        if ((i == 2) && (type & SSL_kSRP)) {
+            res = WPACKET_start_sub_packet_u8(pkt);
+        } else
+#endif
+            res = WPACKET_start_sub_packet_u16(pkt);
+
+        if (!res) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+#ifndef OPENSSL_NO_DH
+        /*-
+         * for interoperability with some versions of the Microsoft TLS
+         * stack, we need to zero pad the DHE pub key to the same length
+         * as the prime
+         */
+        if ((i == 2) && (type & (SSL_kDHE | SSL_kDHEPSK))) {
+            size_t len = BN_num_bytes(r[0]) - BN_num_bytes(r[2]);
+
+            if (len > 0) {
+                if (!WPACKET_allocate_bytes(pkt, len, &binval)) {
+                    SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                             SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                             ERR_R_INTERNAL_ERROR);
+                    goto err;
+                }
+                memset(binval, 0, len);
+            }
+        }
+#endif
+        if (!WPACKET_allocate_bytes(pkt, BN_num_bytes(r[i]), &binval)
+                || !WPACKET_close(pkt)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        BN_bn2bin(r[i], binval);
+    }
+
+#ifndef OPENSSL_NO_EC
+    if (type & (SSL_kECDHE | SSL_kECDHEPSK)) {
+        /*
+         * We only support named (not generic) curves. In this situation, the
+         * ServerKeyExchange message has: [1 byte CurveType], [2 byte CurveName]
+         * [1 byte length of encoded point], followed by the actual encoded
+         * point itself
+         */
+        if (!WPACKET_put_bytes_u8(pkt, NAMED_CURVE_TYPE)
+                || !WPACKET_put_bytes_u8(pkt, 0)
+                || !WPACKET_put_bytes_u8(pkt, curve_id)
+                || !WPACKET_sub_memcpy_u8(pkt, encodedPoint, encodedlen)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        OPENSSL_free(encodedPoint);
+        encodedPoint = NULL;
+    }
+#endif
+
+    /* not anonymous */
+    if (lu != NULL) {
+        EVP_PKEY *pkey = s->s3->tmp.cert->privatekey;
+        const EVP_MD *md;
+        unsigned char *sigbytes1, *sigbytes2, *tbs;
+        size_t siglen, tbslen;
+        int rv;
+
+        if (pkey == NULL || !tls1_lookup_md(lu, &md)) {
+            /* Should never happen */
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        /* Get length of the parameters we have written above */
+        if (!WPACKET_get_length(pkt, &paramlen)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        /* send signature algorithm */
+        if (SSL_USE_SIGALGS(s) && !WPACKET_put_bytes_u16(pkt, lu->sigalg)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        /*
+         * Create the signature. We don't know the actual length of the sig
+         * until after we've created it, so we reserve enough bytes for it
+         * up front, and then properly allocate them in the WPACKET
+         * afterwards.
+         */
+        siglen = EVP_PKEY_size(pkey);
+        if (!WPACKET_sub_reserve_bytes_u16(pkt, siglen, &sigbytes1)
+            || EVP_DigestSignInit(md_ctx, &pctx, md, NULL, pkey) <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        if (lu->sig == EVP_PKEY_RSA_PSS) {
+            if (EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) <= 0
+                || EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, RSA_PSS_SALTLEN_DIGEST) <= 0) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                        ERR_R_EVP_LIB);
+                goto err;
+            }
+        }
+        tbslen = construct_key_exchange_tbs(s, &tbs,
+                                            s->init_buf->data + paramoffset,
+                                            paramlen);
+        if (tbslen == 0) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+        rv = EVP_DigestSign(md_ctx, sigbytes1, &siglen, tbs, tbslen);
+        OPENSSL_free(tbs);
+        if (rv <= 0 || !WPACKET_sub_allocate_bytes_u16(pkt, siglen, &sigbytes2)
+            || sigbytes1 != sigbytes2) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+    }
+
+    EVP_MD_CTX_free(md_ctx);
+    return 1;
+ err:
+#ifndef OPENSSL_NO_DH
+    EVP_PKEY_free(pkdh);
+#endif
+#ifndef OPENSSL_NO_EC
+    OPENSSL_free(encodedPoint);
+#endif
+    EVP_MD_CTX_free(md_ctx);
+    return 0;
+}
+
+int tls_construct_certificate_request(SSL *s, WPACKET *pkt)
+{
+    if (SSL_IS_TLS13(s)) {
+        /* Send random context when doing post-handshake auth */
+        if (s->post_handshake_auth == SSL_PHA_REQUEST_PENDING) {
+            OPENSSL_free(s->pha_context);
+            s->pha_context_len = 32;
+            if ((s->pha_context = OPENSSL_malloc(s->pha_context_len)) == NULL
+                    || RAND_bytes(s->pha_context, s->pha_context_len) <= 0
+                    || !WPACKET_sub_memcpy_u8(pkt, s->pha_context, s->pha_context_len)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST,
+                         ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+            /* reset the handshake hash back to just after the ClientFinished */
+            if (!tls13_restore_handshake_digest_for_pha(s)) {
+                /* SSLfatal() already called */
+                return 0;
+            }
+        } else {
+            if (!WPACKET_put_bytes_u8(pkt, 0)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST,
+                         ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+        }
+
+        if (!tls_construct_extensions(s, pkt,
+                                      SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, NULL,
+                                      0)) {
+            /* SSLfatal() already called */
+            return 0;
+        }
+        goto done;
+    }
+
+    /* get the list of acceptable cert types */
+    if (!WPACKET_start_sub_packet_u8(pkt)
+        || !ssl3_get_req_cert_type(s, pkt) || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    if (SSL_USE_SIGALGS(s)) {
+        const uint16_t *psigs;
+        size_t nl = tls12_get_psigalgs(s, 1, &psigs);
+
+        if (!WPACKET_start_sub_packet_u16(pkt)
+                || !WPACKET_set_flags(pkt, WPACKET_FLAGS_NON_ZERO_LENGTH)
+                || !tls12_copy_sigalgs(s, pkt, psigs, nl)
+                || !WPACKET_close(pkt)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+    }
+
+    if (!construct_ca_names(s, get_ca_names(s), pkt)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+ done:
+    s->certreqs_sent++;
+    s->s3->tmp.cert_request = 1;
+    return 1;
+}
+
+static int tls_process_cke_psk_preamble(SSL *s, PACKET *pkt)
+{
+#ifndef OPENSSL_NO_PSK
+    unsigned char psk[PSK_MAX_PSK_LEN];
+    size_t psklen;
+    PACKET psk_identity;
+
+    if (!PACKET_get_length_prefixed_2(pkt, &psk_identity)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+    if (PACKET_remaining(&psk_identity) > PSK_MAX_IDENTITY_LEN) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE,
+                 SSL_R_DATA_LENGTH_TOO_LONG);
+        return 0;
+    }
+    if (s->psk_server_callback == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE,
+                 SSL_R_PSK_NO_SERVER_CB);
+        return 0;
+    }
+
+    if (!PACKET_strndup(&psk_identity, &s->session->psk_identity)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    psklen = s->psk_server_callback(s, s->session->psk_identity,
+                                    psk, sizeof(psk));
+
+    if (psklen > PSK_MAX_PSK_LEN) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    } else if (psklen == 0) {
+        /*
+         * PSK related to the given identity not found
+         */
+        SSLfatal(s, SSL_AD_UNKNOWN_PSK_IDENTITY,
+                 SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE,
+                 SSL_R_PSK_IDENTITY_NOT_FOUND);
+        return 0;
+    }
+
+    OPENSSL_free(s->s3->tmp.psk);
+    s->s3->tmp.psk = OPENSSL_memdup(psk, psklen);
+    OPENSSL_cleanse(psk, psklen);
+
+    if (s->s3->tmp.psk == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    s->s3->tmp.psklen = psklen;
+
+    return 1;
+#else
+    /* Should never happen */
+    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE,
+             ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+static int tls_process_cke_rsa(SSL *s, PACKET *pkt)
+{
+#ifndef OPENSSL_NO_RSA
+    unsigned char rand_premaster_secret[SSL_MAX_MASTER_KEY_LENGTH];
+    int decrypt_len;
+    unsigned char decrypt_good, version_good;
+    size_t j, padding_len;
+    PACKET enc_premaster;
+    RSA *rsa = NULL;
+    unsigned char *rsa_decrypt = NULL;
+    int ret = 0;
+
+    rsa = EVP_PKEY_get0_RSA(s->cert->pkeys[SSL_PKEY_RSA].privatekey);
+    if (rsa == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_RSA,
+                 SSL_R_MISSING_RSA_CERTIFICATE);
+        return 0;
+    }
+
+    /* SSLv3 and pre-standard DTLS omit the length bytes. */
+    if (s->version == SSL3_VERSION || s->version == DTLS1_BAD_VER) {
+        enc_premaster = *pkt;
+    } else {
+        if (!PACKET_get_length_prefixed_2(pkt, &enc_premaster)
+            || PACKET_remaining(pkt) != 0) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_RSA,
+                     SSL_R_LENGTH_MISMATCH);
+            return 0;
+        }
+    }
+
+    /*
+     * We want to be sure that the plaintext buffer size makes it safe to
+     * iterate over the entire size of a premaster secret
+     * (SSL_MAX_MASTER_KEY_LENGTH). Reject overly short RSA keys because
+     * their ciphertext cannot accommodate a premaster secret anyway.
+     */
+    if (RSA_size(rsa) < SSL_MAX_MASTER_KEY_LENGTH) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_RSA,
+                 RSA_R_KEY_SIZE_TOO_SMALL);
+        return 0;
+    }
+
+    rsa_decrypt = OPENSSL_malloc(RSA_size(rsa));
+    if (rsa_decrypt == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_RSA,
+                 ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    /*
+     * We must not leak whether a decryption failure occurs because of
+     * Bleichenbacher's attack on PKCS #1 v1.5 RSA padding (see RFC 2246,
+     * section 7.4.7.1). The code follows that advice of the TLS RFC and
+     * generates a random premaster secret for the case that the decrypt
+     * fails. See https://tools.ietf.org/html/rfc5246#section-7.4.7.1
+     */
+
+    if (RAND_priv_bytes(rand_premaster_secret,
+                      sizeof(rand_premaster_secret)) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_RSA,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    /*
+     * Decrypt with no padding. PKCS#1 padding will be removed as part of
+     * the timing-sensitive code below.
+     */
+     /* TODO(size_t): Convert this function */
+    decrypt_len = (int)RSA_private_decrypt((int)PACKET_remaining(&enc_premaster),
+                                           PACKET_data(&enc_premaster),
+                                           rsa_decrypt, rsa, RSA_NO_PADDING);
+    if (decrypt_len < 0) {
+        SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_F_TLS_PROCESS_CKE_RSA,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    /* Check the padding. See RFC 3447, section 7.2.2. */
+
+    /*
+     * The smallest padded premaster is 11 bytes of overhead. Small keys
+     * are publicly invalid, so this may return immediately. This ensures
+     * PS is at least 8 bytes.
+     */
+    if (decrypt_len < 11 + SSL_MAX_MASTER_KEY_LENGTH) {
+        SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_F_TLS_PROCESS_CKE_RSA,
+                 SSL_R_DECRYPTION_FAILED);
+        goto err;
+    }
+
+    padding_len = decrypt_len - SSL_MAX_MASTER_KEY_LENGTH;
+    decrypt_good = constant_time_eq_int_8(rsa_decrypt[0], 0) &
+        constant_time_eq_int_8(rsa_decrypt[1], 2);
+    for (j = 2; j < padding_len - 1; j++) {
+        decrypt_good &= ~constant_time_is_zero_8(rsa_decrypt[j]);
+    }
+    decrypt_good &= constant_time_is_zero_8(rsa_decrypt[padding_len - 1]);
+
+    /*
+     * If the version in the decrypted pre-master secret is correct then
+     * version_good will be 0xff, otherwise it'll be zero. The
+     * Klima-Pokorny-Rosa extension of Bleichenbacher's attack
+     * (http://eprint.iacr.org/2003/052/) exploits the version number
+     * check as a "bad version oracle". Thus version checks are done in
+     * constant time and are treated like any other decryption error.
+     */
+    version_good =
+        constant_time_eq_8(rsa_decrypt[padding_len],
+                           (unsigned)(s->client_version >> 8));
+    version_good &=
+        constant_time_eq_8(rsa_decrypt[padding_len + 1],
+                           (unsigned)(s->client_version & 0xff));
+
+    /*
+     * The premaster secret must contain the same version number as the
+     * ClientHello to detect version rollback attacks (strangely, the
+     * protocol does not offer such protection for DH ciphersuites).
+     * However, buggy clients exist that send the negotiated protocol
+     * version instead if the server does not support the requested
+     * protocol version. If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such
+     * clients.
+     */
+    if (s->options & SSL_OP_TLS_ROLLBACK_BUG) {
+        unsigned char workaround_good;
+        workaround_good = constant_time_eq_8(rsa_decrypt[padding_len],
+                                             (unsigned)(s->version >> 8));
+        workaround_good &=
+            constant_time_eq_8(rsa_decrypt[padding_len + 1],
+                               (unsigned)(s->version & 0xff));
+        version_good |= workaround_good;
+    }
+
+    /*
+     * Both decryption and version must be good for decrypt_good to
+     * remain non-zero (0xff).
+     */
+    decrypt_good &= version_good;
+
+    /*
+     * Now copy rand_premaster_secret over from p using
+     * decrypt_good_mask. If decryption failed, then p does not
+     * contain valid plaintext, however, a check above guarantees
+     * it is still sufficiently large to read from.
+     */
+    for (j = 0; j < sizeof(rand_premaster_secret); j++) {
+        rsa_decrypt[padding_len + j] =
+            constant_time_select_8(decrypt_good,
+                                   rsa_decrypt[padding_len + j],
+                                   rand_premaster_secret[j]);
+    }
+
+    if (!ssl_generate_master_secret(s, rsa_decrypt + padding_len,
+                                    sizeof(rand_premaster_secret), 0)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    ret = 1;
+ err:
+    OPENSSL_free(rsa_decrypt);
+    return ret;
+#else
+    /* Should never happen */
+    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_RSA,
+             ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+static int tls_process_cke_dhe(SSL *s, PACKET *pkt)
+{
+#ifndef OPENSSL_NO_DH
+    EVP_PKEY *skey = NULL;
+    DH *cdh;
+    unsigned int i;
+    BIGNUM *pub_key;
+    const unsigned char *data;
+    EVP_PKEY *ckey = NULL;
+    int ret = 0;
+
+    if (!PACKET_get_net_2(pkt, &i) || PACKET_remaining(pkt) != i) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_DHE,
+               SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
+        goto err;
+    }
+    skey = s->s3->tmp.pkey;
+    if (skey == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_DHE,
+                 SSL_R_MISSING_TMP_DH_KEY);
+        goto err;
+    }
+
+    if (PACKET_remaining(pkt) == 0L) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_DHE,
+                 SSL_R_MISSING_TMP_DH_KEY);
+        goto err;
+    }
+    if (!PACKET_get_bytes(pkt, &data, i)) {
+        /* We already checked we have enough data */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_DHE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    ckey = EVP_PKEY_new();
+    if (ckey == NULL || EVP_PKEY_copy_parameters(ckey, skey) == 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_DHE,
+                 SSL_R_BN_LIB);
+        goto err;
+    }
+
+    cdh = EVP_PKEY_get0_DH(ckey);
+    pub_key = BN_bin2bn(data, i, NULL);
+    if (pub_key == NULL || cdh == NULL || !DH_set0_key(cdh, pub_key, NULL)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_DHE,
+                 ERR_R_INTERNAL_ERROR);
+        BN_free(pub_key);
+        goto err;
+    }
+
+    if (ssl_derive(s, skey, ckey, 1) == 0) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    ret = 1;
+    EVP_PKEY_free(s->s3->tmp.pkey);
+    s->s3->tmp.pkey = NULL;
+ err:
+    EVP_PKEY_free(ckey);
+    return ret;
+#else
+    /* Should never happen */
+    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_DHE,
+             ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+static int tls_process_cke_ecdhe(SSL *s, PACKET *pkt)
+{
+#ifndef OPENSSL_NO_EC
+    EVP_PKEY *skey = s->s3->tmp.pkey;
+    EVP_PKEY *ckey = NULL;
+    int ret = 0;
+
+    if (PACKET_remaining(pkt) == 0L) {
+        /* We don't support ECDH client auth */
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PROCESS_CKE_ECDHE,
+                 SSL_R_MISSING_TMP_ECDH_KEY);
+        goto err;
+    } else {
+        unsigned int i;
+        const unsigned char *data;
+
+        /*
+         * Get client's public key from encoded point in the
+         * ClientKeyExchange message.
+         */
+
+        /* Get encoded point length */
+        if (!PACKET_get_1(pkt, &i) || !PACKET_get_bytes(pkt, &data, i)
+            || PACKET_remaining(pkt) != 0) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_ECDHE,
+                     SSL_R_LENGTH_MISMATCH);
+            goto err;
+        }
+        if (skey == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_ECDHE,
+                     SSL_R_MISSING_TMP_ECDH_KEY);
+            goto err;
+        }
+
+        ckey = EVP_PKEY_new();
+        if (ckey == NULL || EVP_PKEY_copy_parameters(ckey, skey) <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_ECDHE,
+                     ERR_R_EVP_LIB);
+            goto err;
+        }
+        if (EVP_PKEY_set1_tls_encodedpoint(ckey, data, i) == 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_ECDHE,
+                     ERR_R_EC_LIB);
+            goto err;
+        }
+    }
+
+    if (ssl_derive(s, skey, ckey, 1) == 0) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    ret = 1;
+    EVP_PKEY_free(s->s3->tmp.pkey);
+    s->s3->tmp.pkey = NULL;
+ err:
+    EVP_PKEY_free(ckey);
+
+    return ret;
+#else
+    /* Should never happen */
+    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_ECDHE,
+             ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+static int tls_process_cke_srp(SSL *s, PACKET *pkt)
+{
+#ifndef OPENSSL_NO_SRP
+    unsigned int i;
+    const unsigned char *data;
+
+    if (!PACKET_get_net_2(pkt, &i)
+        || !PACKET_get_bytes(pkt, &data, i)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_SRP,
+                 SSL_R_BAD_SRP_A_LENGTH);
+        return 0;
+    }
+    if ((s->srp_ctx.A = BN_bin2bn(data, i, NULL)) == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_SRP,
+                 ERR_R_BN_LIB);
+        return 0;
+    }
+    if (BN_ucmp(s->srp_ctx.A, s->srp_ctx.N) >= 0 || BN_is_zero(s->srp_ctx.A)) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_CKE_SRP,
+                 SSL_R_BAD_SRP_PARAMETERS);
+        return 0;
+    }
+    OPENSSL_free(s->session->srp_username);
+    s->session->srp_username = OPENSSL_strdup(s->srp_ctx.login);
+    if (s->session->srp_username == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_SRP,
+                 ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    if (!srp_generate_server_master_secret(s)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    return 1;
+#else
+    /* Should never happen */
+    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_SRP,
+             ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+static int tls_process_cke_gost(SSL *s, PACKET *pkt)
+{
+#ifndef OPENSSL_NO_GOST
+    EVP_PKEY_CTX *pkey_ctx;
+    EVP_PKEY *client_pub_pkey = NULL, *pk = NULL;
+    unsigned char premaster_secret[32];
+    const unsigned char *start;
+    size_t outlen = 32, inlen;
+    unsigned long alg_a;
+    unsigned int asn1id, asn1len;
+    int ret = 0;
+    PACKET encdata;
+
+    /* Get our certificate private key */
+    alg_a = s->s3->tmp.new_cipher->algorithm_auth;
+    if (alg_a & SSL_aGOST12) {
+        /*
+         * New GOST ciphersuites have SSL_aGOST01 bit too
+         */
+        pk = s->cert->pkeys[SSL_PKEY_GOST12_512].privatekey;
+        if (pk == NULL) {
+            pk = s->cert->pkeys[SSL_PKEY_GOST12_256].privatekey;
+        }
+        if (pk == NULL) {
+            pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
+        }
+    } else if (alg_a & SSL_aGOST01) {
+        pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
+    }
+
+    pkey_ctx = EVP_PKEY_CTX_new(pk, NULL);
+    if (pkey_ctx == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,
+                 ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    if (EVP_PKEY_decrypt_init(pkey_ctx) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    /*
+     * If client certificate is present and is of the same type, maybe
+     * use it for key exchange.  Don't mind errors from
+     * EVP_PKEY_derive_set_peer, because it is completely valid to use a
+     * client certificate for authorization only.
+     */
+    client_pub_pkey = X509_get0_pubkey(s->session->peer);
+    if (client_pub_pkey) {
+        if (EVP_PKEY_derive_set_peer(pkey_ctx, client_pub_pkey) <= 0)
+            ERR_clear_error();
+    }
+    /* Decrypt session key */
+    if (!PACKET_get_1(pkt, &asn1id)
+            || asn1id != (V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED)
+            || !PACKET_peek_1(pkt, &asn1len)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,
+                 SSL_R_DECRYPTION_FAILED);
+        goto err;
+    }
+    if (asn1len == 0x81) {
+        /*
+         * Long form length. Should only be one byte of length. Anything else
+         * isn't supported.
+         * We did a successful peek before so this shouldn't fail
+         */
+        if (!PACKET_forward(pkt, 1)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,
+                     SSL_R_DECRYPTION_FAILED);
+            goto err;
+        }
+    } else  if (asn1len >= 0x80) {
+        /*
+         * Indefinite length, or more than one long form length bytes. We don't
+         * support it
+         */
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,
+                 SSL_R_DECRYPTION_FAILED);
+        goto err;
+    } /* else short form length */
+
+    if (!PACKET_as_length_prefixed_1(pkt, &encdata)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,
+                 SSL_R_DECRYPTION_FAILED);
+        goto err;
+    }
+    inlen = PACKET_remaining(&encdata);
+    start = PACKET_data(&encdata);
+
+    if (EVP_PKEY_decrypt(pkey_ctx, premaster_secret, &outlen, start,
+                         inlen) <= 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,
+                 SSL_R_DECRYPTION_FAILED);
+        goto err;
+    }
+    /* Generate master secret */
+    if (!ssl_generate_master_secret(s, premaster_secret,
+                                    sizeof(premaster_secret), 0)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+    /* Check if pubkey from client certificate was used */
+    if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2,
+                          NULL) > 0)
+        s->statem.no_cert_verify = 1;
+
+    ret = 1;
+ err:
+    EVP_PKEY_CTX_free(pkey_ctx);
+    return ret;
+#else
+    /* Should never happen */
+    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,
+             ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
+{
+    unsigned long alg_k;
+
+    alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+
+    /* For PSK parse and retrieve identity, obtain PSK key */
+    if ((alg_k & SSL_PSK) && !tls_process_cke_psk_preamble(s, pkt)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    if (alg_k & SSL_kPSK) {
+        /* Identity extracted earlier: should be nothing left */
+        if (PACKET_remaining(pkt) != 0) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
+                     SSL_R_LENGTH_MISMATCH);
+            goto err;
+        }
+        /* PSK handled by ssl_generate_master_secret */
+        if (!ssl_generate_master_secret(s, NULL, 0, 0)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    } else if (alg_k & (SSL_kRSA | SSL_kRSAPSK)) {
+        if (!tls_process_cke_rsa(s, pkt)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    } else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
+        if (!tls_process_cke_dhe(s, pkt)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    } else if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) {
+        if (!tls_process_cke_ecdhe(s, pkt)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    } else if (alg_k & SSL_kSRP) {
+        if (!tls_process_cke_srp(s, pkt)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    } else if (alg_k & SSL_kGOST) {
+        if (!tls_process_cke_gost(s, pkt)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    } else {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
+                 SSL_R_UNKNOWN_CIPHER_TYPE);
+        goto err;
+    }
+
+    return MSG_PROCESS_CONTINUE_PROCESSING;
+ err:
+#ifndef OPENSSL_NO_PSK
+    OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen);
+    s->s3->tmp.psk = NULL;
+#endif
+    return MSG_PROCESS_ERROR;
+}
+
+WORK_STATE tls_post_process_client_key_exchange(SSL *s, WORK_STATE wst)
+{
+#ifndef OPENSSL_NO_SCTP
+    if (wst == WORK_MORE_A) {
+        if (SSL_IS_DTLS(s)) {
+            unsigned char sctpauthkey[64];
+            char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
+            size_t labellen;
+            /*
+             * Add new shared key for SCTP-Auth, will be ignored if no SCTP
+             * used.
+             */
+            memcpy(labelbuffer, DTLS1_SCTP_AUTH_LABEL,
+                   sizeof(DTLS1_SCTP_AUTH_LABEL));
+
+            /* Don't include the terminating zero. */
+            labellen = sizeof(labelbuffer) - 1;
+            if (s->mode & SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG)
+                labellen += 1;
+
+            if (SSL_export_keying_material(s, sctpauthkey,
+                                           sizeof(sctpauthkey), labelbuffer,
+                                           labellen, NULL, 0,
+                                           0) <= 0) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE,
+                         ERR_R_INTERNAL_ERROR);
+                return WORK_ERROR;
+            }
+
+            BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
+                     sizeof(sctpauthkey), sctpauthkey);
+        }
+    }
+#endif
+
+    if (s->statem.no_cert_verify || !s->session->peer) {
+        /*
+         * No certificate verify or no peer certificate so we no longer need
+         * the handshake_buffer
+         */
+        if (!ssl3_digest_cached_records(s, 0)) {
+            /* SSLfatal() already called */
+            return WORK_ERROR;
+        }
+        return WORK_FINISHED_CONTINUE;
+    } else {
+        if (!s->s3->handshake_buffer) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE,
+                     ERR_R_INTERNAL_ERROR);
+            return WORK_ERROR;
+        }
+        /*
+         * For sigalgs freeze the handshake buffer. If we support
+         * extms we've done this already so this is a no-op
+         */
+        if (!ssl3_digest_cached_records(s, 1)) {
+            /* SSLfatal() already called */
+            return WORK_ERROR;
+        }
+    }
+
+    return WORK_FINISHED_CONTINUE;
+}
+
+MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt)
+{
+    int i;
+    MSG_PROCESS_RETURN ret = MSG_PROCESS_ERROR;
+    X509 *x = NULL;
+    unsigned long l;
+    const unsigned char *certstart, *certbytes;
+    STACK_OF(X509) *sk = NULL;
+    PACKET spkt, context;
+    size_t chainidx;
+    SSL_SESSION *new_sess = NULL;
+
+    /*
+     * To get this far we must have read encrypted data from the client. We no
+     * longer tolerate unencrypted alerts. This value is ignored if less than
+     * TLSv1.3
+     */
+    s->statem.enc_read_state = ENC_READ_STATE_VALID;
+
+    if ((sk = sk_X509_new_null()) == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+                 ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (SSL_IS_TLS13(s) && (!PACKET_get_length_prefixed_1(pkt, &context)
+                            || (s->pha_context == NULL && PACKET_remaining(&context) != 0)
+                            || (s->pha_context != NULL &&
+                                !PACKET_equal(&context, s->pha_context, s->pha_context_len)))) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+                 SSL_R_INVALID_CONTEXT);
+        goto err;
+    }
+
+    if (!PACKET_get_length_prefixed_3(pkt, &spkt)
+            || PACKET_remaining(pkt) != 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+                 SSL_R_LENGTH_MISMATCH);
+        goto err;
+    }
+
+    for (chainidx = 0; PACKET_remaining(&spkt) > 0; chainidx++) {
+        if (!PACKET_get_net_3(&spkt, &l)
+            || !PACKET_get_bytes(&spkt, &certbytes, l)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+                     SSL_R_CERT_LENGTH_MISMATCH);
+            goto err;
+        }
+
+        certstart = certbytes;
+        x = d2i_X509(NULL, (const unsigned char **)&certbytes, l);
+        if (x == NULL) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, ERR_R_ASN1_LIB);
+            goto err;
+        }
+        if (certbytes != (certstart + l)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+                     SSL_R_CERT_LENGTH_MISMATCH);
+            goto err;
+        }
+
+        if (SSL_IS_TLS13(s)) {
+            RAW_EXTENSION *rawexts = NULL;
+            PACKET extensions;
+
+            if (!PACKET_get_length_prefixed_2(&spkt, &extensions)) {
+                SSLfatal(s, SSL_AD_DECODE_ERROR,
+                         SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+                         SSL_R_BAD_LENGTH);
+                goto err;
+            }
+            if (!tls_collect_extensions(s, &extensions,
+                                        SSL_EXT_TLS1_3_CERTIFICATE, &rawexts,
+                                        NULL, chainidx == 0)
+                || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_CERTIFICATE,
+                                             rawexts, x, chainidx,
+                                             PACKET_remaining(&spkt) == 0)) {
+                OPENSSL_free(rawexts);
+                goto err;
+            }
+            OPENSSL_free(rawexts);
+        }
+
+        if (!sk_X509_push(sk, x)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+                     ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        x = NULL;
+    }
+
+    if (sk_X509_num(sk) <= 0) {
+        /* TLS does not mind 0 certs returned */
+        if (s->version == SSL3_VERSION) {
+            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                     SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+                     SSL_R_NO_CERTIFICATES_RETURNED);
+            goto err;
+        }
+        /* Fail for TLS only if we required a certificate */
+        else if ((s->verify_mode & SSL_VERIFY_PEER) &&
+                 (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
+            SSLfatal(s, SSL_AD_CERTIFICATE_REQUIRED,
+                     SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+                     SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
+            goto err;
+        }
+        /* No client certificate so digest cached records */
+        if (s->s3->handshake_buffer && !ssl3_digest_cached_records(s, 0)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    } else {
+        EVP_PKEY *pkey;
+        i = ssl_verify_cert_chain(s, sk);
+        if (i <= 0) {
+            SSLfatal(s, ssl_x509err2alert(s->verify_result),
+                     SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+                     SSL_R_CERTIFICATE_VERIFY_FAILED);
+            goto err;
+        }
+        if (i > 1) {
+            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                     SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, i);
+            goto err;
+        }
+        pkey = X509_get0_pubkey(sk_X509_value(sk, 0));
+        if (pkey == NULL) {
+            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                     SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+                     SSL_R_UNKNOWN_CERTIFICATE_TYPE);
+            goto err;
+        }
+    }
+
+    /*
+     * Sessions must be immutable once they go into the session cache. Otherwise
+     * we can get multi-thread problems. Therefore we don't "update" sessions,
+     * we replace them with a duplicate. Here, we need to do this every time
+     * a new certificate is received via post-handshake authentication, as the
+     * session may have already gone into the session cache.
+     */
+
+    if (s->post_handshake_auth == SSL_PHA_REQUESTED) {
+        if ((new_sess = ssl_session_dup(s->session, 0)) == 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+                     ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        SSL_SESSION_free(s->session);
+        s->session = new_sess;
+    }
+
+    X509_free(s->session->peer);
+    s->session->peer = sk_X509_shift(sk);
+    s->session->verify_result = s->verify_result;
+
+    sk_X509_pop_free(s->session->peer_chain, X509_free);
+    s->session->peer_chain = sk;
+
+    /*
+     * Freeze the handshake buffer. For <TLS1.3 we do this after the CKE
+     * message
+     */
+    if (SSL_IS_TLS13(s) && !ssl3_digest_cached_records(s, 1)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    /*
+     * Inconsistency alert: cert_chain does *not* include the peer's own
+     * certificate, while we do include it in statem_clnt.c
+     */
+    sk = NULL;
+
+    /* Save the current hash state for when we receive the CertificateVerify */
+    if (SSL_IS_TLS13(s)) {
+        if (!ssl_handshake_hash(s, s->cert_verify_hash,
+                                sizeof(s->cert_verify_hash),
+                                &s->cert_verify_hash_len)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+
+        /* Resend session tickets */
+        s->sent_tickets = 0;
+    }
+
+    ret = MSG_PROCESS_CONTINUE_READING;
+
+ err:
+    X509_free(x);
+    sk_X509_pop_free(sk, X509_free);
+    return ret;
+}
+
+int tls_construct_server_certificate(SSL *s, WPACKET *pkt)
+{
+    CERT_PKEY *cpk = s->s3->tmp.cert;
+
+    if (cpk == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    /*
+     * In TLSv1.3 the certificate chain is always preceded by a 0 length context
+     * for the server Certificate message
+     */
+    if (SSL_IS_TLS13(s) && !WPACKET_put_bytes_u8(pkt, 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    if (!ssl3_output_cert_chain(s, pkt, cpk)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    return 1;
+}
+
+static int create_ticket_prequel(SSL *s, WPACKET *pkt, uint32_t age_add,
+                                 unsigned char *tick_nonce)
+{
+    /*
+     * Ticket lifetime hint: For TLSv1.2 this is advisory only and we leave this
+     * unspecified for resumed session (for simplicity).
+     * In TLSv1.3 we reset the "time" field above, and always specify the
+     * timeout.
+     */
+    if (!WPACKET_put_bytes_u32(pkt,
+                               (s->hit && !SSL_IS_TLS13(s))
+                               ? 0 : s->session->timeout)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CREATE_TICKET_PREQUEL,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    if (SSL_IS_TLS13(s)) {
+        if (!WPACKET_put_bytes_u32(pkt, age_add)
+                || !WPACKET_sub_memcpy_u8(pkt, tick_nonce, TICKET_NONCE_SIZE)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CREATE_TICKET_PREQUEL,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+    }
+
+    /* Start the sub-packet for the actual ticket data */
+    if (!WPACKET_start_sub_packet_u16(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CREATE_TICKET_PREQUEL,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    return 1;
+}
+
+static int construct_stateless_ticket(SSL *s, WPACKET *pkt, uint32_t age_add,
+                                      unsigned char *tick_nonce)
+{
+    unsigned char *senc = NULL;
+    EVP_CIPHER_CTX *ctx = NULL;
+    HMAC_CTX *hctx = NULL;
+    unsigned char *p, *encdata1, *encdata2, *macdata1, *macdata2;
+    const unsigned char *const_p;
+    int len, slen_full, slen, lenfinal;
+    SSL_SESSION *sess;
+    unsigned int hlen;
+    SSL_CTX *tctx = s->session_ctx;
+    unsigned char iv[EVP_MAX_IV_LENGTH];
+    unsigned char key_name[TLSEXT_KEYNAME_LENGTH];
+    int iv_len, ok = 0;
+    size_t macoffset, macendoffset;
+
+    /* get session encoding length */
+    slen_full = i2d_SSL_SESSION(s->session, NULL);
+    /*
+     * Some length values are 16 bits, so forget it if session is too
+     * long
+     */
+    if (slen_full == 0 || slen_full > 0xFF00) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    senc = OPENSSL_malloc(slen_full);
+    if (senc == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_CONSTRUCT_STATELESS_TICKET, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    ctx = EVP_CIPHER_CTX_new();
+    hctx = HMAC_CTX_new();
+    if (ctx == NULL || hctx == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET,
+                 ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    p = senc;
+    if (!i2d_SSL_SESSION(s->session, &p)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    /*
+     * create a fresh copy (not shared with other threads) to clean up
+     */
+    const_p = senc;
+    sess = d2i_SSL_SESSION(NULL, &const_p, slen_full);
+    if (sess == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    slen = i2d_SSL_SESSION(sess, NULL);
+    if (slen == 0 || slen > slen_full) {
+        /* shouldn't ever happen */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET,
+                 ERR_R_INTERNAL_ERROR);
+        SSL_SESSION_free(sess);
+        goto err;
+    }
+    p = senc;
+    if (!i2d_SSL_SESSION(sess, &p)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET,
+                 ERR_R_INTERNAL_ERROR);
+        SSL_SESSION_free(sess);
+        goto err;
+    }
+    SSL_SESSION_free(sess);
+
+    /*
+     * Initialize HMAC and cipher contexts. If callback present it does
+     * all the work otherwise use generated values from parent ctx.
+     */
+    if (tctx->ext.ticket_key_cb) {
+        /* if 0 is returned, write an empty ticket */
+        int ret = tctx->ext.ticket_key_cb(s, key_name, iv, ctx,
+                                             hctx, 1);
+
+        if (ret == 0) {
+
+            /* Put timeout and length */
+            if (!WPACKET_put_bytes_u32(pkt, 0)
+                    || !WPACKET_put_bytes_u16(pkt, 0)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_CONSTRUCT_STATELESS_TICKET,
+                         ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            OPENSSL_free(senc);
+            EVP_CIPHER_CTX_free(ctx);
+            HMAC_CTX_free(hctx);
+            return 1;
+        }
+        if (ret < 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET,
+                     SSL_R_CALLBACK_FAILED);
+            goto err;
+        }
+        iv_len = EVP_CIPHER_CTX_iv_length(ctx);
+    } else {
+        const EVP_CIPHER *cipher = EVP_aes_256_cbc();
+
+        iv_len = EVP_CIPHER_iv_length(cipher);
+        if (RAND_bytes(iv, iv_len) <= 0
+                || !EVP_EncryptInit_ex(ctx, cipher, NULL,
+                                       tctx->ext.secure->tick_aes_key, iv)
+                || !HMAC_Init_ex(hctx, tctx->ext.secure->tick_hmac_key,
+                                 sizeof(tctx->ext.secure->tick_hmac_key),
+                                 EVP_sha256(), NULL)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        memcpy(key_name, tctx->ext.tick_key_name,
+               sizeof(tctx->ext.tick_key_name));
+    }
+
+    if (!create_ticket_prequel(s, pkt, age_add, tick_nonce)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    if (!WPACKET_get_total_written(pkt, &macoffset)
+               /* Output key name */
+            || !WPACKET_memcpy(pkt, key_name, sizeof(key_name))
+               /* output IV */
+            || !WPACKET_memcpy(pkt, iv, iv_len)
+            || !WPACKET_reserve_bytes(pkt, slen + EVP_MAX_BLOCK_LENGTH,
+                                      &encdata1)
+               /* Encrypt session data */
+            || !EVP_EncryptUpdate(ctx, encdata1, &len, senc, slen)
+            || !WPACKET_allocate_bytes(pkt, len, &encdata2)
+            || encdata1 != encdata2
+            || !EVP_EncryptFinal(ctx, encdata1 + len, &lenfinal)
+            || !WPACKET_allocate_bytes(pkt, lenfinal, &encdata2)
+            || encdata1 + len != encdata2
+            || len + lenfinal > slen + EVP_MAX_BLOCK_LENGTH
+            || !WPACKET_get_total_written(pkt, &macendoffset)
+            || !HMAC_Update(hctx,
+                            (unsigned char *)s->init_buf->data + macoffset,
+                            macendoffset - macoffset)
+            || !WPACKET_reserve_bytes(pkt, EVP_MAX_MD_SIZE, &macdata1)
+            || !HMAC_Final(hctx, macdata1, &hlen)
+            || hlen > EVP_MAX_MD_SIZE
+            || !WPACKET_allocate_bytes(pkt, hlen, &macdata2)
+            || macdata1 != macdata2) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_CONSTRUCT_STATELESS_TICKET, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    /* Close the sub-packet created by create_ticket_prequel() */
+    if (!WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    ok = 1;
+ err:
+    OPENSSL_free(senc);
+    EVP_CIPHER_CTX_free(ctx);
+    HMAC_CTX_free(hctx);
+    return ok;
+}
+
+static int construct_stateful_ticket(SSL *s, WPACKET *pkt, uint32_t age_add,
+                                     unsigned char *tick_nonce)
+{
+    if (!create_ticket_prequel(s, pkt, age_add, tick_nonce)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    if (!WPACKET_memcpy(pkt, s->session->session_id,
+                        s->session->session_id_length)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATEFUL_TICKET,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    return 1;
+}
+
+int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt)
+{
+    SSL_CTX *tctx = s->session_ctx;
+    unsigned char tick_nonce[TICKET_NONCE_SIZE];
+    union {
+        unsigned char age_add_c[sizeof(uint32_t)];
+        uint32_t age_add;
+    } age_add_u;
+
+    age_add_u.age_add = 0;
+
+    if (SSL_IS_TLS13(s)) {
+        size_t i, hashlen;
+        uint64_t nonce;
+        static const unsigned char nonce_label[] = "resumption";
+        const EVP_MD *md = ssl_handshake_md(s);
+        int hashleni = EVP_MD_size(md);
+
+        /* Ensure cast to size_t is safe */
+        if (!ossl_assert(hashleni >= 0)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        hashlen = (size_t)hashleni;
+
+        /*
+         * If we already sent one NewSessionTicket, or we resumed then
+         * s->session may already be in a cache and so we must not modify it.
+         * Instead we need to take a copy of it and modify that.
+         */
+        if (s->sent_tickets != 0 || s->hit) {
+            SSL_SESSION *new_sess = ssl_session_dup(s->session, 0);
+
+            if (new_sess == NULL) {
+                /* SSLfatal already called */
+                goto err;
+            }
+
+            SSL_SESSION_free(s->session);
+            s->session = new_sess;
+        }
+
+        if (!ssl_generate_session_id(s, s->session)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+        if (RAND_bytes(age_add_u.age_add_c, sizeof(age_add_u)) <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        s->session->ext.tick_age_add = age_add_u.age_add;
+
+        nonce = s->next_ticket_nonce;
+        for (i = TICKET_NONCE_SIZE; i > 0; i--) {
+            tick_nonce[i - 1] = (unsigned char)(nonce & 0xff);
+            nonce >>= 8;
+        }
+
+        if (!tls13_hkdf_expand(s, md, s->resumption_master_secret,
+                               nonce_label,
+                               sizeof(nonce_label) - 1,
+                               tick_nonce,
+                               TICKET_NONCE_SIZE,
+                               s->session->master_key,
+                               hashlen, 1)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+        s->session->master_key_length = hashlen;
+
+        s->session->time = (long)time(NULL);
+        if (s->s3->alpn_selected != NULL) {
+            OPENSSL_free(s->session->ext.alpn_selected);
+            s->session->ext.alpn_selected =
+                OPENSSL_memdup(s->s3->alpn_selected, s->s3->alpn_selected_len);
+            if (s->session->ext.alpn_selected == NULL) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET,
+                         ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            s->session->ext.alpn_selected_len = s->s3->alpn_selected_len;
+        }
+        s->session->ext.max_early_data = s->max_early_data;
+    }
+
+    if (tctx->generate_ticket_cb != NULL &&
+        tctx->generate_ticket_cb(s, tctx->ticket_cb_data) == 0)
+        goto err;
+
+    /*
+     * If we are using anti-replay protection then we behave as if
+     * SSL_OP_NO_TICKET is set - we are caching tickets anyway so there
+     * is no point in using full stateless tickets.
+     */
+    if (SSL_IS_TLS13(s)
+            && ((s->options & SSL_OP_NO_TICKET) != 0
+                || (s->max_early_data > 0
+                    && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0))) {
+        if (!construct_stateful_ticket(s, pkt, age_add_u.age_add, tick_nonce)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    } else if (!construct_stateless_ticket(s, pkt, age_add_u.age_add,
+                                           tick_nonce)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    if (SSL_IS_TLS13(s)) {
+        if (!tls_construct_extensions(s, pkt,
+                                      SSL_EXT_TLS1_3_NEW_SESSION_TICKET,
+                                      NULL, 0)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+        /*
+         * Increment both |sent_tickets| and |next_ticket_nonce|. |sent_tickets|
+         * gets reset to 0 if we send more tickets following a post-handshake
+         * auth, but |next_ticket_nonce| does not.
+         */
+        s->sent_tickets++;
+        s->next_ticket_nonce++;
+        ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
+    }
+
+    return 1;
+ err:
+    return 0;
+}
+
+/*
+ * In TLSv1.3 this is called from the extensions code, otherwise it is used to
+ * create a separate message. Returns 1 on success or 0 on failure.
+ */
+int tls_construct_cert_status_body(SSL *s, WPACKET *pkt)
+{
+    if (!WPACKET_put_bytes_u8(pkt, s->ext.status_type)
+            || !WPACKET_sub_memcpy_u24(pkt, s->ext.ocsp.resp,
+                                       s->ext.ocsp.resp_len)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_STATUS_BODY,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    return 1;
+}
+
+int tls_construct_cert_status(SSL *s, WPACKET *pkt)
+{
+    if (!tls_construct_cert_status_body(s, pkt)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+/*
+ * tls_process_next_proto reads a Next Protocol Negotiation handshake message.
+ * It sets the next_proto member in s if found
+ */
+MSG_PROCESS_RETURN tls_process_next_proto(SSL *s, PACKET *pkt)
+{
+    PACKET next_proto, padding;
+    size_t next_proto_len;
+
+    /*-
+     * The payload looks like:
+     *   uint8 proto_len;
+     *   uint8 proto[proto_len];
+     *   uint8 padding_len;
+     *   uint8 padding[padding_len];
+     */
+    if (!PACKET_get_length_prefixed_1(pkt, &next_proto)
+        || !PACKET_get_length_prefixed_1(pkt, &padding)
+        || PACKET_remaining(pkt) > 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_NEXT_PROTO,
+                 SSL_R_LENGTH_MISMATCH);
+        return MSG_PROCESS_ERROR;
+    }
+
+    if (!PACKET_memdup(&next_proto, &s->ext.npn, &next_proto_len)) {
+        s->ext.npn_len = 0;
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_NEXT_PROTO,
+                 ERR_R_INTERNAL_ERROR);
+        return MSG_PROCESS_ERROR;
+    }
+
+    s->ext.npn_len = (unsigned char)next_proto_len;
+
+    return MSG_PROCESS_CONTINUE_READING;
+}
+#endif
+
+static int tls_construct_encrypted_extensions(SSL *s, WPACKET *pkt)
+{
+    if (!tls_construct_extensions(s, pkt, SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS,
+                                  NULL, 0)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    return 1;
+}
+
+MSG_PROCESS_RETURN tls_process_end_of_early_data(SSL *s, PACKET *pkt)
+{
+    if (PACKET_remaining(pkt) != 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_END_OF_EARLY_DATA,
+                 SSL_R_LENGTH_MISMATCH);
+        return MSG_PROCESS_ERROR;
+    }
+
+    if (s->early_data_state != SSL_EARLY_DATA_READING
+            && s->early_data_state != SSL_EARLY_DATA_READ_RETRY) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_END_OF_EARLY_DATA,
+                 ERR_R_INTERNAL_ERROR);
+        return MSG_PROCESS_ERROR;
+    }
+
+    /*
+     * EndOfEarlyData signals a key change so the end of the message must be on
+     * a record boundary.
+     */
+    if (RECORD_LAYER_processed_read_pending(&s->rlayer)) {
+        SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
+                 SSL_F_TLS_PROCESS_END_OF_EARLY_DATA,
+                 SSL_R_NOT_ON_RECORD_BOUNDARY);
+        return MSG_PROCESS_ERROR;
+    }
+
+    s->early_data_state = SSL_EARLY_DATA_FINISHED_READING;
+    if (!s->method->ssl3_enc->change_cipher_state(s,
+                SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_SERVER_READ)) {
+        /* SSLfatal() already called */
+        return MSG_PROCESS_ERROR;
+    }
+
+    return MSG_PROCESS_CONTINUE_READING;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/t1_enc.c b/trunk/3rdparty/openssl-1.1-fit/ssl/t1_enc.c
new file mode 100644
index 000000000..57fb17a66
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/t1_enc.c
@@ -0,0 +1,678 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "ssl_locl.h"
+#include <openssl/comp.h>
+#include <openssl/evp.h>
+#include <openssl/kdf.h>
+#include <openssl/rand.h>
+
+/* seed1 through seed5 are concatenated */
+static int tls1_PRF(SSL *s,
+                    const void *seed1, size_t seed1_len,
+                    const void *seed2, size_t seed2_len,
+                    const void *seed3, size_t seed3_len,
+                    const void *seed4, size_t seed4_len,
+                    const void *seed5, size_t seed5_len,
+                    const unsigned char *sec, size_t slen,
+                    unsigned char *out, size_t olen, int fatal)
+{
+    const EVP_MD *md = ssl_prf_md(s);
+    EVP_PKEY_CTX *pctx = NULL;
+    int ret = 0;
+
+    if (md == NULL) {
+        /* Should never happen */
+        if (fatal)
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_PRF,
+                     ERR_R_INTERNAL_ERROR);
+        else
+            SSLerr(SSL_F_TLS1_PRF, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL);
+    if (pctx == NULL || EVP_PKEY_derive_init(pctx) <= 0
+        || EVP_PKEY_CTX_set_tls1_prf_md(pctx, md) <= 0
+        || EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, sec, (int)slen) <= 0
+        || EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed1, (int)seed1_len) <= 0
+        || EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed2, (int)seed2_len) <= 0
+        || EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed3, (int)seed3_len) <= 0
+        || EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed4, (int)seed4_len) <= 0
+        || EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed5, (int)seed5_len) <= 0
+        || EVP_PKEY_derive(pctx, out, &olen) <= 0) {
+        if (fatal)
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_PRF,
+                     ERR_R_INTERNAL_ERROR);
+        else
+            SSLerr(SSL_F_TLS1_PRF, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    ret = 1;
+
+ err:
+    EVP_PKEY_CTX_free(pctx);
+    return ret;
+}
+
+static int tls1_generate_key_block(SSL *s, unsigned char *km, size_t num)
+{
+    int ret;
+
+    /* Calls SSLfatal() as required */
+    ret = tls1_PRF(s,
+                   TLS_MD_KEY_EXPANSION_CONST,
+                   TLS_MD_KEY_EXPANSION_CONST_SIZE, s->s3->server_random,
+                   SSL3_RANDOM_SIZE, s->s3->client_random, SSL3_RANDOM_SIZE,
+                   NULL, 0, NULL, 0, s->session->master_key,
+                   s->session->master_key_length, km, num, 1);
+
+    return ret;
+}
+
+int tls1_change_cipher_state(SSL *s, int which)
+{
+    unsigned char *p, *mac_secret;
+    unsigned char *ms, *key, *iv;
+    EVP_CIPHER_CTX *dd;
+    const EVP_CIPHER *c;
+#ifndef OPENSSL_NO_COMP
+    const SSL_COMP *comp;
+#endif
+    const EVP_MD *m;
+    int mac_type;
+    size_t *mac_secret_size;
+    EVP_MD_CTX *mac_ctx;
+    EVP_PKEY *mac_key;
+    size_t n, i, j, k, cl;
+    int reuse_dd = 0;
+
+    c = s->s3->tmp.new_sym_enc;
+    m = s->s3->tmp.new_hash;
+    mac_type = s->s3->tmp.new_mac_pkey_type;
+#ifndef OPENSSL_NO_COMP
+    comp = s->s3->tmp.new_compression;
+#endif
+
+    if (which & SSL3_CC_READ) {
+        if (s->ext.use_etm)
+            s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC_READ;
+        else
+            s->s3->flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC_READ;
+
+        if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
+            s->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM;
+        else
+            s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM;
+
+        if (s->enc_read_ctx != NULL) {
+            reuse_dd = 1;
+        } else if ((s->enc_read_ctx = EVP_CIPHER_CTX_new()) == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE,
+                     ERR_R_MALLOC_FAILURE);
+            goto err;
+        } else {
+            /*
+             * make sure it's initialised in case we exit later with an error
+             */
+            EVP_CIPHER_CTX_reset(s->enc_read_ctx);
+        }
+        dd = s->enc_read_ctx;
+        mac_ctx = ssl_replace_hash(&s->read_hash, NULL);
+        if (mac_ctx == NULL)
+            goto err;
+#ifndef OPENSSL_NO_COMP
+        COMP_CTX_free(s->expand);
+        s->expand = NULL;
+        if (comp != NULL) {
+            s->expand = COMP_CTX_new(comp->method);
+            if (s->expand == NULL) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS1_CHANGE_CIPHER_STATE,
+                         SSL_R_COMPRESSION_LIBRARY_ERROR);
+                goto err;
+            }
+        }
+#endif
+        /*
+         * this is done by dtls1_reset_seq_numbers for DTLS
+         */
+        if (!SSL_IS_DTLS(s))
+            RECORD_LAYER_reset_read_sequence(&s->rlayer);
+        mac_secret = &(s->s3->read_mac_secret[0]);
+        mac_secret_size = &(s->s3->read_mac_secret_size);
+    } else {
+        s->statem.enc_write_state = ENC_WRITE_STATE_INVALID;
+        if (s->ext.use_etm)
+            s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE;
+        else
+            s->s3->flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE;
+
+        if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
+            s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
+        else
+            s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;
+        if (s->enc_write_ctx != NULL && !SSL_IS_DTLS(s)) {
+            reuse_dd = 1;
+        } else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE,
+                     ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        dd = s->enc_write_ctx;
+        if (SSL_IS_DTLS(s)) {
+            mac_ctx = EVP_MD_CTX_new();
+            if (mac_ctx == NULL) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS1_CHANGE_CIPHER_STATE,
+                         ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            s->write_hash = mac_ctx;
+        } else {
+            mac_ctx = ssl_replace_hash(&s->write_hash, NULL);
+            if (mac_ctx == NULL) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS1_CHANGE_CIPHER_STATE,
+                         ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+        }
+#ifndef OPENSSL_NO_COMP
+        COMP_CTX_free(s->compress);
+        s->compress = NULL;
+        if (comp != NULL) {
+            s->compress = COMP_CTX_new(comp->method);
+            if (s->compress == NULL) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS1_CHANGE_CIPHER_STATE,
+                        SSL_R_COMPRESSION_LIBRARY_ERROR);
+                goto err;
+            }
+        }
+#endif
+        /*
+         * this is done by dtls1_reset_seq_numbers for DTLS
+         */
+        if (!SSL_IS_DTLS(s))
+            RECORD_LAYER_reset_write_sequence(&s->rlayer);
+        mac_secret = &(s->s3->write_mac_secret[0]);
+        mac_secret_size = &(s->s3->write_mac_secret_size);
+    }
+
+    if (reuse_dd)
+        EVP_CIPHER_CTX_reset(dd);
+
+    p = s->s3->tmp.key_block;
+    i = *mac_secret_size = s->s3->tmp.new_mac_secret_size;
+
+    /* TODO(size_t): convert me */
+    cl = EVP_CIPHER_key_length(c);
+    j = cl;
+    /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
+    /* If GCM/CCM mode only part of IV comes from PRF */
+    if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE)
+        k = EVP_GCM_TLS_FIXED_IV_LEN;
+    else if (EVP_CIPHER_mode(c) == EVP_CIPH_CCM_MODE)
+        k = EVP_CCM_TLS_FIXED_IV_LEN;
+    else
+        k = EVP_CIPHER_iv_length(c);
+    if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
+        (which == SSL3_CHANGE_CIPHER_SERVER_READ)) {
+        ms = &(p[0]);
+        n = i + i;
+        key = &(p[n]);
+        n += j + j;
+        iv = &(p[n]);
+        n += k + k;
+    } else {
+        n = i;
+        ms = &(p[n]);
+        n += i + j;
+        key = &(p[n]);
+        n += j + k;
+        iv = &(p[n]);
+        n += k;
+    }
+
+    if (n > s->s3->tmp.key_block_length) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    memcpy(mac_secret, ms, i);
+
+    if (!(EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER)) {
+        /* TODO(size_t): Convert this function */
+        mac_key = EVP_PKEY_new_mac_key(mac_type, NULL, mac_secret,
+                                               (int)*mac_secret_size);
+        if (mac_key == NULL
+            || EVP_DigestSignInit(mac_ctx, NULL, m, NULL, mac_key) <= 0) {
+            EVP_PKEY_free(mac_key);
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        EVP_PKEY_free(mac_key);
+    }
+#ifdef SSL_DEBUG
+    printf("which = %04X\nmac key=", which);
+    {
+        size_t z;
+        for (z = 0; z < i; z++)
+            printf("%02X%c", ms[z], ((z + 1) % 16) ? ' ' : '\n');
+    }
+#endif
+
+    if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE) {
+        if (!EVP_CipherInit_ex(dd, c, NULL, key, NULL, (which & SSL3_CC_WRITE))
+            || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GCM_SET_IV_FIXED, (int)k,
+                                    iv)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+    } else if (EVP_CIPHER_mode(c) == EVP_CIPH_CCM_MODE) {
+        int taglen;
+        if (s->s3->tmp.
+            new_cipher->algorithm_enc & (SSL_AES128CCM8 | SSL_AES256CCM8))
+            taglen = EVP_CCM8_TLS_TAG_LEN;
+        else
+            taglen = EVP_CCM_TLS_TAG_LEN;
+        if (!EVP_CipherInit_ex(dd, c, NULL, NULL, NULL, (which & SSL3_CC_WRITE))
+            || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_IVLEN, 12, NULL)
+            || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_TAG, taglen, NULL)
+            || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_CCM_SET_IV_FIXED, (int)k, iv)
+            || !EVP_CipherInit_ex(dd, NULL, NULL, key, NULL, -1)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+    } else {
+        if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE))) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+    }
+    /* Needed for "composite" AEADs, such as RC4-HMAC-MD5 */
+    if ((EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER) && *mac_secret_size
+        && !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_MAC_KEY,
+                                (int)*mac_secret_size, mac_secret)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    s->statem.enc_write_state = ENC_WRITE_STATE_VALID;
+
+#ifdef SSL_DEBUG
+    printf("which = %04X\nkey=", which);
+    {
+        int z;
+        for (z = 0; z < EVP_CIPHER_key_length(c); z++)
+            printf("%02X%c", key[z], ((z + 1) % 16) ? ' ' : '\n');
+    }
+    printf("\niv=");
+    {
+        size_t z;
+        for (z = 0; z < k; z++)
+            printf("%02X%c", iv[z], ((z + 1) % 16) ? ' ' : '\n');
+    }
+    printf("\n");
+#endif
+
+    return 1;
+ err:
+    return 0;
+}
+
+int tls1_setup_key_block(SSL *s)
+{
+    unsigned char *p;
+    const EVP_CIPHER *c;
+    const EVP_MD *hash;
+    SSL_COMP *comp;
+    int mac_type = NID_undef;
+    size_t num, mac_secret_size = 0;
+    int ret = 0;
+
+    if (s->s3->tmp.key_block_length != 0)
+        return 1;
+
+    if (!ssl_cipher_get_evp(s->session, &c, &hash, &mac_type, &mac_secret_size,
+                            &comp, s->ext.use_etm)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_SETUP_KEY_BLOCK,
+                 SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
+        return 0;
+    }
+
+    s->s3->tmp.new_sym_enc = c;
+    s->s3->tmp.new_hash = hash;
+    s->s3->tmp.new_mac_pkey_type = mac_type;
+    s->s3->tmp.new_mac_secret_size = mac_secret_size;
+    num = EVP_CIPHER_key_length(c) + mac_secret_size + EVP_CIPHER_iv_length(c);
+    num *= 2;
+
+    ssl3_cleanup_key_block(s);
+
+    if ((p = OPENSSL_malloc(num)) == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_SETUP_KEY_BLOCK,
+                 ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    s->s3->tmp.key_block_length = num;
+    s->s3->tmp.key_block = p;
+
+#ifdef SSL_DEBUG
+    printf("client random\n");
+    {
+        int z;
+        for (z = 0; z < SSL3_RANDOM_SIZE; z++)
+            printf("%02X%c", s->s3->client_random[z],
+                   ((z + 1) % 16) ? ' ' : '\n');
+    }
+    printf("server random\n");
+    {
+        int z;
+        for (z = 0; z < SSL3_RANDOM_SIZE; z++)
+            printf("%02X%c", s->s3->server_random[z],
+                   ((z + 1) % 16) ? ' ' : '\n');
+    }
+    printf("master key\n");
+    {
+        size_t z;
+        for (z = 0; z < s->session->master_key_length; z++)
+            printf("%02X%c", s->session->master_key[z],
+                   ((z + 1) % 16) ? ' ' : '\n');
+    }
+#endif
+    if (!tls1_generate_key_block(s, p, num)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+#ifdef SSL_DEBUG
+    printf("\nkey block\n");
+    {
+        size_t z;
+        for (z = 0; z < num; z++)
+            printf("%02X%c", p[z], ((z + 1) % 16) ? ' ' : '\n');
+    }
+#endif
+
+    if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)
+        && s->method->version <= TLS1_VERSION) {
+        /*
+         * enable vulnerability countermeasure for CBC ciphers with known-IV
+         * problem (http://www.openssl.org/~bodo/tls-cbc.txt)
+         */
+        s->s3->need_empty_fragments = 1;
+
+        if (s->session->cipher != NULL) {
+            if (s->session->cipher->algorithm_enc == SSL_eNULL)
+                s->s3->need_empty_fragments = 0;
+
+#ifndef OPENSSL_NO_RC4
+            if (s->session->cipher->algorithm_enc == SSL_RC4)
+                s->s3->need_empty_fragments = 0;
+#endif
+        }
+    }
+
+    ret = 1;
+ err:
+    return ret;
+}
+
+size_t tls1_final_finish_mac(SSL *s, const char *str, size_t slen,
+                             unsigned char *out)
+{
+    size_t hashlen;
+    unsigned char hash[EVP_MAX_MD_SIZE];
+
+    if (!ssl3_digest_cached_records(s, 0)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    if (!ssl_handshake_hash(s, hash, sizeof(hash), &hashlen)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    if (!tls1_PRF(s, str, slen, hash, hashlen, NULL, 0, NULL, 0, NULL, 0,
+                  s->session->master_key, s->session->master_key_length,
+                  out, TLS1_FINISH_MAC_LENGTH, 1)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+    OPENSSL_cleanse(hash, hashlen);
+    return TLS1_FINISH_MAC_LENGTH;
+}
+
+int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
+                                size_t len, size_t *secret_size)
+{
+    if (s->session->flags & SSL_SESS_FLAG_EXTMS) {
+        unsigned char hash[EVP_MAX_MD_SIZE * 2];
+        size_t hashlen;
+        /*
+         * Digest cached records keeping record buffer (if present): this wont
+         * affect client auth because we're freezing the buffer at the same
+         * point (after client key exchange and before certificate verify)
+         */
+        if (!ssl3_digest_cached_records(s, 1)
+                || !ssl_handshake_hash(s, hash, sizeof(hash), &hashlen)) {
+            /* SSLfatal() already called */
+            return 0;
+        }
+#ifdef SSL_DEBUG
+        fprintf(stderr, "Handshake hashes:\n");
+        BIO_dump_fp(stderr, (char *)hash, hashlen);
+#endif
+        if (!tls1_PRF(s,
+                      TLS_MD_EXTENDED_MASTER_SECRET_CONST,
+                      TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE,
+                      hash, hashlen,
+                      NULL, 0,
+                      NULL, 0,
+                      NULL, 0, p, len, out,
+                      SSL3_MASTER_SECRET_SIZE, 1)) {
+            /* SSLfatal() already called */
+            return 0;
+        }
+        OPENSSL_cleanse(hash, hashlen);
+    } else {
+        if (!tls1_PRF(s,
+                      TLS_MD_MASTER_SECRET_CONST,
+                      TLS_MD_MASTER_SECRET_CONST_SIZE,
+                      s->s3->client_random, SSL3_RANDOM_SIZE,
+                      NULL, 0,
+                      s->s3->server_random, SSL3_RANDOM_SIZE,
+                      NULL, 0, p, len, out,
+                      SSL3_MASTER_SECRET_SIZE, 1)) {
+           /* SSLfatal() already called */
+            return 0;
+        }
+    }
+#ifdef SSL_DEBUG
+    fprintf(stderr, "Premaster Secret:\n");
+    BIO_dump_fp(stderr, (char *)p, len);
+    fprintf(stderr, "Client Random:\n");
+    BIO_dump_fp(stderr, (char *)s->s3->client_random, SSL3_RANDOM_SIZE);
+    fprintf(stderr, "Server Random:\n");
+    BIO_dump_fp(stderr, (char *)s->s3->server_random, SSL3_RANDOM_SIZE);
+    fprintf(stderr, "Master Secret:\n");
+    BIO_dump_fp(stderr, (char *)s->session->master_key,
+                SSL3_MASTER_SECRET_SIZE);
+#endif
+
+    *secret_size = SSL3_MASTER_SECRET_SIZE;
+    return 1;
+}
+
+int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
+                                const char *label, size_t llen,
+                                const unsigned char *context,
+                                size_t contextlen, int use_context)
+{
+    unsigned char *val = NULL;
+    size_t vallen = 0, currentvalpos;
+    int rv;
+
+    /*
+     * construct PRF arguments we construct the PRF argument ourself rather
+     * than passing separate values into the TLS PRF to ensure that the
+     * concatenation of values does not create a prohibited label.
+     */
+    vallen = llen + SSL3_RANDOM_SIZE * 2;
+    if (use_context) {
+        vallen += 2 + contextlen;
+    }
+
+    val = OPENSSL_malloc(vallen);
+    if (val == NULL)
+        goto err2;
+    currentvalpos = 0;
+    memcpy(val + currentvalpos, (unsigned char *)label, llen);
+    currentvalpos += llen;
+    memcpy(val + currentvalpos, s->s3->client_random, SSL3_RANDOM_SIZE);
+    currentvalpos += SSL3_RANDOM_SIZE;
+    memcpy(val + currentvalpos, s->s3->server_random, SSL3_RANDOM_SIZE);
+    currentvalpos += SSL3_RANDOM_SIZE;
+
+    if (use_context) {
+        val[currentvalpos] = (contextlen >> 8) & 0xff;
+        currentvalpos++;
+        val[currentvalpos] = contextlen & 0xff;
+        currentvalpos++;
+        if ((contextlen > 0) || (context != NULL)) {
+            memcpy(val + currentvalpos, context, contextlen);
+        }
+    }
+
+    /*
+     * disallow prohibited labels note that SSL3_RANDOM_SIZE > max(prohibited
+     * label len) = 15, so size of val > max(prohibited label len) = 15 and
+     * the comparisons won't have buffer overflow
+     */
+    if (memcmp(val, TLS_MD_CLIENT_FINISH_CONST,
+               TLS_MD_CLIENT_FINISH_CONST_SIZE) == 0)
+        goto err1;
+    if (memcmp(val, TLS_MD_SERVER_FINISH_CONST,
+               TLS_MD_SERVER_FINISH_CONST_SIZE) == 0)
+        goto err1;
+    if (memcmp(val, TLS_MD_MASTER_SECRET_CONST,
+               TLS_MD_MASTER_SECRET_CONST_SIZE) == 0)
+        goto err1;
+    if (memcmp(val, TLS_MD_EXTENDED_MASTER_SECRET_CONST,
+               TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE) == 0)
+        goto err1;
+    if (memcmp(val, TLS_MD_KEY_EXPANSION_CONST,
+               TLS_MD_KEY_EXPANSION_CONST_SIZE) == 0)
+        goto err1;
+
+    rv = tls1_PRF(s,
+                  val, vallen,
+                  NULL, 0,
+                  NULL, 0,
+                  NULL, 0,
+                  NULL, 0,
+                  s->session->master_key, s->session->master_key_length,
+                  out, olen, 0);
+
+    goto ret;
+ err1:
+    SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL);
+    rv = 0;
+    goto ret;
+ err2:
+    SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, ERR_R_MALLOC_FAILURE);
+    rv = 0;
+ ret:
+    OPENSSL_clear_free(val, vallen);
+    return rv;
+}
+
+int tls1_alert_code(int code)
+{
+    switch (code) {
+    case SSL_AD_CLOSE_NOTIFY:
+        return SSL3_AD_CLOSE_NOTIFY;
+    case SSL_AD_UNEXPECTED_MESSAGE:
+        return SSL3_AD_UNEXPECTED_MESSAGE;
+    case SSL_AD_BAD_RECORD_MAC:
+        return SSL3_AD_BAD_RECORD_MAC;
+    case SSL_AD_DECRYPTION_FAILED:
+        return TLS1_AD_DECRYPTION_FAILED;
+    case SSL_AD_RECORD_OVERFLOW:
+        return TLS1_AD_RECORD_OVERFLOW;
+    case SSL_AD_DECOMPRESSION_FAILURE:
+        return SSL3_AD_DECOMPRESSION_FAILURE;
+    case SSL_AD_HANDSHAKE_FAILURE:
+        return SSL3_AD_HANDSHAKE_FAILURE;
+    case SSL_AD_NO_CERTIFICATE:
+        return -1;
+    case SSL_AD_BAD_CERTIFICATE:
+        return SSL3_AD_BAD_CERTIFICATE;
+    case SSL_AD_UNSUPPORTED_CERTIFICATE:
+        return SSL3_AD_UNSUPPORTED_CERTIFICATE;
+    case SSL_AD_CERTIFICATE_REVOKED:
+        return SSL3_AD_CERTIFICATE_REVOKED;
+    case SSL_AD_CERTIFICATE_EXPIRED:
+        return SSL3_AD_CERTIFICATE_EXPIRED;
+    case SSL_AD_CERTIFICATE_UNKNOWN:
+        return SSL3_AD_CERTIFICATE_UNKNOWN;
+    case SSL_AD_ILLEGAL_PARAMETER:
+        return SSL3_AD_ILLEGAL_PARAMETER;
+    case SSL_AD_UNKNOWN_CA:
+        return TLS1_AD_UNKNOWN_CA;
+    case SSL_AD_ACCESS_DENIED:
+        return TLS1_AD_ACCESS_DENIED;
+    case SSL_AD_DECODE_ERROR:
+        return TLS1_AD_DECODE_ERROR;
+    case SSL_AD_DECRYPT_ERROR:
+        return TLS1_AD_DECRYPT_ERROR;
+    case SSL_AD_EXPORT_RESTRICTION:
+        return TLS1_AD_EXPORT_RESTRICTION;
+    case SSL_AD_PROTOCOL_VERSION:
+        return TLS1_AD_PROTOCOL_VERSION;
+    case SSL_AD_INSUFFICIENT_SECURITY:
+        return TLS1_AD_INSUFFICIENT_SECURITY;
+    case SSL_AD_INTERNAL_ERROR:
+        return TLS1_AD_INTERNAL_ERROR;
+    case SSL_AD_USER_CANCELLED:
+        return TLS1_AD_USER_CANCELLED;
+    case SSL_AD_NO_RENEGOTIATION:
+        return TLS1_AD_NO_RENEGOTIATION;
+    case SSL_AD_UNSUPPORTED_EXTENSION:
+        return TLS1_AD_UNSUPPORTED_EXTENSION;
+    case SSL_AD_CERTIFICATE_UNOBTAINABLE:
+        return TLS1_AD_CERTIFICATE_UNOBTAINABLE;
+    case SSL_AD_UNRECOGNIZED_NAME:
+        return TLS1_AD_UNRECOGNIZED_NAME;
+    case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
+        return TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
+    case SSL_AD_BAD_CERTIFICATE_HASH_VALUE:
+        return TLS1_AD_BAD_CERTIFICATE_HASH_VALUE;
+    case SSL_AD_UNKNOWN_PSK_IDENTITY:
+        return TLS1_AD_UNKNOWN_PSK_IDENTITY;
+    case SSL_AD_INAPPROPRIATE_FALLBACK:
+        return TLS1_AD_INAPPROPRIATE_FALLBACK;
+    case SSL_AD_NO_APPLICATION_PROTOCOL:
+        return TLS1_AD_NO_APPLICATION_PROTOCOL;
+    case SSL_AD_CERTIFICATE_REQUIRED:
+        return SSL_AD_HANDSHAKE_FAILURE;
+    default:
+        return -1;
+    }
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/t1_lib.c b/trunk/3rdparty/openssl-1.1-fit/ssl/t1_lib.c
new file mode 100644
index 000000000..68cb237ea
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/t1_lib.c
@@ -0,0 +1,2792 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/ocsp.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+#include <openssl/dh.h>
+#include <openssl/bn.h>
+#include "internal/nelem.h"
+#include "ssl_locl.h"
+#include <openssl/ct.h>
+
+SSL3_ENC_METHOD const TLSv1_enc_data = {
+    tls1_enc,
+    tls1_mac,
+    tls1_setup_key_block,
+    tls1_generate_master_secret,
+    tls1_change_cipher_state,
+    tls1_final_finish_mac,
+    TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
+    TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
+    tls1_alert_code,
+    tls1_export_keying_material,
+    0,
+    ssl3_set_handshake_header,
+    tls_close_construct_packet,
+    ssl3_handshake_write
+};
+
+SSL3_ENC_METHOD const TLSv1_1_enc_data = {
+    tls1_enc,
+    tls1_mac,
+    tls1_setup_key_block,
+    tls1_generate_master_secret,
+    tls1_change_cipher_state,
+    tls1_final_finish_mac,
+    TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
+    TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
+    tls1_alert_code,
+    tls1_export_keying_material,
+    SSL_ENC_FLAG_EXPLICIT_IV,
+    ssl3_set_handshake_header,
+    tls_close_construct_packet,
+    ssl3_handshake_write
+};
+
+SSL3_ENC_METHOD const TLSv1_2_enc_data = {
+    tls1_enc,
+    tls1_mac,
+    tls1_setup_key_block,
+    tls1_generate_master_secret,
+    tls1_change_cipher_state,
+    tls1_final_finish_mac,
+    TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
+    TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
+    tls1_alert_code,
+    tls1_export_keying_material,
+    SSL_ENC_FLAG_EXPLICIT_IV | SSL_ENC_FLAG_SIGALGS | SSL_ENC_FLAG_SHA256_PRF
+        | SSL_ENC_FLAG_TLS1_2_CIPHERS,
+    ssl3_set_handshake_header,
+    tls_close_construct_packet,
+    ssl3_handshake_write
+};
+
+SSL3_ENC_METHOD const TLSv1_3_enc_data = {
+    tls13_enc,
+    tls1_mac,
+    tls13_setup_key_block,
+    tls13_generate_master_secret,
+    tls13_change_cipher_state,
+    tls13_final_finish_mac,
+    TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
+    TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
+    tls13_alert_code,
+    tls13_export_keying_material,
+    SSL_ENC_FLAG_SIGALGS | SSL_ENC_FLAG_SHA256_PRF,
+    ssl3_set_handshake_header,
+    tls_close_construct_packet,
+    ssl3_handshake_write
+};
+
+long tls1_default_timeout(void)
+{
+    /*
+     * 2 hours, the 24 hours mentioned in the TLSv1 spec is way too long for
+     * http, the cache would over fill
+     */
+    return (60 * 60 * 2);
+}
+
+int tls1_new(SSL *s)
+{
+    if (!ssl3_new(s))
+        return 0;
+    if (!s->method->ssl_clear(s))
+        return 0;
+
+    return 1;
+}
+
+void tls1_free(SSL *s)
+{
+    OPENSSL_free(s->ext.session_ticket);
+    ssl3_free(s);
+}
+
+int tls1_clear(SSL *s)
+{
+    if (!ssl3_clear(s))
+        return 0;
+
+    if (s->method->version == TLS_ANY_VERSION)
+        s->version = TLS_MAX_VERSION;
+    else
+        s->version = s->method->version;
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_EC
+
+/*
+ * Table of curve information.
+ * Do not delete entries or reorder this array! It is used as a lookup
+ * table: the index of each entry is one less than the TLS curve id.
+ */
+static const TLS_GROUP_INFO nid_list[] = {
+    {NID_sect163k1, 80, TLS_CURVE_CHAR2}, /* sect163k1 (1) */
+    {NID_sect163r1, 80, TLS_CURVE_CHAR2}, /* sect163r1 (2) */
+    {NID_sect163r2, 80, TLS_CURVE_CHAR2}, /* sect163r2 (3) */
+    {NID_sect193r1, 80, TLS_CURVE_CHAR2}, /* sect193r1 (4) */
+    {NID_sect193r2, 80, TLS_CURVE_CHAR2}, /* sect193r2 (5) */
+    {NID_sect233k1, 112, TLS_CURVE_CHAR2}, /* sect233k1 (6) */
+    {NID_sect233r1, 112, TLS_CURVE_CHAR2}, /* sect233r1 (7) */
+    {NID_sect239k1, 112, TLS_CURVE_CHAR2}, /* sect239k1 (8) */
+    {NID_sect283k1, 128, TLS_CURVE_CHAR2}, /* sect283k1 (9) */
+    {NID_sect283r1, 128, TLS_CURVE_CHAR2}, /* sect283r1 (10) */
+    {NID_sect409k1, 192, TLS_CURVE_CHAR2}, /* sect409k1 (11) */
+    {NID_sect409r1, 192, TLS_CURVE_CHAR2}, /* sect409r1 (12) */
+    {NID_sect571k1, 256, TLS_CURVE_CHAR2}, /* sect571k1 (13) */
+    {NID_sect571r1, 256, TLS_CURVE_CHAR2}, /* sect571r1 (14) */
+    {NID_secp160k1, 80, TLS_CURVE_PRIME}, /* secp160k1 (15) */
+    {NID_secp160r1, 80, TLS_CURVE_PRIME}, /* secp160r1 (16) */
+    {NID_secp160r2, 80, TLS_CURVE_PRIME}, /* secp160r2 (17) */
+    {NID_secp192k1, 80, TLS_CURVE_PRIME}, /* secp192k1 (18) */
+    {NID_X9_62_prime192v1, 80, TLS_CURVE_PRIME}, /* secp192r1 (19) */
+    {NID_secp224k1, 112, TLS_CURVE_PRIME}, /* secp224k1 (20) */
+    {NID_secp224r1, 112, TLS_CURVE_PRIME}, /* secp224r1 (21) */
+    {NID_secp256k1, 128, TLS_CURVE_PRIME}, /* secp256k1 (22) */
+    {NID_X9_62_prime256v1, 128, TLS_CURVE_PRIME}, /* secp256r1 (23) */
+    {NID_secp384r1, 192, TLS_CURVE_PRIME}, /* secp384r1 (24) */
+    {NID_secp521r1, 256, TLS_CURVE_PRIME}, /* secp521r1 (25) */
+    {NID_brainpoolP256r1, 128, TLS_CURVE_PRIME}, /* brainpoolP256r1 (26) */
+    {NID_brainpoolP384r1, 192, TLS_CURVE_PRIME}, /* brainpoolP384r1 (27) */
+    {NID_brainpoolP512r1, 256, TLS_CURVE_PRIME}, /* brainpool512r1 (28) */
+    {EVP_PKEY_X25519, 128, TLS_CURVE_CUSTOM}, /* X25519 (29) */
+    {EVP_PKEY_X448, 224, TLS_CURVE_CUSTOM}, /* X448 (30) */
+};
+
+static const unsigned char ecformats_default[] = {
+    TLSEXT_ECPOINTFORMAT_uncompressed,
+    TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime,
+    TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2
+};
+
+/* The default curves */
+static const uint16_t eccurves_default[] = {
+    29,                      /* X25519 (29) */
+    23,                      /* secp256r1 (23) */
+    30,                      /* X448 (30) */
+    25,                      /* secp521r1 (25) */
+    24,                      /* secp384r1 (24) */
+};
+
+static const uint16_t suiteb_curves[] = {
+    TLSEXT_curve_P_256,
+    TLSEXT_curve_P_384
+};
+
+const TLS_GROUP_INFO *tls1_group_id_lookup(uint16_t group_id)
+{
+    /* ECC curves from RFC 4492 and RFC 7027 */
+    if (group_id < 1 || group_id > OSSL_NELEM(nid_list))
+        return NULL;
+    return &nid_list[group_id - 1];
+}
+
+static uint16_t tls1_nid2group_id(int nid)
+{
+    size_t i;
+    for (i = 0; i < OSSL_NELEM(nid_list); i++) {
+        if (nid_list[i].nid == nid)
+            return (uint16_t)(i + 1);
+    }
+    return 0;
+}
+
+/*
+ * Set *pgroups to the supported groups list and *pgroupslen to
+ * the number of groups supported.
+ */
+void tls1_get_supported_groups(SSL *s, const uint16_t **pgroups,
+                               size_t *pgroupslen)
+{
+
+    /* For Suite B mode only include P-256, P-384 */
+    switch (tls1_suiteb(s)) {
+    case SSL_CERT_FLAG_SUITEB_128_LOS:
+        *pgroups = suiteb_curves;
+        *pgroupslen = OSSL_NELEM(suiteb_curves);
+        break;
+
+    case SSL_CERT_FLAG_SUITEB_128_LOS_ONLY:
+        *pgroups = suiteb_curves;
+        *pgroupslen = 1;
+        break;
+
+    case SSL_CERT_FLAG_SUITEB_192_LOS:
+        *pgroups = suiteb_curves + 1;
+        *pgroupslen = 1;
+        break;
+
+    default:
+        if (s->ext.supportedgroups == NULL) {
+            *pgroups = eccurves_default;
+            *pgroupslen = OSSL_NELEM(eccurves_default);
+        } else {
+            *pgroups = s->ext.supportedgroups;
+            *pgroupslen = s->ext.supportedgroups_len;
+        }
+        break;
+    }
+}
+
+/* See if curve is allowed by security callback */
+int tls_curve_allowed(SSL *s, uint16_t curve, int op)
+{
+    const TLS_GROUP_INFO *cinfo = tls1_group_id_lookup(curve);
+    unsigned char ctmp[2];
+
+    if (cinfo == NULL)
+        return 0;
+# ifdef OPENSSL_NO_EC2M
+    if (cinfo->flags & TLS_CURVE_CHAR2)
+        return 0;
+# endif
+    ctmp[0] = curve >> 8;
+    ctmp[1] = curve & 0xff;
+    return ssl_security(s, op, cinfo->secbits, cinfo->nid, (void *)ctmp);
+}
+
+/* Return 1 if "id" is in "list" */
+static int tls1_in_list(uint16_t id, const uint16_t *list, size_t listlen)
+{
+    size_t i;
+    for (i = 0; i < listlen; i++)
+        if (list[i] == id)
+            return 1;
+    return 0;
+}
+
+/*-
+ * For nmatch >= 0, return the id of the |nmatch|th shared group or 0
+ * if there is no match.
+ * For nmatch == -1, return number of matches
+ * For nmatch == -2, return the id of the group to use for
+ * a tmp key, or 0 if there is no match.
+ */
+uint16_t tls1_shared_group(SSL *s, int nmatch)
+{
+    const uint16_t *pref, *supp;
+    size_t num_pref, num_supp, i;
+    int k;
+
+    /* Can't do anything on client side */
+    if (s->server == 0)
+        return 0;
+    if (nmatch == -2) {
+        if (tls1_suiteb(s)) {
+            /*
+             * For Suite B ciphersuite determines curve: we already know
+             * these are acceptable due to previous checks.
+             */
+            unsigned long cid = s->s3->tmp.new_cipher->id;
+
+            if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
+                return TLSEXT_curve_P_256;
+            if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384)
+                return TLSEXT_curve_P_384;
+            /* Should never happen */
+            return 0;
+        }
+        /* If not Suite B just return first preference shared curve */
+        nmatch = 0;
+    }
+    /*
+     * If server preference set, our groups are the preference order
+     * otherwise peer decides.
+     */
+    if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
+        tls1_get_supported_groups(s, &pref, &num_pref);
+        tls1_get_peer_groups(s, &supp, &num_supp);
+    } else {
+        tls1_get_peer_groups(s, &pref, &num_pref);
+        tls1_get_supported_groups(s, &supp, &num_supp);
+    }
+
+    for (k = 0, i = 0; i < num_pref; i++) {
+        uint16_t id = pref[i];
+
+        if (!tls1_in_list(id, supp, num_supp)
+            || !tls_curve_allowed(s, id, SSL_SECOP_CURVE_SHARED))
+                    continue;
+        if (nmatch == k)
+            return id;
+         k++;
+    }
+    if (nmatch == -1)
+        return k;
+    /* Out of range (nmatch > k). */
+    return 0;
+}
+
+int tls1_set_groups(uint16_t **pext, size_t *pextlen,
+                    int *groups, size_t ngroups)
+{
+    uint16_t *glist;
+    size_t i;
+    /*
+     * Bitmap of groups included to detect duplicates: only works while group
+     * ids < 32
+     */
+    unsigned long dup_list = 0;
+
+    if (ngroups == 0) {
+        SSLerr(SSL_F_TLS1_SET_GROUPS, SSL_R_BAD_LENGTH);
+        return 0;
+    }
+    if ((glist = OPENSSL_malloc(ngroups * sizeof(*glist))) == NULL) {
+        SSLerr(SSL_F_TLS1_SET_GROUPS, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    for (i = 0; i < ngroups; i++) {
+        unsigned long idmask;
+        uint16_t id;
+        /* TODO(TLS1.3): Convert for DH groups */
+        id = tls1_nid2group_id(groups[i]);
+        idmask = 1L << id;
+        if (!id || (dup_list & idmask)) {
+            OPENSSL_free(glist);
+            return 0;
+        }
+        dup_list |= idmask;
+        glist[i] = id;
+    }
+    OPENSSL_free(*pext);
+    *pext = glist;
+    *pextlen = ngroups;
+    return 1;
+}
+
+# define MAX_CURVELIST   OSSL_NELEM(nid_list)
+
+typedef struct {
+    size_t nidcnt;
+    int nid_arr[MAX_CURVELIST];
+} nid_cb_st;
+
+static int nid_cb(const char *elem, int len, void *arg)
+{
+    nid_cb_st *narg = arg;
+    size_t i;
+    int nid;
+    char etmp[20];
+    if (elem == NULL)
+        return 0;
+    if (narg->nidcnt == MAX_CURVELIST)
+        return 0;
+    if (len > (int)(sizeof(etmp) - 1))
+        return 0;
+    memcpy(etmp, elem, len);
+    etmp[len] = 0;
+    nid = EC_curve_nist2nid(etmp);
+    if (nid == NID_undef)
+        nid = OBJ_sn2nid(etmp);
+    if (nid == NID_undef)
+        nid = OBJ_ln2nid(etmp);
+    if (nid == NID_undef)
+        return 0;
+    for (i = 0; i < narg->nidcnt; i++)
+        if (narg->nid_arr[i] == nid)
+            return 0;
+    narg->nid_arr[narg->nidcnt++] = nid;
+    return 1;
+}
+
+/* Set groups based on a colon separate list */
+int tls1_set_groups_list(uint16_t **pext, size_t *pextlen, const char *str)
+{
+    nid_cb_st ncb;
+    ncb.nidcnt = 0;
+    if (!CONF_parse_list(str, ':', 1, nid_cb, &ncb))
+        return 0;
+    if (pext == NULL)
+        return 1;
+    return tls1_set_groups(pext, pextlen, ncb.nid_arr, ncb.nidcnt);
+}
+/* Return group id of a key */
+static uint16_t tls1_get_group_id(EVP_PKEY *pkey)
+{
+    EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
+    const EC_GROUP *grp;
+
+    if (ec == NULL)
+        return 0;
+    grp = EC_KEY_get0_group(ec);
+    return tls1_nid2group_id(EC_GROUP_get_curve_name(grp));
+}
+
+/* Check a key is compatible with compression extension */
+static int tls1_check_pkey_comp(SSL *s, EVP_PKEY *pkey)
+{
+    const EC_KEY *ec;
+    const EC_GROUP *grp;
+    unsigned char comp_id;
+    size_t i;
+
+    /* If not an EC key nothing to check */
+    if (EVP_PKEY_id(pkey) != EVP_PKEY_EC)
+        return 1;
+    ec = EVP_PKEY_get0_EC_KEY(pkey);
+    grp = EC_KEY_get0_group(ec);
+
+    /* Get required compression id */
+    if (EC_KEY_get_conv_form(ec) == POINT_CONVERSION_UNCOMPRESSED) {
+            comp_id = TLSEXT_ECPOINTFORMAT_uncompressed;
+    } else if (SSL_IS_TLS13(s)) {
+            /*
+             * ec_point_formats extension is not used in TLSv1.3 so we ignore
+             * this check.
+             */
+            return 1;
+    } else {
+        int field_type = EC_METHOD_get_field_type(EC_GROUP_method_of(grp));
+
+        if (field_type == NID_X9_62_prime_field)
+            comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
+        else if (field_type == NID_X9_62_characteristic_two_field)
+            comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
+        else
+            return 0;
+    }
+    /*
+     * If point formats extension present check it, otherwise everything is
+     * supported (see RFC4492).
+     */
+    if (s->session->ext.ecpointformats == NULL)
+        return 1;
+
+    for (i = 0; i < s->session->ext.ecpointformats_len; i++) {
+        if (s->session->ext.ecpointformats[i] == comp_id)
+            return 1;
+    }
+    return 0;
+}
+
+/* Check a group id matches preferences */
+int tls1_check_group_id(SSL *s, uint16_t group_id, int check_own_groups)
+    {
+    const uint16_t *groups;
+    size_t groups_len;
+
+    if (group_id == 0)
+        return 0;
+
+    /* Check for Suite B compliance */
+    if (tls1_suiteb(s) && s->s3->tmp.new_cipher != NULL) {
+        unsigned long cid = s->s3->tmp.new_cipher->id;
+
+        if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) {
+            if (group_id != TLSEXT_curve_P_256)
+                return 0;
+        } else if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) {
+            if (group_id != TLSEXT_curve_P_384)
+                return 0;
+        } else {
+            /* Should never happen */
+            return 0;
+        }
+    }
+
+    if (check_own_groups) {
+        /* Check group is one of our preferences */
+        tls1_get_supported_groups(s, &groups, &groups_len);
+        if (!tls1_in_list(group_id, groups, groups_len))
+            return 0;
+    }
+
+    if (!tls_curve_allowed(s, group_id, SSL_SECOP_CURVE_CHECK))
+        return 0;
+
+    /* For clients, nothing more to check */
+    if (!s->server)
+        return 1;
+
+    /* Check group is one of peers preferences */
+    tls1_get_peer_groups(s, &groups, &groups_len);
+
+    /*
+     * RFC 4492 does not require the supported elliptic curves extension
+     * so if it is not sent we can just choose any curve.
+     * It is invalid to send an empty list in the supported groups
+     * extension, so groups_len == 0 always means no extension.
+     */
+    if (groups_len == 0)
+            return 1;
+    return tls1_in_list(group_id, groups, groups_len);
+}
+
+void tls1_get_formatlist(SSL *s, const unsigned char **pformats,
+                         size_t *num_formats)
+{
+    /*
+     * If we have a custom point format list use it otherwise use default
+     */
+    if (s->ext.ecpointformats) {
+        *pformats = s->ext.ecpointformats;
+        *num_formats = s->ext.ecpointformats_len;
+    } else {
+        *pformats = ecformats_default;
+        /* For Suite B we don't support char2 fields */
+        if (tls1_suiteb(s))
+            *num_formats = sizeof(ecformats_default) - 1;
+        else
+            *num_formats = sizeof(ecformats_default);
+    }
+}
+
+/*
+ * Check cert parameters compatible with extensions: currently just checks EC
+ * certificates have compatible curves and compression.
+ */
+static int tls1_check_cert_param(SSL *s, X509 *x, int check_ee_md)
+{
+    uint16_t group_id;
+    EVP_PKEY *pkey;
+    pkey = X509_get0_pubkey(x);
+    if (pkey == NULL)
+        return 0;
+    /* If not EC nothing to do */
+    if (EVP_PKEY_id(pkey) != EVP_PKEY_EC)
+        return 1;
+    /* Check compression */
+    if (!tls1_check_pkey_comp(s, pkey))
+        return 0;
+    group_id = tls1_get_group_id(pkey);
+    /*
+     * For a server we allow the certificate to not be in our list of supported
+     * groups.
+     */
+    if (!tls1_check_group_id(s, group_id, !s->server))
+        return 0;
+    /*
+     * Special case for suite B. We *MUST* sign using SHA256+P-256 or
+     * SHA384+P-384.
+     */
+    if (check_ee_md && tls1_suiteb(s)) {
+        int check_md;
+        size_t i;
+        CERT *c = s->cert;
+
+        /* Check to see we have necessary signing algorithm */
+        if (group_id == TLSEXT_curve_P_256)
+            check_md = NID_ecdsa_with_SHA256;
+        else if (group_id == TLSEXT_curve_P_384)
+            check_md = NID_ecdsa_with_SHA384;
+        else
+            return 0;           /* Should never happen */
+        for (i = 0; i < c->shared_sigalgslen; i++) {
+            if (check_md == c->shared_sigalgs[i]->sigandhash)
+                return 1;;
+        }
+        return 0;
+    }
+    return 1;
+}
+
+/*
+ * tls1_check_ec_tmp_key - Check EC temporary key compatibility
+ * @s: SSL connection
+ * @cid: Cipher ID we're considering using
+ *
+ * Checks that the kECDHE cipher suite we're considering using
+ * is compatible with the client extensions.
+ *
+ * Returns 0 when the cipher can't be used or 1 when it can.
+ */
+int tls1_check_ec_tmp_key(SSL *s, unsigned long cid)
+{
+    /* If not Suite B just need a shared group */
+    if (!tls1_suiteb(s))
+        return tls1_shared_group(s, 0) != 0;
+    /*
+     * If Suite B, AES128 MUST use P-256 and AES256 MUST use P-384, no other
+     * curves permitted.
+     */
+    if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
+        return tls1_check_group_id(s, TLSEXT_curve_P_256, 1);
+    if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384)
+        return tls1_check_group_id(s, TLSEXT_curve_P_384, 1);
+
+    return 0;
+}
+
+#else
+
+static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md)
+{
+    return 1;
+}
+
+#endif                          /* OPENSSL_NO_EC */
+
+/* Default sigalg schemes */
+static const uint16_t tls12_sigalgs[] = {
+#ifndef OPENSSL_NO_EC
+    TLSEXT_SIGALG_ecdsa_secp256r1_sha256,
+    TLSEXT_SIGALG_ecdsa_secp384r1_sha384,
+    TLSEXT_SIGALG_ecdsa_secp521r1_sha512,
+    TLSEXT_SIGALG_ed25519,
+    TLSEXT_SIGALG_ed448,
+#endif
+
+    TLSEXT_SIGALG_rsa_pss_pss_sha256,
+    TLSEXT_SIGALG_rsa_pss_pss_sha384,
+    TLSEXT_SIGALG_rsa_pss_pss_sha512,
+    TLSEXT_SIGALG_rsa_pss_rsae_sha256,
+    TLSEXT_SIGALG_rsa_pss_rsae_sha384,
+    TLSEXT_SIGALG_rsa_pss_rsae_sha512,
+
+    TLSEXT_SIGALG_rsa_pkcs1_sha256,
+    TLSEXT_SIGALG_rsa_pkcs1_sha384,
+    TLSEXT_SIGALG_rsa_pkcs1_sha512,
+
+#ifndef OPENSSL_NO_EC
+    TLSEXT_SIGALG_ecdsa_sha224,
+    TLSEXT_SIGALG_ecdsa_sha1,
+#endif
+    TLSEXT_SIGALG_rsa_pkcs1_sha224,
+    TLSEXT_SIGALG_rsa_pkcs1_sha1,
+#ifndef OPENSSL_NO_DSA
+    TLSEXT_SIGALG_dsa_sha224,
+    TLSEXT_SIGALG_dsa_sha1,
+
+    TLSEXT_SIGALG_dsa_sha256,
+    TLSEXT_SIGALG_dsa_sha384,
+    TLSEXT_SIGALG_dsa_sha512,
+#endif
+#ifndef OPENSSL_NO_GOST
+    TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256,
+    TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512,
+    TLSEXT_SIGALG_gostr34102001_gostr3411,
+#endif
+};
+
+#ifndef OPENSSL_NO_EC
+static const uint16_t suiteb_sigalgs[] = {
+    TLSEXT_SIGALG_ecdsa_secp256r1_sha256,
+    TLSEXT_SIGALG_ecdsa_secp384r1_sha384
+};
+#endif
+
+static const SIGALG_LOOKUP sigalg_lookup_tbl[] = {
+#ifndef OPENSSL_NO_EC
+    {"ecdsa_secp256r1_sha256", TLSEXT_SIGALG_ecdsa_secp256r1_sha256,
+     NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_EC, SSL_PKEY_ECC,
+     NID_ecdsa_with_SHA256, NID_X9_62_prime256v1},
+    {"ecdsa_secp384r1_sha384", TLSEXT_SIGALG_ecdsa_secp384r1_sha384,
+     NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_EC, SSL_PKEY_ECC,
+     NID_ecdsa_with_SHA384, NID_secp384r1},
+    {"ecdsa_secp521r1_sha512", TLSEXT_SIGALG_ecdsa_secp521r1_sha512,
+     NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_EC, SSL_PKEY_ECC,
+     NID_ecdsa_with_SHA512, NID_secp521r1},
+    {"ed25519", TLSEXT_SIGALG_ed25519,
+     NID_undef, -1, EVP_PKEY_ED25519, SSL_PKEY_ED25519,
+     NID_undef, NID_undef},
+    {"ed448", TLSEXT_SIGALG_ed448,
+     NID_undef, -1, EVP_PKEY_ED448, SSL_PKEY_ED448,
+     NID_undef, NID_undef},
+    {NULL, TLSEXT_SIGALG_ecdsa_sha224,
+     NID_sha224, SSL_MD_SHA224_IDX, EVP_PKEY_EC, SSL_PKEY_ECC,
+     NID_ecdsa_with_SHA224, NID_undef},
+    {NULL, TLSEXT_SIGALG_ecdsa_sha1,
+     NID_sha1, SSL_MD_SHA1_IDX, EVP_PKEY_EC, SSL_PKEY_ECC,
+     NID_ecdsa_with_SHA1, NID_undef},
+#endif
+    {"rsa_pss_rsae_sha256", TLSEXT_SIGALG_rsa_pss_rsae_sha256,
+     NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA,
+     NID_undef, NID_undef},
+    {"rsa_pss_rsae_sha384", TLSEXT_SIGALG_rsa_pss_rsae_sha384,
+     NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA,
+     NID_undef, NID_undef},
+    {"rsa_pss_rsae_sha512", TLSEXT_SIGALG_rsa_pss_rsae_sha512,
+     NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA,
+     NID_undef, NID_undef},
+    {"rsa_pss_pss_sha256", TLSEXT_SIGALG_rsa_pss_pss_sha256,
+     NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA_PSS_SIGN,
+     NID_undef, NID_undef},
+    {"rsa_pss_pss_sha384", TLSEXT_SIGALG_rsa_pss_pss_sha384,
+     NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA_PSS_SIGN,
+     NID_undef, NID_undef},
+    {"rsa_pss_pss_sha512", TLSEXT_SIGALG_rsa_pss_pss_sha512,
+     NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA_PSS_SIGN,
+     NID_undef, NID_undef},
+    {"rsa_pkcs1_sha256", TLSEXT_SIGALG_rsa_pkcs1_sha256,
+     NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA,
+     NID_sha256WithRSAEncryption, NID_undef},
+    {"rsa_pkcs1_sha384", TLSEXT_SIGALG_rsa_pkcs1_sha384,
+     NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA,
+     NID_sha384WithRSAEncryption, NID_undef},
+    {"rsa_pkcs1_sha512", TLSEXT_SIGALG_rsa_pkcs1_sha512,
+     NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA,
+     NID_sha512WithRSAEncryption, NID_undef},
+    {"rsa_pkcs1_sha224", TLSEXT_SIGALG_rsa_pkcs1_sha224,
+     NID_sha224, SSL_MD_SHA224_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA,
+     NID_sha224WithRSAEncryption, NID_undef},
+    {"rsa_pkcs1_sha1", TLSEXT_SIGALG_rsa_pkcs1_sha1,
+     NID_sha1, SSL_MD_SHA1_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA,
+     NID_sha1WithRSAEncryption, NID_undef},
+#ifndef OPENSSL_NO_DSA
+    {NULL, TLSEXT_SIGALG_dsa_sha256,
+     NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN,
+     NID_dsa_with_SHA256, NID_undef},
+    {NULL, TLSEXT_SIGALG_dsa_sha384,
+     NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN,
+     NID_undef, NID_undef},
+    {NULL, TLSEXT_SIGALG_dsa_sha512,
+     NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN,
+     NID_undef, NID_undef},
+    {NULL, TLSEXT_SIGALG_dsa_sha224,
+     NID_sha224, SSL_MD_SHA224_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN,
+     NID_undef, NID_undef},
+    {NULL, TLSEXT_SIGALG_dsa_sha1,
+     NID_sha1, SSL_MD_SHA1_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN,
+     NID_dsaWithSHA1, NID_undef},
+#endif
+#ifndef OPENSSL_NO_GOST
+    {NULL, TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256,
+     NID_id_GostR3411_2012_256, SSL_MD_GOST12_256_IDX,
+     NID_id_GostR3410_2012_256, SSL_PKEY_GOST12_256,
+     NID_undef, NID_undef},
+    {NULL, TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512,
+     NID_id_GostR3411_2012_512, SSL_MD_GOST12_512_IDX,
+     NID_id_GostR3410_2012_512, SSL_PKEY_GOST12_512,
+     NID_undef, NID_undef},
+    {NULL, TLSEXT_SIGALG_gostr34102001_gostr3411,
+     NID_id_GostR3411_94, SSL_MD_GOST94_IDX,
+     NID_id_GostR3410_2001, SSL_PKEY_GOST01,
+     NID_undef, NID_undef}
+#endif
+};
+/* Legacy sigalgs for TLS < 1.2 RSA TLS signatures */
+static const SIGALG_LOOKUP legacy_rsa_sigalg = {
+    "rsa_pkcs1_md5_sha1", 0,
+     NID_md5_sha1, SSL_MD_MD5_SHA1_IDX,
+     EVP_PKEY_RSA, SSL_PKEY_RSA,
+     NID_undef, NID_undef
+};
+
+/*
+ * Default signature algorithm values used if signature algorithms not present.
+ * From RFC5246. Note: order must match certificate index order.
+ */
+static const uint16_t tls_default_sigalg[] = {
+    TLSEXT_SIGALG_rsa_pkcs1_sha1, /* SSL_PKEY_RSA */
+    0, /* SSL_PKEY_RSA_PSS_SIGN */
+    TLSEXT_SIGALG_dsa_sha1, /* SSL_PKEY_DSA_SIGN */
+    TLSEXT_SIGALG_ecdsa_sha1, /* SSL_PKEY_ECC */
+    TLSEXT_SIGALG_gostr34102001_gostr3411, /* SSL_PKEY_GOST01 */
+    TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256, /* SSL_PKEY_GOST12_256 */
+    TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512, /* SSL_PKEY_GOST12_512 */
+    0, /* SSL_PKEY_ED25519 */
+    0, /* SSL_PKEY_ED448 */
+};
+
+/* Lookup TLS signature algorithm */
+static const SIGALG_LOOKUP *tls1_lookup_sigalg(uint16_t sigalg)
+{
+    size_t i;
+    const SIGALG_LOOKUP *s;
+
+    for (i = 0, s = sigalg_lookup_tbl; i < OSSL_NELEM(sigalg_lookup_tbl);
+         i++, s++) {
+        if (s->sigalg == sigalg)
+            return s;
+    }
+    return NULL;
+}
+/* Lookup hash: return 0 if invalid or not enabled */
+int tls1_lookup_md(const SIGALG_LOOKUP *lu, const EVP_MD **pmd)
+{
+    const EVP_MD *md;
+    if (lu == NULL)
+        return 0;
+    /* lu->hash == NID_undef means no associated digest */
+    if (lu->hash == NID_undef) {
+        md = NULL;
+    } else {
+        md = ssl_md(lu->hash_idx);
+        if (md == NULL)
+            return 0;
+    }
+    if (pmd)
+        *pmd = md;
+    return 1;
+}
+
+/*
+ * Check if key is large enough to generate RSA-PSS signature.
+ *
+ * The key must greater than or equal to 2 * hash length + 2.
+ * SHA512 has a hash length of 64 bytes, which is incompatible
+ * with a 128 byte (1024 bit) key.
+ */
+#define RSA_PSS_MINIMUM_KEY_SIZE(md) (2 * EVP_MD_size(md) + 2)
+static int rsa_pss_check_min_key_size(const RSA *rsa, const SIGALG_LOOKUP *lu)
+{
+    const EVP_MD *md;
+
+    if (rsa == NULL)
+        return 0;
+    if (!tls1_lookup_md(lu, &md) || md == NULL)
+        return 0;
+    if (RSA_size(rsa) < RSA_PSS_MINIMUM_KEY_SIZE(md))
+        return 0;
+    return 1;
+}
+
+/*
+ * Return a signature algorithm for TLS < 1.2 where the signature type
+ * is fixed by the certificate type.
+ */
+static const SIGALG_LOOKUP *tls1_get_legacy_sigalg(const SSL *s, int idx)
+{
+    if (idx == -1) {
+        if (s->server) {
+            size_t i;
+
+            /* Work out index corresponding to ciphersuite */
+            for (i = 0; i < SSL_PKEY_NUM; i++) {
+                const SSL_CERT_LOOKUP *clu = ssl_cert_lookup_by_idx(i);
+
+                if (clu->amask & s->s3->tmp.new_cipher->algorithm_auth) {
+                    idx = i;
+                    break;
+                }
+            }
+
+            /*
+             * Some GOST ciphersuites allow more than one signature algorithms
+             * */
+            if (idx == SSL_PKEY_GOST01 && s->s3->tmp.new_cipher->algorithm_auth != SSL_aGOST01) {
+                int real_idx;
+
+                for (real_idx = SSL_PKEY_GOST12_512; real_idx >= SSL_PKEY_GOST01;
+                     real_idx--) {
+                    if (s->cert->pkeys[real_idx].privatekey != NULL) {
+                        idx = real_idx;
+                        break;
+                    }
+                }
+            }
+        } else {
+            idx = s->cert->key - s->cert->pkeys;
+        }
+    }
+    if (idx < 0 || idx >= (int)OSSL_NELEM(tls_default_sigalg))
+        return NULL;
+    if (SSL_USE_SIGALGS(s) || idx != SSL_PKEY_RSA) {
+        const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(tls_default_sigalg[idx]);
+
+        if (!tls1_lookup_md(lu, NULL))
+            return NULL;
+        return lu;
+    }
+    return &legacy_rsa_sigalg;
+}
+/* Set peer sigalg based key type */
+int tls1_set_peer_legacy_sigalg(SSL *s, const EVP_PKEY *pkey)
+{
+    size_t idx;
+    const SIGALG_LOOKUP *lu;
+
+    if (ssl_cert_lookup_by_pkey(pkey, &idx) == NULL)
+        return 0;
+    lu = tls1_get_legacy_sigalg(s, idx);
+    if (lu == NULL)
+        return 0;
+    s->s3->tmp.peer_sigalg = lu;
+    return 1;
+}
+
+size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs)
+{
+    /*
+     * If Suite B mode use Suite B sigalgs only, ignore any other
+     * preferences.
+     */
+#ifndef OPENSSL_NO_EC
+    switch (tls1_suiteb(s)) {
+    case SSL_CERT_FLAG_SUITEB_128_LOS:
+        *psigs = suiteb_sigalgs;
+        return OSSL_NELEM(suiteb_sigalgs);
+
+    case SSL_CERT_FLAG_SUITEB_128_LOS_ONLY:
+        *psigs = suiteb_sigalgs;
+        return 1;
+
+    case SSL_CERT_FLAG_SUITEB_192_LOS:
+        *psigs = suiteb_sigalgs + 1;
+        return 1;
+    }
+#endif
+    /*
+     *  We use client_sigalgs (if not NULL) if we're a server
+     *  and sending a certificate request or if we're a client and
+     *  determining which shared algorithm to use.
+     */
+    if ((s->server == sent) && s->cert->client_sigalgs != NULL) {
+        *psigs = s->cert->client_sigalgs;
+        return s->cert->client_sigalgslen;
+    } else if (s->cert->conf_sigalgs) {
+        *psigs = s->cert->conf_sigalgs;
+        return s->cert->conf_sigalgslen;
+    } else {
+        *psigs = tls12_sigalgs;
+        return OSSL_NELEM(tls12_sigalgs);
+    }
+}
+
+#ifndef OPENSSL_NO_EC
+/*
+ * Called by servers only. Checks that we have a sig alg that supports the
+ * specified EC curve.
+ */
+int tls_check_sigalg_curve(const SSL *s, int curve)
+{
+   const uint16_t *sigs;
+   size_t siglen, i;
+
+    if (s->cert->conf_sigalgs) {
+        sigs = s->cert->conf_sigalgs;
+        siglen = s->cert->conf_sigalgslen;
+    } else {
+        sigs = tls12_sigalgs;
+        siglen = OSSL_NELEM(tls12_sigalgs);
+    }
+
+    for (i = 0; i < siglen; i++) {
+        const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(sigs[i]);
+
+        if (lu == NULL)
+            continue;
+        if (lu->sig == EVP_PKEY_EC
+                && lu->curve != NID_undef
+                && curve == lu->curve)
+            return 1;
+    }
+
+    return 0;
+}
+#endif
+
+/*
+ * Check signature algorithm is consistent with sent supported signature
+ * algorithms and if so set relevant digest and signature scheme in
+ * s.
+ */
+int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
+{
+    const uint16_t *sent_sigs;
+    const EVP_MD *md = NULL;
+    char sigalgstr[2];
+    size_t sent_sigslen, i, cidx;
+    int pkeyid = EVP_PKEY_id(pkey);
+    const SIGALG_LOOKUP *lu;
+
+    /* Should never happen */
+    if (pkeyid == -1)
+        return -1;
+    if (SSL_IS_TLS13(s)) {
+        /* Disallow DSA for TLS 1.3 */
+        if (pkeyid == EVP_PKEY_DSA) {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS12_CHECK_PEER_SIGALG,
+                     SSL_R_WRONG_SIGNATURE_TYPE);
+            return 0;
+        }
+        /* Only allow PSS for TLS 1.3 */
+        if (pkeyid == EVP_PKEY_RSA)
+            pkeyid = EVP_PKEY_RSA_PSS;
+    }
+    lu = tls1_lookup_sigalg(sig);
+    /*
+     * Check sigalgs is known. Disallow SHA1/SHA224 with TLS 1.3. Check key type
+     * is consistent with signature: RSA keys can be used for RSA-PSS
+     */
+    if (lu == NULL
+        || (SSL_IS_TLS13(s) && (lu->hash == NID_sha1 || lu->hash == NID_sha224))
+        || (pkeyid != lu->sig
+        && (lu->sig != EVP_PKEY_RSA_PSS || pkeyid != EVP_PKEY_RSA))) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS12_CHECK_PEER_SIGALG,
+                 SSL_R_WRONG_SIGNATURE_TYPE);
+        return 0;
+    }
+    /* Check the sigalg is consistent with the key OID */
+    if (!ssl_cert_lookup_by_nid(EVP_PKEY_id(pkey), &cidx)
+            || lu->sig_idx != (int)cidx) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS12_CHECK_PEER_SIGALG,
+                 SSL_R_WRONG_SIGNATURE_TYPE);
+        return 0;
+    }
+
+#ifndef OPENSSL_NO_EC
+    if (pkeyid == EVP_PKEY_EC) {
+
+        /* Check point compression is permitted */
+        if (!tls1_check_pkey_comp(s, pkey)) {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                     SSL_F_TLS12_CHECK_PEER_SIGALG,
+                     SSL_R_ILLEGAL_POINT_COMPRESSION);
+            return 0;
+        }
+
+        /* For TLS 1.3 or Suite B check curve matches signature algorithm */
+        if (SSL_IS_TLS13(s) || tls1_suiteb(s)) {
+            EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
+            int curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
+
+            if (lu->curve != NID_undef && curve != lu->curve) {
+                SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                         SSL_F_TLS12_CHECK_PEER_SIGALG, SSL_R_WRONG_CURVE);
+                return 0;
+            }
+        }
+        if (!SSL_IS_TLS13(s)) {
+            /* Check curve matches extensions */
+            if (!tls1_check_group_id(s, tls1_get_group_id(pkey), 1)) {
+                SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                         SSL_F_TLS12_CHECK_PEER_SIGALG, SSL_R_WRONG_CURVE);
+                return 0;
+            }
+            if (tls1_suiteb(s)) {
+                /* Check sigalg matches a permissible Suite B value */
+                if (sig != TLSEXT_SIGALG_ecdsa_secp256r1_sha256
+                    && sig != TLSEXT_SIGALG_ecdsa_secp384r1_sha384) {
+                    SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                             SSL_F_TLS12_CHECK_PEER_SIGALG,
+                             SSL_R_WRONG_SIGNATURE_TYPE);
+                    return 0;
+                }
+            }
+        }
+    } else if (tls1_suiteb(s)) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS12_CHECK_PEER_SIGALG,
+                 SSL_R_WRONG_SIGNATURE_TYPE);
+        return 0;
+    }
+#endif
+
+    /* Check signature matches a type we sent */
+    sent_sigslen = tls12_get_psigalgs(s, 1, &sent_sigs);
+    for (i = 0; i < sent_sigslen; i++, sent_sigs++) {
+        if (sig == *sent_sigs)
+            break;
+    }
+    /* Allow fallback to SHA1 if not strict mode */
+    if (i == sent_sigslen && (lu->hash != NID_sha1
+        || s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT)) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS12_CHECK_PEER_SIGALG,
+                 SSL_R_WRONG_SIGNATURE_TYPE);
+        return 0;
+    }
+    if (!tls1_lookup_md(lu, &md)) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS12_CHECK_PEER_SIGALG,
+                 SSL_R_UNKNOWN_DIGEST);
+        return 0;
+    }
+    if (md != NULL) {
+        /*
+         * Make sure security callback allows algorithm. For historical
+         * reasons we have to pass the sigalg as a two byte char array.
+         */
+        sigalgstr[0] = (sig >> 8) & 0xff;
+        sigalgstr[1] = sig & 0xff;
+        if (!ssl_security(s, SSL_SECOP_SIGALG_CHECK,
+                    EVP_MD_size(md) * 4, EVP_MD_type(md),
+                    (void *)sigalgstr)) {
+            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS12_CHECK_PEER_SIGALG,
+                     SSL_R_WRONG_SIGNATURE_TYPE);
+            return 0;
+        }
+    }
+    /* Store the sigalg the peer uses */
+    s->s3->tmp.peer_sigalg = lu;
+    return 1;
+}
+
+int SSL_get_peer_signature_type_nid(const SSL *s, int *pnid)
+{
+    if (s->s3->tmp.peer_sigalg == NULL)
+        return 0;
+    *pnid = s->s3->tmp.peer_sigalg->sig;
+    return 1;
+}
+
+int SSL_get_signature_type_nid(const SSL *s, int *pnid)
+{
+    if (s->s3->tmp.sigalg == NULL)
+        return 0;
+    *pnid = s->s3->tmp.sigalg->sig;
+    return 1;
+}
+
+/*
+ * Set a mask of disabled algorithms: an algorithm is disabled if it isn't
+ * supported, doesn't appear in supported signature algorithms, isn't supported
+ * by the enabled protocol versions or by the security level.
+ *
+ * This function should only be used for checking which ciphers are supported
+ * by the client.
+ *
+ * Call ssl_cipher_disabled() to check that it's enabled or not.
+ */
+int ssl_set_client_disabled(SSL *s)
+{
+    s->s3->tmp.mask_a = 0;
+    s->s3->tmp.mask_k = 0;
+    ssl_set_sig_mask(&s->s3->tmp.mask_a, s, SSL_SECOP_SIGALG_MASK);
+    if (ssl_get_min_max_version(s, &s->s3->tmp.min_ver,
+                                &s->s3->tmp.max_ver, NULL) != 0)
+        return 0;
+#ifndef OPENSSL_NO_PSK
+    /* with PSK there must be client callback set */
+    if (!s->psk_client_callback) {
+        s->s3->tmp.mask_a |= SSL_aPSK;
+        s->s3->tmp.mask_k |= SSL_PSK;
+    }
+#endif                          /* OPENSSL_NO_PSK */
+#ifndef OPENSSL_NO_SRP
+    if (!(s->srp_ctx.srp_Mask & SSL_kSRP)) {
+        s->s3->tmp.mask_a |= SSL_aSRP;
+        s->s3->tmp.mask_k |= SSL_kSRP;
+    }
+#endif
+    return 1;
+}
+
+/*
+ * ssl_cipher_disabled - check that a cipher is disabled or not
+ * @s: SSL connection that you want to use the cipher on
+ * @c: cipher to check
+ * @op: Security check that you want to do
+ * @ecdhe: If set to 1 then TLSv1 ECDHE ciphers are also allowed in SSLv3
+ *
+ * Returns 1 when it's disabled, 0 when enabled.
+ */
+int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op, int ecdhe)
+{
+    if (c->algorithm_mkey & s->s3->tmp.mask_k
+        || c->algorithm_auth & s->s3->tmp.mask_a)
+        return 1;
+    if (s->s3->tmp.max_ver == 0)
+        return 1;
+    if (!SSL_IS_DTLS(s)) {
+        int min_tls = c->min_tls;
+
+        /*
+         * For historical reasons we will allow ECHDE to be selected by a server
+         * in SSLv3 if we are a client
+         */
+        if (min_tls == TLS1_VERSION && ecdhe
+                && (c->algorithm_mkey & (SSL_kECDHE | SSL_kECDHEPSK)) != 0)
+            min_tls = SSL3_VERSION;
+
+        if ((min_tls > s->s3->tmp.max_ver) || (c->max_tls < s->s3->tmp.min_ver))
+            return 1;
+    }
+    if (SSL_IS_DTLS(s) && (DTLS_VERSION_GT(c->min_dtls, s->s3->tmp.max_ver)
+                           || DTLS_VERSION_LT(c->max_dtls, s->s3->tmp.min_ver)))
+        return 1;
+
+    return !ssl_security(s, op, c->strength_bits, 0, (void *)c);
+}
+
+int tls_use_ticket(SSL *s)
+{
+    if ((s->options & SSL_OP_NO_TICKET))
+        return 0;
+    return ssl_security(s, SSL_SECOP_TICKET, 0, 0, NULL);
+}
+
+int tls1_set_server_sigalgs(SSL *s)
+{
+    size_t i;
+
+    /* Clear any shared signature algorithms */
+    OPENSSL_free(s->cert->shared_sigalgs);
+    s->cert->shared_sigalgs = NULL;
+    s->cert->shared_sigalgslen = 0;
+    /* Clear certificate validity flags */
+    for (i = 0; i < SSL_PKEY_NUM; i++)
+        s->s3->tmp.valid_flags[i] = 0;
+    /*
+     * If peer sent no signature algorithms check to see if we support
+     * the default algorithm for each certificate type
+     */
+    if (s->s3->tmp.peer_cert_sigalgs == NULL
+            && s->s3->tmp.peer_sigalgs == NULL) {
+        const uint16_t *sent_sigs;
+        size_t sent_sigslen = tls12_get_psigalgs(s, 1, &sent_sigs);
+
+        for (i = 0; i < SSL_PKEY_NUM; i++) {
+            const SIGALG_LOOKUP *lu = tls1_get_legacy_sigalg(s, i);
+            size_t j;
+
+            if (lu == NULL)
+                continue;
+            /* Check default matches a type we sent */
+            for (j = 0; j < sent_sigslen; j++) {
+                if (lu->sigalg == sent_sigs[j]) {
+                        s->s3->tmp.valid_flags[i] = CERT_PKEY_SIGN;
+                        break;
+                }
+            }
+        }
+        return 1;
+    }
+
+    if (!tls1_process_sigalgs(s)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS1_SET_SERVER_SIGALGS, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    if (s->cert->shared_sigalgs != NULL)
+        return 1;
+
+    /* Fatal error if no shared signature algorithms */
+    SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS1_SET_SERVER_SIGALGS,
+             SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS);
+    return 0;
+}
+
+/*-
+ * Gets the ticket information supplied by the client if any.
+ *
+ *   hello: The parsed ClientHello data
+ *   ret: (output) on return, if a ticket was decrypted, then this is set to
+ *       point to the resulting session.
+ */
+SSL_TICKET_STATUS tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello,
+                                             SSL_SESSION **ret)
+{
+    size_t size;
+    RAW_EXTENSION *ticketext;
+
+    *ret = NULL;
+    s->ext.ticket_expected = 0;
+
+    /*
+     * If tickets disabled or not supported by the protocol version
+     * (e.g. TLSv1.3) behave as if no ticket present to permit stateful
+     * resumption.
+     */
+    if (s->version <= SSL3_VERSION || !tls_use_ticket(s))
+        return SSL_TICKET_NONE;
+
+    ticketext = &hello->pre_proc_exts[TLSEXT_IDX_session_ticket];
+    if (!ticketext->present)
+        return SSL_TICKET_NONE;
+
+    size = PACKET_remaining(&ticketext->data);
+
+    return tls_decrypt_ticket(s, PACKET_data(&ticketext->data), size,
+                              hello->session_id, hello->session_id_len, ret);
+}
+
+/*-
+ * tls_decrypt_ticket attempts to decrypt a session ticket.
+ *
+ * If s->tls_session_secret_cb is set and we're not doing TLSv1.3 then we are
+ * expecting a pre-shared key ciphersuite, in which case we have no use for
+ * session tickets and one will never be decrypted, nor will
+ * s->ext.ticket_expected be set to 1.
+ *
+ * Side effects:
+ *   Sets s->ext.ticket_expected to 1 if the server will have to issue
+ *   a new session ticket to the client because the client indicated support
+ *   (and s->tls_session_secret_cb is NULL) but the client either doesn't have
+ *   a session ticket or we couldn't use the one it gave us, or if
+ *   s->ctx->ext.ticket_key_cb asked to renew the client's ticket.
+ *   Otherwise, s->ext.ticket_expected is set to 0.
+ *
+ *   etick: points to the body of the session ticket extension.
+ *   eticklen: the length of the session tickets extension.
+ *   sess_id: points at the session ID.
+ *   sesslen: the length of the session ID.
+ *   psess: (output) on return, if a ticket was decrypted, then this is set to
+ *       point to the resulting session.
+ */
+SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick,
+                                     size_t eticklen, const unsigned char *sess_id,
+                                     size_t sesslen, SSL_SESSION **psess)
+{
+    SSL_SESSION *sess = NULL;
+    unsigned char *sdec;
+    const unsigned char *p;
+    int slen, renew_ticket = 0, declen;
+    SSL_TICKET_STATUS ret = SSL_TICKET_FATAL_ERR_OTHER;
+    size_t mlen;
+    unsigned char tick_hmac[EVP_MAX_MD_SIZE];
+    HMAC_CTX *hctx = NULL;
+    EVP_CIPHER_CTX *ctx = NULL;
+    SSL_CTX *tctx = s->session_ctx;
+
+    if (eticklen == 0) {
+        /*
+         * The client will accept a ticket but doesn't currently have
+         * one (TLSv1.2 and below), or treated as a fatal error in TLSv1.3
+         */
+        ret = SSL_TICKET_EMPTY;
+        goto end;
+    }
+    if (!SSL_IS_TLS13(s) && s->ext.session_secret_cb) {
+        /*
+         * Indicate that the ticket couldn't be decrypted rather than
+         * generating the session from ticket now, trigger
+         * abbreviated handshake based on external mechanism to
+         * calculate the master secret later.
+         */
+        ret = SSL_TICKET_NO_DECRYPT;
+        goto end;
+    }
+
+    /* Need at least keyname + iv */
+    if (eticklen < TLSEXT_KEYNAME_LENGTH + EVP_MAX_IV_LENGTH) {
+        ret = SSL_TICKET_NO_DECRYPT;
+        goto end;
+    }
+
+    /* Initialize session ticket encryption and HMAC contexts */
+    hctx = HMAC_CTX_new();
+    if (hctx == NULL) {
+        ret = SSL_TICKET_FATAL_ERR_MALLOC;
+        goto end;
+    }
+    ctx = EVP_CIPHER_CTX_new();
+    if (ctx == NULL) {
+        ret = SSL_TICKET_FATAL_ERR_MALLOC;
+        goto end;
+    }
+    if (tctx->ext.ticket_key_cb) {
+        unsigned char *nctick = (unsigned char *)etick;
+        int rv = tctx->ext.ticket_key_cb(s, nctick,
+                                         nctick + TLSEXT_KEYNAME_LENGTH,
+                                         ctx, hctx, 0);
+        if (rv < 0) {
+            ret = SSL_TICKET_FATAL_ERR_OTHER;
+            goto end;
+        }
+        if (rv == 0) {
+            ret = SSL_TICKET_NO_DECRYPT;
+            goto end;
+        }
+        if (rv == 2)
+            renew_ticket = 1;
+    } else {
+        /* Check key name matches */
+        if (memcmp(etick, tctx->ext.tick_key_name,
+                   TLSEXT_KEYNAME_LENGTH) != 0) {
+            ret = SSL_TICKET_NO_DECRYPT;
+            goto end;
+        }
+        if (HMAC_Init_ex(hctx, tctx->ext.secure->tick_hmac_key,
+                         sizeof(tctx->ext.secure->tick_hmac_key),
+                         EVP_sha256(), NULL) <= 0
+            || EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL,
+                                  tctx->ext.secure->tick_aes_key,
+                                  etick + TLSEXT_KEYNAME_LENGTH) <= 0) {
+            ret = SSL_TICKET_FATAL_ERR_OTHER;
+            goto end;
+        }
+        if (SSL_IS_TLS13(s))
+            renew_ticket = 1;
+    }
+    /*
+     * Attempt to process session ticket, first conduct sanity and integrity
+     * checks on ticket.
+     */
+    mlen = HMAC_size(hctx);
+    if (mlen == 0) {
+        ret = SSL_TICKET_FATAL_ERR_OTHER;
+        goto end;
+    }
+
+    /* Sanity check ticket length: must exceed keyname + IV + HMAC */
+    if (eticklen <=
+        TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_iv_length(ctx) + mlen) {
+        ret = SSL_TICKET_NO_DECRYPT;
+        goto end;
+    }
+    eticklen -= mlen;
+    /* Check HMAC of encrypted ticket */
+    if (HMAC_Update(hctx, etick, eticklen) <= 0
+        || HMAC_Final(hctx, tick_hmac, NULL) <= 0) {
+        ret = SSL_TICKET_FATAL_ERR_OTHER;
+        goto end;
+    }
+
+    if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen)) {
+        ret = SSL_TICKET_NO_DECRYPT;
+        goto end;
+    }
+    /* Attempt to decrypt session data */
+    /* Move p after IV to start of encrypted ticket, update length */
+    p = etick + TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_iv_length(ctx);
+    eticklen -= TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_iv_length(ctx);
+    sdec = OPENSSL_malloc(eticklen);
+    if (sdec == NULL || EVP_DecryptUpdate(ctx, sdec, &slen, p,
+                                          (int)eticklen) <= 0) {
+        OPENSSL_free(sdec);
+        ret = SSL_TICKET_FATAL_ERR_OTHER;
+        goto end;
+    }
+    if (EVP_DecryptFinal(ctx, sdec + slen, &declen) <= 0) {
+        OPENSSL_free(sdec);
+        ret = SSL_TICKET_NO_DECRYPT;
+        goto end;
+    }
+    slen += declen;
+    p = sdec;
+
+    sess = d2i_SSL_SESSION(NULL, &p, slen);
+    slen -= p - sdec;
+    OPENSSL_free(sdec);
+    if (sess) {
+        /* Some additional consistency checks */
+        if (slen != 0) {
+            SSL_SESSION_free(sess);
+            sess = NULL;
+            ret = SSL_TICKET_NO_DECRYPT;
+            goto end;
+        }
+        /*
+         * The session ID, if non-empty, is used by some clients to detect
+         * that the ticket has been accepted. So we copy it to the session
+         * structure. If it is empty set length to zero as required by
+         * standard.
+         */
+        if (sesslen) {
+            memcpy(sess->session_id, sess_id, sesslen);
+            sess->session_id_length = sesslen;
+        }
+        if (renew_ticket)
+            ret = SSL_TICKET_SUCCESS_RENEW;
+        else
+            ret = SSL_TICKET_SUCCESS;
+        goto end;
+    }
+    ERR_clear_error();
+    /*
+     * For session parse failure, indicate that we need to send a new ticket.
+     */
+    ret = SSL_TICKET_NO_DECRYPT;
+
+ end:
+    EVP_CIPHER_CTX_free(ctx);
+    HMAC_CTX_free(hctx);
+
+    /*
+     * If set, the decrypt_ticket_cb() is called unless a fatal error was
+     * detected above. The callback is responsible for checking |ret| before it
+     * performs any action
+     */
+    if (s->session_ctx->decrypt_ticket_cb != NULL
+            && (ret == SSL_TICKET_EMPTY
+                || ret == SSL_TICKET_NO_DECRYPT
+                || ret == SSL_TICKET_SUCCESS
+                || ret == SSL_TICKET_SUCCESS_RENEW)) {
+        size_t keyname_len = eticklen;
+        int retcb;
+
+        if (keyname_len > TLSEXT_KEYNAME_LENGTH)
+            keyname_len = TLSEXT_KEYNAME_LENGTH;
+        retcb = s->session_ctx->decrypt_ticket_cb(s, sess, etick, keyname_len,
+                                                  ret,
+                                                  s->session_ctx->ticket_cb_data);
+        switch (retcb) {
+        case SSL_TICKET_RETURN_ABORT:
+            ret = SSL_TICKET_FATAL_ERR_OTHER;
+            break;
+
+        case SSL_TICKET_RETURN_IGNORE:
+            ret = SSL_TICKET_NONE;
+            SSL_SESSION_free(sess);
+            sess = NULL;
+            break;
+
+        case SSL_TICKET_RETURN_IGNORE_RENEW:
+            if (ret != SSL_TICKET_EMPTY && ret != SSL_TICKET_NO_DECRYPT)
+                ret = SSL_TICKET_NO_DECRYPT;
+            /* else the value of |ret| will already do the right thing */
+            SSL_SESSION_free(sess);
+            sess = NULL;
+            break;
+
+        case SSL_TICKET_RETURN_USE:
+        case SSL_TICKET_RETURN_USE_RENEW:
+            if (ret != SSL_TICKET_SUCCESS
+                    && ret != SSL_TICKET_SUCCESS_RENEW)
+                ret = SSL_TICKET_FATAL_ERR_OTHER;
+            else if (retcb == SSL_TICKET_RETURN_USE)
+                ret = SSL_TICKET_SUCCESS;
+            else
+                ret = SSL_TICKET_SUCCESS_RENEW;
+            break;
+
+        default:
+            ret = SSL_TICKET_FATAL_ERR_OTHER;
+        }
+    }
+
+    if (s->ext.session_secret_cb == NULL || SSL_IS_TLS13(s)) {
+        switch (ret) {
+        case SSL_TICKET_NO_DECRYPT:
+        case SSL_TICKET_SUCCESS_RENEW:
+        case SSL_TICKET_EMPTY:
+            s->ext.ticket_expected = 1;
+        }
+    }
+
+    *psess = sess;
+
+    return ret;
+}
+
+/* Check to see if a signature algorithm is allowed */
+static int tls12_sigalg_allowed(SSL *s, int op, const SIGALG_LOOKUP *lu)
+{
+    unsigned char sigalgstr[2];
+    int secbits;
+
+    /* See if sigalgs is recognised and if hash is enabled */
+    if (!tls1_lookup_md(lu, NULL))
+        return 0;
+    /* DSA is not allowed in TLS 1.3 */
+    if (SSL_IS_TLS13(s) && lu->sig == EVP_PKEY_DSA)
+        return 0;
+    /* TODO(OpenSSL1.2) fully axe DSA/etc. in ClientHello per TLS 1.3 spec */
+    if (!s->server && !SSL_IS_DTLS(s) && s->s3->tmp.min_ver >= TLS1_3_VERSION
+        && (lu->sig == EVP_PKEY_DSA || lu->hash_idx == SSL_MD_SHA1_IDX
+            || lu->hash_idx == SSL_MD_MD5_IDX
+            || lu->hash_idx == SSL_MD_SHA224_IDX))
+        return 0;
+
+    /* See if public key algorithm allowed */
+    if (ssl_cert_is_disabled(lu->sig_idx))
+        return 0;
+
+    if (lu->sig == NID_id_GostR3410_2012_256
+            || lu->sig == NID_id_GostR3410_2012_512
+            || lu->sig == NID_id_GostR3410_2001) {
+        /* We never allow GOST sig algs on the server with TLSv1.3 */
+        if (s->server && SSL_IS_TLS13(s))
+            return 0;
+        if (!s->server
+                && s->method->version == TLS_ANY_VERSION
+                && s->s3->tmp.max_ver >= TLS1_3_VERSION) {
+            int i, num;
+            STACK_OF(SSL_CIPHER) *sk;
+
+            /*
+             * We're a client that could negotiate TLSv1.3. We only allow GOST
+             * sig algs if we could negotiate TLSv1.2 or below and we have GOST
+             * ciphersuites enabled.
+             */
+
+            if (s->s3->tmp.min_ver >= TLS1_3_VERSION)
+                return 0;
+
+            sk = SSL_get_ciphers(s);
+            num = sk != NULL ? sk_SSL_CIPHER_num(sk) : 0;
+            for (i = 0; i < num; i++) {
+                const SSL_CIPHER *c;
+
+                c = sk_SSL_CIPHER_value(sk, i);
+                /* Skip disabled ciphers */
+                if (ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_SUPPORTED, 0))
+                    continue;
+
+                if ((c->algorithm_mkey & SSL_kGOST) != 0)
+                    break;
+            }
+            if (i == num)
+                return 0;
+        }
+    }
+
+    if (lu->hash == NID_undef)
+        return 1;
+    /* Security bits: half digest bits */
+    secbits = EVP_MD_size(ssl_md(lu->hash_idx)) * 4;
+    /* Finally see if security callback allows it */
+    sigalgstr[0] = (lu->sigalg >> 8) & 0xff;
+    sigalgstr[1] = lu->sigalg & 0xff;
+    return ssl_security(s, op, secbits, lu->hash, (void *)sigalgstr);
+}
+
+/*
+ * Get a mask of disabled public key algorithms based on supported signature
+ * algorithms. For example if no signature algorithm supports RSA then RSA is
+ * disabled.
+ */
+
+void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op)
+{
+    const uint16_t *sigalgs;
+    size_t i, sigalgslen;
+    uint32_t disabled_mask = SSL_aRSA | SSL_aDSS | SSL_aECDSA;
+    /*
+     * Go through all signature algorithms seeing if we support any
+     * in disabled_mask.
+     */
+    sigalgslen = tls12_get_psigalgs(s, 1, &sigalgs);
+    for (i = 0; i < sigalgslen; i++, sigalgs++) {
+        const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(*sigalgs);
+        const SSL_CERT_LOOKUP *clu;
+
+        if (lu == NULL)
+            continue;
+
+        clu = ssl_cert_lookup_by_idx(lu->sig_idx);
+	if (clu == NULL)
+		continue;
+
+        /* If algorithm is disabled see if we can enable it */
+        if ((clu->amask & disabled_mask) != 0
+                && tls12_sigalg_allowed(s, op, lu))
+            disabled_mask &= ~clu->amask;
+    }
+    *pmask_a |= disabled_mask;
+}
+
+int tls12_copy_sigalgs(SSL *s, WPACKET *pkt,
+                       const uint16_t *psig, size_t psiglen)
+{
+    size_t i;
+    int rv = 0;
+
+    for (i = 0; i < psiglen; i++, psig++) {
+        const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(*psig);
+
+        if (!tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SUPPORTED, lu))
+            continue;
+        if (!WPACKET_put_bytes_u16(pkt, *psig))
+            return 0;
+        /*
+         * If TLS 1.3 must have at least one valid TLS 1.3 message
+         * signing algorithm: i.e. neither RSA nor SHA1/SHA224
+         */
+        if (rv == 0 && (!SSL_IS_TLS13(s)
+            || (lu->sig != EVP_PKEY_RSA
+                && lu->hash != NID_sha1
+                && lu->hash != NID_sha224)))
+            rv = 1;
+    }
+    if (rv == 0)
+        SSLerr(SSL_F_TLS12_COPY_SIGALGS, SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM);
+    return rv;
+}
+
+/* Given preference and allowed sigalgs set shared sigalgs */
+static size_t tls12_shared_sigalgs(SSL *s, const SIGALG_LOOKUP **shsig,
+                                   const uint16_t *pref, size_t preflen,
+                                   const uint16_t *allow, size_t allowlen)
+{
+    const uint16_t *ptmp, *atmp;
+    size_t i, j, nmatch = 0;
+    for (i = 0, ptmp = pref; i < preflen; i++, ptmp++) {
+        const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(*ptmp);
+
+        /* Skip disabled hashes or signature algorithms */
+        if (!tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SHARED, lu))
+            continue;
+        for (j = 0, atmp = allow; j < allowlen; j++, atmp++) {
+            if (*ptmp == *atmp) {
+                nmatch++;
+                if (shsig)
+                    *shsig++ = lu;
+                break;
+            }
+        }
+    }
+    return nmatch;
+}
+
+/* Set shared signature algorithms for SSL structures */
+static int tls1_set_shared_sigalgs(SSL *s)
+{
+    const uint16_t *pref, *allow, *conf;
+    size_t preflen, allowlen, conflen;
+    size_t nmatch;
+    const SIGALG_LOOKUP **salgs = NULL;
+    CERT *c = s->cert;
+    unsigned int is_suiteb = tls1_suiteb(s);
+
+    OPENSSL_free(c->shared_sigalgs);
+    c->shared_sigalgs = NULL;
+    c->shared_sigalgslen = 0;
+    /* If client use client signature algorithms if not NULL */
+    if (!s->server && c->client_sigalgs && !is_suiteb) {
+        conf = c->client_sigalgs;
+        conflen = c->client_sigalgslen;
+    } else if (c->conf_sigalgs && !is_suiteb) {
+        conf = c->conf_sigalgs;
+        conflen = c->conf_sigalgslen;
+    } else
+        conflen = tls12_get_psigalgs(s, 0, &conf);
+    if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || is_suiteb) {
+        pref = conf;
+        preflen = conflen;
+        allow = s->s3->tmp.peer_sigalgs;
+        allowlen = s->s3->tmp.peer_sigalgslen;
+    } else {
+        allow = conf;
+        allowlen = conflen;
+        pref = s->s3->tmp.peer_sigalgs;
+        preflen = s->s3->tmp.peer_sigalgslen;
+    }
+    nmatch = tls12_shared_sigalgs(s, NULL, pref, preflen, allow, allowlen);
+    if (nmatch) {
+        if ((salgs = OPENSSL_malloc(nmatch * sizeof(*salgs))) == NULL) {
+            SSLerr(SSL_F_TLS1_SET_SHARED_SIGALGS, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        nmatch = tls12_shared_sigalgs(s, salgs, pref, preflen, allow, allowlen);
+    } else {
+        salgs = NULL;
+    }
+    c->shared_sigalgs = salgs;
+    c->shared_sigalgslen = nmatch;
+    return 1;
+}
+
+int tls1_save_u16(PACKET *pkt, uint16_t **pdest, size_t *pdestlen)
+{
+    unsigned int stmp;
+    size_t size, i;
+    uint16_t *buf;
+
+    size = PACKET_remaining(pkt);
+
+    /* Invalid data length */
+    if (size == 0 || (size & 1) != 0)
+        return 0;
+
+    size >>= 1;
+
+    if ((buf = OPENSSL_malloc(size * sizeof(*buf))) == NULL)  {
+        SSLerr(SSL_F_TLS1_SAVE_U16, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    for (i = 0; i < size && PACKET_get_net_2(pkt, &stmp); i++)
+        buf[i] = stmp;
+
+    if (i != size) {
+        OPENSSL_free(buf);
+        return 0;
+    }
+
+    OPENSSL_free(*pdest);
+    *pdest = buf;
+    *pdestlen = size;
+
+    return 1;
+}
+
+int tls1_save_sigalgs(SSL *s, PACKET *pkt, int cert)
+{
+    /* Extension ignored for inappropriate versions */
+    if (!SSL_USE_SIGALGS(s))
+        return 1;
+    /* Should never happen */
+    if (s->cert == NULL)
+        return 0;
+
+    if (cert)
+        return tls1_save_u16(pkt, &s->s3->tmp.peer_cert_sigalgs,
+                             &s->s3->tmp.peer_cert_sigalgslen);
+    else
+        return tls1_save_u16(pkt, &s->s3->tmp.peer_sigalgs,
+                             &s->s3->tmp.peer_sigalgslen);
+
+}
+
+/* Set preferred digest for each key type */
+
+int tls1_process_sigalgs(SSL *s)
+{
+    size_t i;
+    uint32_t *pvalid = s->s3->tmp.valid_flags;
+    CERT *c = s->cert;
+
+    if (!tls1_set_shared_sigalgs(s))
+        return 0;
+
+    for (i = 0; i < SSL_PKEY_NUM; i++)
+        pvalid[i] = 0;
+
+    for (i = 0; i < c->shared_sigalgslen; i++) {
+        const SIGALG_LOOKUP *sigptr = c->shared_sigalgs[i];
+        int idx = sigptr->sig_idx;
+
+        /* Ignore PKCS1 based sig algs in TLSv1.3 */
+        if (SSL_IS_TLS13(s) && sigptr->sig == EVP_PKEY_RSA)
+            continue;
+        /* If not disabled indicate we can explicitly sign */
+        if (pvalid[idx] == 0 && !ssl_cert_is_disabled(idx))
+            pvalid[idx] = CERT_PKEY_EXPLICIT_SIGN | CERT_PKEY_SIGN;
+    }
+    return 1;
+}
+
+int SSL_get_sigalgs(SSL *s, int idx,
+                    int *psign, int *phash, int *psignhash,
+                    unsigned char *rsig, unsigned char *rhash)
+{
+    uint16_t *psig = s->s3->tmp.peer_sigalgs;
+    size_t numsigalgs = s->s3->tmp.peer_sigalgslen;
+    if (psig == NULL || numsigalgs > INT_MAX)
+        return 0;
+    if (idx >= 0) {
+        const SIGALG_LOOKUP *lu;
+
+        if (idx >= (int)numsigalgs)
+            return 0;
+        psig += idx;
+        if (rhash != NULL)
+            *rhash = (unsigned char)((*psig >> 8) & 0xff);
+        if (rsig != NULL)
+            *rsig = (unsigned char)(*psig & 0xff);
+        lu = tls1_lookup_sigalg(*psig);
+        if (psign != NULL)
+            *psign = lu != NULL ? lu->sig : NID_undef;
+        if (phash != NULL)
+            *phash = lu != NULL ? lu->hash : NID_undef;
+        if (psignhash != NULL)
+            *psignhash = lu != NULL ? lu->sigandhash : NID_undef;
+    }
+    return (int)numsigalgs;
+}
+
+int SSL_get_shared_sigalgs(SSL *s, int idx,
+                           int *psign, int *phash, int *psignhash,
+                           unsigned char *rsig, unsigned char *rhash)
+{
+    const SIGALG_LOOKUP *shsigalgs;
+    if (s->cert->shared_sigalgs == NULL
+        || idx < 0
+        || idx >= (int)s->cert->shared_sigalgslen
+        || s->cert->shared_sigalgslen > INT_MAX)
+        return 0;
+    shsigalgs = s->cert->shared_sigalgs[idx];
+    if (phash != NULL)
+        *phash = shsigalgs->hash;
+    if (psign != NULL)
+        *psign = shsigalgs->sig;
+    if (psignhash != NULL)
+        *psignhash = shsigalgs->sigandhash;
+    if (rsig != NULL)
+        *rsig = (unsigned char)(shsigalgs->sigalg & 0xff);
+    if (rhash != NULL)
+        *rhash = (unsigned char)((shsigalgs->sigalg >> 8) & 0xff);
+    return (int)s->cert->shared_sigalgslen;
+}
+
+/* Maximum possible number of unique entries in sigalgs array */
+#define TLS_MAX_SIGALGCNT (OSSL_NELEM(sigalg_lookup_tbl) * 2)
+
+typedef struct {
+    size_t sigalgcnt;
+    /* TLSEXT_SIGALG_XXX values */
+    uint16_t sigalgs[TLS_MAX_SIGALGCNT];
+} sig_cb_st;
+
+static void get_sigorhash(int *psig, int *phash, const char *str)
+{
+    if (strcmp(str, "RSA") == 0) {
+        *psig = EVP_PKEY_RSA;
+    } else if (strcmp(str, "RSA-PSS") == 0 || strcmp(str, "PSS") == 0) {
+        *psig = EVP_PKEY_RSA_PSS;
+    } else if (strcmp(str, "DSA") == 0) {
+        *psig = EVP_PKEY_DSA;
+    } else if (strcmp(str, "ECDSA") == 0) {
+        *psig = EVP_PKEY_EC;
+    } else {
+        *phash = OBJ_sn2nid(str);
+        if (*phash == NID_undef)
+            *phash = OBJ_ln2nid(str);
+    }
+}
+/* Maximum length of a signature algorithm string component */
+#define TLS_MAX_SIGSTRING_LEN   40
+
+static int sig_cb(const char *elem, int len, void *arg)
+{
+    sig_cb_st *sarg = arg;
+    size_t i;
+    const SIGALG_LOOKUP *s;
+    char etmp[TLS_MAX_SIGSTRING_LEN], *p;
+    int sig_alg = NID_undef, hash_alg = NID_undef;
+    if (elem == NULL)
+        return 0;
+    if (sarg->sigalgcnt == TLS_MAX_SIGALGCNT)
+        return 0;
+    if (len > (int)(sizeof(etmp) - 1))
+        return 0;
+    memcpy(etmp, elem, len);
+    etmp[len] = 0;
+    p = strchr(etmp, '+');
+    /*
+     * We only allow SignatureSchemes listed in the sigalg_lookup_tbl;
+     * if there's no '+' in the provided name, look for the new-style combined
+     * name.  If not, match both sig+hash to find the needed SIGALG_LOOKUP.
+     * Just sig+hash is not unique since TLS 1.3 adds rsa_pss_pss_* and
+     * rsa_pss_rsae_* that differ only by public key OID; in such cases
+     * we will pick the _rsae_ variant, by virtue of them appearing earlier
+     * in the table.
+     */
+    if (p == NULL) {
+        for (i = 0, s = sigalg_lookup_tbl; i < OSSL_NELEM(sigalg_lookup_tbl);
+             i++, s++) {
+            if (s->name != NULL && strcmp(etmp, s->name) == 0) {
+                sarg->sigalgs[sarg->sigalgcnt++] = s->sigalg;
+                break;
+            }
+        }
+        if (i == OSSL_NELEM(sigalg_lookup_tbl))
+            return 0;
+    } else {
+        *p = 0;
+        p++;
+        if (*p == 0)
+            return 0;
+        get_sigorhash(&sig_alg, &hash_alg, etmp);
+        get_sigorhash(&sig_alg, &hash_alg, p);
+        if (sig_alg == NID_undef || hash_alg == NID_undef)
+            return 0;
+        for (i = 0, s = sigalg_lookup_tbl; i < OSSL_NELEM(sigalg_lookup_tbl);
+             i++, s++) {
+            if (s->hash == hash_alg && s->sig == sig_alg) {
+                sarg->sigalgs[sarg->sigalgcnt++] = s->sigalg;
+                break;
+            }
+        }
+        if (i == OSSL_NELEM(sigalg_lookup_tbl))
+            return 0;
+    }
+
+    /* Reject duplicates */
+    for (i = 0; i < sarg->sigalgcnt - 1; i++) {
+        if (sarg->sigalgs[i] == sarg->sigalgs[sarg->sigalgcnt - 1]) {
+            sarg->sigalgcnt--;
+            return 0;
+        }
+    }
+    return 1;
+}
+
+/*
+ * Set supported signature algorithms based on a colon separated list of the
+ * form sig+hash e.g. RSA+SHA512:DSA+SHA512
+ */
+int tls1_set_sigalgs_list(CERT *c, const char *str, int client)
+{
+    sig_cb_st sig;
+    sig.sigalgcnt = 0;
+    if (!CONF_parse_list(str, ':', 1, sig_cb, &sig))
+        return 0;
+    if (c == NULL)
+        return 1;
+    return tls1_set_raw_sigalgs(c, sig.sigalgs, sig.sigalgcnt, client);
+}
+
+int tls1_set_raw_sigalgs(CERT *c, const uint16_t *psigs, size_t salglen,
+                     int client)
+{
+    uint16_t *sigalgs;
+
+    if ((sigalgs = OPENSSL_malloc(salglen * sizeof(*sigalgs))) == NULL) {
+        SSLerr(SSL_F_TLS1_SET_RAW_SIGALGS, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    memcpy(sigalgs, psigs, salglen * sizeof(*sigalgs));
+
+    if (client) {
+        OPENSSL_free(c->client_sigalgs);
+        c->client_sigalgs = sigalgs;
+        c->client_sigalgslen = salglen;
+    } else {
+        OPENSSL_free(c->conf_sigalgs);
+        c->conf_sigalgs = sigalgs;
+        c->conf_sigalgslen = salglen;
+    }
+
+    return 1;
+}
+
+int tls1_set_sigalgs(CERT *c, const int *psig_nids, size_t salglen, int client)
+{
+    uint16_t *sigalgs, *sptr;
+    size_t i;
+
+    if (salglen & 1)
+        return 0;
+    if ((sigalgs = OPENSSL_malloc((salglen / 2) * sizeof(*sigalgs))) == NULL) {
+        SSLerr(SSL_F_TLS1_SET_SIGALGS, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    for (i = 0, sptr = sigalgs; i < salglen; i += 2) {
+        size_t j;
+        const SIGALG_LOOKUP *curr;
+        int md_id = *psig_nids++;
+        int sig_id = *psig_nids++;
+
+        for (j = 0, curr = sigalg_lookup_tbl; j < OSSL_NELEM(sigalg_lookup_tbl);
+             j++, curr++) {
+            if (curr->hash == md_id && curr->sig == sig_id) {
+                *sptr++ = curr->sigalg;
+                break;
+            }
+        }
+
+        if (j == OSSL_NELEM(sigalg_lookup_tbl))
+            goto err;
+    }
+
+    if (client) {
+        OPENSSL_free(c->client_sigalgs);
+        c->client_sigalgs = sigalgs;
+        c->client_sigalgslen = salglen / 2;
+    } else {
+        OPENSSL_free(c->conf_sigalgs);
+        c->conf_sigalgs = sigalgs;
+        c->conf_sigalgslen = salglen / 2;
+    }
+
+    return 1;
+
+ err:
+    OPENSSL_free(sigalgs);
+    return 0;
+}
+
+static int tls1_check_sig_alg(CERT *c, X509 *x, int default_nid)
+{
+    int sig_nid;
+    size_t i;
+    if (default_nid == -1)
+        return 1;
+    sig_nid = X509_get_signature_nid(x);
+    if (default_nid)
+        return sig_nid == default_nid ? 1 : 0;
+    for (i = 0; i < c->shared_sigalgslen; i++)
+        if (sig_nid == c->shared_sigalgs[i]->sigandhash)
+            return 1;
+    return 0;
+}
+
+/* Check to see if a certificate issuer name matches list of CA names */
+static int ssl_check_ca_name(STACK_OF(X509_NAME) *names, X509 *x)
+{
+    X509_NAME *nm;
+    int i;
+    nm = X509_get_issuer_name(x);
+    for (i = 0; i < sk_X509_NAME_num(names); i++) {
+        if (!X509_NAME_cmp(nm, sk_X509_NAME_value(names, i)))
+            return 1;
+    }
+    return 0;
+}
+
+/*
+ * Check certificate chain is consistent with TLS extensions and is usable by
+ * server. This servers two purposes: it allows users to check chains before
+ * passing them to the server and it allows the server to check chains before
+ * attempting to use them.
+ */
+
+/* Flags which need to be set for a certificate when strict mode not set */
+
+#define CERT_PKEY_VALID_FLAGS \
+        (CERT_PKEY_EE_SIGNATURE|CERT_PKEY_EE_PARAM)
+/* Strict mode flags */
+#define CERT_PKEY_STRICT_FLAGS \
+         (CERT_PKEY_VALID_FLAGS|CERT_PKEY_CA_SIGNATURE|CERT_PKEY_CA_PARAM \
+         | CERT_PKEY_ISSUER_NAME|CERT_PKEY_CERT_TYPE)
+
+int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
+                     int idx)
+{
+    int i;
+    int rv = 0;
+    int check_flags = 0, strict_mode;
+    CERT_PKEY *cpk = NULL;
+    CERT *c = s->cert;
+    uint32_t *pvalid;
+    unsigned int suiteb_flags = tls1_suiteb(s);
+    /* idx == -1 means checking server chains */
+    if (idx != -1) {
+        /* idx == -2 means checking client certificate chains */
+        if (idx == -2) {
+            cpk = c->key;
+            idx = (int)(cpk - c->pkeys);
+        } else
+            cpk = c->pkeys + idx;
+        pvalid = s->s3->tmp.valid_flags + idx;
+        x = cpk->x509;
+        pk = cpk->privatekey;
+        chain = cpk->chain;
+        strict_mode = c->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT;
+        /* If no cert or key, forget it */
+        if (!x || !pk)
+            goto end;
+    } else {
+        size_t certidx;
+
+        if (!x || !pk)
+            return 0;
+
+        if (ssl_cert_lookup_by_pkey(pk, &certidx) == NULL)
+            return 0;
+        idx = certidx;
+        pvalid = s->s3->tmp.valid_flags + idx;
+
+        if (c->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT)
+            check_flags = CERT_PKEY_STRICT_FLAGS;
+        else
+            check_flags = CERT_PKEY_VALID_FLAGS;
+        strict_mode = 1;
+    }
+
+    if (suiteb_flags) {
+        int ok;
+        if (check_flags)
+            check_flags |= CERT_PKEY_SUITEB;
+        ok = X509_chain_check_suiteb(NULL, x, chain, suiteb_flags);
+        if (ok == X509_V_OK)
+            rv |= CERT_PKEY_SUITEB;
+        else if (!check_flags)
+            goto end;
+    }
+
+    /*
+     * Check all signature algorithms are consistent with signature
+     * algorithms extension if TLS 1.2 or later and strict mode.
+     */
+    if (TLS1_get_version(s) >= TLS1_2_VERSION && strict_mode) {
+        int default_nid;
+        int rsign = 0;
+        if (s->s3->tmp.peer_cert_sigalgs != NULL
+                || s->s3->tmp.peer_sigalgs != NULL) {
+            default_nid = 0;
+        /* If no sigalgs extension use defaults from RFC5246 */
+        } else {
+            switch (idx) {
+            case SSL_PKEY_RSA:
+                rsign = EVP_PKEY_RSA;
+                default_nid = NID_sha1WithRSAEncryption;
+                break;
+
+            case SSL_PKEY_DSA_SIGN:
+                rsign = EVP_PKEY_DSA;
+                default_nid = NID_dsaWithSHA1;
+                break;
+
+            case SSL_PKEY_ECC:
+                rsign = EVP_PKEY_EC;
+                default_nid = NID_ecdsa_with_SHA1;
+                break;
+
+            case SSL_PKEY_GOST01:
+                rsign = NID_id_GostR3410_2001;
+                default_nid = NID_id_GostR3411_94_with_GostR3410_2001;
+                break;
+
+            case SSL_PKEY_GOST12_256:
+                rsign = NID_id_GostR3410_2012_256;
+                default_nid = NID_id_tc26_signwithdigest_gost3410_2012_256;
+                break;
+
+            case SSL_PKEY_GOST12_512:
+                rsign = NID_id_GostR3410_2012_512;
+                default_nid = NID_id_tc26_signwithdigest_gost3410_2012_512;
+                break;
+
+            default:
+                default_nid = -1;
+                break;
+            }
+        }
+        /*
+         * If peer sent no signature algorithms extension and we have set
+         * preferred signature algorithms check we support sha1.
+         */
+        if (default_nid > 0 && c->conf_sigalgs) {
+            size_t j;
+            const uint16_t *p = c->conf_sigalgs;
+            for (j = 0; j < c->conf_sigalgslen; j++, p++) {
+                const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(*p);
+
+                if (lu != NULL && lu->hash == NID_sha1 && lu->sig == rsign)
+                    break;
+            }
+            if (j == c->conf_sigalgslen) {
+                if (check_flags)
+                    goto skip_sigs;
+                else
+                    goto end;
+            }
+        }
+        /* Check signature algorithm of each cert in chain */
+        if (!tls1_check_sig_alg(c, x, default_nid)) {
+            if (!check_flags)
+                goto end;
+        } else
+            rv |= CERT_PKEY_EE_SIGNATURE;
+        rv |= CERT_PKEY_CA_SIGNATURE;
+        for (i = 0; i < sk_X509_num(chain); i++) {
+            if (!tls1_check_sig_alg(c, sk_X509_value(chain, i), default_nid)) {
+                if (check_flags) {
+                    rv &= ~CERT_PKEY_CA_SIGNATURE;
+                    break;
+                } else
+                    goto end;
+            }
+        }
+    }
+    /* Else not TLS 1.2, so mark EE and CA signing algorithms OK */
+    else if (check_flags)
+        rv |= CERT_PKEY_EE_SIGNATURE | CERT_PKEY_CA_SIGNATURE;
+ skip_sigs:
+    /* Check cert parameters are consistent */
+    if (tls1_check_cert_param(s, x, 1))
+        rv |= CERT_PKEY_EE_PARAM;
+    else if (!check_flags)
+        goto end;
+    if (!s->server)
+        rv |= CERT_PKEY_CA_PARAM;
+    /* In strict mode check rest of chain too */
+    else if (strict_mode) {
+        rv |= CERT_PKEY_CA_PARAM;
+        for (i = 0; i < sk_X509_num(chain); i++) {
+            X509 *ca = sk_X509_value(chain, i);
+            if (!tls1_check_cert_param(s, ca, 0)) {
+                if (check_flags) {
+                    rv &= ~CERT_PKEY_CA_PARAM;
+                    break;
+                } else
+                    goto end;
+            }
+        }
+    }
+    if (!s->server && strict_mode) {
+        STACK_OF(X509_NAME) *ca_dn;
+        int check_type = 0;
+        switch (EVP_PKEY_id(pk)) {
+        case EVP_PKEY_RSA:
+            check_type = TLS_CT_RSA_SIGN;
+            break;
+        case EVP_PKEY_DSA:
+            check_type = TLS_CT_DSS_SIGN;
+            break;
+        case EVP_PKEY_EC:
+            check_type = TLS_CT_ECDSA_SIGN;
+            break;
+        }
+        if (check_type) {
+            const uint8_t *ctypes = s->s3->tmp.ctype;
+            size_t j;
+
+            for (j = 0; j < s->s3->tmp.ctype_len; j++, ctypes++) {
+                if (*ctypes == check_type) {
+                    rv |= CERT_PKEY_CERT_TYPE;
+                    break;
+                }
+            }
+            if (!(rv & CERT_PKEY_CERT_TYPE) && !check_flags)
+                goto end;
+        } else {
+            rv |= CERT_PKEY_CERT_TYPE;
+        }
+
+        ca_dn = s->s3->tmp.peer_ca_names;
+
+        if (!sk_X509_NAME_num(ca_dn))
+            rv |= CERT_PKEY_ISSUER_NAME;
+
+        if (!(rv & CERT_PKEY_ISSUER_NAME)) {
+            if (ssl_check_ca_name(ca_dn, x))
+                rv |= CERT_PKEY_ISSUER_NAME;
+        }
+        if (!(rv & CERT_PKEY_ISSUER_NAME)) {
+            for (i = 0; i < sk_X509_num(chain); i++) {
+                X509 *xtmp = sk_X509_value(chain, i);
+                if (ssl_check_ca_name(ca_dn, xtmp)) {
+                    rv |= CERT_PKEY_ISSUER_NAME;
+                    break;
+                }
+            }
+        }
+        if (!check_flags && !(rv & CERT_PKEY_ISSUER_NAME))
+            goto end;
+    } else
+        rv |= CERT_PKEY_ISSUER_NAME | CERT_PKEY_CERT_TYPE;
+
+    if (!check_flags || (rv & check_flags) == check_flags)
+        rv |= CERT_PKEY_VALID;
+
+ end:
+
+    if (TLS1_get_version(s) >= TLS1_2_VERSION)
+        rv |= *pvalid & (CERT_PKEY_EXPLICIT_SIGN | CERT_PKEY_SIGN);
+    else
+        rv |= CERT_PKEY_SIGN | CERT_PKEY_EXPLICIT_SIGN;
+
+    /*
+     * When checking a CERT_PKEY structure all flags are irrelevant if the
+     * chain is invalid.
+     */
+    if (!check_flags) {
+        if (rv & CERT_PKEY_VALID) {
+            *pvalid = rv;
+        } else {
+            /* Preserve sign and explicit sign flag, clear rest */
+            *pvalid &= CERT_PKEY_EXPLICIT_SIGN | CERT_PKEY_SIGN;
+            return 0;
+        }
+    }
+    return rv;
+}
+
+/* Set validity of certificates in an SSL structure */
+void tls1_set_cert_validity(SSL *s)
+{
+    tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_RSA);
+    tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_RSA_PSS_SIGN);
+    tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_DSA_SIGN);
+    tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_ECC);
+    tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_GOST01);
+    tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_GOST12_256);
+    tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_GOST12_512);
+    tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_ED25519);
+    tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_ED448);
+}
+
+/* User level utility function to check a chain is suitable */
+int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain)
+{
+    return tls1_check_chain(s, x, pk, chain, -1);
+}
+
+#ifndef OPENSSL_NO_DH
+DH *ssl_get_auto_dh(SSL *s)
+{
+    int dh_secbits = 80;
+    if (s->cert->dh_tmp_auto == 2)
+        return DH_get_1024_160();
+    if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aPSK)) {
+        if (s->s3->tmp.new_cipher->strength_bits == 256)
+            dh_secbits = 128;
+        else
+            dh_secbits = 80;
+    } else {
+        if (s->s3->tmp.cert == NULL)
+            return NULL;
+        dh_secbits = EVP_PKEY_security_bits(s->s3->tmp.cert->privatekey);
+    }
+
+    if (dh_secbits >= 128) {
+        DH *dhp = DH_new();
+        BIGNUM *p, *g;
+        if (dhp == NULL)
+            return NULL;
+        g = BN_new();
+        if (g == NULL || !BN_set_word(g, 2)) {
+            DH_free(dhp);
+            BN_free(g);
+            return NULL;
+        }
+        if (dh_secbits >= 192)
+            p = BN_get_rfc3526_prime_8192(NULL);
+        else
+            p = BN_get_rfc3526_prime_3072(NULL);
+        if (p == NULL || !DH_set0_pqg(dhp, p, NULL, g)) {
+            DH_free(dhp);
+            BN_free(p);
+            BN_free(g);
+            return NULL;
+        }
+        return dhp;
+    }
+    if (dh_secbits >= 112)
+        return DH_get_2048_224();
+    return DH_get_1024_160();
+}
+#endif
+
+static int ssl_security_cert_key(SSL *s, SSL_CTX *ctx, X509 *x, int op)
+{
+    int secbits = -1;
+    EVP_PKEY *pkey = X509_get0_pubkey(x);
+    if (pkey) {
+        /*
+         * If no parameters this will return -1 and fail using the default
+         * security callback for any non-zero security level. This will
+         * reject keys which omit parameters but this only affects DSA and
+         * omission of parameters is never (?) done in practice.
+         */
+        secbits = EVP_PKEY_security_bits(pkey);
+    }
+    if (s)
+        return ssl_security(s, op, secbits, 0, x);
+    else
+        return ssl_ctx_security(ctx, op, secbits, 0, x);
+}
+
+static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op)
+{
+    /* Lookup signature algorithm digest */
+    int secbits, nid, pknid;
+    /* Don't check signature if self signed */
+    if ((X509_get_extension_flags(x) & EXFLAG_SS) != 0)
+        return 1;
+    if (!X509_get_signature_info(x, &nid, &pknid, &secbits, NULL))
+        secbits = -1;
+    /* If digest NID not defined use signature NID */
+    if (nid == NID_undef)
+        nid = pknid;
+    if (s)
+        return ssl_security(s, op, secbits, nid, x);
+    else
+        return ssl_ctx_security(ctx, op, secbits, nid, x);
+}
+
+int ssl_security_cert(SSL *s, SSL_CTX *ctx, X509 *x, int vfy, int is_ee)
+{
+    if (vfy)
+        vfy = SSL_SECOP_PEER;
+    if (is_ee) {
+        if (!ssl_security_cert_key(s, ctx, x, SSL_SECOP_EE_KEY | vfy))
+            return SSL_R_EE_KEY_TOO_SMALL;
+    } else {
+        if (!ssl_security_cert_key(s, ctx, x, SSL_SECOP_CA_KEY | vfy))
+            return SSL_R_CA_KEY_TOO_SMALL;
+    }
+    if (!ssl_security_cert_sig(s, ctx, x, SSL_SECOP_CA_MD | vfy))
+        return SSL_R_CA_MD_TOO_WEAK;
+    return 1;
+}
+
+/*
+ * Check security of a chain, if |sk| includes the end entity certificate then
+ * |x| is NULL. If |vfy| is 1 then we are verifying a peer chain and not sending
+ * one to the peer. Return values: 1 if ok otherwise error code to use
+ */
+
+int ssl_security_cert_chain(SSL *s, STACK_OF(X509) *sk, X509 *x, int vfy)
+{
+    int rv, start_idx, i;
+    if (x == NULL) {
+        x = sk_X509_value(sk, 0);
+        start_idx = 1;
+    } else
+        start_idx = 0;
+
+    rv = ssl_security_cert(s, NULL, x, vfy, 1);
+    if (rv != 1)
+        return rv;
+
+    for (i = start_idx; i < sk_X509_num(sk); i++) {
+        x = sk_X509_value(sk, i);
+        rv = ssl_security_cert(s, NULL, x, vfy, 0);
+        if (rv != 1)
+            return rv;
+    }
+    return 1;
+}
+
+/*
+ * For TLS 1.2 servers check if we have a certificate which can be used
+ * with the signature algorithm "lu" and return index of certificate.
+ */
+
+static int tls12_get_cert_sigalg_idx(const SSL *s, const SIGALG_LOOKUP *lu)
+{
+    int sig_idx = lu->sig_idx;
+    const SSL_CERT_LOOKUP *clu = ssl_cert_lookup_by_idx(sig_idx);
+
+    /* If not recognised or not supported by cipher mask it is not suitable */
+    if (clu == NULL
+            || (clu->amask & s->s3->tmp.new_cipher->algorithm_auth) == 0
+            || (clu->nid == EVP_PKEY_RSA_PSS
+                && (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kRSA) != 0))
+        return -1;
+
+    return s->s3->tmp.valid_flags[sig_idx] & CERT_PKEY_VALID ? sig_idx : -1;
+}
+
+/*
+ * Returns true if |s| has a usable certificate configured for use
+ * with signature scheme |sig|.
+ * "Usable" includes a check for presence as well as applying
+ * the signature_algorithm_cert restrictions sent by the peer (if any).
+ * Returns false if no usable certificate is found.
+ */
+static int has_usable_cert(SSL *s, const SIGALG_LOOKUP *sig, int idx)
+{
+    const SIGALG_LOOKUP *lu;
+    int mdnid, pknid, default_mdnid;
+    int mandatory_md = 0;
+    size_t i;
+
+    /* TLS 1.2 callers can override lu->sig_idx, but not TLS 1.3 callers. */
+    if (idx == -1)
+        idx = sig->sig_idx;
+    if (!ssl_has_cert(s, idx))
+        return 0;
+    /* If the EVP_PKEY reports a mandatory digest, allow nothing else. */
+    ERR_set_mark();
+    switch (EVP_PKEY_get_default_digest_nid(s->cert->pkeys[idx].privatekey,
+                                            &default_mdnid)) {
+    case 2:
+        mandatory_md = 1;
+        break;
+    case 1:
+        break;
+    default: /* If it didn't report a mandatory NID, for whatever reasons,
+              * just clear the error and allow all hashes to be used. */
+        ERR_pop_to_mark();
+    }
+    if (s->s3->tmp.peer_cert_sigalgs != NULL) {
+        for (i = 0; i < s->s3->tmp.peer_cert_sigalgslen; i++) {
+            lu = tls1_lookup_sigalg(s->s3->tmp.peer_cert_sigalgs[i]);
+            if (lu == NULL
+                || !X509_get_signature_info(s->cert->pkeys[idx].x509, &mdnid,
+                                            &pknid, NULL, NULL)
+                || (mandatory_md && mdnid != default_mdnid))
+                continue;
+            /*
+             * TODO this does not differentiate between the
+             * rsa_pss_pss_* and rsa_pss_rsae_* schemes since we do not
+             * have a chain here that lets us look at the key OID in the
+             * signing certificate.
+             */
+            if (mdnid == lu->hash && pknid == lu->sig)
+                return 1;
+        }
+        return 0;
+    }
+    return !mandatory_md || sig->hash == default_mdnid;
+}
+
+/*
+ * Choose an appropriate signature algorithm based on available certificates
+ * Sets chosen certificate and signature algorithm.
+ *
+ * For servers if we fail to find a required certificate it is a fatal error,
+ * an appropriate error code is set and a TLS alert is sent.
+ *
+ * For clients fatalerrs is set to 0. If a certificate is not suitable it is not
+ * a fatal error: we will either try another certificate or not present one
+ * to the server. In this case no error is set.
+ */
+int tls_choose_sigalg(SSL *s, int fatalerrs)
+{
+    const SIGALG_LOOKUP *lu = NULL;
+    int sig_idx = -1;
+
+    s->s3->tmp.cert = NULL;
+    s->s3->tmp.sigalg = NULL;
+
+    if (SSL_IS_TLS13(s)) {
+        size_t i;
+#ifndef OPENSSL_NO_EC
+        int curve = -1;
+#endif
+
+        /* Look for a certificate matching shared sigalgs */
+        for (i = 0; i < s->cert->shared_sigalgslen; i++) {
+            lu = s->cert->shared_sigalgs[i];
+            sig_idx = -1;
+
+            /* Skip SHA1, SHA224, DSA and RSA if not PSS */
+            if (lu->hash == NID_sha1
+                || lu->hash == NID_sha224
+                || lu->sig == EVP_PKEY_DSA
+                || lu->sig == EVP_PKEY_RSA)
+                continue;
+            /* Check that we have a cert, and signature_algorithms_cert */
+            if (!tls1_lookup_md(lu, NULL) || !has_usable_cert(s, lu, -1))
+                continue;
+            if (lu->sig == EVP_PKEY_EC) {
+#ifndef OPENSSL_NO_EC
+                if (curve == -1) {
+                    EC_KEY *ec = EVP_PKEY_get0_EC_KEY(s->cert->pkeys[SSL_PKEY_ECC].privatekey);
+
+                    curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
+                }
+                if (lu->curve != NID_undef && curve != lu->curve)
+                    continue;
+#else
+                continue;
+#endif
+            } else if (lu->sig == EVP_PKEY_RSA_PSS) {
+                /* validate that key is large enough for the signature algorithm */
+                EVP_PKEY *pkey;
+
+                pkey = s->cert->pkeys[lu->sig_idx].privatekey;
+                if (!rsa_pss_check_min_key_size(EVP_PKEY_get0(pkey), lu))
+                    continue;
+            }
+            break;
+        }
+        if (i == s->cert->shared_sigalgslen) {
+            if (!fatalerrs)
+                return 1;
+            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_CHOOSE_SIGALG,
+                     SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM);
+            return 0;
+        }
+    } else {
+        /* If ciphersuite doesn't require a cert nothing to do */
+        if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aCERT))
+            return 1;
+        if (!s->server && !ssl_has_cert(s, s->cert->key - s->cert->pkeys))
+                return 1;
+
+        if (SSL_USE_SIGALGS(s)) {
+            size_t i;
+            if (s->s3->tmp.peer_sigalgs != NULL) {
+#ifndef OPENSSL_NO_EC
+                int curve;
+
+                /* For Suite B need to match signature algorithm to curve */
+                if (tls1_suiteb(s)) {
+                    EC_KEY *ec = EVP_PKEY_get0_EC_KEY(s->cert->pkeys[SSL_PKEY_ECC].privatekey);
+                    curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
+                } else {
+                    curve = -1;
+                }
+#endif
+
+                /*
+                 * Find highest preference signature algorithm matching
+                 * cert type
+                 */
+                for (i = 0; i < s->cert->shared_sigalgslen; i++) {
+                    lu = s->cert->shared_sigalgs[i];
+
+                    if (s->server) {
+                        if ((sig_idx = tls12_get_cert_sigalg_idx(s, lu)) == -1)
+                            continue;
+                    } else {
+                        int cc_idx = s->cert->key - s->cert->pkeys;
+
+                        sig_idx = lu->sig_idx;
+                        if (cc_idx != sig_idx)
+                            continue;
+                    }
+                    /* Check that we have a cert, and sig_algs_cert */
+                    if (!has_usable_cert(s, lu, sig_idx))
+                        continue;
+                    if (lu->sig == EVP_PKEY_RSA_PSS) {
+                        /* validate that key is large enough for the signature algorithm */
+                        EVP_PKEY *pkey = s->cert->pkeys[sig_idx].privatekey;
+
+                        if (!rsa_pss_check_min_key_size(EVP_PKEY_get0(pkey), lu))
+                            continue;
+                    }
+#ifndef OPENSSL_NO_EC
+                    if (curve == -1 || lu->curve == curve)
+#endif
+                        break;
+                }
+                if (i == s->cert->shared_sigalgslen) {
+                    if (!fatalerrs)
+                        return 1;
+                    SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                             SSL_F_TLS_CHOOSE_SIGALG,
+                             SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM);
+                    return 0;
+                }
+            } else {
+                /*
+                 * If we have no sigalg use defaults
+                 */
+                const uint16_t *sent_sigs;
+                size_t sent_sigslen;
+
+                if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) {
+                    if (!fatalerrs)
+                        return 1;
+                    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CHOOSE_SIGALG,
+                             ERR_R_INTERNAL_ERROR);
+                    return 0;
+                }
+
+                /* Check signature matches a type we sent */
+                sent_sigslen = tls12_get_psigalgs(s, 1, &sent_sigs);
+                for (i = 0; i < sent_sigslen; i++, sent_sigs++) {
+                    if (lu->sigalg == *sent_sigs
+                            && has_usable_cert(s, lu, lu->sig_idx))
+                        break;
+                }
+                if (i == sent_sigslen) {
+                    if (!fatalerrs)
+                        return 1;
+                    SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                             SSL_F_TLS_CHOOSE_SIGALG,
+                             SSL_R_WRONG_SIGNATURE_TYPE);
+                    return 0;
+                }
+            }
+        } else {
+            if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) {
+                if (!fatalerrs)
+                    return 1;
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CHOOSE_SIGALG,
+                         ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+        }
+    }
+    if (sig_idx == -1)
+        sig_idx = lu->sig_idx;
+    s->s3->tmp.cert = &s->cert->pkeys[sig_idx];
+    s->cert->key = s->s3->tmp.cert;
+    s->s3->tmp.sigalg = lu;
+    return 1;
+}
+
+int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode)
+{
+    if (mode != TLSEXT_max_fragment_length_DISABLED
+            && !IS_MAX_FRAGMENT_LENGTH_EXT_VALID(mode)) {
+        SSLerr(SSL_F_SSL_CTX_SET_TLSEXT_MAX_FRAGMENT_LENGTH,
+               SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH);
+        return 0;
+    }
+
+    ctx->ext.max_fragment_len_mode = mode;
+    return 1;
+}
+
+int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode)
+{
+    if (mode != TLSEXT_max_fragment_length_DISABLED
+            && !IS_MAX_FRAGMENT_LENGTH_EXT_VALID(mode)) {
+        SSLerr(SSL_F_SSL_SET_TLSEXT_MAX_FRAGMENT_LENGTH,
+               SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH);
+        return 0;
+    }
+
+    ssl->ext.max_fragment_len_mode = mode;
+    return 1;
+}
+
+uint8_t SSL_SESSION_get_max_fragment_length(const SSL_SESSION *session)
+{
+    return session->ext.max_fragment_len_mode;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/t1_trce.c b/trunk/3rdparty/openssl-1.1-fit/ssl/t1_trce.c
new file mode 100644
index 000000000..be3039af3
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/t1_trce.c
@@ -0,0 +1,1566 @@
+/*
+ * Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "ssl_locl.h"
+
+#ifndef OPENSSL_NO_SSL_TRACE
+
+/* Packet trace support for OpenSSL */
+
+typedef struct {
+    int num;
+    const char *name;
+} ssl_trace_tbl;
+
+# define ssl_trace_str(val, tbl) \
+    do_ssl_trace_str(val, tbl, OSSL_NELEM(tbl))
+
+# define ssl_trace_list(bio, indent, msg, msglen, value, table) \
+    do_ssl_trace_list(bio, indent, msg, msglen, value, \
+                      table, OSSL_NELEM(table))
+
+static const char *do_ssl_trace_str(int val, const ssl_trace_tbl *tbl,
+                                    size_t ntbl)
+{
+    size_t i;
+
+    for (i = 0; i < ntbl; i++, tbl++) {
+        if (tbl->num == val)
+            return tbl->name;
+    }
+    return "UNKNOWN";
+}
+
+static int do_ssl_trace_list(BIO *bio, int indent,
+                             const unsigned char *msg, size_t msglen,
+                             size_t vlen, const ssl_trace_tbl *tbl, size_t ntbl)
+{
+    int val;
+
+    if (msglen % vlen)
+        return 0;
+    while (msglen) {
+        val = msg[0];
+        if (vlen == 2)
+            val = (val << 8) | msg[1];
+        BIO_indent(bio, indent, 80);
+        BIO_printf(bio, "%s (%d)\n", do_ssl_trace_str(val, tbl, ntbl), val);
+        msg += vlen;
+        msglen -= vlen;
+    }
+    return 1;
+}
+
+/* Version number */
+
+static const ssl_trace_tbl ssl_version_tbl[] = {
+    {SSL3_VERSION, "SSL 3.0"},
+    {TLS1_VERSION, "TLS 1.0"},
+    {TLS1_1_VERSION, "TLS 1.1"},
+    {TLS1_2_VERSION, "TLS 1.2"},
+    {TLS1_3_VERSION, "TLS 1.3"},
+    {DTLS1_VERSION, "DTLS 1.0"},
+    {DTLS1_2_VERSION, "DTLS 1.2"},
+    {DTLS1_BAD_VER, "DTLS 1.0 (bad)"}
+};
+
+static const ssl_trace_tbl ssl_content_tbl[] = {
+    {SSL3_RT_CHANGE_CIPHER_SPEC, "ChangeCipherSpec"},
+    {SSL3_RT_ALERT, "Alert"},
+    {SSL3_RT_HANDSHAKE, "Handshake"},
+    {SSL3_RT_APPLICATION_DATA, "ApplicationData"},
+};
+
+/* Handshake types, sorted by ascending id  */
+static const ssl_trace_tbl ssl_handshake_tbl[] = {
+    {SSL3_MT_HELLO_REQUEST, "HelloRequest"},
+    {SSL3_MT_CLIENT_HELLO, "ClientHello"},
+    {SSL3_MT_SERVER_HELLO, "ServerHello"},
+    {DTLS1_MT_HELLO_VERIFY_REQUEST, "HelloVerifyRequest"},
+    {SSL3_MT_NEWSESSION_TICKET, "NewSessionTicket"},
+    {SSL3_MT_END_OF_EARLY_DATA, "EndOfEarlyData"},
+    {SSL3_MT_ENCRYPTED_EXTENSIONS, "EncryptedExtensions"},
+    {SSL3_MT_CERTIFICATE, "Certificate"},
+    {SSL3_MT_SERVER_KEY_EXCHANGE, "ServerKeyExchange"},
+    {SSL3_MT_CERTIFICATE_REQUEST, "CertificateRequest"},
+    {SSL3_MT_SERVER_DONE, "ServerHelloDone"},
+    {SSL3_MT_CERTIFICATE_VERIFY, "CertificateVerify"},
+    {SSL3_MT_CLIENT_KEY_EXCHANGE, "ClientKeyExchange"},
+    {SSL3_MT_FINISHED, "Finished"},
+    {SSL3_MT_CERTIFICATE_URL, "CertificateUrl"},
+    {SSL3_MT_CERTIFICATE_STATUS, "CertificateStatus"},
+    {SSL3_MT_SUPPLEMENTAL_DATA, "SupplementalData"},
+    {SSL3_MT_KEY_UPDATE, "KeyUpdate"},
+# ifndef OPENSSL_NO_NEXTPROTONEG
+    {SSL3_MT_NEXT_PROTO, "NextProto"},
+# endif
+    {SSL3_MT_MESSAGE_HASH, "MessageHash"}
+};
+
+/* Cipher suites */
+static const ssl_trace_tbl ssl_ciphers_tbl[] = {
+    {0x0000, "TLS_NULL_WITH_NULL_NULL"},
+    {0x0001, "TLS_RSA_WITH_NULL_MD5"},
+    {0x0002, "TLS_RSA_WITH_NULL_SHA"},
+    {0x0003, "TLS_RSA_EXPORT_WITH_RC4_40_MD5"},
+    {0x0004, "TLS_RSA_WITH_RC4_128_MD5"},
+    {0x0005, "TLS_RSA_WITH_RC4_128_SHA"},
+    {0x0006, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5"},
+    {0x0007, "TLS_RSA_WITH_IDEA_CBC_SHA"},
+    {0x0008, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA"},
+    {0x0009, "TLS_RSA_WITH_DES_CBC_SHA"},
+    {0x000A, "TLS_RSA_WITH_3DES_EDE_CBC_SHA"},
+    {0x000B, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"},
+    {0x000C, "TLS_DH_DSS_WITH_DES_CBC_SHA"},
+    {0x000D, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA"},
+    {0x000E, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"},
+    {0x000F, "TLS_DH_RSA_WITH_DES_CBC_SHA"},
+    {0x0010, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA"},
+    {0x0011, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"},
+    {0x0012, "TLS_DHE_DSS_WITH_DES_CBC_SHA"},
+    {0x0013, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA"},
+    {0x0014, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"},
+    {0x0015, "TLS_DHE_RSA_WITH_DES_CBC_SHA"},
+    {0x0016, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA"},
+    {0x0017, "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5"},
+    {0x0018, "TLS_DH_anon_WITH_RC4_128_MD5"},
+    {0x0019, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA"},
+    {0x001A, "TLS_DH_anon_WITH_DES_CBC_SHA"},
+    {0x001B, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA"},
+    {0x001D, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA"},
+    {0x001E, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA"},
+    {0x001F, "TLS_KRB5_WITH_3DES_EDE_CBC_SHA"},
+    {0x0020, "TLS_KRB5_WITH_RC4_128_SHA"},
+    {0x0021, "TLS_KRB5_WITH_IDEA_CBC_SHA"},
+    {0x0022, "TLS_KRB5_WITH_DES_CBC_MD5"},
+    {0x0023, "TLS_KRB5_WITH_3DES_EDE_CBC_MD5"},
+    {0x0024, "TLS_KRB5_WITH_RC4_128_MD5"},
+    {0x0025, "TLS_KRB5_WITH_IDEA_CBC_MD5"},
+    {0x0026, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA"},
+    {0x0027, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA"},
+    {0x0028, "TLS_KRB5_EXPORT_WITH_RC4_40_SHA"},
+    {0x0029, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5"},
+    {0x002A, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5"},
+    {0x002B, "TLS_KRB5_EXPORT_WITH_RC4_40_MD5"},
+    {0x002C, "TLS_PSK_WITH_NULL_SHA"},
+    {0x002D, "TLS_DHE_PSK_WITH_NULL_SHA"},
+    {0x002E, "TLS_RSA_PSK_WITH_NULL_SHA"},
+    {0x002F, "TLS_RSA_WITH_AES_128_CBC_SHA"},
+    {0x0030, "TLS_DH_DSS_WITH_AES_128_CBC_SHA"},
+    {0x0031, "TLS_DH_RSA_WITH_AES_128_CBC_SHA"},
+    {0x0032, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"},
+    {0x0033, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"},
+    {0x0034, "TLS_DH_anon_WITH_AES_128_CBC_SHA"},
+    {0x0035, "TLS_RSA_WITH_AES_256_CBC_SHA"},
+    {0x0036, "TLS_DH_DSS_WITH_AES_256_CBC_SHA"},
+    {0x0037, "TLS_DH_RSA_WITH_AES_256_CBC_SHA"},
+    {0x0038, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA"},
+    {0x0039, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"},
+    {0x003A, "TLS_DH_anon_WITH_AES_256_CBC_SHA"},
+    {0x003B, "TLS_RSA_WITH_NULL_SHA256"},
+    {0x003C, "TLS_RSA_WITH_AES_128_CBC_SHA256"},
+    {0x003D, "TLS_RSA_WITH_AES_256_CBC_SHA256"},
+    {0x003E, "TLS_DH_DSS_WITH_AES_128_CBC_SHA256"},
+    {0x003F, "TLS_DH_RSA_WITH_AES_128_CBC_SHA256"},
+    {0x0040, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"},
+    {0x0041, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA"},
+    {0x0042, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA"},
+    {0x0043, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA"},
+    {0x0044, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA"},
+    {0x0045, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA"},
+    {0x0046, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA"},
+    {0x0067, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"},
+    {0x0068, "TLS_DH_DSS_WITH_AES_256_CBC_SHA256"},
+    {0x0069, "TLS_DH_RSA_WITH_AES_256_CBC_SHA256"},
+    {0x006A, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"},
+    {0x006B, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"},
+    {0x006C, "TLS_DH_anon_WITH_AES_128_CBC_SHA256"},
+    {0x006D, "TLS_DH_anon_WITH_AES_256_CBC_SHA256"},
+    {0x0081, "TLS_GOSTR341001_WITH_28147_CNT_IMIT"},
+    {0x0083, "TLS_GOSTR341001_WITH_NULL_GOSTR3411"},
+    {0x0084, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA"},
+    {0x0085, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA"},
+    {0x0086, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA"},
+    {0x0087, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA"},
+    {0x0088, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA"},
+    {0x0089, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA"},
+    {0x008A, "TLS_PSK_WITH_RC4_128_SHA"},
+    {0x008B, "TLS_PSK_WITH_3DES_EDE_CBC_SHA"},
+    {0x008C, "TLS_PSK_WITH_AES_128_CBC_SHA"},
+    {0x008D, "TLS_PSK_WITH_AES_256_CBC_SHA"},
+    {0x008E, "TLS_DHE_PSK_WITH_RC4_128_SHA"},
+    {0x008F, "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA"},
+    {0x0090, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA"},
+    {0x0091, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA"},
+    {0x0092, "TLS_RSA_PSK_WITH_RC4_128_SHA"},
+    {0x0093, "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA"},
+    {0x0094, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA"},
+    {0x0095, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA"},
+    {0x0096, "TLS_RSA_WITH_SEED_CBC_SHA"},
+    {0x0097, "TLS_DH_DSS_WITH_SEED_CBC_SHA"},
+    {0x0098, "TLS_DH_RSA_WITH_SEED_CBC_SHA"},
+    {0x0099, "TLS_DHE_DSS_WITH_SEED_CBC_SHA"},
+    {0x009A, "TLS_DHE_RSA_WITH_SEED_CBC_SHA"},
+    {0x009B, "TLS_DH_anon_WITH_SEED_CBC_SHA"},
+    {0x009C, "TLS_RSA_WITH_AES_128_GCM_SHA256"},
+    {0x009D, "TLS_RSA_WITH_AES_256_GCM_SHA384"},
+    {0x009E, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"},
+    {0x009F, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"},
+    {0x00A0, "TLS_DH_RSA_WITH_AES_128_GCM_SHA256"},
+    {0x00A1, "TLS_DH_RSA_WITH_AES_256_GCM_SHA384"},
+    {0x00A2, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256"},
+    {0x00A3, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384"},
+    {0x00A4, "TLS_DH_DSS_WITH_AES_128_GCM_SHA256"},
+    {0x00A5, "TLS_DH_DSS_WITH_AES_256_GCM_SHA384"},
+    {0x00A6, "TLS_DH_anon_WITH_AES_128_GCM_SHA256"},
+    {0x00A7, "TLS_DH_anon_WITH_AES_256_GCM_SHA384"},
+    {0x00A8, "TLS_PSK_WITH_AES_128_GCM_SHA256"},
+    {0x00A9, "TLS_PSK_WITH_AES_256_GCM_SHA384"},
+    {0x00AA, "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256"},
+    {0x00AB, "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384"},
+    {0x00AC, "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256"},
+    {0x00AD, "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384"},
+    {0x00AE, "TLS_PSK_WITH_AES_128_CBC_SHA256"},
+    {0x00AF, "TLS_PSK_WITH_AES_256_CBC_SHA384"},
+    {0x00B0, "TLS_PSK_WITH_NULL_SHA256"},
+    {0x00B1, "TLS_PSK_WITH_NULL_SHA384"},
+    {0x00B2, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256"},
+    {0x00B3, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384"},
+    {0x00B4, "TLS_DHE_PSK_WITH_NULL_SHA256"},
+    {0x00B5, "TLS_DHE_PSK_WITH_NULL_SHA384"},
+    {0x00B6, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256"},
+    {0x00B7, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384"},
+    {0x00B8, "TLS_RSA_PSK_WITH_NULL_SHA256"},
+    {0x00B9, "TLS_RSA_PSK_WITH_NULL_SHA384"},
+    {0x00BA, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0x00BB, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0x00BC, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0x00BD, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0x00BE, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0x00BF, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0x00C0, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256"},
+    {0x00C1, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256"},
+    {0x00C2, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256"},
+    {0x00C3, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256"},
+    {0x00C4, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256"},
+    {0x00C5, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256"},
+    {0x00FF, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"},
+    {0x5600, "TLS_FALLBACK_SCSV"},
+    {0xC001, "TLS_ECDH_ECDSA_WITH_NULL_SHA"},
+    {0xC002, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA"},
+    {0xC003, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"},
+    {0xC004, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"},
+    {0xC005, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"},
+    {0xC006, "TLS_ECDHE_ECDSA_WITH_NULL_SHA"},
+    {0xC007, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"},
+    {0xC008, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"},
+    {0xC009, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"},
+    {0xC00A, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"},
+    {0xC00B, "TLS_ECDH_RSA_WITH_NULL_SHA"},
+    {0xC00C, "TLS_ECDH_RSA_WITH_RC4_128_SHA"},
+    {0xC00D, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"},
+    {0xC00E, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA"},
+    {0xC00F, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA"},
+    {0xC010, "TLS_ECDHE_RSA_WITH_NULL_SHA"},
+    {0xC011, "TLS_ECDHE_RSA_WITH_RC4_128_SHA"},
+    {0xC012, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"},
+    {0xC013, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"},
+    {0xC014, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"},
+    {0xC015, "TLS_ECDH_anon_WITH_NULL_SHA"},
+    {0xC016, "TLS_ECDH_anon_WITH_RC4_128_SHA"},
+    {0xC017, "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA"},
+    {0xC018, "TLS_ECDH_anon_WITH_AES_128_CBC_SHA"},
+    {0xC019, "TLS_ECDH_anon_WITH_AES_256_CBC_SHA"},
+    {0xC01A, "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA"},
+    {0xC01B, "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA"},
+    {0xC01C, "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA"},
+    {0xC01D, "TLS_SRP_SHA_WITH_AES_128_CBC_SHA"},
+    {0xC01E, "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA"},
+    {0xC01F, "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA"},
+    {0xC020, "TLS_SRP_SHA_WITH_AES_256_CBC_SHA"},
+    {0xC021, "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA"},
+    {0xC022, "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA"},
+    {0xC023, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"},
+    {0xC024, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"},
+    {0xC025, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256"},
+    {0xC026, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384"},
+    {0xC027, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"},
+    {0xC028, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"},
+    {0xC029, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256"},
+    {0xC02A, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384"},
+    {0xC02B, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"},
+    {0xC02C, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"},
+    {0xC02D, "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256"},
+    {0xC02E, "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384"},
+    {0xC02F, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"},
+    {0xC030, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"},
+    {0xC031, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"},
+    {0xC032, "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384"},
+    {0xC033, "TLS_ECDHE_PSK_WITH_RC4_128_SHA"},
+    {0xC034, "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA"},
+    {0xC035, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"},
+    {0xC036, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA"},
+    {0xC037, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256"},
+    {0xC038, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384"},
+    {0xC039, "TLS_ECDHE_PSK_WITH_NULL_SHA"},
+    {0xC03A, "TLS_ECDHE_PSK_WITH_NULL_SHA256"},
+    {0xC03B, "TLS_ECDHE_PSK_WITH_NULL_SHA384"},
+    {0xC03C, "TLS_RSA_WITH_ARIA_128_CBC_SHA256"},
+    {0xC03D, "TLS_RSA_WITH_ARIA_256_CBC_SHA384"},
+    {0xC03E, "TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256"},
+    {0xC03F, "TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384"},
+    {0xC040, "TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256"},
+    {0xC041, "TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384"},
+    {0xC042, "TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256"},
+    {0xC043, "TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384"},
+    {0xC044, "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256"},
+    {0xC045, "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384"},
+    {0xC046, "TLS_DH_anon_WITH_ARIA_128_CBC_SHA256"},
+    {0xC047, "TLS_DH_anon_WITH_ARIA_256_CBC_SHA384"},
+    {0xC048, "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256"},
+    {0xC049, "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384"},
+    {0xC04A, "TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256"},
+    {0xC04B, "TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384"},
+    {0xC04C, "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256"},
+    {0xC04D, "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384"},
+    {0xC04E, "TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256"},
+    {0xC04F, "TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384"},
+    {0xC050, "TLS_RSA_WITH_ARIA_128_GCM_SHA256"},
+    {0xC051, "TLS_RSA_WITH_ARIA_256_GCM_SHA384"},
+    {0xC052, "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256"},
+    {0xC053, "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384"},
+    {0xC054, "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256"},
+    {0xC055, "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384"},
+    {0xC056, "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256"},
+    {0xC057, "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384"},
+    {0xC058, "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256"},
+    {0xC059, "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384"},
+    {0xC05A, "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256"},
+    {0xC05B, "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384"},
+    {0xC05C, "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256"},
+    {0xC05D, "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384"},
+    {0xC05E, "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256"},
+    {0xC05F, "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384"},
+    {0xC060, "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256"},
+    {0xC061, "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384"},
+    {0xC062, "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256"},
+    {0xC063, "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384"},
+    {0xC064, "TLS_PSK_WITH_ARIA_128_CBC_SHA256"},
+    {0xC065, "TLS_PSK_WITH_ARIA_256_CBC_SHA384"},
+    {0xC066, "TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256"},
+    {0xC067, "TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384"},
+    {0xC068, "TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256"},
+    {0xC069, "TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384"},
+    {0xC06A, "TLS_PSK_WITH_ARIA_128_GCM_SHA256"},
+    {0xC06B, "TLS_PSK_WITH_ARIA_256_GCM_SHA384"},
+    {0xC06C, "TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256"},
+    {0xC06D, "TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384"},
+    {0xC06E, "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256"},
+    {0xC06F, "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384"},
+    {0xC070, "TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256"},
+    {0xC071, "TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384"},
+    {0xC072, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0xC073, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384"},
+    {0xC074, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0xC075, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384"},
+    {0xC076, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0xC077, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384"},
+    {0xC078, "TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0xC079, "TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384"},
+    {0xC07A, "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC07B, "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC07C, "TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC07D, "TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC07E, "TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC07F, "TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC080, "TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC081, "TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC082, "TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC083, "TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC084, "TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC085, "TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC086, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC087, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC088, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC089, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC08A, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC08B, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC08C, "TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC08D, "TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC08E, "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC08F, "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC090, "TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC091, "TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC092, "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC093, "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC094, "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0xC095, "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384"},
+    {0xC096, "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0xC097, "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"},
+    {0xC098, "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0xC099, "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384"},
+    {0xC09A, "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0xC09B, "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"},
+    {0xC09C, "TLS_RSA_WITH_AES_128_CCM"},
+    {0xC09D, "TLS_RSA_WITH_AES_256_CCM"},
+    {0xC09E, "TLS_DHE_RSA_WITH_AES_128_CCM"},
+    {0xC09F, "TLS_DHE_RSA_WITH_AES_256_CCM"},
+    {0xC0A0, "TLS_RSA_WITH_AES_128_CCM_8"},
+    {0xC0A1, "TLS_RSA_WITH_AES_256_CCM_8"},
+    {0xC0A2, "TLS_DHE_RSA_WITH_AES_128_CCM_8"},
+    {0xC0A3, "TLS_DHE_RSA_WITH_AES_256_CCM_8"},
+    {0xC0A4, "TLS_PSK_WITH_AES_128_CCM"},
+    {0xC0A5, "TLS_PSK_WITH_AES_256_CCM"},
+    {0xC0A6, "TLS_DHE_PSK_WITH_AES_128_CCM"},
+    {0xC0A7, "TLS_DHE_PSK_WITH_AES_256_CCM"},
+    {0xC0A8, "TLS_PSK_WITH_AES_128_CCM_8"},
+    {0xC0A9, "TLS_PSK_WITH_AES_256_CCM_8"},
+    {0xC0AA, "TLS_PSK_DHE_WITH_AES_128_CCM_8"},
+    {0xC0AB, "TLS_PSK_DHE_WITH_AES_256_CCM_8"},
+    {0xC0AC, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM"},
+    {0xC0AD, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM"},
+    {0xC0AE, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8"},
+    {0xC0AF, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8"},
+    {0xCCA8, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"},
+    {0xCCA9, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"},
+    {0xCCAA, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"},
+    {0xCCAB, "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256"},
+    {0xCCAC, "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256"},
+    {0xCCAD, "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256"},
+    {0xCCAE, "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256"},
+    {0x1301, "TLS_AES_128_GCM_SHA256"},
+    {0x1302, "TLS_AES_256_GCM_SHA384"},
+    {0x1303, "TLS_CHACHA20_POLY1305_SHA256"},
+    {0x1304, "TLS_AES_128_CCM_SHA256"},
+    {0x1305, "TLS_AES_128_CCM_8_SHA256"},
+    {0xFEFE, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
+    {0xFEFF, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"},
+    {0xFF85, "GOST2012-GOST8912-GOST8912"},
+    {0xFF87, "GOST2012-NULL-GOST12"},
+};
+
+/* Compression methods */
+static const ssl_trace_tbl ssl_comp_tbl[] = {
+    {0x0000, "No Compression"},
+    {0x0001, "Zlib Compression"}
+};
+
+/* Extensions sorted by ascending id */
+static const ssl_trace_tbl ssl_exts_tbl[] = {
+    {TLSEXT_TYPE_server_name, "server_name"},
+    {TLSEXT_TYPE_max_fragment_length, "max_fragment_length"},
+    {TLSEXT_TYPE_client_certificate_url, "client_certificate_url"},
+    {TLSEXT_TYPE_trusted_ca_keys, "trusted_ca_keys"},
+    {TLSEXT_TYPE_truncated_hmac, "truncated_hmac"},
+    {TLSEXT_TYPE_status_request, "status_request"},
+    {TLSEXT_TYPE_user_mapping, "user_mapping"},
+    {TLSEXT_TYPE_client_authz, "client_authz"},
+    {TLSEXT_TYPE_server_authz, "server_authz"},
+    {TLSEXT_TYPE_cert_type, "cert_type"},
+    {TLSEXT_TYPE_supported_groups, "supported_groups"},
+    {TLSEXT_TYPE_ec_point_formats, "ec_point_formats"},
+    {TLSEXT_TYPE_srp, "srp"},
+    {TLSEXT_TYPE_signature_algorithms, "signature_algorithms"},
+    {TLSEXT_TYPE_use_srtp, "use_srtp"},
+    {TLSEXT_TYPE_heartbeat, "tls_heartbeat"},
+    {TLSEXT_TYPE_application_layer_protocol_negotiation,
+     "application_layer_protocol_negotiation"},
+    {TLSEXT_TYPE_signed_certificate_timestamp, "signed_certificate_timestamps"},
+    {TLSEXT_TYPE_padding, "padding"},
+    {TLSEXT_TYPE_encrypt_then_mac, "encrypt_then_mac"},
+    {TLSEXT_TYPE_extended_master_secret, "extended_master_secret"},
+    {TLSEXT_TYPE_session_ticket, "session_ticket"},
+    {TLSEXT_TYPE_psk, "psk"},
+    {TLSEXT_TYPE_early_data, "early_data"},
+    {TLSEXT_TYPE_supported_versions, "supported_versions"},
+    {TLSEXT_TYPE_cookie, "cookie_ext"},
+    {TLSEXT_TYPE_psk_kex_modes, "psk_key_exchange_modes"},
+    {TLSEXT_TYPE_certificate_authorities, "certificate_authorities"},
+    {TLSEXT_TYPE_post_handshake_auth, "post_handshake_auth"},
+    {TLSEXT_TYPE_signature_algorithms_cert, "signature_algorithms_cert"},
+    {TLSEXT_TYPE_key_share, "key_share"},
+    {TLSEXT_TYPE_renegotiate, "renegotiate"},
+# ifndef OPENSSL_NO_NEXTPROTONEG
+    {TLSEXT_TYPE_next_proto_neg, "next_proto_neg"},
+# endif
+};
+
+static const ssl_trace_tbl ssl_groups_tbl[] = {
+    {1, "sect163k1 (K-163)"},
+    {2, "sect163r1"},
+    {3, "sect163r2 (B-163)"},
+    {4, "sect193r1"},
+    {5, "sect193r2"},
+    {6, "sect233k1 (K-233)"},
+    {7, "sect233r1 (B-233)"},
+    {8, "sect239k1"},
+    {9, "sect283k1 (K-283)"},
+    {10, "sect283r1 (B-283)"},
+    {11, "sect409k1 (K-409)"},
+    {12, "sect409r1 (B-409)"},
+    {13, "sect571k1 (K-571)"},
+    {14, "sect571r1 (B-571)"},
+    {15, "secp160k1"},
+    {16, "secp160r1"},
+    {17, "secp160r2"},
+    {18, "secp192k1"},
+    {19, "secp192r1 (P-192)"},
+    {20, "secp224k1"},
+    {21, "secp224r1 (P-224)"},
+    {22, "secp256k1"},
+    {23, "secp256r1 (P-256)"},
+    {24, "secp384r1 (P-384)"},
+    {25, "secp521r1 (P-521)"},
+    {26, "brainpoolP256r1"},
+    {27, "brainpoolP384r1"},
+    {28, "brainpoolP512r1"},
+    {29, "ecdh_x25519"},
+    {30, "ecdh_x448"},
+    {256, "ffdhe2048"},
+    {257, "ffdhe3072"},
+    {258, "ffdhe4096"},
+    {259, "ffdhe6144"},
+    {260, "ffdhe8192"},
+    {0xFF01, "arbitrary_explicit_prime_curves"},
+    {0xFF02, "arbitrary_explicit_char2_curves"}
+};
+
+static const ssl_trace_tbl ssl_point_tbl[] = {
+    {0, "uncompressed"},
+    {1, "ansiX962_compressed_prime"},
+    {2, "ansiX962_compressed_char2"}
+};
+
+static const ssl_trace_tbl ssl_mfl_tbl[] = {
+    {0, "disabled"},
+    {1, "max_fragment_length := 2^9 (512 bytes)"},
+    {2, "max_fragment_length := 2^10 (1024 bytes)"},
+    {3, "max_fragment_length := 2^11 (2048 bytes)"},
+    {4, "max_fragment_length := 2^12 (4096 bytes)"}
+};
+
+static const ssl_trace_tbl ssl_sigalg_tbl[] = {
+    {TLSEXT_SIGALG_ecdsa_secp256r1_sha256, "ecdsa_secp256r1_sha256"},
+    {TLSEXT_SIGALG_ecdsa_secp384r1_sha384, "ecdsa_secp384r1_sha384"},
+    {TLSEXT_SIGALG_ecdsa_secp521r1_sha512, "ecdsa_secp521r1_sha512"},
+    {TLSEXT_SIGALG_ecdsa_sha224, "ecdsa_sha224"},
+    {TLSEXT_SIGALG_ed25519, "ed25519"},
+    {TLSEXT_SIGALG_ed448, "ed448"},
+    {TLSEXT_SIGALG_ecdsa_sha1, "ecdsa_sha1"},
+    {TLSEXT_SIGALG_rsa_pss_rsae_sha256, "rsa_pss_rsae_sha256"},
+    {TLSEXT_SIGALG_rsa_pss_rsae_sha384, "rsa_pss_rsae_sha384"},
+    {TLSEXT_SIGALG_rsa_pss_rsae_sha512, "rsa_pss_rsae_sha512"},
+    {TLSEXT_SIGALG_rsa_pss_pss_sha256, "rsa_pss_pss_sha256"},
+    {TLSEXT_SIGALG_rsa_pss_pss_sha384, "rsa_pss_pss_sha384"},
+    {TLSEXT_SIGALG_rsa_pss_pss_sha512, "rsa_pss_pss_sha512"},
+    {TLSEXT_SIGALG_rsa_pkcs1_sha256, "rsa_pkcs1_sha256"},
+    {TLSEXT_SIGALG_rsa_pkcs1_sha384, "rsa_pkcs1_sha384"},
+    {TLSEXT_SIGALG_rsa_pkcs1_sha512, "rsa_pkcs1_sha512"},
+    {TLSEXT_SIGALG_rsa_pkcs1_sha224, "rsa_pkcs1_sha224"},
+    {TLSEXT_SIGALG_rsa_pkcs1_sha1, "rsa_pkcs1_sha1"},
+    {TLSEXT_SIGALG_dsa_sha256, "dsa_sha256"},
+    {TLSEXT_SIGALG_dsa_sha384, "dsa_sha384"},
+    {TLSEXT_SIGALG_dsa_sha512, "dsa_sha512"},
+    {TLSEXT_SIGALG_dsa_sha224, "dsa_sha224"},
+    {TLSEXT_SIGALG_dsa_sha1, "dsa_sha1"},
+    {TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256, "gost2012_256"},
+    {TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512, "gost2012_512"},
+    {TLSEXT_SIGALG_gostr34102001_gostr3411, "gost2001_gost94"},
+};
+
+static const ssl_trace_tbl ssl_ctype_tbl[] = {
+    {1, "rsa_sign"},
+    {2, "dss_sign"},
+    {3, "rsa_fixed_dh"},
+    {4, "dss_fixed_dh"},
+    {5, "rsa_ephemeral_dh"},
+    {6, "dss_ephemeral_dh"},
+    {20, "fortezza_dms"},
+    {64, "ecdsa_sign"},
+    {65, "rsa_fixed_ecdh"},
+    {66, "ecdsa_fixed_ecdh"}
+};
+
+static const ssl_trace_tbl ssl_psk_kex_modes_tbl[] = {
+    {TLSEXT_KEX_MODE_KE, "psk_ke"},
+    {TLSEXT_KEX_MODE_KE_DHE, "psk_dhe_ke"}
+};
+
+static const ssl_trace_tbl ssl_key_update_tbl[] = {
+    {SSL_KEY_UPDATE_NOT_REQUESTED, "update_not_requested"},
+    {SSL_KEY_UPDATE_REQUESTED, "update_requested"}
+};
+
+static void ssl_print_hex(BIO *bio, int indent, const char *name,
+                          const unsigned char *msg, size_t msglen)
+{
+    size_t i;
+
+    BIO_indent(bio, indent, 80);
+    BIO_printf(bio, "%s (len=%d): ", name, (int)msglen);
+    for (i = 0; i < msglen; i++)
+        BIO_printf(bio, "%02X", msg[i]);
+    BIO_puts(bio, "\n");
+}
+
+static int ssl_print_hexbuf(BIO *bio, int indent, const char *name, size_t nlen,
+                            const unsigned char **pmsg, size_t *pmsglen)
+{
+    size_t blen;
+    const unsigned char *p = *pmsg;
+
+    if (*pmsglen < nlen)
+        return 0;
+    blen = p[0];
+    if (nlen > 1)
+        blen = (blen << 8) | p[1];
+    if (*pmsglen < nlen + blen)
+        return 0;
+    p += nlen;
+    ssl_print_hex(bio, indent, name, p, blen);
+    *pmsg += blen + nlen;
+    *pmsglen -= blen + nlen;
+    return 1;
+}
+
+static int ssl_print_version(BIO *bio, int indent, const char *name,
+                             const unsigned char **pmsg, size_t *pmsglen,
+                             unsigned int *version)
+{
+    int vers;
+
+    if (*pmsglen < 2)
+        return 0;
+    vers = ((*pmsg)[0] << 8) | (*pmsg)[1];
+    if (version != NULL)
+        *version = vers;
+    BIO_indent(bio, indent, 80);
+    BIO_printf(bio, "%s=0x%x (%s)\n",
+               name, vers, ssl_trace_str(vers, ssl_version_tbl));
+    *pmsg += 2;
+    *pmsglen -= 2;
+    return 1;
+}
+
+static int ssl_print_random(BIO *bio, int indent,
+                            const unsigned char **pmsg, size_t *pmsglen)
+{
+    unsigned int tm;
+    const unsigned char *p = *pmsg;
+
+    if (*pmsglen < 32)
+        return 0;
+    tm = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
+    p += 4;
+    BIO_indent(bio, indent, 80);
+    BIO_puts(bio, "Random:\n");
+    BIO_indent(bio, indent + 2, 80);
+    BIO_printf(bio, "gmt_unix_time=0x%08X\n", tm);
+    ssl_print_hex(bio, indent + 2, "random_bytes", p, 28);
+    *pmsg += 32;
+    *pmsglen -= 32;
+    return 1;
+}
+
+static int ssl_print_signature(BIO *bio, int indent, const SSL *ssl,
+                               const unsigned char **pmsg, size_t *pmsglen)
+{
+    if (*pmsglen < 2)
+        return 0;
+    if (SSL_USE_SIGALGS(ssl)) {
+        const unsigned char *p = *pmsg;
+        unsigned int sigalg = (p[0] << 8) | p[1];
+
+        BIO_indent(bio, indent, 80);
+        BIO_printf(bio, "Signature Algorithm: %s (0x%04x)\n",
+                   ssl_trace_str(sigalg, ssl_sigalg_tbl), sigalg);
+        *pmsg += 2;
+        *pmsglen -= 2;
+    }
+    return ssl_print_hexbuf(bio, indent, "Signature", 2, pmsg, pmsglen);
+}
+
+static int ssl_print_extension(BIO *bio, int indent, int server,
+                               unsigned char mt, int extype,
+                               const unsigned char *ext, size_t extlen)
+{
+    size_t xlen, share_len;
+    unsigned int sigalg;
+    uint32_t max_early_data;
+
+    BIO_indent(bio, indent, 80);
+    BIO_printf(bio, "extension_type=%s(%d), length=%d\n",
+               ssl_trace_str(extype, ssl_exts_tbl), extype, (int)extlen);
+    switch (extype) {
+    case TLSEXT_TYPE_max_fragment_length:
+        if (extlen < 1)
+            return 0;
+        xlen = extlen;
+        return ssl_trace_list(bio, indent + 2, ext, xlen, 1, ssl_mfl_tbl);
+
+    case TLSEXT_TYPE_ec_point_formats:
+        if (extlen < 1)
+            return 0;
+        xlen = ext[0];
+        if (extlen != xlen + 1)
+            return 0;
+        return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 1, ssl_point_tbl);
+
+    case TLSEXT_TYPE_supported_groups:
+        if (extlen < 2)
+            return 0;
+        xlen = (ext[0] << 8) | ext[1];
+        if (extlen != xlen + 2)
+            return 0;
+        return ssl_trace_list(bio, indent + 2, ext + 2, xlen, 2, ssl_groups_tbl);
+    case TLSEXT_TYPE_application_layer_protocol_negotiation:
+        if (extlen < 2)
+            return 0;
+        xlen = (ext[0] << 8) | ext[1];
+        if (extlen != xlen + 2)
+            return 0;
+        ext += 2;
+        while (xlen > 0) {
+            size_t plen = *ext++;
+
+            if (plen + 1 > xlen)
+                return 0;
+            BIO_indent(bio, indent + 2, 80);
+            BIO_write(bio, ext, plen);
+            BIO_puts(bio, "\n");
+            ext += plen;
+            xlen -= plen + 1;
+        }
+        return 1;
+
+    case TLSEXT_TYPE_signature_algorithms:
+
+        if (extlen < 2)
+            return 0;
+        xlen = (ext[0] << 8) | ext[1];
+        if (extlen != xlen + 2)
+            return 0;
+        if (xlen & 1)
+            return 0;
+        ext += 2;
+        while (xlen > 0) {
+            BIO_indent(bio, indent + 2, 80);
+            sigalg = (ext[0] << 8) | ext[1];
+            BIO_printf(bio, "%s (0x%04x)\n",
+                       ssl_trace_str(sigalg, ssl_sigalg_tbl), sigalg);
+            xlen -= 2;
+            ext += 2;
+        }
+        break;
+
+    case TLSEXT_TYPE_renegotiate:
+        if (extlen < 1)
+            return 0;
+        xlen = ext[0];
+        if (xlen + 1 != extlen)
+            return 0;
+        ext++;
+        if (xlen) {
+            if (server) {
+                if (xlen & 1)
+                    return 0;
+                xlen >>= 1;
+            }
+            ssl_print_hex(bio, indent + 4, "client_verify_data", ext, xlen);
+            if (server) {
+                ext += xlen;
+                ssl_print_hex(bio, indent + 4, "server_verify_data", ext, xlen);
+            }
+        } else {
+            BIO_indent(bio, indent + 4, 80);
+            BIO_puts(bio, "<EMPTY>\n");
+        }
+        break;
+
+    case TLSEXT_TYPE_heartbeat:
+        return 0;
+
+    case TLSEXT_TYPE_session_ticket:
+        if (extlen != 0)
+            ssl_print_hex(bio, indent + 4, "ticket", ext, extlen);
+        break;
+
+    case TLSEXT_TYPE_key_share:
+        if (server && extlen == 2) {
+            int group_id;
+
+            /* We assume this is an HRR, otherwise this is an invalid key_share */
+            group_id = (ext[0] << 8) | ext[1];
+            BIO_indent(bio, indent + 4, 80);
+            BIO_printf(bio, "NamedGroup: %s (%d)\n",
+                       ssl_trace_str(group_id, ssl_groups_tbl), group_id);
+            break;
+        }
+        if (extlen < 2)
+            return 0;
+        if (server) {
+            xlen = extlen;
+        } else {
+            xlen = (ext[0] << 8) | ext[1];
+            if (extlen != xlen + 2)
+                return 0;
+            ext += 2;
+        }
+        for (; xlen > 0; ext += share_len, xlen -= share_len) {
+            int group_id;
+
+            if (xlen < 4)
+                return 0;
+            group_id = (ext[0] << 8) | ext[1];
+            share_len = (ext[2] << 8) | ext[3];
+            ext += 4;
+            xlen -= 4;
+            if (xlen < share_len)
+                return 0;
+            BIO_indent(bio, indent + 4, 80);
+            BIO_printf(bio, "NamedGroup: %s (%d)\n",
+                       ssl_trace_str(group_id, ssl_groups_tbl), group_id);
+            ssl_print_hex(bio, indent + 4, "key_exchange: ", ext, share_len);
+        }
+        break;
+
+    case TLSEXT_TYPE_supported_versions:
+        if (server) {
+            int version;
+
+            if (extlen != 2)
+                return 0;
+            version = (ext[0] << 8) | ext[1];
+            BIO_indent(bio, indent + 4, 80);
+            BIO_printf(bio, "%s (%d)\n",
+                       ssl_trace_str(version, ssl_version_tbl), version);
+            break;
+        }
+        if (extlen < 1)
+            return 0;
+        xlen = ext[0];
+        if (extlen != xlen + 1)
+            return 0;
+        return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 2,
+                              ssl_version_tbl);
+
+    case TLSEXT_TYPE_psk_kex_modes:
+        if (extlen < 1)
+            return 0;
+        xlen = ext[0];
+        if (extlen != xlen + 1)
+            return 0;
+        return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 1,
+                              ssl_psk_kex_modes_tbl);
+
+    case TLSEXT_TYPE_early_data:
+        if (mt != SSL3_MT_NEWSESSION_TICKET)
+            break;
+        if (extlen != 4)
+            return 0;
+        max_early_data = (ext[0] << 24) | (ext[1] << 16) | (ext[2] << 8)
+                         | ext[3];
+        BIO_indent(bio, indent + 2, 80);
+        BIO_printf(bio, "max_early_data=%u\n", max_early_data);
+        break;
+
+    default:
+        BIO_dump_indent(bio, (const char *)ext, extlen, indent + 2);
+    }
+    return 1;
+}
+
+static int ssl_print_extensions(BIO *bio, int indent, int server,
+                                unsigned char mt, const unsigned char **msgin,
+                                size_t *msginlen)
+{
+    size_t extslen, msglen = *msginlen;
+    const unsigned char *msg = *msgin;
+
+    BIO_indent(bio, indent, 80);
+    if (msglen == 0) {
+        BIO_puts(bio, "No extensions\n");
+        return 1;
+    }
+    if (msglen < 2)
+        return 0;
+    extslen = (msg[0] << 8) | msg[1];
+    msglen -= 2;
+    msg += 2;
+    if (extslen == 0) {
+        BIO_puts(bio, "No extensions\n");
+        *msgin = msg;
+        *msginlen = msglen;
+        return 1;
+    }
+    if (extslen > msglen)
+        return 0;
+    BIO_printf(bio, "extensions, length = %d\n", (int)extslen);
+    msglen -= extslen;
+    while (extslen > 0) {
+        int extype;
+        size_t extlen;
+        if (extslen < 4)
+            return 0;
+        extype = (msg[0] << 8) | msg[1];
+        extlen = (msg[2] << 8) | msg[3];
+        if (extslen < extlen + 4) {
+            BIO_printf(bio, "extensions, extype = %d, extlen = %d\n", extype,
+                       (int)extlen);
+            BIO_dump_indent(bio, (const char *)msg, extslen, indent + 2);
+            return 0;
+        }
+        msg += 4;
+        if (!ssl_print_extension(bio, indent + 2, server, mt, extype, msg,
+                                 extlen))
+            return 0;
+        msg += extlen;
+        extslen -= extlen + 4;
+    }
+
+    *msgin = msg;
+    *msginlen = msglen;
+    return 1;
+}
+
+static int ssl_print_client_hello(BIO *bio, const SSL *ssl, int indent,
+                                  const unsigned char *msg, size_t msglen)
+{
+    size_t len;
+    unsigned int cs;
+
+    if (!ssl_print_version(bio, indent, "client_version", &msg, &msglen, NULL))
+        return 0;
+    if (!ssl_print_random(bio, indent, &msg, &msglen))
+        return 0;
+    if (!ssl_print_hexbuf(bio, indent, "session_id", 1, &msg, &msglen))
+        return 0;
+    if (SSL_IS_DTLS(ssl)) {
+        if (!ssl_print_hexbuf(bio, indent, "cookie", 1, &msg, &msglen))
+            return 0;
+    }
+    if (msglen < 2)
+        return 0;
+    len = (msg[0] << 8) | msg[1];
+    msg += 2;
+    msglen -= 2;
+    BIO_indent(bio, indent, 80);
+    BIO_printf(bio, "cipher_suites (len=%d)\n", (int)len);
+    if (msglen < len || len & 1)
+        return 0;
+    while (len > 0) {
+        cs = (msg[0] << 8) | msg[1];
+        BIO_indent(bio, indent + 2, 80);
+        BIO_printf(bio, "{0x%02X, 0x%02X} %s\n",
+                   msg[0], msg[1], ssl_trace_str(cs, ssl_ciphers_tbl));
+        msg += 2;
+        msglen -= 2;
+        len -= 2;
+    }
+    if (msglen < 1)
+        return 0;
+    len = msg[0];
+    msg++;
+    msglen--;
+    if (msglen < len)
+        return 0;
+    BIO_indent(bio, indent, 80);
+    BIO_printf(bio, "compression_methods (len=%d)\n", (int)len);
+    while (len > 0) {
+        BIO_indent(bio, indent + 2, 80);
+        BIO_printf(bio, "%s (0x%02X)\n",
+                   ssl_trace_str(msg[0], ssl_comp_tbl), msg[0]);
+        msg++;
+        msglen--;
+        len--;
+    }
+    if (!ssl_print_extensions(bio, indent, 0, SSL3_MT_CLIENT_HELLO, &msg,
+                              &msglen))
+        return 0;
+    return 1;
+}
+
+static int dtls_print_hello_vfyrequest(BIO *bio, int indent,
+                                       const unsigned char *msg, size_t msglen)
+{
+    if (!ssl_print_version(bio, indent, "server_version", &msg, &msglen, NULL))
+        return 0;
+    if (!ssl_print_hexbuf(bio, indent, "cookie", 1, &msg, &msglen))
+        return 0;
+    return 1;
+}
+
+static int ssl_print_server_hello(BIO *bio, int indent,
+                                  const unsigned char *msg, size_t msglen)
+{
+    unsigned int cs;
+    unsigned int vers;
+
+    if (!ssl_print_version(bio, indent, "server_version", &msg, &msglen, &vers))
+        return 0;
+    if (!ssl_print_random(bio, indent, &msg, &msglen))
+        return 0;
+    if (vers != TLS1_3_VERSION
+            && !ssl_print_hexbuf(bio, indent, "session_id", 1, &msg, &msglen))
+        return 0;
+    if (msglen < 2)
+        return 0;
+    cs = (msg[0] << 8) | msg[1];
+    BIO_indent(bio, indent, 80);
+    BIO_printf(bio, "cipher_suite {0x%02X, 0x%02X} %s\n",
+               msg[0], msg[1], ssl_trace_str(cs, ssl_ciphers_tbl));
+    msg += 2;
+    msglen -= 2;
+    if (vers != TLS1_3_VERSION) {
+        if (msglen < 1)
+            return 0;
+        BIO_indent(bio, indent, 80);
+        BIO_printf(bio, "compression_method: %s (0x%02X)\n",
+                   ssl_trace_str(msg[0], ssl_comp_tbl), msg[0]);
+        msg++;
+        msglen--;
+    }
+    if (!ssl_print_extensions(bio, indent, 1, SSL3_MT_SERVER_HELLO, &msg,
+                              &msglen))
+        return 0;
+    return 1;
+}
+
+static int ssl_get_keyex(const char **pname, const SSL *ssl)
+{
+    unsigned long alg_k = ssl->s3->tmp.new_cipher->algorithm_mkey;
+
+    if (alg_k & SSL_kRSA) {
+        *pname = "rsa";
+        return SSL_kRSA;
+    }
+    if (alg_k & SSL_kDHE) {
+        *pname = "DHE";
+        return SSL_kDHE;
+    }
+    if (alg_k & SSL_kECDHE) {
+        *pname = "ECDHE";
+        return SSL_kECDHE;
+    }
+    if (alg_k & SSL_kPSK) {
+        *pname = "PSK";
+        return SSL_kPSK;
+    }
+    if (alg_k & SSL_kRSAPSK) {
+        *pname = "RSAPSK";
+        return SSL_kRSAPSK;
+    }
+    if (alg_k & SSL_kDHEPSK) {
+        *pname = "DHEPSK";
+        return SSL_kDHEPSK;
+    }
+    if (alg_k & SSL_kECDHEPSK) {
+        *pname = "ECDHEPSK";
+        return SSL_kECDHEPSK;
+    }
+    if (alg_k & SSL_kSRP) {
+        *pname = "SRP";
+        return SSL_kSRP;
+    }
+    if (alg_k & SSL_kGOST) {
+        *pname = "GOST";
+        return SSL_kGOST;
+    }
+    *pname = "UNKNOWN";
+    return 0;
+}
+
+static int ssl_print_client_keyex(BIO *bio, int indent, const SSL *ssl,
+                                  const unsigned char *msg, size_t msglen)
+{
+    const char *algname;
+    int id = ssl_get_keyex(&algname, ssl);
+
+    BIO_indent(bio, indent, 80);
+    BIO_printf(bio, "KeyExchangeAlgorithm=%s\n", algname);
+    if (id & SSL_PSK) {
+        if (!ssl_print_hexbuf(bio, indent + 2,
+                              "psk_identity", 2, &msg, &msglen))
+            return 0;
+    }
+    switch (id) {
+
+    case SSL_kRSA:
+    case SSL_kRSAPSK:
+        if (TLS1_get_version(ssl) == SSL3_VERSION) {
+            ssl_print_hex(bio, indent + 2,
+                          "EncryptedPreMasterSecret", msg, msglen);
+        } else {
+            if (!ssl_print_hexbuf(bio, indent + 2,
+                                  "EncryptedPreMasterSecret", 2, &msg, &msglen))
+                return 0;
+        }
+        break;
+
+    case SSL_kDHE:
+    case SSL_kDHEPSK:
+        if (!ssl_print_hexbuf(bio, indent + 2, "dh_Yc", 2, &msg, &msglen))
+            return 0;
+        break;
+
+    case SSL_kECDHE:
+    case SSL_kECDHEPSK:
+        if (!ssl_print_hexbuf(bio, indent + 2, "ecdh_Yc", 1, &msg, &msglen))
+            return 0;
+        break;
+
+    }
+
+    return !msglen;
+}
+
+static int ssl_print_server_keyex(BIO *bio, int indent, const SSL *ssl,
+                                  const unsigned char *msg, size_t msglen)
+{
+    const char *algname;
+    int id = ssl_get_keyex(&algname, ssl);
+
+    BIO_indent(bio, indent, 80);
+    BIO_printf(bio, "KeyExchangeAlgorithm=%s\n", algname);
+    if (id & SSL_PSK) {
+        if (!ssl_print_hexbuf(bio, indent + 2,
+                              "psk_identity_hint", 2, &msg, &msglen))
+            return 0;
+    }
+    switch (id) {
+    case SSL_kRSA:
+
+        if (!ssl_print_hexbuf(bio, indent + 2, "rsa_modulus", 2, &msg, &msglen))
+            return 0;
+        if (!ssl_print_hexbuf(bio, indent + 2, "rsa_exponent", 2,
+                              &msg, &msglen))
+            return 0;
+        break;
+
+    case SSL_kDHE:
+    case SSL_kDHEPSK:
+        if (!ssl_print_hexbuf(bio, indent + 2, "dh_p", 2, &msg, &msglen))
+            return 0;
+        if (!ssl_print_hexbuf(bio, indent + 2, "dh_g", 2, &msg, &msglen))
+            return 0;
+        if (!ssl_print_hexbuf(bio, indent + 2, "dh_Ys", 2, &msg, &msglen))
+            return 0;
+        break;
+
+# ifndef OPENSSL_NO_EC
+    case SSL_kECDHE:
+    case SSL_kECDHEPSK:
+        if (msglen < 1)
+            return 0;
+        BIO_indent(bio, indent + 2, 80);
+        if (msg[0] == EXPLICIT_PRIME_CURVE_TYPE)
+            BIO_puts(bio, "explicit_prime\n");
+        else if (msg[0] == EXPLICIT_CHAR2_CURVE_TYPE)
+            BIO_puts(bio, "explicit_char2\n");
+        else if (msg[0] == NAMED_CURVE_TYPE) {
+            int curve;
+            if (msglen < 3)
+                return 0;
+            curve = (msg[1] << 8) | msg[2];
+            BIO_printf(bio, "named_curve: %s (%d)\n",
+                       ssl_trace_str(curve, ssl_groups_tbl), curve);
+            msg += 3;
+            msglen -= 3;
+            if (!ssl_print_hexbuf(bio, indent + 2, "point", 1, &msg, &msglen))
+                return 0;
+        } else {
+            BIO_printf(bio, "UNKNOWN CURVE PARAMETER TYPE %d\n", msg[0]);
+            return 0;
+        }
+        break;
+# endif
+
+    case SSL_kPSK:
+    case SSL_kRSAPSK:
+        break;
+    }
+    if (!(id & SSL_PSK))
+        ssl_print_signature(bio, indent, ssl, &msg, &msglen);
+    return !msglen;
+}
+
+static int ssl_print_certificate(BIO *bio, int indent,
+                                 const unsigned char **pmsg, size_t *pmsglen)
+{
+    size_t msglen = *pmsglen;
+    size_t clen;
+    X509 *x;
+    const unsigned char *p = *pmsg, *q;
+
+    if (msglen < 3)
+        return 0;
+    clen = (p[0] << 16) | (p[1] << 8) | p[2];
+    if (msglen < clen + 3)
+        return 0;
+    q = p + 3;
+    BIO_indent(bio, indent, 80);
+    BIO_printf(bio, "ASN.1Cert, length=%d", (int)clen);
+    x = d2i_X509(NULL, &q, clen);
+    if (!x)
+        BIO_puts(bio, "<UNPARSEABLE CERTIFICATE>\n");
+    else {
+        BIO_puts(bio, "\n------details-----\n");
+        X509_print_ex(bio, x, XN_FLAG_ONELINE, 0);
+        PEM_write_bio_X509(bio, x);
+        /* Print certificate stuff */
+        BIO_puts(bio, "------------------\n");
+        X509_free(x);
+    }
+    if (q != p + 3 + clen) {
+        BIO_puts(bio, "<TRAILING GARBAGE AFTER CERTIFICATE>\n");
+    }
+    *pmsg += clen + 3;
+    *pmsglen -= clen + 3;
+    return 1;
+}
+
+static int ssl_print_certificates(BIO *bio, const SSL *ssl, int server,
+                                  int indent, const unsigned char *msg,
+                                  size_t msglen)
+{
+    size_t clen;
+
+    if (SSL_IS_TLS13(ssl)
+            && !ssl_print_hexbuf(bio, indent, "context", 1, &msg, &msglen))
+        return 0;
+
+    if (msglen < 3)
+        return 0;
+    clen = (msg[0] << 16) | (msg[1] << 8) | msg[2];
+    if (msglen != clen + 3)
+        return 0;
+    msg += 3;
+    BIO_indent(bio, indent, 80);
+    BIO_printf(bio, "certificate_list, length=%d\n", (int)clen);
+    while (clen > 0) {
+        if (!ssl_print_certificate(bio, indent + 2, &msg, &clen))
+            return 0;
+        if (!ssl_print_extensions(bio, indent + 2, server, SSL3_MT_CERTIFICATE,
+                                  &msg, &clen))
+            return 0;
+
+    }
+    return 1;
+}
+
+static int ssl_print_cert_request(BIO *bio, int indent, const SSL *ssl,
+                                  const unsigned char *msg, size_t msglen)
+{
+    size_t xlen;
+    unsigned int sigalg;
+
+    if (SSL_IS_TLS13(ssl)) {
+        if (!ssl_print_hexbuf(bio, indent, "request_context", 1, &msg, &msglen))
+            return 0;
+        if (!ssl_print_extensions(bio, indent, 1,
+                                  SSL3_MT_CERTIFICATE_REQUEST, &msg, &msglen))
+            return 0;
+        return 1;
+    } else {
+        if (msglen < 1)
+            return 0;
+        xlen = msg[0];
+        if (msglen < xlen + 1)
+            return 0;
+        msg++;
+        BIO_indent(bio, indent, 80);
+        BIO_printf(bio, "certificate_types (len=%d)\n", (int)xlen);
+        if (!ssl_trace_list(bio, indent + 2, msg, xlen, 1, ssl_ctype_tbl))
+            return 0;
+        msg += xlen;
+        msglen -= xlen + 1;
+    }
+    if (SSL_USE_SIGALGS(ssl)) {
+        if (msglen < 2)
+            return 0;
+        xlen = (msg[0] << 8) | msg[1];
+        if (msglen < xlen + 2 || (xlen & 1))
+            return 0;
+        msg += 2;
+        msglen -= xlen + 2;
+        BIO_indent(bio, indent, 80);
+        BIO_printf(bio, "signature_algorithms (len=%d)\n", (int)xlen);
+        while (xlen > 0) {
+            BIO_indent(bio, indent + 2, 80);
+            sigalg = (msg[0] << 8) | msg[1];
+            BIO_printf(bio, "%s (0x%04x)\n",
+                       ssl_trace_str(sigalg, ssl_sigalg_tbl), sigalg);
+            xlen -= 2;
+            msg += 2;
+        }
+        msg += xlen;
+    }
+
+    if (msglen < 2)
+        return 0;
+    xlen = (msg[0] << 8) | msg[1];
+    BIO_indent(bio, indent, 80);
+    if (msglen < xlen + 2)
+        return 0;
+    msg += 2;
+    msglen -= 2 + xlen;
+    BIO_printf(bio, "certificate_authorities (len=%d)\n", (int)xlen);
+    while (xlen > 0) {
+        size_t dlen;
+        X509_NAME *nm;
+        const unsigned char *p;
+        if (xlen < 2)
+            return 0;
+        dlen = (msg[0] << 8) | msg[1];
+        if (xlen < dlen + 2)
+            return 0;
+        msg += 2;
+        BIO_indent(bio, indent + 2, 80);
+        BIO_printf(bio, "DistinguishedName (len=%d): ", (int)dlen);
+        p = msg;
+        nm = d2i_X509_NAME(NULL, &p, dlen);
+        if (!nm) {
+            BIO_puts(bio, "<UNPARSEABLE DN>\n");
+        } else {
+            X509_NAME_print_ex(bio, nm, 0, XN_FLAG_ONELINE);
+            BIO_puts(bio, "\n");
+            X509_NAME_free(nm);
+        }
+        xlen -= dlen + 2;
+        msg += dlen;
+    }
+    if (SSL_IS_TLS13(ssl)) {
+        if (!ssl_print_hexbuf(bio, indent, "request_extensions", 2,
+                              &msg, &msglen))
+            return 0;
+    }
+    return msglen == 0;
+}
+
+static int ssl_print_ticket(BIO *bio, int indent, const SSL *ssl,
+                            const unsigned char *msg, size_t msglen)
+{
+    unsigned int tick_life;
+
+    if (msglen == 0) {
+        BIO_indent(bio, indent + 2, 80);
+        BIO_puts(bio, "No Ticket\n");
+        return 1;
+    }
+    if (msglen < 4)
+        return 0;
+    tick_life = (msg[0] << 24) | (msg[1] << 16) | (msg[2] << 8) | msg[3];
+    msglen -= 4;
+    msg += 4;
+    BIO_indent(bio, indent + 2, 80);
+    BIO_printf(bio, "ticket_lifetime_hint=%u\n", tick_life);
+    if (SSL_IS_TLS13(ssl)) {
+        unsigned int ticket_age_add;
+
+        if (msglen < 4)
+            return 0;
+        ticket_age_add =
+            (msg[0] << 24) | (msg[1] << 16) | (msg[2] << 8) | msg[3];
+        msglen -= 4;
+        msg += 4;
+        BIO_indent(bio, indent + 2, 80);
+        BIO_printf(bio, "ticket_age_add=%u\n", ticket_age_add);
+        if (!ssl_print_hexbuf(bio, indent + 2, "ticket_nonce", 1, &msg,
+                              &msglen))
+            return 0;
+    }
+    if (!ssl_print_hexbuf(bio, indent + 2, "ticket", 2, &msg, &msglen))
+        return 0;
+    if (SSL_IS_TLS13(ssl)
+            && !ssl_print_extensions(bio, indent + 2, 0,
+                                     SSL3_MT_NEWSESSION_TICKET, &msg, &msglen))
+        return 0;
+    if (msglen)
+        return 0;
+    return 1;
+}
+
+static int ssl_print_handshake(BIO *bio, const SSL *ssl, int server,
+                               const unsigned char *msg, size_t msglen,
+                               int indent)
+{
+    size_t hlen;
+    unsigned char htype;
+
+    if (msglen < 4)
+        return 0;
+    htype = msg[0];
+    hlen = (msg[1] << 16) | (msg[2] << 8) | msg[3];
+    BIO_indent(bio, indent, 80);
+    BIO_printf(bio, "%s, Length=%d\n",
+               ssl_trace_str(htype, ssl_handshake_tbl), (int)hlen);
+    msg += 4;
+    msglen -= 4;
+    if (SSL_IS_DTLS(ssl)) {
+        if (msglen < 8)
+            return 0;
+        BIO_indent(bio, indent, 80);
+        BIO_printf(bio, "message_seq=%d, fragment_offset=%d, "
+                   "fragment_length=%d\n",
+                   (msg[0] << 8) | msg[1],
+                   (msg[2] << 16) | (msg[3] << 8) | msg[4],
+                   (msg[5] << 16) | (msg[6] << 8) | msg[7]);
+        msg += 8;
+        msglen -= 8;
+    }
+    if (msglen < hlen)
+        return 0;
+    switch (htype) {
+    case SSL3_MT_CLIENT_HELLO:
+        if (!ssl_print_client_hello(bio, ssl, indent + 2, msg, msglen))
+            return 0;
+        break;
+
+    case DTLS1_MT_HELLO_VERIFY_REQUEST:
+        if (!dtls_print_hello_vfyrequest(bio, indent + 2, msg, msglen))
+            return 0;
+        break;
+
+    case SSL3_MT_SERVER_HELLO:
+        if (!ssl_print_server_hello(bio, indent + 2, msg, msglen))
+            return 0;
+        break;
+
+    case SSL3_MT_SERVER_KEY_EXCHANGE:
+        if (!ssl_print_server_keyex(bio, indent + 2, ssl, msg, msglen))
+            return 0;
+        break;
+
+    case SSL3_MT_CLIENT_KEY_EXCHANGE:
+        if (!ssl_print_client_keyex(bio, indent + 2, ssl, msg, msglen))
+            return 0;
+        break;
+
+    case SSL3_MT_CERTIFICATE:
+        if (!ssl_print_certificates(bio, ssl, server, indent + 2, msg, msglen))
+            return 0;
+        break;
+
+    case SSL3_MT_CERTIFICATE_VERIFY:
+        if (!ssl_print_signature(bio, indent + 2, ssl, &msg, &msglen))
+            return 0;
+        break;
+
+    case SSL3_MT_CERTIFICATE_REQUEST:
+        if (!ssl_print_cert_request(bio, indent + 2, ssl, msg, msglen))
+            return 0;
+        break;
+
+    case SSL3_MT_FINISHED:
+        ssl_print_hex(bio, indent + 2, "verify_data", msg, msglen);
+        break;
+
+    case SSL3_MT_SERVER_DONE:
+        if (msglen != 0)
+            ssl_print_hex(bio, indent + 2, "unexpected value", msg, msglen);
+        break;
+
+    case SSL3_MT_NEWSESSION_TICKET:
+        if (!ssl_print_ticket(bio, indent + 2, ssl, msg, msglen))
+            return 0;
+        break;
+
+    case SSL3_MT_ENCRYPTED_EXTENSIONS:
+        if (!ssl_print_extensions(bio, indent + 2, 1,
+                                  SSL3_MT_ENCRYPTED_EXTENSIONS, &msg, &msglen))
+            return 0;
+        break;
+
+    case SSL3_MT_KEY_UPDATE:
+        if (msglen != 1) {
+            ssl_print_hex(bio, indent + 2, "unexpected value", msg, msglen);
+            return 0;
+        }
+        if (!ssl_trace_list(bio, indent + 2, msg, msglen, 1,
+                            ssl_key_update_tbl))
+            return 0;
+        break;
+
+    default:
+        BIO_indent(bio, indent + 2, 80);
+        BIO_puts(bio, "Unsupported, hex dump follows:\n");
+        BIO_dump_indent(bio, (const char *)msg, msglen, indent + 4);
+    }
+    return 1;
+}
+
+void SSL_trace(int write_p, int version, int content_type,
+               const void *buf, size_t msglen, SSL *ssl, void *arg)
+{
+    const unsigned char *msg = buf;
+    BIO *bio = arg;
+
+    switch (content_type) {
+    case SSL3_RT_HEADER:
+        {
+            int hvers;
+
+            /* avoid overlapping with length at the end of buffer */
+            if (msglen < (size_t)(SSL_IS_DTLS(ssl) ?
+                     DTLS1_RT_HEADER_LENGTH : SSL3_RT_HEADER_LENGTH)) {
+                BIO_puts(bio, write_p ? "Sent" : "Received");
+                ssl_print_hex(bio, 0, " too short message", msg, msglen);
+                break;
+            }
+            hvers = msg[1] << 8 | msg[2];
+            BIO_puts(bio, write_p ? "Sent" : "Received");
+            BIO_printf(bio, " Record\nHeader:\n  Version = %s (0x%x)\n",
+                       ssl_trace_str(hvers, ssl_version_tbl), hvers);
+            if (SSL_IS_DTLS(ssl)) {
+                BIO_printf(bio,
+                           "  epoch=%d, sequence_number=%04x%04x%04x\n",
+                           (msg[3] << 8 | msg[4]),
+                           (msg[5] << 8 | msg[6]),
+                           (msg[7] << 8 | msg[8]), (msg[9] << 8 | msg[10]));
+            }
+
+            BIO_printf(bio, "  Content Type = %s (%d)\n  Length = %d",
+                       ssl_trace_str(msg[0], ssl_content_tbl), msg[0],
+                       msg[msglen - 2] << 8 | msg[msglen - 1]);
+        }
+        break;
+
+    case SSL3_RT_INNER_CONTENT_TYPE:
+        BIO_printf(bio, "  Inner Content Type = %s (%d)",
+                   ssl_trace_str(msg[0], ssl_content_tbl), msg[0]);
+        break;
+
+    case SSL3_RT_HANDSHAKE:
+        if (!ssl_print_handshake(bio, ssl, ssl->server ? write_p : !write_p,
+                                 msg, msglen, 4))
+            BIO_printf(bio, "Message length parse error!\n");
+        break;
+
+    case SSL3_RT_CHANGE_CIPHER_SPEC:
+        if (msglen == 1 && msg[0] == 1)
+            BIO_puts(bio, "    change_cipher_spec (1)\n");
+        else
+            ssl_print_hex(bio, 4, "unknown value", msg, msglen);
+        break;
+
+    case SSL3_RT_ALERT:
+        if (msglen != 2)
+            BIO_puts(bio, "    Illegal Alert Length\n");
+        else {
+            BIO_printf(bio, "    Level=%s(%d), description=%s(%d)\n",
+                       SSL_alert_type_string_long(msg[0] << 8),
+                       msg[0], SSL_alert_desc_string_long(msg[1]), msg[1]);
+        }
+
+    }
+
+    BIO_puts(bio, "\n");
+}
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/tls13_enc.c b/trunk/3rdparty/openssl-1.1-fit/ssl/tls13_enc.c
new file mode 100644
index 000000000..1f956e61e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/tls13_enc.c
@@ -0,0 +1,833 @@
+/*
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdlib.h>
+#include "ssl_locl.h"
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/kdf.h>
+
+#define TLS13_MAX_LABEL_LEN     249
+
+/* Always filled with zeros */
+static const unsigned char default_zeros[EVP_MAX_MD_SIZE];
+
+/*
+ * Given a |secret|; a |label| of length |labellen|; and |data| of length
+ * |datalen| (e.g. typically a hash of the handshake messages), derive a new
+ * secret |outlen| bytes long and store it in the location pointed to be |out|.
+ * The |data| value may be zero length. Any errors will be treated as fatal if
+ * |fatal| is set. Returns 1 on success  0 on failure.
+ */
+int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret,
+                             const unsigned char *label, size_t labellen,
+                             const unsigned char *data, size_t datalen,
+                             unsigned char *out, size_t outlen, int fatal)
+{
+    static const unsigned char label_prefix[] = "tls13 ";
+    EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
+    int ret;
+    size_t hkdflabellen;
+    size_t hashlen;
+    /*
+     * 2 bytes for length of derived secret + 1 byte for length of combined
+     * prefix and label + bytes for the label itself + 1 byte length of hash
+     * + bytes for the hash itself
+     */
+    unsigned char hkdflabel[sizeof(uint16_t) + sizeof(uint8_t) +
+                            + (sizeof(label_prefix) - 1) + TLS13_MAX_LABEL_LEN
+                            + 1 + EVP_MAX_MD_SIZE];
+    WPACKET pkt;
+
+    if (pctx == NULL)
+        return 0;
+
+    if (labellen > TLS13_MAX_LABEL_LEN) {
+        if (fatal) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_HKDF_EXPAND,
+                     ERR_R_INTERNAL_ERROR);
+        } else {
+            /*
+             * Probably we have been called from SSL_export_keying_material(),
+             * or SSL_export_keying_material_early().
+             */
+            SSLerr(SSL_F_TLS13_HKDF_EXPAND, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL);
+        }
+        EVP_PKEY_CTX_free(pctx);
+        return 0;
+    }
+
+    hashlen = EVP_MD_size(md);
+
+    if (!WPACKET_init_static_len(&pkt, hkdflabel, sizeof(hkdflabel), 0)
+            || !WPACKET_put_bytes_u16(&pkt, outlen)
+            || !WPACKET_start_sub_packet_u8(&pkt)
+            || !WPACKET_memcpy(&pkt, label_prefix, sizeof(label_prefix) - 1)
+            || !WPACKET_memcpy(&pkt, label, labellen)
+            || !WPACKET_close(&pkt)
+            || !WPACKET_sub_memcpy_u8(&pkt, data, (data == NULL) ? 0 : datalen)
+            || !WPACKET_get_total_written(&pkt, &hkdflabellen)
+            || !WPACKET_finish(&pkt)) {
+        EVP_PKEY_CTX_free(pctx);
+        WPACKET_cleanup(&pkt);
+        if (fatal)
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_HKDF_EXPAND,
+                     ERR_R_INTERNAL_ERROR);
+        else
+            SSLerr(SSL_F_TLS13_HKDF_EXPAND, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    ret = EVP_PKEY_derive_init(pctx) <= 0
+            || EVP_PKEY_CTX_hkdf_mode(pctx, EVP_PKEY_HKDEF_MODE_EXPAND_ONLY)
+               <= 0
+            || EVP_PKEY_CTX_set_hkdf_md(pctx, md) <= 0
+            || EVP_PKEY_CTX_set1_hkdf_key(pctx, secret, hashlen) <= 0
+            || EVP_PKEY_CTX_add1_hkdf_info(pctx, hkdflabel, hkdflabellen) <= 0
+            || EVP_PKEY_derive(pctx, out, &outlen) <= 0;
+
+    EVP_PKEY_CTX_free(pctx);
+
+    if (ret != 0) {
+        if (fatal)
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_HKDF_EXPAND,
+                     ERR_R_INTERNAL_ERROR);
+        else
+            SSLerr(SSL_F_TLS13_HKDF_EXPAND, ERR_R_INTERNAL_ERROR);
+    }
+
+    return ret == 0;
+}
+
+/*
+ * Given a |secret| generate a |key| of length |keylen| bytes. Returns 1 on
+ * success  0 on failure.
+ */
+int tls13_derive_key(SSL *s, const EVP_MD *md, const unsigned char *secret,
+                     unsigned char *key, size_t keylen)
+{
+    static const unsigned char keylabel[] = "key";
+
+    return tls13_hkdf_expand(s, md, secret, keylabel, sizeof(keylabel) - 1,
+                             NULL, 0, key, keylen, 1);
+}
+
+/*
+ * Given a |secret| generate an |iv| of length |ivlen| bytes. Returns 1 on
+ * success  0 on failure.
+ */
+int tls13_derive_iv(SSL *s, const EVP_MD *md, const unsigned char *secret,
+                    unsigned char *iv, size_t ivlen)
+{
+    static const unsigned char ivlabel[] = "iv";
+
+    return tls13_hkdf_expand(s, md, secret, ivlabel, sizeof(ivlabel) - 1,
+                             NULL, 0, iv, ivlen, 1);
+}
+
+int tls13_derive_finishedkey(SSL *s, const EVP_MD *md,
+                             const unsigned char *secret,
+                             unsigned char *fin, size_t finlen)
+{
+    static const unsigned char finishedlabel[] = "finished";
+
+    return tls13_hkdf_expand(s, md, secret, finishedlabel,
+                             sizeof(finishedlabel) - 1, NULL, 0, fin, finlen, 1);
+}
+
+/*
+ * Given the previous secret |prevsecret| and a new input secret |insecret| of
+ * length |insecretlen|, generate a new secret and store it in the location
+ * pointed to by |outsecret|. Returns 1 on success  0 on failure.
+ */
+int tls13_generate_secret(SSL *s, const EVP_MD *md,
+                          const unsigned char *prevsecret,
+                          const unsigned char *insecret,
+                          size_t insecretlen,
+                          unsigned char *outsecret)
+{
+    size_t mdlen, prevsecretlen;
+    int mdleni;
+    int ret;
+    EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
+    static const char derived_secret_label[] = "derived";
+    unsigned char preextractsec[EVP_MAX_MD_SIZE];
+
+    if (pctx == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_GENERATE_SECRET,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    mdleni = EVP_MD_size(md);
+    /* Ensure cast to size_t is safe */
+    if (!ossl_assert(mdleni >= 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_GENERATE_SECRET,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    mdlen = (size_t)mdleni;
+
+    if (insecret == NULL) {
+        insecret = default_zeros;
+        insecretlen = mdlen;
+    }
+    if (prevsecret == NULL) {
+        prevsecret = default_zeros;
+        prevsecretlen = 0;
+    } else {
+        EVP_MD_CTX *mctx = EVP_MD_CTX_new();
+        unsigned char hash[EVP_MAX_MD_SIZE];
+
+        /* The pre-extract derive step uses a hash of no messages */
+        if (mctx == NULL
+                || EVP_DigestInit_ex(mctx, md, NULL) <= 0
+                || EVP_DigestFinal_ex(mctx, hash, NULL) <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_GENERATE_SECRET,
+                     ERR_R_INTERNAL_ERROR);
+            EVP_MD_CTX_free(mctx);
+            EVP_PKEY_CTX_free(pctx);
+            return 0;
+        }
+        EVP_MD_CTX_free(mctx);
+
+        /* Generate the pre-extract secret */
+        if (!tls13_hkdf_expand(s, md, prevsecret,
+                               (unsigned char *)derived_secret_label,
+                               sizeof(derived_secret_label) - 1, hash, mdlen,
+                               preextractsec, mdlen, 1)) {
+            /* SSLfatal() already called */
+            EVP_PKEY_CTX_free(pctx);
+            return 0;
+        }
+
+        prevsecret = preextractsec;
+        prevsecretlen = mdlen;
+    }
+
+    ret = EVP_PKEY_derive_init(pctx) <= 0
+            || EVP_PKEY_CTX_hkdf_mode(pctx, EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY)
+               <= 0
+            || EVP_PKEY_CTX_set_hkdf_md(pctx, md) <= 0
+            || EVP_PKEY_CTX_set1_hkdf_key(pctx, insecret, insecretlen) <= 0
+            || EVP_PKEY_CTX_set1_hkdf_salt(pctx, prevsecret, prevsecretlen)
+               <= 0
+            || EVP_PKEY_derive(pctx, outsecret, &mdlen)
+               <= 0;
+
+    if (ret != 0)
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_GENERATE_SECRET,
+                 ERR_R_INTERNAL_ERROR);
+
+    EVP_PKEY_CTX_free(pctx);
+    if (prevsecret == preextractsec)
+        OPENSSL_cleanse(preextractsec, mdlen);
+    return ret == 0;
+}
+
+/*
+ * Given an input secret |insecret| of length |insecretlen| generate the
+ * handshake secret. This requires the early secret to already have been
+ * generated. Returns 1 on success  0 on failure.
+ */
+int tls13_generate_handshake_secret(SSL *s, const unsigned char *insecret,
+                                size_t insecretlen)
+{
+    /* Calls SSLfatal() if required */
+    return tls13_generate_secret(s, ssl_handshake_md(s), s->early_secret,
+                                 insecret, insecretlen,
+                                 (unsigned char *)&s->handshake_secret);
+}
+
+/*
+ * Given the handshake secret |prev| of length |prevlen| generate the master
+ * secret and store its length in |*secret_size|. Returns 1 on success  0 on
+ * failure.
+ */
+int tls13_generate_master_secret(SSL *s, unsigned char *out,
+                                 unsigned char *prev, size_t prevlen,
+                                 size_t *secret_size)
+{
+    const EVP_MD *md = ssl_handshake_md(s);
+
+    *secret_size = EVP_MD_size(md);
+    /* Calls SSLfatal() if required */
+    return tls13_generate_secret(s, md, prev, NULL, 0, out);
+}
+
+/*
+ * Generates the mac for the Finished message. Returns the length of the MAC or
+ * 0 on error.
+ */
+size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen,
+                             unsigned char *out)
+{
+    const EVP_MD *md = ssl_handshake_md(s);
+    unsigned char hash[EVP_MAX_MD_SIZE];
+    size_t hashlen, ret = 0;
+    EVP_PKEY *key = NULL;
+    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+
+    if (!ssl_handshake_hash(s, hash, sizeof(hash), &hashlen)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    if (str == s->method->ssl3_enc->server_finished_label) {
+        key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL,
+                                           s->server_finished_secret, hashlen);
+    } else if (SSL_IS_FIRST_HANDSHAKE(s)) {
+        key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL,
+                                           s->client_finished_secret, hashlen);
+    } else {
+        unsigned char finsecret[EVP_MAX_MD_SIZE];
+
+        if (!tls13_derive_finishedkey(s, ssl_handshake_md(s),
+                                      s->client_app_traffic_secret,
+                                      finsecret, hashlen))
+            goto err;
+
+        key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, finsecret,
+                                           hashlen);
+        OPENSSL_cleanse(finsecret, sizeof(finsecret));
+    }
+
+    if (key == NULL
+            || ctx == NULL
+            || EVP_DigestSignInit(ctx, NULL, md, NULL, key) <= 0
+            || EVP_DigestSignUpdate(ctx, hash, hashlen) <= 0
+            || EVP_DigestSignFinal(ctx, out, &hashlen) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_FINAL_FINISH_MAC,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    ret = hashlen;
+ err:
+    EVP_PKEY_free(key);
+    EVP_MD_CTX_free(ctx);
+    return ret;
+}
+
+/*
+ * There isn't really a key block in TLSv1.3, but we still need this function
+ * for initialising the cipher and hash. Returns 1 on success or 0 on failure.
+ */
+int tls13_setup_key_block(SSL *s)
+{
+    const EVP_CIPHER *c;
+    const EVP_MD *hash;
+
+    s->session->cipher = s->s3->tmp.new_cipher;
+    if (!ssl_cipher_get_evp(s->session, &c, &hash, NULL, NULL, NULL, 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_SETUP_KEY_BLOCK,
+                 SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
+        return 0;
+    }
+
+    s->s3->tmp.new_sym_enc = c;
+    s->s3->tmp.new_hash = hash;
+
+    return 1;
+}
+
+static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md,
+                                    const EVP_CIPHER *ciph,
+                                    const unsigned char *insecret,
+                                    const unsigned char *hash,
+                                    const unsigned char *label,
+                                    size_t labellen, unsigned char *secret,
+                                    unsigned char *iv, EVP_CIPHER_CTX *ciph_ctx)
+{
+    unsigned char key[EVP_MAX_KEY_LENGTH];
+    size_t ivlen, keylen, taglen;
+    int hashleni = EVP_MD_size(md);
+    size_t hashlen;
+
+    /* Ensure cast to size_t is safe */
+    if (!ossl_assert(hashleni >= 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DERIVE_SECRET_KEY_AND_IV,
+                 ERR_R_EVP_LIB);
+        goto err;
+    }
+    hashlen = (size_t)hashleni;
+
+    if (!tls13_hkdf_expand(s, md, insecret, label, labellen, hash, hashlen,
+                           secret, hashlen, 1)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    /* TODO(size_t): convert me */
+    keylen = EVP_CIPHER_key_length(ciph);
+    if (EVP_CIPHER_mode(ciph) == EVP_CIPH_CCM_MODE) {
+        uint32_t algenc;
+
+        ivlen = EVP_CCM_TLS_IV_LEN;
+        if (s->s3->tmp.new_cipher == NULL) {
+            /* We've not selected a cipher yet - we must be doing early data */
+            algenc = s->session->cipher->algorithm_enc;
+        } else {
+            algenc = s->s3->tmp.new_cipher->algorithm_enc;
+        }
+        if (algenc & (SSL_AES128CCM8 | SSL_AES256CCM8))
+            taglen = EVP_CCM8_TLS_TAG_LEN;
+         else
+            taglen = EVP_CCM_TLS_TAG_LEN;
+    } else {
+        ivlen = EVP_CIPHER_iv_length(ciph);
+        taglen = 0;
+    }
+
+    if (!tls13_derive_key(s, md, secret, key, keylen)
+            || !tls13_derive_iv(s, md, secret, iv, ivlen)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    if (EVP_CipherInit_ex(ciph_ctx, ciph, NULL, NULL, NULL, sending) <= 0
+        || !EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)
+        || (taglen != 0 && !EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_TAG,
+                                                taglen, NULL))
+        || EVP_CipherInit_ex(ciph_ctx, NULL, NULL, key, NULL, -1) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DERIVE_SECRET_KEY_AND_IV,
+                 ERR_R_EVP_LIB);
+        goto err;
+    }
+
+    return 1;
+ err:
+    OPENSSL_cleanse(key, sizeof(key));
+    return 0;
+}
+
+int tls13_change_cipher_state(SSL *s, int which)
+{
+    static const unsigned char client_early_traffic[] = "c e traffic";
+    static const unsigned char client_handshake_traffic[] = "c hs traffic";
+    static const unsigned char client_application_traffic[] = "c ap traffic";
+    static const unsigned char server_handshake_traffic[] = "s hs traffic";
+    static const unsigned char server_application_traffic[] = "s ap traffic";
+    static const unsigned char exporter_master_secret[] = "exp master";
+    static const unsigned char resumption_master_secret[] = "res master";
+    static const unsigned char early_exporter_master_secret[] = "e exp master";
+    unsigned char *iv;
+    unsigned char secret[EVP_MAX_MD_SIZE];
+    unsigned char hashval[EVP_MAX_MD_SIZE];
+    unsigned char *hash = hashval;
+    unsigned char *insecret;
+    unsigned char *finsecret = NULL;
+    const char *log_label = NULL;
+    EVP_CIPHER_CTX *ciph_ctx;
+    size_t finsecretlen = 0;
+    const unsigned char *label;
+    size_t labellen, hashlen = 0;
+    int ret = 0;
+    const EVP_MD *md = NULL;
+    const EVP_CIPHER *cipher = NULL;
+
+    if (which & SSL3_CC_READ) {
+        if (s->enc_read_ctx != NULL) {
+            EVP_CIPHER_CTX_reset(s->enc_read_ctx);
+        } else {
+            s->enc_read_ctx = EVP_CIPHER_CTX_new();
+            if (s->enc_read_ctx == NULL) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS13_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+        }
+        ciph_ctx = s->enc_read_ctx;
+        iv = s->read_iv;
+
+        RECORD_LAYER_reset_read_sequence(&s->rlayer);
+    } else {
+        s->statem.enc_write_state = ENC_WRITE_STATE_INVALID;
+        if (s->enc_write_ctx != NULL) {
+            EVP_CIPHER_CTX_reset(s->enc_write_ctx);
+        } else {
+            s->enc_write_ctx = EVP_CIPHER_CTX_new();
+            if (s->enc_write_ctx == NULL) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS13_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+        }
+        ciph_ctx = s->enc_write_ctx;
+        iv = s->write_iv;
+
+        RECORD_LAYER_reset_write_sequence(&s->rlayer);
+    }
+
+    if (((which & SSL3_CC_CLIENT) && (which & SSL3_CC_WRITE))
+            || ((which & SSL3_CC_SERVER) && (which & SSL3_CC_READ))) {
+        if (which & SSL3_CC_EARLY) {
+            EVP_MD_CTX *mdctx = NULL;
+            long handlen;
+            void *hdata;
+            unsigned int hashlenui;
+            const SSL_CIPHER *sslcipher = SSL_SESSION_get0_cipher(s->session);
+
+            insecret = s->early_secret;
+            label = client_early_traffic;
+            labellen = sizeof(client_early_traffic) - 1;
+            log_label = CLIENT_EARLY_LABEL;
+
+            handlen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
+            if (handlen <= 0) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS13_CHANGE_CIPHER_STATE,
+                         SSL_R_BAD_HANDSHAKE_LENGTH);
+                goto err;
+            }
+
+            if (s->early_data_state == SSL_EARLY_DATA_CONNECTING
+                    && s->max_early_data > 0
+                    && s->session->ext.max_early_data == 0) {
+                /*
+                 * If we are attempting to send early data, and we've decided to
+                 * actually do it but max_early_data in s->session is 0 then we
+                 * must be using an external PSK.
+                 */
+                if (!ossl_assert(s->psksession != NULL
+                        && s->max_early_data ==
+                           s->psksession->ext.max_early_data)) {
+                    SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                             SSL_F_TLS13_CHANGE_CIPHER_STATE,
+                             ERR_R_INTERNAL_ERROR);
+                    goto err;
+                }
+                sslcipher = SSL_SESSION_get0_cipher(s->psksession);
+            }
+            if (sslcipher == NULL) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS13_CHANGE_CIPHER_STATE, SSL_R_BAD_PSK);
+                goto err;
+            }
+
+            /*
+             * We need to calculate the handshake digest using the digest from
+             * the session. We haven't yet selected our ciphersuite so we can't
+             * use ssl_handshake_md().
+             */
+            mdctx = EVP_MD_CTX_new();
+            if (mdctx == NULL) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS13_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            cipher = EVP_get_cipherbynid(SSL_CIPHER_get_cipher_nid(sslcipher));
+            md = ssl_md(sslcipher->algorithm2);
+            if (md == NULL || !EVP_DigestInit_ex(mdctx, md, NULL)
+                    || !EVP_DigestUpdate(mdctx, hdata, handlen)
+                    || !EVP_DigestFinal_ex(mdctx, hashval, &hashlenui)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS13_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
+                EVP_MD_CTX_free(mdctx);
+                goto err;
+            }
+            hashlen = hashlenui;
+            EVP_MD_CTX_free(mdctx);
+
+            if (!tls13_hkdf_expand(s, md, insecret,
+                                   early_exporter_master_secret,
+                                   sizeof(early_exporter_master_secret) - 1,
+                                   hashval, hashlen,
+                                   s->early_exporter_master_secret, hashlen,
+                                   1)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS13_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+
+            if (!ssl_log_secret(s, EARLY_EXPORTER_SECRET_LABEL,
+                                s->early_exporter_master_secret, hashlen)) {
+                /* SSLfatal() already called */
+                goto err;
+            }
+        } else if (which & SSL3_CC_HANDSHAKE) {
+            insecret = s->handshake_secret;
+            finsecret = s->client_finished_secret;
+            finsecretlen = EVP_MD_size(ssl_handshake_md(s));
+            label = client_handshake_traffic;
+            labellen = sizeof(client_handshake_traffic) - 1;
+            log_label = CLIENT_HANDSHAKE_LABEL;
+            /*
+             * The handshake hash used for the server read/client write handshake
+             * traffic secret is the same as the hash for the server
+             * write/client read handshake traffic secret. However, if we
+             * processed early data then we delay changing the server
+             * read/client write cipher state until later, and the handshake
+             * hashes have moved on. Therefore we use the value saved earlier
+             * when we did the server write/client read change cipher state.
+             */
+            hash = s->handshake_traffic_hash;
+        } else {
+            insecret = s->master_secret;
+            label = client_application_traffic;
+            labellen = sizeof(client_application_traffic) - 1;
+            log_label = CLIENT_APPLICATION_LABEL;
+            /*
+             * For this we only use the handshake hashes up until the server
+             * Finished hash. We do not include the client's Finished, which is
+             * what ssl_handshake_hash() would give us. Instead we use the
+             * previously saved value.
+             */
+            hash = s->server_finished_hash;
+        }
+    } else {
+        /* Early data never applies to client-read/server-write */
+        if (which & SSL3_CC_HANDSHAKE) {
+            insecret = s->handshake_secret;
+            finsecret = s->server_finished_secret;
+            finsecretlen = EVP_MD_size(ssl_handshake_md(s));
+            label = server_handshake_traffic;
+            labellen = sizeof(server_handshake_traffic) - 1;
+            log_label = SERVER_HANDSHAKE_LABEL;
+        } else {
+            insecret = s->master_secret;
+            label = server_application_traffic;
+            labellen = sizeof(server_application_traffic) - 1;
+            log_label = SERVER_APPLICATION_LABEL;
+        }
+    }
+
+    if (!(which & SSL3_CC_EARLY)) {
+        md = ssl_handshake_md(s);
+        cipher = s->s3->tmp.new_sym_enc;
+        if (!ssl3_digest_cached_records(s, 1)
+                || !ssl_handshake_hash(s, hashval, sizeof(hashval), &hashlen)) {
+            /* SSLfatal() already called */;
+            goto err;
+        }
+    }
+
+    /*
+     * Save the hash of handshakes up to now for use when we calculate the
+     * client application traffic secret
+     */
+    if (label == server_application_traffic)
+        memcpy(s->server_finished_hash, hashval, hashlen);
+
+    if (label == server_handshake_traffic)
+        memcpy(s->handshake_traffic_hash, hashval, hashlen);
+
+    if (label == client_application_traffic) {
+        /*
+         * We also create the resumption master secret, but this time use the
+         * hash for the whole handshake including the Client Finished
+         */
+        if (!tls13_hkdf_expand(s, ssl_handshake_md(s), insecret,
+                               resumption_master_secret,
+                               sizeof(resumption_master_secret) - 1,
+                               hashval, hashlen, s->resumption_master_secret,
+                               hashlen, 1)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    }
+
+    if (!derive_secret_key_and_iv(s, which & SSL3_CC_WRITE, md, cipher,
+                                  insecret, hash, label, labellen, secret, iv,
+                                  ciph_ctx)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    if (label == server_application_traffic) {
+        memcpy(s->server_app_traffic_secret, secret, hashlen);
+        /* Now we create the exporter master secret */
+        if (!tls13_hkdf_expand(s, ssl_handshake_md(s), insecret,
+                               exporter_master_secret,
+                               sizeof(exporter_master_secret) - 1,
+                               hash, hashlen, s->exporter_master_secret,
+                               hashlen, 1)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+
+        if (!ssl_log_secret(s, EXPORTER_SECRET_LABEL, s->exporter_master_secret,
+                            hashlen)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    } else if (label == client_application_traffic)
+        memcpy(s->client_app_traffic_secret, secret, hashlen);
+
+    if (!ssl_log_secret(s, log_label, secret, hashlen)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    if (finsecret != NULL
+            && !tls13_derive_finishedkey(s, ssl_handshake_md(s), secret,
+                                         finsecret, finsecretlen)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    if (!s->server && label == client_early_traffic)
+        s->statem.enc_write_state = ENC_WRITE_STATE_WRITE_PLAIN_ALERTS;
+    else
+        s->statem.enc_write_state = ENC_WRITE_STATE_VALID;
+    ret = 1;
+ err:
+    OPENSSL_cleanse(secret, sizeof(secret));
+    return ret;
+}
+
+int tls13_update_key(SSL *s, int sending)
+{
+    static const unsigned char application_traffic[] = "traffic upd";
+    const EVP_MD *md = ssl_handshake_md(s);
+    size_t hashlen = EVP_MD_size(md);
+    unsigned char *insecret, *iv;
+    unsigned char secret[EVP_MAX_MD_SIZE];
+    EVP_CIPHER_CTX *ciph_ctx;
+    int ret = 0;
+
+    if (s->server == sending)
+        insecret = s->server_app_traffic_secret;
+    else
+        insecret = s->client_app_traffic_secret;
+
+    if (sending) {
+        s->statem.enc_write_state = ENC_WRITE_STATE_INVALID;
+        iv = s->write_iv;
+        ciph_ctx = s->enc_write_ctx;
+        RECORD_LAYER_reset_write_sequence(&s->rlayer);
+    } else {
+        iv = s->read_iv;
+        ciph_ctx = s->enc_read_ctx;
+        RECORD_LAYER_reset_read_sequence(&s->rlayer);
+    }
+
+    if (!derive_secret_key_and_iv(s, sending, ssl_handshake_md(s),
+                                  s->s3->tmp.new_sym_enc, insecret, NULL,
+                                  application_traffic,
+                                  sizeof(application_traffic) - 1, secret, iv,
+                                  ciph_ctx)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    memcpy(insecret, secret, hashlen);
+
+    s->statem.enc_write_state = ENC_WRITE_STATE_VALID;
+    ret = 1;
+ err:
+    OPENSSL_cleanse(secret, sizeof(secret));
+    return ret;
+}
+
+int tls13_alert_code(int code)
+{
+    /* There are 2 additional alerts in TLSv1.3 compared to TLSv1.2 */
+    if (code == SSL_AD_MISSING_EXTENSION || code == SSL_AD_CERTIFICATE_REQUIRED)
+        return code;
+
+    return tls1_alert_code(code);
+}
+
+int tls13_export_keying_material(SSL *s, unsigned char *out, size_t olen,
+                                 const char *label, size_t llen,
+                                 const unsigned char *context,
+                                 size_t contextlen, int use_context)
+{
+    unsigned char exportsecret[EVP_MAX_MD_SIZE];
+    static const unsigned char exporterlabel[] = "exporter";
+    unsigned char hash[EVP_MAX_MD_SIZE], data[EVP_MAX_MD_SIZE];
+    const EVP_MD *md = ssl_handshake_md(s);
+    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+    unsigned int hashsize, datalen;
+    int ret = 0;
+
+    if (ctx == NULL || !ossl_statem_export_allowed(s))
+        goto err;
+
+    if (!use_context)
+        contextlen = 0;
+
+    if (EVP_DigestInit_ex(ctx, md, NULL) <= 0
+            || EVP_DigestUpdate(ctx, context, contextlen) <= 0
+            || EVP_DigestFinal_ex(ctx, hash, &hashsize) <= 0
+            || EVP_DigestInit_ex(ctx, md, NULL) <= 0
+            || EVP_DigestFinal_ex(ctx, data, &datalen) <= 0
+            || !tls13_hkdf_expand(s, md, s->exporter_master_secret,
+                                  (const unsigned char *)label, llen,
+                                  data, datalen, exportsecret, hashsize, 0)
+            || !tls13_hkdf_expand(s, md, exportsecret, exporterlabel,
+                                  sizeof(exporterlabel) - 1, hash, hashsize,
+                                  out, olen, 0))
+        goto err;
+
+    ret = 1;
+ err:
+    EVP_MD_CTX_free(ctx);
+    return ret;
+}
+
+int tls13_export_keying_material_early(SSL *s, unsigned char *out, size_t olen,
+                                       const char *label, size_t llen,
+                                       const unsigned char *context,
+                                       size_t contextlen)
+{
+    static const unsigned char exporterlabel[] = "exporter";
+    unsigned char exportsecret[EVP_MAX_MD_SIZE];
+    unsigned char hash[EVP_MAX_MD_SIZE], data[EVP_MAX_MD_SIZE];
+    const EVP_MD *md;
+    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+    unsigned int hashsize, datalen;
+    int ret = 0;
+    const SSL_CIPHER *sslcipher;
+
+    if (ctx == NULL || !ossl_statem_export_early_allowed(s))
+        goto err;
+
+    if (!s->server && s->max_early_data > 0
+            && s->session->ext.max_early_data == 0)
+        sslcipher = SSL_SESSION_get0_cipher(s->psksession);
+    else
+        sslcipher = SSL_SESSION_get0_cipher(s->session);
+
+    md = ssl_md(sslcipher->algorithm2);
+
+    /*
+     * Calculate the hash value and store it in |data|. The reason why
+     * the empty string is used is that the definition of TLS-Exporter
+     * is like so:
+     *
+     * TLS-Exporter(label, context_value, key_length) =
+     *     HKDF-Expand-Label(Derive-Secret(Secret, label, ""),
+     *                       "exporter", Hash(context_value), key_length)
+     *
+     * Derive-Secret(Secret, Label, Messages) =
+     *       HKDF-Expand-Label(Secret, Label,
+     *                         Transcript-Hash(Messages), Hash.length)
+     *
+     * Here Transcript-Hash is the cipher suite hash algorithm.
+     */
+    if (EVP_DigestInit_ex(ctx, md, NULL) <= 0
+            || EVP_DigestUpdate(ctx, context, contextlen) <= 0
+            || EVP_DigestFinal_ex(ctx, hash, &hashsize) <= 0
+            || EVP_DigestInit_ex(ctx, md, NULL) <= 0
+            || EVP_DigestFinal_ex(ctx, data, &datalen) <= 0
+            || !tls13_hkdf_expand(s, md, s->early_exporter_master_secret,
+                                  (const unsigned char *)label, llen,
+                                  data, datalen, exportsecret, hashsize, 0)
+            || !tls13_hkdf_expand(s, md, exportsecret, exporterlabel,
+                                  sizeof(exporterlabel) - 1, hash, hashsize,
+                                  out, olen, 0))
+        goto err;
+
+    ret = 1;
+ err:
+    EVP_MD_CTX_free(ctx);
+    return ret;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/tls_srp.c b/trunk/3rdparty/openssl-1.1-fit/ssl/tls_srp.c
new file mode 100644
index 000000000..f94e46b4e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/ssl/tls_srp.c
@@ -0,0 +1,456 @@
+/*
+ * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2004, EdelKey Project. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Christophe Renou and Peter Sylvester,
+ * for the EdelKey project.
+ */
+
+#include <openssl/crypto.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+#include "ssl_locl.h"
+
+#ifndef OPENSSL_NO_SRP
+# include <openssl/srp.h>
+
+int SSL_CTX_SRP_CTX_free(struct ssl_ctx_st *ctx)
+{
+    if (ctx == NULL)
+        return 0;
+    OPENSSL_free(ctx->srp_ctx.login);
+    OPENSSL_free(ctx->srp_ctx.info);
+    BN_free(ctx->srp_ctx.N);
+    BN_free(ctx->srp_ctx.g);
+    BN_free(ctx->srp_ctx.s);
+    BN_free(ctx->srp_ctx.B);
+    BN_free(ctx->srp_ctx.A);
+    BN_free(ctx->srp_ctx.a);
+    BN_free(ctx->srp_ctx.b);
+    BN_free(ctx->srp_ctx.v);
+    memset(&ctx->srp_ctx, 0, sizeof(ctx->srp_ctx));
+    ctx->srp_ctx.strength = SRP_MINIMAL_N;
+    return 1;
+}
+
+int SSL_SRP_CTX_free(struct ssl_st *s)
+{
+    if (s == NULL)
+        return 0;
+    OPENSSL_free(s->srp_ctx.login);
+    OPENSSL_free(s->srp_ctx.info);
+    BN_free(s->srp_ctx.N);
+    BN_free(s->srp_ctx.g);
+    BN_free(s->srp_ctx.s);
+    BN_free(s->srp_ctx.B);
+    BN_free(s->srp_ctx.A);
+    BN_free(s->srp_ctx.a);
+    BN_free(s->srp_ctx.b);
+    BN_free(s->srp_ctx.v);
+    memset(&s->srp_ctx, 0, sizeof(s->srp_ctx));
+    s->srp_ctx.strength = SRP_MINIMAL_N;
+    return 1;
+}
+
+int SSL_SRP_CTX_init(struct ssl_st *s)
+{
+    SSL_CTX *ctx;
+
+    if ((s == NULL) || ((ctx = s->ctx) == NULL))
+        return 0;
+
+    memset(&s->srp_ctx, 0, sizeof(s->srp_ctx));
+
+    s->srp_ctx.SRP_cb_arg = ctx->srp_ctx.SRP_cb_arg;
+    /* set client Hello login callback */
+    s->srp_ctx.TLS_ext_srp_username_callback =
+        ctx->srp_ctx.TLS_ext_srp_username_callback;
+    /* set SRP N/g param callback for verification */
+    s->srp_ctx.SRP_verify_param_callback =
+        ctx->srp_ctx.SRP_verify_param_callback;
+    /* set SRP client passwd callback */
+    s->srp_ctx.SRP_give_srp_client_pwd_callback =
+        ctx->srp_ctx.SRP_give_srp_client_pwd_callback;
+
+    s->srp_ctx.strength = ctx->srp_ctx.strength;
+
+    if (((ctx->srp_ctx.N != NULL) &&
+         ((s->srp_ctx.N = BN_dup(ctx->srp_ctx.N)) == NULL)) ||
+        ((ctx->srp_ctx.g != NULL) &&
+         ((s->srp_ctx.g = BN_dup(ctx->srp_ctx.g)) == NULL)) ||
+        ((ctx->srp_ctx.s != NULL) &&
+         ((s->srp_ctx.s = BN_dup(ctx->srp_ctx.s)) == NULL)) ||
+        ((ctx->srp_ctx.B != NULL) &&
+         ((s->srp_ctx.B = BN_dup(ctx->srp_ctx.B)) == NULL)) ||
+        ((ctx->srp_ctx.A != NULL) &&
+         ((s->srp_ctx.A = BN_dup(ctx->srp_ctx.A)) == NULL)) ||
+        ((ctx->srp_ctx.a != NULL) &&
+         ((s->srp_ctx.a = BN_dup(ctx->srp_ctx.a)) == NULL)) ||
+        ((ctx->srp_ctx.v != NULL) &&
+         ((s->srp_ctx.v = BN_dup(ctx->srp_ctx.v)) == NULL)) ||
+        ((ctx->srp_ctx.b != NULL) &&
+         ((s->srp_ctx.b = BN_dup(ctx->srp_ctx.b)) == NULL))) {
+        SSLerr(SSL_F_SSL_SRP_CTX_INIT, ERR_R_BN_LIB);
+        goto err;
+    }
+    if ((ctx->srp_ctx.login != NULL) &&
+        ((s->srp_ctx.login = OPENSSL_strdup(ctx->srp_ctx.login)) == NULL)) {
+        SSLerr(SSL_F_SSL_SRP_CTX_INIT, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    if ((ctx->srp_ctx.info != NULL) &&
+        ((s->srp_ctx.info = BUF_strdup(ctx->srp_ctx.info)) == NULL)) {
+        SSLerr(SSL_F_SSL_SRP_CTX_INIT, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    s->srp_ctx.srp_Mask = ctx->srp_ctx.srp_Mask;
+
+    return 1;
+ err:
+    OPENSSL_free(s->srp_ctx.login);
+    OPENSSL_free(s->srp_ctx.info);
+    BN_free(s->srp_ctx.N);
+    BN_free(s->srp_ctx.g);
+    BN_free(s->srp_ctx.s);
+    BN_free(s->srp_ctx.B);
+    BN_free(s->srp_ctx.A);
+    BN_free(s->srp_ctx.a);
+    BN_free(s->srp_ctx.b);
+    BN_free(s->srp_ctx.v);
+    memset(&s->srp_ctx, 0, sizeof(s->srp_ctx));
+    return 0;
+}
+
+int SSL_CTX_SRP_CTX_init(struct ssl_ctx_st *ctx)
+{
+    if (ctx == NULL)
+        return 0;
+
+    memset(&ctx->srp_ctx, 0, sizeof(ctx->srp_ctx));
+    ctx->srp_ctx.strength = SRP_MINIMAL_N;
+
+    return 1;
+}
+
+/* server side */
+int SSL_srp_server_param_with_username(SSL *s, int *ad)
+{
+    unsigned char b[SSL_MAX_MASTER_KEY_LENGTH];
+    int al;
+
+    *ad = SSL_AD_UNKNOWN_PSK_IDENTITY;
+    if ((s->srp_ctx.TLS_ext_srp_username_callback != NULL) &&
+        ((al =
+          s->srp_ctx.TLS_ext_srp_username_callback(s, ad,
+                                                   s->srp_ctx.SRP_cb_arg)) !=
+         SSL_ERROR_NONE))
+        return al;
+
+    *ad = SSL_AD_INTERNAL_ERROR;
+    if ((s->srp_ctx.N == NULL) ||
+        (s->srp_ctx.g == NULL) ||
+        (s->srp_ctx.s == NULL) || (s->srp_ctx.v == NULL))
+        return SSL3_AL_FATAL;
+
+    if (RAND_priv_bytes(b, sizeof(b)) <= 0)
+        return SSL3_AL_FATAL;
+    s->srp_ctx.b = BN_bin2bn(b, sizeof(b), NULL);
+    OPENSSL_cleanse(b, sizeof(b));
+
+    /* Calculate:  B = (kv + g^b) % N  */
+
+    return ((s->srp_ctx.B =
+             SRP_Calc_B(s->srp_ctx.b, s->srp_ctx.N, s->srp_ctx.g,
+                        s->srp_ctx.v)) !=
+            NULL) ? SSL_ERROR_NONE : SSL3_AL_FATAL;
+}
+
+/*
+ * If the server just has the raw password, make up a verifier entry on the
+ * fly
+ */
+int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass,
+                                const char *grp)
+{
+    SRP_gN *GN = SRP_get_default_gN(grp);
+    if (GN == NULL)
+        return -1;
+    s->srp_ctx.N = BN_dup(GN->N);
+    s->srp_ctx.g = BN_dup(GN->g);
+    BN_clear_free(s->srp_ctx.v);
+    s->srp_ctx.v = NULL;
+    BN_clear_free(s->srp_ctx.s);
+    s->srp_ctx.s = NULL;
+    if (!SRP_create_verifier_BN
+        (user, pass, &s->srp_ctx.s, &s->srp_ctx.v, GN->N, GN->g))
+        return -1;
+
+    return 1;
+}
+
+int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g,
+                             BIGNUM *sa, BIGNUM *v, char *info)
+{
+    if (N != NULL) {
+        if (s->srp_ctx.N != NULL) {
+            if (!BN_copy(s->srp_ctx.N, N)) {
+                BN_free(s->srp_ctx.N);
+                s->srp_ctx.N = NULL;
+            }
+        } else
+            s->srp_ctx.N = BN_dup(N);
+    }
+    if (g != NULL) {
+        if (s->srp_ctx.g != NULL) {
+            if (!BN_copy(s->srp_ctx.g, g)) {
+                BN_free(s->srp_ctx.g);
+                s->srp_ctx.g = NULL;
+            }
+        } else
+            s->srp_ctx.g = BN_dup(g);
+    }
+    if (sa != NULL) {
+        if (s->srp_ctx.s != NULL) {
+            if (!BN_copy(s->srp_ctx.s, sa)) {
+                BN_free(s->srp_ctx.s);
+                s->srp_ctx.s = NULL;
+            }
+        } else
+            s->srp_ctx.s = BN_dup(sa);
+    }
+    if (v != NULL) {
+        if (s->srp_ctx.v != NULL) {
+            if (!BN_copy(s->srp_ctx.v, v)) {
+                BN_free(s->srp_ctx.v);
+                s->srp_ctx.v = NULL;
+            }
+        } else
+            s->srp_ctx.v = BN_dup(v);
+    }
+    if (info != NULL) {
+        if (s->srp_ctx.info)
+            OPENSSL_free(s->srp_ctx.info);
+        if ((s->srp_ctx.info = BUF_strdup(info)) == NULL)
+            return -1;
+    }
+
+    if (!(s->srp_ctx.N) ||
+        !(s->srp_ctx.g) || !(s->srp_ctx.s) || !(s->srp_ctx.v))
+        return -1;
+
+    return 1;
+}
+
+int srp_generate_server_master_secret(SSL *s)
+{
+    BIGNUM *K = NULL, *u = NULL;
+    int ret = -1, tmp_len = 0;
+    unsigned char *tmp = NULL;
+
+    if (!SRP_Verify_A_mod_N(s->srp_ctx.A, s->srp_ctx.N))
+        goto err;
+    if ((u = SRP_Calc_u(s->srp_ctx.A, s->srp_ctx.B, s->srp_ctx.N)) == NULL)
+        goto err;
+    if ((K = SRP_Calc_server_key(s->srp_ctx.A, s->srp_ctx.v, u, s->srp_ctx.b,
+                                 s->srp_ctx.N)) == NULL)
+        goto err;
+
+    tmp_len = BN_num_bytes(K);
+    if ((tmp = OPENSSL_malloc(tmp_len)) == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_SRP_GENERATE_SERVER_MASTER_SECRET, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    BN_bn2bin(K, tmp);
+    /* Calls SSLfatal() as required */
+    ret = ssl_generate_master_secret(s, tmp, tmp_len, 1);
+ err:
+    BN_clear_free(K);
+    BN_clear_free(u);
+    return ret;
+}
+
+/* client side */
+int srp_generate_client_master_secret(SSL *s)
+{
+    BIGNUM *x = NULL, *u = NULL, *K = NULL;
+    int ret = -1, tmp_len = 0;
+    char *passwd = NULL;
+    unsigned char *tmp = NULL;
+
+    /*
+     * Checks if b % n == 0
+     */
+    if (SRP_Verify_B_mod_N(s->srp_ctx.B, s->srp_ctx.N) == 0
+            || (u = SRP_Calc_u(s->srp_ctx.A, s->srp_ctx.B, s->srp_ctx.N))
+               == NULL
+            || s->srp_ctx.SRP_give_srp_client_pwd_callback == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    if ((passwd = s->srp_ctx.SRP_give_srp_client_pwd_callback(s,
+                                                      s->srp_ctx.SRP_cb_arg))
+            == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET,
+                 SSL_R_CALLBACK_FAILED);
+        goto err;
+    }
+    if ((x = SRP_Calc_x(s->srp_ctx.s, s->srp_ctx.login, passwd)) == NULL
+            || (K = SRP_Calc_client_key(s->srp_ctx.N, s->srp_ctx.B,
+                                        s->srp_ctx.g, x,
+                                        s->srp_ctx.a, u)) == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    tmp_len = BN_num_bytes(K);
+    if ((tmp = OPENSSL_malloc(tmp_len)) == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    BN_bn2bin(K, tmp);
+    /* Calls SSLfatal() as required */
+    ret = ssl_generate_master_secret(s, tmp, tmp_len, 1);
+ err:
+    BN_clear_free(K);
+    BN_clear_free(x);
+    if (passwd != NULL)
+        OPENSSL_clear_free(passwd, strlen(passwd));
+    BN_clear_free(u);
+    return ret;
+}
+
+int srp_verify_server_param(SSL *s)
+{
+    SRP_CTX *srp = &s->srp_ctx;
+    /*
+     * Sanity check parameters: we can quickly check B % N == 0 by checking B
+     * != 0 since B < N
+     */
+    if (BN_ucmp(srp->g, srp->N) >= 0 || BN_ucmp(srp->B, srp->N) >= 0
+        || BN_is_zero(srp->B)) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SRP_VERIFY_SERVER_PARAM,
+                 SSL_R_BAD_DATA);
+        return 0;
+    }
+
+    if (BN_num_bits(srp->N) < srp->strength) {
+        SSLfatal(s, SSL_AD_INSUFFICIENT_SECURITY, SSL_F_SRP_VERIFY_SERVER_PARAM,
+                 SSL_R_INSUFFICIENT_SECURITY);
+        return 0;
+    }
+
+    if (srp->SRP_verify_param_callback) {
+        if (srp->SRP_verify_param_callback(s, srp->SRP_cb_arg) <= 0) {
+            SSLfatal(s, SSL_AD_INSUFFICIENT_SECURITY,
+                     SSL_F_SRP_VERIFY_SERVER_PARAM,
+                     SSL_R_CALLBACK_FAILED);
+            return 0;
+        }
+    } else if (!SRP_check_known_gN_param(srp->g, srp->N)) {
+        SSLfatal(s, SSL_AD_INSUFFICIENT_SECURITY, SSL_F_SRP_VERIFY_SERVER_PARAM,
+                 SSL_R_INSUFFICIENT_SECURITY);
+        return 0;
+    }
+
+    return 1;
+}
+
+int SRP_Calc_A_param(SSL *s)
+{
+    unsigned char rnd[SSL_MAX_MASTER_KEY_LENGTH];
+
+    if (RAND_priv_bytes(rnd, sizeof(rnd)) <= 0)
+        return 0;
+    s->srp_ctx.a = BN_bin2bn(rnd, sizeof(rnd), s->srp_ctx.a);
+    OPENSSL_cleanse(rnd, sizeof(rnd));
+
+    if (!(s->srp_ctx.A = SRP_Calc_A(s->srp_ctx.a, s->srp_ctx.N, s->srp_ctx.g)))
+        return 0;
+
+    return 1;
+}
+
+BIGNUM *SSL_get_srp_g(SSL *s)
+{
+    if (s->srp_ctx.g != NULL)
+        return s->srp_ctx.g;
+    return s->ctx->srp_ctx.g;
+}
+
+BIGNUM *SSL_get_srp_N(SSL *s)
+{
+    if (s->srp_ctx.N != NULL)
+        return s->srp_ctx.N;
+    return s->ctx->srp_ctx.N;
+}
+
+char *SSL_get_srp_username(SSL *s)
+{
+    if (s->srp_ctx.login != NULL)
+        return s->srp_ctx.login;
+    return s->ctx->srp_ctx.login;
+}
+
+char *SSL_get_srp_userinfo(SSL *s)
+{
+    if (s->srp_ctx.info != NULL)
+        return s->srp_ctx.info;
+    return s->ctx->srp_ctx.info;
+}
+
+# define tls1_ctx_ctrl ssl3_ctx_ctrl
+# define tls1_ctx_callback_ctrl ssl3_ctx_callback_ctrl
+
+int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name)
+{
+    return tls1_ctx_ctrl(ctx, SSL_CTRL_SET_TLS_EXT_SRP_USERNAME, 0, name);
+}
+
+int SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password)
+{
+    return tls1_ctx_ctrl(ctx, SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD, 0, password);
+}
+
+int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength)
+{
+    return tls1_ctx_ctrl(ctx, SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH, strength,
+                         NULL);
+}
+
+int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx,
+                                          int (*cb) (SSL *, void *))
+{
+    return tls1_ctx_callback_ctrl(ctx, SSL_CTRL_SET_SRP_VERIFY_PARAM_CB,
+                                  (void (*)(void))cb);
+}
+
+int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg)
+{
+    return tls1_ctx_ctrl(ctx, SSL_CTRL_SET_SRP_ARG, 0, arg);
+}
+
+int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx,
+                                      int (*cb) (SSL *, int *, void *))
+{
+    return tls1_ctx_callback_ctrl(ctx, SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB,
+                                  (void (*)(void))cb);
+}
+
+int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx,
+                                        char *(*cb) (SSL *, void *))
+{
+    return tls1_ctx_callback_ctrl(ctx, SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB,
+                                  (void (*)(void))cb);
+}
+
+#endif
diff --git a/trunk/3rdparty/openssl-1.1-fit/tools/build.info b/trunk/3rdparty/openssl-1.1-fit/tools/build.info
new file mode 100644
index 000000000..059e58234
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/tools/build.info
@@ -0,0 +1,7 @@
+{- our $c_rehash_name =
+       $config{target} =~ /^(VC|vms)-/ ? "c_rehash.pl" : "c_rehash";
+   "" -}
+IF[{- !$disabled{apps} -}]
+  SCRIPTS={- $c_rehash_name -}
+  SOURCE[{- $c_rehash_name -}]=c_rehash.in
+ENDIF
diff --git a/trunk/3rdparty/openssl-1.1-fit/tools/c_rehash.in b/trunk/3rdparty/openssl-1.1-fit/tools/c_rehash.in
new file mode 100644
index 000000000..421fd8920
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/tools/c_rehash.in
@@ -0,0 +1,231 @@
+#!{- $config{HASHBANGPERL} -}
+
+# {- join("\n# ", @autowarntext) -}
+# Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# Perl c_rehash script, scan all files in a directory
+# and add symbolic links to their hash values.
+
+my $dir = {- quotify1($config{openssldir}) -};
+my $prefix = {- quotify1($config{prefix}) -};
+
+my $errorcount = 0;
+my $openssl = $ENV{OPENSSL} || "openssl";
+my $pwd;
+my $x509hash = "-subject_hash";
+my $crlhash = "-hash";
+my $verbose = 0;
+my $symlink_exists=eval {symlink("",""); 1};
+my $removelinks = 1;
+
+##  Parse flags.
+while ( $ARGV[0] =~ /^-/ ) {
+    my $flag = shift @ARGV;
+    last if ( $flag eq '--');
+    if ( $flag eq '-old') {
+	    $x509hash = "-subject_hash_old";
+	    $crlhash = "-hash_old";
+    } elsif ( $flag eq '-h' || $flag eq '-help' ) {
+	    help();
+    } elsif ( $flag eq '-n' ) {
+	    $removelinks = 0;
+    } elsif ( $flag eq '-v' ) {
+	    $verbose++;
+    }
+    else {
+	    print STDERR "Usage error; try -h.\n";
+	    exit 1;
+    }
+}
+
+sub help {
+	print "Usage: c_rehash [-old] [-h] [-help] [-v] [dirs...]\n";
+	print "   -old use old-style digest\n";
+	print "   -h or -help print this help text\n";
+	print "   -v print files removed and linked\n";
+	exit 0;
+}
+
+eval "require Cwd";
+if (defined(&Cwd::getcwd)) {
+	$pwd=Cwd::getcwd();
+} else {
+	$pwd=`pwd`;
+	chomp($pwd);
+}
+
+# DOS/Win32 or Unix delimiter?  Prefix our installdir, then search.
+my $path_delim = ($pwd =~ /^[a-z]\:/i) ? ';' : ':';
+$ENV{PATH} = "$prefix/bin" . ($ENV{PATH} ? $path_delim . $ENV{PATH} : "");
+
+if (! -x $openssl) {
+	my $found = 0;
+	foreach (split /$path_delim/, $ENV{PATH}) {
+		if (-x "$_/$openssl") {
+			$found = 1;
+			$openssl = "$_/$openssl";
+			last;
+		}	
+	}
+	if ($found == 0) {
+		print STDERR "c_rehash: rehashing skipped ('openssl' program not available)\n";
+		exit 0;
+	}
+}
+
+if (@ARGV) {
+	@dirlist = @ARGV;
+} elsif ($ENV{SSL_CERT_DIR}) {
+	@dirlist = split /$path_delim/, $ENV{SSL_CERT_DIR};
+} else {
+	$dirlist[0] = "$dir/certs";
+}
+
+if (-d $dirlist[0]) {
+	chdir $dirlist[0];
+	$openssl="$pwd/$openssl" if (!-x $openssl);
+	chdir $pwd;
+}
+
+foreach (@dirlist) {
+	if (-d $_ ) {
+            if ( -w $_) {
+		hash_dir($_);
+            } else {
+                print "Skipping $_, can't write\n";
+                $errorcount++;
+            }
+	}
+}
+exit($errorcount);
+
+sub hash_dir {
+	my %hashlist;
+	print "Doing $_[0]\n";
+	chdir $_[0];
+	opendir(DIR, ".");
+	my @flist = sort readdir(DIR);
+	closedir DIR;
+	if ( $removelinks ) {
+		# Delete any existing symbolic links
+		foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) {
+			if (-l $_) {
+				print "unlink $_" if $verbose;
+				unlink $_ || warn "Can't unlink $_, $!\n";
+			}
+		}
+	}
+	FILE: foreach $fname (grep {/\.(pem)|(crt)|(cer)|(crl)$/} @flist) {
+		# Check to see if certificates and/or CRLs present.
+		my ($cert, $crl) = check_file($fname);
+		if (!$cert && !$crl) {
+			print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n";
+			next;
+		}
+		link_hash_cert($fname) if ($cert);
+		link_hash_crl($fname) if ($crl);
+	}
+}
+
+sub check_file {
+	my ($is_cert, $is_crl) = (0,0);
+	my $fname = $_[0];
+	open IN, $fname;
+	while(<IN>) {
+		if (/^-----BEGIN (.*)-----/) {
+			my $hdr = $1;
+			if ($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) {
+				$is_cert = 1;
+				last if ($is_crl);
+			} elsif ($hdr eq "X509 CRL") {
+				$is_crl = 1;
+				last if ($is_cert);
+			}
+		}
+	}
+	close IN;
+	return ($is_cert, $is_crl);
+}
+
+
+# Link a certificate to its subject name hash value, each hash is of
+# the form <hash>.<n> where n is an integer. If the hash value already exists
+# then we need to up the value of n, unless its a duplicate in which
+# case we skip the link. We check for duplicates by comparing the
+# certificate fingerprints
+
+sub link_hash_cert {
+		my $fname = $_[0];
+		$fname =~ s/'/'\\''/g;
+		my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`;
+		chomp $hash;
+		chomp $fprint;
+		$fprint =~ s/^.*=//;
+		$fprint =~ tr/://d;
+		my $suffix = 0;
+		# Search for an unused hash filename
+		while(exists $hashlist{"$hash.$suffix"}) {
+			# Hash matches: if fingerprint matches its a duplicate cert
+			if ($hashlist{"$hash.$suffix"} eq $fprint) {
+				print STDERR "WARNING: Skipping duplicate certificate $fname\n";
+				return;
+			}
+			$suffix++;
+		}
+		$hash .= ".$suffix";
+		if ($symlink_exists) {
+			print "link $fname -> $hash\n" if $verbose;
+			symlink $fname, $hash || warn "Can't symlink, $!";
+		} else {
+			print "copy $fname -> $hash\n" if $verbose;
+                        if (open($in, "<", $fname)) {
+                            if (open($out,">", $hash)) {
+                                print $out $_ while (<$in>);
+                                close $out;
+                            } else {
+                                warn "can't open $hash for write, $!";
+                            }
+                            close $in;
+                        } else {
+                            warn "can't open $fname for read, $!";
+                        }
+		}
+		$hashlist{$hash} = $fprint;
+}
+
+# Same as above except for a CRL. CRL links are of the form <hash>.r<n>
+
+sub link_hash_crl {
+		my $fname = $_[0];
+		$fname =~ s/'/'\\''/g;
+		my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`;
+		chomp $hash;
+		chomp $fprint;
+		$fprint =~ s/^.*=//;
+		$fprint =~ tr/://d;
+		my $suffix = 0;
+		# Search for an unused hash filename
+		while(exists $hashlist{"$hash.r$suffix"}) {
+			# Hash matches: if fingerprint matches its a duplicate cert
+			if ($hashlist{"$hash.r$suffix"} eq $fprint) {
+				print STDERR "WARNING: Skipping duplicate CRL $fname\n";
+				return;
+			}
+			$suffix++;
+		}
+		$hash .= ".r$suffix";
+		if ($symlink_exists) {
+			print "link $fname -> $hash\n" if $verbose;
+			symlink $fname, $hash || warn "Can't symlink, $!";
+		} else {
+			print "cp $fname -> $hash\n" if $verbose;
+			system ("cp", $fname, $hash);
+                        warn "Can't copy, $!" if ($? >> 8) != 0;
+		}
+		$hashlist{$hash} = $fprint;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/util/add-depends.pl b/trunk/3rdparty/openssl-1.1-fit/util/add-depends.pl
new file mode 100644
index 000000000..55d56b761
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/util/add-depends.pl
@@ -0,0 +1,288 @@
+#! /usr/bin/env perl
+# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+use warnings;
+
+use lib '.';
+use configdata;
+
+use File::Spec::Functions qw(:DEFAULT rel2abs);
+use File::Compare qw(compare_text);
+use feature 'state';
+
+# When using stat() on Windows, we can get it to perform better by avoid some
+# data.  This doesn't affect the mtime field, so we're not losing anything...
+${^WIN32_SLOPPY_STAT} = 1;
+
+my $debug = $ENV{ADD_DEPENDS_DEBUG};
+my $buildfile = $config{build_file};
+my $build_mtime = (stat($buildfile))[9];
+my $rebuild = 0;
+my $depext = $target{dep_extension} || ".d";
+my @depfiles =
+    sort
+    grep {
+        # This grep has side effects.  Not only does if check the existence
+        # of the dependency file given in $_, but it also checks if it's
+        # newer than the build file, and if it is, sets $rebuild.
+        my @st = stat($_);
+        $rebuild = 1 if @st && $st[9] > $build_mtime;
+        scalar @st > 0;         # Determines the grep result
+    }
+    map { (my $x = $_) =~ s|\.o$|$depext|; $x; }
+    ( ( grep { $unified_info{sources}->{$_}->[0] =~ /\.cc?$/ }
+            keys %{$unified_info{sources}} ),
+      ( grep { $unified_info{shared_sources}->{$_}->[0] =~ /\.cc?$/ }
+            keys %{$unified_info{shared_sources}} ) );
+
+exit 0 unless $rebuild;
+
+# Ok, primary checks are done, time to do some real work
+
+my $producer = shift @ARGV;
+die "Producer not given\n" unless $producer;
+
+my $srcdir = $config{sourcedir};
+my $blddir = $config{builddir};
+my $abs_srcdir = rel2abs($srcdir);
+my $abs_blddir = rel2abs($blddir);
+
+# Convenient cache of absolute to relative map.  We start with filling it
+# with mappings for the known generated header files.  They are relative to
+# the current working directory, so that's an easy task.
+# NOTE: there's more than C header files that are generated.  They will also
+# generate entries in this map.  We could of course deal with C header files
+# only, but in case we decide to handle more than just C files in the future,
+# we already have the mechanism in place here.
+# NOTE2: we lower case the index to make it searchable without regard for
+# character case.  That could seem dangerous, but as long as we don't have
+# files we depend on in the same directory that only differ by character case,
+# we're fine.
+my %depconv_cache =
+    map { catfile($abs_blddir, $_) => $_ }
+    keys %{$unified_info{generate}};
+
+my %procedures = (
+    'gcc' => undef,             # gcc style dependency files needs no mods
+    'makedepend' =>
+        sub {
+            # makedepend, in its infinite wisdom, wants to have the object file
+            # in the same directory as the source file.  This doesn't work too
+            # well with out-of-source-tree builds, so we must resort to tricks
+            # to get things right.  Fortunately, the .d files are always placed
+            # parallel with the object files, so all we need to do is construct
+            # the object file name from the dep file name.
+            (my $objfile = shift) =~ s|\.d$|.o|i;
+            my $line = shift;
+
+            # Discard comments
+            return undef if $line =~ /^(#.*|\s*)$/;
+
+            # Remove the original object file
+            $line =~ s|^.*\.o: | |;
+            # Also, remove any dependency that starts with a /, because those
+            # are typically system headers
+            $line =~ s/\s+\/(\\.|\S)*//g;
+            # Finally, discard all empty lines
+            return undef if $line =~ /^\s*$/;
+
+            # All we got now is a dependency, just shave off surrounding spaces
+            $line =~ s/^\s+//;
+            $line =~ s/\s+$//;
+            return ($objfile, $line);
+        },
+    'VMS C' =>
+        sub {
+            state $abs_srcdir_shaved = undef;
+            state $srcdir_shaved = undef;
+
+            unless (defined $abs_srcdir_shaved) {
+                ($abs_srcdir_shaved = $abs_srcdir) =~ s|[>\]]$||;
+                ($srcdir_shaved = $srcdir) =~ s|[>\]]$||;
+            }
+
+            # current versions of DEC / Compaq / HP / VSI C strips away all
+            # directory information from the object file, so we must insert it
+            # back.  To make life simpler, we simply replace it with the
+            # corresponding .D file that's had its extension changed.  Since
+            # .D files are always written parallel to the object files, we
+            # thereby get the directory information for free.
+            (my $objfile = shift) =~ s|\.D$|.OBJ|i;
+            my $line = shift;
+
+            # Shave off the target.
+            #
+            # The pattern for target and dependencies will always take this
+            # form:
+            #
+            #   target SPACE : SPACE deps
+            #
+            # This is so a volume delimiter (a : without any spaces around it)
+            # won't get mixed up with the target / deps delimiter.  We use this
+            # to easily identify what needs to be removed.
+            m|\s:\s|; $line = $';
+
+            # We know that VMS has system header files in text libraries,
+            # extension .TLB.  We also know that our header files aren't stored
+            # in text libraries.  Finally, we know that VMS C produces exactly
+            # one dependency per line, so we simply discard any line ending with
+            # .TLB.
+            return undef if /\.TLB\s*$/;
+
+            # All we got now is a dependency, just shave off surrounding spaces
+            $line =~ s/^\s+//;
+            $line =~ s/\s+$//;
+
+            # VMS C gives us absolute paths, always.  Let's see if we can
+            # make them relative instead.
+            $line = canonpath($line);
+
+            unless (defined $depconv_cache{$line}) {
+                my $dep = $line;
+                # Since we have already pre-populated the cache with
+                # mappings for generated headers, we only need to deal
+                # with the source tree.
+                if ($dep =~ s|^\Q$abs_srcdir_shaved\E([\.>\]])?|$srcdir_shaved$1|i) {
+                    $depconv_cache{$line} = $dep;
+                }
+            }
+            return ($objfile, $depconv_cache{$line})
+                if defined $depconv_cache{$line};
+            print STDERR "DEBUG[VMS C]: ignoring $objfile <- $line\n"
+                if $debug;
+
+            return undef;
+        },
+    'VC' =>
+        sub {
+            # For the moment, we only support Visual C on native Windows, or
+            # compatible compilers.  With those, the flags /Zs /showIncludes
+            # give us the necessary output to be able to create dependencies
+            # that nmake (or any 'make' implementation) should be able to read,
+            # with a bit of help.  The output we're interested in looks like
+            # this (it always starts the same)
+            #
+            #   Note: including file: {whatever header file}
+            #
+            # Since there's no object file name at all in that information,
+            # we must construct it ourselves.
+
+            (my $objfile = shift) =~ s|\.d$|.obj|i;
+            my $line = shift;
+
+            # There are also other lines mixed in, for example compiler
+            # warnings, so we simply discard anything that doesn't start with
+            # the Note:
+
+            if (/^Note: including file: */) {
+                (my $tail = $') =~ s/\s*\R$//;
+
+                # VC gives us absolute paths for all include files, so to
+                # remove system header dependencies, we need to check that
+                # they don't match $abs_srcdir or $abs_blddir.
+                $tail = canonpath($tail);
+
+                unless (defined $depconv_cache{$tail}) {
+                    my $dep = $tail;
+                    # Since we have already pre-populated the cache with
+                    # mappings for generated headers, we only need to deal
+                    # with the source tree.
+                    if ($dep =~ s|^\Q$abs_srcdir\E\\|\$(SRCDIR)\\|i) {
+                        $depconv_cache{$tail} = $dep;
+                    }
+                }
+                return ($objfile, '"'.$depconv_cache{$tail}.'"')
+                    if defined $depconv_cache{$tail};
+                print STDERR "DEBUG[VC]: ignoring $objfile <- $tail\n"
+                    if $debug;
+            }
+
+            return undef;
+        },
+);
+my %continuations = (
+    'gcc' => undef,
+    'makedepend' => "\\",
+    'VMS C' => "-",
+    'VC' => "\\",
+);
+
+die "Producer unrecognised: $producer\n"
+    unless exists $procedures{$producer} && exists $continuations{$producer};
+
+my $procedure = $procedures{$producer};
+my $continuation = $continuations{$producer};
+
+my $buildfile_new = "$buildfile-$$";
+
+my %collect = ();
+if (defined $procedure) {
+    foreach my $depfile (@depfiles) {
+        open IDEP,$depfile or die "Trying to read $depfile: $!\n";
+        while (<IDEP>) {
+            s|\R$||;                # The better chomp
+            my ($target, $deps) = $procedure->($depfile, $_);
+            $collect{$target}->{$deps} = 1 if defined $target;
+        }
+        close IDEP;
+    }
+}
+
+open IBF, $buildfile or die "Trying to read $buildfile: $!\n";
+open OBF, '>', $buildfile_new or die "Trying to write $buildfile_new: $!\n";
+while (<IBF>) {
+    last if /^# DO NOT DELETE THIS LINE/;
+    print OBF or die "$!\n";
+}
+close IBF;
+
+print OBF "# DO NOT DELETE THIS LINE -- make depend depends on it.\n";
+
+if (defined $procedure) {
+    foreach my $target (sort keys %collect) {
+        my $prefix = $target . ' :';
+        my @deps = sort keys %{$collect{$target}};
+
+        while (@deps) {
+            my $buf = $prefix;
+            $prefix = '';
+
+            while (@deps && ($buf eq ''
+                                 || length($buf) + length($deps[0]) <= 77)) {
+                $buf .= ' ' . shift @deps;
+            }
+            $buf .= ' '.$continuation if @deps;
+
+            print OBF $buf,"\n" or die "Trying to print: $!\n"
+        }
+    }
+} else {
+    foreach my $depfile (@depfiles) {
+        open IDEP,$depfile or die "Trying to read $depfile: $!\n";
+        while (<IDEP>) {
+            print OBF or die "Trying to print: $!\n";
+        }
+        close IDEP;
+    }
+}
+
+close OBF;
+
+if (compare_text($buildfile_new, $buildfile) != 0) {
+    rename $buildfile_new, $buildfile
+        or die "Trying to rename $buildfile_new -> $buildfile: $!\n";
+}
+
+END {
+    # On VMS, we want to remove all generations of this file, in case there
+    # are more than one, so we loop.
+    if (defined $buildfile_new) {
+        while (unlink $buildfile_new) {}
+    }
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/util/build.info b/trunk/3rdparty/openssl-1.1-fit/util/build.info
new file mode 100644
index 000000000..609be5166
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/util/build.info
@@ -0,0 +1,8 @@
+IF[{- $target{build_scheme}->[1] eq "VMS" -}]
+ SCRIPTS_NO_INST=local_shlib.com unlocal_shlib.com
+ SOURCE[local_shlib.com]=local_shlib.com.in
+ SOURCE[unlocal_shlib.com]=unlocal_shlib.com.in
+ELSIF[{- $target{build_scheme}->[1] eq "unix" -}]
+ SCRIPTS_NO_INST=shlib_wrap.sh
+ SOURCE[shlib_wrap.sh]=shlib_wrap.sh.in
+ENDIF
diff --git a/trunk/3rdparty/openssl-1.1-fit/util/check-malloc-errs b/trunk/3rdparty/openssl-1.1-fit/util/check-malloc-errs
new file mode 100755
index 000000000..1e632407c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/util/check-malloc-errs
@@ -0,0 +1,16 @@
+#! /bin/sh
+# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+(
+    pcregrep -rnM 'OPENSSL_.?alloc.*\n.*if.*NULL.*\n.*return'  crypto ssl
+    pcregrep -rnM 'if.*OPENSSL_.?alloc.*NULL.*\n.*.*return' crypto ssl
+) | tee /tmp/out$$
+X=0
+test -s /tmp/out$$ && X=1
+rm /tmp/out$$
+exit $X
diff --git a/trunk/3rdparty/openssl-1.1-fit/util/ck_errf.pl b/trunk/3rdparty/openssl-1.1-fit/util/ck_errf.pl
new file mode 100755
index 000000000..539736db0
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/util/ck_errf.pl
@@ -0,0 +1,152 @@
+#! /usr/bin/env perl
+# Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# This is just a quick script to scan for cases where the 'error'
+# function name in a XXXerr() macro is wrong.
+#
+# Run in the top level by going
+# perl util/ck_errf.pl */*.c */*/*.c
+#
+
+use strict;
+use warnings;
+
+my $config;
+my $err_strict = 0;
+my $debug      = 0;
+my $internal   = 0;
+
+sub help
+{
+    print STDERR <<"EOF";
+mkerr.pl [options] [files...]
+
+Options:
+
+    -conf FILE  Use the named config file FILE instead of the default.
+
+    -debug      Verbose output debugging on stderr.
+
+    -internal   Generate code that is to be built as part of OpenSSL itself.
+                Also scans internal list of files.
+
+    -strict     If any error was found, fail with exit code 1, otherwise 0.
+
+    -help       Show this help text.
+
+    ...         Additional arguments are added to the file list to scan,
+                if '-internal' was NOT specified on the command line.
+
+EOF
+}
+
+while ( @ARGV ) {
+    my $arg = $ARGV[0];
+    last unless $arg =~ /-.*/;
+    $arg = $1 if $arg =~ /-(-.*)/;
+    if ( $arg eq "-conf" ) {
+        $config = $ARGV[1];
+        shift @ARGV;
+    } elsif ( $arg eq "-debug" ) {
+        $debug = 1;
+    } elsif ( $arg eq "-internal" ) {
+        $internal = 1;
+    } elsif ( $arg eq "-strict" ) {
+        $err_strict = 1;
+    } elsif ( $arg =~ /-*h(elp)?/ ) {
+        &help();
+        exit;
+    } elsif ( $arg =~ /-.*/ ) {
+        die "Unknown option $arg; use -h for help.\n";
+    }
+    shift @ARGV;
+}
+
+my @source;
+if ( $internal ) {
+    die "Extra parameters given.\n" if @ARGV;
+    $config = "crypto/err/openssl.ec" unless defined $config;
+    @source = ( glob('crypto/*.c'), glob('crypto/*/*.c'),
+                glob('ssl/*.c'), glob('ssl/*/*.c') );
+} else {
+    die "Configuration file not given.\nSee '$0 -help' for information\n"
+        unless defined $config;
+    @source = @ARGV;
+}
+
+# To detect if there is any error generation for a libcrypto/libssl libs
+# we don't know, we need to find out what libs we do know.  That list is
+# readily available in crypto/err/openssl.ec, in form of lines starting
+# with "L ".  Note that we always rely on the modules SYS and ERR to be
+# generally available.
+my %libs       = ( SYS => 1, ERR => 1 );
+open my $cfh, $config or die "Trying to read $config: $!\n";
+while (<$cfh>) {
+    s|\R$||;                    # Better chomp
+    next unless m|^L ([0-9A-Z_]+)\s|;
+    next if $1 eq "NONE";
+    $libs{$1} = 1;
+}
+
+my $bad = 0;
+foreach my $file (@source) {
+    open( IN, "<$file" ) || die "Can't open $file, $!";
+    my $func = "";
+    while (<IN>) {
+        if ( !/;$/ && /^\**([a-zA-Z_].*[\s*])?([A-Za-z_0-9]+)\(.*([),]|$)/ ) {
+            /^([^()]*(\([^()]*\)[^()]*)*)\(/;
+            $1 =~ /([A-Za-z_0-9]*)$/;
+            $func = $1;
+            $func =~ tr/A-Z/a-z/;
+        }
+        if ( /([A-Z0-9_]+[A-Z0-9])err\(([^,]+)/ && !/ckerr_ignore/ ) {
+            my $errlib = $1;
+            my $n      = $2;
+
+            unless ( $libs{$errlib} ) {
+                print "$file:$.:$errlib not listed in $config\n";
+                $libs{$errlib} = 1; # To not display it again
+                $bad = 1;
+            }
+
+            if ( $func eq "" ) {
+                print "$file:$.:???:$n\n";
+                $bad = 1;
+                next;
+            }
+
+            if ( $n !~ /^(.+)_F_(.+)$/ ) {
+                #print "check -$file:$.:$func:$n\n";
+                next;
+            }
+            my $lib = $1;
+            $n   = $2;
+
+            if ( $lib ne $errlib ) {
+                print "$file:$.:$func:$n [${errlib}err]\n";
+                $bad = 1;
+                next;
+            }
+
+            $n =~ tr/A-Z/a-z/;
+            if ( $n ne $func && $errlib ne "SYS" ) {
+                print "$file:$.:$func:$n\n";
+                $bad = 1;
+                next;
+            }
+
+            #		print "$func:$1\n";
+        }
+    }
+    close(IN);
+}
+
+if ( $bad && $err_strict ) {
+    print STDERR "FATAL: error discrepancy\n";
+    exit 1;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/util/copy.pl b/trunk/3rdparty/openssl-1.1-fit/util/copy.pl
new file mode 100644
index 000000000..58ecc82c4
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/util/copy.pl
@@ -0,0 +1,84 @@
+#! /usr/bin/env perl
+# Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use Fcntl;
+
+
+# copy.pl
+
+# Perl script 'copy' comment. On Windows the built in "copy" command also
+# copies timestamps: this messes up Makefile dependencies.
+
+my $stripcr = 0;
+
+my $arg;
+my @excludes = ();
+
+foreach $arg (@ARGV) {
+	if ($arg eq "-stripcr")
+		{
+		$stripcr = 1;
+		next;
+		}
+	if ($arg =~ /^-exclude_re=(.*)$/)
+		{
+		push @excludes, $1;
+		next;
+		}
+	$arg =~ s|\\|/|g;	# compensate for bug/feature in cygwin glob...
+	$arg = qq("$arg") if ($arg =~ /\s/);	# compensate for bug in 5.10...
+	foreach my $f (glob $arg)
+		{
+		push @filelist, $f unless grep { $f =~ /$_/ } @excludes;
+		}
+}
+
+$fnum = @filelist;
+
+if ($fnum <= 1)
+	{
+	die "Need at least two filenames";
+	}
+
+$dest = pop @filelist;
+
+if ($fnum > 2 && ! -d $dest)
+	{
+	die "Destination must be a directory";
+	}
+
+foreach (@filelist)
+	{
+	if (-d $dest)
+		{
+		$dfile = $_;
+		$dfile =~ s|^.*[/\\]([^/\\]*)$|$1|;
+		$dfile = "$dest/$dfile";
+		}
+	else
+		{
+		$dfile = $dest;
+		}
+	sysopen(IN, $_, O_RDONLY|O_BINARY) || die "Can't Open $_";
+	sysopen(OUT, $dfile, O_WRONLY|O_CREAT|O_TRUNC|O_BINARY)
+					|| die "Can't Open $dfile";
+	while (sysread IN, $buf, 10240)
+		{
+		if ($stripcr)
+			{
+			$buf =~ tr/\015//d;
+			}
+		syswrite(OUT, $buf, length($buf));
+		}
+	close(IN);
+	close(OUT);
+	print "Copying: $_ to $dfile\n";
+	}
+
+
diff --git a/trunk/3rdparty/openssl-1.1-fit/util/dofile.pl b/trunk/3rdparty/openssl-1.1-fit/util/dofile.pl
new file mode 100644
index 000000000..c3bc9ba9d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/util/dofile.pl
@@ -0,0 +1,210 @@
+#! /usr/bin/env perl
+# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# Reads one or more template files and runs it through Text::Template
+#
+# It is assumed that this scripts is called with -Mconfigdata, a module
+# that holds configuration data in %config
+
+use strict;
+use warnings;
+
+use FindBin;
+use Getopt::Std;
+
+# We actually expect to get the following hash tables from configdata:
+#
+#    %config
+#    %target
+#    %withargs
+#    %unified_info
+#
+# We just do a minimal test to see that we got what we expected.
+# $config{target} must exist as an absolute minimum.
+die "You must run this script with -Mconfigdata\n" if !exists($config{target});
+
+# Make a subclass of Text::Template to override append_text_to_result,
+# as recommended here:
+#
+# http://search.cpan.org/~mjd/Text-Template-1.46/lib/Text/Template.pm#Automatic_postprocessing_of_template_hunks
+
+package OpenSSL::Template;
+
+# Because we know that Text::Template isn't a core Perl module, we use
+# a fallback in case it's not installed on the system
+use File::Basename;
+use File::Spec::Functions;
+use lib "$FindBin::Bin/perl";
+use with_fallback "Text::Template 1.46";
+
+#use parent qw/Text::Template/;
+use vars qw/@ISA/;
+push @ISA, qw/Text::Template/;
+
+# Override constructor
+sub new {
+    my ($class) = shift;
+
+    # Call the constructor of the parent class, Person.
+    my $self = $class->SUPER::new( @_ );
+    # Add few more attributes
+    $self->{_output_off}   = 0;	# Default to output hunks
+    bless $self, $class;
+    return $self;
+}
+
+sub append_text_to_output {
+    my $self = shift;
+
+    if ($self->{_output_off} == 0) {
+	$self->SUPER::append_text_to_output(@_);
+    }
+
+    return;
+}
+
+sub output_reset_on {
+    my $self = shift;
+    $self->{_output_off} = 0;
+}
+
+sub output_on {
+    my $self = shift;
+    if (--$self->{_output_off} < 0) {
+	$self->{_output_off} = 0;
+    }
+}
+
+sub output_off {
+    my $self = shift;
+    $self->{_output_off}++;
+}
+
+# Come back to main
+
+package main;
+
+# Helper functions for the templates #################################
+
+# It might be practical to quotify some strings and have them protected
+# from possible harm.  These functions primarily quote things that might
+# be interpreted wrongly by a perl eval.
+
+# quotify1 STRING
+# This adds quotes (") around the given string, and escapes any $, @, \,
+# " and ' by prepending a \ to them.
+sub quotify1 {
+    my $s = shift @_;
+    $s =~ s/([\$\@\\"'])/\\$1/g;
+    '"'.$s.'"';
+}
+
+# quotify_l LIST
+# For each defined element in LIST (i.e. elements that aren't undef), have
+# it quotified with 'quotify1'
+sub quotify_l {
+    map {
+        if (!defined($_)) {
+            ();
+        } else {
+            quotify1($_);
+        }
+    } @_;
+}
+
+# Error reporter #####################################################
+
+# The error reporter uses %lines to figure out exactly which file the
+# error happened and at what line.  Not that the line number may be
+# the start of a perl snippet rather than the exact line where it
+# happened.  Nothing we can do about that here.
+
+my %lines = ();
+sub broken {
+    my %args = @_;
+    my $filename = "<STDIN>";
+    my $deducelines = 0;
+    foreach (sort keys %lines) {
+        $filename = $lines{$_};
+        last if ($_ > $args{lineno});
+        $deducelines += $_;
+    }
+    print STDERR $args{error}," in $filename, fragment starting at line ",$args{lineno}-$deducelines;
+    undef;
+}
+
+# Check options ######################################################
+
+my %opts = ();
+
+# -o ORIGINATOR
+#		declares ORIGINATOR as the originating script.
+getopt('o', \%opts);
+
+my @autowarntext = ("WARNING: do not edit!",
+		    "Generated"
+		    . (defined($opts{o}) ? " by ".$opts{o} : "")
+		    . (scalar(@ARGV) > 0 ? " from ".join(", ",@ARGV) : ""));
+
+# Template reading ###################################################
+
+# Read in all the templates into $text, while keeping track of each
+# file and its size in lines, to try to help report errors with the
+# correct file name and line number.
+
+my $prev_linecount = 0;
+my $text =
+    @ARGV
+    ? join("", map { my $x = Text::Template::_load_text($_);
+                     if (!defined($x)) {
+                         die $Text::Template::ERROR, "\n";
+                     }
+                     $x = "{- output_reset_on() -}" . $x;
+                     my $linecount = $x =~ tr/\n//;
+                     $prev_linecount = ($linecount += $prev_linecount);
+                     $lines{$linecount} = $_;
+                     $x } @ARGV)
+    : join("", <STDIN>);
+
+# Engage! ############################################################
+
+# Load the full template (combination of files) into Text::Template
+# and fill it up with our data.  Output goes directly to STDOUT
+
+my $template =
+    OpenSSL::Template->new(TYPE => 'STRING',
+                           SOURCE => $text,
+                           PREPEND => qq{use lib "$FindBin::Bin/perl";});
+
+sub output_reset_on {
+    $template->output_reset_on();
+    "";
+}
+sub output_on {
+    $template->output_on();
+    "";
+}
+sub output_off {
+    $template->output_off();
+    "";
+}
+
+$template->fill_in(OUTPUT => \*STDOUT,
+                   HASH => { config => \%config,
+                             target => \%target,
+                             disabled => \%disabled,
+                             withargs => \%withargs,
+                             unified_info => \%unified_info,
+                             autowarntext => \@autowarntext,
+                             quotify1 => \&quotify1,
+                             quotify_l => \&quotify_l,
+                             output_reset_on => \&output_reset_on,
+                             output_on => \&output_on,
+                             output_off => \&output_off },
+                   DELIMITERS => [ "{-", "-}" ],
+                   BROKEN => \&broken);
diff --git a/trunk/3rdparty/openssl-1.1-fit/util/echo.pl b/trunk/3rdparty/openssl-1.1-fit/util/echo.pl
new file mode 100644
index 000000000..d90e52129
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/util/echo.pl
@@ -0,0 +1,12 @@
+#! /usr/bin/perl
+
+use strict;
+use warnings;
+use Getopt::Std;
+
+our $opt_n = 0;
+
+getopts('n') or die "Invalid option: $!\n";
+
+print join(' ', @ARGV);
+print "\n" unless $opt_n;
diff --git a/trunk/3rdparty/openssl-1.1-fit/util/find-doc-nits b/trunk/3rdparty/openssl-1.1-fit/util/find-doc-nits
new file mode 100755
index 000000000..860bb9958
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/util/find-doc-nits
@@ -0,0 +1,545 @@
+#! /usr/bin/env perl
+# Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+require 5.10.0;
+use warnings;
+use strict;
+use Pod::Checker;
+use File::Find;
+use File::Basename;
+use File::Spec::Functions;
+use Getopt::Std;
+use lib catdir(dirname($0), "perl");
+use OpenSSL::Util::Pod;
+
+# Options.
+our($opt_d);
+our($opt_h);
+our($opt_l);
+our($opt_n);
+our($opt_p);
+our($opt_u);
+our($opt_c);
+
+sub help()
+{
+    print <<EOF;
+Find small errors (nits) in documentation.  Options:
+    -d Detailed list of undocumented (implies -u)
+    -l Print bogus links
+    -n Print nits in POD pages
+    -p Warn if non-public name documented (implies -n)
+    -u List undocumented functions
+    -h Print this help message
+    -c List undocumented commands and options
+EOF
+    exit;
+}
+
+my $temp = '/tmp/docnits.txt';
+my $OUT;
+my %public;
+
+my %mandatory_sections =
+    ( '*'    => [ 'NAME', 'DESCRIPTION', 'COPYRIGHT' ],
+      1      => [ 'SYNOPSIS', 'OPTIONS' ],
+      3      => [ 'SYNOPSIS', 'RETURN VALUES' ],
+      5      => [ ],
+      7      => [ ] );
+
+# Cross-check functions in the NAME and SYNOPSIS section.
+sub name_synopsis()
+{
+    my $id = shift;
+    my $filename = shift;
+    my $contents = shift;
+
+    # Get NAME section and all words in it.
+    return unless $contents =~ /=head1 NAME(.*)=head1 SYNOPSIS/ms;
+    my $tmp = $1;
+    $tmp =~ tr/\n/ /;
+    print "$id trailing comma before - in NAME\n" if $tmp =~ /, *-/;
+    $tmp =~ s/ -.*//g;
+    $tmp =~ s/  */ /g;
+    print "$id missing comma in NAME\n" if $tmp =~ /[^,] /;
+    $tmp =~ s/,//g;
+
+    my $dirname = dirname($filename);
+    my $simplename = basename($filename);
+    $simplename =~ s/.pod$//;
+    my $foundfilename = 0;
+    my %foundfilenames = ();
+    my %names;
+    foreach my $n ( split ' ', $tmp ) {
+        $names{$n} = 1;
+        $foundfilename++ if $n eq $simplename;
+        $foundfilenames{$n} = 1
+            if -f "$dirname/$n.pod" && $n ne $simplename;
+    }
+    print "$id the following exist as other .pod files:\n",
+        join(" ", sort keys %foundfilenames), "\n"
+        if %foundfilenames;
+    print "$id $simplename (filename) missing from NAME section\n"
+        unless $foundfilename;
+    foreach my $n ( keys %names ) {
+        print "$id $n is not public\n"
+            if $opt_p and !defined $public{$n};
+    }
+
+    # Find all functions in SYNOPSIS
+    return unless $contents =~ /=head1 SYNOPSIS(.*)=head1 DESCRIPTION/ms;
+    my $syn = $1;
+    foreach my $line ( split /\n+/, $syn ) {
+        my $sym;
+        $line =~ s/STACK_OF\([^)]+\)/int/g;
+        $line =~ s/__declspec\([^)]+\)//;
+        if ( $line =~ /env (\S*)=/ ) {
+            # environment variable env NAME=...
+            $sym = $1;
+        } elsif ( $line =~ /typedef.*\(\*(\S+)\)\(.*/ ) {
+            # a callback function pointer: typedef ... (*NAME)(...
+            $sym = $1;
+        } elsif ( $line =~ /typedef.* (\S+)\(.*/ ) {
+            # a callback function signature: typedef ... NAME(...
+            $sym = $1;
+        } elsif ( $line =~ /typedef.* (\S+);/ ) {
+            # a simple typedef: typedef ... NAME;
+            $sym = $1;
+        } elsif ( $line =~ /enum (\S*) \{/ ) {
+            # an enumeration: enum ... {
+            $sym = $1;
+        } elsif ( $line =~ /#define ([A-Za-z0-9_]+)/ ) {
+            $sym = $1;
+        } elsif ( $line =~ /([A-Za-z0-9_]+)\(/ ) {
+            $sym = $1;
+        }
+        else {
+            next;
+        }
+        print "$id $sym missing from NAME section\n"
+            unless defined $names{$sym};
+        $names{$sym} = 2;
+
+        # Do some sanity checks on the prototype.
+        print "$id prototype missing spaces around commas: $line\n"
+            if ( $line =~ /[a-z0-9],[^ ]/ );
+    }
+
+    foreach my $n ( keys %names ) {
+        next if $names{$n} == 2;
+        print "$id $n missing from SYNOPSIS\n";
+    }
+}
+
+sub check()
+{
+    my $filename = shift;
+    my $dirname = basename(dirname($filename));
+
+    my $contents = '';
+    {
+        local $/ = undef;
+        open POD, $filename or die "Couldn't open $filename, $!";
+        $contents = <POD>;
+        close POD;
+    }
+
+    my $id = "${filename}:1:";
+
+    &name_synopsis($id, $filename, $contents)
+        unless $contents =~ /=for comment generic/
+            or $filename =~ m@man[157]/@;
+
+    print "$id doesn't start with =pod\n"
+        if $contents !~ /^=pod/;
+    print "$id doesn't end with =cut\n"
+        if $contents !~ /=cut\n$/;
+    print "$id more than one cut line.\n"
+        if $contents =~ /=cut.*=cut/ms;
+    print "$id missing copyright\n"
+        if $contents !~ /Copyright .* The OpenSSL Project Authors/;
+    print "$id copyright not last\n"
+        if $contents =~ /head1 COPYRIGHT.*=head/ms;
+    print "$id head2 in All uppercase\n"
+        if $contents =~ /head2\s+[A-Z ]+\n/;
+    print "$id extra space after head\n"
+        if $contents =~ /=head\d\s\s+/;
+    print "$id period in NAME section\n"
+        if $contents =~ /=head1 NAME.*\.\n.*=head1 SYNOPSIS/ms;
+    print "$id POD markup in NAME section\n"
+        if $contents =~ /=head1 NAME.*[<>].*=head1 SYNOPSIS/ms;
+    print "$id Duplicate $1 in L<>\n"
+        if $contents =~ /L<([^>]*)\|([^>]*)>/ && $1 eq $2;
+    print "$id Bad =over $1\n"
+        if $contents =~ /=over([^ ][^24])/;
+    print "$id Possible version style issue\n"
+        if $contents =~ /OpenSSL version [019]/;
+
+    if ( $contents !~ /=for comment multiple includes/ ) {
+        # Look for multiple consecutive openssl #include lines
+        # (non-consecutive lines are okay; see man3/MD5.pod).
+        if ( $contents =~ /=head1 SYNOPSIS(.*)=head1 DESCRIPTION/ms ) {
+            my $count = 0;
+            foreach my $line ( split /\n+/, $1 ) {
+                if ( $line =~ m@include <openssl/@ ) {
+                    print "$id has multiple includes\n" if ++$count == 2;
+                } else {
+                    $count = 0;
+                }
+            }
+        }
+    }
+
+    open my $OUT, '>', $temp
+        or die "Can't open $temp, $!";
+    podchecker($filename, $OUT);
+    close $OUT;
+    open $OUT, '<', $temp
+        or die "Can't read $temp, $!";
+    while ( <$OUT> ) {
+        next if /\(section\) in.*deprecated/;
+        print;
+    }
+    close $OUT;
+    unlink $temp || warn "Can't remove $temp, $!";
+
+    # Find what section this page is in; assume 3.
+    my $section = 3;
+    $section = $1 if $dirname =~ /man([1-9])/;
+
+    foreach ((@{$mandatory_sections{'*'}}, @{$mandatory_sections{$section}})) {
+        # Skip "return values" if not -s
+        print "$id: missing $_ head1 section\n"
+            if $contents !~ /^=head1\s+${_}\s*$/m;
+    }
+}
+
+my %dups;
+
+sub parsenum()
+{
+    my $file = shift;
+    my @apis;
+
+    open my $IN, '<', $file
+        or die "Can't open $file, $!, stopped";
+
+    while ( <$IN> ) {
+        next if /^#/;
+        next if /\bNOEXIST\b/;
+        next if /\bEXPORT_VAR_AS_FUNC\b/;
+        my @fields = split();
+        die "Malformed line $_"
+            if scalar @fields != 2 && scalar @fields != 4;
+        push @apis, $fields[0];
+    }
+
+    close $IN;
+
+    print "# Found ", scalar(@apis), " in $file\n" unless $opt_p;
+    return sort @apis;
+}
+
+sub getdocced()
+{
+    my $dir = shift;
+    my %return;
+
+    foreach my $pod ( glob("$dir/*.pod") ) {
+        my %podinfo = extract_pod_info($pod);
+        foreach my $n ( @{$podinfo{names}} ) {
+            $return{$n} = $pod;
+            print "# Duplicate $n in $pod and $dups{$n}\n"
+                if defined $dups{$n} && $dups{$n} ne $pod;
+            $dups{$n} = $pod;
+        }
+    }
+
+    return %return;
+}
+
+my %docced;
+
+sub checkmacros()
+{
+    my $count = 0;
+
+    print "# Checking macros (approximate)\n";
+    foreach my $f ( glob('include/openssl/*.h') ) {
+        # Skip some internals we don't want to document yet.
+        next if $f eq 'include/openssl/asn1.h';
+        next if $f eq 'include/openssl/asn1t.h';
+        next if $f eq 'include/openssl/err.h';
+        open(IN, $f) || die "Can't open $f, $!";
+        while ( <IN> ) {
+            next unless /^#\s*define\s*(\S+)\(/;
+            my $macro = $1;
+            next if $docced{$macro};
+            next if $macro =~ /i2d_/
+                || $macro =~ /d2i_/
+                || $macro =~ /DEPRECATEDIN/
+                || $macro =~ /IMPLEMENT_/
+                || $macro =~ /DECLARE_/;
+            print "$f:$macro\n" if $opt_d;
+            $count++;
+        }
+        close(IN);
+    }
+    print "# Found $count macros missing (not all should be documented)\n"
+}
+
+sub printem()
+{
+    my $libname = shift;
+    my $numfile = shift;
+    my $count = 0;
+
+    foreach my $func ( &parsenum($numfile) ) {
+        next if $docced{$func};
+
+        # Skip ASN1 utilities
+        next if $func =~ /^ASN1_/;
+
+        print "$libname:$func\n" if $opt_d;
+        $count++;
+    }
+    print "# Found $count missing from $numfile\n\n";
+}
+
+
+# Collection of links in each POD file.
+# filename => [ "foo(1)", "bar(3)", ... ]
+my %link_collection = ();
+# Collection of names in each POD file.
+# "name(s)" => filename
+my %name_collection = ();
+
+sub collectnames {
+    my $filename = shift;
+    $filename =~ m|man(\d)/|;
+    my $section = $1;
+    my $simplename = basename($filename, ".pod");
+    my $id = "${filename}:1:";
+
+    my $contents = '';
+    {
+        local $/ = undef;
+        open POD, $filename or die "Couldn't open $filename, $!";
+        $contents = <POD>;
+        close POD;
+    }
+
+    $contents =~ /=head1 NAME([^=]*)=head1 /ms;
+    my $tmp = $1;
+    unless (defined $tmp) {
+        print "$id weird name section\n";
+        return;
+    }
+    $tmp =~ tr/\n/ /;
+    $tmp =~ s/-.*//g;
+
+    my @names = map { s/\s+//g; $_ } split(/,/, $tmp);
+    unless (grep { $simplename eq $_ } @names) {
+        print "$id missing $simplename\n";
+        push @names, $simplename;
+    }
+    foreach my $name (@names) {
+        next if $name eq "";
+        my $name_sec = "$name($section)";
+        if (! exists $name_collection{$name_sec}) {
+            $name_collection{$name_sec} = $filename;
+        } else { #elsif ($filename ne $name_collection{$name_sec}) {
+            print "$id $name_sec also in $name_collection{$name_sec}\n";
+        }
+    }
+
+    my @foreign_names =
+        map { map { s/\s+//g; $_ } split(/,/, $_) }
+        $contents =~ /=for\s+comment\s+foreign\s+manuals:\s*(.*)\n\n/;
+    foreach (@foreign_names) {
+        $name_collection{$_} = undef; # It still exists!
+    }
+
+    my @links = $contents =~ /L<
+                              # if the link is of the form L<something|name(s)>,
+                              # then remove 'something'.  Note that 'something'
+                              # may contain POD codes as well...
+                              (?:(?:[^\|]|<[^>]*>)*\|)?
+                              # we're only interested in references that have
+                              # a one digit section number
+                              ([^\/>\(]+\(\d\))
+                             /gx;
+    $link_collection{$filename} = [ @links ];
+}
+
+sub checklinks {
+    foreach my $filename (sort keys %link_collection) {
+        foreach my $link (@{$link_collection{$filename}}) {
+            print "${filename}:1: reference to non-existing $link\n"
+                unless exists $name_collection{$link};
+        }
+    }
+}
+
+sub publicize() {
+    foreach my $name ( &parsenum('util/libcrypto.num') ) {
+        $public{$name} = 1;
+    }
+    foreach my $name ( &parsenum('util/libssl.num') ) {
+        $public{$name} = 1;
+    }
+    foreach my $name ( &parsenum('util/private.num') ) {
+        $public{$name} = 1;
+    }
+}
+
+my %skips = (
+    'aes128' => 1,
+    'aes192' => 1,
+    'aes256' => 1,
+    'aria128' => 1,
+    'aria192' => 1,
+    'aria256' => 1,
+    'camellia128' => 1,
+    'camellia192' => 1,
+    'camellia256' => 1,
+    'des' => 1,
+    'des3' => 1,
+    'idea' => 1,
+    '[cipher]' => 1,
+    '[digest]' => 1,
+);
+
+sub checkflags() {
+    my $cmd = shift;
+    my %cmdopts;
+    my %docopts;
+    my $ok = 1;
+
+    # Get the list of options in the command.
+    open CFH, "./apps/openssl list --options $cmd|"
+        || die "Can list options for $cmd, $!";
+    while ( <CFH> ) {
+        chop;
+        s/ .$//;
+        $cmdopts{$_} = 1;
+    }
+    close CFH;
+
+    # Get the list of flags from the synopsis
+    open CFH, "<doc/man1/$cmd.pod"
+        || die "Can't open $cmd.pod, $!";
+    while ( <CFH> ) {
+        chop;
+        last if /DESCRIPTION/;
+        next unless /\[B<-([^ >]+)/;
+        $docopts{$1} = 1;
+    }
+    close CFH;
+
+    # See what's in the command not the manpage.
+    my @undocced = ();
+    foreach my $k ( keys %cmdopts ) {
+        push @undocced, $k unless $docopts{$k};
+    }
+    if ( scalar @undocced > 0 ) {
+        $ok = 0;
+        foreach ( @undocced ) {
+            print "doc/man1/$cmd.pod: Missing -$_\n";
+        }
+    }
+
+    # See what's in the command not the manpage.
+    my @unimpl = ();
+    foreach my $k ( keys %docopts ) {
+        push @unimpl, $k unless $cmdopts{$k};
+    }
+    if ( scalar @unimpl > 0 ) {
+        $ok = 0;
+        foreach ( @unimpl ) {
+            next if defined $skips{$_};
+            print "doc/man1/$cmd.pod: Not implemented -$_\n";
+        }
+    }
+
+    return $ok;
+}
+
+getopts('cdlnphu');
+
+&help() if $opt_h;
+$opt_n = 1 if $opt_p;
+$opt_u = 1 if $opt_d;
+
+die "Need one of -[cdlnpu] flags.\n"
+    unless $opt_c or $opt_l or $opt_n or $opt_u;
+
+if ( $opt_c ) {
+    my $ok = 1;
+    my @commands = ();
+
+    # Get list of commands.
+    open FH, "./apps/openssl list -1 -commands|"
+        || die "Can't list commands, $!";
+    while ( <FH> ) {
+        chop;
+        push @commands, $_;
+    }
+    close FH;
+
+    # See if each has a manpage.
+    foreach ( @commands ) {
+        next if $_ eq 'help' || $_ eq 'exit';
+        if ( ! -f "doc/man1/$_.pod" ) {
+            print "doc/man1/$_.pod does not exist\n";
+            $ok = 0;
+        } else {
+            $ok = 0 if not &checkflags($_);
+        }
+    }
+
+    # See what help is missing.
+    open FH, "./apps/openssl list --missing-help |"
+        || die "Can't list missing help, $!";
+    while ( <FH> ) {
+        chop;
+        my ($cmd, $flag) = split;
+        print "$cmd has no help for -$flag\n";
+        $ok = 0;
+    }
+    close FH;
+
+    exit 1 if not $ok;
+}
+
+if ( $opt_l ) {
+    foreach (@ARGV ? @ARGV : glob('doc/*/*.pod')) {
+        collectnames($_);
+    }
+    checklinks();
+}
+
+if ( $opt_n ) {
+    &publicize() if $opt_p;
+    foreach (@ARGV ? @ARGV : glob('doc/*/*.pod')) {
+        &check($_);
+    }
+}
+
+if ( $opt_u ) {
+    my %temp = &getdocced('doc/man3');
+    foreach ( keys %temp ) {
+        $docced{$_} = $temp{$_};
+    }
+    &printem('crypto', 'util/libcrypto.num');
+    &printem('ssl', 'util/libssl.num');
+    &checkmacros();
+}
+
+exit;
diff --git a/trunk/3rdparty/openssl-1.1-fit/util/find-unused-errs b/trunk/3rdparty/openssl-1.1-fit/util/find-unused-errs
new file mode 100755
index 000000000..cd1026d59
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/util/find-unused-errs
@@ -0,0 +1,54 @@
+#! /bin/bash
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# Find unused error function-names and reason-codes, and edit them
+# out of the source.  Doesn't handle line-wrapping, might have to do
+# some manual cleanups to fix compile errors.
+
+export X1=/tmp/f.1.$$
+export X2=/tmp/f.2.$$
+
+case "$1" in
+    -f)
+        PAT='_F_'
+        echo Functions only
+        ;;
+    -[er])
+        PAT='_R_'
+        echo Reason codes only
+        ;;
+    "")
+        PAT='_[FR]_'
+        echo Function and reasons
+        ;;
+    *)
+        echo "Usage error; one of -[efr] required."
+        exit 1;
+        ;;
+esac
+
+cd include/openssl || exit 1
+grep "$PAT" *  | grep -v ERR_FATAL_ERROR | awk '{print $3;}' | sort -u >$X1
+cd ../..
+
+for F in `cat $X1` ; do
+    git grep -l --full-name -F $F >$X2
+    NUM=`wc -l <$X2`
+    test $NUM -gt 2 && continue
+    if grep -q $F crypto/err/openssl.ec ; then
+        echo Possibly unused $F found in openssl.ec
+        continue
+    fi
+    echo $F
+    for FILE in `cat $X2` ; do
+        grep -v -w $F <$FILE >$FILE.new
+        mv $FILE.new $FILE
+    done
+done
+
+rm $X1 $X2
diff --git a/trunk/3rdparty/openssl-1.1-fit/util/indent.pro b/trunk/3rdparty/openssl-1.1-fit/util/indent.pro
new file mode 100644
index 000000000..3d3f747bf
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/util/indent.pro
@@ -0,0 +1,643 @@
+-bap
+-bbo
+-br
+-brs
+-c33
+-cd33
+-ce
+-ci4
+-cli0
+-cp33
+-d0
+-di1
+-hnl
+-i4
+-il1
+-ip0
+-l80
+-lp
+-nbad
+-nbc
+-ncdb
+-ncs
+-nfc1
+-nfca
+-npcs
+-nprs
+-npsl
+-nsc
+-ppi1
+-saf
+-sai
+-saw
+-sob
+-ss
+-ts0
+-T ACCESS_DESCRIPTION
+-T ADDED_OBJ
+-T AES_KEY
+-T APP_INFO
+-T ARGS
+-T ASIdOrRange
+-T ASIdOrRanges
+-T ASIdentifierChoice
+-T ASIdentifiers
+-T ASN1_ADB
+-T ASN1_ADB_TABLE
+-T ASN1_AUX
+-T ASN1_BIT_STRING
+-T ASN1_BMPSTRING
+-T ASN1_BOOLEAN
+-T ASN1_ENCODING
+-T ASN1_ENUMERATED
+-T ASN1_EXTERN_FUNCS
+-T ASN1_GENERALIZEDTIME
+-T ASN1_GENERALSTRING
+-T ASN1_IA5STRING
+-T ASN1_INTEGER
+-T ASN1_ITEM
+-T ASN1_ITEM_EXP
+-T ASN1_NULL
+-T ASN1_OBJECT
+-T ASN1_OCTET_STRING
+-T ASN1_PCTX
+-T ASN1_PRIMITIVE_FUNCS
+-T ASN1_PRINTABLESTRING
+-T ASN1_PRINT_ARG
+-T ASN1_SCTX
+-T ASN1_STREAM_ARG
+-T ASN1_STRING
+-T ASN1_STRING_TABLE
+-T ASN1_T61STRING
+-T ASN1_TEMPLATE
+-T ASN1_TIME
+-T ASN1_TLC
+-T ASN1_TYPE
+-T ASN1_UNIVERSALSTRING
+-T ASN1_UTCTIME
+-T ASN1_UTF8STRING
+-T ASN1_VALUE
+-T ASN1_VISIBLESTRING
+-T AUTHORITY_INFO_ACCESS
+-T AUTHORITY_KEYID
+-T BASIC_CONSTRAINTS
+-T BF_KEY
+-T BF_LONG
+-T BIGNUM
+-T BIO
+-T BIO_ACCEPT
+-T BIO_ADDR
+-T BIO_ASN1_BUF_CTX
+-T BIO_ASN1_EX_FUNCS
+-T BIO_B64_CTX
+-T BIO_CONNECT
+-T BIO_ENC_CTX
+-T BIO_F_BUFFER_CTX
+-T BIO_LINEBUFFER_CTX
+-T BIO_METHOD
+-T BIO_OK_CTX
+-T BIO_SSL
+-T BIT_STRING_BITNAME
+-T BN_BLINDING
+-T BN_CTX
+-T BN_GENCB
+-T BN_MONT_CTX
+-T BN_POOL
+-T BN_POOL_ITEM
+-T BN_RECP_CTX
+-T BN_STACK
+-T BN_ULONG
+-T BUF_MEM
+-T BY_DIR
+-T BY_DIR_ENTRY
+-T BY_DIR_HASH
+-T Bytef
+-T CAMELLIA_KEY
+-T CAST_KEY
+-T CAST_LONG
+-T CA_DB
+-T CCM128_CONTEXT
+-T CERT
+-T CERTIFICATEPOLICIES
+-T CERT_PKEY
+-T CIPHER_ORDER
+-T CMAC_CTX
+-T CMS_AuthenticatedData
+-T CMS_CertificateChoices
+-T CMS_CompressedData
+-T CMS_ContentInfo
+-T CMS_DigestedData
+-T CMS_EncapsulatedContentInfo
+-T CMS_EncryptedContentInfo
+-T CMS_EncryptedData
+-T CMS_EnvelopedData
+-T CMS_IssuerAndSerialNumber
+-T CMS_KEKIdentifier
+-T CMS_KEKRecipientInfo
+-T CMS_KeyAgreeRecipientIdentifier
+-T CMS_KeyAgreeRecipientInfo
+-T CMS_KeyTransRecipientInfo
+-T CMS_OriginatorIdentifierOrKey
+-T CMS_OriginatorInfo
+-T CMS_OriginatorPublicKey
+-T CMS_OtherCertificateFormat
+-T CMS_OtherKeyAttribute
+-T CMS_OtherRecipientInfo
+-T CMS_OtherRevocationInfoFormat
+-T CMS_PasswordRecipientInfo
+-T CMS_Receipt
+-T CMS_ReceiptRequest
+-T CMS_ReceiptsFrom
+-T CMS_RecipientEncryptedKey
+-T CMS_RecipientIdentifier
+-T CMS_RecipientInfo
+-T CMS_RecipientKeyIdentifier
+-T CMS_RevocationInfoChoice
+-T CMS_SignedData
+-T CMS_SignerIdentifier
+-T CMS_SignerInfo
+-T COMP_CTX
+-T COMP_METHOD
+-T CONF
+-T CONF_IMODULE
+-T CONF_METHOD
+-T CONF_MODULE
+-T CONF_VALUE
+-T CRYPTO_EX_DATA
+-T CRYPTO_EX_dup
+-T CRYPTO_EX_free
+-T CRYPTO_EX_new
+-T CRYPTO_THREADID
+-T DB_ATTR
+-T DES_LONG
+-T DES_cblock
+-T DES_key_schedule
+-T DH
+-T DH_METHOD
+-T DH_PKEY_CTX
+-T DIST_POINT
+-T DIST_POINT_NAME
+-T DSA
+-T DSA_METHOD
+-T DSA_SIG
+-T DSO
+-T DSO_FUNC_TYPE
+-T DSO_MERGER_FUNC
+-T DSO_METHOD
+-T DSO_NAME_CONVERTER_FUNC
+-T DSO_VMS_INTERNAL
+-T DTLS1_BITMAP
+-T DTLS1_RECORD_DATA
+-T DTLS1_STATE
+-T Dl_info
+-T ECDH_METHOD
+-T ECDSA_METHOD
+-T ECDSA_SIG
+-T ECPARAMETERS
+-T ECPKPARAMETERS
+-T EC_GROUP
+-T EC_KEY
+-T EC_METHOD
+-T EC_POINT
+-T EC_PRE_COMP
+-T EC_PRIVATEKEY
+-T EC_builtin_curve
+-T EDIPARTYNAME
+-T ENGINE
+-T ENGINE_CIPHERS_PTR
+-T ENGINE_CLEANUP_CB
+-T ENGINE_CLEANUP_ITEM
+-T ENGINE_CMD_DEFN
+-T ENGINE_CTRL_FUNC_PTR
+-T ENGINE_DIGESTS_PTR
+-T ENGINE_GEN_FUNC_PTR
+-T ENGINE_GEN_INT_FUNC_PTR
+-T ENGINE_LOAD_KEY_PTR
+-T ENGINE_PILE
+-T ENGINE_PILE_DOALL
+-T ENGINE_PKEY_ASN1_METHS_PTR
+-T ENGINE_PKEY_METHS_PTR
+-T ENGINE_SSL_CLIENT_CERT_PTR
+-T ENGINE_TABLE
+-T ENUMERATED_NAMES
+-T ERR_STATE
+-T ERR_STRING_DATA
+-T ESS_CERT_ID
+-T ESS_CERT_ID_V2
+-T ESS_ISSUER_SERIAL
+-T ESS_SIGNING_CERT
+-T ESS_SIGNING_CERT_V2
+-T EVP_AES_HMAC_SHA1
+-T EVP_AES_HMAC_SHA256
+-T EVP_CIPHER
+-T EVP_CIPHER_CTX
+-T EVP_CIPHER_INFO
+-T EVP_ENCODE_CTX
+-T EVP_MD
+-T EVP_MD_CTX
+-T EVP_PBE_CTL
+-T EVP_PBE_KEYGEN
+-T EVP_PKEY
+-T EVP_PKEY_ASN1_METHOD
+-T EVP_PKEY_CTX
+-T EVP_PKEY_METHOD
+-T EVP_PKEY_gen_cb
+-T FILE
+-T GCM128_CONTEXT
+-T GENERAL_NAME
+-T GENERAL_NAMES
+-T GENERAL_SUBTREE
+-T GEN_SESSION_CB
+-T HASH_CTX
+-T HEAPENTRY32
+-T HEAPLIST32
+-T HMAC_CTX
+-T IDEA_KEY_SCHEDULE
+-T IPAddrBlocks
+-T IPAddressFamily
+-T IPAddressOrRange
+-T IPAddressOrRanges
+-T ISSUING_DIST_POINT
+-T KEY_TABLE_TYPE
+-T LHASH
+-T LHASH_DOALL_ARG_FN_TYPE
+-T LHASH_NODE
+-T LPHEAPENTRY32
+-T LPHEAPLIST32
+-T LPMODULEENTRY32
+-T LPMODULEENTRY32W
+-T LPPROCESSENTRY32
+-T LPPROCESSENTRY32W
+-T LPTHREADENTRY32
+-T LP_DIR_CTX
+-T MD2_CTX
+-T MD4_CTX
+-T MD5_CTX
+-T MDC2_CTX
+-T MEM
+-T MEM_LEAK
+-T MIME_HEADER
+-T MIME_PARAM
+-T MODULEENTRY32
+-T MODULEENTRY32W
+-T NAME_CONSTRAINTS
+-T NAME_FUNCS
+-T NBIO_TEST
+-T NDEF_SUPPORT
+-T NETSCAPE_CERT_SEQUENCE
+-T NETSCAPE_ENCRYPTED_PKEY
+-T NETSCAPE_PKEY
+-T NETSCAPE_SPKAC
+-T NETSCAPE_SPKI
+-T NOTICEREF
+-T OBJ_NAME
+-T OCB128_CONTEXT
+-T OCB_BLOCK
+-T OCSP_BASICRESP
+-T OCSP_CERTID
+-T OCSP_CERTSTATUS
+-T OCSP_CRLID
+-T OCSP_ONEREQ
+-T OCSP_REQINFO
+-T OCSP_REQUEST
+-T OCSP_REQ_CTX
+-T OCSP_RESPBYTES
+-T OCSP_RESPDATA
+-T OCSP_RESPID
+-T OCSP_RESPONSE
+-T OCSP_REVOKEDINFO
+-T OCSP_SERVICELOC
+-T OCSP_SIGNATURE
+-T OCSP_SINGLERESP
+-T OCSP_TBLSTR
+-T OPENSSL_BLOCK
+-T OPENSSL_CSTRING
+-T OPENSSL_DIR_CTX
+-T OPENSSL_PSTRING
+-T OPENSSL_STRING
+-T OSSL_ASYNC_FD
+-T OTHERNAME
+-T P256_POINT
+-T P256_POINT_AFFINE
+-T PBE2PARAM
+-T PBEPARAM
+-T PBKDF2PARAM
+-T PHEAPENTRY32
+-T PHEAPLIST32
+-T PKCS12
+-T PKCS12_BAGS
+-T PKCS12_SAFEBAG
+-T PKCS7
+-T PKCS7_DIGEST
+-T PKCS7_ENCRYPT
+-T PKCS7_ENC_CONTENT
+-T PKCS7_ENVELOPE
+-T PKCS7_ISSUER_AND_SERIAL
+-T PKCS7_RECIP_INFO
+-T PKCS7_SIGNED
+-T PKCS7_SIGNER_INFO
+-T PKCS7_SIGN_ENVELOPE
+-T PKCS8_PRIV_KEY_INFO
+-T PKEY_USAGE_PERIOD
+-T PMODULEENTRY32
+-T PMODULEENTRY32W
+-T POLICYINFO
+-T POLICYQUALINFO
+-T POLICY_CONSTRAINTS
+-T POLICY_MAPPING
+-T POLICY_MAPPINGS
+-T PPROCESSENTRY32
+-T PPROCESSENTRY32W
+-T PRECOMP256_ROW
+-T PROCESSENTRY32
+-T PROCESSENTRY32W
+-T PROXY_CERT_INFO_EXTENSION
+-T PROXY_POLICY
+-T PTHREADENTRY32
+-T PW_CB_DATA
+-T RAND_METHOD
+-T RC2_KEY
+-T RC4_KEY
+-T RC5_32_KEY
+-T RIPEMD160_CTX
+-T RSA
+-T RSA_METHOD
+-T RSA_OAEP_PARAMS
+-T RSA_PKEY_CTX
+-T RSA_PSS_PARAMS
+-T SCT
+-T SEED_KEY_SCHEDULE
+-T SHA256_CTX
+-T SHA512_CTX
+-T SHA_CTX
+-T SRP_ARG
+-T SRP_CLIENT_ARG
+-T SRP_CTX
+-T SRP_SERVER_ARG
+-T SRP_VBASE
+-T SRP_gN_cache
+-T SRP_user_pwd
+-T SRTP_PROTECTION_PROFILE
+-T SSL
+-T SSL3_BUFFER
+-T SSL3_COMP
+-T SSL3_ENC_METHOD
+-T SSL3_RECORD
+-T SSL3_STATE
+-T SSL_CIPHER
+-T SSL_COMP
+-T SSL_CONF_CTX
+-T SSL_CTX
+-T SSL_DANE
+-T SSL_EXCERT
+-T SSL_METHOD
+-T SSL_SESSION
+-T SSL_SESSION_ASN1
+-T STACK_OF
+-T SXNET
+-T SXNETID
+-T TCHAR
+-T TEST_INFO
+-T THREADENTRY32
+-T TIMEOUT_PARAM
+-T TLS_SESSION_TICKET_EXT
+-T TLS_SIGALGS
+-T TS_ACCURACY
+-T TS_MSG_IMPRINT
+-T TS_REQ
+-T TS_RESP
+-T TS_RESP_CTX
+-T TS_STATUS_INFO
+-T TS_TST_INFO
+-T TS_VERIFY_CTX
+-T TXT_DB
+-T UI
+-T UINT64
+-T UI_METHOD
+-T UI_STRING
+-T USERNOTICE
+-T WCHAR
+-T WHIRLPOOL_CTX
+-T WINAPI
+-T X509
+-T X509V3_CONF_METHOD
+-T X509V3_CTX
+-T X509V3_EXT_D2I
+-T X509V3_EXT_FREE
+-T X509V3_EXT_I2D
+-T X509V3_EXT_I2R
+-T X509V3_EXT_I2S
+-T X509V3_EXT_METHOD
+-T X509V3_EXT_NEW
+-T X509V3_EXT_R2I
+-T X509V3_EXT_S2I
+-T X509V3_EXT_V2I
+-T X509_ALGOR
+-T X509_ATTRIBUTE
+-T X509_CERT_AUX
+-T X509_CINF
+-T X509_CRL
+-T X509_CRL_INFO
+-T X509_CRL_METHOD
+-T X509_EXTENSION
+-T X509_INFO
+-T X509_LOOKUP
+-T X509_LOOKUP_METHOD
+-T X509_NAME
+-T X509_NAME_ENTRY
+-T X509_OBJECT
+-T X509_PKEY
+-T X509_POLICY_CACHE
+-T X509_POLICY_DATA
+-T X509_POLICY_LEVEL
+-T X509_POLICY_NODE
+-T X509_POLICY_TREE
+-T X509_PUBKEY
+-T X509_PURPOSE
+-T X509_REQ
+-T X509_REQ_INFO
+-T X509_REVOKED
+-T X509_SIG
+-T X509_STORE
+-T X509_STORE_CTX
+-T X509_TRUST
+-T X509_VAL
+-T X509_VERIFY_PARAM
+-T X9_62_CHARACTERISTIC_TWO
+-T X9_62_CURVE
+-T X9_62_FIELDID
+-T X9_62_PENTANOMIAL
+-T XTS128_CONTEXT
+-T _LHASH
+-T _STACK
+-T __int64
+-T asn1_ps_func
+-T bio_dgram_data
+-T bio_info_cb
+-T BIO_info_cb
+-T BIO_callback_fn
+-T char_io
+-T conf_finish_func
+-T conf_init_func
+-T const_DES_cblock
+-T d2i_of_void
+-T des_cblock
+-T dynamic_data_ctx
+-T dynamic_fns
+-T engine_table_doall_cb
+-T i2d_of_void
+-T int_dhx942_dh
+-T nid_triple
+-T pem_password_cb
+-T pitem
+-T piterator
+-T pqueue_s
+-T session_op
+-T size_t
+-T tag_exp_arg
+-T testdata
+-T time_t
+-T time_t
+-T u32
+-T u64
+-T u8
+-T v3_ext_ctx
+-T v3_ext_method
+-T STACK_OF_ACCESS_DESCRIPTION_
+-T STACK_OF_ASIdOrRange_
+-T STACK_OF_ASN1_ADB_TABLE_
+-T STACK_OF_ASN1_INTEGER_
+-T STACK_OF_ASN1_OBJECT_
+-T STACK_OF_ASN1_STRING_TABLE_
+-T STACK_OF_ASN1_TYPE_
+-T STACK_OF_ASN1_UTF8STRING_
+-T STACK_OF_ASN1_VALUE_
+-T STACK_OF_BIO_
+-T STACK_OF_BY_DIR_ENTRY_
+-T STACK_OF_BY_DIR_HASH_
+-T STACK_OF_CMS_CertificateChoices_
+-T STACK_OF_CMS_RecipientEncryptedKey_
+-T STACK_OF_CMS_RecipientInfo_
+-T STACK_OF_CMS_RevocationInfoChoice_
+-T STACK_OF_CMS_SignerInfo_
+-T STACK_OF_CONF_IMODULE_
+-T STACK_OF_CONF_MODULE_
+-T STACK_OF_CONF_VALUE_
+-T STACK_OF_CRYPTO_dynlock_
+-T STACK_OF_DIST_POINT_
+-T STACK_OF_ENGINE_
+-T STACK_OF_ENGINE_CLEANUP_ITEM_
+-T STACK_OF_ESS_CERT_ID_
+-T STACK_OF_ESS_CERT_ID_V2_
+-T STACK_OF_EVP_PBE_CTL_
+-T STACK_OF_EVP_PKEY_ASN1_METHOD_
+-T STACK_OF_EVP_PKEY_METHOD_
+-T STACK_OF_GENERAL_NAMES_
+-T STACK_OF_GENERAL_NAME_
+-T STACK_OF_GENERAL_SUBTREE_
+-T STACK_OF_IPAddressFamily_
+-T STACK_OF_IPAddressOrRange_
+-T STACK_OF_MIME_HEADER_
+-T STACK_OF_MIME_PARAM_
+-T STACK_OF_NAME_FUNCS_
+-T STACK_OF_OCSP_CERTID_
+-T STACK_OF_OCSP_ONEREQ_
+-T STACK_OF_OCSP_RESPID_
+-T STACK_OF_OCSP_SINGLERESP_
+-T STACK_OF_OPENSSL_BLOCK_
+-T STACK_OF_OPENSSL_PSTRING_
+-T STACK_OF_OPENSSL_STRING_
+-T STACK_OF_PKCS12_SAFEBAG_
+-T STACK_OF_PKCS7_
+-T STACK_OF_PKCS7_RECIP_INFO_
+-T STACK_OF_PKCS7_SIGNER_INFO_
+-T STACK_OF_POLICYINFO_
+-T STACK_OF_POLICYQUALINFO_
+-T STACK_OF_POLICY_MAPPING_
+-T STACK_OF_Request_
+-T STACK_OF_SCT_
+-T STACK_OF_SRP_gN_
+-T STACK_OF_SRP_gN_cache_
+-T STACK_OF_SRP_user_pwd_
+-T STACK_OF_SRTP_PROTECTION_PROFILE_
+-T STACK_OF_SSL_CIPHER_
+-T STACK_OF_SSL_COMP_
+-T STACK_OF_STRING_
+-T STACK_OF_SXNETID_
+-T STACK_OF_SingleResponse_
+-T STACK_OF_UI_STRING_
+-T STACK_OF_X509V3_EXT_METHOD_
+-T STACK_OF_X509_
+-T STACK_OF_X509_ALGOR_
+-T STACK_OF_X509_ATTRIBUTE_
+-T STACK_OF_X509_CRL_
+-T STACK_OF_X509_EXTENSION_
+-T STACK_OF_X509_INFO_
+-T STACK_OF_X509_LOOKUP_
+-T STACK_OF_X509_NAME_
+-T STACK_OF_X509_NAME_ENTRY_
+-T STACK_OF_X509_OBJECT_
+-T STACK_OF_X509_POLICY_DATA_
+-T STACK_OF_X509_POLICY_NODE_
+-T STACK_OF_X509_PURPOSE_
+-T STACK_OF_X509_REVOKED_
+-T STACK_OF_X509_TRUST_
+-T STACK_OF_X509_VERIFY_PARAM_
+-T STACK_OF_nid_triple_
+-T STACK_OF_void_
+-T LHASH_OF_ADDED_OBJ_
+-T LHASH_OF_APP_INFO_
+-T LHASH_OF_CONF_VALUE_
+-T LHASH_OF_ENGINE_PILE_
+-T LHASH_OF_ERR_STATE_
+-T LHASH_OF_ERR_STRING_DATA_
+-T LHASH_OF_FUNCTION_
+-T LHASH_OF_MEM_
+-T LHASH_OF_OBJ_NAME_
+-T LHASH_OF_OPENSSL_STRING_
+-T LHASH_OF_SSL_SESSION_
+-T LHASH_OF_STRING_
+-T clock_t
+-T custom_ext_methods
+-T hm_fragment
+-T record_pqueue
+-T ssl_ctx_st
+-T ssl_flag_tbl
+-T ssl_st
+-T ssl_trace_tbl
+-T _stdcall
+-T OPTIONS
+-T OPT_PAIR
+-T uint64_t
+-T int64_t
+-T uint32_t
+-T int32_t
+-T uint16_t
+-T int16_t
+-T uint8_t
+-T int8_t
+-T STRINT_PAIR
+-T felem
+-T felem_bytearray
+-T SH_LIST
+-T PACKET
+-T RECORD_LAYER
+-T ASYNC_CTX
+-T ASYNC_JOB
+-T intmax_t
+-T uintmax_t
+-T pqueue
+-T danetls_record
+-T CTLOG_STORE
+-T OPENSSL_INIT_SETTINGS
+-T OSSL_HANDSHAKE_STATE
+-T OSSL_STATEM
+-T ossl_intmax_t
+-T ossl_intmax_t
+-T ossl_uintmax_t
+-T ossl_uintmax_t
+-T CT_POLICY_EVAL_CTX
+-T RAND_DRBG
+-T RAND_DRBG_CTR
+-T RAND_POOL
+-T RAND_METHOD
diff --git a/trunk/3rdparty/openssl-1.1-fit/util/libcrypto.num b/trunk/3rdparty/openssl-1.1-fit/util/libcrypto.num
new file mode 100644
index 000000000..32c64cb2c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/util/libcrypto.num
@@ -0,0 +1,4581 @@
+d2i_EC_PUBKEY                           1	1_1_0	EXIST::FUNCTION:EC
+b2i_PVK_bio                             2	1_1_0	EXIST::FUNCTION:DSA,RC4
+PEM_read_bio_NETSCAPE_CERT_SEQUENCE     3	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get0_chain               4	1_1_0	EXIST::FUNCTION:
+COMP_expand_block                       5	1_1_0	EXIST::FUNCTION:COMP
+X509V3_get_string                       6	1_1_0	EXIST::FUNCTION:
+TS_MSG_IMPRINT_free                     7	1_1_0	EXIST::FUNCTION:TS
+DES_xcbc_encrypt                        8	1_1_0	EXIST::FUNCTION:DES
+TS_RESP_CTX_new                         9	1_1_0	EXIST::FUNCTION:TS
+PKCS5_PBE_add                           10	1_1_0	EXIST::FUNCTION:
+i2d_DSAparams                           11	1_1_0	EXIST::FUNCTION:DSA
+X509_NAME_get0_der                      12	1_1_0	EXIST::FUNCTION:
+i2d_ESS_ISSUER_SERIAL                   13	1_1_0	EXIST::FUNCTION:TS
+X509at_get_attr_by_NID                  14	1_1_0	EXIST::FUNCTION:
+X509_PUBKEY_set0_param                  15	1_1_0	EXIST::FUNCTION:
+PKCS12_it                               16	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS12_it                               16	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+i2d_ASN1_OCTET_STRING                   17	1_1_0	EXIST::FUNCTION:
+EC_KEY_set_private_key                  18	1_1_0	EXIST::FUNCTION:EC
+SRP_VBASE_get_by_user                   19	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SRP
+Camellia_cfb128_encrypt                 21	1_1_0	EXIST::FUNCTION:CAMELLIA
+DES_ncbc_encrypt                        22	1_1_0	EXIST::FUNCTION:DES
+TS_REQ_get_ext_count                    23	1_1_0	EXIST::FUNCTION:TS
+EVP_aes_128_ocb                         24	1_1_0	EXIST::FUNCTION:OCB
+ASN1_item_d2i_fp                        25	1_1_0	EXIST::FUNCTION:STDIO
+BN_lshift                               26	1_1_0	EXIST::FUNCTION:
+X509_NAME_add_entry_by_NID              27	1_1_0	EXIST::FUNCTION:
+X509V3_add_value_bool                   28	1_1_0	EXIST::FUNCTION:
+GENERAL_NAME_get0_otherName             29	1_1_0	EXIST::FUNCTION:
+ASN1_INTEGER_get_uint64                 30	1_1_0	EXIST::FUNCTION:
+EVP_DigestInit_ex                       31	1_1_0	EXIST::FUNCTION:
+CTLOG_new                               32	1_1_0	EXIST::FUNCTION:CT
+UI_get_result_minsize                   33	1_1_0	EXIST::FUNCTION:
+EVP_PBE_alg_add_type                    34	1_1_0	EXIST::FUNCTION:
+EVP_cast5_ofb                           35	1_1_0	EXIST::FUNCTION:CAST
+d2i_PUBKEY_fp                           36	1_1_0	EXIST::FUNCTION:STDIO
+PKCS7_set_cipher                        37	1_1_0	EXIST::FUNCTION:
+BF_decrypt                              38	1_1_0	EXIST::FUNCTION:BF
+PEM_read_bio_PUBKEY                     39	1_1_0	EXIST::FUNCTION:
+X509_NAME_delete_entry                  40	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_meth_set_verify_recover        41	1_1_0	EXIST::FUNCTION:
+UI_set_method                           42	1_1_0	EXIST::FUNCTION:
+PKCS7_ISSUER_AND_SERIAL_it              43	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_ISSUER_AND_SERIAL_it              43	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EC_GROUP_method_of                      44	1_1_0	EXIST::FUNCTION:EC
+RSA_blinding_on                         45	1_1_0	EXIST::FUNCTION:RSA
+X509_get0_signature                     47	1_1_0	EXIST::FUNCTION:
+X509_REVOKED_get0_extensions            48	1_1_0	EXIST::FUNCTION:
+NETSCAPE_SPKI_verify                    49	1_1_0	EXIST::FUNCTION:
+i2d_OCSP_RESPONSE                       50	1_1_0	EXIST::FUNCTION:OCSP
+ERR_peek_error                          51	1_1_0	EXIST::FUNCTION:
+X509v3_asid_validate_resource_set       52	1_1_0	EXIST::FUNCTION:RFC3779
+PEM_write_bio_Parameters                53	1_1_0	EXIST::FUNCTION:
+CMS_SignerInfo_verify                   54	1_1_0	EXIST::FUNCTION:CMS
+X509v3_asid_is_canonical                55	1_1_0	EXIST::FUNCTION:RFC3779
+ASN1_ENUMERATED_get                     56	1_1_0	EXIST::FUNCTION:
+EVP_MD_do_all_sorted                    57	1_1_0	EXIST::FUNCTION:
+OCSP_crl_reason_str                     58	1_1_0	EXIST::FUNCTION:OCSP
+ENGINE_ctrl_cmd_string                  59	1_1_0	EXIST::FUNCTION:ENGINE
+ENGINE_finish                           60	1_1_0	EXIST::FUNCTION:ENGINE
+SRP_Calc_client_key                     61	1_1_0	EXIST::FUNCTION:SRP
+X509_PUBKEY_free                        62	1_1_0	EXIST::FUNCTION:
+BIO_free_all                            63	1_1_0	EXIST::FUNCTION:
+EVP_idea_ofb                            64	1_1_0	EXIST::FUNCTION:IDEA
+DSO_bind_func                           65	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_meth_get_copy                  66	1_1_0	EXIST::FUNCTION:
+RSA_up_ref                              67	1_1_0	EXIST::FUNCTION:RSA
+EVP_PKEY_meth_set_ctrl                  68	1_1_0	EXIST::FUNCTION:
+OCSP_basic_sign                         69	1_1_0	EXIST::FUNCTION:OCSP
+BN_GENCB_set                            70	1_1_0	EXIST::FUNCTION:
+BN_generate_prime                       71	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_0_9_8
+d2i_DSAPrivateKey_fp                    72	1_1_0	EXIST::FUNCTION:DSA,STDIO
+BIO_nread0                              73	1_1_0	EXIST::FUNCTION:
+NETSCAPE_SPKI_print                     74	1_1_0	EXIST::FUNCTION:
+X509_set_pubkey                         75	1_1_0	EXIST::FUNCTION:
+ASN1_item_print                         76	1_1_0	EXIST::FUNCTION:
+CONF_set_nconf                          77	1_1_0	EXIST::FUNCTION:
+RAND_set_rand_method                    78	1_1_0	EXIST::FUNCTION:
+BN_GF2m_mod_mul                         79	1_1_0	EXIST::FUNCTION:EC2M
+UI_add_input_boolean                    80	1_1_0	EXIST::FUNCTION:
+ASN1_TIME_adj                           81	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_asn1_get0_info                 82	1_1_0	EXIST::FUNCTION:
+BN_add_word                             83	1_1_0	EXIST::FUNCTION:
+EVP_des_ede                             84	1_1_0	EXIST::FUNCTION:DES
+EVP_PKEY_add1_attr_by_OBJ               85	1_1_0	EXIST::FUNCTION:
+ASYNC_WAIT_CTX_get_all_fds              86	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_meth_set_do_cipher           87	1_1_0	EXIST::FUNCTION:
+EVP_set_pw_prompt                       88	1_1_0	EXIST::FUNCTION:
+d2i_OCSP_RESPBYTES                      89	1_1_0	EXIST::FUNCTION:OCSP
+TS_REQ_get_ext_by_NID                   90	1_1_0	EXIST::FUNCTION:TS
+ASN1_item_ndef_i2d                      91	1_1_0	EXIST::FUNCTION:
+OCSP_archive_cutoff_new                 92	1_1_0	EXIST::FUNCTION:OCSP
+DSA_size                                93	1_1_0	EXIST::FUNCTION:DSA
+IPAddressRange_free                     94	1_1_0	EXIST::FUNCTION:RFC3779
+CMS_ContentInfo_free                    95	1_1_0	EXIST::FUNCTION:CMS
+BIO_accept                              96	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SOCK
+X509_VERIFY_PARAM_set1_policies         97	1_1_0	EXIST::FUNCTION:
+SCT_set0_extensions                     98	1_1_0	EXIST::FUNCTION:CT
+PKCS5_pbe2_set_scrypt                   99	1_1_0	EXIST::FUNCTION:SCRYPT
+X509_find_by_subject                    100	1_1_0	EXIST::FUNCTION:
+DSAparams_print                         101	1_1_0	EXIST::FUNCTION:DSA
+BF_set_key                              102	1_1_0	EXIST::FUNCTION:BF
+d2i_DHparams                            103	1_1_0	EXIST::FUNCTION:DH
+i2d_PKCS7_ENC_CONTENT                   104	1_1_0	EXIST::FUNCTION:
+DH_generate_key                         105	1_1_0	EXIST::FUNCTION:DH
+ENGINE_add_conf_module                  106	1_1_0	EXIST::FUNCTION:ENGINE
+BIO_new_socket                          107	1_1_0	EXIST::FUNCTION:SOCK
+ASN1_OBJECT_free                        108	1_1_0	EXIST::FUNCTION:
+X509_REQ_get_extensions                 109	1_1_0	EXIST::FUNCTION:
+X509_get_version                        110	1_1_0	EXIST::FUNCTION:
+OCSP_CERTID_dup                         111	1_1_0	EXIST::FUNCTION:OCSP
+RSA_PSS_PARAMS_free                     112	1_1_0	EXIST::FUNCTION:RSA
+i2d_TS_MSG_IMPRINT                      113	1_1_0	EXIST::FUNCTION:TS
+EC_POINT_mul                            114	1_1_0	EXIST::FUNCTION:EC
+WHIRLPOOL_Final                         115	1_1_0	EXIST::FUNCTION:WHIRLPOOL
+CMS_get1_ReceiptRequest                 116	1_1_0	EXIST::FUNCTION:CMS
+BIO_sock_non_fatal_error                117	1_1_0	EXIST::FUNCTION:SOCK
+HMAC_Update                             118	1_1_0	EXIST::FUNCTION:
+i2d_PKCS12                              119	1_1_0	EXIST::FUNCTION:
+EVP_BytesToKey                          120	1_1_0	EXIST::FUNCTION:
+ENGINE_set_default_pkey_asn1_meths      121	1_1_0	EXIST::FUNCTION:ENGINE
+OCSP_BASICRESP_add1_ext_i2d             122	1_1_0	EXIST::FUNCTION:OCSP
+EVP_camellia_128_ctr                    123	1_1_0	EXIST::FUNCTION:CAMELLIA
+EVP_CIPHER_impl_ctx_size                124	1_1_0	EXIST::FUNCTION:
+X509_CRL_get_nextUpdate                 125	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0
+PKCS12_free                             126	1_1_0	EXIST::FUNCTION:
+CMS_signed_get_attr                     127	1_1_0	EXIST::FUNCTION:CMS
+ENGINE_set_destroy_function             128	1_1_0	EXIST::FUNCTION:ENGINE
+ASN1_STRING_TABLE_add                   129	1_1_0	EXIST::FUNCTION:
+d2i_ASIdentifiers                       130	1_1_0	EXIST::FUNCTION:RFC3779
+i2d_PKCS12_bio                          131	1_1_0	EXIST::FUNCTION:
+X509_to_X509_REQ                        132	1_1_0	EXIST::FUNCTION:
+OCSP_basic_add1_nonce                   133	1_1_0	EXIST::FUNCTION:OCSP
+d2i_OCSP_BASICRESP                      134	1_1_0	EXIST::FUNCTION:OCSP
+X509v3_add_ext                          135	1_1_0	EXIST::FUNCTION:
+X509v3_addr_subset                      136	1_1_0	EXIST::FUNCTION:RFC3779
+CRYPTO_strndup                          137	1_1_0	EXIST::FUNCTION:
+OCSP_REQ_CTX_free                       138	1_1_0	EXIST::FUNCTION:OCSP
+X509_STORE_new                          140	1_1_0	EXIST::FUNCTION:
+ASN1_TYPE_free                          141	1_1_0	EXIST::FUNCTION:
+PKCS12_BAGS_new                         142	1_1_0	EXIST::FUNCTION:
+CMAC_CTX_new                            143	1_1_0	EXIST::FUNCTION:CMAC
+ASIdentifierChoice_new                  144	1_1_0	EXIST::FUNCTION:RFC3779
+EVP_PKEY_asn1_set_public                145	1_1_0	EXIST::FUNCTION:
+IDEA_set_decrypt_key                    146	1_1_0	EXIST::FUNCTION:IDEA
+X509_STORE_CTX_set_flags                147	1_1_0	EXIST::FUNCTION:
+BIO_ADDR_rawmake                        148	1_1_0	EXIST::FUNCTION:SOCK
+EVP_PKEY_asn1_set_ctrl                  149	1_1_0	EXIST::FUNCTION:
+EC_POINTs_mul                           150	1_1_0	EXIST::FUNCTION:EC
+ASN1_get_object                         151	1_1_0	EXIST::FUNCTION:
+i2d_IPAddressFamily                     152	1_1_0	EXIST::FUNCTION:RFC3779
+ENGINE_get_ctrl_function                153	1_1_0	EXIST::FUNCTION:ENGINE
+X509_REVOKED_get_ext_count              154	1_1_0	EXIST::FUNCTION:
+BN_is_prime_fasttest_ex                 155	1_1_0	EXIST::FUNCTION:
+ERR_load_PKCS12_strings                 156	1_1_0	EXIST::FUNCTION:
+EVP_sha384                              157	1_1_0	EXIST::FUNCTION:
+i2d_DHparams                            158	1_1_0	EXIST::FUNCTION:DH
+TS_VERIFY_CTX_set_store                 159	1_1_0	EXIST::FUNCTION:TS
+PKCS12_verify_mac                       160	1_1_0	EXIST::FUNCTION:
+X509v3_addr_canonize                    161	1_1_0	EXIST::FUNCTION:RFC3779
+ASN1_item_ex_i2d                        162	1_1_0	EXIST::FUNCTION:
+ENGINE_set_digests                      163	1_1_0	EXIST::FUNCTION:ENGINE
+PEM_ASN1_read_bio                       164	1_1_0	EXIST::FUNCTION:
+CT_POLICY_EVAL_CTX_free                 165	1_1_0	EXIST::FUNCTION:CT
+CMS_RecipientInfo_kari_get0_ctx         166	1_1_0	EXIST::FUNCTION:CMS
+PKCS7_set_attributes                    167	1_1_0	EXIST::FUNCTION:
+d2i_POLICYQUALINFO                      168	1_1_0	EXIST::FUNCTION:
+EVP_MD_type                             170	1_1_0	EXIST::FUNCTION:
+EVP_PKCS82PKEY                          171	1_1_0	EXIST::FUNCTION:
+BN_generate_prime_ex                    172	1_1_0	EXIST::FUNCTION:
+EVP_EncryptInit                         173	1_1_0	EXIST::FUNCTION:
+RAND_OpenSSL                            174	1_1_0	EXIST::FUNCTION:
+BN_uadd                                 175	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_derive_init                    176	1_1_0	EXIST::FUNCTION:
+PEM_write_bio_ASN1_stream               177	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_delete_attr                    178	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_CTX_key_length               179	1_1_0	EXIST::FUNCTION:
+BIO_clear_flags                         180	1_1_0	EXIST::FUNCTION:
+i2d_DISPLAYTEXT                         181	1_1_0	EXIST::FUNCTION:
+OCSP_response_status                    182	1_1_0	EXIST::FUNCTION:OCSP
+i2d_ASN1_PRINTABLESTRING                183	1_1_0	EXIST::FUNCTION:
+X509_VERIFY_PARAM_set_hostflags         184	1_1_0	EXIST::FUNCTION:
+SCT_get0_log_id                         185	1_1_0	EXIST::FUNCTION:CT
+ASN1_IA5STRING_it                       186	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_IA5STRING_it                       186	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PEM_write_bio_ECPrivateKey              187	1_1_0	EXIST::FUNCTION:EC
+BN_consttime_swap                       188	1_1_0	EXIST::FUNCTION:
+BIO_f_buffer                            189	1_1_0	EXIST::FUNCTION:
+CMS_SignerInfo_get0_signer_id           190	1_1_0	EXIST::FUNCTION:CMS
+TS_TST_INFO_new                         191	1_1_0	EXIST::FUNCTION:TS
+X509_REQ_check_private_key              192	1_1_0	EXIST::FUNCTION:
+EVP_DigestInit                          193	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_meth_find                      194	1_1_0	EXIST::FUNCTION:
+X509_VERIFY_PARAM_get_count             195	1_1_0	EXIST::FUNCTION:
+ASN1_BIT_STRING_get_bit                 196	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_cmp                            197	1_1_0	EXIST::FUNCTION:
+d2i_X509_ALGORS                         198	1_1_0	EXIST::FUNCTION:
+EVP_PKEY2PKCS8                          199	1_1_0	EXIST::FUNCTION:
+BN_nist_mod_256                         200	1_1_0	EXIST::FUNCTION:
+OCSP_request_add0_id                    201	1_1_0	EXIST::FUNCTION:OCSP
+EVP_seed_cfb128                         202	1_1_0	EXIST::FUNCTION:SEED
+BASIC_CONSTRAINTS_free                  203	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_flags                        204	1_1_0	EXIST::FUNCTION:
+PEM_write_bio_ECPKParameters            205	1_1_0	EXIST::FUNCTION:EC
+SCT_set_version                         206	1_1_0	EXIST::FUNCTION:CT
+CMS_add1_ReceiptRequest                 207	1_1_0	EXIST::FUNCTION:CMS
+d2i_CRL_DIST_POINTS                     208	1_1_0	EXIST::FUNCTION:
+X509_CRL_INFO_free                      209	1_1_0	EXIST::FUNCTION:
+ERR_load_UI_strings                     210	1_1_0	EXIST::FUNCTION:
+ERR_load_strings                        211	1_1_0	EXIST::FUNCTION:
+RSA_X931_hash_id                        212	1_1_0	EXIST::FUNCTION:RSA
+EC_KEY_set_method                       213	1_1_0	EXIST::FUNCTION:EC
+PEM_write_PKCS8_PRIV_KEY_INFO           214	1_1_0	EXIST::FUNCTION:STDIO
+X509at_get0_data_by_OBJ                 215	1_1_0	EXIST::FUNCTION:
+b2i_PublicKey_bio                       216	1_1_0	EXIST::FUNCTION:DSA
+s2i_ASN1_OCTET_STRING                   217	1_1_0	EXIST::FUNCTION:
+POLICYINFO_it                           218	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+POLICYINFO_it                           218	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OBJ_create                              219	1_1_0	EXIST::FUNCTION:
+d2i_NOTICEREF                           220	1_1_0	EXIST::FUNCTION:
+BN_get_rfc2409_prime_768                221	1_1_0	EXIST::FUNCTION:
+PEM_read_bio_PKCS8                      222	1_1_0	EXIST::FUNCTION:
+X509_ATTRIBUTE_new                      223	1_1_0	EXIST::FUNCTION:
+ASN1_STRING_TABLE_cleanup               224	1_1_0	EXIST::FUNCTION:
+ASN1_put_eoc                            225	1_1_0	EXIST::FUNCTION:
+EVP_MD_meth_set_input_blocksize         226	1_1_0	EXIST::FUNCTION:
+PKCS12_SAFEBAG_get0_attrs               227	1_1_0	EXIST::FUNCTION:
+PKCS8_get_attr                          228	1_1_0	EXIST::FUNCTION:
+DSAparams_print_fp                      229	1_1_0	EXIST::FUNCTION:DSA,STDIO
+EC_POINT_set_Jprojective_coordinates_GFp 230	1_1_0	EXIST::FUNCTION:EC
+DIST_POINT_NAME_new                     231	1_1_0	EXIST::FUNCTION:
+X509_LOOKUP_file                        232	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_meth_set_decrypt               233	1_1_0	EXIST::FUNCTION:
+EVP_rc2_ecb                             234	1_1_0	EXIST::FUNCTION:RC2
+i2b_PublicKey_bio                       235	1_1_0	EXIST::FUNCTION:DSA
+d2i_ASN1_SET_ANY                        236	1_1_0	EXIST::FUNCTION:
+ASN1_item_i2d                           238	1_1_0	EXIST::FUNCTION:
+OCSP_copy_nonce                         239	1_1_0	EXIST::FUNCTION:OCSP
+OBJ_txt2nid                             240	1_1_0	EXIST::FUNCTION:
+SEED_set_key                            241	1_1_0	EXIST::FUNCTION:SEED
+EC_KEY_clear_flags                      242	1_1_0	EXIST::FUNCTION:EC
+CMS_RecipientInfo_ktri_get0_algs        243	1_1_0	EXIST::FUNCTION:CMS
+i2d_EC_PUBKEY                           244	1_1_0	EXIST::FUNCTION:EC
+MDC2                                    245	1_1_0	EXIST::FUNCTION:MDC2
+BN_clear_free                           246	1_1_0	EXIST::FUNCTION:
+ENGINE_get_pkey_asn1_meths              247	1_1_0	EXIST::FUNCTION:ENGINE
+DSO_merge                               248	1_1_0	EXIST::FUNCTION:
+RSA_get_ex_data                         249	1_1_0	EXIST::FUNCTION:RSA
+EVP_PKEY_meth_get_decrypt               250	1_1_0	EXIST::FUNCTION:
+DES_cfb_encrypt                         251	1_1_0	EXIST::FUNCTION:DES
+CMS_SignerInfo_set1_signer_cert         252	1_1_0	EXIST::FUNCTION:CMS
+X509_CRL_http_nbio                      253	1_1_0	EXIST::FUNCTION:OCSP
+ENGINE_register_all_ciphers             254	1_1_0	EXIST::FUNCTION:ENGINE
+SXNET_new                               255	1_1_0	EXIST::FUNCTION:
+EVP_camellia_256_ctr                    256	1_1_0	EXIST::FUNCTION:CAMELLIA
+d2i_PKCS8_PRIV_KEY_INFO                 257	1_1_0	EXIST::FUNCTION:
+EVP_md2                                 259	1_1_0	EXIST::FUNCTION:MD2
+RC2_ecb_encrypt                         260	1_1_0	EXIST::FUNCTION:RC2
+ENGINE_register_DH                      261	1_1_0	EXIST::FUNCTION:ENGINE
+ASN1_NULL_free                          262	1_1_0	EXIST::FUNCTION:
+EC_KEY_copy                             263	1_1_0	EXIST::FUNCTION:EC
+EVP_des_ede3                            264	1_1_0	EXIST::FUNCTION:DES
+PKCS7_add1_attrib_digest                265	1_1_0	EXIST::FUNCTION:
+EC_POINT_get_affine_coordinates_GFp     266	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_2_0,EC
+EVP_seed_ecb                            267	1_1_0	EXIST::FUNCTION:SEED
+BIO_dgram_sctp_wait_for_dry             268	1_1_0	EXIST::FUNCTION:DGRAM,SCTP
+ASN1_OCTET_STRING_NDEF_it               269	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_OCTET_STRING_NDEF_it               269	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_PKEY_asn1_get_count                 270	1_1_0	EXIST::FUNCTION:
+WHIRLPOOL_Init                          271	1_1_0	EXIST::FUNCTION:WHIRLPOOL
+EVP_OpenInit                            272	1_1_0	EXIST::FUNCTION:RSA
+OCSP_response_get1_basic                273	1_1_0	EXIST::FUNCTION:OCSP
+CRYPTO_gcm128_tag                       274	1_1_0	EXIST::FUNCTION:
+OCSP_parse_url                          275	1_1_0	EXIST::FUNCTION:OCSP
+UI_get0_test_string                     276	1_1_0	EXIST::FUNCTION:
+CRYPTO_secure_free                      277	1_1_0	EXIST::FUNCTION:
+DSA_print_fp                            278	1_1_0	EXIST::FUNCTION:DSA,STDIO
+X509_get_ext_d2i                        279	1_1_0	EXIST::FUNCTION:
+d2i_PKCS7_ENC_CONTENT                   280	1_1_0	EXIST::FUNCTION:
+BUF_MEM_grow                            281	1_1_0	EXIST::FUNCTION:
+TS_REQ_free                             282	1_1_0	EXIST::FUNCTION:TS
+PEM_read_DHparams                       283	1_1_0	EXIST::FUNCTION:DH,STDIO
+RSA_private_decrypt                     284	1_1_0	EXIST::FUNCTION:RSA
+X509V3_EXT_get_nid                      285	1_1_0	EXIST::FUNCTION:
+BIO_s_log                               286	1_1_0	EXIST::FUNCTION:
+EC_POINT_set_to_infinity                287	1_1_0	EXIST::FUNCTION:EC
+EVP_des_ede_ofb                         288	1_1_0	EXIST::FUNCTION:DES
+ECDH_KDF_X9_62                          289	1_1_0	EXIST::FUNCTION:EC
+ASN1_UNIVERSALSTRING_to_string          290	1_1_0	EXIST::FUNCTION:
+CRYPTO_gcm128_setiv                     291	1_1_0	EXIST::FUNCTION:
+ASN1_PCTX_set_oid_flags                 292	1_1_0	EXIST::FUNCTION:
+d2i_ASN1_INTEGER                        293	1_1_0	EXIST::FUNCTION:
+i2d_PKCS7_ENCRYPT                       294	1_1_0	EXIST::FUNCTION:
+CT_POLICY_EVAL_CTX_set1_issuer          295	1_1_0	EXIST::FUNCTION:CT
+X509_NAME_ENTRY_set                     296	1_1_0	EXIST::FUNCTION:
+PKCS8_set0_pbe                          297	1_1_0	EXIST::FUNCTION:
+PEM_write_bio_DSA_PUBKEY                298	1_1_0	EXIST::FUNCTION:DSA
+PEM_X509_INFO_read_bio                  299	1_1_0	EXIST::FUNCTION:
+EC_GROUP_get0_order                     300	1_1_0	EXIST::FUNCTION:EC
+OCSP_BASICRESP_delete_ext               301	1_1_0	EXIST::FUNCTION:OCSP
+PKCS12_get_attr_gen                     302	1_1_0	EXIST::FUNCTION:
+PKCS12_SAFEBAG_get0_safes               303	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_derive                         304	1_1_0	EXIST::FUNCTION:
+OCSP_BASICRESP_get_ext_by_NID           305	1_1_0	EXIST::FUNCTION:OCSP
+OBJ_dup                                 306	1_1_0	EXIST::FUNCTION:
+CMS_signed_get_attr_count               307	1_1_0	EXIST::FUNCTION:CMS
+EC_get_builtin_curves                   308	1_1_0	EXIST::FUNCTION:EC
+i2d_ASN1_IA5STRING                      309	1_1_0	EXIST::FUNCTION:
+OCSP_check_nonce                        310	1_1_0	EXIST::FUNCTION:OCSP
+X509_STORE_CTX_init                     311	1_1_0	EXIST::FUNCTION:
+OCSP_RESPONSE_free                      312	1_1_0	EXIST::FUNCTION:OCSP
+ENGINE_set_DH                           313	1_1_0	EXIST::FUNCTION:ENGINE
+EVP_CIPHER_CTX_set_flags                314	1_1_0	EXIST::FUNCTION:
+err_free_strings_int                    315	1_1_0	EXIST::FUNCTION:
+PEM_write_bio_PKCS7_stream              316	1_1_0	EXIST::FUNCTION:
+d2i_X509_CERT_AUX                       317	1_1_0	EXIST::FUNCTION:
+UI_process                              318	1_1_0	EXIST::FUNCTION:
+X509_get_subject_name                   319	1_1_0	EXIST::FUNCTION:
+DH_get_1024_160                         320	1_1_0	EXIST::FUNCTION:DH
+i2d_ASN1_UNIVERSALSTRING                321	1_1_0	EXIST::FUNCTION:
+d2i_OCSP_RESPID                         322	1_1_0	EXIST::FUNCTION:OCSP
+BIO_s_accept                            323	1_1_0	EXIST::FUNCTION:SOCK
+EVP_whirlpool                           324	1_1_0	EXIST::FUNCTION:WHIRLPOOL
+OCSP_ONEREQ_get1_ext_d2i                325	1_1_0	EXIST::FUNCTION:OCSP
+d2i_ESS_SIGNING_CERT                    326	1_1_0	EXIST::FUNCTION:TS
+EC_KEY_set_default_method               327	1_1_0	EXIST::FUNCTION:EC
+X509_OBJECT_up_ref_count                328	1_1_0	EXIST::FUNCTION:
+RAND_load_file                          329	1_1_0	EXIST::FUNCTION:
+BIO_ctrl_reset_read_request             330	1_1_0	EXIST::FUNCTION:
+CRYPTO_ccm128_tag                       331	1_1_0	EXIST::FUNCTION:
+BIO_new_dgram_sctp                      332	1_1_0	EXIST::FUNCTION:DGRAM,SCTP
+d2i_RSAPrivateKey_fp                    333	1_1_0	EXIST::FUNCTION:RSA,STDIO
+s2i_ASN1_IA5STRING                      334	1_1_0	EXIST::FUNCTION:
+UI_get_ex_data                          335	1_1_0	EXIST::FUNCTION:
+EVP_EncryptUpdate                       336	1_1_0	EXIST::FUNCTION:
+SRP_create_verifier                     337	1_1_0	EXIST::FUNCTION:SRP
+TS_TST_INFO_print_bio                   338	1_1_0	EXIST::FUNCTION:TS
+X509_NAME_get_index_by_OBJ              339	1_1_0	EXIST::FUNCTION:
+BIO_get_host_ip                         340	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SOCK
+PKCS7_add_certificate                   341	1_1_0	EXIST::FUNCTION:
+TS_REQ_get_ext                          342	1_1_0	EXIST::FUNCTION:TS
+X509_NAME_cmp                           343	1_1_0	EXIST::FUNCTION:
+DIST_POINT_it                           344	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+DIST_POINT_it                           344	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PEM_read_X509_CRL                       345	1_1_0	EXIST::FUNCTION:STDIO
+OPENSSL_sk_sort                         346	1_1_0	EXIST::FUNCTION:
+CTLOG_STORE_load_file                   347	1_1_0	EXIST::FUNCTION:CT
+ASN1_SEQUENCE_it                        348	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_SEQUENCE_it                        348	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+TS_RESP_CTX_get_tst_info                349	1_1_0	EXIST::FUNCTION:TS
+RC4                                     350	1_1_0	EXIST::FUNCTION:RC4
+PKCS7_stream                            352	1_1_0	EXIST::FUNCTION:
+i2t_ASN1_OBJECT                         353	1_1_0	EXIST::FUNCTION:
+EC_GROUP_get0_generator                 354	1_1_0	EXIST::FUNCTION:EC
+RSA_padding_add_PKCS1_PSS_mgf1          355	1_1_0	EXIST::FUNCTION:RSA
+EVP_MD_meth_set_init                    356	1_1_0	EXIST::FUNCTION:
+X509_get_issuer_name                    357	1_1_0	EXIST::FUNCTION:
+EVP_SignFinal                           358	1_1_0	EXIST::FUNCTION:
+PKCS12_mac_present                      359	1_1_0	EXIST::FUNCTION:
+d2i_PUBKEY_bio                          360	1_1_0	EXIST::FUNCTION:
+BN_asc2bn                               361	1_1_0	EXIST::FUNCTION:
+EVP_desx_cbc                            362	1_1_0	EXIST::FUNCTION:DES
+SXNETID_it                              363	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+SXNETID_it                              363	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+CRYPTO_gcm128_encrypt                   364	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_ctrl_str                   365	1_1_0	EXIST::FUNCTION:
+CMS_signed_add1_attr_by_txt             366	1_1_0	EXIST::FUNCTION:CMS
+i2d_NETSCAPE_SPKAC                      367	1_1_0	EXIST::FUNCTION:
+X509V3_add_value_bool_nf                368	1_1_0	EXIST::FUNCTION:
+ASN1_item_verify                        369	1_1_0	EXIST::FUNCTION:
+SEED_ecb_encrypt                        370	1_1_0	EXIST::FUNCTION:SEED
+X509_PUBKEY_get0_param                  371	1_1_0	EXIST::FUNCTION:
+ASN1_i2d_fp                             372	1_1_0	EXIST::FUNCTION:STDIO
+BIO_new_mem_buf                         373	1_1_0	EXIST::FUNCTION:
+UI_get_input_flags                      374	1_1_0	EXIST::FUNCTION:
+X509V3_EXT_REQ_add_nconf                375	1_1_0	EXIST::FUNCTION:
+X509v3_asid_subset                      376	1_1_0	EXIST::FUNCTION:RFC3779
+RSA_check_key_ex                        377	1_1_0	EXIST::FUNCTION:RSA
+d2i_TS_MSG_IMPRINT_bio                  378	1_1_0	EXIST::FUNCTION:TS
+i2d_ASN1_TYPE                           379	1_1_0	EXIST::FUNCTION:
+EVP_aes_256_wrap_pad                    380	1_1_0	EXIST::FUNCTION:
+CMS_RecipientInfo_kekri_id_cmp          381	1_1_0	EXIST::FUNCTION:CMS
+X509_VERIFY_PARAM_get0_peername         382	1_1_0	EXIST::FUNCTION:
+ASN1_PCTX_get_oid_flags                 383	1_1_0	EXIST::FUNCTION:
+CONF_free                               384	1_1_0	EXIST::FUNCTION:
+DSO_get_filename                        385	1_1_0	EXIST::FUNCTION:
+i2d_ASN1_SEQUENCE_ANY                   387	1_1_0	EXIST::FUNCTION:
+OPENSSL_strlcpy                         388	1_1_0	EXIST::FUNCTION:
+BIO_get_port                            389	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SOCK
+DISPLAYTEXT_free                        390	1_1_0	EXIST::FUNCTION:
+BN_div                                  391	1_1_0	EXIST::FUNCTION:
+RIPEMD160_Update                        392	1_1_0	EXIST::FUNCTION:RMD160
+PEM_write_bio_CMS                       393	1_1_0	EXIST::FUNCTION:CMS
+ASN1_OBJECT_new                         394	1_1_0	EXIST::FUNCTION:
+EVP_des_ede3_cfb8                       395	1_1_0	EXIST::FUNCTION:DES
+BIO_dump_indent_fp                      396	1_1_0	EXIST::FUNCTION:STDIO
+X509_NAME_ENTRY_get_data                397	1_1_0	EXIST::FUNCTION:
+BIO_socket                              398	1_1_0	EXIST::FUNCTION:SOCK
+EVP_PKEY_meth_get_derive                399	1_1_0	EXIST::FUNCTION:
+ASN1_STRING_clear_free                  400	1_1_0	EXIST::FUNCTION:
+d2i_OCSP_REVOKEDINFO                    401	1_1_0	EXIST::FUNCTION:OCSP
+ASN1_STRING_print_ex_fp                 402	1_1_0	EXIST::FUNCTION:STDIO
+PKCS7_SIGNED_new                        403	1_1_0	EXIST::FUNCTION:
+CMS_get0_eContentType                   404	1_1_0	EXIST::FUNCTION:CMS
+HMAC_Final                              405	1_1_0	EXIST::FUNCTION:
+X509_CRL_delete_ext                     406	1_1_0	EXIST::FUNCTION:
+TS_TST_INFO_get_ordering                407	1_1_0	EXIST::FUNCTION:TS
+X509_get_extended_key_usage             408	1_1_0	EXIST::FUNCTION:
+ERR_print_errors                        409	1_1_0	EXIST::FUNCTION:
+X509_REVOKED_set_revocationDate         410	1_1_0	EXIST::FUNCTION:
+EVP_CipherFinal_ex                      411	1_1_0	EXIST::FUNCTION:
+d2i_DSA_PUBKEY                          412	1_1_0	EXIST::FUNCTION:DSA
+BN_CTX_get                              413	1_1_0	EXIST::FUNCTION:
+BN_to_montgomery                        414	1_1_0	EXIST::FUNCTION:
+X509_OBJECT_get0_X509_CRL               415	1_1_0	EXIST::FUNCTION:
+EVP_camellia_128_cfb8                   416	1_1_0	EXIST::FUNCTION:CAMELLIA
+EC_KEY_METHOD_free                      417	1_1_0	EXIST::FUNCTION:EC
+TS_TST_INFO_set_policy_id               418	1_1_0	EXIST::FUNCTION:TS
+d2i_EXTENDED_KEY_USAGE                  419	1_1_0	EXIST::FUNCTION:
+ASYNC_unblock_pause                     420	1_1_0	EXIST::FUNCTION:
+i2d_X509_VAL                            421	1_1_0	EXIST::FUNCTION:
+ASN1_SCTX_get_flags                     422	1_1_0	EXIST::FUNCTION:
+RIPEMD160                               423	1_1_0	EXIST::FUNCTION:RMD160
+CRYPTO_ocb128_setiv                     424	1_1_0	EXIST::FUNCTION:OCB
+X509_CRL_digest                         425	1_1_0	EXIST::FUNCTION:
+EVP_aes_128_cbc_hmac_sha1               426	1_1_0	EXIST::FUNCTION:
+ERR_load_CMS_strings                    427	1_1_0	EXIST::FUNCTION:CMS
+EVP_MD_CTX_md                           428	1_1_0	EXIST::FUNCTION:
+X509_REVOKED_get_ext                    429	1_1_0	EXIST::FUNCTION:
+d2i_RSA_PSS_PARAMS                      430	1_1_0	EXIST::FUNCTION:RSA
+USERNOTICE_free                         431	1_1_0	EXIST::FUNCTION:
+MD4_Transform                           432	1_1_0	EXIST::FUNCTION:MD4
+EVP_CIPHER_block_size                   433	1_1_0	EXIST::FUNCTION:
+CERTIFICATEPOLICIES_new                 434	1_1_0	EXIST::FUNCTION:
+BIO_dump_fp                             435	1_1_0	EXIST::FUNCTION:STDIO
+BIO_set_flags                           436	1_1_0	EXIST::FUNCTION:
+BN_is_one                               437	1_1_0	EXIST::FUNCTION:
+TS_CONF_set_def_policy                  438	1_1_0	EXIST::FUNCTION:TS
+DSA_free                                439	1_1_0	EXIST::FUNCTION:DSA
+BN_GENCB_new                            440	1_1_0	EXIST::FUNCTION:
+X509_VAL_new                            441	1_1_0	EXIST::FUNCTION:
+NCONF_load                              442	1_1_0	EXIST::FUNCTION:
+ASN1_put_object                         443	1_1_0	EXIST::FUNCTION:
+d2i_OCSP_RESPONSE                       444	1_1_0	EXIST::FUNCTION:OCSP
+d2i_PublicKey                           445	1_1_0	EXIST::FUNCTION:
+ENGINE_set_ex_data                      446	1_1_0	EXIST::FUNCTION:ENGINE
+X509_get_default_private_dir            447	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_set0_dane                448	1_1_0	EXIST::FUNCTION:
+EVP_des_ecb                             449	1_1_0	EXIST::FUNCTION:DES
+OCSP_resp_get0                          450	1_1_0	EXIST::FUNCTION:OCSP
+RSA_X931_generate_key_ex                452	1_1_0	EXIST::FUNCTION:RSA
+X509_get_serialNumber                   453	1_1_0	EXIST::FUNCTION:
+BIO_sock_should_retry                   454	1_1_0	EXIST::FUNCTION:SOCK
+ENGINE_get_digests                      455	1_1_0	EXIST::FUNCTION:ENGINE
+TS_MSG_IMPRINT_get_algo                 456	1_1_0	EXIST::FUNCTION:TS
+DH_new_method                           457	1_1_0	EXIST::FUNCTION:DH
+BF_ecb_encrypt                          458	1_1_0	EXIST::FUNCTION:BF
+PEM_write_bio_DHparams                  459	1_1_0	EXIST::FUNCTION:DH
+EVP_DigestFinal                         460	1_1_0	EXIST::FUNCTION:
+CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE 461	1_1_0	EXIST::FUNCTION:CT
+X509v3_asid_add_id_or_range             462	1_1_0	EXIST::FUNCTION:RFC3779
+X509_NAME_ENTRY_create_by_NID           463	1_1_0	EXIST::FUNCTION:
+EC_KEY_METHOD_get_init                  464	1_1_0	EXIST::FUNCTION:EC
+ASN1_INTEGER_to_BN                      465	1_1_0	EXIST::FUNCTION:
+OPENSSL_memcmp                          466	1_1_0	EXIST::FUNCTION:
+BUF_MEM_new                             467	1_1_0	EXIST::FUNCTION:
+DSO_set_filename                        468	1_1_0	EXIST::FUNCTION:
+DH_new                                  469	1_1_0	EXIST::FUNCTION:DH
+OCSP_RESPID_free                        470	1_1_0	EXIST::FUNCTION:OCSP
+PKCS5_pbe2_set                          471	1_1_0	EXIST::FUNCTION:
+SCT_set_signature_nid                   473	1_1_0	EXIST::FUNCTION:CT
+i2d_RSA_PUBKEY_fp                       474	1_1_0	EXIST::FUNCTION:RSA,STDIO
+PKCS12_BAGS_it                          475	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS12_BAGS_it                          475	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_pubkey_digest                      476	1_1_0	EXIST::FUNCTION:
+ENGINE_register_all_RSA                 477	1_1_0	EXIST::FUNCTION:ENGINE
+CRYPTO_THREAD_set_local                 478	1_1_0	EXIST::FUNCTION:
+X509_get_default_cert_dir_env           479	1_1_0	EXIST::FUNCTION:
+X509_CRL_sort                           480	1_1_0	EXIST::FUNCTION:
+i2d_RSA_PUBKEY_bio                      481	1_1_0	EXIST::FUNCTION:RSA
+ASN1_T61STRING_free                     482	1_1_0	EXIST::FUNCTION:
+PEM_write_CMS                           483	1_1_0	EXIST::FUNCTION:CMS,STDIO
+OPENSSL_sk_find                         484	1_1_0	EXIST::FUNCTION:
+ENGINE_get_ciphers                      485	1_1_0	EXIST::FUNCTION:ENGINE
+EVP_rc2_ofb                             486	1_1_0	EXIST::FUNCTION:RC2
+EVP_PKEY_set1_RSA                       487	1_1_0	EXIST::FUNCTION:RSA
+CMS_SignerInfo_get0_md_ctx              488	1_1_0	EXIST::FUNCTION:CMS
+X509_STORE_set_trust                    489	1_1_0	EXIST::FUNCTION:
+d2i_POLICYINFO                          490	1_1_0	EXIST::FUNCTION:
+DES_cbc_encrypt                         491	1_1_0	EXIST::FUNCTION:DES
+BN_GF2m_mod_sqr_arr                     492	1_1_0	EXIST::FUNCTION:EC2M
+ASN1_PRINTABLESTRING_it                 493	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_PRINTABLESTRING_it                 493	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+BIO_f_cipher                            494	1_1_0	EXIST::FUNCTION:
+UI_destroy_method                       495	1_1_0	EXIST::FUNCTION:
+BN_get_rfc3526_prime_3072               496	1_1_0	EXIST::FUNCTION:
+X509_INFO_new                           497	1_1_0	EXIST::FUNCTION:
+OCSP_RESPDATA_it                        498	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP
+OCSP_RESPDATA_it                        498	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP
+X509_CRL_print                          499	1_1_0	EXIST::FUNCTION:
+WHIRLPOOL_Update                        500	1_1_0	EXIST::FUNCTION:WHIRLPOOL
+DSA_get_ex_data                         501	1_1_0	EXIST::FUNCTION:DSA
+BN_copy                                 502	1_1_0	EXIST::FUNCTION:
+FIPS_mode_set                           503	1_1_0	EXIST::FUNCTION:
+X509_VERIFY_PARAM_add0_policy           504	1_1_0	EXIST::FUNCTION:
+PKCS7_cert_from_signer_info             505	1_1_0	EXIST::FUNCTION:
+X509_TRUST_get_trust                    506	1_1_0	EXIST::FUNCTION:
+DES_string_to_key                       507	1_1_0	EXIST::FUNCTION:DES
+ERR_error_string                        508	1_1_0	EXIST::FUNCTION:
+BIO_new_connect                         509	1_1_0	EXIST::FUNCTION:SOCK
+DSA_new_method                          511	1_1_0	EXIST::FUNCTION:DSA
+OCSP_CERTID_new                         512	1_1_0	EXIST::FUNCTION:OCSP
+X509_CRL_get_signature_nid              513	1_1_0	EXIST::FUNCTION:
+X509_policy_level_node_count            514	1_1_0	EXIST::FUNCTION:
+d2i_OCSP_CERTSTATUS                     515	1_1_0	EXIST::FUNCTION:OCSP
+X509V3_add1_i2d                         516	1_1_0	EXIST::FUNCTION:
+TS_TST_INFO_set_serial                  517	1_1_0	EXIST::FUNCTION:TS
+OCSP_RESPBYTES_new                      518	1_1_0	EXIST::FUNCTION:OCSP
+OCSP_SINGLERESP_delete_ext              519	1_1_0	EXIST::FUNCTION:OCSP
+EVP_MD_CTX_test_flags                   521	1_1_0	EXIST::FUNCTION:
+X509v3_addr_validate_path               522	1_1_0	EXIST::FUNCTION:RFC3779
+BIO_new_fp                              523	1_1_0	EXIST::FUNCTION:STDIO
+EC_GROUP_set_generator                  524	1_1_0	EXIST::FUNCTION:EC
+CRYPTO_memdup                           525	1_1_0	EXIST::FUNCTION:
+DH_generate_parameters                  526	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_0_9_8,DH
+BN_set_negative                         527	1_1_0	EXIST::FUNCTION:
+i2d_TS_RESP_bio                         528	1_1_0	EXIST::FUNCTION:TS
+ASYNC_WAIT_CTX_set_wait_fd              529	1_1_0	EXIST::FUNCTION:
+ERR_func_error_string                   530	1_1_0	EXIST::FUNCTION:
+ASN1_STRING_data                        531	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0
+X509_CRL_add1_ext_i2d                   532	1_1_0	EXIST::FUNCTION:
+i2d_TS_TST_INFO                         533	1_1_0	EXIST::FUNCTION:TS
+OBJ_sigid_free                          534	1_1_0	EXIST::FUNCTION:
+TS_STATUS_INFO_get0_status              535	1_1_0	EXIST::FUNCTION:TS
+EC_KEY_get_flags                        536	1_1_0	EXIST::FUNCTION:EC
+ASN1_TYPE_cmp                           537	1_1_0	EXIST::FUNCTION:
+i2d_RSAPublicKey                        538	1_1_0	EXIST::FUNCTION:RSA
+EC_GROUP_get_trinomial_basis            539	1_1_0	EXIST::FUNCTION:EC,EC2M
+BIO_ADDRINFO_protocol                   540	1_1_0	EXIST::FUNCTION:SOCK
+i2d_PBKDF2PARAM                         541	1_1_0	EXIST::FUNCTION:
+ENGINE_unregister_RAND                  542	1_1_0	EXIST::FUNCTION:ENGINE
+PEM_write_bio_RSAPrivateKey             543	1_1_0	EXIST::FUNCTION:RSA
+CONF_get_number                         544	1_1_0	EXIST::FUNCTION:
+X509_EXTENSION_get_object               545	1_1_0	EXIST::FUNCTION:
+X509_EXTENSIONS_it                      546	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_EXTENSIONS_it                      546	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EC_POINT_set_compressed_coordinates_GF2m 547	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_2_0,EC,EC2M
+RSA_sign_ASN1_OCTET_STRING              548	1_1_0	EXIST::FUNCTION:RSA
+d2i_X509_CRL_fp                         549	1_1_0	EXIST::FUNCTION:STDIO
+i2d_RSA_PUBKEY                          550	1_1_0	EXIST::FUNCTION:RSA
+EVP_aes_128_ccm                         551	1_1_0	EXIST::FUNCTION:
+ECParameters_print                      552	1_1_0	EXIST::FUNCTION:EC
+OCSP_SINGLERESP_get1_ext_d2i            553	1_1_0	EXIST::FUNCTION:OCSP
+RAND_status                             554	1_1_0	EXIST::FUNCTION:
+EVP_ripemd160                           555	1_1_0	EXIST::FUNCTION:RMD160
+EVP_MD_meth_set_final                   556	1_1_0	EXIST::FUNCTION:
+ENGINE_get_cmd_defns                    557	1_1_0	EXIST::FUNCTION:ENGINE
+d2i_PKEY_USAGE_PERIOD                   558	1_1_0	EXIST::FUNCTION:
+RSAPublicKey_dup                        559	1_1_0	EXIST::FUNCTION:RSA
+RAND_write_file                         560	1_1_0	EXIST::FUNCTION:
+BN_GF2m_mod                             561	1_1_0	EXIST::FUNCTION:EC2M
+EC_GROUP_get_pentanomial_basis          562	1_1_0	EXIST::FUNCTION:EC,EC2M
+X509_CINF_free                          563	1_1_0	EXIST::FUNCTION:
+X509_EXTENSION_free                     564	1_1_0	EXIST::FUNCTION:
+EVP_DigestSignInit                      565	1_1_0	EXIST::FUNCTION:
+CT_POLICY_EVAL_CTX_get0_issuer          566	1_1_0	EXIST::FUNCTION:CT
+TLS_FEATURE_new                         567	1_1_0	EXIST::FUNCTION:
+RSA_get_default_method                  568	1_1_0	EXIST::FUNCTION:RSA
+CRYPTO_cts128_encrypt_block             569	1_1_0	EXIST::FUNCTION:
+ASN1_digest                             570	1_1_0	EXIST::FUNCTION:
+ERR_load_X509V3_strings                 571	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_meth_get_cleanup               572	1_1_0	EXIST::FUNCTION:
+d2i_X509                                574	1_1_0	EXIST::FUNCTION:
+a2i_ASN1_STRING                         575	1_1_0	EXIST::FUNCTION:
+EC_GROUP_get_mont_data                  576	1_1_0	EXIST::FUNCTION:EC
+CMAC_CTX_copy                           577	1_1_0	EXIST::FUNCTION:CMAC
+EVP_camellia_128_cfb128                 579	1_1_0	EXIST::FUNCTION:CAMELLIA
+DH_compute_key_padded                   580	1_1_0	EXIST::FUNCTION:DH
+ERR_load_CONF_strings                   581	1_1_0	EXIST::FUNCTION:
+ESS_ISSUER_SERIAL_dup                   582	1_1_0	EXIST::FUNCTION:TS
+BN_GF2m_mod_exp_arr                     583	1_1_0	EXIST::FUNCTION:EC2M
+ASN1_UTF8STRING_free                    584	1_1_0	EXIST::FUNCTION:
+BN_X931_generate_prime_ex               585	1_1_0	EXIST::FUNCTION:
+ENGINE_get_RAND                         586	1_1_0	EXIST::FUNCTION:ENGINE
+EVP_DecryptInit                         587	1_1_0	EXIST::FUNCTION:
+BN_bin2bn                               588	1_1_0	EXIST::FUNCTION:
+X509_subject_name_hash                  589	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_meth_set_flags               590	1_1_0	EXIST::FUNCTION:
+TS_CONF_set_clock_precision_digits      591	1_1_0	EXIST::FUNCTION:TS
+ASN1_TYPE_set                           592	1_1_0	EXIST::FUNCTION:
+i2d_PKCS8_PRIV_KEY_INFO                 593	1_1_0	EXIST::FUNCTION:
+i2d_PKCS7_bio                           594	1_1_0	EXIST::FUNCTION:
+EVP_MD_meth_get_copy                    595	1_1_0	EXIST::FUNCTION:
+RAND_query_egd_bytes                    596	1_1_0	EXIST::FUNCTION:EGD
+i2d_ASN1_PRINTABLE                      597	1_1_0	EXIST::FUNCTION:
+ENGINE_cmd_is_executable                598	1_1_0	EXIST::FUNCTION:ENGINE
+BIO_puts                                599	1_1_0	EXIST::FUNCTION:
+RSAPublicKey_it                         601	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA
+RSAPublicKey_it                         601	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA
+ISSUING_DIST_POINT_new                  602	1_1_0	EXIST::FUNCTION:
+X509_VAL_it                             603	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_VAL_it                             603	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_DigestVerifyInit                    604	1_1_0	EXIST::FUNCTION:
+i2d_IPAddressChoice                     605	1_1_0	EXIST::FUNCTION:RFC3779
+EVP_md5                                 606	1_1_0	EXIST::FUNCTION:MD5
+ASRange_new                             607	1_1_0	EXIST::FUNCTION:RFC3779
+BN_GF2m_mod_mul_arr                     608	1_1_0	EXIST::FUNCTION:EC2M
+d2i_RSA_OAEP_PARAMS                     609	1_1_0	EXIST::FUNCTION:RSA
+BIO_s_bio                               610	1_1_0	EXIST::FUNCTION:
+OBJ_NAME_add                            611	1_1_0	EXIST::FUNCTION:
+BIO_fd_non_fatal_error                  612	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_set_type                       613	1_1_0	EXIST::FUNCTION:
+ENGINE_get_next                         614	1_1_0	EXIST::FUNCTION:ENGINE
+BN_is_negative                          615	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_get_attr_count                 616	1_1_0	EXIST::FUNCTION:
+X509_REVOKED_get_ext_by_critical        617	1_1_0	EXIST::FUNCTION:
+X509at_get_attr                         618	1_1_0	EXIST::FUNCTION:
+X509_PUBKEY_it                          619	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_PUBKEY_it                          619	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+DES_ede3_ofb64_encrypt                  620	1_1_0	EXIST::FUNCTION:DES
+EC_KEY_METHOD_get_compute_key           621	1_1_0	EXIST::FUNCTION:EC
+RC2_cfb64_encrypt                       622	1_1_0	EXIST::FUNCTION:RC2
+EVP_EncryptFinal_ex                     623	1_1_0	EXIST::FUNCTION:
+ERR_load_RSA_strings                    624	1_1_0	EXIST::FUNCTION:
+CRYPTO_secure_malloc_done               625	1_1_0	EXIST::FUNCTION:
+RSA_OAEP_PARAMS_new                     626	1_1_0	EXIST::FUNCTION:RSA
+X509_NAME_free                          627	1_1_0	EXIST::FUNCTION:
+PKCS12_set_mac                          628	1_1_0	EXIST::FUNCTION:
+UI_get0_result_string                   629	1_1_0	EXIST::FUNCTION:
+TS_RESP_CTX_add_policy                  630	1_1_0	EXIST::FUNCTION:TS
+X509_REQ_dup                            631	1_1_0	EXIST::FUNCTION:
+d2i_DSA_PUBKEY_fp                       633	1_1_0	EXIST::FUNCTION:DSA,STDIO
+OCSP_REQ_CTX_nbio_d2i                   634	1_1_0	EXIST::FUNCTION:OCSP
+d2i_X509_REQ_fp                         635	1_1_0	EXIST::FUNCTION:STDIO
+DH_OpenSSL                              636	1_1_0	EXIST::FUNCTION:DH
+BN_get_rfc3526_prime_8192               637	1_1_0	EXIST::FUNCTION:
+X509_REVOKED_it                         638	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_REVOKED_it                         638	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+CRYPTO_THREAD_write_lock                639	1_1_0	EXIST::FUNCTION:
+X509V3_NAME_from_section                640	1_1_0	EXIST::FUNCTION:
+EC_POINT_set_compressed_coordinates_GFp 641	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_2_0,EC
+OCSP_SINGLERESP_get0_id                 642	1_1_0	EXIST::FUNCTION:OCSP
+UI_add_info_string                      643	1_1_0	EXIST::FUNCTION:
+OBJ_NAME_remove                         644	1_1_0	EXIST::FUNCTION:
+UI_get_method                           645	1_1_0	EXIST::FUNCTION:
+CONF_modules_unload                     646	1_1_0	EXIST::FUNCTION:
+CRYPTO_ccm128_encrypt_ccm64             647	1_1_0	EXIST::FUNCTION:
+CRYPTO_secure_malloc_init               648	1_1_0	EXIST::FUNCTION:
+DSAparams_dup                           649	1_1_0	EXIST::FUNCTION:DSA
+PKCS8_PRIV_KEY_INFO_new                 650	1_1_0	EXIST::FUNCTION:
+TS_RESP_verify_token                    652	1_1_0	EXIST::FUNCTION:TS
+PEM_read_bio_CMS                        653	1_1_0	EXIST::FUNCTION:CMS
+PEM_get_EVP_CIPHER_INFO                 654	1_1_0	EXIST::FUNCTION:
+X509V3_EXT_print                        655	1_1_0	EXIST::FUNCTION:
+i2d_OCSP_SINGLERESP                     656	1_1_0	EXIST::FUNCTION:OCSP
+ESS_CERT_ID_free                        657	1_1_0	EXIST::FUNCTION:TS
+PEM_SignInit                            658	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_CTX_set_key_length           659	1_1_0	EXIST::FUNCTION:
+X509_delete_ext                         660	1_1_0	EXIST::FUNCTION:
+OCSP_resp_get0_produced_at              661	1_1_0	EXIST::FUNCTION:OCSP
+IDEA_encrypt                            662	1_1_0	EXIST::FUNCTION:IDEA
+CRYPTO_nistcts128_encrypt_block         663	1_1_0	EXIST::FUNCTION:
+EVP_MD_do_all                           664	1_1_0	EXIST::FUNCTION:
+EC_KEY_oct2priv                         665	1_1_0	EXIST::FUNCTION:EC
+CONF_parse_list                         666	1_1_0	EXIST::FUNCTION:
+ENGINE_set_table_flags                  667	1_1_0	EXIST::FUNCTION:ENGINE
+EVP_MD_meth_get_ctrl                    668	1_1_0	EXIST::FUNCTION:
+ASN1_TYPE_get_int_octetstring           669	1_1_0	EXIST::FUNCTION:
+PKCS5_pbe_set0_algor                    670	1_1_0	EXIST::FUNCTION:
+ENGINE_get_table_flags                  671	1_1_0	EXIST::FUNCTION:ENGINE
+PKCS12_MAC_DATA_new                     672	1_1_0	EXIST::FUNCTION:
+X509_chain_up_ref                       673	1_1_0	EXIST::FUNCTION:
+OCSP_REQINFO_it                         674	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP
+OCSP_REQINFO_it                         674	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP
+PKCS12_add_localkeyid                   675	1_1_0	EXIST::FUNCTION:
+PKCS12_SAFEBAG_get0_type                676	1_1_0	EXIST::FUNCTION:
+X509_TRUST_set_default                  677	1_1_0	EXIST::FUNCTION:
+TXT_DB_read                             678	1_1_0	EXIST::FUNCTION:
+BN_sub                                  679	1_1_0	EXIST::FUNCTION:
+ASRange_free                            680	1_1_0	EXIST::FUNCTION:RFC3779
+EVP_aes_192_cfb8                        681	1_1_0	EXIST::FUNCTION:
+DSO_global_lookup                       682	1_1_0	EXIST::FUNCTION:
+PKCS7_SIGNER_INFO_it                    683	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_SIGNER_INFO_it                    683	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+CRYPTO_ocb128_copy_ctx                  684	1_1_0	EXIST::FUNCTION:OCB
+TS_REQ_get_ext_d2i                      685	1_1_0	EXIST::FUNCTION:TS
+AES_ige_encrypt                         686	1_1_0	EXIST::FUNCTION:
+d2i_SXNET                               687	1_1_0	EXIST::FUNCTION:
+CTLOG_get0_log_id                       688	1_1_0	EXIST::FUNCTION:CT
+CMS_RecipientInfo_ktri_get0_signer_id   689	1_1_0	EXIST::FUNCTION:CMS
+OCSP_REQUEST_add1_ext_i2d               690	1_1_0	EXIST::FUNCTION:OCSP
+EVP_PBE_CipherInit                      691	1_1_0	EXIST::FUNCTION:
+DSA_dup_DH                              692	1_1_0	EXIST::FUNCTION:DH,DSA
+CONF_imodule_get_value                  693	1_1_0	EXIST::FUNCTION:
+OCSP_id_issuer_cmp                      694	1_1_0	EXIST::FUNCTION:OCSP
+ASN1_INTEGER_free                       695	1_1_0	EXIST::FUNCTION:
+BN_get0_nist_prime_224                  696	1_1_0	EXIST::FUNCTION:
+OPENSSL_isservice                       697	1_1_0	EXIST::FUNCTION:
+DH_compute_key                          698	1_1_0	EXIST::FUNCTION:DH
+TS_RESP_CTX_set_signer_key              699	1_1_0	EXIST::FUNCTION:TS
+i2d_DSAPrivateKey_bio                   700	1_1_0	EXIST::FUNCTION:DSA
+ASN1_item_d2i                           702	1_1_0	EXIST::FUNCTION:
+BIO_int_ctrl                            703	1_1_0	EXIST::FUNCTION:
+CMS_ReceiptRequest_it                   704	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CMS
+CMS_ReceiptRequest_it                   704	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:CMS
+X509_ATTRIBUTE_get0_type                705	1_1_0	EXIST::FUNCTION:
+EVP_MD_meth_set_copy                    706	1_1_0	EXIST::FUNCTION:
+d2i_ASN1_ENUMERATED                     707	1_1_0	EXIST::FUNCTION:
+d2i_ASIdOrRange                         708	1_1_0	EXIST::FUNCTION:RFC3779
+i2s_ASN1_OCTET_STRING                   709	1_1_0	EXIST::FUNCTION:
+X509_add1_reject_object                 710	1_1_0	EXIST::FUNCTION:
+ERR_set_mark                            711	1_1_0	EXIST::FUNCTION:
+d2i_ASN1_VISIBLESTRING                  712	1_1_0	EXIST::FUNCTION:
+X509_NAME_ENTRY_dup                     714	1_1_0	EXIST::FUNCTION:
+X509_certificate_type                   715	1_1_0	EXIST::FUNCTION:
+PKCS7_add_signature                     716	1_1_0	EXIST::FUNCTION:
+OBJ_ln2nid                              717	1_1_0	EXIST::FUNCTION:
+CRYPTO_128_unwrap                       718	1_1_0	EXIST::FUNCTION:
+BIO_new_PKCS7                           719	1_1_0	EXIST::FUNCTION:
+UI_get0_user_data                       720	1_1_0	EXIST::FUNCTION:
+TS_RESP_get_token                       721	1_1_0	EXIST::FUNCTION:TS
+OCSP_RESPID_new                         722	1_1_0	EXIST::FUNCTION:OCSP
+ASN1_SET_ANY_it                         723	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_SET_ANY_it                         723	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_TS_RESP_bio                         724	1_1_0	EXIST::FUNCTION:TS
+PEM_write_X509_REQ                      725	1_1_0	EXIST::FUNCTION:STDIO
+BIO_snprintf                            726	1_1_0	EXIST::FUNCTION:
+EC_POINT_hex2point                      727	1_1_0	EXIST::FUNCTION:EC
+X509v3_get_ext_by_critical              728	1_1_0	EXIST::FUNCTION:
+ENGINE_get_default_RSA                  729	1_1_0	EXIST::FUNCTION:ENGINE
+DSA_sign_setup                          730	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_2_0,DSA
+OPENSSL_sk_new_null                     731	1_1_0	EXIST::FUNCTION:
+PEM_read_PKCS8                          732	1_1_0	EXIST::FUNCTION:STDIO
+BN_mod_sqr                              733	1_1_0	EXIST::FUNCTION:
+CAST_ofb64_encrypt                      734	1_1_0	EXIST::FUNCTION:CAST
+TXT_DB_write                            735	1_1_0	EXIST::FUNCTION:
+OCSP_REQUEST_get1_ext_d2i               736	1_1_0	EXIST::FUNCTION:OCSP
+CMS_unsigned_add1_attr_by_NID           737	1_1_0	EXIST::FUNCTION:CMS
+BN_mod_exp_mont                         738	1_1_0	EXIST::FUNCTION:
+d2i_DHxparams                           739	1_1_0	EXIST::FUNCTION:DH
+DH_size                                 740	1_1_0	EXIST::FUNCTION:DH
+CONF_imodule_get_name                   741	1_1_0	EXIST::FUNCTION:
+ENGINE_get_pkey_meth_engine             742	1_1_0	EXIST::FUNCTION:ENGINE
+OCSP_BASICRESP_free                     743	1_1_0	EXIST::FUNCTION:OCSP
+BN_set_params                           744	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_0_9_8
+BN_add                                  745	1_1_0	EXIST::FUNCTION:
+OPENSSL_sk_free                         746	1_1_0	EXIST::FUNCTION:
+TS_TST_INFO_get_ext_d2i                 747	1_1_0	EXIST::FUNCTION:TS
+RSA_check_key                           748	1_1_0	EXIST::FUNCTION:RSA
+TS_MSG_IMPRINT_set_algo                 749	1_1_0	EXIST::FUNCTION:TS
+BN_nist_mod_521                         750	1_1_0	EXIST::FUNCTION:
+CRYPTO_THREAD_get_local                 751	1_1_0	EXIST::FUNCTION:
+PKCS7_to_TS_TST_INFO                    752	1_1_0	EXIST::FUNCTION:TS
+X509_STORE_CTX_new                      753	1_1_0	EXIST::FUNCTION:
+CTLOG_STORE_new                         754	1_1_0	EXIST::FUNCTION:CT
+EVP_CIPHER_meth_set_cleanup             755	1_1_0	EXIST::FUNCTION:
+d2i_PKCS12_SAFEBAG                      756	1_1_0	EXIST::FUNCTION:
+EVP_MD_pkey_type                        757	1_1_0	EXIST::FUNCTION:
+X509_policy_node_get0_qualifiers        758	1_1_0	EXIST::FUNCTION:
+OCSP_cert_status_str                    759	1_1_0	EXIST::FUNCTION:OCSP
+EVP_MD_meth_get_flags                   760	1_1_0	EXIST::FUNCTION:
+ASN1_ENUMERATED_set                     761	1_1_0	EXIST::FUNCTION:
+UI_UTIL_read_pw                         762	1_1_0	EXIST::FUNCTION:
+PKCS7_ENC_CONTENT_free                  763	1_1_0	EXIST::FUNCTION:
+CMS_RecipientInfo_type                  764	1_1_0	EXIST::FUNCTION:CMS
+OCSP_BASICRESP_get_ext                  765	1_1_0	EXIST::FUNCTION:OCSP
+BN_lebin2bn                             766	1_1_0	EXIST::FUNCTION:
+AES_decrypt                             767	1_1_0	EXIST::FUNCTION:
+BIO_fd_should_retry                     768	1_1_0	EXIST::FUNCTION:
+ASN1_STRING_new                         769	1_1_0	EXIST::FUNCTION:
+ENGINE_init                             770	1_1_0	EXIST::FUNCTION:ENGINE
+TS_RESP_CTX_add_flags                   771	1_1_0	EXIST::FUNCTION:TS
+BIO_gethostbyname                       772	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SOCK
+X509V3_EXT_add                          773	1_1_0	EXIST::FUNCTION:
+UI_add_verify_string                    774	1_1_0	EXIST::FUNCTION:
+EVP_rc5_32_12_16_cfb64                  775	1_1_0	EXIST::FUNCTION:RC5
+PKCS7_dataVerify                        776	1_1_0	EXIST::FUNCTION:
+PKCS7_SIGNER_INFO_free                  777	1_1_0	EXIST::FUNCTION:
+PKCS7_add_attrib_smimecap               778	1_1_0	EXIST::FUNCTION:
+ERR_peek_last_error_line_data           779	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_meth_set_sign                  780	1_1_0	EXIST::FUNCTION:
+ASN1_i2d_bio                            781	1_1_0	EXIST::FUNCTION:
+DSA_verify                              782	1_1_0	EXIST::FUNCTION:DSA
+i2a_ASN1_OBJECT                         783	1_1_0	EXIST::FUNCTION:
+i2d_PKEY_USAGE_PERIOD                   784	1_1_0	EXIST::FUNCTION:
+DSA_new                                 785	1_1_0	EXIST::FUNCTION:DSA
+PEM_read_bio_X509_CRL                   786	1_1_0	EXIST::FUNCTION:
+PKCS7_dataDecode                        787	1_1_0	EXIST::FUNCTION:
+DSA_up_ref                              788	1_1_0	EXIST::FUNCTION:DSA
+EVP_DecryptInit_ex                      789	1_1_0	EXIST::FUNCTION:
+CONF_get1_default_config_file           790	1_1_0	EXIST::FUNCTION:
+CRYPTO_ocb128_encrypt                   791	1_1_0	EXIST::FUNCTION:OCB
+EXTENDED_KEY_USAGE_new                  792	1_1_0	EXIST::FUNCTION:
+EVP_EncryptFinal                        793	1_1_0	EXIST::FUNCTION:
+PEM_write_ECPrivateKey                  794	1_1_0	EXIST::FUNCTION:EC,STDIO
+EVP_CIPHER_meth_set_get_asn1_params     796	1_1_0	EXIST::FUNCTION:
+PKCS7_dataInit                          797	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_app_data               798	1_1_0	EXIST::FUNCTION:
+a2i_GENERAL_NAME                        799	1_1_0	EXIST::FUNCTION:
+SXNETID_new                             800	1_1_0	EXIST::FUNCTION:
+RC4_options                             801	1_1_0	EXIST::FUNCTION:RC4
+BIO_f_null                              802	1_1_0	EXIST::FUNCTION:
+EC_GROUP_set_curve_name                 803	1_1_0	EXIST::FUNCTION:EC
+d2i_PBE2PARAM                           804	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_security_bits                  805	1_1_0	EXIST::FUNCTION:
+PKCS12_unpack_p7encdata                 806	1_1_0	EXIST::FUNCTION:
+X509V3_EXT_i2d                          807	1_1_0	EXIST::FUNCTION:
+X509V3_get_value_bool                   808	1_1_0	EXIST::FUNCTION:
+X509_verify_cert_error_string           809	1_1_0	EXIST::FUNCTION:
+d2i_X509_PUBKEY                         810	1_1_0	EXIST::FUNCTION:
+i2a_ASN1_ENUMERATED                     811	1_1_0	EXIST::FUNCTION:
+PKCS7_ISSUER_AND_SERIAL_new             812	1_1_0	EXIST::FUNCTION:
+d2i_USERNOTICE                          813	1_1_0	EXIST::FUNCTION:
+X509_cmp                                814	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_set1_EC_KEY                    815	1_1_0	EXIST::FUNCTION:EC
+ECPKParameters_print_fp                 816	1_1_0	EXIST::FUNCTION:EC,STDIO
+GENERAL_SUBTREE_free                    817	1_1_0	EXIST::FUNCTION:
+RSA_blinding_off                        818	1_1_0	EXIST::FUNCTION:RSA
+i2d_OCSP_REVOKEDINFO                    819	1_1_0	EXIST::FUNCTION:OCSP
+X509V3_add_standard_extensions          820	1_1_0	EXIST::FUNCTION:
+PEM_write_bio_RSA_PUBKEY                821	1_1_0	EXIST::FUNCTION:RSA
+i2d_ASN1_UTF8STRING                     822	1_1_0	EXIST::FUNCTION:
+TS_REQ_delete_ext                       823	1_1_0	EXIST::FUNCTION:TS
+PKCS7_DIGEST_free                       824	1_1_0	EXIST::FUNCTION:
+OBJ_nid2ln                              825	1_1_0	EXIST::FUNCTION:
+COMP_CTX_new                            826	1_1_0	EXIST::FUNCTION:COMP
+BIO_ADDR_family                         827	1_1_0	EXIST::FUNCTION:SOCK
+OCSP_RESPONSE_it                        828	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP
+OCSP_RESPONSE_it                        828	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP
+BIO_ADDRINFO_socktype                   829	1_1_0	EXIST::FUNCTION:SOCK
+d2i_X509_REQ_bio                        830	1_1_0	EXIST::FUNCTION:
+EVP_PBE_cleanup                         831	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get0_current_crl         832	1_1_0	EXIST::FUNCTION:
+CMS_get0_SignerInfos                    833	1_1_0	EXIST::FUNCTION:CMS
+EVP_PKEY_paramgen                       834	1_1_0	EXIST::FUNCTION:
+PEM_write_PKCS8PrivateKey_nid           835	1_1_0	EXIST::FUNCTION:STDIO
+PKCS7_ATTR_VERIFY_it                    836	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_ATTR_VERIFY_it                    836	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_response_status_str                837	1_1_0	EXIST::FUNCTION:OCSP
+CRYPTO_gcm128_new                       838	1_1_0	EXIST::FUNCTION:
+SMIME_read_PKCS7                        839	1_1_0	EXIST::FUNCTION:
+EC_GROUP_copy                           840	1_1_0	EXIST::FUNCTION:EC
+ENGINE_set_ciphers                      841	1_1_0	EXIST::FUNCTION:ENGINE
+OPENSSL_LH_doall_arg                    842	1_1_0	EXIST::FUNCTION:
+OCSP_REQUEST_get_ext_by_NID             843	1_1_0	EXIST::FUNCTION:OCSP
+X509_REQ_get_attr_by_NID                844	1_1_0	EXIST::FUNCTION:
+PBE2PARAM_new                           845	1_1_0	EXIST::FUNCTION:
+DES_ecb_encrypt                         846	1_1_0	EXIST::FUNCTION:DES
+EVP_camellia_256_ecb                    847	1_1_0	EXIST::FUNCTION:CAMELLIA
+PEM_read_RSA_PUBKEY                     848	1_1_0	EXIST::FUNCTION:RSA,STDIO
+d2i_NETSCAPE_SPKAC                      849	1_1_0	EXIST::FUNCTION:
+ASN1_TIME_check                         851	1_1_0	EXIST::FUNCTION:
+PKCS7_DIGEST_new                        852	1_1_0	EXIST::FUNCTION:
+i2d_TS_TST_INFO_fp                      853	1_1_0	EXIST::FUNCTION:STDIO,TS
+d2i_PKCS8_fp                            854	1_1_0	EXIST::FUNCTION:STDIO
+EVP_PKEY_keygen                         855	1_1_0	EXIST::FUNCTION:
+X509_CRL_dup                            856	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_get_cb                     857	1_1_0	EXIST::FUNCTION:
+X509_STORE_free                         858	1_1_0	EXIST::FUNCTION:
+ECDSA_sign_ex                           859	1_1_0	EXIST::FUNCTION:EC
+TXT_DB_insert                           860	1_1_0	EXIST::FUNCTION:
+EC_POINTs_make_affine                   861	1_1_0	EXIST::FUNCTION:EC
+RSA_padding_add_PKCS1_PSS               862	1_1_0	EXIST::FUNCTION:RSA
+BF_options                              863	1_1_0	EXIST::FUNCTION:BF
+OCSP_BASICRESP_it                       864	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP
+OCSP_BASICRESP_it                       864	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP
+X509_VERIFY_PARAM_get0_name             865	1_1_0	EXIST::FUNCTION:
+TS_RESP_CTX_set_signer_digest           866	1_1_0	EXIST::FUNCTION:TS
+X509_VERIFY_PARAM_set1_email            867	1_1_0	EXIST::FUNCTION:
+BIO_sock_error                          868	1_1_0	EXIST::FUNCTION:SOCK
+RSA_set_default_method                  869	1_1_0	EXIST::FUNCTION:RSA
+BN_GF2m_mod_sqrt_arr                    870	1_1_0	EXIST::FUNCTION:EC2M
+X509_get0_extensions                    871	1_1_0	EXIST::FUNCTION:
+TS_STATUS_INFO_set_status               872	1_1_0	EXIST::FUNCTION:TS
+RSA_verify                              873	1_1_0	EXIST::FUNCTION:RSA
+ASN1_FBOOLEAN_it                        874	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_FBOOLEAN_it                        874	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_ASN1_TIME                           875	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_meth_get_signctx               876	1_1_0	EXIST::FUNCTION:
+EC_KEY_METHOD_set_compute_key           877	1_1_0	EXIST::FUNCTION:EC
+X509_REQ_INFO_free                      878	1_1_0	EXIST::FUNCTION:
+CMS_ReceiptRequest_create0              879	1_1_0	EXIST::FUNCTION:CMS
+EVP_MD_meth_set_cleanup                 880	1_1_0	EXIST::FUNCTION:
+EVP_aes_128_xts                         881	1_1_0	EXIST::FUNCTION:
+TS_RESP_verify_signature                883	1_1_0	EXIST::FUNCTION:TS
+ENGINE_set_pkey_meths                   884	1_1_0	EXIST::FUNCTION:ENGINE
+CMS_EncryptedData_decrypt               885	1_1_0	EXIST::FUNCTION:CMS
+CONF_module_add                         886	1_1_0	EXIST::FUNCTION:
+ASN1_UTCTIME_print                      887	1_1_0	EXIST::FUNCTION:
+X509_REQ_verify                         888	1_1_0	EXIST::FUNCTION:
+X509_VERIFY_PARAM_set_purpose           889	1_1_0	EXIST::FUNCTION:
+i2d_TS_MSG_IMPRINT_bio                  890	1_1_0	EXIST::FUNCTION:TS
+X509_EXTENSION_set_object               891	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_CTX_get_app_data             892	1_1_0	EXIST::FUNCTION:
+CRL_DIST_POINTS_it                      893	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+CRL_DIST_POINTS_it                      893	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+DIRECTORYSTRING_new                     894	1_1_0	EXIST::FUNCTION:
+ERR_load_ASYNC_strings                  895	1_1_0	EXIST::FUNCTION:
+EVP_bf_cfb64                            896	1_1_0	EXIST::FUNCTION:BF
+PKCS7_sign_add_signer                   897	1_1_0	EXIST::FUNCTION:
+X509_print_ex                           898	1_1_0	EXIST::FUNCTION:
+PKCS7_add_recipient                     899	1_1_0	EXIST::FUNCTION:
+OCSP_SINGLERESP_add_ext                 900	1_1_0	EXIST::FUNCTION:OCSP
+d2i_X509_SIG                            901	1_1_0	EXIST::FUNCTION:
+X509_NAME_set                           902	1_1_0	EXIST::FUNCTION:
+OPENSSL_sk_pop                          903	1_1_0	EXIST::FUNCTION:
+ENGINE_register_ciphers                 904	1_1_0	EXIST::FUNCTION:ENGINE
+PKCS5_pbe2_set_iv                       905	1_1_0	EXIST::FUNCTION:
+ASN1_add_stable_module                  906	1_1_0	EXIST::FUNCTION:
+EVP_camellia_128_cbc                    907	1_1_0	EXIST::FUNCTION:CAMELLIA
+COMP_zlib                               908	1_1_0	EXIST::FUNCTION:COMP
+EVP_read_pw_string                      909	1_1_0	EXIST::FUNCTION:
+i2d_ASN1_NULL                           910	1_1_0	EXIST::FUNCTION:
+DES_encrypt1                            911	1_1_0	EXIST::FUNCTION:DES
+BN_mod_lshift1_quick                    912	1_1_0	EXIST::FUNCTION:
+BN_get_rfc3526_prime_6144               913	1_1_0	EXIST::FUNCTION:
+OBJ_obj2txt                             914	1_1_0	EXIST::FUNCTION:
+UI_set_result                           915	1_1_0	EXIST::FUNCTION:
+EVP_EncodeUpdate                        916	1_1_0	EXIST::FUNCTION:
+PEM_write_bio_X509_CRL                  917	1_1_0	EXIST::FUNCTION:
+BN_cmp                                  918	1_1_0	EXIST::FUNCTION:
+CT_POLICY_EVAL_CTX_get0_log_store       919	1_1_0	EXIST::FUNCTION:CT
+CONF_set_default_method                 920	1_1_0	EXIST::FUNCTION:
+ASN1_PCTX_get_nm_flags                  921	1_1_0	EXIST::FUNCTION:
+X509_add1_ext_i2d                       922	1_1_0	EXIST::FUNCTION:
+i2d_PKCS7_RECIP_INFO                    924	1_1_0	EXIST::FUNCTION:
+PKCS1_MGF1                              925	1_1_0	EXIST::FUNCTION:RSA
+BIO_vsnprintf                           926	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get0_current_issuer      927	1_1_0	EXIST::FUNCTION:
+CRYPTO_secure_malloc_initialized        928	1_1_0	EXIST::FUNCTION:
+o2i_SCT_LIST                            929	1_1_0	EXIST::FUNCTION:CT
+ASN1_PCTX_get_cert_flags                930	1_1_0	EXIST::FUNCTION:
+X509at_add1_attr_by_NID                 931	1_1_0	EXIST::FUNCTION:
+DHparams_dup                            932	1_1_0	EXIST::FUNCTION:DH
+X509_get_ext                            933	1_1_0	EXIST::FUNCTION:
+X509_issuer_and_serial_hash             934	1_1_0	EXIST::FUNCTION:
+ASN1_BMPSTRING_it                       935	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_BMPSTRING_it                       935	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PEM_read_EC_PUBKEY                      936	1_1_0	EXIST::FUNCTION:EC,STDIO
+d2i_ASN1_IA5STRING                      937	1_1_0	EXIST::FUNCTION:
+TS_TST_INFO_ext_free                    938	1_1_0	EXIST::FUNCTION:TS
+i2d_X509_CRL_fp                         939	1_1_0	EXIST::FUNCTION:STDIO
+PKCS7_get0_signers                      940	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_set_ex_data              941	1_1_0	EXIST::FUNCTION:
+TS_VERIFY_CTS_set_certs                 942	1_1_0	EXIST::FUNCTION:TS
+BN_MONT_CTX_copy                        943	1_1_0	EXIST::FUNCTION:
+OPENSSL_INIT_new                        945	1_1_0	EXIST::FUNCTION:
+TS_ACCURACY_dup                         946	1_1_0	EXIST::FUNCTION:TS
+i2d_ECPrivateKey                        947	1_1_0	EXIST::FUNCTION:EC
+X509_NAME_ENTRY_create_by_OBJ           948	1_1_0	EXIST::FUNCTION:
+TS_VERIFY_CTX_cleanup                   949	1_1_0	EXIST::FUNCTION:TS
+ASN1_INTEGER_get                        950	1_1_0	EXIST::FUNCTION:
+ASN1_PRINTABLE_it                       951	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_PRINTABLE_it                       951	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_VerifyFinal                         952	1_1_0	EXIST::FUNCTION:
+TS_ASN1_INTEGER_print_bio               953	1_1_0	EXIST::FUNCTION:TS
+X509_NAME_ENTRY_set_object              954	1_1_0	EXIST::FUNCTION:
+BIO_s_socket                            955	1_1_0	EXIST::FUNCTION:SOCK
+EVP_rc5_32_12_16_ecb                    956	1_1_0	EXIST::FUNCTION:RC5
+i2d_PKCS8_bio                           957	1_1_0	EXIST::FUNCTION:
+v2i_ASN1_BIT_STRING                     958	1_1_0	EXIST::FUNCTION:
+PKEY_USAGE_PERIOD_new                   959	1_1_0	EXIST::FUNCTION:
+OBJ_NAME_init                           960	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_meth_set_keygen                961	1_1_0	EXIST::FUNCTION:
+RSA_PSS_PARAMS_new                      962	1_1_0	EXIST::FUNCTION:RSA
+RSA_sign                                963	1_1_0	EXIST::FUNCTION:RSA
+EVP_DigestVerifyFinal                   964	1_1_0	EXIST::FUNCTION:
+d2i_RSA_PUBKEY_bio                      965	1_1_0	EXIST::FUNCTION:RSA
+TS_RESP_dup                             966	1_1_0	EXIST::FUNCTION:TS
+ERR_set_error_data                      967	1_1_0	EXIST::FUNCTION:
+BN_RECP_CTX_new                         968	1_1_0	EXIST::FUNCTION:
+DES_options                             969	1_1_0	EXIST::FUNCTION:DES
+IPAddressChoice_it                      970	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+IPAddressChoice_it                      970	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+ASN1_UNIVERSALSTRING_it                 971	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_UNIVERSALSTRING_it                 971	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_DSAPublicKey                        972	1_1_0	EXIST::FUNCTION:DSA
+ENGINE_get_name                         973	1_1_0	EXIST::FUNCTION:ENGINE
+CRYPTO_THREAD_read_lock                 974	1_1_0	EXIST::FUNCTION:
+ASIdentifierChoice_free                 975	1_1_0	EXIST::FUNCTION:RFC3779
+BIO_dgram_sctp_msg_waiting              976	1_1_0	EXIST::FUNCTION:DGRAM,SCTP
+BN_is_bit_set                           978	1_1_0	EXIST::FUNCTION:
+AES_ofb128_encrypt                      979	1_1_0	EXIST::FUNCTION:
+X509_STORE_add_lookup                   980	1_1_0	EXIST::FUNCTION:
+ASN1_GENERALSTRING_new                  981	1_1_0	EXIST::FUNCTION:
+IDEA_options                            982	1_1_0	EXIST::FUNCTION:IDEA
+d2i_X509_REQ                            983	1_1_0	EXIST::FUNCTION:
+i2d_TS_STATUS_INFO                      984	1_1_0	EXIST::FUNCTION:TS
+X509_PURPOSE_get_by_id                  985	1_1_0	EXIST::FUNCTION:
+X509_get1_ocsp                          986	1_1_0	EXIST::FUNCTION:
+ISSUING_DIST_POINT_free                 987	1_1_0	EXIST::FUNCTION:
+ASN1_UTCTIME_free                       988	1_1_0	EXIST::FUNCTION:
+ERR_load_TS_strings                     989	1_1_0	EXIST::FUNCTION:TS
+BN_nist_mod_func                        990	1_1_0	EXIST::FUNCTION:
+OCSP_ONEREQ_new                         991	1_1_0	EXIST::FUNCTION:OCSP
+DSA_SIG_new                             992	1_1_0	EXIST::FUNCTION:DSA
+DH_get_default_method                   993	1_1_0	EXIST::FUNCTION:DH
+PEM_proc_type                           994	1_1_0	EXIST::FUNCTION:
+BIO_printf                              995	1_1_0	EXIST::FUNCTION:
+a2i_IPADDRESS                           996	1_1_0	EXIST::FUNCTION:
+ERR_peek_error_line_data                997	1_1_0	EXIST::FUNCTION:
+ERR_unload_strings                      998	1_1_0	EXIST::FUNCTION:
+SEED_cfb128_encrypt                     999	1_1_0	EXIST::FUNCTION:SEED
+ASN1_BIT_STRING_it                      1000	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_BIT_STRING_it                      1000	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PKCS12_decrypt_skey                     1001	1_1_0	EXIST::FUNCTION:
+ENGINE_register_EC                      1002	1_1_0	EXIST::FUNCTION:ENGINE
+OCSP_RESPONSE_new                       1003	1_1_0	EXIST::FUNCTION:OCSP
+CRYPTO_cbc128_encrypt                   1004	1_1_0	EXIST::FUNCTION:
+i2d_RSAPublicKey_bio                    1005	1_1_0	EXIST::FUNCTION:RSA
+X509_chain_check_suiteb                 1006	1_1_0	EXIST::FUNCTION:
+i2d_OCSP_REQUEST                        1007	1_1_0	EXIST::FUNCTION:OCSP
+BN_X931_generate_Xpq                    1008	1_1_0	EXIST::FUNCTION:
+ASN1_item_digest                        1009	1_1_0	EXIST::FUNCTION:
+X509_VERIFY_PARAM_set_trust             1010	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get_error                1011	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_meth_set_encrypt               1012	1_1_0	EXIST::FUNCTION:
+ASN1_UTCTIME_it                         1013	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_UTCTIME_it                         1013	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+i2d_DSA_PUBKEY_fp                       1014	1_1_0	EXIST::FUNCTION:DSA,STDIO
+X509at_get_attr_by_OBJ                  1015	1_1_0	EXIST::FUNCTION:
+EVP_MD_CTX_copy_ex                      1016	1_1_0	EXIST::FUNCTION:
+UI_dup_error_string                     1017	1_1_0	EXIST::FUNCTION:
+OPENSSL_LH_num_items                    1018	1_1_0	EXIST::FUNCTION:
+ASN1_INTEGER_cmp                        1020	1_1_0	EXIST::FUNCTION:
+X509_NAME_entry_count                   1021	1_1_0	EXIST::FUNCTION:
+UI_method_set_closer                    1022	1_1_0	EXIST::FUNCTION:
+OPENSSL_LH_get_down_load                1023	1_1_0	EXIST::FUNCTION:
+EVP_md4                                 1024	1_1_0	EXIST::FUNCTION:MD4
+X509_set_subject_name                   1025	1_1_0	EXIST::FUNCTION:
+i2d_PKCS8PrivateKey_nid_bio             1026	1_1_0	EXIST::FUNCTION:
+ERR_put_error                           1027	1_1_0	EXIST::FUNCTION:
+ERR_add_error_data                      1028	1_1_0	EXIST::FUNCTION:
+X509_ALGORS_it                          1029	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_ALGORS_it                          1029	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+MD5_Update                              1030	1_1_0	EXIST::FUNCTION:MD5
+X509_policy_check                       1031	1_1_0	EXIST::FUNCTION:
+X509_CRL_METHOD_new                     1032	1_1_0	EXIST::FUNCTION:
+ASN1_ANY_it                             1033	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_ANY_it                             1033	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_DSA_SIG                             1034	1_1_0	EXIST::FUNCTION:DSA
+DH_free                                 1035	1_1_0	EXIST::FUNCTION:DH
+ENGINE_register_all_DSA                 1036	1_1_0	EXIST::FUNCTION:ENGINE
+TS_REQ_set_msg_imprint                  1037	1_1_0	EXIST::FUNCTION:TS
+BN_mod_sub_quick                        1038	1_1_0	EXIST::FUNCTION:
+SMIME_write_CMS                         1039	1_1_0	EXIST::FUNCTION:CMS
+i2d_DSAPublicKey                        1040	1_1_0	EXIST::FUNCTION:DSA
+SMIME_text                              1042	1_1_0	EXIST::FUNCTION:
+PKCS7_add_recipient_info                1043	1_1_0	EXIST::FUNCTION:
+BN_get_word                             1044	1_1_0	EXIST::FUNCTION:
+EVP_CipherFinal                         1045	1_1_0	EXIST::FUNCTION:
+i2d_X509_bio                            1046	1_1_0	EXIST::FUNCTION:
+X509_EXTENSION_new                      1047	1_1_0	EXIST::FUNCTION:
+X509_getm_notAfter                      1048	1_1_0	EXIST::FUNCTION:
+X509_ALGOR_dup                          1049	1_1_0	EXIST::FUNCTION:
+d2i_X509_REQ_INFO                       1050	1_1_0	EXIST::FUNCTION:
+d2i_EC_PUBKEY_bio                       1051	1_1_0	EXIST::FUNCTION:EC
+X509_STORE_CTX_set_error                1052	1_1_0	EXIST::FUNCTION:
+EC_KEY_METHOD_set_keygen                1053	1_1_0	EXIST::FUNCTION:EC
+CRYPTO_free                             1054	1_1_0	EXIST::FUNCTION:
+BN_GF2m_mod_exp                         1055	1_1_0	EXIST::FUNCTION:EC2M
+OPENSSL_buf2hexstr                      1056	1_1_0	EXIST::FUNCTION:
+DES_encrypt2                            1057	1_1_0	EXIST::FUNCTION:DES
+DH_up_ref                               1058	1_1_0	EXIST::FUNCTION:DH
+RC2_ofb64_encrypt                       1059	1_1_0	EXIST::FUNCTION:RC2
+PKCS12_pbe_crypt                        1060	1_1_0	EXIST::FUNCTION:
+ASIdentifiers_free                      1061	1_1_0	EXIST::FUNCTION:RFC3779
+X509_VERIFY_PARAM_get0                  1062	1_1_0	EXIST::FUNCTION:
+EVP_MD_meth_get_input_blocksize         1063	1_1_0	EXIST::FUNCTION:
+TS_ACCURACY_get_micros                  1064	1_1_0	EXIST::FUNCTION:TS
+PKCS12_SAFEBAG_create_cert              1065	1_1_0	EXIST::FUNCTION:
+CRYPTO_mem_debug_malloc                 1066	1_1_0	EXIST::FUNCTION:CRYPTO_MDEBUG
+RAND_seed                               1067	1_1_0	EXIST::FUNCTION:
+NETSCAPE_SPKAC_free                     1068	1_1_0	EXIST::FUNCTION:
+X509_CRL_diff                           1069	1_1_0	EXIST::FUNCTION:
+X509_VERIFY_PARAM_set_flags             1070	1_1_0	EXIST::FUNCTION:
+X509_EXTENSION_set_data                 1071	1_1_0	EXIST::FUNCTION:
+ENGINE_get_EC                           1072	1_1_0	EXIST::FUNCTION:ENGINE
+ASN1_STRING_copy                        1073	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_encrypt_old                    1074	1_1_0	EXIST::FUNCTION:
+OPENSSL_LH_free                         1075	1_1_0	EXIST::FUNCTION:
+DES_is_weak_key                         1076	1_1_0	EXIST::FUNCTION:DES
+EVP_PKEY_verify                         1077	1_1_0	EXIST::FUNCTION:
+ERR_load_BIO_strings                    1078	1_1_0	EXIST::FUNCTION:
+BIO_nread                               1079	1_1_0	EXIST::FUNCTION:
+PEM_read_bio_RSAPrivateKey              1080	1_1_0	EXIST::FUNCTION:RSA
+OBJ_nid2obj                             1081	1_1_0	EXIST::FUNCTION:
+CRYPTO_ofb128_encrypt                   1082	1_1_0	EXIST::FUNCTION:
+ENGINE_set_init_function                1083	1_1_0	EXIST::FUNCTION:ENGINE
+NCONF_default                           1084	1_1_0	EXIST::FUNCTION:
+ENGINE_remove                           1085	1_1_0	EXIST::FUNCTION:ENGINE
+ASYNC_get_current_job                   1086	1_1_0	EXIST::FUNCTION:
+OBJ_nid2sn                              1087	1_1_0	EXIST::FUNCTION:
+X509_gmtime_adj                         1088	1_1_0	EXIST::FUNCTION:
+X509_add_ext                            1089	1_1_0	EXIST::FUNCTION:
+ENGINE_set_DSA                          1090	1_1_0	EXIST::FUNCTION:ENGINE
+EC_KEY_METHOD_set_sign                  1091	1_1_0	EXIST::FUNCTION:EC
+d2i_TS_MSG_IMPRINT                      1092	1_1_0	EXIST::FUNCTION:TS
+X509_print_ex_fp                        1093	1_1_0	EXIST::FUNCTION:STDIO
+ERR_load_PEM_strings                    1094	1_1_0	EXIST::FUNCTION:
+ENGINE_unregister_pkey_asn1_meths       1095	1_1_0	EXIST::FUNCTION:ENGINE
+IPAddressFamily_free                    1096	1_1_0	EXIST::FUNCTION:RFC3779
+UI_method_get_prompt_constructor        1097	1_1_0	EXIST::FUNCTION:
+ASN1_NULL_it                            1098	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_NULL_it                            1098	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_REQ_get_pubkey                     1099	1_1_0	EXIST::FUNCTION:
+X509_CRL_set1_nextUpdate                1100	1_1_0	EXIST::FUNCTION:
+EVP_des_ede3_cfb64                      1101	1_1_0	EXIST::FUNCTION:DES
+BN_to_ASN1_INTEGER                      1102	1_1_0	EXIST::FUNCTION:
+EXTENDED_KEY_USAGE_free                 1103	1_1_0	EXIST::FUNCTION:
+PEM_read_bio_EC_PUBKEY                  1104	1_1_0	EXIST::FUNCTION:EC
+BN_MONT_CTX_set                         1105	1_1_0	EXIST::FUNCTION:
+TS_CONF_set_serial                      1106	1_1_0	EXIST::FUNCTION:TS
+X509_NAME_ENTRY_new                     1107	1_1_0	EXIST::FUNCTION:
+RSA_security_bits                       1108	1_1_0	EXIST::FUNCTION:RSA
+X509v3_addr_add_prefix                  1109	1_1_0	EXIST::FUNCTION:RFC3779
+X509_REQ_print_fp                       1110	1_1_0	EXIST::FUNCTION:STDIO
+ASN1_item_ex_new                        1111	1_1_0	EXIST::FUNCTION:
+BIO_s_datagram                          1112	1_1_0	EXIST::FUNCTION:DGRAM
+PEM_write_bio_PKCS8                     1113	1_1_0	EXIST::FUNCTION:
+ASN1_str2mask                           1114	1_1_0	EXIST::FUNCTION:
+ASN1_TYPE_get                           1115	1_1_0	EXIST::FUNCTION:
+i2d_X509_EXTENSIONS                     1116	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get0_store               1117	1_1_0	EXIST::FUNCTION:
+PKCS12_pack_p7data                      1118	1_1_0	EXIST::FUNCTION:
+RSA_print_fp                            1119	1_1_0	EXIST::FUNCTION:RSA,STDIO
+OPENSSL_INIT_set_config_appname         1120	1_1_0	EXIST::FUNCTION:STDIO
+EC_KEY_print_fp                         1121	1_1_0	EXIST::FUNCTION:EC,STDIO
+BIO_dup_chain                           1122	1_1_0	EXIST::FUNCTION:
+PKCS8_PRIV_KEY_INFO_it                  1123	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS8_PRIV_KEY_INFO_it                  1123	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+RSA_OAEP_PARAMS_free                    1124	1_1_0	EXIST::FUNCTION:RSA
+ASN1_item_new                           1125	1_1_0	EXIST::FUNCTION:
+CRYPTO_cts128_encrypt                   1126	1_1_0	EXIST::FUNCTION:
+RC2_encrypt                             1127	1_1_0	EXIST::FUNCTION:RC2
+PEM_write                               1128	1_1_0	EXIST::FUNCTION:STDIO
+EVP_CIPHER_meth_get_get_asn1_params     1129	1_1_0	EXIST::FUNCTION:
+i2d_OCSP_RESPBYTES                      1130	1_1_0	EXIST::FUNCTION:OCSP
+d2i_ASN1_UTF8STRING                     1131	1_1_0	EXIST::FUNCTION:
+EXTENDED_KEY_USAGE_it                   1132	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+EXTENDED_KEY_USAGE_it                   1132	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_CipherInit                          1133	1_1_0	EXIST::FUNCTION:
+PKCS12_add_safe                         1134	1_1_0	EXIST::FUNCTION:
+ENGINE_get_digest                       1135	1_1_0	EXIST::FUNCTION:ENGINE
+EC_GROUP_have_precompute_mult           1136	1_1_0	EXIST::FUNCTION:EC
+OPENSSL_gmtime                          1137	1_1_0	EXIST::FUNCTION:
+X509_set_issuer_name                    1138	1_1_0	EXIST::FUNCTION:
+RSA_new                                 1139	1_1_0	EXIST::FUNCTION:RSA
+ASN1_STRING_set_by_NID                  1140	1_1_0	EXIST::FUNCTION:
+PEM_write_bio_PKCS7                     1141	1_1_0	EXIST::FUNCTION:
+MDC2_Final                              1142	1_1_0	EXIST::FUNCTION:MDC2
+SMIME_crlf_copy                         1143	1_1_0	EXIST::FUNCTION:
+OCSP_REQUEST_get_ext_count              1144	1_1_0	EXIST::FUNCTION:OCSP
+OCSP_REQ_CTX_new                        1145	1_1_0	EXIST::FUNCTION:OCSP
+X509_load_cert_crl_file                 1146	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_new_mac_key                    1147	1_1_0	EXIST::FUNCTION:
+DIST_POINT_new                          1148	1_1_0	EXIST::FUNCTION:
+BN_is_prime_fasttest                    1149	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_0_9_8
+EC_POINT_dup                            1150	1_1_0	EXIST::FUNCTION:EC
+PKCS5_v2_scrypt_keyivgen                1151	1_1_0	EXIST::FUNCTION:SCRYPT
+X509_STORE_CTX_set0_param               1152	1_1_0	EXIST::FUNCTION:
+DES_check_key_parity                    1153	1_1_0	EXIST::FUNCTION:DES
+EVP_aes_256_ocb                         1154	1_1_0	EXIST::FUNCTION:OCB
+X509_VAL_free                           1155	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get1_certs               1156	1_1_0	EXIST::FUNCTION:
+PEM_write_RSA_PUBKEY                    1157	1_1_0	EXIST::FUNCTION:RSA,STDIO
+PKCS12_SAFEBAG_get0_p8inf               1158	1_1_0	EXIST::FUNCTION:
+X509_CRL_set_issuer_name                1159	1_1_0	EXIST::FUNCTION:
+CMS_EncryptedData_encrypt               1160	1_1_0	EXIST::FUNCTION:CMS
+ASN1_tag2str                            1161	1_1_0	EXIST::FUNCTION:
+BN_zero_ex                              1162	1_1_0	EXIST::FUNCTION:
+X509_NAME_dup                           1163	1_1_0	EXIST::FUNCTION:
+SCT_LIST_print                          1164	1_1_0	EXIST::FUNCTION:CT
+NOTICEREF_it                            1165	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+NOTICEREF_it                            1165	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+CMS_add0_crl                            1166	1_1_0	EXIST::FUNCTION:CMS
+d2i_DSAparams                           1167	1_1_0	EXIST::FUNCTION:DSA
+EVP_CIPHER_CTX_set_app_data             1168	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_param_to_asn1                1169	1_1_0	EXIST::FUNCTION:
+TS_CONF_set_certs                       1170	1_1_0	EXIST::FUNCTION:TS
+BN_security_bits                        1171	1_1_0	EXIST::FUNCTION:
+X509_PURPOSE_get0_name                  1172	1_1_0	EXIST::FUNCTION:
+TS_TST_INFO_get_serial                  1173	1_1_0	EXIST::FUNCTION:TS
+ASN1_PCTX_get_str_flags                 1174	1_1_0	EXIST::FUNCTION:
+SHA256                                  1175	1_1_0	EXIST::FUNCTION:
+X509_LOOKUP_hash_dir                    1176	1_1_0	EXIST::FUNCTION:
+ASN1_BIT_STRING_check                   1177	1_1_0	EXIST::FUNCTION:
+ENGINE_set_default_RAND                 1178	1_1_0	EXIST::FUNCTION:ENGINE
+BIO_connect                             1179	1_1_0	EXIST::FUNCTION:SOCK
+TS_TST_INFO_add_ext                     1180	1_1_0	EXIST::FUNCTION:TS
+EVP_aes_192_ccm                         1181	1_1_0	EXIST::FUNCTION:
+X509V3_add_value                        1182	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set0_keygen_info           1183	1_1_0	EXIST::FUNCTION:
+ENGINE_unregister_digests               1184	1_1_0	EXIST::FUNCTION:ENGINE
+IPAddressOrRange_new                    1185	1_1_0	EXIST::FUNCTION:RFC3779
+EVP_aes_256_ofb                         1186	1_1_0	EXIST::FUNCTION:
+CRYPTO_mem_debug_push                   1187	1_1_0	EXIST::FUNCTION:CRYPTO_MDEBUG
+X509_PKEY_new                           1188	1_1_0	EXIST::FUNCTION:
+X509_get_key_usage                      1189	1_1_0	EXIST::FUNCTION:
+X509_ATTRIBUTE_create_by_txt            1190	1_1_0	EXIST::FUNCTION:
+PEM_SignFinal                           1191	1_1_0	EXIST::FUNCTION:
+PEM_bytes_read_bio                      1192	1_1_0	EXIST::FUNCTION:
+X509_signature_dump                     1193	1_1_0	EXIST::FUNCTION:
+TS_RESP_CTX_set_def_policy              1194	1_1_0	EXIST::FUNCTION:TS
+RAND_pseudo_bytes                       1195	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0
+DES_ofb_encrypt                         1196	1_1_0	EXIST::FUNCTION:DES
+EVP_add_digest                          1197	1_1_0	EXIST::FUNCTION:
+ASN1_item_sign_ctx                      1198	1_1_0	EXIST::FUNCTION:
+BIO_dump_indent_cb                      1199	1_1_0	EXIST::FUNCTION:
+X509_VERIFY_PARAM_set_depth             1200	1_1_0	EXIST::FUNCTION:
+DES_ecb3_encrypt                        1201	1_1_0	EXIST::FUNCTION:DES
+OBJ_obj2nid                             1202	1_1_0	EXIST::FUNCTION:
+PKCS12_SAFEBAG_free                     1203	1_1_0	EXIST::FUNCTION:
+EVP_cast5_cfb64                         1204	1_1_0	EXIST::FUNCTION:CAST
+OPENSSL_uni2asc                         1205	1_1_0	EXIST::FUNCTION:
+SCT_validation_status_string            1206	1_1_0	EXIST::FUNCTION:CT
+PKCS7_add_attribute                     1207	1_1_0	EXIST::FUNCTION:
+ENGINE_register_DSA                     1208	1_1_0	EXIST::FUNCTION:ENGINE
+OPENSSL_LH_node_stats                   1209	1_1_0	EXIST::FUNCTION:STDIO
+X509_policy_tree_free                   1210	1_1_0	EXIST::FUNCTION:
+EC_GFp_simple_method                    1211	1_1_0	EXIST::FUNCTION:EC
+X509_it                                 1212	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_it                                 1212	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_PROXY_POLICY                        1213	1_1_0	EXIST::FUNCTION:
+MDC2_Update                             1214	1_1_0	EXIST::FUNCTION:MDC2
+EC_KEY_new_by_curve_name                1215	1_1_0	EXIST::FUNCTION:EC
+X509_CRL_free                           1216	1_1_0	EXIST::FUNCTION:
+i2d_PKCS7_SIGN_ENVELOPE                 1217	1_1_0	EXIST::FUNCTION:
+OCSP_CERTSTATUS_it                      1218	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP
+OCSP_CERTSTATUS_it                      1218	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP
+BIO_f_reliable                          1219	1_1_0	EXIST::FUNCTION:
+OCSP_resp_count                         1220	1_1_0	EXIST::FUNCTION:OCSP
+i2d_X509_AUX                            1221	1_1_0	EXIST::FUNCTION:
+RSA_verify_PKCS1_PSS_mgf1               1222	1_1_0	EXIST::FUNCTION:RSA
+X509_time_adj                           1223	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_asn1_find_str                  1224	1_1_0	EXIST::FUNCTION:
+X509_VERIFY_PARAM_get_flags             1225	1_1_0	EXIST::FUNCTION:
+OPENSSL_DIR_end                         1226	1_1_0	EXIST::FUNCTION:
+EC_GROUP_new                            1227	1_1_0	EXIST::FUNCTION:EC
+CMS_SignerInfo_get0_pkey_ctx            1228	1_1_0	EXIST::FUNCTION:CMS
+d2i_ASN1_PRINTABLESTRING                1229	1_1_0	EXIST::FUNCTION:
+CMS_RecipientInfo_ktri_cert_cmp         1230	1_1_0	EXIST::FUNCTION:CMS
+CMS_decrypt_set1_pkey                   1231	1_1_0	EXIST::FUNCTION:CMS
+PKCS7_RECIP_INFO_set                    1232	1_1_0	EXIST::FUNCTION:
+EC_POINT_is_on_curve                    1233	1_1_0	EXIST::FUNCTION:EC
+PKCS12_add_cert                         1234	1_1_0	EXIST::FUNCTION:
+X509_NAME_hash_old                      1235	1_1_0	EXIST::FUNCTION:
+PBKDF2PARAM_free                        1236	1_1_0	EXIST::FUNCTION:
+i2d_CMS_ContentInfo                     1237	1_1_0	EXIST::FUNCTION:CMS
+EVP_CIPHER_meth_set_ctrl                1238	1_1_0	EXIST::FUNCTION:
+RSA_public_decrypt                      1239	1_1_0	EXIST::FUNCTION:RSA
+ENGINE_get_id                           1240	1_1_0	EXIST::FUNCTION:ENGINE
+PKCS12_item_decrypt_d2i                 1241	1_1_0	EXIST::FUNCTION:
+PEM_read_bio_DSAparams                  1242	1_1_0	EXIST::FUNCTION:DSA
+X509_CRL_cmp                            1243	1_1_0	EXIST::FUNCTION:
+DSO_METHOD_openssl                      1244	1_1_0	EXIST::FUNCTION:
+d2i_PrivateKey_fp                       1245	1_1_0	EXIST::FUNCTION:STDIO
+i2d_NETSCAPE_CERT_SEQUENCE              1246	1_1_0	EXIST::FUNCTION:
+EC_POINT_oct2point                      1248	1_1_0	EXIST::FUNCTION:EC
+EVP_CIPHER_CTX_buf_noconst              1249	1_1_0	EXIST::FUNCTION:
+OPENSSL_DIR_read                        1250	1_1_0	EXIST::FUNCTION:
+CMS_add_smimecap                        1251	1_1_0	EXIST::FUNCTION:CMS
+X509_check_email                        1252	1_1_0	EXIST::FUNCTION:
+CRYPTO_cts128_decrypt_block             1253	1_1_0	EXIST::FUNCTION:
+UI_method_get_opener                    1254	1_1_0	EXIST::FUNCTION:
+EVP_aes_192_gcm                         1255	1_1_0	EXIST::FUNCTION:
+TS_CONF_set_tsa_name                    1256	1_1_0	EXIST::FUNCTION:TS
+X509_email_free                         1257	1_1_0	EXIST::FUNCTION:
+BIO_get_callback                        1258	1_1_0	EXIST::FUNCTION:
+OPENSSL_sk_shift                        1259	1_1_0	EXIST::FUNCTION:
+i2d_X509_REVOKED                        1260	1_1_0	EXIST::FUNCTION:
+CMS_sign                                1261	1_1_0	EXIST::FUNCTION:CMS
+X509_STORE_add_cert                     1262	1_1_0	EXIST::FUNCTION:
+EC_GROUP_precompute_mult                1263	1_1_0	EXIST::FUNCTION:EC
+d2i_DISPLAYTEXT                         1265	1_1_0	EXIST::FUNCTION:
+HMAC_CTX_copy                           1266	1_1_0	EXIST::FUNCTION:
+CRYPTO_gcm128_init                      1267	1_1_0	EXIST::FUNCTION:
+i2d_X509_CINF                           1268	1_1_0	EXIST::FUNCTION:
+X509_REVOKED_delete_ext                 1269	1_1_0	EXIST::FUNCTION:
+RC5_32_cfb64_encrypt                    1270	1_1_0	EXIST::FUNCTION:RC5
+TS_REQ_set_cert_req                     1271	1_1_0	EXIST::FUNCTION:TS
+TXT_DB_get_by_index                     1272	1_1_0	EXIST::FUNCTION:
+X509_check_ca                           1273	1_1_0	EXIST::FUNCTION:
+DH_get_2048_224                         1274	1_1_0	EXIST::FUNCTION:DH
+X509_http_nbio                          1275	1_1_0	EXIST::FUNCTION:OCSP
+i2d_AUTHORITY_INFO_ACCESS               1276	1_1_0	EXIST::FUNCTION:
+EVP_get_cipherbyname                    1277	1_1_0	EXIST::FUNCTION:
+CONF_dump_fp                            1278	1_1_0	EXIST::FUNCTION:STDIO
+d2i_DIST_POINT_NAME                     1279	1_1_0	EXIST::FUNCTION:
+ASN1_INTEGER_set_int64                  1280	1_1_0	EXIST::FUNCTION:
+ASN1_TIME_free                          1281	1_1_0	EXIST::FUNCTION:
+i2o_SCT_LIST                            1282	1_1_0	EXIST::FUNCTION:CT
+AES_encrypt                             1283	1_1_0	EXIST::FUNCTION:
+MD5_Init                                1284	1_1_0	EXIST::FUNCTION:MD5
+UI_add_error_string                     1285	1_1_0	EXIST::FUNCTION:
+X509_TRUST_cleanup                      1286	1_1_0	EXIST::FUNCTION:
+PEM_read_X509                           1287	1_1_0	EXIST::FUNCTION:STDIO
+EC_KEY_new_method                       1288	1_1_0	EXIST::FUNCTION:EC
+i2d_RSAPublicKey_fp                     1289	1_1_0	EXIST::FUNCTION:RSA,STDIO
+CRYPTO_ctr128_encrypt_ctr32             1290	1_1_0	EXIST::FUNCTION:
+X509_VERIFY_PARAM_move_peername         1291	1_1_0	EXIST::FUNCTION:
+OCSP_SINGLERESP_it                      1292	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP
+OCSP_SINGLERESP_it                      1292	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP
+BN_num_bits                             1293	1_1_0	EXIST::FUNCTION:
+X509_CRL_METHOD_free                    1294	1_1_0	EXIST::FUNCTION:
+PEM_read_NETSCAPE_CERT_SEQUENCE         1295	1_1_0	EXIST::FUNCTION:STDIO
+OPENSSL_load_builtin_modules            1296	1_1_0	EXIST::FUNCTION:
+X509_set_version                        1297	1_1_0	EXIST::FUNCTION:
+i2d_EC_PUBKEY_bio                       1298	1_1_0	EXIST::FUNCTION:EC
+X509_REQ_get_attr_count                 1299	1_1_0	EXIST::FUNCTION:
+CMS_set1_signers_certs                  1300	1_1_0	EXIST::FUNCTION:CMS
+TS_ACCURACY_free                        1301	1_1_0	EXIST::FUNCTION:TS
+PEM_write_DSA_PUBKEY                    1302	1_1_0	EXIST::FUNCTION:DSA,STDIO
+BN_rshift1                              1303	1_1_0	EXIST::FUNCTION:
+i2d_PKCS7_ENVELOPE                      1304	1_1_0	EXIST::FUNCTION:
+PBKDF2PARAM_it                          1305	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PBKDF2PARAM_it                          1305	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_get_result_maxsize                   1306	1_1_0	EXIST::FUNCTION:
+PBEPARAM_it                             1307	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PBEPARAM_it                             1307	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+TS_ACCURACY_set_seconds                 1308	1_1_0	EXIST::FUNCTION:TS
+UI_get0_action_string                   1309	1_1_0	EXIST::FUNCTION:
+RC2_decrypt                             1310	1_1_0	EXIST::FUNCTION:RC2
+OPENSSL_atexit                          1311	1_1_0	EXIST::FUNCTION:
+CMS_add_standard_smimecap               1312	1_1_0	EXIST::FUNCTION:CMS
+PKCS7_add_attrib_content_type           1313	1_1_0	EXIST::FUNCTION:
+BN_BLINDING_set_flags                   1314	1_1_0	EXIST::FUNCTION:
+ERR_peek_last_error                     1315	1_1_0	EXIST::FUNCTION:
+ENGINE_set_cmd_defns                    1316	1_1_0	EXIST::FUNCTION:ENGINE
+d2i_ASN1_NULL                           1317	1_1_0	EXIST::FUNCTION:
+RAND_event                              1318	1_1_0	EXIST:_WIN32:FUNCTION:DEPRECATEDIN_1_1_0
+i2d_PKCS12_fp                           1319	1_1_0	EXIST::FUNCTION:STDIO
+EVP_PKEY_meth_get_init                  1320	1_1_0	EXIST::FUNCTION:
+X509_check_trust                        1321	1_1_0	EXIST::FUNCTION:
+b2i_PrivateKey                          1322	1_1_0	EXIST::FUNCTION:DSA
+HMAC_Init_ex                            1323	1_1_0	EXIST::FUNCTION:
+SMIME_read_CMS                          1324	1_1_0	EXIST::FUNCTION:CMS
+X509_subject_name_cmp                   1325	1_1_0	EXIST::FUNCTION:
+CRYPTO_ocb128_finish                    1326	1_1_0	EXIST::FUNCTION:OCB
+EVP_CIPHER_do_all                       1327	1_1_0	EXIST::FUNCTION:
+POLICY_MAPPINGS_it                      1328	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+POLICY_MAPPINGS_it                      1328	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+SCT_set0_log_id                         1329	1_1_0	EXIST::FUNCTION:CT
+CRYPTO_cfb128_encrypt                   1330	1_1_0	EXIST::FUNCTION:
+RSA_padding_add_PKCS1_type_2            1331	1_1_0	EXIST::FUNCTION:RSA
+TS_CONF_set_signer_cert                 1332	1_1_0	EXIST::FUNCTION:TS
+i2d_ASN1_OBJECT                         1333	1_1_0	EXIST::FUNCTION:
+d2i_PKCS8_PRIV_KEY_INFO_bio             1334	1_1_0	EXIST::FUNCTION:
+X509V3_add_value_int                    1335	1_1_0	EXIST::FUNCTION:
+TS_REQ_set_nonce                        1336	1_1_0	EXIST::FUNCTION:TS
+Camellia_ctr128_encrypt                 1337	1_1_0	EXIST::FUNCTION:CAMELLIA
+X509_LOOKUP_new                         1338	1_1_0	EXIST::FUNCTION:
+AUTHORITY_INFO_ACCESS_new               1339	1_1_0	EXIST::FUNCTION:
+CRYPTO_mem_leaks_fp                     1340	1_1_0	EXIST::FUNCTION:CRYPTO_MDEBUG,STDIO
+DES_set_key_unchecked                   1341	1_1_0	EXIST::FUNCTION:DES
+BN_free                                 1342	1_1_0	EXIST::FUNCTION:
+EVP_aes_128_cfb1                        1343	1_1_0	EXIST::FUNCTION:
+EC_KEY_get0_group                       1344	1_1_0	EXIST::FUNCTION:EC
+PEM_write_bio_CMS_stream                1345	1_1_0	EXIST::FUNCTION:CMS
+BIO_f_linebuffer                        1346	1_1_0	EXIST::FUNCTION:
+ASN1_item_d2i_bio                       1347	1_1_0	EXIST::FUNCTION:
+ENGINE_get_flags                        1348	1_1_0	EXIST::FUNCTION:ENGINE
+OCSP_resp_find                          1349	1_1_0	EXIST::FUNCTION:OCSP
+OPENSSL_LH_node_usage_stats_bio         1350	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_encrypt                        1351	1_1_0	EXIST::FUNCTION:
+CRYPTO_cfb128_8_encrypt                 1352	1_1_0	EXIST::FUNCTION:
+SXNET_get_id_INTEGER                    1353	1_1_0	EXIST::FUNCTION:
+CRYPTO_clear_free                       1354	1_1_0	EXIST::FUNCTION:
+i2v_GENERAL_NAME                        1355	1_1_0	EXIST::FUNCTION:
+PKCS7_ENC_CONTENT_new                   1356	1_1_0	EXIST::FUNCTION:
+CRYPTO_realloc                          1357	1_1_0	EXIST::FUNCTION:
+BIO_ctrl_pending                        1358	1_1_0	EXIST::FUNCTION:
+EVP_MD_meth_new                         1360	1_1_0	EXIST::FUNCTION:
+X509_sign_ctx                           1361	1_1_0	EXIST::FUNCTION:
+BN_is_odd                               1362	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get_current_cert         1363	1_1_0	EXIST::FUNCTION:
+ASN1_ENUMERATED_get_int64               1364	1_1_0	EXIST::FUNCTION:
+ASN1_SCTX_get_app_data                  1365	1_1_0	EXIST::FUNCTION:
+X509_get_default_cert_file_env          1366	1_1_0	EXIST::FUNCTION:
+X509v3_addr_validate_resource_set       1367	1_1_0	EXIST::FUNCTION:RFC3779
+d2i_X509_VAL                            1368	1_1_0	EXIST::FUNCTION:
+CRYPTO_gcm128_decrypt_ctr32             1370	1_1_0	EXIST::FUNCTION:
+DHparams_print                          1371	1_1_0	EXIST::FUNCTION:DH
+OPENSSL_sk_unshift                      1372	1_1_0	EXIST::FUNCTION:
+BN_GENCB_set_old                        1373	1_1_0	EXIST::FUNCTION:
+PEM_write_bio_X509                      1374	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_asn1_free                      1375	1_1_0	EXIST::FUNCTION:
+ENGINE_unregister_DH                    1376	1_1_0	EXIST::FUNCTION:ENGINE
+PROXY_CERT_INFO_EXTENSION_it            1377	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PROXY_CERT_INFO_EXTENSION_it            1377	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+CT_POLICY_EVAL_CTX_set1_cert            1378	1_1_0	EXIST::FUNCTION:CT
+X509_NAME_hash                          1379	1_1_0	EXIST::FUNCTION:
+SCT_set_timestamp                       1380	1_1_0	EXIST::FUNCTION:CT
+UI_new                                  1381	1_1_0	EXIST::FUNCTION:
+TS_REQ_get_msg_imprint                  1382	1_1_0	EXIST::FUNCTION:TS
+i2d_PKCS12_BAGS                         1383	1_1_0	EXIST::FUNCTION:
+CERTIFICATEPOLICIES_free                1385	1_1_0	EXIST::FUNCTION:
+X509V3_get_section                      1386	1_1_0	EXIST::FUNCTION:
+BIO_parse_hostserv                      1387	1_1_0	EXIST::FUNCTION:SOCK
+EVP_PKEY_meth_set_cleanup               1388	1_1_0	EXIST::FUNCTION:
+PROXY_CERT_INFO_EXTENSION_free          1389	1_1_0	EXIST::FUNCTION:
+X509_dup                                1390	1_1_0	EXIST::FUNCTION:
+EDIPARTYNAME_free                       1391	1_1_0	EXIST::FUNCTION:
+X509_CRL_add0_revoked                   1393	1_1_0	EXIST::FUNCTION:
+GENERAL_NAME_set0_value                 1394	1_1_0	EXIST::FUNCTION:
+X509_ATTRIBUTE_dup                      1395	1_1_0	EXIST::FUNCTION:
+EC_GROUP_check_discriminant             1396	1_1_0	EXIST::FUNCTION:EC
+PKCS12_MAC_DATA_free                    1397	1_1_0	EXIST::FUNCTION:
+PEM_read_bio_PrivateKey                 1398	1_1_0	EXIST::FUNCTION:
+d2i_PKCS7_ENCRYPT                       1399	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_ctrl                       1400	1_1_0	EXIST::FUNCTION:
+X509_REQ_set_pubkey                     1401	1_1_0	EXIST::FUNCTION:
+UI_create_method                        1402	1_1_0	EXIST::FUNCTION:
+X509_REQ_add_extensions_nid             1403	1_1_0	EXIST::FUNCTION:
+PEM_X509_INFO_write_bio                 1404	1_1_0	EXIST::FUNCTION:
+BIO_dump_cb                             1405	1_1_0	EXIST::FUNCTION:
+v2i_GENERAL_NAMES                       1406	1_1_0	EXIST::FUNCTION:
+EVP_des_ede3_ofb                        1407	1_1_0	EXIST::FUNCTION:DES
+EVP_MD_meth_get_cleanup                 1408	1_1_0	EXIST::FUNCTION:
+SRP_Calc_server_key                     1409	1_1_0	EXIST::FUNCTION:SRP
+BN_mod_exp_simple                       1410	1_1_0	EXIST::FUNCTION:
+BIO_set_ex_data                         1411	1_1_0	EXIST::FUNCTION:
+SHA512                                  1412	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get_explicit_policy      1413	1_1_0	EXIST::FUNCTION:
+EVP_DecodeBlock                         1414	1_1_0	EXIST::FUNCTION:
+OCSP_REQ_CTX_http                       1415	1_1_0	EXIST::FUNCTION:OCSP
+EVP_MD_CTX_reset                        1416	1_1_0	EXIST::FUNCTION:
+X509_NAME_new                           1417	1_1_0	EXIST::FUNCTION:
+ASN1_item_pack                          1418	1_1_0	EXIST::FUNCTION:
+ASN1_BIT_STRING_set_asc                 1419	1_1_0	EXIST::FUNCTION:
+d2i_GENERAL_NAME                        1420	1_1_0	EXIST::FUNCTION:
+i2d_ESS_CERT_ID                         1421	1_1_0	EXIST::FUNCTION:TS
+X509_TRUST_get_by_id                    1422	1_1_0	EXIST::FUNCTION:
+d2i_RSA_PUBKEY_fp                       1423	1_1_0	EXIST::FUNCTION:RSA,STDIO
+EVP_PBE_get                             1424	1_1_0	EXIST::FUNCTION:
+CRYPTO_nistcts128_encrypt               1425	1_1_0	EXIST::FUNCTION:
+CONF_modules_finish                     1426	1_1_0	EXIST::FUNCTION:
+BN_value_one                            1427	1_1_0	EXIST::FUNCTION:
+RSA_padding_add_SSLv23                  1428	1_1_0	EXIST::FUNCTION:RSA
+OCSP_RESPBYTES_it                       1429	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP
+OCSP_RESPBYTES_it                       1429	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP
+EVP_aes_192_wrap                        1430	1_1_0	EXIST::FUNCTION:
+OCSP_CERTID_it                          1431	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP
+OCSP_CERTID_it                          1431	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP
+ENGINE_get_RSA                          1432	1_1_0	EXIST::FUNCTION:ENGINE
+RAND_get_rand_method                    1433	1_1_0	EXIST::FUNCTION:
+ERR_load_DSA_strings                    1434	1_1_0	EXIST::FUNCTION:DSA
+ASN1_check_infinite_end                 1435	1_1_0	EXIST::FUNCTION:
+i2d_PKCS7_DIGEST                        1436	1_1_0	EXIST::FUNCTION:
+ERR_lib_error_string                    1437	1_1_0	EXIST::FUNCTION:
+X509_ATTRIBUTE_set1_object              1438	1_1_0	EXIST::FUNCTION:
+i2d_ECPrivateKey_bio                    1439	1_1_0	EXIST::FUNCTION:EC
+BN_GENCB_free                           1440	1_1_0	EXIST::FUNCTION:
+HMAC_size                               1441	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_get0_DH                        1442	1_1_0	EXIST::FUNCTION:DH
+d2i_OCSP_CRLID                          1443	1_1_0	EXIST::FUNCTION:OCSP
+EVP_CIPHER_CTX_set_padding              1444	1_1_0	EXIST::FUNCTION:
+CTLOG_new_from_base64                   1445	1_1_0	EXIST::FUNCTION:CT
+AES_bi_ige_encrypt                      1446	1_1_0	EXIST::FUNCTION:
+ERR_pop_to_mark                         1447	1_1_0	EXIST::FUNCTION:
+CRL_DIST_POINTS_new                     1449	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_get0_asn1                      1450	1_1_0	EXIST::FUNCTION:
+EVP_camellia_192_ctr                    1451	1_1_0	EXIST::FUNCTION:CAMELLIA
+EVP_PKEY_free                           1452	1_1_0	EXIST::FUNCTION:
+X509_ATTRIBUTE_count                    1453	1_1_0	EXIST::FUNCTION:
+BIO_new_dgram                           1454	1_1_0	EXIST::FUNCTION:DGRAM
+CMS_RecipientInfo_kari_get0_reks        1455	1_1_0	EXIST::FUNCTION:CMS
+BASIC_CONSTRAINTS_new                   1456	1_1_0	EXIST::FUNCTION:
+PEM_read_bio_X509_REQ                   1457	1_1_0	EXIST::FUNCTION:
+BIO_sock_init                           1458	1_1_0	EXIST::FUNCTION:SOCK
+BN_nist_mod_192                         1459	1_1_0	EXIST::FUNCTION:
+i2d_PKCS7_ISSUER_AND_SERIAL             1460	1_1_0	EXIST::FUNCTION:
+X509V3_EXT_nconf                        1461	1_1_0	EXIST::FUNCTION:
+X509v3_addr_inherits                    1462	1_1_0	EXIST::FUNCTION:RFC3779
+NETSCAPE_SPKI_sign                      1463	1_1_0	EXIST::FUNCTION:
+BN_BLINDING_update                      1464	1_1_0	EXIST::FUNCTION:
+BN_gcd                                  1465	1_1_0	EXIST::FUNCTION:
+CMS_dataInit                            1466	1_1_0	EXIST::FUNCTION:CMS
+TS_CONF_get_tsa_section                 1467	1_1_0	EXIST::FUNCTION:TS
+i2d_PKCS7_SIGNER_INFO                   1468	1_1_0	EXIST::FUNCTION:
+EVP_get_pw_prompt                       1469	1_1_0	EXIST::FUNCTION:
+BN_bn2bin                               1470	1_1_0	EXIST::FUNCTION:
+d2i_ASN1_BIT_STRING                     1471	1_1_0	EXIST::FUNCTION:
+OCSP_CERTSTATUS_new                     1472	1_1_0	EXIST::FUNCTION:OCSP
+ENGINE_register_RAND                    1473	1_1_0	EXIST::FUNCTION:ENGINE
+X509V3_section_free                     1474	1_1_0	EXIST::FUNCTION:
+CRYPTO_mem_debug_free                   1475	1_1_0	EXIST::FUNCTION:CRYPTO_MDEBUG
+d2i_OCSP_REQUEST                        1476	1_1_0	EXIST::FUNCTION:OCSP
+ENGINE_get_cipher_engine                1477	1_1_0	EXIST::FUNCTION:ENGINE
+SHA384_Final                            1478	1_1_0	EXIST::FUNCTION:
+TS_RESP_CTX_set_certs                   1479	1_1_0	EXIST::FUNCTION:TS
+BN_MONT_CTX_free                        1480	1_1_0	EXIST::FUNCTION:
+BN_GF2m_mod_solve_quad_arr              1481	1_1_0	EXIST::FUNCTION:EC2M
+UI_add_input_string                     1482	1_1_0	EXIST::FUNCTION:
+TS_TST_INFO_get_version                 1483	1_1_0	EXIST::FUNCTION:TS
+BIO_accept_ex                           1484	1_1_0	EXIST::FUNCTION:SOCK
+CRYPTO_get_mem_functions                1485	1_1_0	EXIST::FUNCTION:
+PEM_read_bio                            1486	1_1_0	EXIST::FUNCTION:
+OCSP_BASICRESP_get_ext_by_critical      1487	1_1_0	EXIST::FUNCTION:OCSP
+SXNET_it                                1488	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+SXNET_it                                1488	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+BIO_indent                              1489	1_1_0	EXIST::FUNCTION:
+i2d_X509_fp                             1490	1_1_0	EXIST::FUNCTION:STDIO
+d2i_ASN1_TYPE                           1491	1_1_0	EXIST::FUNCTION:
+CTLOG_STORE_free                        1492	1_1_0	EXIST::FUNCTION:CT
+ENGINE_get_pkey_meths                   1493	1_1_0	EXIST::FUNCTION:ENGINE
+i2d_TS_REQ_bio                          1494	1_1_0	EXIST::FUNCTION:TS
+EVP_PKEY_CTX_get_operation              1495	1_1_0	EXIST::FUNCTION:
+EVP_MD_meth_set_ctrl                    1496	1_1_0	EXIST::FUNCTION:
+X509_EXTENSION_set_critical             1497	1_1_0	EXIST::FUNCTION:
+BIO_ADDR_clear                          1498	1_1_0	EXIST::FUNCTION:SOCK
+ENGINE_get_DSA                          1499	1_1_0	EXIST::FUNCTION:ENGINE
+ASYNC_get_wait_ctx                      1500	1_1_0	EXIST::FUNCTION:
+ENGINE_set_load_privkey_function        1501	1_1_0	EXIST::FUNCTION:ENGINE
+CRYPTO_ccm128_setiv                     1502	1_1_0	EXIST::FUNCTION:
+PKCS7_dataFinal                         1503	1_1_0	EXIST::FUNCTION:
+SHA1_Final                              1504	1_1_0	EXIST::FUNCTION:
+i2a_ASN1_STRING                         1505	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_CTX_rand_key                 1506	1_1_0	EXIST::FUNCTION:
+AES_set_encrypt_key                     1507	1_1_0	EXIST::FUNCTION:
+ASN1_UTCTIME_new                        1508	1_1_0	EXIST::FUNCTION:
+AES_cbc_encrypt                         1509	1_1_0	EXIST::FUNCTION:
+OCSP_RESPDATA_free                      1510	1_1_0	EXIST::FUNCTION:OCSP
+EVP_PKEY_asn1_find                      1511	1_1_0	EXIST::FUNCTION:
+d2i_ASN1_GENERALIZEDTIME                1512	1_1_0	EXIST::FUNCTION:
+OPENSSL_cleanup                         1513	1_1_0	EXIST::FUNCTION:
+X509_ATTRIBUTE_create                   1514	1_1_0	EXIST::FUNCTION:
+SCT_get_source                          1515	1_1_0	EXIST::FUNCTION:CT
+EVP_PKEY_verify_init                    1516	1_1_0	EXIST::FUNCTION:
+ASN1_TIME_set_string                    1517	1_1_0	EXIST::FUNCTION:
+BIO_free                                1518	1_1_0	EXIST::FUNCTION:
+i2d_X509_ALGOR                          1519	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_set0_crls                1520	1_1_0	EXIST::FUNCTION:
+ASYNC_pause_job                         1521	1_1_0	EXIST::FUNCTION:
+OCSP_BASICRESP_new                      1522	1_1_0	EXIST::FUNCTION:OCSP
+EVP_camellia_256_ofb                    1523	1_1_0	EXIST::FUNCTION:CAMELLIA
+PKCS12_item_i2d_encrypt                 1524	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_meth_set_copy                  1525	1_1_0	EXIST::FUNCTION:
+EC_POINT_clear_free                     1526	1_1_0	EXIST::FUNCTION:EC
+i2s_ASN1_ENUMERATED_TABLE               1527	1_1_0	EXIST::FUNCTION:
+PKCS7_verify                            1528	1_1_0	EXIST::FUNCTION:
+X509_VERIFY_PARAM_add0_table            1529	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_set_cert                 1530	1_1_0	EXIST::FUNCTION:
+ASN1_GENERALSTRING_free                 1531	1_1_0	EXIST::FUNCTION:
+BN_MONT_CTX_set_locked                  1532	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_CTX_set_num                  1533	1_1_0	EXIST::FUNCTION:
+CONF_load                               1534	1_1_0	EXIST::FUNCTION:
+EC_KEY_METHOD_get_keygen                1535	1_1_0	EXIST::FUNCTION:EC
+EVP_PKEY_add1_attr_by_txt               1536	1_1_0	EXIST::FUNCTION:
+ASN1_INTEGER_set_uint64                 1537	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_get_attr_by_OBJ                1538	1_1_0	EXIST::FUNCTION:
+ASN1_add_oid_module                     1539	1_1_0	EXIST::FUNCTION:
+BN_div_recp                             1540	1_1_0	EXIST::FUNCTION:
+SRP_Verify_B_mod_N                      1541	1_1_0	EXIST::FUNCTION:SRP
+SXNET_free                              1542	1_1_0	EXIST::FUNCTION:
+CMS_get0_content                        1543	1_1_0	EXIST::FUNCTION:CMS
+BN_is_word                              1544	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_key_length                   1545	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_asn1_to_param                1546	1_1_0	EXIST::FUNCTION:
+OCSP_request_onereq_get0                1547	1_1_0	EXIST::FUNCTION:OCSP
+ERR_load_PKCS7_strings                  1548	1_1_0	EXIST::FUNCTION:
+X509_PUBKEY_get                         1549	1_1_0	EXIST::FUNCTION:
+EC_KEY_free                             1550	1_1_0	EXIST::FUNCTION:EC
+BIO_read                                1551	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_get_attr_by_NID                1552	1_1_0	EXIST::FUNCTION:
+BIO_get_accept_socket                   1553	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SOCK
+CMS_SignerInfo_sign                     1554	1_1_0	EXIST::FUNCTION:CMS
+ASN1_item_i2d_bio                       1555	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_CTX_block_size               1556	1_1_0	EXIST::FUNCTION:
+DIRECTORYSTRING_free                    1557	1_1_0	EXIST::FUNCTION:
+TS_CONF_set_default_engine              1558	1_1_0	EXIST::FUNCTION:ENGINE,TS
+BN_set_bit                              1559	1_1_0	EXIST::FUNCTION:
+EVP_MD_meth_set_app_datasize            1560	1_1_0	EXIST::FUNCTION:
+DSO_free                                1561	1_1_0	EXIST::FUNCTION:
+TS_TST_INFO_get_tsa                     1562	1_1_0	EXIST::FUNCTION:TS
+EC_GROUP_check                          1563	1_1_0	EXIST::FUNCTION:EC
+OPENSSL_sk_delete                       1564	1_1_0	EXIST::FUNCTION:
+TS_RESP_CTX_set_extension_cb            1565	1_1_0	EXIST::FUNCTION:TS
+EVP_CIPHER_CTX_nid                      1566	1_1_0	EXIST::FUNCTION:
+TS_RESP_CTX_add_md                      1567	1_1_0	EXIST::FUNCTION:TS
+DES_set_key                             1568	1_1_0	EXIST::FUNCTION:DES
+X509V3_extensions_print                 1569	1_1_0	EXIST::FUNCTION:
+PEM_do_header                           1570	1_1_0	EXIST::FUNCTION:
+i2d_re_X509_CRL_tbs                     1571	1_1_0	EXIST::FUNCTION:
+BIO_method_name                         1572	1_1_0	EXIST::FUNCTION:
+i2d_OCSP_CRLID                          1573	1_1_0	EXIST::FUNCTION:OCSP
+OCSP_request_set1_name                  1574	1_1_0	EXIST::FUNCTION:OCSP
+d2i_X509_NAME_ENTRY                     1575	1_1_0	EXIST::FUNCTION:
+X509_trusted                            1576	1_1_0	EXIST::FUNCTION:
+X509_TRUST_get_flags                    1577	1_1_0	EXIST::FUNCTION:
+PKCS7_set_content                       1578	1_1_0	EXIST::FUNCTION:
+PEM_write_X509_REQ_NEW                  1579	1_1_0	EXIST::FUNCTION:STDIO
+CONF_imodule_set_usr_data               1580	1_1_0	EXIST::FUNCTION:
+d2i_TS_RESP_fp                          1581	1_1_0	EXIST::FUNCTION:STDIO,TS
+X509_policy_tree_get0_user_policies     1582	1_1_0	EXIST::FUNCTION:
+DSA_do_sign                             1584	1_1_0	EXIST::FUNCTION:DSA
+EVP_CIPHER_CTX_reset                    1585	1_1_0	EXIST::FUNCTION:
+OCSP_REVOKEDINFO_new                    1586	1_1_0	EXIST::FUNCTION:OCSP
+SRP_Verify_A_mod_N                      1587	1_1_0	EXIST::FUNCTION:SRP
+SRP_VBASE_free                          1588	1_1_0	EXIST::FUNCTION:SRP
+PKCS7_add0_attrib_signing_time          1589	1_1_0	EXIST::FUNCTION:
+X509_STORE_set_flags                    1590	1_1_0	EXIST::FUNCTION:
+UI_get0_output_string                   1591	1_1_0	EXIST::FUNCTION:
+ERR_get_error_line_data                 1592	1_1_0	EXIST::FUNCTION:
+CTLOG_get0_name                         1593	1_1_0	EXIST::FUNCTION:CT
+ASN1_TBOOLEAN_it                        1594	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_TBOOLEAN_it                        1594	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+RC2_set_key                             1595	1_1_0	EXIST::FUNCTION:RC2
+X509_REVOKED_get_ext_by_NID             1596	1_1_0	EXIST::FUNCTION:
+RSA_padding_add_none                    1597	1_1_0	EXIST::FUNCTION:RSA
+EVP_rc5_32_12_16_cbc                    1599	1_1_0	EXIST::FUNCTION:RC5
+PEM_dek_info                            1600	1_1_0	EXIST::FUNCTION:
+ASN1_SCTX_get_template                  1601	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_asn1_get0                      1602	1_1_0	EXIST::FUNCTION:
+X509_verify                             1603	1_1_0	EXIST::FUNCTION:
+TS_RESP_CTX_get_request                 1604	1_1_0	EXIST::FUNCTION:TS
+EVP_cast5_cbc                           1605	1_1_0	EXIST::FUNCTION:CAST
+PEM_read_bio_X509_AUX                   1606	1_1_0	EXIST::FUNCTION:
+TS_ext_print_bio                        1607	1_1_0	EXIST::FUNCTION:TS
+SCT_set1_log_id                         1608	1_1_0	EXIST::FUNCTION:CT
+X509_get0_pubkey_bitstr                 1609	1_1_0	EXIST::FUNCTION:
+ENGINE_register_all_RAND                1610	1_1_0	EXIST::FUNCTION:ENGINE
+EVP_MD_meth_get_result_size             1612	1_1_0	EXIST::FUNCTION:
+BIO_ADDRINFO_address                    1613	1_1_0	EXIST::FUNCTION:SOCK
+ASN1_STRING_print_ex                    1614	1_1_0	EXIST::FUNCTION:
+i2d_CMS_ReceiptRequest                  1615	1_1_0	EXIST::FUNCTION:CMS
+d2i_TS_REQ_fp                           1616	1_1_0	EXIST::FUNCTION:STDIO,TS
+OCSP_REQ_CTX_i2d                        1617	1_1_0	EXIST::FUNCTION:OCSP
+EVP_PKEY_get_default_digest_nid         1618	1_1_0	EXIST::FUNCTION:
+ASIdOrRange_new                         1619	1_1_0	EXIST::FUNCTION:RFC3779
+ASN1_SCTX_new                           1620	1_1_0	EXIST::FUNCTION:
+X509V3_EXT_get                          1621	1_1_0	EXIST::FUNCTION:
+OCSP_id_cmp                             1622	1_1_0	EXIST::FUNCTION:OCSP
+NCONF_dump_bio                          1623	1_1_0	EXIST::FUNCTION:
+X509_NAME_get_entry                     1624	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_get1_DH                        1625	1_1_0	EXIST::FUNCTION:DH
+CRYPTO_gcm128_aad                       1626	1_1_0	EXIST::FUNCTION:
+EVP_des_cfb8                            1627	1_1_0	EXIST::FUNCTION:DES
+BN_BLINDING_convert                     1628	1_1_0	EXIST::FUNCTION:
+CRYPTO_ocb128_cleanup                   1629	1_1_0	EXIST::FUNCTION:OCB
+EVP_des_ede_cbc                         1630	1_1_0	EXIST::FUNCTION:DES
+i2d_ASN1_TIME                           1631	1_1_0	EXIST::FUNCTION:
+ENGINE_register_all_pkey_asn1_meths     1632	1_1_0	EXIST::FUNCTION:ENGINE
+OCSP_set_max_response_length            1633	1_1_0	EXIST::FUNCTION:OCSP
+d2i_ISSUING_DIST_POINT                  1634	1_1_0	EXIST::FUNCTION:
+CMS_RecipientInfo_set0_key              1635	1_1_0	EXIST::FUNCTION:CMS
+NCONF_new                               1636	1_1_0	EXIST::FUNCTION:
+OCSP_SINGLERESP_free                    1637	1_1_0	EXIST::FUNCTION:OCSP
+PKCS7_ENCRYPT_free                      1638	1_1_0	EXIST::FUNCTION:
+i2d_DIST_POINT                          1639	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_paramgen_init                  1640	1_1_0	EXIST::FUNCTION:
+TS_MSG_IMPRINT_dup                      1641	1_1_0	EXIST::FUNCTION:TS
+CMS_ContentInfo_it                      1642	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CMS
+CMS_ContentInfo_it                      1642	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:CMS
+OCSP_resp_get0_signature                1643	1_1_0	EXIST::FUNCTION:OCSP
+X509_STORE_CTX_get1_issuer              1644	1_1_0	EXIST::FUNCTION:
+EVP_Digest                              1645	1_1_0	EXIST::FUNCTION:
+CRYPTO_set_ex_data                      1646	1_1_0	EXIST::FUNCTION:
+BN_bn2hex                               1647	1_1_0	EXIST::FUNCTION:
+BN_lshift1                              1648	1_1_0	EXIST::FUNCTION:
+i2d_EDIPARTYNAME                        1649	1_1_0	EXIST::FUNCTION:
+X509_policy_tree_get0_policies          1650	1_1_0	EXIST::FUNCTION:
+X509at_add1_attr                        1651	1_1_0	EXIST::FUNCTION:
+X509_get_ex_data                        1653	1_1_0	EXIST::FUNCTION:
+RSA_set_method                          1654	1_1_0	EXIST::FUNCTION:RSA
+X509_REVOKED_dup                        1655	1_1_0	EXIST::FUNCTION:
+ASN1_TIME_new                           1656	1_1_0	EXIST::FUNCTION:
+PEM_write_NETSCAPE_CERT_SEQUENCE        1657	1_1_0	EXIST::FUNCTION:STDIO
+PEM_read_X509_REQ                       1658	1_1_0	EXIST::FUNCTION:STDIO
+EC_GROUP_free                           1659	1_1_0	EXIST::FUNCTION:EC
+X509_CRL_get_meth_data                  1660	1_1_0	EXIST::FUNCTION:
+X509V3_add_value_uchar                  1661	1_1_0	EXIST::FUNCTION:
+BIO_asn1_get_suffix                     1662	1_1_0	EXIST::FUNCTION:
+X509_VERIFY_PARAM_clear_flags           1663	1_1_0	EXIST::FUNCTION:
+X509_NAME_add_entry_by_txt              1664	1_1_0	EXIST::FUNCTION:
+DES_ede3_cfb_encrypt                    1665	1_1_0	EXIST::FUNCTION:DES
+i2d_CMS_bio_stream                      1667	1_1_0	EXIST::FUNCTION:CMS
+DES_quad_cksum                          1668	1_1_0	EXIST::FUNCTION:DES
+X509_ATTRIBUTE_create_by_NID            1669	1_1_0	EXIST::FUNCTION:
+TS_VERIFY_CTX_free                      1670	1_1_0	EXIST::FUNCTION:TS
+EC_KEY_up_ref                           1671	1_1_0	EXIST::FUNCTION:EC
+EC_GROUP_get_basis_type                 1672	1_1_0	EXIST::FUNCTION:EC
+OCSP_crlID_new                          1673	1_1_0	EXIST:!VMS:FUNCTION:OCSP
+OCSP_crlID2_new                         1673	1_1_0	EXIST:VMS:FUNCTION:OCSP
+PEM_write_PKCS7                         1674	1_1_0	EXIST::FUNCTION:STDIO
+PKCS7_add_signer                        1675	1_1_0	EXIST::FUNCTION:
+X509_SIG_it                             1676	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_SIG_it                             1676	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASYNC_start_job                         1677	1_1_0	EXIST::FUNCTION:
+TS_TST_INFO_dup                         1678	1_1_0	EXIST::FUNCTION:TS
+EVP_aes_192_ctr                         1679	1_1_0	EXIST::FUNCTION:
+PKCS12_pack_authsafes                   1680	1_1_0	EXIST::FUNCTION:
+PKCS7_get_attribute                     1681	1_1_0	EXIST::FUNCTION:
+OPENSSL_config                          1682	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0
+s2i_ASN1_INTEGER                        1683	1_1_0	EXIST::FUNCTION:
+CMS_signed_add1_attr_by_OBJ             1684	1_1_0	EXIST::FUNCTION:CMS
+CRYPTO_128_wrap_pad                     1685	1_1_0	EXIST::FUNCTION:
+CMS_EncryptedData_set1_key              1686	1_1_0	EXIST::FUNCTION:CMS
+OBJ_find_sigid_by_algs                  1687	1_1_0	EXIST::FUNCTION:
+ASN1_generate_nconf                     1688	1_1_0	EXIST::FUNCTION:
+CMS_add0_recipient_password             1689	1_1_0	EXIST::FUNCTION:CMS
+UI_get_string_type                      1690	1_1_0	EXIST::FUNCTION:
+PEM_read_bio_ECPrivateKey               1691	1_1_0	EXIST::FUNCTION:EC
+EVP_PKEY_get_attr                       1692	1_1_0	EXIST::FUNCTION:
+PEM_read_bio_ECPKParameters             1693	1_1_0	EXIST::FUNCTION:EC
+d2i_PKCS12_MAC_DATA                     1694	1_1_0	EXIST::FUNCTION:
+ENGINE_ctrl_cmd                         1695	1_1_0	EXIST::FUNCTION:ENGINE
+PKCS12_SAFEBAG_get_bag_nid              1696	1_1_0	EXIST::FUNCTION:
+TS_CONF_set_digests                     1697	1_1_0	EXIST::FUNCTION:TS
+PKCS7_SIGNED_it                         1698	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_SIGNED_it                         1698	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+b2i_PublicKey                           1699	1_1_0	EXIST::FUNCTION:DSA
+X509_PURPOSE_cleanup                    1700	1_1_0	EXIST::FUNCTION:
+ESS_SIGNING_CERT_dup                    1701	1_1_0	EXIST::FUNCTION:TS
+ENGINE_set_default_DSA                  1702	1_1_0	EXIST::FUNCTION:ENGINE
+X509_REVOKED_new                        1703	1_1_0	EXIST::FUNCTION:
+NCONF_WIN32                             1704	1_1_0	EXIST::FUNCTION:
+RSA_padding_check_PKCS1_OAEP_mgf1       1705	1_1_0	EXIST::FUNCTION:RSA
+X509_policy_tree_get0_level             1706	1_1_0	EXIST::FUNCTION:
+ASN1_parse_dump                         1708	1_1_0	EXIST::FUNCTION:
+BIO_vfree                               1709	1_1_0	EXIST::FUNCTION:
+CRYPTO_cbc128_decrypt                   1710	1_1_0	EXIST::FUNCTION:
+UI_dup_verify_string                    1711	1_1_0	EXIST::FUNCTION:
+d2i_PKCS7_bio                           1712	1_1_0	EXIST::FUNCTION:
+ENGINE_set_default_digests              1713	1_1_0	EXIST::FUNCTION:ENGINE
+i2d_PublicKey                           1714	1_1_0	EXIST::FUNCTION:
+RC5_32_set_key                          1715	1_1_0	EXIST::FUNCTION:RC5
+AES_unwrap_key                          1716	1_1_0	EXIST::FUNCTION:
+EVP_Cipher                              1717	1_1_0	EXIST::FUNCTION:
+AES_set_decrypt_key                     1718	1_1_0	EXIST::FUNCTION:
+BF_ofb64_encrypt                        1719	1_1_0	EXIST::FUNCTION:BF
+d2i_TS_TST_INFO_fp                      1720	1_1_0	EXIST::FUNCTION:STDIO,TS
+X509_find_by_issuer_and_serial          1721	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_type                           1722	1_1_0	EXIST::FUNCTION:
+ENGINE_ctrl                             1723	1_1_0	EXIST::FUNCTION:ENGINE
+EVP_cast5_ecb                           1724	1_1_0	EXIST::FUNCTION:CAST
+BIO_nwrite0                             1725	1_1_0	EXIST::FUNCTION:
+CAST_encrypt                            1726	1_1_0	EXIST::FUNCTION:CAST
+a2d_ASN1_OBJECT                         1727	1_1_0	EXIST::FUNCTION:
+OCSP_ONEREQ_delete_ext                  1728	1_1_0	EXIST::FUNCTION:OCSP
+UI_method_get_reader                    1729	1_1_0	EXIST::FUNCTION:
+CMS_unsigned_get_attr                   1730	1_1_0	EXIST::FUNCTION:CMS
+EVP_aes_256_cbc                         1731	1_1_0	EXIST::FUNCTION:
+X509_check_ip_asc                       1732	1_1_0	EXIST::FUNCTION:
+PEM_write_bio_X509_AUX                  1733	1_1_0	EXIST::FUNCTION:
+RC2_cbc_encrypt                         1734	1_1_0	EXIST::FUNCTION:RC2
+TS_MSG_IMPRINT_new                      1735	1_1_0	EXIST::FUNCTION:TS
+EVP_ENCODE_CTX_new                      1736	1_1_0	EXIST::FUNCTION:
+BIO_f_base64                            1737	1_1_0	EXIST::FUNCTION:
+CMS_verify                              1738	1_1_0	EXIST::FUNCTION:CMS
+i2d_PrivateKey                          1739	1_1_0	EXIST::FUNCTION:
+i2d_OCSP_ONEREQ                         1740	1_1_0	EXIST::FUNCTION:OCSP
+OPENSSL_issetugid                       1741	1_1_0	EXIST::FUNCTION:
+d2i_ASN1_OBJECT                         1742	1_1_0	EXIST::FUNCTION:
+EVP_MD_meth_set_flags                   1743	1_1_0	EXIST::FUNCTION:
+EVP_idea_cbc                            1744	1_1_0	EXIST::FUNCTION:IDEA
+EC_POINT_cmp                            1745	1_1_0	EXIST::FUNCTION:EC
+ASN1_buf_print                          1746	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_hex2ctrl                   1747	1_1_0	EXIST::FUNCTION:
+PEM_write_bio_PKCS8PrivateKey           1748	1_1_0	EXIST::FUNCTION:
+CMAC_Update                             1749	1_1_0	EXIST::FUNCTION:CMAC
+d2i_ASN1_UTCTIME                        1750	1_1_0	EXIST::FUNCTION:
+OPENSSL_sk_insert                       1751	1_1_0	EXIST::FUNCTION:
+DSO_up_ref                              1752	1_1_0	EXIST::FUNCTION:
+EVP_rc2_cbc                             1753	1_1_0	EXIST::FUNCTION:RC2
+i2d_NETSCAPE_SPKI                       1754	1_1_0	EXIST::FUNCTION:
+ASYNC_init_thread                       1755	1_1_0	EXIST::FUNCTION:
+OCSP_BASICRESP_get_ext_by_OBJ           1756	1_1_0	EXIST::FUNCTION:OCSP
+X509_reject_clear                       1757	1_1_0	EXIST::FUNCTION:
+DH_security_bits                        1758	1_1_0	EXIST::FUNCTION:DH
+LONG_it                                 1759	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DEPRECATEDIN_1_2_0
+LONG_it                                 1759	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DEPRECATEDIN_1_2_0
+ASN1_dup                                1760	1_1_0	EXIST::FUNCTION:
+TS_RESP_new                             1761	1_1_0	EXIST::FUNCTION:TS
+i2d_PKCS8PrivateKeyInfo_fp              1762	1_1_0	EXIST::FUNCTION:STDIO
+X509_alias_get0                         1763	1_1_0	EXIST::FUNCTION:
+X509_ATTRIBUTE_free                     1764	1_1_0	EXIST::FUNCTION:
+d2i_X509_bio                            1765	1_1_0	EXIST::FUNCTION:
+TS_TST_INFO_get_exts                    1766	1_1_0	EXIST::FUNCTION:TS
+EVP_aes_256_ecb                         1767	1_1_0	EXIST::FUNCTION:
+ASN1_BIT_STRING_name_print              1768	1_1_0	EXIST::FUNCTION:
+d2i_X509_EXTENSIONS                     1769	1_1_0	EXIST::FUNCTION:
+ASN1_OCTET_STRING_free                  1770	1_1_0	EXIST::FUNCTION:
+PKCS7_RECIP_INFO_free                   1771	1_1_0	EXIST::FUNCTION:
+ASN1_tag2bit                            1772	1_1_0	EXIST::FUNCTION:
+TS_REQ_add_ext                          1773	1_1_0	EXIST::FUNCTION:TS
+X509_digest                             1776	1_1_0	EXIST::FUNCTION:
+CRYPTO_THREAD_cleanup_local             1777	1_1_0	EXIST::FUNCTION:
+NETSCAPE_CERT_SEQUENCE_it               1778	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+NETSCAPE_CERT_SEQUENCE_it               1778	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_aes_128_wrap                        1779	1_1_0	EXIST::FUNCTION:
+X509V3_conf_free                        1780	1_1_0	EXIST::FUNCTION:
+TS_TST_INFO_get_ext_by_NID              1781	1_1_0	EXIST::FUNCTION:TS
+EVP_aes_256_cfb1                        1782	1_1_0	EXIST::FUNCTION:
+X509_issuer_name_cmp                    1783	1_1_0	EXIST::FUNCTION:
+CMS_RecipientEncryptedKey_get0_id       1784	1_1_0	EXIST::FUNCTION:CMS
+EVP_PKEY_meth_get_verify_recover        1785	1_1_0	EXIST::FUNCTION:
+NAME_CONSTRAINTS_check                  1786	1_1_0	EXIST::FUNCTION:
+X509_CERT_AUX_it                        1787	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_CERT_AUX_it                        1787	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_get_X509_PUBKEY                    1789	1_1_0	EXIST::FUNCTION:
+TXT_DB_create_index                     1790	1_1_0	EXIST::FUNCTION:
+RAND_set_rand_engine                    1791	1_1_0	EXIST::FUNCTION:ENGINE
+X509_set_serialNumber                   1792	1_1_0	EXIST::FUNCTION:
+BN_mod_exp_mont_consttime               1793	1_1_0	EXIST::FUNCTION:
+X509V3_parse_list                       1794	1_1_0	EXIST::FUNCTION:
+ACCESS_DESCRIPTION_new                  1795	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_CTX_clear_flags              1796	1_1_0	EXIST::FUNCTION:
+ECDSA_size                              1797	1_1_0	EXIST::FUNCTION:EC
+X509_ALGOR_get0                         1798	1_1_0	EXIST::FUNCTION:
+d2i_ACCESS_DESCRIPTION                  1799	1_1_0	EXIST::FUNCTION:
+OCSP_SINGLERESP_get_ext_by_NID          1800	1_1_0	EXIST::FUNCTION:OCSP
+a2i_IPADDRESS_NC                        1801	1_1_0	EXIST::FUNCTION:
+CTLOG_STORE_load_default_file           1802	1_1_0	EXIST::FUNCTION:CT
+PKCS12_SAFEBAG_create_pkcs8_encrypt     1803	1_1_0	EXIST::FUNCTION:
+RAND_screen                             1804	1_1_0	EXIST:_WIN32:FUNCTION:DEPRECATEDIN_1_1_0
+CONF_get_string                         1805	1_1_0	EXIST::FUNCTION:
+X509_cmp_current_time                   1806	1_1_0	EXIST::FUNCTION:
+i2d_DSAPrivateKey                       1807	1_1_0	EXIST::FUNCTION:DSA
+ASN1_BIT_STRING_new                     1808	1_1_0	EXIST::FUNCTION:
+BIO_new_file                            1809	1_1_0	EXIST::FUNCTION:
+PKCS7_SIGNER_INFO_get0_algs             1810	1_1_0	EXIST::FUNCTION:
+TS_RESP_set_status_info                 1811	1_1_0	EXIST::FUNCTION:TS
+OPENSSL_LH_delete                       1812	1_1_0	EXIST::FUNCTION:
+TS_STATUS_INFO_dup                      1813	1_1_0	EXIST::FUNCTION:TS
+X509v3_addr_get_range                   1814	1_1_0	EXIST::FUNCTION:RFC3779
+X509_EXTENSION_get_data                 1815	1_1_0	EXIST::FUNCTION:
+RC5_32_encrypt                          1816	1_1_0	EXIST::FUNCTION:RC5
+DIST_POINT_set_dpname                   1817	1_1_0	EXIST::FUNCTION:
+BIO_sock_info                           1818	1_1_0	EXIST::FUNCTION:SOCK
+OPENSSL_hexstr2buf                      1819	1_1_0	EXIST::FUNCTION:
+EVP_add_cipher                          1820	1_1_0	EXIST::FUNCTION:
+X509V3_EXT_add_list                     1821	1_1_0	EXIST::FUNCTION:
+CMS_compress                            1822	1_1_0	EXIST::FUNCTION:CMS
+X509_get_ext_by_critical                1823	1_1_0	EXIST::FUNCTION:
+ASYNC_WAIT_CTX_clear_fd                 1824	1_1_0	EXIST::FUNCTION:
+ZLONG_it                                1825	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DEPRECATEDIN_1_2_0
+ZLONG_it                                1825	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DEPRECATEDIN_1_2_0
+OPENSSL_sk_find_ex                      1826	1_1_0	EXIST::FUNCTION:
+ASN1_ENUMERATED_to_BN                   1827	1_1_0	EXIST::FUNCTION:
+X509_CRL_get_ext_d2i                    1828	1_1_0	EXIST::FUNCTION:
+i2d_AUTHORITY_KEYID                     1829	1_1_0	EXIST::FUNCTION:
+TS_TST_INFO_get_time                    1830	1_1_0	EXIST::FUNCTION:TS
+ASN1_VISIBLESTRING_it                   1831	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_VISIBLESTRING_it                   1831	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509V3_EXT_REQ_add_conf                 1832	1_1_0	EXIST::FUNCTION:
+ASN1_STRING_to_UTF8                     1833	1_1_0	EXIST::FUNCTION:
+EVP_MD_meth_set_update                  1835	1_1_0	EXIST::FUNCTION:
+EVP_camellia_192_cbc                    1836	1_1_0	EXIST::FUNCTION:CAMELLIA
+OPENSSL_LH_stats_bio                    1837	1_1_0	EXIST::FUNCTION:
+PKCS7_set_signed_attributes             1838	1_1_0	EXIST::FUNCTION:
+EC_KEY_priv2buf                         1839	1_1_0	EXIST::FUNCTION:EC
+BN_BLINDING_free                        1840	1_1_0	EXIST::FUNCTION:
+IPAddressChoice_new                     1841	1_1_0	EXIST::FUNCTION:RFC3779
+X509_CRL_get_ext_count                  1842	1_1_0	EXIST::FUNCTION:
+PKCS12_add_key                          1843	1_1_0	EXIST::FUNCTION:
+EVP_camellia_128_cfb1                   1844	1_1_0	EXIST::FUNCTION:CAMELLIA
+BIO_find_type                           1845	1_1_0	EXIST::FUNCTION:
+ISSUING_DIST_POINT_it                   1846	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ISSUING_DIST_POINT_it                   1846	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+BIO_ctrl_wpending                       1847	1_1_0	EXIST::FUNCTION:
+X509_ALGOR_cmp                          1848	1_1_0	EXIST::FUNCTION:
+i2d_ASN1_bio_stream                     1849	1_1_0	EXIST::FUNCTION:
+CRYPTO_THREAD_init_local                1850	1_1_0	EXIST::FUNCTION:
+TS_RESP_CTX_set_serial_cb               1851	1_1_0	EXIST::FUNCTION:TS
+POLICY_MAPPING_it                       1852	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+POLICY_MAPPING_it                       1852	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ERR_load_KDF_strings                    1853	1_1_0	EXIST::FUNCTION:
+UI_method_set_reader                    1854	1_1_0	EXIST::FUNCTION:
+BIO_next                                1855	1_1_0	EXIST::FUNCTION:
+ASN1_STRING_set_default_mask_asc        1856	1_1_0	EXIST::FUNCTION:
+X509_CRL_new                            1857	1_1_0	EXIST::FUNCTION:
+i2b_PrivateKey_bio                      1858	1_1_0	EXIST::FUNCTION:DSA
+ASN1_STRING_length_set                  1859	1_1_0	EXIST::FUNCTION:
+PEM_write_PKCS8                         1860	1_1_0	EXIST::FUNCTION:STDIO
+PKCS7_digest_from_attributes            1861	1_1_0	EXIST::FUNCTION:
+EC_GROUP_set_curve_GFp                  1862	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_2_0,EC
+X509_PURPOSE_get0                       1863	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_set1_DSA                       1864	1_1_0	EXIST::FUNCTION:DSA
+X509_NAME_it                            1865	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_NAME_it                            1865	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OBJ_add_object                          1866	1_1_0	EXIST::FUNCTION:
+DSA_generate_key                        1867	1_1_0	EXIST::FUNCTION:DSA
+EVP_DigestUpdate                        1868	1_1_0	EXIST::FUNCTION:
+X509_get_ext_by_OBJ                     1869	1_1_0	EXIST::FUNCTION:
+PBEPARAM_new                            1870	1_1_0	EXIST::FUNCTION:
+EVP_aes_128_cbc                         1871	1_1_0	EXIST::FUNCTION:
+CRYPTO_dup_ex_data                      1872	1_1_0	EXIST::FUNCTION:
+OCSP_single_get0_status                 1873	1_1_0	EXIST::FUNCTION:OCSP
+d2i_AUTHORITY_INFO_ACCESS               1874	1_1_0	EXIST::FUNCTION:
+PEM_read_RSAPrivateKey                  1875	1_1_0	EXIST::FUNCTION:RSA,STDIO
+BIO_closesocket                         1876	1_1_0	EXIST::FUNCTION:SOCK
+RSA_verify_ASN1_OCTET_STRING            1877	1_1_0	EXIST::FUNCTION:RSA
+SCT_set_log_entry_type                  1878	1_1_0	EXIST::FUNCTION:CT
+BN_new                                  1879	1_1_0	EXIST::FUNCTION:
+X509_OBJECT_retrieve_by_subject         1880	1_1_0	EXIST::FUNCTION:
+MD5_Final                               1881	1_1_0	EXIST::FUNCTION:MD5
+X509_STORE_set_verify_cb                1882	1_1_0	EXIST::FUNCTION:
+OCSP_REQUEST_print                      1883	1_1_0	EXIST::FUNCTION:OCSP
+CMS_add1_crl                            1884	1_1_0	EXIST::FUNCTION:CMS
+d2i_EDIPARTYNAME                        1885	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_set0_trusted_stack       1886	1_1_0	EXIST::FUNCTION:
+BIO_ADDR_service_string                 1887	1_1_0	EXIST::FUNCTION:SOCK
+ASN1_BOOLEAN_it                         1888	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_BOOLEAN_it                         1888	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+TS_RESP_CTX_set_time_cb                 1889	1_1_0	EXIST::FUNCTION:TS
+IDEA_cbc_encrypt                        1890	1_1_0	EXIST::FUNCTION:IDEA
+BN_CTX_secure_new                       1891	1_1_0	EXIST::FUNCTION:
+OCSP_ONEREQ_add_ext                     1892	1_1_0	EXIST::FUNCTION:OCSP
+CMS_uncompress                          1893	1_1_0	EXIST::FUNCTION:CMS
+CRYPTO_mem_debug_pop                    1895	1_1_0	EXIST::FUNCTION:CRYPTO_MDEBUG
+EVP_aes_192_cfb128                      1896	1_1_0	EXIST::FUNCTION:
+OCSP_REQ_CTX_nbio                       1897	1_1_0	EXIST::FUNCTION:OCSP
+EVP_CIPHER_CTX_copy                     1898	1_1_0	EXIST::FUNCTION:
+CRYPTO_secure_allocated                 1899	1_1_0	EXIST::FUNCTION:
+UI_UTIL_read_pw_string                  1900	1_1_0	EXIST::FUNCTION:
+NOTICEREF_free                          1901	1_1_0	EXIST::FUNCTION:
+AES_cfb1_encrypt                        1902	1_1_0	EXIST::FUNCTION:
+X509v3_get_ext                          1903	1_1_0	EXIST::FUNCTION:
+CRYPTO_gcm128_encrypt_ctr32             1905	1_1_0	EXIST::FUNCTION:
+SCT_set1_signature                      1906	1_1_0	EXIST::FUNCTION:CT
+CONF_imodule_get_module                 1907	1_1_0	EXIST::FUNCTION:
+NAME_CONSTRAINTS_new                    1908	1_1_0	EXIST::FUNCTION:
+BN_usub                                 1909	1_1_0	EXIST::FUNCTION:
+SRP_Calc_B                              1910	1_1_0	EXIST::FUNCTION:SRP
+CMS_decrypt_set1_key                    1911	1_1_0	EXIST::FUNCTION:CMS
+EC_GROUP_get_degree                     1912	1_1_0	EXIST::FUNCTION:EC
+X509_ALGOR_set0                         1913	1_1_0	EXIST::FUNCTION:
+OPENSSL_LH_set_down_load                1914	1_1_0	EXIST::FUNCTION:
+X509v3_asid_inherits                    1915	1_1_0	EXIST::FUNCTION:RFC3779
+EVP_MD_meth_get_app_datasize            1916	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get_num_untrusted        1917	1_1_0	EXIST::FUNCTION:
+RAND_poll                               1918	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_print_public                   1919	1_1_0	EXIST::FUNCTION:
+CMS_SignedData_init                     1920	1_1_0	EXIST::FUNCTION:CMS
+X509_REQ_free                           1921	1_1_0	EXIST::FUNCTION:
+ASN1_INTEGER_set                        1922	1_1_0	EXIST::FUNCTION:
+EVP_DecodeFinal                         1923	1_1_0	EXIST::FUNCTION:
+MD5_Transform                           1925	1_1_0	EXIST::FUNCTION:MD5
+SRP_create_verifier_BN                  1926	1_1_0	EXIST::FUNCTION:SRP
+ENGINE_register_all_EC                  1927	1_1_0	EXIST::FUNCTION:ENGINE
+EVP_camellia_128_ofb                    1928	1_1_0	EXIST::FUNCTION:CAMELLIA
+PEM_write_X509_AUX                      1929	1_1_0	EXIST::FUNCTION:STDIO
+X509_LOOKUP_by_subject                  1930	1_1_0	EXIST::FUNCTION:
+X509_REQ_add_extensions                 1931	1_1_0	EXIST::FUNCTION:
+Camellia_cbc_encrypt                    1932	1_1_0	EXIST::FUNCTION:CAMELLIA
+EC_KEY_METHOD_new                       1933	1_1_0	EXIST::FUNCTION:EC
+RSA_flags                               1934	1_1_0	EXIST::FUNCTION:RSA
+X509_NAME_add_entry                     1935	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_get_asn1_iv                  1936	1_1_0	EXIST::FUNCTION:
+i2d_RSAPrivateKey_bio                   1937	1_1_0	EXIST::FUNCTION:RSA
+PKCS5_PBE_keyivgen                      1938	1_1_0	EXIST::FUNCTION:
+i2d_OCSP_SERVICELOC                     1939	1_1_0	EXIST::FUNCTION:OCSP
+EC_POINT_copy                           1940	1_1_0	EXIST::FUNCTION:EC
+X509V3_EXT_CRL_add_nconf                1941	1_1_0	EXIST::FUNCTION:
+SHA256_Init                             1942	1_1_0	EXIST::FUNCTION:
+X509_NAME_ENTRY_get_object              1943	1_1_0	EXIST::FUNCTION:
+ASN1_ENUMERATED_free                    1944	1_1_0	EXIST::FUNCTION:
+X509_CRL_set_meth_data                  1945	1_1_0	EXIST::FUNCTION:
+EVP_aes_192_cfb1                        1946	1_1_0	EXIST::FUNCTION:
+EVP_MD_CTX_set_flags                    1947	1_1_0	EXIST::FUNCTION:
+EVP_seed_cbc                            1948	1_1_0	EXIST::FUNCTION:SEED
+d2i_PKCS12                              1949	1_1_0	EXIST::FUNCTION:
+X509_policy_node_get0_policy            1950	1_1_0	EXIST::FUNCTION:
+PKCS12_unpack_p7data                    1951	1_1_0	EXIST::FUNCTION:
+ECDSA_sign                              1952	1_1_0	EXIST::FUNCTION:EC
+d2i_PKCS12_fp                           1953	1_1_0	EXIST::FUNCTION:STDIO
+CMS_unsigned_get_attr_by_NID            1954	1_1_0	EXIST::FUNCTION:CMS
+UI_add_user_data                        1955	1_1_0	EXIST::FUNCTION:
+BN_bntest_rand                          1956	1_1_0	EXIST::FUNCTION:
+X509_get_pubkey                         1957	1_1_0	EXIST::FUNCTION:
+i2d_X509_NAME                           1958	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_add1_attr                      1959	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_purpose_inherit          1960	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_meth_get_keygen                1961	1_1_0	EXIST::FUNCTION:
+ENGINE_get_pkey_asn1_meth               1962	1_1_0	EXIST::FUNCTION:ENGINE
+SHA256_Update                           1963	1_1_0	EXIST::FUNCTION:
+d2i_PKCS7_ISSUER_AND_SERIAL             1964	1_1_0	EXIST::FUNCTION:
+PKCS12_unpack_authsafes                 1965	1_1_0	EXIST::FUNCTION:
+X509_CRL_it                             1966	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_CRL_it                             1966	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_X509_ALGOR                          1967	1_1_0	EXIST::FUNCTION:
+PKCS12_PBE_keyivgen                     1968	1_1_0	EXIST::FUNCTION:
+BIO_test_flags                          1969	1_1_0	EXIST::FUNCTION:
+EC_POINT_get_affine_coordinates_GF2m    1970	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_2_0,EC,EC2M
+EVP_ENCODE_CTX_num                      1971	1_1_0	EXIST::FUNCTION:
+Camellia_cfb1_encrypt                   1972	1_1_0	EXIST::FUNCTION:CAMELLIA
+NCONF_load_fp                           1973	1_1_0	EXIST::FUNCTION:STDIO
+i2d_OCSP_REQINFO                        1974	1_1_0	EXIST::FUNCTION:OCSP
+EVP_PKEY_sign                           1975	1_1_0	EXIST::FUNCTION:
+TS_REQ_get_ext_by_critical              1976	1_1_0	EXIST::FUNCTION:TS
+EC_KEY_key2buf                          1977	1_1_0	EXIST::FUNCTION:EC
+X509_EXTENSION_it                       1978	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_EXTENSION_it                       1978	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+i2d_PKCS8_fp                            1979	1_1_0	EXIST::FUNCTION:STDIO
+UTF8_getc                               1980	1_1_0	EXIST::FUNCTION:
+ASN1_IA5STRING_free                     1981	1_1_0	EXIST::FUNCTION:
+EC_KEY_METHOD_get_verify                1982	1_1_0	EXIST::FUNCTION:EC
+OBJ_NAME_do_all                         1983	1_1_0	EXIST::FUNCTION:
+d2i_TS_MSG_IMPRINT_fp                   1984	1_1_0	EXIST::FUNCTION:STDIO,TS
+X509_CRL_verify                         1985	1_1_0	EXIST::FUNCTION:
+X509_get0_uids                          1986	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_get0_DSA                       1987	1_1_0	EXIST::FUNCTION:DSA
+d2i_CMS_ContentInfo                     1988	1_1_0	EXIST::FUNCTION:CMS
+EVP_CIPHER_meth_get_do_cipher           1989	1_1_0	EXIST::FUNCTION:
+i2d_DSA_PUBKEY                          1990	1_1_0	EXIST::FUNCTION:DSA
+GENERAL_NAME_it                         1991	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+GENERAL_NAME_it                         1991	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_des_ede_ecb                         1992	1_1_0	EXIST::FUNCTION:DES
+i2d_CRL_DIST_POINTS                     1993	1_1_0	EXIST::FUNCTION:
+PEM_write_bio_X509_REQ_NEW              1994	1_1_0	EXIST::FUNCTION:
+RC5_32_ofb64_encrypt                    1995	1_1_0	EXIST::FUNCTION:RC5
+i2d_PKCS7                               1996	1_1_0	EXIST::FUNCTION:
+BN_mod_lshift_quick                     1997	1_1_0	EXIST::FUNCTION:
+DIST_POINT_NAME_it                      1998	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+DIST_POINT_NAME_it                      1998	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PEM_read_PrivateKey                     1999	1_1_0	EXIST::FUNCTION:STDIO
+X509V3_get_d2i                          2000	1_1_0	EXIST::FUNCTION:
+PKCS7_SIGNER_INFO_sign                  2001	1_1_0	EXIST::FUNCTION:
+TS_TST_INFO_free                        2002	1_1_0	EXIST::FUNCTION:TS
+DSA_security_bits                       2003	1_1_0	EXIST::FUNCTION:DSA
+X509v3_addr_is_canonical                2004	1_1_0	EXIST::FUNCTION:RFC3779
+BN_mod_mul_reciprocal                   2005	1_1_0	EXIST::FUNCTION:
+TS_REQ_get_version                      2006	1_1_0	EXIST::FUNCTION:TS
+BN_exp                                  2007	1_1_0	EXIST::FUNCTION:
+i2d_SXNET                               2008	1_1_0	EXIST::FUNCTION:
+OBJ_bsearch_                            2009	1_1_0	EXIST::FUNCTION:
+OPENSSL_LH_new                          2010	1_1_0	EXIST::FUNCTION:
+ENGINE_register_all_pkey_meths          2011	1_1_0	EXIST::FUNCTION:ENGINE
+ENGINE_get_init_function                2012	1_1_0	EXIST::FUNCTION:ENGINE
+EC_POINT_point2hex                      2013	1_1_0	EXIST::FUNCTION:EC
+ENGINE_get_default_DSA                  2014	1_1_0	EXIST::FUNCTION:ENGINE
+ENGINE_register_all_complete            2015	1_1_0	EXIST::FUNCTION:ENGINE
+SRP_get_default_gN                      2016	1_1_0	EXIST::FUNCTION:SRP
+UI_dup_input_boolean                    2017	1_1_0	EXIST::FUNCTION:
+PKCS7_dup                               2018	1_1_0	EXIST::FUNCTION:
+i2d_TS_REQ_fp                           2019	1_1_0	EXIST::FUNCTION:STDIO,TS
+i2d_OTHERNAME                           2020	1_1_0	EXIST::FUNCTION:
+EC_KEY_get0_private_key                 2021	1_1_0	EXIST::FUNCTION:EC
+SCT_get0_extensions                     2022	1_1_0	EXIST::FUNCTION:CT
+OPENSSL_LH_node_stats_bio               2023	1_1_0	EXIST::FUNCTION:
+i2d_DIRECTORYSTRING                     2024	1_1_0	EXIST::FUNCTION:
+BN_X931_derive_prime_ex                 2025	1_1_0	EXIST::FUNCTION:
+ENGINE_get_pkey_asn1_meth_str           2026	1_1_0	EXIST::FUNCTION:ENGINE
+PKCS7_signatureVerify                   2027	1_1_0	EXIST::FUNCTION:
+CRYPTO_ocb128_new                       2028	1_1_0	EXIST::FUNCTION:OCB
+EC_curve_nist2nid                       2029	1_1_0	EXIST::FUNCTION:EC
+UI_get0_result                          2030	1_1_0	EXIST::FUNCTION:
+OCSP_request_add1_nonce                 2031	1_1_0	EXIST::FUNCTION:OCSP
+UI_construct_prompt                     2032	1_1_0	EXIST::FUNCTION:
+ENGINE_unregister_RSA                   2033	1_1_0	EXIST::FUNCTION:ENGINE
+EC_GROUP_order_bits                     2034	1_1_0	EXIST::FUNCTION:EC
+d2i_CMS_bio                             2035	1_1_0	EXIST::FUNCTION:CMS
+OPENSSL_sk_num                          2036	1_1_0	EXIST::FUNCTION:
+_shadow_DES_check_key                   2037	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DES
+_shadow_DES_check_key                   2037	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DES
+CMS_RecipientInfo_set0_pkey             2038	1_1_0	EXIST::FUNCTION:CMS
+X509_STORE_CTX_set_default              2039	1_1_0	EXIST::FUNCTION:
+AES_wrap_key                            2040	1_1_0	EXIST::FUNCTION:
+EVP_md_null                             2041	1_1_0	EXIST::FUNCTION:
+i2d_SCT_LIST                            2042	1_1_0	EXIST::FUNCTION:CT
+PKCS7_get_issuer_and_serial             2043	1_1_0	EXIST::FUNCTION:
+PKCS7_SIGN_ENVELOPE_it                  2044	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_SIGN_ENVELOPE_it                  2044	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_d2i_fp                             2045	1_1_0	EXIST::FUNCTION:STDIO
+EVP_DecryptFinal                        2046	1_1_0	EXIST::FUNCTION:
+ASN1_ENUMERATED_it                      2047	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_ENUMERATED_it                      2047	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+o2i_ECPublicKey                         2048	1_1_0	EXIST::FUNCTION:EC
+ERR_load_BUF_strings                    2049	1_1_0	EXIST::FUNCTION:
+PEM_read_bio_RSA_PUBKEY                 2050	1_1_0	EXIST::FUNCTION:RSA
+OCSP_SINGLERESP_new                     2051	1_1_0	EXIST::FUNCTION:OCSP
+ASN1_SCTX_free                          2052	1_1_0	EXIST::FUNCTION:
+i2d_ECPrivateKey_fp                     2053	1_1_0	EXIST::FUNCTION:EC,STDIO
+EVP_CIPHER_CTX_original_iv              2054	1_1_0	EXIST::FUNCTION:
+PKCS7_SIGNED_free                       2055	1_1_0	EXIST::FUNCTION:
+X509_TRUST_get0_name                    2056	1_1_0	EXIST::FUNCTION:
+ENGINE_get_load_pubkey_function         2057	1_1_0	EXIST::FUNCTION:ENGINE
+UI_get_default_method                   2058	1_1_0	EXIST::FUNCTION:
+PKCS12_add_CSPName_asc                  2059	1_1_0	EXIST::FUNCTION:
+PEM_write_PUBKEY                        2060	1_1_0	EXIST::FUNCTION:STDIO
+UI_method_set_prompt_constructor        2061	1_1_0	EXIST::FUNCTION:
+OBJ_length                              2062	1_1_0	EXIST::FUNCTION:
+BN_GENCB_get_arg                        2063	1_1_0	EXIST::FUNCTION:
+EVP_MD_CTX_clear_flags                  2064	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_meth_get_verifyctx             2065	1_1_0	EXIST::FUNCTION:
+CT_POLICY_EVAL_CTX_get0_cert            2066	1_1_0	EXIST::FUNCTION:CT
+PEM_write_DHparams                      2067	1_1_0	EXIST::FUNCTION:DH,STDIO
+DH_set_ex_data                          2068	1_1_0	EXIST::FUNCTION:DH
+OCSP_SIGNATURE_free                     2069	1_1_0	EXIST::FUNCTION:OCSP
+CRYPTO_128_unwrap_pad                   2070	1_1_0	EXIST::FUNCTION:
+BIO_new_CMS                             2071	1_1_0	EXIST::FUNCTION:CMS
+i2d_ASN1_ENUMERATED                     2072	1_1_0	EXIST::FUNCTION:
+PEM_read_DSAparams                      2073	1_1_0	EXIST::FUNCTION:DSA,STDIO
+TS_TST_INFO_set_ordering                2074	1_1_0	EXIST::FUNCTION:TS
+MDC2_Init                               2075	1_1_0	EXIST::FUNCTION:MDC2
+i2o_SCT                                 2076	1_1_0	EXIST::FUNCTION:CT
+d2i_TS_STATUS_INFO                      2077	1_1_0	EXIST::FUNCTION:TS
+ERR_error_string_n                      2078	1_1_0	EXIST::FUNCTION:
+HMAC                                    2079	1_1_0	EXIST::FUNCTION:
+BN_mul                                  2080	1_1_0	EXIST::FUNCTION:
+BN_get0_nist_prime_384                  2081	1_1_0	EXIST::FUNCTION:
+X509_VERIFY_PARAM_set1_ip_asc           2082	1_1_0	EXIST::FUNCTION:
+CONF_modules_load                       2083	1_1_0	EXIST::FUNCTION:
+d2i_RSAPublicKey                        2084	1_1_0	EXIST::FUNCTION:RSA
+i2d_ASN1_GENERALSTRING                  2085	1_1_0	EXIST::FUNCTION:
+POLICYQUALINFO_new                      2086	1_1_0	EXIST::FUNCTION:
+PKCS7_RECIP_INFO_get0_alg               2087	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_base_id                        2088	1_1_0	EXIST::FUNCTION:
+UI_method_set_opener                    2089	1_1_0	EXIST::FUNCTION:
+X509v3_get_ext_by_NID                   2090	1_1_0	EXIST::FUNCTION:
+TS_CONF_set_policies                    2091	1_1_0	EXIST::FUNCTION:TS
+CMS_SignerInfo_cert_cmp                 2092	1_1_0	EXIST::FUNCTION:CMS
+PEM_read                                2093	1_1_0	EXIST::FUNCTION:STDIO
+X509_STORE_set_depth                    2094	1_1_0	EXIST::FUNCTION:
+EC_KEY_METHOD_get_sign                  2095	1_1_0	EXIST::FUNCTION:EC
+EVP_CIPHER_CTX_iv                       2096	1_1_0	EXIST::FUNCTION:
+i2d_ESS_SIGNING_CERT                    2097	1_1_0	EXIST::FUNCTION:TS
+TS_RESP_set_tst_info                    2098	1_1_0	EXIST::FUNCTION:TS
+EVP_PKEY_CTX_set_data                   2099	1_1_0	EXIST::FUNCTION:
+CMS_EnvelopedData_create                2100	1_1_0	EXIST::FUNCTION:CMS
+SCT_new                                 2101	1_1_0	EXIST::FUNCTION:CT
+X509_REQ_add1_attr                      2102	1_1_0	EXIST::FUNCTION:
+X509_get_ext_count                      2103	1_1_0	EXIST::FUNCTION:
+CRYPTO_cts128_decrypt                   2104	1_1_0	EXIST::FUNCTION:
+ASYNC_WAIT_CTX_get_fd                   2105	1_1_0	EXIST::FUNCTION:
+i2d_TS_REQ                              2106	1_1_0	EXIST::FUNCTION:TS
+OCSP_ONEREQ_add1_ext_i2d                2107	1_1_0	EXIST::FUNCTION:OCSP
+ENGINE_register_pkey_meths              2108	1_1_0	EXIST::FUNCTION:ENGINE
+ENGINE_load_public_key                  2109	1_1_0	EXIST::FUNCTION:ENGINE
+ASIdOrRange_it                          2110	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+ASIdOrRange_it                          2110	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+DHparams_print_fp                       2111	1_1_0	EXIST::FUNCTION:DH,STDIO
+ERR_load_CRYPTO_strings                 2112	1_1_0	EXIST:!VMS:FUNCTION:
+ERR_load_CRYPTOlib_strings              2112	1_1_0	EXIST:VMS:FUNCTION:
+X509_REQ_set_version                    2113	1_1_0	EXIST::FUNCTION:
+d2i_ASN1_GENERALSTRING                  2114	1_1_0	EXIST::FUNCTION:
+i2d_ASIdentifiers                       2115	1_1_0	EXIST::FUNCTION:RFC3779
+X509V3_EXT_cleanup                      2116	1_1_0	EXIST::FUNCTION:
+CAST_ecb_encrypt                        2117	1_1_0	EXIST::FUNCTION:CAST
+BIO_s_file                              2118	1_1_0	EXIST::FUNCTION:
+RSA_X931_derive_ex                      2119	1_1_0	EXIST::FUNCTION:RSA
+EVP_PKEY_decrypt_init                   2120	1_1_0	EXIST::FUNCTION:
+ENGINE_get_destroy_function             2121	1_1_0	EXIST::FUNCTION:ENGINE
+SHA224_Init                             2122	1_1_0	EXIST::FUNCTION:
+X509V3_EXT_add_conf                     2123	1_1_0	EXIST::FUNCTION:
+ASN1_object_size                        2124	1_1_0	EXIST::FUNCTION:
+X509_REVOKED_free                       2125	1_1_0	EXIST::FUNCTION:
+BN_mod_exp_recp                         2126	1_1_0	EXIST::FUNCTION:
+EVP_mdc2                                2127	1_1_0	EXIST::FUNCTION:MDC2
+EVP_des_cfb64                           2128	1_1_0	EXIST::FUNCTION:DES
+PKCS7_sign                              2129	1_1_0	EXIST::FUNCTION:
+OCSP_SINGLERESP_get_ext_by_critical     2130	1_1_0	EXIST::FUNCTION:OCSP
+EDIPARTYNAME_it                         2131	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+EDIPARTYNAME_it                         2131	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ERR_print_errors_fp                     2132	1_1_0	EXIST::FUNCTION:STDIO
+BN_GF2m_mod_div_arr                     2133	1_1_0	EXIST::FUNCTION:EC2M
+PKCS12_SAFEBAG_get0_attr                2134	1_1_0	EXIST::FUNCTION:
+BIO_s_mem                               2135	1_1_0	EXIST::FUNCTION:
+OCSP_RESPDATA_new                       2136	1_1_0	EXIST::FUNCTION:OCSP
+ASN1_item_i2d_fp                        2137	1_1_0	EXIST::FUNCTION:STDIO
+BN_GF2m_mod_sqr                         2138	1_1_0	EXIST::FUNCTION:EC2M
+ASN1_PRINTABLE_new                      2139	1_1_0	EXIST::FUNCTION:
+OBJ_NAME_new_index                      2140	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_asn1_add_alias                 2141	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_get1_DSA                       2142	1_1_0	EXIST::FUNCTION:DSA
+SEED_cbc_encrypt                        2143	1_1_0	EXIST::FUNCTION:SEED
+EVP_rc2_40_cbc                          2144	1_1_0	EXIST::FUNCTION:RC2
+ECDSA_SIG_new                           2145	1_1_0	EXIST::FUNCTION:EC
+i2d_PKCS8PrivateKey_nid_fp              2146	1_1_0	EXIST::FUNCTION:STDIO
+X509_NAME_ENTRY_it                      2147	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_NAME_ENTRY_it                      2147	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+CRYPTO_THREAD_compare_id                2148	1_1_0	EXIST::FUNCTION:
+d2i_IPAddressChoice                     2149	1_1_0	EXIST::FUNCTION:RFC3779
+IPAddressFamily_it                      2150	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+IPAddressFamily_it                      2150	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+ERR_load_OCSP_strings                   2151	1_1_0	EXIST::FUNCTION:OCSP
+BIO_push                                2152	1_1_0	EXIST::FUNCTION:
+ASN1_BMPSTRING_new                      2153	1_1_0	EXIST::FUNCTION:
+COMP_get_type                           2154	1_1_0	EXIST::FUNCTION:COMP
+d2i_ASIdentifierChoice                  2155	1_1_0	EXIST::FUNCTION:RFC3779
+i2d_ASN1_T61STRING                      2156	1_1_0	EXIST::FUNCTION:
+X509_add1_trust_object                  2157	1_1_0	EXIST::FUNCTION:
+PEM_write_X509                          2158	1_1_0	EXIST::FUNCTION:STDIO
+BN_CTX_free                             2159	1_1_0	EXIST::FUNCTION:
+EC_GROUP_get_curve_GF2m                 2160	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_2_0,EC,EC2M
+EVP_MD_flags                            2161	1_1_0	EXIST::FUNCTION:
+OPENSSL_sk_set                          2162	1_1_0	EXIST::FUNCTION:
+OCSP_request_sign                       2163	1_1_0	EXIST::FUNCTION:OCSP
+BN_GF2m_mod_solve_quad                  2164	1_1_0	EXIST::FUNCTION:EC2M
+EC_POINT_method_of                      2165	1_1_0	EXIST::FUNCTION:EC
+PKCS7_ENCRYPT_it                        2166	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_ENCRYPT_it                        2166	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+AUTHORITY_INFO_ACCESS_it                2167	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+AUTHORITY_INFO_ACCESS_it                2167	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_EXTENSION_create_by_NID            2168	1_1_0	EXIST::FUNCTION:
+i2d_RSAPrivateKey                       2169	1_1_0	EXIST::FUNCTION:RSA
+d2i_CERTIFICATEPOLICIES                 2170	1_1_0	EXIST::FUNCTION:
+CMAC_CTX_get0_cipher_ctx                2171	1_1_0	EXIST::FUNCTION:CMAC
+X509_STORE_load_locations               2172	1_1_0	EXIST::FUNCTION:
+OBJ_find_sigid_algs                     2173	1_1_0	EXIST::FUNCTION:
+TS_RESP_CTX_set_accuracy                2174	1_1_0	EXIST::FUNCTION:TS
+NETSCAPE_SPKI_get_pubkey                2175	1_1_0	EXIST::FUNCTION:
+ECDSA_do_sign_ex                        2176	1_1_0	EXIST::FUNCTION:EC
+OCSP_ONEREQ_get_ext                     2177	1_1_0	EXIST::FUNCTION:OCSP
+BN_get_rfc3526_prime_4096               2179	1_1_0	EXIST::FUNCTION:
+d2i_PKCS7_fp                            2180	1_1_0	EXIST::FUNCTION:STDIO
+PEM_write_bio_NETSCAPE_CERT_SEQUENCE    2181	1_1_0	EXIST::FUNCTION:
+PKCS12_AUTHSAFES_it                     2182	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS12_AUTHSAFES_it                     2182	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_MD_CTX_free                         2183	1_1_0	EXIST::FUNCTION:
+CMS_RecipientInfo_kari_orig_id_cmp      2184	1_1_0	EXIST::FUNCTION:CMS
+NETSCAPE_SPKI_b64_encode                2185	1_1_0	EXIST::FUNCTION:
+d2i_PrivateKey                          2186	1_1_0	EXIST::FUNCTION:
+EVP_MD_CTX_new                          2187	1_1_0	EXIST::FUNCTION:
+X509_get0_tbs_sigalg                    2189	1_1_0	EXIST::FUNCTION:
+ASN1_GENERALIZEDTIME_new                2190	1_1_0	EXIST::FUNCTION:
+d2i_ECDSA_SIG                           2191	1_1_0	EXIST::FUNCTION:EC
+d2i_OTHERNAME                           2192	1_1_0	EXIST::FUNCTION:
+i2d_TS_RESP_fp                          2193	1_1_0	EXIST::FUNCTION:STDIO,TS
+OCSP_BASICRESP_get_ext_count            2194	1_1_0	EXIST::FUNCTION:OCSP
+ASN1_T61STRING_new                      2195	1_1_0	EXIST::FUNCTION:
+BN_kronecker                            2196	1_1_0	EXIST::FUNCTION:
+i2d_ACCESS_DESCRIPTION                  2197	1_1_0	EXIST::FUNCTION:
+EVP_camellia_192_cfb8                   2198	1_1_0	EXIST::FUNCTION:CAMELLIA
+X509_STORE_CTX_set_depth                2199	1_1_0	EXIST::FUNCTION:
+X509v3_delete_ext                       2200	1_1_0	EXIST::FUNCTION:
+ASN1_STRING_set0                        2201	1_1_0	EXIST::FUNCTION:
+BN_GF2m_add                             2202	1_1_0	EXIST::FUNCTION:EC2M
+CMAC_resume                             2203	1_1_0	EXIST::FUNCTION:CMAC
+TS_ACCURACY_set_millis                  2204	1_1_0	EXIST::FUNCTION:TS
+X509V3_EXT_conf                         2205	1_1_0	EXIST::FUNCTION:
+i2d_DHxparams                           2206	1_1_0	EXIST::FUNCTION:DH
+EVP_CIPHER_CTX_free                     2207	1_1_0	EXIST::FUNCTION:
+WHIRLPOOL_BitUpdate                     2208	1_1_0	EXIST::FUNCTION:WHIRLPOOL
+EVP_idea_ecb                            2209	1_1_0	EXIST::FUNCTION:IDEA
+i2d_TS_ACCURACY                         2210	1_1_0	EXIST::FUNCTION:TS
+ASN1_VISIBLESTRING_free                 2211	1_1_0	EXIST::FUNCTION:
+NCONF_load_bio                          2212	1_1_0	EXIST::FUNCTION:
+DSA_get_default_method                  2213	1_1_0	EXIST::FUNCTION:DSA
+OPENSSL_LH_retrieve                     2214	1_1_0	EXIST::FUNCTION:
+CRYPTO_ccm128_decrypt_ccm64             2215	1_1_0	EXIST::FUNCTION:
+TS_RESP_CTX_set_clock_precision_digits  2216	1_1_0	EXIST::FUNCTION:TS
+SCT_LIST_validate                       2217	1_1_0	EXIST::FUNCTION:CT
+X509_PURPOSE_get_id                     2218	1_1_0	EXIST::FUNCTION:
+EC_KEY_get_ex_data                      2219	1_1_0	EXIST::FUNCTION:EC
+EVP_MD_size                             2220	1_1_0	EXIST::FUNCTION:
+CRYPTO_malloc                           2221	1_1_0	EXIST::FUNCTION:
+ERR_load_ASN1_strings                   2222	1_1_0	EXIST::FUNCTION:
+X509_REQ_get_extension_nids             2223	1_1_0	EXIST::FUNCTION:
+TS_REQ_get_ext_by_OBJ                   2224	1_1_0	EXIST::FUNCTION:TS
+i2d_X509                                2225	1_1_0	EXIST::FUNCTION:
+PEM_read_X509_AUX                       2226	1_1_0	EXIST::FUNCTION:STDIO
+TS_VERIFY_CTX_set_flags                 2227	1_1_0	EXIST::FUNCTION:TS
+IPAddressRange_new                      2228	1_1_0	EXIST::FUNCTION:RFC3779
+TS_REQ_get_exts                         2229	1_1_0	EXIST::FUNCTION:TS
+POLICY_CONSTRAINTS_new                  2230	1_1_0	EXIST::FUNCTION:
+OTHERNAME_new                           2231	1_1_0	EXIST::FUNCTION:
+BN_rshift                               2232	1_1_0	EXIST::FUNCTION:
+i2d_GENERAL_NAMES                       2233	1_1_0	EXIST::FUNCTION:
+EC_METHOD_get_field_type                2234	1_1_0	EXIST::FUNCTION:EC
+ENGINE_set_name                         2235	1_1_0	EXIST::FUNCTION:ENGINE
+TS_TST_INFO_get_policy_id               2236	1_1_0	EXIST::FUNCTION:TS
+PKCS7_SIGNER_INFO_set                   2237	1_1_0	EXIST::FUNCTION:
+PEM_write_bio_PKCS8_PRIV_KEY_INFO       2238	1_1_0	EXIST::FUNCTION:
+EC_GROUP_set_curve_GF2m                 2239	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_2_0,EC,EC2M
+ENGINE_load_builtin_engines             2240	1_1_0	EXIST::FUNCTION:ENGINE
+SRP_VBASE_init                          2241	1_1_0	EXIST::FUNCTION:SRP
+SHA224_Final                            2242	1_1_0	EXIST::FUNCTION:
+OCSP_CERTSTATUS_free                    2243	1_1_0	EXIST::FUNCTION:OCSP
+d2i_TS_TST_INFO                         2244	1_1_0	EXIST::FUNCTION:TS
+IPAddressOrRange_it                     2245	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+IPAddressOrRange_it                     2245	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+ENGINE_get_cipher                       2246	1_1_0	EXIST::FUNCTION:ENGINE
+TS_TST_INFO_delete_ext                  2247	1_1_0	EXIST::FUNCTION:TS
+TS_OBJ_print_bio                        2248	1_1_0	EXIST::FUNCTION:TS
+X509_time_adj_ex                        2249	1_1_0	EXIST::FUNCTION:
+OCSP_request_add1_cert                  2250	1_1_0	EXIST::FUNCTION:OCSP
+ERR_load_X509_strings                   2251	1_1_0	EXIST::FUNCTION:
+SHA1_Transform                          2252	1_1_0	EXIST::FUNCTION:
+CMS_signed_get_attr_by_NID              2253	1_1_0	EXIST::FUNCTION:CMS
+X509_STORE_CTX_get_by_subject           2254	1_1_0	EXIST::FUNCTION:
+ASN1_OCTET_STRING_it                    2255	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_OCTET_STRING_it                    2255	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OPENSSL_sk_set_cmp_func                 2256	1_1_0	EXIST::FUNCTION:
+X509_VERIFY_PARAM_table_cleanup         2257	1_1_0	EXIST::FUNCTION:
+i2d_re_X509_REQ_tbs                     2258	1_1_0	EXIST::FUNCTION:
+CONF_load_bio                           2259	1_1_0	EXIST::FUNCTION:
+X509_ATTRIBUTE_get0_object              2260	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_missing_parameters             2261	1_1_0	EXIST::FUNCTION:
+X509_REQ_INFO_new                       2262	1_1_0	EXIST::FUNCTION:
+EVP_rc2_cfb64                           2263	1_1_0	EXIST::FUNCTION:RC2
+PKCS7_get_smimecap                      2264	1_1_0	EXIST::FUNCTION:
+ERR_get_state                           2265	1_1_0	EXIST::FUNCTION:
+d2i_DSAPrivateKey_bio                   2266	1_1_0	EXIST::FUNCTION:DSA
+X509_PURPOSE_get_trust                  2267	1_1_0	EXIST::FUNCTION:
+EC_GROUP_get_point_conversion_form      2268	1_1_0	EXIST::FUNCTION:EC
+ASN1_OBJECT_it                          2269	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_OBJECT_it                          2269	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+BN_mod_add_quick                        2270	1_1_0	EXIST::FUNCTION:
+NCONF_free                              2271	1_1_0	EXIST::FUNCTION:
+NETSCAPE_SPKI_b64_decode                2272	1_1_0	EXIST::FUNCTION:
+BIO_f_md                                2273	1_1_0	EXIST::FUNCTION:
+EVP_MD_CTX_pkey_ctx                     2274	1_1_0	EXIST::FUNCTION:
+ENGINE_set_default_EC                   2275	1_1_0	EXIST::FUNCTION:ENGINE
+CMS_ReceiptRequest_free                 2276	1_1_0	EXIST::FUNCTION:CMS
+TS_STATUS_INFO_get0_text                2277	1_1_0	EXIST::FUNCTION:TS
+CRYPTO_get_ex_new_index                 2278	1_1_0	EXIST::FUNCTION:
+ASN1_PCTX_set_flags                     2279	1_1_0	EXIST::FUNCTION:
+PEM_write_X509_CRL                      2280	1_1_0	EXIST::FUNCTION:STDIO
+BF_cbc_encrypt                          2281	1_1_0	EXIST::FUNCTION:BF
+BN_num_bits_word                        2282	1_1_0	EXIST::FUNCTION:
+EVP_DecodeInit                          2283	1_1_0	EXIST::FUNCTION:
+BN_ucmp                                 2284	1_1_0	EXIST::FUNCTION:
+SXNET_get_id_asc                        2285	1_1_0	EXIST::FUNCTION:
+SCT_set1_extensions                     2286	1_1_0	EXIST::FUNCTION:CT
+PKCS12_SAFEBAG_new                      2287	1_1_0	EXIST::FUNCTION:
+TS_TST_INFO_set_nonce                   2288	1_1_0	EXIST::FUNCTION:TS
+PEM_read_ECPrivateKey                   2289	1_1_0	EXIST::FUNCTION:EC,STDIO
+RSA_free                                2290	1_1_0	EXIST::FUNCTION:RSA
+X509_CRL_INFO_new                       2291	1_1_0	EXIST::FUNCTION:
+AES_cfb8_encrypt                        2292	1_1_0	EXIST::FUNCTION:
+d2i_ASN1_SEQUENCE_ANY                   2293	1_1_0	EXIST::FUNCTION:
+PKCS12_create                           2294	1_1_0	EXIST::FUNCTION:
+X509at_get_attr_count                   2295	1_1_0	EXIST::FUNCTION:
+PKCS12_init                             2296	1_1_0	EXIST::FUNCTION:
+CRYPTO_free_ex_data                     2297	1_1_0	EXIST::FUNCTION:
+EVP_aes_128_cfb8                        2298	1_1_0	EXIST::FUNCTION:
+ESS_ISSUER_SERIAL_free                  2299	1_1_0	EXIST::FUNCTION:TS
+BN_mod_exp_mont_word                    2300	1_1_0	EXIST::FUNCTION:
+X509V3_EXT_nconf_nid                    2301	1_1_0	EXIST::FUNCTION:
+UTF8_putc                               2302	1_1_0	EXIST::FUNCTION:
+RSA_private_encrypt                     2303	1_1_0	EXIST::FUNCTION:RSA
+X509_LOOKUP_shutdown                    2304	1_1_0	EXIST::FUNCTION:
+TS_TST_INFO_set_accuracy                2305	1_1_0	EXIST::FUNCTION:TS
+OCSP_basic_verify                       2306	1_1_0	EXIST::FUNCTION:OCSP
+X509at_add1_attr_by_OBJ                 2307	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_asn1_add0                      2308	1_1_0	EXIST::FUNCTION:
+PKCS12_SAFEBAG_get1_crl                 2309	1_1_0	EXIST::FUNCTION:
+ASN1_STRING_get_default_mask            2310	1_1_0	EXIST::FUNCTION:
+X509_alias_set1                         2311	1_1_0	EXIST::FUNCTION:
+ASN1_item_unpack                        2312	1_1_0	EXIST::FUNCTION:
+HMAC_CTX_free                           2313	1_1_0	EXIST::FUNCTION:
+EC_POINT_new                            2314	1_1_0	EXIST::FUNCTION:EC
+PKCS7_ISSUER_AND_SERIAL_digest          2315	1_1_0	EXIST::FUNCTION:
+EVP_des_ofb                             2316	1_1_0	EXIST::FUNCTION:DES
+DSA_set_method                          2317	1_1_0	EXIST::FUNCTION:DSA
+EVP_PKEY_get1_RSA                       2318	1_1_0	EXIST::FUNCTION:RSA
+EC_KEY_OpenSSL                          2319	1_1_0	EXIST::FUNCTION:EC
+EVP_camellia_192_ofb                    2320	1_1_0	EXIST::FUNCTION:CAMELLIA
+ASN1_STRING_length                      2321	1_1_0	EXIST::FUNCTION:
+PKCS7_set_digest                        2322	1_1_0	EXIST::FUNCTION:
+PEM_write_bio_PUBKEY                    2323	1_1_0	EXIST::FUNCTION:
+PEM_read_PKCS7                          2324	1_1_0	EXIST::FUNCTION:STDIO
+DH_get_2048_256                         2325	1_1_0	EXIST::FUNCTION:DH
+X509at_delete_attr                      2326	1_1_0	EXIST::FUNCTION:
+PEM_write_bio                           2327	1_1_0	EXIST::FUNCTION:
+CMS_signed_get_attr_by_OBJ              2329	1_1_0	EXIST::FUNCTION:CMS
+X509_REVOKED_add_ext                    2330	1_1_0	EXIST::FUNCTION:
+EVP_CipherUpdate                        2331	1_1_0	EXIST::FUNCTION:
+Camellia_cfb8_encrypt                   2332	1_1_0	EXIST::FUNCTION:CAMELLIA
+EVP_aes_256_xts                         2333	1_1_0	EXIST::FUNCTION:
+EVP_DigestSignFinal                     2334	1_1_0	EXIST::FUNCTION:
+ASN1_STRING_cmp                         2335	1_1_0	EXIST::FUNCTION:
+EVP_chacha20_poly1305                   2336	1_1_0	EXIST::FUNCTION:CHACHA,POLY1305
+OPENSSL_sk_zero                         2337	1_1_0	EXIST::FUNCTION:
+ASN1_PRINTABLE_type                     2338	1_1_0	EXIST::FUNCTION:
+TS_CONF_set_ess_cert_id_chain           2339	1_1_0	EXIST::FUNCTION:TS
+PEM_read_DSAPrivateKey                  2340	1_1_0	EXIST::FUNCTION:DSA,STDIO
+DH_generate_parameters_ex               2341	1_1_0	EXIST::FUNCTION:DH
+UI_dup_input_string                     2342	1_1_0	EXIST::FUNCTION:
+X509_keyid_set1                         2343	1_1_0	EXIST::FUNCTION:
+X509_VERIFY_PARAM_set1                  2344	1_1_0	EXIST::FUNCTION:
+EC_GROUP_get_asn1_flag                  2345	1_1_0	EXIST::FUNCTION:EC
+CMS_decrypt_set1_password               2346	1_1_0	EXIST::FUNCTION:CMS
+BIO_copy_next_retry                     2347	1_1_0	EXIST::FUNCTION:
+X509_POLICY_NODE_print                  2348	1_1_0	EXIST::FUNCTION:
+ASN1_TIME_diff                          2349	1_1_0	EXIST::FUNCTION:
+BIO_s_fd                                2350	1_1_0	EXIST::FUNCTION:
+i2d_CMS_bio                             2351	1_1_0	EXIST::FUNCTION:CMS
+CRYPTO_gcm128_decrypt                   2352	1_1_0	EXIST::FUNCTION:
+EVP_aes_256_ctr                         2353	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_bits                           2354	1_1_0	EXIST::FUNCTION:
+BN_BLINDING_new                         2355	1_1_0	EXIST::FUNCTION:
+ASN1_GENERALIZEDTIME_check              2356	1_1_0	EXIST::FUNCTION:
+BN_clear_bit                            2357	1_1_0	EXIST::FUNCTION:
+BN_bn2lebinpad                          2358	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_up_ref                         2359	1_1_0	EXIST::FUNCTION:
+X509_getm_notBefore                     2360	1_1_0	EXIST::FUNCTION:
+BN_nist_mod_224                         2361	1_1_0	EXIST::FUNCTION:
+DES_decrypt3                            2362	1_1_0	EXIST::FUNCTION:DES
+OTHERNAME_it                            2363	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OTHERNAME_it                            2363	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509at_add1_attr_by_txt                 2364	1_1_0	EXIST::FUNCTION:
+PKCS7_SIGN_ENVELOPE_free                2365	1_1_0	EXIST::FUNCTION:
+BIO_dgram_is_sctp                       2366	1_1_0	EXIST::FUNCTION:DGRAM,SCTP
+DH_check                                2367	1_1_0	EXIST::FUNCTION:DH
+Camellia_set_key                        2368	1_1_0	EXIST::FUNCTION:CAMELLIA
+X509_LOOKUP_by_issuer_serial            2369	1_1_0	EXIST::FUNCTION:
+ASN1_BMPSTRING_free                     2370	1_1_0	EXIST::FUNCTION:
+BIO_new_accept                          2371	1_1_0	EXIST::FUNCTION:SOCK
+GENERAL_NAME_new                        2372	1_1_0	EXIST::FUNCTION:
+DES_encrypt3                            2373	1_1_0	EXIST::FUNCTION:DES
+PKCS7_get_signer_info                   2374	1_1_0	EXIST::FUNCTION:
+ASN1_OCTET_STRING_set                   2375	1_1_0	EXIST::FUNCTION:
+BN_mask_bits                            2376	1_1_0	EXIST::FUNCTION:
+ASN1_UTF8STRING_it                      2377	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_UTF8STRING_it                      2377	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_SCTX_set_app_data                  2378	1_1_0	EXIST::FUNCTION:
+CMS_add0_cert                           2379	1_1_0	EXIST::FUNCTION:CMS
+i2d_GENERAL_NAME                        2380	1_1_0	EXIST::FUNCTION:
+BIO_ADDR_new                            2381	1_1_0	EXIST::FUNCTION:SOCK
+ENGINE_get_pkey_asn1_meth_engine        2382	1_1_0	EXIST::FUNCTION:ENGINE
+d2i_ASN1_BMPSTRING                      2383	1_1_0	EXIST::FUNCTION:
+PKCS12_SAFEBAG_create0_p8inf            2384	1_1_0	EXIST::FUNCTION:
+OBJ_cmp                                 2385	1_1_0	EXIST::FUNCTION:
+MD2                                     2386	1_1_0	EXIST::FUNCTION:MD2
+X509_PUBKEY_new                         2387	1_1_0	EXIST::FUNCTION:
+BN_CTX_end                              2388	1_1_0	EXIST::FUNCTION:
+BIO_get_retry_BIO                       2389	1_1_0	EXIST::FUNCTION:
+X509_REQ_add1_attr_by_OBJ               2390	1_1_0	EXIST::FUNCTION:
+ASN1_item_ex_free                       2391	1_1_0	EXIST::FUNCTION:
+X509_SIG_new                            2392	1_1_0	EXIST::FUNCTION:
+BN_sqr                                  2393	1_1_0	EXIST::FUNCTION:
+TS_TST_INFO_set_time                    2394	1_1_0	EXIST::FUNCTION:TS
+OPENSSL_die                             2395	1_1_0	EXIST::FUNCTION:
+X509_LOOKUP_by_alias                    2396	1_1_0	EXIST::FUNCTION:
+EC_KEY_set_conv_form                    2397	1_1_0	EXIST::FUNCTION:EC
+X509_TRUST_get_count                    2399	1_1_0	EXIST::FUNCTION:
+IPAddressOrRange_free                   2400	1_1_0	EXIST::FUNCTION:RFC3779
+RSA_padding_add_PKCS1_OAEP              2401	1_1_0	EXIST::FUNCTION:RSA
+EC_KEY_set_ex_data                      2402	1_1_0	EXIST::FUNCTION:EC
+SRP_VBASE_new                           2403	1_1_0	EXIST::FUNCTION:SRP
+i2d_ECDSA_SIG                           2404	1_1_0	EXIST::FUNCTION:EC
+BIO_dump_indent                         2405	1_1_0	EXIST::FUNCTION:
+ENGINE_set_pkey_asn1_meths              2406	1_1_0	EXIST::FUNCTION:ENGINE
+OPENSSL_gmtime_diff                     2407	1_1_0	EXIST::FUNCTION:
+TS_CONF_set_crypto_device               2408	1_1_0	EXIST::FUNCTION:ENGINE,TS
+COMP_CTX_get_method                     2409	1_1_0	EXIST::FUNCTION:COMP
+EC_GROUP_get_cofactor                   2410	1_1_0	EXIST::FUNCTION:EC
+EVP_rc5_32_12_16_ofb                    2411	1_1_0	EXIST::FUNCTION:RC5
+EVP_MD_CTX_md_data                      2412	1_1_0	EXIST::FUNCTION:
+ASN1_PCTX_set_nm_flags                  2413	1_1_0	EXIST::FUNCTION:
+BIO_ctrl                                2414	1_1_0	EXIST::FUNCTION:
+X509_CRL_set_default_method             2415	1_1_0	EXIST::FUNCTION:
+d2i_RSAPublicKey_fp                     2417	1_1_0	EXIST::FUNCTION:RSA,STDIO
+UI_method_get_flusher                   2418	1_1_0	EXIST::FUNCTION:
+EC_POINT_dbl                            2419	1_1_0	EXIST::FUNCTION:EC
+i2d_X509_CRL_INFO                       2420	1_1_0	EXIST::FUNCTION:
+i2d_OCSP_CERTSTATUS                     2421	1_1_0	EXIST::FUNCTION:OCSP
+X509_REVOKED_get0_revocationDate        2422	1_1_0	EXIST::FUNCTION:
+PKCS7_add_crl                           2423	1_1_0	EXIST::FUNCTION:
+ECDSA_do_sign                           2424	1_1_0	EXIST::FUNCTION:EC
+ASN1_GENERALIZEDTIME_it                 2425	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_GENERALIZEDTIME_it                 2425	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PKCS8_pkey_get0                         2426	1_1_0	EXIST::FUNCTION:
+OCSP_sendreq_new                        2427	1_1_0	EXIST::FUNCTION:OCSP
+EVP_aes_256_cfb128                      2428	1_1_0	EXIST::FUNCTION:
+RSA_set_ex_data                         2429	1_1_0	EXIST::FUNCTION:RSA
+BN_GENCB_call                           2430	1_1_0	EXIST::FUNCTION:
+X509V3_EXT_add_nconf_sk                 2431	1_1_0	EXIST::FUNCTION:
+i2d_TS_MSG_IMPRINT_fp                   2432	1_1_0	EXIST::FUNCTION:STDIO,TS
+PKCS12_new                              2433	1_1_0	EXIST::FUNCTION:
+X509_REVOKED_set_serialNumber           2434	1_1_0	EXIST::FUNCTION:
+EVP_get_digestbyname                    2435	1_1_0	EXIST::FUNCTION:
+X509_CRL_get_lastUpdate                 2436	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0
+OBJ_create_objects                      2437	1_1_0	EXIST::FUNCTION:
+EVP_enc_null                            2438	1_1_0	EXIST::FUNCTION:
+OCSP_ONEREQ_get_ext_by_critical         2439	1_1_0	EXIST::FUNCTION:OCSP
+OCSP_request_onereq_count               2440	1_1_0	EXIST::FUNCTION:OCSP
+BN_hex2bn                               2441	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_meth_set_impl_ctx_size       2442	1_1_0	EXIST::FUNCTION:
+ASIdentifiers_new                       2443	1_1_0	EXIST::FUNCTION:RFC3779
+CONF_imodule_get_flags                  2444	1_1_0	EXIST::FUNCTION:
+PKCS12_SAFEBAG_it                       2445	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS12_SAFEBAG_it                       2445	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_CIPHER_meth_set_set_asn1_params     2446	1_1_0	EXIST::FUNCTION:
+EC_KEY_get_enc_flags                    2447	1_1_0	EXIST::FUNCTION:EC
+X509_OBJECT_idx_by_subject              2448	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_meth_copy                      2449	1_1_0	EXIST::FUNCTION:
+NETSCAPE_CERT_SEQUENCE_new              2450	1_1_0	EXIST::FUNCTION:
+CRYPTO_ocb128_decrypt                   2451	1_1_0	EXIST::FUNCTION:OCB
+ASYNC_WAIT_CTX_free                     2452	1_1_0	EXIST::FUNCTION:
+d2i_PKCS7_DIGEST                        2453	1_1_0	EXIST::FUNCTION:
+d2i_TS_TST_INFO_bio                     2454	1_1_0	EXIST::FUNCTION:TS
+BIGNUM_it                               2455	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+BIGNUM_it                               2455	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+BN_BLINDING_get_flags                   2456	1_1_0	EXIST::FUNCTION:
+X509_EXTENSION_get_critical             2457	1_1_0	EXIST::FUNCTION:
+DSA_set_default_method                  2458	1_1_0	EXIST::FUNCTION:DSA
+PEM_write_bio_DHxparams                 2459	1_1_0	EXIST::FUNCTION:DH
+DSA_set_ex_data                         2460	1_1_0	EXIST::FUNCTION:DSA
+BIO_s_datagram_sctp                     2461	1_1_0	EXIST::FUNCTION:DGRAM,SCTP
+SXNET_add_id_asc                        2462	1_1_0	EXIST::FUNCTION:
+X509_print_fp                           2463	1_1_0	EXIST::FUNCTION:STDIO
+TS_REQ_set_version                      2464	1_1_0	EXIST::FUNCTION:TS
+OCSP_REQINFO_new                        2465	1_1_0	EXIST::FUNCTION:OCSP
+Camellia_decrypt                        2466	1_1_0	EXIST::FUNCTION:CAMELLIA
+X509_signature_print                    2467	1_1_0	EXIST::FUNCTION:
+EVP_camellia_128_ecb                    2468	1_1_0	EXIST::FUNCTION:CAMELLIA
+MD2_Final                               2469	1_1_0	EXIST::FUNCTION:MD2
+OCSP_REQ_CTX_add1_header                2470	1_1_0	EXIST::FUNCTION:OCSP
+NETSCAPE_SPKAC_it                       2471	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+NETSCAPE_SPKAC_it                       2471	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASIdOrRange_free                        2472	1_1_0	EXIST::FUNCTION:RFC3779
+EC_POINT_get_Jprojective_coordinates_GFp 2473	1_1_0	EXIST::FUNCTION:EC
+EVP_aes_128_cbc_hmac_sha256             2474	1_1_0	EXIST::FUNCTION:
+i2d_PKCS7_SIGNED                        2475	1_1_0	EXIST::FUNCTION:
+TS_VERIFY_CTX_set_data                  2476	1_1_0	EXIST::FUNCTION:TS
+BN_pseudo_rand_range                    2477	1_1_0	EXIST::FUNCTION:
+X509V3_EXT_add_nconf                    2478	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_CTX_ctrl                     2479	1_1_0	EXIST::FUNCTION:
+ASN1_T61STRING_it                       2480	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_T61STRING_it                       2480	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_get_prev                         2481	1_1_0	EXIST::FUNCTION:ENGINE
+OCSP_accept_responses_new               2482	1_1_0	EXIST::FUNCTION:OCSP
+ERR_load_EC_strings                     2483	1_1_0	EXIST::FUNCTION:EC
+X509V3_string_free                      2484	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_meth_set_paramgen              2485	1_1_0	EXIST::FUNCTION:
+ENGINE_set_load_ssl_client_cert_function 2486	1_1_0	EXIST::FUNCTION:ENGINE
+EVP_ENCODE_CTX_free                     2487	1_1_0	EXIST::FUNCTION:
+i2d_ASN1_BIT_STRING                     2488	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_meth_set_verifyctx             2489	1_1_0	EXIST::FUNCTION:
+X509_TRUST_add                          2490	1_1_0	EXIST::FUNCTION:
+BUF_MEM_free                            2491	1_1_0	EXIST::FUNCTION:
+TS_TST_INFO_get_accuracy                2492	1_1_0	EXIST::FUNCTION:TS
+TS_REQ_dup                              2493	1_1_0	EXIST::FUNCTION:TS
+ASN1_STRING_type_new                    2494	1_1_0	EXIST::FUNCTION:
+TS_STATUS_INFO_free                     2495	1_1_0	EXIST::FUNCTION:TS
+BN_mod_mul                              2496	1_1_0	EXIST::FUNCTION:
+CMS_add0_recipient_key                  2497	1_1_0	EXIST::FUNCTION:CMS
+BIO_f_zlib                              2498	1_1_0	EXIST:ZLIB:FUNCTION:COMP
+AES_cfb128_encrypt                      2499	1_1_0	EXIST::FUNCTION:
+ENGINE_set_EC                           2500	1_1_0	EXIST::FUNCTION:ENGINE
+d2i_ECPKParameters                      2501	1_1_0	EXIST::FUNCTION:EC
+IDEA_ofb64_encrypt                      2502	1_1_0	EXIST::FUNCTION:IDEA
+CAST_decrypt                            2503	1_1_0	EXIST::FUNCTION:CAST
+TS_STATUS_INFO_get0_failure_info        2504	1_1_0	EXIST::FUNCTION:TS
+ENGINE_unregister_pkey_meths            2506	1_1_0	EXIST::FUNCTION:ENGINE
+DISPLAYTEXT_new                         2507	1_1_0	EXIST::FUNCTION:
+CMS_final                               2508	1_1_0	EXIST::FUNCTION:CMS
+BIO_nwrite                              2509	1_1_0	EXIST::FUNCTION:
+GENERAL_NAME_free                       2510	1_1_0	EXIST::FUNCTION:
+PKCS12_pack_p7encdata                   2511	1_1_0	EXIST::FUNCTION:
+BN_generate_dsa_nonce                   2512	1_1_0	EXIST::FUNCTION:
+X509_verify_cert                        2513	1_1_0	EXIST::FUNCTION:
+X509_policy_level_get0_node             2514	1_1_0	EXIST::FUNCTION:
+X509_REQ_get_attr                       2515	1_1_0	EXIST::FUNCTION:
+SHA1                                    2516	1_1_0	EXIST::FUNCTION:
+X509_print                              2517	1_1_0	EXIST::FUNCTION:
+d2i_AutoPrivateKey                      2518	1_1_0	EXIST::FUNCTION:
+X509_REQ_new                            2519	1_1_0	EXIST::FUNCTION:
+PKCS12_add_safes                        2520	1_1_0	EXIST::FUNCTION:
+PKCS12_parse                            2521	1_1_0	EXIST::FUNCTION:
+BN_GF2m_mod_div                         2522	1_1_0	EXIST::FUNCTION:EC2M
+i2d_USERNOTICE                          2523	1_1_0	EXIST::FUNCTION:
+d2i_NETSCAPE_SPKI                       2524	1_1_0	EXIST::FUNCTION:
+CRYPTO_mem_leaks                        2525	1_1_0	EXIST::FUNCTION:CRYPTO_MDEBUG
+BN_get_rfc3526_prime_1536               2526	1_1_0	EXIST::FUNCTION:
+DSA_sign                                2527	1_1_0	EXIST::FUNCTION:DSA
+RAND_egd                                2528	1_1_0	EXIST::FUNCTION:EGD
+ASN1_d2i_bio                            2529	1_1_0	EXIST::FUNCTION:
+X509_REQ_digest                         2531	1_1_0	EXIST::FUNCTION:
+X509_set1_notAfter                      2532	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_type                         2533	1_1_0	EXIST::FUNCTION:
+ASN1_TYPE_set_octetstring               2534	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_asn1_set_free                  2535	1_1_0	EXIST::FUNCTION:
+CMS_signed_get0_data_by_OBJ             2536	1_1_0	EXIST::FUNCTION:CMS
+X509_PURPOSE_add                        2537	1_1_0	EXIST::FUNCTION:
+PKCS7_ENVELOPE_free                     2538	1_1_0	EXIST::FUNCTION:
+PKCS12_key_gen_uni                      2539	1_1_0	EXIST::FUNCTION:
+WHIRLPOOL                               2540	1_1_0	EXIST::FUNCTION:WHIRLPOOL
+UI_set_default_method                   2542	1_1_0	EXIST::FUNCTION:
+EC_POINT_is_at_infinity                 2543	1_1_0	EXIST::FUNCTION:EC
+i2d_NOTICEREF                           2544	1_1_0	EXIST::FUNCTION:
+EC_KEY_new                              2545	1_1_0	EXIST::FUNCTION:EC
+EVP_chacha20                            2546	1_1_0	EXIST::FUNCTION:CHACHA
+BN_bn2dec                               2547	1_1_0	EXIST::FUNCTION:
+X509_REQ_print_ex                       2548	1_1_0	EXIST::FUNCTION:
+PEM_read_CMS                            2549	1_1_0	EXIST::FUNCTION:CMS,STDIO
+d2i_NETSCAPE_CERT_SEQUENCE              2550	1_1_0	EXIST::FUNCTION:
+X509_CRL_set_version                    2551	1_1_0	EXIST::FUNCTION:
+ASN1_PCTX_set_cert_flags                2552	1_1_0	EXIST::FUNCTION:
+PKCS8_PRIV_KEY_INFO_free                2553	1_1_0	EXIST::FUNCTION:
+SHA224_Update                           2554	1_1_0	EXIST::FUNCTION:
+EC_GROUP_new_by_curve_name              2555	1_1_0	EXIST::FUNCTION:EC
+X509_STORE_set_purpose                  2556	1_1_0	EXIST::FUNCTION:
+X509_CRL_get0_signature                 2557	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_get_keygen_info            2558	1_1_0	EXIST::FUNCTION:
+d2i_ASN1_UINTEGER                       2559	1_1_0	EXIST::FUNCTION:
+i2s_ASN1_INTEGER                        2560	1_1_0	EXIST::FUNCTION:
+d2i_EC_PUBKEY_fp                        2561	1_1_0	EXIST::FUNCTION:EC,STDIO
+i2d_OCSP_SIGNATURE                      2562	1_1_0	EXIST::FUNCTION:OCSP
+i2d_X509_EXTENSION                      2563	1_1_0	EXIST::FUNCTION:
+PEM_read_bio_X509                       2564	1_1_0	EXIST::FUNCTION:
+DES_key_sched                           2565	1_1_0	EXIST::FUNCTION:DES
+GENERAL_NAME_dup                        2566	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get1_crls                2567	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_meth_set_verify                2568	1_1_0	EXIST::FUNCTION:
+EVP_sha256                              2569	1_1_0	EXIST::FUNCTION:
+CMS_unsigned_delete_attr                2570	1_1_0	EXIST::FUNCTION:CMS
+EVP_md5_sha1                            2571	1_1_0	EXIST::FUNCTION:MD5
+EVP_PKEY_sign_init                      2572	1_1_0	EXIST::FUNCTION:
+OPENSSL_LH_insert                       2573	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_meth_get_cleanup             2574	1_1_0	EXIST::FUNCTION:
+ASN1_item_ex_d2i                        2575	1_1_0	EXIST::FUNCTION:
+EVP_MD_meth_free                        2576	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_meth_new                       2577	1_1_0	EXIST::FUNCTION:
+RSA_padding_check_PKCS1_OAEP            2578	1_1_0	EXIST::FUNCTION:RSA
+OCSP_SERVICELOC_it                      2579	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP
+OCSP_SERVICELOC_it                      2579	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP
+PKCS12_SAFEBAG_get_nid                  2580	1_1_0	EXIST::FUNCTION:
+EVP_MD_CTX_set_update_fn                2581	1_1_0	EXIST::FUNCTION:
+BIO_f_asn1                              2582	1_1_0	EXIST::FUNCTION:
+BIO_dump                                2583	1_1_0	EXIST::FUNCTION:
+ENGINE_load_ssl_client_cert             2584	1_1_0	EXIST::FUNCTION:ENGINE
+X509_STORE_CTX_set_verify_cb            2585	1_1_0	EXIST::FUNCTION:
+CRYPTO_clear_realloc                    2586	1_1_0	EXIST::FUNCTION:
+OPENSSL_strnlen                         2587	1_1_0	EXIST::FUNCTION:
+IDEA_ecb_encrypt                        2588	1_1_0	EXIST::FUNCTION:IDEA
+ASN1_STRING_set_default_mask            2589	1_1_0	EXIST::FUNCTION:
+TS_VERIFY_CTX_add_flags                 2590	1_1_0	EXIST::FUNCTION:TS
+FIPS_mode                               2591	1_1_0	EXIST::FUNCTION:
+d2i_ASN1_UNIVERSALSTRING                2592	1_1_0	EXIST::FUNCTION:
+NAME_CONSTRAINTS_free                   2593	1_1_0	EXIST::FUNCTION:
+EC_GROUP_get_order                      2594	1_1_0	EXIST::FUNCTION:EC
+X509_REVOKED_add1_ext_i2d               2595	1_1_0	EXIST::FUNCTION:
+X509_VERIFY_PARAM_add1_host             2596	1_1_0	EXIST::FUNCTION:
+i2d_PUBKEY_bio                          2597	1_1_0	EXIST::FUNCTION:
+MD4_Update                              2598	1_1_0	EXIST::FUNCTION:MD4
+X509_STORE_CTX_set_time                 2599	1_1_0	EXIST::FUNCTION:
+ENGINE_set_default_DH                   2600	1_1_0	EXIST::FUNCTION:ENGINE
+X509_ocspid_print                       2601	1_1_0	EXIST::FUNCTION:
+DH_set_method                           2602	1_1_0	EXIST::FUNCTION:DH
+EVP_rc2_64_cbc                          2603	1_1_0	EXIST::FUNCTION:RC2
+CRYPTO_THREAD_get_current_id            2604	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_cb                     2605	1_1_0	EXIST::FUNCTION:
+PROXY_POLICY_it                         2606	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PROXY_POLICY_it                         2606	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_register_complete                2607	1_1_0	EXIST::FUNCTION:ENGINE
+EVP_DecodeUpdate                        2609	1_1_0	EXIST::FUNCTION:
+ENGINE_get_default_RAND                 2610	1_1_0	EXIST::FUNCTION:ENGINE
+ERR_peek_last_error_line                2611	1_1_0	EXIST::FUNCTION:
+ENGINE_get_ssl_client_cert_function     2612	1_1_0	EXIST::FUNCTION:ENGINE
+OPENSSL_LH_node_usage_stats             2613	1_1_0	EXIST::FUNCTION:STDIO
+DIRECTORYSTRING_it                      2614	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+DIRECTORYSTRING_it                      2614	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+BIO_write                               2615	1_1_0	EXIST::FUNCTION:
+OCSP_ONEREQ_get_ext_by_OBJ              2616	1_1_0	EXIST::FUNCTION:OCSP
+SEED_encrypt                            2617	1_1_0	EXIST::FUNCTION:SEED
+IPAddressRange_it                       2618	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+IPAddressRange_it                       2618	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+PEM_read_bio_DSAPrivateKey              2619	1_1_0	EXIST::FUNCTION:DSA
+CMS_get0_type                           2620	1_1_0	EXIST::FUNCTION:CMS
+ASN1_PCTX_free                          2621	1_1_0	EXIST::FUNCTION:
+ESS_SIGNING_CERT_new                    2622	1_1_0	EXIST::FUNCTION:TS
+X509V3_EXT_conf_nid                     2623	1_1_0	EXIST::FUNCTION:
+EC_KEY_check_key                        2624	1_1_0	EXIST::FUNCTION:EC
+PKCS5_PBKDF2_HMAC                       2625	1_1_0	EXIST::FUNCTION:
+CONF_get_section                        2626	1_1_0	EXIST::FUNCTION:
+CMS_RecipientInfo_kari_decrypt          2627	1_1_0	EXIST::FUNCTION:CMS
+OBJ_add_sigid                           2628	1_1_0	EXIST::FUNCTION:
+d2i_SXNETID                             2629	1_1_0	EXIST::FUNCTION:
+CMS_get1_certs                          2630	1_1_0	EXIST::FUNCTION:CMS
+X509_CRL_check_suiteb                   2631	1_1_0	EXIST::FUNCTION:
+PKCS7_ENVELOPE_it                       2632	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_ENVELOPE_it                       2632	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASIdentifierChoice_it                   2633	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+ASIdentifierChoice_it                   2633	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+CMS_RecipientEncryptedKey_cert_cmp      2634	1_1_0	EXIST::FUNCTION:CMS
+EVP_PKEY_CTX_get_app_data               2635	1_1_0	EXIST::FUNCTION:
+EC_GROUP_clear_free                     2636	1_1_0	EXIST::FUNCTION:EC
+BN_get_rfc2409_prime_1024               2637	1_1_0	EXIST::FUNCTION:
+CRYPTO_set_mem_functions                2638	1_1_0	EXIST::FUNCTION:
+i2d_ASN1_VISIBLESTRING                  2639	1_1_0	EXIST::FUNCTION:
+d2i_PBKDF2PARAM                         2640	1_1_0	EXIST::FUNCTION:
+ERR_load_COMP_strings                   2641	1_1_0	EXIST::FUNCTION:COMP
+EVP_PKEY_meth_add0                      2642	1_1_0	EXIST::FUNCTION:
+EVP_rc4_40                              2643	1_1_0	EXIST::FUNCTION:RC4
+RSA_bits                                2645	1_1_0	EXIST::FUNCTION:RSA
+ASN1_item_dup                           2646	1_1_0	EXIST::FUNCTION:
+GENERAL_NAMES_it                        2647	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+GENERAL_NAMES_it                        2647	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_issuer_name_hash                   2648	1_1_0	EXIST::FUNCTION:
+TS_TST_INFO_get_nonce                   2649	1_1_0	EXIST::FUNCTION:TS
+MD4_Init                                2650	1_1_0	EXIST::FUNCTION:MD4
+X509_EXTENSION_create_by_OBJ            2651	1_1_0	EXIST::FUNCTION:
+EVP_aes_256_cbc_hmac_sha1               2652	1_1_0	EXIST::FUNCTION:
+SCT_validate                            2653	1_1_0	EXIST::FUNCTION:CT
+EC_GROUP_dup                            2654	1_1_0	EXIST::FUNCTION:EC
+EVP_sha1                                2655	1_1_0	EXIST::FUNCTION:
+OPENSSL_sk_new                          2656	1_1_0	EXIST::FUNCTION:
+BN_dup                                  2657	1_1_0	EXIST::FUNCTION:
+TS_MSG_IMPRINT_print_bio                2658	1_1_0	EXIST::FUNCTION:TS
+CONF_module_set_usr_data                2659	1_1_0	EXIST::FUNCTION:
+EC_KEY_generate_key                     2660	1_1_0	EXIST::FUNCTION:EC
+BIO_ctrl_get_write_guarantee            2661	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_assign                         2662	1_1_0	EXIST::FUNCTION:
+EVP_aes_128_ofb                         2663	1_1_0	EXIST::FUNCTION:
+CMS_data                                2664	1_1_0	EXIST::FUNCTION:CMS
+X509_load_cert_file                     2665	1_1_0	EXIST::FUNCTION:
+EC_GFp_nistp521_method                  2667	1_1_0	EXIST::FUNCTION:EC,EC_NISTP_64_GCC_128
+ECDSA_SIG_free                          2668	1_1_0	EXIST::FUNCTION:EC
+d2i_PKCS12_BAGS                         2669	1_1_0	EXIST::FUNCTION:
+RSA_public_encrypt                      2670	1_1_0	EXIST::FUNCTION:RSA
+X509_CRL_get0_extensions                2671	1_1_0	EXIST::FUNCTION:
+CMS_digest_verify                       2672	1_1_0	EXIST::FUNCTION:CMS
+ASN1_GENERALIZEDTIME_set                2673	1_1_0	EXIST::FUNCTION:
+TS_VERIFY_CTX_set_imprint               2674	1_1_0	EXIST::FUNCTION:TS
+BN_RECP_CTX_set                         2675	1_1_0	EXIST::FUNCTION:
+CRYPTO_secure_zalloc                    2676	1_1_0	EXIST::FUNCTION:
+i2d_EXTENDED_KEY_USAGE                  2677	1_1_0	EXIST::FUNCTION:
+PEM_write_bio_DSAparams                 2678	1_1_0	EXIST::FUNCTION:DSA
+X509_cmp_time                           2679	1_1_0	EXIST::FUNCTION:
+d2i_CMS_ReceiptRequest                  2680	1_1_0	EXIST::FUNCTION:CMS
+X509_CRL_INFO_it                        2681	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_CRL_INFO_it                        2681	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+BUF_reverse                             2682	1_1_0	EXIST::FUNCTION:
+d2i_OCSP_SIGNATURE                      2683	1_1_0	EXIST::FUNCTION:OCSP
+X509_REQ_delete_attr                    2684	1_1_0	EXIST::FUNCTION:
+TS_RESP_CTX_set_signer_cert             2685	1_1_0	EXIST::FUNCTION:TS
+X509V3_EXT_d2i                          2686	1_1_0	EXIST::FUNCTION:
+ASN1_GENERALSTRING_it                   2687	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_GENERALSTRING_it                   2687	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+POLICYQUALINFO_free                     2688	1_1_0	EXIST::FUNCTION:
+EC_KEY_set_group                        2689	1_1_0	EXIST::FUNCTION:EC
+OCSP_check_validity                     2690	1_1_0	EXIST::FUNCTION:OCSP
+PEM_write_ECPKParameters                2691	1_1_0	EXIST::FUNCTION:EC,STDIO
+X509_VERIFY_PARAM_lookup                2692	1_1_0	EXIST::FUNCTION:
+X509_LOOKUP_by_fingerprint              2693	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_meth_free                    2694	1_1_0	EXIST::FUNCTION:
+PKCS7_RECIP_INFO_new                    2695	1_1_0	EXIST::FUNCTION:
+d2i_ECPrivateKey_fp                     2696	1_1_0	EXIST::FUNCTION:EC,STDIO
+TS_CONF_set_ordering                    2697	1_1_0	EXIST::FUNCTION:TS
+X509_CRL_get_ext                        2698	1_1_0	EXIST::FUNCTION:
+X509_CRL_get_ext_by_OBJ                 2699	1_1_0	EXIST::FUNCTION:
+OCSP_basic_add1_cert                    2700	1_1_0	EXIST::FUNCTION:OCSP
+ASN1_PRINTABLESTRING_new                2701	1_1_0	EXIST::FUNCTION:
+i2d_PBEPARAM                            2702	1_1_0	EXIST::FUNCTION:
+NETSCAPE_SPKI_new                       2703	1_1_0	EXIST::FUNCTION:
+AES_options                             2704	1_1_0	EXIST::FUNCTION:
+POLICYINFO_free                         2705	1_1_0	EXIST::FUNCTION:
+PEM_read_bio_Parameters                 2706	1_1_0	EXIST::FUNCTION:
+BN_abs_is_word                          2707	1_1_0	EXIST::FUNCTION:
+BIO_set_callback_arg                    2708	1_1_0	EXIST::FUNCTION:
+CONF_modules_load_file                  2709	1_1_0	EXIST::FUNCTION:
+X509_trust_clear                        2710	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_CTX_test_flags               2711	1_1_0	EXIST::FUNCTION:
+PKCS12_BAGS_free                        2712	1_1_0	EXIST::FUNCTION:
+PEM_X509_INFO_read                      2713	1_1_0	EXIST::FUNCTION:STDIO
+d2i_DSAPrivateKey                       2714	1_1_0	EXIST::FUNCTION:DSA
+i2d_PKCS8_PRIV_KEY_INFO_fp              2715	1_1_0	EXIST::FUNCTION:STDIO
+TS_RESP_print_bio                       2716	1_1_0	EXIST::FUNCTION:TS
+X509_STORE_set_default_paths            2717	1_1_0	EXIST::FUNCTION:
+d2i_TS_REQ                              2718	1_1_0	EXIST::FUNCTION:TS
+i2d_TS_TST_INFO_bio                     2719	1_1_0	EXIST::FUNCTION:TS
+CMS_sign_receipt                        2720	1_1_0	EXIST::FUNCTION:CMS
+ENGINE_set_RAND                         2721	1_1_0	EXIST::FUNCTION:ENGINE
+X509_REVOKED_get_ext_by_OBJ             2722	1_1_0	EXIST::FUNCTION:
+SEED_decrypt                            2723	1_1_0	EXIST::FUNCTION:SEED
+PEM_write_PKCS8PrivateKey               2724	1_1_0	EXIST::FUNCTION:STDIO
+ENGINE_new                              2725	1_1_0	EXIST::FUNCTION:ENGINE
+X509_check_issued                       2726	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_CTX_iv_length                2727	1_1_0	EXIST::FUNCTION:
+DES_string_to_2keys                     2728	1_1_0	EXIST::FUNCTION:DES
+EVP_PKEY_copy_parameters                2729	1_1_0	EXIST::FUNCTION:
+CMS_ContentInfo_print_ctx               2730	1_1_0	EXIST::FUNCTION:CMS
+d2i_PKCS7_SIGNED                        2731	1_1_0	EXIST::FUNCTION:
+GENERAL_NAMES_free                      2732	1_1_0	EXIST::FUNCTION:
+SCT_get_timestamp                       2733	1_1_0	EXIST::FUNCTION:CT
+OCSP_SIGNATURE_it                       2734	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP
+OCSP_SIGNATURE_it                       2734	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP
+CMS_verify_receipt                      2735	1_1_0	EXIST::FUNCTION:CMS
+CRYPTO_THREAD_lock_new                  2736	1_1_0	EXIST::FUNCTION:
+BIO_get_ex_data                         2737	1_1_0	EXIST::FUNCTION:
+CMS_digest_create                       2738	1_1_0	EXIST::FUNCTION:CMS
+EC_KEY_METHOD_set_verify                2739	1_1_0	EXIST::FUNCTION:EC
+PEM_read_RSAPublicKey                   2740	1_1_0	EXIST::FUNCTION:RSA,STDIO
+ENGINE_pkey_asn1_find_str               2741	1_1_0	EXIST::FUNCTION:ENGINE
+ENGINE_get_load_privkey_function        2742	1_1_0	EXIST::FUNCTION:ENGINE
+d2i_IPAddressRange                      2743	1_1_0	EXIST::FUNCTION:RFC3779
+ERR_remove_state                        2744	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_0_0
+X509_CRL_print_fp                       2745	1_1_0	EXIST::FUNCTION:STDIO
+TS_CONF_load_key                        2746	1_1_0	EXIST::FUNCTION:TS
+d2i_OCSP_REQINFO                        2747	1_1_0	EXIST::FUNCTION:OCSP
+d2i_X509_CINF                           2748	1_1_0	EXIST::FUNCTION:
+OCSP_REQUEST_get_ext_by_critical        2749	1_1_0	EXIST::FUNCTION:OCSP
+X509_REQ_to_X509                        2750	1_1_0	EXIST::FUNCTION:
+EVP_aes_192_wrap_pad                    2751	1_1_0	EXIST::FUNCTION:
+PKCS7_SIGN_ENVELOPE_new                 2752	1_1_0	EXIST::FUNCTION:
+TS_REQ_get_policy_id                    2753	1_1_0	EXIST::FUNCTION:TS
+RC5_32_cbc_encrypt                      2754	1_1_0	EXIST::FUNCTION:RC5
+BN_is_zero                              2755	1_1_0	EXIST::FUNCTION:
+CT_POLICY_EVAL_CTX_new                  2756	1_1_0	EXIST::FUNCTION:CT
+NETSCAPE_SPKI_it                        2757	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+NETSCAPE_SPKI_it                        2757	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+CRYPTO_THREAD_unlock                    2758	1_1_0	EXIST::FUNCTION:
+UI_method_set_writer                    2759	1_1_0	EXIST::FUNCTION:
+UI_dup_info_string                      2760	1_1_0	EXIST::FUNCTION:
+OPENSSL_init                            2761	1_1_0	EXIST::FUNCTION:
+TS_RESP_get_tst_info                    2762	1_1_0	EXIST::FUNCTION:TS
+X509_VERIFY_PARAM_get_depth             2763	1_1_0	EXIST::FUNCTION:
+EVP_SealFinal                           2764	1_1_0	EXIST::FUNCTION:RSA
+BIO_set                                 2765	1_1_0	NOEXIST::FUNCTION:
+CONF_imodule_set_flags                  2766	1_1_0	EXIST::FUNCTION:
+i2d_ASN1_SET_ANY                        2767	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_decrypt                        2768	1_1_0	EXIST::FUNCTION:
+OCSP_RESPID_it                          2769	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP
+OCSP_RESPID_it                          2769	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP
+EVP_des_ede3_cbc                        2770	1_1_0	EXIST::FUNCTION:DES
+X509_up_ref                             2771	1_1_0	EXIST::FUNCTION:
+OBJ_NAME_do_all_sorted                  2772	1_1_0	EXIST::FUNCTION:
+ENGINE_unregister_DSA                   2773	1_1_0	EXIST::FUNCTION:ENGINE
+ASN1_bn_print                           2774	1_1_0	EXIST::FUNCTION:
+CMS_is_detached                         2775	1_1_0	EXIST::FUNCTION:CMS
+X509_REQ_INFO_it                        2776	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_REQ_INFO_it                        2776	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+RSAPrivateKey_it                        2777	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA
+RSAPrivateKey_it                        2777	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA
+X509_NAME_ENTRY_free                    2778	1_1_0	EXIST::FUNCTION:
+BIO_new_fd                              2779	1_1_0	EXIST::FUNCTION:
+OPENSSL_sk_value                        2781	1_1_0	EXIST::FUNCTION:
+NCONF_get_section                       2782	1_1_0	EXIST::FUNCTION:
+PKCS12_MAC_DATA_it                      2783	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS12_MAC_DATA_it                      2783	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_REQ_add1_attr_by_NID               2784	1_1_0	EXIST::FUNCTION:
+ASN1_sign                               2785	1_1_0	EXIST::FUNCTION:
+CMS_RecipientInfo_encrypt               2786	1_1_0	EXIST::FUNCTION:CMS
+X509_get_pubkey_parameters              2787	1_1_0	EXIST::FUNCTION:
+PKCS12_setup_mac                        2788	1_1_0	EXIST::FUNCTION:
+PEM_read_bio_PKCS7                      2789	1_1_0	EXIST::FUNCTION:
+SHA512_Final                            2790	1_1_0	EXIST::FUNCTION:
+X509_VERIFY_PARAM_set1_host             2791	1_1_0	EXIST::FUNCTION:
+OCSP_resp_find_status                   2792	1_1_0	EXIST::FUNCTION:OCSP
+d2i_ASN1_T61STRING                      2793	1_1_0	EXIST::FUNCTION:
+DES_pcbc_encrypt                        2794	1_1_0	EXIST::FUNCTION:DES
+EVP_PKEY_print_params                   2795	1_1_0	EXIST::FUNCTION:
+BN_get0_nist_prime_192                  2796	1_1_0	EXIST::FUNCTION:
+EVP_SealInit                            2798	1_1_0	EXIST::FUNCTION:RSA
+X509_REQ_get0_signature                 2799	1_1_0	EXIST::FUNCTION:
+PKEY_USAGE_PERIOD_free                  2800	1_1_0	EXIST::FUNCTION:
+EC_GROUP_set_point_conversion_form      2801	1_1_0	EXIST::FUNCTION:EC
+CMS_dataFinal                           2802	1_1_0	EXIST::FUNCTION:CMS
+ASN1_TIME_it                            2803	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_TIME_it                            2803	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_get_static_state                 2804	1_1_0	EXIST::FUNCTION:ENGINE
+EC_KEY_set_asn1_flag                    2805	1_1_0	EXIST::FUNCTION:EC
+EC_GFp_mont_method                      2806	1_1_0	EXIST::FUNCTION:EC
+OPENSSL_asc2uni                         2807	1_1_0	EXIST::FUNCTION:
+TS_REQ_new                              2808	1_1_0	EXIST::FUNCTION:TS
+ENGINE_register_all_DH                  2809	1_1_0	EXIST::FUNCTION:ENGINE
+ERR_clear_error                         2810	1_1_0	EXIST::FUNCTION:
+EC_KEY_dup                              2811	1_1_0	EXIST::FUNCTION:EC
+X509_LOOKUP_init                        2812	1_1_0	EXIST::FUNCTION:
+i2b_PVK_bio                             2813	1_1_0	EXIST::FUNCTION:DSA,RC4
+OCSP_ONEREQ_free                        2814	1_1_0	EXIST::FUNCTION:OCSP
+X509V3_EXT_print_fp                     2815	1_1_0	EXIST::FUNCTION:STDIO
+OBJ_bsearch_ex_                         2816	1_1_0	EXIST::FUNCTION:
+DES_ofb64_encrypt                       2817	1_1_0	EXIST::FUNCTION:DES
+i2d_IPAddressOrRange                    2818	1_1_0	EXIST::FUNCTION:RFC3779
+CRYPTO_secure_used                      2819	1_1_0	EXIST::FUNCTION:
+d2i_X509_CRL_INFO                       2820	1_1_0	EXIST::FUNCTION:
+X509_CRL_get_issuer                     2821	1_1_0	EXIST::FUNCTION:
+d2i_SCT_LIST                            2822	1_1_0	EXIST::FUNCTION:CT
+EC_GFp_nist_method                      2823	1_1_0	EXIST::FUNCTION:EC
+SCT_free                                2824	1_1_0	EXIST::FUNCTION:CT
+TS_TST_INFO_get_msg_imprint             2825	1_1_0	EXIST::FUNCTION:TS
+X509v3_addr_add_range                   2826	1_1_0	EXIST::FUNCTION:RFC3779
+PKCS12_get_friendlyname                 2827	1_1_0	EXIST::FUNCTION:
+X509_CRL_add_ext                        2829	1_1_0	EXIST::FUNCTION:
+X509_REQ_get_signature_nid              2830	1_1_0	EXIST::FUNCTION:
+TS_TST_INFO_get_ext                     2831	1_1_0	EXIST::FUNCTION:TS
+i2d_OCSP_RESPID                         2832	1_1_0	EXIST::FUNCTION:OCSP
+EVP_camellia_256_cfb8                   2833	1_1_0	EXIST::FUNCTION:CAMELLIA
+EC_KEY_get0_public_key                  2834	1_1_0	EXIST::FUNCTION:EC
+SRP_Calc_x                              2835	1_1_0	EXIST::FUNCTION:SRP
+a2i_ASN1_ENUMERATED                     2836	1_1_0	EXIST::FUNCTION:
+CONF_module_get_usr_data                2837	1_1_0	EXIST::FUNCTION:
+i2d_X509_NAME_ENTRY                     2838	1_1_0	EXIST::FUNCTION:
+SCT_LIST_free                           2839	1_1_0	EXIST::FUNCTION:CT
+PROXY_POLICY_new                        2840	1_1_0	EXIST::FUNCTION:
+X509_ALGOR_set_md                       2841	1_1_0	EXIST::FUNCTION:
+PKCS7_print_ctx                         2842	1_1_0	EXIST::FUNCTION:
+ASN1_UTF8STRING_new                     2843	1_1_0	EXIST::FUNCTION:
+EVP_des_cbc                             2844	1_1_0	EXIST::FUNCTION:DES
+i2v_ASN1_BIT_STRING                     2845	1_1_0	EXIST::FUNCTION:
+ASN1_TYPE_set1                          2846	1_1_0	EXIST::FUNCTION:
+d2i_X509_CRL_bio                        2847	1_1_0	EXIST::FUNCTION:
+PKCS12_SAFEBAG_get1_cert                2848	1_1_0	EXIST::FUNCTION:
+ASN1_UNIVERSALSTRING_free               2849	1_1_0	EXIST::FUNCTION:
+EC_KEY_precompute_mult                  2850	1_1_0	EXIST::FUNCTION:EC
+CRYPTO_mem_debug_realloc                2851	1_1_0	EXIST::FUNCTION:CRYPTO_MDEBUG
+PKCS7_new                               2852	1_1_0	EXIST::FUNCTION:
+BASIC_CONSTRAINTS_it                    2853	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+BASIC_CONSTRAINTS_it                    2853	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_generate_v3                        2854	1_1_0	EXIST::FUNCTION:
+PEM_write_bio_PrivateKey                2855	1_1_0	EXIST::FUNCTION:
+ASN1_UTCTIME_check                      2856	1_1_0	EXIST::FUNCTION:
+ACCESS_DESCRIPTION_it                   2857	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ACCESS_DESCRIPTION_it                   2857	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+TS_MSG_IMPRINT_get_msg                  2859	1_1_0	EXIST::FUNCTION:TS
+PKCS8_add_keyusage                      2860	1_1_0	EXIST::FUNCTION:
+X509_EXTENSION_dup                      2861	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_asn1_new                       2862	1_1_0	EXIST::FUNCTION:
+BIO_socket_nbio                         2863	1_1_0	EXIST::FUNCTION:SOCK
+EVP_CIPHER_set_asn1_iv                  2864	1_1_0	EXIST::FUNCTION:
+EC_GFp_nistp224_method                  2865	1_1_0	EXIST::FUNCTION:EC,EC_NISTP_64_GCC_128
+BN_swap                                 2866	1_1_0	EXIST::FUNCTION:
+d2i_ECParameters                        2867	1_1_0	EXIST::FUNCTION:EC
+X509_NAME_add_entry_by_OBJ              2868	1_1_0	EXIST::FUNCTION:
+TS_TST_INFO_get_ext_count               2869	1_1_0	EXIST::FUNCTION:TS
+i2d_OCSP_CERTID                         2870	1_1_0	EXIST::FUNCTION:OCSP
+BN_CTX_start                            2871	1_1_0	EXIST::FUNCTION:
+BN_print                                2872	1_1_0	EXIST::FUNCTION:
+EC_KEY_set_flags                        2873	1_1_0	EXIST::FUNCTION:EC
+EVP_PKEY_get0                           2874	1_1_0	EXIST::FUNCTION:
+ENGINE_set_default                      2875	1_1_0	EXIST::FUNCTION:ENGINE
+NCONF_get_number_e                      2876	1_1_0	EXIST::FUNCTION:
+OPENSSL_cleanse                         2877	1_1_0	EXIST::FUNCTION:
+SCT_set0_signature                      2878	1_1_0	EXIST::FUNCTION:CT
+X509_CRL_sign                           2879	1_1_0	EXIST::FUNCTION:
+X509_CINF_it                            2880	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_CINF_it                            2880	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+TS_CONF_set_accuracy                    2881	1_1_0	EXIST::FUNCTION:TS
+DES_crypt                               2882	1_1_0	EXIST::FUNCTION:DES
+BN_BLINDING_create_param                2883	1_1_0	EXIST::FUNCTION:
+OCSP_SERVICELOC_free                    2884	1_1_0	EXIST::FUNCTION:OCSP
+DIST_POINT_NAME_free                    2885	1_1_0	EXIST::FUNCTION:
+BIO_listen                              2886	1_1_0	EXIST::FUNCTION:SOCK
+BIO_ADDR_path_string                    2887	1_1_0	EXIST::FUNCTION:SOCK
+POLICY_CONSTRAINTS_it                   2888	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+POLICY_CONSTRAINTS_it                   2888	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+NCONF_free_data                         2889	1_1_0	EXIST::FUNCTION:
+BIO_asn1_set_prefix                     2890	1_1_0	EXIST::FUNCTION:
+PEM_SignUpdate                          2891	1_1_0	EXIST::FUNCTION:
+PEM_write_bio_EC_PUBKEY                 2892	1_1_0	EXIST::FUNCTION:EC
+CMS_add_simple_smimecap                 2893	1_1_0	EXIST::FUNCTION:CMS
+IPAddressChoice_free                    2894	1_1_0	EXIST::FUNCTION:RFC3779
+d2i_X509_AUX                            2895	1_1_0	EXIST::FUNCTION:
+X509_get_default_cert_area              2896	1_1_0	EXIST::FUNCTION:
+ERR_load_DSO_strings                    2897	1_1_0	EXIST::FUNCTION:
+ASIdentifiers_it                        2898	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+ASIdentifiers_it                        2898	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+BN_mod_lshift                           2899	1_1_0	EXIST::FUNCTION:
+ENGINE_get_last                         2900	1_1_0	EXIST::FUNCTION:ENGINE
+EVP_PKEY_encrypt_init                   2901	1_1_0	EXIST::FUNCTION:
+i2d_RSAPrivateKey_fp                    2902	1_1_0	EXIST::FUNCTION:RSA,STDIO
+X509_REQ_print                          2903	1_1_0	EXIST::FUNCTION:
+RSA_size                                2904	1_1_0	EXIST::FUNCTION:RSA
+EVP_CIPHER_CTX_iv_noconst               2905	1_1_0	EXIST::FUNCTION:
+DH_set_default_method                   2906	1_1_0	EXIST::FUNCTION:DH
+X509_ALGOR_new                          2907	1_1_0	EXIST::FUNCTION:
+EVP_aes_192_ofb                         2908	1_1_0	EXIST::FUNCTION:
+EVP_des_ede3_cfb1                       2909	1_1_0	EXIST::FUNCTION:DES
+TS_REQ_to_TS_VERIFY_CTX                 2910	1_1_0	EXIST::FUNCTION:TS
+d2i_PBEPARAM                            2911	1_1_0	EXIST::FUNCTION:
+BN_get0_nist_prime_521                  2912	1_1_0	EXIST::FUNCTION:
+OCSP_ONEREQ_get_ext_by_NID              2913	1_1_0	EXIST::FUNCTION:OCSP
+X509_PUBKEY_get0                        2914	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get0_parent_ctx          2915	1_1_0	EXIST::FUNCTION:
+EC_GROUP_set_seed                       2916	1_1_0	EXIST::FUNCTION:EC
+X509_STORE_CTX_free                     2917	1_1_0	EXIST::FUNCTION:
+AUTHORITY_KEYID_it                      2918	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+AUTHORITY_KEYID_it                      2918	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509V3_get_value_int                    2919	1_1_0	EXIST::FUNCTION:
+ASN1_UTCTIME_set_string                 2920	1_1_0	EXIST::FUNCTION:
+RC5_32_decrypt                          2921	1_1_0	EXIST::FUNCTION:RC5
+i2d_X509_REQ_INFO                       2922	1_1_0	EXIST::FUNCTION:
+EVP_des_cfb1                            2923	1_1_0	EXIST::FUNCTION:DES
+OBJ_NAME_cleanup                        2924	1_1_0	EXIST::FUNCTION:
+OCSP_BASICRESP_get1_ext_d2i             2925	1_1_0	EXIST::FUNCTION:OCSP
+DES_cfb64_encrypt                       2926	1_1_0	EXIST::FUNCTION:DES
+CAST_cfb64_encrypt                      2927	1_1_0	EXIST::FUNCTION:CAST
+EVP_PKEY_asn1_set_param                 2928	1_1_0	EXIST::FUNCTION:
+BN_RECP_CTX_free                        2929	1_1_0	EXIST::FUNCTION:
+BN_with_flags                           2930	1_1_0	EXIST::FUNCTION:
+DSO_ctrl                                2931	1_1_0	EXIST::FUNCTION:
+EVP_MD_meth_get_final                   2932	1_1_0	EXIST::FUNCTION:
+ASN1_TYPE_get_octetstring               2933	1_1_0	EXIST::FUNCTION:
+ENGINE_by_id                            2934	1_1_0	EXIST::FUNCTION:ENGINE
+d2i_PKCS7_SIGNER_INFO                   2935	1_1_0	EXIST::FUNCTION:
+EVP_aes_192_cbc                         2936	1_1_0	EXIST::FUNCTION:
+PKCS8_pkey_set0                         2937	1_1_0	EXIST::FUNCTION:
+X509_get1_email                         2938	1_1_0	EXIST::FUNCTION:
+EC_POINT_point2oct                      2939	1_1_0	EXIST::FUNCTION:EC
+EC_GROUP_get_curve_GFp                  2940	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_2_0,EC
+ASYNC_block_pause                       2941	1_1_0	EXIST::FUNCTION:
+OCSP_SINGLERESP_get_ext                 2942	1_1_0	EXIST::FUNCTION:OCSP
+CRYPTO_strdup                           2943	1_1_0	EXIST::FUNCTION:
+i2d_X509_CRL_bio                        2945	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_asn1_set_item                  2946	1_1_0	EXIST::FUNCTION:
+CRYPTO_ccm128_encrypt                   2947	1_1_0	EXIST::FUNCTION:
+X509v3_addr_get_afi                     2948	1_1_0	EXIST::FUNCTION:RFC3779
+X509_STORE_CTX_get0_param               2949	1_1_0	EXIST::FUNCTION:
+EVP_add_alg_module                      2950	1_1_0	EXIST::FUNCTION:
+X509_check_purpose                      2951	1_1_0	EXIST::FUNCTION:
+OCSP_REQUEST_delete_ext                 2952	1_1_0	EXIST::FUNCTION:OCSP
+X509_PURPOSE_get_count                  2953	1_1_0	EXIST::FUNCTION:
+d2i_PKCS12_bio                          2954	1_1_0	EXIST::FUNCTION:
+ASN1_item_free                          2955	1_1_0	EXIST::FUNCTION:
+PKCS7_content_new                       2956	1_1_0	EXIST::FUNCTION:
+X509_keyid_get0                         2957	1_1_0	EXIST::FUNCTION:
+COMP_get_name                           2958	1_1_0	EXIST::FUNCTION:COMP
+EC_GROUP_new_curve_GF2m                 2959	1_1_0	EXIST::FUNCTION:EC,EC2M
+X509_SIG_free                           2960	1_1_0	EXIST::FUNCTION:
+PEM_ASN1_write                          2961	1_1_0	EXIST::FUNCTION:STDIO
+ENGINE_get_digest_engine                2962	1_1_0	EXIST::FUNCTION:ENGINE
+BN_CTX_new                              2963	1_1_0	EXIST::FUNCTION:
+EC_curve_nid2nist                       2964	1_1_0	EXIST::FUNCTION:EC
+ENGINE_get_finish_function              2965	1_1_0	EXIST::FUNCTION:ENGINE
+EC_POINT_add                            2966	1_1_0	EXIST::FUNCTION:EC
+EC_KEY_oct2key                          2967	1_1_0	EXIST::FUNCTION:EC
+SHA384_Init                             2968	1_1_0	EXIST::FUNCTION:
+ASN1_UNIVERSALSTRING_new                2969	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_print_private                  2970	1_1_0	EXIST::FUNCTION:
+ASN1_INTEGER_new                        2971	1_1_0	EXIST::FUNCTION:
+NAME_CONSTRAINTS_it                     2972	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+NAME_CONSTRAINTS_it                     2972	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+TS_REQ_get_cert_req                     2973	1_1_0	EXIST::FUNCTION:TS
+BIO_pop                                 2974	1_1_0	EXIST::FUNCTION:
+SHA256_Final                            2975	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_set1_DH                        2976	1_1_0	EXIST::FUNCTION:DH
+DH_get_ex_data                          2977	1_1_0	EXIST::FUNCTION:DH
+CRYPTO_secure_malloc                    2978	1_1_0	EXIST::FUNCTION:
+TS_RESP_get_status_info                 2979	1_1_0	EXIST::FUNCTION:TS
+HMAC_CTX_new                            2980	1_1_0	EXIST::FUNCTION:
+ENGINE_get_default_DH                   2981	1_1_0	EXIST::FUNCTION:ENGINE
+ECDSA_do_verify                         2982	1_1_0	EXIST::FUNCTION:EC
+DSO_flags                               2983	1_1_0	EXIST::FUNCTION:
+RAND_add                                2984	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_do_all_sorted                2985	1_1_0	EXIST::FUNCTION:
+PKCS7_encrypt                           2986	1_1_0	EXIST::FUNCTION:
+i2d_DSA_SIG                             2987	1_1_0	EXIST::FUNCTION:DSA
+CMS_set_detached                        2988	1_1_0	EXIST::FUNCTION:CMS
+X509_REQ_get_attr_by_OBJ                2989	1_1_0	EXIST::FUNCTION:
+i2d_ASRange                             2990	1_1_0	EXIST::FUNCTION:RFC3779
+EC_GROUP_set_asn1_flag                  2991	1_1_0	EXIST::FUNCTION:EC
+EVP_PKEY_new                            2992	1_1_0	EXIST::FUNCTION:
+i2d_POLICYINFO                          2993	1_1_0	EXIST::FUNCTION:
+BN_get_flags                            2994	1_1_0	EXIST::FUNCTION:
+SHA384                                  2995	1_1_0	EXIST::FUNCTION:
+NCONF_get_string                        2996	1_1_0	EXIST::FUNCTION:
+d2i_PROXY_CERT_INFO_EXTENSION           2997	1_1_0	EXIST::FUNCTION:
+EC_POINT_point2buf                      2998	1_1_0	EXIST::FUNCTION:EC
+RSA_padding_add_PKCS1_OAEP_mgf1         2999	1_1_0	EXIST::FUNCTION:RSA
+COMP_CTX_get_type                       3000	1_1_0	EXIST::FUNCTION:COMP
+TS_RESP_CTX_set_status_info             3001	1_1_0	EXIST::FUNCTION:TS
+BIO_f_nbio_test                         3002	1_1_0	EXIST::FUNCTION:
+SEED_ofb128_encrypt                     3003	1_1_0	EXIST::FUNCTION:SEED
+d2i_RSAPrivateKey_bio                   3004	1_1_0	EXIST::FUNCTION:RSA
+DH_KDF_X9_42                            3005	1_1_0	EXIST::FUNCTION:CMS,DH
+EVP_PKEY_meth_set_signctx               3006	1_1_0	EXIST::FUNCTION:
+X509_CRL_get_version                    3007	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_meth_get0_info                 3008	1_1_0	EXIST::FUNCTION:
+PEM_read_bio_RSAPublicKey               3009	1_1_0	EXIST::FUNCTION:RSA
+EVP_PKEY_asn1_set_private               3010	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_get0_RSA                       3011	1_1_0	EXIST::FUNCTION:RSA
+DES_ede3_cfb64_encrypt                  3012	1_1_0	EXIST::FUNCTION:DES
+POLICY_MAPPING_free                     3014	1_1_0	EXIST::FUNCTION:
+EVP_aes_128_gcm                         3015	1_1_0	EXIST::FUNCTION:
+BIO_dgram_non_fatal_error               3016	1_1_0	EXIST::FUNCTION:DGRAM
+OCSP_request_is_signed                  3017	1_1_0	EXIST::FUNCTION:OCSP
+i2d_BASIC_CONSTRAINTS                   3018	1_1_0	EXIST::FUNCTION:
+EC_KEY_get_method                       3019	1_1_0	EXIST::FUNCTION:EC
+EC_POINT_bn2point                       3021	1_1_0	EXIST::FUNCTION:EC
+PBE2PARAM_it                            3022	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PBE2PARAM_it                            3022	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+BN_rand                                 3023	1_1_0	EXIST::FUNCTION:
+ASN1_TYPE_unpack_sequence               3024	1_1_0	EXIST::FUNCTION:
+X509_CRL_sign_ctx                       3025	1_1_0	EXIST::FUNCTION:
+X509_STORE_add_crl                      3026	1_1_0	EXIST::FUNCTION:
+PEM_write_RSAPrivateKey                 3027	1_1_0	EXIST::FUNCTION:RSA,STDIO
+RC4_set_key                             3028	1_1_0	EXIST::FUNCTION:RC4
+EVP_CIPHER_CTX_cipher                   3029	1_1_0	EXIST::FUNCTION:
+PEM_write_bio_PKCS8PrivateKey_nid       3030	1_1_0	EXIST::FUNCTION:
+BN_MONT_CTX_new                         3031	1_1_0	EXIST::FUNCTION:
+CRYPTO_free_ex_index                    3032	1_1_0	EXIST::FUNCTION:
+ASYNC_WAIT_CTX_new                      3033	1_1_0	EXIST::FUNCTION:
+PKCS7_it                                3034	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_it                                3034	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+CMS_unsigned_get_attr_by_OBJ            3035	1_1_0	EXIST::FUNCTION:CMS
+BN_clear                                3036	1_1_0	EXIST::FUNCTION:
+BIO_socket_ioctl                        3037	1_1_0	EXIST::FUNCTION:SOCK
+GENERAL_NAME_cmp                        3038	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_set_purpose              3039	1_1_0	EXIST::FUNCTION:
+X509_REVOKED_get_ext_d2i                3040	1_1_0	EXIST::FUNCTION:
+X509V3_set_conf_lhash                   3041	1_1_0	EXIST::FUNCTION:
+PKCS7_ENC_CONTENT_it                    3042	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_ENC_CONTENT_it                    3042	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PKCS12_item_pack_safebag                3043	1_1_0	EXIST::FUNCTION:
+i2d_OCSP_RESPDATA                       3044	1_1_0	EXIST::FUNCTION:OCSP
+i2d_X509_PUBKEY                         3045	1_1_0	EXIST::FUNCTION:
+EVP_DecryptUpdate                       3046	1_1_0	EXIST::FUNCTION:
+CAST_cbc_encrypt                        3047	1_1_0	EXIST::FUNCTION:CAST
+BN_BLINDING_invert                      3048	1_1_0	EXIST::FUNCTION:
+SHA512_Update                           3049	1_1_0	EXIST::FUNCTION:
+ESS_ISSUER_SERIAL_new                   3050	1_1_0	EXIST::FUNCTION:TS
+PKCS12_SAFEBAG_get0_pkcs8               3051	1_1_0	EXIST::FUNCTION:
+X509_get_ext_by_NID                     3052	1_1_0	EXIST::FUNCTION:
+d2i_IPAddressFamily                     3053	1_1_0	EXIST::FUNCTION:RFC3779
+X509_check_private_key                  3054	1_1_0	EXIST::FUNCTION:
+GENERAL_NAME_get0_value                 3055	1_1_0	EXIST::FUNCTION:
+X509_check_akid                         3056	1_1_0	EXIST::FUNCTION:
+PKCS12_key_gen_asc                      3057	1_1_0	EXIST::FUNCTION:
+EVP_bf_ofb                              3058	1_1_0	EXIST::FUNCTION:BF
+AUTHORITY_KEYID_free                    3059	1_1_0	EXIST::FUNCTION:
+EVP_seed_ofb                            3060	1_1_0	EXIST::FUNCTION:SEED
+OBJ_NAME_get                            3061	1_1_0	EXIST::FUNCTION:
+ASN1_UTCTIME_set                        3062	1_1_0	EXIST::FUNCTION:
+X509_NAME_ENTRY_set_data                3063	1_1_0	EXIST::FUNCTION:
+ASN1_PCTX_set_str_flags                 3064	1_1_0	EXIST::FUNCTION:
+i2a_ASN1_INTEGER                        3065	1_1_0	EXIST::FUNCTION:
+d2i_TS_RESP                             3066	1_1_0	EXIST::FUNCTION:TS
+EVP_des_ede_cfb64                       3067	1_1_0	EXIST::FUNCTION:DES
+d2i_RSAPrivateKey                       3068	1_1_0	EXIST::FUNCTION:RSA
+ERR_load_BN_strings                     3069	1_1_0	EXIST::FUNCTION:
+BF_encrypt                              3070	1_1_0	EXIST::FUNCTION:BF
+MD5                                     3071	1_1_0	EXIST::FUNCTION:MD5
+BN_GF2m_arr2poly                        3072	1_1_0	EXIST::FUNCTION:EC2M
+EVP_PKEY_meth_get_ctrl                  3073	1_1_0	EXIST::FUNCTION:
+i2d_X509_REQ_bio                        3074	1_1_0	EXIST::FUNCTION:
+X509_VERIFY_PARAM_set1_name             3075	1_1_0	EXIST::FUNCTION:
+d2i_RSAPublicKey_bio                    3076	1_1_0	EXIST::FUNCTION:RSA
+X509_REQ_get_X509_PUBKEY                3077	1_1_0	EXIST::FUNCTION:
+ENGINE_load_private_key                 3078	1_1_0	EXIST::FUNCTION:ENGINE
+GENERAL_NAMES_new                       3079	1_1_0	EXIST::FUNCTION:
+i2d_POLICYQUALINFO                      3080	1_1_0	EXIST::FUNCTION:
+EC_GF2m_simple_method                   3081	1_1_0	EXIST::FUNCTION:EC,EC2M
+RSA_get_method                          3082	1_1_0	EXIST::FUNCTION:RSA
+d2i_ASRange                             3083	1_1_0	EXIST::FUNCTION:RFC3779
+CMS_ContentInfo_new                     3084	1_1_0	EXIST::FUNCTION:CMS
+OPENSSL_init_crypto                     3085	1_1_0	EXIST::FUNCTION:
+X509_TRUST_set                          3086	1_1_0	EXIST::FUNCTION:
+EVP_camellia_192_ecb                    3087	1_1_0	EXIST::FUNCTION:CAMELLIA
+d2i_X509_REVOKED                        3088	1_1_0	EXIST::FUNCTION:
+d2i_IPAddressOrRange                    3089	1_1_0	EXIST::FUNCTION:RFC3779
+TS_TST_INFO_set_version                 3090	1_1_0	EXIST::FUNCTION:TS
+PKCS12_get0_mac                         3091	1_1_0	EXIST::FUNCTION:
+EVP_EncodeInit                          3092	1_1_0	EXIST::FUNCTION:
+X509_get0_trust_objects                 3093	1_1_0	EXIST::FUNCTION:
+d2i_ECPrivateKey_bio                    3094	1_1_0	EXIST::FUNCTION:EC
+BIO_s_secmem                            3095	1_1_0	EXIST::FUNCTION:
+ENGINE_get_default_EC                   3096	1_1_0	EXIST::FUNCTION:ENGINE
+TS_RESP_create_response                 3097	1_1_0	EXIST::FUNCTION:TS
+BIO_ADDR_rawaddress                     3098	1_1_0	EXIST::FUNCTION:SOCK
+PKCS7_ENCRYPT_new                       3099	1_1_0	EXIST::FUNCTION:
+i2d_PKCS8PrivateKey_fp                  3100	1_1_0	EXIST::FUNCTION:STDIO
+SRP_user_pwd_free                       3101	1_1_0	EXIST::FUNCTION:SRP
+Camellia_encrypt                        3102	1_1_0	EXIST::FUNCTION:CAMELLIA
+BIO_ADDR_hostname_string                3103	1_1_0	EXIST::FUNCTION:SOCK
+USERNOTICE_new                          3104	1_1_0	EXIST::FUNCTION:
+POLICY_MAPPING_new                      3105	1_1_0	EXIST::FUNCTION:
+CRYPTO_gcm128_release                   3106	1_1_0	EXIST::FUNCTION:
+BIO_new                                 3107	1_1_0	EXIST::FUNCTION:
+d2i_GENERAL_NAMES                       3108	1_1_0	EXIST::FUNCTION:
+PKCS7_SIGNER_INFO_new                   3109	1_1_0	EXIST::FUNCTION:
+PEM_read_DSA_PUBKEY                     3110	1_1_0	EXIST::FUNCTION:DSA,STDIO
+X509_get0_subject_key_id                3111	1_1_0	EXIST::FUNCTION:
+i2s_ASN1_ENUMERATED                     3112	1_1_0	EXIST::FUNCTION:
+X509v3_get_ext_by_OBJ                   3113	1_1_0	EXIST::FUNCTION:
+OCSP_REQUEST_free                       3114	1_1_0	EXIST::FUNCTION:OCSP
+CRYPTO_ocb128_aad                       3115	1_1_0	EXIST::FUNCTION:OCB
+OPENSSL_sk_deep_copy                    3116	1_1_0	EXIST::FUNCTION:
+i2d_RSA_PSS_PARAMS                      3117	1_1_0	EXIST::FUNCTION:RSA
+EVP_aes_128_wrap_pad                    3118	1_1_0	EXIST::FUNCTION:
+ASN1_BIT_STRING_set                     3119	1_1_0	EXIST::FUNCTION:
+PKCS5_PBKDF2_HMAC_SHA1                  3120	1_1_0	EXIST::FUNCTION:
+RSA_padding_check_PKCS1_type_2          3121	1_1_0	EXIST::FUNCTION:RSA
+EVP_des_ede3_ecb                        3122	1_1_0	EXIST::FUNCTION:DES
+CBIGNUM_it                              3123	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+CBIGNUM_it                              3123	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+BIO_new_NDEF                            3124	1_1_0	EXIST::FUNCTION:
+EVP_aes_256_wrap                        3125	1_1_0	EXIST::FUNCTION:
+ASN1_STRING_print                       3126	1_1_0	EXIST::FUNCTION:
+CRYPTO_THREAD_lock_free                 3127	1_1_0	EXIST::FUNCTION:
+TS_ACCURACY_get_seconds                 3128	1_1_0	EXIST::FUNCTION:TS
+BN_options                              3129	1_1_0	EXIST::FUNCTION:
+BIO_debug_callback                      3130	1_1_0	EXIST::FUNCTION:
+EVP_MD_meth_get_update                  3131	1_1_0	EXIST::FUNCTION:
+GENERAL_NAME_set0_othername             3132	1_1_0	EXIST::FUNCTION:
+ASN1_BIT_STRING_set_bit                 3133	1_1_0	EXIST::FUNCTION:
+EVP_aes_256_ccm                         3134	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_get0_pkey                  3135	1_1_0	EXIST::FUNCTION:
+CONF_load_fp                            3136	1_1_0	EXIST::FUNCTION:STDIO
+BN_to_ASN1_ENUMERATED                   3137	1_1_0	EXIST::FUNCTION:
+i2d_ISSUING_DIST_POINT                  3138	1_1_0	EXIST::FUNCTION:
+TXT_DB_free                             3139	1_1_0	EXIST::FUNCTION:
+ASN1_STRING_set                         3140	1_1_0	EXIST::FUNCTION:
+d2i_ESS_CERT_ID                         3141	1_1_0	EXIST::FUNCTION:TS
+EVP_PKEY_meth_set_derive                3142	1_1_0	EXIST::FUNCTION:
+OPENSSL_LH_stats                        3143	1_1_0	EXIST::FUNCTION:STDIO
+NCONF_dump_fp                           3144	1_1_0	EXIST::FUNCTION:STDIO
+TS_STATUS_INFO_print_bio                3145	1_1_0	EXIST::FUNCTION:TS
+OPENSSL_sk_dup                          3146	1_1_0	EXIST::FUNCTION:
+BF_cfb64_encrypt                        3147	1_1_0	EXIST::FUNCTION:BF
+ASN1_GENERALIZEDTIME_adj                3148	1_1_0	EXIST::FUNCTION:
+ECDSA_verify                            3149	1_1_0	EXIST::FUNCTION:EC
+EVP_camellia_256_cfb128                 3150	1_1_0	EXIST::FUNCTION:CAMELLIA
+CMAC_Init                               3151	1_1_0	EXIST::FUNCTION:CMAC
+OCSP_basic_add1_status                  3152	1_1_0	EXIST::FUNCTION:OCSP
+X509_CRL_get0_by_cert                   3153	1_1_0	EXIST::FUNCTION:
+TS_TST_INFO_set_tsa                     3154	1_1_0	EXIST::FUNCTION:TS
+i2d_ASN1_GENERALIZEDTIME                3155	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_derive_set_peer                3156	1_1_0	EXIST::FUNCTION:
+X509V3_EXT_CRL_add_conf                 3157	1_1_0	EXIST::FUNCTION:
+CRYPTO_ccm128_init                      3158	1_1_0	EXIST::FUNCTION:
+X509_VERIFY_PARAM_set_time              3159	1_1_0	EXIST::FUNCTION:
+BN_reciprocal                           3160	1_1_0	EXIST::FUNCTION:
+d2i_PKCS7_SIGN_ENVELOPE                 3161	1_1_0	EXIST::FUNCTION:
+X509_NAME_digest                        3162	1_1_0	EXIST::FUNCTION:
+d2i_OCSP_SERVICELOC                     3163	1_1_0	EXIST::FUNCTION:OCSP
+GENERAL_NAME_print                      3164	1_1_0	EXIST::FUNCTION:
+CMS_ReceiptRequest_get0_values          3165	1_1_0	EXIST::FUNCTION:CMS
+a2i_ASN1_INTEGER                        3166	1_1_0	EXIST::FUNCTION:
+OCSP_sendreq_bio                        3167	1_1_0	EXIST::FUNCTION:OCSP
+PKCS12_SAFEBAG_create_crl               3168	1_1_0	EXIST::FUNCTION:
+d2i_X509_NAME                           3169	1_1_0	EXIST::FUNCTION:
+IDEA_cfb64_encrypt                      3170	1_1_0	EXIST::FUNCTION:IDEA
+BN_mod_sub                              3171	1_1_0	EXIST::FUNCTION:
+ASN1_NULL_new                           3172	1_1_0	EXIST::FUNCTION:
+HMAC_Init                               3173	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0
+EVP_MD_CTX_update_fn                    3174	1_1_0	EXIST::FUNCTION:
+EVP_aes_128_ecb                         3175	1_1_0	EXIST::FUNCTION:
+i2d_PKCS7_bio_stream                    3176	1_1_0	EXIST::FUNCTION:
+i2a_ACCESS_DESCRIPTION                  3178	1_1_0	EXIST::FUNCTION:
+EC_KEY_set_enc_flags                    3179	1_1_0	EXIST::FUNCTION:EC
+i2d_PUBKEY_fp                           3180	1_1_0	EXIST::FUNCTION:STDIO
+b2i_PrivateKey_bio                      3181	1_1_0	EXIST::FUNCTION:DSA
+OCSP_REQUEST_add_ext                    3182	1_1_0	EXIST::FUNCTION:OCSP
+SXNET_add_id_INTEGER                    3183	1_1_0	EXIST::FUNCTION:
+CTLOG_get0_public_key                   3184	1_1_0	EXIST::FUNCTION:CT
+OCSP_REQUEST_get_ext_by_OBJ             3185	1_1_0	EXIST::FUNCTION:OCSP
+X509_NAME_oneline                       3186	1_1_0	EXIST::FUNCTION:
+X509V3_set_nconf                        3187	1_1_0	EXIST::FUNCTION:
+RSAPrivateKey_dup                       3188	1_1_0	EXIST::FUNCTION:RSA
+BN_mod_add                              3189	1_1_0	EXIST::FUNCTION:
+EC_POINT_set_affine_coordinates_GFp     3190	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_2_0,EC
+X509_get_default_cert_file              3191	1_1_0	EXIST::FUNCTION:
+UI_method_set_flusher                   3192	1_1_0	EXIST::FUNCTION:
+RSA_new_method                          3193	1_1_0	EXIST::FUNCTION:RSA
+OCSP_request_verify                     3194	1_1_0	EXIST::FUNCTION:OCSP
+CRYPTO_THREAD_run_once                  3195	1_1_0	EXIST::FUNCTION:
+TS_REQ_print_bio                        3196	1_1_0	EXIST::FUNCTION:TS
+SCT_get_version                         3197	1_1_0	EXIST::FUNCTION:CT
+IDEA_set_encrypt_key                    3198	1_1_0	EXIST::FUNCTION:IDEA
+ENGINE_get_DH                           3199	1_1_0	EXIST::FUNCTION:ENGINE
+i2d_ASIdentifierChoice                  3200	1_1_0	EXIST::FUNCTION:RFC3779
+SRP_Calc_A                              3201	1_1_0	EXIST::FUNCTION:SRP
+OCSP_BASICRESP_add_ext                  3202	1_1_0	EXIST::FUNCTION:OCSP
+EVP_idea_cfb64                          3203	1_1_0	EXIST::FUNCTION:IDEA
+PKCS12_newpass                          3204	1_1_0	EXIST::FUNCTION:
+EVP_aes_256_cbc_hmac_sha256             3205	1_1_0	EXIST::FUNCTION:
+TS_ACCURACY_get_millis                  3206	1_1_0	EXIST::FUNCTION:TS
+X509_CRL_get_REVOKED                    3207	1_1_0	EXIST::FUNCTION:
+X509_issuer_name_hash_old               3208	1_1_0	EXIST::FUNCTION:MD5
+i2d_PKCS12_SAFEBAG                      3209	1_1_0	EXIST::FUNCTION:
+BN_rand_range                           3210	1_1_0	EXIST::FUNCTION:
+SMIME_write_ASN1                        3211	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_CTX_new                      3212	1_1_0	EXIST::FUNCTION:
+MD4_Final                               3213	1_1_0	EXIST::FUNCTION:MD4
+EVP_PKEY_id                             3214	1_1_0	EXIST::FUNCTION:
+CMS_RecipientInfo_get0_pkey_ctx         3215	1_1_0	EXIST::FUNCTION:CMS
+OCSP_REQINFO_free                       3216	1_1_0	EXIST::FUNCTION:OCSP
+AUTHORITY_KEYID_new                     3217	1_1_0	EXIST::FUNCTION:
+i2d_DIST_POINT_NAME                     3218	1_1_0	EXIST::FUNCTION:
+OpenSSL_version_num                     3219	1_1_0	EXIST::FUNCTION:
+OCSP_CERTID_free                        3220	1_1_0	EXIST::FUNCTION:OCSP
+BIO_hex_string                          3221	1_1_0	EXIST::FUNCTION:
+X509_REQ_sign_ctx                       3222	1_1_0	EXIST::FUNCTION:
+CRYPTO_ocb128_init                      3223	1_1_0	EXIST::FUNCTION:OCB
+EVP_PKEY_get1_EC_KEY                    3224	1_1_0	EXIST::FUNCTION:EC
+ASN1_PRINTABLESTRING_free               3225	1_1_0	EXIST::FUNCTION:
+BIO_get_retry_reason                    3226	1_1_0	EXIST::FUNCTION:
+X509_NAME_print                         3227	1_1_0	EXIST::FUNCTION:
+ACCESS_DESCRIPTION_free                 3228	1_1_0	EXIST::FUNCTION:
+BN_nist_mod_384                         3229	1_1_0	EXIST::FUNCTION:
+i2d_EC_PUBKEY_fp                        3230	1_1_0	EXIST::FUNCTION:EC,STDIO
+ENGINE_set_default_pkey_meths           3231	1_1_0	EXIST::FUNCTION:ENGINE
+DH_bits                                 3232	1_1_0	EXIST::FUNCTION:DH
+i2d_X509_ALGORS                         3233	1_1_0	EXIST::FUNCTION:
+EVP_camellia_192_cfb1                   3234	1_1_0	EXIST::FUNCTION:CAMELLIA
+TS_RESP_CTX_add_failure_info            3235	1_1_0	EXIST::FUNCTION:TS
+EVP_PBE_alg_add                         3236	1_1_0	EXIST::FUNCTION:
+ESS_CERT_ID_dup                         3237	1_1_0	EXIST::FUNCTION:TS
+CMS_SignerInfo_get0_signature           3238	1_1_0	EXIST::FUNCTION:CMS
+EVP_PKEY_verify_recover                 3239	1_1_0	EXIST::FUNCTION:
+i2d_PUBKEY                              3240	1_1_0	EXIST::FUNCTION:
+ERR_load_EVP_strings                    3241	1_1_0	EXIST::FUNCTION:
+X509_ATTRIBUTE_set1_data                3242	1_1_0	EXIST::FUNCTION:
+d2i_X509_fp                             3243	1_1_0	EXIST::FUNCTION:STDIO
+MD2_Init                                3244	1_1_0	EXIST::FUNCTION:MD2
+ERR_get_error_line                      3245	1_1_0	EXIST::FUNCTION:
+X509_CRL_get_ext_by_NID                 3246	1_1_0	EXIST::FUNCTION:
+OPENSSL_INIT_free                       3247	1_1_0	EXIST::FUNCTION:
+PBE2PARAM_free                          3248	1_1_0	EXIST::FUNCTION:
+EVP_aes_192_ecb                         3249	1_1_0	EXIST::FUNCTION:
+ASN1_OCTET_STRING_new                   3250	1_1_0	EXIST::FUNCTION:
+CMS_set1_eContentType                   3251	1_1_0	EXIST::FUNCTION:CMS
+EVP_des_ede3_wrap                       3252	1_1_0	EXIST::FUNCTION:DES
+GENERAL_SUBTREE_it                      3253	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+GENERAL_SUBTREE_it                      3253	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_read_pw_string_min                  3254	1_1_0	EXIST::FUNCTION:
+X509_set1_notBefore                     3255	1_1_0	EXIST::FUNCTION:
+MD4                                     3256	1_1_0	EXIST::FUNCTION:MD4
+EVP_PKEY_CTX_dup                        3257	1_1_0	EXIST::FUNCTION:
+ENGINE_setup_bsd_cryptodev              3258	1_1_0	EXIST:__FreeBSD__:FUNCTION:DEPRECATEDIN_1_1_0,ENGINE
+PEM_read_bio_DHparams                   3259	1_1_0	EXIST::FUNCTION:DH
+CMS_SharedInfo_encode                   3260	1_1_0	EXIST::FUNCTION:CMS
+ASN1_OBJECT_create                      3261	1_1_0	EXIST::FUNCTION:
+i2d_ECParameters                        3262	1_1_0	EXIST::FUNCTION:EC
+BN_GF2m_mod_arr                         3263	1_1_0	EXIST::FUNCTION:EC2M
+ENGINE_set_finish_function              3264	1_1_0	EXIST::FUNCTION:ENGINE
+d2i_ASN1_OCTET_STRING                   3265	1_1_0	EXIST::FUNCTION:
+ENGINE_set_load_pubkey_function         3266	1_1_0	EXIST::FUNCTION:ENGINE
+BIO_vprintf                             3267	1_1_0	EXIST::FUNCTION:
+CMS_RecipientInfo_decrypt               3268	1_1_0	EXIST::FUNCTION:CMS
+RSA_generate_key                        3269	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_0_9_8,RSA
+PKCS7_set0_type_other                   3270	1_1_0	EXIST::FUNCTION:
+OCSP_REQUEST_new                        3271	1_1_0	EXIST::FUNCTION:OCSP
+BIO_lookup                              3272	1_1_0	EXIST::FUNCTION:SOCK
+EC_GROUP_get0_cofactor                  3273	1_1_0	EXIST::FUNCTION:EC
+SCT_print                               3275	1_1_0	EXIST::FUNCTION:CT
+X509_PUBKEY_set                         3276	1_1_0	EXIST::FUNCTION:
+POLICY_CONSTRAINTS_free                 3277	1_1_0	EXIST::FUNCTION:
+EVP_aes_256_cfb8                        3278	1_1_0	EXIST::FUNCTION:
+d2i_DSA_PUBKEY_bio                      3279	1_1_0	EXIST::FUNCTION:DSA
+X509_NAME_get_text_by_OBJ               3280	1_1_0	EXIST::FUNCTION:
+RSA_padding_check_none                  3281	1_1_0	EXIST::FUNCTION:RSA
+CRYPTO_set_mem_debug                    3282	1_1_0	EXIST::FUNCTION:
+TS_VERIFY_CTX_init                      3283	1_1_0	EXIST::FUNCTION:TS
+OCSP_cert_id_new                        3284	1_1_0	EXIST::FUNCTION:OCSP
+GENERAL_SUBTREE_new                     3285	1_1_0	EXIST::FUNCTION:
+OPENSSL_sk_push                         3286	1_1_0	EXIST::FUNCTION:
+X509_LOOKUP_ctrl                        3287	1_1_0	EXIST::FUNCTION:
+SRP_check_known_gN_param                3288	1_1_0	EXIST::FUNCTION:SRP
+d2i_DIST_POINT                          3289	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_free                       3290	1_1_0	EXIST::FUNCTION:
+PBEPARAM_free                           3291	1_1_0	EXIST::FUNCTION:
+NETSCAPE_SPKI_set_pubkey                3292	1_1_0	EXIST::FUNCTION:
+EVP_sha512                              3293	1_1_0	EXIST::FUNCTION:
+X509_CRL_match                          3294	1_1_0	EXIST::FUNCTION:
+i2s_ASN1_IA5STRING                      3295	1_1_0	EXIST::FUNCTION:
+EC_KEY_get_default_method               3296	1_1_0	EXIST::FUNCTION:EC
+PKCS8_decrypt                           3297	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_get_data                   3298	1_1_0	EXIST::FUNCTION:
+POLICYQUALINFO_it                       3299	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+POLICYQUALINFO_it                       3299	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PKCS7_ISSUER_AND_SERIAL_free            3300	1_1_0	EXIST::FUNCTION:
+DSA_SIG_free                            3301	1_1_0	EXIST::FUNCTION:DSA
+BIO_asn1_set_suffix                     3302	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_set_type_str                   3303	1_1_0	EXIST::FUNCTION:
+i2d_X509_SIG                            3304	1_1_0	EXIST::FUNCTION:
+OPENSSL_LH_strhash                      3305	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_set_trust                3306	1_1_0	EXIST::FUNCTION:
+TS_ACCURACY_set_micros                  3307	1_1_0	EXIST::FUNCTION:TS
+EVP_DigestFinal_ex                      3308	1_1_0	EXIST::FUNCTION:
+X509_get0_pubkey                        3309	1_1_0	EXIST::FUNCTION:
+X509_check_ip                           3310	1_1_0	EXIST::FUNCTION:
+PKCS7_get_signed_attribute              3311	1_1_0	EXIST::FUNCTION:
+ASN1_GENERALIZEDTIME_free               3312	1_1_0	EXIST::FUNCTION:
+COMP_compress_block                     3313	1_1_0	EXIST::FUNCTION:COMP
+ASN1_STRING_dup                         3314	1_1_0	EXIST::FUNCTION:
+X509_LOOKUP_free                        3315	1_1_0	EXIST::FUNCTION:
+EC_GROUP_cmp                            3316	1_1_0	EXIST::FUNCTION:EC
+TS_TST_INFO_get_ext_by_critical         3317	1_1_0	EXIST::FUNCTION:TS
+ECParameters_print_fp                   3318	1_1_0	EXIST::FUNCTION:EC,STDIO
+X509_REQ_sign                           3319	1_1_0	EXIST::FUNCTION:
+CRYPTO_xts128_encrypt                   3320	1_1_0	EXIST::FUNCTION:
+PEM_def_callback                        3321	1_1_0	EXIST::FUNCTION:
+PKCS12_add_friendlyname_uni             3322	1_1_0	EXIST::FUNCTION:
+X509_policy_tree_level_count            3323	1_1_0	EXIST::FUNCTION:
+OBJ_sn2nid                              3324	1_1_0	EXIST::FUNCTION:
+CTLOG_free                              3325	1_1_0	EXIST::FUNCTION:CT
+EVP_CIPHER_meth_dup                     3326	1_1_0	EXIST::FUNCTION:
+CMS_get1_crls                           3327	1_1_0	EXIST::FUNCTION:CMS
+X509_aux_print                          3328	1_1_0	EXIST::FUNCTION:
+OPENSSL_thread_stop                     3330	1_1_0	EXIST::FUNCTION:
+X509_policy_node_get0_parent            3331	1_1_0	EXIST::FUNCTION:
+X509_PKEY_free                          3332	1_1_0	EXIST::FUNCTION:
+OCSP_CRLID_new                          3333	1_1_0	EXIST::FUNCTION:OCSP
+CONF_dump_bio                           3334	1_1_0	EXIST::FUNCTION:
+d2i_PKCS8PrivateKey_fp                  3335	1_1_0	EXIST::FUNCTION:STDIO
+RSA_setup_blinding                      3336	1_1_0	EXIST::FUNCTION:RSA
+ERR_peek_error_line                     3337	1_1_0	EXIST::FUNCTION:
+d2i_PKCS7                               3338	1_1_0	EXIST::FUNCTION:
+ERR_reason_error_string                 3339	1_1_0	EXIST::FUNCTION:
+ERR_remove_thread_state                 3340	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0
+PEM_write_PrivateKey                    3341	1_1_0	EXIST::FUNCTION:STDIO
+EVP_PKEY_CTX_str2ctrl                   3342	1_1_0	EXIST::FUNCTION:
+CMS_SignerInfo_verify_content           3343	1_1_0	EXIST::FUNCTION:CMS
+ASN1_INTEGER_get_int64                  3344	1_1_0	EXIST::FUNCTION:
+ASN1_item_sign                          3345	1_1_0	EXIST::FUNCTION:
+OCSP_SERVICELOC_new                     3346	1_1_0	EXIST::FUNCTION:OCSP
+ASN1_VISIBLESTRING_new                  3347	1_1_0	EXIST::FUNCTION:
+BN_set_flags                            3348	1_1_0	EXIST::FUNCTION:
+d2i_PrivateKey_bio                      3349	1_1_0	EXIST::FUNCTION:
+ASN1_SEQUENCE_ANY_it                    3350	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_SEQUENCE_ANY_it                    3350	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_UTCTIME_adj                        3351	1_1_0	EXIST::FUNCTION:
+BN_mod_sqrt                             3352	1_1_0	EXIST::FUNCTION:
+OPENSSL_sk_is_sorted                    3353	1_1_0	EXIST::FUNCTION:
+OCSP_SIGNATURE_new                      3354	1_1_0	EXIST::FUNCTION:OCSP
+EVP_PKEY_meth_get_paramgen              3355	1_1_0	EXIST::FUNCTION:
+X509_ATTRIBUTE_create_by_OBJ            3356	1_1_0	EXIST::FUNCTION:
+RSA_generate_key_ex                     3357	1_1_0	EXIST::FUNCTION:RSA
+CMS_SignerInfo_get0_algs                3358	1_1_0	EXIST::FUNCTION:CMS
+DIST_POINT_free                         3359	1_1_0	EXIST::FUNCTION:
+ESS_SIGNING_CERT_free                   3360	1_1_0	EXIST::FUNCTION:TS
+SCT_new_from_base64                     3361	1_1_0	EXIST::FUNCTION:CT
+OpenSSL_version                         3362	1_1_0	EXIST::FUNCTION:
+OCSP_SINGLERESP_get_ext_by_OBJ          3363	1_1_0	EXIST::FUNCTION:OCSP
+ECDSA_SIG_get0                          3364	1_1_0	EXIST::FUNCTION:EC
+BN_set_word                             3365	1_1_0	EXIST::FUNCTION:
+ENGINE_set_flags                        3366	1_1_0	EXIST::FUNCTION:ENGINE
+DSA_OpenSSL                             3367	1_1_0	EXIST::FUNCTION:DSA
+CMS_RecipientInfo_kari_get0_alg         3368	1_1_0	EXIST::FUNCTION:CMS
+PKCS7_ENVELOPE_new                      3369	1_1_0	EXIST::FUNCTION:
+EDIPARTYNAME_new                        3370	1_1_0	EXIST::FUNCTION:
+CMS_add1_cert                           3371	1_1_0	EXIST::FUNCTION:CMS
+DSO_convert_filename                    3372	1_1_0	EXIST::FUNCTION:
+RSA_padding_check_SSLv23                3373	1_1_0	EXIST::FUNCTION:RSA
+CRYPTO_gcm128_finish                    3374	1_1_0	EXIST::FUNCTION:
+PKCS12_SAFEBAGS_it                      3375	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS12_SAFEBAGS_it                      3375	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PKCS12_PBE_add                          3376	1_1_0	EXIST::FUNCTION:
+EC_KEY_set_public_key_affine_coordinates 3377	1_1_0	EXIST::FUNCTION:EC
+EVP_EncryptInit_ex                      3378	1_1_0	EXIST::FUNCTION:
+ENGINE_add                              3379	1_1_0	EXIST::FUNCTION:ENGINE
+OPENSSL_LH_error                        3380	1_1_0	EXIST::FUNCTION:
+PKCS7_DIGEST_it                         3381	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_DIGEST_it                         3381	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_CINF_new                           3382	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_keygen_init                    3383	1_1_0	EXIST::FUNCTION:
+EVP_aes_192_ocb                         3384	1_1_0	EXIST::FUNCTION:OCB
+EVP_camellia_256_cfb1                   3385	1_1_0	EXIST::FUNCTION:CAMELLIA
+CRYPTO_secure_actual_size               3387	1_1_0	EXIST::FUNCTION:
+COMP_CTX_free                           3388	1_1_0	EXIST::FUNCTION:COMP
+i2d_PBE2PARAM                           3389	1_1_0	EXIST::FUNCTION:
+EC_POINT_make_affine                    3390	1_1_0	EXIST::FUNCTION:EC
+DSA_generate_parameters                 3391	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_0_9_8,DSA
+ASN1_BIT_STRING_num_asc                 3392	1_1_0	EXIST::FUNCTION:
+X509_INFO_free                          3394	1_1_0	EXIST::FUNCTION:
+d2i_PKCS8_PRIV_KEY_INFO_fp              3395	1_1_0	EXIST::FUNCTION:STDIO
+X509_OBJECT_retrieve_match              3396	1_1_0	EXIST::FUNCTION:
+EVP_aes_128_ctr                         3397	1_1_0	EXIST::FUNCTION:
+EVP_PBE_find                            3398	1_1_0	EXIST::FUNCTION:
+SHA512_Transform                        3399	1_1_0	EXIST::FUNCTION:
+ERR_add_error_vdata                     3400	1_1_0	EXIST::FUNCTION:
+OCSP_REQUEST_get_ext                    3401	1_1_0	EXIST::FUNCTION:OCSP
+NETSCAPE_SPKAC_new                      3402	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_meth_get_verify                3403	1_1_0	EXIST::FUNCTION:
+CRYPTO_128_wrap                         3404	1_1_0	EXIST::FUNCTION:
+X509_STORE_set_lookup_crls              3405	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_meth_get_ctrl                3406	1_1_0	EXIST::FUNCTION:
+OCSP_REQ_CTX_set1_req                   3407	1_1_0	EXIST::FUNCTION:OCSP
+CONF_imodule_get_usr_data               3408	1_1_0	EXIST::FUNCTION:
+CRYPTO_new_ex_data                      3409	1_1_0	EXIST::FUNCTION:
+PEM_read_PKCS8_PRIV_KEY_INFO            3410	1_1_0	EXIST::FUNCTION:STDIO
+TS_VERIFY_CTX_new                       3411	1_1_0	EXIST::FUNCTION:TS
+BUF_MEM_new_ex                          3412	1_1_0	EXIST::FUNCTION:
+RSA_padding_add_X931                    3413	1_1_0	EXIST::FUNCTION:RSA
+BN_get0_nist_prime_256                  3414	1_1_0	EXIST::FUNCTION:
+CRYPTO_memcmp                           3415	1_1_0	EXIST::FUNCTION:
+DH_check_pub_key                        3416	1_1_0	EXIST::FUNCTION:DH
+ASN1_mbstring_copy                      3417	1_1_0	EXIST::FUNCTION:
+PKCS7_set_type                          3418	1_1_0	EXIST::FUNCTION:
+BIO_gets                                3419	1_1_0	EXIST::FUNCTION:
+RSA_padding_check_PKCS1_type_1          3420	1_1_0	EXIST::FUNCTION:RSA
+UI_ctrl                                 3421	1_1_0	EXIST::FUNCTION:
+i2d_X509_REQ_fp                         3422	1_1_0	EXIST::FUNCTION:STDIO
+BN_BLINDING_convert_ex                  3423	1_1_0	EXIST::FUNCTION:
+ASN1_GENERALIZEDTIME_print              3424	1_1_0	EXIST::FUNCTION:
+BIO_s_null                              3425	1_1_0	EXIST::FUNCTION:
+PEM_ASN1_read                           3426	1_1_0	EXIST::FUNCTION:STDIO
+SCT_get_log_entry_type                  3427	1_1_0	EXIST::FUNCTION:CT
+EVP_CIPHER_meth_get_init                3428	1_1_0	EXIST::FUNCTION:
+X509_ALGOR_free                         3429	1_1_0	EXIST::FUNCTION:
+OCSP_SINGLERESP_get_ext_count           3430	1_1_0	EXIST::FUNCTION:OCSP
+EC_POINT_free                           3431	1_1_0	EXIST::FUNCTION:EC
+EVP_OpenFinal                           3432	1_1_0	EXIST::FUNCTION:RSA
+RAND_egd_bytes                          3433	1_1_0	EXIST::FUNCTION:EGD
+UI_method_get_writer                    3434	1_1_0	EXIST::FUNCTION:
+BN_secure_new                           3435	1_1_0	EXIST::FUNCTION:
+SHA1_Update                             3437	1_1_0	EXIST::FUNCTION:
+BIO_s_connect                           3438	1_1_0	EXIST::FUNCTION:SOCK
+EVP_MD_meth_get_init                    3439	1_1_0	EXIST::FUNCTION:
+ASN1_BIT_STRING_free                    3440	1_1_0	EXIST::FUNCTION:
+i2d_PROXY_CERT_INFO_EXTENSION           3441	1_1_0	EXIST::FUNCTION:
+ASN1_IA5STRING_new                      3442	1_1_0	EXIST::FUNCTION:
+X509_CRL_up_ref                         3443	1_1_0	EXIST::FUNCTION:
+EVP_EncodeFinal                         3444	1_1_0	EXIST::FUNCTION:
+X509_set_ex_data                        3445	1_1_0	EXIST::FUNCTION:
+ERR_get_next_error_library              3446	1_1_0	EXIST::FUNCTION:
+OCSP_RESPONSE_print                     3447	1_1_0	EXIST::FUNCTION:OCSP
+BN_get_rfc3526_prime_2048               3448	1_1_0	EXIST::FUNCTION:
+BIO_new_bio_pair                        3449	1_1_0	EXIST::FUNCTION:
+EC_GFp_nistp256_method                  3450	1_1_0	EXIST::FUNCTION:EC,EC_NISTP_64_GCC_128
+BIO_method_type                         3451	1_1_0	EXIST::FUNCTION:
+ECPKParameters_print                    3452	1_1_0	EXIST::FUNCTION:EC
+EVP_rc4                                 3453	1_1_0	EXIST::FUNCTION:RC4
+CMS_data_create                         3454	1_1_0	EXIST::FUNCTION:CMS
+EC_POINT_point2bn                       3455	1_1_0	EXIST::FUNCTION:EC
+CMS_unsigned_get0_data_by_OBJ           3456	1_1_0	EXIST::FUNCTION:CMS
+ASN1_OCTET_STRING_cmp                   3457	1_1_0	EXIST::FUNCTION:
+X509_NAME_print_ex                      3458	1_1_0	EXIST::FUNCTION:
+ASN1_parse                              3459	1_1_0	EXIST::FUNCTION:
+EC_KEY_priv2oct                         3460	1_1_0	EXIST::FUNCTION:EC
+PKCS7_simple_smimecap                   3461	1_1_0	EXIST::FUNCTION:
+ASN1_TYPE_set_int_octetstring           3462	1_1_0	EXIST::FUNCTION:
+BIO_number_written                      3463	1_1_0	EXIST::FUNCTION:
+TS_TST_INFO_set_msg_imprint             3464	1_1_0	EXIST::FUNCTION:TS
+CRYPTO_get_ex_data                      3465	1_1_0	EXIST::FUNCTION:
+X509_PURPOSE_get0_sname                 3466	1_1_0	EXIST::FUNCTION:
+RSA_verify_PKCS1_PSS                    3467	1_1_0	EXIST::FUNCTION:RSA
+HMAC_CTX_reset                          3468	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_meth_set_init                  3469	1_1_0	EXIST::FUNCTION:
+X509_REQ_extension_nid                  3470	1_1_0	EXIST::FUNCTION:
+ENGINE_up_ref                           3471	1_1_0	EXIST::FUNCTION:ENGINE
+BN_BLINDING_invert_ex                   3472	1_1_0	EXIST::FUNCTION:
+RIPEMD160_Init                          3473	1_1_0	EXIST::FUNCTION:RMD160
+ASYNC_WAIT_CTX_get_changed_fds          3474	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_save_parameters                3475	1_1_0	EXIST::FUNCTION:
+SCT_set_source                          3476	1_1_0	EXIST::FUNCTION:CT
+DES_set_odd_parity                      3477	1_1_0	EXIST::FUNCTION:DES
+CMAC_CTX_free                           3478	1_1_0	EXIST::FUNCTION:CMAC
+d2i_ESS_ISSUER_SERIAL                   3479	1_1_0	EXIST::FUNCTION:TS
+HMAC_CTX_set_flags                      3480	1_1_0	EXIST::FUNCTION:
+d2i_PKCS8_bio                           3481	1_1_0	EXIST::FUNCTION:
+OCSP_ONEREQ_get_ext_count               3482	1_1_0	EXIST::FUNCTION:OCSP
+PEM_read_bio_PKCS8_PRIV_KEY_INFO        3483	1_1_0	EXIST::FUNCTION:
+i2d_OCSP_BASICRESP                      3484	1_1_0	EXIST::FUNCTION:OCSP
+CMAC_Final                              3485	1_1_0	EXIST::FUNCTION:CMAC
+X509V3_EXT_add_alias                    3486	1_1_0	EXIST::FUNCTION:
+BN_get_params                           3487	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_0_9_8
+PKCS5_pbkdf2_set                        3488	1_1_0	EXIST::FUNCTION:
+d2i_PKCS8PrivateKey_bio                 3489	1_1_0	EXIST::FUNCTION:
+ASN1_ENUMERATED_new                     3490	1_1_0	EXIST::FUNCTION:
+ENGINE_register_digests                 3491	1_1_0	EXIST::FUNCTION:ENGINE
+X509_NAME_get_text_by_NID               3492	1_1_0	EXIST::FUNCTION:
+SMIME_read_ASN1                         3493	1_1_0	EXIST::FUNCTION:
+X509_REQ_set_subject_name               3494	1_1_0	EXIST::FUNCTION:
+BN_sub_word                             3495	1_1_0	EXIST::FUNCTION:
+DSO_load                                3496	1_1_0	EXIST::FUNCTION:
+BN_mod_exp                              3497	1_1_0	EXIST::FUNCTION:
+X509_get_signature_type                 3498	1_1_0	EXIST::FUNCTION:
+BIO_ptr_ctrl                            3499	1_1_0	EXIST::FUNCTION:
+EVP_rc4_hmac_md5                        3500	1_1_0	EXIST::FUNCTION:MD5,RC4
+OPENSSL_strlcat                         3501	1_1_0	EXIST::FUNCTION:
+X509_VERIFY_PARAM_new                   3502	1_1_0	EXIST::FUNCTION:
+BIO_ADDR_rawport                        3503	1_1_0	EXIST::FUNCTION:SOCK
+BUF_MEM_grow_clean                      3504	1_1_0	EXIST::FUNCTION:
+X509_NAME_print_ex_fp                   3505	1_1_0	EXIST::FUNCTION:STDIO
+X509_check_host                         3506	1_1_0	EXIST::FUNCTION:
+PEM_read_ECPKParameters                 3507	1_1_0	EXIST::FUNCTION:EC,STDIO
+X509_ATTRIBUTE_get0_data                3508	1_1_0	EXIST::FUNCTION:
+CMS_add1_signer                         3509	1_1_0	EXIST::FUNCTION:CMS
+BN_pseudo_rand                          3510	1_1_0	EXIST::FUNCTION:
+d2i_DIRECTORYSTRING                     3511	1_1_0	EXIST::FUNCTION:
+d2i_ASN1_PRINTABLE                      3512	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_add1_attr_by_NID               3513	1_1_0	EXIST::FUNCTION:
+i2d_PKCS8_PRIV_KEY_INFO_bio             3514	1_1_0	EXIST::FUNCTION:
+X509_NAME_get_index_by_NID              3515	1_1_0	EXIST::FUNCTION:
+ENGINE_get_first                        3516	1_1_0	EXIST::FUNCTION:ENGINE
+CERTIFICATEPOLICIES_it                  3517	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+CERTIFICATEPOLICIES_it                  3517	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_MD_CTX_ctrl                         3518	1_1_0	EXIST::FUNCTION:
+PKCS7_final                             3519	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_size                           3520	1_1_0	EXIST::FUNCTION:
+EVP_DecryptFinal_ex                     3521	1_1_0	EXIST::FUNCTION:
+SCT_get_signature_nid                   3522	1_1_0	EXIST::FUNCTION:CT
+PROXY_CERT_INFO_EXTENSION_new           3523	1_1_0	EXIST::FUNCTION:
+EVP_bf_cbc                              3524	1_1_0	EXIST::FUNCTION:BF
+DSA_do_verify                           3525	1_1_0	EXIST::FUNCTION:DSA
+EC_GROUP_get_seed_len                   3526	1_1_0	EXIST::FUNCTION:EC
+EC_POINT_set_affine_coordinates_GF2m    3527	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_2_0,EC,EC2M
+TS_REQ_set_policy_id                    3528	1_1_0	EXIST::FUNCTION:TS
+BIO_callback_ctrl                       3529	1_1_0	EXIST::FUNCTION:
+v2i_GENERAL_NAME                        3530	1_1_0	EXIST::FUNCTION:
+ERR_print_errors_cb                     3531	1_1_0	EXIST::FUNCTION:
+ENGINE_set_default_string               3532	1_1_0	EXIST::FUNCTION:ENGINE
+BIO_number_read                         3533	1_1_0	EXIST::FUNCTION:
+CRYPTO_zalloc                           3534	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_cmp_parameters                 3535	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_new_id                     3537	1_1_0	EXIST::FUNCTION:
+TLS_FEATURE_free                        3538	1_1_0	EXIST::FUNCTION:
+d2i_BASIC_CONSTRAINTS                   3539	1_1_0	EXIST::FUNCTION:
+X509_CERT_AUX_new                       3540	1_1_0	EXIST::FUNCTION:
+ENGINE_register_pkey_asn1_meths         3541	1_1_0	EXIST::FUNCTION:ENGINE
+CRYPTO_ocb128_tag                       3542	1_1_0	EXIST::FUNCTION:OCB
+ERR_load_OBJ_strings                    3544	1_1_0	EXIST::FUNCTION:
+BIO_ctrl_get_read_request               3545	1_1_0	EXIST::FUNCTION:
+BN_from_montgomery                      3546	1_1_0	EXIST::FUNCTION:
+DSO_new                                 3547	1_1_0	EXIST::FUNCTION:
+AES_ecb_encrypt                         3548	1_1_0	EXIST::FUNCTION:
+BN_dec2bn                               3549	1_1_0	EXIST::FUNCTION:
+CMS_decrypt                             3550	1_1_0	EXIST::FUNCTION:CMS
+BN_mpi2bn                               3551	1_1_0	EXIST::FUNCTION:
+EVP_aes_128_cfb128                      3552	1_1_0	EXIST::FUNCTION:
+RC5_32_ecb_encrypt                      3554	1_1_0	EXIST::FUNCTION:RC5
+EVP_CIPHER_meth_new                     3555	1_1_0	EXIST::FUNCTION:
+i2d_RSA_OAEP_PARAMS                     3556	1_1_0	EXIST::FUNCTION:RSA
+SXNET_get_id_ulong                      3557	1_1_0	EXIST::FUNCTION:
+BIO_get_callback_arg                    3558	1_1_0	EXIST::FUNCTION:
+ENGINE_register_RSA                     3559	1_1_0	EXIST::FUNCTION:ENGINE
+i2v_GENERAL_NAMES                       3560	1_1_0	EXIST::FUNCTION:
+PKCS7_decrypt                           3562	1_1_0	EXIST::FUNCTION:
+X509_STORE_set1_param                   3563	1_1_0	EXIST::FUNCTION:
+RAND_file_name                          3564	1_1_0	EXIST::FUNCTION:
+EVP_CipherInit_ex                       3566	1_1_0	EXIST::FUNCTION:
+BIO_dgram_sctp_notification_cb          3567	1_1_0	EXIST::FUNCTION:DGRAM,SCTP
+ERR_load_RAND_strings                   3568	1_1_0	EXIST::FUNCTION:
+X509_ATTRIBUTE_it                       3569	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_ATTRIBUTE_it                       3569	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_ALGOR_it                           3570	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_ALGOR_it                           3570	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_CRLID_free                         3571	1_1_0	EXIST::FUNCTION:OCSP
+CRYPTO_ccm128_aad                       3572	1_1_0	EXIST::FUNCTION:
+IPAddressFamily_new                     3573	1_1_0	EXIST::FUNCTION:RFC3779
+d2i_TS_ACCURACY                         3574	1_1_0	EXIST::FUNCTION:TS
+X509_load_crl_file                      3575	1_1_0	EXIST::FUNCTION:
+SXNET_add_id_ulong                      3576	1_1_0	EXIST::FUNCTION:
+EVP_camellia_256_cbc                    3577	1_1_0	EXIST::FUNCTION:CAMELLIA
+i2d_PROXY_POLICY                        3578	1_1_0	EXIST::FUNCTION:
+X509_subject_name_hash_old              3579	1_1_0	EXIST::FUNCTION:MD5
+PEM_read_bio_DSA_PUBKEY                 3580	1_1_0	EXIST::FUNCTION:DSA
+OCSP_cert_to_id                         3581	1_1_0	EXIST::FUNCTION:OCSP
+PEM_write_DSAparams                     3582	1_1_0	EXIST::FUNCTION:DSA,STDIO
+ASN1_TIME_to_generalizedtime            3583	1_1_0	EXIST::FUNCTION:
+X509_CRL_get_ext_by_critical            3584	1_1_0	EXIST::FUNCTION:
+ASN1_STRING_type                        3585	1_1_0	EXIST::FUNCTION:
+X509_REQ_add1_attr_by_txt               3586	1_1_0	EXIST::FUNCTION:
+PEM_write_RSAPublicKey                  3587	1_1_0	EXIST::FUNCTION:RSA,STDIO
+EVP_MD_meth_dup                         3588	1_1_0	EXIST::FUNCTION:
+ENGINE_unregister_ciphers               3589	1_1_0	EXIST::FUNCTION:ENGINE
+X509_issuer_and_serial_cmp              3590	1_1_0	EXIST::FUNCTION:
+OCSP_response_create                    3591	1_1_0	EXIST::FUNCTION:OCSP
+SHA224                                  3592	1_1_0	EXIST::FUNCTION:
+MD2_options                             3593	1_1_0	EXIST::FUNCTION:MD2
+X509_REQ_it                             3595	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_REQ_it                             3595	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+RAND_bytes                              3596	1_1_0	EXIST::FUNCTION:
+PKCS7_free                              3597	1_1_0	EXIST::FUNCTION:
+X509_NAME_ENTRY_create_by_txt           3598	1_1_0	EXIST::FUNCTION:
+DES_cbc_cksum                           3599	1_1_0	EXIST::FUNCTION:DES
+UI_free                                 3600	1_1_0	EXIST::FUNCTION:
+BN_is_prime                             3601	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_0_9_8
+CMS_get0_signers                        3602	1_1_0	EXIST::FUNCTION:CMS
+i2d_PrivateKey_fp                       3603	1_1_0	EXIST::FUNCTION:STDIO
+OTHERNAME_cmp                           3604	1_1_0	EXIST::FUNCTION:
+SMIME_write_PKCS7                       3605	1_1_0	EXIST::FUNCTION:
+EC_KEY_set_public_key                   3606	1_1_0	EXIST::FUNCTION:EC
+d2i_X509_EXTENSION                      3607	1_1_0	EXIST::FUNCTION:
+CMS_add1_recipient_cert                 3608	1_1_0	EXIST::FUNCTION:CMS
+CMS_RecipientInfo_kekri_get0_id         3609	1_1_0	EXIST::FUNCTION:CMS
+BN_mod_word                             3610	1_1_0	EXIST::FUNCTION:
+ASN1_PCTX_new                           3611	1_1_0	EXIST::FUNCTION:
+BN_is_prime_ex                          3612	1_1_0	EXIST::FUNCTION:
+PKCS5_v2_PBE_keyivgen                   3613	1_1_0	EXIST::FUNCTION:
+CRYPTO_ctr128_encrypt                   3614	1_1_0	EXIST::FUNCTION:
+CMS_unsigned_add1_attr_by_OBJ           3615	1_1_0	EXIST::FUNCTION:CMS
+PEM_write_EC_PUBKEY                     3616	1_1_0	EXIST::FUNCTION:EC,STDIO
+X509v3_asid_add_inherit                 3617	1_1_0	EXIST::FUNCTION:RFC3779
+ERR_get_error                           3618	1_1_0	EXIST::FUNCTION:
+TS_CONF_set_signer_digest               3619	1_1_0	EXIST::FUNCTION:TS
+OBJ_new_nid                             3620	1_1_0	EXIST::FUNCTION:
+CMS_ReceiptRequest_new                  3621	1_1_0	EXIST::FUNCTION:CMS
+SRP_VBASE_get1_by_user                  3622	1_1_0	EXIST::FUNCTION:SRP
+UI_method_get_closer                    3623	1_1_0	EXIST::FUNCTION:
+ENGINE_get_ex_data                      3624	1_1_0	EXIST::FUNCTION:ENGINE
+BN_print_fp                             3625	1_1_0	EXIST::FUNCTION:STDIO
+MD2_Update                              3626	1_1_0	EXIST::FUNCTION:MD2
+ENGINE_free                             3628	1_1_0	EXIST::FUNCTION:ENGINE
+d2i_X509_ATTRIBUTE                      3629	1_1_0	EXIST::FUNCTION:
+TS_RESP_free                            3630	1_1_0	EXIST::FUNCTION:TS
+PKCS5_pbe_set                           3631	1_1_0	EXIST::FUNCTION:
+TS_RESP_CTX_free                        3632	1_1_0	EXIST::FUNCTION:TS
+d2i_PUBKEY                              3633	1_1_0	EXIST::FUNCTION:
+ASYNC_cleanup_thread                    3634	1_1_0	EXIST::FUNCTION:
+SHA384_Update                           3635	1_1_0	EXIST::FUNCTION:
+CRYPTO_cfb128_1_encrypt                 3636	1_1_0	EXIST::FUNCTION:
+BIO_set_cipher                          3637	1_1_0	EXIST::FUNCTION:
+PEM_read_PUBKEY                         3638	1_1_0	EXIST::FUNCTION:STDIO
+RSA_PKCS1_OpenSSL                       3639	1_1_0	EXIST::FUNCTION:RSA
+AUTHORITY_INFO_ACCESS_free              3640	1_1_0	EXIST::FUNCTION:
+SCT_get0_signature                      3641	1_1_0	EXIST::FUNCTION:CT
+DISPLAYTEXT_it                          3643	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+DISPLAYTEXT_it                          3643	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OPENSSL_gmtime_adj                      3644	1_1_0	EXIST::FUNCTION:
+ASN1_INTEGER_dup                        3645	1_1_0	EXIST::FUNCTION:
+DSA_print                               3646	1_1_0	EXIST::FUNCTION:DSA
+X509_REQ_set_extension_nids             3647	1_1_0	EXIST::FUNCTION:
+X509_free                               3648	1_1_0	EXIST::FUNCTION:
+ERR_load_ERR_strings                    3649	1_1_0	EXIST::FUNCTION:
+ASN1_const_check_infinite_end           3650	1_1_0	EXIST::FUNCTION:
+RSA_null_method                         3651	1_1_0	EXIST::FUNCTION:RSA
+TS_REQ_ext_free                         3652	1_1_0	EXIST::FUNCTION:TS
+EVP_PKEY_meth_get_encrypt               3653	1_1_0	EXIST::FUNCTION:
+Camellia_ecb_encrypt                    3654	1_1_0	EXIST::FUNCTION:CAMELLIA
+ENGINE_set_default_RSA                  3655	1_1_0	EXIST::FUNCTION:ENGINE
+EVP_EncodeBlock                         3656	1_1_0	EXIST::FUNCTION:
+SXNETID_free                            3657	1_1_0	EXIST::FUNCTION:
+SHA1_Init                               3658	1_1_0	EXIST::FUNCTION:
+CRYPTO_atomic_add                       3659	1_1_0	EXIST::FUNCTION:
+TS_CONF_load_certs                      3660	1_1_0	EXIST::FUNCTION:TS
+PEM_write_bio_DSAPrivateKey             3661	1_1_0	EXIST::FUNCTION:DSA
+CMS_encrypt                             3662	1_1_0	EXIST::FUNCTION:CMS
+CRYPTO_nistcts128_decrypt               3663	1_1_0	EXIST::FUNCTION:
+ERR_load_DH_strings                     3664	1_1_0	EXIST::FUNCTION:DH
+EVP_MD_block_size                       3665	1_1_0	EXIST::FUNCTION:
+TS_X509_ALGOR_print_bio                 3666	1_1_0	EXIST::FUNCTION:TS
+d2i_PKCS7_ENVELOPE                      3667	1_1_0	EXIST::FUNCTION:
+ESS_CERT_ID_new                         3669	1_1_0	EXIST::FUNCTION:TS
+EC_POINT_invert                         3670	1_1_0	EXIST::FUNCTION:EC
+CAST_set_key                            3671	1_1_0	EXIST::FUNCTION:CAST
+ENGINE_get_pkey_meth                    3672	1_1_0	EXIST::FUNCTION:ENGINE
+BIO_ADDRINFO_free                       3673	1_1_0	EXIST::FUNCTION:SOCK
+DES_ede3_cbc_encrypt                    3674	1_1_0	EXIST::FUNCTION:DES
+X509v3_asid_canonize                    3675	1_1_0	EXIST::FUNCTION:RFC3779
+i2d_ASIdOrRange                         3676	1_1_0	EXIST::FUNCTION:RFC3779
+OCSP_url_svcloc_new                     3677	1_1_0	EXIST::FUNCTION:OCSP
+CRYPTO_mem_ctrl                         3678	1_1_0	EXIST::FUNCTION:
+ASN1_verify                             3679	1_1_0	EXIST::FUNCTION:
+DSA_generate_parameters_ex              3680	1_1_0	EXIST::FUNCTION:DSA
+X509_sign                               3681	1_1_0	EXIST::FUNCTION:
+SHA256_Transform                        3682	1_1_0	EXIST::FUNCTION:
+BIO_ADDR_free                           3683	1_1_0	EXIST::FUNCTION:SOCK
+ASN1_STRING_free                        3684	1_1_0	EXIST::FUNCTION:
+X509_VERIFY_PARAM_inherit               3685	1_1_0	EXIST::FUNCTION:
+EC_GROUP_get_curve_name                 3686	1_1_0	EXIST::FUNCTION:EC
+RSA_print                               3687	1_1_0	EXIST::FUNCTION:RSA
+i2d_ASN1_BMPSTRING                      3688	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_decrypt_old                    3689	1_1_0	EXIST::FUNCTION:
+ASN1_UTCTIME_cmp_time_t                 3690	1_1_0	EXIST::FUNCTION:
+X509_VERIFY_PARAM_set1_ip               3691	1_1_0	EXIST::FUNCTION:
+OTHERNAME_free                          3692	1_1_0	EXIST::FUNCTION:
+OCSP_REVOKEDINFO_free                   3693	1_1_0	EXIST::FUNCTION:OCSP
+EVP_CIPHER_CTX_encrypting               3694	1_1_0	EXIST::FUNCTION:
+EC_KEY_can_sign                         3695	1_1_0	EXIST::FUNCTION:EC
+PEM_write_bio_RSAPublicKey              3696	1_1_0	EXIST::FUNCTION:RSA
+X509_CRL_set1_lastUpdate                3697	1_1_0	EXIST::FUNCTION:
+OCSP_sendreq_nbio                       3698	1_1_0	EXIST::FUNCTION:OCSP
+PKCS8_encrypt                           3699	1_1_0	EXIST::FUNCTION:
+i2d_PKCS7_fp                            3700	1_1_0	EXIST::FUNCTION:STDIO
+i2d_X509_REQ                            3701	1_1_0	EXIST::FUNCTION:
+OCSP_CRLID_it                           3702	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP
+OCSP_CRLID_it                           3702	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP
+PEM_ASN1_write_bio                      3703	1_1_0	EXIST::FUNCTION:
+X509_get0_reject_objects                3704	1_1_0	EXIST::FUNCTION:
+BIO_set_tcp_ndelay                      3705	1_1_0	EXIST::FUNCTION:SOCK
+CMS_add0_CertificateChoices             3706	1_1_0	EXIST::FUNCTION:CMS
+POLICYINFO_new                          3707	1_1_0	EXIST::FUNCTION:
+X509_CRL_get0_by_serial                 3708	1_1_0	EXIST::FUNCTION:
+PKCS12_add_friendlyname_asc             3709	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get1_chain               3710	1_1_0	EXIST::FUNCTION:
+ASN1_mbstring_ncopy                     3711	1_1_0	EXIST::FUNCTION:
+PKCS7_RECIP_INFO_it                     3712	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_RECIP_INFO_it                     3712	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_register_all_digests             3713	1_1_0	EXIST::FUNCTION:ENGINE
+X509_REQ_get_version                    3714	1_1_0	EXIST::FUNCTION:
+i2d_ASN1_UTCTIME                        3715	1_1_0	EXIST::FUNCTION:
+TS_STATUS_INFO_new                      3716	1_1_0	EXIST::FUNCTION:TS
+UI_set_ex_data                          3717	1_1_0	EXIST::FUNCTION:
+ASN1_TIME_set                           3718	1_1_0	EXIST::FUNCTION:
+TS_RESP_verify_response                 3719	1_1_0	EXIST::FUNCTION:TS
+X509_REVOKED_get0_serialNumber          3720	1_1_0	EXIST::FUNCTION:
+X509_VERIFY_PARAM_free                  3721	1_1_0	EXIST::FUNCTION:
+ASN1_TYPE_new                           3722	1_1_0	EXIST::FUNCTION:
+CMAC_CTX_cleanup                        3723	1_1_0	EXIST::FUNCTION:CMAC
+i2d_PKCS7_NDEF                          3724	1_1_0	EXIST::FUNCTION:
+OPENSSL_sk_pop_free                     3725	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get0_policy_tree         3726	1_1_0	EXIST::FUNCTION:
+DES_set_key_checked                     3727	1_1_0	EXIST::FUNCTION:DES
+EVP_PKEY_meth_free                      3728	1_1_0	EXIST::FUNCTION:
+EVP_sha224                              3729	1_1_0	EXIST::FUNCTION:
+ENGINE_set_id                           3730	1_1_0	EXIST::FUNCTION:ENGINE
+d2i_ECPrivateKey                        3731	1_1_0	EXIST::FUNCTION:EC
+CMS_signed_add1_attr_by_NID             3732	1_1_0	EXIST::FUNCTION:CMS
+i2d_DSAPrivateKey_fp                    3733	1_1_0	EXIST::FUNCTION:DSA,STDIO
+EVP_CIPHER_meth_get_set_asn1_params     3734	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get_ex_data              3735	1_1_0	EXIST::FUNCTION:
+CMS_RecipientInfo_kari_set0_pkey        3736	1_1_0	EXIST::FUNCTION:CMS
+X509v3_addr_add_inherit                 3737	1_1_0	EXIST::FUNCTION:RFC3779
+SRP_Calc_u                              3738	1_1_0	EXIST::FUNCTION:SRP
+i2d_PKCS8PrivateKey_bio                 3739	1_1_0	EXIST::FUNCTION:
+X509_get_extension_flags                3740	1_1_0	EXIST::FUNCTION:
+X509V3_EXT_val_prn                      3741	1_1_0	EXIST::FUNCTION:
+SCT_get_validation_status               3742	1_1_0	EXIST::FUNCTION:CT
+NETSCAPE_CERT_SEQUENCE_free             3743	1_1_0	EXIST::FUNCTION:
+EVP_PBE_scrypt                          3744	1_1_0	EXIST::FUNCTION:SCRYPT
+d2i_TS_REQ_bio                          3745	1_1_0	EXIST::FUNCTION:TS
+ENGINE_set_default_ciphers              3746	1_1_0	EXIST::FUNCTION:ENGINE
+X509_get_signature_nid                  3747	1_1_0	EXIST::FUNCTION:
+DES_fcrypt                              3748	1_1_0	EXIST::FUNCTION:DES
+PEM_write_bio_X509_REQ                  3749	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_meth_get_sign                  3750	1_1_0	EXIST::FUNCTION:
+TS_REQ_get_nonce                        3751	1_1_0	EXIST::FUNCTION:TS
+ENGINE_unregister_EC                    3752	1_1_0	EXIST::FUNCTION:ENGINE
+X509v3_get_ext_count                    3753	1_1_0	EXIST::FUNCTION:
+UI_OpenSSL                              3754	1_1_0	EXIST::FUNCTION:UI_CONSOLE
+CRYPTO_ccm128_decrypt                   3755	1_1_0	EXIST::FUNCTION:
+d2i_OCSP_RESPDATA                       3756	1_1_0	EXIST::FUNCTION:OCSP
+BIO_set_callback                        3757	1_1_0	EXIST::FUNCTION:
+BN_GF2m_poly2arr                        3758	1_1_0	EXIST::FUNCTION:EC2M
+CMS_unsigned_get_attr_count             3759	1_1_0	EXIST::FUNCTION:CMS
+EVP_aes_256_gcm                         3760	1_1_0	EXIST::FUNCTION:
+RSA_padding_check_X931                  3761	1_1_0	EXIST::FUNCTION:RSA
+ECDH_compute_key                        3762	1_1_0	EXIST::FUNCTION:EC
+ASN1_TIME_print                         3763	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_get0_peerkey               3764	1_1_0	EXIST::FUNCTION:
+BN_mod_lshift1                          3765	1_1_0	EXIST::FUNCTION:
+BIO_ADDRINFO_family                     3766	1_1_0	EXIST::FUNCTION:SOCK
+PEM_write_DHxparams                     3767	1_1_0	EXIST::FUNCTION:DH,STDIO
+BN_mod_exp2_mont                        3768	1_1_0	EXIST::FUNCTION:
+ASN1_PRINTABLE_free                     3769	1_1_0	EXIST::FUNCTION:
+PKCS7_ATTR_SIGN_it                      3771	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_ATTR_SIGN_it                      3771	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_MD_CTX_copy                         3772	1_1_0	EXIST::FUNCTION:
+ENGINE_set_ctrl_function                3773	1_1_0	EXIST::FUNCTION:ENGINE
+OCSP_id_get0_info                       3774	1_1_0	EXIST::FUNCTION:OCSP
+BIO_ADDRINFO_next                       3775	1_1_0	EXIST::FUNCTION:SOCK
+OCSP_RESPBYTES_free                     3776	1_1_0	EXIST::FUNCTION:OCSP
+EC_KEY_METHOD_set_init                  3777	1_1_0	EXIST::FUNCTION:EC
+EVP_PKEY_asn1_copy                      3778	1_1_0	EXIST::FUNCTION:
+RSA_PSS_PARAMS_it                       3779	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA
+RSA_PSS_PARAMS_it                       3779	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA
+X509_STORE_CTX_get_error_depth          3780	1_1_0	EXIST::FUNCTION:
+ASN1_GENERALIZEDTIME_set_string         3781	1_1_0	EXIST::FUNCTION:
+EC_GROUP_new_curve_GFp                  3782	1_1_0	EXIST::FUNCTION:EC
+UI_new_method                           3783	1_1_0	EXIST::FUNCTION:
+Camellia_ofb128_encrypt                 3784	1_1_0	EXIST::FUNCTION:CAMELLIA
+X509_new                                3785	1_1_0	EXIST::FUNCTION:
+EC_KEY_get_conv_form                    3786	1_1_0	EXIST::FUNCTION:EC
+CTLOG_STORE_get0_log_by_id              3787	1_1_0	EXIST::FUNCTION:CT
+CMS_signed_add1_attr                    3788	1_1_0	EXIST::FUNCTION:CMS
+EVP_CIPHER_meth_set_iv_length           3789	1_1_0	EXIST::FUNCTION:
+X509v3_asid_validate_path               3790	1_1_0	EXIST::FUNCTION:RFC3779
+CMS_RecipientInfo_set0_password         3791	1_1_0	EXIST::FUNCTION:CMS
+TS_CONF_load_cert                       3792	1_1_0	EXIST::FUNCTION:TS
+i2d_ECPKParameters                      3793	1_1_0	EXIST::FUNCTION:EC
+X509_TRUST_get0                         3794	1_1_0	EXIST::FUNCTION:
+CMS_get0_RecipientInfos                 3795	1_1_0	EXIST::FUNCTION:CMS
+EVP_PKEY_CTX_new                        3796	1_1_0	EXIST::FUNCTION:
+i2d_DSA_PUBKEY_bio                      3797	1_1_0	EXIST::FUNCTION:DSA
+X509_REQ_get_subject_name               3798	1_1_0	EXIST::FUNCTION:
+BN_div_word                             3799	1_1_0	EXIST::FUNCTION:
+TS_CONF_set_signer_key                  3800	1_1_0	EXIST::FUNCTION:TS
+BN_GF2m_mod_sqrt                        3801	1_1_0	EXIST::FUNCTION:EC2M
+EVP_CIPHER_nid                          3802	1_1_0	EXIST::FUNCTION:
+OBJ_txt2obj                             3803	1_1_0	EXIST::FUNCTION:
+CMS_RecipientInfo_kari_get0_orig_id     3804	1_1_0	EXIST::FUNCTION:CMS
+EVP_bf_ecb                              3805	1_1_0	EXIST::FUNCTION:BF
+v2i_GENERAL_NAME_ex                     3806	1_1_0	EXIST::FUNCTION:
+CMS_signed_delete_attr                  3807	1_1_0	EXIST::FUNCTION:CMS
+ASN1_TYPE_pack_sequence                 3808	1_1_0	EXIST::FUNCTION:
+USERNOTICE_it                           3809	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+USERNOTICE_it                           3809	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PKEY_USAGE_PERIOD_it                    3810	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKEY_USAGE_PERIOD_it                    3810	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+BN_mul_word                             3811	1_1_0	EXIST::FUNCTION:
+i2d_IPAddressRange                      3813	1_1_0	EXIST::FUNCTION:RFC3779
+CMS_unsigned_add1_attr_by_txt           3814	1_1_0	EXIST::FUNCTION:CMS
+d2i_RSA_PUBKEY                          3815	1_1_0	EXIST::FUNCTION:RSA
+PKCS12_gen_mac                          3816	1_1_0	EXIST::FUNCTION:
+ERR_load_ENGINE_strings                 3817	1_1_0	EXIST::FUNCTION:ENGINE
+ERR_load_CT_strings                     3818	1_1_0	EXIST::FUNCTION:CT
+OCSP_ONEREQ_it                          3819	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP
+OCSP_ONEREQ_it                          3819	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP
+X509_PURPOSE_get_by_sname               3820	1_1_0	EXIST::FUNCTION:
+X509_PURPOSE_set                        3821	1_1_0	EXIST::FUNCTION:
+BN_mod_inverse                          3822	1_1_0	EXIST::FUNCTION:
+ASN1_STRING_TABLE_get                   3823	1_1_0	EXIST::FUNCTION:
+BN_bn2binpad                            3824	1_1_0	EXIST::FUNCTION:
+X509_supported_extension                3825	1_1_0	EXIST::FUNCTION:
+ECDSA_sign_setup                        3826	1_1_0	EXIST::FUNCTION:EC
+EVP_camellia_192_cfb128                 3827	1_1_0	EXIST::FUNCTION:CAMELLIA
+d2i_AUTHORITY_KEYID                     3828	1_1_0	EXIST::FUNCTION:
+RIPEMD160_Transform                     3829	1_1_0	EXIST::FUNCTION:RMD160
+DES_random_key                          3830	1_1_0	EXIST::FUNCTION:DES
+i2d_PKCS12_MAC_DATA                     3831	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_get0_EC_KEY                    3832	1_1_0	EXIST::FUNCTION:EC
+ASN1_SCTX_get_item                      3833	1_1_0	EXIST::FUNCTION:
+NOTICEREF_new                           3834	1_1_0	EXIST::FUNCTION:
+BN_GF2m_mod_inv                         3835	1_1_0	EXIST::FUNCTION:EC2M
+X509_CERT_AUX_free                      3836	1_1_0	EXIST::FUNCTION:
+BN_GF2m_mod_inv_arr                     3837	1_1_0	EXIST::FUNCTION:EC2M
+X509_REQ_get1_email                     3838	1_1_0	EXIST::FUNCTION:
+EC_KEY_print                            3839	1_1_0	EXIST::FUNCTION:EC
+i2d_ASN1_INTEGER                        3840	1_1_0	EXIST::FUNCTION:
+OCSP_SINGLERESP_add1_ext_i2d            3841	1_1_0	EXIST::FUNCTION:OCSP
+PKCS7_add_signed_attribute              3842	1_1_0	EXIST::FUNCTION:
+i2d_PrivateKey_bio                      3843	1_1_0	EXIST::FUNCTION:
+RSA_padding_add_PKCS1_type_1            3844	1_1_0	EXIST::FUNCTION:RSA
+i2d_re_X509_tbs                         3845	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_iv_length                    3846	1_1_0	EXIST::FUNCTION:
+OCSP_REQ_CTX_get0_mem_bio               3847	1_1_0	EXIST::FUNCTION:OCSP
+i2d_PKCS8PrivateKeyInfo_bio             3848	1_1_0	EXIST::FUNCTION:
+d2i_OCSP_CERTID                         3849	1_1_0	EXIST::FUNCTION:OCSP
+EVP_CIPHER_meth_set_init                3850	1_1_0	EXIST::FUNCTION:
+RIPEMD160_Final                         3851	1_1_0	EXIST::FUNCTION:RMD160
+NETSCAPE_SPKI_free                      3852	1_1_0	EXIST::FUNCTION:
+BIO_asn1_get_prefix                     3853	1_1_0	EXIST::FUNCTION:
+d2i_OCSP_ONEREQ                         3854	1_1_0	EXIST::FUNCTION:OCSP
+EVP_PKEY_asn1_set_security_bits         3855	1_1_0	EXIST::FUNCTION:
+i2d_CERTIFICATEPOLICIES                 3856	1_1_0	EXIST::FUNCTION:
+i2d_X509_CERT_AUX                       3857	1_1_0	EXIST::FUNCTION:
+i2o_ECPublicKey                         3858	1_1_0	EXIST::FUNCTION:EC
+PKCS12_SAFEBAG_create0_pkcs8            3859	1_1_0	EXIST::FUNCTION:
+OBJ_get0_data                           3860	1_1_0	EXIST::FUNCTION:
+EC_GROUP_get0_seed                      3861	1_1_0	EXIST::FUNCTION:EC
+OCSP_REQUEST_it                         3862	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP
+OCSP_REQUEST_it                         3862	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP
+ASRange_it                              3863	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+ASRange_it                              3863	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+i2d_TS_RESP                             3864	1_1_0	EXIST::FUNCTION:TS
+TS_TST_INFO_get_ext_by_OBJ              3865	1_1_0	EXIST::FUNCTION:TS
+d2i_PKCS7_RECIP_INFO                    3866	1_1_0	EXIST::FUNCTION:
+d2i_X509_CRL                            3867	1_1_0	EXIST::FUNCTION:
+ASN1_OCTET_STRING_dup                   3868	1_1_0	EXIST::FUNCTION:
+CRYPTO_nistcts128_decrypt_block         3869	1_1_0	EXIST::FUNCTION:
+CMS_stream                              3870	1_1_0	EXIST::FUNCTION:CMS
+RSA_OAEP_PARAMS_it                      3871	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA
+RSA_OAEP_PARAMS_it                      3871	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA
+BN_bn2mpi                               3872	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_cleanup                  3873	1_1_0	EXIST::FUNCTION:
+OCSP_onereq_get0_id                     3874	1_1_0	EXIST::FUNCTION:OCSP
+X509_get_default_cert_dir               3875	1_1_0	EXIST::FUNCTION:
+PROXY_POLICY_free                       3877	1_1_0	EXIST::FUNCTION:
+PEM_write_DSAPrivateKey                 3878	1_1_0	EXIST::FUNCTION:DSA,STDIO
+OPENSSL_sk_delete_ptr                   3879	1_1_0	EXIST::FUNCTION:
+CMS_add0_RevocationInfoChoice           3880	1_1_0	EXIST::FUNCTION:CMS
+ASN1_PCTX_get_flags                     3881	1_1_0	EXIST::FUNCTION:
+EVP_MD_meth_set_result_size             3882	1_1_0	EXIST::FUNCTION:
+i2d_X509_CRL                            3883	1_1_0	EXIST::FUNCTION:
+ASN1_INTEGER_it                         3885	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_INTEGER_it                         3885	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+TS_ACCURACY_new                         3886	1_1_0	EXIST::FUNCTION:TS
+i2d_SXNETID                             3887	1_1_0	EXIST::FUNCTION:
+BN_mod_mul_montgomery                   3888	1_1_0	EXIST::FUNCTION:
+BN_nnmod                                3889	1_1_0	EXIST::FUNCTION:
+TS_RESP_CTX_set_status_info_cond        3890	1_1_0	EXIST::FUNCTION:TS
+PBKDF2PARAM_new                         3891	1_1_0	EXIST::FUNCTION:
+ENGINE_set_RSA                          3892	1_1_0	EXIST::FUNCTION:ENGINE
+i2d_X509_ATTRIBUTE                      3893	1_1_0	EXIST::FUNCTION:
+PKCS7_ctrl                              3894	1_1_0	EXIST::FUNCTION:
+OCSP_REVOKEDINFO_it                     3895	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP
+OCSP_REVOKEDINFO_it                     3895	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP
+X509V3_set_ctx                          3896	1_1_0	EXIST::FUNCTION:
+ASN1_ENUMERATED_set_int64               3897	1_1_0	EXIST::FUNCTION:
+o2i_SCT                                 3898	1_1_0	EXIST::FUNCTION:CT
+CRL_DIST_POINTS_free                    3899	1_1_0	EXIST::FUNCTION:
+d2i_OCSP_SINGLERESP                     3900	1_1_0	EXIST::FUNCTION:OCSP
+EVP_CIPHER_CTX_num                      3901	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_verify_recover_init            3902	1_1_0	EXIST::FUNCTION:
+SHA512_Init                             3903	1_1_0	EXIST::FUNCTION:
+TS_MSG_IMPRINT_set_msg                  3904	1_1_0	EXIST::FUNCTION:TS
+CMS_unsigned_add1_attr                  3905	1_1_0	EXIST::FUNCTION:CMS
+OPENSSL_LH_doall                        3906	1_1_0	EXIST::FUNCTION:
+PKCS8_pkey_get0_attrs                   3907	1_1_0	EXIST::FUNCTION:
+PKCS8_pkey_add1_attr_by_NID             3908	1_1_0	EXIST::FUNCTION:
+ASYNC_is_capable                        3909	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_CTX_set_cipher_data          3910	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_CTX_get_cipher_data          3911	1_1_0	EXIST::FUNCTION:
+BIO_up_ref                              3912	1_1_0	EXIST::FUNCTION:
+X509_STORE_up_ref                       3913	1_1_0	EXIST::FUNCTION:
+DSA_SIG_get0                            3914	1_1_0	EXIST::FUNCTION:DSA
+BN_BLINDING_is_current_thread           3915	1_1_0	EXIST::FUNCTION:
+BN_BLINDING_set_current_thread          3916	1_1_0	EXIST::FUNCTION:
+BN_BLINDING_lock                        3917	1_1_0	EXIST::FUNCTION:
+BN_BLINDING_unlock                      3918	1_1_0	EXIST::FUNCTION:
+EC_GROUP_new_from_ecpkparameters        3919	1_1_0	EXIST::FUNCTION:EC
+EC_GROUP_get_ecpkparameters             3920	1_1_0	EXIST::FUNCTION:EC
+EC_GROUP_new_from_ecparameters          3921	1_1_0	EXIST::FUNCTION:EC
+ECPARAMETERS_it                         3922	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:EC
+ECPARAMETERS_it                         3922	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:EC
+ECPKPARAMETERS_it                       3923	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:EC
+ECPKPARAMETERS_it                       3923	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:EC
+EC_GROUP_get_ecparameters               3924	1_1_0	EXIST::FUNCTION:EC
+DHparams_it                             3925	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DH
+DHparams_it                             3925	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DH
+EVP_blake2s256                          3926	1_1_0	EXIST::FUNCTION:BLAKE2
+EVP_blake2b512                          3927	1_1_0	EXIST::FUNCTION:BLAKE2
+X509_SIG_get0                           3928	1_1_0	EXIST::FUNCTION:
+BIO_meth_new                            3929	1_1_0	EXIST::FUNCTION:
+BIO_meth_get_puts                       3930	1_1_0	EXIST::FUNCTION:
+BIO_meth_get_ctrl                       3931	1_1_0	EXIST::FUNCTION:
+BIO_meth_get_gets                       3932	1_1_0	EXIST::FUNCTION:
+BIO_get_data                            3933	1_1_0	EXIST::FUNCTION:
+BIO_set_init                            3934	1_1_0	EXIST::FUNCTION:
+BIO_meth_set_puts                       3935	1_1_0	EXIST::FUNCTION:
+BIO_get_shutdown                        3936	1_1_0	EXIST::FUNCTION:
+BIO_get_init                            3937	1_1_0	EXIST::FUNCTION:
+BIO_meth_set_ctrl                       3938	1_1_0	EXIST::FUNCTION:
+BIO_meth_set_read                       3939	1_1_0	EXIST::FUNCTION:
+BIO_set_shutdown                        3940	1_1_0	EXIST::FUNCTION:
+BIO_meth_set_create                     3941	1_1_0	EXIST::FUNCTION:
+BIO_meth_get_write                      3942	1_1_0	EXIST::FUNCTION:
+BIO_meth_set_callback_ctrl              3943	1_1_0	EXIST::FUNCTION:
+BIO_meth_get_create                     3944	1_1_0	EXIST::FUNCTION:
+BIO_set_next                            3945	1_1_0	EXIST::FUNCTION:
+BIO_set_data                            3946	1_1_0	EXIST::FUNCTION:
+BIO_meth_set_write                      3947	1_1_0	EXIST::FUNCTION:
+BIO_meth_set_destroy                    3948	1_1_0	EXIST::FUNCTION:
+BIO_meth_set_gets                       3949	1_1_0	EXIST::FUNCTION:
+BIO_meth_get_callback_ctrl              3950	1_1_0	EXIST::FUNCTION:
+BIO_meth_get_destroy                    3951	1_1_0	EXIST::FUNCTION:
+BIO_meth_get_read                       3952	1_1_0	EXIST::FUNCTION:
+BIO_set_retry_reason                    3953	1_1_0	EXIST::FUNCTION:
+BIO_meth_free                           3954	1_1_0	EXIST::FUNCTION:
+DSA_meth_set_bn_mod_exp                 3955	1_1_0	EXIST::FUNCTION:DSA
+DSA_meth_set_init                       3956	1_1_0	EXIST::FUNCTION:DSA
+DSA_meth_free                           3957	1_1_0	EXIST::FUNCTION:DSA
+DSA_meth_set_mod_exp                    3958	1_1_0	EXIST::FUNCTION:DSA
+DSA_meth_set_sign                       3959	1_1_0	EXIST::FUNCTION:DSA
+DSA_meth_get_finish                     3960	1_1_0	EXIST::FUNCTION:DSA
+DSA_set_flags                           3961	1_1_0	EXIST::FUNCTION:DSA
+DSA_get0_pqg                            3962	1_1_0	EXIST::FUNCTION:DSA
+DSA_meth_get0_app_data                  3963	1_1_0	EXIST::FUNCTION:DSA
+DSA_meth_get_keygen                     3964	1_1_0	EXIST::FUNCTION:DSA
+DSA_clear_flags                         3965	1_1_0	EXIST::FUNCTION:DSA
+DSA_meth_get0_name                      3966	1_1_0	EXIST::FUNCTION:DSA
+DSA_meth_get_paramgen                   3967	1_1_0	EXIST::FUNCTION:DSA
+DSA_meth_get_sign                       3968	1_1_0	EXIST::FUNCTION:DSA
+DSA_meth_set_paramgen                   3969	1_1_0	EXIST::FUNCTION:DSA
+DSA_test_flags                          3970	1_1_0	EXIST::FUNCTION:DSA
+DSA_meth_set0_app_data                  3971	1_1_0	EXIST::FUNCTION:DSA
+DSA_meth_set1_name                      3972	1_1_0	EXIST::FUNCTION:DSA
+DSA_get0_key                            3973	1_1_0	EXIST::FUNCTION:DSA
+DSA_meth_get_mod_exp                    3974	1_1_0	EXIST::FUNCTION:DSA
+DSA_set0_pqg                            3975	1_1_0	EXIST::FUNCTION:DSA
+DSA_meth_get_flags                      3976	1_1_0	EXIST::FUNCTION:DSA
+DSA_meth_get_verify                     3977	1_1_0	EXIST::FUNCTION:DSA
+DSA_meth_set_verify                     3978	1_1_0	EXIST::FUNCTION:DSA
+DSA_meth_set_finish                     3979	1_1_0	EXIST::FUNCTION:DSA
+DSA_meth_set_keygen                     3980	1_1_0	EXIST::FUNCTION:DSA
+DSA_meth_dup                            3981	1_1_0	EXIST::FUNCTION:DSA
+DSA_set0_key                            3982	1_1_0	EXIST::FUNCTION:DSA
+DSA_meth_get_init                       3983	1_1_0	EXIST::FUNCTION:DSA
+DSA_meth_set_sign_setup                 3984	1_1_0	EXIST::FUNCTION:DSA
+DSA_meth_get_bn_mod_exp                 3985	1_1_0	EXIST::FUNCTION:DSA
+DSA_get_method                          3986	1_1_0	EXIST::FUNCTION:DSA
+DSA_meth_new                            3987	1_1_0	EXIST::FUNCTION:DSA
+DSA_meth_set_flags                      3988	1_1_0	EXIST::FUNCTION:DSA
+DSA_meth_get_sign_setup                 3989	1_1_0	EXIST::FUNCTION:DSA
+DSA_get0_engine                         3990	1_1_0	EXIST::FUNCTION:DSA
+X509_VERIFY_PARAM_set_auth_level        3991	1_1_0	EXIST::FUNCTION:
+X509_VERIFY_PARAM_get_auth_level        3992	1_1_0	EXIST::FUNCTION:
+X509_REQ_get0_pubkey                    3993	1_1_0	EXIST::FUNCTION:
+RSA_set0_key                            3994	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_get_flags                      3995	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_set_finish                     3996	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_get_priv_dec                   3997	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_get_sign                       3998	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_get_bn_mod_exp                 3999	1_1_0	EXIST::FUNCTION:RSA
+RSA_test_flags                          4000	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_new                            4001	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_get0_app_data                  4002	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_dup                            4003	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_set1_name                      4004	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_set0_app_data                  4005	1_1_0	EXIST::FUNCTION:RSA
+RSA_set_flags                           4006	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_set_sign                       4007	1_1_0	EXIST::FUNCTION:RSA
+RSA_clear_flags                         4008	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_get_keygen                     4009	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_set_keygen                     4010	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_set_pub_dec                    4011	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_get_finish                     4012	1_1_0	EXIST::FUNCTION:RSA
+RSA_get0_key                            4013	1_1_0	EXIST::FUNCTION:RSA
+RSA_get0_engine                         4014	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_set_priv_enc                   4015	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_set_verify                     4016	1_1_0	EXIST::FUNCTION:RSA
+RSA_get0_factors                        4017	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_get0_name                      4018	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_get_mod_exp                    4019	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_set_flags                      4020	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_get_pub_dec                    4021	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_set_bn_mod_exp                 4022	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_get_init                       4023	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_free                           4024	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_get_pub_enc                    4025	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_set_mod_exp                    4026	1_1_0	EXIST::FUNCTION:RSA
+RSA_set0_factors                        4027	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_set_pub_enc                    4028	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_set_priv_dec                   4029	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_get_verify                     4030	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_set_init                       4031	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_get_priv_enc                   4032	1_1_0	EXIST::FUNCTION:RSA
+RSA_set0_crt_params                     4037	1_1_0	EXIST::FUNCTION:RSA
+RSA_get0_crt_params                     4038	1_1_0	EXIST::FUNCTION:RSA
+DH_set0_pqg                             4039	1_1_0	EXIST::FUNCTION:DH
+DH_clear_flags                          4041	1_1_0	EXIST::FUNCTION:DH
+DH_get0_key                             4042	1_1_0	EXIST::FUNCTION:DH
+DH_get0_engine                          4043	1_1_0	EXIST::FUNCTION:DH
+DH_set0_key                             4044	1_1_0	EXIST::FUNCTION:DH
+DH_set_length                           4045	1_1_0	EXIST::FUNCTION:DH
+DH_test_flags                           4046	1_1_0	EXIST::FUNCTION:DH
+DH_get_length                           4047	1_1_0	EXIST::FUNCTION:DH
+DH_get0_pqg                             4048	1_1_0	EXIST::FUNCTION:DH
+DH_meth_get_compute_key                 4049	1_1_0	EXIST::FUNCTION:DH
+DH_meth_set1_name                       4050	1_1_0	EXIST::FUNCTION:DH
+DH_meth_set_init                        4051	1_1_0	EXIST::FUNCTION:DH
+DH_meth_get_finish                      4052	1_1_0	EXIST::FUNCTION:DH
+DH_meth_get0_name                       4053	1_1_0	EXIST::FUNCTION:DH
+DH_meth_set_generate_params             4054	1_1_0	EXIST::FUNCTION:DH
+DH_meth_set_compute_key                 4055	1_1_0	EXIST::FUNCTION:DH
+DH_meth_set_flags                       4056	1_1_0	EXIST::FUNCTION:DH
+DH_meth_get_generate_params             4057	1_1_0	EXIST::FUNCTION:DH
+DH_meth_get_flags                       4058	1_1_0	EXIST::FUNCTION:DH
+DH_meth_set_finish                      4059	1_1_0	EXIST::FUNCTION:DH
+DH_meth_get0_app_data                   4060	1_1_0	EXIST::FUNCTION:DH
+DH_meth_set0_app_data                   4061	1_1_0	EXIST::FUNCTION:DH
+DH_meth_get_init                        4062	1_1_0	EXIST::FUNCTION:DH
+DH_meth_get_bn_mod_exp                  4063	1_1_0	EXIST::FUNCTION:DH
+DH_meth_new                             4064	1_1_0	EXIST::FUNCTION:DH
+DH_meth_dup                             4065	1_1_0	EXIST::FUNCTION:DH
+DH_meth_set_bn_mod_exp                  4066	1_1_0	EXIST::FUNCTION:DH
+DH_meth_set_generate_key                4067	1_1_0	EXIST::FUNCTION:DH
+DH_meth_free                            4068	1_1_0	EXIST::FUNCTION:DH
+DH_meth_get_generate_key                4069	1_1_0	EXIST::FUNCTION:DH
+DH_set_flags                            4070	1_1_0	EXIST::FUNCTION:DH
+X509_STORE_CTX_get_obj_by_subject       4071	1_1_0	EXIST::FUNCTION:
+X509_OBJECT_free                        4072	1_1_0	EXIST::FUNCTION:
+X509_OBJECT_get0_X509                   4073	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get0_untrusted           4074	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_set_error_depth          4075	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get0_cert                4076	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_set_verify               4077	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_set_current_cert         4078	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get_verify               4079	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get_verify_cb            4080	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_set0_verified_chain      4081	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_set0_untrusted           4082	1_1_0	EXIST::FUNCTION:
+OPENSSL_hexchar2int                     4083	1_1_0	EXIST::FUNCTION:
+X509_STORE_set_ex_data                  4084	1_1_0	EXIST::FUNCTION:
+X509_STORE_get_ex_data                  4085	1_1_0	EXIST::FUNCTION:
+X509_STORE_get0_objects                 4086	1_1_0	EXIST::FUNCTION:
+X509_OBJECT_get_type                    4087	1_1_0	EXIST::FUNCTION:
+X509_STORE_set_verify                   4088	1_1_0	EXIST::FUNCTION:
+X509_OBJECT_new                         4089	1_1_0	EXIST::FUNCTION:
+X509_STORE_get0_param                   4090	1_1_0	EXIST::FUNCTION:
+PEM_write_bio_PrivateKey_traditional    4091	1_1_0	EXIST::FUNCTION:
+X509_get_pathlen                        4092	1_1_0	EXIST::FUNCTION:
+ECDSA_SIG_set0                          4093	1_1_0	EXIST::FUNCTION:EC
+DSA_SIG_set0                            4094	1_1_0	EXIST::FUNCTION:DSA
+EVP_PKEY_get0_hmac                      4095	1_1_0	EXIST::FUNCTION:
+HMAC_CTX_get_md                         4096	1_1_0	EXIST::FUNCTION:
+NAME_CONSTRAINTS_check_CN               4097	1_1_0	EXIST::FUNCTION:
+OCSP_resp_get0_id                       4098	1_1_0	EXIST::FUNCTION:OCSP
+OCSP_resp_get0_certs                    4099	1_1_0	EXIST::FUNCTION:OCSP
+X509_set_proxy_flag                     4100	1_1_0	EXIST::FUNCTION:
+EVP_ENCODE_CTX_copy                     4101	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get_check_issued         4102	1_1_0	EXIST::FUNCTION:
+X509_STORE_set_lookup_certs             4103	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get_check_crl            4104	1_1_0	EXIST::FUNCTION:
+X509_STORE_get_cleanup                  4105	1_1_0	EXIST::FUNCTION:
+X509_STORE_get_lookup_crls              4106	1_1_0	EXIST::FUNCTION:
+X509_STORE_get_cert_crl                 4107	1_1_0	EXIST::FUNCTION:
+X509_STORE_get_lookup_certs             4108	1_1_0	EXIST::FUNCTION:
+X509_STORE_get_check_revocation         4109	1_1_0	EXIST::FUNCTION:
+X509_STORE_set_get_crl                  4110	1_1_0	EXIST::FUNCTION:
+X509_STORE_set_check_issued             4111	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get_check_policy         4112	1_1_0	EXIST::FUNCTION:
+X509_STORE_get_check_crl                4113	1_1_0	EXIST::FUNCTION:
+X509_STORE_set_check_crl                4114	1_1_0	EXIST::FUNCTION:
+X509_STORE_get_check_issued             4115	1_1_0	EXIST::FUNCTION:
+X509_STORE_get_get_issuer               4116	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get_get_crl              4117	1_1_0	EXIST::FUNCTION:
+X509_STORE_set_get_issuer               4118	1_1_0	EXIST::FUNCTION:
+X509_STORE_set_cleanup                  4119	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get_cleanup              4120	1_1_0	EXIST::FUNCTION:
+X509_STORE_get_get_crl                  4121	1_1_0	EXIST::FUNCTION:
+X509_STORE_set_check_revocation         4122	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get_cert_crl             4123	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get_lookup_certs         4124	1_1_0	EXIST::FUNCTION:
+X509_STORE_set_check_policy             4125	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get_get_issuer           4126	1_1_0	EXIST::FUNCTION:
+X509_STORE_get_check_policy             4127	1_1_0	EXIST::FUNCTION:
+X509_STORE_set_cert_crl                 4128	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get_check_revocation     4129	1_1_0	EXIST::FUNCTION:
+X509_STORE_get_verify_cb                4130	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get_lookup_crls          4131	1_1_0	EXIST::FUNCTION:
+X509_STORE_get_verify                   4132	1_1_0	EXIST::FUNCTION:
+X509_STORE_unlock                       4133	1_1_0	EXIST::FUNCTION:
+X509_STORE_lock                         4134	1_1_0	EXIST::FUNCTION:
+X509_set_proxy_pathlen                  4135	1_1_0	EXIST::FUNCTION:
+X509_get_proxy_pathlen                  4136	1_1_0	EXIST::FUNCTION:
+DSA_bits                                4137	1_1_0	EXIST::FUNCTION:DSA
+EVP_PKEY_set1_tls_encodedpoint          4138	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_get1_tls_encodedpoint          4139	1_1_0	EXIST::FUNCTION:
+ASN1_STRING_get0_data                   4140	1_1_0	EXIST::FUNCTION:
+X509_SIG_getm                           4141	1_1_0	EXIST::FUNCTION:
+X509_get0_serialNumber                  4142	1_1_0	EXIST::FUNCTION:
+PKCS12_get_attr                         4143	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0
+X509_CRL_get0_lastUpdate                4144	1_1_0	EXIST::FUNCTION:
+X509_get0_notBefore                     4145	1_1_0	EXIST::FUNCTION:
+X509_get0_notAfter                      4146	1_1_0	EXIST::FUNCTION:
+X509_CRL_get0_nextUpdate                4147	1_1_0	EXIST::FUNCTION:
+BIO_get_new_index                       4148	1_1_0	EXIST::FUNCTION:
+OPENSSL_utf82uni                        4149	1_1_0	EXIST::FUNCTION:
+PKCS12_add_friendlyname_utf8            4150	1_1_0	EXIST::FUNCTION:
+OPENSSL_uni2utf8                        4151	1_1_0	EXIST::FUNCTION:
+PKCS12_key_gen_utf8                     4152	1_1_0	EXIST::FUNCTION:
+ECPKPARAMETERS_free                     4153	1_1_0	EXIST::FUNCTION:EC
+ECPARAMETERS_free                       4154	1_1_0	EXIST::FUNCTION:EC
+ECPKPARAMETERS_new                      4155	1_1_0	EXIST::FUNCTION:EC
+ECPARAMETERS_new                        4156	1_1_0	EXIST::FUNCTION:EC
+OCSP_RESPID_set_by_name                 4157	1_1_0a	EXIST::FUNCTION:OCSP
+OCSP_RESPID_set_by_key                  4158	1_1_0a	EXIST::FUNCTION:OCSP
+OCSP_RESPID_match                       4159	1_1_0a	EXIST::FUNCTION:OCSP
+ASN1_ITEM_lookup                        4160	1_1_1	EXIST::FUNCTION:
+ASN1_ITEM_get                           4161	1_1_1	EXIST::FUNCTION:
+BIO_read_ex                             4162	1_1_1	EXIST::FUNCTION:
+BIO_set_callback_ex                     4163	1_1_1	EXIST::FUNCTION:
+BIO_get_callback_ex                     4164	1_1_1	EXIST::FUNCTION:
+BIO_meth_set_read_ex                    4165	1_1_1	EXIST::FUNCTION:
+BIO_meth_get_read_ex                    4166	1_1_1	EXIST::FUNCTION:
+BIO_write_ex                            4167	1_1_1	EXIST::FUNCTION:
+BIO_meth_get_write_ex                   4168	1_1_1	EXIST::FUNCTION:
+BIO_meth_set_write_ex                   4169	1_1_1	EXIST::FUNCTION:
+DSO_pathbyaddr                          4170	1_1_0c	EXIST::FUNCTION:
+DSO_dsobyaddr                           4171	1_1_0c	EXIST::FUNCTION:
+CT_POLICY_EVAL_CTX_get_time             4172	1_1_0d	EXIST::FUNCTION:CT
+CT_POLICY_EVAL_CTX_set_time             4173	1_1_0d	EXIST::FUNCTION:CT
+X509_VERIFY_PARAM_set_inh_flags         4174	1_1_0d	EXIST::FUNCTION:
+X509_VERIFY_PARAM_get_inh_flags         4175	1_1_0d	EXIST::FUNCTION:
+EVP_PKEY_CTX_md                         4176	1_1_1	EXIST::FUNCTION:
+RSA_pkey_ctx_ctrl                       4177	1_1_1	EXIST::FUNCTION:RSA
+UI_method_set_ex_data                   4178	1_1_1	EXIST::FUNCTION:
+UI_method_get_ex_data                   4179	1_1_1	EXIST::FUNCTION:
+UI_UTIL_wrap_read_pem_callback          4180	1_1_1	EXIST::FUNCTION:
+X509_VERIFY_PARAM_get_time              4181	1_1_0d	EXIST::FUNCTION:
+EVP_PKEY_get0_poly1305                  4182	1_1_1	EXIST::FUNCTION:POLY1305
+DH_check_params                         4183	1_1_0d	EXIST::FUNCTION:DH
+EVP_PKEY_get0_siphash                   4184	1_1_1	EXIST::FUNCTION:SIPHASH
+EVP_aria_256_ofb                        4185	1_1_1	EXIST::FUNCTION:ARIA
+EVP_aria_256_cfb128                     4186	1_1_1	EXIST::FUNCTION:ARIA
+EVP_aria_128_cfb1                       4187	1_1_1	EXIST::FUNCTION:ARIA
+EVP_aria_128_ecb                        4188	1_1_1	EXIST::FUNCTION:ARIA
+EVP_aria_128_cfb128                     4189	1_1_1	EXIST::FUNCTION:ARIA
+EVP_aria_192_ecb                        4190	1_1_1	EXIST::FUNCTION:ARIA
+EVP_aria_128_cbc                        4191	1_1_1	EXIST::FUNCTION:ARIA
+EVP_aria_192_ofb                        4192	1_1_1	EXIST::FUNCTION:ARIA
+EVP_aria_192_cbc                        4193	1_1_1	EXIST::FUNCTION:ARIA
+EVP_aria_192_cfb1                       4194	1_1_1	EXIST::FUNCTION:ARIA
+EVP_aria_128_cfb8                       4195	1_1_1	EXIST::FUNCTION:ARIA
+EVP_aria_256_cfb1                       4196	1_1_1	EXIST::FUNCTION:ARIA
+EVP_aria_192_cfb8                       4197	1_1_1	EXIST::FUNCTION:ARIA
+EVP_aria_256_cfb8                       4198	1_1_1	EXIST::FUNCTION:ARIA
+EVP_aria_256_cbc                        4199	1_1_1	EXIST::FUNCTION:ARIA
+EVP_aria_128_ofb                        4200	1_1_1	EXIST::FUNCTION:ARIA
+EVP_aria_192_cfb128                     4201	1_1_1	EXIST::FUNCTION:ARIA
+EVP_aria_256_ecb                        4202	1_1_1	EXIST::FUNCTION:ARIA
+EVP_aria_256_ctr                        4203	1_1_1	EXIST::FUNCTION:ARIA
+EVP_aria_128_ctr                        4204	1_1_1	EXIST::FUNCTION:ARIA
+EVP_aria_192_ctr                        4205	1_1_1	EXIST::FUNCTION:ARIA
+UI_null                                 4206	1_1_1	EXIST::FUNCTION:
+EC_KEY_get0_engine                      4207	1_1_1	EXIST::FUNCTION:EC
+INT32_it                                4208	1_1_0f	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+INT32_it                                4208	1_1_0f	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UINT64_it                               4209	1_1_0f	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+UINT64_it                               4209	1_1_0f	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ZINT32_it                               4210	1_1_0f	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ZINT32_it                               4210	1_1_0f	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ZUINT64_it                              4211	1_1_0f	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ZUINT64_it                              4211	1_1_0f	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+INT64_it                                4212	1_1_0f	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+INT64_it                                4212	1_1_0f	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ZUINT32_it                              4213	1_1_0f	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ZUINT32_it                              4213	1_1_0f	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UINT32_it                               4214	1_1_0f	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+UINT32_it                               4214	1_1_0f	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ZINT64_it                               4215	1_1_0f	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ZINT64_it                               4215	1_1_0f	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+CRYPTO_mem_leaks_cb                     4216	1_1_1	EXIST::FUNCTION:CRYPTO_MDEBUG
+BIO_lookup_ex                           4217	1_1_1	EXIST::FUNCTION:SOCK
+X509_CRL_print_ex                       4218	1_1_1	EXIST::FUNCTION:
+X509_SIG_INFO_get                       4219	1_1_1	EXIST::FUNCTION:
+X509_get_signature_info                 4220	1_1_1	EXIST::FUNCTION:
+X509_SIG_INFO_set                       4221	1_1_1	EXIST::FUNCTION:
+ESS_CERT_ID_V2_free                     4222	1_1_1	EXIST::FUNCTION:TS
+ESS_SIGNING_CERT_V2_new                 4223	1_1_1	EXIST::FUNCTION:TS
+d2i_ESS_SIGNING_CERT_V2                 4224	1_1_1	EXIST::FUNCTION:TS
+i2d_ESS_CERT_ID_V2                      4225	1_1_1	EXIST::FUNCTION:TS
+ESS_CERT_ID_V2_dup                      4226	1_1_1	EXIST::FUNCTION:TS
+TS_RESP_CTX_set_ess_cert_id_digest      4227	1_1_1	EXIST::FUNCTION:TS
+d2i_ESS_CERT_ID_V2                      4228	1_1_1	EXIST::FUNCTION:TS
+i2d_ESS_SIGNING_CERT_V2                 4229	1_1_1	EXIST::FUNCTION:TS
+TS_CONF_set_ess_cert_id_digest          4230	1_1_1	EXIST::FUNCTION:TS
+ESS_SIGNING_CERT_V2_free                4231	1_1_1	EXIST::FUNCTION:TS
+ESS_SIGNING_CERT_V2_dup                 4232	1_1_1	EXIST::FUNCTION:TS
+ESS_CERT_ID_V2_new                      4233	1_1_1	EXIST::FUNCTION:TS
+PEM_read_bio_ex                         4234	1_1_1	EXIST::FUNCTION:
+PEM_bytes_read_bio_secmem               4235	1_1_1	EXIST::FUNCTION:
+EVP_DigestSign                          4236	1_1_1	EXIST::FUNCTION:
+EVP_DigestVerify                        4237	1_1_1	EXIST::FUNCTION:
+UI_method_get_data_duplicator           4238	1_1_1	EXIST::FUNCTION:
+UI_method_set_data_duplicator           4239	1_1_1	EXIST::FUNCTION:
+UI_dup_user_data                        4240	1_1_1	EXIST::FUNCTION:
+UI_method_get_data_destructor           4241	1_1_1	EXIST::FUNCTION:
+ERR_load_strings_const                  4242	1_1_1	EXIST::FUNCTION:
+ASN1_TIME_to_tm                         4243	1_1_1	EXIST::FUNCTION:
+ASN1_TIME_set_string_X509               4244	1_1_1	EXIST::FUNCTION:
+OCSP_resp_get1_id                       4245	1_1_1	EXIST::FUNCTION:OCSP
+OSSL_STORE_register_loader              4246	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_LOADER_set_error             4247	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_INFO_get0_PKEY               4248	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_INFO_get_type                4249	1_1_1	EXIST::FUNCTION:
+ERR_load_OSSL_STORE_strings             4250	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_LOADER_free                  4251	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_INFO_get1_PKEY               4252	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_INFO_free                    4253	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_open_file                    4254	1_1_1	NOEXIST::FUNCTION:
+OSSL_STORE_LOADER_set_eof               4255	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_LOADER_new                   4256	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_INFO_get0_CERT               4257	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_LOADER_set_close             4258	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_INFO_new_PARAMS              4259	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_INFO_new_PKEY                4260	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_INFO_get1_PARAMS             4261	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_INFO_get1_CRL                4262	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_error                        4263	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_INFO_get1_CERT               4264	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_INFO_get0_PARAMS             4265	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_INFO_type_string             4266	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_INFO_get1_NAME               4267	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_LOADER_set_load              4268	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_LOADER_get0_scheme           4269	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_open                         4270	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_close                        4271	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_INFO_new_CERT                4272	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_INFO_get0_CRL                4273	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_load                         4274	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_INFO_get0_NAME               4275	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_unregister_loader            4276	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_INFO_new_CRL                 4277	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_INFO_new_NAME                4278	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_eof                          4279	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_LOADER_set_open              4280	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_LOADER_set_ctrl              4281	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_ctrl                         4282	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_INFO_get0_NAME_description   4283	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_INFO_set0_NAME_description   4284	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_INFO_get1_NAME_description   4285	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_do_all_loaders               4286	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_LOADER_get0_engine           4287	1_1_1	EXIST::FUNCTION:
+OPENSSL_fork_prepare                    4288	1_1_1	EXIST:UNIX:FUNCTION:
+OPENSSL_fork_parent                     4289	1_1_1	EXIST:UNIX:FUNCTION:
+OPENSSL_fork_child                      4290	1_1_1	EXIST:UNIX:FUNCTION:
+RAND_DRBG_instantiate                   4292	1_1_1	EXIST::FUNCTION:
+RAND_DRBG_uninstantiate                 4293	1_1_1	EXIST::FUNCTION:
+RAND_DRBG_set                           4295	1_1_1	EXIST::FUNCTION:
+RAND_DRBG_set_callbacks                 4296	1_1_1	EXIST::FUNCTION:
+RAND_DRBG_new                           4297	1_1_1	EXIST::FUNCTION:
+RAND_DRBG_set_reseed_interval           4298	1_1_1	EXIST::FUNCTION:
+RAND_DRBG_free                          4299	1_1_1	EXIST::FUNCTION:
+RAND_DRBG_generate                      4300	1_1_1	EXIST::FUNCTION:
+RAND_DRBG_reseed                        4301	1_1_1	EXIST::FUNCTION:
+RAND_DRBG_set_ex_data                   4302	1_1_1	EXIST::FUNCTION:
+RAND_DRBG_get_ex_data                   4303	1_1_1	EXIST::FUNCTION:
+EVP_sha3_224                            4304	1_1_1	EXIST::FUNCTION:
+EVP_sha3_256                            4305	1_1_1	EXIST::FUNCTION:
+EVP_sha3_384                            4306	1_1_1	EXIST::FUNCTION:
+EVP_sha3_512                            4307	1_1_1	EXIST::FUNCTION:
+EVP_shake128                            4308	1_1_1	EXIST::FUNCTION:
+EVP_shake256                            4309	1_1_1	EXIST::FUNCTION:
+SCRYPT_PARAMS_new                       4310	1_1_1	EXIST::FUNCTION:SCRYPT
+SCRYPT_PARAMS_free                      4311	1_1_1	EXIST::FUNCTION:SCRYPT
+i2d_SCRYPT_PARAMS                       4312	1_1_1	EXIST::FUNCTION:SCRYPT
+d2i_SCRYPT_PARAMS                       4313	1_1_1	EXIST::FUNCTION:SCRYPT
+SCRYPT_PARAMS_it                        4314	1_1_1	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:SCRYPT
+SCRYPT_PARAMS_it                        4314	1_1_1	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:SCRYPT
+CRYPTO_secure_clear_free                4315	1_1_0g	EXIST::FUNCTION:
+EVP_PKEY_meth_get0                      4316	1_1_1	EXIST::FUNCTION:
+EVP_PKEY_meth_get_count                 4317	1_1_1	EXIST::FUNCTION:
+RAND_DRBG_get0_public                   4319	1_1_1	EXIST::FUNCTION:
+RAND_priv_bytes                         4320	1_1_1	EXIST::FUNCTION:
+BN_priv_rand                            4321	1_1_1	EXIST::FUNCTION:
+BN_priv_rand_range                      4322	1_1_1	EXIST::FUNCTION:
+ASN1_TIME_normalize                     4323	1_1_1	EXIST::FUNCTION:
+ASN1_TIME_cmp_time_t                    4324	1_1_1	EXIST::FUNCTION:
+ASN1_TIME_compare                       4325	1_1_1	EXIST::FUNCTION:
+EVP_PKEY_CTX_ctrl_uint64                4326	1_1_1	EXIST::FUNCTION:
+EVP_DigestFinalXOF                      4327	1_1_1	EXIST::FUNCTION:
+ERR_clear_last_mark                     4328	1_1_1	EXIST::FUNCTION:
+RAND_DRBG_get0_private                  4329	1_1_1	EXIST::FUNCTION:
+EVP_aria_192_ccm                        4330	1_1_1	EXIST::FUNCTION:ARIA
+EVP_aria_256_gcm                        4331	1_1_1	EXIST::FUNCTION:ARIA
+EVP_aria_256_ccm                        4332	1_1_1	EXIST::FUNCTION:ARIA
+EVP_aria_128_gcm                        4333	1_1_1	EXIST::FUNCTION:ARIA
+EVP_aria_128_ccm                        4334	1_1_1	EXIST::FUNCTION:ARIA
+EVP_aria_192_gcm                        4335	1_1_1	EXIST::FUNCTION:ARIA
+UI_get_result_length                    4337	1_1_1	EXIST::FUNCTION:
+UI_set_result_ex                        4338	1_1_1	EXIST::FUNCTION:
+UI_get_result_string_length             4339	1_1_1	EXIST::FUNCTION:
+EVP_PKEY_check                          4340	1_1_1	EXIST::FUNCTION:
+EVP_PKEY_meth_set_check                 4341	1_1_1	EXIST::FUNCTION:
+EVP_PKEY_meth_get_check                 4342	1_1_1	EXIST::FUNCTION:
+EVP_PKEY_meth_remove                    4343	1_1_1	EXIST::FUNCTION:
+OPENSSL_sk_reserve                      4344	1_1_1	EXIST::FUNCTION:
+EVP_PKEY_set1_engine                    4347	1_1_0g	EXIST::FUNCTION:ENGINE
+DH_new_by_nid                           4348	1_1_1	EXIST::FUNCTION:DH
+DH_get_nid                              4349	1_1_1	EXIST::FUNCTION:DH
+CRYPTO_get_alloc_counts                 4350	1_1_1	EXIST::FUNCTION:CRYPTO_MDEBUG
+OPENSSL_sk_new_reserve                  4351	1_1_1	EXIST::FUNCTION:
+EVP_PKEY_asn1_set_check                 4352	1_1_1	EXIST::FUNCTION:
+EVP_PKEY_asn1_set_siginf                4353	1_1_1	EXIST::FUNCTION:
+EVP_sm4_ctr                             4354	1_1_1	EXIST::FUNCTION:SM4
+EVP_sm4_cbc                             4355	1_1_1	EXIST::FUNCTION:SM4
+EVP_sm4_ofb                             4356	1_1_1	EXIST::FUNCTION:SM4
+EVP_sm4_ecb                             4357	1_1_1	EXIST::FUNCTION:SM4
+EVP_sm4_cfb128                          4358	1_1_1	EXIST::FUNCTION:SM4
+EVP_sm3                                 4359	1_1_1	EXIST::FUNCTION:SM3
+RSA_get0_multi_prime_factors            4360	1_1_1	EXIST::FUNCTION:RSA
+EVP_PKEY_public_check                   4361	1_1_1	EXIST::FUNCTION:
+EVP_PKEY_param_check                    4362	1_1_1	EXIST::FUNCTION:
+EVP_PKEY_meth_set_public_check          4363	1_1_1	EXIST::FUNCTION:
+EVP_PKEY_meth_set_param_check           4364	1_1_1	EXIST::FUNCTION:
+EVP_PKEY_meth_get_public_check          4365	1_1_1	EXIST::FUNCTION:
+EVP_PKEY_meth_get_param_check           4366	1_1_1	EXIST::FUNCTION:
+EVP_PKEY_asn1_set_public_check          4367	1_1_1	EXIST::FUNCTION:
+EVP_PKEY_asn1_set_param_check           4368	1_1_1	EXIST::FUNCTION:
+DH_check_ex                             4369	1_1_1	EXIST::FUNCTION:DH
+DH_check_pub_key_ex                     4370	1_1_1	EXIST::FUNCTION:DH
+DH_check_params_ex                      4371	1_1_1	EXIST::FUNCTION:DH
+RSA_generate_multi_prime_key            4372	1_1_1	EXIST::FUNCTION:RSA
+RSA_get_multi_prime_extra_count         4373	1_1_1	EXIST::FUNCTION:RSA
+OCSP_resp_get0_signer                   4374	1_1_0h	EXIST::FUNCTION:OCSP
+RSA_get0_multi_prime_crt_params         4375	1_1_1	EXIST::FUNCTION:RSA
+RSA_set0_multi_prime_params             4376	1_1_1	EXIST::FUNCTION:RSA
+RSA_get_version                         4377	1_1_1	EXIST::FUNCTION:RSA
+RSA_meth_get_multi_prime_keygen         4378	1_1_1	EXIST::FUNCTION:RSA
+RSA_meth_set_multi_prime_keygen         4379	1_1_1	EXIST::FUNCTION:RSA
+RAND_DRBG_get0_master                   4380	1_1_1	EXIST::FUNCTION:
+RAND_DRBG_set_reseed_time_interval      4381	1_1_1	EXIST::FUNCTION:
+PROFESSION_INFO_get0_addProfessionInfo  4382	1_1_1	EXIST::FUNCTION:
+ADMISSION_SYNTAX_free                   4383	1_1_1	EXIST::FUNCTION:
+d2i_ADMISSION_SYNTAX                    4384	1_1_1	EXIST::FUNCTION:
+NAMING_AUTHORITY_set0_authorityId       4385	1_1_1	EXIST::FUNCTION:
+NAMING_AUTHORITY_set0_authorityURL      4386	1_1_1	EXIST::FUNCTION:
+d2i_PROFESSION_INFO                     4387	1_1_1	EXIST::FUNCTION:
+NAMING_AUTHORITY_it                     4388	1_1_1	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+NAMING_AUTHORITY_it                     4388	1_1_1	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ADMISSION_SYNTAX_get0_contentsOfAdmissions 4389	1_1_1	EXIST::FUNCTION:
+PROFESSION_INFO_set0_professionItems    4390	1_1_1	EXIST::FUNCTION:
+NAMING_AUTHORITY_new                    4391	1_1_1	EXIST::FUNCTION:
+NAMING_AUTHORITY_get0_authorityURL      4392	1_1_1	EXIST::FUNCTION:
+ADMISSION_SYNTAX_get0_admissionAuthority 4393	1_1_1	EXIST::FUNCTION:
+PROFESSION_INFO_new                     4394	1_1_1	EXIST::FUNCTION:
+ADMISSIONS_new                          4395	1_1_1	EXIST::FUNCTION:
+ADMISSION_SYNTAX_set0_admissionAuthority 4396	1_1_1	EXIST::FUNCTION:
+PROFESSION_INFO_get0_professionOIDs     4397	1_1_1	EXIST::FUNCTION:
+PROFESSION_INFO_it                      4398	1_1_1	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PROFESSION_INFO_it                      4398	1_1_1	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+i2d_PROFESSION_INFO                     4399	1_1_1	EXIST::FUNCTION:
+ADMISSIONS_set0_professionInfos         4400	1_1_1	EXIST::FUNCTION:
+PROFESSION_INFO_get0_namingAuthority    4401	1_1_1	EXIST::FUNCTION:
+PROFESSION_INFO_free                    4402	1_1_1	EXIST::FUNCTION:
+PROFESSION_INFO_set0_addProfessionInfo  4403	1_1_1	EXIST::FUNCTION:
+PROFESSION_INFO_set0_registrationNumber 4404	1_1_1	EXIST::FUNCTION:
+ADMISSION_SYNTAX_set0_contentsOfAdmissions 4405	1_1_1	EXIST::FUNCTION:
+NAMING_AUTHORITY_get0_authorityId       4406	1_1_1	EXIST::FUNCTION:
+ADMISSION_SYNTAX_it                     4407	1_1_1	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ADMISSION_SYNTAX_it                     4407	1_1_1	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+i2d_ADMISSION_SYNTAX                    4408	1_1_1	EXIST::FUNCTION:
+NAMING_AUTHORITY_get0_authorityText     4409	1_1_1	EXIST::FUNCTION:
+PROFESSION_INFO_set0_namingAuthority    4410	1_1_1	EXIST::FUNCTION:
+i2d_NAMING_AUTHORITY                    4411	1_1_1	EXIST::FUNCTION:
+NAMING_AUTHORITY_free                   4412	1_1_1	EXIST::FUNCTION:
+ADMISSIONS_set0_admissionAuthority      4413	1_1_1	EXIST::FUNCTION:
+ADMISSIONS_free                         4414	1_1_1	EXIST::FUNCTION:
+PROFESSION_INFO_get0_registrationNumber 4415	1_1_1	EXIST::FUNCTION:
+d2i_ADMISSIONS                          4416	1_1_1	EXIST::FUNCTION:
+i2d_ADMISSIONS                          4417	1_1_1	EXIST::FUNCTION:
+PROFESSION_INFO_get0_professionItems    4418	1_1_1	EXIST::FUNCTION:
+ADMISSIONS_get0_admissionAuthority      4419	1_1_1	EXIST::FUNCTION:
+PROFESSION_INFO_set0_professionOIDs     4420	1_1_1	EXIST::FUNCTION:
+d2i_NAMING_AUTHORITY                    4421	1_1_1	EXIST::FUNCTION:
+ADMISSIONS_it                           4422	1_1_1	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ADMISSIONS_it                           4422	1_1_1	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ADMISSIONS_get0_namingAuthority         4423	1_1_1	EXIST::FUNCTION:
+NAMING_AUTHORITY_set0_authorityText     4424	1_1_1	EXIST::FUNCTION:
+ADMISSIONS_set0_namingAuthority         4425	1_1_1	EXIST::FUNCTION:
+ADMISSIONS_get0_professionInfos         4426	1_1_1	EXIST::FUNCTION:
+ADMISSION_SYNTAX_new                    4427	1_1_1	EXIST::FUNCTION:
+EVP_sha512_256                          4428	1_1_1	EXIST::FUNCTION:
+EVP_sha512_224                          4429	1_1_1	EXIST::FUNCTION:
+OCSP_basic_sign_ctx                     4430	1_1_1	EXIST::FUNCTION:OCSP
+RAND_DRBG_bytes                         4431	1_1_1	EXIST::FUNCTION:
+RAND_DRBG_secure_new                    4432	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_vctrl                        4433	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_SEARCH_by_alias              4434	1_1_1	EXIST::FUNCTION:
+BIO_bind                                4435	1_1_1	EXIST::FUNCTION:SOCK
+OSSL_STORE_LOADER_set_expect            4436	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_expect                       4437	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_SEARCH_by_key_fingerprint    4438	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_SEARCH_get0_serial           4439	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_SEARCH_by_name               4440	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_supports_search              4441	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_find                         4442	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_SEARCH_get_type              4443	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_SEARCH_get0_bytes            4444	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_SEARCH_get0_string           4445	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_SEARCH_by_issuer_serial      4446	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_SEARCH_get0_name             4447	1_1_1	EXIST::FUNCTION:
+X509_get0_authority_key_id              4448	1_1_0h	EXIST::FUNCTION:
+OSSL_STORE_LOADER_set_find              4449	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_SEARCH_free                  4450	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_SEARCH_get0_digest           4451	1_1_1	EXIST::FUNCTION:
+RAND_DRBG_set_reseed_defaults           4452	1_1_1	EXIST::FUNCTION:
+EVP_PKEY_new_raw_private_key            4453	1_1_1	EXIST::FUNCTION:
+EVP_PKEY_new_raw_public_key             4454	1_1_1	EXIST::FUNCTION:
+EVP_PKEY_new_CMAC_key                   4455	1_1_1	EXIST::FUNCTION:
+EVP_PKEY_asn1_set_set_priv_key          4456	1_1_1	EXIST::FUNCTION:
+EVP_PKEY_asn1_set_set_pub_key           4457	1_1_1	EXIST::FUNCTION:
+RAND_DRBG_set_defaults                  4458	1_1_1	EXIST::FUNCTION:
+conf_ssl_name_find                      4469	1_1_0i	EXIST::FUNCTION:
+conf_ssl_get_cmd                        4470	1_1_0i	EXIST::FUNCTION:
+conf_ssl_get                            4471	1_1_0i	EXIST::FUNCTION:
+X509_VERIFY_PARAM_get_hostflags         4472	1_1_0i	EXIST::FUNCTION:
+DH_get0_p                               4473	1_1_1	EXIST::FUNCTION:DH
+DH_get0_q                               4474	1_1_1	EXIST::FUNCTION:DH
+DH_get0_g                               4475	1_1_1	EXIST::FUNCTION:DH
+DH_get0_priv_key                        4476	1_1_1	EXIST::FUNCTION:DH
+DH_get0_pub_key                         4477	1_1_1	EXIST::FUNCTION:DH
+DSA_get0_priv_key                       4478	1_1_1	EXIST::FUNCTION:DSA
+DSA_get0_pub_key                        4479	1_1_1	EXIST::FUNCTION:DSA
+DSA_get0_q                              4480	1_1_1	EXIST::FUNCTION:DSA
+DSA_get0_p                              4481	1_1_1	EXIST::FUNCTION:DSA
+DSA_get0_g                              4482	1_1_1	EXIST::FUNCTION:DSA
+RSA_get0_dmp1                           4483	1_1_1	EXIST::FUNCTION:RSA
+RSA_get0_d                              4484	1_1_1	EXIST::FUNCTION:RSA
+RSA_get0_n                              4485	1_1_1	EXIST::FUNCTION:RSA
+RSA_get0_dmq1                           4486	1_1_1	EXIST::FUNCTION:RSA
+RSA_get0_e                              4487	1_1_1	EXIST::FUNCTION:RSA
+RSA_get0_q                              4488	1_1_1	EXIST::FUNCTION:RSA
+RSA_get0_p                              4489	1_1_1	EXIST::FUNCTION:RSA
+RSA_get0_iqmp                           4490	1_1_1	EXIST::FUNCTION:RSA
+ECDSA_SIG_get0_r                        4491	1_1_1	EXIST::FUNCTION:EC
+ECDSA_SIG_get0_s                        4492	1_1_1	EXIST::FUNCTION:EC
+X509_LOOKUP_meth_get_get_by_fingerprint 4493	1_1_0i	EXIST::FUNCTION:
+X509_LOOKUP_meth_new                    4494	1_1_0i	EXIST::FUNCTION:
+X509_LOOKUP_meth_get_init               4495	1_1_0i	EXIST::FUNCTION:
+X509_LOOKUP_meth_get_get_by_alias       4496	1_1_0i	EXIST::FUNCTION:
+X509_LOOKUP_meth_set_new_item           4497	1_1_0i	EXIST::FUNCTION:
+X509_LOOKUP_meth_set_shutdown           4498	1_1_0i	EXIST::FUNCTION:
+X509_LOOKUP_meth_get_new_item           4499	1_1_0i	EXIST::FUNCTION:
+X509_LOOKUP_meth_set_ctrl               4500	1_1_0i	EXIST::FUNCTION:
+X509_LOOKUP_meth_set_get_by_issuer_serial 4501	1_1_0i	EXIST::FUNCTION:
+X509_LOOKUP_get_store                   4502	1_1_0i	EXIST::FUNCTION:
+X509_LOOKUP_meth_get_ctrl               4503	1_1_0i	EXIST::FUNCTION:
+X509_LOOKUP_meth_set_get_by_alias       4504	1_1_0i	EXIST::FUNCTION:
+X509_LOOKUP_meth_get_get_by_subject     4505	1_1_0i	EXIST::FUNCTION:
+X509_LOOKUP_meth_get_free               4506	1_1_0i	EXIST::FUNCTION:
+X509_LOOKUP_meth_set_get_by_subject     4507	1_1_0i	EXIST::FUNCTION:
+X509_LOOKUP_meth_set_free               4508	1_1_0i	EXIST::FUNCTION:
+X509_LOOKUP_meth_get_shutdown           4509	1_1_0i	EXIST::FUNCTION:
+X509_LOOKUP_set_method_data             4510	1_1_0i	EXIST::FUNCTION:
+X509_LOOKUP_get_method_data             4511	1_1_0i	EXIST::FUNCTION:
+X509_LOOKUP_meth_set_get_by_fingerprint 4512	1_1_0i	EXIST::FUNCTION:
+X509_LOOKUP_meth_free                   4513	1_1_0i	EXIST::FUNCTION:
+X509_OBJECT_set1_X509                   4514	1_1_0i	EXIST::FUNCTION:
+X509_LOOKUP_meth_get_get_by_issuer_serial 4515	1_1_0i	EXIST::FUNCTION:
+X509_LOOKUP_meth_set_init               4516	1_1_0i	EXIST::FUNCTION:
+X509_OBJECT_set1_X509_CRL               4517	1_1_0i	EXIST::FUNCTION:
+EVP_PKEY_get_raw_public_key             4518	1_1_1	EXIST::FUNCTION:
+EVP_PKEY_get_raw_private_key            4519	1_1_1	EXIST::FUNCTION:
+EVP_PKEY_asn1_set_get_priv_key          4520	1_1_1	EXIST::FUNCTION:
+EVP_PKEY_asn1_set_get_pub_key           4521	1_1_1	EXIST::FUNCTION:
+EVP_PKEY_set_alias_type                 4522	1_1_1	EXIST::FUNCTION:
+RAND_keep_random_devices_open           4523	1_1_1	EXIST::FUNCTION:
+EC_POINT_set_compressed_coordinates     4524	1_1_1	EXIST::FUNCTION:EC
+EC_POINT_set_affine_coordinates         4525	1_1_1	EXIST::FUNCTION:EC
+EC_POINT_get_affine_coordinates         4526	1_1_1	EXIST::FUNCTION:EC
+EC_GROUP_set_curve                      4527	1_1_1	EXIST::FUNCTION:EC
+EC_GROUP_get_curve                      4528	1_1_1	EXIST::FUNCTION:EC
+OCSP_resp_get0_tbs_sigalg               4529	1_1_0j	EXIST::FUNCTION:OCSP
+OCSP_resp_get0_respdata                 4530	1_1_0j	EXIST::FUNCTION:OCSP
+EVP_MD_CTX_set_pkey_ctx                 4531	1_1_1	EXIST::FUNCTION:
+EVP_PKEY_meth_set_digest_custom         4532	1_1_1	EXIST::FUNCTION:
+EVP_PKEY_meth_get_digest_custom         4533	1_1_1	EXIST::FUNCTION:
+OPENSSL_INIT_set_config_filename        4534	1_1_1b	EXIST::FUNCTION:STDIO
+OPENSSL_INIT_set_config_file_flags      4535	1_1_1b	EXIST::FUNCTION:STDIO
diff --git a/trunk/3rdparty/openssl-1.1-fit/util/libssl.num b/trunk/3rdparty/openssl-1.1-fit/util/libssl.num
new file mode 100644
index 000000000..297522c36
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/util/libssl.num
@@ -0,0 +1,500 @@
+SSL_get_selected_srtp_profile           1	1_1_0	EXIST::FUNCTION:SRTP
+SSL_set_read_ahead                      2	1_1_0	EXIST::FUNCTION:
+SSL_set_accept_state                    3	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_cipher_list                 4	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_srp_client_pwd_callback     5	1_1_0	EXIST::FUNCTION:SRP
+SSL_copy_session_id                     6	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_srp_password                7	1_1_0	EXIST::FUNCTION:SRP
+SSL_shutdown                            8	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_msg_callback                9	1_1_0	EXIST::FUNCTION:
+SSL_SESSION_get0_ticket                 11	1_1_0	EXIST::FUNCTION:
+SSL_get1_supported_ciphers              12	1_1_0	EXIST::FUNCTION:
+SSL_state_string_long                   13	1_1_0	EXIST::FUNCTION:
+SSL_CTX_get0_certificate                14	1_1_0	EXIST::FUNCTION:
+SSL_SESSION_set_ex_data                 15	1_1_0	EXIST::FUNCTION:
+SSL_get_verify_depth                    16	1_1_0	EXIST::FUNCTION:
+SSL_get0_dane                           17	1_1_0	EXIST::FUNCTION:
+SSL_CTX_sess_get_get_cb                 18	1_1_0	EXIST::FUNCTION:
+SSL_CTX_get_default_passwd_cb_userdata  19	1_1_0	EXIST::FUNCTION:
+SSL_set_tmp_dh_callback                 20	1_1_0	EXIST::FUNCTION:DH
+SSL_CTX_get_verify_depth                21	1_1_0	EXIST::FUNCTION:
+SSL_CTX_use_RSAPrivateKey_file          22	1_1_0	EXIST::FUNCTION:RSA
+SSL_use_PrivateKey_file                 23	1_1_0	EXIST::FUNCTION:
+SSL_set_generate_session_id             24	1_1_0	EXIST::FUNCTION:
+SSL_get_ex_data_X509_STORE_CTX_idx      25	1_1_0	EXIST::FUNCTION:
+SSL_get_quiet_shutdown                  26	1_1_0	EXIST::FUNCTION:
+SSL_dane_enable                         27	1_1_0	EXIST::FUNCTION:
+SSL_COMP_add_compression_method         28	1_1_0	EXIST::FUNCTION:
+SSL_CTX_use_RSAPrivateKey               29	1_1_0	EXIST::FUNCTION:RSA
+SSL_CTX_sess_get_new_cb                 30	1_1_0	EXIST::FUNCTION:
+d2i_SSL_SESSION                         31	1_1_0	EXIST::FUNCTION:
+SSL_use_PrivateKey_ASN1                 32	1_1_0	EXIST::FUNCTION:
+PEM_write_SSL_SESSION                   33	1_1_0	EXIST::FUNCTION:STDIO
+SSL_CTX_set_session_id_context          34	1_1_0	EXIST::FUNCTION:
+SSL_CIPHER_get_cipher_nid               35	1_1_0	EXIST::FUNCTION:
+SSL_get_srp_g                           36	1_1_0	EXIST::FUNCTION:SRP
+SSL_want                                37	1_1_0	EXIST::FUNCTION:
+SSL_get_cipher_list                     38	1_1_0	EXIST::FUNCTION:
+SSL_get_verify_result                   39	1_1_0	EXIST::FUNCTION:
+SSL_renegotiate                         40	1_1_0	EXIST::FUNCTION:
+SSL_get_privatekey                      41	1_1_0	EXIST::FUNCTION:
+SSL_peek                                42	1_1_0	EXIST::FUNCTION:
+SRP_Calc_A_param                        43	1_1_0	EXIST::FUNCTION:SRP
+SSL_SESSION_get_ticket_lifetime_hint    44	1_1_0	EXIST::FUNCTION:
+SSL_SRP_CTX_free                        45	1_1_0	EXIST::FUNCTION:SRP
+SSL_CTX_set_client_CA_list              46	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_next_proto_select_cb        47	1_1_0	EXIST::FUNCTION:NEXTPROTONEG
+BIO_ssl_copy_session_id                 48	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_security_callback           49	1_1_0	EXIST::FUNCTION:
+SSL_CONF_cmd_value_type                 50	1_1_0	EXIST::FUNCTION:
+SSL_CTX_remove_session                  51	1_1_0	EXIST::FUNCTION:
+SSL_SESSION_new                         52	1_1_0	EXIST::FUNCTION:
+TLSv1_2_server_method                   53	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_2_METHOD
+BIO_new_buffer_ssl_connect              54	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set0_security_ex_data           55	1_1_0	EXIST::FUNCTION:
+SSL_alert_desc_string                   56	1_1_0	EXIST::FUNCTION:
+SSL_get0_dane_authority                 57	1_1_0	EXIST::FUNCTION:
+SSL_set_purpose                         58	1_1_0	EXIST::FUNCTION:
+SSL_CTX_use_PrivateKey_file             59	1_1_0	EXIST::FUNCTION:
+SSL_get_rfd                             60	1_1_0	EXIST::FUNCTION:
+DTLSv1_listen                           61	1_1_0	EXIST::FUNCTION:SOCK
+SSL_set_ssl_method                      62	1_1_0	EXIST::FUNCTION:
+SSL_get0_security_ex_data               63	1_1_0	EXIST::FUNCTION:
+SSLv3_client_method                     64	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SSL3_METHOD
+SSL_set_security_level                  65	1_1_0	EXIST::FUNCTION:
+DTLSv1_2_method                         66	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0,DTLS1_2_METHOD
+SSL_get_fd                              67	1_1_0	EXIST::FUNCTION:
+SSL_get1_session                        68	1_1_0	EXIST::FUNCTION:
+SSL_use_RSAPrivateKey                   69	1_1_0	EXIST::FUNCTION:RSA
+SSL_CTX_set_srp_cb_arg                  70	1_1_0	EXIST::FUNCTION:SRP
+SSL_CTX_add_session                     71	1_1_0	EXIST::FUNCTION:
+SSL_get_srp_N                           72	1_1_0	EXIST::FUNCTION:SRP
+SSL_has_matching_session_id             73	1_1_0	EXIST::FUNCTION:
+PEM_read_SSL_SESSION                    74	1_1_0	EXIST::FUNCTION:STDIO
+SSL_get_shared_ciphers                  75	1_1_0	EXIST::FUNCTION:
+SSL_add1_host                           76	1_1_0	EXIST::FUNCTION:
+SSL_CONF_cmd_argv                       77	1_1_0	EXIST::FUNCTION:
+SSL_version                             78	1_1_0	EXIST::FUNCTION:
+SSL_SESSION_print                       79	1_1_0	EXIST::FUNCTION:
+SSL_get_client_ciphers                  80	1_1_0	EXIST::FUNCTION:
+SSL_get_srtp_profiles                   81	1_1_0	EXIST::FUNCTION:SRTP
+SSL_use_certificate_ASN1                82	1_1_0	EXIST::FUNCTION:
+SSL_get_peer_certificate                83	1_1_0	EXIST::FUNCTION:
+DTLSv1_2_server_method                  84	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0,DTLS1_2_METHOD
+SSL_set_cert_cb                         85	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_cookie_verify_cb            86	1_1_0	EXIST::FUNCTION:
+SSL_get_shared_sigalgs                  87	1_1_0	EXIST::FUNCTION:
+SSL_config                              88	1_1_0	EXIST::FUNCTION:
+TLSv1_1_client_method                   89	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_1_METHOD
+SSL_CIPHER_standard_name                90	1_1_0	EXIST::FUNCTION:
+SSL_CTX_get_verify_mode                 91	1_1_0	EXIST::FUNCTION:
+SSL_get_all_async_fds                   92	1_1_0	EXIST::FUNCTION:
+SSL_CTX_check_private_key               93	1_1_0	EXIST::FUNCTION:
+SSL_set_wfd                             94	1_1_0	EXIST::FUNCTION:SOCK
+SSL_get_client_CA_list                  95	1_1_0	EXIST::FUNCTION:
+SSL_CONF_CTX_set_flags                  96	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_srp_username_callback       97	1_1_0	EXIST::FUNCTION:SRP
+SSL_connect                             98	1_1_0	EXIST::FUNCTION:
+SSL_get_psk_identity                    99	1_1_0	EXIST::FUNCTION:PSK
+SSL_CTX_use_certificate_file            100	1_1_0	EXIST::FUNCTION:
+SSL_set_session_ticket_ext              101	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_psk_server_callback         102	1_1_0	EXIST::FUNCTION:PSK
+SSL_get_sigalgs                         103	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_next_protos_advertised_cb   104	1_1_0	EXIST::FUNCTION:NEXTPROTONEG
+SSL_CTX_set_trust                       105	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_verify                      106	1_1_0	EXIST::FUNCTION:
+SSL_set_rfd                             107	1_1_0	EXIST::FUNCTION:SOCK
+SSL_SESSION_set_timeout                 108	1_1_0	EXIST::FUNCTION:
+SSL_set_psk_client_callback             109	1_1_0	EXIST::FUNCTION:PSK
+SSL_get_client_random                   110	1_1_0	EXIST::FUNCTION:
+TLS_method                              111	1_1_0	EXIST::FUNCTION:
+SSL_CONF_CTX_clear_flags                112	1_1_0	EXIST::FUNCTION:
+TLSv1_client_method                     113	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_METHOD
+SSL_CIPHER_get_bits                     114	1_1_0	EXIST::FUNCTION:
+SSL_test_functions                      115	1_1_0	EXIST::FUNCTION:UNIT_TEST
+SSL_get_SSL_CTX                         116	1_1_0	EXIST::FUNCTION:
+SSL_get_session                         117	1_1_0	EXIST::FUNCTION:
+SSL_CTX_callback_ctrl                   118	1_1_0	EXIST::FUNCTION:
+SSL_get_finished                        119	1_1_0	EXIST::FUNCTION:
+SSL_add_dir_cert_subjects_to_stack      120	1_1_0	EXIST::FUNCTION:
+SSL_get_state                           121	1_1_0	EXIST::FUNCTION:
+SSL_CONF_CTX_finish                     122	1_1_0	EXIST::FUNCTION:
+SSL_CTX_add_server_custom_ext           123	1_1_0	EXIST::FUNCTION:
+SSL_SESSION_get_ex_data                 124	1_1_0	EXIST::FUNCTION:
+SSL_get_srp_username                    125	1_1_0	EXIST::FUNCTION:SRP
+SSL_CTX_set_purpose                     126	1_1_0	EXIST::FUNCTION:
+SSL_clear                               127	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_cert_store                  128	1_1_0	EXIST::FUNCTION:
+TLSv1_2_method                          129	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_2_METHOD
+SSL_session_reused                      130	1_1_0	EXIST::FUNCTION:
+SSL_free                                131	1_1_0	EXIST::FUNCTION:
+BIO_ssl_shutdown                        132	1_1_0	EXIST::FUNCTION:
+SSL_CTX_get_client_CA_list              133	1_1_0	EXIST::FUNCTION:
+SSL_CTX_sessions                        134	1_1_0	EXIST::FUNCTION:
+SSL_get_options                         135	1_1_0	EXIST::FUNCTION:
+SSL_set_verify_depth                    136	1_1_0	EXIST::FUNCTION:
+SSL_get_error                           137	1_1_0	EXIST::FUNCTION:
+SSL_get_servername                      138	1_1_0	EXIST::FUNCTION:
+SSL_get_version                         139	1_1_0	EXIST::FUNCTION:
+SSL_state_string                        140	1_1_0	EXIST::FUNCTION:
+SSL_SESSION_get_timeout                 141	1_1_0	EXIST::FUNCTION:
+SSL_CTX_sess_get_remove_cb              142	1_1_0	EXIST::FUNCTION:
+SSL_get_current_cipher                  143	1_1_0	EXIST::FUNCTION:
+SSL_up_ref                              144	1_1_0	EXIST::FUNCTION:
+SSL_export_keying_material              145	1_1_0	EXIST::FUNCTION:
+SSL_callback_ctrl                       146	1_1_0	EXIST::FUNCTION:
+SSL_set_security_callback               147	1_1_0	EXIST::FUNCTION:
+SSL_SRP_CTX_init                        148	1_1_0	EXIST::FUNCTION:SRP
+ERR_load_SSL_strings                    149	1_1_0	EXIST::FUNCTION:
+SSL_CTX_SRP_CTX_init                    150	1_1_0	EXIST::FUNCTION:SRP
+SSL_SESSION_set_time                    151	1_1_0	EXIST::FUNCTION:
+i2d_SSL_SESSION                         152	1_1_0	EXIST::FUNCTION:
+SSL_SESSION_get_master_key              153	1_1_0	EXIST::FUNCTION:
+SSL_COMP_get_compression_methods        154	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_alpn_select_cb              155	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_tmp_dh_callback             156	1_1_0	EXIST::FUNCTION:DH
+SSL_CTX_get_default_passwd_cb           157	1_1_0	EXIST::FUNCTION:
+TLSv1_server_method                     158	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_METHOD
+DTLS_server_method                      159	1_1_0	EXIST::FUNCTION:
+SSL_set0_rbio                           160	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_options                     161	1_1_0	EXIST::FUNCTION:
+SSL_set_msg_callback                    162	1_1_0	EXIST::FUNCTION:
+SSL_CONF_CTX_free                       163	1_1_0	EXIST::FUNCTION:
+SSL_CTX_get_ssl_method                  164	1_1_0	EXIST::FUNCTION:
+SSL_get_server_random                   165	1_1_0	EXIST::FUNCTION:
+SSL_set_shutdown                        166	1_1_0	EXIST::FUNCTION:
+SSL_CTX_add_client_CA                   167	1_1_0	EXIST::FUNCTION:
+TLSv1_1_server_method                   168	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_1_METHOD
+PEM_write_bio_SSL_SESSION               169	1_1_0	EXIST::FUNCTION:
+SSL_write                               170	1_1_0	EXIST::FUNCTION:
+SSL_set1_host                           171	1_1_0	EXIST::FUNCTION:
+SSL_use_RSAPrivateKey_file              172	1_1_0	EXIST::FUNCTION:RSA
+SSL_CTX_get_info_callback               173	1_1_0	EXIST::FUNCTION:
+SSL_get0_peername                       174	1_1_0	EXIST::FUNCTION:
+SSL_set_srp_server_param                175	1_1_0	EXIST::FUNCTION:SRP
+TLS_server_method                       176	1_1_0	EXIST::FUNCTION:
+SSL_get_psk_identity_hint               177	1_1_0	EXIST::FUNCTION:PSK
+SSL_set_session                         178	1_1_0	EXIST::FUNCTION:
+SSL_get0_param                          179	1_1_0	EXIST::FUNCTION:
+SSL_set_default_passwd_cb               180	1_1_0	EXIST::FUNCTION:
+SSL_get_read_ahead                      181	1_1_0	EXIST::FUNCTION:
+SSL_dup_CA_list                         182	1_1_0	EXIST::FUNCTION:
+SSL_get_verify_callback                 183	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_default_passwd_cb           184	1_1_0	EXIST::FUNCTION:
+SSL_get_servername_type                 185	1_1_0	EXIST::FUNCTION:
+TLSv1_2_client_method                   186	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_2_METHOD
+SSL_add_client_CA                       187	1_1_0	EXIST::FUNCTION:
+SSL_CTX_get0_security_ex_data           188	1_1_0	EXIST::FUNCTION:
+SSL_get_ex_data                         189	1_1_0	EXIST::FUNCTION:
+SSL_CTX_flush_sessions                  190	1_1_0	EXIST::FUNCTION:
+SSL_use_PrivateKey                      191	1_1_0	EXIST::FUNCTION:
+DTLSv1_client_method                    192	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0,DTLS1_METHOD
+SSL_CTX_dane_mtype_set                  193	1_1_0	EXIST::FUNCTION:
+SSL_get_wfd                             194	1_1_0	EXIST::FUNCTION:
+SSL_get_ssl_method                      195	1_1_0	EXIST::FUNCTION:
+SSL_set_verify_result                   196	1_1_0	EXIST::FUNCTION:
+SSL_use_RSAPrivateKey_ASN1              197	1_1_0	EXIST::FUNCTION:RSA
+SSL_CIPHER_get_name                     198	1_1_0	EXIST::FUNCTION:
+OPENSSL_init_ssl                        199	1_1_0	EXIST::FUNCTION:
+SSL_dup                                 200	1_1_0	EXIST::FUNCTION:
+SSL_CTX_use_serverinfo                  201	1_1_0	EXIST::FUNCTION:
+SSL_CTX_use_serverinfo_file             202	1_1_0	EXIST::FUNCTION:
+SSL_set_options                         203	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_default_verify_dir          204	1_1_0	EXIST::FUNCTION:
+SSL_do_handshake                        205	1_1_0	EXIST::FUNCTION:
+SSL_CTX_get_ex_data                     206	1_1_0	EXIST::FUNCTION:
+SSL_is_init_finished                    207	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_default_verify_file         208	1_1_0	EXIST::FUNCTION:
+SSLv3_method                            209	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SSL3_METHOD
+SSL_CTX_set_cookie_generate_cb          210	1_1_0	EXIST::FUNCTION:
+SSL_certs_clear                         211	1_1_0	EXIST::FUNCTION:
+SSL_set_connect_state                   212	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_ex_data                     213	1_1_0	EXIST::FUNCTION:
+SSL_rstate_string                       214	1_1_0	EXIST::FUNCTION:
+SSL_SESSION_get0_peer                   215	1_1_0	EXIST::FUNCTION:
+SSL_SESSION_get_compress_id             216	1_1_0	EXIST::FUNCTION:
+SSL_get_peer_cert_chain                 217	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_cert_cb                     218	1_1_0	EXIST::FUNCTION:
+PEM_read_bio_SSL_SESSION                219	1_1_0	EXIST::FUNCTION:
+SSL_set_info_callback                   220	1_1_0	EXIST::FUNCTION:
+SSL_CTX_sess_set_new_cb                 221	1_1_0	EXIST::FUNCTION:
+SSL_CTX_get_security_level              222	1_1_0	EXIST::FUNCTION:
+SSL_CTX_ctrl                            223	1_1_0	EXIST::FUNCTION:
+SSL_set_alpn_protos                     224	1_1_0	EXIST::FUNCTION:
+SSL_set_ex_data                         225	1_1_0	EXIST::FUNCTION:
+SSL_rstate_string_long                  226	1_1_0	EXIST::FUNCTION:
+SSL_ctrl                                227	1_1_0	EXIST::FUNCTION:
+SSL_get_current_compression             228	1_1_0	EXIST::FUNCTION:
+SSL_SESSION_has_ticket                  229	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_cert_verify_callback        230	1_1_0	EXIST::FUNCTION:
+SSL_set_session_secret_cb               231	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_client_cert_engine          232	1_1_0	EXIST::FUNCTION:ENGINE
+SSL_CTX_get0_param                      233	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set1_param                      234	1_1_0	EXIST::FUNCTION:
+SSL_get_certificate                     235	1_1_0	EXIST::FUNCTION:
+DTLSv1_server_method                    236	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0,DTLS1_METHOD
+SSL_set_fd                              237	1_1_0	EXIST::FUNCTION:SOCK
+SSL_use_certificate                     238	1_1_0	EXIST::FUNCTION:
+DTLSv1_method                           239	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0,DTLS1_METHOD
+SSL_set0_wbio                           240	1_1_0	EXIST::FUNCTION:
+SSL_read                                241	1_1_0	EXIST::FUNCTION:
+SSL_CTX_get_options                     242	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_ssl_version                 243	1_1_0	EXIST::FUNCTION:
+SSL_set_SSL_CTX                         244	1_1_0	EXIST::FUNCTION:
+SSL_renegotiate_abbreviated             245	1_1_0	EXIST::FUNCTION:
+SSL_get_verify_mode                     246	1_1_0	EXIST::FUNCTION:
+SSL_CIPHER_get_id                       247	1_1_0	EXIST::FUNCTION:
+SSL_SESSION_print_keylog                248	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_psk_client_callback         249	1_1_0	EXIST::FUNCTION:PSK
+SSL_SESSION_get_time                    250	1_1_0	EXIST::FUNCTION:
+SSL_set_debug                           251	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0
+SSL_get_security_level                  252	1_1_0	EXIST::FUNCTION:
+SSL_CIPHER_description                  253	1_1_0	EXIST::FUNCTION:
+SSL_set_default_passwd_cb_userdata      254	1_1_0	EXIST::FUNCTION:
+SSL_get_srp_userinfo                    255	1_1_0	EXIST::FUNCTION:SRP
+SSL_extension_supported                 256	1_1_0	EXIST::FUNCTION:
+SSL_dane_tlsa_add                       257	1_1_0	EXIST::FUNCTION:
+SSL_srp_server_param_with_username      258	1_1_0	EXIST::FUNCTION:SRP
+SSL_CIPHER_get_version                  259	1_1_0	EXIST::FUNCTION:
+SSL_get0_verified_chain                 260	1_1_0	EXIST::FUNCTION:
+SSL_CIPHER_find                         261	1_1_0	EXIST::FUNCTION:
+SSL_get_rbio                            262	1_1_0	EXIST::FUNCTION:
+SSL_CONF_CTX_set_ssl                    263	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_verify_depth                264	1_1_0	EXIST::FUNCTION:
+SSL_get_ciphers                         265	1_1_0	EXIST::FUNCTION:
+SSL_CTX_config                          266	1_1_0	EXIST::FUNCTION:
+SSL_CONF_CTX_set_ssl_ctx                267	1_1_0	EXIST::FUNCTION:
+SSL_CONF_cmd                            268	1_1_0	EXIST::FUNCTION:
+SSL_add_ssl_module                      269	1_1_0	EXIST::FUNCTION:
+SSL_CTX_get_verify_callback             270	1_1_0	EXIST::FUNCTION:
+SSL_set1_param                          271	1_1_0	EXIST::FUNCTION:
+SSL_use_certificate_file                272	1_1_0	EXIST::FUNCTION:
+SSL_get_changed_async_fds               273	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_client_cert_cb              274	1_1_0	EXIST::FUNCTION:
+DTLS_client_method                      275	1_1_0	EXIST::FUNCTION:
+SSL_set_trust                           276	1_1_0	EXIST::FUNCTION:
+SSL_CTX_get_security_callback           277	1_1_0	EXIST::FUNCTION:
+SSL_CTX_clear_options                   278	1_1_0	EXIST::FUNCTION:
+SSL_check_chain                         279	1_1_0	EXIST::FUNCTION:
+SSL_CTX_sess_set_remove_cb              280	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_info_callback               281	1_1_0	EXIST::FUNCTION:
+SSL_pending                             282	1_1_0	EXIST::FUNCTION:
+SSL_set_bio                             283	1_1_0	EXIST::FUNCTION:
+BIO_new_ssl_connect                     284	1_1_0	EXIST::FUNCTION:
+SSL_waiting_for_async                   285	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_srp_strength                286	1_1_0	EXIST::FUNCTION:SRP
+SSL_CTX_get_quiet_shutdown              287	1_1_0	EXIST::FUNCTION:
+SSL_CTX_use_certificate_chain_file      288	1_1_0	EXIST::FUNCTION:
+SSL_CTX_dane_enable                     289	1_1_0	EXIST::FUNCTION:
+SSL_CONF_CTX_new                        290	1_1_0	EXIST::FUNCTION:
+SSL_get0_alpn_selected                  291	1_1_0	EXIST::FUNCTION:
+SSL_get0_next_proto_negotiated          292	1_1_0	EXIST::FUNCTION:NEXTPROTONEG
+SSL_set0_security_ex_data               293	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_tlsext_use_srtp             294	1_1_0	EXIST::FUNCTION:SRTP
+SSL_COMP_set0_compression_methods       295	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_not_resumable_session_callback 296	1_1_0	EXIST::FUNCTION:
+SSL_accept                              297	1_1_0	EXIST::FUNCTION:
+SSL_use_psk_identity_hint               298	1_1_0	EXIST::FUNCTION:PSK
+SSL_trace                               299	1_1_0	EXIST::FUNCTION:SSL_TRACE
+DTLS_method                             300	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_srp_verify_param_callback   301	1_1_0	EXIST::FUNCTION:SRP
+SSL_CTX_set_timeout                     302	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_security_level              303	1_1_0	EXIST::FUNCTION:
+TLS_client_method                       304	1_1_0	EXIST::FUNCTION:
+SSL_set_quiet_shutdown                  305	1_1_0	EXIST::FUNCTION:
+SSL_CTX_up_ref                          306	1_1_0	EXIST::FUNCTION:
+SSL_check_private_key                   307	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_quiet_shutdown              308	1_1_0	EXIST::FUNCTION:
+SSL_select_next_proto                   309	1_1_0	EXIST::FUNCTION:
+SSL_load_client_CA_file                 310	1_1_0	EXIST::FUNCTION:
+SSL_set_srp_server_param_pw             311	1_1_0	EXIST::FUNCTION:SRP
+SSL_renegotiate_pending                 312	1_1_0	EXIST::FUNCTION:
+SSL_CTX_new                             313	1_1_0	EXIST::FUNCTION:
+SSL_set_session_ticket_ext_cb           314	1_1_0	EXIST::FUNCTION:
+SSL_CTX_get_timeout                     315	1_1_0	EXIST::FUNCTION:
+SSL_use_certificate_chain_file          316	1_1_0	EXIST::FUNCTION:
+SSL_set_not_resumable_session_callback  317	1_1_0	EXIST::FUNCTION:
+SSL_CTX_SRP_CTX_free                    318	1_1_0	EXIST::FUNCTION:SRP
+SSL_get_current_expansion               319	1_1_0	EXIST::FUNCTION:
+SSL_clear_options                       320	1_1_0	EXIST::FUNCTION:
+SSL_CTX_use_PrivateKey                  321	1_1_0	EXIST::FUNCTION:
+SSL_get_info_callback                   322	1_1_0	EXIST::FUNCTION:
+SSL_CTX_use_psk_identity_hint           323	1_1_0	EXIST::FUNCTION:PSK
+SSL_CTX_use_RSAPrivateKey_ASN1          324	1_1_0	EXIST::FUNCTION:RSA
+SSL_CTX_use_PrivateKey_ASN1             325	1_1_0	EXIST::FUNCTION:
+SSL_CTX_get0_privatekey                 326	1_1_0	EXIST::FUNCTION:
+BIO_f_ssl                               327	1_1_0	EXIST::FUNCTION:
+SSLv3_server_method                     328	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SSL3_METHOD
+SSL_SESSION_free                        329	1_1_0	EXIST::FUNCTION:
+SSL_get_shutdown                        330	1_1_0	EXIST::FUNCTION:
+SSL_get_peer_finished                   331	1_1_0	EXIST::FUNCTION:
+SSL_set_tlsext_use_srtp                 332	1_1_0	EXIST::FUNCTION:SRTP
+TLSv1_method                            333	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_METHOD
+SSL_set_psk_server_callback             334	1_1_0	EXIST::FUNCTION:PSK
+SSL_CTX_set_alpn_protos                 335	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_default_verify_paths        336	1_1_0	EXIST::FUNCTION:
+SSL_CTX_sess_set_get_cb                 337	1_1_0	EXIST::FUNCTION:
+SSL_add_file_cert_subjects_to_stack     338	1_1_0	EXIST::FUNCTION:
+SSL_get_default_passwd_cb_userdata      339	1_1_0	EXIST::FUNCTION:
+SSL_get_security_callback               340	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_srp_username                341	1_1_0	EXIST::FUNCTION:SRP
+SSL_COMP_get_name                       342	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_default_passwd_cb_userdata  343	1_1_0	EXIST::FUNCTION:
+SSL_set_verify                          344	1_1_0	EXIST::FUNCTION:
+SSL_in_before                           345	1_1_0	EXIST::FUNCTION:
+SSL_CIPHER_get_digest_nid               346	1_1_0	EXIST::FUNCTION:
+SSL_CTX_add_client_custom_ext           347	1_1_0	EXIST::FUNCTION:
+SSL_CTX_use_certificate                 348	1_1_0	EXIST::FUNCTION:
+SSL_set_cipher_list                     349	1_1_0	EXIST::FUNCTION:
+SSL_get_wbio                            350	1_1_0	EXIST::FUNCTION:
+SSL_set_hostflags                       351	1_1_0	EXIST::FUNCTION:
+SSL_alert_desc_string_long              352	1_1_0	EXIST::FUNCTION:
+SSL_get_default_timeout                 353	1_1_0	EXIST::FUNCTION:
+SSL_set_session_id_context              354	1_1_0	EXIST::FUNCTION:
+SSL_new                                 355	1_1_0	EXIST::FUNCTION:
+TLSv1_1_method                          356	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_1_METHOD
+SSL_CTX_get_cert_store                  357	1_1_0	EXIST::FUNCTION:
+SSL_CTX_load_verify_locations           358	1_1_0	EXIST::FUNCTION:
+SSL_SESSION_print_fp                    359	1_1_0	EXIST::FUNCTION:STDIO
+SSL_get0_dane_tlsa                      360	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_generate_session_id         361	1_1_0	EXIST::FUNCTION:
+SSL_alert_type_string_long              362	1_1_0	EXIST::FUNCTION:
+SSL_CONF_CTX_set1_prefix                363	1_1_0	EXIST::FUNCTION:
+SSL_in_init                             364	1_1_0	EXIST::FUNCTION:
+BIO_new_ssl                             365	1_1_0	EXIST::FUNCTION:
+SSL_CTX_get_client_cert_cb              366	1_1_0	EXIST::FUNCTION:
+SSL_CTX_use_certificate_ASN1            367	1_1_0	EXIST::FUNCTION:
+SSL_set_client_CA_list                  368	1_1_0	EXIST::FUNCTION:
+SSL_CTX_free                            369	1_1_0	EXIST::FUNCTION:
+SSL_get_default_passwd_cb               370	1_1_0	EXIST::FUNCTION:
+SSL_SESSION_get_id                      371	1_1_0	EXIST::FUNCTION:
+SSL_SESSION_set1_id_context             372	1_1_0	EXIST::FUNCTION:
+SSL_is_server                           373	1_1_0	EXIST::FUNCTION:
+SSL_alert_type_string                   374	1_1_0	EXIST::FUNCTION:
+DTLSv1_2_client_method                  375	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0,DTLS1_2_METHOD
+SSL_CTX_set_ctlog_list_file             376	1_1_0	EXIST::FUNCTION:CT
+SSL_set_ct_validation_callback          377	1_1_0	EXIST::FUNCTION:CT
+SSL_CTX_set_default_ctlog_list_file     378	1_1_0	EXIST::FUNCTION:CT
+SSL_CTX_has_client_custom_ext           379	1_1_0	EXIST::FUNCTION:
+SSL_ct_is_enabled                       380	1_1_0	EXIST::FUNCTION:CT
+SSL_get0_peer_scts                      381	1_1_0	EXIST::FUNCTION:CT
+SSL_CTX_set_ct_validation_callback      382	1_1_0	EXIST::FUNCTION:CT
+SSL_CTX_ct_is_enabled                   383	1_1_0	EXIST::FUNCTION:CT
+SSL_set_default_read_buffer_len         384	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_default_read_buffer_len     385	1_1_0	EXIST::FUNCTION:
+SSL_has_pending                         386	1_1_0	EXIST::FUNCTION:
+SSL_CIPHER_get_auth_nid                 387	1_1_0	EXIST::FUNCTION:
+SSL_CIPHER_get_kx_nid                   388	1_1_0	EXIST::FUNCTION:
+SSL_CIPHER_is_aead                      389	1_1_0	EXIST::FUNCTION:
+SSL_SESSION_up_ref                      390	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set0_ctlog_store                391	1_1_0	EXIST::FUNCTION:CT
+SSL_CTX_get0_ctlog_store                392	1_1_0	EXIST::FUNCTION:CT
+SSL_enable_ct                           393	1_1_0	EXIST::FUNCTION:CT
+SSL_CTX_enable_ct                       394	1_1_0	EXIST::FUNCTION:CT
+SSL_CTX_get_ciphers                     395	1_1_0	EXIST::FUNCTION:
+SSL_SESSION_get0_hostname               396	1_1_0	EXIST::FUNCTION:
+SSL_client_version                      397	1_1_0	EXIST::FUNCTION:
+SSL_SESSION_get_protocol_version        398	1_1_0	EXIST::FUNCTION:
+SSL_is_dtls                             399	1_1_0	EXIST::FUNCTION:
+SSL_CTX_dane_set_flags                  400	1_1_0	EXIST::FUNCTION:
+SSL_dane_set_flags                      401	1_1_0	EXIST::FUNCTION:
+SSL_CTX_dane_clear_flags                402	1_1_0	EXIST::FUNCTION:
+SSL_dane_clear_flags                    403	1_1_0	EXIST::FUNCTION:
+SSL_SESSION_get0_cipher                 404	1_1_0	EXIST::FUNCTION:
+SSL_SESSION_get0_id_context             405	1_1_0	EXIST::FUNCTION:
+SSL_SESSION_set1_id                     406	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set1_cert_store                 407	1_1_1	EXIST::FUNCTION:
+DTLS_get_data_mtu                       408	1_1_1	EXIST::FUNCTION:
+SSL_read_ex                             409	1_1_1	EXIST::FUNCTION:
+SSL_peek_ex                             410	1_1_1	EXIST::FUNCTION:
+SSL_write_ex                            411	1_1_1	EXIST::FUNCTION:
+SSL_COMP_get_id                         412	1_1_0d	EXIST::FUNCTION:
+SSL_COMP_get0_name                      413	1_1_0d	EXIST::FUNCTION:
+SSL_CTX_set_keylog_callback             414	1_1_1	EXIST::FUNCTION:
+SSL_CTX_get_keylog_callback             415	1_1_1	EXIST::FUNCTION:
+SSL_get_peer_signature_type_nid         416	1_1_1	EXIST::FUNCTION:
+SSL_key_update                          417	1_1_1	EXIST::FUNCTION:
+SSL_get_key_update_type                 418	1_1_1	EXIST::FUNCTION:
+SSL_bytes_to_cipher_list                419	1_1_1	EXIST::FUNCTION:
+SSL_client_hello_get0_compression_methods 420	1_1_1	EXIST::FUNCTION:
+SSL_client_hello_get0_ciphers           421	1_1_1	EXIST::FUNCTION:
+SSL_client_hello_get0_ext               422	1_1_1	EXIST::FUNCTION:
+SSL_client_hello_get0_session_id        423	1_1_1	EXIST::FUNCTION:
+SSL_client_hello_get0_random            424	1_1_1	EXIST::FUNCTION:
+SSL_CTX_set_client_hello_cb             425	1_1_1	EXIST::FUNCTION:
+SSL_client_hello_get0_legacy_version    426	1_1_1	EXIST::FUNCTION:
+SSL_client_hello_isv2                   427	1_1_1	EXIST::FUNCTION:
+SSL_set_max_early_data                  428	1_1_1	EXIST::FUNCTION:
+SSL_CTX_set_max_early_data              429	1_1_1	EXIST::FUNCTION:
+SSL_get_max_early_data                  430	1_1_1	EXIST::FUNCTION:
+SSL_CTX_get_max_early_data              431	1_1_1	EXIST::FUNCTION:
+SSL_write_early_data                    432	1_1_1	EXIST::FUNCTION:
+SSL_read_early_data                     433	1_1_1	EXIST::FUNCTION:
+SSL_get_early_data_status               434	1_1_1	EXIST::FUNCTION:
+SSL_SESSION_get_max_early_data          435	1_1_1	EXIST::FUNCTION:
+SSL_add1_to_CA_list                     436	1_1_1	EXIST::FUNCTION:
+SSL_set0_CA_list                        437	1_1_1	EXIST::FUNCTION:
+SSL_CTX_set0_CA_list                    438	1_1_1	EXIST::FUNCTION:
+SSL_get0_CA_list                        439	1_1_1	EXIST::FUNCTION:
+SSL_get0_peer_CA_list                   440	1_1_1	EXIST::FUNCTION:
+SSL_CTX_add1_to_CA_list                 441	1_1_1	EXIST::FUNCTION:
+SSL_CTX_get0_CA_list                    442	1_1_1	EXIST::FUNCTION:
+SSL_CTX_add_custom_ext                  443	1_1_1	EXIST::FUNCTION:
+SSL_SESSION_is_resumable                444	1_1_1	EXIST::FUNCTION:
+SSL_CTX_set_record_padding_callback     445	1_1_1	EXIST::FUNCTION:
+SSL_set_record_padding_callback         446	1_1_1	EXIST::FUNCTION:
+SSL_CTX_set_block_padding               447	1_1_1	EXIST::FUNCTION:
+SSL_CTX_get_record_padding_callback_arg 448	1_1_1	EXIST::FUNCTION:
+SSL_get_record_padding_callback_arg     449	1_1_1	EXIST::FUNCTION:
+SSL_set_block_padding                   450	1_1_1	EXIST::FUNCTION:
+SSL_set_record_padding_callback_arg     451	1_1_1	EXIST::FUNCTION:
+SSL_CTX_set_record_padding_callback_arg 452	1_1_1	EXIST::FUNCTION:
+SSL_CTX_use_serverinfo_ex               453	1_1_1	EXIST::FUNCTION:
+SSL_client_hello_get1_extensions_present 454	1_1_1	EXIST::FUNCTION:
+SSL_set_psk_find_session_callback       455	1_1_1	EXIST::FUNCTION:
+SSL_set_psk_use_session_callback        456	1_1_1	EXIST::FUNCTION:
+SSL_CTX_set_psk_use_session_callback    457	1_1_1	EXIST::FUNCTION:
+SSL_CTX_set_psk_find_session_callback   458	1_1_1	EXIST::FUNCTION:
+SSL_CIPHER_get_handshake_digest         459	1_1_1	EXIST::FUNCTION:
+SSL_SESSION_set1_master_key             460	1_1_1	EXIST::FUNCTION:
+SSL_SESSION_set_cipher                  461	1_1_1	EXIST::FUNCTION:
+SSL_SESSION_set_protocol_version        462	1_1_1	EXIST::FUNCTION:
+OPENSSL_cipher_name                     463	1_1_1	EXIST::FUNCTION:
+SSL_alloc_buffers                       464	1_1_1	EXIST::FUNCTION:
+SSL_free_buffers                        465	1_1_1	EXIST::FUNCTION:
+SSL_SESSION_dup                         466	1_1_1	EXIST::FUNCTION:
+SSL_get_pending_cipher                  467	1_1_1	EXIST::FUNCTION:
+SSL_CIPHER_get_protocol_id              468	1_1_1	EXIST::FUNCTION:
+SSL_SESSION_set_max_early_data          469	1_1_1	EXIST::FUNCTION:
+SSL_SESSION_set1_alpn_selected          470	1_1_1	EXIST::FUNCTION:
+SSL_SESSION_set1_hostname               471	1_1_1	EXIST::FUNCTION:
+SSL_SESSION_get0_alpn_selected          472	1_1_1	EXIST::FUNCTION:
+DTLS_set_timer_cb                       473	1_1_1	EXIST::FUNCTION:
+SSL_CTX_set_tlsext_max_fragment_length  474	1_1_1	EXIST::FUNCTION:
+SSL_set_tlsext_max_fragment_length      475	1_1_1	EXIST::FUNCTION:
+SSL_SESSION_get_max_fragment_length     476	1_1_1	EXIST::FUNCTION:
+SSL_stateless                           477	1_1_1	EXIST::FUNCTION:
+SSL_verify_client_post_handshake        478	1_1_1	EXIST::FUNCTION:
+SSL_set_post_handshake_auth             479	1_1_1	EXIST::FUNCTION:
+SSL_export_keying_material_early        480	1_1_1	EXIST::FUNCTION:
+SSL_CTX_use_cert_and_key                481	1_1_1	EXIST::FUNCTION:
+SSL_use_cert_and_key                    482	1_1_1	EXIST::FUNCTION:
+SSL_SESSION_get0_ticket_appdata         483	1_1_1	EXIST::FUNCTION:
+SSL_SESSION_set1_ticket_appdata         484	1_1_1	EXIST::FUNCTION:
+SSL_CTX_set_session_ticket_cb           485	1_1_1	EXIST::FUNCTION:
+SSL_CTX_set_stateless_cookie_generate_cb 486	1_1_1	EXIST::FUNCTION:
+SSL_CTX_set_stateless_cookie_verify_cb  487	1_1_1	EXIST::FUNCTION:
+SSL_CTX_set_ciphersuites                488	1_1_1	EXIST::FUNCTION:
+SSL_set_ciphersuites                    489	1_1_1	EXIST::FUNCTION:
+SSL_set_num_tickets                     490	1_1_1	EXIST::FUNCTION:
+SSL_CTX_get_num_tickets                 491	1_1_1	EXIST::FUNCTION:
+SSL_get_num_tickets                     492	1_1_1	EXIST::FUNCTION:
+SSL_CTX_set_num_tickets                 493	1_1_1	EXIST::FUNCTION:
+SSL_CTX_set_allow_early_data_cb         494	1_1_1	EXIST::FUNCTION:
+SSL_set_allow_early_data_cb             495	1_1_1	EXIST::FUNCTION:
+SSL_set_recv_max_early_data             496	1_1_1	EXIST::FUNCTION:
+SSL_get_recv_max_early_data             497	1_1_1	EXIST::FUNCTION:
+SSL_CTX_get_recv_max_early_data         498	1_1_1	EXIST::FUNCTION:
+SSL_CTX_set_recv_max_early_data         499	1_1_1	EXIST::FUNCTION:
+SSL_CTX_set_post_handshake_auth         500	1_1_1	EXIST::FUNCTION:
+SSL_get_signature_type_nid              501	1_1_1a	EXIST::FUNCTION:
diff --git a/trunk/3rdparty/openssl-1.1-fit/util/local_shlib.com.in b/trunk/3rdparty/openssl-1.1-fit/util/local_shlib.com.in
new file mode 100644
index 000000000..a38187253
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/util/local_shlib.com.in
@@ -0,0 +1,30 @@
+${-
+  use File::Spec::Functions qw(rel2abs);
+
+  my $bldtop = rel2abs($config{builddir});
+  our %names = ( map { $_ => $bldtop.$_.".EXE" }
+                 map { $unified_info{sharednames}->{$_} || () }
+                 @{$unified_info{libraries}} );
+  "" -}
+$       ! Create a local environment with the shared library logical names
+$       ! properly set.  Undo this with unlocal_shlib.com
+$
+$       OPENSSL_NAMES := OPENSSL_NAMES_'F$GETJPI("","PID")'
+$       CREATE/NAME_TABLE/PARENT_TABLE=LNM$PROCESS_DIRECTORY 'OPENSSL_NAMES'
+$       DEFINE/TABLE='OPENSSL_NAMES' OSSL_FLAG YES
+$
+$       NAMES := {- join(",", keys %names); -}
+{-
+  join("\n", map { "\$       __$_ = \"".$names{$_}."\"" } keys %names);
+-}
+$       I = 0
+$       LOOP:
+$           E = F$ELEMENT(I,",",NAMES)
+$           I = I + 1
+$           IF E .EQS. "," THEN GOTO ENDLOOP
+$           EV = __'E'
+$           OLDV = F$TRNLNM(E,"LNM$PROCESS")
+$           IF OLDV .NES. "" THEN DEFINE/TABLE='OPENSSL_NAMES' 'E' 'OLDV'
+$           DEFINE 'E' 'EV'
+$           GOTO LOOP
+$       ENDLOOP:
diff --git a/trunk/3rdparty/openssl-1.1-fit/util/mkbuildinf.pl b/trunk/3rdparty/openssl-1.1-fit/util/mkbuildinf.pl
new file mode 100755
index 000000000..c9324a9de
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/util/mkbuildinf.pl
@@ -0,0 +1,56 @@
+#! /usr/bin/env perl
+# Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+use warnings;
+
+my ($cflags, $platform) = @ARGV;
+$cflags = "compiler: $cflags";
+
+my $date = gmtime($ENV{'SOURCE_DATE_EPOCH'} || time()) . " UTC";
+
+print <<"END_OUTPUT";
+/*
+ * WARNING: do not edit!
+ * Generated by util/mkbuildinf.pl
+ *
+ * Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#define PLATFORM "platform: $platform"
+#define DATE "built on: $date"
+
+/*
+ * Generate compiler_flags as an array of individual characters. This is a
+ * workaround for the situation where CFLAGS gets too long for a C90 string
+ * literal
+ */
+static const char compiler_flags[] = {
+END_OUTPUT
+
+my $ctr = 0;
+foreach my $c (split //, $cflags) {
+    $c =~ s|([\\'])|\\$1|;
+    # Max 16 characters per line
+    if  (($ctr++ % 16) == 0) {
+        if ($ctr != 1) {
+            print "\n";
+        }
+        print "    ";
+    }
+    print "'$c',";
+}
+print <<"END_OUTPUT";
+'\\0'
+};
+END_OUTPUT
diff --git a/trunk/3rdparty/openssl-1.1-fit/util/mkdef.pl b/trunk/3rdparty/openssl-1.1-fit/util/mkdef.pl
new file mode 100755
index 000000000..bcbb47583
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/util/mkdef.pl
@@ -0,0 +1,1633 @@
+#! /usr/bin/env perl
+# Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# generate a .def file
+#
+# It does this by parsing the header files and looking for the
+# prototyped functions: it then prunes the output.
+#
+# Intermediary files are created, call libcrypto.num and libssl.num,
+# The format of these files is:
+#
+#	routine-name	nnnn	vers	info
+#
+# The "nnnn" and "vers" fields are the numeric id and version for the symbol
+# respectively. The "info" part is actually a colon-separated string of fields
+# with the following meaning:
+#
+#	existence:platform:kind:algorithms
+#
+# - "existence" can be "EXIST" or "NOEXIST" depending on if the symbol is
+#   found somewhere in the source,
+# - "platforms" is empty if it exists on all platforms, otherwise it contains
+#   comma-separated list of the platform, just as they are if the symbol exists
+#   for those platforms, or prepended with a "!" if not.  This helps resolve
+#   symbol name variants for platforms where the names are too long for the
+#   compiler or linker, or if the systems is case insensitive and there is a
+#   clash, or the symbol is implemented differently (see
+#   EXPORT_VAR_AS_FUNCTION).  This script assumes renaming of symbols is found
+#   in the file crypto/symhacks.h.
+#   The semantics for the platforms is that every item is checked against the
+#   environment.  For the negative items ("!FOO"), if any of them is false
+#   (i.e. "FOO" is true) in the environment, the corresponding symbol can't be
+#   used.  For the positive items, if all of them are false in the environment,
+#   the corresponding symbol can't be used.  Any combination of positive and
+#   negative items are possible, and of course leave room for some redundancy.
+# - "kind" is "FUNCTION" or "VARIABLE".  The meaning of that is obvious.
+# - "algorithms" is a comma-separated list of algorithm names.  This helps
+#   exclude symbols that are part of an algorithm that some user wants to
+#   exclude.
+#
+
+use lib ".";
+use configdata;
+use File::Spec::Functions;
+use File::Basename;
+use FindBin;
+use lib "$FindBin::Bin/perl";
+use OpenSSL::Glob;
+
+# When building a "variant" shared library, with a custom SONAME, also customize
+# all the symbol versions.  This produces a shared object that can coexist
+# without conflict in the same address space as a default build, or an object
+# with a different variant tag.
+#
+# For example, with a target definition that includes:
+#
+#         shlib_variant => "-opt",
+#
+# we build the following objects:
+#
+# $ perl -le '
+#     for (@ARGV) {
+#         if ($l = readlink) {
+#             printf "%s -> %s\n", $_, $l
+#         } else {
+#             print
+#         }
+#     }' *.so*
+# libcrypto-opt.so.1.1
+# libcrypto.so -> libcrypto-opt.so.1.1
+# libssl-opt.so.1.1
+# libssl.so -> libssl-opt.so.1.1
+#
+# whose SONAMEs and dependencies are:
+#
+# $ for l in *.so; do
+#     echo $l
+#     readelf -d $l | egrep 'SONAME|NEEDED.*(ssl|crypto)'
+#   done
+# libcrypto.so
+#  0x000000000000000e (SONAME)             Library soname: [libcrypto-opt.so.1.1]
+# libssl.so
+#  0x0000000000000001 (NEEDED)             Shared library: [libcrypto-opt.so.1.1]
+#  0x000000000000000e (SONAME)             Library soname: [libssl-opt.so.1.1]
+#
+# We case-fold the variant tag to upper case and replace all non-alnum
+# characters with "_".  This yields the following symbol versions:
+#
+# $ nm libcrypto.so | grep -w A
+# 0000000000000000 A OPENSSL_OPT_1_1_0
+# 0000000000000000 A OPENSSL_OPT_1_1_0a
+# 0000000000000000 A OPENSSL_OPT_1_1_0c
+# 0000000000000000 A OPENSSL_OPT_1_1_0d
+# 0000000000000000 A OPENSSL_OPT_1_1_0f
+# 0000000000000000 A OPENSSL_OPT_1_1_0g
+# $ nm libssl.so | grep -w A
+# 0000000000000000 A OPENSSL_OPT_1_1_0
+# 0000000000000000 A OPENSSL_OPT_1_1_0d
+#
+(my $SO_VARIANT = qq{\U$target{"shlib_variant"}}) =~ s/\W/_/g;
+
+my $debug=0;
+my $trace=0;
+my $verbose=0;
+
+my $crypto_num= catfile($config{sourcedir},"util","libcrypto.num");
+my $ssl_num=    catfile($config{sourcedir},"util","libssl.num");
+my $libname;
+
+my $do_update = 0;
+my $do_rewrite = 1;
+my $do_crypto = 0;
+my $do_ssl = 0;
+my $do_ctest = 0;
+my $do_ctestall = 0;
+my $do_checkexist = 0;
+
+my $VMS=0;
+my $W32=0;
+my $NT=0;
+my $UNIX=0;
+my $linux=0;
+my $aix=0;
+# Set this to make typesafe STACK definitions appear in DEF
+my $safe_stack_def = 0;
+
+my @known_platforms = ( "__FreeBSD__", "PERL5",
+			"EXPORT_VAR_AS_FUNCTION", "ZLIB", "_WIN32"
+			);
+my @known_ossl_platforms = ( "UNIX", "VMS", "WIN32", "WINNT", "OS2" );
+my @known_algorithms = ( # These are algorithms we know are guarded in relevant
+			 # header files, but aren't actually disablable.
+			 # Without these, this script will warn a lot.
+			 "RSA", "MD5",
+			 # @disablables comes from configdata.pm
+			 map { (my $x = uc $_) =~ s|-|_|g; $x; } @disablables,
+			 # Deprecated functions.  Not really algorithmss, but
+			 # treated as such here for the sake of simplicity
+			 "DEPRECATEDIN_0_9_8",
+			 "DEPRECATEDIN_1_0_0",
+			 "DEPRECATEDIN_1_1_0",
+			 "DEPRECATEDIN_1_2_0",
+                     );
+
+# %disabled comes from configdata.pm
+my %disabled_algorithms =
+    map { (my $x = uc $_) =~ s|-|_|g; $x => 1; } keys %disabled;
+
+my $apiv = sprintf "%x%02x%02x", split(/\./, $config{api});
+foreach (@known_algorithms) {
+	if (/^DEPRECATEDIN_(\d+)_(\d+)_(\d+)$/) {
+		my $depv = sprintf "%x%02x%02x", $1, $2, $3;
+		$disabled_algorithms{$_} = 1 if $apiv ge $depv;
+	}
+}
+
+my $zlib;
+
+foreach (@ARGV, split(/ /, $config{options}))
+	{
+	$debug=1 if $_ eq "debug";
+	$trace=1 if $_ eq "trace";
+	$verbose=1 if $_ eq "verbose";
+	$W32=1 if $_ eq "32";
+	die "win16 not supported" if $_ eq "16";
+	if($_ eq "NT") {
+		$W32 = 1;
+		$NT = 1;
+	} elsif ($_ eq "linux") {
+		$linux=1;
+		$UNIX=1;
+	} elsif ($_ eq "aix") {
+		$aix=1;
+		$UNIX=1;
+	} elsif ($_ eq "VMS") {
+		$VMS=1;
+	}
+	if ($_ eq "zlib" || $_ eq "enable-zlib" || $_ eq "zlib-dynamic"
+			 || $_ eq "enable-zlib-dynamic") {
+		$zlib = 1;
+	}
+
+	$do_crypto=1 if $_ eq "libcrypto" || $_ eq "crypto";
+	$do_ssl=1 if $_ eq "libssl" || $_ eq "ssl";
+
+	$do_update=1 if $_ eq "update";
+	$do_rewrite=1 if $_ eq "rewrite";
+	$do_ctest=1 if $_ eq "ctest";
+	$do_ctestall=1 if $_ eq "ctestall";
+	$do_checkexist=1 if $_ eq "exist";
+	}
+$libname = $unified_info{sharednames}->{libcrypto} if $do_crypto;
+$libname = $unified_info{sharednames}->{libssl} if $do_ssl;
+
+if (!$libname) {
+	if ($do_ssl) {
+		$libname="LIBSSL";
+	}
+	if ($do_crypto) {
+		$libname="LIBCRYPTO";
+	}
+}
+
+# If no platform is given, assume WIN32
+if ($W32 + $VMS + $linux + $aix == 0) {
+	$W32 = 1;
+}
+die "Please, only one platform at a time"
+    if ($W32 + $VMS + $linux + $aix > 1);
+
+if (!$do_ssl && !$do_crypto)
+	{
+	print STDERR "usage: $0 ( ssl | crypto ) [ 16 | 32 | NT | OS2 | linux | VMS ]\n";
+	exit(1);
+	}
+
+%ssl_list=&load_numbers($ssl_num);
+$max_ssl = $max_num;
+%crypto_list=&load_numbers($crypto_num);
+$max_crypto = $max_num;
+
+my $ssl="include/openssl/ssl.h";
+$ssl.=" include/openssl/sslerr.h";
+$ssl.=" include/openssl/tls1.h";
+$ssl.=" include/openssl/srtp.h";
+
+# When scanning include/openssl, skip all SSL files and some internal ones.
+my %skipthese;
+foreach my $f ( split(/\s+/, $ssl) ) {
+    $skipthese{$f} = 1;
+}
+$skipthese{'include/openssl/conf_api.h'} = 1;
+$skipthese{'include/openssl/ebcdic.h'} = 1;
+$skipthese{'include/openssl/opensslconf.h'} = 1;
+
+# We use headers found in include/openssl and include/internal only.
+# The latter is needed so libssl.so/.dll/.exe can link properly.
+my $crypto ="include/internal/dso.h";
+$crypto.=" include/internal/o_dir.h";
+$crypto.=" include/internal/o_str.h";
+$crypto.=" include/internal/err.h";
+$crypto.=" include/internal/sslconf.h";
+foreach my $f ( glob(catfile($config{sourcedir},'include/openssl/*.h')) ) {
+    my $fn = "include/openssl/" . basename($f);
+    $crypto .= " $fn" if !defined $skipthese{$fn};
+}
+
+my $symhacks="include/openssl/symhacks.h";
+
+my @ssl_symbols = &do_defs("LIBSSL", $ssl, $symhacks);
+my @crypto_symbols = &do_defs("LIBCRYPTO", $crypto, $symhacks);
+
+if ($do_update) {
+
+if ($do_ssl == 1) {
+
+	&maybe_add_info("LIBSSL",*ssl_list,@ssl_symbols);
+	if ($do_rewrite == 1) {
+		open(OUT, ">$ssl_num");
+		&rewrite_numbers(*OUT,"LIBSSL",*ssl_list,@ssl_symbols);
+	} else {
+		open(OUT, ">>$ssl_num");
+	}
+	&update_numbers(*OUT,"LIBSSL",*ssl_list,$max_ssl,@ssl_symbols);
+	close OUT;
+}
+
+if($do_crypto == 1) {
+
+	&maybe_add_info("LIBCRYPTO",*crypto_list,@crypto_symbols);
+	if ($do_rewrite == 1) {
+		open(OUT, ">$crypto_num");
+		&rewrite_numbers(*OUT,"LIBCRYPTO",*crypto_list,@crypto_symbols);
+	} else {
+		open(OUT, ">>$crypto_num");
+	}
+	&update_numbers(*OUT,"LIBCRYPTO",*crypto_list,$max_crypto,@crypto_symbols);
+	close OUT;
+}
+
+} elsif ($do_checkexist) {
+	&check_existing(*ssl_list, @ssl_symbols)
+		if $do_ssl == 1;
+	&check_existing(*crypto_list, @crypto_symbols)
+		if $do_crypto == 1;
+} elsif ($do_ctest || $do_ctestall) {
+
+	print <<"EOF";
+
+/* Test file to check all DEF file symbols are present by trying
+ * to link to all of them. This is *not* intended to be run!
+ */
+
+int main()
+{
+EOF
+	&print_test_file(*STDOUT,"LIBSSL",*ssl_list,$do_ctestall,@ssl_symbols)
+		if $do_ssl == 1;
+
+	&print_test_file(*STDOUT,"LIBCRYPTO",*crypto_list,$do_ctestall,@crypto_symbols)
+		if $do_crypto == 1;
+
+	print "}\n";
+
+} else {
+
+	&print_def_file(*STDOUT,$libname,*ssl_list,@ssl_symbols)
+		if $do_ssl == 1;
+
+	&print_def_file(*STDOUT,$libname,*crypto_list,@crypto_symbols)
+		if $do_crypto == 1;
+
+}
+
+
+sub do_defs
+{
+	my($name,$files,$symhacksfile)=@_;
+	my $file;
+	my @ret;
+	my %syms;
+	my %platform;		# For anything undefined, we assume ""
+	my %kind;		# For anything undefined, we assume "FUNCTION"
+	my %algorithm;		# For anything undefined, we assume ""
+	my %variant;
+	my %variant_cnt;	# To be able to allocate "name{n}" if "name"
+				# is the same name as the original.
+	my $cpp;
+	my %unknown_algorithms = ();
+	my $parens = 0;
+
+	foreach $file (split(/\s+/,$symhacksfile." ".$files))
+		{
+		my $fn = catfile($config{sourcedir},$file);
+		print STDERR "DEBUG: starting on $fn:\n" if $debug;
+		print STDERR "TRACE: start reading $fn\n" if $trace;
+		open(IN,"<$fn") || die "Can't open $fn, $!,";
+		my $line = "", my $def= "";
+		my %tag = (
+			(map { $_ => 0 } @known_platforms),
+			(map { "OPENSSL_SYS_".$_ => 0 } @known_ossl_platforms),
+			(map { "OPENSSL_NO_".$_ => 0 } @known_algorithms),
+			(map { "OPENSSL_USE_".$_ => 0 } @known_algorithms),
+			(grep /^DEPRECATED_/, @known_algorithms),
+			NOPROTO		=> 0,
+			PERL5		=> 0,
+			_WINDLL		=> 0,
+			CONST_STRICT	=> 0,
+			TRUE		=> 1,
+		);
+		my $symhacking = $file eq $symhacksfile;
+		my @current_platforms = ();
+		my @current_algorithms = ();
+
+		# params: symbol, alias, platforms, kind
+		# The reason to put this subroutine in a variable is that
+		# it will otherwise create it's own, unshared, version of
+		# %tag and %variant...
+		my $make_variant = sub
+		{
+			my ($s, $a, $p, $k) = @_;
+			my ($a1, $a2);
+
+			print STDERR "DEBUG: make_variant: Entered with ",$s,", ",$a,", ",(defined($p)?$p:""),", ",(defined($k)?$k:""),"\n" if $debug;
+			if (defined($p))
+			{
+				$a1 = join(",",$p,
+					   grep(!/^$/,
+						map { $tag{$_} == 1 ? $_ : "" }
+						@known_platforms));
+			}
+			else
+			{
+				$a1 = join(",",
+					   grep(!/^$/,
+						map { $tag{$_} == 1 ? $_ : "" }
+						@known_platforms));
+			}
+			$a2 = join(",",
+				   grep(!/^$/,
+					map { $tag{"OPENSSL_SYS_".$_} == 1 ? $_ : "" }
+					@known_ossl_platforms));
+			print STDERR "DEBUG: make_variant: a1 = $a1; a2 = $a2\n" if $debug;
+			if ($a1 eq "") { $a1 = $a2; }
+			elsif ($a1 ne "" && $a2 ne "") { $a1 .= ",".$a2; }
+			if ($a eq $s)
+			{
+				if (!defined($variant_cnt{$s}))
+				{
+					$variant_cnt{$s} = 0;
+				}
+				$variant_cnt{$s}++;
+				$a .= "{$variant_cnt{$s}}";
+			}
+			my $toadd = $a.":".$a1.(defined($k)?":".$k:"");
+			my $togrep = $s.'(\{[0-9]+\})?:'.$a1.(defined($k)?":".$k:"");
+			if (!grep(/^$togrep$/,
+				  split(/;/, defined($variant{$s})?$variant{$s}:""))) {
+				if (defined($variant{$s})) { $variant{$s} .= ";"; }
+				$variant{$s} .= $toadd;
+			}
+			print STDERR "DEBUG: make_variant: Exit with variant of ",$s," = ",$variant{$s},"\n" if $debug;
+		};
+
+		print STDERR "DEBUG: parsing ----------\n" if $debug;
+		while(<IN>) {
+			s|\R$||; # Better chomp
+			if($parens > 0) {
+				#Inside a DEPRECATEDIN
+				$stored_multiline .= $_;
+				print STDERR "DEBUG: Continuing multiline DEPRECATEDIN: $stored_multiline\n" if $debug;
+				$parens = count_parens($stored_multiline);
+				if ($parens == 0) {
+					$def .= do_deprecated($stored_multiline,
+							\@current_platforms,
+							\@current_algorithms);
+				}
+				next;
+			}
+			if (/\/\* Error codes for the \w+ functions\. \*\//)
+				{
+				undef @tag;
+				last;
+				}
+			if ($line ne '') {
+				$_ = $line . $_;
+				$line = '';
+			}
+
+			if (/\\$/) {
+				$line = $`; # keep what was before the backslash
+				next;
+			}
+
+			if(/\/\*/) {
+				if (not /\*\//) {	# multi-line comment...
+					$line = $_;	# ... just accumulate
+					next;
+				} else {
+					s/\/\*.*?\*\///gs;# wipe it
+				}
+			}
+
+			if ($cpp) {
+				$cpp++ if /^#\s*if/;
+				$cpp-- if /^#\s*endif/;
+				next;
+			}
+			if (/^#.*ifdef.*cplusplus/) {
+				$cpp = 1;
+				next;
+			}
+
+			s/{[^{}]*}//gs;                      # ignore {} blocks
+			print STDERR "DEBUG: \$def=\"$def\"\n" if $debug && $def ne "";
+			print STDERR "DEBUG: \$_=\"$_\"\n" if $debug;
+			if (/^\#\s*if\s+OPENSSL_API_COMPAT\s*(\S)\s*(0x[0-9a-fA-F]{8})L\s*$/) {
+				my $op = $1;
+				my $v = hex($2);
+				if ($op ne '<' && $op ne '>=') {
+				    die "$file unacceptable operator $op: $_\n";
+				}
+				my ($one, $major, $minor) =
+				    ( ($v >> 28) & 0xf,
+				      ($v >> 20) & 0xff,
+				      ($v >> 12) & 0xff );
+				my $t = "DEPRECATEDIN_${one}_${major}_${minor}";
+				push(@tag,"-");
+				push(@tag,$t);
+				$tag{$t}=($op eq '<' ? 1 : -1);
+				print STDERR "DEBUG: $file: found tag $t = $tag{$t}\n" if $debug;
+			} elsif (/^\#\s*ifndef\s+(.*)/) {
+				push(@tag,"-");
+				push(@tag,$1);
+				$tag{$1}=-1;
+				print STDERR "DEBUG: $file: found tag $1 = -1\n" if $debug;
+			} elsif (/^\#\s*if\s+!defined\s*\(([^\)]+)\)/) {
+				push(@tag,"-");
+				if (/^\#\s*if\s+(!defined\s*\(([^\)]+)\)(\s+\&\&\s+!defined\s*\(([^\)]+)\))*)$/) {
+					my $tmp_1 = $1;
+					my $tmp_;
+					foreach $tmp_ (split '\&\&',$tmp_1) {
+						$tmp_ =~ /!defined\s*\(([^\)]+)\)/;
+						print STDERR "DEBUG: $file: found tag $1 = -1\n" if $debug;
+						push(@tag,$1);
+						$tag{$1}=-1;
+					}
+				} else {
+					print STDERR "Warning: $file: taking only '!defined($1)' of complicated expression: $_" if $verbose; # because it is O...
+					print STDERR "DEBUG: $file: found tag $1 = -1\n" if $debug;
+					push(@tag,$1);
+					$tag{$1}=-1;
+				}
+			} elsif (/^\#\s*ifdef\s+(\S*)/) {
+				push(@tag,"-");
+				push(@tag,$1);
+				$tag{$1}=1;
+				print STDERR "DEBUG: $file: found tag $1 = 1\n" if $debug;
+			} elsif (/^\#\s*if\s+defined\s*\(([^\)]+)\)/) {
+				push(@tag,"-");
+				if (/^\#\s*if\s+(defined\s*\(([^\)]+)\)(\s+\|\|\s+defined\s*\(([^\)]+)\))*)$/) {
+					my $tmp_1 = $1;
+					my $tmp_;
+					foreach $tmp_ (split '\|\|',$tmp_1) {
+						$tmp_ =~ /defined\s*\(([^\)]+)\)/;
+						print STDERR "DEBUG: $file: found tag $1 = 1\n" if $debug;
+						push(@tag,$1);
+						$tag{$1}=1;
+					}
+				} else {
+					print STDERR "Warning: $file: taking only 'defined($1)' of complicated expression: $_\n" if $verbose; # because it is O...
+					print STDERR "DEBUG: $file: found tag $1 = 1\n" if $debug;
+					push(@tag,$1);
+					$tag{$1}=1;
+				}
+			} elsif (/^\#\s*error\s+(\w+) is disabled\./) {
+				my $tag_i = $#tag;
+				while($tag[$tag_i] ne "-") {
+					if ($tag[$tag_i] eq "OPENSSL_NO_".$1) {
+						$tag{$tag[$tag_i]}=2;
+						print STDERR "DEBUG: $file: changed tag $1 = 2\n" if $debug;
+					}
+					$tag_i--;
+				}
+			} elsif (/^\#\s*endif/) {
+				my $tag_i = $#tag;
+				while($tag_i > 0 && $tag[$tag_i] ne "-") {
+					my $t=$tag[$tag_i];
+					print STDERR "DEBUG: \$t=\"$t\"\n" if $debug;
+					if ($tag{$t}==2) {
+						$tag{$t}=-1;
+					} else {
+						$tag{$t}=0;
+					}
+					print STDERR "DEBUG: $file: changed tag ",$t," = ",$tag{$t},"\n" if $debug;
+					pop(@tag);
+					if ($t =~ /^OPENSSL_NO_([A-Z0-9_]+)$/) {
+						$t=$1;
+					} elsif($t =~ /^OPENSSL_USE_([A-Z0-9_]+)$/) {
+						$t=$1;
+					} else {
+						$t="";
+					}
+					if ($t ne ""
+					    && !grep(/^$t$/, @known_algorithms)) {
+						$unknown_algorithms{$t} = 1;
+						#print STDERR "DEBUG: Added as unknown algorithm: $t\n" if $debug;
+					}
+					$tag_i--;
+				}
+				pop(@tag);
+			} elsif (/^\#\s*else/) {
+				my $tag_i = $#tag;
+				die "$file unmatched else\n" if $tag_i < 0;
+				while($tag[$tag_i] ne "-") {
+					my $t=$tag[$tag_i];
+					$tag{$t}= -$tag{$t};
+					print STDERR "DEBUG: $file: changed tag ",$t," = ",$tag{$t},"\n" if $debug;
+					$tag_i--;
+				}
+			} elsif (/^\#\s*if\s+1/) {
+				push(@tag,"-");
+				# Dummy tag
+				push(@tag,"TRUE");
+				$tag{"TRUE"}=1;
+				print STDERR "DEBUG: $file: found 1\n" if $debug;
+			} elsif (/^\#\s*if\s+0/) {
+				push(@tag,"-");
+				# Dummy tag
+				push(@tag,"TRUE");
+				$tag{"TRUE"}=-1;
+				print STDERR "DEBUG: $file: found 0\n" if $debug;
+			} elsif (/^\#\s*if\s+/) {
+				#Some other unrecognized "if" style
+				push(@tag,"-");
+				print STDERR "Warning: $file: ignoring unrecognized expression: $_\n" if $verbose; # because it is O...
+			} elsif (/^\#\s*define\s+(\w+)\s+(\w+)/
+				 && $symhacking && $tag{'TRUE'} != -1) {
+				# This is for aliasing.  When we find an alias,
+				# we have to invert
+				&$make_variant($1,$2);
+				print STDERR "DEBUG: $file: defined $1 = $2\n" if $debug;
+			}
+			if (/^\#/) {
+				@current_platforms =
+				    grep(!/^$/,
+					 map { $tag{$_} == 1 ? $_ :
+						   $tag{$_} == -1 ? "!".$_  : "" }
+					 @known_platforms);
+				push @current_platforms
+				    , grep(!/^$/,
+					   map { $tag{"OPENSSL_SYS_".$_} == 1 ? $_ :
+						     $tag{"OPENSSL_SYS_".$_} == -1 ? "!".$_  : "" }
+					   @known_ossl_platforms);
+				@current_algorithms = ();
+				@current_algorithms =
+				    grep(!/^$/,
+					 map { $tag{"OPENSSL_NO_".$_} == -1 ? $_ : "" }
+					 @known_algorithms);
+				push @current_algorithms
+				    , grep(!/^$/,
+					 map { $tag{"OPENSSL_USE_".$_} == 1 ? $_ : "" }
+					 @known_algorithms);
+				push @current_algorithms,
+				    grep { /^DEPRECATEDIN_/ && $tag{$_} == 1 }
+				    @known_algorithms;
+				$def .=
+				    "#INFO:"
+					.join(',',@current_platforms).":"
+					    .join(',',@current_algorithms).";";
+				next;
+			}
+			if ($tag{'TRUE'} != -1) {
+				if (/^\s*DEFINE_STACK_OF\s*\(\s*(\w*)\s*\)/
+						|| /^\s*DEFINE_STACK_OF_CONST\s*\(\s*(\w*)\s*\)/) {
+					next;
+				} elsif (/^\s*DECLARE_ASN1_ENCODE_FUNCTIONS\s*\(\s*(\w*)\s*,\s*(\w*)\s*,\s*(\w*)\s*\)/) {
+					$def .= "int d2i_$3(void);";
+					$def .= "int i2d_$3(void);";
+					# Variant for platforms that do not
+					# have to access global variables
+					# in shared libraries through functions
+					$def .=
+					    "#INFO:"
+						.join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					$def .= "OPENSSL_EXTERN int $2_it;";
+					$def .=
+					    "#INFO:"
+						.join(',',@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					# Variant for platforms that have to
+					# access global variables in shared
+					# libraries through functions
+					&$make_variant("$2_it","$2_it",
+						      "EXPORT_VAR_AS_FUNCTION",
+						      "FUNCTION");
+					next;
+				} elsif (/^\s*DECLARE_ASN1_FUNCTIONS_fname\s*\(\s*(\w*)\s*,\s*(\w*)\s*,\s*(\w*)\s*\)/) {
+					$def .= "int d2i_$3(void);";
+					$def .= "int i2d_$3(void);";
+					$def .= "int $3_free(void);";
+					$def .= "int $3_new(void);";
+					# Variant for platforms that do not
+					# have to access global variables
+					# in shared libraries through functions
+					$def .=
+					    "#INFO:"
+						.join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					$def .= "OPENSSL_EXTERN int $2_it;";
+					$def .=
+					    "#INFO:"
+						.join(',',@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					# Variant for platforms that have to
+					# access global variables in shared
+					# libraries through functions
+					&$make_variant("$2_it","$2_it",
+						      "EXPORT_VAR_AS_FUNCTION",
+						      "FUNCTION");
+					next;
+				} elsif (/^\s*DECLARE_ASN1_FUNCTIONS\s*\(\s*(\w*)\s*\)/ ||
+					 /^\s*DECLARE_ASN1_FUNCTIONS_const\s*\(\s*(\w*)\s*\)/) {
+					$def .= "int d2i_$1(void);";
+					$def .= "int i2d_$1(void);";
+					$def .= "int $1_free(void);";
+					$def .= "int $1_new(void);";
+					# Variant for platforms that do not
+					# have to access global variables
+					# in shared libraries through functions
+					$def .=
+					    "#INFO:"
+						.join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					$def .= "OPENSSL_EXTERN int $1_it;";
+					$def .=
+					    "#INFO:"
+						.join(',',@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					# Variant for platforms that have to
+					# access global variables in shared
+					# libraries through functions
+					&$make_variant("$1_it","$1_it",
+						      "EXPORT_VAR_AS_FUNCTION",
+						      "FUNCTION");
+					next;
+				} elsif (/^\s*DECLARE_ASN1_ENCODE_FUNCTIONS_const\s*\(\s*(\w*)\s*,\s*(\w*)\s*\)/) {
+					$def .= "int d2i_$2(void);";
+					$def .= "int i2d_$2(void);";
+					# Variant for platforms that do not
+					# have to access global variables
+					# in shared libraries through functions
+					$def .=
+					    "#INFO:"
+						.join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					$def .= "OPENSSL_EXTERN int $2_it;";
+					$def .=
+					    "#INFO:"
+						.join(',',@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					# Variant for platforms that have to
+					# access global variables in shared
+					# libraries through functions
+					&$make_variant("$2_it","$2_it",
+						      "EXPORT_VAR_AS_FUNCTION",
+						      "FUNCTION");
+					next;
+				} elsif (/^\s*DECLARE_ASN1_ALLOC_FUNCTIONS\s*\(\s*(\w*)\s*\)/) {
+					$def .= "int $1_free(void);";
+					$def .= "int $1_new(void);";
+					next;
+				} elsif (/^\s*DECLARE_ASN1_FUNCTIONS_name\s*\(\s*(\w*)\s*,\s*(\w*)\s*\)/) {
+					$def .= "int d2i_$2(void);";
+					$def .= "int i2d_$2(void);";
+					$def .= "int $2_free(void);";
+					$def .= "int $2_new(void);";
+					# Variant for platforms that do not
+					# have to access global variables
+					# in shared libraries through functions
+					$def .=
+					    "#INFO:"
+						.join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					$def .= "OPENSSL_EXTERN int $2_it;";
+					$def .=
+					    "#INFO:"
+						.join(',',@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					# Variant for platforms that have to
+					# access global variables in shared
+					# libraries through functions
+					&$make_variant("$2_it","$2_it",
+						      "EXPORT_VAR_AS_FUNCTION",
+						      "FUNCTION");
+					next;
+				} elsif (/^\s*DECLARE_ASN1_ITEM\s*\(\s*(\w*)\s*\)/) {
+					# Variant for platforms that do not
+					# have to access global variables
+					# in shared libraries through functions
+					$def .=
+					    "#INFO:"
+						.join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					$def .= "OPENSSL_EXTERN int $1_it;";
+					$def .=
+					    "#INFO:"
+						.join(',',@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					# Variant for platforms that have to
+					# access global variables in shared
+					# libraries through functions
+					&$make_variant("$1_it","$1_it",
+						      "EXPORT_VAR_AS_FUNCTION",
+						      "FUNCTION");
+					next;
+				} elsif (/^\s*DECLARE_ASN1_NDEF_FUNCTION\s*\(\s*(\w*)\s*\)/) {
+					$def .= "int i2d_$1_NDEF(void);";
+				} elsif (/^\s*DECLARE_ASN1_SET_OF\s*\(\s*(\w*)\s*\)/) {
+					next;
+				} elsif (/^\s*DECLARE_ASN1_PRINT_FUNCTION\s*\(\s*(\w*)\s*\)/) {
+					$def .= "int $1_print_ctx(void);";
+					next;
+				} elsif (/^\s*DECLARE_ASN1_PRINT_FUNCTION_name\s*\(\s*(\w*)\s*,\s*(\w*)\s*\)/) {
+					$def .= "int $2_print_ctx(void);";
+					next;
+				} elsif (/^\s*DECLARE_PKCS12_STACK_OF\s*\(\s*(\w*)\s*\)/) {
+					next;
+				} elsif (/^DECLARE_PEM_rw\s*\(\s*(\w*)\s*,/ ||
+					 /^DECLARE_PEM_rw_cb\s*\(\s*(\w*)\s*,/ ||
+					 /^DECLARE_PEM_rw_const\s*\(\s*(\w*)\s*,/ ) {
+					$def .=
+					    "#INFO:"
+						.join(',',@current_platforms).":"
+						    .join(',',"STDIO",@current_algorithms).";";
+					$def .= "int PEM_read_$1(void);";
+					$def .= "int PEM_write_$1(void);";
+					$def .=
+					    "#INFO:"
+						.join(',',@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					# Things that are everywhere
+					$def .= "int PEM_read_bio_$1(void);";
+					$def .= "int PEM_write_bio_$1(void);";
+					next;
+				} elsif (/^DECLARE_PEM_write\s*\(\s*(\w*)\s*,/ ||
+					/^DECLARE_PEM_write_const\s*\(\s*(\w*)\s*,/ ||
+					 /^DECLARE_PEM_write_cb\s*\(\s*(\w*)\s*,/ ) {
+					$def .=
+					    "#INFO:"
+						.join(',',@current_platforms).":"
+						    .join(',',"STDIO",@current_algorithms).";";
+					$def .= "int PEM_write_$1(void);";
+					$def .=
+					    "#INFO:"
+						.join(',',@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					# Things that are everywhere
+					$def .= "int PEM_write_bio_$1(void);";
+					next;
+				} elsif (/^DECLARE_PEM_read\s*\(\s*(\w*)\s*,/ ||
+					 /^DECLARE_PEM_read_cb\s*\(\s*(\w*)\s*,/ ) {
+					$def .=
+					    "#INFO:"
+						.join(',',@current_platforms).":"
+						    .join(',',"STDIO",@current_algorithms).";";
+					$def .= "int PEM_read_$1(void);";
+					$def .=
+					    "#INFO:"
+						.join(',',@current_platforms).":"
+						    .join(',',"STDIO",@current_algorithms).";";
+					# Things that are everywhere
+					$def .= "int PEM_read_bio_$1(void);";
+					next;
+				} elsif (/^OPENSSL_DECLARE_GLOBAL\s*\(\s*(\w*)\s*,\s*(\w*)\s*\)/) {
+					# Variant for platforms that do not
+					# have to access global variables
+					# in shared libraries through functions
+					$def .=
+					    "#INFO:"
+						.join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					$def .= "OPENSSL_EXTERN int _shadow_$2;";
+					$def .=
+					    "#INFO:"
+						.join(',',@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					# Variant for platforms that have to
+					# access global variables in shared
+					# libraries through functions
+					&$make_variant("_shadow_$2","_shadow_$2",
+						      "EXPORT_VAR_AS_FUNCTION",
+						      "FUNCTION");
+				} elsif (/^\s*DEPRECATEDIN/) {
+					$parens = count_parens($_);
+					if ($parens == 0) {
+						$def .= do_deprecated($_,
+							\@current_platforms,
+							\@current_algorithms);
+					} else {
+						$stored_multiline = $_;
+						print STDERR "DEBUG: Found multiline DEPRECATEDIN starting with: $stored_multiline\n" if $debug;
+						next;
+					}
+				} elsif ($tag{'CONST_STRICT'} != 1) {
+					if (/\{|\/\*|\([^\)]*$/) {
+						$line = $_;
+					} else {
+						$def .= $_;
+					}
+				}
+			}
+		}
+		close(IN);
+		die "$file: Unmatched tags\n" if $#tag >= 0;
+
+		my $algs;
+		my $plays;
+
+		print STDERR "DEBUG: postprocessing ----------\n" if $debug;
+		foreach (split /;/, $def) {
+			my $s; my $k = "FUNCTION"; my $p; my $a;
+			s/^[\n\s]*//g;
+			s/[\n\s]*$//g;
+			next if(/\#undef/);
+			next if(/typedef\W/);
+			next if(/\#define/);
+
+			print STDERR "TRACE: processing $_\n" if $trace && !/^\#INFO:/;
+			# Reduce argument lists to empty ()
+			# fold round brackets recursively: (t(*v)(t),t) -> (t{}{},t) -> {}
+			my $nsubst = 1; # prevent infinite loop, e.g., on  int fn()
+			while($nsubst && /\(.*\)/s) {
+				$nsubst = s/\([^\(\)]+\)/\{\}/gs;
+				$nsubst+= s/\(\s*\*\s*(\w+)\s*\{\}\s*\)/$1/gs;	#(*f{}) -> f
+			}
+			# pretend as we didn't use curly braces: {} -> ()
+			s/\{\}/\(\)/gs;
+
+			s/STACK_OF\(\)/void/gs;
+			s/LHASH_OF\(\)/void/gs;
+
+			print STDERR "DEBUG: \$_ = \"$_\"\n" if $debug;
+			if (/^\#INFO:([^:]*):(.*)$/) {
+				$plats = $1;
+				$algs = $2;
+				print STDERR "DEBUG: found info on platforms ($plats) and algorithms ($algs)\n" if $debug;
+				next;
+			} elsif (/^\s*OPENSSL_EXTERN\s.*?(\w+(\{[0-9]+\})?)(\[[0-9]*\])*\s*$/) {
+				$s = $1;
+				$k = "VARIABLE";
+				print STDERR "DEBUG: found external variable $s\n" if $debug;
+			} elsif (/TYPEDEF_\w+_OF/s) {
+				next;
+			} elsif (/(\w+)\s*\(\).*/s) {	# first token prior [first] () is
+				$s = $1;		# a function name!
+				print STDERR "DEBUG: found function $s\n" if $debug;
+			} elsif (/\(/ and not (/=/)) {
+				print STDERR "File $file: cannot parse: $_;\n";
+				next;
+			} else {
+				next;
+			}
+
+			$syms{$s} = 1;
+			$kind{$s} = $k;
+
+			$p = $plats;
+			$a = $algs;
+
+			$platform{$s} =
+			    &reduce_platforms((defined($platform{$s})?$platform{$s}.',':"").$p);
+			$algorithm{$s} .= ','.$a;
+
+			if (defined($variant{$s})) {
+				foreach $v (split /;/,$variant{$s}) {
+					(my $r, my $p, my $k) = split(/:/,$v);
+					my $ip = join ',',map({ /^!(.*)$/ ? $1 : "!".$_ } split /,/, $p);
+					$syms{$r} = 1;
+					if (!defined($k)) { $k = $kind{$s}; }
+					$kind{$r} = $k."(".$s.")";
+					$algorithm{$r} = $algorithm{$s};
+					$platform{$r} = &reduce_platforms($platform{$s}.",".$p.",".$p);
+					$platform{$s} = &reduce_platforms($platform{$s}.','.$ip.','.$ip);
+					print STDERR "DEBUG: \$variant{\"$s\"} = ",$v,"; \$r = $r; \$p = ",$platform{$r},"; \$a = ",$algorithm{$r},"; \$kind = ",$kind{$r},"\n" if $debug;
+				}
+			}
+			print STDERR "DEBUG: \$s = $s; \$p = ",$platform{$s},"; \$a = ",$algorithm{$s},"; \$kind = ",$kind{$s},"\n" if $debug;
+		}
+	}
+
+	# Info we know about
+
+	push @ret, map { $_."\\".&info_string($_,"EXIST",
+					      $platform{$_},
+					      $kind{$_},
+					      $algorithm{$_}) } keys %syms;
+
+	if (keys %unknown_algorithms) {
+		print STDERR "WARNING: mkdef.pl doesn't know the following algorithms:\n";
+		print STDERR "\t",join("\n\t",keys %unknown_algorithms),"\n";
+	}
+	return(@ret);
+}
+
+# Param: string of comma-separated platform-specs.
+sub reduce_platforms
+{
+	my ($platforms) = @_;
+	my $pl = defined($platforms) ? $platforms : "";
+	my %p = map { $_ => 0 } split /,/, $pl;
+	my $ret;
+
+	print STDERR "DEBUG: Entered reduce_platforms with \"$platforms\"\n"
+	    if $debug;
+	# We do this, because if there's code like the following, it really
+	# means the function exists in all cases and should therefore be
+	# everywhere.  By increasing and decreasing, we may attain 0:
+	#
+	# ifndef WIN16
+	#    int foo();
+	# else
+	#    int _fat foo();
+	# endif
+	foreach $platform (split /,/, $pl) {
+		if ($platform =~ /^!(.*)$/) {
+			$p{$1}--;
+		} else {
+			$p{$platform}++;
+		}
+	}
+	foreach $platform (keys %p) {
+		if ($p{$platform} == 0) { delete $p{$platform}; }
+	}
+
+	delete $p{""};
+
+	$ret = join(',',sort(map { $p{$_} < 0 ? "!".$_ : $_ } keys %p));
+	print STDERR "DEBUG: Exiting reduce_platforms with \"$ret\"\n"
+	    if $debug;
+	return $ret;
+}
+
+sub info_string
+{
+	(my $symbol, my $exist, my $platforms, my $kind, my $algorithms) = @_;
+
+	my %a = defined($algorithms) ?
+	    map { $_ => 1 } split /,/, $algorithms : ();
+	my $k = defined($kind) ? $kind : "FUNCTION";
+	my $ret;
+	my $p = &reduce_platforms($platforms);
+
+	delete $a{""};
+
+	$ret = $exist;
+	$ret .= ":".$p;
+	$ret .= ":".$k;
+	$ret .= ":".join(',',sort keys %a);
+	return $ret;
+}
+
+sub maybe_add_info
+{
+	(my $name, *nums, my @symbols) = @_;
+	my $sym;
+	my $new_info = 0;
+	my %syms=();
+
+	foreach $sym (@symbols) {
+		(my $s, my $i) = split /\\/, $sym;
+		if (defined($nums{$s})) {
+			$i =~ s/^(.*?:.*?:\w+)(\(\w+\))?/$1/;
+			(my $n, my $vers, my $dummy) = split /\\/, $nums{$s};
+			if (!defined($dummy) || $i ne $dummy) {
+				$nums{$s} = $n."\\".$vers."\\".$i;
+				$new_info++;
+				print STDERR "DEBUG: maybe_add_info for $s: \"$dummy\" => \"$i\"\n" if $debug;
+			}
+		}
+		$syms{$s} = 1;
+	}
+
+	my @s=sort { &parse_number($nums{$a},"n") <=> &parse_number($nums{$b},"n") } keys %nums;
+	foreach $sym (@s) {
+		(my $n, my $vers, my $i) = split /\\/, $nums{$sym};
+		if (!defined($syms{$sym}) && $i !~ /^NOEXIST:/) {
+			$new_info++;
+			print STDERR "DEBUG: maybe_add_info for $sym: -> undefined\n" if $debug;
+		}
+	}
+	if ($new_info) {
+		print STDERR "$name: $new_info old symbols have updated info\n";
+		if (!$do_rewrite) {
+			print STDERR "You should do a rewrite to fix this.\n";
+		}
+	} else {
+	}
+}
+
+# Param: string of comma-separated keywords, each possibly prefixed with a "!"
+sub is_valid
+{
+	my ($keywords_txt,$platforms) = @_;
+	my (@keywords) = split /,/,$keywords_txt;
+	my ($falsesum, $truesum) = (0, 1);
+
+	# Param: one keyword
+	sub recognise
+	{
+		my ($keyword,$platforms) = @_;
+
+		if ($platforms) {
+			# platforms
+			if ($keyword eq "UNIX" && $UNIX) { return 1; }
+			if ($keyword eq "VMS" && $VMS) { return 1; }
+			if ($keyword eq "WIN32" && $W32) { return 1; }
+			if ($keyword eq "_WIN32" && $W32) { return 1; }
+			if ($keyword eq "WINNT" && $NT) { return 1; }
+			# Special platforms:
+			# EXPORT_VAR_AS_FUNCTION means that global variables
+			# will be represented as functions.
+			if ($keyword eq "EXPORT_VAR_AS_FUNCTION" && $W32) {
+				return 1;
+			}
+			if ($keyword eq "ZLIB" && $zlib) { return 1; }
+			return 0;
+		} else {
+			# algorithms
+			if ($disabled_algorithms{$keyword}) { return 0;}
+
+			# Nothing recognise as true
+			return 1;
+		}
+	}
+
+	foreach $k (@keywords) {
+		if ($k =~ /^!(.*)$/) {
+			$falsesum += &recognise($1,$platforms);
+		} else {
+			$truesum *= &recognise($k,$platforms);
+		}
+	}
+	print STDERR "DEBUG: [",$#keywords,",",$#keywords < 0,"] is_valid($keywords_txt) => (\!$falsesum) && $truesum = ",(!$falsesum) && $truesum,"\n" if $debug;
+	return (!$falsesum) && $truesum;
+}
+
+sub print_test_file
+{
+	(*OUT,my $name,*nums,my $testall,my @symbols)=@_;
+	my $n = 1; my @e; my @r;
+	my $sym; my $prev = ""; my $prefSSLeay;
+
+	(@e)=grep(/^SSLeay(\{[0-9]+\})?\\.*?:.*?:.*/,@symbols);
+	(@r)=grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:.*/ && !/^SSLeay(\{[0-9]+\})?\\.*?:.*?:.*/,@symbols);
+	@symbols=((sort @e),(sort @r));
+
+	foreach $sym (@symbols) {
+		(my $s, my $i) = $sym =~ /^(.*?)\\(.*)$/;
+		my $v = 0;
+		$v = 1 if $i=~ /^.*?:.*?:VARIABLE/;
+		my $p = ($i =~ /^[^:]*:([^:]*):/,$1);
+		my $a = ($i =~ /^[^:]*:[^:]*:[^:]*:([^:]*)/,$1);
+		if (!defined($nums{$s})) {
+			print STDERR "Warning: $s does not have a number assigned\n"
+			    if(!$do_update);
+		} elsif (is_valid($p,1) && is_valid($a,0)) {
+			my $s2 = ($s =~ /^(.*?)(\{[0-9]+\})?$/, $1);
+			if ($prev eq $s2) {
+				print OUT "\t/* The following has already appeared previously */\n";
+				print STDERR "Warning: Symbol '",$s2,"' redefined. old=",($nums{$prev} =~ /^(.*?)\\/,$1),", new=",($nums{$s2} =~ /^(.*?)\\/,$1),"\n";
+			}
+			$prev = $s2;	# To warn about duplicates...
+
+			(my $nn, my $vers, my $ni) = split /\\/, $nums{$s2};
+			if ($v) {
+				print OUT "\textern int $s2; /* type unknown */ /* $nn $ni */\n";
+			} else {
+				print OUT "\textern int $s2(); /* type unknown */ /* $nn $ni */\n";
+			}
+		}
+	}
+}
+
+sub get_version
+{
+   return $config{version};
+}
+
+sub print_def_file
+{
+	(*OUT,my $name,*nums,my @symbols)=@_;
+	my $n = 1; my @e; my @r; my @v; my $prev="";
+	my $liboptions="";
+	my $libname = $name;
+	my $http_vendor = 'www.openssl.org/';
+	my $version = get_version();
+	my $what = "OpenSSL: implementation of Secure Socket Layer";
+	my $description = "$what $version, $name - http://$http_vendor";
+	my $prevsymversion = "", $prevprevsymversion = "";
+        # For VMS
+        my $prevnum = 0;
+        my $symvtextcount = 0;
+
+        if ($W32)
+                {
+                print OUT <<"EOF";
+;
+; Definition file for the DLL version of the $name library from OpenSSL
+;
+
+LIBRARY         $libname	$liboptions
+
+EOF
+
+		print "EXPORTS\n";
+                }
+        elsif ($VMS)
+                {
+                print OUT <<"EOF";
+IDENTIFICATION=$version
+CASE_SENSITIVE=YES
+SYMBOL_VECTOR=(-
+EOF
+                $symvtextcount = 16; # length of "SYMBOL_VECTOR=(-"
+                }
+
+	(@r)=grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:FUNCTION/,@symbols);
+	(@v)=grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:VARIABLE/,@symbols);
+        if ($VMS) {
+            # VMS needs to have the symbols on slot number order
+            @symbols=(map { $_->[1] }
+                      sort { $a->[0] <=> $b->[0] }
+                      map { (my $s, my $i) = $_ =~ /^(.*?)\\(.*)$/;
+                            die "Error: $s doesn't have a number assigned\n"
+                                if !defined($nums{$s});
+                            (my $n, my @rest) = split /\\/, $nums{$s};
+                            [ $n, $_ ] } (@e, @r, @v));
+        } else {
+            @symbols=((sort @e),(sort @r), (sort @v));
+        }
+
+	my ($baseversion, $currversion) = get_openssl_version();
+	my $thisversion;
+	do {
+		if (!defined($thisversion)) {
+			$thisversion = $baseversion;
+		} else {
+			$thisversion = get_next_version($thisversion);
+		}
+		foreach $sym (@symbols) {
+			(my $s, my $i) = $sym =~ /^(.*?)\\(.*)$/;
+			my $v = 0;
+			$v = 1 if $i =~ /^.*?:.*?:VARIABLE/;
+			if (!defined($nums{$s})) {
+				die "Error: $s does not have a number assigned\n"
+					if(!$do_update);
+			} else {
+				(my $n, my $symversion, my $dummy) = split /\\/, $nums{$s};
+				my %pf = ();
+				my $p = ($i =~ /^[^:]*:([^:]*):/,$1);
+				my $a = ($i =~ /^[^:]*:[^:]*:[^:]*:([^:]*)/,$1);
+				if (is_valid($p,1) && is_valid($a,0)) {
+					my $s2 = ($s =~ /^(.*?)(\{[0-9]+\})?$/, $1);
+					if ($prev eq $s2) {
+						print STDERR "Warning: Symbol '",$s2,
+							"' redefined. old=",($nums{$prev} =~ /^(.*?)\\/,$1),
+							", new=",($nums{$s2} =~ /^(.*?)\\/,$1),"\n";
+					}
+					$prev = $s2;	# To warn about duplicates...
+					if($linux) {
+						next if $symversion ne $thisversion;
+						if ($symversion ne $prevsymversion) {
+							if ($prevsymversion ne "") {
+								if ($prevprevsymversion ne "") {
+									print OUT "} OPENSSL${SO_VARIANT}_"
+												."$prevprevsymversion;\n\n";
+								} else {
+									print OUT "};\n\n";
+								}
+							}
+							print OUT "OPENSSL${SO_VARIANT}_$symversion {\n    global:\n";
+							$prevprevsymversion = $prevsymversion;
+							$prevsymversion = $symversion;
+						}
+						print OUT "        $s2;\n";
+					} elsif ($aix) {
+						print OUT "$s2\n";
+                                        } elsif ($VMS) {
+                                            while(++$prevnum < $n) {
+                                                my $symline=" ,SPARE -\n  ,SPARE -\n";
+                                                if ($symvtextcount + length($symline) - 2 > 1024) {
+                                                    print OUT ")\nSYMBOL_VECTOR=(-\n";
+                                                    $symvtextcount = 16; # length of "SYMBOL_VECTOR=(-"
+                                                }
+                                                if ($symvtextcount == 16) {
+                                                    # Take away first comma
+                                                    $symline =~ s/,//;
+                                                }
+                                                print OUT $symline;
+                                                $symvtextcount += length($symline) - 2;
+                                            }
+                                            (my $s_uc = $s) =~ tr/a-z/A-Z/;
+                                            my $symtype=
+                                                $v ? "DATA" : "PROCEDURE";
+                                            my $symline=
+                                                ($s_uc ne $s
+                                                 ? " ,$s_uc/$s=$symtype -\n  ,$s=$symtype -\n"
+                                                 : " ,$s=$symtype -\n  ,SPARE -\n");
+                                            if ($symvtextcount + length($symline) - 2 > 1024) {
+                                                print OUT ")\nSYMBOL_VECTOR=(-\n";
+                                                $symvtextcount = 16; # length of "SYMBOL_VECTOR=(-"
+                                            }
+                                            if ($symvtextcount == 16) {
+                                                # Take away first comma
+                                                $symline =~ s/,//;
+                                            }
+                                            print OUT $symline;
+                                            $symvtextcount += length($symline) - 2;
+					} elsif($v) {
+						printf OUT "    %s%-39s DATA\n",
+								($W32)?"":"_",$s2;
+					} else {
+						printf OUT "    %s%s\n",
+								($W32)?"":"_",$s2;
+					}
+				}
+			}
+		}
+	} while ($linux && $thisversion ne $currversion);
+	if ($linux) {
+		if ($prevprevsymversion ne "") {
+			print OUT "    local: *;\n} OPENSSL${SO_VARIANT}_$prevprevsymversion;\n\n";
+		} else {
+			print OUT "    local: *;\n};\n\n";
+		}
+	} elsif ($VMS) {
+            print OUT ")\n";
+            (my $libvmaj, my $libvmin, my $libvedit) =
+                $currversion =~ /^(\d+)_(\d+)_(\d+)[a-z]{0,2}$/;
+            # The reason to multiply the edit number with 100 is to make space
+            # for the possibility that we want to encode the patch letters
+            print OUT "GSMATCH=LEQUAL,",($libvmaj * 100 + $libvmin),",",($libvedit * 100),"\n";
+        }
+	printf OUT "\n";
+}
+
+sub load_numbers
+{
+	my($name)=@_;
+	my(@a,%ret);
+	my $prevversion;
+
+	$max_num = 0;
+	$num_noinfo = 0;
+	$prev = "";
+	$prev_cnt = 0;
+
+	my ($baseversion, $currversion) = get_openssl_version();
+
+	open(IN,"<$name") || die "unable to open $name:$!\n";
+	while (<IN>) {
+		s|\R$||;        # Better chomp
+		s/#.*$//;
+		next if /^\s*$/;
+		@a=split;
+		if (defined $ret{$a[0]}) {
+			# This is actually perfectly OK
+			#print STDERR "Warning: Symbol '",$a[0],"' redefined. old=",$ret{$a[0]},", new=",$a[1],"\n";
+		}
+		if ($max_num > $a[1]) {
+			print STDERR "Warning: Number decreased from ",$max_num," to ",$a[1],"\n";
+		}
+		elsif ($max_num == $a[1]) {
+			# This is actually perfectly OK
+			#print STDERR "Warning: Symbol ",$a[0]," has same number as previous ",$prev,": ",$a[1],"\n";
+			if ($a[0] eq $prev) {
+				$prev_cnt++;
+				$a[0] .= "{$prev_cnt}";
+			}
+		}
+		else {
+			$prev_cnt = 0;
+		}
+		if ($#a < 2) {
+			# Existence will be proven later, in do_defs
+			$ret{$a[0]}=$a[1];
+			$num_noinfo++;
+		} else {
+			#Sanity check the version number
+			if (defined $prevversion) {
+				check_version_lte($prevversion, $a[2]);
+			}
+			check_version_lte($a[2], $currversion);
+			$prevversion = $a[2];
+			$ret{$a[0]}=$a[1]."\\".$a[2]."\\".$a[3]; # \\ is a special marker
+		}
+		$max_num = $a[1] if $a[1] > $max_num;
+		$prev=$a[0];
+	}
+	if ($num_noinfo) {
+		print STDERR "Warning: $num_noinfo symbols were without info." if $verbose || !$do_rewrite;
+		if ($do_rewrite) {
+			printf STDERR "  The rewrite will fix this.\n" if $verbose;
+		} else {
+			printf STDERR "  You should do a rewrite to fix this.\n";
+		}
+	}
+	close(IN);
+	return(%ret);
+}
+
+sub parse_number
+{
+	(my $str, my $what) = @_;
+	(my $n, my $v, my $i) = split(/\\/,$str);
+	if ($what eq "n") {
+		return $n;
+	} else {
+		return $i;
+	}
+}
+
+sub rewrite_numbers
+{
+	(*OUT,$name,*nums,@symbols)=@_;
+	my $thing;
+
+	my @r = grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:\w+\(\w+\)/,@symbols);
+	my $r; my %r; my %rsyms;
+	foreach $r (@r) {
+		(my $s, my $i) = split /\\/, $r;
+		my $a = $1 if $i =~ /^.*?:.*?:\w+\((\w+)\)/;
+		$i =~ s/^(.*?:.*?:\w+)\(\w+\)/$1/;
+		$r{$a} = $s."\\".$i;
+		$rsyms{$s} = 1;
+	}
+
+	my %syms = ();
+	foreach $_ (@symbols) {
+		(my $n, my $i) = split /\\/;
+		$syms{$n} = 1;
+	}
+
+	my @s=sort {
+	    &parse_number($nums{$a},"n") <=> &parse_number($nums{$b},"n")
+	    || $a cmp $b
+	} keys %nums;
+	foreach $sym (@s) {
+		(my $n, my $vers, my $i) = split /\\/, $nums{$sym};
+		next if defined($i) && $i =~ /^.*?:.*?:\w+\(\w+\)/;
+		next if defined($rsyms{$sym});
+		print STDERR "DEBUG: rewrite_numbers for sym = ",$sym,": i = ",$i,", n = ",$n,", rsym{sym} = ",$rsyms{$sym},"syms{sym} = ",$syms{$sym},"\n" if $debug;
+		$i="NOEXIST::FUNCTION:"
+			if !defined($i) || $i eq "" || !defined($syms{$sym});
+		my $s2 = $sym;
+		$s2 =~ s/\{[0-9]+\}$//;
+		printf OUT "%s%-39s %d\t%s\t%s\n","",$s2,$n,$vers,$i;
+		if (exists $r{$sym}) {
+			(my $s, $i) = split /\\/,$r{$sym};
+			my $s2 = $s;
+			$s2 =~ s/\{[0-9]+\}$//;
+			printf OUT "%s%-39s %d\t%s\t%s\n","",$s2,$n,$vers,$i;
+		}
+	}
+}
+
+sub update_numbers
+{
+	(*OUT,$name,*nums,my $start_num, my @symbols)=@_;
+	my $new_syms = 0;
+	my $basevers;
+	my $vers;
+
+	($basevers, $vers) = get_openssl_version();
+
+	my @r = grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:\w+\(\w+\)/,@symbols);
+	my $r; my %r; my %rsyms;
+	foreach $r (@r) {
+		(my $s, my $i) = split /\\/, $r;
+		my $a = $1 if $i =~ /^.*?:.*?:\w+\((\w+)\)/;
+		$i =~ s/^(.*?:.*?:\w+)\(\w+\)/$1/;
+		$r{$a} = $s."\\".$i;
+		$rsyms{$s} = 1;
+	}
+
+	foreach $sym (@symbols) {
+		(my $s, my $i) = $sym =~ /^(.*?)\\(.*)$/;
+		next if $i =~ /^.*?:.*?:\w+\(\w+\)/;
+		next if defined($rsyms{$sym});
+		die "ERROR: Symbol $sym had no info attached to it."
+		    if $i eq "";
+		if (!exists $nums{$s}) {
+			$new_syms++;
+			my $s2 = $s;
+			$s2 =~ s/\{[0-9]+\}$//;
+			printf OUT "%s%-39s %d\t%s\t%s\n","",$s2, ++$start_num,$vers,$i;
+			if (exists $r{$s}) {
+				($s, $i) = split /\\/,$r{$s};
+				$s =~ s/\{[0-9]+\}$//;
+				printf OUT "%s%-39s %d\t%s\t%s\n","",$s, $start_num,$vers,$i;
+			}
+		}
+	}
+	if($new_syms) {
+		print STDERR "$name: Added $new_syms new symbols\n";
+	} else {
+		print STDERR "$name: No new symbols added\n";
+	}
+}
+
+sub check_existing
+{
+	(*nums, my @symbols)=@_;
+	my %existing; my @remaining;
+	@remaining=();
+	foreach $sym (@symbols) {
+		(my $s, my $i) = $sym =~ /^(.*?)\\(.*)$/;
+		$existing{$s}=1;
+	}
+	foreach $sym (keys %nums) {
+		if (!exists $existing{$sym}) {
+			push @remaining, $sym;
+		}
+	}
+	if(@remaining) {
+		print STDERR "The following symbols do not seem to exist:\n";
+		foreach $sym (@remaining) {
+			print STDERR "\t",$sym,"\n";
+		}
+	}
+}
+
+sub count_parens
+{
+	my $line = shift(@_);
+
+	my $open = $line =~ tr/\(//;
+	my $close = $line =~ tr/\)//;
+
+	return $open - $close;
+}
+
+#Parse opensslv.h to get the current version number. Also work out the base
+#version, i.e. the lowest version number that is binary compatible with this
+#version
+sub get_openssl_version()
+{
+	my $fn = catfile($config{sourcedir},"include","openssl","opensslv.h");
+	open (IN, "$fn") || die "Can't open opensslv.h";
+
+	while(<IN>) {
+		if (/OPENSSL_VERSION_TEXT\s+"OpenSSL (\d\.\d\.)(\d[a-z]*)(-| )/) {
+			my $suffix = $2;
+			(my $baseversion = $1) =~ s/\./_/g;
+			close IN;
+			return ($baseversion."0", $baseversion.$suffix);
+		}
+	}
+	die "Can't find OpenSSL version number\n";
+}
+
+#Given an OpenSSL version number, calculate the next version number. If the
+#version number gets to a.b.czz then we go to a.b.(c+1)
+sub get_next_version()
+{
+	my $thisversion = shift;
+
+	my ($base, $letter) = $thisversion =~ /^(\d_\d_\d)([a-z]{0,2})$/;
+
+	if ($letter eq "zz") {
+		my $lastnum = substr($base, -1);
+		return substr($base, 0, length($base)-1).(++$lastnum);
+	}
+	return $base.get_next_letter($letter);
+}
+
+#Given the letters off the end of an OpenSSL version string, calculate what
+#the letters for the next release would be.
+sub get_next_letter()
+{
+	my $thisletter = shift;
+	my $baseletter = "";
+	my $endletter;
+
+	if ($thisletter eq "") {
+		return "a";
+	}
+	if ((length $thisletter) > 1) {
+		($baseletter, $endletter) = $thisletter =~ /([a-z]+)([a-z])/;
+	} else {
+		$endletter = $thisletter;
+	}
+
+	if ($endletter eq "z") {
+		return $thisletter."a";
+	} else {
+		return $baseletter.(++$endletter);
+	}
+}
+
+#Check if a version is less than or equal to the current version. Its a fatal
+#error if not. They must also only differ in letters, or the last number (i.e.
+#the first two numbers must be the same)
+sub check_version_lte()
+{
+	my ($testversion, $currversion) = @_;
+	my $lentv;
+	my $lencv;
+	my $cvbase;
+
+	my ($cvnums) = $currversion =~ /^(\d_\d_\d)[a-z]*$/;
+	my ($tvnums) = $testversion =~ /^(\d_\d_\d)[a-z]*$/;
+
+	#Die if we can't parse the version numbers or they don't look sane
+	die "Invalid version number: $testversion and $currversion\n"
+		if (!defined($cvnums) || !defined($tvnums)
+			|| length($cvnums) != 5
+			|| length($tvnums) != 5);
+
+	#If the base versions (without letters) don't match check they only differ
+	#in the last number
+	if ($cvnums ne $tvnums) {
+		die "Invalid version number: $testversion "
+			."for current version $currversion\n"
+			if (substr($cvnums, 0, 4) ne substr($tvnums, 0, 4));
+		return;
+	}
+	#If we get here then the base version (i.e. the numbers) are the same - they
+	#only differ in the letters
+
+	$lentv = length $testversion;
+	$lencv = length $currversion;
+
+	#If the testversion has more letters than the current version then it must
+	#be later (or malformed)
+	if ($lentv > $lencv) {
+		die "Invalid version number: $testversion "
+			."is greater than $currversion\n";
+	}
+
+	#Get the last letter from the current version
+	my ($cvletter) = $currversion =~ /([a-z])$/;
+	if (defined $cvletter) {
+		($cvbase) = $currversion =~ /(\d_\d_\d[a-z]*)$cvletter$/;
+	} else {
+		$cvbase = $currversion;
+	}
+	die "Unable to parse version number $currversion" if (!defined $cvbase);
+	my $tvbase;
+	my ($tvletter) = $testversion =~ /([a-z])$/;
+	if (defined $tvletter) {
+		($tvbase) = $testversion =~ /(\d_\d_\d[a-z]*)$tvletter$/;
+	} else {
+		$tvbase = $testversion;
+	}
+	die "Unable to parse version number $testversion" if (!defined $tvbase);
+
+	if ($lencv > $lentv) {
+		#If current version has more letters than testversion then testversion
+		#minus the final letter must be a substring of the current version
+		die "Invalid version number $testversion "
+			."is greater than $currversion or is invalid\n"
+			if (index($cvbase, $tvbase) != 0);
+	} else {
+		#If both versions have the same number of letters then they must be
+		#equal up to the last letter, and the last letter in testversion must
+		#be less than or equal to the last letter in current version.
+		die "Invalid version number $testversion "
+			."is greater than $currversion\n"
+			if (($cvbase ne $tvbase) && ($tvletter gt $cvletter));
+	}
+}
+
+sub do_deprecated()
+{
+	my ($decl, $plats, $algs) = @_;
+	$decl =~ /^\s*(DEPRECATEDIN_\d+_\d+_\d+)\s*\((.*)\)\s*$/
+            or die "Bad DEPRECATEDIN: $decl\n";
+	my $info1 .= "#INFO:";
+	$info1 .= join(',', @{$plats}) . ":";
+	my $info2 = $info1;
+	$info1 .= join(',',@{$algs}, $1) . ";";
+	$info2 .= join(',',@{$algs}) . ";";
+	return $info1 . $2 . ";" . $info2;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/util/mkdir-p.pl b/trunk/3rdparty/openssl-1.1-fit/util/mkdir-p.pl
new file mode 100755
index 000000000..328060243
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/util/mkdir-p.pl
@@ -0,0 +1,44 @@
+#! /usr/bin/env perl
+# Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# On some systems, the -p option to mkdir (= also create any missing parent
+# directories) is not available.
+
+my $arg;
+
+foreach $arg (@ARGV) {
+  $arg =~ tr|\\|/|;
+  &do_mkdir_p($arg);
+}
+
+
+sub do_mkdir_p {
+  local($dir) = @_;
+
+  $dir =~ s|/*\Z(?!\n)||s;
+
+  if (-d $dir) {
+    return;
+  }
+
+  if ($dir =~ m|[^/]/|s) {
+    local($parent) = $dir;
+    $parent =~ s|[^/]*\Z(?!\n)||s;
+
+    do_mkdir_p($parent);
+  }
+
+  unless (mkdir($dir, 0777)) {
+    if (-d $dir) {
+      # We raced against another instance doing the same thing.
+      return;
+    }
+    die "Cannot create directory $dir: $!\n";
+  }
+  print "created directory `$dir'\n";
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/util/mkerr.pl b/trunk/3rdparty/openssl-1.1-fit/util/mkerr.pl
new file mode 100755
index 000000000..0ea02961a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/util/mkerr.pl
@@ -0,0 +1,753 @@
+#! /usr/bin/env perl
+# Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+use warnings;
+
+use lib ".";
+use configdata;
+
+my $config       = "crypto/err/openssl.ec";
+my $debug        = 0;
+my $internal     = 0;
+my $nowrite      = 0;
+my $rebuild      = 0;
+my $reindex      = 0;
+my $static       = 0;
+my $unref        = 0;
+my %modules         = ();
+
+my $errors       = 0;
+my @t            = localtime();
+my $YEAR         = $t[5] + 1900;
+
+sub phase
+{
+    my $text = uc(shift);
+    print STDERR "\n---\n$text\n" if $debug;
+}
+
+sub help
+{
+    print STDERR <<"EOF";
+mkerr.pl [options] [files...]
+
+Options:
+
+    -conf FILE  Use the named config file FILE instead of the default.
+
+    -debug      Verbose output debugging on stderr.
+
+    -internal   Generate code that is to be built as part of OpenSSL itself.
+                Also scans internal list of files.
+
+    -module M   Only useful with -internal!
+                Only write files for library module M.  Whether files are
+                actually written or not depends on other options, such as
+                -rebuild.
+                Note: this option is cumulative.  If not given at all, all
+                internal modules will be considered.
+
+    -nowrite    Do not write the header/source files, even if changed.
+
+    -rebuild    Rebuild all header and C source files, even if there
+                were no changes.
+
+    -reindex    Ignore previously assigned values (except for R records in
+                the config file) and renumber everything starting at 100.
+
+    -static     Make the load/unload functions static.
+
+    -unref      List all unreferenced function and reason codes on stderr;
+                implies -nowrite.
+
+    -help       Show this help text.
+
+    ...         Additional arguments are added to the file list to scan,
+                if '-internal' was NOT specified on the command line.
+
+EOF
+}
+
+while ( @ARGV ) {
+    my $arg = $ARGV[0];
+    last unless $arg =~ /-.*/;
+    $arg = $1 if $arg =~ /-(-.*)/;
+    if ( $arg eq "-conf" ) {
+        $config = $ARGV[1];
+        shift @ARGV;
+    } elsif ( $arg eq "-debug" ) {
+        $debug = 1;
+        $unref = 1;
+    } elsif ( $arg eq "-internal" ) {
+        $internal = 1;
+    } elsif ( $arg eq "-nowrite" ) {
+        $nowrite = 1;
+    } elsif ( $arg eq "-rebuild" ) {
+        $rebuild = 1;
+    } elsif ( $arg eq "-reindex" ) {
+        $reindex = 1;
+    } elsif ( $arg eq "-static" ) {
+        $static = 1;
+    } elsif ( $arg eq "-unref" ) {
+        $unref = 1;
+        $nowrite = 1;
+    } elsif ( $arg eq "-module" ) {
+        shift @ARGV;
+        $modules{uc $ARGV[0]} = 1;
+    } elsif ( $arg =~ /-*h(elp)?/ ) {
+        &help();
+        exit;
+    } elsif ( $arg =~ /-.*/ ) {
+        die "Unknown option $arg; use -h for help.\n";
+    }
+    shift @ARGV;
+}
+
+my @source;
+if ( $internal ) {
+    die "Cannot mix -internal and -static\n" if $static;
+    die "Extra parameters given.\n" if @ARGV;
+    @source = ( glob('crypto/*.c'), glob('crypto/*/*.c'),
+                glob('ssl/*.c'), glob('ssl/*/*.c') );
+} else {
+    die "-module isn't useful without -internal\n" if scalar keys %modules > 0;
+    @source = @ARGV;
+}
+
+# Data parsed out of the config and state files.
+my %hinc;       # lib -> header
+my %libinc;     # header -> lib
+my %cskip;      # error_file -> lib
+my %errorfile;  # lib -> error file name
+my %fmax;       # lib -> max assigned function code
+my %rmax;       # lib -> max assigned reason code
+my %fassigned;  # lib -> colon-separated list of assigned function codes
+my %rassigned;  # lib -> colon-separated list of assigned reason codes
+my %fnew;       # lib -> count of new function codes
+my %rnew;       # lib -> count of new reason codes
+my %rextra;     # "extra" reason code -> lib
+my %rcodes;     # reason-name -> value
+my %ftrans;     # old name -> #define-friendly name (all caps)
+my %fcodes;     # function-name -> value
+my $statefile;  # state file with assigned reason and function codes
+my %strings;    # define -> text
+
+# Read and parse the config file
+open(IN, "$config") || die "Can't open config file $config, $!,";
+while ( <IN> ) {
+    next if /^#/ || /^$/;
+    if ( /^L\s+(\S+)\s+(\S+)\s+(\S+)/ ) {
+        my $lib = $1;
+        my $hdr = $2;
+        my $err = $3;
+        $hinc{$lib}   = $hdr;
+        $libinc{$hdr} = $lib;
+        $cskip{$err}  = $lib;
+        next if $err eq 'NONE';
+        $errorfile{$lib} = $err;
+        $fmax{$lib}      = 100;
+        $rmax{$lib}      = 100;
+        $fassigned{$lib} = ":";
+        $rassigned{$lib} = ":";
+        $fnew{$lib}      = 0;
+        $rnew{$lib}      = 0;
+    } elsif ( /^R\s+(\S+)\s+(\S+)/ ) {
+        $rextra{$1} = $2;
+        $rcodes{$1} = $2;
+    } elsif ( /^S\s+(\S+)/ ) {
+        $statefile = $1;
+    } else {
+        die "Illegal config line $_\n";
+    }
+}
+close IN;
+
+if ( ! $statefile ) {
+    $statefile = $config;
+    $statefile =~ s/.ec/.txt/;
+}
+
+# The statefile has all the previous assignments.
+&phase("Reading state");
+my $skippedstate = 0;
+if ( ! $reindex && $statefile ) {
+    open(STATE, "<$statefile") || die "Can't open $statefile, $!";
+
+    # Scan function and reason codes and store them: keep a note of the
+    # maximum code used.
+    while ( <STATE> ) {
+        next if /^#/ || /^$/;
+        my $name;
+        my $code;
+        if ( /^(.+):(\d+):\\$/ ) {
+            $name = $1;
+            $code = $2;
+            my $next = <STATE>;
+            $next =~ s/^\s*(.*)\s*$/$1/;
+            die "Duplicate define $name" if exists $strings{$name};
+            $strings{$name} = $next;
+        } elsif ( /^(\S+):(\d+):(.*)$/ ) {
+            $name = $1;
+            $code = $2;
+            die "Duplicate define $name" if exists $strings{$name};
+            $strings{$name} = $3;
+        } else {
+            die "Bad line in $statefile:\n$_\n";
+        }
+        my $lib = $name;
+        $lib =~ s/^((?:OSSL_|OPENSSL_)?[^_]{2,}).*$/$1/;
+        $lib = "SSL" if $lib =~ /TLS/;
+        if ( !defined $errorfile{$lib} ) {
+            print "Skipping $_";
+            $skippedstate++;
+            next;
+        }
+        if ( $name =~ /^(?:OSSL_|OPENSSL_)?[A-Z0-9]{2,}_R_/ ) {
+            die "$lib reason code $code collision at $name\n"
+                if $rassigned{$lib} =~ /:$code:/;
+            $rassigned{$lib} .= "$code:";
+            if ( !exists $rextra{$name} ) {
+                $rmax{$lib} = $code if $code > $rmax{$lib};
+            }
+            $rcodes{$name} = $code;
+        } elsif ( $name =~ /^(?:OSSL_|OPENSSL_)?[A-Z0-9]{2,}_F_/ ) {
+            die "$lib function code $code collision at $name\n"
+                if $fassigned{$lib} =~ /:$code:/;
+            $fassigned{$lib} .= "$code:";
+            $fmax{$lib} = $code if $code > $fmax{$lib};
+            $fcodes{$name} = $code;
+        } else {
+            die "Bad line in $statefile:\n$_\n";
+        }
+    }
+    close(STATE);
+
+    if ( $debug ) {
+        foreach my $lib ( sort keys %rmax ) {
+            print STDERR "Reason codes for ${lib}:\n";
+            if ( $rassigned{$lib} =~ m/^:(.*):$/ ) {
+                my @rassigned = sort { $a <=> $b } split( ":", $1 );
+                print STDERR "  ", join(' ', @rassigned), "\n";
+            } else {
+                print STDERR "  --none--\n";
+            }
+        }
+        print STDERR "\n";
+        foreach my $lib ( sort keys %fmax ) {
+            print STDERR "Function codes for ${lib}:\n";
+            if ( $fassigned{$lib} =~ m/^:(.*):$/ ) {
+                my @fassigned = sort { $a <=> $b } split( ":", $1 );
+                print STDERR "  ", join(' ', @fassigned), "\n";
+            } else {
+                print STDERR "  --none--\n";
+            }
+        }
+    }
+}
+
+# Scan each header file and make a list of error codes
+# and function names
+&phase("Scanning headers");
+while ( ( my $hdr, my $lib ) = each %libinc ) {
+    next if $hdr eq "NONE";
+    print STDERR " ." if $debug;
+    my $line = "";
+    my $def = "";
+    my $linenr = 0;
+    my $cpp = 0;
+
+    open(IN, "<$hdr") || die "Can't open $hdr, $!,";
+    while ( <IN> ) {
+        $linenr++;
+
+        if ( $line ne '' ) {
+            $_    = $line . $_;
+            $line = '';
+        }
+
+        if ( /\\$/ ) {
+            $line = $_;
+            next;
+        }
+
+        if ( /\/\*/ ) {
+            if ( not /\*\// ) {    # multiline comment...
+                $line = $_;        # ... just accumulate
+                next;
+            } else {
+                s/\/\*.*?\*\///gs;    # wipe it
+            }
+        }
+
+        if ( $cpp ) {
+            $cpp++ if /^#\s*if/;
+            $cpp-- if /^#\s*endif/;
+            next;
+        }
+        $cpp = 1 if /^#.*ifdef.*cplusplus/;    # skip "C" declaration
+
+        next if /^\#/;    # skip preprocessor directives
+
+        s/{[^{}]*}//gs;     # ignore {} blocks
+
+        if ( /\{|\/\*/ ) {    # Add a so editor works...
+            $line = $_;
+        } else {
+            $def .= $_;
+        }
+    }
+
+    # Delete any DECLARE_ macros
+    my $defnr = 0;
+    $def =~ s/DECLARE_\w+\([\w,\s]+\)//gs;
+    foreach ( split /;/, $def ) {
+        $defnr++;
+        # The goal is to collect function names from function declarations.
+
+        s/^[\n\s]*//g;
+        s/[\n\s]*$//g;
+
+        # Skip over recognized non-function declarations
+        next if /typedef\W/ or /DECLARE_STACK_OF/ or /TYPEDEF_.*_OF/;
+
+        # Remove STACK_OF(foo)
+        s/STACK_OF\(\w+\)/void/;
+
+        # Reduce argument lists to empty ()
+        # fold round brackets recursively: (t(*v)(t),t) -> (t{}{},t) -> {}
+        while ( /\(.*\)/s ) {
+            s/\([^\(\)]+\)/\{\}/gs;
+            s/\(\s*\*\s*(\w+)\s*\{\}\s*\)/$1/gs;    #(*f{}) -> f
+        }
+
+        # pretend as we didn't use curly braces: {} -> ()
+        s/\{\}/\(\)/gs;
+
+        # Last token just before the first () is a function name.
+        if ( /(\w+)\s*\(\).*/s ) {
+            my $name = $1;
+            $name =~ tr/[a-z]/[A-Z]/;
+            $ftrans{$name} = $1;
+        } elsif ( /[\(\)]/ and not(/=/) ) {
+            print STDERR "Header $hdr: cannot parse: $_;\n";
+        }
+    }
+
+    next if $reindex;
+
+    if ( $lib eq "SSL" && $rmax{$lib} >= 1000 ) {
+        print STDERR "SSL error codes 1000+ are reserved for alerts.\n";
+        print STDERR "Any new alerts must be added to $config.\n";
+        $errors++;
+    }
+    close IN;
+}
+print STDERR "\n" if $debug;
+
+# Scan each C source file and look for function and reason codes
+# This is done by looking for strings that "look like" function or
+# reason codes: basically anything consisting of all upper case and
+# numerics which has _F_ or _R_ in it and which has the name of an
+# error library at the start.  This seems to work fine except for the
+# oddly named structure BIO_F_CTX which needs to be ignored.
+# If a code doesn't exist in list compiled from headers then mark it
+# with the value "X" as a place holder to give it a value later.
+# Store all function and reason codes found in %usedfuncs and %usedreasons
+# so all those unreferenced can be printed out.
+&phase("Scanning source");
+my %usedfuncs;
+my %usedreasons;
+foreach my $file ( @source ) {
+    # Don't parse the error source file.
+    next if exists $cskip{$file};
+    open( IN, "<$file" ) || die "Can't open $file, $!,";
+    my $func;
+    my $linenr = 0;
+    print STDERR "$file:\n" if $debug;
+    while ( <IN> ) {
+
+        # skip obsoleted source files entirely!
+        last if /^#error\s+obsolete/;
+        $linenr++;
+        if ( !/;$/ && /^\**([a-zA-Z_].*[\s*])?([A-Za-z_0-9]+)\(.*([),]|$)/ ) {
+            /^([^()]*(\([^()]*\)[^()]*)*)\(/;
+            $1 =~ /([A-Za-z_0-9]*)$/;
+            $func = $1;
+        }
+
+        if ( /(((?:OSSL_|OPENSSL_)?[A-Z0-9]{2,})_F_([A-Z0-9_]+))/ ) {
+            next unless exists $errorfile{$2};
+            next if $1 eq "BIO_F_BUFFER_CTX";
+            $usedfuncs{$1} = 1;
+            if ( !exists $fcodes{$1} ) {
+                print STDERR "  New function $1\n" if $debug;
+                $fcodes{$1} = "X";
+                $fnew{$2}++;
+            }
+            $ftrans{$3} = $func unless exists $ftrans{$3};
+            if ( uc($func) ne $3 ) {
+                print STDERR "ERROR: mismatch $file:$linenr $func:$3\n";
+                $errors++;
+            }
+            print STDERR "  Function $1 = $fcodes{$1}\n"
+              if $debug;
+        }
+        if ( /(((?:OSSL_|OPENSSL_)?[A-Z0-9]{2,})_R_[A-Z0-9_]+)/ ) {
+            next unless exists $errorfile{$2};
+            $usedreasons{$1} = 1;
+            if ( !exists $rcodes{$1} ) {
+                print STDERR "  New reason $1\n" if $debug;
+                $rcodes{$1} = "X";
+                $rnew{$2}++;
+            }
+            print STDERR "  Reason $1 = $rcodes{$1}\n" if $debug;
+        }
+    }
+    close IN;
+}
+print STDERR "\n" if $debug;
+
+# Now process each library in turn.
+&phase("Writing files");
+my $newstate = 0;
+foreach my $lib ( keys %errorfile ) {
+    if ( ! $fnew{$lib} && ! $rnew{$lib} ) {
+        next unless $rebuild;
+    }
+    next if scalar keys %modules > 0 && !$modules{$lib};
+    next if $nowrite;
+    print STDERR "$lib: $fnew{$lib} new functions\n" if $fnew{$lib};
+    print STDERR "$lib: $rnew{$lib} new reasons\n" if $rnew{$lib};
+    $newstate = 1;
+
+    # If we get here then we have some new error codes so we
+    # need to rebuild the header file and C file.
+
+    # Make a sorted list of error and reason codes for later use.
+    my @function = sort grep( /^${lib}_/, keys %fcodes );
+    my @reasons  = sort grep( /^${lib}_/, keys %rcodes );
+
+    # indent level for innermost preprocessor lines
+    my $indent = " ";
+
+    # Rewrite the header file
+
+    my $hfile = $hinc{$lib};
+    $hfile =~ s/.h$/err.h/ if $internal;
+    open( OUT, ">$hfile" ) || die "Can't write to $hfile, $!,";
+    print OUT <<"EOF";
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-$YEAR The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the \"License\").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_${lib}ERR_H
+# define HEADER_${lib}ERR_H
+
+EOF
+    if ( $internal ) {
+        # Declare the load function because the generate C file
+        # includes "fooerr.h" not "foo.h"
+        if ($lib ne "SSL" && $lib ne "ASYNC"
+                && grep { $lib eq uc $_ } @disablables) {
+            print OUT <<"EOF";
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_${lib}
+
+EOF
+            $indent = "  ";
+        }
+        print OUT <<"EOF";
+#${indent}ifdef  __cplusplus
+extern \"C\"
+#${indent}endif
+int ERR_load_${lib}_strings(void);
+EOF
+    } else {
+        print OUT <<"EOF";
+# define ${lib}err(f, r) ERR_${lib}_error((f), (r), OPENSSL_FILE, OPENSSL_LINE)
+
+EOF
+        if ( ! $static ) {
+            print OUT <<"EOF";
+
+# ifdef  __cplusplus
+extern \"C\" {
+# endif
+int ERR_load_${lib}_strings(void);
+void ERR_unload_${lib}_strings(void);
+void ERR_${lib}_error(int function, int reason, char *file, int line);
+# ifdef  __cplusplus
+}
+# endif
+EOF
+        }
+    }
+
+    print OUT "\n/*\n * $lib function codes.\n */\n";
+    foreach my $i ( @function ) {
+        my $z = 48 - length($i);
+        $z = 0 if $z < 0;
+        if ( $fcodes{$i} eq "X" ) {
+            $fassigned{$lib} =~ m/^:([^:]*):/;
+            my $findcode = $1;
+            $findcode = $fmax{$lib} if !defined $findcode;
+            while ( $fassigned{$lib} =~ m/:$findcode:/ ) {
+                $findcode++;
+            }
+            $fcodes{$i} = $findcode;
+            $fassigned{$lib} .= "$findcode:";
+            print STDERR "New Function code $i\n" if $debug;
+        }
+        printf OUT "#${indent}define $i%s $fcodes{$i}\n", " " x $z;
+    }
+
+    print OUT "\n/*\n * $lib reason codes.\n */\n";
+    foreach my $i ( @reasons ) {
+        my $z = 48 - length($i);
+        $z = 0 if $z < 0;
+        if ( $rcodes{$i} eq "X" ) {
+            $rassigned{$lib} =~ m/^:([^:]*):/;
+            my $findcode = $1;
+            $findcode = $rmax{$lib} if !defined $findcode;
+            while ( $rassigned{$lib} =~ m/:$findcode:/ ) {
+                $findcode++;
+            }
+            $rcodes{$i} = $findcode;
+            $rassigned{$lib} .= "$findcode:";
+            print STDERR "New Reason code $i\n" if $debug;
+        }
+        printf OUT "#${indent}define $i%s $rcodes{$i}\n", " " x $z;
+    }
+    print OUT "\n";
+
+    while (length($indent) > 0) {
+        $indent = substr $indent, 0, -1;
+        print OUT "#${indent}endif\n";
+    }
+
+    # Rewrite the C source file containing the error details.
+
+    # First, read any existing reason string definitions:
+    my $cfile = $errorfile{$lib};
+    my $pack_lib = $internal ? "ERR_LIB_${lib}" : "0";
+    my $hincf = $hfile;
+    $hincf =~ s|.*include/||;
+    if ( $hincf =~ m|^openssl/| ) {
+        $hincf = "<${hincf}>";
+    } else {
+        $hincf = "\"${hincf}\"";
+    }
+
+    open( OUT, ">$cfile" )
+        || die "Can't open $cfile for writing, $!, stopped";
+
+    my $const = $internal ? 'const ' : '';
+
+    print OUT <<"EOF";
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-$YEAR The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include $hincf
+
+#ifndef OPENSSL_NO_ERR
+
+static ${const}ERR_STRING_DATA ${lib}_str_functs[] = {
+EOF
+
+    # Add each function code: if a function name is found then use it.
+    foreach my $i ( @function ) {
+        my $fn;
+        if ( exists $strings{$i} and $strings{$i} ne '' ) {
+            $fn = $strings{$i};
+            $fn = "" if $fn eq '*';
+        } else {
+            $i =~ /^${lib}_F_(\S+)$/;
+            $fn = $1;
+            $fn = $ftrans{$fn} if exists $ftrans{$fn};
+            $strings{$i} = $fn;
+        }
+        my $short = "    {ERR_PACK($pack_lib, $i, 0), \"$fn\"},";
+        if ( length($short) <= 80 ) {
+            print OUT "$short\n";
+        } else {
+            print OUT "    {ERR_PACK($pack_lib, $i, 0),\n     \"$fn\"},\n";
+        }
+    }
+    print OUT <<"EOF";
+    {0, NULL}
+};
+
+static ${const}ERR_STRING_DATA ${lib}_str_reasons[] = {
+EOF
+
+    # Add each reason code.
+    foreach my $i ( @reasons ) {
+        my $rn;
+        if ( exists $strings{$i} ) {
+            $rn = $strings{$i};
+            $rn = "" if $rn eq '*';
+        } else {
+            $i =~ /^${lib}_R_(\S+)$/;
+            $rn = $1;
+            $rn =~ tr/_[A-Z]/ [a-z]/;
+            $strings{$i} = $rn;
+        }
+        my $short = "    {ERR_PACK($pack_lib, 0, $i), \"$rn\"},";
+        if ( length($short) <= 80 ) {
+            print OUT "$short\n";
+        } else {
+            print OUT "    {ERR_PACK($pack_lib, 0, $i),\n    \"$rn\"},\n";
+        }
+    }
+    print OUT <<"EOF";
+    {0, NULL}
+};
+
+#endif
+EOF
+    if ( $internal ) {
+        print OUT <<"EOF";
+
+int ERR_load_${lib}_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(${lib}_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(${lib}_str_functs);
+        ERR_load_strings_const(${lib}_str_reasons);
+    }
+#endif
+    return 1;
+}
+EOF
+    } else {
+        my $st = $static ? "static " : "";
+        print OUT <<"EOF";
+
+static int lib_code = 0;
+static int error_loaded = 0;
+
+${st}int ERR_load_${lib}_strings(void)
+{
+    if (lib_code == 0)
+        lib_code = ERR_get_next_error_library();
+
+    if (!error_loaded) {
+#ifndef OPENSSL_NO_ERR
+        ERR_load_strings(lib_code, ${lib}_str_functs);
+        ERR_load_strings(lib_code, ${lib}_str_reasons);
+#endif
+        error_loaded = 1;
+    }
+    return 1;
+}
+
+${st}void ERR_unload_${lib}_strings(void)
+{
+    if (error_loaded) {
+#ifndef OPENSSL_NO_ERR
+        ERR_unload_strings(lib_code, ${lib}_str_functs);
+        ERR_unload_strings(lib_code, ${lib}_str_reasons);
+#endif
+        error_loaded = 0;
+    }
+}
+
+${st}void ERR_${lib}_error(int function, int reason, char *file, int line)
+{
+    if (lib_code == 0)
+        lib_code = ERR_get_next_error_library();
+    ERR_PUT_error(lib_code, function, reason, file, line);
+}
+EOF
+
+    }
+
+    close OUT;
+}
+
+&phase("Ending");
+# Make a list of unreferenced function and reason codes
+if ( $unref ) {
+    my @funref;
+    foreach ( keys %fcodes ) {
+        push( @funref, $_ ) unless exists $usedfuncs{$_};
+    }
+    my @runref;
+    foreach ( keys %rcodes ) {
+        push( @runref, $_ ) unless exists $usedreasons{$_};
+    }
+    if ( @funref ) {
+        print STDERR "The following function codes were not referenced:\n";
+        foreach ( sort @funref ) {
+            print STDERR "  $_\n";
+        }
+    }
+    if ( @runref ) {
+        print STDERR "The following reason codes were not referenced:\n";
+        foreach ( sort @runref ) {
+            print STDERR "  $_\n";
+        }
+    }
+}
+
+die "Found $errors errors, quitting" if $errors;
+
+# Update the state file
+if ( $newstate )  {
+    open(OUT, ">$statefile.new")
+        || die "Can't write $statefile.new, $!";
+    print OUT <<"EOF";
+# Copyright 1999-$YEAR The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+EOF
+    print OUT "\n# Function codes\n";
+    foreach my $i ( sort keys %fcodes ) {
+        my $short = "$i:$fcodes{$i}:";
+        my $t = exists $strings{$i} ? $strings{$i} : "";
+        $t = "\\\n\t" . $t if length($short) + length($t) > 80;
+        print OUT "$short$t\n";
+    }
+    print OUT "\n#Reason codes\n";
+    foreach my $i ( sort keys %rcodes ) {
+        my $short = "$i:$rcodes{$i}:";
+        my $t = exists $strings{$i} ? "$strings{$i}" : "";
+        $t = "\\\n\t" . $t if length($short) + length($t) > 80;
+        print OUT "$short$t\n" if !exists $rextra{$i};
+    }
+    close(OUT);
+    if ( $skippedstate ) {
+        print "Skipped state, leaving update in $statefile.new";
+    } else {
+        rename "$statefile", "$statefile.old"
+            || die "Can't backup $statefile to $statefile.old, $!";
+        rename "$statefile.new", "$statefile"
+            || die "Can't rename $statefile to $statefile.new, $!";
+    }
+}
+
+exit;
diff --git a/trunk/3rdparty/openssl-1.1-fit/util/mkrc.pl b/trunk/3rdparty/openssl-1.1-fit/util/mkrc.pl
new file mode 100755
index 000000000..6762bc4a5
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/util/mkrc.pl
@@ -0,0 +1,93 @@
+#! /usr/bin/env perl
+# Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+use warnings;
+use lib ".";
+use configdata;
+use File::Spec::Functions;
+
+my $versionfile = catfile( $config{sourcedir}, "include/openssl/opensslv.h" );
+
+my ( $ver, $v1, $v2, $v3, $v4, $beta, $version );
+
+open FD, $versionfile or die "Couldn't open include/openssl/opensslv.h: $!\n";
+while (<FD>) {
+    if (/OPENSSL_VERSION_NUMBER\s+(0x[0-9a-f]+)/i) {
+        $ver     = hex($1);
+        $v1      = ( $ver >> 28 );
+        $v2      = ( $ver >> 20 ) & 0xff;
+        $v3      = ( $ver >> 12 ) & 0xff;
+        $v4      = ( $ver >>  4 ) & 0xff;
+        $beta    = $ver & 0xf;
+        $version = "$v1.$v2.$v3";
+        if ( $beta == 0xf ) {
+            $version .= chr( ord('a') + $v4 - 1 ) if ($v4);
+        } elsif ( $beta == 0 ) {
+            $version .= "-dev";
+        } else {
+            $version .= "-beta$beta";
+        }
+        last;
+    }
+}
+close(FD);
+
+my $filename = $ARGV[0];
+my $description = "OpenSSL library";
+my $vft = "VFT_DLL";
+if ( $filename =~ /openssl/i ) {
+    $description = "OpenSSL application";
+    $vft = "VFT_APP";
+}
+
+my $YEAR = [localtime()]->[5] + 1900;
+print <<___;
+#include <winver.h>
+
+LANGUAGE 0x09,0x01
+
+1 VERSIONINFO
+  FILEVERSION $v1,$v2,$v3,$v4
+  PRODUCTVERSION $v1,$v2,$v3,$v4
+  FILEFLAGSMASK 0x3fL
+#ifdef _DEBUG
+  FILEFLAGS 0x01L
+#else
+  FILEFLAGS 0x00L
+#endif
+  FILEOS VOS__WINDOWS32
+  FILETYPE $vft
+  FILESUBTYPE 0x0L
+BEGIN
+    BLOCK "StringFileInfo"
+    BEGIN
+        BLOCK "040904b0"
+        BEGIN
+            // Required:
+            VALUE "CompanyName", "The OpenSSL Project, https://www.openssl.org/\\0"
+            VALUE "FileDescription", "$description\\0"
+            VALUE "FileVersion", "$version\\0"
+            VALUE "InternalName", "$filename\\0"
+            VALUE "OriginalFilename", "$filename\\0"
+            VALUE "ProductName", "The OpenSSL Toolkit\\0"
+            VALUE "ProductVersion", "$version\\0"
+            // Optional:
+            //VALUE "Comments", "\\0"
+            VALUE "LegalCopyright", "Copyright 1998-$YEAR The OpenSSL Authors. All rights reserved.\\0"
+            //VALUE "LegalTrademarks", "\\0"
+            //VALUE "PrivateBuild", "\\0"
+            //VALUE "SpecialBuild", "\\0"
+        END
+    END
+    BLOCK "VarFileInfo"
+    BEGIN
+        VALUE "Translation", 0x409, 0x4b0
+    END
+END
+___
diff --git a/trunk/3rdparty/openssl-1.1-fit/util/openssl-format-source b/trunk/3rdparty/openssl-1.1-fit/util/openssl-format-source
new file mode 100755
index 000000000..e39964420
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/util/openssl-format-source
@@ -0,0 +1,175 @@
+#!/bin/sh
+#
+# Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# openssl-format-source
+# - format source tree according to OpenSSL coding style using indent
+#
+# usage:
+#   openssl-format-source [-v] [-n] [file|directory] ...
+#
+# note: the indent options assume GNU indent v2.2.10 which was released
+#       Feb-2009 so if you have an older indent the options may not
+#	match what is expected
+#
+# any marked block comment blocks have to be moved to align manually after
+# the reformatting has been completed as marking a block causes indent to
+# not move it at all ...
+#
+
+PATH=/usr/local/bin:/bin:/usr/bin:$PATH
+export PATH
+HERE="`dirname $0`"
+
+set -e
+
+INDENT=indent
+uname -s | grep BSD > /dev/null && type gindent > /dev/null 2>&1 && INDENT=gindent
+
+if [ $# -eq 0 ]; then
+  echo "usage: $0 [-v] [-n] [-c] [sourcefile|sourcedir] ..." >&2
+  exit 1
+fi
+
+VERBOSE=false
+DONT=false
+STOPARGS=false
+COMMENTS=false
+CHANGED=false
+DEBUG=""
+
+# for this exercise, we want to force the openssl style, so we roll
+# our own indent profile, which is at a well known location
+INDENT_PROFILE="$HERE/indent.pro"
+export INDENT_PROFILE
+if [ ! -f "$INDENT_PROFILE" ]; then
+  echo "$0: unable to locate the openssl indent.pro file" >&2
+  exit 1
+fi
+
+# Extra arguments; for adding the comment-formatting
+INDENT_ARGS=""
+for i
+do
+  if [ "$STOPARGS" != "true" ]; then
+    case $i in
+      --) STOPARGS="true"; continue;;
+      -n) DONT="true"; continue;;
+      -v) VERBOSE="true";
+	  echo "INDENT_PROFILE=$INDENT_PROFILE";
+	  continue;;
+      -c) COMMENTS="true";
+      	  INDENT_ARGS="-fc1 -fca -cdb -sc";
+	  continue;;
+      -nc) COMMENTS="true";
+	  continue;;
+      -d) DEBUG='eval tee "$j.pre" |'
+	  continue;;
+    esac
+  fi
+
+  if [ -d "$i" ]; then
+    LIST=`find "$i" -name '*.[ch]' -print`
+  else
+    if [ ! -f "$i" ]; then
+      echo "$0: source file not found: $i" >&2
+      exit 1
+    fi
+    LIST="$i"
+  fi
+
+  for j in $LIST
+  do
+    # ignore symlinks - we only ever process the base file - so if we
+    # expand a directory tree we need to ignore any located symlinks
+    if [ -d "$i" ]; then
+      if [ -h "$j" ]; then
+	continue;
+      fi
+    fi
+
+    if [ "$DONT" = "false" ]; then
+      tmp=$(mktemp /tmp/indent.XXXXXX)
+      trap 'rm -f "$tmp"' HUP INT TERM EXIT
+
+      case `basename $j` in
+	# the list of files that indent is unable to handle correctly
+	# that we simply leave alone for manual formatting now
+	obj_dat.h|aes_core.c|aes_x86core.c|ecp_nistz256.c)
+	  echo "skipping $j"
+	  ;;
+	*)
+	  if [ "$COMMENTS" = "true" ]; then
+	    # we have to mark single line comments as /*- ...*/ to stop indent
+	    # messing with them, run expand then indent as usual but with the
+	    # the process-comments options and then undo that marking, and then
+	    # finally re-run indent without process-comments so the marked-to-
+	    # be-ignored comments we did automatically end up getting moved
+	    # into the right position within the code as indent leaves marked
+	    # comments entirely untouched - we appear to have no way to avoid
+	    # the double processing and get the desired output
+	    cat "$j" | \
+	    expand | \
+	    perl -0 -np \
+	      -e 's/(\n#[ \t]*ifdef[ \t]+__cplusplus\n[^\n]*\n#[ \t]*endif\n)/\n\/**INDENT-OFF**\/$1\/**INDENT-ON**\/\n/g;' \
+	      -e 's/(\n\/\*\!)/\n\/**/g;' \
+	      -e 's/(STACK_OF|LHASH_OF)\(([^ \t,\)]+)\)( |\n)/$1_$2_$3/g;' \
+	      | \
+	    perl -np \
+	      -e 's/^([ \t]*)\/\*([ \t]+.*)\*\/[ \t]*$/my ($x1,$x2) = ($1, $2); if (length("$x1$x2")<75 && $x2 !~ m#^\s*\*INDENT-(ON|OFF)\*\s*$#) {$c="-"}else{$c=""}; "$x1\/*$c$x2*\/"/e;' \
+	      -e 's/^\/\* ((Copyright|=|----).*)$/\/*-$1/;' \
+	      -e 's/^((DECLARE|IMPLEMENT)_.*)$/\/**INDENT-OFF**\/\n$1\n\/**INDENT-ON**\//;' \
+	      -e 's/^([ \t]*(make_dh|make_dh_bn|make_rfc5114_td)\(.*\)[ \t,]*)$/\/**INDENT-OFF**\/\n$1\n\/**INDENT-ON**\//;' \
+	      -e 's/^(ASN1_ADB_TEMPLATE\(.*)$/\/**INDENT-OFF**\/\n$1\n\/**INDENT-ON**\//;' \
+	      -e 's/^((ASN1|ADB)_.*_(end|END)\(.*[\){=,;]+[ \t]*)$/$1\n\/**INDENT-ON**\//;' \
+	      -e '/ASN1_(ITEM_ref|ITEM_ptr|ITEM_rptr|PCTX)/ || s/^((ASN1|ADB)_[^\*]*[){=,]+[ \t]*)$/\/**INDENT-OFF**\/\n$1/;' \
+	      -e 's/^(} (ASN1|ADB)_[^\*]*[\){=,;]+)$/$1\n\/**INDENT-ON**\//;' \
+	      | \
+	      $DEBUG $INDENT $INDENT_ARGS | \
+	      perl -np \
+		-e 's/^([ \t]*)\/\*-(.*)\*\/[ \t]*$/$1\/*$2*\//;' \
+		-e 's/^\/\*-((Copyright|=|----).*)$/\/* $1/;' \
+	      | $INDENT | \
+	      perl -0 -np \
+		-e 's/\/\*\*INDENT-(ON|OFF)\*\*\/\n//g;' \
+	      | perl -np \
+	        -e 's/(STACK_OF|LHASH_OF)_([^ \t,]+)_( |\/)/$1($2)$3/g;' \
+	        -e 's/(STACK_OF|LHASH_OF)_([^ \t,]+)_$/$1($2)/g;' \
+	      | perl "$HERE"/su-filter.pl \
+	      > "$tmp"
+	  else
+	    expand "$j" | $INDENT $INDENT_ARGS > "$tmp"
+	  fi;
+	  if cmp -s "$tmp" "$j"; then
+	    if [ "$VERBOSE" = "true" ]; then
+	      echo "$j unchanged"
+	    fi
+	    rm "$tmp"
+	  else
+	    if [ "$VERBOSE" = "true" ]; then
+	      echo "$j changed"
+	    fi
+	    CHANGED=true
+	    mv "$tmp" "$j"
+	  fi
+	  ;;
+      esac
+    fi
+  done
+done
+
+
+if [ "$VERBOSE" = "true" ]; then
+  echo
+  if [ "$CHANGED" = "true" ]; then
+    echo "SOURCE WAS MODIFIED"
+  else
+    echo "SOURCE WAS NOT MODIFIED"
+  fi
+fi
diff --git a/trunk/3rdparty/openssl-1.1-fit/util/openssl-update-copyright b/trunk/3rdparty/openssl-1.1-fit/util/openssl-update-copyright
new file mode 100755
index 000000000..c432f8462
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/util/openssl-update-copyright
@@ -0,0 +1,63 @@
+#!/usr/bin/env bash
+#
+# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+myname="$(basename $0)"
+
+this_year="$(date '+%Y')"
+some_year="[12][0-9][0-9][0-9]"
+year_range="(${some_year})(-${some_year})?"
+
+copyright_owner="The OpenSSL Project"
+copyright="Copyright .*${year_range} .*${copyright_owner}"
+
+# sed_script:
+#   for all lines that contain ${copyright} : {
+#     replace years yyyy-zzzz (or year yyyy) by yyyy-${this_year}
+#     replace repeated years yyyy-yyyy by yyyy
+#   }
+sed_script="/${copyright}/{ s/${year_range}/\1-${this_year}/ ; s/(${some_year})-\1/\1/ }"
+
+function usage() {
+	cat >&2 <<EOF
+usage: $myname [-h|--help] [file|directory] ...
+
+Updates the year ranges of all OpenSSL copyright statements in the given
+files or directories. (Directories are traversed recursively.)
+EOF
+}
+
+if [ $# -eq 0 ]; then
+	usage
+	exit 0
+fi
+
+
+for arg in "$@"; do
+	case $arg in
+		-h|--help)
+			usage
+			exit 0
+			;;
+		-*)
+			echo -e "illegal option: $arg\n" >& 2
+			usage
+			exit 1
+			;;
+		*)
+			if [ -f "$arg" ]; then
+				sed -E -i "${sed_script}" "$arg"
+			elif [ -d "$arg" ]; then
+				find "$arg" -name '.[a-z]*' -prune -o -type f -exec sed -E -i "${sed_script}" {} +
+			else
+				echo "$arg: no such file or directory" >&2
+			fi
+			;;
+	esac
+done
diff --git a/trunk/3rdparty/openssl-1.1-fit/util/opensslwrap.sh b/trunk/3rdparty/openssl-1.1-fit/util/opensslwrap.sh
new file mode 100755
index 000000000..b27cbb897
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/util/opensslwrap.sh
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+HERE="`echo $0 | sed -e 's|[^/]*$||'`"
+OPENSSL="${HERE}../apps/openssl"
+
+if [ -d "${HERE}../engines" -a "x$OPENSSL_ENGINES" = "x" ]; then
+	OPENSSL_ENGINES="${HERE}../engines"; export OPENSSL_ENGINES
+fi
+
+if [ -x "${OPENSSL}.exe" ]; then
+	# The original reason for this script existence is to work around
+	# certain caveats in run-time linker behaviour. On Windows platforms
+	# adjusting $PATH used to be sufficient, but with introduction of
+	# SafeDllSearchMode in XP/2003 the only way to get it right in
+	# *all* possible situations is to copy newly built .DLLs to apps/
+	# and test/, which is now done elsewhere... The $PATH is adjusted
+	# for backward compatibility (and nostagical reasons:-).
+	if [ "$OSTYPE" != msdosdjgpp ]; then
+		PATH="${HERE}..:$PATH"; export PATH
+	fi
+	exec "${OPENSSL}.exe" "$@"
+elif [ -x "${OPENSSL}" -a -x "${HERE}shlib_wrap.sh" ]; then
+	exec "${HERE}shlib_wrap.sh" "${OPENSSL}" "$@"
+else
+	exec "${OPENSSL}" "$@"	# hope for the best...
+fi
diff --git a/trunk/3rdparty/openssl-1.1-fit/util/perl/OpenSSL/Glob.pm b/trunk/3rdparty/openssl-1.1-fit/util/perl/OpenSSL/Glob.pm
new file mode 100644
index 000000000..ec87da4ae
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/util/perl/OpenSSL/Glob.pm
@@ -0,0 +1,21 @@
+package OpenSSL::Glob;
+
+use strict;
+use warnings;
+
+use File::Glob;
+
+use Exporter;
+use vars qw($VERSION @ISA @EXPORT);
+
+$VERSION = '0.1';
+@ISA = qw(Exporter);
+@EXPORT = qw(glob);
+
+sub glob {
+    goto &File::Glob::bsd_glob if $^O ne "VMS";
+    goto &CORE::glob;
+}
+
+1;
+__END__
diff --git a/trunk/3rdparty/openssl-1.1-fit/util/perl/OpenSSL/Test.pm b/trunk/3rdparty/openssl-1.1-fit/util/perl/OpenSSL/Test.pm
new file mode 100644
index 000000000..9564b2604
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/util/perl/OpenSSL/Test.pm
@@ -0,0 +1,1216 @@
+# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+package OpenSSL::Test;
+
+use strict;
+use warnings;
+
+use Test::More 0.96;
+
+use Exporter;
+use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS);
+$VERSION = "0.8";
+@ISA = qw(Exporter);
+@EXPORT = (@Test::More::EXPORT, qw(setup run indir cmd app fuzz test
+                                   perlapp perltest subtest));
+@EXPORT_OK = (@Test::More::EXPORT_OK, qw(bldtop_dir bldtop_file
+                                         srctop_dir srctop_file
+                                         data_file data_dir
+                                         pipe with cmdstr quotify
+                                         openssl_versions));
+
+=head1 NAME
+
+OpenSSL::Test - a private extension of Test::More
+
+=head1 SYNOPSIS
+
+  use OpenSSL::Test;
+
+  setup("my_test_name");
+
+  ok(run(app(["openssl", "version"])), "check for openssl presence");
+
+  indir "subdir" => sub {
+    ok(run(test(["sometest", "arg1"], stdout => "foo.txt")),
+       "run sometest with output to foo.txt");
+  };
+
+=head1 DESCRIPTION
+
+This module is a private extension of L<Test::More> for testing OpenSSL.
+In addition to the Test::More functions, it also provides functions that
+easily find the diverse programs within a OpenSSL build tree, as well as
+some other useful functions.
+
+This module I<depends> on the environment variables C<$TOP> or C<$SRCTOP>
+and C<$BLDTOP>.  Without one of the combinations it refuses to work.
+See L</ENVIRONMENT> below.
+
+With each test recipe, a parallel data directory with (almost) the same name
+as the recipe is possible in the source directory tree.  For example, for a
+recipe C<$SRCTOP/test/recipes/99-foo.t>, there could be a directory
+C<$SRCTOP/test/recipes/99-foo_data/>.
+
+=cut
+
+use File::Copy;
+use File::Spec::Functions qw/file_name_is_absolute curdir canonpath splitdir
+                             catdir catfile splitpath catpath devnull abs2rel
+                             rel2abs/;
+use File::Path 2.00 qw/rmtree mkpath/;
+use File::Basename;
+
+my $level = 0;
+
+# The name of the test.  This is set by setup() and is used in the other
+# functions to verify that setup() has been used.
+my $test_name = undef;
+
+# Directories we want to keep track of TOP, APPS, TEST and RESULTS are the
+# ones we're interested in, corresponding to the environment variables TOP
+# (mandatory), BIN_D, TEST_D, UTIL_D and RESULT_D.
+my %directories = ();
+
+# The environment variables that gave us the contents in %directories.  These
+# get modified whenever we change directories, so that subprocesses can use
+# the values of those environment variables as well
+my @direnv = ();
+
+# A bool saying if we shall stop all testing if the current recipe has failing
+# tests or not.  This is set by setup() if the environment variable STOPTEST
+# is defined with a non-empty value.
+my $end_with_bailout = 0;
+
+# A set of hooks that is affected by with() and may be used in diverse places.
+# All hooks are expected to be CODE references.
+my %hooks = (
+
+    # exit_checker is used by run() directly after completion of a command.
+    # it receives the exit code from that command and is expected to return
+    # 1 (for success) or 0 (for failure).  This is the status value that run()
+    # will give back (through the |statusvar| reference and as returned value
+    # when capture => 1 doesn't apply).
+    exit_checker => sub { return shift == 0 ? 1 : 0 },
+
+    );
+
+# Debug flag, to be set manually when needed
+my $debug = 0;
+
+=head2 Main functions
+
+The following functions are exported by default when using C<OpenSSL::Test>.
+
+=cut
+
+=over 4
+
+=item B<setup "NAME">
+
+C<setup> is used for initial setup, and it is mandatory that it's used.
+If it's not used in a OpenSSL test recipe, the rest of the recipe will
+most likely refuse to run.
+
+C<setup> checks for environment variables (see L</ENVIRONMENT> below),
+checks that C<$TOP/Configure> or C<$SRCTOP/Configure> exists, C<chdir>
+into the results directory (defined by the C<$RESULT_D> environment
+variable if defined, otherwise C<$BLDTOP/test> or C<$TOP/test>, whichever
+is defined).
+
+=back
+
+=cut
+
+sub setup {
+    my $old_test_name = $test_name;
+    $test_name = shift;
+
+    BAIL_OUT("setup() must receive a name") unless $test_name;
+    warn "setup() detected test name change.  Innocuous, so we continue...\n"
+        if $old_test_name && $old_test_name ne $test_name;
+
+    return if $old_test_name;
+
+    BAIL_OUT("setup() needs \$TOP or \$SRCTOP and \$BLDTOP to be defined")
+        unless $ENV{TOP} || ($ENV{SRCTOP} && $ENV{BLDTOP});
+    BAIL_OUT("setup() found both \$TOP and \$SRCTOP or \$BLDTOP...")
+        if $ENV{TOP} && ($ENV{SRCTOP} || $ENV{BLDTOP});
+
+    __env();
+
+    BAIL_OUT("setup() expects the file Configure in the source top directory")
+        unless -f srctop_file("Configure");
+
+    __cwd($directories{RESULTS});
+}
+
+=over 4
+
+=item B<indir "SUBDIR" =E<gt> sub BLOCK, OPTS>
+
+C<indir> is used to run a part of the recipe in a different directory than
+the one C<setup> moved into, usually a subdirectory, given by SUBDIR.
+The part of the recipe that's run there is given by the codeblock BLOCK.
+
+C<indir> takes some additional options OPTS that affect the subdirectory:
+
+=over 4
+
+=item B<create =E<gt> 0|1>
+
+When set to 1 (or any value that perl preceives as true), the subdirectory
+will be created if it doesn't already exist.  This happens before BLOCK
+is executed.
+
+=item B<cleanup =E<gt> 0|1>
+
+When set to 1 (or any value that perl preceives as true), the subdirectory
+will be cleaned out and removed.  This happens both before and after BLOCK
+is executed.
+
+=back
+
+An example:
+
+  indir "foo" => sub {
+      ok(run(app(["openssl", "version"]), stdout => "foo.txt"));
+      if (ok(open(RESULT, "foo.txt"), "reading foo.txt")) {
+          my $line = <RESULT>;
+          close RESULT;
+          is($line, qr/^OpenSSL 1\./,
+             "check that we're using OpenSSL 1.x.x");
+      }
+  }, create => 1, cleanup => 1;
+
+=back
+
+=cut
+
+sub indir {
+    my $subdir = shift;
+    my $codeblock = shift;
+    my %opts = @_;
+
+    my $reverse = __cwd($subdir,%opts);
+    BAIL_OUT("FAILURE: indir, \"$subdir\" wasn't possible to move into")
+	unless $reverse;
+
+    $codeblock->();
+
+    __cwd($reverse);
+
+    if ($opts{cleanup}) {
+	rmtree($subdir, { safe => 0 });
+    }
+}
+
+=over 4
+
+=item B<cmd ARRAYREF, OPTS>
+
+This functions build up a platform dependent command based on the
+input.  It takes a reference to a list that is the executable or
+script and its arguments, and some additional options (described
+further on).  Where necessary, the command will be wrapped in a
+suitable environment to make sure the correct shared libraries are
+used (currently only on Unix).
+
+It returns a CODEREF to be used by C<run>, C<pipe> or C<cmdstr>.
+
+The options that C<cmd> can take are in the form of hash values:
+
+=over 4
+
+=item B<stdin =E<gt> PATH>
+
+=item B<stdout =E<gt> PATH>
+
+=item B<stderr =E<gt> PATH>
+
+In all three cases, the corresponding standard input, output or error is
+redirected from (for stdin) or to (for the others) a file given by the
+string PATH, I<or>, if the value is C<undef>, C</dev/null> or similar.
+
+=back
+
+=item B<app ARRAYREF, OPTS>
+
+=item B<test ARRAYREF, OPTS>
+
+Both of these are specific applications of C<cmd>, with just a couple
+of small difference:
+
+C<app> expects to find the given command (the first item in the given list
+reference) as an executable in C<$BIN_D> (if defined, otherwise C<$TOP/apps>
+or C<$BLDTOP/apps>).
+
+C<test> expects to find the given command (the first item in the given list
+reference) as an executable in C<$TEST_D> (if defined, otherwise C<$TOP/test>
+or C<$BLDTOP/test>).
+
+Also, for both C<app> and C<test>, the command may be prefixed with
+the content of the environment variable C<$EXE_SHELL>, which is useful
+in case OpenSSL has been cross compiled.
+
+=item B<perlapp ARRAYREF, OPTS>
+
+=item B<perltest ARRAYREF, OPTS>
+
+These are also specific applications of C<cmd>, where the interpreter
+is predefined to be C<perl>, and they expect the script to be
+interpreted to reside in the same location as C<app> and C<test>.
+
+C<perlapp> and C<perltest> will also take the following option:
+
+=over 4
+
+=item B<interpreter_args =E<gt> ARRAYref>
+
+The array reference is a set of arguments for the interpreter rather
+than the script.  Take care so that none of them can be seen as a
+script!  Flags and their eventual arguments only!
+
+=back
+
+An example:
+
+  ok(run(perlapp(["foo.pl", "arg1"],
+                 interpreter_args => [ "-I", srctop_dir("test") ])));
+
+=back
+
+=begin comment
+
+One might wonder over the complexity of C<apps>, C<fuzz>, C<test>, ...
+with all the lazy evaluations and all that.  The reason for this is that
+we want to make sure the directory in which those programs are found are
+correct at the time these commands are used.  Consider the following code
+snippet:
+
+  my $cmd = app(["openssl", ...]);
+
+  indir "foo", sub {
+      ok(run($cmd), "Testing foo")
+  };
+
+If there wasn't this lazy evaluation, the directory where C<openssl> is
+found would be incorrect at the time C<run> is called, because it was
+calculated before we moved into the directory "foo".
+
+=end comment
+
+=cut
+
+sub cmd {
+    my $cmd = shift;
+    my %opts = @_;
+    return sub {
+        my $num = shift;
+        # Make a copy to not destroy the caller's array
+        my @cmdargs = ( @$cmd );
+        my @prog = __wrap_cmd(shift @cmdargs, $opts{exe_shell} // ());
+
+        return __decorate_cmd($num, [ @prog, quotify(@cmdargs) ],
+                              %opts);
+    }
+}
+
+sub app {
+    my $cmd = shift;
+    my %opts = @_;
+    return sub {
+        my @cmdargs = ( @{$cmd} );
+        my @prog = __fixup_prg(__apps_file(shift @cmdargs, __exeext()));
+        return cmd([ @prog, @cmdargs ],
+                   exe_shell => $ENV{EXE_SHELL}, %opts) -> (shift);
+    }
+}
+
+sub fuzz {
+    my $cmd = shift;
+    my %opts = @_;
+    return sub {
+        my @cmdargs = ( @{$cmd} );
+        my @prog = __fixup_prg(__fuzz_file(shift @cmdargs, __exeext()));
+        return cmd([ @prog, @cmdargs ],
+                   exe_shell => $ENV{EXE_SHELL}, %opts) -> (shift);
+    }
+}
+
+sub test {
+    my $cmd = shift;
+    my %opts = @_;
+    return sub {
+        my @cmdargs = ( @{$cmd} );
+        my @prog = __fixup_prg(__test_file(shift @cmdargs, __exeext()));
+        return cmd([ @prog, @cmdargs ],
+                   exe_shell => $ENV{EXE_SHELL}, %opts) -> (shift);
+    }
+}
+
+sub perlapp {
+    my $cmd = shift;
+    my %opts = @_;
+    return sub {
+        my @interpreter_args = defined $opts{interpreter_args} ?
+            @{$opts{interpreter_args}} : ();
+        my @interpreter = __fixup_prg($^X);
+        my @cmdargs = ( @{$cmd} );
+        my @prog = __apps_file(shift @cmdargs, undef);
+        return cmd([ @interpreter, @interpreter_args,
+                     @prog, @cmdargs ], %opts) -> (shift);
+    }
+}
+
+sub perltest {
+    my $cmd = shift;
+    my %opts = @_;
+    return sub {
+        my @interpreter_args = defined $opts{interpreter_args} ?
+            @{$opts{interpreter_args}} : ();
+        my @interpreter = __fixup_prg($^X);
+        my @cmdargs = ( @{$cmd} );
+        my @prog = __test_file(shift @cmdargs, undef);
+        return cmd([ @interpreter, @interpreter_args,
+                     @prog, @cmdargs ], %opts) -> (shift);
+    }
+}
+
+=over 4
+
+=item B<run CODEREF, OPTS>
+
+CODEREF is expected to be the value return by C<cmd> or any of its
+derivatives, anything else will most likely cause an error unless you
+know what you're doing.
+
+C<run> executes the command returned by CODEREF and return either the
+resulting output (if the option C<capture> is set true) or a boolean
+indicating if the command succeeded or not.
+
+The options that C<run> can take are in the form of hash values:
+
+=over 4
+
+=item B<capture =E<gt> 0|1>
+
+If true, the command will be executed with a perl backtick, and C<run> will
+return the resulting output as an array of lines.  If false or not given,
+the command will be executed with C<system()>, and C<run> will return 1 if
+the command was successful or 0 if it wasn't.
+
+=item B<prefix =E<gt> EXPR>
+
+If specified, EXPR will be used as a string to prefix the output from the
+command.  This is useful if the output contains lines starting with C<ok >
+or C<not ok > that can disturb Test::Harness.
+
+=item B<statusvar =E<gt> VARREF>
+
+If used, B<VARREF> must be a reference to a scalar variable.  It will be
+assigned a boolean indicating if the command succeeded or not.  This is
+particularly useful together with B<capture>.
+
+=back
+
+For further discussion on what is considered a successful command or not, see
+the function C<with> further down.
+
+=back
+
+=cut
+
+sub run {
+    my ($cmd, $display_cmd) = shift->(0);
+    my %opts = @_;
+
+    return () if !$cmd;
+
+    my $prefix = "";
+    if ( $^O eq "VMS" ) {	# VMS
+	$prefix = "pipe ";
+    }
+
+    my @r = ();
+    my $r = 0;
+    my $e = 0;
+
+    die "OpenSSL::Test::run(): statusvar value not a scalar reference"
+        if $opts{statusvar} && ref($opts{statusvar}) ne "SCALAR";
+
+    # In non-verbose, we want to shut up the command interpreter, in case
+    # it has something to complain about.  On VMS, it might complain both
+    # on stdout and stderr
+    my $save_STDOUT;
+    my $save_STDERR;
+    if ($ENV{HARNESS_ACTIVE} && !$ENV{HARNESS_VERBOSE}) {
+        open $save_STDOUT, '>&', \*STDOUT or die "Can't dup STDOUT: $!";
+        open $save_STDERR, '>&', \*STDERR or die "Can't dup STDERR: $!";
+        open STDOUT, ">", devnull();
+        open STDERR, ">", devnull();
+    }
+
+    $ENV{HARNESS_OSSL_LEVEL} = $level + 1;
+
+    # The dance we do with $? is the same dance the Unix shells appear to
+    # do.  For example, a program that gets aborted (and therefore signals
+    # SIGABRT = 6) will appear to exit with the code 134.  We mimic this
+    # to make it easier to compare with a manual run of the command.
+    if ($opts{capture} || defined($opts{prefix})) {
+	my $pipe;
+	local $_;
+
+	open($pipe, '-|', "$prefix$cmd") or die "Can't start command: $!";
+	while(<$pipe>) {
+	    my $l = ($opts{prefix} // "") . $_;
+	    if ($opts{capture}) {
+		push @r, $l;
+	    } else {
+		print STDOUT $l;
+	    }
+	}
+	close $pipe;
+    } else {
+	$ENV{HARNESS_OSSL_PREFIX} = "# ";
+	system("$prefix$cmd");
+	delete $ENV{HARNESS_OSSL_PREFIX};
+    }
+    $e = ($? & 0x7f) ? ($? & 0x7f)|0x80 : ($? >> 8);
+    $r = $hooks{exit_checker}->($e);
+    if ($opts{statusvar}) {
+        ${$opts{statusvar}} = $r;
+    }
+
+    if ($ENV{HARNESS_ACTIVE} && !$ENV{HARNESS_VERBOSE}) {
+        close STDOUT;
+        close STDERR;
+        open STDOUT, '>&', $save_STDOUT or die "Can't restore STDOUT: $!";
+        open STDERR, '>&', $save_STDERR or die "Can't restore STDERR: $!";
+    }
+
+    print STDERR "$prefix$display_cmd => $e\n"
+        if !$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE};
+
+    # At this point, $? stops being interesting, and unfortunately,
+    # there are Test::More versions that get picky if we leave it
+    # non-zero.
+    $? = 0;
+
+    if ($opts{capture}) {
+	return @r;
+    } else {
+	return $r;
+    }
+}
+
+END {
+    my $tb = Test::More->builder;
+    my $failure = scalar(grep { $_ == 0; } $tb->summary);
+    if ($failure && $end_with_bailout) {
+	BAIL_OUT("Stoptest!");
+    }
+}
+
+=head2 Utility functions
+
+The following functions are exported on request when using C<OpenSSL::Test>.
+
+  # To only get the bldtop_file and srctop_file functions.
+  use OpenSSL::Test qw/bldtop_file srctop_file/;
+
+  # To only get the bldtop_file function in addition to the default ones.
+  use OpenSSL::Test qw/:DEFAULT bldtop_file/;
+
+=cut
+
+# Utility functions, exported on request
+
+=over 4
+
+=item B<bldtop_dir LIST>
+
+LIST is a list of directories that make up a path from the top of the OpenSSL
+build directory (as indicated by the environment variable C<$TOP> or
+C<$BLDTOP>).
+C<bldtop_dir> returns the resulting directory as a string, adapted to the local
+operating system.
+
+=back
+
+=cut
+
+sub bldtop_dir {
+    return __bldtop_dir(@_);	# This caters for operating systems that have
+				# a very distinct syntax for directories.
+}
+
+=over 4
+
+=item B<bldtop_file LIST, FILENAME>
+
+LIST is a list of directories that make up a path from the top of the OpenSSL
+build directory (as indicated by the environment variable C<$TOP> or
+C<$BLDTOP>) and FILENAME is the name of a file located in that directory path.
+C<bldtop_file> returns the resulting file path as a string, adapted to the local
+operating system.
+
+=back
+
+=cut
+
+sub bldtop_file {
+    return __bldtop_file(@_);
+}
+
+=over 4
+
+=item B<srctop_dir LIST>
+
+LIST is a list of directories that make up a path from the top of the OpenSSL
+source directory (as indicated by the environment variable C<$TOP> or
+C<$SRCTOP>).
+C<srctop_dir> returns the resulting directory as a string, adapted to the local
+operating system.
+
+=back
+
+=cut
+
+sub srctop_dir {
+    return __srctop_dir(@_);	# This caters for operating systems that have
+				# a very distinct syntax for directories.
+}
+
+=over 4
+
+=item B<srctop_file LIST, FILENAME>
+
+LIST is a list of directories that make up a path from the top of the OpenSSL
+source directory (as indicated by the environment variable C<$TOP> or
+C<$SRCTOP>) and FILENAME is the name of a file located in that directory path.
+C<srctop_file> returns the resulting file path as a string, adapted to the local
+operating system.
+
+=back
+
+=cut
+
+sub srctop_file {
+    return __srctop_file(@_);
+}
+
+=over 4
+
+=item B<data_dir LIST>
+
+LIST is a list of directories that make up a path from the data directory
+associated with the test (see L</DESCRIPTION> above).
+C<data_dir> returns the resulting directory as a string, adapted to the local
+operating system.
+
+=back
+
+=cut
+
+sub data_dir {
+    return __data_dir(@_);
+}
+
+=over 4
+
+=item B<data_file LIST, FILENAME>
+
+LIST is a list of directories that make up a path from the data directory
+associated with the test (see L</DESCRIPTION> above) and FILENAME is the name
+of a file located in that directory path.  C<data_file> returns the resulting
+file path as a string, adapted to the local operating system.
+
+=back
+
+=cut
+
+sub data_file {
+    return __data_file(@_);
+}
+
+=over 4
+
+=item B<pipe LIST>
+
+LIST is a list of CODEREFs returned by C<app> or C<test>, from which C<pipe>
+creates a new command composed of all the given commands put together in a
+pipe.  C<pipe> returns a new CODEREF in the same manner as C<app> or C<test>,
+to be passed to C<run> for execution.
+
+=back
+
+=cut
+
+sub pipe {
+    my @cmds = @_;
+    return
+	sub {
+	    my @cs  = ();
+	    my @dcs = ();
+	    my @els = ();
+	    my $counter = 0;
+	    foreach (@cmds) {
+		my ($c, $dc, @el) = $_->(++$counter);
+
+		return () if !$c;
+
+		push @cs, $c;
+		push @dcs, $dc;
+		push @els, @el;
+	    }
+	    return (
+		join(" | ", @cs),
+		join(" | ", @dcs),
+		@els
+		);
+    };
+}
+
+=over 4
+
+=item B<with HASHREF, CODEREF>
+
+C<with> will temporarily install hooks given by the HASHREF and then execute
+the given CODEREF.  Hooks are usually expected to have a coderef as value.
+
+The currently available hoosk are:
+
+=over 4
+
+=item B<exit_checker =E<gt> CODEREF>
+
+This hook is executed after C<run> has performed its given command.  The
+CODEREF receives the exit code as only argument and is expected to return
+1 (if the exit code indicated success) or 0 (if the exit code indicated
+failure).
+
+=back
+
+=back
+
+=cut
+
+sub with {
+    my $opts = shift;
+    my %opts = %{$opts};
+    my $codeblock = shift;
+
+    my %saved_hooks = ();
+
+    foreach (keys %opts) {
+	$saved_hooks{$_} = $hooks{$_}	if exists($hooks{$_});
+	$hooks{$_} = $opts{$_};
+    }
+
+    $codeblock->();
+
+    foreach (keys %saved_hooks) {
+	$hooks{$_} = $saved_hooks{$_};
+    }
+}
+
+=over 4
+
+=item B<cmdstr CODEREF, OPTS>
+
+C<cmdstr> takes a CODEREF from C<app> or C<test> and simply returns the
+command as a string.
+
+C<cmdstr> takes some additional options OPTS that affect the string returned:
+
+=over 4
+
+=item B<display =E<gt> 0|1>
+
+When set to 0, the returned string will be with all decorations, such as a
+possible redirect of stderr to the null device.  This is suitable if the
+string is to be used directly in a recipe.
+
+When set to 1, the returned string will be without extra decorations.  This
+is suitable for display if that is desired (doesn't confuse people with all
+internal stuff), or if it's used to pass a command down to a subprocess.
+
+Default: 0
+
+=back
+
+=back
+
+=cut
+
+sub cmdstr {
+    my ($cmd, $display_cmd) = shift->(0);
+    my %opts = @_;
+
+    if ($opts{display}) {
+        return $display_cmd;
+    } else {
+        return $cmd;
+    }
+}
+
+=over 4
+
+=item B<quotify LIST>
+
+LIST is a list of strings that are going to be used as arguments for a
+command, and makes sure to inject quotes and escapes as necessary depending
+on the content of each string.
+
+This can also be used to put quotes around the executable of a command.
+I<This must never ever be done on VMS.>
+
+=back
+
+=cut
+
+sub quotify {
+    # Unix setup (default if nothing else is mentioned)
+    my $arg_formatter =
+	sub { $_ = shift;
+	      ($_ eq '' || /\s|[\{\}\\\$\[\]\*\?\|\&:;<>]/) ? "'$_'" : $_ };
+
+    if ( $^O eq "VMS") {	# VMS setup
+	$arg_formatter = sub {
+	    $_ = shift;
+	    if ($_ eq '' || /\s|["[:upper:]]/) {
+		s/"/""/g;
+		'"'.$_.'"';
+	    } else {
+		$_;
+	    }
+	};
+    } elsif ( $^O eq "MSWin32") { # MSWin setup
+	$arg_formatter = sub {
+	    $_ = shift;
+	    if ($_ eq '' || /\s|["\|\&\*\;<>]/) {
+		s/(["\\])/\\$1/g;
+		'"'.$_.'"';
+	    } else {
+		$_;
+	    }
+	};
+    }
+
+    return map { $arg_formatter->($_) } @_;
+}
+
+=over 4
+
+=item B<openssl_versions>
+
+Returns a list of two numbers, the first representing the build version,
+the second representing the library version.  See opensslv.h for more
+information on those numbers.
+
+=back
+
+=cut
+
+my @versions = ();
+sub openssl_versions {
+    unless (@versions) {
+        my %lines =
+            map { s/\R$//;
+                  /^(.*): (0x[[:xdigit:]]{8})$/;
+                  die "Weird line: $_" unless defined $1;
+                  $1 => hex($2) }
+            run(test(['versions']), capture => 1);
+        @versions = ( $lines{'Build version'}, $lines{'Library version'} );
+    }
+    return @versions;
+}
+
+######################################################################
+# private functions.  These are never exported.
+
+=head1 ENVIRONMENT
+
+OpenSSL::Test depends on some environment variables.
+
+=over 4
+
+=item B<TOP>
+
+This environment variable is mandatory.  C<setup> will check that it's
+defined and that it's a directory that contains the file C<Configure>.
+If this isn't so, C<setup> will C<BAIL_OUT>.
+
+=item B<BIN_D>
+
+If defined, its value should be the directory where the openssl application
+is located.  Defaults to C<$TOP/apps> (adapted to the operating system).
+
+=item B<TEST_D>
+
+If defined, its value should be the directory where the test applications
+are located.  Defaults to C<$TOP/test> (adapted to the operating system).
+
+=item B<STOPTEST>
+
+If defined, it puts testing in a different mode, where a recipe with
+failures will result in a C<BAIL_OUT> at the end of its run.
+
+=back
+
+=cut
+
+sub __env {
+    (my $recipe_datadir = basename($0)) =~ s/\.t$/_data/i;
+
+    $directories{SRCTOP}  = $ENV{SRCTOP} || $ENV{TOP};
+    $directories{BLDTOP}  = $ENV{BLDTOP} || $ENV{TOP};
+    $directories{BLDAPPS} = $ENV{BIN_D}  || __bldtop_dir("apps");
+    $directories{SRCAPPS} =                 __srctop_dir("apps");
+    $directories{BLDFUZZ} =                 __bldtop_dir("fuzz");
+    $directories{SRCFUZZ} =                 __srctop_dir("fuzz");
+    $directories{BLDTEST} = $ENV{TEST_D} || __bldtop_dir("test");
+    $directories{SRCTEST} =                 __srctop_dir("test");
+    $directories{SRCDATA} =                 __srctop_dir("test", "recipes",
+                                                         $recipe_datadir);
+    $directories{RESULTS} = $ENV{RESULT_D} || $directories{BLDTEST};
+
+    push @direnv, "TOP"       if $ENV{TOP};
+    push @direnv, "SRCTOP"    if $ENV{SRCTOP};
+    push @direnv, "BLDTOP"    if $ENV{BLDTOP};
+    push @direnv, "BIN_D"     if $ENV{BIN_D};
+    push @direnv, "TEST_D"    if $ENV{TEST_D};
+    push @direnv, "RESULT_D"  if $ENV{RESULT_D};
+
+    $end_with_bailout	  = $ENV{STOPTEST} ? 1 : 0;
+};
+
+# __srctop_file and __srctop_dir are helpers to build file and directory
+# names on top of the source directory.  They depend on $SRCTOP, and
+# therefore on the proper use of setup() and when needed, indir().
+# __bldtop_file and __bldtop_dir do the same thing but relative to $BLDTOP.
+# __srctop_file and __bldtop_file take the same kind of argument as
+# File::Spec::Functions::catfile.
+# Similarly, __srctop_dir and __bldtop_dir take the same kind of argument
+# as File::Spec::Functions::catdir
+sub __srctop_file {
+    BAIL_OUT("Must run setup() first") if (! $test_name);
+
+    my $f = pop;
+    return catfile($directories{SRCTOP},@_,$f);
+}
+
+sub __srctop_dir {
+    BAIL_OUT("Must run setup() first") if (! $test_name);
+
+    return catdir($directories{SRCTOP},@_);
+}
+
+sub __bldtop_file {
+    BAIL_OUT("Must run setup() first") if (! $test_name);
+
+    my $f = pop;
+    return catfile($directories{BLDTOP},@_,$f);
+}
+
+sub __bldtop_dir {
+    BAIL_OUT("Must run setup() first") if (! $test_name);
+
+    return catdir($directories{BLDTOP},@_);
+}
+
+# __exeext is a function that returns the platform dependent file extension
+# for executable binaries, or the value of the environment variable $EXE_EXT
+# if that one is defined.
+sub __exeext {
+    my $ext = "";
+    if ($^O eq "VMS" ) {	# VMS
+	$ext = ".exe";
+    } elsif ($^O eq "MSWin32") { # Windows
+	$ext = ".exe";
+    }
+    return $ENV{"EXE_EXT"} || $ext;
+}
+
+# __test_file, __apps_file and __fuzz_file return the full path to a file
+# relative to the test/, apps/ or fuzz/ directory in the build tree or the
+# source tree, depending on where the file is found.  Note that when looking
+# in the build tree, the file name with an added extension is looked for, if
+# an extension is given.  The intent is to look for executable binaries (in
+# the build tree) or possibly scripts (in the source tree).
+# These functions all take the same arguments as File::Spec::Functions::catfile,
+# *plus* a mandatory extension argument.  This extension argument can be undef,
+# and is ignored in such a case.
+sub __test_file {
+    BAIL_OUT("Must run setup() first") if (! $test_name);
+
+    my $e = pop || "";
+    my $f = pop;
+    my $out = catfile($directories{BLDTEST},@_,$f . $e);
+    $out = catfile($directories{SRCTEST},@_,$f) unless -f $out;
+    return $out;
+}
+
+sub __apps_file {
+    BAIL_OUT("Must run setup() first") if (! $test_name);
+
+    my $e = pop || "";
+    my $f = pop;
+    my $out = catfile($directories{BLDAPPS},@_,$f . $e);
+    $out = catfile($directories{SRCAPPS},@_,$f) unless -f $out;
+    return $out;
+}
+
+sub __fuzz_file {
+    BAIL_OUT("Must run setup() first") if (! $test_name);
+
+    my $e = pop || "";
+    my $f = pop;
+    my $out = catfile($directories{BLDFUZZ},@_,$f . $e);
+    $out = catfile($directories{SRCFUZZ},@_,$f) unless -f $out;
+    return $out;
+}
+
+sub __data_file {
+    BAIL_OUT("Must run setup() first") if (! $test_name);
+
+    my $f = pop;
+    return catfile($directories{SRCDATA},@_,$f);
+}
+
+sub __data_dir {
+    BAIL_OUT("Must run setup() first") if (! $test_name);
+
+    return catdir($directories{SRCDATA},@_);
+}
+
+sub __results_file {
+    BAIL_OUT("Must run setup() first") if (! $test_name);
+
+    my $f = pop;
+    return catfile($directories{RESULTS},@_,$f);
+}
+
+# __cwd DIR
+# __cwd DIR, OPTS
+#
+# __cwd changes directory to DIR (string) and changes all the relative
+# entries in %directories accordingly.  OPTS is an optional series of
+# hash style arguments to alter __cwd's behavior:
+#
+#    create = 0|1       The directory we move to is created if 1, not if 0.
+#    cleanup = 0|1      The directory we move from is removed if 1, not if 0.
+
+sub __cwd {
+    my $dir = catdir(shift);
+    my %opts = @_;
+    my $abscurdir = rel2abs(curdir());
+    my $absdir = rel2abs($dir);
+    my $reverse = abs2rel($abscurdir, $absdir);
+
+    # PARANOIA: if we're not moving anywhere, we do nothing more
+    if ($abscurdir eq $absdir) {
+	return $reverse;
+    }
+
+    # Do not support a move to a different volume for now.  Maybe later.
+    BAIL_OUT("FAILURE: \"$dir\" moves to a different volume, not supported")
+	if $reverse eq $abscurdir;
+
+    # If someone happened to give a directory that leads back to the current,
+    # it's extremely silly to do anything more, so just simulate that we did
+    # move.
+    # In this case, we won't even clean it out, for safety's sake.
+    return "." if $reverse eq "";
+
+    $dir = canonpath($dir);
+    if ($opts{create}) {
+	mkpath($dir);
+    }
+
+    # We are recalculating the directories we keep track of, but need to save
+    # away the result for after having moved into the new directory.
+    my %tmp_directories = ();
+    my %tmp_ENV = ();
+
+    # For each of these directory variables, figure out where they are relative
+    # to the directory we want to move to if they aren't absolute (if they are,
+    # they don't change!)
+    my @dirtags = sort keys %directories;
+    foreach (@dirtags) {
+	if (!file_name_is_absolute($directories{$_})) {
+	    my $newpath = abs2rel(rel2abs($directories{$_}), rel2abs($dir));
+	    $tmp_directories{$_} = $newpath;
+	}
+    }
+
+    # Treat each environment variable that was used to get us the values in
+    # %directories the same was as the paths in %directories, so any sub
+    # process can use their values properly as well
+    foreach (@direnv) {
+	if (!file_name_is_absolute($ENV{$_})) {
+	    my $newpath = abs2rel(rel2abs($ENV{$_}), rel2abs($dir));
+	    $tmp_ENV{$_} = $newpath;
+	}
+    }
+
+    # Should we just bail out here as well?  I'm unsure.
+    return undef unless chdir($dir);
+
+    if ($opts{cleanup}) {
+	rmtree(".", { safe => 0, keep_root => 1 });
+    }
+
+    # We put back new values carefully.  Doing the obvious
+    # %directories = ( %tmp_directories )
+    # will clear out any value that happens to be an absolute path
+    foreach (keys %tmp_directories) {
+        $directories{$_} = $tmp_directories{$_};
+    }
+    foreach (keys %tmp_ENV) {
+        $ENV{$_} = $tmp_ENV{$_};
+    }
+
+    if ($debug) {
+	print STDERR "DEBUG: __cwd(), directories and files:\n";
+	print STDERR "  \$directories{BLDTEST} = \"$directories{BLDTEST}\"\n";
+	print STDERR "  \$directories{SRCTEST} = \"$directories{SRCTEST}\"\n";
+	print STDERR "  \$directories{SRCDATA} = \"$directories{SRCDATA}\"\n";
+	print STDERR "  \$directories{RESULTS} = \"$directories{RESULTS}\"\n";
+	print STDERR "  \$directories{BLDAPPS} = \"$directories{BLDAPPS}\"\n";
+	print STDERR "  \$directories{SRCAPPS} = \"$directories{SRCAPPS}\"\n";
+	print STDERR "  \$directories{SRCTOP}  = \"$directories{SRCTOP}\"\n";
+	print STDERR "  \$directories{BLDTOP}  = \"$directories{BLDTOP}\"\n";
+	print STDERR "\n";
+	print STDERR "  current directory is \"",curdir(),"\"\n";
+	print STDERR "  the way back is \"$reverse\"\n";
+    }
+
+    return $reverse;
+}
+
+# __wrap_cmd CMD
+# __wrap_cmd CMD, EXE_SHELL
+#
+# __wrap_cmd "wraps" CMD (string) with a beginning command that makes sure
+# the command gets executed with an appropriate environment.  If EXE_SHELL
+# is given, it is used as the beginning command.
+#
+# __wrap_cmd returns a list that should be used to build up a larger list
+# of command tokens, or be joined together like this:
+#
+#    join(" ", __wrap_cmd($cmd))
+sub __wrap_cmd {
+    my $cmd = shift;
+    my $exe_shell = shift;
+
+    my @prefix = ( __bldtop_file("util", "shlib_wrap.sh") );
+
+    if(defined($exe_shell)) {
+	@prefix = ( $exe_shell );
+    } elsif ($^O eq "VMS" || $^O eq "MSWin32") {
+	# VMS and Windows don't use any wrapper script for the moment
+	@prefix = ();
+    }
+
+    return (@prefix, $cmd);
+}
+
+# __fixup_prg PROG
+#
+# __fixup_prg does whatever fixup is needed to execute an executable binary
+# given by PROG (string).
+#
+# __fixup_prg returns a string with the possibly prefixed program path spec.
+sub __fixup_prg {
+    my $prog = shift;
+
+    my $prefix = "";
+
+    if ($^O eq "VMS" ) {
+	$prefix = ($prog =~ /^(?:[\$a-z0-9_]+:)?[<\[]/i ? "mcr " : "mcr []");
+    }
+
+    if (defined($prog)) {
+	# Make sure to quotify the program file on platforms that may
+	# have spaces or similar in their path name.
+	# To our knowledge, VMS is the exception where quotifying should
+	# never happen.
+	($prog) = quotify($prog) unless $^O eq "VMS";
+	return $prefix.$prog;
+    }
+
+    print STDERR "$prog not found\n";
+    return undef;
+}
+
+# __decorate_cmd NUM, CMDARRAYREF
+#
+# __decorate_cmd takes a command number NUM and a command token array
+# CMDARRAYREF, builds up a command string from them and decorates it
+# with necessary redirections.
+# __decorate_cmd returns a list of two strings, one with the command
+# string to actually be used, the other to be displayed for the user.
+# The reason these strings might differ is that we redirect stderr to
+# the null device unless we're verbose and unless the user has
+# explicitly specified a stderr redirection.
+sub __decorate_cmd {
+    BAIL_OUT("Must run setup() first") if (! $test_name);
+
+    my $num = shift;
+    my $cmd = shift;
+    my %opts = @_;
+
+    my $cmdstr = join(" ", @$cmd);
+    my $null = devnull();
+    my $fileornull = sub { $_[0] ? $_[0] : $null; };
+    my $stdin = "";
+    my $stdout = "";
+    my $stderr = "";
+    my $saved_stderr = undef;
+    $stdin = " < ".$fileornull->($opts{stdin})  if exists($opts{stdin});
+    $stdout= " > ".$fileornull->($opts{stdout}) if exists($opts{stdout});
+    $stderr=" 2> ".$fileornull->($opts{stderr}) if exists($opts{stderr});
+
+    my $display_cmd = "$cmdstr$stdin$stdout$stderr";
+
+    $stderr=" 2> ".$null
+        unless $stderr || !$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE};
+
+    $cmdstr .= "$stdin$stdout$stderr";
+
+    if ($debug) {
+	print STDERR "DEBUG[__decorate_cmd]: \$cmdstr = \"$cmdstr\"\n";
+	print STDERR "DEBUG[__decorate_cmd]: \$display_cmd = \"$display_cmd\"\n";
+    }
+
+    return ($cmdstr, $display_cmd);
+}
+
+=head1 SEE ALSO
+
+L<Test::More>, L<Test::Harness>
+
+=head1 AUTHORS
+
+Richard Levitte E<lt>levitte@openssl.orgE<gt> with assistance and
+inspiration from Andy Polyakov E<lt>appro@openssl.org<gt>.
+
+=cut
+
+no warnings 'redefine';
+sub subtest {
+    $level++;
+
+    Test::More::subtest @_;
+
+    $level--;
+};
+
+1;
diff --git a/trunk/3rdparty/openssl-1.1-fit/util/perl/OpenSSL/Test/Simple.pm b/trunk/3rdparty/openssl-1.1-fit/util/perl/OpenSSL/Test/Simple.pm
new file mode 100644
index 000000000..c5a84d5ca
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/util/perl/OpenSSL/Test/Simple.pm
@@ -0,0 +1,91 @@
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+package OpenSSL::Test::Simple;
+
+use strict;
+use warnings;
+
+use Exporter;
+use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS);
+$VERSION = "0.2";
+@ISA = qw(Exporter);
+@EXPORT = qw(simple_test);
+
+=head1 NAME
+
+OpenSSL::Test::Simple - a few very simple test functions
+
+=head1 SYNOPSIS
+
+  use OpenSSL::Test::Simple;
+
+  simple_test("my_test_name", "destest", "des");
+
+=head1 DESCRIPTION
+
+Sometimes, the functions in L<OpenSSL::Test> are quite tedious for some
+repetitive tasks.  This module provides functions to make life easier.
+You could call them hacks if you wish.
+
+=cut
+
+use OpenSSL::Test;
+use OpenSSL::Test::Utils;
+
+=over 4
+
+=item B<simple_test NAME, PROGRAM, ALGORITHM>
+
+Runs a test named NAME, running the program PROGRAM with no arguments,
+to test the algorithm ALGORITHM.
+
+A complete recipe looks like this:
+
+  use OpenSSL::Test::Simple;
+
+  simple_test("test_bf", "bftest", "bf");
+
+=back
+
+=cut
+
+# args:
+#  name			(used with setup())
+#  algorithm		(used to check if it's at all supported)
+#  name of binary	(the program that does the actual test)
+sub simple_test {
+    my ($name, $prgr, @algos) = @_;
+
+    setup($name);
+
+    if (scalar(disabled(@algos))) {
+	if (scalar(@algos) == 1) {
+	    plan skip_all => $algos[0]." is not supported by this OpenSSL build";
+	} else {
+	    my $last = pop @algos;
+	    plan skip_all => join(", ", @algos)." and $last are not supported by this OpenSSL build";
+	}
+    }
+
+    plan tests => 1;
+
+    ok(run(test([$prgr])), "running $prgr");
+}
+
+=head1 SEE ALSO
+
+L<OpenSSL::Test>
+
+=head1 AUTHORS
+
+Richard Levitte E<lt>levitte@openssl.orgE<gt> with inspiration
+from Rich Salz E<lt>rsalz@openssl.orgE<gt>.
+
+=cut
+
+1;
diff --git a/trunk/3rdparty/openssl-1.1-fit/util/perl/OpenSSL/Test/Utils.pm b/trunk/3rdparty/openssl-1.1-fit/util/perl/OpenSSL/Test/Utils.pm
new file mode 100644
index 000000000..7b0a70563
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/util/perl/OpenSSL/Test/Utils.pm
@@ -0,0 +1,240 @@
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+package OpenSSL::Test::Utils;
+
+use strict;
+use warnings;
+
+use Exporter;
+use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS);
+$VERSION = "0.1";
+@ISA = qw(Exporter);
+@EXPORT = qw(alldisabled anydisabled disabled config available_protocols
+             have_IPv4 have_IPv6);
+
+=head1 NAME
+
+OpenSSL::Test::Utils - test utility functions
+
+=head1 SYNOPSIS
+
+  use OpenSSL::Test::Utils;
+
+  my @tls = available_protocols("tls");
+  my @dtls = available_protocols("dtls");
+  alldisabled("dh", "dsa");
+  anydisabled("dh", "dsa");
+
+  config("fips");
+
+  have_IPv4();
+  have_IPv6();
+
+=head1 DESCRIPTION
+
+This module provides utility functions for the testing framework.
+
+=cut
+
+use OpenSSL::Test qw/:DEFAULT bldtop_file/;
+
+=over 4
+
+=item B<available_protocols STRING>
+
+Returns a list of strings for all the available SSL/TLS versions if
+STRING is "tls", or for all the available DTLS versions if STRING is
+"dtls".  Otherwise, it returns the empty list.  The strings in the
+returned list can be used with B<alldisabled> and B<anydisabled>.
+
+=item B<alldisabled ARRAY>
+=item B<anydisabled ARRAY>
+
+In an array context returns an array with each element set to 1 if the
+corresponding feature is disabled and 0 otherwise.
+
+In a scalar context, alldisabled returns 1 if all of the features in
+ARRAY are disabled, while anydisabled returns 1 if any of them are
+disabled.
+
+=item B<config STRING>
+
+Returns an item from the %config hash in \$TOP/configdata.pm.
+
+=item B<have_IPv4>
+=item B<have_IPv6>
+
+Return true if IPv4 / IPv6 is possible to use on the current system.
+
+=back
+
+=cut
+
+our %available_protocols;
+our %disabled;
+our %config;
+my $configdata_loaded = 0;
+
+sub load_configdata {
+    # We eval it so it doesn't run at compile time of this file.
+    # The latter would have bldtop_file() complain that setup() hasn't
+    # been run yet.
+    my $configdata = bldtop_file("configdata.pm");
+    eval { require $configdata;
+	   %available_protocols = %configdata::available_protocols;
+	   %disabled = %configdata::disabled;
+	   %config = %configdata::config;
+    };
+    $configdata_loaded = 1;
+}
+
+# args
+#  list of 1s and 0s, coming from check_disabled()
+sub anyof {
+    my $x = 0;
+    foreach (@_) { $x += $_ }
+    return $x > 0;
+}
+
+# args
+#  list of 1s and 0s, coming from check_disabled()
+sub allof {
+    my $x = 1;
+    foreach (@_) { $x *= $_ }
+    return $x > 0;
+}
+
+# args
+#  list of strings, all of them should be names of features
+#  that can be disabled.
+# returns a list of 1s (if the corresponding feature is disabled)
+#  and 0s (if it isn't)
+sub check_disabled {
+    return map { exists $disabled{lc $_} ? 1 : 0 } @_;
+}
+
+# Exported functions #################################################
+
+# args:
+#  list of features to check
+sub anydisabled {
+    load_configdata() unless $configdata_loaded;
+    my @ret = check_disabled(@_);
+    return @ret if wantarray;
+    return anyof(@ret);
+}
+
+# args:
+#  list of features to check
+sub alldisabled {
+    load_configdata() unless $configdata_loaded;
+    my @ret = check_disabled(@_);
+    return @ret if wantarray;
+    return allof(@ret);
+}
+
+# !!! Kept for backward compatibility
+# args:
+#  single string
+sub disabled {
+    anydisabled(@_);
+}
+
+sub available_protocols {
+    load_configdata() unless $configdata_loaded;
+    my $protocol_class = shift;
+    if (exists $available_protocols{lc $protocol_class}) {
+	return @{$available_protocols{lc $protocol_class}}
+    }
+    return ();
+}
+
+sub config {
+    load_configdata() unless $configdata_loaded;
+    return $config{$_[0]};
+}
+
+# IPv4 / IPv6 checker
+my $have_IPv4 = -1;
+my $have_IPv6 = -1;
+my $IP_factory;
+sub check_IP {
+    my $listenaddress = shift;
+
+    eval {
+        require IO::Socket::IP;
+        my $s = IO::Socket::IP->new(
+            LocalAddr => $listenaddress,
+            LocalPort => 0,
+            Listen=>1,
+            );
+        $s or die "\n";
+        $s->close();
+    };
+    if ($@ eq "") {
+        return 1;
+    }
+
+    eval {
+        require IO::Socket::INET6;
+        my $s = IO::Socket::INET6->new(
+            LocalAddr => $listenaddress,
+            LocalPort => 0,
+            Listen=>1,
+            );
+        $s or die "\n";
+        $s->close();
+    };
+    if ($@ eq "") {
+        return 1;
+    }
+
+    eval {
+        require IO::Socket::INET;
+        my $s = IO::Socket::INET->new(
+            LocalAddr => $listenaddress,
+            LocalPort => 0,
+            Listen=>1,
+            );
+        $s or die "\n";
+        $s->close();
+    };
+    if ($@ eq "") {
+        return 1;
+    }
+
+    return 0;
+}
+
+sub have_IPv4 {
+    if ($have_IPv4 < 0) {
+        $have_IPv4 = check_IP("127.0.0.1");
+    }
+    return $have_IPv4;
+}
+
+sub have_IPv6 {
+    if ($have_IPv6 < 0) {
+        $have_IPv6 = check_IP("::1");
+    }
+    return $have_IPv6;
+}
+
+
+=head1 SEE ALSO
+
+L<OpenSSL::Test>
+
+=head1 AUTHORS
+
+Stephen Henson E<lt>steve@openssl.orgE<gt> and
+Richard Levitte E<lt>levitte@openssl.orgE<gt>
+
+=cut
+
+1;
diff --git a/trunk/3rdparty/openssl-1.1-fit/util/perl/OpenSSL/Util/Pod.pm b/trunk/3rdparty/openssl-1.1-fit/util/perl/OpenSSL/Util/Pod.pm
new file mode 100644
index 000000000..9f76fbf1a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/util/perl/OpenSSL/Util/Pod.pm
@@ -0,0 +1,149 @@
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+package OpenSSL::Util::Pod;
+
+use strict;
+use warnings;
+
+use Exporter;
+use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS);
+$VERSION = "0.1";
+@ISA = qw(Exporter);
+@EXPORT = qw(extract_pod_info);
+@EXPORT_OK = qw();
+
+=head1 NAME
+
+OpenSSL::Util::Pod - utilities to manipulate .pod files
+
+=head1 SYNOPSIS
+
+  use OpenSSL::Util::Pod;
+
+  my %podinfo = extract_pod_info("foo.pod");
+
+  # or if the file is already opened...  Note that this consumes the
+  # remainder of the file.
+
+  my %podinfo = extract_pod_info(\*STDIN);
+
+=head1 DESCRIPTION
+
+=over
+
+=item B<extract_pod_info "FILENAME", HASHREF>
+
+=item B<extract_pod_info "FILENAME">
+
+=item B<extract_pod_info GLOB, HASHREF>
+
+=item B<extract_pod_info GLOB>
+
+Extracts information from a .pod file, given a STRING (file name) or a
+GLOB (a file handle).  The result is given back as a hash table.
+
+The additional hash is for extra parameters:
+
+=over
+
+=item B<section =E<gt> N>
+
+The value MUST be a number, and will be the man section number
+to be used with the given .pod file.
+
+=item B<debug =E<gt> 0|1>
+
+If set to 1, extra debug text will be printed on STDERR
+
+=back
+
+=back
+
+=head1 RETURN VALUES
+
+=over
+
+=item B<extract_pod_info> returns a hash table with the following
+items:
+
+=over
+
+=item B<section =E<gt> N>
+
+The man section number this .pod file belongs to.  Often the same as
+was given as input.
+
+=item B<names =E<gt> [ "name", ... ]>
+
+All the names extracted from the NAME section.
+
+=back
+
+=back
+
+=cut
+
+sub extract_pod_info {
+    my $input = shift;
+    my $defaults_ref = shift || {};
+    my %defaults = ( debug => 0, section => 0, %$defaults_ref );
+    my $fh = undef;
+    my $filename = undef;
+
+    # If not a file handle, then it's assume to be a file path (a string)
+    unless (ref $input eq "GLOB") {
+        $filename = $input;
+        open $fh, $input or die "Trying to read $filename: $!\n";
+        print STDERR "DEBUG: Reading $input\n" if $defaults{debug};
+        $input = $fh;
+    }
+
+    my %podinfo = ( section => $defaults{section});
+    while(<$input>) {
+        s|\R$||;
+        # Stop reading when we have reached past the NAME section.
+        last if (m|^=head1|
+                 && defined $podinfo{lastsect}
+                 && $podinfo{lastsect} eq "NAME");
+
+        # Collect the section name
+        if (m|^=head1\s*(.*)|) {
+            $podinfo{lastsect} = $1;
+            $podinfo{lastsect} =~ s/\s+$//;
+            print STDERR "DEBUG: Found new pod section $1\n"
+                if $defaults{debug};
+            print STDERR "DEBUG: Clearing pod section text\n"
+                if $defaults{debug};
+            $podinfo{lastsecttext} = "";
+        }
+
+        next if (m|^=| || m|^\s*$|);
+
+        # Collect the section text
+        print STDERR "DEBUG: accumulating pod section text \"$_\"\n"
+            if $defaults{debug};
+        $podinfo{lastsecttext} .= " " if $podinfo{lastsecttext};
+        $podinfo{lastsecttext} .= $_;
+    }
+
+
+    if (defined $fh) {
+        close $fh;
+        print STDERR "DEBUG: Done reading $filename\n" if $defaults{debug};
+    }
+
+    $podinfo{lastsecttext} =~ s| - .*$||;
+
+    my @names =
+        map { s|\s+||g; $_ }
+        split(m|,|, $podinfo{lastsecttext});
+
+    return ( section => $podinfo{section}, names => [ @names ] );
+}
+
+1;
diff --git a/trunk/3rdparty/openssl-1.1-fit/util/perl/TLSProxy/Alert.pm b/trunk/3rdparty/openssl-1.1-fit/util/perl/TLSProxy/Alert.pm
new file mode 100644
index 000000000..e27497dbd
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/util/perl/TLSProxy/Alert.pm
@@ -0,0 +1,51 @@
+# Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+
+package TLSProxy::Alert;
+
+sub new
+{
+    my $class = shift;
+    my ($server,
+        $encrypted,
+        $level,
+        $description) = @_;
+
+    my $self = {
+        server => $server,
+        encrypted => $encrypted,
+        level => $level,
+        description => $description
+    };
+
+    return bless $self, $class;
+}
+
+#Read only accessors
+sub server
+{
+    my $self = shift;
+    return $self->{server};
+}
+sub encrypted
+{
+    my $self = shift;
+    return $self->{encrypted};
+}
+sub level
+{
+    my $self = shift;
+    return $self->{level};
+}
+sub description
+{
+    my $self = shift;
+    return $self->{description};
+}
+1;
diff --git a/trunk/3rdparty/openssl-1.1-fit/util/perl/TLSProxy/Certificate.pm b/trunk/3rdparty/openssl-1.1-fit/util/perl/TLSProxy/Certificate.pm
new file mode 100644
index 000000000..73737137b
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/util/perl/TLSProxy/Certificate.pm
@@ -0,0 +1,214 @@
+# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+
+package TLSProxy::Certificate;
+
+use vars '@ISA';
+push @ISA, 'TLSProxy::Message';
+
+sub new
+{
+    my $class = shift;
+    my ($server,
+        $data,
+        $records,
+        $startoffset,
+        $message_frag_lens) = @_;
+
+    my $self = $class->SUPER::new(
+        $server,
+        TLSProxy::Message::MT_CERTIFICATE,
+        $data,
+        $records,
+        $startoffset,
+        $message_frag_lens);
+
+    $self->{first_certificate} = "";
+    $self->{extension_data} = "";
+    $self->{remaining_certdata} = "";
+
+    return $self;
+}
+
+sub parse
+{
+    my $self = shift;
+
+    if (TLSProxy::Proxy->is_tls13()) {
+        my $context_len = unpack('C', $self->data);
+        my $context = substr($self->data, 1, $context_len);
+
+        my $remdata = substr($self->data, 1 + $context_len);
+
+        my ($hicertlistlen, $certlistlen) = unpack('Cn', $remdata);
+        $certlistlen += ($hicertlistlen << 16);
+
+        $remdata = substr($remdata, 3);
+
+        die "Invalid Certificate List length"
+            if length($remdata) != $certlistlen;
+
+        my ($hicertlen, $certlen) = unpack('Cn', $remdata);
+        $certlen += ($hicertlen << 16);
+
+        die "Certificate too long" if ($certlen + 3) > $certlistlen;
+
+        $remdata = substr($remdata, 3);
+
+        my $certdata = substr($remdata, 0, $certlen);
+
+        $remdata = substr($remdata, $certlen);
+
+        my $extensions_len = unpack('n', $remdata);
+        $remdata = substr($remdata, 2);
+
+        die "Extensions too long"
+            if ($certlen + 3 + $extensions_len + 2) > $certlistlen;
+
+        my $extension_data = "";
+        if ($extensions_len != 0) {
+            $extension_data = substr($remdata, 0, $extensions_len);
+
+            if (length($extension_data) != $extensions_len) {
+                die "Invalid extension length\n";
+            }
+        }
+        my %extensions = ();
+        while (length($extension_data) >= 4) {
+            my ($type, $size) = unpack("nn", $extension_data);
+            my $extdata = substr($extension_data, 4, $size);
+            $extension_data = substr($extension_data, 4 + $size);
+            $extensions{$type} = $extdata;
+        }
+        $remdata = substr($remdata, $extensions_len);
+
+        $self->context($context);
+        $self->first_certificate($certdata);
+        $self->extension_data(\%extensions);
+        $self->remaining_certdata($remdata);
+
+        print "    Context:".$context."\n";
+        print "    Certificate List Len:".$certlistlen."\n";
+        print "    Certificate Len:".$certlen."\n";
+        print "    Extensions Len:".$extensions_len."\n";
+    } else {
+        my ($hicertlistlen, $certlistlen) = unpack('Cn', $self->data);
+        $certlistlen += ($hicertlistlen << 16);
+
+        my $remdata = substr($self->data, 3);
+
+        die "Invalid Certificate List length"
+            if length($remdata) != $certlistlen;
+
+        my ($hicertlen, $certlen) = unpack('Cn', $remdata);
+        $certlen += ($hicertlen << 16);
+
+        die "Certificate too long" if ($certlen + 3) > $certlistlen;
+
+        $remdata = substr($remdata, 3);
+
+        my $certdata = substr($remdata, 0, $certlen);
+
+        $remdata = substr($remdata, $certlen);
+
+        $self->first_certificate($certdata);
+        $self->remaining_certdata($remdata);
+
+        print "    Certificate List Len:".$certlistlen."\n";
+        print "    Certificate Len:".$certlen."\n";
+    }
+}
+
+#Reconstruct the on-the-wire message data following changes
+sub set_message_contents
+{
+    my $self = shift;
+    my $data;
+    my $extensions = "";
+
+    if (TLSProxy::Proxy->is_tls13()) {
+        foreach my $key (keys %{$self->extension_data}) {
+            my $extdata = ${$self->extension_data}{$key};
+            $extensions .= pack("n", $key);
+            $extensions .= pack("n", length($extdata));
+            $extensions .= $extdata;
+        }
+        $data = pack('C', length($self->context()));
+        $data .= $self->context;
+        my $certlen = length($self->first_certificate);
+        my $certlistlen = $certlen + length($extensions)
+                          + length($self->remaining_certdata);
+        my $hi = $certlistlen >> 16;
+        $certlistlen = $certlistlen & 0xffff;
+        $data .= pack('Cn', $hi, $certlistlen);
+        $hi = $certlen >> 16;
+        $certlen = $certlen & 0xffff;
+        $data .= pack('Cn', $hi, $certlen);
+        $data .= pack('n', length($extensions));
+        $data .= $extensions;
+        $data .= $self->remaining_certdata();
+        $self->data($data);
+    } else {
+        my $certlen = length($self->first_certificate);
+        my $certlistlen = $certlen + length($self->remaining_certdata);
+        my $hi = $certlistlen >> 16;
+        $certlistlen = $certlistlen & 0xffff;
+        $data .= pack('Cn', $hi, $certlistlen);
+        $hi = $certlen >> 16;
+        $certlen = $certlen & 0xffff;
+        $data .= pack('Cn', $hi, $certlen);
+        $data .= $self->remaining_certdata();
+        $self->data($data);
+    }
+}
+
+#Read/write accessors
+sub context
+{
+    my $self = shift;
+    if (@_) {
+      $self->{context} = shift;
+    }
+    return $self->{context};
+}
+sub first_certificate
+{
+    my $self = shift;
+    if (@_) {
+      $self->{first_certificate} = shift;
+    }
+    return $self->{first_certificate};
+}
+sub remaining_certdata
+{
+    my $self = shift;
+    if (@_) {
+      $self->{remaining_certdata} = shift;
+    }
+    return $self->{remaining_certdata};
+}
+sub extension_data
+{
+    my $self = shift;
+    if (@_) {
+      $self->{extension_data} = shift;
+    }
+    return $self->{extension_data};
+}
+sub set_extension
+{
+    my ($self, $ext_type, $ext_data) = @_;
+    $self->{extension_data}{$ext_type} = $ext_data;
+}
+sub delete_extension
+{
+    my ($self, $ext_type) = @_;
+    delete $self->{extension_data}{$ext_type};
+}
+1;
diff --git a/trunk/3rdparty/openssl-1.1-fit/util/perl/TLSProxy/CertificateVerify.pm b/trunk/3rdparty/openssl-1.1-fit/util/perl/TLSProxy/CertificateVerify.pm
new file mode 100644
index 000000000..8bf969fba
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/util/perl/TLSProxy/CertificateVerify.pm
@@ -0,0 +1,96 @@
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+
+package TLSProxy::CertificateVerify;
+
+use vars '@ISA';
+push @ISA, 'TLSProxy::Message';
+
+sub new
+{
+    my $class = shift;
+    my ($server,
+        $data,
+        $records,
+        $startoffset,
+        $message_frag_lens) = @_;
+
+    my $self = $class->SUPER::new(
+        $server,
+        TLSProxy::Message::MT_CERTIFICATE_VERIFY,
+        $data,
+        $records,
+        $startoffset,
+        $message_frag_lens);
+
+    $self->{sigalg} = -1;
+    $self->{signature} = "";
+
+    return $self;
+}
+
+sub parse
+{
+    my $self = shift;
+
+    my $sigalg = -1;
+    my $remdata = $self->data;
+    my $record = ${$self->records}[0];
+
+    if (TLSProxy::Proxy->is_tls13()
+            || $record->version() == TLSProxy::Record::VERS_TLS_1_2) {
+        $sigalg = unpack('n', $remdata);
+        $remdata = substr($remdata, 2);
+    }
+
+    my $siglen = unpack('n', substr($remdata, 0, 2));
+    my $sig = substr($remdata, 2);
+
+    die "Invalid CertificateVerify signature length" if length($sig) != $siglen;
+
+    print "    SigAlg:".$sigalg."\n";
+    print "    Signature Len:".$siglen."\n";
+
+    $self->sigalg($sigalg);
+    $self->signature($sig);
+}
+
+#Reconstruct the on-the-wire message data following changes
+sub set_message_contents
+{
+    my $self = shift;
+    my $data = "";
+    my $sig = $self->signature();
+    my $olddata = $self->data();
+
+    $data .= pack("n", $self->sigalg()) if ($self->sigalg() != -1);
+    $data .= pack("n", length($sig));
+    $data .= $sig;
+
+    $self->data($data);
+}
+
+#Read/write accessors
+sub sigalg
+{
+    my $self = shift;
+    if (@_) {
+      $self->{sigalg} = shift;
+    }
+    return $self->{sigalg};
+}
+sub signature
+{
+    my $self = shift;
+    if (@_) {
+      $self->{signature} = shift;
+    }
+    return $self->{signature};
+}
+1;
diff --git a/trunk/3rdparty/openssl-1.1-fit/util/perl/TLSProxy/ClientHello.pm b/trunk/3rdparty/openssl-1.1-fit/util/perl/TLSProxy/ClientHello.pm
new file mode 100644
index 000000000..76dce740a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/util/perl/TLSProxy/ClientHello.pm
@@ -0,0 +1,258 @@
+# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+
+package TLSProxy::ClientHello;
+
+use vars '@ISA';
+push @ISA, 'TLSProxy::Message';
+
+sub new
+{
+    my $class = shift;
+    my ($server,
+        $data,
+        $records,
+        $startoffset,
+        $message_frag_lens) = @_;
+
+    my $self = $class->SUPER::new(
+        $server,
+        1,
+        $data,
+        $records,
+        $startoffset,
+        $message_frag_lens);
+
+    $self->{client_version} = 0;
+    $self->{random} = [];
+    $self->{session_id_len} = 0;
+    $self->{session} = "";
+    $self->{ciphersuite_len} = 0;
+    $self->{ciphersuites} = [];
+    $self->{comp_meth_len} = 0;
+    $self->{comp_meths} = [];
+    $self->{extensions_len} = 0;
+    $self->{extension_data} = "";
+
+    return $self;
+}
+
+sub parse
+{
+    my $self = shift;
+    my $ptr = 2;
+    my ($client_version) = unpack('n', $self->data);
+    my $random = substr($self->data, $ptr, 32);
+    $ptr += 32;
+    my $session_id_len = unpack('C', substr($self->data, $ptr));
+    $ptr++;
+    my $session = substr($self->data, $ptr, $session_id_len);
+    $ptr += $session_id_len;
+    my $ciphersuite_len = unpack('n', substr($self->data, $ptr));
+    $ptr += 2;
+    my @ciphersuites = unpack('n*', substr($self->data, $ptr,
+                                           $ciphersuite_len));
+    $ptr += $ciphersuite_len;
+    my $comp_meth_len = unpack('C', substr($self->data, $ptr));
+    $ptr++;
+    my @comp_meths = unpack('C*', substr($self->data, $ptr, $comp_meth_len));
+    $ptr += $comp_meth_len;
+    my $extensions_len = unpack('n', substr($self->data, $ptr));
+    $ptr += 2;
+    #For now we just deal with this as a block of data. In the future we will
+    #want to parse this
+    my $extension_data = substr($self->data, $ptr);
+
+    if (length($extension_data) != $extensions_len) {
+        die "Invalid extension length\n";
+    }
+    my %extensions = ();
+    while (length($extension_data) >= 4) {
+        my ($type, $size) = unpack("nn", $extension_data);
+        my $extdata = substr($extension_data, 4, $size);
+        $extension_data = substr($extension_data, 4 + $size);
+        $extensions{$type} = $extdata;
+    }
+
+    $self->client_version($client_version);
+    $self->random($random);
+    $self->session_id_len($session_id_len);
+    $self->session($session);
+    $self->ciphersuite_len($ciphersuite_len);
+    $self->ciphersuites(\@ciphersuites);
+    $self->comp_meth_len($comp_meth_len);
+    $self->comp_meths(\@comp_meths);
+    $self->extensions_len($extensions_len);
+    $self->extension_data(\%extensions);
+
+    $self->process_extensions();
+
+    print "    Client Version:".$client_version."\n";
+    print "    Session ID Len:".$session_id_len."\n";
+    print "    Ciphersuite len:".$ciphersuite_len."\n";
+    print "    Compression Method Len:".$comp_meth_len."\n";
+    print "    Extensions Len:".$extensions_len."\n";
+}
+
+#Perform any actions necessary based on the extensions we've seen
+sub process_extensions
+{
+    my $self = shift;
+    my %extensions = %{$self->extension_data};
+
+    #Clear any state from a previous run
+    TLSProxy::Record->etm(0);
+
+    if (exists $extensions{TLSProxy::Message::EXT_ENCRYPT_THEN_MAC}) {
+        TLSProxy::Record->etm(1);
+    }
+}
+
+sub extension_contents
+{
+    my $self = shift;
+    my $key = shift;
+    my $extension = "";
+
+    my $extdata = ${$self->extension_data}{$key};
+    $extension .= pack("n", $key);
+    $extension .= pack("n", length($extdata));
+    $extension .= $extdata;
+    return $extension;
+}
+
+#Reconstruct the on-the-wire message data following changes
+sub set_message_contents
+{
+    my $self = shift;
+    my $data;
+    my $extensions = "";
+
+    $data = pack('n', $self->client_version);
+    $data .= $self->random;
+    $data .= pack('C', $self->session_id_len);
+    $data .= $self->session;
+    $data .= pack('n', $self->ciphersuite_len);
+    $data .= pack("n*", @{$self->ciphersuites});
+    $data .= pack('C', $self->comp_meth_len);
+    $data .= pack("C*", @{$self->comp_meths});
+
+    foreach my $key (keys %{$self->extension_data}) {
+        next if ($key == TLSProxy::Message::EXT_PSK);
+        $extensions .= $self->extension_contents($key);
+        #Add extension twice if we are duplicating that extension
+        $extensions .= $self->extension_contents($key) if ($key == $self->dupext);
+    }
+    #PSK extension always goes last...
+    if (defined ${$self->extension_data}{TLSProxy::Message::EXT_PSK}) {
+        $extensions .= $self->extension_contents(TLSProxy::Message::EXT_PSK);
+    }
+    #unless we have EXT_FORCE_LAST
+    if (defined ${$self->extension_data}{TLSProxy::Message::EXT_FORCE_LAST}) {
+        $extensions .= $self->extension_contents(TLSProxy::Message::EXT_FORCE_LAST);
+    }
+
+    $data .= pack('n', length($extensions));
+    $data .= $extensions;
+
+    $self->data($data);
+}
+
+#Read/write accessors
+sub client_version
+{
+    my $self = shift;
+    if (@_) {
+      $self->{client_version} = shift;
+    }
+    return $self->{client_version};
+}
+sub random
+{
+    my $self = shift;
+    if (@_) {
+      $self->{random} = shift;
+    }
+    return $self->{random};
+}
+sub session_id_len
+{
+    my $self = shift;
+    if (@_) {
+      $self->{session_id_len} = shift;
+    }
+    return $self->{session_id_len};
+}
+sub session
+{
+    my $self = shift;
+    if (@_) {
+      $self->{session} = shift;
+    }
+    return $self->{session};
+}
+sub ciphersuite_len
+{
+    my $self = shift;
+    if (@_) {
+      $self->{ciphersuite_len} = shift;
+    }
+    return $self->{ciphersuite_len};
+}
+sub ciphersuites
+{
+    my $self = shift;
+    if (@_) {
+      $self->{ciphersuites} = shift;
+    }
+    return $self->{ciphersuites};
+}
+sub comp_meth_len
+{
+    my $self = shift;
+    if (@_) {
+      $self->{comp_meth_len} = shift;
+    }
+    return $self->{comp_meth_len};
+}
+sub comp_meths
+{
+    my $self = shift;
+    if (@_) {
+      $self->{comp_meths} = shift;
+    }
+    return $self->{comp_meths};
+}
+sub extensions_len
+{
+    my $self = shift;
+    if (@_) {
+      $self->{extensions_len} = shift;
+    }
+    return $self->{extensions_len};
+}
+sub extension_data
+{
+    my $self = shift;
+    if (@_) {
+      $self->{extension_data} = shift;
+    }
+    return $self->{extension_data};
+}
+sub set_extension
+{
+    my ($self, $ext_type, $ext_data) = @_;
+    $self->{extension_data}{$ext_type} = $ext_data;
+}
+sub delete_extension
+{
+    my ($self, $ext_type) = @_;
+    delete $self->{extension_data}{$ext_type};
+}
+1;
diff --git a/trunk/3rdparty/openssl-1.1-fit/util/perl/TLSProxy/EncryptedExtensions.pm b/trunk/3rdparty/openssl-1.1-fit/util/perl/TLSProxy/EncryptedExtensions.pm
new file mode 100644
index 000000000..262b720cf
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/util/perl/TLSProxy/EncryptedExtensions.pm
@@ -0,0 +1,110 @@
+# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+
+package TLSProxy::EncryptedExtensions;
+
+use vars '@ISA';
+push @ISA, 'TLSProxy::Message';
+
+sub new
+{
+    my $class = shift;
+    my ($server,
+        $data,
+        $records,
+        $startoffset,
+        $message_frag_lens) = @_;
+
+    my $self = $class->SUPER::new(
+        $server,
+        TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS,
+        $data,
+        $records,
+        $startoffset,
+        $message_frag_lens);
+
+    $self->{extension_data} = "";
+
+    return $self;
+}
+
+sub parse
+{
+    my $self = shift;
+
+    my $extensions_len = unpack('n', $self->data);
+    if (!defined $extensions_len) {
+        $extensions_len = 0;
+    }
+
+    my $extension_data;
+    if ($extensions_len != 0) {
+        $extension_data = substr($self->data, 2);
+
+        if (length($extension_data) != $extensions_len) {
+            die "Invalid extension length\n";
+        }
+    } else {
+        if (length($self->data) != 2) {
+            die "Invalid extension length\n";
+        }
+        $extension_data = "";
+    }
+    my %extensions = ();
+    while (length($extension_data) >= 4) {
+        my ($type, $size) = unpack("nn", $extension_data);
+        my $extdata = substr($extension_data, 4, $size);
+        $extension_data = substr($extension_data, 4 + $size);
+        $extensions{$type} = $extdata;
+    }
+
+    $self->extension_data(\%extensions);
+
+    print "    Extensions Len:".$extensions_len."\n";
+}
+
+#Reconstruct the on-the-wire message data following changes
+sub set_message_contents
+{
+    my $self = shift;
+    my $data;
+    my $extensions = "";
+
+    foreach my $key (keys %{$self->extension_data}) {
+        my $extdata = ${$self->extension_data}{$key};
+        $extensions .= pack("n", $key);
+        $extensions .= pack("n", length($extdata));
+        $extensions .= $extdata;
+    }
+
+    $data = pack('n', length($extensions));
+    $data .= $extensions;
+    $self->data($data);
+}
+
+#Read/write accessors
+sub extension_data
+{
+    my $self = shift;
+    if (@_) {
+        $self->{extension_data} = shift;
+    }
+    return $self->{extension_data};
+}
+sub set_extension
+{
+    my ($self, $ext_type, $ext_data) = @_;
+    $self->{extension_data}{$ext_type} = $ext_data;
+}
+sub delete_extension
+{
+    my ($self, $ext_type) = @_;
+    delete $self->{extension_data}{$ext_type};
+}
+1;
diff --git a/trunk/3rdparty/openssl-1.1-fit/util/perl/TLSProxy/Message.pm b/trunk/3rdparty/openssl-1.1-fit/util/perl/TLSProxy/Message.pm
new file mode 100644
index 000000000..5682ae3e1
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/util/perl/TLSProxy/Message.pm
@@ -0,0 +1,592 @@
+# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+
+package TLSProxy::Message;
+
+use TLSProxy::Alert;
+
+use constant TLS_MESSAGE_HEADER_LENGTH => 4;
+
+#Message types
+use constant {
+    MT_HELLO_REQUEST => 0,
+    MT_CLIENT_HELLO => 1,
+    MT_SERVER_HELLO => 2,
+    MT_NEW_SESSION_TICKET => 4,
+    MT_ENCRYPTED_EXTENSIONS => 8,
+    MT_CERTIFICATE => 11,
+    MT_SERVER_KEY_EXCHANGE => 12,
+    MT_CERTIFICATE_REQUEST => 13,
+    MT_SERVER_HELLO_DONE => 14,
+    MT_CERTIFICATE_VERIFY => 15,
+    MT_CLIENT_KEY_EXCHANGE => 16,
+    MT_FINISHED => 20,
+    MT_CERTIFICATE_STATUS => 22,
+    MT_NEXT_PROTO => 67
+};
+
+#Alert levels
+use constant {
+    AL_LEVEL_WARN => 1,
+    AL_LEVEL_FATAL => 2
+};
+
+#Alert descriptions
+use constant {
+    AL_DESC_CLOSE_NOTIFY => 0,
+    AL_DESC_UNEXPECTED_MESSAGE => 10,
+    AL_DESC_ILLEGAL_PARAMETER => 47,
+    AL_DESC_NO_RENEGOTIATION => 100
+};
+
+my %message_type = (
+    MT_HELLO_REQUEST, "HelloRequest",
+    MT_CLIENT_HELLO, "ClientHello",
+    MT_SERVER_HELLO, "ServerHello",
+    MT_NEW_SESSION_TICKET, "NewSessionTicket",
+    MT_ENCRYPTED_EXTENSIONS, "EncryptedExtensions",
+    MT_CERTIFICATE, "Certificate",
+    MT_SERVER_KEY_EXCHANGE, "ServerKeyExchange",
+    MT_CERTIFICATE_REQUEST, "CertificateRequest",
+    MT_SERVER_HELLO_DONE, "ServerHelloDone",
+    MT_CERTIFICATE_VERIFY, "CertificateVerify",
+    MT_CLIENT_KEY_EXCHANGE, "ClientKeyExchange",
+    MT_FINISHED, "Finished",
+    MT_CERTIFICATE_STATUS, "CertificateStatus",
+    MT_NEXT_PROTO, "NextProto"
+);
+
+use constant {
+    EXT_SERVER_NAME => 0,
+    EXT_MAX_FRAGMENT_LENGTH => 1,
+    EXT_STATUS_REQUEST => 5,
+    EXT_SUPPORTED_GROUPS => 10,
+    EXT_EC_POINT_FORMATS => 11,
+    EXT_SRP => 12,
+    EXT_SIG_ALGS => 13,
+    EXT_USE_SRTP => 14,
+    EXT_ALPN => 16,
+    EXT_SCT => 18,
+    EXT_PADDING => 21,
+    EXT_ENCRYPT_THEN_MAC => 22,
+    EXT_EXTENDED_MASTER_SECRET => 23,
+    EXT_SESSION_TICKET => 35,
+    EXT_KEY_SHARE => 51,
+    EXT_PSK => 41,
+    EXT_SUPPORTED_VERSIONS => 43,
+    EXT_COOKIE => 44,
+    EXT_PSK_KEX_MODES => 45,
+    EXT_POST_HANDSHAKE_AUTH => 49,
+    EXT_SIG_ALGS_CERT => 50,
+    EXT_RENEGOTIATE => 65281,
+    EXT_NPN => 13172,
+    EXT_CRYPTOPRO_BUG_EXTENSION => 0xfde8,
+    EXT_UNKNOWN => 0xfffe,
+    #Unknown extension that should appear last
+    EXT_FORCE_LAST => 0xffff
+};
+
+# SignatureScheme of TLS 1.3 from:
+# https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-signaturescheme
+# We have to manually grab the SHA224 equivalents from the old registry
+use constant {
+    SIG_ALG_RSA_PKCS1_SHA256 => 0x0401,
+    SIG_ALG_RSA_PKCS1_SHA384 => 0x0501,
+    SIG_ALG_RSA_PKCS1_SHA512 => 0x0601,
+    SIG_ALG_ECDSA_SECP256R1_SHA256 => 0x0403,
+    SIG_ALG_ECDSA_SECP384R1_SHA384 => 0x0503,
+    SIG_ALG_ECDSA_SECP521R1_SHA512 => 0x0603,
+    SIG_ALG_RSA_PSS_RSAE_SHA256 => 0x0804,
+    SIG_ALG_RSA_PSS_RSAE_SHA384 => 0x0805,
+    SIG_ALG_RSA_PSS_RSAE_SHA512 => 0x0806,
+    SIG_ALG_ED25519 => 0x0807,
+    SIG_ALG_ED448 => 0x0808,
+    SIG_ALG_RSA_PSS_PSS_SHA256 => 0x0809,
+    SIG_ALG_RSA_PSS_PSS_SHA384 => 0x080a,
+    SIG_ALG_RSA_PSS_PSS_SHA512 => 0x080b,
+    SIG_ALG_RSA_PKCS1_SHA1 => 0x0201,
+    SIG_ALG_ECDSA_SHA1 => 0x0203,
+    SIG_ALG_DSA_SHA1 => 0x0202,
+    SIG_ALG_DSA_SHA256 => 0x0402,
+    SIG_ALG_DSA_SHA384 => 0x0502,
+    SIG_ALG_DSA_SHA512 => 0x0602,
+    OSSL_SIG_ALG_RSA_PKCS1_SHA224 => 0x0301,
+    OSSL_SIG_ALG_DSA_SHA224 => 0x0302,
+    OSSL_SIG_ALG_ECDSA_SHA224 => 0x0303
+};
+
+use constant {
+    CIPHER_RSA_WITH_AES_128_CBC_SHA => 0x002f,
+    CIPHER_DHE_RSA_AES_128_SHA => 0x0033,
+    CIPHER_ADH_AES_128_SHA => 0x0034,
+    CIPHER_TLS13_AES_128_GCM_SHA256 => 0x1301,
+    CIPHER_TLS13_AES_256_GCM_SHA384 => 0x1302
+};
+
+my $payload = "";
+my $messlen = -1;
+my $mt;
+my $startoffset = -1;
+my $server = 0;
+my $success = 0;
+my $end = 0;
+my @message_rec_list = ();
+my @message_frag_lens = ();
+my $ciphersuite = 0;
+my $successondata = 0;
+my $alert;
+
+sub clear
+{
+    $payload = "";
+    $messlen = -1;
+    $startoffset = -1;
+    $server = 0;
+    $success = 0;
+    $end = 0;
+    $successondata = 0;
+    @message_rec_list = ();
+    @message_frag_lens = ();
+    $alert = undef;
+}
+
+#Class method to extract messages from a record
+sub get_messages
+{
+    my $class = shift;
+    my $serverin = shift;
+    my $record = shift;
+    my @messages = ();
+    my $message;
+
+    @message_frag_lens = ();
+
+    if ($serverin != $server && length($payload) != 0) {
+        die "Changed peer, but we still have fragment data\n";
+    }
+    $server = $serverin;
+
+    if ($record->content_type == TLSProxy::Record::RT_CCS) {
+        if ($payload ne "") {
+            #We can't handle this yet
+            die "CCS received before message data complete\n";
+        }
+        if (!TLSProxy::Proxy->is_tls13()) {
+            if ($server) {
+                TLSProxy::Record->server_encrypting(1);
+            } else {
+                TLSProxy::Record->client_encrypting(1);
+            }
+        }
+    } elsif ($record->content_type == TLSProxy::Record::RT_HANDSHAKE) {
+        if ($record->len == 0 || $record->len_real == 0) {
+            print "  Message truncated\n";
+        } else {
+            my $recoffset = 0;
+
+            if (length $payload > 0) {
+                #We are continuing processing a message started in a previous
+                #record. Add this record to the list associated with this
+                #message
+                push @message_rec_list, $record;
+
+                if ($messlen <= length($payload)) {
+                    #Shouldn't happen
+                    die "Internal error: invalid messlen: ".$messlen
+                        ." payload length:".length($payload)."\n";
+                }
+                if (length($payload) + $record->decrypt_len >= $messlen) {
+                    #We can complete the message with this record
+                    $recoffset = $messlen - length($payload);
+                    $payload .= substr($record->decrypt_data, 0, $recoffset);
+                    push @message_frag_lens, $recoffset;
+                    $message = create_message($server, $mt, $payload,
+                                              $startoffset);
+                    push @messages, $message;
+
+                    $payload = "";
+                } else {
+                    #This is just part of the total message
+                    $payload .= $record->decrypt_data;
+                    $recoffset = $record->decrypt_len;
+                    push @message_frag_lens, $record->decrypt_len;
+                }
+                print "  Partial message data read: ".$recoffset." bytes\n";
+            }
+
+            while ($record->decrypt_len > $recoffset) {
+                #We are at the start of a new message
+                if ($record->decrypt_len - $recoffset < 4) {
+                    #Whilst technically probably valid we can't cope with this
+                    die "End of record in the middle of a message header\n";
+                }
+                @message_rec_list = ($record);
+                my $lenhi;
+                my $lenlo;
+                ($mt, $lenhi, $lenlo) = unpack('CnC',
+                                               substr($record->decrypt_data,
+                                                      $recoffset));
+                $messlen = ($lenhi << 8) | $lenlo;
+                print "  Message type: $message_type{$mt}\n";
+                print "  Message Length: $messlen\n";
+                $startoffset = $recoffset;
+                $recoffset += 4;
+                $payload = "";
+
+                if ($recoffset <= $record->decrypt_len) {
+                    #Some payload data is present in this record
+                    if ($record->decrypt_len - $recoffset >= $messlen) {
+                        #We can complete the message with this record
+                        $payload .= substr($record->decrypt_data, $recoffset,
+                                           $messlen);
+                        $recoffset += $messlen;
+                        push @message_frag_lens, $messlen;
+                        $message = create_message($server, $mt, $payload,
+                                                  $startoffset);
+                        push @messages, $message;
+
+                        $payload = "";
+                    } else {
+                        #This is just part of the total message
+                        $payload .= substr($record->decrypt_data, $recoffset,
+                                           $record->decrypt_len - $recoffset);
+                        $recoffset = $record->decrypt_len;
+                        push @message_frag_lens, $recoffset;
+                    }
+                }
+            }
+        }
+    } elsif ($record->content_type == TLSProxy::Record::RT_APPLICATION_DATA) {
+        print "  [ENCRYPTED APPLICATION DATA]\n";
+        print "  [".$record->decrypt_data."]\n";
+
+        if ($successondata) {
+            $success = 1;
+            $end = 1;
+        }
+    } elsif ($record->content_type == TLSProxy::Record::RT_ALERT) {
+        my ($alertlev, $alertdesc) = unpack('CC', $record->decrypt_data);
+        print "  [$alertlev, $alertdesc]\n";
+        #A CloseNotify from the client indicates we have finished successfully
+        #(we assume)
+        if (!$end && !$server && $alertlev == AL_LEVEL_WARN
+            && $alertdesc == AL_DESC_CLOSE_NOTIFY) {
+            $success = 1;
+        }
+        #Fatal or close notify alerts end the test
+        if ($alertlev == AL_LEVEL_FATAL || $alertdesc == AL_DESC_CLOSE_NOTIFY) {
+            $end = 1;
+        }
+        $alert = TLSProxy::Alert->new(
+            $server,
+            $record->encrypted,
+            $alertlev,
+            $alertdesc);
+    }
+
+    return @messages;
+}
+
+#Function to work out which sub-class we need to create and then
+#construct it
+sub create_message
+{
+    my ($server, $mt, $data, $startoffset) = @_;
+    my $message;
+
+    #We only support ClientHello in this version...needs to be extended for
+    #others
+    if ($mt == MT_CLIENT_HELLO) {
+        $message = TLSProxy::ClientHello->new(
+            $server,
+            $data,
+            [@message_rec_list],
+            $startoffset,
+            [@message_frag_lens]
+        );
+        $message->parse();
+    } elsif ($mt == MT_SERVER_HELLO) {
+        $message = TLSProxy::ServerHello->new(
+            $server,
+            $data,
+            [@message_rec_list],
+            $startoffset,
+            [@message_frag_lens]
+        );
+        $message->parse();
+    } elsif ($mt == MT_ENCRYPTED_EXTENSIONS) {
+        $message = TLSProxy::EncryptedExtensions->new(
+            $server,
+            $data,
+            [@message_rec_list],
+            $startoffset,
+            [@message_frag_lens]
+        );
+        $message->parse();
+    } elsif ($mt == MT_CERTIFICATE) {
+        $message = TLSProxy::Certificate->new(
+            $server,
+            $data,
+            [@message_rec_list],
+            $startoffset,
+            [@message_frag_lens]
+        );
+        $message->parse();
+    } elsif ($mt == MT_CERTIFICATE_VERIFY) {
+        $message = TLSProxy::CertificateVerify->new(
+            $server,
+            $data,
+            [@message_rec_list],
+            $startoffset,
+            [@message_frag_lens]
+        );
+        $message->parse();
+    } elsif ($mt == MT_SERVER_KEY_EXCHANGE) {
+        $message = TLSProxy::ServerKeyExchange->new(
+            $server,
+            $data,
+            [@message_rec_list],
+            $startoffset,
+            [@message_frag_lens]
+        );
+        $message->parse();
+    } elsif ($mt == MT_NEW_SESSION_TICKET) {
+        $message = TLSProxy::NewSessionTicket->new(
+            $server,
+            $data,
+            [@message_rec_list],
+            $startoffset,
+            [@message_frag_lens]
+        );
+        $message->parse();
+    } else {
+        #Unknown message type
+        $message = TLSProxy::Message->new(
+            $server,
+            $mt,
+            $data,
+            [@message_rec_list],
+            $startoffset,
+            [@message_frag_lens]
+        );
+    }
+
+    return $message;
+}
+
+sub end
+{
+    my $class = shift;
+    return $end;
+}
+sub success
+{
+    my $class = shift;
+    return $success;
+}
+sub fail
+{
+    my $class = shift;
+    return !$success && $end;
+}
+
+sub alert
+{
+    return $alert;
+}
+
+sub new
+{
+    my $class = shift;
+    my ($server,
+        $mt,
+        $data,
+        $records,
+        $startoffset,
+        $message_frag_lens) = @_;
+
+    my $self = {
+        server => $server,
+        data => $data,
+        records => $records,
+        mt => $mt,
+        startoffset => $startoffset,
+        message_frag_lens => $message_frag_lens,
+        dupext => -1
+    };
+
+    return bless $self, $class;
+}
+
+sub ciphersuite
+{
+    my $class = shift;
+    if (@_) {
+      $ciphersuite = shift;
+    }
+    return $ciphersuite;
+}
+
+#Update all the underlying records with the modified data from this message
+#Note: Only supports re-encrypting for TLSv1.3
+sub repack
+{
+    my $self = shift;
+    my $msgdata;
+
+    my $numrecs = $#{$self->records};
+
+    $self->set_message_contents();
+
+    my $lenhi;
+    my $lenlo;
+
+    $lenlo = length($self->data) & 0xff;
+    $lenhi = length($self->data) >> 8;
+    $msgdata = pack('CnC', $self->mt, $lenhi, $lenlo).$self->data;
+
+    if ($numrecs == 0) {
+        #The message is fully contained within one record
+        my ($rec) = @{$self->records};
+        my $recdata = $rec->decrypt_data;
+
+        my $old_length;
+
+        # We use empty message_frag_lens to indicates that pre-repacking,
+        # the message wasn't present. The first fragment length doesn't include
+        # the TLS header, so we need to check and compute the right length.
+        if (@{$self->message_frag_lens}) {
+            $old_length = ${$self->message_frag_lens}[0] +
+              TLS_MESSAGE_HEADER_LENGTH;
+        } else {
+            $old_length = 0;
+        }
+
+        my $prefix = substr($recdata, 0, $self->startoffset);
+        my $suffix = substr($recdata, $self->startoffset + $old_length);
+
+        $rec->decrypt_data($prefix.($msgdata).($suffix));
+        # TODO(openssl-team): don't keep explicit lengths.
+        # (If a length override is ever needed to construct invalid packets,
+        #  use an explicit override field instead.)
+        $rec->decrypt_len(length($rec->decrypt_data));
+        $rec->len($rec->len + length($msgdata) - $old_length);
+        # Only support re-encryption for TLSv1.3.
+        if (TLSProxy::Proxy->is_tls13() && $rec->encrypted()) {
+            #Add content type (1 byte) and 16 tag bytes
+            $rec->data($rec->decrypt_data
+                .pack("C", TLSProxy::Record::RT_HANDSHAKE).("\0"x16));
+        } else {
+            $rec->data($rec->decrypt_data);
+        }
+
+        #Update the fragment len in case we changed it above
+        ${$self->message_frag_lens}[0] = length($msgdata)
+                                         - TLS_MESSAGE_HEADER_LENGTH;
+        return;
+    }
+
+    #Note we don't currently support changing a fragmented message length
+    my $recctr = 0;
+    my $datadone = 0;
+    foreach my $rec (@{$self->records}) {
+        my $recdata = $rec->decrypt_data;
+        if ($recctr == 0) {
+            #This is the first record
+            my $remainlen = length($recdata) - $self->startoffset;
+            $rec->data(substr($recdata, 0, $self->startoffset)
+                       .substr(($msgdata), 0, $remainlen));
+            $datadone += $remainlen;
+        } elsif ($recctr + 1 == $numrecs) {
+            #This is the last record
+            $rec->data(substr($msgdata, $datadone));
+        } else {
+            #This is a middle record
+            $rec->data(substr($msgdata, $datadone, length($rec->data)));
+            $datadone += length($rec->data);
+        }
+        $recctr++;
+    }
+}
+
+#To be overridden by sub-classes
+sub set_message_contents
+{
+}
+
+#Read only accessors
+sub server
+{
+    my $self = shift;
+    return $self->{server};
+}
+
+#Read/write accessors
+sub mt
+{
+    my $self = shift;
+    if (@_) {
+      $self->{mt} = shift;
+    }
+    return $self->{mt};
+}
+sub data
+{
+    my $self = shift;
+    if (@_) {
+      $self->{data} = shift;
+    }
+    return $self->{data};
+}
+sub records
+{
+    my $self = shift;
+    if (@_) {
+      $self->{records} = shift;
+    }
+    return $self->{records};
+}
+sub startoffset
+{
+    my $self = shift;
+    if (@_) {
+      $self->{startoffset} = shift;
+    }
+    return $self->{startoffset};
+}
+sub message_frag_lens
+{
+    my $self = shift;
+    if (@_) {
+      $self->{message_frag_lens} = shift;
+    }
+    return $self->{message_frag_lens};
+}
+sub encoded_length
+{
+    my $self = shift;
+    return TLS_MESSAGE_HEADER_LENGTH + length($self->data);
+}
+sub dupext
+{
+    my $self = shift;
+    if (@_) {
+        $self->{dupext} = shift;
+    }
+    return $self->{dupext};
+}
+sub successondata
+{
+    my $class = shift;
+    if (@_) {
+        $successondata = shift;
+    }
+    return $successondata;
+}
+1;
diff --git a/trunk/3rdparty/openssl-1.1-fit/util/perl/TLSProxy/NewSessionTicket.pm b/trunk/3rdparty/openssl-1.1-fit/util/perl/TLSProxy/NewSessionTicket.pm
new file mode 100644
index 000000000..e5099851d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/util/perl/TLSProxy/NewSessionTicket.pm
@@ -0,0 +1,81 @@
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+
+package TLSProxy::NewSessionTicket;
+
+use vars '@ISA';
+push @ISA, 'TLSProxy::Message';
+
+sub new
+{
+    my $class = shift;
+    my ($server,
+        $data,
+        $records,
+        $startoffset,
+        $message_frag_lens) = @_;
+
+    my $self = $class->SUPER::new(
+        $server,
+        TLSProxy::Message::MT_NEW_SESSION_TICKET,
+        $data,
+        $records,
+        $startoffset,
+        $message_frag_lens);
+
+    $self->{ticket_lifetime_hint} = 0;
+    $self->{ticket} = "";
+
+    return $self;
+}
+
+sub parse
+{
+    my $self = shift;
+
+    my $ticket_lifetime_hint = unpack('N', $self->data);
+    my $ticket_len = unpack('n', $self->data);
+    my $ticket = substr($self->data, 6, $ticket_len);
+
+    $self->ticket_lifetime_hint($ticket_lifetime_hint);
+    $self->ticket($ticket);
+}
+
+
+#Reconstruct the on-the-wire message data following changes
+sub set_message_contents
+{
+    my $self = shift;
+    my $data;
+
+    $data = pack('N', $self->ticket_lifetime_hint);
+    $data .= pack('n', length($self->ticket));
+    $data .= $self->ticket;
+
+    $self->data($data);
+}
+
+#Read/write accessors
+sub ticket_lifetime_hint
+{
+    my $self = shift;
+    if (@_) {
+      $self->{ticket_lifetime_hint} = shift;
+    }
+    return $self->{ticket_lifetime_hint};
+}
+sub ticket
+{
+    my $self = shift;
+    if (@_) {
+      $self->{ticket} = shift;
+    }
+    return $self->{ticket};
+}
+1;
diff --git a/trunk/3rdparty/openssl-1.1-fit/util/perl/TLSProxy/Proxy.pm b/trunk/3rdparty/openssl-1.1-fit/util/perl/TLSProxy/Proxy.pm
new file mode 100644
index 000000000..f7bca02e5
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/util/perl/TLSProxy/Proxy.pm
@@ -0,0 +1,728 @@
+# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+use POSIX ":sys_wait_h";
+
+package TLSProxy::Proxy;
+
+use File::Spec;
+use IO::Socket;
+use IO::Select;
+use TLSProxy::Record;
+use TLSProxy::Message;
+use TLSProxy::ClientHello;
+use TLSProxy::ServerHello;
+use TLSProxy::EncryptedExtensions;
+use TLSProxy::Certificate;
+use TLSProxy::CertificateVerify;
+use TLSProxy::ServerKeyExchange;
+use TLSProxy::NewSessionTicket;
+
+my $have_IPv6;
+my $IP_factory;
+
+BEGIN
+{
+    # IO::Socket::IP is on the core module list, IO::Socket::INET6 isn't.
+    # However, IO::Socket::INET6 is older and is said to be more widely
+    # deployed for the moment, and may have less bugs, so we try the latter
+    # first, then fall back on the core modules.  Worst case scenario, we
+    # fall back to IO::Socket::INET, only supports IPv4.
+    eval {
+        require IO::Socket::INET6;
+        my $s = IO::Socket::INET6->new(
+            LocalAddr => "::1",
+            LocalPort => 0,
+            Listen=>1,
+            );
+        $s or die "\n";
+        $s->close();
+    };
+    if ($@ eq "") {
+        $IP_factory = sub { IO::Socket::INET6->new(Domain => AF_INET6, @_); };
+        $have_IPv6 = 1;
+    } else {
+        eval {
+            require IO::Socket::IP;
+            my $s = IO::Socket::IP->new(
+                LocalAddr => "::1",
+                LocalPort => 0,
+                Listen=>1,
+                );
+            $s or die "\n";
+            $s->close();
+        };
+        if ($@ eq "") {
+            $IP_factory = sub { IO::Socket::IP->new(@_); };
+            $have_IPv6 = 1;
+        } else {
+            $IP_factory = sub { IO::Socket::INET->new(@_); };
+            $have_IPv6 = 0;
+        }
+    }
+}
+
+my $is_tls13 = 0;
+my $ciphersuite = undef;
+
+sub new
+{
+    my $class = shift;
+    my ($filter,
+        $execute,
+        $cert,
+        $debug) = @_;
+
+    my $self = {
+        #Public read/write
+        proxy_addr => $have_IPv6 ? "[::1]" : "127.0.0.1",
+        filter => $filter,
+        serverflags => "",
+        clientflags => "",
+        serverconnects => 1,
+        reneg => 0,
+        sessionfile => undef,
+
+        #Public read
+        proxy_port => 0,
+        server_port => 0,
+        serverpid => 0,
+        clientpid => 0,
+        execute => $execute,
+        cert => $cert,
+        debug => $debug,
+        cipherc => "",
+        ciphersuitesc => "",
+        ciphers => "AES128-SHA",
+        ciphersuitess => "TLS_AES_128_GCM_SHA256",
+        flight => -1,
+        direction => -1,
+        partial => ["", ""],
+        record_list => [],
+        message_list => [],
+    };
+
+    # Create the Proxy socket
+    my $proxaddr = $self->{proxy_addr};
+    $proxaddr =~ s/[\[\]]//g; # Remove [ and ]
+    my @proxyargs = (
+        LocalHost   => $proxaddr,
+        LocalPort   => 0,
+        Proto       => "tcp",
+        Listen      => SOMAXCONN,
+       );
+
+    if (my $sock = $IP_factory->(@proxyargs)) {
+        $self->{proxy_sock} = $sock;
+        $self->{proxy_port} = $sock->sockport();
+        $self->{proxy_addr} = $sock->sockhost();
+        $self->{proxy_addr} =~ s/(.*:.*)/[$1]/;
+        print "Proxy started on port ",
+              "$self->{proxy_addr}:$self->{proxy_port}\n";
+        # use same address for s_server
+        $self->{server_addr} = $self->{proxy_addr};
+    } else {
+        warn "Failed creating proxy socket (".$proxaddr.",0): $!\n";
+    }
+
+    return bless $self, $class;
+}
+
+sub DESTROY
+{
+    my $self = shift;
+
+    $self->{proxy_sock}->close() if $self->{proxy_sock};
+}
+
+sub clearClient
+{
+    my $self = shift;
+
+    $self->{cipherc} = "";
+    $self->{ciphersuitec} = "";
+    $self->{flight} = -1;
+    $self->{direction} = -1;
+    $self->{partial} = ["", ""];
+    $self->{record_list} = [];
+    $self->{message_list} = [];
+    $self->{clientflags} = "";
+    $self->{sessionfile} = undef;
+    $self->{clientpid} = 0;
+    $is_tls13 = 0;
+    $ciphersuite = undef;
+
+    TLSProxy::Message->clear();
+    TLSProxy::Record->clear();
+}
+
+sub clear
+{
+    my $self = shift;
+
+    $self->clearClient;
+    $self->{ciphers} = "AES128-SHA";
+    $self->{ciphersuitess} = "TLS_AES_128_GCM_SHA256";
+    $self->{serverflags} = "";
+    $self->{serverconnects} = 1;
+    $self->{serverpid} = 0;
+    $self->{reneg} = 0;
+}
+
+sub restart
+{
+    my $self = shift;
+
+    $self->clear;
+    $self->start;
+}
+
+sub clientrestart
+{
+    my $self = shift;
+
+    $self->clear;
+    $self->clientstart;
+}
+
+sub connect_to_server
+{
+    my $self = shift;
+    my $servaddr = $self->{server_addr};
+
+    $servaddr =~ s/[\[\]]//g; # Remove [ and ]
+
+    my $sock = $IP_factory->(PeerAddr => $servaddr,
+                             PeerPort => $self->{server_port},
+                             Proto => 'tcp');
+    if (!defined($sock)) {
+        my $err = $!;
+        kill(3, $self->{real_serverpid});
+        die "unable to connect: $err\n";
+    }
+
+    $self->{server_sock} = $sock;
+}
+
+sub start
+{
+    my ($self) = shift;
+    my $pid;
+
+    if ($self->{proxy_sock} == 0) {
+        return 0;
+    }
+
+    my $execcmd = $self->execute
+        ." s_server -max_protocol TLSv1.3 -no_comp -rev -engine ossltest"
+        #In TLSv1.3 we issue two session tickets. The default session id
+        #callback gets confused because the ossltest engine causes the same
+        #session id to be created twice due to the changed random number
+        #generation. Using "-ext_cache" replaces the default callback with a
+        #different one that doesn't get confused.
+        ." -ext_cache"
+        ." -accept $self->{server_addr}:0"
+        ." -cert ".$self->cert." -cert2 ".$self->cert
+        ." -naccept ".$self->serverconnects;
+    if ($self->ciphers ne "") {
+        $execcmd .= " -cipher ".$self->ciphers;
+    }
+    if ($self->ciphersuitess ne "") {
+        $execcmd .= " -ciphersuites ".$self->ciphersuitess;
+    }
+    if ($self->serverflags ne "") {
+        $execcmd .= " ".$self->serverflags;
+    }
+    if ($self->debug) {
+        print STDERR "Server command: $execcmd\n";
+    }
+
+    open(my $savedin, "<&STDIN");
+
+    # Temporarily replace STDIN so that sink process can inherit it...
+    $pid = open(STDIN, "$execcmd 2>&1 |") or die "Failed to $execcmd: $!\n";
+    $self->{real_serverpid} = $pid;
+
+    # Process the output from s_server until we find the ACCEPT line, which
+    # tells us what the accepting address and port are.
+    while (<>) {
+        print;
+        s/\R$//;                # Better chomp
+        next unless (/^ACCEPT\s.*:(\d+)$/);
+        $self->{server_port} = $1;
+        last;
+    }
+
+    if ($self->{server_port} == 0) {
+        # This actually means that s_server exited, because otherwise
+        # we would still searching for ACCEPT...
+        waitpid($pid, 0);
+        die "no ACCEPT detected in '$execcmd' output: $?\n";
+    }
+
+    # Just make sure everything else is simply printed [as separate lines].
+    # The sub process simply inherits our STD* and will keep consuming
+    # server's output and printing it as long as there is anything there,
+    # out of our way.
+    my $error;
+    $pid = undef;
+    if (eval { require Win32::Process; 1; }) {
+        if (Win32::Process::Create(my $h, $^X, "perl -ne print", 0, 0, ".")) {
+            $pid = $h->GetProcessID();
+            $self->{proc_handle} = $h;  # hold handle till next round [or exit]
+        } else {
+            $error = Win32::FormatMessage(Win32::GetLastError());
+        }
+    } else {
+        if (defined($pid = fork)) {
+            $pid or exec("$^X -ne print") or exit($!);
+        } else {
+            $error = $!;
+        }
+    }
+
+    # Change back to original stdin
+    open(STDIN, "<&", $savedin);
+    close($savedin);
+
+    if (!defined($pid)) {
+        kill(3, $self->{real_serverpid});
+        die "Failed to capture s_server's output: $error\n";
+    }
+
+    $self->{serverpid} = $pid;
+
+    print STDERR "Server responds on ",
+                 "$self->{server_addr}:$self->{server_port}\n";
+
+    # Connect right away...
+    $self->connect_to_server();
+
+    return $self->clientstart;
+}
+
+sub clientstart
+{
+    my ($self) = shift;
+
+    if ($self->execute) {
+        my $pid;
+        my $execcmd = $self->execute
+             ." s_client -max_protocol TLSv1.3 -engine ossltest"
+             ." -connect $self->{proxy_addr}:$self->{proxy_port}";
+        if ($self->cipherc ne "") {
+            $execcmd .= " -cipher ".$self->cipherc;
+        }
+        if ($self->ciphersuitesc ne "") {
+            $execcmd .= " -ciphersuites ".$self->ciphersuitesc;
+        }
+        if ($self->clientflags ne "") {
+            $execcmd .= " ".$self->clientflags;
+        }
+        if ($self->clientflags !~ m/-(no)?servername/) {
+            $execcmd .= " -servername localhost";
+        }
+        if (defined $self->sessionfile) {
+            $execcmd .= " -ign_eof";
+        }
+        if ($self->debug) {
+            print STDERR "Client command: $execcmd\n";
+        }
+
+        open(my $savedout, ">&STDOUT");
+        # If we open pipe with new descriptor, attempt to close it,
+        # explicitly or implicitly, would incur waitpid and effectively
+        # dead-lock...
+        if (!($pid = open(STDOUT, "| $execcmd"))) {
+            my $err = $!;
+            kill(3, $self->{real_serverpid});
+            die "Failed to $execcmd: $err\n";
+        }
+        $self->{clientpid} = $pid;
+
+        # queue [magic] input
+        print $self->reneg ? "R" : "test";
+
+        # this closes client's stdin without waiting for its pid
+        open(STDOUT, ">&", $savedout);
+        close($savedout);
+    }
+
+    # Wait for incoming connection from client
+    my $fdset = IO::Select->new($self->{proxy_sock});
+    if (!$fdset->can_read(60)) {
+        kill(3, $self->{real_serverpid});
+        die "s_client didn't try to connect\n";
+    }
+
+    my $client_sock;
+    if(!($client_sock = $self->{proxy_sock}->accept())) {
+        warn "Failed accepting incoming connection: $!\n";
+        return 0;
+    }
+
+    print "Connection opened\n";
+
+    my $server_sock = $self->{server_sock};
+    my $indata;
+
+    #Wait for either the server socket or the client socket to become readable
+    $fdset = IO::Select->new($server_sock, $client_sock);
+    my @ready;
+    my $ctr = 0;
+    local $SIG{PIPE} = "IGNORE";
+    $self->{saw_session_ticket} = undef;
+    while($fdset->count && $ctr < 10) {
+        if (defined($self->{sessionfile})) {
+            # s_client got -ign_eof and won't be exiting voluntarily, so we
+            # look for data *and* session ticket...
+            last if TLSProxy::Message->success()
+                    && $self->{saw_session_ticket};
+        }
+        if (!(@ready = $fdset->can_read(1))) {
+            $ctr++;
+            next;
+        }
+        foreach my $hand (@ready) {
+            if ($hand == $server_sock) {
+                if ($server_sock->sysread($indata, 16384)) {
+                    if ($indata = $self->process_packet(1, $indata)) {
+                        $client_sock->syswrite($indata) or goto END;
+                    }
+                    $ctr = 0;
+                } else {
+                    $fdset->remove($server_sock);
+                    $client_sock->shutdown(SHUT_WR);
+                }
+            } elsif ($hand == $client_sock) {
+                if ($client_sock->sysread($indata, 16384)) {
+                    if ($indata = $self->process_packet(0, $indata)) {
+                        $server_sock->syswrite($indata) or goto END;
+                    }
+                    $ctr = 0;
+                } else {
+                    $fdset->remove($client_sock);
+                    $server_sock->shutdown(SHUT_WR);
+                }
+            } else {
+                kill(3, $self->{real_serverpid});
+                die "Unexpected handle";
+            }
+        }
+    }
+
+    if ($ctr >= 10) {
+        kill(3, $self->{real_serverpid});
+        die "No progress made";
+    }
+
+    END:
+    print "Connection closed\n";
+    if($server_sock) {
+        $server_sock->close();
+        $self->{server_sock} = undef;
+    }
+    if($client_sock) {
+        #Closing this also kills the child process
+        $client_sock->close();
+    }
+
+    my $pid;
+    if (--$self->{serverconnects} == 0) {
+        $pid = $self->{serverpid};
+        print "Waiting for 'perl -ne print' process to close: $pid...\n";
+        $pid = waitpid($pid, 0);
+        if ($pid > 0) {
+            die "exit code $? from 'perl -ne print' process\n" if $? != 0;
+        } elsif ($pid == 0) {
+            kill(3, $self->{real_serverpid});
+            die "lost control over $self->{serverpid}?";
+        }
+        $pid = $self->{real_serverpid};
+        print "Waiting for s_server process to close: $pid...\n";
+        # it's done already, just collect the exit code [and reap]...
+        waitpid($pid, 0);
+        die "exit code $? from s_server process\n" if $? != 0;
+    } else {
+        # It's a bit counter-intuitive spot to make next connection to
+        # the s_server. Rationale is that established connection works
+        # as syncronization point, in sense that this way we know that
+        # s_server is actually done with current session...
+        $self->connect_to_server();
+    }
+    $pid = $self->{clientpid};
+    print "Waiting for s_client process to close: $pid...\n";
+    waitpid($pid, 0);
+
+    return 1;
+}
+
+sub process_packet
+{
+    my ($self, $server, $packet) = @_;
+    my $len_real;
+    my $decrypt_len;
+    my $data;
+    my $recnum;
+
+    if ($server) {
+        print "Received server packet\n";
+    } else {
+        print "Received client packet\n";
+    }
+
+    if ($self->{direction} != $server) {
+        $self->{flight} = $self->{flight} + 1;
+        $self->{direction} = $server;
+    }
+
+    print "Packet length = ".length($packet)."\n";
+    print "Processing flight ".$self->flight."\n";
+
+    #Return contains the list of record found in the packet followed by the
+    #list of messages in those records and any partial message
+    my @ret = TLSProxy::Record->get_records($server, $self->flight,
+                                            $self->{partial}[$server].$packet);
+    $self->{partial}[$server] = $ret[2];
+    push @{$self->{record_list}}, @{$ret[0]};
+    push @{$self->{message_list}}, @{$ret[1]};
+
+    print "\n";
+
+    if (scalar(@{$ret[0]}) == 0 or length($ret[2]) != 0) {
+        return "";
+    }
+
+    #Finished parsing. Call user provided filter here
+    if (defined $self->filter) {
+        $self->filter->($self);
+    }
+
+    #Take a note on NewSessionTicket
+    foreach my $message (reverse @{$self->{message_list}}) {
+        if ($message->{mt} == TLSProxy::Message::MT_NEW_SESSION_TICKET) {
+            $self->{saw_session_ticket} = 1;
+            last;
+        }
+    }
+
+    #Reconstruct the packet
+    $packet = "";
+    foreach my $record (@{$self->record_list}) {
+        $packet .= $record->reconstruct_record($server);
+    }
+
+    print "Forwarded packet length = ".length($packet)."\n\n";
+
+    return $packet;
+}
+
+#Read accessors
+sub execute
+{
+    my $self = shift;
+    return $self->{execute};
+}
+sub cert
+{
+    my $self = shift;
+    return $self->{cert};
+}
+sub debug
+{
+    my $self = shift;
+    return $self->{debug};
+}
+sub flight
+{
+    my $self = shift;
+    return $self->{flight};
+}
+sub record_list
+{
+    my $self = shift;
+    return $self->{record_list};
+}
+sub success
+{
+    my $self = shift;
+    return $self->{success};
+}
+sub end
+{
+    my $self = shift;
+    return $self->{end};
+}
+sub supports_IPv6
+{
+    my $self = shift;
+    return $have_IPv6;
+}
+sub proxy_addr
+{
+    my $self = shift;
+    return $self->{proxy_addr};
+}
+sub proxy_port
+{
+    my $self = shift;
+    return $self->{proxy_port};
+}
+sub server_addr
+{
+    my $self = shift;
+    return $self->{server_addr};
+}
+sub server_port
+{
+    my $self = shift;
+    return $self->{server_port};
+}
+sub serverpid
+{
+    my $self = shift;
+    return $self->{serverpid};
+}
+sub clientpid
+{
+    my $self = shift;
+    return $self->{clientpid};
+}
+
+#Read/write accessors
+sub filter
+{
+    my $self = shift;
+    if (@_) {
+        $self->{filter} = shift;
+    }
+    return $self->{filter};
+}
+sub cipherc
+{
+    my $self = shift;
+    if (@_) {
+        $self->{cipherc} = shift;
+    }
+    return $self->{cipherc};
+}
+sub ciphersuitesc
+{
+    my $self = shift;
+    if (@_) {
+        $self->{ciphersuitesc} = shift;
+    }
+    return $self->{ciphersuitesc};
+}
+sub ciphers
+{
+    my $self = shift;
+    if (@_) {
+        $self->{ciphers} = shift;
+    }
+    return $self->{ciphers};
+}
+sub ciphersuitess
+{
+    my $self = shift;
+    if (@_) {
+        $self->{ciphersuitess} = shift;
+    }
+    return $self->{ciphersuitess};
+}
+sub serverflags
+{
+    my $self = shift;
+    if (@_) {
+        $self->{serverflags} = shift;
+    }
+    return $self->{serverflags};
+}
+sub clientflags
+{
+    my $self = shift;
+    if (@_) {
+        $self->{clientflags} = shift;
+    }
+    return $self->{clientflags};
+}
+sub serverconnects
+{
+    my $self = shift;
+    if (@_) {
+        $self->{serverconnects} = shift;
+    }
+    return $self->{serverconnects};
+}
+# This is a bit ugly because the caller is responsible for keeping the records
+# in sync with the updated message list; simply updating the message list isn't
+# sufficient to get the proxy to forward the new message.
+# But it does the trick for the one test (test_sslsessiontick) that needs it.
+sub message_list
+{
+    my $self = shift;
+    if (@_) {
+        $self->{message_list} = shift;
+    }
+    return $self->{message_list};
+}
+
+sub fill_known_data
+{
+    my $length = shift;
+    my $ret = "";
+    for (my $i = 0; $i < $length; $i++) {
+        $ret .= chr($i);
+    }
+    return $ret;
+}
+
+sub is_tls13
+{
+    my $class = shift;
+    if (@_) {
+        $is_tls13 = shift;
+    }
+    return $is_tls13;
+}
+
+sub reneg
+{
+    my $self = shift;
+    if (@_) {
+        $self->{reneg} = shift;
+    }
+    return $self->{reneg};
+}
+
+#Setting a sessionfile means that the client will not close until the given
+#file exists. This is useful in TLSv1.3 where otherwise s_client will close
+#immediately at the end of the handshake, but before the session has been
+#received from the server. A side effect of this is that s_client never sends
+#a close_notify, so instead we consider success to be when it sends application
+#data over the connection.
+sub sessionfile
+{
+    my $self = shift;
+    if (@_) {
+        $self->{sessionfile} = shift;
+        TLSProxy::Message->successondata(1);
+    }
+    return $self->{sessionfile};
+}
+
+sub ciphersuite
+{
+    my $class = shift;
+    if (@_) {
+        $ciphersuite = shift;
+    }
+    return $ciphersuite;
+}
+
+1;
diff --git a/trunk/3rdparty/openssl-1.1-fit/util/perl/TLSProxy/Record.pm b/trunk/3rdparty/openssl-1.1-fit/util/perl/TLSProxy/Record.pm
new file mode 100644
index 000000000..841467b8e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/util/perl/TLSProxy/Record.pm
@@ -0,0 +1,401 @@
+# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+
+use TLSProxy::Proxy;
+
+package TLSProxy::Record;
+
+my $server_encrypting = 0;
+my $client_encrypting = 0;
+my $etm = 0;
+
+use constant TLS_RECORD_HEADER_LENGTH => 5;
+
+#Record types
+use constant {
+    RT_APPLICATION_DATA => 23,
+    RT_HANDSHAKE => 22,
+    RT_ALERT => 21,
+    RT_CCS => 20,
+    RT_UNKNOWN => 100
+};
+
+my %record_type = (
+    RT_APPLICATION_DATA, "APPLICATION DATA",
+    RT_HANDSHAKE, "HANDSHAKE",
+    RT_ALERT, "ALERT",
+    RT_CCS, "CCS",
+    RT_UNKNOWN, "UNKNOWN"
+);
+
+use constant {
+    VERS_TLS_1_4 => 0x0305,
+    VERS_TLS_1_3 => 0x0304,
+    VERS_TLS_1_2 => 0x0303,
+    VERS_TLS_1_1 => 0x0302,
+    VERS_TLS_1_0 => 0x0301,
+    VERS_SSL_3_0 => 0x0300,
+    VERS_SSL_LT_3_0 => 0x02ff
+};
+
+my %tls_version = (
+    VERS_TLS_1_3, "TLS1.3",
+    VERS_TLS_1_2, "TLS1.2",
+    VERS_TLS_1_1, "TLS1.1",
+    VERS_TLS_1_0, "TLS1.0",
+    VERS_SSL_3_0, "SSL3",
+    VERS_SSL_LT_3_0, "SSL<3"
+);
+
+#Class method to extract records from a packet of data
+sub get_records
+{
+    my $class = shift;
+    my $server = shift;
+    my $flight = shift;
+    my $packet = shift;
+    my $partial = "";
+    my @record_list = ();
+    my @message_list = ();
+
+    my $recnum = 1;
+    while (length ($packet) > 0) {
+        print " Record $recnum ", $server ? "(server -> client)\n"
+                                          : "(client -> server)\n";
+
+        #Get the record header (unpack can't fail if $packet is too short)
+        my ($content_type, $version, $len) = unpack('Cnn', $packet);
+
+        if (length($packet) < TLS_RECORD_HEADER_LENGTH + ($len // 0)) {
+            print "Partial data : ".length($packet)." bytes\n";
+            $partial = $packet;
+            last;
+        }
+
+        my $data = substr($packet, TLS_RECORD_HEADER_LENGTH, $len);
+
+        print "  Content type: ".$record_type{$content_type}."\n";
+        print "  Version: $tls_version{$version}\n";
+        print "  Length: $len\n";
+
+        my $record = TLSProxy::Record->new(
+            $flight,
+            $content_type,
+            $version,
+            $len,
+            0,
+            $len,       # len_real
+            $len,       # decrypt_len
+            $data,      # data
+            $data       # decrypt_data
+        );
+
+        if ($content_type != RT_CCS
+                && (!TLSProxy::Proxy->is_tls13()
+                    || $content_type != RT_ALERT)) {
+            if (($server && $server_encrypting)
+                     || (!$server && $client_encrypting)) {
+                if (!TLSProxy::Proxy->is_tls13() && $etm) {
+                    $record->decryptETM();
+                } else {
+                    $record->decrypt();
+                }
+                $record->encrypted(1);
+
+                if (TLSProxy::Proxy->is_tls13()) {
+                    print "  Inner content type: "
+                          .$record_type{$record->content_type()}."\n";
+                }
+            }
+        }
+
+        push @record_list, $record;
+
+        #Now figure out what messages are contained within this record
+        my @messages = TLSProxy::Message->get_messages($server, $record);
+        push @message_list, @messages;
+
+        $packet = substr($packet, TLS_RECORD_HEADER_LENGTH + $len);
+        $recnum++;
+    }
+
+    return (\@record_list, \@message_list, $partial);
+}
+
+sub clear
+{
+    $server_encrypting = 0;
+    $client_encrypting = 0;
+}
+
+#Class level accessors
+sub server_encrypting
+{
+    my $class = shift;
+    if (@_) {
+      $server_encrypting = shift;
+    }
+    return $server_encrypting;
+}
+sub client_encrypting
+{
+    my $class = shift;
+    if (@_) {
+      $client_encrypting= shift;
+    }
+    return $client_encrypting;
+}
+#Enable/Disable Encrypt-then-MAC
+sub etm
+{
+    my $class = shift;
+    if (@_) {
+      $etm = shift;
+    }
+    return $etm;
+}
+
+sub new
+{
+    my $class = shift;
+    my ($flight,
+        $content_type,
+        $version,
+        $len,
+        $sslv2,
+        $len_real,
+        $decrypt_len,
+        $data,
+        $decrypt_data) = @_;
+
+    my $self = {
+        flight => $flight,
+        content_type => $content_type,
+        version => $version,
+        len => $len,
+        sslv2 => $sslv2,
+        len_real => $len_real,
+        decrypt_len => $decrypt_len,
+        data => $data,
+        decrypt_data => $decrypt_data,
+        orig_decrypt_data => $decrypt_data,
+        sent => 0,
+        encrypted => 0,
+        outer_content_type => RT_APPLICATION_DATA
+    };
+
+    return bless $self, $class;
+}
+
+#Decrypt using encrypt-then-MAC
+sub decryptETM
+{
+    my ($self) = shift;
+
+    my $data = $self->data;
+
+    if($self->version >= VERS_TLS_1_1()) {
+        #TLS1.1+ has an explicit IV. Throw it away
+        $data = substr($data, 16);
+    }
+
+    #Throw away the MAC (assumes MAC is 20 bytes for now. FIXME)
+    $data = substr($data, 0, length($data) - 20);
+
+    #Find out what the padding byte is
+    my $padval = unpack("C", substr($data, length($data) - 1));
+
+    #Throw away the padding
+    $data = substr($data, 0, length($data) - ($padval + 1));
+
+    $self->decrypt_data($data);
+    $self->decrypt_len(length($data));
+
+    return $data;
+}
+
+#Standard decrypt
+sub decrypt()
+{
+    my ($self) = shift;
+    my $mactaglen = 20;
+    my $data = $self->data;
+
+    #Throw away any IVs
+    if (TLSProxy::Proxy->is_tls13()) {
+        #A TLS1.3 client, when processing the server's initial flight, could
+        #respond with either an encrypted or an unencrypted alert.
+        if ($self->content_type() == RT_ALERT) {
+            #TODO(TLS1.3): Eventually it is sufficient just to check the record
+            #content type. If an alert is encrypted it will have a record
+            #content type of application data. However we haven't done the
+            #record layer changes yet, so it's a bit more complicated. For now
+            #we will additionally check if the data length is 2 (1 byte for
+            #alert level, 1 byte for alert description). If it is, then this is
+            #an unencrypted alert, so don't try to decrypt
+            return $data if (length($data) == 2);
+        }
+        $mactaglen = 16;
+    } elsif ($self->version >= VERS_TLS_1_1()) {
+        #16 bytes for a standard IV
+        $data = substr($data, 16);
+
+        #Find out what the padding byte is
+        my $padval = unpack("C", substr($data, length($data) - 1));
+
+        #Throw away the padding
+        $data = substr($data, 0, length($data) - ($padval + 1));
+    }
+
+    #Throw away the MAC or TAG
+    $data = substr($data, 0, length($data) - $mactaglen);
+
+    if (TLSProxy::Proxy->is_tls13()) {
+        #Get the content type
+        my $content_type = unpack("C", substr($data, length($data) - 1));
+        $self->content_type($content_type);
+        $data = substr($data, 0, length($data) - 1);
+    }
+
+    $self->decrypt_data($data);
+    $self->decrypt_len(length($data));
+
+    return $data;
+}
+
+#Reconstruct the on-the-wire record representation
+sub reconstruct_record
+{
+    my $self = shift;
+    my $server = shift;
+    my $data;
+
+    #We only replay the records in the same direction
+    if ($self->{sent} || ($self->flight & 1) != $server) {
+        return "";
+    }
+    $self->{sent} = 1;
+
+    if ($self->sslv2) {
+        $data = pack('n', $self->len | 0x8000);
+    } else {
+        if (TLSProxy::Proxy->is_tls13() && $self->encrypted) {
+            $data = pack('Cnn', $self->outer_content_type, $self->version,
+                         $self->len);
+        } else {
+            $data = pack('Cnn', $self->content_type, $self->version,
+                         $self->len);
+        }
+
+    }
+    $data .= $self->data;
+
+    return $data;
+}
+
+#Read only accessors
+sub flight
+{
+    my $self = shift;
+    return $self->{flight};
+}
+sub sslv2
+{
+    my $self = shift;
+    return $self->{sslv2};
+}
+sub len_real
+{
+    my $self = shift;
+    return $self->{len_real};
+}
+sub orig_decrypt_data
+{
+    my $self = shift;
+    return $self->{orig_decrypt_data};
+}
+
+#Read/write accessors
+sub decrypt_len
+{
+    my $self = shift;
+    if (@_) {
+      $self->{decrypt_len} = shift;
+    }
+    return $self->{decrypt_len};
+}
+sub data
+{
+    my $self = shift;
+    if (@_) {
+      $self->{data} = shift;
+    }
+    return $self->{data};
+}
+sub decrypt_data
+{
+    my $self = shift;
+    if (@_) {
+      $self->{decrypt_data} = shift;
+    }
+    return $self->{decrypt_data};
+}
+sub len
+{
+    my $self = shift;
+    if (@_) {
+      $self->{len} = shift;
+    }
+    return $self->{len};
+}
+sub version
+{
+    my $self = shift;
+    if (@_) {
+      $self->{version} = shift;
+    }
+    return $self->{version};
+}
+sub content_type
+{
+    my $self = shift;
+    if (@_) {
+      $self->{content_type} = shift;
+    }
+    return $self->{content_type};
+}
+sub encrypted
+{
+    my $self = shift;
+    if (@_) {
+      $self->{encrypted} = shift;
+    }
+    return $self->{encrypted};
+}
+sub outer_content_type
+{
+    my $self = shift;
+    if (@_) {
+      $self->{outer_content_type} = shift;
+    }
+    return $self->{outer_content_type};
+}
+sub is_fatal_alert
+{
+    my $self = shift;
+    my $server = shift;
+
+    if (($self->{flight} & 1) == $server
+        && $self->{content_type} == TLSProxy::Record::RT_ALERT) {
+        my ($level, $alert) = unpack('CC', $self->decrypt_data);
+        return $alert if ($level == 2);
+    }
+    return 0;
+}
+1;
diff --git a/trunk/3rdparty/openssl-1.1-fit/util/perl/TLSProxy/ServerHello.pm b/trunk/3rdparty/openssl-1.1-fit/util/perl/TLSProxy/ServerHello.pm
new file mode 100644
index 000000000..e9f1eca19
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/util/perl/TLSProxy/ServerHello.pm
@@ -0,0 +1,236 @@
+# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+
+package TLSProxy::ServerHello;
+
+use vars '@ISA';
+push @ISA, 'TLSProxy::Message';
+
+my $hrrrandom = pack("C*", 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11, 0xBE,
+                           0x1D, 0x8C, 0x02, 0x1E, 0x65, 0xB8, 0x91, 0xC2, 0xA2,
+                           0x11, 0x16, 0x7A, 0xBB, 0x8C, 0x5E, 0x07, 0x9E, 0x09,
+                           0xE2, 0xC8, 0xA8, 0x33, 0x9C);
+
+sub new
+{
+    my $class = shift;
+    my ($server,
+        $data,
+        $records,
+        $startoffset,
+        $message_frag_lens) = @_;
+
+    my $self = $class->SUPER::new(
+        $server,
+        TLSProxy::Message::MT_SERVER_HELLO,
+        $data,
+        $records,
+        $startoffset,
+        $message_frag_lens);
+
+    $self->{server_version} = 0;
+    $self->{random} = [];
+    $self->{session_id_len} = 0;
+    $self->{session} = "";
+    $self->{ciphersuite} = 0;
+    $self->{comp_meth} = 0;
+    $self->{extension_data} = "";
+
+    return $self;
+}
+
+sub parse
+{
+    my $self = shift;
+    my $ptr = 2;
+    my ($server_version) = unpack('n', $self->data);
+    my $neg_version = $server_version;
+
+    my $random = substr($self->data, $ptr, 32);
+    $ptr += 32;
+    my $session_id_len = 0;
+    my $session = "";
+    $session_id_len = unpack('C', substr($self->data, $ptr));
+    $ptr++;
+    $session = substr($self->data, $ptr, $session_id_len);
+    $ptr += $session_id_len;
+
+    my $ciphersuite = unpack('n', substr($self->data, $ptr));
+    $ptr += 2;
+    my $comp_meth = 0;
+    $comp_meth = unpack('C', substr($self->data, $ptr));
+    $ptr++;
+
+    my $extensions_len = unpack('n', substr($self->data, $ptr));
+    if (!defined $extensions_len) {
+        $extensions_len = 0;
+    } else {
+        $ptr += 2;
+    }
+    #For now we just deal with this as a block of data. In the future we will
+    #want to parse this
+    my $extension_data;
+    if ($extensions_len != 0) {
+        $extension_data = substr($self->data, $ptr);
+
+        if (length($extension_data) != $extensions_len) {
+            die "Invalid extension length\n";
+        }
+    } else {
+        if (length($self->data) != $ptr) {
+            die "Invalid extension length\n";
+        }
+        $extension_data = "";
+    }
+    my %extensions = ();
+    while (length($extension_data) >= 4) {
+        my ($type, $size) = unpack("nn", $extension_data);
+        my $extdata = substr($extension_data, 4, $size);
+        $extension_data = substr($extension_data, 4 + $size);
+        $extensions{$type} = $extdata;
+        if ($type == TLSProxy::Message::EXT_SUPPORTED_VERSIONS) {
+            $neg_version = unpack('n', $extdata);
+        }
+    }
+
+    if ($random eq $hrrrandom) {
+        TLSProxy::Proxy->is_tls13(1);
+    } elsif ($neg_version == TLSProxy::Record::VERS_TLS_1_3) {
+        TLSProxy::Proxy->is_tls13(1);
+
+        TLSProxy::Record->server_encrypting(1);
+        TLSProxy::Record->client_encrypting(1);
+    }
+
+    $self->server_version($server_version);
+    $self->random($random);
+    $self->session_id_len($session_id_len);
+    $self->session($session);
+    $self->ciphersuite($ciphersuite);
+    TLSProxy::Proxy->ciphersuite($ciphersuite);
+    $self->comp_meth($comp_meth);
+    $self->extension_data(\%extensions);
+
+    $self->process_data();
+
+
+    print "    Server Version:".$server_version."\n";
+    print "    Session ID Len:".$session_id_len."\n";
+    print "    Ciphersuite:".$ciphersuite."\n";
+    print "    Compression Method:".$comp_meth."\n";
+    print "    Extensions Len:".$extensions_len."\n";
+}
+
+#Perform any actions necessary based on the data we've seen
+sub process_data
+{
+    my $self = shift;
+
+    TLSProxy::Message->ciphersuite($self->ciphersuite);
+}
+
+#Reconstruct the on-the-wire message data following changes
+sub set_message_contents
+{
+    my $self = shift;
+    my $data;
+    my $extensions = "";
+
+    $data = pack('n', $self->server_version);
+    $data .= $self->random;
+    $data .= pack('C', $self->session_id_len);
+    $data .= $self->session;
+    $data .= pack('n', $self->ciphersuite);
+    $data .= pack('C', $self->comp_meth);
+
+    foreach my $key (keys %{$self->extension_data}) {
+        my $extdata = ${$self->extension_data}{$key};
+        $extensions .= pack("n", $key);
+        $extensions .= pack("n", length($extdata));
+        $extensions .= $extdata;
+        if ($key == $self->dupext) {
+          $extensions .= pack("n", $key);
+          $extensions .= pack("n", length($extdata));
+          $extensions .= $extdata;
+        }
+    }
+
+    $data .= pack('n', length($extensions));
+    $data .= $extensions;
+    $self->data($data);
+}
+
+#Read/write accessors
+sub server_version
+{
+    my $self = shift;
+    if (@_) {
+      $self->{server_version} = shift;
+    }
+    return $self->{server_version};
+}
+sub random
+{
+    my $self = shift;
+    if (@_) {
+      $self->{random} = shift;
+    }
+    return $self->{random};
+}
+sub session_id_len
+{
+    my $self = shift;
+    if (@_) {
+      $self->{session_id_len} = shift;
+    }
+    return $self->{session_id_len};
+}
+sub session
+{
+    my $self = shift;
+    if (@_) {
+      $self->{session} = shift;
+    }
+    return $self->{session};
+}
+sub ciphersuite
+{
+    my $self = shift;
+    if (@_) {
+      $self->{ciphersuite} = shift;
+    }
+    return $self->{ciphersuite};
+}
+sub comp_meth
+{
+    my $self = shift;
+    if (@_) {
+      $self->{comp_meth} = shift;
+    }
+    return $self->{comp_meth};
+}
+sub extension_data
+{
+    my $self = shift;
+    if (@_) {
+      $self->{extension_data} = shift;
+    }
+    return $self->{extension_data};
+}
+sub set_extension
+{
+    my ($self, $ext_type, $ext_data) = @_;
+    $self->{extension_data}{$ext_type} = $ext_data;
+}
+sub delete_extension
+{
+    my ($self, $ext_type) = @_;
+    delete $self->{extension_data}{$ext_type};
+}
+1;
diff --git a/trunk/3rdparty/openssl-1.1-fit/util/perl/TLSProxy/ServerKeyExchange.pm b/trunk/3rdparty/openssl-1.1-fit/util/perl/TLSProxy/ServerKeyExchange.pm
new file mode 100644
index 000000000..e0086e2be
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/util/perl/TLSProxy/ServerKeyExchange.pm
@@ -0,0 +1,157 @@
+# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+
+package TLSProxy::ServerKeyExchange;
+
+use vars '@ISA';
+push @ISA, 'TLSProxy::Message';
+
+sub new
+{
+    my $class = shift;
+    my ($server,
+        $data,
+        $records,
+        $startoffset,
+        $message_frag_lens) = @_;
+
+    my $self = $class->SUPER::new(
+        $server,
+        TLSProxy::Message::MT_SERVER_KEY_EXCHANGE,
+        $data,
+        $records,
+        $startoffset,
+        $message_frag_lens);
+
+    #DHE
+    $self->{p} = "";
+    $self->{g} = "";
+    $self->{pub_key} = "";
+    $self->{sigalg} = -1;
+    $self->{sig} = "";
+
+    return $self;
+}
+
+sub parse
+{
+    my $self = shift;
+    my $sigalg = -1;
+
+    #Minimal SKE parsing. Only supports one known DHE ciphersuite at the moment
+    return if TLSProxy::Proxy->ciphersuite()
+                 != TLSProxy::Message::CIPHER_ADH_AES_128_SHA
+              && TLSProxy::Proxy->ciphersuite()
+                 != TLSProxy::Message::CIPHER_DHE_RSA_AES_128_SHA;
+
+    my $p_len = unpack('n', $self->data);
+    my $ptr = 2;
+    my $p = substr($self->data, $ptr, $p_len);
+    $ptr += $p_len;
+
+    my $g_len = unpack('n', substr($self->data, $ptr));
+    $ptr += 2;
+    my $g = substr($self->data, $ptr, $g_len);
+    $ptr += $g_len;
+
+    my $pub_key_len = unpack('n', substr($self->data, $ptr));
+    $ptr += 2;
+    my $pub_key = substr($self->data, $ptr, $pub_key_len);
+    $ptr += $pub_key_len;
+
+    #We assume its signed
+    my $record = ${$self->records}[0];
+
+    if (TLSProxy::Proxy->is_tls13()
+            || $record->version() == TLSProxy::Record::VERS_TLS_1_2) {
+        $sigalg = unpack('n', substr($self->data, $ptr));
+        $ptr += 2;
+    }
+    my $sig = "";
+    if (defined $sigalg) {
+        my $sig_len = unpack('n', substr($self->data, $ptr));
+        if (defined $sig_len) {
+            $ptr += 2;
+            $sig = substr($self->data, $ptr, $sig_len);
+            $ptr += $sig_len;
+        }
+    }
+
+    $self->p($p);
+    $self->g($g);
+    $self->pub_key($pub_key);
+    $self->sigalg($sigalg) if defined $sigalg;
+    $self->signature($sig);
+}
+
+
+#Reconstruct the on-the-wire message data following changes
+sub set_message_contents
+{
+    my $self = shift;
+    my $data;
+
+    $data = pack('n', length($self->p));
+    $data .= $self->p;
+    $data .= pack('n', length($self->g));
+    $data .= $self->g;
+    $data .= pack('n', length($self->pub_key));
+    $data .= $self->pub_key;
+    $data .= pack('n', $self->sigalg) if ($self->sigalg != -1);
+    if (length($self->signature) > 0) {
+        $data .= pack('n', length($self->signature));
+        $data .= $self->signature;
+    }
+
+    $self->data($data);
+}
+
+#Read/write accessors
+#DHE
+sub p
+{
+    my $self = shift;
+    if (@_) {
+      $self->{p} = shift;
+    }
+    return $self->{p};
+}
+sub g
+{
+    my $self = shift;
+    if (@_) {
+      $self->{g} = shift;
+    }
+    return $self->{g};
+}
+sub pub_key
+{
+    my $self = shift;
+    if (@_) {
+      $self->{pub_key} = shift;
+    }
+    return $self->{pub_key};
+}
+sub sigalg
+{
+    my $self = shift;
+    if (@_) {
+      $self->{sigalg} = shift;
+    }
+    return $self->{sigalg};
+}
+sub signature
+{
+    my $self = shift;
+    if (@_) {
+      $self->{sig} = shift;
+    }
+    return $self->{sig};
+}
+1;
diff --git a/trunk/3rdparty/openssl-1.1-fit/util/perl/checkhandshake.pm b/trunk/3rdparty/openssl-1.1-fit/util/perl/checkhandshake.pm
new file mode 100644
index 000000000..c53b96d5e
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/util/perl/checkhandshake.pm
@@ -0,0 +1,228 @@
+#! /usr/bin/env perl
+# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+package checkhandshake;
+
+use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file srctop_dir bldtop_dir/;
+use OpenSSL::Test::Utils;
+use TLSProxy::Proxy;
+
+use Exporter;
+our @ISA = 'Exporter';
+our @EXPORT = qw(@handmessages @extensions checkhandshake);
+
+use constant {
+    DEFAULT_HANDSHAKE => 1,
+    OCSP_HANDSHAKE => 2,
+    RESUME_HANDSHAKE => 4,
+    CLIENT_AUTH_HANDSHAKE => 8,
+    RENEG_HANDSHAKE => 16,
+    NPN_HANDSHAKE => 32,
+    EC_HANDSHAKE => 64,
+    HRR_HANDSHAKE => 128,
+    HRR_RESUME_HANDSHAKE => 256,
+
+    ALL_HANDSHAKES => 511
+};
+
+use constant {
+    #DEFAULT also includes SESSION_TICKET_SRV_EXTENSION and SERVER_NAME_CLI
+    DEFAULT_EXTENSIONS => 0x00000007,
+    SESSION_TICKET_SRV_EXTENSION => 0x00000002,
+    SERVER_NAME_CLI_EXTENSION => 0x00000004,
+    SERVER_NAME_SRV_EXTENSION => 0x00000008,
+    STATUS_REQUEST_CLI_EXTENSION => 0x00000010,
+    STATUS_REQUEST_SRV_EXTENSION => 0x00000020,
+    ALPN_CLI_EXTENSION => 0x00000040,
+    ALPN_SRV_EXTENSION => 0x00000080,
+    SCT_CLI_EXTENSION => 0x00000100,
+    SCT_SRV_EXTENSION => 0x00000200,
+    RENEGOTIATE_CLI_EXTENSION => 0x00000400,
+    NPN_CLI_EXTENSION => 0x00000800,
+    NPN_SRV_EXTENSION => 0x00001000,
+    SRP_CLI_EXTENSION => 0x00002000,
+    #Client side for ec point formats is a default extension
+    EC_POINT_FORMAT_SRV_EXTENSION => 0x00004000,
+    PSK_CLI_EXTENSION => 0x00008000,
+    PSK_SRV_EXTENSION => 0x00010000,
+    KEY_SHARE_SRV_EXTENSION => 0x00020000,
+    PSK_KEX_MODES_EXTENSION => 0x00040000,
+    KEY_SHARE_HRR_EXTENSION => 0x00080000,
+    SUPPORTED_GROUPS_SRV_EXTENSION => 0x00100000,
+    POST_HANDSHAKE_AUTH_CLI_EXTENSION => 0x00200000
+};
+
+our @handmessages = ();
+our @extensions = ();
+
+sub checkhandshake($$$$)
+{
+    my ($proxy, $handtype, $exttype, $testname) = @_;
+
+    subtest $testname => sub {
+        my $loop = 0;
+        my $numtests;
+        my $extcount;
+        my $clienthelloseen = 0;
+
+        my $lastmt = 0;
+        my $numsh = 0;
+        if (TLSProxy::Proxy::is_tls13()) {
+            #How many ServerHellos are we expecting?
+            for ($numtests = 0; $handmessages[$loop][1] != 0; $loop++) {
+                next if (($handmessages[$loop][1] & $handtype) == 0);
+                $numsh++ if ($lastmt != TLSProxy::Message::MT_SERVER_HELLO
+                             && $handmessages[$loop][0] == TLSProxy::Message::MT_SERVER_HELLO);
+                $lastmt = $handmessages[$loop][0];
+            }
+        }
+
+        #First count the number of tests
+        my $nextmess = 0;
+        my $message = undef;
+        my $chnum = 0;
+        my $shnum = 0;
+        if (!TLSProxy::Proxy::is_tls13()) {
+            # In non-TLSv1.3 we always treat reneg CH and SH like the first CH
+            # and SH
+            $chnum = 1;
+            $shnum = 1;
+        }
+        #If we're only expecting one ServerHello out of two then we skip the
+        #first ServerHello in the list completely
+        $shnum++ if ($numsh == 1 && TLSProxy::Proxy::is_tls13());
+        $loop = 0;
+        for ($numtests = 0; $handmessages[$loop][1] != 0; $loop++) {
+            next if (($handmessages[$loop][1] & $handtype) == 0);
+            if (scalar @{$proxy->message_list} > $nextmess) {
+                $message = ${$proxy->message_list}[$nextmess];
+                $nextmess++;
+            } else {
+                $message = undef;
+            }
+            $numtests++;
+
+            next if (!defined $message);
+            if (TLSProxy::Proxy::is_tls13()) {
+                $chnum++ if $message->mt() == TLSProxy::Message::MT_CLIENT_HELLO;
+                $shnum++ if $message->mt() == TLSProxy::Message::MT_SERVER_HELLO;
+            }
+            next if ($message->mt() != TLSProxy::Message::MT_CLIENT_HELLO
+                    && $message->mt() != TLSProxy::Message::MT_SERVER_HELLO
+                    && $message->mt() !=
+                       TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS
+                    && $message->mt() != TLSProxy::Message::MT_CERTIFICATE);
+
+            next if $message->mt() == TLSProxy::Message::MT_CERTIFICATE
+                    && !TLSProxy::Proxy::is_tls13();
+
+            my $extchnum = 1;
+            my $extshnum = 1;
+            for (my $extloop = 0;
+                    $extensions[$extloop][2] != 0;
+                    $extloop++) {
+                $extchnum = 2 if $extensions[$extloop][0] != TLSProxy::Message::MT_CLIENT_HELLO
+                                 && TLSProxy::Proxy::is_tls13();
+                $extshnum = 2 if $extensions[$extloop][0] != TLSProxy::Message::MT_SERVER_HELLO
+                                 && $extchnum == 2;
+                next if $extensions[$extloop][0] == TLSProxy::Message::MT_CLIENT_HELLO
+                                 && $extchnum != $chnum;
+                next if $extensions[$extloop][0] == TLSProxy::Message::MT_SERVER_HELLO
+                                 && $extshnum != $shnum;
+                next if ($message->mt() != $extensions[$extloop][0]);
+                $numtests++;
+            }
+            $numtests++;
+        }
+
+        plan tests => $numtests;
+
+        $nextmess = 0;
+        $message = undef;
+        if (TLSProxy::Proxy::is_tls13()) {
+            $chnum = 0;
+            $shnum = 0;
+        } else {
+            # In non-TLSv1.3 we always treat reneg CH and SH like the first CH
+            # and SH
+            $chnum = 1;
+            $shnum = 1;
+        }
+        #If we're only expecting one ServerHello out of two then we skip the
+        #first ServerHello in the list completely
+        $shnum++ if ($numsh == 1 && TLSProxy::Proxy::is_tls13());
+        for ($loop = 0; $handmessages[$loop][1] != 0; $loop++) {
+            next if (($handmessages[$loop][1] & $handtype) == 0);
+            if (scalar @{$proxy->message_list} > $nextmess) {
+                $message = ${$proxy->message_list}[$nextmess];
+                $nextmess++;
+            } else {
+                $message = undef;
+            }
+            if (!defined $message) {
+                fail("Message type check. Got nothing, expected "
+                     .$handmessages[$loop][0]);
+                next;
+            } else {
+                ok($message->mt == $handmessages[$loop][0],
+                   "Message type check. Got ".$message->mt
+                   .", expected ".$handmessages[$loop][0]);
+            }
+            if (TLSProxy::Proxy::is_tls13()) {
+                $chnum++ if $message->mt() == TLSProxy::Message::MT_CLIENT_HELLO;
+                $shnum++ if $message->mt() == TLSProxy::Message::MT_SERVER_HELLO;
+            }
+
+            next if ($message->mt() != TLSProxy::Message::MT_CLIENT_HELLO
+                    && $message->mt() != TLSProxy::Message::MT_SERVER_HELLO
+                    && $message->mt() !=
+                       TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS
+                    && $message->mt() != TLSProxy::Message::MT_CERTIFICATE);
+
+            next if $message->mt() == TLSProxy::Message::MT_CERTIFICATE
+                    && !TLSProxy::Proxy::is_tls13();
+
+            if ($message->mt() == TLSProxy::Message::MT_CLIENT_HELLO) {
+                #Add renegotiate extension we will expect if renegotiating
+                $exttype |= RENEGOTIATE_CLI_EXTENSION
+                    if ($clienthelloseen && !TLSProxy::Proxy::is_tls13());
+                $clienthelloseen = 1;
+            }
+            #Now check that we saw the extensions we expected
+            my $msgexts = $message->extension_data();
+            my $extchnum = 1;
+            my $extshnum = 1;
+            for (my $extloop = 0, $extcount = 0; $extensions[$extloop][2] != 0;
+                                $extloop++) {
+                #In TLSv1.3 we can have two ClientHellos if there has been a
+                #HelloRetryRequest, and they may have different extensions. Skip
+                #if these are extensions for a different ClientHello
+                $extchnum = 2 if $extensions[$extloop][0] != TLSProxy::Message::MT_CLIENT_HELLO
+                                 && TLSProxy::Proxy::is_tls13();
+                $extshnum = 2 if $extensions[$extloop][0] != TLSProxy::Message::MT_SERVER_HELLO
+                                 && $extchnum == 2;
+                next if $extensions[$extloop][0] == TLSProxy::Message::MT_CLIENT_HELLO
+                                 && $extchnum != $chnum;
+                next if $extensions[$extloop][0] == TLSProxy::Message::MT_SERVER_HELLO
+                                 && $extshnum != $shnum;
+                next if ($message->mt() != $extensions[$extloop][0]);
+                ok (($extensions[$extloop][2] & $exttype) == 0
+                      || defined ($msgexts->{$extensions[$extloop][1]}),
+                    "Extension presence check (Message: ".$message->mt()
+                    ." Extension: ".($extensions[$extloop][2] & $exttype).", "
+                    .$extloop.")");
+                $extcount++ if (($extensions[$extloop][2] & $exttype) != 0);
+            }
+            ok($extcount == keys %$msgexts, "Extensions count mismatch ("
+                                            .$extcount.", ".(keys %$msgexts)
+                                            .")");
+        }
+    }
+}
+
+1;
diff --git a/trunk/3rdparty/openssl-1.1-fit/util/perl/with_fallback.pm b/trunk/3rdparty/openssl-1.1-fit/util/perl/with_fallback.pm
new file mode 100644
index 000000000..242365033
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/util/perl/with_fallback.pm
@@ -0,0 +1,27 @@
+# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+package with_fallback;
+
+sub import {
+    shift;
+
+    use File::Basename;
+    use File::Spec::Functions;
+    foreach (@_) {
+	eval "use $_";
+	if ($@) {
+	    unshift @INC, catdir(dirname(__FILE__),
+                                 "..", "..", "external", "perl");
+	    my $transfer = "transfer::$_";
+	    eval "use $transfer";
+	    shift @INC;
+	    warn $@ if $@;
+	}
+    }
+}
+1;
diff --git a/trunk/3rdparty/openssl-1.1-fit/util/private.num b/trunk/3rdparty/openssl-1.1-fit/util/private.num
new file mode 100644
index 000000000..a6ef44e4a
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/util/private.num
@@ -0,0 +1,457 @@
+# This isn't a library ".num" file but is a list of documented items
+# that don't appear in lib*.num -- because they are define's, in
+# assembly language, etc.
+#
+OPENSSL_ia32cap                         environment
+OPENSSL_MALLOC_FD                       environment
+OPENSSL_MALLOC_FAILURES                 environment
+OPENSSL_instrument_bus                  assembler
+OPENSSL_instrument_bus2                 assembler
+#
+ADMISSION_SYNTAX                        datatype
+ADMISSIONS                              datatype
+ASN1_STRING_TABLE                       datatype
+BIO_ADDR                                datatype
+BIO_ADDRINFO                            datatype
+BIO_callback_fn                         datatype
+BIO_callback_fn_ex                      datatype
+BIO_hostserv_priorities                 datatype
+BIO_lookup_type                         datatype
+CRYPTO_EX_dup                           datatype
+CRYPTO_EX_free                          datatype
+CRYPTO_EX_new                           datatype
+DTLS_timer_cb                           datatype
+EVP_PKEY_gen_cb                         datatype
+EVP_PKEY_METHOD                         datatype
+EVP_PKEY_ASN1_METHOD                    datatype
+GEN_SESSION_CB                          datatype
+OPENSSL_Applink                         external
+NAMING_AUTHORITY                        datatype
+OSSL_STORE_CTX                          datatype
+OSSL_STORE_INFO                         datatype
+OSSL_STORE_LOADER                       datatype
+OSSL_STORE_LOADER_CTX                   datatype
+OSSL_STORE_SEARCH                       datatype
+OSSL_STORE_close_fn                     datatype
+OSSL_STORE_ctrl_fn                      datatype
+OSSL_STORE_expect_fn                    datatype
+OSSL_STORE_find_fn                      datatype
+OSSL_STORE_eof_fn                       datatype
+OSSL_STORE_error_fn                     datatype
+OSSL_STORE_load_fn                      datatype
+OSSL_STORE_open_fn                      datatype
+OSSL_STORE_post_process_info_fn         datatype
+PROFESSION_INFO                         datatype
+PROFESSION_INFOS                        datatype
+RAND_DRBG_cleanup_entropy_fn            datatype
+RAND_DRBG_cleanup_nonce_fn              datatype
+RAND_DRBG_get_entropy_fn                datatype
+RAND_DRBG_get_nonce_fn                  datatype
+RAND_poll_cb                            datatype
+SSL_CTX_allow_early_data_cb_fn          datatype
+SSL_CTX_keylog_cb_func                  datatype
+SSL_allow_early_data_cb_fn              datatype
+SSL_client_hello_cb_fn                  datatype
+SSL_psk_client_cb_func                  datatype
+SSL_psk_find_session_cb_func            datatype
+SSL_psk_server_cb_func                  datatype
+SSL_psk_use_session_cb_func             datatype
+SSL_verify_cb                           datatype
+UI                                      datatype
+UI_METHOD                               datatype
+UI_STRING                               datatype
+UI_string_types                         datatype
+UI_string_types                         datatype
+X509_STORE_CTX_cert_crl_fn              datatype
+X509_STORE_CTX_check_crl_fn             datatype
+X509_STORE_CTX_check_issued_fn          datatype
+X509_STORE_CTX_check_policy_fn          datatype
+X509_STORE_CTX_check_revocation_fn      datatype
+X509_STORE_CTX_cleanup_fn               datatype
+X509_STORE_CTX_get_crl_fn               datatype
+X509_STORE_CTX_get_issuer_fn            datatype
+X509_STORE_CTX_lookup_certs_fn          datatype
+X509_STORE_CTX_lookup_crls_fn           datatype
+X509_STORE_CTX_verify_cb                datatype
+X509_STORE_CTX_verify_fn                datatype
+X509_STORE_set_verify_cb_func           datatype
+X509_LOOKUP_get_by_alias_fn             datatype
+X509_LOOKUP_get_by_subject_fn           datatype
+X509_LOOKUP_get_by_fingerprint_fn       datatype
+X509_LOOKUP_ctrl_fn                     datatype
+X509_LOOKUP_get_by_issuer_serial_fn     datatype
+bio_info_cb                             datatype
+BIO_info_cb                             datatype
+custom_ext_add_cb                       datatype
+custom_ext_free_cb                      datatype
+custom_ext_parse_cb                     datatype
+pem_password_cb                         datatype
+ssl_ct_validation_cb                    datatype
+#
+BIO_append_filename                     define
+BIO_destroy_bio_pair                    define
+BIO_do_accept                           define
+BIO_do_connect                          define
+BIO_do_handshake                        define
+BIO_eof                                 define
+BIO_flush                               define
+BIO_get_accept_name                     define
+BIO_get_accept_port                     define
+BIO_get_accept_ip_family                define
+BIO_get_peer_name                       define
+BIO_get_peer_port                       define
+BIO_get_bind_mode                       define
+BIO_get_buffer_num_lines                define
+BIO_get_cipher_ctx                      define
+BIO_get_cipher_status                   define
+BIO_get_close                           define
+BIO_get_conn_address                    define
+BIO_get_conn_hostname                   define
+BIO_get_conn_port                       define
+BIO_get_conn_ip_family                  define
+BIO_get_fd                              define
+BIO_get_fp                              define
+BIO_get_info_callback                   define
+BIO_get_md                              define
+BIO_get_md_ctx                          define
+BIO_get_mem_data                        define
+BIO_get_mem_ptr                         define
+BIO_get_num_renegotiates                define
+BIO_get_read_request                    define
+BIO_get_ssl                             define
+BIO_get_write_buf_size                  define
+BIO_get_write_guarantee                 define
+BIO_make_bio_pair                       define
+BIO_pending                             define
+BIO_read_filename                       define
+BIO_reset                               define
+BIO_retry_type                          define
+BIO_rw_filename                         define
+BIO_seek                                define
+BIO_set_accept_bios                     define
+BIO_set_accept_name                     define
+BIO_set_accept_port                     define
+BIO_set_accept_ip_family                define
+BIO_set_bind_mode                       define
+BIO_set_buffer_read_data                define
+BIO_set_buffer_size                     define
+BIO_set_close                           define
+BIO_set_conn_address                    define
+BIO_set_conn_hostname                   define
+BIO_set_conn_port                       define
+BIO_set_conn_ip_family                  define
+BIO_set_fd                              define
+BIO_set_fp                              define
+BIO_set_info_callback                   define
+BIO_set_md                              define
+BIO_set_mem_buf                         define
+BIO_set_mem_eof_return                  define
+BIO_set_nbio                            define
+BIO_set_nbio_accept                     define
+BIO_set_read_buffer_size                define
+BIO_set_ssl                             define
+BIO_set_ssl_mode                        define
+BIO_set_ssl_renegotiate_bytes           define
+BIO_set_ssl_renegotiate_timeout         define
+BIO_set_write_buf_size                  define
+BIO_set_write_buffer_size               define
+BIO_should_io_special                   define
+BIO_should_read                         define
+BIO_should_retry                        define
+BIO_should_write                        define
+BIO_shutdown_wr                         define
+BIO_tell                                define
+BIO_wpending                            define
+BIO_write_filename                      define
+BN_mod                                  define
+BN_num_bytes                            define
+BN_one                                  define
+BN_zero                                 define deprecated 0.9.8
+CONF_modules_free                       define deprecated 1.1.0
+DES_ecb2_encrypt                        define
+DES_ede2_cbc_encrypt                    define
+DES_ede2_cfb64_encrypt                  define
+DES_ede2_ofb64_encrypt                  define
+DTLS_get_link_min_mtu                   define
+DTLS_set_link_mtu                       define
+ENGINE_cleanup                          define deprecated 1.1.0
+ERR_FATAL_ERROR                         define
+ERR_GET_FUNC                            define
+ERR_GET_LIB                             define
+ERR_GET_REASON                          define
+ERR_PACK                                define
+ERR_free_strings                        define deprecated 1.1.0
+ERR_load_crypto_strings                 define deprecated 1.1.0
+EVP_DigestSignUpdate                    define
+EVP_DigestVerifyUpdate                  define
+EVP_MD_CTX_block_size                   define
+EVP_MD_CTX_size                         define
+EVP_MD_CTX_type                         define
+EVP_OpenUpdate                          define
+EVP_PKEY_CTX_add1_hkdf_info             define
+EVP_PKEY_CTX_add1_tls1_prf_seed         define
+EVP_PKEY_CTX_get0_dh_kdf_oid            define
+EVP_PKEY_CTX_get0_dh_kdf_ukm            define
+EVP_PKEY_CTX_get0_ecdh_kdf_ukm          define
+EVP_PKEY_CTX_get0_rsa_oaep_label        define
+EVP_PKEY_CTX_get_dh_kdf_md              define
+EVP_PKEY_CTX_get_dh_kdf_outlen          define
+EVP_PKEY_CTX_get_dh_kdf_type            define
+EVP_PKEY_CTX_get_ecdh_cofactor_mode     define
+EVP_PKEY_CTX_get_ecdh_kdf_md            define
+EVP_PKEY_CTX_get_ecdh_kdf_outlen        define
+EVP_PKEY_CTX_get_ecdh_kdf_type          define
+EVP_PKEY_CTX_get_rsa_mgf1_md            define
+EVP_PKEY_CTX_get_rsa_oaep_md            define
+EVP_PKEY_CTX_get_rsa_padding            define
+EVP_PKEY_CTX_get_rsa_pss_saltlen        define
+EVP_PKEY_CTX_get_signature_md           define
+EVP_PKEY_CTX_hkdf_mode                  define
+EVP_PKEY_CTX_set0_dh_kdf_oid            define
+EVP_PKEY_CTX_set0_dh_kdf_ukm            define
+EVP_PKEY_CTX_set0_ecdh_kdf_ukm          define
+EVP_PKEY_CTX_set0_rsa_oaep_label        define
+EVP_PKEY_CTX_set1_hkdf_key              define
+EVP_PKEY_CTX_set1_hkdf_salt             define
+EVP_PKEY_CTX_set1_pbe_pass              define
+EVP_PKEY_CTX_set1_scrypt_salt           define
+EVP_PKEY_CTX_set1_tls1_prf_secret       define
+EVP_PKEY_CTX_set_dh_paramgen_generator  define
+EVP_PKEY_CTX_set_dh_paramgen_prime_len  define
+EVP_PKEY_CTX_set_dh_paramgen_subprime_len     define
+EVP_PKEY_CTX_set_dh_paramgen_type       define
+EVP_PKEY_CTX_set_dh_kdf_md              define
+EVP_PKEY_CTX_set_dh_kdf_outlen          define
+EVP_PKEY_CTX_set_dh_kdf_type            define
+EVP_PKEY_CTX_set_dh_nid                 define
+EVP_PKEY_CTX_set_dh_pad                 define
+EVP_PKEY_CTX_set_dh_rfc5114             define
+EVP_PKEY_CTX_set_dhx_rfc5114            define
+EVP_PKEY_CTX_set_dsa_paramgen_bits      define
+EVP_PKEY_CTX_set_ec_param_enc           define
+EVP_PKEY_CTX_set_ec_paramgen_curve_nid  define
+EVP_PKEY_CTX_set_ecdh_cofactor_mode     define
+EVP_PKEY_CTX_set_ecdh_kdf_md            define
+EVP_PKEY_CTX_set_ecdh_kdf_outlen        define
+EVP_PKEY_CTX_set_ecdh_kdf_type          define
+EVP_PKEY_CTX_set_hkdf_md                define
+EVP_PKEY_CTX_set_mac_key                define
+EVP_PKEY_CTX_set_rsa_keygen_bits        define
+EVP_PKEY_CTX_set_rsa_keygen_pubexp      define
+EVP_PKEY_CTX_set_rsa_keygen_primes      define
+EVP_PKEY_CTX_set_rsa_mgf1_md            define
+EVP_PKEY_CTX_set_rsa_oaep_md            define
+EVP_PKEY_CTX_set_rsa_padding            define
+EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md define
+EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen define
+EVP_PKEY_CTX_set_rsa_pss_keygen_md      define
+EVP_PKEY_CTX_set_rsa_pss_saltlen        define
+EVP_PKEY_CTX_set_scrypt_N               define
+EVP_PKEY_CTX_set_scrypt_r               define
+EVP_PKEY_CTX_set_scrypt_maxmem_bytes    define
+EVP_PKEY_CTX_set_scrypt_p               define
+EVP_PKEY_CTX_set_signature_md           define
+EVP_PKEY_CTX_set_tls1_prf_md            define
+EVP_PKEY_assign_DH                      define
+EVP_PKEY_assign_DSA                     define
+EVP_PKEY_assign_EC_KEY                  define
+EVP_PKEY_assign_POLY1305                define
+EVP_PKEY_assign_RSA                     define
+EVP_PKEY_assign_SIPHASH                 define
+EVP_SealUpdate                          define
+EVP_SignInit                            define
+EVP_SignInit_ex                         define
+EVP_SignUpdate                          define
+EVP_VerifyInit                          define
+EVP_VerifyInit_ex                       define
+EVP_VerifyUpdate                        define
+EVP_bf_cfb                              define
+EVP_cast5_cfb                           define
+EVP_cleanup                             define deprecated 1.1.0
+EVP_get_digestbynid                     define
+EVP_get_digestbyobj                     define
+EVP_idea_cfb                            define
+EVP_rc2_cfb                             define
+EVP_rc5_32_12_16_cfb                    define
+EVP_seed_cfb                            define
+EVP_sm4_cfb                             define
+OBJ_cleanup                             define deprecated 1.1.0
+OPENSSL_VERSION_NUMBER                  define
+OPENSSL_VERSION_TEXT                    define
+OPENSSL_clear_free                      define
+OPENSSL_clear_realloc                   define
+OPENSSL_free                            define
+OPENSSL_malloc                          define
+OPENSSL_malloc_init                     define
+OPENSSL_mem_debug_pop                   define
+OPENSSL_mem_debug_push                  define
+OPENSSL_memdup                          define
+OPENSSL_no_config                       define deprecated 1.1.0
+OPENSSL_realloc                         define
+OPENSSL_secure_actual_size              define
+OPENSSL_secure_clear_free               define
+OPENSSL_secure_free                     define
+OPENSSL_secure_malloc                   define
+OPENSSL_secure_zalloc                   define
+OPENSSL_strdup                          define
+OPENSSL_strndup                         define
+OPENSSL_zalloc                          define
+OpenSSL_add_all_algorithms              define deprecated 1.1.0
+OpenSSL_add_all_ciphers                 define deprecated 1.1.0
+OpenSSL_add_all_digests                 define deprecated 1.1.0
+OpenSSL_add_ssl_algorithms              define
+PEM_FLAG_EAY_COMPATIBLE                 define
+PEM_FLAG_ONLY_B64                       define
+PEM_FLAG_SECURE                         define
+RAND_cleanup                            define deprecated 1.1.0
+RAND_DRBG_get_ex_new_index              define
+SSL_COMP_free_compression_methods       define deprecated 1.1.0
+SSL_CTX_add0_chain_cert                 define
+SSL_CTX_add1_chain_cert                 define
+SSL_CTX_add_extra_chain_cert            define
+SSL_CTX_build_cert_chain                define
+SSL_CTX_clear_chain_certs               define
+SSL_CTX_clear_extra_chain_certs         define
+SSL_CTX_clear_mode                      define
+SSL_CTX_decrypt_session_ticket_fn       define
+SSL_CTX_disable_ct                      define
+SSL_CTX_generate_session_ticket_fn      define
+SSL_CTX_get0_chain_certs                define
+SSL_CTX_get_default_read_ahead          define
+SSL_CTX_get_max_cert_list               define
+SSL_CTX_get_max_proto_version           define
+SSL_CTX_get_min_proto_version           define
+SSL_CTX_get_mode                        define
+SSL_CTX_get_read_ahead                  define
+SSL_CTX_get_session_cache_mode          define
+SSL_CTX_get_tlsext_status_arg           define
+SSL_CTX_get_tlsext_status_cb            define
+SSL_CTX_get_tlsext_status_type          define
+SSL_CTX_select_current_cert             define
+SSL_CTX_sess_accept                     define
+SSL_CTX_sess_accept_good                define
+SSL_CTX_sess_accept_renegotiate         define
+SSL_CTX_sess_cache_full                 define
+SSL_CTX_sess_cb_hits                    define
+SSL_CTX_sess_connect                    define
+SSL_CTX_sess_connect_good               define
+SSL_CTX_sess_connect_renegotiate        define
+SSL_CTX_sess_get_cache_size             define
+SSL_CTX_sess_hits                       define
+SSL_CTX_sess_misses                     define
+SSL_CTX_sess_number                     define
+SSL_CTX_sess_set_cache_size             define
+SSL_CTX_sess_timeouts                   define
+SSL_CTX_set0_chain                      define
+SSL_CTX_set0_chain_cert_store           define
+SSL_CTX_set0_verify_cert_store          define
+SSL_CTX_set1_chain                      define
+SSL_CTX_set1_chain_cert_store           define
+SSL_CTX_set1_client_sigalgs             define
+SSL_CTX_set1_client_sigalgs_list        define
+SSL_CTX_set1_curves                     define
+SSL_CTX_set1_curves_list                define
+SSL_CTX_set1_groups                     define
+SSL_CTX_set1_groups_list                define
+SSL_CTX_set1_sigalgs                    define
+SSL_CTX_set1_sigalgs_list               define
+SSL_CTX_set1_verify_cert_store          define
+SSL_CTX_set_current_cert                define
+SSL_CTX_set_max_cert_list               define
+SSL_CTX_set_max_pipelines               define
+SSL_CTX_set_max_proto_version           define
+SSL_CTX_set_max_send_fragment           define
+SSL_CTX_set_min_proto_version           define
+SSL_CTX_set_mode                        define
+SSL_CTX_set_msg_callback_arg            define
+SSL_CTX_set_read_ahead                  define
+SSL_CTX_set_session_cache_mode          define
+SSL_CTX_set_split_send_fragment         define
+SSL_CTX_set_tlsext_servername_arg       define
+SSL_CTX_set_tlsext_servername_callback  define
+SSL_CTX_set_tlsext_status_arg           define
+SSL_CTX_set_tlsext_status_cb            define
+SSL_CTX_set_tlsext_status_type          define
+SSL_CTX_set_tlsext_ticket_key_cb        define
+SSL_CTX_set_tmp_dh                      define
+SSL_add0_chain_cert                     define
+SSL_add1_chain_cert                     define
+SSL_build_cert_chain                    define
+SSL_clear_chain_certs                   define
+SSL_clear_mode                          define
+SSL_disable_ct                          define
+SSL_get0_chain_certs                    define
+SSL_get0_session                        define
+SSL_get1_curves                         define
+SSL_get1_groups                         define
+SSL_get_cipher                          define
+SSL_get_cipher_bits                     define
+SSL_get_cipher_name                     define
+SSL_get_cipher_version                  define
+SSL_get_extms_support                   define
+SSL_get_max_cert_list                   define
+SSL_get_max_proto_version               define
+SSL_get_min_proto_version               define
+SSL_get_mode                            define
+SSL_get_peer_signature_nid              define
+SSL_get_peer_tmp_key                    define
+SSL_get_secure_renegotiation_support    define
+SSL_get_server_tmp_key                  define
+SSL_get_shared_curve                    define
+SSL_get_shared_group                    define
+SSL_get_signature_nid                   define
+SSL_get_time                            define
+SSL_get_timeout                         define
+SSL_get_tlsext_status_ocsp_resp         define
+SSL_get_tlsext_status_type              define
+SSL_get_tmp_key                         define
+SSL_in_accept_init                      define
+SSL_in_connect_init                     define
+SSL_library_init                        define
+SSL_load_error_strings                  define deprecated 1.1.0
+SSL_select_current_cert                 define
+SSL_set0_chain                          define
+SSL_set0_chain_cert_store               define
+SSL_set0_verify_cert_store              define
+SSL_set1_chain                          define
+SSL_set1_chain_cert_store               define
+SSL_set1_client_sigalgs                 define
+SSL_set1_client_sigalgs_list            define
+SSL_set1_curves                         define
+SSL_set1_curves_list                    define
+SSL_set1_groups                         define
+SSL_set1_groups_list                    define
+SSL_set1_sigalgs                        define
+SSL_set1_sigalgs_list                   define
+SSL_set1_verify_cert_store              define
+SSL_set_current_cert                    define
+SSL_set_max_cert_list                   define
+SSL_set_max_pipelines                   define
+SSL_set_max_proto_version               define
+SSL_set_max_send_fragment               define
+SSL_set_min_proto_version               define
+SSL_set_mode                            define
+SSL_set_msg_callback_arg                define
+SSL_set_mtu                             define
+SSL_set_split_send_fragment             define
+SSL_set_time                            define
+SSL_set_timeout                         define
+SSL_set_tlsext_host_name                define
+SSL_set_tlsext_status_ocsp_resp         define
+SSL_set_tlsext_status_type              define
+SSL_set_tmp_dh                          define
+SSL_want_async                          define
+SSL_want_async_job                      define
+SSL_want_client_hello_cb                define
+SSL_want_nothing                        define
+SSL_want_read                           define
+SSL_want_write                          define
+SSL_want_x509_lookup                    define
+SSLv23_client_method                    define
+SSLv23_method                           define
+SSLv23_server_method                    define
+X509_STORE_set_lookup_crls_cb           define
+X509_STORE_set_verify_func              define
+EVP_PKEY_CTX_set1_id                    define
+EVP_PKEY_CTX_get1_id                    define
+EVP_PKEY_CTX_get1_id_len                define
diff --git a/trunk/3rdparty/openssl-1.1-fit/util/process_docs.pl b/trunk/3rdparty/openssl-1.1-fit/util/process_docs.pl
new file mode 100755
index 000000000..30b149eb8
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/util/process_docs.pl
@@ -0,0 +1,271 @@
+#! /usr/bin/env perl
+# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+use warnings;
+
+use File::Spec::Functions;
+use File::Basename;
+use File::Copy;
+use File::Path;
+use FindBin;
+use lib "$FindBin::Bin/perl";
+use OpenSSL::Glob;
+use Getopt::Long;
+use Pod::Usage;
+
+use lib '.';
+use configdata;
+
+# We know we are in the 'util' directory and that our perl modules are
+# in util/perl
+use lib catdir(dirname($0), "perl");
+use OpenSSL::Util::Pod;
+
+my %options = ();
+GetOptions(\%options,
+           'sourcedir=s',       # Source directory
+           'section=i@',        # Subdirectories to look through,
+                                # with associated section numbers
+           'destdir=s',         # Destination directory
+           #'in=s@',             # Explicit files to process (ignores sourcedir)
+           'type=s',            # The result type, 'man' or 'html'
+           'suffix:s',          # Suffix to add to the extension.
+                                # Only used with type=man
+           'remove',            # To remove files rather than writing them
+           'dry-run|n',         # Only output file names on STDOUT
+           'debug|D+',
+          );
+
+unless ($options{section}) {
+    $options{section} = [ 1, 3, 5, 7 ];
+}
+unless ($options{sourcedir}) {
+    $options{sourcedir} = catdir($config{sourcedir}, "doc");
+}
+pod2usage(1) unless ( defined $options{section}
+                      && defined $options{sourcedir}
+                      && defined $options{destdir}
+                      && defined $options{type}
+                      && ($options{type} eq 'man'
+                          || $options{type} eq 'html') );
+pod2usage(1) if ( $options{type} eq 'html'
+                  && defined $options{suffix} );
+
+if ($options{debug}) {
+    print STDERR "DEBUG: options:\n";
+    print STDERR "DEBUG:   --sourcedir = $options{sourcedir}\n"
+        if defined $options{sourcedir};
+    print STDERR "DEBUG:   --destdir   = $options{destdir}\n"
+        if defined $options{destdir};
+    print STDERR "DEBUG:   --type      = $options{type}\n"
+        if defined $options{type};
+    print STDERR "DEBUG:   --suffix    = $options{suffix}\n"
+        if defined $options{suffix};
+    foreach (sort @{$options{section}}) {
+        print STDERR "DEBUG:   --section   = $_\n";
+    }
+    print STDERR "DEBUG:   --remove    = $options{remove}\n"
+        if defined $options{remove};
+    print STDERR "DEBUG:   --debug     = $options{debug}\n"
+        if defined $options{debug};
+    print STDERR "DEBUG:   --dry-run   = $options{\"dry-run\"}\n"
+        if defined $options{"dry-run"};
+}
+
+my $symlink_exists = eval { symlink("",""); 1 };
+
+foreach my $section (sort @{$options{section}}) {
+    my $subdir = "man$section";
+    my $podsourcedir = catfile($options{sourcedir}, $subdir);
+    my $podglob = catfile($podsourcedir, "*.pod");
+
+    foreach my $podfile (glob $podglob) {
+        my $podname = basename($podfile, ".pod");
+        my $podpath = catfile($podfile);
+        my %podinfo = extract_pod_info($podpath,
+                                       { debug => $options{debug},
+                                         section => $section });
+        my @podfiles = grep { $_ ne $podname } @{$podinfo{names}};
+
+        my $updir = updir();
+        my $name = uc $podname;
+        my $suffix = { man  => ".$podinfo{section}".($options{suffix} // ""),
+                       html => ".html" } -> {$options{type}};
+        my $generate = { man  => "pod2man --name=$name --section=$podinfo{section} --center=OpenSSL --release=$config{version} \"$podpath\"",
+                         html => "pod2html \"--podroot=$options{sourcedir}\" --htmldir=$updir --podpath=man1:man3:man5:man7 \"--infile=$podpath\" \"--title=$podname\" --quiet"
+                         } -> {$options{type}};
+        my $output_dir = catdir($options{destdir}, "man$podinfo{section}");
+        my $output_file = $podname . $suffix;
+        my $output_path = catfile($output_dir, $output_file);
+
+        if (! $options{remove}) {
+            my @output;
+            print STDERR "DEBUG: Processing, using \"$generate\"\n"
+                if $options{debug};
+            unless ($options{"dry-run"}) {
+                @output = `$generate`;
+                map { s|href="http://man\.he\.net/(man\d/[^"]+)(?:\.html)?"|href="../$1.html"|g; } @output
+                    if $options{type} eq "html";
+                if ($options{type} eq "man") {
+                    # Because some *roff parsers are more strict than others,
+                    # multiple lines in the NAME section must be merged into
+                    # one.
+                    my $in_name = 0;
+                    my $name_line = "";
+                    my @newoutput = ();
+                    foreach (@output) {
+                        if ($in_name) {
+                            if (/^\.SH "/) {
+                                $in_name = 0;
+                                push @newoutput, $name_line."\n";
+                            } else {
+                                chomp (my $x = $_);
+                                $name_line .= " " if $name_line;
+                                $name_line .= $x;
+                                next;
+                            }
+                        }
+                        if (/^\.SH +"NAME" *$/) {
+                            $in_name = 1;
+                        }
+                        push @newoutput, $_;
+                    }
+                    @output = @newoutput;
+                }
+            }
+            print STDERR "DEBUG: Done processing\n" if $options{debug};
+
+            if (! -d $output_dir) {
+                print STDERR "DEBUG: Creating directory $output_dir\n" if $options{debug};
+                unless ($options{"dry-run"}) {
+                    mkpath $output_dir
+                        or die "Trying to create directory $output_dir: $!\n";
+                }
+            }
+            print STDERR "DEBUG: Writing $output_path\n" if $options{debug};
+            unless ($options{"dry-run"}) {
+                open my $output_fh, '>', $output_path
+                    or die "Trying to write to $output_path: $!\n";
+                foreach (@output) {
+                    print $output_fh $_;
+                }
+                close $output_fh;
+            }
+            print STDERR "DEBUG: Done writing $output_path\n" if $options{debug};
+        } else {
+            print STDERR "DEBUG: Removing $output_path\n" if $options{debug};
+            unless ($options{"dry-run"}) {
+                while (unlink $output_path) {}
+            }
+        }
+        print "$output_path\n";
+
+        foreach (@podfiles) {
+            my $link_file = $_ . $suffix;
+            my $link_path = catfile($output_dir, $link_file);
+            if (! $options{remove}) {
+                if ($symlink_exists) {
+                    print STDERR "DEBUG: Linking $link_path -> $output_file\n"
+                        if $options{debug};
+                    unless ($options{"dry-run"}) {
+                        symlink $output_file, $link_path;
+                    }
+                } else {
+                    print STDERR "DEBUG: Copying $output_path to link_path\n"
+                        if $options{debug};
+                    unless ($options{"dry-run"}) {
+                        copy $output_path, $link_path;
+                    }
+                }
+            } else {
+                print STDERR "DEBUG: Removing $link_path\n" if $options{debug};
+                unless ($options{"dry-run"}) {
+                    while (unlink $link_path) {}
+                }
+            }
+            print "$link_path -> $output_path\n";
+        }
+    }
+}
+
+__END__
+
+=pod
+
+=head1 NAME
+
+process_docs.pl - A script to process OpenSSL docs
+
+=head1 SYNOPSIS
+
+B<process_docs.pl>
+[B<--sourcedir>=I<dir>]
+B<--destdir>=I<dir>
+B<--type>=B<man>|B<html>
+[B<--suffix>=I<suffix>]
+[B<--remove>]
+[B<--dry-run>|B<-n>]
+[B<--debug>|B<-D>]
+
+=head1 DESCRIPTION
+
+This script looks for .pod files in the subdirectories 'apps', 'crypto'
+and 'ssl' under the given source directory.
+
+The OpenSSL configuration data file F<configdata.pm> I<must> reside in
+the current directory, I<or> perl must have the directory it resides in
+in its inclusion array.  For the latter variant, a call like this would
+work:
+
+ perl -I../foo util/process_docs.pl {options ...}
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<--sourcedir>=I<dir>
+
+Top directory where the source files are found.
+
+=item B<--destdir>=I<dir>
+
+Top directory where the resulting files should end up
+
+=item B<--type>=B<man>|B<html>
+
+Type of output to produce.  Currently supported are man pages and HTML files.
+
+=item B<--suffix>=I<suffix>
+
+A suffix added to the extension.  Only valid with B<--type>=B<man>
+
+=item B<--remove>
+
+Instead of writing the files, remove them.
+
+=item B<--dry-run>|B<-n>
+
+Do not perform any file writing, directory creation or file removal.
+
+=item B<--debug>|B<-D>
+
+Print extra debugging output.
+
+=back
+
+=head1 COPYRIGHT
+
+Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+https://www.openssl.org/source/license.html
+
+=cut
diff --git a/trunk/3rdparty/openssl-1.1-fit/util/shlib_wrap.sh.in b/trunk/3rdparty/openssl-1.1-fit/util/shlib_wrap.sh.in
new file mode 100755
index 000000000..eac70ed97
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/util/shlib_wrap.sh.in
@@ -0,0 +1,138 @@
+#!/bin/sh
+{-
+    use lib '.';
+    use configdata;
+
+    sub shlib {
+        my $lib = shift;
+        return "" if $disabled{shared};
+        $lib = $unified_info{rename}->{$lib}
+            if defined $unified_info{rename}->{$lib};
+        $lib = $unified_info{sharednames}->{$lib}
+            . ($target{shlib_variant} || "")
+            . ($target{shared_extension} || ".so");
+        $lib =~ s|\.\$\(SHLIB_VERSION_NUMBER\)
+                 |.$config{shlib_version_number}|x;
+        return $lib;
+    }
+    "";     # Make sure no left over string sneaks its way into the script
+-}
+# To test this OpenSSL version's applications against another version's
+# shared libraries, simply set
+#
+#     OPENSSL_REGRESSION=/path/to/other/OpenSSL/build/tree
+if [ -n "$OPENSSL_REGRESSION" ]; then
+    shlibwrap="$OPENSSL_REGRESSION/util/shlib_wrap.sh"
+    if [ -x "$shlibwrap" ]; then
+        # We clear OPENSSL_REGRESSION to avoid a loop, should the shlib_wrap.sh
+        # we exec also support that mechanism...
+        OPENSSL_REGRESSION= exec "$shlibwrap" "$@"
+    else
+        if [ -f "$shlibwrap" ]; then
+            echo "Not permitted to run $shlibwrap" >&2
+        else
+            echo "No $shlibwrap, perhaps OPENSSL_REGRESSION isn't properly set?" >&2
+        fi
+        exit 1
+    fi
+fi
+
+[ $# -ne 0 ] || set -x		# debug mode without arguments:-)
+
+THERE="`echo $0 | sed -e 's|[^/]*$||' 2>/dev/null`.."
+[ -d "${THERE}" ] || exec "$@"	# should never happen...
+
+LIBCRYPTOSO="${THERE}/{- shlib('libcrypto') -}"
+LIBSSLSO="${THERE}/{- shlib('libssl') -}"
+
+SYSNAME=`(uname -s) 2>/dev/null`;
+case "$SYSNAME" in
+SunOS|IRIX*)
+	# SunOS and IRIX run-time linkers evaluate alternative
+	# variables depending on target ABI...
+	rld_var=LD_LIBRARY_PATH
+	case "`(/usr/bin/file "$LIBCRYPTOSO") 2>/dev/null`" in
+	*ELF\ 64*SPARC*|*ELF\ 64*AMD64*)
+		[ -n "$LD_LIBRARY_PATH_64" ] && rld_var=LD_LIBRARY_PATH_64
+		LD_PRELOAD_64="$LIBCRYPTOSO $LIBSSLSO"; export LD_PRELOAD_64
+		preload_var=LD_PRELOAD_64
+		;;
+	*ELF\ 32*SPARC*|*ELF\ 32*80386*)
+		# We only need to change LD_PRELOAD_32 and LD_LIBRARY_PATH_32
+		# on a multi-arch system.  Otherwise, trust the fallbacks.
+		if [ -f /lib/64/ld.so.1 ]; then
+		    [ -n "$LD_LIBRARY_PATH_32" ] && rld_var=LD_LIBRARY_PATH_32
+		    LD_PRELOAD_32="$LIBCRYPTOSO $LIBSSLSO"; export LD_PRELOAD_32
+		    preload_var=LD_PRELOAD_32
+		fi
+		;;
+	# Why are newly built .so's preloaded anyway? Because run-time
+	# .so lookup path embedded into application takes precedence
+	# over LD_LIBRARY_PATH and as result application ends up linking
+	# to previously installed .so's. On IRIX instead of preloading
+	# newly built .so's we trick run-time linker to fail to find
+	# the installed .so by setting _RLD_ROOT variable.
+	*ELF\ 32*MIPS*)
+		#_RLD_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT"; export _RLD_LIST
+		_RLD_ROOT=/no/such/dir; export _RLD_ROOT
+		eval $rld_var=\"/usr/lib'${'$rld_var':+:$'$rld_var'}'\"
+		preload_var=_RLD_LIST
+		;;
+	*ELF\ N32*MIPS*)
+		[ -n "$LD_LIBRARYN32_PATH" ] && rld_var=LD_LIBRARYN32_PATH
+		#_RLDN32_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT"; export _RLDN32_LIST
+		_RLDN32_ROOT=/no/such/dir; export _RLDN32_ROOT
+		eval $rld_var=\"/usr/lib32'${'$rld_var':+:$'$rld_var'}'\"
+		preload_var=_RLDN32_LIST
+		;;
+	*ELF\ 64*MIPS*)
+		[ -n "$LD_LIBRARY64_PATH"  ] && rld_var=LD_LIBRARY64_PATH
+		#_RLD64_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT"; export _RLD64_LIST
+		_RLD64_ROOT=/no/such/dir; export _RLD64_ROOT
+		eval $rld_var=\"/usr/lib64'${'$rld_var':+:$'$rld_var'}'\"
+		preload_var=_RLD64_LIST
+		;;
+	esac
+	eval $rld_var=\"${THERE}'${'$rld_var':+:$'$rld_var'}'\"; export $rld_var
+	unset rld_var
+	;;
+*)	LD_LIBRARY_PATH="${THERE}:$LD_LIBRARY_PATH"	# Linux, ELF HP-UX
+	DYLD_LIBRARY_PATH="${THERE}:$DYLD_LIBRARY_PATH"	# MacOS X
+	SHLIB_PATH="${THERE}:$SHLIB_PATH"		# legacy HP-UX
+	LIBPATH="${THERE}:$LIBPATH"			# AIX, OS/2
+	export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH
+	# Even though $PATH is adjusted [for Windows sake], it doesn't
+	# necessarily does the trick. Trouble is that with introduction
+	# of SafeDllSearchMode in XP/2003 it's more appropriate to copy
+	# .DLLs in vicinity of executable, which is done elsewhere...
+	if [ "$OSTYPE" != msdosdjgpp ]; then
+		PATH="${THERE}:$PATH"; export PATH
+	fi
+	;;
+esac
+
+{- output_off() unless grep (/-rpath\b/, @{$config{LDFLAGS}}); ""; -}
+if [ -f "$LIBCRYPTOSO" -a -z "$preload_var" ]; then
+	# Following three lines are major excuse for isolating them into
+	# this wrapper script. Original reason for setting LD_PRELOAD
+	# was to make it possible to pass 'make test' when user linked
+	# with -rpath pointing to previous version installation. Wrapping
+	# it into a script makes it possible to do so on multi-ABI
+	# platforms.
+	case "$SYSNAME" in
+	*BSD)	LD_PRELOAD="$LIBCRYPTOSO:$LIBSSLSO" ;;	# *BSD
+	*)	LD_PRELOAD="$LIBCRYPTOSO $LIBSSLSO" ;;	# SunOS, Linux, ELF HP-UX
+	esac
+	_RLD_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT"	# Tru64, o32 IRIX
+	DYLD_INSERT_LIBRARIES="$LIBCRYPTOSO:$LIBSSLSO"	# MacOS X
+	export LD_PRELOAD _RLD_LIST DYLD_INSERT_LIBRARIES
+fi
+{- output_on() unless grep (/-rpath\b/, @{$config{LDFLAGS}}); ""; -}
+
+cmd="$1"; [ -x "$cmd" ] || cmd="$cmd${EXE_EXT}"
+shift
+if [ $# -eq 0 ]; then
+	exec "$cmd"	# old sh, such as Tru64 4.x, fails to expand empty "$@"
+else
+	exec "$cmd" "$@"
+fi
diff --git a/trunk/3rdparty/openssl-1.1-fit/util/su-filter.pl b/trunk/3rdparty/openssl-1.1-fit/util/su-filter.pl
new file mode 100644
index 000000000..389c7c35c
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/util/su-filter.pl
@@ -0,0 +1,264 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+
+my $in_su = 0;
+my $indent = 0;
+my $out;
+my $braces = 0;
+my $arrcnt;
+my $data;
+my $tststr;
+my $incomm = 0;
+
+while(<>) {
+    $tststr = $_;
+    $incomm++ while $tststr =~ /\/\*/g;
+    $incomm-- while $tststr =~ /\*\//g;
+
+    if($in_su == 1) {
+        if(/}(.*);/) {
+            $out .= $_;
+            do_output($out);
+            $in_su = 0;
+        } elsif(/^ *\} [^\s]+(\[\d*\])* = \{/) {
+           $tststr = $1;
+           $arrcnt = 0;
+           $arrcnt++ while $tststr =~ /\[/g;
+           $in_su++;
+           $braces = 1;
+           /^(.* = \{)(.*)$/;
+           $data = $2;
+           $out .= $1."\n";
+        } else {
+            $out .= $_;
+        }
+    } elsif($in_su == 2) {
+        $data .= $_;
+        if(/};$/) {
+            #$data = "\n$data";
+            $data =~ s/\n */\n/g;
+            $data =~ s/};\n?//s;
+            my @strucdata = structureData($data);
+            $out .= displayData($indent, 0, \@strucdata);
+            $out .= "\n$indent};\n";
+            do_output($out);
+            $in_su = 0;
+        }
+    } elsif($incomm <= 0 && /( *)(static )?(const )?(union|struct) ([a-zA-Z_\$][\$0-9a-zA-Z_]+ )?\{/) {
+        $in_su = 1;
+        $indent = $1;
+        $out = $_;
+        next;
+    } else {
+        do_output($_);
+    }
+}
+
+
+sub structureData {
+    my $data = $_[0];
+    my @datalist = split(/(\{|\}|,|"|#|\n|\/\*|\*\/|\(|\))/, $data);
+    my $item;
+    my $dataitem = "";
+    my @struclist = ();
+    my $substruc;
+    my $inquote = 0;
+    my $inbrace = 0;
+    my $preproc = 0;
+    my $comment = 0;
+    my $inparen = 0;
+
+
+    foreach $item (@datalist) {
+        if($comment) {
+            if($item eq "*/") {
+                $comment = 0;
+                $dataitem .= "*/";
+                push @struclist, $dataitem;
+                $dataitem = "";
+                next;
+            }
+            $dataitem .= $item;
+            next;
+        }
+        if($inquote) {
+            $dataitem .= $item;
+            if($item eq "\"") {
+                $inquote--;
+            }
+            next;
+        }
+        if($preproc) {
+            if($item eq "\n") {
+                $preproc = 0;
+                push @struclist, $dataitem;
+                $dataitem = "";
+                next;
+            }
+            $dataitem .= $item;
+            next;
+        }
+        if($inbrace) {
+            if($item eq "}") {
+                $inbrace --;
+
+                if(!$inbrace) {
+                    $substruc = structureData($dataitem);
+                    $dataitem = $substruc;
+                    next;
+                }
+            } elsif($item eq "{") {
+                $inbrace++;
+            } elsif ($item eq "\"") {
+                $inquote++;
+            }
+            $dataitem .= $item;
+            next;
+        }
+        if($inparen) {
+            if($item eq ")") {
+                $inparen--;
+            }
+            $dataitem .= $item;
+            next;
+        }
+        if($item eq "\n") {
+            next;
+        }
+        if($item eq "#") {
+            $preproc = 1;
+            push @struclist, $dataitem;
+            $dataitem = "#";
+            next;
+        }
+        if($item eq "/*") {
+            $comment = 1;
+            push @struclist, $dataitem;
+            $dataitem= "/*";
+            next;
+        }
+        if($item eq "\"") {
+            $dataitem .= $item;
+            $inquote++;
+            next;
+        }
+        if($item eq "{") {
+            $inbrace++;
+            next;
+        }
+        if($item eq ",") {
+            push @struclist, $dataitem;
+            $dataitem = "";
+            next;
+        }
+        if($item eq "(") {
+            $dataitem .= $item;
+            $inparen++;
+            next;
+        }
+        if($item =~ /^\s*$/) {
+            next;
+        }
+        if(ref $dataitem eq 'ARRAY') {
+            push @struclist, $dataitem;
+            $dataitem = "";
+        }
+        $dataitem .= $item;
+    }
+    push @struclist, $dataitem;
+    return \@struclist;
+}
+
+sub displayData {
+    my $indent = shift;
+    my $depth = shift;
+    my $data = shift;
+    my $item;
+    my $out = "";
+    my $currline = "";
+    my $first = 1;
+    my $prevpreproc = 0;
+    my $prevcomment = 0;
+
+    foreach $item (@{$data}) {
+        if($item =~ /^\/\*/) {
+            #Comment
+            $item =~ s/\n/\n$indent/g;
+            if($out =~ /\n\s*$/s) {
+                $out .= $item."\n".$indent;
+            } else {
+                $out .= "\n".$indent.$item."\n".$indent;
+            }
+            $currline = $indent;
+            $prevcomment = 1;
+            next;
+        }
+        $item =~ s/^\s+//;
+        if($item =~ /^#/) {
+            #Pre-processor directive
+            if($out =~ /\n\s*$/s) {
+                $out =~ s/\n\s*$/\n/;
+                $out .= $item."\n".$indent;
+            } else {
+                $out .= "\n".$item."\n".$indent;
+            }
+            $currline = $indent;
+            $prevpreproc = 1;
+            next;
+        }
+        if($first) {
+            $first = 0;
+            if($depth != 0) {
+                $out .= $indent;
+                $currline = $indent;
+            }
+        } else {
+            if(!$prevpreproc && !$prevcomment) {
+                $out .= ", ";
+                $currline .= ", ";
+                if($depth == 1) {
+                    $out .= "\n";
+                    $currline = "";
+                }
+                if($depth == 1) {
+                    $out .= $indent;
+                    $currline .= $indent;
+                }
+            }
+
+        }
+        $prevpreproc = 0;
+        $prevcomment = 0;
+
+        if (ref $item eq 'ARRAY') {
+            if($depth == 0) {
+                $out .= displayData("$indent    ", $depth+1, $item);
+            } else {
+                $out .= "{\n".displayData("$indent    ", $depth+1, $item)."\n".$indent."}";
+                $currline = $indent."}";
+            }
+        } else {
+            if(length $currline.$item > 79) {
+                $currline = $indent;
+                $out .= "\n$indent";
+            }
+            $out .= $item;
+            $currline .= $item;
+        }
+    }
+    return $out;
+}
+
+sub do_output {
+    my $out = shift;
+    # Strip any trailing whitespace
+    $out =~ s/\s+\n/\n/g;
+    print $out;
+}
diff --git a/trunk/3rdparty/openssl-1.1-fit/util/unlocal_shlib.com.in b/trunk/3rdparty/openssl-1.1-fit/util/unlocal_shlib.com.in
new file mode 100644
index 000000000..dd4fd2a9d
--- /dev/null
+++ b/trunk/3rdparty/openssl-1.1-fit/util/unlocal_shlib.com.in
@@ -0,0 +1,26 @@
+${-
+  use File::Spec::Functions qw(rel2abs);
+
+  my $bldtop = rel2abs($config{builddir});
+  our %names = ( map { $_ => $bldtop.$_.".EXE" }
+                 map { $unified_info{sharednames}->{$_} || () }
+                 @{$unified_info{libraries}} );
+  "" -}
+$       ! Remove the local environment created by local_shlib.com
+$
+$       OPENSSL_NAMES := OPENSSL_NAMES_'F$GETJPI("","PID")'
+$       IF F$TRNLNM("OSSL_FLAG",OPENSSL_NAMES) .EQS. "" THEN EXIT 0
+$
+$       NAMES := {- join(",", keys %names); -}
+$       I = 0
+$       LOOP:
+$           E = F$ELEMENT(I,",",NAMES)
+$           I = I + 1
+$           IF E .EQS. "," THEN GOTO ENDLOOP
+$           OLDV = F$TRNLNM(E,OPENSSL_NAMES)
+$           DEASSIGN 'E'
+$           IF OLDV .NES. "" THEN DEFINE 'E' 'OLDV'
+$           GOTO LOOP
+$       ENDLOOP:
+$
+$       DEASSIGN 'OPENSSL_NAMES' /TABLE=LNM$PROCESS_DIRECTORY
diff --git a/trunk/3rdparty/openssl-1.1.0e.zip b/trunk/3rdparty/openssl-1.1.0e.zip
deleted file mode 100644
index 1361d91cc..000000000
Binary files a/trunk/3rdparty/openssl-1.1.0e.zip and /dev/null differ
diff --git a/trunk/3rdparty/srs-bench/.gitignore b/trunk/3rdparty/srs-bench/.gitignore
new file mode 100644
index 000000000..589c6ab3a
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/.gitignore
@@ -0,0 +1,8 @@
+.idea
+objs
+*.ogg
+*.ivf
+*.h264
+.DS_Store
+
+.format.txt
diff --git a/trunk/3rdparty/srs-bench/Makefile b/trunk/3rdparty/srs-bench/Makefile
new file mode 100644
index 000000000..f4ee3f9d0
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/Makefile
@@ -0,0 +1,25 @@
+.PHONY: help default clean bench test
+
+default: bench test
+
+clean:
+	rm -f ./objs/srs_bench ./objs/srs_test
+
+.format.txt: *.go rtc/*.go srs/*.go
+	gofmt -w .
+	echo "done" > .format.txt
+
+bench: ./objs/srs_bench
+
+./objs/srs_bench: .format.txt *.go rtc/*.go srs/*.go Makefile
+	go build -mod=vendor -o objs/srs_bench .
+
+test: ./objs/srs_test
+
+./objs/srs_test: .format.txt *.go rtc/*.go srs/*.go Makefile
+	go test ./srs -mod=vendor -c -o ./objs/srs_test
+
+help:
+	@echo "Usage: make [bench|test]"
+	@echo "     bench       Make the bench to ./objs/srs_bench"
+	@echo "     test        Make the test tool to ./objs/srs_test"
diff --git a/trunk/3rdparty/srs-bench/README.md b/trunk/3rdparty/srs-bench/README.md
new file mode 100644
index 000000000..061976383
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/README.md
@@ -0,0 +1,149 @@
+# srs-bench
+
+WebRTC benchmark on [pion/webrtc](https://github.com/pion/webrtc) for [SRS](https://github.com/ossrs/srs).
+
+## Usage
+
+编译和使用：
+
+```bash
+git clone https://github.com/ossrs/srs-bench.git && git checkout feature/rtc && 
+make && ./objs/srs_bench -h
+```
+
+## Player for Live
+
+直播播放压测，一个流，很多个播放。
+
+首先，推流到SRS：
+
+```bash
+ffmpeg -re -i doc/source.200kbps.768x320.flv -c copy -f flv -y rtmp://localhost/live/livestream
+```
+
+然后，启动压测，比如100个：
+
+```bash
+./objs/srs_bench -sr webrtc://localhost/live/livestream -nn 100
+```
+
+## Publisher for Live or RTC
+
+直播或会议场景推流压测，一般会推多个流。
+
+首先，推流依赖于录制的文件，请参考[DVR](#dvr)。
+
+然后，启动推流压测，比如100个流：
+
+```bash
+./objs/srs_bench -pr webrtc://localhost/live/livestream_%d -sn 100 -sa a.ogg -sv v.h264 -fps 25
+```
+
+> 注意：帧率是原始视频的帧率，由于264中没有这个信息所以需要传递。
+
+## Multipel Player or Publisher for RTC
+
+会议场景的播放压测，会多个客户端播放多个流，比如3人会议，那么就有3个推流，每个流有2个播放。
+
+首先，启动推流压测，比如3个流：
+
+```bash
+./objs/srs_bench -pr webrtc://localhost/live/livestream_%d -sn 3 -sa a.ogg -sv v.h264 -fps 25
+```
+
+然后，每个流都启动播放压测，比如每个流2个播放：
+
+```bash
+./objs/srs_bench -sr webrtc://localhost/live/livestream_%d -sn 3 -nn 2
+```
+
+> 备注：压测都是基于流，可以任意设计推流和播放的流路数，实现不同的场景。
+
+> 备注：URL的变量格式参考Go的`fmt.Sprintf`，比如可以用`webrtc://localhost/live/livestream_%03d`。
+
+## DVR
+
+录制场景，主要是把内容录制下来后，可分析，也可以用于推流。
+
+首先，推流到SRS，参考[live](#player-for-live)。
+
+```bash
+ffmpeg -re -i doc/source.200kbps.768x320.flv -c copy -f flv -y rtmp://localhost/live/livestream
+```
+
+然后，启动录制：
+
+```bash
+./objs/srs_bench -sr webrtc://localhost/live/livestream -da a.ogg -dv v.h264
+```
+
+> 备注：录制下来的`a.ogg`和`v.h264`可以用做推流。
+
+## RTC Plaintext
+
+压测RTC明文播放：
+
+首先，推流到SRS：
+
+```bash
+ffmpeg -re -i doc/source.200kbps.768x320.flv -c copy -f flv -y rtmp://localhost/live/livestream
+```
+
+然后，启动压测，指定是明文（非加密），比如100个：
+
+```bash
+./objs/srs_bench -sr webrtc://localhost/live/livestream?encrypt=false -nn 100
+```
+
+> Note: 可以传递更多参数，详细参考SRS支持的参数。
+
+## Regression Test
+
+回归测试需要先启动[SRS](https://github.com/ossrs/srs/issues/307)，支持WebRTC推拉流：
+
+```bash
+eip=$(ifconfig en0 inet| grep 'inet '|awk '{print $2}')
+if [[ ! -z $eip ]]; then 
+  docker run -p 1935:1935 -p 8080:8080 -p 1985:1985 -p 8000:8000/udp \
+      --rm --env CANDIDATE=$(ifconfig en0 inet| grep 'inet '|awk '{print $2}')\
+      registry.cn-hangzhou.aliyuncs.com/ossrs/srs:v4.0.76 objs/srs -c conf/rtc.conf
+fi
+```
+
+然后运行回归测试用例，如果只跑一次，可以直接运行：
+
+```bash
+go test ./srs -mod=vendor -v
+```
+
+也可以用make编译出重复使用的二进制：
+
+```bash
+make test && ./objs/srs_test -test.v
+```
+
+可以给回归测试传参数，这样可以测试不同的序列，比如：
+
+```bash
+go test ./srs -mod=vendor -v -srs-server=127.0.0.1
+# Or
+make test && ./objs/srs_test -test.v -srs-server=127.0.0.1
+```
+
+支持的参数如下：
+
+* `-srs-server`，RTC服务器地址。默认值：`127.0.0.1`
+* `-srs-stream`，RTC流地址。默认值：`/rtc/regression`
+* `-srs-log`，是否开启详细日志。默认值：`false`
+* `-srs-timeout`，每个Case的超时时间，毫秒。默认值：`3000`，即3秒。
+* `-srs-play-pli`，播放时，PLI的间隔，毫秒。默认值：`5000`，即5秒。
+* `-srs-play-ok-packets`，播放时，收到多少个包认为是测试通过，默认值：`10`
+* `-srs-publish-audio`，推流时，使用的音频文件。默认值：`avatar.ogg`
+* `-srs-publish-video`，推流时，使用的视频文件。默认值：`avatar.h264`
+* `-srs-publish-video-fps`，推流时，视频文件的FPS。默认值：`25`
+
+其他不常用参数：
+
+* `-srs-https`，是否连接HTTPS-API。默认值：`false`，即连接HTTP-API。
+
+2021.01, Winlin
diff --git a/trunk/3rdparty/srs-bench/avatar.ogg b/trunk/3rdparty/srs-bench/avatar.ogg
new file mode 100644
index 000000000..cd9b711df
Binary files /dev/null and b/trunk/3rdparty/srs-bench/avatar.ogg differ
diff --git a/trunk/3rdparty/srs-bench/go.mod b/trunk/3rdparty/srs-bench/go.mod
new file mode 100644
index 000000000..e7322eaac
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/go.mod
@@ -0,0 +1,12 @@
+module github.com/ossrs/srs-bench
+
+go 1.15
+
+require (
+	github.com/ossrs/go-oryx-lib v0.0.8
+	github.com/pion/interceptor v0.0.9
+	github.com/pion/rtcp v1.2.6
+	github.com/pion/rtp v1.6.2
+	github.com/pion/sdp/v3 v3.0.4
+	github.com/pion/webrtc/v3 v3.0.4
+)
diff --git a/trunk/3rdparty/srs-bench/go.sum b/trunk/3rdparty/srs-bench/go.sum
new file mode 100644
index 000000000..98e9df028
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/go.sum
@@ -0,0 +1,124 @@
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
+github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
+github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
+github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
+github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
+github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
+github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
+github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/uuid v1.1.2 h1:EVhdT+1Kseyi1/pUmXKaFxYsDNy9RQYkMWRH68J/W7Y=
+github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
+github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
+github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
+github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
+github.com/onsi/ginkgo v1.14.2/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY=
+github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
+github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
+github.com/onsi/gomega v1.10.3/go.mod h1:V9xEwhxec5O8UDM77eCW8vLymOMltsqPVYWrpDsH8xc=
+github.com/ossrs/go-oryx-lib v0.0.8 h1:k8ml3ZLsjIMoQEdZdWuy8zkU0w/fbJSyHvT/s9NyeCc=
+github.com/ossrs/go-oryx-lib v0.0.8/go.mod h1:i2tH4TZBzAw5h+HwGrNOKvP/nmZgSQz0OEnLLdzcT/8=
+github.com/pion/datachannel v1.4.21 h1:3ZvhNyfmxsAqltQrApLPQMhSFNA+aT87RqyCq4OXmf0=
+github.com/pion/datachannel v1.4.21/go.mod h1:oiNyP4gHx2DIwRzX/MFyH0Rz/Gz05OgBlayAI2hAWjg=
+github.com/pion/dtls/v2 v2.0.4 h1:WuUcqi6oYMu/noNTz92QrF1DaFj4eXbhQ6dzaaAwOiI=
+github.com/pion/dtls/v2 v2.0.4/go.mod h1:qAkFscX0ZHoI1E07RfYPoRw3manThveu+mlTDdOxoGI=
+github.com/pion/ice/v2 v2.0.14 h1:FxXxauyykf89SWAtkQCfnHkno6G8+bhRkNguSh9zU+4=
+github.com/pion/ice/v2 v2.0.14/go.mod h1:wqaUbOq5ObDNU5ox1hRsEst0rWfsKuH1zXjQFEWiZwM=
+github.com/pion/interceptor v0.0.9 h1:fk5hTdyLO3KURQsf/+RjMpEm4NE3yeTY9Kh97b5BvwA=
+github.com/pion/interceptor v0.0.9/go.mod h1:dHgEP5dtxOTf21MObuBAjJeAayPxLUAZjerGH8Xr07c=
+github.com/pion/logging v0.2.2 h1:M9+AIj/+pxNsDfAT64+MAVgJO0rsyLnoJKCqf//DoeY=
+github.com/pion/logging v0.2.2/go.mod h1:k0/tDVsRCX2Mb2ZEmTqNa7CWsQPc+YYCB7Q+5pahoms=
+github.com/pion/mdns v0.0.4 h1:O4vvVqr4DGX63vzmO6Fw9vpy3lfztVWHGCQfyw0ZLSY=
+github.com/pion/mdns v0.0.4/go.mod h1:R1sL0p50l42S5lJs91oNdUL58nm0QHrhxnSegr++qC0=
+github.com/pion/randutil v0.1.0 h1:CFG1UdESneORglEsnimhUjf33Rwjubwj6xfiOXBa3mA=
+github.com/pion/randutil v0.1.0/go.mod h1:XcJrSMMbbMRhASFVOlj/5hQial/Y8oH/HVo7TBZq+j8=
+github.com/pion/rtcp v1.2.6 h1:1zvwBbyd0TeEuuWftrd/4d++m+/kZSeiguxU61LFWpo=
+github.com/pion/rtcp v1.2.6/go.mod h1:52rMNPWFsjr39z9B9MhnkqhPLoeHTv1aN63o/42bWE0=
+github.com/pion/rtp v1.6.2 h1:iGBerLX6JiDjB9NXuaPzHyxHFG9JsIEdgwTC0lp5n/U=
+github.com/pion/rtp v1.6.2/go.mod h1:bDb5n+BFZxXx0Ea7E5qe+klMuqiBrP+w8XSjiWtCUko=
+github.com/pion/sctp v1.7.10/go.mod h1:EhpTUQu1/lcK3xI+eriS6/96fWetHGCvBi9MSsnaBN0=
+github.com/pion/sctp v1.7.11 h1:UCnj7MsobLKLuP/Hh+JMiI/6W5Bs/VF45lWKgHFjSIE=
+github.com/pion/sctp v1.7.11/go.mod h1:EhpTUQu1/lcK3xI+eriS6/96fWetHGCvBi9MSsnaBN0=
+github.com/pion/sdp/v3 v3.0.4 h1:2Kf+dgrzJflNCSw3TV5v2VLeI0s/qkzy2r5jlR0wzf8=
+github.com/pion/sdp/v3 v3.0.4/go.mod h1:bNiSknmJE0HYBprTHXKPQ3+JjacTv5uap92ueJZKsRk=
+github.com/pion/srtp/v2 v2.0.1 h1:kgfh65ob3EcnFYA4kUBvU/menCp9u7qaJLXwWgpobzs=
+github.com/pion/srtp/v2 v2.0.1/go.mod h1:c8NWHhhkFf/drmHTAblkdu8++lsISEBBdAuiyxgqIsE=
+github.com/pion/stun v0.3.5 h1:uLUCBCkQby4S1cf6CGuR9QrVOKcvUwFeemaC865QHDg=
+github.com/pion/stun v0.3.5/go.mod h1:gDMim+47EeEtfWogA37n6qXZS88L5V6LqFcf+DZA2UA=
+github.com/pion/transport v0.8.10/go.mod h1:tBmha/UCjpum5hqTWhfAEs3CO4/tHSg0MYRhSzR+CZ8=
+github.com/pion/transport v0.10.0/go.mod h1:BnHnUipd0rZQyTVB2SBGojFHT9CBt5C5TcsJSQGkvSE=
+github.com/pion/transport v0.10.1/go.mod h1:PBis1stIILMiis0PewDw91WJeLJkyIMcEk+DwKOzf4A=
+github.com/pion/transport v0.12.0/go.mod h1:N3+vZQD9HlDP5GWkZ85LohxNsDcNgofQmyL6ojX5d8Q=
+github.com/pion/transport v0.12.2 h1:WYEjhloRHt1R86LhUKjC5y+P52Y11/QqEUalvtzVoys=
+github.com/pion/transport v0.12.2/go.mod h1:N3+vZQD9HlDP5GWkZ85LohxNsDcNgofQmyL6ojX5d8Q=
+github.com/pion/turn/v2 v2.0.5 h1:iwMHqDfPEDEOFzwWKT56eFmh6DYC6o/+xnLAEzgISbA=
+github.com/pion/turn/v2 v2.0.5/go.mod h1:APg43CFyt/14Uy7heYUOGWdkem/Wu4PhCO/bjyrTqMw=
+github.com/pion/udp v0.1.0 h1:uGxQsNyrqG3GLINv36Ff60covYmfrLoxzwnCsIYspXI=
+github.com/pion/udp v0.1.0/go.mod h1:BPELIjbwE9PRbd/zxI/KYBnbo7B6+oA6YuEaNE8lths=
+github.com/pion/webrtc v1.2.0 h1:3LGGPQEMacwG2hcDfhdvwQPz315gvjZXOfY4vaF4+I4=
+github.com/pion/webrtc/v3 v3.0.4 h1:Tiw3H9fpfcwkvaxonB+Gv1DG9tmgYBQaM1vBagDHP40=
+github.com/pion/webrtc/v3 v3.0.4/go.mod h1:1TmFSLpPYFTFXFHPtoq9eGP1ASTa9LC6FBh7sUY8cd4=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/sclevine/agouti v3.0.0+incompatible/go.mod h1:b4WX9W9L1sfQKXeJf1mUTLZKJ48R1S7H23Ji7oFO5Bw=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897 h1:pLI5jrR7OSLijeIDcmRxNmw2api+jEfxLoykJVice/E=
+golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20191126235420-ef20fe5d7933/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20201006153459-a7d1128ccaa0/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20201201195509-5d6afe98e0b7 h1:3uJsdck53FDIpWwLeAXlia9p4C8j0BO2xZrqzKpL0D8=
+golang.org/x/net v0.0.0-20201201195509-5d6afe98e0b7/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f h1:+Nyd8tzPX9R7BWHguqsrbFdRx3WQ/1ib8I44HXV5yTA=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
+google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
+google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
+google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
+google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
+google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
+gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/trunk/3rdparty/srs-bench/main.go b/trunk/3rdparty/srs-bench/main.go
new file mode 100644
index 000000000..a2384a524
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/main.go
@@ -0,0 +1,263 @@
+package main
+
+import (
+	"context"
+	"flag"
+	"fmt"
+	"github.com/ossrs/go-oryx-lib/errors"
+	"github.com/ossrs/go-oryx-lib/logger"
+	"github.com/ossrs/srs-bench/srs"
+	"net"
+	"net/http"
+	"os"
+	"os/signal"
+	"strings"
+	"sync"
+	"syscall"
+	"time"
+)
+
+func main() {
+	var sr, dumpAudio, dumpVideo string
+	var pli int
+	flag.StringVar(&sr, "sr", "", "")
+	flag.StringVar(&dumpAudio, "da", "", "")
+	flag.StringVar(&dumpVideo, "dv", "", "")
+	flag.IntVar(&pli, "pli", 10, "")
+
+	var pr, sourceAudio, sourceVideo string
+	var fps int
+	flag.StringVar(&pr, "pr", "", "")
+	flag.StringVar(&sourceAudio, "sa", "", "")
+	flag.StringVar(&sourceVideo, "sv", "", "")
+	flag.IntVar(&fps, "fps", 0, "")
+
+	var audioLevel, videoTWCC bool
+	flag.BoolVar(&audioLevel, "al", true, "")
+	flag.BoolVar(&videoTWCC, "twcc", true, "")
+
+	var clients, streams, delay int
+	flag.IntVar(&clients, "nn", 1, "")
+	flag.IntVar(&streams, "sn", 1, "")
+	flag.IntVar(&delay, "delay", 50, "")
+
+	var statListen string
+	flag.StringVar(&statListen, "stat", ":18000", "")
+
+	flag.Usage = func() {
+		fmt.Println(fmt.Sprintf("Usage: %v [Options]", os.Args[0]))
+		fmt.Println(fmt.Sprintf("Options:"))
+		fmt.Println(fmt.Sprintf("   -nn     The number of clients to simulate. Default: 1"))
+		fmt.Println(fmt.Sprintf("   -sn     The number of streams to simulate. Variable: %%d. Default: 1"))
+		fmt.Println(fmt.Sprintf("   -delay  The start delay in ms for each client or stream to simulate. Default: 50"))
+		fmt.Println(fmt.Sprintf("   -al     [Optional] Whether enable audio-level. Default: true"))
+		fmt.Println(fmt.Sprintf("   -twcc   [Optional] Whether enable vdieo-twcc. Default: true"))
+		fmt.Println(fmt.Sprintf("   -stat   [Optional] The stat server API listen port. Default: :18000"))
+		fmt.Println(fmt.Sprintf("Player or Subscriber:"))
+		fmt.Println(fmt.Sprintf("   -sr     The url to play/subscribe. If sn exceed 1, auto append variable %%d."))
+		fmt.Println(fmt.Sprintf("   -da     [Optional] The file path to dump audio, ignore if empty."))
+		fmt.Println(fmt.Sprintf("   -dv     [Optional] The file path to dump video, ignore if empty."))
+		fmt.Println(fmt.Sprintf("   -pli    [Optional] PLI request interval in seconds. Default: 10"))
+		fmt.Println(fmt.Sprintf("Publisher:"))
+		fmt.Println(fmt.Sprintf("   -pr     The url to publish. If sn exceed 1, auto append variable %%d."))
+		fmt.Println(fmt.Sprintf("   -fps    The fps of .h264 source file."))
+		fmt.Println(fmt.Sprintf("   -sa     [Optional] The file path to read audio, ignore if empty."))
+		fmt.Println(fmt.Sprintf("   -sv     [Optional] The file path to read video, ignore if empty."))
+		fmt.Println(fmt.Sprintf("\n例如，1个播放，1个推流:"))
+		fmt.Println(fmt.Sprintf("   %v -sr webrtc://localhost/live/livestream", os.Args[0]))
+		fmt.Println(fmt.Sprintf("   %v -pr webrtc://localhost/live/livestream -sa a.ogg -sv v.h264 -fps 25", os.Args[0]))
+		fmt.Println(fmt.Sprintf("\n例如，1个流，3个播放，共3个客户端："))
+		fmt.Println(fmt.Sprintf("   %v -sr webrtc://localhost/live/livestream -nn 3", os.Args[0]))
+		fmt.Println(fmt.Sprintf("   %v -pr webrtc://localhost/live/livestream -sa a.ogg -sv v.h264 -fps 25", os.Args[0]))
+		fmt.Println(fmt.Sprintf("\n例如，2个流，每个流3个播放，共6个客户端："))
+		fmt.Println(fmt.Sprintf("   %v -sr webrtc://localhost/live/livestream_%%d -sn 2 -nn 3", os.Args[0]))
+		fmt.Println(fmt.Sprintf("   %v -pr webrtc://localhost/live/livestream_%%d -sn 2 -sa a.ogg -sv v.h264 -fps 25", os.Args[0]))
+		fmt.Println(fmt.Sprintf("\n例如，2个推流："))
+		fmt.Println(fmt.Sprintf("   %v -pr webrtc://localhost/live/livestream_%%d -sn 2 -sa a.ogg -sv v.h264 -fps 25", os.Args[0]))
+		fmt.Println(fmt.Sprintf("\n例如，1个录制："))
+		fmt.Println(fmt.Sprintf("   %v -sr webrtc://localhost/live/livestream -da a.ogg -dv v.h264", os.Args[0]))
+		fmt.Println(fmt.Sprintf("\n例如，1个明文播放："))
+		fmt.Println(fmt.Sprintf("   %v -sr webrtc://localhost/live/livestream?encrypt=false", os.Args[0]))
+		fmt.Println()
+	}
+	flag.Parse()
+
+	showHelp := (clients <= 0 || streams <= 0)
+	if sr == "" && pr == "" {
+		showHelp = true
+	}
+	if pr != "" && (sourceAudio == "" && sourceVideo == "") {
+		showHelp = true
+	}
+	if showHelp {
+		flag.Usage()
+		os.Exit(-1)
+	}
+
+	if statListen != "" && !strings.Contains(statListen, ":") {
+		statListen = ":" + statListen
+	}
+
+	ctx := context.Background()
+	summaryDesc := fmt.Sprintf("clients=%v, delay=%v, al=%v, twcc=%v, stat=%v", clients, delay, audioLevel, videoTWCC, statListen)
+	if sr != "" {
+		summaryDesc = fmt.Sprintf("%v, play(url=%v, da=%v, dv=%v, pli=%v)", summaryDesc, sr, dumpAudio, dumpVideo, pli)
+	}
+	if pr != "" {
+		summaryDesc = fmt.Sprintf("%v, publish(url=%v, sa=%v, sv=%v, fps=%v)",
+			summaryDesc, pr, sourceAudio, sourceVideo, fps)
+	}
+	logger.Tf(ctx, "Start benchmark with %v", summaryDesc)
+
+	checkFlag := func() error {
+		if dumpVideo != "" && !strings.HasSuffix(dumpVideo, ".h264") && !strings.HasSuffix(dumpVideo, ".ivf") {
+			return errors.Errorf("Should be .ivf or .264, actual %v", dumpVideo)
+		}
+
+		if sourceVideo != "" && !strings.HasSuffix(sourceVideo, ".h264") {
+			return errors.Errorf("Should be .264, actual %v", sourceVideo)
+		}
+
+		if sourceVideo != "" && strings.HasSuffix(sourceVideo, ".h264") && fps <= 0 {
+			return errors.Errorf("Video fps should >0, actual %v", fps)
+		}
+		return nil
+	}
+	if err := checkFlag(); err != nil {
+		logger.Ef(ctx, "Check faile err %+v", err)
+		os.Exit(-1)
+	}
+
+	ctx, cancel := context.WithCancel(ctx)
+
+	// Process all signals.
+	go func() {
+		sigs := make(chan os.Signal, 1)
+		signal.Notify(sigs, syscall.SIGTERM, syscall.SIGINT)
+		for sig := range sigs {
+			logger.Wf(ctx, "Quit for signal %v", sig)
+			cancel()
+		}
+	}()
+
+	// Run tasks.
+	var wg sync.WaitGroup
+
+	// Start STAT API server.
+	wg.Add(1)
+	go func() {
+		defer wg.Done()
+
+		if statListen == "" {
+			return
+		}
+
+		var lc net.ListenConfig
+		ln, err := lc.Listen(ctx, "tcp", statListen)
+		if err != nil {
+			logger.Ef(ctx, "stat listen err+%v", err)
+			cancel()
+			return
+		}
+
+		mux := http.NewServeMux()
+		srs.HandleStat(ctx, mux, statListen)
+
+		srv := &http.Server{
+			Handler: mux,
+			BaseContext: func(listener net.Listener) context.Context {
+				return ctx
+			},
+		}
+
+		go func() {
+			<-ctx.Done()
+			srv.Shutdown(ctx)
+		}()
+
+		logger.Tf(ctx, "Stat listen at %v", statListen)
+		if err := srv.Serve(ln); err != nil {
+			if ctx.Err() == nil {
+				logger.Ef(ctx, "stat serve err+%v", err)
+				cancel()
+			}
+			return
+		}
+	}()
+
+	// Start all subscribers or players.
+	for i := 0; sr != "" && i < streams && ctx.Err() == nil; i++ {
+		r_auto := sr
+		if streams > 1 && !strings.Contains(r_auto, "%") {
+			r_auto += "%d"
+		}
+
+		r2 := r_auto
+		if strings.Contains(r2, "%") {
+			r2 = fmt.Sprintf(r2, i)
+		}
+
+		for j := 0; sr != "" && j < clients && ctx.Err() == nil; j++ {
+			// Dump audio or video only for the first client.
+			da, dv := dumpAudio, dumpVideo
+			if i > 0 {
+				da, dv = "", ""
+			}
+
+			srs.StatRTC.Subscribers.Expect++
+			srs.StatRTC.Subscribers.Alive++
+
+			wg.Add(1)
+			go func(sr, da, dv string) {
+				defer wg.Done()
+				defer func() {
+					srs.StatRTC.Subscribers.Alive--
+				}()
+
+				if err := srs.StartPlay(ctx, sr, da, dv, audioLevel, videoTWCC, pli); err != nil {
+					if errors.Cause(err) != context.Canceled {
+						logger.Wf(ctx, "Run err %+v", err)
+					}
+				}
+			}(r2, da, dv)
+
+			time.Sleep(time.Duration(delay) * time.Millisecond)
+		}
+	}
+
+	// Start all publishers.
+	for i := 0; pr != "" && i < streams && ctx.Err() == nil; i++ {
+		r_auto := pr
+		if streams > 1 && !strings.Contains(r_auto, "%") {
+			r_auto += "%d"
+		}
+
+		r2 := r_auto
+		if strings.Contains(r2, "%") {
+			r2 = fmt.Sprintf(r2, i)
+		}
+
+		srs.StatRTC.Publishers.Expect++
+		srs.StatRTC.Publishers.Alive++
+
+		wg.Add(1)
+		go func(pr string) {
+			defer wg.Done()
+			defer func() {
+				srs.StatRTC.Publishers.Alive--
+			}()
+
+			if err := srs.StartPublish(ctx, pr, sourceAudio, sourceVideo, fps, audioLevel, videoTWCC); err != nil {
+				if errors.Cause(err) != context.Canceled {
+					logger.Wf(ctx, "Run err %+v", err)
+				}
+			}
+		}(r2)
+
+		time.Sleep(time.Duration(delay) * time.Millisecond)
+	}
+
+	wg.Wait()
+
+	logger.Tf(ctx, "Done")
+}
diff --git a/trunk/3rdparty/srs-bench/rtc/pion_constants.go b/trunk/3rdparty/srs-bench/rtc/pion_constants.go
new file mode 100644
index 000000000..4b44a7064
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/rtc/pion_constants.go
@@ -0,0 +1,5 @@
+package rtc
+
+const (
+	rtpOutboundMTU = 1200
+)
diff --git a/trunk/3rdparty/srs-bench/rtc/pion_mediaengine.go b/trunk/3rdparty/srs-bench/rtc/pion_mediaengine.go
new file mode 100644
index 000000000..a86e71f24
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/rtc/pion_mediaengine.go
@@ -0,0 +1,27 @@
+package rtc
+
+import (
+	"github.com/pion/rtp"
+	"github.com/pion/rtp/codecs"
+	"github.com/pion/webrtc/v3"
+	"strings"
+)
+
+func payloaderForCodec(codec webrtc.RTPCodecCapability) (rtp.Payloader, error) {
+	switch strings.ToLower(codec.MimeType) {
+	case strings.ToLower(webrtc.MimeTypeH264):
+		return &codecs.H264Payloader{}, nil
+	case strings.ToLower(webrtc.MimeTypeOpus):
+		return &codecs.OpusPayloader{}, nil
+	case strings.ToLower(webrtc.MimeTypeVP8):
+		return &codecs.VP8Payloader{}, nil
+	case strings.ToLower(webrtc.MimeTypeVP9):
+		return &codecs.VP9Payloader{}, nil
+	case strings.ToLower(webrtc.MimeTypeG722):
+		return &codecs.G722Payloader{}, nil
+	case strings.ToLower(webrtc.MimeTypePCMU), strings.ToLower(webrtc.MimeTypePCMA):
+		return &codecs.G711Payloader{}, nil
+	default:
+		return nil, webrtc.ErrNoPayloaderForCodec
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/rtc/pion_rtpcodec.go b/trunk/3rdparty/srs-bench/rtc/pion_rtpcodec.go
new file mode 100644
index 000000000..c7f85828b
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/rtc/pion_rtpcodec.go
@@ -0,0 +1,27 @@
+package rtc
+
+import (
+	"github.com/pion/webrtc/v3"
+	"strings"
+)
+
+// Do a fuzzy find for a codec in the list of codecs
+// Used for lookup up a codec in an existing list to find a match
+func codecParametersFuzzySearch(needle webrtc.RTPCodecParameters, haystack []webrtc.RTPCodecParameters) (webrtc.RTPCodecParameters, error) {
+	// First attempt to match on MimeType + SDPFmtpLine
+	for _, c := range haystack {
+		if strings.EqualFold(c.RTPCodecCapability.MimeType, needle.RTPCodecCapability.MimeType) &&
+			c.RTPCodecCapability.SDPFmtpLine == needle.RTPCodecCapability.SDPFmtpLine {
+			return c, nil
+		}
+	}
+
+	// Fallback to just MimeType
+	for _, c := range haystack {
+		if strings.EqualFold(c.RTPCodecCapability.MimeType, needle.RTPCodecCapability.MimeType) {
+			return c, nil
+		}
+	}
+
+	return webrtc.RTPCodecParameters{}, webrtc.ErrCodecNotFound
+}
diff --git a/trunk/3rdparty/srs-bench/rtc/pion_track_local_static.go b/trunk/3rdparty/srs-bench/rtc/pion_track_local_static.go
new file mode 100644
index 000000000..4bf40cdb9
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/rtc/pion_track_local_static.go
@@ -0,0 +1,246 @@
+package rtc
+
+import (
+	"github.com/pion/rtp"
+	"github.com/pion/webrtc/v3"
+	"github.com/pion/webrtc/v3/pkg/media"
+	"strings"
+	"sync"
+)
+
+// trackBinding is a single bind for a Track
+// Bind can be called multiple times, this stores the
+// result for a single bind call so that it can be used when writing
+type trackBinding struct {
+	id          string
+	ssrc        webrtc.SSRC
+	payloadType webrtc.PayloadType
+	writeStream webrtc.TrackLocalWriter
+}
+
+// TrackLocalStaticRTP  is a TrackLocal that has a pre-set codec and accepts RTP Packets.
+// If you wish to send a media.Sample use TrackLocalStaticSample
+type TrackLocalStaticRTP struct {
+	mu           sync.RWMutex
+	bindings     []trackBinding
+	codec        webrtc.RTPCodecCapability
+	id, streamID string
+}
+
+// NewTrackLocalStaticRTP returns a TrackLocalStaticRTP.
+func NewTrackLocalStaticRTP(c webrtc.RTPCodecCapability, id, streamID string) (*TrackLocalStaticRTP, error) {
+	return &TrackLocalStaticRTP{
+		codec:    c,
+		bindings: []trackBinding{},
+		id:       id,
+		streamID: streamID,
+	}, nil
+}
+
+// Bind is called by the PeerConnection after negotiation is complete
+// This asserts that the code requested is supported by the remote peer.
+// If so it setups all the state (SSRC and PayloadType) to have a call
+func (s *TrackLocalStaticRTP) Bind(t webrtc.TrackLocalContext) (webrtc.RTPCodecParameters, error) {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	parameters := webrtc.RTPCodecParameters{RTPCodecCapability: s.codec}
+	if codec, err := codecParametersFuzzySearch(parameters, t.CodecParameters()); err == nil {
+		s.bindings = append(s.bindings, trackBinding{
+			ssrc:        t.SSRC(),
+			payloadType: codec.PayloadType,
+			writeStream: t.WriteStream(),
+			id:          t.ID(),
+		})
+		return codec, nil
+	}
+
+	return webrtc.RTPCodecParameters{}, webrtc.ErrUnsupportedCodec
+}
+
+// Unbind implements the teardown logic when the track is no longer needed. This happens
+// because a track has been stopped.
+func (s *TrackLocalStaticRTP) Unbind(t webrtc.TrackLocalContext) error {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	for i := range s.bindings {
+		if s.bindings[i].id == t.ID() {
+			s.bindings[i] = s.bindings[len(s.bindings)-1]
+			s.bindings = s.bindings[:len(s.bindings)-1]
+			return nil
+		}
+	}
+
+	return webrtc.ErrUnbindFailed
+}
+
+// ID is the unique identifier for this Track. This should be unique for the
+// stream, but doesn't have to globally unique. A common example would be 'audio' or 'video'
+// and StreamID would be 'desktop' or 'webcam'
+func (s *TrackLocalStaticRTP) ID() string { return s.id }
+
+// StreamID is the group this track belongs too. This must be unique
+func (s *TrackLocalStaticRTP) StreamID() string { return s.streamID }
+
+// Kind controls if this TrackLocal is audio or video
+func (s *TrackLocalStaticRTP) Kind() webrtc.RTPCodecType {
+	switch {
+	case strings.HasPrefix(s.codec.MimeType, "audio/"):
+		return webrtc.RTPCodecTypeAudio
+	case strings.HasPrefix(s.codec.MimeType, "video/"):
+		return webrtc.RTPCodecTypeVideo
+	default:
+		return webrtc.RTPCodecType(0)
+	}
+}
+
+// Codec gets the Codec of the track
+func (s *TrackLocalStaticRTP) Codec() webrtc.RTPCodecCapability {
+	return s.codec
+}
+
+// WriteRTP writes a RTP Packet to the TrackLocalStaticRTP
+// If one PeerConnection fails the packets will still be sent to
+// all PeerConnections. The error message will contain the ID of the failed
+// PeerConnections so you can remove them
+func (s *TrackLocalStaticRTP) WriteRTP(p *rtp.Packet) error {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+
+	writeErrs := []error{}
+	outboundPacket := *p
+
+	for _, b := range s.bindings {
+		outboundPacket.Header.SSRC = uint32(b.ssrc)
+		outboundPacket.Header.PayloadType = uint8(b.payloadType)
+		if _, err := b.writeStream.WriteRTP(&outboundPacket.Header, outboundPacket.Payload); err != nil {
+			writeErrs = append(writeErrs, err)
+		}
+	}
+
+	return FlattenErrs(writeErrs)
+}
+
+// Write writes a RTP Packet as a buffer to the TrackLocalStaticRTP
+// If one PeerConnection fails the packets will still be sent to
+// all PeerConnections. The error message will contain the ID of the failed
+// PeerConnections so you can remove them
+func (s *TrackLocalStaticRTP) Write(b []byte) (n int, err error) {
+	packet := &rtp.Packet{}
+	if err = packet.Unmarshal(b); err != nil {
+		return 0, err
+	}
+
+	return len(b), s.WriteRTP(packet)
+}
+
+// TrackLocalStaticSample is a TrackLocal that has a pre-set codec and accepts Samples.
+// If you wish to send a RTP Packet use TrackLocalStaticRTP
+type TrackLocalStaticSample struct {
+	packetizer rtp.Packetizer
+	rtpTrack   *TrackLocalStaticRTP
+	clockRate  float64
+
+	// Set the callback before write RTP packet.
+	OnBeforeWritePacket func(rtp *rtp.Packet)
+}
+
+// NewTrackLocalStaticSample returns a TrackLocalStaticSample
+func NewTrackLocalStaticSample(c webrtc.RTPCodecCapability, id, streamID string) (*TrackLocalStaticSample, error) {
+	rtpTrack, err := NewTrackLocalStaticRTP(c, id, streamID)
+	if err != nil {
+		return nil, err
+	}
+
+	return &TrackLocalStaticSample{
+		rtpTrack: rtpTrack,
+	}, nil
+}
+
+// ID is the unique identifier for this Track. This should be unique for the
+// stream, but doesn't have to globally unique. A common example would be 'audio' or 'video'
+// and StreamID would be 'desktop' or 'webcam'
+func (s *TrackLocalStaticSample) ID() string { return s.rtpTrack.ID() }
+
+// StreamID is the group this track belongs too. This must be unique
+func (s *TrackLocalStaticSample) StreamID() string { return s.rtpTrack.StreamID() }
+
+// Kind controls if this TrackLocal is audio or video
+func (s *TrackLocalStaticSample) Kind() webrtc.RTPCodecType { return s.rtpTrack.Kind() }
+
+// Codec gets the Codec of the track
+func (s *TrackLocalStaticSample) Codec() webrtc.RTPCodecCapability {
+	return s.rtpTrack.Codec()
+}
+
+// Bind is called by the PeerConnection after negotiation is complete
+// This asserts that the code requested is supported by the remote peer.
+// If so it setups all the state (SSRC and PayloadType) to have a call
+func (s *TrackLocalStaticSample) Bind(t webrtc.TrackLocalContext) (webrtc.RTPCodecParameters, error) {
+	codec, err := s.rtpTrack.Bind(t)
+	if err != nil {
+		return codec, err
+	}
+
+	s.rtpTrack.mu.Lock()
+	defer s.rtpTrack.mu.Unlock()
+
+	// We only need one packetizer
+	if s.packetizer != nil {
+		return codec, nil
+	}
+
+	payloader, err := payloaderForCodec(codec.RTPCodecCapability)
+	if err != nil {
+		return codec, err
+	}
+
+	s.packetizer = rtp.NewPacketizer(
+		rtpOutboundMTU,
+		0, // Value is handled when writing
+		0, // Value is handled when writing
+		payloader,
+		rtp.NewRandomSequencer(),
+		codec.ClockRate,
+	)
+	s.clockRate = float64(codec.RTPCodecCapability.ClockRate)
+	return codec, nil
+}
+
+// Unbind implements the teardown logic when the track is no longer needed. This happens
+// because a track has been stopped.
+func (s *TrackLocalStaticSample) Unbind(t webrtc.TrackLocalContext) error {
+	return s.rtpTrack.Unbind(t)
+}
+
+// WriteSample writes a Sample to the TrackLocalStaticSample
+// If one PeerConnection fails the packets will still be sent to
+// all PeerConnections. The error message will contain the ID of the failed
+// PeerConnections so you can remove them
+func (s *TrackLocalStaticSample) WriteSample(sample media.Sample) error {
+	s.rtpTrack.mu.RLock()
+	p := s.packetizer
+	clockRate := s.clockRate
+	s.rtpTrack.mu.RUnlock()
+
+	if p == nil {
+		return nil
+	}
+
+	samples := sample.Duration.Seconds() * clockRate
+	packets := p.(rtp.Packetizer).Packetize(sample.Data, uint32(samples))
+
+	writeErrs := []error{}
+	for _, p := range packets {
+		if s.OnBeforeWritePacket != nil {
+			s.OnBeforeWritePacket(p)
+		}
+
+		if err := s.rtpTrack.WriteRTP(p); err != nil {
+			writeErrs = append(writeErrs, err)
+		}
+	}
+
+	return FlattenErrs(writeErrs)
+}
diff --git a/trunk/3rdparty/srs-bench/rtc/pion_util.go b/trunk/3rdparty/srs-bench/rtc/pion_util.go
new file mode 100644
index 000000000..75ffe4601
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/rtc/pion_util.go
@@ -0,0 +1,10 @@
+package rtc
+
+import "fmt"
+
+func FlattenErrs(errors []error) error {
+	if len(errors) == 0 {
+		return nil
+	}
+	return fmt.Errorf("%v", errors)
+}
diff --git a/trunk/3rdparty/srs-bench/srs/player.go b/trunk/3rdparty/srs-bench/srs/player.go
new file mode 100644
index 000000000..8977248e6
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/srs/player.go
@@ -0,0 +1,262 @@
+package srs
+
+import (
+	"context"
+	"fmt"
+	"github.com/ossrs/go-oryx-lib/errors"
+	"github.com/ossrs/go-oryx-lib/logger"
+	"github.com/pion/interceptor"
+	"github.com/pion/rtcp"
+	"github.com/pion/sdp/v3"
+	"github.com/pion/webrtc/v3"
+	"github.com/pion/webrtc/v3/pkg/media"
+	"github.com/pion/webrtc/v3/pkg/media/h264writer"
+	"github.com/pion/webrtc/v3/pkg/media/ivfwriter"
+	"github.com/pion/webrtc/v3/pkg/media/oggwriter"
+	"strings"
+	"sync"
+	"time"
+)
+
+// @see https://github.com/pion/webrtc/blob/master/examples/save-to-disk/main.go
+func StartPlay(ctx context.Context, r, dumpAudio, dumpVideo string, enableAudioLevel, enableTWCC bool, pli int) error {
+	ctx = logger.WithContext(ctx)
+
+	logger.Tf(ctx, "Start play url=%v, audio=%v, video=%v, audio-level=%v, twcc=%v",
+		r, dumpAudio, dumpVideo, enableAudioLevel, enableTWCC)
+
+	// For audio-level.
+	webrtcNewPeerConnection := func(configuration webrtc.Configuration) (*webrtc.PeerConnection, error) {
+		m := &webrtc.MediaEngine{}
+		if err := m.RegisterDefaultCodecs(); err != nil {
+			return nil, err
+		}
+
+		for _, extension := range []string{sdp.SDESMidURI, sdp.SDESRTPStreamIDURI, sdp.TransportCCURI} {
+			if extension == sdp.TransportCCURI && !enableTWCC {
+				continue
+			}
+			if err := m.RegisterHeaderExtension(webrtc.RTPHeaderExtensionCapability{URI: extension}, webrtc.RTPCodecTypeVideo); err != nil {
+				return nil, err
+			}
+		}
+
+		// https://github.com/pion/ion/issues/130
+		// https://github.com/pion/ion-sfu/pull/373/files#diff-6f42c5ac6f8192dd03e5a17e9d109e90cb76b1a4a7973be6ce44a89ffd1b5d18R73
+		for _, extension := range []string{sdp.SDESMidURI, sdp.SDESRTPStreamIDURI, sdp.AudioLevelURI} {
+			if extension == sdp.AudioLevelURI && !enableAudioLevel {
+				continue
+			}
+			if err := m.RegisterHeaderExtension(webrtc.RTPHeaderExtensionCapability{URI: extension}, webrtc.RTPCodecTypeAudio); err != nil {
+				return nil, err
+			}
+		}
+
+		i := &interceptor.Registry{}
+		if err := webrtc.RegisterDefaultInterceptors(m, i); err != nil {
+			return nil, err
+		}
+
+		api := webrtc.NewAPI(webrtc.WithMediaEngine(m), webrtc.WithInterceptorRegistry(i))
+		return api.NewPeerConnection(configuration)
+	}
+
+	pc, err := webrtcNewPeerConnection(webrtc.Configuration{})
+	if err != nil {
+		return errors.Wrapf(err, "Create PC")
+	}
+	defer pc.Close()
+
+	pc.AddTransceiverFromKind(webrtc.RTPCodecTypeAudio, webrtc.RTPTransceiverInit{
+		Direction: webrtc.RTPTransceiverDirectionRecvonly,
+	})
+	pc.AddTransceiverFromKind(webrtc.RTPCodecTypeVideo, webrtc.RTPTransceiverInit{
+		Direction: webrtc.RTPTransceiverDirectionRecvonly,
+	})
+
+	offer, err := pc.CreateOffer(nil)
+	if err != nil {
+		return errors.Wrapf(err, "Create Offer")
+	}
+
+	if err := pc.SetLocalDescription(offer); err != nil {
+		return errors.Wrapf(err, "Set offer %v", offer)
+	}
+
+	answer, err := apiRtcRequest(ctx, "/rtc/v1/play", r, offer.SDP)
+	if err != nil {
+		return errors.Wrapf(err, "Api request offer=%v", offer.SDP)
+	}
+
+	if err := pc.SetRemoteDescription(webrtc.SessionDescription{
+		Type: webrtc.SDPTypeAnswer, SDP: answer,
+	}); err != nil {
+		return errors.Wrapf(err, "Set answer %v", answer)
+	}
+
+	var da media.Writer
+	var dv_vp8 media.Writer
+	var dv_h264 media.Writer
+	defer func() {
+		if da != nil {
+			da.Close()
+		}
+		if dv_vp8 != nil {
+			dv_vp8.Close()
+		}
+		if dv_h264 != nil {
+			dv_h264.Close()
+		}
+	}()
+
+	handleTrack := func(ctx context.Context, track *webrtc.TrackRemote, receiver *webrtc.RTPReceiver) error {
+		// Send a PLI on an interval so that the publisher is pushing a keyframe
+		go func() {
+			if track.Kind() == webrtc.RTPCodecTypeAudio {
+				return
+			}
+
+			if pli <= 0 {
+				return
+			}
+
+			for {
+				select {
+				case <-ctx.Done():
+					return
+				case <-time.After(time.Duration(pli) * time.Second):
+					_ = pc.WriteRTCP([]rtcp.Packet{&rtcp.PictureLossIndication{
+						MediaSSRC: uint32(track.SSRC()),
+					}})
+				}
+			}
+		}()
+
+		codec := track.Codec()
+
+		trackDesc := fmt.Sprintf("channels=%v", codec.Channels)
+		if track.Kind() == webrtc.RTPCodecTypeVideo {
+			trackDesc = fmt.Sprintf("fmtp=%v", codec.SDPFmtpLine)
+		}
+		if headers := receiver.GetParameters().HeaderExtensions; len(headers) > 0 {
+			trackDesc = fmt.Sprintf("%v, header=%v", trackDesc, headers)
+		}
+		logger.Tf(ctx, "Got track %v, pt=%v, tbn=%v, %v",
+			codec.MimeType, codec.PayloadType, codec.ClockRate, trackDesc)
+
+		if codec.MimeType == "audio/opus" {
+			if da == nil && dumpAudio != "" {
+				if da, err = oggwriter.New(dumpAudio, codec.ClockRate, codec.Channels); err != nil {
+					return errors.Wrapf(err, "New audio dumper")
+				}
+				logger.Tf(ctx, "Open ogg writer file=%v, tbn=%v, channels=%v",
+					dumpAudio, codec.ClockRate, codec.Channels)
+			}
+
+			if err = writeTrackToDisk(ctx, da, track); err != nil {
+				return errors.Wrapf(err, "Write audio disk")
+			}
+		} else if codec.MimeType == "video/VP8" {
+			if dumpVideo != "" && !strings.HasSuffix(dumpVideo, ".ivf") {
+				return errors.Errorf("%v should be .ivf for VP8", dumpVideo)
+			}
+
+			if dv_vp8 == nil && dumpVideo != "" {
+				if dv_vp8, err = ivfwriter.New(dumpVideo); err != nil {
+					return errors.Wrapf(err, "New video dumper")
+				}
+				logger.Tf(ctx, "Open ivf writer file=%v", dumpVideo)
+			}
+
+			if err = writeTrackToDisk(ctx, dv_vp8, track); err != nil {
+				return errors.Wrapf(err, "Write video disk")
+			}
+		} else if codec.MimeType == "video/H264" {
+			if dumpVideo != "" && !strings.HasSuffix(dumpVideo, ".h264") {
+				return errors.Errorf("%v should be .h264 for H264", dumpVideo)
+			}
+
+			if dv_h264 == nil && dumpVideo != "" {
+				if dv_h264, err = h264writer.New(dumpVideo); err != nil {
+					return errors.Wrapf(err, "New video dumper")
+				}
+				logger.Tf(ctx, "Open h264 writer file=%v", dumpVideo)
+			}
+
+			if err = writeTrackToDisk(ctx, dv_h264, track); err != nil {
+				return errors.Wrapf(err, "Write video disk")
+			}
+		} else {
+			logger.Wf(ctx, "Ignore track %v pt=%v", codec.MimeType, codec.PayloadType)
+		}
+		return nil
+	}
+
+	ctx, cancel := context.WithCancel(ctx)
+	pc.OnTrack(func(track *webrtc.TrackRemote, receiver *webrtc.RTPReceiver) {
+		err = handleTrack(ctx, track, receiver)
+		if err != nil {
+			codec := track.Codec()
+			err = errors.Wrapf(err, "Handle  track %v, pt=%v", codec.MimeType, codec.PayloadType)
+			cancel()
+		}
+	})
+
+	pc.OnICEConnectionStateChange(func(state webrtc.ICEConnectionState) {
+		logger.If(ctx, "ICE state %v", state)
+
+		if state == webrtc.ICEConnectionStateFailed || state == webrtc.ICEConnectionStateClosed {
+			if ctx.Err() != nil {
+				return
+			}
+
+			logger.Wf(ctx, "Close for ICE state %v", state)
+			cancel()
+		}
+	})
+
+	// Wait for event from context or tracks.
+	var wg sync.WaitGroup
+
+	wg.Add(1)
+	go func() {
+		defer wg.Done()
+
+		for {
+			select {
+			case <-ctx.Done():
+				return
+			case <-time.After(5 * time.Second):
+				StatRTC.PeerConnection = pc.GetStats()
+			}
+		}
+	}()
+
+	wg.Wait()
+	return err
+}
+
+func writeTrackToDisk(ctx context.Context, w media.Writer, track *webrtc.TrackRemote) error {
+	for ctx.Err() == nil {
+		pkt, _, err := track.ReadRTP()
+		if err != nil {
+			if ctx.Err() != nil {
+				return nil
+			}
+			return errors.Wrapf(err, "Read RTP")
+		}
+
+		if w == nil {
+			continue
+		}
+
+		if err := w.WriteRTP(pkt); err != nil {
+			if len(pkt.Payload) <= 2 {
+				continue
+			}
+			logger.Wf(ctx, "Ignore write RTP %vB err %+v", len(pkt.Payload), err)
+		}
+	}
+
+	return ctx.Err()
+}
diff --git a/trunk/3rdparty/srs-bench/srs/publisher.go b/trunk/3rdparty/srs-bench/srs/publisher.go
new file mode 100644
index 000000000..172ff9e21
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/srs/publisher.go
@@ -0,0 +1,429 @@
+package srs
+
+import (
+	"context"
+	"github.com/ossrs/go-oryx-lib/errors"
+	"github.com/ossrs/go-oryx-lib/logger"
+	"github.com/ossrs/srs-bench/rtc"
+	"github.com/pion/interceptor"
+	"github.com/pion/rtp"
+	"github.com/pion/sdp/v3"
+	"github.com/pion/webrtc/v3"
+	"github.com/pion/webrtc/v3/pkg/media"
+	"github.com/pion/webrtc/v3/pkg/media/h264reader"
+	"github.com/pion/webrtc/v3/pkg/media/oggreader"
+	"io"
+	"os"
+	"strings"
+	"sync"
+	"time"
+)
+
+// @see https://github.com/pion/webrtc/blob/master/examples/play-from-disk/main.go
+func StartPublish(ctx context.Context, r, sourceAudio, sourceVideo string, fps int, enableAudioLevel, enableTWCC bool) error {
+	ctx = logger.WithContext(ctx)
+
+	logger.Tf(ctx, "Start publish url=%v, audio=%v, video=%v, fps=%v, audio-level=%v, twcc=%v",
+		r, sourceAudio, sourceVideo, fps, enableAudioLevel, enableTWCC)
+
+	// For audio-level.
+	webrtcNewPeerConnection := func(configuration webrtc.Configuration) (*webrtc.PeerConnection, error) {
+		m := &webrtc.MediaEngine{}
+		if err := m.RegisterDefaultCodecs(); err != nil {
+			return nil, err
+		}
+
+		for _, extension := range []string{sdp.SDESMidURI, sdp.SDESRTPStreamIDURI, sdp.TransportCCURI} {
+			if extension == sdp.TransportCCURI && !enableTWCC {
+				continue
+			}
+			if err := m.RegisterHeaderExtension(webrtc.RTPHeaderExtensionCapability{URI: extension}, webrtc.RTPCodecTypeVideo); err != nil {
+				return nil, err
+			}
+		}
+
+		// https://github.com/pion/ion/issues/130
+		// https://github.com/pion/ion-sfu/pull/373/files#diff-6f42c5ac6f8192dd03e5a17e9d109e90cb76b1a4a7973be6ce44a89ffd1b5d18R73
+		for _, extension := range []string{sdp.SDESMidURI, sdp.SDESRTPStreamIDURI, sdp.AudioLevelURI} {
+			if extension == sdp.AudioLevelURI && !enableAudioLevel {
+				continue
+			}
+			if err := m.RegisterHeaderExtension(webrtc.RTPHeaderExtensionCapability{URI: extension}, webrtc.RTPCodecTypeAudio); err != nil {
+				return nil, err
+			}
+		}
+
+		i := &interceptor.Registry{}
+		if err := webrtc.RegisterDefaultInterceptors(m, i); err != nil {
+			return nil, err
+		}
+
+		api := webrtc.NewAPI(webrtc.WithMediaEngine(m), webrtc.WithInterceptorRegistry(i))
+		return api.NewPeerConnection(configuration)
+	}
+
+	pc, err := webrtcNewPeerConnection(webrtc.Configuration{})
+	if err != nil {
+		return errors.Wrapf(err, "Create PC")
+	}
+	defer pc.Close()
+
+	var sVideoTrack *rtc.TrackLocalStaticSample
+	var sVideoSender *webrtc.RTPSender
+	if sourceVideo != "" {
+		mimeType, trackID := "video/H264", "video"
+		if strings.HasSuffix(sourceVideo, ".ivf") {
+			mimeType = "video/VP8"
+		}
+
+		sVideoTrack, err = rtc.NewTrackLocalStaticSample(
+			webrtc.RTPCodecCapability{MimeType: mimeType, ClockRate: 90000}, trackID, "pion",
+		)
+		if err != nil {
+			return errors.Wrapf(err, "Create video track")
+		}
+
+		sVideoSender, err = pc.AddTrack(sVideoTrack)
+		if err != nil {
+			return errors.Wrapf(err, "Add video track")
+		}
+		sVideoSender.Stop()
+	}
+
+	var sAudioTrack *rtc.TrackLocalStaticSample
+	var sAudioSender *webrtc.RTPSender
+	if sourceAudio != "" {
+		mimeType, trackID := "audio/opus", "audio"
+		sAudioTrack, err = rtc.NewTrackLocalStaticSample(
+			webrtc.RTPCodecCapability{MimeType: mimeType, ClockRate: 48000, Channels: 2}, trackID, "pion",
+		)
+		if err != nil {
+			return errors.Wrapf(err, "Create audio track")
+		}
+
+		sAudioSender, err = pc.AddTrack(sAudioTrack)
+		if err != nil {
+			return errors.Wrapf(err, "Add audio track")
+		}
+		defer sAudioSender.Stop()
+	}
+
+	offer, err := pc.CreateOffer(nil)
+	if err != nil {
+		return errors.Wrapf(err, "Create Offer")
+	}
+
+	if err := pc.SetLocalDescription(offer); err != nil {
+		return errors.Wrapf(err, "Set offer %v", offer)
+	}
+
+	answer, err := apiRtcRequest(ctx, "/rtc/v1/publish", r, offer.SDP)
+	if err != nil {
+		return errors.Wrapf(err, "Api request offer=%v", offer.SDP)
+	}
+
+	if err := pc.SetRemoteDescription(webrtc.SessionDescription{
+		Type: webrtc.SDPTypeAnswer, SDP: answer,
+	}); err != nil {
+		return errors.Wrapf(err, "Set answer %v", answer)
+	}
+
+	logger.Tf(ctx, "State signaling=%v, ice=%v, conn=%v", pc.SignalingState(), pc.ICEConnectionState(), pc.ConnectionState())
+
+	// ICE state management.
+	pc.OnICEConnectionStateChange(func(state webrtc.ICEConnectionState) {
+		logger.Tf(ctx, "ICE state %v", state)
+	})
+
+	pc.OnSignalingStateChange(func(state webrtc.SignalingState) {
+		logger.Tf(ctx, "Signaling state %v", state)
+	})
+
+	sAudioSender.Transport().OnStateChange(func(state webrtc.DTLSTransportState) {
+		logger.Tf(ctx, "DTLS state %v", state)
+	})
+
+	ctx, cancel := context.WithCancel(ctx)
+	pcDone, pcDoneCancel := context.WithCancel(context.Background())
+	pc.OnConnectionStateChange(func(state webrtc.PeerConnectionState) {
+		logger.Tf(ctx, "PC state %v", state)
+
+		if state == webrtc.PeerConnectionStateConnected {
+			pcDoneCancel()
+		}
+
+		if state == webrtc.PeerConnectionStateFailed || state == webrtc.PeerConnectionStateClosed {
+			if ctx.Err() != nil {
+				return
+			}
+
+			logger.Wf(ctx, "Close for PC state %v", state)
+			cancel()
+		}
+	})
+
+	// Wait for event from context or tracks.
+	var wg sync.WaitGroup
+
+	wg.Add(1)
+	go func() {
+		defer wg.Done()
+
+		if sAudioSender == nil {
+			return
+		}
+
+		select {
+		case <-ctx.Done():
+		case <-pcDone.Done():
+			logger.Tf(ctx, "PC(ICE+DTLS+SRTP) done, start read audio packets")
+		}
+
+		buf := make([]byte, 1500)
+		for ctx.Err() == nil {
+			if _, _, err := sAudioSender.Read(buf); err != nil {
+				return
+			}
+		}
+	}()
+
+	wg.Add(1)
+	go func() {
+		defer wg.Done()
+
+		if sAudioTrack == nil {
+			return
+		}
+
+		select {
+		case <-ctx.Done():
+		case <-pcDone.Done():
+			logger.Tf(ctx, "PC(ICE+DTLS+SRTP) done, start ingest audio %v", sourceAudio)
+		}
+
+		for ctx.Err() == nil {
+			if err := readAudioTrackFromDisk(ctx, sourceAudio, sAudioSender, sAudioTrack); err != nil {
+				if errors.Cause(err) == io.EOF {
+					logger.Tf(ctx, "EOF, restart ingest audio %v", sourceAudio)
+					continue
+				}
+				logger.Wf(ctx, "Ignore audio err %+v", err)
+			}
+		}
+	}()
+
+	wg.Add(1)
+	go func() {
+		defer wg.Done()
+
+		if sVideoSender == nil {
+			return
+		}
+
+		select {
+		case <-ctx.Done():
+		case <-pcDone.Done():
+			logger.Tf(ctx, "PC(ICE+DTLS+SRTP) done, start read video packets")
+		}
+
+		buf := make([]byte, 1500)
+		for ctx.Err() == nil {
+			if _, _, err := sVideoSender.Read(buf); err != nil {
+				return
+			}
+		}
+	}()
+
+	wg.Add(1)
+	go func() {
+		defer wg.Done()
+
+		if sVideoTrack == nil {
+			return
+		}
+
+		select {
+		case <-ctx.Done():
+		case <-pcDone.Done():
+			logger.Tf(ctx, "PC(ICE+DTLS+SRTP) done, start ingest video %v", sourceVideo)
+		}
+
+		for ctx.Err() == nil {
+			if err := readVideoTrackFromDisk(ctx, sourceVideo, sVideoSender, fps, sVideoTrack); err != nil {
+				if errors.Cause(err) == io.EOF {
+					logger.Tf(ctx, "EOF, restart ingest video %v", sourceVideo)
+					continue
+				}
+				logger.Wf(ctx, "Ignore video err %+v", err)
+			}
+		}
+	}()
+
+	wg.Add(1)
+	go func() {
+		defer wg.Done()
+
+		for {
+			select {
+			case <-ctx.Done():
+				return
+			case <-time.After(5 * time.Second):
+				StatRTC.PeerConnection = pc.GetStats()
+			}
+		}
+	}()
+
+	wg.Wait()
+	return nil
+}
+
+func readAudioTrackFromDisk(ctx context.Context, source string, sender *webrtc.RTPSender, track *rtc.TrackLocalStaticSample) error {
+	f, err := os.Open(source)
+	if err != nil {
+		return errors.Wrapf(err, "Open file %v", source)
+	}
+	defer f.Close()
+
+	ogg, _, err := oggreader.NewWith(f)
+	if err != nil {
+		return errors.Wrapf(err, "Open ogg %v", source)
+	}
+
+	enc := sender.GetParameters().Encodings[0]
+	codec := sender.GetParameters().Codecs[0]
+	headers := sender.GetParameters().HeaderExtensions
+	logger.Tf(ctx, "Audio %v, tbn=%v, channels=%v, ssrc=%v, pt=%v, header=%v",
+		codec.MimeType, codec.ClockRate, codec.Channels, enc.SSRC, codec.PayloadType, headers)
+
+	// Whether should encode the audio-level in RTP header.
+	var audioLevel *webrtc.RTPHeaderExtensionParameter
+	for _, h := range headers {
+		if h.URI == sdp.AudioLevelURI {
+			audioLevel = &h
+		}
+	}
+
+	clock := newWallClock()
+	var lastGranule uint64
+
+	for ctx.Err() == nil {
+		pageData, pageHeader, err := ogg.ParseNextPage()
+		if err == io.EOF {
+			return nil
+		}
+		if err != nil {
+			return errors.Wrapf(err, "Read ogg")
+		}
+
+		// The amount of samples is the difference between the last and current timestamp
+		sampleCount := uint64(pageHeader.GranulePosition - lastGranule)
+		lastGranule = pageHeader.GranulePosition
+		sampleDuration := time.Duration(uint64(time.Millisecond) * 1000 * sampleCount / uint64(codec.ClockRate))
+
+		// For audio-level, set the extensions if negotiated.
+		track.OnBeforeWritePacket = func(p *rtp.Packet) {
+			if audioLevel != nil {
+				if b, err := new(rtp.AudioLevelExtension).Marshal(); err == nil {
+					p.SetExtension(uint8(audioLevel.ID), b)
+				}
+			}
+		}
+
+		if err = track.WriteSample(media.Sample{Data: pageData, Duration: sampleDuration}); err != nil {
+			return errors.Wrapf(err, "Write sample")
+		}
+
+		if d := clock.Tick(sampleDuration); d > 0 {
+			time.Sleep(d)
+		}
+	}
+
+	return nil
+}
+
+func readVideoTrackFromDisk(ctx context.Context, source string, sender *webrtc.RTPSender, fps int, track *rtc.TrackLocalStaticSample) error {
+	f, err := os.Open(source)
+	if err != nil {
+		return errors.Wrapf(err, "Open file %v", source)
+	}
+	defer f.Close()
+
+	// TODO: FIXME: Support ivf for vp8.
+	h264, err := h264reader.NewReader(f)
+	if err != nil {
+		return errors.Wrapf(err, "Open h264 %v", source)
+	}
+
+	enc := sender.GetParameters().Encodings[0]
+	codec := sender.GetParameters().Codecs[0]
+	headers := sender.GetParameters().HeaderExtensions
+	logger.Tf(ctx, "Video %v, tbn=%v, fps=%v, ssrc=%v, pt=%v, header=%v",
+		codec.MimeType, codec.ClockRate, fps, enc.SSRC, codec.PayloadType, headers)
+
+	clock := newWallClock()
+	sampleDuration := time.Duration(uint64(time.Millisecond) * 1000 / uint64(fps))
+	for ctx.Err() == nil {
+		var sps, pps *h264reader.NAL
+		var oFrames []*h264reader.NAL
+		for ctx.Err() == nil {
+			frame, err := h264.NextNAL()
+			if err == io.EOF {
+				return nil
+			}
+			if err != nil {
+				return errors.Wrapf(err, "Read h264")
+			}
+
+			oFrames = append(oFrames, frame)
+			logger.If(ctx, "NALU %v PictureOrderCount=%v, ForbiddenZeroBit=%v, RefIdc=%v, %v bytes",
+				frame.UnitType.String(), frame.PictureOrderCount, frame.ForbiddenZeroBit, frame.RefIdc, len(frame.Data))
+
+			if frame.UnitType == h264reader.NalUnitTypeSPS {
+				sps = frame
+			} else if frame.UnitType == h264reader.NalUnitTypePPS {
+				pps = frame
+			} else {
+				break
+			}
+		}
+
+		var frames []*h264reader.NAL
+		// Package SPS/PPS to STAP-A
+		if sps != nil && pps != nil {
+			stapA := packageAsSTAPA(sps, pps)
+			frames = append(frames, stapA)
+		}
+		// Append other original frames.
+		for _, frame := range oFrames {
+			if frame.UnitType != h264reader.NalUnitTypeSPS && frame.UnitType != h264reader.NalUnitTypePPS {
+				frames = append(frames, frame)
+			}
+		}
+
+		// Covert frames to sample(buffers).
+		for i, frame := range frames {
+			sample := media.Sample{Data: frame.Data, Duration: sampleDuration}
+			// Use the sample timestamp for frames.
+			if i != len(frames)-1 {
+				sample.Duration = 0
+			}
+
+			// For STAP-A, set marker to false, to make Chrome happy.
+			track.OnBeforeWritePacket = func(p *rtp.Packet) {
+				if i < len(frames)-1 {
+					p.Header.Marker = false
+				}
+			}
+
+			if err = track.WriteSample(sample); err != nil {
+				return errors.Wrapf(err, "Write sample")
+			}
+		}
+
+		if d := clock.Tick(sampleDuration); d > 0 {
+			time.Sleep(d)
+		}
+	}
+
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/srs/rtc_test.go b/trunk/3rdparty/srs-bench/srs/rtc_test.go
new file mode 100644
index 000000000..da7d89949
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/srs/rtc_test.go
@@ -0,0 +1,449 @@
+package srs
+
+import (
+	"context"
+	"encoding/json"
+	"flag"
+	"fmt"
+	"github.com/ossrs/go-oryx-lib/errors"
+	"github.com/ossrs/go-oryx-lib/logger"
+	"github.com/ossrs/srs-bench/rtc"
+	"github.com/pion/rtcp"
+	"github.com/pion/webrtc/v3"
+	"io"
+	"io/ioutil"
+	"net/http"
+	"os"
+	"strings"
+	"sync"
+	"testing"
+	"time"
+)
+
+var srsSchema = "http"
+var srsHttps = flag.Bool("srs-https", false, "Whther connect to HTTPS-API")
+var srsServer = flag.String("srs-server", "127.0.0.1", "The RTC server to connect to")
+var srsStream = flag.String("srs-stream", "/rtc/regression", "The RTC stream to play")
+var srsLog = flag.Bool("srs-log", false, "Whether enable the detail log")
+var srsTimeout = flag.Int("srs-timeout", 3000, "For each case, the timeout in ms")
+var srsPlayPLI = flag.Int("srs-play-pli", 5000, "The PLI interval in seconds for player.")
+var srsPlayOKPackets = flag.Int("srs-play-ok-packets", 10, "If got N packets, it's ok, or fail")
+var srsPublishAudio = flag.String("srs-publish-audio", "avatar.ogg", "The audio file for publisher.")
+var srsPublishVideo = flag.String("srs-publish-video", "avatar.h264", "The video file for publisher.")
+var srsPublishVideoFps = flag.Int("srs-publish-video-fps", 25, "The video fps for publisher.")
+
+func TestMain(m *testing.M) {
+	// Should parse it first.
+	flag.Parse()
+
+	// The stream should starts with /, for example, /rtc/regression
+	if strings.HasPrefix(*srsStream, "/") {
+		*srsStream = "/" + *srsStream
+	}
+
+	// Generate srs protocol from whether use HTTPS.
+	if *srsHttps {
+		srsSchema = "https"
+	}
+
+	// Disable the logger during all tests.
+	logger.Tf(nil, "sys log %v", *srsLog)
+
+	if *srsLog == false {
+		olw := logger.Switch(ioutil.Discard)
+		defer func() {
+			logger.Switch(olw)
+		}()
+	}
+
+	// Run tests.
+	os.Exit(m.Run())
+}
+
+func TestRTCServerVersion(t *testing.T) {
+	api := fmt.Sprintf("http://%v:1985/api/v1/versions", *srsServer)
+	req, err := http.NewRequest("POST", api, nil)
+	if err != nil {
+		t.Errorf("Request %v", api)
+		return
+	}
+
+	res, err := http.DefaultClient.Do(req)
+	if err != nil {
+		t.Errorf("Do request %v", api)
+		return
+	}
+
+	b, err := ioutil.ReadAll(res.Body)
+	if err != nil {
+		t.Errorf("Read body of %v", api)
+		return
+	}
+
+	obj := struct {
+		Code   int    `json:"code"`
+		Server string `json:"server"`
+		Data   struct {
+			Major    int    `json:"major"`
+			Minor    int    `json:"minor"`
+			Revision int    `json:"revision"`
+			Version  string `json:"version"`
+		} `json:"data"`
+	}{}
+	if err := json.Unmarshal(b, &obj); err != nil {
+		t.Errorf("Parse %v", string(b))
+		return
+	}
+	if obj.Code != 0 {
+		t.Errorf("Server err code=%v, server=%v", obj.Code, obj.Server)
+		return
+	}
+	if obj.Data.Major == 0 && obj.Data.Minor == 0 {
+		t.Errorf("Invalid version %v", obj.Data)
+		return
+	}
+}
+
+func TestRTCServerPublishPlay(t *testing.T) {
+	ctx := logger.WithContext(context.Background())
+	ctx, cancel := context.WithCancel(ctx)
+
+	r := fmt.Sprintf("%v://%v%v", srsSchema, *srsServer, *srsStream)
+	publishReady, publishReadyCancel := context.WithCancel(context.Background())
+
+	startPlay := func(ctx context.Context) error {
+		logger.Tf(ctx, "Start play url=%v", r)
+
+		pc, err := webrtc.NewPeerConnection(webrtc.Configuration{})
+		if err != nil {
+			return errors.Wrapf(err, "Create PC")
+		}
+		defer pc.Close()
+
+		pc.AddTransceiverFromKind(webrtc.RTPCodecTypeAudio, webrtc.RTPTransceiverInit{
+			Direction: webrtc.RTPTransceiverDirectionRecvonly,
+		})
+		pc.AddTransceiverFromKind(webrtc.RTPCodecTypeVideo, webrtc.RTPTransceiverInit{
+			Direction: webrtc.RTPTransceiverDirectionRecvonly,
+		})
+
+		offer, err := pc.CreateOffer(nil)
+		if err != nil {
+			return errors.Wrapf(err, "Create Offer")
+		}
+
+		if err := pc.SetLocalDescription(offer); err != nil {
+			return errors.Wrapf(err, "Set offer %v", offer)
+		}
+
+		answer, err := apiRtcRequest(ctx, "/rtc/v1/play", r, offer.SDP)
+		if err != nil {
+			return errors.Wrapf(err, "Api request offer=%v", offer.SDP)
+		}
+
+		if err := pc.SetRemoteDescription(webrtc.SessionDescription{
+			Type: webrtc.SDPTypeAnswer, SDP: answer,
+		}); err != nil {
+			return errors.Wrapf(err, "Set answer %v", answer)
+		}
+
+		handleTrack := func(ctx context.Context, track *webrtc.TrackRemote, receiver *webrtc.RTPReceiver) error {
+			// Send a PLI on an interval so that the publisher is pushing a keyframe
+			go func() {
+				if track.Kind() == webrtc.RTPCodecTypeAudio {
+					return
+				}
+
+				for {
+					select {
+					case <-ctx.Done():
+						return
+					case <-time.After(time.Duration(*srsPlayPLI) * time.Millisecond):
+						_ = pc.WriteRTCP([]rtcp.Packet{&rtcp.PictureLossIndication{
+							MediaSSRC: uint32(track.SSRC()),
+						}})
+					}
+				}
+			}()
+
+			// Try to read packets of track.
+			for i := 0; i < *srsPlayOKPackets && ctx.Err() == nil; i++ {
+				_, _, err := track.ReadRTP()
+				if err != nil {
+					return errors.Wrapf(err, "Read RTP")
+				}
+			}
+
+			// Completed.
+			cancel()
+
+			return nil
+		}
+
+		pc.OnTrack(func(track *webrtc.TrackRemote, receiver *webrtc.RTPReceiver) {
+			err = handleTrack(ctx, track, receiver)
+			if err != nil {
+				codec := track.Codec()
+				err = errors.Wrapf(err, "Handle  track %v, pt=%v", codec.MimeType, codec.PayloadType)
+				cancel()
+			}
+		})
+
+		pc.OnICEConnectionStateChange(func(state webrtc.ICEConnectionState) {
+			if state == webrtc.ICEConnectionStateFailed || state == webrtc.ICEConnectionStateClosed {
+				err = errors.Errorf("Close for ICE state %v", state)
+				cancel()
+			}
+		})
+
+		<-ctx.Done()
+		return err
+	}
+
+	startPublish := func(ctx context.Context) error {
+		sourceVideo := *srsPublishVideo
+		sourceAudio := *srsPublishAudio
+		fps := *srsPublishVideoFps
+
+		logger.Tf(ctx, "Start publish url=%v, audio=%v, video=%v, fps=%v",
+			r, sourceAudio, sourceVideo, fps)
+
+		pc, err := webrtc.NewPeerConnection(webrtc.Configuration{})
+		if err != nil {
+			return errors.Wrapf(err, "Create PC")
+		}
+		defer pc.Close()
+
+		var sVideoTrack *rtc.TrackLocalStaticSample
+		var sVideoSender *webrtc.RTPSender
+		if sourceVideo != "" {
+			mimeType, trackID := "video/H264", "video"
+			if strings.HasSuffix(sourceVideo, ".ivf") {
+				mimeType = "video/VP8"
+			}
+
+			sVideoTrack, err = rtc.NewTrackLocalStaticSample(
+				webrtc.RTPCodecCapability{MimeType: mimeType, ClockRate: 90000}, trackID, "pion",
+			)
+			if err != nil {
+				return errors.Wrapf(err, "Create video track")
+			}
+
+			sVideoSender, err = pc.AddTrack(sVideoTrack)
+			if err != nil {
+				return errors.Wrapf(err, "Add video track")
+			}
+			sVideoSender.Stop()
+		}
+
+		var sAudioTrack *rtc.TrackLocalStaticSample
+		var sAudioSender *webrtc.RTPSender
+		if sourceAudio != "" {
+			mimeType, trackID := "audio/opus", "audio"
+			sAudioTrack, err = rtc.NewTrackLocalStaticSample(
+				webrtc.RTPCodecCapability{MimeType: mimeType, ClockRate: 48000, Channels: 2}, trackID, "pion",
+			)
+			if err != nil {
+				return errors.Wrapf(err, "Create audio track")
+			}
+
+			sAudioSender, err = pc.AddTrack(sAudioTrack)
+			if err != nil {
+				return errors.Wrapf(err, "Add audio track")
+			}
+			defer sAudioSender.Stop()
+		}
+
+		offer, err := pc.CreateOffer(nil)
+		if err != nil {
+			return errors.Wrapf(err, "Create Offer")
+		}
+
+		if err := pc.SetLocalDescription(offer); err != nil {
+			return errors.Wrapf(err, "Set offer %v", offer)
+		}
+
+		answer, err := apiRtcRequest(ctx, "/rtc/v1/publish", r, offer.SDP)
+		if err != nil {
+			return errors.Wrapf(err, "Api request offer=%v", offer.SDP)
+		}
+
+		if err := pc.SetRemoteDescription(webrtc.SessionDescription{
+			Type: webrtc.SDPTypeAnswer, SDP: answer,
+		}); err != nil {
+			return errors.Wrapf(err, "Set answer %v", answer)
+		}
+
+		logger.Tf(ctx, "State signaling=%v, ice=%v, conn=%v", pc.SignalingState(), pc.ICEConnectionState(), pc.ConnectionState())
+
+		ctx, cancel := context.WithCancel(ctx)
+		pcDone, pcDoneCancel := context.WithCancel(context.Background())
+		pc.OnConnectionStateChange(func(state webrtc.PeerConnectionState) {
+			logger.Tf(ctx, "PC state %v", state)
+
+			if state == webrtc.PeerConnectionStateConnected {
+				pcDoneCancel()
+				publishReadyCancel()
+			}
+
+			if state == webrtc.PeerConnectionStateFailed || state == webrtc.PeerConnectionStateClosed {
+				err = errors.Errorf("Close for PC state %v", state)
+				cancel()
+			}
+		})
+
+		// Wait for event from context or tracks.
+		var wg sync.WaitGroup
+
+		wg.Add(1)
+		go func() {
+			defer wg.Done()
+
+			if sAudioSender == nil {
+				return
+			}
+
+			select {
+			case <-ctx.Done():
+			case <-pcDone.Done():
+			}
+
+			buf := make([]byte, 1500)
+			for ctx.Err() == nil {
+				if _, _, err := sAudioSender.Read(buf); err != nil {
+					return
+				}
+			}
+		}()
+
+		wg.Add(1)
+		go func() {
+			defer wg.Done()
+
+			if sAudioTrack == nil {
+				return
+			}
+
+			select {
+			case <-ctx.Done():
+			case <-pcDone.Done():
+			}
+
+			for ctx.Err() == nil {
+				if err := readAudioTrackFromDisk(ctx, sourceAudio, sAudioSender, sAudioTrack); err != nil {
+					if errors.Cause(err) == io.EOF {
+						logger.Tf(ctx, "EOF, restart ingest audio %v", sourceAudio)
+						continue
+					}
+					logger.Wf(ctx, "Ignore audio err %+v", err)
+				}
+			}
+		}()
+
+		wg.Add(1)
+		go func() {
+			defer wg.Done()
+
+			if sVideoSender == nil {
+				return
+			}
+
+			select {
+			case <-ctx.Done():
+			case <-pcDone.Done():
+				logger.Tf(ctx, "PC(ICE+DTLS+SRTP) done, start read video packets")
+			}
+
+			buf := make([]byte, 1500)
+			for ctx.Err() == nil {
+				if _, _, err := sVideoSender.Read(buf); err != nil {
+					return
+				}
+			}
+		}()
+
+		wg.Add(1)
+		go func() {
+			defer wg.Done()
+
+			if sVideoTrack == nil {
+				return
+			}
+
+			select {
+			case <-ctx.Done():
+			case <-pcDone.Done():
+				logger.Tf(ctx, "PC(ICE+DTLS+SRTP) done, start ingest video %v", sourceVideo)
+			}
+
+			for ctx.Err() == nil {
+				if err := readVideoTrackFromDisk(ctx, sourceVideo, sVideoSender, fps, sVideoTrack); err != nil {
+					if errors.Cause(err) == io.EOF {
+						logger.Tf(ctx, "EOF, restart ingest video %v", sourceVideo)
+						continue
+					}
+					logger.Wf(ctx, "Ignore video err %+v", err)
+				}
+			}
+		}()
+
+		wg.Wait()
+		return err
+	}
+
+	var wg sync.WaitGroup
+	errs := make(chan error, 0)
+
+	wg.Add(1)
+	go func() {
+		defer wg.Done()
+
+		// Wait for publisher to start first.
+		select {
+		case <-ctx.Done():
+			return
+		case <-publishReady.Done():
+		}
+
+		errs <- startPlay(logger.WithContext(ctx))
+		cancel()
+	}()
+
+	wg.Add(1)
+	go func() {
+		defer wg.Done()
+
+		errs <- startPublish(logger.WithContext(ctx))
+		cancel()
+	}()
+
+	wg.Add(1)
+	go func() {
+		defer wg.Done()
+
+		select {
+		case <-ctx.Done():
+		case <-time.After(time.Duration(*srsTimeout) * time.Millisecond):
+			errs <- errors.Errorf("timeout for %vms", *srsTimeout)
+			cancel()
+		}
+	}()
+
+	testDone, testDoneCancel := context.WithCancel(context.Background())
+	go func() {
+		wg.Wait()
+		testDoneCancel()
+	}()
+
+	// Handle errs, the test result.
+	for {
+		select {
+		case <-testDone.Done():
+			return
+		case err := <-errs:
+			if err != nil && err != context.Canceled && !t.Failed() {
+				t.Errorf("err %+v", err)
+			}
+		}
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/srs/stat.go b/trunk/3rdparty/srs-bench/srs/stat.go
new file mode 100644
index 000000000..35cbe3737
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/srs/stat.go
@@ -0,0 +1,47 @@
+package srs
+
+import (
+	"context"
+	"encoding/json"
+	"github.com/ossrs/go-oryx-lib/logger"
+	"net/http"
+	"strings"
+)
+
+type statRTC struct {
+	Publishers struct {
+		Expect int `json:"expect"`
+		Alive  int `json:"alive"`
+	} `json:"publishers"`
+	Subscribers struct {
+		Expect int `json:"expect"`
+		Alive  int `json:"alive"`
+	} `json:"subscribers"`
+	PeerConnection interface{} `json:"random-pc"`
+}
+
+var StatRTC statRTC
+
+func HandleStat(ctx context.Context, mux *http.ServeMux, l string) {
+	if strings.HasPrefix(l, ":") {
+		l = "127.0.0.1" + l
+	}
+
+	logger.Tf(ctx, "Handle http://%v/api/v1/sb/rtc", l)
+	mux.HandleFunc("/api/v1/sb/rtc", func(w http.ResponseWriter, r *http.Request) {
+		res := &struct {
+			Code int         `json:"code"`
+			Data interface{} `json:"data"`
+		}{
+			0, &StatRTC,
+		}
+
+		b, err := json.Marshal(res)
+		if err != nil {
+			logger.Wf(ctx, "marshal %v err %+v", res, err)
+			return
+		}
+
+		w.Write(b)
+	})
+}
diff --git a/trunk/3rdparty/srs-bench/srs/util.go b/trunk/3rdparty/srs-bench/srs/util.go
new file mode 100644
index 000000000..4e6b2f783
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/srs/util.go
@@ -0,0 +1,142 @@
+package srs
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"github.com/ossrs/go-oryx-lib/errors"
+	"github.com/ossrs/go-oryx-lib/logger"
+	"github.com/pion/webrtc/v3/pkg/media/h264reader"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+)
+
+func apiRtcRequest(ctx context.Context, apiPath, r, offer string) (string, error) {
+	u, err := url.Parse(r)
+	if err != nil {
+		return "", errors.Wrapf(err, "Parse url %v", r)
+	}
+
+	// Build api url.
+	host := u.Host
+	if !strings.Contains(host, ":") {
+		host += ":1985"
+	}
+
+	api := fmt.Sprintf("http://%v", host)
+	if !strings.HasPrefix(apiPath, "/") {
+		api += "/"
+	}
+	api += apiPath
+
+	if !strings.HasSuffix(apiPath, "/") {
+		api += "/"
+	}
+	if u.RawQuery != "" {
+		api += "?" + u.RawQuery
+	}
+
+	// Build JSON body.
+	reqBody := struct {
+		Api       string `json:"api"`
+		ClientIP  string `json:"clientip"`
+		SDP       string `json:"sdp"`
+		StreamURL string `json:"streamurl"`
+	}{
+		api, "", offer, r,
+	}
+
+	b, err := json.Marshal(reqBody)
+	if err != nil {
+		return "", errors.Wrapf(err, "Marshal body %v", reqBody)
+	}
+	logger.If(ctx, "Request url api=%v with %v", api, string(b))
+	logger.Tf(ctx, "Request url api=%v with %v bytes", api, len(b))
+
+	req, err := http.NewRequest("POST", api, strings.NewReader(string(b)))
+	if err != nil {
+		return "", errors.Wrapf(err, "HTTP request %v", string(b))
+	}
+
+	res, err := http.DefaultClient.Do(req.WithContext(ctx))
+	if err != nil {
+		return "", errors.Wrapf(err, "Do HTTP request %v", string(b))
+	}
+
+	b2, err := ioutil.ReadAll(res.Body)
+	if err != nil {
+		return "", errors.Wrapf(err, "Read response for %v", string(b))
+	}
+	logger.If(ctx, "Response from %v is %v", api, string(b2))
+	logger.Tf(ctx, "Response from %v is %v bytes", api, len(b2))
+
+	resBody := struct {
+		Code    int    `json:"code"`
+		Session string `json:"sessionid"`
+		SDP     string `json:"sdp"`
+	}{}
+	if err := json.Unmarshal(b2, &resBody); err != nil {
+		return "", errors.Wrapf(err, "Marshal %v", string(b2))
+	}
+
+	if resBody.Code != 0 {
+		return "", errors.Errorf("Server fail code=%v %v", resBody.Code, string(b2))
+	}
+	logger.If(ctx, "Parse response to code=%v, session=%v, sdp=%v",
+		resBody.Code, resBody.Session, escapeSDP(resBody.SDP))
+	logger.Tf(ctx, "Parse response to code=%v, session=%v, sdp=%v bytes",
+		resBody.Code, resBody.Session, len(resBody.SDP))
+
+	return string(resBody.SDP), nil
+}
+
+func escapeSDP(sdp string) string {
+	return strings.ReplaceAll(strings.ReplaceAll(sdp, "\r", "\\r"), "\n", "\\n")
+}
+
+func packageAsSTAPA(frames ...*h264reader.NAL) *h264reader.NAL {
+	first := frames[0]
+
+	buf := bytes.Buffer{}
+	buf.WriteByte(
+		byte(first.RefIdc<<5)&0x60 | byte(24), // STAP-A
+	)
+
+	for _, frame := range frames {
+		buf.WriteByte(byte(len(frame.Data) >> 8))
+		buf.WriteByte(byte(len(frame.Data)))
+		buf.Write(frame.Data)
+	}
+
+	return &h264reader.NAL{
+		PictureOrderCount: first.PictureOrderCount,
+		ForbiddenZeroBit:  false,
+		RefIdc:            first.RefIdc,
+		UnitType:          h264reader.NalUnitType(24), // STAP-A
+		Data:              buf.Bytes(),
+	}
+}
+
+type wallClock struct {
+	start    time.Time
+	duration time.Duration
+}
+
+func newWallClock() *wallClock {
+	return &wallClock{start: time.Now()}
+}
+
+func (v *wallClock) Tick(d time.Duration) time.Duration {
+	v.duration += d
+
+	wc := time.Now().Sub(v.start)
+	re := v.duration - wc
+	if re > 30*time.Millisecond {
+		return re
+	}
+	return 0
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/.travis.yml b/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/.travis.yml
new file mode 100644
index 000000000..d8156a60b
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/.travis.yml
@@ -0,0 +1,9 @@
+language: go
+
+go:
+  - 1.4.3
+  - 1.5.3
+  - tip
+
+script:
+  - go test -v ./...
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/CONTRIBUTING.md b/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/CONTRIBUTING.md
new file mode 100644
index 000000000..04fdf09f1
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/CONTRIBUTING.md
@@ -0,0 +1,10 @@
+# How to contribute
+
+We definitely welcome patches and contribution to this project!
+
+### Legal requirements
+
+In order to protect both you and ourselves, you will need to sign the
+[Contributor License Agreement](https://cla.developers.google.com/clas).
+
+You may have already signed it for other Google projects.
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/CONTRIBUTORS b/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/CONTRIBUTORS
new file mode 100644
index 000000000..b4bb97f6b
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/CONTRIBUTORS
@@ -0,0 +1,9 @@
+Paul Borman <borman@google.com>
+bmatsuo
+shawnps
+theory
+jboverfelt
+dsymonds
+cd1
+wallclockbuilder
+dansouza
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/LICENSE b/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/LICENSE
new file mode 100644
index 000000000..5dc68268d
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/LICENSE
@@ -0,0 +1,27 @@
+Copyright (c) 2009,2014 Google Inc. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+   * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/README.md b/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/README.md
new file mode 100644
index 000000000..f765a46f9
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/README.md
@@ -0,0 +1,19 @@
+# uuid ![build status](https://travis-ci.org/google/uuid.svg?branch=master)
+The uuid package generates and inspects UUIDs based on
+[RFC 4122](http://tools.ietf.org/html/rfc4122)
+and DCE 1.1: Authentication and Security Services. 
+
+This package is based on the github.com/pborman/uuid package (previously named
+code.google.com/p/go-uuid).  It differs from these earlier packages in that
+a UUID is a 16 byte array rather than a byte slice.  One loss due to this
+change is the ability to represent an invalid UUID (vs a NIL UUID).
+
+###### Install
+`go get github.com/google/uuid`
+
+###### Documentation 
+[![GoDoc](https://godoc.org/github.com/google/uuid?status.svg)](http://godoc.org/github.com/google/uuid)
+
+Full `go doc` style documentation for the package can be viewed online without
+installing this package by using the GoDoc site here: 
+http://pkg.go.dev/github.com/google/uuid
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/dce.go b/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/dce.go
new file mode 100644
index 000000000..fa820b9d3
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/dce.go
@@ -0,0 +1,80 @@
+// Copyright 2016 Google Inc.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package uuid
+
+import (
+	"encoding/binary"
+	"fmt"
+	"os"
+)
+
+// A Domain represents a Version 2 domain
+type Domain byte
+
+// Domain constants for DCE Security (Version 2) UUIDs.
+const (
+	Person = Domain(0)
+	Group  = Domain(1)
+	Org    = Domain(2)
+)
+
+// NewDCESecurity returns a DCE Security (Version 2) UUID.
+//
+// The domain should be one of Person, Group or Org.
+// On a POSIX system the id should be the users UID for the Person
+// domain and the users GID for the Group.  The meaning of id for
+// the domain Org or on non-POSIX systems is site defined.
+//
+// For a given domain/id pair the same token may be returned for up to
+// 7 minutes and 10 seconds.
+func NewDCESecurity(domain Domain, id uint32) (UUID, error) {
+	uuid, err := NewUUID()
+	if err == nil {
+		uuid[6] = (uuid[6] & 0x0f) | 0x20 // Version 2
+		uuid[9] = byte(domain)
+		binary.BigEndian.PutUint32(uuid[0:], id)
+	}
+	return uuid, err
+}
+
+// NewDCEPerson returns a DCE Security (Version 2) UUID in the person
+// domain with the id returned by os.Getuid.
+//
+//  NewDCESecurity(Person, uint32(os.Getuid()))
+func NewDCEPerson() (UUID, error) {
+	return NewDCESecurity(Person, uint32(os.Getuid()))
+}
+
+// NewDCEGroup returns a DCE Security (Version 2) UUID in the group
+// domain with the id returned by os.Getgid.
+//
+//  NewDCESecurity(Group, uint32(os.Getgid()))
+func NewDCEGroup() (UUID, error) {
+	return NewDCESecurity(Group, uint32(os.Getgid()))
+}
+
+// Domain returns the domain for a Version 2 UUID.  Domains are only defined
+// for Version 2 UUIDs.
+func (uuid UUID) Domain() Domain {
+	return Domain(uuid[9])
+}
+
+// ID returns the id for a Version 2 UUID. IDs are only defined for Version 2
+// UUIDs.
+func (uuid UUID) ID() uint32 {
+	return binary.BigEndian.Uint32(uuid[0:4])
+}
+
+func (d Domain) String() string {
+	switch d {
+	case Person:
+		return "Person"
+	case Group:
+		return "Group"
+	case Org:
+		return "Org"
+	}
+	return fmt.Sprintf("Domain%d", int(d))
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/doc.go b/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/doc.go
new file mode 100644
index 000000000..5b8a4b9af
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/doc.go
@@ -0,0 +1,12 @@
+// Copyright 2016 Google Inc.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package uuid generates and inspects UUIDs.
+//
+// UUIDs are based on RFC 4122 and DCE 1.1: Authentication and Security
+// Services.
+//
+// A UUID is a 16 byte (128 bit) array.  UUIDs may be used as keys to
+// maps or compared directly.
+package uuid
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/go.mod b/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/go.mod
new file mode 100644
index 000000000..fc84cd79d
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/go.mod
@@ -0,0 +1 @@
+module github.com/google/uuid
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/hash.go b/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/hash.go
new file mode 100644
index 000000000..b17461631
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/hash.go
@@ -0,0 +1,53 @@
+// Copyright 2016 Google Inc.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package uuid
+
+import (
+	"crypto/md5"
+	"crypto/sha1"
+	"hash"
+)
+
+// Well known namespace IDs and UUIDs
+var (
+	NameSpaceDNS  = Must(Parse("6ba7b810-9dad-11d1-80b4-00c04fd430c8"))
+	NameSpaceURL  = Must(Parse("6ba7b811-9dad-11d1-80b4-00c04fd430c8"))
+	NameSpaceOID  = Must(Parse("6ba7b812-9dad-11d1-80b4-00c04fd430c8"))
+	NameSpaceX500 = Must(Parse("6ba7b814-9dad-11d1-80b4-00c04fd430c8"))
+	Nil           UUID // empty UUID, all zeros
+)
+
+// NewHash returns a new UUID derived from the hash of space concatenated with
+// data generated by h.  The hash should be at least 16 byte in length.  The
+// first 16 bytes of the hash are used to form the UUID.  The version of the
+// UUID will be the lower 4 bits of version.  NewHash is used to implement
+// NewMD5 and NewSHA1.
+func NewHash(h hash.Hash, space UUID, data []byte, version int) UUID {
+	h.Reset()
+	h.Write(space[:])
+	h.Write(data)
+	s := h.Sum(nil)
+	var uuid UUID
+	copy(uuid[:], s)
+	uuid[6] = (uuid[6] & 0x0f) | uint8((version&0xf)<<4)
+	uuid[8] = (uuid[8] & 0x3f) | 0x80 // RFC 4122 variant
+	return uuid
+}
+
+// NewMD5 returns a new MD5 (Version 3) UUID based on the
+// supplied name space and data.  It is the same as calling:
+//
+//  NewHash(md5.New(), space, data, 3)
+func NewMD5(space UUID, data []byte) UUID {
+	return NewHash(md5.New(), space, data, 3)
+}
+
+// NewSHA1 returns a new SHA1 (Version 5) UUID based on the
+// supplied name space and data.  It is the same as calling:
+//
+//  NewHash(sha1.New(), space, data, 5)
+func NewSHA1(space UUID, data []byte) UUID {
+	return NewHash(sha1.New(), space, data, 5)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/marshal.go b/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/marshal.go
new file mode 100644
index 000000000..14bd34072
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/marshal.go
@@ -0,0 +1,38 @@
+// Copyright 2016 Google Inc.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package uuid
+
+import "fmt"
+
+// MarshalText implements encoding.TextMarshaler.
+func (uuid UUID) MarshalText() ([]byte, error) {
+	var js [36]byte
+	encodeHex(js[:], uuid)
+	return js[:], nil
+}
+
+// UnmarshalText implements encoding.TextUnmarshaler.
+func (uuid *UUID) UnmarshalText(data []byte) error {
+	id, err := ParseBytes(data)
+	if err != nil {
+		return err
+	}
+	*uuid = id
+	return nil
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler.
+func (uuid UUID) MarshalBinary() ([]byte, error) {
+	return uuid[:], nil
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler.
+func (uuid *UUID) UnmarshalBinary(data []byte) error {
+	if len(data) != 16 {
+		return fmt.Errorf("invalid UUID (got %d bytes)", len(data))
+	}
+	copy(uuid[:], data)
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/node.go b/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/node.go
new file mode 100644
index 000000000..d651a2b06
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/node.go
@@ -0,0 +1,90 @@
+// Copyright 2016 Google Inc.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package uuid
+
+import (
+	"sync"
+)
+
+var (
+	nodeMu sync.Mutex
+	ifname string  // name of interface being used
+	nodeID [6]byte // hardware for version 1 UUIDs
+	zeroID [6]byte // nodeID with only 0's
+)
+
+// NodeInterface returns the name of the interface from which the NodeID was
+// derived.  The interface "user" is returned if the NodeID was set by
+// SetNodeID.
+func NodeInterface() string {
+	defer nodeMu.Unlock()
+	nodeMu.Lock()
+	return ifname
+}
+
+// SetNodeInterface selects the hardware address to be used for Version 1 UUIDs.
+// If name is "" then the first usable interface found will be used or a random
+// Node ID will be generated.  If a named interface cannot be found then false
+// is returned.
+//
+// SetNodeInterface never fails when name is "".
+func SetNodeInterface(name string) bool {
+	defer nodeMu.Unlock()
+	nodeMu.Lock()
+	return setNodeInterface(name)
+}
+
+func setNodeInterface(name string) bool {
+	iname, addr := getHardwareInterface(name) // null implementation for js
+	if iname != "" && addr != nil {
+		ifname = iname
+		copy(nodeID[:], addr)
+		return true
+	}
+
+	// We found no interfaces with a valid hardware address.  If name
+	// does not specify a specific interface generate a random Node ID
+	// (section 4.1.6)
+	if name == "" {
+		ifname = "random"
+		randomBits(nodeID[:])
+		return true
+	}
+	return false
+}
+
+// NodeID returns a slice of a copy of the current Node ID, setting the Node ID
+// if not already set.
+func NodeID() []byte {
+	defer nodeMu.Unlock()
+	nodeMu.Lock()
+	if nodeID == zeroID {
+		setNodeInterface("")
+	}
+	nid := nodeID
+	return nid[:]
+}
+
+// SetNodeID sets the Node ID to be used for Version 1 UUIDs.  The first 6 bytes
+// of id are used.  If id is less than 6 bytes then false is returned and the
+// Node ID is not set.
+func SetNodeID(id []byte) bool {
+	if len(id) < 6 {
+		return false
+	}
+	defer nodeMu.Unlock()
+	nodeMu.Lock()
+	copy(nodeID[:], id)
+	ifname = "user"
+	return true
+}
+
+// NodeID returns the 6 byte node id encoded in uuid.  It returns nil if uuid is
+// not valid.  The NodeID is only well defined for version 1 and 2 UUIDs.
+func (uuid UUID) NodeID() []byte {
+	var node [6]byte
+	copy(node[:], uuid[10:])
+	return node[:]
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/node_js.go b/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/node_js.go
new file mode 100644
index 000000000..24b78edc9
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/node_js.go
@@ -0,0 +1,12 @@
+// Copyright 2017 Google Inc.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build js
+
+package uuid
+
+// getHardwareInterface returns nil values for the JS version of the code.
+// This remvoves the "net" dependency, because it is not used in the browser.
+// Using the "net" library inflates the size of the transpiled JS code by 673k bytes.
+func getHardwareInterface(name string) (string, []byte) { return "", nil }
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/node_net.go b/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/node_net.go
new file mode 100644
index 000000000..0cbbcddbd
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/node_net.go
@@ -0,0 +1,33 @@
+// Copyright 2017 Google Inc.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !js
+
+package uuid
+
+import "net"
+
+var interfaces []net.Interface // cached list of interfaces
+
+// getHardwareInterface returns the name and hardware address of interface name.
+// If name is "" then the name and hardware address of one of the system's
+// interfaces is returned.  If no interfaces are found (name does not exist or
+// there are no interfaces) then "", nil is returned.
+//
+// Only addresses of at least 6 bytes are returned.
+func getHardwareInterface(name string) (string, []byte) {
+	if interfaces == nil {
+		var err error
+		interfaces, err = net.Interfaces()
+		if err != nil {
+			return "", nil
+		}
+	}
+	for _, ifs := range interfaces {
+		if len(ifs.HardwareAddr) >= 6 && (name == "" || name == ifs.Name) {
+			return ifs.Name, ifs.HardwareAddr
+		}
+	}
+	return "", nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/sql.go b/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/sql.go
new file mode 100644
index 000000000..f326b54db
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/sql.go
@@ -0,0 +1,59 @@
+// Copyright 2016 Google Inc.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package uuid
+
+import (
+	"database/sql/driver"
+	"fmt"
+)
+
+// Scan implements sql.Scanner so UUIDs can be read from databases transparently
+// Currently, database types that map to string and []byte are supported. Please
+// consult database-specific driver documentation for matching types.
+func (uuid *UUID) Scan(src interface{}) error {
+	switch src := src.(type) {
+	case nil:
+		return nil
+
+	case string:
+		// if an empty UUID comes from a table, we return a null UUID
+		if src == "" {
+			return nil
+		}
+
+		// see Parse for required string format
+		u, err := Parse(src)
+		if err != nil {
+			return fmt.Errorf("Scan: %v", err)
+		}
+
+		*uuid = u
+
+	case []byte:
+		// if an empty UUID comes from a table, we return a null UUID
+		if len(src) == 0 {
+			return nil
+		}
+
+		// assumes a simple slice of bytes if 16 bytes
+		// otherwise attempts to parse
+		if len(src) != 16 {
+			return uuid.Scan(string(src))
+		}
+		copy((*uuid)[:], src)
+
+	default:
+		return fmt.Errorf("Scan: unable to scan type %T into UUID", src)
+	}
+
+	return nil
+}
+
+// Value implements sql.Valuer so that UUIDs can be written to databases
+// transparently. Currently, UUIDs map to strings. Please consult
+// database-specific driver documentation for matching types.
+func (uuid UUID) Value() (driver.Value, error) {
+	return uuid.String(), nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/time.go b/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/time.go
new file mode 100644
index 000000000..e6ef06cdc
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/time.go
@@ -0,0 +1,123 @@
+// Copyright 2016 Google Inc.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package uuid
+
+import (
+	"encoding/binary"
+	"sync"
+	"time"
+)
+
+// A Time represents a time as the number of 100's of nanoseconds since 15 Oct
+// 1582.
+type Time int64
+
+const (
+	lillian    = 2299160          // Julian day of 15 Oct 1582
+	unix       = 2440587          // Julian day of 1 Jan 1970
+	epoch      = unix - lillian   // Days between epochs
+	g1582      = epoch * 86400    // seconds between epochs
+	g1582ns100 = g1582 * 10000000 // 100s of a nanoseconds between epochs
+)
+
+var (
+	timeMu   sync.Mutex
+	lasttime uint64 // last time we returned
+	clockSeq uint16 // clock sequence for this run
+
+	timeNow = time.Now // for testing
+)
+
+// UnixTime converts t the number of seconds and nanoseconds using the Unix
+// epoch of 1 Jan 1970.
+func (t Time) UnixTime() (sec, nsec int64) {
+	sec = int64(t - g1582ns100)
+	nsec = (sec % 10000000) * 100
+	sec /= 10000000
+	return sec, nsec
+}
+
+// GetTime returns the current Time (100s of nanoseconds since 15 Oct 1582) and
+// clock sequence as well as adjusting the clock sequence as needed.  An error
+// is returned if the current time cannot be determined.
+func GetTime() (Time, uint16, error) {
+	defer timeMu.Unlock()
+	timeMu.Lock()
+	return getTime()
+}
+
+func getTime() (Time, uint16, error) {
+	t := timeNow()
+
+	// If we don't have a clock sequence already, set one.
+	if clockSeq == 0 {
+		setClockSequence(-1)
+	}
+	now := uint64(t.UnixNano()/100) + g1582ns100
+
+	// If time has gone backwards with this clock sequence then we
+	// increment the clock sequence
+	if now <= lasttime {
+		clockSeq = ((clockSeq + 1) & 0x3fff) | 0x8000
+	}
+	lasttime = now
+	return Time(now), clockSeq, nil
+}
+
+// ClockSequence returns the current clock sequence, generating one if not
+// already set.  The clock sequence is only used for Version 1 UUIDs.
+//
+// The uuid package does not use global static storage for the clock sequence or
+// the last time a UUID was generated.  Unless SetClockSequence is used, a new
+// random clock sequence is generated the first time a clock sequence is
+// requested by ClockSequence, GetTime, or NewUUID.  (section 4.2.1.1)
+func ClockSequence() int {
+	defer timeMu.Unlock()
+	timeMu.Lock()
+	return clockSequence()
+}
+
+func clockSequence() int {
+	if clockSeq == 0 {
+		setClockSequence(-1)
+	}
+	return int(clockSeq & 0x3fff)
+}
+
+// SetClockSequence sets the clock sequence to the lower 14 bits of seq.  Setting to
+// -1 causes a new sequence to be generated.
+func SetClockSequence(seq int) {
+	defer timeMu.Unlock()
+	timeMu.Lock()
+	setClockSequence(seq)
+}
+
+func setClockSequence(seq int) {
+	if seq == -1 {
+		var b [2]byte
+		randomBits(b[:]) // clock sequence
+		seq = int(b[0])<<8 | int(b[1])
+	}
+	oldSeq := clockSeq
+	clockSeq = uint16(seq&0x3fff) | 0x8000 // Set our variant
+	if oldSeq != clockSeq {
+		lasttime = 0
+	}
+}
+
+// Time returns the time in 100s of nanoseconds since 15 Oct 1582 encoded in
+// uuid.  The time is only defined for version 1 and 2 UUIDs.
+func (uuid UUID) Time() Time {
+	time := int64(binary.BigEndian.Uint32(uuid[0:4]))
+	time |= int64(binary.BigEndian.Uint16(uuid[4:6])) << 32
+	time |= int64(binary.BigEndian.Uint16(uuid[6:8])&0xfff) << 48
+	return Time(time)
+}
+
+// ClockSequence returns the clock sequence encoded in uuid.
+// The clock sequence is only well defined for version 1 and 2 UUIDs.
+func (uuid UUID) ClockSequence() int {
+	return int(binary.BigEndian.Uint16(uuid[8:10])) & 0x3fff
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/util.go b/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/util.go
new file mode 100644
index 000000000..5ea6c7378
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/util.go
@@ -0,0 +1,43 @@
+// Copyright 2016 Google Inc.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package uuid
+
+import (
+	"io"
+)
+
+// randomBits completely fills slice b with random data.
+func randomBits(b []byte) {
+	if _, err := io.ReadFull(rander, b); err != nil {
+		panic(err.Error()) // rand should never fail
+	}
+}
+
+// xvalues returns the value of a byte as a hexadecimal digit or 255.
+var xvalues = [256]byte{
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 255, 255, 255, 255, 255, 255,
+	255, 10, 11, 12, 13, 14, 15, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	255, 10, 11, 12, 13, 14, 15, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+}
+
+// xtob converts hex characters x1 and x2 into a byte.
+func xtob(x1, x2 byte) (byte, bool) {
+	b1 := xvalues[x1]
+	b2 := xvalues[x2]
+	return (b1 << 4) | b2, b1 != 255 && b2 != 255
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/uuid.go b/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/uuid.go
new file mode 100644
index 000000000..524404cc5
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/uuid.go
@@ -0,0 +1,245 @@
+// Copyright 2018 Google Inc.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package uuid
+
+import (
+	"bytes"
+	"crypto/rand"
+	"encoding/hex"
+	"errors"
+	"fmt"
+	"io"
+	"strings"
+)
+
+// A UUID is a 128 bit (16 byte) Universal Unique IDentifier as defined in RFC
+// 4122.
+type UUID [16]byte
+
+// A Version represents a UUID's version.
+type Version byte
+
+// A Variant represents a UUID's variant.
+type Variant byte
+
+// Constants returned by Variant.
+const (
+	Invalid   = Variant(iota) // Invalid UUID
+	RFC4122                   // The variant specified in RFC4122
+	Reserved                  // Reserved, NCS backward compatibility.
+	Microsoft                 // Reserved, Microsoft Corporation backward compatibility.
+	Future                    // Reserved for future definition.
+)
+
+var rander = rand.Reader // random function
+
+// Parse decodes s into a UUID or returns an error.  Both the standard UUID
+// forms of xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx and
+// urn:uuid:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx are decoded as well as the
+// Microsoft encoding {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} and the raw hex
+// encoding: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.
+func Parse(s string) (UUID, error) {
+	var uuid UUID
+	switch len(s) {
+	// xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+	case 36:
+
+	// urn:uuid:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+	case 36 + 9:
+		if strings.ToLower(s[:9]) != "urn:uuid:" {
+			return uuid, fmt.Errorf("invalid urn prefix: %q", s[:9])
+		}
+		s = s[9:]
+
+	// {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}
+	case 36 + 2:
+		s = s[1:]
+
+	// xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+	case 32:
+		var ok bool
+		for i := range uuid {
+			uuid[i], ok = xtob(s[i*2], s[i*2+1])
+			if !ok {
+				return uuid, errors.New("invalid UUID format")
+			}
+		}
+		return uuid, nil
+	default:
+		return uuid, fmt.Errorf("invalid UUID length: %d", len(s))
+	}
+	// s is now at least 36 bytes long
+	// it must be of the form  xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+	if s[8] != '-' || s[13] != '-' || s[18] != '-' || s[23] != '-' {
+		return uuid, errors.New("invalid UUID format")
+	}
+	for i, x := range [16]int{
+		0, 2, 4, 6,
+		9, 11,
+		14, 16,
+		19, 21,
+		24, 26, 28, 30, 32, 34} {
+		v, ok := xtob(s[x], s[x+1])
+		if !ok {
+			return uuid, errors.New("invalid UUID format")
+		}
+		uuid[i] = v
+	}
+	return uuid, nil
+}
+
+// ParseBytes is like Parse, except it parses a byte slice instead of a string.
+func ParseBytes(b []byte) (UUID, error) {
+	var uuid UUID
+	switch len(b) {
+	case 36: // xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+	case 36 + 9: // urn:uuid:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+		if !bytes.Equal(bytes.ToLower(b[:9]), []byte("urn:uuid:")) {
+			return uuid, fmt.Errorf("invalid urn prefix: %q", b[:9])
+		}
+		b = b[9:]
+	case 36 + 2: // {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}
+		b = b[1:]
+	case 32: // xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+		var ok bool
+		for i := 0; i < 32; i += 2 {
+			uuid[i/2], ok = xtob(b[i], b[i+1])
+			if !ok {
+				return uuid, errors.New("invalid UUID format")
+			}
+		}
+		return uuid, nil
+	default:
+		return uuid, fmt.Errorf("invalid UUID length: %d", len(b))
+	}
+	// s is now at least 36 bytes long
+	// it must be of the form  xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+	if b[8] != '-' || b[13] != '-' || b[18] != '-' || b[23] != '-' {
+		return uuid, errors.New("invalid UUID format")
+	}
+	for i, x := range [16]int{
+		0, 2, 4, 6,
+		9, 11,
+		14, 16,
+		19, 21,
+		24, 26, 28, 30, 32, 34} {
+		v, ok := xtob(b[x], b[x+1])
+		if !ok {
+			return uuid, errors.New("invalid UUID format")
+		}
+		uuid[i] = v
+	}
+	return uuid, nil
+}
+
+// MustParse is like Parse but panics if the string cannot be parsed.
+// It simplifies safe initialization of global variables holding compiled UUIDs.
+func MustParse(s string) UUID {
+	uuid, err := Parse(s)
+	if err != nil {
+		panic(`uuid: Parse(` + s + `): ` + err.Error())
+	}
+	return uuid
+}
+
+// FromBytes creates a new UUID from a byte slice. Returns an error if the slice
+// does not have a length of 16. The bytes are copied from the slice.
+func FromBytes(b []byte) (uuid UUID, err error) {
+	err = uuid.UnmarshalBinary(b)
+	return uuid, err
+}
+
+// Must returns uuid if err is nil and panics otherwise.
+func Must(uuid UUID, err error) UUID {
+	if err != nil {
+		panic(err)
+	}
+	return uuid
+}
+
+// String returns the string form of uuid, xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+// , or "" if uuid is invalid.
+func (uuid UUID) String() string {
+	var buf [36]byte
+	encodeHex(buf[:], uuid)
+	return string(buf[:])
+}
+
+// URN returns the RFC 2141 URN form of uuid,
+// urn:uuid:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx,  or "" if uuid is invalid.
+func (uuid UUID) URN() string {
+	var buf [36 + 9]byte
+	copy(buf[:], "urn:uuid:")
+	encodeHex(buf[9:], uuid)
+	return string(buf[:])
+}
+
+func encodeHex(dst []byte, uuid UUID) {
+	hex.Encode(dst, uuid[:4])
+	dst[8] = '-'
+	hex.Encode(dst[9:13], uuid[4:6])
+	dst[13] = '-'
+	hex.Encode(dst[14:18], uuid[6:8])
+	dst[18] = '-'
+	hex.Encode(dst[19:23], uuid[8:10])
+	dst[23] = '-'
+	hex.Encode(dst[24:], uuid[10:])
+}
+
+// Variant returns the variant encoded in uuid.
+func (uuid UUID) Variant() Variant {
+	switch {
+	case (uuid[8] & 0xc0) == 0x80:
+		return RFC4122
+	case (uuid[8] & 0xe0) == 0xc0:
+		return Microsoft
+	case (uuid[8] & 0xe0) == 0xe0:
+		return Future
+	default:
+		return Reserved
+	}
+}
+
+// Version returns the version of uuid.
+func (uuid UUID) Version() Version {
+	return Version(uuid[6] >> 4)
+}
+
+func (v Version) String() string {
+	if v > 15 {
+		return fmt.Sprintf("BAD_VERSION_%d", v)
+	}
+	return fmt.Sprintf("VERSION_%d", v)
+}
+
+func (v Variant) String() string {
+	switch v {
+	case RFC4122:
+		return "RFC4122"
+	case Reserved:
+		return "Reserved"
+	case Microsoft:
+		return "Microsoft"
+	case Future:
+		return "Future"
+	case Invalid:
+		return "Invalid"
+	}
+	return fmt.Sprintf("BadVariant%d", int(v))
+}
+
+// SetRand sets the random number generator to r, which implements io.Reader.
+// If r.Read returns an error when the package requests random data then
+// a panic will be issued.
+//
+// Calling SetRand with nil sets the random number generator to the default
+// generator.
+func SetRand(r io.Reader) {
+	if r == nil {
+		rander = rand.Reader
+		return
+	}
+	rander = r
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/version1.go b/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/version1.go
new file mode 100644
index 000000000..463109629
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/version1.go
@@ -0,0 +1,44 @@
+// Copyright 2016 Google Inc.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package uuid
+
+import (
+	"encoding/binary"
+)
+
+// NewUUID returns a Version 1 UUID based on the current NodeID and clock
+// sequence, and the current time.  If the NodeID has not been set by SetNodeID
+// or SetNodeInterface then it will be set automatically.  If the NodeID cannot
+// be set NewUUID returns nil.  If clock sequence has not been set by
+// SetClockSequence then it will be set automatically.  If GetTime fails to
+// return the current NewUUID returns nil and an error.
+//
+// In most cases, New should be used.
+func NewUUID() (UUID, error) {
+	var uuid UUID
+	now, seq, err := GetTime()
+	if err != nil {
+		return uuid, err
+	}
+
+	timeLow := uint32(now & 0xffffffff)
+	timeMid := uint16((now >> 32) & 0xffff)
+	timeHi := uint16((now >> 48) & 0x0fff)
+	timeHi |= 0x1000 // Version 1
+
+	binary.BigEndian.PutUint32(uuid[0:], timeLow)
+	binary.BigEndian.PutUint16(uuid[4:], timeMid)
+	binary.BigEndian.PutUint16(uuid[6:], timeHi)
+	binary.BigEndian.PutUint16(uuid[8:], seq)
+
+	nodeMu.Lock()
+	if nodeID == zeroID {
+		setNodeInterface("")
+	}
+	copy(uuid[10:], nodeID[:])
+	nodeMu.Unlock()
+
+	return uuid, nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/version4.go b/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/version4.go
new file mode 100644
index 000000000..c110465db
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/google/uuid/version4.go
@@ -0,0 +1,43 @@
+// Copyright 2016 Google Inc.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package uuid
+
+import "io"
+
+// New creates a new random UUID or panics.  New is equivalent to
+// the expression
+//
+//    uuid.Must(uuid.NewRandom())
+func New() UUID {
+	return Must(NewRandom())
+}
+
+// NewRandom returns a Random (Version 4) UUID.
+//
+// The strength of the UUIDs is based on the strength of the crypto/rand
+// package.
+//
+// A note about uniqueness derived from the UUID Wikipedia entry:
+//
+//  Randomly generated UUIDs have 122 random bits.  One's annual risk of being
+//  hit by a meteorite is estimated to be one chance in 17 billion, that
+//  means the probability is about 0.00000000006 (6 × 10−11),
+//  equivalent to the odds of creating a few tens of trillions of UUIDs in a
+//  year and having one duplicate.
+func NewRandom() (UUID, error) {
+	return NewRandomFromReader(rander)
+}
+
+// NewRandomFromReader returns a UUID based on bytes read from a given io.Reader.
+func NewRandomFromReader(r io.Reader) (UUID, error) {
+	var uuid UUID
+	_, err := io.ReadFull(r, uuid[:])
+	if err != nil {
+		return Nil, err
+	}
+	uuid[6] = (uuid[6] & 0x0f) | 0x40 // Version 4
+	uuid[8] = (uuid[8] & 0x3f) | 0x80 // Variant is 10
+	return uuid, nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/ossrs/go-oryx-lib/LICENSE b/trunk/3rdparty/srs-bench/vendor/github.com/ossrs/go-oryx-lib/LICENSE
new file mode 100644
index 000000000..6615e30a2
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/ossrs/go-oryx-lib/LICENSE
@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2013-2017 winlin
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/ossrs/go-oryx-lib/errors/LICENSE b/trunk/3rdparty/srs-bench/vendor/github.com/ossrs/go-oryx-lib/errors/LICENSE
new file mode 100644
index 000000000..835ba3e75
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/ossrs/go-oryx-lib/errors/LICENSE
@@ -0,0 +1,23 @@
+Copyright (c) 2015, Dave Cheney <dave@cheney.net>
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+* Redistributions of source code must retain the above copyright notice, this
+  list of conditions and the following disclaimer.
+
+* Redistributions in binary form must reproduce the above copyright notice,
+  this list of conditions and the following disclaimer in the documentation
+  and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/ossrs/go-oryx-lib/errors/README.md b/trunk/3rdparty/srs-bench/vendor/github.com/ossrs/go-oryx-lib/errors/README.md
new file mode 100644
index 000000000..273db3c98
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/ossrs/go-oryx-lib/errors/README.md
@@ -0,0 +1,52 @@
+# errors [![Travis-CI](https://travis-ci.org/pkg/errors.svg)](https://travis-ci.org/pkg/errors) [![AppVeyor](https://ci.appveyor.com/api/projects/status/b98mptawhudj53ep/branch/master?svg=true)](https://ci.appveyor.com/project/davecheney/errors/branch/master) [![GoDoc](https://godoc.org/github.com/pkg/errors?status.svg)](http://godoc.org/github.com/pkg/errors) [![Report card](https://goreportcard.com/badge/github.com/pkg/errors)](https://goreportcard.com/report/github.com/pkg/errors)
+
+Package errors provides simple error handling primitives.
+
+`go get github.com/pkg/errors`
+
+The traditional error handling idiom in Go is roughly akin to
+```go
+if err != nil {
+        return err
+}
+```
+which applied recursively up the call stack results in error reports without context or debugging information. The errors package allows programmers to add context to the failure path in their code in a way that does not destroy the original value of the error.
+
+## Adding context to an error
+
+The errors.Wrap function returns a new error that adds context to the original error. For example
+```go
+_, err := ioutil.ReadAll(r)
+if err != nil {
+        return errors.Wrap(err, "read failed")
+}
+```
+## Retrieving the cause of an error
+
+Using `errors.Wrap` constructs a stack of errors, adding context to the preceding error. Depending on the nature of the error it may be necessary to reverse the operation of errors.Wrap to retrieve the original error for inspection. Any error value which implements this interface can be inspected by `errors.Cause`.
+```go
+type causer interface {
+        Cause() error
+}
+```
+`errors.Cause` will recursively retrieve the topmost error which does not implement `causer`, which is assumed to be the original cause. For example:
+```go
+switch err := errors.Cause(err).(type) {
+case *MyError:
+        // handle specifically
+default:
+        // unknown error
+}
+```
+
+[Read the package documentation for more information](https://godoc.org/github.com/pkg/errors).
+
+## Contributing
+
+We welcome pull requests, bug fixes and issue reports. With that said, the bar for adding new symbols to this package is intentionally set high.
+
+Before proposing a change, please discuss your change by raising an issue.
+
+## Licence
+
+BSD-2-Clause
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/ossrs/go-oryx-lib/errors/errors.go b/trunk/3rdparty/srs-bench/vendor/github.com/ossrs/go-oryx-lib/errors/errors.go
new file mode 100644
index 000000000..257bc3ccd
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/ossrs/go-oryx-lib/errors/errors.go
@@ -0,0 +1,270 @@
+// Package errors provides simple error handling primitives.
+//
+// The traditional error handling idiom in Go is roughly akin to
+//
+//     if err != nil {
+//             return err
+//     }
+//
+// which applied recursively up the call stack results in error reports
+// without context or debugging information. The errors package allows
+// programmers to add context to the failure path in their code in a way
+// that does not destroy the original value of the error.
+//
+// Adding context to an error
+//
+// The errors.Wrap function returns a new error that adds context to the
+// original error by recording a stack trace at the point Wrap is called,
+// and the supplied message. For example
+//
+//     _, err := ioutil.ReadAll(r)
+//     if err != nil {
+//             return errors.Wrap(err, "read failed")
+//     }
+//
+// If additional control is required the errors.WithStack and errors.WithMessage
+// functions destructure errors.Wrap into its component operations of annotating
+// an error with a stack trace and an a message, respectively.
+//
+// Retrieving the cause of an error
+//
+// Using errors.Wrap constructs a stack of errors, adding context to the
+// preceding error. Depending on the nature of the error it may be necessary
+// to reverse the operation of errors.Wrap to retrieve the original error
+// for inspection. Any error value which implements this interface
+//
+//     type causer interface {
+//             Cause() error
+//     }
+//
+// can be inspected by errors.Cause. errors.Cause will recursively retrieve
+// the topmost error which does not implement causer, which is assumed to be
+// the original cause. For example:
+//
+//     switch err := errors.Cause(err).(type) {
+//     case *MyError:
+//             // handle specifically
+//     default:
+//             // unknown error
+//     }
+//
+// causer interface is not exported by this package, but is considered a part
+// of stable public API.
+//
+// Formatted printing of errors
+//
+// All error values returned from this package implement fmt.Formatter and can
+// be formatted by the fmt package. The following verbs are supported
+//
+//     %s    print the error. If the error has a Cause it will be
+//           printed recursively
+//     %v    see %s
+//     %+v   extended format. Each Frame of the error's StackTrace will
+//           be printed in detail.
+//
+// Retrieving the stack trace of an error or wrapper
+//
+// New, Errorf, Wrap, and Wrapf record a stack trace at the point they are
+// invoked. This information can be retrieved with the following interface.
+//
+//     type stackTracer interface {
+//             StackTrace() errors.StackTrace
+//     }
+//
+// Where errors.StackTrace is defined as
+//
+//     type StackTrace []Frame
+//
+// The Frame type represents a call site in the stack trace. Frame supports
+// the fmt.Formatter interface that can be used for printing information about
+// the stack trace of this error. For example:
+//
+//     if err, ok := err.(stackTracer); ok {
+//             for _, f := range err.StackTrace() {
+//                     fmt.Printf("%+s:%d", f)
+//             }
+//     }
+//
+// stackTracer interface is not exported by this package, but is considered a part
+// of stable public API.
+//
+// See the documentation for Frame.Format for more details.
+// Fork from https://github.com/pkg/errors
+package errors
+
+import (
+	"fmt"
+	"io"
+)
+
+// New returns an error with the supplied message.
+// New also records the stack trace at the point it was called.
+func New(message string) error {
+	return &fundamental{
+		msg:   message,
+		stack: callers(),
+	}
+}
+
+// Errorf formats according to a format specifier and returns the string
+// as a value that satisfies error.
+// Errorf also records the stack trace at the point it was called.
+func Errorf(format string, args ...interface{}) error {
+	return &fundamental{
+		msg:   fmt.Sprintf(format, args...),
+		stack: callers(),
+	}
+}
+
+// fundamental is an error that has a message and a stack, but no caller.
+type fundamental struct {
+	msg string
+	*stack
+}
+
+func (f *fundamental) Error() string { return f.msg }
+
+func (f *fundamental) Format(s fmt.State, verb rune) {
+	switch verb {
+	case 'v':
+		if s.Flag('+') {
+			io.WriteString(s, f.msg)
+			f.stack.Format(s, verb)
+			return
+		}
+		fallthrough
+	case 's':
+		io.WriteString(s, f.msg)
+	case 'q':
+		fmt.Fprintf(s, "%q", f.msg)
+	}
+}
+
+// WithStack annotates err with a stack trace at the point WithStack was called.
+// If err is nil, WithStack returns nil.
+func WithStack(err error) error {
+	if err == nil {
+		return nil
+	}
+	return &withStack{
+		err,
+		callers(),
+	}
+}
+
+type withStack struct {
+	error
+	*stack
+}
+
+func (w *withStack) Cause() error { return w.error }
+
+func (w *withStack) Format(s fmt.State, verb rune) {
+	switch verb {
+	case 'v':
+		if s.Flag('+') {
+			fmt.Fprintf(s, "%+v", w.Cause())
+			w.stack.Format(s, verb)
+			return
+		}
+		fallthrough
+	case 's':
+		io.WriteString(s, w.Error())
+	case 'q':
+		fmt.Fprintf(s, "%q", w.Error())
+	}
+}
+
+// Wrap returns an error annotating err with a stack trace
+// at the point Wrap is called, and the supplied message.
+// If err is nil, Wrap returns nil.
+func Wrap(err error, message string) error {
+	if err == nil {
+		return nil
+	}
+	err = &withMessage{
+		cause: err,
+		msg:   message,
+	}
+	return &withStack{
+		err,
+		callers(),
+	}
+}
+
+// Wrapf returns an error annotating err with a stack trace
+// at the point Wrapf is call, and the format specifier.
+// If err is nil, Wrapf returns nil.
+func Wrapf(err error, format string, args ...interface{}) error {
+	if err == nil {
+		return nil
+	}
+	err = &withMessage{
+		cause: err,
+		msg:   fmt.Sprintf(format, args...),
+	}
+	return &withStack{
+		err,
+		callers(),
+	}
+}
+
+// WithMessage annotates err with a new message.
+// If err is nil, WithMessage returns nil.
+func WithMessage(err error, message string) error {
+	if err == nil {
+		return nil
+	}
+	return &withMessage{
+		cause: err,
+		msg:   message,
+	}
+}
+
+type withMessage struct {
+	cause error
+	msg   string
+}
+
+func (w *withMessage) Error() string { return w.msg + ": " + w.cause.Error() }
+func (w *withMessage) Cause() error  { return w.cause }
+
+func (w *withMessage) Format(s fmt.State, verb rune) {
+	switch verb {
+	case 'v':
+		if s.Flag('+') {
+			fmt.Fprintf(s, "%+v\n", w.Cause())
+			io.WriteString(s, w.msg)
+			return
+		}
+		fallthrough
+	case 's', 'q':
+		io.WriteString(s, w.Error())
+	}
+}
+
+// Cause returns the underlying cause of the error, if possible.
+// An error value has a cause if it implements the following
+// interface:
+//
+//     type causer interface {
+//            Cause() error
+//     }
+//
+// If the error does not implement Cause, the original error will
+// be returned. If the error is nil, nil will be returned without further
+// investigation.
+func Cause(err error) error {
+	type causer interface {
+		Cause() error
+	}
+
+	for err != nil {
+		cause, ok := err.(causer)
+		if !ok {
+			break
+		}
+		err = cause.Cause()
+	}
+	return err
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/ossrs/go-oryx-lib/errors/stack.go b/trunk/3rdparty/srs-bench/vendor/github.com/ossrs/go-oryx-lib/errors/stack.go
new file mode 100644
index 000000000..6c42db5a8
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/ossrs/go-oryx-lib/errors/stack.go
@@ -0,0 +1,187 @@
+// Fork from https://github.com/pkg/errors
+package errors
+
+import (
+	"fmt"
+	"io"
+	"path"
+	"runtime"
+	"strings"
+)
+
+// Frame represents a program counter inside a stack frame.
+type Frame uintptr
+
+// pc returns the program counter for this frame;
+// multiple frames may have the same PC value.
+func (f Frame) pc() uintptr { return uintptr(f) - 1 }
+
+// file returns the full path to the file that contains the
+// function for this Frame's pc.
+func (f Frame) file() string {
+	fn := runtime.FuncForPC(f.pc())
+	if fn == nil {
+		return "unknown"
+	}
+	file, _ := fn.FileLine(f.pc())
+	return file
+}
+
+// line returns the line number of source code of the
+// function for this Frame's pc.
+func (f Frame) line() int {
+	fn := runtime.FuncForPC(f.pc())
+	if fn == nil {
+		return 0
+	}
+	_, line := fn.FileLine(f.pc())
+	return line
+}
+
+// Format formats the frame according to the fmt.Formatter interface.
+//
+//    %s    source file
+//    %d    source line
+//    %n    function name
+//    %v    equivalent to %s:%d
+//
+// Format accepts flags that alter the printing of some verbs, as follows:
+//
+//    %+s   path of source file relative to the compile time GOPATH
+//    %+v   equivalent to %+s:%d
+func (f Frame) Format(s fmt.State, verb rune) {
+	switch verb {
+	case 's':
+		switch {
+		case s.Flag('+'):
+			pc := f.pc()
+			fn := runtime.FuncForPC(pc)
+			if fn == nil {
+				io.WriteString(s, "unknown")
+			} else {
+				file, _ := fn.FileLine(pc)
+				fmt.Fprintf(s, "%s\n\t%s", fn.Name(), file)
+			}
+		default:
+			io.WriteString(s, path.Base(f.file()))
+		}
+	case 'd':
+		fmt.Fprintf(s, "%d", f.line())
+	case 'n':
+		name := runtime.FuncForPC(f.pc()).Name()
+		io.WriteString(s, funcname(name))
+	case 'v':
+		f.Format(s, 's')
+		io.WriteString(s, ":")
+		f.Format(s, 'd')
+	}
+}
+
+// StackTrace is stack of Frames from innermost (newest) to outermost (oldest).
+type StackTrace []Frame
+
+// Format formats the stack of Frames according to the fmt.Formatter interface.
+//
+//    %s	lists source files for each Frame in the stack
+//    %v	lists the source file and line number for each Frame in the stack
+//
+// Format accepts flags that alter the printing of some verbs, as follows:
+//
+//    %+v   Prints filename, function, and line number for each Frame in the stack.
+func (st StackTrace) Format(s fmt.State, verb rune) {
+	switch verb {
+	case 'v':
+		switch {
+		case s.Flag('+'):
+			for _, f := range st {
+				fmt.Fprintf(s, "\n%+v", f)
+			}
+		case s.Flag('#'):
+			fmt.Fprintf(s, "%#v", []Frame(st))
+		default:
+			fmt.Fprintf(s, "%v", []Frame(st))
+		}
+	case 's':
+		fmt.Fprintf(s, "%s", []Frame(st))
+	}
+}
+
+// stack represents a stack of program counters.
+type stack []uintptr
+
+func (s *stack) Format(st fmt.State, verb rune) {
+	switch verb {
+	case 'v':
+		switch {
+		case st.Flag('+'):
+			for _, pc := range *s {
+				f := Frame(pc)
+				fmt.Fprintf(st, "\n%+v", f)
+			}
+		}
+	}
+}
+
+func (s *stack) StackTrace() StackTrace {
+	f := make([]Frame, len(*s))
+	for i := 0; i < len(f); i++ {
+		f[i] = Frame((*s)[i])
+	}
+	return f
+}
+
+func callers() *stack {
+	const depth = 32
+	var pcs [depth]uintptr
+	n := runtime.Callers(3, pcs[:])
+	var st stack = pcs[0:n]
+	return &st
+}
+
+// funcname removes the path prefix component of a function's name reported by func.Name().
+func funcname(name string) string {
+	i := strings.LastIndex(name, "/")
+	name = name[i+1:]
+	i = strings.Index(name, ".")
+	return name[i+1:]
+}
+
+func trimGOPATH(name, file string) string {
+	// Here we want to get the source file path relative to the compile time
+	// GOPATH. As of Go 1.6.x there is no direct way to know the compiled
+	// GOPATH at runtime, but we can infer the number of path segments in the
+	// GOPATH. We note that fn.Name() returns the function name qualified by
+	// the import path, which does not include the GOPATH. Thus we can trim
+	// segments from the beginning of the file path until the number of path
+	// separators remaining is one more than the number of path separators in
+	// the function name. For example, given:
+	//
+	//    GOPATH     /home/user
+	//    file       /home/user/src/pkg/sub/file.go
+	//    fn.Name()  pkg/sub.Type.Method
+	//
+	// We want to produce:
+	//
+	//    pkg/sub/file.go
+	//
+	// From this we can easily see that fn.Name() has one less path separator
+	// than our desired output. We count separators from the end of the file
+	// path until it finds two more than in the function name and then move
+	// one character forward to preserve the initial path segment without a
+	// leading separator.
+	const sep = "/"
+	goal := strings.Count(name, sep) + 2
+	i := len(file)
+	for n := 0; n < goal; n++ {
+		i = strings.LastIndex(file[:i], sep)
+		if i == -1 {
+			// not enough separators found, set i so that the slice expression
+			// below leaves file unmodified
+			i = -len(sep)
+			break
+		}
+	}
+	// get back to 0 or trim the leading separator
+	file = file[i+len(sep):]
+	return file
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/ossrs/go-oryx-lib/logger/go17.go b/trunk/3rdparty/srs-bench/vendor/github.com/ossrs/go-oryx-lib/logger/go17.go
new file mode 100644
index 000000000..65bdeb76f
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/ossrs/go-oryx-lib/logger/go17.go
@@ -0,0 +1,86 @@
+// The MIT License (MIT)
+//
+// Copyright (c) 2013-2017 Oryx(ossrs)
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy of
+// this software and associated documentation files (the "Software"), to deal in
+// the Software without restriction, including without limitation the rights to
+// use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+// the Software, and to permit persons to whom the Software is furnished to do so,
+// subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in all
+// copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+// FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+// COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+// IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+// CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+// +build go1.7
+
+package logger
+
+import (
+	"context"
+	"fmt"
+	"os"
+)
+
+func (v *loggerPlus) Println(ctx Context, a ...interface{}) {
+	args := v.contextFormat(ctx, a...)
+	v.doPrintln(args...)
+}
+
+func (v *loggerPlus) Printf(ctx Context, format string, a ...interface{}) {
+	format, args := v.contextFormatf(ctx, format, a...)
+	v.doPrintf(format, args...)
+}
+
+func (v *loggerPlus) contextFormat(ctx Context, a ...interface{}) []interface{} {
+	if ctx, ok := ctx.(context.Context); ok {
+		if cid, ok := ctx.Value(cidKey).(int); ok {
+			return append([]interface{}{fmt.Sprintf("[%v][%v]", os.Getpid(), cid)}, a...)
+		}
+	} else {
+		return v.format(ctx, a...)
+	}
+	return a
+}
+
+func (v *loggerPlus) contextFormatf(ctx Context, format string, a ...interface{}) (string, []interface{}) {
+	if ctx, ok := ctx.(context.Context); ok {
+		if cid, ok := ctx.Value(cidKey).(int); ok {
+			return "[%v][%v] " + format, append([]interface{}{os.Getpid(), cid}, a...)
+		}
+	} else {
+		return v.formatf(ctx, format, a...)
+	}
+	return format, a
+}
+
+// User should use context with value to pass the cid.
+type key string
+
+var cidKey key = "cid.logger.ossrs.org"
+
+var gCid int = 999
+
+// Create context with value.
+func WithContext(ctx context.Context) context.Context {
+	gCid += 1
+	return context.WithValue(ctx, cidKey, gCid)
+}
+
+// Create context with value from parent, copy the cid from source context.
+// @remark Create new cid if source has no cid represent.
+func AliasContext(parent context.Context, source context.Context) context.Context {
+	if source != nil {
+		if cid, ok := source.Value(cidKey).(int); ok {
+			return context.WithValue(parent, cidKey, cid)
+		}
+	}
+	return WithContext(parent)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/ossrs/go-oryx-lib/logger/logger.go b/trunk/3rdparty/srs-bench/vendor/github.com/ossrs/go-oryx-lib/logger/logger.go
new file mode 100644
index 000000000..61cea362f
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/ossrs/go-oryx-lib/logger/logger.go
@@ -0,0 +1,239 @@
+// The MIT License (MIT)
+//
+// Copyright (c) 2013-2017 Oryx(ossrs)
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy of
+// this software and associated documentation files (the "Software"), to deal in
+// the Software without restriction, including without limitation the rights to
+// use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+// the Software, and to permit persons to whom the Software is furnished to do so,
+// subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in all
+// copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+// FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+// COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+// IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+// CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+// The oryx logger package provides connection-oriented log service.
+//		logger.I(ctx, ...)
+//		logger.T(ctx, ...)
+//		logger.W(ctx, ...)
+//		logger.E(ctx, ...)
+// Or use format:
+//		logger.If(ctx, format, ...)
+//		logger.Tf(ctx, format, ...)
+//		logger.Wf(ctx, format, ...)
+//		logger.Ef(ctx, format, ...)
+// @remark the Context is optional thus can be nil.
+// @remark From 1.7+, the ctx could be context.Context, wrap by logger.WithContext,
+// 	please read ExampleLogger_ContextGO17().
+package logger
+
+import (
+	"fmt"
+	"io"
+	"io/ioutil"
+	"log"
+	"os"
+)
+
+// default level for logger.
+const (
+	logInfoLabel  = "[info] "
+	logTraceLabel = "[trace] "
+	logWarnLabel  = "[warn] "
+	logErrorLabel = "[error] "
+)
+
+// The context for current goroutine.
+// It maybe a cidContext or context.Context from GO1.7.
+// @remark Use logger.WithContext(ctx) to wrap the context.
+type Context interface{}
+
+// The context to get current coroutine cid.
+type cidContext interface {
+	Cid() int
+}
+
+// the LOG+ which provides connection-based log.
+type loggerPlus struct {
+	logger *log.Logger
+}
+
+func NewLoggerPlus(l *log.Logger) Logger {
+	return &loggerPlus{logger: l}
+}
+
+func (v *loggerPlus) format(ctx Context, a ...interface{}) []interface{} {
+	if ctx == nil {
+		return append([]interface{}{fmt.Sprintf("[%v] ", os.Getpid())}, a...)
+	} else if ctx, ok := ctx.(cidContext); ok {
+		return append([]interface{}{fmt.Sprintf("[%v][%v] ", os.Getpid(), ctx.Cid())}, a...)
+	}
+	return a
+}
+
+func (v *loggerPlus) formatf(ctx Context, format string, a ...interface{}) (string, []interface{}) {
+	if ctx == nil {
+		return "[%v] " + format, append([]interface{}{os.Getpid()}, a...)
+	} else if ctx, ok := ctx.(cidContext); ok {
+		return "[%v][%v] " + format, append([]interface{}{os.Getpid(), ctx.Cid()}, a...)
+	}
+	return format, a
+}
+
+var colorYellow = "\033[33m"
+var colorRed = "\033[31m"
+var colorBlack = "\033[0m"
+
+func (v *loggerPlus) doPrintln(args ...interface{}) {
+	if previousCloser == nil {
+		if v == Error {
+			fmt.Fprintf(os.Stdout, colorRed)
+			v.logger.Println(args...)
+			fmt.Fprintf(os.Stdout, colorBlack)
+		} else if v == Warn {
+			fmt.Fprintf(os.Stdout, colorYellow)
+			v.logger.Println(args...)
+			fmt.Fprintf(os.Stdout, colorBlack)
+		} else {
+			v.logger.Println(args...)
+		}
+	} else {
+		v.logger.Println(args...)
+	}
+}
+
+func (v *loggerPlus) doPrintf(format string, args ...interface{}) {
+	if previousCloser == nil {
+		if v == Error {
+			fmt.Fprintf(os.Stdout, colorRed)
+			v.logger.Printf(format, args...)
+			fmt.Fprintf(os.Stdout, colorBlack)
+		} else if v == Warn {
+			fmt.Fprintf(os.Stdout, colorYellow)
+			v.logger.Printf(format, args...)
+			fmt.Fprintf(os.Stdout, colorBlack)
+		} else {
+			v.logger.Printf(format, args...)
+		}
+	} else {
+		v.logger.Printf(format, args...)
+	}
+}
+
+// Info, the verbose info level, very detail log, the lowest level, to discard.
+var Info Logger
+
+// Alias for Info level println.
+func I(ctx Context, a ...interface{}) {
+	Info.Println(ctx, a...)
+}
+
+// Printf for Info level log.
+func If(ctx Context, format string, a ...interface{}) {
+	Info.Printf(ctx, format, a...)
+}
+
+// Trace, the trace level, something important, the default log level, to stdout.
+var Trace Logger
+
+// Alias for Trace level println.
+func T(ctx Context, a ...interface{}) {
+	Trace.Println(ctx, a...)
+}
+
+// Printf for Trace level log.
+func Tf(ctx Context, format string, a ...interface{}) {
+	Trace.Printf(ctx, format, a...)
+}
+
+// Warn, the warning level, dangerous information, to Stdout.
+var Warn Logger
+
+// Alias for Warn level println.
+func W(ctx Context, a ...interface{}) {
+	Warn.Println(ctx, a...)
+}
+
+// Printf for Warn level log.
+func Wf(ctx Context, format string, a ...interface{}) {
+	Warn.Printf(ctx, format, a...)
+}
+
+// Error, the error level, fatal error things, ot Stdout.
+var Error Logger
+
+// Alias for Error level println.
+func E(ctx Context, a ...interface{}) {
+	Error.Println(ctx, a...)
+}
+
+// Printf for Error level log.
+func Ef(ctx Context, format string, a ...interface{}) {
+	Error.Printf(ctx, format, a...)
+}
+
+// The logger for oryx.
+type Logger interface {
+	// Println for logger plus,
+	// @param ctx the connection-oriented context,
+	// 	or context.Context from GO1.7, or nil to ignore.
+	Println(ctx Context, a ...interface{})
+	Printf(ctx Context, format string, a ...interface{})
+}
+
+func init() {
+	Info = NewLoggerPlus(log.New(ioutil.Discard, logInfoLabel, log.Ldate|log.Ltime|log.Lmicroseconds))
+	Trace = NewLoggerPlus(log.New(os.Stdout, logTraceLabel, log.Ldate|log.Ltime|log.Lmicroseconds))
+	Warn = NewLoggerPlus(log.New(os.Stderr, logWarnLabel, log.Ldate|log.Ltime|log.Lmicroseconds))
+	Error = NewLoggerPlus(log.New(os.Stderr, logErrorLabel, log.Ldate|log.Ltime|log.Lmicroseconds))
+
+	// init writer and closer.
+	previousWriter = os.Stdout
+	previousCloser = nil
+}
+
+// Switch the underlayer io.
+// @remark user must close previous io for logger never close it.
+func Switch(w io.Writer) io.Writer {
+	// TODO: support level, default to trace here.
+	Info = NewLoggerPlus(log.New(ioutil.Discard, logInfoLabel, log.Ldate|log.Ltime|log.Lmicroseconds))
+	Trace = NewLoggerPlus(log.New(w, logTraceLabel, log.Ldate|log.Ltime|log.Lmicroseconds))
+	Warn = NewLoggerPlus(log.New(w, logWarnLabel, log.Ldate|log.Ltime|log.Lmicroseconds))
+	Error = NewLoggerPlus(log.New(w, logErrorLabel, log.Ldate|log.Ltime|log.Lmicroseconds))
+
+	ow := previousWriter
+	previousWriter = w
+
+	if c, ok := w.(io.Closer); ok {
+		previousCloser = c
+	}
+
+	return ow
+}
+
+// The previous underlayer io for logger.
+var previousCloser io.Closer
+var previousWriter io.Writer
+
+// The interface io.Closer
+// Cleanup the logger, discard any log util switch to fresh writer.
+func Close() (err error) {
+	Info = NewLoggerPlus(log.New(ioutil.Discard, logInfoLabel, log.Ldate|log.Ltime|log.Lmicroseconds))
+	Trace = NewLoggerPlus(log.New(ioutil.Discard, logTraceLabel, log.Ldate|log.Ltime|log.Lmicroseconds))
+	Warn = NewLoggerPlus(log.New(ioutil.Discard, logWarnLabel, log.Ldate|log.Ltime|log.Lmicroseconds))
+	Error = NewLoggerPlus(log.New(ioutil.Discard, logErrorLabel, log.Ldate|log.Ltime|log.Lmicroseconds))
+
+	if previousCloser != nil {
+		err = previousCloser.Close()
+		previousCloser = nil
+	}
+
+	return
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/ossrs/go-oryx-lib/logger/pre_go17.go b/trunk/3rdparty/srs-bench/vendor/github.com/ossrs/go-oryx-lib/logger/pre_go17.go
new file mode 100644
index 000000000..24041dc88
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/ossrs/go-oryx-lib/logger/pre_go17.go
@@ -0,0 +1,34 @@
+// The MIT License (MIT)
+//
+// Copyright (c) 2013-2017 Oryx(ossrs)
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy of
+// this software and associated documentation files (the "Software"), to deal in
+// the Software without restriction, including without limitation the rights to
+// use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+// the Software, and to permit persons to whom the Software is furnished to do so,
+// subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in all
+// copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+// FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+// COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+// IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+// CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+// +build !go1.7
+
+package logger
+
+func (v *loggerPlus) Println(ctx Context, a ...interface{}) {
+	args := v.format(ctx, a...)
+	v.doPrintln(args...)
+}
+
+func (v *loggerPlus) Printf(ctx Context, format string, a ...interface{}) {
+	format, args := v.formatf(ctx, format, a...)
+	v.doPrintf(format, args...)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/datachannel/.gitignore b/trunk/3rdparty/srs-bench/vendor/github.com/pion/datachannel/.gitignore
new file mode 100644
index 000000000..23501a3c4
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/datachannel/.gitignore
@@ -0,0 +1,2 @@
+# vim temporary files
+*.sw[poe]
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/datachannel/.golangci.yml b/trunk/3rdparty/srs-bench/vendor/github.com/pion/datachannel/.golangci.yml
new file mode 100644
index 000000000..570f17b06
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/datachannel/.golangci.yml
@@ -0,0 +1,8 @@
+linters-settings:
+  govet:
+    check-shadowing: true
+  misspell:
+    locale: US
+
+run:
+  skip-dirs-use-default: false
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/datachannel/DESIGN.md b/trunk/3rdparty/srs-bench/vendor/github.com/pion/datachannel/DESIGN.md
new file mode 100644
index 000000000..55d6c8fff
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/datachannel/DESIGN.md
@@ -0,0 +1,20 @@
+<h1 align="center">
+  Design
+</h1>
+
+### Portable
+Pion Data Channels is written in Go and extremely portable. Anywhere Golang runs, Pion Data Channels should work as well! Instead of dealing with complicated
+cross-compiling of multiple libraries, you now can run anywhere with one `go build`
+
+### Simple API
+The API is based on an io.ReadWriteCloser.
+
+### Readable
+If code comes from an RFC we try to make sure everything is commented with a link to the spec.
+This makes learning and debugging easier, this library was written to also serve as a guide for others.
+
+### Tested
+Every commit is tested via travis-ci Go provides fantastic facilities for testing, and more will be added as time goes on.
+
+### Shared libraries
+Every pion product is built using shared libraries, allowing others to review and reuse our libraries.
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/datachannel/LICENSE b/trunk/3rdparty/srs-bench/vendor/github.com/pion/datachannel/LICENSE
new file mode 100644
index 000000000..ab602974d
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/datachannel/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2018 
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/datachannel/README.md b/trunk/3rdparty/srs-bench/vendor/github.com/pion/datachannel/README.md
new file mode 100644
index 000000000..1132f62ff
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/datachannel/README.md
@@ -0,0 +1,45 @@
+<h1 align="center">
+  <br>
+  Pion Data Channels
+  <br>
+</h1>
+<h4 align="center">A Go implementation of WebRTC Data Channels</h4>
+<p align="center">
+  <a href="https://pion.ly"><img src="https://img.shields.io/badge/pion-datachannel-gray.svg?longCache=true&colorB=brightgreen" alt="Pion Data Channels"></a>
+  <!--<a href="https://sourcegraph.com/github.com/pion/webrtc?badge"><img src="https://sourcegraph.com/github.com/pion/webrtc/-/badge.svg" alt="Sourcegraph Widget"></a>-->
+  <a href="https://pion.ly/slack"><img src="https://img.shields.io/badge/join-us%20on%20slack-gray.svg?longCache=true&logo=slack&colorB=brightgreen" alt="Slack Widget"></a>
+  <br>
+  <a href="https://travis-ci.org/pion/datachannel"><img src="https://travis-ci.org/pion/datachannel.svg?branch=master" alt="Build Status"></a>
+  <a href="https://pkg.go.dev/github.com/pion/datachannel"><img src="https://godoc.org/github.com/pion/datachannel?status.svg" alt="GoDoc"></a>
+  <a href="https://codecov.io/gh/pion/datachannel"><img src="https://codecov.io/gh/pion/datachannel/branch/master/graph/badge.svg" alt="Coverage Status"></a>
+  <a href="https://goreportcard.com/report/github.com/pion/datachannel"><img src="https://goreportcard.com/badge/github.com/pion/datachannel" alt="Go Report Card"></a>
+  <!--<a href="https://www.codacy.com/app/Sean-Der/webrtc"><img src="https://api.codacy.com/project/badge/Grade/18f4aec384894e6aac0b94effe51961d" alt="Codacy Badge"></a>-->
+  <a href="LICENSE"><img src="https://img.shields.io/badge/License-MIT-yellow.svg" alt="License: MIT"></a>
+</p>
+<br>
+
+See [DESIGN.md](DESIGN.md) for an overview of features and future goals.
+
+### Roadmap
+The library is used as a part of our WebRTC implementation. Please refer to that [roadmap](https://github.com/pion/webrtc/issues/9) to track our major milestones.
+
+### Community
+Pion has an active community on the [Golang Slack](https://invite.slack.golangbridge.org/). Sign up and join the **#pion** channel for discussions and support. You can also use [Pion mailing list](https://groups.google.com/forum/#!forum/pion).
+
+We are always looking to support **your projects**. Please reach out if you have something to build!
+
+If you need commercial support or don't want to use public methods you can contact us at [team@pion.ly](mailto:team@pion.ly)
+
+### Contributing
+Check out the **[contributing wiki](https://github.com/pion/webrtc/wiki/Contributing)** to join the group of amazing people making this project possible:
+
+* [John Bradley](https://github.com/kc5nra) - *Original Author*
+* [Sean DuBois](https://github.com/Sean-Der) - *Original Author*
+* [Michiel De Backker](https://github.com/backkem) - *Public API*
+* [Yutaka Takeda](https://github.com/enobufs) - *PR-SCTP*
+* [Hugo Arregui](https://github.com/hugoArregui)
+* [Atsushi Watanabe](https://github.com/at-wat)
+* [Norman Rasmussen](https://github.com/normanr) - *Fix Empty DataChannel messages*
+
+### License
+MIT License - see [LICENSE](LICENSE) for full text
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/datachannel/codecov.yml b/trunk/3rdparty/srs-bench/vendor/github.com/pion/datachannel/codecov.yml
new file mode 100644
index 000000000..085200a48
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/datachannel/codecov.yml
@@ -0,0 +1,20 @@
+#
+# DO NOT EDIT THIS FILE
+#
+# It is automatically copied from https://github.com/pion/.goassets repository.
+#
+
+coverage:
+  status:
+    project:
+      default:
+        # Allow decreasing 2% of total coverage to avoid noise.
+        threshold: 2%
+    patch:
+      default:
+        target: 70%
+        only_pulls: true
+
+ignore:
+  - "examples/*"
+  - "examples/**/*"
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/datachannel/datachannel.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/datachannel/datachannel.go
new file mode 100644
index 000000000..237ad7280
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/datachannel/datachannel.go
@@ -0,0 +1,378 @@
+// Package datachannel implements WebRTC Data Channels
+package datachannel
+
+import (
+	"fmt"
+	"io"
+	"sync/atomic"
+
+	"github.com/pion/logging"
+	"github.com/pion/sctp"
+	"github.com/pkg/errors"
+)
+
+const receiveMTU = 8192
+
+// Reader is an extended io.Reader
+// that also returns if the message is text.
+type Reader interface {
+	ReadDataChannel([]byte) (int, bool, error)
+}
+
+// Writer is an extended io.Writer
+// that also allows indicating if a message is text.
+type Writer interface {
+	WriteDataChannel([]byte, bool) (int, error)
+}
+
+// ReadWriteCloser is an extended io.ReadWriteCloser
+// that also implements our Reader and Writer.
+type ReadWriteCloser interface {
+	io.Reader
+	io.Writer
+	Reader
+	Writer
+	io.Closer
+}
+
+// DataChannel represents a data channel
+type DataChannel struct {
+	Config
+
+	// stats
+	messagesSent     uint32
+	messagesReceived uint32
+	bytesSent        uint64
+	bytesReceived    uint64
+
+	stream *sctp.Stream
+	log    logging.LeveledLogger
+}
+
+// Config is used to configure the data channel.
+type Config struct {
+	ChannelType          ChannelType
+	Negotiated           bool
+	Priority             uint16
+	ReliabilityParameter uint32
+	Label                string
+	Protocol             string
+	LoggerFactory        logging.LoggerFactory
+}
+
+func newDataChannel(stream *sctp.Stream, config *Config) (*DataChannel, error) {
+	return &DataChannel{
+		Config: *config,
+		stream: stream,
+		log:    config.LoggerFactory.NewLogger("datachannel"),
+	}, nil
+}
+
+// Dial opens a data channels over SCTP
+func Dial(a *sctp.Association, id uint16, config *Config) (*DataChannel, error) {
+	stream, err := a.OpenStream(id, sctp.PayloadTypeWebRTCBinary)
+	if err != nil {
+		return nil, err
+	}
+
+	dc, err := Client(stream, config)
+	if err != nil {
+		return nil, err
+	}
+
+	return dc, nil
+}
+
+// Client opens a data channel over an SCTP stream
+func Client(stream *sctp.Stream, config *Config) (*DataChannel, error) {
+	msg := &channelOpen{
+		ChannelType:          config.ChannelType,
+		Priority:             config.Priority,
+		ReliabilityParameter: config.ReliabilityParameter,
+
+		Label:    []byte(config.Label),
+		Protocol: []byte(config.Protocol),
+	}
+
+	if !config.Negotiated {
+		rawMsg, err := msg.Marshal()
+		if err != nil {
+			return nil, fmt.Errorf("failed to marshal ChannelOpen %v", err)
+		}
+
+		if _, err = stream.WriteSCTP(rawMsg, sctp.PayloadTypeWebRTCDCEP); err != nil {
+			return nil, fmt.Errorf("failed to send ChannelOpen %v", err)
+		}
+	}
+	return newDataChannel(stream, config)
+}
+
+// Accept is used to accept incoming data channels over SCTP
+func Accept(a *sctp.Association, config *Config) (*DataChannel, error) {
+	stream, err := a.AcceptStream()
+	if err != nil {
+		return nil, err
+	}
+
+	stream.SetDefaultPayloadType(sctp.PayloadTypeWebRTCBinary)
+
+	dc, err := Server(stream, config)
+	if err != nil {
+		return nil, err
+	}
+
+	return dc, nil
+}
+
+// Server accepts a data channel over an SCTP stream
+func Server(stream *sctp.Stream, config *Config) (*DataChannel, error) {
+	buffer := make([]byte, receiveMTU) // TODO: Can probably be smaller
+	n, ppi, err := stream.ReadSCTP(buffer)
+	if err != nil {
+		return nil, err
+	}
+
+	if ppi != sctp.PayloadTypeWebRTCDCEP {
+		return nil, fmt.Errorf("unexpected packet type: %s", ppi)
+	}
+
+	openMsg, err := parseExpectDataChannelOpen(buffer[:n])
+	if err != nil {
+		return nil, errors.Wrap(err, "failed to parse DataChannelOpen packet")
+	}
+
+	config.ChannelType = openMsg.ChannelType
+	config.Priority = openMsg.Priority
+	config.ReliabilityParameter = openMsg.ReliabilityParameter
+	config.Label = string(openMsg.Label)
+	config.Protocol = string(openMsg.Protocol)
+
+	dataChannel, err := newDataChannel(stream, config)
+	if err != nil {
+		return nil, err
+	}
+
+	err = dataChannel.writeDataChannelAck()
+	if err != nil {
+		return nil, err
+	}
+
+	err = dataChannel.commitReliabilityParams()
+	if err != nil {
+		return nil, err
+	}
+	return dataChannel, nil
+}
+
+// Read reads a packet of len(p) bytes as binary data
+func (c *DataChannel) Read(p []byte) (int, error) {
+	n, _, err := c.ReadDataChannel(p)
+	return n, err
+}
+
+// ReadDataChannel reads a packet of len(p) bytes
+func (c *DataChannel) ReadDataChannel(p []byte) (int, bool, error) {
+	for {
+		n, ppi, err := c.stream.ReadSCTP(p)
+		if err == io.EOF {
+			// When the peer sees that an incoming stream was
+			// reset, it also resets its corresponding outgoing stream.
+			closeErr := c.stream.Close()
+			if closeErr != nil {
+				return 0, false, closeErr
+			}
+		}
+		if err != nil {
+			return 0, false, err
+		}
+
+		var isString bool
+		switch ppi {
+		case sctp.PayloadTypeWebRTCDCEP:
+			err = c.handleDCEP(p[:n])
+			if err != nil {
+				c.log.Errorf("Failed to handle DCEP: %s", err.Error())
+				continue
+			}
+			continue
+		case sctp.PayloadTypeWebRTCString, sctp.PayloadTypeWebRTCStringEmpty:
+			isString = true
+		}
+		switch ppi {
+		case sctp.PayloadTypeWebRTCBinaryEmpty, sctp.PayloadTypeWebRTCStringEmpty:
+			n = 0
+		}
+
+		atomic.AddUint32(&c.messagesReceived, 1)
+		atomic.AddUint64(&c.bytesReceived, uint64(n))
+
+		return n, isString, err
+	}
+}
+
+// MessagesSent returns the number of messages sent
+func (c *DataChannel) MessagesSent() uint32 {
+	return atomic.LoadUint32(&c.messagesSent)
+}
+
+// MessagesReceived returns the number of messages received
+func (c *DataChannel) MessagesReceived() uint32 {
+	return atomic.LoadUint32(&c.messagesReceived)
+}
+
+// BytesSent returns the number of bytes sent
+func (c *DataChannel) BytesSent() uint64 {
+	return atomic.LoadUint64(&c.bytesSent)
+}
+
+// BytesReceived returns the number of bytes received
+func (c *DataChannel) BytesReceived() uint64 {
+	return atomic.LoadUint64(&c.bytesReceived)
+}
+
+// StreamIdentifier returns the Stream identifier associated to the stream.
+func (c *DataChannel) StreamIdentifier() uint16 {
+	return c.stream.StreamIdentifier()
+}
+
+func (c *DataChannel) handleDCEP(data []byte) error {
+	msg, err := parse(data)
+	if err != nil {
+		return errors.Wrap(err, "Failed to parse DataChannel packet")
+	}
+
+	switch msg := msg.(type) {
+	case *channelOpen:
+		c.log.Debug("Received DATA_CHANNEL_OPEN")
+		err = c.writeDataChannelAck()
+		if err != nil {
+			return fmt.Errorf("failed to ACK channel open: %v", err)
+		}
+		// Note: DATA_CHANNEL_OPEN message is handled inside Server() method.
+		// Therefore, the message will not reach here.
+
+	case *channelAck:
+		c.log.Debug("Received DATA_CHANNEL_ACK")
+		err = c.commitReliabilityParams()
+		if err != nil {
+			return err
+		}
+		// TODO: handle ChannelAck (https://tools.ietf.org/html/draft-ietf-rtcweb-data-protocol-09#section-5.2)
+
+	default:
+		return fmt.Errorf("unhandled DataChannel message %v", msg)
+	}
+
+	return nil
+}
+
+// Write writes len(p) bytes from p as binary data
+func (c *DataChannel) Write(p []byte) (n int, err error) {
+	return c.WriteDataChannel(p, false)
+}
+
+// WriteDataChannel writes len(p) bytes from p
+func (c *DataChannel) WriteDataChannel(p []byte, isString bool) (n int, err error) {
+	// https://tools.ietf.org/html/draft-ietf-rtcweb-data-channel-12#section-6.6
+	// SCTP does not support the sending of empty user messages.  Therefore,
+	// if an empty message has to be sent, the appropriate PPID (WebRTC
+	// String Empty or WebRTC Binary Empty) is used and the SCTP user
+	// message of one zero byte is sent.  When receiving an SCTP user
+	// message with one of these PPIDs, the receiver MUST ignore the SCTP
+	// user message and process it as an empty message.
+	var ppi sctp.PayloadProtocolIdentifier
+	switch {
+	case !isString && len(p) > 0:
+		ppi = sctp.PayloadTypeWebRTCBinary
+	case !isString && len(p) == 0:
+		ppi = sctp.PayloadTypeWebRTCBinaryEmpty
+	case isString && len(p) > 0:
+		ppi = sctp.PayloadTypeWebRTCString
+	case isString && len(p) == 0:
+		ppi = sctp.PayloadTypeWebRTCStringEmpty
+	}
+
+	atomic.AddUint32(&c.messagesSent, 1)
+	atomic.AddUint64(&c.bytesSent, uint64(len(p)))
+
+	if len(p) == 0 {
+		_, err := c.stream.WriteSCTP([]byte{0}, ppi)
+		return 0, err
+	}
+	return c.stream.WriteSCTP(p, ppi)
+}
+
+func (c *DataChannel) writeDataChannelAck() error {
+	ack := channelAck{}
+	ackMsg, err := ack.Marshal()
+	if err != nil {
+		return fmt.Errorf("failed to marshal ChannelOpen ACK: %v", err)
+	}
+
+	_, err = c.stream.WriteSCTP(ackMsg, sctp.PayloadTypeWebRTCDCEP)
+	if err != nil {
+		return fmt.Errorf("failed to send ChannelOpen ACK: %v", err)
+	}
+
+	return err
+}
+
+// Close closes the DataChannel and the underlying SCTP stream.
+func (c *DataChannel) Close() error {
+	// https://tools.ietf.org/html/draft-ietf-rtcweb-data-channel-13#section-6.7
+	// Closing of a data channel MUST be signaled by resetting the
+	// corresponding outgoing streams [RFC6525].  This means that if one
+	// side decides to close the data channel, it resets the corresponding
+	// outgoing stream.  When the peer sees that an incoming stream was
+	// reset, it also resets its corresponding outgoing stream.  Once this
+	// is completed, the data channel is closed.  Resetting a stream sets
+	// the Stream Sequence Numbers (SSNs) of the stream back to 'zero' with
+	// a corresponding notification to the application layer that the reset
+	// has been performed.  Streams are available for reuse after a reset
+	// has been performed.
+	return c.stream.Close()
+}
+
+// BufferedAmount returns the number of bytes of data currently queued to be
+// sent over this stream.
+func (c *DataChannel) BufferedAmount() uint64 {
+	return c.stream.BufferedAmount()
+}
+
+// BufferedAmountLowThreshold returns the number of bytes of buffered outgoing
+// data that is considered "low." Defaults to 0.
+func (c *DataChannel) BufferedAmountLowThreshold() uint64 {
+	return c.stream.BufferedAmountLowThreshold()
+}
+
+// SetBufferedAmountLowThreshold is used to update the threshold.
+// See BufferedAmountLowThreshold().
+func (c *DataChannel) SetBufferedAmountLowThreshold(th uint64) {
+	c.stream.SetBufferedAmountLowThreshold(th)
+}
+
+// OnBufferedAmountLow sets the callback handler which would be called when the
+// number of bytes of outgoing data buffered is lower than the threshold.
+func (c *DataChannel) OnBufferedAmountLow(f func()) {
+	c.stream.OnBufferedAmountLow(f)
+}
+
+func (c *DataChannel) commitReliabilityParams() error {
+	switch c.Config.ChannelType {
+	case ChannelTypeReliable:
+		c.stream.SetReliabilityParams(false, sctp.ReliabilityTypeReliable, c.Config.ReliabilityParameter)
+	case ChannelTypeReliableUnordered:
+		c.stream.SetReliabilityParams(true, sctp.ReliabilityTypeReliable, c.Config.ReliabilityParameter)
+	case ChannelTypePartialReliableRexmit:
+		c.stream.SetReliabilityParams(false, sctp.ReliabilityTypeRexmit, c.Config.ReliabilityParameter)
+	case ChannelTypePartialReliableRexmitUnordered:
+		c.stream.SetReliabilityParams(true, sctp.ReliabilityTypeRexmit, c.Config.ReliabilityParameter)
+	case ChannelTypePartialReliableTimed:
+		c.stream.SetReliabilityParams(false, sctp.ReliabilityTypeTimed, c.Config.ReliabilityParameter)
+	case ChannelTypePartialReliableTimedUnordered:
+		c.stream.SetReliabilityParams(true, sctp.ReliabilityTypeTimed, c.Config.ReliabilityParameter)
+	default:
+		return fmt.Errorf("invalid ChannelType: %v ", c.Config.ChannelType)
+	}
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/datachannel/go.mod b/trunk/3rdparty/srs-bench/vendor/github.com/pion/datachannel/go.mod
new file mode 100644
index 000000000..e635596eb
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/datachannel/go.mod
@@ -0,0 +1,11 @@
+module github.com/pion/datachannel
+
+require (
+	github.com/pion/logging v0.2.2
+	github.com/pion/sctp v1.7.10
+	github.com/pion/transport v0.10.1
+	github.com/pkg/errors v0.9.1
+	github.com/stretchr/testify v1.6.1
+)
+
+go 1.13
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/datachannel/go.sum b/trunk/3rdparty/srs-bench/vendor/github.com/pion/datachannel/go.sum
new file mode 100644
index 000000000..f9ede0831
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/datachannel/go.sum
@@ -0,0 +1,38 @@
+github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
+github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/pion/logging v0.2.2 h1:M9+AIj/+pxNsDfAT64+MAVgJO0rsyLnoJKCqf//DoeY=
+github.com/pion/logging v0.2.2/go.mod h1:k0/tDVsRCX2Mb2ZEmTqNa7CWsQPc+YYCB7Q+5pahoms=
+github.com/pion/randutil v0.1.0 h1:CFG1UdESneORglEsnimhUjf33Rwjubwj6xfiOXBa3mA=
+github.com/pion/randutil v0.1.0/go.mod h1:XcJrSMMbbMRhASFVOlj/5hQial/Y8oH/HVo7TBZq+j8=
+github.com/pion/sctp v1.7.10 h1:o3p3/hZB5Cx12RMGyWmItevJtZ6o2cpuxaw6GOS4x+8=
+github.com/pion/sctp v1.7.10/go.mod h1:EhpTUQu1/lcK3xI+eriS6/96fWetHGCvBi9MSsnaBN0=
+github.com/pion/transport v0.10.1 h1:2W+yJT+0mOQ160ThZYUx5Zp2skzshiNgxrNE9GUfhJM=
+github.com/pion/transport v0.10.1/go.mod h1:PBis1stIILMiis0PewDw91WJeLJkyIMcEk+DwKOzf4A=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20200625001655-4c5254603344 h1:vGXIOMxbNfDTk/aXCmfdLgkrSV+Z2tcbze+pEc3v5W4=
+golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo=
+gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/datachannel/message.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/datachannel/message.go
new file mode 100644
index 000000000..84665cbb3
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/datachannel/message.go
@@ -0,0 +1,94 @@
+package datachannel
+
+import (
+	"fmt"
+
+	"github.com/pkg/errors"
+)
+
+// message is a parsed DataChannel message
+type message interface {
+	Marshal() ([]byte, error)
+	Unmarshal([]byte) error
+}
+
+// messageType is the first byte in a DataChannel message that specifies type
+type messageType byte
+
+// DataChannel Message Types
+const (
+	dataChannelAck  messageType = 0x02
+	dataChannelOpen messageType = 0x03
+)
+
+func (t messageType) String() string {
+	switch t {
+	case dataChannelAck:
+		return "DataChannelAck"
+	case dataChannelOpen:
+		return "DataChannelOpen"
+	default:
+		return fmt.Sprintf("Unknown MessageType: %d", t)
+	}
+}
+
+// parse accepts raw input and returns a DataChannel message
+func parse(raw []byte) (message, error) {
+	if len(raw) == 0 {
+		return nil, errors.Errorf("DataChannel message is not long enough to determine type ")
+	}
+
+	var msg message
+	switch messageType(raw[0]) {
+	case dataChannelOpen:
+		msg = &channelOpen{}
+	case dataChannelAck:
+		msg = &channelAck{}
+	default:
+		return nil, errors.Errorf("Unknown MessageType %v", messageType(raw[0]))
+	}
+
+	if err := msg.Unmarshal(raw); err != nil {
+		return nil, err
+	}
+
+	return msg, nil
+}
+
+// parseExpectDataChannelOpen parses a DataChannelOpen message
+// or throws an error
+func parseExpectDataChannelOpen(raw []byte) (*channelOpen, error) {
+	if len(raw) == 0 {
+		return nil, errors.Errorf("the DataChannel message is not long enough to determine type")
+	}
+
+	if actualTyp := messageType(raw[0]); actualTyp != dataChannelOpen {
+		return nil, errors.Errorf("expected DataChannelOpen but got %s", actualTyp)
+	}
+
+	msg := &channelOpen{}
+	if err := msg.Unmarshal(raw); err != nil {
+		return nil, err
+	}
+
+	return msg, nil
+}
+
+// parseExpectDataChannelAck parses a DataChannelAck message
+// or throws an error
+// func parseExpectDataChannelAck(raw []byte) (*channelAck, error) {
+// 	if len(raw) == 0 {
+// 		return nil, errors.Errorf("the DataChannel message is not long enough to determine type")
+// 	}
+//
+// 	if actualTyp := messageType(raw[0]); actualTyp != dataChannelAck {
+// 		return nil, errors.Errorf("expected DataChannelAck but got %s", actualTyp)
+// 	}
+//
+// 	msg := &channelAck{}
+// 	if err := msg.Unmarshal(raw); err != nil {
+// 		return nil, err
+// 	}
+//
+// 	return msg, nil
+// }
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/datachannel/message_channel_ack.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/datachannel/message_channel_ack.go
new file mode 100644
index 000000000..fd2075790
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/datachannel/message_channel_ack.go
@@ -0,0 +1,22 @@
+package datachannel
+
+// channelAck is used to ACK a DataChannel open
+type channelAck struct{}
+
+const (
+	channelOpenAckLength = 4
+)
+
+// Marshal returns raw bytes for the given message
+func (c *channelAck) Marshal() ([]byte, error) {
+	raw := make([]byte, channelOpenAckLength)
+	raw[0] = uint8(dataChannelAck)
+
+	return raw, nil
+}
+
+// Unmarshal populates the struct with the given raw data
+func (c *channelAck) Unmarshal(raw []byte) error {
+	// Message type already checked in Parse and there is no further data
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/datachannel/message_channel_open.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/datachannel/message_channel_open.go
new file mode 100644
index 000000000..9dce03645
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/datachannel/message_channel_open.go
@@ -0,0 +1,123 @@
+package datachannel
+
+import (
+	"encoding/binary"
+
+	"github.com/pkg/errors"
+)
+
+/*
+channelOpen represents a DATA_CHANNEL_OPEN Message
+
+ 0                   1                   2                   3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+|  Message Type |  Channel Type |            Priority           |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+|                    Reliability Parameter                      |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+|         Label Length          |       Protocol Length         |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+|                                                               |
+|                             Label                             |
+|                                                               |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+|                                                               |
+|                            Protocol                           |
+|                                                               |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+*/
+type channelOpen struct {
+	ChannelType          ChannelType
+	Priority             uint16
+	ReliabilityParameter uint32
+
+	Label    []byte
+	Protocol []byte
+}
+
+const (
+	channelOpenHeaderLength = 12
+)
+
+// ChannelType determines the reliability of the WebRTC DataChannel
+type ChannelType byte
+
+// ChannelType enums
+const (
+	// ChannelTypeReliable determines the Data Channel provides a
+	// reliable in-order bi-directional communication.
+	ChannelTypeReliable ChannelType = 0x00
+	// ChannelTypeReliableUnordered determines the Data Channel
+	// provides a reliable unordered bi-directional communication.
+	ChannelTypeReliableUnordered ChannelType = 0x80
+	// ChannelTypePartialReliableRexmit determines the Data Channel
+	// provides a partially-reliable in-order bi-directional communication.
+	// User messages will not be retransmitted more times than specified in the Reliability Parameter.
+	ChannelTypePartialReliableRexmit ChannelType = 0x01
+	// ChannelTypePartialReliableRexmitUnordered determines
+	//  the Data Channel provides a partial reliable unordered bi-directional communication.
+	// User messages will not be retransmitted more times than specified in the Reliability Parameter.
+	ChannelTypePartialReliableRexmitUnordered ChannelType = 0x81
+	// ChannelTypePartialReliableTimed determines the Data Channel
+	// provides a partial reliable in-order bi-directional communication.
+	// User messages might not be transmitted or retransmitted after
+	// a specified life-time given in milli- seconds in the Reliability Parameter.
+	// This life-time starts when providing the user message to the protocol stack.
+	ChannelTypePartialReliableTimed ChannelType = 0x02
+	// The Data Channel provides a partial reliable unordered bi-directional
+	// communication.  User messages might not be transmitted or retransmitted
+	// after a specified life-time given in milli- seconds in the Reliability Parameter.
+	// This life-time starts when providing the user message to the protocol stack.
+	ChannelTypePartialReliableTimedUnordered ChannelType = 0x82
+)
+
+// ChannelPriority enums
+const (
+	ChannelPriorityBelowNormal uint16 = 128
+	ChannelPriorityNormal      uint16 = 256
+	ChannelPriorityHigh        uint16 = 512
+	ChannelPriorityExtraHigh   uint16 = 1024
+)
+
+// Marshal returns raw bytes for the given message
+func (c *channelOpen) Marshal() ([]byte, error) {
+	labelLength := len(c.Label)
+	protocolLength := len(c.Protocol)
+
+	totalLen := channelOpenHeaderLength + labelLength + protocolLength
+	raw := make([]byte, totalLen)
+
+	raw[0] = uint8(dataChannelOpen)
+	raw[1] = byte(c.ChannelType)
+	binary.BigEndian.PutUint16(raw[2:], c.Priority)
+	binary.BigEndian.PutUint32(raw[4:], c.ReliabilityParameter)
+	binary.BigEndian.PutUint16(raw[8:], uint16(labelLength))
+	binary.BigEndian.PutUint16(raw[10:], uint16(protocolLength))
+	endLabel := channelOpenHeaderLength + labelLength
+	copy(raw[channelOpenHeaderLength:endLabel], c.Label)
+	copy(raw[endLabel:endLabel+protocolLength], c.Protocol)
+
+	return raw, nil
+}
+
+// Unmarshal populates the struct with the given raw data
+func (c *channelOpen) Unmarshal(raw []byte) error {
+	if len(raw) < channelOpenHeaderLength {
+		return errors.Errorf("Length of input is not long enough to satisfy header %d", len(raw))
+	}
+	c.ChannelType = ChannelType(raw[1])
+	c.Priority = binary.BigEndian.Uint16(raw[2:])
+	c.ReliabilityParameter = binary.BigEndian.Uint32(raw[4:])
+
+	labelLength := binary.BigEndian.Uint16(raw[8:])
+	protocolLength := binary.BigEndian.Uint16(raw[10:])
+
+	if len(raw) != int(channelOpenHeaderLength+labelLength+protocolLength) {
+		return errors.Errorf("Label + Protocol length don't match full packet length")
+	}
+
+	c.Label = raw[channelOpenHeaderLength : channelOpenHeaderLength+labelLength]
+	c.Protocol = raw[channelOpenHeaderLength+labelLength : channelOpenHeaderLength+labelLength+protocolLength]
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/datachannel/renovate.json b/trunk/3rdparty/srs-bench/vendor/github.com/pion/datachannel/renovate.json
new file mode 100644
index 000000000..4400fd9b2
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/datachannel/renovate.json
@@ -0,0 +1,15 @@
+{
+  "extends": [
+    "config:base"
+  ],
+  "postUpdateOptions": [
+    "gomodTidy"
+  ],
+  "commitBody": "Generated by renovateBot",
+  "packageRules": [
+    {
+      "packagePatterns": ["^golang.org/x/"],
+      "schedule": ["on the first day of the month"]
+    }
+  ]
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/.editorconfig b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/.editorconfig
new file mode 100644
index 000000000..d2b32061a
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/.editorconfig
@@ -0,0 +1,21 @@
+# http://editorconfig.org/
+
+root = true
+
+[*]
+charset = utf-8
+insert_final_newline = true
+trim_trailing_whitespace = true
+end_of_line = lf
+
+[*.go]
+indent_style = tab
+indent_size = 4
+
+[{*.yml,*.yaml}]
+indent_style = space
+indent_size = 2
+
+# Makefiles always use tabs for indentation
+[Makefile]
+indent_style = tab
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/.gitignore b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/.gitignore
new file mode 100644
index 000000000..0e52f2f36
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/.gitignore
@@ -0,0 +1,2 @@
+vendor
+*-fuzz.zip
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/.golangci.yml b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/.golangci.yml
new file mode 100644
index 000000000..d6162c970
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/.golangci.yml
@@ -0,0 +1,89 @@
+linters-settings:
+  govet:
+    check-shadowing: true
+  misspell:
+    locale: US
+  exhaustive:
+    default-signifies-exhaustive: true
+  gomodguard:
+    blocked:
+      modules:
+        - github.com/pkg/errors:
+            recommendations:
+            - errors
+
+linters:
+  enable:
+    - asciicheck       # Simple linter to check that your code does not contain non-ASCII identifiers
+    - bodyclose        # checks whether HTTP response body is closed successfully
+    - deadcode         # Finds unused code
+    - depguard         # Go linter that checks if package imports are in a list of acceptable packages
+    - dogsled          # Checks assignments with too many blank identifiers (e.g. x, _, _, _, := f())
+    - dupl             # Tool for code clone detection
+    - errcheck         # Errcheck is a program for checking for unchecked errors in go programs. These unchecked errors can be critical bugs in some cases
+    - exhaustive       # check exhaustiveness of enum switch statements
+    - exportloopref    # checks for pointers to enclosing loop variables
+    - gci              # Gci control golang package import order and make it always deterministic.
+    - gochecknoglobals # Checks that no globals are present in Go code
+    - gochecknoinits   # Checks that no init functions are present in Go code
+    - gocognit         # Computes and checks the cognitive complexity of functions
+    - goconst          # Finds repeated strings that could be replaced by a constant
+    - gocritic         # The most opinionated Go source code linter
+    - godox            # Tool for detection of FIXME, TODO and other comment keywords
+    - goerr113         # Golang linter to check the errors handling expressions
+    - gofmt            # Gofmt checks whether code was gofmt-ed. By default this tool runs with -s option to check for code simplification
+    - gofumpt          # Gofumpt checks whether code was gofumpt-ed.
+    - goheader         # Checks is file header matches to pattern
+    - goimports        # Goimports does everything that gofmt does. Additionally it checks unused imports
+    - golint           # Golint differs from gofmt. Gofmt reformats Go source code, whereas golint prints out style mistakes
+    - gomodguard       # Allow and block list linter for direct Go module dependencies. This is different from depguard where there are different block types for example version constraints and module recommendations.
+    - goprintffuncname # Checks that printf-like functions are named with `f` at the end
+    - gosec            # Inspects source code for security problems
+    - gosimple         # Linter for Go source code that specializes in simplifying a code
+    - govet            # Vet examines Go source code and reports suspicious constructs, such as Printf calls whose arguments do not align with the format string
+    - ineffassign      # Detects when assignments to existing variables are not used
+    - misspell         # Finds commonly misspelled English words in comments
+    - nakedret         # Finds naked returns in functions greater than a specified function length
+    - noctx            # noctx finds sending http request without context.Context
+    - scopelint        # Scopelint checks for unpinned variables in go programs
+    - staticcheck      # Staticcheck is a go vet on steroids, applying a ton of static analysis checks
+    - structcheck      # Finds unused struct fields
+    - stylecheck       # Stylecheck is a replacement for golint
+    - typecheck        # Like the front-end of a Go compiler, parses and type-checks Go code
+    - unconvert        # Remove unnecessary type conversions
+    - unparam          # Reports unused function parameters
+    - unused           # Checks Go code for unused constants, variables, functions and types
+    - varcheck         # Finds unused global variables and constants
+    - whitespace       # Tool for detection of leading and trailing whitespace
+  disable:
+    - funlen           # Tool for detection of long functions
+    - gocyclo          # Computes and checks the cyclomatic complexity of functions
+    - godot            # Check if comments end in a period
+    - gomnd            # An analyzer to detect magic numbers.
+    - lll              # Reports long lines
+    - maligned         # Tool to detect Go structs that would take less memory if their fields were sorted
+    - nestif           # Reports deeply nested if statements
+    - nlreturn         # nlreturn checks for a new line before return and branch statements to increase code clarity
+    - nolintlint       # Reports ill-formed or insufficient nolint directives
+    - prealloc         # Finds slice declarations that could potentially be preallocated
+    - rowserrcheck     # checks whether Err of rows is checked successfully
+    - sqlclosecheck    # Checks that sql.Rows and sql.Stmt are closed.
+    - testpackage      # linter that makes you use a separate _test package
+    - wsl              # Whitespace Linter - Forces you to use empty lines!
+
+issues:
+  exclude-use-default: false
+  exclude-rules:
+    # Allow complex tests, better to be self contained
+    - path: _test\.go
+      linters:
+        - gocognit
+
+    # Allow complex main function in examples
+    - path: examples
+      text: "of func `main` is high"
+      linters:
+        - gocognit
+
+run:
+  skip-dirs-use-default: false
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/LICENSE b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/LICENSE
new file mode 100644
index 000000000..ab602974d
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2018 
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/Makefile b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/Makefile
new file mode 100644
index 000000000..1df38b223
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/Makefile
@@ -0,0 +1,6 @@
+fuzz-build-record-layer: fuzz-prepare
+	go-fuzz-build -tags gofuzz -func FuzzRecordLayer
+fuzz-run-record-layer:
+	go-fuzz -bin dtls-fuzz.zip -workdir fuzz
+fuzz-prepare:
+	@GO111MODULE=on go mod vendor
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/README.md b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/README.md
new file mode 100644
index 000000000..3e4073013
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/README.md
@@ -0,0 +1,151 @@
+<h1 align="center">
+  <br>
+  Pion DTLS
+  <br>
+</h1>
+<h4 align="center">A Go implementation of DTLS</h4>
+<p align="center">
+  <a href="https://pion.ly"><img src="https://img.shields.io/badge/pion-dtls-gray.svg?longCache=true&colorB=brightgreen" alt="Pion DTLS"></a>
+  <a href="https://sourcegraph.com/github.com/pion/dtls"><img src="https://sourcegraph.com/github.com/pion/dtls/-/badge.svg" alt="Sourcegraph Widget"></a>
+  <a href="https://pion.ly/slack"><img src="https://img.shields.io/badge/join-us%20on%20slack-gray.svg?longCache=true&logo=slack&colorB=brightgreen" alt="Slack Widget"></a>
+  <br>
+  <a href="https://travis-ci.org/pion/dtls"><img src="https://travis-ci.org/pion/dtls.svg?branch=master" alt="Build Status"></a>
+  <a href="https://pkg.go.dev/github.com/pion/dtls"><img src="https://godoc.org/github.com/pion/dtls?status.svg" alt="GoDoc"></a>
+  <a href="https://codecov.io/gh/pion/dtls"><img src="https://codecov.io/gh/pion/dtls/branch/master/graph/badge.svg" alt="Coverage Status"></a>
+  <a href="https://goreportcard.com/report/github.com/pion/dtls"><img src="https://goreportcard.com/badge/github.com/pion/dtls" alt="Go Report Card"></a>
+  <a href="https://www.codacy.com/app/Sean-Der/dtls"><img src="https://api.codacy.com/project/badge/Grade/18f4aec384894e6aac0b94effe51961d" alt="Codacy Badge"></a>
+  <a href="LICENSE"><img src="https://img.shields.io/badge/License-MIT-yellow.svg" alt="License: MIT"></a>
+</p>
+<br>
+
+Native [DTLS 1.2][rfc6347] implementation in the Go programming language.
+
+A long term goal is a professional security review, and maye inclusion in stdlib.
+
+[rfc6347]: https://tools.ietf.org/html/rfc6347
+
+### Goals/Progress
+This will only be targeting DTLS 1.2, and the most modern/common cipher suites.
+We would love contributes that fall under the 'Planned Features' and fixing any bugs!
+
+#### Current features
+* DTLS 1.2 Client/Server
+* Key Exchange via ECDHE(curve25519, nistp256, nistp384) and PSK
+* Packet loss and re-ordering is handled during handshaking
+* Key export ([RFC 5705][rfc5705])
+* Serialization and Resumption of sessions
+* Extended Master Secret extension ([RFC 7627][rfc7627])
+
+[rfc5705]: https://tools.ietf.org/html/rfc5705
+[rfc7627]: https://tools.ietf.org/html/rfc7627
+
+#### Supported ciphers
+
+##### ECDHE
+* TLS_ECDHE_ECDSA_WITH_AES_128_CCM ([RFC 6655][rfc6655])
+* TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 ([RFC 6655][rfc6655])
+* TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ([RFC 5289][rfc5289])
+* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ([RFC 5289][rfc5289])
+* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA ([RFC 8422][rfc8422])
+* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ([RFC 8422][rfc8422])
+
+##### PSK
+* TLS_PSK_WITH_AES_128_CCM ([RFC 6655][rfc6655])
+* TLS_PSK_WITH_AES_128_CCM_8 ([RFC 6655][rfc6655])
+* TLS_PSK_WITH_AES_128_GCM_SHA256 ([RFC 5487][rfc5487])
+
+[rfc5289]: https://tools.ietf.org/html/rfc5289
+[rfc8422]: https://tools.ietf.org/html/rfc8422
+[rfc6655]: https://tools.ietf.org/html/rfc6655
+[rfc5487]: https://tools.ietf.org/html/rfc5487
+
+#### Planned Features
+* Chacha20Poly1305
+
+#### Excluded Features
+* DTLS 1.0
+* Renegotiation
+* Compression
+
+### Using
+
+This library needs at least Go 1.13, and you should have [Go modules
+enabled](https://github.com/golang/go/wiki/Modules).
+
+#### Pion DTLS
+For a DTLS 1.2 Server that listens on 127.0.0.1:4444
+```sh
+go run examples/listen/selfsign/main.go
+```
+
+For a DTLS 1.2 Client that connects to 127.0.0.1:4444
+```sh
+go run examples/dial/selfsign/main.go
+```
+
+#### OpenSSL
+Pion DTLS can connect to itself and OpenSSL.
+```
+  // Generate a certificate
+  openssl ecparam -out key.pem -name prime256v1 -genkey
+  openssl req -new -sha256 -key key.pem -out server.csr
+  openssl x509 -req -sha256 -days 365 -in server.csr -signkey key.pem -out cert.pem
+
+  // Use with examples/dial/selfsign/main.go
+  openssl s_server -dtls1_2 -cert cert.pem -key key.pem -accept 4444
+
+  // Use with examples/listen/selfsign/main.go
+  openssl s_client -dtls1_2 -connect 127.0.0.1:4444 -debug -cert cert.pem -key key.pem
+```
+
+### Using with PSK
+Pion DTLS also comes with examples that do key exchange via PSK
+
+
+#### Pion DTLS
+```sh
+go run examples/listen/psk/main.go
+```
+
+```sh
+go run examples/dial/psk/main.go
+```
+
+#### OpenSSL
+```
+  // Use with examples/dial/psk/main.go
+  openssl s_server -dtls1_2 -accept 4444 -nocert -psk abc123 -cipher PSK-AES128-CCM8
+
+  // Use with examples/listen/psk/main.go
+  openssl s_client -dtls1_2 -connect 127.0.0.1:4444 -psk abc123 -cipher PSK-AES128-CCM8
+```
+
+### Contributing
+Check out the **[contributing wiki](https://github.com/pion/webrtc/wiki/Contributing)** to join the group of amazing people making this project possible:
+
+* [Sean DuBois](https://github.com/Sean-Der) - *Original Author*
+* [Michiel De Backker](https://github.com/backkem) - *Public API*
+* [Chris Hiszpanski](https://github.com/thinkski) - *Support Signature Algorithms Extension*
+* [Iñigo Garcia Olaizola](https://github.com/igolaizola) - *Serialization & resumption, cert verification, E2E*
+* [Daniele Sluijters](https://github.com/daenney) - *AES-CCM support*
+* [Jin Lei](https://github.com/jinleileiking) - *Logging*
+* [Hugo Arregui](https://github.com/hugoArregui)
+* [Lander Noterman](https://github.com/LanderN)
+* [Aleksandr Razumov](https://github.com/ernado) - *Fuzzing*
+* [Ryan Gordon](https://github.com/ryangordon)
+* [Stefan Tatschner](https://rumpelsepp.org/contact.html)
+* [Hayden James](https://github.com/hjames9)
+* [Jozef Kralik](https://github.com/jkralik)
+* [Robert Eperjesi](https://github.com/epes)
+* [Atsushi Watanabe](https://github.com/at-wat)
+* [Julien Salleyron](https://github.com/juliens) - *Server Name Indication*
+* [Jeroen de Bruijn](https://github.com/vidavidorra)
+* [bjdgyc](https://github.com/bjdgyc)
+* [Jeffrey Stoke (Jeff Ctor)](https://github.com/jeffreystoke) - *Fragmentbuffer Fix*
+* [Frank Olbricht](https://github.com/folbricht)
+* [ZHENK](https://github.com/scorpionknifes)
+* [Carson Hoffman](https://github.com/CarsonHoffman)
+* [Vadim Filimonov](https://github.com/fffilimonov)
+
+### License
+MIT License - see [LICENSE](LICENSE) for full text
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/alert.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/alert.go
new file mode 100644
index 000000000..b747016b5
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/alert.go
@@ -0,0 +1,145 @@
+package dtls
+
+import "fmt"
+
+type alertLevel byte
+
+const (
+	alertLevelWarning alertLevel = 1
+	alertLevelFatal   alertLevel = 2
+)
+
+func (a alertLevel) String() string {
+	switch a {
+	case alertLevelWarning:
+		return "LevelWarning"
+	case alertLevelFatal:
+		return "LevelFatal"
+	default:
+		return "Invalid alert level"
+	}
+}
+
+type alertDescription byte
+
+const (
+	alertCloseNotify            alertDescription = 0
+	alertUnexpectedMessage      alertDescription = 10
+	alertBadRecordMac           alertDescription = 20
+	alertDecryptionFailed       alertDescription = 21
+	alertRecordOverflow         alertDescription = 22
+	alertDecompressionFailure   alertDescription = 30
+	alertHandshakeFailure       alertDescription = 40
+	alertNoCertificate          alertDescription = 41
+	alertBadCertificate         alertDescription = 42
+	alertUnsupportedCertificate alertDescription = 43
+	alertCertificateRevoked     alertDescription = 44
+	alertCertificateExpired     alertDescription = 45
+	alertCertificateUnknown     alertDescription = 46
+	alertIllegalParameter       alertDescription = 47
+	alertUnknownCA              alertDescription = 48
+	alertAccessDenied           alertDescription = 49
+	alertDecodeError            alertDescription = 50
+	alertDecryptError           alertDescription = 51
+	alertExportRestriction      alertDescription = 60
+	alertProtocolVersion        alertDescription = 70
+	alertInsufficientSecurity   alertDescription = 71
+	alertInternalError          alertDescription = 80
+	alertUserCanceled           alertDescription = 90
+	alertNoRenegotiation        alertDescription = 100
+	alertUnsupportedExtension   alertDescription = 110
+)
+
+func (a alertDescription) String() string {
+	switch a {
+	case alertCloseNotify:
+		return "CloseNotify"
+	case alertUnexpectedMessage:
+		return "UnexpectedMessage"
+	case alertBadRecordMac:
+		return "BadRecordMac"
+	case alertDecryptionFailed:
+		return "DecryptionFailed"
+	case alertRecordOverflow:
+		return "RecordOverflow"
+	case alertDecompressionFailure:
+		return "DecompressionFailure"
+	case alertHandshakeFailure:
+		return "HandshakeFailure"
+	case alertNoCertificate:
+		return "NoCertificate"
+	case alertBadCertificate:
+		return "BadCertificate"
+	case alertUnsupportedCertificate:
+		return "UnsupportedCertificate"
+	case alertCertificateRevoked:
+		return "CertificateRevoked"
+	case alertCertificateExpired:
+		return "CertificateExpired"
+	case alertCertificateUnknown:
+		return "CertificateUnknown"
+	case alertIllegalParameter:
+		return "IllegalParameter"
+	case alertUnknownCA:
+		return "UnknownCA"
+	case alertAccessDenied:
+		return "AccessDenied"
+	case alertDecodeError:
+		return "DecodeError"
+	case alertDecryptError:
+		return "DecryptError"
+	case alertExportRestriction:
+		return "ExportRestriction"
+	case alertProtocolVersion:
+		return "ProtocolVersion"
+	case alertInsufficientSecurity:
+		return "InsufficientSecurity"
+	case alertInternalError:
+		return "InternalError"
+	case alertUserCanceled:
+		return "UserCanceled"
+	case alertNoRenegotiation:
+		return "NoRenegotiation"
+	case alertUnsupportedExtension:
+		return "UnsupportedExtension"
+	default:
+		return "Invalid alert description"
+	}
+}
+
+// One of the content types supported by the TLS record layer is the
+// alert type.  Alert messages convey the severity of the message
+// (warning or fatal) and a description of the alert.  Alert messages
+// with a level of fatal result in the immediate termination of the
+// connection.  In this case, other connections corresponding to the
+// session may continue, but the session identifier MUST be invalidated,
+// preventing the failed session from being used to establish new
+// connections.  Like other messages, alert messages are encrypted and
+// compressed, as specified by the current connection state.
+// https://tools.ietf.org/html/rfc5246#section-7.2
+type alert struct {
+	alertLevel       alertLevel
+	alertDescription alertDescription
+}
+
+func (a alert) contentType() contentType {
+	return contentTypeAlert
+}
+
+func (a *alert) Marshal() ([]byte, error) {
+	return []byte{byte(a.alertLevel), byte(a.alertDescription)}, nil
+}
+
+func (a *alert) Unmarshal(data []byte) error {
+	if len(data) != 2 {
+		return errBufferTooSmall
+	}
+
+	a.alertLevel = alertLevel(data[0])
+	a.alertDescription = alertDescription(data[1])
+	return nil
+}
+
+func (a *alert) String() string {
+	return fmt.Sprintf("Alert %s: %s", a.alertLevel, a.alertDescription)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/application_data.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/application_data.go
new file mode 100644
index 000000000..679a10393
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/application_data.go
@@ -0,0 +1,23 @@
+package dtls
+
+// Application data messages are carried by the record layer and are
+// fragmented, compressed, and encrypted based on the current connection
+// state.  The messages are treated as transparent data to the record
+// layer.
+// https://tools.ietf.org/html/rfc5246#section-10
+type applicationData struct {
+	data []byte
+}
+
+func (a applicationData) contentType() contentType {
+	return contentTypeApplicationData
+}
+
+func (a *applicationData) Marshal() ([]byte, error) {
+	return append([]byte{}, a.data...), nil
+}
+
+func (a *applicationData) Unmarshal(data []byte) error {
+	a.data = append([]byte{}, data...)
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/certificate.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/certificate.go
new file mode 100644
index 000000000..c99e1c93d
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/certificate.go
@@ -0,0 +1,67 @@
+package dtls
+
+import (
+	"crypto/tls"
+	"crypto/x509"
+	"strings"
+)
+
+func (c *handshakeConfig) getCertificate(serverName string) (*tls.Certificate, error) {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+
+	if c.nameToCertificate == nil {
+		nameToCertificate := make(map[string]*tls.Certificate)
+		for i := range c.localCertificates {
+			cert := &c.localCertificates[i]
+			x509Cert := cert.Leaf
+			if x509Cert == nil {
+				var parseErr error
+				x509Cert, parseErr = x509.ParseCertificate(cert.Certificate[0])
+				if parseErr != nil {
+					continue
+				}
+			}
+			if len(x509Cert.Subject.CommonName) > 0 {
+				nameToCertificate[strings.ToLower(x509Cert.Subject.CommonName)] = cert
+			}
+			for _, san := range x509Cert.DNSNames {
+				nameToCertificate[strings.ToLower(san)] = cert
+			}
+		}
+		c.nameToCertificate = nameToCertificate
+	}
+
+	if len(c.localCertificates) == 0 {
+		return nil, errNoCertificates
+	}
+
+	if len(c.localCertificates) == 1 {
+		// There's only one choice, so no point doing any work.
+		return &c.localCertificates[0], nil
+	}
+
+	if len(serverName) == 0 {
+		return &c.localCertificates[0], nil
+	}
+
+	name := strings.TrimRight(strings.ToLower(serverName), ".")
+
+	if cert, ok := c.nameToCertificate[name]; ok {
+		return cert, nil
+	}
+
+	// try replacing labels in the name with wildcards until we get a
+	// match.
+	labels := strings.Split(name, ".")
+	for i := range labels {
+		labels[i] = "*"
+		candidate := strings.Join(labels, ".")
+		if cert, ok := c.nameToCertificate[candidate]; ok {
+			return cert, nil
+		}
+	}
+
+	// If nothing matches, return the first certificate.
+	return &c.localCertificates[0], nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/change_cipher_spec.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/change_cipher_spec.go
new file mode 100644
index 000000000..f072d7f9e
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/change_cipher_spec.go
@@ -0,0 +1,25 @@
+package dtls
+
+// The change cipher spec protocol exists to signal transitions in
+// ciphering strategies.  The protocol consists of a single message,
+// which is encrypted and compressed under the current (not the pending)
+// connection state.  The message consists of a single byte of value 1.
+// https://tools.ietf.org/html/rfc5246#section-7.1
+type changeCipherSpec struct {
+}
+
+func (c changeCipherSpec) contentType() contentType {
+	return contentTypeChangeCipherSpec
+}
+
+func (c *changeCipherSpec) Marshal() ([]byte, error) {
+	return []byte{0x01}, nil
+}
+
+func (c *changeCipherSpec) Unmarshal(data []byte) error {
+	if len(data) == 1 && data[0] == 0x01 {
+		return nil
+	}
+
+	return errInvalidCipherSpec
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/cipher_suite.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/cipher_suite.go
new file mode 100644
index 000000000..073d2ba64
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/cipher_suite.go
@@ -0,0 +1,206 @@
+package dtls
+
+import (
+	"encoding/binary"
+	"fmt"
+	"hash"
+)
+
+// CipherSuiteID is an ID for our supported CipherSuites
+type CipherSuiteID uint16
+
+// Supported Cipher Suites
+const (
+	// AES-128-CCM
+	TLS_ECDHE_ECDSA_WITH_AES_128_CCM   CipherSuiteID = 0xc0ac //nolint:golint,stylecheck
+	TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 CipherSuiteID = 0xc0ae //nolint:golint,stylecheck
+
+	// AES-128-GCM-SHA256
+	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 CipherSuiteID = 0xc02b //nolint:golint,stylecheck
+	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   CipherSuiteID = 0xc02f //nolint:golint,stylecheck
+
+	// AES-256-CBC-SHA
+	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA CipherSuiteID = 0xc00a //nolint:golint,stylecheck
+	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA   CipherSuiteID = 0xc014 //nolint:golint,stylecheck
+
+	TLS_PSK_WITH_AES_128_CCM        CipherSuiteID = 0xc0a4 //nolint:golint,stylecheck
+	TLS_PSK_WITH_AES_128_CCM_8      CipherSuiteID = 0xc0a8 //nolint:golint,stylecheck
+	TLS_PSK_WITH_AES_128_GCM_SHA256 CipherSuiteID = 0x00a8 //nolint:golint,stylecheck
+)
+
+var _ = allCipherSuites() // Necessary until this function isn't only used by Go 1.14
+
+func (c CipherSuiteID) String() string {
+	switch c {
+	case TLS_ECDHE_ECDSA_WITH_AES_128_CCM:
+		return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM"
+	case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
+		return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8"
+	case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
+		return "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
+	case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
+		return "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
+	case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
+		return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"
+	case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
+		return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"
+	case TLS_PSK_WITH_AES_128_CCM:
+		return "TLS_PSK_WITH_AES_128_CCM"
+	case TLS_PSK_WITH_AES_128_CCM_8:
+		return "TLS_PSK_WITH_AES_128_CCM_8"
+	case TLS_PSK_WITH_AES_128_GCM_SHA256:
+		return "TLS_PSK_WITH_AES_128_GCM_SHA256"
+	default:
+		return fmt.Sprintf("unknown(%v)", uint16(c))
+	}
+}
+
+type cipherSuite interface {
+	String() string
+	ID() CipherSuiteID
+	certificateType() clientCertificateType
+	hashFunc() func() hash.Hash
+	isPSK() bool
+	isInitialized() bool
+
+	// Generate the internal encryption state
+	init(masterSecret, clientRandom, serverRandom []byte, isClient bool) error
+
+	encrypt(pkt *recordLayer, raw []byte) ([]byte, error)
+	decrypt(in []byte) ([]byte, error)
+}
+
+// CipherSuiteName provides the same functionality as tls.CipherSuiteName
+// that appeared first in Go 1.14.
+//
+// Our implementation differs slightly in that it takes in a CiperSuiteID,
+// like the rest of our library, instead of a uint16 like crypto/tls.
+func CipherSuiteName(id CipherSuiteID) string {
+	suite := cipherSuiteForID(id)
+	if suite != nil {
+		return suite.String()
+	}
+	return fmt.Sprintf("0x%04X", uint16(id))
+}
+
+// Taken from https://www.iana.org/assignments/tls-parameters/tls-parameters.xml
+// A cipherSuite is a specific combination of key agreement, cipher and MAC
+// function.
+func cipherSuiteForID(id CipherSuiteID) cipherSuite {
+	switch id {
+	case TLS_ECDHE_ECDSA_WITH_AES_128_CCM:
+		return newCipherSuiteTLSEcdheEcdsaWithAes128Ccm()
+	case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
+		return newCipherSuiteTLSEcdheEcdsaWithAes128Ccm8()
+	case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
+		return &cipherSuiteTLSEcdheEcdsaWithAes128GcmSha256{}
+	case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
+		return &cipherSuiteTLSEcdheRsaWithAes128GcmSha256{}
+	case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
+		return &cipherSuiteTLSEcdheEcdsaWithAes256CbcSha{}
+	case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
+		return &cipherSuiteTLSEcdheRsaWithAes256CbcSha{}
+	case TLS_PSK_WITH_AES_128_CCM:
+		return newCipherSuiteTLSPskWithAes128Ccm()
+	case TLS_PSK_WITH_AES_128_CCM_8:
+		return newCipherSuiteTLSPskWithAes128Ccm8()
+	case TLS_PSK_WITH_AES_128_GCM_SHA256:
+		return &cipherSuiteTLSPskWithAes128GcmSha256{}
+	}
+	return nil
+}
+
+// CipherSuites we support in order of preference
+func defaultCipherSuites() []cipherSuite {
+	return []cipherSuite{
+		&cipherSuiteTLSEcdheEcdsaWithAes128GcmSha256{},
+		&cipherSuiteTLSEcdheRsaWithAes128GcmSha256{},
+		&cipherSuiteTLSEcdheEcdsaWithAes256CbcSha{},
+		&cipherSuiteTLSEcdheRsaWithAes256CbcSha{},
+	}
+}
+
+func allCipherSuites() []cipherSuite {
+	return []cipherSuite{
+		newCipherSuiteTLSEcdheEcdsaWithAes128Ccm(),
+		newCipherSuiteTLSEcdheEcdsaWithAes128Ccm8(),
+		&cipherSuiteTLSEcdheEcdsaWithAes128GcmSha256{},
+		&cipherSuiteTLSEcdheRsaWithAes128GcmSha256{},
+		&cipherSuiteTLSEcdheEcdsaWithAes256CbcSha{},
+		&cipherSuiteTLSEcdheRsaWithAes256CbcSha{},
+		newCipherSuiteTLSPskWithAes128Ccm(),
+		newCipherSuiteTLSPskWithAes128Ccm8(),
+		&cipherSuiteTLSPskWithAes128GcmSha256{},
+	}
+}
+
+func decodeCipherSuites(buf []byte) ([]cipherSuite, error) {
+	if len(buf) < 2 {
+		return nil, errDTLSPacketInvalidLength
+	}
+	cipherSuitesCount := int(binary.BigEndian.Uint16(buf[0:])) / 2
+	rtrn := []cipherSuite{}
+	for i := 0; i < cipherSuitesCount; i++ {
+		if len(buf) < (i*2 + 4) {
+			return nil, errBufferTooSmall
+		}
+		id := CipherSuiteID(binary.BigEndian.Uint16(buf[(i*2)+2:]))
+		if c := cipherSuiteForID(id); c != nil {
+			rtrn = append(rtrn, c)
+		}
+	}
+	return rtrn, nil
+}
+
+func encodeCipherSuites(cipherSuites []cipherSuite) []byte {
+	out := []byte{0x00, 0x00}
+	binary.BigEndian.PutUint16(out[len(out)-2:], uint16(len(cipherSuites)*2))
+	for _, c := range cipherSuites {
+		out = append(out, []byte{0x00, 0x00}...)
+		binary.BigEndian.PutUint16(out[len(out)-2:], uint16(c.ID()))
+	}
+	return out
+}
+
+func parseCipherSuites(userSelectedSuites []CipherSuiteID, excludePSK, excludeNonPSK bool) ([]cipherSuite, error) {
+	cipherSuitesForIDs := func(ids []CipherSuiteID) ([]cipherSuite, error) {
+		cipherSuites := []cipherSuite{}
+		for _, id := range ids {
+			c := cipherSuiteForID(id)
+			if c == nil {
+				return nil, &invalidCipherSuite{id}
+			}
+			cipherSuites = append(cipherSuites, c)
+		}
+		return cipherSuites, nil
+	}
+
+	var (
+		cipherSuites []cipherSuite
+		err          error
+		i            int
+	)
+	if len(userSelectedSuites) != 0 {
+		cipherSuites, err = cipherSuitesForIDs(userSelectedSuites)
+		if err != nil {
+			return nil, err
+		}
+	} else {
+		cipherSuites = defaultCipherSuites()
+	}
+
+	for _, c := range cipherSuites {
+		if excludePSK && c.isPSK() || excludeNonPSK && !c.isPSK() {
+			continue
+		}
+		cipherSuites[i] = c
+		i++
+	}
+
+	cipherSuites = cipherSuites[:i]
+	if len(cipherSuites) == 0 {
+		return nil, errNoAvailableCipherSuites
+	}
+
+	return cipherSuites, nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/cipher_suite_aes_128_ccm.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/cipher_suite_aes_128_ccm.go
new file mode 100644
index 000000000..4f7c8cead
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/cipher_suite_aes_128_ccm.go
@@ -0,0 +1,93 @@
+package dtls
+
+import (
+	"crypto/sha256"
+	"errors"
+	"fmt"
+	"hash"
+	"sync/atomic"
+)
+
+type cipherSuiteAes128Ccm struct {
+	ccm                   atomic.Value // *cryptoCCM
+	clientCertificateType clientCertificateType
+	id                    CipherSuiteID
+	psk                   bool
+	cryptoCCMTagLen       cryptoCCMTagLen
+}
+
+func newCipherSuiteAes128Ccm(clientCertificateType clientCertificateType, id CipherSuiteID, psk bool, cryptoCCMTagLen cryptoCCMTagLen) *cipherSuiteAes128Ccm {
+	return &cipherSuiteAes128Ccm{
+		clientCertificateType: clientCertificateType,
+		id:                    id,
+		psk:                   psk,
+		cryptoCCMTagLen:       cryptoCCMTagLen,
+	}
+}
+
+func (c *cipherSuiteAes128Ccm) certificateType() clientCertificateType {
+	return c.clientCertificateType
+}
+
+func (c *cipherSuiteAes128Ccm) ID() CipherSuiteID {
+	return c.id
+}
+
+func (c *cipherSuiteAes128Ccm) String() string {
+	return c.id.String()
+}
+
+func (c *cipherSuiteAes128Ccm) hashFunc() func() hash.Hash {
+	return sha256.New
+}
+
+func (c *cipherSuiteAes128Ccm) isPSK() bool {
+	return c.psk
+}
+
+func (c *cipherSuiteAes128Ccm) isInitialized() bool {
+	return c.ccm.Load() != nil
+}
+
+func (c *cipherSuiteAes128Ccm) init(masterSecret, clientRandom, serverRandom []byte, isClient bool) error {
+	const (
+		prfMacLen = 0
+		prfKeyLen = 16
+		prfIvLen  = 4
+	)
+
+	keys, err := prfEncryptionKeys(masterSecret, clientRandom, serverRandom, prfMacLen, prfKeyLen, prfIvLen, c.hashFunc())
+	if err != nil {
+		return err
+	}
+
+	var ccm *cryptoCCM
+	if isClient {
+		ccm, err = newCryptoCCM(c.cryptoCCMTagLen, keys.clientWriteKey, keys.clientWriteIV, keys.serverWriteKey, keys.serverWriteIV)
+	} else {
+		ccm, err = newCryptoCCM(c.cryptoCCMTagLen, keys.serverWriteKey, keys.serverWriteIV, keys.clientWriteKey, keys.clientWriteIV)
+	}
+	c.ccm.Store(ccm)
+
+	return err
+}
+
+var errCipherSuiteNotInit = errors.New("CipherSuite has not been initialized")
+
+func (c *cipherSuiteAes128Ccm) encrypt(pkt *recordLayer, raw []byte) ([]byte, error) {
+	ccm := c.ccm.Load()
+	if ccm == nil { // !c.isInitialized()
+		return nil, fmt.Errorf("%w, unable to encrypt", errCipherSuiteNotInit)
+	}
+
+	return ccm.(*cryptoCCM).encrypt(pkt, raw)
+}
+
+func (c *cipherSuiteAes128Ccm) decrypt(raw []byte) ([]byte, error) {
+	ccm := c.ccm.Load()
+	if ccm == nil { // !c.isInitialized()
+		return nil, fmt.Errorf("%w, unable to decrypt", errCipherSuiteNotInit)
+	}
+
+	return ccm.(*cryptoCCM).decrypt(raw)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/cipher_suite_go114.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/cipher_suite_go114.go
new file mode 100644
index 000000000..54824db01
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/cipher_suite_go114.go
@@ -0,0 +1,36 @@
+// +build go1.14
+
+package dtls
+
+import (
+	"crypto/tls"
+)
+
+// Convert from our cipherSuite interface to a tls.CipherSuite struct
+func toTLSCipherSuite(c cipherSuite) *tls.CipherSuite {
+	return &tls.CipherSuite{
+		ID:                uint16(c.ID()),
+		Name:              c.String(),
+		SupportedVersions: []uint16{VersionDTLS12},
+		Insecure:          false,
+	}
+}
+
+// CipherSuites returns a list of cipher suites currently implemented by this
+// package, excluding those with security issues, which are returned by
+// InsecureCipherSuites.
+func CipherSuites() []*tls.CipherSuite {
+	suites := allCipherSuites()
+	res := make([]*tls.CipherSuite, len(suites))
+	for i, c := range suites {
+		res[i] = toTLSCipherSuite(c)
+	}
+	return res
+}
+
+// InsecureCipherSuites returns a list of cipher suites currently implemented by
+// this package and which have security issues.
+func InsecureCipherSuites() []*tls.CipherSuite {
+	var res []*tls.CipherSuite
+	return res
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/cipher_suite_tls_ecdhe_ecdsa_with_aes_128_ccm.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/cipher_suite_tls_ecdhe_ecdsa_with_aes_128_ccm.go
new file mode 100644
index 000000000..4aa8f3bc7
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/cipher_suite_tls_ecdhe_ecdsa_with_aes_128_ccm.go
@@ -0,0 +1,5 @@
+package dtls
+
+func newCipherSuiteTLSEcdheEcdsaWithAes128Ccm() *cipherSuiteAes128Ccm {
+	return newCipherSuiteAes128Ccm(clientCertificateTypeECDSASign, TLS_ECDHE_ECDSA_WITH_AES_128_CCM, false, cryptoCCMTagLength)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/cipher_suite_tls_ecdhe_ecdsa_with_aes_128_ccm8.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/cipher_suite_tls_ecdhe_ecdsa_with_aes_128_ccm8.go
new file mode 100644
index 000000000..58bbe137f
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/cipher_suite_tls_ecdhe_ecdsa_with_aes_128_ccm8.go
@@ -0,0 +1,5 @@
+package dtls
+
+func newCipherSuiteTLSEcdheEcdsaWithAes128Ccm8() *cipherSuiteAes128Ccm {
+	return newCipherSuiteAes128Ccm(clientCertificateTypeECDSASign, TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, false, cryptoCCM8TagLength)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/cipher_suite_tls_ecdhe_ecdsa_with_aes_128_gcm_sha256.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/cipher_suite_tls_ecdhe_ecdsa_with_aes_128_gcm_sha256.go
new file mode 100644
index 000000000..d974f14c3
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/cipher_suite_tls_ecdhe_ecdsa_with_aes_128_gcm_sha256.go
@@ -0,0 +1,77 @@
+package dtls
+
+import (
+	"crypto/sha256"
+	"fmt"
+	"hash"
+	"sync/atomic"
+)
+
+type cipherSuiteTLSEcdheEcdsaWithAes128GcmSha256 struct {
+	gcm atomic.Value // *cryptoGCM
+}
+
+func (c *cipherSuiteTLSEcdheEcdsaWithAes128GcmSha256) certificateType() clientCertificateType {
+	return clientCertificateTypeECDSASign
+}
+
+func (c *cipherSuiteTLSEcdheEcdsaWithAes128GcmSha256) ID() CipherSuiteID {
+	return TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+}
+
+func (c *cipherSuiteTLSEcdheEcdsaWithAes128GcmSha256) String() string {
+	return "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
+}
+
+func (c *cipherSuiteTLSEcdheEcdsaWithAes128GcmSha256) hashFunc() func() hash.Hash {
+	return sha256.New
+}
+
+func (c *cipherSuiteTLSEcdheEcdsaWithAes128GcmSha256) isPSK() bool {
+	return false
+}
+
+func (c *cipherSuiteTLSEcdheEcdsaWithAes128GcmSha256) isInitialized() bool {
+	return c.gcm.Load() != nil
+}
+
+func (c *cipherSuiteTLSEcdheEcdsaWithAes128GcmSha256) init(masterSecret, clientRandom, serverRandom []byte, isClient bool) error {
+	const (
+		prfMacLen = 0
+		prfKeyLen = 16
+		prfIvLen  = 4
+	)
+
+	keys, err := prfEncryptionKeys(masterSecret, clientRandom, serverRandom, prfMacLen, prfKeyLen, prfIvLen, c.hashFunc())
+	if err != nil {
+		return err
+	}
+
+	var gcm *cryptoGCM
+	if isClient {
+		gcm, err = newCryptoGCM(keys.clientWriteKey, keys.clientWriteIV, keys.serverWriteKey, keys.serverWriteIV)
+	} else {
+		gcm, err = newCryptoGCM(keys.serverWriteKey, keys.serverWriteIV, keys.clientWriteKey, keys.clientWriteIV)
+	}
+	c.gcm.Store(gcm)
+
+	return err
+}
+
+func (c *cipherSuiteTLSEcdheEcdsaWithAes128GcmSha256) encrypt(pkt *recordLayer, raw []byte) ([]byte, error) {
+	gcm := c.gcm.Load()
+	if gcm == nil { // !c.isInitialized()
+		return nil, fmt.Errorf("%w, unable to encrypt", errCipherSuiteNotInit)
+	}
+
+	return gcm.(*cryptoGCM).encrypt(pkt, raw)
+}
+
+func (c *cipherSuiteTLSEcdheEcdsaWithAes128GcmSha256) decrypt(raw []byte) ([]byte, error) {
+	gcm := c.gcm.Load()
+	if gcm == nil { // !c.isInitialized()
+		return nil, fmt.Errorf("%w, unable to decrypt", errCipherSuiteNotInit)
+	}
+
+	return gcm.(*cryptoGCM).decrypt(raw)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/cipher_suite_tls_ecdhe_ecdsa_with_aes_256_cbc_sha.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/cipher_suite_tls_ecdhe_ecdsa_with_aes_256_cbc_sha.go
new file mode 100644
index 000000000..56543a542
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/cipher_suite_tls_ecdhe_ecdsa_with_aes_256_cbc_sha.go
@@ -0,0 +1,83 @@
+package dtls
+
+import (
+	"crypto/sha256"
+	"fmt"
+	"hash"
+	"sync/atomic"
+)
+
+type cipherSuiteTLSEcdheEcdsaWithAes256CbcSha struct {
+	cbc atomic.Value // *cryptoCBC
+}
+
+func (c *cipherSuiteTLSEcdheEcdsaWithAes256CbcSha) certificateType() clientCertificateType {
+	return clientCertificateTypeECDSASign
+}
+
+func (c *cipherSuiteTLSEcdheEcdsaWithAes256CbcSha) ID() CipherSuiteID {
+	return TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
+}
+
+func (c *cipherSuiteTLSEcdheEcdsaWithAes256CbcSha) String() string {
+	return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"
+}
+
+func (c *cipherSuiteTLSEcdheEcdsaWithAes256CbcSha) hashFunc() func() hash.Hash {
+	return sha256.New
+}
+
+func (c *cipherSuiteTLSEcdheEcdsaWithAes256CbcSha) isPSK() bool {
+	return false
+}
+
+func (c *cipherSuiteTLSEcdheEcdsaWithAes256CbcSha) isInitialized() bool {
+	return c.cbc.Load() != nil
+}
+
+func (c *cipherSuiteTLSEcdheEcdsaWithAes256CbcSha) init(masterSecret, clientRandom, serverRandom []byte, isClient bool) error {
+	const (
+		prfMacLen = 20
+		prfKeyLen = 32
+		prfIvLen  = 16
+	)
+
+	keys, err := prfEncryptionKeys(masterSecret, clientRandom, serverRandom, prfMacLen, prfKeyLen, prfIvLen, c.hashFunc())
+	if err != nil {
+		return err
+	}
+
+	var cbc *cryptoCBC
+	if isClient {
+		cbc, err = newCryptoCBC(
+			keys.clientWriteKey, keys.clientWriteIV, keys.clientMACKey,
+			keys.serverWriteKey, keys.serverWriteIV, keys.serverMACKey,
+		)
+	} else {
+		cbc, err = newCryptoCBC(
+			keys.serverWriteKey, keys.serverWriteIV, keys.serverMACKey,
+			keys.clientWriteKey, keys.clientWriteIV, keys.clientMACKey,
+		)
+	}
+	c.cbc.Store(cbc)
+
+	return err
+}
+
+func (c *cipherSuiteTLSEcdheEcdsaWithAes256CbcSha) encrypt(pkt *recordLayer, raw []byte) ([]byte, error) {
+	cbc := c.cbc.Load()
+	if cbc == nil { // !c.isInitialized()
+		return nil, fmt.Errorf("%w, unable to encrypt", errCipherSuiteNotInit)
+	}
+
+	return cbc.(*cryptoCBC).encrypt(pkt, raw)
+}
+
+func (c *cipherSuiteTLSEcdheEcdsaWithAes256CbcSha) decrypt(raw []byte) ([]byte, error) {
+	cbc := c.cbc.Load()
+	if cbc == nil { // !c.isInitialized()
+		return nil, fmt.Errorf("%w, unable to decrypt", errCipherSuiteNotInit)
+	}
+
+	return cbc.(*cryptoCBC).decrypt(raw)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/cipher_suite_tls_ecdhe_rsa_with_aes_128_gcm_sha256.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/cipher_suite_tls_ecdhe_rsa_with_aes_128_gcm_sha256.go
new file mode 100644
index 000000000..63402de54
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/cipher_suite_tls_ecdhe_rsa_with_aes_128_gcm_sha256.go
@@ -0,0 +1,17 @@
+package dtls
+
+type cipherSuiteTLSEcdheRsaWithAes128GcmSha256 struct {
+	cipherSuiteTLSEcdheEcdsaWithAes128GcmSha256
+}
+
+func (c *cipherSuiteTLSEcdheRsaWithAes128GcmSha256) certificateType() clientCertificateType {
+	return clientCertificateTypeRSASign
+}
+
+func (c *cipherSuiteTLSEcdheRsaWithAes128GcmSha256) ID() CipherSuiteID {
+	return TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+}
+
+func (c *cipherSuiteTLSEcdheRsaWithAes128GcmSha256) String() string {
+	return "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/cipher_suite_tls_ecdhe_rsa_with_aes_256_cbc_sha.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/cipher_suite_tls_ecdhe_rsa_with_aes_256_cbc_sha.go
new file mode 100644
index 000000000..80a231f1c
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/cipher_suite_tls_ecdhe_rsa_with_aes_256_cbc_sha.go
@@ -0,0 +1,17 @@
+package dtls
+
+type cipherSuiteTLSEcdheRsaWithAes256CbcSha struct {
+	cipherSuiteTLSEcdheEcdsaWithAes256CbcSha
+}
+
+func (c *cipherSuiteTLSEcdheRsaWithAes256CbcSha) certificateType() clientCertificateType {
+	return clientCertificateTypeRSASign
+}
+
+func (c *cipherSuiteTLSEcdheRsaWithAes256CbcSha) ID() CipherSuiteID {
+	return TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+}
+
+func (c *cipherSuiteTLSEcdheRsaWithAes256CbcSha) String() string {
+	return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/cipher_suite_tls_psk_with_aes_128_ccm.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/cipher_suite_tls_psk_with_aes_128_ccm.go
new file mode 100644
index 000000000..7e720360c
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/cipher_suite_tls_psk_with_aes_128_ccm.go
@@ -0,0 +1,5 @@
+package dtls
+
+func newCipherSuiteTLSPskWithAes128Ccm() *cipherSuiteAes128Ccm {
+	return newCipherSuiteAes128Ccm(clientCertificateType(0), TLS_PSK_WITH_AES_128_CCM, true, cryptoCCMTagLength)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/cipher_suite_tls_psk_with_aes_128_ccm8.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/cipher_suite_tls_psk_with_aes_128_ccm8.go
new file mode 100644
index 000000000..a7fd07e88
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/cipher_suite_tls_psk_with_aes_128_ccm8.go
@@ -0,0 +1,5 @@
+package dtls
+
+func newCipherSuiteTLSPskWithAes128Ccm8() *cipherSuiteAes128Ccm {
+	return newCipherSuiteAes128Ccm(clientCertificateType(0), TLS_PSK_WITH_AES_128_CCM_8, true, cryptoCCM8TagLength)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/cipher_suite_tls_psk_with_aes_128_gcm_sha256.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/cipher_suite_tls_psk_with_aes_128_gcm_sha256.go
new file mode 100644
index 000000000..98663bd63
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/cipher_suite_tls_psk_with_aes_128_gcm_sha256.go
@@ -0,0 +1,21 @@
+package dtls
+
+type cipherSuiteTLSPskWithAes128GcmSha256 struct {
+	cipherSuiteTLSEcdheEcdsaWithAes128GcmSha256
+}
+
+func (c *cipherSuiteTLSPskWithAes128GcmSha256) certificateType() clientCertificateType {
+	return clientCertificateType(0)
+}
+
+func (c *cipherSuiteTLSPskWithAes128GcmSha256) ID() CipherSuiteID {
+	return TLS_PSK_WITH_AES_128_GCM_SHA256
+}
+
+func (c *cipherSuiteTLSPskWithAes128GcmSha256) String() string {
+	return "TLS_PSK_WITH_AES_128_GCM_SHA256"
+}
+
+func (c *cipherSuiteTLSPskWithAes128GcmSha256) isPSK() bool {
+	return true
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/client_certificate_type.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/client_certificate_type.go
new file mode 100644
index 000000000..78f6968f9
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/client_certificate_type.go
@@ -0,0 +1,16 @@
+package dtls
+
+// https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-10
+type clientCertificateType byte
+
+const (
+	clientCertificateTypeRSASign   clientCertificateType = 1
+	clientCertificateTypeECDSASign clientCertificateType = 64
+)
+
+func clientCertificateTypes() map[clientCertificateType]bool {
+	return map[clientCertificateType]bool{
+		clientCertificateTypeRSASign:   true,
+		clientCertificateTypeECDSASign: true,
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/codecov.yml b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/codecov.yml
new file mode 100644
index 000000000..085200a48
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/codecov.yml
@@ -0,0 +1,20 @@
+#
+# DO NOT EDIT THIS FILE
+#
+# It is automatically copied from https://github.com/pion/.goassets repository.
+#
+
+coverage:
+  status:
+    project:
+      default:
+        # Allow decreasing 2% of total coverage to avoid noise.
+        threshold: 2%
+    patch:
+      default:
+        target: 70%
+        only_pulls: true
+
+ignore:
+  - "examples/*"
+  - "examples/**/*"
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/compression_method.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/compression_method.go
new file mode 100644
index 000000000..47273868c
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/compression_method.go
@@ -0,0 +1,49 @@
+package dtls
+
+type compressionMethodID byte
+
+const (
+	compressionMethodNull compressionMethodID = 0
+)
+
+type compressionMethod struct {
+	id compressionMethodID
+}
+
+func compressionMethods() map[compressionMethodID]*compressionMethod {
+	return map[compressionMethodID]*compressionMethod{
+		compressionMethodNull: {id: compressionMethodNull},
+	}
+}
+
+func defaultCompressionMethods() []*compressionMethod {
+	return []*compressionMethod{
+		compressionMethods()[compressionMethodNull],
+	}
+}
+
+func decodeCompressionMethods(buf []byte) ([]*compressionMethod, error) {
+	if len(buf) < 1 {
+		return nil, errDTLSPacketInvalidLength
+	}
+	compressionMethodsCount := int(buf[0])
+	c := []*compressionMethod{}
+	for i := 0; i < compressionMethodsCount; i++ {
+		if len(buf) <= i+1 {
+			return nil, errBufferTooSmall
+		}
+		id := compressionMethodID(buf[i+1])
+		if compressionMethod, ok := compressionMethods()[id]; ok {
+			c = append(c, compressionMethod)
+		}
+	}
+	return c, nil
+}
+
+func encodeCompressionMethods(c []*compressionMethod) []byte {
+	out := []byte{byte(len(c))}
+	for i := len(c); i > 0; i-- {
+		out = append(out, byte(c[i-1].id))
+	}
+	return out
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/config.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/config.go
new file mode 100644
index 000000000..26eb62a32
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/config.go
@@ -0,0 +1,179 @@
+package dtls
+
+import (
+	"context"
+	"crypto/ecdsa"
+	"crypto/ed25519"
+	"crypto/tls"
+	"crypto/x509"
+	"time"
+
+	"github.com/pion/logging"
+)
+
+// Config is used to configure a DTLS client or server.
+// After a Config is passed to a DTLS function it must not be modified.
+type Config struct {
+	// Certificates contains certificate chain to present to the other side of the connection.
+	// Server MUST set this if PSK is non-nil
+	// client SHOULD sets this so CertificateRequests can be handled if PSK is non-nil
+	Certificates []tls.Certificate
+
+	// CipherSuites is a list of supported cipher suites.
+	// If CipherSuites is nil, a default list is used
+	CipherSuites []CipherSuiteID
+
+	// SignatureSchemes contains the signature and hash schemes that the peer requests to verify.
+	SignatureSchemes []tls.SignatureScheme
+
+	// SRTPProtectionProfiles are the supported protection profiles
+	// Clients will send this via use_srtp and assert that the server properly responds
+	// Servers will assert that clients send one of these profiles and will respond as needed
+	SRTPProtectionProfiles []SRTPProtectionProfile
+
+	// ClientAuth determines the server's policy for
+	// TLS Client Authentication. The default is NoClientCert.
+	ClientAuth ClientAuthType
+
+	// RequireExtendedMasterSecret determines if the "Extended Master Secret" extension
+	// should be disabled, requested, or required (default requested).
+	ExtendedMasterSecret ExtendedMasterSecretType
+
+	// FlightInterval controls how often we send outbound handshake messages
+	// defaults to time.Second
+	FlightInterval time.Duration
+
+	// PSK sets the pre-shared key used by this DTLS connection
+	// If PSK is non-nil only PSK CipherSuites will be used
+	PSK             PSKCallback
+	PSKIdentityHint []byte
+
+	// InsecureSkipVerify controls whether a client verifies the
+	// server's certificate chain and host name.
+	// If InsecureSkipVerify is true, TLS accepts any certificate
+	// presented by the server and any host name in that certificate.
+	// In this mode, TLS is susceptible to man-in-the-middle attacks.
+	// This should be used only for testing.
+	InsecureSkipVerify bool
+
+	// InsecureHashes allows the use of hashing algorithms that are known
+	// to be vulnerable.
+	InsecureHashes bool
+
+	// VerifyPeerCertificate, if not nil, is called after normal
+	// certificate verification by either a client or server. It
+	// receives the certificate provided by the peer and also a flag
+	// that tells if normal verification has succeedded. If it returns a
+	// non-nil error, the handshake is aborted and that error results.
+	//
+	// If normal verification fails then the handshake will abort before
+	// considering this callback. If normal verification is disabled by
+	// setting InsecureSkipVerify, or (for a server) when ClientAuth is
+	// RequestClientCert or RequireAnyClientCert, then this callback will
+	// be considered but the verifiedChains will always be nil.
+	VerifyPeerCertificate func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error
+
+	// RootCAs defines the set of root certificate authorities
+	// that one peer uses when verifying the other peer's certificates.
+	// If RootCAs is nil, TLS uses the host's root CA set.
+	RootCAs *x509.CertPool
+
+	// ClientCAs defines the set of root certificate authorities
+	// that servers use if required to verify a client certificate
+	// by the policy in ClientAuth.
+	ClientCAs *x509.CertPool
+
+	// ServerName is used to verify the hostname on the returned
+	// certificates unless InsecureSkipVerify is given.
+	ServerName string
+
+	LoggerFactory logging.LoggerFactory
+
+	// ConnectContextMaker is a function to make a context used in Dial(),
+	// Client(), Server(), and Accept(). If nil, the default ConnectContextMaker
+	// is used. It can be implemented as following.
+	//
+	// 	func ConnectContextMaker() (context.Context, func()) {
+	// 		return context.WithTimeout(context.Background(), 30*time.Second)
+	// 	}
+	ConnectContextMaker func() (context.Context, func())
+
+	// MTU is the length at which handshake messages will be fragmented to
+	// fit within the maximum transmission unit (default is 1200 bytes)
+	MTU int
+
+	// ReplayProtectionWindow is the size of the replay attack protection window.
+	// Duplication of the sequence number is checked in this window size.
+	// Packet with sequence number older than this value compared to the latest
+	// accepted packet will be discarded. (default is 64)
+	ReplayProtectionWindow int
+}
+
+func defaultConnectContextMaker() (context.Context, func()) {
+	return context.WithTimeout(context.Background(), 30*time.Second)
+}
+
+func (c *Config) connectContextMaker() (context.Context, func()) {
+	if c.ConnectContextMaker == nil {
+		return defaultConnectContextMaker()
+	}
+	return c.ConnectContextMaker()
+}
+
+const defaultMTU = 1200 // bytes
+
+// PSKCallback is called once we have the remote's PSKIdentityHint.
+// If the remote provided none it will be nil
+type PSKCallback func([]byte) ([]byte, error)
+
+// ClientAuthType declares the policy the server will follow for
+// TLS Client Authentication.
+type ClientAuthType int
+
+// ClientAuthType enums
+const (
+	NoClientCert ClientAuthType = iota
+	RequestClientCert
+	RequireAnyClientCert
+	VerifyClientCertIfGiven
+	RequireAndVerifyClientCert
+)
+
+// ExtendedMasterSecretType declares the policy the client and server
+// will follow for the Extended Master Secret extension
+type ExtendedMasterSecretType int
+
+// ExtendedMasterSecretType enums
+const (
+	RequestExtendedMasterSecret ExtendedMasterSecretType = iota
+	RequireExtendedMasterSecret
+	DisableExtendedMasterSecret
+)
+
+func validateConfig(config *Config) error {
+	switch {
+	case config == nil:
+		return errNoConfigProvided
+	case len(config.Certificates) > 0 && config.PSK != nil:
+		return errPSKAndCertificate
+	case config.PSKIdentityHint != nil && config.PSK == nil:
+		return errIdentityNoPSK
+	}
+
+	for _, cert := range config.Certificates {
+		if cert.Certificate == nil {
+			return errInvalidCertificate
+		}
+		if cert.PrivateKey != nil {
+			switch cert.PrivateKey.(type) {
+			case ed25519.PrivateKey:
+			case *ecdsa.PrivateKey:
+			default:
+				return errInvalidPrivateKey
+			}
+		}
+	}
+
+	_, err := parseCipherSuites(config.CipherSuites, config.PSK == nil, config.PSK != nil)
+	return err
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/conn.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/conn.go
new file mode 100644
index 000000000..3205bbde3
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/conn.go
@@ -0,0 +1,978 @@
+package dtls
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"io"
+	"net"
+	"sync"
+	"sync/atomic"
+	"time"
+
+	"github.com/pion/dtls/v2/internal/closer"
+	"github.com/pion/dtls/v2/internal/net/connctx"
+	"github.com/pion/logging"
+	"github.com/pion/transport/deadline"
+	"github.com/pion/transport/replaydetector"
+)
+
+const (
+	initialTickerInterval = time.Second
+	cookieLength          = 20
+	defaultNamedCurve     = namedCurveX25519
+	inboundBufferSize     = 8192
+	// Default replay protection window is specified by RFC 6347 Section 4.1.2.6
+	defaultReplayProtectionWindow = 64
+)
+
+var (
+	errApplicationDataEpochZero = errors.New("ApplicationData with epoch of 0")
+	errUnhandledContextType     = errors.New("unhandled contentType")
+)
+
+func invalidKeyingLabels() map[string]bool {
+	return map[string]bool{
+		"client finished": true,
+		"server finished": true,
+		"master secret":   true,
+		"key expansion":   true,
+	}
+}
+
+// Conn represents a DTLS connection
+type Conn struct {
+	lock           sync.RWMutex     // Internal lock (must not be public)
+	nextConn       connctx.ConnCtx  // Embedded Conn, typically a udpconn we read/write from
+	fragmentBuffer *fragmentBuffer  // out-of-order and missing fragment handling
+	handshakeCache *handshakeCache  // caching of handshake messages for verifyData generation
+	decrypted      chan interface{} // Decrypted Application Data or error, pull by calling `Read`
+
+	state State // Internal state
+
+	maximumTransmissionUnit int
+
+	handshakeCompletedSuccessfully atomic.Value
+
+	encryptedPackets [][]byte
+
+	connectionClosedByUser bool
+	closeLock              sync.Mutex
+	closed                 *closer.Closer
+	handshakeLoopsFinished sync.WaitGroup
+
+	readDeadline  *deadline.Deadline
+	writeDeadline *deadline.Deadline
+
+	log logging.LeveledLogger
+
+	reading               chan struct{}
+	handshakeRecv         chan chan struct{}
+	cancelHandshaker      func()
+	cancelHandshakeReader func()
+
+	fsm *handshakeFSM
+
+	replayProtectionWindow uint
+}
+
+func createConn(ctx context.Context, nextConn net.Conn, config *Config, isClient bool, initialState *State) (*Conn, error) {
+	err := validateConfig(config)
+	if err != nil {
+		return nil, err
+	}
+
+	if nextConn == nil {
+		return nil, errNilNextConn
+	}
+
+	cipherSuites, err := parseCipherSuites(config.CipherSuites, config.PSK == nil, config.PSK != nil)
+	if err != nil {
+		return nil, err
+	}
+
+	signatureSchemes, err := parseSignatureSchemes(config.SignatureSchemes, config.InsecureHashes)
+	if err != nil {
+		return nil, err
+	}
+
+	workerInterval := initialTickerInterval
+	if config.FlightInterval != 0 {
+		workerInterval = config.FlightInterval
+	}
+
+	loggerFactory := config.LoggerFactory
+	if loggerFactory == nil {
+		loggerFactory = logging.NewDefaultLoggerFactory()
+	}
+
+	logger := loggerFactory.NewLogger("dtls")
+
+	mtu := config.MTU
+	if mtu <= 0 {
+		mtu = defaultMTU
+	}
+
+	replayProtectionWindow := config.ReplayProtectionWindow
+	if replayProtectionWindow <= 0 {
+		replayProtectionWindow = defaultReplayProtectionWindow
+	}
+
+	c := &Conn{
+		nextConn:                connctx.New(nextConn),
+		fragmentBuffer:          newFragmentBuffer(),
+		handshakeCache:          newHandshakeCache(),
+		maximumTransmissionUnit: mtu,
+
+		decrypted: make(chan interface{}, 1),
+		log:       logger,
+
+		readDeadline:  deadline.New(),
+		writeDeadline: deadline.New(),
+
+		reading:          make(chan struct{}, 1),
+		handshakeRecv:    make(chan chan struct{}),
+		closed:           closer.NewCloser(),
+		cancelHandshaker: func() {},
+
+		replayProtectionWindow: uint(replayProtectionWindow),
+
+		state: State{
+			isClient: isClient,
+		},
+	}
+
+	c.setRemoteEpoch(0)
+	c.setLocalEpoch(0)
+
+	serverName := config.ServerName
+	// Use host from conn address when serverName is not provided
+	if isClient && serverName == "" && nextConn.RemoteAddr() != nil {
+		remoteAddr := nextConn.RemoteAddr().String()
+		var host string
+		host, _, err = net.SplitHostPort(remoteAddr)
+		if err != nil {
+			serverName = remoteAddr
+		} else {
+			serverName = host
+		}
+	}
+
+	hsCfg := &handshakeConfig{
+		localPSKCallback:            config.PSK,
+		localPSKIdentityHint:        config.PSKIdentityHint,
+		localCipherSuites:           cipherSuites,
+		localSignatureSchemes:       signatureSchemes,
+		extendedMasterSecret:        config.ExtendedMasterSecret,
+		localSRTPProtectionProfiles: config.SRTPProtectionProfiles,
+		serverName:                  serverName,
+		clientAuth:                  config.ClientAuth,
+		localCertificates:           config.Certificates,
+		insecureSkipVerify:          config.InsecureSkipVerify,
+		verifyPeerCertificate:       config.VerifyPeerCertificate,
+		rootCAs:                     config.RootCAs,
+		clientCAs:                   config.ClientCAs,
+		retransmitInterval:          workerInterval,
+		log:                         logger,
+		initialEpoch:                0,
+	}
+
+	var initialFlight flightVal
+	var initialFSMState handshakeState
+
+	if initialState != nil {
+		if c.state.isClient {
+			initialFlight = flight5
+		} else {
+			initialFlight = flight6
+		}
+		initialFSMState = handshakeFinished
+
+		c.state = *initialState
+	} else {
+		if c.state.isClient {
+			initialFlight = flight1
+		} else {
+			initialFlight = flight0
+		}
+		initialFSMState = handshakePreparing
+	}
+	// Do handshake
+	if err := c.handshake(ctx, hsCfg, initialFlight, initialFSMState); err != nil {
+		return nil, err
+	}
+
+	c.log.Trace("Handshake Completed")
+
+	return c, nil
+}
+
+// Dial connects to the given network address and establishes a DTLS connection on top.
+// Connection handshake will timeout using ConnectContextMaker in the Config.
+// If you want to specify the timeout duration, use DialWithContext() instead.
+func Dial(network string, raddr *net.UDPAddr, config *Config) (*Conn, error) {
+	ctx, cancel := config.connectContextMaker()
+	defer cancel()
+
+	return DialWithContext(ctx, network, raddr, config)
+}
+
+// Client establishes a DTLS connection over an existing connection.
+// Connection handshake will timeout using ConnectContextMaker in the Config.
+// If you want to specify the timeout duration, use ClientWithContext() instead.
+func Client(conn net.Conn, config *Config) (*Conn, error) {
+	ctx, cancel := config.connectContextMaker()
+	defer cancel()
+
+	return ClientWithContext(ctx, conn, config)
+}
+
+// Server listens for incoming DTLS connections.
+// Connection handshake will timeout using ConnectContextMaker in the Config.
+// If you want to specify the timeout duration, use ServerWithContext() instead.
+func Server(conn net.Conn, config *Config) (*Conn, error) {
+	ctx, cancel := config.connectContextMaker()
+	defer cancel()
+
+	return ServerWithContext(ctx, conn, config)
+}
+
+// DialWithContext connects to the given network address and establishes a DTLS connection on top.
+func DialWithContext(ctx context.Context, network string, raddr *net.UDPAddr, config *Config) (*Conn, error) {
+	pConn, err := net.DialUDP(network, nil, raddr)
+	if err != nil {
+		return nil, err
+	}
+	return ClientWithContext(ctx, pConn, config)
+}
+
+// ClientWithContext establishes a DTLS connection over an existing connection.
+func ClientWithContext(ctx context.Context, conn net.Conn, config *Config) (*Conn, error) {
+	switch {
+	case config == nil:
+		return nil, errNoConfigProvided
+	case config.PSK != nil && config.PSKIdentityHint == nil:
+		return nil, errPSKAndIdentityMustBeSetForClient
+	}
+
+	return createConn(ctx, conn, config, true, nil)
+}
+
+// ServerWithContext listens for incoming DTLS connections.
+func ServerWithContext(ctx context.Context, conn net.Conn, config *Config) (*Conn, error) {
+	switch {
+	case config == nil:
+		return nil, errNoConfigProvided
+	case config.PSK == nil && len(config.Certificates) == 0:
+		return nil, errServerMustHaveCertificate
+	}
+
+	return createConn(ctx, conn, config, false, nil)
+}
+
+// Read reads data from the connection.
+func (c *Conn) Read(p []byte) (n int, err error) {
+	if !c.isHandshakeCompletedSuccessfully() {
+		return 0, errHandshakeInProgress
+	}
+
+	select {
+	case <-c.readDeadline.Done():
+		return 0, errDeadlineExceeded
+	default:
+	}
+
+	for {
+		select {
+		case <-c.readDeadline.Done():
+			return 0, errDeadlineExceeded
+		case out, ok := <-c.decrypted:
+			if !ok {
+				return 0, io.EOF
+			}
+			switch val := out.(type) {
+			case ([]byte):
+				if len(p) < len(val) {
+					return 0, errBufferTooSmall
+				}
+				copy(p, val)
+				return len(val), nil
+			case (error):
+				return 0, val
+			}
+		}
+	}
+}
+
+// Write writes len(p) bytes from p to the DTLS connection
+func (c *Conn) Write(p []byte) (int, error) {
+	if c.isConnectionClosed() {
+		return 0, ErrConnClosed
+	}
+
+	select {
+	case <-c.writeDeadline.Done():
+		return 0, errDeadlineExceeded
+	default:
+	}
+
+	if !c.isHandshakeCompletedSuccessfully() {
+		return 0, errHandshakeInProgress
+	}
+
+	return len(p), c.writePackets(c.writeDeadline, []*packet{
+		{
+			record: &recordLayer{
+				recordLayerHeader: recordLayerHeader{
+					epoch:           c.getLocalEpoch(),
+					protocolVersion: protocolVersion1_2,
+				},
+				content: &applicationData{
+					data: p,
+				},
+			},
+			shouldEncrypt: true,
+		},
+	})
+}
+
+// Close closes the connection.
+func (c *Conn) Close() error {
+	err := c.close(true)
+	c.handshakeLoopsFinished.Wait()
+	return err
+}
+
+// ConnectionState returns basic DTLS details about the connection.
+// Note that this replaced the `Export` function of v1.
+func (c *Conn) ConnectionState() State {
+	c.lock.RLock()
+	defer c.lock.RUnlock()
+	return *c.state.clone()
+}
+
+// SelectedSRTPProtectionProfile returns the selected SRTPProtectionProfile
+func (c *Conn) SelectedSRTPProtectionProfile() (SRTPProtectionProfile, bool) {
+	c.lock.RLock()
+	defer c.lock.RUnlock()
+
+	if c.state.srtpProtectionProfile == 0 {
+		return 0, false
+	}
+
+	return c.state.srtpProtectionProfile, true
+}
+
+func (c *Conn) writePackets(ctx context.Context, pkts []*packet) error {
+	c.lock.Lock()
+	defer c.lock.Unlock()
+
+	var rawPackets [][]byte
+
+	for _, p := range pkts {
+		if h, ok := p.record.content.(*handshake); ok {
+			handshakeRaw, err := p.record.Marshal()
+			if err != nil {
+				return err
+			}
+
+			c.log.Tracef("[handshake:%v] -> %s (epoch: %d, seq: %d)",
+				srvCliStr(c.state.isClient), h.handshakeHeader.handshakeType.String(),
+				p.record.recordLayerHeader.epoch, h.handshakeHeader.messageSequence)
+			c.handshakeCache.push(handshakeRaw[recordLayerHeaderSize:], p.record.recordLayerHeader.epoch, h.handshakeHeader.messageSequence, h.handshakeHeader.handshakeType, c.state.isClient)
+
+			rawHandshakePackets, err := c.processHandshakePacket(p, h)
+			if err != nil {
+				return err
+			}
+			rawPackets = append(rawPackets, rawHandshakePackets...)
+		} else {
+			rawPacket, err := c.processPacket(p)
+			if err != nil {
+				return err
+			}
+			rawPackets = append(rawPackets, rawPacket)
+		}
+	}
+	if len(rawPackets) == 0 {
+		return nil
+	}
+	compactedRawPackets := c.compactRawPackets(rawPackets)
+
+	for _, compactedRawPackets := range compactedRawPackets {
+		if _, err := c.nextConn.Write(ctx, compactedRawPackets); err != nil {
+			return netError(err)
+		}
+	}
+
+	return nil
+}
+
+func (c *Conn) compactRawPackets(rawPackets [][]byte) [][]byte {
+	combinedRawPackets := make([][]byte, 0)
+	currentCombinedRawPacket := make([]byte, 0)
+
+	for _, rawPacket := range rawPackets {
+		if len(currentCombinedRawPacket) > 0 && len(currentCombinedRawPacket)+len(rawPacket) >= c.maximumTransmissionUnit {
+			combinedRawPackets = append(combinedRawPackets, currentCombinedRawPacket)
+			currentCombinedRawPacket = []byte{}
+		}
+		currentCombinedRawPacket = append(currentCombinedRawPacket, rawPacket...)
+	}
+
+	combinedRawPackets = append(combinedRawPackets, currentCombinedRawPacket)
+
+	return combinedRawPackets
+}
+
+func (c *Conn) processPacket(p *packet) ([]byte, error) {
+	epoch := p.record.recordLayerHeader.epoch
+	for len(c.state.localSequenceNumber) <= int(epoch) {
+		c.state.localSequenceNumber = append(c.state.localSequenceNumber, uint64(0))
+	}
+	seq := atomic.AddUint64(&c.state.localSequenceNumber[epoch], 1) - 1
+	if seq > maxSequenceNumber {
+		// RFC 6347 Section 4.1.0
+		// The implementation must either abandon an association or rehandshake
+		// prior to allowing the sequence number to wrap.
+		return nil, errSequenceNumberOverflow
+	}
+	p.record.recordLayerHeader.sequenceNumber = seq
+
+	rawPacket, err := p.record.Marshal()
+	if err != nil {
+		return nil, err
+	}
+
+	if p.shouldEncrypt {
+		var err error
+		rawPacket, err = c.state.cipherSuite.encrypt(p.record, rawPacket)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	return rawPacket, nil
+}
+
+func (c *Conn) processHandshakePacket(p *packet, h *handshake) ([][]byte, error) {
+	rawPackets := make([][]byte, 0)
+
+	handshakeFragments, err := c.fragmentHandshake(h)
+	if err != nil {
+		return nil, err
+	}
+	epoch := p.record.recordLayerHeader.epoch
+	for len(c.state.localSequenceNumber) <= int(epoch) {
+		c.state.localSequenceNumber = append(c.state.localSequenceNumber, uint64(0))
+	}
+
+	for _, handshakeFragment := range handshakeFragments {
+		seq := atomic.AddUint64(&c.state.localSequenceNumber[epoch], 1) - 1
+		if seq > maxSequenceNumber {
+			return nil, errSequenceNumberOverflow
+		}
+
+		recordLayerHeader := &recordLayerHeader{
+			protocolVersion: p.record.recordLayerHeader.protocolVersion,
+			contentType:     p.record.recordLayerHeader.contentType,
+			contentLen:      uint16(len(handshakeFragment)),
+			epoch:           p.record.recordLayerHeader.epoch,
+			sequenceNumber:  seq,
+		}
+
+		recordLayerHeaderBytes, err := recordLayerHeader.Marshal()
+		if err != nil {
+			return nil, err
+		}
+
+		p.record.recordLayerHeader = *recordLayerHeader
+
+		rawPacket := append(recordLayerHeaderBytes, handshakeFragment...)
+		if p.shouldEncrypt {
+			var err error
+			rawPacket, err = c.state.cipherSuite.encrypt(p.record, rawPacket)
+			if err != nil {
+				return nil, err
+			}
+		}
+
+		rawPackets = append(rawPackets, rawPacket)
+	}
+
+	return rawPackets, nil
+}
+
+func (c *Conn) fragmentHandshake(h *handshake) ([][]byte, error) {
+	content, err := h.handshakeMessage.Marshal()
+	if err != nil {
+		return nil, err
+	}
+
+	fragmentedHandshakes := make([][]byte, 0)
+
+	contentFragments := splitBytes(content, c.maximumTransmissionUnit)
+	if len(contentFragments) == 0 {
+		contentFragments = [][]byte{
+			{},
+		}
+	}
+
+	offset := 0
+	for _, contentFragment := range contentFragments {
+		contentFragmentLen := len(contentFragment)
+
+		handshakeHeaderFragment := &handshakeHeader{
+			handshakeType:   h.handshakeHeader.handshakeType,
+			length:          h.handshakeHeader.length,
+			messageSequence: h.handshakeHeader.messageSequence,
+			fragmentOffset:  uint32(offset),
+			fragmentLength:  uint32(contentFragmentLen),
+		}
+
+		offset += contentFragmentLen
+
+		handshakeHeaderFragmentRaw, err := handshakeHeaderFragment.Marshal()
+		if err != nil {
+			return nil, err
+		}
+
+		fragmentedHandshake := append(handshakeHeaderFragmentRaw, contentFragment...)
+		fragmentedHandshakes = append(fragmentedHandshakes, fragmentedHandshake)
+	}
+
+	return fragmentedHandshakes, nil
+}
+
+var poolReadBuffer = sync.Pool{ //nolint:gochecknoglobals
+	New: func() interface{} {
+		b := make([]byte, inboundBufferSize)
+		return &b
+	},
+}
+
+func (c *Conn) readAndBuffer(ctx context.Context) error {
+	bufptr := poolReadBuffer.Get().(*[]byte)
+	defer poolReadBuffer.Put(bufptr)
+
+	b := *bufptr
+	i, err := c.nextConn.Read(ctx, b)
+	if err != nil {
+		return netError(err)
+	}
+
+	pkts, err := unpackDatagram(b[:i])
+	if err != nil {
+		return err
+	}
+
+	var hasHandshake bool
+	for _, p := range pkts {
+		hs, alert, err := c.handleIncomingPacket(p, true)
+		if alert != nil {
+			if alertErr := c.notify(ctx, alert.alertLevel, alert.alertDescription); alertErr != nil {
+				if err == nil {
+					err = alertErr
+				}
+			}
+		}
+		if hs {
+			hasHandshake = true
+		}
+		switch e := err.(type) {
+		case nil:
+		case *errAlert:
+			if e.IsFatalOrCloseNotify() {
+				return e
+			}
+		default:
+			return e
+		}
+	}
+	if hasHandshake {
+		done := make(chan struct{})
+		select {
+		case c.handshakeRecv <- done:
+			// If the other party may retransmit the flight,
+			// we should respond even if it not a new message.
+			<-done
+		case <-c.fsm.Done():
+		}
+	}
+	return nil
+}
+
+func (c *Conn) handleQueuedPackets(ctx context.Context) error {
+	pkts := c.encryptedPackets
+	c.encryptedPackets = nil
+
+	for _, p := range pkts {
+		_, alert, err := c.handleIncomingPacket(p, false) // don't re-enqueue
+		if alert != nil {
+			if alertErr := c.notify(ctx, alert.alertLevel, alert.alertDescription); alertErr != nil {
+				if err == nil {
+					err = alertErr
+				}
+			}
+		}
+		switch e := err.(type) {
+		case nil:
+		case *errAlert:
+			if e.IsFatalOrCloseNotify() {
+				return e
+			}
+		default:
+			return e
+		}
+	}
+	return nil
+}
+
+func (c *Conn) handleIncomingPacket(buf []byte, enqueue bool) (bool, *alert, error) { //nolint:gocognit
+	h := &recordLayerHeader{}
+	if err := h.Unmarshal(buf); err != nil {
+		// Decode error must be silently discarded
+		// [RFC6347 Section-4.1.2.7]
+		c.log.Debugf("discarded broken packet: %v", err)
+		return false, nil, nil
+	}
+
+	// Validate epoch
+	remoteEpoch := c.getRemoteEpoch()
+	if h.epoch > remoteEpoch {
+		if h.epoch > remoteEpoch+1 {
+			c.log.Debugf("discarded future packet (epoch: %d, seq: %d)",
+				h.epoch, h.sequenceNumber,
+			)
+			return false, nil, nil
+		}
+		if enqueue {
+			c.log.Debug("received packet of next epoch, queuing packet")
+			c.encryptedPackets = append(c.encryptedPackets, buf)
+		}
+		return false, nil, nil
+	}
+
+	// Anti-replay protection
+	for len(c.state.replayDetector) <= int(h.epoch) {
+		c.state.replayDetector = append(c.state.replayDetector,
+			replaydetector.New(c.replayProtectionWindow, maxSequenceNumber),
+		)
+	}
+	markPacketAsValid, ok := c.state.replayDetector[int(h.epoch)].Check(h.sequenceNumber)
+	if !ok {
+		c.log.Debugf("discarded duplicated packet (epoch: %d, seq: %d)",
+			h.epoch, h.sequenceNumber,
+		)
+		return false, nil, nil
+	}
+
+	// Decrypt
+	if h.epoch != 0 {
+		if c.state.cipherSuite == nil || !c.state.cipherSuite.isInitialized() {
+			if enqueue {
+				c.encryptedPackets = append(c.encryptedPackets, buf)
+				c.log.Debug("handshake not finished, queuing packet")
+			}
+			return false, nil, nil
+		}
+
+		var err error
+		buf, err = c.state.cipherSuite.decrypt(buf)
+		if err != nil {
+			c.log.Debugf("%s: decrypt failed: %s", srvCliStr(c.state.isClient), err)
+			return false, nil, nil
+		}
+	}
+
+	isHandshake, err := c.fragmentBuffer.push(append([]byte{}, buf...))
+	if err != nil {
+		// Decode error must be silently discarded
+		// [RFC6347 Section-4.1.2.7]
+		c.log.Debugf("defragment failed: %s", err)
+		return false, nil, nil
+	} else if isHandshake {
+		markPacketAsValid()
+		for out, epoch := c.fragmentBuffer.pop(); out != nil; out, epoch = c.fragmentBuffer.pop() {
+			rawHandshake := &handshake{}
+			if err := rawHandshake.Unmarshal(out); err != nil {
+				c.log.Debugf("%s: handshake parse failed: %s", srvCliStr(c.state.isClient), err)
+				continue
+			}
+
+			_ = c.handshakeCache.push(out, epoch, rawHandshake.handshakeHeader.messageSequence, rawHandshake.handshakeHeader.handshakeType, !c.state.isClient)
+		}
+
+		return true, nil, nil
+	}
+
+	r := &recordLayer{}
+	if err := r.Unmarshal(buf); err != nil {
+		return false, &alert{alertLevelFatal, alertDecodeError}, err
+	}
+
+	switch content := r.content.(type) {
+	case *alert:
+		c.log.Tracef("%s: <- %s", srvCliStr(c.state.isClient), content.String())
+		var a *alert
+		if content.alertDescription == alertCloseNotify {
+			// Respond with a close_notify [RFC5246 Section 7.2.1]
+			a = &alert{alertLevelWarning, alertCloseNotify}
+		}
+		markPacketAsValid()
+		return false, a, &errAlert{content}
+	case *changeCipherSpec:
+		if c.state.cipherSuite == nil || !c.state.cipherSuite.isInitialized() {
+			if enqueue {
+				c.encryptedPackets = append(c.encryptedPackets, buf)
+				c.log.Debugf("CipherSuite not initialized, queuing packet")
+			}
+			return false, nil, nil
+		}
+
+		newRemoteEpoch := h.epoch + 1
+		c.log.Tracef("%s: <- ChangeCipherSpec (epoch: %d)", srvCliStr(c.state.isClient), newRemoteEpoch)
+
+		if c.getRemoteEpoch()+1 == newRemoteEpoch {
+			c.setRemoteEpoch(newRemoteEpoch)
+			markPacketAsValid()
+		}
+	case *applicationData:
+		if h.epoch == 0 {
+			return false, &alert{alertLevelFatal, alertUnexpectedMessage}, errApplicationDataEpochZero
+		}
+
+		markPacketAsValid()
+
+		select {
+		case c.decrypted <- content.data:
+		case <-c.closed.Done():
+		}
+
+	default:
+		return false, &alert{alertLevelFatal, alertUnexpectedMessage}, fmt.Errorf("%w: %d", errUnhandledContextType, content.contentType())
+	}
+	return false, nil, nil
+}
+
+func (c *Conn) recvHandshake() <-chan chan struct{} {
+	return c.handshakeRecv
+}
+
+func (c *Conn) notify(ctx context.Context, level alertLevel, desc alertDescription) error {
+	return c.writePackets(ctx, []*packet{
+		{
+			record: &recordLayer{
+				recordLayerHeader: recordLayerHeader{
+					epoch:           c.getLocalEpoch(),
+					protocolVersion: protocolVersion1_2,
+				},
+				content: &alert{
+					alertLevel:       level,
+					alertDescription: desc,
+				},
+			},
+			shouldEncrypt: c.isHandshakeCompletedSuccessfully(),
+		},
+	})
+}
+
+func (c *Conn) setHandshakeCompletedSuccessfully() {
+	c.handshakeCompletedSuccessfully.Store(struct{ bool }{true})
+}
+
+func (c *Conn) isHandshakeCompletedSuccessfully() bool {
+	boolean, _ := c.handshakeCompletedSuccessfully.Load().(struct{ bool })
+	return boolean.bool
+}
+
+func (c *Conn) handshake(ctx context.Context, cfg *handshakeConfig, initialFlight flightVal, initialState handshakeState) error { //nolint:gocognit
+	c.fsm = newHandshakeFSM(&c.state, c.handshakeCache, cfg, initialFlight)
+
+	done := make(chan struct{})
+	ctxRead, cancelRead := context.WithCancel(context.Background())
+	c.cancelHandshakeReader = cancelRead
+	cfg.onFlightState = func(f flightVal, s handshakeState) {
+		if s == handshakeFinished && !c.isHandshakeCompletedSuccessfully() {
+			c.setHandshakeCompletedSuccessfully()
+			close(done)
+		}
+	}
+
+	ctxHs, cancel := context.WithCancel(context.Background())
+	c.cancelHandshaker = cancel
+
+	firstErr := make(chan error, 1)
+
+	c.handshakeLoopsFinished.Add(2)
+
+	// Handshake routine should be live until close.
+	// The other party may request retransmission of the last flight to cope with packet drop.
+	go func() {
+		defer c.handshakeLoopsFinished.Done()
+		err := c.fsm.Run(ctxHs, c, initialState)
+		if !errors.Is(err, context.Canceled) {
+			select {
+			case firstErr <- err:
+			default:
+			}
+		}
+	}()
+	go func() {
+		defer func() {
+			// Escaping read loop.
+			// It's safe to close decrypted channnel now.
+			close(c.decrypted)
+
+			// Force stop handshaker when the underlying connection is closed.
+			cancel()
+		}()
+		defer c.handshakeLoopsFinished.Done()
+		for {
+			if err := c.readAndBuffer(ctxRead); err != nil {
+				switch e := err.(type) {
+				case *errAlert:
+					if !e.IsFatalOrCloseNotify() {
+						if c.isHandshakeCompletedSuccessfully() {
+							// Pass the error to Read()
+							select {
+							case c.decrypted <- err:
+							case <-c.closed.Done():
+							}
+						}
+						continue // non-fatal alert must not stop read loop
+					}
+				case error:
+					switch err {
+					case context.DeadlineExceeded, context.Canceled, io.EOF:
+					default:
+						if c.isHandshakeCompletedSuccessfully() {
+							// Keep read loop and pass the read error to Read()
+							select {
+							case c.decrypted <- err:
+							case <-c.closed.Done():
+							}
+							continue // non-fatal alert must not stop read loop
+						}
+					}
+				}
+				select {
+				case firstErr <- err:
+				default:
+				}
+
+				if e, ok := err.(*errAlert); ok {
+					if e.IsFatalOrCloseNotify() {
+						_ = c.close(false)
+					}
+				}
+				return
+			}
+		}
+	}()
+
+	select {
+	case err := <-firstErr:
+		cancelRead()
+		cancel()
+		return c.translateHandshakeCtxError(err)
+	case <-ctx.Done():
+		cancelRead()
+		cancel()
+		return c.translateHandshakeCtxError(ctx.Err())
+	case <-done:
+		return nil
+	}
+}
+
+func (c *Conn) translateHandshakeCtxError(err error) error {
+	if err == nil {
+		return nil
+	}
+	if errors.Is(err, context.Canceled) && c.isHandshakeCompletedSuccessfully() {
+		return nil
+	}
+	return &HandshakeError{err}
+}
+
+func (c *Conn) close(byUser bool) error {
+	c.cancelHandshaker()
+	c.cancelHandshakeReader()
+
+	if c.isHandshakeCompletedSuccessfully() && byUser {
+		// Discard error from notify() to return non-error on the first user call of Close()
+		// even if the underlying connection is already closed.
+		_ = c.notify(context.Background(), alertLevelWarning, alertCloseNotify)
+	}
+
+	c.closeLock.Lock()
+	// Don't return ErrConnClosed at the first time of the call from user.
+	closedByUser := c.connectionClosedByUser
+	if byUser {
+		c.connectionClosedByUser = true
+	}
+	c.closed.Close()
+	c.closeLock.Unlock()
+
+	if closedByUser {
+		return ErrConnClosed
+	}
+
+	return c.nextConn.Close()
+}
+
+func (c *Conn) isConnectionClosed() bool {
+	select {
+	case <-c.closed.Done():
+		return true
+	default:
+		return false
+	}
+}
+
+func (c *Conn) setLocalEpoch(epoch uint16) {
+	c.state.localEpoch.Store(epoch)
+}
+
+func (c *Conn) getLocalEpoch() uint16 {
+	return c.state.localEpoch.Load().(uint16)
+}
+
+func (c *Conn) setRemoteEpoch(epoch uint16) {
+	c.state.remoteEpoch.Store(epoch)
+}
+
+func (c *Conn) getRemoteEpoch() uint16 {
+	return c.state.remoteEpoch.Load().(uint16)
+}
+
+// LocalAddr implements net.Conn.LocalAddr
+func (c *Conn) LocalAddr() net.Addr {
+	return c.nextConn.LocalAddr()
+}
+
+// RemoteAddr implements net.Conn.RemoteAddr
+func (c *Conn) RemoteAddr() net.Addr {
+	return c.nextConn.RemoteAddr()
+}
+
+// SetDeadline implements net.Conn.SetDeadline
+func (c *Conn) SetDeadline(t time.Time) error {
+	c.readDeadline.Set(t)
+	return c.SetWriteDeadline(t)
+}
+
+// SetReadDeadline implements net.Conn.SetReadDeadline
+func (c *Conn) SetReadDeadline(t time.Time) error {
+	c.readDeadline.Set(t)
+	// Read deadline is fully managed by this layer.
+	// Don't set read deadline to underlying connection.
+	return nil
+}
+
+// SetWriteDeadline implements net.Conn.SetWriteDeadline
+func (c *Conn) SetWriteDeadline(t time.Time) error {
+	c.writeDeadline.Set(t)
+	// Write deadline is also fully managed by this layer.
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/content.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/content.go
new file mode 100644
index 000000000..c938cb739
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/content.go
@@ -0,0 +1,17 @@
+package dtls
+
+// https://tools.ietf.org/html/rfc4346#section-6.2.1
+type contentType uint8
+
+const (
+	contentTypeChangeCipherSpec contentType = 20
+	contentTypeAlert            contentType = 21
+	contentTypeHandshake        contentType = 22
+	contentTypeApplicationData  contentType = 23
+)
+
+type content interface {
+	contentType() contentType
+	Marshal() ([]byte, error)
+	Unmarshal(data []byte) error
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/crypto.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/crypto.go
new file mode 100644
index 000000000..c9124eb7f
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/crypto.go
@@ -0,0 +1,232 @@
+package dtls
+
+import (
+	"crypto"
+	"crypto/ecdsa"
+	"crypto/ed25519"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/sha256"
+	"crypto/x509"
+	"encoding/asn1"
+	"encoding/binary"
+	"math/big"
+	"time"
+)
+
+type ecdsaSignature struct {
+	R, S *big.Int
+}
+
+func valueKeyMessage(clientRandom, serverRandom, publicKey []byte, namedCurve namedCurve) []byte {
+	serverECDHParams := make([]byte, 4)
+	serverECDHParams[0] = 3 // named curve
+	binary.BigEndian.PutUint16(serverECDHParams[1:], uint16(namedCurve))
+	serverECDHParams[3] = byte(len(publicKey))
+
+	plaintext := []byte{}
+	plaintext = append(plaintext, clientRandom...)
+	plaintext = append(plaintext, serverRandom...)
+	plaintext = append(plaintext, serverECDHParams...)
+	plaintext = append(plaintext, publicKey...)
+
+	return plaintext
+}
+
+// If the client provided a "signature_algorithms" extension, then all
+// certificates provided by the server MUST be signed by a
+// hash/signature algorithm pair that appears in that extension
+//
+// https://tools.ietf.org/html/rfc5246#section-7.4.2
+func generateKeySignature(clientRandom, serverRandom, publicKey []byte, namedCurve namedCurve, privateKey crypto.PrivateKey, hashAlgorithm hashAlgorithm) ([]byte, error) {
+	msg := valueKeyMessage(clientRandom, serverRandom, publicKey, namedCurve)
+	switch p := privateKey.(type) {
+	case ed25519.PrivateKey:
+		// https://crypto.stackexchange.com/a/55483
+		return p.Sign(rand.Reader, msg, crypto.Hash(0))
+	case *ecdsa.PrivateKey:
+		hashed := hashAlgorithm.digest(msg)
+		return p.Sign(rand.Reader, hashed, hashAlgorithm.cryptoHash())
+	case *rsa.PrivateKey:
+		hashed := hashAlgorithm.digest(msg)
+		return p.Sign(rand.Reader, hashed, hashAlgorithm.cryptoHash())
+	}
+
+	return nil, errKeySignatureGenerateUnimplemented
+}
+
+func verifyKeySignature(message, remoteKeySignature []byte, hashAlgorithm hashAlgorithm, rawCertificates [][]byte) error { //nolint:dupl
+	if len(rawCertificates) == 0 {
+		return errLengthMismatch
+	}
+	certificate, err := x509.ParseCertificate(rawCertificates[0])
+	if err != nil {
+		return err
+	}
+
+	switch p := certificate.PublicKey.(type) {
+	case ed25519.PublicKey:
+		if ok := ed25519.Verify(p, message, remoteKeySignature); !ok {
+			return errKeySignatureMismatch
+		}
+		return nil
+	case *ecdsa.PublicKey:
+		ecdsaSig := &ecdsaSignature{}
+		if _, err := asn1.Unmarshal(remoteKeySignature, ecdsaSig); err != nil {
+			return err
+		}
+		if ecdsaSig.R.Sign() <= 0 || ecdsaSig.S.Sign() <= 0 {
+			return errInvalidECDSASignature
+		}
+		hashed := hashAlgorithm.digest(message)
+		if !ecdsa.Verify(p, hashed, ecdsaSig.R, ecdsaSig.S) {
+			return errKeySignatureMismatch
+		}
+		return nil
+	case *rsa.PublicKey:
+		switch certificate.SignatureAlgorithm {
+		case x509.SHA1WithRSA, x509.SHA256WithRSA, x509.SHA384WithRSA, x509.SHA512WithRSA:
+			hashed := hashAlgorithm.digest(message)
+			return rsa.VerifyPKCS1v15(p, hashAlgorithm.cryptoHash(), hashed, remoteKeySignature)
+		default:
+			return errKeySignatureVerifyUnimplemented
+		}
+	}
+
+	return errKeySignatureVerifyUnimplemented
+}
+
+// If the server has sent a CertificateRequest message, the client MUST send the Certificate
+// message.  The ClientKeyExchange message is now sent, and the content
+// of that message will depend on the public key algorithm selected
+// between the ClientHello and the ServerHello.  If the client has sent
+// a certificate with signing ability, a digitally-signed
+// CertificateVerify message is sent to explicitly verify possession of
+// the private key in the certificate.
+// https://tools.ietf.org/html/rfc5246#section-7.3
+func generateCertificateVerify(handshakeBodies []byte, privateKey crypto.PrivateKey, hashAlgorithm hashAlgorithm) ([]byte, error) {
+	h := sha256.New()
+	if _, err := h.Write(handshakeBodies); err != nil {
+		return nil, err
+	}
+	hashed := h.Sum(nil)
+
+	switch p := privateKey.(type) {
+	case ed25519.PrivateKey:
+		// https://crypto.stackexchange.com/a/55483
+		return p.Sign(rand.Reader, hashed, crypto.Hash(0))
+	case *ecdsa.PrivateKey:
+		return p.Sign(rand.Reader, hashed, hashAlgorithm.cryptoHash())
+	case *rsa.PrivateKey:
+		return p.Sign(rand.Reader, hashed, hashAlgorithm.cryptoHash())
+	}
+
+	return nil, errInvalidSignatureAlgorithm
+}
+
+func verifyCertificateVerify(handshakeBodies []byte, hashAlgorithm hashAlgorithm, remoteKeySignature []byte, rawCertificates [][]byte) error { //nolint:dupl
+	if len(rawCertificates) == 0 {
+		return errLengthMismatch
+	}
+	certificate, err := x509.ParseCertificate(rawCertificates[0])
+	if err != nil {
+		return err
+	}
+
+	switch p := certificate.PublicKey.(type) {
+	case ed25519.PublicKey:
+		if ok := ed25519.Verify(p, handshakeBodies, remoteKeySignature); !ok {
+			return errKeySignatureMismatch
+		}
+		return nil
+	case *ecdsa.PublicKey:
+		ecdsaSig := &ecdsaSignature{}
+		if _, err := asn1.Unmarshal(remoteKeySignature, ecdsaSig); err != nil {
+			return err
+		}
+		if ecdsaSig.R.Sign() <= 0 || ecdsaSig.S.Sign() <= 0 {
+			return errInvalidECDSASignature
+		}
+		hash := hashAlgorithm.digest(handshakeBodies)
+		if !ecdsa.Verify(p, hash, ecdsaSig.R, ecdsaSig.S) {
+			return errKeySignatureMismatch
+		}
+		return nil
+	case *rsa.PublicKey:
+		switch certificate.SignatureAlgorithm {
+		case x509.SHA1WithRSA, x509.SHA256WithRSA, x509.SHA384WithRSA, x509.SHA512WithRSA:
+			hash := hashAlgorithm.digest(handshakeBodies)
+			return rsa.VerifyPKCS1v15(p, hashAlgorithm.cryptoHash(), hash, remoteKeySignature)
+		default:
+			return errKeySignatureVerifyUnimplemented
+		}
+	}
+
+	return errKeySignatureVerifyUnimplemented
+}
+
+func loadCerts(rawCertificates [][]byte) ([]*x509.Certificate, error) {
+	if len(rawCertificates) == 0 {
+		return nil, errLengthMismatch
+	}
+
+	certs := make([]*x509.Certificate, 0, len(rawCertificates))
+	for _, rawCert := range rawCertificates {
+		cert, err := x509.ParseCertificate(rawCert)
+		if err != nil {
+			return nil, err
+		}
+		certs = append(certs, cert)
+	}
+	return certs, nil
+}
+
+func verifyClientCert(rawCertificates [][]byte, roots *x509.CertPool) (chains [][]*x509.Certificate, err error) {
+	certificate, err := loadCerts(rawCertificates)
+	if err != nil {
+		return nil, err
+	}
+	intermediateCAPool := x509.NewCertPool()
+	for _, cert := range certificate[1:] {
+		intermediateCAPool.AddCert(cert)
+	}
+	opts := x509.VerifyOptions{
+		Roots:         roots,
+		CurrentTime:   time.Now(),
+		Intermediates: intermediateCAPool,
+		KeyUsages:     []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
+	}
+	return certificate[0].Verify(opts)
+}
+
+func verifyServerCert(rawCertificates [][]byte, roots *x509.CertPool, serverName string) (chains [][]*x509.Certificate, err error) {
+	certificate, err := loadCerts(rawCertificates)
+	if err != nil {
+		return nil, err
+	}
+	intermediateCAPool := x509.NewCertPool()
+	for _, cert := range certificate[1:] {
+		intermediateCAPool.AddCert(cert)
+	}
+	opts := x509.VerifyOptions{
+		Roots:         roots,
+		CurrentTime:   time.Now(),
+		DNSName:       serverName,
+		Intermediates: intermediateCAPool,
+	}
+	return certificate[0].Verify(opts)
+}
+
+func generateAEADAdditionalData(h *recordLayerHeader, payloadLen int) []byte {
+	var additionalData [13]byte
+	// SequenceNumber MUST be set first
+	// we only want uint48, clobbering an extra 2 (using uint64, Golang doesn't have uint48)
+	binary.BigEndian.PutUint64(additionalData[:], h.sequenceNumber)
+	binary.BigEndian.PutUint16(additionalData[:], h.epoch)
+	additionalData[8] = byte(h.contentType)
+	additionalData[9] = h.protocolVersion.major
+	additionalData[10] = h.protocolVersion.minor
+	binary.BigEndian.PutUint16(additionalData[len(additionalData)-2:], uint16(payloadLen))
+
+	return additionalData[:]
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/crypto_cbc.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/crypto_cbc.go
new file mode 100644
index 000000000..6a4e7f49d
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/crypto_cbc.go
@@ -0,0 +1,133 @@
+package dtls
+
+import ( //nolint:gci
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/hmac"
+	"crypto/rand"
+	"crypto/sha1" //nolint:gosec
+	"encoding/binary"
+)
+
+// block ciphers using cipher block chaining.
+type cbcMode interface {
+	cipher.BlockMode
+	SetIV([]byte)
+}
+
+// State needed to handle encrypted input/output
+type cryptoCBC struct {
+	writeCBC, readCBC cbcMode
+	writeMac, readMac []byte
+}
+
+// Currently hardcoded to be SHA1 only
+var cryptoCBCMacFunc = sha1.New //nolint:gochecknoglobals
+
+func newCryptoCBC(localKey, localWriteIV, localMac, remoteKey, remoteWriteIV, remoteMac []byte) (*cryptoCBC, error) {
+	writeBlock, err := aes.NewCipher(localKey)
+	if err != nil {
+		return nil, err
+	}
+
+	readBlock, err := aes.NewCipher(remoteKey)
+	if err != nil {
+		return nil, err
+	}
+
+	return &cryptoCBC{
+		writeCBC: cipher.NewCBCEncrypter(writeBlock, localWriteIV).(cbcMode),
+		writeMac: localMac,
+
+		readCBC: cipher.NewCBCDecrypter(readBlock, remoteWriteIV).(cbcMode),
+		readMac: remoteMac,
+	}, nil
+}
+
+func (c *cryptoCBC) encrypt(pkt *recordLayer, raw []byte) ([]byte, error) {
+	payload := raw[recordLayerHeaderSize:]
+	raw = raw[:recordLayerHeaderSize]
+	blockSize := c.writeCBC.BlockSize()
+
+	// Generate + Append MAC
+	h := pkt.recordLayerHeader
+
+	MAC, err := prfMac(h.epoch, h.sequenceNumber, h.contentType, h.protocolVersion, payload, c.writeMac)
+	if err != nil {
+		return nil, err
+	}
+	payload = append(payload, MAC...)
+
+	// Generate + Append padding
+	padding := make([]byte, blockSize-len(payload)%blockSize)
+	paddingLen := len(padding)
+	for i := 0; i < paddingLen; i++ {
+		padding[i] = byte(paddingLen - 1)
+	}
+	payload = append(payload, padding...)
+
+	// Generate IV
+	iv := make([]byte, blockSize)
+	if _, err := rand.Read(iv); err != nil {
+		return nil, err
+	}
+
+	// Set IV + Encrypt + Prepend IV
+	c.writeCBC.SetIV(iv)
+	c.writeCBC.CryptBlocks(payload, payload)
+	payload = append(iv, payload...)
+
+	// Prepend unencrypte header with encrypted payload
+	raw = append(raw, payload...)
+
+	// Update recordLayer size to include IV+MAC+Padding
+	binary.BigEndian.PutUint16(raw[recordLayerHeaderSize-2:], uint16(len(raw)-recordLayerHeaderSize))
+
+	return raw, nil
+}
+
+func (c *cryptoCBC) decrypt(in []byte) ([]byte, error) {
+	body := in[recordLayerHeaderSize:]
+	blockSize := c.readCBC.BlockSize()
+	mac := cryptoCBCMacFunc()
+
+	var h recordLayerHeader
+	err := h.Unmarshal(in)
+	switch {
+	case err != nil:
+		return nil, err
+	case h.contentType == contentTypeChangeCipherSpec:
+		// Nothing to encrypt with ChangeCipherSpec
+		return in, nil
+	case len(body)%blockSize != 0 || len(body) < blockSize+max(mac.Size()+1, blockSize):
+		return nil, errNotEnoughRoomForNonce
+	}
+
+	// Set + remove per record IV
+	c.readCBC.SetIV(body[:blockSize])
+	body = body[blockSize:]
+
+	// Decrypt
+	c.readCBC.CryptBlocks(body, body)
+
+	// Padding+MAC needs to be checked in constant time
+	// Otherwise we reveal information about the level of correctness
+	paddingLen, paddingGood := examinePadding(body)
+
+	macSize := mac.Size()
+	if len(body) < macSize {
+		return nil, errInvalidMAC
+	}
+
+	dataEnd := len(body) - macSize - paddingLen
+
+	expectedMAC := body[dataEnd : dataEnd+macSize]
+	actualMAC, err := prfMac(h.epoch, h.sequenceNumber, h.contentType, h.protocolVersion, body[:dataEnd], c.readMac)
+
+	// Compute Local MAC and compare
+	if paddingGood != 255 || err != nil || !hmac.Equal(actualMAC, expectedMAC) {
+		return nil, errInvalidMAC
+	}
+
+	return append(in[:recordLayerHeaderSize], body[:dataEnd]...), nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/crypto_ccm.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/crypto_ccm.go
new file mode 100644
index 000000000..e933f00a4
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/crypto_ccm.go
@@ -0,0 +1,100 @@
+package dtls
+
+import (
+	"crypto/aes"
+	"crypto/rand"
+	"encoding/binary"
+	"errors"
+	"fmt"
+
+	"github.com/pion/dtls/v2/pkg/crypto/ccm"
+)
+
+var errDecryptPacket = errors.New("decryptPacket")
+
+type cryptoCCMTagLen int
+
+const (
+	cryptoCCM8TagLength  cryptoCCMTagLen = 8
+	cryptoCCMTagLength   cryptoCCMTagLen = 16
+	cryptoCCMNonceLength                 = 12
+)
+
+// State needed to handle encrypted input/output
+type cryptoCCM struct {
+	localCCM, remoteCCM         ccm.CCM
+	localWriteIV, remoteWriteIV []byte
+	tagLen                      cryptoCCMTagLen
+}
+
+func newCryptoCCM(tagLen cryptoCCMTagLen, localKey, localWriteIV, remoteKey, remoteWriteIV []byte) (*cryptoCCM, error) {
+	localBlock, err := aes.NewCipher(localKey)
+	if err != nil {
+		return nil, err
+	}
+	localCCM, err := ccm.NewCCM(localBlock, int(tagLen), cryptoCCMNonceLength)
+	if err != nil {
+		return nil, err
+	}
+
+	remoteBlock, err := aes.NewCipher(remoteKey)
+	if err != nil {
+		return nil, err
+	}
+	remoteCCM, err := ccm.NewCCM(remoteBlock, int(tagLen), cryptoCCMNonceLength)
+	if err != nil {
+		return nil, err
+	}
+
+	return &cryptoCCM{
+		localCCM:      localCCM,
+		localWriteIV:  localWriteIV,
+		remoteCCM:     remoteCCM,
+		remoteWriteIV: remoteWriteIV,
+		tagLen:        tagLen,
+	}, nil
+}
+
+func (c *cryptoCCM) encrypt(pkt *recordLayer, raw []byte) ([]byte, error) {
+	payload := raw[recordLayerHeaderSize:]
+	raw = raw[:recordLayerHeaderSize]
+
+	nonce := append(append([]byte{}, c.localWriteIV[:4]...), make([]byte, 8)...)
+	if _, err := rand.Read(nonce[4:]); err != nil {
+		return nil, err
+	}
+
+	additionalData := generateAEADAdditionalData(&pkt.recordLayerHeader, len(payload))
+	encryptedPayload := c.localCCM.Seal(nil, nonce, payload, additionalData)
+
+	encryptedPayload = append(nonce[4:], encryptedPayload...)
+	raw = append(raw, encryptedPayload...)
+
+	// Update recordLayer size to include explicit nonce
+	binary.BigEndian.PutUint16(raw[recordLayerHeaderSize-2:], uint16(len(raw)-recordLayerHeaderSize))
+	return raw, nil
+}
+
+func (c *cryptoCCM) decrypt(in []byte) ([]byte, error) {
+	var h recordLayerHeader
+	err := h.Unmarshal(in)
+	switch {
+	case err != nil:
+		return nil, err
+	case h.contentType == contentTypeChangeCipherSpec:
+		// Nothing to encrypt with ChangeCipherSpec
+		return in, nil
+	case len(in) <= (8 + recordLayerHeaderSize):
+		return nil, errNotEnoughRoomForNonce
+	}
+
+	nonce := append(append([]byte{}, c.remoteWriteIV[:4]...), in[recordLayerHeaderSize:recordLayerHeaderSize+8]...)
+	out := in[recordLayerHeaderSize+8:]
+
+	additionalData := generateAEADAdditionalData(&h, len(out)-int(c.tagLen))
+	out, err = c.remoteCCM.Open(out[:0], nonce, out, additionalData)
+	if err != nil {
+		return nil, fmt.Errorf("%w: %v", errDecryptPacket, err)
+	}
+	return append(in[:recordLayerHeaderSize], out...), nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/crypto_gcm.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/crypto_gcm.go
new file mode 100644
index 000000000..433326dbc
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/crypto_gcm.go
@@ -0,0 +1,94 @@
+package dtls
+
+import (
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/rand"
+	"encoding/binary"
+	"fmt"
+)
+
+const (
+	cryptoGCMTagLength   = 16
+	cryptoGCMNonceLength = 12
+)
+
+// State needed to handle encrypted input/output
+type cryptoGCM struct {
+	localGCM, remoteGCM         cipher.AEAD
+	localWriteIV, remoteWriteIV []byte
+}
+
+func newCryptoGCM(localKey, localWriteIV, remoteKey, remoteWriteIV []byte) (*cryptoGCM, error) {
+	localBlock, err := aes.NewCipher(localKey)
+	if err != nil {
+		return nil, err
+	}
+	localGCM, err := cipher.NewGCM(localBlock)
+	if err != nil {
+		return nil, err
+	}
+
+	remoteBlock, err := aes.NewCipher(remoteKey)
+	if err != nil {
+		return nil, err
+	}
+	remoteGCM, err := cipher.NewGCM(remoteBlock)
+	if err != nil {
+		return nil, err
+	}
+
+	return &cryptoGCM{
+		localGCM:      localGCM,
+		localWriteIV:  localWriteIV,
+		remoteGCM:     remoteGCM,
+		remoteWriteIV: remoteWriteIV,
+	}, nil
+}
+
+func (c *cryptoGCM) encrypt(pkt *recordLayer, raw []byte) ([]byte, error) {
+	payload := raw[recordLayerHeaderSize:]
+	raw = raw[:recordLayerHeaderSize]
+
+	nonce := make([]byte, cryptoGCMNonceLength)
+	copy(nonce, c.localWriteIV[:4])
+	if _, err := rand.Read(nonce[4:]); err != nil {
+		return nil, err
+	}
+
+	additionalData := generateAEADAdditionalData(&pkt.recordLayerHeader, len(payload))
+	encryptedPayload := c.localGCM.Seal(nil, nonce, payload, additionalData)
+	r := make([]byte, len(raw)+len(nonce[4:])+len(encryptedPayload))
+	copy(r, raw)
+	copy(r[len(raw):], nonce[4:])
+	copy(r[len(raw)+len(nonce[4:]):], encryptedPayload)
+
+	// Update recordLayer size to include explicit nonce
+	binary.BigEndian.PutUint16(r[recordLayerHeaderSize-2:], uint16(len(r)-recordLayerHeaderSize))
+	return r, nil
+}
+
+func (c *cryptoGCM) decrypt(in []byte) ([]byte, error) {
+	var h recordLayerHeader
+	err := h.Unmarshal(in)
+	switch {
+	case err != nil:
+		return nil, err
+	case h.contentType == contentTypeChangeCipherSpec:
+		// Nothing to encrypt with ChangeCipherSpec
+		return in, nil
+	case len(in) <= (8 + recordLayerHeaderSize):
+		return nil, errNotEnoughRoomForNonce
+	}
+
+	nonce := make([]byte, 0, cryptoGCMNonceLength)
+	nonce = append(append(nonce, c.remoteWriteIV[:4]...), in[recordLayerHeaderSize:recordLayerHeaderSize+8]...)
+	out := in[recordLayerHeaderSize+8:]
+
+	additionalData := generateAEADAdditionalData(&h, len(out)-cryptoGCMTagLength)
+	out, err = c.remoteGCM.Open(out[:0], nonce, out, additionalData)
+	if err != nil {
+		return nil, fmt.Errorf("%w: %v", errDecryptPacket, err)
+	}
+	return append(in[:recordLayerHeaderSize], out...), nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/curve_type.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/curve_type.go
new file mode 100644
index 000000000..9ea103b44
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/curve_type.go
@@ -0,0 +1,14 @@
+package dtls
+
+// https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-10
+type ellipticCurveType byte
+
+const (
+	ellipticCurveTypeNamedCurve ellipticCurveType = 0x03
+)
+
+func ellipticCurveTypes() map[ellipticCurveType]bool {
+	return map[ellipticCurveType]bool{
+		ellipticCurveTypeNamedCurve: true,
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/dtls.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/dtls.go
new file mode 100644
index 000000000..125b904e5
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/dtls.go
@@ -0,0 +1,2 @@
+// Package dtls implements Datagram Transport Layer Security (DTLS) 1.2
+package dtls
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/errors.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/errors.go
new file mode 100644
index 000000000..e551fd601
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/errors.go
@@ -0,0 +1,229 @@
+package dtls
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"io"
+	"net"
+	"os"
+
+	"golang.org/x/xerrors"
+)
+
+// Typed errors
+var (
+	ErrConnClosed = &FatalError{errors.New("conn is closed")} //nolint:goerr113
+
+	errDeadlineExceeded = &TimeoutError{xerrors.Errorf("read/write timeout: %w", context.DeadlineExceeded)}
+
+	errBufferTooSmall               = &TemporaryError{errors.New("buffer is too small")}                                        //nolint:goerr113
+	errContextUnsupported           = &TemporaryError{errors.New("context is not supported for ExportKeyingMaterial")}          //nolint:goerr113
+	errDTLSPacketInvalidLength      = &TemporaryError{errors.New("packet is too short")}                                        //nolint:goerr113
+	errHandshakeInProgress          = &TemporaryError{errors.New("handshake is in progress")}                                   //nolint:goerr113
+	errInvalidContentType           = &TemporaryError{errors.New("invalid content type")}                                       //nolint:goerr113
+	errInvalidMAC                   = &TemporaryError{errors.New("invalid mac")}                                                //nolint:goerr113
+	errInvalidPacketLength          = &TemporaryError{errors.New("packet length and declared length do not match")}             //nolint:goerr113
+	errReservedExportKeyingMaterial = &TemporaryError{errors.New("ExportKeyingMaterial can not be used with a reserved label")} //nolint:goerr113
+
+	errCertificateVerifyNoCertificate   = &FatalError{errors.New("client sent certificate verify but we have no certificate to verify")}                      //nolint:goerr113
+	errCipherSuiteNoIntersection        = &FatalError{errors.New("client+server do not support any shared cipher suites")}                                    //nolint:goerr113
+	errCipherSuiteUnset                 = &FatalError{errors.New("server hello can not be created without a cipher suite")}                                   //nolint:goerr113
+	errClientCertificateNotVerified     = &FatalError{errors.New("client sent certificate but did not verify it")}                                            //nolint:goerr113
+	errClientCertificateRequired        = &FatalError{errors.New("server required client verification, but got none")}                                        //nolint:goerr113
+	errClientNoMatchingSRTPProfile      = &FatalError{errors.New("server responded with SRTP Profile we do not support")}                                     //nolint:goerr113
+	errClientRequiredButNoServerEMS     = &FatalError{errors.New("client required Extended Master Secret extension, but server does not support it")}         //nolint:goerr113
+	errCompressionMethodUnset           = &FatalError{errors.New("server hello can not be created without a compression method")}                             //nolint:goerr113
+	errCookieMismatch                   = &FatalError{errors.New("client+server cookie does not match")}                                                      //nolint:goerr113
+	errCookieTooLong                    = &FatalError{errors.New("cookie must not be longer then 255 bytes")}                                                 //nolint:goerr113
+	errIdentityNoPSK                    = &FatalError{errors.New("PSK Identity Hint provided but PSK is nil")}                                                //nolint:goerr113
+	errInvalidCertificate               = &FatalError{errors.New("no certificate provided")}                                                                  //nolint:goerr113
+	errInvalidCipherSpec                = &FatalError{errors.New("cipher spec invalid")}                                                                      //nolint:goerr113
+	errInvalidCipherSuite               = &FatalError{errors.New("invalid or unknown cipher suite")}                                                          //nolint:goerr113
+	errInvalidClientKeyExchange         = &FatalError{errors.New("unable to determine if ClientKeyExchange is a public key or PSK Identity")}                 //nolint:goerr113
+	errInvalidCompressionMethod         = &FatalError{errors.New("invalid or unknown compression method")}                                                    //nolint:goerr113
+	errInvalidECDSASignature            = &FatalError{errors.New("ECDSA signature contained zero or negative values")}                                        //nolint:goerr113
+	errInvalidEllipticCurveType         = &FatalError{errors.New("invalid or unknown elliptic curve type")}                                                   //nolint:goerr113
+	errInvalidExtensionType             = &FatalError{errors.New("invalid extension type")}                                                                   //nolint:goerr113
+	errInvalidHashAlgorithm             = &FatalError{errors.New("invalid hash algorithm")}                                                                   //nolint:goerr113
+	errInvalidNamedCurve                = &FatalError{errors.New("invalid named curve")}                                                                      //nolint:goerr113
+	errInvalidPrivateKey                = &FatalError{errors.New("invalid private key type")}                                                                 //nolint:goerr113
+	errInvalidSNIFormat                 = &FatalError{errors.New("invalid server name format")}                                                               //nolint:goerr113
+	errInvalidSignatureAlgorithm        = &FatalError{errors.New("invalid signature algorithm")}                                                              //nolint:goerr113
+	errKeySignatureMismatch             = &FatalError{errors.New("expected and actual key signature do not match")}                                           //nolint:goerr113
+	errNilNextConn                      = &FatalError{errors.New("Conn can not be created with a nil nextConn")}                                              //nolint:goerr113
+	errNoAvailableCipherSuites          = &FatalError{errors.New("connection can not be created, no CipherSuites satisfy this Config")}                       //nolint:goerr113
+	errNoAvailableSignatureSchemes      = &FatalError{errors.New("connection can not be created, no SignatureScheme satisfy this Config")}                    //nolint:goerr113
+	errNoCertificates                   = &FatalError{errors.New("no certificates configured")}                                                               //nolint:goerr113
+	errNoConfigProvided                 = &FatalError{errors.New("no config provided")}                                                                       //nolint:goerr113
+	errNoSupportedEllipticCurves        = &FatalError{errors.New("client requested zero or more elliptic curves that are not supported by the server")}       //nolint:goerr113
+	errUnsupportedProtocolVersion       = &FatalError{errors.New("unsupported protocol version")}                                                             //nolint:goerr113
+	errPSKAndCertificate                = &FatalError{errors.New("Certificate and PSK provided")}                                                             //nolint:stylecheck
+	errPSKAndIdentityMustBeSetForClient = &FatalError{errors.New("PSK and PSK Identity Hint must both be set for client")}                                    //nolint:goerr113
+	errRequestedButNoSRTPExtension      = &FatalError{errors.New("SRTP support was requested but server did not respond with use_srtp extension")}            //nolint:goerr113
+	errServerMustHaveCertificate        = &FatalError{errors.New("Certificate is mandatory for server")}                                                      //nolint:stylecheck
+	errServerNoMatchingSRTPProfile      = &FatalError{errors.New("client requested SRTP but we have no matching profiles")}                                   //nolint:goerr113
+	errServerRequiredButNoClientEMS     = &FatalError{errors.New("server requires the Extended Master Secret extension, but the client does not support it")} //nolint:goerr113
+	errVerifyDataMismatch               = &FatalError{errors.New("expected and actual verify data does not match")}                                           //nolint:goerr113
+
+	errHandshakeMessageUnset             = &InternalError{errors.New("handshake message unset, unable to marshal")}      //nolint:goerr113
+	errInvalidFlight                     = &InternalError{errors.New("invalid flight number")}                           //nolint:goerr113
+	errKeySignatureGenerateUnimplemented = &InternalError{errors.New("unable to generate key signature, unimplemented")} //nolint:goerr113
+	errKeySignatureVerifyUnimplemented   = &InternalError{errors.New("unable to verify key signature, unimplemented")}   //nolint:goerr113
+	errLengthMismatch                    = &InternalError{errors.New("data length and declared length do not match")}    //nolint:goerr113
+	errNotEnoughRoomForNonce             = &InternalError{errors.New("buffer not long enough to contain nonce")}         //nolint:goerr113
+	errNotImplemented                    = &InternalError{errors.New("feature has not been implemented yet")}            //nolint:goerr113
+	errSequenceNumberOverflow            = &InternalError{errors.New("sequence number overflow")}                        //nolint:goerr113
+	errUnableToMarshalFragmented         = &InternalError{errors.New("unable to marshal fragmented handshakes")}         //nolint:goerr113
+)
+
+// FatalError indicates that the DTLS connection is no longer available.
+// It is mainly caused by wrong configuration of server or client.
+type FatalError struct {
+	Err error
+}
+
+// InternalError indicates and internal error caused by the implementation, and the DTLS connection is no longer available.
+// It is mainly caused by bugs or tried to use unimplemented features.
+type InternalError struct {
+	Err error
+}
+
+// TemporaryError indicates that the DTLS connection is still available, but the request was failed temporary.
+type TemporaryError struct {
+	Err error
+}
+
+// TimeoutError indicates that the request was timed out.
+type TimeoutError struct {
+	Err error
+}
+
+// HandshakeError indicates that the handshake failed.
+type HandshakeError struct {
+	Err error
+}
+
+// invalidCipherSuite indicates an attempt at using an unsupported cipher suite.
+type invalidCipherSuite struct {
+	id CipherSuiteID
+}
+
+func (e *invalidCipherSuite) Error() string {
+	return fmt.Sprintf("CipherSuite with id(%d) is not valid", e.id)
+}
+
+func (e *invalidCipherSuite) Is(err error) bool {
+	if other, ok := err.(*invalidCipherSuite); ok {
+		return e.id == other.id
+	}
+	return false
+}
+
+// Timeout implements net.Error.Timeout()
+func (*FatalError) Timeout() bool { return false }
+
+// Temporary implements net.Error.Temporary()
+func (*FatalError) Temporary() bool { return false }
+
+// Unwrap implements Go1.13 error unwrapper.
+func (e *FatalError) Unwrap() error { return e.Err }
+
+func (e *FatalError) Error() string { return fmt.Sprintf("dtls fatal: %v", e.Err) }
+
+// Timeout implements net.Error.Timeout()
+func (*InternalError) Timeout() bool { return false }
+
+// Temporary implements net.Error.Temporary()
+func (*InternalError) Temporary() bool { return false }
+
+// Unwrap implements Go1.13 error unwrapper.
+func (e *InternalError) Unwrap() error { return e.Err }
+
+func (e *InternalError) Error() string { return fmt.Sprintf("dtls internal: %v", e.Err) }
+
+// Timeout implements net.Error.Timeout()
+func (*TemporaryError) Timeout() bool { return false }
+
+// Temporary implements net.Error.Temporary()
+func (*TemporaryError) Temporary() bool { return true }
+
+// Unwrap implements Go1.13 error unwrapper.
+func (e *TemporaryError) Unwrap() error { return e.Err }
+
+func (e *TemporaryError) Error() string { return fmt.Sprintf("dtls temporary: %v", e.Err) }
+
+// Timeout implements net.Error.Timeout()
+func (*TimeoutError) Timeout() bool { return true }
+
+// Temporary implements net.Error.Temporary()
+func (*TimeoutError) Temporary() bool { return true }
+
+// Unwrap implements Go1.13 error unwrapper.
+func (e *TimeoutError) Unwrap() error { return e.Err }
+
+func (e *TimeoutError) Error() string { return fmt.Sprintf("dtls timeout: %v", e.Err) }
+
+// Timeout implements net.Error.Timeout()
+func (e *HandshakeError) Timeout() bool {
+	if netErr, ok := e.Err.(net.Error); ok {
+		return netErr.Timeout()
+	}
+	return false
+}
+
+// Temporary implements net.Error.Temporary()
+func (e *HandshakeError) Temporary() bool {
+	if netErr, ok := e.Err.(net.Error); ok {
+		return netErr.Temporary()
+	}
+	return false
+}
+
+// Unwrap implements Go1.13 error unwrapper.
+func (e *HandshakeError) Unwrap() error { return e.Err }
+
+func (e *HandshakeError) Error() string { return fmt.Sprintf("handshake error: %v", e.Err) }
+
+// errAlert wraps DTLS alert notification as an error
+type errAlert struct {
+	*alert
+}
+
+func (e *errAlert) Error() string {
+	return fmt.Sprintf("alert: %s", e.alert.String())
+}
+
+func (e *errAlert) IsFatalOrCloseNotify() bool {
+	return e.alertLevel == alertLevelFatal || e.alertDescription == alertCloseNotify
+}
+
+func (e *errAlert) Is(err error) bool {
+	if other, ok := err.(*errAlert); ok {
+		return e.alertLevel == other.alertLevel && e.alertDescription == other.alertDescription
+	}
+	return false
+}
+
+// netError translates an error from underlying Conn to corresponding net.Error.
+func netError(err error) error {
+	switch err {
+	case io.EOF, context.Canceled, context.DeadlineExceeded:
+		// Return io.EOF and context errors as is.
+		return err
+	}
+	switch e := err.(type) {
+	case (*net.OpError):
+		if se, ok := e.Err.(*os.SyscallError); ok {
+			if se.Timeout() {
+				return &TimeoutError{err}
+			}
+			if isOpErrorTemporary(se) {
+				return &TemporaryError{err}
+			}
+		}
+	case (net.Error):
+		return err
+	}
+	return &FatalError{err}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/errors_errno.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/errors_errno.go
new file mode 100644
index 000000000..a9a439b0a
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/errors_errno.go
@@ -0,0 +1,25 @@
+// +build aix darwin dragonfly freebsd linux nacl nacljs netbsd openbsd solaris windows
+
+// For systems having syscall.Errno.
+// Update build targets by following command:
+// $ grep -R ECONN $(go env GOROOT)/src/syscall/zerrors_*.go \
+//     | tr "." "_" | cut -d"_" -f"2" | sort | uniq
+
+package dtls
+
+import (
+	"os"
+	"syscall"
+)
+
+func isOpErrorTemporary(err *os.SyscallError) bool {
+	if ne, ok := err.Err.(syscall.Errno); ok {
+		switch ne {
+		case syscall.ECONNREFUSED:
+			return true
+		default:
+			return false
+		}
+	}
+	return false
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/errors_noerrno.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/errors_noerrno.go
new file mode 100644
index 000000000..fcc37cea1
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/errors_noerrno.go
@@ -0,0 +1,14 @@
+// +build !aix,!darwin,!dragonfly,!freebsd,!linux,!nacl,!nacljs,!netbsd,!openbsd,!solaris,!windows
+
+// For systems without syscall.Errno.
+// Build targets must be inverse of errors_errno.go
+
+package dtls
+
+import (
+	"os"
+)
+
+func isOpErrorTemporary(err *os.SyscallError) bool {
+	return false
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/extension.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/extension.go
new file mode 100644
index 000000000..1a4b0f7fc
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/extension.go
@@ -0,0 +1,88 @@
+package dtls
+
+import (
+	"encoding/binary"
+)
+
+// https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
+type extensionValue uint16
+
+const (
+	extensionServerNameValue                   extensionValue = 0
+	extensionSupportedEllipticCurvesValue      extensionValue = 10
+	extensionSupportedPointFormatsValue        extensionValue = 11
+	extensionSupportedSignatureAlgorithmsValue extensionValue = 13
+	extensionUseSRTPValue                      extensionValue = 14
+	extensionUseExtendedMasterSecretValue      extensionValue = 23
+	extensionRenegotiationInfoValue            extensionValue = 65281
+)
+
+type extension interface {
+	Marshal() ([]byte, error)
+	Unmarshal(data []byte) error
+
+	extensionValue() extensionValue
+}
+
+func decodeExtensions(buf []byte) ([]extension, error) {
+	if len(buf) < 2 {
+		return nil, errBufferTooSmall
+	}
+	declaredLen := binary.BigEndian.Uint16(buf)
+	if len(buf)-2 != int(declaredLen) {
+		return nil, errLengthMismatch
+	}
+
+	extensions := []extension{}
+	unmarshalAndAppend := func(data []byte, e extension) error {
+		err := e.Unmarshal(data)
+		if err != nil {
+			return err
+		}
+		extensions = append(extensions, e)
+		return nil
+	}
+
+	for offset := 2; offset < len(buf); {
+		if len(buf) < (offset + 2) {
+			return nil, errBufferTooSmall
+		}
+		var err error
+		switch extensionValue(binary.BigEndian.Uint16(buf[offset:])) {
+		case extensionServerNameValue:
+			err = unmarshalAndAppend(buf[offset:], &extensionServerName{})
+		case extensionSupportedEllipticCurvesValue:
+			err = unmarshalAndAppend(buf[offset:], &extensionSupportedEllipticCurves{})
+		case extensionUseSRTPValue:
+			err = unmarshalAndAppend(buf[offset:], &extensionUseSRTP{})
+		case extensionUseExtendedMasterSecretValue:
+			err = unmarshalAndAppend(buf[offset:], &extensionUseExtendedMasterSecret{})
+		case extensionRenegotiationInfoValue:
+			err = unmarshalAndAppend(buf[offset:], &extensionRenegotiationInfo{})
+		default:
+		}
+		if err != nil {
+			return nil, err
+		}
+		if len(buf) < (offset + 4) {
+			return nil, errBufferTooSmall
+		}
+		extensionLength := binary.BigEndian.Uint16(buf[offset+2:])
+		offset += (4 + int(extensionLength))
+	}
+	return extensions, nil
+}
+
+func encodeExtensions(e []extension) ([]byte, error) {
+	extensions := []byte{}
+	for _, e := range e {
+		raw, err := e.Marshal()
+		if err != nil {
+			return nil, err
+		}
+		extensions = append(extensions, raw...)
+	}
+	out := []byte{0x00, 0x00}
+	binary.BigEndian.PutUint16(out, uint16(len(extensions)))
+	return append(out, extensions...), nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/extension_renegotiation_info.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/extension_renegotiation_info.go
new file mode 100644
index 000000000..6e5a5e014
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/extension_renegotiation_info.go
@@ -0,0 +1,37 @@
+package dtls
+
+import "encoding/binary"
+
+const (
+	extensionRenegotiationInfoHeaderSize = 5
+)
+
+// https://tools.ietf.org/html/rfc5746
+type extensionRenegotiationInfo struct {
+	renegotiatedConnection uint8
+}
+
+func (e extensionRenegotiationInfo) extensionValue() extensionValue {
+	return extensionRenegotiationInfoValue
+}
+
+func (e *extensionRenegotiationInfo) Marshal() ([]byte, error) {
+	out := make([]byte, extensionRenegotiationInfoHeaderSize)
+
+	binary.BigEndian.PutUint16(out, uint16(e.extensionValue()))
+	binary.BigEndian.PutUint16(out[2:], uint16(1)) // length
+	out[4] = e.renegotiatedConnection
+	return out, nil
+}
+
+func (e *extensionRenegotiationInfo) Unmarshal(data []byte) error {
+	if len(data) < extensionRenegotiationInfoHeaderSize {
+		return errBufferTooSmall
+	} else if extensionValue(binary.BigEndian.Uint16(data)) != e.extensionValue() {
+		return errInvalidExtensionType
+	}
+
+	e.renegotiatedConnection = data[4]
+
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/extension_server_name.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/extension_server_name.go
new file mode 100644
index 000000000..07eddc219
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/extension_server_name.go
@@ -0,0 +1,70 @@
+package dtls
+
+import (
+	"strings"
+
+	"golang.org/x/crypto/cryptobyte"
+)
+
+const extensionServerNameTypeDNSHostName = 0
+
+type extensionServerName struct {
+	serverName string
+}
+
+func (e extensionServerName) extensionValue() extensionValue {
+	return extensionServerNameValue
+}
+
+func (e *extensionServerName) Marshal() ([]byte, error) {
+	var b cryptobyte.Builder
+	b.AddUint16(uint16(e.extensionValue()))
+	b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+		b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+			b.AddUint8(extensionServerNameTypeDNSHostName)
+			b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+				b.AddBytes([]byte(e.serverName))
+			})
+		})
+	})
+	return b.Bytes()
+}
+
+func (e *extensionServerName) Unmarshal(data []byte) error {
+	s := cryptobyte.String(data)
+	var extension uint16
+	s.ReadUint16(&extension)
+	if extensionValue(extension) != e.extensionValue() {
+		return errInvalidExtensionType
+	}
+
+	var extData cryptobyte.String
+	s.ReadUint16LengthPrefixed(&extData)
+
+	var nameList cryptobyte.String
+	if !extData.ReadUint16LengthPrefixed(&nameList) || nameList.Empty() {
+		return errInvalidSNIFormat
+	}
+	for !nameList.Empty() {
+		var nameType uint8
+		var serverName cryptobyte.String
+		if !nameList.ReadUint8(&nameType) ||
+			!nameList.ReadUint16LengthPrefixed(&serverName) ||
+			serverName.Empty() {
+			return errInvalidSNIFormat
+		}
+		if nameType != extensionServerNameTypeDNSHostName {
+			continue
+		}
+		if len(e.serverName) != 0 {
+			// Multiple names of the same name_type are prohibited.
+			return errInvalidSNIFormat
+		}
+		e.serverName = string(serverName)
+		// An SNI value may not include a trailing dot.
+		if strings.HasSuffix(e.serverName, ".") {
+			return errInvalidSNIFormat
+		}
+	}
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/extension_supported_elliptic_curves.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/extension_supported_elliptic_curves.go
new file mode 100644
index 000000000..47e531e07
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/extension_supported_elliptic_curves.go
@@ -0,0 +1,54 @@
+package dtls
+
+import (
+	"encoding/binary"
+)
+
+const (
+	extensionSupportedGroupsHeaderSize = 6
+)
+
+// https://tools.ietf.org/html/rfc8422#section-5.1.1
+type extensionSupportedEllipticCurves struct {
+	ellipticCurves []namedCurve
+}
+
+func (e extensionSupportedEllipticCurves) extensionValue() extensionValue {
+	return extensionSupportedEllipticCurvesValue
+}
+
+func (e *extensionSupportedEllipticCurves) Marshal() ([]byte, error) {
+	out := make([]byte, extensionSupportedGroupsHeaderSize)
+
+	binary.BigEndian.PutUint16(out, uint16(e.extensionValue()))
+	binary.BigEndian.PutUint16(out[2:], uint16(2+(len(e.ellipticCurves)*2)))
+	binary.BigEndian.PutUint16(out[4:], uint16(len(e.ellipticCurves)*2))
+
+	for _, v := range e.ellipticCurves {
+		out = append(out, []byte{0x00, 0x00}...)
+		binary.BigEndian.PutUint16(out[len(out)-2:], uint16(v))
+	}
+
+	return out, nil
+}
+
+func (e *extensionSupportedEllipticCurves) Unmarshal(data []byte) error {
+	if len(data) <= extensionSupportedGroupsHeaderSize {
+		return errBufferTooSmall
+	} else if extensionValue(binary.BigEndian.Uint16(data)) != e.extensionValue() {
+		return errInvalidExtensionType
+	}
+
+	groupCount := int(binary.BigEndian.Uint16(data[4:]) / 2)
+	if extensionSupportedGroupsHeaderSize+(groupCount*2) > len(data) {
+		return errLengthMismatch
+	}
+
+	for i := 0; i < groupCount; i++ {
+		supportedGroupID := namedCurve(binary.BigEndian.Uint16(data[(extensionSupportedGroupsHeaderSize + (i * 2)):]))
+		if _, ok := namedCurves()[supportedGroupID]; ok {
+			e.ellipticCurves = append(e.ellipticCurves, supportedGroupID)
+		}
+	}
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/extension_supported_point_formats.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/extension_supported_point_formats.go
new file mode 100644
index 000000000..5f2d96877
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/extension_supported_point_formats.go
@@ -0,0 +1,56 @@
+package dtls
+
+import "encoding/binary"
+
+const (
+	extensionSupportedPointFormatsSize = 5
+)
+
+type ellipticCurvePointFormat byte
+
+const ellipticCurvePointFormatUncompressed ellipticCurvePointFormat = 0
+
+// https://tools.ietf.org/html/rfc4492#section-5.1.2
+type extensionSupportedPointFormats struct {
+	pointFormats []ellipticCurvePointFormat
+}
+
+func (e extensionSupportedPointFormats) extensionValue() extensionValue {
+	return extensionSupportedPointFormatsValue
+}
+
+func (e *extensionSupportedPointFormats) Marshal() ([]byte, error) {
+	out := make([]byte, extensionSupportedPointFormatsSize)
+
+	binary.BigEndian.PutUint16(out, uint16(e.extensionValue()))
+	binary.BigEndian.PutUint16(out[2:], uint16(1+(len(e.pointFormats))))
+	out[4] = byte(len(e.pointFormats))
+
+	for _, v := range e.pointFormats {
+		out = append(out, byte(v))
+	}
+	return out, nil
+}
+
+func (e *extensionSupportedPointFormats) Unmarshal(data []byte) error {
+	if len(data) <= extensionSupportedPointFormatsSize {
+		return errBufferTooSmall
+	} else if extensionValue(binary.BigEndian.Uint16(data)) != e.extensionValue() {
+		return errInvalidExtensionType
+	}
+
+	pointFormatCount := int(binary.BigEndian.Uint16(data[4:]))
+	if extensionSupportedGroupsHeaderSize+(pointFormatCount) > len(data) {
+		return errLengthMismatch
+	}
+
+	for i := 0; i < pointFormatCount; i++ {
+		p := ellipticCurvePointFormat(data[extensionSupportedPointFormatsSize+i])
+		switch p {
+		case ellipticCurvePointFormatUncompressed:
+			e.pointFormats = append(e.pointFormats, p)
+		default:
+		}
+	}
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/extension_supported_signature_algorithms.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/extension_supported_signature_algorithms.go
new file mode 100644
index 000000000..5f831928f
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/extension_supported_signature_algorithms.go
@@ -0,0 +1,60 @@
+package dtls
+
+import (
+	"encoding/binary"
+)
+
+const (
+	extensionSupportedSignatureAlgorithmsHeaderSize = 6
+)
+
+// https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
+type extensionSupportedSignatureAlgorithms struct {
+	signatureHashAlgorithms []signatureHashAlgorithm
+}
+
+func (e extensionSupportedSignatureAlgorithms) extensionValue() extensionValue {
+	return extensionSupportedSignatureAlgorithmsValue
+}
+
+func (e *extensionSupportedSignatureAlgorithms) Marshal() ([]byte, error) {
+	out := make([]byte, extensionSupportedSignatureAlgorithmsHeaderSize)
+
+	binary.BigEndian.PutUint16(out, uint16(e.extensionValue()))
+	binary.BigEndian.PutUint16(out[2:], uint16(2+(len(e.signatureHashAlgorithms)*2)))
+	binary.BigEndian.PutUint16(out[4:], uint16(len(e.signatureHashAlgorithms)*2))
+	for _, v := range e.signatureHashAlgorithms {
+		out = append(out, []byte{0x00, 0x00}...)
+		out[len(out)-2] = byte(v.hash)
+		out[len(out)-1] = byte(v.signature)
+	}
+
+	return out, nil
+}
+
+func (e *extensionSupportedSignatureAlgorithms) Unmarshal(data []byte) error {
+	if len(data) <= extensionSupportedSignatureAlgorithmsHeaderSize {
+		return errBufferTooSmall
+	} else if extensionValue(binary.BigEndian.Uint16(data)) != e.extensionValue() {
+		return errInvalidExtensionType
+	}
+
+	algorithmCount := int(binary.BigEndian.Uint16(data[4:]) / 2)
+	if extensionSupportedSignatureAlgorithmsHeaderSize+(algorithmCount*2) > len(data) {
+		return errLengthMismatch
+	}
+	for i := 0; i < algorithmCount; i++ {
+		supportedHashAlgorithm := hashAlgorithm(data[extensionSupportedSignatureAlgorithmsHeaderSize+(i*2)])
+		supportedSignatureAlgorithm := signatureAlgorithm(data[extensionSupportedSignatureAlgorithmsHeaderSize+(i*2)+1])
+		if _, ok := hashAlgorithms()[supportedHashAlgorithm]; ok {
+			if _, ok := signatureAlgorithms()[supportedSignatureAlgorithm]; ok {
+				e.signatureHashAlgorithms = append(e.signatureHashAlgorithms, signatureHashAlgorithm{
+					supportedHashAlgorithm,
+					supportedSignatureAlgorithm,
+				})
+			}
+		}
+	}
+
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/extension_use_master_secret.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/extension_use_master_secret.go
new file mode 100644
index 000000000..50d5413c0
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/extension_use_master_secret.go
@@ -0,0 +1,40 @@
+package dtls
+
+import "encoding/binary"
+
+const (
+	extensionUseExtendedMasterSecretHeaderSize = 4
+)
+
+// https://tools.ietf.org/html/rfc8422
+type extensionUseExtendedMasterSecret struct {
+	supported bool
+}
+
+func (e extensionUseExtendedMasterSecret) extensionValue() extensionValue {
+	return extensionUseExtendedMasterSecretValue
+}
+
+func (e *extensionUseExtendedMasterSecret) Marshal() ([]byte, error) {
+	if !e.supported {
+		return []byte{}, nil
+	}
+
+	out := make([]byte, extensionUseExtendedMasterSecretHeaderSize)
+
+	binary.BigEndian.PutUint16(out, uint16(e.extensionValue()))
+	binary.BigEndian.PutUint16(out[2:], uint16(0)) // length
+	return out, nil
+}
+
+func (e *extensionUseExtendedMasterSecret) Unmarshal(data []byte) error {
+	if len(data) < extensionUseExtendedMasterSecretHeaderSize {
+		return errBufferTooSmall
+	} else if extensionValue(binary.BigEndian.Uint16(data)) != e.extensionValue() {
+		return errInvalidExtensionType
+	}
+
+	e.supported = true
+
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/extension_use_srtp.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/extension_use_srtp.go
new file mode 100644
index 000000000..0805f49b7
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/extension_use_srtp.go
@@ -0,0 +1,53 @@
+package dtls
+
+import "encoding/binary"
+
+const (
+	extensionUseSRTPHeaderSize = 6
+)
+
+// https://tools.ietf.org/html/rfc8422
+type extensionUseSRTP struct {
+	protectionProfiles []SRTPProtectionProfile
+}
+
+func (e extensionUseSRTP) extensionValue() extensionValue {
+	return extensionUseSRTPValue
+}
+
+func (e *extensionUseSRTP) Marshal() ([]byte, error) {
+	out := make([]byte, extensionUseSRTPHeaderSize)
+
+	binary.BigEndian.PutUint16(out, uint16(e.extensionValue()))
+	binary.BigEndian.PutUint16(out[2:], uint16(2+(len(e.protectionProfiles)*2)+ /* MKI Length */ 1))
+	binary.BigEndian.PutUint16(out[4:], uint16(len(e.protectionProfiles)*2))
+
+	for _, v := range e.protectionProfiles {
+		out = append(out, []byte{0x00, 0x00}...)
+		binary.BigEndian.PutUint16(out[len(out)-2:], uint16(v))
+	}
+
+	out = append(out, 0x00) /* MKI Length */
+	return out, nil
+}
+
+func (e *extensionUseSRTP) Unmarshal(data []byte) error {
+	if len(data) <= extensionUseSRTPHeaderSize {
+		return errBufferTooSmall
+	} else if extensionValue(binary.BigEndian.Uint16(data)) != e.extensionValue() {
+		return errInvalidExtensionType
+	}
+
+	profileCount := int(binary.BigEndian.Uint16(data[4:]) / 2)
+	if extensionSupportedGroupsHeaderSize+(profileCount*2) > len(data) {
+		return errLengthMismatch
+	}
+
+	for i := 0; i < profileCount; i++ {
+		supportedProfile := SRTPProtectionProfile(binary.BigEndian.Uint16(data[(extensionUseSRTPHeaderSize + (i * 2)):]))
+		if _, ok := srtpProtectionProfiles()[supportedProfile]; ok {
+			e.protectionProfiles = append(e.protectionProfiles, supportedProfile)
+		}
+	}
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/flight.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/flight.go
new file mode 100644
index 000000000..580ee48d2
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/flight.go
@@ -0,0 +1,75 @@
+package dtls
+
+/*
+  DTLS messages are grouped into a series of message flights, according
+  to the diagrams below.  Although each flight of messages may consist
+  of a number of messages, they should be viewed as monolithic for the
+  purpose of timeout and retransmission.
+  https://tools.ietf.org/html/rfc4347#section-4.2.4
+  Client                                          Server
+  ------                                          ------
+                                      Waiting                 Flight 0
+
+  ClientHello             -------->                           Flight 1
+
+                          <-------    HelloVerifyRequest      Flight 2
+
+  ClientHello              -------->                           Flight 3
+
+                                             ServerHello    \
+                                            Certificate*     \
+                                      ServerKeyExchange*      Flight 4
+                                     CertificateRequest*     /
+                          <--------      ServerHelloDone    /
+
+  Certificate*                                              \
+  ClientKeyExchange                                          \
+  CertificateVerify*                                          Flight 5
+  [ChangeCipherSpec]                                         /
+  Finished                -------->                         /
+
+                                      [ChangeCipherSpec]    \ Flight 6
+                          <--------             Finished    /
+
+*/
+
+type flightVal uint8
+
+const (
+	flight0 flightVal = iota + 1
+	flight1
+	flight2
+	flight3
+	flight4
+	flight5
+	flight6
+)
+
+func (f flightVal) String() string {
+	switch f {
+	case flight0:
+		return "Flight 0"
+	case flight1:
+		return "Flight 1"
+	case flight2:
+		return "Flight 2"
+	case flight3:
+		return "Flight 3"
+	case flight4:
+		return "Flight 4"
+	case flight5:
+		return "Flight 5"
+	case flight6:
+		return "Flight 6"
+	default:
+		return "Invalid Flight"
+	}
+}
+
+func (f flightVal) isLastSendFlight() bool {
+	return f == flight6
+}
+
+func (f flightVal) isLastRecvFlight() bool {
+	return f == flight5
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/flight0handler.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/flight0handler.go
new file mode 100644
index 000000000..fd469554d
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/flight0handler.go
@@ -0,0 +1,89 @@
+package dtls
+
+import (
+	"context"
+	"crypto/rand"
+)
+
+func flight0Parse(ctx context.Context, c flightConn, state *State, cache *handshakeCache, cfg *handshakeConfig) (flightVal, *alert, error) {
+	seq, msgs, ok := cache.fullPullMap(0,
+		handshakeCachePullRule{handshakeTypeClientHello, cfg.initialEpoch, true, false},
+	)
+	if !ok {
+		// No valid message received. Keep reading
+		return 0, nil, nil
+	}
+	state.handshakeRecvSequence = seq
+
+	var clientHello *handshakeMessageClientHello
+
+	// Validate type
+	if clientHello, ok = msgs[handshakeTypeClientHello].(*handshakeMessageClientHello); !ok {
+		return 0, &alert{alertLevelFatal, alertInternalError}, nil
+	}
+
+	if !clientHello.version.Equal(protocolVersion1_2) {
+		return 0, &alert{alertLevelFatal, alertProtocolVersion}, errUnsupportedProtocolVersion
+	}
+
+	state.remoteRandom = clientHello.random
+
+	if state.cipherSuite, ok = findMatchingCipherSuite(clientHello.cipherSuites, cfg.localCipherSuites); !ok {
+		return 0, &alert{alertLevelFatal, alertInsufficientSecurity}, errCipherSuiteNoIntersection
+	}
+
+	for _, extension := range clientHello.extensions {
+		switch e := extension.(type) {
+		case *extensionSupportedEllipticCurves:
+			if len(e.ellipticCurves) == 0 {
+				return 0, &alert{alertLevelFatal, alertInsufficientSecurity}, errNoSupportedEllipticCurves
+			}
+			state.namedCurve = e.ellipticCurves[0]
+		case *extensionUseSRTP:
+			profile, ok := findMatchingSRTPProfile(e.protectionProfiles, cfg.localSRTPProtectionProfiles)
+			if !ok {
+				return 0, &alert{alertLevelFatal, alertInsufficientSecurity}, errServerNoMatchingSRTPProfile
+			}
+			state.srtpProtectionProfile = profile
+		case *extensionUseExtendedMasterSecret:
+			if cfg.extendedMasterSecret != DisableExtendedMasterSecret {
+				state.extendedMasterSecret = true
+			}
+		case *extensionServerName:
+			state.serverName = e.serverName // remote server name
+		}
+	}
+
+	if cfg.extendedMasterSecret == RequireExtendedMasterSecret && !state.extendedMasterSecret {
+		return 0, &alert{alertLevelFatal, alertInsufficientSecurity}, errServerRequiredButNoClientEMS
+	}
+
+	if state.localKeypair == nil {
+		var err error
+		state.localKeypair, err = generateKeypair(state.namedCurve)
+		if err != nil {
+			return 0, &alert{alertLevelFatal, alertIllegalParameter}, err
+		}
+	}
+
+	return flight2, nil, nil
+}
+
+func flight0Generate(c flightConn, state *State, cache *handshakeCache, cfg *handshakeConfig) ([]*packet, *alert, error) {
+	// Initialize
+	state.cookie = make([]byte, cookieLength)
+	if _, err := rand.Read(state.cookie); err != nil {
+		return nil, nil, err
+	}
+
+	var zeroEpoch uint16
+	state.localEpoch.Store(zeroEpoch)
+	state.remoteEpoch.Store(zeroEpoch)
+	state.namedCurve = defaultNamedCurve
+
+	if err := state.localRandom.populate(); err != nil {
+		return nil, nil, err
+	}
+
+	return nil, nil, nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/flight1handler.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/flight1handler.go
new file mode 100644
index 000000000..d4e23dc6b
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/flight1handler.go
@@ -0,0 +1,105 @@
+package dtls
+
+import (
+	"context"
+)
+
+func flight1Parse(ctx context.Context, c flightConn, state *State, cache *handshakeCache, cfg *handshakeConfig) (flightVal, *alert, error) {
+	// HelloVerifyRequest can be skipped by the server,
+	// so allow ServerHello during flight1 also
+	seq, msgs, ok := cache.fullPullMap(state.handshakeRecvSequence,
+		handshakeCachePullRule{handshakeTypeHelloVerifyRequest, cfg.initialEpoch, false, true},
+		handshakeCachePullRule{handshakeTypeServerHello, cfg.initialEpoch, false, true},
+	)
+	if !ok {
+		// No valid message received. Keep reading
+		return 0, nil, nil
+	}
+
+	if _, ok := msgs[handshakeTypeServerHello]; ok {
+		// Flight1 and flight2 were skipped.
+		// Parse as flight3.
+		return flight3Parse(ctx, c, state, cache, cfg)
+	}
+
+	if h, ok := msgs[handshakeTypeHelloVerifyRequest].(*handshakeMessageHelloVerifyRequest); ok {
+		// DTLS 1.2 clients must not assume that the server will use the protocol version
+		// specified in HelloVerifyRequest message. RFC 6347 Section 4.2.1
+		if !h.version.Equal(protocolVersion1_0) && !h.version.Equal(protocolVersion1_2) {
+			return 0, &alert{alertLevelFatal, alertProtocolVersion}, errUnsupportedProtocolVersion
+		}
+		state.cookie = append([]byte{}, h.cookie...)
+		state.handshakeRecvSequence = seq
+		return flight3, nil, nil
+	}
+
+	return 0, &alert{alertLevelFatal, alertInternalError}, nil
+}
+
+func flight1Generate(c flightConn, state *State, cache *handshakeCache, cfg *handshakeConfig) ([]*packet, *alert, error) {
+	var zeroEpoch uint16
+	state.localEpoch.Store(zeroEpoch)
+	state.remoteEpoch.Store(zeroEpoch)
+	state.namedCurve = defaultNamedCurve
+	state.cookie = nil
+
+	if err := state.localRandom.populate(); err != nil {
+		return nil, nil, err
+	}
+
+	extensions := []extension{
+		&extensionSupportedSignatureAlgorithms{
+			signatureHashAlgorithms: cfg.localSignatureSchemes,
+		},
+		&extensionRenegotiationInfo{
+			renegotiatedConnection: 0,
+		},
+	}
+	if cfg.localPSKCallback == nil {
+		extensions = append(extensions, []extension{
+			&extensionSupportedEllipticCurves{
+				ellipticCurves: []namedCurve{namedCurveX25519, namedCurveP256, namedCurveP384},
+			},
+			&extensionSupportedPointFormats{
+				pointFormats: []ellipticCurvePointFormat{ellipticCurvePointFormatUncompressed},
+			},
+		}...)
+	}
+
+	if len(cfg.localSRTPProtectionProfiles) > 0 {
+		extensions = append(extensions, &extensionUseSRTP{
+			protectionProfiles: cfg.localSRTPProtectionProfiles,
+		})
+	}
+
+	if cfg.extendedMasterSecret == RequestExtendedMasterSecret ||
+		cfg.extendedMasterSecret == RequireExtendedMasterSecret {
+		extensions = append(extensions, &extensionUseExtendedMasterSecret{
+			supported: true,
+		})
+	}
+
+	if len(cfg.serverName) > 0 {
+		extensions = append(extensions, &extensionServerName{serverName: cfg.serverName})
+	}
+
+	return []*packet{
+		{
+			record: &recordLayer{
+				recordLayerHeader: recordLayerHeader{
+					protocolVersion: protocolVersion1_2,
+				},
+				content: &handshake{
+					handshakeMessage: &handshakeMessageClientHello{
+						version:            protocolVersion1_2,
+						cookie:             state.cookie,
+						random:             state.localRandom,
+						cipherSuites:       cfg.localCipherSuites,
+						compressionMethods: defaultCompressionMethods(),
+						extensions:         extensions,
+					},
+				},
+			},
+		},
+	}, nil, nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/flight2handler.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/flight2handler.go
new file mode 100644
index 000000000..4d18f237d
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/flight2handler.go
@@ -0,0 +1,56 @@
+package dtls
+
+import (
+	"bytes"
+	"context"
+)
+
+func flight2Parse(ctx context.Context, c flightConn, state *State, cache *handshakeCache, cfg *handshakeConfig) (flightVal, *alert, error) {
+	seq, msgs, ok := cache.fullPullMap(state.handshakeRecvSequence,
+		handshakeCachePullRule{handshakeTypeClientHello, cfg.initialEpoch, true, false},
+	)
+	if !ok {
+		// Client may retransmit the first ClientHello when HelloVerifyRequest is dropped.
+		// Parse as flight 0 in this case.
+		return flight0Parse(ctx, c, state, cache, cfg)
+	}
+	state.handshakeRecvSequence = seq
+
+	var clientHello *handshakeMessageClientHello
+
+	// Validate type
+	if clientHello, ok = msgs[handshakeTypeClientHello].(*handshakeMessageClientHello); !ok {
+		return 0, &alert{alertLevelFatal, alertInternalError}, nil
+	}
+
+	if !clientHello.version.Equal(protocolVersion1_2) {
+		return 0, &alert{alertLevelFatal, alertProtocolVersion}, errUnsupportedProtocolVersion
+	}
+
+	if len(clientHello.cookie) == 0 {
+		return 0, nil, nil
+	}
+	if !bytes.Equal(state.cookie, clientHello.cookie) {
+		return 0, &alert{alertLevelFatal, alertAccessDenied}, errCookieMismatch
+	}
+	return flight4, nil, nil
+}
+
+func flight2Generate(c flightConn, state *State, cache *handshakeCache, cfg *handshakeConfig) ([]*packet, *alert, error) {
+	state.handshakeSendSequence = 0
+	return []*packet{
+		{
+			record: &recordLayer{
+				recordLayerHeader: recordLayerHeader{
+					protocolVersion: protocolVersion1_2,
+				},
+				content: &handshake{
+					handshakeMessage: &handshakeMessageHelloVerifyRequest{
+						version: protocolVersion1_2,
+						cookie:  state.cookie,
+					},
+				},
+			},
+		},
+	}, nil, nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/flight3handler.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/flight3handler.go
new file mode 100644
index 000000000..309a8871e
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/flight3handler.go
@@ -0,0 +1,177 @@
+package dtls
+
+import (
+	"context"
+)
+
+func flight3Parse(ctx context.Context, c flightConn, state *State, cache *handshakeCache, cfg *handshakeConfig) (flightVal, *alert, error) { //nolint:gocognit
+	// Clients may receive multiple HelloVerifyRequest messages with different cookies.
+	// Clients SHOULD handle this by sending a new ClientHello with a cookie in response
+	// to the new HelloVerifyRequest. RFC 6347 Section 4.2.1
+	seq, msgs, ok := cache.fullPullMap(state.handshakeRecvSequence,
+		handshakeCachePullRule{handshakeTypeHelloVerifyRequest, cfg.initialEpoch, false, true},
+	)
+	if ok {
+		if h, msgOk := msgs[handshakeTypeHelloVerifyRequest].(*handshakeMessageHelloVerifyRequest); msgOk {
+			// DTLS 1.2 clients must not assume that the server will use the protocol version
+			// specified in HelloVerifyRequest message. RFC 6347 Section 4.2.1
+			if !h.version.Equal(protocolVersion1_0) && !h.version.Equal(protocolVersion1_2) {
+				return 0, &alert{alertLevelFatal, alertProtocolVersion}, errUnsupportedProtocolVersion
+			}
+			state.cookie = append([]byte{}, h.cookie...)
+			state.handshakeRecvSequence = seq
+			return flight3, nil, nil
+		}
+	}
+
+	if cfg.localPSKCallback != nil {
+		seq, msgs, ok = cache.fullPullMap(state.handshakeRecvSequence,
+			handshakeCachePullRule{handshakeTypeServerHello, cfg.initialEpoch, false, false},
+			handshakeCachePullRule{handshakeTypeServerKeyExchange, cfg.initialEpoch, false, true},
+			handshakeCachePullRule{handshakeTypeServerHelloDone, cfg.initialEpoch, false, false},
+		)
+	} else {
+		seq, msgs, ok = cache.fullPullMap(state.handshakeRecvSequence,
+			handshakeCachePullRule{handshakeTypeServerHello, cfg.initialEpoch, false, false},
+			handshakeCachePullRule{handshakeTypeCertificate, cfg.initialEpoch, false, false},
+			handshakeCachePullRule{handshakeTypeServerKeyExchange, cfg.initialEpoch, false, false},
+			handshakeCachePullRule{handshakeTypeCertificateRequest, cfg.initialEpoch, false, true},
+			handshakeCachePullRule{handshakeTypeServerHelloDone, cfg.initialEpoch, false, false},
+		)
+	}
+	if !ok {
+		// Don't have enough messages. Keep reading
+		return 0, nil, nil
+	}
+	state.handshakeRecvSequence = seq
+
+	if h, ok := msgs[handshakeTypeServerHello].(*handshakeMessageServerHello); ok {
+		if !h.version.Equal(protocolVersion1_2) {
+			return 0, &alert{alertLevelFatal, alertProtocolVersion}, errUnsupportedProtocolVersion
+		}
+		for _, extension := range h.extensions {
+			switch e := extension.(type) {
+			case *extensionUseSRTP:
+				profile, ok := findMatchingSRTPProfile(e.protectionProfiles, cfg.localSRTPProtectionProfiles)
+				if !ok {
+					return 0, &alert{alertLevelFatal, alertIllegalParameter}, errClientNoMatchingSRTPProfile
+				}
+				state.srtpProtectionProfile = profile
+			case *extensionUseExtendedMasterSecret:
+				if cfg.extendedMasterSecret != DisableExtendedMasterSecret {
+					state.extendedMasterSecret = true
+				}
+			}
+		}
+		if cfg.extendedMasterSecret == RequireExtendedMasterSecret && !state.extendedMasterSecret {
+			return 0, &alert{alertLevelFatal, alertInsufficientSecurity}, errClientRequiredButNoServerEMS
+		}
+		if len(cfg.localSRTPProtectionProfiles) > 0 && state.srtpProtectionProfile == 0 {
+			return 0, &alert{alertLevelFatal, alertInsufficientSecurity}, errRequestedButNoSRTPExtension
+		}
+		if _, ok := findMatchingCipherSuite([]cipherSuite{h.cipherSuite}, cfg.localCipherSuites); !ok {
+			return 0, &alert{alertLevelFatal, alertInsufficientSecurity}, errCipherSuiteNoIntersection
+		}
+
+		state.cipherSuite = h.cipherSuite
+		state.remoteRandom = h.random
+		cfg.log.Tracef("[handshake] use cipher suite: %s", h.cipherSuite.String())
+	}
+
+	if h, ok := msgs[handshakeTypeCertificate].(*handshakeMessageCertificate); ok {
+		state.PeerCertificates = h.certificate
+	}
+
+	if h, ok := msgs[handshakeTypeServerKeyExchange].(*handshakeMessageServerKeyExchange); ok {
+		alertPtr, err := handleServerKeyExchange(c, state, cfg, h)
+		if err != nil {
+			return 0, alertPtr, err
+		}
+	}
+
+	if _, ok := msgs[handshakeTypeCertificateRequest].(*handshakeMessageCertificateRequest); ok {
+		state.remoteRequestedCertificate = true
+	}
+
+	return flight5, nil, nil
+}
+
+func handleServerKeyExchange(_ flightConn, state *State, cfg *handshakeConfig, h *handshakeMessageServerKeyExchange) (*alert, error) {
+	var err error
+	if cfg.localPSKCallback != nil {
+		var psk []byte
+		if psk, err = cfg.localPSKCallback(h.identityHint); err != nil {
+			return &alert{alertLevelFatal, alertInternalError}, err
+		}
+
+		state.preMasterSecret = prfPSKPreMasterSecret(psk)
+	} else {
+		if state.localKeypair, err = generateKeypair(h.namedCurve); err != nil {
+			return &alert{alertLevelFatal, alertInternalError}, err
+		}
+
+		if state.preMasterSecret, err = prfPreMasterSecret(h.publicKey, state.localKeypair.privateKey, state.localKeypair.curve); err != nil {
+			return &alert{alertLevelFatal, alertInternalError}, err
+		}
+	}
+
+	return nil, nil
+}
+
+func flight3Generate(c flightConn, state *State, cache *handshakeCache, cfg *handshakeConfig) ([]*packet, *alert, error) {
+	extensions := []extension{
+		&extensionSupportedSignatureAlgorithms{
+			signatureHashAlgorithms: cfg.localSignatureSchemes,
+		},
+		&extensionRenegotiationInfo{
+			renegotiatedConnection: 0,
+		},
+	}
+	if cfg.localPSKCallback == nil {
+		extensions = append(extensions, []extension{
+			&extensionSupportedEllipticCurves{
+				ellipticCurves: []namedCurve{namedCurveX25519, namedCurveP256, namedCurveP384},
+			},
+			&extensionSupportedPointFormats{
+				pointFormats: []ellipticCurvePointFormat{ellipticCurvePointFormatUncompressed},
+			},
+		}...)
+	}
+
+	if len(cfg.localSRTPProtectionProfiles) > 0 {
+		extensions = append(extensions, &extensionUseSRTP{
+			protectionProfiles: cfg.localSRTPProtectionProfiles,
+		})
+	}
+
+	if cfg.extendedMasterSecret == RequestExtendedMasterSecret ||
+		cfg.extendedMasterSecret == RequireExtendedMasterSecret {
+		extensions = append(extensions, &extensionUseExtendedMasterSecret{
+			supported: true,
+		})
+	}
+
+	if len(cfg.serverName) > 0 {
+		extensions = append(extensions, &extensionServerName{serverName: cfg.serverName})
+	}
+
+	return []*packet{
+		{
+			record: &recordLayer{
+				recordLayerHeader: recordLayerHeader{
+					protocolVersion: protocolVersion1_2,
+				},
+				content: &handshake{
+					handshakeMessage: &handshakeMessageClientHello{
+						version:            protocolVersion1_2,
+						cookie:             state.cookie,
+						random:             state.localRandom,
+						cipherSuites:       cfg.localCipherSuites,
+						compressionMethods: defaultCompressionMethods(),
+						extensions:         extensions,
+					},
+				},
+			},
+		},
+	}, nil, nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/flight4handler.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/flight4handler.go
new file mode 100644
index 000000000..e23cce4f0
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/flight4handler.go
@@ -0,0 +1,303 @@
+package dtls
+
+import (
+	"context"
+	"crypto/x509"
+)
+
+func flight4Parse(ctx context.Context, c flightConn, state *State, cache *handshakeCache, cfg *handshakeConfig) (flightVal, *alert, error) { //nolint:gocognit
+	seq, msgs, ok := cache.fullPullMap(state.handshakeRecvSequence,
+		handshakeCachePullRule{handshakeTypeCertificate, cfg.initialEpoch, true, true},
+		handshakeCachePullRule{handshakeTypeClientKeyExchange, cfg.initialEpoch, true, false},
+		handshakeCachePullRule{handshakeTypeCertificateVerify, cfg.initialEpoch, true, true},
+	)
+	if !ok {
+		// No valid message received. Keep reading
+		return 0, nil, nil
+	}
+
+	// Validate type
+	var clientKeyExchange *handshakeMessageClientKeyExchange
+	if clientKeyExchange, ok = msgs[handshakeTypeClientKeyExchange].(*handshakeMessageClientKeyExchange); !ok {
+		return 0, &alert{alertLevelFatal, alertInternalError}, nil
+	}
+
+	if h, hasCert := msgs[handshakeTypeCertificate].(*handshakeMessageCertificate); hasCert {
+		state.PeerCertificates = h.certificate
+	}
+
+	if h, hasCertVerify := msgs[handshakeTypeCertificateVerify].(*handshakeMessageCertificateVerify); hasCertVerify {
+		if state.PeerCertificates == nil {
+			return 0, &alert{alertLevelFatal, alertNoCertificate}, errCertificateVerifyNoCertificate
+		}
+
+		plainText := cache.pullAndMerge(
+			handshakeCachePullRule{handshakeTypeClientHello, cfg.initialEpoch, true, false},
+			handshakeCachePullRule{handshakeTypeServerHello, cfg.initialEpoch, false, false},
+			handshakeCachePullRule{handshakeTypeCertificate, cfg.initialEpoch, false, false},
+			handshakeCachePullRule{handshakeTypeServerKeyExchange, cfg.initialEpoch, false, false},
+			handshakeCachePullRule{handshakeTypeCertificateRequest, cfg.initialEpoch, false, false},
+			handshakeCachePullRule{handshakeTypeServerHelloDone, cfg.initialEpoch, false, false},
+			handshakeCachePullRule{handshakeTypeCertificate, cfg.initialEpoch, true, false},
+			handshakeCachePullRule{handshakeTypeClientKeyExchange, cfg.initialEpoch, true, false},
+		)
+
+		// Verify that the pair of hash algorithm and signiture is listed.
+		var validSignatureScheme bool
+		for _, ss := range cfg.localSignatureSchemes {
+			if ss.hash == h.hashAlgorithm && ss.signature == h.signatureAlgorithm {
+				validSignatureScheme = true
+				break
+			}
+		}
+		if !validSignatureScheme {
+			return 0, &alert{alertLevelFatal, alertInsufficientSecurity}, errNoAvailableSignatureSchemes
+		}
+
+		if err := verifyCertificateVerify(plainText, h.hashAlgorithm, h.signature, state.PeerCertificates); err != nil {
+			return 0, &alert{alertLevelFatal, alertBadCertificate}, err
+		}
+		var chains [][]*x509.Certificate
+		var err error
+		var verified bool
+		if cfg.clientAuth >= VerifyClientCertIfGiven {
+			if chains, err = verifyClientCert(state.PeerCertificates, cfg.clientCAs); err != nil {
+				return 0, &alert{alertLevelFatal, alertBadCertificate}, err
+			}
+			verified = true
+		}
+		if cfg.verifyPeerCertificate != nil {
+			if err := cfg.verifyPeerCertificate(state.PeerCertificates, chains); err != nil {
+				return 0, &alert{alertLevelFatal, alertBadCertificate}, err
+			}
+		}
+		state.peerCertificatesVerified = verified
+	}
+
+	if !state.cipherSuite.isInitialized() {
+		serverRandom := state.localRandom.marshalFixed()
+		clientRandom := state.remoteRandom.marshalFixed()
+
+		var err error
+		var preMasterSecret []byte
+		if cfg.localPSKCallback != nil {
+			var psk []byte
+			if psk, err = cfg.localPSKCallback(clientKeyExchange.identityHint); err != nil {
+				return 0, &alert{alertLevelFatal, alertInternalError}, err
+			}
+
+			preMasterSecret = prfPSKPreMasterSecret(psk)
+		} else {
+			preMasterSecret, err = prfPreMasterSecret(clientKeyExchange.publicKey, state.localKeypair.privateKey, state.localKeypair.curve)
+			if err != nil {
+				return 0, &alert{alertLevelFatal, alertIllegalParameter}, err
+			}
+		}
+
+		if state.extendedMasterSecret {
+			var sessionHash []byte
+			sessionHash, err = cache.sessionHash(state.cipherSuite.hashFunc(), cfg.initialEpoch)
+			if err != nil {
+				return 0, &alert{alertLevelFatal, alertInternalError}, err
+			}
+
+			state.masterSecret, err = prfExtendedMasterSecret(preMasterSecret, sessionHash, state.cipherSuite.hashFunc())
+			if err != nil {
+				return 0, &alert{alertLevelFatal, alertInternalError}, err
+			}
+		} else {
+			state.masterSecret, err = prfMasterSecret(preMasterSecret, clientRandom[:], serverRandom[:], state.cipherSuite.hashFunc())
+			if err != nil {
+				return 0, &alert{alertLevelFatal, alertInternalError}, err
+			}
+		}
+
+		if err := state.cipherSuite.init(state.masterSecret, clientRandom[:], serverRandom[:], false); err != nil {
+			return 0, &alert{alertLevelFatal, alertInternalError}, err
+		}
+	}
+
+	// Now, encrypted packets can be handled
+	if err := c.handleQueuedPackets(ctx); err != nil {
+		return 0, &alert{alertLevelFatal, alertInternalError}, err
+	}
+
+	seq, msgs, ok = cache.fullPullMap(seq,
+		handshakeCachePullRule{handshakeTypeFinished, cfg.initialEpoch + 1, true, false},
+	)
+	if !ok {
+		// No valid message received. Keep reading
+		return 0, nil, nil
+	}
+	state.handshakeRecvSequence = seq
+
+	if _, ok = msgs[handshakeTypeFinished].(*handshakeMessageFinished); !ok {
+		return 0, &alert{alertLevelFatal, alertInternalError}, nil
+	}
+
+	switch cfg.clientAuth {
+	case RequireAnyClientCert:
+		if state.PeerCertificates == nil {
+			return 0, &alert{alertLevelFatal, alertNoCertificate}, errClientCertificateRequired
+		}
+	case VerifyClientCertIfGiven:
+		if state.PeerCertificates != nil && !state.peerCertificatesVerified {
+			return 0, &alert{alertLevelFatal, alertBadCertificate}, errClientCertificateNotVerified
+		}
+	case RequireAndVerifyClientCert:
+		if state.PeerCertificates == nil {
+			return 0, &alert{alertLevelFatal, alertNoCertificate}, errClientCertificateRequired
+		}
+		if !state.peerCertificatesVerified {
+			return 0, &alert{alertLevelFatal, alertBadCertificate}, errClientCertificateNotVerified
+		}
+	case NoClientCert, RequestClientCert:
+		return flight6, nil, nil
+	}
+
+	return flight6, nil, nil
+}
+
+func flight4Generate(c flightConn, state *State, cache *handshakeCache, cfg *handshakeConfig) ([]*packet, *alert, error) {
+	extensions := []extension{}
+	if (cfg.extendedMasterSecret == RequestExtendedMasterSecret ||
+		cfg.extendedMasterSecret == RequireExtendedMasterSecret) && state.extendedMasterSecret {
+		extensions = append(extensions, &extensionUseExtendedMasterSecret{
+			supported: true,
+		})
+	}
+	if state.srtpProtectionProfile != 0 {
+		extensions = append(extensions, &extensionUseSRTP{
+			protectionProfiles: []SRTPProtectionProfile{state.srtpProtectionProfile},
+		})
+	}
+	if cfg.localPSKCallback == nil {
+		extensions = append(extensions, []extension{
+			&extensionSupportedEllipticCurves{
+				ellipticCurves: []namedCurve{namedCurveX25519, namedCurveP256, namedCurveP384},
+			},
+			&extensionSupportedPointFormats{
+				pointFormats: []ellipticCurvePointFormat{ellipticCurvePointFormatUncompressed},
+			},
+		}...)
+	}
+
+	var pkts []*packet
+
+	pkts = append(pkts, &packet{
+		record: &recordLayer{
+			recordLayerHeader: recordLayerHeader{
+				protocolVersion: protocolVersion1_2,
+			},
+			content: &handshake{
+				handshakeMessage: &handshakeMessageServerHello{
+					version:           protocolVersion1_2,
+					random:            state.localRandom,
+					cipherSuite:       state.cipherSuite,
+					compressionMethod: defaultCompressionMethods()[0],
+					extensions:        extensions,
+				},
+			},
+		},
+	})
+
+	if cfg.localPSKCallback == nil {
+		certificate, err := cfg.getCertificate(cfg.serverName)
+		if err != nil {
+			return nil, &alert{alertLevelFatal, alertHandshakeFailure}, err
+		}
+
+		pkts = append(pkts, &packet{
+			record: &recordLayer{
+				recordLayerHeader: recordLayerHeader{
+					protocolVersion: protocolVersion1_2,
+				},
+				content: &handshake{
+					handshakeMessage: &handshakeMessageCertificate{
+						certificate: certificate.Certificate,
+					},
+				},
+			},
+		})
+
+		serverRandom := state.localRandom.marshalFixed()
+		clientRandom := state.remoteRandom.marshalFixed()
+
+		// Find compatible signature scheme
+		signatureHashAlgo, err := selectSignatureScheme(cfg.localSignatureSchemes, certificate.PrivateKey)
+		if err != nil {
+			return nil, &alert{alertLevelFatal, alertInsufficientSecurity}, err
+		}
+
+		signature, err := generateKeySignature(clientRandom[:], serverRandom[:], state.localKeypair.publicKey, state.namedCurve, certificate.PrivateKey, signatureHashAlgo.hash)
+		if err != nil {
+			return nil, &alert{alertLevelFatal, alertInternalError}, err
+		}
+		state.localKeySignature = signature
+
+		pkts = append(pkts, &packet{
+			record: &recordLayer{
+				recordLayerHeader: recordLayerHeader{
+					protocolVersion: protocolVersion1_2,
+				},
+				content: &handshake{
+					handshakeMessage: &handshakeMessageServerKeyExchange{
+						ellipticCurveType:  ellipticCurveTypeNamedCurve,
+						namedCurve:         state.namedCurve,
+						publicKey:          state.localKeypair.publicKey,
+						hashAlgorithm:      signatureHashAlgo.hash,
+						signatureAlgorithm: signatureHashAlgo.signature,
+						signature:          state.localKeySignature,
+					},
+				},
+			},
+		})
+
+		if cfg.clientAuth > NoClientCert {
+			pkts = append(pkts, &packet{
+				record: &recordLayer{
+					recordLayerHeader: recordLayerHeader{
+						protocolVersion: protocolVersion1_2,
+					},
+					content: &handshake{
+						handshakeMessage: &handshakeMessageCertificateRequest{
+							certificateTypes:        []clientCertificateType{clientCertificateTypeRSASign, clientCertificateTypeECDSASign},
+							signatureHashAlgorithms: cfg.localSignatureSchemes,
+						},
+					},
+				},
+			})
+		}
+	} else if cfg.localPSKIdentityHint != nil {
+		// To help the client in selecting which identity to use, the server
+		// can provide a "PSK identity hint" in the ServerKeyExchange message.
+		// If no hint is provided, the ServerKeyExchange message is omitted.
+		//
+		// https://tools.ietf.org/html/rfc4279#section-2
+		pkts = append(pkts, &packet{
+			record: &recordLayer{
+				recordLayerHeader: recordLayerHeader{
+					protocolVersion: protocolVersion1_2,
+				},
+				content: &handshake{
+					handshakeMessage: &handshakeMessageServerKeyExchange{
+						identityHint: cfg.localPSKIdentityHint,
+					},
+				},
+			},
+		})
+	}
+
+	pkts = append(pkts, &packet{
+		record: &recordLayer{
+			recordLayerHeader: recordLayerHeader{
+				protocolVersion: protocolVersion1_2,
+			},
+			content: &handshake{
+				handshakeMessage: &handshakeMessageServerHelloDone{},
+			},
+		},
+	})
+
+	return pkts, nil, nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/flight5handler.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/flight5handler.go
new file mode 100644
index 000000000..bb7c31b33
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/flight5handler.go
@@ -0,0 +1,313 @@
+package dtls
+
+import (
+	"bytes"
+	"context"
+	"crypto"
+	"crypto/x509"
+)
+
+func flight5Parse(ctx context.Context, c flightConn, state *State, cache *handshakeCache, cfg *handshakeConfig) (flightVal, *alert, error) {
+	_, msgs, ok := cache.fullPullMap(state.handshakeRecvSequence,
+		handshakeCachePullRule{handshakeTypeFinished, cfg.initialEpoch + 1, false, false},
+	)
+	if !ok {
+		// No valid message received. Keep reading
+		return 0, nil, nil
+	}
+
+	var finished *handshakeMessageFinished
+	if finished, ok = msgs[handshakeTypeFinished].(*handshakeMessageFinished); !ok {
+		return 0, &alert{alertLevelFatal, alertInternalError}, nil
+	}
+	plainText := cache.pullAndMerge(
+		handshakeCachePullRule{handshakeTypeClientHello, cfg.initialEpoch, true, false},
+		handshakeCachePullRule{handshakeTypeServerHello, cfg.initialEpoch, false, false},
+		handshakeCachePullRule{handshakeTypeCertificate, cfg.initialEpoch, false, false},
+		handshakeCachePullRule{handshakeTypeServerKeyExchange, cfg.initialEpoch, false, false},
+		handshakeCachePullRule{handshakeTypeCertificateRequest, cfg.initialEpoch, false, false},
+		handshakeCachePullRule{handshakeTypeServerHelloDone, cfg.initialEpoch, false, false},
+		handshakeCachePullRule{handshakeTypeCertificate, cfg.initialEpoch, true, false},
+		handshakeCachePullRule{handshakeTypeClientKeyExchange, cfg.initialEpoch, true, false},
+		handshakeCachePullRule{handshakeTypeCertificateVerify, cfg.initialEpoch, true, false},
+		handshakeCachePullRule{handshakeTypeFinished, cfg.initialEpoch + 1, true, false},
+	)
+
+	expectedVerifyData, err := prfVerifyDataServer(state.masterSecret, plainText, state.cipherSuite.hashFunc())
+	if err != nil {
+		return 0, &alert{alertLevelFatal, alertInternalError}, err
+	}
+	if !bytes.Equal(expectedVerifyData, finished.verifyData) {
+		return 0, &alert{alertLevelFatal, alertHandshakeFailure}, errVerifyDataMismatch
+	}
+
+	return flight5, nil, nil
+}
+
+func flight5Generate(c flightConn, state *State, cache *handshakeCache, cfg *handshakeConfig) ([]*packet, *alert, error) { //nolint:gocognit
+	var certBytes [][]byte
+	var privateKey crypto.PrivateKey
+	if len(cfg.localCertificates) > 0 {
+		certificate, err := cfg.getCertificate(cfg.serverName)
+		if err != nil {
+			return nil, &alert{alertLevelFatal, alertHandshakeFailure}, err
+		}
+		certBytes = certificate.Certificate
+		privateKey = certificate.PrivateKey
+	}
+
+	var pkts []*packet
+
+	if state.remoteRequestedCertificate {
+		pkts = append(pkts,
+			&packet{
+				record: &recordLayer{
+					recordLayerHeader: recordLayerHeader{
+						protocolVersion: protocolVersion1_2,
+					},
+					content: &handshake{
+						handshakeMessage: &handshakeMessageCertificate{
+							certificate: certBytes,
+						},
+					},
+				},
+			})
+	}
+
+	clientKeyExchange := &handshakeMessageClientKeyExchange{}
+	if cfg.localPSKCallback == nil {
+		clientKeyExchange.publicKey = state.localKeypair.publicKey
+	} else {
+		clientKeyExchange.identityHint = cfg.localPSKIdentityHint
+	}
+
+	pkts = append(pkts,
+		&packet{
+			record: &recordLayer{
+				recordLayerHeader: recordLayerHeader{
+					protocolVersion: protocolVersion1_2,
+				},
+				content: &handshake{
+					handshakeMessage: clientKeyExchange,
+				},
+			},
+		})
+
+	serverKeyExchangeData := cache.pullAndMerge(
+		handshakeCachePullRule{handshakeTypeServerKeyExchange, cfg.initialEpoch, false, false},
+	)
+
+	serverKeyExchange := &handshakeMessageServerKeyExchange{}
+
+	// handshakeMessageServerKeyExchange is optional for PSK
+	if len(serverKeyExchangeData) == 0 {
+		alertPtr, err := handleServerKeyExchange(c, state, cfg, &handshakeMessageServerKeyExchange{})
+		if err != nil {
+			return nil, alertPtr, err
+		}
+	} else {
+		rawHandshake := &handshake{}
+		err := rawHandshake.Unmarshal(serverKeyExchangeData)
+		if err != nil {
+			return nil, &alert{alertLevelFatal, alertUnexpectedMessage}, err
+		}
+
+		switch h := rawHandshake.handshakeMessage.(type) {
+		case *handshakeMessageServerKeyExchange:
+			serverKeyExchange = h
+		default:
+			return nil, &alert{alertLevelFatal, alertUnexpectedMessage}, errInvalidContentType
+		}
+	}
+
+	// Append not-yet-sent packets
+	merged := []byte{}
+	seqPred := uint16(state.handshakeSendSequence)
+	for _, p := range pkts {
+		h, ok := p.record.content.(*handshake)
+		if !ok {
+			return nil, &alert{alertLevelFatal, alertInternalError}, errInvalidContentType
+		}
+		h.handshakeHeader.messageSequence = seqPred
+		seqPred++
+		raw, err := h.Marshal()
+		if err != nil {
+			return nil, &alert{alertLevelFatal, alertInternalError}, err
+		}
+		merged = append(merged, raw...)
+	}
+
+	if alertPtr, err := initalizeCipherSuite(state, cache, cfg, serverKeyExchange, merged); err != nil {
+		return nil, alertPtr, err
+	}
+
+	// If the client has sent a certificate with signing ability, a digitally-signed
+	// CertificateVerify message is sent to explicitly verify possession of the
+	// private key in the certificate.
+	if state.remoteRequestedCertificate && len(cfg.localCertificates) > 0 {
+		plainText := append(cache.pullAndMerge(
+			handshakeCachePullRule{handshakeTypeClientHello, cfg.initialEpoch, true, false},
+			handshakeCachePullRule{handshakeTypeServerHello, cfg.initialEpoch, false, false},
+			handshakeCachePullRule{handshakeTypeCertificate, cfg.initialEpoch, false, false},
+			handshakeCachePullRule{handshakeTypeServerKeyExchange, cfg.initialEpoch, false, false},
+			handshakeCachePullRule{handshakeTypeCertificateRequest, cfg.initialEpoch, false, false},
+			handshakeCachePullRule{handshakeTypeServerHelloDone, cfg.initialEpoch, false, false},
+			handshakeCachePullRule{handshakeTypeCertificate, cfg.initialEpoch, true, false},
+			handshakeCachePullRule{handshakeTypeClientKeyExchange, cfg.initialEpoch, true, false},
+		), merged...)
+
+		// Find compatible signature scheme
+		signatureHashAlgo, err := selectSignatureScheme(cfg.localSignatureSchemes, privateKey)
+		if err != nil {
+			return nil, &alert{alertLevelFatal, alertInsufficientSecurity}, err
+		}
+
+		certVerify, err := generateCertificateVerify(plainText, privateKey, signatureHashAlgo.hash)
+		if err != nil {
+			return nil, &alert{alertLevelFatal, alertInternalError}, err
+		}
+		state.localCertificatesVerify = certVerify
+
+		p := &packet{
+			record: &recordLayer{
+				recordLayerHeader: recordLayerHeader{
+					protocolVersion: protocolVersion1_2,
+				},
+				content: &handshake{
+					handshakeMessage: &handshakeMessageCertificateVerify{
+						hashAlgorithm:      signatureHashAlgo.hash,
+						signatureAlgorithm: signatureHashAlgo.signature,
+						signature:          state.localCertificatesVerify,
+					},
+				},
+			},
+		}
+		pkts = append(pkts, p)
+
+		h, ok := p.record.content.(*handshake)
+		if !ok {
+			return nil, &alert{alertLevelFatal, alertInternalError}, errInvalidContentType
+		}
+		h.handshakeHeader.messageSequence = seqPred
+		// seqPred++ // this is the last use of seqPred
+		raw, err := h.Marshal()
+		if err != nil {
+			return nil, &alert{alertLevelFatal, alertInternalError}, err
+		}
+		merged = append(merged, raw...)
+	}
+
+	pkts = append(pkts,
+		&packet{
+			record: &recordLayer{
+				recordLayerHeader: recordLayerHeader{
+					protocolVersion: protocolVersion1_2,
+				},
+				content: &changeCipherSpec{},
+			},
+		})
+
+	if len(state.localVerifyData) == 0 {
+		plainText := cache.pullAndMerge(
+			handshakeCachePullRule{handshakeTypeClientHello, cfg.initialEpoch, true, false},
+			handshakeCachePullRule{handshakeTypeServerHello, cfg.initialEpoch, false, false},
+			handshakeCachePullRule{handshakeTypeCertificate, cfg.initialEpoch, false, false},
+			handshakeCachePullRule{handshakeTypeServerKeyExchange, cfg.initialEpoch, false, false},
+			handshakeCachePullRule{handshakeTypeCertificateRequest, cfg.initialEpoch, false, false},
+			handshakeCachePullRule{handshakeTypeServerHelloDone, cfg.initialEpoch, false, false},
+			handshakeCachePullRule{handshakeTypeCertificate, cfg.initialEpoch, true, false},
+			handshakeCachePullRule{handshakeTypeClientKeyExchange, cfg.initialEpoch, true, false},
+			handshakeCachePullRule{handshakeTypeCertificateVerify, cfg.initialEpoch, true, false},
+			handshakeCachePullRule{handshakeTypeFinished, cfg.initialEpoch + 1, true, false},
+		)
+
+		var err error
+		state.localVerifyData, err = prfVerifyDataClient(state.masterSecret, append(plainText, merged...), state.cipherSuite.hashFunc())
+		if err != nil {
+			return nil, &alert{alertLevelFatal, alertInternalError}, err
+		}
+	}
+
+	pkts = append(pkts,
+		&packet{
+			record: &recordLayer{
+				recordLayerHeader: recordLayerHeader{
+					protocolVersion: protocolVersion1_2,
+					epoch:           1,
+				},
+				content: &handshake{
+					handshakeMessage: &handshakeMessageFinished{
+						verifyData: state.localVerifyData,
+					},
+				},
+			},
+			shouldEncrypt:            true,
+			resetLocalSequenceNumber: true,
+		})
+
+	return pkts, nil, nil
+}
+
+func initalizeCipherSuite(state *State, cache *handshakeCache, cfg *handshakeConfig, h *handshakeMessageServerKeyExchange, sendingPlainText []byte) (*alert, error) { //nolint:gocognit
+	if state.cipherSuite.isInitialized() {
+		return nil, nil
+	}
+
+	clientRandom := state.localRandom.marshalFixed()
+	serverRandom := state.remoteRandom.marshalFixed()
+
+	var err error
+
+	if state.extendedMasterSecret {
+		var sessionHash []byte
+		sessionHash, err = cache.sessionHash(state.cipherSuite.hashFunc(), cfg.initialEpoch, sendingPlainText)
+		if err != nil {
+			return &alert{alertLevelFatal, alertInternalError}, err
+		}
+
+		state.masterSecret, err = prfExtendedMasterSecret(state.preMasterSecret, sessionHash, state.cipherSuite.hashFunc())
+		if err != nil {
+			return &alert{alertLevelFatal, alertIllegalParameter}, err
+		}
+	} else {
+		state.masterSecret, err = prfMasterSecret(state.preMasterSecret, clientRandom[:], serverRandom[:], state.cipherSuite.hashFunc())
+		if err != nil {
+			return &alert{alertLevelFatal, alertInternalError}, err
+		}
+	}
+
+	if cfg.localPSKCallback == nil {
+		// Verify that the pair of hash algorithm and signiture is listed.
+		var validSignatureScheme bool
+		for _, ss := range cfg.localSignatureSchemes {
+			if ss.hash == h.hashAlgorithm && ss.signature == h.signatureAlgorithm {
+				validSignatureScheme = true
+				break
+			}
+		}
+		if !validSignatureScheme {
+			return &alert{alertLevelFatal, alertInsufficientSecurity}, errNoAvailableSignatureSchemes
+		}
+
+		expectedMsg := valueKeyMessage(clientRandom[:], serverRandom[:], h.publicKey, h.namedCurve)
+		if err = verifyKeySignature(expectedMsg, h.signature, h.hashAlgorithm, state.PeerCertificates); err != nil {
+			return &alert{alertLevelFatal, alertBadCertificate}, err
+		}
+		var chains [][]*x509.Certificate
+		if !cfg.insecureSkipVerify {
+			if chains, err = verifyServerCert(state.PeerCertificates, cfg.rootCAs, cfg.serverName); err != nil {
+				return &alert{alertLevelFatal, alertBadCertificate}, err
+			}
+		}
+		if cfg.verifyPeerCertificate != nil {
+			if err = cfg.verifyPeerCertificate(state.PeerCertificates, chains); err != nil {
+				return &alert{alertLevelFatal, alertBadCertificate}, err
+			}
+		}
+	}
+
+	if err = state.cipherSuite.init(state.masterSecret, clientRandom[:], serverRandom[:], true); err != nil {
+		return &alert{alertLevelFatal, alertInternalError}, err
+	}
+	return nil, nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/flight6handler.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/flight6handler.go
new file mode 100644
index 000000000..3884d7804
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/flight6handler.go
@@ -0,0 +1,76 @@
+package dtls
+
+import (
+	"context"
+)
+
+func flight6Parse(ctx context.Context, c flightConn, state *State, cache *handshakeCache, cfg *handshakeConfig) (flightVal, *alert, error) {
+	_, msgs, ok := cache.fullPullMap(state.handshakeRecvSequence-1,
+		handshakeCachePullRule{handshakeTypeFinished, cfg.initialEpoch + 1, true, false},
+	)
+	if !ok {
+		// No valid message received. Keep reading
+		return 0, nil, nil
+	}
+
+	if _, ok = msgs[handshakeTypeFinished].(*handshakeMessageFinished); !ok {
+		return 0, &alert{alertLevelFatal, alertInternalError}, nil
+	}
+
+	// Other party retransmitted the last flight.
+	return flight6, nil, nil
+}
+
+func flight6Generate(c flightConn, state *State, cache *handshakeCache, cfg *handshakeConfig) ([]*packet, *alert, error) {
+	var pkts []*packet
+
+	pkts = append(pkts,
+		&packet{
+			record: &recordLayer{
+				recordLayerHeader: recordLayerHeader{
+					protocolVersion: protocolVersion1_2,
+				},
+				content: &changeCipherSpec{},
+			},
+		})
+
+	if len(state.localVerifyData) == 0 {
+		plainText := cache.pullAndMerge(
+			handshakeCachePullRule{handshakeTypeClientHello, cfg.initialEpoch, true, false},
+			handshakeCachePullRule{handshakeTypeServerHello, cfg.initialEpoch, false, false},
+			handshakeCachePullRule{handshakeTypeCertificate, cfg.initialEpoch, false, false},
+			handshakeCachePullRule{handshakeTypeServerKeyExchange, cfg.initialEpoch, false, false},
+			handshakeCachePullRule{handshakeTypeCertificateRequest, cfg.initialEpoch, false, false},
+			handshakeCachePullRule{handshakeTypeServerHelloDone, cfg.initialEpoch, false, false},
+			handshakeCachePullRule{handshakeTypeCertificate, cfg.initialEpoch, true, false},
+			handshakeCachePullRule{handshakeTypeClientKeyExchange, cfg.initialEpoch, true, false},
+			handshakeCachePullRule{handshakeTypeCertificateVerify, cfg.initialEpoch, true, false},
+			handshakeCachePullRule{handshakeTypeFinished, cfg.initialEpoch + 1, true, false},
+		)
+
+		var err error
+		state.localVerifyData, err = prfVerifyDataServer(state.masterSecret, plainText, state.cipherSuite.hashFunc())
+		if err != nil {
+			return nil, &alert{alertLevelFatal, alertInternalError}, err
+		}
+	}
+
+	pkts = append(pkts,
+		&packet{
+			record: &recordLayer{
+				recordLayerHeader: recordLayerHeader{
+					protocolVersion: protocolVersion1_2,
+					epoch:           1,
+				},
+				content: &handshake{
+					handshakeMessage: &handshakeMessageFinished{
+						verifyData: state.localVerifyData,
+					},
+				},
+			},
+			shouldEncrypt:            true,
+			resetLocalSequenceNumber: true,
+		},
+	)
+	return pkts, nil, nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/flighthandler.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/flighthandler.go
new file mode 100644
index 000000000..2b905ab38
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/flighthandler.go
@@ -0,0 +1,55 @@
+package dtls
+
+import (
+	"context"
+)
+
+// Parse received handshakes and return next flightVal
+type flightParser func(context.Context, flightConn, *State, *handshakeCache, *handshakeConfig) (flightVal, *alert, error)
+
+// Generate flights
+type flightGenerator func(flightConn, *State, *handshakeCache, *handshakeConfig) ([]*packet, *alert, error)
+
+func (f flightVal) getFlightParser() (flightParser, error) {
+	switch f {
+	case flight0:
+		return flight0Parse, nil
+	case flight1:
+		return flight1Parse, nil
+	case flight2:
+		return flight2Parse, nil
+	case flight3:
+		return flight3Parse, nil
+	case flight4:
+		return flight4Parse, nil
+	case flight5:
+		return flight5Parse, nil
+	case flight6:
+		return flight6Parse, nil
+	default:
+		return nil, errInvalidFlight
+	}
+}
+
+func (f flightVal) getFlightGenerator() (gen flightGenerator, retransmit bool, err error) {
+	switch f {
+	case flight0:
+		return flight0Generate, true, nil
+	case flight1:
+		return flight1Generate, true, nil
+	case flight2:
+		// https://tools.ietf.org/html/rfc6347#section-3.2.1
+		// HelloVerifyRequests must not be retransmitted.
+		return flight2Generate, false, nil
+	case flight3:
+		return flight3Generate, true, nil
+	case flight4:
+		return flight4Generate, true, nil
+	case flight5:
+		return flight5Generate, true, nil
+	case flight6:
+		return flight6Generate, true, nil
+	default:
+		return nil, false, errInvalidFlight
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/fragment_buffer.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/fragment_buffer.go
new file mode 100644
index 000000000..41e3fc76e
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/fragment_buffer.go
@@ -0,0 +1,105 @@
+package dtls
+
+type fragment struct {
+	recordLayerHeader recordLayerHeader
+	handshakeHeader   handshakeHeader
+	data              []byte
+}
+
+type fragmentBuffer struct {
+	// map of MessageSequenceNumbers that hold slices of fragments
+	cache map[uint16][]*fragment
+
+	currentMessageSequenceNumber uint16
+}
+
+func newFragmentBuffer() *fragmentBuffer {
+	return &fragmentBuffer{cache: map[uint16][]*fragment{}}
+}
+
+// Attempts to push a DTLS packet to the fragmentBuffer
+// when it returns true it means the fragmentBuffer has inserted and the buffer shouldn't be handled
+// when an error returns it is fatal, and the DTLS connection should be stopped
+func (f *fragmentBuffer) push(buf []byte) (bool, error) {
+	frag := new(fragment)
+	if err := frag.recordLayerHeader.Unmarshal(buf); err != nil {
+		return false, err
+	}
+
+	// fragment isn't a handshake, we don't need to handle it
+	if frag.recordLayerHeader.contentType != contentTypeHandshake {
+		return false, nil
+	}
+
+	for buf = buf[recordLayerHeaderSize:]; len(buf) != 0; frag = new(fragment) {
+		if err := frag.handshakeHeader.Unmarshal(buf); err != nil {
+			return false, err
+		}
+
+		if _, ok := f.cache[frag.handshakeHeader.messageSequence]; !ok {
+			f.cache[frag.handshakeHeader.messageSequence] = []*fragment{}
+		}
+
+		// end index should be the length of handshake header but if the handshake
+		// was fragmented, we should keep them all
+		end := int(handshakeHeaderLength + frag.handshakeHeader.length)
+		if size := len(buf); end > size {
+			end = size
+		}
+
+		// Discard all headers, when rebuilding the packet we will re-build
+		frag.data = append([]byte{}, buf[handshakeHeaderLength:end]...)
+		f.cache[frag.handshakeHeader.messageSequence] = append(f.cache[frag.handshakeHeader.messageSequence], frag)
+		buf = buf[end:]
+	}
+
+	return true, nil
+}
+
+func (f *fragmentBuffer) pop() (content []byte, epoch uint16) {
+	frags, ok := f.cache[f.currentMessageSequenceNumber]
+	if !ok {
+		return nil, 0
+	}
+
+	// Go doesn't support recursive lambdas
+	var appendMessage func(targetOffset uint32) bool
+
+	rawMessage := []byte{}
+	appendMessage = func(targetOffset uint32) bool {
+		for _, f := range frags {
+			if f.handshakeHeader.fragmentOffset == targetOffset {
+				fragmentEnd := (f.handshakeHeader.fragmentOffset + f.handshakeHeader.fragmentLength)
+				if fragmentEnd != f.handshakeHeader.length {
+					if !appendMessage(fragmentEnd) {
+						return false
+					}
+				}
+
+				rawMessage = append(f.data, rawMessage...)
+				return true
+			}
+		}
+		return false
+	}
+
+	// Recursively collect up
+	if !appendMessage(0) {
+		return nil, 0
+	}
+
+	firstHeader := frags[0].handshakeHeader
+	firstHeader.fragmentOffset = 0
+	firstHeader.fragmentLength = firstHeader.length
+
+	rawHeader, err := firstHeader.Marshal()
+	if err != nil {
+		return nil, 0
+	}
+
+	messageEpoch := frags[0].recordLayerHeader.epoch
+
+	delete(f.cache, f.currentMessageSequenceNumber)
+	f.currentMessageSequenceNumber++
+	return append(rawHeader, rawMessage...), messageEpoch
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/fuzz.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/fuzz.go
new file mode 100644
index 000000000..8dfa9d5b5
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/fuzz.go
@@ -0,0 +1,38 @@
+// +build gofuzz
+
+package dtls
+
+import "fmt"
+
+func partialHeaderMismatch(a, b recordLayerHeader) bool {
+	// Ignoring content length for now.
+	a.contentLen = b.contentLen
+	return a != b
+}
+
+func FuzzRecordLayer(data []byte) int {
+	var r recordLayer
+	if err := r.Unmarshal(data); err != nil {
+		return 0
+	}
+	buf, err := r.Marshal()
+	if err != nil {
+		return 1
+	}
+	if len(buf) == 0 {
+		panic("zero buff") // nolint
+	}
+	var nr recordLayer
+	if err = nr.Unmarshal(data); err != nil {
+		panic(err) // nolint
+	}
+	if partialHeaderMismatch(nr.recordLayerHeader, r.recordLayerHeader) {
+		panic( // nolint
+			fmt.Sprintf("header mismatch: %+v != %+v",
+				nr.recordLayerHeader, r.recordLayerHeader,
+			),
+		)
+	}
+
+	return 1
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/go.mod b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/go.mod
new file mode 100644
index 000000000..eaee6ca16
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/go.mod
@@ -0,0 +1,12 @@
+module github.com/pion/dtls/v2
+
+require (
+	github.com/pion/logging v0.2.2
+	github.com/pion/transport v0.10.1
+	github.com/pion/udp v0.1.0
+	golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897
+	golang.org/x/net v0.0.0-20201031054903-ff519b6c9102
+	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1
+)
+
+go 1.13
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/go.sum b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/go.sum
new file mode 100644
index 000000000..35b47381b
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/go.sum
@@ -0,0 +1,45 @@
+github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/pion/logging v0.2.2 h1:M9+AIj/+pxNsDfAT64+MAVgJO0rsyLnoJKCqf//DoeY=
+github.com/pion/logging v0.2.2/go.mod h1:k0/tDVsRCX2Mb2ZEmTqNa7CWsQPc+YYCB7Q+5pahoms=
+github.com/pion/transport v0.10.0 h1:9M12BSneJm6ggGhJyWpDveFOstJsTiQjkLf4M44rm80=
+github.com/pion/transport v0.10.0/go.mod h1:BnHnUipd0rZQyTVB2SBGojFHT9CBt5C5TcsJSQGkvSE=
+github.com/pion/transport v0.10.1 h1:2W+yJT+0mOQ160ThZYUx5Zp2skzshiNgxrNE9GUfhJM=
+github.com/pion/transport v0.10.1/go.mod h1:PBis1stIILMiis0PewDw91WJeLJkyIMcEk+DwKOzf4A=
+github.com/pion/udp v0.1.0 h1:uGxQsNyrqG3GLINv36Ff60covYmfrLoxzwnCsIYspXI=
+github.com/pion/udp v0.1.0/go.mod h1:BPELIjbwE9PRbd/zxI/KYBnbo7B6+oA6YuEaNE8lths=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H4=
+github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
+github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897 h1:pLI5jrR7OSLijeIDcmRxNmw2api+jEfxLoykJVice/E=
+golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3 h1:0GoQqolDA55aaLxZyTzK/Y2ePZzZTUrRacwib7cNsYQ=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200625001655-4c5254603344 h1:vGXIOMxbNfDTk/aXCmfdLgkrSV+Z2tcbze+pEc3v5W4=
+golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20201031054903-ff519b6c9102 h1:42cLlJJdEh+ySyeUUbEQ5bsTiq8voBeTuweGVkY6Puw=
+golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d h1:+R4KGOnez64A81RvjARKc4UT5/tI9ujCIVX+P5KiHuI=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/handshake.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/handshake.go
new file mode 100644
index 000000000..5a95da722
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/handshake.go
@@ -0,0 +1,136 @@
+package dtls
+
+// https://tools.ietf.org/html/rfc5246#section-7.4
+type handshakeType uint8
+
+const (
+	handshakeTypeHelloRequest       handshakeType = 0
+	handshakeTypeClientHello        handshakeType = 1
+	handshakeTypeServerHello        handshakeType = 2
+	handshakeTypeHelloVerifyRequest handshakeType = 3
+	handshakeTypeCertificate        handshakeType = 11
+	handshakeTypeServerKeyExchange  handshakeType = 12
+	handshakeTypeCertificateRequest handshakeType = 13
+	handshakeTypeServerHelloDone    handshakeType = 14
+	handshakeTypeCertificateVerify  handshakeType = 15
+	handshakeTypeClientKeyExchange  handshakeType = 16
+	handshakeTypeFinished           handshakeType = 20
+
+	// msg_len for Handshake messages assumes an extra 12 bytes for
+	// sequence, fragment and version information
+	handshakeMessageHeaderLength = 12
+)
+
+type handshakeMessage interface {
+	Marshal() ([]byte, error)
+	Unmarshal(data []byte) error
+
+	handshakeType() handshakeType
+}
+
+func (h handshakeType) String() string {
+	switch h {
+	case handshakeTypeHelloRequest:
+		return "HelloRequest"
+	case handshakeTypeClientHello:
+		return "ClientHello"
+	case handshakeTypeServerHello:
+		return "ServerHello"
+	case handshakeTypeHelloVerifyRequest:
+		return "HelloVerifyRequest"
+	case handshakeTypeCertificate:
+		return "TypeCertificate"
+	case handshakeTypeServerKeyExchange:
+		return "ServerKeyExchange"
+	case handshakeTypeCertificateRequest:
+		return "CertificateRequest"
+	case handshakeTypeServerHelloDone:
+		return "ServerHelloDone"
+	case handshakeTypeCertificateVerify:
+		return "CertificateVerify"
+	case handshakeTypeClientKeyExchange:
+		return "ClientKeyExchange"
+	case handshakeTypeFinished:
+		return "Finished"
+	}
+	return ""
+}
+
+// The handshake protocol is responsible for selecting a cipher spec and
+// generating a master secret, which together comprise the primary
+// cryptographic parameters associated with a secure session.  The
+// handshake protocol can also optionally authenticate parties who have
+// certificates signed by a trusted certificate authority.
+// https://tools.ietf.org/html/rfc5246#section-7.3
+type handshake struct {
+	handshakeHeader  handshakeHeader
+	handshakeMessage handshakeMessage
+}
+
+func (h handshake) contentType() contentType {
+	return contentTypeHandshake
+}
+
+func (h *handshake) Marshal() ([]byte, error) {
+	if h.handshakeMessage == nil {
+		return nil, errHandshakeMessageUnset
+	} else if h.handshakeHeader.fragmentOffset != 0 {
+		return nil, errUnableToMarshalFragmented
+	}
+
+	msg, err := h.handshakeMessage.Marshal()
+	if err != nil {
+		return nil, err
+	}
+
+	h.handshakeHeader.length = uint32(len(msg))
+	h.handshakeHeader.fragmentLength = h.handshakeHeader.length
+	h.handshakeHeader.handshakeType = h.handshakeMessage.handshakeType()
+	header, err := h.handshakeHeader.Marshal()
+	if err != nil {
+		return nil, err
+	}
+
+	return append(header, msg...), nil
+}
+
+func (h *handshake) Unmarshal(data []byte) error {
+	if err := h.handshakeHeader.Unmarshal(data); err != nil {
+		return err
+	}
+
+	reportedLen := bigEndianUint24(data[1:])
+	if uint32(len(data)-handshakeMessageHeaderLength) != reportedLen {
+		return errLengthMismatch
+	} else if reportedLen != h.handshakeHeader.fragmentLength {
+		return errLengthMismatch
+	}
+
+	switch handshakeType(data[0]) {
+	case handshakeTypeHelloRequest:
+		return errNotImplemented
+	case handshakeTypeClientHello:
+		h.handshakeMessage = &handshakeMessageClientHello{}
+	case handshakeTypeHelloVerifyRequest:
+		h.handshakeMessage = &handshakeMessageHelloVerifyRequest{}
+	case handshakeTypeServerHello:
+		h.handshakeMessage = &handshakeMessageServerHello{}
+	case handshakeTypeCertificate:
+		h.handshakeMessage = &handshakeMessageCertificate{}
+	case handshakeTypeServerKeyExchange:
+		h.handshakeMessage = &handshakeMessageServerKeyExchange{}
+	case handshakeTypeCertificateRequest:
+		h.handshakeMessage = &handshakeMessageCertificateRequest{}
+	case handshakeTypeServerHelloDone:
+		h.handshakeMessage = &handshakeMessageServerHelloDone{}
+	case handshakeTypeClientKeyExchange:
+		h.handshakeMessage = &handshakeMessageClientKeyExchange{}
+	case handshakeTypeFinished:
+		h.handshakeMessage = &handshakeMessageFinished{}
+	case handshakeTypeCertificateVerify:
+		h.handshakeMessage = &handshakeMessageCertificateVerify{}
+	default:
+		return errNotImplemented
+	}
+	return h.handshakeMessage.Unmarshal(data[handshakeMessageHeaderLength:])
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/handshake_cache.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/handshake_cache.go
new file mode 100644
index 000000000..3ca54953c
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/handshake_cache.go
@@ -0,0 +1,168 @@
+package dtls
+
+import (
+	"sync"
+)
+
+type handshakeCacheItem struct {
+	typ             handshakeType
+	isClient        bool
+	epoch           uint16
+	messageSequence uint16
+	data            []byte
+}
+
+type handshakeCachePullRule struct {
+	typ      handshakeType
+	epoch    uint16
+	isClient bool
+	optional bool
+}
+
+type handshakeCache struct {
+	cache []*handshakeCacheItem
+	mu    sync.Mutex
+}
+
+func newHandshakeCache() *handshakeCache {
+	return &handshakeCache{}
+}
+
+func (h *handshakeCache) push(data []byte, epoch, messageSequence uint16, typ handshakeType, isClient bool) bool { //nolint
+	h.mu.Lock()
+	defer h.mu.Unlock()
+
+	for _, i := range h.cache {
+		if i.messageSequence == messageSequence &&
+			i.isClient == isClient {
+			return false
+		}
+	}
+
+	h.cache = append(h.cache, &handshakeCacheItem{
+		data:            append([]byte{}, data...),
+		epoch:           epoch,
+		messageSequence: messageSequence,
+		typ:             typ,
+		isClient:        isClient,
+	})
+	return true
+}
+
+// returns a list handshakes that match the requested rules
+// the list will contain null entries for rules that can't be satisfied
+// multiple entries may match a rule, but only the last match is returned (ie ClientHello with cookies)
+func (h *handshakeCache) pull(rules ...handshakeCachePullRule) []*handshakeCacheItem {
+	h.mu.Lock()
+	defer h.mu.Unlock()
+
+	out := make([]*handshakeCacheItem, len(rules))
+	for i, r := range rules {
+		for _, c := range h.cache {
+			if c.typ == r.typ && c.isClient == r.isClient && c.epoch == r.epoch {
+				switch {
+				case out[i] == nil:
+					out[i] = c
+				case out[i].messageSequence < c.messageSequence:
+					out[i] = c
+				}
+			}
+		}
+	}
+
+	return out
+}
+
+// fullPullMap pulls all handshakes between rules[0] to rules[len(rules)-1] as map.
+func (h *handshakeCache) fullPullMap(startSeq int, rules ...handshakeCachePullRule) (int, map[handshakeType]handshakeMessage, bool) {
+	h.mu.Lock()
+	defer h.mu.Unlock()
+
+	ci := make(map[handshakeType]*handshakeCacheItem)
+	for _, r := range rules {
+		var item *handshakeCacheItem
+		for _, c := range h.cache {
+			if c.typ == r.typ && c.isClient == r.isClient && c.epoch == r.epoch {
+				switch {
+				case item == nil:
+					item = c
+				case item.messageSequence < c.messageSequence:
+					item = c
+				}
+			}
+		}
+		if !r.optional && item == nil {
+			// Missing mandatory message.
+			return startSeq, nil, false
+		}
+		ci[r.typ] = item
+	}
+	out := make(map[handshakeType]handshakeMessage)
+	seq := startSeq
+	for _, r := range rules {
+		t := r.typ
+		i := ci[t]
+		if i == nil {
+			continue
+		}
+		rawHandshake := &handshake{}
+		if err := rawHandshake.Unmarshal(i.data); err != nil {
+			return startSeq, nil, false
+		}
+		if uint16(seq) != rawHandshake.handshakeHeader.messageSequence {
+			// There is a gap. Some messages are not arrived.
+			return startSeq, nil, false
+		}
+		seq++
+		out[t] = rawHandshake.handshakeMessage
+	}
+	return seq, out, true
+}
+
+// pullAndMerge calls pull and then merges the results, ignoring any null entries
+func (h *handshakeCache) pullAndMerge(rules ...handshakeCachePullRule) []byte {
+	merged := []byte{}
+
+	for _, p := range h.pull(rules...) {
+		if p != nil {
+			merged = append(merged, p.data...)
+		}
+	}
+	return merged
+}
+
+// sessionHash returns the session hash for Extended Master Secret support
+// https://tools.ietf.org/html/draft-ietf-tls-session-hash-06#section-4
+func (h *handshakeCache) sessionHash(hf hashFunc, epoch uint16, additional ...[]byte) ([]byte, error) {
+	merged := []byte{}
+
+	// Order defined by https://tools.ietf.org/html/rfc5246#section-7.3
+	handshakeBuffer := h.pull(
+		handshakeCachePullRule{handshakeTypeClientHello, epoch, true, false},
+		handshakeCachePullRule{handshakeTypeServerHello, epoch, false, false},
+		handshakeCachePullRule{handshakeTypeCertificate, epoch, false, false},
+		handshakeCachePullRule{handshakeTypeServerKeyExchange, epoch, false, false},
+		handshakeCachePullRule{handshakeTypeCertificateRequest, epoch, false, false},
+		handshakeCachePullRule{handshakeTypeServerHelloDone, epoch, false, false},
+		handshakeCachePullRule{handshakeTypeCertificate, epoch, true, false},
+		handshakeCachePullRule{handshakeTypeClientKeyExchange, epoch, true, false},
+	)
+
+	for _, p := range handshakeBuffer {
+		if p == nil {
+			continue
+		}
+
+		merged = append(merged, p.data...)
+	}
+	for _, a := range additional {
+		merged = append(merged, a...)
+	}
+
+	hash := hf()
+	if _, err := hash.Write(merged); err != nil {
+		return []byte{}, err
+	}
+
+	return hash.Sum(nil), nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/handshake_header.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/handshake_header.go
new file mode 100644
index 000000000..819829471
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/handshake_header.go
@@ -0,0 +1,41 @@
+package dtls
+
+import (
+	"encoding/binary"
+)
+
+// msg_len for Handshake messages assumes an extra 12 bytes for
+// sequence, fragment and version information
+const handshakeHeaderLength = 12
+
+type handshakeHeader struct {
+	handshakeType   handshakeType
+	length          uint32 // uint24 in spec
+	messageSequence uint16
+	fragmentOffset  uint32 // uint24 in spec
+	fragmentLength  uint32 // uint24 in spec
+}
+
+func (h *handshakeHeader) Marshal() ([]byte, error) {
+	out := make([]byte, handshakeMessageHeaderLength)
+
+	out[0] = byte(h.handshakeType)
+	putBigEndianUint24(out[1:], h.length)
+	binary.BigEndian.PutUint16(out[4:], h.messageSequence)
+	putBigEndianUint24(out[6:], h.fragmentOffset)
+	putBigEndianUint24(out[9:], h.fragmentLength)
+	return out, nil
+}
+
+func (h *handshakeHeader) Unmarshal(data []byte) error {
+	if len(data) < handshakeHeaderLength {
+		return errBufferTooSmall
+	}
+
+	h.handshakeType = handshakeType(data[0])
+	h.length = bigEndianUint24(data[1:])
+	h.messageSequence = binary.BigEndian.Uint16(data[4:])
+	h.fragmentOffset = bigEndianUint24(data[6:])
+	h.fragmentLength = bigEndianUint24(data[9:])
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/handshake_message_certificate.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/handshake_message_certificate.go
new file mode 100644
index 000000000..c968cfe2d
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/handshake_message_certificate.go
@@ -0,0 +1,55 @@
+package dtls
+
+type handshakeMessageCertificate struct {
+	certificate [][]byte
+}
+
+func (h handshakeMessageCertificate) handshakeType() handshakeType {
+	return handshakeTypeCertificate
+}
+
+const (
+	handshakeMessageCertificateLengthFieldSize = 3
+)
+
+func (h *handshakeMessageCertificate) Marshal() ([]byte, error) {
+	out := make([]byte, handshakeMessageCertificateLengthFieldSize)
+
+	for _, r := range h.certificate {
+		// Certificate Length
+		out = append(out, make([]byte, handshakeMessageCertificateLengthFieldSize)...)
+		putBigEndianUint24(out[len(out)-handshakeMessageCertificateLengthFieldSize:], uint32(len(r)))
+
+		// Certificate body
+		out = append(out, append([]byte{}, r...)...)
+	}
+
+	// Total Payload Size
+	putBigEndianUint24(out[0:], uint32(len(out[handshakeMessageCertificateLengthFieldSize:])))
+	return out, nil
+}
+
+func (h *handshakeMessageCertificate) Unmarshal(data []byte) error {
+	if len(data) < handshakeMessageCertificateLengthFieldSize {
+		return errBufferTooSmall
+	}
+
+	if certificateBodyLen := int(bigEndianUint24(data)); certificateBodyLen+handshakeMessageCertificateLengthFieldSize != len(data) {
+		return errLengthMismatch
+	}
+
+	offset := handshakeMessageCertificateLengthFieldSize
+	for offset < len(data) {
+		certificateLen := int(bigEndianUint24(data[offset:]))
+		offset += handshakeMessageCertificateLengthFieldSize
+
+		if offset+certificateLen > len(data) {
+			return errLengthMismatch
+		}
+
+		h.certificate = append(h.certificate, append([]byte{}, data[offset:offset+certificateLen]...))
+		offset += certificateLen
+	}
+
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/handshake_message_certificate_request.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/handshake_message_certificate_request.go
new file mode 100644
index 000000000..d23a7f1ab
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/handshake_message_certificate_request.go
@@ -0,0 +1,91 @@
+package dtls
+
+import (
+	"encoding/binary"
+)
+
+/*
+A non-anonymous server can optionally request a certificate from
+the client, if appropriate for the selected cipher suite.  This
+message, if sent, will immediately follow the ServerKeyExchange
+message (if it is sent; otherwise, this message follows the
+server's Certificate message).
+*/
+
+type handshakeMessageCertificateRequest struct {
+	certificateTypes        []clientCertificateType
+	signatureHashAlgorithms []signatureHashAlgorithm
+}
+
+const (
+	handshakeMessageCertificateRequestMinLength = 5
+)
+
+func (h handshakeMessageCertificateRequest) handshakeType() handshakeType {
+	return handshakeTypeCertificateRequest
+}
+
+func (h *handshakeMessageCertificateRequest) Marshal() ([]byte, error) {
+	out := []byte{byte(len(h.certificateTypes))}
+	for _, v := range h.certificateTypes {
+		out = append(out, byte(v))
+	}
+
+	out = append(out, []byte{0x00, 0x00}...)
+	binary.BigEndian.PutUint16(out[len(out)-2:], uint16(len(h.signatureHashAlgorithms)*2))
+	for _, v := range h.signatureHashAlgorithms {
+		out = append(out, byte(v.hash))
+		out = append(out, byte(v.signature))
+	}
+
+	out = append(out, []byte{0x00, 0x00}...) // Distinguished Names Length
+	return out, nil
+}
+
+func (h *handshakeMessageCertificateRequest) Unmarshal(data []byte) error {
+	if len(data) < handshakeMessageCertificateRequestMinLength {
+		return errBufferTooSmall
+	}
+
+	offset := 0
+	certificateTypesLength := int(data[0])
+	offset++
+
+	if (offset + certificateTypesLength) > len(data) {
+		return errBufferTooSmall
+	}
+
+	for i := 0; i < certificateTypesLength; i++ {
+		certType := clientCertificateType(data[offset+i])
+		if _, ok := clientCertificateTypes()[certType]; ok {
+			h.certificateTypes = append(h.certificateTypes, certType)
+		}
+	}
+	offset += certificateTypesLength
+	if len(data) < offset+2 {
+		return errBufferTooSmall
+	}
+	signatureHashAlgorithmsLength := int(binary.BigEndian.Uint16(data[offset:]))
+	offset += 2
+
+	if (offset + signatureHashAlgorithmsLength) > len(data) {
+		return errBufferTooSmall
+	}
+
+	for i := 0; i < signatureHashAlgorithmsLength; i += 2 {
+		if len(data) < (offset + i + 2) {
+			return errBufferTooSmall
+		}
+		hash := hashAlgorithm(data[offset+i])
+		signature := signatureAlgorithm(data[offset+i+1])
+
+		if _, ok := hashAlgorithms()[hash]; !ok {
+			continue
+		} else if _, ok := signatureAlgorithms()[signature]; !ok {
+			continue
+		}
+		h.signatureHashAlgorithms = append(h.signatureHashAlgorithms, signatureHashAlgorithm{signature: signature, hash: hash})
+	}
+
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/handshake_message_certificate_verify.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/handshake_message_certificate_verify.go
new file mode 100644
index 000000000..128c9b852
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/handshake_message_certificate_verify.go
@@ -0,0 +1,51 @@
+package dtls
+
+import (
+	"encoding/binary"
+)
+
+type handshakeMessageCertificateVerify struct {
+	hashAlgorithm      hashAlgorithm
+	signatureAlgorithm signatureAlgorithm
+	signature          []byte
+}
+
+const handshakeMessageCertificateVerifyMinLength = 4
+
+func (h handshakeMessageCertificateVerify) handshakeType() handshakeType {
+	return handshakeTypeCertificateVerify
+}
+
+func (h *handshakeMessageCertificateVerify) Marshal() ([]byte, error) {
+	out := make([]byte, 1+1+2+len(h.signature))
+
+	out[0] = byte(h.hashAlgorithm)
+	out[1] = byte(h.signatureAlgorithm)
+	binary.BigEndian.PutUint16(out[2:], uint16(len(h.signature)))
+	copy(out[4:], h.signature)
+	return out, nil
+}
+
+func (h *handshakeMessageCertificateVerify) Unmarshal(data []byte) error {
+	if len(data) < handshakeMessageCertificateVerifyMinLength {
+		return errBufferTooSmall
+	}
+
+	h.hashAlgorithm = hashAlgorithm(data[0])
+	if _, ok := hashAlgorithms()[h.hashAlgorithm]; !ok {
+		return errInvalidHashAlgorithm
+	}
+
+	h.signatureAlgorithm = signatureAlgorithm(data[1])
+	if _, ok := signatureAlgorithms()[h.signatureAlgorithm]; !ok {
+		return errInvalidSignatureAlgorithm
+	}
+
+	signatureLength := int(binary.BigEndian.Uint16(data[2:]))
+	if (signatureLength + 4) != len(data) {
+		return errBufferTooSmall
+	}
+
+	h.signature = append([]byte{}, data[4:]...)
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/handshake_message_client_hello.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/handshake_message_client_hello.go
new file mode 100644
index 000000000..f61adb998
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/handshake_message_client_hello.go
@@ -0,0 +1,119 @@
+package dtls
+
+import (
+	"encoding/binary"
+)
+
+/*
+When a client first connects to a server it is required to send
+the client hello as its first message.  The client can also send a
+client hello in response to a hello request or on its own
+initiative in order to renegotiate the security parameters in an
+existing connection.
+*/
+type handshakeMessageClientHello struct {
+	version protocolVersion
+	random  handshakeRandom
+	cookie  []byte
+
+	cipherSuites       []cipherSuite
+	compressionMethods []*compressionMethod
+	extensions         []extension
+}
+
+const handshakeMessageClientHelloVariableWidthStart = 34
+
+func (h handshakeMessageClientHello) handshakeType() handshakeType {
+	return handshakeTypeClientHello
+}
+
+func (h *handshakeMessageClientHello) Marshal() ([]byte, error) {
+	if len(h.cookie) > 255 {
+		return nil, errCookieTooLong
+	}
+
+	out := make([]byte, handshakeMessageClientHelloVariableWidthStart)
+	out[0] = h.version.major
+	out[1] = h.version.minor
+
+	rand := h.random.marshalFixed()
+	copy(out[2:], rand[:])
+
+	out = append(out, 0x00) // SessionID
+
+	out = append(out, byte(len(h.cookie)))
+	out = append(out, h.cookie...)
+	out = append(out, encodeCipherSuites(h.cipherSuites)...)
+	out = append(out, encodeCompressionMethods(h.compressionMethods)...)
+
+	extensions, err := encodeExtensions(h.extensions)
+	if err != nil {
+		return nil, err
+	}
+
+	return append(out, extensions...), nil
+}
+
+func (h *handshakeMessageClientHello) Unmarshal(data []byte) error {
+	if len(data) < 2+handshakeRandomLength {
+		return errBufferTooSmall
+	}
+
+	h.version.major = data[0]
+	h.version.minor = data[1]
+
+	var random [handshakeRandomLength]byte
+	copy(random[:], data[2:])
+	h.random.unmarshalFixed(random)
+
+	// rest of packet has variable width sections
+	currOffset := handshakeMessageClientHelloVariableWidthStart
+	currOffset += int(data[currOffset]) + 1 // SessionID
+
+	currOffset++
+	if len(data) <= currOffset {
+		return errBufferTooSmall
+	}
+	n := int(data[currOffset-1])
+	if len(data) <= currOffset+n {
+		return errBufferTooSmall
+	}
+	h.cookie = append([]byte{}, data[currOffset:currOffset+n]...)
+	currOffset += len(h.cookie)
+
+	// Cipher Suites
+	if len(data) < currOffset {
+		return errBufferTooSmall
+	}
+	cipherSuites, err := decodeCipherSuites(data[currOffset:])
+	if err != nil {
+		return err
+	}
+	h.cipherSuites = cipherSuites
+	if len(data) < currOffset+2 {
+		return errBufferTooSmall
+	}
+	currOffset += int(binary.BigEndian.Uint16(data[currOffset:])) + 2
+
+	// Compression Methods
+	if len(data) < currOffset {
+		return errBufferTooSmall
+	}
+	compressionMethods, err := decodeCompressionMethods(data[currOffset:])
+	if err != nil {
+		return err
+	}
+	h.compressionMethods = compressionMethods
+	if len(data) < currOffset {
+		return errBufferTooSmall
+	}
+	currOffset += int(data[currOffset]) + 1
+
+	// Extensions
+	extensions, err := decodeExtensions(data[currOffset:])
+	if err != nil {
+		return err
+	}
+	h.extensions = extensions
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/handshake_message_client_key_exchange.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/handshake_message_client_key_exchange.go
new file mode 100644
index 000000000..b2ab20998
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/handshake_message_client_key_exchange.go
@@ -0,0 +1,46 @@
+package dtls
+
+import (
+	"encoding/binary"
+)
+
+type handshakeMessageClientKeyExchange struct {
+	identityHint []byte
+	publicKey    []byte
+}
+
+func (h handshakeMessageClientKeyExchange) handshakeType() handshakeType {
+	return handshakeTypeClientKeyExchange
+}
+
+func (h *handshakeMessageClientKeyExchange) Marshal() ([]byte, error) {
+	switch {
+	case (h.identityHint != nil && h.publicKey != nil) || (h.identityHint == nil && h.publicKey == nil):
+		return nil, errInvalidClientKeyExchange
+	case h.publicKey != nil:
+		return append([]byte{byte(len(h.publicKey))}, h.publicKey...), nil
+	default:
+		out := append([]byte{0x00, 0x00}, h.identityHint...)
+		binary.BigEndian.PutUint16(out, uint16(len(out)-2))
+		return out, nil
+	}
+}
+
+func (h *handshakeMessageClientKeyExchange) Unmarshal(data []byte) error {
+	if len(data) < 2 {
+		return errBufferTooSmall
+	}
+
+	// If parsed as PSK return early and only populate PSK Identity Hint
+	if pskLength := binary.BigEndian.Uint16(data); len(data) == int(pskLength+2) {
+		h.identityHint = append([]byte{}, data[2:]...)
+		return nil
+	}
+
+	if publicKeyLength := int(data[0]); len(data) != publicKeyLength+1 {
+		return errBufferTooSmall
+	}
+
+	h.publicKey = append([]byte{}, data[1:]...)
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/handshake_message_finished.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/handshake_message_finished.go
new file mode 100644
index 000000000..9149150c1
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/handshake_message_finished.go
@@ -0,0 +1,18 @@
+package dtls
+
+type handshakeMessageFinished struct {
+	verifyData []byte
+}
+
+func (h handshakeMessageFinished) handshakeType() handshakeType {
+	return handshakeTypeFinished
+}
+
+func (h *handshakeMessageFinished) Marshal() ([]byte, error) {
+	return append([]byte{}, h.verifyData...), nil
+}
+
+func (h *handshakeMessageFinished) Unmarshal(data []byte) error {
+	h.verifyData = append([]byte{}, data...)
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/handshake_message_hello_verify_request.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/handshake_message_hello_verify_request.go
new file mode 100644
index 000000000..453947f5e
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/handshake_message_hello_verify_request.go
@@ -0,0 +1,57 @@
+package dtls
+
+/*
+   The definition of HelloVerifyRequest is as follows:
+
+   struct {
+     ProtocolVersion server_version;
+     opaque cookie<0..2^8-1>;
+   } HelloVerifyRequest;
+
+   The HelloVerifyRequest message type is hello_verify_request(3).
+
+   When the client sends its ClientHello message to the server, the server
+   MAY respond with a HelloVerifyRequest message.  This message contains
+   a stateless cookie generated using the technique of [PHOTURIS].  The
+   client MUST retransmit the ClientHello with the cookie added.
+
+   https://tools.ietf.org/html/rfc6347#section-4.2.1
+*/
+type handshakeMessageHelloVerifyRequest struct {
+	version protocolVersion
+	cookie  []byte
+}
+
+func (h handshakeMessageHelloVerifyRequest) handshakeType() handshakeType {
+	return handshakeTypeHelloVerifyRequest
+}
+
+func (h *handshakeMessageHelloVerifyRequest) Marshal() ([]byte, error) {
+	if len(h.cookie) > 255 {
+		return nil, errCookieTooLong
+	}
+
+	out := make([]byte, 3+len(h.cookie))
+	out[0] = h.version.major
+	out[1] = h.version.minor
+	out[2] = byte(len(h.cookie))
+	copy(out[3:], h.cookie)
+
+	return out, nil
+}
+
+func (h *handshakeMessageHelloVerifyRequest) Unmarshal(data []byte) error {
+	if len(data) < 3 {
+		return errBufferTooSmall
+	}
+	h.version.major = data[0]
+	h.version.minor = data[1]
+	cookieLength := data[2]
+	if len(data) < (int(cookieLength) + 3) {
+		return errBufferTooSmall
+	}
+	h.cookie = make([]byte, cookieLength)
+
+	copy(h.cookie, data[3:3+cookieLength])
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/handshake_message_server_hello.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/handshake_message_server_hello.go
new file mode 100644
index 000000000..3251c509c
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/handshake_message_server_hello.go
@@ -0,0 +1,102 @@
+package dtls
+
+import (
+	"encoding/binary"
+)
+
+/*
+The server will send this message in response to a ClientHello
+message when it was able to find an acceptable set of algorithms.
+If it cannot find such a match, it will respond with a handshake
+failure alert.
+https://tools.ietf.org/html/rfc5246#section-7.4.1.3
+*/
+type handshakeMessageServerHello struct {
+	version protocolVersion
+	random  handshakeRandom
+
+	cipherSuite       cipherSuite
+	compressionMethod *compressionMethod
+	extensions        []extension
+}
+
+const handshakeMessageServerHelloVariableWidthStart = 2 + handshakeRandomLength
+
+func (h handshakeMessageServerHello) handshakeType() handshakeType {
+	return handshakeTypeServerHello
+}
+
+func (h *handshakeMessageServerHello) Marshal() ([]byte, error) {
+	if h.cipherSuite == nil {
+		return nil, errCipherSuiteUnset
+	} else if h.compressionMethod == nil {
+		return nil, errCompressionMethodUnset
+	}
+
+	out := make([]byte, handshakeMessageServerHelloVariableWidthStart)
+	out[0] = h.version.major
+	out[1] = h.version.minor
+
+	rand := h.random.marshalFixed()
+	copy(out[2:], rand[:])
+
+	out = append(out, 0x00) // SessionID
+
+	out = append(out, []byte{0x00, 0x00}...)
+	binary.BigEndian.PutUint16(out[len(out)-2:], uint16(h.cipherSuite.ID()))
+
+	out = append(out, byte(h.compressionMethod.id))
+
+	extensions, err := encodeExtensions(h.extensions)
+	if err != nil {
+		return nil, err
+	}
+
+	return append(out, extensions...), nil
+}
+
+func (h *handshakeMessageServerHello) Unmarshal(data []byte) error {
+	if len(data) < 2+handshakeRandomLength {
+		return errBufferTooSmall
+	}
+
+	h.version.major = data[0]
+	h.version.minor = data[1]
+
+	var random [handshakeRandomLength]byte
+	copy(random[:], data[2:])
+	h.random.unmarshalFixed(random)
+
+	currOffset := handshakeMessageServerHelloVariableWidthStart
+	currOffset += int(data[currOffset]) + 1 // SessionID
+	if len(data) < (currOffset + 2) {
+		return errBufferTooSmall
+	}
+	if c := cipherSuiteForID(CipherSuiteID(binary.BigEndian.Uint16(data[currOffset:]))); c != nil {
+		h.cipherSuite = c
+		currOffset += 2
+	} else {
+		return errInvalidCipherSuite
+	}
+	if len(data) < currOffset {
+		return errBufferTooSmall
+	}
+	if compressionMethod, ok := compressionMethods()[compressionMethodID(data[currOffset])]; ok {
+		h.compressionMethod = compressionMethod
+		currOffset++
+	} else {
+		return errInvalidCompressionMethod
+	}
+
+	if len(data) <= currOffset {
+		h.extensions = []extension{}
+		return nil
+	}
+
+	extensions, err := decodeExtensions(data[currOffset:])
+	if err != nil {
+		return err
+	}
+	h.extensions = extensions
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/handshake_message_server_hello_done.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/handshake_message_server_hello_done.go
new file mode 100644
index 000000000..0d591d6df
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/handshake_message_server_hello_done.go
@@ -0,0 +1,16 @@
+package dtls
+
+type handshakeMessageServerHelloDone struct {
+}
+
+func (h handshakeMessageServerHelloDone) handshakeType() handshakeType {
+	return handshakeTypeServerHelloDone
+}
+
+func (h *handshakeMessageServerHelloDone) Marshal() ([]byte, error) {
+	return []byte{}, nil
+}
+
+func (h *handshakeMessageServerHelloDone) Unmarshal(data []byte) error {
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/handshake_message_server_key_exchange.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/handshake_message_server_key_exchange.go
new file mode 100644
index 000000000..f9a117015
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/handshake_message_server_key_exchange.go
@@ -0,0 +1,104 @@
+package dtls
+
+import (
+	"encoding/binary"
+)
+
+// Structure supports ECDH and PSK
+type handshakeMessageServerKeyExchange struct {
+	identityHint []byte
+
+	ellipticCurveType  ellipticCurveType
+	namedCurve         namedCurve
+	publicKey          []byte
+	hashAlgorithm      hashAlgorithm
+	signatureAlgorithm signatureAlgorithm
+	signature          []byte
+}
+
+func (h handshakeMessageServerKeyExchange) handshakeType() handshakeType {
+	return handshakeTypeServerKeyExchange
+}
+
+func (h *handshakeMessageServerKeyExchange) Marshal() ([]byte, error) {
+	if h.identityHint != nil {
+		out := append([]byte{0x00, 0x00}, h.identityHint...)
+		binary.BigEndian.PutUint16(out, uint16(len(out)-2))
+		return out, nil
+	}
+
+	out := []byte{byte(h.ellipticCurveType), 0x00, 0x00}
+	binary.BigEndian.PutUint16(out[1:], uint16(h.namedCurve))
+
+	out = append(out, byte(len(h.publicKey)))
+	out = append(out, h.publicKey...)
+
+	out = append(out, []byte{byte(h.hashAlgorithm), byte(h.signatureAlgorithm), 0x00, 0x00}...)
+
+	binary.BigEndian.PutUint16(out[len(out)-2:], uint16(len(h.signature)))
+	out = append(out, h.signature...)
+
+	return out, nil
+}
+
+func (h *handshakeMessageServerKeyExchange) Unmarshal(data []byte) error {
+	if len(data) < 2 {
+		return errBufferTooSmall
+	}
+
+	// If parsed as PSK return early and only populate PSK Identity Hint
+	if pskLength := binary.BigEndian.Uint16(data); len(data) == int(pskLength+2) {
+		h.identityHint = append([]byte{}, data[2:]...)
+		return nil
+	}
+
+	if _, ok := ellipticCurveTypes()[ellipticCurveType(data[0])]; ok {
+		h.ellipticCurveType = ellipticCurveType(data[0])
+	} else {
+		return errInvalidEllipticCurveType
+	}
+
+	if len(data[1:]) < 2 {
+		return errBufferTooSmall
+	}
+	h.namedCurve = namedCurve(binary.BigEndian.Uint16(data[1:3]))
+	if _, ok := namedCurves()[h.namedCurve]; !ok {
+		return errInvalidNamedCurve
+	}
+	if len(data) < 4 {
+		return errBufferTooSmall
+	}
+
+	publicKeyLength := int(data[3])
+	offset := 4 + publicKeyLength
+	if len(data) < offset {
+		return errBufferTooSmall
+	}
+	h.publicKey = append([]byte{}, data[4:offset]...)
+	if len(data) <= offset {
+		return errBufferTooSmall
+	}
+	h.hashAlgorithm = hashAlgorithm(data[offset])
+	if _, ok := hashAlgorithms()[h.hashAlgorithm]; !ok {
+		return errInvalidHashAlgorithm
+	}
+	offset++
+	if len(data) <= offset {
+		return errBufferTooSmall
+	}
+	h.signatureAlgorithm = signatureAlgorithm(data[offset])
+	if _, ok := signatureAlgorithms()[h.signatureAlgorithm]; !ok {
+		return errInvalidSignatureAlgorithm
+	}
+	offset++
+	if len(data) < offset+2 {
+		return errBufferTooSmall
+	}
+	signatureLength := int(binary.BigEndian.Uint16(data[offset:]))
+	offset += 2
+	if len(data) < offset+signatureLength {
+		return errBufferTooSmall
+	}
+	h.signature = append([]byte{}, data[offset:offset+signatureLength]...)
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/handshake_random.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/handshake_random.go
new file mode 100644
index 000000000..f0ad28f66
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/handshake_random.go
@@ -0,0 +1,44 @@
+package dtls
+
+import (
+	"crypto/rand"
+	"encoding/binary"
+	"time"
+)
+
+const (
+	randomBytesLength     = 28
+	handshakeRandomLength = randomBytesLength + 4
+)
+
+// https://tools.ietf.org/html/rfc4346#section-7.4.1.2
+type handshakeRandom struct {
+	gmtUnixTime time.Time
+	randomBytes [randomBytesLength]byte
+}
+
+func (h *handshakeRandom) marshalFixed() [handshakeRandomLength]byte {
+	var out [handshakeRandomLength]byte
+
+	binary.BigEndian.PutUint32(out[0:], uint32(h.gmtUnixTime.Unix()))
+	copy(out[4:], h.randomBytes[:])
+
+	return out
+}
+
+func (h *handshakeRandom) unmarshalFixed(data [handshakeRandomLength]byte) {
+	h.gmtUnixTime = time.Unix(int64(binary.BigEndian.Uint32(data[0:])), 0)
+	copy(h.randomBytes[:], data[4:])
+}
+
+// populate fills the handshakeRandom with random values
+// may be called multiple times
+func (h *handshakeRandom) populate() error {
+	h.gmtUnixTime = time.Now()
+
+	tmp := make([]byte, randomBytesLength)
+	_, err := rand.Read(tmp)
+	copy(h.randomBytes[:], tmp)
+
+	return err
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/handshaker.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/handshaker.go
new file mode 100644
index 000000000..6c6c5413c
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/handshaker.go
@@ -0,0 +1,318 @@
+package dtls
+
+import (
+	"context"
+	"crypto/tls"
+	"crypto/x509"
+	"errors"
+	"sync"
+	"time"
+
+	"github.com/pion/logging"
+)
+
+// [RFC6347 Section-4.2.4]
+//                      +-----------+
+//                +---> | PREPARING | <--------------------+
+//                |     +-----------+                      |
+//                |           |                            |
+//                |           | Buffer next flight         |
+//                |           |                            |
+//                |          \|/                           |
+//                |     +-----------+                      |
+//                |     |  SENDING  |<------------------+  | Send
+//                |     +-----------+                   |  | HelloRequest
+//        Receive |           |                         |  |
+//           next |           | Send flight             |  | or
+//         flight |  +--------+                         |  |
+//                |  |        | Set retransmit timer    |  | Receive
+//                |  |       \|/                        |  | HelloRequest
+//                |  |  +-----------+                   |  | Send
+//                +--)--|  WAITING  |-------------------+  | ClientHello
+//                |  |  +-----------+   Timer expires   |  |
+//                |  |         |                        |  |
+//                |  |         +------------------------+  |
+//        Receive |  | Send           Read retransmit      |
+//           last |  | last                                |
+//         flight |  | flight                              |
+//                |  |                                     |
+//               \|/\|/                                    |
+//            +-----------+                                |
+//            | FINISHED  | -------------------------------+
+//            +-----------+
+//                 |  /|\
+//                 |   |
+//                 +---+
+//              Read retransmit
+//           Retransmit last flight
+
+var errInvalidFSMTransition = errors.New("invalid state machine transition")
+
+type handshakeState uint8
+
+const (
+	handshakeErrored handshakeState = iota
+	handshakePreparing
+	handshakeSending
+	handshakeWaiting
+	handshakeFinished
+)
+
+func (s handshakeState) String() string {
+	switch s {
+	case handshakeErrored:
+		return "Errored"
+	case handshakePreparing:
+		return "Preparing"
+	case handshakeSending:
+		return "Sending"
+	case handshakeWaiting:
+		return "Waiting"
+	case handshakeFinished:
+		return "Finished"
+	default:
+		return "Unknown"
+	}
+}
+
+type handshakeFSM struct {
+	currentFlight flightVal
+	flights       []*packet
+	retransmit    bool
+	state         *State
+	cache         *handshakeCache
+	cfg           *handshakeConfig
+	closed        chan struct{}
+}
+
+type handshakeConfig struct {
+	localPSKCallback            PSKCallback
+	localPSKIdentityHint        []byte
+	localCipherSuites           []cipherSuite            // Available CipherSuites
+	localSignatureSchemes       []signatureHashAlgorithm // Available signature schemes
+	extendedMasterSecret        ExtendedMasterSecretType // Policy for the Extended Master Support extension
+	localSRTPProtectionProfiles []SRTPProtectionProfile  // Available SRTPProtectionProfiles, if empty no SRTP support
+	serverName                  string
+	clientAuth                  ClientAuthType // If we are a client should we request a client certificate
+	localCertificates           []tls.Certificate
+	nameToCertificate           map[string]*tls.Certificate
+	insecureSkipVerify          bool
+	verifyPeerCertificate       func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error
+	rootCAs                     *x509.CertPool
+	clientCAs                   *x509.CertPool
+	retransmitInterval          time.Duration
+
+	onFlightState func(flightVal, handshakeState)
+	log           logging.LeveledLogger
+
+	initialEpoch uint16
+
+	mu sync.Mutex
+}
+
+type flightConn interface {
+	notify(ctx context.Context, level alertLevel, desc alertDescription) error
+	writePackets(context.Context, []*packet) error
+	recvHandshake() <-chan chan struct{}
+	setLocalEpoch(epoch uint16)
+	handleQueuedPackets(context.Context) error
+}
+
+func srvCliStr(isClient bool) string {
+	if isClient {
+		return "client"
+	}
+	return "server"
+}
+
+func newHandshakeFSM(
+	s *State, cache *handshakeCache, cfg *handshakeConfig,
+	initialFlight flightVal,
+) *handshakeFSM {
+	return &handshakeFSM{
+		currentFlight: initialFlight,
+		state:         s,
+		cache:         cache,
+		cfg:           cfg,
+		closed:        make(chan struct{}),
+	}
+}
+
+func (s *handshakeFSM) Run(ctx context.Context, c flightConn, initialState handshakeState) error {
+	state := initialState
+	defer func() {
+		close(s.closed)
+	}()
+	for {
+		s.cfg.log.Tracef("[handshake:%s] %s: %s", srvCliStr(s.state.isClient), s.currentFlight.String(), state.String())
+		if s.cfg.onFlightState != nil {
+			s.cfg.onFlightState(s.currentFlight, state)
+		}
+		var err error
+		switch state {
+		case handshakePreparing:
+			state, err = s.prepare(ctx, c)
+		case handshakeSending:
+			state, err = s.send(ctx, c)
+		case handshakeWaiting:
+			state, err = s.wait(ctx, c)
+		case handshakeFinished:
+			state, err = s.finish(ctx, c)
+		default:
+			return errInvalidFSMTransition
+		}
+		if err != nil {
+			return err
+		}
+	}
+}
+
+func (s *handshakeFSM) Done() <-chan struct{} {
+	return s.closed
+}
+
+func (s *handshakeFSM) prepare(ctx context.Context, c flightConn) (handshakeState, error) {
+	s.flights = nil
+	// Prepare flights
+	var (
+		a    *alert
+		err  error
+		pkts []*packet
+	)
+	gen, retransmit, errFlight := s.currentFlight.getFlightGenerator()
+	if errFlight != nil {
+		err = errFlight
+		a = &alert{alertLevelFatal, alertInternalError}
+	} else {
+		pkts, a, err = gen(c, s.state, s.cache, s.cfg)
+		s.retransmit = retransmit
+	}
+	if a != nil {
+		if alertErr := c.notify(ctx, a.alertLevel, a.alertDescription); alertErr != nil {
+			if err != nil {
+				err = alertErr
+			}
+		}
+	}
+	if err != nil {
+		return handshakeErrored, err
+	}
+
+	s.flights = pkts
+	epoch := s.cfg.initialEpoch
+	nextEpoch := epoch
+	for _, p := range s.flights {
+		p.record.recordLayerHeader.epoch += epoch
+		if p.record.recordLayerHeader.epoch > nextEpoch {
+			nextEpoch = p.record.recordLayerHeader.epoch
+		}
+		if h, ok := p.record.content.(*handshake); ok {
+			h.handshakeHeader.messageSequence = uint16(s.state.handshakeSendSequence)
+			s.state.handshakeSendSequence++
+		}
+	}
+	if epoch != nextEpoch {
+		s.cfg.log.Tracef("[handshake:%s] -> changeCipherSpec (epoch: %d)", srvCliStr(s.state.isClient), nextEpoch)
+		c.setLocalEpoch(nextEpoch)
+	}
+	return handshakeSending, nil
+}
+
+func (s *handshakeFSM) send(ctx context.Context, c flightConn) (handshakeState, error) {
+	// Send flights
+	if err := c.writePackets(ctx, s.flights); err != nil {
+		return handshakeErrored, err
+	}
+
+	if s.currentFlight.isLastSendFlight() {
+		return handshakeFinished, nil
+	}
+	return handshakeWaiting, nil
+}
+
+func (s *handshakeFSM) wait(ctx context.Context, c flightConn) (handshakeState, error) { //nolint:gocognit
+	parse, errFlight := s.currentFlight.getFlightParser()
+	if errFlight != nil {
+		if alertErr := c.notify(ctx, alertLevelFatal, alertInternalError); alertErr != nil {
+			if errFlight != nil {
+				return handshakeErrored, alertErr
+			}
+		}
+		return handshakeErrored, errFlight
+	}
+
+	retransmitTimer := time.NewTimer(s.cfg.retransmitInterval)
+	for {
+		select {
+		case done := <-c.recvHandshake():
+			nextFlight, alert, err := parse(ctx, c, s.state, s.cache, s.cfg)
+			close(done)
+			if alert != nil {
+				if alertErr := c.notify(ctx, alert.alertLevel, alert.alertDescription); alertErr != nil {
+					if err != nil {
+						err = alertErr
+					}
+				}
+			}
+			if err != nil {
+				return handshakeErrored, err
+			}
+			if nextFlight == 0 {
+				break
+			}
+			s.cfg.log.Tracef("[handshake:%s] %s -> %s", srvCliStr(s.state.isClient), s.currentFlight.String(), nextFlight.String())
+			if nextFlight.isLastRecvFlight() && s.currentFlight == nextFlight {
+				return handshakeFinished, nil
+			}
+			s.currentFlight = nextFlight
+			return handshakePreparing, nil
+
+		case <-retransmitTimer.C:
+			if !s.retransmit {
+				return handshakeWaiting, nil
+			}
+			return handshakeSending, nil
+		case <-ctx.Done():
+			return handshakeErrored, ctx.Err()
+		}
+	}
+}
+
+func (s *handshakeFSM) finish(ctx context.Context, c flightConn) (handshakeState, error) {
+	parse, errFlight := s.currentFlight.getFlightParser()
+	if errFlight != nil {
+		if alertErr := c.notify(ctx, alertLevelFatal, alertInternalError); alertErr != nil {
+			if errFlight != nil {
+				return handshakeErrored, alertErr
+			}
+		}
+		return handshakeErrored, errFlight
+	}
+
+	retransmitTimer := time.NewTimer(s.cfg.retransmitInterval)
+	select {
+	case done := <-c.recvHandshake():
+		nextFlight, alert, err := parse(ctx, c, s.state, s.cache, s.cfg)
+		close(done)
+		if alert != nil {
+			if alertErr := c.notify(ctx, alert.alertLevel, alert.alertDescription); alertErr != nil {
+				if err != nil {
+					err = alertErr
+				}
+			}
+		}
+		if err != nil {
+			return handshakeErrored, err
+		}
+		if nextFlight == 0 {
+			break
+		}
+		<-retransmitTimer.C
+		// Retransmit last flight
+		return handshakeSending, nil
+
+	case <-ctx.Done():
+		return handshakeErrored, ctx.Err()
+	}
+	return handshakeFinished, nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/hash_algorithm.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/hash_algorithm.go
new file mode 100644
index 000000000..b659b3695
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/hash_algorithm.go
@@ -0,0 +1,116 @@
+package dtls
+
+import ( //nolint:gci
+	"crypto"
+	"crypto/md5"  //nolint:gosec
+	"crypto/sha1" //nolint:gosec
+	"crypto/sha256"
+	"crypto/sha512"
+)
+
+// hashAlgorithm is used to indicate the hash algorithm used
+// https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-18
+type hashAlgorithm uint16
+
+// Supported hash hash algorithms
+const (
+	hashAlgorithmMD2     hashAlgorithm = 0 // Blacklisted
+	hashAlgorithmMD5     hashAlgorithm = 1 // Blacklisted
+	hashAlgorithmSHA1    hashAlgorithm = 2 // Blacklisted
+	hashAlgorithmSHA224  hashAlgorithm = 3
+	hashAlgorithmSHA256  hashAlgorithm = 4
+	hashAlgorithmSHA384  hashAlgorithm = 5
+	hashAlgorithmSHA512  hashAlgorithm = 6
+	hashAlgorithmEd25519 hashAlgorithm = 8
+)
+
+// String makes hashAlgorithm printable
+func (h hashAlgorithm) String() string {
+	switch h {
+	case hashAlgorithmMD2:
+		return "md2"
+	case hashAlgorithmMD5:
+		return "md5" // [RFC3279]
+	case hashAlgorithmSHA1:
+		return "sha-1" // [RFC3279]
+	case hashAlgorithmSHA224:
+		return "sha-224" // [RFC4055]
+	case hashAlgorithmSHA256:
+		return "sha-256" // [RFC4055]
+	case hashAlgorithmSHA384:
+		return "sha-384" // [RFC4055]
+	case hashAlgorithmSHA512:
+		return "sha-512" // [RFC4055]
+	case hashAlgorithmEd25519:
+		return "null"
+	default:
+		return "unknown or unsupported hash algorithm"
+	}
+}
+
+func (h hashAlgorithm) digest(b []byte) []byte {
+	switch h {
+	case hashAlgorithmMD5:
+		hash := md5.Sum(b) // #nosec
+		return hash[:]
+	case hashAlgorithmSHA1:
+		hash := sha1.Sum(b) // #nosec
+		return hash[:]
+	case hashAlgorithmSHA224:
+		hash := sha256.Sum224(b)
+		return hash[:]
+	case hashAlgorithmSHA256:
+		hash := sha256.Sum256(b)
+		return hash[:]
+	case hashAlgorithmSHA384:
+		hash := sha512.Sum384(b)
+		return hash[:]
+	case hashAlgorithmSHA512:
+		hash := sha512.Sum512(b)
+		return hash[:]
+	default:
+		return nil
+	}
+}
+
+func (h hashAlgorithm) insecure() bool {
+	switch h {
+	case hashAlgorithmMD2, hashAlgorithmMD5, hashAlgorithmSHA1:
+		return true
+	default:
+		return false
+	}
+}
+
+func (h hashAlgorithm) cryptoHash() crypto.Hash {
+	switch h {
+	case hashAlgorithmMD5:
+		return crypto.MD5
+	case hashAlgorithmSHA1:
+		return crypto.SHA1
+	case hashAlgorithmSHA224:
+		return crypto.SHA224
+	case hashAlgorithmSHA256:
+		return crypto.SHA256
+	case hashAlgorithmSHA384:
+		return crypto.SHA384
+	case hashAlgorithmSHA512:
+		return crypto.SHA512
+	case hashAlgorithmEd25519:
+		return crypto.Hash(0)
+	default:
+		return crypto.Hash(0)
+	}
+}
+
+func hashAlgorithms() map[hashAlgorithm]struct{} {
+	return map[hashAlgorithm]struct{}{
+		hashAlgorithmMD5:     {},
+		hashAlgorithmSHA1:    {},
+		hashAlgorithmSHA224:  {},
+		hashAlgorithmSHA256:  {},
+		hashAlgorithmSHA384:  {},
+		hashAlgorithmSHA512:  {},
+		hashAlgorithmEd25519: {},
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/internal/closer/closer.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/internal/closer/closer.go
new file mode 100644
index 000000000..b99e13e44
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/internal/closer/closer.go
@@ -0,0 +1,45 @@
+// Package closer provides signaling channel for shutdown
+package closer
+
+import (
+	"context"
+)
+
+// Closer allows for each signaling a channel for shutdown
+type Closer struct {
+	ctx       context.Context
+	closeFunc func()
+}
+
+// NewCloser creates a new instance of Closer
+func NewCloser() *Closer {
+	ctx, closeFunc := context.WithCancel(context.Background())
+	return &Closer{
+		ctx:       ctx,
+		closeFunc: closeFunc,
+	}
+}
+
+// NewCloserWithParent creates a new instance of Closer with a parent context
+func NewCloserWithParent(ctx context.Context) *Closer {
+	ctx, closeFunc := context.WithCancel(ctx)
+	return &Closer{
+		ctx:       ctx,
+		closeFunc: closeFunc,
+	}
+}
+
+// Done returns a channel signaling when it is done
+func (c *Closer) Done() <-chan struct{} {
+	return c.ctx.Done()
+}
+
+// Err returns an error of the context
+func (c *Closer) Err() error {
+	return c.ctx.Err()
+}
+
+// Close sends a signal to trigger the ctx done channel
+func (c *Closer) Close() {
+	c.closeFunc()
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/internal/net/connctx/connctx.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/internal/net/connctx/connctx.go
new file mode 100644
index 000000000..788451087
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/internal/net/connctx/connctx.go
@@ -0,0 +1,156 @@
+// Package connctx wraps net.Conn using context.Context.
+package connctx
+
+import (
+	"context"
+	"errors"
+	"io"
+	"net"
+	"sync"
+	"sync/atomic"
+	"time"
+)
+
+// ErrClosing is returned on Write to closed connection.
+var ErrClosing = errors.New("use of closed network connection")
+
+// ConnCtx is a wrapper of net.Conn using context.Context.
+type ConnCtx interface {
+	Read(context.Context, []byte) (int, error)
+	Write(context.Context, []byte) (int, error)
+	Close() error
+	LocalAddr() net.Addr
+	RemoteAddr() net.Addr
+	Conn() net.Conn
+}
+
+type connCtx struct {
+	nextConn  net.Conn
+	closed    chan struct{}
+	closeOnce sync.Once
+	readMu    sync.Mutex
+	writeMu   sync.Mutex
+}
+
+var veryOld = time.Unix(0, 1) //nolint:gochecknoglobals
+
+// New creates a new ConnCtx wrapping given net.Conn.
+func New(conn net.Conn) ConnCtx {
+	c := &connCtx{
+		nextConn: conn,
+		closed:   make(chan struct{}),
+	}
+	return c
+}
+
+func (c *connCtx) Read(ctx context.Context, b []byte) (int, error) {
+	c.readMu.Lock()
+	defer c.readMu.Unlock()
+
+	select {
+	case <-c.closed:
+		return 0, io.EOF
+	default:
+	}
+
+	done := make(chan struct{})
+	var wg sync.WaitGroup
+	var errSetDeadline atomic.Value
+	wg.Add(1)
+	go func() {
+		defer wg.Done()
+		select {
+		case <-ctx.Done():
+			// context canceled
+			if err := c.nextConn.SetReadDeadline(veryOld); err != nil {
+				errSetDeadline.Store(err)
+				return
+			}
+			<-done
+			if err := c.nextConn.SetReadDeadline(time.Time{}); err != nil {
+				errSetDeadline.Store(err)
+			}
+		case <-done:
+		}
+	}()
+
+	n, err := c.nextConn.Read(b)
+
+	close(done)
+	wg.Wait()
+	if e := ctx.Err(); e != nil && n == 0 {
+		err = e
+	}
+	if err2 := errSetDeadline.Load(); err == nil && err2 != nil {
+		err = err2.(error)
+	}
+	return n, err
+}
+
+func (c *connCtx) Write(ctx context.Context, b []byte) (int, error) {
+	c.writeMu.Lock()
+	defer c.writeMu.Unlock()
+
+	select {
+	case <-c.closed:
+		return 0, ErrClosing
+	default:
+	}
+
+	done := make(chan struct{})
+	var wg sync.WaitGroup
+	var errSetDeadline atomic.Value
+	wg.Add(1)
+	go func() {
+		select {
+		case <-ctx.Done():
+			// context canceled
+			if err := c.nextConn.SetWriteDeadline(veryOld); err != nil {
+				errSetDeadline.Store(err)
+				return
+			}
+			<-done
+			if err := c.nextConn.SetWriteDeadline(time.Time{}); err != nil {
+				errSetDeadline.Store(err)
+			}
+		case <-done:
+		}
+		wg.Done()
+	}()
+
+	n, err := c.nextConn.Write(b)
+
+	close(done)
+	wg.Wait()
+	if e := ctx.Err(); e != nil && n == 0 {
+		err = e
+	}
+	if err2 := errSetDeadline.Load(); err == nil && err2 != nil {
+		err = err2.(error)
+	}
+	return n, err
+}
+
+func (c *connCtx) Close() error {
+	err := c.nextConn.Close()
+	c.closeOnce.Do(func() {
+		c.writeMu.Lock()
+		c.readMu.Lock()
+		close(c.closed)
+		c.readMu.Unlock()
+		c.writeMu.Unlock()
+	})
+	return err
+}
+
+func (c *connCtx) LocalAddr() net.Addr {
+	return c.nextConn.LocalAddr()
+}
+
+func (c *connCtx) RemoteAddr() net.Addr {
+	return c.nextConn.RemoteAddr()
+}
+
+func (c *connCtx) Conn() net.Conn {
+	return c.nextConn
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/listener.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/listener.go
new file mode 100644
index 000000000..dd27b2c83
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/listener.go
@@ -0,0 +1,78 @@
+package dtls
+
+import (
+	"net"
+
+	"github.com/pion/udp"
+)
+
+// Listen creates a DTLS listener
+func Listen(network string, laddr *net.UDPAddr, config *Config) (net.Listener, error) {
+	if err := validateConfig(config); err != nil {
+		return nil, err
+	}
+
+	lc := udp.ListenConfig{
+		AcceptFilter: func(packet []byte) bool {
+			pkts, err := unpackDatagram(packet)
+			if err != nil || len(pkts) < 1 {
+				return false
+			}
+			h := &recordLayerHeader{}
+			if err := h.Unmarshal(pkts[0]); err != nil {
+				return false
+			}
+			return h.contentType == contentTypeHandshake
+		},
+	}
+	parent, err := lc.Listen(network, laddr)
+	if err != nil {
+		return nil, err
+	}
+	return &listener{
+		config: config,
+		parent: parent,
+	}, nil
+}
+
+// NewListener creates a DTLS listener which accepts connections from an inner Listener.
+func NewListener(inner net.Listener, config *Config) (net.Listener, error) {
+	if err := validateConfig(config); err != nil {
+		return nil, err
+	}
+
+	return &listener{
+		config: config,
+		parent: inner,
+	}, nil
+}
+
+// listener represents a DTLS listener
+type listener struct {
+	config *Config
+	parent net.Listener
+}
+
+// Accept waits for and returns the next connection to the listener.
+// You have to either close or read on all connection that are created.
+// Connection handshake will timeout using ConnectContextMaker in the Config.
+// If you want to specify the timeout duration, set ConnectContextMaker.
+func (l *listener) Accept() (net.Conn, error) {
+	c, err := l.parent.Accept()
+	if err != nil {
+		return nil, err
+	}
+	return Server(c, l.config)
+}
+
+// Close closes the listener.
+// Any blocked Accept operations will be unblocked and return errors.
+// Already Accepted connections are not closed.
+func (l *listener) Close() error {
+	return l.parent.Close()
+}
+
+// Addr returns the listener's network address.
+func (l *listener) Addr() net.Addr {
+	return l.parent.Addr()
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/named_curve.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/named_curve.go
new file mode 100644
index 000000000..7775bcf2f
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/named_curve.go
@@ -0,0 +1,62 @@
+package dtls
+
+import (
+	"crypto/elliptic"
+	"crypto/rand"
+
+	"golang.org/x/crypto/curve25519"
+)
+
+// https://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-8
+type namedCurve uint16
+
+type namedCurveKeypair struct {
+	curve      namedCurve
+	publicKey  []byte
+	privateKey []byte
+}
+
+const (
+	namedCurveP256   namedCurve = 0x0017
+	namedCurveP384   namedCurve = 0x0018
+	namedCurveX25519 namedCurve = 0x001d
+)
+
+func namedCurves() map[namedCurve]bool {
+	return map[namedCurve]bool{
+		namedCurveX25519: true,
+		namedCurveP256:   true,
+		namedCurveP384:   true,
+	}
+}
+
+func generateKeypair(c namedCurve) (*namedCurveKeypair, error) {
+	switch c { //nolint:golint
+	case namedCurveX25519:
+		tmp := make([]byte, 32)
+		if _, err := rand.Read(tmp); err != nil {
+			return nil, err
+		}
+
+		var public, private [32]byte
+		copy(private[:], tmp)
+
+		curve25519.ScalarBaseMult(&public, &private)
+		return &namedCurveKeypair{namedCurveX25519, public[:], private[:]}, nil
+	case namedCurveP256:
+		return ellipticCurveKeypair(namedCurveP256, elliptic.P256(), elliptic.P256())
+	case namedCurveP384:
+		return ellipticCurveKeypair(namedCurveP384, elliptic.P384(), elliptic.P384())
+	default:
+		return nil, errInvalidNamedCurve
+	}
+}
+
+func ellipticCurveKeypair(nc namedCurve, c1, c2 elliptic.Curve) (*namedCurveKeypair, error) {
+	privateKey, x, y, err := elliptic.GenerateKey(c1, rand.Reader)
+	if err != nil {
+		return nil, err
+	}
+
+	return &namedCurveKeypair{nc, elliptic.Marshal(c2, x, y), privateKey}, nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/packet.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/packet.go
new file mode 100644
index 000000000..685f2e095
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/packet.go
@@ -0,0 +1,7 @@
+package dtls
+
+type packet struct {
+	record                   *recordLayer
+	shouldEncrypt            bool
+	resetLocalSequenceNumber bool
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/pkg/crypto/ccm/ccm.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/pkg/crypto/ccm/ccm.go
new file mode 100644
index 000000000..20e3436e2
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/pkg/crypto/ccm/ccm.go
@@ -0,0 +1,251 @@
+// Package ccm implements a CCM, Counter with CBC-MAC
+// as per RFC 3610.
+//
+// See https://tools.ietf.org/html/rfc3610
+//
+// This code was lifted from https://github.com/bocajim/dtls/blob/a3300364a283fcb490d28a93d7fcfa7ba437fbbe/ccm/ccm.go
+// and as such was not written by the Pions authors. Like Pions this
+// code is licensed under MIT.
+//
+// A request for including CCM into the Go standard library
+// can be found as issue #27484 on the https://github.com/golang/go/
+// repository.
+package ccm
+
+import (
+	"crypto/cipher"
+	"crypto/subtle"
+	"encoding/binary"
+	"errors"
+	"math"
+)
+
+// ccm represents a Counter with CBC-MAC with a specific key.
+type ccm struct {
+	b cipher.Block
+	M uint8
+	L uint8
+}
+
+const ccmBlockSize = 16
+
+// CCM is a block cipher in Counter with CBC-MAC mode.
+// Providing authenticated encryption with associated data via the cipher.AEAD interface.
+type CCM interface {
+	cipher.AEAD
+	// MaxLength returns the maxium length of plaintext in calls to Seal.
+	// The maximum length of ciphertext in calls to Open is MaxLength()+Overhead().
+	// The maximum length is related to CCM's `L` parameter (15-noncesize) and
+	// is 1<<(8*L) - 1 (but also limited by the maxium size of an int).
+	MaxLength() int
+}
+
+var (
+	errInvalidBlockSize = errors.New("ccm: NewCCM requires 128-bit block cipher")
+	errInvalidTagSize   = errors.New("ccm: tagsize must be 4, 6, 8, 10, 12, 14, or 16")
+	errInvalidNonceSize = errors.New("ccm: invalid nonce size")
+)
+
+// NewCCM returns the given 128-bit block cipher wrapped in CCM.
+// The tagsize must be an even integer between 4 and 16 inclusive
+// and is used as CCM's `M` parameter.
+// The noncesize must be an integer between 7 and 13 inclusive,
+// 15-noncesize is used as CCM's `L` parameter.
+func NewCCM(b cipher.Block, tagsize, noncesize int) (CCM, error) {
+	if b.BlockSize() != ccmBlockSize {
+		return nil, errInvalidBlockSize
+	}
+	if tagsize < 4 || tagsize > 16 || tagsize&1 != 0 {
+		return nil, errInvalidTagSize
+	}
+	lensize := 15 - noncesize
+	if lensize < 2 || lensize > 8 {
+		return nil, errInvalidNonceSize
+	}
+	c := &ccm{b: b, M: uint8(tagsize), L: uint8(lensize)}
+	return c, nil
+}
+
+func (c *ccm) NonceSize() int { return 15 - int(c.L) }
+func (c *ccm) Overhead() int  { return int(c.M) }
+func (c *ccm) MaxLength() int { return maxlen(c.L, c.Overhead()) }
+
+func maxlen(l uint8, tagsize int) int {
+	max := (uint64(1) << (8 * l)) - 1
+	if m64 := uint64(math.MaxInt64) - uint64(tagsize); l > 8 || max > m64 {
+		max = m64 // The maximum lentgh on a 64bit arch
+	}
+	if max != uint64(int(max)) {
+		return math.MaxInt32 - tagsize // We have only 32bit int's
+	}
+	return int(max)
+}
+
+// MaxNonceLength returns the maximum nonce length for a given plaintext length.
+// A return value <= 0 indicates that plaintext length is too large for
+// any nonce length.
+func MaxNonceLength(pdatalen int) int {
+	const tagsize = 16
+	for L := 2; L <= 8; L++ {
+		if maxlen(uint8(L), tagsize) >= pdatalen {
+			return 15 - L
+		}
+	}
+	return 0
+}
+
+func (c *ccm) cbcRound(mac, data []byte) {
+	for i := 0; i < ccmBlockSize; i++ {
+		mac[i] ^= data[i]
+	}
+	c.b.Encrypt(mac, mac)
+}
+
+func (c *ccm) cbcData(mac, data []byte) {
+	for len(data) >= ccmBlockSize {
+		c.cbcRound(mac, data[:ccmBlockSize])
+		data = data[ccmBlockSize:]
+	}
+	if len(data) > 0 {
+		var block [ccmBlockSize]byte
+		copy(block[:], data)
+		c.cbcRound(mac, block[:])
+	}
+}
+
+var errPlaintextTooLong = errors.New("ccm: plaintext too large")
+
+func (c *ccm) tag(nonce, plaintext, adata []byte) ([]byte, error) {
+	var mac [ccmBlockSize]byte
+
+	if len(adata) > 0 {
+		mac[0] |= 1 << 6
+	}
+	mac[0] |= (c.M - 2) << 2
+	mac[0] |= c.L - 1
+	if len(nonce) != c.NonceSize() {
+		return nil, errInvalidNonceSize
+	}
+	if len(plaintext) > c.MaxLength() {
+		return nil, errPlaintextTooLong
+	}
+	binary.BigEndian.PutUint64(mac[ccmBlockSize-8:], uint64(len(plaintext)))
+	copy(mac[1:ccmBlockSize-c.L], nonce)
+	c.b.Encrypt(mac[:], mac[:])
+
+	var block [ccmBlockSize]byte
+	if n := uint64(len(adata)); n > 0 {
+		// First adata block includes adata length
+		i := 2
+		if n <= 0xfeff {
+			binary.BigEndian.PutUint16(block[:i], uint16(n))
+		} else {
+			block[0] = 0xfe
+			block[1] = 0xff
+			if n < uint64(1<<32) {
+				i = 2 + 4
+				binary.BigEndian.PutUint32(block[2:i], uint32(n))
+			} else {
+				i = 2 + 8
+				binary.BigEndian.PutUint64(block[2:i], n)
+			}
+		}
+		i = copy(block[i:], adata)
+		c.cbcRound(mac[:], block[:])
+		c.cbcData(mac[:], adata[i:])
+	}
+
+	if len(plaintext) > 0 {
+		c.cbcData(mac[:], plaintext)
+	}
+
+	return mac[:c.M], nil
+}
+
+// sliceForAppend takes a slice and a requested number of bytes. It returns a
+// slice with the contents of the given slice followed by that many bytes and a
+// second slice that aliases into it and contains only the extra bytes. If the
+// original slice has sufficient capacity then no allocation is performed.
+// From crypto/cipher/gcm.go
+func sliceForAppend(in []byte, n int) (head, tail []byte) {
+	if total := len(in) + n; cap(in) >= total {
+		head = in[:total]
+	} else {
+		head = make([]byte, total)
+		copy(head, in)
+	}
+	tail = head[len(in):]
+	return
+}
+
+// Seal encrypts and authenticates plaintext, authenticates the
+// additional data and appends the result to dst, returning the updated
+// slice. The nonce must be NonceSize() bytes long and unique for all
+// time, for a given key.
+// The plaintext must be no longer than MaxLength() bytes long.
+//
+// The plaintext and dst may alias exactly or not at all.
+func (c *ccm) Seal(dst, nonce, plaintext, adata []byte) []byte {
+	tag, err := c.tag(nonce, plaintext, adata)
+	if err != nil {
+		// The cipher.AEAD interface doesn't allow for an error return.
+		panic(err) // nolint
+	}
+
+	var iv, s0 [ccmBlockSize]byte
+	iv[0] = c.L - 1
+	copy(iv[1:ccmBlockSize-c.L], nonce)
+	c.b.Encrypt(s0[:], iv[:])
+	for i := 0; i < int(c.M); i++ {
+		tag[i] ^= s0[i]
+	}
+	iv[len(iv)-1] |= 1
+	stream := cipher.NewCTR(c.b, iv[:])
+	ret, out := sliceForAppend(dst, len(plaintext)+int(c.M))
+	stream.XORKeyStream(out, plaintext)
+	copy(out[len(plaintext):], tag)
+	return ret
+}
+
+var (
+	errOpen               = errors.New("ccm: message authentication failed")
+	errCiphertextTooShort = errors.New("ccm: ciphertext too short")
+	errCiphertextTooLong  = errors.New("ccm: ciphertext too long")
+)
+
+func (c *ccm) Open(dst, nonce, ciphertext, adata []byte) ([]byte, error) {
+	if len(ciphertext) < int(c.M) {
+		return nil, errCiphertextTooShort
+	}
+	if len(ciphertext) > c.MaxLength()+c.Overhead() {
+		return nil, errCiphertextTooLong
+	}
+
+	tag := make([]byte, int(c.M))
+	copy(tag, ciphertext[len(ciphertext)-int(c.M):])
+	ciphertextWithoutTag := ciphertext[:len(ciphertext)-int(c.M)]
+
+	var iv, s0 [ccmBlockSize]byte
+	iv[0] = c.L - 1
+	copy(iv[1:ccmBlockSize-c.L], nonce)
+	c.b.Encrypt(s0[:], iv[:])
+	for i := 0; i < int(c.M); i++ {
+		tag[i] ^= s0[i]
+	}
+	iv[len(iv)-1] |= 1
+	stream := cipher.NewCTR(c.b, iv[:])
+
+	// Cannot decrypt directly to dst since we're not supposed to
+	// reveal the plaintext to the caller if authentication fails.
+	plaintext := make([]byte, len(ciphertextWithoutTag))
+	stream.XORKeyStream(plaintext, ciphertextWithoutTag)
+	expectedTag, err := c.tag(nonce, plaintext, adata)
+	if err != nil {
+		return nil, err
+	}
+
+	if subtle.ConstantTimeCompare(tag, expectedTag) != 1 {
+		return nil, errOpen
+	}
+	return append(dst, plaintext...), nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/pkg/crypto/fingerprint/fingerprint.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/pkg/crypto/fingerprint/fingerprint.go
new file mode 100644
index 000000000..215b44ec7
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/pkg/crypto/fingerprint/fingerprint.go
@@ -0,0 +1,50 @@
+// Package fingerprint provides a helper to create fingerprint string from certificate
+package fingerprint
+
+import (
+	"crypto"
+	"crypto/x509"
+	"errors"
+	"fmt"
+)
+
+var (
+	errHashUnavailable          = errors.New("fingerprint: hash algorithm is not linked into the binary")
+	errInvalidFingerprintLength = errors.New("fingerprint: invalid fingerprint length")
+)
+
+// Fingerprint creates a fingerprint for a certificate using the specified hash algorithm
+func Fingerprint(cert *x509.Certificate, algo crypto.Hash) (string, error) {
+	if !algo.Available() {
+		return "", errHashUnavailable
+	}
+	h := algo.New()
+	for i := 0; i < len(cert.Raw); {
+		n, _ := h.Write(cert.Raw[i:])
+		// Hash.Writer is specified to be never returning an error.
+		// https://golang.org/pkg/hash/#Hash
+		i += n
+	}
+	digest := []byte(fmt.Sprintf("%x", h.Sum(nil)))
+
+	digestlen := len(digest)
+	if digestlen == 0 {
+		return "", nil
+	}
+	if digestlen%2 != 0 {
+		return "", errInvalidFingerprintLength
+	}
+	res := make([]byte, digestlen>>1+digestlen-1)
+
+	pos := 0
+	for i, c := range digest {
+		res[pos] = c
+		pos++
+		if (i)%2 != 0 && i < digestlen-1 {
+			res[pos] = byte(':')
+			pos++
+		}
+	}
+
+	return string(res), nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/pkg/crypto/fingerprint/hash.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/pkg/crypto/fingerprint/hash.go
new file mode 100644
index 000000000..09107db92
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/pkg/crypto/fingerprint/hash.go
@@ -0,0 +1,37 @@
+package fingerprint
+
+import (
+	"crypto"
+	"errors"
+)
+
+var errInvalidHashAlgorithm = errors.New("fingerprint: invalid hash algorithm")
+
+func nameToHash() map[string]crypto.Hash {
+	return map[string]crypto.Hash{
+		"md5":     crypto.MD5,    // [RFC3279]
+		"sha-1":   crypto.SHA1,   // [RFC3279]
+		"sha-224": crypto.SHA224, // [RFC4055]
+		"sha-256": crypto.SHA256, // [RFC4055]
+		"sha-384": crypto.SHA384, // [RFC4055]
+		"sha-512": crypto.SHA512, // [RFC4055]
+	}
+}
+
+// HashFromString allows looking up a hash algorithm by it's string representation
+func HashFromString(s string) (crypto.Hash, error) {
+	if h, ok := nameToHash()[s]; ok {
+		return h, nil
+	}
+	return 0, errInvalidHashAlgorithm
+}
+
+// StringFromHash allows looking up a string representation of the crypto.Hash.
+func StringFromHash(hash crypto.Hash) (string, error) {
+	for s, h := range nameToHash() {
+		if h == hash {
+			return s, nil
+		}
+	}
+	return "", errInvalidHashAlgorithm
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/prf.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/prf.go
new file mode 100644
index 000000000..2d649a187
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/prf.go
@@ -0,0 +1,230 @@
+package dtls
+
+import ( //nolint:gci
+	"crypto/elliptic"
+	"crypto/hmac"
+	"crypto/sha1" //nolint:gosec
+	"encoding/binary"
+	"fmt"
+	"hash"
+	"math"
+
+	"golang.org/x/crypto/curve25519"
+)
+
+const (
+	prfMasterSecretLabel         = "master secret"
+	prfExtendedMasterSecretLabel = "extended master secret"
+	prfKeyExpansionLabel         = "key expansion"
+	prfVerifyDataClientLabel     = "client finished"
+	prfVerifyDataServerLabel     = "server finished"
+)
+
+type hashFunc func() hash.Hash
+
+type encryptionKeys struct {
+	masterSecret   []byte
+	clientMACKey   []byte
+	serverMACKey   []byte
+	clientWriteKey []byte
+	serverWriteKey []byte
+	clientWriteIV  []byte
+	serverWriteIV  []byte
+}
+
+func (e *encryptionKeys) String() string {
+	return fmt.Sprintf(`encryptionKeys:
+- masterSecret: %#v
+- clientMACKey: %#v
+- serverMACKey: %#v
+- clientWriteKey: %#v
+- serverWriteKey: %#v
+- clientWriteIV: %#v
+- serverWriteIV: %#v
+`,
+		e.masterSecret,
+		e.clientMACKey,
+		e.serverMACKey,
+		e.clientWriteKey,
+		e.serverWriteKey,
+		e.clientWriteIV,
+		e.serverWriteIV)
+}
+
+// The premaster secret is formed as follows: if the PSK is N octets
+// long, concatenate a uint16 with the value N, N zero octets, a second
+// uint16 with the value N, and the PSK itself.
+//
+// https://tools.ietf.org/html/rfc4279#section-2
+func prfPSKPreMasterSecret(psk []byte) []byte {
+	pskLen := uint16(len(psk))
+
+	out := append(make([]byte, 2+pskLen+2), psk...)
+	binary.BigEndian.PutUint16(out, pskLen)
+	binary.BigEndian.PutUint16(out[2+pskLen:], pskLen)
+
+	return out
+}
+
+func prfPreMasterSecret(publicKey, privateKey []byte, curve namedCurve) ([]byte, error) {
+	switch curve {
+	case namedCurveX25519:
+		return curve25519.X25519(privateKey, publicKey)
+	case namedCurveP256:
+		return ellipticCurvePreMasterSecret(publicKey, privateKey, elliptic.P256(), elliptic.P256())
+	case namedCurveP384:
+		return ellipticCurvePreMasterSecret(publicKey, privateKey, elliptic.P384(), elliptic.P384())
+	default:
+		return nil, errInvalidNamedCurve
+	}
+}
+
+func ellipticCurvePreMasterSecret(publicKey, privateKey []byte, c1, c2 elliptic.Curve) ([]byte, error) {
+	x, y := elliptic.Unmarshal(c1, publicKey)
+	if x == nil || y == nil {
+		return nil, errInvalidNamedCurve
+	}
+
+	result, _ := c2.ScalarMult(x, y, privateKey)
+	preMasterSecret := make([]byte, (c2.Params().BitSize+7)>>3)
+	resultBytes := result.Bytes()
+	copy(preMasterSecret[len(preMasterSecret)-len(resultBytes):], resultBytes)
+	return preMasterSecret, nil
+}
+
+//  This PRF with the SHA-256 hash function is used for all cipher suites
+//  defined in this document and in TLS documents published prior to this
+//  document when TLS 1.2 is negotiated.  New cipher suites MUST explicitly
+//  specify a PRF and, in general, SHOULD use the TLS PRF with SHA-256 or a
+//  stronger standard hash function.
+//
+//     P_hash(secret, seed) = HMAC_hash(secret, A(1) + seed) +
+//                            HMAC_hash(secret, A(2) + seed) +
+//                            HMAC_hash(secret, A(3) + seed) + ...
+//
+//  A() is defined as:
+//
+//     A(0) = seed
+//     A(i) = HMAC_hash(secret, A(i-1))
+//
+//  P_hash can be iterated as many times as necessary to produce the
+//  required quantity of data.  For example, if P_SHA256 is being used to
+//  create 80 bytes of data, it will have to be iterated three times
+//  (through A(3)), creating 96 bytes of output data; the last 16 bytes
+//  of the final iteration will then be discarded, leaving 80 bytes of
+//  output data.
+//
+// https://tools.ietf.org/html/rfc4346w
+func prfPHash(secret, seed []byte, requestedLength int, h hashFunc) ([]byte, error) {
+	hmacSHA256 := func(key, data []byte) ([]byte, error) {
+		mac := hmac.New(h, key)
+		if _, err := mac.Write(data); err != nil {
+			return nil, err
+		}
+		return mac.Sum(nil), nil
+	}
+
+	var err error
+	lastRound := seed
+	out := []byte{}
+
+	iterations := int(math.Ceil(float64(requestedLength) / float64(h().Size())))
+	for i := 0; i < iterations; i++ {
+		lastRound, err = hmacSHA256(secret, lastRound)
+		if err != nil {
+			return nil, err
+		}
+		withSecret, err := hmacSHA256(secret, append(lastRound, seed...))
+		if err != nil {
+			return nil, err
+		}
+		out = append(out, withSecret...)
+	}
+
+	return out[:requestedLength], nil
+}
+
+func prfExtendedMasterSecret(preMasterSecret, sessionHash []byte, h hashFunc) ([]byte, error) {
+	seed := append([]byte(prfExtendedMasterSecretLabel), sessionHash...)
+	return prfPHash(preMasterSecret, seed, 48, h)
+}
+
+func prfMasterSecret(preMasterSecret, clientRandom, serverRandom []byte, h hashFunc) ([]byte, error) {
+	seed := append(append([]byte(prfMasterSecretLabel), clientRandom...), serverRandom...)
+	return prfPHash(preMasterSecret, seed, 48, h)
+}
+
+func prfEncryptionKeys(masterSecret, clientRandom, serverRandom []byte, prfMacLen, prfKeyLen, prfIvLen int, h hashFunc) (*encryptionKeys, error) {
+	seed := append(append([]byte(prfKeyExpansionLabel), serverRandom...), clientRandom...)
+	keyMaterial, err := prfPHash(masterSecret, seed, (2*prfMacLen)+(2*prfKeyLen)+(2*prfIvLen), h)
+	if err != nil {
+		return nil, err
+	}
+
+	clientMACKey := keyMaterial[:prfMacLen]
+	keyMaterial = keyMaterial[prfMacLen:]
+
+	serverMACKey := keyMaterial[:prfMacLen]
+	keyMaterial = keyMaterial[prfMacLen:]
+
+	clientWriteKey := keyMaterial[:prfKeyLen]
+	keyMaterial = keyMaterial[prfKeyLen:]
+
+	serverWriteKey := keyMaterial[:prfKeyLen]
+	keyMaterial = keyMaterial[prfKeyLen:]
+
+	clientWriteIV := keyMaterial[:prfIvLen]
+	keyMaterial = keyMaterial[prfIvLen:]
+
+	serverWriteIV := keyMaterial[:prfIvLen]
+
+	return &encryptionKeys{
+		masterSecret:   masterSecret,
+		clientMACKey:   clientMACKey,
+		serverMACKey:   serverMACKey,
+		clientWriteKey: clientWriteKey,
+		serverWriteKey: serverWriteKey,
+		clientWriteIV:  clientWriteIV,
+		serverWriteIV:  serverWriteIV,
+	}, nil
+}
+
+func prfVerifyData(masterSecret, handshakeBodies []byte, label string, hashFunc hashFunc) ([]byte, error) {
+	h := hashFunc()
+	if _, err := h.Write(handshakeBodies); err != nil {
+		return nil, err
+	}
+
+	seed := append([]byte(label), h.Sum(nil)...)
+	return prfPHash(masterSecret, seed, 12, hashFunc)
+}
+
+func prfVerifyDataClient(masterSecret, handshakeBodies []byte, h hashFunc) ([]byte, error) {
+	return prfVerifyData(masterSecret, handshakeBodies, prfVerifyDataClientLabel, h)
+}
+
+func prfVerifyDataServer(masterSecret, handshakeBodies []byte, h hashFunc) ([]byte, error) {
+	return prfVerifyData(masterSecret, handshakeBodies, prfVerifyDataServerLabel, h)
+}
+
+// compute the MAC using HMAC-SHA1
+func prfMac(epoch uint16, sequenceNumber uint64, contentType contentType, protocolVersion protocolVersion, payload []byte, key []byte) ([]byte, error) {
+	h := hmac.New(sha1.New, key)
+
+	msg := make([]byte, 13)
+
+	binary.BigEndian.PutUint16(msg, epoch)
+	putBigEndianUint48(msg[2:], sequenceNumber)
+	msg[8] = byte(contentType)
+	msg[9] = protocolVersion.major
+	msg[10] = protocolVersion.minor
+	binary.BigEndian.PutUint16(msg[11:], uint16(len(payload)))
+
+	if _, err := h.Write(msg); err != nil {
+		return nil, err
+	} else if _, err := h.Write(payload); err != nil {
+		return nil, err
+	}
+
+	return h.Sum(nil), nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/record_layer.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/record_layer.go
new file mode 100644
index 000000000..11f32dad6
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/record_layer.go
@@ -0,0 +1,93 @@
+package dtls
+
+import (
+	"encoding/binary"
+)
+
+/*
+ The TLS Record Layer which handles all data transport.
+ The record layer is assumed to sit directly on top of some
+ reliable transport such as TCP. The record layer can carry four types of content:
+
+ 1. Handshake messages—used for algorithm negotiation and key establishment.
+ 2. ChangeCipherSpec messages—really part of the handshake but technically a separate kind of message.
+ 3. Alert messages—used to signal that errors have occurred
+ 4. Application layer data
+
+ The DTLS record layer is extremely similar to that of TLS 1.1.  The
+ only change is the inclusion of an explicit sequence number in the
+ record.  This sequence number allows the recipient to correctly
+ verify the TLS MAC.
+ https://tools.ietf.org/html/rfc4347#section-4.1
+*/
+type recordLayer struct {
+	recordLayerHeader recordLayerHeader
+	content           content
+}
+
+func (r *recordLayer) Marshal() ([]byte, error) {
+	contentRaw, err := r.content.Marshal()
+	if err != nil {
+		return nil, err
+	}
+
+	r.recordLayerHeader.contentLen = uint16(len(contentRaw))
+	r.recordLayerHeader.contentType = r.content.contentType()
+
+	headerRaw, err := r.recordLayerHeader.Marshal()
+	if err != nil {
+		return nil, err
+	}
+
+	return append(headerRaw, contentRaw...), nil
+}
+
+func (r *recordLayer) Unmarshal(data []byte) error {
+	if len(data) < recordLayerHeaderSize {
+		return errBufferTooSmall
+	}
+	if err := r.recordLayerHeader.Unmarshal(data); err != nil {
+		return err
+	}
+
+	switch contentType(data[0]) {
+	case contentTypeChangeCipherSpec:
+		r.content = &changeCipherSpec{}
+	case contentTypeAlert:
+		r.content = &alert{}
+	case contentTypeHandshake:
+		r.content = &handshake{}
+	case contentTypeApplicationData:
+		r.content = &applicationData{}
+	default:
+		return errInvalidContentType
+	}
+
+	return r.content.Unmarshal(data[recordLayerHeaderSize:])
+}
+
+// Note that as with TLS, multiple handshake messages may be placed in
+// the same DTLS record, provided that there is room and that they are
+// part of the same flight.  Thus, there are two acceptable ways to pack
+// two DTLS messages into the same datagram: in the same record or in
+// separate records.
+// https://tools.ietf.org/html/rfc6347#section-4.2.3
+func unpackDatagram(buf []byte) ([][]byte, error) {
+	out := [][]byte{}
+
+	for offset := 0; len(buf) != offset; {
+		if len(buf)-offset <= recordLayerHeaderSize {
+			return nil, errInvalidPacketLength
+		}
+
+		pktLen := (recordLayerHeaderSize + int(binary.BigEndian.Uint16(buf[offset+11:])))
+		if offset+pktLen > len(buf) {
+			return nil, errInvalidPacketLength
+		}
+
+		out = append(out, buf[offset:offset+pktLen])
+		offset += pktLen
+	}
+
+	return out, nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/record_layer_header.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/record_layer_header.go
new file mode 100644
index 000000000..69d1925b5
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/record_layer_header.go
@@ -0,0 +1,76 @@
+package dtls
+
+import "encoding/binary"
+
+type recordLayerHeader struct {
+	contentType     contentType
+	contentLen      uint16
+	protocolVersion protocolVersion
+	epoch           uint16
+	sequenceNumber  uint64 // uint48 in spec
+}
+
+const (
+	recordLayerHeaderSize = 13
+	maxSequenceNumber     = 0x0000FFFFFFFFFFFF
+
+	dtls1_2Major = 0xfe
+	dtls1_2Minor = 0xfd
+
+	dtls1_0Major = 0xfe
+	dtls1_0Minor = 0xff
+
+	// VersionDTLS12 is the DTLS version in the same style as
+	// VersionTLSXX from crypto/tls
+	VersionDTLS12 = 0xfefd
+)
+
+var (
+	protocolVersion1_0 = protocolVersion{dtls1_0Major, dtls1_0Minor} //nolint:gochecknoglobals
+	protocolVersion1_2 = protocolVersion{dtls1_2Major, dtls1_2Minor} //nolint:gochecknoglobals
+)
+
+// https://tools.ietf.org/html/rfc4346#section-6.2.1
+type protocolVersion struct {
+	major, minor uint8
+}
+
+func (v protocolVersion) Equal(x protocolVersion) bool {
+	return v.major == x.major && v.minor == x.minor
+}
+
+func (r *recordLayerHeader) Marshal() ([]byte, error) {
+	if r.sequenceNumber > maxSequenceNumber {
+		return nil, errSequenceNumberOverflow
+	}
+
+	out := make([]byte, recordLayerHeaderSize)
+	out[0] = byte(r.contentType)
+	out[1] = r.protocolVersion.major
+	out[2] = r.protocolVersion.minor
+	binary.BigEndian.PutUint16(out[3:], r.epoch)
+	putBigEndianUint48(out[5:], r.sequenceNumber)
+	binary.BigEndian.PutUint16(out[recordLayerHeaderSize-2:], r.contentLen)
+	return out, nil
+}
+
+func (r *recordLayerHeader) Unmarshal(data []byte) error {
+	if len(data) < recordLayerHeaderSize {
+		return errBufferTooSmall
+	}
+	r.contentType = contentType(data[0])
+	r.protocolVersion.major = data[1]
+	r.protocolVersion.minor = data[2]
+	r.epoch = binary.BigEndian.Uint16(data[3:])
+
+	// SequenceNumber is stored as uint48, make into uint64
+	seqCopy := make([]byte, 8)
+	copy(seqCopy[2:], data[5:11])
+	r.sequenceNumber = binary.BigEndian.Uint64(seqCopy)
+
+	if !r.protocolVersion.Equal(protocolVersion1_0) && !r.protocolVersion.Equal(protocolVersion1_2) {
+		return errUnsupportedProtocolVersion
+	}
+
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/renovate.json b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/renovate.json
new file mode 100644
index 000000000..4400fd9b2
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/renovate.json
@@ -0,0 +1,15 @@
+{
+  "extends": [
+    "config:base"
+  ],
+  "postUpdateOptions": [
+    "gomodTidy"
+  ],
+  "commitBody": "Generated by renovateBot",
+  "packageRules": [
+    {
+      "packagePatterns": ["^golang.org/x/"],
+      "schedule": ["on the first day of the month"]
+    }
+  ]
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/resume.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/resume.go
new file mode 100644
index 000000000..40e55e449
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/resume.go
@@ -0,0 +1,19 @@
+package dtls
+
+import (
+	"context"
+	"net"
+)
+
+// Resume imports an already established dtls connection using a specific dtls state
+func Resume(state *State, conn net.Conn, config *Config) (*Conn, error) {
+	if err := state.initCipherSuite(); err != nil {
+		return nil, err
+	}
+	c, err := createConn(context.Background(), conn, config, state.isClient, state)
+	if err != nil {
+		return nil, err
+	}
+
+	return c, nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/signature_algorithm.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/signature_algorithm.go
new file mode 100644
index 000000000..65191de4b
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/signature_algorithm.go
@@ -0,0 +1,18 @@
+package dtls
+
+// https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-16
+type signatureAlgorithm uint16
+
+const (
+	signatureAlgorithmRSA     signatureAlgorithm = 1
+	signatureAlgorithmECDSA   signatureAlgorithm = 3
+	signatureAlgorithmEd25519 signatureAlgorithm = 7
+)
+
+func signatureAlgorithms() map[signatureAlgorithm]bool {
+	return map[signatureAlgorithm]bool{
+		signatureAlgorithmRSA:     true,
+		signatureAlgorithmECDSA:   true,
+		signatureAlgorithmEd25519: true,
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/signature_hash_algorithm.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/signature_hash_algorithm.go
new file mode 100644
index 000000000..97e53efb1
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/signature_hash_algorithm.go
@@ -0,0 +1,88 @@
+package dtls
+
+import (
+	"crypto"
+	"crypto/ecdsa"
+	"crypto/ed25519"
+	"crypto/rsa"
+	"crypto/tls"
+
+	"golang.org/x/xerrors"
+)
+
+type signatureHashAlgorithm struct {
+	hash      hashAlgorithm
+	signature signatureAlgorithm
+}
+
+func defaultSignatureSchemes() []signatureHashAlgorithm {
+	return []signatureHashAlgorithm{
+		{hashAlgorithmSHA256, signatureAlgorithmECDSA},
+		{hashAlgorithmSHA384, signatureAlgorithmECDSA},
+		{hashAlgorithmSHA512, signatureAlgorithmECDSA},
+		{hashAlgorithmSHA256, signatureAlgorithmRSA},
+		{hashAlgorithmSHA384, signatureAlgorithmRSA},
+		{hashAlgorithmSHA512, signatureAlgorithmRSA},
+		{hashAlgorithmEd25519, signatureAlgorithmEd25519},
+	}
+}
+
+// select Signature Scheme returns most preferred and compatible scheme.
+func selectSignatureScheme(sigs []signatureHashAlgorithm, privateKey crypto.PrivateKey) (signatureHashAlgorithm, error) {
+	for _, ss := range sigs {
+		if ss.isCompatible(privateKey) {
+			return ss, nil
+		}
+	}
+	return signatureHashAlgorithm{}, errNoAvailableSignatureSchemes
+}
+
+// isCompatible checks that given private key is compatible with the signature scheme.
+func (s *signatureHashAlgorithm) isCompatible(privateKey crypto.PrivateKey) bool {
+	switch privateKey.(type) {
+	case ed25519.PrivateKey:
+		return s.signature == signatureAlgorithmEd25519
+	case *ecdsa.PrivateKey:
+		return s.signature == signatureAlgorithmECDSA
+	case *rsa.PrivateKey:
+		return s.signature == signatureAlgorithmRSA
+	default:
+		return false
+	}
+}
+
+// parseSignatureSchemes translates []tls.SignatureScheme to []signatureHashAlgorithm.
+// It returns default signature scheme list if no SignatureScheme is passed.
+func parseSignatureSchemes(sigs []tls.SignatureScheme, insecureHashes bool) ([]signatureHashAlgorithm, error) {
+	if len(sigs) == 0 {
+		return defaultSignatureSchemes(), nil
+	}
+	out := []signatureHashAlgorithm{}
+	for _, ss := range sigs {
+		sig := signatureAlgorithm(ss & 0xFF)
+		if _, ok := signatureAlgorithms()[sig]; !ok {
+			return nil, &FatalError{
+				xerrors.Errorf("SignatureScheme %04x: %w", ss, errInvalidSignatureAlgorithm),
+			}
+		}
+		h := hashAlgorithm(ss >> 8)
+		if _, ok := hashAlgorithms()[h]; !ok {
+			return nil, &FatalError{
+				xerrors.Errorf("SignatureScheme %04x: %w", ss, errInvalidHashAlgorithm),
+			}
+		}
+		if h.insecure() && !insecureHashes {
+			continue
+		}
+		out = append(out, signatureHashAlgorithm{
+			hash:      h,
+			signature: sig,
+		})
+	}
+
+	if len(out) == 0 {
+		return nil, errNoAvailableSignatureSchemes
+	}
+
+	return out, nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/srtp_protection_profile.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/srtp_protection_profile.go
new file mode 100644
index 000000000..1d4faa5c2
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/srtp_protection_profile.go
@@ -0,0 +1,21 @@
+package dtls
+
+// SRTPProtectionProfile defines the parameters and options that are in effect for the SRTP processing
+// https://tools.ietf.org/html/rfc5764#section-4.1.2
+type SRTPProtectionProfile uint16
+
+const (
+	SRTP_AES128_CM_HMAC_SHA1_80 SRTPProtectionProfile = 0x0001 // nolint
+	SRTP_AES128_CM_HMAC_SHA1_32 SRTPProtectionProfile = 0x0002 // nolint
+	SRTP_AEAD_AES_128_GCM       SRTPProtectionProfile = 0x0007 // nolint
+	SRTP_AEAD_AES_256_GCM       SRTPProtectionProfile = 0x0008 // nolint
+)
+
+func srtpProtectionProfiles() map[SRTPProtectionProfile]bool {
+	return map[SRTPProtectionProfile]bool{
+		SRTP_AES128_CM_HMAC_SHA1_80: true,
+		SRTP_AES128_CM_HMAC_SHA1_32: true,
+		SRTP_AEAD_AES_128_GCM:       true,
+		SRTP_AEAD_AES_256_GCM:       true,
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/state.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/state.go
new file mode 100644
index 000000000..33d210540
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/state.go
@@ -0,0 +1,187 @@
+package dtls
+
+import (
+	"bytes"
+	"encoding/gob"
+	"sync/atomic"
+
+	"github.com/pion/transport/replaydetector"
+)
+
+// State holds the dtls connection state and implements both encoding.BinaryMarshaler and encoding.BinaryUnmarshaler
+type State struct {
+	localEpoch, remoteEpoch   atomic.Value
+	localSequenceNumber       []uint64 // uint48
+	localRandom, remoteRandom handshakeRandom
+	masterSecret              []byte
+	cipherSuite               cipherSuite // nil if a cipherSuite hasn't been chosen
+
+	srtpProtectionProfile SRTPProtectionProfile // Negotiated SRTPProtectionProfile
+	PeerCertificates      [][]byte
+
+	isClient bool
+
+	preMasterSecret      []byte
+	extendedMasterSecret bool
+
+	namedCurve                 namedCurve
+	localKeypair               *namedCurveKeypair
+	cookie                     []byte
+	handshakeSendSequence      int
+	handshakeRecvSequence      int
+	serverName                 string
+	remoteRequestedCertificate bool   // Did we get a CertificateRequest
+	localCertificatesVerify    []byte // cache CertificateVerify
+	localVerifyData            []byte // cached VerifyData
+	localKeySignature          []byte // cached keySignature
+	peerCertificatesVerified   bool
+
+	replayDetector []replaydetector.ReplayDetector
+}
+
+type serializedState struct {
+	LocalEpoch            uint16
+	RemoteEpoch           uint16
+	LocalRandom           [handshakeRandomLength]byte
+	RemoteRandom          [handshakeRandomLength]byte
+	CipherSuiteID         uint16
+	MasterSecret          []byte
+	SequenceNumber        uint64
+	SRTPProtectionProfile uint16
+	PeerCertificates      [][]byte
+	IsClient              bool
+}
+
+func (s *State) clone() *State {
+	serialized := s.serialize()
+	state := &State{}
+	state.deserialize(*serialized)
+
+	return state
+}
+
+func (s *State) serialize() *serializedState {
+	// Marshal random values
+	localRnd := s.localRandom.marshalFixed()
+	remoteRnd := s.remoteRandom.marshalFixed()
+
+	epoch := s.localEpoch.Load().(uint16)
+	return &serializedState{
+		LocalEpoch:            epoch,
+		RemoteEpoch:           s.remoteEpoch.Load().(uint16),
+		CipherSuiteID:         uint16(s.cipherSuite.ID()),
+		MasterSecret:          s.masterSecret,
+		SequenceNumber:        atomic.LoadUint64(&s.localSequenceNumber[epoch]),
+		LocalRandom:           localRnd,
+		RemoteRandom:          remoteRnd,
+		SRTPProtectionProfile: uint16(s.srtpProtectionProfile),
+		PeerCertificates:      s.PeerCertificates,
+		IsClient:              s.isClient,
+	}
+}
+
+func (s *State) deserialize(serialized serializedState) {
+	// Set epoch values
+	epoch := serialized.LocalEpoch
+	s.localEpoch.Store(serialized.LocalEpoch)
+	s.remoteEpoch.Store(serialized.RemoteEpoch)
+
+	for len(s.localSequenceNumber) <= int(epoch) {
+		s.localSequenceNumber = append(s.localSequenceNumber, uint64(0))
+	}
+
+	// Set random values
+	localRandom := &handshakeRandom{}
+	localRandom.unmarshalFixed(serialized.LocalRandom)
+	s.localRandom = *localRandom
+
+	remoteRandom := &handshakeRandom{}
+	remoteRandom.unmarshalFixed(serialized.RemoteRandom)
+	s.remoteRandom = *remoteRandom
+
+	s.isClient = serialized.IsClient
+
+	// Set master secret
+	s.masterSecret = serialized.MasterSecret
+
+	// Set cipher suite
+	s.cipherSuite = cipherSuiteForID(CipherSuiteID(serialized.CipherSuiteID))
+
+	atomic.StoreUint64(&s.localSequenceNumber[epoch], serialized.SequenceNumber)
+	s.srtpProtectionProfile = SRTPProtectionProfile(serialized.SRTPProtectionProfile)
+
+	// Set remote certificate
+	s.PeerCertificates = serialized.PeerCertificates
+}
+
+func (s *State) initCipherSuite() error {
+	if s.cipherSuite.isInitialized() {
+		return nil
+	}
+
+	localRandom := s.localRandom.marshalFixed()
+	remoteRandom := s.remoteRandom.marshalFixed()
+
+	var err error
+	if s.isClient {
+		err = s.cipherSuite.init(s.masterSecret, localRandom[:], remoteRandom[:], true)
+	} else {
+		err = s.cipherSuite.init(s.masterSecret, remoteRandom[:], localRandom[:], false)
+	}
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+// MarshalBinary is a binary.BinaryMarshaler.MarshalBinary implementation
+func (s *State) MarshalBinary() ([]byte, error) {
+	serialized := s.serialize()
+
+	var buf bytes.Buffer
+	enc := gob.NewEncoder(&buf)
+	if err := enc.Encode(*serialized); err != nil {
+		return nil, err
+	}
+	return buf.Bytes(), nil
+}
+
+// UnmarshalBinary is a binary.BinaryUnmarshaler.UnmarshalBinary implementation
+func (s *State) UnmarshalBinary(data []byte) error {
+	enc := gob.NewDecoder(bytes.NewBuffer(data))
+	var serialized serializedState
+	if err := enc.Decode(&serialized); err != nil {
+		return err
+	}
+
+	s.deserialize(serialized)
+	if err := s.initCipherSuite(); err != nil {
+		return err
+	}
+	return nil
+}
+
+// ExportKeyingMaterial returns length bytes of exported key material in a new
+// slice as defined in RFC 5705.
+// This allows protocols to use DTLS for key establishment, but
+// then use some of the keying material for their own purposes
+func (s *State) ExportKeyingMaterial(label string, context []byte, length int) ([]byte, error) {
+	if s.localEpoch.Load().(uint16) == 0 {
+		return nil, errHandshakeInProgress
+	} else if len(context) != 0 {
+		return nil, errContextUnsupported
+	} else if _, ok := invalidKeyingLabels()[label]; ok {
+		return nil, errReservedExportKeyingMaterial
+	}
+
+	localRandom := s.localRandom.marshalFixed()
+	remoteRandom := s.remoteRandom.marshalFixed()
+
+	seed := []byte(label)
+	if s.isClient {
+		seed = append(append(seed, localRandom[:]...), remoteRandom[:]...)
+	} else {
+		seed = append(append(seed, remoteRandom[:]...), localRandom[:]...)
+	}
+	return prfPHash(s.masterSecret, seed, length, s.cipherSuite.hashFunc())
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/util.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/util.go
new file mode 100644
index 000000000..b59f6b604
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/dtls/v2/util.go
@@ -0,0 +1,114 @@
+package dtls
+
+import (
+	"encoding/binary"
+)
+
+// Parse a big endian uint24
+func bigEndianUint24(raw []byte) uint32 {
+	if len(raw) < 3 {
+		return 0
+	}
+
+	rawCopy := make([]byte, 4)
+	copy(rawCopy[1:], raw)
+	return binary.BigEndian.Uint32(rawCopy)
+}
+
+func putBigEndianUint24(out []byte, in uint32) {
+	tmp := make([]byte, 4)
+	binary.BigEndian.PutUint32(tmp, in)
+	copy(out, tmp[1:])
+}
+
+func putBigEndianUint48(out []byte, in uint64) {
+	tmp := make([]byte, 8)
+	binary.BigEndian.PutUint64(tmp, in)
+	copy(out, tmp[2:])
+}
+
+func max(a, b int) int {
+	if a > b {
+		return a
+	}
+	return b
+}
+
+// examinePadding returns, in constant time, the length of the padding to remove
+// from the end of payload. It also returns a byte which is equal to 255 if the
+// padding was valid and 0 otherwise. See RFC 2246, Section 6.2.3.2.
+//
+// https://github.com/golang/go/blob/039c2081d1178f90a8fa2f4e6958693129f8de33/src/crypto/tls/conn.go#L245
+func examinePadding(payload []byte) (toRemove int, good byte) {
+	if len(payload) < 1 {
+		return 0, 0
+	}
+
+	paddingLen := payload[len(payload)-1]
+	t := uint(len(payload)-1) - uint(paddingLen)
+	// if len(payload) >= (paddingLen - 1) then the MSB of t is zero
+	good = byte(int32(^t) >> 31)
+
+	// The maximum possible padding length plus the actual length field
+	toCheck := 256
+	// The length of the padded data is public, so we can use an if here
+	if toCheck > len(payload) {
+		toCheck = len(payload)
+	}
+
+	for i := 0; i < toCheck; i++ {
+		t := uint(paddingLen) - uint(i)
+		// if i <= paddingLen then the MSB of t is zero
+		mask := byte(int32(^t) >> 31)
+		b := payload[len(payload)-1-i]
+		good &^= mask&paddingLen ^ mask&b
+	}
+
+	// We AND together the bits of good and replicate the result across
+	// all the bits.
+	good &= good << 4
+	good &= good << 2
+	good &= good << 1
+	good = uint8(int8(good) >> 7)
+
+	toRemove = int(paddingLen) + 1
+
+	return toRemove, good
+}
+
+func findMatchingSRTPProfile(a, b []SRTPProtectionProfile) (SRTPProtectionProfile, bool) {
+	for _, aProfile := range a {
+		for _, bProfile := range b {
+			if aProfile == bProfile {
+				return aProfile, true
+			}
+		}
+	}
+	return 0, false
+}
+
+func findMatchingCipherSuite(a, b []cipherSuite) (cipherSuite, bool) { //nolint
+	for _, aSuite := range a {
+		for _, bSuite := range b {
+			if aSuite.ID() == bSuite.ID() {
+				return aSuite, true
+			}
+		}
+	}
+	return nil, false
+}
+
+func splitBytes(bytes []byte, splitLen int) [][]byte {
+	splitBytes := make([][]byte, 0)
+	numBytes := len(bytes)
+	for i := 0; i < numBytes; i += splitLen {
+		j := i + splitLen
+		if j > numBytes {
+			j = numBytes
+		}
+
+		splitBytes = append(splitBytes, bytes[i:j])
+	}
+
+	return splitBytes
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/.gitignore b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/.gitignore
new file mode 100644
index 000000000..83db74ba5
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/.gitignore
@@ -0,0 +1,24 @@
+### JetBrains IDE ###
+#####################
+.idea/
+
+### Emacs Temporary Files ###
+#############################
+*~
+
+### Folders ###
+###############
+bin/
+vendor/
+node_modules/
+
+### Files ###
+#############
+*.ivf
+*.ogg
+tags
+cover.out
+*.sw[poe]
+*.wasm
+examples/sfu-ws/cert.pem
+examples/sfu-ws/key.pem
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/.golangci.yml b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/.golangci.yml
new file mode 100644
index 000000000..d6162c970
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/.golangci.yml
@@ -0,0 +1,89 @@
+linters-settings:
+  govet:
+    check-shadowing: true
+  misspell:
+    locale: US
+  exhaustive:
+    default-signifies-exhaustive: true
+  gomodguard:
+    blocked:
+      modules:
+        - github.com/pkg/errors:
+            recommendations:
+            - errors
+
+linters:
+  enable:
+    - asciicheck       # Simple linter to check that your code does not contain non-ASCII identifiers
+    - bodyclose        # checks whether HTTP response body is closed successfully
+    - deadcode         # Finds unused code
+    - depguard         # Go linter that checks if package imports are in a list of acceptable packages
+    - dogsled          # Checks assignments with too many blank identifiers (e.g. x, _, _, _, := f())
+    - dupl             # Tool for code clone detection
+    - errcheck         # Errcheck is a program for checking for unchecked errors in go programs. These unchecked errors can be critical bugs in some cases
+    - exhaustive       # check exhaustiveness of enum switch statements
+    - exportloopref    # checks for pointers to enclosing loop variables
+    - gci              # Gci control golang package import order and make it always deterministic.
+    - gochecknoglobals # Checks that no globals are present in Go code
+    - gochecknoinits   # Checks that no init functions are present in Go code
+    - gocognit         # Computes and checks the cognitive complexity of functions
+    - goconst          # Finds repeated strings that could be replaced by a constant
+    - gocritic         # The most opinionated Go source code linter
+    - godox            # Tool for detection of FIXME, TODO and other comment keywords
+    - goerr113         # Golang linter to check the errors handling expressions
+    - gofmt            # Gofmt checks whether code was gofmt-ed. By default this tool runs with -s option to check for code simplification
+    - gofumpt          # Gofumpt checks whether code was gofumpt-ed.
+    - goheader         # Checks is file header matches to pattern
+    - goimports        # Goimports does everything that gofmt does. Additionally it checks unused imports
+    - golint           # Golint differs from gofmt. Gofmt reformats Go source code, whereas golint prints out style mistakes
+    - gomodguard       # Allow and block list linter for direct Go module dependencies. This is different from depguard where there are different block types for example version constraints and module recommendations.
+    - goprintffuncname # Checks that printf-like functions are named with `f` at the end
+    - gosec            # Inspects source code for security problems
+    - gosimple         # Linter for Go source code that specializes in simplifying a code
+    - govet            # Vet examines Go source code and reports suspicious constructs, such as Printf calls whose arguments do not align with the format string
+    - ineffassign      # Detects when assignments to existing variables are not used
+    - misspell         # Finds commonly misspelled English words in comments
+    - nakedret         # Finds naked returns in functions greater than a specified function length
+    - noctx            # noctx finds sending http request without context.Context
+    - scopelint        # Scopelint checks for unpinned variables in go programs
+    - staticcheck      # Staticcheck is a go vet on steroids, applying a ton of static analysis checks
+    - structcheck      # Finds unused struct fields
+    - stylecheck       # Stylecheck is a replacement for golint
+    - typecheck        # Like the front-end of a Go compiler, parses and type-checks Go code
+    - unconvert        # Remove unnecessary type conversions
+    - unparam          # Reports unused function parameters
+    - unused           # Checks Go code for unused constants, variables, functions and types
+    - varcheck         # Finds unused global variables and constants
+    - whitespace       # Tool for detection of leading and trailing whitespace
+  disable:
+    - funlen           # Tool for detection of long functions
+    - gocyclo          # Computes and checks the cyclomatic complexity of functions
+    - godot            # Check if comments end in a period
+    - gomnd            # An analyzer to detect magic numbers.
+    - lll              # Reports long lines
+    - maligned         # Tool to detect Go structs that would take less memory if their fields were sorted
+    - nestif           # Reports deeply nested if statements
+    - nlreturn         # nlreturn checks for a new line before return and branch statements to increase code clarity
+    - nolintlint       # Reports ill-formed or insufficient nolint directives
+    - prealloc         # Finds slice declarations that could potentially be preallocated
+    - rowserrcheck     # checks whether Err of rows is checked successfully
+    - sqlclosecheck    # Checks that sql.Rows and sql.Stmt are closed.
+    - testpackage      # linter that makes you use a separate _test package
+    - wsl              # Whitespace Linter - Forces you to use empty lines!
+
+issues:
+  exclude-use-default: false
+  exclude-rules:
+    # Allow complex tests, better to be self contained
+    - path: _test\.go
+      linters:
+        - gocognit
+
+    # Allow complex main function in examples
+    - path: examples
+      text: "of func `main` is high"
+      linters:
+        - gocognit
+
+run:
+  skip-dirs-use-default: false
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/LICENSE b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/LICENSE
new file mode 100644
index 000000000..ab602974d
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2018 
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/README.md b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/README.md
new file mode 100644
index 000000000..788a29204
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/README.md
@@ -0,0 +1,66 @@
+<h1 align="center">
+  <br>
+  Pion ICE
+  <br>
+</h1>
+<h4 align="center">A Go implementation of ICE</h4>
+<p align="center">
+  <a href="https://pion.ly"><img src="https://img.shields.io/badge/pion-ice-gray.svg?longCache=true&colorB=brightgreen" alt="Pion transport"></a>
+  <a href="http://gophers.slack.com/messages/pion"><img src="https://img.shields.io/badge/join-us%20on%20slack-gray.svg?longCache=true&logo=slack&colorB=brightgreen" alt="Slack Widget"></a>
+  <br>
+  <a href="https://travis-ci.org/pion/ice"><img src="https://travis-ci.org/pion/ice.svg?branch=master" alt="Build Status"></a>
+  <a href="https://pkg.go.dev/github.com/pion/ice"><img src="https://godoc.org/github.com/pion/ice?status.svg" alt="GoDoc"></a>
+  <a href="https://codecov.io/gh/pion/ice"><img src="https://codecov.io/gh/pion/ice/branch/master/graph/badge.svg" alt="Coverage Status"></a>
+  <a href="https://goreportcard.com/report/github.com/pion/ice"><img src="https://goreportcard.com/badge/github.com/pion/ice" alt="Go Report Card"></a>
+  <a href="LICENSE"><img src="https://img.shields.io/badge/License-MIT-yellow.svg" alt="License: MIT"></a>
+</p>
+<br>
+
+### Roadmap
+The library is used as a part of our WebRTC implementation. Please refer to that [roadmap](https://github.com/pion/webrtc/issues/9) to track our major milestones.
+
+### Community
+Pion has an active community on the [Golang Slack](https://invite.slack.golangbridge.org/). Sign up and join the **#pion** channel for discussions and support. You can also use [Pion mailing list](https://groups.google.com/forum/#!forum/pion).
+
+We are always looking to support **your projects**. Please reach out if you have something to build!
+
+If you need commercial support or don't want to use public methods you can contact us at [team@pion.ly](mailto:team@pion.ly)
+
+### Contributing
+Check out the **[contributing wiki](https://github.com/pion/webrtc/wiki/Contributing)** to join the group of amazing people making this project possible:
+
+* [John Bradley](https://github.com/kc5nra) - *Original Author*
+* [Sean DuBois](https://github.com/Sean-Der) - *Original Author*
+* [Michael MacDonald](https://github.com/mjmac) - *Original Author*
+* [Michiel De Backker](https://github.com/backkem) - *Original Author*
+* [Konstantin Itskov](https://github.com/trivigy) - *Original Author*
+* [Luke Curley](https://github.com/kixelated)
+* [Hugo Arregui](https://github.com/hugoArregui)
+* [Adam Kiss](https://github.com/masterada)
+* [Aleksandr Razumov](https://github.com/ernado)
+* [Yutaka Takeda](https://github.com/enobufs)
+* [Atsushi Watanabe](https://github.com/at-wat)
+* [Robert Eperjesi](https://github.com/epes)
+* [Sebastian Waisbrot](https://github.com/seppo0010)
+* [Zizheng Tai](https://github.com/ZizhengTai)
+* [Aaron France](https://github.com/AeroNotix)
+* [Chao Yuan](https://github.com/yuanchao0310)
+* [Jason Maldonis](https://github.com/jjmaldonis)
+* [Nevio Vesic](https://github.com/0x19)
+* [David Hamilton](https://github.com/dihamilton)
+* [adwpc](https://github.com/adwpc)
+* [Ori Bernstein](https://eigenstate.org)
+* [Sam Lancia](https://github.com/nerd2)
+* [Lander Noterman](https://github.com/LanderN)
+* [BUPTCZQ](https://github.com/buptczq)
+* [Henry](https://github.com/cryptix)
+* [Jerko Steiner](https://github.com/jeremija)
+* [Sidney San Martín](https://github.com/s4y)
+* [JooYoung Lim](https://github.com/DevRockstarZ)
+* [Kory Miller](https://github.com/korymiller1489)
+* [ZHENK](https://github.com/scorpionknifes)
+* [Assad Obaid](https://github.com/assadobaid)
+* [Antoine Baché](https://github.com/Antonito)
+
+### License
+MIT License - see [LICENSE](LICENSE) for full text
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/agent.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/agent.go
new file mode 100644
index 000000000..9f1ac6ae8
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/agent.go
@@ -0,0 +1,1233 @@
+// Package ice implements the Interactive Connectivity Establishment (ICE)
+// protocol defined in rfc5245.
+package ice
+
+import (
+	"context"
+	"net"
+	"strings"
+	"sync"
+	"sync/atomic"
+	"time"
+
+	"github.com/pion/logging"
+	"github.com/pion/mdns"
+	"github.com/pion/stun"
+	"github.com/pion/transport/packetio"
+	"github.com/pion/transport/vnet"
+	"golang.org/x/net/proxy"
+)
+
+type bindingRequest struct {
+	timestamp      time.Time
+	transactionID  [stun.TransactionIDSize]byte
+	destination    net.Addr
+	isUseCandidate bool
+}
+
+// Agent represents the ICE agent
+type Agent struct {
+	chanTask   chan task
+	afterRunFn []func(ctx context.Context)
+	muAfterRun sync.Mutex
+
+	onConnectionStateChangeHdlr       atomic.Value // func(ConnectionState)
+	onSelectedCandidatePairChangeHdlr atomic.Value // func(Candidate, Candidate)
+	onCandidateHdlr                   atomic.Value // func(Candidate)
+
+	// State owned by the taskLoop
+	onConnected     chan struct{}
+	onConnectedOnce sync.Once
+
+	// force candidate to be contacted immediately (instead of waiting for task ticker)
+	forceCandidateContact chan bool
+
+	tieBreaker uint64
+	lite       bool
+
+	connectionState ConnectionState
+	gatheringState  GatheringState
+
+	mDNSMode MulticastDNSMode
+	mDNSName string
+	mDNSConn *mdns.Conn
+
+	muHaveStarted sync.Mutex
+	startedCh     <-chan struct{}
+	startedFn     func()
+	isControlling bool
+
+	maxBindingRequests uint16
+
+	hostAcceptanceMinWait  time.Duration
+	srflxAcceptanceMinWait time.Duration
+	prflxAcceptanceMinWait time.Duration
+	relayAcceptanceMinWait time.Duration
+
+	portmin uint16
+	portmax uint16
+
+	candidateTypes []CandidateType
+
+	// How long connectivity checks can fail before the ICE Agent
+	// goes to disconnected
+	disconnectedTimeout time.Duration
+
+	// How long connectivity checks can fail before the ICE Agent
+	// goes to failed
+	failedTimeout time.Duration
+
+	// How often should we send keepalive packets?
+	// 0 means never
+	keepaliveInterval time.Duration
+
+	// How often should we run our internal taskLoop to check for state changes when connecting
+	checkInterval time.Duration
+
+	localUfrag      string
+	localPwd        string
+	localCandidates map[NetworkType][]Candidate
+
+	remoteUfrag      string
+	remotePwd        string
+	remoteCandidates map[NetworkType][]Candidate
+
+	checklist []*candidatePair
+	selector  pairCandidateSelector
+
+	selectedPair atomic.Value // *candidatePair
+
+	urls         []*URL
+	networkTypes []NetworkType
+
+	buffer *packetio.Buffer
+
+	// LRU of outbound Binding request Transaction IDs
+	pendingBindingRequests []bindingRequest
+
+	// 1:1 D-NAT IP address mapping
+	extIPMapper *externalIPMapper
+
+	// State for closing
+	done chan struct{}
+	err  atomicError
+
+	gatherCandidateCancel func()
+
+	chanCandidate     chan Candidate
+	chanCandidatePair chan *candidatePair
+	chanState         chan ConnectionState
+
+	loggerFactory logging.LoggerFactory
+	log           logging.LeveledLogger
+
+	net    *vnet.Net
+	tcpMux TCPMux
+
+	interfaceFilter func(string) bool
+
+	insecureSkipVerify bool
+
+	proxyDialer proxy.Dialer
+}
+
+type task struct {
+	fn   func(context.Context, *Agent)
+	done chan struct{}
+}
+
+// afterRun registers function to be run after the task.
+func (a *Agent) afterRun(f func(context.Context)) {
+	a.muAfterRun.Lock()
+	a.afterRunFn = append(a.afterRunFn, f)
+	a.muAfterRun.Unlock()
+}
+
+func (a *Agent) getAfterRunFn() []func(context.Context) {
+	a.muAfterRun.Lock()
+	defer a.muAfterRun.Unlock()
+	fns := a.afterRunFn
+	a.afterRunFn = nil
+	return fns
+}
+
+func (a *Agent) ok() error {
+	select {
+	case <-a.done:
+		return a.getErr()
+	default:
+	}
+	return nil
+}
+
+func (a *Agent) getErr() error {
+	if err := a.err.Load(); err != nil {
+		return err
+	}
+	return ErrClosed
+}
+
+// Run task in serial. Blocking tasks must be cancelable by context.
+func (a *Agent) run(ctx context.Context, t func(context.Context, *Agent)) error {
+	if err := a.ok(); err != nil {
+		return err
+	}
+	done := make(chan struct{})
+	select {
+	case <-ctx.Done():
+		return ctx.Err()
+	case a.chanTask <- task{t, done}:
+		<-done
+		return nil
+	}
+}
+
+// taskLoop handles registered tasks and agent close.
+func (a *Agent) taskLoop() {
+	after := func() {
+		for {
+			// Get and run func registered by afterRun().
+			fns := a.getAfterRunFn()
+			if len(fns) == 0 {
+				break
+			}
+			for _, fn := range fns {
+				fn(a.context())
+			}
+		}
+	}
+	defer func() {
+		a.deleteAllCandidates()
+		a.startedFn()
+
+		if err := a.buffer.Close(); err != nil {
+			a.log.Warnf("failed to close buffer: %v", err)
+		}
+
+		a.closeMulticastConn()
+		a.updateConnectionState(ConnectionStateClosed)
+
+		after()
+
+		close(a.chanState)
+		close(a.chanCandidate)
+		close(a.chanCandidatePair)
+	}()
+
+	for {
+		select {
+		case <-a.done:
+			return
+		case t := <-a.chanTask:
+			t.fn(a.context(), a)
+			close(t.done)
+			after()
+		}
+	}
+}
+
+// NewAgent creates a new Agent
+func NewAgent(config *AgentConfig) (*Agent, error) { //nolint:gocognit
+	var err error
+	if config.PortMax < config.PortMin {
+		return nil, ErrPort
+	}
+
+	mDNSName := config.MulticastDNSHostName
+	if mDNSName == "" {
+		if mDNSName, err = generateMulticastDNSName(); err != nil {
+			return nil, err
+		}
+	}
+
+	if !strings.HasSuffix(mDNSName, ".local") || len(strings.Split(mDNSName, ".")) != 2 {
+		return nil, ErrInvalidMulticastDNSHostName
+	}
+
+	mDNSMode := config.MulticastDNSMode
+	if mDNSMode == 0 {
+		mDNSMode = MulticastDNSModeQueryOnly
+	}
+
+	loggerFactory := config.LoggerFactory
+	if loggerFactory == nil {
+		loggerFactory = logging.NewDefaultLoggerFactory()
+	}
+	log := loggerFactory.NewLogger("ice")
+
+	var mDNSConn *mdns.Conn
+	mDNSConn, mDNSMode, err = createMulticastDNS(mDNSMode, mDNSName, log)
+	// Opportunistic mDNS: If we can't open the connection, that's ok: we
+	// can continue without it.
+	if err != nil {
+		log.Warnf("Failed to initialize mDNS %s: %v", mDNSName, err)
+	}
+	closeMDNSConn := func() {
+		if mDNSConn != nil {
+			if mdnsCloseErr := mDNSConn.Close(); mdnsCloseErr != nil {
+				log.Warnf("Failed to close mDNS: %v", mdnsCloseErr)
+			}
+		}
+	}
+
+	startedCtx, startedFn := context.WithCancel(context.Background())
+
+	a := &Agent{
+		chanTask:          make(chan task),
+		chanState:         make(chan ConnectionState),
+		chanCandidate:     make(chan Candidate),
+		chanCandidatePair: make(chan *candidatePair),
+		tieBreaker:        globalMathRandomGenerator.Uint64(),
+		lite:              config.Lite,
+		gatheringState:    GatheringStateNew,
+		connectionState:   ConnectionStateNew,
+		localCandidates:   make(map[NetworkType][]Candidate),
+		remoteCandidates:  make(map[NetworkType][]Candidate),
+		urls:              config.Urls,
+		networkTypes:      config.NetworkTypes,
+		onConnected:       make(chan struct{}),
+		buffer:            packetio.NewBuffer(),
+		done:              make(chan struct{}),
+		startedCh:         startedCtx.Done(),
+		startedFn:         startedFn,
+		portmin:           config.PortMin,
+		portmax:           config.PortMax,
+		loggerFactory:     loggerFactory,
+		log:               log,
+		net:               config.Net,
+		proxyDialer:       config.ProxyDialer,
+
+		mDNSMode: mDNSMode,
+		mDNSName: mDNSName,
+		mDNSConn: mDNSConn,
+
+		gatherCandidateCancel: func() {},
+
+		forceCandidateContact: make(chan bool, 1),
+
+		interfaceFilter: config.InterfaceFilter,
+
+		insecureSkipVerify: config.InsecureSkipVerify,
+	}
+
+	a.tcpMux = config.TCPMux
+	if a.tcpMux == nil {
+		a.tcpMux = newInvalidTCPMux()
+	}
+
+	if a.net == nil {
+		a.net = vnet.NewNet(nil)
+	} else if a.net.IsVirtual() {
+		a.log.Warn("vnet is enabled")
+		if a.mDNSMode != MulticastDNSModeDisabled {
+			a.log.Warn("vnet does not support mDNS yet")
+		}
+	}
+
+	config.initWithDefaults(a)
+
+	// Make sure the buffer doesn't grow indefinitely.
+	// NOTE: We actually won't get anywhere close to this limit.
+	// SRTP will constantly read from the endpoint and drop packets if it's full.
+	a.buffer.SetLimitSize(maxBufferSize)
+
+	if a.lite && (len(a.candidateTypes) != 1 || a.candidateTypes[0] != CandidateTypeHost) {
+		closeMDNSConn()
+		return nil, ErrLiteUsingNonHostCandidates
+	}
+
+	if config.Urls != nil && len(config.Urls) > 0 && !containsCandidateType(CandidateTypeServerReflexive, a.candidateTypes) && !containsCandidateType(CandidateTypeRelay, a.candidateTypes) {
+		closeMDNSConn()
+		return nil, ErrUselessUrlsProvided
+	}
+
+	if err = config.initExtIPMapping(a); err != nil {
+		closeMDNSConn()
+		return nil, err
+	}
+
+	go a.taskLoop()
+	a.startOnConnectionStateChangeRoutine()
+
+	// Restart is also used to initialize the agent for the first time
+	if err := a.Restart(config.LocalUfrag, config.LocalPwd); err != nil {
+		closeMDNSConn()
+		_ = a.Close()
+		return nil, err
+	}
+
+	return a, nil
+}
+
+// OnConnectionStateChange sets a handler that is fired when the connection state changes
+func (a *Agent) OnConnectionStateChange(f func(ConnectionState)) error {
+	a.onConnectionStateChangeHdlr.Store(f)
+	return nil
+}
+
+// OnSelectedCandidatePairChange sets a handler that is fired when the final candidate
+// pair is selected
+func (a *Agent) OnSelectedCandidatePairChange(f func(Candidate, Candidate)) error {
+	a.onSelectedCandidatePairChangeHdlr.Store(f)
+	return nil
+}
+
+// OnCandidate sets a handler that is fired when new candidates gathered. When
+// the gathering process complete the last candidate is nil.
+func (a *Agent) OnCandidate(f func(Candidate)) error {
+	a.onCandidateHdlr.Store(f)
+	return nil
+}
+
+func (a *Agent) onSelectedCandidatePairChange(p *candidatePair) {
+	if h, ok := a.onSelectedCandidatePairChangeHdlr.Load().(func(Candidate, Candidate)); ok {
+		h(p.local, p.remote)
+	}
+}
+
+func (a *Agent) onCandidate(c Candidate) {
+	if onCandidateHdlr, ok := a.onCandidateHdlr.Load().(func(Candidate)); ok {
+		onCandidateHdlr(c)
+	}
+}
+
+func (a *Agent) onConnectionStateChange(s ConnectionState) {
+	if hdlr, ok := a.onConnectionStateChangeHdlr.Load().(func(ConnectionState)); ok {
+		hdlr(s)
+	}
+}
+
+func (a *Agent) startOnConnectionStateChangeRoutine() {
+	go func() {
+		for {
+			// CandidatePair and ConnectionState are usually changed at once.
+			// Blocking one by the other one causes deadlock.
+			p, isOpen := <-a.chanCandidatePair
+			if !isOpen {
+				return
+			}
+			a.onSelectedCandidatePairChange(p)
+		}
+	}()
+	go func() {
+		for {
+			select {
+			case s, isOpen := <-a.chanState:
+				if !isOpen {
+					for c := range a.chanCandidate {
+						a.onCandidate(c)
+					}
+					return
+				}
+				a.onConnectionStateChange(s)
+
+			case c, isOpen := <-a.chanCandidate:
+				if !isOpen {
+					for s := range a.chanState {
+						a.onConnectionStateChange(s)
+					}
+					return
+				}
+				a.onCandidate(c)
+			}
+		}
+	}()
+}
+
+func (a *Agent) startConnectivityChecks(isControlling bool, remoteUfrag, remotePwd string) error {
+	a.muHaveStarted.Lock()
+	defer a.muHaveStarted.Unlock()
+	select {
+	case <-a.startedCh:
+		return ErrMultipleStart
+	default:
+	}
+	if err := a.SetRemoteCredentials(remoteUfrag, remotePwd); err != nil {
+		return err
+	}
+
+	a.log.Debugf("Started agent: isControlling? %t, remoteUfrag: %q, remotePwd: %q", isControlling, remoteUfrag, remotePwd)
+
+	return a.run(a.context(), func(ctx context.Context, agent *Agent) {
+		agent.isControlling = isControlling
+		agent.remoteUfrag = remoteUfrag
+		agent.remotePwd = remotePwd
+
+		if isControlling {
+			a.selector = &controllingSelector{agent: a, log: a.log}
+		} else {
+			a.selector = &controlledSelector{agent: a, log: a.log}
+		}
+
+		if a.lite {
+			a.selector = &liteSelector{pairCandidateSelector: a.selector}
+		}
+
+		a.selector.Start()
+		a.startedFn()
+
+		agent.updateConnectionState(ConnectionStateChecking)
+
+		a.requestConnectivityCheck()
+		go a.connectivityChecks()
+	})
+}
+
+func (a *Agent) connectivityChecks() {
+	lastConnectionState := ConnectionState(0)
+	checkingDuration := time.Time{}
+
+	contact := func() {
+		if err := a.run(a.context(), func(ctx context.Context, a *Agent) {
+			defer func() {
+				lastConnectionState = a.connectionState
+			}()
+
+			switch a.connectionState {
+			case ConnectionStateFailed:
+				// The connection is currently failed so don't send any checks
+				// In the future it may be restarted though
+				return
+			case ConnectionStateChecking:
+				// We have just entered checking for the first time so update our checking timer
+				if lastConnectionState != a.connectionState {
+					checkingDuration = time.Now()
+				}
+
+				// We have been in checking longer then Disconnect+Failed timeout, set the connection to Failed
+				if time.Since(checkingDuration) > a.disconnectedTimeout+a.failedTimeout {
+					a.updateConnectionState(ConnectionStateFailed)
+					return
+				}
+			}
+
+			a.selector.ContactCandidates()
+		}); err != nil {
+			a.log.Warnf("taskLoop failed: %v", err)
+		}
+	}
+
+	for {
+		interval := defaultKeepaliveInterval
+
+		updateInterval := func(x time.Duration) {
+			if x != 0 && (interval == 0 || interval > x) {
+				interval = x
+			}
+		}
+
+		switch lastConnectionState {
+		case ConnectionStateNew, ConnectionStateChecking: // While connecting, check candidates more frequently
+			updateInterval(a.checkInterval)
+		case ConnectionStateConnected, ConnectionStateDisconnected:
+			updateInterval(a.keepaliveInterval)
+		default:
+		}
+		// Ensure we run our task loop as quickly as the minimum of our various configured timeouts
+		updateInterval(a.disconnectedTimeout)
+		updateInterval(a.failedTimeout)
+
+		t := time.NewTimer(interval)
+		select {
+		case <-a.forceCandidateContact:
+			t.Stop()
+			contact()
+		case <-t.C:
+			contact()
+		case <-a.done:
+			t.Stop()
+			return
+		}
+	}
+}
+
+func (a *Agent) updateConnectionState(newState ConnectionState) {
+	if a.connectionState != newState {
+		// Connection has gone to failed, release all gathered candidates
+		if newState == ConnectionStateFailed {
+			a.deleteAllCandidates()
+		}
+
+		a.log.Infof("Setting new connection state: %s", newState)
+		a.connectionState = newState
+
+		// Call handler after finishing current task since we may be holding the agent lock
+		// and the handler may also require it
+		a.afterRun(func(ctx context.Context) {
+			a.chanState <- newState
+		})
+	}
+}
+
+func (a *Agent) setSelectedPair(p *candidatePair) {
+	a.log.Tracef("Set selected candidate pair: %s", p)
+
+	if p == nil {
+		var nilPair *candidatePair
+		a.selectedPair.Store(nilPair)
+		return
+	}
+
+	p.nominated = true
+	a.selectedPair.Store(p)
+
+	a.updateConnectionState(ConnectionStateConnected)
+
+	// Notify when the selected pair changes
+	if p != nil {
+		a.afterRun(func(ctx context.Context) {
+			select {
+			case a.chanCandidatePair <- p:
+			case <-ctx.Done():
+			}
+		})
+	}
+
+	// Signal connected
+	a.onConnectedOnce.Do(func() { close(a.onConnected) })
+}
+
+func (a *Agent) pingAllCandidates() {
+	a.log.Trace("pinging all candidates")
+
+	if len(a.checklist) == 0 {
+		a.log.Warn("pingAllCandidates called with no candidate pairs. Connection is not possible yet.")
+	}
+
+	for _, p := range a.checklist {
+		if p.state == CandidatePairStateWaiting {
+			p.state = CandidatePairStateInProgress
+		} else if p.state != CandidatePairStateInProgress {
+			continue
+		}
+
+		if p.bindingRequestCount > a.maxBindingRequests {
+			a.log.Tracef("max requests reached for pair %s, marking it as failed\n", p)
+			p.state = CandidatePairStateFailed
+		} else {
+			a.selector.PingCandidate(p.local, p.remote)
+			p.bindingRequestCount++
+		}
+	}
+}
+
+func (a *Agent) getBestAvailableCandidatePair() *candidatePair {
+	var best *candidatePair
+	for _, p := range a.checklist {
+		if p.state == CandidatePairStateFailed {
+			continue
+		}
+
+		if best == nil {
+			best = p
+		} else if best.Priority() < p.Priority() {
+			best = p
+		}
+	}
+	return best
+}
+
+func (a *Agent) getBestValidCandidatePair() *candidatePair {
+	var best *candidatePair
+	for _, p := range a.checklist {
+		if p.state != CandidatePairStateSucceeded {
+			continue
+		}
+
+		if best == nil {
+			best = p
+		} else if best.Priority() < p.Priority() {
+			best = p
+		}
+	}
+	return best
+}
+
+func (a *Agent) addPair(local, remote Candidate) *candidatePair {
+	p := newCandidatePair(local, remote, a.isControlling)
+	a.checklist = append(a.checklist, p)
+	return p
+}
+
+func (a *Agent) findPair(local, remote Candidate) *candidatePair {
+	for _, p := range a.checklist {
+		if p.local.Equal(local) && p.remote.Equal(remote) {
+			return p
+		}
+	}
+	return nil
+}
+
+// validateSelectedPair checks if the selected pair is (still) valid
+// Note: the caller should hold the agent lock.
+func (a *Agent) validateSelectedPair() bool {
+	selectedPair := a.getSelectedPair()
+	if selectedPair == nil {
+		return false
+	}
+
+	disconnectedTime := time.Since(selectedPair.remote.LastReceived())
+
+	// Only allow transitions to failed if a.failedTimeout is non-zero
+	totalTimeToFailure := a.failedTimeout
+	if totalTimeToFailure != 0 {
+		totalTimeToFailure += a.disconnectedTimeout
+	}
+
+	switch {
+	case totalTimeToFailure != 0 && disconnectedTime > totalTimeToFailure:
+		a.updateConnectionState(ConnectionStateFailed)
+	case a.disconnectedTimeout != 0 && disconnectedTime > a.disconnectedTimeout:
+		a.updateConnectionState(ConnectionStateDisconnected)
+	default:
+		a.updateConnectionState(ConnectionStateConnected)
+	}
+
+	return true
+}
+
+// checkKeepalive sends STUN Binding Indications to the selected pair
+// if no packet has been sent on that pair in the last keepaliveInterval
+// Note: the caller should hold the agent lock.
+func (a *Agent) checkKeepalive() {
+	selectedPair := a.getSelectedPair()
+	if selectedPair == nil {
+		return
+	}
+
+	if (a.keepaliveInterval != 0) &&
+		((time.Since(selectedPair.local.LastSent()) > a.keepaliveInterval) ||
+			(time.Since(selectedPair.remote.LastReceived()) > a.keepaliveInterval)) {
+		// we use binding request instead of indication to support refresh consent schemas
+		// see https://tools.ietf.org/html/rfc7675
+		a.selector.PingCandidate(selectedPair.local, selectedPair.remote)
+	}
+}
+
+// AddRemoteCandidate adds a new remote candidate
+func (a *Agent) AddRemoteCandidate(c Candidate) error {
+	if c == nil {
+		return nil
+	}
+
+	// cannot check for network yet because it might not be applied
+	// when mDNS hostame is used.
+	if c.TCPType() == TCPTypeActive {
+		// TCP Candidates with tcptype active will probe server passive ones, so
+		// no need to do anything with them.
+		a.log.Infof("Ignoring remote candidate with tcpType active: %s", c)
+		return nil
+	}
+
+	// If we have a mDNS Candidate lets fully resolve it before adding it locally
+	if c.Type() == CandidateTypeHost && strings.HasSuffix(c.Address(), ".local") {
+		if a.mDNSMode == MulticastDNSModeDisabled {
+			a.log.Warnf("remote mDNS candidate added, but mDNS is disabled: (%s)", c.Address())
+			return nil
+		}
+
+		hostCandidate, ok := c.(*CandidateHost)
+		if !ok {
+			return ErrAddressParseFailed
+		}
+
+		go a.resolveAndAddMulticastCandidate(hostCandidate)
+		return nil
+	}
+
+	go func() {
+		if err := a.run(a.context(), func(ctx context.Context, agent *Agent) {
+			agent.addRemoteCandidate(c)
+		}); err != nil {
+			a.log.Warnf("Failed to add remote candidate %s: %v", c.Address(), err)
+			return
+		}
+	}()
+	return nil
+}
+
+func (a *Agent) resolveAndAddMulticastCandidate(c *CandidateHost) {
+	if a.mDNSConn == nil {
+		return
+	}
+	_, src, err := a.mDNSConn.Query(c.context(), c.Address())
+	if err != nil {
+		a.log.Warnf("Failed to discover mDNS candidate %s: %v", c.Address(), err)
+		return
+	}
+
+	ip, _, _, _ := parseAddr(src) //nolint:dogsled
+	if ip == nil {
+		a.log.Warnf("Failed to discover mDNS candidate %s: failed to parse IP", c.Address())
+		return
+	}
+
+	if err = c.setIP(ip); err != nil {
+		a.log.Warnf("Failed to discover mDNS candidate %s: %v", c.Address(), err)
+		return
+	}
+
+	if err = a.run(a.context(), func(ctx context.Context, agent *Agent) {
+		agent.addRemoteCandidate(c)
+	}); err != nil {
+		a.log.Warnf("Failed to add mDNS candidate %s: %v", c.Address(), err)
+		return
+	}
+}
+
+func (a *Agent) requestConnectivityCheck() {
+	select {
+	case a.forceCandidateContact <- true:
+	default:
+	}
+}
+
+// addRemoteCandidate assumes you are holding the lock (must be execute using a.run)
+func (a *Agent) addRemoteCandidate(c Candidate) {
+	set := a.remoteCandidates[c.NetworkType()]
+
+	for _, candidate := range set {
+		if candidate.Equal(c) {
+			return
+		}
+	}
+
+	set = append(set, c)
+	a.remoteCandidates[c.NetworkType()] = set
+
+	if localCandidates, ok := a.localCandidates[c.NetworkType()]; ok {
+		for _, localCandidate := range localCandidates {
+			a.addPair(localCandidate, c)
+		}
+	}
+
+	a.requestConnectivityCheck()
+}
+
+func (a *Agent) addCandidate(ctx context.Context, c Candidate, candidateConn net.PacketConn) error {
+	return a.run(ctx, func(ctx context.Context, agent *Agent) {
+		c.start(a, candidateConn, a.startedCh)
+
+		set := a.localCandidates[c.NetworkType()]
+		for _, candidate := range set {
+			if candidate.Equal(c) {
+				if err := c.close(); err != nil {
+					a.log.Warnf("Failed to close duplicate candidate: %v", err)
+				}
+				return
+			}
+		}
+
+		set = append(set, c)
+		a.localCandidates[c.NetworkType()] = set
+
+		if remoteCandidates, ok := a.remoteCandidates[c.NetworkType()]; ok {
+			for _, remoteCandidate := range remoteCandidates {
+				a.addPair(c, remoteCandidate)
+			}
+		}
+
+		a.requestConnectivityCheck()
+
+		a.chanCandidate <- c
+	})
+}
+
+// GetLocalCandidates returns the local candidates
+func (a *Agent) GetLocalCandidates() ([]Candidate, error) {
+	var res []Candidate
+
+	err := a.run(a.context(), func(ctx context.Context, agent *Agent) {
+		var candidates []Candidate
+		for _, set := range agent.localCandidates {
+			candidates = append(candidates, set...)
+		}
+		res = candidates
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	return res, nil
+}
+
+// GetLocalUserCredentials returns the local user credentials
+func (a *Agent) GetLocalUserCredentials() (frag string, pwd string, err error) {
+	valSet := make(chan struct{})
+	err = a.run(a.context(), func(ctx context.Context, agent *Agent) {
+		frag = agent.localUfrag
+		pwd = agent.localPwd
+		close(valSet)
+	})
+
+	if err == nil {
+		<-valSet
+	}
+	return
+}
+
+// GetRemoteUserCredentials returns the remote user credentials
+func (a *Agent) GetRemoteUserCredentials() (frag string, pwd string, err error) {
+	valSet := make(chan struct{})
+	err = a.run(a.context(), func(ctx context.Context, agent *Agent) {
+		frag = agent.remoteUfrag
+		pwd = agent.remotePwd
+		close(valSet)
+	})
+
+	if err == nil {
+		<-valSet
+	}
+	return
+}
+
+// Close cleans up the Agent
+func (a *Agent) Close() error {
+	if err := a.ok(); err != nil {
+		return err
+	}
+
+	done := make(chan struct{})
+
+	a.afterRun(func(context.Context) {
+		close(done)
+	})
+
+	a.gatherCandidateCancel()
+	a.err.Store(ErrClosed)
+
+	a.tcpMux.RemoveConnByUfrag(a.localUfrag)
+
+	close(a.done)
+
+	<-done
+	return nil
+}
+
+// Remove all candidates. This closes any listening sockets
+// and removes both the local and remote candidate lists.
+//
+// This is used for restarts, failures and on close
+func (a *Agent) deleteAllCandidates() {
+	for net, cs := range a.localCandidates {
+		for _, c := range cs {
+			if err := c.close(); err != nil {
+				a.log.Warnf("Failed to close candidate %s: %v", c, err)
+			}
+		}
+		delete(a.localCandidates, net)
+	}
+	for net, cs := range a.remoteCandidates {
+		for _, c := range cs {
+			if err := c.close(); err != nil {
+				a.log.Warnf("Failed to close candidate %s: %v", c, err)
+			}
+		}
+		delete(a.remoteCandidates, net)
+	}
+}
+
+func (a *Agent) findRemoteCandidate(networkType NetworkType, addr net.Addr) Candidate {
+	ip, port, _, ok := parseAddr(addr)
+	if !ok {
+		a.log.Warnf("Error parsing addr: %s", addr)
+		return nil
+	}
+
+	set := a.remoteCandidates[networkType]
+	for _, c := range set {
+		if c.Address() == ip.String() && c.Port() == port {
+			return c
+		}
+	}
+	return nil
+}
+
+func (a *Agent) sendBindingRequest(m *stun.Message, local, remote Candidate) {
+	a.log.Tracef("ping STUN from %s to %s\n", local.String(), remote.String())
+
+	a.invalidatePendingBindingRequests(time.Now())
+	a.pendingBindingRequests = append(a.pendingBindingRequests, bindingRequest{
+		timestamp:      time.Now(),
+		transactionID:  m.TransactionID,
+		destination:    remote.addr(),
+		isUseCandidate: m.Contains(stun.AttrUseCandidate),
+	})
+
+	a.sendSTUN(m, local, remote)
+}
+
+func (a *Agent) sendBindingSuccess(m *stun.Message, local, remote Candidate) {
+	base := remote
+
+	ip, port, _, ok := parseAddr(base.addr())
+	if !ok {
+		a.log.Warnf("Error parsing addr: %s", base.addr())
+		return
+	}
+
+	if out, err := stun.Build(m, stun.BindingSuccess,
+		&stun.XORMappedAddress{
+			IP:   ip,
+			Port: port,
+		},
+		stun.NewShortTermIntegrity(a.localPwd),
+		stun.Fingerprint,
+	); err != nil {
+		a.log.Warnf("Failed to handle inbound ICE from: %s to: %s error: %s", local, remote, err)
+	} else {
+		a.sendSTUN(out, local, remote)
+	}
+}
+
+/* Removes pending binding requests that are over maxBindingRequestTimeout old
+
+   Let HTO be the transaction timeout, which SHOULD be 2*RTT if
+   RTT is known or 500 ms otherwise.
+   https://tools.ietf.org/html/rfc8445#appendix-B.1
+*/
+func (a *Agent) invalidatePendingBindingRequests(filterTime time.Time) {
+	initialSize := len(a.pendingBindingRequests)
+
+	temp := a.pendingBindingRequests[:0]
+	for _, bindingRequest := range a.pendingBindingRequests {
+		if filterTime.Sub(bindingRequest.timestamp) < maxBindingRequestTimeout {
+			temp = append(temp, bindingRequest)
+		}
+	}
+
+	a.pendingBindingRequests = temp
+	if bindRequestsRemoved := initialSize - len(a.pendingBindingRequests); bindRequestsRemoved > 0 {
+		a.log.Tracef("Discarded %d binding requests because they expired", bindRequestsRemoved)
+	}
+}
+
+// Assert that the passed TransactionID is in our pendingBindingRequests and returns the destination
+// If the bindingRequest was valid remove it from our pending cache
+func (a *Agent) handleInboundBindingSuccess(id [stun.TransactionIDSize]byte) (bool, *bindingRequest) {
+	a.invalidatePendingBindingRequests(time.Now())
+	for i := range a.pendingBindingRequests {
+		if a.pendingBindingRequests[i].transactionID == id {
+			validBindingRequest := a.pendingBindingRequests[i]
+			a.pendingBindingRequests = append(a.pendingBindingRequests[:i], a.pendingBindingRequests[i+1:]...)
+			return true, &validBindingRequest
+		}
+	}
+	return false, nil
+}
+
+// handleInbound processes STUN traffic from a remote candidate
+func (a *Agent) handleInbound(m *stun.Message, local Candidate, remote net.Addr) { //nolint:gocognit
+	var err error
+	if m == nil || local == nil {
+		return
+	}
+
+	if m.Type.Method != stun.MethodBinding ||
+		!(m.Type.Class == stun.ClassSuccessResponse ||
+			m.Type.Class == stun.ClassRequest ||
+			m.Type.Class == stun.ClassIndication) {
+		a.log.Tracef("unhandled STUN from %s to %s class(%s) method(%s)", remote, local, m.Type.Class, m.Type.Method)
+		return
+	}
+
+	if a.isControlling {
+		if m.Contains(stun.AttrICEControlling) {
+			a.log.Debug("inbound isControlling && a.isControlling == true")
+			return
+		} else if m.Contains(stun.AttrUseCandidate) {
+			a.log.Debug("useCandidate && a.isControlling == true")
+			return
+		}
+	} else {
+		if m.Contains(stun.AttrICEControlled) {
+			a.log.Debug("inbound isControlled && a.isControlling == false")
+			return
+		}
+	}
+
+	remoteCandidate := a.findRemoteCandidate(local.NetworkType(), remote)
+	if m.Type.Class == stun.ClassSuccessResponse {
+		if err = assertInboundMessageIntegrity(m, []byte(a.remotePwd)); err != nil {
+			a.log.Warnf("discard message from (%s), %v", remote, err)
+			return
+		}
+
+		if remoteCandidate == nil {
+			a.log.Warnf("discard success message from (%s), no such remote", remote)
+			return
+		}
+
+		a.selector.HandleSuccessResponse(m, local, remoteCandidate, remote)
+	} else if m.Type.Class == stun.ClassRequest {
+		if err = assertInboundUsername(m, a.localUfrag+":"+a.remoteUfrag); err != nil {
+			a.log.Warnf("discard message from (%s), %v", remote, err)
+			return
+		} else if err = assertInboundMessageIntegrity(m, []byte(a.localPwd)); err != nil {
+			a.log.Warnf("discard message from (%s), %v", remote, err)
+			return
+		}
+
+		if remoteCandidate == nil {
+			ip, port, networkType, ok := parseAddr(remote)
+			if !ok {
+				a.log.Errorf("Failed to create parse remote net.Addr when creating remote prflx candidate")
+				return
+			}
+
+			prflxCandidateConfig := CandidatePeerReflexiveConfig{
+				Network:   networkType.String(),
+				Address:   ip.String(),
+				Port:      port,
+				Component: local.Component(),
+				RelAddr:   "",
+				RelPort:   0,
+			}
+
+			prflxCandidate, err := NewCandidatePeerReflexive(&prflxCandidateConfig)
+			if err != nil {
+				a.log.Errorf("Failed to create new remote prflx candidate (%s)", err)
+				return
+			}
+			remoteCandidate = prflxCandidate
+
+			a.log.Debugf("adding a new peer-reflexive candidate: %s ", remote)
+			a.addRemoteCandidate(remoteCandidate)
+		}
+
+		a.log.Tracef("inbound STUN (Request) from %s to %s", remote.String(), local.String())
+
+		a.selector.HandleBindingRequest(m, local, remoteCandidate)
+	}
+
+	if remoteCandidate != nil {
+		remoteCandidate.seen(false)
+	}
+}
+
+// validateNonSTUNTraffic processes non STUN traffic from a remote candidate,
+// and returns true if it is an actual remote candidate
+func (a *Agent) validateNonSTUNTraffic(local Candidate, remote net.Addr) bool {
+	var isValidCandidate uint64
+	if err := a.run(local.context(), func(ctx context.Context, agent *Agent) {
+		remoteCandidate := a.findRemoteCandidate(local.NetworkType(), remote)
+		if remoteCandidate != nil {
+			remoteCandidate.seen(false)
+			atomic.AddUint64(&isValidCandidate, 1)
+		}
+	}); err != nil {
+		a.log.Warnf("failed to validate remote candidate: %v", err)
+	}
+
+	return atomic.LoadUint64(&isValidCandidate) == 1
+}
+
+func (a *Agent) getSelectedPair() *candidatePair {
+	selectedPair := a.selectedPair.Load()
+
+	if selectedPair == nil {
+		return nil
+	}
+
+	return selectedPair.(*candidatePair)
+}
+
+func (a *Agent) closeMulticastConn() {
+	if a.mDNSConn != nil {
+		if err := a.mDNSConn.Close(); err != nil {
+			a.log.Warnf("failed to close mDNS Conn: %v", err)
+		}
+	}
+}
+
+// SetRemoteCredentials sets the credentials of the remote agent
+func (a *Agent) SetRemoteCredentials(remoteUfrag, remotePwd string) error {
+	switch {
+	case remoteUfrag == "":
+		return ErrRemoteUfragEmpty
+	case remotePwd == "":
+		return ErrRemotePwdEmpty
+	}
+
+	return a.run(a.context(), func(ctx context.Context, agent *Agent) {
+		agent.remoteUfrag = remoteUfrag
+		agent.remotePwd = remotePwd
+	})
+}
+
+// Restart restarts the ICE Agent with the provided ufrag/pwd
+// If no ufrag/pwd is provided the Agent will generate one itself
+//
+// Restart must only be called when GatheringState is GatheringStateComplete
+// a user must then call GatherCandidates explicitly to start generating new ones
+func (a *Agent) Restart(ufrag, pwd string) error {
+	if ufrag == "" {
+		var err error
+		ufrag, err = generateUFrag()
+		if err != nil {
+			return err
+		}
+	}
+	if pwd == "" {
+		var err error
+		pwd, err = generatePwd()
+		if err != nil {
+			return err
+		}
+	}
+
+	if len([]rune(ufrag))*8 < 24 {
+		return ErrLocalUfragInsufficientBits
+	}
+	if len([]rune(pwd))*8 < 128 {
+		return ErrLocalPwdInsufficientBits
+	}
+
+	var err error
+	if runErr := a.run(a.context(), func(ctx context.Context, agent *Agent) {
+		if agent.gatheringState == GatheringStateGathering {
+			err = ErrRestartWhenGathering
+			return
+		}
+
+		// Clear all agent needed to take back to fresh state
+		agent.localUfrag = ufrag
+		agent.localPwd = pwd
+		agent.remoteUfrag = ""
+		agent.remotePwd = ""
+		a.gatheringState = GatheringStateNew
+		a.checklist = make([]*candidatePair, 0)
+		a.pendingBindingRequests = make([]bindingRequest, 0)
+		a.setSelectedPair(nil)
+		a.deleteAllCandidates()
+		if a.selector != nil {
+			a.selector.Start()
+		}
+
+		// Restart is used by NewAgent. Accept/Connect should be used to move to checking
+		// for new Agents
+		if a.connectionState != ConnectionStateNew {
+			a.updateConnectionState(ConnectionStateChecking)
+		}
+	}); runErr != nil {
+		return runErr
+	}
+	return err
+}
+
+func (a *Agent) setGatheringState(newState GatheringState) error {
+	done := make(chan struct{})
+	if err := a.run(a.context(), func(ctx context.Context, agent *Agent) {
+		if a.gatheringState != newState && newState == GatheringStateComplete {
+			a.chanCandidate <- nil
+		}
+
+		a.gatheringState = newState
+		close(done)
+	}); err != nil {
+		return err
+	}
+
+	<-done
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/agent_config.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/agent_config.go
new file mode 100644
index 000000000..e09ad76ff
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/agent_config.go
@@ -0,0 +1,252 @@
+package ice
+
+import (
+	"time"
+
+	"github.com/pion/logging"
+	"github.com/pion/transport/vnet"
+	"golang.org/x/net/proxy"
+)
+
+const (
+	// defaultCheckInterval is the interval at which the agent performs candidate checks in the connecting phase
+	defaultCheckInterval = 200 * time.Millisecond
+
+	// keepaliveInterval used to keep candidates alive
+	defaultKeepaliveInterval = 2 * time.Second
+
+	// defaultDisconnectedTimeout is the default time till an Agent transitions disconnected
+	defaultDisconnectedTimeout = 5 * time.Second
+
+	// defaultFailedTimeout is the default time till an Agent transitions to failed after disconnected
+	defaultFailedTimeout = 25 * time.Second
+
+	// wait time before nominating a host candidate
+	defaultHostAcceptanceMinWait = 0
+
+	// wait time before nominating a srflx candidate
+	defaultSrflxAcceptanceMinWait = 500 * time.Millisecond
+
+	// wait time before nominating a prflx candidate
+	defaultPrflxAcceptanceMinWait = 1000 * time.Millisecond
+
+	// wait time before nominating a relay candidate
+	defaultRelayAcceptanceMinWait = 2000 * time.Millisecond
+
+	// max binding request before considering a pair failed
+	defaultMaxBindingRequests = 7
+
+	// the number of bytes that can be buffered before we start to error
+	maxBufferSize = 1000 * 1000 // 1MB
+
+	// wait time before binding requests can be deleted
+	maxBindingRequestTimeout = 4000 * time.Millisecond
+)
+
+func defaultCandidateTypes() []CandidateType {
+	return []CandidateType{CandidateTypeHost, CandidateTypeServerReflexive, CandidateTypeRelay}
+}
+
+// AgentConfig collects the arguments to ice.Agent construction into
+// a single structure, for future-proofness of the interface
+type AgentConfig struct {
+	Urls []*URL
+
+	// PortMin and PortMax are optional. Leave them 0 for the default UDP port allocation strategy.
+	PortMin uint16
+	PortMax uint16
+
+	// LocalUfrag and LocalPwd values used to perform connectivity
+	// checks.  The values MUST be unguessable, with at least 128 bits of
+	// random number generator output used to generate the password, and
+	// at least 24 bits of output to generate the username fragment.
+	LocalUfrag string
+	LocalPwd   string
+
+	// MulticastDNSMode controls mDNS behavior for the ICE agent
+	MulticastDNSMode MulticastDNSMode
+
+	// MulticastDNSHostName controls the hostname for this agent. If none is specified a random one will be generated
+	MulticastDNSHostName string
+
+	// DisconnectedTimeout defaults to 5 seconds when this property is nil.
+	// If the duration is 0, the ICE Agent will never go to disconnected
+	DisconnectedTimeout *time.Duration
+
+	// FailedTimeout defaults to 25 seconds when this property is nil.
+	// If the duration is 0, we will never go to failed.
+	FailedTimeout *time.Duration
+
+	// KeepaliveInterval determines how often should we send ICE
+	// keepalives (should be less then connectiontimeout above)
+	// when this is nil, it defaults to 10 seconds.
+	// A keepalive interval of 0 means we never send keepalive packets
+	KeepaliveInterval *time.Duration
+
+	// NetworkTypes is an optional configuration for disabling or enabling
+	// support for specific network types.
+	NetworkTypes []NetworkType
+
+	// CandidateTypes is an optional configuration for disabling or enabling
+	// support for specific candidate types.
+	CandidateTypes []CandidateType
+
+	LoggerFactory logging.LoggerFactory
+
+	// checkInterval controls how often our internal task loop runs when
+	// in the connecting state. Only useful for testing.
+	checkInterval time.Duration
+
+	// MaxBindingRequests is the max amount of binding requests the agent will send
+	// over a candidate pair for validation or nomination, if after MaxBindingRequests
+	// the candidate is yet to answer a binding request or a nomination we set the pair as failed
+	MaxBindingRequests *uint16
+
+	// Lite agents do not perform connectivity check and only provide host candidates.
+	Lite bool
+
+	// NAT1To1IPCandidateType is used along with NAT1To1IPs to specify which candidate type
+	// the 1:1 NAT IP addresses should be mapped to.
+	// If unspecified or CandidateTypeHost, NAT1To1IPs are used to replace host candidate IPs.
+	// If CandidateTypeServerReflexive, it will insert a srflx candidate (as if it was dervied
+	// from a STUN server) with its port number being the one for the actual host candidate.
+	// Other values will result in an error.
+	NAT1To1IPCandidateType CandidateType
+
+	// NAT1To1IPs contains a list of public IP addresses that are to be used as a host
+	// candidate or srflx candidate. This is used typically for servers that are behind
+	// 1:1 D-NAT (e.g. AWS EC2 instances) and to eliminate the need of server reflexisive
+	// candidate gathering.
+	NAT1To1IPs []string
+
+	// HostAcceptanceMinWait specify a minimum wait time before selecting host candidates
+	HostAcceptanceMinWait *time.Duration
+	// HostAcceptanceMinWait specify a minimum wait time before selecting srflx candidates
+	SrflxAcceptanceMinWait *time.Duration
+	// HostAcceptanceMinWait specify a minimum wait time before selecting prflx candidates
+	PrflxAcceptanceMinWait *time.Duration
+	// HostAcceptanceMinWait specify a minimum wait time before selecting relay candidates
+	RelayAcceptanceMinWait *time.Duration
+
+	// Net is the our abstracted network interface for internal development purpose only
+	// (see github.com/pion/transport/vnet)
+	Net *vnet.Net
+
+	// InterfaceFilter is a function that you can use in order to  whitelist or blacklist
+	// the interfaces which are used to gather ICE candidates.
+	InterfaceFilter func(string) bool
+
+	// InsecureSkipVerify controls if self-signed certificates are accepted when connecting
+	// to TURN servers via TLS or DTLS
+	InsecureSkipVerify bool
+
+	// TCPMux will be used for multiplexing incoming TCP connections for ICE TCP.
+	// Currently only passive candidates are supported. This functionality is
+	// experimental and the API might change in the future.
+	TCPMux TCPMux
+
+	// Proxy Dialer is a dialer that should be implemented by the user based on golang.org/x/net/proxy
+	// dial interface in order to support corporate proxies
+	ProxyDialer proxy.Dialer
+}
+
+// initWithDefaults populates an agent and falls back to defaults if fields are unset
+func (config *AgentConfig) initWithDefaults(a *Agent) {
+	if config.MaxBindingRequests == nil {
+		a.maxBindingRequests = defaultMaxBindingRequests
+	} else {
+		a.maxBindingRequests = *config.MaxBindingRequests
+	}
+
+	if config.HostAcceptanceMinWait == nil {
+		a.hostAcceptanceMinWait = defaultHostAcceptanceMinWait
+	} else {
+		a.hostAcceptanceMinWait = *config.HostAcceptanceMinWait
+	}
+
+	if config.SrflxAcceptanceMinWait == nil {
+		a.srflxAcceptanceMinWait = defaultSrflxAcceptanceMinWait
+	} else {
+		a.srflxAcceptanceMinWait = *config.SrflxAcceptanceMinWait
+	}
+
+	if config.PrflxAcceptanceMinWait == nil {
+		a.prflxAcceptanceMinWait = defaultPrflxAcceptanceMinWait
+	} else {
+		a.prflxAcceptanceMinWait = *config.PrflxAcceptanceMinWait
+	}
+
+	if config.RelayAcceptanceMinWait == nil {
+		a.relayAcceptanceMinWait = defaultRelayAcceptanceMinWait
+	} else {
+		a.relayAcceptanceMinWait = *config.RelayAcceptanceMinWait
+	}
+
+	if config.DisconnectedTimeout == nil {
+		a.disconnectedTimeout = defaultDisconnectedTimeout
+	} else {
+		a.disconnectedTimeout = *config.DisconnectedTimeout
+	}
+
+	if config.FailedTimeout == nil {
+		a.failedTimeout = defaultFailedTimeout
+	} else {
+		a.failedTimeout = *config.FailedTimeout
+	}
+
+	if config.KeepaliveInterval == nil {
+		a.keepaliveInterval = defaultKeepaliveInterval
+	} else {
+		a.keepaliveInterval = *config.KeepaliveInterval
+	}
+
+	if config.checkInterval == 0 {
+		a.checkInterval = defaultCheckInterval
+	} else {
+		a.checkInterval = config.checkInterval
+	}
+
+	if config.CandidateTypes == nil || len(config.CandidateTypes) == 0 {
+		a.candidateTypes = defaultCandidateTypes()
+	} else {
+		a.candidateTypes = config.CandidateTypes
+	}
+}
+
+func (config *AgentConfig) initExtIPMapping(a *Agent) error {
+	var err error
+	a.extIPMapper, err = newExternalIPMapper(config.NAT1To1IPCandidateType, config.NAT1To1IPs)
+	if err != nil {
+		return err
+	}
+	if a.extIPMapper == nil {
+		return nil // this may happen when config.NAT1To1IPs is an empty array
+	}
+	if a.extIPMapper.candidateType == CandidateTypeHost {
+		if a.mDNSMode == MulticastDNSModeQueryAndGather {
+			return ErrMulticastDNSWithNAT1To1IPMapping
+		}
+		candiHostEnabled := false
+		for _, candiType := range a.candidateTypes {
+			if candiType == CandidateTypeHost {
+				candiHostEnabled = true
+				break
+			}
+		}
+		if !candiHostEnabled {
+			return ErrIneffectiveNAT1To1IPMappingHost
+		}
+	} else if a.extIPMapper.candidateType == CandidateTypeServerReflexive {
+		candiSrflxEnabled := false
+		for _, candiType := range a.candidateTypes {
+			if candiType == CandidateTypeServerReflexive {
+				candiSrflxEnabled = true
+				break
+			}
+		}
+		if !candiSrflxEnabled {
+			return ErrIneffectiveNAT1To1IPMappingSrflx
+		}
+	}
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/agent_stats.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/agent_stats.go
new file mode 100644
index 000000000..18d9ed81f
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/agent_stats.go
@@ -0,0 +1,113 @@
+package ice
+
+import (
+	"context"
+	"time"
+)
+
+// GetCandidatePairsStats returns a list of candidate pair stats
+func (a *Agent) GetCandidatePairsStats() []CandidatePairStats {
+	var res []CandidatePairStats
+	err := a.run(a.context(), func(ctx context.Context, agent *Agent) {
+		result := make([]CandidatePairStats, 0, len(agent.checklist))
+		for _, cp := range agent.checklist {
+			stat := CandidatePairStats{
+				Timestamp:         time.Now(),
+				LocalCandidateID:  cp.local.ID(),
+				RemoteCandidateID: cp.remote.ID(),
+				State:             cp.state,
+				Nominated:         cp.nominated,
+				// PacketsSent uint32
+				// PacketsReceived uint32
+				// BytesSent uint64
+				// BytesReceived uint64
+				// LastPacketSentTimestamp time.Time
+				// LastPacketReceivedTimestamp time.Time
+				// FirstRequestTimestamp time.Time
+				// LastRequestTimestamp time.Time
+				// LastResponseTimestamp time.Time
+				// TotalRoundTripTime float64
+				// CurrentRoundTripTime float64
+				// AvailableOutgoingBitrate float64
+				// AvailableIncomingBitrate float64
+				// CircuitBreakerTriggerCount uint32
+				// RequestsReceived uint64
+				// RequestsSent uint64
+				// ResponsesReceived uint64
+				// ResponsesSent uint64
+				// RetransmissionsReceived uint64
+				// RetransmissionsSent uint64
+				// ConsentRequestsSent uint64
+				// ConsentExpiredTimestamp time.Time
+			}
+			result = append(result, stat)
+		}
+		res = result
+	})
+	if err != nil {
+		a.log.Errorf("error getting candidate pairs stats %v", err)
+		return []CandidatePairStats{}
+	}
+	return res
+}
+
+// GetLocalCandidatesStats returns a list of local candidates stats
+func (a *Agent) GetLocalCandidatesStats() []CandidateStats {
+	var res []CandidateStats
+	err := a.run(a.context(), func(ctx context.Context, agent *Agent) {
+		result := make([]CandidateStats, 0, len(agent.localCandidates))
+		for networkType, localCandidates := range agent.localCandidates {
+			for _, c := range localCandidates {
+				stat := CandidateStats{
+					Timestamp:     time.Now(),
+					ID:            c.ID(),
+					NetworkType:   networkType,
+					IP:            c.Address(),
+					Port:          c.Port(),
+					CandidateType: c.Type(),
+					Priority:      c.Priority(),
+					// URL string
+					RelayProtocol: "udp",
+					// Deleted bool
+				}
+				result = append(result, stat)
+			}
+		}
+		res = result
+	})
+	if err != nil {
+		a.log.Errorf("error getting candidate pairs stats %v", err)
+		return []CandidateStats{}
+	}
+	return res
+}
+
+// GetRemoteCandidatesStats returns a list of remote candidates stats
+func (a *Agent) GetRemoteCandidatesStats() []CandidateStats {
+	var res []CandidateStats
+	err := a.run(a.context(), func(ctx context.Context, agent *Agent) {
+		result := make([]CandidateStats, 0, len(agent.remoteCandidates))
+		for networkType, localCandidates := range agent.remoteCandidates {
+			for _, c := range localCandidates {
+				stat := CandidateStats{
+					Timestamp:     time.Now(),
+					ID:            c.ID(),
+					NetworkType:   networkType,
+					IP:            c.Address(),
+					Port:          c.Port(),
+					CandidateType: c.Type(),
+					Priority:      c.Priority(),
+					// URL string
+					RelayProtocol: "udp",
+				}
+				result = append(result, stat)
+			}
+		}
+		res = result
+	})
+	if err != nil {
+		a.log.Errorf("error getting candidate pairs stats %v", err)
+		return []CandidateStats{}
+	}
+	return res
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/candidate.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/candidate.go
new file mode 100644
index 000000000..701f8f83c
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/candidate.go
@@ -0,0 +1,68 @@
+package ice
+
+import (
+	"context"
+	"net"
+	"time"
+)
+
+const (
+	receiveMTU             = 8192
+	defaultLocalPreference = 65535
+
+	// ComponentRTP indicates that the candidate is used for RTP
+	ComponentRTP uint16 = 1
+	// ComponentRTCP indicates that the candidate is used for RTCP
+	ComponentRTCP
+)
+
+// Candidate represents an ICE candidate
+type Candidate interface {
+	// An arbitrary string used in the freezing algorithm to
+	// group similar candidates.  It is the same for two candidates that
+	// have the same type, base IP address, protocol (UDP, TCP, etc.),
+	// and STUN or TURN server.
+	Foundation() string
+
+	// ID is a unique identifier for just this candidate
+	// Unlike the foundation this is different for each candidate
+	ID() string
+
+	// A component is a piece of a data stream.
+	// An example is one for RTP, and one for RTCP
+	Component() uint16
+	SetComponent(uint16)
+
+	// The last time this candidate received traffic
+	LastReceived() time.Time
+
+	// The last time this candidate sent traffic
+	LastSent() time.Time
+
+	NetworkType() NetworkType
+	Address() string
+	Port() int
+
+	Priority() uint32
+
+	// A transport address related to a
+	//  candidate, which is useful for diagnostics and other purposes
+	RelatedAddress() *CandidateRelatedAddress
+
+	String() string
+	Type() CandidateType
+	TCPType() TCPType
+
+	Equal(other Candidate) bool
+
+	Marshal() string
+
+	addr() net.Addr
+	agent() *Agent
+	context() context.Context
+
+	close() error
+	seen(outbound bool)
+	start(a *Agent, conn net.PacketConn, initializedCh <-chan struct{})
+	writeTo(raw []byte, dst Candidate) (int, error)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/candidate_base.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/candidate_base.go
new file mode 100644
index 000000000..2f16a8a84
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/candidate_base.go
@@ -0,0 +1,496 @@
+package ice
+
+import (
+	"context"
+	"fmt"
+	"hash/crc32"
+	"net"
+	"strconv"
+	"strings"
+	"sync/atomic"
+	"time"
+
+	"github.com/pion/logging"
+	"github.com/pion/stun"
+)
+
+type candidateBase struct {
+	id            string
+	networkType   NetworkType
+	candidateType CandidateType
+
+	component      uint16
+	address        string
+	port           int
+	relatedAddress *CandidateRelatedAddress
+	tcpType        TCPType
+
+	resolvedAddr net.Addr
+
+	lastSent     atomic.Value
+	lastReceived atomic.Value
+	conn         net.PacketConn
+
+	currAgent *Agent
+	closeCh   chan struct{}
+	closedCh  chan struct{}
+
+	foundationOverride string
+	priorityOverride   uint32
+}
+
+// Done implements context.Context
+func (c *candidateBase) Done() <-chan struct{} {
+	return c.closeCh
+}
+
+// Err implements context.Context
+func (c *candidateBase) Err() error {
+	select {
+	case <-c.closedCh:
+		return ErrRunCanceled
+	default:
+		return nil
+	}
+}
+
+// Deadline implements context.Context
+func (c *candidateBase) Deadline() (deadline time.Time, ok bool) {
+	return time.Time{}, false
+}
+
+// Value implements context.Context
+func (c *candidateBase) Value(key interface{}) interface{} {
+	return nil
+}
+
+// ID returns Candidate ID
+func (c *candidateBase) ID() string {
+	return c.id
+}
+
+func (c *candidateBase) Foundation() string {
+	if c.foundationOverride != "" {
+		return c.foundationOverride
+	}
+
+	return fmt.Sprintf("%d", crc32.ChecksumIEEE([]byte(c.Type().String()+c.address+c.networkType.String())))
+}
+
+// Address returns Candidate Address
+func (c *candidateBase) Address() string {
+	return c.address
+}
+
+// Port returns Candidate Port
+func (c *candidateBase) Port() int {
+	return c.port
+}
+
+// Type returns candidate type
+func (c *candidateBase) Type() CandidateType {
+	return c.candidateType
+}
+
+// NetworkType returns candidate NetworkType
+func (c *candidateBase) NetworkType() NetworkType {
+	return c.networkType
+}
+
+// Component returns candidate component
+func (c *candidateBase) Component() uint16 {
+	return c.component
+}
+
+func (c *candidateBase) SetComponent(component uint16) {
+	c.component = component
+}
+
+// LocalPreference returns the local preference for this candidate
+func (c *candidateBase) LocalPreference() uint16 {
+	if c.NetworkType().IsTCP() {
+		// RFC 6544, section 4.2
+		//
+		// In Section 4.1.2.1 of [RFC5245], a recommended formula for UDP ICE
+		// candidate prioritization is defined.  For TCP candidates, the same
+		// formula and candidate type preferences SHOULD be used, and the
+		// RECOMMENDED type preferences for the new candidate types defined in
+		// this document (see Section 5) are 105 for NAT-assisted candidates and
+		// 75 for UDP-tunneled candidates.
+		//
+		// (...)
+		//
+		// With TCP candidates, the local preference part of the recommended
+		// priority formula is updated to also include the directionality
+		// (active, passive, or simultaneous-open) of the TCP connection.  The
+		// RECOMMENDED local preference is then defined as:
+		//
+		//     local preference = (2^13) * direction-pref + other-pref
+		//
+		// The direction-pref MUST be between 0 and 7 (both inclusive), with 7
+		// being the most preferred.  The other-pref MUST be between 0 and 8191
+		// (both inclusive), with 8191 being the most preferred.  It is
+		// RECOMMENDED that the host, UDP-tunneled, and relayed TCP candidates
+		// have the direction-pref assigned as follows: 6 for active, 4 for
+		// passive, and 2 for S-O.  For the NAT-assisted and server reflexive
+		// candidates, the RECOMMENDED values are: 6 for S-O, 4 for active, and
+		// 2 for passive.
+		//
+		// (...)
+		//
+		// If any two candidates have the same type-preference and direction-
+		// pref, they MUST have a unique other-pref.  With this specification,
+		// this usually only happens with multi-homed hosts, in which case
+		// other-pref is the preference for the particular IP address from which
+		// the candidate was obtained.  When there is only a single IP address,
+		// this value SHOULD be set to the maximum allowed value (8191).
+		var otherPref uint16 = 8191
+
+		directionPref := func() uint16 {
+			switch c.Type() {
+			case CandidateTypeHost, CandidateTypeRelay:
+				switch c.tcpType {
+				case TCPTypeActive:
+					return 6
+				case TCPTypePassive:
+					return 4
+				case TCPTypeSimultaneousOpen:
+					return 2
+				case TCPTypeUnspecified:
+					return 0
+				}
+			case CandidateTypePeerReflexive, CandidateTypeServerReflexive:
+				switch c.tcpType {
+				case TCPTypeSimultaneousOpen:
+					return 6
+				case TCPTypeActive:
+					return 4
+				case TCPTypePassive:
+					return 2
+				case TCPTypeUnspecified:
+					return 0
+				}
+			case CandidateTypeUnspecified:
+				return 0
+			}
+			return 0
+		}()
+
+		return (1<<13)*directionPref + otherPref
+	}
+
+	return defaultLocalPreference
+}
+
+// RelatedAddress returns *CandidateRelatedAddress
+func (c *candidateBase) RelatedAddress() *CandidateRelatedAddress {
+	return c.relatedAddress
+}
+
+func (c *candidateBase) TCPType() TCPType {
+	return c.tcpType
+}
+
+// start runs the candidate using the provided connection
+func (c *candidateBase) start(a *Agent, conn net.PacketConn, initializedCh <-chan struct{}) {
+	if c.conn != nil {
+		c.agent().log.Warn("Can't start already started candidateBase")
+		return
+	}
+	c.currAgent = a
+	c.conn = conn
+	c.closeCh = make(chan struct{})
+	c.closedCh = make(chan struct{})
+
+	go c.recvLoop(initializedCh)
+}
+
+func (c *candidateBase) recvLoop(initializedCh <-chan struct{}) {
+	defer func() {
+		close(c.closedCh)
+	}()
+
+	select {
+	case <-initializedCh:
+	case <-c.closeCh:
+		return
+	}
+
+	log := c.agent().log
+	buffer := make([]byte, receiveMTU)
+	for {
+		n, srcAddr, err := c.conn.ReadFrom(buffer)
+		if err != nil {
+			return
+		}
+
+		handleInboundCandidateMsg(c, c, buffer[:n], srcAddr, log)
+	}
+}
+
+func handleInboundCandidateMsg(ctx context.Context, c Candidate, buffer []byte, srcAddr net.Addr, log logging.LeveledLogger) {
+	if stun.IsMessage(buffer) {
+		m := &stun.Message{
+			Raw: make([]byte, len(buffer)),
+		}
+		// Explicitly copy raw buffer so Message can own the memory.
+		copy(m.Raw, buffer)
+		if err := m.Decode(); err != nil {
+			log.Warnf("Failed to handle decode ICE from %s to %s: %v", c.addr(), srcAddr, err)
+			return
+		}
+		err := c.agent().run(ctx, func(ctx context.Context, agent *Agent) {
+			agent.handleInbound(m, c, srcAddr)
+		})
+		if err != nil {
+			log.Warnf("Failed to handle message: %v", err)
+		}
+
+		return
+	}
+
+	if !c.agent().validateNonSTUNTraffic(c, srcAddr) {
+		log.Warnf("Discarded message from %s, not a valid remote candidate", c.addr())
+		return
+	}
+
+	// NOTE This will return packetio.ErrFull if the buffer ever manages to fill up.
+	if _, err := c.agent().buffer.Write(buffer); err != nil {
+		log.Warnf("failed to write packet")
+	}
+}
+
+// close stops the recvLoop
+func (c *candidateBase) close() error {
+	// If conn has never been started will be nil
+	if c.Done() == nil {
+		return nil
+	}
+
+	// Assert that conn has not already been closed
+	select {
+	case <-c.Done():
+		return nil
+	default:
+	}
+
+	var firstErr error
+
+	// Unblock recvLoop
+	close(c.closeCh)
+	if err := c.conn.SetDeadline(time.Now()); err != nil {
+		firstErr = err
+	}
+
+	// Close the conn
+	if err := c.conn.Close(); err != nil && firstErr == nil {
+		firstErr = err
+	}
+
+	if firstErr != nil {
+		return firstErr
+	}
+
+	// Wait until the recvLoop is closed
+	<-c.closedCh
+
+	return nil
+}
+
+func (c *candidateBase) writeTo(raw []byte, dst Candidate) (int, error) {
+	n, err := c.conn.WriteTo(raw, dst.addr())
+	if err != nil {
+		c.agent().log.Warnf("%s: %v", errSendPacket, err)
+		return n, nil
+	}
+	c.seen(true)
+	return n, nil
+}
+
+// Priority computes the priority for this ICE Candidate
+func (c *candidateBase) Priority() uint32 {
+	if c.priorityOverride != 0 {
+		return c.priorityOverride
+	}
+
+	// The local preference MUST be an integer from 0 (lowest preference) to
+	// 65535 (highest preference) inclusive.  When there is only a single IP
+	// address, this value SHOULD be set to 65535.  If there are multiple
+	// candidates for a particular component for a particular data stream
+	// that have the same type, the local preference MUST be unique for each
+	// one.
+	return (1<<24)*uint32(c.Type().Preference()) +
+		(1<<8)*uint32(c.LocalPreference()) +
+		uint32(256-c.Component())
+}
+
+// Equal is used to compare two candidateBases
+func (c *candidateBase) Equal(other Candidate) bool {
+	return c.NetworkType() == other.NetworkType() &&
+		c.Type() == other.Type() &&
+		c.Address() == other.Address() &&
+		c.Port() == other.Port() &&
+		c.TCPType() == other.TCPType() &&
+		c.RelatedAddress().Equal(other.RelatedAddress())
+}
+
+// String makes the candidateBase printable
+func (c *candidateBase) String() string {
+	return fmt.Sprintf("%s %s %s:%d%s", c.NetworkType(), c.Type(), c.Address(), c.Port(), c.relatedAddress)
+}
+
+// LastReceived returns a time.Time indicating the last time
+// this candidate was received
+func (c *candidateBase) LastReceived() time.Time {
+	lastReceived := c.lastReceived.Load()
+	if lastReceived == nil {
+		return time.Time{}
+	}
+	return lastReceived.(time.Time)
+}
+
+func (c *candidateBase) setLastReceived(t time.Time) {
+	c.lastReceived.Store(t)
+}
+
+// LastSent returns a time.Time indicating the last time
+// this candidate was sent
+func (c *candidateBase) LastSent() time.Time {
+	lastSent := c.lastSent.Load()
+	if lastSent == nil {
+		return time.Time{}
+	}
+	return lastSent.(time.Time)
+}
+
+func (c *candidateBase) setLastSent(t time.Time) {
+	c.lastSent.Store(t)
+}
+
+func (c *candidateBase) seen(outbound bool) {
+	if outbound {
+		c.setLastSent(time.Now())
+	} else {
+		c.setLastReceived(time.Now())
+	}
+}
+
+func (c *candidateBase) addr() net.Addr {
+	return c.resolvedAddr
+}
+
+func (c *candidateBase) agent() *Agent {
+	return c.currAgent
+}
+
+func (c *candidateBase) context() context.Context {
+	return c
+}
+
+// Marshal returns the string representation of the ICECandidate
+func (c *candidateBase) Marshal() string {
+	val := fmt.Sprintf("%s %d %s %d %s %d typ %s",
+		c.Foundation(),
+		c.Component(),
+		c.NetworkType().NetworkShort(),
+		c.Priority(),
+		c.Address(),
+		c.Port(),
+		c.Type())
+
+	if c.tcpType != TCPTypeUnspecified {
+		val += fmt.Sprintf(" tcptype %s", c.tcpType.String())
+	}
+
+	if c.RelatedAddress() != nil {
+		val = fmt.Sprintf("%s raddr %s rport %d",
+			val,
+			c.RelatedAddress().Address,
+			c.RelatedAddress().Port)
+	}
+
+	return val
+}
+
+// UnmarshalCandidate creates a Candidate from its string representation
+func UnmarshalCandidate(raw string) (Candidate, error) {
+	split := strings.Fields(raw)
+	if len(split) < 8 {
+		return nil, fmt.Errorf("%w (%d)", errAttributeTooShortICECandidate, len(split))
+	}
+
+	// Foundation
+	foundation := split[0]
+
+	// Component
+	rawComponent, err := strconv.ParseUint(split[1], 10, 16)
+	if err != nil {
+		return nil, fmt.Errorf("%w: %v", errParseComponent, err)
+	}
+	component := uint16(rawComponent)
+
+	// Protocol
+	protocol := split[2]
+
+	// Priority
+	priorityRaw, err := strconv.ParseUint(split[3], 10, 32)
+	if err != nil {
+		return nil, fmt.Errorf("%w: %v", errParsePriority, err)
+	}
+	priority := uint32(priorityRaw)
+
+	// Address
+	address := split[4]
+
+	// Port
+	rawPort, err := strconv.ParseUint(split[5], 10, 16)
+	if err != nil {
+		return nil, fmt.Errorf("%w: %v", errParsePort, err)
+	}
+	port := int(rawPort)
+	typ := split[7]
+
+	relatedAddress := ""
+	relatedPort := 0
+	tcpType := TCPTypeUnspecified
+
+	if len(split) > 8 {
+		split = split[8:]
+
+		if split[0] == "raddr" {
+			if len(split) < 4 {
+				return nil, fmt.Errorf("%w: incorrect length", errParseRelatedAddr)
+			}
+
+			// RelatedAddress
+			relatedAddress = split[1]
+
+			// RelatedPort
+			rawRelatedPort, parseErr := strconv.ParseUint(split[3], 10, 16)
+			if parseErr != nil {
+				return nil, fmt.Errorf("%w: %v", errParsePort, parseErr)
+			}
+			relatedPort = int(rawRelatedPort)
+		} else if split[0] == "tcptype" {
+			if len(split) < 2 {
+				return nil, fmt.Errorf("%w: incorrect length", errParseTypType)
+			}
+
+			tcpType = NewTCPType(split[1])
+		}
+	}
+
+	switch typ {
+	case "host":
+		return NewCandidateHost(&CandidateHostConfig{"", protocol, address, port, component, priority, foundation, tcpType})
+	case "srflx":
+		return NewCandidateServerReflexive(&CandidateServerReflexiveConfig{"", protocol, address, port, component, priority, foundation, relatedAddress, relatedPort})
+	case "prflx":
+		return NewCandidatePeerReflexive(&CandidatePeerReflexiveConfig{"", protocol, address, port, component, priority, foundation, relatedAddress, relatedPort})
+	case "relay":
+		return NewCandidateRelay(&CandidateRelayConfig{"", protocol, address, port, component, priority, foundation, relatedAddress, relatedPort, nil})
+	default:
+	}
+
+	return nil, fmt.Errorf("%w (%s)", errUnknownCandidateTyp, typ)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/candidate_host.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/candidate_host.go
new file mode 100644
index 000000000..b03dbdb51
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/candidate_host.go
@@ -0,0 +1,76 @@
+package ice
+
+import (
+	"net"
+	"strings"
+)
+
+// CandidateHost is a candidate of type host
+type CandidateHost struct {
+	candidateBase
+
+	network string
+}
+
+// CandidateHostConfig is the config required to create a new CandidateHost
+type CandidateHostConfig struct {
+	CandidateID string
+	Network     string
+	Address     string
+	Port        int
+	Component   uint16
+	Priority    uint32
+	Foundation  string
+	TCPType     TCPType
+}
+
+// NewCandidateHost creates a new host candidate
+func NewCandidateHost(config *CandidateHostConfig) (*CandidateHost, error) {
+	candidateID := config.CandidateID
+
+	if candidateID == "" {
+		candidateID = globalCandidateIDGenerator.Generate()
+	}
+
+	c := &CandidateHost{
+		candidateBase: candidateBase{
+			id:                 candidateID,
+			address:            config.Address,
+			candidateType:      CandidateTypeHost,
+			component:          config.Component,
+			port:               config.Port,
+			tcpType:            config.TCPType,
+			foundationOverride: config.Foundation,
+			priorityOverride:   config.Priority,
+		},
+		network: config.Network,
+	}
+
+	if !strings.HasSuffix(config.Address, ".local") {
+		ip := net.ParseIP(config.Address)
+		if ip == nil {
+			return nil, ErrAddressParseFailed
+		}
+
+		if err := c.setIP(ip); err != nil {
+			return nil, err
+		}
+	} else {
+		// Until mDNS candidate is resolved assume it is UDPv4
+		c.candidateBase.networkType = NetworkTypeUDP4
+	}
+
+	return c, nil
+}
+
+func (c *CandidateHost) setIP(ip net.IP) error {
+	networkType, err := determineNetworkType(c.network, ip)
+	if err != nil {
+		return err
+	}
+
+	c.candidateBase.networkType = networkType
+	c.candidateBase.resolvedAddr = createAddr(networkType, ip, c.port)
+
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/candidate_peer_reflexive.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/candidate_peer_reflexive.go
new file mode 100644
index 000000000..0b330d1c9
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/candidate_peer_reflexive.go
@@ -0,0 +1,60 @@
+// Package ice ...
+//nolint:dupl
+package ice
+
+import "net"
+
+// CandidatePeerReflexive ...
+type CandidatePeerReflexive struct {
+	candidateBase
+}
+
+// CandidatePeerReflexiveConfig is the config required to create a new CandidatePeerReflexive
+type CandidatePeerReflexiveConfig struct {
+	CandidateID string
+	Network     string
+	Address     string
+	Port        int
+	Component   uint16
+	Priority    uint32
+	Foundation  string
+	RelAddr     string
+	RelPort     int
+}
+
+// NewCandidatePeerReflexive creates a new peer reflective candidate
+func NewCandidatePeerReflexive(config *CandidatePeerReflexiveConfig) (*CandidatePeerReflexive, error) {
+	ip := net.ParseIP(config.Address)
+	if ip == nil {
+		return nil, ErrAddressParseFailed
+	}
+
+	networkType, err := determineNetworkType(config.Network, ip)
+	if err != nil {
+		return nil, err
+	}
+
+	candidateID := config.CandidateID
+	candidateIDGenerator := newCandidateIDGenerator()
+	if candidateID == "" {
+		candidateID = candidateIDGenerator.Generate()
+	}
+
+	return &CandidatePeerReflexive{
+		candidateBase: candidateBase{
+			id:                 candidateID,
+			networkType:        networkType,
+			candidateType:      CandidateTypePeerReflexive,
+			address:            config.Address,
+			port:               config.Port,
+			resolvedAddr:       createAddr(networkType, ip, config.Port),
+			component:          config.Component,
+			foundationOverride: config.Foundation,
+			priorityOverride:   config.Priority,
+			relatedAddress: &CandidateRelatedAddress{
+				Address: config.RelAddr,
+				Port:    config.RelPort,
+			},
+		},
+	}, nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/candidate_relay.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/candidate_relay.go
new file mode 100644
index 000000000..44762f714
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/candidate_relay.go
@@ -0,0 +1,73 @@
+package ice
+
+import (
+	"net"
+)
+
+// CandidateRelay ...
+type CandidateRelay struct {
+	candidateBase
+
+	onClose func() error
+}
+
+// CandidateRelayConfig is the config required to create a new CandidateRelay
+type CandidateRelayConfig struct {
+	CandidateID string
+	Network     string
+	Address     string
+	Port        int
+	Component   uint16
+	Priority    uint32
+	Foundation  string
+	RelAddr     string
+	RelPort     int
+	OnClose     func() error
+}
+
+// NewCandidateRelay creates a new relay candidate
+func NewCandidateRelay(config *CandidateRelayConfig) (*CandidateRelay, error) {
+	candidateID := config.CandidateID
+
+	if candidateID == "" {
+		candidateID = globalCandidateIDGenerator.Generate()
+	}
+
+	ip := net.ParseIP(config.Address)
+	if ip == nil {
+		return nil, ErrAddressParseFailed
+	}
+
+	networkType, err := determineNetworkType(config.Network, ip)
+	if err != nil {
+		return nil, err
+	}
+
+	return &CandidateRelay{
+		candidateBase: candidateBase{
+			id:                 candidateID,
+			networkType:        networkType,
+			candidateType:      CandidateTypeRelay,
+			address:            config.Address,
+			port:               config.Port,
+			resolvedAddr:       &net.UDPAddr{IP: ip, Port: config.Port},
+			component:          config.Component,
+			foundationOverride: config.Foundation,
+			priorityOverride:   config.Priority,
+			relatedAddress: &CandidateRelatedAddress{
+				Address: config.RelAddr,
+				Port:    config.RelPort,
+			},
+		},
+		onClose: config.OnClose,
+	}, nil
+}
+
+func (c *CandidateRelay) close() error {
+	err := c.candidateBase.close()
+	if c.onClose != nil {
+		err = c.onClose()
+		c.onClose = nil
+	}
+	return err
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/candidate_server_reflexive.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/candidate_server_reflexive.go
new file mode 100644
index 000000000..125a53782
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/candidate_server_reflexive.go
@@ -0,0 +1,59 @@
+// Package ice ...
+//nolint:dupl
+package ice
+
+import "net"
+
+// CandidateServerReflexive ...
+type CandidateServerReflexive struct {
+	candidateBase
+}
+
+// CandidateServerReflexiveConfig is the config required to create a new CandidateServerReflexive
+type CandidateServerReflexiveConfig struct {
+	CandidateID string
+	Network     string
+	Address     string
+	Port        int
+	Component   uint16
+	Priority    uint32
+	Foundation  string
+	RelAddr     string
+	RelPort     int
+}
+
+// NewCandidateServerReflexive creates a new server reflective candidate
+func NewCandidateServerReflexive(config *CandidateServerReflexiveConfig) (*CandidateServerReflexive, error) {
+	ip := net.ParseIP(config.Address)
+	if ip == nil {
+		return nil, ErrAddressParseFailed
+	}
+
+	networkType, err := determineNetworkType(config.Network, ip)
+	if err != nil {
+		return nil, err
+	}
+
+	candidateID := config.CandidateID
+	if candidateID == "" {
+		candidateID = globalCandidateIDGenerator.Generate()
+	}
+
+	return &CandidateServerReflexive{
+		candidateBase: candidateBase{
+			id:                 candidateID,
+			networkType:        networkType,
+			candidateType:      CandidateTypeServerReflexive,
+			address:            config.Address,
+			port:               config.Port,
+			resolvedAddr:       &net.UDPAddr{IP: ip, Port: config.Port},
+			component:          config.Component,
+			foundationOverride: config.Foundation,
+			priorityOverride:   config.Priority,
+			relatedAddress: &CandidateRelatedAddress{
+				Address: config.RelAddr,
+				Port:    config.RelPort,
+			},
+		},
+	}, nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/candidatepair.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/candidatepair.go
new file mode 100644
index 000000000..00f904eb1
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/candidatepair.go
@@ -0,0 +1,94 @@
+package ice
+
+import (
+	"fmt"
+
+	"github.com/pion/stun"
+)
+
+func newCandidatePair(local, remote Candidate, controlling bool) *candidatePair {
+	return &candidatePair{
+		iceRoleControlling: controlling,
+		remote:             remote,
+		local:              local,
+		state:              CandidatePairStateWaiting,
+	}
+}
+
+// candidatePair represents a combination of a local and remote candidate
+type candidatePair struct {
+	iceRoleControlling  bool
+	remote              Candidate
+	local               Candidate
+	bindingRequestCount uint16
+	state               CandidatePairState
+	nominated           bool
+}
+
+func (p *candidatePair) String() string {
+	return fmt.Sprintf("prio %d (local, prio %d) %s <-> %s (remote, prio %d)",
+		p.Priority(), p.local.Priority(), p.local, p.remote, p.remote.Priority())
+}
+
+func (p *candidatePair) Equal(other *candidatePair) bool {
+	if p == nil && other == nil {
+		return true
+	}
+	if p == nil || other == nil {
+		return false
+	}
+	return p.local.Equal(other.local) && p.remote.Equal(other.remote)
+}
+
+// RFC 5245 - 5.7.2.  Computing Pair Priority and Ordering Pairs
+// Let G be the priority for the candidate provided by the controlling
+// agent.  Let D be the priority for the candidate provided by the
+// controlled agent.
+// pair priority = 2^32*MIN(G,D) + 2*MAX(G,D) + (G>D?1:0)
+func (p *candidatePair) Priority() uint64 {
+	var g uint32
+	var d uint32
+	if p.iceRoleControlling {
+		g = p.local.Priority()
+		d = p.remote.Priority()
+	} else {
+		g = p.remote.Priority()
+		d = p.local.Priority()
+	}
+
+	// Just implement these here rather
+	// than fooling around with the math package
+	min := func(x, y uint32) uint64 {
+		if x < y {
+			return uint64(x)
+		}
+		return uint64(y)
+	}
+	max := func(x, y uint32) uint64 {
+		if x > y {
+			return uint64(x)
+		}
+		return uint64(y)
+	}
+	cmp := func(x, y uint32) uint64 {
+		if x > y {
+			return uint64(1)
+		}
+		return uint64(0)
+	}
+
+	// 1<<32 overflows uint32; and if both g && d are
+	// maxUint32, this result would overflow uint64
+	return (1<<32-1)*min(g, d) + 2*max(g, d) + cmp(g, d)
+}
+
+func (p *candidatePair) Write(b []byte) (int, error) {
+	return p.local.writeTo(b, p.remote)
+}
+
+func (a *Agent) sendSTUN(msg *stun.Message, local, remote Candidate) {
+	_, err := local.writeTo(msg.Raw, remote)
+	if err != nil {
+		a.log.Tracef("failed to send STUN message: %s", err)
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/candidatepair_state.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/candidatepair_state.go
new file mode 100644
index 000000000..28c7187eb
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/candidatepair_state.go
@@ -0,0 +1,37 @@
+package ice
+
+// CandidatePairState represent the ICE candidate pair state
+type CandidatePairState int
+
+const (
+	// CandidatePairStateWaiting means a check has not been performed for
+	// this pair
+	CandidatePairStateWaiting = iota + 1
+
+	// CandidatePairStateInProgress means a check has been sent for this pair,
+	// but the transaction is in progress.
+	CandidatePairStateInProgress
+
+	// CandidatePairStateFailed means a check for this pair was already done
+	// and failed, either never producing any response or producing an unrecoverable
+	// failure response.
+	CandidatePairStateFailed
+
+	// CandidatePairStateSucceeded means a check for this pair was already
+	// done and produced a successful result.
+	CandidatePairStateSucceeded
+)
+
+func (c CandidatePairState) String() string {
+	switch c {
+	case CandidatePairStateWaiting:
+		return "waiting"
+	case CandidatePairStateInProgress:
+		return "in-progress"
+	case CandidatePairStateFailed:
+		return "failed"
+	case CandidatePairStateSucceeded:
+		return "succeeded"
+	}
+	return "Unknown candidate pair state"
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/candidaterelatedaddress.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/candidaterelatedaddress.go
new file mode 100644
index 000000000..18cf31831
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/candidaterelatedaddress.go
@@ -0,0 +1,30 @@
+package ice
+
+import "fmt"
+
+// CandidateRelatedAddress convey transport addresses related to the
+// candidate, useful for diagnostics and other purposes.
+type CandidateRelatedAddress struct {
+	Address string
+	Port    int
+}
+
+// String makes CandidateRelatedAddress printable
+func (c *CandidateRelatedAddress) String() string {
+	if c == nil {
+		return ""
+	}
+
+	return fmt.Sprintf(" related %s:%d", c.Address, c.Port)
+}
+
+// Equal allows comparing two CandidateRelatedAddresses.
+// The CandidateRelatedAddress are allowed to be nil.
+func (c *CandidateRelatedAddress) Equal(other *CandidateRelatedAddress) bool {
+	if c == nil && other == nil {
+		return true
+	}
+	return c != nil && other != nil &&
+		c.Address == other.Address &&
+		c.Port == other.Port
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/candidatetype.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/candidatetype.go
new file mode 100644
index 000000000..376c4089f
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/candidatetype.go
@@ -0,0 +1,62 @@
+package ice
+
+// CandidateType represents the type of candidate
+type CandidateType byte
+
+// CandidateType enum
+const (
+	CandidateTypeUnspecified CandidateType = iota
+	CandidateTypeHost
+	CandidateTypeServerReflexive
+	CandidateTypePeerReflexive
+	CandidateTypeRelay
+)
+
+// String makes CandidateType printable
+func (c CandidateType) String() string {
+	switch c {
+	case CandidateTypeHost:
+		return "host"
+	case CandidateTypeServerReflexive:
+		return "srflx"
+	case CandidateTypePeerReflexive:
+		return "prflx"
+	case CandidateTypeRelay:
+		return "relay"
+	case CandidateTypeUnspecified:
+		return "Unknown candidate type"
+	}
+	return "Unknown candidate type"
+}
+
+// Preference returns the preference weight of a CandidateType
+//
+// 4.1.2.2.  Guidelines for Choosing Type and Local Preferences
+// The RECOMMENDED values are 126 for host candidates, 100
+// for server reflexive candidates, 110 for peer reflexive candidates,
+// and 0 for relayed candidates.
+func (c CandidateType) Preference() uint16 {
+	switch c {
+	case CandidateTypeHost:
+		return 126
+	case CandidateTypePeerReflexive:
+		return 110
+	case CandidateTypeServerReflexive:
+		return 100
+	case CandidateTypeRelay, CandidateTypeUnspecified:
+		return 0
+	}
+	return 0
+}
+
+func containsCandidateType(candidateType CandidateType, candidateTypeList []CandidateType) bool {
+	if candidateTypeList == nil {
+		return false
+	}
+	for _, ct := range candidateTypeList {
+		if ct == candidateType {
+			return true
+		}
+	}
+	return false
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/codecov.yml b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/codecov.yml
new file mode 100644
index 000000000..085200a48
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/codecov.yml
@@ -0,0 +1,20 @@
+#
+# DO NOT EDIT THIS FILE
+#
+# It is automatically copied from https://github.com/pion/.goassets repository.
+#
+
+coverage:
+  status:
+    project:
+      default:
+        # Allow decreasing 2% of total coverage to avoid noise.
+        threshold: 2%
+    patch:
+      default:
+        target: 70%
+        only_pulls: true
+
+ignore:
+  - "examples/*"
+  - "examples/**/*"
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/context.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/context.go
new file mode 100644
index 000000000..627d81ef4
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/context.go
@@ -0,0 +1,37 @@
+package ice
+
+import (
+	"context"
+	"time"
+)
+
+func (a *Agent) context() context.Context {
+	return agentContext(a.done)
+}
+
+type agentContext chan struct{}
+
+// Done implements context.Context
+func (a agentContext) Done() <-chan struct{} {
+	return (chan struct{})(a)
+}
+
+// Err implements context.Context
+func (a agentContext) Err() error {
+	select {
+	case <-(chan struct{})(a):
+		return ErrRunCanceled
+	default:
+		return nil
+	}
+}
+
+// Deadline implements context.Context
+func (a agentContext) Deadline() (deadline time.Time, ok bool) {
+	return time.Time{}, false
+}
+
+// Value implements context.Context
+func (a agentContext) Value(key interface{}) interface{} {
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/errors.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/errors.go
new file mode 100644
index 000000000..e7dd625d4
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/errors.go
@@ -0,0 +1,132 @@
+package ice
+
+import "errors"
+
+var (
+	// ErrUnknownType indicates an error with Unknown info.
+	ErrUnknownType = errors.New("Unknown")
+
+	// ErrSchemeType indicates the scheme type could not be parsed.
+	ErrSchemeType = errors.New("unknown scheme type")
+
+	// ErrSTUNQuery indicates query arguments are provided in a STUN URL.
+	ErrSTUNQuery = errors.New("queries not supported in stun address")
+
+	// ErrInvalidQuery indicates an malformed query is provided.
+	ErrInvalidQuery = errors.New("invalid query")
+
+	// ErrHost indicates malformed hostname is provided.
+	ErrHost = errors.New("invalid hostname")
+
+	// ErrPort indicates malformed port is provided.
+	ErrPort = errors.New("invalid port")
+
+	// ErrLocalUfragInsufficientBits indicates local username fragment insufficient bits are provided.
+	// Have to be at least 24 bits long
+	ErrLocalUfragInsufficientBits = errors.New("local username fragment is less than 24 bits long")
+
+	// ErrLocalPwdInsufficientBits indicates local passoword insufficient bits are provided.
+	// Have to be at least 128 bits long
+	ErrLocalPwdInsufficientBits = errors.New("local password is less than 128 bits long")
+
+	// ErrProtoType indicates an unsupported transport type was provided.
+	ErrProtoType = errors.New("invalid transport protocol type")
+
+	// ErrClosed indicates the agent is closed
+	ErrClosed = errors.New("the agent is closed")
+
+	// ErrNoCandidatePairs indicates agent does not have a valid candidate pair
+	ErrNoCandidatePairs = errors.New("no candidate pairs available")
+
+	// ErrCanceledByCaller indicates agent connection was canceled by the caller
+	ErrCanceledByCaller = errors.New("connecting canceled by caller")
+
+	// ErrMultipleStart indicates agent was started twice
+	ErrMultipleStart = errors.New("attempted to start agent twice")
+
+	// ErrRemoteUfragEmpty indicates agent was started with an empty remote ufrag
+	ErrRemoteUfragEmpty = errors.New("remote ufrag is empty")
+
+	// ErrRemotePwdEmpty indicates agent was started with an empty remote pwd
+	ErrRemotePwdEmpty = errors.New("remote pwd is empty")
+
+	// ErrNoOnCandidateHandler indicates agent was started without OnCandidate
+	ErrNoOnCandidateHandler = errors.New("no OnCandidate provided")
+
+	// ErrMultipleGatherAttempted indicates GatherCandidates has been called multiple times
+	ErrMultipleGatherAttempted = errors.New("attempting to gather candidates during gathering state")
+
+	// ErrUsernameEmpty indicates agent was give TURN URL with an empty Username
+	ErrUsernameEmpty = errors.New("username is empty")
+
+	// ErrPasswordEmpty indicates agent was give TURN URL with an empty Password
+	ErrPasswordEmpty = errors.New("password is empty")
+
+	// ErrAddressParseFailed indicates we were unable to parse a candidate address
+	ErrAddressParseFailed = errors.New("failed to parse address")
+
+	// ErrLiteUsingNonHostCandidates indicates non host candidates were selected for a lite agent
+	ErrLiteUsingNonHostCandidates = errors.New("lite agents must only use host candidates")
+
+	// ErrUselessUrlsProvided indicates that one or more URL was provided to the agent but no host
+	// candidate required them
+	ErrUselessUrlsProvided = errors.New("agent does not need URL with selected candidate types")
+
+	// ErrUnsupportedNAT1To1IPCandidateType indicates that the specified NAT1To1IPCandidateType is
+	// unsupported
+	ErrUnsupportedNAT1To1IPCandidateType = errors.New("unsupported 1:1 NAT IP candidate type")
+
+	// ErrInvalidNAT1To1IPMapping indicates that the given 1:1 NAT IP mapping is invalid
+	ErrInvalidNAT1To1IPMapping = errors.New("invalid 1:1 NAT IP mapping")
+
+	// ErrExternalMappedIPNotFound in NAT1To1IPMapping
+	ErrExternalMappedIPNotFound = errors.New("external mapped IP not found")
+
+	// ErrMulticastDNSWithNAT1To1IPMapping indicates that the mDNS gathering cannot be used along
+	// with 1:1 NAT IP mapping for host candidate.
+	ErrMulticastDNSWithNAT1To1IPMapping = errors.New("mDNS gathering cannot be used with 1:1 NAT IP mapping for host candidate")
+
+	// ErrIneffectiveNAT1To1IPMappingHost indicates that 1:1 NAT IP mapping for host candidate is
+	// requested, but the host candidate type is disabled.
+	ErrIneffectiveNAT1To1IPMappingHost = errors.New("1:1 NAT IP mapping for host candidate ineffective")
+
+	// ErrIneffectiveNAT1To1IPMappingSrflx indicates that 1:1 NAT IP mapping for srflx candidate is
+	// requested, but the srflx candidate type is disabled.
+	ErrIneffectiveNAT1To1IPMappingSrflx = errors.New("1:1 NAT IP mapping for srflx candidate ineffective")
+
+	// ErrInvalidMulticastDNSHostName indicates an invalid MulticastDNSHostName
+	ErrInvalidMulticastDNSHostName = errors.New("invalid mDNS HostName, must end with .local and can only contain a single '.'")
+
+	// ErrRestartWhenGathering indicates Restart was called when Agent is in GatheringStateGathering
+	ErrRestartWhenGathering = errors.New("ICE Agent can not be restarted when gathering")
+
+	// ErrRunCanceled indicates a run operation was canceled by its individual done
+	ErrRunCanceled = errors.New("run was canceled by done")
+
+	// ErrTCPMuxNotInitialized indicates TCPMux is not initialized and that invalidTCPMux is used.
+	ErrTCPMuxNotInitialized = errors.New("TCPMux is not initialized")
+
+	// ErrTCPRemoteAddrAlreadyExists indicates we already have the connection with same remote addr.
+	ErrTCPRemoteAddrAlreadyExists = errors.New("conn with same remote addr already exists")
+
+	errSendPacket                    = errors.New("failed to send packet")
+	errAttributeTooShortICECandidate = errors.New("attribute not long enough to be ICE candidate")
+	errParseComponent                = errors.New("could not parse component")
+	errParsePriority                 = errors.New("could not parse priority")
+	errParsePort                     = errors.New("could not parse port")
+	errParseRelatedAddr              = errors.New("could not parse related addresses")
+	errParseTypType                  = errors.New("could not parse typtype")
+	errUnknownCandidateTyp           = errors.New("unknown candidate typ")
+	errGetXorMappedAddrResponse      = errors.New("failed to get XOR-MAPPED-ADDRESS response")
+	errConnectionAddrAlreadyExist    = errors.New("connection with same remote address already exists")
+	errReadingStreamingPacket        = errors.New("error reading streaming packet")
+	errWriting                       = errors.New("error writing to")
+	errClosingConnection             = errors.New("error closing connection")
+	errDetermineNetworkType          = errors.New("unable to determine networkType")
+	errMissingProtocolScheme         = errors.New("missing protocol scheme")
+	errTooManyColonsAddr             = errors.New("too many colons in address")
+	errRead                          = errors.New("unexpected error trying to read")
+	errUnknownRole                   = errors.New("unknown role")
+	errMismatchUsername              = errors.New("username mismatch")
+	errICEWriteSTUNMessage           = errors.New("the ICE conn can't write STUN messages")
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/external_ip_mapper.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/external_ip_mapper.go
new file mode 100644
index 000000000..5310cc0ae
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/external_ip_mapper.go
@@ -0,0 +1,143 @@
+package ice
+
+import (
+	"net"
+	"strings"
+)
+
+func validateIPString(ipStr string) (net.IP, bool, error) {
+	ip := net.ParseIP(ipStr)
+	if ip == nil {
+		return nil, false, ErrInvalidNAT1To1IPMapping
+	}
+	return ip, (ip.To4() != nil), nil
+}
+
+// ipMapping holds the mapping of local and external IP address for a particular IP family
+type ipMapping struct {
+	ipSole net.IP            // when non-nil, this is the sole external IP for one local IP assumed
+	ipMap  map[string]net.IP // local-to-external IP mapping (k: local, v: external)
+}
+
+func (m *ipMapping) setSoleIP(ip net.IP) error {
+	if m.ipSole != nil || len(m.ipMap) > 0 {
+		return ErrInvalidNAT1To1IPMapping
+	}
+
+	m.ipSole = ip
+
+	return nil
+}
+
+func (m *ipMapping) addIPMapping(locIP, extIP net.IP) error {
+	if m.ipSole != nil {
+		return ErrInvalidNAT1To1IPMapping
+	}
+
+	locIPStr := locIP.String()
+
+	// check if dup of local IP
+	if _, ok := m.ipMap[locIPStr]; ok {
+		return ErrInvalidNAT1To1IPMapping
+	}
+
+	m.ipMap[locIPStr] = extIP
+
+	return nil
+}
+
+func (m *ipMapping) findExternalIP(locIP net.IP) (net.IP, error) {
+	if m.ipSole != nil {
+		return m.ipSole, nil
+	}
+
+	extIP, ok := m.ipMap[locIP.String()]
+	if !ok {
+		return nil, ErrExternalMappedIPNotFound
+	}
+
+	return extIP, nil
+}
+
+type externalIPMapper struct {
+	ipv4Mapping   ipMapping
+	ipv6Mapping   ipMapping
+	candidateType CandidateType
+}
+
+func newExternalIPMapper(candidateType CandidateType, ips []string) (*externalIPMapper, error) { //nolint:gocognit
+	if len(ips) == 0 {
+		return nil, nil
+	}
+	if candidateType == CandidateTypeUnspecified {
+		candidateType = CandidateTypeHost // defaults to host
+	} else if candidateType != CandidateTypeHost && candidateType != CandidateTypeServerReflexive {
+		return nil, ErrUnsupportedNAT1To1IPCandidateType
+	}
+
+	m := &externalIPMapper{
+		ipv4Mapping:   ipMapping{ipMap: map[string]net.IP{}},
+		ipv6Mapping:   ipMapping{ipMap: map[string]net.IP{}},
+		candidateType: candidateType,
+	}
+
+	for _, extIPStr := range ips {
+		ipPair := strings.Split(extIPStr, "/")
+		if len(ipPair) == 0 || len(ipPair) > 2 {
+			return nil, ErrInvalidNAT1To1IPMapping
+		}
+
+		extIP, isExtIPv4, err := validateIPString(ipPair[0])
+		if err != nil {
+			return nil, err
+		}
+		if len(ipPair) == 1 {
+			if isExtIPv4 {
+				if err := m.ipv4Mapping.setSoleIP(extIP); err != nil {
+					return nil, err
+				}
+			} else {
+				if err := m.ipv6Mapping.setSoleIP(extIP); err != nil {
+					return nil, err
+				}
+			}
+		} else {
+			locIP, isLocIPv4, err := validateIPString(ipPair[1])
+			if err != nil {
+				return nil, err
+			}
+			if isExtIPv4 {
+				if !isLocIPv4 {
+					return nil, ErrInvalidNAT1To1IPMapping
+				}
+
+				if err := m.ipv4Mapping.addIPMapping(locIP, extIP); err != nil {
+					return nil, err
+				}
+			} else {
+				if isLocIPv4 {
+					return nil, ErrInvalidNAT1To1IPMapping
+				}
+
+				if err := m.ipv6Mapping.addIPMapping(locIP, extIP); err != nil {
+					return nil, err
+				}
+			}
+		}
+	}
+
+	return m, nil
+}
+
+func (m *externalIPMapper) findExternalIP(localIPStr string) (net.IP, error) {
+	locIP, isLocIPv4, err := validateIPString(localIPStr)
+	if err != nil {
+		return nil, err
+	}
+
+	if isLocIPv4 {
+		return m.ipv4Mapping.findExternalIP(locIP)
+	}
+
+	return m.ipv6Mapping.findExternalIP(locIP)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/gather.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/gather.go
new file mode 100644
index 000000000..3bc3d7729
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/gather.go
@@ -0,0 +1,497 @@
+package ice
+
+import (
+	"context"
+	"crypto/tls"
+	"errors"
+	"fmt"
+	"net"
+	"reflect"
+	"sync"
+	"time"
+
+	"github.com/pion/dtls/v2"
+	"github.com/pion/logging"
+	"github.com/pion/turn/v2"
+)
+
+const (
+	stunGatherTimeout = time.Second * 5
+)
+
+type closeable interface {
+	Close() error
+}
+
+// Close a net.Conn and log if we have a failure
+func closeConnAndLog(c closeable, log logging.LeveledLogger, msg string) {
+	if c == nil || (reflect.ValueOf(c).Kind() == reflect.Ptr && reflect.ValueOf(c).IsNil()) {
+		log.Warnf("Conn is not allocated (%s)", msg)
+		return
+	}
+
+	log.Warnf(msg)
+	if err := c.Close(); err != nil {
+		log.Warnf("Failed to close conn: %v", err)
+	}
+}
+
+// fakePacketConn wraps a net.Conn and emulates net.PacketConn
+type fakePacketConn struct {
+	nextConn net.Conn
+}
+
+func (f *fakePacketConn) ReadFrom(p []byte) (n int, addr net.Addr, err error) {
+	n, err = f.nextConn.Read(p)
+	addr = f.nextConn.RemoteAddr()
+	return
+}
+func (f *fakePacketConn) Close() error                       { return f.nextConn.Close() }
+func (f *fakePacketConn) LocalAddr() net.Addr                { return f.nextConn.LocalAddr() }
+func (f *fakePacketConn) SetDeadline(t time.Time) error      { return f.nextConn.SetDeadline(t) }
+func (f *fakePacketConn) SetReadDeadline(t time.Time) error  { return f.nextConn.SetReadDeadline(t) }
+func (f *fakePacketConn) SetWriteDeadline(t time.Time) error { return f.nextConn.SetWriteDeadline(t) }
+func (f *fakePacketConn) WriteTo(p []byte, addr net.Addr) (n int, err error) {
+	return f.nextConn.Write(p)
+}
+
+// GatherCandidates initiates the trickle based gathering process.
+func (a *Agent) GatherCandidates() error {
+	var gatherErr error
+
+	if runErr := a.run(a.context(), func(ctx context.Context, agent *Agent) {
+		if a.gatheringState != GatheringStateNew {
+			gatherErr = ErrMultipleGatherAttempted
+			return
+		} else if a.onCandidateHdlr.Load() == nil {
+			gatherErr = ErrNoOnCandidateHandler
+			return
+		}
+
+		a.gatherCandidateCancel() // Cancel previous gathering routine
+		ctx, cancel := context.WithCancel(ctx)
+		a.gatherCandidateCancel = cancel
+
+		go a.gatherCandidates(ctx)
+	}); runErr != nil {
+		return runErr
+	}
+	return gatherErr
+}
+
+func (a *Agent) gatherCandidates(ctx context.Context) {
+	if err := a.setGatheringState(GatheringStateGathering); err != nil {
+		a.log.Warnf("failed to set gatheringState to GatheringStateGathering: %v", err)
+		return
+	}
+
+	var wg sync.WaitGroup
+	for _, t := range a.candidateTypes {
+		switch t {
+		case CandidateTypeHost:
+			wg.Add(1)
+			go func() {
+				a.gatherCandidatesLocal(ctx, a.networkTypes)
+				wg.Done()
+			}()
+		case CandidateTypeServerReflexive:
+			wg.Add(1)
+			go func() {
+				a.gatherCandidatesSrflx(ctx, a.urls, a.networkTypes)
+				wg.Done()
+			}()
+			if a.extIPMapper != nil && a.extIPMapper.candidateType == CandidateTypeServerReflexive {
+				wg.Add(1)
+				go func() {
+					a.gatherCandidatesSrflxMapped(ctx, a.networkTypes)
+					wg.Done()
+				}()
+			}
+		case CandidateTypeRelay:
+			wg.Add(1)
+			go func() {
+				a.gatherCandidatesRelay(ctx, a.urls)
+				wg.Done()
+			}()
+		case CandidateTypePeerReflexive, CandidateTypeUnspecified:
+		}
+	}
+	// Block until all STUN and TURN URLs have been gathered (or timed out)
+	wg.Wait()
+
+	if err := a.setGatheringState(GatheringStateComplete); err != nil {
+		a.log.Warnf("failed to set gatheringState to GatheringStateComplete: %v", err)
+	}
+}
+
+func (a *Agent) gatherCandidatesLocal(ctx context.Context, networkTypes []NetworkType) { //nolint:gocognit
+	networks := map[string]struct{}{}
+	for _, networkType := range networkTypes {
+		if networkType.IsTCP() {
+			networks[tcp] = struct{}{}
+		} else {
+			networks[udp] = struct{}{}
+		}
+	}
+
+	localIPs, err := localInterfaces(a.net, a.interfaceFilter, networkTypes)
+	if err != nil {
+		a.log.Warnf("failed to iterate local interfaces, host candidates will not be gathered %s", err)
+		return
+	}
+
+	for _, ip := range localIPs {
+		mappedIP := ip
+		if a.mDNSMode != MulticastDNSModeQueryAndGather && a.extIPMapper != nil && a.extIPMapper.candidateType == CandidateTypeHost {
+			if _mappedIP, err := a.extIPMapper.findExternalIP(ip.String()); err == nil {
+				mappedIP = _mappedIP
+			} else {
+				a.log.Warnf("1:1 NAT mapping is enabled but no external IP is found for %s\n", ip.String())
+			}
+		}
+
+		address := mappedIP.String()
+		if a.mDNSMode == MulticastDNSModeQueryAndGather {
+			address = a.mDNSName
+		}
+
+		for network := range networks {
+			var port int
+			var conn net.PacketConn
+			var err error
+
+			var tcpType TCPType
+			switch network {
+			case tcp:
+				// Handle ICE TCP passive mode
+
+				a.log.Debugf("GetConn by ufrag: %s\n", a.localUfrag)
+				conn, err = a.tcpMux.GetConnByUfrag(a.localUfrag)
+				if err != nil {
+					if !errors.Is(err, ErrTCPMuxNotInitialized) {
+						a.log.Warnf("error getting tcp conn by ufrag: %s %s %s\n", network, ip, a.localUfrag)
+					}
+					continue
+				}
+				port = conn.LocalAddr().(*net.TCPAddr).Port
+				tcpType = TCPTypePassive
+				// is there a way to verify that the listen address is even
+				// accessible from the current interface.
+			case udp:
+				conn, err = listenUDPInPortRange(a.net, a.log, int(a.portmax), int(a.portmin), network, &net.UDPAddr{IP: ip, Port: 0})
+				if err != nil {
+					a.log.Warnf("could not listen %s %s\n", network, ip)
+					continue
+				}
+
+				port = conn.LocalAddr().(*net.UDPAddr).Port
+			}
+			hostConfig := CandidateHostConfig{
+				Network:   network,
+				Address:   address,
+				Port:      port,
+				Component: ComponentRTP,
+				TCPType:   tcpType,
+			}
+
+			c, err := NewCandidateHost(&hostConfig)
+			if err != nil {
+				closeConnAndLog(conn, a.log, fmt.Sprintf("Failed to create host candidate: %s %s %d: %v\n", network, mappedIP, port, err))
+				continue
+			}
+
+			if a.mDNSMode == MulticastDNSModeQueryAndGather {
+				if err = c.setIP(ip); err != nil {
+					closeConnAndLog(conn, a.log, fmt.Sprintf("Failed to create host candidate: %s %s %d: %v\n", network, mappedIP, port, err))
+					continue
+				}
+			}
+
+			if err := a.addCandidate(ctx, c, conn); err != nil {
+				if closeErr := c.close(); closeErr != nil {
+					a.log.Warnf("Failed to close candidate: %v", closeErr)
+				}
+				a.log.Warnf("Failed to append to localCandidates and run onCandidateHdlr: %v\n", err)
+			}
+		}
+	}
+}
+
+func (a *Agent) gatherCandidatesSrflxMapped(ctx context.Context, networkTypes []NetworkType) {
+	var wg sync.WaitGroup
+	defer wg.Wait()
+
+	for _, networkType := range networkTypes {
+		if networkType.IsTCP() {
+			continue
+		}
+
+		network := networkType.String()
+		wg.Add(1)
+		go func() {
+			defer wg.Done()
+			conn, err := listenUDPInPortRange(a.net, a.log, int(a.portmax), int(a.portmin), network, &net.UDPAddr{IP: nil, Port: 0})
+			if err != nil {
+				a.log.Warnf("Failed to listen %s: %v\n", network, err)
+				return
+			}
+
+			laddr := conn.LocalAddr().(*net.UDPAddr)
+			mappedIP, err := a.extIPMapper.findExternalIP(laddr.IP.String())
+			if err != nil {
+				closeConnAndLog(conn, a.log, fmt.Sprintf("1:1 NAT mapping is enabled but no external IP is found for %s\n", laddr.IP.String()))
+				return
+			}
+
+			srflxConfig := CandidateServerReflexiveConfig{
+				Network:   network,
+				Address:   mappedIP.String(),
+				Port:      laddr.Port,
+				Component: ComponentRTP,
+				RelAddr:   laddr.IP.String(),
+				RelPort:   laddr.Port,
+			}
+			c, err := NewCandidateServerReflexive(&srflxConfig)
+			if err != nil {
+				closeConnAndLog(conn, a.log, fmt.Sprintf("Failed to create server reflexive candidate: %s %s %d: %v\n",
+					network,
+					mappedIP.String(),
+					laddr.Port,
+					err))
+				return
+			}
+
+			if err := a.addCandidate(ctx, c, conn); err != nil {
+				if closeErr := c.close(); closeErr != nil {
+					a.log.Warnf("Failed to close candidate: %v", closeErr)
+				}
+				a.log.Warnf("Failed to append to localCandidates and run onCandidateHdlr: %v\n", err)
+			}
+		}()
+	}
+}
+
+func (a *Agent) gatherCandidatesSrflx(ctx context.Context, urls []*URL, networkTypes []NetworkType) {
+	var wg sync.WaitGroup
+	defer wg.Wait()
+
+	for _, networkType := range networkTypes {
+		if networkType.IsTCP() {
+			continue
+		}
+
+		for i := range urls {
+			wg.Add(1)
+			go func(url URL, network string) {
+				defer wg.Done()
+				hostPort := fmt.Sprintf("%s:%d", url.Host, url.Port)
+				serverAddr, err := a.net.ResolveUDPAddr(network, hostPort)
+				if err != nil {
+					a.log.Warnf("failed to resolve stun host: %s: %v", hostPort, err)
+					return
+				}
+
+				conn, err := listenUDPInPortRange(a.net, a.log, int(a.portmax), int(a.portmin), network, &net.UDPAddr{IP: nil, Port: 0})
+				if err != nil {
+					closeConnAndLog(conn, a.log, fmt.Sprintf("Failed to listen for %s: %v\n", serverAddr.String(), err))
+					return
+				}
+
+				xoraddr, err := getXORMappedAddr(conn, serverAddr, stunGatherTimeout)
+				if err != nil {
+					closeConnAndLog(conn, a.log, fmt.Sprintf("could not get server reflexive address %s %s: %v\n", network, url, err))
+					return
+				}
+
+				ip := xoraddr.IP
+				port := xoraddr.Port
+
+				laddr := conn.LocalAddr().(*net.UDPAddr)
+				srflxConfig := CandidateServerReflexiveConfig{
+					Network:   network,
+					Address:   ip.String(),
+					Port:      port,
+					Component: ComponentRTP,
+					RelAddr:   laddr.IP.String(),
+					RelPort:   laddr.Port,
+				}
+				c, err := NewCandidateServerReflexive(&srflxConfig)
+				if err != nil {
+					closeConnAndLog(conn, a.log, fmt.Sprintf("Failed to create server reflexive candidate: %s %s %d: %v\n", network, ip, port, err))
+					return
+				}
+
+				if err := a.addCandidate(ctx, c, conn); err != nil {
+					if closeErr := c.close(); closeErr != nil {
+						a.log.Warnf("Failed to close candidate: %v", closeErr)
+					}
+					a.log.Warnf("Failed to append to localCandidates and run onCandidateHdlr: %v\n", err)
+				}
+			}(*urls[i], networkType.String())
+		}
+	}
+}
+
+func (a *Agent) gatherCandidatesRelay(ctx context.Context, urls []*URL) { //nolint:gocognit
+	var wg sync.WaitGroup
+	defer wg.Wait()
+
+	network := NetworkTypeUDP4.String()
+	for i := range urls {
+		switch {
+		case urls[i].Scheme != SchemeTypeTURN && urls[i].Scheme != SchemeTypeTURNS:
+			continue
+		case urls[i].Username == "":
+			a.log.Errorf("Failed to gather relay candidates: %v", ErrUsernameEmpty)
+			return
+		case urls[i].Password == "":
+			a.log.Errorf("Failed to gather relay candidates: %v", ErrPasswordEmpty)
+			return
+		}
+
+		wg.Add(1)
+		go func(url URL) {
+			defer wg.Done()
+			TURNServerAddr := fmt.Sprintf("%s:%d", url.Host, url.Port)
+			var (
+				locConn net.PacketConn
+				err     error
+				RelAddr string
+				RelPort int
+			)
+
+			switch {
+			case url.Proto == ProtoTypeUDP && url.Scheme == SchemeTypeTURN:
+				if locConn, err = a.net.ListenPacket(network, "0.0.0.0:0"); err != nil {
+					a.log.Warnf("Failed to listen %s: %v\n", network, err)
+					return
+				}
+
+				RelAddr = locConn.LocalAddr().(*net.UDPAddr).IP.String()
+				RelPort = locConn.LocalAddr().(*net.UDPAddr).Port
+			case a.proxyDialer != nil && url.Proto == ProtoTypeTCP &&
+				(url.Scheme == SchemeTypeTURN || url.Scheme == SchemeTypeTURNS):
+				conn, connectErr := a.proxyDialer.Dial(NetworkTypeTCP4.String(), TURNServerAddr)
+				if connectErr != nil {
+					a.log.Warnf("Failed to Dial TCP Addr %s via proxy dialer: %v\n", TURNServerAddr, connectErr)
+					return
+				}
+
+				RelAddr = conn.LocalAddr().(*net.TCPAddr).IP.String()
+				RelPort = conn.LocalAddr().(*net.TCPAddr).Port
+				locConn = turn.NewSTUNConn(conn)
+
+			case url.Proto == ProtoTypeTCP && url.Scheme == SchemeTypeTURN:
+				tcpAddr, connectErr := net.ResolveTCPAddr(NetworkTypeTCP4.String(), TURNServerAddr)
+				if connectErr != nil {
+					a.log.Warnf("Failed to resolve TCP Addr %s: %v\n", TURNServerAddr, connectErr)
+					return
+				}
+
+				conn, connectErr := net.DialTCP(NetworkTypeTCP4.String(), nil, tcpAddr)
+				if connectErr != nil {
+					a.log.Warnf("Failed to Dial TCP Addr %s: %v\n", TURNServerAddr, connectErr)
+					return
+				}
+
+				RelAddr = conn.LocalAddr().(*net.TCPAddr).IP.String()
+				RelPort = conn.LocalAddr().(*net.TCPAddr).Port
+				locConn = turn.NewSTUNConn(conn)
+			case url.Proto == ProtoTypeUDP && url.Scheme == SchemeTypeTURNS:
+				udpAddr, connectErr := net.ResolveUDPAddr(network, TURNServerAddr)
+				if connectErr != nil {
+					a.log.Warnf("Failed to resolve UDP Addr %s: %v\n", TURNServerAddr, connectErr)
+					return
+				}
+
+				conn, connectErr := dtls.Dial(network, udpAddr, &dtls.Config{
+					InsecureSkipVerify: a.insecureSkipVerify, //nolint:gosec
+				})
+				if connectErr != nil {
+					a.log.Warnf("Failed to Dial DTLS Addr %s: %v\n", TURNServerAddr, connectErr)
+					return
+				}
+
+				RelAddr = conn.LocalAddr().(*net.UDPAddr).IP.String()
+				RelPort = conn.LocalAddr().(*net.UDPAddr).Port
+				locConn = &fakePacketConn{conn}
+			case url.Proto == ProtoTypeTCP && url.Scheme == SchemeTypeTURNS:
+				conn, connectErr := tls.Dial(NetworkTypeTCP4.String(), TURNServerAddr, &tls.Config{
+					InsecureSkipVerify: a.insecureSkipVerify, //nolint:gosec
+				})
+				if connectErr != nil {
+					a.log.Warnf("Failed to Dial TLS Addr %s: %v\n", TURNServerAddr, connectErr)
+					return
+				}
+				RelAddr = conn.LocalAddr().(*net.TCPAddr).IP.String()
+				RelPort = conn.LocalAddr().(*net.TCPAddr).Port
+				locConn = turn.NewSTUNConn(conn)
+			default:
+				a.log.Warnf("Unable to handle URL in gatherCandidatesRelay %v\n", url)
+				return
+			}
+
+			client, err := turn.NewClient(&turn.ClientConfig{
+				TURNServerAddr: TURNServerAddr,
+				Conn:           locConn,
+				Username:       url.Username,
+				Password:       url.Password,
+				LoggerFactory:  a.loggerFactory,
+				Net:            a.net,
+			})
+			if err != nil {
+				closeConnAndLog(locConn, a.log, fmt.Sprintf("Failed to build new turn.Client %s %s\n", TURNServerAddr, err))
+				return
+			}
+
+			if err = client.Listen(); err != nil {
+				client.Close()
+				closeConnAndLog(locConn, a.log, fmt.Sprintf("Failed to listen on turn.Client %s %s\n", TURNServerAddr, err))
+				return
+			}
+
+			relayConn, err := client.Allocate()
+			if err != nil {
+				client.Close()
+				closeConnAndLog(locConn, a.log, fmt.Sprintf("Failed to allocate on turn.Client %s %s\n", TURNServerAddr, err))
+				return
+			}
+
+			raddr := relayConn.LocalAddr().(*net.UDPAddr)
+			relayConfig := CandidateRelayConfig{
+				Network:   network,
+				Component: ComponentRTP,
+				Address:   raddr.IP.String(),
+				Port:      raddr.Port,
+				RelAddr:   RelAddr,
+				RelPort:   RelPort,
+				OnClose: func() error {
+					client.Close()
+					return locConn.Close()
+				},
+			}
+			relayConnClose := func() {
+				if relayConErr := relayConn.Close(); relayConErr != nil {
+					a.log.Warnf("Failed to close relay %v", relayConErr)
+				}
+			}
+			candidate, err := NewCandidateRelay(&relayConfig)
+			if err != nil {
+				relayConnClose()
+
+				client.Close()
+				closeConnAndLog(locConn, a.log, fmt.Sprintf("Failed to create relay candidate: %s %s: %v\n", network, raddr.String(), err))
+				return
+			}
+
+			if err := a.addCandidate(ctx, candidate, relayConn); err != nil {
+				relayConnClose()
+
+				if closeErr := candidate.close(); closeErr != nil {
+					a.log.Warnf("Failed to close candidate: %v", closeErr)
+				}
+				a.log.Warnf("Failed to append to localCandidates and run onCandidateHdlr: %v\n", err)
+			}
+		}(*urls[i])
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/go.mod b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/go.mod
new file mode 100644
index 000000000..b7d109fc5
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/go.mod
@@ -0,0 +1,16 @@
+module github.com/pion/ice/v2
+
+go 1.13
+
+require (
+	github.com/google/uuid v1.1.2
+	github.com/pion/dtls/v2 v2.0.4
+	github.com/pion/logging v0.2.2
+	github.com/pion/mdns v0.0.4
+	github.com/pion/randutil v0.1.0
+	github.com/pion/stun v0.3.5
+	github.com/pion/transport v0.12.0
+	github.com/pion/turn/v2 v2.0.5
+	github.com/stretchr/testify v1.6.1
+	golang.org/x/net v0.0.0-20201201195509-5d6afe98e0b7
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/go.sum b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/go.sum
new file mode 100644
index 000000000..b13825e92
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/go.sum
@@ -0,0 +1,60 @@
+github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/google/uuid v1.1.2 h1:EVhdT+1Kseyi1/pUmXKaFxYsDNy9RQYkMWRH68J/W7Y=
+github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/pion/dtls/v2 v2.0.4 h1:WuUcqi6oYMu/noNTz92QrF1DaFj4eXbhQ6dzaaAwOiI=
+github.com/pion/dtls/v2 v2.0.4/go.mod h1:qAkFscX0ZHoI1E07RfYPoRw3manThveu+mlTDdOxoGI=
+github.com/pion/logging v0.2.2 h1:M9+AIj/+pxNsDfAT64+MAVgJO0rsyLnoJKCqf//DoeY=
+github.com/pion/logging v0.2.2/go.mod h1:k0/tDVsRCX2Mb2ZEmTqNa7CWsQPc+YYCB7Q+5pahoms=
+github.com/pion/mdns v0.0.4 h1:O4vvVqr4DGX63vzmO6Fw9vpy3lfztVWHGCQfyw0ZLSY=
+github.com/pion/mdns v0.0.4/go.mod h1:R1sL0p50l42S5lJs91oNdUL58nm0QHrhxnSegr++qC0=
+github.com/pion/randutil v0.1.0 h1:CFG1UdESneORglEsnimhUjf33Rwjubwj6xfiOXBa3mA=
+github.com/pion/randutil v0.1.0/go.mod h1:XcJrSMMbbMRhASFVOlj/5hQial/Y8oH/HVo7TBZq+j8=
+github.com/pion/stun v0.3.5 h1:uLUCBCkQby4S1cf6CGuR9QrVOKcvUwFeemaC865QHDg=
+github.com/pion/stun v0.3.5/go.mod h1:gDMim+47EeEtfWogA37n6qXZS88L5V6LqFcf+DZA2UA=
+github.com/pion/transport v0.8.10/go.mod h1:tBmha/UCjpum5hqTWhfAEs3CO4/tHSg0MYRhSzR+CZ8=
+github.com/pion/transport v0.10.0/go.mod h1:BnHnUipd0rZQyTVB2SBGojFHT9CBt5C5TcsJSQGkvSE=
+github.com/pion/transport v0.10.1 h1:2W+yJT+0mOQ160ThZYUx5Zp2skzshiNgxrNE9GUfhJM=
+github.com/pion/transport v0.10.1/go.mod h1:PBis1stIILMiis0PewDw91WJeLJkyIMcEk+DwKOzf4A=
+github.com/pion/transport v0.12.0 h1:UFmOBBZkTZ3LgvLRf/NGrfWdZEubcU6zkLU3PsA9YvU=
+github.com/pion/transport v0.12.0/go.mod h1:N3+vZQD9HlDP5GWkZ85LohxNsDcNgofQmyL6ojX5d8Q=
+github.com/pion/turn/v2 v2.0.5 h1:iwMHqDfPEDEOFzwWKT56eFmh6DYC6o/+xnLAEzgISbA=
+github.com/pion/turn/v2 v2.0.5/go.mod h1:APg43CFyt/14Uy7heYUOGWdkem/Wu4PhCO/bjyrTqMw=
+github.com/pion/udp v0.1.0 h1:uGxQsNyrqG3GLINv36Ff60covYmfrLoxzwnCsIYspXI=
+github.com/pion/udp v0.1.0/go.mod h1:BPELIjbwE9PRbd/zxI/KYBnbo7B6+oA6YuEaNE8lths=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
+github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897 h1:pLI5jrR7OSLijeIDcmRxNmw2api+jEfxLoykJVice/E=
+golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20191126235420-ef20fe5d7933/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20201031054903-ff519b6c9102 h1:42cLlJJdEh+ySyeUUbEQ5bsTiq8voBeTuweGVkY6Puw=
+golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20201201195509-5d6afe98e0b7 h1:3uJsdck53FDIpWwLeAXlia9p4C8j0BO2xZrqzKpL0D8=
+golang.org/x/net v0.0.0-20201201195509-5d6afe98e0b7/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd h1:xhmwyvizuTgC2qz7ZlMluP20uW+C3Rm0FD/WLDX8884=
+golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f h1:+Nyd8tzPX9R7BWHguqsrbFdRx3WQ/1ib8I44HXV5yTA=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/ice.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/ice.go
new file mode 100644
index 000000000..d7094f6db
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/ice.go
@@ -0,0 +1,76 @@
+package ice
+
+// ConnectionState is an enum showing the state of a ICE Connection
+type ConnectionState int
+
+// List of supported States
+const (
+	// ConnectionStateNew ICE agent is gathering addresses
+	ConnectionStateNew = iota + 1
+
+	// ConnectionStateChecking ICE agent has been given local and remote candidates, and is attempting to find a match
+	ConnectionStateChecking
+
+	// ConnectionStateConnected ICE agent has a pairing, but is still checking other pairs
+	ConnectionStateConnected
+
+	// ConnectionStateCompleted ICE agent has finished
+	ConnectionStateCompleted
+
+	// ConnectionStateFailed ICE agent never could successfully connect
+	ConnectionStateFailed
+
+	// ConnectionStateDisconnected ICE agent connected successfully, but has entered a failed state
+	ConnectionStateDisconnected
+
+	// ConnectionStateClosed ICE agent has finished and is no longer handling requests
+	ConnectionStateClosed
+)
+
+func (c ConnectionState) String() string {
+	switch c {
+	case ConnectionStateNew:
+		return "New"
+	case ConnectionStateChecking:
+		return "Checking"
+	case ConnectionStateConnected:
+		return "Connected"
+	case ConnectionStateCompleted:
+		return "Completed"
+	case ConnectionStateFailed:
+		return "Failed"
+	case ConnectionStateDisconnected:
+		return "Disconnected"
+	case ConnectionStateClosed:
+		return "Closed"
+	default:
+		return "Invalid"
+	}
+}
+
+// GatheringState describes the state of the candidate gathering process
+type GatheringState int
+
+const (
+	// GatheringStateNew indicates candidate gatering is not yet started
+	GatheringStateNew GatheringState = iota + 1
+
+	// GatheringStateGathering indicates candidate gatering is ongoing
+	GatheringStateGathering
+
+	// GatheringStateComplete indicates candidate gatering has been completed
+	GatheringStateComplete
+)
+
+func (t GatheringState) String() string {
+	switch t {
+	case GatheringStateNew:
+		return "new"
+	case GatheringStateGathering:
+		return "gathering"
+	case GatheringStateComplete:
+		return "complete"
+	default:
+		return ErrUnknownType.Error()
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/icecontrol.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/icecontrol.go
new file mode 100644
index 000000000..ede2e09cb
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/icecontrol.go
@@ -0,0 +1,87 @@
+package ice
+
+import (
+	"encoding/binary"
+
+	"github.com/pion/stun"
+)
+
+// tiebreaker is common helper for ICE-{CONTROLLED,CONTROLLING}
+// and represents the so-called tiebreaker number.
+type tiebreaker uint64
+
+const tiebreakerSize = 8 // 64 bit
+
+// AddToAs adds tiebreaker value to m as t attribute.
+func (a tiebreaker) AddToAs(m *stun.Message, t stun.AttrType) error {
+	v := make([]byte, tiebreakerSize)
+	binary.BigEndian.PutUint64(v, uint64(a))
+	m.Add(t, v)
+	return nil
+}
+
+// GetFromAs decodes tiebreaker value in message getting it as for t type.
+func (a *tiebreaker) GetFromAs(m *stun.Message, t stun.AttrType) error {
+	v, err := m.Get(t)
+	if err != nil {
+		return err
+	}
+	if err = stun.CheckSize(t, len(v), tiebreakerSize); err != nil {
+		return err
+	}
+	*a = tiebreaker(binary.BigEndian.Uint64(v))
+	return nil
+}
+
+// AttrControlled represents ICE-CONTROLLED attribute.
+type AttrControlled uint64
+
+// AddTo adds ICE-CONTROLLED to message.
+func (c AttrControlled) AddTo(m *stun.Message) error {
+	return tiebreaker(c).AddToAs(m, stun.AttrICEControlled)
+}
+
+// GetFrom decodes ICE-CONTROLLED from message.
+func (c *AttrControlled) GetFrom(m *stun.Message) error {
+	return (*tiebreaker)(c).GetFromAs(m, stun.AttrICEControlled)
+}
+
+// AttrControlling represents ICE-CONTROLLING attribute.
+type AttrControlling uint64
+
+// AddTo adds ICE-CONTROLLING to message.
+func (c AttrControlling) AddTo(m *stun.Message) error {
+	return tiebreaker(c).AddToAs(m, stun.AttrICEControlling)
+}
+
+// GetFrom decodes ICE-CONTROLLING from message.
+func (c *AttrControlling) GetFrom(m *stun.Message) error {
+	return (*tiebreaker)(c).GetFromAs(m, stun.AttrICEControlling)
+}
+
+// AttrControl is helper that wraps ICE-{CONTROLLED,CONTROLLING}.
+type AttrControl struct {
+	Role       Role
+	Tiebreaker uint64
+}
+
+// AddTo adds ICE-CONTROLLED or ICE-CONTROLLING attribute depending on Role.
+func (c AttrControl) AddTo(m *stun.Message) error {
+	if c.Role == Controlling {
+		return tiebreaker(c.Tiebreaker).AddToAs(m, stun.AttrICEControlling)
+	}
+	return tiebreaker(c.Tiebreaker).AddToAs(m, stun.AttrICEControlled)
+}
+
+// GetFrom decodes Role and Tiebreaker value from message.
+func (c *AttrControl) GetFrom(m *stun.Message) error {
+	if m.Contains(stun.AttrICEControlling) {
+		c.Role = Controlling
+		return (*tiebreaker)(&c.Tiebreaker).GetFromAs(m, stun.AttrICEControlling)
+	}
+	if m.Contains(stun.AttrICEControlled) {
+		c.Role = Controlled
+		return (*tiebreaker)(&c.Tiebreaker).GetFromAs(m, stun.AttrICEControlled)
+	}
+	return stun.ErrAttributeNotFound
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/mdns.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/mdns.go
new file mode 100644
index 000000000..5a431d152
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/mdns.go
@@ -0,0 +1,63 @@
+package ice
+
+import (
+	"net"
+
+	"github.com/google/uuid"
+	"github.com/pion/logging"
+	"github.com/pion/mdns"
+	"golang.org/x/net/ipv4"
+)
+
+// MulticastDNSMode represents the different Multicast modes ICE can run in
+type MulticastDNSMode byte
+
+// MulticastDNSMode enum
+const (
+	// MulticastDNSModeDisabled means remote mDNS candidates will be discarded, and local host candidates will use IPs
+	MulticastDNSModeDisabled MulticastDNSMode = iota + 1
+
+	// MulticastDNSModeQueryOnly means remote mDNS candidates will be accepted, and local host candidates will use IPs
+	MulticastDNSModeQueryOnly
+
+	// MulticastDNSModeQueryAndGather means remote mDNS candidates will be accepted, and local host candidates will use mDNS
+	MulticastDNSModeQueryAndGather
+)
+
+func generateMulticastDNSName() (string, error) {
+	// https://tools.ietf.org/id/draft-ietf-rtcweb-mdns-ice-candidates-02.html#gathering
+	// The unique name MUST consist of a version 4 UUID as defined in [RFC4122], followed by “.local”.
+	u, err := uuid.NewRandom()
+	return u.String() + ".local", err
+}
+
+func createMulticastDNS(mDNSMode MulticastDNSMode, mDNSName string, log logging.LeveledLogger) (*mdns.Conn, MulticastDNSMode, error) {
+	if mDNSMode == MulticastDNSModeDisabled {
+		return nil, mDNSMode, nil
+	}
+
+	addr, mdnsErr := net.ResolveUDPAddr("udp4", mdns.DefaultAddress)
+	if mdnsErr != nil {
+		return nil, mDNSMode, mdnsErr
+	}
+
+	l, mdnsErr := net.ListenUDP("udp4", addr)
+	if mdnsErr != nil {
+		// If ICE fails to start MulticastDNS server just warn the user and continue
+		log.Errorf("Failed to enable mDNS, continuing in mDNS disabled mode: (%s)", mdnsErr)
+		return nil, MulticastDNSModeDisabled, nil
+	}
+
+	switch mDNSMode {
+	case MulticastDNSModeQueryOnly:
+		conn, err := mdns.Server(ipv4.NewPacketConn(l), &mdns.Config{})
+		return conn, mDNSMode, err
+	case MulticastDNSModeQueryAndGather:
+		conn, err := mdns.Server(ipv4.NewPacketConn(l), &mdns.Config{
+			LocalNames: []string{mDNSName},
+		})
+		return conn, mDNSMode, err
+	default:
+		return nil, mDNSMode, nil
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/networktype.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/networktype.go
new file mode 100644
index 000000000..462ff2dea
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/networktype.go
@@ -0,0 +1,130 @@
+package ice
+
+import (
+	"fmt"
+	"net"
+	"strings"
+)
+
+const (
+	udp = "udp"
+	tcp = "tcp"
+)
+
+func supportedNetworkTypes() []NetworkType {
+	return []NetworkType{
+		NetworkTypeUDP4,
+		NetworkTypeUDP6,
+		NetworkTypeTCP4,
+		NetworkTypeTCP6,
+	}
+}
+
+// NetworkType represents the type of network
+type NetworkType int
+
+const (
+	// NetworkTypeUDP4 indicates UDP over IPv4.
+	NetworkTypeUDP4 NetworkType = iota + 1
+
+	// NetworkTypeUDP6 indicates UDP over IPv6.
+	NetworkTypeUDP6
+
+	// NetworkTypeTCP4 indicates TCP over IPv4.
+	NetworkTypeTCP4
+
+	// NetworkTypeTCP6 indicates TCP over IPv6.
+	NetworkTypeTCP6
+)
+
+func (t NetworkType) String() string {
+	switch t {
+	case NetworkTypeUDP4:
+		return "udp4"
+	case NetworkTypeUDP6:
+		return "udp6"
+	case NetworkTypeTCP4:
+		return "tcp4"
+	case NetworkTypeTCP6:
+		return "tcp6"
+	default:
+		return ErrUnknownType.Error()
+	}
+}
+
+// IsUDP returns true when network is UDP4 or UDP6.
+func (t NetworkType) IsUDP() bool {
+	return t == NetworkTypeUDP4 || t == NetworkTypeUDP6
+}
+
+// IsTCP returns true when network is TCP4 or TCP6.
+func (t NetworkType) IsTCP() bool {
+	return t == NetworkTypeTCP4 || t == NetworkTypeTCP6
+}
+
+// NetworkShort returns the short network description
+func (t NetworkType) NetworkShort() string {
+	switch t {
+	case NetworkTypeUDP4, NetworkTypeUDP6:
+		return udp
+	case NetworkTypeTCP4, NetworkTypeTCP6:
+		return tcp
+	default:
+		return ErrUnknownType.Error()
+	}
+}
+
+// IsReliable returns true if the network is reliable
+func (t NetworkType) IsReliable() bool {
+	switch t {
+	case NetworkTypeUDP4, NetworkTypeUDP6:
+		return false
+	case NetworkTypeTCP4, NetworkTypeTCP6:
+		return true
+	}
+	return false
+}
+
+// IsIPv4 returns whether the network type is IPv4 or not.
+func (t NetworkType) IsIPv4() bool {
+	switch t {
+	case NetworkTypeUDP4, NetworkTypeTCP4:
+		return true
+	case NetworkTypeUDP6, NetworkTypeTCP6:
+		return false
+	}
+	return false
+}
+
+// IsIPv6 returns whether the network type is IPv6 or not.
+func (t NetworkType) IsIPv6() bool {
+	switch t {
+	case NetworkTypeUDP4, NetworkTypeTCP4:
+		return false
+	case NetworkTypeUDP6, NetworkTypeTCP6:
+		return true
+	}
+	return false
+}
+
+// determineNetworkType determines the type of network based on
+// the short network string and an IP address.
+func determineNetworkType(network string, ip net.IP) (NetworkType, error) {
+	ipv4 := ip.To4() != nil
+
+	switch {
+	case strings.HasPrefix(strings.ToLower(network), udp):
+		if ipv4 {
+			return NetworkTypeUDP4, nil
+		}
+		return NetworkTypeUDP6, nil
+
+	case strings.HasPrefix(strings.ToLower(network), tcp):
+		if ipv4 {
+			return NetworkTypeTCP4, nil
+		}
+		return NetworkTypeTCP6, nil
+	}
+
+	return NetworkType(0), fmt.Errorf("%w from %s %s", errDetermineNetworkType, network, ip)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/priority.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/priority.go
new file mode 100644
index 000000000..421829938
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/priority.go
@@ -0,0 +1,33 @@
+package ice
+
+import (
+	"encoding/binary"
+
+	"github.com/pion/stun"
+)
+
+// PriorityAttr represents PRIORITY attribute.
+type PriorityAttr uint32
+
+const prioritySize = 4 // 32 bit
+
+// AddTo adds PRIORITY attribute to message.
+func (p PriorityAttr) AddTo(m *stun.Message) error {
+	v := make([]byte, prioritySize)
+	binary.BigEndian.PutUint32(v, uint32(p))
+	m.Add(stun.AttrPriority, v)
+	return nil
+}
+
+// GetFrom decodes PRIORITY attribute from message.
+func (p *PriorityAttr) GetFrom(m *stun.Message) error {
+	v, err := m.Get(stun.AttrPriority)
+	if err != nil {
+		return err
+	}
+	if err = stun.CheckSize(stun.AttrPriority, len(v), prioritySize); err != nil {
+		return err
+	}
+	*p = PriorityAttr(binary.BigEndian.Uint32(v))
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/rand.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/rand.go
new file mode 100644
index 000000000..918783e02
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/rand.go
@@ -0,0 +1,53 @@
+package ice
+
+import "github.com/pion/randutil"
+
+const (
+	runesAlpha                 = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
+	runesDigit                 = "0123456789"
+	runesCandidateIDFoundation = runesAlpha + runesDigit + "+/"
+
+	lenUFrag = 16
+	lenPwd   = 32
+)
+
+// Seeding random generator each time limits number of generated sequence to 31-bits,
+// and causes collision on low time accuracy environments.
+// Use global random generator seeded by crypto grade random.
+var (
+	globalMathRandomGenerator  = randutil.NewMathRandomGenerator()               //nolint:gochecknoglobals
+	globalCandidateIDGenerator = candidateIDGenerator{globalMathRandomGenerator} //nolint:gochecknoglobals
+)
+
+// candidateIDGenerator is a random candidate ID generator.
+// Candidate ID is used in SDP and always shared to the other peer.
+// It doesn't require cryptographic random.
+type candidateIDGenerator struct {
+	randutil.MathRandomGenerator
+}
+
+func newCandidateIDGenerator() *candidateIDGenerator {
+	return &candidateIDGenerator{
+		randutil.NewMathRandomGenerator(),
+	}
+}
+
+func (g *candidateIDGenerator) Generate() string {
+	// https://tools.ietf.org/html/rfc5245#section-15.1
+	// candidate-id = "candidate" ":" foundation
+	// foundation   = 1*32ice-char
+	// ice-char     = ALPHA / DIGIT / "+" / "/"
+	return "candidate:" + g.MathRandomGenerator.GenerateString(32, runesCandidateIDFoundation)
+}
+
+// generatePwd generates ICE pwd.
+// This internally uses generateCryptoRandomString.
+func generatePwd() (string, error) {
+	return randutil.GenerateCryptoRandomString(lenPwd, runesAlpha)
+}
+
+// generateUFrag generates ICE user fragment.
+// This internally uses generateCryptoRandomString.
+func generateUFrag() (string, error) {
+	return randutil.GenerateCryptoRandomString(lenUFrag, runesAlpha)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/renovate.json b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/renovate.json
new file mode 100644
index 000000000..4400fd9b2
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/renovate.json
@@ -0,0 +1,15 @@
+{
+  "extends": [
+    "config:base"
+  ],
+  "postUpdateOptions": [
+    "gomodTidy"
+  ],
+  "commitBody": "Generated by renovateBot",
+  "packageRules": [
+    {
+      "packagePatterns": ["^golang.org/x/"],
+      "schedule": ["on the first day of the month"]
+    }
+  ]
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/role.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/role.go
new file mode 100644
index 000000000..7a8bc064a
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/role.go
@@ -0,0 +1,43 @@
+package ice
+
+import (
+	"fmt"
+)
+
+// Role represents ICE agent role, which can be controlling or controlled.
+type Role byte
+
+// Possible ICE agent roles.
+const (
+	Controlling Role = iota
+	Controlled
+)
+
+// UnmarshalText implements TextUnmarshaler.
+func (r *Role) UnmarshalText(text []byte) error {
+	switch string(text) {
+	case "controlling":
+		*r = Controlling
+	case "controlled":
+		*r = Controlled
+	default:
+		return fmt.Errorf("%w %q", errUnknownRole, text)
+	}
+	return nil
+}
+
+// MarshalText implements TextMarshaler.
+func (r Role) MarshalText() (text []byte, err error) {
+	return []byte(r.String()), nil
+}
+
+func (r Role) String() string {
+	switch r {
+	case Controlling:
+		return "controlling"
+	case Controlled:
+		return "controlled"
+	default:
+		return "unknown"
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/selection.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/selection.go
new file mode 100644
index 000000000..e0cfb1034
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/selection.go
@@ -0,0 +1,287 @@
+package ice
+
+import (
+	"net"
+	"time"
+
+	"github.com/pion/logging"
+	"github.com/pion/stun"
+)
+
+type pairCandidateSelector interface {
+	Start()
+	ContactCandidates()
+	PingCandidate(local, remote Candidate)
+	HandleSuccessResponse(m *stun.Message, local, remote Candidate, remoteAddr net.Addr)
+	HandleBindingRequest(m *stun.Message, local, remote Candidate)
+}
+
+type controllingSelector struct {
+	startTime     time.Time
+	agent         *Agent
+	nominatedPair *candidatePair
+	log           logging.LeveledLogger
+}
+
+func (s *controllingSelector) Start() {
+	s.startTime = time.Now()
+	s.nominatedPair = nil
+}
+
+func (s *controllingSelector) isNominatable(c Candidate) bool {
+	switch {
+	case c.Type() == CandidateTypeHost:
+		return time.Since(s.startTime).Nanoseconds() > s.agent.hostAcceptanceMinWait.Nanoseconds()
+	case c.Type() == CandidateTypeServerReflexive:
+		return time.Since(s.startTime).Nanoseconds() > s.agent.srflxAcceptanceMinWait.Nanoseconds()
+	case c.Type() == CandidateTypePeerReflexive:
+		return time.Since(s.startTime).Nanoseconds() > s.agent.prflxAcceptanceMinWait.Nanoseconds()
+	case c.Type() == CandidateTypeRelay:
+		return time.Since(s.startTime).Nanoseconds() > s.agent.relayAcceptanceMinWait.Nanoseconds()
+	}
+
+	s.log.Errorf("isNominatable invalid candidate type %s", c.Type().String())
+	return false
+}
+
+func (s *controllingSelector) ContactCandidates() {
+	switch {
+	case s.agent.getSelectedPair() != nil:
+		if s.agent.validateSelectedPair() {
+			s.log.Trace("checking keepalive")
+			s.agent.checkKeepalive()
+		}
+	case s.nominatedPair != nil:
+		s.nominatePair(s.nominatedPair)
+	default:
+		p := s.agent.getBestValidCandidatePair()
+		if p != nil && s.isNominatable(p.local) && s.isNominatable(p.remote) {
+			s.log.Tracef("Nominatable pair found, nominating (%s, %s)", p.local.String(), p.remote.String())
+			p.nominated = true
+			s.nominatedPair = p
+			s.nominatePair(p)
+			return
+		}
+		s.agent.pingAllCandidates()
+	}
+}
+
+func (s *controllingSelector) nominatePair(pair *candidatePair) {
+	// The controlling agent MUST include the USE-CANDIDATE attribute in
+	// order to nominate a candidate pair (Section 8.1.1).  The controlled
+	// agent MUST NOT include the USE-CANDIDATE attribute in a Binding
+	// request.
+	msg, err := stun.Build(stun.BindingRequest, stun.TransactionID,
+		stun.NewUsername(s.agent.remoteUfrag+":"+s.agent.localUfrag),
+		UseCandidate(),
+		AttrControlling(s.agent.tieBreaker),
+		PriorityAttr(pair.local.Priority()),
+		stun.NewShortTermIntegrity(s.agent.remotePwd),
+		stun.Fingerprint,
+	)
+	if err != nil {
+		s.log.Error(err.Error())
+		return
+	}
+
+	s.log.Tracef("ping STUN (nominate candidate pair) from %s to %s\n", pair.local.String(), pair.remote.String())
+	s.agent.sendBindingRequest(msg, pair.local, pair.remote)
+}
+
+func (s *controllingSelector) HandleBindingRequest(m *stun.Message, local, remote Candidate) {
+	s.agent.sendBindingSuccess(m, local, remote)
+
+	p := s.agent.findPair(local, remote)
+
+	if p == nil {
+		s.agent.addPair(local, remote)
+		return
+	}
+
+	if p.state == CandidatePairStateSucceeded && s.nominatedPair == nil && s.agent.getSelectedPair() == nil {
+		bestPair := s.agent.getBestAvailableCandidatePair()
+		if bestPair == nil {
+			s.log.Tracef("No best pair available\n")
+		} else if bestPair.Equal(p) && s.isNominatable(p.local) && s.isNominatable(p.remote) {
+			s.log.Tracef("The candidate (%s, %s) is the best candidate available, marking it as nominated\n",
+				p.local.String(), p.remote.String())
+			s.nominatedPair = p
+			s.nominatePair(p)
+		}
+	}
+}
+
+func (s *controllingSelector) HandleSuccessResponse(m *stun.Message, local, remote Candidate, remoteAddr net.Addr) {
+	ok, pendingRequest := s.agent.handleInboundBindingSuccess(m.TransactionID)
+	if !ok {
+		s.log.Warnf("discard message from (%s), unknown TransactionID 0x%x", remote, m.TransactionID)
+		return
+	}
+
+	transactionAddr := pendingRequest.destination
+
+	// Assert that NAT is not symmetric
+	// https://tools.ietf.org/html/rfc8445#section-7.2.5.2.1
+	if !addrEqual(transactionAddr, remoteAddr) {
+		s.log.Debugf("discard message: transaction source and destination does not match expected(%s), actual(%s)", transactionAddr, remote)
+		return
+	}
+
+	s.log.Tracef("inbound STUN (SuccessResponse) from %s to %s", remote.String(), local.String())
+	p := s.agent.findPair(local, remote)
+
+	if p == nil {
+		// This shouldn't happen
+		s.log.Error("Success response from invalid candidate pair")
+		return
+	}
+
+	p.state = CandidatePairStateSucceeded
+	s.log.Tracef("Found valid candidate pair: %s", p)
+	if pendingRequest.isUseCandidate && s.agent.getSelectedPair() == nil {
+		s.agent.setSelectedPair(p)
+	}
+}
+
+func (s *controllingSelector) PingCandidate(local, remote Candidate) {
+	msg, err := stun.Build(stun.BindingRequest, stun.TransactionID,
+		stun.NewUsername(s.agent.remoteUfrag+":"+s.agent.localUfrag),
+		AttrControlling(s.agent.tieBreaker),
+		PriorityAttr(local.Priority()),
+		stun.NewShortTermIntegrity(s.agent.remotePwd),
+		stun.Fingerprint,
+	)
+	if err != nil {
+		s.log.Error(err.Error())
+		return
+	}
+
+	s.agent.sendBindingRequest(msg, local, remote)
+}
+
+type controlledSelector struct {
+	agent *Agent
+	log   logging.LeveledLogger
+}
+
+func (s *controlledSelector) Start() {
+}
+
+func (s *controlledSelector) ContactCandidates() {
+	if s.agent.getSelectedPair() != nil {
+		if s.agent.validateSelectedPair() {
+			s.log.Trace("checking keepalive")
+			s.agent.checkKeepalive()
+		}
+	} else {
+		s.agent.pingAllCandidates()
+	}
+}
+
+func (s *controlledSelector) PingCandidate(local, remote Candidate) {
+	msg, err := stun.Build(stun.BindingRequest, stun.TransactionID,
+		stun.NewUsername(s.agent.remoteUfrag+":"+s.agent.localUfrag),
+		AttrControlled(s.agent.tieBreaker),
+		PriorityAttr(local.Priority()),
+		stun.NewShortTermIntegrity(s.agent.remotePwd),
+		stun.Fingerprint,
+	)
+	if err != nil {
+		s.log.Error(err.Error())
+		return
+	}
+
+	s.agent.sendBindingRequest(msg, local, remote)
+}
+
+func (s *controlledSelector) HandleSuccessResponse(m *stun.Message, local, remote Candidate, remoteAddr net.Addr) {
+	// nolint:godox
+	// TODO according to the standard we should specifically answer a failed nomination:
+	// https://tools.ietf.org/html/rfc8445#section-7.3.1.5
+	// If the controlled agent does not accept the request from the
+	// controlling agent, the controlled agent MUST reject the nomination
+	// request with an appropriate error code response (e.g., 400)
+	// [RFC5389].
+
+	ok, pendingRequest := s.agent.handleInboundBindingSuccess(m.TransactionID)
+	if !ok {
+		s.log.Warnf("discard message from (%s), unknown TransactionID 0x%x", remote, m.TransactionID)
+		return
+	}
+
+	transactionAddr := pendingRequest.destination
+
+	// Assert that NAT is not symmetric
+	// https://tools.ietf.org/html/rfc8445#section-7.2.5.2.1
+	if !addrEqual(transactionAddr, remoteAddr) {
+		s.log.Debugf("discard message: transaction source and destination does not match expected(%s), actual(%s)", transactionAddr, remote)
+		return
+	}
+
+	s.log.Tracef("inbound STUN (SuccessResponse) from %s to %s", remote.String(), local.String())
+
+	p := s.agent.findPair(local, remote)
+	if p == nil {
+		// This shouldn't happen
+		s.log.Error("Success response from invalid candidate pair")
+		return
+	}
+
+	p.state = CandidatePairStateSucceeded
+	s.log.Tracef("Found valid candidate pair: %s", p)
+}
+
+func (s *controlledSelector) HandleBindingRequest(m *stun.Message, local, remote Candidate) {
+	useCandidate := m.Contains(stun.AttrUseCandidate)
+
+	p := s.agent.findPair(local, remote)
+
+	if p == nil {
+		p = s.agent.addPair(local, remote)
+	}
+
+	if useCandidate {
+		// https://tools.ietf.org/html/rfc8445#section-7.3.1.5
+
+		if p.state == CandidatePairStateSucceeded {
+			// If the state of this pair is Succeeded, it means that the check
+			// previously sent by this pair produced a successful response and
+			// generated a valid pair (Section 7.2.5.3.2).  The agent sets the
+			// nominated flag value of the valid pair to true.
+			if selectedPair := s.agent.getSelectedPair(); selectedPair == nil {
+				s.agent.setSelectedPair(p)
+			}
+			s.agent.sendBindingSuccess(m, local, remote)
+		} else {
+			// If the received Binding request triggered a new check to be
+			// enqueued in the triggered-check queue (Section 7.3.1.4), once the
+			// check is sent and if it generates a successful response, and
+			// generates a valid pair, the agent sets the nominated flag of the
+			// pair to true.  If the request fails (Section 7.2.5.2), the agent
+			// MUST remove the candidate pair from the valid list, set the
+			// candidate pair state to Failed, and set the checklist state to
+			// Failed.
+			s.PingCandidate(local, remote)
+		}
+	} else {
+		s.agent.sendBindingSuccess(m, local, remote)
+		s.PingCandidate(local, remote)
+	}
+}
+
+type liteSelector struct {
+	pairCandidateSelector
+}
+
+// A lite selector should not contact candidates
+func (s *liteSelector) ContactCandidates() {
+	if _, ok := s.pairCandidateSelector.(*controllingSelector); ok {
+		// nolint:godox
+		// pion/ice#96
+		// TODO: implement lite controlling agent. For now falling back to full agent.
+		// This only happens if both peers are lite. See RFC 8445 S6.1.1 and S6.2
+		s.pairCandidateSelector.ContactCandidates()
+	} else if v, ok := s.pairCandidateSelector.(*controlledSelector); ok {
+		v.agent.validateSelectedPair()
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/stats.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/stats.go
new file mode 100644
index 000000000..f59d89ff9
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/stats.go
@@ -0,0 +1,177 @@
+package ice
+
+import (
+	"time"
+)
+
+// CandidatePairStats contains ICE candidate pair statistics
+type CandidatePairStats struct {
+	// Timestamp is the timestamp associated with this object.
+	Timestamp time.Time
+
+	// LocalCandidateID is the ID of the local candidate
+	LocalCandidateID string
+
+	// RemoteCandidateID is the ID of the remote candidate
+	RemoteCandidateID string
+
+	// State represents the state of the checklist for the local and remote
+	// candidates in a pair.
+	State CandidatePairState
+
+	// Nominated is true when this valid pair that should be used for media
+	// if it is the highest-priority one amongst those whose nominated flag is set
+	Nominated bool
+
+	// PacketsSent represents the total number of packets sent on this candidate pair.
+	PacketsSent uint32
+
+	// PacketsReceived represents the total number of packets received on this candidate pair.
+	PacketsReceived uint32
+
+	// BytesSent represents the total number of payload bytes sent on this candidate pair
+	// not including headers or padding.
+	BytesSent uint64
+
+	// BytesReceived represents the total number of payload bytes received on this candidate pair
+	// not including headers or padding.
+	BytesReceived uint64
+
+	// LastPacketSentTimestamp represents the timestamp at which the last packet was
+	// sent on this particular candidate pair, excluding STUN packets.
+	LastPacketSentTimestamp time.Time
+
+	// LastPacketReceivedTimestamp represents the timestamp at which the last packet
+	// was received on this particular candidate pair, excluding STUN packets.
+	LastPacketReceivedTimestamp time.Time
+
+	// FirstRequestTimestamp represents the timestamp at which the first STUN request
+	// was sent on this particular candidate pair.
+	FirstRequestTimestamp time.Time
+
+	// LastRequestTimestamp represents the timestamp at which the last STUN request
+	// was sent on this particular candidate pair. The average interval between two
+	// consecutive connectivity checks sent can be calculated with
+	// (LastRequestTimestamp - FirstRequestTimestamp) / RequestsSent.
+	LastRequestTimestamp time.Time
+
+	// LastResponseTimestamp represents the timestamp at which the last STUN response
+	// was received on this particular candidate pair.
+	LastResponseTimestamp time.Time
+
+	// TotalRoundTripTime represents the sum of all round trip time measurements
+	// in seconds since the beginning of the session, based on STUN connectivity
+	// check responses (ResponsesReceived), including those that reply to requests
+	// that are sent in order to verify consent. The average round trip time can
+	// be computed from TotalRoundTripTime by dividing it by ResponsesReceived.
+	TotalRoundTripTime float64
+
+	// CurrentRoundTripTime represents the latest round trip time measured in seconds,
+	// computed from both STUN connectivity checks, including those that are sent
+	// for consent verification.
+	CurrentRoundTripTime float64
+
+	// AvailableOutgoingBitrate is calculated by the underlying congestion control
+	// by combining the available bitrate for all the outgoing RTP streams using
+	// this candidate pair. The bitrate measurement does not count the size of the
+	// IP or other transport layers like TCP or UDP. It is similar to the TIAS defined
+	// in RFC 3890, i.e., it is measured in bits per second and the bitrate is calculated
+	// over a 1 second window.
+	AvailableOutgoingBitrate float64
+
+	// AvailableIncomingBitrate is calculated by the underlying congestion control
+	// by combining the available bitrate for all the incoming RTP streams using
+	// this candidate pair. The bitrate measurement does not count the size of the
+	// IP or other transport layers like TCP or UDP. It is similar to the TIAS defined
+	// in  RFC 3890, i.e., it is measured in bits per second and the bitrate is
+	// calculated over a 1 second window.
+	AvailableIncomingBitrate float64
+
+	// CircuitBreakerTriggerCount represents the number of times the circuit breaker
+	// is triggered for this particular 5-tuple, ceasing transmission.
+	CircuitBreakerTriggerCount uint32
+
+	// RequestsReceived represents the total number of connectivity check requests
+	// received (including retransmissions). It is impossible for the receiver to
+	// tell whether the request was sent in order to check connectivity or check
+	// consent, so all connectivity checks requests are counted here.
+	RequestsReceived uint64
+
+	// RequestsSent represents the total number of connectivity check requests
+	// sent (not including retransmissions).
+	RequestsSent uint64
+
+	// ResponsesReceived represents the total number of connectivity check responses received.
+	ResponsesReceived uint64
+
+	// ResponsesSent epresents the total number of connectivity check responses sent.
+	// Since we cannot distinguish connectivity check requests and consent requests,
+	// all responses are counted.
+	ResponsesSent uint64
+
+	// RetransmissionsReceived represents the total number of connectivity check
+	// request retransmissions received.
+	RetransmissionsReceived uint64
+
+	// RetransmissionsSent represents the total number of connectivity check
+	// request retransmissions sent.
+	RetransmissionsSent uint64
+
+	// ConsentRequestsSent represents the total number of consent requests sent.
+	ConsentRequestsSent uint64
+
+	// ConsentExpiredTimestamp represents the timestamp at which the latest valid
+	// STUN binding response expired.
+	ConsentExpiredTimestamp time.Time
+}
+
+// CandidateStats contains ICE candidate statistics related to the ICETransport objects.
+type CandidateStats struct {
+	// Timestamp is the timestamp associated with this object.
+	Timestamp time.Time
+
+	// ID is the candidate ID
+	ID string
+
+	// NetworkType represents the type of network interface used by the base of a
+	// local candidate (the address the ICE agent sends from). Only present for
+	// local candidates; it's not possible to know what type of network interface
+	// a remote candidate is using.
+	//
+	// Note:
+	// This stat only tells you about the network interface used by the first "hop";
+	// it's possible that a connection will be bottlenecked by another type of network.
+	// For example, when using Wi-Fi tethering, the networkType of the relevant candidate
+	// would be "wifi", even when the next hop is over a cellular connection.
+	NetworkType NetworkType
+
+	// IP is the IP address of the candidate, allowing for IPv4 addresses and
+	// IPv6 addresses, but fully qualified domain names (FQDNs) are not allowed.
+	IP string
+
+	// Port is the port number of the candidate.
+	Port int
+
+	// CandidateType is the "Type" field of the ICECandidate.
+	CandidateType CandidateType
+
+	// Priority is the "Priority" field of the ICECandidate.
+	Priority uint32
+
+	// URL is the URL of the TURN or STUN server indicated in the that translated
+	// this IP address. It is the URL address surfaced in an PeerConnectionICEEvent.
+	URL string
+
+	// RelayProtocol is the protocol used by the endpoint to communicate with the
+	// TURN server. This is only present for local candidates. Valid values for
+	// the TURN URL protocol is one of udp, tcp, or tls.
+	RelayProtocol string
+
+	// Deleted is true if the candidate has been deleted/freed. For host candidates,
+	// this means that any network resources (typically a socket) associated with the
+	// candidate have been released. For TURN candidates, this means the TURN allocation
+	// is no longer active.
+	//
+	// Only defined for local candidates. For remote candidates, this property is not applicable.
+	Deleted bool
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/stun.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/stun.go
new file mode 100644
index 000000000..bef7c87e5
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/stun.go
@@ -0,0 +1,24 @@
+package ice
+
+import (
+	"fmt"
+
+	"github.com/pion/stun"
+)
+
+func assertInboundUsername(m *stun.Message, expectedUsername string) error {
+	var username stun.Username
+	if err := username.GetFrom(m); err != nil {
+		return err
+	}
+	if string(username) != expectedUsername {
+		return fmt.Errorf("%w expected(%x) actual(%x)", errMismatchUsername, expectedUsername, string(username))
+	}
+
+	return nil
+}
+
+func assertInboundMessageIntegrity(m *stun.Message, key []byte) error {
+	messageIntegrityAttr := stun.MessageIntegrity(key)
+	return messageIntegrityAttr.Check(m)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/tcp_mux.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/tcp_mux.go
new file mode 100644
index 000000000..1a9a797a5
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/tcp_mux.go
@@ -0,0 +1,295 @@
+package ice
+
+import (
+	"encoding/binary"
+	"io"
+	"net"
+	"strings"
+	"sync"
+
+	"github.com/pion/logging"
+	"github.com/pion/stun"
+)
+
+// TCPMux is allows grouping multiple TCP net.Conns and using them like UDP
+// net.PacketConns. The main implementation of this is TCPMuxDefault, and this
+// interface exists to:
+// 1. prevent SEGV panics when TCPMuxDefault is not initialized by using the
+//    invalidTCPMux implementation, and
+// 2. allow mocking in tests.
+type TCPMux interface {
+	io.Closer
+	GetConnByUfrag(ufrag string) (net.PacketConn, error)
+	RemoveConnByUfrag(ufrag string)
+}
+
+// invalidTCPMux is an implementation of TCPMux that always returns ErroTCPMuxNotInitialized.
+type invalidTCPMux struct {
+}
+
+func newInvalidTCPMux() *invalidTCPMux {
+	return &invalidTCPMux{}
+}
+
+// Close implements TCPMux interface.
+func (m *invalidTCPMux) Close() error {
+	return ErrTCPMuxNotInitialized
+}
+
+// GetConnByUfrag implements TCPMux interface.
+func (m *invalidTCPMux) GetConnByUfrag(ufrag string) (net.PacketConn, error) {
+	return nil, ErrTCPMuxNotInitialized
+}
+
+// RemoveConnByUfrag implements TCPMux interface.
+func (m *invalidTCPMux) RemoveConnByUfrag(ufrag string) {}
+
+// TCPMuxDefault muxes TCP net.Conns into net.PacketConns and groups them by
+// Ufrag. It is a default implementation of TCPMux interface.
+type TCPMuxDefault struct {
+	params *TCPMuxParams
+	closed bool
+
+	// conns is a map of all tcpPacketConns indexed by ufrag
+	conns map[string]*tcpPacketConn
+
+	mu sync.Mutex
+	wg sync.WaitGroup
+}
+
+// TCPMuxParams are parameters for TCPMux.
+type TCPMuxParams struct {
+	Listener       net.Listener
+	Logger         logging.LeveledLogger
+	ReadBufferSize int
+}
+
+// NewTCPMuxDefault creates a new instance of TCPMuxDefault.
+func NewTCPMuxDefault(params TCPMuxParams) *TCPMuxDefault {
+	if params.Logger == nil {
+		params.Logger = logging.NewDefaultLoggerFactory().NewLogger("ice")
+	}
+
+	m := &TCPMuxDefault{
+		params: &params,
+
+		conns: map[string]*tcpPacketConn{},
+	}
+
+	m.wg.Add(1)
+	go func() {
+		defer m.wg.Done()
+		m.start()
+	}()
+
+	return m
+}
+
+func (m *TCPMuxDefault) start() {
+	m.params.Logger.Infof("Listening TCP on %s\n", m.params.Listener.Addr())
+	for {
+		conn, err := m.params.Listener.Accept()
+		if err != nil {
+			m.params.Logger.Infof("Error accepting connection: %s\n", err)
+			return
+		}
+
+		m.params.Logger.Debugf("Accepted connection from: %s to %s", conn.RemoteAddr(), conn.LocalAddr())
+
+		m.wg.Add(1)
+		go func() {
+			defer m.wg.Done()
+			m.handleConn(conn)
+		}()
+	}
+}
+
+// LocalAddr returns the listening address of this TCPMuxDefault.
+func (m *TCPMuxDefault) LocalAddr() net.Addr {
+	return m.params.Listener.Addr()
+}
+
+// GetConnByUfrag retrieves an existing or creates a new net.PacketConn.
+func (m *TCPMuxDefault) GetConnByUfrag(ufrag string) (net.PacketConn, error) {
+	m.mu.Lock()
+	defer m.mu.Unlock()
+
+	if m.closed {
+		return nil, io.ErrClosedPipe
+	}
+
+	conn, ok := m.conns[ufrag]
+
+	if ok {
+		return conn, nil
+		// return nil, fmt.Errorf("duplicate ufrag %v", ufrag)
+	}
+
+	conn = m.createConn(ufrag, m.LocalAddr())
+
+	return conn, nil
+}
+
+func (m *TCPMuxDefault) createConn(ufrag string, localAddr net.Addr) *tcpPacketConn {
+	conn := newTCPPacketConn(tcpPacketParams{
+		ReadBuffer: m.params.ReadBufferSize,
+		LocalAddr:  localAddr,
+		Logger:     m.params.Logger,
+	})
+	m.conns[ufrag] = conn
+
+	m.wg.Add(1)
+	go func() {
+		defer m.wg.Done()
+		<-conn.CloseChannel()
+		m.RemoveConnByUfrag(ufrag)
+	}()
+
+	return conn
+}
+
+func (m *TCPMuxDefault) closeAndLogError(closer io.Closer) {
+	err := closer.Close()
+	if err != nil {
+		m.params.Logger.Warnf("Error closing connection: %s", err)
+	}
+}
+
+func (m *TCPMuxDefault) handleConn(conn net.Conn) {
+	buf := make([]byte, receiveMTU)
+
+	n, err := readStreamingPacket(conn, buf)
+	if err != nil {
+		m.params.Logger.Warnf("Error reading first packet: %s", err)
+		return
+	}
+
+	buf = buf[:n]
+
+	msg := &stun.Message{
+		Raw: make([]byte, len(buf)),
+	}
+	// Explicitly copy raw buffer so Message can own the memory.
+	copy(msg.Raw, buf)
+	if err = msg.Decode(); err != nil {
+		m.closeAndLogError(conn)
+		m.params.Logger.Warnf("Failed to handle decode ICE from %s to %s: %v\n", conn.RemoteAddr(), conn.LocalAddr(), err)
+		return
+	}
+
+	if m == nil || msg.Type.Method != stun.MethodBinding { // not a stun
+		m.closeAndLogError(conn)
+		m.params.Logger.Warnf("Not a STUN message from %s to %s\n", conn.RemoteAddr(), conn.LocalAddr())
+		return
+	}
+
+	for _, attr := range msg.Attributes {
+		m.params.Logger.Debugf("msg attr: %s\n", attr.String())
+	}
+
+	attr, err := msg.Get(stun.AttrUsername)
+	if err != nil {
+		m.closeAndLogError(conn)
+		m.params.Logger.Warnf("No Username attribute in STUN message from %s to %s\n", conn.RemoteAddr(), conn.LocalAddr())
+		return
+	}
+
+	ufrag := strings.Split(string(attr), ":")[0]
+	m.params.Logger.Debugf("Ufrag: %s\n", ufrag)
+
+	m.mu.Lock()
+	defer m.mu.Unlock()
+
+	packetConn, ok := m.conns[ufrag]
+	if !ok {
+		packetConn = m.createConn(ufrag, conn.LocalAddr())
+	}
+
+	if err := packetConn.AddConn(conn, buf); err != nil {
+		m.closeAndLogError(conn)
+		m.params.Logger.Warnf("Error adding conn to tcpPacketConn from %s to %s: %s\n", conn.RemoteAddr(), conn.LocalAddr(), err)
+		return
+	}
+}
+
+// Close closes the listener and waits for all goroutines to exit.
+func (m *TCPMuxDefault) Close() error {
+	m.mu.Lock()
+	m.closed = true
+
+	for _, conn := range m.conns {
+		m.closeAndLogError(conn)
+	}
+	m.conns = map[string]*tcpPacketConn{}
+
+	err := m.params.Listener.Close()
+
+	m.mu.Unlock()
+
+	m.wg.Wait()
+
+	return err
+}
+
+// RemoveConnByUfrag closes and removes a net.PacketConn by Ufrag.
+func (m *TCPMuxDefault) RemoveConnByUfrag(ufrag string) {
+	m.mu.Lock()
+	defer m.mu.Unlock()
+
+	if conn, ok := m.conns[ufrag]; ok {
+		m.closeAndLogError(conn)
+		delete(m.conns, ufrag)
+	}
+}
+
+const streamingPacketHeaderLen = 2
+
+// readStreamingPacket reads 1 packet from stream
+// read packet  bytes https://tools.ietf.org/html/rfc4571#section-2
+// 2-byte length header prepends each packet:
+//     0                   1                   2                   3
+//     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+//    -----------------------------------------------------------------
+//    |             LENGTH            |  RTP or RTCP packet ...       |
+//    -----------------------------------------------------------------
+func readStreamingPacket(conn net.Conn, buf []byte) (int, error) {
+	header := make([]byte, streamingPacketHeaderLen)
+	var bytesRead, n int
+	var err error
+
+	for bytesRead < streamingPacketHeaderLen {
+		if n, err = conn.Read(header[bytesRead:streamingPacketHeaderLen]); err != nil {
+			return 0, err
+		}
+		bytesRead += n
+	}
+
+	length := int(binary.BigEndian.Uint16(header))
+
+	if length > cap(buf) {
+		return length, io.ErrShortBuffer
+	}
+
+	bytesRead = 0
+	for bytesRead < length {
+		if n, err = conn.Read(buf[bytesRead:length]); err != nil {
+			return 0, err
+		}
+		bytesRead += n
+	}
+
+	return bytesRead, nil
+}
+
+func writeStreamingPacket(conn net.Conn, buf []byte) (int, error) {
+	bufferCopy := make([]byte, streamingPacketHeaderLen+len(buf))
+	binary.BigEndian.PutUint16(bufferCopy, uint16(len(buf)))
+	copy(bufferCopy[2:], buf)
+
+	n, err := conn.Write(bufferCopy)
+	if err != nil {
+		return 0, err
+	}
+
+	return n - streamingPacketHeaderLen, nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/tcp_packet_conn.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/tcp_packet_conn.go
new file mode 100644
index 000000000..dc4eaf04f
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/tcp_packet_conn.go
@@ -0,0 +1,240 @@
+package ice
+
+import (
+	"fmt"
+	"io"
+	"net"
+	"sync"
+	"time"
+
+	"github.com/pion/logging"
+)
+
+type tcpPacketConn struct {
+	params *tcpPacketParams
+
+	// conns is a map of net.Conns indexed by remote net.Addr.String()
+	conns map[string]net.Conn
+
+	recvChan chan streamingPacket
+
+	mu         sync.Mutex
+	wg         sync.WaitGroup
+	closedChan chan struct{}
+	closeOnce  sync.Once
+}
+
+type streamingPacket struct {
+	Data  []byte
+	RAddr net.Addr
+	Err   error
+}
+
+type tcpPacketParams struct {
+	ReadBuffer int
+	LocalAddr  net.Addr
+	Logger     logging.LeveledLogger
+}
+
+func newTCPPacketConn(params tcpPacketParams) *tcpPacketConn {
+	p := &tcpPacketConn{
+		params: &params,
+
+		conns: map[string]net.Conn{},
+
+		recvChan:   make(chan streamingPacket, params.ReadBuffer),
+		closedChan: make(chan struct{}),
+	}
+
+	return p
+}
+
+func (t *tcpPacketConn) AddConn(conn net.Conn, firstPacketData []byte) error {
+	t.params.Logger.Infof("AddConn: %s %s", conn.RemoteAddr().Network(), conn.RemoteAddr())
+
+	t.mu.Lock()
+	defer t.mu.Unlock()
+
+	select {
+	case <-t.closedChan:
+		return io.ErrClosedPipe
+	default:
+	}
+
+	if _, ok := t.conns[conn.RemoteAddr().String()]; ok {
+		return fmt.Errorf("%w: %s", errConnectionAddrAlreadyExist, conn.RemoteAddr().String())
+	}
+
+	t.conns[conn.RemoteAddr().String()] = conn
+
+	t.wg.Add(1)
+	go func() {
+		if firstPacketData != nil {
+			t.recvChan <- streamingPacket{firstPacketData, conn.RemoteAddr(), nil}
+		}
+		defer t.wg.Done()
+		t.startReading(conn)
+	}()
+
+	return nil
+}
+
+func (t *tcpPacketConn) startReading(conn net.Conn) {
+	buf := make([]byte, receiveMTU)
+
+	for {
+		n, err := readStreamingPacket(conn, buf)
+		// t.params.Logger.Infof("readStreamingPacket read %d bytes", n)
+		if err != nil {
+			t.params.Logger.Infof("%w: %s\n", errReadingStreamingPacket, err)
+			t.handleRecv(streamingPacket{nil, conn.RemoteAddr(), err})
+			t.removeConn(conn)
+			return
+		}
+
+		data := make([]byte, n)
+		copy(data, buf[:n])
+
+		// t.params.Logger.Infof("Writing read streaming packet to recvChan: %d bytes", len(data))
+		t.handleRecv(streamingPacket{data, conn.RemoteAddr(), nil})
+	}
+}
+
+func (t *tcpPacketConn) handleRecv(pkt streamingPacket) {
+	t.mu.Lock()
+
+	recvChan := t.recvChan
+	if t.isClosed() {
+		recvChan = nil
+	}
+
+	t.mu.Unlock()
+
+	select {
+	case recvChan <- pkt:
+	case <-t.closedChan:
+	}
+}
+
+func (t *tcpPacketConn) isClosed() bool {
+	select {
+	case <-t.closedChan:
+		return true
+	default:
+		return false
+	}
+}
+
+// WriteTo is for passive and s-o candidates.
+func (t *tcpPacketConn) ReadFrom(b []byte) (n int, raddr net.Addr, err error) {
+	pkt, ok := <-t.recvChan
+
+	if !ok {
+		return 0, nil, io.ErrClosedPipe
+	}
+
+	if pkt.Err != nil {
+		return 0, pkt.RAddr, pkt.Err
+	}
+
+	if cap(b) < len(pkt.Data) {
+		return 0, pkt.RAddr, io.ErrShortBuffer
+	}
+
+	n = len(pkt.Data)
+	copy(b, pkt.Data[:n])
+	return n, pkt.RAddr, err
+}
+
+// WriteTo is for active and s-o candidates.
+func (t *tcpPacketConn) WriteTo(buf []byte, raddr net.Addr) (n int, err error) {
+	t.mu.Lock()
+	defer t.mu.Unlock()
+
+	conn, ok := t.conns[raddr.String()]
+	if !ok {
+		return 0, io.ErrClosedPipe
+		// conn, err := net.DialTCP(tcp, nil, raddr.(*net.TCPAddr))
+
+		// if err != nil {
+		// 	t.params.Logger.Tracef("DialTCP error: %s", err)
+		// 	return 0, err
+		// }
+
+		// go t.startReading(conn)
+		// t.conns[raddr.String()] = conn
+	}
+
+	n, err = writeStreamingPacket(conn, buf)
+	if err != nil {
+		t.params.Logger.Tracef("%w %s\n", errWriting, raddr)
+		return n, err
+	}
+
+	return n, err
+}
+
+func (t *tcpPacketConn) closeAndLogError(closer io.Closer) {
+	err := closer.Close()
+	if err != nil {
+		t.params.Logger.Warnf("%w: %s", errClosingConnection, err)
+	}
+}
+
+func (t *tcpPacketConn) removeConn(conn net.Conn) {
+	t.mu.Lock()
+	defer t.mu.Unlock()
+
+	t.closeAndLogError(conn)
+
+	delete(t.conns, conn.RemoteAddr().String())
+}
+
+func (t *tcpPacketConn) Close() error {
+	t.mu.Lock()
+
+	var shouldCloseRecvChan bool
+	t.closeOnce.Do(func() {
+		close(t.closedChan)
+		shouldCloseRecvChan = true
+	})
+
+	for _, conn := range t.conns {
+		t.closeAndLogError(conn)
+		delete(t.conns, conn.RemoteAddr().String())
+	}
+
+	t.mu.Unlock()
+
+	t.wg.Wait()
+
+	if shouldCloseRecvChan {
+		close(t.recvChan)
+	}
+
+	return nil
+}
+
+func (t *tcpPacketConn) LocalAddr() net.Addr {
+	return t.params.LocalAddr
+}
+
+func (t *tcpPacketConn) SetDeadline(tm time.Time) error {
+	return nil
+}
+
+func (t *tcpPacketConn) SetReadDeadline(tm time.Time) error {
+	return nil
+}
+
+func (t *tcpPacketConn) SetWriteDeadline(tm time.Time) error {
+	return nil
+}
+
+func (t *tcpPacketConn) CloseChannel() <-chan struct{} {
+	return t.closedChan
+}
+
+func (t *tcpPacketConn) String() string {
+	return fmt.Sprintf("tcpPacketConn{LocalAddr: %s}", t.params.LocalAddr)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/tcptype.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/tcptype.go
new file mode 100644
index 000000000..6700fe5ff
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/tcptype.go
@@ -0,0 +1,48 @@
+package ice
+
+import "strings"
+
+// TCPType is the type of ICE TCP candidate as described in
+// ttps://tools.ietf.org/html/rfc6544#section-4.5
+type TCPType int
+
+const (
+	// TCPTypeUnspecified is the default value. For example UDP candidates do not
+	// need this field.
+	TCPTypeUnspecified TCPType = iota
+	// TCPTypeActive is active TCP candidate, which initiates TCP connections.
+	TCPTypeActive
+	// TCPTypePassive is passive TCP candidate, only accepts TCP connections.
+	TCPTypePassive
+	// TCPTypeSimultaneousOpen is like active and passive at the same time.
+	TCPTypeSimultaneousOpen
+)
+
+// NewTCPType creates a new TCPType from string.
+func NewTCPType(value string) TCPType {
+	switch strings.ToLower(value) {
+	case "active":
+		return TCPTypeActive
+	case "passive":
+		return TCPTypePassive
+	case "so":
+		return TCPTypeSimultaneousOpen
+	default:
+		return TCPTypeUnspecified
+	}
+}
+
+func (t TCPType) String() string {
+	switch t {
+	case TCPTypeUnspecified:
+		return ""
+	case TCPTypeActive:
+		return "active"
+	case TCPTypePassive:
+		return "passive"
+	case TCPTypeSimultaneousOpen:
+		return "so"
+	default:
+		return ErrUnknownType.Error()
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/transport.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/transport.go
new file mode 100644
index 000000000..d1c82ffff
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/transport.go
@@ -0,0 +1,145 @@
+package ice
+
+import (
+	"context"
+	"net"
+	"sync/atomic"
+	"time"
+
+	"github.com/pion/stun"
+)
+
+// Dial connects to the remote agent, acting as the controlling ice agent.
+// Dial blocks until at least one ice candidate pair has successfully connected.
+func (a *Agent) Dial(ctx context.Context, remoteUfrag, remotePwd string) (*Conn, error) {
+	return a.connect(ctx, true, remoteUfrag, remotePwd)
+}
+
+// Accept connects to the remote agent, acting as the controlled ice agent.
+// Accept blocks until at least one ice candidate pair has successfully connected.
+func (a *Agent) Accept(ctx context.Context, remoteUfrag, remotePwd string) (*Conn, error) {
+	return a.connect(ctx, false, remoteUfrag, remotePwd)
+}
+
+// Conn represents the ICE connection.
+// At the moment the lifetime of the Conn is equal to the Agent.
+type Conn struct {
+	bytesReceived uint64
+	bytesSent     uint64
+	agent         *Agent
+}
+
+// BytesSent returns the number of bytes sent
+func (c *Conn) BytesSent() uint64 {
+	return atomic.LoadUint64(&c.bytesSent)
+}
+
+// BytesReceived returns the number of bytes received
+func (c *Conn) BytesReceived() uint64 {
+	return atomic.LoadUint64(&c.bytesReceived)
+}
+
+func (a *Agent) connect(ctx context.Context, isControlling bool, remoteUfrag, remotePwd string) (*Conn, error) {
+	err := a.ok()
+	if err != nil {
+		return nil, err
+	}
+	err = a.startConnectivityChecks(isControlling, remoteUfrag, remotePwd)
+	if err != nil {
+		return nil, err
+	}
+
+	// block until pair selected
+	select {
+	case <-a.done:
+		return nil, a.getErr()
+	case <-ctx.Done():
+		return nil, ErrCanceledByCaller
+	case <-a.onConnected:
+	}
+
+	return &Conn{
+		agent: a,
+	}, nil
+}
+
+// Read implements the Conn Read method.
+func (c *Conn) Read(p []byte) (int, error) {
+	err := c.agent.ok()
+	if err != nil {
+		return 0, err
+	}
+
+	n, err := c.agent.buffer.Read(p)
+	atomic.AddUint64(&c.bytesReceived, uint64(n))
+	return n, err
+}
+
+// Write implements the Conn Write method.
+func (c *Conn) Write(p []byte) (int, error) {
+	err := c.agent.ok()
+	if err != nil {
+		return 0, err
+	}
+
+	if stun.IsMessage(p) {
+		return 0, errICEWriteSTUNMessage
+	}
+
+	pair := c.agent.getSelectedPair()
+	if pair == nil {
+		if err = c.agent.run(c.agent.context(), func(ctx context.Context, a *Agent) {
+			pair = a.getBestValidCandidatePair()
+		}); err != nil {
+			return 0, err
+		}
+
+		if pair == nil {
+			return 0, err
+		}
+	}
+
+	atomic.AddUint64(&c.bytesSent, uint64(len(p)))
+	return pair.Write(p)
+}
+
+// Close implements the Conn Close method. It is used to close
+// the connection. Any calls to Read and Write will be unblocked and return an error.
+func (c *Conn) Close() error {
+	return c.agent.Close()
+}
+
+// LocalAddr returns the local address of the current selected pair or nil if there is none.
+func (c *Conn) LocalAddr() net.Addr {
+	pair := c.agent.getSelectedPair()
+	if pair == nil {
+		return nil
+	}
+
+	return pair.local.addr()
+}
+
+// RemoteAddr returns the remote address of the current selected pair or nil if there is none.
+func (c *Conn) RemoteAddr() net.Addr {
+	pair := c.agent.getSelectedPair()
+	if pair == nil {
+		return nil
+	}
+
+	return pair.remote.addr()
+}
+
+// SetDeadline is a stub
+func (c *Conn) SetDeadline(t time.Time) error {
+	return nil
+}
+
+// SetReadDeadline is a stub
+func (c *Conn) SetReadDeadline(t time.Time) error {
+	return nil
+}
+
+// SetWriteDeadline is a stub
+func (c *Conn) SetWriteDeadline(t time.Time) error {
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/url.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/url.go
new file mode 100644
index 000000000..390591e3d
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/url.go
@@ -0,0 +1,225 @@
+package ice
+
+import (
+	"net"
+	"net/url"
+	"strconv"
+)
+
+// SchemeType indicates the type of server used in the ice.URL structure.
+type SchemeType int
+
+// Unknown defines default public constant to use for "enum" like struct
+// comparisons when no value was defined.
+const Unknown = iota
+
+const (
+	// SchemeTypeSTUN indicates the URL represents a STUN server.
+	SchemeTypeSTUN SchemeType = iota + 1
+
+	// SchemeTypeSTUNS indicates the URL represents a STUNS (secure) server.
+	SchemeTypeSTUNS
+
+	// SchemeTypeTURN indicates the URL represents a TURN server.
+	SchemeTypeTURN
+
+	// SchemeTypeTURNS indicates the URL represents a TURNS (secure) server.
+	SchemeTypeTURNS
+)
+
+// NewSchemeType defines a procedure for creating a new SchemeType from a raw
+// string naming the scheme type.
+func NewSchemeType(raw string) SchemeType {
+	switch raw {
+	case "stun":
+		return SchemeTypeSTUN
+	case "stuns":
+		return SchemeTypeSTUNS
+	case "turn":
+		return SchemeTypeTURN
+	case "turns":
+		return SchemeTypeTURNS
+	default:
+		return SchemeType(Unknown)
+	}
+}
+
+func (t SchemeType) String() string {
+	switch t {
+	case SchemeTypeSTUN:
+		return "stun"
+	case SchemeTypeSTUNS:
+		return "stuns"
+	case SchemeTypeTURN:
+		return "turn"
+	case SchemeTypeTURNS:
+		return "turns"
+	default:
+		return ErrUnknownType.Error()
+	}
+}
+
+// ProtoType indicates the transport protocol type that is used in the ice.URL
+// structure.
+type ProtoType int
+
+const (
+	// ProtoTypeUDP indicates the URL uses a UDP transport.
+	ProtoTypeUDP ProtoType = iota + 1
+
+	// ProtoTypeTCP indicates the URL uses a TCP transport.
+	ProtoTypeTCP
+)
+
+// NewProtoType defines a procedure for creating a new ProtoType from a raw
+// string naming the transport protocol type.
+func NewProtoType(raw string) ProtoType {
+	switch raw {
+	case "udp":
+		return ProtoTypeUDP
+	case "tcp":
+		return ProtoTypeTCP
+	default:
+		return ProtoType(Unknown)
+	}
+}
+
+func (t ProtoType) String() string {
+	switch t {
+	case ProtoTypeUDP:
+		return "udp"
+	case ProtoTypeTCP:
+		return "tcp"
+	default:
+		return ErrUnknownType.Error()
+	}
+}
+
+// URL represents a STUN (rfc7064) or TURN (rfc7065) URL
+type URL struct {
+	Scheme   SchemeType
+	Host     string
+	Port     int
+	Username string
+	Password string
+	Proto    ProtoType
+}
+
+// ParseURL parses a STUN or TURN urls following the ABNF syntax described in
+// https://tools.ietf.org/html/rfc7064 and https://tools.ietf.org/html/rfc7065
+// respectively.
+func ParseURL(raw string) (*URL, error) { //nolint:gocognit
+	rawParts, err := url.Parse(raw)
+	if err != nil {
+		return nil, err
+	}
+
+	var u URL
+	u.Scheme = NewSchemeType(rawParts.Scheme)
+	if u.Scheme == SchemeType(Unknown) {
+		return nil, ErrSchemeType
+	}
+
+	var rawPort string
+	if u.Host, rawPort, err = net.SplitHostPort(rawParts.Opaque); err != nil {
+		if e, ok := err.(*net.AddrError); ok {
+			if e.Err == "missing port in address" {
+				nextRawURL := u.Scheme.String() + ":" + rawParts.Opaque
+				switch {
+				case u.Scheme == SchemeTypeSTUN || u.Scheme == SchemeTypeTURN:
+					nextRawURL += ":3478"
+					if rawParts.RawQuery != "" {
+						nextRawURL += "?" + rawParts.RawQuery
+					}
+					return ParseURL(nextRawURL)
+				case u.Scheme == SchemeTypeSTUNS || u.Scheme == SchemeTypeTURNS:
+					nextRawURL += ":5349"
+					if rawParts.RawQuery != "" {
+						nextRawURL += "?" + rawParts.RawQuery
+					}
+					return ParseURL(nextRawURL)
+				}
+			}
+		}
+		return nil, err
+	}
+
+	if u.Host == "" {
+		return nil, ErrHost
+	}
+
+	if u.Port, err = strconv.Atoi(rawPort); err != nil {
+		return nil, ErrPort
+	}
+
+	switch u.Scheme {
+	case SchemeTypeSTUN:
+		qArgs, err := url.ParseQuery(rawParts.RawQuery)
+		if err != nil || len(qArgs) > 0 {
+			return nil, ErrSTUNQuery
+		}
+		u.Proto = ProtoTypeUDP
+	case SchemeTypeSTUNS:
+		qArgs, err := url.ParseQuery(rawParts.RawQuery)
+		if err != nil || len(qArgs) > 0 {
+			return nil, ErrSTUNQuery
+		}
+		u.Proto = ProtoTypeTCP
+	case SchemeTypeTURN:
+		proto, err := parseProto(rawParts.RawQuery)
+		if err != nil {
+			return nil, err
+		}
+
+		u.Proto = proto
+		if u.Proto == ProtoType(Unknown) {
+			u.Proto = ProtoTypeUDP
+		}
+	case SchemeTypeTURNS:
+		proto, err := parseProto(rawParts.RawQuery)
+		if err != nil {
+			return nil, err
+		}
+
+		u.Proto = proto
+		if u.Proto == ProtoType(Unknown) {
+			u.Proto = ProtoTypeTCP
+		}
+	}
+
+	return &u, nil
+}
+
+func parseProto(raw string) (ProtoType, error) {
+	qArgs, err := url.ParseQuery(raw)
+	if err != nil || len(qArgs) > 1 {
+		return ProtoType(Unknown), ErrInvalidQuery
+	}
+
+	var proto ProtoType
+	if rawProto := qArgs.Get("transport"); rawProto != "" {
+		if proto = NewProtoType(rawProto); proto == ProtoType(0) {
+			return ProtoType(Unknown), ErrProtoType
+		}
+		return proto, nil
+	}
+
+	if len(qArgs) > 0 {
+		return ProtoType(Unknown), ErrInvalidQuery
+	}
+
+	return proto, nil
+}
+
+func (u URL) String() string {
+	rawURL := u.Scheme.String() + ":" + net.JoinHostPort(u.Host, strconv.Itoa(u.Port))
+	if u.Scheme == SchemeTypeTURN || u.Scheme == SchemeTypeTURNS {
+		rawURL += "?transport=" + u.Proto.String()
+	}
+	return rawURL
+}
+
+// IsSecure returns whether the this URL's scheme describes secure scheme or not.
+func (u URL) IsSecure() bool {
+	return u.Scheme == SchemeTypeSTUNS || u.Scheme == SchemeTypeTURNS
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/usecandidate.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/usecandidate.go
new file mode 100644
index 000000000..f168c08eb
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/usecandidate.go
@@ -0,0 +1,23 @@
+package ice
+
+import "github.com/pion/stun"
+
+// UseCandidateAttr represents USE-CANDIDATE attribute.
+type UseCandidateAttr struct{}
+
+// AddTo adds USE-CANDIDATE attribute to message.
+func (UseCandidateAttr) AddTo(m *stun.Message) error {
+	m.Add(stun.AttrUseCandidate, nil)
+	return nil
+}
+
+// IsSet returns true if USE-CANDIDATE attribute is set.
+func (UseCandidateAttr) IsSet(m *stun.Message) bool {
+	_, err := m.Get(stun.AttrUseCandidate)
+	return err == nil
+}
+
+// UseCandidate is shorthand for UseCandidateAttr.
+func UseCandidate() UseCandidateAttr {
+	return UseCandidateAttr{}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/util.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/util.go
new file mode 100644
index 000000000..7eb13c803
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/ice/v2/util.go
@@ -0,0 +1,233 @@
+package ice
+
+import (
+	"fmt"
+	"net"
+	"sync/atomic"
+	"time"
+
+	"github.com/pion/logging"
+	"github.com/pion/stun"
+	"github.com/pion/transport/vnet"
+)
+
+type atomicError struct{ v atomic.Value }
+
+func (a *atomicError) Store(err error) {
+	a.v.Store(struct{ error }{err})
+}
+
+func (a *atomicError) Load() error {
+	err, _ := a.v.Load().(struct{ error })
+	return err.error
+}
+
+// The conditions of invalidation written below are defined in
+// https://tools.ietf.org/html/rfc8445#section-5.1.1.1
+func isSupportedIPv6(ip net.IP) bool {
+	if len(ip) != net.IPv6len ||
+		isZeros(ip[0:12]) || // !(IPv4-compatible IPv6)
+		ip[0] == 0xfe && ip[1]&0xc0 == 0xc0 || // !(IPv6 site-local unicast)
+		ip.IsLinkLocalUnicast() ||
+		ip.IsLinkLocalMulticast() {
+		return false
+	}
+	return true
+}
+
+func isZeros(ip net.IP) bool {
+	for i := 0; i < len(ip); i++ {
+		if ip[i] != 0 {
+			return false
+		}
+	}
+	return true
+}
+
+func parseAddr(in net.Addr) (net.IP, int, NetworkType, bool) {
+	switch addr := in.(type) {
+	case *net.UDPAddr:
+		return addr.IP, addr.Port, NetworkTypeUDP4, true
+	case *net.TCPAddr:
+		return addr.IP, addr.Port, NetworkTypeTCP4, true
+	}
+	return nil, 0, 0, false
+}
+
+func createAddr(network NetworkType, ip net.IP, port int) net.Addr {
+	switch {
+	case network.IsTCP():
+		return &net.TCPAddr{IP: ip, Port: port}
+	default:
+		return &net.UDPAddr{IP: ip, Port: port}
+	}
+}
+
+func addrEqual(a, b net.Addr) bool {
+	aIP, aPort, aType, aOk := parseAddr(a)
+	if !aOk {
+		return false
+	}
+
+	bIP, bPort, bType, bOk := parseAddr(b)
+	if !bOk {
+		return false
+	}
+
+	return aType == bType && aIP.Equal(bIP) && aPort == bPort
+}
+
+// getXORMappedAddr initiates a stun requests to serverAddr using conn, reads the response and returns
+// the XORMappedAddress returned by the stun server.
+//
+// Adapted from stun v0.2.
+func getXORMappedAddr(conn net.PacketConn, serverAddr net.Addr, deadline time.Duration) (*stun.XORMappedAddress, error) {
+	if deadline > 0 {
+		if err := conn.SetReadDeadline(time.Now().Add(deadline)); err != nil {
+			return nil, err
+		}
+	}
+	defer func() {
+		if deadline > 0 {
+			_ = conn.SetReadDeadline(time.Time{})
+		}
+	}()
+	resp, err := stunRequest(
+		func(p []byte) (int, error) {
+			n, _, errr := conn.ReadFrom(p)
+			return n, errr
+		},
+		func(b []byte) (int, error) {
+			return conn.WriteTo(b, serverAddr)
+		},
+	)
+	if err != nil {
+		return nil, err
+	}
+	var addr stun.XORMappedAddress
+	if err = addr.GetFrom(resp); err != nil {
+		return nil, fmt.Errorf("%w: %v", errGetXorMappedAddrResponse, err)
+	}
+	return &addr, nil
+}
+
+func stunRequest(read func([]byte) (int, error), write func([]byte) (int, error)) (*stun.Message, error) {
+	req, err := stun.Build(stun.BindingRequest, stun.TransactionID)
+	if err != nil {
+		return nil, err
+	}
+	if _, err = write(req.Raw); err != nil {
+		return nil, err
+	}
+	const maxMessageSize = 1280
+	bs := make([]byte, maxMessageSize)
+	n, err := read(bs)
+	if err != nil {
+		return nil, err
+	}
+	res := &stun.Message{Raw: bs[:n]}
+	if err := res.Decode(); err != nil {
+		return nil, err
+	}
+	return res, nil
+}
+
+func localInterfaces(vnet *vnet.Net, interfaceFilter func(string) bool, networkTypes []NetworkType) ([]net.IP, error) { //nolint:gocognit
+	ips := []net.IP{}
+	ifaces, err := vnet.Interfaces()
+	if err != nil {
+		return ips, err
+	}
+
+	var IPv4Requested, IPv6Requested bool
+	for _, typ := range networkTypes {
+		if typ.IsIPv4() {
+			IPv4Requested = true
+		}
+
+		if typ.IsIPv6() {
+			IPv6Requested = true
+		}
+	}
+
+	for _, iface := range ifaces {
+		if iface.Flags&net.FlagUp == 0 {
+			continue // interface down
+		}
+		if iface.Flags&net.FlagLoopback != 0 {
+			continue // loopback interface
+		}
+
+		if interfaceFilter != nil && !interfaceFilter(iface.Name) {
+			continue
+		}
+
+		addrs, err := iface.Addrs()
+		if err != nil {
+			continue
+		}
+
+		for _, addr := range addrs {
+			var ip net.IP
+			switch addr := addr.(type) {
+			case *net.IPNet:
+				ip = addr.IP
+			case *net.IPAddr:
+				ip = addr.IP
+			}
+			if ip == nil || ip.IsLoopback() {
+				continue
+			}
+
+			if ipv4 := ip.To4(); ipv4 == nil {
+				if !IPv6Requested {
+					continue
+				} else if !isSupportedIPv6(ip) {
+					continue
+				}
+			} else if !IPv4Requested {
+				continue
+			}
+
+			ips = append(ips, ip)
+		}
+	}
+	return ips, nil
+}
+
+func listenUDPInPortRange(vnet *vnet.Net, log logging.LeveledLogger, portMax, portMin int, network string, laddr *net.UDPAddr) (vnet.UDPPacketConn, error) {
+	if (laddr.Port != 0) || ((portMin == 0) && (portMax == 0)) {
+		return vnet.ListenUDP(network, laddr)
+	}
+	var i, j int
+	i = portMin
+	if i == 0 {
+		i = 1
+	}
+	j = portMax
+	if j == 0 {
+		j = 0xFFFF
+	}
+	if i > j {
+		return nil, ErrPort
+	}
+
+	portStart := globalMathRandomGenerator.Intn(j-i+1) + i
+	portCurrent := portStart
+	for {
+		laddr = &net.UDPAddr{IP: laddr.IP, Port: portCurrent}
+		c, e := vnet.ListenUDP(network, laddr)
+		if e == nil {
+			return c, e
+		}
+		log.Debugf("failed to listen %s: %v", laddr.String(), e)
+		portCurrent++
+		if portCurrent > j {
+			portCurrent = i
+		}
+		if portCurrent == portStart {
+			break
+		}
+	}
+	return nil, ErrPort
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/.gitignore b/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/.gitignore
new file mode 100644
index 000000000..83db74ba5
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/.gitignore
@@ -0,0 +1,24 @@
+### JetBrains IDE ###
+#####################
+.idea/
+
+### Emacs Temporary Files ###
+#############################
+*~
+
+### Folders ###
+###############
+bin/
+vendor/
+node_modules/
+
+### Files ###
+#############
+*.ivf
+*.ogg
+tags
+cover.out
+*.sw[poe]
+*.wasm
+examples/sfu-ws/cert.pem
+examples/sfu-ws/key.pem
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/.golangci.yml b/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/.golangci.yml
new file mode 100644
index 000000000..d6162c970
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/.golangci.yml
@@ -0,0 +1,89 @@
+linters-settings:
+  govet:
+    check-shadowing: true
+  misspell:
+    locale: US
+  exhaustive:
+    default-signifies-exhaustive: true
+  gomodguard:
+    blocked:
+      modules:
+        - github.com/pkg/errors:
+            recommendations:
+            - errors
+
+linters:
+  enable:
+    - asciicheck       # Simple linter to check that your code does not contain non-ASCII identifiers
+    - bodyclose        # checks whether HTTP response body is closed successfully
+    - deadcode         # Finds unused code
+    - depguard         # Go linter that checks if package imports are in a list of acceptable packages
+    - dogsled          # Checks assignments with too many blank identifiers (e.g. x, _, _, _, := f())
+    - dupl             # Tool for code clone detection
+    - errcheck         # Errcheck is a program for checking for unchecked errors in go programs. These unchecked errors can be critical bugs in some cases
+    - exhaustive       # check exhaustiveness of enum switch statements
+    - exportloopref    # checks for pointers to enclosing loop variables
+    - gci              # Gci control golang package import order and make it always deterministic.
+    - gochecknoglobals # Checks that no globals are present in Go code
+    - gochecknoinits   # Checks that no init functions are present in Go code
+    - gocognit         # Computes and checks the cognitive complexity of functions
+    - goconst          # Finds repeated strings that could be replaced by a constant
+    - gocritic         # The most opinionated Go source code linter
+    - godox            # Tool for detection of FIXME, TODO and other comment keywords
+    - goerr113         # Golang linter to check the errors handling expressions
+    - gofmt            # Gofmt checks whether code was gofmt-ed. By default this tool runs with -s option to check for code simplification
+    - gofumpt          # Gofumpt checks whether code was gofumpt-ed.
+    - goheader         # Checks is file header matches to pattern
+    - goimports        # Goimports does everything that gofmt does. Additionally it checks unused imports
+    - golint           # Golint differs from gofmt. Gofmt reformats Go source code, whereas golint prints out style mistakes
+    - gomodguard       # Allow and block list linter for direct Go module dependencies. This is different from depguard where there are different block types for example version constraints and module recommendations.
+    - goprintffuncname # Checks that printf-like functions are named with `f` at the end
+    - gosec            # Inspects source code for security problems
+    - gosimple         # Linter for Go source code that specializes in simplifying a code
+    - govet            # Vet examines Go source code and reports suspicious constructs, such as Printf calls whose arguments do not align with the format string
+    - ineffassign      # Detects when assignments to existing variables are not used
+    - misspell         # Finds commonly misspelled English words in comments
+    - nakedret         # Finds naked returns in functions greater than a specified function length
+    - noctx            # noctx finds sending http request without context.Context
+    - scopelint        # Scopelint checks for unpinned variables in go programs
+    - staticcheck      # Staticcheck is a go vet on steroids, applying a ton of static analysis checks
+    - structcheck      # Finds unused struct fields
+    - stylecheck       # Stylecheck is a replacement for golint
+    - typecheck        # Like the front-end of a Go compiler, parses and type-checks Go code
+    - unconvert        # Remove unnecessary type conversions
+    - unparam          # Reports unused function parameters
+    - unused           # Checks Go code for unused constants, variables, functions and types
+    - varcheck         # Finds unused global variables and constants
+    - whitespace       # Tool for detection of leading and trailing whitespace
+  disable:
+    - funlen           # Tool for detection of long functions
+    - gocyclo          # Computes and checks the cyclomatic complexity of functions
+    - godot            # Check if comments end in a period
+    - gomnd            # An analyzer to detect magic numbers.
+    - lll              # Reports long lines
+    - maligned         # Tool to detect Go structs that would take less memory if their fields were sorted
+    - nestif           # Reports deeply nested if statements
+    - nlreturn         # nlreturn checks for a new line before return and branch statements to increase code clarity
+    - nolintlint       # Reports ill-formed or insufficient nolint directives
+    - prealloc         # Finds slice declarations that could potentially be preallocated
+    - rowserrcheck     # checks whether Err of rows is checked successfully
+    - sqlclosecheck    # Checks that sql.Rows and sql.Stmt are closed.
+    - testpackage      # linter that makes you use a separate _test package
+    - wsl              # Whitespace Linter - Forces you to use empty lines!
+
+issues:
+  exclude-use-default: false
+  exclude-rules:
+    # Allow complex tests, better to be self contained
+    - path: _test\.go
+      linters:
+        - gocognit
+
+    # Allow complex main function in examples
+    - path: examples
+      text: "of func `main` is high"
+      linters:
+        - gocognit
+
+run:
+  skip-dirs-use-default: false
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/LICENSE b/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/LICENSE
new file mode 100644
index 000000000..ab602974d
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2018 
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/README.md b/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/README.md
new file mode 100644
index 000000000..007c340d1
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/README.md
@@ -0,0 +1,81 @@
+<h1 align="center">
+  <br>
+  Pion Interceptor
+  <br>
+</h1>
+<h4 align="center">RTCP and RTCP processors for building real time communications</h4>
+<p align="center">
+  <a href="https://pion.ly"><img src="https://img.shields.io/badge/pion-interceptor-gray.svg?longCache=true&colorB=brightgreen" alt="Pion Interceptor"></a>
+  <a href="https://pion.ly/slack"><img src="https://img.shields.io/badge/join-us%20on%20slack-gray.svg?longCache=true&logo=slack&colorB=brightgreen" alt="Slack Widget"></a>
+  <br>
+  <a href="https://pkg.go.dev/github.com/pion/interceptor"><img src="https://godoc.org/github.com/pion/interceptor?status.svg" alt="GoDoc"></a>
+  <a href="https://codecov.io/gh/pion/interceptor"><img src="https://codecov.io/gh/pion/interceptor/branch/master/graph/badge.svg" alt="Coverage Status"></a>
+  <a href="https://goreportcard.com/report/github.com/pion/interceptor"><img src="https://goreportcard.com/badge/github.com/pion/interceptor" alt="Go Report Card"></a>
+  <a href="LICENSE"><img src="https://img.shields.io/badge/License-MIT-yellow.svg" alt="License: MIT"></a>
+</p>
+<br>
+
+Interceptor is a framework for building RTP/RTCP communication software. This framework defines
+a interface that each interceptor must satisfy. These interceptors are then run sequentially. We
+also then provide common interceptors that will be useful for building RTC software.
+
+This package was built for [pion/webrtc](https://github.com/pion/webrtc), but we designed it to be consumable
+by anyone. With the following tenets in mind.
+
+* Useful defaults. Each interceptor will be configured to give you a good default experience.
+* Unblock unique use cases. New use cases are what is driving WebRTC, we want to empower them.
+* Encourage modification. Add your own interceptors without forking. Mixing with the ones we provide.
+* Empower learning. This code base should be useful to read and learn even if you aren't using Pion.
+
+#### Current Interceptors
+* NACK Generator/Responder
+
+#### Planned Interceptors
+* [Sender and Receiver Reports](https://tools.ietf.org/html/rfc3550#section-6.4)
+  - Bandwidth Estimation from Receiver Reports
+* [Transport Wide Congestion Control Feedback](https://tools.ietf.org/html/draft-holmer-rmcat-transport-wide-cc-extensions-01)
+  - [NADA](https://tools.ietf.org/html/rfc8698)
+  - [Google Congestion Control](https://tools.ietf.org/html/draft-ietf-rmcat-gcc-02)
+* JitterBuffer, re-order packets and wait for arrival
+* [FlexFec](https://tools.ietf.org/html/draft-ietf-payload-flexible-fec-scheme-20)
+* [webrtc-stats](https://www.w3.org/TR/webrtc-stats/) compliant statistics generation
+
+### Interceptor Public API
+The public interface is defined in [interceptor.go](https://github.com/pion/interceptor/blob/master/interceptor.go).
+The methods you need to satisy are broken up into 4 groups.
+
+* `BindRTCPWriter` and `BindRTCPReader` allow you to inspect/modify RTCP traffic.
+* `BindLocalStream` and `BindRemoteStream` notify you of a new SSRC stream and allow you to inspect/modify.
+* `UnbindLocalStream` and `UnbindRemoteStream` notify you when a SSRC stream has been removed
+* `Close` called when the interceptor is closed.
+
+Interceptors also pass Attributes between each other. These are a collection of key/value pairs and are useful for storing metadata
+or caching.
+
+[noop.go](https://github.com/pion/interceptor/blob/master/noop.go) is an interceptor that satisfies this interface, but does nothing.
+You can embed this interceptor as a starting point so you only need to define exactly what you need.
+
+[chain.go]( https://github.com/pion/interceptor/blob/master/chain.go) is used to combine multiple interceptors into one. They are called
+sequentially as the packet moves through them.
+
+### Examples
+The [examples](https://github.com/pion/interceptor/blob/master/examples) directory provides some basic examples. If you need more please file an issue!
+You should also look in [pion/webrtc](https://github.com/pion/webrtc) for real world examples.
+
+### Community
+Pion has an active community on the [Golang Slack](https://invite.slack.golangbridge.org/). Sign up and join the **#pion** channel for discussions and support. You can also use [Pion mailing list](https://groups.google.com/forum/#!forum/pion).
+
+We are always looking to support **your projects**. Please reach out if you have something to build!
+
+If you need commercial support or don't want to use public methods you can contact us at [team@pion.ly](mailto:team@pion.ly)
+
+### Contributing
+Check out the **[contributing wiki](https://github.com/pion/webrtc/wiki/Contributing)** to join the group of amazing people making this project possible:
+
+* [Adam Kiss](https://github.com/masterada) - *Original Author*
+* [Sean DuBois](https://github.com/sean-der) - *Original Author*
+* [Atsushi Watanabe](https://github.com/at-wat)
+* [Alessandro Ros](https://github.com/aler9)
+
+### License
+MIT License - see [LICENSE](LICENSE) for full text
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/chain.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/chain.go
new file mode 100644
index 000000000..d53c30714
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/chain.go
@@ -0,0 +1,75 @@
+package interceptor
+
+// Chain is an interceptor that runs all child interceptors in order.
+type Chain struct {
+	interceptors []Interceptor
+}
+
+// NewChain returns a new Chain interceptor.
+func NewChain(interceptors []Interceptor) *Chain {
+	return &Chain{interceptors: interceptors}
+}
+
+// BindRTCPReader lets you modify any incoming RTCP packets. It is called once per sender/receiver, however this might
+// change in the future. The returned method will be called once per packet batch.
+func (i *Chain) BindRTCPReader(reader RTCPReader) RTCPReader {
+	for _, interceptor := range i.interceptors {
+		reader = interceptor.BindRTCPReader(reader)
+	}
+
+	return reader
+}
+
+// BindRTCPWriter lets you modify any outgoing RTCP packets. It is called once per PeerConnection. The returned method
+// will be called once per packet batch.
+func (i *Chain) BindRTCPWriter(writer RTCPWriter) RTCPWriter {
+	for _, interceptor := range i.interceptors {
+		writer = interceptor.BindRTCPWriter(writer)
+	}
+
+	return writer
+}
+
+// BindLocalStream lets you modify any outgoing RTP packets. It is called once for per LocalStream. The returned method
+// will be called once per rtp packet.
+func (i *Chain) BindLocalStream(ctx *StreamInfo, writer RTPWriter) RTPWriter {
+	for _, interceptor := range i.interceptors {
+		writer = interceptor.BindLocalStream(ctx, writer)
+	}
+
+	return writer
+}
+
+// UnbindLocalStream is called when the Stream is removed. It can be used to clean up any data related to that track.
+func (i *Chain) UnbindLocalStream(ctx *StreamInfo) {
+	for _, interceptor := range i.interceptors {
+		interceptor.UnbindLocalStream(ctx)
+	}
+}
+
+// BindRemoteStream lets you modify any incoming RTP packets. It is called once for per RemoteStream. The returned method
+// will be called once per rtp packet.
+func (i *Chain) BindRemoteStream(ctx *StreamInfo, reader RTPReader) RTPReader {
+	for _, interceptor := range i.interceptors {
+		reader = interceptor.BindRemoteStream(ctx, reader)
+	}
+
+	return reader
+}
+
+// UnbindRemoteStream is called when the Stream is removed. It can be used to clean up any data related to that track.
+func (i *Chain) UnbindRemoteStream(ctx *StreamInfo) {
+	for _, interceptor := range i.interceptors {
+		interceptor.UnbindRemoteStream(ctx)
+	}
+}
+
+// Close closes the Interceptor, cleaning up any data if necessary.
+func (i *Chain) Close() error {
+	var errs []error
+	for _, interceptor := range i.interceptors {
+		errs = append(errs, interceptor.Close())
+	}
+
+	return flattenErrs(errs)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/codecov.yml b/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/codecov.yml
new file mode 100644
index 000000000..085200a48
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/codecov.yml
@@ -0,0 +1,20 @@
+#
+# DO NOT EDIT THIS FILE
+#
+# It is automatically copied from https://github.com/pion/.goassets repository.
+#
+
+coverage:
+  status:
+    project:
+      default:
+        # Allow decreasing 2% of total coverage to avoid noise.
+        threshold: 2%
+    patch:
+      default:
+        target: 70%
+        only_pulls: true
+
+ignore:
+  - "examples/*"
+  - "examples/**/*"
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/errors.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/errors.go
new file mode 100644
index 000000000..45e1252c9
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/errors.go
@@ -0,0 +1,51 @@
+package interceptor
+
+import (
+	"errors"
+	"strings"
+)
+
+func flattenErrs(errs []error) error {
+	errs2 := []error{}
+	for _, e := range errs {
+		if e != nil {
+			errs2 = append(errs2, e)
+		}
+	}
+	if len(errs2) == 0 {
+		return nil
+	}
+	return multiError(errs2)
+}
+
+type multiError []error
+
+func (me multiError) Error() string {
+	var errstrings []string
+
+	for _, err := range me {
+		if err != nil {
+			errstrings = append(errstrings, err.Error())
+		}
+	}
+
+	if len(errstrings) == 0 {
+		return "multiError must contain multiple error but is empty"
+	}
+
+	return strings.Join(errstrings, "\n")
+}
+
+func (me multiError) Is(err error) bool {
+	for _, e := range me {
+		if errors.Is(e, err) {
+			return true
+		}
+		if me2, ok := e.(multiError); ok {
+			if me2.Is(err) {
+				return true
+			}
+		}
+	}
+	return false
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/go.mod b/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/go.mod
new file mode 100644
index 000000000..067c0d436
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/go.mod
@@ -0,0 +1,10 @@
+module github.com/pion/interceptor
+
+go 1.15
+
+require (
+	github.com/pion/logging v0.2.2
+	github.com/pion/rtcp v1.2.6
+	github.com/pion/rtp v1.6.2
+	github.com/stretchr/testify v1.6.1
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/go.sum b/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/go.sum
new file mode 100644
index 000000000..d927bde07
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/go.sum
@@ -0,0 +1,19 @@
+github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/pion/logging v0.2.2 h1:M9+AIj/+pxNsDfAT64+MAVgJO0rsyLnoJKCqf//DoeY=
+github.com/pion/logging v0.2.2/go.mod h1:k0/tDVsRCX2Mb2ZEmTqNa7CWsQPc+YYCB7Q+5pahoms=
+github.com/pion/randutil v0.1.0 h1:CFG1UdESneORglEsnimhUjf33Rwjubwj6xfiOXBa3mA=
+github.com/pion/randutil v0.1.0/go.mod h1:XcJrSMMbbMRhASFVOlj/5hQial/Y8oH/HVo7TBZq+j8=
+github.com/pion/rtcp v1.2.6 h1:1zvwBbyd0TeEuuWftrd/4d++m+/kZSeiguxU61LFWpo=
+github.com/pion/rtcp v1.2.6/go.mod h1:52rMNPWFsjr39z9B9MhnkqhPLoeHTv1aN63o/42bWE0=
+github.com/pion/rtp v1.6.2 h1:iGBerLX6JiDjB9NXuaPzHyxHFG9JsIEdgwTC0lp5n/U=
+github.com/pion/rtp v1.6.2/go.mod h1:bDb5n+BFZxXx0Ea7E5qe+klMuqiBrP+w8XSjiWtCUko=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/interceptor.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/interceptor.go
new file mode 100644
index 000000000..2d1b97e2f
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/interceptor.go
@@ -0,0 +1,108 @@
+// Package interceptor contains the Interceptor interface, with some useful interceptors that should be safe to use
+// in most cases.
+package interceptor
+
+import (
+	"io"
+
+	"github.com/pion/rtcp"
+	"github.com/pion/rtp"
+)
+
+// Interceptor can be used to add functionality to you PeerConnections by modifying any incoming/outgoing rtp/rtcp
+// packets, or sending your own packets as needed.
+type Interceptor interface {
+
+	// BindRTCPReader lets you modify any incoming RTCP packets. It is called once per sender/receiver, however this might
+	// change in the future. The returned method will be called once per packet batch.
+	BindRTCPReader(reader RTCPReader) RTCPReader
+
+	// BindRTCPWriter lets you modify any outgoing RTCP packets. It is called once per PeerConnection. The returned method
+	// will be called once per packet batch.
+	BindRTCPWriter(writer RTCPWriter) RTCPWriter
+
+	// BindLocalStream lets you modify any outgoing RTP packets. It is called once for per LocalStream. The returned method
+	// will be called once per rtp packet.
+	BindLocalStream(info *StreamInfo, writer RTPWriter) RTPWriter
+
+	// UnbindLocalStream is called when the Stream is removed. It can be used to clean up any data related to that track.
+	UnbindLocalStream(info *StreamInfo)
+
+	// BindRemoteStream lets you modify any incoming RTP packets. It is called once for per RemoteStream. The returned method
+	// will be called once per rtp packet.
+	BindRemoteStream(info *StreamInfo, reader RTPReader) RTPReader
+
+	// UnbindRemoteStream is called when the Stream is removed. It can be used to clean up any data related to that track.
+	UnbindRemoteStream(info *StreamInfo)
+
+	io.Closer
+}
+
+// RTPWriter is used by Interceptor.BindLocalStream.
+type RTPWriter interface {
+	// Write a rtp packet
+	Write(header *rtp.Header, payload []byte, attributes Attributes) (int, error)
+}
+
+// RTPReader is used by Interceptor.BindRemoteStream.
+type RTPReader interface {
+	// Read a rtp packet
+	Read([]byte, Attributes) (int, Attributes, error)
+}
+
+// RTCPWriter is used by Interceptor.BindRTCPWriter.
+type RTCPWriter interface {
+	// Write a batch of rtcp packets
+	Write(pkts []rtcp.Packet, attributes Attributes) (int, error)
+}
+
+// RTCPReader is used by Interceptor.BindRTCPReader.
+type RTCPReader interface {
+	// Read a batch of rtcp packets
+	Read([]byte, Attributes) (int, Attributes, error)
+}
+
+// Attributes are a generic key/value store used by interceptors
+type Attributes map[interface{}]interface{}
+
+// RTPWriterFunc is an adapter for RTPWrite interface
+type RTPWriterFunc func(header *rtp.Header, payload []byte, attributes Attributes) (int, error)
+
+// RTPReaderFunc is an adapter for RTPReader interface
+type RTPReaderFunc func([]byte, Attributes) (int, Attributes, error)
+
+// RTCPWriterFunc is an adapter for RTCPWriter interface
+type RTCPWriterFunc func(pkts []rtcp.Packet, attributes Attributes) (int, error)
+
+// RTCPReaderFunc is an adapter for RTCPReader interface
+type RTCPReaderFunc func([]byte, Attributes) (int, Attributes, error)
+
+// Write a rtp packet
+func (f RTPWriterFunc) Write(header *rtp.Header, payload []byte, attributes Attributes) (int, error) {
+	return f(header, payload, attributes)
+}
+
+// Read a rtp packet
+func (f RTPReaderFunc) Read(b []byte, a Attributes) (int, Attributes, error) {
+	return f(b, a)
+}
+
+// Write a batch of rtcp packets
+func (f RTCPWriterFunc) Write(pkts []rtcp.Packet, attributes Attributes) (int, error) {
+	return f(pkts, attributes)
+}
+
+// Read a batch of rtcp packets
+func (f RTCPReaderFunc) Read(b []byte, a Attributes) (int, Attributes, error) {
+	return f(b, a)
+}
+
+// Get returns the attribute associated with key.
+func (a Attributes) Get(key interface{}) interface{} {
+	return a[key]
+}
+
+// Set sets the attribute associated with key to the given value.
+func (a Attributes) Set(key interface{}, val interface{}) {
+	a[key] = val
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/noop.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/noop.go
new file mode 100644
index 000000000..2dc4e8e2e
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/noop.go
@@ -0,0 +1,40 @@
+package interceptor
+
+// NoOp is an Interceptor that does not modify any packets. It can embedded in other interceptors, so it's
+// possible to implement only a subset of the methods.
+type NoOp struct{}
+
+// BindRTCPReader lets you modify any incoming RTCP packets. It is called once per sender/receiver, however this might
+// change in the future. The returned method will be called once per packet batch.
+func (i *NoOp) BindRTCPReader(reader RTCPReader) RTCPReader {
+	return reader
+}
+
+// BindRTCPWriter lets you modify any outgoing RTCP packets. It is called once per PeerConnection. The returned method
+// will be called once per packet batch.
+func (i *NoOp) BindRTCPWriter(writer RTCPWriter) RTCPWriter {
+	return writer
+}
+
+// BindLocalStream lets you modify any outgoing RTP packets. It is called once for per LocalStream. The returned method
+// will be called once per rtp packet.
+func (i *NoOp) BindLocalStream(_ *StreamInfo, writer RTPWriter) RTPWriter {
+	return writer
+}
+
+// UnbindLocalStream is called when the Stream is removed. It can be used to clean up any data related to that track.
+func (i *NoOp) UnbindLocalStream(_ *StreamInfo) {}
+
+// BindRemoteStream lets you modify any incoming RTP packets. It is called once for per RemoteStream. The returned method
+// will be called once per rtp packet.
+func (i *NoOp) BindRemoteStream(_ *StreamInfo, reader RTPReader) RTPReader {
+	return reader
+}
+
+// UnbindRemoteStream is called when the Stream is removed. It can be used to clean up any data related to that track.
+func (i *NoOp) UnbindRemoteStream(_ *StreamInfo) {}
+
+// Close closes the Interceptor, cleaning up any data if necessary.
+func (i *NoOp) Close() error {
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/pkg/nack/errors.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/pkg/nack/errors.go
new file mode 100644
index 000000000..bbfc77361
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/pkg/nack/errors.go
@@ -0,0 +1,6 @@
+package nack
+
+import "errors"
+
+// ErrInvalidSize is returned by newReceiveLog/newSendBuffer, when an incorrect buffer size is supplied.
+var ErrInvalidSize = errors.New("invalid buffer size")
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/pkg/nack/generator_interceptor.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/pkg/nack/generator_interceptor.go
new file mode 100644
index 000000000..447a9490a
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/pkg/nack/generator_interceptor.go
@@ -0,0 +1,162 @@
+package nack
+
+import (
+	"math/rand"
+	"sync"
+	"time"
+
+	"github.com/pion/interceptor"
+	"github.com/pion/logging"
+	"github.com/pion/rtcp"
+	"github.com/pion/rtp"
+)
+
+// GeneratorInterceptor interceptor generates nack feedback messages.
+type GeneratorInterceptor struct {
+	interceptor.NoOp
+	size      uint16
+	skipLastN uint16
+	interval  time.Duration
+	m         sync.Mutex
+	wg        sync.WaitGroup
+	close     chan struct{}
+	log       logging.LeveledLogger
+
+	receiveLogs   map[uint32]*receiveLog
+	receiveLogsMu sync.Mutex
+}
+
+// NewGeneratorInterceptor returns a new GeneratorInterceptor interceptor
+func NewGeneratorInterceptor(opts ...GeneratorOption) (*GeneratorInterceptor, error) {
+	r := &GeneratorInterceptor{
+		size:        8192,
+		skipLastN:   0,
+		interval:    time.Millisecond * 100,
+		receiveLogs: map[uint32]*receiveLog{},
+		close:       make(chan struct{}),
+		log:         logging.NewDefaultLoggerFactory().NewLogger("nack_generator"),
+	}
+
+	for _, opt := range opts {
+		if err := opt(r); err != nil {
+			return nil, err
+		}
+	}
+
+	if _, err := newReceiveLog(r.size); err != nil {
+		return nil, err
+	}
+
+	return r, nil
+}
+
+// BindRTCPWriter lets you modify any outgoing RTCP packets. It is called once per PeerConnection. The returned method
+// will be called once per packet batch.
+func (n *GeneratorInterceptor) BindRTCPWriter(writer interceptor.RTCPWriter) interceptor.RTCPWriter {
+	n.m.Lock()
+	defer n.m.Unlock()
+
+	if n.isClosed() {
+		return writer
+	}
+
+	n.wg.Add(1)
+
+	go n.loop(writer)
+
+	return writer
+}
+
+// BindRemoteStream lets you modify any incoming RTP packets. It is called once for per RemoteStream. The returned method
+// will be called once per rtp packet.
+func (n *GeneratorInterceptor) BindRemoteStream(info *interceptor.StreamInfo, reader interceptor.RTPReader) interceptor.RTPReader {
+	if !streamSupportNack(info) {
+		return reader
+	}
+
+	// error is already checked in NewGeneratorInterceptor
+	receiveLog, _ := newReceiveLog(n.size)
+	n.receiveLogsMu.Lock()
+	n.receiveLogs[info.SSRC] = receiveLog
+	n.receiveLogsMu.Unlock()
+
+	return interceptor.RTPReaderFunc(func(b []byte, a interceptor.Attributes) (int, interceptor.Attributes, error) {
+		i, attr, err := reader.Read(b, a)
+		if err != nil {
+			return 0, nil, err
+		}
+
+		pkt := rtp.Packet{}
+		if err = pkt.Unmarshal(b[:i]); err != nil {
+			return 0, nil, err
+		}
+		receiveLog.add(pkt.Header.SequenceNumber)
+
+		return i, attr, nil
+	})
+}
+
+// UnbindLocalStream is called when the Stream is removed. It can be used to clean up any data related to that track.
+func (n *GeneratorInterceptor) UnbindLocalStream(info *interceptor.StreamInfo) {
+	n.receiveLogsMu.Lock()
+	delete(n.receiveLogs, info.SSRC)
+	n.receiveLogsMu.Unlock()
+}
+
+// Close closes the interceptor
+func (n *GeneratorInterceptor) Close() error {
+	defer n.wg.Wait()
+	n.m.Lock()
+	defer n.m.Unlock()
+
+	if !n.isClosed() {
+		close(n.close)
+	}
+
+	return nil
+}
+
+func (n *GeneratorInterceptor) loop(rtcpWriter interceptor.RTCPWriter) {
+	defer n.wg.Done()
+
+	senderSSRC := rand.Uint32() // #nosec
+
+	ticker := time.NewTicker(n.interval)
+	for {
+		select {
+		case <-ticker.C:
+			func() {
+				n.receiveLogsMu.Lock()
+				defer n.receiveLogsMu.Unlock()
+
+				for ssrc, receiveLog := range n.receiveLogs {
+					missing := receiveLog.missingSeqNumbers(n.skipLastN)
+					if len(missing) == 0 {
+						continue
+					}
+
+					nack := &rtcp.TransportLayerNack{
+						SenderSSRC: senderSSRC,
+						MediaSSRC:  ssrc,
+						Nacks:      rtcp.NackPairsFromSequenceNumbers(missing),
+					}
+
+					if _, err := rtcpWriter.Write([]rtcp.Packet{nack}, interceptor.Attributes{}); err != nil {
+						n.log.Warnf("failed sending nack: %+v", err)
+					}
+				}
+			}()
+		case <-n.close:
+			return
+		}
+	}
+}
+
+func (n *GeneratorInterceptor) isClosed() bool {
+	select {
+	case <-n.close:
+		return true
+	default:
+		return false
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/pkg/nack/generator_option.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/pkg/nack/generator_option.go
new file mode 100644
index 000000000..092f5db92
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/pkg/nack/generator_option.go
@@ -0,0 +1,44 @@
+package nack
+
+import (
+	"time"
+
+	"github.com/pion/logging"
+)
+
+// GeneratorOption can be used to configure GeneratorInterceptor
+type GeneratorOption func(r *GeneratorInterceptor) error
+
+// GeneratorSize sets the size of the interceptor.
+// Size must be one of: 64, 128, 256, 512, 1024, 2048, 4096, 8192, 16384, 32768
+func GeneratorSize(size uint16) GeneratorOption {
+	return func(r *GeneratorInterceptor) error {
+		r.size = size
+		return nil
+	}
+}
+
+// GeneratorSkipLastN sets the number of packets (n-1 packets before the last received packets) to ignore when generating
+// nack requests.
+func GeneratorSkipLastN(skipLastN uint16) GeneratorOption {
+	return func(r *GeneratorInterceptor) error {
+		r.skipLastN = skipLastN
+		return nil
+	}
+}
+
+// GeneratorLog sets a logger for the interceptor
+func GeneratorLog(log logging.LeveledLogger) GeneratorOption {
+	return func(r *GeneratorInterceptor) error {
+		r.log = log
+		return nil
+	}
+}
+
+// GeneratorInterval sets the nack send interval for the interceptor
+func GeneratorInterval(interval time.Duration) GeneratorOption {
+	return func(r *GeneratorInterceptor) error {
+		r.interval = interval
+		return nil
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/pkg/nack/nack.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/pkg/nack/nack.go
new file mode 100644
index 000000000..a658e7f39
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/pkg/nack/nack.go
@@ -0,0 +1,14 @@
+// Package nack provides interceptors to implement sending and receiving negative acknowledgements
+package nack
+
+import "github.com/pion/interceptor"
+
+func streamSupportNack(info *interceptor.StreamInfo) bool {
+	for _, fb := range info.RTCPFeedback {
+		if fb.Type == "nack" && fb.Parameter == "" {
+			return true
+		}
+	}
+
+	return false
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/pkg/nack/receive_log.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/pkg/nack/receive_log.go
new file mode 100644
index 000000000..8107f59a2
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/pkg/nack/receive_log.go
@@ -0,0 +1,134 @@
+package nack
+
+import (
+	"fmt"
+	"sync"
+)
+
+type receiveLog struct {
+	packets         []uint64
+	size            uint16
+	end             uint16
+	started         bool
+	lastConsecutive uint16
+	m               sync.RWMutex
+}
+
+func newReceiveLog(size uint16) (*receiveLog, error) {
+	allowedSizes := make([]uint16, 0)
+	correctSize := false
+	for i := 6; i < 16; i++ {
+		if size == 1<<i {
+			correctSize = true
+			break
+		}
+		allowedSizes = append(allowedSizes, 1<<i)
+	}
+
+	if !correctSize {
+		return nil, fmt.Errorf("%w: %d is not a valid size, allowed sizes: %v", ErrInvalidSize, size, allowedSizes)
+	}
+
+	return &receiveLog{
+		packets: make([]uint64, size/64),
+		size:    size,
+	}, nil
+}
+
+func (s *receiveLog) add(seq uint16) {
+	s.m.Lock()
+	defer s.m.Unlock()
+
+	if !s.started {
+		s.setReceived(seq)
+		s.end = seq
+		s.started = true
+		s.lastConsecutive = seq
+		return
+	}
+
+	diff := seq - s.end
+	switch {
+	case diff == 0:
+		return
+	case diff < uint16SizeHalf:
+		// this means a positive diff, in other words seq > end (with counting for rollovers)
+		for i := s.end + 1; i != seq; i++ {
+			// clear packets between end and seq (these may contain packets from a "size" ago)
+			s.delReceived(i)
+		}
+		s.end = seq
+
+		if s.lastConsecutive+1 == seq {
+			s.lastConsecutive = seq
+		} else if seq-s.lastConsecutive > s.size {
+			s.lastConsecutive = seq - s.size
+			s.fixLastConsecutive() // there might be valid packets at the beginning of the buffer now
+		}
+	case s.lastConsecutive+1 == seq:
+		// negative diff, seq < end (with counting for rollovers)
+		s.lastConsecutive = seq
+		s.fixLastConsecutive() // there might be other valid packets after seq
+	}
+
+	s.setReceived(seq)
+}
+
+func (s *receiveLog) get(seq uint16) bool {
+	s.m.RLock()
+	defer s.m.RUnlock()
+
+	diff := s.end - seq
+	if diff >= uint16SizeHalf {
+		return false
+	}
+
+	if diff >= s.size {
+		return false
+	}
+
+	return s.getReceived(seq)
+}
+
+func (s *receiveLog) missingSeqNumbers(skipLastN uint16) []uint16 {
+	s.m.RLock()
+	defer s.m.RUnlock()
+
+	until := s.end - skipLastN
+	if until-s.lastConsecutive >= uint16SizeHalf {
+		// until < s.lastConsecutive (counting for rollover)
+		return nil
+	}
+
+	missingPacketSeqNums := make([]uint16, 0)
+	for i := s.lastConsecutive + 1; i != until+1; i++ {
+		if !s.getReceived(i) {
+			missingPacketSeqNums = append(missingPacketSeqNums, i)
+		}
+	}
+
+	return missingPacketSeqNums
+}
+
+func (s *receiveLog) setReceived(seq uint16) {
+	pos := seq % s.size
+	s.packets[pos/64] |= 1 << (pos % 64)
+}
+
+func (s *receiveLog) delReceived(seq uint16) {
+	pos := seq % s.size
+	s.packets[pos/64] &^= 1 << (pos % 64)
+}
+
+func (s *receiveLog) getReceived(seq uint16) bool {
+	pos := seq % s.size
+	return (s.packets[pos/64] & (1 << (pos % 64))) != 0
+}
+
+func (s *receiveLog) fixLastConsecutive() {
+	i := s.lastConsecutive + 1
+	for ; i != s.end+1 && s.getReceived(i); i++ {
+		// find all consecutive packets
+	}
+	s.lastConsecutive = i - 1
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/pkg/nack/responder_interceptor.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/pkg/nack/responder_interceptor.go
new file mode 100644
index 000000000..121657e4d
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/pkg/nack/responder_interceptor.go
@@ -0,0 +1,119 @@
+package nack
+
+import (
+	"sync"
+
+	"github.com/pion/interceptor"
+	"github.com/pion/logging"
+	"github.com/pion/rtcp"
+	"github.com/pion/rtp"
+)
+
+// ResponderInterceptor responds to nack feedback messages
+type ResponderInterceptor struct {
+	interceptor.NoOp
+	size uint16
+	log  logging.LeveledLogger
+
+	streams   map[uint32]*localStream
+	streamsMu sync.Mutex
+}
+
+type localStream struct {
+	sendBuffer *sendBuffer
+	rtpWriter  interceptor.RTPWriter
+}
+
+// NewResponderInterceptor returns a new GeneratorInterceptor interceptor
+func NewResponderInterceptor(opts ...ResponderOption) (*ResponderInterceptor, error) {
+	r := &ResponderInterceptor{
+		size:    8192,
+		log:     logging.NewDefaultLoggerFactory().NewLogger("nack_responder"),
+		streams: map[uint32]*localStream{},
+	}
+
+	for _, opt := range opts {
+		if err := opt(r); err != nil {
+			return nil, err
+		}
+	}
+
+	if _, err := newSendBuffer(r.size); err != nil {
+		return nil, err
+	}
+
+	return r, nil
+}
+
+// BindRTCPReader lets you modify any incoming RTCP packets. It is called once per sender/receiver, however this might
+// change in the future. The returned method will be called once per packet batch.
+func (n *ResponderInterceptor) BindRTCPReader(reader interceptor.RTCPReader) interceptor.RTCPReader {
+	return interceptor.RTCPReaderFunc(func(b []byte, a interceptor.Attributes) (int, interceptor.Attributes, error) {
+		i, attr, err := reader.Read(b, a)
+		if err != nil {
+			return 0, nil, err
+		}
+
+		pkts, err := rtcp.Unmarshal(b[:i])
+		if err != nil {
+			return 0, nil, err
+		}
+		for _, rtcpPacket := range pkts {
+			nack, ok := rtcpPacket.(*rtcp.TransportLayerNack)
+			if !ok {
+				continue
+			}
+
+			go n.resendPackets(nack)
+		}
+
+		return i, attr, err
+	})
+}
+
+// BindLocalStream lets you modify any outgoing RTP packets. It is called once for per LocalStream. The returned method
+// will be called once per rtp packet.
+func (n *ResponderInterceptor) BindLocalStream(info *interceptor.StreamInfo, writer interceptor.RTPWriter) interceptor.RTPWriter {
+	if !streamSupportNack(info) {
+		return writer
+	}
+
+	// error is already checked in NewGeneratorInterceptor
+	sendBuffer, _ := newSendBuffer(n.size)
+	n.streamsMu.Lock()
+	n.streams[info.SSRC] = &localStream{sendBuffer: sendBuffer, rtpWriter: writer}
+	n.streamsMu.Unlock()
+
+	return interceptor.RTPWriterFunc(func(header *rtp.Header, payload []byte, attributes interceptor.Attributes) (int, error) {
+		sendBuffer.add(&rtp.Packet{Header: *header, Payload: payload})
+		return writer.Write(header, payload, attributes)
+	})
+}
+
+// UnbindLocalStream is called when the Stream is removed. It can be used to clean up any data related to that track.
+func (n *ResponderInterceptor) UnbindLocalStream(info *interceptor.StreamInfo) {
+	n.streamsMu.Lock()
+	delete(n.streams, info.SSRC)
+	n.streamsMu.Unlock()
+}
+
+func (n *ResponderInterceptor) resendPackets(nack *rtcp.TransportLayerNack) {
+	n.streamsMu.Lock()
+	stream, ok := n.streams[nack.MediaSSRC]
+	n.streamsMu.Unlock()
+	if !ok {
+		return
+	}
+
+	for i := range nack.Nacks {
+		nack.Nacks[i].Range(func(seq uint16) bool {
+			if p := stream.sendBuffer.get(seq); p != nil {
+				if _, err := stream.rtpWriter.Write(&p.Header, p.Payload, interceptor.Attributes{}); err != nil {
+					n.log.Warnf("failed resending nacked packet: %+v", err)
+				}
+			}
+
+			return true
+		})
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/pkg/nack/responder_option.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/pkg/nack/responder_option.go
new file mode 100644
index 000000000..7ad52c8ad
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/pkg/nack/responder_option.go
@@ -0,0 +1,23 @@
+package nack
+
+import "github.com/pion/logging"
+
+// ResponderOption can be used to configure ResponderInterceptor
+type ResponderOption func(s *ResponderInterceptor) error
+
+// ResponderSize sets the size of the interceptor.
+// Size must be one of: 1, 2, 4, 8, 16, 32, 64, 128, 256, 512, 1024, 2048, 4096, 8192, 16384, 32768
+func ResponderSize(size uint16) ResponderOption {
+	return func(r *ResponderInterceptor) error {
+		r.size = size
+		return nil
+	}
+}
+
+// ResponderLog sets a logger for the interceptor
+func ResponderLog(log logging.LeveledLogger) ResponderOption {
+	return func(r *ResponderInterceptor) error {
+		r.log = log
+		return nil
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/pkg/nack/send_buffer.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/pkg/nack/send_buffer.go
new file mode 100644
index 000000000..cf3f020ef
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/pkg/nack/send_buffer.go
@@ -0,0 +1,74 @@
+package nack
+
+import (
+	"fmt"
+
+	"github.com/pion/rtp"
+)
+
+const (
+	uint16SizeHalf = 1 << 15
+)
+
+type sendBuffer struct {
+	packets   []*rtp.Packet
+	size      uint16
+	lastAdded uint16
+	started   bool
+}
+
+func newSendBuffer(size uint16) (*sendBuffer, error) {
+	allowedSizes := make([]uint16, 0)
+	correctSize := false
+	for i := 0; i < 16; i++ {
+		if size == 1<<i {
+			correctSize = true
+			break
+		}
+		allowedSizes = append(allowedSizes, 1<<i)
+	}
+
+	if !correctSize {
+		return nil, fmt.Errorf("%w: %d is not a valid size, allowed sizes: %v", ErrInvalidSize, size, allowedSizes)
+	}
+
+	return &sendBuffer{
+		packets: make([]*rtp.Packet, size),
+		size:    size,
+	}, nil
+}
+
+func (s *sendBuffer) add(packet *rtp.Packet) {
+	seq := packet.SequenceNumber
+	if !s.started {
+		s.packets[seq%s.size] = packet
+		s.lastAdded = seq
+		s.started = true
+		return
+	}
+
+	diff := seq - s.lastAdded
+	if diff == 0 {
+		return
+	} else if diff < uint16SizeHalf {
+		for i := s.lastAdded + 1; i != seq; i++ {
+			s.packets[i%s.size] = nil
+		}
+	}
+
+	s.packets[seq%s.size] = packet
+	s.lastAdded = seq
+}
+
+func (s *sendBuffer) get(seq uint16) *rtp.Packet {
+	diff := s.lastAdded - seq
+	if diff >= uint16SizeHalf {
+		return nil
+	}
+
+	if diff >= s.size {
+		return nil
+	}
+
+	return s.packets[seq%s.size]
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/registry.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/registry.go
new file mode 100644
index 000000000..d3eed3bf2
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/registry.go
@@ -0,0 +1,20 @@
+package interceptor
+
+// Registry is a collector for interceptors.
+type Registry struct {
+	interceptors []Interceptor
+}
+
+// Add adds a new Interceptor to the registry.
+func (i *Registry) Add(icpr Interceptor) {
+	i.interceptors = append(i.interceptors, icpr)
+}
+
+// Build constructs a single Interceptor from a InterceptorRegistry
+func (i *Registry) Build() Interceptor {
+	if len(i.interceptors) == 0 {
+		return &NoOp{}
+	}
+
+	return NewChain(i.interceptors)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/renovate.json b/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/renovate.json
new file mode 100644
index 000000000..4400fd9b2
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/renovate.json
@@ -0,0 +1,15 @@
+{
+  "extends": [
+    "config:base"
+  ],
+  "postUpdateOptions": [
+    "gomodTidy"
+  ],
+  "commitBody": "Generated by renovateBot",
+  "packageRules": [
+    {
+      "packagePatterns": ["^golang.org/x/"],
+      "schedule": ["on the first day of the month"]
+    }
+  ]
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/streaminfo.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/streaminfo.go
new file mode 100644
index 000000000..956fa5306
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/interceptor/streaminfo.go
@@ -0,0 +1,34 @@
+package interceptor
+
+// RTPHeaderExtension represents a negotiated RFC5285 RTP header extension.
+type RTPHeaderExtension struct {
+	URI string
+	ID  int
+}
+
+// StreamInfo is the Context passed when a StreamLocal or StreamRemote has been Binded or Unbinded
+type StreamInfo struct {
+	ID                  string
+	Attributes          Attributes
+	SSRC                uint32
+	PayloadType         uint8
+	RTPHeaderExtensions []RTPHeaderExtension
+	MimeType            string
+	ClockRate           uint32
+	Channels            uint16
+	SDPFmtpLine         string
+	RTCPFeedback        []RTCPFeedback
+}
+
+// RTCPFeedback signals the connection to use additional RTCP packet types.
+// https://draft.ortc.org/#dom-rtcrtcpfeedback
+type RTCPFeedback struct {
+	// Type is the type of feedback.
+	// see: https://draft.ortc.org/#dom-rtcrtcpfeedback
+	// valid: ack, ccm, nack, goog-remb, transport-cc
+	Type string
+
+	// The parameter value depends on the type.
+	// For example, type="nack" parameter="pli" will send Picture Loss Indicator packets.
+	Parameter string
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/logging/.golangci.yml b/trunk/3rdparty/srs-bench/vendor/github.com/pion/logging/.golangci.yml
new file mode 100644
index 000000000..ffb0058e6
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/logging/.golangci.yml
@@ -0,0 +1,13 @@
+linters-settings:
+  govet:
+    check-shadowing: true
+  misspell:
+    locale: US
+
+linters:
+  enable-all: true
+
+issues:
+  exclude-use-default: false
+  max-per-linter: 0
+  max-same-issues: 50
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/logging/.travis.yml b/trunk/3rdparty/srs-bench/vendor/github.com/pion/logging/.travis.yml
new file mode 100644
index 000000000..b96a1edb9
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/logging/.travis.yml
@@ -0,0 +1,19 @@
+language: go
+
+go:
+  - "1.x" # use the latest Go release
+
+env:
+  - GO111MODULE=on
+
+before_script:
+  - curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | bash -s -- -b $GOPATH/bin v1.15.0
+
+script:
+  - golangci-lint run ./...
+#  - rm -rf examples # Remove examples, no test coverage for them
+  - go test -coverpkg=$(go list ./... | tr '\n' ',') -coverprofile=cover.out -v -race -covermode=atomic ./...
+  - bash <(curl -s https://codecov.io/bash)
+  - bash .github/assert-contributors.sh
+  - bash .github/lint-disallowed-functions-in-library.sh
+  - bash .github/lint-commit-message.sh
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/logging/LICENSE b/trunk/3rdparty/srs-bench/vendor/github.com/pion/logging/LICENSE
new file mode 100644
index 000000000..ab602974d
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/logging/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2018 
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/logging/README.md b/trunk/3rdparty/srs-bench/vendor/github.com/pion/logging/README.md
new file mode 100644
index 000000000..c15471d61
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/logging/README.md
@@ -0,0 +1,41 @@
+<h1 align="center">
+  <br>
+  Pion Logging
+  <br>
+</h1>
+<h4 align="center">The Pion logging library</h4>
+<p align="center">
+  <a href="https://pion.ly"><img src="https://img.shields.io/badge/pion-logging-gray.svg?longCache=true&colorB=brightgreen" alt="Pion transport"></a>
+  <a href="http://gophers.slack.com/messages/pion"><img src="https://img.shields.io/badge/join-us%20on%20slack-gray.svg?longCache=true&logo=slack&colorB=brightgreen" alt="Slack Widget"></a>
+  <br>
+  <a href="https://travis-ci.org/pion/logging"><img src="https://travis-ci.org/pion/logging.svg?branch=master" alt="Build Status"></a>
+  <a href="https://godoc.org/github.com/pion/logging"><img src="https://godoc.org/github.com/pion/logging?status.svg" alt="GoDoc"></a>
+  <a href="https://codecov.io/gh/pion/logging"><img src="https://codecov.io/gh/pion/logging/branch/master/graph/badge.svg" alt="Coverage Status"></a>
+  <a href="https://goreportcard.com/report/github.com/pion/logging"><img src="https://goreportcard.com/badge/github.com/pion/logging" alt="Go Report Card"></a>
+  <a href="LICENSE"><img src="https://img.shields.io/badge/License-MIT-yellow.svg" alt="License: MIT"></a>
+</p>
+<br>
+
+### Roadmap
+The library is used as a part of our WebRTC implementation. Please refer to that [roadmap](https://github.com/pion/webrtc/issues/9) to track our major milestones.
+
+### Community
+Pion has an active community on the [Golang Slack](https://invite.slack.golangbridge.org/). Sign up and join the **#pion** channel for discussions and support. You can also use [Pion mailing list](https://groups.google.com/forum/#!forum/pion).
+
+We are always looking to support **your projects**. Please reach out if you have something to build!
+
+If you need commercial support or don't want to use public methods you can contact us at [team@pion.ly](mailto:team@pion.ly)
+
+### Contributing
+Check out the **[contributing wiki](https://github.com/pion/webrtc/wiki/Contributing)** to join the group of amazing people making this project possible:
+
+* [John Bradley](https://github.com/kc5nra) - *Original Author*
+* [Sean DuBois](https://github.com/Sean-Der) - *Original Author*
+* [Michael MacDonald](https://github.com/mjmac) - *Original Author*
+* [Woodrow Douglass](https://github.com/wdouglass) - *Test coverage*
+* [Michiel De Backker](https://github.com/backkem) - *Docs*
+* [Hugo Arregui](https://github.com/hugoArregui) - *Custom Logs*
+* [Justin Okamoto](https://github.com/justinokamoto) - *Disabled Logs Update*
+
+### License
+MIT License - see [LICENSE](LICENSE) for full text
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/logging/go.mod b/trunk/3rdparty/srs-bench/vendor/github.com/pion/logging/go.mod
new file mode 100644
index 000000000..a1b849bff
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/logging/go.mod
@@ -0,0 +1,3 @@
+module github.com/pion/logging
+
+go 1.12
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/logging/go.sum b/trunk/3rdparty/srs-bench/vendor/github.com/pion/logging/go.sum
new file mode 100644
index 000000000..e69de29bb
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/logging/logger.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/logging/logger.go
new file mode 100644
index 000000000..35f650581
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/logging/logger.go
@@ -0,0 +1,228 @@
+package logging
+
+import (
+	"fmt"
+	"io"
+	"log"
+	"os"
+	"strings"
+	"sync"
+)
+
+// Use this abstraction to ensure thread-safe access to the logger's io.Writer
+// (which could change at runtime)
+type loggerWriter struct {
+	sync.RWMutex
+	output io.Writer
+}
+
+func (lw *loggerWriter) SetOutput(output io.Writer) {
+	lw.Lock()
+	defer lw.Unlock()
+	lw.output = output
+}
+
+func (lw *loggerWriter) Write(data []byte) (int, error) {
+	lw.RLock()
+	defer lw.RUnlock()
+	return lw.output.Write(data)
+}
+
+// DefaultLeveledLogger encapsulates functionality for providing logging at
+// user-defined levels
+type DefaultLeveledLogger struct {
+	level  LogLevel
+	writer *loggerWriter
+	trace  *log.Logger
+	debug  *log.Logger
+	info   *log.Logger
+	warn   *log.Logger
+	err    *log.Logger
+}
+
+// WithTraceLogger is a chainable configuration function which sets the
+// Trace-level logger
+func (ll *DefaultLeveledLogger) WithTraceLogger(log *log.Logger) *DefaultLeveledLogger {
+	ll.trace = log
+	return ll
+}
+
+// WithDebugLogger is a chainable configuration function which sets the
+// Debug-level logger
+func (ll *DefaultLeveledLogger) WithDebugLogger(log *log.Logger) *DefaultLeveledLogger {
+	ll.debug = log
+	return ll
+}
+
+// WithInfoLogger is a chainable configuration function which sets the
+// Info-level logger
+func (ll *DefaultLeveledLogger) WithInfoLogger(log *log.Logger) *DefaultLeveledLogger {
+	ll.info = log
+	return ll
+}
+
+// WithWarnLogger is a chainable configuration function which sets the
+// Warn-level logger
+func (ll *DefaultLeveledLogger) WithWarnLogger(log *log.Logger) *DefaultLeveledLogger {
+	ll.warn = log
+	return ll
+}
+
+// WithErrorLogger is a chainable configuration function which sets the
+// Error-level logger
+func (ll *DefaultLeveledLogger) WithErrorLogger(log *log.Logger) *DefaultLeveledLogger {
+	ll.err = log
+	return ll
+}
+
+// WithOutput is a chainable configuration function which sets the logger's
+// logging output to the supplied io.Writer
+func (ll *DefaultLeveledLogger) WithOutput(output io.Writer) *DefaultLeveledLogger {
+	ll.writer.SetOutput(output)
+	return ll
+}
+
+func (ll *DefaultLeveledLogger) logf(logger *log.Logger, level LogLevel, format string, args ...interface{}) {
+	if ll.level.Get() < level {
+		return
+	}
+
+	callDepth := 3 // this frame + wrapper func + caller
+	msg := fmt.Sprintf(format, args...)
+	if err := logger.Output(callDepth, msg); err != nil {
+		fmt.Fprintf(os.Stderr, "Unable to log: %s", err)
+	}
+}
+
+// SetLevel sets the logger's logging level
+func (ll *DefaultLeveledLogger) SetLevel(newLevel LogLevel) {
+	ll.level.Set(newLevel)
+}
+
+// Trace emits the preformatted message if the logger is at or below LogLevelTrace
+func (ll *DefaultLeveledLogger) Trace(msg string) {
+	ll.logf(ll.trace, LogLevelTrace, msg)
+}
+
+// Tracef formats and emits a message if the logger is at or below LogLevelTrace
+func (ll *DefaultLeveledLogger) Tracef(format string, args ...interface{}) {
+	ll.logf(ll.trace, LogLevelTrace, format, args...)
+}
+
+// Debug emits the preformatted message if the logger is at or below LogLevelDebug
+func (ll *DefaultLeveledLogger) Debug(msg string) {
+	ll.logf(ll.debug, LogLevelDebug, msg)
+}
+
+// Debugf formats and emits a message if the logger is at or below LogLevelDebug
+func (ll *DefaultLeveledLogger) Debugf(format string, args ...interface{}) {
+	ll.logf(ll.debug, LogLevelDebug, format, args...)
+}
+
+// Info emits the preformatted message if the logger is at or below LogLevelInfo
+func (ll *DefaultLeveledLogger) Info(msg string) {
+	ll.logf(ll.info, LogLevelInfo, msg)
+}
+
+// Infof formats and emits a message if the logger is at or below LogLevelInfo
+func (ll *DefaultLeveledLogger) Infof(format string, args ...interface{}) {
+	ll.logf(ll.info, LogLevelInfo, format, args...)
+}
+
+// Warn emits the preformatted message if the logger is at or below LogLevelWarn
+func (ll *DefaultLeveledLogger) Warn(msg string) {
+	ll.logf(ll.warn, LogLevelWarn, msg)
+}
+
+// Warnf formats and emits a message if the logger is at or below LogLevelWarn
+func (ll *DefaultLeveledLogger) Warnf(format string, args ...interface{}) {
+	ll.logf(ll.warn, LogLevelWarn, format, args...)
+}
+
+// Error emits the preformatted message if the logger is at or below LogLevelError
+func (ll *DefaultLeveledLogger) Error(msg string) {
+	ll.logf(ll.err, LogLevelError, msg)
+}
+
+// Errorf formats and emits a message if the logger is at or below LogLevelError
+func (ll *DefaultLeveledLogger) Errorf(format string, args ...interface{}) {
+	ll.logf(ll.err, LogLevelError, format, args...)
+}
+
+// NewDefaultLeveledLoggerForScope returns a configured LeveledLogger
+func NewDefaultLeveledLoggerForScope(scope string, level LogLevel, writer io.Writer) *DefaultLeveledLogger {
+	if writer == nil {
+		writer = os.Stdout
+	}
+	logger := &DefaultLeveledLogger{
+		writer: &loggerWriter{output: writer},
+		level:  level,
+	}
+	return logger.
+		WithTraceLogger(log.New(logger.writer, fmt.Sprintf("%s TRACE: ", scope), log.Lmicroseconds|log.Lshortfile)).
+		WithDebugLogger(log.New(logger.writer, fmt.Sprintf("%s DEBUG: ", scope), log.Lmicroseconds|log.Lshortfile)).
+		WithInfoLogger(log.New(logger.writer, fmt.Sprintf("%s INFO: ", scope), log.LstdFlags)).
+		WithWarnLogger(log.New(logger.writer, fmt.Sprintf("%s WARNING: ", scope), log.LstdFlags)).
+		WithErrorLogger(log.New(logger.writer, fmt.Sprintf("%s ERROR: ", scope), log.LstdFlags))
+}
+
+// DefaultLoggerFactory define levels by scopes and creates new DefaultLeveledLogger
+type DefaultLoggerFactory struct {
+	Writer          io.Writer
+	DefaultLogLevel LogLevel
+	ScopeLevels     map[string]LogLevel
+}
+
+// NewDefaultLoggerFactory creates a new DefaultLoggerFactory
+func NewDefaultLoggerFactory() *DefaultLoggerFactory {
+	factory := DefaultLoggerFactory{}
+	factory.DefaultLogLevel = LogLevelError
+	factory.ScopeLevels = make(map[string]LogLevel)
+	factory.Writer = os.Stdout
+
+	logLevels := map[string]LogLevel{
+		"DISABLE": LogLevelDisabled,
+		"ERROR":   LogLevelError,
+		"WARN":    LogLevelWarn,
+		"INFO":    LogLevelInfo,
+		"DEBUG":   LogLevelDebug,
+		"TRACE":   LogLevelTrace,
+	}
+
+	for name, level := range logLevels {
+		env := os.Getenv(fmt.Sprintf("PION_LOG_%s", name))
+
+		if env == "" {
+			env = os.Getenv(fmt.Sprintf("PIONS_LOG_%s", name))
+		}
+
+		if env == "" {
+			continue
+		}
+
+		if strings.ToLower(env) == "all" {
+			factory.DefaultLogLevel = level
+			continue
+		}
+
+		scopes := strings.Split(strings.ToLower(env), ",")
+		for _, scope := range scopes {
+			factory.ScopeLevels[scope] = level
+		}
+	}
+
+	return &factory
+}
+
+// NewLogger returns a configured LeveledLogger for the given , argsscope
+func (f *DefaultLoggerFactory) NewLogger(scope string) LeveledLogger {
+	logLevel := f.DefaultLogLevel
+	if f.ScopeLevels != nil {
+		scopeLevel, found := f.ScopeLevels[scope]
+
+		if found {
+			logLevel = scopeLevel
+		}
+	}
+	return NewDefaultLeveledLoggerForScope(scope, logLevel, f.Writer)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/logging/scoped.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/logging/scoped.go
new file mode 100644
index 000000000..678bab426
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/logging/scoped.go
@@ -0,0 +1,72 @@
+package logging
+
+import (
+	"sync/atomic"
+)
+
+// LogLevel represents the level at which the logger will emit log messages
+type LogLevel int32
+
+// Set updates the LogLevel to the supplied value
+func (ll *LogLevel) Set(newLevel LogLevel) {
+	atomic.StoreInt32((*int32)(ll), int32(newLevel))
+}
+
+// Get retrieves the current LogLevel value
+func (ll *LogLevel) Get() LogLevel {
+	return LogLevel(atomic.LoadInt32((*int32)(ll)))
+}
+
+func (ll LogLevel) String() string {
+	switch ll {
+	case LogLevelDisabled:
+		return "Disabled"
+	case LogLevelError:
+		return "Error"
+	case LogLevelWarn:
+		return "Warn"
+	case LogLevelInfo:
+		return "Info"
+	case LogLevelDebug:
+		return "Debug"
+	case LogLevelTrace:
+		return "Trace"
+	default:
+		return "UNKNOWN"
+	}
+}
+
+const (
+	// LogLevelDisabled completely disables logging of any events
+	LogLevelDisabled LogLevel = iota
+	// LogLevelError is for fatal errors which should be handled by user code,
+	// but are logged to ensure that they are seen
+	LogLevelError
+	// LogLevelWarn is for logging abnormal, but non-fatal library operation
+	LogLevelWarn
+	// LogLevelInfo is for logging normal library operation (e.g. state transitions, etc.)
+	LogLevelInfo
+	// LogLevelDebug is for logging low-level library information (e.g. internal operations)
+	LogLevelDebug
+	// LogLevelTrace is for logging very low-level library information (e.g. network traces)
+	LogLevelTrace
+)
+
+// LeveledLogger is the basic pion Logger interface
+type LeveledLogger interface {
+	Trace(msg string)
+	Tracef(format string, args ...interface{})
+	Debug(msg string)
+	Debugf(format string, args ...interface{})
+	Info(msg string)
+	Infof(format string, args ...interface{})
+	Warn(msg string)
+	Warnf(format string, args ...interface{})
+	Error(msg string)
+	Errorf(format string, args ...interface{})
+}
+
+// LoggerFactory is the basic pion LoggerFactory interface
+type LoggerFactory interface {
+	NewLogger(scope string) LeveledLogger
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/mdns/.golangci.yml b/trunk/3rdparty/srs-bench/vendor/github.com/pion/mdns/.golangci.yml
new file mode 100644
index 000000000..fb2ff86d7
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/mdns/.golangci.yml
@@ -0,0 +1,13 @@
+linters-settings:
+  govet:
+    check-shadowing: true
+  misspell:
+    locale: US
+
+linters:
+  enable-all: true
+  disable:
+    - funlen
+
+issues:
+  exclude-use-default: false
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/mdns/.travis.yml b/trunk/3rdparty/srs-bench/vendor/github.com/pion/mdns/.travis.yml
new file mode 100644
index 000000000..5efedaf8b
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/mdns/.travis.yml
@@ -0,0 +1,19 @@
+language: go
+
+go:
+  - "1.x" # use the latest Go release
+
+env:
+  - GO111MODULE=on
+
+before_script:
+  - curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | bash -s -- -b $GOPATH/bin v1.18.0
+
+script:
+  - golangci-lint run ./...
+  - rm -rf examples # Remove examples, no test coverage for them
+  - go test -coverpkg=$(go list ./... | tr '\n' ',') -coverprofile=cover.out -v -race -covermode=atomic ./...
+  - bash <(curl -s https://codecov.io/bash)
+  - bash .github/assert-contributors.sh
+  - bash .github/lint-disallowed-functions-in-library.sh
+  - bash .github/lint-commit-message.sh
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/mdns/LICENSE b/trunk/3rdparty/srs-bench/vendor/github.com/pion/mdns/LICENSE
new file mode 100644
index 000000000..ab602974d
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/mdns/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2018 
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/mdns/README.md b/trunk/3rdparty/srs-bench/vendor/github.com/pion/mdns/README.md
new file mode 100644
index 000000000..0be76a7ff
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/mdns/README.md
@@ -0,0 +1,63 @@
+<h1 align="center">
+  <br>
+  Pion mDNS
+  <br>
+</h1>
+<h4 align="center">A Go implementation of mDNS</h4>
+<p align="center">
+  <a href="https://pion.ly"><img src="https://img.shields.io/badge/pion-mdns-gray.svg?longCache=true&colorB=brightgreen" alt="Pion mDNS"></a>
+  <a href="https://pion.ly/slack"><img src="https://img.shields.io/badge/join-us%20on%20slack-gray.svg?longCache=true&logo=slack&colorB=brightgreen" alt="Slack Widget"></a>
+  <br>
+  <a href="https://travis-ci.org/pion/mdns"><img src="https://travis-ci.org/pion/mdns.svg?branch=master" alt="Build Status"></a>
+  <a href="https://godoc.org/github.com/pion/mdns"><img src="https://godoc.org/github.com/pion/mdns?status.svg" alt="GoDoc"></a>
+  <a href="https://codecov.io/gh/pion/mdns"><img src="https://codecov.io/gh/pion/mdns/branch/master/graph/badge.svg" alt="Coverage Status"></a>
+  <a href="https://goreportcard.com/report/github.com/pion/mdns"><img src="https://goreportcard.com/badge/github.com/pion/mdns" alt="Go Report Card"></a>
+  <a href="LICENSE"><img src="https://img.shields.io/badge/License-MIT-yellow.svg" alt="License: MIT"></a>
+</p>
+<br>
+
+Go mDNS implementation. The original user is Pion WebRTC, but we would love to see it work for everyone.
+
+### Running Server
+For a mDNS server that responds to queries for `pion-test.local`
+```sh
+go run examples/listen/main.go
+```
+
+
+### Running Client
+To query using Pion you can run the `query` example
+```sh
+go run examples/query/main.go
+```
+
+You can use the macOS client
+```
+dns-sd -q pion-test.local
+```
+
+Or the avahi client
+```
+avahi-resolve -a pion-test.local
+```
+
+### References
+https://tools.ietf.org/html/rfc6762
+https://tools.ietf.org/id/draft-ietf-rtcweb-mdns-ice-candidates-02.html
+
+### Community
+Pion has an active community on the [Golang Slack](https://invite.slack.golangbridge.org/). Sign up and join the **#pion** channel for discussions and support. You can also use [Pion mailing list](https://groups.google.com/forum/#!forum/pion).
+
+We are always looking to support **your projects**. Please reach out if you have something to build!
+
+If you need commercial support or don't want to use public methods you can contact us at [team@pion.ly](mailto:team@pion.ly)
+
+### Contributing
+Check out the **[contributing wiki](https://github.com/pion/webrtc/wiki/Contributing)** to join the group of amazing people making this project possible:
+
+* [Sean DuBois](https://github.com/Sean-Der) - *Original Author*
+* [Konstantin Itskov](https://github.com/trivigy) - Contributor
+* [Hugo Arregui](https://github.com/hugoArregui)
+
+### License
+MIT License - see [LICENSE](LICENSE) for full text
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/mdns/config.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/mdns/config.go
new file mode 100644
index 000000000..ebfa4e5cd
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/mdns/config.go
@@ -0,0 +1,27 @@
+package mdns
+
+import (
+	"time"
+
+	"github.com/pion/logging"
+)
+
+const (
+	// DefaultAddress is the default used by mDNS
+	// and in most cases should be the address that the
+	// net.Conn passed to Server is bound to
+	DefaultAddress = "224.0.0.0:5353"
+)
+
+// Config is used to configure a mDNS client or server.
+type Config struct {
+	// QueryInterval controls how ofter we sends Queries until we
+	// get a response for the requested name
+	QueryInterval time.Duration
+
+	// LocalNames are the names that we will generate answers for
+	// when we get questions
+	LocalNames []string
+
+	LoggerFactory logging.LoggerFactory
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/mdns/conn.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/mdns/conn.go
new file mode 100644
index 000000000..a8aafb2a0
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/mdns/conn.go
@@ -0,0 +1,316 @@
+package mdns
+
+import (
+	"context"
+	"math/big"
+	"net"
+	"sync"
+	"time"
+
+	"github.com/pion/logging"
+	"golang.org/x/net/dns/dnsmessage"
+	"golang.org/x/net/ipv4"
+)
+
+// Conn represents a mDNS Server
+type Conn struct {
+	mu  sync.RWMutex
+	log logging.LeveledLogger
+
+	socket  *ipv4.PacketConn
+	dstAddr *net.UDPAddr
+
+	queryInterval time.Duration
+	localNames    []string
+	queries       []query
+
+	closed chan interface{}
+}
+
+type query struct {
+	nameWithSuffix  string
+	queryResultChan chan queryResult
+}
+
+type queryResult struct {
+	answer dnsmessage.ResourceHeader
+	addr   net.Addr
+}
+
+const (
+	inboundBufferSize    = 512
+	defaultQueryInterval = time.Second
+	destinationAddress   = "224.0.0.251:5353"
+	maxMessageRecords    = 3
+	responseTTL          = 120
+)
+
+// Server establishes a mDNS connection over an existing conn
+func Server(conn *ipv4.PacketConn, config *Config) (*Conn, error) {
+	if config == nil {
+		return nil, errNilConfig
+	}
+
+	ifaces, err := net.Interfaces()
+	if err != nil {
+		return nil, err
+	}
+
+	joinErrCount := 0
+	for i := range ifaces {
+		if err = conn.JoinGroup(&ifaces[i], &net.UDPAddr{IP: net.IPv4(224, 0, 0, 251)}); err != nil {
+			joinErrCount++
+		}
+	}
+	if joinErrCount >= len(ifaces) {
+		return nil, errJoiningMulticastGroup
+	}
+
+	dstAddr, err := net.ResolveUDPAddr("udp", destinationAddress)
+	if err != nil {
+		return nil, err
+
+	}
+
+	loggerFactory := config.LoggerFactory
+	if loggerFactory == nil {
+		loggerFactory = logging.NewDefaultLoggerFactory()
+	}
+
+	localNames := []string{}
+	for _, l := range config.LocalNames {
+		localNames = append(localNames, l+".")
+	}
+
+	c := &Conn{
+		queryInterval: defaultQueryInterval,
+		queries:       []query{},
+		socket:        conn,
+		dstAddr:       dstAddr,
+		localNames:    localNames,
+		log:           loggerFactory.NewLogger("mdns"),
+		closed:        make(chan interface{}),
+	}
+	if config.QueryInterval != 0 {
+		c.queryInterval = config.QueryInterval
+	}
+
+	go c.start()
+	return c, nil
+}
+
+// Close closes the mDNS Conn
+func (c *Conn) Close() error {
+	select {
+	case <-c.closed:
+		return nil
+	default:
+	}
+
+	if err := c.socket.Close(); err != nil {
+		return err
+	}
+
+	<-c.closed
+	return nil
+}
+
+// Query sends mDNS Queries for the following name until
+// either the Context is canceled/expires or we get a result
+func (c *Conn) Query(ctx context.Context, name string) (dnsmessage.ResourceHeader, net.Addr, error) {
+	select {
+	case <-c.closed:
+		return dnsmessage.ResourceHeader{}, nil, errConnectionClosed
+	default:
+	}
+
+	nameWithSuffix := name + "."
+
+	queryChan := make(chan queryResult, 1)
+	c.mu.Lock()
+	c.queries = append(c.queries, query{nameWithSuffix, queryChan})
+	ticker := time.NewTicker(c.queryInterval)
+	c.mu.Unlock()
+
+	c.sendQuestion(nameWithSuffix)
+	for {
+		select {
+		case <-ticker.C:
+			c.sendQuestion(nameWithSuffix)
+		case <-c.closed:
+			return dnsmessage.ResourceHeader{}, nil, errConnectionClosed
+		case res := <-queryChan:
+			return res.answer, res.addr, nil
+		case <-ctx.Done():
+			return dnsmessage.ResourceHeader{}, nil, errContextElapsed
+		}
+	}
+}
+
+func ipToBytes(ip net.IP) (out [4]byte) {
+	rawIP := ip.To4()
+	if rawIP == nil {
+		return
+	}
+
+	ipInt := big.NewInt(0)
+	ipInt.SetBytes(rawIP)
+	copy(out[:], ipInt.Bytes())
+	return
+}
+
+func interfaceForRemote(remote string) (net.IP, error) {
+	conn, err := net.Dial("udp", remote)
+	if err != nil {
+		return nil, err
+	}
+
+	localAddr := conn.LocalAddr().(*net.UDPAddr)
+	if err := conn.Close(); err != nil {
+		return nil, err
+	}
+
+	return localAddr.IP, nil
+}
+
+func (c *Conn) sendQuestion(name string) {
+	packedName, err := dnsmessage.NewName(name)
+	if err != nil {
+		c.log.Warnf("Failed to construct mDNS packet %v", err)
+		return
+	}
+
+	msg := dnsmessage.Message{
+		Header: dnsmessage.Header{},
+		Questions: []dnsmessage.Question{
+			{
+				Type:  dnsmessage.TypeA,
+				Class: dnsmessage.ClassINET,
+				Name:  packedName,
+			},
+		},
+	}
+
+	rawQuery, err := msg.Pack()
+	if err != nil {
+		c.log.Warnf("Failed to construct mDNS packet %v", err)
+		return
+	}
+
+	if _, err := c.socket.WriteTo(rawQuery, nil, c.dstAddr); err != nil {
+		c.log.Warnf("Failed to send mDNS packet %v", err)
+		return
+	}
+}
+
+func (c *Conn) sendAnswer(name string, dst net.IP) {
+	packedName, err := dnsmessage.NewName(name)
+	if err != nil {
+		c.log.Warnf("Failed to construct mDNS packet %v", err)
+		return
+	}
+
+	msg := dnsmessage.Message{
+		Header: dnsmessage.Header{
+			Response:      true,
+			Authoritative: true,
+		},
+		Answers: []dnsmessage.Resource{
+			{
+				Header: dnsmessage.ResourceHeader{
+					Type:  dnsmessage.TypeA,
+					Class: dnsmessage.ClassINET,
+					Name:  packedName,
+					TTL:   responseTTL,
+				},
+				Body: &dnsmessage.AResource{
+					A: ipToBytes(dst),
+				},
+			},
+		},
+	}
+
+	rawAnswer, err := msg.Pack()
+	if err != nil {
+		c.log.Warnf("Failed to construct mDNS packet %v", err)
+		return
+	}
+
+	if _, err := c.socket.WriteTo(rawAnswer, nil, c.dstAddr); err != nil {
+		c.log.Warnf("Failed to send mDNS packet %v", err)
+		return
+	}
+}
+
+func (c *Conn) start() {
+	defer func() {
+		c.mu.Lock()
+		defer c.mu.Unlock()
+		close(c.closed)
+	}()
+
+	b := make([]byte, inboundBufferSize)
+	p := dnsmessage.Parser{}
+
+	for {
+		n, _, src, err := c.socket.ReadFrom(b)
+		if err != nil {
+			return
+		}
+
+		func() {
+			c.mu.RLock()
+			defer c.mu.RUnlock()
+
+			if _, err := p.Start(b[:n]); err != nil {
+				c.log.Warnf("Failed to parse mDNS packet %v", err)
+				return
+			}
+
+			for i := 0; i <= maxMessageRecords; i++ {
+				q, err := p.Question()
+				if err == dnsmessage.ErrSectionDone {
+					break
+				} else if err != nil {
+					c.log.Warnf("Failed to parse mDNS packet %v", err)
+					return
+				}
+
+				for _, localName := range c.localNames {
+					if localName == q.Name.String() {
+
+						localAddress, err := interfaceForRemote(src.String())
+						if err != nil {
+							c.log.Warnf("Failed to get local interface to communicate with %s: %v", src.String(), err)
+							continue
+						}
+
+						c.sendAnswer(q.Name.String(), localAddress)
+					}
+				}
+			}
+
+			for i := 0; i <= maxMessageRecords; i++ {
+				a, err := p.AnswerHeader()
+				if err == dnsmessage.ErrSectionDone {
+					return
+				}
+				if err != nil {
+					c.log.Warnf("Failed to parse mDNS packet %v", err)
+					return
+				}
+
+				if a.Type != dnsmessage.TypeA && a.Type != dnsmessage.TypeAAAA {
+					continue
+				}
+
+				for i := len(c.queries) - 1; i >= 0; i-- {
+					if c.queries[i].nameWithSuffix == a.Name.String() {
+						c.queries[i].queryResultChan <- queryResult{a, src}
+						c.queries = append(c.queries[:i], c.queries[i+1:]...)
+					}
+				}
+			}
+		}()
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/mdns/errors.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/mdns/errors.go
new file mode 100644
index 000000000..2f8dc928b
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/mdns/errors.go
@@ -0,0 +1,10 @@
+package mdns
+
+import "errors"
+
+var (
+	errJoiningMulticastGroup = errors.New("mDNS: failed to join multicast group")
+	errConnectionClosed      = errors.New("mDNS: connection is closed")
+	errContextElapsed        = errors.New("mDNS: context has elapsed")
+	errNilConfig             = errors.New("mDNS: config must not be nil")
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/mdns/go.mod b/trunk/3rdparty/srs-bench/vendor/github.com/pion/mdns/go.mod
new file mode 100644
index 000000000..8359ed9c8
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/mdns/go.mod
@@ -0,0 +1,9 @@
+module github.com/pion/mdns
+
+go 1.12
+
+require (
+	github.com/pion/logging v0.2.2
+	github.com/pion/transport v0.8.10
+	golang.org/x/net v0.0.0-20191126235420-ef20fe5d7933
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/mdns/go.sum b/trunk/3rdparty/srs-bench/vendor/github.com/pion/mdns/go.sum
new file mode 100644
index 000000000..047fa8bdd
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/mdns/go.sum
@@ -0,0 +1,16 @@
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/pion/logging v0.2.2 h1:M9+AIj/+pxNsDfAT64+MAVgJO0rsyLnoJKCqf//DoeY=
+github.com/pion/logging v0.2.2/go.mod h1:k0/tDVsRCX2Mb2ZEmTqNa7CWsQPc+YYCB7Q+5pahoms=
+github.com/pion/transport v0.8.10 h1:lTiobMEw2PG6BH/mgIVqTV2mBp/mPT+IJLaN8ZxgdHk=
+github.com/pion/transport v0.8.10/go.mod h1:tBmha/UCjpum5hqTWhfAEs3CO4/tHSg0MYRhSzR+CZ8=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/net v0.0.0-20191126235420-ef20fe5d7933 h1:e6HwijUxhDe+hPNjZQQn9bA5PW3vNmnN64U2ZW759Lk=
+golang.org/x/net v0.0.0-20191126235420-ef20fe5d7933/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a h1:1BGLXjeY4akVXGgbC9HugT3Jv3hCI0z56oJR5vAMgBU=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/mdns/renovate.json b/trunk/3rdparty/srs-bench/vendor/github.com/pion/mdns/renovate.json
new file mode 100644
index 000000000..4400fd9b2
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/mdns/renovate.json
@@ -0,0 +1,15 @@
+{
+  "extends": [
+    "config:base"
+  ],
+  "postUpdateOptions": [
+    "gomodTidy"
+  ],
+  "commitBody": "Generated by renovateBot",
+  "packageRules": [
+    {
+      "packagePatterns": ["^golang.org/x/"],
+      "schedule": ["on the first day of the month"]
+    }
+  ]
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/randutil/.travis.yml b/trunk/3rdparty/srs-bench/vendor/github.com/pion/randutil/.travis.yml
new file mode 100644
index 000000000..f04a89667
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/randutil/.travis.yml
@@ -0,0 +1,142 @@
+#
+# DO NOT EDIT THIS FILE
+#
+# It is automatically copied from https://github.com/pion/.goassets repository.
+# If this repository should have package specific CI config,
+# remove the repository name from .goassets/.github/workflows/assets-sync.yml.
+#
+# If you want to update the shared CI config, send a PR to
+# https://github.com/pion/.goassets instead of this repository.
+#
+
+dist: bionic
+language: go
+
+
+branches:
+  only:
+  - master
+
+env:
+  global:
+    - GO111MODULE=on
+    - GOLANGCI_LINT_VERSION=1.19.1
+
+cache:
+  directories:
+    - ${HOME}/.cache/go-build
+    - ${GOPATH}/pkg/mod
+  npm: true
+  yarn: true
+
+_lint_job: &lint_job
+  env: CACHE_NAME=lint
+  before_install:
+    - if [ -f .github/.ci.conf ]; then . .github/.ci.conf; fi
+  install: skip
+  before_script:
+    - |
+      curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh \
+        | bash -s - -b $GOPATH/bin v${GOLANGCI_LINT_VERSION}
+  script:
+    - bash .github/assert-contributors.sh
+    - bash .github/lint-disallowed-functions-in-library.sh
+    - bash .github/lint-commit-message.sh
+    - bash .github/lint-filename.sh
+    - golangci-lint run ./...
+_test_job: &test_job
+  env: CACHE_NAME=test
+  before_install:
+    - if [ -f .github/.ci.conf ]; then . .github/.ci.conf; fi
+    - go mod download
+  install:
+    - go build ./...
+  script:
+    # If you want to specify repository specific test packages rule,
+    # add `TEST_PACKAGES=$(command to list test target packages)` to .github/.ci.conf
+    - testpkgs=${TEST_PACKAGES:-$(go list ./... | grep -v examples)}
+    - coverpkgs=$(echo "${testpkgs}" | paste -s -d ',')
+    - |
+      go test \
+        -coverpkg=${coverpkgs} -coverprofile=cover.out -covermode=atomic \
+        ${TEST_EXTRA_ARGS:-} \
+        -v -race ${testpkgs}
+    - if [ -n "${TEST_HOOK}" ]; then ${TEST_HOOK}; fi
+  after_success:
+    - travis_retry bash <(curl -s https://codecov.io/bash) -c -F go
+_test_i386_job: &test_i386_job
+  env: CACHE_NAME=test386
+  services: docker
+  before_install:
+    - if [ -f .github/.ci.conf ]; then . .github/.ci.conf; fi
+  script:
+    - testpkgs=${TEST_PACKAGES:-$(go list ./... | grep -v examples)}
+    - |
+      docker run \
+        -u $(id -u):$(id -g) \
+        -e "GO111MODULE=on" \
+        -e "CGO_ENABLED=0" \
+        -v ${PWD}:/go/src/github.com/pion/$(basename ${PWD}) \
+        -v ${HOME}/gopath/pkg/mod:/go/pkg/mod \
+        -v ${HOME}/.cache/go-build:/.cache/go-build \
+        -w /go/src/github.com/pion/$(basename ${PWD}) \
+        -it i386/golang:${GO_VERSION}-alpine \
+        /usr/local/go/bin/go test \
+          ${TEST_EXTRA_ARGS:-} \
+          -v ${testpkgs}
+_test_wasm_job: &test_wasm_job
+  env: CACHE_NAME=wasm
+  language: node_js
+  node_js: 12
+  before_install:
+    - if [ -f .github/.ci.conf ]; then . .github/.ci.conf; fi
+    - if ${SKIP_WASM_TEST:-false}; then exit 0; fi
+  install:
+    # Manually download and install Go instead of using gimme.
+    # It looks like gimme Go causes some errors on go-test for Wasm.
+    - curl -sSfL https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz | tar -C ~ -xzf -
+    - export GOROOT=${HOME}/go
+    - export PATH=${GOROOT}/bin:${PATH}
+    - yarn install
+    - export GO_JS_WASM_EXEC=${GO_JS_WASM_EXEC:-${GOROOT}/misc/wasm/go_js_wasm_exec}
+  script:
+    - testpkgs=${TEST_PACKAGES:-$(go list ./... | grep -v examples)}
+    - coverpkgs=$(echo "${testpkgs}" | paste -s -d ',')
+    - |
+      GOOS=js GOARCH=wasm go test \
+        -coverpkg=${coverpkgs} -coverprofile=cover.out -covermode=atomic \
+        -exec="${GO_JS_WASM_EXEC}" \
+        -v ${testpkgs}
+  after_success:
+    - travis_retry bash <(curl -s https://codecov.io/bash) -c -F wasm
+
+jobs:
+  include:
+    - <<: *lint_job
+      name: Lint 1.14
+      go: 1.14
+    - <<: *test_job
+      name: Test 1.13
+      go: 1.13
+    - <<: *test_job
+      name: Test 1.14
+      go: 1.14
+    - <<: *test_i386_job
+      name: Test i386 1.13
+      env: GO_VERSION=1.13
+      go: 1.14  # Go version for host environment only for `go list`.
+                # All tests are done on the version specified by GO_VERSION.
+    - <<: *test_i386_job
+      name: Test i386 1.14
+      env: GO_VERSION=1.14
+      go: 1.14  # Go version for host environment only for `go list`.
+                # All tests are done on the version specified by GO_VERSION.
+    - <<: *test_wasm_job
+      name: Test WASM 1.13
+      env: GO_VERSION=1.13
+    - <<: *test_wasm_job
+      name: Test WASM 1.14
+      env: GO_VERSION=1.14
+
+notifications:
+  email: false
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/randutil/LICENSE b/trunk/3rdparty/srs-bench/vendor/github.com/pion/randutil/LICENSE
new file mode 100644
index 000000000..5b5a39425
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/randutil/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2020 Pion
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/randutil/README.md b/trunk/3rdparty/srs-bench/vendor/github.com/pion/randutil/README.md
new file mode 100644
index 000000000..94baf7781
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/randutil/README.md
@@ -0,0 +1,14 @@
+# randutil
+Helper library for cryptographic and mathmatical randoms
+
+### Community
+Pion has an active community on the [Golang Slack](https://invite.slack.golangbridge.org/). Sign up and join the **#pion** channel for discussions and support. You can also use [Pion mailing list](https://groups.google.com/forum/#!forum/pion).
+
+We are always looking to support **your projects**. Please reach out if you have something to build!
+
+If you need commercial support or don't want to use public methods you can contact us at [team@pion.ly](mailto:team@pion.ly)
+
+### Contributing
+Check out the **[contributing wiki](https://github.com/pion/webrtc/wiki/Contributing)** to join the group of amazing people making this project possible:
+
+* [Atsushi Watanabe](https://github.com/at-wat) - *Original Author*
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/randutil/codecov.yml b/trunk/3rdparty/srs-bench/vendor/github.com/pion/randutil/codecov.yml
new file mode 100644
index 000000000..085200a48
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/randutil/codecov.yml
@@ -0,0 +1,20 @@
+#
+# DO NOT EDIT THIS FILE
+#
+# It is automatically copied from https://github.com/pion/.goassets repository.
+#
+
+coverage:
+  status:
+    project:
+      default:
+        # Allow decreasing 2% of total coverage to avoid noise.
+        threshold: 2%
+    patch:
+      default:
+        target: 70%
+        only_pulls: true
+
+ignore:
+  - "examples/*"
+  - "examples/**/*"
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/randutil/crypto.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/randutil/crypto.go
new file mode 100644
index 000000000..d10df98d0
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/randutil/crypto.go
@@ -0,0 +1,30 @@
+package randutil
+
+import (
+	crand "crypto/rand"
+	"encoding/binary"
+	"math/big"
+)
+
+// GenerateCryptoRandomString generates a random string for cryptographic usage.
+func GenerateCryptoRandomString(n int, runes string) (string, error) {
+	letters := []rune(runes)
+	b := make([]rune, n)
+	for i := range b {
+		v, err := crand.Int(crand.Reader, big.NewInt(int64(len(letters))))
+		if err != nil {
+			return "", err
+		}
+		b[i] = letters[v.Int64()]
+	}
+	return string(b), nil
+}
+
+// CryptoUint64 returns cryptographic random uint64.
+func CryptoUint64() (uint64, error) {
+	var v uint64
+	if err := binary.Read(crand.Reader, binary.LittleEndian, &v); err != nil {
+		return 0, err
+	}
+	return v, nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/randutil/go.mod b/trunk/3rdparty/srs-bench/vendor/github.com/pion/randutil/go.mod
new file mode 100644
index 000000000..2a824e048
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/randutil/go.mod
@@ -0,0 +1,3 @@
+module github.com/pion/randutil
+
+go 1.14
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/randutil/math.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/randutil/math.go
new file mode 100644
index 000000000..fbbf46023
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/randutil/math.go
@@ -0,0 +1,72 @@
+package randutil
+
+import (
+	mrand "math/rand" // used for non-crypto unique ID and random port selection
+	"sync"
+	"time"
+)
+
+// MathRandomGenerator is a random generator for non-crypto usage.
+type MathRandomGenerator interface {
+	// Intn returns random integer within [0:n).
+	Intn(n int) int
+
+	// Uint32 returns random 32-bit unsigned integer.
+	Uint32() uint32
+
+	// Uint64 returns random 64-bit unsigned integer.
+	Uint64() uint64
+
+	// GenerateString returns ranom string using given set of runes.
+	// It can be used for generating unique ID to avoid name collision.
+	//
+	// Caution: DO NOT use this for cryptographic usage.
+	GenerateString(n int, runes string) string
+}
+
+type mathRandomGenerator struct {
+	r  *mrand.Rand
+	mu sync.Mutex
+}
+
+// NewMathRandomGenerator creates new mathmatical random generator.
+// Random generator is seeded by crypto random.
+func NewMathRandomGenerator() MathRandomGenerator {
+	seed, err := CryptoUint64()
+	if err != nil {
+		// crypto/rand is unavailable. Fallback to seed by time.
+		seed = uint64(time.Now().UnixNano())
+	}
+
+	return &mathRandomGenerator{r: mrand.New(mrand.NewSource(int64(seed)))}
+}
+
+func (g *mathRandomGenerator) Intn(n int) int {
+	g.mu.Lock()
+	v := g.r.Intn(n)
+	g.mu.Unlock()
+	return v
+}
+
+func (g *mathRandomGenerator) Uint32() uint32 {
+	g.mu.Lock()
+	v := g.r.Uint32()
+	g.mu.Unlock()
+	return v
+}
+
+func (g *mathRandomGenerator) Uint64() uint64 {
+	g.mu.Lock()
+	v := g.r.Uint64()
+	g.mu.Unlock()
+	return v
+}
+
+func (g *mathRandomGenerator) GenerateString(n int, runes string) string {
+	letters := []rune(runes)
+	b := make([]rune, n)
+	for i := range b {
+		b[i] = letters[g.Intn(len(letters))]
+	}
+	return string(b)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/randutil/renovate.json b/trunk/3rdparty/srs-bench/vendor/github.com/pion/randutil/renovate.json
new file mode 100644
index 000000000..4400fd9b2
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/randutil/renovate.json
@@ -0,0 +1,15 @@
+{
+  "extends": [
+    "config:base"
+  ],
+  "postUpdateOptions": [
+    "gomodTidy"
+  ],
+  "commitBody": "Generated by renovateBot",
+  "packageRules": [
+    {
+      "packagePatterns": ["^golang.org/x/"],
+      "schedule": ["on the first day of the month"]
+    }
+  ]
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/.gitignore b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/.gitignore
new file mode 100644
index 000000000..83db74ba5
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/.gitignore
@@ -0,0 +1,24 @@
+### JetBrains IDE ###
+#####################
+.idea/
+
+### Emacs Temporary Files ###
+#############################
+*~
+
+### Folders ###
+###############
+bin/
+vendor/
+node_modules/
+
+### Files ###
+#############
+*.ivf
+*.ogg
+tags
+cover.out
+*.sw[poe]
+*.wasm
+examples/sfu-ws/cert.pem
+examples/sfu-ws/key.pem
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/.golangci.yml b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/.golangci.yml
new file mode 100644
index 000000000..d6162c970
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/.golangci.yml
@@ -0,0 +1,89 @@
+linters-settings:
+  govet:
+    check-shadowing: true
+  misspell:
+    locale: US
+  exhaustive:
+    default-signifies-exhaustive: true
+  gomodguard:
+    blocked:
+      modules:
+        - github.com/pkg/errors:
+            recommendations:
+            - errors
+
+linters:
+  enable:
+    - asciicheck       # Simple linter to check that your code does not contain non-ASCII identifiers
+    - bodyclose        # checks whether HTTP response body is closed successfully
+    - deadcode         # Finds unused code
+    - depguard         # Go linter that checks if package imports are in a list of acceptable packages
+    - dogsled          # Checks assignments with too many blank identifiers (e.g. x, _, _, _, := f())
+    - dupl             # Tool for code clone detection
+    - errcheck         # Errcheck is a program for checking for unchecked errors in go programs. These unchecked errors can be critical bugs in some cases
+    - exhaustive       # check exhaustiveness of enum switch statements
+    - exportloopref    # checks for pointers to enclosing loop variables
+    - gci              # Gci control golang package import order and make it always deterministic.
+    - gochecknoglobals # Checks that no globals are present in Go code
+    - gochecknoinits   # Checks that no init functions are present in Go code
+    - gocognit         # Computes and checks the cognitive complexity of functions
+    - goconst          # Finds repeated strings that could be replaced by a constant
+    - gocritic         # The most opinionated Go source code linter
+    - godox            # Tool for detection of FIXME, TODO and other comment keywords
+    - goerr113         # Golang linter to check the errors handling expressions
+    - gofmt            # Gofmt checks whether code was gofmt-ed. By default this tool runs with -s option to check for code simplification
+    - gofumpt          # Gofumpt checks whether code was gofumpt-ed.
+    - goheader         # Checks is file header matches to pattern
+    - goimports        # Goimports does everything that gofmt does. Additionally it checks unused imports
+    - golint           # Golint differs from gofmt. Gofmt reformats Go source code, whereas golint prints out style mistakes
+    - gomodguard       # Allow and block list linter for direct Go module dependencies. This is different from depguard where there are different block types for example version constraints and module recommendations.
+    - goprintffuncname # Checks that printf-like functions are named with `f` at the end
+    - gosec            # Inspects source code for security problems
+    - gosimple         # Linter for Go source code that specializes in simplifying a code
+    - govet            # Vet examines Go source code and reports suspicious constructs, such as Printf calls whose arguments do not align with the format string
+    - ineffassign      # Detects when assignments to existing variables are not used
+    - misspell         # Finds commonly misspelled English words in comments
+    - nakedret         # Finds naked returns in functions greater than a specified function length
+    - noctx            # noctx finds sending http request without context.Context
+    - scopelint        # Scopelint checks for unpinned variables in go programs
+    - staticcheck      # Staticcheck is a go vet on steroids, applying a ton of static analysis checks
+    - structcheck      # Finds unused struct fields
+    - stylecheck       # Stylecheck is a replacement for golint
+    - typecheck        # Like the front-end of a Go compiler, parses and type-checks Go code
+    - unconvert        # Remove unnecessary type conversions
+    - unparam          # Reports unused function parameters
+    - unused           # Checks Go code for unused constants, variables, functions and types
+    - varcheck         # Finds unused global variables and constants
+    - whitespace       # Tool for detection of leading and trailing whitespace
+  disable:
+    - funlen           # Tool for detection of long functions
+    - gocyclo          # Computes and checks the cyclomatic complexity of functions
+    - godot            # Check if comments end in a period
+    - gomnd            # An analyzer to detect magic numbers.
+    - lll              # Reports long lines
+    - maligned         # Tool to detect Go structs that would take less memory if their fields were sorted
+    - nestif           # Reports deeply nested if statements
+    - nlreturn         # nlreturn checks for a new line before return and branch statements to increase code clarity
+    - nolintlint       # Reports ill-formed or insufficient nolint directives
+    - prealloc         # Finds slice declarations that could potentially be preallocated
+    - rowserrcheck     # checks whether Err of rows is checked successfully
+    - sqlclosecheck    # Checks that sql.Rows and sql.Stmt are closed.
+    - testpackage      # linter that makes you use a separate _test package
+    - wsl              # Whitespace Linter - Forces you to use empty lines!
+
+issues:
+  exclude-use-default: false
+  exclude-rules:
+    # Allow complex tests, better to be self contained
+    - path: _test\.go
+      linters:
+        - gocognit
+
+    # Allow complex main function in examples
+    - path: examples
+      text: "of func `main` is high"
+      linters:
+        - gocognit
+
+run:
+  skip-dirs-use-default: false
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/LICENSE b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/LICENSE
new file mode 100644
index 000000000..ab602974d
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2018 
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/README.md b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/README.md
new file mode 100644
index 000000000..a054dae4a
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/README.md
@@ -0,0 +1,49 @@
+<h1 align="center">
+  <br>
+  Pion RTCP
+  <br>
+</h1>
+<h4 align="center">A Go implementation of RTCP</h4>
+<p align="center">
+  <a href="https://pion.ly"><img src="https://img.shields.io/badge/pion-rtcp-gray.svg?longCache=true&colorB=brightgreen" alt="Pion RTCP"></a>
+  <a href="https://sourcegraph.com/github.com/pion/rtcp?badge"><img src="https://sourcegraph.com/github.com/pion/rtcp/-/badge.svg" alt="Sourcegraph Widget"></a>
+  <a href="https://pion.ly/slack"><img src="https://img.shields.io/badge/join-us%20on%20slack-gray.svg?longCache=true&logo=slack&colorB=brightgreen" alt="Slack Widget"></a>
+  <br>
+  <a href="https://travis-ci.org/pion/rtcp"><img src="https://travis-ci.org/pion/rtcp.svg?branch=master" alt="Build Status"></a>
+  <a href="https://pkg.go.dev/github.com/pion/rtcp"><img src="https://godoc.org/github.com/pion/rtcp?status.svg" alt="GoDoc"></a>
+  <a href="https://codecov.io/gh/pion/rtcp"><img src="https://codecov.io/gh/pion/rtcp/branch/master/graph/badge.svg" alt="Coverage Status"></a>
+  <a href="https://goreportcard.com/report/github.com/pion/rtcp"><img src="https://goreportcard.com/badge/github.com/pion/rtcp" alt="Go Report Card"></a>
+  <a href="LICENSE"><img src="https://img.shields.io/badge/License-MIT-yellow.svg" alt="License: MIT"></a>
+</p>
+<br>
+
+See [DESIGN.md](DESIGN.md) for an overview of features and future goals.
+
+### Roadmap
+The library is used as a part of our WebRTC implementation. Please refer to that [roadmap](https://github.com/pion/webrtc/issues/9) to track our major milestones.
+
+### Community
+Pion has an active community on the [Golang Slack](https://invite.slack.golangbridge.org/). Sign up and join the **#pion** channel for discussions and support. You can also use [Pion mailing list](https://groups.google.com/forum/#!forum/pion).
+
+We are always looking to support **your projects**. Please reach out if you have something to build!
+
+If you need commercial support or don't want to use public methods you can contact us at [team@pion.ly](mailto:team@pion.ly)
+
+### Contributing
+Check out the **[contributing wiki](https://github.com/pion/webrtc/wiki/Contributing)** to join the group of amazing people making this project possible:
+
+* [Max Hawkins](https://github.com/maxhawkins) - *Original Author*
+* [Woodrow Douglass](https://github.com/wdouglass) *RTCP, RTP improvements, G.722 support, Bugfixes*
+* [Sean DuBois](https://github.com/Sean-Der) - *Linter fixes*
+* [adwpc](https://github.com/adwpc)
+* [Luke Curley](https://github.com/kixelated)
+* [Hugo Arregui](https://github.com/hugoArregui)
+* [Atsushi Watanabe](https://github.com/at-wat)
+* [Juliusz Chroboczek](https://github.com/jech)
+* [Gabor Pongracz](https://github.com/pongraczgabor87)
+* [Simone Gotti](https://github.com/sgotti)
+* [lllf](https://github.com/LittleLightLittleFire)
+* [cnderrauber](https://github.com/cnderrauber)
+
+### License
+MIT License - see [LICENSE](LICENSE) for full text
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/codecov.yml b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/codecov.yml
new file mode 100644
index 000000000..085200a48
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/codecov.yml
@@ -0,0 +1,20 @@
+#
+# DO NOT EDIT THIS FILE
+#
+# It is automatically copied from https://github.com/pion/.goassets repository.
+#
+
+coverage:
+  status:
+    project:
+      default:
+        # Allow decreasing 2% of total coverage to avoid noise.
+        threshold: 2%
+    patch:
+      default:
+        target: 70%
+        only_pulls: true
+
+ignore:
+  - "examples/*"
+  - "examples/**/*"
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/compound_packet.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/compound_packet.go
new file mode 100644
index 000000000..2c74279b3
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/compound_packet.go
@@ -0,0 +1,136 @@
+package rtcp
+
+// A CompoundPacket is a collection of RTCP packets transmitted as a single packet with
+// the underlying protocol (for example UDP).
+//
+// To maximize the resolution of receiption statistics, the first Packet in a CompoundPacket
+// must always be either a SenderReport or a ReceiverReport.  This is true even if no data
+// has been sent or received, in which case an empty ReceiverReport must be sent, and even
+// if the only other RTCP packet in the compound packet is a Goodbye.
+//
+// Next, a SourceDescription containing a CNAME item must be included in each CompoundPacket
+// to identify the source and to begin associating media for purposes such as lip-sync.
+//
+// Other RTCP packet types may follow in any order. Packet types may appear more than once.
+type CompoundPacket []Packet
+
+var _ Packet = (*CompoundPacket)(nil) // assert is a Packet
+
+// Validate returns an error if this is not an RFC-compliant CompoundPacket.
+func (c CompoundPacket) Validate() error {
+	if len(c) == 0 {
+		return errEmptyCompound
+	}
+
+	// SenderReport and ReceiverReport are the only types that
+	// are allowed to be the first packet in a compound datagram
+	switch c[0].(type) {
+	case *SenderReport, *ReceiverReport:
+		// ok
+	default:
+		return errBadFirstPacket
+	}
+
+	for _, pkt := range c[1:] {
+		switch p := pkt.(type) {
+		// If the number of RecetpionReports exceeds 31 additional ReceiverReports
+		// can be included here.
+		case *ReceiverReport:
+			continue
+
+		// A SourceDescription containing a CNAME must be included in every
+		// CompoundPacket.
+		case *SourceDescription:
+			var hasCNAME bool
+			for _, c := range p.Chunks {
+				for _, it := range c.Items {
+					if it.Type == SDESCNAME {
+						hasCNAME = true
+					}
+				}
+			}
+
+			if !hasCNAME {
+				return errMissingCNAME
+			}
+
+			return nil
+
+		// Other packets are not permitted before the CNAME
+		default:
+			return errPacketBeforeCNAME
+		}
+	}
+
+	// CNAME never reached
+	return errMissingCNAME
+}
+
+// CNAME returns the CNAME that *must* be present in every CompoundPacket
+func (c CompoundPacket) CNAME() (string, error) {
+	var err error
+
+	if len(c) < 1 {
+		return "", errEmptyCompound
+	}
+
+	for _, pkt := range c[1:] {
+		sdes, ok := pkt.(*SourceDescription)
+		if ok {
+			for _, c := range sdes.Chunks {
+				for _, it := range c.Items {
+					if it.Type == SDESCNAME {
+						return it.Text, err
+					}
+				}
+			}
+		} else {
+			_, ok := pkt.(*ReceiverReport)
+			if !ok {
+				err = errPacketBeforeCNAME
+			}
+		}
+	}
+	return "", errMissingCNAME
+}
+
+// Marshal encodes the CompoundPacket as binary.
+func (c CompoundPacket) Marshal() ([]byte, error) {
+	if err := c.Validate(); err != nil {
+		return nil, err
+	}
+
+	p := []Packet(c)
+	return Marshal(p)
+}
+
+// Unmarshal decodes a CompoundPacket from binary.
+func (c *CompoundPacket) Unmarshal(rawData []byte) error {
+	out := make(CompoundPacket, 0)
+	for len(rawData) != 0 {
+		p, processed, err := unmarshal(rawData)
+		if err != nil {
+			return err
+		}
+
+		out = append(out, p)
+		rawData = rawData[processed:]
+	}
+	*c = out
+
+	if err := c.Validate(); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// DestinationSSRC returns the synchronization sources associated with this
+// CompoundPacket's reception report.
+func (c CompoundPacket) DestinationSSRC() []uint32 {
+	if len(c) == 0 {
+		return nil
+	}
+
+	return c[0].DestinationSSRC()
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/doc.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/doc.go
new file mode 100644
index 000000000..fa948df1e
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/doc.go
@@ -0,0 +1,39 @@
+/*
+Package rtcp implements encoding and decoding of RTCP packets according to RFCs 3550 and 5506.
+
+RTCP is a sister protocol of the Real-time Transport Protocol (RTP). Its basic functionality
+and packet structure is defined in RFC 3550. RTCP provides out-of-band statistics and control
+information for an RTP session. It partners with RTP in the delivery and packaging of multimedia data,
+but does not transport any media data itself.
+
+The primary function of RTCP is to provide feedback on the quality of service (QoS)
+in media distribution by periodically sending statistics information such as transmitted octet
+and packet counts, packet loss, packet delay variation, and round-trip delay time to participants
+in a streaming multimedia session. An application may use this information to control quality of
+service parameters, perhaps by limiting flow, or using a different codec.
+
+Decoding RTCP packets:
+
+	pkt, err := rtcp.Unmarshal(rtcpData)
+	// ...
+
+	switch p := pkt.(type) {
+	case *rtcp.CompoundPacket:
+		...
+	case *rtcp.PictureLossIndication:
+		...
+	default:
+		...
+	}
+
+Encoding RTCP packets:
+
+	pkt := &rtcp.PictureLossIndication{
+		SenderSSRC: senderSSRC,
+		MediaSSRC: mediaSSRC
+	}
+	pliData, err := pkt.Marshal()
+	// ...
+
+*/
+package rtcp
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/errors.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/errors.go
new file mode 100644
index 000000000..d1b00c5c9
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/errors.go
@@ -0,0 +1,30 @@
+package rtcp
+
+import "errors"
+
+var (
+	errWrongMarshalSize         = errors.New("rtcp: wrong marshal size")
+	errInvalidTotalLost         = errors.New("rtcp: invalid total lost count")
+	errInvalidHeader            = errors.New("rtcp: invalid header")
+	errEmptyCompound            = errors.New("rtcp: empty compound packet")
+	errBadFirstPacket           = errors.New("rtcp: first packet in compound must be SR or RR")
+	errMissingCNAME             = errors.New("rtcp: compound missing SourceDescription with CNAME")
+	errPacketBeforeCNAME        = errors.New("rtcp: feedback packet seen before CNAME")
+	errTooManyReports           = errors.New("rtcp: too many reports")
+	errTooManyChunks            = errors.New("rtcp: too many chunks")
+	errTooManySources           = errors.New("rtcp: too many sources")
+	errPacketTooShort           = errors.New("rtcp: packet too short")
+	errWrongType                = errors.New("rtcp: wrong packet type")
+	errSDESTextTooLong          = errors.New("rtcp: sdes must be < 255 octets long")
+	errSDESMissingType          = errors.New("rtcp: sdes item missing type")
+	errReasonTooLong            = errors.New("rtcp: reason must be < 255 octets long")
+	errBadVersion               = errors.New("rtcp: invalid packet version")
+	errWrongPadding             = errors.New("rtcp: invalid padding value")
+	errWrongFeedbackType        = errors.New("rtcp: wrong feedback message type")
+	errWrongPayloadType         = errors.New("rtcp: wrong payload type")
+	errHeaderTooSmall           = errors.New("rtcp: header length is too small")
+	errSSRCMustBeZero           = errors.New("rtcp: media SSRC must be 0")
+	errMissingREMBidentifier    = errors.New("missing REMB identifier")
+	errSSRCNumAndLengthMismatch = errors.New("SSRC num and length do not match")
+	errInvalidSizeOrStartIndex  = errors.New("invalid size or startIndex")
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/full_intra_request.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/full_intra_request.go
new file mode 100644
index 000000000..74ca928d6
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/full_intra_request.go
@@ -0,0 +1,107 @@
+package rtcp
+
+import (
+	"encoding/binary"
+	"fmt"
+)
+
+// A FIREntry is a (SSRC, seqno) pair, as carried by FullIntraRequest.
+type FIREntry struct {
+	SSRC           uint32
+	SequenceNumber uint8
+}
+
+// The FullIntraRequest packet is used to reliably request an Intra frame
+// in a video stream.  See RFC 5104 Section 3.5.1.  This is not for loss
+// recovery, which should use PictureLossIndication (PLI) instead.
+type FullIntraRequest struct {
+	SenderSSRC uint32
+	MediaSSRC  uint32
+
+	FIR []FIREntry
+}
+
+const (
+	firOffset = 8
+)
+
+var _ Packet = (*FullIntraRequest)(nil)
+
+// Marshal encodes the FullIntraRequest
+func (p FullIntraRequest) Marshal() ([]byte, error) {
+	rawPacket := make([]byte, firOffset+(len(p.FIR)*8))
+	binary.BigEndian.PutUint32(rawPacket, p.SenderSSRC)
+	binary.BigEndian.PutUint32(rawPacket[4:], p.MediaSSRC)
+	for i, fir := range p.FIR {
+		binary.BigEndian.PutUint32(rawPacket[firOffset+8*i:], fir.SSRC)
+		rawPacket[firOffset+8*i+4] = fir.SequenceNumber
+	}
+	h := p.Header()
+	hData, err := h.Marshal()
+	if err != nil {
+		return nil, err
+	}
+
+	return append(hData, rawPacket...), nil
+}
+
+// Unmarshal decodes the TransportLayerNack
+func (p *FullIntraRequest) Unmarshal(rawPacket []byte) error {
+	if len(rawPacket) < (headerLength + ssrcLength) {
+		return errPacketTooShort
+	}
+
+	var h Header
+	if err := h.Unmarshal(rawPacket); err != nil {
+		return err
+	}
+
+	if len(rawPacket) < (headerLength + int(4*h.Length)) {
+		return errPacketTooShort
+	}
+
+	if h.Type != TypePayloadSpecificFeedback || h.Count != FormatFIR {
+		return errWrongType
+	}
+
+	p.SenderSSRC = binary.BigEndian.Uint32(rawPacket[headerLength:])
+	p.MediaSSRC = binary.BigEndian.Uint32(rawPacket[headerLength+ssrcLength:])
+	for i := headerLength + firOffset; i < (headerLength + int(h.Length*4)); i += 8 {
+		p.FIR = append(p.FIR, FIREntry{
+			binary.BigEndian.Uint32(rawPacket[i:]),
+			rawPacket[i+4],
+		})
+	}
+	return nil
+}
+
+// Header returns the Header associated with this packet.
+func (p *FullIntraRequest) Header() Header {
+	return Header{
+		Count:  FormatFIR,
+		Type:   TypePayloadSpecificFeedback,
+		Length: uint16((p.len() / 4) - 1),
+	}
+}
+
+func (p *FullIntraRequest) len() int {
+	return headerLength + firOffset + len(p.FIR)*8
+}
+
+func (p *FullIntraRequest) String() string {
+	out := fmt.Sprintf("FullIntraRequest %x %x",
+		p.SenderSSRC, p.MediaSSRC)
+	for _, e := range p.FIR {
+		out += fmt.Sprintf(" (%x %v)", e.SSRC, e.SequenceNumber)
+	}
+	return out
+}
+
+// DestinationSSRC returns an array of SSRC values that this packet refers to.
+func (p *FullIntraRequest) DestinationSSRC() []uint32 {
+	ssrcs := make([]uint32, 0, len(p.FIR))
+	for _, entry := range p.FIR {
+		ssrcs = append(ssrcs, entry.SSRC)
+	}
+	return ssrcs
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/fuzz.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/fuzz.go
new file mode 100644
index 000000000..2ea4fb1fc
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/fuzz.go
@@ -0,0 +1,51 @@
+// +build gofuzz
+
+package rtcp
+
+import (
+	"bytes"
+	"io"
+)
+
+// Fuzz implements a randomized fuzz test of the rtcp
+// parser using go-fuzz.
+//
+// To run the fuzzer, first download go-fuzz:
+// `go get github.com/dvyukov/go-fuzz/...`
+//
+// Then build the testing package:
+// `go-fuzz-build github.com/pion/webrtc`
+//
+// And run the fuzzer on the corpus:
+// ```
+// mkdir workdir
+//
+// # optionally add a starter corpus of valid rtcp packets.
+// # the corpus should be as compact and diverse as possible.
+// cp -r ~/my-rtcp-packets workdir/corpus
+//
+// go-fuzz -bin=ase-fuzz.zip -workdir=workdir
+// ````
+func Fuzz(data []byte) int {
+	r := NewReader(bytes.NewReader(data))
+	for {
+		_, data, err := r.ReadPacket()
+		if err == io.EOF {
+			break
+		}
+		if err != nil {
+			return 0
+		}
+
+		packet, err := Unmarshal(data)
+		if err != nil {
+			return 0
+		}
+
+		if _, err := packet.Marshal(); err != nil {
+			return 0
+		}
+	}
+
+	return 1
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/go.mod b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/go.mod
new file mode 100644
index 000000000..28b6e9ddf
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/go.mod
@@ -0,0 +1,5 @@
+module github.com/pion/rtcp
+
+go 1.13
+
+require github.com/stretchr/testify v1.6.1
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/go.sum b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/go.sum
new file mode 100644
index 000000000..afe7890c9
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/go.sum
@@ -0,0 +1,11 @@
+github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/goodbye.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/goodbye.go
new file mode 100644
index 000000000..b8718b357
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/goodbye.go
@@ -0,0 +1,146 @@
+package rtcp
+
+import (
+	"encoding/binary"
+)
+
+// The Goodbye packet indicates that one or more sources are no longer active.
+type Goodbye struct {
+	// The SSRC/CSRC identifiers that are no longer active
+	Sources []uint32
+	// Optional text indicating the reason for leaving, e.g., "camera malfunction" or "RTP loop detected"
+	Reason string
+}
+
+var _ Packet = (*Goodbye)(nil) // assert is a Packet
+
+// Marshal encodes the Goodbye packet in binary
+func (g Goodbye) Marshal() ([]byte, error) {
+	/*
+	 *        0                   1                   2                   3
+	 *        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+	 *       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 *       |V=2|P|    SC   |   PT=BYE=203  |             length            |
+	 *       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 *       |                           SSRC/CSRC                           |
+	 *       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 *       :                              ...                              :
+	 *       +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+	 * (opt) |     length    |               reason for leaving            ...
+	 *       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 */
+
+	rawPacket := make([]byte, g.len())
+	packetBody := rawPacket[headerLength:]
+
+	if len(g.Sources) > countMax {
+		return nil, errTooManySources
+	}
+
+	for i, s := range g.Sources {
+		binary.BigEndian.PutUint32(packetBody[i*ssrcLength:], s)
+	}
+
+	if g.Reason != "" {
+		reason := []byte(g.Reason)
+
+		if len(reason) > sdesMaxOctetCount {
+			return nil, errReasonTooLong
+		}
+
+		reasonOffset := len(g.Sources) * ssrcLength
+		packetBody[reasonOffset] = uint8(len(reason))
+		copy(packetBody[reasonOffset+1:], reason)
+	}
+
+	hData, err := g.Header().Marshal()
+	if err != nil {
+		return nil, err
+	}
+	copy(rawPacket, hData)
+
+	return rawPacket, nil
+}
+
+// Unmarshal decodes the Goodbye packet from binary
+func (g *Goodbye) Unmarshal(rawPacket []byte) error {
+	/*
+	 *        0                   1                   2                   3
+	 *        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+	 *       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 *       |V=2|P|    SC   |   PT=BYE=203  |             length            |
+	 *       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 *       |                           SSRC/CSRC                           |
+	 *       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 *       :                              ...                              :
+	 *       +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+	 * (opt) |     length    |               reason for leaving            ...
+	 *       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 */
+
+	var header Header
+	if err := header.Unmarshal(rawPacket); err != nil {
+		return err
+	}
+
+	if header.Type != TypeGoodbye {
+		return errWrongType
+	}
+
+	if getPadding(len(rawPacket)) != 0 {
+		return errPacketTooShort
+	}
+
+	g.Sources = make([]uint32, header.Count)
+
+	reasonOffset := int(headerLength + header.Count*ssrcLength)
+	if reasonOffset > len(rawPacket) {
+		return errPacketTooShort
+	}
+
+	for i := 0; i < int(header.Count); i++ {
+		offset := headerLength + i*ssrcLength
+
+		g.Sources[i] = binary.BigEndian.Uint32(rawPacket[offset:])
+	}
+
+	if reasonOffset < len(rawPacket) {
+		reasonLen := int(rawPacket[reasonOffset])
+		reasonEnd := reasonOffset + 1 + reasonLen
+
+		if reasonEnd > len(rawPacket) {
+			return errPacketTooShort
+		}
+
+		g.Reason = string(rawPacket[reasonOffset+1 : reasonEnd])
+	}
+
+	return nil
+}
+
+// Header returns the Header associated with this packet.
+func (g *Goodbye) Header() Header {
+	return Header{
+		Padding: false,
+		Count:   uint8(len(g.Sources)),
+		Type:    TypeGoodbye,
+		Length:  uint16((g.len() / 4) - 1),
+	}
+}
+
+func (g *Goodbye) len() int {
+	srcsLength := len(g.Sources) * ssrcLength
+	reasonLength := len(g.Reason) + 1
+
+	l := headerLength + srcsLength + reasonLength
+
+	// align to 32-bit boundary
+	return l + getPadding(l)
+}
+
+// DestinationSSRC returns an array of SSRC values that this packet refers to.
+func (g *Goodbye) DestinationSSRC() []uint32 {
+	out := make([]uint32, len(g.Sources))
+	copy(out, g.Sources)
+	return out
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/header.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/header.go
new file mode 100644
index 000000000..055ca18bf
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/header.go
@@ -0,0 +1,140 @@
+package rtcp
+
+import (
+	"encoding/binary"
+)
+
+// PacketType specifies the type of an RTCP packet
+type PacketType uint8
+
+// RTCP packet types registered with IANA. See: https://www.iana.org/assignments/rtp-parameters/rtp-parameters.xhtml#rtp-parameters-4
+const (
+	TypeSenderReport              PacketType = 200 // RFC 3550, 6.4.1
+	TypeReceiverReport            PacketType = 201 // RFC 3550, 6.4.2
+	TypeSourceDescription         PacketType = 202 // RFC 3550, 6.5
+	TypeGoodbye                   PacketType = 203 // RFC 3550, 6.6
+	TypeApplicationDefined        PacketType = 204 // RFC 3550, 6.7 (unimplemented)
+	TypeTransportSpecificFeedback PacketType = 205 // RFC 4585, 6051
+	TypePayloadSpecificFeedback   PacketType = 206 // RFC 4585, 6.3
+
+)
+
+// Transport and Payload specific feedback messages overload the count field to act as a message type. those are listed here
+const (
+	FormatSLI  uint8 = 2
+	FormatPLI  uint8 = 1
+	FormatFIR  uint8 = 4
+	FormatTLN  uint8 = 1
+	FormatRRR  uint8 = 5
+	FormatREMB uint8 = 15
+
+	//https://tools.ietf.org/html/draft-holmer-rmcat-transport-wide-cc-extensions-01#page-5
+	FormatTCC uint8 = 15
+)
+
+func (p PacketType) String() string {
+	switch p {
+	case TypeSenderReport:
+		return "SR"
+	case TypeReceiverReport:
+		return "RR"
+	case TypeSourceDescription:
+		return "SDES"
+	case TypeGoodbye:
+		return "BYE"
+	case TypeApplicationDefined:
+		return "APP"
+	case TypeTransportSpecificFeedback:
+		return "TSFB"
+	case TypePayloadSpecificFeedback:
+		return "PSFB"
+	default:
+		return string(p)
+	}
+}
+
+const rtpVersion = 2
+
+// A Header is the common header shared by all RTCP packets
+type Header struct {
+	// If the padding bit is set, this individual RTCP packet contains
+	// some additional padding octets at the end which are not part of
+	// the control information but are included in the length field.
+	Padding bool
+	// The number of reception reports, sources contained or FMT in this packet (depending on the Type)
+	Count uint8
+	// The RTCP packet type for this packet
+	Type PacketType
+	// The length of this RTCP packet in 32-bit words minus one,
+	// including the header and any padding.
+	Length uint16
+}
+
+const (
+	headerLength = 4
+	versionShift = 6
+	versionMask  = 0x3
+	paddingShift = 5
+	paddingMask  = 0x1
+	countShift   = 0
+	countMask    = 0x1f
+	countMax     = (1 << 5) - 1
+)
+
+// Marshal encodes the Header in binary
+func (h Header) Marshal() ([]byte, error) {
+	/*
+	 *  0                   1                   2                   3
+	 *  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+	 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 * |V=2|P|    RC   |   PT=SR=200   |             length            |
+	 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 */
+	rawPacket := make([]byte, headerLength)
+
+	rawPacket[0] |= rtpVersion << versionShift
+
+	if h.Padding {
+		rawPacket[0] |= 1 << paddingShift
+	}
+
+	if h.Count > 31 {
+		return nil, errInvalidHeader
+	}
+	rawPacket[0] |= h.Count << countShift
+
+	rawPacket[1] = uint8(h.Type)
+
+	binary.BigEndian.PutUint16(rawPacket[2:], h.Length)
+
+	return rawPacket, nil
+}
+
+// Unmarshal decodes the Header from binary
+func (h *Header) Unmarshal(rawPacket []byte) error {
+	if len(rawPacket) < headerLength {
+		return errPacketTooShort
+	}
+
+	/*
+	 *  0                   1                   2                   3
+	 *  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+	 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 * |V=2|P|    RC   |      PT       |             length            |
+	 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 */
+
+	version := rawPacket[0] >> versionShift & versionMask
+	if version != rtpVersion {
+		return errBadVersion
+	}
+
+	h.Padding = (rawPacket[0] >> paddingShift & paddingMask) > 0
+	h.Count = rawPacket[0] >> countShift & countMask
+
+	h.Type = PacketType(rawPacket[1])
+
+	h.Length = binary.BigEndian.Uint16(rawPacket[2:])
+
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/packet.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/packet.go
new file mode 100644
index 000000000..de0800381
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/packet.go
@@ -0,0 +1,115 @@
+package rtcp
+
+// Packet represents an RTCP packet, a protocol used for out-of-band statistics and control information for an RTP session
+type Packet interface {
+	// DestinationSSRC returns an array of SSRC values that this packet refers to.
+	DestinationSSRC() []uint32
+
+	Marshal() ([]byte, error)
+	Unmarshal(rawPacket []byte) error
+}
+
+// Unmarshal takes an entire udp datagram (which may consist of multiple RTCP packets) and
+// returns the unmarshaled packets it contains.
+//
+// If this is a reduced-size RTCP packet a feedback packet (Goodbye, SliceLossIndication, etc)
+// will be returned. Otherwise, the underlying type of the returned packet will be
+// CompoundPacket.
+func Unmarshal(rawData []byte) ([]Packet, error) {
+	var packets []Packet
+	for len(rawData) != 0 {
+		p, processed, err := unmarshal(rawData)
+		if err != nil {
+			return nil, err
+		}
+
+		packets = append(packets, p)
+		rawData = rawData[processed:]
+	}
+
+	switch len(packets) {
+	// Empty packet
+	case 0:
+		return nil, errInvalidHeader
+	// Multiple Packets
+	default:
+		return packets, nil
+	}
+}
+
+// Marshal takes an array of Packets and serializes them to a single buffer
+func Marshal(packets []Packet) ([]byte, error) {
+	out := make([]byte, 0)
+	for _, p := range packets {
+		data, err := p.Marshal()
+		if err != nil {
+			return nil, err
+		}
+		out = append(out, data...)
+	}
+	return out, nil
+}
+
+// unmarshal is a factory which pulls the first RTCP packet from a bytestream,
+// and returns it's parsed representation, and the amount of data that was processed.
+func unmarshal(rawData []byte) (packet Packet, bytesprocessed int, err error) {
+	var h Header
+
+	err = h.Unmarshal(rawData)
+	if err != nil {
+		return nil, 0, err
+	}
+
+	bytesprocessed = int(h.Length+1) * 4
+	if bytesprocessed > len(rawData) {
+		return nil, 0, errPacketTooShort
+	}
+	inPacket := rawData[:bytesprocessed]
+
+	switch h.Type {
+	case TypeSenderReport:
+		packet = new(SenderReport)
+
+	case TypeReceiverReport:
+		packet = new(ReceiverReport)
+
+	case TypeSourceDescription:
+		packet = new(SourceDescription)
+
+	case TypeGoodbye:
+		packet = new(Goodbye)
+
+	case TypeTransportSpecificFeedback:
+		switch h.Count {
+		case FormatTLN:
+			packet = new(TransportLayerNack)
+		case FormatRRR:
+			packet = new(RapidResynchronizationRequest)
+		case FormatTCC:
+			packet = new(TransportLayerCC)
+		default:
+			packet = new(RawPacket)
+		}
+
+	case TypePayloadSpecificFeedback:
+		switch h.Count {
+		case FormatPLI:
+			packet = new(PictureLossIndication)
+		case FormatSLI:
+			packet = new(SliceLossIndication)
+		case FormatREMB:
+			packet = new(ReceiverEstimatedMaximumBitrate)
+		case FormatFIR:
+			packet = new(FullIntraRequest)
+		default:
+			packet = new(RawPacket)
+		}
+
+	default:
+		packet = new(RawPacket)
+	}
+
+	err = packet.Unmarshal(inPacket)
+
+	return packet, bytesprocessed, err
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/picture_loss_indication.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/picture_loss_indication.go
new file mode 100644
index 000000000..7216ecd14
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/picture_loss_indication.go
@@ -0,0 +1,91 @@
+package rtcp
+
+import (
+	"encoding/binary"
+	"fmt"
+)
+
+// The PictureLossIndication packet informs the encoder about the loss of an undefined amount of coded video data belonging to one or more pictures
+type PictureLossIndication struct {
+	// SSRC of sender
+	SenderSSRC uint32
+
+	// SSRC where the loss was experienced
+	MediaSSRC uint32
+}
+
+var _ Packet = (*PictureLossIndication)(nil) // assert is a Packet
+
+const (
+	pliLength = 2
+)
+
+// Marshal encodes the PictureLossIndication in binary
+func (p PictureLossIndication) Marshal() ([]byte, error) {
+	/*
+	 * PLI does not require parameters.  Therefore, the length field MUST be
+	 * 2, and there MUST NOT be any Feedback Control Information.
+	 *
+	 * The semantics of this FB message is independent of the payload type.
+	 */
+	rawPacket := make([]byte, p.len())
+	packetBody := rawPacket[headerLength:]
+
+	binary.BigEndian.PutUint32(packetBody, p.SenderSSRC)
+	binary.BigEndian.PutUint32(packetBody[4:], p.MediaSSRC)
+
+	h := Header{
+		Count:  FormatPLI,
+		Type:   TypePayloadSpecificFeedback,
+		Length: pliLength,
+	}
+	hData, err := h.Marshal()
+	if err != nil {
+		return nil, err
+	}
+	copy(rawPacket, hData)
+
+	return rawPacket, nil
+}
+
+// Unmarshal decodes the PictureLossIndication from binary
+func (p *PictureLossIndication) Unmarshal(rawPacket []byte) error {
+	if len(rawPacket) < (headerLength + (ssrcLength * 2)) {
+		return errPacketTooShort
+	}
+
+	var h Header
+	if err := h.Unmarshal(rawPacket); err != nil {
+		return err
+	}
+
+	if h.Type != TypePayloadSpecificFeedback || h.Count != FormatPLI {
+		return errWrongType
+	}
+
+	p.SenderSSRC = binary.BigEndian.Uint32(rawPacket[headerLength:])
+	p.MediaSSRC = binary.BigEndian.Uint32(rawPacket[headerLength+ssrcLength:])
+	return nil
+}
+
+// Header returns the Header associated with this packet.
+func (p *PictureLossIndication) Header() Header {
+	return Header{
+		Count:  FormatPLI,
+		Type:   TypePayloadSpecificFeedback,
+		Length: pliLength,
+	}
+}
+
+func (p *PictureLossIndication) len() int {
+	return headerLength + ssrcLength*2
+}
+
+func (p *PictureLossIndication) String() string {
+	return fmt.Sprintf("PictureLossIndication %x %x", p.SenderSSRC, p.MediaSSRC)
+}
+
+// DestinationSSRC returns an array of SSRC values that this packet refers to.
+func (p *PictureLossIndication) DestinationSSRC() []uint32 {
+	return []uint32{p.MediaSSRC}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/rapid_resynchronization_request.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/rapid_resynchronization_request.go
new file mode 100644
index 000000000..5d270556b
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/rapid_resynchronization_request.go
@@ -0,0 +1,88 @@
+package rtcp
+
+import (
+	"encoding/binary"
+	"fmt"
+)
+
+// The RapidResynchronizationRequest packet informs the encoder about the loss of an undefined amount of coded video data belonging to one or more pictures
+type RapidResynchronizationRequest struct {
+	// SSRC of sender
+	SenderSSRC uint32
+
+	// SSRC of the media source
+	MediaSSRC uint32
+}
+
+var _ Packet = (*RapidResynchronizationRequest)(nil) // assert is a Packet
+
+const (
+	rrrLength       = 2
+	rrrHeaderLength = ssrcLength * 2
+	rrrMediaOffset  = 4
+)
+
+// Marshal encodes the RapidResynchronizationRequest in binary
+func (p RapidResynchronizationRequest) Marshal() ([]byte, error) {
+	/*
+	 * RRR does not require parameters.  Therefore, the length field MUST be
+	 * 2, and there MUST NOT be any Feedback Control Information.
+	 *
+	 * The semantics of this FB message is independent of the payload type.
+	 */
+	rawPacket := make([]byte, p.len())
+	packetBody := rawPacket[headerLength:]
+
+	binary.BigEndian.PutUint32(packetBody, p.SenderSSRC)
+	binary.BigEndian.PutUint32(packetBody[rrrMediaOffset:], p.MediaSSRC)
+
+	hData, err := p.Header().Marshal()
+	if err != nil {
+		return nil, err
+	}
+	copy(rawPacket, hData)
+
+	return rawPacket, nil
+}
+
+// Unmarshal decodes the RapidResynchronizationRequest from binary
+func (p *RapidResynchronizationRequest) Unmarshal(rawPacket []byte) error {
+	if len(rawPacket) < (headerLength + (ssrcLength * 2)) {
+		return errPacketTooShort
+	}
+
+	var h Header
+	if err := h.Unmarshal(rawPacket); err != nil {
+		return err
+	}
+
+	if h.Type != TypeTransportSpecificFeedback || h.Count != FormatRRR {
+		return errWrongType
+	}
+
+	p.SenderSSRC = binary.BigEndian.Uint32(rawPacket[headerLength:])
+	p.MediaSSRC = binary.BigEndian.Uint32(rawPacket[headerLength+ssrcLength:])
+	return nil
+}
+
+func (p *RapidResynchronizationRequest) len() int {
+	return headerLength + rrrHeaderLength
+}
+
+// Header returns the Header associated with this packet.
+func (p *RapidResynchronizationRequest) Header() Header {
+	return Header{
+		Count:  FormatRRR,
+		Type:   TypeTransportSpecificFeedback,
+		Length: rrrLength,
+	}
+}
+
+// DestinationSSRC returns an array of SSRC values that this packet refers to.
+func (p *RapidResynchronizationRequest) DestinationSSRC() []uint32 {
+	return []uint32{p.MediaSSRC}
+}
+
+func (p *RapidResynchronizationRequest) String() string {
+	return fmt.Sprintf("RapidResynchronizationRequest %x %x", p.SenderSSRC, p.MediaSSRC)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/raw_packet.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/raw_packet.go
new file mode 100644
index 000000000..3cb6eafd3
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/raw_packet.go
@@ -0,0 +1,44 @@
+package rtcp
+
+import "fmt"
+
+// RawPacket represents an unparsed RTCP packet. It's returned by Unmarshal when
+// a packet with an unknown type is encountered.
+type RawPacket []byte
+
+var _ Packet = (*RawPacket)(nil) // assert is a Packet
+
+// Marshal encodes the packet in binary.
+func (r RawPacket) Marshal() ([]byte, error) {
+	return r, nil
+}
+
+// Unmarshal decodes the packet from binary.
+func (r *RawPacket) Unmarshal(b []byte) error {
+	if len(b) < (headerLength) {
+		return errPacketTooShort
+	}
+	*r = b
+
+	var h Header
+	return h.Unmarshal(b)
+}
+
+// Header returns the Header associated with this packet.
+func (r RawPacket) Header() Header {
+	var h Header
+	if err := h.Unmarshal(r); err != nil {
+		return Header{}
+	}
+	return h
+}
+
+// DestinationSSRC returns an array of SSRC values that this packet refers to.
+func (r *RawPacket) DestinationSSRC() []uint32 {
+	return []uint32{}
+}
+
+func (r RawPacket) String() string {
+	out := fmt.Sprintf("RawPacket: %v", ([]byte)(r))
+	return out
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/receiver_estimated_maximum_bitrate.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/receiver_estimated_maximum_bitrate.go
new file mode 100644
index 000000000..d37f49e6f
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/receiver_estimated_maximum_bitrate.go
@@ -0,0 +1,284 @@
+package rtcp
+
+import (
+	"bytes"
+	"encoding/binary"
+	"fmt"
+	"math/bits"
+)
+
+// ReceiverEstimatedMaximumBitrate contains the receiver's estimated maximum bitrate.
+// see: https://tools.ietf.org/html/draft-alvestrand-rmcat-remb-03
+type ReceiverEstimatedMaximumBitrate struct {
+	// SSRC of sender
+	SenderSSRC uint32
+
+	// Estimated maximum bitrate
+	Bitrate uint64
+
+	// SSRC entries which this packet applies to
+	SSRCs []uint32
+}
+
+var _ Packet = (*ReceiverEstimatedMaximumBitrate)(nil) // assert is a Packet
+
+// Marshal serializes the packet and returns a byte slice.
+func (p ReceiverEstimatedMaximumBitrate) Marshal() (buf []byte, err error) {
+	// Allocate a buffer of the exact output size.
+	buf = make([]byte, p.MarshalSize())
+
+	// Write to our buffer.
+	n, err := p.MarshalTo(buf)
+	if err != nil {
+		return nil, err
+	}
+
+	// This will always be true but just to be safe.
+	if n != len(buf) {
+		return nil, errWrongMarshalSize
+	}
+
+	return buf, nil
+}
+
+// MarshalSize returns the size of the packet when marshaled.
+// This can be used in conjunction with `MarshalTo` to avoid allocations.
+func (p ReceiverEstimatedMaximumBitrate) MarshalSize() (n int) {
+	return 20 + 4*len(p.SSRCs)
+}
+
+// MarshalTo serializes the packet to the given byte slice.
+func (p ReceiverEstimatedMaximumBitrate) MarshalTo(buf []byte) (n int, err error) {
+	/*
+	    0                   1                   2                   3
+	    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+	   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	   |V=2|P| FMT=15  |   PT=206      |             length            |
+	   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	   |                  SSRC of packet sender                        |
+	   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	   |                  SSRC of media source                         |
+	   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	   |  Unique identifier 'R' 'E' 'M' 'B'                            |
+	   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	   |  Num SSRC     | BR Exp    |  BR Mantissa                      |
+	   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	   |   SSRC feedback                                               |
+	   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	   |  ...                                                          |
+	*/
+
+	size := p.MarshalSize()
+	if len(buf) < size {
+		return 0, errPacketTooShort
+	}
+
+	buf[0] = 143 // v=2, p=0, fmt=15
+	buf[1] = 206
+
+	// Length of this packet in 32-bit words minus one.
+	length := uint16((p.MarshalSize() / 4) - 1)
+	binary.BigEndian.PutUint16(buf[2:4], length)
+
+	binary.BigEndian.PutUint32(buf[4:8], p.SenderSSRC)
+	binary.BigEndian.PutUint32(buf[8:12], 0) // always zero
+
+	// ALL HAIL REMB
+	buf[12] = 'R'
+	buf[13] = 'E'
+	buf[14] = 'M'
+	buf[15] = 'B'
+
+	// Write the length of the ssrcs to follow at the end
+	buf[16] = byte(len(p.SSRCs))
+
+	// We can only encode 18 bits of information in the mantissa.
+	// The exponent lets us shift to the left up to 64 places (6-bits).
+	// We actually need a uint82 to encode the largest possible number,
+	// but uint64 should be good enough for 2.3 exabytes per second.
+
+	// So we need to truncate the bitrate and use the exponent for the shift.
+	// bitrate = mantissa * (1 << exp)
+
+	// Calculate the total shift based on the leading number of zeroes.
+	// This will be negative if there is no shift required.
+	shift := uint(64 - bits.LeadingZeros64(p.Bitrate))
+
+	var mantissa uint
+	var exp uint
+
+	if shift <= 18 {
+		// Fit everything in the mantissa because we can.
+		mantissa = uint(p.Bitrate)
+		exp = 0
+	} else {
+		// We can only use 18 bits of precision, so truncate.
+		mantissa = uint(p.Bitrate >> (shift - 18))
+		exp = shift - 18
+	}
+
+	// We can't quite use the binary package because
+	// a) it's a uint24 and b) the exponent is only 6-bits
+	// Just trust me; this is big-endian encoding.
+	buf[17] = byte((exp << 2) | (mantissa >> 16))
+	buf[18] = byte(mantissa >> 8)
+	buf[19] = byte(mantissa)
+
+	// Write the SSRCs at the very end.
+	n = 20
+	for _, ssrc := range p.SSRCs {
+		binary.BigEndian.PutUint32(buf[n:n+4], ssrc)
+		n += 4
+	}
+
+	return n, nil
+}
+
+// Unmarshal reads a REMB packet from the given byte slice.
+func (p *ReceiverEstimatedMaximumBitrate) Unmarshal(buf []byte) (err error) {
+	/*
+	    0                   1                   2                   3
+	    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+	   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	   |V=2|P| FMT=15  |   PT=206      |             length            |
+	   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	   |                  SSRC of packet sender                        |
+	   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	   |                  SSRC of media source                         |
+	   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	   |  Unique identifier 'R' 'E' 'M' 'B'                            |
+	   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	   |  Num SSRC     | BR Exp    |  BR Mantissa                      |
+	   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	   |   SSRC feedback                                               |
+	   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	   |  ...                                                          |
+	*/
+
+	// 20 bytes is the size of the packet with no SSRCs
+	if len(buf) < 20 {
+		return errPacketTooShort
+	}
+
+	// version  must be 2
+	version := buf[0] >> 6
+	if version != 2 {
+		return fmt.Errorf("%w expected(2) actual(%d)", errBadVersion, version)
+	}
+
+	// padding must be unset
+	padding := (buf[0] >> 5) & 1
+	if padding != 0 {
+		return fmt.Errorf("%w expected(0) actual(%d)", errWrongPadding, padding)
+	}
+
+	// fmt must be 15
+	fmtVal := buf[0] & 31
+	if fmtVal != 15 {
+		return fmt.Errorf("%w expected(15) actual(%d)", errWrongFeedbackType, fmtVal)
+	}
+
+	// Must be payload specific feedback
+	if buf[1] != 206 {
+		return fmt.Errorf("%w expected(206) actual(%d)", errWrongPayloadType, buf[1])
+	}
+
+	// length is the number of 32-bit words, minus 1
+	length := binary.BigEndian.Uint16(buf[2:4])
+	size := int((length + 1) * 4)
+
+	// There's not way this could be legit
+	if size < 20 {
+		return errHeaderTooSmall
+	}
+
+	// Make sure the buffer is large enough.
+	if len(buf) < size {
+		return errPacketTooShort
+	}
+
+	// The sender SSRC is 32-bits
+	p.SenderSSRC = binary.BigEndian.Uint32(buf[4:8])
+
+	// The destination SSRC must be 0
+	media := binary.BigEndian.Uint32(buf[8:12])
+	if media != 0 {
+		return errSSRCMustBeZero
+	}
+
+	// REMB rules all around me
+	if !bytes.Equal(buf[12:16], []byte{'R', 'E', 'M', 'B'}) {
+		return errMissingREMBidentifier
+	}
+
+	// The next byte is the number of SSRC entries at the end.
+	num := int(buf[16])
+
+	// Now we know the expected size, make sure they match.
+	if size != 20+4*num {
+		return errSSRCNumAndLengthMismatch
+	}
+
+	// Get the 6-bit exponent value.
+	exp := buf[17] >> 2
+
+	// The remaining 2-bits plus the next 16-bits are the mantissa.
+	mantissa := uint64(buf[17]&3)<<16 | uint64(buf[18])<<8 | uint64(buf[19])
+
+	// bitrate = mantissa * 2^exp
+
+	if exp > 46 {
+		// NOTE: We intentionally truncate values so they fit in a uint64.
+		// Otherwise we would need a uint82.
+		// This is 2.3 exabytes per second, which should be good enough.
+		p.Bitrate = ^uint64(0)
+	} else {
+		p.Bitrate = mantissa << exp
+	}
+
+	// Clear any existing SSRCs
+	p.SSRCs = nil
+
+	// Loop over and parse the SSRC entires at the end.
+	// We already verified that size == num * 4
+	for n := 20; n < size; n += 4 {
+		ssrc := binary.BigEndian.Uint32(buf[n : n+4])
+		p.SSRCs = append(p.SSRCs, ssrc)
+	}
+
+	return nil
+}
+
+// Header returns the Header associated with this packet.
+func (p *ReceiverEstimatedMaximumBitrate) Header() Header {
+	return Header{
+		Count:  FormatREMB,
+		Type:   TypePayloadSpecificFeedback,
+		Length: uint16((p.MarshalSize() / 4) - 1),
+	}
+}
+
+// String prints the REMB packet in a human-readable format.
+func (p *ReceiverEstimatedMaximumBitrate) String() string {
+	// Keep a table of powers to units for fast conversion.
+	bitUnits := []string{"b", "Kb", "Mb", "Gb", "Tb", "Pb", "Eb"}
+
+	// Do some unit conversions because b/s is far too difficult to read.
+	bitrate := float64(p.Bitrate)
+	powers := 0
+
+	// Keep dividing the bitrate until it's under 1000
+	for bitrate >= 1000.0 && powers < len(bitUnits) {
+		bitrate /= 1000.0
+		powers++
+	}
+
+	unit := bitUnits[powers]
+
+	return fmt.Sprintf("ReceiverEstimatedMaximumBitrate %x %.2f %s/s", p.SenderSSRC, bitrate, unit)
+}
+
+// DestinationSSRC returns an array of SSRC values that this packet refers to.
+func (p *ReceiverEstimatedMaximumBitrate) DestinationSSRC() []uint32 {
+	return p.SSRCs
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/receiver_report.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/receiver_report.go
new file mode 100644
index 000000000..cf28d3964
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/receiver_report.go
@@ -0,0 +1,193 @@
+package rtcp
+
+import (
+	"encoding/binary"
+	"fmt"
+)
+
+// A ReceiverReport (RR) packet provides reception quality feedback for an RTP stream
+type ReceiverReport struct {
+	// The synchronization source identifier for the originator of this RR packet.
+	SSRC uint32
+	// Zero or more reception report blocks depending on the number of other
+	// sources heard by this sender since the last report. Each reception report
+	// block conveys statistics on the reception of RTP packets from a
+	// single synchronization source.
+	Reports []ReceptionReport
+	// Extension contains additional, payload-specific information that needs to
+	// be reported regularly about the receiver.
+	ProfileExtensions []byte
+}
+
+var _ Packet = (*ReceiverReport)(nil) // assert is a Packet
+
+const (
+	ssrcLength     = 4
+	rrSSRCOffset   = headerLength
+	rrReportOffset = rrSSRCOffset + ssrcLength
+)
+
+// Marshal encodes the ReceiverReport in binary
+func (r ReceiverReport) Marshal() ([]byte, error) {
+	/*
+	 *         0                   1                   2                   3
+	 *         0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+	 *        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 * header |V=2|P|    RC   |   PT=RR=201   |             length            |
+	 *        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 *        |                     SSRC of packet sender                     |
+	 *        +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+	 * report |                 SSRC_1 (SSRC of first source)                 |
+	 * block  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 *   1    | fraction lost |       cumulative number of packets lost       |
+	 *        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 *        |           extended highest sequence number received           |
+	 *        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 *        |                      interarrival jitter                      |
+	 *        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 *        |                         last SR (LSR)                         |
+	 *        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 *        |                   delay since last SR (DLSR)                  |
+	 *        +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+	 * report |                 SSRC_2 (SSRC of second source)                |
+	 * block  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 *   2    :                               ...                             :
+	 *        +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+	 *        |                  profile-specific extensions                  |
+	 *        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 */
+
+	rawPacket := make([]byte, r.len())
+	packetBody := rawPacket[headerLength:]
+
+	binary.BigEndian.PutUint32(packetBody, r.SSRC)
+
+	for i, rp := range r.Reports {
+		data, err := rp.Marshal()
+		if err != nil {
+			return nil, err
+		}
+		offset := ssrcLength + receptionReportLength*i
+		copy(packetBody[offset:], data)
+	}
+
+	if len(r.Reports) > countMax {
+		return nil, errTooManyReports
+	}
+
+	pe := make([]byte, len(r.ProfileExtensions))
+	copy(pe, r.ProfileExtensions)
+
+	// if the length of the profile extensions isn't devisible
+	// by 4, we need to pad the end.
+	for (len(pe) & 0x3) != 0 {
+		pe = append(pe, 0)
+	}
+
+	rawPacket = append(rawPacket, pe...)
+
+	hData, err := r.Header().Marshal()
+	if err != nil {
+		return nil, err
+	}
+	copy(rawPacket, hData)
+
+	return rawPacket, nil
+}
+
+// Unmarshal decodes the ReceiverReport from binary
+func (r *ReceiverReport) Unmarshal(rawPacket []byte) error {
+	/*
+	 *         0                   1                   2                   3
+	 *         0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+	 *        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 * header |V=2|P|    RC   |   PT=RR=201   |             length            |
+	 *        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 *        |                     SSRC of packet sender                     |
+	 *        +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+	 * report |                 SSRC_1 (SSRC of first source)                 |
+	 * block  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 *   1    | fraction lost |       cumulative number of packets lost       |
+	 *        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 *        |           extended highest sequence number received           |
+	 *        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 *        |                      interarrival jitter                      |
+	 *        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 *        |                         last SR (LSR)                         |
+	 *        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 *        |                   delay since last SR (DLSR)                  |
+	 *        +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+	 * report |                 SSRC_2 (SSRC of second source)                |
+	 * block  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 *   2    :                               ...                             :
+	 *        +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+	 *        |                  profile-specific extensions                  |
+	 *        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 */
+
+	if len(rawPacket) < (headerLength + ssrcLength) {
+		return errPacketTooShort
+	}
+
+	var h Header
+	if err := h.Unmarshal(rawPacket); err != nil {
+		return err
+	}
+
+	if h.Type != TypeReceiverReport {
+		return errWrongType
+	}
+
+	r.SSRC = binary.BigEndian.Uint32(rawPacket[rrSSRCOffset:])
+
+	for i := rrReportOffset; i < len(rawPacket) && len(r.Reports) < int(h.Count); i += receptionReportLength {
+		var rr ReceptionReport
+		if err := rr.Unmarshal(rawPacket[i:]); err != nil {
+			return err
+		}
+		r.Reports = append(r.Reports, rr)
+	}
+	r.ProfileExtensions = rawPacket[rrReportOffset+(len(r.Reports)*receptionReportLength):]
+
+	if uint8(len(r.Reports)) != h.Count {
+		return errInvalidHeader
+	}
+
+	return nil
+}
+
+func (r *ReceiverReport) len() int {
+	repsLength := 0
+	for _, rep := range r.Reports {
+		repsLength += rep.len()
+	}
+	return headerLength + ssrcLength + repsLength
+}
+
+// Header returns the Header associated with this packet.
+func (r *ReceiverReport) Header() Header {
+	return Header{
+		Count:  uint8(len(r.Reports)),
+		Type:   TypeReceiverReport,
+		Length: uint16((r.len()/4)-1) + uint16(getPadding(len(r.ProfileExtensions))),
+	}
+}
+
+// DestinationSSRC returns an array of SSRC values that this packet refers to.
+func (r *ReceiverReport) DestinationSSRC() []uint32 {
+	out := make([]uint32, len(r.Reports))
+	for i, v := range r.Reports {
+		out[i] = v.SSRC
+	}
+	return out
+}
+
+func (r ReceiverReport) String() string {
+	out := fmt.Sprintf("ReceiverReport from %x\n", r.SSRC)
+	out += "\tSSRC    \tLost\tLastSequence\n"
+	for _, i := range r.Reports {
+		out += fmt.Sprintf("\t%x\t%d/%d\t%d\n", i.SSRC, i.FractionLost, i.TotalLost, i.LastSequenceNumber)
+	}
+	out += fmt.Sprintf("\tProfile Extension Data: %v\n", r.ProfileExtensions)
+	return out
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/reception_report.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/reception_report.go
new file mode 100644
index 000000000..5bff8f2b5
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/reception_report.go
@@ -0,0 +1,130 @@
+package rtcp
+
+import "encoding/binary"
+
+// A ReceptionReport block conveys statistics on the reception of RTP packets
+// from a single synchronization source.
+type ReceptionReport struct {
+	// The SSRC identifier of the source to which the information in this
+	// reception report block pertains.
+	SSRC uint32
+	// The fraction of RTP data packets from source SSRC lost since the
+	// previous SR or RR packet was sent, expressed as a fixed point
+	// number with the binary point at the left edge of the field.
+	FractionLost uint8
+	// The total number of RTP data packets from source SSRC that have
+	// been lost since the beginning of reception.
+	TotalLost uint32
+	// The low 16 bits contain the highest sequence number received in an
+	// RTP data packet from source SSRC, and the most significant 16
+	// bits extend that sequence number with the corresponding count of
+	// sequence number cycles.
+	LastSequenceNumber uint32
+	// An estimate of the statistical variance of the RTP data packet
+	// interarrival time, measured in timestamp units and expressed as an
+	// unsigned integer.
+	Jitter uint32
+	// The middle 32 bits out of 64 in the NTP timestamp received as part of
+	// the most recent RTCP sender report (SR) packet from source SSRC. If no
+	// SR has been received yet, the field is set to zero.
+	LastSenderReport uint32
+	// The delay, expressed in units of 1/65536 seconds, between receiving the
+	// last SR packet from source SSRC and sending this reception report block.
+	// If no SR packet has been received yet from SSRC, the field is set to zero.
+	Delay uint32
+}
+
+const (
+	receptionReportLength = 24
+	fractionLostOffset    = 4
+	totalLostOffset       = 5
+	lastSeqOffset         = 8
+	jitterOffset          = 12
+	lastSROffset          = 16
+	delayOffset           = 20
+)
+
+// Marshal encodes the ReceptionReport in binary
+func (r ReceptionReport) Marshal() ([]byte, error) {
+	/*
+	 *  0                   1                   2                   3
+	 *  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+	 * +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+	 * |                              SSRC                             |
+	 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 * | fraction lost |       cumulative number of packets lost       |
+	 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 * |           extended highest sequence number received           |
+	 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 * |                      interarrival jitter                      |
+	 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 * |                         last SR (LSR)                         |
+	 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 * |                   delay since last SR (DLSR)                  |
+	 * +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+	 */
+
+	rawPacket := make([]byte, receptionReportLength)
+
+	binary.BigEndian.PutUint32(rawPacket, r.SSRC)
+
+	rawPacket[fractionLostOffset] = r.FractionLost
+
+	// pack TotalLost into 24 bits
+	if r.TotalLost >= (1 << 25) {
+		return nil, errInvalidTotalLost
+	}
+	tlBytes := rawPacket[totalLostOffset:]
+	tlBytes[0] = byte(r.TotalLost >> 16)
+	tlBytes[1] = byte(r.TotalLost >> 8)
+	tlBytes[2] = byte(r.TotalLost)
+
+	binary.BigEndian.PutUint32(rawPacket[lastSeqOffset:], r.LastSequenceNumber)
+	binary.BigEndian.PutUint32(rawPacket[jitterOffset:], r.Jitter)
+	binary.BigEndian.PutUint32(rawPacket[lastSROffset:], r.LastSenderReport)
+	binary.BigEndian.PutUint32(rawPacket[delayOffset:], r.Delay)
+
+	return rawPacket, nil
+}
+
+// Unmarshal decodes the ReceptionReport from binary
+func (r *ReceptionReport) Unmarshal(rawPacket []byte) error {
+	if len(rawPacket) < receptionReportLength {
+		return errPacketTooShort
+	}
+
+	/*
+	 *  0                   1                   2                   3
+	 *  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+	 * +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+	 * |                              SSRC                             |
+	 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 * | fraction lost |       cumulative number of packets lost       |
+	 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 * |           extended highest sequence number received           |
+	 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 * |                      interarrival jitter                      |
+	 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 * |                         last SR (LSR)                         |
+	 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 * |                   delay since last SR (DLSR)                  |
+	 * +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+	 */
+
+	r.SSRC = binary.BigEndian.Uint32(rawPacket)
+	r.FractionLost = rawPacket[fractionLostOffset]
+
+	tlBytes := rawPacket[totalLostOffset:]
+	r.TotalLost = uint32(tlBytes[2]) | uint32(tlBytes[1])<<8 | uint32(tlBytes[0])<<16
+
+	r.LastSequenceNumber = binary.BigEndian.Uint32(rawPacket[lastSeqOffset:])
+	r.Jitter = binary.BigEndian.Uint32(rawPacket[jitterOffset:])
+	r.LastSenderReport = binary.BigEndian.Uint32(rawPacket[lastSROffset:])
+	r.Delay = binary.BigEndian.Uint32(rawPacket[delayOffset:])
+
+	return nil
+}
+
+func (r *ReceptionReport) len() int {
+	return receptionReportLength
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/renovate.json b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/renovate.json
new file mode 100644
index 000000000..4400fd9b2
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/renovate.json
@@ -0,0 +1,15 @@
+{
+  "extends": [
+    "config:base"
+  ],
+  "postUpdateOptions": [
+    "gomodTidy"
+  ],
+  "commitBody": "Generated by renovateBot",
+  "packageRules": [
+    {
+      "packagePatterns": ["^golang.org/x/"],
+      "schedule": ["on the first day of the month"]
+    }
+  ]
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/sender_report.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/sender_report.go
new file mode 100644
index 000000000..1b163807a
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/sender_report.go
@@ -0,0 +1,260 @@
+package rtcp
+
+import (
+	"encoding/binary"
+	"fmt"
+)
+
+// A SenderReport (SR) packet provides reception quality feedback for an RTP stream
+type SenderReport struct {
+	// The synchronization source identifier for the originator of this SR packet.
+	SSRC uint32
+	// The wallclock time when this report was sent so that it may be used in
+	// combination with timestamps returned in reception reports from other
+	// receivers to measure round-trip propagation to those receivers.
+	NTPTime uint64
+	// Corresponds to the same time as the NTP timestamp (above), but in
+	// the same units and with the same random offset as the RTP
+	// timestamps in data packets. This correspondence may be used for
+	// intra- and inter-media synchronization for sources whose NTP
+	// timestamps are synchronized, and may be used by media-independent
+	// receivers to estimate the nominal RTP clock frequency.
+	RTPTime uint32
+	// The total number of RTP data packets transmitted by the sender
+	// since starting transmission up until the time this SR packet was
+	// generated.
+	PacketCount uint32
+	// The total number of payload octets (i.e., not including header or
+	// padding) transmitted in RTP data packets by the sender since
+	// starting transmission up until the time this SR packet was
+	// generated.
+	OctetCount uint32
+	// Zero or more reception report blocks depending on the number of other
+	// sources heard by this sender since the last report. Each reception report
+	// block conveys statistics on the reception of RTP packets from a
+	// single synchronization source.
+	Reports []ReceptionReport
+	// ProfileExtensions contains additional, payload-specific information that needs to
+	// be reported regularly about the sender.
+	ProfileExtensions []byte
+}
+
+var _ Packet = (*SenderReport)(nil) // assert is a Packet
+
+const (
+	srHeaderLength      = 24
+	srSSRCOffset        = 0
+	srNTPOffset         = srSSRCOffset + ssrcLength
+	ntpTimeLength       = 8
+	srRTPOffset         = srNTPOffset + ntpTimeLength
+	rtpTimeLength       = 4
+	srPacketCountOffset = srRTPOffset + rtpTimeLength
+	srPacketCountLength = 4
+	srOctetCountOffset  = srPacketCountOffset + srPacketCountLength
+	srOctetCountLength  = 4
+	srReportOffset      = srOctetCountOffset + srOctetCountLength
+)
+
+// Marshal encodes the SenderReport in binary
+func (r SenderReport) Marshal() ([]byte, error) {
+	/*
+	 *         0                   1                   2                   3
+	 *         0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+	 *        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 * header |V=2|P|    RC   |   PT=SR=200   |             length            |
+	 *        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 *        |                         SSRC of sender                        |
+	 *        +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+	 * sender |              NTP timestamp, most significant word             |
+	 * info   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 *        |             NTP timestamp, least significant word             |
+	 *        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 *        |                         RTP timestamp                         |
+	 *        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 *        |                     sender's packet count                     |
+	 *        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 *        |                      sender's octet count                     |
+	 *        +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+	 * report |                 SSRC_1 (SSRC of first source)                 |
+	 * block  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 *   1    | fraction lost |       cumulative number of packets lost       |
+	 *        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 *        |           extended highest sequence number received           |
+	 *        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 *        |                      interarrival jitter                      |
+	 *        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 *        |                         last SR (LSR)                         |
+	 *        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 *        |                   delay since last SR (DLSR)                  |
+	 *        +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+	 * report |                 SSRC_2 (SSRC of second source)                |
+	 * block  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 *   2    :                               ...                             :
+	 *        +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+	 *        |                  profile-specific extensions                  |
+	 *        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 */
+
+	rawPacket := make([]byte, r.len())
+	packetBody := rawPacket[headerLength:]
+
+	binary.BigEndian.PutUint32(packetBody[srSSRCOffset:], r.SSRC)
+	binary.BigEndian.PutUint64(packetBody[srNTPOffset:], r.NTPTime)
+	binary.BigEndian.PutUint32(packetBody[srRTPOffset:], r.RTPTime)
+	binary.BigEndian.PutUint32(packetBody[srPacketCountOffset:], r.PacketCount)
+	binary.BigEndian.PutUint32(packetBody[srOctetCountOffset:], r.OctetCount)
+
+	offset := srHeaderLength
+	for _, rp := range r.Reports {
+		data, err := rp.Marshal()
+		if err != nil {
+			return nil, err
+		}
+		copy(packetBody[offset:], data)
+		offset += receptionReportLength
+	}
+
+	if len(r.Reports) > countMax {
+		return nil, errTooManyReports
+	}
+
+	copy(packetBody[offset:], r.ProfileExtensions)
+
+	hData, err := r.Header().Marshal()
+	if err != nil {
+		return nil, err
+	}
+	copy(rawPacket, hData)
+
+	return rawPacket, nil
+}
+
+// Unmarshal decodes the SenderReport from binary
+func (r *SenderReport) Unmarshal(rawPacket []byte) error {
+	/*
+	 *         0                   1                   2                   3
+	 *         0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+	 *        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 * header |V=2|P|    RC   |   PT=SR=200   |             length            |
+	 *        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 *        |                         SSRC of sender                        |
+	 *        +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+	 * sender |              NTP timestamp, most significant word             |
+	 * info   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 *        |             NTP timestamp, least significant word             |
+	 *        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 *        |                         RTP timestamp                         |
+	 *        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 *        |                     sender's packet count                     |
+	 *        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 *        |                      sender's octet count                     |
+	 *        +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+	 * report |                 SSRC_1 (SSRC of first source)                 |
+	 * block  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 *   1    | fraction lost |       cumulative number of packets lost       |
+	 *        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 *        |           extended highest sequence number received           |
+	 *        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 *        |                      interarrival jitter                      |
+	 *        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 *        |                         last SR (LSR)                         |
+	 *        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 *        |                   delay since last SR (DLSR)                  |
+	 *        +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+	 * report |                 SSRC_2 (SSRC of second source)                |
+	 * block  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 *   2    :                               ...                             :
+	 *        +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+	 *        |                  profile-specific extensions                  |
+	 *        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 */
+
+	if len(rawPacket) < (headerLength + srHeaderLength) {
+		return errPacketTooShort
+	}
+
+	var h Header
+	if err := h.Unmarshal(rawPacket); err != nil {
+		return err
+	}
+
+	if h.Type != TypeSenderReport {
+		return errWrongType
+	}
+
+	packetBody := rawPacket[headerLength:]
+
+	r.SSRC = binary.BigEndian.Uint32(packetBody[srSSRCOffset:])
+	r.NTPTime = binary.BigEndian.Uint64(packetBody[srNTPOffset:])
+	r.RTPTime = binary.BigEndian.Uint32(packetBody[srRTPOffset:])
+	r.PacketCount = binary.BigEndian.Uint32(packetBody[srPacketCountOffset:])
+	r.OctetCount = binary.BigEndian.Uint32(packetBody[srOctetCountOffset:])
+
+	offset := srReportOffset
+	for i := 0; i < int(h.Count); i++ {
+		rrEnd := offset + receptionReportLength
+		if rrEnd > len(packetBody) {
+			return errPacketTooShort
+		}
+		rrBody := packetBody[offset : offset+receptionReportLength]
+		offset = rrEnd
+
+		var rr ReceptionReport
+		if err := rr.Unmarshal(rrBody); err != nil {
+			return err
+		}
+		r.Reports = append(r.Reports, rr)
+	}
+
+	if offset < len(packetBody) {
+		r.ProfileExtensions = packetBody[offset:]
+	}
+
+	if uint8(len(r.Reports)) != h.Count {
+		return errInvalidHeader
+	}
+
+	return nil
+}
+
+// DestinationSSRC returns an array of SSRC values that this packet refers to.
+func (r *SenderReport) DestinationSSRC() []uint32 {
+	out := make([]uint32, len(r.Reports)+1)
+	for i, v := range r.Reports {
+		out[i] = v.SSRC
+	}
+	out[len(r.Reports)] = r.SSRC
+	return out
+}
+
+func (r *SenderReport) len() int {
+	repsLength := 0
+	for _, rep := range r.Reports {
+		repsLength += rep.len()
+	}
+	return headerLength + srHeaderLength + repsLength + len(r.ProfileExtensions)
+}
+
+// Header returns the Header associated with this packet.
+func (r *SenderReport) Header() Header {
+	return Header{
+		Count:  uint8(len(r.Reports)),
+		Type:   TypeSenderReport,
+		Length: uint16((r.len() / 4) - 1),
+	}
+}
+
+func (r SenderReport) String() string {
+	out := fmt.Sprintf("SenderReport from %x\n", r.SSRC)
+	out += fmt.Sprintf("\tNTPTime:\t%d\n", r.NTPTime)
+	out += fmt.Sprintf("\tRTPTIme:\t%d\n", r.RTPTime)
+	out += fmt.Sprintf("\tPacketCount:\t%d\n", r.PacketCount)
+	out += fmt.Sprintf("\tOctetCount:\t%d\n", r.OctetCount)
+
+	out += "\tSSRC    \tLost\tLastSequence\n"
+	for _, i := range r.Reports {
+		out += fmt.Sprintf("\t%x\t%d/%d\t%d\n", i.SSRC, i.FractionLost, i.TotalLost, i.LastSequenceNumber)
+	}
+	out += fmt.Sprintf("\tProfile Extension Data: %v\n", r.ProfileExtensions)
+	return out
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/slice_loss_indication.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/slice_loss_indication.go
new file mode 100644
index 000000000..76893092d
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/slice_loss_indication.go
@@ -0,0 +1,115 @@
+package rtcp
+
+import (
+	"encoding/binary"
+	"fmt"
+	"math"
+)
+
+// SLIEntry represents a single entry to the SLI packet's
+// list of lost slices.
+type SLIEntry struct {
+	// ID of first lost slice
+	First uint16
+
+	// Number of lost slices
+	Number uint16
+
+	// ID of related picture
+	Picture uint8
+}
+
+// The SliceLossIndication packet informs the encoder about the loss of a picture slice
+type SliceLossIndication struct {
+	// SSRC of sender
+	SenderSSRC uint32
+
+	// SSRC of the media source
+	MediaSSRC uint32
+
+	SLI []SLIEntry
+}
+
+var _ Packet = (*SliceLossIndication)(nil) // assert is a Packet
+
+const (
+	sliLength = 2
+	sliOffset = 8
+)
+
+// Marshal encodes the SliceLossIndication in binary
+func (p SliceLossIndication) Marshal() ([]byte, error) {
+	if len(p.SLI)+sliLength > math.MaxUint8 {
+		return nil, errTooManyReports
+	}
+
+	rawPacket := make([]byte, sliOffset+(len(p.SLI)*4))
+	binary.BigEndian.PutUint32(rawPacket, p.SenderSSRC)
+	binary.BigEndian.PutUint32(rawPacket[4:], p.MediaSSRC)
+	for i, s := range p.SLI {
+		sli := ((uint32(s.First) & 0x1FFF) << 19) |
+			((uint32(s.Number) & 0x1FFF) << 6) |
+			(uint32(s.Picture) & 0x3F)
+		binary.BigEndian.PutUint32(rawPacket[sliOffset+(4*i):], sli)
+	}
+	hData, err := p.Header().Marshal()
+	if err != nil {
+		return nil, err
+	}
+
+	return append(hData, rawPacket...), nil
+}
+
+// Unmarshal decodes the SliceLossIndication from binary
+func (p *SliceLossIndication) Unmarshal(rawPacket []byte) error {
+	if len(rawPacket) < (headerLength + ssrcLength) {
+		return errPacketTooShort
+	}
+
+	var h Header
+	if err := h.Unmarshal(rawPacket); err != nil {
+		return err
+	}
+
+	if len(rawPacket) < (headerLength + int(4*h.Length)) {
+		return errPacketTooShort
+	}
+
+	if h.Type != TypeTransportSpecificFeedback || h.Count != FormatSLI {
+		return errWrongType
+	}
+
+	p.SenderSSRC = binary.BigEndian.Uint32(rawPacket[headerLength:])
+	p.MediaSSRC = binary.BigEndian.Uint32(rawPacket[headerLength+ssrcLength:])
+	for i := headerLength + sliOffset; i < (headerLength + int(h.Length*4)); i += 4 {
+		sli := binary.BigEndian.Uint32(rawPacket[i:])
+		p.SLI = append(p.SLI, SLIEntry{
+			First:   uint16((sli >> 19) & 0x1FFF),
+			Number:  uint16((sli >> 6) & 0x1FFF),
+			Picture: uint8(sli & 0x3F),
+		})
+	}
+	return nil
+}
+
+func (p *SliceLossIndication) len() int {
+	return headerLength + sliOffset + (len(p.SLI) * 4)
+}
+
+// Header returns the Header associated with this packet.
+func (p *SliceLossIndication) Header() Header {
+	return Header{
+		Count:  FormatSLI,
+		Type:   TypeTransportSpecificFeedback,
+		Length: uint16((p.len() / 4) - 1),
+	}
+}
+
+func (p *SliceLossIndication) String() string {
+	return fmt.Sprintf("SliceLossIndication %x %x %+v", p.SenderSSRC, p.MediaSSRC, p.SLI)
+}
+
+// DestinationSSRC returns an array of SSRC values that this packet refers to.
+func (p *SliceLossIndication) DestinationSSRC() []uint32 {
+	return []uint32{p.MediaSSRC}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/source_description.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/source_description.go
new file mode 100644
index 000000000..4306b66b4
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/source_description.go
@@ -0,0 +1,352 @@
+package rtcp
+
+import (
+	"encoding/binary"
+	"fmt"
+)
+
+// SDESType is the item type used in the RTCP SDES control packet.
+type SDESType uint8
+
+// RTP SDES item types registered with IANA. See: https://www.iana.org/assignments/rtp-parameters/rtp-parameters.xhtml#rtp-parameters-5
+const (
+	SDESEnd      SDESType = iota // end of SDES list                RFC 3550, 6.5
+	SDESCNAME                    // canonical name                  RFC 3550, 6.5.1
+	SDESName                     // user name                       RFC 3550, 6.5.2
+	SDESEmail                    // user's electronic mail address  RFC 3550, 6.5.3
+	SDESPhone                    // user's phone number             RFC 3550, 6.5.4
+	SDESLocation                 // geographic user location        RFC 3550, 6.5.5
+	SDESTool                     // name of application or tool     RFC 3550, 6.5.6
+	SDESNote                     // notice about the source         RFC 3550, 6.5.7
+	SDESPrivate                  // private extensions              RFC 3550, 6.5.8  (not implemented)
+)
+
+func (s SDESType) String() string {
+	switch s {
+	case SDESEnd:
+		return "END"
+	case SDESCNAME:
+		return "CNAME"
+	case SDESName:
+		return "NAME"
+	case SDESEmail:
+		return "EMAIL"
+	case SDESPhone:
+		return "PHONE"
+	case SDESLocation:
+		return "LOC"
+	case SDESTool:
+		return "TOOL"
+	case SDESNote:
+		return "NOTE"
+	case SDESPrivate:
+		return "PRIV"
+	default:
+		return string(s)
+	}
+}
+
+const (
+	sdesSourceLen        = 4
+	sdesTypeLen          = 1
+	sdesTypeOffset       = 0
+	sdesOctetCountLen    = 1
+	sdesOctetCountOffset = 1
+	sdesMaxOctetCount    = (1 << 8) - 1
+	sdesTextOffset       = 2
+)
+
+// A SourceDescription (SDES) packet describes the sources in an RTP stream.
+type SourceDescription struct {
+	Chunks []SourceDescriptionChunk
+}
+
+var _ Packet = (*SourceDescription)(nil) // assert is a Packet
+
+// Marshal encodes the SourceDescription in binary
+func (s SourceDescription) Marshal() ([]byte, error) {
+	/*
+	 *         0                   1                   2                   3
+	 *         0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+	 *        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 * header |V=2|P|    SC   |  PT=SDES=202  |             length            |
+	 *        +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+	 * chunk  |                          SSRC/CSRC_1                          |
+	 *   1    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 *        |                           SDES items                          |
+	 *        |                              ...                              |
+	 *        +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+	 * chunk  |                          SSRC/CSRC_2                          |
+	 *   2    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 *        |                           SDES items                          |
+	 *        |                              ...                              |
+	 *        +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+	 */
+
+	rawPacket := make([]byte, s.len())
+	packetBody := rawPacket[headerLength:]
+
+	chunkOffset := 0
+	for _, c := range s.Chunks {
+		data, err := c.Marshal()
+		if err != nil {
+			return nil, err
+		}
+		copy(packetBody[chunkOffset:], data)
+		chunkOffset += len(data)
+	}
+
+	if len(s.Chunks) > countMax {
+		return nil, errTooManyChunks
+	}
+
+	hData, err := s.Header().Marshal()
+	if err != nil {
+		return nil, err
+	}
+	copy(rawPacket, hData)
+
+	return rawPacket, nil
+}
+
+// Unmarshal decodes the SourceDescription from binary
+func (s *SourceDescription) Unmarshal(rawPacket []byte) error {
+	/*
+	 *         0                   1                   2                   3
+	 *         0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+	 *        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 * header |V=2|P|    SC   |  PT=SDES=202  |             length            |
+	 *        +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+	 * chunk  |                          SSRC/CSRC_1                          |
+	 *   1    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 *        |                           SDES items                          |
+	 *        |                              ...                              |
+	 *        +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+	 * chunk  |                          SSRC/CSRC_2                          |
+	 *   2    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 *        |                           SDES items                          |
+	 *        |                              ...                              |
+	 *        +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+	 */
+
+	var h Header
+	if err := h.Unmarshal(rawPacket); err != nil {
+		return err
+	}
+
+	if h.Type != TypeSourceDescription {
+		return errWrongType
+	}
+
+	for i := headerLength; i < len(rawPacket); {
+		var chunk SourceDescriptionChunk
+		if err := chunk.Unmarshal(rawPacket[i:]); err != nil {
+			return err
+		}
+		s.Chunks = append(s.Chunks, chunk)
+
+		i += chunk.len()
+	}
+
+	if len(s.Chunks) != int(h.Count) {
+		return errInvalidHeader
+	}
+
+	return nil
+}
+
+func (s *SourceDescription) len() int {
+	chunksLength := 0
+	for _, c := range s.Chunks {
+		chunksLength += c.len()
+	}
+	return headerLength + chunksLength
+}
+
+// Header returns the Header associated with this packet.
+func (s *SourceDescription) Header() Header {
+	return Header{
+		Count:  uint8(len(s.Chunks)),
+		Type:   TypeSourceDescription,
+		Length: uint16((s.len() / 4) - 1),
+	}
+}
+
+// A SourceDescriptionChunk contains items describing a single RTP source
+type SourceDescriptionChunk struct {
+	// The source (ssrc) or contributing source (csrc) identifier this packet describes
+	Source uint32
+	Items  []SourceDescriptionItem
+}
+
+// Marshal encodes the SourceDescriptionChunk in binary
+func (s SourceDescriptionChunk) Marshal() ([]byte, error) {
+	/*
+	 *  +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+	 *  |                          SSRC/CSRC_1                          |
+	 *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 *  |                           SDES items                          |
+	 *  |                              ...                              |
+	 *  +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+	 */
+
+	rawPacket := make([]byte, sdesSourceLen)
+	binary.BigEndian.PutUint32(rawPacket, s.Source)
+
+	for _, it := range s.Items {
+		data, err := it.Marshal()
+		if err != nil {
+			return nil, err
+		}
+		rawPacket = append(rawPacket, data...)
+	}
+
+	// The list of items in each chunk MUST be terminated by one or more null octets
+	rawPacket = append(rawPacket, uint8(SDESEnd))
+
+	// additional null octets MUST be included if needed to pad until the next 32-bit boundary
+	rawPacket = append(rawPacket, make([]byte, getPadding(len(rawPacket)))...)
+
+	return rawPacket, nil
+}
+
+// Unmarshal decodes the SourceDescriptionChunk from binary
+func (s *SourceDescriptionChunk) Unmarshal(rawPacket []byte) error {
+	/*
+	 *  +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+	 *  |                          SSRC/CSRC_1                          |
+	 *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 *  |                           SDES items                          |
+	 *  |                              ...                              |
+	 *  +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+	 */
+
+	if len(rawPacket) < (sdesSourceLen + sdesTypeLen) {
+		return errPacketTooShort
+	}
+
+	s.Source = binary.BigEndian.Uint32(rawPacket)
+
+	for i := 4; i < len(rawPacket); {
+		if pktType := SDESType(rawPacket[i]); pktType == SDESEnd {
+			return nil
+		}
+
+		var it SourceDescriptionItem
+		if err := it.Unmarshal(rawPacket[i:]); err != nil {
+			return err
+		}
+		s.Items = append(s.Items, it)
+		i += it.len()
+	}
+
+	return errPacketTooShort
+}
+
+func (s SourceDescriptionChunk) len() int {
+	len := sdesSourceLen
+	for _, it := range s.Items {
+		len += it.len()
+	}
+	len += sdesTypeLen // for terminating null octet
+
+	// align to 32-bit boundary
+	len += getPadding(len)
+
+	return len
+}
+
+// A SourceDescriptionItem is a part of a SourceDescription that describes a stream.
+type SourceDescriptionItem struct {
+	// The type identifier for this item. eg, SDESCNAME for canonical name description.
+	//
+	// Type zero or SDESEnd is interpreted as the end of an item list and cannot be used.
+	Type SDESType
+	// Text is a unicode text blob associated with the item. Its meaning varies based on the item's Type.
+	Text string
+}
+
+func (s SourceDescriptionItem) len() int {
+	/*
+	 *   0                   1                   2                   3
+	 *   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+	 *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 *  |    CNAME=1    |     length    | user and domain name        ...
+	 *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 */
+	return sdesTypeLen + sdesOctetCountLen + len([]byte(s.Text))
+}
+
+// Marshal encodes the SourceDescriptionItem in binary
+func (s SourceDescriptionItem) Marshal() ([]byte, error) {
+	/*
+	 *   0                   1                   2                   3
+	 *   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+	 *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 *  |    CNAME=1    |     length    | user and domain name        ...
+	 *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 */
+
+	if s.Type == SDESEnd {
+		return nil, errSDESMissingType
+	}
+
+	rawPacket := make([]byte, sdesTypeLen+sdesOctetCountLen)
+
+	rawPacket[sdesTypeOffset] = uint8(s.Type)
+
+	txtBytes := []byte(s.Text)
+	octetCount := len(txtBytes)
+	if octetCount > sdesMaxOctetCount {
+		return nil, errSDESTextTooLong
+	}
+	rawPacket[sdesOctetCountOffset] = uint8(octetCount)
+
+	rawPacket = append(rawPacket, txtBytes...)
+
+	return rawPacket, nil
+}
+
+// Unmarshal decodes the SourceDescriptionItem from binary
+func (s *SourceDescriptionItem) Unmarshal(rawPacket []byte) error {
+	/*
+	 *   0                   1                   2                   3
+	 *   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+	 *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 *  |    CNAME=1    |     length    | user and domain name        ...
+	 *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 */
+
+	if len(rawPacket) < (sdesTypeLen + sdesOctetCountLen) {
+		return errPacketTooShort
+	}
+
+	s.Type = SDESType(rawPacket[sdesTypeOffset])
+
+	octetCount := int(rawPacket[sdesOctetCountOffset])
+	if sdesTextOffset+octetCount > len(rawPacket) {
+		return errPacketTooShort
+	}
+
+	txtBytes := rawPacket[sdesTextOffset : sdesTextOffset+octetCount]
+	s.Text = string(txtBytes)
+
+	return nil
+}
+
+// DestinationSSRC returns an array of SSRC values that this packet refers to.
+func (s *SourceDescription) DestinationSSRC() []uint32 {
+	out := make([]uint32, len(s.Chunks))
+	for i, v := range s.Chunks {
+		out[i] = v.Source
+	}
+	return out
+}
+
+func (s *SourceDescription) String() string {
+	out := "Source Description:\n"
+	for _, c := range s.Chunks {
+		out += fmt.Sprintf("\t%x: %s\n", c.Source, c.Items)
+	}
+	return out
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/transport_layer_cc.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/transport_layer_cc.go
new file mode 100644
index 000000000..960658189
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/transport_layer_cc.go
@@ -0,0 +1,560 @@
+package rtcp
+
+// Author: adwpc
+
+import (
+	"encoding/binary"
+	"errors"
+	"fmt"
+	"math"
+)
+
+// https://tools.ietf.org/html/draft-holmer-rmcat-transport-wide-cc-extensions-01#page-5
+// 0                   1                   2                   3
+// 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+// |V=2|P|  FMT=15 |    PT=205     |           length              |
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+// |                     SSRC of packet sender                     |
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+// |                      SSRC of media source                     |
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+// |      base sequence number     |      packet status count      |
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+// |                 reference time                | fb pkt. count |
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+// |          packet chunk         |         packet chunk          |
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+// .                                                               .
+// .                                                               .
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+// |         packet chunk          |  recv delta   |  recv delta   |
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+// .                                                               .
+// .                                                               .
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+// |           recv delta          |  recv delta   | zero padding  |
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+// for packet status chunk
+const (
+	// type of packet status chunk
+	TypeTCCRunLengthChunk    = 0
+	TypeTCCStatusVectorChunk = 1
+
+	// len of packet status chunk
+	packetStatusChunkLength = 2
+)
+
+// type of packet status symbol and recv delta
+const (
+	// https://tools.ietf.org/html/draft-holmer-rmcat-transport-wide-cc-extensions-01#section-3.1.1
+	TypeTCCPacketNotReceived = uint16(iota)
+	TypeTCCPacketReceivedSmallDelta
+	TypeTCCPacketReceivedLargeDelta
+	// https://tools.ietf.org/html/draft-holmer-rmcat-transport-wide-cc-extensions-01#page-7
+	// see Example 2: "packet received, w/o recv delta"
+	TypeTCCPacketReceivedWithoutDelta
+)
+
+// for status vector chunk
+const (
+	// https://tools.ietf.org/html/draft-holmer-rmcat-transport-wide-cc-extensions-01#section-3.1.4
+	TypeTCCSymbolSizeOneBit = 0
+	TypeTCCSymbolSizeTwoBit = 1
+
+	// Notice: RFC is wrong: "packet received" (0) and "packet not received" (1)
+	// if S == TypeTCCSymbolSizeOneBit, symbol list will be: TypeTCCPacketNotReceived TypeTCCPacketReceivedSmallDelta
+	// if S == TypeTCCSymbolSizeTwoBit, symbol list will be same as above:
+)
+
+func numOfBitsOfSymbolSize() map[uint16]uint16 {
+	return map[uint16]uint16{
+		TypeTCCSymbolSizeOneBit: 1,
+		TypeTCCSymbolSizeTwoBit: 2,
+	}
+}
+
+var _ Packet = (*TransportLayerCC)(nil) // assert is a Packet
+
+var (
+	errPacketStatusChunkLength = errors.New("packet status chunk must be 2 bytes")
+	errDeltaExceedLimit        = errors.New("delta exceed limit")
+)
+
+// PacketStatusChunk has two kinds:
+// RunLengthChunk and StatusVectorChunk
+type PacketStatusChunk interface {
+	Marshal() ([]byte, error)
+	Unmarshal(rawPacket []byte) error
+}
+
+// RunLengthChunk T=TypeTCCRunLengthChunk
+// 0                   1
+// 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+// |T| S |       Run Length        |
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+type RunLengthChunk struct {
+	PacketStatusChunk
+
+	// T = TypeTCCRunLengthChunk
+	Type uint16
+
+	// S: type of packet status
+	// kind: TypeTCCPacketNotReceived or...
+	PacketStatusSymbol uint16
+
+	// RunLength: count of S
+	RunLength uint16
+}
+
+// Marshal ..
+func (r RunLengthChunk) Marshal() ([]byte, error) {
+	chunk := make([]byte, 2)
+
+	// append 1 bit '0'
+	dst, err := setNBitsOfUint16(0, 1, 0, 0)
+	if err != nil {
+		return nil, err
+	}
+
+	// append 2 bit PacketStatusSymbol
+	dst, err = setNBitsOfUint16(dst, 2, 1, r.PacketStatusSymbol)
+	if err != nil {
+		return nil, err
+	}
+
+	// append 13 bit RunLength
+	dst, err = setNBitsOfUint16(dst, 13, 3, r.RunLength)
+	if err != nil {
+		return nil, err
+	}
+
+	binary.BigEndian.PutUint16(chunk, dst)
+	return chunk, nil
+}
+
+// Unmarshal ..
+func (r *RunLengthChunk) Unmarshal(rawPacket []byte) error {
+	if len(rawPacket) != packetStatusChunkLength {
+		return errPacketStatusChunkLength
+	}
+
+	// record type
+	r.Type = TypeTCCRunLengthChunk
+
+	// get PacketStatusSymbol
+	// r.PacketStatusSymbol = uint16(rawPacket[0] >> 5 & 0x03)
+	r.PacketStatusSymbol = getNBitsFromByte(rawPacket[0], 1, 2)
+
+	// get RunLength
+	// r.RunLength = uint16(rawPacket[0]&0x1F)*256 + uint16(rawPacket[1])
+	r.RunLength = getNBitsFromByte(rawPacket[0], 3, 5)<<8 + uint16(rawPacket[1])
+	return nil
+}
+
+// StatusVectorChunk T=typeStatusVecotrChunk
+// 0                   1
+// 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+// |T|S|       symbol list         |
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+type StatusVectorChunk struct {
+	PacketStatusChunk
+	// T = TypeTCCRunLengthChunk
+	Type uint16
+
+	// TypeTCCSymbolSizeOneBit or TypeTCCSymbolSizeTwoBit
+	SymbolSize uint16
+
+	// when SymbolSize = TypeTCCSymbolSizeOneBit, SymbolList is 14*1bit:
+	// TypeTCCSymbolListPacketReceived or TypeTCCSymbolListPacketNotReceived
+	// when SymbolSize = TypeTCCSymbolSizeTwoBit, SymbolList is 7*2bit:
+	// TypeTCCPacketNotReceived TypeTCCPacketReceivedSmallDelta TypeTCCPacketReceivedLargeDelta or typePacketReserved
+	SymbolList []uint16
+}
+
+// Marshal ..
+func (r StatusVectorChunk) Marshal() ([]byte, error) {
+	chunk := make([]byte, 2)
+
+	// set first bit '1'
+	dst, err := setNBitsOfUint16(0, 1, 0, 1)
+	if err != nil {
+		return nil, err
+	}
+
+	// set second bit SymbolSize
+	dst, err = setNBitsOfUint16(dst, 1, 1, r.SymbolSize)
+	if err != nil {
+		return nil, err
+	}
+
+	numOfBits := numOfBitsOfSymbolSize()[r.SymbolSize]
+	// append 14 bit SymbolList
+	for i, s := range r.SymbolList {
+		index := numOfBits*uint16(i) + 2
+		dst, err = setNBitsOfUint16(dst, numOfBits, index, s)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	binary.BigEndian.PutUint16(chunk, dst)
+	// set SymbolList(bit8-15)
+	// chunk[1] = uint8(r.SymbolList) & 0x0f
+	return chunk, nil
+}
+
+// Unmarshal ..
+func (r *StatusVectorChunk) Unmarshal(rawPacket []byte) error {
+	if len(rawPacket) != packetStatusChunkLength {
+		return errPacketStatusChunkLength
+	}
+
+	r.Type = TypeTCCStatusVectorChunk
+	r.SymbolSize = getNBitsFromByte(rawPacket[0], 1, 1)
+
+	if r.SymbolSize == TypeTCCSymbolSizeOneBit {
+		for i := uint16(0); i < 6; i++ {
+			r.SymbolList = append(r.SymbolList, getNBitsFromByte(rawPacket[0], 2+i, 1))
+		}
+		for i := uint16(0); i < 8; i++ {
+			r.SymbolList = append(r.SymbolList, getNBitsFromByte(rawPacket[1], i, 1))
+		}
+		return nil
+	}
+	if r.SymbolSize == TypeTCCSymbolSizeTwoBit {
+		for i := uint16(0); i < 3; i++ {
+			r.SymbolList = append(r.SymbolList, getNBitsFromByte(rawPacket[0], 2+i*2, 2))
+		}
+		for i := uint16(0); i < 4; i++ {
+			r.SymbolList = append(r.SymbolList, getNBitsFromByte(rawPacket[1], i*2, 2))
+		}
+		return nil
+	}
+
+	r.SymbolSize = getNBitsFromByte(rawPacket[0], 2, 6)<<8 + uint16(rawPacket[1])
+	return nil
+}
+
+const (
+	// TypeTCCDeltaScaleFactor https://tools.ietf.org/html/draft-holmer-rmcat-transport-wide-cc-extensions-01#section-3.1.5
+	TypeTCCDeltaScaleFactor = 250
+)
+
+// RecvDelta are represented as multiples of 250us
+// small delta is 1 byte: [0，63.75]ms = [0, 63750]us = [0, 255]*250us
+// big delta is 2 bytes: [-8192.0, 8191.75]ms = [-8192000, 8191750]us = [-32768, 32767]*250us
+// https://tools.ietf.org/html/draft-holmer-rmcat-transport-wide-cc-extensions-01#section-3.1.5
+type RecvDelta struct {
+	Type uint16
+	// us
+	Delta int64
+}
+
+// Marshal ..
+func (r RecvDelta) Marshal() ([]byte, error) {
+	delta := r.Delta / TypeTCCDeltaScaleFactor
+
+	// small delta
+	if r.Type == TypeTCCPacketReceivedSmallDelta && delta >= 0 && delta <= math.MaxUint8 {
+		deltaChunk := make([]byte, 1)
+		deltaChunk[0] = byte(delta)
+		return deltaChunk, nil
+	}
+
+	// big delta
+	if r.Type == TypeTCCPacketReceivedLargeDelta && delta >= math.MinInt16 && delta <= math.MaxInt16 {
+		deltaChunk := make([]byte, 2)
+		binary.BigEndian.PutUint16(deltaChunk, uint16(delta))
+		return deltaChunk, nil
+	}
+
+	// overflow
+	return nil, errDeltaExceedLimit
+}
+
+// Unmarshal ..
+func (r *RecvDelta) Unmarshal(rawPacket []byte) error {
+	chunkLen := len(rawPacket)
+
+	// must be 1 or 2 bytes
+	if chunkLen != 1 && chunkLen != 2 {
+		return errDeltaExceedLimit
+	}
+
+	if chunkLen == 1 {
+		r.Type = TypeTCCPacketReceivedSmallDelta
+		r.Delta = TypeTCCDeltaScaleFactor * int64(rawPacket[0])
+		return nil
+	}
+
+	r.Type = TypeTCCPacketReceivedLargeDelta
+	r.Delta = TypeTCCDeltaScaleFactor * int64(int16(binary.BigEndian.Uint16(rawPacket)))
+	return nil
+}
+
+const (
+	// the offset after header
+	baseSequenceNumberOffset = 8
+	packetStatusCountOffset  = 10
+	referenceTimeOffset      = 12
+	fbPktCountOffset         = 15
+	packetChunkOffset        = 16
+)
+
+// TransportLayerCC for sender-BWE
+// https://tools.ietf.org/html/draft-holmer-rmcat-transport-wide-cc-extensions-01#page-5
+type TransportLayerCC struct {
+	// header
+	Header Header
+
+	// SSRC of sender
+	SenderSSRC uint32
+
+	// SSRC of the media source
+	MediaSSRC uint32
+
+	// Transport wide sequence of rtp extension
+	BaseSequenceNumber uint16
+
+	// PacketStatusCount
+	PacketStatusCount uint16
+
+	// ReferenceTime
+	ReferenceTime uint32
+
+	// FbPktCount
+	FbPktCount uint8
+
+	// PacketChunks
+	PacketChunks []PacketStatusChunk
+
+	// RecvDeltas
+	RecvDeltas []*RecvDelta
+}
+
+// Header returns the Header associated with this packet.
+// func (t *TransportLayerCC) Header() Header {
+// return t.Header
+// return Header{
+// Padding: true,
+// Count:   FormatTCC,
+// Type:    TypeTCCTransportSpecificFeedback,
+// // https://tools.ietf.org/html/rfc4585#page-33
+// Length: uint16((t.len() / 4) - 1),
+// }
+// }
+
+func (t *TransportLayerCC) packetLen() uint16 {
+	n := uint16(headerLength + packetChunkOffset + len(t.PacketChunks)*2)
+	for _, d := range t.RecvDeltas {
+		delta := d.Delta / TypeTCCDeltaScaleFactor
+
+		// small delta
+		if delta >= 0 && delta <= math.MaxUint8 {
+			n++
+		} else {
+			n += 2
+		}
+	}
+	return n
+}
+
+// Len return total bytes with padding
+func (t *TransportLayerCC) Len() uint16 {
+	n := t.packetLen()
+	// has padding
+	if n%4 != 0 {
+		n = (n/4 + 1) * 4
+	}
+
+	return n
+}
+
+func (t TransportLayerCC) String() string {
+	out := fmt.Sprintf("TransportLayerCC:\n\tHeader %v\n", t.Header)
+	out += fmt.Sprintf("TransportLayerCC:\n\tSender Ssrc %d\n", t.SenderSSRC)
+	out += fmt.Sprintf("\tMedia Ssrc %d\n", t.MediaSSRC)
+	out += fmt.Sprintf("\tBase Sequence Number %d\n", t.BaseSequenceNumber)
+	out += fmt.Sprintf("\tStatus Count %d\n", t.PacketStatusCount)
+	out += fmt.Sprintf("\tReference Time %d\n", t.ReferenceTime)
+	out += fmt.Sprintf("\tFeedback Packet Count %d\n", t.FbPktCount)
+	out += "\tPacketChunks "
+	for _, chunk := range t.PacketChunks {
+		out += fmt.Sprintf("%+v ", chunk)
+	}
+	out += "\n\tRecvDeltas "
+	for _, delta := range t.RecvDeltas {
+		out += fmt.Sprintf("%+v ", delta)
+	}
+	out += "\n"
+	return out
+}
+
+// Marshal encodes the TransportLayerCC in binary
+func (t TransportLayerCC) Marshal() ([]byte, error) {
+	header, err := t.Header.Marshal()
+	if err != nil {
+		return nil, err
+	}
+
+	payload := make([]byte, t.Len()-headerLength)
+	binary.BigEndian.PutUint32(payload, t.SenderSSRC)
+	binary.BigEndian.PutUint32(payload[4:], t.MediaSSRC)
+	binary.BigEndian.PutUint16(payload[baseSequenceNumberOffset:], t.BaseSequenceNumber)
+	binary.BigEndian.PutUint16(payload[packetStatusCountOffset:], t.PacketStatusCount)
+	ReferenceTimeAndFbPktCount := appendNBitsToUint32(0, 24, t.ReferenceTime)
+	ReferenceTimeAndFbPktCount = appendNBitsToUint32(ReferenceTimeAndFbPktCount, 8, uint32(t.FbPktCount))
+	binary.BigEndian.PutUint32(payload[referenceTimeOffset:], ReferenceTimeAndFbPktCount)
+
+	for i, chunk := range t.PacketChunks {
+		b, err := chunk.Marshal()
+		if err != nil {
+			return nil, err
+		}
+		copy(payload[packetChunkOffset+i*2:], b)
+	}
+
+	recvDeltaOffset := packetChunkOffset + len(t.PacketChunks)*2
+	var i int
+	for _, delta := range t.RecvDeltas {
+		b, err := delta.Marshal()
+		if err == nil {
+			copy(payload[recvDeltaOffset+i:], b)
+			i++
+			if delta.Type == TypeTCCPacketReceivedLargeDelta {
+				i++
+			}
+		}
+	}
+
+	if t.Header.Padding {
+		payload[len(payload)-1] = uint8(t.Len() - t.packetLen())
+	}
+
+	return append(header, payload...), nil
+}
+
+// Unmarshal ..
+func (t *TransportLayerCC) Unmarshal(rawPacket []byte) error { //nolint:gocognit
+	if len(rawPacket) < (headerLength + ssrcLength) {
+		return errPacketTooShort
+	}
+
+	if err := t.Header.Unmarshal(rawPacket); err != nil {
+		return err
+	}
+
+	// https://tools.ietf.org/html/rfc4585#page-33
+	// header's length + payload's length
+	totalLength := 4 * (t.Header.Length + 1)
+
+	if totalLength <= headerLength+packetChunkOffset {
+		return errPacketTooShort
+	}
+
+	if len(rawPacket) < int(totalLength) {
+		return errPacketTooShort
+	}
+
+	if t.Header.Type != TypeTransportSpecificFeedback || t.Header.Count != FormatTCC {
+		return errWrongType
+	}
+
+	t.SenderSSRC = binary.BigEndian.Uint32(rawPacket[headerLength:])
+	t.MediaSSRC = binary.BigEndian.Uint32(rawPacket[headerLength+ssrcLength:])
+	t.BaseSequenceNumber = binary.BigEndian.Uint16(rawPacket[headerLength+baseSequenceNumberOffset:])
+	t.PacketStatusCount = binary.BigEndian.Uint16(rawPacket[headerLength+packetStatusCountOffset:])
+	t.ReferenceTime = get24BitsFromBytes(rawPacket[headerLength+referenceTimeOffset : headerLength+referenceTimeOffset+3])
+	t.FbPktCount = rawPacket[headerLength+fbPktCountOffset]
+
+	packetStatusPos := uint16(headerLength + packetChunkOffset)
+	var processedPacketNum uint16
+	for processedPacketNum < t.PacketStatusCount {
+		if packetStatusPos+packetStatusChunkLength >= totalLength {
+			return errPacketTooShort
+		}
+		typ := getNBitsFromByte(rawPacket[packetStatusPos : packetStatusPos+1][0], 0, 1)
+		var iPacketStatus PacketStatusChunk
+		switch typ {
+		case TypeTCCRunLengthChunk:
+			packetStatus := &RunLengthChunk{Type: typ}
+			iPacketStatus = packetStatus
+			err := packetStatus.Unmarshal(rawPacket[packetStatusPos : packetStatusPos+2])
+			if err != nil {
+				return err
+			}
+
+			packetNumberToProcess := min(t.PacketStatusCount-processedPacketNum, packetStatus.RunLength)
+			if packetStatus.PacketStatusSymbol == TypeTCCPacketReceivedSmallDelta ||
+				packetStatus.PacketStatusSymbol == TypeTCCPacketReceivedLargeDelta {
+				for j := uint16(0); j < packetNumberToProcess; j++ {
+					t.RecvDeltas = append(t.RecvDeltas, &RecvDelta{Type: packetStatus.PacketStatusSymbol})
+				}
+			}
+			processedPacketNum += packetNumberToProcess
+		case TypeTCCStatusVectorChunk:
+			packetStatus := &StatusVectorChunk{Type: typ}
+			iPacketStatus = packetStatus
+			err := packetStatus.Unmarshal(rawPacket[packetStatusPos : packetStatusPos+2])
+			if err != nil {
+				return err
+			}
+			if packetStatus.SymbolSize == TypeTCCSymbolSizeOneBit {
+				for j := 0; j < len(packetStatus.SymbolList); j++ {
+					if packetStatus.SymbolList[j] == TypeTCCPacketReceivedSmallDelta {
+						t.RecvDeltas = append(t.RecvDeltas, &RecvDelta{Type: TypeTCCPacketReceivedSmallDelta})
+					}
+				}
+			}
+			if packetStatus.SymbolSize == TypeTCCSymbolSizeTwoBit {
+				for j := 0; j < len(packetStatus.SymbolList); j++ {
+					if packetStatus.SymbolList[j] == TypeTCCPacketReceivedSmallDelta || packetStatus.SymbolList[j] == TypeTCCPacketReceivedLargeDelta {
+						t.RecvDeltas = append(t.RecvDeltas, &RecvDelta{Type: packetStatus.SymbolList[j]})
+					}
+				}
+			}
+			processedPacketNum += uint16(len(packetStatus.SymbolList))
+		}
+		packetStatusPos += packetStatusChunkLength
+		t.PacketChunks = append(t.PacketChunks, iPacketStatus)
+	}
+
+	recvDeltasPos := packetStatusPos
+	for _, delta := range t.RecvDeltas {
+		if recvDeltasPos >= totalLength {
+			return errPacketTooShort
+		}
+		if delta.Type == TypeTCCPacketReceivedSmallDelta {
+			err := delta.Unmarshal(rawPacket[recvDeltasPos : recvDeltasPos+1])
+			if err != nil {
+				return err
+			}
+			recvDeltasPos++
+		}
+		if delta.Type == TypeTCCPacketReceivedLargeDelta {
+			err := delta.Unmarshal(rawPacket[recvDeltasPos : recvDeltasPos+2])
+			if err != nil {
+				return err
+			}
+			recvDeltasPos += 2
+		}
+	}
+
+	return nil
+}
+
+// DestinationSSRC returns an array of SSRC values that this packet refers to.
+func (t TransportLayerCC) DestinationSSRC() []uint32 {
+	return []uint32{t.MediaSSRC}
+}
+
+func min(x, y uint16) uint16 {
+	if x < y {
+		return x
+	}
+	return y
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/transport_layer_nack.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/transport_layer_nack.go
new file mode 100644
index 000000000..f7ab80308
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/transport_layer_nack.go
@@ -0,0 +1,174 @@
+package rtcp
+
+import (
+	"encoding/binary"
+	"fmt"
+	"math"
+)
+
+// PacketBitmap shouldn't be used like a normal integral,
+// so it's type is masked here. Access it with PacketList().
+type PacketBitmap uint16
+
+// NackPair is a wire-representation of a collection of
+// Lost RTP packets
+type NackPair struct {
+	// ID of lost packets
+	PacketID uint16
+
+	// Bitmask of following lost packets
+	LostPackets PacketBitmap
+}
+
+// The TransportLayerNack packet informs the encoder about the loss of a transport packet
+// IETF RFC 4585, Section 6.2.1
+// https://tools.ietf.org/html/rfc4585#section-6.2.1
+type TransportLayerNack struct {
+	// SSRC of sender
+	SenderSSRC uint32
+
+	// SSRC of the media source
+	MediaSSRC uint32
+
+	Nacks []NackPair
+}
+
+var _ Packet = (*TransportLayerNack)(nil) // assert is a Packet
+
+// NackPairsFromSequenceNumbers generates a slice of NackPair from a list of SequenceNumbers
+// This handles generating the proper values for PacketID/LostPackets
+func NackPairsFromSequenceNumbers(sequenceNumbers []uint16) (pairs []NackPair) {
+	if len(sequenceNumbers) == 0 {
+		return []NackPair{}
+	}
+
+	nackPair := &NackPair{PacketID: sequenceNumbers[0]}
+	for i := 1; i < len(sequenceNumbers); i++ {
+		m := sequenceNumbers[i]
+
+		if m-nackPair.PacketID > 16 {
+			pairs = append(pairs, *nackPair)
+			nackPair = &NackPair{PacketID: m}
+			continue
+		}
+
+		nackPair.LostPackets |= 1 << (m - nackPair.PacketID - 1)
+	}
+	pairs = append(pairs, *nackPair)
+	return
+}
+
+// Range calls f sequentially for each sequence number covered by n.
+// If f returns false, Range stops the iteration.
+func (n *NackPair) Range(f func(seqno uint16) bool) {
+	more := f(n.PacketID)
+	if !more {
+		return
+	}
+
+	b := n.LostPackets
+	for i := uint16(0); b != 0; i++ {
+		if (b & (1 << i)) != 0 {
+			b &^= (1 << i)
+			more = f(n.PacketID + i + 1)
+			if !more {
+				return
+			}
+		}
+	}
+}
+
+// PacketList returns a list of Nack'd packets that's referenced by a NackPair
+func (n *NackPair) PacketList() []uint16 {
+	out := make([]uint16, 0, 17)
+	n.Range(func(seqno uint16) bool {
+		out = append(out, seqno)
+		return true
+	})
+	return out
+}
+
+const (
+	tlnLength  = 2
+	nackOffset = 8
+)
+
+// Marshal encodes the TransportLayerNack in binary
+func (p TransportLayerNack) Marshal() ([]byte, error) {
+	if len(p.Nacks)+tlnLength > math.MaxUint8 {
+		return nil, errTooManyReports
+	}
+
+	rawPacket := make([]byte, nackOffset+(len(p.Nacks)*4))
+	binary.BigEndian.PutUint32(rawPacket, p.SenderSSRC)
+	binary.BigEndian.PutUint32(rawPacket[4:], p.MediaSSRC)
+	for i := 0; i < len(p.Nacks); i++ {
+		binary.BigEndian.PutUint16(rawPacket[nackOffset+(4*i):], p.Nacks[i].PacketID)
+		binary.BigEndian.PutUint16(rawPacket[nackOffset+(4*i)+2:], uint16(p.Nacks[i].LostPackets))
+	}
+	h := p.Header()
+	hData, err := h.Marshal()
+	if err != nil {
+		return nil, err
+	}
+
+	return append(hData, rawPacket...), nil
+}
+
+// Unmarshal decodes the TransportLayerNack from binary
+func (p *TransportLayerNack) Unmarshal(rawPacket []byte) error {
+	if len(rawPacket) < (headerLength + ssrcLength) {
+		return errPacketTooShort
+	}
+
+	var h Header
+	if err := h.Unmarshal(rawPacket); err != nil {
+		return err
+	}
+
+	if len(rawPacket) < (headerLength + int(4*h.Length)) {
+		return errPacketTooShort
+	}
+
+	if h.Type != TypeTransportSpecificFeedback || h.Count != FormatTLN {
+		return errWrongType
+	}
+
+	p.SenderSSRC = binary.BigEndian.Uint32(rawPacket[headerLength:])
+	p.MediaSSRC = binary.BigEndian.Uint32(rawPacket[headerLength+ssrcLength:])
+	for i := headerLength + nackOffset; i < (headerLength + int(h.Length*4)); i += 4 {
+		p.Nacks = append(p.Nacks, NackPair{
+			binary.BigEndian.Uint16(rawPacket[i:]),
+			PacketBitmap(binary.BigEndian.Uint16(rawPacket[i+2:])),
+		})
+	}
+	return nil
+}
+
+func (p *TransportLayerNack) len() int {
+	return headerLength + nackOffset + (len(p.Nacks) * 4)
+}
+
+// Header returns the Header associated with this packet.
+func (p *TransportLayerNack) Header() Header {
+	return Header{
+		Count:  FormatTLN,
+		Type:   TypeTransportSpecificFeedback,
+		Length: uint16((p.len() / 4) - 1),
+	}
+}
+
+func (p TransportLayerNack) String() string {
+	out := fmt.Sprintf("TransportLayerNack from %x\n", p.SenderSSRC)
+	out += fmt.Sprintf("\tMedia Ssrc %x\n", p.MediaSSRC)
+	out += "\tID\tLostPackets\n"
+	for _, i := range p.Nacks {
+		out += fmt.Sprintf("\t%d\t%b\n", i.PacketID, i.LostPackets)
+	}
+	return out
+}
+
+// DestinationSSRC returns an array of SSRC values that this packet refers to.
+func (p *TransportLayerNack) DestinationSSRC() []uint32 {
+	return []uint32{p.MediaSSRC}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/util.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/util.go
new file mode 100644
index 000000000..5702d35f8
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtcp/util.go
@@ -0,0 +1,38 @@
+package rtcp
+
+// getPadding Returns the padding required to make the length a multiple of 4
+func getPadding(len int) int {
+	if len%4 == 0 {
+		return 0
+	}
+	return 4 - (len % 4)
+}
+
+// setNBitsOfUint16 will truncate the value to size, left-shift to startIndex position and set
+func setNBitsOfUint16(src, size, startIndex, val uint16) (uint16, error) {
+	if startIndex+size > 16 {
+		return 0, errInvalidSizeOrStartIndex
+	}
+
+	// truncate val to size bits
+	val &= (1 << size) - 1
+
+	return src | (val << (16 - size - startIndex)), nil
+}
+
+// appendBit32 will left-shift and append n bits of val
+func appendNBitsToUint32(src, n, val uint32) uint32 {
+	return (src << n) | (val & (0xFFFFFFFF >> (32 - n)))
+}
+
+// getNBit get n bits from 1 byte, begin with a position
+func getNBitsFromByte(b byte, begin, n uint16) uint16 {
+	endShift := 8 - (begin + n)
+	mask := (0xFF >> begin) & uint8(0xFF<<endShift)
+	return uint16(b&mask) >> endShift
+}
+
+// get24BitFromBytes get 24bits from `[3]byte` slice
+func get24BitsFromBytes(b []byte) uint32 {
+	return uint32(b[0])<<16 + uint32(b[1])<<8 + uint32(b[2])
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/.gitignore b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/.gitignore
new file mode 100644
index 000000000..83db74ba5
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/.gitignore
@@ -0,0 +1,24 @@
+### JetBrains IDE ###
+#####################
+.idea/
+
+### Emacs Temporary Files ###
+#############################
+*~
+
+### Folders ###
+###############
+bin/
+vendor/
+node_modules/
+
+### Files ###
+#############
+*.ivf
+*.ogg
+tags
+cover.out
+*.sw[poe]
+*.wasm
+examples/sfu-ws/cert.pem
+examples/sfu-ws/key.pem
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/.golangci.yml b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/.golangci.yml
new file mode 100644
index 000000000..d6162c970
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/.golangci.yml
@@ -0,0 +1,89 @@
+linters-settings:
+  govet:
+    check-shadowing: true
+  misspell:
+    locale: US
+  exhaustive:
+    default-signifies-exhaustive: true
+  gomodguard:
+    blocked:
+      modules:
+        - github.com/pkg/errors:
+            recommendations:
+            - errors
+
+linters:
+  enable:
+    - asciicheck       # Simple linter to check that your code does not contain non-ASCII identifiers
+    - bodyclose        # checks whether HTTP response body is closed successfully
+    - deadcode         # Finds unused code
+    - depguard         # Go linter that checks if package imports are in a list of acceptable packages
+    - dogsled          # Checks assignments with too many blank identifiers (e.g. x, _, _, _, := f())
+    - dupl             # Tool for code clone detection
+    - errcheck         # Errcheck is a program for checking for unchecked errors in go programs. These unchecked errors can be critical bugs in some cases
+    - exhaustive       # check exhaustiveness of enum switch statements
+    - exportloopref    # checks for pointers to enclosing loop variables
+    - gci              # Gci control golang package import order and make it always deterministic.
+    - gochecknoglobals # Checks that no globals are present in Go code
+    - gochecknoinits   # Checks that no init functions are present in Go code
+    - gocognit         # Computes and checks the cognitive complexity of functions
+    - goconst          # Finds repeated strings that could be replaced by a constant
+    - gocritic         # The most opinionated Go source code linter
+    - godox            # Tool for detection of FIXME, TODO and other comment keywords
+    - goerr113         # Golang linter to check the errors handling expressions
+    - gofmt            # Gofmt checks whether code was gofmt-ed. By default this tool runs with -s option to check for code simplification
+    - gofumpt          # Gofumpt checks whether code was gofumpt-ed.
+    - goheader         # Checks is file header matches to pattern
+    - goimports        # Goimports does everything that gofmt does. Additionally it checks unused imports
+    - golint           # Golint differs from gofmt. Gofmt reformats Go source code, whereas golint prints out style mistakes
+    - gomodguard       # Allow and block list linter for direct Go module dependencies. This is different from depguard where there are different block types for example version constraints and module recommendations.
+    - goprintffuncname # Checks that printf-like functions are named with `f` at the end
+    - gosec            # Inspects source code for security problems
+    - gosimple         # Linter for Go source code that specializes in simplifying a code
+    - govet            # Vet examines Go source code and reports suspicious constructs, such as Printf calls whose arguments do not align with the format string
+    - ineffassign      # Detects when assignments to existing variables are not used
+    - misspell         # Finds commonly misspelled English words in comments
+    - nakedret         # Finds naked returns in functions greater than a specified function length
+    - noctx            # noctx finds sending http request without context.Context
+    - scopelint        # Scopelint checks for unpinned variables in go programs
+    - staticcheck      # Staticcheck is a go vet on steroids, applying a ton of static analysis checks
+    - structcheck      # Finds unused struct fields
+    - stylecheck       # Stylecheck is a replacement for golint
+    - typecheck        # Like the front-end of a Go compiler, parses and type-checks Go code
+    - unconvert        # Remove unnecessary type conversions
+    - unparam          # Reports unused function parameters
+    - unused           # Checks Go code for unused constants, variables, functions and types
+    - varcheck         # Finds unused global variables and constants
+    - whitespace       # Tool for detection of leading and trailing whitespace
+  disable:
+    - funlen           # Tool for detection of long functions
+    - gocyclo          # Computes and checks the cyclomatic complexity of functions
+    - godot            # Check if comments end in a period
+    - gomnd            # An analyzer to detect magic numbers.
+    - lll              # Reports long lines
+    - maligned         # Tool to detect Go structs that would take less memory if their fields were sorted
+    - nestif           # Reports deeply nested if statements
+    - nlreturn         # nlreturn checks for a new line before return and branch statements to increase code clarity
+    - nolintlint       # Reports ill-formed or insufficient nolint directives
+    - prealloc         # Finds slice declarations that could potentially be preallocated
+    - rowserrcheck     # checks whether Err of rows is checked successfully
+    - sqlclosecheck    # Checks that sql.Rows and sql.Stmt are closed.
+    - testpackage      # linter that makes you use a separate _test package
+    - wsl              # Whitespace Linter - Forces you to use empty lines!
+
+issues:
+  exclude-use-default: false
+  exclude-rules:
+    # Allow complex tests, better to be self contained
+    - path: _test\.go
+      linters:
+        - gocognit
+
+    # Allow complex main function in examples
+    - path: examples
+      text: "of func `main` is high"
+      linters:
+        - gocognit
+
+run:
+  skip-dirs-use-default: false
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/LICENSE b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/LICENSE
new file mode 100644
index 000000000..ab602974d
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2018 
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/README.md b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/README.md
new file mode 100644
index 000000000..b17709e58
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/README.md
@@ -0,0 +1,53 @@
+<h1 align="center">
+  <br>
+  Pion RTP
+  <br>
+</h1>
+<h4 align="center">A Go implementation of RTP</h4>
+<p align="center">
+  <a href="https://pion.ly"><img src="https://img.shields.io/badge/pion-rtp-gray.svg?longCache=true&colorB=brightgreen" alt="Pion RTP"></a>
+  <a href="https://sourcegraph.com/github.com/pion/rtp?badge"><img src="https://sourcegraph.com/github.com/pion/rtp/-/badge.svg" alt="Sourcegraph Widget"></a>
+  <a href="https://pion.ly/slack"><img src="https://img.shields.io/badge/join-us%20on%20slack-gray.svg?longCache=true&logo=slack&colorB=brightgreen" alt="Slack Widget"></a>
+  <br>
+  <a href="https://travis-ci.org/pion/rtp"><img src="https://travis-ci.org/pion/rtp.svg?branch=master" alt="Build Status"></a>
+  <a href="https://pkg.go.dev/github.com/pion/rtp"><img src="https://godoc.org/github.com/pion/rtp?status.svg" alt="GoDoc"></a>
+  <a href="https://codecov.io/gh/pion/rtp"><img src="https://codecov.io/gh/pion/rtp/branch/master/graph/badge.svg" alt="Coverage Status"></a>
+  <a href="https://goreportcard.com/report/github.com/pion/rtp"><img src="https://goreportcard.com/badge/github.com/pion/rtp" alt="Go Report Card"></a>
+  <a href="LICENSE"><img src="https://img.shields.io/badge/License-MIT-yellow.svg" alt="License: MIT"></a>
+</p>
+<br>
+
+### Roadmap
+The library is used as a part of our WebRTC implementation. Please refer to that [roadmap](https://github.com/pion/webrtc/issues/9) to track our major milestones.
+
+### Community
+Pion has an active community on the [Golang Slack](https://invite.slack.golangbridge.org/). Sign up and join the **#pion** channel for discussions and support. You can also use [Pion mailing list](https://groups.google.com/forum/#!forum/pion).
+
+We are always looking to support **your projects**. Please reach out if you have something to build!
+
+If you need commercial support or don't want to use public methods you can contact us at [team@pion.ly](mailto:team@pion.ly)
+
+### Contributing
+Check out the **[contributing wiki](https://github.com/pion/webrtc/wiki/Contributing)** to join the group of amazing people making this project possible:
+
+* [John Bradley](https://github.com/kc5nra) - *Original Author*
+* [Sean DuBois](https://github.com/Sean-Der) - *Original Author*
+* [Woodrow Douglass](https://github.com/wdouglass) *RTCP, RTP improvements, G.722 support, Bugfixes*
+* [Michael MacDonald](https://github.com/mjmac)
+* [Luke Curley](https://github.com/kixelated) *Performance*
+* [Antoine Baché](https://github.com/Antonito) *Fixed crashes*
+* [Hugo Arregui](https://github.com/hugoArregui)
+* [Raphael Derosso Pereira](https://github.com/raphaelpereira)
+* [Atsushi Watanabe](https://github.com/at-wat)
+* [adwpc](https://github.com/adwpc) *add transport-cc extension*
+* [Bao Nguyen](https://github.com/sysbot) *add VP9 noop, bug fixes.
+* [Tarrence van As](https://github.com/tarrencev) *add audio level extension*
+* [Simone Gotti](https://github.com/sgotti)
+* [Guilherme Souza](https://github.com/gqgs)
+* [Rob Lofthouse](https://github.com/roblofthouse)
+* [Kazuyuki Honda](https://github.com/hakobera)
+* [Haiyang Wang](https://github.com/ocean2811)
+* [lxb](https://github.com/lxb531)
+
+### License
+MIT License - see [LICENSE](LICENSE) for full text
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/abssendtimeextension.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/abssendtimeextension.go
new file mode 100644
index 000000000..fc9731d0b
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/abssendtimeextension.go
@@ -0,0 +1,78 @@
+package rtp
+
+import (
+	"time"
+)
+
+const (
+	absSendTimeExtensionSize = 3
+)
+
+// AbsSendTimeExtension is a extension payload format in
+// http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time
+type AbsSendTimeExtension struct {
+	Timestamp uint64
+}
+
+// Marshal serializes the members to buffer.
+func (t *AbsSendTimeExtension) Marshal() ([]byte, error) {
+	return []byte{
+		byte(t.Timestamp & 0xFF0000 >> 16),
+		byte(t.Timestamp & 0xFF00 >> 8),
+		byte(t.Timestamp & 0xFF),
+	}, nil
+}
+
+// Unmarshal parses the passed byte slice and stores the result in the members.
+func (t *AbsSendTimeExtension) Unmarshal(rawData []byte) error {
+	if len(rawData) < absSendTimeExtensionSize {
+		return errTooSmall
+	}
+	t.Timestamp = uint64(rawData[0])<<16 | uint64(rawData[1])<<8 | uint64(rawData[2])
+	return nil
+}
+
+// Estimate absolute send time according to the receive time.
+// Note that if the transmission delay is larger than 64 seconds, estimated time will be wrong.
+func (t *AbsSendTimeExtension) Estimate(receive time.Time) time.Time {
+	receiveNTP := toNtpTime(receive)
+	ntp := receiveNTP&0xFFFFFFC000000000 | (t.Timestamp&0xFFFFFF)<<14
+	if receiveNTP < ntp {
+		// Receive time must be always later than send time
+		ntp -= 0x1000000 << 14
+	}
+
+	return toTime(ntp)
+}
+
+// NewAbsSendTimeExtension makes new AbsSendTimeExtension from time.Time.
+func NewAbsSendTimeExtension(sendTime time.Time) *AbsSendTimeExtension {
+	return &AbsSendTimeExtension{
+		Timestamp: toNtpTime(sendTime) >> 14,
+	}
+}
+
+func toNtpTime(t time.Time) uint64 {
+	var s uint64
+	var f uint64
+	u := uint64(t.UnixNano())
+	s = u / 1e9
+	s += 0x83AA7E80 // offset in seconds between unix epoch and ntp epoch
+	f = u % 1e9
+	f <<= 32
+	f /= 1e9
+	s <<= 32
+
+	return s | f
+}
+
+func toTime(t uint64) time.Time {
+	s := t >> 32
+	f := t & 0xFFFFFFFF
+	f *= 1e9
+	f >>= 32
+	s -= 0x83AA7E80
+	u := s*1e9 + f
+
+	return time.Unix(0, int64(u))
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/audiolevelextension.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/audiolevelextension.go
new file mode 100644
index 000000000..f8701e153
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/audiolevelextension.go
@@ -0,0 +1,60 @@
+package rtp
+
+import (
+	"errors"
+)
+
+const (
+	// audioLevelExtensionSize One byte header size
+	audioLevelExtensionSize = 1
+)
+
+var errAudioLevelOverflow = errors.New("audio level overflow")
+
+// AudioLevelExtension is a extension payload format described in
+// https://tools.ietf.org/html/rfc6464
+//
+// Implementation based on:
+// https://chromium.googlesource.com/external/webrtc/+/e2a017725570ead5946a4ca8235af27470ca0df9/webrtc/modules/rtp_rtcp/source/rtp_header_extensions.cc#49
+//
+// One byte format:
+// 0                   1
+// 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+// |  ID   | len=0 |V| level       |
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+//
+// Two byte format:
+// 0                   1                   2                   3
+// 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+// |      ID       |     len=1     |V|    level    |    0 (pad)    |
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+type AudioLevelExtension struct {
+	Level uint8
+	Voice bool
+}
+
+// Marshal serializes the members to buffer
+func (a *AudioLevelExtension) Marshal() ([]byte, error) {
+	if a.Level > 127 {
+		return nil, errAudioLevelOverflow
+	}
+	voice := uint8(0x00)
+	if a.Voice {
+		voice = 0x80
+	}
+	buf := make([]byte, audioLevelExtensionSize)
+	buf[0] = voice | a.Level
+	return buf, nil
+}
+
+// Unmarshal parses the passed byte slice and stores the result in the members
+func (a *AudioLevelExtension) Unmarshal(rawData []byte) error {
+	if len(rawData) < audioLevelExtensionSize {
+		return errTooSmall
+	}
+	a.Level = rawData[0] & 0x7F
+	a.Voice = rawData[0]&0x80 != 0
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/codecov.yml b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/codecov.yml
new file mode 100644
index 000000000..085200a48
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/codecov.yml
@@ -0,0 +1,20 @@
+#
+# DO NOT EDIT THIS FILE
+#
+# It is automatically copied from https://github.com/pion/.goassets repository.
+#
+
+coverage:
+  status:
+    project:
+      default:
+        # Allow decreasing 2% of total coverage to avoid noise.
+        threshold: 2%
+    patch:
+      default:
+        target: 70%
+        only_pulls: true
+
+ignore:
+  - "examples/*"
+  - "examples/**/*"
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/codecs/codecs.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/codecs/codecs.go
new file mode 100644
index 000000000..0e078974e
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/codecs/codecs.go
@@ -0,0 +1,2 @@
+// Package codecs implements codec specific RTP payloader/depayloaders
+package codecs
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/codecs/common.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/codecs/common.go
new file mode 100644
index 000000000..39336d2b7
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/codecs/common.go
@@ -0,0 +1,8 @@
+package codecs
+
+func min(a, b int) int {
+	if a < b {
+		return a
+	}
+	return b
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/codecs/error.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/codecs/error.go
new file mode 100644
index 000000000..38ee9076b
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/codecs/error.go
@@ -0,0 +1,11 @@
+package codecs
+
+import "errors"
+
+var (
+	errShortPacket          = errors.New("packet is not large enough")
+	errNilPacket            = errors.New("invalid nil packet")
+	errTooManyPDiff         = errors.New("too many PDiff")
+	errTooManySpatialLayers = errors.New("too many spatial layers")
+	errUnhandledNALUType    = errors.New("NALU Type is unhandled")
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/codecs/g711_packet.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/codecs/g711_packet.go
new file mode 100644
index 000000000..a74876f31
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/codecs/g711_packet.go
@@ -0,0 +1,22 @@
+package codecs
+
+// G711Payloader payloads G711 packets
+type G711Payloader struct{}
+
+// Payload fragments an G711 packet across one or more byte arrays
+func (p *G711Payloader) Payload(mtu int, payload []byte) [][]byte {
+	var out [][]byte
+	if payload == nil || mtu <= 0 {
+		return out
+	}
+
+	for len(payload) > mtu {
+		o := make([]byte, mtu)
+		copy(o, payload[:mtu])
+		payload = payload[mtu:]
+		out = append(out, o)
+	}
+	o := make([]byte, len(payload))
+	copy(o, payload)
+	return append(out, o)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/codecs/g722_packet.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/codecs/g722_packet.go
new file mode 100644
index 000000000..70c98838e
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/codecs/g722_packet.go
@@ -0,0 +1,22 @@
+package codecs
+
+// G722Payloader payloads G722 packets
+type G722Payloader struct{}
+
+// Payload fragments an G722 packet across one or more byte arrays
+func (p *G722Payloader) Payload(mtu int, payload []byte) [][]byte {
+	var out [][]byte
+	if payload == nil || mtu <= 0 {
+		return out
+	}
+
+	for len(payload) > mtu {
+		o := make([]byte, mtu)
+		copy(o, payload[:mtu])
+		payload = payload[mtu:]
+		out = append(out, o)
+	}
+	o := make([]byte, len(payload))
+	copy(o, payload)
+	return append(out, o)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/codecs/h264_packet.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/codecs/h264_packet.go
new file mode 100644
index 000000000..3ee592690
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/codecs/h264_packet.go
@@ -0,0 +1,205 @@
+package codecs
+
+import (
+	"encoding/binary"
+	"fmt"
+)
+
+// H264Payloader payloads H264 packets
+type H264Payloader struct{}
+
+const (
+	stapaNALUType = 24
+	fuaNALUType   = 28
+
+	fuaHeaderSize       = 2
+	stapaHeaderSize     = 1
+	stapaNALULengthSize = 2
+
+	naluTypeBitmask   = 0x1F
+	naluRefIdcBitmask = 0x60
+	fuaStartBitmask   = 0x80
+)
+
+func annexbNALUStartCode() []byte { return []byte{0x00, 0x00, 0x00, 0x01} }
+
+func emitNalus(nals []byte, emit func([]byte)) {
+	nextInd := func(nalu []byte, start int) (indStart int, indLen int) {
+		zeroCount := 0
+
+		for i, b := range nalu[start:] {
+			if b == 0 {
+				zeroCount++
+				continue
+			} else if b == 1 {
+				if zeroCount >= 2 {
+					return start + i - zeroCount, zeroCount + 1
+				}
+			}
+			zeroCount = 0
+		}
+		return -1, -1
+	}
+
+	nextIndStart, nextIndLen := nextInd(nals, 0)
+	if nextIndStart == -1 {
+		emit(nals)
+	} else {
+		for nextIndStart != -1 {
+			prevStart := nextIndStart + nextIndLen
+			nextIndStart, nextIndLen = nextInd(nals, prevStart)
+			if nextIndStart != -1 {
+				emit(nals[prevStart:nextIndStart])
+			} else {
+				// Emit until end of stream, no end indicator found
+				emit(nals[prevStart:])
+			}
+		}
+	}
+}
+
+// Payload fragments a H264 packet across one or more byte arrays
+func (p *H264Payloader) Payload(mtu int, payload []byte) [][]byte {
+	var payloads [][]byte
+	if len(payload) == 0 {
+		return payloads
+	}
+
+	emitNalus(payload, func(nalu []byte) {
+		if len(nalu) == 0 {
+			return
+		}
+
+		naluType := nalu[0] & naluTypeBitmask
+		naluRefIdc := nalu[0] & naluRefIdcBitmask
+
+		if naluType == 9 || naluType == 12 {
+			return
+		}
+
+		// Single NALU
+		if len(nalu) <= mtu {
+			out := make([]byte, len(nalu))
+			copy(out, nalu)
+			payloads = append(payloads, out)
+			return
+		}
+
+		// FU-A
+		maxFragmentSize := mtu - fuaHeaderSize
+
+		// The FU payload consists of fragments of the payload of the fragmented
+		// NAL unit so that if the fragmentation unit payloads of consecutive
+		// FUs are sequentially concatenated, the payload of the fragmented NAL
+		// unit can be reconstructed.  The NAL unit type octet of the fragmented
+		// NAL unit is not included as such in the fragmentation unit payload,
+		// 	but rather the information of the NAL unit type octet of the
+		// fragmented NAL unit is conveyed in the F and NRI fields of the FU
+		// indicator octet of the fragmentation unit and in the type field of
+		// the FU header.  An FU payload MAY have any number of octets and MAY
+		// be empty.
+
+		naluData := nalu
+		// According to the RFC, the first octet is skipped due to redundant information
+		naluDataIndex := 1
+		naluDataLength := len(nalu) - naluDataIndex
+		naluDataRemaining := naluDataLength
+
+		if min(maxFragmentSize, naluDataRemaining) <= 0 {
+			return
+		}
+
+		for naluDataRemaining > 0 {
+			currentFragmentSize := min(maxFragmentSize, naluDataRemaining)
+			out := make([]byte, fuaHeaderSize+currentFragmentSize)
+
+			// +---------------+
+			// |0|1|2|3|4|5|6|7|
+			// +-+-+-+-+-+-+-+-+
+			// |F|NRI|  Type   |
+			// +---------------+
+			out[0] = fuaNALUType
+			out[0] |= naluRefIdc
+
+			// +---------------+
+			// |0|1|2|3|4|5|6|7|
+			// +-+-+-+-+-+-+-+-+
+			// |S|E|R|  Type   |
+			// +---------------+
+
+			out[1] = naluType
+			if naluDataRemaining == naluDataLength {
+				// Set start bit
+				out[1] |= 1 << 7
+			} else if naluDataRemaining-currentFragmentSize == 0 {
+				// Set end bit
+				out[1] |= 1 << 6
+			}
+
+			copy(out[fuaHeaderSize:], naluData[naluDataIndex:naluDataIndex+currentFragmentSize])
+			payloads = append(payloads, out)
+
+			naluDataRemaining -= currentFragmentSize
+			naluDataIndex += currentFragmentSize
+		}
+	})
+
+	return payloads
+}
+
+// H264Packet represents the H264 header that is stored in the payload of an RTP Packet
+type H264Packet struct {
+}
+
+// Unmarshal parses the passed byte slice and stores the result in the H264Packet this method is called upon
+func (p *H264Packet) Unmarshal(payload []byte) ([]byte, error) {
+	if payload == nil {
+		return nil, errNilPacket
+	} else if len(payload) <= 2 {
+		return nil, fmt.Errorf("%w: %d <= 2", errShortPacket, len(payload))
+	}
+
+	// NALU Types
+	// https://tools.ietf.org/html/rfc6184#section-5.4
+	naluType := payload[0] & naluTypeBitmask
+	switch {
+	case naluType > 0 && naluType < 24:
+		return append(annexbNALUStartCode(), payload...), nil
+
+	case naluType == stapaNALUType:
+		currOffset := int(stapaHeaderSize)
+		result := []byte{}
+		for currOffset < len(payload) {
+			naluSize := int(binary.BigEndian.Uint16(payload[currOffset:]))
+			currOffset += stapaNALULengthSize
+
+			if len(payload) < currOffset+naluSize {
+				return nil, fmt.Errorf("%w STAP-A declared size(%d) is larger than buffer(%d)", errShortPacket, naluSize, len(payload)-currOffset)
+			}
+
+			result = append(result, annexbNALUStartCode()...)
+			result = append(result, payload[currOffset:currOffset+naluSize]...)
+			currOffset += naluSize
+		}
+		return result, nil
+
+	case naluType == fuaNALUType:
+		if len(payload) < fuaHeaderSize {
+			return nil, errShortPacket
+		}
+
+		if payload[1]&fuaStartBitmask != 0 {
+			naluRefIdc := payload[0] & naluRefIdcBitmask
+			fragmentedNaluType := payload[1] & naluTypeBitmask
+
+			// Take a copy of payload since we are mutating it.
+			payloadCopy := append([]byte{}, payload...)
+			payloadCopy[fuaHeaderSize-1] = naluRefIdc | fragmentedNaluType
+			return append(annexbNALUStartCode(), payloadCopy[fuaHeaderSize-1:]...), nil
+		}
+
+		return payload[fuaHeaderSize:], nil
+	}
+
+	return nil, fmt.Errorf("%w: %d", errUnhandledNALUType, naluType)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/codecs/opus_packet.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/codecs/opus_packet.go
new file mode 100644
index 000000000..504741f87
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/codecs/opus_packet.go
@@ -0,0 +1,44 @@
+package codecs
+
+// OpusPayloader payloads Opus packets
+type OpusPayloader struct{}
+
+// Payload fragments an Opus packet across one or more byte arrays
+func (p *OpusPayloader) Payload(mtu int, payload []byte) [][]byte {
+	if payload == nil {
+		return [][]byte{}
+	}
+
+	out := make([]byte, len(payload))
+	copy(out, payload)
+	return [][]byte{out}
+}
+
+// OpusPacket represents the Opus header that is stored in the payload of an RTP Packet
+type OpusPacket struct {
+	Payload []byte
+}
+
+// Unmarshal parses the passed byte slice and stores the result in the OpusPacket this method is called upon
+func (p *OpusPacket) Unmarshal(packet []byte) ([]byte, error) {
+	if packet == nil {
+		return nil, errNilPacket
+	} else if len(packet) == 0 {
+		return nil, errShortPacket
+	}
+
+	p.Payload = packet
+	return packet, nil
+}
+
+// OpusPartitionHeadChecker checks Opus partition head
+type OpusPartitionHeadChecker struct{}
+
+// IsPartitionHead checks whether if this is a head of the Opus partition
+func (*OpusPartitionHeadChecker) IsPartitionHead(packet []byte) bool {
+	p := &OpusPacket{}
+	if _, err := p.Unmarshal(packet); err != nil {
+		return false
+	}
+	return true
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/codecs/vp8_packet.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/codecs/vp8_packet.go
new file mode 100644
index 000000000..7ade7da9e
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/codecs/vp8_packet.go
@@ -0,0 +1,143 @@
+package codecs
+
+// VP8Payloader payloads VP8 packets
+type VP8Payloader struct{}
+
+const (
+	vp8HeaderSize = 1
+)
+
+// Payload fragments a VP8 packet across one or more byte arrays
+func (p *VP8Payloader) Payload(mtu int, payload []byte) [][]byte {
+	/*
+	 * https://tools.ietf.org/html/rfc7741#section-4.2
+	 *
+	 *       0 1 2 3 4 5 6 7
+	 *      +-+-+-+-+-+-+-+-+
+	 *      |X|R|N|S|R| PID | (REQUIRED)
+	 *      +-+-+-+-+-+-+-+-+
+	 * X:   |I|L|T|K| RSV   | (OPTIONAL)
+	 *      +-+-+-+-+-+-+-+-+
+	 * I:   |M| PictureID   | (OPTIONAL)
+	 *      +-+-+-+-+-+-+-+-+
+	 * L:   |   TL0PICIDX   | (OPTIONAL)
+	 *      +-+-+-+-+-+-+-+-+
+	 * T/K: |TID|Y| KEYIDX  | (OPTIONAL)
+	 *      +-+-+-+-+-+-+-+-+
+	 *  S: Start of VP8 partition.  SHOULD be set to 1 when the first payload
+	 *     octet of the RTP packet is the beginning of a new VP8 partition,
+	 *     and MUST NOT be 1 otherwise.  The S bit MUST be set to 1 for the
+	 *     first packet of each encoded frame.
+	 */
+
+	maxFragmentSize := mtu - vp8HeaderSize
+
+	payloadData := payload
+	payloadDataRemaining := len(payload)
+
+	payloadDataIndex := 0
+	var payloads [][]byte
+
+	// Make sure the fragment/payload size is correct
+	if min(maxFragmentSize, payloadDataRemaining) <= 0 {
+		return payloads
+	}
+	for payloadDataRemaining > 0 {
+		currentFragmentSize := min(maxFragmentSize, payloadDataRemaining)
+		out := make([]byte, vp8HeaderSize+currentFragmentSize)
+		if payloadDataRemaining == len(payload) {
+			out[0] = 0x10
+		}
+
+		copy(out[vp8HeaderSize:], payloadData[payloadDataIndex:payloadDataIndex+currentFragmentSize])
+		payloads = append(payloads, out)
+
+		payloadDataRemaining -= currentFragmentSize
+		payloadDataIndex += currentFragmentSize
+	}
+
+	return payloads
+}
+
+// VP8Packet represents the VP8 header that is stored in the payload of an RTP Packet
+type VP8Packet struct {
+	// Required Header
+	X   uint8 /* extended controlbits present */
+	N   uint8 /* (non-reference frame)  when set to 1 this frame can be discarded */
+	S   uint8 /* start of VP8 partition */
+	PID uint8 /* partition index */
+
+	// Optional Header
+	I         uint8  /* 1 if PictureID is present */
+	L         uint8  /* 1 if TL0PICIDX is present */
+	T         uint8  /* 1 if TID is present */
+	K         uint8  /* 1 if KEYIDX is present */
+	PictureID uint16 /* 8 or 16 bits, picture ID */
+	TL0PICIDX uint8  /* 8 bits temporal level zero index */
+
+	Payload []byte
+}
+
+// Unmarshal parses the passed byte slice and stores the result in the VP8Packet this method is called upon
+func (p *VP8Packet) Unmarshal(payload []byte) ([]byte, error) {
+	if payload == nil {
+		return nil, errNilPacket
+	}
+
+	payloadLen := len(payload)
+
+	if payloadLen < 4 {
+		return nil, errShortPacket
+	}
+
+	payloadIndex := 0
+
+	p.X = (payload[payloadIndex] & 0x80) >> 7
+	p.N = (payload[payloadIndex] & 0x20) >> 5
+	p.S = (payload[payloadIndex] & 0x10) >> 4
+	p.PID = payload[payloadIndex] & 0x07
+
+	payloadIndex++
+
+	if p.X == 1 {
+		p.I = (payload[payloadIndex] & 0x80) >> 7
+		p.L = (payload[payloadIndex] & 0x40) >> 6
+		p.T = (payload[payloadIndex] & 0x20) >> 5
+		p.K = (payload[payloadIndex] & 0x10) >> 4
+		payloadIndex++
+	}
+
+	if p.I == 1 { // PID present?
+		if payload[payloadIndex]&0x80 > 0 { // M == 1, PID is 16bit
+			payloadIndex += 2
+		} else {
+			payloadIndex++
+		}
+	}
+
+	if p.L == 1 {
+		payloadIndex++
+	}
+
+	if p.T == 1 || p.K == 1 {
+		payloadIndex++
+	}
+
+	if payloadIndex >= payloadLen {
+		return nil, errShortPacket
+	}
+	p.Payload = payload[payloadIndex:]
+	return p.Payload, nil
+}
+
+// VP8PartitionHeadChecker checks VP8 partition head
+type VP8PartitionHeadChecker struct{}
+
+// IsPartitionHead checks whether if this is a head of the VP8 partition
+func (*VP8PartitionHeadChecker) IsPartitionHead(packet []byte) bool {
+	p := &VP8Packet{}
+	if _, err := p.Unmarshal(packet); err != nil {
+		return false
+	}
+	return p.S == 1
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/codecs/vp9_packet.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/codecs/vp9_packet.go
new file mode 100644
index 000000000..5cb619be0
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/codecs/vp9_packet.go
@@ -0,0 +1,385 @@
+package codecs
+
+import (
+	"github.com/pion/randutil"
+)
+
+// Use global random generator to properly seed by crypto grade random.
+var globalMathRandomGenerator = randutil.NewMathRandomGenerator() // nolint:gochecknoglobals
+
+// VP9Payloader payloads VP9 packets
+type VP9Payloader struct {
+	pictureID   uint16
+	initialized bool
+
+	// InitialPictureIDFn is a function that returns random initial picture ID.
+	InitialPictureIDFn func() uint16
+}
+
+const (
+	vp9HeaderSize    = 3 // Flexible mode 15 bit picture ID
+	maxSpatialLayers = 5
+	maxVP9RefPics    = 3
+)
+
+// Payload fragments an VP9 packet across one or more byte arrays
+func (p *VP9Payloader) Payload(mtu int, payload []byte) [][]byte {
+	/*
+	 * https://www.ietf.org/id/draft-ietf-payload-vp9-10.txt
+	 *
+	 * Flexible mode (F=1)
+	 *        0 1 2 3 4 5 6 7
+	 *       +-+-+-+-+-+-+-+-+
+	 *       |I|P|L|F|B|E|V|-| (REQUIRED)
+	 *       +-+-+-+-+-+-+-+-+
+	 *  I:   |M| PICTURE ID  | (REQUIRED)
+	 *       +-+-+-+-+-+-+-+-+
+	 *  M:   | EXTENDED PID  | (RECOMMENDED)
+	 *       +-+-+-+-+-+-+-+-+
+	 *  L:   | TID |U| SID |D| (CONDITIONALLY RECOMMENDED)
+	 *       +-+-+-+-+-+-+-+-+                             -\
+	 *  P,F: | P_DIFF      |N| (CONDITIONALLY REQUIRED)    - up to 3 times
+	 *       +-+-+-+-+-+-+-+-+                             -/
+	 *  V:   | SS            |
+	 *       | ..            |
+	 *       +-+-+-+-+-+-+-+-+
+	 *
+	 * Non-flexible mode (F=0)
+	 *        0 1 2 3 4 5 6 7
+	 *       +-+-+-+-+-+-+-+-+
+	 *       |I|P|L|F|B|E|V|-| (REQUIRED)
+	 *       +-+-+-+-+-+-+-+-+
+	 *  I:   |M| PICTURE ID  | (RECOMMENDED)
+	 *       +-+-+-+-+-+-+-+-+
+	 *  M:   | EXTENDED PID  | (RECOMMENDED)
+	 *       +-+-+-+-+-+-+-+-+
+	 *  L:   | TID |U| SID |D| (CONDITIONALLY RECOMMENDED)
+	 *       +-+-+-+-+-+-+-+-+
+	 *       |   TL0PICIDX   | (CONDITIONALLY REQUIRED)
+	 *       +-+-+-+-+-+-+-+-+
+	 *  V:   | SS            |
+	 *       | ..            |
+	 *       +-+-+-+-+-+-+-+-+
+	 */
+
+	if !p.initialized {
+		if p.InitialPictureIDFn == nil {
+			p.InitialPictureIDFn = func() uint16 {
+				return uint16(globalMathRandomGenerator.Intn(0x7FFF))
+			}
+		}
+		p.pictureID = p.InitialPictureIDFn() & 0x7FFF
+		p.initialized = true
+	}
+	if payload == nil {
+		return [][]byte{}
+	}
+
+	maxFragmentSize := mtu - vp9HeaderSize
+	payloadDataRemaining := len(payload)
+	payloadDataIndex := 0
+
+	if min(maxFragmentSize, payloadDataRemaining) <= 0 {
+		return [][]byte{}
+	}
+
+	var payloads [][]byte
+	for payloadDataRemaining > 0 {
+		currentFragmentSize := min(maxFragmentSize, payloadDataRemaining)
+		out := make([]byte, vp9HeaderSize+currentFragmentSize)
+
+		out[0] = 0x90 // F=1 I=1
+		if payloadDataIndex == 0 {
+			out[0] |= 0x08 // B=1
+		}
+		if payloadDataRemaining == currentFragmentSize {
+			out[0] |= 0x04 // E=1
+		}
+		out[1] = byte(p.pictureID>>8) | 0x80
+		out[2] = byte(p.pictureID)
+		copy(out[vp9HeaderSize:], payload[payloadDataIndex:payloadDataIndex+currentFragmentSize])
+		payloads = append(payloads, out)
+
+		payloadDataRemaining -= currentFragmentSize
+		payloadDataIndex += currentFragmentSize
+	}
+	p.pictureID++
+	if p.pictureID >= 0x8000 {
+		p.pictureID = 0
+	}
+
+	return payloads
+}
+
+// VP9Packet represents the VP9 header that is stored in the payload of an RTP Packet
+type VP9Packet struct {
+	// Required header
+	I bool // PictureID is present
+	P bool // Inter-picture predicted frame
+	L bool // Layer indices is present
+	F bool // Flexible mode
+	B bool // Start of a frame
+	E bool // End of a frame
+	V bool // Scalability structure (SS) data present
+
+	// Recommended headers
+	PictureID uint16 // 7 or 16 bits, picture ID
+
+	// Conditionally recommended headers
+	TID uint8 // Temporal layer ID
+	U   bool  // Switching up point
+	SID uint8 // Spatial layer ID
+	D   bool  // Inter-layer dependency used
+
+	// Conditionally required headers
+	PDiff     []uint8 // Reference index (F=1)
+	TL0PICIDX uint8   // Temporal layer zero index (F=0)
+
+	// Scalability structure headers
+	NS      uint8 // N_S + 1 indicates the number of spatial layers present in the VP9 stream
+	Y       bool  // Each spatial layer's frame resolution present
+	G       bool  // PG description present flag.
+	NG      uint8 // N_G indicates the number of pictures in a Picture Group (PG)
+	Width   []uint16
+	Height  []uint16
+	PGTID   []uint8   // Temporal layer ID of pictures in a Picture Group
+	PGU     []bool    // Switching up point of pictures in a Picture Group
+	PGPDiff [][]uint8 // Reference indecies of pictures in a Picture Group
+
+	Payload []byte
+}
+
+// Unmarshal parses the passed byte slice and stores the result in the VP9Packet this method is called upon
+func (p *VP9Packet) Unmarshal(packet []byte) ([]byte, error) {
+	if packet == nil {
+		return nil, errNilPacket
+	}
+	if len(packet) < 1 {
+		return nil, errShortPacket
+	}
+
+	p.I = packet[0]&0x80 != 0
+	p.P = packet[0]&0x40 != 0
+	p.L = packet[0]&0x20 != 0
+	p.F = packet[0]&0x10 != 0
+	p.B = packet[0]&0x08 != 0
+	p.E = packet[0]&0x04 != 0
+	p.V = packet[0]&0x02 != 0
+
+	pos := 1
+	var err error
+
+	if p.I {
+		pos, err = p.parsePictureID(packet, pos)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	if p.L {
+		pos, err = p.parseLayerInfo(packet, pos)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	if p.F && p.P {
+		pos, err = p.parseRefIndices(packet, pos)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	if p.V {
+		pos, err = p.parseSSData(packet, pos)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	p.Payload = packet[pos:]
+	return p.Payload, nil
+}
+
+// Picture ID:
+//
+//      +-+-+-+-+-+-+-+-+
+// I:   |M| PICTURE ID  |   M:0 => picture id is 7 bits.
+//      +-+-+-+-+-+-+-+-+   M:1 => picture id is 15 bits.
+// M:   | EXTENDED PID  |
+//      +-+-+-+-+-+-+-+-+
+//
+func (p *VP9Packet) parsePictureID(packet []byte, pos int) (int, error) {
+	if len(packet) <= pos {
+		return pos, errShortPacket
+	}
+
+	p.PictureID = uint16(packet[pos] & 0x7F)
+	if packet[pos]&0x80 != 0 {
+		pos++
+		if len(packet) <= pos {
+			return pos, errShortPacket
+		}
+		p.PictureID = p.PictureID<<8 | uint16(packet[pos])
+	}
+	pos++
+	return pos, nil
+}
+
+func (p *VP9Packet) parseLayerInfo(packet []byte, pos int) (int, error) {
+	pos, err := p.parseLayerInfoCommon(packet, pos)
+	if err != nil {
+		return pos, err
+	}
+
+	if p.F {
+		return pos, nil
+	}
+
+	return p.parseLayerInfoNonFlexibleMode(packet, pos)
+}
+
+// Layer indices (flexible mode):
+//
+//      +-+-+-+-+-+-+-+-+
+// L:   |  T  |U|  S  |D|
+//      +-+-+-+-+-+-+-+-+
+//
+func (p *VP9Packet) parseLayerInfoCommon(packet []byte, pos int) (int, error) {
+	if len(packet) <= pos {
+		return pos, errShortPacket
+	}
+
+	p.TID = packet[pos] >> 5
+	p.U = packet[pos]&0x10 != 0
+	p.SID = (packet[pos] >> 1) & 0x7
+	p.D = packet[pos]&0x01 != 0
+
+	if p.SID >= maxSpatialLayers {
+		return pos, errTooManySpatialLayers
+	}
+
+	pos++
+	return pos, nil
+}
+
+// Layer indices (non-flexible mode):
+//
+//      +-+-+-+-+-+-+-+-+
+// L:   |  T  |U|  S  |D|
+//      +-+-+-+-+-+-+-+-+
+//      |   TL0PICIDX   |
+//      +-+-+-+-+-+-+-+-+
+//
+func (p *VP9Packet) parseLayerInfoNonFlexibleMode(packet []byte, pos int) (int, error) {
+	if len(packet) <= pos {
+		return pos, errShortPacket
+	}
+
+	p.TL0PICIDX = packet[pos]
+	pos++
+	return pos, nil
+}
+
+// Reference indices:
+//
+//      +-+-+-+-+-+-+-+-+                P=1,F=1: At least one reference index
+// P,F: | P_DIFF      |N|  up to 3 times          has to be specified.
+//      +-+-+-+-+-+-+-+-+                    N=1: An additional P_DIFF follows
+//                                                current P_DIFF.
+//
+func (p *VP9Packet) parseRefIndices(packet []byte, pos int) (int, error) {
+	for {
+		if len(packet) <= pos {
+			return pos, errShortPacket
+		}
+		p.PDiff = append(p.PDiff, packet[pos]>>1)
+		if packet[pos]&0x01 == 0 {
+			break
+		}
+		if len(p.PDiff) >= maxVP9RefPics {
+			return pos, errTooManyPDiff
+		}
+		pos++
+	}
+	pos++
+
+	return pos, nil
+}
+
+// Scalability structure (SS):
+//
+//      +-+-+-+-+-+-+-+-+
+// V:   | N_S |Y|G|-|-|-|
+//      +-+-+-+-+-+-+-+-+              -|
+// Y:   |     WIDTH     | (OPTIONAL)    .
+//      +               +               .
+//      |               | (OPTIONAL)    .
+//      +-+-+-+-+-+-+-+-+               . N_S + 1 times
+//      |     HEIGHT    | (OPTIONAL)    .
+//      +               +               .
+//      |               | (OPTIONAL)    .
+//      +-+-+-+-+-+-+-+-+              -|
+// G:   |      N_G      | (OPTIONAL)
+//      +-+-+-+-+-+-+-+-+                           -|
+// N_G: |  T  |U| R |-|-| (OPTIONAL)                 .
+//      +-+-+-+-+-+-+-+-+              -|            . N_G times
+//      |    P_DIFF     | (OPTIONAL)    . R times    .
+//      +-+-+-+-+-+-+-+-+              -|           -|
+//
+func (p *VP9Packet) parseSSData(packet []byte, pos int) (int, error) {
+	if len(packet) <= pos {
+		return pos, errShortPacket
+	}
+
+	p.NS = packet[pos] >> 5
+	p.Y = packet[pos]&0x10 != 0
+	p.G = (packet[pos]>>1)&0x7 != 0
+	pos++
+
+	NS := p.NS + 1
+	p.NG = 0
+
+	if p.Y {
+		p.Width = make([]uint16, NS)
+		p.Height = make([]uint16, NS)
+		for i := 0; i < int(NS); i++ {
+			p.Width[i] = uint16(packet[pos])<<8 | uint16(packet[pos+1])
+			pos += 2
+			p.Height[i] = uint16(packet[pos])<<8 | uint16(packet[pos+1])
+			pos += 2
+		}
+	}
+
+	if p.G {
+		p.NG = packet[pos]
+		pos++
+	}
+
+	for i := 0; i < int(p.NG); i++ {
+		p.PGTID = append(p.PGTID, packet[pos]>>5)
+		p.PGU = append(p.PGU, packet[pos]&0x10 != 0)
+		R := (packet[pos] >> 2) & 0x3
+		pos++
+
+		p.PGPDiff = append(p.PGPDiff, []uint8{})
+		for j := 0; j < int(R); j++ {
+			p.PGPDiff[i] = append(p.PGPDiff[i], packet[pos])
+			pos++
+		}
+	}
+
+	return pos, nil
+}
+
+// VP9PartitionHeadChecker checks VP9 partition head
+type VP9PartitionHeadChecker struct{}
+
+// IsPartitionHead checks whether if this is a head of the VP9 partition
+func (*VP9PartitionHeadChecker) IsPartitionHead(packet []byte) bool {
+	p := &VP9Packet{}
+	if _, err := p.Unmarshal(packet); err != nil {
+		return false
+	}
+	return p.B
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/depacketizer.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/depacketizer.go
new file mode 100644
index 000000000..b8c09dad9
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/depacketizer.go
@@ -0,0 +1,6 @@
+package rtp
+
+// Depacketizer depacketizes a RTP payload, removing any RTP specific data from the payload
+type Depacketizer interface {
+	Unmarshal(packet []byte) ([]byte, error)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/error.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/error.go
new file mode 100644
index 000000000..5458c6fa5
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/error.go
@@ -0,0 +1,21 @@
+package rtp
+
+import (
+	"errors"
+)
+
+var (
+	errHeaderSizeInsufficient             = errors.New("RTP header size insufficient")
+	errHeaderSizeInsufficientForExtension = errors.New("RTP header size insufficient for extension")
+	errTooSmall                           = errors.New("buffer too small")
+	errHeaderExtensionsNotEnabled         = errors.New("h.Extension not enabled")
+	errHeaderExtensionNotFound            = errors.New("extension not found")
+
+	errRFC8285OneByteHeaderIDRange = errors.New("header extension id must be between 1 and 14 for RFC 5285 one byte extensions")
+	errRFC8285OneByteHeaderSize    = errors.New("header extension payload must be 16bytes or less for RFC 5285 one byte extensions")
+
+	errRFC8285TwoByteHeaderIDRange = errors.New("header extension id must be between 1 and 255 for RFC 5285 two byte extensions")
+	errRFC8285TwoByteHeaderSize    = errors.New("header extension payload must be 255bytes or less for RFC 5285 two byte extensions")
+
+	errRFC3550HeaderIDRange = errors.New("header extension id must be 0 for non-RFC 5285 extensions")
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/go.mod b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/go.mod
new file mode 100644
index 000000000..412ae63d7
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/go.mod
@@ -0,0 +1,5 @@
+module github.com/pion/rtp
+
+go 1.13
+
+require github.com/pion/randutil v0.1.0
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/go.sum b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/go.sum
new file mode 100644
index 000000000..401b903b1
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/go.sum
@@ -0,0 +1,2 @@
+github.com/pion/randutil v0.1.0 h1:CFG1UdESneORglEsnimhUjf33Rwjubwj6xfiOXBa3mA=
+github.com/pion/randutil v0.1.0/go.mod h1:XcJrSMMbbMRhASFVOlj/5hQial/Y8oH/HVo7TBZq+j8=
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/packet.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/packet.go
new file mode 100644
index 000000000..b237b0a78
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/packet.go
@@ -0,0 +1,490 @@
+package rtp
+
+import (
+	"encoding/binary"
+	"fmt"
+	"io"
+)
+
+// Extension RTP Header extension
+type Extension struct {
+	id      uint8
+	payload []byte
+}
+
+// Header represents an RTP packet header
+// NOTE: PayloadOffset is populated by Marshal/Unmarshal and should not be modified
+type Header struct {
+	Version          uint8
+	Padding          bool
+	Extension        bool
+	Marker           bool
+	PayloadOffset    int
+	PayloadType      uint8
+	SequenceNumber   uint16
+	Timestamp        uint32
+	SSRC             uint32
+	CSRC             []uint32
+	ExtensionProfile uint16
+	Extensions       []Extension
+}
+
+// Packet represents an RTP Packet
+// NOTE: Raw is populated by Marshal/Unmarshal and should not be modified
+type Packet struct {
+	Header
+	Raw     []byte
+	Payload []byte
+}
+
+const (
+	headerLength            = 4
+	versionShift            = 6
+	versionMask             = 0x3
+	paddingShift            = 5
+	paddingMask             = 0x1
+	extensionShift          = 4
+	extensionMask           = 0x1
+	extensionProfileOneByte = 0xBEDE
+	extensionProfileTwoByte = 0x1000
+	extensionIDReserved     = 0xF
+	ccMask                  = 0xF
+	markerShift             = 7
+	markerMask              = 0x1
+	ptMask                  = 0x7F
+	seqNumOffset            = 2
+	seqNumLength            = 2
+	timestampOffset         = 4
+	timestampLength         = 4
+	ssrcOffset              = 8
+	ssrcLength              = 4
+	csrcOffset              = 12
+	csrcLength              = 4
+)
+
+// String helps with debugging by printing packet information in a readable way
+func (p Packet) String() string {
+	out := "RTP PACKET:\n"
+
+	out += fmt.Sprintf("\tVersion: %v\n", p.Version)
+	out += fmt.Sprintf("\tMarker: %v\n", p.Marker)
+	out += fmt.Sprintf("\tPayload Type: %d\n", p.PayloadType)
+	out += fmt.Sprintf("\tSequence Number: %d\n", p.SequenceNumber)
+	out += fmt.Sprintf("\tTimestamp: %d\n", p.Timestamp)
+	out += fmt.Sprintf("\tSSRC: %d (%x)\n", p.SSRC, p.SSRC)
+	out += fmt.Sprintf("\tPayload Length: %d\n", len(p.Payload))
+
+	return out
+}
+
+// Unmarshal parses the passed byte slice and stores the result in the Header this method is called upon
+func (h *Header) Unmarshal(rawPacket []byte) error { //nolint:gocognit
+	if len(rawPacket) < headerLength {
+		return fmt.Errorf("%w: %d < %d", errHeaderSizeInsufficient, len(rawPacket), headerLength)
+	}
+
+	/*
+	 *  0                   1                   2                   3
+	 *  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+	 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 * |V=2|P|X|  CC   |M|     PT      |       sequence number         |
+	 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 * |                           timestamp                           |
+	 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 * |           synchronization source (SSRC) identifier            |
+	 * +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+	 * |            contributing source (CSRC) identifiers             |
+	 * |                             ....                              |
+	 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 */
+
+	h.Version = rawPacket[0] >> versionShift & versionMask
+	h.Padding = (rawPacket[0] >> paddingShift & paddingMask) > 0
+	h.Extension = (rawPacket[0] >> extensionShift & extensionMask) > 0
+	nCSRC := int(rawPacket[0] & ccMask)
+	if cap(h.CSRC) < nCSRC || h.CSRC == nil {
+		h.CSRC = make([]uint32, nCSRC)
+	} else {
+		h.CSRC = h.CSRC[:nCSRC]
+	}
+
+	currOffset := csrcOffset + (nCSRC * csrcLength)
+	if len(rawPacket) < currOffset {
+		return fmt.Errorf("size %d < %d: %w", len(rawPacket), currOffset, errHeaderSizeInsufficient)
+	}
+
+	h.Marker = (rawPacket[1] >> markerShift & markerMask) > 0
+	h.PayloadType = rawPacket[1] & ptMask
+
+	h.SequenceNumber = binary.BigEndian.Uint16(rawPacket[seqNumOffset : seqNumOffset+seqNumLength])
+	h.Timestamp = binary.BigEndian.Uint32(rawPacket[timestampOffset : timestampOffset+timestampLength])
+	h.SSRC = binary.BigEndian.Uint32(rawPacket[ssrcOffset : ssrcOffset+ssrcLength])
+
+	for i := range h.CSRC {
+		offset := csrcOffset + (i * csrcLength)
+		h.CSRC[i] = binary.BigEndian.Uint32(rawPacket[offset:])
+	}
+
+	if h.Extensions != nil {
+		h.Extensions = h.Extensions[:0]
+	}
+
+	if h.Extension {
+		if expected := currOffset + 4; len(rawPacket) < expected {
+			return fmt.Errorf("size %d < %d: %w",
+				len(rawPacket), expected,
+				errHeaderSizeInsufficientForExtension,
+			)
+		}
+
+		h.ExtensionProfile = binary.BigEndian.Uint16(rawPacket[currOffset:])
+		currOffset += 2
+		extensionLength := int(binary.BigEndian.Uint16(rawPacket[currOffset:])) * 4
+		currOffset += 2
+
+		if expected := currOffset + extensionLength; len(rawPacket) < expected {
+			return fmt.Errorf("size %d < %d: %w",
+				len(rawPacket), expected,
+				errHeaderSizeInsufficientForExtension,
+			)
+		}
+
+		switch h.ExtensionProfile {
+		// RFC 8285 RTP One Byte Header Extension
+		case extensionProfileOneByte:
+			end := currOffset + extensionLength
+			for currOffset < end {
+				if rawPacket[currOffset] == 0x00 { // padding
+					currOffset++
+					continue
+				}
+
+				extid := rawPacket[currOffset] >> 4
+				len := int(rawPacket[currOffset]&^0xF0 + 1)
+				currOffset++
+
+				if extid == extensionIDReserved {
+					break
+				}
+
+				extension := Extension{id: extid, payload: rawPacket[currOffset : currOffset+len]}
+				h.Extensions = append(h.Extensions, extension)
+				currOffset += len
+			}
+
+		// RFC 8285 RTP Two Byte Header Extension
+		case extensionProfileTwoByte:
+			end := currOffset + extensionLength
+			for currOffset < end {
+				if rawPacket[currOffset] == 0x00 { // padding
+					currOffset++
+					continue
+				}
+
+				extid := rawPacket[currOffset]
+				currOffset++
+
+				len := int(rawPacket[currOffset])
+				currOffset++
+
+				extension := Extension{id: extid, payload: rawPacket[currOffset : currOffset+len]}
+				h.Extensions = append(h.Extensions, extension)
+				currOffset += len
+			}
+
+		default: // RFC3550 Extension
+			if len(rawPacket) < currOffset+extensionLength {
+				return fmt.Errorf("%w: %d < %d", errHeaderSizeInsufficientForExtension, len(rawPacket), currOffset+extensionLength)
+			}
+
+			extension := Extension{id: 0, payload: rawPacket[currOffset : currOffset+extensionLength]}
+			h.Extensions = append(h.Extensions, extension)
+			currOffset += len(h.Extensions[0].payload)
+		}
+	}
+
+	h.PayloadOffset = currOffset
+
+	return nil
+}
+
+// Unmarshal parses the passed byte slice and stores the result in the Packet this method is called upon
+func (p *Packet) Unmarshal(rawPacket []byte) error {
+	if err := p.Header.Unmarshal(rawPacket); err != nil {
+		return err
+	}
+
+	p.Payload = rawPacket[p.PayloadOffset:]
+	p.Raw = rawPacket
+	return nil
+}
+
+// Marshal serializes the header into bytes.
+func (h *Header) Marshal() (buf []byte, err error) {
+	buf = make([]byte, h.MarshalSize())
+
+	n, err := h.MarshalTo(buf)
+	if err != nil {
+		return nil, err
+	}
+
+	return buf[:n], nil
+}
+
+// MarshalTo serializes the header and writes to the buffer.
+func (h *Header) MarshalTo(buf []byte) (n int, err error) {
+	/*
+	 *  0                   1                   2                   3
+	 *  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+	 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 * |V=2|P|X|  CC   |M|     PT      |       sequence number         |
+	 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 * |                           timestamp                           |
+	 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 * |           synchronization source (SSRC) identifier            |
+	 * +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+	 * |            contributing source (CSRC) identifiers             |
+	 * |                             ....                              |
+	 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 */
+
+	size := h.MarshalSize()
+	if size > len(buf) {
+		return 0, io.ErrShortBuffer
+	}
+
+	// The first byte contains the version, padding bit, extension bit, and csrc size
+	buf[0] = (h.Version << versionShift) | uint8(len(h.CSRC))
+	if h.Padding {
+		buf[0] |= 1 << paddingShift
+	}
+
+	if h.Extension {
+		buf[0] |= 1 << extensionShift
+	}
+
+	// The second byte contains the marker bit and payload type.
+	buf[1] = h.PayloadType
+	if h.Marker {
+		buf[1] |= 1 << markerShift
+	}
+
+	binary.BigEndian.PutUint16(buf[2:4], h.SequenceNumber)
+	binary.BigEndian.PutUint32(buf[4:8], h.Timestamp)
+	binary.BigEndian.PutUint32(buf[8:12], h.SSRC)
+
+	n = 12
+	for _, csrc := range h.CSRC {
+		binary.BigEndian.PutUint32(buf[n:n+4], csrc)
+		n += 4
+	}
+
+	if h.Extension {
+		extHeaderPos := n
+		binary.BigEndian.PutUint16(buf[n+0:n+2], h.ExtensionProfile)
+		n += 4
+		startExtensionsPos := n
+
+		switch h.ExtensionProfile {
+		// RFC 8285 RTP One Byte Header Extension
+		case extensionProfileOneByte:
+			for _, extension := range h.Extensions {
+				buf[n] = extension.id<<4 | (uint8(len(extension.payload)) - 1)
+				n++
+				n += copy(buf[n:], extension.payload)
+			}
+		// RFC 8285 RTP Two Byte Header Extension
+		case extensionProfileTwoByte:
+			for _, extension := range h.Extensions {
+				buf[n] = extension.id
+				n++
+				buf[n] = uint8(len(extension.payload))
+				n++
+				n += copy(buf[n:], extension.payload)
+			}
+		default: // RFC3550 Extension
+			extlen := len(h.Extensions[0].payload)
+			if extlen%4 != 0 {
+				// the payload must be in 32-bit words.
+				return 0, io.ErrShortBuffer
+			}
+			n += copy(buf[n:], h.Extensions[0].payload)
+		}
+
+		// calculate extensions size and round to 4 bytes boundaries
+		extSize := n - startExtensionsPos
+		roundedExtSize := ((extSize + 3) / 4) * 4
+
+		binary.BigEndian.PutUint16(buf[extHeaderPos+2:extHeaderPos+4], uint16(roundedExtSize/4))
+
+		// add padding to reach 4 bytes boundaries
+		for i := 0; i < roundedExtSize-extSize; i++ {
+			buf[n] = 0
+			n++
+		}
+	}
+
+	h.PayloadOffset = n
+
+	return n, nil
+}
+
+// MarshalSize returns the size of the header once marshaled.
+func (h *Header) MarshalSize() int {
+	// NOTE: Be careful to match the MarshalTo() method.
+	size := 12 + (len(h.CSRC) * csrcLength)
+
+	if h.Extension {
+		extSize := 4
+
+		switch h.ExtensionProfile {
+		// RFC 8285 RTP One Byte Header Extension
+		case extensionProfileOneByte:
+			for _, extension := range h.Extensions {
+				extSize += 1 + len(extension.payload)
+			}
+		// RFC 8285 RTP Two Byte Header Extension
+		case extensionProfileTwoByte:
+			for _, extension := range h.Extensions {
+				extSize += 2 + len(extension.payload)
+			}
+		default:
+			extSize += len(h.Extensions[0].payload)
+		}
+
+		// extensions size must have 4 bytes boundaries
+		size += ((extSize + 3) / 4) * 4
+	}
+
+	return size
+}
+
+// SetExtension sets an RTP header extension
+func (h *Header) SetExtension(id uint8, payload []byte) error { //nolint:gocognit
+	if h.Extension {
+		switch h.ExtensionProfile {
+		// RFC 8285 RTP One Byte Header Extension
+		case extensionProfileOneByte:
+			if id < 1 || id > 14 {
+				return fmt.Errorf("%w actual(%d)", errRFC8285OneByteHeaderIDRange, id)
+			}
+			if len(payload) > 16 {
+				return fmt.Errorf("%w actual(%d)", errRFC8285OneByteHeaderSize, len(payload))
+			}
+		// RFC 8285 RTP Two Byte Header Extension
+		case extensionProfileTwoByte:
+			if id < 1 || id > 255 {
+				return fmt.Errorf("%w actual(%d)", errRFC8285TwoByteHeaderIDRange, id)
+			}
+			if len(payload) > 255 {
+				return fmt.Errorf("%w actual(%d)", errRFC8285TwoByteHeaderSize, len(payload))
+			}
+		default: // RFC3550 Extension
+			if id != 0 {
+				return fmt.Errorf("%w actual(%d)", errRFC3550HeaderIDRange, id)
+			}
+		}
+
+		// Update existing if it exists else add new extension
+		for i, extension := range h.Extensions {
+			if extension.id == id {
+				h.Extensions[i].payload = payload
+				return nil
+			}
+		}
+		h.Extensions = append(h.Extensions, Extension{id: id, payload: payload})
+		return nil
+	}
+
+	// No existing header extensions
+	h.Extension = true
+
+	switch len := len(payload); {
+	case len <= 16:
+		h.ExtensionProfile = extensionProfileOneByte
+	case len > 16 && len < 256:
+		h.ExtensionProfile = extensionProfileTwoByte
+	}
+
+	h.Extensions = append(h.Extensions, Extension{id: id, payload: payload})
+	return nil
+}
+
+// GetExtensionIDs returns an extension id array
+func (h *Header) GetExtensionIDs() []uint8 {
+	if !h.Extension {
+		return nil
+	}
+
+	if len(h.Extensions) == 0 {
+		return nil
+	}
+
+	ids := make([]uint8, 0, len(h.Extensions))
+	for _, extension := range h.Extensions {
+		ids = append(ids, extension.id)
+	}
+	return ids
+}
+
+// GetExtension returns an RTP header extension
+func (h *Header) GetExtension(id uint8) []byte {
+	if !h.Extension {
+		return nil
+	}
+	for _, extension := range h.Extensions {
+		if extension.id == id {
+			return extension.payload
+		}
+	}
+	return nil
+}
+
+// DelExtension Removes an RTP Header extension
+func (h *Header) DelExtension(id uint8) error {
+	if !h.Extension {
+		return errHeaderExtensionsNotEnabled
+	}
+	for i, extension := range h.Extensions {
+		if extension.id == id {
+			h.Extensions = append(h.Extensions[:i], h.Extensions[i+1:]...)
+			return nil
+		}
+	}
+	return errHeaderExtensionNotFound
+}
+
+// Marshal serializes the packet into bytes.
+func (p *Packet) Marshal() (buf []byte, err error) {
+	buf = make([]byte, p.MarshalSize())
+
+	n, err := p.MarshalTo(buf)
+	if err != nil {
+		return nil, err
+	}
+
+	return buf[:n], nil
+}
+
+// MarshalTo serializes the packet and writes to the buffer.
+func (p *Packet) MarshalTo(buf []byte) (n int, err error) {
+	n, err = p.Header.MarshalTo(buf)
+	if err != nil {
+		return 0, err
+	}
+
+	// Make sure the buffer is large enough to hold the packet.
+	if n+len(p.Payload) > len(buf) {
+		return 0, io.ErrShortBuffer
+	}
+
+	m := copy(buf[n:], p.Payload)
+	p.Raw = buf[:n+m]
+
+	return n + m, nil
+}
+
+// MarshalSize returns the size of the packet once marshaled.
+func (p *Packet) MarshalSize() int {
+	return p.Header.MarshalSize() + len(p.Payload)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/packetizer.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/packetizer.go
new file mode 100644
index 000000000..5a8482f61
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/packetizer.go
@@ -0,0 +1,91 @@
+package rtp
+
+import (
+	"time"
+)
+
+// Payloader payloads a byte array for use as rtp.Packet payloads
+type Payloader interface {
+	Payload(mtu int, payload []byte) [][]byte
+}
+
+// Packetizer packetizes a payload
+type Packetizer interface {
+	Packetize(payload []byte, samples uint32) []*Packet
+	EnableAbsSendTime(value int)
+}
+
+type packetizer struct {
+	MTU              int
+	PayloadType      uint8
+	SSRC             uint32
+	Payloader        Payloader
+	Sequencer        Sequencer
+	Timestamp        uint32
+	ClockRate        uint32
+	extensionNumbers struct { // put extension numbers in here. If they're 0, the extension is disabled (0 is not a legal extension number)
+		AbsSendTime int // http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time
+	}
+	timegen func() time.Time
+}
+
+// NewPacketizer returns a new instance of a Packetizer for a specific payloader
+func NewPacketizer(mtu int, pt uint8, ssrc uint32, payloader Payloader, sequencer Sequencer, clockRate uint32) Packetizer {
+	return &packetizer{
+		MTU:         mtu,
+		PayloadType: pt,
+		SSRC:        ssrc,
+		Payloader:   payloader,
+		Sequencer:   sequencer,
+		Timestamp:   globalMathRandomGenerator.Uint32(),
+		ClockRate:   clockRate,
+		timegen:     time.Now,
+	}
+}
+
+func (p *packetizer) EnableAbsSendTime(value int) {
+	p.extensionNumbers.AbsSendTime = value
+}
+
+// Packetize packetizes the payload of an RTP packet and returns one or more RTP packets
+func (p *packetizer) Packetize(payload []byte, samples uint32) []*Packet {
+	// Guard against an empty payload
+	if len(payload) == 0 {
+		return nil
+	}
+
+	payloads := p.Payloader.Payload(p.MTU-12, payload)
+	packets := make([]*Packet, len(payloads))
+
+	for i, pp := range payloads {
+		packets[i] = &Packet{
+			Header: Header{
+				Version:        2,
+				Padding:        false,
+				Extension:      false,
+				Marker:         i == len(payloads)-1,
+				PayloadType:    p.PayloadType,
+				SequenceNumber: p.Sequencer.NextSequenceNumber(),
+				Timestamp:      p.Timestamp, // Figure out how to do timestamps
+				SSRC:           p.SSRC,
+			},
+			Payload: pp,
+		}
+	}
+	p.Timestamp += samples
+
+	if len(packets) != 0 && p.extensionNumbers.AbsSendTime != 0 {
+		sendTime := NewAbsSendTimeExtension(p.timegen())
+		// apply http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time
+		b, err := sendTime.Marshal()
+		if err != nil {
+			return nil // never happens
+		}
+		err = packets[len(packets)-1].SetExtension(uint8(p.extensionNumbers.AbsSendTime), b)
+		if err != nil {
+			return nil // never happens
+		}
+	}
+
+	return packets
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/partitionheadchecker.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/partitionheadchecker.go
new file mode 100644
index 000000000..6ec2a7631
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/partitionheadchecker.go
@@ -0,0 +1,6 @@
+package rtp
+
+// PartitionHeadChecker is the interface that checks whether the packet is keyframe or not
+type PartitionHeadChecker interface {
+	IsPartitionHead([]byte) bool
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/rand.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/rand.go
new file mode 100644
index 000000000..ee8552356
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/rand.go
@@ -0,0 +1,8 @@
+package rtp
+
+import (
+	"github.com/pion/randutil"
+)
+
+// Use global random generator to properly seed by crypto grade random.
+var globalMathRandomGenerator = randutil.NewMathRandomGenerator() // nolint:gochecknoglobals
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/renovate.json b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/renovate.json
new file mode 100644
index 000000000..4400fd9b2
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/renovate.json
@@ -0,0 +1,15 @@
+{
+  "extends": [
+    "config:base"
+  ],
+  "postUpdateOptions": [
+    "gomodTidy"
+  ],
+  "commitBody": "Generated by renovateBot",
+  "packageRules": [
+    {
+      "packagePatterns": ["^golang.org/x/"],
+      "schedule": ["on the first day of the month"]
+    }
+  ]
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/rtp.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/rtp.go
new file mode 100644
index 000000000..b66b2e4b8
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/rtp.go
@@ -0,0 +1,2 @@
+// Package rtp provides RTP packetizer and depacketizer
+package rtp
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/sequencer.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/sequencer.go
new file mode 100644
index 000000000..2b4a5072e
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/sequencer.go
@@ -0,0 +1,57 @@
+package rtp
+
+import (
+	"math"
+	"sync"
+)
+
+// Sequencer generates sequential sequence numbers for building RTP packets
+type Sequencer interface {
+	NextSequenceNumber() uint16
+	RollOverCount() uint64
+}
+
+// NewRandomSequencer returns a new sequencer starting from a random sequence
+// number
+func NewRandomSequencer() Sequencer {
+	return &sequencer{
+		sequenceNumber: uint16(globalMathRandomGenerator.Intn(math.MaxUint16)),
+	}
+}
+
+// NewFixedSequencer returns a new sequencer starting from a specific
+// sequence number
+func NewFixedSequencer(s uint16) Sequencer {
+	return &sequencer{
+		sequenceNumber: s - 1, // -1 because the first sequence number prepends 1
+	}
+}
+
+type sequencer struct {
+	sequenceNumber uint16
+	rollOverCount  uint64
+	mutex          sync.Mutex
+}
+
+// NextSequenceNumber increment and returns a new sequence number for
+// building RTP packets
+func (s *sequencer) NextSequenceNumber() uint16 {
+	s.mutex.Lock()
+	defer s.mutex.Unlock()
+
+	s.sequenceNumber++
+	if s.sequenceNumber == 0 {
+		s.rollOverCount++
+	}
+
+	return s.sequenceNumber
+}
+
+// RollOverCount returns the amount of times the 16bit sequence number
+// has wrapped
+func (s *sequencer) RollOverCount() uint64 {
+	s.mutex.Lock()
+	defer s.mutex.Unlock()
+
+	return s.rollOverCount
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/transportccextension.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/transportccextension.go
new file mode 100644
index 000000000..f9ffe4eb1
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/rtp/transportccextension.go
@@ -0,0 +1,39 @@
+package rtp
+
+import (
+	"encoding/binary"
+)
+
+const (
+	// transport-wide sequence
+	transportCCExtensionSize = 2
+)
+
+// TransportCCExtension is a extension payload format in
+// https://tools.ietf.org/html/draft-holmer-rmcat-transport-wide-cc-extensions-01
+// 0                   1                   2                   3
+// 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+// |       0xBE    |    0xDE       |           length=1            |
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+// |  ID   | L=1   |transport-wide sequence number | zero padding  |
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+type TransportCCExtension struct {
+	TransportSequence uint16
+}
+
+// Marshal serializes the members to buffer
+func (t *TransportCCExtension) Marshal() ([]byte, error) {
+	buf := make([]byte, transportCCExtensionSize)
+	binary.BigEndian.PutUint16(buf[0:2], t.TransportSequence)
+	return buf, nil
+}
+
+// Unmarshal parses the passed byte slice and stores the result in the members
+func (t *TransportCCExtension) Unmarshal(rawData []byte) error {
+	if len(rawData) < transportCCExtensionSize {
+		return errTooSmall
+	}
+	t.TransportSequence = binary.BigEndian.Uint16(rawData[0:2])
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/.gitignore b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/.gitignore
new file mode 100644
index 000000000..d39fb86a3
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/.gitignore
@@ -0,0 +1 @@
+*.sw[poe]
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/.golangci.yml b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/.golangci.yml
new file mode 100644
index 000000000..421369778
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/.golangci.yml
@@ -0,0 +1,82 @@
+linters-settings:
+  govet:
+    check-shadowing: true
+  misspell:
+    locale: US
+  exhaustive:
+    default-signifies-exhaustive: true
+
+linters:
+  enable:
+    - asciicheck       # Simple linter to check that your code does not contain non-ASCII identifiers
+    - bodyclose        # checks whether HTTP response body is closed successfully
+    - deadcode         # Finds unused code
+    - depguard         # Go linter that checks if package imports are in a list of acceptable packages
+    - dogsled          # Checks assignments with too many blank identifiers (e.g. x, _, _, _, := f())
+    - dupl             # Tool for code clone detection
+    - errcheck         # Errcheck is a program for checking for unchecked errors in go programs. These unchecked errors can be critical bugs in some cases
+    - exhaustive       # check exhaustiveness of enum switch statements
+    - exportloopref    # checks for pointers to enclosing loop variables
+    - gci              # Gci control golang package import order and make it always deterministic.
+    - gochecknoglobals # Checks that no globals are present in Go code
+    - gochecknoinits   # Checks that no init functions are present in Go code
+    - gocognit         # Computes and checks the cognitive complexity of functions
+    - goconst          # Finds repeated strings that could be replaced by a constant
+    - gocritic         # The most opinionated Go source code linter
+    - godox            # Tool for detection of FIXME, TODO and other comment keywords
+    - goerr113         # Golang linter to check the errors handling expressions
+    - gofmt            # Gofmt checks whether code was gofmt-ed. By default this tool runs with -s option to check for code simplification
+    - gofumpt          # Gofumpt checks whether code was gofumpt-ed.
+    - goheader         # Checks is file header matches to pattern
+    - goimports        # Goimports does everything that gofmt does. Additionally it checks unused imports
+    - golint           # Golint differs from gofmt. Gofmt reformats Go source code, whereas golint prints out style mistakes
+    - gomodguard       # Allow and block list linter for direct Go module dependencies. This is different from depguard where there are different block types for example version constraints and module recommendations.
+    - goprintffuncname # Checks that printf-like functions are named with `f` at the end
+    - gosec            # Inspects source code for security problems
+    - gosimple         # Linter for Go source code that specializes in simplifying a code
+    - govet            # Vet examines Go source code and reports suspicious constructs, such as Printf calls whose arguments do not align with the format string
+    - ineffassign      # Detects when assignments to existing variables are not used
+    - misspell         # Finds commonly misspelled English words in comments
+    - nakedret         # Finds naked returns in functions greater than a specified function length
+    - noctx            # noctx finds sending http request without context.Context
+    - scopelint        # Scopelint checks for unpinned variables in go programs
+    - staticcheck      # Staticcheck is a go vet on steroids, applying a ton of static analysis checks
+    - structcheck      # Finds unused struct fields
+    - stylecheck       # Stylecheck is a replacement for golint
+    - typecheck        # Like the front-end of a Go compiler, parses and type-checks Go code
+    - unconvert        # Remove unnecessary type conversions
+    - unparam          # Reports unused function parameters
+    - unused           # Checks Go code for unused constants, variables, functions and types
+    - varcheck         # Finds unused global variables and constants
+    - whitespace       # Tool for detection of leading and trailing whitespace
+  disable:
+    - funlen           # Tool for detection of long functions
+    - gocyclo          # Computes and checks the cyclomatic complexity of functions
+    - godot            # Check if comments end in a period
+    - gomnd            # An analyzer to detect magic numbers.
+    - lll              # Reports long lines
+    - maligned         # Tool to detect Go structs that would take less memory if their fields were sorted
+    - nestif           # Reports deeply nested if statements
+    - nlreturn         # nlreturn checks for a new line before return and branch statements to increase code clarity
+    - nolintlint       # Reports ill-formed or insufficient nolint directives
+    - prealloc         # Finds slice declarations that could potentially be preallocated
+    - rowserrcheck     # checks whether Err of rows is checked successfully
+    - sqlclosecheck    # Checks that sql.Rows and sql.Stmt are closed.
+    - testpackage      # linter that makes you use a separate _test package
+    - wsl              # Whitespace Linter - Forces you to use empty lines!
+
+issues:
+  exclude-rules:
+    # Allow complex tests, better to be self contained
+    - path: _test\.go
+      linters:
+        - gocognit
+
+    # Allow complex main function in examples
+    - path: examples
+      text: "of func `main` is high"
+      linters:
+        - gocognit
+
+run:
+  skip-dirs-use-default: false
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/DESIGN.md b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/DESIGN.md
new file mode 100644
index 000000000..02ac16113
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/DESIGN.md
@@ -0,0 +1,20 @@
+<h1 align="center">
+  Design
+</h1>
+
+### Portable
+Pion SCTP is written in Go and extremely portable. Anywhere Golang runs, Pion SCTP should work as well! Instead of dealing with complicated
+cross-compiling of multiple libraries, you now can run anywhere with one `go build`
+
+### Simple API
+The API is based on an io.ReadWriteCloser.
+
+### Readable
+If code comes from an RFC we try to make sure everything is commented with a link to the spec.
+This makes learning and debugging easier, this library was written to also serve as a guide for others.
+
+### Tested
+Every commit is tested via travis-ci Go provides fantastic facilities for testing, and more will be added as time goes on.
+
+### Shared libraries
+Every pion product is built using shared libraries, allowing others to review and reuse our libraries.
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/LICENSE b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/LICENSE
new file mode 100644
index 000000000..ab602974d
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2018 
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/README.md b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/README.md
new file mode 100644
index 000000000..18b569381
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/README.md
@@ -0,0 +1,54 @@
+<h1 align="center">
+  <br>
+  Pion SCTP
+  <br>
+</h1>
+<h4 align="center">A Go implementation of SCTP</h4>
+<p align="center">
+  <a href="https://pion.ly"><img src="https://img.shields.io/badge/pion-sctp-gray.svg?longCache=true&colorB=brightgreen" alt="Pion SCTP"></a>
+  <!--<a href="https://sourcegraph.com/github.com/pion/webrtc?badge"><img src="https://sourcegraph.com/github.com/pion/webrtc/-/badge.svg" alt="Sourcegraph Widget"></a>-->
+  <a href="https://pion.ly/slack"><img src="https://img.shields.io/badge/join-us%20on%20slack-gray.svg?longCache=true&logo=slack&colorB=brightgreen" alt="Slack Widget"></a>
+  <br>
+  <a href="https://travis-ci.org/pion/sctp"><img src="https://travis-ci.org/pion/sctp.svg?branch=master" alt="Build Status"></a>
+  <a href="https://pkg.go.dev/github.com/pion/sctp"><img src="https://godoc.org/github.com/pion/sctp?status.svg" alt="GoDoc"></a>
+  <a href="https://codecov.io/gh/pion/sctp"><img src="https://codecov.io/gh/pion/sctp/branch/master/graph/badge.svg" alt="Coverage Status"></a>
+  <a href="https://goreportcard.com/report/github.com/pion/sctp"><img src="https://goreportcard.com/badge/github.com/pion/sctp" alt="Go Report Card"></a>
+  <!--<a href="https://www.codacy.com/app/Sean-Der/webrtc"><img src="https://api.codacy.com/project/badge/Grade/18f4aec384894e6aac0b94effe51961d" alt="Codacy Badge"></a>-->
+  <a href="LICENSE"><img src="https://img.shields.io/badge/License-MIT-yellow.svg" alt="License: MIT"></a>
+</p>
+<br>
+
+See [DESIGN.md](DESIGN.md) for an overview of features and future goals.
+
+### Roadmap
+The library is used as a part of our WebRTC implementation. Please refer to that [roadmap](https://github.com/pion/webrtc/issues/9) to track our major milestones.
+
+### Community
+Pion has an active community on the [Golang Slack](https://invite.slack.golangbridge.org/). Sign up and join the **#pion** channel for discussions and support. You can also use [Pion mailing list](https://groups.google.com/forum/#!forum/pion).
+
+We are always looking to support **your projects**. Please reach out if you have something to build!
+
+If you need commercial support or don't want to use public methods you can contact us at [team@pion.ly](mailto:team@pion.ly)
+
+### Contributing
+Check out the **[contributing wiki](https://github.com/pion/webrtc/wiki/Contributing)** to join the group of amazing people making this project possible:
+
+* [John Bradley](https://github.com/kc5nra) - *Original Author*
+* [Sean DuBois](https://github.com/Sean-Der) - *Original Author*
+* [Michiel De Backker](https://github.com/backkem) - *Public API, Initialization*
+* [Konstantin Itskov](https://github.com/trivigy) - *Fix documentation*
+* [chenkaiC4](https://github.com/chenkaiC4) - *Fix GolangCI Linter*
+* [Ronan J](https://github.com/ronanj) - *Fix PPID*
+* [Michael MacDonald](https://github.com/mjmac) - *Fix races*
+* [Yutaka Takeda](https://github.com/enobufs) - *PR-SCTP, Retransmissions, Congestion Control*
+* [Antoine Baché](https://github.com/Antonito) - *SCTP Profiling*
+* [Cecylia Bocovich](https://github.com/cohosh) - *Fix SCTP reads*
+* [Hugo Arregui](https://github.com/hugoArregui)
+* [Atsushi Watanabe](https://github.com/at-wat)
+* [Lukas Herman](https://github.com/lherman-cs)
+* [Luke Curley](https://github.com/kixelated) - *Performance*
+* [Aaron France](https://github.com/AeroNotix)
+* [ZHENK](https://github.com/scorpionknifes)
+
+### License
+MIT License - see [LICENSE](LICENSE) for full text
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/ack_timer.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/ack_timer.go
new file mode 100644
index 000000000..ba23d54d2
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/ack_timer.go
@@ -0,0 +1,105 @@
+package sctp
+
+import (
+	"sync"
+	"time"
+)
+
+const (
+	ackInterval time.Duration = 200 * time.Millisecond
+)
+
+// ackTimerObserver is the inteface to an ack timer observer.
+type ackTimerObserver interface {
+	onAckTimeout()
+}
+
+// ackTimer provides the retnransmission timer conforms with RFC 4960 Sec 6.3.1
+type ackTimer struct {
+	observer ackTimerObserver
+	interval time.Duration
+	stopFunc stopAckTimerLoop
+	closed   bool
+	mutex    sync.RWMutex
+}
+
+type stopAckTimerLoop func()
+
+// newAckTimer creates a new acknowledgement timer used to enable delayed ack.
+func newAckTimer(observer ackTimerObserver) *ackTimer {
+	return &ackTimer{
+		observer: observer,
+		interval: ackInterval,
+	}
+}
+
+// start starts the timer.
+func (t *ackTimer) start() bool {
+	t.mutex.Lock()
+	defer t.mutex.Unlock()
+
+	// this timer is already closed
+	if t.closed {
+		return false
+	}
+
+	// this is a noop if the timer is already running
+	if t.stopFunc != nil {
+		return false
+	}
+
+	cancelCh := make(chan struct{})
+
+	go func() {
+		timer := time.NewTimer(t.interval)
+
+		select {
+		case <-timer.C:
+			t.stop()
+			t.observer.onAckTimeout()
+		case <-cancelCh:
+			timer.Stop()
+		}
+	}()
+
+	t.stopFunc = func() {
+		close(cancelCh)
+	}
+
+	return true
+}
+
+// stops the timer. this is similar to stop() but subsequent start() call
+// will fail (the timer is no longer usable)
+func (t *ackTimer) stop() {
+	t.mutex.Lock()
+	defer t.mutex.Unlock()
+
+	if t.stopFunc != nil {
+		t.stopFunc()
+		t.stopFunc = nil
+	}
+}
+
+// closes the timer. this is similar to stop() but subsequent start() call
+// will fail (the timer is no longer usable)
+func (t *ackTimer) close() {
+	t.mutex.Lock()
+	defer t.mutex.Unlock()
+
+	if t.stopFunc != nil {
+		t.stopFunc()
+		t.stopFunc = nil
+	}
+
+	t.closed = true
+}
+
+// isRunning tests if the timer is running.
+// Debug purpose only
+func (t *ackTimer) isRunning() bool {
+	t.mutex.RLock()
+	defer t.mutex.RUnlock()
+
+	return (t.stopFunc != nil)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/association.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/association.go
new file mode 100644
index 000000000..1393cb89e
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/association.go
@@ -0,0 +1,2241 @@
+package sctp
+
+import (
+	"bytes"
+	"fmt"
+	"io"
+	"math"
+	"net"
+	"sync"
+	"sync/atomic"
+	"time"
+
+	"github.com/pion/logging"
+	"github.com/pion/randutil"
+	"github.com/pkg/errors"
+)
+
+// Use global random generator to properly seed by crypto grade random.
+var (
+	globalMathRandomGenerator = randutil.NewMathRandomGenerator() // nolint:gochecknoglobals
+	errChunk                  = errors.New("Abort chunk, with following errors")
+)
+
+const (
+	receiveMTU            uint32 = 8192 // MTU for inbound packet (from DTLS)
+	initialMTU            uint32 = 1228 // initial MTU for outgoing packets (to DTLS)
+	initialRecvBufSize    uint32 = 1024 * 1024
+	commonHeaderSize      uint32 = 12
+	dataChunkHeaderSize   uint32 = 16
+	defaultMaxMessageSize uint32 = 65536
+)
+
+// association state enums
+const (
+	closed uint32 = iota
+	cookieWait
+	cookieEchoed
+	established
+	shutdownAckSent
+	shutdownPending
+	shutdownReceived
+	shutdownSent
+)
+
+// retransmission timer IDs
+const (
+	timerT1Init int = iota
+	timerT1Cookie
+	timerT3RTX
+	timerReconfig
+)
+
+// ack mode (for testing)
+const (
+	ackModeNormal int = iota
+	ackModeNoDelay
+	ackModeAlwaysDelay
+)
+
+// ack transmission state
+const (
+	ackStateIdle      int = iota // ack timer is off
+	ackStateImmediate            // ack timer is on (ack is being delayed)
+	ackStateDelay                // will send ack immediately
+)
+
+// other constants
+const (
+	acceptChSize = 16
+)
+
+func getAssociationStateString(a uint32) string {
+	switch a {
+	case closed:
+		return "Closed"
+	case cookieWait:
+		return "CookieWait"
+	case cookieEchoed:
+		return "CookieEchoed"
+	case established:
+		return "Established"
+	case shutdownPending:
+		return "ShutdownPending"
+	case shutdownSent:
+		return "ShutdownSent"
+	case shutdownReceived:
+		return "ShutdownReceived"
+	case shutdownAckSent:
+		return "ShutdownAckSent"
+	default:
+		return fmt.Sprintf("Invalid association state %d", a)
+	}
+}
+
+// Association represents an SCTP association
+// 13.2.  Parameters Necessary per Association (i.e., the TCB)
+// Peer        : Tag value to be sent in every packet and is received
+// Verification: in the INIT or INIT ACK chunk.
+// Tag         :
+//
+// My          : Tag expected in every inbound packet and sent in the
+// Verification: INIT or INIT ACK chunk.
+//
+// Tag         :
+// State       : A state variable indicating what state the association
+//             : is in, i.e., COOKIE-WAIT, COOKIE-ECHOED, ESTABLISHED,
+//             : SHUTDOWN-PENDING, SHUTDOWN-SENT, SHUTDOWN-RECEIVED,
+//             : SHUTDOWN-ACK-SENT.
+//
+//               Note: No "CLOSED" state is illustrated since if a
+//               association is "CLOSED" its TCB SHOULD be removed.
+type Association struct {
+	bytesReceived uint64
+	bytesSent     uint64
+
+	lock sync.RWMutex
+
+	netConn net.Conn
+
+	peerVerificationTag    uint32
+	myVerificationTag      uint32
+	state                  uint32
+	myNextTSN              uint32 // nextTSN
+	peerLastTSN            uint32 // lastRcvdTSN
+	minTSN2MeasureRTT      uint32 // for RTT measurement
+	willSendForwardTSN     bool
+	willRetransmitFast     bool
+	willRetransmitReconfig bool
+
+	// Reconfig
+	myNextRSN        uint32
+	reconfigs        map[uint32]*chunkReconfig
+	reconfigRequests map[uint32]*paramOutgoingResetRequest
+
+	// Non-RFC internal data
+	sourcePort              uint16
+	destinationPort         uint16
+	myMaxNumInboundStreams  uint16
+	myMaxNumOutboundStreams uint16
+	myCookie                *paramStateCookie
+	payloadQueue            *payloadQueue
+	inflightQueue           *payloadQueue
+	pendingQueue            *pendingQueue
+	controlQueue            *controlQueue
+	mtu                     uint32
+	maxPayloadSize          uint32 // max DATA chunk payload size
+	cumulativeTSNAckPoint   uint32
+	advancedPeerTSNAckPoint uint32
+	useForwardTSN           bool
+
+	// Congestion control parameters
+	maxReceiveBufferSize uint32
+	maxMessageSize       uint32
+	cwnd                 uint32 // my congestion window size
+	rwnd                 uint32 // calculated peer's receiver windows size
+	ssthresh             uint32 // slow start threshold
+	partialBytesAcked    uint32
+	inFastRecovery       bool
+	fastRecoverExitPoint uint32
+
+	// RTX & Ack timer
+	rtoMgr    *rtoManager
+	t1Init    *rtxTimer
+	t1Cookie  *rtxTimer
+	t3RTX     *rtxTimer
+	tReconfig *rtxTimer
+	ackTimer  *ackTimer
+
+	// Chunks stored for retransmission
+	storedInit       *chunkInit
+	storedCookieEcho *chunkCookieEcho
+
+	streams              map[uint16]*Stream
+	acceptCh             chan *Stream
+	readLoopCloseCh      chan struct{}
+	awakeWriteLoopCh     chan struct{}
+	closeWriteLoopCh     chan struct{}
+	handshakeCompletedCh chan error
+
+	closeWriteLoopOnce sync.Once
+
+	// local error
+	silentError error
+
+	ackState int
+	ackMode  int // for testing
+
+	// stats
+	stats *associationStats
+
+	// per inbound packet context
+	delayedAckTriggered   bool
+	immediateAckTriggered bool
+
+	name string
+	log  logging.LeveledLogger
+}
+
+// Config collects the arguments to createAssociation construction into
+// a single structure
+type Config struct {
+	NetConn              net.Conn
+	MaxReceiveBufferSize uint32
+	MaxMessageSize       uint32
+	LoggerFactory        logging.LoggerFactory
+}
+
+// Server accepts a SCTP stream over a conn
+func Server(config Config) (*Association, error) {
+	a := createAssociation(config)
+	a.init(false)
+
+	select {
+	case err := <-a.handshakeCompletedCh:
+		if err != nil {
+			return nil, err
+		}
+		return a, nil
+	case <-a.readLoopCloseCh:
+		return nil, errors.Errorf("association closed before connecting")
+	}
+}
+
+// Client opens a SCTP stream over a conn
+func Client(config Config) (*Association, error) {
+	a := createAssociation(config)
+	a.init(true)
+
+	select {
+	case err := <-a.handshakeCompletedCh:
+		if err != nil {
+			return nil, err
+		}
+		return a, nil
+	case <-a.readLoopCloseCh:
+		return nil, errors.Errorf("association closed before connecting")
+	}
+}
+
+func createAssociation(config Config) *Association {
+	var maxReceiveBufferSize uint32
+	if config.MaxReceiveBufferSize == 0 {
+		maxReceiveBufferSize = initialRecvBufSize
+	} else {
+		maxReceiveBufferSize = config.MaxReceiveBufferSize
+	}
+
+	var maxMessageSize uint32
+	if config.MaxMessageSize == 0 {
+		maxMessageSize = defaultMaxMessageSize
+	} else {
+		maxMessageSize = config.MaxMessageSize
+	}
+
+	tsn := globalMathRandomGenerator.Uint32()
+	a := &Association{
+		netConn:                 config.NetConn,
+		maxReceiveBufferSize:    maxReceiveBufferSize,
+		maxMessageSize:          maxMessageSize,
+		myMaxNumOutboundStreams: math.MaxUint16,
+		myMaxNumInboundStreams:  math.MaxUint16,
+		payloadQueue:            newPayloadQueue(),
+		inflightQueue:           newPayloadQueue(),
+		pendingQueue:            newPendingQueue(),
+		controlQueue:            newControlQueue(),
+		mtu:                     initialMTU,
+		maxPayloadSize:          initialMTU - (commonHeaderSize + dataChunkHeaderSize),
+		myVerificationTag:       globalMathRandomGenerator.Uint32(),
+		myNextTSN:               tsn,
+		myNextRSN:               tsn,
+		minTSN2MeasureRTT:       tsn,
+		state:                   closed,
+		rtoMgr:                  newRTOManager(),
+		streams:                 map[uint16]*Stream{},
+		reconfigs:               map[uint32]*chunkReconfig{},
+		reconfigRequests:        map[uint32]*paramOutgoingResetRequest{},
+		acceptCh:                make(chan *Stream, acceptChSize),
+		readLoopCloseCh:         make(chan struct{}),
+		awakeWriteLoopCh:        make(chan struct{}, 1),
+		closeWriteLoopCh:        make(chan struct{}),
+		handshakeCompletedCh:    make(chan error),
+		cumulativeTSNAckPoint:   tsn - 1,
+		advancedPeerTSNAckPoint: tsn - 1,
+		silentError:             errors.Errorf("silently discard"),
+		stats:                   &associationStats{},
+		log:                     config.LoggerFactory.NewLogger("sctp"),
+	}
+
+	a.name = fmt.Sprintf("%p", a)
+
+	// RFC 4690 Sec 7.2.1
+	//  o  The initial cwnd before DATA transmission or after a sufficiently
+	//     long idle period MUST be set to min(4*MTU, max (2*MTU, 4380
+	//     bytes)).
+	a.cwnd = min32(4*a.mtu, max32(2*a.mtu, 4380))
+	a.log.Tracef("[%s] updated cwnd=%d ssthresh=%d inflight=%d (INI)",
+		a.name, a.cwnd, a.ssthresh, a.inflightQueue.getNumBytes())
+
+	a.t1Init = newRTXTimer(timerT1Init, a, maxInitRetrans)
+	a.t1Cookie = newRTXTimer(timerT1Cookie, a, maxInitRetrans)
+	a.t3RTX = newRTXTimer(timerT3RTX, a, noMaxRetrans)        // retransmit forever
+	a.tReconfig = newRTXTimer(timerReconfig, a, noMaxRetrans) // retransmit forever
+	a.ackTimer = newAckTimer(a)
+
+	return a
+}
+
+func (a *Association) init(isClient bool) {
+	a.lock.Lock()
+	defer a.lock.Unlock()
+
+	go a.readLoop()
+	go a.writeLoop()
+
+	if isClient {
+		a.setState(cookieWait)
+		init := &chunkInit{}
+		init.initialTSN = a.myNextTSN
+		init.numOutboundStreams = a.myMaxNumOutboundStreams
+		init.numInboundStreams = a.myMaxNumInboundStreams
+		init.initiateTag = a.myVerificationTag
+		init.advertisedReceiverWindowCredit = a.maxReceiveBufferSize
+		setSupportedExtensions(&init.chunkInitCommon)
+		a.storedInit = init
+
+		err := a.sendInit()
+		if err != nil {
+			a.log.Errorf("[%s] failed to send init: %s", a.name, err.Error())
+		}
+
+		a.t1Init.start(a.rtoMgr.getRTO())
+	}
+}
+
+// caller must hold a.lock
+func (a *Association) sendInit() error {
+	a.log.Debugf("[%s] sending INIT", a.name)
+	if a.storedInit == nil {
+		return errors.Errorf("the init not stored to send")
+	}
+
+	outbound := &packet{}
+	outbound.verificationTag = a.peerVerificationTag
+	a.sourcePort = 5000      // Spec??
+	a.destinationPort = 5000 // Spec??
+	outbound.sourcePort = a.sourcePort
+	outbound.destinationPort = a.destinationPort
+
+	outbound.chunks = []chunk{a.storedInit}
+
+	a.controlQueue.push(outbound)
+	a.awakeWriteLoop()
+
+	return nil
+}
+
+// caller must hold a.lock
+func (a *Association) sendCookieEcho() error {
+	if a.storedCookieEcho == nil {
+		return errors.Errorf("cookieEcho not stored to send")
+	}
+
+	a.log.Debugf("[%s] sending COOKIE-ECHO", a.name)
+
+	outbound := &packet{}
+	outbound.verificationTag = a.peerVerificationTag
+	outbound.sourcePort = a.sourcePort
+	outbound.destinationPort = a.destinationPort
+	outbound.chunks = []chunk{a.storedCookieEcho}
+
+	a.controlQueue.push(outbound)
+	a.awakeWriteLoop()
+
+	return nil
+}
+
+// Close ends the SCTP Association and cleans up any state
+func (a *Association) Close() error {
+	a.log.Debugf("[%s] closing association..", a.name)
+
+	a.setState(closed)
+
+	err := a.netConn.Close()
+
+	a.closeAllTimers()
+
+	// awake writeLoop to exit
+	a.closeWriteLoopOnce.Do(func() { close(a.closeWriteLoopCh) })
+
+	// Wait for readLoop to end
+	<-a.readLoopCloseCh
+
+	a.log.Debugf("[%s] association closed", a.name)
+	a.log.Debugf("[%s] stats nDATAs (in) : %d", a.name, a.stats.getNumDATAs())
+	a.log.Debugf("[%s] stats nSACKs (in) : %d", a.name, a.stats.getNumSACKs())
+	a.log.Debugf("[%s] stats nT3Timeouts : %d", a.name, a.stats.getNumT3Timeouts())
+	a.log.Debugf("[%s] stats nAckTimeouts: %d", a.name, a.stats.getNumAckTimeouts())
+	a.log.Debugf("[%s] stats nFastRetrans: %d", a.name, a.stats.getNumFastRetrans())
+	return err
+}
+
+func (a *Association) closeAllTimers() {
+	// Close all retransmission & ack timers
+	a.t1Init.close()
+	a.t1Cookie.close()
+	a.t3RTX.close()
+	a.tReconfig.close()
+	a.ackTimer.close()
+}
+
+func (a *Association) readLoop() {
+	var closeErr error
+	defer func() {
+		// also stop writeLoop, otherwise writeLoop can be leaked
+		// if connection is lost when there is no writing packet.
+		a.closeWriteLoopOnce.Do(func() { close(a.closeWriteLoopCh) })
+
+		a.lock.Lock()
+		for _, s := range a.streams {
+			a.unregisterStream(s, closeErr)
+		}
+		a.lock.Unlock()
+		close(a.acceptCh)
+		close(a.readLoopCloseCh)
+	}()
+
+	a.log.Debugf("[%s] readLoop entered", a.name)
+	buffer := make([]byte, receiveMTU)
+
+	for {
+		n, err := a.netConn.Read(buffer)
+		if err != nil {
+			closeErr = err
+			break
+		}
+		// Make a buffer sized to what we read, then copy the data we
+		// read from the underlying transport. We do this because the
+		// user data is passed to the reassembly queue without
+		// copying.
+		inbound := make([]byte, n)
+		copy(inbound, buffer[:n])
+		atomic.AddUint64(&a.bytesReceived, uint64(n))
+		if err = a.handleInbound(inbound); err != nil {
+			closeErr = err
+			break
+		}
+	}
+
+	a.log.Debugf("[%s] readLoop exited %s", a.name, closeErr)
+}
+
+func (a *Association) writeLoop() {
+	a.log.Debugf("[%s] writeLoop entered", a.name)
+
+loop:
+	for {
+		rawPackets := a.gatherOutbound()
+
+		for _, raw := range rawPackets {
+			_, err := a.netConn.Write(raw)
+			if err != nil {
+				if err != io.EOF {
+					a.log.Warnf("[%s] failed to write packets on netConn: %v", a.name, err)
+				}
+				a.log.Debugf("[%s] writeLoop ended", a.name)
+				break loop
+			}
+			atomic.AddUint64(&a.bytesSent, uint64(len(raw)))
+		}
+
+		select {
+		case <-a.awakeWriteLoopCh:
+		case <-a.closeWriteLoopCh:
+			break loop
+		}
+	}
+
+	a.setState(closed)
+	a.closeAllTimers()
+
+	a.log.Debugf("[%s] writeLoop exited", a.name)
+}
+
+func (a *Association) awakeWriteLoop() {
+	select {
+	case a.awakeWriteLoopCh <- struct{}{}:
+	default:
+	}
+}
+
+// unregisterStream un-registers a stream from the association
+// The caller should hold the association write lock.
+func (a *Association) unregisterStream(s *Stream, err error) {
+	s.lock.Lock()
+	defer s.lock.Unlock()
+
+	delete(a.streams, s.streamIdentifier)
+	s.readErr = err
+	s.readNotifier.Broadcast()
+}
+
+// handleInbound parses incoming raw packets
+func (a *Association) handleInbound(raw []byte) error {
+	p := &packet{}
+	if err := p.unmarshal(raw); err != nil {
+		a.log.Warnf("[%s] unable to parse SCTP packet %s", a.name, err)
+		return nil
+	}
+
+	if err := checkPacket(p); err != nil {
+		a.log.Warnf("[%s] failed validating packet %s", a.name, err)
+		return nil
+	}
+
+	a.handleChunkStart()
+
+	for _, c := range p.chunks {
+		if err := a.handleChunk(p, c); err != nil {
+			return err
+		}
+	}
+
+	a.handleChunkEnd()
+
+	return nil
+}
+
+// The caller should hold the lock
+func (a *Association) gatherOutboundDataAndReconfigPackets(rawPackets [][]byte) [][]byte {
+	for _, p := range a.getDataPacketsToRetransmit() {
+		raw, err := p.marshal()
+		if err != nil {
+			a.log.Warnf("[%s] failed to serialize a DATA packet to be retransmitted", a.name)
+			continue
+		}
+		rawPackets = append(rawPackets, raw)
+	}
+
+	// Pop unsent data chunks from the pending queue to send as much as
+	// cwnd and rwnd allow.
+	chunks, sisToReset := a.popPendingDataChunksToSend()
+	if len(chunks) > 0 {
+		// Start timer. (noop if already started)
+		a.log.Tracef("[%s] T3-rtx timer start (pt1)", a.name)
+		a.t3RTX.start(a.rtoMgr.getRTO())
+		for _, p := range a.bundleDataChunksIntoPackets(chunks) {
+			raw, err := p.marshal()
+			if err != nil {
+				a.log.Warnf("[%s] failed to serialize a DATA packet", a.name)
+				continue
+			}
+			rawPackets = append(rawPackets, raw)
+		}
+	}
+
+	if len(sisToReset) > 0 || a.willRetransmitReconfig {
+		if a.willRetransmitReconfig {
+			a.willRetransmitReconfig = false
+			a.log.Debugf("[%s] retransmit %d RECONFIG chunk(s)", a.name, len(a.reconfigs))
+			for _, c := range a.reconfigs {
+				p := a.createPacket([]chunk{c})
+				raw, err := p.marshal()
+				if err != nil {
+					a.log.Warnf("[%s] failed to serialize a RECONFIG packet to be retransmitted", a.name)
+				} else {
+					rawPackets = append(rawPackets, raw)
+				}
+			}
+		}
+
+		if len(sisToReset) > 0 {
+			rsn := a.generateNextRSN()
+			tsn := a.myNextTSN - 1
+			c := &chunkReconfig{
+				paramA: &paramOutgoingResetRequest{
+					reconfigRequestSequenceNumber: rsn,
+					senderLastTSN:                 tsn,
+					streamIdentifiers:             sisToReset,
+				},
+			}
+			a.reconfigs[rsn] = c // store in the map for retransmission
+			a.log.Debugf("[%s] sending RECONFIG: rsn=%d tsn=%d streams=%v",
+				a.name, rsn, a.myNextTSN-1, sisToReset)
+			p := a.createPacket([]chunk{c})
+			raw, err := p.marshal()
+			if err != nil {
+				a.log.Warnf("[%s] failed to serialize a RECONFIG packet to be transmitted", a.name)
+			} else {
+				rawPackets = append(rawPackets, raw)
+			}
+		}
+
+		if len(a.reconfigs) > 0 {
+			a.tReconfig.start(a.rtoMgr.getRTO())
+		}
+	}
+
+	return rawPackets
+}
+
+// The caller should hold the lock
+func (a *Association) gatherOutboundFrastRetransmissionPackets(rawPackets [][]byte) [][]byte {
+	if a.willRetransmitFast {
+		a.willRetransmitFast = false
+
+		toFastRetrans := []chunk{}
+		fastRetransSize := commonHeaderSize
+
+		for i := 0; ; i++ {
+			c, ok := a.inflightQueue.get(a.cumulativeTSNAckPoint + uint32(i) + 1)
+			if !ok {
+				break // end of pending data
+			}
+
+			if c.acked || c.abandoned() {
+				continue
+			}
+
+			if c.nSent > 1 || c.missIndicator < 3 {
+				continue
+			}
+
+			// RFC 4960 Sec 7.2.4 Fast Retransmit on Gap Reports
+			//  3)  Determine how many of the earliest (i.e., lowest TSN) DATA chunks
+			//      marked for retransmission will fit into a single packet, subject
+			//      to constraint of the path MTU of the destination transport
+			//      address to which the packet is being sent.  Call this value K.
+			//      Retransmit those K DATA chunks in a single packet.  When a Fast
+			//      Retransmit is being performed, the sender SHOULD ignore the value
+			//      of cwnd and SHOULD NOT delay retransmission for this single
+			//		packet.
+
+			dataChunkSize := dataChunkHeaderSize + uint32(len(c.userData))
+			if a.mtu < fastRetransSize+dataChunkSize {
+				break
+			}
+
+			fastRetransSize += dataChunkSize
+			a.stats.incFastRetrans()
+			c.nSent++
+			a.checkPartialReliabilityStatus(c)
+			toFastRetrans = append(toFastRetrans, c)
+			a.log.Tracef("[%s] fast-retransmit: tsn=%d sent=%d htna=%d",
+				a.name, c.tsn, c.nSent, a.fastRecoverExitPoint)
+		}
+
+		if len(toFastRetrans) > 0 {
+			raw, err := a.createPacket(toFastRetrans).marshal()
+			if err != nil {
+				a.log.Warnf("[%s] failed to serialize a DATA packet to be fast-retransmitted", a.name)
+			} else {
+				rawPackets = append(rawPackets, raw)
+			}
+		}
+	}
+
+	return rawPackets
+}
+
+// The caller should hold the lock
+func (a *Association) gatherOutboundSackPackets(rawPackets [][]byte) [][]byte {
+	if a.ackState == ackStateImmediate {
+		a.ackState = ackStateIdle
+		sack := a.createSelectiveAckChunk()
+		a.log.Debugf("[%s] sending SACK: %s", a.name, sack.String())
+		raw, err := a.createPacket([]chunk{sack}).marshal()
+		if err != nil {
+			a.log.Warnf("[%s] failed to serialize a SACK packet", a.name)
+		} else {
+			rawPackets = append(rawPackets, raw)
+		}
+	}
+
+	return rawPackets
+}
+
+// The caller should hold the lock
+func (a *Association) gatherOutboundForwardTSNPackets(rawPackets [][]byte) [][]byte {
+	if a.willSendForwardTSN {
+		a.willSendForwardTSN = false
+		if sna32GT(a.advancedPeerTSNAckPoint, a.cumulativeTSNAckPoint) {
+			fwdtsn := a.createForwardTSN()
+			raw, err := a.createPacket([]chunk{fwdtsn}).marshal()
+			if err != nil {
+				a.log.Warnf("[%s] failed to serialize a Forward TSN packet", a.name)
+			} else {
+				rawPackets = append(rawPackets, raw)
+			}
+		}
+	}
+
+	return rawPackets
+}
+
+// gatherOutbound gathers outgoing packets
+func (a *Association) gatherOutbound() [][]byte {
+	a.lock.Lock()
+	defer a.lock.Unlock()
+
+	rawPackets := [][]byte{}
+
+	if a.controlQueue.size() > 0 {
+		for _, p := range a.controlQueue.popAll() {
+			raw, err := p.marshal()
+			if err != nil {
+				a.log.Warnf("[%s] failed to serialize a control packet", a.name)
+				continue
+			}
+			rawPackets = append(rawPackets, raw)
+		}
+	}
+
+	state := a.getState()
+
+	if state == established {
+		rawPackets = a.gatherOutboundDataAndReconfigPackets(rawPackets)
+		rawPackets = a.gatherOutboundFrastRetransmissionPackets(rawPackets)
+		rawPackets = a.gatherOutboundSackPackets(rawPackets)
+		rawPackets = a.gatherOutboundForwardTSNPackets(rawPackets)
+	}
+
+	return rawPackets
+}
+
+func checkPacket(p *packet) error {
+	// All packets must adhere to these rules
+
+	// This is the SCTP sender's port number.  It can be used by the
+	// receiver in combination with the source IP address, the SCTP
+	// destination port, and possibly the destination IP address to
+	// identify the association to which this packet belongs.  The port
+	// number 0 MUST NOT be used.
+	if p.sourcePort == 0 {
+		return errors.Errorf("sctp packet must not have a source port of 0")
+	}
+
+	// This is the SCTP port number to which this packet is destined.
+	// The receiving host will use this port number to de-multiplex the
+	// SCTP packet to the correct receiving endpoint/application.  The
+	// port number 0 MUST NOT be used.
+	if p.destinationPort == 0 {
+		return errors.Errorf("sctp packet must not have a destination port of 0")
+	}
+
+	// Check values on the packet that are specific to a particular chunk type
+	for _, c := range p.chunks {
+		switch c.(type) { // nolint:gocritic
+		case *chunkInit:
+			// An INIT or INIT ACK chunk MUST NOT be bundled with any other chunk.
+			// They MUST be the only chunks present in the SCTP packets that carry
+			// them.
+			if len(p.chunks) != 1 {
+				return errors.Errorf("init chunk must not be bundled with any other chunk")
+			}
+
+			// A packet containing an INIT chunk MUST have a zero Verification
+			// Tag.
+			if p.verificationTag != 0 {
+				return errors.Errorf("init chunk expects a verification tag of 0 on the packet when out-of-the-blue")
+			}
+		}
+	}
+
+	return nil
+}
+
+func min16(a, b uint16) uint16 {
+	if a < b {
+		return a
+	}
+	return b
+}
+
+func max32(a, b uint32) uint32 {
+	if a > b {
+		return a
+	}
+	return b
+}
+
+func min32(a, b uint32) uint32 {
+	if a < b {
+		return a
+	}
+	return b
+}
+
+// setState atomically sets the state of the Association.
+// The caller should hold the lock.
+func (a *Association) setState(newState uint32) {
+	oldState := atomic.SwapUint32(&a.state, newState)
+	if newState != oldState {
+		a.log.Debugf("[%s] state change: '%s' => '%s'",
+			a.name,
+			getAssociationStateString(oldState),
+			getAssociationStateString(newState))
+	}
+}
+
+// getState atomically returns the state of the Association.
+func (a *Association) getState() uint32 {
+	return atomic.LoadUint32(&a.state)
+}
+
+// BytesSent returns the number of bytes sent
+func (a *Association) BytesSent() uint64 {
+	return atomic.LoadUint64(&a.bytesSent)
+}
+
+// BytesReceived returns the number of bytes received
+func (a *Association) BytesReceived() uint64 {
+	return atomic.LoadUint64(&a.bytesReceived)
+}
+
+func setSupportedExtensions(init *chunkInitCommon) {
+	// nolint:godox
+	// TODO RFC5061 https://tools.ietf.org/html/rfc6525#section-5.2
+	// An implementation supporting this (Supported Extensions Parameter)
+	// extension MUST list the ASCONF, the ASCONF-ACK, and the AUTH chunks
+	// in its INIT and INIT-ACK parameters.
+	init.params = append(init.params, &paramSupportedExtensions{
+		ChunkTypes: []chunkType{ctReconfig, ctForwardTSN},
+	})
+}
+
+// The caller should hold the lock.
+func (a *Association) handleInit(p *packet, i *chunkInit) ([]*packet, error) {
+	state := a.getState()
+	a.log.Debugf("[%s] chunkInit received in state '%s'", a.name, getAssociationStateString(state))
+
+	// https://tools.ietf.org/html/rfc4960#section-5.2.1
+	// Upon receipt of an INIT in the COOKIE-WAIT state, an endpoint MUST
+	// respond with an INIT ACK using the same parameters it sent in its
+	// original INIT chunk (including its Initiate Tag, unchanged).  When
+	// responding, the endpoint MUST send the INIT ACK back to the same
+	// address that the original INIT (sent by this endpoint) was sent.
+
+	if state != closed && state != cookieWait && state != cookieEchoed {
+		// 5.2.2.  Unexpected INIT in States Other than CLOSED, COOKIE-ECHOED,
+		//        COOKIE-WAIT, and SHUTDOWN-ACK-SENT
+		return nil, errors.Errorf("todo: handle Init when in state %s", getAssociationStateString(state))
+	}
+
+	// Should we be setting any of these permanently until we've ACKed further?
+	a.myMaxNumInboundStreams = min16(i.numInboundStreams, a.myMaxNumInboundStreams)
+	a.myMaxNumOutboundStreams = min16(i.numOutboundStreams, a.myMaxNumOutboundStreams)
+	a.peerVerificationTag = i.initiateTag
+	a.sourcePort = p.destinationPort
+	a.destinationPort = p.sourcePort
+
+	// 13.2 This is the last TSN received in sequence.  This value
+	// is set initially by taking the peer's initial TSN,
+	// received in the INIT or INIT ACK chunk, and
+	// subtracting one from it.
+	a.peerLastTSN = i.initialTSN - 1
+
+	for _, param := range i.params {
+		switch v := param.(type) { // nolint:gocritic
+		case *paramSupportedExtensions:
+			for _, t := range v.ChunkTypes {
+				if t == ctForwardTSN {
+					a.log.Debugf("[%s] use ForwardTSN (on init)\n", a.name)
+					a.useForwardTSN = true
+				}
+			}
+		}
+	}
+	if !a.useForwardTSN {
+		a.log.Warnf("[%s] not using ForwardTSN (on init)\n", a.name)
+	}
+
+	outbound := &packet{}
+	outbound.verificationTag = a.peerVerificationTag
+	outbound.sourcePort = a.sourcePort
+	outbound.destinationPort = a.destinationPort
+
+	initAck := &chunkInitAck{}
+
+	initAck.initialTSN = a.myNextTSN
+	initAck.numOutboundStreams = a.myMaxNumOutboundStreams
+	initAck.numInboundStreams = a.myMaxNumInboundStreams
+	initAck.initiateTag = a.myVerificationTag
+	initAck.advertisedReceiverWindowCredit = a.maxReceiveBufferSize
+
+	if a.myCookie == nil {
+		var err error
+		if a.myCookie, err = newRandomStateCookie(); err != nil {
+			return nil, err
+		}
+	}
+
+	initAck.params = []param{a.myCookie}
+
+	setSupportedExtensions(&initAck.chunkInitCommon)
+
+	outbound.chunks = []chunk{initAck}
+
+	return pack(outbound), nil
+}
+
+// The caller should hold the lock.
+func (a *Association) handleInitAck(p *packet, i *chunkInitAck) error {
+	state := a.getState()
+	a.log.Debugf("[%s] chunkInitAck received in state '%s'", a.name, getAssociationStateString(state))
+	if state != cookieWait {
+		// RFC 4960
+		// 5.2.3.  Unexpected INIT ACK
+		//   If an INIT ACK is received by an endpoint in any state other than the
+		//   COOKIE-WAIT state, the endpoint should discard the INIT ACK chunk.
+		//   An unexpected INIT ACK usually indicates the processing of an old or
+		//   duplicated INIT chunk.
+		return nil
+	}
+
+	a.myMaxNumInboundStreams = min16(i.numInboundStreams, a.myMaxNumInboundStreams)
+	a.myMaxNumOutboundStreams = min16(i.numOutboundStreams, a.myMaxNumOutboundStreams)
+	a.peerVerificationTag = i.initiateTag
+	a.peerLastTSN = i.initialTSN - 1
+	if a.sourcePort != p.destinationPort ||
+		a.destinationPort != p.sourcePort {
+		a.log.Warnf("[%s] handleInitAck: port mismatch", a.name)
+		return nil
+	}
+
+	a.rwnd = i.advertisedReceiverWindowCredit
+	a.log.Debugf("[%s] initial rwnd=%d", a.name, a.rwnd)
+
+	// RFC 4690 Sec 7.2.1
+	//  o  The initial value of ssthresh MAY be arbitrarily high (for
+	//     example, implementations MAY use the size of the receiver
+	//     advertised window).
+	a.ssthresh = a.rwnd
+	a.log.Tracef("[%s] updated cwnd=%d ssthresh=%d inflight=%d (INI)",
+		a.name, a.cwnd, a.ssthresh, a.inflightQueue.getNumBytes())
+
+	a.t1Init.stop()
+	a.storedInit = nil
+
+	var cookieParam *paramStateCookie
+	for _, param := range i.params {
+		switch v := param.(type) {
+		case *paramStateCookie:
+			cookieParam = v
+		case *paramSupportedExtensions:
+			for _, t := range v.ChunkTypes {
+				if t == ctForwardTSN {
+					a.log.Debugf("[%s] use ForwardTSN (on initAck)\n", a.name)
+					a.useForwardTSN = true
+				}
+			}
+		}
+	}
+	if !a.useForwardTSN {
+		a.log.Warnf("[%s] not using ForwardTSN (on initAck)\n", a.name)
+	}
+	if cookieParam == nil {
+		return errors.Errorf("no cookie in InitAck")
+	}
+
+	a.storedCookieEcho = &chunkCookieEcho{}
+	a.storedCookieEcho.cookie = cookieParam.cookie
+
+	err := a.sendCookieEcho()
+	if err != nil {
+		a.log.Errorf("[%s] failed to send init: %s", a.name, err.Error())
+	}
+
+	a.t1Cookie.start(a.rtoMgr.getRTO())
+	a.setState(cookieEchoed)
+	return nil
+}
+
+// The caller should hold the lock.
+func (a *Association) handleHeartbeat(c *chunkHeartbeat) []*packet {
+	a.log.Tracef("[%s] chunkHeartbeat", a.name)
+	hbi, ok := c.params[0].(*paramHeartbeatInfo)
+	if !ok {
+		a.log.Warnf("[%s] failed to handle Heartbeat, no ParamHeartbeatInfo", a.name)
+	}
+
+	return pack(&packet{
+		verificationTag: a.peerVerificationTag,
+		sourcePort:      a.sourcePort,
+		destinationPort: a.destinationPort,
+		chunks: []chunk{&chunkHeartbeatAck{
+			params: []param{
+				&paramHeartbeatInfo{
+					heartbeatInformation: hbi.heartbeatInformation,
+				},
+			},
+		}},
+	})
+}
+
+// The caller should hold the lock.
+func (a *Association) handleCookieEcho(c *chunkCookieEcho) []*packet {
+	state := a.getState()
+	a.log.Debugf("[%s] COOKIE-ECHO received in state '%s'", a.name, getAssociationStateString(state))
+	switch state {
+	default:
+		return nil
+	case established:
+		if !bytes.Equal(a.myCookie.cookie, c.cookie) {
+			return nil
+		}
+	case closed, cookieWait, cookieEchoed:
+		if !bytes.Equal(a.myCookie.cookie, c.cookie) {
+			return nil
+		}
+
+		a.t1Init.stop()
+		a.storedInit = nil
+
+		a.t1Cookie.stop()
+		a.storedCookieEcho = nil
+
+		a.setState(established)
+		a.handshakeCompletedCh <- nil
+	}
+
+	p := &packet{
+		verificationTag: a.peerVerificationTag,
+		sourcePort:      a.sourcePort,
+		destinationPort: a.destinationPort,
+		chunks:          []chunk{&chunkCookieAck{}},
+	}
+	return pack(p)
+}
+
+// The caller should hold the lock.
+func (a *Association) handleCookieAck() {
+	state := a.getState()
+	a.log.Debugf("[%s] COOKIE-ACK received in state '%s'", a.name, getAssociationStateString(state))
+	if state != cookieEchoed {
+		// RFC 4960
+		// 5.2.5.  Handle Duplicate COOKIE-ACK.
+		//   At any state other than COOKIE-ECHOED, an endpoint should silently
+		//   discard a received COOKIE ACK chunk.
+		return
+	}
+
+	a.t1Cookie.stop()
+	a.storedCookieEcho = nil
+
+	a.setState(established)
+	a.handshakeCompletedCh <- nil
+}
+
+// The caller should hold the lock.
+func (a *Association) handleData(d *chunkPayloadData) []*packet {
+	a.log.Tracef("[%s] DATA: tsn=%d immediateSack=%v len=%d",
+		a.name, d.tsn, d.immediateSack, len(d.userData))
+	a.stats.incDATAs()
+
+	canPush := a.payloadQueue.canPush(d, a.peerLastTSN)
+	if canPush {
+		s := a.getOrCreateStream(d.streamIdentifier)
+		if s == nil {
+			// silentely discard the data. (sender will retry on T3-rtx timeout)
+			// see pion/sctp#30
+			a.log.Debugf("discard %d", d.streamSequenceNumber)
+			return nil
+		}
+
+		if a.getMyReceiverWindowCredit() > 0 {
+			// Pass the new chunk to stream level as soon as it arrives
+			a.payloadQueue.push(d, a.peerLastTSN)
+			s.handleData(d)
+		} else {
+			// Receive buffer is full
+			lastTSN, ok := a.payloadQueue.getLastTSNReceived()
+			if ok && sna32LT(d.tsn, lastTSN) {
+				a.log.Debugf("[%s] receive buffer full, but accepted as this is a missing chunk with tsn=%d ssn=%d", a.name, d.tsn, d.streamSequenceNumber)
+				a.payloadQueue.push(d, a.peerLastTSN)
+				s.handleData(d)
+			} else {
+				a.log.Debugf("[%s] receive buffer full. dropping DATA with tsn=%d ssn=%d", a.name, d.tsn, d.streamSequenceNumber)
+			}
+		}
+	}
+
+	return a.handlePeerLastTSNAndAcknowledgement(d.immediateSack)
+}
+
+// A common routine for handleData and handleForwardTSN routines
+// The caller should hold the lock.
+func (a *Association) handlePeerLastTSNAndAcknowledgement(sackImmediately bool) []*packet {
+	var reply []*packet
+
+	// Try to advance peerLastTSN
+
+	// From RFC 3758 Sec 3.6:
+	//   .. and then MUST further advance its cumulative TSN point locally
+	//   if possible
+	// Meaning, if peerLastTSN+1 points to a chunk that is received,
+	// advance peerLastTSN until peerLastTSN+1 points to unreceived chunk.
+	for {
+		if _, popOk := a.payloadQueue.pop(a.peerLastTSN + 1); !popOk {
+			break
+		}
+		a.peerLastTSN++
+
+		for _, rstReq := range a.reconfigRequests {
+			resp := a.resetStreamsIfAny(rstReq)
+			if resp != nil {
+				a.log.Debugf("[%s] RESET RESPONSE: %+v", a.name, resp)
+				reply = append(reply, resp)
+			}
+		}
+	}
+
+	hasPacketLoss := (a.payloadQueue.size() > 0)
+	if hasPacketLoss {
+		a.log.Tracef("[%s] packetloss: %s", a.name, a.payloadQueue.getGapAckBlocksString(a.peerLastTSN))
+	}
+
+	if (a.ackState != ackStateImmediate && !sackImmediately && !hasPacketLoss && a.ackMode == ackModeNormal) || a.ackMode == ackModeAlwaysDelay {
+		if a.ackState == ackStateIdle {
+			a.delayedAckTriggered = true
+		} else {
+			a.immediateAckTriggered = true
+		}
+	} else {
+		a.immediateAckTriggered = true
+	}
+
+	return reply
+}
+
+// The caller should hold the lock.
+func (a *Association) getMyReceiverWindowCredit() uint32 {
+	var bytesQueued uint32
+	for _, s := range a.streams {
+		bytesQueued += uint32(s.getNumBytesInReassemblyQueue())
+	}
+
+	if bytesQueued >= a.maxReceiveBufferSize {
+		return 0
+	}
+	return a.maxReceiveBufferSize - bytesQueued
+}
+
+// OpenStream opens a stream
+func (a *Association) OpenStream(streamIdentifier uint16, defaultPayloadType PayloadProtocolIdentifier) (*Stream, error) {
+	a.lock.Lock()
+	defer a.lock.Unlock()
+
+	if _, ok := a.streams[streamIdentifier]; ok {
+		return nil, errors.Errorf("there already exists a stream with identifier %d", streamIdentifier)
+	}
+
+	s := a.createStream(streamIdentifier, false)
+	s.setDefaultPayloadType(defaultPayloadType)
+
+	return s, nil
+}
+
+// AcceptStream accepts a stream
+func (a *Association) AcceptStream() (*Stream, error) {
+	s, ok := <-a.acceptCh
+	if !ok {
+		return nil, io.EOF // no more incoming streams
+	}
+	return s, nil
+}
+
+// createStream creates a stream. The caller should hold the lock and check no stream exists for this id.
+func (a *Association) createStream(streamIdentifier uint16, accept bool) *Stream {
+	s := &Stream{
+		association:      a,
+		streamIdentifier: streamIdentifier,
+		reassemblyQueue:  newReassemblyQueue(streamIdentifier),
+		log:              a.log,
+		name:             fmt.Sprintf("%d:%s", streamIdentifier, a.name),
+	}
+
+	s.readNotifier = sync.NewCond(&s.lock)
+
+	if accept {
+		select {
+		case a.acceptCh <- s:
+			a.streams[streamIdentifier] = s
+			a.log.Debugf("[%s] accepted a new stream (streamIdentifier: %d)",
+				a.name, streamIdentifier)
+		default:
+			a.log.Debugf("[%s] dropped a new stream (acceptCh size: %d)",
+				a.name, len(a.acceptCh))
+			return nil
+		}
+	} else {
+		a.streams[streamIdentifier] = s
+	}
+
+	return s
+}
+
+// getOrCreateStream gets or creates a stream. The caller should hold the lock.
+func (a *Association) getOrCreateStream(streamIdentifier uint16) *Stream {
+	if s, ok := a.streams[streamIdentifier]; ok {
+		return s
+	}
+
+	return a.createStream(streamIdentifier, true)
+}
+
+// The caller should hold the lock.
+func (a *Association) processSelectiveAck(d *chunkSelectiveAck) (map[uint16]int, uint32, error) { // nolint:gocognit
+	bytesAckedPerStream := map[uint16]int{}
+
+	// New ack point, so pop all ACKed packets from inflightQueue
+	// We add 1 because the "currentAckPoint" has already been popped from the inflight queue
+	// For the first SACK we take care of this by setting the ackpoint to cumAck - 1
+	for i := a.cumulativeTSNAckPoint + 1; sna32LTE(i, d.cumulativeTSNAck); i++ {
+		c, ok := a.inflightQueue.pop(i)
+		if !ok {
+			return nil, 0, errors.Errorf("tsn %v unable to be popped from inflight queue", i)
+		}
+
+		if !c.acked {
+			// RFC 4096 sec 6.3.2.  Retransmission Timer Rules
+			//   R3)  Whenever a SACK is received that acknowledges the DATA chunk
+			//        with the earliest outstanding TSN for that address, restart the
+			//        T3-rtx timer for that address with its current RTO (if there is
+			//        still outstanding data on that address).
+			if i == a.cumulativeTSNAckPoint+1 {
+				// T3 timer needs to be reset. Stop it for now.
+				a.t3RTX.stop()
+			}
+
+			nBytesAcked := len(c.userData)
+
+			// Sum the number of bytes acknowledged per stream
+			if amount, ok := bytesAckedPerStream[c.streamIdentifier]; ok {
+				bytesAckedPerStream[c.streamIdentifier] = amount + nBytesAcked
+			} else {
+				bytesAckedPerStream[c.streamIdentifier] = nBytesAcked
+			}
+
+			// RFC 4960 sec 6.3.1.  RTO Calculation
+			//   C4)  When data is in flight and when allowed by rule C5 below, a new
+			//        RTT measurement MUST be made each round trip.  Furthermore, new
+			//        RTT measurements SHOULD be made no more than once per round trip
+			//        for a given destination transport address.
+			//   C5)  Karn's algorithm: RTT measurements MUST NOT be made using
+			//        packets that were retransmitted (and thus for which it is
+			//        ambiguous whether the reply was for the first instance of the
+			//        chunk or for a later instance)
+			if c.nSent == 1 && sna32GTE(c.tsn, a.minTSN2MeasureRTT) {
+				a.minTSN2MeasureRTT = a.myNextTSN
+				rtt := time.Since(c.since).Seconds() * 1000.0
+				srtt := a.rtoMgr.setNewRTT(rtt)
+				a.log.Tracef("[%s] SACK: measured-rtt=%f srtt=%f new-rto=%f",
+					a.name, rtt, srtt, a.rtoMgr.getRTO())
+			}
+		}
+
+		if a.inFastRecovery && c.tsn == a.fastRecoverExitPoint {
+			a.log.Debugf("[%s] exit fast-recovery", a.name)
+			a.inFastRecovery = false
+		}
+	}
+
+	htna := d.cumulativeTSNAck
+
+	// Mark selectively acknowledged chunks as "acked"
+	for _, g := range d.gapAckBlocks {
+		for i := g.start; i <= g.end; i++ {
+			tsn := d.cumulativeTSNAck + uint32(i)
+			c, ok := a.inflightQueue.get(tsn)
+			if !ok {
+				return nil, 0, errors.Errorf("requested non-existent TSN %v", tsn)
+			}
+
+			if !c.acked {
+				nBytesAcked := a.inflightQueue.markAsAcked(tsn)
+
+				// Sum the number of bytes acknowledged per stream
+				if amount, ok := bytesAckedPerStream[c.streamIdentifier]; ok {
+					bytesAckedPerStream[c.streamIdentifier] = amount + nBytesAcked
+				} else {
+					bytesAckedPerStream[c.streamIdentifier] = nBytesAcked
+				}
+
+				a.log.Tracef("[%s] tsn=%d has been sacked", a.name, c.tsn)
+
+				if c.nSent == 1 {
+					a.minTSN2MeasureRTT = a.myNextTSN
+					rtt := time.Since(c.since).Seconds() * 1000.0
+					srtt := a.rtoMgr.setNewRTT(rtt)
+					a.log.Tracef("[%s] SACK: measured-rtt=%f srtt=%f new-rto=%f",
+						a.name, rtt, srtt, a.rtoMgr.getRTO())
+				}
+
+				if sna32LT(htna, tsn) {
+					htna = tsn
+				}
+			}
+		}
+	}
+
+	return bytesAckedPerStream, htna, nil
+}
+
+// The caller should hold the lock.
+func (a *Association) onCumulativeTSNAckPointAdvanced(totalBytesAcked int) {
+	// RFC 4096, sec 6.3.2.  Retransmission Timer Rules
+	//   R2)  Whenever all outstanding data sent to an address have been
+	//        acknowledged, turn off the T3-rtx timer of that address.
+	if a.inflightQueue.size() == 0 {
+		a.log.Tracef("[%s] SACK: no more packet in-flight (pending=%d)", a.name, a.pendingQueue.size())
+		a.t3RTX.stop()
+	} else {
+		a.log.Tracef("[%s] T3-rtx timer start (pt2)", a.name)
+		a.t3RTX.start(a.rtoMgr.getRTO())
+	}
+
+	// Update congestion control parameters
+	if a.cwnd <= a.ssthresh {
+		// RFC 4096, sec 7.2.1.  Slow-Start
+		//   o  When cwnd is less than or equal to ssthresh, an SCTP endpoint MUST
+		//		use the slow-start algorithm to increase cwnd only if the current
+		//      congestion window is being fully utilized, an incoming SACK
+		//      advances the Cumulative TSN Ack Point, and the data sender is not
+		//      in Fast Recovery.  Only when these three conditions are met can
+		//      the cwnd be increased; otherwise, the cwnd MUST not be increased.
+		//		If these conditions are met, then cwnd MUST be increased by, at
+		//      most, the lesser of 1) the total size of the previously
+		//      outstanding DATA chunk(s) acknowledged, and 2) the destination's
+		//      path MTU.
+		if !a.inFastRecovery &&
+			a.pendingQueue.size() > 0 {
+			a.cwnd += min32(uint32(totalBytesAcked), a.cwnd) // TCP way
+			// a.cwnd += min32(uint32(totalBytesAcked), a.mtu) // SCTP way (slow)
+			a.log.Tracef("[%s] updated cwnd=%d ssthresh=%d acked=%d (SS)",
+				a.name, a.cwnd, a.ssthresh, totalBytesAcked)
+		} else {
+			a.log.Tracef("[%s] cwnd did not grow: cwnd=%d ssthresh=%d acked=%d FR=%v pending=%d",
+				a.name, a.cwnd, a.ssthresh, totalBytesAcked, a.inFastRecovery, a.pendingQueue.size())
+		}
+	} else {
+		// RFC 4096, sec 7.2.2.  Congestion Avoidance
+		//   o  Whenever cwnd is greater than ssthresh, upon each SACK arrival
+		//      that advances the Cumulative TSN Ack Point, increase
+		//      partial_bytes_acked by the total number of bytes of all new chunks
+		//      acknowledged in that SACK including chunks acknowledged by the new
+		//      Cumulative TSN Ack and by Gap Ack Blocks.
+		a.partialBytesAcked += uint32(totalBytesAcked)
+
+		//   o  When partial_bytes_acked is equal to or greater than cwnd and
+		//      before the arrival of the SACK the sender had cwnd or more bytes
+		//      of data outstanding (i.e., before arrival of the SACK, flight size
+		//      was greater than or equal to cwnd), increase cwnd by MTU, and
+		//      reset partial_bytes_acked to (partial_bytes_acked - cwnd).
+		if a.partialBytesAcked >= a.cwnd && a.pendingQueue.size() > 0 {
+			a.partialBytesAcked -= a.cwnd
+			a.cwnd += a.mtu
+			a.log.Tracef("[%s] updated cwnd=%d ssthresh=%d acked=%d (CA)",
+				a.name, a.cwnd, a.ssthresh, totalBytesAcked)
+		}
+	}
+}
+
+// The caller should hold the lock.
+func (a *Association) processFastRetransmission(cumTSNAckPoint, htna uint32, cumTSNAckPointAdvanced bool) error {
+	// HTNA algorithm - RFC 4960 Sec 7.2.4
+	// Increment missIndicator of each chunks that the SACK reported missing
+	// when either of the following is met:
+	// a)  Not in fast-recovery
+	//     miss indications are incremented only for missing TSNs prior to the
+	//     highest TSN newly acknowledged in the SACK.
+	// b)  In fast-recovery AND the Cumulative TSN Ack Point advanced
+	//     the miss indications are incremented for all TSNs reported missing
+	//     in the SACK.
+	if !a.inFastRecovery || (a.inFastRecovery && cumTSNAckPointAdvanced) {
+		var maxTSN uint32
+		if !a.inFastRecovery {
+			// a) increment only for missing TSNs prior to the HTNA
+			maxTSN = htna
+		} else {
+			// b) increment for all TSNs reported missing
+			maxTSN = cumTSNAckPoint + uint32(a.inflightQueue.size()) + 1
+		}
+
+		for tsn := cumTSNAckPoint + 1; sna32LT(tsn, maxTSN); tsn++ {
+			c, ok := a.inflightQueue.get(tsn)
+			if !ok {
+				return errors.Errorf("requested non-existent TSN %v", tsn)
+			}
+			if !c.acked && !c.abandoned() && c.missIndicator < 3 {
+				c.missIndicator++
+				if c.missIndicator == 3 {
+					if !a.inFastRecovery {
+						// 2)  If not in Fast Recovery, adjust the ssthresh and cwnd of the
+						//     destination address(es) to which the missing DATA chunks were
+						//     last sent, according to the formula described in Section 7.2.3.
+						a.inFastRecovery = true
+						a.fastRecoverExitPoint = htna
+						a.ssthresh = max32(a.cwnd/2, 4*a.mtu)
+						a.cwnd = a.ssthresh
+						a.partialBytesAcked = 0
+						a.willRetransmitFast = true
+
+						a.log.Tracef("[%s] updated cwnd=%d ssthresh=%d inflight=%d (FR)",
+							a.name, a.cwnd, a.ssthresh, a.inflightQueue.getNumBytes())
+					}
+				}
+			}
+		}
+	}
+
+	if a.inFastRecovery && cumTSNAckPointAdvanced {
+		a.willRetransmitFast = true
+	}
+
+	return nil
+}
+
+// The caller should hold the lock.
+func (a *Association) handleSack(d *chunkSelectiveAck) error {
+	a.log.Tracef("[%s] SACK: cumTSN=%d a_rwnd=%d", a.name, d.cumulativeTSNAck, d.advertisedReceiverWindowCredit)
+	state := a.getState()
+	if state != established {
+		return nil
+	}
+
+	a.stats.incSACKs()
+
+	if sna32GT(a.cumulativeTSNAckPoint, d.cumulativeTSNAck) {
+		// RFC 4960 sec 6.2.1.  Processing a Received SACK
+		// D)
+		//   i) If Cumulative TSN Ack is less than the Cumulative TSN Ack
+		//      Point, then drop the SACK.  Since Cumulative TSN Ack is
+		//      monotonically increasing, a SACK whose Cumulative TSN Ack is
+		//      less than the Cumulative TSN Ack Point indicates an out-of-
+		//      order SACK.
+
+		a.log.Debugf("[%s] SACK Cumulative ACK %v is older than ACK point %v",
+			a.name,
+			d.cumulativeTSNAck,
+			a.cumulativeTSNAckPoint)
+
+		return nil
+	}
+
+	// Process selective ack
+	bytesAckedPerStream, htna, err := a.processSelectiveAck(d)
+	if err != nil {
+		return err
+	}
+
+	var totalBytesAcked int
+	for _, nBytesAcked := range bytesAckedPerStream {
+		totalBytesAcked += nBytesAcked
+	}
+
+	cumTSNAckPointAdvanced := false
+	if sna32LT(a.cumulativeTSNAckPoint, d.cumulativeTSNAck) {
+		a.log.Tracef("[%s] SACK: cumTSN advanced: %d -> %d",
+			a.name,
+			a.cumulativeTSNAckPoint,
+			d.cumulativeTSNAck)
+
+		a.cumulativeTSNAckPoint = d.cumulativeTSNAck
+		cumTSNAckPointAdvanced = true
+		a.onCumulativeTSNAckPointAdvanced(totalBytesAcked)
+	}
+
+	for si, nBytesAcked := range bytesAckedPerStream {
+		if s, ok := a.streams[si]; ok {
+			a.lock.Unlock()
+			s.onBufferReleased(nBytesAcked)
+			a.lock.Lock()
+		}
+	}
+
+	// New rwnd value
+	// RFC 4960 sec 6.2.1.  Processing a Received SACK
+	// D)
+	//   ii) Set rwnd equal to the newly received a_rwnd minus the number
+	//       of bytes still outstanding after processing the Cumulative
+	//       TSN Ack and the Gap Ack Blocks.
+
+	// bytes acked were already subtracted by markAsAcked() method
+	bytesOutstanding := uint32(a.inflightQueue.getNumBytes())
+	if bytesOutstanding >= d.advertisedReceiverWindowCredit {
+		a.rwnd = 0
+	} else {
+		a.rwnd = d.advertisedReceiverWindowCredit - bytesOutstanding
+	}
+
+	err = a.processFastRetransmission(d.cumulativeTSNAck, htna, cumTSNAckPointAdvanced)
+	if err != nil {
+		return err
+	}
+
+	if a.useForwardTSN {
+		// RFC 3758 Sec 3.5 C1
+		if sna32LT(a.advancedPeerTSNAckPoint, a.cumulativeTSNAckPoint) {
+			a.advancedPeerTSNAckPoint = a.cumulativeTSNAckPoint
+		}
+
+		// RFC 3758 Sec 3.5 C2
+		for i := a.advancedPeerTSNAckPoint + 1; ; i++ {
+			c, ok := a.inflightQueue.get(i)
+			if !ok {
+				break
+			}
+			if !c.abandoned() {
+				break
+			}
+			a.advancedPeerTSNAckPoint = i
+		}
+
+		// RFC 3758 Sec 3.5 C3
+		if sna32GT(a.advancedPeerTSNAckPoint, a.cumulativeTSNAckPoint) {
+			a.willSendForwardTSN = true
+		}
+		a.awakeWriteLoop()
+	}
+
+	if a.inflightQueue.size() > 0 {
+		// Start timer. (noop if already started)
+		a.log.Tracef("[%s] T3-rtx timer start (pt3)", a.name)
+		a.t3RTX.start(a.rtoMgr.getRTO())
+	}
+
+	if cumTSNAckPointAdvanced {
+		a.awakeWriteLoop()
+	}
+
+	return nil
+}
+
+// createForwardTSN generates ForwardTSN chunk.
+// This method will be be called if useForwardTSN is set to false.
+// The caller should hold the lock.
+func (a *Association) createForwardTSN() *chunkForwardTSN {
+	// RFC 3758 Sec 3.5 C4
+	streamMap := map[uint16]uint16{} // to report only once per SI
+	for i := a.cumulativeTSNAckPoint + 1; sna32LTE(i, a.advancedPeerTSNAckPoint); i++ {
+		c, ok := a.inflightQueue.get(i)
+		if !ok {
+			break
+		}
+
+		ssn, ok := streamMap[c.streamIdentifier]
+		if !ok {
+			streamMap[c.streamIdentifier] = c.streamSequenceNumber
+		} else if sna16LT(ssn, c.streamSequenceNumber) {
+			// to report only once with greatest SSN
+			streamMap[c.streamIdentifier] = c.streamSequenceNumber
+		}
+	}
+
+	fwdtsn := &chunkForwardTSN{
+		newCumulativeTSN: a.advancedPeerTSNAckPoint,
+		streams:          []chunkForwardTSNStream{},
+	}
+
+	var streamStr string
+	for si, ssn := range streamMap {
+		streamStr += fmt.Sprintf("(si=%d ssn=%d)", si, ssn)
+		fwdtsn.streams = append(fwdtsn.streams, chunkForwardTSNStream{
+			identifier: si,
+			sequence:   ssn,
+		})
+	}
+	a.log.Tracef("[%s] building fwdtsn: newCumulativeTSN=%d cumTSN=%d - %s", a.name, fwdtsn.newCumulativeTSN, a.cumulativeTSNAckPoint, streamStr)
+
+	return fwdtsn
+}
+
+// createPacket wraps chunks in a packet.
+// The caller should hold the read lock.
+func (a *Association) createPacket(cs []chunk) *packet {
+	return &packet{
+		verificationTag: a.peerVerificationTag,
+		sourcePort:      a.sourcePort,
+		destinationPort: a.destinationPort,
+		chunks:          cs,
+	}
+}
+
+// The caller should hold the lock.
+func (a *Association) handleReconfig(c *chunkReconfig) ([]*packet, error) {
+	a.log.Tracef("[%s] handleReconfig", a.name)
+
+	pp := make([]*packet, 0)
+
+	p, err := a.handleReconfigParam(c.paramA)
+	if err != nil {
+		return nil, err
+	}
+	if p != nil {
+		pp = append(pp, p)
+	}
+
+	if c.paramB != nil {
+		p, err = a.handleReconfigParam(c.paramB)
+		if err != nil {
+			return nil, err
+		}
+		if p != nil {
+			pp = append(pp, p)
+		}
+	}
+	return pp, nil
+}
+
+// The caller should hold the lock.
+func (a *Association) handleForwardTSN(c *chunkForwardTSN) []*packet {
+	a.log.Tracef("[%s] FwdTSN: %s", a.name, c.String())
+
+	if !a.useForwardTSN {
+		a.log.Warn("[%s] received FwdTSN but not enabled")
+		// Return an error chunk
+		cerr := &chunkError{
+			errorCauses: []errorCause{&errorCauseUnrecognizedChunkType{}},
+		}
+		outbound := &packet{}
+		outbound.verificationTag = a.peerVerificationTag
+		outbound.sourcePort = a.sourcePort
+		outbound.destinationPort = a.destinationPort
+		outbound.chunks = []chunk{cerr}
+		return []*packet{outbound}
+	}
+
+	// From RFC 3758 Sec 3.6:
+	//   Note, if the "New Cumulative TSN" value carried in the arrived
+	//   FORWARD TSN chunk is found to be behind or at the current cumulative
+	//   TSN point, the data receiver MUST treat this FORWARD TSN as out-of-
+	//   date and MUST NOT update its Cumulative TSN.  The receiver SHOULD
+	//   send a SACK to its peer (the sender of the FORWARD TSN) since such a
+	//   duplicate may indicate the previous SACK was lost in the network.
+
+	a.log.Tracef("[%s] should send ack? newCumTSN=%d peerLastTSN=%d\n",
+		a.name, c.newCumulativeTSN, a.peerLastTSN)
+	if sna32LTE(c.newCumulativeTSN, a.peerLastTSN) {
+		a.log.Tracef("[%s] sending ack on Forward TSN", a.name)
+		a.ackState = ackStateImmediate
+		a.ackTimer.stop()
+		a.awakeWriteLoop()
+		return nil
+	}
+
+	// From RFC 3758 Sec 3.6:
+	//   the receiver MUST perform the same TSN handling, including duplicate
+	//   detection, gap detection, SACK generation, cumulative TSN
+	//   advancement, etc. as defined in RFC 2960 [2]---with the following
+	//   exceptions and additions.
+
+	//   When a FORWARD TSN chunk arrives, the data receiver MUST first update
+	//   its cumulative TSN point to the value carried in the FORWARD TSN
+	//   chunk,
+
+	// Advance peerLastTSN
+	for sna32LT(a.peerLastTSN, c.newCumulativeTSN) {
+		a.payloadQueue.pop(a.peerLastTSN + 1) // may not exist
+		a.peerLastTSN++
+	}
+
+	// Report new peerLastTSN value and abandoned largest SSN value to
+	// corresponding streams so that the abandoned chunks can be removed
+	// from the reassemblyQueue.
+	for _, forwarded := range c.streams {
+		if s, ok := a.streams[forwarded.identifier]; ok {
+			s.handleForwardTSNForOrdered(forwarded.sequence)
+		}
+	}
+
+	// TSN may be forewared for unordered chunks. ForwardTSN chunk does not
+	// report which stream identifier it skipped for unordered chunks.
+	// Therefore, we need to broadcast this event to all existing streams for
+	// unordered chunks.
+	// See https://github.com/pion/sctp/issues/106
+	for _, s := range a.streams {
+		s.handleForwardTSNForUnordered(c.newCumulativeTSN)
+	}
+
+	return a.handlePeerLastTSNAndAcknowledgement(false)
+}
+
+func (a *Association) sendResetRequest(streamIdentifier uint16) error {
+	a.lock.Lock()
+	defer a.lock.Unlock()
+
+	state := a.getState()
+	if state != established {
+		return errors.Errorf("sending reset packet in non-established state: state=%s",
+			getAssociationStateString(state))
+	}
+
+	// Create DATA chunk which only contains valid stream identifier with
+	// nil userData and use it as a EOS from the stream.
+	c := &chunkPayloadData{
+		streamIdentifier:  streamIdentifier,
+		beginningFragment: true,
+		endingFragment:    true,
+		userData:          nil,
+	}
+
+	a.pendingQueue.push(c)
+	a.awakeWriteLoop()
+	return nil
+}
+
+// The caller should hold the lock.
+func (a *Association) handleReconfigParam(raw param) (*packet, error) {
+	switch p := raw.(type) {
+	case *paramOutgoingResetRequest:
+		a.reconfigRequests[p.reconfigRequestSequenceNumber] = p
+		resp := a.resetStreamsIfAny(p)
+		if resp != nil {
+			return resp, nil
+		}
+		return nil, nil
+
+	case *paramReconfigResponse:
+		delete(a.reconfigs, p.reconfigResponseSequenceNumber)
+		if len(a.reconfigs) == 0 {
+			a.tReconfig.stop()
+		}
+		return nil, nil
+	default:
+		return nil, errors.Errorf("unexpected parameter type %T", p)
+	}
+}
+
+// The caller should hold the lock.
+func (a *Association) resetStreamsIfAny(p *paramOutgoingResetRequest) *packet {
+	result := reconfigResultSuccessPerformed
+	if sna32LTE(p.senderLastTSN, a.peerLastTSN) {
+		a.log.Debugf("[%s] resetStream(): senderLastTSN=%d <= peerLastTSN=%d",
+			a.name, p.senderLastTSN, a.peerLastTSN)
+		for _, id := range p.streamIdentifiers {
+			s, ok := a.streams[id]
+			if !ok {
+				continue
+			}
+			a.unregisterStream(s, io.EOF)
+		}
+		delete(a.reconfigRequests, p.reconfigRequestSequenceNumber)
+	} else {
+		a.log.Debugf("[%s] resetStream(): senderLastTSN=%d > peerLastTSN=%d",
+			a.name, p.senderLastTSN, a.peerLastTSN)
+		result = reconfigResultInProgress
+	}
+
+	return a.createPacket([]chunk{&chunkReconfig{
+		paramA: &paramReconfigResponse{
+			reconfigResponseSequenceNumber: p.reconfigRequestSequenceNumber,
+			result:                         result,
+		},
+	}})
+}
+
+// Move the chunk peeked with a.pendingQueue.peek() to the inflightQueue.
+// The caller should hold the lock.
+func (a *Association) movePendingDataChunkToInflightQueue(c *chunkPayloadData) {
+	if err := a.pendingQueue.pop(c); err != nil {
+		a.log.Errorf("[%s] failed to pop from pending queue: %s", a.name, err.Error())
+	}
+
+	// Mark all fragements are in-flight now
+	if c.endingFragment {
+		c.setAllInflight()
+	}
+
+	// Assign TSN
+	c.tsn = a.generateNextTSN()
+
+	c.since = time.Now() // use to calculate RTT and also for maxPacketLifeTime
+	c.nSent = 1          // being sent for the first time
+
+	a.checkPartialReliabilityStatus(c)
+
+	a.log.Tracef("[%s] sending ppi=%d tsn=%d ssn=%d sent=%d len=%d (%v,%v)",
+		a.name, c.payloadType, c.tsn, c.streamSequenceNumber, c.nSent, len(c.userData), c.beginningFragment, c.endingFragment)
+
+	// Push it into the inflightQueue
+	a.inflightQueue.pushNoCheck(c)
+}
+
+// popPendingDataChunksToSend pops chunks from the pending queues as many as
+// the cwnd and rwnd allows to send.
+// The caller should hold the lock.
+func (a *Association) popPendingDataChunksToSend() ([]*chunkPayloadData, []uint16) {
+	chunks := []*chunkPayloadData{}
+	var sisToReset []uint16 // stream identifieres to reset
+
+	if a.pendingQueue.size() > 0 {
+		// RFC 4960 sec 6.1.  Transmission of DATA Chunks
+		//   A) At any given time, the data sender MUST NOT transmit new data to
+		//      any destination transport address if its peer's rwnd indicates
+		//      that the peer has no buffer space (i.e., rwnd is 0; see Section
+		//      6.2.1).  However, regardless of the value of rwnd (including if it
+		//      is 0), the data sender can always have one DATA chunk in flight to
+		//      the receiver if allowed by cwnd (see rule B, below).
+
+		for {
+			c := a.pendingQueue.peek()
+			if c == nil {
+				break // no more pending data
+			}
+
+			dataLen := uint32(len(c.userData))
+			if dataLen == 0 {
+				sisToReset = append(sisToReset, c.streamIdentifier)
+				err := a.pendingQueue.pop(c)
+				if err != nil {
+					a.log.Errorf("failed to pop from pending queue: %s", err.Error())
+				}
+				continue
+			}
+
+			if uint32(a.inflightQueue.getNumBytes())+dataLen > a.cwnd {
+				break // would exceeds cwnd
+			}
+
+			if dataLen > a.rwnd {
+				break // no more rwnd
+			}
+
+			a.rwnd -= dataLen
+
+			a.movePendingDataChunkToInflightQueue(c)
+			chunks = append(chunks, c)
+		}
+
+		// the data sender can always have one DATA chunk in flight to the receiver
+		if len(chunks) == 0 && a.inflightQueue.size() == 0 {
+			// Send zero window probe
+			c := a.pendingQueue.peek()
+			if c != nil {
+				a.movePendingDataChunkToInflightQueue(c)
+				chunks = append(chunks, c)
+			}
+		}
+	}
+
+	return chunks, sisToReset
+}
+
+// bundleDataChunksIntoPackets packs DATA chunks into packets. It tries to bundle
+// DATA chunks into a packet so long as the resulting packet size does not exceed
+// the path MTU.
+// The caller should hold the lock.
+func (a *Association) bundleDataChunksIntoPackets(chunks []*chunkPayloadData) []*packet {
+	packets := []*packet{}
+	chunksToSend := []chunk{}
+	bytesInPacket := int(commonHeaderSize)
+
+	for _, c := range chunks {
+		// RFC 4960 sec 6.1.  Transmission of DATA Chunks
+		//   Multiple DATA chunks committed for transmission MAY be bundled in a
+		//   single packet.  Furthermore, DATA chunks being retransmitted MAY be
+		//   bundled with new DATA chunks, as long as the resulting packet size
+		//   does not exceed the path MTU.
+		if bytesInPacket+len(c.userData) > int(a.mtu) {
+			packets = append(packets, a.createPacket(chunksToSend))
+			chunksToSend = []chunk{}
+			bytesInPacket = int(commonHeaderSize)
+		}
+
+		chunksToSend = append(chunksToSend, c)
+		bytesInPacket += int(dataChunkHeaderSize) + len(c.userData)
+	}
+
+	if len(chunksToSend) > 0 {
+		packets = append(packets, a.createPacket(chunksToSend))
+	}
+
+	return packets
+}
+
+// sendPayloadData sends the data chunks.
+func (a *Association) sendPayloadData(chunks []*chunkPayloadData) error {
+	a.lock.Lock()
+	defer a.lock.Unlock()
+
+	state := a.getState()
+	if state != established {
+		return errors.Errorf("sending payload data in non-established state: state=%s",
+			getAssociationStateString(state))
+	}
+
+	// Push the chunks into the pending queue first.
+	for _, c := range chunks {
+		a.pendingQueue.push(c)
+	}
+
+	a.awakeWriteLoop()
+	return nil
+}
+
+// The caller should hold the lock.
+func (a *Association) checkPartialReliabilityStatus(c *chunkPayloadData) {
+	if !a.useForwardTSN {
+		return
+	}
+
+	// draft-ietf-rtcweb-data-protocol-09.txt section 6
+	//	6.  Procedures
+	//		All Data Channel Establishment Protocol messages MUST be sent using
+	//		ordered delivery and reliable transmission.
+	//
+	if c.payloadType == PayloadTypeWebRTCDCEP {
+		return
+	}
+
+	// PR-SCTP
+	if s, ok := a.streams[c.streamIdentifier]; ok {
+		s.lock.RLock()
+		if s.reliabilityType == ReliabilityTypeRexmit {
+			if c.nSent >= s.reliabilityValue {
+				c.setAbandoned(true)
+				a.log.Tracef("[%s] marked as abandoned: tsn=%d ppi=%d (remix: %d)", a.name, c.tsn, c.payloadType, c.nSent)
+			}
+		} else if s.reliabilityType == ReliabilityTypeTimed {
+			elapsed := int64(time.Since(c.since).Seconds() * 1000)
+			if elapsed >= int64(s.reliabilityValue) {
+				c.setAbandoned(true)
+				a.log.Tracef("[%s] marked as abandoned: tsn=%d ppi=%d (timed: %d)", a.name, c.tsn, c.payloadType, elapsed)
+			}
+		}
+		s.lock.RUnlock()
+	} else {
+		a.log.Errorf("[%s] stream %d not found)", a.name, c.streamIdentifier)
+	}
+}
+
+// getDataPacketsToRetransmit is called when T3-rtx is timed out and retransmit outstanding data chunks
+// that are not acked or abandoned yet.
+// The caller should hold the lock.
+func (a *Association) getDataPacketsToRetransmit() []*packet {
+	awnd := min32(a.cwnd, a.rwnd)
+	chunks := []*chunkPayloadData{}
+	var bytesToSend int
+	var done bool
+
+	for i := 0; !done; i++ {
+		c, ok := a.inflightQueue.get(a.cumulativeTSNAckPoint + uint32(i) + 1)
+		if !ok {
+			break // end of pending data
+		}
+
+		if !c.retransmit {
+			continue
+		}
+
+		if i == 0 && int(a.rwnd) < len(c.userData) {
+			// Send it as a zero window probe
+			done = true
+		} else if bytesToSend+len(c.userData) > int(awnd) {
+			break
+		}
+
+		// reset the retransmit flag not to retransmit again before the next
+		// t3-rtx timer fires
+		c.retransmit = false
+		bytesToSend += len(c.userData)
+
+		c.nSent++
+
+		a.checkPartialReliabilityStatus(c)
+
+		a.log.Tracef("[%s] retransmitting tsn=%d ssn=%d sent=%d", a.name, c.tsn, c.streamSequenceNumber, c.nSent)
+
+		chunks = append(chunks, c)
+	}
+
+	return a.bundleDataChunksIntoPackets(chunks)
+}
+
+// generateNextTSN returns the myNextTSN and increases it. The caller should hold the lock.
+// The caller should hold the lock.
+func (a *Association) generateNextTSN() uint32 {
+	tsn := a.myNextTSN
+	a.myNextTSN++
+	return tsn
+}
+
+// generateNextRSN returns the myNextRSN and increases it. The caller should hold the lock.
+// The caller should hold the lock.
+func (a *Association) generateNextRSN() uint32 {
+	rsn := a.myNextRSN
+	a.myNextRSN++
+	return rsn
+}
+
+func (a *Association) createSelectiveAckChunk() *chunkSelectiveAck {
+	sack := &chunkSelectiveAck{}
+	sack.cumulativeTSNAck = a.peerLastTSN
+	sack.advertisedReceiverWindowCredit = a.getMyReceiverWindowCredit()
+	sack.duplicateTSN = a.payloadQueue.popDuplicates()
+	sack.gapAckBlocks = a.payloadQueue.getGapAckBlocks(a.peerLastTSN)
+	return sack
+}
+
+func pack(p *packet) []*packet {
+	return []*packet{p}
+}
+
+func (a *Association) handleChunkStart() {
+	a.lock.Lock()
+	defer a.lock.Unlock()
+
+	a.delayedAckTriggered = false
+	a.immediateAckTriggered = false
+}
+
+func (a *Association) handleChunkEnd() {
+	a.lock.Lock()
+	defer a.lock.Unlock()
+
+	if a.immediateAckTriggered {
+		// Send SACK now!
+		a.ackState = ackStateImmediate
+		a.ackTimer.stop()
+		a.awakeWriteLoop()
+	} else if a.delayedAckTriggered {
+		// Will send delayed ack in the next ack timeout
+		a.ackState = ackStateDelay
+		a.ackTimer.start()
+	}
+}
+
+func (a *Association) handleChunk(p *packet, c chunk) error {
+	a.lock.Lock()
+	defer a.lock.Unlock()
+
+	var packets []*packet
+	var err error
+
+	if _, err = c.check(); err != nil {
+		a.log.Errorf("[ %s ] failed validating chunk: %s ", a.name, err)
+		return nil
+	}
+
+	switch c := c.(type) {
+	case *chunkInit:
+		packets, err = a.handleInit(p, c)
+
+	case *chunkInitAck:
+		err = a.handleInitAck(p, c)
+
+	case *chunkAbort:
+		var errStr string
+		for _, e := range c.errorCauses {
+			errStr += fmt.Sprintf("(%s)", e)
+		}
+		return fmt.Errorf("[%s] %w: %s", a.name, errChunk, errStr)
+
+	case *chunkError:
+		var errStr string
+		for _, e := range c.errorCauses {
+			errStr += fmt.Sprintf("(%s)", e)
+		}
+		a.log.Debugf("[%s] Error chunk, with following errors: %s", a.name, errStr)
+
+	case *chunkHeartbeat:
+		packets = a.handleHeartbeat(c)
+
+	case *chunkCookieEcho:
+		packets = a.handleCookieEcho(c)
+
+	case *chunkCookieAck:
+		a.handleCookieAck()
+
+	case *chunkPayloadData:
+		packets = a.handleData(c)
+
+	case *chunkSelectiveAck:
+		err = a.handleSack(c)
+
+	case *chunkReconfig:
+		packets, err = a.handleReconfig(c)
+
+	case *chunkForwardTSN:
+		packets = a.handleForwardTSN(c)
+
+	default:
+		err = errors.Errorf("unhandled chunk type")
+	}
+
+	// Log and return, the only condition that is fatal is a ABORT chunk
+	if err != nil {
+		a.log.Errorf("Failed to handle chunk: %v", err)
+		return nil
+	}
+
+	if len(packets) > 0 {
+		a.controlQueue.pushAll(packets)
+		a.awakeWriteLoop()
+	}
+
+	return nil
+}
+
+func (a *Association) onRetransmissionTimeout(id int, nRtos uint) {
+	a.lock.Lock()
+	defer a.lock.Unlock()
+
+	if id == timerT1Init {
+		err := a.sendInit()
+		if err != nil {
+			a.log.Debugf("[%s] failed to retransmit init (nRtos=%d): %v", a.name, nRtos, err)
+		}
+		return
+	}
+
+	if id == timerT1Cookie {
+		err := a.sendCookieEcho()
+		if err != nil {
+			a.log.Debugf("[%s] failed to retransmit cookie-echo (nRtos=%d): %v", a.name, nRtos, err)
+		}
+		return
+	}
+
+	if id == timerT3RTX {
+		a.stats.incT3Timeouts()
+
+		// RFC 4960 sec 6.3.3
+		//  E1)  For the destination address for which the timer expires, adjust
+		//       its ssthresh with rules defined in Section 7.2.3 and set the
+		//       cwnd <- MTU.
+		// RFC 4960 sec 7.2.3
+		//   When the T3-rtx timer expires on an address, SCTP should perform slow
+		//   start by:
+		//      ssthresh = max(cwnd/2, 4*MTU)
+		//      cwnd = 1*MTU
+
+		a.ssthresh = max32(a.cwnd/2, 4*a.mtu)
+		a.cwnd = a.mtu
+		a.log.Tracef("[%s] updated cwnd=%d ssthresh=%d inflight=%d (RTO)",
+			a.name, a.cwnd, a.ssthresh, a.inflightQueue.getNumBytes())
+
+		// RFC 3758 sec 3.5
+		//  A5) Any time the T3-rtx timer expires, on any destination, the sender
+		//  SHOULD try to advance the "Advanced.Peer.Ack.Point" by following
+		//  the procedures outlined in C2 - C5.
+		if a.useForwardTSN {
+			// RFC 3758 Sec 3.5 C2
+			for i := a.advancedPeerTSNAckPoint + 1; ; i++ {
+				c, ok := a.inflightQueue.get(i)
+				if !ok {
+					break
+				}
+				if !c.abandoned() {
+					break
+				}
+				a.advancedPeerTSNAckPoint = i
+			}
+
+			// RFC 3758 Sec 3.5 C3
+			if sna32GT(a.advancedPeerTSNAckPoint, a.cumulativeTSNAckPoint) {
+				a.willSendForwardTSN = true
+			}
+		}
+
+		a.log.Debugf("[%s] T3-rtx timed out: nRtos=%d cwnd=%d ssthresh=%d", a.name, nRtos, a.cwnd, a.ssthresh)
+
+		/*
+			a.log.Debugf("   - advancedPeerTSNAckPoint=%d", a.advancedPeerTSNAckPoint)
+			a.log.Debugf("   - cumulativeTSNAckPoint=%d", a.cumulativeTSNAckPoint)
+			a.inflightQueue.updateSortedKeys()
+			for i, tsn := range a.inflightQueue.sorted {
+				if c, ok := a.inflightQueue.get(tsn); ok {
+					a.log.Debugf("   - [%d] tsn=%d acked=%v abandoned=%v (%v,%v) len=%d",
+						i, c.tsn, c.acked, c.abandoned(), c.beginningFragment, c.endingFragment, len(c.userData))
+				}
+			}
+		*/
+
+		a.inflightQueue.markAllToRetrasmit()
+		a.awakeWriteLoop()
+
+		return
+	}
+
+	if id == timerReconfig {
+		a.willRetransmitReconfig = true
+		a.awakeWriteLoop()
+	}
+}
+
+func (a *Association) onRetransmissionFailure(id int) {
+	a.lock.Lock()
+	defer a.lock.Unlock()
+
+	if id == timerT1Init {
+		a.log.Errorf("[%s] retransmission failure: T1-init", a.name)
+		a.handshakeCompletedCh <- errors.Errorf("handshake failed (INIT ACK)")
+		return
+	}
+
+	if id == timerT1Cookie {
+		a.log.Errorf("[%s] retransmission failure: T1-cookie", a.name)
+		a.handshakeCompletedCh <- errors.Errorf("handshake failed (COOKIE ECHO)")
+		return
+	}
+
+	if id == timerT3RTX {
+		// T3-rtx timer will not fail by design
+		// Justifications:
+		//  * ICE would fail if the connectivity is lost
+		//  * WebRTC spec is not clear how this incident should be reported to ULP
+		a.log.Errorf("[%s] retransmission failure: T3-rtx (DATA)", a.name)
+		return
+	}
+}
+
+func (a *Association) onAckTimeout() {
+	a.lock.Lock()
+	defer a.lock.Unlock()
+
+	a.log.Tracef("[%s] ack timed out (ackState: %d)", a.name, a.ackState)
+	a.stats.incAckTimeouts()
+
+	a.ackState = ackStateImmediate
+	a.awakeWriteLoop()
+}
+
+// bufferedAmount returns total amount (in bytes) of currently buffered user data.
+// This is used only by testing.
+func (a *Association) bufferedAmount() int {
+	a.lock.RLock()
+	defer a.lock.RUnlock()
+
+	return a.pendingQueue.getNumBytes() + a.inflightQueue.getNumBytes()
+}
+
+// MaxMessageSize returns the maximum message size you can send.
+func (a *Association) MaxMessageSize() uint32 {
+	return atomic.LoadUint32(&a.maxMessageSize)
+}
+
+// SetMaxMessageSize sets the maximum message size you can send.
+func (a *Association) SetMaxMessageSize(maxMsgSize uint32) {
+	atomic.StoreUint32(&a.maxMessageSize, maxMsgSize)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/association_stats.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/association_stats.go
new file mode 100644
index 000000000..4ccb7be99
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/association_stats.go
@@ -0,0 +1,61 @@
+package sctp
+
+import (
+	"sync/atomic"
+)
+
+type associationStats struct {
+	nDATAs       uint64
+	nSACKs       uint64
+	nT3Timeouts  uint64
+	nAckTimeouts uint64
+	nFastRetrans uint64
+}
+
+func (s *associationStats) incDATAs() {
+	atomic.AddUint64(&s.nDATAs, 1)
+}
+
+func (s *associationStats) getNumDATAs() uint64 {
+	return atomic.LoadUint64(&s.nDATAs)
+}
+
+func (s *associationStats) incSACKs() {
+	atomic.AddUint64(&s.nSACKs, 1)
+}
+
+func (s *associationStats) getNumSACKs() uint64 {
+	return atomic.LoadUint64(&s.nSACKs)
+}
+
+func (s *associationStats) incT3Timeouts() {
+	atomic.AddUint64(&s.nT3Timeouts, 1)
+}
+
+func (s *associationStats) getNumT3Timeouts() uint64 {
+	return atomic.LoadUint64(&s.nT3Timeouts)
+}
+
+func (s *associationStats) incAckTimeouts() {
+	atomic.AddUint64(&s.nAckTimeouts, 1)
+}
+
+func (s *associationStats) getNumAckTimeouts() uint64 {
+	return atomic.LoadUint64(&s.nAckTimeouts)
+}
+
+func (s *associationStats) incFastRetrans() {
+	atomic.AddUint64(&s.nFastRetrans, 1)
+}
+
+func (s *associationStats) getNumFastRetrans() uint64 {
+	return atomic.LoadUint64(&s.nFastRetrans)
+}
+
+func (s *associationStats) reset() {
+	atomic.StoreUint64(&s.nDATAs, 0)
+	atomic.StoreUint64(&s.nSACKs, 0)
+	atomic.StoreUint64(&s.nT3Timeouts, 0)
+	atomic.StoreUint64(&s.nAckTimeouts, 0)
+	atomic.StoreUint64(&s.nFastRetrans, 0)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/chunk.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/chunk.go
new file mode 100644
index 000000000..ec47da17a
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/chunk.go
@@ -0,0 +1,9 @@
+package sctp
+
+type chunk interface {
+	unmarshal(raw []byte) error
+	marshal() ([]byte, error)
+	check() (bool, error)
+
+	valueLength() int
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/chunk_abort.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/chunk_abort.go
new file mode 100644
index 000000000..9fd46921d
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/chunk_abort.go
@@ -0,0 +1,88 @@
+package sctp // nolint:dupl
+
+import (
+	"fmt"
+
+	"github.com/pkg/errors"
+)
+
+/*
+Abort represents an SCTP Chunk of type ABORT
+
+The ABORT chunk is sent to the peer of an association to close the
+association.  The ABORT chunk may contain Cause Parameters to inform
+the receiver about the reason of the abort.  DATA chunks MUST NOT be
+bundled with ABORT.  Control chunks (except for INIT, INIT ACK, and
+SHUTDOWN COMPLETE) MAY be bundled with an ABORT, but they MUST be
+placed before the ABORT in the SCTP packet or they will be ignored by
+the receiver.
+
+ 0                   1                   2                   3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+|   Type = 6    |Reserved     |T|           Length              |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+|                                                               |
+|                   zero or more Error Causes                   |
+|                                                               |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+*/
+type chunkAbort struct {
+	chunkHeader
+	errorCauses []errorCause
+}
+
+func (a *chunkAbort) unmarshal(raw []byte) error {
+	if err := a.chunkHeader.unmarshal(raw); err != nil {
+		return err
+	}
+
+	if a.typ != ctAbort {
+		return errors.Errorf("ChunkType is not of type ABORT, actually is %s", a.typ.String())
+	}
+
+	offset := chunkHeaderSize
+	for {
+		if len(raw)-offset < 4 {
+			break
+		}
+
+		e, err := buildErrorCause(raw[offset:])
+		if err != nil {
+			return errors.Wrap(err, "Failed build Abort Chunk")
+		}
+
+		offset += int(e.length())
+		a.errorCauses = append(a.errorCauses, e)
+	}
+	return nil
+}
+
+func (a *chunkAbort) marshal() ([]byte, error) {
+	a.chunkHeader.typ = ctAbort
+	a.flags = 0x00
+	a.raw = []byte{}
+	for _, ec := range a.errorCauses {
+		raw, err := ec.marshal()
+		if err != nil {
+			return nil, err
+		}
+		a.raw = append(a.raw, raw...)
+	}
+	return a.chunkHeader.marshal()
+}
+
+func (a *chunkAbort) check() (abort bool, err error) {
+	return false, nil
+}
+
+// String makes chunkAbort printable
+func (a *chunkAbort) String() string {
+	res := a.chunkHeader.String()
+
+	for _, cause := range a.errorCauses {
+		res += fmt.Sprintf("\n - %s", cause)
+	}
+
+	return res
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/chunk_cookie_ack.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/chunk_cookie_ack.go
new file mode 100644
index 000000000..83b6f71a2
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/chunk_cookie_ack.go
@@ -0,0 +1,44 @@
+package sctp
+
+import (
+	"github.com/pkg/errors"
+)
+
+/*
+chunkCookieAck represents an SCTP Chunk of type chunkCookieAck
+
+ 0                   1                   2                   3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+|   Type = 11   |Chunk  Flags   |     Length = 4                |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+*/
+type chunkCookieAck struct {
+	chunkHeader
+}
+
+func (c *chunkCookieAck) unmarshal(raw []byte) error {
+	if err := c.chunkHeader.unmarshal(raw); err != nil {
+		return err
+	}
+
+	if c.typ != ctCookieAck {
+		return errors.Errorf("ChunkType is not of type COOKIEACK, actually is %s", c.typ.String())
+	}
+
+	return nil
+}
+
+func (c *chunkCookieAck) marshal() ([]byte, error) {
+	c.chunkHeader.typ = ctCookieAck
+	return c.chunkHeader.marshal()
+}
+
+func (c *chunkCookieAck) check() (abort bool, err error) {
+	return false, nil
+}
+
+// String makes chunkCookieAck printable
+func (c *chunkCookieAck) String() string {
+	return c.chunkHeader.String()
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/chunk_cookie_echo.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/chunk_cookie_echo.go
new file mode 100644
index 000000000..3f0ed3655
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/chunk_cookie_echo.go
@@ -0,0 +1,46 @@
+package sctp
+
+import (
+	"github.com/pkg/errors"
+)
+
+/*
+CookieEcho represents an SCTP Chunk of type CookieEcho
+
+ 0                   1                   2                   3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+|   Type = 10   |Chunk  Flags   |         Length                |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+|                     Cookie                                    |
+|                                                               |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+*/
+type chunkCookieEcho struct {
+	chunkHeader
+	cookie []byte
+}
+
+func (c *chunkCookieEcho) unmarshal(raw []byte) error {
+	if err := c.chunkHeader.unmarshal(raw); err != nil {
+		return err
+	}
+
+	if c.typ != ctCookieEcho {
+		return errors.Errorf("ChunkType is not of type COOKIEECHO, actually is %s", c.typ.String())
+	}
+	c.cookie = c.raw
+
+	return nil
+}
+
+func (c *chunkCookieEcho) marshal() ([]byte, error) {
+	c.chunkHeader.typ = ctCookieEcho
+	c.chunkHeader.raw = c.cookie
+	return c.chunkHeader.marshal()
+}
+
+func (c *chunkCookieEcho) check() (abort bool, err error) {
+	return false, nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/chunk_error.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/chunk_error.go
new file mode 100644
index 000000000..eb29324cf
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/chunk_error.go
@@ -0,0 +1,95 @@
+package sctp // nolint:dupl
+
+import (
+	"fmt"
+
+	"github.com/pkg/errors"
+)
+
+/*
+   Operation Error (ERROR) (9)
+
+   An endpoint sends this chunk to its peer endpoint to notify it of
+   certain error conditions.  It contains one or more error causes.  An
+   Operation Error is not considered fatal in and of itself, but may be
+   used with an ERROR chunk to report a fatal condition.  It has the
+   following parameters:
+
+        0                   1                   2                   3
+        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+       |   Type = 9    | Chunk  Flags  |           Length              |
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+       \                                                               \
+       /                    one or more Error Causes                   /
+       \                                                               \
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Chunk Flags: 8 bits
+
+      Set to 0 on transmit and ignored on receipt.
+
+   Length: 16 bits (unsigned integer)
+
+      Set to the size of the chunk in bytes, including the chunk header
+      and all the Error Cause fields present.
+*/
+type chunkError struct {
+	chunkHeader
+	errorCauses []errorCause
+}
+
+func (a *chunkError) unmarshal(raw []byte) error {
+	if err := a.chunkHeader.unmarshal(raw); err != nil {
+		return err
+	}
+
+	if a.typ != ctError {
+		return errors.Errorf("ChunkType is not of type ctError, actually is %s", a.typ.String())
+	}
+
+	offset := chunkHeaderSize
+	for {
+		if len(raw)-offset < 4 {
+			break
+		}
+
+		e, err := buildErrorCause(raw[offset:])
+		if err != nil {
+			return errors.Wrap(err, "Failed build Error Chunk")
+		}
+
+		offset += int(e.length())
+		a.errorCauses = append(a.errorCauses, e)
+	}
+	return nil
+}
+
+func (a *chunkError) marshal() ([]byte, error) {
+	a.chunkHeader.typ = ctError
+	a.flags = 0x00
+	a.raw = []byte{}
+	for _, ec := range a.errorCauses {
+		raw, err := ec.marshal()
+		if err != nil {
+			return nil, err
+		}
+		a.raw = append(a.raw, raw...)
+	}
+	return a.chunkHeader.marshal()
+}
+
+func (a *chunkError) check() (abort bool, err error) {
+	return false, nil
+}
+
+// String makes chunkError printable
+func (a *chunkError) String() string {
+	res := a.chunkHeader.String()
+
+	for _, cause := range a.errorCauses {
+		res += fmt.Sprintf("\n - %s", cause)
+	}
+
+	return res
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/chunk_forward_tsn.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/chunk_forward_tsn.go
new file mode 100644
index 000000000..f6ff357f1
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/chunk_forward_tsn.go
@@ -0,0 +1,145 @@
+package sctp
+
+import (
+	"encoding/binary"
+	"fmt"
+
+	"github.com/pkg/errors"
+)
+
+// This chunk shall be used by the data sender to inform the data
+// receiver to adjust its cumulative received TSN point forward because
+// some missing TSNs are associated with data chunks that SHOULD NOT be
+// transmitted or retransmitted by the sender.
+//
+//  0                   1                   2                   3
+//  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+// |   Type = 192  |  Flags = 0x00 |        Length = Variable      |
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+// |                      New Cumulative TSN                       |
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+// |         Stream-1              |       Stream Sequence-1       |
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+// \                                                               /
+// /                                                               \
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+// |         Stream-N              |       Stream Sequence-N       |
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+type chunkForwardTSN struct {
+	chunkHeader
+
+	// This indicates the new cumulative TSN to the data receiver.  Upon
+	// the reception of this value, the data receiver MUST consider
+	// any missing TSNs earlier than or equal to this value as received,
+	// and stop reporting them as gaps in any subsequent SACKs.
+	newCumulativeTSN uint32
+
+	streams []chunkForwardTSNStream
+}
+
+const (
+	newCumulativeTSNLength = 4
+	forwardTSNStreamLength = 4
+)
+
+var errMarshalStreamFailed = errors.New("failed to marshal stream")
+
+func (c *chunkForwardTSN) unmarshal(raw []byte) error {
+	if err := c.chunkHeader.unmarshal(raw); err != nil {
+		return err
+	}
+
+	if len(c.raw) < newCumulativeTSNLength {
+		return errors.New("chunk to short")
+	}
+
+	c.newCumulativeTSN = binary.BigEndian.Uint32(c.raw[0:])
+
+	offset := newCumulativeTSNLength
+	remaining := len(c.raw) - offset
+	for remaining > 0 {
+		s := chunkForwardTSNStream{}
+
+		if err := s.unmarshal(c.raw[offset:]); err != nil {
+			return fmt.Errorf("failed to unmarshal stream: %w", err)
+		}
+
+		c.streams = append(c.streams, s)
+
+		offset += s.length()
+		remaining -= s.length()
+	}
+
+	return nil
+}
+
+func (c *chunkForwardTSN) marshal() ([]byte, error) {
+	out := make([]byte, newCumulativeTSNLength)
+	binary.BigEndian.PutUint32(out[0:], c.newCumulativeTSN)
+
+	for _, s := range c.streams {
+		b, err := s.marshal()
+		if err != nil {
+			return nil, fmt.Errorf("%w: %v", errMarshalStreamFailed, err)
+		}
+		out = append(out, b...)
+	}
+
+	c.typ = ctForwardTSN
+	c.raw = out
+	return c.chunkHeader.marshal()
+}
+
+func (c *chunkForwardTSN) check() (abort bool, err error) {
+	return true, nil
+}
+
+// String makes chunkForwardTSN printable
+func (c *chunkForwardTSN) String() string {
+	res := fmt.Sprintf("New Cumulative TSN: %d\n", c.newCumulativeTSN)
+	for _, s := range c.streams {
+		res += fmt.Sprintf(" - si=%d, ssn=%d\n", s.identifier, s.sequence)
+	}
+	return res
+}
+
+type chunkForwardTSNStream struct {
+	// This field holds a stream number that was skipped by this
+	// FWD-TSN.
+	identifier uint16
+
+	// This field holds the sequence number associated with the stream
+	// that was skipped.  The stream sequence field holds the largest
+	// stream sequence number in this stream being skipped.  The receiver
+	// of the FWD-TSN's can use the Stream-N and Stream Sequence-N fields
+	// to enable delivery of any stranded TSN's that remain on the stream
+	// re-ordering queues.  This field MUST NOT report TSN's corresponding
+	// to DATA chunks that are marked as unordered.  For ordered DATA
+	// chunks this field MUST be filled in.
+	sequence uint16
+}
+
+func (s *chunkForwardTSNStream) length() int {
+	return forwardTSNStreamLength
+}
+
+func (s *chunkForwardTSNStream) unmarshal(raw []byte) error {
+	if len(raw) < forwardTSNStreamLength {
+		return errors.New("stream to short")
+	}
+	s.identifier = binary.BigEndian.Uint16(raw[0:])
+	s.sequence = binary.BigEndian.Uint16(raw[2:])
+
+	return nil
+}
+
+func (s *chunkForwardTSNStream) marshal() ([]byte, error) { // nolint:unparam
+	out := make([]byte, forwardTSNStreamLength)
+
+	binary.BigEndian.PutUint16(out[0:], s.identifier)
+	binary.BigEndian.PutUint16(out[2:], s.sequence)
+
+	return out, nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/chunk_heartbeat.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/chunk_heartbeat.go
new file mode 100644
index 000000000..f2026a408
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/chunk_heartbeat.go
@@ -0,0 +1,75 @@
+package sctp
+
+import (
+	"github.com/pkg/errors"
+)
+
+/*
+chunkHeartbeat represents an SCTP Chunk of type HEARTBEAT
+
+An endpoint should send this chunk to its peer endpoint to probe the
+reachability of a particular destination transport address defined in
+the present association.
+
+The parameter field contains the Heartbeat Information, which is a
+variable-length opaque data structure understood only by the sender.
+
+
+ 0                   1                   2                   3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+|   Type = 4    | Chunk  Flags  |      Heartbeat Length         |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+|                                                               |
+|            Heartbeat Information TLV (Variable-Length)        |
+|                                                               |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+Defined as a variable-length parameter using the format described
+in Section 3.2.1, i.e.:
+
+Variable Parameters                  Status     Type Value
+-------------------------------------------------------------
+heartbeat Info                       Mandatory   1
+
+*/
+type chunkHeartbeat struct {
+	chunkHeader
+	params []param
+}
+
+func (h *chunkHeartbeat) unmarshal(raw []byte) error {
+	if err := h.chunkHeader.unmarshal(raw); err != nil {
+		return err
+	} else if h.typ != ctHeartbeat {
+		return errors.Errorf("ChunkType is not of type HEARTBEAT, actually is %s", h.typ.String())
+	}
+
+	if len(raw) <= chunkHeaderSize {
+		return errors.Errorf("Heartbeat is not long enough to contain Heartbeat Info %d", len(raw))
+	}
+
+	pType, err := parseParamType(raw[chunkHeaderSize:])
+	if err != nil {
+		return errors.Wrap(err, "failed to parse param type")
+	}
+	if pType != heartbeatInfo {
+		return errors.Errorf("Heartbeat should only have HEARTBEAT param, instead have %s", pType.String())
+	}
+
+	p, err := buildParam(pType, raw[chunkHeaderSize:])
+	if err != nil {
+		return errors.Wrap(err, "Failed unmarshalling param in Heartbeat Chunk")
+	}
+	h.params = append(h.params, p)
+
+	return nil
+}
+
+func (h *chunkHeartbeat) Marshal() ([]byte, error) {
+	return nil, errors.Errorf("Unimplemented")
+}
+
+func (h *chunkHeartbeat) check() (abort bool, err error) {
+	return false, nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/chunk_heartbeat_ack.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/chunk_heartbeat_ack.go
new file mode 100644
index 000000000..ff840903e
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/chunk_heartbeat_ack.go
@@ -0,0 +1,86 @@
+package sctp
+
+import (
+	"github.com/pkg/errors"
+)
+
+/*
+chunkHeartbeatAck represents an SCTP Chunk of type HEARTBEAT ACK
+
+An endpoint should send this chunk to its peer endpoint as a response
+to a HEARTBEAT chunk (see Section 8.3).  A HEARTBEAT ACK is always
+sent to the source IP address of the IP datagram containing the
+HEARTBEAT chunk to which this ack is responding.
+
+The parameter field contains a variable-length opaque data structure.
+
+ 0                   1                   2                   3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+|   Type = 5    | Chunk  Flags  |    Heartbeat Ack Length       |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+|                                                               |
+|            Heartbeat Information TLV (Variable-Length)        |
+|                                                               |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+
+Defined as a variable-length parameter using the format described
+in Section 3.2.1, i.e.:
+
+Variable Parameters                  Status     Type Value
+-------------------------------------------------------------
+Heartbeat Info                       Mandatory   1
+
+*/
+type chunkHeartbeatAck struct {
+	chunkHeader
+	params []param
+}
+
+func (h *chunkHeartbeatAck) unmarshal(raw []byte) error {
+	return errors.Errorf("Unimplemented")
+}
+
+func (h *chunkHeartbeatAck) marshal() ([]byte, error) {
+	if len(h.params) != 1 {
+		return nil, errors.Errorf("Heartbeat Ack must have one param")
+	}
+
+	switch h.params[0].(type) {
+	case *paramHeartbeatInfo:
+		// ParamHeartbeatInfo is valid
+	default:
+		return nil, errors.Errorf("Heartbeat Ack must have one param, and it should be a HeartbeatInfo")
+	}
+
+	out := make([]byte, 0)
+	for idx, p := range h.params {
+		pp, err := p.marshal()
+		if err != nil {
+			return nil, errors.Wrap(err, "Unable to marshal parameter for Heartbeat Ack")
+		}
+
+		out = append(out, pp...)
+
+		// Chunks (including Type, Length, and Value fields) are padded out
+		// by the sender with all zero bytes to be a multiple of 4 bytes
+		// long.  This padding MUST NOT be more than 3 bytes in total.  The
+		// Chunk Length value does not include terminating padding of the
+		// chunk.  *However, it does include padding of any variable-length
+		// parameter except the last parameter in the chunk.*  The receiver
+		// MUST ignore the padding.
+		if idx != len(h.params)-1 {
+			out = padByte(out, getPadding(len(pp)))
+		}
+	}
+
+	h.chunkHeader.typ = ctHeartbeatAck
+	h.chunkHeader.raw = out
+
+	return h.chunkHeader.marshal()
+}
+
+func (h *chunkHeartbeatAck) check() (abort bool, err error) {
+	return false, nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/chunk_init.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/chunk_init.go
new file mode 100644
index 000000000..65b9b1a4b
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/chunk_init.go
@@ -0,0 +1,123 @@
+package sctp // nolint:dupl
+
+import (
+	"fmt"
+
+	"github.com/pkg/errors"
+)
+
+/*
+Init represents an SCTP Chunk of type INIT
+
+See chunkInitCommon for the fixed headers
+
+Variable Parameters                  Status     Type Value
+-------------------------------------------------------------
+IPv4 IP (Note 1)               Optional    5
+IPv6 IP (Note 1)               Optional    6
+Cookie Preservative                 Optional    9
+Reserved for ECN Capable (Note 2)   Optional    32768 (0x8000)
+Host Name IP (Note 3)          Optional    11
+Supported IP Types (Note 4)    Optional    12
+*/
+type chunkInit struct {
+	chunkHeader
+	chunkInitCommon
+}
+
+func (i *chunkInit) unmarshal(raw []byte) error {
+	if err := i.chunkHeader.unmarshal(raw); err != nil {
+		return err
+	}
+
+	if i.typ != ctInit {
+		return errors.Errorf("ChunkType is not of type INIT, actually is %s", i.typ.String())
+	} else if len(i.raw) < initChunkMinLength {
+		return errors.Errorf("Chunk Value isn't long enough for mandatory parameters exp: %d actual: %d", initChunkMinLength, len(i.raw))
+	}
+
+	// The Chunk Flags field in INIT is reserved, and all bits in it should
+	// be set to 0 by the sender and ignored by the receiver.  The sequence
+	// of parameters within an INIT can be processed in any order.
+	if i.flags != 0 {
+		return errors.New("ChunkType of type INIT flags must be all 0")
+	}
+
+	if err := i.chunkInitCommon.unmarshal(i.raw); err != nil {
+		return errors.Wrap(err, "Failed to unmarshal INIT body")
+	}
+
+	return nil
+}
+
+func (i *chunkInit) marshal() ([]byte, error) {
+	initShared, err := i.chunkInitCommon.marshal()
+	if err != nil {
+		return nil, errors.Wrap(err, "Failed marshaling INIT common data")
+	}
+
+	i.chunkHeader.typ = ctInit
+	i.chunkHeader.raw = initShared
+	return i.chunkHeader.marshal()
+}
+
+func (i *chunkInit) check() (abort bool, err error) {
+	// The receiver of the INIT (the responding end) records the value of
+	// the Initiate Tag parameter.  This value MUST be placed into the
+	// Verification Tag field of every SCTP packet that the receiver of
+	// the INIT transmits within this association.
+	//
+	// The Initiate Tag is allowed to have any value except 0.  See
+	// Section 5.3.1 for more on the selection of the tag value.
+	//
+	// If the value of the Initiate Tag in a received INIT chunk is found
+	// to be 0, the receiver MUST treat it as an error and close the
+	// association by transmitting an ABORT.
+	if i.initiateTag == 0 {
+		abort = true
+		return abort, errors.New("ChunkType of type INIT InitiateTag must not be 0")
+	}
+
+	// Defines the maximum number of streams the sender of this INIT
+	// chunk allows the peer end to create in this association.  The
+	// value 0 MUST NOT be used.
+	//
+	// Note: There is no negotiation of the actual number of streams but
+	// instead the two endpoints will use the min(requested, offered).
+	// See Section 5.1.1 for details.
+	//
+	// Note: A receiver of an INIT with the MIS value of 0 SHOULD abort
+	// the association.
+	if i.numInboundStreams == 0 {
+		abort = true
+		return abort, errors.New("INIT inbound stream request must be > 0")
+	}
+
+	// Defines the number of outbound streams the sender of this INIT
+	// chunk wishes to create in this association.  The value of 0 MUST
+	// NOT be used.
+	//
+	// Note: A receiver of an INIT with the OS value set to 0 SHOULD
+	// abort the association.
+
+	if i.numOutboundStreams == 0 {
+		abort = true
+		return abort, errors.New("INIT outbound stream request must be > 0")
+	}
+
+	// An SCTP receiver MUST be able to receive a minimum of 1500 bytes in
+	// one SCTP packet.  This means that an SCTP endpoint MUST NOT indicate
+	// less than 1500 bytes in its initial a_rwnd sent in the INIT or INIT
+	// ACK.
+	if i.advertisedReceiverWindowCredit < 1500 {
+		abort = true
+		return abort, errors.New("INIT Advertised Receiver Window Credit (a_rwnd) must be >= 1500")
+	}
+
+	return false, nil
+}
+
+// String makes chunkInit printable
+func (i *chunkInit) String() string {
+	return fmt.Sprintf("%s\n%s", i.chunkHeader, i.chunkInitCommon)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/chunk_init_ack.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/chunk_init_ack.go
new file mode 100644
index 000000000..551bcea7a
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/chunk_init_ack.go
@@ -0,0 +1,126 @@
+package sctp // nolint:dupl
+
+import (
+	"fmt"
+
+	"github.com/pkg/errors"
+)
+
+/*
+chunkInitAck represents an SCTP Chunk of type INIT ACK
+
+See chunkInitCommon for the fixed headers
+
+Variable Parameters                  Status     Type Value
+-------------------------------------------------------------
+State Cookie                        Mandatory   7
+IPv4 IP (Note 1)               Optional    5
+IPv6 IP (Note 1)               Optional    6
+Unrecognized Parameter              Optional    8
+Reserved for ECN Capable (Note 2)   Optional    32768 (0x8000)
+Host Name IP (Note 3)          Optional    11<Paste>
+
+*/
+type chunkInitAck struct {
+	chunkHeader
+	chunkInitCommon
+}
+
+func (i *chunkInitAck) unmarshal(raw []byte) error {
+	if err := i.chunkHeader.unmarshal(raw); err != nil {
+		return err
+	}
+
+	if i.typ != ctInitAck {
+		return errors.Errorf("ChunkType is not of type INIT ACK, actually is %s", i.typ.String())
+	} else if len(i.raw) < initChunkMinLength {
+		return errors.Errorf("Chunk Value isn't long enough for mandatory parameters exp: %d actual: %d", initChunkMinLength, len(i.raw))
+	}
+
+	// The Chunk Flags field in INIT is reserved, and all bits in it should
+	// be set to 0 by the sender and ignored by the receiver.  The sequence
+	// of parameters within an INIT can be processed in any order.
+	if i.flags != 0 {
+		return errors.New("ChunkType of type INIT ACK flags must be all 0")
+	}
+
+	if err := i.chunkInitCommon.unmarshal(i.raw); err != nil {
+		return errors.Wrap(err, "Failed to unmarshal INIT body")
+	}
+
+	return nil
+}
+
+func (i *chunkInitAck) marshal() ([]byte, error) {
+	initShared, err := i.chunkInitCommon.marshal()
+	if err != nil {
+		return nil, errors.Wrap(err, "Failed marshaling INIT common data")
+	}
+
+	i.chunkHeader.typ = ctInitAck
+	i.chunkHeader.raw = initShared
+	return i.chunkHeader.marshal()
+}
+
+func (i *chunkInitAck) check() (abort bool, err error) {
+	// The receiver of the INIT ACK records the value of the Initiate Tag
+	// parameter.  This value MUST be placed into the Verification Tag
+	// field of every SCTP packet that the INIT ACK receiver transmits
+	// within this association.
+	//
+	// The Initiate Tag MUST NOT take the value 0.  See Section 5.3.1 for
+	// more on the selection of the Initiate Tag value.
+	//
+	// If the value of the Initiate Tag in a received INIT ACK chunk is
+	// found to be 0, the receiver MUST destroy the association
+	// discarding its TCB.  The receiver MAY send an ABORT for debugging
+	// purpose.
+	if i.initiateTag == 0 {
+		abort = true
+		return abort, errors.New("ChunkType of type INIT ACK InitiateTag must not be 0")
+	}
+
+	// Defines the maximum number of streams the sender of this INIT ACK
+	// chunk allows the peer end to create in this association.  The
+	// value 0 MUST NOT be used.
+	//
+	// Note: There is no negotiation of the actual number of streams but
+	// instead the two endpoints will use the min(requested, offered).
+	// See Section 5.1.1 for details.
+	//
+	// Note: A receiver of an INIT ACK with the MIS value set to 0 SHOULD
+	// destroy the association discarding its TCB.
+	if i.numInboundStreams == 0 {
+		abort = true
+		return abort, errors.New("INIT ACK inbound stream request must be > 0")
+	}
+
+	// Defines the number of outbound streams the sender of this INIT ACK
+	// chunk wishes to create in this association.  The value of 0 MUST
+	// NOT be used, and the value MUST NOT be greater than the MIS value
+	// sent in the INIT chunk.
+	//
+	// Note: A receiver of an INIT ACK with the OS value set to 0 SHOULD
+	// destroy the association discarding its TCB.
+
+	if i.numOutboundStreams == 0 {
+		abort = true
+		return abort, errors.New("INIT ACK outbound stream request must be > 0")
+	}
+
+	// An SCTP receiver MUST be able to receive a minimum of 1500 bytes in
+	// one SCTP packet.  This means that an SCTP endpoint MUST NOT indicate
+	// less than 1500 bytes in its initial a_rwnd sent in the INIT or INIT
+	// ACK.
+	if i.advertisedReceiverWindowCredit < 1500 {
+		abort = true
+		return abort, errors.New("INIT ACK Advertised Receiver Window Credit (a_rwnd) must be >= 1500")
+	}
+
+	return false, nil
+}
+
+// String makes chunkInitAck printable
+func (i *chunkInitAck) String() string {
+	return fmt.Sprintf("%s\n%s", i.chunkHeader, i.chunkInitCommon)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/chunk_init_common.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/chunk_init_common.go
new file mode 100644
index 000000000..f64be7865
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/chunk_init_common.go
@@ -0,0 +1,155 @@
+package sctp
+
+import (
+	"encoding/binary"
+	"fmt"
+
+	"github.com/pkg/errors"
+)
+
+/*
+chunkInitCommon represents an SCTP Chunk body of type INIT and INIT ACK
+
+ 0                   1                   2                   3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+|   Type = 1    |  Chunk Flags  |      Chunk Length             |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+|                         Initiate Tag                          |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+|           Advertised Receiver Window Credit (a_rwnd)          |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+|  Number of Outbound Streams   |  Number of Inbound Streams    |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+|                          Initial TSN                          |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+|                                                               |
+|              Optional/Variable-Length Parameters              |
+|                                                               |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+The INIT chunk contains the following parameters.  Unless otherwise
+noted, each parameter MUST only be included once in the INIT chunk.
+
+Fixed Parameters                     Status
+----------------------------------------------
+Initiate Tag                        Mandatory
+Advertised Receiver Window Credit   Mandatory
+Number of Outbound Streams          Mandatory
+Number of Inbound Streams           Mandatory
+Initial TSN                         Mandatory
+*/
+
+type chunkInitCommon struct {
+	initiateTag                    uint32
+	advertisedReceiverWindowCredit uint32
+	numOutboundStreams             uint16
+	numInboundStreams              uint16
+	initialTSN                     uint32
+	params                         []param
+}
+
+const (
+	initChunkMinLength          = 16
+	initOptionalVarHeaderLength = 4
+)
+
+func (i *chunkInitCommon) unmarshal(raw []byte) error {
+	i.initiateTag = binary.BigEndian.Uint32(raw[0:])
+	i.advertisedReceiverWindowCredit = binary.BigEndian.Uint32(raw[4:])
+	i.numOutboundStreams = binary.BigEndian.Uint16(raw[8:])
+	i.numInboundStreams = binary.BigEndian.Uint16(raw[10:])
+	i.initialTSN = binary.BigEndian.Uint32(raw[12:])
+
+	// https://tools.ietf.org/html/rfc4960#section-3.2.1
+	//
+	// Chunk values of SCTP control chunks consist of a chunk-type-specific
+	// header of required fields, followed by zero or more parameters.  The
+	// optional and variable-length parameters contained in a chunk are
+	// defined in a Type-Length-Value format as shown below.
+	//
+	// 0                   1                   2                   3
+	// 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+	// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	// |          Parameter Type       |       Parameter Length        |
+	// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	// |                                                               |
+	// |                       Parameter Value                         |
+	// |                                                               |
+	// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+	offset := initChunkMinLength
+	remaining := len(raw) - offset
+	for remaining > 0 {
+		if remaining > initOptionalVarHeaderLength {
+			pType, err := parseParamType(raw[offset:])
+			if err != nil {
+				return errors.Wrap(err, "failed to parse param type")
+			}
+			p, err := buildParam(pType, raw[offset:])
+			if err != nil {
+				return errors.Wrap(err, "Failed unmarshalling param in Init Chunk")
+			}
+			i.params = append(i.params, p)
+			padding := getPadding(p.length())
+			offset += p.length() + padding
+			remaining -= p.length() + padding
+		} else {
+			break
+		}
+	}
+
+	return nil
+}
+
+func (i *chunkInitCommon) marshal() ([]byte, error) {
+	out := make([]byte, initChunkMinLength)
+	binary.BigEndian.PutUint32(out[0:], i.initiateTag)
+	binary.BigEndian.PutUint32(out[4:], i.advertisedReceiverWindowCredit)
+	binary.BigEndian.PutUint16(out[8:], i.numOutboundStreams)
+	binary.BigEndian.PutUint16(out[10:], i.numInboundStreams)
+	binary.BigEndian.PutUint32(out[12:], i.initialTSN)
+	for idx, p := range i.params {
+		pp, err := p.marshal()
+		if err != nil {
+			return nil, errors.Wrap(err, "Unable to marshal parameter for INIT/INITACK")
+		}
+
+		out = append(out, pp...)
+
+		// Chunks (including Type, Length, and Value fields) are padded out
+		// by the sender with all zero bytes to be a multiple of 4 bytes
+		// long.  This padding MUST NOT be more than 3 bytes in total.  The
+		// Chunk Length value does not include terminating padding of the
+		// chunk.  *However, it does include padding of any variable-length
+		// parameter except the last parameter in the chunk.*  The receiver
+		// MUST ignore the padding.
+		if idx != len(i.params)-1 {
+			out = padByte(out, getPadding(len(pp)))
+		}
+	}
+
+	return out, nil
+}
+
+// String makes chunkInitCommon printable
+func (i chunkInitCommon) String() string {
+	format := `initiateTag: %d
+	advertisedReceiverWindowCredit: %d
+	numOutboundStreams: %d
+	numInboundStreams: %d
+	initialTSN: %d`
+
+	res := fmt.Sprintf(format,
+		i.initiateTag,
+		i.advertisedReceiverWindowCredit,
+		i.numOutboundStreams,
+		i.numInboundStreams,
+		i.initialTSN,
+	)
+
+	for i, param := range i.params {
+		res += fmt.Sprintf("Param %d:\n %s", i, param)
+	}
+	return res
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/chunk_payload_data.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/chunk_payload_data.go
new file mode 100644
index 000000000..3e5e3468f
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/chunk_payload_data.go
@@ -0,0 +1,195 @@
+package sctp
+
+import (
+	"encoding/binary"
+	"fmt"
+	"time"
+)
+
+/*
+chunkPayloadData represents an SCTP Chunk of type DATA
+
+ 0                   1                   2                   3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+|   Type = 0    | Reserved|U|B|E|    Length                     |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+|                              TSN                              |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+|      Stream Identifier S      |   Stream Sequence Number n    |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+|                  Payload Protocol Identifier                  |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+|                                                               |
+|                 User Data (seq n of Stream S)                 |
+|                                                               |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+
+An unfragmented user message shall have both the B and E bits set to
+'1'.  Setting both B and E bits to '0' indicates a middle fragment of
+a multi-fragment user message, as summarized in the following table:
+   B E                  Description
+============================================================
+|  1 0 | First piece of a fragmented user message          |
++----------------------------------------------------------+
+|  0 0 | Middle piece of a fragmented user message         |
++----------------------------------------------------------+
+|  0 1 | Last piece of a fragmented user message           |
++----------------------------------------------------------+
+|  1 1 | Unfragmented message                              |
+============================================================
+|             Table 1: Fragment Description Flags          |
+============================================================
+*/
+type chunkPayloadData struct {
+	chunkHeader
+
+	unordered         bool
+	beginningFragment bool
+	endingFragment    bool
+	immediateSack     bool
+
+	tsn                  uint32
+	streamIdentifier     uint16
+	streamSequenceNumber uint16
+	payloadType          PayloadProtocolIdentifier
+	userData             []byte
+
+	// Whether this data chunk was acknowledged (received by peer)
+	acked         bool
+	missIndicator uint32
+
+	// Partial-reliability parameters used only by sender
+	since        time.Time
+	nSent        uint32 // number of transmission made for this chunk
+	_abandoned   bool
+	_allInflight bool // valid only with the first fragment
+
+	// Retransmission flag set when T1-RTX timeout occurred and this
+	// chunk is still in the inflight queue
+	retransmit bool
+
+	head *chunkPayloadData // link to the head of the fragment
+}
+
+const (
+	payloadDataEndingFragmentBitmask   = 1
+	payloadDataBeginingFragmentBitmask = 2
+	payloadDataUnorderedBitmask        = 4
+	payloadDataImmediateSACK           = 8
+
+	payloadDataHeaderSize = 12
+)
+
+// PayloadProtocolIdentifier is an enum for DataChannel payload types
+type PayloadProtocolIdentifier uint32
+
+// PayloadProtocolIdentifier enums
+// https://www.iana.org/assignments/sctp-parameters/sctp-parameters.xhtml#sctp-parameters-25
+const (
+	PayloadTypeWebRTCDCEP        PayloadProtocolIdentifier = 50
+	PayloadTypeWebRTCString      PayloadProtocolIdentifier = 51
+	PayloadTypeWebRTCBinary      PayloadProtocolIdentifier = 53
+	PayloadTypeWebRTCStringEmpty PayloadProtocolIdentifier = 56
+	PayloadTypeWebRTCBinaryEmpty PayloadProtocolIdentifier = 57
+)
+
+func (p PayloadProtocolIdentifier) String() string {
+	switch p {
+	case PayloadTypeWebRTCDCEP:
+		return "WebRTC DCEP"
+	case PayloadTypeWebRTCString:
+		return "WebRTC String"
+	case PayloadTypeWebRTCBinary:
+		return "WebRTC Binary"
+	case PayloadTypeWebRTCStringEmpty:
+		return "WebRTC String (Empty)"
+	case PayloadTypeWebRTCBinaryEmpty:
+		return "WebRTC Binary (Empty)"
+	default:
+		return fmt.Sprintf("Unknown Payload Protocol Identifier: %d", p)
+	}
+}
+
+func (p *chunkPayloadData) unmarshal(raw []byte) error {
+	if err := p.chunkHeader.unmarshal(raw); err != nil {
+		return err
+	}
+
+	p.immediateSack = p.flags&payloadDataImmediateSACK != 0
+	p.unordered = p.flags&payloadDataUnorderedBitmask != 0
+	p.beginningFragment = p.flags&payloadDataBeginingFragmentBitmask != 0
+	p.endingFragment = p.flags&payloadDataEndingFragmentBitmask != 0
+
+	p.tsn = binary.BigEndian.Uint32(p.raw[0:])
+	p.streamIdentifier = binary.BigEndian.Uint16(p.raw[4:])
+	p.streamSequenceNumber = binary.BigEndian.Uint16(p.raw[6:])
+	p.payloadType = PayloadProtocolIdentifier(binary.BigEndian.Uint32(p.raw[8:]))
+	p.userData = p.raw[payloadDataHeaderSize:]
+
+	return nil
+}
+
+func (p *chunkPayloadData) marshal() ([]byte, error) {
+	payRaw := make([]byte, payloadDataHeaderSize+len(p.userData))
+
+	binary.BigEndian.PutUint32(payRaw[0:], p.tsn)
+	binary.BigEndian.PutUint16(payRaw[4:], p.streamIdentifier)
+	binary.BigEndian.PutUint16(payRaw[6:], p.streamSequenceNumber)
+	binary.BigEndian.PutUint32(payRaw[8:], uint32(p.payloadType))
+	copy(payRaw[payloadDataHeaderSize:], p.userData)
+
+	flags := uint8(0)
+	if p.endingFragment {
+		flags = 1
+	}
+	if p.beginningFragment {
+		flags |= 1 << 1
+	}
+	if p.unordered {
+		flags |= 1 << 2
+	}
+	if p.immediateSack {
+		flags |= 1 << 3
+	}
+
+	p.chunkHeader.flags = flags
+	p.chunkHeader.typ = ctPayloadData
+	p.chunkHeader.raw = payRaw
+	return p.chunkHeader.marshal()
+}
+
+func (p *chunkPayloadData) check() (abort bool, err error) {
+	return false, nil
+}
+
+// String makes chunkPayloadData printable
+func (p *chunkPayloadData) String() string {
+	return fmt.Sprintf("%s\n%d", p.chunkHeader, p.tsn)
+}
+
+func (p *chunkPayloadData) abandoned() bool {
+	if p.head != nil {
+		return p.head._abandoned && p.head._allInflight
+	}
+	return p._abandoned && p._allInflight
+}
+
+func (p *chunkPayloadData) setAbandoned(abandoned bool) {
+	if p.head != nil {
+		p.head._abandoned = abandoned
+		return
+	}
+	p._abandoned = abandoned
+}
+
+func (p *chunkPayloadData) setAllInflight() {
+	if p.endingFragment {
+		if p.head != nil {
+			p.head._allInflight = true
+		} else {
+			p._allInflight = true
+		}
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/chunk_reconfig.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/chunk_reconfig.go
new file mode 100644
index 000000000..a53ad5e49
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/chunk_reconfig.go
@@ -0,0 +1,99 @@
+package sctp
+
+import (
+	"fmt"
+
+	"github.com/pkg/errors"
+)
+
+// https://tools.ietf.org/html/rfc6525#section-3.1
+// chunkReconfig represents an SCTP Chunk used to reconfigure streams.
+//
+//  0                   1                   2                   3
+//  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+// | Type = 130    |  Chunk Flags  |      Chunk Length             |
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+// \                                                               \
+// /                  Re-configuration Parameter                   /
+// \                                                               \
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+// \                                                               \
+// /             Re-configuration Parameter (optional)             /
+// \                                                               \
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+type chunkReconfig struct {
+	chunkHeader
+	paramA param
+	paramB param
+}
+
+func (c *chunkReconfig) unmarshal(raw []byte) error {
+	if err := c.chunkHeader.unmarshal(raw); err != nil {
+		return err
+	}
+	pType, err := parseParamType(c.raw)
+	if err != nil {
+		return errors.Wrap(err, "failed to parse param type")
+	}
+	a, err := buildParam(pType, c.raw)
+	if err != nil {
+		return err
+	}
+	c.paramA = a
+
+	padding := getPadding(a.length())
+	offset := a.length() + padding
+	if len(c.raw) > offset {
+		pType, err := parseParamType(c.raw[offset:])
+		if err != nil {
+			return errors.Wrap(err, "failed to parse param type")
+		}
+		b, err := buildParam(pType, c.raw[offset:])
+		if err != nil {
+			return err
+		}
+		c.paramB = b
+	}
+
+	return nil
+}
+
+func (c *chunkReconfig) marshal() ([]byte, error) {
+	out, err := c.paramA.marshal()
+	if err != nil {
+		return nil, errors.Wrap(err, "Unable to marshal parameter A for reconfig")
+	}
+	if c.paramB != nil {
+		// Pad param A
+		out = padByte(out, getPadding(len(out)))
+
+		outB, err := c.paramB.marshal()
+		if err != nil {
+			return nil, errors.Wrap(err, "Unable to marshal parameter B for reconfig")
+		}
+
+		out = append(out, outB...)
+	}
+
+	c.typ = ctReconfig
+	c.raw = out
+	return c.chunkHeader.marshal()
+}
+
+func (c *chunkReconfig) check() (abort bool, err error) {
+	// nolint:godox
+	// TODO: check allowed combinations:
+	// https://tools.ietf.org/html/rfc6525#section-3.1
+	return true, nil
+}
+
+// String makes chunkReconfig printable
+func (c *chunkReconfig) String() string {
+	res := fmt.Sprintf("Param A:\n %s", c.paramA)
+	if c.paramB != nil {
+		res += fmt.Sprintf("Param B:\n %s", c.paramB)
+	}
+	return res
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/chunk_selective_ack.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/chunk_selective_ack.go
new file mode 100644
index 000000000..920d56229
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/chunk_selective_ack.go
@@ -0,0 +1,142 @@
+package sctp
+
+import (
+	"encoding/binary"
+	"fmt"
+
+	"github.com/pkg/errors"
+)
+
+/*
+chunkSelectiveAck represents an SCTP Chunk of type SACK
+
+This chunk is sent to the peer endpoint to acknowledge received DATA
+chunks and to inform the peer endpoint of gaps in the received
+subsequences of DATA chunks as represented by their TSNs.
+0                   1                   2                   3
+0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+|   Type = 3    |Chunk  Flags   |      Chunk Length             |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+|                      Cumulative TSN Ack                       |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+|          Advertised Receiver Window Credit (a_rwnd)           |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+| Number of Gap Ack Blocks = N  |  Number of Duplicate TSNs = X |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+|  Gap Ack Block #1 Start       |   Gap Ack Block #1 End        |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+/                                                               /
+\                              ...                              \
+/                                                               /
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+|   Gap Ack Block #N Start      |  Gap Ack Block #N End         |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+|                       Duplicate TSN 1                         |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+/                                                               /
+\                              ...                              \
+/                                                               /
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+|                       Duplicate TSN X                         |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+*/
+
+type gapAckBlock struct {
+	start uint16
+	end   uint16
+}
+
+// String makes gapAckBlock printable
+func (g gapAckBlock) String() string {
+	return fmt.Sprintf("%d - %d", g.start, g.end)
+}
+
+type chunkSelectiveAck struct {
+	chunkHeader
+	cumulativeTSNAck               uint32
+	advertisedReceiverWindowCredit uint32
+	gapAckBlocks                   []gapAckBlock
+	duplicateTSN                   []uint32
+}
+
+const (
+	selectiveAckHeaderSize = 12
+)
+
+func (s *chunkSelectiveAck) unmarshal(raw []byte) error {
+	if err := s.chunkHeader.unmarshal(raw); err != nil {
+		return err
+	}
+
+	if s.typ != ctSack {
+		return errors.Errorf("ChunkType is not of type SACK, actually is %s", s.typ.String())
+	}
+
+	if len(s.raw) < selectiveAckHeaderSize {
+		return errors.Errorf("SACK Chunk size is not large enough to contain header (%v remaining, needs %v bytes)",
+			len(s.raw), selectiveAckHeaderSize)
+	}
+
+	s.cumulativeTSNAck = binary.BigEndian.Uint32(s.raw[0:])
+	s.advertisedReceiverWindowCredit = binary.BigEndian.Uint32(s.raw[4:])
+	s.gapAckBlocks = make([]gapAckBlock, binary.BigEndian.Uint16(s.raw[8:]))
+	s.duplicateTSN = make([]uint32, binary.BigEndian.Uint16(s.raw[10:]))
+
+	if len(s.raw) != selectiveAckHeaderSize+(4*len(s.gapAckBlocks)+(4*len(s.duplicateTSN))) {
+		return errors.Errorf("SACK Chunk size does not match predicted amount from header values")
+	}
+
+	offset := selectiveAckHeaderSize
+	for i := range s.gapAckBlocks {
+		s.gapAckBlocks[i].start = binary.BigEndian.Uint16(s.raw[offset:])
+		s.gapAckBlocks[i].end = binary.BigEndian.Uint16(s.raw[offset+2:])
+		offset += 4
+	}
+	for i := range s.duplicateTSN {
+		s.duplicateTSN[i] = binary.BigEndian.Uint32(s.raw[offset:])
+		offset += 4
+	}
+
+	return nil
+}
+
+func (s *chunkSelectiveAck) marshal() ([]byte, error) {
+	sackRaw := make([]byte, selectiveAckHeaderSize+(4*len(s.gapAckBlocks)+(4*len(s.duplicateTSN))))
+	binary.BigEndian.PutUint32(sackRaw[0:], s.cumulativeTSNAck)
+	binary.BigEndian.PutUint32(sackRaw[4:], s.advertisedReceiverWindowCredit)
+	binary.BigEndian.PutUint16(sackRaw[8:], uint16(len(s.gapAckBlocks)))
+	binary.BigEndian.PutUint16(sackRaw[10:], uint16(len(s.duplicateTSN)))
+	offset := selectiveAckHeaderSize
+	for _, g := range s.gapAckBlocks {
+		binary.BigEndian.PutUint16(sackRaw[offset:], g.start)
+		binary.BigEndian.PutUint16(sackRaw[offset+2:], g.end)
+		offset += 4
+	}
+	for _, t := range s.duplicateTSN {
+		binary.BigEndian.PutUint32(sackRaw[offset:], t)
+		offset += 4
+	}
+
+	s.chunkHeader.typ = ctSack
+	s.chunkHeader.raw = sackRaw
+	return s.chunkHeader.marshal()
+}
+
+func (s *chunkSelectiveAck) check() (abort bool, err error) {
+	return false, nil
+}
+
+// String makes chunkSelectiveAck printable
+func (s *chunkSelectiveAck) String() string {
+	res := fmt.Sprintf("SACK cumTsnAck=%d arwnd=%d dupTsn=%d",
+		s.cumulativeTSNAck,
+		s.advertisedReceiverWindowCredit,
+		s.duplicateTSN)
+
+	for _, gap := range s.gapAckBlocks {
+		res = fmt.Sprintf("%s\n gap ack: %s", res, gap)
+	}
+
+	return res
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/chunkheader.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/chunkheader.go
new file mode 100644
index 000000000..a4a78db04
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/chunkheader.go
@@ -0,0 +1,90 @@
+package sctp
+
+import (
+	"encoding/binary"
+
+	"github.com/pkg/errors"
+)
+
+/*
+chunkHeader represents a SCTP Chunk header, defined in https://tools.ietf.org/html/rfc4960#section-3.2
+The figure below illustrates the field format for the chunks to be
+transmitted in the SCTP packet.  Each chunk is formatted with a Chunk
+Type field, a chunk-specific Flag field, a Chunk Length field, and a
+Value field.
+
+ 0                   1                   2                   3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+|   Chunk Type  | Chunk  Flags  |        Chunk Length           |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+|                                                               |
+|                          Chunk Value                          |
+|                                                               |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+*/
+type chunkHeader struct {
+	typ   chunkType
+	flags byte
+	raw   []byte
+}
+
+const (
+	chunkHeaderSize = 4
+)
+
+func (c *chunkHeader) unmarshal(raw []byte) error {
+	if len(raw) < chunkHeaderSize {
+		return errors.Errorf("raw only %d bytes, %d is the minimum length for a SCTP chunk", len(raw), chunkHeaderSize)
+	}
+
+	c.typ = chunkType(raw[0])
+	c.flags = raw[1]
+	length := binary.BigEndian.Uint16(raw[2:])
+
+	// Length includes Chunk header
+	valueLength := int(length - chunkHeaderSize)
+	lengthAfterValue := len(raw) - (chunkHeaderSize + valueLength)
+
+	if lengthAfterValue < 0 {
+		return errors.Errorf("Not enough data left in SCTP packet to satisfy requested length remain %d req %d ", valueLength, len(raw)-chunkHeaderSize)
+	} else if lengthAfterValue < 4 {
+		// https://tools.ietf.org/html/rfc4960#section-3.2
+		// The Chunk Length field does not count any chunk padding.
+		// Chunks (including Type, Length, and Value fields) are padded out
+		// by the sender with all zero bytes to be a multiple of 4 bytes
+		// long.  This padding MUST NOT be more than 3 bytes in total.  The
+		// Chunk Length value does not include terminating padding of the
+		// chunk.  However, it does include padding of any variable-length
+		// parameter except the last parameter in the chunk.  The receiver
+		// MUST ignore the padding.
+		for i := lengthAfterValue; i > 0; i-- {
+			paddingOffset := chunkHeaderSize + valueLength + (i - 1)
+			if raw[paddingOffset] != 0 {
+				return errors.Errorf("Chunk padding is non-zero at offset %d ", paddingOffset)
+			}
+		}
+	}
+
+	c.raw = raw[chunkHeaderSize : chunkHeaderSize+valueLength]
+	return nil
+}
+
+func (c *chunkHeader) marshal() ([]byte, error) {
+	raw := make([]byte, 4+len(c.raw))
+
+	raw[0] = uint8(c.typ)
+	raw[1] = c.flags
+	binary.BigEndian.PutUint16(raw[2:], uint16(len(c.raw)+chunkHeaderSize))
+	copy(raw[4:], c.raw)
+	return raw, nil
+}
+
+func (c *chunkHeader) valueLength() int {
+	return len(c.raw)
+}
+
+// String makes chunkHeader printable
+func (c chunkHeader) String() string {
+	return c.typ.String()
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/chunktype.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/chunktype.go
new file mode 100644
index 000000000..65b57a463
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/chunktype.go
@@ -0,0 +1,67 @@
+package sctp
+
+import "fmt"
+
+// chunkType is an enum for SCTP Chunk Type field
+// This field identifies the type of information contained in the
+// Chunk Value field.
+type chunkType uint8
+
+// List of known chunkType enums
+const (
+	ctPayloadData      chunkType = 0
+	ctInit             chunkType = 1
+	ctInitAck          chunkType = 2
+	ctSack             chunkType = 3
+	ctHeartbeat        chunkType = 4
+	ctHeartbeatAck     chunkType = 5
+	ctAbort            chunkType = 6
+	ctShutdown         chunkType = 7
+	ctShutdownAck      chunkType = 8
+	ctError            chunkType = 9
+	ctCookieEcho       chunkType = 10
+	ctCookieAck        chunkType = 11
+	ctCWR              chunkType = 13
+	ctShutdownComplete chunkType = 14
+	ctReconfig         chunkType = 130
+	ctForwardTSN       chunkType = 192
+)
+
+func (c chunkType) String() string {
+	switch c {
+	case ctPayloadData:
+		return "DATA"
+	case ctInit:
+		return "INIT"
+	case ctInitAck:
+		return "INIT-ACK"
+	case ctSack:
+		return "SACK"
+	case ctHeartbeat:
+		return "HEARTBEAT"
+	case ctHeartbeatAck:
+		return "HEARTBEAT-ACK"
+	case ctAbort:
+		return "ABORT"
+	case ctShutdown:
+		return "SHUTDOWN"
+	case ctShutdownAck:
+		return "SHUTDOWN-ACK"
+	case ctError:
+		return "ERROR"
+	case ctCookieEcho:
+		return "COOKIE-ECHO"
+	case ctCookieAck:
+		return "COOKIE-ACK"
+	case ctCWR:
+		return "ECNE" // Explicit Congestion Notification Echo
+	case ctShutdownComplete:
+		return "SHUTDOWN-COMPLETE"
+	case ctReconfig:
+		return "RECONFIG" // Re-configuration
+	case ctForwardTSN:
+		return "FORWARD-TSN"
+	default:
+		return fmt.Sprintf("Unknown ChunkType: %d", c)
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/codecov.yml b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/codecov.yml
new file mode 100644
index 000000000..085200a48
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/codecov.yml
@@ -0,0 +1,20 @@
+#
+# DO NOT EDIT THIS FILE
+#
+# It is automatically copied from https://github.com/pion/.goassets repository.
+#
+
+coverage:
+  status:
+    project:
+      default:
+        # Allow decreasing 2% of total coverage to avoid noise.
+        threshold: 2%
+    patch:
+      default:
+        target: 70%
+        only_pulls: true
+
+ignore:
+  - "examples/*"
+  - "examples/**/*"
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/control_queue.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/control_queue.go
new file mode 100644
index 000000000..7e1346935
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/control_queue.go
@@ -0,0 +1,29 @@
+package sctp
+
+// control queue
+
+type controlQueue struct {
+	queue []*packet
+}
+
+func newControlQueue() *controlQueue {
+	return &controlQueue{queue: []*packet{}}
+}
+
+func (q *controlQueue) push(c *packet) {
+	q.queue = append(q.queue, c)
+}
+
+func (q *controlQueue) pushAll(packets []*packet) {
+	q.queue = append(q.queue, packets...)
+}
+
+func (q *controlQueue) popAll() []*packet {
+	packets := q.queue
+	q.queue = []*packet{}
+	return packets
+}
+
+func (q *controlQueue) size() int {
+	return len(q.queue)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/error_cause.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/error_cause.go
new file mode 100644
index 000000000..e94cc5c3e
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/error_cause.go
@@ -0,0 +1,91 @@
+package sctp
+
+import (
+	"encoding/binary"
+	"fmt"
+
+	"github.com/pkg/errors"
+)
+
+// errorCauseCode is a cause code that appears in either a ERROR or ABORT chunk
+type errorCauseCode uint16
+
+type errorCause interface {
+	unmarshal([]byte) error
+	marshal() ([]byte, error)
+	length() uint16
+	String() string
+
+	errorCauseCode() errorCauseCode
+}
+
+// buildErrorCause delegates the building of a error cause from raw bytes to the correct structure
+func buildErrorCause(raw []byte) (errorCause, error) {
+	var e errorCause
+
+	c := errorCauseCode(binary.BigEndian.Uint16(raw[0:]))
+	switch c {
+	case invalidMandatoryParameter:
+		e = &errorCauseInvalidMandatoryParameter{}
+	case unrecognizedChunkType:
+		e = &errorCauseUnrecognizedChunkType{}
+	case protocolViolation:
+		e = &errorCauseProtocolViolation{}
+	default:
+		return nil, errors.Errorf("BuildErrorCause does not handle %s", c.String())
+	}
+
+	if err := e.unmarshal(raw); err != nil {
+		return nil, err
+	}
+	return e, nil
+}
+
+const (
+	invalidStreamIdentifier                errorCauseCode = 1
+	missingMandatoryParameter              errorCauseCode = 2
+	staleCookieError                       errorCauseCode = 3
+	outOfResource                          errorCauseCode = 4
+	unresolvableAddress                    errorCauseCode = 5
+	unrecognizedChunkType                  errorCauseCode = 6
+	invalidMandatoryParameter              errorCauseCode = 7
+	unrecognizedParameters                 errorCauseCode = 8
+	noUserData                             errorCauseCode = 9
+	cookieReceivedWhileShuttingDown        errorCauseCode = 10
+	restartOfAnAssociationWithNewAddresses errorCauseCode = 11
+	userInitiatedAbort                     errorCauseCode = 12
+	protocolViolation                      errorCauseCode = 13
+)
+
+func (e errorCauseCode) String() string {
+	switch e {
+	case invalidStreamIdentifier:
+		return "Invalid Stream Identifier"
+	case missingMandatoryParameter:
+		return "Missing Mandatory Parameter"
+	case staleCookieError:
+		return "Stale Cookie Error"
+	case outOfResource:
+		return "Out Of Resource"
+	case unresolvableAddress:
+		return "Unresolvable IP"
+	case unrecognizedChunkType:
+		return "Unrecognized Chunk Type"
+	case invalidMandatoryParameter:
+		return "Invalid Mandatory Parameter"
+	case unrecognizedParameters:
+		return "Unrecognized Parameters"
+	case noUserData:
+		return "No User Data"
+	case cookieReceivedWhileShuttingDown:
+		return "Cookie Received While Shutting Down"
+	case restartOfAnAssociationWithNewAddresses:
+		return "Restart Of An Association With New Addresses"
+	case userInitiatedAbort:
+		return "User Initiated Abort"
+	case protocolViolation:
+		return "Protocol Violation"
+	default:
+		return fmt.Sprintf("Unknown CauseCode: %d", e)
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/error_cause_header.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/error_cause_header.go
new file mode 100644
index 000000000..1ad6e1da4
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/error_cause_header.go
@@ -0,0 +1,47 @@
+package sctp
+
+import (
+	"encoding/binary"
+)
+
+// errorCauseHeader represents the shared header that is shared by all error causes
+type errorCauseHeader struct {
+	code errorCauseCode
+	len  uint16
+	raw  []byte
+}
+
+const (
+	errorCauseHeaderLength = 4
+)
+
+func (e *errorCauseHeader) marshal() ([]byte, error) {
+	e.len = uint16(len(e.raw)) + uint16(errorCauseHeaderLength)
+	raw := make([]byte, e.len)
+	binary.BigEndian.PutUint16(raw[0:], uint16(e.code))
+	binary.BigEndian.PutUint16(raw[2:], e.len)
+	copy(raw[errorCauseHeaderLength:], e.raw)
+
+	return raw, nil
+}
+
+func (e *errorCauseHeader) unmarshal(raw []byte) error {
+	e.code = errorCauseCode(binary.BigEndian.Uint16(raw[0:]))
+	e.len = binary.BigEndian.Uint16(raw[2:])
+	valueLength := e.len - errorCauseHeaderLength
+	e.raw = raw[errorCauseHeaderLength : errorCauseHeaderLength+valueLength]
+	return nil
+}
+
+func (e *errorCauseHeader) length() uint16 {
+	return e.len
+}
+
+func (e *errorCauseHeader) errorCauseCode() errorCauseCode {
+	return e.code
+}
+
+// String makes errorCauseHeader printable
+func (e errorCauseHeader) String() string {
+	return e.code.String()
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/error_cause_invalid_mandatory_parameter.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/error_cause_invalid_mandatory_parameter.go
new file mode 100644
index 000000000..3da8b4783
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/error_cause_invalid_mandatory_parameter.go
@@ -0,0 +1,19 @@
+package sctp
+
+// errorCauseInvalidMandatoryParameter represents an SCTP error cause
+type errorCauseInvalidMandatoryParameter struct {
+	errorCauseHeader
+}
+
+func (e *errorCauseInvalidMandatoryParameter) marshal() ([]byte, error) {
+	return e.errorCauseHeader.marshal()
+}
+
+func (e *errorCauseInvalidMandatoryParameter) unmarshal(raw []byte) error {
+	return e.errorCauseHeader.unmarshal(raw)
+}
+
+// String makes errorCauseInvalidMandatoryParameter printable
+func (e *errorCauseInvalidMandatoryParameter) String() string {
+	return e.errorCauseHeader.String()
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/error_cause_protocol_violation.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/error_cause_protocol_violation.go
new file mode 100644
index 000000000..8b457f441
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/error_cause_protocol_violation.go
@@ -0,0 +1,50 @@
+package sctp
+
+import (
+	"fmt"
+
+	"github.com/pkg/errors"
+)
+
+/*
+   This error cause MAY be included in ABORT chunks that are sent
+   because an SCTP endpoint detects a protocol violation of the peer
+   that is not covered by the error causes described in Section 3.3.10.1
+   to Section 3.3.10.12.  An implementation MAY provide additional
+   information specifying what kind of protocol violation has been
+   detected.
+
+        0                   1                   2                   3
+        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+       |         Cause Code=13         |      Cause Length=Variable    |
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+       /                    Additional Information                     /
+       \                                                               \
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+*/
+type errorCauseProtocolViolation struct {
+	errorCauseHeader
+	additionalInformation []byte
+}
+
+func (e *errorCauseProtocolViolation) marshal() ([]byte, error) {
+	e.raw = e.additionalInformation
+	return e.errorCauseHeader.marshal()
+}
+
+func (e *errorCauseProtocolViolation) unmarshal(raw []byte) error {
+	err := e.errorCauseHeader.unmarshal(raw)
+	if err != nil {
+		return errors.Wrap(err, "Unable to unmarshal Protocol Violation error")
+	}
+
+	e.additionalInformation = e.raw
+
+	return nil
+}
+
+// String makes errorCauseProtocolViolation printable
+func (e *errorCauseProtocolViolation) String() string {
+	return fmt.Sprintf("%s: %s", e.errorCauseHeader, e.additionalInformation)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/error_cause_unrecognized_chunk_type.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/error_cause_unrecognized_chunk_type.go
new file mode 100644
index 000000000..fee9a3603
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/error_cause_unrecognized_chunk_type.go
@@ -0,0 +1,28 @@
+package sctp
+
+// errorCauseUnrecognizedChunkType represents an SCTP error cause
+type errorCauseUnrecognizedChunkType struct {
+	errorCauseHeader
+	unrecognizedChunk []byte
+}
+
+func (e *errorCauseUnrecognizedChunkType) marshal() ([]byte, error) {
+	e.code = unrecognizedChunkType
+	e.errorCauseHeader.raw = e.unrecognizedChunk
+	return e.errorCauseHeader.marshal()
+}
+
+func (e *errorCauseUnrecognizedChunkType) unmarshal(raw []byte) error {
+	err := e.errorCauseHeader.unmarshal(raw)
+	if err != nil {
+		return err
+	}
+
+	e.unrecognizedChunk = e.errorCauseHeader.raw
+	return nil
+}
+
+// String makes errorCauseUnrecognizedChunkType printable
+func (e *errorCauseUnrecognizedChunkType) String() string {
+	return e.errorCauseHeader.String()
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/go.mod b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/go.mod
new file mode 100644
index 000000000..022e2fcce
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/go.mod
@@ -0,0 +1,14 @@
+module github.com/pion/sctp
+
+require (
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/kr/pretty v0.1.0 // indirect
+	github.com/pion/logging v0.2.2
+	github.com/pion/randutil v0.1.0
+	github.com/pion/transport v0.10.1
+	github.com/pkg/errors v0.9.1
+	github.com/stretchr/testify v1.6.1
+	gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect
+)
+
+go 1.13
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/go.sum b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/go.sum
new file mode 100644
index 000000000..37442623d
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/go.sum
@@ -0,0 +1,36 @@
+github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
+github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/pion/logging v0.2.2 h1:M9+AIj/+pxNsDfAT64+MAVgJO0rsyLnoJKCqf//DoeY=
+github.com/pion/logging v0.2.2/go.mod h1:k0/tDVsRCX2Mb2ZEmTqNa7CWsQPc+YYCB7Q+5pahoms=
+github.com/pion/randutil v0.1.0 h1:CFG1UdESneORglEsnimhUjf33Rwjubwj6xfiOXBa3mA=
+github.com/pion/randutil v0.1.0/go.mod h1:XcJrSMMbbMRhASFVOlj/5hQial/Y8oH/HVo7TBZq+j8=
+github.com/pion/transport v0.10.1 h1:2W+yJT+0mOQ160ThZYUx5Zp2skzshiNgxrNE9GUfhJM=
+github.com/pion/transport v0.10.1/go.mod h1:PBis1stIILMiis0PewDw91WJeLJkyIMcEk+DwKOzf4A=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20200625001655-4c5254603344 h1:vGXIOMxbNfDTk/aXCmfdLgkrSV+Z2tcbze+pEc3v5W4=
+golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo=
+gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/packet.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/packet.go
new file mode 100644
index 000000000..dcc650b98
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/packet.go
@@ -0,0 +1,178 @@
+package sctp
+
+import (
+	"encoding/binary"
+	"fmt"
+	"hash/crc32"
+
+	"github.com/pkg/errors"
+)
+
+// Create the crc32 table we'll use for the checksum
+var castagnoliTable = crc32.MakeTable(crc32.Castagnoli) // nolint:gochecknoglobals
+
+// Allocate and zero this data once.
+// We need to use it for the checksum and don't want to allocate/clear each time.
+var fourZeroes [4]byte // nolint:gochecknoglobals
+
+/*
+Packet represents an SCTP packet, defined in https://tools.ietf.org/html/rfc4960#section-3
+An SCTP packet is composed of a common header and chunks.  A chunk
+contains either control information or user data.
+
+
+                      SCTP Packet Format
+ 0                   1                   2                   3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+|                        Common Header                          |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+|                          Chunk #1                             |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+|                           ...                                 |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+|                          Chunk #n                             |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+
+                SCTP Common Header Format
+
+ 0                   1                   2                   3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+|     Source Value Number        |     Destination Value Number   |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+|                      Verification Tag                         |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+|                           Checksum                            |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+
+*/
+type packet struct {
+	sourcePort      uint16
+	destinationPort uint16
+	verificationTag uint32
+	chunks          []chunk
+}
+
+const (
+	packetHeaderSize = 12
+)
+
+func (p *packet) unmarshal(raw []byte) error {
+	if len(raw) < packetHeaderSize {
+		return errors.Errorf("raw only %d bytes, %d is the minimum length for a SCTP packet", len(raw), packetHeaderSize)
+	}
+
+	p.sourcePort = binary.BigEndian.Uint16(raw[0:])
+	p.destinationPort = binary.BigEndian.Uint16(raw[2:])
+	p.verificationTag = binary.BigEndian.Uint32(raw[4:])
+
+	offset := packetHeaderSize
+	for {
+		// Exact match, no more chunks
+		if offset == len(raw) {
+			break
+		} else if offset+chunkHeaderSize > len(raw) {
+			return errors.Errorf("Unable to parse SCTP chunk, not enough data for complete header: offset %d remaining %d", offset, len(raw))
+		}
+
+		var c chunk
+		switch chunkType(raw[offset]) {
+		case ctInit:
+			c = &chunkInit{}
+		case ctInitAck:
+			c = &chunkInitAck{}
+		case ctAbort:
+			c = &chunkAbort{}
+		case ctCookieEcho:
+			c = &chunkCookieEcho{}
+		case ctCookieAck:
+			c = &chunkCookieAck{}
+		case ctHeartbeat:
+			c = &chunkHeartbeat{}
+		case ctPayloadData:
+			c = &chunkPayloadData{}
+		case ctSack:
+			c = &chunkSelectiveAck{}
+		case ctReconfig:
+			c = &chunkReconfig{}
+		case ctForwardTSN:
+			c = &chunkForwardTSN{}
+		case ctError:
+			c = &chunkError{}
+		default:
+			return errors.Errorf("Failed to unmarshal, contains unknown chunk type %s", chunkType(raw[offset]).String())
+		}
+
+		if err := c.unmarshal(raw[offset:]); err != nil {
+			return err
+		}
+
+		p.chunks = append(p.chunks, c)
+		chunkValuePadding := getPadding(c.valueLength())
+		offset += chunkHeaderSize + c.valueLength() + chunkValuePadding
+	}
+	theirChecksum := binary.LittleEndian.Uint32(raw[8:])
+	ourChecksum := generatePacketChecksum(raw)
+	if theirChecksum != ourChecksum {
+		return errors.Errorf("Checksum mismatch theirs: %d ours: %d", theirChecksum, ourChecksum)
+	}
+	return nil
+}
+
+func (p *packet) marshal() ([]byte, error) {
+	raw := make([]byte, packetHeaderSize)
+
+	// Populate static headers
+	// 8-12 is Checksum which will be populated when packet is complete
+	binary.BigEndian.PutUint16(raw[0:], p.sourcePort)
+	binary.BigEndian.PutUint16(raw[2:], p.destinationPort)
+	binary.BigEndian.PutUint32(raw[4:], p.verificationTag)
+
+	// Populate chunks
+	for _, c := range p.chunks {
+		chunkRaw, err := c.marshal()
+		if err != nil {
+			return nil, err
+		}
+		raw = append(raw, chunkRaw...)
+
+		paddingNeeded := getPadding(len(raw))
+		if paddingNeeded != 0 {
+			raw = append(raw, make([]byte, paddingNeeded)...)
+		}
+	}
+
+	// Checksum is already in BigEndian
+	// Using LittleEndian.PutUint32 stops it from being flipped
+	binary.LittleEndian.PutUint32(raw[8:], generatePacketChecksum(raw))
+	return raw, nil
+}
+
+func generatePacketChecksum(raw []byte) (sum uint32) {
+	// Fastest way to do a crc32 without allocating.
+	sum = crc32.Update(sum, castagnoliTable, raw[0:8])
+	sum = crc32.Update(sum, castagnoliTable, fourZeroes[:])
+	sum = crc32.Update(sum, castagnoliTable, raw[12:])
+	return sum
+}
+
+// String makes packet printable
+func (p *packet) String() string {
+	format := `Packet:
+	sourcePort: %d
+	destinationPort: %d
+	verificationTag: %d
+	`
+	res := fmt.Sprintf(format,
+		p.sourcePort,
+		p.destinationPort,
+		p.verificationTag,
+	)
+	for i, chunk := range p.chunks {
+		res += fmt.Sprintf("Chunk %d:\n %s", i, chunk)
+	}
+	return res
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/param.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/param.go
new file mode 100644
index 000000000..08e46d1f9
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/param.go
@@ -0,0 +1,35 @@
+package sctp
+
+import (
+	"github.com/pkg/errors"
+)
+
+type param interface {
+	marshal() ([]byte, error)
+	length() int
+}
+
+func buildParam(t paramType, rawParam []byte) (param, error) {
+	switch t {
+	case forwardTSNSupp:
+		return (&paramForwardTSNSupported{}).unmarshal(rawParam)
+	case supportedExt:
+		return (&paramSupportedExtensions{}).unmarshal(rawParam)
+	case random:
+		return (&paramRandom{}).unmarshal(rawParam)
+	case reqHMACAlgo:
+		return (&paramRequestedHMACAlgorithm{}).unmarshal(rawParam)
+	case chunkList:
+		return (&paramChunkList{}).unmarshal(rawParam)
+	case stateCookie:
+		return (&paramStateCookie{}).unmarshal(rawParam)
+	case heartbeatInfo:
+		return (&paramHeartbeatInfo{}).unmarshal(rawParam)
+	case outSSNResetReq:
+		return (&paramOutgoingResetRequest{}).unmarshal(rawParam)
+	case reconfigResp:
+		return (&paramReconfigResponse{}).unmarshal(rawParam)
+	default:
+		return nil, errors.Errorf("Unhandled ParamType %v", t)
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/param_chunk_list.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/param_chunk_list.go
new file mode 100644
index 000000000..4ea484c9f
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/param_chunk_list.go
@@ -0,0 +1,28 @@
+package sctp
+
+type paramChunkList struct {
+	paramHeader
+	chunkTypes []chunkType
+}
+
+func (c *paramChunkList) marshal() ([]byte, error) {
+	c.typ = chunkList
+	c.raw = make([]byte, len(c.chunkTypes))
+	for i, t := range c.chunkTypes {
+		c.raw[i] = byte(t)
+	}
+
+	return c.paramHeader.marshal()
+}
+
+func (c *paramChunkList) unmarshal(raw []byte) (param, error) {
+	err := c.paramHeader.unmarshal(raw)
+	if err != nil {
+		return nil, err
+	}
+	for _, t := range c.raw {
+		c.chunkTypes = append(c.chunkTypes, chunkType(t))
+	}
+
+	return c, nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/param_forward_tsn_supported.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/param_forward_tsn_supported.go
new file mode 100644
index 000000000..62de15570
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/param_forward_tsn_supported.go
@@ -0,0 +1,28 @@
+package sctp
+
+// At the initialization of the association, the sender of the INIT or
+// INIT ACK chunk MAY include this OPTIONAL parameter to inform its peer
+// that it is able to support the Forward TSN chunk
+//
+//   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+//  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+//  |    Parameter Type = 49152     |  Parameter Length = 4         |
+//  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+type paramForwardTSNSupported struct {
+	paramHeader
+}
+
+func (f *paramForwardTSNSupported) marshal() ([]byte, error) {
+	f.typ = forwardTSNSupp
+	f.raw = []byte{}
+	return f.paramHeader.marshal()
+}
+
+func (f *paramForwardTSNSupported) unmarshal(raw []byte) (param, error) {
+	err := f.paramHeader.unmarshal(raw)
+	if err != nil {
+		return nil, err
+	}
+	return f, nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/param_heartbeat_info.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/param_heartbeat_info.go
new file mode 100644
index 000000000..47f64eb87
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/param_heartbeat_info.go
@@ -0,0 +1,21 @@
+package sctp
+
+type paramHeartbeatInfo struct {
+	paramHeader
+	heartbeatInformation []byte
+}
+
+func (h *paramHeartbeatInfo) marshal() ([]byte, error) {
+	h.typ = heartbeatInfo
+	h.raw = h.heartbeatInformation
+	return h.paramHeader.marshal()
+}
+
+func (h *paramHeartbeatInfo) unmarshal(raw []byte) (param, error) {
+	err := h.paramHeader.unmarshal(raw)
+	if err != nil {
+		return nil, err
+	}
+	h.heartbeatInformation = h.raw
+	return h, nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/param_outgoing_reset_request.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/param_outgoing_reset_request.go
new file mode 100644
index 000000000..ceae17892
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/param_outgoing_reset_request.go
@@ -0,0 +1,88 @@
+package sctp
+
+import (
+	"encoding/binary"
+	"errors"
+)
+
+const (
+	paramOutgoingResetRequestStreamIdentifiersOffset = 12
+)
+
+// This parameter is used by the sender to request the reset of some or
+// all outgoing streams.
+//  0                   1                   2                   3
+//  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+// |     Parameter Type = 13       | Parameter Length = 16 + 2 * N |
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+// |           Re-configuration Request Sequence Number            |
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+// |           Re-configuration Response Sequence Number           |
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+// |                Sender's Last Assigned TSN                     |
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+// |  Stream Number 1 (optional)   |    Stream Number 2 (optional) |
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+// /                            ......                             /
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+// |  Stream Number N-1 (optional) |    Stream Number N (optional) |
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+type paramOutgoingResetRequest struct {
+	paramHeader
+	// reconfigRequestSequenceNumber is used to identify the request.  It is a monotonically
+	// increasing number that is initialized to the same value as the
+	// initial TSN.  It is increased by 1 whenever sending a new Re-
+	// configuration Request Parameter.
+	reconfigRequestSequenceNumber uint32
+	// When this Outgoing SSN Reset Request Parameter is sent in response
+	// to an Incoming SSN Reset Request Parameter, this parameter is also
+	// an implicit response to the incoming request.  This field then
+	// holds the Re-configuration Request Sequence Number of the incoming
+	// request.  In other cases, it holds the next expected
+	// Re-configuration Request Sequence Number minus 1.
+	reconfigResponseSequenceNumber uint32
+	// This value holds the next TSN minus 1 -- in other words, the last
+	// TSN that this sender assigned.
+	senderLastTSN uint32
+	// This optional field, if included, is used to indicate specific
+	// streams that are to be reset.  If no streams are listed, then all
+	// streams are to be reset.
+	streamIdentifiers []uint16
+}
+
+var errSSNResetRequestParamTooShort = errors.New("outgoing SSN reset request parameter too short")
+
+func (r *paramOutgoingResetRequest) marshal() ([]byte, error) {
+	r.typ = outSSNResetReq
+	r.raw = make([]byte, paramOutgoingResetRequestStreamIdentifiersOffset+2*len(r.streamIdentifiers))
+	binary.BigEndian.PutUint32(r.raw, r.reconfigRequestSequenceNumber)
+	binary.BigEndian.PutUint32(r.raw[4:], r.reconfigResponseSequenceNumber)
+	binary.BigEndian.PutUint32(r.raw[8:], r.senderLastTSN)
+	for i, sID := range r.streamIdentifiers {
+		binary.BigEndian.PutUint16(r.raw[paramOutgoingResetRequestStreamIdentifiersOffset+2*i:], sID)
+	}
+	return r.paramHeader.marshal()
+}
+
+func (r *paramOutgoingResetRequest) unmarshal(raw []byte) (param, error) {
+	err := r.paramHeader.unmarshal(raw)
+	if err != nil {
+		return nil, err
+	}
+	if len(r.raw) < paramOutgoingResetRequestStreamIdentifiersOffset {
+		return nil, errSSNResetRequestParamTooShort
+	}
+	r.reconfigRequestSequenceNumber = binary.BigEndian.Uint32(r.raw)
+	r.reconfigResponseSequenceNumber = binary.BigEndian.Uint32(r.raw[4:])
+	r.senderLastTSN = binary.BigEndian.Uint32(r.raw[8:])
+
+	lim := (len(r.raw) - paramOutgoingResetRequestStreamIdentifiersOffset) / 2
+	r.streamIdentifiers = make([]uint16, lim)
+	for i := 0; i < lim; i++ {
+		r.streamIdentifiers[i] = binary.BigEndian.Uint16(r.raw[paramOutgoingResetRequestStreamIdentifiersOffset+2*i:])
+	}
+
+	return r, nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/param_random.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/param_random.go
new file mode 100644
index 000000000..dc454b358
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/param_random.go
@@ -0,0 +1,21 @@
+package sctp
+
+type paramRandom struct {
+	paramHeader
+	randomData []byte
+}
+
+func (r *paramRandom) marshal() ([]byte, error) {
+	r.typ = random
+	r.raw = r.randomData
+	return r.paramHeader.marshal()
+}
+
+func (r *paramRandom) unmarshal(raw []byte) (param, error) {
+	err := r.paramHeader.unmarshal(raw)
+	if err != nil {
+		return nil, err
+	}
+	r.randomData = r.raw
+	return r, nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/param_reconfig_response.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/param_reconfig_response.go
new file mode 100644
index 000000000..d9eab5512
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/param_reconfig_response.go
@@ -0,0 +1,92 @@
+package sctp
+
+import (
+	"encoding/binary"
+	"errors"
+	"fmt"
+)
+
+// This parameter is used by the receiver of a Re-configuration Request
+// Parameter to respond to the request.
+//
+// 0                   1                   2                   3
+// 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+// |     Parameter Type = 16       |      Parameter Length         |
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+// |         Re-configuration Response Sequence Number             |
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+// |                            Result                             |
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+// |                   Sender's Next TSN (optional)                |
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+// |                  Receiver's Next TSN (optional)               |
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+type paramReconfigResponse struct {
+	paramHeader
+	// This value is copied from the request parameter and is used by the
+	// receiver of the Re-configuration Response Parameter to tie the
+	// response to the request.
+	reconfigResponseSequenceNumber uint32
+	// This value describes the result of the processing of the request.
+	result reconfigResult
+}
+
+type reconfigResult uint32
+
+const (
+	reconfigResultSuccessNOP                    reconfigResult = 0
+	reconfigResultSuccessPerformed              reconfigResult = 1
+	reconfigResultDenied                        reconfigResult = 2
+	reconfigResultErrorWrongSSN                 reconfigResult = 3
+	reconfigResultErrorRequestAlreadyInProgress reconfigResult = 4
+	reconfigResultErrorBadSequenceNumber        reconfigResult = 5
+	reconfigResultInProgress                    reconfigResult = 6
+)
+
+var errReconfigRespParamTooShort = errors.New("reconfig response parameter too short")
+
+func (t reconfigResult) String() string {
+	switch t {
+	case reconfigResultSuccessNOP:
+		return "0: Success - Nothing to do"
+	case reconfigResultSuccessPerformed:
+		return "1: Success - Performed"
+	case reconfigResultDenied:
+		return "2: Denied"
+	case reconfigResultErrorWrongSSN:
+		return "3: Error - Wrong SSN"
+	case reconfigResultErrorRequestAlreadyInProgress:
+		return "4: Error - Request already in progress"
+	case reconfigResultErrorBadSequenceNumber:
+		return "5: Error - Bad Sequence Number"
+	case reconfigResultInProgress:
+		return "6: In progress"
+	default:
+		return fmt.Sprintf("Unknown reconfigResult: %d", t)
+	}
+}
+
+func (r *paramReconfigResponse) marshal() ([]byte, error) {
+	r.typ = reconfigResp
+	r.raw = make([]byte, 8)
+	binary.BigEndian.PutUint32(r.raw, r.reconfigResponseSequenceNumber)
+	binary.BigEndian.PutUint32(r.raw[4:], uint32(r.result))
+
+	return r.paramHeader.marshal()
+}
+
+func (r *paramReconfigResponse) unmarshal(raw []byte) (param, error) {
+	err := r.paramHeader.unmarshal(raw)
+	if err != nil {
+		return nil, err
+	}
+	if len(r.raw) < 8 {
+		return nil, errReconfigRespParamTooShort
+	}
+	r.reconfigResponseSequenceNumber = binary.BigEndian.Uint32(r.raw)
+	r.result = reconfigResult(binary.BigEndian.Uint32(r.raw[4:]))
+
+	return r, nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/param_requested_hmac_algorithm.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/param_requested_hmac_algorithm.go
new file mode 100644
index 000000000..b520fe379
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/param_requested_hmac_algorithm.go
@@ -0,0 +1,73 @@
+package sctp
+
+import (
+	"encoding/binary"
+	"fmt"
+
+	"github.com/pkg/errors"
+)
+
+type hmacAlgorithm uint16
+
+const (
+	hmacResv1  hmacAlgorithm = 0
+	hmacSHA128               = 1
+	hmacResv2  hmacAlgorithm = 2
+	hmacSHA256 hmacAlgorithm = 3
+)
+
+func (c hmacAlgorithm) String() string {
+	switch c {
+	case hmacResv1:
+		return "HMAC Reserved (0x00)"
+	case hmacSHA128:
+		return "HMAC SHA-128"
+	case hmacResv2:
+		return "HMAC Reserved (0x02)"
+	case hmacSHA256:
+		return "HMAC SHA-256"
+	default:
+		return fmt.Sprintf("Unknown HMAC Algorithm type: %d", c)
+	}
+}
+
+type paramRequestedHMACAlgorithm struct {
+	paramHeader
+	availableAlgorithms []hmacAlgorithm
+}
+
+func (r *paramRequestedHMACAlgorithm) marshal() ([]byte, error) {
+	r.typ = reqHMACAlgo
+	r.raw = make([]byte, len(r.availableAlgorithms)*2)
+	i := 0
+	for _, a := range r.availableAlgorithms {
+		binary.BigEndian.PutUint16(r.raw[i:], uint16(a))
+		i += 2
+	}
+
+	return r.paramHeader.marshal()
+}
+
+func (r *paramRequestedHMACAlgorithm) unmarshal(raw []byte) (param, error) {
+	err := r.paramHeader.unmarshal(raw)
+	if err != nil {
+		return nil, err
+	}
+
+	i := 0
+	for i < len(r.raw) {
+		a := hmacAlgorithm(binary.BigEndian.Uint16(r.raw[i:]))
+		switch a {
+		case hmacSHA128:
+			fallthrough
+		case hmacSHA256:
+			r.availableAlgorithms = append(r.availableAlgorithms, a)
+		default:
+			return nil, errors.Errorf("Invalid algorithm type '%v'", a)
+		}
+
+		i += 2
+	}
+
+	return r, nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/param_state_cookie.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/param_state_cookie.go
new file mode 100644
index 000000000..9681267d5
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/param_state_cookie.go
@@ -0,0 +1,46 @@
+package sctp
+
+import (
+	"crypto/rand"
+	"fmt"
+)
+
+type paramStateCookie struct {
+	paramHeader
+	cookie []byte
+}
+
+func newRandomStateCookie() (*paramStateCookie, error) {
+	randCookie := make([]byte, 32)
+	_, err := rand.Read(randCookie)
+	// crypto/rand.Read returns n == len(b) if and only if err == nil.
+	if err != nil {
+		return nil, err
+	}
+
+	s := &paramStateCookie{
+		cookie: randCookie,
+	}
+
+	return s, nil
+}
+
+func (s *paramStateCookie) marshal() ([]byte, error) {
+	s.typ = stateCookie
+	s.raw = s.cookie
+	return s.paramHeader.marshal()
+}
+
+func (s *paramStateCookie) unmarshal(raw []byte) (param, error) {
+	err := s.paramHeader.unmarshal(raw)
+	if err != nil {
+		return nil, err
+	}
+	s.cookie = s.raw
+	return s, nil
+}
+
+// String makes paramStateCookie printable
+func (s *paramStateCookie) String() string {
+	return fmt.Sprintf("%s: %s", s.paramHeader, s.cookie)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/param_supported_extensions.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/param_supported_extensions.go
new file mode 100644
index 000000000..2935524ca
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/param_supported_extensions.go
@@ -0,0 +1,29 @@
+package sctp
+
+type paramSupportedExtensions struct {
+	paramHeader
+	ChunkTypes []chunkType
+}
+
+func (s *paramSupportedExtensions) marshal() ([]byte, error) {
+	s.typ = supportedExt
+	s.raw = make([]byte, len(s.ChunkTypes))
+	for i, c := range s.ChunkTypes {
+		s.raw[i] = byte(c)
+	}
+
+	return s.paramHeader.marshal()
+}
+
+func (s *paramSupportedExtensions) unmarshal(raw []byte) (param, error) {
+	err := s.paramHeader.unmarshal(raw)
+	if err != nil {
+		return nil, err
+	}
+
+	for _, t := range s.raw {
+		s.ChunkTypes = append(s.ChunkTypes, chunkType(t))
+	}
+
+	return s, nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/paramheader.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/paramheader.go
new file mode 100644
index 000000000..d88642b37
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/paramheader.go
@@ -0,0 +1,63 @@
+package sctp
+
+import (
+	"encoding/binary"
+	"encoding/hex"
+	"fmt"
+
+	"github.com/pkg/errors"
+)
+
+type paramHeader struct {
+	typ paramType
+	len int
+	raw []byte
+}
+
+const (
+	paramHeaderLength = 4
+)
+
+func (p *paramHeader) marshal() ([]byte, error) {
+	paramLengthPlusHeader := paramHeaderLength + len(p.raw)
+
+	rawParam := make([]byte, paramLengthPlusHeader)
+	binary.BigEndian.PutUint16(rawParam[0:], uint16(p.typ))
+	binary.BigEndian.PutUint16(rawParam[2:], uint16(paramLengthPlusHeader))
+	copy(rawParam[paramHeaderLength:], p.raw)
+
+	return rawParam, nil
+}
+
+func (p *paramHeader) unmarshal(raw []byte) error {
+	if len(raw) < paramHeaderLength {
+		return errors.New("param header too short")
+	}
+
+	paramLengthPlusHeader := binary.BigEndian.Uint16(raw[2:])
+	if int(paramLengthPlusHeader) < paramHeaderLength {
+		return errors.Errorf("param self reported length (%d) smaller than header length (%d)", int(paramLengthPlusHeader), paramHeaderLength)
+	}
+	if len(raw) < int(paramLengthPlusHeader) {
+		return errors.Errorf("param length (%d) shorter than its self reported length (%d)", len(raw), int(paramLengthPlusHeader))
+	}
+
+	typ, err := parseParamType(raw[0:])
+	if err != nil {
+		return errors.Wrap(err, "failed to parse param type")
+	}
+	p.typ = typ
+	p.raw = raw[paramHeaderLength:paramLengthPlusHeader]
+	p.len = int(paramLengthPlusHeader)
+
+	return nil
+}
+
+func (p *paramHeader) length() int {
+	return p.len
+}
+
+// String makes paramHeader printable
+func (p paramHeader) String() string {
+	return fmt.Sprintf("%s (%d): %s", p.typ, p.len, hex.Dump(p.raw))
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/paramtype.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/paramtype.go
new file mode 100644
index 000000000..bb0ee82cc
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/paramtype.go
@@ -0,0 +1,106 @@
+package sctp
+
+import (
+	"encoding/binary"
+	"fmt"
+
+	"github.com/pkg/errors"
+)
+
+// paramType represents a SCTP INIT/INITACK parameter
+type paramType uint16
+
+const (
+	heartbeatInfo      paramType = 1     // Heartbeat Info	[RFC4960]
+	ipV4Addr           paramType = 5     // IPv4 IP	[RFC4960]
+	ipV6Addr           paramType = 6     // IPv6 IP	[RFC4960]
+	stateCookie        paramType = 7     // State Cookie	[RFC4960]
+	unrecognizedParam  paramType = 8     // Unrecognized Parameters	[RFC4960]
+	cookiePreservative paramType = 9     // Cookie Preservative	[RFC4960]
+	hostNameAddr       paramType = 11    // Host Name IP	[RFC4960]
+	supportedAddrTypes paramType = 12    // Supported IP Types	[RFC4960]
+	outSSNResetReq     paramType = 13    // Outgoing SSN Reset Request Parameter	[RFC6525]
+	incSSNResetReq     paramType = 14    // Incoming SSN Reset Request Parameter	[RFC6525]
+	ssnTSNResetReq     paramType = 15    // SSN/TSN Reset Request Parameter	[RFC6525]
+	reconfigResp       paramType = 16    // Re-configuration Response Parameter	[RFC6525]
+	addOutStreamsReq   paramType = 17    // Add Outgoing Streams Request Parameter	[RFC6525]
+	addIncStreamsReq   paramType = 18    // Add Incoming Streams Request Parameter	[RFC6525]
+	random             paramType = 32770 // Random (0x8002)	[RFC4805]
+	chunkList          paramType = 32771 // Chunk List (0x8003)	[RFC4895]
+	reqHMACAlgo        paramType = 32772 // Requested HMAC Algorithm Parameter (0x8004)	[RFC4895]
+	padding            paramType = 32773 // Padding (0x8005)
+	supportedExt       paramType = 32776 // Supported Extensions (0x8008)	[RFC5061]
+	forwardTSNSupp     paramType = 49152 // Forward TSN supported (0xC000)	[RFC3758]
+	addIPAddr          paramType = 49153 // Add IP IP (0xC001)	[RFC5061]
+	delIPAddr          paramType = 49154 // Delete IP IP (0xC002)	[RFC5061]
+	errClauseInd       paramType = 49155 // Error Cause Indication (0xC003)	[RFC5061]
+	setPriAddr         paramType = 49156 // Set Primary IP (0xC004)	[RFC5061]
+	successInd         paramType = 49157 // Success Indication (0xC005)	[RFC5061]
+	adaptLayerInd      paramType = 49158 // Adaptation Layer Indication (0xC006)	[RFC5061]
+)
+
+func parseParamType(raw []byte) (paramType, error) {
+	if len(raw) < 2 {
+		return paramType(0), errors.New("packet to short")
+	}
+	return paramType(binary.BigEndian.Uint16(raw)), nil
+}
+
+func (p paramType) String() string {
+	switch p {
+	case heartbeatInfo:
+		return "Heartbeat Info"
+	case ipV4Addr:
+		return "IPv4 IP"
+	case ipV6Addr:
+		return "IPv6 IP"
+	case stateCookie:
+		return "State Cookie"
+	case unrecognizedParam:
+		return "Unrecognized Parameters"
+	case cookiePreservative:
+		return "Cookie Preservative"
+	case hostNameAddr:
+		return "Host Name IP"
+	case supportedAddrTypes:
+		return "Supported IP Types"
+	case outSSNResetReq:
+		return "Outgoing SSN Reset Request Parameter"
+	case incSSNResetReq:
+		return "Incoming SSN Reset Request Parameter"
+	case ssnTSNResetReq:
+		return "SSN/TSN Reset Request Parameter"
+	case reconfigResp:
+		return "Re-configuration Response Parameter"
+	case addOutStreamsReq:
+		return "Add Outgoing Streams Request Parameter"
+	case addIncStreamsReq:
+		return "Add Incoming Streams Request Parameter"
+	case random:
+		return "Random"
+	case chunkList:
+		return "Chunk List"
+	case reqHMACAlgo:
+		return "Requested HMAC Algorithm Parameter"
+	case padding:
+		return "Padding"
+	case supportedExt:
+		return "Supported Extensions"
+	case forwardTSNSupp:
+		return "Forward TSN supported"
+	case addIPAddr:
+		return "Add IP IP"
+	case delIPAddr:
+		return "Delete IP IP"
+	case errClauseInd:
+		return "Error Cause Indication"
+	case setPriAddr:
+		return "Set Primary IP"
+	case successInd:
+		return "Success Indication"
+	case adaptLayerInd:
+		return "Adaptation Layer Indication"
+	default:
+		return fmt.Sprintf("Unknown ParamType: %d", p)
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/payload_queue.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/payload_queue.go
new file mode 100644
index 000000000..2d1a35a81
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/payload_queue.go
@@ -0,0 +1,179 @@
+package sctp
+
+import (
+	"fmt"
+	"sort"
+)
+
+type payloadQueue struct {
+	chunkMap map[uint32]*chunkPayloadData
+	sorted   []uint32
+	dupTSN   []uint32
+	nBytes   int
+}
+
+func newPayloadQueue() *payloadQueue {
+	return &payloadQueue{chunkMap: map[uint32]*chunkPayloadData{}}
+}
+
+func (q *payloadQueue) updateSortedKeys() {
+	if q.sorted != nil {
+		return
+	}
+
+	q.sorted = make([]uint32, len(q.chunkMap))
+	i := 0
+	for k := range q.chunkMap {
+		q.sorted[i] = k
+		i++
+	}
+
+	sort.Slice(q.sorted, func(i, j int) bool {
+		return sna32LT(q.sorted[i], q.sorted[j])
+	})
+}
+
+func (q *payloadQueue) canPush(p *chunkPayloadData, cumulativeTSN uint32) bool {
+	_, ok := q.chunkMap[p.tsn]
+	if ok || sna32LTE(p.tsn, cumulativeTSN) {
+		return false
+	}
+	return true
+}
+
+func (q *payloadQueue) pushNoCheck(p *chunkPayloadData) {
+	q.chunkMap[p.tsn] = p
+	q.nBytes += len(p.userData)
+	q.sorted = nil
+}
+
+// push pushes a payload data. If the payload data is already in our queue or
+// older than our cumulativeTSN marker, it will be recored as duplications,
+// which can later be retrieved using popDuplicates.
+func (q *payloadQueue) push(p *chunkPayloadData, cumulativeTSN uint32) bool {
+	_, ok := q.chunkMap[p.tsn]
+	if ok || sna32LTE(p.tsn, cumulativeTSN) {
+		// Found the packet, log in dups
+		q.dupTSN = append(q.dupTSN, p.tsn)
+		return false
+	}
+
+	q.chunkMap[p.tsn] = p
+	q.nBytes += len(p.userData)
+	q.sorted = nil
+	return true
+}
+
+// pop pops only if the oldest chunk's TSN matches the given TSN.
+func (q *payloadQueue) pop(tsn uint32) (*chunkPayloadData, bool) {
+	q.updateSortedKeys()
+
+	if len(q.chunkMap) > 0 && tsn == q.sorted[0] {
+		q.sorted = q.sorted[1:]
+		if c, ok := q.chunkMap[tsn]; ok {
+			delete(q.chunkMap, tsn)
+			q.nBytes -= len(c.userData)
+			return c, true
+		}
+	}
+
+	return nil, false
+}
+
+// get returns reference to chunkPayloadData with the given TSN value.
+func (q *payloadQueue) get(tsn uint32) (*chunkPayloadData, bool) {
+	c, ok := q.chunkMap[tsn]
+	return c, ok
+}
+
+// popDuplicates returns an array of TSN values that were found duplicate.
+func (q *payloadQueue) popDuplicates() []uint32 {
+	dups := q.dupTSN
+	q.dupTSN = []uint32{}
+	return dups
+}
+
+func (q *payloadQueue) getGapAckBlocks(cumulativeTSN uint32) (gapAckBlocks []gapAckBlock) {
+	var b gapAckBlock
+
+	if len(q.chunkMap) == 0 {
+		return []gapAckBlock{}
+	}
+
+	q.updateSortedKeys()
+
+	for i, tsn := range q.sorted {
+		if i == 0 {
+			b.start = uint16(tsn - cumulativeTSN)
+			b.end = b.start
+			continue
+		}
+		diff := uint16(tsn - cumulativeTSN)
+		if b.end+1 == diff {
+			b.end++
+		} else {
+			gapAckBlocks = append(gapAckBlocks, gapAckBlock{
+				start: b.start,
+				end:   b.end,
+			})
+			b.start = diff
+			b.end = diff
+		}
+	}
+
+	gapAckBlocks = append(gapAckBlocks, gapAckBlock{
+		start: b.start,
+		end:   b.end,
+	})
+
+	return gapAckBlocks
+}
+
+func (q *payloadQueue) getGapAckBlocksString(cumulativeTSN uint32) string {
+	gapAckBlocks := q.getGapAckBlocks(cumulativeTSN)
+	str := fmt.Sprintf("cumTSN=%d", cumulativeTSN)
+	for _, b := range gapAckBlocks {
+		str += fmt.Sprintf(",%d-%d", b.start, b.end)
+	}
+	return str
+}
+
+func (q *payloadQueue) markAsAcked(tsn uint32) int {
+	var nBytesAcked int
+	if c, ok := q.chunkMap[tsn]; ok {
+		c.acked = true
+		c.retransmit = false
+		nBytesAcked = len(c.userData)
+		q.nBytes -= nBytesAcked
+		c.userData = []byte{}
+	}
+
+	return nBytesAcked
+}
+
+func (q *payloadQueue) getLastTSNReceived() (uint32, bool) {
+	q.updateSortedKeys()
+
+	qlen := len(q.sorted)
+	if qlen == 0 {
+		return 0, false
+	}
+	return q.sorted[qlen-1], true
+}
+
+func (q *payloadQueue) markAllToRetrasmit() {
+	for _, c := range q.chunkMap {
+		if c.acked || c.abandoned() {
+			continue
+		}
+		c.retransmit = true
+	}
+}
+
+func (q *payloadQueue) getNumBytes() int {
+	return q.nBytes
+}
+
+func (q *payloadQueue) size() int {
+	return len(q.chunkMap)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/pending_queue.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/pending_queue.go
new file mode 100644
index 000000000..5f204d33d
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/pending_queue.go
@@ -0,0 +1,138 @@
+package sctp
+
+import (
+	"github.com/pkg/errors"
+)
+
+// pendingBaseQueue
+
+type pendingBaseQueue struct {
+	queue []*chunkPayloadData
+}
+
+func newPendingBaseQueue() *pendingBaseQueue {
+	return &pendingBaseQueue{queue: []*chunkPayloadData{}}
+}
+
+func (q *pendingBaseQueue) push(c *chunkPayloadData) {
+	q.queue = append(q.queue, c)
+}
+
+func (q *pendingBaseQueue) pop() *chunkPayloadData {
+	if len(q.queue) == 0 {
+		return nil
+	}
+	c := q.queue[0]
+	q.queue = q.queue[1:]
+	return c
+}
+
+func (q *pendingBaseQueue) get(i int) *chunkPayloadData {
+	if len(q.queue) == 0 || i < 0 || i >= len(q.queue) {
+		return nil
+	}
+	return q.queue[i]
+}
+
+func (q *pendingBaseQueue) size() int {
+	return len(q.queue)
+}
+
+// pendingQueue
+
+type pendingQueue struct {
+	unorderedQueue      *pendingBaseQueue
+	orderedQueue        *pendingBaseQueue
+	nBytes              int
+	selected            bool
+	unorderedIsSelected bool
+}
+
+var (
+	errUnexpectedChuckPoppedUnordered = errors.New("unexpected chunk popped (unordered)")
+	errUnexpectedChuckPoppedOrdered   = errors.New("unexpected chunk popped (ordered)")
+	errUnexpectedQState               = errors.New("unexpected q state (should've been selected)")
+)
+
+func newPendingQueue() *pendingQueue {
+	return &pendingQueue{
+		unorderedQueue: newPendingBaseQueue(),
+		orderedQueue:   newPendingBaseQueue(),
+	}
+}
+
+func (q *pendingQueue) push(c *chunkPayloadData) {
+	if c.unordered {
+		q.unorderedQueue.push(c)
+	} else {
+		q.orderedQueue.push(c)
+	}
+	q.nBytes += len(c.userData)
+}
+
+func (q *pendingQueue) peek() *chunkPayloadData {
+	if q.selected {
+		if q.unorderedIsSelected {
+			return q.unorderedQueue.get(0)
+		}
+		return q.orderedQueue.get(0)
+	}
+
+	if c := q.unorderedQueue.get(0); c != nil {
+		return c
+	}
+	return q.orderedQueue.get(0)
+}
+
+func (q *pendingQueue) pop(c *chunkPayloadData) error {
+	if q.selected {
+		var popped *chunkPayloadData
+		if q.unorderedIsSelected {
+			popped = q.unorderedQueue.pop()
+			if popped != c {
+				return errUnexpectedChuckPoppedUnordered
+			}
+		} else {
+			popped = q.orderedQueue.pop()
+			if popped != c {
+				return errUnexpectedChuckPoppedOrdered
+			}
+		}
+		if popped.endingFragment {
+			q.selected = false
+		}
+	} else {
+		if !c.beginningFragment {
+			return errUnexpectedQState
+		}
+		if c.unordered {
+			popped := q.unorderedQueue.pop()
+			if popped != c {
+				return errUnexpectedChuckPoppedUnordered
+			}
+			if !popped.endingFragment {
+				q.selected = true
+				q.unorderedIsSelected = true
+			}
+		} else {
+			popped := q.orderedQueue.pop()
+			if popped != c {
+				return errUnexpectedChuckPoppedOrdered
+			}
+			if !popped.endingFragment {
+				q.selected = true
+				q.unorderedIsSelected = false
+			}
+		}
+	}
+	q.nBytes -= len(c.userData)
+	return nil
+}
+
+func (q *pendingQueue) getNumBytes() int {
+	return q.nBytes
+}
+
+func (q *pendingQueue) size() int {
+	return q.unorderedQueue.size() + q.orderedQueue.size()
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/reassembly_queue.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/reassembly_queue.go
new file mode 100644
index 000000000..f71d59c91
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/reassembly_queue.go
@@ -0,0 +1,353 @@
+package sctp
+
+import (
+	"io"
+	"sort"
+	"sync/atomic"
+
+	"github.com/pkg/errors"
+)
+
+func sortChunksByTSN(a []*chunkPayloadData) {
+	sort.Slice(a, func(i, j int) bool {
+		return sna32LT(a[i].tsn, a[j].tsn)
+	})
+}
+
+func sortChunksBySSN(a []*chunkSet) {
+	sort.Slice(a, func(i, j int) bool {
+		return sna16LT(a[i].ssn, a[j].ssn)
+	})
+}
+
+// chunkSet is a set of chunks that share the same SSN
+type chunkSet struct {
+	ssn    uint16 // used only with the ordered chunks
+	ppi    PayloadProtocolIdentifier
+	chunks []*chunkPayloadData
+}
+
+func newChunkSet(ssn uint16, ppi PayloadProtocolIdentifier) *chunkSet {
+	return &chunkSet{
+		ssn:    ssn,
+		ppi:    ppi,
+		chunks: []*chunkPayloadData{},
+	}
+}
+
+func (set *chunkSet) push(chunk *chunkPayloadData) bool {
+	// check if dup
+	for _, c := range set.chunks {
+		if c.tsn == chunk.tsn {
+			return false
+		}
+	}
+
+	// append and sort
+	set.chunks = append(set.chunks, chunk)
+	sortChunksByTSN(set.chunks)
+
+	// Check if we now have a complete set
+	complete := set.isComplete()
+	return complete
+}
+
+func (set *chunkSet) isComplete() bool {
+	// Condition for complete set
+	//   0. Has at least one chunk.
+	//   1. Begins with beginningFragment set to true
+	//   2. Ends with endingFragment set to true
+	//   3. TSN monotinically increase by 1 from beginning to end
+
+	// 0.
+	nChunks := len(set.chunks)
+	if nChunks == 0 {
+		return false
+	}
+
+	// 1.
+	if !set.chunks[0].beginningFragment {
+		return false
+	}
+
+	// 2.
+	if !set.chunks[nChunks-1].endingFragment {
+		return false
+	}
+
+	// 3.
+	var lastTSN uint32
+	for i, c := range set.chunks {
+		if i > 0 {
+			// Fragments must have contiguous TSN
+			// From RFC 4960 Section 3.3.1:
+			//   When a user message is fragmented into multiple chunks, the TSNs are
+			//   used by the receiver to reassemble the message.  This means that the
+			//   TSNs for each fragment of a fragmented user message MUST be strictly
+			//   sequential.
+			if c.tsn != lastTSN+1 {
+				// mid or end fragment is missing
+				return false
+			}
+		}
+
+		lastTSN = c.tsn
+	}
+
+	return true
+}
+
+type reassemblyQueue struct {
+	si              uint16
+	nextSSN         uint16 // expected SSN for next ordered chunk
+	ordered         []*chunkSet
+	unordered       []*chunkSet
+	unorderedChunks []*chunkPayloadData
+	nBytes          uint64
+}
+
+var errTryAgain = errors.New("try again")
+
+func newReassemblyQueue(si uint16) *reassemblyQueue {
+	// From RFC 4960 Sec 6.5:
+	//   The Stream Sequence Number in all the streams MUST start from 0 when
+	//   the association is established.  Also, when the Stream Sequence
+	//   Number reaches the value 65535 the next Stream Sequence Number MUST
+	//   be set to 0.
+	return &reassemblyQueue{
+		si:        si,
+		nextSSN:   0, // From RFC 4960 Sec 6.5:
+		ordered:   make([]*chunkSet, 0),
+		unordered: make([]*chunkSet, 0),
+	}
+}
+
+func (r *reassemblyQueue) push(chunk *chunkPayloadData) bool {
+	var cset *chunkSet
+
+	if chunk.streamIdentifier != r.si {
+		return false
+	}
+
+	if chunk.unordered {
+		// First, insert into unorderedChunks array
+		r.unorderedChunks = append(r.unorderedChunks, chunk)
+		atomic.AddUint64(&r.nBytes, uint64(len(chunk.userData)))
+		sortChunksByTSN(r.unorderedChunks)
+
+		// Scan unorderedChunks that are contiguous (in TSN)
+		cset = r.findCompleteUnorderedChunkSet()
+
+		// If found, append the complete set to the unordered array
+		if cset != nil {
+			r.unordered = append(r.unordered, cset)
+			return true
+		}
+
+		return false
+	}
+
+	// This is an ordered chunk
+
+	if sna16LT(chunk.streamSequenceNumber, r.nextSSN) {
+		return false
+	}
+
+	// Check if a chunkSet with the SSN already exists
+	for _, set := range r.ordered {
+		if set.ssn == chunk.streamSequenceNumber {
+			cset = set
+			break
+		}
+	}
+
+	// If not found, create a new chunkSet
+	if cset == nil {
+		cset = newChunkSet(chunk.streamSequenceNumber, chunk.payloadType)
+		r.ordered = append(r.ordered, cset)
+		if !chunk.unordered {
+			sortChunksBySSN(r.ordered)
+		}
+	}
+
+	atomic.AddUint64(&r.nBytes, uint64(len(chunk.userData)))
+
+	return cset.push(chunk)
+}
+
+func (r *reassemblyQueue) findCompleteUnorderedChunkSet() *chunkSet {
+	startIdx := -1
+	nChunks := 0
+	var lastTSN uint32
+	var found bool
+
+	for i, c := range r.unorderedChunks {
+		// seek beigining
+		if c.beginningFragment {
+			startIdx = i
+			nChunks = 1
+			lastTSN = c.tsn
+
+			if c.endingFragment {
+				found = true
+				break
+			}
+			continue
+		}
+
+		if startIdx < 0 {
+			continue
+		}
+
+		// Check if contiguous in TSN
+		if c.tsn != lastTSN+1 {
+			startIdx = -1
+			continue
+		}
+
+		lastTSN = c.tsn
+		nChunks++
+
+		if c.endingFragment {
+			found = true
+			break
+		}
+	}
+
+	if !found {
+		return nil
+	}
+
+	// Extract the range of chunks
+	var chunks []*chunkPayloadData
+	chunks = append(chunks, r.unorderedChunks[startIdx:startIdx+nChunks]...)
+
+	r.unorderedChunks = append(
+		r.unorderedChunks[:startIdx],
+		r.unorderedChunks[startIdx+nChunks:]...)
+
+	chunkSet := newChunkSet(0, chunks[0].payloadType)
+	chunkSet.chunks = chunks
+
+	return chunkSet
+}
+
+func (r *reassemblyQueue) isReadable() bool {
+	// Check unordered first
+	if len(r.unordered) > 0 {
+		// The chunk sets in r.unordered should all be complete.
+		return true
+	}
+
+	// Check ordered sets
+	if len(r.ordered) > 0 {
+		cset := r.ordered[0]
+		if cset.isComplete() {
+			if sna16LTE(cset.ssn, r.nextSSN) {
+				return true
+			}
+		}
+	}
+	return false
+}
+
+func (r *reassemblyQueue) read(buf []byte) (int, PayloadProtocolIdentifier, error) {
+	var cset *chunkSet
+	// Check unordered first
+	switch {
+	case len(r.unordered) > 0:
+		cset = r.unordered[0]
+		r.unordered = r.unordered[1:]
+	case len(r.ordered) > 0:
+		// Now, check ordered
+		cset = r.ordered[0]
+		if !cset.isComplete() {
+			return 0, 0, errTryAgain
+		}
+		if sna16GT(cset.ssn, r.nextSSN) {
+			return 0, 0, errTryAgain
+		}
+		r.ordered = r.ordered[1:]
+		if cset.ssn == r.nextSSN {
+			r.nextSSN++
+		}
+	default:
+		return 0, 0, errTryAgain
+	}
+
+	// Concat all fragments into the buffer
+	nWritten := 0
+	ppi := cset.ppi
+	var err error
+	for _, c := range cset.chunks {
+		toCopy := len(c.userData)
+		r.subtractNumBytes(toCopy)
+		if err == nil {
+			n := copy(buf[nWritten:], c.userData)
+			nWritten += n
+			if n < toCopy {
+				err = io.ErrShortBuffer
+			}
+		}
+	}
+
+	return nWritten, ppi, err
+}
+
+func (r *reassemblyQueue) forwardTSNForOrdered(lastSSN uint16) {
+	// Use lastSSN to locate a chunkSet then remove it if the set has
+	// not been complete
+	keep := []*chunkSet{}
+	for _, set := range r.ordered {
+		if sna16LTE(set.ssn, lastSSN) {
+			if !set.isComplete() {
+				// drop the set
+				for _, c := range set.chunks {
+					r.subtractNumBytes(len(c.userData))
+				}
+				continue
+			}
+		}
+		keep = append(keep, set)
+	}
+	r.ordered = keep
+
+	// Finally, forward nextSSN
+	if sna16LTE(r.nextSSN, lastSSN) {
+		r.nextSSN = lastSSN + 1
+	}
+}
+
+func (r *reassemblyQueue) forwardTSNForUnordered(newCumulativeTSN uint32) {
+	// Remove all fragments in the unordered sets that contains chunks
+	// equal to or older than `newCumulativeTSN`.
+	// We know all sets in the r.unordered are complete ones.
+	// Just remove chunks that are equal to or older than newCumulativeTSN
+	// from the unorderedChunks
+	lastIdx := -1
+	for i, c := range r.unorderedChunks {
+		if sna32GT(c.tsn, newCumulativeTSN) {
+			break
+		}
+		lastIdx = i
+	}
+	if lastIdx >= 0 {
+		for _, c := range r.unorderedChunks[0 : lastIdx+1] {
+			r.subtractNumBytes(len(c.userData))
+		}
+		r.unorderedChunks = r.unorderedChunks[lastIdx+1:]
+	}
+}
+
+func (r *reassemblyQueue) subtractNumBytes(nBytes int) {
+	cur := atomic.LoadUint64(&r.nBytes)
+	if int(cur) >= nBytes {
+		atomic.AddUint64(&r.nBytes, -uint64(nBytes))
+	} else {
+		atomic.StoreUint64(&r.nBytes, 0)
+	}
+}
+
+func (r *reassemblyQueue) getNumBytes() int {
+	return int(atomic.LoadUint64(&r.nBytes))
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/renovate.json b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/renovate.json
new file mode 100644
index 000000000..4400fd9b2
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/renovate.json
@@ -0,0 +1,15 @@
+{
+  "extends": [
+    "config:base"
+  ],
+  "postUpdateOptions": [
+    "gomodTidy"
+  ],
+  "commitBody": "Generated by renovateBot",
+  "packageRules": [
+    {
+      "packagePatterns": ["^golang.org/x/"],
+      "schedule": ["on the first day of the month"]
+    }
+  ]
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/rtx_timer.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/rtx_timer.go
new file mode 100644
index 000000000..14bc39d77
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/rtx_timer.go
@@ -0,0 +1,219 @@
+package sctp
+
+import (
+	"math"
+	"sync"
+	"time"
+)
+
+const (
+	rtoInitial     float64 = 3.0 * 1000  // msec
+	rtoMin         float64 = 1.0 * 1000  // msec
+	rtoMax         float64 = 60.0 * 1000 // msec
+	rtoAlpha       float64 = 0.125
+	rtoBeta        float64 = 0.25
+	maxInitRetrans uint    = 8
+	pathMaxRetrans uint    = 5
+	noMaxRetrans   uint    = 0
+)
+
+// rtoManager manages Rtx timeout values.
+// This is an implementation of RFC 4960 sec 6.3.1.
+type rtoManager struct {
+	srtt     float64
+	rttvar   float64
+	rto      float64
+	noUpdate bool
+	mutex    sync.RWMutex
+}
+
+// newRTOManager creates a new rtoManager.
+func newRTOManager() *rtoManager {
+	return &rtoManager{
+		rto: rtoInitial,
+	}
+}
+
+// setNewRTT takes a newly measured RTT then adjust the RTO in msec.
+func (m *rtoManager) setNewRTT(rtt float64) float64 {
+	m.mutex.Lock()
+	defer m.mutex.Unlock()
+
+	if m.noUpdate {
+		return m.srtt
+	}
+
+	if m.srtt == 0 {
+		// First measurement
+		m.srtt = rtt
+		m.rttvar = rtt / 2
+	} else {
+		// Subsequent rtt measurement
+		m.rttvar = (1-rtoBeta)*m.rttvar + rtoBeta*(math.Abs(m.srtt-rtt))
+		m.srtt = (1-rtoAlpha)*m.srtt + rtoAlpha*rtt
+	}
+	m.rto = math.Min(math.Max(m.srtt+4*m.rttvar, rtoMin), rtoMax)
+	return m.srtt
+}
+
+// getRTO simply returns the current RTO in msec.
+func (m *rtoManager) getRTO() float64 {
+	m.mutex.RLock()
+	defer m.mutex.RUnlock()
+
+	return m.rto
+}
+
+// reset resets the RTO variables to the initial values.
+func (m *rtoManager) reset() {
+	m.mutex.Lock()
+	defer m.mutex.Unlock()
+
+	if m.noUpdate {
+		return
+	}
+
+	m.srtt = 0
+	m.rttvar = 0
+	m.rto = rtoInitial
+}
+
+// set RTO value for testing
+func (m *rtoManager) setRTO(rto float64, noUpdate bool) {
+	m.mutex.Lock()
+	defer m.mutex.Unlock()
+
+	m.rto = rto
+	m.noUpdate = noUpdate
+}
+
+// rtxTimerObserver is the inteface to a timer observer.
+// NOTE: Observers MUST NOT call start() or stop() method on rtxTimer
+// from within these callbacks.
+type rtxTimerObserver interface {
+	onRetransmissionTimeout(timerID int, n uint)
+	onRetransmissionFailure(timerID int)
+}
+
+// rtxTimer provides the retnransmission timer conforms with RFC 4960 Sec 6.3.1
+type rtxTimer struct {
+	id         int
+	observer   rtxTimerObserver
+	maxRetrans uint
+	stopFunc   stopTimerLoop
+	closed     bool
+	mutex      sync.RWMutex
+}
+
+type stopTimerLoop func()
+
+// newRTXTimer creates a new retransmission timer.
+// if maxRetrans is set to 0, it will keep retransmitting until stop() is called.
+// (it will never make onRetransmissionFailure() callback.
+func newRTXTimer(id int, observer rtxTimerObserver, maxRetrans uint) *rtxTimer {
+	return &rtxTimer{
+		id:         id,
+		observer:   observer,
+		maxRetrans: maxRetrans,
+	}
+}
+
+// start starts the timer.
+func (t *rtxTimer) start(rto float64) bool {
+	t.mutex.Lock()
+	defer t.mutex.Unlock()
+
+	// this timer is already closed
+	if t.closed {
+		return false
+	}
+
+	// this is a noop if the timer is always running
+	if t.stopFunc != nil {
+		return false
+	}
+
+	// Note: rto value is intentionally not capped by RTO.Min to allow
+	// fast timeout for the tests. Non-test code should pass in the
+	// rto generated by rtoManager getRTO() method which caps the
+	// value at RTO.Min or at RTO.Max.
+	var nRtos uint
+
+	cancelCh := make(chan struct{})
+
+	go func() {
+		canceling := false
+
+		for !canceling {
+			timeout := calculateNextTimeout(rto, nRtos)
+			timer := time.NewTimer(time.Duration(timeout) * time.Millisecond)
+
+			select {
+			case <-timer.C:
+				nRtos++
+				if t.maxRetrans == 0 || nRtos <= t.maxRetrans {
+					t.observer.onRetransmissionTimeout(t.id, nRtos)
+				} else {
+					t.stop()
+					t.observer.onRetransmissionFailure(t.id)
+				}
+			case <-cancelCh:
+				canceling = true
+				timer.Stop()
+			}
+		}
+	}()
+
+	t.stopFunc = func() {
+		close(cancelCh)
+	}
+
+	return true
+}
+
+// stop stops the timer.
+func (t *rtxTimer) stop() {
+	t.mutex.Lock()
+	defer t.mutex.Unlock()
+
+	if t.stopFunc != nil {
+		t.stopFunc()
+		t.stopFunc = nil
+	}
+}
+
+// closes the timer. this is similar to stop() but subsequent start() call
+// will fail (the timer is no longer usable)
+func (t *rtxTimer) close() {
+	t.mutex.Lock()
+	defer t.mutex.Unlock()
+
+	if t.stopFunc != nil {
+		t.stopFunc()
+		t.stopFunc = nil
+	}
+
+	t.closed = true
+}
+
+// isRunning tests if the timer is running.
+// Debug purpose only
+func (t *rtxTimer) isRunning() bool {
+	t.mutex.RLock()
+	defer t.mutex.RUnlock()
+
+	return (t.stopFunc != nil)
+}
+
+func calculateNextTimeout(rto float64, nRtos uint) float64 {
+	// RFC 4096 sec 6.3.3.  Handle T3-rtx Expiration
+	//   E2)  For the destination address for which the timer expires, set RTO
+	//        <- RTO * 2 ("back off the timer").  The maximum value discussed
+	//        in rule C7 above (RTO.max) may be used to provide an upper bound
+	//        to this doubling operation.
+	if nRtos < 31 {
+		m := 1 << nRtos
+		return math.Min(rto*float64(m), rtoMax)
+	}
+	return rtoMax
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/sctp.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/sctp.go
new file mode 100644
index 000000000..e60134293
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/sctp.go
@@ -0,0 +1,2 @@
+// Package sctp implements the SCTP spec
+package sctp
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/stream.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/stream.go
new file mode 100644
index 000000000..8a17b97c6
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/stream.go
@@ -0,0 +1,357 @@
+package sctp
+
+import (
+	"io"
+	"math"
+	"sync"
+
+	"github.com/pion/logging"
+	"github.com/pkg/errors"
+)
+
+const (
+	// ReliabilityTypeReliable is used for reliable transmission
+	ReliabilityTypeReliable byte = 0
+	// ReliabilityTypeRexmit is used for partial reliability by retransmission count
+	ReliabilityTypeRexmit byte = 1
+	// ReliabilityTypeTimed is used for partial reliability by retransmission duration
+	ReliabilityTypeTimed byte = 2
+)
+
+// Stream represents an SCTP stream
+type Stream struct {
+	association         *Association
+	lock                sync.RWMutex
+	streamIdentifier    uint16
+	defaultPayloadType  PayloadProtocolIdentifier
+	reassemblyQueue     *reassemblyQueue
+	sequenceNumber      uint16
+	readNotifier        *sync.Cond
+	readErr             error
+	writeErr            error
+	unordered           bool
+	reliabilityType     byte
+	reliabilityValue    uint32
+	bufferedAmount      uint64
+	bufferedAmountLow   uint64
+	onBufferedAmountLow func()
+	log                 logging.LeveledLogger
+	name                string
+}
+
+// StreamIdentifier returns the Stream identifier associated to the stream.
+func (s *Stream) StreamIdentifier() uint16 {
+	s.lock.RLock()
+	defer s.lock.RUnlock()
+	return s.streamIdentifier
+}
+
+// SetDefaultPayloadType sets the default payload type used by Write.
+func (s *Stream) SetDefaultPayloadType(defaultPayloadType PayloadProtocolIdentifier) {
+	s.lock.Lock()
+	defer s.lock.Unlock()
+
+	s.setDefaultPayloadType(defaultPayloadType)
+}
+
+// setDefaultPayloadType sets the defaultPayloadType. The caller should hold the lock.
+func (s *Stream) setDefaultPayloadType(defaultPayloadType PayloadProtocolIdentifier) {
+	s.defaultPayloadType = defaultPayloadType
+}
+
+// SetReliabilityParams sets reliability parameters for this stream.
+func (s *Stream) SetReliabilityParams(unordered bool, relType byte, relVal uint32) {
+	s.lock.Lock()
+	defer s.lock.Unlock()
+
+	s.setReliabilityParams(unordered, relType, relVal)
+}
+
+// setReliabilityParams sets reliability parameters for this stream.
+// The caller should hold the lock.
+func (s *Stream) setReliabilityParams(unordered bool, relType byte, relVal uint32) {
+	s.log.Debugf("[%s] reliability params: ordered=%v type=%d value=%d",
+		s.name, !unordered, relType, relVal)
+	s.unordered = unordered
+	s.reliabilityType = relType
+	s.reliabilityValue = relVal
+}
+
+// Read reads a packet of len(p) bytes, dropping the Payload Protocol Identifier.
+// Returns EOF when the stream is reset or an error if the stream is closed
+// otherwise.
+func (s *Stream) Read(p []byte) (int, error) {
+	n, _, err := s.ReadSCTP(p)
+	return n, err
+}
+
+// ReadSCTP reads a packet of len(p) bytes and returns the associated Payload
+// Protocol Identifier.
+// Returns EOF when the stream is reset or an error if the stream is closed
+// otherwise.
+func (s *Stream) ReadSCTP(p []byte) (int, PayloadProtocolIdentifier, error) {
+	s.lock.Lock()
+	defer s.lock.Unlock()
+
+	for {
+		n, ppi, err := s.reassemblyQueue.read(p)
+		if err == nil {
+			return n, ppi, nil
+		} else if errors.Is(err, io.ErrShortBuffer) {
+			return 0, PayloadProtocolIdentifier(0), err
+		}
+
+		err = s.readErr
+		if err != nil {
+			return 0, PayloadProtocolIdentifier(0), err
+		}
+
+		s.readNotifier.Wait()
+	}
+}
+
+func (s *Stream) handleData(pd *chunkPayloadData) {
+	s.lock.Lock()
+	defer s.lock.Unlock()
+
+	var readable bool
+	if s.reassemblyQueue.push(pd) {
+		readable = s.reassemblyQueue.isReadable()
+		s.log.Debugf("[%s] reassemblyQueue readable=%v", s.name, readable)
+		if readable {
+			s.log.Debugf("[%s] readNotifier.signal()", s.name)
+			s.readNotifier.Signal()
+			s.log.Debugf("[%s] readNotifier.signal() done", s.name)
+		}
+	}
+}
+
+func (s *Stream) handleForwardTSNForOrdered(ssn uint16) {
+	var readable bool
+
+	func() {
+		s.lock.Lock()
+		defer s.lock.Unlock()
+
+		if s.unordered {
+			return // unordered chunks are handled by handleForwardUnordered method
+		}
+
+		// Remove all chunks older than or equal to the new TSN from
+		// the reassemblyQueue.
+		s.reassemblyQueue.forwardTSNForOrdered(ssn)
+		readable = s.reassemblyQueue.isReadable()
+	}()
+
+	// Notify the reader asynchronously if there's a data chunk to read.
+	if readable {
+		s.readNotifier.Signal()
+	}
+}
+
+func (s *Stream) handleForwardTSNForUnordered(newCumulativeTSN uint32) {
+	var readable bool
+
+	func() {
+		s.lock.Lock()
+		defer s.lock.Unlock()
+
+		if !s.unordered {
+			return // ordered chunks are handled by handleForwardTSNOrdered method
+		}
+
+		// Remove all chunks older than or equal to the new TSN from
+		// the reassemblyQueue.
+		s.reassemblyQueue.forwardTSNForUnordered(newCumulativeTSN)
+		readable = s.reassemblyQueue.isReadable()
+	}()
+
+	// Notify the reader asynchronously if there's a data chunk to read.
+	if readable {
+		s.readNotifier.Signal()
+	}
+}
+
+// Write writes len(p) bytes from p with the default Payload Protocol Identifier
+func (s *Stream) Write(p []byte) (n int, err error) {
+	return s.WriteSCTP(p, s.defaultPayloadType)
+}
+
+// WriteSCTP writes len(p) bytes from p to the DTLS connection
+func (s *Stream) WriteSCTP(p []byte, ppi PayloadProtocolIdentifier) (n int, err error) {
+	maxMessageSize := s.association.MaxMessageSize()
+	if len(p) > int(maxMessageSize) {
+		return 0, errors.Errorf("Outbound packet larger than maximum message size %v", math.MaxUint16)
+	}
+
+	s.lock.RLock()
+	err = s.writeErr
+	s.lock.RUnlock()
+	if err != nil {
+		return 0, err
+	}
+
+	chunks := s.packetize(p, ppi)
+
+	return len(p), s.association.sendPayloadData(chunks)
+}
+
+func (s *Stream) packetize(raw []byte, ppi PayloadProtocolIdentifier) []*chunkPayloadData {
+	s.lock.Lock()
+	defer s.lock.Unlock()
+
+	i := uint32(0)
+	remaining := uint32(len(raw))
+
+	// From draft-ietf-rtcweb-data-protocol-09, section 6:
+	//   All Data Channel Establishment Protocol messages MUST be sent using
+	//   ordered delivery and reliable transmission.
+	unordered := ppi != PayloadTypeWebRTCDCEP && s.unordered
+
+	var chunks []*chunkPayloadData
+	var head *chunkPayloadData
+	for remaining != 0 {
+		fragmentSize := min32(s.association.maxPayloadSize, remaining)
+
+		// Copy the userdata since we'll have to store it until acked
+		// and the caller may re-use the buffer in the mean time
+		userData := make([]byte, fragmentSize)
+		copy(userData, raw[i:i+fragmentSize])
+
+		chunk := &chunkPayloadData{
+			streamIdentifier:     s.streamIdentifier,
+			userData:             userData,
+			unordered:            unordered,
+			beginningFragment:    i == 0,
+			endingFragment:       remaining-fragmentSize == 0,
+			immediateSack:        false,
+			payloadType:          ppi,
+			streamSequenceNumber: s.sequenceNumber,
+			head:                 head,
+		}
+
+		if head == nil {
+			head = chunk
+		}
+
+		chunks = append(chunks, chunk)
+
+		remaining -= fragmentSize
+		i += fragmentSize
+	}
+
+	// RFC 4960 Sec 6.6
+	// Note: When transmitting ordered and unordered data, an endpoint does
+	// not increment its Stream Sequence Number when transmitting a DATA
+	// chunk with U flag set to 1.
+	if !unordered {
+		s.sequenceNumber++
+	}
+
+	s.bufferedAmount += uint64(len(raw))
+	s.log.Tracef("[%s] bufferedAmount = %d", s.name, s.bufferedAmount)
+
+	return chunks
+}
+
+// Close closes the write-direction of the stream.
+// Future calls to Write are not permitted after calling Close.
+func (s *Stream) Close() error {
+	if sid, isOpen := func() (uint16, bool) {
+		s.lock.Lock()
+		defer s.lock.Unlock()
+
+		isOpen := true
+		if s.writeErr == nil {
+			s.writeErr = errors.New("Stream closed")
+		} else {
+			isOpen = false
+		}
+
+		if s.readErr == nil {
+			s.readErr = io.EOF
+		} else {
+			isOpen = false
+		}
+		s.readNotifier.Broadcast() // broadcast regardless
+
+		return s.streamIdentifier, isOpen
+	}(); isOpen {
+		// Reset the outgoing stream
+		// https://tools.ietf.org/html/rfc6525
+		return s.association.sendResetRequest(sid)
+	}
+
+	return nil
+}
+
+// BufferedAmount returns the number of bytes of data currently queued to be sent over this stream.
+func (s *Stream) BufferedAmount() uint64 {
+	s.lock.RLock()
+	defer s.lock.RUnlock()
+
+	return s.bufferedAmount
+}
+
+// BufferedAmountLowThreshold returns the number of bytes of buffered outgoing data that is
+// considered "low." Defaults to 0.
+func (s *Stream) BufferedAmountLowThreshold() uint64 {
+	s.lock.RLock()
+	defer s.lock.RUnlock()
+
+	return s.bufferedAmountLow
+}
+
+// SetBufferedAmountLowThreshold is used to update the threshold.
+// See BufferedAmountLowThreshold().
+func (s *Stream) SetBufferedAmountLowThreshold(th uint64) {
+	s.lock.Lock()
+	defer s.lock.Unlock()
+
+	s.bufferedAmountLow = th
+}
+
+// OnBufferedAmountLow sets the callback handler which would be called when the number of
+// bytes of outgoing data buffered is lower than the threshold.
+func (s *Stream) OnBufferedAmountLow(f func()) {
+	s.lock.Lock()
+	defer s.lock.Unlock()
+
+	s.onBufferedAmountLow = f
+}
+
+// This method is called by association's readLoop (go-)routine to notify this stream
+// of the specified amount of outgoing data has been delivered to the peer.
+func (s *Stream) onBufferReleased(nBytesReleased int) {
+	if nBytesReleased <= 0 {
+		return
+	}
+
+	s.lock.Lock()
+
+	fromAmount := s.bufferedAmount
+
+	if s.bufferedAmount < uint64(nBytesReleased) {
+		s.bufferedAmount = 0
+		s.log.Errorf("[%s] released buffer size %d should be <= %d",
+			s.name, nBytesReleased, s.bufferedAmount)
+	} else {
+		s.bufferedAmount -= uint64(nBytesReleased)
+	}
+
+	s.log.Tracef("[%s] bufferedAmount = %d", s.name, s.bufferedAmount)
+
+	if s.onBufferedAmountLow != nil && fromAmount > s.bufferedAmountLow && s.bufferedAmount <= s.bufferedAmountLow {
+		f := s.onBufferedAmountLow
+		s.lock.Unlock()
+		f()
+		return
+	}
+
+	s.lock.Unlock()
+}
+
+func (s *Stream) getNumBytesInReassemblyQueue() int {
+	// No lock is required as it reads the size with atomic load function.
+	return s.reassemblyQueue.getNumBytes()
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/util.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/util.go
new file mode 100644
index 000000000..e2e54ab0c
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sctp/util.go
@@ -0,0 +1,58 @@
+package sctp
+
+const (
+	paddingMultiple = 4
+)
+
+func getPadding(len int) int {
+	return (paddingMultiple - (len % paddingMultiple)) % paddingMultiple
+}
+
+func padByte(in []byte, cnt int) []byte {
+	if cnt < 0 {
+		cnt = 0
+	}
+	padding := make([]byte, cnt)
+	return append(in, padding...)
+}
+
+// Serial Number Arithmetic (RFC 1982)
+func sna32LT(i1, i2 uint32) bool {
+	return (i1 < i2 && i2-i1 < 1<<31) || (i1 > i2 && i1-i2 > 1<<31)
+}
+
+func sna32LTE(i1, i2 uint32) bool {
+	return i1 == i2 || sna32LT(i1, i2)
+}
+
+func sna32GT(i1, i2 uint32) bool {
+	return (i1 < i2 && (i2-i1) >= 1<<31) || (i1 > i2 && (i1-i2) <= 1<<31)
+}
+
+func sna32GTE(i1, i2 uint32) bool {
+	return i1 == i2 || sna32GT(i1, i2)
+}
+
+func sna32EQ(i1, i2 uint32) bool {
+	return i1 == i2
+}
+
+func sna16LT(i1, i2 uint16) bool {
+	return (i1 < i2 && (i2-i1) < 1<<15) || (i1 > i2 && (i1-i2) > 1<<15)
+}
+
+func sna16LTE(i1, i2 uint16) bool {
+	return i1 == i2 || sna16LT(i1, i2)
+}
+
+func sna16GT(i1, i2 uint16) bool {
+	return (i1 < i2 && (i2-i1) >= 1<<15) || (i1 > i2 && (i1-i2) <= 1<<15)
+}
+
+func sna16GTE(i1, i2 uint16) bool {
+	return i1 == i2 || sna16GT(i1, i2)
+}
+
+func sna16EQ(i1, i2 uint16) bool {
+	return i1 == i2
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/.gitignore b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/.gitignore
new file mode 100644
index 000000000..83db74ba5
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/.gitignore
@@ -0,0 +1,24 @@
+### JetBrains IDE ###
+#####################
+.idea/
+
+### Emacs Temporary Files ###
+#############################
+*~
+
+### Folders ###
+###############
+bin/
+vendor/
+node_modules/
+
+### Files ###
+#############
+*.ivf
+*.ogg
+tags
+cover.out
+*.sw[poe]
+*.wasm
+examples/sfu-ws/cert.pem
+examples/sfu-ws/key.pem
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/.golangci.yml b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/.golangci.yml
new file mode 100644
index 000000000..d6162c970
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/.golangci.yml
@@ -0,0 +1,89 @@
+linters-settings:
+  govet:
+    check-shadowing: true
+  misspell:
+    locale: US
+  exhaustive:
+    default-signifies-exhaustive: true
+  gomodguard:
+    blocked:
+      modules:
+        - github.com/pkg/errors:
+            recommendations:
+            - errors
+
+linters:
+  enable:
+    - asciicheck       # Simple linter to check that your code does not contain non-ASCII identifiers
+    - bodyclose        # checks whether HTTP response body is closed successfully
+    - deadcode         # Finds unused code
+    - depguard         # Go linter that checks if package imports are in a list of acceptable packages
+    - dogsled          # Checks assignments with too many blank identifiers (e.g. x, _, _, _, := f())
+    - dupl             # Tool for code clone detection
+    - errcheck         # Errcheck is a program for checking for unchecked errors in go programs. These unchecked errors can be critical bugs in some cases
+    - exhaustive       # check exhaustiveness of enum switch statements
+    - exportloopref    # checks for pointers to enclosing loop variables
+    - gci              # Gci control golang package import order and make it always deterministic.
+    - gochecknoglobals # Checks that no globals are present in Go code
+    - gochecknoinits   # Checks that no init functions are present in Go code
+    - gocognit         # Computes and checks the cognitive complexity of functions
+    - goconst          # Finds repeated strings that could be replaced by a constant
+    - gocritic         # The most opinionated Go source code linter
+    - godox            # Tool for detection of FIXME, TODO and other comment keywords
+    - goerr113         # Golang linter to check the errors handling expressions
+    - gofmt            # Gofmt checks whether code was gofmt-ed. By default this tool runs with -s option to check for code simplification
+    - gofumpt          # Gofumpt checks whether code was gofumpt-ed.
+    - goheader         # Checks is file header matches to pattern
+    - goimports        # Goimports does everything that gofmt does. Additionally it checks unused imports
+    - golint           # Golint differs from gofmt. Gofmt reformats Go source code, whereas golint prints out style mistakes
+    - gomodguard       # Allow and block list linter for direct Go module dependencies. This is different from depguard where there are different block types for example version constraints and module recommendations.
+    - goprintffuncname # Checks that printf-like functions are named with `f` at the end
+    - gosec            # Inspects source code for security problems
+    - gosimple         # Linter for Go source code that specializes in simplifying a code
+    - govet            # Vet examines Go source code and reports suspicious constructs, such as Printf calls whose arguments do not align with the format string
+    - ineffassign      # Detects when assignments to existing variables are not used
+    - misspell         # Finds commonly misspelled English words in comments
+    - nakedret         # Finds naked returns in functions greater than a specified function length
+    - noctx            # noctx finds sending http request without context.Context
+    - scopelint        # Scopelint checks for unpinned variables in go programs
+    - staticcheck      # Staticcheck is a go vet on steroids, applying a ton of static analysis checks
+    - structcheck      # Finds unused struct fields
+    - stylecheck       # Stylecheck is a replacement for golint
+    - typecheck        # Like the front-end of a Go compiler, parses and type-checks Go code
+    - unconvert        # Remove unnecessary type conversions
+    - unparam          # Reports unused function parameters
+    - unused           # Checks Go code for unused constants, variables, functions and types
+    - varcheck         # Finds unused global variables and constants
+    - whitespace       # Tool for detection of leading and trailing whitespace
+  disable:
+    - funlen           # Tool for detection of long functions
+    - gocyclo          # Computes and checks the cyclomatic complexity of functions
+    - godot            # Check if comments end in a period
+    - gomnd            # An analyzer to detect magic numbers.
+    - lll              # Reports long lines
+    - maligned         # Tool to detect Go structs that would take less memory if their fields were sorted
+    - nestif           # Reports deeply nested if statements
+    - nlreturn         # nlreturn checks for a new line before return and branch statements to increase code clarity
+    - nolintlint       # Reports ill-formed or insufficient nolint directives
+    - prealloc         # Finds slice declarations that could potentially be preallocated
+    - rowserrcheck     # checks whether Err of rows is checked successfully
+    - sqlclosecheck    # Checks that sql.Rows and sql.Stmt are closed.
+    - testpackage      # linter that makes you use a separate _test package
+    - wsl              # Whitespace Linter - Forces you to use empty lines!
+
+issues:
+  exclude-use-default: false
+  exclude-rules:
+    # Allow complex tests, better to be self contained
+    - path: _test\.go
+      linters:
+        - gocognit
+
+    # Allow complex main function in examples
+    - path: examples
+      text: "of func `main` is high"
+      linters:
+        - gocognit
+
+run:
+  skip-dirs-use-default: false
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/LICENSE b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/LICENSE
new file mode 100644
index 000000000..ab602974d
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2018 
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/README.md b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/README.md
new file mode 100644
index 000000000..e7d7ff692
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/README.md
@@ -0,0 +1,59 @@
+<h1 align="center">
+  <br>
+  Pion SDP
+  <br>
+</h1>
+<h4 align="center">A Go implementation of the SDP</h4>
+<p align="center">
+  <a href="https://pion.ly"><img src="https://img.shields.io/badge/pion-sdp-gray.svg?longCache=true&colorB=brightgreen" alt="Pion SDP"></a>
+  <a href="https://sourcegraph.com/github.com/pion/sdp?badge"><img src="https://sourcegraph.com/github.com/pion/sdp/-/badge.svg" alt="Sourcegraph Widget"></a>
+  <a href="https://pion.ly/slack"><img src="https://img.shields.io/badge/join-us%20on%20slack-gray.svg?longCache=true&logo=slack&colorB=brightgreen" alt="Slack Widget"></a>
+  <br>
+  <a href="https://travis-ci.org/pion/sdp"><img src="https://travis-ci.org/pion/sdp.svg?branch=master" alt="Build Status"></a>
+  <a href="https://pkg.go.dev/github.com/pion/sdp/v2"><img src="https://godoc.org/github.com/pion/sdp?status.svg" alt="GoDoc"></a>
+  <a href="https://codecov.io/gh/pion/sdp"><img src="https://codecov.io/gh/pion/sdp/branch/master/graph/badge.svg" alt="Coverage Status"></a>
+  <a href="https://goreportcard.com/report/github.com/pion/sdp"><img src="https://goreportcard.com/badge/github.com/pion/sdp" alt="Go Report Card"></a>
+  <a href="LICENSE"><img src="https://img.shields.io/badge/License-MIT-yellow.svg" alt="License: MIT"></a>
+</p>
+<br>
+
+See [DESIGN.md](DESIGN.md) for an overview of features and future goals.
+
+### Roadmap
+The library is used as a part of our WebRTC implementation. Please refer to that [roadmap](https://github.com/pion/webrtc/issues/9) to track our major milestones.
+
+### Community
+Pion has an active community on the [Golang Slack](https://invite.slack.golangbridge.org/). Sign up and join the **#pion** channel for discussions and support. You can also use [Pion mailing list](https://groups.google.com/forum/#!forum/pion).
+
+We are always looking to support **your projects**. Please reach out if you have something to build!
+
+If you need commercial support or don't want to use public methods you can contact us at [team@pion.ly](mailto:team@pion.ly)
+
+### Contributing
+Check out the **[contributing wiki](https://github.com/pion/webrtc/wiki/Contributing)** to join the group of amazing people making this project possible:
+
+* [John Bradley](https://github.com/kc5nra) - *Original Author*
+* [Sean DuBois](https://github.com/Sean-Der) - *Original Author*
+* [Michiel De Backker](https://github.com/backkem) - *Public API, Initialization*
+* [Konstantin Itskov](https://github.com/trivigy) - *Fix documentation*
+* [chenkaiC4](https://github.com/chenkaiC4) - *Fix GolangCI Linter*
+* [Woodrow Douglass](https://github.com/wdouglass) *RTCP, RTP improvements, G.722 support, Bugfixes*
+* [Michael MacDonald](https://github.com/mjmac)
+* [Max Hawkins](https://github.com/maxhawkins)
+* [mchlrhw](https://github.com/mchlrhw)
+* [Hugo Arregui](https://github.com/hugoArregui)
+* [Guilherme Souza](https://github.com/gqgs)
+* [adwpc](https://github.com/adwpc) - *extmap add transport-cc*
+* [Atsushi Watanabe](https://github.com/at-wat)
+* [Luke S](https://github.com/encounter)
+* [Jerko Steiner](https://github.com/jeremija)
+* [Roman Romanenko](https://github.com/r-novel)
+* [Jason Brady](https://github.com/jbrady42)
+* [Kory Miller](https://github.com/jbrady42/korymiller1489)
+* [ZHENK](https://github.com/scorpionknifes)
+* [Tarrence van As](https://github.com/tarrencev)
+* [Maxim Oransky](https://github.com/sdfsdhgjkbmnmxc)
+* [Graham King](https://github.com/grahamking/)
+
+### License
+MIT License - see [LICENSE](LICENSE) for full text
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/base_lexer.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/base_lexer.go
new file mode 100644
index 000000000..45fe7994b
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/base_lexer.go
@@ -0,0 +1,231 @@
+package sdp
+
+import (
+	"errors"
+	"fmt"
+	"io"
+)
+
+var errDocumentStart = errors.New("already on document start")
+
+type syntaxError struct {
+	s string
+	i int
+}
+
+func (e syntaxError) Error() string {
+	if e.i < 0 {
+		e.i = 0
+	}
+	head, middle, tail := e.s[:e.i], e.s[e.i:e.i+1], e.s[e.i+1:]
+	return fmt.Sprintf("%s --> %s <-- %s", head, middle, tail)
+}
+
+type baseLexer struct {
+	value []byte
+	pos   int
+}
+
+func (l baseLexer) syntaxError() error {
+	return syntaxError{s: string(l.value), i: l.pos - 1}
+}
+
+func (l *baseLexer) unreadByte() error {
+	if l.pos <= 0 {
+		return errDocumentStart
+	}
+	l.pos--
+	return nil
+}
+
+func (l *baseLexer) readByte() (byte, error) {
+	if l.pos >= len(l.value) {
+		return byte(0), io.EOF
+	}
+	ch := l.value[l.pos]
+	l.pos++
+	return ch, nil
+}
+
+func (l *baseLexer) nextLine() error {
+	for {
+		ch, err := l.readByte()
+		if err == io.EOF {
+			return nil
+		} else if err != nil {
+			return err
+		}
+		if !isNewline(ch) {
+			return l.unreadByte()
+		}
+	}
+}
+
+func (l *baseLexer) readWhitespace() error {
+	for {
+		ch, err := l.readByte()
+		if err == io.EOF {
+			return nil
+		} else if err != nil {
+			return err
+		}
+		if !isWhitespace(ch) {
+			return l.unreadByte()
+		}
+	}
+}
+
+func (l *baseLexer) readUint64Field() (i uint64, err error) {
+	for {
+		ch, err := l.readByte()
+		if err == io.EOF && i > 0 {
+			break
+		} else if err != nil {
+			return i, err
+		}
+
+		if isNewline(ch) {
+			if err := l.unreadByte(); err != nil {
+				return i, err
+			}
+			break
+		}
+
+		if isWhitespace(ch) {
+			if err := l.readWhitespace(); err != nil {
+				return i, err
+			}
+			break
+		}
+
+		switch ch {
+		case '0':
+			i *= 10
+		case '1':
+			i = i*10 + 1
+		case '2':
+			i = i*10 + 2
+		case '3':
+			i = i*10 + 3
+		case '4':
+			i = i*10 + 4
+		case '5':
+			i = i*10 + 5
+		case '6':
+			i = i*10 + 6
+		case '7':
+			i = i*10 + 7
+		case '8':
+			i = i*10 + 8
+		case '9':
+			i = i*10 + 9
+		default:
+			return i, l.syntaxError()
+		}
+	}
+
+	return i, nil
+}
+
+// Returns next field on this line or empty string if no more fields on line
+func (l *baseLexer) readField() (string, error) {
+	start := l.pos
+	stop := start
+	for {
+		stop = l.pos
+		ch, err := l.readByte()
+		if err == io.EOF && stop > start {
+			break
+		} else if err != nil {
+			return "", err
+		}
+
+		if isNewline(ch) {
+			if err := l.unreadByte(); err != nil {
+				return "", err
+			}
+			break
+		}
+
+		if isWhitespace(ch) {
+			if err := l.readWhitespace(); err != nil {
+				return "", err
+			}
+			break
+		}
+	}
+	return string(l.value[start:stop]), nil
+}
+
+// Returns symbols until line end
+func (l *baseLexer) readLine() (string, error) {
+	start := l.pos
+	trim := 1
+	for {
+		ch, err := l.readByte()
+		if err != nil {
+			return "", err
+		}
+		if ch == '\r' {
+			trim++
+		}
+		if ch == '\n' {
+			return string(l.value[start : l.pos-trim]), nil
+		}
+	}
+}
+
+func (l *baseLexer) readString(until byte) (string, error) {
+	start := l.pos
+	for {
+		ch, err := l.readByte()
+		if err != nil {
+			return "", err
+		}
+		if ch == until {
+			return string(l.value[start:l.pos]), nil
+		}
+	}
+}
+
+func (l *baseLexer) readType() (string, error) {
+	for {
+		b, err := l.readByte()
+		if err != nil {
+			return "", err
+		}
+
+		if isNewline(b) {
+			continue
+		}
+
+		err = l.unreadByte()
+		if err != nil {
+			return "", err
+		}
+
+		key, err := l.readString('=')
+		if err != nil {
+			return key, err
+		}
+
+		if len(key) == 2 {
+			return key, nil
+		}
+
+		return key, l.syntaxError()
+	}
+}
+
+func isNewline(ch byte) bool { return ch == '\n' || ch == '\r' }
+
+func isWhitespace(ch byte) bool { return ch == ' ' || ch == '\t' }
+
+func anyOf(element string, data ...string) bool {
+	for _, v := range data {
+		if element == v {
+			return true
+		}
+	}
+	return false
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/codecov.yml b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/codecov.yml
new file mode 100644
index 000000000..085200a48
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/codecov.yml
@@ -0,0 +1,20 @@
+#
+# DO NOT EDIT THIS FILE
+#
+# It is automatically copied from https://github.com/pion/.goassets repository.
+#
+
+coverage:
+  status:
+    project:
+      default:
+        # Allow decreasing 2% of total coverage to avoid noise.
+        threshold: 2%
+    patch:
+      default:
+        target: 70%
+        only_pulls: true
+
+ignore:
+  - "examples/*"
+  - "examples/**/*"
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/common_description.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/common_description.go
new file mode 100644
index 000000000..1174be416
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/common_description.go
@@ -0,0 +1,110 @@
+package sdp
+
+import (
+	"strconv"
+	"strings"
+)
+
+// Information describes the "i=" field which provides textual information
+// about the session.
+type Information string
+
+func (i Information) String() string {
+	return string(i)
+}
+
+// ConnectionInformation defines the representation for the "c=" field
+// containing connection data.
+type ConnectionInformation struct {
+	NetworkType string
+	AddressType string
+	Address     *Address
+}
+
+func (c ConnectionInformation) String() string {
+	parts := []string{c.NetworkType, c.AddressType}
+	if c.Address != nil && c.Address.String() != "" {
+		parts = append(parts, c.Address.String())
+	}
+	return strings.Join(parts, " ")
+}
+
+// Address desribes a structured address token from within the "c=" field.
+type Address struct {
+	Address string
+	TTL     *int
+	Range   *int
+}
+
+func (c *Address) String() string {
+	var parts []string
+	parts = append(parts, c.Address)
+	if c.TTL != nil {
+		parts = append(parts, strconv.Itoa(*c.TTL))
+	}
+
+	if c.Range != nil {
+		parts = append(parts, strconv.Itoa(*c.Range))
+	}
+
+	return strings.Join(parts, "/")
+}
+
+// Bandwidth describes an optional field which denotes the proposed bandwidth
+// to be used by the session or media.
+type Bandwidth struct {
+	Experimental bool
+	Type         string
+	Bandwidth    uint64
+}
+
+func (b Bandwidth) String() string {
+	var output string
+	if b.Experimental {
+		output += "X-"
+	}
+	output += b.Type + ":" + strconv.FormatUint(b.Bandwidth, 10)
+	return output
+}
+
+// EncryptionKey describes the "k=" which conveys encryption key information.
+type EncryptionKey string
+
+func (s EncryptionKey) String() string {
+	return string(s)
+}
+
+// Attribute describes the "a=" field which represents the primary means for
+// extending SDP.
+type Attribute struct {
+	Key   string
+	Value string
+}
+
+// NewPropertyAttribute constructs a new attribute
+func NewPropertyAttribute(key string) Attribute {
+	return Attribute{
+		Key: key,
+	}
+}
+
+// NewAttribute constructs a new attribute
+func NewAttribute(key, value string) Attribute {
+	return Attribute{
+		Key:   key,
+		Value: value,
+	}
+}
+
+func (a Attribute) String() string {
+	output := a.Key
+	if len(a.Value) > 0 {
+		output += ":" + a.Value
+	}
+	return output
+}
+
+// IsICECandidate returns true if the attribute key equals "candidate".
+func (a Attribute) IsICECandidate() bool {
+	return a.Key == "candidate"
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/direction.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/direction.go
new file mode 100644
index 000000000..19ea92db7
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/direction.go
@@ -0,0 +1,59 @@
+package sdp
+
+import "errors"
+
+// Direction is a marker for transmission directon of an endpoint
+type Direction int
+
+const (
+	// DirectionSendRecv is for bidirectional communication
+	DirectionSendRecv Direction = iota + 1
+	// DirectionSendOnly is for outgoing communication
+	DirectionSendOnly
+	// DirectionRecvOnly is for incoming communication
+	DirectionRecvOnly
+	// DirectionInactive is for no communication
+	DirectionInactive
+)
+
+const (
+	directionSendRecvStr = "sendrecv"
+	directionSendOnlyStr = "sendonly"
+	directionRecvOnlyStr = "recvonly"
+	directionInactiveStr = "inactive"
+	directionUnknownStr  = ""
+)
+
+var errDirectionString = errors.New("invalid direction string")
+
+// NewDirection defines a procedure for creating a new direction from a raw
+// string.
+func NewDirection(raw string) (Direction, error) {
+	switch raw {
+	case directionSendRecvStr:
+		return DirectionSendRecv, nil
+	case directionSendOnlyStr:
+		return DirectionSendOnly, nil
+	case directionRecvOnlyStr:
+		return DirectionRecvOnly, nil
+	case directionInactiveStr:
+		return DirectionInactive, nil
+	default:
+		return Direction(unknown), errDirectionString
+	}
+}
+
+func (t Direction) String() string {
+	switch t {
+	case DirectionSendRecv:
+		return directionSendRecvStr
+	case DirectionSendOnly:
+		return directionSendOnlyStr
+	case DirectionRecvOnly:
+		return directionRecvOnlyStr
+	case DirectionInactive:
+		return directionInactiveStr
+	default:
+		return directionUnknownStr
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/extmap.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/extmap.go
new file mode 100644
index 000000000..1242a8cf0
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/extmap.go
@@ -0,0 +1,108 @@
+package sdp
+
+import (
+	"fmt"
+	"net/url"
+	"strconv"
+	"strings"
+)
+
+// Default ext values
+const (
+	DefExtMapValueABSSendTime     = 1
+	DefExtMapValueTransportCC     = 2
+	DefExtMapValueSDESMid         = 3
+	DefExtMapValueSDESRTPStreamID = 4
+
+	ABSSendTimeURI     = "http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time"
+	TransportCCURI     = "http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01"
+	SDESMidURI         = "urn:ietf:params:rtp-hdrext:sdes:mid"
+	SDESRTPStreamIDURI = "urn:ietf:params:rtp-hdrext:sdes:rtp-stream-id"
+	AudioLevelURI      = "urn:ietf:params:rtp-hdrext:ssrc-audio-level"
+)
+
+// ExtMap represents the activation of a single RTP header extension
+type ExtMap struct {
+	Value     int
+	Direction Direction
+	URI       *url.URL
+	ExtAttr   *string
+}
+
+// Clone converts this object to an Attribute
+func (e *ExtMap) Clone() Attribute {
+	return Attribute{Key: "extmap", Value: e.string()}
+}
+
+// Unmarshal creates an Extmap from a string
+func (e *ExtMap) Unmarshal(raw string) error {
+	parts := strings.SplitN(raw, ":", 2)
+	if len(parts) != 2 {
+		return fmt.Errorf("%w: %v", errSyntaxError, raw)
+	}
+
+	fields := strings.Fields(parts[1])
+	if len(fields) < 2 {
+		return fmt.Errorf("%w: %v", errSyntaxError, raw)
+	}
+
+	valdir := strings.Split(fields[0], "/")
+	value, err := strconv.ParseInt(valdir[0], 10, 64)
+	if (value < 1) || (value > 246) {
+		return fmt.Errorf("%w: %v -- extmap key must be in the range 1-256", errSyntaxError, valdir[0])
+	}
+	if err != nil {
+		return fmt.Errorf("%w: %v", errSyntaxError, valdir[0])
+	}
+
+	var direction Direction
+	if len(valdir) == 2 {
+		direction, err = NewDirection(valdir[1])
+		if err != nil {
+			return err
+		}
+	}
+
+	uri, err := url.Parse(fields[1])
+	if err != nil {
+		return err
+	}
+
+	if len(fields) == 3 {
+		tmp := fields[2]
+		e.ExtAttr = &tmp
+	}
+
+	e.Value = int(value)
+	e.Direction = direction
+	e.URI = uri
+	return nil
+}
+
+// Marshal creates a string from an ExtMap
+func (e *ExtMap) Marshal() string {
+	return e.Name() + ":" + e.string()
+}
+
+func (e *ExtMap) string() string {
+	output := fmt.Sprintf("%d", e.Value)
+	dirstring := e.Direction.String()
+	if dirstring != directionUnknownStr {
+		output += "/" + dirstring
+	}
+
+	if e.URI != nil {
+		output += " " + e.URI.String()
+	}
+
+	if e.ExtAttr != nil {
+		output += " " + *e.ExtAttr
+	}
+
+	return output
+}
+
+// Name returns the constant name of this object
+func (e *ExtMap) Name() string {
+	return "extmap"
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/fuzz.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/fuzz.go
new file mode 100644
index 000000000..f41ef78c6
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/fuzz.go
@@ -0,0 +1,31 @@
+// +build gofuzz
+
+package sdp
+
+// Fuzz implements a randomized fuzz test of the sdp
+// parser using go-fuzz.
+//
+// To run the fuzzer, first download go-fuzz:
+// `go get github.com/dvyukov/go-fuzz/...`
+//
+// Then build the testing package:
+// `go-fuzz-build`
+//
+// And run the fuzzer on the corpus:
+// `go-fuzz`
+func Fuzz(data []byte) int {
+	// Check that unmarshalling any byte slice does not panic.
+	var sd SessionDescription
+	if err := sd.Unmarshal(data); err != nil {
+		return 0
+	}
+	// Check that we can marshal anything we unmarshalled.
+	_, err := sd.Marshal()
+	if err != nil {
+		panic("failed to marshal") // nolint
+	}
+	// It'd be nice to check that if we round trip Marshal then Unmarshal,
+	// we get the original back. Right now, though, we frequently don't,
+	// and we'd need to fix that first.
+	return 1
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/go.mod b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/go.mod
new file mode 100644
index 000000000..da7ceaa54
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/go.mod
@@ -0,0 +1,8 @@
+module github.com/pion/sdp/v3
+
+go 1.13
+
+require (
+	github.com/pion/randutil v0.1.0
+	github.com/stretchr/testify v1.6.1
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/go.sum b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/go.sum
new file mode 100644
index 000000000..43316cb31
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/go.sum
@@ -0,0 +1,13 @@
+github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/pion/randutil v0.1.0 h1:CFG1UdESneORglEsnimhUjf33Rwjubwj6xfiOXBa3mA=
+github.com/pion/randutil v0.1.0/go.mod h1:XcJrSMMbbMRhASFVOlj/5hQial/Y8oH/HVo7TBZq+j8=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/jsep.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/jsep.go
new file mode 100644
index 000000000..efdef0301
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/jsep.go
@@ -0,0 +1,205 @@
+package sdp
+
+import (
+	"fmt"
+	"net/url"
+	"strconv"
+	"time"
+)
+
+// Constants for SDP attributes used in JSEP
+const (
+	AttrKeyCandidate       = "candidate"
+	AttrKeyEndOfCandidates = "end-of-candidates"
+	AttrKeyIdentity        = "identity"
+	AttrKeyGroup           = "group"
+	AttrKeySSRC            = "ssrc"
+	AttrKeySSRCGroup       = "ssrc-group"
+	AttrKeyMsid            = "msid"
+	AttrKeyMsidSemantic    = "msid-semantic"
+	AttrKeyConnectionSetup = "setup"
+	AttrKeyMID             = "mid"
+	AttrKeyICELite         = "ice-lite"
+	AttrKeyRTCPMux         = "rtcp-mux"
+	AttrKeyRTCPRsize       = "rtcp-rsize"
+	AttrKeyInactive        = "inactive"
+	AttrKeyRecvOnly        = "recvonly"
+	AttrKeySendOnly        = "sendonly"
+	AttrKeySendRecv        = "sendrecv"
+	AttrKeyExtMap          = "extmap"
+)
+
+// Constants for semantic tokens used in JSEP
+const (
+	SemanticTokenLipSynchronization     = "LS"
+	SemanticTokenFlowIdentification     = "FID"
+	SemanticTokenForwardErrorCorrection = "FEC"
+	SemanticTokenWebRTCMediaStreams     = "WMS"
+)
+
+// Constants for extmap key
+const (
+	ExtMapValueTransportCC = 3
+)
+
+func extMapURI() map[int]string {
+	return map[int]string{
+		ExtMapValueTransportCC: "http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01",
+	}
+}
+
+// API to match draft-ietf-rtcweb-jsep
+// Move to webrtc or its own package?
+
+// NewJSEPSessionDescription creates a new SessionDescription with
+// some settings that are required by the JSEP spec.
+//
+// Note: Since v2.4.0, session ID has been fixed to use crypto random according to
+//       JSEP spec, so that NewJSEPSessionDescription now returns error as a second
+//       return value.
+func NewJSEPSessionDescription(identity bool) (*SessionDescription, error) {
+	sid, err := newSessionID()
+	if err != nil {
+		return nil, err
+	}
+	d := &SessionDescription{
+		Version: 0,
+		Origin: Origin{
+			Username:       "-",
+			SessionID:      sid,
+			SessionVersion: uint64(time.Now().Unix()),
+			NetworkType:    "IN",
+			AddressType:    "IP4",
+			UnicastAddress: "0.0.0.0",
+		},
+		SessionName: "-",
+		TimeDescriptions: []TimeDescription{
+			{
+				Timing: Timing{
+					StartTime: 0,
+					StopTime:  0,
+				},
+				RepeatTimes: nil,
+			},
+		},
+		Attributes: []Attribute{
+			// 	"Attribute(ice-options:trickle)", // TODO: implement trickle ICE
+		},
+	}
+
+	if identity {
+		d.WithPropertyAttribute(AttrKeyIdentity)
+	}
+
+	return d, nil
+}
+
+// WithPropertyAttribute adds a property attribute 'a=key' to the session description
+func (s *SessionDescription) WithPropertyAttribute(key string) *SessionDescription {
+	s.Attributes = append(s.Attributes, NewPropertyAttribute(key))
+	return s
+}
+
+// WithValueAttribute adds a value attribute 'a=key:value' to the session description
+func (s *SessionDescription) WithValueAttribute(key, value string) *SessionDescription {
+	s.Attributes = append(s.Attributes, NewAttribute(key, value))
+	return s
+}
+
+// WithFingerprint adds a fingerprint to the session description
+func (s *SessionDescription) WithFingerprint(algorithm, value string) *SessionDescription {
+	return s.WithValueAttribute("fingerprint", algorithm+" "+value)
+}
+
+// WithMedia adds a media description to the session description
+func (s *SessionDescription) WithMedia(md *MediaDescription) *SessionDescription {
+	s.MediaDescriptions = append(s.MediaDescriptions, md)
+	return s
+}
+
+// NewJSEPMediaDescription creates a new MediaName with
+// some settings that are required by the JSEP spec.
+func NewJSEPMediaDescription(codecType string, codecPrefs []string) *MediaDescription {
+	return &MediaDescription{
+		MediaName: MediaName{
+			Media:  codecType,
+			Port:   RangedPort{Value: 9},
+			Protos: []string{"UDP", "TLS", "RTP", "SAVPF"},
+		},
+		ConnectionInformation: &ConnectionInformation{
+			NetworkType: "IN",
+			AddressType: "IP4",
+			Address: &Address{
+				Address: "0.0.0.0",
+			},
+		},
+	}
+}
+
+// WithPropertyAttribute adds a property attribute 'a=key' to the media description
+func (d *MediaDescription) WithPropertyAttribute(key string) *MediaDescription {
+	d.Attributes = append(d.Attributes, NewPropertyAttribute(key))
+	return d
+}
+
+// WithValueAttribute adds a value attribute 'a=key:value' to the media description
+func (d *MediaDescription) WithValueAttribute(key, value string) *MediaDescription {
+	d.Attributes = append(d.Attributes, NewAttribute(key, value))
+	return d
+}
+
+// WithFingerprint adds a fingerprint to the media description
+func (d *MediaDescription) WithFingerprint(algorithm, value string) *MediaDescription {
+	return d.WithValueAttribute("fingerprint", algorithm+" "+value)
+}
+
+// WithICECredentials adds ICE credentials to the media description
+func (d *MediaDescription) WithICECredentials(username, password string) *MediaDescription {
+	return d.
+		WithValueAttribute("ice-ufrag", username).
+		WithValueAttribute("ice-pwd", password)
+}
+
+// WithCodec adds codec information to the media description
+func (d *MediaDescription) WithCodec(payloadType uint8, name string, clockrate uint32, channels uint16, fmtp string) *MediaDescription {
+	d.MediaName.Formats = append(d.MediaName.Formats, strconv.Itoa(int(payloadType)))
+	rtpmap := fmt.Sprintf("%d %s/%d", payloadType, name, clockrate)
+	if channels > 0 {
+		rtpmap += fmt.Sprintf("/%d", channels)
+	}
+	d.WithValueAttribute("rtpmap", rtpmap)
+	if fmtp != "" {
+		d.WithValueAttribute("fmtp", fmt.Sprintf("%d %s", payloadType, fmtp))
+	}
+	return d
+}
+
+// WithMediaSource adds media source information to the media description
+func (d *MediaDescription) WithMediaSource(ssrc uint32, cname, streamLabel, label string) *MediaDescription {
+	return d.
+		WithValueAttribute("ssrc", fmt.Sprintf("%d cname:%s", ssrc, cname)). // Deprecated but not phased out?
+		WithValueAttribute("ssrc", fmt.Sprintf("%d msid:%s %s", ssrc, streamLabel, label)).
+		WithValueAttribute("ssrc", fmt.Sprintf("%d mslabel:%s", ssrc, streamLabel)). // Deprecated but not phased out?
+		WithValueAttribute("ssrc", fmt.Sprintf("%d label:%s", ssrc, label))          // Deprecated but not phased out?
+}
+
+// WithCandidate adds an ICE candidate to the media description
+// Deprecated: use WithICECandidate instead
+func (d *MediaDescription) WithCandidate(value string) *MediaDescription {
+	return d.WithValueAttribute("candidate", value)
+}
+
+// WithExtMap adds an extmap to the media description
+func (d *MediaDescription) WithExtMap(e ExtMap) *MediaDescription {
+	return d.WithPropertyAttribute(e.Marshal())
+}
+
+// WithTransportCCExtMap adds an extmap to the media description
+func (d *MediaDescription) WithTransportCCExtMap() *MediaDescription {
+	uri, _ := url.Parse(extMapURI()[ExtMapValueTransportCC])
+	e := ExtMap{
+		Value: ExtMapValueTransportCC,
+		URI:   uri,
+	}
+	return d.WithExtMap(e)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/marshal.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/marshal.go
new file mode 100644
index 000000000..f029c4e99
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/marshal.go
@@ -0,0 +1,136 @@
+package sdp
+
+import (
+	"strings"
+)
+
+// Marshal takes a SDP struct to text
+// https://tools.ietf.org/html/rfc4566#section-5
+// Session description
+//    v=  (protocol version)
+//    o=  (originator and session identifier)
+//    s=  (session name)
+//    i=* (session information)
+//    u=* (URI of description)
+//    e=* (email address)
+//    p=* (phone number)
+//    c=* (connection information -- not required if included in
+//         all media)
+//    b=* (zero or more bandwidth information lines)
+//    One or more time descriptions ("t=" and "r=" lines; see below)
+//    z=* (time zone adjustments)
+//    k=* (encryption key)
+//    a=* (zero or more session attribute lines)
+//    Zero or more media descriptions
+//
+// Time description
+//    t=  (time the session is active)
+//    r=* (zero or more repeat times)
+//
+// Media description, if present
+//    m=  (media name and transport address)
+//    i=* (media title)
+//    c=* (connection information -- optional if included at
+//         session level)
+//    b=* (zero or more bandwidth information lines)
+//    k=* (encryption key)
+//    a=* (zero or more media attribute lines)
+func (s *SessionDescription) Marshal() ([]byte, error) {
+	m := make(marshaller, 0, 1024)
+
+	m.addKeyValue("v=", s.Version.String())
+	m.addKeyValue("o=", s.Origin.String())
+	m.addKeyValue("s=", s.SessionName.String())
+
+	if s.SessionInformation != nil {
+		m.addKeyValue("i=", s.SessionInformation.String())
+	}
+
+	if s.URI != nil {
+		m.addKeyValue("u=", s.URI.String())
+	}
+
+	if s.EmailAddress != nil {
+		m.addKeyValue("e=", s.EmailAddress.String())
+	}
+
+	if s.PhoneNumber != nil {
+		m.addKeyValue("p=", s.PhoneNumber.String())
+	}
+
+	if s.ConnectionInformation != nil {
+		m.addKeyValue("c=", s.ConnectionInformation.String())
+	}
+
+	for _, b := range s.Bandwidth {
+		m.addKeyValue("b=", b.String())
+	}
+
+	for _, td := range s.TimeDescriptions {
+		m.addKeyValue("t=", td.Timing.String())
+		for _, r := range td.RepeatTimes {
+			m.addKeyValue("r=", r.String())
+		}
+	}
+
+	if len(s.TimeZones) > 0 {
+		var b strings.Builder
+		for i, z := range s.TimeZones {
+			if i > 0 {
+				b.WriteString(" ")
+			}
+			b.WriteString(z.String())
+		}
+		m.addKeyValue("z=", b.String())
+	}
+
+	if s.EncryptionKey != nil {
+		m.addKeyValue("k=", s.EncryptionKey.String())
+	}
+
+	for _, a := range s.Attributes {
+		m.addKeyValue("a=", a.String())
+	}
+
+	for _, md := range s.MediaDescriptions {
+		m.addKeyValue("m=", md.MediaName.String())
+
+		if md.MediaTitle != nil {
+			m.addKeyValue("i=", md.MediaTitle.String())
+		}
+
+		if md.ConnectionInformation != nil {
+			m.addKeyValue("c=", md.ConnectionInformation.String())
+		}
+
+		for _, b := range md.Bandwidth {
+			m.addKeyValue("b=", b.String())
+		}
+
+		if md.EncryptionKey != nil {
+			m.addKeyValue("k=", md.EncryptionKey.String())
+		}
+
+		for _, a := range md.Attributes {
+			m.addKeyValue("a=", a.String())
+		}
+	}
+
+	return m.bytes(), nil
+}
+
+// marshaller contains state during marshaling.
+type marshaller []byte
+
+func (m *marshaller) addKeyValue(key, value string) {
+	if value == "" {
+		return
+	}
+	*m = append(*m, key...)
+	*m = append(*m, value...)
+	*m = append(*m, "\r\n"...)
+}
+
+func (m *marshaller) bytes() []byte {
+	return *m
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/media_description.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/media_description.go
new file mode 100644
index 000000000..c08850704
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/media_description.go
@@ -0,0 +1,80 @@
+package sdp
+
+import (
+	"strconv"
+	"strings"
+)
+
+// MediaDescription represents a media type.
+// https://tools.ietf.org/html/rfc4566#section-5.14
+type MediaDescription struct {
+	// m=<media> <port>/<number of ports> <proto> <fmt> ...
+	// https://tools.ietf.org/html/rfc4566#section-5.14
+	MediaName MediaName
+
+	// i=<session description>
+	// https://tools.ietf.org/html/rfc4566#section-5.4
+	MediaTitle *Information
+
+	// c=<nettype> <addrtype> <connection-address>
+	// https://tools.ietf.org/html/rfc4566#section-5.7
+	ConnectionInformation *ConnectionInformation
+
+	// b=<bwtype>:<bandwidth>
+	// https://tools.ietf.org/html/rfc4566#section-5.8
+	Bandwidth []Bandwidth
+
+	// k=<method>
+	// k=<method>:<encryption key>
+	// https://tools.ietf.org/html/rfc4566#section-5.12
+	EncryptionKey *EncryptionKey
+
+	// a=<attribute>
+	// a=<attribute>:<value>
+	// https://tools.ietf.org/html/rfc4566#section-5.13
+	Attributes []Attribute
+}
+
+// Attribute returns the value of an attribute and if it exists
+func (d *MediaDescription) Attribute(key string) (string, bool) {
+	for _, a := range d.Attributes {
+		if a.Key == key {
+			return a.Value, true
+		}
+	}
+	return "", false
+}
+
+// RangedPort supports special format for the media field "m=" port value. If
+// it may be necessary to specify multiple transport ports, the protocol allows
+// to write it as: <port>/<number of ports> where number of ports is a an
+// offsetting range.
+type RangedPort struct {
+	Value int
+	Range *int
+}
+
+func (p *RangedPort) String() string {
+	output := strconv.Itoa(p.Value)
+	if p.Range != nil {
+		output += "/" + strconv.Itoa(*p.Range)
+	}
+	return output
+}
+
+// MediaName describes the "m=" field storage structure.
+type MediaName struct {
+	Media   string
+	Port    RangedPort
+	Protos  []string
+	Formats []string
+}
+
+func (m MediaName) String() string {
+	return strings.Join([]string{
+		m.Media,
+		m.Port.String(),
+		strings.Join(m.Protos, "/"),
+		strings.Join(m.Formats, " "),
+	}, " ")
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/renovate.json b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/renovate.json
new file mode 100644
index 000000000..4400fd9b2
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/renovate.json
@@ -0,0 +1,15 @@
+{
+  "extends": [
+    "config:base"
+  ],
+  "postUpdateOptions": [
+    "gomodTidy"
+  ],
+  "commitBody": "Generated by renovateBot",
+  "packageRules": [
+    {
+      "packagePatterns": ["^golang.org/x/"],
+      "schedule": ["on the first day of the month"]
+    }
+  ]
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/sdp.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/sdp.go
new file mode 100644
index 000000000..c92ac1a7f
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/sdp.go
@@ -0,0 +1,2 @@
+// Package sdp implements Session Description Protocol (SDP)
+package sdp
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/session_description.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/session_description.go
new file mode 100644
index 000000000..c4aaf5f95
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/session_description.go
@@ -0,0 +1,146 @@
+package sdp
+
+import (
+	"fmt"
+	"net/url"
+	"strconv"
+)
+
+// SessionDescription is a a well-defined format for conveying sufficient
+// information to discover and participate in a multimedia session.
+type SessionDescription struct {
+	// v=0
+	// https://tools.ietf.org/html/rfc4566#section-5.1
+	Version Version
+
+	// o=<username> <sess-id> <sess-version> <nettype> <addrtype> <unicast-address>
+	// https://tools.ietf.org/html/rfc4566#section-5.2
+	Origin Origin
+
+	// s=<session name>
+	// https://tools.ietf.org/html/rfc4566#section-5.3
+	SessionName SessionName
+
+	// i=<session description>
+	// https://tools.ietf.org/html/rfc4566#section-5.4
+	SessionInformation *Information
+
+	// u=<uri>
+	// https://tools.ietf.org/html/rfc4566#section-5.5
+	URI *url.URL
+
+	// e=<email-address>
+	// https://tools.ietf.org/html/rfc4566#section-5.6
+	EmailAddress *EmailAddress
+
+	// p=<phone-number>
+	// https://tools.ietf.org/html/rfc4566#section-5.6
+	PhoneNumber *PhoneNumber
+
+	// c=<nettype> <addrtype> <connection-address>
+	// https://tools.ietf.org/html/rfc4566#section-5.7
+	ConnectionInformation *ConnectionInformation
+
+	// b=<bwtype>:<bandwidth>
+	// https://tools.ietf.org/html/rfc4566#section-5.8
+	Bandwidth []Bandwidth
+
+	// https://tools.ietf.org/html/rfc4566#section-5.9
+	// https://tools.ietf.org/html/rfc4566#section-5.10
+	TimeDescriptions []TimeDescription
+
+	// z=<adjustment time> <offset> <adjustment time> <offset> ...
+	// https://tools.ietf.org/html/rfc4566#section-5.11
+	TimeZones []TimeZone
+
+	// k=<method>
+	// k=<method>:<encryption key>
+	// https://tools.ietf.org/html/rfc4566#section-5.12
+	EncryptionKey *EncryptionKey
+
+	// a=<attribute>
+	// a=<attribute>:<value>
+	// https://tools.ietf.org/html/rfc4566#section-5.13
+	Attributes []Attribute
+
+	// https://tools.ietf.org/html/rfc4566#section-5.14
+	MediaDescriptions []*MediaDescription
+}
+
+// Attribute returns the value of an attribute and if it exists
+func (s *SessionDescription) Attribute(key string) (string, bool) {
+	for _, a := range s.Attributes {
+		if a.Key == key {
+			return a.Value, true
+		}
+	}
+	return "", false
+}
+
+// Version describes the value provided by the "v=" field which gives
+// the version of the Session Description Protocol.
+type Version int
+
+func (v Version) String() string {
+	return strconv.Itoa(int(v))
+}
+
+// Origin defines the structure for the "o=" field which provides the
+// originator of the session plus a session identifier and version number.
+type Origin struct {
+	Username       string
+	SessionID      uint64
+	SessionVersion uint64
+	NetworkType    string
+	AddressType    string
+	UnicastAddress string
+}
+
+func (o Origin) String() string {
+	return fmt.Sprintf(
+		"%v %d %d %v %v %v",
+		o.Username,
+		o.SessionID,
+		o.SessionVersion,
+		o.NetworkType,
+		o.AddressType,
+		o.UnicastAddress,
+	)
+}
+
+// SessionName describes a structured representations for the "s=" field
+// and is the textual session name.
+type SessionName string
+
+func (s SessionName) String() string {
+	return string(s)
+}
+
+// EmailAddress describes a structured representations for the "e=" line
+// which specifies email contact information for the person responsible for
+// the conference.
+type EmailAddress string
+
+func (e EmailAddress) String() string {
+	return string(e)
+}
+
+// PhoneNumber describes a structured representations for the "p=" line
+// specify phone contact information for the person responsible for the
+// conference.
+type PhoneNumber string
+
+func (p PhoneNumber) String() string {
+	return string(p)
+}
+
+// TimeZone defines the structured object for "z=" line which describes
+// repeated sessions scheduling.
+type TimeZone struct {
+	AdjustmentTime uint64
+	Offset         int64
+}
+
+func (z TimeZone) String() string {
+	return strconv.FormatUint(z.AdjustmentTime, 10) + " " + strconv.FormatInt(z.Offset, 10)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/time_description.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/time_description.go
new file mode 100644
index 000000000..8b24e130d
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/time_description.go
@@ -0,0 +1,51 @@
+package sdp
+
+import (
+	"strconv"
+	"strings"
+)
+
+// TimeDescription describes "t=", "r=" fields of the session description
+// which are used to specify the start and stop times for a session as well as
+// repeat intervals and durations for the scheduled session.
+type TimeDescription struct {
+	// t=<start-time> <stop-time>
+	// https://tools.ietf.org/html/rfc4566#section-5.9
+	Timing Timing
+
+	// r=<repeat interval> <active duration> <offsets from start-time>
+	// https://tools.ietf.org/html/rfc4566#section-5.10
+	RepeatTimes []RepeatTime
+}
+
+// Timing defines the "t=" field's structured representation for the start and
+// stop times.
+type Timing struct {
+	StartTime uint64
+	StopTime  uint64
+}
+
+func (t Timing) String() string {
+	output := strconv.FormatUint(t.StartTime, 10)
+	output += " " + strconv.FormatUint(t.StopTime, 10)
+	return output
+}
+
+// RepeatTime describes the "r=" fields of the session description which
+// represents the intervals and durations for repeated scheduled sessions.
+type RepeatTime struct {
+	Interval int64
+	Duration int64
+	Offsets  []int64
+}
+
+func (r RepeatTime) String() string {
+	fields := make([]string, 0)
+	fields = append(fields, strconv.FormatInt(r.Interval, 10))
+	fields = append(fields, strconv.FormatInt(r.Duration, 10))
+	for _, value := range r.Offsets {
+		fields = append(fields, strconv.FormatInt(value, 10))
+	}
+
+	return strings.Join(fields, " ")
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/unmarshal.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/unmarshal.go
new file mode 100644
index 000000000..92e0dcf48
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/unmarshal.go
@@ -0,0 +1,907 @@
+package sdp
+
+import (
+	"errors"
+	"fmt"
+	"net/url"
+	"strconv"
+	"strings"
+)
+
+var (
+	errSDPInvalidSyntax       = errors.New("sdp: invalid syntax")
+	errSDPInvalidNumericValue = errors.New("sdp: invalid numeric value")
+	errSDPInvalidValue        = errors.New("sdp: invalid value")
+	errSDPInvalidPortValue    = errors.New("sdp: invalid port value")
+)
+
+// Unmarshal is the primary function that deserializes the session description
+// message and stores it inside of a structured SessionDescription object.
+//
+// The States Transition Table describes the computation flow between functions
+// (namely s1, s2, s3, ...) for a parsing procedure that complies with the
+// specifications laid out by the rfc4566#section-5 as well as by JavaScript
+// Session Establishment Protocol draft. Links:
+// 		https://tools.ietf.org/html/rfc4566#section-5
+// 		https://tools.ietf.org/html/draft-ietf-rtcweb-jsep-24
+//
+// https://tools.ietf.org/html/rfc4566#section-5
+// Session description
+//    v=  (protocol version)
+//    o=  (originator and session identifier)
+//    s=  (session name)
+//    i=* (session information)
+//    u=* (URI of description)
+//    e=* (email address)
+//    p=* (phone number)
+//    c=* (connection information -- not required if included in
+//         all media)
+//    b=* (zero or more bandwidth information lines)
+//    One or more time descriptions ("t=" and "r=" lines; see below)
+//    z=* (time zone adjustments)
+//    k=* (encryption key)
+//    a=* (zero or more session attribute lines)
+//    Zero or more media descriptions
+//
+// Time description
+//    t=  (time the session is active)
+//    r=* (zero or more repeat times)
+//
+// Media description, if present
+//    m=  (media name and transport address)
+//    i=* (media title)
+//    c=* (connection information -- optional if included at
+//         session level)
+//    b=* (zero or more bandwidth information lines)
+//    k=* (encryption key)
+//    a=* (zero or more media attribute lines)
+//
+// In order to generate the following state table and draw subsequent
+// deterministic finite-state automota ("DFA") the following regex was used to
+// derive the DFA:
+//    vosi?u?e?p?c?b*(tr*)+z?k?a*(mi?c?b*k?a*)*
+// possible place and state to exit:
+//                    **   * * *  ** * * * *
+//                    99   1 1 1  11 1 1 1 1
+//                         3 1 1  26 5 5 4 4
+//
+// Please pay close attention to the `k`, and `a` parsing states. In the table
+// below in order to distinguish between the states belonging to the media
+// description as opposed to the session description, the states are marked
+// with an asterisk ("a*", "k*").
+// +--------+----+-------+----+-----+----+-----+---+----+----+---+---+-----+---+---+----+---+----+
+// | STATES | a* | a*,k* | a  | a,k | b  | b,c | e | i  | m  | o | p | r,t | s | t | u  | v | z  |
+// +--------+----+-------+----+-----+----+-----+---+----+----+---+---+-----+---+---+----+---+----+
+// |   s1   |    |       |    |     |    |     |   |    |    |   |   |     |   |   |    | 2 |    |
+// |   s2   |    |       |    |     |    |     |   |    |    | 3 |   |     |   |   |    |   |    |
+// |   s3   |    |       |    |     |    |     |   |    |    |   |   |     | 4 |   |    |   |    |
+// |   s4   |    |       |    |     |    |   5 | 6 |  7 |    |   | 8 |     |   | 9 | 10 |   |    |
+// |   s5   |    |       |    |     |  5 |     |   |    |    |   |   |     |   | 9 |    |   |    |
+// |   s6   |    |       |    |     |    |   5 |   |    |    |   | 8 |     |   | 9 |    |   |    |
+// |   s7   |    |       |    |     |    |   5 | 6 |    |    |   | 8 |     |   | 9 | 10 |   |    |
+// |   s8   |    |       |    |     |    |   5 |   |    |    |   |   |     |   | 9 |    |   |    |
+// |   s9   |    |       |    |  11 |    |     |   |    | 12 |   |   |   9 |   |   |    |   | 13 |
+// |   s10  |    |       |    |     |    |   5 | 6 |    |    |   | 8 |     |   | 9 |    |   |    |
+// |   s11  |    |       | 11 |     |    |     |   |    | 12 |   |   |     |   |   |    |   |    |
+// |   s12  |    |    14 |    |     |    |  15 |   | 16 | 12 |   |   |     |   |   |    |   |    |
+// |   s13  |    |       |    |  11 |    |     |   |    | 12 |   |   |     |   |   |    |   |    |
+// |   s14  | 14 |       |    |     |    |     |   |    | 12 |   |   |     |   |   |    |   |    |
+// |   s15  |    |    14 |    |     | 15 |     |   |    | 12 |   |   |     |   |   |    |   |    |
+// |   s16  |    |    14 |    |     |    |  15 |   |    | 12 |   |   |     |   |   |    |   |    |
+// +--------+----+-------+----+-----+----+-----+---+----+----+---+---+-----+---+---+----+---+----+
+func (s *SessionDescription) Unmarshal(value []byte) error {
+	l := new(lexer)
+	l.desc = s
+	l.value = value
+	for state := s1; state != nil; {
+		var err error
+		state, err = state(l)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func s1(l *lexer) (stateFn, error) {
+	return l.handleType(func(key string) stateFn {
+		if key == "v=" {
+			return unmarshalProtocolVersion
+		}
+		return nil
+	})
+}
+
+func s2(l *lexer) (stateFn, error) {
+	return l.handleType(func(key string) stateFn {
+		if key == "o=" {
+			return unmarshalOrigin
+		}
+		return nil
+	})
+}
+
+func s3(l *lexer) (stateFn, error) {
+	return l.handleType(func(key string) stateFn {
+		if key == "s=" {
+			return unmarshalSessionName
+		}
+		return nil
+	})
+}
+
+func s4(l *lexer) (stateFn, error) {
+	return l.handleType(func(key string) stateFn {
+		switch key {
+		case "i=":
+			return unmarshalSessionInformation
+		case "u=":
+			return unmarshalURI
+		case "e=":
+			return unmarshalEmail
+		case "p=":
+			return unmarshalPhone
+		case "c=":
+			return unmarshalSessionConnectionInformation
+		case "b=":
+			return unmarshalSessionBandwidth
+		case "t=":
+			return unmarshalTiming
+		}
+		return nil
+	})
+}
+
+func s5(l *lexer) (stateFn, error) {
+	return l.handleType(func(key string) stateFn {
+		switch key {
+		case "b=":
+			return unmarshalSessionBandwidth
+		case "t=":
+			return unmarshalTiming
+		}
+		return nil
+	})
+}
+
+func s6(l *lexer) (stateFn, error) {
+	return l.handleType(func(key string) stateFn {
+		switch key {
+		case "p=":
+			return unmarshalPhone
+		case "c=":
+			return unmarshalSessionConnectionInformation
+		case "b=":
+			return unmarshalSessionBandwidth
+		case "t=":
+			return unmarshalTiming
+		}
+		return nil
+	})
+}
+
+func s7(l *lexer) (stateFn, error) {
+	return l.handleType(func(key string) stateFn {
+		switch key {
+		case "u=":
+			return unmarshalURI
+		case "e=":
+			return unmarshalEmail
+		case "p=":
+			return unmarshalPhone
+		case "c=":
+			return unmarshalSessionConnectionInformation
+		case "b=":
+			return unmarshalSessionBandwidth
+		case "t=":
+			return unmarshalTiming
+		}
+		return nil
+	})
+}
+
+func s8(l *lexer) (stateFn, error) {
+	return l.handleType(func(key string) stateFn {
+		switch key {
+		case "c=":
+			return unmarshalSessionConnectionInformation
+		case "b=":
+			return unmarshalSessionBandwidth
+		case "t=":
+			return unmarshalTiming
+		}
+		return nil
+	})
+}
+
+func s9(l *lexer) (stateFn, error) {
+	return l.handleType(func(key string) stateFn {
+		switch key {
+		case "z=":
+			return unmarshalTimeZones
+		case "k=":
+			return unmarshalSessionEncryptionKey
+		case "a=":
+			return unmarshalSessionAttribute
+		case "r=":
+			return unmarshalRepeatTimes
+		case "t=":
+			return unmarshalTiming
+		case "m=":
+			return unmarshalMediaDescription
+		}
+		return nil
+	})
+}
+
+func s10(l *lexer) (stateFn, error) {
+	return l.handleType(func(key string) stateFn {
+		switch key {
+		case "e=":
+			return unmarshalEmail
+		case "p=":
+			return unmarshalPhone
+		case "c=":
+			return unmarshalSessionConnectionInformation
+		case "b=":
+			return unmarshalSessionBandwidth
+		case "t=":
+			return unmarshalTiming
+		}
+		return nil
+	})
+}
+
+func s11(l *lexer) (stateFn, error) {
+	return l.handleType(func(key string) stateFn {
+		switch key {
+		case "a=":
+			return unmarshalSessionAttribute
+		case "m=":
+			return unmarshalMediaDescription
+		}
+		return nil
+	})
+}
+
+func s12(l *lexer) (stateFn, error) {
+	return l.handleType(func(key string) stateFn {
+		switch key {
+		case "a=":
+			return unmarshalMediaAttribute
+		case "k=":
+			return unmarshalMediaEncryptionKey
+		case "b=":
+			return unmarshalMediaBandwidth
+		case "c=":
+			return unmarshalMediaConnectionInformation
+		case "i=":
+			return unmarshalMediaTitle
+		case "m=":
+			return unmarshalMediaDescription
+		}
+		return nil
+	})
+}
+
+func s13(l *lexer) (stateFn, error) {
+	return l.handleType(func(key string) stateFn {
+		switch key {
+		case "a=":
+			return unmarshalSessionAttribute
+		case "k=":
+			return unmarshalSessionEncryptionKey
+		case "m=":
+			return unmarshalMediaDescription
+		}
+		return nil
+	})
+}
+
+func s14(l *lexer) (stateFn, error) {
+	return l.handleType(func(key string) stateFn {
+		switch key {
+		case "a=":
+			return unmarshalMediaAttribute
+		case "k=":
+			// Non-spec ordering
+			return unmarshalMediaEncryptionKey
+		case "b=":
+			// Non-spec ordering
+			return unmarshalMediaBandwidth
+		case "c=":
+			// Non-spec ordering
+			return unmarshalMediaConnectionInformation
+		case "i=":
+			// Non-spec ordering
+			return unmarshalMediaTitle
+		case "m=":
+			return unmarshalMediaDescription
+		}
+		return nil
+	})
+}
+
+func s15(l *lexer) (stateFn, error) {
+	return l.handleType(func(key string) stateFn {
+		switch key {
+		case "a=":
+			return unmarshalMediaAttribute
+		case "k=":
+			return unmarshalMediaEncryptionKey
+		case "b=":
+			return unmarshalMediaBandwidth
+		case "c=":
+			return unmarshalMediaConnectionInformation
+		case "i=":
+			// Non-spec ordering
+			return unmarshalMediaTitle
+		case "m=":
+			return unmarshalMediaDescription
+		}
+		return nil
+	})
+}
+
+func s16(l *lexer) (stateFn, error) {
+	return l.handleType(func(key string) stateFn {
+		switch key {
+		case "a=":
+			return unmarshalMediaAttribute
+		case "k=":
+			return unmarshalMediaEncryptionKey
+		case "c=":
+			return unmarshalMediaConnectionInformation
+		case "b=":
+			return unmarshalMediaBandwidth
+		case "i=":
+			// Non-spec ordering
+			return unmarshalMediaTitle
+		case "m=":
+			return unmarshalMediaDescription
+		}
+		return nil
+	})
+}
+
+func unmarshalProtocolVersion(l *lexer) (stateFn, error) {
+	version, err := l.readUint64Field()
+	if err != nil {
+		return nil, err
+	}
+
+	// As off the latest draft of the rfc this value is required to be 0.
+	// https://tools.ietf.org/html/draft-ietf-rtcweb-jsep-24#section-5.8.1
+	if version != 0 {
+		return nil, fmt.Errorf("%w `%v`", errSDPInvalidValue, version)
+	}
+
+	if err := l.nextLine(); err != nil {
+		return nil, err
+	}
+
+	return s2, nil
+}
+
+func unmarshalOrigin(l *lexer) (stateFn, error) {
+	var err error
+
+	l.desc.Origin.Username, err = l.readField()
+	if err != nil {
+		return nil, err
+	}
+
+	l.desc.Origin.SessionID, err = l.readUint64Field()
+	if err != nil {
+		return nil, err
+	}
+
+	l.desc.Origin.SessionVersion, err = l.readUint64Field()
+	if err != nil {
+		return nil, err
+	}
+
+	l.desc.Origin.NetworkType, err = l.readField()
+	if err != nil {
+		return nil, err
+	}
+
+	// Set according to currently registered with IANA
+	// https://tools.ietf.org/html/rfc4566#section-8.2.6
+	if !anyOf(l.desc.Origin.NetworkType, "IN") {
+		return nil, fmt.Errorf("%w `%v`", errSDPInvalidValue, l.desc.Origin.NetworkType)
+	}
+
+	l.desc.Origin.AddressType, err = l.readField()
+	if err != nil {
+		return nil, err
+	}
+
+	// Set according to currently registered with IANA
+	// https://tools.ietf.org/html/rfc4566#section-8.2.7
+	if !anyOf(l.desc.Origin.AddressType, "IP4", "IP6") {
+		return nil, fmt.Errorf("%w `%v`", errSDPInvalidValue, l.desc.Origin.AddressType)
+	}
+
+	l.desc.Origin.UnicastAddress, err = l.readField()
+	if err != nil {
+		return nil, err
+	}
+
+	if err := l.nextLine(); err != nil {
+		return nil, err
+	}
+
+	return s3, nil
+}
+
+func unmarshalSessionName(l *lexer) (stateFn, error) {
+	value, err := l.readLine()
+	if err != nil {
+		return nil, err
+	}
+
+	l.desc.SessionName = SessionName(value)
+	return s4, nil
+}
+
+func unmarshalSessionInformation(l *lexer) (stateFn, error) {
+	value, err := l.readLine()
+	if err != nil {
+		return nil, err
+	}
+
+	sessionInformation := Information(value)
+	l.desc.SessionInformation = &sessionInformation
+	return s7, nil
+}
+
+func unmarshalURI(l *lexer) (stateFn, error) {
+	value, err := l.readLine()
+	if err != nil {
+		return nil, err
+	}
+
+	l.desc.URI, err = url.Parse(value)
+	if err != nil {
+		return nil, err
+	}
+
+	return s10, nil
+}
+
+func unmarshalEmail(l *lexer) (stateFn, error) {
+	value, err := l.readLine()
+	if err != nil {
+		return nil, err
+	}
+
+	emailAddress := EmailAddress(value)
+	l.desc.EmailAddress = &emailAddress
+	return s6, nil
+}
+
+func unmarshalPhone(l *lexer) (stateFn, error) {
+	value, err := l.readLine()
+	if err != nil {
+		return nil, err
+	}
+
+	phoneNumber := PhoneNumber(value)
+	l.desc.PhoneNumber = &phoneNumber
+	return s8, nil
+}
+
+func unmarshalSessionConnectionInformation(l *lexer) (stateFn, error) {
+	var err error
+	l.desc.ConnectionInformation, err = l.unmarshalConnectionInformation()
+	if err != nil {
+		return nil, err
+	}
+	return s5, nil
+}
+
+func (l *lexer) unmarshalConnectionInformation() (*ConnectionInformation, error) {
+	var err error
+	var c ConnectionInformation
+
+	c.NetworkType, err = l.readField()
+	if err != nil {
+		return nil, err
+	}
+
+	// Set according to currently registered with IANA
+	// https://tools.ietf.org/html/rfc4566#section-8.2.6
+	if !anyOf(c.NetworkType, "IN") {
+		return nil, fmt.Errorf("%w `%v`", errSDPInvalidValue, c.NetworkType)
+	}
+
+	c.AddressType, err = l.readField()
+	if err != nil {
+		return nil, err
+	}
+
+	// Set according to currently registered with IANA
+	// https://tools.ietf.org/html/rfc4566#section-8.2.7
+	if !anyOf(c.AddressType, "IP4", "IP6") {
+		return nil, fmt.Errorf("%w `%v`", errSDPInvalidValue, c.AddressType)
+	}
+
+	address, err := l.readField()
+	if err != nil {
+		return nil, err
+	}
+
+	if address != "" {
+		c.Address = new(Address)
+		c.Address.Address = address
+	}
+
+	if err := l.nextLine(); err != nil {
+		return nil, err
+	}
+
+	return &c, nil
+}
+
+func unmarshalSessionBandwidth(l *lexer) (stateFn, error) {
+	value, err := l.readLine()
+	if err != nil {
+		return nil, err
+	}
+
+	bandwidth, err := unmarshalBandwidth(value)
+	if err != nil {
+		return nil, fmt.Errorf("%w `b=%v`", errSDPInvalidValue, value)
+	}
+	l.desc.Bandwidth = append(l.desc.Bandwidth, *bandwidth)
+
+	return s5, nil
+}
+
+func unmarshalBandwidth(value string) (*Bandwidth, error) {
+	parts := strings.Split(value, ":")
+	if len(parts) != 2 {
+		return nil, fmt.Errorf("%w `b=%v`", errSDPInvalidValue, parts)
+	}
+
+	experimental := strings.HasPrefix(parts[0], "X-")
+	if experimental {
+		parts[0] = strings.TrimPrefix(parts[0], "X-")
+	} else if !anyOf(parts[0], "CT", "AS") {
+		// Set according to currently registered with IANA
+		// https://tools.ietf.org/html/rfc4566#section-5.8
+		return nil, fmt.Errorf("%w `%v`", errSDPInvalidValue, parts[0])
+	}
+
+	bandwidth, err := strconv.ParseUint(parts[1], 10, 64)
+	if err != nil {
+		return nil, fmt.Errorf("%w `%v`", errSDPInvalidNumericValue, parts[1])
+	}
+
+	return &Bandwidth{
+		Experimental: experimental,
+		Type:         parts[0],
+		Bandwidth:    bandwidth,
+	}, nil
+}
+
+func unmarshalTiming(l *lexer) (stateFn, error) {
+	var err error
+	var td TimeDescription
+
+	td.Timing.StartTime, err = l.readUint64Field()
+	if err != nil {
+		return nil, err
+	}
+
+	td.Timing.StopTime, err = l.readUint64Field()
+	if err != nil {
+		return nil, err
+	}
+
+	if err := l.nextLine(); err != nil {
+		return nil, err
+	}
+
+	l.desc.TimeDescriptions = append(l.desc.TimeDescriptions, td)
+	return s9, nil
+}
+
+func unmarshalRepeatTimes(l *lexer) (stateFn, error) {
+	var err error
+	var newRepeatTime RepeatTime
+
+	latestTimeDesc := &l.desc.TimeDescriptions[len(l.desc.TimeDescriptions)-1]
+
+	field, err := l.readField()
+	if err != nil {
+		return nil, err
+	}
+
+	newRepeatTime.Interval, err = parseTimeUnits(field)
+	if err != nil {
+		return nil, fmt.Errorf("%w `%v`", errSDPInvalidValue, field)
+	}
+
+	field, err = l.readField()
+	if err != nil {
+		return nil, err
+	}
+
+	newRepeatTime.Duration, err = parseTimeUnits(field)
+	if err != nil {
+		return nil, fmt.Errorf("%w `%v`", errSDPInvalidValue, field)
+	}
+
+	for {
+		field, err := l.readField()
+		if err != nil {
+			return nil, err
+		}
+		if field == "" {
+			break
+		}
+		offset, err := parseTimeUnits(field)
+		if err != nil {
+			return nil, fmt.Errorf("%w `%v`", errSDPInvalidValue, field)
+		}
+		newRepeatTime.Offsets = append(newRepeatTime.Offsets, offset)
+	}
+
+	if err := l.nextLine(); err != nil {
+		return nil, err
+	}
+
+	latestTimeDesc.RepeatTimes = append(latestTimeDesc.RepeatTimes, newRepeatTime)
+	return s9, nil
+}
+
+func unmarshalTimeZones(l *lexer) (stateFn, error) {
+	// These fields are transimitted in pairs
+	// z=<adjustment time> <offset> <adjustment time> <offset> ....
+	// so we are making sure that there are actually multiple of 2 total.
+	for {
+		var err error
+		var timeZone TimeZone
+
+		timeZone.AdjustmentTime, err = l.readUint64Field()
+		if err != nil {
+			return nil, err
+		}
+
+		offset, err := l.readField()
+		if err != nil {
+			return nil, err
+		}
+
+		if offset == "" {
+			break
+		}
+
+		timeZone.Offset, err = parseTimeUnits(offset)
+		if err != nil {
+			return nil, err
+		}
+
+		l.desc.TimeZones = append(l.desc.TimeZones, timeZone)
+	}
+
+	if err := l.nextLine(); err != nil {
+		return nil, err
+	}
+
+	return s13, nil
+}
+
+func unmarshalSessionEncryptionKey(l *lexer) (stateFn, error) {
+	value, err := l.readLine()
+	if err != nil {
+		return nil, err
+	}
+
+	encryptionKey := EncryptionKey(value)
+	l.desc.EncryptionKey = &encryptionKey
+	return s11, nil
+}
+
+func unmarshalSessionAttribute(l *lexer) (stateFn, error) {
+	value, err := l.readLine()
+	if err != nil {
+		return nil, err
+	}
+
+	i := strings.IndexRune(value, ':')
+	var a Attribute
+	if i > 0 {
+		a = NewAttribute(value[:i], value[i+1:])
+	} else {
+		a = NewPropertyAttribute(value)
+	}
+
+	l.desc.Attributes = append(l.desc.Attributes, a)
+	return s11, nil
+}
+
+func unmarshalMediaDescription(l *lexer) (stateFn, error) {
+	var newMediaDesc MediaDescription
+
+	// <media>
+	field, err := l.readField()
+	if err != nil {
+		return nil, err
+	}
+
+	// Set according to currently registered with IANA
+	// https://tools.ietf.org/html/rfc4566#section-5.14
+	if !anyOf(field, "audio", "video", "text", "application", "message") {
+		return nil, fmt.Errorf("%w `%v`", errSDPInvalidValue, field)
+	}
+	newMediaDesc.MediaName.Media = field
+
+	// <port>
+	field, err = l.readField()
+	if err != nil {
+		return nil, err
+	}
+	parts := strings.Split(field, "/")
+	newMediaDesc.MediaName.Port.Value, err = parsePort(parts[0])
+	if err != nil {
+		return nil, fmt.Errorf("%w `%v`", errSDPInvalidPortValue, parts[0])
+	}
+
+	if len(parts) > 1 {
+		var portRange int
+		portRange, err = strconv.Atoi(parts[1])
+		if err != nil {
+			return nil, fmt.Errorf("%w `%v`", errSDPInvalidValue, parts)
+		}
+		newMediaDesc.MediaName.Port.Range = &portRange
+	}
+
+	// <proto>
+	field, err = l.readField()
+	if err != nil {
+		return nil, err
+	}
+
+	// Set according to currently registered with IANA
+	// https://tools.ietf.org/html/rfc4566#section-5.14
+	for _, proto := range strings.Split(field, "/") {
+		if !anyOf(proto, "UDP", "RTP", "AVP", "SAVP", "SAVPF", "TLS", "DTLS", "SCTP", "AVPF") {
+			return nil, fmt.Errorf("%w `%v`", errSDPInvalidNumericValue, field)
+		}
+		newMediaDesc.MediaName.Protos = append(newMediaDesc.MediaName.Protos, proto)
+	}
+
+	// <fmt>...
+	for {
+		field, err = l.readField()
+		if err != nil {
+			return nil, err
+		}
+		if field == "" {
+			break
+		}
+		newMediaDesc.MediaName.Formats = append(newMediaDesc.MediaName.Formats, field)
+	}
+
+	if err := l.nextLine(); err != nil {
+		return nil, err
+	}
+
+	l.desc.MediaDescriptions = append(l.desc.MediaDescriptions, &newMediaDesc)
+	return s12, nil
+}
+
+func unmarshalMediaTitle(l *lexer) (stateFn, error) {
+	value, err := l.readLine()
+	if err != nil {
+		return nil, err
+	}
+
+	latestMediaDesc := l.desc.MediaDescriptions[len(l.desc.MediaDescriptions)-1]
+	mediaTitle := Information(value)
+	latestMediaDesc.MediaTitle = &mediaTitle
+	return s16, nil
+}
+
+func unmarshalMediaConnectionInformation(l *lexer) (stateFn, error) {
+	var err error
+	latestMediaDesc := l.desc.MediaDescriptions[len(l.desc.MediaDescriptions)-1]
+	latestMediaDesc.ConnectionInformation, err = l.unmarshalConnectionInformation()
+	if err != nil {
+		return nil, err
+	}
+	return s15, nil
+}
+
+func unmarshalMediaBandwidth(l *lexer) (stateFn, error) {
+	value, err := l.readLine()
+	if err != nil {
+		return nil, err
+	}
+
+	latestMediaDesc := l.desc.MediaDescriptions[len(l.desc.MediaDescriptions)-1]
+	bandwidth, err := unmarshalBandwidth(value)
+	if err != nil {
+		return nil, fmt.Errorf("%w `b=%v`", errSDPInvalidSyntax, value)
+	}
+	latestMediaDesc.Bandwidth = append(latestMediaDesc.Bandwidth, *bandwidth)
+	return s15, nil
+}
+
+func unmarshalMediaEncryptionKey(l *lexer) (stateFn, error) {
+	value, err := l.readLine()
+	if err != nil {
+		return nil, err
+	}
+
+	latestMediaDesc := l.desc.MediaDescriptions[len(l.desc.MediaDescriptions)-1]
+	encryptionKey := EncryptionKey(value)
+	latestMediaDesc.EncryptionKey = &encryptionKey
+	return s14, nil
+}
+
+func unmarshalMediaAttribute(l *lexer) (stateFn, error) {
+	value, err := l.readLine()
+	if err != nil {
+		return nil, err
+	}
+
+	i := strings.IndexRune(value, ':')
+	var a Attribute
+	if i > 0 {
+		a = NewAttribute(value[:i], value[i+1:])
+	} else {
+		a = NewPropertyAttribute(value)
+	}
+
+	latestMediaDesc := l.desc.MediaDescriptions[len(l.desc.MediaDescriptions)-1]
+	latestMediaDesc.Attributes = append(latestMediaDesc.Attributes, a)
+	return s14, nil
+}
+
+func parseTimeUnits(value string) (num int64, err error) {
+	k := timeShorthand(value[len(value)-1])
+	if k > 0 {
+		num, err = strconv.ParseInt(value[:len(value)-1], 10, 64)
+	} else {
+		k = 1
+		num, err = strconv.ParseInt(value, 10, 64)
+	}
+	if err != nil {
+		return 0, fmt.Errorf("%w `%v`", errSDPInvalidValue, value)
+	}
+	return num * k, nil
+}
+
+func timeShorthand(b byte) int64 {
+	// Some time offsets in the protocol can be provided with a shorthand
+	// notation. This code ensures to convert it to NTP timestamp format.
+	switch b {
+	case 'd': // days
+		return 86400
+	case 'h': // hours
+		return 3600
+	case 'm': // minutes
+		return 60
+	case 's': // seconds (allowed for completeness)
+		return 1
+	default:
+		return 0
+	}
+}
+
+func parsePort(value string) (int, error) {
+	port, err := strconv.Atoi(value)
+	if err != nil {
+		return 0, fmt.Errorf("%w `%v`", errSDPInvalidPortValue, port)
+	}
+
+	if port < 0 || port > 65536 {
+		return 0, fmt.Errorf("%w -- out of range `%v`", errSDPInvalidPortValue, port)
+	}
+
+	return port, nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/util.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/util.go
new file mode 100644
index 000000000..74f47ed19
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/sdp/v3/util.go
@@ -0,0 +1,318 @@
+package sdp
+
+import (
+	"errors"
+	"fmt"
+	"io"
+	"sort"
+	"strconv"
+	"strings"
+
+	"github.com/pion/randutil"
+)
+
+const (
+	attributeKey = "a="
+)
+
+var (
+	errExtractCodecRtpmap  = errors.New("could not extract codec from rtpmap")
+	errExtractCodecFmtp    = errors.New("could not extract codec from fmtp")
+	errExtractCodecRtcpFb  = errors.New("could not extract codec from rtcp-fb")
+	errPayloadTypeNotFound = errors.New("payload type not found")
+	errCodecNotFound       = errors.New("codec not found")
+	errSyntaxError         = errors.New("SyntaxError")
+)
+
+// ConnectionRole indicates which of the end points should initiate the connection establishment
+type ConnectionRole int
+
+const (
+	// ConnectionRoleActive indicates the endpoint will initiate an outgoing connection.
+	ConnectionRoleActive ConnectionRole = iota + 1
+
+	// ConnectionRolePassive indicates the endpoint will accept an incoming connection.
+	ConnectionRolePassive
+
+	// ConnectionRoleActpass indicates the endpoint is willing to accept an incoming connection or to initiate an outgoing connection.
+	ConnectionRoleActpass
+
+	// ConnectionRoleHoldconn indicates the endpoint does not want the connection to be established for the time being.
+	ConnectionRoleHoldconn
+)
+
+func (t ConnectionRole) String() string {
+	switch t {
+	case ConnectionRoleActive:
+		return "active"
+	case ConnectionRolePassive:
+		return "passive"
+	case ConnectionRoleActpass:
+		return "actpass"
+	case ConnectionRoleHoldconn:
+		return "holdconn"
+	default:
+		return "Unknown"
+	}
+}
+
+func newSessionID() (uint64, error) {
+	// https://tools.ietf.org/html/draft-ietf-rtcweb-jsep-26#section-5.2.1
+	// Session ID is recommended to be constructed by generating a 64-bit
+	// quantity with the highest bit set to zero and the remaining 63-bits
+	// being cryptographically random.
+	id, err := randutil.CryptoUint64()
+	return id & (^(uint64(1) << 63)), err
+}
+
+// Codec represents a codec
+type Codec struct {
+	PayloadType        uint8
+	Name               string
+	ClockRate          uint32
+	EncodingParameters string
+	Fmtp               string
+	RTCPFeedback       []string
+}
+
+const (
+	unknown = iota
+)
+
+func (c Codec) String() string {
+	return fmt.Sprintf("%d %s/%d/%s (%s) [%s]", c.PayloadType, c.Name, c.ClockRate, c.EncodingParameters, c.Fmtp, strings.Join(c.RTCPFeedback, ", "))
+}
+
+func parseRtpmap(rtpmap string) (Codec, error) {
+	var codec Codec
+	parsingFailed := errExtractCodecRtpmap
+
+	// a=rtpmap:<payload type> <encoding name>/<clock rate>[/<encoding parameters>]
+	split := strings.Split(rtpmap, " ")
+	if len(split) != 2 {
+		return codec, parsingFailed
+	}
+
+	ptSplit := strings.Split(split[0], ":")
+	if len(ptSplit) != 2 {
+		return codec, parsingFailed
+	}
+
+	ptInt, err := strconv.Atoi(ptSplit[1])
+	if err != nil {
+		return codec, parsingFailed
+	}
+
+	codec.PayloadType = uint8(ptInt)
+
+	split = strings.Split(split[1], "/")
+	codec.Name = split[0]
+	parts := len(split)
+	if parts > 1 {
+		rate, err := strconv.Atoi(split[1])
+		if err != nil {
+			return codec, parsingFailed
+		}
+		codec.ClockRate = uint32(rate)
+	}
+	if parts > 2 {
+		codec.EncodingParameters = split[2]
+	}
+
+	return codec, nil
+}
+
+func parseFmtp(fmtp string) (Codec, error) {
+	var codec Codec
+	parsingFailed := errExtractCodecFmtp
+
+	// a=fmtp:<format> <format specific parameters>
+	split := strings.Split(fmtp, " ")
+	if len(split) != 2 {
+		return codec, parsingFailed
+	}
+
+	formatParams := split[1]
+
+	split = strings.Split(split[0], ":")
+	if len(split) != 2 {
+		return codec, parsingFailed
+	}
+
+	ptInt, err := strconv.Atoi(split[1])
+	if err != nil {
+		return codec, parsingFailed
+	}
+
+	codec.PayloadType = uint8(ptInt)
+	codec.Fmtp = formatParams
+
+	return codec, nil
+}
+
+func parseRtcpFb(rtcpFb string) (Codec, error) {
+	var codec Codec
+	parsingFailed := errExtractCodecRtcpFb
+
+	// a=ftcp-fb:<payload type> <RTCP feedback type> [<RTCP feedback parameter>]
+	split := strings.SplitN(rtcpFb, " ", 2)
+	if len(split) != 2 {
+		return codec, parsingFailed
+	}
+
+	ptSplit := strings.Split(split[0], ":")
+	if len(ptSplit) != 2 {
+		return codec, parsingFailed
+	}
+
+	ptInt, err := strconv.Atoi(ptSplit[1])
+	if err != nil {
+		return codec, parsingFailed
+	}
+
+	codec.PayloadType = uint8(ptInt)
+	codec.RTCPFeedback = append(codec.RTCPFeedback, split[1])
+
+	return codec, nil
+}
+
+func mergeCodecs(codec Codec, codecs map[uint8]Codec) {
+	savedCodec := codecs[codec.PayloadType]
+
+	if savedCodec.PayloadType == 0 {
+		savedCodec.PayloadType = codec.PayloadType
+	}
+	if savedCodec.Name == "" {
+		savedCodec.Name = codec.Name
+	}
+	if savedCodec.ClockRate == 0 {
+		savedCodec.ClockRate = codec.ClockRate
+	}
+	if savedCodec.EncodingParameters == "" {
+		savedCodec.EncodingParameters = codec.EncodingParameters
+	}
+	if savedCodec.Fmtp == "" {
+		savedCodec.Fmtp = codec.Fmtp
+	}
+	savedCodec.RTCPFeedback = append(savedCodec.RTCPFeedback, codec.RTCPFeedback...)
+
+	codecs[savedCodec.PayloadType] = savedCodec
+}
+
+func (s *SessionDescription) buildCodecMap() map[uint8]Codec {
+	codecs := make(map[uint8]Codec)
+
+	for _, m := range s.MediaDescriptions {
+		for _, a := range m.Attributes {
+			attr := a.String()
+			switch {
+			case strings.HasPrefix(attr, "rtpmap:"):
+				codec, err := parseRtpmap(attr)
+				if err == nil {
+					mergeCodecs(codec, codecs)
+				}
+			case strings.HasPrefix(attr, "fmtp:"):
+				codec, err := parseFmtp(attr)
+				if err == nil {
+					mergeCodecs(codec, codecs)
+				}
+			case strings.HasPrefix(attr, "rtcp-fb:"):
+				codec, err := parseRtcpFb(attr)
+				if err == nil {
+					mergeCodecs(codec, codecs)
+				}
+			}
+		}
+	}
+
+	return codecs
+}
+
+func equivalentFmtp(want, got string) bool {
+	wantSplit := strings.Split(want, ";")
+	gotSplit := strings.Split(got, ";")
+
+	if len(wantSplit) != len(gotSplit) {
+		return false
+	}
+
+	sort.Strings(wantSplit)
+	sort.Strings(gotSplit)
+
+	for i, wantPart := range wantSplit {
+		wantPart = strings.TrimSpace(wantPart)
+		gotPart := strings.TrimSpace(gotSplit[i])
+		if gotPart != wantPart {
+			return false
+		}
+	}
+
+	return true
+}
+
+func codecsMatch(wanted, got Codec) bool {
+	if wanted.Name != "" && !strings.EqualFold(wanted.Name, got.Name) {
+		return false
+	}
+	if wanted.ClockRate != 0 && wanted.ClockRate != got.ClockRate {
+		return false
+	}
+	if wanted.EncodingParameters != "" && wanted.EncodingParameters != got.EncodingParameters {
+		return false
+	}
+	if wanted.Fmtp != "" && !equivalentFmtp(wanted.Fmtp, got.Fmtp) {
+		return false
+	}
+
+	return true
+}
+
+// GetCodecForPayloadType scans the SessionDescription for the given payload type and returns the codec
+func (s *SessionDescription) GetCodecForPayloadType(payloadType uint8) (Codec, error) {
+	codecs := s.buildCodecMap()
+
+	codec, ok := codecs[payloadType]
+	if ok {
+		return codec, nil
+	}
+
+	return codec, errPayloadTypeNotFound
+}
+
+// GetPayloadTypeForCodec scans the SessionDescription for a codec that matches the provided codec
+// as closely as possible and returns its payload type
+func (s *SessionDescription) GetPayloadTypeForCodec(wanted Codec) (uint8, error) {
+	codecs := s.buildCodecMap()
+
+	for payloadType, codec := range codecs {
+		if codecsMatch(wanted, codec) {
+			return payloadType, nil
+		}
+	}
+
+	return 0, errCodecNotFound
+}
+
+type stateFn func(*lexer) (stateFn, error)
+
+type lexer struct {
+	desc *SessionDescription
+	baseLexer
+}
+
+type keyToState func(key string) stateFn
+
+func (l *lexer) handleType(fn keyToState) (stateFn, error) {
+	key, err := l.readType()
+	if err == io.EOF && key == "" {
+		return nil, nil
+	} else if err != nil {
+		return nil, err
+	}
+
+	if res := fn(key); res != nil {
+		return res, nil
+	}
+
+	return nil, l.syntaxError()
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/.gitignore b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/.gitignore
new file mode 100644
index 000000000..83db74ba5
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/.gitignore
@@ -0,0 +1,24 @@
+### JetBrains IDE ###
+#####################
+.idea/
+
+### Emacs Temporary Files ###
+#############################
+*~
+
+### Folders ###
+###############
+bin/
+vendor/
+node_modules/
+
+### Files ###
+#############
+*.ivf
+*.ogg
+tags
+cover.out
+*.sw[poe]
+*.wasm
+examples/sfu-ws/cert.pem
+examples/sfu-ws/key.pem
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/.golangci.yml b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/.golangci.yml
new file mode 100644
index 000000000..d6162c970
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/.golangci.yml
@@ -0,0 +1,89 @@
+linters-settings:
+  govet:
+    check-shadowing: true
+  misspell:
+    locale: US
+  exhaustive:
+    default-signifies-exhaustive: true
+  gomodguard:
+    blocked:
+      modules:
+        - github.com/pkg/errors:
+            recommendations:
+            - errors
+
+linters:
+  enable:
+    - asciicheck       # Simple linter to check that your code does not contain non-ASCII identifiers
+    - bodyclose        # checks whether HTTP response body is closed successfully
+    - deadcode         # Finds unused code
+    - depguard         # Go linter that checks if package imports are in a list of acceptable packages
+    - dogsled          # Checks assignments with too many blank identifiers (e.g. x, _, _, _, := f())
+    - dupl             # Tool for code clone detection
+    - errcheck         # Errcheck is a program for checking for unchecked errors in go programs. These unchecked errors can be critical bugs in some cases
+    - exhaustive       # check exhaustiveness of enum switch statements
+    - exportloopref    # checks for pointers to enclosing loop variables
+    - gci              # Gci control golang package import order and make it always deterministic.
+    - gochecknoglobals # Checks that no globals are present in Go code
+    - gochecknoinits   # Checks that no init functions are present in Go code
+    - gocognit         # Computes and checks the cognitive complexity of functions
+    - goconst          # Finds repeated strings that could be replaced by a constant
+    - gocritic         # The most opinionated Go source code linter
+    - godox            # Tool for detection of FIXME, TODO and other comment keywords
+    - goerr113         # Golang linter to check the errors handling expressions
+    - gofmt            # Gofmt checks whether code was gofmt-ed. By default this tool runs with -s option to check for code simplification
+    - gofumpt          # Gofumpt checks whether code was gofumpt-ed.
+    - goheader         # Checks is file header matches to pattern
+    - goimports        # Goimports does everything that gofmt does. Additionally it checks unused imports
+    - golint           # Golint differs from gofmt. Gofmt reformats Go source code, whereas golint prints out style mistakes
+    - gomodguard       # Allow and block list linter for direct Go module dependencies. This is different from depguard where there are different block types for example version constraints and module recommendations.
+    - goprintffuncname # Checks that printf-like functions are named with `f` at the end
+    - gosec            # Inspects source code for security problems
+    - gosimple         # Linter for Go source code that specializes in simplifying a code
+    - govet            # Vet examines Go source code and reports suspicious constructs, such as Printf calls whose arguments do not align with the format string
+    - ineffassign      # Detects when assignments to existing variables are not used
+    - misspell         # Finds commonly misspelled English words in comments
+    - nakedret         # Finds naked returns in functions greater than a specified function length
+    - noctx            # noctx finds sending http request without context.Context
+    - scopelint        # Scopelint checks for unpinned variables in go programs
+    - staticcheck      # Staticcheck is a go vet on steroids, applying a ton of static analysis checks
+    - structcheck      # Finds unused struct fields
+    - stylecheck       # Stylecheck is a replacement for golint
+    - typecheck        # Like the front-end of a Go compiler, parses and type-checks Go code
+    - unconvert        # Remove unnecessary type conversions
+    - unparam          # Reports unused function parameters
+    - unused           # Checks Go code for unused constants, variables, functions and types
+    - varcheck         # Finds unused global variables and constants
+    - whitespace       # Tool for detection of leading and trailing whitespace
+  disable:
+    - funlen           # Tool for detection of long functions
+    - gocyclo          # Computes and checks the cyclomatic complexity of functions
+    - godot            # Check if comments end in a period
+    - gomnd            # An analyzer to detect magic numbers.
+    - lll              # Reports long lines
+    - maligned         # Tool to detect Go structs that would take less memory if their fields were sorted
+    - nestif           # Reports deeply nested if statements
+    - nlreturn         # nlreturn checks for a new line before return and branch statements to increase code clarity
+    - nolintlint       # Reports ill-formed or insufficient nolint directives
+    - prealloc         # Finds slice declarations that could potentially be preallocated
+    - rowserrcheck     # checks whether Err of rows is checked successfully
+    - sqlclosecheck    # Checks that sql.Rows and sql.Stmt are closed.
+    - testpackage      # linter that makes you use a separate _test package
+    - wsl              # Whitespace Linter - Forces you to use empty lines!
+
+issues:
+  exclude-use-default: false
+  exclude-rules:
+    # Allow complex tests, better to be self contained
+    - path: _test\.go
+      linters:
+        - gocognit
+
+    # Allow complex main function in examples
+    - path: examples
+      text: "of func `main` is high"
+      linters:
+        - gocognit
+
+run:
+  skip-dirs-use-default: false
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/DESIGN.md b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/DESIGN.md
new file mode 100644
index 000000000..8742540df
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/DESIGN.md
@@ -0,0 +1,20 @@
+<h1 align="center">
+  Design
+</h1>
+
+### Portable
+Pion SRTP is written in Go and extremely portable. Anywhere Golang runs, Pion SRTP should work as well! Instead of dealing with complicated
+cross-compiling of multiple libraries, you now can run anywhere with one `go build`
+
+### Simple API
+The API is based on an io.ReadWriteCloser.
+
+### Readable
+If code comes from an RFC we try to make sure everything is commented with a link to the spec.
+This makes learning and debugging easier, this library was written to also serve as a guide for others.
+
+### Tested
+Every commit is tested via travis-ci Go provides fantastic facilities for testing, and more will be added as time goes on.
+
+### Shared libraries
+Every pion product is built using shared libraries, allowing others to review and reuse our libraries.
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/LICENSE b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/LICENSE
new file mode 100644
index 000000000..ab602974d
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2018 
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/README.md b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/README.md
new file mode 100644
index 000000000..19551e35e
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/README.md
@@ -0,0 +1,54 @@
+<h1 align="center">
+  <br>
+  Pion SRTP
+  <br>
+</h1>
+<h4 align="center">A Go implementation of SRTP</h4>
+<p align="center">
+  <a href="https://pion.ly"><img src="https://img.shields.io/badge/pion-srtp-gray.svg?longCache=true&colorB=brightgreen" alt="Pion SRTP"></a>
+  <a href="https://sourcegraph.com/github.com/pion/srtp?badge"><img src="https://sourcegraph.com/github.com/pion/srtp/-/badge.svg" alt="Sourcegraph Widget"></a>
+  <a href="https://pion.ly/slack"><img src="https://img.shields.io/badge/join-us%20on%20slack-gray.svg?longCache=true&logo=slack&colorB=brightgreen" alt="Slack Widget"></a>
+  <br>
+  <a href="https://travis-ci.org/pion/srtp"><img src="https://travis-ci.org/pion/srtp.svg?branch=master" alt="Build Status"></a>
+  <a href="https://pkg.go.dev/github.com/pion/srtp"><img src="https://godoc.org/github.com/pion/srtp?status.svg" alt="GoDoc"></a>
+  <a href="https://codecov.io/gh/pion/srtp"><img src="https://codecov.io/gh/pion/srtp/branch/master/graph/badge.svg" alt="Coverage Status"></a>
+  <a href="https://goreportcard.com/report/github.com/pion/srtp"><img src="https://goreportcard.com/badge/github.com/pion/srtp" alt="Go Report Card"></a>
+  <a href="LICENSE"><img src="https://img.shields.io/badge/License-MIT-yellow.svg" alt="License: MIT"></a>
+</p>
+<br>
+
+See [DESIGN.md](DESIGN.md) for an overview of features and future goals.
+
+### Roadmap
+The library is used as a part of our WebRTC implementation. Please refer to that [roadmap](https://github.com/pion/webrtc/issues/9) to track our major milestones.
+
+### Community
+Pion has an active community on the [Golang Slack](https://invite.slack.golangbridge.org/). Sign up and join the **#pion** channel for discussions and support. You can also use [Pion mailing list](https://groups.google.com/forum/#!forum/pion).
+
+We are always looking to support **your projects**. Please reach out if you have something to build!
+
+If you need commercial support or don't want to use public methods you can contact us at [team@pion.ly](mailto:team@pion.ly)
+
+### Contributing
+Check out the **[contributing wiki](https://github.com/pion/webrtc/wiki/Contributing)** to join the group of amazing people making this project possible:
+
+* [Sean DuBois](https://github.com/Sean-Der) - *Original Author*
+* [Michiel De Backker](https://github.com/backkem) - *io.Writer interfaces*
+* [Tobias Fridén](https://github.com/tobiasfriden) *SRTP authentication verification*
+* [chenkaiC4](https://github.com/chenkaiC4) - *Fix GolangCI Linter*
+* [Luke Curley](https://github.com/kixelated) - *Performance*
+* [Chris Hiszpanski](https://github.com/thinkski) - *Fix out-of-bounds access*
+* [Yutaka Takeda](https://github.com/enobufs) - *Fix log messages*
+* [Max Hawkins](https://github.com/maxhawkins)
+* [Woodrow Douglass](https://github.com/wdouglass)
+* [Hugo Arregui](https://github.com/hugoArregui)
+* [Atsushi Watanabe](https://github.com/at-wat)
+* [Novel Corpse](https://github.com/NovelCorpse)
+* [Jerko Steiner](https://github.com/jeremija)
+* [Juliusz Chroboczek](https://github.com/jech)
+* [Mission Liao](https://github.com/mission-liao)
+* [Orlando](https://github.com/OrlandoCo)
+* [Tarrence van As](https://github.com/tarrencev)
+
+### License
+MIT License - see [LICENSE](LICENSE) for full text
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/codecov.yml b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/codecov.yml
new file mode 100644
index 000000000..085200a48
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/codecov.yml
@@ -0,0 +1,20 @@
+#
+# DO NOT EDIT THIS FILE
+#
+# It is automatically copied from https://github.com/pion/.goassets repository.
+#
+
+coverage:
+  status:
+    project:
+      default:
+        # Allow decreasing 2% of total coverage to avoid noise.
+        threshold: 2%
+    patch:
+      default:
+        target: 70%
+        only_pulls: true
+
+ignore:
+  - "examples/*"
+  - "examples/**/*"
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/context.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/context.go
new file mode 100644
index 000000000..63566de74
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/context.go
@@ -0,0 +1,196 @@
+package srtp
+
+import (
+	"fmt"
+
+	"github.com/pion/transport/replaydetector"
+)
+
+const (
+	labelSRTPEncryption        = 0x00
+	labelSRTPAuthenticationTag = 0x01
+	labelSRTPSalt              = 0x02
+
+	labelSRTCPEncryption        = 0x03
+	labelSRTCPAuthenticationTag = 0x04
+	labelSRTCPSalt              = 0x05
+
+	maxROCDisorder    = 100
+	maxSequenceNumber = 65535
+
+	srtcpIndexSize = 4
+)
+
+// Encrypt/Decrypt state for a single SRTP SSRC
+type srtpSSRCState struct {
+	ssrc                 uint32
+	rolloverCounter      uint32
+	rolloverHasProcessed bool
+	lastSequenceNumber   uint16
+	replayDetector       replaydetector.ReplayDetector
+}
+
+// Encrypt/Decrypt state for a single SRTCP SSRC
+type srtcpSSRCState struct {
+	srtcpIndex     uint32
+	ssrc           uint32
+	replayDetector replaydetector.ReplayDetector
+}
+
+// Context represents a SRTP cryptographic context.
+// Context can only be used for one-way operations.
+// it must either used ONLY for encryption or ONLY for decryption.
+type Context struct {
+	cipher srtpCipher
+
+	srtpSSRCStates  map[uint32]*srtpSSRCState
+	srtcpSSRCStates map[uint32]*srtcpSSRCState
+
+	newSRTCPReplayDetector func() replaydetector.ReplayDetector
+	newSRTPReplayDetector  func() replaydetector.ReplayDetector
+}
+
+// CreateContext creates a new SRTP Context.
+//
+// CreateContext receives variable number of ContextOption-s.
+// Passing multiple options which set the same parameter let the last one valid.
+// Following example create SRTP Context with replay protection with window size of 256.
+//
+//   decCtx, err := srtp.CreateContext(key, salt, profile, srtp.SRTPReplayProtection(256))
+//
+func CreateContext(masterKey, masterSalt []byte, profile ProtectionProfile, opts ...ContextOption) (c *Context, err error) {
+	keyLen, err := profile.keyLen()
+	if err != nil {
+		return nil, err
+	}
+
+	saltLen, err := profile.saltLen()
+	if err != nil {
+		return nil, err
+	}
+
+	if masterKeyLen := len(masterKey); masterKeyLen != keyLen {
+		return c, fmt.Errorf("%w expected(%d) actual(%d)", errShortSrtpMasterKey, masterKey, keyLen)
+	} else if masterSaltLen := len(masterSalt); masterSaltLen != saltLen {
+		return c, fmt.Errorf("%w expected(%d) actual(%d)", errShortSrtpMasterSalt, saltLen, masterSaltLen)
+	}
+
+	c = &Context{
+		srtpSSRCStates:  map[uint32]*srtpSSRCState{},
+		srtcpSSRCStates: map[uint32]*srtcpSSRCState{},
+	}
+
+	switch profile {
+	case ProtectionProfileAeadAes128Gcm:
+		c.cipher, err = newSrtpCipherAeadAesGcm(masterKey, masterSalt)
+	case ProtectionProfileAes128CmHmacSha1_80:
+		c.cipher, err = newSrtpCipherAesCmHmacSha1(masterKey, masterSalt)
+	default:
+		return nil, fmt.Errorf("%w: %#v", errNoSuchSRTPProfile, profile)
+	}
+	if err != nil {
+		return nil, err
+	}
+
+	for _, o := range append(
+		[]ContextOption{ // Default options
+			SRTPNoReplayProtection(),
+			SRTCPNoReplayProtection(),
+		},
+		opts..., // User specified options
+	) {
+		if errOpt := o(c); errOpt != nil {
+			return nil, errOpt
+		}
+	}
+
+	return c, nil
+}
+
+// https://tools.ietf.org/html/rfc3550#appendix-A.1
+func (s *srtpSSRCState) nextRolloverCount(sequenceNumber uint16) (uint32, func()) {
+	roc := s.rolloverCounter
+
+	switch {
+	case !s.rolloverHasProcessed:
+	case sequenceNumber == 0: // We exactly hit the rollover count
+		// Only update rolloverCounter if lastSequenceNumber is greater then maxROCDisorder
+		// otherwise we already incremented for disorder
+		if s.lastSequenceNumber > maxROCDisorder {
+			roc++
+		}
+	case s.lastSequenceNumber < maxROCDisorder &&
+		sequenceNumber > (maxSequenceNumber-maxROCDisorder):
+		// Our last sequence number incremented because we crossed 0, but then our current number was within maxROCDisorder of the max
+		// So we fell behind, drop to account for jitter
+		roc--
+	case sequenceNumber < maxROCDisorder &&
+		s.lastSequenceNumber > (maxSequenceNumber-maxROCDisorder):
+		// our current is within a maxROCDisorder of 0
+		// and our last sequence number was a high sequence number, increment to account for jitter
+		roc++
+	}
+	return roc, func() {
+		s.rolloverHasProcessed = true
+		s.lastSequenceNumber = sequenceNumber
+		s.rolloverCounter = roc
+	}
+}
+
+func (c *Context) getSRTPSSRCState(ssrc uint32) *srtpSSRCState {
+	s, ok := c.srtpSSRCStates[ssrc]
+	if ok {
+		return s
+	}
+
+	s = &srtpSSRCState{
+		ssrc:           ssrc,
+		replayDetector: c.newSRTPReplayDetector(),
+	}
+	c.srtpSSRCStates[ssrc] = s
+	return s
+}
+
+func (c *Context) getSRTCPSSRCState(ssrc uint32) *srtcpSSRCState {
+	s, ok := c.srtcpSSRCStates[ssrc]
+	if ok {
+		return s
+	}
+
+	s = &srtcpSSRCState{
+		ssrc:           ssrc,
+		replayDetector: c.newSRTCPReplayDetector(),
+	}
+	c.srtcpSSRCStates[ssrc] = s
+	return s
+}
+
+// ROC returns SRTP rollover counter value of specified SSRC.
+func (c *Context) ROC(ssrc uint32) (uint32, bool) {
+	s, ok := c.srtpSSRCStates[ssrc]
+	if !ok {
+		return 0, false
+	}
+	return s.rolloverCounter, true
+}
+
+// SetROC sets SRTP rollover counter value of specified SSRC.
+func (c *Context) SetROC(ssrc uint32, roc uint32) {
+	s := c.getSRTPSSRCState(ssrc)
+	s.rolloverCounter = roc
+}
+
+// Index returns SRTCP index value of specified SSRC.
+func (c *Context) Index(ssrc uint32) (uint32, bool) {
+	s, ok := c.srtcpSSRCStates[ssrc]
+	if !ok {
+		return 0, false
+	}
+	return s.srtcpIndex, true
+}
+
+// SetIndex sets SRTCP index value of specified SSRC.
+func (c *Context) SetIndex(ssrc uint32, index uint32) {
+	s := c.getSRTCPSSRCState(ssrc)
+	s.srtcpIndex = index % (maxSRTCPIndex + 1)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/errors.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/errors.go
new file mode 100644
index 000000000..a70262145
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/errors.go
@@ -0,0 +1,40 @@
+package srtp
+
+import (
+	"errors"
+	"fmt"
+)
+
+var (
+	errDuplicated                    = errors.New("duplicated packet")
+	errShortSrtpMasterKey            = errors.New("SRTP master key is not long enough")
+	errShortSrtpMasterSalt           = errors.New("SRTP master salt is not long enough")
+	errNoSuchSRTPProfile             = errors.New("no such SRTP Profile")
+	errNonZeroKDRNotSupported        = errors.New("indexOverKdr > 0 is not supported yet")
+	errExporterWrongLabel            = errors.New("exporter called with wrong label")
+	errNoConfig                      = errors.New("no config provided")
+	errNoConn                        = errors.New("no conn provided")
+	errFailedToVerifyAuthTag         = errors.New("failed to verify auth tag")
+	errTooShortRTCP                  = errors.New("packet is too short to be rtcp packet")
+	errPayloadDiffers                = errors.New("payload differs")
+	errStartedChannelUsedIncorrectly = errors.New("started channel used incorrectly, should only be closed")
+
+	errStreamNotInited     = errors.New("stream has not been inited, unable to close")
+	errStreamAlreadyClosed = errors.New("stream is already closed")
+	errStreamAlreadyInited = errors.New("stream is already inited")
+	errFailedTypeAssertion = errors.New("failed to cast child")
+)
+
+type errorDuplicated struct {
+	Proto string // srtp or srtcp
+	SSRC  uint32
+	Index uint32 // sequence number or index
+}
+
+func (e *errorDuplicated) Error() string {
+	return fmt.Sprintf("%s ssrc=%d index=%d: %v", e.Proto, e.SSRC, e.Index, errDuplicated)
+}
+
+func (e *errorDuplicated) Unwrap() error {
+	return errDuplicated
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/go.mod b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/go.mod
new file mode 100644
index 000000000..eeb3ba44b
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/go.mod
@@ -0,0 +1,11 @@
+module github.com/pion/srtp/v2
+
+go 1.14
+
+require (
+	github.com/pion/logging v0.2.2
+	github.com/pion/rtcp v1.2.6
+	github.com/pion/rtp v1.6.2
+	github.com/pion/transport v0.12.2
+	github.com/stretchr/testify v1.6.1
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/go.sum b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/go.sum
new file mode 100644
index 000000000..6b3bdb580
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/go.sum
@@ -0,0 +1,32 @@
+github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/pion/logging v0.2.2 h1:M9+AIj/+pxNsDfAT64+MAVgJO0rsyLnoJKCqf//DoeY=
+github.com/pion/logging v0.2.2/go.mod h1:k0/tDVsRCX2Mb2ZEmTqNa7CWsQPc+YYCB7Q+5pahoms=
+github.com/pion/randutil v0.1.0 h1:CFG1UdESneORglEsnimhUjf33Rwjubwj6xfiOXBa3mA=
+github.com/pion/randutil v0.1.0/go.mod h1:XcJrSMMbbMRhASFVOlj/5hQial/Y8oH/HVo7TBZq+j8=
+github.com/pion/rtcp v1.2.6 h1:1zvwBbyd0TeEuuWftrd/4d++m+/kZSeiguxU61LFWpo=
+github.com/pion/rtcp v1.2.6/go.mod h1:52rMNPWFsjr39z9B9MhnkqhPLoeHTv1aN63o/42bWE0=
+github.com/pion/rtp v1.6.2 h1:iGBerLX6JiDjB9NXuaPzHyxHFG9JsIEdgwTC0lp5n/U=
+github.com/pion/rtp v1.6.2/go.mod h1:bDb5n+BFZxXx0Ea7E5qe+klMuqiBrP+w8XSjiWtCUko=
+github.com/pion/transport v0.12.2 h1:WYEjhloRHt1R86LhUKjC5y+P52Y11/QqEUalvtzVoys=
+github.com/pion/transport v0.12.2/go.mod h1:N3+vZQD9HlDP5GWkZ85LohxNsDcNgofQmyL6ojX5d8Q=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20201201195509-5d6afe98e0b7 h1:3uJsdck53FDIpWwLeAXlia9p4C8j0BO2xZrqzKpL0D8=
+golang.org/x/net v0.0.0-20201201195509-5d6afe98e0b7/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/key_derivation.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/key_derivation.go
new file mode 100644
index 000000000..5bbf3aaad
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/key_derivation.go
@@ -0,0 +1,63 @@
+package srtp
+
+import (
+	"crypto/aes"
+	"encoding/binary"
+)
+
+func aesCmKeyDerivation(label byte, masterKey, masterSalt []byte, indexOverKdr int, outLen int) ([]byte, error) {
+	if indexOverKdr != 0 {
+		// 24-bit "index DIV kdr" must be xored to prf input.
+		return nil, errNonZeroKDRNotSupported
+	}
+
+	// https://tools.ietf.org/html/rfc3711#appendix-B.3
+	// The input block for AES-CM is generated by exclusive-oring the master salt with the
+	// concatenation of the encryption key label 0x00 with (index DIV kdr),
+	// - index is 'rollover count' and DIV is 'divided by'
+
+	nMasterKey := len(masterKey)
+	nMasterSalt := len(masterSalt)
+
+	prfIn := make([]byte, nMasterKey)
+	copy(prfIn[:nMasterSalt], masterSalt)
+
+	prfIn[7] ^= label
+
+	// The resulting value is then AES encrypted using the master key to get the cipher key.
+	block, err := aes.NewCipher(masterKey)
+	if err != nil {
+		return nil, err
+	}
+
+	out := make([]byte, ((outLen+nMasterKey)/nMasterKey)*nMasterKey)
+	var i uint16
+	for n := 0; n < outLen; n += nMasterKey {
+		binary.BigEndian.PutUint16(prfIn[nMasterKey-2:], i)
+		block.Encrypt(out[n:n+nMasterKey], prfIn)
+		i++
+	}
+	return out[:outLen], nil
+}
+
+// Generate IV https://tools.ietf.org/html/rfc3711#section-4.1.1
+// where the 128-bit integer value IV SHALL be defined by the SSRC, the
+// SRTP packet index i, and the SRTP session salting key k_s, as below.
+// - ROC = a 32-bit unsigned rollover counter (ROC), which records how many
+// -       times the 16-bit RTP sequence number has been reset to zero after
+// -       passing through 65,535
+// i = 2^16 * ROC + SEQ
+// IV = (salt*2 ^ 16) | (ssrc*2 ^ 64) | (i*2 ^ 16)
+func generateCounter(sequenceNumber uint16, rolloverCounter uint32, ssrc uint32, sessionSalt []byte) []byte {
+	counter := make([]byte, 16)
+
+	binary.BigEndian.PutUint32(counter[4:], ssrc)
+	binary.BigEndian.PutUint32(counter[8:], rolloverCounter)
+	binary.BigEndian.PutUint32(counter[12:], uint32(sequenceNumber)<<16)
+
+	for i := range sessionSalt {
+		counter[i] ^= sessionSalt[i]
+	}
+
+	return counter
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/keying.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/keying.go
new file mode 100644
index 000000000..82fd4d900
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/keying.go
@@ -0,0 +1,54 @@
+package srtp
+
+const labelExtractorDtlsSrtp = "EXTRACTOR-dtls_srtp"
+
+// KeyingMaterialExporter allows package SRTP to extract keying material
+type KeyingMaterialExporter interface {
+	ExportKeyingMaterial(label string, context []byte, length int) ([]byte, error)
+}
+
+// ExtractSessionKeysFromDTLS allows setting the Config SessionKeys by
+// extracting them from DTLS. This behavior is defined in RFC5764:
+// https://tools.ietf.org/html/rfc5764
+func (c *Config) ExtractSessionKeysFromDTLS(exporter KeyingMaterialExporter, isClient bool) error {
+	keyLen, err := c.Profile.keyLen()
+	if err != nil {
+		return err
+	}
+
+	saltLen, err := c.Profile.saltLen()
+	if err != nil {
+		return err
+	}
+
+	keyingMaterial, err := exporter.ExportKeyingMaterial(labelExtractorDtlsSrtp, nil, (keyLen*2)+(saltLen*2))
+	if err != nil {
+		return err
+	}
+
+	offset := 0
+	clientWriteKey := append([]byte{}, keyingMaterial[offset:offset+keyLen]...)
+	offset += keyLen
+
+	serverWriteKey := append([]byte{}, keyingMaterial[offset:offset+keyLen]...)
+	offset += keyLen
+
+	clientWriteKey = append(clientWriteKey, keyingMaterial[offset:offset+saltLen]...)
+	offset += saltLen
+
+	serverWriteKey = append(serverWriteKey, keyingMaterial[offset:offset+saltLen]...)
+
+	if isClient {
+		c.Keys.LocalMasterKey = clientWriteKey[0:keyLen]
+		c.Keys.LocalMasterSalt = clientWriteKey[keyLen:]
+		c.Keys.RemoteMasterKey = serverWriteKey[0:keyLen]
+		c.Keys.RemoteMasterSalt = serverWriteKey[keyLen:]
+		return nil
+	}
+
+	c.Keys.LocalMasterKey = serverWriteKey[0:keyLen]
+	c.Keys.LocalMasterSalt = serverWriteKey[keyLen:]
+	c.Keys.RemoteMasterKey = clientWriteKey[0:keyLen]
+	c.Keys.RemoteMasterSalt = clientWriteKey[keyLen:]
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/option.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/option.go
new file mode 100644
index 000000000..d6159f13f
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/option.go
@@ -0,0 +1,54 @@
+package srtp
+
+import (
+	"github.com/pion/transport/replaydetector"
+)
+
+// ContextOption represents option of Context using the functional options pattern.
+type ContextOption func(*Context) error
+
+// SRTPReplayProtection sets SRTP replay protection window size.
+func SRTPReplayProtection(windowSize uint) ContextOption { // nolint:golint
+	return func(c *Context) error {
+		c.newSRTPReplayDetector = func() replaydetector.ReplayDetector {
+			return replaydetector.WithWrap(windowSize, maxSequenceNumber)
+		}
+		return nil
+	}
+}
+
+// SRTCPReplayProtection sets SRTCP replay protection window size.
+func SRTCPReplayProtection(windowSize uint) ContextOption {
+	return func(c *Context) error {
+		c.newSRTCPReplayDetector = func() replaydetector.ReplayDetector {
+			return replaydetector.WithWrap(windowSize, maxSRTCPIndex)
+		}
+		return nil
+	}
+}
+
+// SRTPNoReplayProtection disables SRTP replay protection.
+func SRTPNoReplayProtection() ContextOption { // nolint:golint
+	return func(c *Context) error {
+		c.newSRTPReplayDetector = func() replaydetector.ReplayDetector {
+			return &nopReplayDetector{}
+		}
+		return nil
+	}
+}
+
+// SRTCPNoReplayProtection disables SRTCP replay protection.
+func SRTCPNoReplayProtection() ContextOption {
+	return func(c *Context) error {
+		c.newSRTCPReplayDetector = func() replaydetector.ReplayDetector {
+			return &nopReplayDetector{}
+		}
+		return nil
+	}
+}
+
+type nopReplayDetector struct{}
+
+func (s *nopReplayDetector) Check(uint64) (func(), bool) {
+	return func() {}, true
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/protection_profile.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/protection_profile.go
new file mode 100644
index 000000000..54c01b571
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/protection_profile.go
@@ -0,0 +1,56 @@
+package srtp
+
+import "fmt"
+
+// ProtectionProfile specifies Cipher and AuthTag details, similar to TLS cipher suite
+type ProtectionProfile uint16
+
+// Supported protection profiles
+const (
+	ProtectionProfileAes128CmHmacSha1_80 ProtectionProfile = 0x0001
+	ProtectionProfileAeadAes128Gcm       ProtectionProfile = 0x0007
+)
+
+func (p ProtectionProfile) keyLen() (int, error) {
+	switch p {
+	case ProtectionProfileAes128CmHmacSha1_80:
+		fallthrough
+	case ProtectionProfileAeadAes128Gcm:
+		return 16, nil
+	default:
+		return 0, fmt.Errorf("%w: %#v", errNoSuchSRTPProfile, p)
+	}
+}
+
+func (p ProtectionProfile) saltLen() (int, error) {
+	switch p {
+	case ProtectionProfileAes128CmHmacSha1_80:
+		return 14, nil
+	case ProtectionProfileAeadAes128Gcm:
+		return 12, nil
+	default:
+		return 0, fmt.Errorf("%w: %#v", errNoSuchSRTPProfile, p)
+	}
+}
+
+func (p ProtectionProfile) authTagLen() (int, error) {
+	switch p {
+	case ProtectionProfileAes128CmHmacSha1_80:
+		return (&srtpCipherAesCmHmacSha1{}).authTagLen(), nil
+	case ProtectionProfileAeadAes128Gcm:
+		return (&srtpCipherAeadAesGcm{}).authTagLen(), nil
+	default:
+		return 0, fmt.Errorf("%w: %#v", errNoSuchSRTPProfile, p)
+	}
+}
+
+func (p ProtectionProfile) authKeyLen() (int, error) {
+	switch p {
+	case ProtectionProfileAes128CmHmacSha1_80:
+		return 20, nil
+	case ProtectionProfileAeadAes128Gcm:
+		return 0, nil
+	default:
+		return 0, fmt.Errorf("%w: %#v", errNoSuchSRTPProfile, p)
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/renovate.json b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/renovate.json
new file mode 100644
index 000000000..4400fd9b2
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/renovate.json
@@ -0,0 +1,15 @@
+{
+  "extends": [
+    "config:base"
+  ],
+  "postUpdateOptions": [
+    "gomodTidy"
+  ],
+  "commitBody": "Generated by renovateBot",
+  "packageRules": [
+    {
+      "packagePatterns": ["^golang.org/x/"],
+      "schedule": ["on the first day of the month"]
+    }
+  ]
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/session.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/session.go
new file mode 100644
index 000000000..95520f782
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/session.go
@@ -0,0 +1,150 @@
+package srtp
+
+import (
+	"io"
+	"net"
+	"sync"
+
+	"github.com/pion/logging"
+	"github.com/pion/transport/packetio"
+)
+
+type streamSession interface {
+	Close() error
+	write([]byte) (int, error)
+	decrypt([]byte) error
+}
+
+type session struct {
+	localContextMutex           sync.Mutex
+	localContext, remoteContext *Context
+	localOptions, remoteOptions []ContextOption
+
+	newStream chan readStream
+
+	started chan interface{}
+	closed  chan interface{}
+
+	readStreamsClosed bool
+	readStreams       map[uint32]readStream
+	readStreamsLock   sync.Mutex
+
+	log           logging.LeveledLogger
+	bufferFactory func(packetType packetio.BufferPacketType, ssrc uint32) io.ReadWriteCloser
+
+	nextConn net.Conn
+}
+
+// Config is used to configure a session.
+// You can provide either a KeyingMaterialExporter to export keys
+// or directly pass the keys themselves.
+// After a Config is passed to a session it must not be modified.
+type Config struct {
+	Keys          SessionKeys
+	Profile       ProtectionProfile
+	BufferFactory func(packetType packetio.BufferPacketType, ssrc uint32) io.ReadWriteCloser
+	LoggerFactory logging.LoggerFactory
+
+	// List of local/remote context options.
+	// ReplayProtection is enabled on remote context by default.
+	// Default replay protection window size is 64.
+	LocalOptions, RemoteOptions []ContextOption
+}
+
+// SessionKeys bundles the keys required to setup an SRTP session
+type SessionKeys struct {
+	LocalMasterKey   []byte
+	LocalMasterSalt  []byte
+	RemoteMasterKey  []byte
+	RemoteMasterSalt []byte
+}
+
+func (s *session) getOrCreateReadStream(ssrc uint32, child streamSession, proto func() readStream) (readStream, bool) {
+	s.readStreamsLock.Lock()
+	defer s.readStreamsLock.Unlock()
+
+	if s.readStreamsClosed {
+		return nil, false
+	}
+
+	r, ok := s.readStreams[ssrc]
+	if ok {
+		return r, false
+	}
+
+	// Create the readStream.
+	r = proto()
+
+	if err := r.init(child, ssrc); err != nil {
+		return nil, false
+	}
+
+	s.readStreams[ssrc] = r
+	return r, true
+}
+
+func (s *session) removeReadStream(ssrc uint32) {
+	s.readStreamsLock.Lock()
+	defer s.readStreamsLock.Unlock()
+
+	if s.readStreamsClosed {
+		return
+	}
+
+	delete(s.readStreams, ssrc)
+}
+
+func (s *session) close() error {
+	if s.nextConn == nil {
+		return nil
+	} else if err := s.nextConn.Close(); err != nil {
+		return err
+	}
+
+	<-s.closed
+	return nil
+}
+
+func (s *session) start(localMasterKey, localMasterSalt, remoteMasterKey, remoteMasterSalt []byte, profile ProtectionProfile, child streamSession) error {
+	var err error
+	s.localContext, err = CreateContext(localMasterKey, localMasterSalt, profile, s.localOptions...)
+	if err != nil {
+		return err
+	}
+
+	s.remoteContext, err = CreateContext(remoteMasterKey, remoteMasterSalt, profile, s.remoteOptions...)
+	if err != nil {
+		return err
+	}
+
+	go func() {
+		defer func() {
+			close(s.newStream)
+
+			s.readStreamsLock.Lock()
+			s.readStreamsClosed = true
+			s.readStreamsLock.Unlock()
+			close(s.closed)
+		}()
+
+		b := make([]byte, 8192)
+		for {
+			var i int
+			i, err = s.nextConn.Read(b)
+			if err != nil {
+				if err != io.EOF {
+					s.log.Error(err.Error())
+				}
+				return
+			}
+
+			if err = child.decrypt(b[:i]); err != nil {
+				s.log.Info(err.Error())
+			}
+		}
+	}()
+
+	close(s.started)
+
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/session_srtcp.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/session_srtcp.go
new file mode 100644
index 000000000..a5fb656cc
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/session_srtcp.go
@@ -0,0 +1,180 @@
+package srtp
+
+import (
+	"net"
+	"time"
+
+	"github.com/pion/logging"
+	"github.com/pion/rtcp"
+)
+
+const defaultSessionSRTCPReplayProtectionWindow = 64
+
+// SessionSRTCP implements io.ReadWriteCloser and provides a bi-directional SRTCP session
+// SRTCP itself does not have a design like this, but it is common in most applications
+// for local/remote to each have their own keying material. This provides those patterns
+// instead of making everyone re-implement
+type SessionSRTCP struct {
+	session
+	writeStream *WriteStreamSRTCP
+}
+
+// NewSessionSRTCP creates a SRTCP session using conn as the underlying transport.
+func NewSessionSRTCP(conn net.Conn, config *Config) (*SessionSRTCP, error) { //nolint:dupl
+	if config == nil {
+		return nil, errNoConfig
+	} else if conn == nil {
+		return nil, errNoConn
+	}
+
+	loggerFactory := config.LoggerFactory
+	if loggerFactory == nil {
+		loggerFactory = logging.NewDefaultLoggerFactory()
+	}
+
+	localOpts := append(
+		[]ContextOption{},
+		config.LocalOptions...,
+	)
+	remoteOpts := append(
+		[]ContextOption{
+			// Default options
+			SRTCPReplayProtection(defaultSessionSRTCPReplayProtectionWindow),
+		},
+		config.RemoteOptions...,
+	)
+
+	s := &SessionSRTCP{
+		session: session{
+			nextConn:      conn,
+			localOptions:  localOpts,
+			remoteOptions: remoteOpts,
+			readStreams:   map[uint32]readStream{},
+			newStream:     make(chan readStream),
+			started:       make(chan interface{}),
+			closed:        make(chan interface{}),
+			bufferFactory: config.BufferFactory,
+			log:           loggerFactory.NewLogger("srtp"),
+		},
+	}
+	s.writeStream = &WriteStreamSRTCP{s}
+
+	err := s.session.start(
+		config.Keys.LocalMasterKey, config.Keys.LocalMasterSalt,
+		config.Keys.RemoteMasterKey, config.Keys.RemoteMasterSalt,
+		config.Profile,
+		s,
+	)
+	if err != nil {
+		return nil, err
+	}
+	return s, nil
+}
+
+// OpenWriteStream returns the global write stream for the Session
+func (s *SessionSRTCP) OpenWriteStream() (*WriteStreamSRTCP, error) {
+	return s.writeStream, nil
+}
+
+// OpenReadStream opens a read stream for the given SSRC, it can be used
+// if you want a certain SSRC, but don't want to wait for AcceptStream
+func (s *SessionSRTCP) OpenReadStream(ssrc uint32) (*ReadStreamSRTCP, error) {
+	r, _ := s.session.getOrCreateReadStream(ssrc, s, newReadStreamSRTCP)
+
+	if readStream, ok := r.(*ReadStreamSRTCP); ok {
+		return readStream, nil
+	}
+	return nil, errFailedTypeAssertion
+}
+
+// AcceptStream returns a stream to handle RTCP for a single SSRC
+func (s *SessionSRTCP) AcceptStream() (*ReadStreamSRTCP, uint32, error) {
+	stream, ok := <-s.newStream
+	if !ok {
+		return nil, 0, errStreamAlreadyClosed
+	}
+
+	readStream, ok := stream.(*ReadStreamSRTCP)
+	if !ok {
+		return nil, 0, errFailedTypeAssertion
+	}
+
+	return readStream, stream.GetSSRC(), nil
+}
+
+// Close ends the session
+func (s *SessionSRTCP) Close() error {
+	return s.session.close()
+}
+
+// Private
+
+func (s *SessionSRTCP) write(buf []byte) (int, error) {
+	if _, ok := <-s.session.started; ok {
+		return 0, errStartedChannelUsedIncorrectly
+	}
+
+	s.session.localContextMutex.Lock()
+	encrypted, err := s.localContext.EncryptRTCP(nil, buf, nil)
+	s.session.localContextMutex.Unlock()
+
+	if err != nil {
+		return 0, err
+	}
+	return s.session.nextConn.Write(encrypted)
+}
+
+func (s *SessionSRTCP) setWriteDeadline(t time.Time) error {
+	return s.session.nextConn.SetWriteDeadline(t)
+}
+
+// create a list of Destination SSRCs
+// that's a superset of all Destinations in the slice.
+func destinationSSRC(pkts []rtcp.Packet) []uint32 {
+	ssrcSet := make(map[uint32]struct{})
+	for _, p := range pkts {
+		for _, ssrc := range p.DestinationSSRC() {
+			ssrcSet[ssrc] = struct{}{}
+		}
+	}
+
+	out := make([]uint32, 0, len(ssrcSet))
+	for ssrc := range ssrcSet {
+		out = append(out, ssrc)
+	}
+
+	return out
+}
+
+func (s *SessionSRTCP) decrypt(buf []byte) error {
+	decrypted, err := s.remoteContext.DecryptRTCP(buf, buf, nil)
+	if err != nil {
+		return err
+	}
+
+	pkt, err := rtcp.Unmarshal(decrypted)
+	if err != nil {
+		return err
+	}
+
+	for _, ssrc := range destinationSSRC(pkt) {
+		r, isNew := s.session.getOrCreateReadStream(ssrc, s, newReadStreamSRTCP)
+		if r == nil {
+			return nil // Session has been closed
+		} else if isNew {
+			s.session.newStream <- r // Notify AcceptStream
+		}
+
+		readStream, ok := r.(*ReadStreamSRTCP)
+		if !ok {
+			return errFailedTypeAssertion
+		}
+
+		_, err = readStream.write(decrypted)
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/session_srtp.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/session_srtp.go
new file mode 100644
index 000000000..dc815af6b
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/session_srtp.go
@@ -0,0 +1,171 @@
+package srtp
+
+import (
+	"net"
+	"time"
+
+	"github.com/pion/logging"
+	"github.com/pion/rtp"
+)
+
+const defaultSessionSRTPReplayProtectionWindow = 64
+
+// SessionSRTP implements io.ReadWriteCloser and provides a bi-directional SRTP session
+// SRTP itself does not have a design like this, but it is common in most applications
+// for local/remote to each have their own keying material. This provides those patterns
+// instead of making everyone re-implement
+type SessionSRTP struct {
+	session
+	writeStream *WriteStreamSRTP
+}
+
+// NewSessionSRTP creates a SRTP session using conn as the underlying transport.
+func NewSessionSRTP(conn net.Conn, config *Config) (*SessionSRTP, error) { //nolint:dupl
+	if config == nil {
+		return nil, errNoConfig
+	} else if conn == nil {
+		return nil, errNoConn
+	}
+
+	loggerFactory := config.LoggerFactory
+	if loggerFactory == nil {
+		loggerFactory = logging.NewDefaultLoggerFactory()
+	}
+
+	localOpts := append(
+		[]ContextOption{},
+		config.LocalOptions...,
+	)
+	remoteOpts := append(
+		[]ContextOption{
+			// Default options
+			SRTPReplayProtection(defaultSessionSRTPReplayProtectionWindow),
+		},
+		config.RemoteOptions...,
+	)
+
+	s := &SessionSRTP{
+		session: session{
+			nextConn:      conn,
+			localOptions:  localOpts,
+			remoteOptions: remoteOpts,
+			readStreams:   map[uint32]readStream{},
+			newStream:     make(chan readStream),
+			started:       make(chan interface{}),
+			closed:        make(chan interface{}),
+			bufferFactory: config.BufferFactory,
+			log:           loggerFactory.NewLogger("srtp"),
+		},
+	}
+	s.writeStream = &WriteStreamSRTP{s}
+
+	err := s.session.start(
+		config.Keys.LocalMasterKey, config.Keys.LocalMasterSalt,
+		config.Keys.RemoteMasterKey, config.Keys.RemoteMasterSalt,
+		config.Profile,
+		s,
+	)
+	if err != nil {
+		return nil, err
+	}
+	return s, nil
+}
+
+// OpenWriteStream returns the global write stream for the Session
+func (s *SessionSRTP) OpenWriteStream() (*WriteStreamSRTP, error) {
+	return s.writeStream, nil
+}
+
+// OpenReadStream opens a read stream for the given SSRC, it can be used
+// if you want a certain SSRC, but don't want to wait for AcceptStream
+func (s *SessionSRTP) OpenReadStream(ssrc uint32) (*ReadStreamSRTP, error) {
+	r, _ := s.session.getOrCreateReadStream(ssrc, s, newReadStreamSRTP)
+
+	if readStream, ok := r.(*ReadStreamSRTP); ok {
+		return readStream, nil
+	}
+
+	return nil, errFailedTypeAssertion
+}
+
+// AcceptStream returns a stream to handle RTCP for a single SSRC
+func (s *SessionSRTP) AcceptStream() (*ReadStreamSRTP, uint32, error) {
+	stream, ok := <-s.newStream
+	if !ok {
+		return nil, 0, errStreamAlreadyClosed
+	}
+
+	readStream, ok := stream.(*ReadStreamSRTP)
+	if !ok {
+		return nil, 0, errFailedTypeAssertion
+	}
+
+	return readStream, stream.GetSSRC(), nil
+}
+
+// Close ends the session
+func (s *SessionSRTP) Close() error {
+	return s.session.close()
+}
+
+func (s *SessionSRTP) write(b []byte) (int, error) {
+	packet := &rtp.Packet{}
+
+	err := packet.Unmarshal(b)
+	if err != nil {
+		return 0, nil
+	}
+
+	return s.writeRTP(&packet.Header, packet.Payload)
+}
+
+func (s *SessionSRTP) writeRTP(header *rtp.Header, payload []byte) (int, error) {
+	if _, ok := <-s.session.started; ok {
+		return 0, errStartedChannelUsedIncorrectly
+	}
+
+	s.session.localContextMutex.Lock()
+	encrypted, err := s.localContext.encryptRTP(nil, header, payload)
+	s.session.localContextMutex.Unlock()
+
+	if err != nil {
+		return 0, err
+	}
+
+	return s.session.nextConn.Write(encrypted)
+}
+
+func (s *SessionSRTP) setWriteDeadline(t time.Time) error {
+	return s.session.nextConn.SetWriteDeadline(t)
+}
+
+func (s *SessionSRTP) decrypt(buf []byte) error {
+	h := &rtp.Header{}
+	if err := h.Unmarshal(buf); err != nil {
+		return err
+	}
+
+	r, isNew := s.session.getOrCreateReadStream(h.SSRC, s, newReadStreamSRTP)
+	if r == nil {
+		return nil // Session has been closed
+	} else if isNew {
+		s.session.newStream <- r // Notify AcceptStream
+	}
+
+	readStream, ok := r.(*ReadStreamSRTP)
+	if !ok {
+		return errFailedTypeAssertion
+	}
+
+	decrypted, err := s.remoteContext.decryptRTP(buf, buf, h)
+	if err != nil {
+		return err
+	}
+
+	_, err = readStream.write(decrypted)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/srtcp.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/srtcp.go
new file mode 100644
index 000000000..dbf512549
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/srtcp.go
@@ -0,0 +1,77 @@
+package srtp
+
+import (
+	"encoding/binary"
+	"fmt"
+
+	"github.com/pion/rtcp"
+)
+
+const maxSRTCPIndex = 0x7FFFFFFF
+
+func (c *Context) decryptRTCP(dst, encrypted []byte) ([]byte, error) {
+	out := allocateIfMismatch(dst, encrypted)
+	tailOffset := len(encrypted) - (c.cipher.authTagLen() + srtcpIndexSize)
+
+	if tailOffset < 0 {
+		return nil, fmt.Errorf("%w: %d", errTooShortRTCP, len(encrypted))
+	} else if isEncrypted := encrypted[tailOffset] >> 7; isEncrypted == 0 {
+		return out, nil
+	}
+
+	index := c.cipher.getRTCPIndex(encrypted)
+	ssrc := binary.BigEndian.Uint32(encrypted[4:])
+
+	s := c.getSRTCPSSRCState(ssrc)
+	markAsValid, ok := s.replayDetector.Check(uint64(index))
+	if !ok {
+		return nil, &errorDuplicated{Proto: "srtcp", SSRC: ssrc, Index: index}
+	}
+
+	out, err := c.cipher.decryptRTCP(out, encrypted, index, ssrc)
+	if err != nil {
+		return nil, err
+	}
+
+	markAsValid()
+	return out, nil
+}
+
+// DecryptRTCP decrypts a buffer that contains a RTCP packet
+func (c *Context) DecryptRTCP(dst, encrypted []byte, header *rtcp.Header) ([]byte, error) {
+	if header == nil {
+		header = &rtcp.Header{}
+	}
+
+	if err := header.Unmarshal(encrypted); err != nil {
+		return nil, err
+	}
+
+	return c.decryptRTCP(dst, encrypted)
+}
+
+func (c *Context) encryptRTCP(dst, decrypted []byte) ([]byte, error) {
+	ssrc := binary.BigEndian.Uint32(decrypted[4:])
+	s := c.getSRTCPSSRCState(ssrc)
+
+	// We roll over early because MSB is used for marking as encrypted
+	s.srtcpIndex++
+	if s.srtcpIndex > maxSRTCPIndex {
+		s.srtcpIndex = 0
+	}
+
+	return c.cipher.encryptRTCP(dst, decrypted, s.srtcpIndex, ssrc)
+}
+
+// EncryptRTCP Encrypts a RTCP packet
+func (c *Context) EncryptRTCP(dst, decrypted []byte, header *rtcp.Header) ([]byte, error) {
+	if header == nil {
+		header = &rtcp.Header{}
+	}
+
+	if err := header.Unmarshal(decrypted); err != nil {
+		return nil, err
+	}
+
+	return c.encryptRTCP(dst, decrypted)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/srtp.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/srtp.go
new file mode 100644
index 000000000..c4ed3ace0
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/srtp.go
@@ -0,0 +1,68 @@
+// Package srtp implements Secure Real-time Transport Protocol
+package srtp
+
+import (
+	"github.com/pion/rtp"
+)
+
+func (c *Context) decryptRTP(dst, ciphertext []byte, header *rtp.Header) ([]byte, error) {
+	s := c.getSRTPSSRCState(header.SSRC)
+
+	markAsValid, ok := s.replayDetector.Check(uint64(header.SequenceNumber))
+	if !ok {
+		return nil, &errorDuplicated{
+			Proto: "srtp", SSRC: header.SSRC, Index: uint32(header.SequenceNumber),
+		}
+	}
+
+	dst = growBufferSize(dst, len(ciphertext)-c.cipher.authTagLen())
+	roc, updateROC := s.nextRolloverCount(header.SequenceNumber)
+
+	dst, err := c.cipher.decryptRTP(dst, ciphertext, header, roc)
+	if err != nil {
+		return nil, err
+	}
+
+	markAsValid()
+	updateROC()
+	return dst, nil
+}
+
+// DecryptRTP decrypts a RTP packet with an encrypted payload
+func (c *Context) DecryptRTP(dst, encrypted []byte, header *rtp.Header) ([]byte, error) {
+	if header == nil {
+		header = &rtp.Header{}
+	}
+
+	if err := header.Unmarshal(encrypted); err != nil {
+		return nil, err
+	}
+
+	return c.decryptRTP(dst, encrypted, header)
+}
+
+// EncryptRTP marshals and encrypts an RTP packet, writing to the dst buffer provided.
+// If the dst buffer does not have the capacity to hold `len(plaintext) + 10` bytes, a new one will be allocated and returned.
+// If a rtp.Header is provided, it will be Unmarshaled using the plaintext.
+func (c *Context) EncryptRTP(dst []byte, plaintext []byte, header *rtp.Header) ([]byte, error) {
+	if header == nil {
+		header = &rtp.Header{}
+	}
+
+	if err := header.Unmarshal(plaintext); err != nil {
+		return nil, err
+	}
+
+	return c.encryptRTP(dst, header, plaintext[header.PayloadOffset:])
+}
+
+// encryptRTP marshals and encrypts an RTP packet, writing to the dst buffer provided.
+// If the dst buffer does not have the capacity, a new one will be allocated and returned.
+// Similar to above but faster because it can avoid unmarshaling the header and marshaling the payload.
+func (c *Context) encryptRTP(dst []byte, header *rtp.Header, payload []byte) (ciphertext []byte, err error) {
+	s := c.getSRTPSSRCState(header.SSRC)
+	roc, updateROC := s.nextRolloverCount(header.SequenceNumber)
+	updateROC()
+
+	return c.cipher.encryptRTP(dst, header, payload, roc)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/srtp_cipher.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/srtp_cipher.go
new file mode 100644
index 000000000..6c1fda04a
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/srtp_cipher.go
@@ -0,0 +1,16 @@
+package srtp
+
+import "github.com/pion/rtp"
+
+// cipher represents a implementation of one
+// of the SRTP Specific ciphers
+type srtpCipher interface {
+	authTagLen() int
+	getRTCPIndex([]byte) uint32
+
+	encryptRTP([]byte, *rtp.Header, []byte, uint32) ([]byte, error)
+	encryptRTCP([]byte, []byte, uint32, uint32) ([]byte, error)
+
+	decryptRTP([]byte, []byte, *rtp.Header, uint32) ([]byte, error)
+	decryptRTCP([]byte, []byte, uint32, uint32) ([]byte, error)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/srtp_cipher_aead_aes_gcm.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/srtp_cipher_aead_aes_gcm.go
new file mode 100644
index 000000000..58e1b8f62
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/srtp_cipher_aead_aes_gcm.go
@@ -0,0 +1,172 @@
+package srtp
+
+import (
+	"crypto/aes"
+	"crypto/cipher"
+	"encoding/binary"
+
+	"github.com/pion/rtp"
+)
+
+const (
+	rtcpEncryptionFlag = 0x80
+)
+
+type srtpCipherAeadAesGcm struct {
+	srtpCipher, srtcpCipher cipher.AEAD
+
+	srtpSessionSalt, srtcpSessionSalt []byte
+}
+
+func newSrtpCipherAeadAesGcm(masterKey, masterSalt []byte) (*srtpCipherAeadAesGcm, error) {
+	s := &srtpCipherAeadAesGcm{}
+
+	srtpSessionKey, err := aesCmKeyDerivation(labelSRTPEncryption, masterKey, masterSalt, 0, len(masterKey))
+	if err != nil {
+		return nil, err
+	}
+
+	srtpBlock, err := aes.NewCipher(srtpSessionKey)
+	if err != nil {
+		return nil, err
+	}
+
+	s.srtpCipher, err = cipher.NewGCM(srtpBlock)
+	if err != nil {
+		return nil, err
+	}
+
+	srtcpSessionKey, err := aesCmKeyDerivation(labelSRTCPEncryption, masterKey, masterSalt, 0, len(masterKey))
+	if err != nil {
+		return nil, err
+	}
+
+	srtcpBlock, err := aes.NewCipher(srtcpSessionKey)
+	if err != nil {
+		return nil, err
+	}
+
+	s.srtcpCipher, err = cipher.NewGCM(srtcpBlock)
+	if err != nil {
+		return nil, err
+	}
+
+	if s.srtpSessionSalt, err = aesCmKeyDerivation(labelSRTPSalt, masterKey, masterSalt, 0, len(masterSalt)); err != nil {
+		return nil, err
+	} else if s.srtcpSessionSalt, err = aesCmKeyDerivation(labelSRTCPSalt, masterKey, masterSalt, 0, len(masterSalt)); err != nil {
+		return nil, err
+	}
+
+	return s, nil
+}
+
+func (s *srtpCipherAeadAesGcm) authTagLen() int {
+	return 16
+}
+
+func (s *srtpCipherAeadAesGcm) encryptRTP(dst []byte, header *rtp.Header, payload []byte, roc uint32) (ciphertext []byte, err error) {
+	hdr, err := header.Marshal()
+	if err != nil {
+		return nil, err
+	}
+
+	iv := s.rtpInitializationVector(header, roc)
+	out := s.srtpCipher.Seal(nil, iv, payload, hdr)
+	return append(hdr, out...), nil
+}
+
+func (s *srtpCipherAeadAesGcm) decryptRTP(dst, ciphertext []byte, header *rtp.Header, roc uint32) ([]byte, error) {
+	iv := s.rtpInitializationVector(header, roc)
+
+	out, err := s.srtpCipher.Open(nil, iv, ciphertext[header.PayloadOffset:], ciphertext[:header.PayloadOffset])
+	if err != nil {
+		return nil, err
+	}
+
+	out = append(make([]byte, header.PayloadOffset), out...)
+	copy(out, ciphertext[:header.PayloadOffset])
+
+	return out, nil
+}
+
+func (s *srtpCipherAeadAesGcm) encryptRTCP(dst, decrypted []byte, srtcpIndex uint32, ssrc uint32) ([]byte, error) {
+	iv := s.rtcpInitializationVector(srtcpIndex, ssrc)
+	aad := s.rtcpAdditionalAuthenticatedData(decrypted, srtcpIndex)
+
+	out := s.srtcpCipher.Seal(nil, iv, decrypted[8:], aad)
+
+	out = append(make([]byte, 8), out...)
+	copy(out, decrypted[:8])
+	out = append(out, aad[8:]...)
+
+	return out, nil
+}
+
+func (s *srtpCipherAeadAesGcm) decryptRTCP(out, encrypted []byte, srtcpIndex, ssrc uint32) ([]byte, error) {
+	iv := s.rtcpInitializationVector(srtcpIndex, ssrc)
+	aad := s.rtcpAdditionalAuthenticatedData(encrypted, srtcpIndex)
+
+	decrypted, err := s.srtcpCipher.Open(nil, iv, encrypted[8:len(encrypted)-srtcpIndexSize], aad)
+	if err != nil {
+		return nil, err
+	}
+
+	decrypted = append(encrypted[:8], decrypted...)
+	return decrypted, nil
+}
+
+// The 12-octet IV used by AES-GCM SRTP is formed by first concatenating
+// 2 octets of zeroes, the 4-octet SSRC, the 4-octet rollover counter
+// (ROC), and the 2-octet sequence number (SEQ).  The resulting 12-octet
+// value is then XORed to the 12-octet salt to form the 12-octet IV.
+//
+// https://tools.ietf.org/html/rfc7714#section-8.1
+func (s *srtpCipherAeadAesGcm) rtpInitializationVector(header *rtp.Header, roc uint32) []byte {
+	iv := make([]byte, 12)
+	binary.BigEndian.PutUint32(iv[2:], header.SSRC)
+	binary.BigEndian.PutUint32(iv[6:], roc)
+	binary.BigEndian.PutUint16(iv[10:], header.SequenceNumber)
+
+	for i := range iv {
+		iv[i] ^= s.srtpSessionSalt[i]
+	}
+	return iv
+}
+
+// The 12-octet IV used by AES-GCM SRTCP is formed by first
+// concatenating 2 octets of zeroes, the 4-octet SSRC identifier,
+// 2 octets of zeroes, a single "0" bit, and the 31-bit SRTCP index.
+// The resulting 12-octet value is then XORed to the 12-octet salt to
+// form the 12-octet IV.
+//
+// https://tools.ietf.org/html/rfc7714#section-9.1
+func (s *srtpCipherAeadAesGcm) rtcpInitializationVector(srtcpIndex uint32, ssrc uint32) []byte {
+	iv := make([]byte, 12)
+
+	binary.BigEndian.PutUint32(iv[2:], ssrc)
+	binary.BigEndian.PutUint32(iv[8:], srtcpIndex)
+
+	for i := range iv {
+		iv[i] ^= s.srtcpSessionSalt[i]
+	}
+	return iv
+}
+
+// In an SRTCP packet, a 1-bit Encryption flag is prepended to the
+// 31-bit SRTCP index to form a 32-bit value we shall call the
+// "ESRTCP word"
+//
+// https://tools.ietf.org/html/rfc7714#section-17
+func (s *srtpCipherAeadAesGcm) rtcpAdditionalAuthenticatedData(rtcpPacket []byte, srtcpIndex uint32) []byte {
+	aad := make([]byte, 12)
+
+	copy(aad, rtcpPacket[:8])
+	binary.BigEndian.PutUint32(aad[8:], srtcpIndex)
+	aad[8] |= rtcpEncryptionFlag
+
+	return aad
+}
+
+func (s *srtpCipherAeadAesGcm) getRTCPIndex(in []byte) uint32 {
+	return binary.BigEndian.Uint32(in[len(in)-4:]) &^ (rtcpEncryptionFlag << 24)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/srtp_cipher_aes_cm_hmac_sha1.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/srtp_cipher_aes_cm_hmac_sha1.go
new file mode 100644
index 000000000..ea1dae094
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/srtp_cipher_aes_cm_hmac_sha1.go
@@ -0,0 +1,224 @@
+package srtp
+
+import ( //nolint:gci
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/hmac"
+	"crypto/sha1" //nolint:gosec
+	"crypto/subtle"
+	"encoding/binary"
+	"hash"
+
+	"github.com/pion/rtp"
+)
+
+type srtpCipherAesCmHmacSha1 struct {
+	srtpSessionSalt []byte
+	srtpSessionAuth hash.Hash
+	srtpBlock       cipher.Block
+
+	srtcpSessionSalt []byte
+	srtcpSessionAuth hash.Hash
+	srtcpBlock       cipher.Block
+}
+
+func newSrtpCipherAesCmHmacSha1(masterKey, masterSalt []byte) (*srtpCipherAesCmHmacSha1, error) {
+	s := &srtpCipherAesCmHmacSha1{}
+	srtpSessionKey, err := aesCmKeyDerivation(labelSRTPEncryption, masterKey, masterSalt, 0, len(masterKey))
+	if err != nil {
+		return nil, err
+	} else if s.srtpBlock, err = aes.NewCipher(srtpSessionKey); err != nil {
+		return nil, err
+	}
+
+	srtcpSessionKey, err := aesCmKeyDerivation(labelSRTCPEncryption, masterKey, masterSalt, 0, len(masterKey))
+	if err != nil {
+		return nil, err
+	} else if s.srtcpBlock, err = aes.NewCipher(srtcpSessionKey); err != nil {
+		return nil, err
+	}
+
+	if s.srtpSessionSalt, err = aesCmKeyDerivation(labelSRTPSalt, masterKey, masterSalt, 0, len(masterSalt)); err != nil {
+		return nil, err
+	} else if s.srtcpSessionSalt, err = aesCmKeyDerivation(labelSRTCPSalt, masterKey, masterSalt, 0, len(masterSalt)); err != nil {
+		return nil, err
+	}
+
+	authKeyLen, err := ProtectionProfileAes128CmHmacSha1_80.authKeyLen()
+	if err != nil {
+		return nil, err
+	}
+
+	srtpSessionAuthTag, err := aesCmKeyDerivation(labelSRTPAuthenticationTag, masterKey, masterSalt, 0, authKeyLen)
+	if err != nil {
+		return nil, err
+	}
+
+	srtcpSessionAuthTag, err := aesCmKeyDerivation(labelSRTCPAuthenticationTag, masterKey, masterSalt, 0, authKeyLen)
+	if err != nil {
+		return nil, err
+	}
+
+	s.srtcpSessionAuth = hmac.New(sha1.New, srtcpSessionAuthTag)
+	s.srtpSessionAuth = hmac.New(sha1.New, srtpSessionAuthTag)
+	return s, nil
+}
+
+func (s *srtpCipherAesCmHmacSha1) authTagLen() int {
+	return 10
+}
+
+func (s *srtpCipherAesCmHmacSha1) encryptRTP(dst []byte, header *rtp.Header, payload []byte, roc uint32) (ciphertext []byte, err error) {
+	// Grow the given buffer to fit the output.
+	dst = growBufferSize(dst, header.MarshalSize()+len(payload)+s.authTagLen())
+
+	// Copy the header unencrypted.
+	n, err := header.MarshalTo(dst)
+	if err != nil {
+		return nil, err
+	}
+
+	// Encrypt the payload
+	counter := generateCounter(header.SequenceNumber, roc, header.SSRC, s.srtpSessionSalt)
+	stream := cipher.NewCTR(s.srtpBlock, counter)
+	stream.XORKeyStream(dst[n:], payload)
+	n += len(payload)
+
+	// Generate the auth tag.
+	authTag, err := s.generateSrtpAuthTag(dst[:n], roc)
+	if err != nil {
+		return nil, err
+	}
+
+	// Write the auth tag to the dest.
+	copy(dst[n:], authTag)
+
+	return dst, nil
+}
+
+func (s *srtpCipherAesCmHmacSha1) decryptRTP(dst, ciphertext []byte, header *rtp.Header, roc uint32) ([]byte, error) {
+	// Split the auth tag and the cipher text into two parts.
+	actualTag := ciphertext[len(ciphertext)-s.authTagLen():]
+	ciphertext = ciphertext[:len(ciphertext)-s.authTagLen()]
+
+	// Generate the auth tag we expect to see from the ciphertext.
+	expectedTag, err := s.generateSrtpAuthTag(ciphertext, roc)
+	if err != nil {
+		return nil, err
+	}
+
+	// See if the auth tag actually matches.
+	// We use a constant time comparison to prevent timing attacks.
+	if subtle.ConstantTimeCompare(actualTag, expectedTag) != 1 {
+		return nil, errFailedToVerifyAuthTag
+	}
+
+	// Write the plaintext header to the destination buffer.
+	copy(dst, ciphertext[:header.PayloadOffset])
+
+	// Decrypt the ciphertext for the payload.
+	counter := generateCounter(header.SequenceNumber, roc, header.SSRC, s.srtpSessionSalt)
+	stream := cipher.NewCTR(s.srtpBlock, counter)
+	stream.XORKeyStream(dst[header.PayloadOffset:], ciphertext[header.PayloadOffset:])
+	return dst, nil
+}
+
+func (s *srtpCipherAesCmHmacSha1) encryptRTCP(dst, decrypted []byte, srtcpIndex uint32, ssrc uint32) ([]byte, error) {
+	dst = allocateIfMismatch(dst, decrypted)
+
+	// Encrypt everything after header
+	stream := cipher.NewCTR(s.srtcpBlock, generateCounter(uint16(srtcpIndex&0xffff), srtcpIndex>>16, ssrc, s.srtcpSessionSalt))
+	stream.XORKeyStream(dst[8:], dst[8:])
+
+	// Add SRTCP Index and set Encryption bit
+	dst = append(dst, make([]byte, 4)...)
+	binary.BigEndian.PutUint32(dst[len(dst)-4:], srtcpIndex)
+	dst[len(dst)-4] |= 0x80
+
+	authTag, err := s.generateSrtcpAuthTag(dst)
+	if err != nil {
+		return nil, err
+	}
+	return append(dst, authTag...), nil
+}
+
+func (s *srtpCipherAesCmHmacSha1) decryptRTCP(out, encrypted []byte, index, ssrc uint32) ([]byte, error) {
+	tailOffset := len(encrypted) - (s.authTagLen() + srtcpIndexSize)
+	out = out[0:tailOffset]
+
+	expectedTag, err := s.generateSrtcpAuthTag(encrypted[:len(encrypted)-s.authTagLen()])
+	if err != nil {
+		return nil, err
+	}
+
+	actualTag := encrypted[len(encrypted)-s.authTagLen():]
+	if subtle.ConstantTimeCompare(actualTag, expectedTag) != 1 {
+		return nil, errFailedToVerifyAuthTag
+	}
+
+	stream := cipher.NewCTR(s.srtcpBlock, generateCounter(uint16(index&0xffff), index>>16, ssrc, s.srtcpSessionSalt))
+	stream.XORKeyStream(out[8:], out[8:])
+
+	return out, nil
+}
+
+func (s *srtpCipherAesCmHmacSha1) generateSrtpAuthTag(buf []byte, roc uint32) ([]byte, error) {
+	// https://tools.ietf.org/html/rfc3711#section-4.2
+	// In the case of SRTP, M SHALL consist of the Authenticated
+	// Portion of the packet (as specified in Figure 1) concatenated with
+	// the ROC, M = Authenticated Portion || ROC;
+	//
+	// The pre-defined authentication transform for SRTP is HMAC-SHA1
+	// [RFC2104].  With HMAC-SHA1, the SRTP_PREFIX_LENGTH (Figure 3) SHALL
+	// be 0.  For SRTP (respectively SRTCP), the HMAC SHALL be applied to
+	// the session authentication key and M as specified above, i.e.,
+	// HMAC(k_a, M).  The HMAC output SHALL then be truncated to the n_tag
+	// left-most bits.
+	// - Authenticated portion of the packet is everything BEFORE MKI
+	// - k_a is the session message authentication key
+	// - n_tag is the bit-length of the output authentication tag
+	s.srtpSessionAuth.Reset()
+
+	if _, err := s.srtpSessionAuth.Write(buf); err != nil {
+		return nil, err
+	}
+
+	// For SRTP only, we need to hash the rollover counter as well.
+	rocRaw := [4]byte{}
+	binary.BigEndian.PutUint32(rocRaw[:], roc)
+
+	_, err := s.srtpSessionAuth.Write(rocRaw[:])
+	if err != nil {
+		return nil, err
+	}
+
+	// Truncate the hash to the first 10 bytes.
+	return s.srtpSessionAuth.Sum(nil)[0:s.authTagLen()], nil
+}
+
+func (s *srtpCipherAesCmHmacSha1) generateSrtcpAuthTag(buf []byte) ([]byte, error) {
+	// https://tools.ietf.org/html/rfc3711#section-4.2
+	//
+	// The pre-defined authentication transform for SRTP is HMAC-SHA1
+	// [RFC2104].  With HMAC-SHA1, the SRTP_PREFIX_LENGTH (Figure 3) SHALL
+	// be 0.  For SRTP (respectively SRTCP), the HMAC SHALL be applied to
+	// the session authentication key and M as specified above, i.e.,
+	// HMAC(k_a, M).  The HMAC output SHALL then be truncated to the n_tag
+	// left-most bits.
+	// - Authenticated portion of the packet is everything BEFORE MKI
+	// - k_a is the session message authentication key
+	// - n_tag is the bit-length of the output authentication tag
+	s.srtcpSessionAuth.Reset()
+
+	if _, err := s.srtcpSessionAuth.Write(buf); err != nil {
+		return nil, err
+	}
+
+	return s.srtcpSessionAuth.Sum(nil)[0:s.authTagLen()], nil
+}
+
+func (s *srtpCipherAesCmHmacSha1) getRTCPIndex(in []byte) uint32 {
+	tailOffset := len(in) - (s.authTagLen() + srtcpIndexSize)
+	srtcpIndexBuffer := in[tailOffset : tailOffset+srtcpIndexSize]
+	return binary.BigEndian.Uint32(srtcpIndexBuffer) &^ (1 << 31)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/stream.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/stream.go
new file mode 100644
index 000000000..7b7a0cf9a
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/stream.go
@@ -0,0 +1,8 @@
+package srtp
+
+type readStream interface {
+	init(child streamSession, ssrc uint32) error
+
+	Read(buf []byte) (int, error)
+	GetSSRC() uint32
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/stream_srtcp.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/stream_srtcp.go
new file mode 100644
index 000000000..bc6cf944d
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/stream_srtcp.go
@@ -0,0 +1,152 @@
+package srtp
+
+import (
+	"errors"
+	"io"
+	"sync"
+	"time"
+
+	"github.com/pion/rtcp"
+	"github.com/pion/transport/packetio"
+)
+
+// Limit the buffer size to 100KB
+const srtcpBufferSize = 100 * 1000
+
+// ReadStreamSRTCP handles decryption for a single RTCP SSRC
+type ReadStreamSRTCP struct {
+	mu sync.Mutex
+
+	isInited bool
+	isClosed chan bool
+
+	session *SessionSRTCP
+	ssrc    uint32
+
+	buffer io.ReadWriteCloser
+}
+
+func (r *ReadStreamSRTCP) write(buf []byte) (n int, err error) {
+	n, err = r.buffer.Write(buf)
+
+	if errors.Is(err, packetio.ErrFull) {
+		// Silently drop data when the buffer is full.
+		return len(buf), nil
+	}
+
+	return n, err
+}
+
+// Used by getOrCreateReadStream
+func newReadStreamSRTCP() readStream {
+	return &ReadStreamSRTCP{}
+}
+
+// ReadRTCP reads and decrypts full RTCP packet and its header from the nextConn
+func (r *ReadStreamSRTCP) ReadRTCP(buf []byte) (int, *rtcp.Header, error) {
+	n, err := r.Read(buf)
+	if err != nil {
+		return 0, nil, err
+	}
+
+	header := &rtcp.Header{}
+	err = header.Unmarshal(buf[:n])
+	if err != nil {
+		return 0, nil, err
+	}
+
+	return n, header, nil
+}
+
+// Read reads and decrypts full RTCP packet from the nextConn
+func (r *ReadStreamSRTCP) Read(buf []byte) (int, error) {
+	return r.buffer.Read(buf)
+}
+
+// SetReadDeadline sets the deadline for the Read operation.
+// Setting to zero means no deadline.
+func (r *ReadStreamSRTCP) SetReadDeadline(t time.Time) error {
+	return r.buffer.(*packetio.Buffer).SetReadDeadline(t)
+}
+
+// Close removes the ReadStream from the session and cleans up any associated state
+func (r *ReadStreamSRTCP) Close() error {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+
+	if !r.isInited {
+		return errStreamNotInited
+	}
+
+	select {
+	case <-r.isClosed:
+		return errStreamAlreadyClosed
+	default:
+		err := r.buffer.Close()
+		if err != nil {
+			return err
+		}
+
+		r.session.removeReadStream(r.ssrc)
+		return nil
+	}
+}
+
+func (r *ReadStreamSRTCP) init(child streamSession, ssrc uint32) error {
+	sessionSRTCP, ok := child.(*SessionSRTCP)
+
+	r.mu.Lock()
+	defer r.mu.Unlock()
+	if !ok {
+		return errFailedTypeAssertion
+	} else if r.isInited {
+		return errStreamAlreadyInited
+	}
+
+	r.session = sessionSRTCP
+	r.ssrc = ssrc
+	r.isInited = true
+	r.isClosed = make(chan bool)
+
+	if r.session.bufferFactory != nil {
+		r.buffer = r.session.bufferFactory(packetio.RTCPBufferPacket, ssrc)
+	} else {
+		// Create a buffer and limit it to 100KB
+		buff := packetio.NewBuffer()
+		buff.SetLimitSize(srtcpBufferSize)
+		r.buffer = buff
+	}
+
+	return nil
+}
+
+// GetSSRC returns the SSRC we are demuxing for
+func (r *ReadStreamSRTCP) GetSSRC() uint32 {
+	return r.ssrc
+}
+
+// WriteStreamSRTCP is stream for a single Session that is used to encrypt RTCP
+type WriteStreamSRTCP struct {
+	session *SessionSRTCP
+}
+
+// WriteRTCP encrypts a RTCP header and its payload to the nextConn
+func (w *WriteStreamSRTCP) WriteRTCP(header *rtcp.Header, payload []byte) (int, error) {
+	headerRaw, err := header.Marshal()
+	if err != nil {
+		return 0, err
+	}
+
+	return w.session.write(append(headerRaw, payload...))
+}
+
+// Write encrypts and writes a full RTCP packets to the nextConn
+func (w *WriteStreamSRTCP) Write(b []byte) (int, error) {
+	return w.session.write(b)
+}
+
+// SetWriteDeadline sets the deadline for the Write operation.
+// Setting to zero means no deadline.
+func (w *WriteStreamSRTCP) SetWriteDeadline(t time.Time) error {
+	return w.session.setWriteDeadline(t)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/stream_srtp.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/stream_srtp.go
new file mode 100644
index 000000000..b5b2f6c10
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/stream_srtp.go
@@ -0,0 +1,149 @@
+package srtp
+
+import (
+	"errors"
+	"io"
+	"sync"
+	"time"
+
+	"github.com/pion/rtp"
+	"github.com/pion/transport/packetio"
+)
+
+// Limit the buffer size to 1MB
+const srtpBufferSize = 1000 * 1000
+
+// ReadStreamSRTP handles decryption for a single RTP SSRC
+type ReadStreamSRTP struct {
+	mu sync.Mutex
+
+	isInited bool
+	isClosed chan bool
+
+	session *SessionSRTP
+	ssrc    uint32
+
+	buffer io.ReadWriteCloser
+}
+
+// Used by getOrCreateReadStream
+func newReadStreamSRTP() readStream {
+	return &ReadStreamSRTP{}
+}
+
+func (r *ReadStreamSRTP) init(child streamSession, ssrc uint32) error {
+	sessionSRTP, ok := child.(*SessionSRTP)
+
+	r.mu.Lock()
+	defer r.mu.Unlock()
+
+	if !ok {
+		return errFailedTypeAssertion
+	} else if r.isInited {
+		return errStreamAlreadyInited
+	}
+
+	r.session = sessionSRTP
+	r.ssrc = ssrc
+	r.isInited = true
+	r.isClosed = make(chan bool)
+
+	// Create a buffer with a 1MB limit
+	if r.session.bufferFactory != nil {
+		r.buffer = r.session.bufferFactory(packetio.RTPBufferPacket, ssrc)
+	} else {
+		buff := packetio.NewBuffer()
+		buff.SetLimitSize(srtpBufferSize)
+		r.buffer = buff
+	}
+
+	return nil
+}
+
+func (r *ReadStreamSRTP) write(buf []byte) (n int, err error) {
+	n, err = r.buffer.Write(buf)
+
+	if errors.Is(err, packetio.ErrFull) {
+		// Silently drop data when the buffer is full.
+		return len(buf), nil
+	}
+
+	return n, err
+}
+
+// Read reads and decrypts full RTP packet from the nextConn
+func (r *ReadStreamSRTP) Read(buf []byte) (int, error) {
+	return r.buffer.Read(buf)
+}
+
+// ReadRTP reads and decrypts full RTP packet and its header from the nextConn
+func (r *ReadStreamSRTP) ReadRTP(buf []byte) (int, *rtp.Header, error) {
+	n, err := r.Read(buf)
+	if err != nil {
+		return 0, nil, err
+	}
+
+	header := &rtp.Header{}
+
+	err = header.Unmarshal(buf[:n])
+	if err != nil {
+		return 0, nil, err
+	}
+
+	return n, header, nil
+}
+
+// SetReadDeadline sets the deadline for the Read operation.
+// Setting to zero means no deadline.
+func (r *ReadStreamSRTP) SetReadDeadline(t time.Time) error {
+	return r.buffer.(*packetio.Buffer).SetReadDeadline(t)
+}
+
+// Close removes the ReadStream from the session and cleans up any associated state
+func (r *ReadStreamSRTP) Close() error {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+
+	if !r.isInited {
+		return errStreamNotInited
+	}
+
+	select {
+	case <-r.isClosed:
+		return errStreamAlreadyClosed
+	default:
+		err := r.buffer.Close()
+		if err != nil {
+			return err
+		}
+
+		r.session.removeReadStream(r.ssrc)
+		return nil
+	}
+}
+
+// GetSSRC returns the SSRC we are demuxing for
+func (r *ReadStreamSRTP) GetSSRC() uint32 {
+	return r.ssrc
+}
+
+// WriteStreamSRTP is stream for a single Session that is used to encrypt RTP
+type WriteStreamSRTP struct {
+	session *SessionSRTP
+}
+
+// WriteRTP encrypts a RTP packet and writes to the connection
+func (w *WriteStreamSRTP) WriteRTP(header *rtp.Header, payload []byte) (int, error) {
+	return w.session.writeRTP(header, payload)
+}
+
+// Write encrypts and writes a full RTP packets to the nextConn
+func (w *WriteStreamSRTP) Write(b []byte) (int, error) {
+	return w.session.write(b)
+}
+
+// SetWriteDeadline sets the deadline for the Write operation.
+// Setting to zero means no deadline.
+func (w *WriteStreamSRTP) SetWriteDeadline(t time.Time) error {
+	return w.session.setWriteDeadline(t)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/util.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/util.go
new file mode 100644
index 000000000..1ae34a62a
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/srtp/v2/util.go
@@ -0,0 +1,33 @@
+package srtp
+
+import "bytes"
+
+// Grow the buffer size to the given number of bytes.
+func growBufferSize(buf []byte, size int) []byte {
+	if size <= cap(buf) {
+		return buf[:size]
+	}
+
+	buf2 := make([]byte, size)
+	copy(buf2, buf)
+	return buf2
+}
+
+// Check if buffers match, if not allocate a new buffer and return it
+func allocateIfMismatch(dst, src []byte) []byte {
+	if dst == nil {
+		dst = make([]byte, len(src))
+		copy(dst, src)
+	} else if !bytes.Equal(dst, src) { // bytes.Equal returns on ref equality, no optimization needed
+		extraNeeded := len(src) - len(dst)
+		if extraNeeded > 0 {
+			dst = append(dst, make([]byte, extraNeeded)...)
+		} else if extraNeeded < 0 {
+			dst = dst[:len(dst)+extraNeeded]
+		}
+
+		copy(dst, src)
+	}
+
+	return dst
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/.codecov.yml b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/.codecov.yml
new file mode 100644
index 000000000..7fa67fec8
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/.codecov.yml
@@ -0,0 +1,9 @@
+coverage:
+  status:
+    patch: off
+    project:
+      default:
+        # basic
+        target: 98
+        threshold: null
+        base: auto
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/.gitignore b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/.gitignore
new file mode 100644
index 000000000..b9420d943
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/.gitignore
@@ -0,0 +1,17 @@
+*-fuzz.zip
+.idea
+benchmark.*.write
+*.test
+*.out
+*.sw[poe]
+bench.go-*
+PACKAGES
+cmd/stun-cli/stun-cli
+cmd/stun-decode/stun-decode
+cmd/stun-bench/stun-bench
+cmd/stun-nat-behaviour/stun-nat-behaviour
+
+coverage.txt
+
+e2e/dump.pcap
+e2e/log-*.txt
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/.golangci.yml b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/.golangci.yml
new file mode 100644
index 000000000..40ca69c0d
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/.golangci.yml
@@ -0,0 +1,93 @@
+linters-settings:
+  govet:
+    check-shadowing: true
+  golint:
+    min-confidence: 0
+  gocyclo:
+    min-complexity: 15
+  maligned:
+    suggest-new: true
+  dupl:
+    threshold: 100
+  goconst:
+    min-len: 2
+    min-occurrences: 2
+  misspell:
+    locale: US
+  lll:
+    line-length: 140
+  goimports:
+    local-prefixes: github.com/pion
+  gocritic:
+    enabled-tags:
+      - performance
+      - style
+      - experimental
+    disabled-checks:
+      - commentedOutCode
+      - sloppyReassign
+
+issues:
+  exclude:
+    - "`assertHMACSize` - `blocksize` always receives `64`"
+  exclude-rules:
+    - text: "string `<nil>`"
+      linters:
+        - goconst
+
+    # Exclude some linters from running on tests files.
+    - path: _test\.go
+      linters:
+        - gocyclo
+        - errcheck
+        - dupl
+        - gosec
+        - goconst
+
+    # Ease some gocritic warnings on test files.
+    - path: _test\.go
+      text: "(unnamedResult|exitAfterDefer|unlambda)"
+      linters:
+        - gocritic
+
+    # Exclude known linters from partially hard-vendored code,
+    # which is impossible to exclude via "nolint" comments.
+    - path: internal/hmac/
+      text: "weak cryptographic primitive"
+      linters:
+        - gosec
+    - path: internal/hmac/
+      text: "Write\\` is not checked"
+      linters:
+        - errcheck
+
+    # Ease linting on benchmarking code.
+    - path: cmd/stun-bench/
+      linters:
+        - gosec
+        - errcheck
+        - unparam
+
+    - path: ^cmd/
+      linters:
+        - gocyclo
+    - path: ^cmd/
+      text: "(unnamedResult|exitAfterDefer)"
+      linters:
+        - gocritic
+
+linters:
+  enable-all: true
+  disable:
+    - funlen
+    - gochecknoglobals
+    - godox
+    - prealloc
+    - scopelint
+
+run:
+  skip-dirs:
+    - e2e
+    - fuzz
+    - testdata
+    - api
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/.goreleaser.yml b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/.goreleaser.yml
new file mode 100644
index 000000000..d72bde60c
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/.goreleaser.yml
@@ -0,0 +1,39 @@
+before:
+  hooks:
+    - go mod tidy
+
+archives:
+- replacements:
+    darwin: Darwin
+    linux: Linux
+    windows: Windows
+    386: i386
+    amd64: x86_64
+
+checksum:
+  name_template: 'checksums.txt'
+
+snapshot:
+  name_template: "{{ .Tag }}-next"
+
+changelog:
+  sort: asc
+  filters:
+    exclude:
+    - '^docs:'
+    - '^test:'
+
+builds:
+  - binary: stun-not-behavior
+    id: stun-not-behavior
+    goos:
+      - darwin
+      - windows
+      - linux
+      - freebsd
+    goarch:
+      - amd64
+      - 386
+    env:
+      - CGO_ENABLED=0
+    main: ./cmd/stun-nat-behavior
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/.travis.yml b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/.travis.yml
new file mode 100644
index 000000000..e464e84ad
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/.travis.yml
@@ -0,0 +1,135 @@
+#
+# DO NOT EDIT THIS FILE DIRECTLY
+#
+# It is automatically copied from https://github.com/pion/.goassets repository.
+# If this repository should have package specific CI config,
+# remove the repository name from .goassets/.github/workflows/assets-sync.yml.
+#
+
+dist: bionic
+language: go
+
+
+branches:
+  only:
+  - master
+
+env:
+  global:
+    - GO111MODULE=on
+    - GOLANGCI_LINT_VERSION=1.19.1
+
+cache:
+  directories:
+    - ${HOME}/.cache/go-build
+    - ${GOPATH}/pkg/mod
+  npm: true
+  yarn: true
+
+_lint_job: &lint_job
+  env: CACHE_NAME=lint
+  before_install:
+    - if [ -f .github/.ci.conf ]; then . .github/.ci.conf; fi
+  install: skip
+  before_script:
+    - |
+      curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh \
+        | bash -s - -b $GOPATH/bin v${GOLANGCI_LINT_VERSION}
+  script:
+    - bash .github/assert-contributors.sh
+    - bash .github/lint-disallowed-functions-in-library.sh
+    - bash .github/lint-commit-message.sh
+    - bash .github/lint-filename.sh
+    - golangci-lint run ./...
+_test_job: &test_job
+  env: CACHE_NAME=test
+  before_install:
+    - if [ -f .github/.ci.conf ]; then . .github/.ci.conf; fi
+    - go mod download
+  install:
+    - go build ./...
+  script:
+    - testpkgs=${TEST_PACKAGES:-$(go list ./... | grep -v examples)}
+    - coverpkgs=$(echo "${testpkgs}" | paste -s -d ',')
+    - |
+      go test \
+        -coverpkg=${coverpkgs} -coverprofile=cover.out -covermode=atomic \
+        ${TEST_EXTRA_ARGS:-} \
+        -v -race ${testpkgs}
+    - if [ -n "${TEST_HOOK}" ]; then ${TEST_HOOK}; fi
+  after_success:
+    - travis_retry bash <(curl -s https://codecov.io/bash) -c -F go
+_test_i386_job: &test_i386_job
+  env: CACHE_NAME=test386
+  services: docker
+  before_install:
+    - if [ -f .github/.ci.conf ]; then . .github/.ci.conf; fi
+  script:
+    - testpkgs=${TEST_PACKAGES:-$(go list ./... | grep -v examples)}
+    - |
+      docker run \
+        -u $(id -u):$(id -g) \
+        -e "GO111MODULE=on" \
+        -e "CGO_ENABLED=0" \
+        -v ${PWD}:/go/src/github.com/pion/$(basename ${PWD}) \
+        -v ${HOME}/gopath/pkg/mod:/go/pkg/mod \
+        -v ${HOME}/.cache/go-build:/.cache/go-build \
+        -w /go/src/github.com/pion/$(basename ${PWD}) \
+        -it i386/golang:${GO_VERSION}-alpine \
+        /usr/local/go/bin/go test \
+          ${TEST_EXTRA_ARGS:-} \
+          -v ${testpkgs}
+_test_wasm_job: &test_wasm_job
+  env: CACHE_NAME=wasm
+  language: node_js
+  node_js: 12
+  before_install:
+    - if [ -f .github/.ci.conf ]; then . .github/.ci.conf; fi
+    - if ${SKIP_WASM_TEST:-false}; then exit 0; fi
+  install:
+    # Manually download and install Go instead of using gimme.
+    # It looks like gimme Go causes some errors on go-test for Wasm.
+    - curl -sSfL https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz | tar -C ~ -xzf -
+    - export GOROOT=${HOME}/go
+    - export PATH=${GOROOT}/bin:${PATH}
+    - yarn install
+    - export GO_JS_WASM_EXEC=${GO_JS_WASM_EXEC:-${GOROOT}/misc/wasm/go_js_wasm_exec}
+  script:
+    - testpkgs=${TEST_PACKAGES:-$(go list ./... | grep -v examples)}
+    - coverpkgs=$(echo "${testpkgs}" | paste -s -d ',')
+    - |
+      GOOS=js GOARCH=wasm go test \
+        -coverpkg=${coverpkgs} -coverprofile=cover.out -covermode=atomic \
+        -exec="${GO_JS_WASM_EXEC}" \
+        -v ${testpkgs}
+  after_success:
+    - travis_retry bash <(curl -s https://codecov.io/bash) -c -F wasm
+
+jobs:
+  include:
+    - <<: *lint_job
+      name: Lint 1.14
+      go: 1.14
+    - <<: *test_job
+      name: Test 1.13
+      go: 1.13
+    - <<: *test_job
+      name: Test 1.14
+      go: 1.14
+    - <<: *test_i386_job
+      name: Test i386 1.13
+      env: GO_VERSION=1.13
+      go: 1.14  # version for host environment used to go list
+    - <<: *test_i386_job
+      name: Test i386 1.14
+      env: GO_VERSION=1.14
+      go: 1.14  # version for host environment used to go list
+    - <<: *test_wasm_job
+      name: Test WASM 1.13
+      env: GO_VERSION=1.13
+    - <<: *test_wasm_job
+      name: Test WASM 1.14
+      env: GO_VERSION=1.14
+
+notifications:
+  email: false
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/AUTHORS b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/AUTHORS
new file mode 100644
index 000000000..717af8f60
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/AUTHORS
@@ -0,0 +1,10 @@
+Sean DuBois <https://github.com/Sean-Der>
+Raphael Randschau <https://github.com/nicolai86>
+Aleksandr Razumov <ar@cydev.ru>
+Aliaksandr Valialkin <valyala@gmail.com>
+Michiel De Backker <https://github.com/backkem>
+Y.Horie <https://github.com/u5surf>
+songjiayang <https://github.com/songjiayang>
+The gortc project
+The IETF Trust
+The Go Authors
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/Dockerfile b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/Dockerfile
new file mode 100644
index 000000000..429239a38
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/Dockerfile
@@ -0,0 +1,5 @@
+FROM golang:1.14
+
+COPY . /go/src/github.com/pion/stun
+
+RUN go test github.com/pion/stun
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/LICENSE.md b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/LICENSE.md
new file mode 100644
index 000000000..5cc9cbdc5
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/LICENSE.md
@@ -0,0 +1,7 @@
+Copyright 2018 Pion LLC
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/Makefile b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/Makefile
new file mode 100644
index 000000000..43de8d003
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/Makefile
@@ -0,0 +1,61 @@
+VERSION := $(shell git describe --tags | sed -e 's/^v//g' | awk -F "-" '{print $$1}')
+ITERATION := $(shell git describe --tags --long | awk -F "-" '{print $$2}')
+GO_VERSION=$(shell gobuild -v)
+GO := $(or $(GOROOT),/usr/lib/go)/bin/go
+PROCS := $(shell nproc)
+cores:
+	@echo "cores: $(PROCS)"
+bench:
+	go test -bench .
+bench-record:
+	$(GO) test -bench . > "benchmarks/stun-go-$(GO_VERSION).txt"
+fuzz-prepare-msg:
+	go-fuzz-build -func FuzzMessage -o stun-msg-fuzz.zip github.com/pion/stun
+fuzz-prepare-typ:
+	go-fuzz-build -func FuzzType -o stun-typ-fuzz.zip github.com/pion/stun
+fuzz-prepare-setters:
+	go-fuzz-build -func FuzzSetters -o stun-setters-fuzz.zip github.com/pion/stun
+fuzz-msg:
+	go-fuzz -bin=./stun-msg-fuzz.zip -workdir=fuzz/stun-msg
+fuzz-typ:
+	go-fuzz -bin=./stun-typ-fuzz.zip -workdir=fuzz/stun-typ
+fuzz-setters:
+	go-fuzz -bin=./stun-setters-fuzz.zip -workdir=fuzz/stun-setters
+fuzz-test:
+	go test -tags gofuzz -run TestFuzz -v .
+fuzz-reset-setters:
+	rm -f -v -r stun-setters-fuzz.zip fuzz/stun-setters
+lint:
+	@golangci-lint run ./...
+	@echo "ok"
+escape:
+	@echo "Not escapes, except autogenerated:"
+	@go build -gcflags '-m -l' 2>&1 \
+	| grep -v "<autogenerated>" \
+	| grep escapes
+format:
+	goimports -w .
+bench-compare:
+	go test -bench . > bench.go-16
+	go-tip test -bench . > bench.go-tip
+	@benchcmp bench.go-16 bench.go-tip
+install-fuzz:
+	go get -u github.com/dvyukov/go-fuzz/go-fuzz-build
+	go get github.com/dvyukov/go-fuzz/go-fuzz
+install:
+	go get gortc.io/api
+	go get -u github.com/golangci/golangci-lint/cmd/golangci-lint
+docker-build:
+	docker build -t pion/stun .
+test-integration:
+	@cd e2e && bash ./test.sh
+prepush: assert test lint test-integration
+check-api:
+	@cd api && bash ./check.sh
+assert:
+	bash .github/assert-contributors.sh
+	bash .github/lint-disallowed-functions-in-library.sh
+	bash .github/lint-commit-message.sh
+test:
+	@./go.test.sh
+clean:
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/README.md b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/README.md
new file mode 100644
index 000000000..6dd50d0f3
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/README.md
@@ -0,0 +1,184 @@
+<h1 align="center">
+  <br>
+  Pion STUN
+  <br>
+</h1>
+<h4 align="center">A Go implementation of STUN</h4>
+<p align="center">
+  <a href="https://pion.ly"><img src="https://img.shields.io/badge/pion-stun-gray.svg?longCache=true&colorB=brightgreen" alt="Pion stun"></a>
+  <!--<a href="https://sourcegraph.com/github.com/pion/webrtc?badge"><img src="https://sourcegraph.com/github.com/pion/webrtc/-/badge.svg" alt="Sourcegraph Widget"></a>-->
+  <a href="https://pion.ly/slack"><img src="https://img.shields.io/badge/join-us%20on%20slack-gray.svg?longCache=true&logo=slack&colorB=brightgreen" alt="Slack Widget"></a>
+  <br>
+  <a href="https://travis-ci.org/pion/stun"><img src="https://travis-ci.org/pion/stun.svg?branch=master" alt="Build Status"></a>
+  <a href="https://pkg.go.dev/github.com/pion/stun"><img src="https://godoc.org/github.com/pion/stun?status.svg" alt="GoDoc"></a>
+  <a href="https://codecov.io/gh/pion/stun"><img src="https://codecov.io/gh/pion/stun/branch/master/graph/badge.svg" alt="Coverage Status"></a>
+  <a href="https://goreportcard.com/report/github.com/pion/stun"><img src="https://goreportcard.com/badge/github.com/pion/stun" alt="Go Report Card"></a>
+  <!--<a href="https://www.codacy.com/app/Sean-Der/webrtc"><img src="https://api.codacy.com/project/badge/Grade/18f4aec384894e6aac0b94effe51961d" alt="Codacy Badge"></a>-->
+  <a href="LICENSE"><img src="https://img.shields.io/badge/License-MIT-yellow.svg" alt="License: MIT"></a>
+</p>
+<br>
+
+### Roadmap
+The library is used as a part of our WebRTC implementation. Please refer to that [roadmap](https://github.com/pion/webrtc/issues/9) to track our major milestones.
+
+### Community
+Pion has an active community on the [Golang Slack](https://invite.slack.golangbridge.org/). Sign up and join the **#pion** channel for discussions and support. You can also use [Pion mailing list](https://groups.google.com/forum/#!forum/pion).
+
+We are always looking to support **your projects**. Please reach out if you have something to build!
+
+If you need commercial support or don't want to use public methods you can contact us at [team@pion.ly](mailto:team@pion.ly)
+
+### Contributing
+Check out the **[contributing wiki](https://github.com/pion/webrtc/wiki/Contributing)** to join the group of amazing people making this project possible:
+
+* [Sean DuBois](https://github.com/Sean-Der) - *Original Author*
+* [Raphael Randschau](https://github.com/nicolai86) - *STUN client*
+* [Michiel De Backker](https://github.com/backkem) - *Minor fixes*
+* [Y.Horie](https://github.com/u5surf) - *Fix lint issues*
+* [Aleksandr Razumov](https://github.com/ernado) - *The v0.3 version*
+* [songjiayang](https://github.com/songjiayang)
+* [Adam Kiss](https://github.com/masterada)
+* [Moises Marangoni](https://github.com/Moisesbr)
+* [Yutaka Takeda](https://github.com/enobufs)
+* [Hugo Arregui](https://github.com/hugoArregui)
+* [Maanas Royy](https://github.com/maanas)
+* [Atsushi Watanabe](https://github.com/at-wat)
+* [Cecylia Bocovich](https://github.com/cohosh)
+* [Christian Muehlhaeuser](https://github.com/muesli)
+
+# STUN
+Package stun implements Session Traversal Utilities for NAT (STUN) [[RFC5389](https://tools.ietf.org/html/rfc5389)]
+protocol and [client](https://pkg.go.dev/github.com/pion/stun#Client) with no external dependencies and zero allocations in hot paths.
+Client [supports](https://pkg.go.dev/github.com/pion/stun#WithRTO) automatic request retransmissions.
+
+# Example
+You can get your current IP address from any STUN server by sending
+binding request. See more idiomatic example at `cmd/stun-client`.
+```go
+package main
+
+import (
+	"fmt"
+
+	"github.com/pion/stun"
+)
+
+func main() {
+	// Creating a "connection" to STUN server.
+	c, err := stun.Dial("udp", "stun.l.google.com:19302")
+	if err != nil {
+		panic(err)
+	}
+	// Building binding request with random transaction id.
+	message := stun.MustBuild(stun.TransactionID, stun.BindingRequest)
+	// Sending request to STUN server, waiting for response message.
+	if err := c.Do(message, func(res stun.Event) {
+		if res.Error != nil {
+			panic(res.Error)
+		}
+		// Decoding XOR-MAPPED-ADDRESS attribute from message.
+		var xorAddr stun.XORMappedAddress
+		if err := xorAddr.GetFrom(res.Message); err != nil {
+			panic(err)
+		}
+		fmt.Println("your IP is", xorAddr.IP)
+	}); err != nil {
+		panic(err)
+	}
+}
+```
+
+## Supported RFCs
+- [x] [RFC 5389](https://tools.ietf.org/html/rfc5389) — Session Traversal Utilities for NAT
+- [x] [RFC 5769](https://tools.ietf.org/html/rfc5769) — Test Vectors for STUN
+- [x] [RFC 6062](https://tools.ietf.org/html/rfc6062) — TURN extensions for TCP allocations
+- [x] [RFC 7064](https://tools.ietf.org/html/rfc7064) — STUN URI
+- [x] (TLS-over-)TCP client support
+- [ ] [ALTERNATE-SERVER](https://tools.ietf.org/html/rfc5389#section-11) support [#48](https://github.com/pion/stun/issues/48)
+- [ ] [RFC 5780](https://tools.ietf.org/html/rfc5780) — NAT Behavior Discovery Using STUN [#49](https://github.com/pion/stun/issues/49)
+
+# Stability
+Package is currently stable, no backward incompatible changes are expected
+with exception of critical bugs or security fixes.
+
+Additional attributes are unlikely to be implemented in scope of stun package,
+the only exception is constants for attribute or message types.
+
+# RFC 3489 notes
+RFC 5389 obsoletes RFC 3489, so implementation was ignored by purpose, however,
+RFC 3489 can be easily implemented as separate package.
+
+# Requirements
+Go 1.12 is currently supported and tested in CI.
+
+# Testing
+Client behavior is tested and verified in many ways:
+  * End-To-End with long-term credentials
+    * **coturn**: The coturn [server](https://github.com/coturn/coturn/wiki/turnserver) (linux)
+  * Bunch of code static checkers (linters)
+  * Standard unit-tests with coverage reporting (linux {amd64, **arm**64}, windows and darwin)
+  * Explicit API backward compatibility [check](https://github.com/gortc/api), see `api` directory
+
+See [TeamCity project](https://tc.gortc.io/project.html?projectId=stun&guest=1) and `e2e` directory
+for more information. Also the Wireshark `.pcap` files are available for e2e test in
+artifacts for build.
+
+# Benchmarks
+
+Intel(R) Core(TM) i7-8700K:
+
+```
+version: 1.16.5
+goos: linux
+goarch: amd64
+pkg: github.com/pion/stun
+PASS
+benchmark                                         iter       time/iter      throughput   bytes alloc        allocs
+---------                                         ----       ---------      ----------   -----------        ------
+BenchmarkMappedAddress_AddTo-12               30000000     36.40 ns/op                        0 B/op   0 allocs/op
+BenchmarkAlternateServer_AddTo-12             50000000     36.70 ns/op                        0 B/op   0 allocs/op
+BenchmarkAgent_GC-12                            500000   2552.00 ns/op                        0 B/op   0 allocs/op
+BenchmarkAgent_Process-12                     50000000     38.00 ns/op                        0 B/op   0 allocs/op
+BenchmarkMessage_GetNotFound-12              200000000      6.90 ns/op                        0 B/op   0 allocs/op
+BenchmarkMessage_Get-12                      200000000      7.61 ns/op                        0 B/op   0 allocs/op
+BenchmarkClient_Do-12                          2000000   1072.00 ns/op                        0 B/op   0 allocs/op
+BenchmarkErrorCode_AddTo-12                   20000000     67.00 ns/op                        0 B/op   0 allocs/op
+BenchmarkErrorCodeAttribute_AddTo-12          30000000     52.20 ns/op                        0 B/op   0 allocs/op
+BenchmarkErrorCodeAttribute_GetFrom-12       100000000     12.00 ns/op                        0 B/op   0 allocs/op
+BenchmarkFingerprint_AddTo-12                 20000000    102.00 ns/op     430.08 MB/s        0 B/op   0 allocs/op
+BenchmarkFingerprint_Check-12                 30000000     54.80 ns/op     948.38 MB/s        0 B/op   0 allocs/op
+BenchmarkBuildOverhead/Build-12                5000000    333.00 ns/op                        0 B/op   0 allocs/op
+BenchmarkBuildOverhead/BuildNonPointer-12      3000000    536.00 ns/op                      100 B/op   4 allocs/op
+BenchmarkBuildOverhead/Raw-12                 10000000    181.00 ns/op                        0 B/op   0 allocs/op
+BenchmarkMessageIntegrity_AddTo-12             1000000   1053.00 ns/op      18.98 MB/s        0 B/op   0 allocs/op
+BenchmarkMessageIntegrity_Check-12             1000000   1135.00 ns/op      28.17 MB/s        0 B/op   0 allocs/op
+BenchmarkMessage_Write-12                    100000000     27.70 ns/op    1011.09 MB/s        0 B/op   0 allocs/op
+BenchmarkMessageType_Value-12               2000000000      0.49 ns/op                        0 B/op   0 allocs/op
+BenchmarkMessage_WriteTo-12                  100000000     12.80 ns/op                        0 B/op   0 allocs/op
+BenchmarkMessage_ReadFrom-12                  50000000     25.00 ns/op     801.19 MB/s        0 B/op   0 allocs/op
+BenchmarkMessage_ReadBytes-12                100000000     18.00 ns/op    1113.03 MB/s        0 B/op   0 allocs/op
+BenchmarkIsMessage-12                       2000000000      1.08 ns/op   18535.57 MB/s        0 B/op   0 allocs/op
+BenchmarkMessage_NewTransactionID-12           2000000    673.00 ns/op                        0 B/op   0 allocs/op
+BenchmarkMessageFull-12                        5000000    316.00 ns/op                        0 B/op   0 allocs/op
+BenchmarkMessageFullHardcore-12               20000000     88.90 ns/op                        0 B/op   0 allocs/op
+BenchmarkMessage_WriteHeader-12              200000000      8.18 ns/op                        0 B/op   0 allocs/op
+BenchmarkMessage_CloneTo-12                   30000000     37.90 ns/op    1795.32 MB/s        0 B/op   0 allocs/op
+BenchmarkMessage_AddTo-12                    300000000      4.77 ns/op                        0 B/op   0 allocs/op
+BenchmarkDecode-12                           100000000     22.00 ns/op                        0 B/op   0 allocs/op
+BenchmarkUsername_AddTo-12                    50000000     23.20 ns/op                        0 B/op   0 allocs/op
+BenchmarkUsername_GetFrom-12                 100000000     17.90 ns/op                        0 B/op   0 allocs/op
+BenchmarkNonce_AddTo-12                       50000000     34.40 ns/op                        0 B/op   0 allocs/op
+BenchmarkNonce_AddTo_BadLength-12            200000000      8.29 ns/op                        0 B/op   0 allocs/op
+BenchmarkNonce_GetFrom-12                    100000000     17.50 ns/op                        0 B/op   0 allocs/op
+BenchmarkUnknownAttributes/AddTo-12           30000000     48.10 ns/op                        0 B/op   0 allocs/op
+BenchmarkUnknownAttributes/GetFrom-12        100000000     20.90 ns/op                        0 B/op   0 allocs/op
+BenchmarkXOR-12                               50000000     25.80 ns/op   39652.86 MB/s        0 B/op   0 allocs/op
+BenchmarkXORSafe-12                            3000000    515.00 ns/op    1988.04 MB/s        0 B/op   0 allocs/op
+BenchmarkXORFast-12                           20000000     73.40 ns/op   13959.30 MB/s        0 B/op   0 allocs/op
+BenchmarkXORMappedAddress_AddTo-12            20000000     56.70 ns/op                        0 B/op   0 allocs/op
+BenchmarkXORMappedAddress_GetFrom-12          50000000     37.40 ns/op                        0 B/op   0 allocs/op
+ok  	github.com/pion/stun	76.868s
+```
+
+### License
+MIT License - see [LICENSE](LICENSE) for full text
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/addr.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/addr.go
new file mode 100644
index 000000000..c4d9653d5
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/addr.go
@@ -0,0 +1,134 @@
+package stun
+
+import (
+	"fmt"
+	"io"
+	"net"
+	"strconv"
+)
+
+// MappedAddress represents MAPPED-ADDRESS attribute.
+//
+// This attribute is used only by servers for achieving backwards
+// compatibility with RFC 3489 clients.
+//
+// RFC 5389 Section 15.1
+type MappedAddress struct {
+	IP   net.IP
+	Port int
+}
+
+// AlternateServer represents ALTERNATE-SERVER attribute.
+//
+// RFC 5389 Section 15.11
+type AlternateServer struct {
+	IP   net.IP
+	Port int
+}
+
+// OtherAddress represents OTHER-ADDRESS attribute.
+//
+// RFC 5780 Section 7.4
+type OtherAddress struct {
+	IP   net.IP
+	Port int
+}
+
+// AddTo adds ALTERNATE-SERVER attribute to message.
+func (s *AlternateServer) AddTo(m *Message) error {
+	a := (*MappedAddress)(s)
+	return a.addAs(m, AttrAlternateServer)
+}
+
+// GetFrom decodes ALTERNATE-SERVER from message.
+func (s *AlternateServer) GetFrom(m *Message) error {
+	a := (*MappedAddress)(s)
+	return a.getAs(m, AttrAlternateServer)
+}
+
+func (a MappedAddress) String() string {
+	return net.JoinHostPort(a.IP.String(), strconv.Itoa(a.Port))
+}
+
+func (a *MappedAddress) getAs(m *Message, t AttrType) error {
+	v, err := m.Get(t)
+	if err != nil {
+		return err
+	}
+	if len(v) <= 4 {
+		return io.ErrUnexpectedEOF
+	}
+	family := bin.Uint16(v[0:2])
+	if family != familyIPv6 && family != familyIPv4 {
+		return newDecodeErr("xor-mapped address", "family",
+			fmt.Sprintf("bad value %d", family),
+		)
+	}
+	ipLen := net.IPv4len
+	if family == familyIPv6 {
+		ipLen = net.IPv6len
+	}
+	// Ensuring len(a.IP) == ipLen and reusing a.IP.
+	if len(a.IP) < ipLen {
+		a.IP = a.IP[:cap(a.IP)]
+		for len(a.IP) < ipLen {
+			a.IP = append(a.IP, 0)
+		}
+	}
+	a.IP = a.IP[:ipLen]
+	for i := range a.IP {
+		a.IP[i] = 0
+	}
+	a.Port = int(bin.Uint16(v[2:4]))
+	copy(a.IP, v[4:])
+	return nil
+}
+
+func (a *MappedAddress) addAs(m *Message, t AttrType) error {
+	var (
+		family = familyIPv4
+		ip     = a.IP
+	)
+	if len(a.IP) == net.IPv6len {
+		if isIPv4(ip) {
+			ip = ip[12:16] // like in ip.To4()
+		} else {
+			family = familyIPv6
+		}
+	} else if len(ip) != net.IPv4len {
+		return ErrBadIPLength
+	}
+	value := make([]byte, 128)
+	value[0] = 0 // first 8 bits are zeroes
+	bin.PutUint16(value[0:2], family)
+	bin.PutUint16(value[2:4], uint16(a.Port))
+	copy(value[4:], ip)
+	m.Add(t, value[:4+len(ip)])
+	return nil
+}
+
+// AddTo adds MAPPED-ADDRESS to message.
+func (a *MappedAddress) AddTo(m *Message) error {
+	return a.addAs(m, AttrMappedAddress)
+}
+
+// GetFrom decodes MAPPED-ADDRESS from message.
+func (a *MappedAddress) GetFrom(m *Message) error {
+	return a.getAs(m, AttrMappedAddress)
+}
+
+// AddTo adds OTHER-ADDRESS attribute to message.
+func (o *OtherAddress) AddTo(m *Message) error {
+	a := (*MappedAddress)(o)
+	return a.addAs(m, AttrOtherAddress)
+}
+
+// GetFrom decodes OTHER-ADDRESS from message.
+func (o *OtherAddress) GetFrom(m *Message) error {
+	a := (*MappedAddress)(o)
+	return a.getAs(m, AttrOtherAddress)
+}
+
+func (o OtherAddress) String() string {
+	return net.JoinHostPort(o.IP.String(), strconv.Itoa(o.Port))
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/agent.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/agent.go
new file mode 100644
index 000000000..6a8a47352
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/agent.go
@@ -0,0 +1,228 @@
+package stun
+
+import (
+	"errors"
+	"sync"
+	"time"
+)
+
+// NoopHandler just discards any event.
+var NoopHandler Handler = func(e Event) {}
+
+// NewAgent initializes and returns new Agent with provided handler.
+// If h is nil, the NoopHandler will be used.
+func NewAgent(h Handler) *Agent {
+	if h == nil {
+		h = NoopHandler
+	}
+	a := &Agent{
+		transactions: make(map[transactionID]agentTransaction),
+		handler:      h,
+	}
+	return a
+}
+
+// Agent is low-level abstraction over transaction list that
+// handles concurrency (all calls are goroutine-safe) and
+// time outs (via Collect call).
+type Agent struct {
+	// transactions is map of transactions that are currently
+	// in progress. Event handling is done in such way when
+	// transaction is unregistered before agentTransaction access,
+	// minimizing mux lock and protecting agentTransaction from
+	// data races via unexpected concurrent access.
+	transactions map[transactionID]agentTransaction
+	closed       bool       // all calls are invalid if true
+	mux          sync.Mutex // protects transactions and closed
+	handler      Handler    // handles transactions
+}
+
+// Handler handles state changes of transaction.
+//
+// Handler is called on transaction state change.
+// Usage of e is valid only during call, user must
+// copy needed fields explicitly.
+type Handler func(e Event)
+
+// Event is passed to Handler describing the transaction event.
+// Do not reuse outside Handler.
+type Event struct {
+	TransactionID [TransactionIDSize]byte
+	Message       *Message
+	Error         error
+}
+
+// agentTransaction represents transaction in progress.
+// Concurrent access is invalid.
+type agentTransaction struct {
+	id       transactionID
+	deadline time.Time
+}
+
+var (
+	// ErrTransactionStopped indicates that transaction was manually stopped.
+	ErrTransactionStopped = errors.New("transaction is stopped")
+	// ErrTransactionNotExists indicates that agent failed to find transaction.
+	ErrTransactionNotExists = errors.New("transaction not exists")
+	// ErrTransactionExists indicates that transaction with same id is already
+	// registered.
+	ErrTransactionExists = errors.New("transaction exists with same id")
+)
+
+// StopWithError removes transaction from list and calls handler with
+// provided error. Can return ErrTransactionNotExists and ErrAgentClosed.
+func (a *Agent) StopWithError(id [TransactionIDSize]byte, err error) error {
+	a.mux.Lock()
+	if a.closed {
+		a.mux.Unlock()
+		return ErrAgentClosed
+	}
+	t, exists := a.transactions[id]
+	delete(a.transactions, id)
+	h := a.handler
+	a.mux.Unlock()
+	if !exists {
+		return ErrTransactionNotExists
+	}
+	h(Event{
+		TransactionID: t.id,
+		Error:         err,
+	})
+	return nil
+}
+
+// Stop stops transaction by id with ErrTransactionStopped, blocking
+// until handler returns.
+func (a *Agent) Stop(id [TransactionIDSize]byte) error {
+	return a.StopWithError(id, ErrTransactionStopped)
+}
+
+// ErrAgentClosed indicates that agent is in closed state and is unable
+// to handle transactions.
+var ErrAgentClosed = errors.New("agent is closed")
+
+// Start registers transaction with provided id and deadline.
+// Could return ErrAgentClosed, ErrTransactionExists.
+//
+// Agent handler is guaranteed to be eventually called.
+func (a *Agent) Start(id [TransactionIDSize]byte, deadline time.Time) error {
+	a.mux.Lock()
+	defer a.mux.Unlock()
+	if a.closed {
+		return ErrAgentClosed
+	}
+	_, exists := a.transactions[id]
+	if exists {
+		return ErrTransactionExists
+	}
+	a.transactions[id] = agentTransaction{
+		id:       id,
+		deadline: deadline,
+	}
+	return nil
+}
+
+// agentCollectCap is initial capacity for Agent.Collect slices,
+// sufficient to make function zero-alloc in most cases.
+const agentCollectCap = 100
+
+// ErrTransactionTimeOut indicates that transaction has reached deadline.
+var ErrTransactionTimeOut = errors.New("transaction is timed out")
+
+// Collect terminates all transactions that have deadline before provided
+// time, blocking until all handlers will process ErrTransactionTimeOut.
+// Will return ErrAgentClosed if agent is already closed.
+//
+// It is safe to call Collect concurrently but makes no sense.
+func (a *Agent) Collect(gcTime time.Time) error {
+	toRemove := make([]transactionID, 0, agentCollectCap)
+	a.mux.Lock()
+	if a.closed {
+		// Doing nothing if agent is closed.
+		// All transactions should be already closed
+		// during Close() call.
+		a.mux.Unlock()
+		return ErrAgentClosed
+	}
+	// Adding all transactions with deadline before gcTime
+	// to toCall and toRemove slices.
+	// No allocs if there are less than agentCollectCap
+	// timed out transactions.
+	for id, t := range a.transactions {
+		if t.deadline.Before(gcTime) {
+			toRemove = append(toRemove, id)
+		}
+	}
+	// Un-registering timed out transactions.
+	for _, id := range toRemove {
+		delete(a.transactions, id)
+	}
+	// Calling handler does not require locked mutex,
+	// reducing lock time.
+	h := a.handler
+	a.mux.Unlock()
+	// Sending ErrTransactionTimeOut to handler for all transactions,
+	// blocking until last one.
+	event := Event{
+		Error: ErrTransactionTimeOut,
+	}
+	for _, id := range toRemove {
+		event.TransactionID = id
+		h(event)
+	}
+	return nil
+}
+
+// Process incoming message, synchronously passing it to handler.
+func (a *Agent) Process(m *Message) error {
+	e := Event{
+		TransactionID: m.TransactionID,
+		Message:       m,
+	}
+	a.mux.Lock()
+	if a.closed {
+		a.mux.Unlock()
+		return ErrAgentClosed
+	}
+	h := a.handler
+	delete(a.transactions, m.TransactionID)
+	a.mux.Unlock()
+	h(e)
+	return nil
+}
+
+// SetHandler sets agent handler to h.
+func (a *Agent) SetHandler(h Handler) error {
+	a.mux.Lock()
+	if a.closed {
+		a.mux.Unlock()
+		return ErrAgentClosed
+	}
+	a.handler = h
+	a.mux.Unlock()
+	return nil
+}
+
+// Close terminates all transactions with ErrAgentClosed and renders Agent to
+// closed state.
+func (a *Agent) Close() error {
+	e := Event{
+		Error: ErrAgentClosed,
+	}
+	a.mux.Lock()
+	if a.closed {
+		a.mux.Unlock()
+		return ErrAgentClosed
+	}
+	for _, t := range a.transactions {
+		e.TransactionID = t.id
+		a.handler(e)
+	}
+	a.transactions = nil
+	a.closed = true
+	a.handler = nil
+	a.mux.Unlock()
+	return nil
+}
+
+type transactionID [TransactionIDSize]byte
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/appveyor.yml b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/appveyor.yml
new file mode 100644
index 000000000..664099d5a
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/appveyor.yml
@@ -0,0 +1,22 @@
+version: "{build}"
+
+platform: x64
+
+branches:
+  only:
+    - master
+
+skip_tags: true
+
+clone_folder: c:\gopath\src\github.com\pion\stun
+
+environment:
+  GOPATH: c:\gopath
+  GOVERSION: 1.12
+
+install:
+  - go version
+  - go get -v -t .
+
+build_script:
+  - go test -v .
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/attributes.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/attributes.go
new file mode 100644
index 000000000..7238234a7
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/attributes.go
@@ -0,0 +1,226 @@
+package stun
+
+import (
+	"errors"
+	"fmt"
+)
+
+// Attributes is list of message attributes.
+type Attributes []RawAttribute
+
+// Get returns first attribute from list by the type.
+// If attribute is present the RawAttribute is returned and the
+// boolean is true. Otherwise the returned RawAttribute will be
+// empty and boolean will be false.
+func (a Attributes) Get(t AttrType) (RawAttribute, bool) {
+	for _, candidate := range a {
+		if candidate.Type == t {
+			return candidate, true
+		}
+	}
+	return RawAttribute{}, false
+}
+
+// AttrType is attribute type.
+type AttrType uint16
+
+// Required returns true if type is from comprehension-required range (0x0000-0x7FFF).
+func (t AttrType) Required() bool {
+	return t <= 0x7FFF
+}
+
+// Optional returns true if type is from comprehension-optional range (0x8000-0xFFFF).
+func (t AttrType) Optional() bool {
+	return t >= 0x8000
+}
+
+// Attributes from comprehension-required range (0x0000-0x7FFF).
+const (
+	AttrMappedAddress     AttrType = 0x0001 // MAPPED-ADDRESS
+	AttrUsername          AttrType = 0x0006 // USERNAME
+	AttrMessageIntegrity  AttrType = 0x0008 // MESSAGE-INTEGRITY
+	AttrErrorCode         AttrType = 0x0009 // ERROR-CODE
+	AttrUnknownAttributes AttrType = 0x000A // UNKNOWN-ATTRIBUTES
+	AttrRealm             AttrType = 0x0014 // REALM
+	AttrNonce             AttrType = 0x0015 // NONCE
+	AttrXORMappedAddress  AttrType = 0x0020 // XOR-MAPPED-ADDRESS
+)
+
+// Attributes from comprehension-optional range (0x8000-0xFFFF).
+const (
+	AttrSoftware        AttrType = 0x8022 // SOFTWARE
+	AttrAlternateServer AttrType = 0x8023 // ALTERNATE-SERVER
+	AttrFingerprint     AttrType = 0x8028 // FINGERPRINT
+)
+
+// Attributes from RFC 5245 ICE.
+const (
+	AttrPriority       AttrType = 0x0024 // PRIORITY
+	AttrUseCandidate   AttrType = 0x0025 // USE-CANDIDATE
+	AttrICEControlled  AttrType = 0x8029 // ICE-CONTROLLED
+	AttrICEControlling AttrType = 0x802A // ICE-CONTROLLING
+)
+
+// Attributes from RFC 5766 TURN.
+const (
+	AttrChannelNumber      AttrType = 0x000C // CHANNEL-NUMBER
+	AttrLifetime           AttrType = 0x000D // LIFETIME
+	AttrXORPeerAddress     AttrType = 0x0012 // XOR-PEER-ADDRESS
+	AttrData               AttrType = 0x0013 // DATA
+	AttrXORRelayedAddress  AttrType = 0x0016 // XOR-RELAYED-ADDRESS
+	AttrEvenPort           AttrType = 0x0018 // EVEN-PORT
+	AttrRequestedTransport AttrType = 0x0019 // REQUESTED-TRANSPORT
+	AttrDontFragment       AttrType = 0x001A // DONT-FRAGMENT
+	AttrReservationToken   AttrType = 0x0022 // RESERVATION-TOKEN
+)
+
+// Attributes from RFC 5780 NAT Behavior Discovery
+const (
+	AttrOtherAddress  AttrType = 0x802C // OTHER-ADDRESS
+	AttrChangeRequest AttrType = 0x0003 // CHANGE-REQUEST
+)
+
+// Attributes from RFC 6062 TURN Extensions for TCP Allocations.
+const (
+	AttrConnectionID AttrType = 0x002a // CONNECTION-ID
+)
+
+// Attributes from RFC 6156 TURN IPv6.
+const (
+	AttrRequestedAddressFamily AttrType = 0x0017 // REQUESTED-ADDRESS-FAMILY
+)
+
+// Attributes from An Origin Attribute for the STUN Protocol.
+const (
+	AttrOrigin AttrType = 0x802F
+)
+
+// Value returns uint16 representation of attribute type.
+func (t AttrType) Value() uint16 {
+	return uint16(t)
+}
+
+var attrNames = map[AttrType]string{
+	AttrMappedAddress:          "MAPPED-ADDRESS",
+	AttrUsername:               "USERNAME",
+	AttrErrorCode:              "ERROR-CODE",
+	AttrMessageIntegrity:       "MESSAGE-INTEGRITY",
+	AttrUnknownAttributes:      "UNKNOWN-ATTRIBUTES",
+	AttrRealm:                  "REALM",
+	AttrNonce:                  "NONCE",
+	AttrXORMappedAddress:       "XOR-MAPPED-ADDRESS",
+	AttrSoftware:               "SOFTWARE",
+	AttrAlternateServer:        "ALTERNATE-SERVER",
+	AttrOtherAddress:           "OTHER-ADDRESS",
+	AttrChangeRequest:          "CHANGE-REQUEST",
+	AttrFingerprint:            "FINGERPRINT",
+	AttrPriority:               "PRIORITY",
+	AttrUseCandidate:           "USE-CANDIDATE",
+	AttrICEControlled:          "ICE-CONTROLLED",
+	AttrICEControlling:         "ICE-CONTROLLING",
+	AttrChannelNumber:          "CHANNEL-NUMBER",
+	AttrLifetime:               "LIFETIME",
+	AttrXORPeerAddress:         "XOR-PEER-ADDRESS",
+	AttrData:                   "DATA",
+	AttrXORRelayedAddress:      "XOR-RELAYED-ADDRESS",
+	AttrEvenPort:               "EVEN-PORT",
+	AttrRequestedTransport:     "REQUESTED-TRANSPORT",
+	AttrDontFragment:           "DONT-FRAGMENT",
+	AttrReservationToken:       "RESERVATION-TOKEN",
+	AttrConnectionID:           "CONNECTION-ID",
+	AttrRequestedAddressFamily: "REQUESTED-ADDRESS-FAMILY",
+	AttrOrigin:                 "ORIGIN",
+}
+
+func (t AttrType) String() string {
+	s, ok := attrNames[t]
+	if !ok {
+		// Just return hex representation of unknown attribute type.
+		return fmt.Sprintf("0x%x", uint16(t))
+	}
+	return s
+}
+
+// RawAttribute is a Type-Length-Value (TLV) object that
+// can be added to a STUN message. Attributes are divided into two
+// types: comprehension-required and comprehension-optional.  STUN
+// agents can safely ignore comprehension-optional attributes they
+// don't understand, but cannot successfully process a message if it
+// contains comprehension-required attributes that are not
+// understood.
+type RawAttribute struct {
+	Type   AttrType
+	Length uint16 // ignored while encoding
+	Value  []byte
+}
+
+// AddTo implements Setter, adding attribute as a.Type with a.Value and ignoring
+// the Length field.
+func (a RawAttribute) AddTo(m *Message) error {
+	m.Add(a.Type, a.Value)
+	return nil
+}
+
+// Equal returns true if a == b.
+func (a RawAttribute) Equal(b RawAttribute) bool {
+	if a.Type != b.Type {
+		return false
+	}
+	if a.Length != b.Length {
+		return false
+	}
+	if len(b.Value) != len(a.Value) {
+		return false
+	}
+	for i, v := range a.Value {
+		if b.Value[i] != v {
+			return false
+		}
+	}
+	return true
+}
+
+func (a RawAttribute) String() string {
+	return fmt.Sprintf("%s: 0x%x", a.Type, a.Value)
+}
+
+// ErrAttributeNotFound means that attribute with provided attribute
+// type does not exist in message.
+var ErrAttributeNotFound = errors.New("attribute not found")
+
+// Get returns byte slice that represents attribute value,
+// if there is no attribute with such type,
+// ErrAttributeNotFound is returned.
+func (m *Message) Get(t AttrType) ([]byte, error) {
+	v, ok := m.Attributes.Get(t)
+	if !ok {
+		return nil, ErrAttributeNotFound
+	}
+	return v.Value, nil
+}
+
+// STUN aligns attributes on 32-bit boundaries, attributes whose content
+// is not a multiple of 4 bytes are padded with 1, 2, or 3 bytes of
+// padding so that its value contains a multiple of 4 bytes.  The
+// padding bits are ignored, and may be any value.
+//
+// https://tools.ietf.org/html/rfc5389#section-15
+const padding = 4
+
+func nearestPaddedValueLength(l int) int {
+	n := padding * (l / padding)
+	if n < l {
+		n += padding
+	}
+	return n
+}
+
+// This method converts uint16 vlue to AttrType. If it finds an old attribute
+// type value, it also translates it to the new value to enable backward
+// compatibility. (See: https://github.com/pion/stun/issues/21)
+func compatAttrType(val uint16) AttrType {
+	if val == 0x8020 {
+		return AttrXORMappedAddress // new: 0x0020
+	}
+	return AttrType(val)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/attributes_debug.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/attributes_debug.go
new file mode 100644
index 000000000..7bf09af7c
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/attributes_debug.go
@@ -0,0 +1,33 @@
+// +build debug
+
+package stun
+
+import "fmt"
+
+// AttrOverflowErr occurs when len(v) > Max.
+type AttrOverflowErr struct {
+	Type AttrType
+	Max  int
+	Got  int
+}
+
+func (e AttrOverflowErr) Error() string {
+	return fmt.Sprintf("incorrect length of %s attribute: %d exceeds maximum %d",
+		e.Type, e.Got, e.Max,
+	)
+}
+
+// AttrLengthErr means that length for attribute is invalid.
+type AttrLengthErr struct {
+	Attr     AttrType
+	Got      int
+	Expected int
+}
+
+func (e AttrLengthErr) Error() string {
+	return fmt.Sprintf("incorrect length of %s attribute: got %d, expected %d",
+		e.Attr,
+		e.Got,
+		e.Expected,
+	)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/checks.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/checks.go
new file mode 100644
index 000000000..a7609973a
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/checks.go
@@ -0,0 +1,45 @@
+// +build !debug
+
+package stun
+
+import "github.com/pion/stun/internal/hmac"
+
+// CheckSize returns ErrAttrSizeInvalid if got is not equal to expected.
+func CheckSize(_ AttrType, got, expected int) error {
+	if got == expected {
+		return nil
+	}
+	return ErrAttributeSizeInvalid
+}
+
+func checkHMAC(got, expected []byte) error {
+	if hmac.Equal(got, expected) {
+		return nil
+	}
+	return ErrIntegrityMismatch
+}
+
+func checkFingerprint(got, expected uint32) error {
+	if got == expected {
+		return nil
+	}
+	return ErrFingerprintMismatch
+}
+
+// IsAttrSizeInvalid returns true if error means that attribute size is invalid.
+func IsAttrSizeInvalid(err error) bool {
+	return err == ErrAttributeSizeInvalid
+}
+
+// CheckOverflow returns ErrAttributeSizeOverflow if got is bigger that max.
+func CheckOverflow(_ AttrType, got, max int) error {
+	if got <= max {
+		return nil
+	}
+	return ErrAttributeSizeOverflow
+}
+
+// IsAttrSizeOverflow returns true if error means that attribute size is too big.
+func IsAttrSizeOverflow(err error) bool {
+	return err == ErrAttributeSizeOverflow
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/checks_debug.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/checks_debug.go
new file mode 100644
index 000000000..955f555b0
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/checks_debug.go
@@ -0,0 +1,61 @@
+// +build debug
+
+package stun
+
+import "github.com/pion/stun/internal/hmac"
+
+// CheckSize returns *AttrLengthError if got is not equal to expected.
+func CheckSize(a AttrType, got, expected int) error {
+	if got == expected {
+		return nil
+	}
+	return &AttrLengthErr{
+		Got:      got,
+		Expected: expected,
+		Attr:     a,
+	}
+}
+
+func checkHMAC(got, expected []byte) error {
+	if hmac.Equal(got, expected) {
+		return nil
+	}
+	return &IntegrityErr{
+		Expected: expected,
+		Actual:   got,
+	}
+}
+
+func checkFingerprint(got, expected uint32) error {
+	if got == expected {
+		return nil
+	}
+	return &CRCMismatch{
+		Actual:   got,
+		Expected: expected,
+	}
+}
+
+// IsAttrSizeInvalid returns true if error means that attribute size is invalid.
+func IsAttrSizeInvalid(err error) bool {
+	_, ok := err.(*AttrLengthErr)
+	return ok
+}
+
+// CheckOverflow returns *AttrOverflowErr if got is bigger that max.
+func CheckOverflow(t AttrType, got, max int) error {
+	if got <= max {
+		return nil
+	}
+	return &AttrOverflowErr{
+		Type: t,
+		Got:  got,
+		Max:  max,
+	}
+}
+
+// IsAttrSizeOverflow returns true if error means that attribute size is too big.
+func IsAttrSizeOverflow(err error) bool {
+	_, ok := err.(*AttrOverflowErr)
+	return ok
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/client.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/client.go
new file mode 100644
index 000000000..62a0b6eb0
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/client.go
@@ -0,0 +1,631 @@
+package stun
+
+import (
+	"errors"
+	"fmt"
+	"io"
+	"log"
+	"net"
+	"runtime"
+	"sync"
+	"sync/atomic"
+	"time"
+)
+
+// Dial connects to the address on the named network and then
+// initializes Client on that connection, returning error if any.
+func Dial(network, address string) (*Client, error) {
+	conn, err := net.Dial(network, address)
+	if err != nil {
+		return nil, err
+	}
+	return NewClient(conn)
+}
+
+// ErrNoConnection means that ClientOptions.Connection is nil.
+var ErrNoConnection = errors.New("no connection provided")
+
+// ClientOption sets some client option.
+type ClientOption func(c *Client)
+
+// WithHandler sets client handler which is called if Agent emits the Event
+// with TransactionID that is not currently registered by Client.
+// Useful for handling Data indications from TURN server.
+func WithHandler(h Handler) ClientOption {
+	return func(c *Client) {
+		c.handler = h
+	}
+}
+
+// WithRTO sets client RTO as defined in STUN RFC.
+func WithRTO(rto time.Duration) ClientOption {
+	return func(c *Client) {
+		c.rto = int64(rto)
+	}
+}
+
+// WithClock sets Clock of client, the source of current time.
+// Also clock is passed to default collector if set.
+func WithClock(clock Clock) ClientOption {
+	return func(c *Client) {
+		c.clock = clock
+	}
+}
+
+// WithTimeoutRate sets RTO timer minimum resolution.
+func WithTimeoutRate(d time.Duration) ClientOption {
+	return func(c *Client) {
+		c.rtoRate = d
+	}
+}
+
+// WithAgent sets client STUN agent.
+//
+// Defaults to agent implementation in current package,
+// see agent.go.
+func WithAgent(a ClientAgent) ClientOption {
+	return func(c *Client) {
+		c.a = a
+	}
+}
+
+// WithCollector rests client timeout collector, the implementation
+// of ticker which calls function on each tick.
+func WithCollector(coll Collector) ClientOption {
+	return func(c *Client) {
+		c.collector = coll
+	}
+}
+
+// WithNoConnClose prevents client from closing underlying connection when
+// the Close() method is called.
+var WithNoConnClose ClientOption = func(c *Client) {
+	c.closeConn = false
+}
+
+// WithNoRetransmit disables retransmissions and sets RTO to
+// defaultMaxAttempts * defaultRTO which will be effectively time out
+// if not set.
+//
+// Useful for TCP connections where transport handles RTO.
+func WithNoRetransmit(c *Client) {
+	c.maxAttempts = 0
+	if c.rto == 0 {
+		c.rto = defaultMaxAttempts * int64(defaultRTO)
+	}
+}
+
+const (
+	defaultTimeoutRate = time.Millisecond * 5
+	defaultRTO         = time.Millisecond * 300
+	defaultMaxAttempts = 7
+)
+
+// NewClient initializes new Client from provided options,
+// starting internal goroutines and using default options fields
+// if necessary. Call Close method after using Client to close conn and
+// release resources.
+//
+// The conn will be closed on Close call. Use WithNoConnClose option to
+// prevent that.
+//
+// Note that user should handle the protocol multiplexing, client does not
+// provide any API for it, so if you need to read application data, wrap the
+// connection with your (de-)multiplexer and pass the wrapper as conn.
+func NewClient(conn Connection, options ...ClientOption) (*Client, error) {
+	c := &Client{
+		close:       make(chan struct{}),
+		c:           conn,
+		clock:       systemClock,
+		rto:         int64(defaultRTO),
+		rtoRate:     defaultTimeoutRate,
+		t:           make(map[transactionID]*clientTransaction, 100),
+		maxAttempts: defaultMaxAttempts,
+		closeConn:   true,
+	}
+	for _, o := range options {
+		o(c)
+	}
+	if c.c == nil {
+		return nil, ErrNoConnection
+	}
+	if c.a == nil {
+		c.a = NewAgent(nil)
+	}
+	if err := c.a.SetHandler(c.handleAgentCallback); err != nil {
+		return nil, err
+	}
+	if c.collector == nil {
+		c.collector = &tickerCollector{
+			close: make(chan struct{}),
+			clock: c.clock,
+		}
+	}
+	if err := c.collector.Start(c.rtoRate, func(t time.Time) {
+		closedOrPanic(c.a.Collect(t))
+	}); err != nil {
+		return nil, err
+	}
+	c.wg.Add(1)
+	go c.readUntilClosed()
+	runtime.SetFinalizer(c, clientFinalizer)
+	return c, nil
+}
+
+func clientFinalizer(c *Client) {
+	if c == nil {
+		return
+	}
+	err := c.Close()
+	if err == ErrClientClosed {
+		return
+	}
+	if err == nil {
+		log.Println("client: called finalizer on non-closed client") // nolint
+		return
+	}
+	log.Println("client: called finalizer on non-closed client:", err) // nolint
+}
+
+// Connection wraps Reader, Writer and Closer interfaces.
+type Connection interface {
+	io.Reader
+	io.Writer
+	io.Closer
+}
+
+// ClientAgent is Agent implementation that is used by Client to
+// process transactions.
+type ClientAgent interface {
+	Process(*Message) error
+	Close() error
+	Start(id [TransactionIDSize]byte, deadline time.Time) error
+	Stop(id [TransactionIDSize]byte) error
+	Collect(time.Time) error
+	SetHandler(h Handler) error
+}
+
+// Client simulates "connection" to STUN server.
+type Client struct {
+	rto         int64 // time.Duration
+	a           ClientAgent
+	c           Connection
+	close       chan struct{}
+	rtoRate     time.Duration
+	maxAttempts int32
+	closed      bool
+	closeConn   bool // should call c.Close() while closing
+	wg          sync.WaitGroup
+	clock       Clock
+	handler     Handler
+	collector   Collector
+	t           map[transactionID]*clientTransaction
+
+	// mux guards closed and t
+	mux sync.RWMutex
+}
+
+// clientTransaction represents transaction in progress.
+// If transaction is succeed or failed, f will be called
+// provided by event.
+// Concurrent access is invalid.
+type clientTransaction struct {
+	id      transactionID
+	attempt int32
+	calls   int32
+	h       Handler
+	start   time.Time
+	rto     time.Duration
+	raw     []byte
+}
+
+func (t *clientTransaction) handle(e Event) {
+	if atomic.AddInt32(&t.calls, 1) == 1 {
+		t.h(e)
+	}
+}
+
+var clientTransactionPool = &sync.Pool{
+	New: func() interface{} {
+		return &clientTransaction{
+			raw: make([]byte, 1500),
+		}
+	},
+}
+
+func acquireClientTransaction() *clientTransaction {
+	return clientTransactionPool.Get().(*clientTransaction)
+}
+
+func putClientTransaction(t *clientTransaction) {
+	t.raw = t.raw[:0]
+	t.start = time.Time{}
+	t.attempt = 0
+	t.id = transactionID{}
+	clientTransactionPool.Put(t)
+}
+
+func (t *clientTransaction) nextTimeout(now time.Time) time.Time {
+	return now.Add(time.Duration(t.attempt+1) * t.rto)
+}
+
+// start registers transaction.
+//
+// Could return ErrClientClosed, ErrTransactionExists.
+func (c *Client) start(t *clientTransaction) error {
+	c.mux.Lock()
+	defer c.mux.Unlock()
+	if c.closed {
+		return ErrClientClosed
+	}
+	_, exists := c.t[t.id]
+	if exists {
+		return ErrTransactionExists
+	}
+	c.t[t.id] = t
+	return nil
+}
+
+// Clock abstracts the source of current time.
+type Clock interface {
+	Now() time.Time
+}
+
+type systemClockService struct{}
+
+func (systemClockService) Now() time.Time { return time.Now() }
+
+var systemClock = systemClockService{}
+
+// SetRTO sets current RTO value.
+func (c *Client) SetRTO(rto time.Duration) {
+	atomic.StoreInt64(&c.rto, int64(rto))
+}
+
+// StopErr occurs when Client fails to stop transaction while
+// processing error.
+type StopErr struct {
+	Err   error // value returned by Stop()
+	Cause error // error that caused Stop() call
+}
+
+func (e StopErr) Error() string {
+	return fmt.Sprintf("error while stopping due to %s: %s", sprintErr(e.Cause), sprintErr(e.Err))
+}
+
+// CloseErr indicates client close failure.
+type CloseErr struct {
+	AgentErr      error
+	ConnectionErr error
+}
+
+func sprintErr(err error) string {
+	if err == nil {
+		return "<nil>"
+	}
+	return err.Error()
+}
+
+func (c CloseErr) Error() string {
+	return fmt.Sprintf("failed to close: %s (connection), %s (agent)", sprintErr(c.ConnectionErr), sprintErr(c.AgentErr))
+}
+
+func (c *Client) readUntilClosed() {
+	defer c.wg.Done()
+	m := new(Message)
+	m.Raw = make([]byte, 1024)
+	for {
+		select {
+		case <-c.close:
+			return
+		default:
+		}
+		_, err := m.ReadFrom(c.c)
+		if err == nil {
+			if pErr := c.a.Process(m); pErr == ErrAgentClosed {
+				return
+			}
+		}
+	}
+}
+
+func closedOrPanic(err error) {
+	if err == nil || err == ErrAgentClosed {
+		return
+	}
+	panic(err) // nolint
+}
+
+type tickerCollector struct {
+	close chan struct{}
+	wg    sync.WaitGroup
+	clock Clock
+}
+
+// Collector calls function f with constant rate.
+//
+// The simple Collector is ticker which calls function on each tick.
+type Collector interface {
+	Start(rate time.Duration, f func(now time.Time)) error
+	Close() error
+}
+
+func (a *tickerCollector) Start(rate time.Duration, f func(now time.Time)) error {
+	t := time.NewTicker(rate)
+	a.wg.Add(1)
+	go func() {
+		defer a.wg.Done()
+		for {
+			select {
+			case <-a.close:
+				t.Stop()
+				return
+			case <-t.C:
+				f(a.clock.Now())
+			}
+		}
+	}()
+	return nil
+}
+
+func (a *tickerCollector) Close() error {
+	close(a.close)
+	a.wg.Wait()
+	return nil
+}
+
+// ErrClientClosed indicates that client is closed.
+var ErrClientClosed = errors.New("client is closed")
+
+// Close stops internal connection and agent, returning CloseErr on error.
+func (c *Client) Close() error {
+	if err := c.checkInit(); err != nil {
+		return err
+	}
+	c.mux.Lock()
+	if c.closed {
+		c.mux.Unlock()
+		return ErrClientClosed
+	}
+	c.closed = true
+	c.mux.Unlock()
+	if closeErr := c.collector.Close(); closeErr != nil {
+		return closeErr
+	}
+	var connErr error
+	agentErr := c.a.Close()
+	if c.closeConn {
+		connErr = c.c.Close()
+	}
+	close(c.close)
+	c.wg.Wait()
+	if agentErr == nil && connErr == nil {
+		return nil
+	}
+	return CloseErr{
+		AgentErr:      agentErr,
+		ConnectionErr: connErr,
+	}
+}
+
+// Indicate sends indication m to server. Shorthand to Start call
+// with zero deadline and callback.
+func (c *Client) Indicate(m *Message) error {
+	return c.Start(m, nil)
+}
+
+// callbackWaitHandler blocks on wait() call until callback is called.
+type callbackWaitHandler struct {
+	handler   Handler
+	callback  func(event Event)
+	cond      *sync.Cond
+	processed bool
+}
+
+func (s *callbackWaitHandler) HandleEvent(e Event) {
+	s.cond.L.Lock()
+	if s.callback == nil {
+		panic("s.callback is nil") // nolint
+	}
+	s.callback(e)
+	s.processed = true
+	s.cond.Broadcast()
+	s.cond.L.Unlock()
+}
+
+func (s *callbackWaitHandler) wait() {
+	s.cond.L.Lock()
+	for !s.processed {
+		s.cond.Wait()
+	}
+	s.processed = false
+	s.callback = nil
+	s.cond.L.Unlock()
+}
+
+func (s *callbackWaitHandler) setCallback(f func(event Event)) {
+	if f == nil {
+		panic("f is nil") // nolint
+	}
+	s.cond.L.Lock()
+	s.callback = f
+	if s.handler == nil {
+		s.handler = s.HandleEvent
+	}
+	s.cond.L.Unlock()
+}
+
+var callbackWaitHandlerPool = sync.Pool{
+	New: func() interface{} {
+		return &callbackWaitHandler{
+			cond: sync.NewCond(new(sync.Mutex)),
+		}
+	},
+}
+
+// ErrClientNotInitialized means that client connection or agent is nil.
+var ErrClientNotInitialized = errors.New("client not initialized")
+
+func (c *Client) checkInit() error {
+	if c == nil || c.c == nil || c.a == nil || c.close == nil {
+		return ErrClientNotInitialized
+	}
+	return nil
+}
+
+// Do is Start wrapper that waits until callback is called. If no callback
+// provided, Indicate is called instead.
+//
+// Do has cpu overhead due to blocking, see BenchmarkClient_Do.
+// Use Start method for less overhead.
+func (c *Client) Do(m *Message, f func(Event)) error {
+	if err := c.checkInit(); err != nil {
+		return err
+	}
+	if f == nil {
+		return c.Indicate(m)
+	}
+	h := callbackWaitHandlerPool.Get().(*callbackWaitHandler)
+	h.setCallback(f)
+	defer func() {
+		callbackWaitHandlerPool.Put(h)
+	}()
+	if err := c.Start(m, h.handler); err != nil {
+		return err
+	}
+	h.wait()
+	return nil
+}
+
+func (c *Client) delete(id transactionID) {
+	c.mux.Lock()
+	if c.t != nil {
+		delete(c.t, id)
+	}
+	c.mux.Unlock()
+}
+
+type buffer struct {
+	buf []byte
+}
+
+var bufferPool = &sync.Pool{
+	New: func() interface{} {
+		return &buffer{buf: make([]byte, 2048)}
+	},
+}
+
+func (c *Client) handleAgentCallback(e Event) {
+	c.mux.Lock()
+	if c.closed {
+		c.mux.Unlock()
+		return
+	}
+	t, found := c.t[e.TransactionID]
+	if found {
+		delete(c.t, t.id)
+	}
+	c.mux.Unlock()
+	if !found {
+		if c.handler != nil && e.Error != ErrTransactionStopped {
+			c.handler(e)
+		}
+		// Ignoring.
+		return
+	}
+	if atomic.LoadInt32(&c.maxAttempts) <= t.attempt || e.Error == nil {
+		// Transaction completed.
+		t.handle(e)
+		putClientTransaction(t)
+		return
+	}
+	// Doing re-transmission.
+	t.attempt++
+	b := bufferPool.Get().(*buffer)
+	b.buf = b.buf[:copy(b.buf[:cap(b.buf)], t.raw)]
+	defer bufferPool.Put(b)
+	var (
+		now     = c.clock.Now()
+		timeOut = t.nextTimeout(now)
+		id      = t.id
+	)
+	// Starting client transaction.
+	if startErr := c.start(t); startErr != nil {
+		c.delete(id)
+		e.Error = startErr
+		t.handle(e)
+		putClientTransaction(t)
+		return
+	}
+	// Starting agent transaction.
+	if startErr := c.a.Start(id, timeOut); startErr != nil {
+		c.delete(id)
+		e.Error = startErr
+		t.handle(e)
+		putClientTransaction(t)
+		return
+	}
+	// Writing message to connection again.
+	_, writeErr := c.c.Write(b.buf)
+	if writeErr != nil {
+		c.delete(id)
+		e.Error = writeErr
+		// Stopping agent transaction instead of waiting until it's deadline.
+		// This will call handleAgentCallback with "ErrTransactionStopped" error
+		// which will be ignored.
+		if stopErr := c.a.Stop(id); stopErr != nil {
+			// Failed to stop agent transaction. Wrapping the error in StopError.
+			e.Error = StopErr{
+				Err:   stopErr,
+				Cause: writeErr,
+			}
+		}
+		t.handle(e)
+		putClientTransaction(t)
+		return
+	}
+}
+
+// Start starts transaction (if h set) and writes message to server, handler
+// is called asynchronously.
+func (c *Client) Start(m *Message, h Handler) error {
+	if err := c.checkInit(); err != nil {
+		return err
+	}
+	c.mux.RLock()
+	closed := c.closed
+	c.mux.RUnlock()
+	if closed {
+		return ErrClientClosed
+	}
+	if h != nil {
+		// Starting transaction only if h is set. Useful for indications.
+		t := acquireClientTransaction()
+		t.id = m.TransactionID
+		t.start = c.clock.Now()
+		t.h = h
+		t.rto = time.Duration(atomic.LoadInt64(&c.rto))
+		t.attempt = 0
+		t.raw = append(t.raw[:0], m.Raw...)
+		t.calls = 0
+		d := t.nextTimeout(t.start)
+		if err := c.start(t); err != nil {
+			return err
+		}
+		if err := c.a.Start(m.TransactionID, d); err != nil {
+			return err
+		}
+	}
+	_, err := m.WriteTo(c.c)
+	if err != nil && h != nil {
+		c.delete(m.TransactionID)
+		// Stopping transaction instead of waiting until deadline.
+		if stopErr := c.a.Stop(m.TransactionID); stopErr != nil {
+			return StopErr{
+				Err:   stopErr,
+				Cause: err,
+			}
+		}
+	}
+	return err
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/errorcode.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/errorcode.go
new file mode 100644
index 000000000..8095048cd
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/errorcode.go
@@ -0,0 +1,158 @@
+package stun
+
+import (
+	"errors"
+	"fmt"
+	"io"
+)
+
+// ErrorCodeAttribute represents ERROR-CODE attribute.
+//
+// RFC 5389 Section 15.6
+type ErrorCodeAttribute struct {
+	Code   ErrorCode
+	Reason []byte
+}
+
+func (c ErrorCodeAttribute) String() string {
+	return fmt.Sprintf("%d: %s", c.Code, c.Reason)
+}
+
+// constants for ERROR-CODE encoding.
+const (
+	errorCodeReasonStart = 4
+	errorCodeClassByte   = 2
+	errorCodeNumberByte  = 3
+	errorCodeReasonMaxB  = 763
+	errorCodeModulo      = 100
+)
+
+// AddTo adds ERROR-CODE to m.
+func (c ErrorCodeAttribute) AddTo(m *Message) error {
+	value := make([]byte, 0, errorCodeReasonMaxB)
+	if err := CheckOverflow(AttrErrorCode,
+		len(c.Reason)+errorCodeReasonStart,
+		errorCodeReasonMaxB+errorCodeReasonStart,
+	); err != nil {
+		return err
+	}
+	value = value[:errorCodeReasonStart+len(c.Reason)]
+	number := byte(c.Code % errorCodeModulo) // error code modulo 100
+	class := byte(c.Code / errorCodeModulo)  // hundred digit
+	value[errorCodeClassByte] = class
+	value[errorCodeNumberByte] = number
+	copy(value[errorCodeReasonStart:], c.Reason)
+	m.Add(AttrErrorCode, value)
+	return nil
+}
+
+// GetFrom decodes ERROR-CODE from m. Reason is valid until m.Raw is valid.
+func (c *ErrorCodeAttribute) GetFrom(m *Message) error {
+	v, err := m.Get(AttrErrorCode)
+	if err != nil {
+		return err
+	}
+	if len(v) < errorCodeReasonStart {
+		return io.ErrUnexpectedEOF
+	}
+	var (
+		class  = uint16(v[errorCodeClassByte])
+		number = uint16(v[errorCodeNumberByte])
+		code   = int(class*errorCodeModulo + number)
+	)
+	c.Code = ErrorCode(code)
+	c.Reason = v[errorCodeReasonStart:]
+	return nil
+}
+
+// ErrorCode is code for ERROR-CODE attribute.
+type ErrorCode int
+
+// ErrNoDefaultReason means that default reason for provided error code
+// is not defined in RFC.
+var ErrNoDefaultReason = errors.New("no default reason for ErrorCode")
+
+// AddTo adds ERROR-CODE with default reason to m. If there
+// is no default reason, returns ErrNoDefaultReason.
+func (c ErrorCode) AddTo(m *Message) error {
+	reason := errorReasons[c]
+	if reason == nil {
+		return ErrNoDefaultReason
+	}
+	a := &ErrorCodeAttribute{
+		Code:   c,
+		Reason: reason,
+	}
+	return a.AddTo(m)
+}
+
+// Possible error codes.
+const (
+	CodeTryAlternate     ErrorCode = 300
+	CodeBadRequest       ErrorCode = 400
+	CodeUnauthorized     ErrorCode = 401
+	CodeUnknownAttribute ErrorCode = 420
+	CodeStaleNonce       ErrorCode = 438
+	CodeRoleConflict     ErrorCode = 487
+	CodeServerError      ErrorCode = 500
+)
+
+// DEPRECATED constants.
+const (
+	// DEPRECATED, use CodeUnauthorized.
+	CodeUnauthorised = CodeUnauthorized
+)
+
+// Error codes from RFC 5766.
+//
+// RFC 5766 Section 15
+const (
+	CodeForbidden             ErrorCode = 403 // Forbidden
+	CodeAllocMismatch         ErrorCode = 437 // Allocation Mismatch
+	CodeWrongCredentials      ErrorCode = 441 // Wrong Credentials
+	CodeUnsupportedTransProto ErrorCode = 442 // Unsupported Transport Protocol
+	CodeAllocQuotaReached     ErrorCode = 486 // Allocation Quota Reached
+	CodeInsufficientCapacity  ErrorCode = 508 // Insufficient Capacity
+)
+
+// Error codes from RFC 6062.
+//
+// RFC 6062 Section 6.3
+const (
+	CodeConnAlreadyExists    ErrorCode = 446
+	CodeConnTimeoutOrFailure ErrorCode = 447
+)
+
+// Error codes from RFC 6156.
+//
+// RFC 6156 Section 10.2
+const (
+	CodeAddrFamilyNotSupported ErrorCode = 440 // Address Family not Supported
+	CodePeerAddrFamilyMismatch ErrorCode = 443 // Peer Address Family Mismatch
+)
+
+var errorReasons = map[ErrorCode][]byte{
+	CodeTryAlternate:     []byte("Try Alternate"),
+	CodeBadRequest:       []byte("Bad Request"),
+	CodeUnauthorized:     []byte("Unauthorized"),
+	CodeUnknownAttribute: []byte("Unknown Attribute"),
+	CodeStaleNonce:       []byte("Stale Nonce"),
+	CodeServerError:      []byte("Server Error"),
+	CodeRoleConflict:     []byte("Role Conflict"),
+
+	// RFC 5766.
+	CodeForbidden:             []byte("Forbidden"),
+	CodeAllocMismatch:         []byte("Allocation Mismatch"),
+	CodeWrongCredentials:      []byte("Wrong Credentials"),
+	CodeUnsupportedTransProto: []byte("Unsupported Transport Protocol"),
+	CodeAllocQuotaReached:     []byte("Allocation Quota Reached"),
+	CodeInsufficientCapacity:  []byte("Insufficient Capacity"),
+
+	// RFC 6062.
+	CodeConnAlreadyExists:    []byte("Connection Already Exists"),
+	CodeConnTimeoutOrFailure: []byte("Connection Timeout or Failure"),
+
+	// RFC 6156.
+	CodeAddrFamilyNotSupported: []byte("Address Family not Supported"),
+	CodePeerAddrFamilyMismatch: []byte("Peer Address Family Mismatch"),
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/errors.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/errors.go
new file mode 100644
index 000000000..029c9e426
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/errors.go
@@ -0,0 +1,62 @@
+package stun
+
+import "errors"
+
+// DecodeErr records an error and place when it is occurred.
+type DecodeErr struct {
+	Place   DecodeErrPlace
+	Message string
+}
+
+// IsInvalidCookie returns true if error means that magic cookie
+// value is invalid.
+func (e DecodeErr) IsInvalidCookie() bool {
+	return e.Place == DecodeErrPlace{"message", "cookie"}
+}
+
+// IsPlaceParent reports if error place parent is p.
+func (e DecodeErr) IsPlaceParent(p string) bool {
+	return e.Place.Parent == p
+}
+
+// IsPlaceChildren reports if error place children is c.
+func (e DecodeErr) IsPlaceChildren(c string) bool {
+	return e.Place.Children == c
+}
+
+// IsPlace reports if error place is p.
+func (e DecodeErr) IsPlace(p DecodeErrPlace) bool {
+	return e.Place == p
+}
+
+// DecodeErrPlace records a place where error is occurred.
+type DecodeErrPlace struct {
+	Parent   string
+	Children string
+}
+
+func (p DecodeErrPlace) String() string {
+	return p.Parent + "/" + p.Children
+}
+
+func (e DecodeErr) Error() string {
+	return "BadFormat for " + e.Place.String() + ": " + e.Message
+}
+
+func newDecodeErr(parent, children, message string) *DecodeErr {
+	return &DecodeErr{
+		Place:   DecodeErrPlace{Parent: parent, Children: children},
+		Message: message,
+	}
+}
+
+// TODO(ar): rewrite errors to be more precise.
+func newAttrDecodeErr(children, message string) *DecodeErr {
+	return newDecodeErr("attribute", children, message)
+}
+
+// ErrAttributeSizeInvalid means that decoded attribute size is invalid.
+var ErrAttributeSizeInvalid = errors.New("attribute size is invalid")
+
+// ErrAttributeSizeOverflow means that decoded attribute size is too big.
+var ErrAttributeSizeOverflow = errors.New("attribute size overflow")
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/fingerprint.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/fingerprint.go
new file mode 100644
index 000000000..aef80a206
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/fingerprint.go
@@ -0,0 +1,67 @@
+package stun
+
+import (
+	"errors"
+	"hash/crc32"
+)
+
+// FingerprintAttr represents FINGERPRINT attribute.
+//
+// RFC 5389 Section 15.5
+type FingerprintAttr struct{}
+
+// ErrFingerprintMismatch means that computed fingerprint differs from expected.
+var ErrFingerprintMismatch = errors.New("fingerprint check failed")
+
+// Fingerprint is shorthand for FingerprintAttr.
+//
+// Example:
+//
+//  m := New()
+//  Fingerprint.AddTo(m)
+var Fingerprint FingerprintAttr
+
+const (
+	fingerprintXORValue uint32 = 0x5354554e //nolint:staticcheck
+	fingerprintSize            = 4          // 32 bit
+)
+
+// FingerprintValue returns CRC-32 of b XOR-ed by 0x5354554e.
+//
+// The value of the attribute is computed as the CRC-32 of the STUN message
+// up to (but excluding) the FINGERPRINT attribute itself, XOR'ed with
+// the 32-bit value 0x5354554e (the XOR helps in cases where an
+// application packet is also using CRC-32 in it).
+func FingerprintValue(b []byte) uint32 {
+	return crc32.ChecksumIEEE(b) ^ fingerprintXORValue // XOR
+}
+
+// AddTo adds fingerprint to message.
+func (FingerprintAttr) AddTo(m *Message) error {
+	l := m.Length
+	// length in header should include size of fingerprint attribute
+	m.Length += fingerprintSize + attributeHeaderSize // increasing length
+	m.WriteLength()                                   // writing Length to Raw
+	b := make([]byte, fingerprintSize)
+	val := FingerprintValue(m.Raw)
+	bin.PutUint32(b, val)
+	m.Length = l
+	m.Add(AttrFingerprint, b)
+	return nil
+}
+
+// Check reads fingerprint value from m and checks it, returning error if any.
+// Can return *AttrLengthErr, ErrAttributeNotFound, and *CRCMismatch.
+func (FingerprintAttr) Check(m *Message) error {
+	b, err := m.Get(AttrFingerprint)
+	if err != nil {
+		return err
+	}
+	if err = CheckSize(AttrFingerprint, len(b), fingerprintSize); err != nil {
+		return err
+	}
+	val := bin.Uint32(b)
+	attrStart := len(m.Raw) - (fingerprintSize + attributeHeaderSize)
+	expected := FingerprintValue(m.Raw[:attrStart])
+	return checkFingerprint(val, expected)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/fingerprint_debug.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/fingerprint_debug.go
new file mode 100644
index 000000000..6da074cd8
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/fingerprint_debug.go
@@ -0,0 +1,18 @@
+// +build debug
+
+package stun
+
+import "fmt"
+
+// CRCMismatch represents CRC check error.
+type CRCMismatch struct {
+	Expected uint32
+	Actual   uint32
+}
+
+func (m CRCMismatch) Error() string {
+	return fmt.Sprintf("CRC mismatch: %x (expected) != %x (actual)",
+		m.Expected,
+		m.Actual,
+	)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/fuzz.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/fuzz.go
new file mode 100644
index 000000000..debfa8d1c
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/fuzz.go
@@ -0,0 +1,140 @@
+// +build gofuzz
+
+package stun
+
+import (
+	"encoding/binary"
+	"fmt"
+)
+
+var (
+	m = New()
+)
+
+// FuzzMessage is go-fuzz endpoint for message.
+func FuzzMessage(data []byte) int {
+	m.Reset()
+	// fuzzer dont know about cookies
+	binary.BigEndian.PutUint32(data[4:8], magicCookie)
+	// trying to read data as message
+	if _, err := m.Write(data); err != nil {
+		return 0
+	}
+	m2 := New()
+	if _, err := m2.Write(m.Raw); err != nil {
+		panic(err) // nolint
+	}
+	if m2.TransactionID != m.TransactionID {
+		panic("transaction ID mismatch") // nolint
+	}
+	if m2.Type != m.Type {
+		panic("type missmatch") // nolint
+	}
+	if len(m2.Attributes) != len(m.Attributes) {
+		panic("attributes length missmatch") // nolint
+	}
+	return 1
+}
+
+// FuzzType is go-fuzz endpoint for message type.
+func FuzzType(data []byte) int {
+	t := MessageType{}
+	vt, _ := binary.Uvarint(data)
+	v := uint16(vt) & 0x1fff // first 3 bits are empty
+	t.ReadValue(v)
+	v2 := t.Value()
+	if v != v2 {
+		panic("v != v2") // nolint
+	}
+	t2 := MessageType{}
+	t2.ReadValue(v2)
+	if t2 != t {
+		panic("t2 != t") // nolint
+	}
+	return 0
+}
+
+type attr interface {
+	Getter
+	Setter
+}
+
+type attrs []struct {
+	g attr
+	t AttrType
+}
+
+func (a attrs) pick(v byte) struct {
+	g attr
+	t AttrType
+} {
+	idx := int(v) % len(a)
+	return a[idx]
+}
+
+func FuzzSetters(data []byte) int {
+	var (
+		m1 = &Message{
+			Raw: make([]byte, 0, 2048),
+		}
+		m2 = &Message{
+			Raw: make([]byte, 0, 2048),
+		}
+		m3 = &Message{
+			Raw: make([]byte, 0, 2048),
+		}
+	)
+	attributes := attrs{
+		{new(Realm), AttrRealm},
+		{new(XORMappedAddress), AttrXORMappedAddress},
+		{new(Nonce), AttrNonce},
+		{new(Software), AttrSoftware},
+		{new(AlternateServer), AttrAlternateServer},
+		{new(ErrorCodeAttribute), AttrErrorCode},
+		{new(UnknownAttributes), AttrUnknownAttributes},
+		{new(Username), AttrUsername},
+		{new(MappedAddress), AttrMappedAddress},
+		{new(Realm), AttrRealm},
+	}
+	var firstByte = byte(0)
+	if len(data) > 0 {
+		firstByte = data[0]
+	}
+	a := attributes.pick(firstByte)
+	value := data
+	if len(data) > 1 {
+		value = value[1:]
+	}
+	m1.WriteHeader()
+	m1.Add(a.t, value)
+	err := a.g.GetFrom(m1)
+	if err == ErrAttributeNotFound {
+		fmt.Println("unexpected 404") // nolint
+		panic(err)                    // nolint
+	}
+	if err != nil {
+		return 1
+	}
+	m2.WriteHeader()
+	if err = a.g.AddTo(m2); err != nil {
+		// We allow decoding some text attributes
+		// when their length is too big, but
+		// not encoding.
+		if !IsAttrSizeOverflow(err) {
+			panic(err) // nolint
+		}
+		return 1
+	}
+	m3.WriteHeader()
+	v, err := m2.Get(a.t)
+	if err != nil {
+		panic(err) // nolint
+	}
+	m3.Add(a.t, v)
+
+	if !m2.Equal(m3) {
+		fmt.Println(m2, "not equal", m3) // nolint
+		panic("not equal")               // nolint
+	}
+	return 1
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/go.mod b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/go.mod
new file mode 100644
index 000000000..72b56716f
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/go.mod
@@ -0,0 +1,3 @@
+module github.com/pion/stun
+
+go 1.12
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/go.sum b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/go.sum
new file mode 100644
index 000000000..e69de29bb
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/go.test.sh b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/go.test.sh
new file mode 100644
index 000000000..25234e4b3
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/go.test.sh
@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+
+set -e
+touch coverage.txt
+
+# test fuzz inputs
+go test -tags gofuzz -run TestFuzz -v .
+
+# quick-test without -race
+go test ./...
+
+# test with "debug" tag
+go test -tags debug ./...
+
+# test concurrency
+go test -race -cpu=1,2,4 -run TestClient_DoConcurrent
+
+for d in $(go list ./... | grep -v vendor); do
+    go test -race -coverprofile=profile.out -covermode=atomic "$d"
+    if [[ -f profile.out ]]; then
+        cat profile.out >> coverage.txt
+        rm profile.out
+    fi
+done
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/helpers.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/helpers.go
new file mode 100644
index 000000000..158a51dd4
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/helpers.go
@@ -0,0 +1,105 @@
+package stun
+
+// Interfaces that are implemented by message attributes, shorthands for them,
+// or helpers for message fields as type or transaction id.
+type (
+	// Setter sets *Message attribute.
+	Setter interface {
+		AddTo(m *Message) error
+	}
+	// Getter parses attribute from *Message.
+	Getter interface {
+		GetFrom(m *Message) error
+	}
+	// Checker checks *Message attribute.
+	Checker interface {
+		Check(m *Message) error
+	}
+)
+
+// Build resets message and applies setters to it in batch, returning on
+// first error. To prevent allocations, pass pointers to values.
+//
+// Example:
+//  var (
+//  	t        = BindingRequest
+//  	username = NewUsername("username")
+//  	nonce    = NewNonce("nonce")
+//  	realm    = NewRealm("example.org")
+//  )
+//  m := new(Message)
+//  m.Build(t, username, nonce, realm)     // 4 allocations
+//  m.Build(&t, &username, &nonce, &realm) // 0 allocations
+//
+// See BenchmarkBuildOverhead.
+func (m *Message) Build(setters ...Setter) error {
+	m.Reset()
+	m.WriteHeader()
+	for _, s := range setters {
+		if err := s.AddTo(m); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// Check applies checkers to message in batch, returning on first error.
+func (m *Message) Check(checkers ...Checker) error {
+	for _, c := range checkers {
+		if err := c.Check(m); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// Parse applies getters to message in batch, returning on first error.
+func (m *Message) Parse(getters ...Getter) error {
+	for _, c := range getters {
+		if err := c.GetFrom(m); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// MustBuild wraps Build call and panics on error.
+func MustBuild(setters ...Setter) *Message {
+	m, err := Build(setters...)
+	if err != nil {
+		panic(err) // nolint
+	}
+	return m
+}
+
+// Build wraps Message.Build method.
+func Build(setters ...Setter) (*Message, error) {
+	m := new(Message)
+	if err := m.Build(setters...); err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+// ForEach is helper that iterates over message attributes allowing to call
+// Getter in f callback to get all attributes of type t and returning on first
+// f error.
+//
+// The m.Get method inside f will be returning next attribute on each f call.
+// Does not error if there are no results.
+func (m *Message) ForEach(t AttrType, f func(m *Message) error) error {
+	attrs := m.Attributes
+	defer func() {
+		m.Attributes = attrs
+	}()
+	for i, a := range attrs {
+		if a.Type != t {
+			continue
+		}
+		m.Attributes = attrs[i:]
+		if err := f(m); err != nil {
+			return err
+		}
+	}
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/integrity.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/integrity.go
new file mode 100644
index 000000000..39b0d5073
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/integrity.go
@@ -0,0 +1,124 @@
+package stun
+
+import (
+	"crypto/md5"  // #nosec
+	"crypto/sha1" // #nosec
+	"errors"
+	"fmt"
+	"strings"
+
+	"github.com/pion/stun/internal/hmac"
+)
+
+// separator for credentials.
+const credentialsSep = ":"
+
+// NewLongTermIntegrity returns new MessageIntegrity with key for long-term
+// credentials. Password, username, and realm must be SASL-prepared.
+func NewLongTermIntegrity(username, realm, password string) MessageIntegrity {
+	k := strings.Join([]string{username, realm, password}, credentialsSep)
+	// #nosec
+	h := md5.New()
+	fmt.Fprint(h, k)
+	return MessageIntegrity(h.Sum(nil))
+}
+
+// NewShortTermIntegrity returns new MessageIntegrity with key for short-term
+// credentials. Password must be SASL-prepared.
+func NewShortTermIntegrity(password string) MessageIntegrity {
+	return MessageIntegrity(password)
+}
+
+// MessageIntegrity represents MESSAGE-INTEGRITY attribute.
+//
+// AddTo and Check methods are using zero-allocation version of hmac, see
+// newHMAC function and internal/hmac/pool.go.
+//
+// RFC 5389 Section 15.4
+type MessageIntegrity []byte
+
+func newHMAC(key, message, buf []byte) []byte {
+	mac := hmac.AcquireSHA1(key)
+	writeOrPanic(mac, message)
+	defer hmac.PutSHA1(mac)
+	return mac.Sum(buf)
+}
+
+func (i MessageIntegrity) String() string {
+	return fmt.Sprintf("KEY: 0x%x", []byte(i))
+}
+
+const messageIntegritySize = 20
+
+// ErrFingerprintBeforeIntegrity means that FINGERPRINT attribute is already in
+// message, so MESSAGE-INTEGRITY attribute cannot be added.
+var ErrFingerprintBeforeIntegrity = errors.New("FINGERPRINT before MESSAGE-INTEGRITY attribute")
+
+// AddTo adds MESSAGE-INTEGRITY attribute to message.
+//
+// CPU costly, see BenchmarkMessageIntegrity_AddTo.
+func (i MessageIntegrity) AddTo(m *Message) error {
+	for _, a := range m.Attributes {
+		// Message should not contain FINGERPRINT attribute
+		// before MESSAGE-INTEGRITY.
+		if a.Type == AttrFingerprint {
+			return ErrFingerprintBeforeIntegrity
+		}
+	}
+	// The text used as input to HMAC is the STUN message,
+	// including the header, up to and including the attribute preceding the
+	// MESSAGE-INTEGRITY attribute.
+	length := m.Length
+	// Adjusting m.Length to contain MESSAGE-INTEGRITY TLV.
+	m.Length += messageIntegritySize + attributeHeaderSize
+	m.WriteLength()                            // writing length to m.Raw
+	v := newHMAC(i, m.Raw, m.Raw[len(m.Raw):]) // calculating HMAC for adjusted m.Raw
+	m.Length = length                          // changing m.Length back
+
+	// Copy hmac value to temporary variable to protect it from resetting
+	// while processing m.Add call.
+	vBuf := make([]byte, sha1.Size)
+	copy(vBuf, v)
+
+	m.Add(AttrMessageIntegrity, vBuf)
+	return nil
+}
+
+// ErrIntegrityMismatch means that computed HMAC differs from expected.
+var ErrIntegrityMismatch = errors.New("integrity check failed")
+
+// Check checks MESSAGE-INTEGRITY attribute.
+//
+// CPU costly, see BenchmarkMessageIntegrity_Check.
+func (i MessageIntegrity) Check(m *Message) error {
+	v, err := m.Get(AttrMessageIntegrity)
+	if err != nil {
+		return err
+	}
+
+	// Adjusting length in header to match m.Raw that was
+	// used when computing HMAC.
+	var (
+		length         = m.Length
+		afterIntegrity = false
+		sizeReduced    int
+	)
+	for _, a := range m.Attributes {
+		if afterIntegrity {
+			sizeReduced += nearestPaddedValueLength(int(a.Length))
+			sizeReduced += attributeHeaderSize
+		}
+		if a.Type == AttrMessageIntegrity {
+			afterIntegrity = true
+		}
+	}
+	m.Length -= uint32(sizeReduced)
+	m.WriteLength()
+	// startOfHMAC should be first byte of integrity attribute.
+	startOfHMAC := messageHeaderSize + m.Length - (attributeHeaderSize + messageIntegritySize)
+	b := m.Raw[:startOfHMAC] // data before integrity attribute
+	expected := newHMAC(i, b, m.Raw[len(m.Raw):])
+	m.Length = length
+	m.WriteLength() // writing length back
+	return checkHMAC(v, expected)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/integrity_debug.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/integrity_debug.go
new file mode 100644
index 000000000..6b8a30307
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/integrity_debug.go
@@ -0,0 +1,18 @@
+// +build debug
+
+package stun
+
+import "fmt"
+
+// IntegrityErr occurs when computed HMAC differs from expected.
+type IntegrityErr struct {
+	Expected []byte
+	Actual   []byte
+}
+
+func (i *IntegrityErr) Error() string {
+	return fmt.Sprintf(
+		"Integrity check failed: 0x%x (expected) !- 0x%x (actual)",
+		i.Expected, i.Actual,
+	)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/internal/hmac/hmac.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/internal/hmac/hmac.go
new file mode 100644
index 000000000..801ece67a
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/internal/hmac/hmac.go
@@ -0,0 +1,101 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+/*
+Package hmac implements the Keyed-Hash Message Authentication Code (HMAC) as
+defined in U.S. Federal Information Processing Standards Publication 198.
+An HMAC is a cryptographic hash that uses a key to sign a message.
+The receiver verifies the hash by recomputing it using the same key.
+
+Receivers should be careful to use Equal to compare MACs in order to avoid
+timing side-channels:
+
+	// ValidMAC reports whether messageMAC is a valid HMAC tag for message.
+	func ValidMAC(message, messageMAC, key []byte) bool {
+		mac := hmac.New(sha256.New, key)
+		mac.Write(message)
+		expectedMAC := mac.Sum(nil)
+		return hmac.Equal(messageMAC, expectedMAC)
+	}
+*/
+package hmac
+
+import (
+	"crypto/subtle"
+	"hash"
+)
+
+// FIPS 198-1:
+// https://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf
+
+// key is zero padded to the block size of the hash function
+// ipad = 0x36 byte repeated for key length
+// opad = 0x5c byte repeated for key length
+// hmac = H([key ^ opad] H([key ^ ipad] text))
+
+type hmac struct {
+	size         int
+	blocksize    int
+	opad, ipad   []byte
+	outer, inner hash.Hash
+}
+
+func (h *hmac) Sum(in []byte) []byte {
+	origLen := len(in)
+	in = h.inner.Sum(in)
+	h.outer.Reset()
+	h.outer.Write(h.opad)
+	h.outer.Write(in[origLen:])
+	return h.outer.Sum(in[:origLen])
+}
+
+func (h *hmac) Write(p []byte) (n int, err error) {
+	return h.inner.Write(p)
+}
+
+func (h *hmac) Size() int { return h.size }
+
+func (h *hmac) BlockSize() int { return h.blocksize }
+
+func (h *hmac) Reset() {
+	h.inner.Reset()
+	h.inner.Write(h.ipad)
+}
+
+// New returns a new HMAC hash using the given hash.Hash type and key.
+// Note that unlike other hash implementations in the standard library,
+// the returned Hash does not implement encoding.BinaryMarshaler
+// or encoding.BinaryUnmarshaler.
+func New(h func() hash.Hash, key []byte) hash.Hash {
+	hm := new(hmac)
+	hm.outer = h()
+	hm.inner = h()
+	hm.size = hm.inner.Size()
+	hm.blocksize = hm.inner.BlockSize()
+	hm.ipad = make([]byte, hm.blocksize)
+	hm.opad = make([]byte, hm.blocksize)
+	if len(key) > hm.blocksize {
+		// If key is too big, hash it.
+		hm.outer.Write(key)
+		key = hm.outer.Sum(nil)
+	}
+	copy(hm.ipad, key)
+	copy(hm.opad, key)
+	for i := range hm.ipad {
+		hm.ipad[i] ^= 0x36
+	}
+	for i := range hm.opad {
+		hm.opad[i] ^= 0x5c
+	}
+	hm.inner.Write(hm.ipad)
+	return hm
+}
+
+// Equal compares two MACs for equality without leaking timing information.
+func Equal(mac1, mac2 []byte) bool {
+	// We don't have to be constant time if the lengths of the MACs are
+	// different as that suggests that a completely different hash function
+	// was used.
+	return subtle.ConstantTimeCompare(mac1, mac2) == 1
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/internal/hmac/pool.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/internal/hmac/pool.go
new file mode 100644
index 000000000..4db61e540
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/internal/hmac/pool.go
@@ -0,0 +1,92 @@
+package hmac
+
+import (
+	"crypto/sha1"
+	"crypto/sha256"
+	"hash"
+	"sync"
+)
+
+// setZeroes sets all bytes from b to zeroes.
+//
+// See https://github.com/golang/go/issues/5373
+func setZeroes(b []byte) {
+	for i := range b {
+		b[i] = 0
+	}
+}
+
+func (h *hmac) resetTo(key []byte) {
+	h.outer.Reset()
+	h.inner.Reset()
+	setZeroes(h.ipad)
+	setZeroes(h.opad)
+	if len(key) > h.blocksize {
+		// If key is too big, hash it.
+		h.outer.Write(key)
+		key = h.outer.Sum(nil)
+	}
+	copy(h.ipad, key)
+	copy(h.opad, key)
+	for i := range h.ipad {
+		h.ipad[i] ^= 0x36
+	}
+	for i := range h.opad {
+		h.opad[i] ^= 0x5c
+	}
+	h.inner.Write(h.ipad)
+}
+
+var hmacSHA1Pool = &sync.Pool{
+	New: func() interface{} {
+		h := New(sha1.New, make([]byte, sha1.BlockSize))
+		return h
+	},
+}
+
+// AcquireSHA1 returns new HMAC from pool.
+func AcquireSHA1(key []byte) hash.Hash {
+	h := hmacSHA1Pool.Get().(*hmac)
+	assertHMACSize(h, sha1.Size, sha1.BlockSize)
+	h.resetTo(key)
+	return h
+}
+
+// PutSHA1 puts h to pool.
+func PutSHA1(h hash.Hash) {
+	hm := h.(*hmac)
+	assertHMACSize(hm, sha1.Size, sha1.BlockSize)
+	hmacSHA1Pool.Put(hm)
+}
+
+var hmacSHA256Pool = &sync.Pool{
+	New: func() interface{} {
+		h := New(sha256.New, make([]byte, sha256.BlockSize))
+		return h
+	},
+}
+
+// AcquireSHA256 returns new HMAC from SHA256 pool.
+func AcquireSHA256(key []byte) hash.Hash {
+	h := hmacSHA256Pool.Get().(*hmac)
+	assertHMACSize(h, sha256.Size, sha256.BlockSize)
+	h.resetTo(key)
+	return h
+}
+
+// PutSHA256 puts h to SHA256 pool.
+func PutSHA256(h hash.Hash) {
+	hm := h.(*hmac)
+	assertHMACSize(hm, sha256.Size, sha256.BlockSize)
+	hmacSHA256Pool.Put(hm)
+}
+
+// assertHMACSize panics if h.size != size or h.blocksize != blocksize.
+//
+// Put and Acquire functions are internal functions to project, so
+// checking it via such assert is optimal.
+func assertHMACSize(h *hmac, size, blocksize int) {
+	if h.size != size || h.blocksize != blocksize {
+		panic("BUG: hmac size invalid") // nolint
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/internal/hmac/vendor.sh b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/internal/hmac/vendor.sh
new file mode 100644
index 000000000..83a2b32d3
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/internal/hmac/vendor.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+cp -v $GOROOT/src/crypto/hmac/{hmac,hmac_test}.go .
+git diff {hmac,hmac_test}.go
+
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/message.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/message.go
new file mode 100644
index 000000000..381923530
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/message.go
@@ -0,0 +1,588 @@
+package stun
+
+import (
+	"crypto/rand"
+	"encoding/base64"
+	"errors"
+	"fmt"
+	"io"
+)
+
+const (
+	// magicCookie is fixed value that aids in distinguishing STUN packets
+	// from packets of other protocols when STUN is multiplexed with those
+	// other protocols on the same Port.
+	//
+	// The magic cookie field MUST contain the fixed value 0x2112A442 in
+	// network byte order.
+	//
+	// Defined in "STUN Message Structure", section 6.
+	magicCookie         = 0x2112A442
+	attributeHeaderSize = 4
+	messageHeaderSize   = 20
+
+	// TransactionIDSize is length of transaction id array (in bytes).
+	TransactionIDSize = 12 // 96 bit
+)
+
+// NewTransactionID returns new random transaction ID using crypto/rand
+// as source.
+func NewTransactionID() (b [TransactionIDSize]byte) {
+	readFullOrPanic(rand.Reader, b[:])
+	return b
+}
+
+// IsMessage returns true if b looks like STUN message.
+// Useful for multiplexing. IsMessage does not guarantee
+// that decoding will be successful.
+func IsMessage(b []byte) bool {
+	return len(b) >= messageHeaderSize && bin.Uint32(b[4:8]) == magicCookie
+}
+
+// New returns *Message with pre-allocated Raw.
+func New() *Message {
+	const defaultRawCapacity = 120
+	return &Message{
+		Raw: make([]byte, messageHeaderSize, defaultRawCapacity),
+	}
+}
+
+// ErrDecodeToNil occurs on Decode(data, nil) call.
+var ErrDecodeToNil = errors.New("attempt to decode to nil message")
+
+// Decode decodes Message from data to m, returning error if any.
+func Decode(data []byte, m *Message) error {
+	if m == nil {
+		return ErrDecodeToNil
+	}
+	m.Raw = append(m.Raw[:0], data...)
+	return m.Decode()
+}
+
+// Message represents a single STUN packet. It uses aggressive internal
+// buffering to enable zero-allocation encoding and decoding,
+// so there are some usage constraints:
+//
+// 	Message, its fields, results of m.Get or any attribute a.GetFrom
+//	are valid only until Message.Raw is not modified.
+type Message struct {
+	Type          MessageType
+	Length        uint32 // len(Raw) not including header
+	TransactionID [TransactionIDSize]byte
+	Attributes    Attributes
+	Raw           []byte
+}
+
+// AddTo sets b.TransactionID to m.TransactionID.
+//
+// Implements Setter to aid in crafting responses.
+func (m *Message) AddTo(b *Message) error {
+	b.TransactionID = m.TransactionID
+	b.WriteTransactionID()
+	return nil
+}
+
+// NewTransactionID sets m.TransactionID to random value from crypto/rand
+// and returns error if any.
+func (m *Message) NewTransactionID() error {
+	_, err := io.ReadFull(rand.Reader, m.TransactionID[:])
+	if err == nil {
+		m.WriteTransactionID()
+	}
+	return err
+}
+
+func (m *Message) String() string {
+	tID := base64.StdEncoding.EncodeToString(m.TransactionID[:])
+	return fmt.Sprintf("%s l=%d attrs=%d id=%s", m.Type, m.Length, len(m.Attributes), tID)
+}
+
+// Reset resets Message, attributes and underlying buffer length.
+func (m *Message) Reset() {
+	m.Raw = m.Raw[:0]
+	m.Length = 0
+	m.Attributes = m.Attributes[:0]
+}
+
+// grow ensures that internal buffer has n length.
+func (m *Message) grow(n int) {
+	if len(m.Raw) >= n {
+		return
+	}
+	if cap(m.Raw) >= n {
+		m.Raw = m.Raw[:n]
+		return
+	}
+	m.Raw = append(m.Raw, make([]byte, n-len(m.Raw))...)
+}
+
+// Add appends new attribute to message. Not goroutine-safe.
+//
+// Value of attribute is copied to internal buffer so
+// it is safe to reuse v.
+func (m *Message) Add(t AttrType, v []byte) {
+	// Allocating buffer for TLV (type-length-value).
+	// T = t, L = len(v), V = v.
+	// m.Raw will look like:
+	// [0:20]                               <- message header
+	// [20:20+m.Length]                     <- existing message attributes
+	// [20+m.Length:20+m.Length+len(v) + 4] <- allocated buffer for new TLV
+	// [first:last]                         <- same as previous
+	// [0 1|2 3|4    4 + len(v)]            <- mapping for allocated buffer
+	//   T   L        V
+	allocSize := attributeHeaderSize + len(v)  // ~ len(TLV) = len(TL) + len(V)
+	first := messageHeaderSize + int(m.Length) // first byte number
+	last := first + allocSize                  // last byte number
+	m.grow(last)                               // growing cap(Raw) to fit TLV
+	m.Raw = m.Raw[:last]                       // now len(Raw) = last
+	m.Length += uint32(allocSize)              // rendering length change
+
+	// Sub-slicing internal buffer to simplify encoding.
+	buf := m.Raw[first:last]           // slice for TLV
+	value := buf[attributeHeaderSize:] // slice for V
+	attr := RawAttribute{
+		Type:   t,              // T
+		Length: uint16(len(v)), // L
+		Value:  value,          // V
+	}
+
+	// Encoding attribute TLV to allocated buffer.
+	bin.PutUint16(buf[0:2], attr.Type.Value()) // T
+	bin.PutUint16(buf[2:4], attr.Length)       // L
+	copy(value, v)                             // V
+
+	// Checking that attribute value needs padding.
+	if attr.Length%padding != 0 {
+		// Performing padding.
+		bytesToAdd := nearestPaddedValueLength(len(v)) - len(v)
+		last += bytesToAdd
+		m.grow(last)
+		// setting all padding bytes to zero
+		// to prevent data leak from previous
+		// data in next bytesToAdd bytes
+		buf = m.Raw[last-bytesToAdd : last]
+		for i := range buf {
+			buf[i] = 0
+		}
+		m.Raw = m.Raw[:last]           // increasing buffer length
+		m.Length += uint32(bytesToAdd) // rendering length change
+	}
+	m.Attributes = append(m.Attributes, attr)
+	m.WriteLength()
+}
+
+func attrSliceEqual(a, b Attributes) bool {
+	for _, attr := range a {
+		found := false
+		for _, attrB := range b {
+			if attrB.Type != attr.Type {
+				continue
+			}
+			if attrB.Equal(attr) {
+				found = true
+				break
+			}
+		}
+		if !found {
+			return false
+		}
+	}
+	return true
+}
+
+func attrEqual(a, b Attributes) bool {
+	if a == nil && b == nil {
+		return true
+	}
+	if a == nil || b == nil {
+		return false
+	}
+	if len(a) != len(b) {
+		return false
+	}
+	if !attrSliceEqual(a, b) {
+		return false
+	}
+	if !attrSliceEqual(b, a) {
+		return false
+	}
+	return true
+}
+
+// Equal returns true if Message b equals to m.
+// Ignores m.Raw.
+func (m *Message) Equal(b *Message) bool {
+	if m == nil && b == nil {
+		return true
+	}
+	if m == nil || b == nil {
+		return false
+	}
+	if m.Type != b.Type {
+		return false
+	}
+	if m.TransactionID != b.TransactionID {
+		return false
+	}
+	if m.Length != b.Length {
+		return false
+	}
+	if !attrEqual(m.Attributes, b.Attributes) {
+		return false
+	}
+	return true
+}
+
+// WriteLength writes m.Length to m.Raw.
+func (m *Message) WriteLength() {
+	m.grow(4)
+	bin.PutUint16(m.Raw[2:4], uint16(m.Length))
+}
+
+// WriteHeader writes header to underlying buffer. Not goroutine-safe.
+func (m *Message) WriteHeader() {
+	m.grow(messageHeaderSize)
+	_ = m.Raw[:messageHeaderSize] // early bounds check to guarantee safety of writes below
+
+	m.WriteType()
+	m.WriteLength()
+	bin.PutUint32(m.Raw[4:8], magicCookie)               // magic cookie
+	copy(m.Raw[8:messageHeaderSize], m.TransactionID[:]) // transaction ID
+}
+
+// WriteTransactionID writes m.TransactionID to m.Raw.
+func (m *Message) WriteTransactionID() {
+	copy(m.Raw[8:messageHeaderSize], m.TransactionID[:]) // transaction ID
+}
+
+// WriteAttributes encodes all m.Attributes to m.
+func (m *Message) WriteAttributes() {
+	attributes := m.Attributes
+	m.Attributes = attributes[:0]
+	for _, a := range attributes {
+		m.Add(a.Type, a.Value)
+	}
+	m.Attributes = attributes
+}
+
+// WriteType writes m.Type to m.Raw.
+func (m *Message) WriteType() {
+	m.grow(2)
+	bin.PutUint16(m.Raw[0:2], m.Type.Value()) // message type
+}
+
+// SetType sets m.Type and writes it to m.Raw.
+func (m *Message) SetType(t MessageType) {
+	m.Type = t
+	m.WriteType()
+}
+
+// Encode re-encodes message into m.Raw.
+func (m *Message) Encode() {
+	m.Raw = m.Raw[:0]
+	m.WriteHeader()
+	m.Length = 0
+	m.WriteAttributes()
+}
+
+// WriteTo implements WriterTo via calling Write(m.Raw) on w and returning
+// call result.
+func (m *Message) WriteTo(w io.Writer) (int64, error) {
+	n, err := w.Write(m.Raw)
+	return int64(n), err
+}
+
+// ReadFrom implements ReaderFrom. Reads message from r into m.Raw,
+// Decodes it and return error if any. If m.Raw is too small, will return
+// ErrUnexpectedEOF, ErrUnexpectedHeaderEOF or *DecodeErr.
+//
+// Can return *DecodeErr while decoding too.
+func (m *Message) ReadFrom(r io.Reader) (int64, error) {
+	tBuf := m.Raw[:cap(m.Raw)]
+	var (
+		n   int
+		err error
+	)
+	if n, err = r.Read(tBuf); err != nil {
+		return int64(n), err
+	}
+	m.Raw = tBuf[:n]
+	return int64(n), m.Decode()
+}
+
+// ErrUnexpectedHeaderEOF means that there were not enough bytes in
+// m.Raw to read header.
+var ErrUnexpectedHeaderEOF = errors.New("unexpected EOF: not enough bytes to read header")
+
+// Decode decodes m.Raw into m.
+func (m *Message) Decode() error {
+	// decoding message header
+	buf := m.Raw
+	if len(buf) < messageHeaderSize {
+		return ErrUnexpectedHeaderEOF
+	}
+	var (
+		t        = bin.Uint16(buf[0:2])      // first 2 bytes
+		size     = int(bin.Uint16(buf[2:4])) // second 2 bytes
+		cookie   = bin.Uint32(buf[4:8])      // last 4 bytes
+		fullSize = messageHeaderSize + size  // len(m.Raw)
+	)
+	if cookie != magicCookie {
+		msg := fmt.Sprintf("%x is invalid magic cookie (should be %x)", cookie, magicCookie)
+		return newDecodeErr("message", "cookie", msg)
+	}
+	if len(buf) < fullSize {
+		msg := fmt.Sprintf("buffer length %d is less than %d (expected message size)", len(buf), fullSize)
+		return newAttrDecodeErr("message", msg)
+	}
+	// saving header data
+	m.Type.ReadValue(t)
+	m.Length = uint32(size)
+	copy(m.TransactionID[:], buf[8:messageHeaderSize])
+
+	m.Attributes = m.Attributes[:0]
+	var (
+		offset = 0
+		b      = buf[messageHeaderSize:fullSize]
+	)
+	for offset < size {
+		// checking that we have enough bytes to read header
+		if len(b) < attributeHeaderSize {
+			msg := fmt.Sprintf("buffer length %d is less than %d (expected header size)", len(b), attributeHeaderSize)
+			return newAttrDecodeErr("header", msg)
+		}
+		var (
+			a = RawAttribute{
+				Type:   compatAttrType(bin.Uint16(b[0:2])), // first 2 bytes
+				Length: bin.Uint16(b[2:4]),                 // second 2 bytes
+			}
+			aL     = int(a.Length)                // attribute length
+			aBuffL = nearestPaddedValueLength(aL) // expected buffer length (with padding)
+		)
+		b = b[attributeHeaderSize:] // slicing again to simplify value read
+		offset += attributeHeaderSize
+		if len(b) < aBuffL { // checking size
+			msg := fmt.Sprintf("buffer length %d is less than %d (expected value size for %s)", len(b), aBuffL, a.Type)
+			return newAttrDecodeErr("value", msg)
+		}
+		a.Value = b[:aL]
+		offset += aBuffL
+		b = b[aBuffL:]
+
+		m.Attributes = append(m.Attributes, a)
+	}
+	return nil
+}
+
+// Write decodes message and return error if any.
+//
+// Any error is unrecoverable, but message could be partially decoded.
+func (m *Message) Write(tBuf []byte) (int, error) {
+	m.Raw = append(m.Raw[:0], tBuf...)
+	return len(tBuf), m.Decode()
+}
+
+// CloneTo clones m to b securing any further m mutations.
+func (m *Message) CloneTo(b *Message) error {
+	// TODO(ar): implement low-level copy.
+	b.Raw = append(b.Raw[:0], m.Raw...)
+	return b.Decode()
+}
+
+// MessageClass is 8-bit representation of 2-bit class of STUN Message Class.
+type MessageClass byte
+
+// Possible values for message class in STUN Message Type.
+const (
+	ClassRequest         MessageClass = 0x00 // 0b00
+	ClassIndication      MessageClass = 0x01 // 0b01
+	ClassSuccessResponse MessageClass = 0x02 // 0b10
+	ClassErrorResponse   MessageClass = 0x03 // 0b11
+)
+
+// Common STUN message types.
+var (
+	// Binding request message type.
+	BindingRequest = NewType(MethodBinding, ClassRequest)
+	// Binding success response message type
+	BindingSuccess = NewType(MethodBinding, ClassSuccessResponse)
+	// Binding error response message type.
+	BindingError = NewType(MethodBinding, ClassErrorResponse)
+)
+
+func (c MessageClass) String() string {
+	switch c {
+	case ClassRequest:
+		return "request"
+	case ClassIndication:
+		return "indication"
+	case ClassSuccessResponse:
+		return "success response"
+	case ClassErrorResponse:
+		return "error response"
+	default:
+		panic("unknown message class") // nolint: never happens unless wrongly casted
+	}
+}
+
+// Method is uint16 representation of 12-bit STUN method.
+type Method uint16
+
+// Possible methods for STUN Message.
+const (
+	MethodBinding          Method = 0x001
+	MethodAllocate         Method = 0x003
+	MethodRefresh          Method = 0x004
+	MethodSend             Method = 0x006
+	MethodData             Method = 0x007
+	MethodCreatePermission Method = 0x008
+	MethodChannelBind      Method = 0x009
+)
+
+// Methods from RFC 6062.
+const (
+	MethodConnect           Method = 0x000a
+	MethodConnectionBind    Method = 0x000b
+	MethodConnectionAttempt Method = 0x000c
+)
+
+var methodName = map[Method]string{
+	MethodBinding:          "Binding",
+	MethodAllocate:         "Allocate",
+	MethodRefresh:          "Refresh",
+	MethodSend:             "Send",
+	MethodData:             "Data",
+	MethodCreatePermission: "CreatePermission",
+	MethodChannelBind:      "ChannelBind",
+
+	// RFC 6062.
+	MethodConnect:           "Connect",
+	MethodConnectionBind:    "ConnectionBind",
+	MethodConnectionAttempt: "ConnectionAttempt",
+}
+
+func (m Method) String() string {
+	s, ok := methodName[m]
+	if !ok {
+		// Falling back to hex representation.
+		s = fmt.Sprintf("0x%x", uint16(m))
+	}
+	return s
+}
+
+// MessageType is STUN Message Type Field.
+type MessageType struct {
+	Method Method       // e.g. binding
+	Class  MessageClass // e.g. request
+}
+
+// AddTo sets m type to t.
+func (t MessageType) AddTo(m *Message) error {
+	m.SetType(t)
+	return nil
+}
+
+// NewType returns new message type with provided method and class.
+func NewType(method Method, class MessageClass) MessageType {
+	return MessageType{
+		Method: method,
+		Class:  class,
+	}
+}
+
+const (
+	methodABits = 0xf   // 0b0000000000001111
+	methodBBits = 0x70  // 0b0000000001110000
+	methodDBits = 0xf80 // 0b0000111110000000
+
+	methodBShift = 1
+	methodDShift = 2
+
+	firstBit  = 0x1
+	secondBit = 0x2
+
+	c0Bit = firstBit
+	c1Bit = secondBit
+
+	classC0Shift = 4
+	classC1Shift = 7
+)
+
+// Value returns bit representation of messageType.
+func (t MessageType) Value() uint16 {
+	//	 0                 1
+	//	 2  3  4 5 6 7 8 9 0 1 2 3 4 5
+	//	+--+--+-+-+-+-+-+-+-+-+-+-+-+-+
+	//	|M |M |M|M|M|C|M|M|M|C|M|M|M|M|
+	//	|11|10|9|8|7|1|6|5|4|0|3|2|1|0|
+	//	+--+--+-+-+-+-+-+-+-+-+-+-+-+-+
+	// Figure 3: Format of STUN Message Type Field
+
+	// Warning: Abandon all hope ye who enter here.
+	// Splitting M into A(M0-M3), B(M4-M6), D(M7-M11).
+	m := uint16(t.Method)
+	a := m & methodABits // A = M * 0b0000000000001111 (right 4 bits)
+	b := m & methodBBits // B = M * 0b0000000001110000 (3 bits after A)
+	d := m & methodDBits // D = M * 0b0000111110000000 (5 bits after B)
+
+	// Shifting to add "holes" for C0 (at 4 bit) and C1 (8 bit).
+	m = a + (b << methodBShift) + (d << methodDShift)
+
+	// C0 is zero bit of C, C1 is first bit.
+	// C0 = C * 0b01, C1 = (C * 0b10) >> 1
+	// Ct = C0 << 4 + C1 << 8.
+	// Optimizations: "((C * 0b10) >> 1) << 8" as "(C * 0b10) << 7"
+	// We need C0 shifted by 4, and C1 by 8 to fit "11" and "7" positions
+	// (see figure 3).
+	c := uint16(t.Class)
+	c0 := (c & c0Bit) << classC0Shift
+	c1 := (c & c1Bit) << classC1Shift
+	class := c0 + c1
+
+	return m + class
+}
+
+// ReadValue decodes uint16 into MessageType.
+func (t *MessageType) ReadValue(v uint16) {
+	// Decoding class.
+	// We are taking first bit from v >> 4 and second from v >> 7.
+	c0 := (v >> classC0Shift) & c0Bit
+	c1 := (v >> classC1Shift) & c1Bit
+	class := c0 + c1
+	t.Class = MessageClass(class)
+
+	// Decoding method.
+	a := v & methodABits                   // A(M0-M3)
+	b := (v >> methodBShift) & methodBBits // B(M4-M6)
+	d := (v >> methodDShift) & methodDBits // D(M7-M11)
+	m := a + b + d
+	t.Method = Method(m)
+}
+
+func (t MessageType) String() string {
+	return fmt.Sprintf("%s %s", t.Method, t.Class)
+}
+
+// Contains return true if message contain t attribute.
+func (m *Message) Contains(t AttrType) bool {
+	for _, a := range m.Attributes {
+		if a.Type == t {
+			return true
+		}
+	}
+	return false
+}
+
+type transactionIDValueSetter [TransactionIDSize]byte
+
+// NewTransactionIDSetter returns new Setter that sets message transaction id
+// to provided value.
+func NewTransactionIDSetter(value [TransactionIDSize]byte) Setter {
+	return transactionIDValueSetter(value)
+}
+
+func (t transactionIDValueSetter) AddTo(m *Message) error {
+	m.TransactionID = t
+	m.WriteTransactionID()
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/renovate.json b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/renovate.json
new file mode 100644
index 000000000..4400fd9b2
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/renovate.json
@@ -0,0 +1,15 @@
+{
+  "extends": [
+    "config:base"
+  ],
+  "postUpdateOptions": [
+    "gomodTidy"
+  ],
+  "commitBody": "Generated by renovateBot",
+  "packageRules": [
+    {
+      "packagePatterns": ["^golang.org/x/"],
+      "schedule": ["on the first day of the month"]
+    }
+  ]
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/stun.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/stun.go
new file mode 100644
index 000000000..9f804d270
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/stun.go
@@ -0,0 +1,51 @@
+// Package stun implements Session Traversal Utilities for NAT (STUN) RFC 5389.
+//
+// The stun package is intended to use by package that implements extension
+// to STUN (e.g. TURN) or client/server applications.
+//
+// Most methods are designed to be zero allocations. If it is not enough,
+// low-level methods are available. On other hand, there are helpers that
+// reduce code repeat.
+//
+// See examples for Message for basic usage, or https://github.com/pion/turn
+// package for example of stun extension implementation.
+package stun
+
+import (
+	"encoding/binary"
+	"io"
+)
+
+// bin is shorthand to binary.BigEndian.
+var bin = binary.BigEndian
+
+func readFullOrPanic(r io.Reader, v []byte) int {
+	n, err := io.ReadFull(r, v)
+	if err != nil {
+		panic(err) // nolint
+	}
+	return n
+}
+
+func writeOrPanic(w io.Writer, v []byte) int {
+	n, err := w.Write(v)
+	if err != nil {
+		panic(err) // nolint
+	}
+	return n
+}
+
+// IANA assigned ports for "stun" protocol.
+const (
+	DefaultPort    = 3478
+	DefaultTLSPort = 5349
+)
+
+type transactionIDSetter struct{}
+
+func (transactionIDSetter) AddTo(m *Message) error {
+	return m.NewTransactionID()
+}
+
+// TransactionID is Setter for m.TransactionID.
+var TransactionID Setter = transactionIDSetter{}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/textattrs.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/textattrs.go
new file mode 100644
index 000000000..efdfbd957
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/textattrs.go
@@ -0,0 +1,129 @@
+package stun
+
+// NewUsername returns Username with provided value.
+func NewUsername(username string) Username {
+	return Username(username)
+}
+
+// Username represents USERNAME attribute.
+//
+// RFC 5389 Section 15.3
+type Username []byte
+
+func (u Username) String() string {
+	return string(u)
+}
+
+const maxUsernameB = 513
+
+// AddTo adds USERNAME attribute to message.
+func (u Username) AddTo(m *Message) error {
+	return TextAttribute(u).AddToAs(m, AttrUsername, maxUsernameB)
+}
+
+// GetFrom gets USERNAME from message.
+func (u *Username) GetFrom(m *Message) error {
+	return (*TextAttribute)(u).GetFromAs(m, AttrUsername)
+}
+
+// NewRealm returns Realm with provided value.
+// Must be SASL-prepared.
+func NewRealm(realm string) Realm {
+	return Realm(realm)
+}
+
+// Realm represents REALM attribute.
+//
+// RFC 5389 Section 15.7
+type Realm []byte
+
+func (n Realm) String() string {
+	return string(n)
+}
+
+const maxRealmB = 763
+
+// AddTo adds NONCE to message.
+func (n Realm) AddTo(m *Message) error {
+	return TextAttribute(n).AddToAs(m, AttrRealm, maxRealmB)
+}
+
+// GetFrom gets REALM from message.
+func (n *Realm) GetFrom(m *Message) error {
+	return (*TextAttribute)(n).GetFromAs(m, AttrRealm)
+}
+
+const softwareRawMaxB = 763
+
+// Software is SOFTWARE attribute.
+//
+// RFC 5389 Section 15.10
+type Software []byte
+
+func (s Software) String() string {
+	return string(s)
+}
+
+// NewSoftware returns *Software from string.
+func NewSoftware(software string) Software {
+	return Software(software)
+}
+
+// AddTo adds Software attribute to m.
+func (s Software) AddTo(m *Message) error {
+	return TextAttribute(s).AddToAs(m, AttrSoftware, softwareRawMaxB)
+}
+
+// GetFrom decodes Software from m.
+func (s *Software) GetFrom(m *Message) error {
+	return (*TextAttribute)(s).GetFromAs(m, AttrSoftware)
+}
+
+// Nonce represents NONCE attribute.
+//
+// RFC 5389 Section 15.8
+type Nonce []byte
+
+// NewNonce returns new Nonce from string.
+func NewNonce(nonce string) Nonce {
+	return Nonce(nonce)
+}
+
+func (n Nonce) String() string {
+	return string(n)
+}
+
+const maxNonceB = 763
+
+// AddTo adds NONCE to message.
+func (n Nonce) AddTo(m *Message) error {
+	return TextAttribute(n).AddToAs(m, AttrNonce, maxNonceB)
+}
+
+// GetFrom gets NONCE from message.
+func (n *Nonce) GetFrom(m *Message) error {
+	return (*TextAttribute)(n).GetFromAs(m, AttrNonce)
+}
+
+// TextAttribute is helper for adding and getting text attributes.
+type TextAttribute []byte
+
+// AddToAs adds attribute with type t to m, checking maximum length. If maxLen
+// is less than 0, no check is performed.
+func (v TextAttribute) AddToAs(m *Message, t AttrType, maxLen int) error {
+	if err := CheckOverflow(t, len(v), maxLen); err != nil {
+		return err
+	}
+	m.Add(t, v)
+	return nil
+}
+
+// GetFromAs gets t attribute from m and appends its value to reseted v.
+func (v *TextAttribute) GetFromAs(m *Message, t AttrType) error {
+	a, err := m.Get(t)
+	if err != nil {
+		return err
+	}
+	*v = a
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/uattrs.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/uattrs.go
new file mode 100644
index 000000000..238d32d10
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/uattrs.go
@@ -0,0 +1,63 @@
+package stun
+
+import "errors"
+
+// UnknownAttributes represents UNKNOWN-ATTRIBUTES attribute.
+//
+// RFC 5389 Section 15.9
+type UnknownAttributes []AttrType
+
+func (a UnknownAttributes) String() string {
+	s := ""
+	if len(a) == 0 {
+		return "<nil>"
+	}
+	last := len(a) - 1
+	for i, t := range a {
+		s += t.String()
+		if i != last {
+			s += ", "
+		}
+	}
+	return s
+}
+
+// type size is 16 bit.
+const attrTypeSize = 4
+
+// AddTo adds UNKNOWN-ATTRIBUTES attribute to message.
+func (a UnknownAttributes) AddTo(m *Message) error {
+	v := make([]byte, 0, attrTypeSize*20) // 20 should be enough
+	// If len(a.Types) > 20, there will be allocations.
+	for i, t := range a {
+		v = append(v, 0, 0, 0, 0) // 4 times by 0 (16 bits)
+		first := attrTypeSize * i
+		last := first + attrTypeSize
+		bin.PutUint16(v[first:last], t.Value())
+	}
+	m.Add(AttrUnknownAttributes, v)
+	return nil
+}
+
+// ErrBadUnknownAttrsSize means that UNKNOWN-ATTRIBUTES attribute value
+// has invalid length.
+var ErrBadUnknownAttrsSize = errors.New("bad UNKNOWN-ATTRIBUTES size")
+
+// GetFrom parses UNKNOWN-ATTRIBUTES from message.
+func (a *UnknownAttributes) GetFrom(m *Message) error {
+	v, err := m.Get(AttrUnknownAttributes)
+	if err != nil {
+		return err
+	}
+	if len(v)%attrTypeSize != 0 {
+		return ErrBadUnknownAttrsSize
+	}
+	*a = (*a)[:0]
+	first := 0
+	for first < len(v) {
+		last := first + attrTypeSize
+		*a = append(*a, AttrType(bin.Uint16(v[first:last])))
+		first = last
+	}
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/xor.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/xor.go
new file mode 100644
index 000000000..34365eb26
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/xor.go
@@ -0,0 +1,62 @@
+// Copyright 2013 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package stun
+
+import (
+	"runtime"
+	"unsafe"
+)
+
+// #nosec
+const wordSize = int(unsafe.Sizeof(uintptr(0)))
+
+var supportsUnaligned = runtime.GOARCH == "386" || runtime.GOARCH == "amd64"
+
+// fastXORBytes xors in bulk. It only works on architectures that
+// support unaligned read/writes.
+//
+// #nosec
+func fastXORBytes(dst, a, b []byte) int {
+	n := len(a)
+	if len(b) < n {
+		n = len(b)
+	}
+
+	w := n / wordSize
+	if w > 0 {
+		dw := *(*[]uintptr)(unsafe.Pointer(&dst))
+		aw := *(*[]uintptr)(unsafe.Pointer(&a))
+		bw := *(*[]uintptr)(unsafe.Pointer(&b))
+		for i := 0; i < w; i++ {
+			dw[i] = aw[i] ^ bw[i]
+		}
+	}
+
+	for i := n - n%wordSize; i < n; i++ {
+		dst[i] = a[i] ^ b[i]
+	}
+
+	return n
+}
+
+func safeXORBytes(dst, a, b []byte) int {
+	n := len(a)
+	if len(b) < n {
+		n = len(b)
+	}
+	for i := 0; i < n; i++ {
+		dst[i] = a[i] ^ b[i]
+	}
+	return n
+}
+
+// xorBytes xors the bytes in a and b. The destination is assumed to have enough
+// space. Returns the number of bytes xor'd.
+func xorBytes(dst, a, b []byte) int {
+	if supportsUnaligned {
+		return fastXORBytes(dst, a, b)
+	}
+	return safeXORBytes(dst, a, b)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/xoraddr.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/xoraddr.go
new file mode 100644
index 000000000..23f7777c0
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/stun/xoraddr.go
@@ -0,0 +1,145 @@
+package stun
+
+import (
+	"errors"
+	"fmt"
+	"io"
+	"net"
+	"strconv"
+)
+
+const (
+	familyIPv4 uint16 = 0x01
+	familyIPv6 uint16 = 0x02
+)
+
+// XORMappedAddress implements XOR-MAPPED-ADDRESS attribute.
+//
+// RFC 5389 Section 15.2
+type XORMappedAddress struct {
+	IP   net.IP
+	Port int
+}
+
+func (a XORMappedAddress) String() string {
+	return net.JoinHostPort(a.IP.String(), strconv.Itoa(a.Port))
+}
+
+// isIPv4 returns true if ip with len of net.IPv6Len seems to be ipv4.
+func isIPv4(ip net.IP) bool {
+	// Optimized for performance. Copied from net.IP.To4.
+	return isZeros(ip[0:10]) && ip[10] == 0xff && ip[11] == 0xff
+}
+
+// Is p all zeros?
+func isZeros(p net.IP) bool {
+	for i := 0; i < len(p); i++ {
+		if p[i] != 0 {
+			return false
+		}
+	}
+	return true
+}
+
+// ErrBadIPLength means that len(IP) is not net.{IPv6len,IPv4len}.
+var ErrBadIPLength = errors.New("invalid length of IP value")
+
+// AddToAs adds XOR-MAPPED-ADDRESS value to m as t attribute.
+func (a XORMappedAddress) AddToAs(m *Message, t AttrType) error {
+	var (
+		family = familyIPv4
+		ip     = a.IP
+	)
+	if len(a.IP) == net.IPv6len {
+		if isIPv4(ip) {
+			ip = ip[12:16] // like in ip.To4()
+		} else {
+			family = familyIPv6
+		}
+	} else if len(ip) != net.IPv4len {
+		return ErrBadIPLength
+	}
+	value := make([]byte, 32+128)
+	value[0] = 0 // first 8 bits are zeroes
+	xorValue := make([]byte, net.IPv6len)
+	copy(xorValue[4:], m.TransactionID[:])
+	bin.PutUint32(xorValue[0:4], magicCookie)
+	bin.PutUint16(value[0:2], family)
+	bin.PutUint16(value[2:4], uint16(a.Port^magicCookie>>16))
+	xorBytes(value[4:4+len(ip)], ip, xorValue)
+	m.Add(t, value[:4+len(ip)])
+	return nil
+}
+
+// AddTo adds XOR-MAPPED-ADDRESS to m. Can return ErrBadIPLength
+// if len(a.IP) is invalid.
+func (a XORMappedAddress) AddTo(m *Message) error {
+	return a.AddToAs(m, AttrXORMappedAddress)
+}
+
+// GetFromAs decodes XOR-MAPPED-ADDRESS attribute value in message
+// getting it as for t type.
+func (a *XORMappedAddress) GetFromAs(m *Message, t AttrType) error {
+	v, err := m.Get(t)
+	if err != nil {
+		return err
+	}
+	family := bin.Uint16(v[0:2])
+	if family != familyIPv6 && family != familyIPv4 {
+		return newDecodeErr("xor-mapped address", "family",
+			fmt.Sprintf("bad value %d", family),
+		)
+	}
+	ipLen := net.IPv4len
+	if family == familyIPv6 {
+		ipLen = net.IPv6len
+	}
+	// Ensuring len(a.IP) == ipLen and reusing a.IP.
+	if len(a.IP) < ipLen {
+		a.IP = a.IP[:cap(a.IP)]
+		for len(a.IP) < ipLen {
+			a.IP = append(a.IP, 0)
+		}
+	}
+	a.IP = a.IP[:ipLen]
+	for i := range a.IP {
+		a.IP[i] = 0
+	}
+	if len(v) <= 4 {
+		return io.ErrUnexpectedEOF
+	}
+	if err := CheckOverflow(t, len(v[4:]), len(a.IP)); err != nil {
+		return err
+	}
+	a.Port = int(bin.Uint16(v[2:4])) ^ (magicCookie >> 16)
+	xorValue := make([]byte, 4+TransactionIDSize)
+	bin.PutUint32(xorValue[0:4], magicCookie)
+	copy(xorValue[4:], m.TransactionID[:])
+	xorBytes(a.IP, v[4:], xorValue)
+	return nil
+}
+
+// GetFrom decodes XOR-MAPPED-ADDRESS attribute in message and returns
+// error if any. While decoding, a.IP is reused if possible and can be
+// rendered to invalid state (e.g. if a.IP was set to IPv6 and then
+// IPv4 value were decoded into it), be careful.
+//
+// Example:
+//
+//  expectedIP := net.ParseIP("213.141.156.236")
+//  expectedIP.String() // 213.141.156.236, 16 bytes, first 12 of them are zeroes
+//  expectedPort := 21254
+//  addr := &XORMappedAddress{
+//    IP:   expectedIP,
+//    Port: expectedPort,
+//  }
+//  // addr were added to message that is decoded as newMessage
+//  // ...
+//
+//  addr.GetFrom(newMessage)
+//  addr.IP.String()    // 213.141.156.236, net.IPv4Len
+//  expectedIP.String() // d58d:9cec::ffff:d58d:9cec, 16 bytes, first 4 are IPv4
+//  // now we have len(expectedIP) = 16 and len(addr.IP) = 4.
+func (a *XORMappedAddress) GetFrom(m *Message) error {
+	return a.GetFromAs(m, AttrXORMappedAddress)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/LICENSE b/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/LICENSE
new file mode 100644
index 000000000..ab602974d
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2018 
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/deadline/deadline.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/deadline/deadline.go
new file mode 100644
index 000000000..6f9738670
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/deadline/deadline.go
@@ -0,0 +1,110 @@
+// Package deadline provides deadline timer used to implement
+// net.Conn compatible connection
+package deadline
+
+import (
+	"context"
+	"sync"
+	"time"
+)
+
+// Deadline signals updatable deadline timer.
+// Also, it implements context.Context.
+type Deadline struct {
+	exceeded chan struct{}
+	stop     chan struct{}
+	stopped  chan bool
+	deadline time.Time
+	mu       sync.RWMutex
+}
+
+// New creates new deadline timer.
+func New() *Deadline {
+	d := &Deadline{
+		exceeded: make(chan struct{}),
+		stop:     make(chan struct{}),
+		stopped:  make(chan bool, 1),
+	}
+	d.stopped <- true
+	return d
+}
+
+// Set new deadline. Zero value means no deadline.
+func (d *Deadline) Set(t time.Time) {
+	d.mu.Lock()
+	defer d.mu.Unlock()
+
+	d.deadline = t
+
+	close(d.stop)
+
+	select {
+	case <-d.exceeded:
+		d.exceeded = make(chan struct{})
+	default:
+		stopped := <-d.stopped
+		if !stopped {
+			d.exceeded = make(chan struct{})
+		}
+	}
+	d.stop = make(chan struct{})
+	d.stopped = make(chan bool, 1)
+
+	if t.IsZero() {
+		d.stopped <- true
+		return
+	}
+
+	if dur := time.Until(t); dur > 0 {
+		exceeded := d.exceeded
+		stopped := d.stopped
+		go func() {
+			select {
+			case <-time.After(dur):
+				close(exceeded)
+				stopped <- false
+			case <-d.stop:
+				stopped <- true
+			}
+		}()
+		return
+	}
+
+	close(d.exceeded)
+	d.stopped <- false
+}
+
+// Done receives deadline signal.
+func (d *Deadline) Done() <-chan struct{} {
+	d.mu.RLock()
+	defer d.mu.RUnlock()
+	return d.exceeded
+}
+
+// Err returns context.DeadlineExceeded if the deadline is exceeded.
+// Otherwise, it returns nil.
+func (d *Deadline) Err() error {
+	d.mu.RLock()
+	defer d.mu.RUnlock()
+	select {
+	case <-d.exceeded:
+		return context.DeadlineExceeded
+	default:
+		return nil
+	}
+}
+
+// Deadline returns current deadline.
+func (d *Deadline) Deadline() (time.Time, bool) {
+	d.mu.RLock()
+	defer d.mu.RUnlock()
+	if d.deadline.IsZero() {
+		return d.deadline, false
+	}
+	return d.deadline, true
+}
+
+// Value returns nil.
+func (d *Deadline) Value(interface{}) interface{} {
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/packetio/buffer.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/packetio/buffer.go
new file mode 100644
index 000000000..97d86f8c8
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/packetio/buffer.go
@@ -0,0 +1,347 @@
+// Package packetio provides packet buffer
+package packetio
+
+import (
+	"errors"
+	"io"
+	"sync"
+	"time"
+
+	"github.com/pion/transport/deadline"
+)
+
+var errPacketTooBig = errors.New("packet too big")
+
+// BufferPacketType allow the Buffer to know which packet protocol is writing.
+type BufferPacketType int
+
+const (
+	// RTPBufferPacket indicates the Buffer that is handling RTP packets
+	RTPBufferPacket BufferPacketType = 1
+	// RTCPBufferPacket indicates the Buffer that is handling RTCP packets
+	RTCPBufferPacket BufferPacketType = 2
+)
+
+// Buffer allows writing packets to an intermediate buffer, which can then be read form.
+// This is verify similar to bytes.Buffer but avoids combining multiple writes into a single read.
+type Buffer struct {
+	mutex sync.Mutex
+
+	// this is a circular buffer.  If head <= tail, then the useful
+	// data is in the interval [head, tail[.  If tail < head, then
+	// the useful data is the union of [head, len[ and [0, tail[.
+	// In order to avoid ambiguity when head = tail, we always leave
+	// an unused byte in the buffer.
+	data       []byte
+	head, tail int
+
+	notify chan struct{}
+	subs   bool
+	closed bool
+
+	count                 int
+	limitCount, limitSize int
+
+	readDeadline *deadline.Deadline
+}
+
+const (
+	minSize    = 2048
+	cutoffSize = 128 * 1024
+	maxSize    = 4 * 1024 * 1024
+)
+
+// NewBuffer creates a new Buffer.
+func NewBuffer() *Buffer {
+	return &Buffer{
+		notify:       make(chan struct{}),
+		readDeadline: deadline.New(),
+	}
+}
+
+// available returns true if the buffer is large enough to fit a packet
+// of the given size, taking overhead into account.
+func (b *Buffer) available(size int) bool {
+	available := b.head - b.tail
+	if available <= 0 {
+		available += len(b.data)
+	}
+	// we interpret head=tail as empty, so always keep a byte free
+	if size+2+1 > available {
+		return false
+	}
+
+	return true
+}
+
+// grow increases the size of the buffer.  If it returns nil, then the
+// buffer has been grown.  It returns ErrFull if hits a limit.
+func (b *Buffer) grow() error {
+	var newsize int
+	if len(b.data) < cutoffSize {
+		newsize = 2 * len(b.data)
+	} else {
+		newsize = 5 * len(b.data) / 4
+	}
+	if newsize < minSize {
+		newsize = minSize
+	}
+	if (b.limitSize <= 0 || sizeHardlimit) && newsize > maxSize {
+		newsize = maxSize
+	}
+
+	// one byte slack
+	if b.limitSize > 0 && newsize > b.limitSize+1 {
+		newsize = b.limitSize + 1
+	}
+
+	if newsize <= len(b.data) {
+		return ErrFull
+	}
+
+	newdata := make([]byte, newsize)
+
+	var n int
+	if b.head <= b.tail {
+		// data was contiguous
+		n = copy(newdata, b.data[b.head:b.tail])
+	} else {
+		// data was discontiguous
+		n = copy(newdata, b.data[b.head:])
+		n += copy(newdata[n:], b.data[:b.tail])
+	}
+	b.head = 0
+	b.tail = n
+	b.data = newdata
+
+	return nil
+}
+
+// Write appends a copy of the packet data to the buffer.
+// Returns ErrFull if the packet doesn't fit.
+//
+// Note that the packet size is limited to 65536 bytes since v0.11.0 due to the internal data structure.
+func (b *Buffer) Write(packet []byte) (int, error) {
+	if len(packet) >= 0x10000 {
+		return 0, errPacketTooBig
+	}
+
+	b.mutex.Lock()
+
+	if b.closed {
+		b.mutex.Unlock()
+		return 0, io.ErrClosedPipe
+	}
+
+	if (b.limitCount > 0 && b.count >= b.limitCount) ||
+		(b.limitSize > 0 && b.size()+2+len(packet) > b.limitSize) {
+		b.mutex.Unlock()
+		return 0, ErrFull
+	}
+
+	// grow the buffer until the packet fits
+	for !b.available(len(packet)) {
+		err := b.grow()
+		if err != nil {
+			b.mutex.Unlock()
+			return 0, err
+		}
+	}
+
+	var notify chan struct{}
+
+	if b.subs {
+		// readers are waiting.  Prepare to notify, but only
+		// actually do it after we release the lock.
+		notify = b.notify
+		b.notify = make(chan struct{})
+		b.subs = false
+	}
+
+	// store the length of the packet
+	b.data[b.tail] = uint8(len(packet) >> 8)
+	b.tail++
+	if b.tail >= len(b.data) {
+		b.tail = 0
+	}
+	b.data[b.tail] = uint8(len(packet))
+	b.tail++
+	if b.tail >= len(b.data) {
+		b.tail = 0
+	}
+
+	// store the packet
+	n := copy(b.data[b.tail:], packet)
+	b.tail += n
+	if b.tail >= len(b.data) {
+		// we reached the end, wrap around
+		m := copy(b.data, packet[n:])
+		b.tail = m
+	}
+	b.count++
+	b.mutex.Unlock()
+
+	if notify != nil {
+		close(notify)
+	}
+
+	return len(packet), nil
+}
+
+// Read populates the given byte slice, returning the number of bytes read.
+// Blocks until data is available or the buffer is closed.
+// Returns io.ErrShortBuffer is the packet is too small to copy the Write.
+// Returns io.EOF if the buffer is closed.
+func (b *Buffer) Read(packet []byte) (n int, err error) {
+	// Return immediately if the deadline is already exceeded.
+	select {
+	case <-b.readDeadline.Done():
+		return 0, &netError{ErrTimeout, true, true}
+	default:
+	}
+
+	for {
+		b.mutex.Lock()
+
+		if b.head != b.tail {
+			// decode the packet size
+			n1 := b.data[b.head]
+			b.head++
+			if b.head >= len(b.data) {
+				b.head = 0
+			}
+			n2 := b.data[b.head]
+			b.head++
+			if b.head >= len(b.data) {
+				b.head = 0
+			}
+			count := int((uint16(n1) << 8) | uint16(n2))
+
+			// determine the number of bytes we'll actually copy
+			copied := count
+			if copied > len(packet) {
+				copied = len(packet)
+			}
+
+			// copy the data
+			if b.head+copied < len(b.data) {
+				copy(packet, b.data[b.head:b.head+copied])
+			} else {
+				k := copy(packet, b.data[b.head:])
+				copy(packet[k:], b.data[:copied-k])
+			}
+
+			// advance head, discarding any data that wasn't copied
+			b.head += count
+			if b.head >= len(b.data) {
+				b.head -= len(b.data)
+			}
+
+			if b.head == b.tail {
+				// the buffer is empty, reset to beginning
+				// in order to improve cache locality.
+				b.head = 0
+				b.tail = 0
+			}
+
+			b.count--
+
+			b.mutex.Unlock()
+
+			if copied < count {
+				return copied, io.ErrShortBuffer
+			}
+			return copied, nil
+		}
+
+		if b.closed {
+			b.mutex.Unlock()
+			return 0, io.EOF
+		}
+
+		notify := b.notify
+		b.subs = true
+		b.mutex.Unlock()
+
+		select {
+		case <-b.readDeadline.Done():
+			return 0, &netError{ErrTimeout, true, true}
+		case <-notify:
+		}
+	}
+}
+
+// Close the buffer, unblocking any pending reads.
+// Data in the buffer can still be read, Read will return io.EOF only when empty.
+func (b *Buffer) Close() (err error) {
+	b.mutex.Lock()
+
+	if b.closed {
+		b.mutex.Unlock()
+		return nil
+	}
+
+	notify := b.notify
+	b.closed = true
+
+	b.mutex.Unlock()
+
+	close(notify)
+
+	return nil
+}
+
+// Count returns the number of packets in the buffer.
+func (b *Buffer) Count() int {
+	b.mutex.Lock()
+	defer b.mutex.Unlock()
+	return b.count
+}
+
+// SetLimitCount controls the maximum number of packets that can be buffered.
+// Causes Write to return ErrFull when this limit is reached.
+// A zero value will disable this limit.
+func (b *Buffer) SetLimitCount(limit int) {
+	b.mutex.Lock()
+	defer b.mutex.Unlock()
+
+	b.limitCount = limit
+}
+
+// Size returns the total byte size of packets in the buffer, including
+// a small amount of administrative overhead.
+func (b *Buffer) Size() int {
+	b.mutex.Lock()
+	defer b.mutex.Unlock()
+
+	return b.size()
+}
+
+func (b *Buffer) size() int {
+	size := b.tail - b.head
+	if size < 0 {
+		size += len(b.data)
+	}
+	return size
+}
+
+// SetLimitSize controls the maximum number of bytes that can be buffered.
+// Causes Write to return ErrFull when this limit is reached.
+// A zero value means 4MB since v0.11.0.
+//
+// User can set packetioSizeHardlimit build tag to enable 4MB hardlimit.
+// When packetioSizeHardlimit build tag is set, SetLimitSize exceeding
+// the hardlimit will be silently discarded.
+func (b *Buffer) SetLimitSize(limit int) {
+	b.mutex.Lock()
+	defer b.mutex.Unlock()
+
+	b.limitSize = limit
+}
+
+// SetReadDeadline sets the deadline for the Read operation.
+// Setting to zero means no deadline.
+func (b *Buffer) SetReadDeadline(t time.Time) error {
+	b.readDeadline.Set(t)
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/packetio/errors.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/packetio/errors.go
new file mode 100644
index 000000000..06f1b9d98
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/packetio/errors.go
@@ -0,0 +1,27 @@
+package packetio
+
+import (
+	"errors"
+)
+
+// netError implements net.Error
+type netError struct {
+	error
+	timeout, temporary bool
+}
+
+func (e *netError) Timeout() bool {
+	return e.timeout
+}
+
+func (e *netError) Temporary() bool {
+	return e.temporary
+}
+
+var (
+	// ErrFull is returned when the buffer has hit the configured limits.
+	ErrFull = errors.New("packetio.Buffer is full, discarding write")
+
+	// ErrTimeout is returned when a deadline has expired
+	ErrTimeout = errors.New("i/o timeout")
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/packetio/hardlimit.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/packetio/hardlimit.go
new file mode 100644
index 000000000..5ddacc733
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/packetio/hardlimit.go
@@ -0,0 +1,5 @@
+// +build packetioSizeHardlimit
+
+package packetio
+
+const sizeHardlimit = true
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/packetio/no_hardlimit.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/packetio/no_hardlimit.go
new file mode 100644
index 000000000..55ea30865
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/packetio/no_hardlimit.go
@@ -0,0 +1,5 @@
+// +build !packetioSizeHardlimit
+
+package packetio
+
+const sizeHardlimit = false
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/replaydetector/fixedbig.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/replaydetector/fixedbig.go
new file mode 100644
index 000000000..a571a1aad
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/replaydetector/fixedbig.go
@@ -0,0 +1,78 @@
+package replaydetector
+
+import (
+	"fmt"
+)
+
+// fixedBigInt is the fix-sized multi-word integer.
+type fixedBigInt struct {
+	bits    []uint64
+	n       uint
+	msbMask uint64
+}
+
+// newFixedBigInt creates a new fix-sized multi-word int.
+func newFixedBigInt(n uint) *fixedBigInt {
+	chunkSize := (n + 63) / 64
+	if chunkSize == 0 {
+		chunkSize = 1
+	}
+	return &fixedBigInt{
+		bits:    make([]uint64, chunkSize),
+		n:       n,
+		msbMask: (1 << (64 - n%64)) - 1,
+	}
+}
+
+// Lsh is the left shift operation.
+func (s *fixedBigInt) Lsh(n uint) {
+	if n == 0 {
+		return
+	}
+	nChunk := int(n / 64)
+	nN := n % 64
+
+	for i := len(s.bits) - 1; i >= 0; i-- {
+		var carry uint64
+		if i-nChunk >= 0 {
+			carry = s.bits[i-nChunk] << nN
+			if i-nChunk-1 >= 0 {
+				carry |= s.bits[i-nChunk-1] >> (64 - nN)
+			}
+		}
+		s.bits[i] = (s.bits[i] << n) | carry
+	}
+	s.bits[len(s.bits)-1] &= s.msbMask
+}
+
+// Bit returns i-th bit of the fixedBigInt.
+func (s *fixedBigInt) Bit(i uint) uint {
+	if i >= s.n {
+		return 0
+	}
+	chunk := i / 64
+	pos := i % 64
+	if s.bits[chunk]&(1<<pos) != 0 {
+		return 1
+	}
+	return 0
+}
+
+// SetBit sets i-th bit to 1.
+func (s *fixedBigInt) SetBit(i uint) {
+	if i >= s.n {
+		return
+	}
+	chunk := i / 64
+	pos := i % 64
+	s.bits[chunk] |= 1 << pos
+}
+
+// String returns string representation of fixedBigInt.
+func (s *fixedBigInt) String() string {
+	var out string
+	for i := len(s.bits) - 1; i >= 0; i-- {
+		out += fmt.Sprintf("%016X", s.bits[i])
+	}
+	return out
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/replaydetector/replaydetector.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/replaydetector/replaydetector.go
new file mode 100644
index 000000000..d9420022b
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/replaydetector/replaydetector.go
@@ -0,0 +1,116 @@
+// Package replaydetector provides packet replay detection algorithm.
+package replaydetector
+
+// ReplayDetector is the interface of sequence replay detector.
+type ReplayDetector interface {
+	// Check returns true if given sequence number is not replayed.
+	// Call accept() to mark the packet is received properly.
+	Check(seq uint64) (accept func(), ok bool)
+}
+
+type slidingWindowDetector struct {
+	latestSeq  uint64
+	maxSeq     uint64
+	windowSize uint
+	mask       *fixedBigInt
+}
+
+// New creates ReplayDetector.
+// Created ReplayDetector doesn't allow wrapping.
+// It can handle monotonically increasing sequence number up to
+// full 64bit number. It is suitable for DTLS replay protection.
+func New(windowSize uint, maxSeq uint64) ReplayDetector {
+	return &slidingWindowDetector{
+		maxSeq:     maxSeq,
+		windowSize: windowSize,
+		mask:       newFixedBigInt(windowSize),
+	}
+}
+
+func (d *slidingWindowDetector) Check(seq uint64) (accept func(), ok bool) {
+	if seq > d.maxSeq {
+		// Exceeded upper limit.
+		return func() {}, false
+	}
+
+	if seq <= d.latestSeq {
+		if d.latestSeq >= uint64(d.windowSize)+seq {
+			return func() {}, false
+		}
+		if d.mask.Bit(uint(d.latestSeq-seq)) != 0 {
+			// The sequence number is duplicated.
+			return func() {}, false
+		}
+	}
+
+	return func() {
+		if seq > d.latestSeq {
+			// Update the head of the window.
+			d.mask.Lsh(uint(seq - d.latestSeq))
+			d.latestSeq = seq
+		}
+		diff := (d.latestSeq - seq) % d.maxSeq
+		d.mask.SetBit(uint(diff))
+	}, true
+}
+
+// WithWrap creates ReplayDetector allowing sequence wrapping.
+// This is suitable for short bitwidth counter like SRTP and SRTCP.
+func WithWrap(windowSize uint, maxSeq uint64) ReplayDetector {
+	return &wrappedSlidingWindowDetector{
+		maxSeq:     maxSeq,
+		windowSize: windowSize,
+		mask:       newFixedBigInt(windowSize),
+	}
+}
+
+type wrappedSlidingWindowDetector struct {
+	latestSeq  uint64
+	maxSeq     uint64
+	windowSize uint
+	mask       *fixedBigInt
+	init       bool
+}
+
+func (d *wrappedSlidingWindowDetector) Check(seq uint64) (accept func(), ok bool) {
+	if seq > d.maxSeq {
+		// Exceeded upper limit.
+		return func() {}, false
+	}
+	if !d.init {
+		if seq != 0 {
+			d.latestSeq = seq - 1
+		} else {
+			d.latestSeq = d.maxSeq
+		}
+		d.init = true
+	}
+
+	diff := int64(d.latestSeq) - int64(seq)
+	// Wrap the number.
+	if diff > int64(d.maxSeq)/2 {
+		diff -= int64(d.maxSeq + 1)
+	} else if diff <= -int64(d.maxSeq)/2 {
+		diff += int64(d.maxSeq + 1)
+	}
+
+	if diff >= int64(d.windowSize) {
+		// Too old.
+		return func() {}, false
+	}
+	if diff >= 0 {
+		if d.mask.Bit(uint(diff)) != 0 {
+			// The sequence number is duplicated.
+			return func() {}, false
+		}
+	}
+
+	return func() {
+		if diff < 0 {
+			// Update the head of the window.
+			d.mask.Lsh(uint(-diff))
+			d.latestSeq = seq
+		}
+		d.mask.SetBit(uint(d.latestSeq - seq))
+	}, true
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/vnet/.gitignore b/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/vnet/.gitignore
new file mode 100644
index 000000000..d39fb86a3
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/vnet/.gitignore
@@ -0,0 +1 @@
+*.sw[poe]
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/vnet/README.md b/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/vnet/README.md
new file mode 100644
index 000000000..b502f9f8e
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/vnet/README.md
@@ -0,0 +1,239 @@
+# vnet
+A virtual network layer for pion.
+
+## Overview
+
+### Goals
+* To make NAT traversal tests easy.
+* To emulate packet impairment at application level for testing.
+* To monitor packets at specified arbitrary interfaces.
+
+### Features
+* Configurable virtual LAN and WAN
+* Virtually hosted ICE servers
+
+### Virtual network components
+
+#### Top View
+```
+                           ......................................
+                           :         Virtual Network (vnet)     :
+                           :                                    :
+   +-------+ *         1 +----+         +--------+              :
+   | :App  |------------>|:Net|--o<-----|:Router |              :
+   +-------+             +----+         |        |              :
+   +-----------+ *     1 +----+         |        |              :
+   |:STUNServer|-------->|:Net|--o<-----|        |              :
+   +-----------+         +----+         |        |              :
+   +-----------+ *     1 +----+         |        |              :
+   |:TURNServer|-------->|:Net|--o<-----|        |              :
+   +-----------+         +----+ [1]     |        |              :
+                           :          1 |        | 1  <<has>>   :
+                           :      +---<>|        |<>----+ [2]   :
+                           :      |     +--------+      |       :
+                         To form  |      *|             v 0..1  :
+                   a subnet tree  |       o [3]      +-----+    :
+                           :      |       ^          |:NAT |    :
+                           :      |       |          +-----+    :
+                           :      +-------+                     :
+                           ......................................
+    Note:
+        o: NIC (Netork Interface Controller)
+      [1]: Net implments NIC interface.
+      [2]: Root router has no NAT. All child routers have a NAT always.
+      [3]: Router implements NIC interface for accesses from the
+           parent router.
+```
+
+#### Net
+Net provides 3 interfaces:
+* Configuration API (direct)
+* Network API via Net (equivalent to net.Xxx())
+* Router access via NIC interface
+```
+                   (Pion module/app, ICE servers, etc.)
+                             +-----------+
+                             |   :App    |
+                             +-----------+
+                                 * | 
+                                   | <<uses>>
+                                 1 v
+   +---------+ 1           * +-----------+ 1    * +-----------+ 1    * +------+
+ ..| :Router |----+------>o--|   :Net    |<>------|:Interface |<>------|:Addr |
+   +---------+    |      NIC +-----------+        +-----------+        +------+
+                  | <<interface>>               (vnet.Interface)      (net.Addr)
+                  |
+                  |        * +-----------+ 1    * +-----------+ 1    * +------+
+                  +------>o--|  :Router  |<>------|:Interface |<>------|:Addr |
+                         NIC +-----------+        +-----------+        +------+
+                    <<interface>>               (vnet.Interface)      (net.Addr)
+```
+
+> The instance of `Net` will be the one passed around the project.
+> Net class has public methods for configuration and for application use.
+
+
+## Implementation
+
+### Design Policy
+* Each pion package should have config object which has `Net` (of type vnet.Net) property. (just like how
+        we distribute `LoggerFactory` throughout the pion project.
+* DNS => a simple dictionary (global)?
+* Each Net has routing capability (a goroutine)
+* Use interface provided net package as much as possible
+* Routers are connected in a tree structure (no loop is allowed)
+   - To simplify routing
+   - Easy to control / monitor (stats, etc)
+* Root router has no NAT (== Internet / WAN)
+* Non-root router has a NAT always
+* When a Net is instantiated, it will automatically add `lo0` and `eth0` interface, and `lo0` will
+have one IP address, 127.0.0.1. (this is not used in pion/ice, however)
+* When a Net is added to a router, the router automatically assign an IP address for `eth0`
+interface.
+   - For simplicity
+* User data won't fragment, but optionally drop chunk larger than MTU
+* IPv6 is not supported
+
+### Basic steps for setting up virtual network
+1. Create a root router (WAN)
+1. Create child routers and add to its parent (forms a tree, don't create a loop!)
+1. Add instances of Net to each routers
+1. Call Stop(), or Stop(), on the top router, which propages all other routers
+
+#### Example: WAN with one endpoint (vnet)
+```go
+import (
+	"net"
+
+	"github.com/pion/transport/vnet"
+	"github.com/pion/logging"
+)
+
+// Create WAN (a root router).
+wan, err := vnet.NewRouter(&RouterConfig{
+    CIDR:          "0.0.0.0/0",
+    LoggerFactory: logging.NewDefaultLoggerFactory(),
+})
+
+// Create a network.
+// You can specify a static IP for the instance of Net to use. If not specified,
+// router will assign an IP address that is contained in the router's CIDR.
+nw := vnet.NewNet(&vnet.NetConfig{
+    StaticIP: "27.1.2.3",
+})
+
+// Add the network to the router.
+// The router will assign an IP address to `nw`.
+if err = wan.AddNet(nw); err != nil {
+    // handle error
+}
+
+// Start router.
+// This will start internal goroutine to route packets.
+// If you set child routers (using AddRouter), the call on the root router
+// will start the rest of routers for you.
+if err = wan.Start(); err != nil {
+    // handle error
+}
+
+//
+// Your application runs here using `nw`.
+//
+
+// Stop the router.
+// This will stop all internal goroutines in the router tree.
+// (No need to call Stop() on child routers)
+if err = wan.Stop(); err != nil {
+    // handle error
+}
+```
+
+#### Example of how to pass around the instance of vnet.Net
+The instance of vnet.Net wraps a subset of net package to enable operations
+on the virtual network. Your project must be able to pass the instance to
+all your routines that do network operation with net package. A typical way
+is to use a config param to create your instances with the virtual network
+instance (`nw` in the above example) like this:
+
+```go
+type AgentConfig struct {
+    :
+    Net:  *vnet.Net,
+}
+
+type Agent struct {
+     :
+    net:  *vnet.Net,
+}
+
+func NetAgent(config *AgentConfig) *Agent {
+    if config.Net == nil {
+        config.Net = vnet.NewNet(nil) // defaults to native operation
+    }
+    
+    return &Agent {
+         :
+        net: config.Net,
+    }
+}
+```
+
+```go
+// a.net is the instance of vnet.Net class
+func (a *Agent) listenUDP(...) error {
+    conn, err := a.net.ListenPacket(udpString, ...)
+    if err != nil {
+        return nil, err
+    }
+      :
+}
+```
+
+
+### Compatibility and Support Status
+
+|`net`<br>(built-in)|`vnet`|Note|
+|---|---|---|
+|net.Interfaces()|a.net.Interfaces()||
+|net.InterfaceByName()|a.net.InterfaceByName()||
+|net.ResolveUDPAddr()|a.net.ResolveUDPAddr()||
+|net.ListenPacket()|a.net.ListenPacket()||
+|net.ListenUDP()|a.net.ListenUDP()|(ListenPacket() is recommended)|
+|net.Listen()|a.net.Listen()|(TODO)|
+|net.ListenTCP()|(not supported)|(Listen() would be recommended)|
+|net.Dial()|a.net.Dial()||
+|net.DialUDP()|a.net.DialUDP()||
+|net.DialTCP()|(not supported)||
+|net.Interface|vnet.Interface||
+|net.PacketConn|(use it as-is)||
+|net.UDPConn|vnet.UDPConn|Use vnet.UDPPacketConn in your code|
+|net.TCPConn|vnet.TCPConn|(TODO)|Use net.Conn in your code|
+|net.Dialer|vnet.Dialer|Use a.net.CreateDialer() to create it.<br>The use of vnet.Dialer is currently experimental.|
+
+> `a.net` is an instance of Net class, and types are defined under the package name `vnet`
+
+> Most of other `interface` types in net package can be used as is.
+
+> Please post a github issue when other types/methods need to be added to vnet/vnet.Net.
+
+## TODO / Next Step
+* Implement TCP (TCPConn, Listen)
+* Support of IPv6
+* Write a bunch of examples for building virtual networks.
+* Add network impairment features (on Router)
+  - Introduce lantecy / jitter
+  - Packet filtering handler (allow selectively drop packets, etc.)
+* Add statistics data retrieval
+  - Total number of packets forward by each router
+  - Total number of packet loss
+  - Total number of connection failure (TCP)
+
+## References
+* [Comparing Simulated Packet Loss and RealWorld Network Congestion](https://www.riverbed.com/document/fpo/WhitePaper-Riverbed-SimulatedPacketLoss.pdf)
+
+### Code experiments
+* [CIDR and IPMask](https://play.golang.org/p/B7OBhkZqjmj)
+* [Test with net.IP](https://play.golang.org/p/AgXd23wKY4W)
+* [ListenPacket](https://play.golang.org/p/d4vasbnRimQ)
+* [isDottedIP()](https://play.golang.org/p/t4aZ47TgJfO)
+* [SplitHostPort](https://play.golang.org/p/JtvurlcMbhn)
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/vnet/chunk.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/vnet/chunk.go
new file mode 100644
index 000000000..7a87a2fd7
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/vnet/chunk.go
@@ -0,0 +1,283 @@
+package vnet
+
+import (
+	"fmt"
+	"net"
+	"strconv"
+	"strings"
+	"sync/atomic"
+	"time"
+)
+
+type tcpFlag uint8
+
+const (
+	tcpFIN tcpFlag = 0x01
+	tcpSYN tcpFlag = 0x02
+	tcpRST tcpFlag = 0x04
+	tcpPSH tcpFlag = 0x08
+	tcpACK tcpFlag = 0x10
+)
+
+func (f tcpFlag) String() string {
+	var sa []string
+	if f&tcpFIN != 0 {
+		sa = append(sa, "FIN")
+	}
+	if f&tcpSYN != 0 {
+		sa = append(sa, "SYN")
+	}
+	if f&tcpRST != 0 {
+		sa = append(sa, "RST")
+	}
+	if f&tcpPSH != 0 {
+		sa = append(sa, "PSH")
+	}
+	if f&tcpACK != 0 {
+		sa = append(sa, "ACK")
+	}
+
+	return strings.Join(sa, "-")
+}
+
+// Generate a base36-encoded unique tag
+// See: https://play.golang.org/p/0ZaAID1q-HN
+var assignChunkTag = func() func() string { //nolint:gochecknoglobals
+	var tagCtr uint64
+
+	return func() string {
+		n := atomic.AddUint64(&tagCtr, 1)
+		return strconv.FormatUint(n, 36)
+	}
+}()
+
+// Chunk represents a packet passed around in the vnet
+type Chunk interface {
+	setTimestamp() time.Time                 // used by router
+	getTimestamp() time.Time                 // used by router
+	getSourceIP() net.IP                     // used by router
+	getDestinationIP() net.IP                // used by router
+	setSourceAddr(address string) error      // used by nat
+	setDestinationAddr(address string) error // used by nat
+
+	SourceAddr() net.Addr
+	DestinationAddr() net.Addr
+	UserData() []byte
+	Tag() string
+	Clone() Chunk
+	Network() string // returns "udp" or "tcp"
+	String() string
+}
+
+type chunkIP struct {
+	timestamp     time.Time
+	sourceIP      net.IP
+	destinationIP net.IP
+	tag           string
+}
+
+func (c *chunkIP) setTimestamp() time.Time {
+	c.timestamp = time.Now()
+	return c.timestamp
+}
+
+func (c *chunkIP) getTimestamp() time.Time {
+	return c.timestamp
+}
+
+func (c *chunkIP) getDestinationIP() net.IP {
+	return c.destinationIP
+}
+
+func (c *chunkIP) getSourceIP() net.IP {
+	return c.sourceIP
+}
+
+func (c *chunkIP) Tag() string {
+	return c.tag
+}
+
+type chunkUDP struct {
+	chunkIP
+	sourcePort      int
+	destinationPort int
+	userData        []byte
+}
+
+func newChunkUDP(srcAddr, dstAddr *net.UDPAddr) *chunkUDP {
+	return &chunkUDP{
+		chunkIP: chunkIP{
+			sourceIP:      srcAddr.IP,
+			destinationIP: dstAddr.IP,
+			tag:           assignChunkTag(),
+		},
+		sourcePort:      srcAddr.Port,
+		destinationPort: dstAddr.Port,
+	}
+}
+
+func (c *chunkUDP) SourceAddr() net.Addr {
+	return &net.UDPAddr{
+		IP:   c.sourceIP,
+		Port: c.sourcePort,
+	}
+}
+
+func (c *chunkUDP) DestinationAddr() net.Addr {
+	return &net.UDPAddr{
+		IP:   c.destinationIP,
+		Port: c.destinationPort,
+	}
+}
+
+func (c *chunkUDP) UserData() []byte {
+	return c.userData
+}
+
+func (c *chunkUDP) Clone() Chunk {
+	var userData []byte
+	if c.userData != nil {
+		userData = make([]byte, len(c.userData))
+		copy(userData, c.userData)
+	}
+
+	return &chunkUDP{
+		chunkIP: chunkIP{
+			timestamp:     c.timestamp,
+			sourceIP:      c.sourceIP,
+			destinationIP: c.destinationIP,
+			tag:           c.tag,
+		},
+		sourcePort:      c.sourcePort,
+		destinationPort: c.destinationPort,
+		userData:        userData,
+	}
+}
+
+func (c *chunkUDP) Network() string {
+	return udpString
+}
+
+func (c *chunkUDP) String() string {
+	src := c.SourceAddr()
+	dst := c.DestinationAddr()
+	return fmt.Sprintf("%s chunk %s %s => %s",
+		src.Network(),
+		c.tag,
+		src.String(),
+		dst.String(),
+	)
+}
+
+func (c *chunkUDP) setSourceAddr(address string) error {
+	addr, err := net.ResolveUDPAddr(udpString, address)
+	if err != nil {
+		return err
+	}
+	c.sourceIP = addr.IP
+	c.sourcePort = addr.Port
+	return nil
+}
+
+func (c *chunkUDP) setDestinationAddr(address string) error {
+	addr, err := net.ResolveUDPAddr(udpString, address)
+	if err != nil {
+		return err
+	}
+	c.destinationIP = addr.IP
+	c.destinationPort = addr.Port
+	return nil
+}
+
+type chunkTCP struct {
+	chunkIP
+	sourcePort      int
+	destinationPort int
+	flags           tcpFlag // control bits
+	userData        []byte  // only with PSH flag
+	// seq             uint32  // always starts with 0
+	// ack             uint32  // always starts with 0
+}
+
+func newChunkTCP(srcAddr, dstAddr *net.TCPAddr, flags tcpFlag) *chunkTCP {
+	return &chunkTCP{
+		chunkIP: chunkIP{
+			sourceIP:      srcAddr.IP,
+			destinationIP: dstAddr.IP,
+			tag:           assignChunkTag(),
+		},
+		sourcePort:      srcAddr.Port,
+		destinationPort: dstAddr.Port,
+		flags:           flags,
+	}
+}
+
+func (c *chunkTCP) SourceAddr() net.Addr {
+	return &net.TCPAddr{
+		IP:   c.sourceIP,
+		Port: c.sourcePort,
+	}
+}
+
+func (c *chunkTCP) DestinationAddr() net.Addr {
+	return &net.TCPAddr{
+		IP:   c.destinationIP,
+		Port: c.destinationPort,
+	}
+}
+
+func (c *chunkTCP) UserData() []byte {
+	return c.userData
+}
+
+func (c *chunkTCP) Clone() Chunk {
+	userData := make([]byte, len(c.userData))
+	copy(userData, c.userData)
+
+	return &chunkTCP{
+		chunkIP: chunkIP{
+			timestamp:     c.timestamp,
+			sourceIP:      c.sourceIP,
+			destinationIP: c.destinationIP,
+		},
+		sourcePort:      c.sourcePort,
+		destinationPort: c.destinationPort,
+		userData:        userData,
+	}
+}
+
+func (c *chunkTCP) Network() string {
+	return "tcp"
+}
+
+func (c *chunkTCP) String() string {
+	src := c.SourceAddr()
+	dst := c.DestinationAddr()
+	return fmt.Sprintf("%s %s chunk %s %s => %s",
+		src.Network(),
+		c.flags.String(),
+		c.tag,
+		src.String(),
+		dst.String(),
+	)
+}
+
+func (c *chunkTCP) setSourceAddr(address string) error {
+	addr, err := net.ResolveTCPAddr("tcp", address)
+	if err != nil {
+		return err
+	}
+	c.sourceIP = addr.IP
+	c.sourcePort = addr.Port
+	return nil
+}
+
+func (c *chunkTCP) setDestinationAddr(address string) error {
+	addr, err := net.ResolveTCPAddr("tcp", address)
+	if err != nil {
+		return err
+	}
+	c.destinationIP = addr.IP
+	c.destinationPort = addr.Port
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/vnet/chunk_queue.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/vnet/chunk_queue.go
new file mode 100644
index 000000000..7b2446224
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/vnet/chunk_queue.go
@@ -0,0 +1,52 @@
+package vnet
+
+import (
+	"sync"
+)
+
+type chunkQueue struct {
+	chunks  []Chunk
+	maxSize int // 0 or negative value: unlimited
+	mutex   sync.RWMutex
+}
+
+func newChunkQueue(maxSize int) *chunkQueue {
+	return &chunkQueue{maxSize: maxSize}
+}
+
+func (q *chunkQueue) push(c Chunk) bool {
+	q.mutex.Lock()
+	defer q.mutex.Unlock()
+
+	if q.maxSize > 0 && len(q.chunks) >= q.maxSize {
+		return false // dropped
+	}
+
+	q.chunks = append(q.chunks, c)
+	return true
+}
+
+func (q *chunkQueue) pop() (Chunk, bool) {
+	q.mutex.Lock()
+	defer q.mutex.Unlock()
+
+	if len(q.chunks) == 0 {
+		return nil, false
+	}
+
+	c := q.chunks[0]
+	q.chunks = q.chunks[1:]
+
+	return c, true
+}
+
+func (q *chunkQueue) peek() Chunk {
+	q.mutex.RLock()
+	defer q.mutex.RUnlock()
+
+	if len(q.chunks) == 0 {
+		return nil
+	}
+
+	return q.chunks[0]
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/vnet/conn.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/vnet/conn.go
new file mode 100644
index 000000000..f4b8b9290
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/vnet/conn.go
@@ -0,0 +1,246 @@
+package vnet
+
+import (
+	"errors"
+	"io"
+	"math"
+	"net"
+	"sync"
+	"time"
+)
+
+const (
+	maxReadQueueSize = 1024
+)
+
+var (
+	errObsCannotBeNil       = errors.New("obs cannot be nil")
+	errUseClosedNetworkConn = errors.New("use of closed network connection")
+	errAddrNotUDPAddr       = errors.New("addr is not a net.UDPAddr")
+	errLocAddr              = errors.New("something went wrong with locAddr")
+	errAlreadyClosed        = errors.New("already closed")
+	errNoRemAddr            = errors.New("no remAddr defined")
+)
+
+// UDPPacketConn is packet-oriented connection for UDP.
+type UDPPacketConn interface {
+	net.PacketConn
+	Read(b []byte) (int, error)
+	RemoteAddr() net.Addr
+	Write(b []byte) (int, error)
+}
+
+// vNet implements this
+type connObserver interface {
+	write(c Chunk) error
+	onClosed(addr net.Addr)
+	determineSourceIP(locIP, dstIP net.IP) net.IP
+}
+
+// UDPConn is the implementation of the Conn and PacketConn interfaces for UDP network connections.
+// comatible with net.PacketConn and net.Conn
+type UDPConn struct {
+	locAddr   *net.UDPAddr // read-only
+	remAddr   *net.UDPAddr // read-only
+	obs       connObserver // read-only
+	readCh    chan Chunk   // thread-safe
+	closed    bool         // requires mutex
+	mu        sync.Mutex   // to mutex closed flag
+	readTimer *time.Timer  // thread-safe
+}
+
+func newUDPConn(locAddr, remAddr *net.UDPAddr, obs connObserver) (*UDPConn, error) {
+	if obs == nil {
+		return nil, errObsCannotBeNil
+	}
+
+	return &UDPConn{
+		locAddr:   locAddr,
+		remAddr:   remAddr,
+		obs:       obs,
+		readCh:    make(chan Chunk, maxReadQueueSize),
+		readTimer: time.NewTimer(time.Duration(math.MaxInt64)),
+	}, nil
+}
+
+// ReadFrom reads a packet from the connection,
+// copying the payload into p. It returns the number of
+// bytes copied into p and the return address that
+// was on the packet.
+// It returns the number of bytes read (0 <= n <= len(p))
+// and any error encountered. Callers should always process
+// the n > 0 bytes returned before considering the error err.
+// ReadFrom can be made to time out and return
+// an Error with Timeout() == true after a fixed time limit;
+// see SetDeadline and SetReadDeadline.
+func (c *UDPConn) ReadFrom(p []byte) (n int, addr net.Addr, err error) {
+loop:
+	for {
+		select {
+		case chunk, ok := <-c.readCh:
+			if !ok {
+				break loop
+			}
+			var err error
+			n := copy(p, chunk.UserData())
+			addr := chunk.SourceAddr()
+			if n < len(chunk.UserData()) {
+				err = io.ErrShortBuffer
+			}
+
+			if c.remAddr != nil {
+				if addr.String() != c.remAddr.String() {
+					break // discard (shouldn't happen)
+				}
+			}
+			return n, addr, err
+
+		case <-c.readTimer.C:
+			return 0, nil, &net.OpError{
+				Op:   "read",
+				Net:  c.locAddr.Network(),
+				Addr: c.locAddr,
+				Err:  newTimeoutError("i/o timeout"),
+			}
+		}
+	}
+
+	return 0, nil, &net.OpError{
+		Op:   "read",
+		Net:  c.locAddr.Network(),
+		Addr: c.locAddr,
+		Err:  errUseClosedNetworkConn,
+	}
+}
+
+// WriteTo writes a packet with payload p to addr.
+// WriteTo can be made to time out and return
+// an Error with Timeout() == true after a fixed time limit;
+// see SetDeadline and SetWriteDeadline.
+// On packet-oriented connections, write timeouts are rare.
+func (c *UDPConn) WriteTo(p []byte, addr net.Addr) (n int, err error) {
+	dstAddr, ok := addr.(*net.UDPAddr)
+	if !ok {
+		return 0, errAddrNotUDPAddr
+	}
+
+	srcIP := c.obs.determineSourceIP(c.locAddr.IP, dstAddr.IP)
+	if srcIP == nil {
+		return 0, errLocAddr
+	}
+	srcAddr := &net.UDPAddr{
+		IP:   srcIP,
+		Port: c.locAddr.Port,
+	}
+
+	chunk := newChunkUDP(srcAddr, dstAddr)
+	chunk.userData = make([]byte, len(p))
+	copy(chunk.userData, p)
+	if err := c.obs.write(chunk); err != nil {
+		return 0, err
+	}
+	return len(p), nil
+}
+
+// Close closes the connection.
+// Any blocked ReadFrom or WriteTo operations will be unblocked and return errors.
+func (c *UDPConn) Close() error {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+
+	if c.closed {
+		return errAlreadyClosed
+	}
+	c.closed = true
+	close(c.readCh)
+
+	c.obs.onClosed(c.locAddr)
+	return nil
+}
+
+// LocalAddr returns the local network address.
+func (c *UDPConn) LocalAddr() net.Addr {
+	return c.locAddr
+}
+
+// SetDeadline sets the read and write deadlines associated
+// with the connection. It is equivalent to calling both
+// SetReadDeadline and SetWriteDeadline.
+//
+// A deadline is an absolute time after which I/O operations
+// fail with a timeout (see type Error) instead of
+// blocking. The deadline applies to all future and pending
+// I/O, not just the immediately following call to ReadFrom or
+// WriteTo. After a deadline has been exceeded, the connection
+// can be refreshed by setting a deadline in the future.
+//
+// An idle timeout can be implemented by repeatedly extending
+// the deadline after successful ReadFrom or WriteTo calls.
+//
+// A zero value for t means I/O operations will not time out.
+func (c *UDPConn) SetDeadline(t time.Time) error {
+	return c.SetReadDeadline(t)
+}
+
+// SetReadDeadline sets the deadline for future ReadFrom calls
+// and any currently-blocked ReadFrom call.
+// A zero value for t means ReadFrom will not time out.
+func (c *UDPConn) SetReadDeadline(t time.Time) error {
+	var d time.Duration
+	var noDeadline time.Time
+	if t == noDeadline {
+		d = time.Duration(math.MaxInt64)
+	} else {
+		d = time.Until(t)
+	}
+	c.readTimer.Reset(d)
+	return nil
+}
+
+// SetWriteDeadline sets the deadline for future WriteTo calls
+// and any currently-blocked WriteTo call.
+// Even if write times out, it may return n > 0, indicating that
+// some of the data was successfully written.
+// A zero value for t means WriteTo will not time out.
+func (c *UDPConn) SetWriteDeadline(t time.Time) error {
+	// Write never blocks.
+	return nil
+}
+
+// Read reads data from the connection.
+// Read can be made to time out and return an Error with Timeout() == true
+// after a fixed time limit; see SetDeadline and SetReadDeadline.
+func (c *UDPConn) Read(b []byte) (int, error) {
+	n, _, err := c.ReadFrom(b)
+	return n, err
+}
+
+// RemoteAddr returns the remote network address.
+func (c *UDPConn) RemoteAddr() net.Addr {
+	return c.remAddr
+}
+
+// Write writes data to the connection.
+// Write can be made to time out and return an Error with Timeout() == true
+// after a fixed time limit; see SetDeadline and SetWriteDeadline.
+func (c *UDPConn) Write(b []byte) (int, error) {
+	if c.remAddr == nil {
+		return 0, errNoRemAddr
+	}
+
+	return c.WriteTo(b, c.remAddr)
+}
+
+func (c *UDPConn) onInboundChunk(chunk Chunk) {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+
+	if c.closed {
+		return
+	}
+
+	select {
+	case c.readCh <- chunk:
+	default:
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/vnet/conn_map.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/vnet/conn_map.go
new file mode 100644
index 000000000..d52818d27
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/vnet/conn_map.go
@@ -0,0 +1,136 @@
+package vnet
+
+import (
+	"errors"
+	"net"
+	"sync"
+)
+
+var (
+	errAddressAlreadyInUse       = errors.New("address already in use")
+	errNoSuchUDPConn             = errors.New("no such UDPConn")
+	errCannotRemoveUnspecifiedIP = errors.New("cannot remove unspecified IP by the specified IP")
+)
+
+type udpConnMap struct {
+	portMap map[int][]*UDPConn
+	mutex   sync.RWMutex
+}
+
+func newUDPConnMap() *udpConnMap {
+	return &udpConnMap{
+		portMap: map[int][]*UDPConn{},
+	}
+}
+
+func (m *udpConnMap) insert(conn *UDPConn) error {
+	m.mutex.Lock()
+	defer m.mutex.Unlock()
+
+	udpAddr := conn.LocalAddr().(*net.UDPAddr)
+
+	// check if the port has a listener
+	conns, ok := m.portMap[udpAddr.Port]
+	if ok {
+		if udpAddr.IP.IsUnspecified() {
+			return errAddressAlreadyInUse
+		}
+
+		for _, conn := range conns {
+			laddr := conn.LocalAddr().(*net.UDPAddr)
+			if laddr.IP.IsUnspecified() || laddr.IP.Equal(udpAddr.IP) {
+				return errAddressAlreadyInUse
+			}
+		}
+
+		conns = append(conns, conn)
+	} else {
+		conns = []*UDPConn{conn}
+	}
+
+	m.portMap[udpAddr.Port] = conns
+	return nil
+}
+
+func (m *udpConnMap) find(addr net.Addr) (*UDPConn, bool) {
+	m.mutex.Lock() // could be RLock, but we have delete() op
+	defer m.mutex.Unlock()
+
+	udpAddr := addr.(*net.UDPAddr)
+
+	if conns, ok := m.portMap[udpAddr.Port]; ok {
+		if udpAddr.IP.IsUnspecified() {
+			// pick the first one appears in the iteration
+			if len(conns) == 0 {
+				// This can't happen!
+				delete(m.portMap, udpAddr.Port)
+				return nil, false
+			}
+			return conns[0], true
+		}
+
+		for _, conn := range conns {
+			laddr := conn.LocalAddr().(*net.UDPAddr)
+			if laddr.IP.IsUnspecified() || laddr.IP.Equal(udpAddr.IP) {
+				return conn, ok
+			}
+		}
+	}
+
+	return nil, false
+}
+
+func (m *udpConnMap) delete(addr net.Addr) error {
+	m.mutex.Lock()
+	defer m.mutex.Unlock()
+
+	udpAddr := addr.(*net.UDPAddr)
+
+	conns, ok := m.portMap[udpAddr.Port]
+	if !ok {
+		return errNoSuchUDPConn
+	}
+
+	if udpAddr.IP.IsUnspecified() {
+		// remove all from this port
+		delete(m.portMap, udpAddr.Port)
+		return nil
+	}
+
+	newConns := []*UDPConn{}
+
+	for _, conn := range conns {
+		laddr := conn.LocalAddr().(*net.UDPAddr)
+		if laddr.IP.IsUnspecified() {
+			// This can't happen!
+			return errCannotRemoveUnspecifiedIP
+		}
+
+		if laddr.IP.Equal(udpAddr.IP) {
+			continue
+		}
+
+		newConns = append(newConns, conn)
+	}
+
+	if len(newConns) == 0 {
+		delete(m.portMap, udpAddr.Port)
+	} else {
+		m.portMap[udpAddr.Port] = newConns
+	}
+
+	return nil
+}
+
+// size returns the number of UDPConns (UDP listeners)
+func (m *udpConnMap) size() int {
+	m.mutex.RLock()
+	defer m.mutex.RUnlock()
+
+	n := 0
+	for _, conns := range m.portMap {
+		n += len(conns)
+	}
+
+	return n
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/vnet/errors.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/vnet/errors.go
new file mode 100644
index 000000000..d0e9394f5
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/vnet/errors.go
@@ -0,0 +1,19 @@
+package vnet
+
+type timeoutError struct {
+	msg string
+}
+
+func newTimeoutError(msg string) error {
+	return &timeoutError{
+		msg: msg,
+	}
+}
+
+func (e *timeoutError) Error() string {
+	return e.msg
+}
+
+func (e *timeoutError) Timeout() bool {
+	return true
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/vnet/interface.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/vnet/interface.go
new file mode 100644
index 000000000..ec80c0b78
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/vnet/interface.go
@@ -0,0 +1,40 @@
+package vnet
+
+import (
+	"errors"
+	"net"
+)
+
+var errNoAddressAssigned = errors.New("no address assigned")
+
+// See: https://play.golang.org/p/nBO9KGYEziv
+
+// InterfaceBase ...
+type InterfaceBase net.Interface
+
+// Interface ...
+type Interface struct {
+	InterfaceBase
+	addrs []net.Addr
+}
+
+// NewInterface ...
+func NewInterface(ifc net.Interface) *Interface {
+	return &Interface{
+		InterfaceBase: InterfaceBase(ifc),
+		addrs:         nil,
+	}
+}
+
+// AddAddr ...
+func (ifc *Interface) AddAddr(addr net.Addr) {
+	ifc.addrs = append(ifc.addrs, addr)
+}
+
+// Addrs ...
+func (ifc *Interface) Addrs() ([]net.Addr, error) {
+	if len(ifc.addrs) == 0 {
+		return nil, errNoAddressAssigned
+	}
+	return ifc.addrs, nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/vnet/nat.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/vnet/nat.go
new file mode 100644
index 000000000..4ece5faad
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/vnet/nat.go
@@ -0,0 +1,338 @@
+package vnet
+
+import (
+	"errors"
+	"fmt"
+	"net"
+	"sync"
+	"time"
+
+	"github.com/pion/logging"
+)
+
+var (
+	errNATRequriesMapping            = errors.New("1:1 NAT requires more than one mapping")
+	errMismatchLengthIP              = errors.New("length mismtach between mappedIPs and localIPs")
+	errNonUDPTranslationNotSupported = errors.New("non-udp translation is not supported yet")
+	errNoAssociatedLocalAddress      = errors.New("no associated local address")
+	errNoNATBindingFound             = errors.New("no NAT binding found")
+	errHasNoPermission               = errors.New("has no permission")
+)
+
+// EndpointDependencyType defines a type of behavioral dependendency on the
+// remote endpoint's IP address or port number. This is used for the two
+// kinds of behaviors:
+//  - Port mapping behavior
+//  - Filtering behavior
+// See: https://tools.ietf.org/html/rfc4787
+type EndpointDependencyType uint8
+
+const (
+	// EndpointIndependent means the behavior is independent of the endpoint's address or port
+	EndpointIndependent EndpointDependencyType = iota
+	// EndpointAddrDependent means the behavior is dependent on the endpoint's address
+	EndpointAddrDependent
+	// EndpointAddrPortDependent means the behavior is dependent on the endpoint's address and port
+	EndpointAddrPortDependent
+)
+
+// NATMode defines basic behavior of the NAT
+type NATMode uint8
+
+const (
+	// NATModeNormal means the NAT behaves as a standard NAPT (RFC 2663).
+	NATModeNormal NATMode = iota
+	// NATModeNAT1To1 exhibits 1:1 DNAT where the external IP address is statically mapped to
+	// a specific local IP address with port number is preserved always between them.
+	// When this mode is selected, MappingBehavior, FilteringBehavior, PortPreservation and
+	// MappingLifeTime of NATType are ignored.
+	NATModeNAT1To1
+)
+
+const (
+	defaultNATMappingLifeTime = 30 * time.Second
+)
+
+// NATType has a set of parameters that define the behavior of NAT.
+type NATType struct {
+	Mode              NATMode
+	MappingBehavior   EndpointDependencyType
+	FilteringBehavior EndpointDependencyType
+	Hairpining        bool // Not implemented yet
+	PortPreservation  bool // Not implemented yet
+	MappingLifeTime   time.Duration
+}
+
+type natConfig struct {
+	name          string
+	natType       NATType
+	mappedIPs     []net.IP // mapped IPv4
+	localIPs      []net.IP // local IPv4, required only when the mode is NATModeNAT1To1
+	loggerFactory logging.LoggerFactory
+}
+
+type mapping struct {
+	proto   string              // "udp" or "tcp"
+	local   string              // "<local-ip>:<local-port>"
+	mapped  string              // "<mapped-ip>:<mapped-port>"
+	bound   string              // key: "[<remote-ip>[:<remote-port>]]"
+	filters map[string]struct{} // key: "[<remote-ip>[:<remote-port>]]"
+	expires time.Time           // time to expire
+}
+
+type networkAddressTranslator struct {
+	name           string
+	natType        NATType
+	mappedIPs      []net.IP            // mapped IPv4
+	localIPs       []net.IP            // local IPv4, required only when the mode is NATModeNAT1To1
+	outboundMap    map[string]*mapping // key: "<proto>:<local-ip>:<local-port>[:remote-ip[:remote-port]]
+	inboundMap     map[string]*mapping // key: "<proto>:<mapped-ip>:<mapped-port>"
+	udpPortCounter int
+	mutex          sync.RWMutex
+	log            logging.LeveledLogger
+}
+
+func newNAT(config *natConfig) (*networkAddressTranslator, error) {
+	natType := config.natType
+
+	if natType.Mode == NATModeNAT1To1 {
+		// 1:1 NAT behavior
+		natType.MappingBehavior = EndpointIndependent
+		natType.FilteringBehavior = EndpointIndependent
+		natType.PortPreservation = true
+		natType.MappingLifeTime = 0
+
+		if len(config.mappedIPs) == 0 {
+			return nil, errNATRequriesMapping
+		}
+		if len(config.mappedIPs) != len(config.localIPs) {
+			return nil, errMismatchLengthIP
+		}
+	} else {
+		// Normal (NAPT) behavior
+		natType.Mode = NATModeNormal
+		if natType.MappingLifeTime == 0 {
+			natType.MappingLifeTime = defaultNATMappingLifeTime
+		}
+	}
+
+	return &networkAddressTranslator{
+		name:        config.name,
+		natType:     natType,
+		mappedIPs:   config.mappedIPs,
+		localIPs:    config.localIPs,
+		outboundMap: map[string]*mapping{},
+		inboundMap:  map[string]*mapping{},
+		log:         config.loggerFactory.NewLogger("vnet"),
+	}, nil
+}
+
+func (n *networkAddressTranslator) getPairedMappedIP(locIP net.IP) net.IP {
+	for i, ip := range n.localIPs {
+		if ip.Equal(locIP) {
+			return n.mappedIPs[i]
+		}
+	}
+	return nil
+}
+
+func (n *networkAddressTranslator) getPairedLocalIP(mappedIP net.IP) net.IP {
+	for i, ip := range n.mappedIPs {
+		if ip.Equal(mappedIP) {
+			return n.localIPs[i]
+		}
+	}
+	return nil
+}
+
+func (n *networkAddressTranslator) translateOutbound(from Chunk) (Chunk, error) {
+	n.mutex.Lock()
+	defer n.mutex.Unlock()
+
+	to := from.Clone()
+
+	if from.Network() == udpString {
+		if n.natType.Mode == NATModeNAT1To1 {
+			// 1:1 NAT behavior
+			srcAddr := from.SourceAddr().(*net.UDPAddr)
+			srcIP := n.getPairedMappedIP(srcAddr.IP)
+			if srcIP == nil {
+				n.log.Debugf("[%s] drop outbound chunk %s with not route", n.name, from.String())
+				return nil, nil // silently discard
+			}
+			srcPort := srcAddr.Port
+			if err := to.setSourceAddr(fmt.Sprintf("%s:%d", srcIP.String(), srcPort)); err != nil {
+				return nil, err
+			}
+		} else {
+			// Normal (NAPT) behavior
+			var bound, filterKey string
+			switch n.natType.MappingBehavior {
+			case EndpointIndependent:
+				bound = ""
+			case EndpointAddrDependent:
+				bound = from.getDestinationIP().String()
+			case EndpointAddrPortDependent:
+				bound = from.DestinationAddr().String()
+			}
+
+			switch n.natType.FilteringBehavior {
+			case EndpointIndependent:
+				filterKey = ""
+			case EndpointAddrDependent:
+				filterKey = from.getDestinationIP().String()
+			case EndpointAddrPortDependent:
+				filterKey = from.DestinationAddr().String()
+			}
+
+			oKey := fmt.Sprintf("udp:%s:%s", from.SourceAddr().String(), bound)
+
+			m := n.findOutboundMapping(oKey)
+			if m == nil {
+				// Create a new mapping
+				mappedPort := 0xC000 + n.udpPortCounter
+				n.udpPortCounter++
+
+				m = &mapping{
+					proto:   from.SourceAddr().Network(),
+					local:   from.SourceAddr().String(),
+					bound:   bound,
+					mapped:  fmt.Sprintf("%s:%d", n.mappedIPs[0].String(), mappedPort),
+					filters: map[string]struct{}{},
+					expires: time.Now().Add(n.natType.MappingLifeTime),
+				}
+
+				n.outboundMap[oKey] = m
+
+				iKey := fmt.Sprintf("udp:%s", m.mapped)
+
+				n.log.Debugf("[%s] created a new NAT binding oKey=%s iKey=%s\n",
+					n.name,
+					oKey,
+					iKey)
+
+				m.filters[filterKey] = struct{}{}
+				n.log.Debugf("[%s] permit access from %s to %s\n", n.name, filterKey, m.mapped)
+				n.inboundMap[iKey] = m
+			} else if _, ok := m.filters[filterKey]; !ok {
+				n.log.Debugf("[%s] permit access from %s to %s\n", n.name, filterKey, m.mapped)
+				m.filters[filterKey] = struct{}{}
+			}
+
+			if err := to.setSourceAddr(m.mapped); err != nil {
+				return nil, err
+			}
+		}
+
+		n.log.Debugf("[%s] translate outbound chunk from %s to %s", n.name, from.String(), to.String())
+
+		return to, nil
+	}
+
+	return nil, errNonUDPTranslationNotSupported
+}
+
+func (n *networkAddressTranslator) translateInbound(from Chunk) (Chunk, error) {
+	n.mutex.Lock()
+	defer n.mutex.Unlock()
+
+	to := from.Clone()
+
+	if from.Network() == udpString {
+		if n.natType.Mode == NATModeNAT1To1 {
+			// 1:1 NAT behavior
+			dstAddr := from.DestinationAddr().(*net.UDPAddr)
+			dstIP := n.getPairedLocalIP(dstAddr.IP)
+			if dstIP == nil {
+				return nil, fmt.Errorf("drop %s as %w", from.String(), errNoAssociatedLocalAddress)
+			}
+			dstPort := from.DestinationAddr().(*net.UDPAddr).Port
+			if err := to.setDestinationAddr(fmt.Sprintf("%s:%d", dstIP, dstPort)); err != nil {
+				return nil, err
+			}
+		} else {
+			// Normal (NAPT) behavior
+			iKey := fmt.Sprintf("udp:%s", from.DestinationAddr().String())
+			m := n.findInboundMapping(iKey)
+			if m == nil {
+				return nil, fmt.Errorf("drop %s as %w", from.String(), errNoNATBindingFound)
+			}
+
+			var filterKey string
+			switch n.natType.FilteringBehavior {
+			case EndpointIndependent:
+				filterKey = ""
+			case EndpointAddrDependent:
+				filterKey = from.getSourceIP().String()
+			case EndpointAddrPortDependent:
+				filterKey = from.SourceAddr().String()
+			}
+
+			if _, ok := m.filters[filterKey]; !ok {
+				return nil, fmt.Errorf("drop %s as the remote %s %w", from.String(), filterKey, errHasNoPermission)
+			}
+
+			// See RFC 4847 Section 4.3.  Mapping Refresh
+			// a) Inbound refresh may be useful for applications with no outgoing
+			//   UDP traffic.  However, allowing inbound refresh may allow an
+			//   external attacker or misbehaving application to keep a mapping
+			//   alive indefinitely.  This may be a security risk.  Also, if the
+			//   process is repeated with different ports, over time, it could
+			//   use up all the ports on the NAT.
+
+			if err := to.setDestinationAddr(m.local); err != nil {
+				return nil, err
+			}
+		}
+
+		n.log.Debugf("[%s] translate inbound chunk from %s to %s", n.name, from.String(), to.String())
+
+		return to, nil
+	}
+
+	return nil, errNonUDPTranslationNotSupported
+}
+
+// caller must hold the mutex
+func (n *networkAddressTranslator) findOutboundMapping(oKey string) *mapping {
+	now := time.Now()
+
+	m, ok := n.outboundMap[oKey]
+	if ok {
+		// check if this mapping is expired
+		if now.After(m.expires) {
+			n.removeMapping(m)
+			m = nil // expired
+		} else {
+			m.expires = time.Now().Add(n.natType.MappingLifeTime)
+		}
+	}
+
+	return m
+}
+
+// caller must hold the mutex
+func (n *networkAddressTranslator) findInboundMapping(iKey string) *mapping {
+	now := time.Now()
+	m, ok := n.inboundMap[iKey]
+	if !ok {
+		return nil
+	}
+
+	// check if this mapping is expired
+	if now.After(m.expires) {
+		n.removeMapping(m)
+		return nil
+	}
+
+	return m
+}
+
+// caller must hold the mutex
+func (n *networkAddressTranslator) removeMapping(m *mapping) {
+	oKey := fmt.Sprintf("%s:%s:%s", m.proto, m.local, m.bound)
+	iKey := fmt.Sprintf("%s:%s", m.proto, m.mapped)
+
+	delete(n.outboundMap, oKey)
+	delete(n.inboundMap, iKey)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/vnet/net.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/vnet/net.go
new file mode 100644
index 000000000..4dc6a2a06
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/vnet/net.go
@@ -0,0 +1,677 @@
+package vnet
+
+import (
+	"encoding/binary"
+	"errors"
+	"fmt"
+	"math/rand"
+	"net"
+	"strconv"
+	"strings"
+	"sync"
+)
+
+const (
+	lo0String = "lo0String"
+	udpString = "udp"
+)
+
+var (
+	macAddrCounter                 uint64 = 0xBEEFED910200 //nolint:gochecknoglobals
+	errNoInterface                        = errors.New("no interface is available")
+	errNotFound                           = errors.New("not found")
+	errUnexpectedNetwork                  = errors.New("unexpected network")
+	errCantAssignRequestedAddr            = errors.New("can't assign requested address")
+	errUnknownNetwork                     = errors.New("unknown network")
+	errNoRouterLinked                     = errors.New("no router linked")
+	errInvalidPortNumber                  = errors.New("invalid port number")
+	errUnexpectedTypeSwitchFailure        = errors.New("unexpected type-switch failure")
+	errBindFailerFor                      = errors.New("bind failed for")
+	errEndPortLessThanStart               = errors.New("end port is less than the start")
+	errPortSpaceExhausted                 = errors.New("port space exhausted")
+	errVNetDisabled                       = errors.New("vnet is not enabled")
+)
+
+func newMACAddress() net.HardwareAddr {
+	b := make([]byte, 8)
+	binary.BigEndian.PutUint64(b, macAddrCounter)
+	macAddrCounter++
+	return b[2:]
+}
+
+type vNet struct {
+	interfaces []*Interface // read-only
+	staticIPs  []net.IP     // read-only
+	router     *Router      // read-only
+	udpConns   *udpConnMap  // read-only
+	mutex      sync.RWMutex
+}
+
+func (v *vNet) _getInterfaces() ([]*Interface, error) {
+	if len(v.interfaces) == 0 {
+		return nil, errNoInterface
+	}
+
+	return v.interfaces, nil
+}
+
+func (v *vNet) getInterfaces() ([]*Interface, error) {
+	v.mutex.RLock()
+	defer v.mutex.RUnlock()
+
+	return v._getInterfaces()
+}
+
+// caller must hold the mutex (read)
+func (v *vNet) _getInterface(ifName string) (*Interface, error) {
+	ifs, err := v._getInterfaces()
+	if err != nil {
+		return nil, err
+	}
+	for _, ifc := range ifs {
+		if ifc.Name == ifName {
+			return ifc, nil
+		}
+	}
+
+	return nil, fmt.Errorf("interface %s %w", ifName, errNotFound)
+}
+
+func (v *vNet) getInterface(ifName string) (*Interface, error) {
+	v.mutex.RLock()
+	defer v.mutex.RUnlock()
+
+	return v._getInterface(ifName)
+}
+
+// caller must hold the mutex
+func (v *vNet) getAllIPAddrs(ipv6 bool) []net.IP {
+	ips := []net.IP{}
+
+	for _, ifc := range v.interfaces {
+		addrs, err := ifc.Addrs()
+		if err != nil {
+			continue
+		}
+
+		for _, addr := range addrs {
+			var ip net.IP
+			if ipNet, ok := addr.(*net.IPNet); ok {
+				ip = ipNet.IP
+			} else if ipAddr, ok := addr.(*net.IPAddr); ok {
+				ip = ipAddr.IP
+			} else {
+				continue
+			}
+
+			if !ipv6 {
+				if ip.To4() != nil {
+					ips = append(ips, ip)
+				}
+			}
+		}
+	}
+
+	return ips
+}
+
+func (v *vNet) setRouter(r *Router) error {
+	v.mutex.Lock()
+	defer v.mutex.Unlock()
+
+	v.router = r
+	return nil
+}
+
+func (v *vNet) onInboundChunk(c Chunk) {
+	v.mutex.Lock()
+	defer v.mutex.Unlock()
+
+	if c.Network() == udpString {
+		if conn, ok := v.udpConns.find(c.DestinationAddr()); ok {
+			conn.onInboundChunk(c)
+		}
+	}
+}
+
+// caller must hold the mutex
+func (v *vNet) _dialUDP(network string, locAddr, remAddr *net.UDPAddr) (UDPPacketConn, error) {
+	// validate network
+	if network != udpString && network != "udp4" {
+		return nil, fmt.Errorf("%w: %s", errUnexpectedNetwork, network)
+	}
+
+	if locAddr == nil {
+		locAddr = &net.UDPAddr{
+			IP: net.IPv4zero,
+		}
+	} else if locAddr.IP == nil {
+		locAddr.IP = net.IPv4zero
+	}
+
+	// validate address. do we have that address?
+	if !v.hasIPAddr(locAddr.IP) {
+		return nil, &net.OpError{
+			Op:   "listen",
+			Net:  network,
+			Addr: locAddr,
+			Err:  fmt.Errorf("bind: %w", errCantAssignRequestedAddr),
+		}
+	}
+
+	if locAddr.Port == 0 {
+		// choose randomly from the range between 5000 and 5999
+		port, err := v.assignPort(locAddr.IP, 5000, 5999)
+		if err != nil {
+			return nil, &net.OpError{
+				Op:   "listen",
+				Net:  network,
+				Addr: locAddr,
+				Err:  err,
+			}
+		}
+		locAddr.Port = port
+	} else if _, ok := v.udpConns.find(locAddr); ok {
+		return nil, &net.OpError{
+			Op:   "listen",
+			Net:  network,
+			Addr: locAddr,
+			Err:  fmt.Errorf("bind: %w", errAddressAlreadyInUse),
+		}
+	}
+
+	conn, err := newUDPConn(locAddr, remAddr, v)
+	if err != nil {
+		return nil, err
+	}
+
+	err = v.udpConns.insert(conn)
+	if err != nil {
+		return nil, err
+	}
+
+	return conn, nil
+}
+
+func (v *vNet) listenPacket(network string, address string) (UDPPacketConn, error) {
+	v.mutex.Lock()
+	defer v.mutex.Unlock()
+
+	locAddr, err := v.resolveUDPAddr(network, address)
+	if err != nil {
+		return nil, err
+	}
+
+	return v._dialUDP(network, locAddr, nil)
+}
+
+func (v *vNet) listenUDP(network string, locAddr *net.UDPAddr) (UDPPacketConn, error) {
+	v.mutex.Lock()
+	defer v.mutex.Unlock()
+
+	return v._dialUDP(network, locAddr, nil)
+}
+
+func (v *vNet) dialUDP(network string, locAddr, remAddr *net.UDPAddr) (UDPPacketConn, error) {
+	v.mutex.Lock()
+	defer v.mutex.Unlock()
+
+	return v._dialUDP(network, locAddr, remAddr)
+}
+
+func (v *vNet) dial(network string, address string) (UDPPacketConn, error) {
+	v.mutex.Lock()
+	defer v.mutex.Unlock()
+
+	remAddr, err := v.resolveUDPAddr(network, address)
+	if err != nil {
+		return nil, err
+	}
+
+	// Determine source address
+	srcIP := v.determineSourceIP(nil, remAddr.IP)
+
+	locAddr := &net.UDPAddr{IP: srcIP, Port: 0}
+
+	return v._dialUDP(network, locAddr, remAddr)
+}
+
+func (v *vNet) resolveUDPAddr(network, address string) (*net.UDPAddr, error) {
+	if network != udpString && network != "udp4" {
+		return nil, fmt.Errorf("%w %s", errUnknownNetwork, network)
+	}
+
+	host, sPort, err := net.SplitHostPort(address)
+	if err != nil {
+		return nil, err
+	}
+
+	// Check if host is a domain name
+	ip := net.ParseIP(host)
+	if ip == nil {
+		host = strings.ToLower(host)
+		if host == "localhost" {
+			ip = net.IPv4(127, 0, 0, 1)
+		} else {
+			// host is a domain name. resolve IP address by the name
+			if v.router == nil {
+				return nil, errNoRouterLinked
+			}
+
+			ip, err = v.router.resolver.lookUp(host)
+			if err != nil {
+				return nil, err
+			}
+		}
+	}
+
+	port, err := strconv.Atoi(sPort)
+	if err != nil {
+		return nil, errInvalidPortNumber
+	}
+
+	udpAddr := &net.UDPAddr{
+		IP:   ip,
+		Port: port,
+	}
+
+	return udpAddr, nil
+}
+
+func (v *vNet) write(c Chunk) error {
+	if c.Network() == udpString {
+		if udp, ok := c.(*chunkUDP); ok {
+			if c.getDestinationIP().IsLoopback() {
+				if conn, ok := v.udpConns.find(udp.DestinationAddr()); ok {
+					conn.onInboundChunk(udp)
+				}
+				return nil
+			}
+		} else {
+			return errUnexpectedTypeSwitchFailure
+		}
+	}
+
+	if v.router == nil {
+		return errNoRouterLinked
+	}
+
+	v.router.push(c)
+	return nil
+}
+
+func (v *vNet) onClosed(addr net.Addr) {
+	if addr.Network() == udpString {
+		//nolint:errcheck
+		v.udpConns.delete(addr) // #nosec
+	}
+}
+
+// This method determines the srcIP based on the dstIP when locIP
+// is any IP address ("0.0.0.0" or "::"). If locIP is a non-any addr,
+// this method simply returns locIP.
+// caller must hold the mutex
+func (v *vNet) determineSourceIP(locIP, dstIP net.IP) net.IP {
+	if locIP != nil && !locIP.IsUnspecified() {
+		return locIP
+	}
+
+	var srcIP net.IP
+
+	if dstIP.IsLoopback() {
+		srcIP = net.ParseIP("127.0.0.1")
+	} else {
+		ifc, err2 := v._getInterface("eth0")
+		if err2 != nil {
+			return nil
+		}
+
+		addrs, err2 := ifc.Addrs()
+		if err2 != nil {
+			return nil
+		}
+
+		if len(addrs) == 0 {
+			return nil
+		}
+
+		var findIPv4 bool
+		if locIP != nil {
+			findIPv4 = (locIP.To4() != nil)
+		} else {
+			findIPv4 = (dstIP.To4() != nil)
+		}
+
+		for _, addr := range addrs {
+			ip := addr.(*net.IPNet).IP
+			if findIPv4 {
+				if ip.To4() != nil {
+					srcIP = ip
+					break
+				}
+			} else {
+				if ip.To4() == nil {
+					srcIP = ip
+					break
+				}
+			}
+		}
+	}
+
+	return srcIP
+}
+
+// caller must hold the mutex
+func (v *vNet) hasIPAddr(ip net.IP) bool { //nolint:gocognit
+	for _, ifc := range v.interfaces {
+		if addrs, err := ifc.Addrs(); err == nil {
+			for _, addr := range addrs {
+				var locIP net.IP
+				if ipNet, ok := addr.(*net.IPNet); ok {
+					locIP = ipNet.IP
+				} else if ipAddr, ok := addr.(*net.IPAddr); ok {
+					locIP = ipAddr.IP
+				} else {
+					continue
+				}
+
+				switch ip.String() {
+				case "0.0.0.0":
+					if locIP.To4() != nil {
+						return true
+					}
+				case "::":
+					if locIP.To4() == nil {
+						return true
+					}
+				default:
+					if locIP.Equal(ip) {
+						return true
+					}
+				}
+			}
+		}
+	}
+
+	return false
+}
+
+// caller must hold the mutex
+func (v *vNet) allocateLocalAddr(ip net.IP, port int) error {
+	// gather local IP addresses to bind
+	var ips []net.IP
+	if ip.IsUnspecified() {
+		ips = v.getAllIPAddrs(ip.To4() == nil)
+	} else if v.hasIPAddr(ip) {
+		ips = []net.IP{ip}
+	}
+
+	if len(ips) == 0 {
+		return fmt.Errorf("%w %s", errBindFailerFor, ip.String())
+	}
+
+	// check if all these transport addresses are not in use
+	for _, ip2 := range ips {
+		addr := &net.UDPAddr{
+			IP:   ip2,
+			Port: port,
+		}
+		if _, ok := v.udpConns.find(addr); ok {
+			return &net.OpError{
+				Op:   "bind",
+				Net:  udpString,
+				Addr: addr,
+				Err:  fmt.Errorf("bind: %w", errAddressAlreadyInUse),
+			}
+		}
+	}
+
+	return nil
+}
+
+// caller must hold the mutex
+func (v *vNet) assignPort(ip net.IP, start, end int) (int, error) {
+	// choose randomly from the range between start and end (inclusive)
+	if end < start {
+		return -1, errEndPortLessThanStart
+	}
+
+	space := end + 1 - start
+	offset := rand.Intn(space) //nolint:gosec
+	for i := 0; i < space; i++ {
+		port := ((offset + i) % space) + start
+
+		err := v.allocateLocalAddr(ip, port)
+		if err == nil {
+			return port, nil
+		}
+	}
+
+	return -1, errPortSpaceExhausted
+}
+
+// NetConfig is a bag of configuration parameters passed to NewNet().
+type NetConfig struct {
+	// StaticIPs is an array of static IP addresses to be assigned for this Net.
+	// If no static IP address is given, the router will automatically assign
+	// an IP address.
+	StaticIPs []string
+
+	// StaticIP is deprecated. Use StaticIPs.
+	StaticIP string
+}
+
+// Net represents a local network stack euivalent to a set of layers from NIC
+// up to the transport (UDP / TCP) layer.
+type Net struct {
+	v   *vNet
+	ifs []*Interface
+}
+
+// NewNet creates an instance of Net.
+// If config is nil, the virtual network is disabled. (uses corresponding
+// net.Xxxx() operations.
+// By design, it always have lo0 and eth0 interfaces.
+// The lo0 has the address 127.0.0.1 assigned by default.
+// IP address for eth0 will be assigned when this Net is added to a router.
+func NewNet(config *NetConfig) *Net {
+	if config == nil {
+		ifs := []*Interface{}
+		if orgIfs, err := net.Interfaces(); err == nil {
+			for _, orgIfc := range orgIfs {
+				ifc := NewInterface(orgIfc)
+				if addrs, err := orgIfc.Addrs(); err == nil {
+					for _, addr := range addrs {
+						ifc.AddAddr(addr)
+					}
+				}
+
+				ifs = append(ifs, ifc)
+			}
+		}
+
+		return &Net{ifs: ifs}
+	}
+
+	lo0 := NewInterface(net.Interface{
+		Index:        1,
+		MTU:          16384,
+		Name:         lo0String,
+		HardwareAddr: nil,
+		Flags:        net.FlagUp | net.FlagLoopback | net.FlagMulticast,
+	})
+	lo0.AddAddr(&net.IPNet{
+		IP:   net.ParseIP("127.0.0.1"),
+		Mask: net.CIDRMask(8, 32),
+	})
+
+	eth0 := NewInterface(net.Interface{
+		Index:        2,
+		MTU:          1500,
+		Name:         "eth0",
+		HardwareAddr: newMACAddress(),
+		Flags:        net.FlagUp | net.FlagMulticast,
+	})
+
+	var staticIPs []net.IP
+	for _, ipStr := range config.StaticIPs {
+		if ip := net.ParseIP(ipStr); ip != nil {
+			staticIPs = append(staticIPs, ip)
+		}
+	}
+	if len(config.StaticIP) > 0 {
+		if ip := net.ParseIP(config.StaticIP); ip != nil {
+			staticIPs = append(staticIPs, ip)
+		}
+	}
+
+	v := &vNet{
+		interfaces: []*Interface{lo0, eth0},
+		staticIPs:  staticIPs,
+		udpConns:   newUDPConnMap(),
+	}
+
+	return &Net{
+		v: v,
+	}
+}
+
+// Interfaces returns a list of the system's network interfaces.
+func (n *Net) Interfaces() ([]*Interface, error) {
+	if n.v == nil {
+		return n.ifs, nil
+	}
+
+	return n.v.getInterfaces()
+}
+
+// InterfaceByName returns the interface specified by name.
+func (n *Net) InterfaceByName(name string) (*Interface, error) {
+	if n.v == nil {
+		for _, ifc := range n.ifs {
+			if ifc.Name == name {
+				return ifc, nil
+			}
+		}
+
+		return nil, fmt.Errorf("interface %s %w", name, errNotFound)
+	}
+
+	return n.v.getInterface(name)
+}
+
+// ListenPacket announces on the local network address.
+func (n *Net) ListenPacket(network string, address string) (net.PacketConn, error) {
+	if n.v == nil {
+		return net.ListenPacket(network, address)
+	}
+
+	return n.v.listenPacket(network, address)
+}
+
+// ListenUDP acts like ListenPacket for UDP networks.
+func (n *Net) ListenUDP(network string, locAddr *net.UDPAddr) (UDPPacketConn, error) {
+	if n.v == nil {
+		return net.ListenUDP(network, locAddr)
+	}
+
+	return n.v.listenUDP(network, locAddr)
+}
+
+// Dial connects to the address on the named network.
+func (n *Net) Dial(network, address string) (net.Conn, error) {
+	if n.v == nil {
+		return net.Dial(network, address)
+	}
+
+	return n.v.dial(network, address)
+}
+
+// CreateDialer creates an instance of vnet.Dialer
+func (n *Net) CreateDialer(dialer *net.Dialer) Dialer {
+	if n.v == nil {
+		return &vDialer{
+			dialer: dialer,
+		}
+	}
+
+	return &vDialer{
+		dialer: dialer,
+		v:      n.v,
+	}
+}
+
+// DialUDP acts like Dial for UDP networks.
+func (n *Net) DialUDP(network string, laddr, raddr *net.UDPAddr) (UDPPacketConn, error) {
+	if n.v == nil {
+		return net.DialUDP(network, laddr, raddr)
+	}
+
+	return n.v.dialUDP(network, laddr, raddr)
+}
+
+// ResolveUDPAddr returns an address of UDP end point.
+func (n *Net) ResolveUDPAddr(network, address string) (*net.UDPAddr, error) {
+	if n.v == nil {
+		return net.ResolveUDPAddr(network, address)
+	}
+
+	return n.v.resolveUDPAddr(network, address)
+}
+
+func (n *Net) getInterface(ifName string) (*Interface, error) {
+	if n.v == nil {
+		return nil, errVNetDisabled
+	}
+
+	return n.v.getInterface(ifName)
+}
+
+func (n *Net) setRouter(r *Router) error {
+	if n.v == nil {
+		return errVNetDisabled
+	}
+
+	return n.v.setRouter(r)
+}
+
+func (n *Net) onInboundChunk(c Chunk) {
+	if n.v == nil {
+		return
+	}
+
+	n.v.onInboundChunk(c)
+}
+
+func (n *Net) getStaticIPs() []net.IP {
+	if n.v == nil {
+		return nil
+	}
+
+	return n.v.staticIPs
+}
+
+// IsVirtual tests if the virtual network is enabled.
+func (n *Net) IsVirtual() bool {
+	return n.v != nil
+}
+
+// Dialer is identical to net.Dialer excepts that its methods
+// (Dial, DialContext) are overridden to use virtual network.
+// Use vnet.CreateDialer() to create an instance of this Dialer.
+type Dialer interface {
+	Dial(network, address string) (net.Conn, error)
+}
+
+type vDialer struct {
+	dialer *net.Dialer
+	v      *vNet
+}
+
+func (d *vDialer) Dial(network, address string) (net.Conn, error) {
+	if d.v == nil {
+		return d.dialer.Dial(network, address)
+	}
+
+	return d.v.dial(network, address)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/vnet/resolver.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/vnet/resolver.go
new file mode 100644
index 000000000..e5166e3cd
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/vnet/resolver.go
@@ -0,0 +1,89 @@
+package vnet
+
+import (
+	"errors"
+	"fmt"
+	"net"
+	"sync"
+
+	"github.com/pion/logging"
+)
+
+var (
+	errHostnameEmpty       = errors.New("host name must not be empty")
+	errFailedtoParseIPAddr = errors.New("failed to parse IP address")
+)
+
+type resolverConfig struct {
+	LoggerFactory logging.LoggerFactory
+}
+
+type resolver struct {
+	parent *resolver             // read-only
+	hosts  map[string]net.IP     // requires mutex
+	mutex  sync.RWMutex          // thread-safe
+	log    logging.LeveledLogger // read-only
+}
+
+func newResolver(config *resolverConfig) *resolver {
+	r := &resolver{
+		hosts: map[string]net.IP{},
+		log:   config.LoggerFactory.NewLogger("vnet"),
+	}
+
+	if err := r.addHost("localhost", "127.0.0.1"); err != nil {
+		r.log.Warn("failed to add localhost to resolver")
+	}
+	return r
+}
+
+func (r *resolver) setParent(parent *resolver) {
+	r.mutex.Lock()
+	defer r.mutex.Unlock()
+
+	r.parent = parent
+}
+
+func (r *resolver) addHost(name string, ipAddr string) error {
+	r.mutex.Lock()
+	defer r.mutex.Unlock()
+
+	if len(name) == 0 {
+		return errHostnameEmpty
+	}
+	ip := net.ParseIP(ipAddr)
+	if ip == nil {
+		return fmt.Errorf("%w \"%s\"", errFailedtoParseIPAddr, ipAddr)
+	}
+	r.hosts[name] = ip
+	return nil
+}
+
+func (r *resolver) lookUp(hostName string) (net.IP, error) {
+	ip := func() net.IP {
+		r.mutex.RLock()
+		defer r.mutex.RUnlock()
+
+		if ip2, ok := r.hosts[hostName]; ok {
+			return ip2
+		}
+		return nil
+	}()
+	if ip != nil {
+		return ip, nil
+	}
+
+	// mutex must be unlocked before calling into parent resolver
+
+	if r.parent != nil {
+		return r.parent.lookUp(hostName)
+	}
+
+	return nil, &net.DNSError{
+		Err:         "host not found",
+		Name:        hostName,
+		Server:      "vnet resolver",
+		IsTimeout:   false,
+		IsTemporary: false,
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/vnet/router.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/vnet/router.go
new file mode 100644
index 000000000..616d2c9b6
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/vnet/router.go
@@ -0,0 +1,605 @@
+package vnet
+
+import (
+	"errors"
+	"fmt"
+	"math/rand"
+	"net"
+	"strings"
+	"sync"
+	"sync/atomic"
+	"time"
+
+	"github.com/pion/logging"
+)
+
+const (
+	defaultRouterQueueSize = 0 // unlimited
+)
+
+var (
+	errInvalidLocalIPinStaticIPs     = errors.New("invalid local IP in StaticIPs")
+	errLocalIPBeyondStaticIPsSubset  = errors.New("mapped in StaticIPs is beyond subnet")
+	errLocalIPNoStaticsIPsAssociated = errors.New("all StaticIPs must have associated local IPs")
+	errRouterAlreadyStarted          = errors.New("router already started")
+	errRouterAlreadyStopped          = errors.New("router already stopped")
+	errStaticIPisBeyondSubnet        = errors.New("static IP is beyond subnet")
+	errAddressSpaceExhausted         = errors.New("address space exhausted")
+	errNoIPAddrEth0                  = errors.New("no IP address is assigned for eth0")
+)
+
+// Generate a unique router name
+var assignRouterName = func() func() string { //nolint:gochecknoglobals
+	var routerIDCtr uint64
+
+	return func() string {
+		n := atomic.AddUint64(&routerIDCtr, 1)
+		return fmt.Sprintf("router%d", n)
+	}
+}()
+
+// RouterConfig ...
+type RouterConfig struct {
+	// Name of router. If not specified, a unique name will be assigned.
+	Name string
+	// CIDR notation, like "192.0.2.0/24"
+	CIDR string
+	// StaticIPs is an array of static IP addresses to be assigned for this router.
+	// If no static IP address is given, the router will automatically assign
+	// an IP address.
+	// This will be ignored if this router is the root.
+	StaticIPs []string
+	// StaticIP is deprecated. Use StaticIPs.
+	StaticIP string
+	// Internal queue size
+	QueueSize int
+	// Effective only when this router has a parent router
+	NATType *NATType
+	// Minimum Delay
+	MinDelay time.Duration
+	// Max Jitter
+	MaxJitter time.Duration
+	// Logger factory
+	LoggerFactory logging.LoggerFactory
+}
+
+// NIC is a nework inerface controller that interfaces Router
+type NIC interface {
+	getInterface(ifName string) (*Interface, error)
+	onInboundChunk(c Chunk)
+	getStaticIPs() []net.IP
+	setRouter(r *Router) error
+}
+
+// ChunkFilter is a handler users can add to filter chunks.
+// If the filter returns false, the packet will be dropped.
+type ChunkFilter func(c Chunk) bool
+
+// Router ...
+type Router struct {
+	name           string                    // read-only
+	interfaces     []*Interface              // read-only
+	ipv4Net        *net.IPNet                // read-only
+	staticIPs      []net.IP                  // read-only
+	staticLocalIPs map[string]net.IP         // read-only,
+	lastID         byte                      // requires mutex [x], used to assign the last digit of IPv4 address
+	queue          *chunkQueue               // read-only
+	parent         *Router                   // read-only
+	children       []*Router                 // read-only
+	natType        *NATType                  // read-only
+	nat            *networkAddressTranslator // read-only
+	nics           map[string]NIC            // read-only
+	stopFunc       func()                    // requires mutex [x]
+	resolver       *resolver                 // read-only
+	chunkFilters   []ChunkFilter             // requires mutex [x]
+	minDelay       time.Duration             // requires mutex [x]
+	maxJitter      time.Duration             // requires mutex [x]
+	mutex          sync.RWMutex              // thread-safe
+	pushCh         chan struct{}             // writer requires mutex
+	loggerFactory  logging.LoggerFactory     // read-only
+	log            logging.LeveledLogger     // read-only
+}
+
+// NewRouter ...
+func NewRouter(config *RouterConfig) (*Router, error) {
+	loggerFactory := config.LoggerFactory
+	log := loggerFactory.NewLogger("vnet")
+
+	_, ipv4Net, err := net.ParseCIDR(config.CIDR)
+	if err != nil {
+		return nil, err
+	}
+
+	queueSize := defaultRouterQueueSize
+	if config.QueueSize > 0 {
+		queueSize = config.QueueSize
+	}
+
+	// set up network interface, lo0
+	lo0 := NewInterface(net.Interface{
+		Index:        1,
+		MTU:          16384,
+		Name:         lo0String,
+		HardwareAddr: nil,
+		Flags:        net.FlagUp | net.FlagLoopback | net.FlagMulticast,
+	})
+	lo0.AddAddr(&net.IPAddr{IP: net.ParseIP("127.0.0.1"), Zone: ""})
+
+	// set up network interface, eth0
+	eth0 := NewInterface(net.Interface{
+		Index:        2,
+		MTU:          1500,
+		Name:         "eth0",
+		HardwareAddr: newMACAddress(),
+		Flags:        net.FlagUp | net.FlagMulticast,
+	})
+
+	// local host name resolver
+	resolver := newResolver(&resolverConfig{
+		LoggerFactory: config.LoggerFactory,
+	})
+
+	name := config.Name
+	if len(name) == 0 {
+		name = assignRouterName()
+	}
+
+	var staticIPs []net.IP
+	staticLocalIPs := map[string]net.IP{}
+	for _, ipStr := range config.StaticIPs {
+		ipPair := strings.Split(ipStr, "/")
+		if ip := net.ParseIP(ipPair[0]); ip != nil {
+			if len(ipPair) > 1 {
+				locIP := net.ParseIP(ipPair[1])
+				if locIP == nil {
+					return nil, errInvalidLocalIPinStaticIPs
+				}
+				if !ipv4Net.Contains(locIP) {
+					return nil, fmt.Errorf("local IP %s %w", locIP.String(), errLocalIPBeyondStaticIPsSubset)
+				}
+				staticLocalIPs[ip.String()] = locIP
+			}
+			staticIPs = append(staticIPs, ip)
+		}
+	}
+	if len(config.StaticIP) > 0 {
+		log.Warn("StaticIP is deprecated. Use StaticIPs instead")
+		if ip := net.ParseIP(config.StaticIP); ip != nil {
+			staticIPs = append(staticIPs, ip)
+		}
+	}
+
+	if nStaticLocal := len(staticLocalIPs); nStaticLocal > 0 {
+		if nStaticLocal != len(staticIPs) {
+			return nil, errLocalIPNoStaticsIPsAssociated
+		}
+	}
+
+	return &Router{
+		name:           name,
+		interfaces:     []*Interface{lo0, eth0},
+		ipv4Net:        ipv4Net,
+		staticIPs:      staticIPs,
+		staticLocalIPs: staticLocalIPs,
+		queue:          newChunkQueue(queueSize),
+		natType:        config.NATType,
+		nics:           map[string]NIC{},
+		resolver:       resolver,
+		minDelay:       config.MinDelay,
+		maxJitter:      config.MaxJitter,
+		pushCh:         make(chan struct{}, 1),
+		loggerFactory:  loggerFactory,
+		log:            log,
+	}, nil
+}
+
+// caller must hold the mutex
+func (r *Router) getInterfaces() ([]*Interface, error) {
+	if len(r.interfaces) == 0 {
+		return nil, fmt.Errorf("%w is available", errNoInterface)
+	}
+
+	return r.interfaces, nil
+}
+
+func (r *Router) getInterface(ifName string) (*Interface, error) {
+	r.mutex.RLock()
+	defer r.mutex.RUnlock()
+
+	ifs, err := r.getInterfaces()
+	if err != nil {
+		return nil, err
+	}
+	for _, ifc := range ifs {
+		if ifc.Name == ifName {
+			return ifc, nil
+		}
+	}
+
+	return nil, fmt.Errorf("interface %s %w", ifName, errNotFound)
+}
+
+// Start ...
+func (r *Router) Start() error {
+	r.mutex.Lock()
+	defer r.mutex.Unlock()
+
+	if r.stopFunc != nil {
+		return errRouterAlreadyStarted
+	}
+
+	cancelCh := make(chan struct{})
+
+	go func() {
+	loop:
+		for {
+			d, err := r.processChunks()
+			if err != nil {
+				r.log.Errorf("[%s] %s", r.name, err.Error())
+				break
+			}
+
+			if d <= 0 {
+				select {
+				case <-r.pushCh:
+				case <-cancelCh:
+					break loop
+				}
+			} else {
+				t := time.NewTimer(d)
+				select {
+				case <-t.C:
+				case <-cancelCh:
+					break loop
+				}
+			}
+		}
+	}()
+
+	r.stopFunc = func() {
+		close(cancelCh)
+	}
+
+	for _, child := range r.children {
+		if err := child.Start(); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+// Stop ...
+func (r *Router) Stop() error {
+	r.mutex.Lock()
+	defer r.mutex.Unlock()
+
+	if r.stopFunc == nil {
+		return errRouterAlreadyStopped
+	}
+
+	for _, router := range r.children {
+		r.mutex.Unlock()
+		err := router.Stop()
+		r.mutex.Lock()
+
+		if err != nil {
+			return err
+		}
+	}
+
+	r.stopFunc()
+	r.stopFunc = nil
+	return nil
+}
+
+// caller must hold the mutex
+func (r *Router) addNIC(nic NIC) error {
+	ifc, err := nic.getInterface("eth0")
+	if err != nil {
+		return err
+	}
+
+	var ips []net.IP
+
+	if ips = nic.getStaticIPs(); len(ips) == 0 {
+		// assign an IP address
+		ip, err2 := r.assignIPAddress()
+		if err2 != nil {
+			return err2
+		}
+		ips = append(ips, ip)
+	}
+
+	for _, ip := range ips {
+		if !r.ipv4Net.Contains(ip) {
+			return fmt.Errorf("%w: %s", errStaticIPisBeyondSubnet, r.ipv4Net.String())
+		}
+
+		ifc.AddAddr(&net.IPNet{
+			IP:   ip,
+			Mask: r.ipv4Net.Mask,
+		})
+
+		r.nics[ip.String()] = nic
+	}
+
+	if err = nic.setRouter(r); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// AddRouter adds a chile Router.
+func (r *Router) AddRouter(router *Router) error {
+	r.mutex.Lock()
+	defer r.mutex.Unlock()
+
+	// Router is a NIC. Add it as a NIC so that packets are routed to this child
+	// router.
+	err := r.addNIC(router)
+	if err != nil {
+		return err
+	}
+
+	if err = router.setRouter(r); err != nil {
+		return err
+	}
+
+	r.children = append(r.children, router)
+	return nil
+}
+
+// AddNet ...
+func (r *Router) AddNet(nic NIC) error {
+	r.mutex.Lock()
+	defer r.mutex.Unlock()
+
+	return r.addNIC(nic)
+}
+
+// AddHost adds a mapping of hostname and an IP address to the local resolver.
+func (r *Router) AddHost(hostName string, ipAddr string) error {
+	return r.resolver.addHost(hostName, ipAddr)
+}
+
+// AddChunkFilter adds a filter for chunks traversing this router.
+// You may add more than one filter. The filters are called in the order of this method call.
+// If a chunk is dropped by a filter, subsequent filter will not receive the chunk.
+func (r *Router) AddChunkFilter(filter ChunkFilter) {
+	r.mutex.Lock()
+	defer r.mutex.Unlock()
+
+	r.chunkFilters = append(r.chunkFilters, filter)
+}
+
+// caller should hold the mutex
+func (r *Router) assignIPAddress() (net.IP, error) {
+	// See: https://stackoverflow.com/questions/14915188/ip-address-ending-with-zero
+
+	if r.lastID == 0xfe {
+		return nil, errAddressSpaceExhausted
+	}
+
+	ip := make(net.IP, 4)
+	copy(ip, r.ipv4Net.IP[:3])
+	r.lastID++
+	ip[3] = r.lastID
+	return ip, nil
+}
+
+func (r *Router) push(c Chunk) {
+	r.mutex.Lock()
+	defer r.mutex.Unlock()
+
+	r.log.Debugf("[%s] route %s", r.name, c.String())
+	if r.stopFunc != nil {
+		c.setTimestamp()
+		if r.queue.push(c) {
+			select {
+			case r.pushCh <- struct{}{}:
+			default:
+			}
+		} else {
+			r.log.Warnf("[%s] queue was full. dropped a chunk", r.name)
+		}
+	}
+}
+
+func (r *Router) processChunks() (time.Duration, error) {
+	r.mutex.Lock()
+	defer r.mutex.Unlock()
+
+	// Introduce jitter by delaying the processing of chunks.
+	if r.maxJitter > 0 {
+		jitter := time.Duration(rand.Int63n(int64(r.maxJitter))) //nolint:gosec
+		time.Sleep(jitter)
+	}
+
+	//      cutOff
+	//         v min delay
+	//         |<--->|
+	//  +------------:--
+	//  |OOOOOOXXXXX :   --> time
+	//  +------------:--
+	//  |<--->|     now
+	//    due
+
+	enteredAt := time.Now()
+	cutOff := enteredAt.Add(-r.minDelay)
+
+	var d time.Duration // the next sleep duration
+
+	for {
+		d = 0
+
+		c := r.queue.peek()
+		if c == nil {
+			break // no more chunk in the queue
+		}
+
+		// check timestamp to find if the chunk is due
+		if c.getTimestamp().After(cutOff) {
+			// There is one or more chunk in the queue but none of them are due.
+			// Calculate the next sleep duration here.
+			nextExpire := c.getTimestamp().Add(r.minDelay)
+			d = nextExpire.Sub(enteredAt)
+			break
+		}
+
+		var ok bool
+		if c, ok = r.queue.pop(); !ok {
+			break // no more chunk in the queue
+		}
+
+		blocked := false
+		for i := 0; i < len(r.chunkFilters); i++ {
+			filter := r.chunkFilters[i]
+			if !filter(c) {
+				blocked = true
+				break
+			}
+		}
+		if blocked {
+			continue // discard
+		}
+
+		dstIP := c.getDestinationIP()
+
+		// check if the desination is in our subnet
+		if r.ipv4Net.Contains(dstIP) {
+			// search for the destination NIC
+			var nic NIC
+			if nic, ok = r.nics[dstIP.String()]; !ok {
+				// NIC not found. drop it.
+				r.log.Debugf("[%s] %s unreachable", r.name, c.String())
+				continue
+			}
+
+			// found the NIC, forward the chunk to the NIC.
+			// call to NIC must unlock mutex
+			r.mutex.Unlock()
+			nic.onInboundChunk(c)
+			r.mutex.Lock()
+			continue
+		}
+
+		// the destination is outside of this subnet
+		// is this WAN?
+		if r.parent == nil {
+			// this WAN. No route for this chunk
+			r.log.Debugf("[%s] no route found for %s", r.name, c.String())
+			continue
+		}
+
+		// Pass it to the parent via NAT
+		toParent, err := r.nat.translateOutbound(c)
+		if err != nil {
+			return 0, err
+		}
+
+		if toParent == nil {
+			continue
+		}
+
+		//nolint:godox
+		/* FIXME: this implementation would introduce a duplicate packet!
+		if r.nat.natType.Hairpining {
+			hairpinned, err := r.nat.translateInbound(toParent)
+			if err != nil {
+				r.log.Warnf("[%s] %s", r.name, err.Error())
+			} else {
+				go func() {
+					r.push(hairpinned)
+				}()
+			}
+		}
+		*/
+
+		// call to parent router mutex unlock mutex
+		r.mutex.Unlock()
+		r.parent.push(toParent)
+		r.mutex.Lock()
+	}
+
+	return d, nil
+}
+
+// caller must hold the mutex
+func (r *Router) setRouter(parent *Router) error {
+	r.parent = parent
+	r.resolver.setParent(parent.resolver)
+
+	// when this method is called, one or more IP address has already been assigned by
+	// the parent router.
+	ifc, err := r.getInterface("eth0")
+	if err != nil {
+		return err
+	}
+
+	if len(ifc.addrs) == 0 {
+		return errNoIPAddrEth0
+	}
+
+	mappedIPs := []net.IP{}
+	localIPs := []net.IP{}
+
+	for _, ifcAddr := range ifc.addrs {
+		var ip net.IP
+		switch addr := ifcAddr.(type) {
+		case *net.IPNet:
+			ip = addr.IP
+		case *net.IPAddr: // Do we really need this case?
+			ip = addr.IP
+		default:
+		}
+
+		if ip == nil {
+			continue
+		}
+
+		mappedIPs = append(mappedIPs, ip)
+
+		if locIP := r.staticLocalIPs[ip.String()]; locIP != nil {
+			localIPs = append(localIPs, locIP)
+		}
+	}
+
+	// Set up NAT here
+	if r.natType == nil {
+		r.natType = &NATType{
+			MappingBehavior:   EndpointIndependent,
+			FilteringBehavior: EndpointAddrPortDependent,
+			Hairpining:        false,
+			PortPreservation:  false,
+			MappingLifeTime:   30 * time.Second,
+		}
+	}
+	r.nat, err = newNAT(&natConfig{
+		name:          r.name,
+		natType:       *r.natType,
+		mappedIPs:     mappedIPs,
+		localIPs:      localIPs,
+		loggerFactory: r.loggerFactory,
+	})
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (r *Router) onInboundChunk(c Chunk) {
+	fromParent, err := r.nat.translateInbound(c)
+	if err != nil {
+		r.log.Warnf("[%s] %s", r.name, err.Error())
+		return
+	}
+
+	r.push(fromParent)
+}
+
+func (r *Router) getStaticIPs() []net.IP {
+	return r.staticIPs
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/vnet/vnet.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/vnet/vnet.go
new file mode 100644
index 000000000..bfe0f0f27
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/transport/vnet/vnet.go
@@ -0,0 +1,2 @@
+// Package vnet provides a virtual network layer for pion
+package vnet
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/.gitignore b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/.gitignore
new file mode 100644
index 000000000..98c12d9a4
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/.gitignore
@@ -0,0 +1,9 @@
+*.sw[poe]
+examples/turn-client/tcp/tcp
+examples/turn-client/udp/udp
+examples/turn-server/add-software-attribute/add-software-attribute
+examples/turn-server/log/log
+examples/turn-server/simple/simple
+examples/turn-server/tcp/tcp
+examples/lt-cred-generator/lt-cred-generator
+examples/turn-server/lt-cred/lt-cred
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/.golangci.yml b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/.golangci.yml
new file mode 100644
index 000000000..8e4185a5c
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/.golangci.yml
@@ -0,0 +1,88 @@
+linters-settings:
+  govet:
+    check-shadowing: true
+  misspell:
+    locale: US
+  exhaustive:
+    default-signifies-exhaustive: true
+  gomodguard:
+    blocked:
+      modules:
+        - github.com/pkg/errors:
+            recommendations:
+            - errors
+
+linters:
+  enable:
+    - asciicheck       # Simple linter to check that your code does not contain non-ASCII identifiers
+    - bodyclose        # checks whether HTTP response body is closed successfully
+    - deadcode         # Finds unused code
+    - depguard         # Go linter that checks if package imports are in a list of acceptable packages
+    - dogsled          # Checks assignments with too many blank identifiers (e.g. x, _, _, _, := f())
+    - dupl             # Tool for code clone detection
+    - errcheck         # Errcheck is a program for checking for unchecked errors in go programs. These unchecked errors can be critical bugs in some cases
+    - exhaustive       # check exhaustiveness of enum switch statements
+    - exportloopref    # checks for pointers to enclosing loop variables
+    - gci              # Gci control golang package import order and make it always deterministic.
+    - gochecknoglobals # Checks that no globals are present in Go code
+    - gochecknoinits   # Checks that no init functions are present in Go code
+    - gocognit         # Computes and checks the cognitive complexity of functions
+    - goconst          # Finds repeated strings that could be replaced by a constant
+    - gocritic         # The most opinionated Go source code linter
+    - godox            # Tool for detection of FIXME, TODO and other comment keywords
+    - goerr113         # Golang linter to check the errors handling expressions
+    - gofmt            # Gofmt checks whether code was gofmt-ed. By default this tool runs with -s option to check for code simplification
+    - gofumpt          # Gofumpt checks whether code was gofumpt-ed.
+    - goheader         # Checks is file header matches to pattern
+    - goimports        # Goimports does everything that gofmt does. Additionally it checks unused imports
+    - golint           # Golint differs from gofmt. Gofmt reformats Go source code, whereas golint prints out style mistakes
+    - gomodguard       # Allow and block list linter for direct Go module dependencies. This is different from depguard where there are different block types for example version constraints and module recommendations.
+    - goprintffuncname # Checks that printf-like functions are named with `f` at the end
+    - gosec            # Inspects source code for security problems
+    - gosimple         # Linter for Go source code that specializes in simplifying a code
+    - govet            # Vet examines Go source code and reports suspicious constructs, such as Printf calls whose arguments do not align with the format string
+    - ineffassign      # Detects when assignments to existing variables are not used
+    - misspell         # Finds commonly misspelled English words in comments
+    - nakedret         # Finds naked returns in functions greater than a specified function length
+    - noctx            # noctx finds sending http request without context.Context
+    - scopelint        # Scopelint checks for unpinned variables in go programs
+    - staticcheck      # Staticcheck is a go vet on steroids, applying a ton of static analysis checks
+    - structcheck      # Finds unused struct fields
+    - stylecheck       # Stylecheck is a replacement for golint
+    - typecheck        # Like the front-end of a Go compiler, parses and type-checks Go code
+    - unconvert        # Remove unnecessary type conversions
+    - unparam          # Reports unused function parameters
+    - unused           # Checks Go code for unused constants, variables, functions and types
+    - varcheck         # Finds unused global variables and constants
+    - whitespace       # Tool for detection of leading and trailing whitespace
+  disable:
+    - funlen           # Tool for detection of long functions
+    - gocyclo          # Computes and checks the cyclomatic complexity of functions
+    - godot            # Check if comments end in a period
+    - gomnd            # An analyzer to detect magic numbers.
+    - lll              # Reports long lines
+    - maligned         # Tool to detect Go structs that would take less memory if their fields were sorted
+    - nestif           # Reports deeply nested if statements
+    - nlreturn         # nlreturn checks for a new line before return and branch statements to increase code clarity
+    - nolintlint       # Reports ill-formed or insufficient nolint directives
+    - prealloc         # Finds slice declarations that could potentially be preallocated
+    - rowserrcheck     # checks whether Err of rows is checked successfully
+    - sqlclosecheck    # Checks that sql.Rows and sql.Stmt are closed.
+    - testpackage      # linter that makes you use a separate _test package
+    - wsl              # Whitespace Linter - Forces you to use empty lines!
+
+issues:
+  exclude-rules:
+    # Allow complex tests, better to be self contained
+    - path: _test\.go
+      linters:
+        - gocognit
+
+    # Allow complex main function in examples
+    - path: examples
+      text: "of func `main` is high"
+      linters:
+        - gocognit
+
+run:
+  skip-dirs-use-default: false
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/.goreleaser.yml b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/.goreleaser.yml
new file mode 100644
index 000000000..c7f2efdc4
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/.goreleaser.yml
@@ -0,0 +1,109 @@
+before:
+  hooks:
+    - go mod tidy
+
+archives:
+- replacements:
+    darwin: Darwin
+    linux: Linux
+    windows: Windows
+    386: i386
+    amd64: x86_64
+
+checksum:
+  name_template: 'checksums.txt'
+
+snapshot:
+  name_template: "{{ .Tag }}-next"
+
+changelog:
+  sort: asc
+  filters:
+    exclude:
+    - '^docs:'
+    - '^test:'
+
+builds:
+  - binary: turn-client-tcp
+    id: turn-client-tcp
+    goos:
+      - darwin
+      - windows
+      - linux
+      - freebsd
+    goarch:
+      - amd64
+      - 386
+    env:
+      - CGO_ENABLED=0
+    main: ./examples/turn-client/tcp
+
+  - binary: turn-client-udp
+    id: turn-client-udp
+    goos:
+      - darwin
+      - windows
+      - linux
+      - freebsd
+    goarch:
+      - amd64
+      - 386
+    env:
+      - CGO_ENABLED=0
+    main: ./examples/turn-client/udp
+
+  - binary: turn-server-add-software-attribute
+    id: turn-server-add-software-attribute
+    goos:
+      - darwin
+      - windows
+      - linux
+      - freebsd
+    goarch:
+      - amd64
+      - 386
+    env:
+      - CGO_ENABLED=0
+    main: ./examples/turn-server/add-software-attribute
+
+  - binary: turn-server-log
+    id: turn-server-log
+    goos:
+      - darwin
+      - windows
+      - linux
+      - freebsd
+    goarch:
+      - amd64
+      - 386
+    env:
+      - CGO_ENABLED=0
+    main: ./examples/turn-server/log
+
+  - binary: turn-server-simple
+    id: turn-server-simple
+    goos:
+      - darwin
+      - windows
+      - linux
+      - freebsd
+    goarch:
+      - amd64
+      - 386
+    env:
+      - CGO_ENABLED=0
+    main: ./examples/turn-server/simple/
+
+  - binary: turn-server-tcp
+    id: turn-server-tcp
+    goos:
+      - darwin
+      - windows
+      - linux
+      - freebsd
+    goarch:
+      - amd64
+      - 386
+    env:
+      - CGO_ENABLED=0
+    main: ./examples/turn-server/tcp/
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/DESIGN.md b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/DESIGN.md
new file mode 100644
index 000000000..2c5246693
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/DESIGN.md
@@ -0,0 +1,31 @@
+# Why Pion TURN
+TURN servers aren't exactly a hot technology, they are usually an after thought when building something. Most of the time
+beginners build an interesting WebRTC application, but at the very end realize they need a TURN server. It is really frustrating when you
+want to share your cool new project, only to realize you have to run another service.
+
+Then you find yourself building from source, fighting with config files and making changes you don't fully understand. Pion TURN was born
+hoping to solve these frustrations. These are the guiding principals/features that define pion-turn.
+
+## Easy setup
+simple-turn is a statically built TURN server, configured by environment variables. The entire install setup is 5 commands, on any platform!
+The goal is that anyone should be able to run a TURN server on any platform.
+
+## Integration first
+pion-turn makes no assumptions about how you authenticate users, how you log, or even your topology! Instead of running a dedicated TURN server you
+can inherit from github.com/pion/turn and set whatever logger you want.
+
+## Embeddable
+You can add this to an existing service. This means all your config files stay homogeneous instead of having the mismatch that makes it harder to manage your services.
+For small setups it is usually an overkill to deploy dedicated TURN servers, this makes it easier to solve the problems you care about.
+
+## Safe
+Golang provides a great foundation to build safe network services. Especially when running a networked service that is highly concurrent bugs can be devastating.
+
+## Readable
+All network interaction is commented with a link to the spec. This makes learning and debugging easier, the TURN server was written to also serve as a guide for others.
+
+## Tested
+Every commit is tested via travis-ci Go provides fantastic facilities for testing, and more will be added as time goes on.
+
+## Shared libraries
+Every pion product is built using shared libraries, allowing others to build things using existing tested STUN and TURN tools.
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/LICENSE.md b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/LICENSE.md
new file mode 100644
index 000000000..5cc9cbdc5
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/LICENSE.md
@@ -0,0 +1,7 @@
+Copyright 2018 Pion LLC
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/README.md b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/README.md
new file mode 100644
index 000000000..372b28692
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/README.md
@@ -0,0 +1,96 @@
+<h1 align="center">
+  <a href="https://pion.ly"><img src="./.github/gopher-pion.png" alt="Pion TURN" height="250px"></a>
+  <br>
+  Pion TURN
+  <br>
+</h1>
+<h4 align="center">A toolkit for building TURN clients and servers in Go</h4>
+<p align="center">
+  <a href="https://pion.ly"><img src="https://img.shields.io/badge/pion-turn-gray.svg?longCache=true&colorB=brightgreen" alt="Pion TURN"></a>
+  <a href="http://gophers.slack.com/messages/pion"><img src="https://img.shields.io/badge/join-us%20on%20slack-gray.svg?longCache=true&logo=slack&colorB=brightgreen" alt="Slack Widget"></a>
+  <a href="https://github.com/pion/awesome-pion" alt="Awesome Pion"><img src="https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg"></a>
+  <br>
+  <a href="https://travis-ci.org/pion/turn"><img src="https://travis-ci.org/pion/turn.svg?branch=master" alt="Build Status"></a>
+  <a href="https://pkg.go.dev/github.com/pion/turn/v2"><img src="https://godoc.org/github.com/pion/turn?status.svg" alt="GoDoc"></a>
+  <a href="https://codecov.io/gh/pion/turn"><img src="https://codecov.io/gh/pion/turn/branch/master/graph/badge.svg" alt="Coverage Status"></a>
+  <a href="https://goreportcard.com/report/github.com/pion/turn"><img src="https://goreportcard.com/badge/github.com/pion/turn" alt="Go Report Card"></a>
+  <a href="https://www.codacy.com/app/pion/turn"><img src="https://api.codacy.com/project/badge/Grade/d53ec6c70576476cb16c140c2964afde" alt="Codacy Badge"></a>
+  <a href="LICENSE"><img src="https://img.shields.io/badge/License-MIT-yellow.svg" alt="License: MIT"></a>
+</p>
+<br>
+
+Pion TURN is a Go toolkit for building TURN servers and clients. We wrote it to solve problems we had when building RTC projects.
+
+* **Deployable** - Use modern tooling of the Go ecosystem. Stop generating config files.
+* **Embeddable** - Include `pion/turn` in your existing applications. No need to manage another service.
+* **Extendable** - TURN as an API so you can easily integrate with your existing monitoring and metrics.
+* **Maintainable** - `pion/turn` is simple and well documented. Designed for learning and easy debugging.
+* **Portable** - Quickly deploy to multiple architectures/platforms just by setting an environment variable.
+* **Safe** - Stability and safety is important for network services. Go provides everything we need.
+* **Scalable** - Create allocations and mutate state at runtime. Designed to make scaling easy.
+
+# Using
+`pion/turn` is an API for building STUN/TURN clients and servers, not a binary you deploy then configure. It may require copying our examples and
+making minor modifications to fit your need, no knowledge of Go is required however. You may be able to download the pre-made binaries of our examples
+if you wish to get started quickly.
+
+The advantage of this is that you don't need to deal with complicated config files, or custom APIs to modify the state of Pion TURN.
+After you instantiate an instance of a Pion TURN server or client you interact with it like any library. The quickest way to get started is to look at the
+[examples](examples) or [GoDoc](https://godoc.org/github.com/pion/turn)
+
+# Examples
+We try to cover most common use cases in [examples](examples). If more examples could be helpful please file an issue, we are always looking
+to expand and improve `pion/turn` to make it easier for developers.
+
+To build any example you just need to run `go build` in the directory of the example you care about.
+It is also very easy to [cross compile](https://dave.cheney.net/2015/08/22/cross-compilation-with-go-1-5) Go programs.
+
+You can also see `pion/turn` usage in [pion/ice](https://github.com/pion/ice)
+
+# [FAQ](https://github.com/pion/webrtc/wiki/FAQ)
+
+### RFCs
+#### Implemented
+* [RFC 5389: Session Traversal Utilities for NAT (STUN)](https://tools.ietf.org/html/rfc5389)
+* [RFC 5766: Traversal Using Relays around NAT (TURN)](https://tools.ietf.org/html/rfc5766)
+
+#### Planned
+* [RFC 6062: Traversal Using Relays around NAT (TURN) Extensions for TCP Allocations](https://tools.ietf.org/html/rfc6062)
+* [RFC 6156: Traversal Using Relays around NAT (TURN) Extension for IPv6](https://tools.ietf.org/html/rfc6156)
+
+### Community
+Pion has an active community on the [Golang Slack](https://pion.ly/slack). Sign up and join the **#pion** channel for discussions and support.
+
+We are always looking to support **your projects**. Please reach out if you have something to build!
+
+### Contributing
+Check out the [CONTRIBUTING.md](CONTRIBUTING.md) to join the group of amazing people making this project possible:
+
+* [Michiel De Backker](https://github.com/backkem) - *Documentation*
+* [Ingmar Wittkau](https://github.com/iwittkau) - *STUN client*
+* [John Bradley](https://github.com/kc5nra) - *Original Author*
+* [jose nazario](https://github.com/paralax) - *Documentation*
+* [Mészáros Mihály](https://github.com/misi) - *Documentation*
+* [Mike Santry](https://github.com/santrym) - *Mascot*
+* [Sean DuBois](https://github.com/Sean-Der) - *Original Author*
+* [winds2016](https://github.com/winds2016) - *Windows platform testing*
+* [songjiayang](https://github.com/songjiayang) - *SongJiaYang*
+* [Yutaka Takeda](https://github.com/enobufs) - *vnet*
+* [namreg](https://github.com/namreg) - *Igor German*
+* [Aleksandr Razumov](https://github.com/ernado) - *protocol*
+* [Robert Eperjesi](https://github.com/epes)
+* [Lukas Rezek](https://github.com/lrezek)
+* [Hugo Arregui](https://github.com/hugoArregui)
+* [Aaron France](https://github.com/AeroNotix)
+* [Atsushi Watanabe](https://github.com/at-wat)
+* [Tom Clift](https://github.com/tclift)
+* [lllf](https://github.com/LittleLightLittleFire)
+* nindolabs (Marouane)
+* [Onwuka Gideon](https://github.com/dongido001)
+* [Herman Banken](https://github.com/hermanbanken)
+* [Jannis Mattheis](https://github.com/jmattheis)
+
+### License
+MIT License - see [LICENSE.md](LICENSE.md) for full text
+
+
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/client.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/client.go
new file mode 100644
index 000000000..b04e7d186
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/client.go
@@ -0,0 +1,569 @@
+package turn
+
+import (
+	b64 "encoding/base64"
+	"fmt"
+	"math"
+	"net"
+	"sync"
+	"time"
+
+	"github.com/pion/logging"
+	"github.com/pion/stun"
+	"github.com/pion/transport/vnet"
+	"github.com/pion/turn/v2/internal/client"
+	"github.com/pion/turn/v2/internal/proto"
+)
+
+const (
+	defaultRTO        = 200 * time.Millisecond
+	maxRtxCount       = 7              // total 7 requests (Rc)
+	maxDataBufferSize = math.MaxUint16 // message size limit for Chromium
+)
+
+//              interval [msec]
+// 0: 0 ms      +500
+// 1: 500 ms	+1000
+// 2: 1500 ms   +2000
+// 3: 3500 ms   +4000
+// 4: 7500 ms   +8000
+// 5: 15500 ms  +16000
+// 6: 31500 ms  +32000
+// -: 63500 ms  failed
+
+// ClientConfig is a bag of config parameters for Client.
+type ClientConfig struct {
+	STUNServerAddr string // STUN server address (e.g. "stun.abc.com:3478")
+	TURNServerAddr string // TURN server addrees (e.g. "turn.abc.com:3478")
+	Username       string
+	Password       string
+	Realm          string
+	Software       string
+	RTO            time.Duration
+	Conn           net.PacketConn // Listening socket (net.PacketConn)
+	LoggerFactory  logging.LoggerFactory
+	Net            *vnet.Net
+}
+
+// Client is a STUN server client
+type Client struct {
+	conn          net.PacketConn         // read-only
+	stunServ      net.Addr               // read-only
+	turnServ      net.Addr               // read-only
+	stunServStr   string                 // read-only, used for dmuxing
+	turnServStr   string                 // read-only, used for dmuxing
+	username      stun.Username          // read-only
+	password      string                 // read-only
+	realm         stun.Realm             // read-only
+	integrity     stun.MessageIntegrity  // read-only
+	software      stun.Software          // read-only
+	trMap         *client.TransactionMap // thread-safe
+	rto           time.Duration          // read-only
+	relayedConn   *client.UDPConn        // protected by mutex ***
+	allocTryLock  client.TryLock         // thread-safe
+	listenTryLock client.TryLock         // thread-safe
+	net           *vnet.Net              // read-only
+	mutex         sync.RWMutex           // thread-safe
+	mutexTrMap    sync.Mutex             // thread-safe
+	log           logging.LeveledLogger  // read-only
+}
+
+// NewClient returns a new Client instance. listeningAddress is the address and port to listen on, default "0.0.0.0:0"
+func NewClient(config *ClientConfig) (*Client, error) {
+	loggerFactory := config.LoggerFactory
+	if loggerFactory == nil {
+		loggerFactory = logging.NewDefaultLoggerFactory()
+	}
+
+	log := loggerFactory.NewLogger("turnc")
+
+	if config.Conn == nil {
+		return nil, errNilConn
+	}
+
+	if config.Net == nil {
+		config.Net = vnet.NewNet(nil) // defaults to native operation
+	} else if config.Net.IsVirtual() {
+		log.Warn("vnet is enabled")
+	}
+
+	var stunServ, turnServ net.Addr
+	var stunServStr, turnServStr string
+	var err error
+	if len(config.STUNServerAddr) > 0 {
+		log.Debugf("resolving %s", config.STUNServerAddr)
+		stunServ, err = config.Net.ResolveUDPAddr("udp4", config.STUNServerAddr)
+		if err != nil {
+			return nil, err
+		}
+		stunServStr = stunServ.String()
+		log.Debugf("stunServ: %s", stunServStr)
+	}
+	if len(config.TURNServerAddr) > 0 {
+		log.Debugf("resolving %s", config.TURNServerAddr)
+		turnServ, err = config.Net.ResolveUDPAddr("udp4", config.TURNServerAddr)
+		if err != nil {
+			return nil, err
+		}
+		turnServStr = turnServ.String()
+		log.Debugf("turnServ: %s", turnServStr)
+	}
+
+	rto := defaultRTO
+	if config.RTO > 0 {
+		rto = config.RTO
+	}
+
+	c := &Client{
+		conn:        config.Conn,
+		stunServ:    stunServ,
+		turnServ:    turnServ,
+		stunServStr: stunServStr,
+		turnServStr: turnServStr,
+		username:    stun.NewUsername(config.Username),
+		password:    config.Password,
+		realm:       stun.NewRealm(config.Realm),
+		software:    stun.NewSoftware(config.Software),
+		net:         config.Net,
+		trMap:       client.NewTransactionMap(),
+		rto:         rto,
+		log:         log,
+	}
+
+	return c, nil
+}
+
+// TURNServerAddr return the TURN server address
+func (c *Client) TURNServerAddr() net.Addr {
+	return c.turnServ
+}
+
+// STUNServerAddr return the STUN server address
+func (c *Client) STUNServerAddr() net.Addr {
+	return c.stunServ
+}
+
+// Username returns username
+func (c *Client) Username() stun.Username {
+	return c.username
+}
+
+// Realm return realm
+func (c *Client) Realm() stun.Realm {
+	return c.realm
+}
+
+// WriteTo sends data to the specified destination using the base socket.
+func (c *Client) WriteTo(data []byte, to net.Addr) (int, error) {
+	return c.conn.WriteTo(data, to)
+}
+
+// Listen will have this client start listening on the conn provided via the config.
+// This is optional. If not used, you will need to call HandleInbound method
+// to supply incoming data, instead.
+func (c *Client) Listen() error {
+	if err := c.listenTryLock.Lock(); err != nil {
+		return fmt.Errorf("%w: %s", errAlreadyListening, err.Error())
+	}
+
+	go func() {
+		buf := make([]byte, maxDataBufferSize)
+		for {
+			n, from, err := c.conn.ReadFrom(buf)
+			if err != nil {
+				c.log.Debugf("exiting read loop: %s", err.Error())
+				break
+			}
+
+			_, err = c.HandleInbound(buf[:n], from)
+			if err != nil {
+				c.log.Debugf("exiting read loop: %s", err.Error())
+				break
+			}
+		}
+
+		c.listenTryLock.Unlock()
+	}()
+
+	return nil
+}
+
+// Close closes this client
+func (c *Client) Close() {
+	c.mutexTrMap.Lock()
+	defer c.mutexTrMap.Unlock()
+
+	c.trMap.CloseAndDeleteAll()
+}
+
+// TransactionID & Base64: https://play.golang.org/p/EEgmJDI971P
+
+// SendBindingRequestTo sends a new STUN request to the given transport address
+func (c *Client) SendBindingRequestTo(to net.Addr) (net.Addr, error) {
+	attrs := []stun.Setter{stun.TransactionID, stun.BindingRequest}
+	if len(c.software) > 0 {
+		attrs = append(attrs, c.software)
+	}
+
+	msg, err := stun.Build(attrs...)
+	if err != nil {
+		return nil, err
+	}
+	trRes, err := c.PerformTransaction(msg, to, false)
+	if err != nil {
+		return nil, err
+	}
+
+	var reflAddr stun.XORMappedAddress
+	if err := reflAddr.GetFrom(trRes.Msg); err != nil {
+		return nil, err
+	}
+
+	return &net.UDPAddr{
+		IP:   reflAddr.IP,
+		Port: reflAddr.Port,
+	}, nil
+}
+
+// SendBindingRequest sends a new STUN request to the STUN server
+func (c *Client) SendBindingRequest() (net.Addr, error) {
+	if c.stunServ == nil {
+		return nil, errSTUNServerAddressNotSet
+	}
+	return c.SendBindingRequestTo(c.stunServ)
+}
+
+// Allocate sends a TURN allocation request to the given transport address
+func (c *Client) Allocate() (net.PacketConn, error) {
+	if err := c.allocTryLock.Lock(); err != nil {
+		return nil, fmt.Errorf("%w: %s", errOneAllocateOnly, err.Error())
+	}
+	defer c.allocTryLock.Unlock()
+
+	relayedConn := c.relayedUDPConn()
+	if relayedConn != nil {
+		return nil, fmt.Errorf("%w: %s", errAlreadyAllocated, relayedConn.LocalAddr().String())
+	}
+
+	msg, err := stun.Build(
+		stun.TransactionID,
+		stun.NewType(stun.MethodAllocate, stun.ClassRequest),
+		proto.RequestedTransport{Protocol: proto.ProtoUDP},
+		stun.Fingerprint,
+	)
+	if err != nil {
+		return nil, err
+	}
+
+	trRes, err := c.PerformTransaction(msg, c.turnServ, false)
+	if err != nil {
+		return nil, err
+	}
+
+	res := trRes.Msg
+
+	// Anonymous allocate failed, trying to authenticate.
+	var nonce stun.Nonce
+	if err = nonce.GetFrom(res); err != nil {
+		return nil, err
+	}
+	if err = c.realm.GetFrom(res); err != nil {
+		return nil, err
+	}
+	c.realm = append([]byte(nil), c.realm...)
+	c.integrity = stun.NewLongTermIntegrity(
+		c.username.String(), c.realm.String(), c.password,
+	)
+	// Trying to authorize.
+	msg, err = stun.Build(
+		stun.TransactionID,
+		stun.NewType(stun.MethodAllocate, stun.ClassRequest),
+		proto.RequestedTransport{Protocol: proto.ProtoUDP},
+		&c.username,
+		&c.realm,
+		&nonce,
+		&c.integrity,
+		stun.Fingerprint,
+	)
+	if err != nil {
+		return nil, err
+	}
+
+	trRes, err = c.PerformTransaction(msg, c.turnServ, false)
+	if err != nil {
+		return nil, err
+	}
+	res = trRes.Msg
+
+	if res.Type.Class == stun.ClassErrorResponse {
+		var code stun.ErrorCodeAttribute
+		if err = code.GetFrom(res); err == nil {
+			return nil, fmt.Errorf("%s (error %s)", res.Type, code) //nolint:goerr113
+		}
+		return nil, fmt.Errorf("%s", res.Type) //nolint:goerr113
+	}
+
+	// Getting relayed addresses from response.
+	var relayed proto.RelayedAddress
+	if err := relayed.GetFrom(res); err != nil {
+		return nil, err
+	}
+	relayedAddr := &net.UDPAddr{
+		IP:   relayed.IP,
+		Port: relayed.Port,
+	}
+
+	// Getting lifetime from response
+	var lifetime proto.Lifetime
+	if err := lifetime.GetFrom(res); err != nil {
+		return nil, err
+	}
+
+	relayedConn = client.NewUDPConn(&client.UDPConnConfig{
+		Observer:    c,
+		RelayedAddr: relayedAddr,
+		Integrity:   c.integrity,
+		Nonce:       nonce,
+		Lifetime:    lifetime.Duration,
+		Log:         c.log,
+	})
+
+	c.setRelayedUDPConn(relayedConn)
+
+	return relayedConn, nil
+}
+
+// PerformTransaction performs STUN transaction
+func (c *Client) PerformTransaction(msg *stun.Message, to net.Addr, ignoreResult bool) (client.TransactionResult,
+	error) {
+	trKey := b64.StdEncoding.EncodeToString(msg.TransactionID[:])
+
+	raw := make([]byte, len(msg.Raw))
+	copy(raw, msg.Raw)
+
+	tr := client.NewTransaction(&client.TransactionConfig{
+		Key:          trKey,
+		Raw:          raw,
+		To:           to,
+		Interval:     c.rto,
+		IgnoreResult: ignoreResult,
+	})
+
+	c.trMap.Insert(trKey, tr)
+
+	c.log.Tracef("start %s transaction %s to %s", msg.Type, trKey, tr.To.String())
+	_, err := c.conn.WriteTo(tr.Raw, to)
+	if err != nil {
+		return client.TransactionResult{}, err
+	}
+
+	tr.StartRtxTimer(c.onRtxTimeout)
+
+	// If dontWait is true, get the transaction going and return immediately
+	if ignoreResult {
+		return client.TransactionResult{}, nil
+	}
+
+	res := tr.WaitForResult()
+	if res.Err != nil {
+		return res, res.Err
+	}
+	return res, nil
+}
+
+// OnDeallocated is called when deallocation of relay address has been complete.
+// (Called by UDPConn)
+func (c *Client) OnDeallocated(relayedAddr net.Addr) {
+	c.setRelayedUDPConn(nil)
+}
+
+// HandleInbound handles data received.
+// This method handles incoming packet demultiplex it by the source address
+// and the types of the message.
+// This return a booleen (handled or not) and if there was an error.
+// Caller should check if the packet was handled by this client or not.
+// If not handled, it is assumed that the packet is application data.
+// If an error is returned, the caller should discard the packet regardless.
+func (c *Client) HandleInbound(data []byte, from net.Addr) (bool, error) {
+	// +-------------------+-------------------------------+
+	// |   Return Values   |                               |
+	// +-------------------+       Meaning / Action        |
+	// | handled |  error  |                               |
+	// |=========+=========+===============================+
+	// |  false  |   nil   | Handle the packet as app data |
+	// |---------+---------+-------------------------------+
+	// |  true   |   nil   |        Nothing to do          |
+	// |---------+---------+-------------------------------+
+	// |  false  |  error  |     (shouldn't happen)        |
+	// |---------+---------+-------------------------------+
+	// |  true   |  error  | Error occurred while handling |
+	// +---------+---------+-------------------------------+
+	// Possible causes of the error:
+	//  - Malformed packet (parse error)
+	//  - STUN message was a request
+	//  - Non-STUN message from the STUN server
+
+	switch {
+	case stun.IsMessage(data):
+		return true, c.handleSTUNMessage(data, from)
+	case proto.IsChannelData(data):
+		return true, c.handleChannelData(data)
+	case len(c.stunServStr) != 0 && from.String() == c.stunServStr:
+		// received from STUN server but it is not a STUN message
+		return true, errNonSTUNMessage
+	default:
+		// assume, this is an application data
+		c.log.Tracef("non-STUN/TURN packect, unhandled")
+	}
+
+	return false, nil
+}
+
+func (c *Client) handleSTUNMessage(data []byte, from net.Addr) error {
+	raw := make([]byte, len(data))
+	copy(raw, data)
+
+	msg := &stun.Message{Raw: raw}
+	if err := msg.Decode(); err != nil {
+		return fmt.Errorf("%w: %s", errFailedToDecodeSTUN, err.Error())
+	}
+
+	if msg.Type.Class == stun.ClassRequest {
+		return fmt.Errorf("%w : %s", errUnexpectedSTUNRequestMessage, msg.String())
+	}
+
+	if msg.Type.Class == stun.ClassIndication {
+		if msg.Type.Method == stun.MethodData {
+			var peerAddr proto.PeerAddress
+			if err := peerAddr.GetFrom(msg); err != nil {
+				return err
+			}
+			from = &net.UDPAddr{
+				IP:   peerAddr.IP,
+				Port: peerAddr.Port,
+			}
+
+			var data proto.Data
+			if err := data.GetFrom(msg); err != nil {
+				return err
+			}
+
+			c.log.Debugf("data indication received from %s", from.String())
+
+			relayedConn := c.relayedUDPConn()
+			if relayedConn == nil {
+				c.log.Debug("no relayed conn allocated")
+				return nil // silently discard
+			}
+
+			relayedConn.HandleInbound(data, from)
+		}
+		return nil
+	}
+
+	// This is a STUN response message (transactional)
+	// The type is either:
+	// - stun.ClassSuccessResponse
+	// - stun.ClassErrorResponse
+
+	trKey := b64.StdEncoding.EncodeToString(msg.TransactionID[:])
+
+	c.mutexTrMap.Lock()
+	tr, ok := c.trMap.Find(trKey)
+	if !ok {
+		c.mutexTrMap.Unlock()
+		// silently discard
+		c.log.Debugf("no transaction for %s", msg.String())
+		return nil
+	}
+
+	// End the transaction
+	tr.StopRtxTimer()
+	c.trMap.Delete(trKey)
+	c.mutexTrMap.Unlock()
+
+	if !tr.WriteResult(client.TransactionResult{
+		Msg:     msg,
+		From:    from,
+		Retries: tr.Retries(),
+	}) {
+		c.log.Debugf("no listener for %s", msg.String())
+	}
+
+	return nil
+}
+
+func (c *Client) handleChannelData(data []byte) error {
+	chData := &proto.ChannelData{
+		Raw: make([]byte, len(data)),
+	}
+	copy(chData.Raw, data)
+	if err := chData.Decode(); err != nil {
+		return err
+	}
+
+	relayedConn := c.relayedUDPConn()
+	if relayedConn == nil {
+		c.log.Debug("no relayed conn allocated")
+		return nil // silently discard
+	}
+
+	addr, ok := relayedConn.FindAddrByChannelNumber(uint16(chData.Number))
+	if !ok {
+		return fmt.Errorf("%w: %d", errChannelBindNotFound, int(chData.Number))
+	}
+
+	c.log.Tracef("channel data received from %s (ch=%d)", addr.String(), int(chData.Number))
+
+	relayedConn.HandleInbound(chData.Data, addr)
+	return nil
+}
+
+func (c *Client) onRtxTimeout(trKey string, nRtx int) {
+	c.mutexTrMap.Lock()
+	defer c.mutexTrMap.Unlock()
+
+	tr, ok := c.trMap.Find(trKey)
+	if !ok {
+		return // already gone
+	}
+
+	if nRtx == maxRtxCount {
+		// all retransmisstions failed
+		c.trMap.Delete(trKey)
+		if !tr.WriteResult(client.TransactionResult{
+			Err: fmt.Errorf("%w %s", errAllRetransmissionsFailed, trKey),
+		}) {
+			c.log.Debug("no listener for transaction")
+		}
+		return
+	}
+
+	c.log.Tracef("retransmitting transaction %s to %s (nRtx=%d)",
+		trKey, tr.To.String(), nRtx)
+	_, err := c.conn.WriteTo(tr.Raw, tr.To)
+	if err != nil {
+		c.trMap.Delete(trKey)
+		if !tr.WriteResult(client.TransactionResult{
+			Err: fmt.Errorf("%w %s", errFailedToRetransmitTransaction, trKey),
+		}) {
+			c.log.Debug("no listener for transaction")
+		}
+		return
+	}
+	tr.StartRtxTimer(c.onRtxTimeout)
+}
+
+func (c *Client) setRelayedUDPConn(conn *client.UDPConn) {
+	c.mutex.Lock()
+	defer c.mutex.Unlock()
+
+	c.relayedConn = conn
+}
+
+func (c *Client) relayedUDPConn() *client.UDPConn {
+	c.mutex.RLock()
+	defer c.mutex.RUnlock()
+
+	return c.relayedConn
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/codecov.yml b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/codecov.yml
new file mode 100644
index 000000000..085200a48
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/codecov.yml
@@ -0,0 +1,20 @@
+#
+# DO NOT EDIT THIS FILE
+#
+# It is automatically copied from https://github.com/pion/.goassets repository.
+#
+
+coverage:
+  status:
+    project:
+      default:
+        # Allow decreasing 2% of total coverage to avoid noise.
+        threshold: 2%
+    patch:
+      default:
+        target: 70%
+        only_pulls: true
+
+ignore:
+  - "examples/*"
+  - "examples/**/*"
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/errors.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/errors.go
new file mode 100644
index 000000000..12d5e0e86
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/errors.go
@@ -0,0 +1,28 @@
+package turn
+
+import "errors"
+
+var (
+	errRelayAddressInvalid           = errors.New("turn: RelayAddress must be valid IP to use RelayAddressGeneratorStatic")
+	errNoAvailableConns              = errors.New("turn: PacketConnConfigs and ConnConfigs are empty, unable to proceed")
+	errConnUnset                     = errors.New("turn: PacketConnConfig must have a non-nil Conn")
+	errListenerUnset                 = errors.New("turn: ListenerConfig must have a non-nil Listener")
+	errListeningAddressInvalid       = errors.New("turn: RelayAddressGenerator has invalid ListeningAddress")
+	errRelayAddressGeneratorUnset    = errors.New("turn: RelayAddressGenerator in RelayConfig is unset")
+	errMaxRetriesExceeded            = errors.New("turn: max retries exceeded")
+	errMaxPortNotZero                = errors.New("turn: MaxPort must be not 0")
+	errMinPortNotZero                = errors.New("turn: MaxPort must be not 0")
+	errNilConn                       = errors.New("turn: conn cannot not be nil")
+	errTODO                          = errors.New("turn: TODO")
+	errAlreadyListening              = errors.New("turn: already listening")
+	errFailedToClose                 = errors.New("turn: Server failed to close")
+	errFailedToRetransmitTransaction = errors.New("turn: failed to retransmit transaction")
+	errAllRetransmissionsFailed      = errors.New("all retransmissions failed for")
+	errChannelBindNotFound           = errors.New("no binding found for channel")
+	errSTUNServerAddressNotSet       = errors.New("STUN server address is not set for the client")
+	errOneAllocateOnly               = errors.New("only one Allocate() caller is allowed")
+	errAlreadyAllocated              = errors.New("already allocated")
+	errNonSTUNMessage                = errors.New("non-STUN message from STUN server")
+	errFailedToDecodeSTUN            = errors.New("failed to decode STUN message")
+	errUnexpectedSTUNRequestMessage  = errors.New("unexpected STUN request message")
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/go.mod b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/go.mod
new file mode 100644
index 000000000..de599c37c
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/go.mod
@@ -0,0 +1,11 @@
+module github.com/pion/turn/v2
+
+go 1.13
+
+require (
+	github.com/pion/logging v0.2.2
+	github.com/pion/randutil v0.1.0
+	github.com/pion/stun v0.3.5
+	github.com/pion/transport v0.10.1
+	github.com/stretchr/testify v1.6.1
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/go.sum b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/go.sum
new file mode 100644
index 000000000..7756c3768
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/go.sum
@@ -0,0 +1,28 @@
+github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/pion/logging v0.2.2 h1:M9+AIj/+pxNsDfAT64+MAVgJO0rsyLnoJKCqf//DoeY=
+github.com/pion/logging v0.2.2/go.mod h1:k0/tDVsRCX2Mb2ZEmTqNa7CWsQPc+YYCB7Q+5pahoms=
+github.com/pion/randutil v0.1.0 h1:CFG1UdESneORglEsnimhUjf33Rwjubwj6xfiOXBa3mA=
+github.com/pion/randutil v0.1.0/go.mod h1:XcJrSMMbbMRhASFVOlj/5hQial/Y8oH/HVo7TBZq+j8=
+github.com/pion/stun v0.3.5 h1:uLUCBCkQby4S1cf6CGuR9QrVOKcvUwFeemaC865QHDg=
+github.com/pion/stun v0.3.5/go.mod h1:gDMim+47EeEtfWogA37n6qXZS88L5V6LqFcf+DZA2UA=
+github.com/pion/transport v0.10.1 h1:2W+yJT+0mOQ160ThZYUx5Zp2skzshiNgxrNE9GUfhJM=
+github.com/pion/transport v0.10.1/go.mod h1:PBis1stIILMiis0PewDw91WJeLJkyIMcEk+DwKOzf4A=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20200625001655-4c5254603344 h1:vGXIOMxbNfDTk/aXCmfdLgkrSV+Z2tcbze+pEc3v5W4=
+golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/allocation/allocation.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/allocation/allocation.go
new file mode 100644
index 000000000..d1cb8c6c8
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/allocation/allocation.go
@@ -0,0 +1,259 @@
+// Package allocation contains all CRUD operations for allocations
+package allocation
+
+import (
+	"net"
+	"sync"
+	"time"
+
+	"github.com/pion/logging"
+	"github.com/pion/stun"
+	"github.com/pion/turn/v2/internal/ipnet"
+	"github.com/pion/turn/v2/internal/proto"
+)
+
+// Allocation is tied to a FiveTuple and relays traffic
+// use CreateAllocation and GetAllocation to operate
+type Allocation struct {
+	RelayAddr           net.Addr
+	Protocol            Protocol
+	TurnSocket          net.PacketConn
+	RelaySocket         net.PacketConn
+	fiveTuple           *FiveTuple
+	permissionsLock     sync.RWMutex
+	permissions         map[string]*Permission
+	channelBindingsLock sync.RWMutex
+	channelBindings     []*ChannelBind
+	lifetimeTimer       *time.Timer
+	closed              chan interface{}
+	log                 logging.LeveledLogger
+}
+
+func addr2IPFingerprint(addr net.Addr) string {
+	switch a := addr.(type) {
+	case *net.UDPAddr:
+		return a.IP.String()
+	case *net.TCPAddr: // Do we really need this case?
+		return a.IP.String()
+	}
+	return "" // shoud never happen
+}
+
+// NewAllocation creates a new instance of NewAllocation.
+func NewAllocation(turnSocket net.PacketConn, fiveTuple *FiveTuple, log logging.LeveledLogger) *Allocation {
+	return &Allocation{
+		TurnSocket:  turnSocket,
+		fiveTuple:   fiveTuple,
+		permissions: make(map[string]*Permission, 64),
+		closed:      make(chan interface{}),
+		log:         log,
+	}
+}
+
+// GetPermission gets the Permission from the allocation
+func (a *Allocation) GetPermission(addr net.Addr) *Permission {
+	a.permissionsLock.RLock()
+	defer a.permissionsLock.RUnlock()
+
+	return a.permissions[addr2IPFingerprint(addr)]
+}
+
+// AddPermission adds a new permission to the allocation
+func (a *Allocation) AddPermission(p *Permission) {
+	fingerprint := addr2IPFingerprint(p.Addr)
+
+	a.permissionsLock.RLock()
+	existedPermission, ok := a.permissions[fingerprint]
+	a.permissionsLock.RUnlock()
+
+	if ok {
+		existedPermission.refresh(permissionTimeout)
+		return
+	}
+
+	p.allocation = a
+	a.permissionsLock.Lock()
+	a.permissions[fingerprint] = p
+	a.permissionsLock.Unlock()
+
+	p.start(permissionTimeout)
+}
+
+// RemovePermission removes the net.Addr's fingerprint from the allocation's permissions
+func (a *Allocation) RemovePermission(addr net.Addr) {
+	a.permissionsLock.Lock()
+	defer a.permissionsLock.Unlock()
+	delete(a.permissions, addr2IPFingerprint(addr))
+}
+
+// AddChannelBind adds a new ChannelBind to the allocation, it also updates the
+// permissions needed for this ChannelBind
+func (a *Allocation) AddChannelBind(c *ChannelBind, lifetime time.Duration) error {
+	// Check that this channel id isn't bound to another transport address, and
+	// that this transport address isn't bound to another channel number.
+	channelByNumber := a.GetChannelByNumber(c.Number)
+
+	if channelByNumber != a.GetChannelByAddr(c.Peer) {
+		return errSameChannelDifferentPeer
+	}
+
+	// Add or refresh this channel.
+	if channelByNumber == nil {
+		a.channelBindingsLock.Lock()
+		defer a.channelBindingsLock.Unlock()
+
+		c.allocation = a
+		a.channelBindings = append(a.channelBindings, c)
+		c.start(lifetime)
+
+		// Channel binds also refresh permissions.
+		a.AddPermission(NewPermission(c.Peer, a.log))
+	} else {
+		channelByNumber.refresh(lifetime)
+
+		// Channel binds also refresh permissions.
+		a.AddPermission(NewPermission(channelByNumber.Peer, a.log))
+	}
+
+	return nil
+}
+
+// RemoveChannelBind removes the ChannelBind from this allocation by id
+func (a *Allocation) RemoveChannelBind(number proto.ChannelNumber) bool {
+	a.channelBindingsLock.Lock()
+	defer a.channelBindingsLock.Unlock()
+
+	for i := len(a.channelBindings) - 1; i >= 0; i-- {
+		if a.channelBindings[i].Number == number {
+			a.channelBindings = append(a.channelBindings[:i], a.channelBindings[i+1:]...)
+			return true
+		}
+	}
+
+	return false
+}
+
+// GetChannelByNumber gets the ChannelBind from this allocation by id
+func (a *Allocation) GetChannelByNumber(number proto.ChannelNumber) *ChannelBind {
+	a.channelBindingsLock.RLock()
+	defer a.channelBindingsLock.RUnlock()
+	for _, cb := range a.channelBindings {
+		if cb.Number == number {
+			return cb
+		}
+	}
+	return nil
+}
+
+// GetChannelByAddr gets the ChannelBind from this allocation by net.Addr
+func (a *Allocation) GetChannelByAddr(addr net.Addr) *ChannelBind {
+	a.channelBindingsLock.RLock()
+	defer a.channelBindingsLock.RUnlock()
+	for _, cb := range a.channelBindings {
+		if ipnet.AddrEqual(cb.Peer, addr) {
+			return cb
+		}
+	}
+	return nil
+}
+
+// Refresh updates the allocations lifetime
+func (a *Allocation) Refresh(lifetime time.Duration) {
+	if !a.lifetimeTimer.Reset(lifetime) {
+		a.log.Errorf("Failed to reset allocation timer for %v", a.fiveTuple)
+	}
+}
+
+// Close closes the allocation
+func (a *Allocation) Close() error {
+	select {
+	case <-a.closed:
+		return nil
+	default:
+	}
+	close(a.closed)
+
+	a.lifetimeTimer.Stop()
+
+	a.permissionsLock.RLock()
+	for _, p := range a.permissions {
+		p.lifetimeTimer.Stop()
+	}
+	a.permissionsLock.RUnlock()
+
+	a.channelBindingsLock.RLock()
+	for _, c := range a.channelBindings {
+		c.lifetimeTimer.Stop()
+	}
+	a.channelBindingsLock.RUnlock()
+
+	return a.RelaySocket.Close()
+}
+
+//  https://tools.ietf.org/html/rfc5766#section-10.3
+//  When the server receives a UDP datagram at a currently allocated
+//  relayed transport address, the server looks up the allocation
+//  associated with the relayed transport address.  The server then
+//  checks to see whether the set of permissions for the allocation allow
+//  the relaying of the UDP datagram as described in Section 8.
+//
+//  If relaying is permitted, then the server checks if there is a
+//  channel bound to the peer that sent the UDP datagram (see
+//  Section 11).  If a channel is bound, then processing proceeds as
+//  described in Section 11.7.
+//
+//  If relaying is permitted but no channel is bound to the peer, then
+//  the server forms and sends a Data indication.  The Data indication
+//  MUST contain both an XOR-PEER-ADDRESS and a DATA attribute.  The DATA
+//  attribute is set to the value of the 'data octets' field from the
+//  datagram, and the XOR-PEER-ADDRESS attribute is set to the source
+//  transport address of the received UDP datagram.  The Data indication
+//  is then sent on the 5-tuple associated with the allocation.
+
+const rtpMTU = 1500
+
+func (a *Allocation) packetHandler(m *Manager) {
+	buffer := make([]byte, rtpMTU)
+
+	for {
+		n, srcAddr, err := a.RelaySocket.ReadFrom(buffer)
+		if err != nil {
+			m.DeleteAllocation(a.fiveTuple)
+			return
+		}
+
+		a.log.Debugf("relay socket %s received %d bytes from %s",
+			a.RelaySocket.LocalAddr().String(),
+			n,
+			srcAddr.String())
+
+		if channel := a.GetChannelByAddr(srcAddr); channel != nil {
+			channelData := &proto.ChannelData{
+				Data:   buffer[:n],
+				Number: channel.Number,
+			}
+			channelData.Encode()
+
+			if _, err = a.TurnSocket.WriteTo(channelData.Raw, a.fiveTuple.SrcAddr); err != nil {
+				a.log.Errorf("Failed to send ChannelData from allocation %v %v", srcAddr, err)
+			}
+		} else if p := a.GetPermission(srcAddr); p != nil {
+			udpAddr := srcAddr.(*net.UDPAddr)
+			peerAddressAttr := proto.PeerAddress{IP: udpAddr.IP, Port: udpAddr.Port}
+			dataAttr := proto.Data(buffer[:n])
+
+			msg, err := stun.Build(stun.TransactionID, stun.NewType(stun.MethodData, stun.ClassIndication), peerAddressAttr, dataAttr)
+			if err != nil {
+				a.log.Errorf("Failed to send DataIndication from allocation %v %v", srcAddr, err)
+			}
+			a.log.Debugf("relaying message from %s to client at %s",
+				srcAddr.String(),
+				a.fiveTuple.SrcAddr.String())
+			if _, err = a.TurnSocket.WriteTo(msg.Raw, a.fiveTuple.SrcAddr); err != nil {
+				a.log.Errorf("Failed to send DataIndication from allocation %v %v", srcAddr, err)
+			}
+		} else {
+			a.log.Infof("No Permission or Channel exists for %v on allocation %v", srcAddr, a.RelayAddr.String())
+		}
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/allocation/allocation_manager.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/allocation/allocation_manager.go
new file mode 100644
index 000000000..9a1271a4e
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/allocation/allocation_manager.go
@@ -0,0 +1,186 @@
+package allocation
+
+import (
+	"fmt"
+	"net"
+	"sync"
+	"time"
+
+	"github.com/pion/logging"
+)
+
+// ManagerConfig a bag of config params for Manager.
+type ManagerConfig struct {
+	LeveledLogger      logging.LeveledLogger
+	AllocatePacketConn func(network string, requestedPort int) (net.PacketConn, net.Addr, error)
+	AllocateConn       func(network string, requestedPort int) (net.Conn, net.Addr, error)
+}
+
+type reservation struct {
+	token string
+	port  int
+}
+
+// Manager is used to hold active allocations
+type Manager struct {
+	lock sync.RWMutex
+	log  logging.LeveledLogger
+
+	allocations  map[string]*Allocation
+	reservations []*reservation
+
+	allocatePacketConn func(network string, requestedPort int) (net.PacketConn, net.Addr, error)
+	allocateConn       func(network string, requestedPort int) (net.Conn, net.Addr, error)
+}
+
+// NewManager creates a new instance of Manager.
+func NewManager(config ManagerConfig) (*Manager, error) {
+	switch {
+	case config.AllocatePacketConn == nil:
+		return nil, errAllocatePacketConnMustBeSet
+	case config.AllocateConn == nil:
+		return nil, errAllocateConnMustBeSet
+	case config.LeveledLogger == nil:
+		return nil, errLeveledLoggerMustBeSet
+	}
+
+	return &Manager{
+		log:                config.LeveledLogger,
+		allocations:        make(map[string]*Allocation, 64),
+		allocatePacketConn: config.AllocatePacketConn,
+		allocateConn:       config.AllocateConn,
+	}, nil
+}
+
+// GetAllocation fetches the allocation matching the passed FiveTuple
+func (m *Manager) GetAllocation(fiveTuple *FiveTuple) *Allocation {
+	m.lock.RLock()
+	defer m.lock.RUnlock()
+	return m.allocations[fiveTuple.Fingerprint()]
+}
+
+// Close closes the manager and closes all allocations it manages
+func (m *Manager) Close() error {
+	m.lock.Lock()
+	defer m.lock.Unlock()
+
+	for _, a := range m.allocations {
+		if err := a.Close(); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// CreateAllocation creates a new allocation and starts relaying
+func (m *Manager) CreateAllocation(fiveTuple *FiveTuple, turnSocket net.PacketConn, requestedPort int, lifetime time.Duration) (*Allocation, error) {
+	switch {
+	case fiveTuple == nil:
+		return nil, errNilFiveTuple
+	case fiveTuple.SrcAddr == nil:
+		return nil, errNilFiveTupleSrcAddr
+	case fiveTuple.DstAddr == nil:
+		return nil, errNilFiveTupleDstAddr
+	case turnSocket == nil:
+		return nil, errNilTurnSocket
+	case lifetime == 0:
+		return nil, errLifetimeZero
+	}
+
+	if a := m.GetAllocation(fiveTuple); a != nil {
+		return nil, fmt.Errorf("%w: %v", errDupeFiveTuple, fiveTuple)
+	}
+	a := NewAllocation(turnSocket, fiveTuple, m.log)
+
+	conn, relayAddr, err := m.allocatePacketConn("udp4", requestedPort)
+	if err != nil {
+		return nil, err
+	}
+
+	a.RelaySocket = conn
+	a.RelayAddr = relayAddr
+
+	m.log.Debugf("listening on relay addr: %s", a.RelayAddr.String())
+
+	a.lifetimeTimer = time.AfterFunc(lifetime, func() {
+		m.DeleteAllocation(a.fiveTuple)
+	})
+
+	m.lock.Lock()
+	m.allocations[fiveTuple.Fingerprint()] = a
+	m.lock.Unlock()
+
+	go a.packetHandler(m)
+	return a, nil
+}
+
+// DeleteAllocation removes an allocation
+func (m *Manager) DeleteAllocation(fiveTuple *FiveTuple) {
+	fingerprint := fiveTuple.Fingerprint()
+
+	m.lock.Lock()
+	allocation := m.allocations[fingerprint]
+	delete(m.allocations, fingerprint)
+	m.lock.Unlock()
+
+	if allocation == nil {
+		return
+	}
+
+	if err := allocation.Close(); err != nil {
+		m.log.Errorf("Failed to close allocation: %v", err)
+	}
+}
+
+// CreateReservation stores the reservation for the token+port
+func (m *Manager) CreateReservation(reservationToken string, port int) {
+	time.AfterFunc(30*time.Second, func() {
+		m.lock.Lock()
+		defer m.lock.Unlock()
+		for i := len(m.reservations) - 1; i >= 0; i-- {
+			if m.reservations[i].token == reservationToken {
+				m.reservations = append(m.reservations[:i], m.reservations[i+1:]...)
+				return
+			}
+		}
+	})
+
+	m.lock.Lock()
+	m.reservations = append(m.reservations, &reservation{
+		token: reservationToken,
+		port:  port,
+	})
+	m.lock.Unlock()
+}
+
+// GetReservation returns the port for a given reservation if it exists
+func (m *Manager) GetReservation(reservationToken string) (int, bool) {
+	m.lock.RLock()
+	defer m.lock.RUnlock()
+
+	for _, r := range m.reservations {
+		if r.token == reservationToken {
+			return r.port, true
+		}
+	}
+	return 0, false
+}
+
+// GetRandomEvenPort returns a random un-allocated udp4 port
+func (m *Manager) GetRandomEvenPort() (int, error) {
+	conn, addr, err := m.allocatePacketConn("udp4", 0)
+	if err != nil {
+		return 0, err
+	}
+
+	udpAddr, ok := addr.(*net.UDPAddr)
+	if !ok {
+		return 0, errFailedToCastUDPAddr
+	} else if err := conn.Close(); err != nil {
+		return 0, err
+	} else if udpAddr.Port%2 == 1 {
+		return m.GetRandomEvenPort()
+	}
+
+	return udpAddr.Port, nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/allocation/channel_bind.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/allocation/channel_bind.go
new file mode 100644
index 000000000..6216369d7
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/allocation/channel_bind.go
@@ -0,0 +1,43 @@
+package allocation
+
+import (
+	"net"
+	"time"
+
+	"github.com/pion/logging"
+	"github.com/pion/turn/v2/internal/proto"
+)
+
+// ChannelBind represents a TURN Channel
+// https://tools.ietf.org/html/rfc5766#section-2.5
+type ChannelBind struct {
+	Peer   net.Addr
+	Number proto.ChannelNumber
+
+	allocation    *Allocation
+	lifetimeTimer *time.Timer
+	log           logging.LeveledLogger
+}
+
+// NewChannelBind creates a new ChannelBind
+func NewChannelBind(number proto.ChannelNumber, peer net.Addr, log logging.LeveledLogger) *ChannelBind {
+	return &ChannelBind{
+		Number: number,
+		Peer:   peer,
+		log:    log,
+	}
+}
+
+func (c *ChannelBind) start(lifetime time.Duration) {
+	c.lifetimeTimer = time.AfterFunc(lifetime, func() {
+		if !c.allocation.RemoveChannelBind(c.Number) {
+			c.log.Errorf("Failed to remove ChannelBind for %v %x %v", c.Number, c.Peer, c.allocation.fiveTuple)
+		}
+	})
+}
+
+func (c *ChannelBind) refresh(lifetime time.Duration) {
+	if !c.lifetimeTimer.Reset(lifetime) {
+		c.log.Errorf("Failed to reset ChannelBind timer for %v %x %v", c.Number, c.Peer, c.allocation.fiveTuple)
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/allocation/errors.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/allocation/errors.go
new file mode 100644
index 000000000..fdd8335dc
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/allocation/errors.go
@@ -0,0 +1,17 @@
+package allocation
+
+import "errors"
+
+var (
+	errAllocatePacketConnMustBeSet = errors.New("AllocatePacketConn must be set")
+	errAllocateConnMustBeSet       = errors.New("AllocateConn must be set")
+	errLeveledLoggerMustBeSet      = errors.New("LeveledLogger must be set")
+	errSameChannelDifferentPeer    = errors.New("you cannot use the same channel number with different peer")
+	errNilFiveTuple                = errors.New("allocations must not be created with nil FivTuple")
+	errNilFiveTupleSrcAddr         = errors.New("allocations must not be created with nil FiveTuple.SrcAddr")
+	errNilFiveTupleDstAddr         = errors.New("allocations must not be created with nil FiveTuple.DstAddr")
+	errNilTurnSocket               = errors.New("allocations must not be created with nil turnSocket")
+	errLifetimeZero                = errors.New("allocations must not be created with a lifetime of 0")
+	errDupeFiveTuple               = errors.New("allocation attempt created with duplicate FiveTuple")
+	errFailedToCastUDPAddr         = errors.New("failed to cast net.Addr to *net.UDPAddr")
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/allocation/five_tuple.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/allocation/five_tuple.go
new file mode 100644
index 000000000..1f2b3b5b6
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/allocation/five_tuple.go
@@ -0,0 +1,36 @@
+package allocation
+
+import (
+	"fmt"
+	"net"
+)
+
+// Protocol is an enum for relay protocol
+type Protocol uint8
+
+// Network protocols for relay
+const (
+	UDP Protocol = iota
+	TCP
+)
+
+// FiveTuple is the combination (client IP address and port, server IP
+// address and port, and transport protocol (currently one of UDP,
+// TCP, or TLS)) used to communicate between the client and the
+// server.  The 5-tuple uniquely identifies this communication
+// stream.  The 5-tuple also uniquely identifies the Allocation on
+// the server.
+type FiveTuple struct {
+	Protocol
+	SrcAddr, DstAddr net.Addr
+}
+
+// Equal asserts if two FiveTuples are equal
+func (f *FiveTuple) Equal(b *FiveTuple) bool {
+	return f.Fingerprint() == b.Fingerprint()
+}
+
+// Fingerprint is the identity of a FiveTuple
+func (f *FiveTuple) Fingerprint() string {
+	return fmt.Sprintf("%d_%s_%s", f.Protocol, f.SrcAddr.String(), f.DstAddr.String())
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/allocation/permission.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/allocation/permission.go
new file mode 100644
index 000000000..03538eb5b
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/allocation/permission.go
@@ -0,0 +1,40 @@
+package allocation
+
+import (
+	"net"
+	"time"
+
+	"github.com/pion/logging"
+)
+
+const permissionTimeout = time.Duration(5) * time.Minute
+
+// Permission represents a TURN permission. TURN permissions mimic the address-restricted
+// filtering mechanism of NATs that comply with [RFC4787].
+// https://tools.ietf.org/html/rfc5766#section-2.3
+type Permission struct {
+	Addr          net.Addr
+	allocation    *Allocation
+	lifetimeTimer *time.Timer
+	log           logging.LeveledLogger
+}
+
+// NewPermission create a new Permission
+func NewPermission(addr net.Addr, log logging.LeveledLogger) *Permission {
+	return &Permission{
+		Addr: addr,
+		log:  log,
+	}
+}
+
+func (p *Permission) start(lifetime time.Duration) {
+	p.lifetimeTimer = time.AfterFunc(lifetime, func() {
+		p.allocation.RemovePermission(p.Addr)
+	})
+}
+
+func (p *Permission) refresh(lifetime time.Duration) {
+	if !p.lifetimeTimer.Reset(lifetime) {
+		p.log.Errorf("Failed to reset permission timer for %v %v", p.Addr, p.allocation.fiveTuple)
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/client/binding.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/client/binding.go
new file mode 100644
index 000000000..ee52053cb
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/client/binding.go
@@ -0,0 +1,151 @@
+package client
+
+import (
+	"net"
+	"sync"
+	"sync/atomic"
+	"time"
+)
+
+//  Chanel number:
+//    0x4000 through 0x7FFF: These values are the allowed channel
+//    numbers (16,383 possible values).
+const (
+	minChannelNumber uint16 = 0x4000
+	maxChannelNumber uint16 = 0x7fff
+)
+
+type bindingState int32
+
+const (
+	bindingStateIdle bindingState = iota
+	bindingStateRequest
+	bindingStateReady
+	bindingStateRefresh
+	bindingStateFailed
+)
+
+type binding struct {
+	number       uint16          // read-only
+	st           bindingState    // thread-safe (atomic op)
+	addr         net.Addr        // read-only
+	mgr          *bindingManager // read-only
+	muBind       sync.Mutex      // thread-safe, for ChannelBind ops
+	_refreshedAt time.Time       // protected by mutex
+	mutex        sync.RWMutex    // thread-safe
+}
+
+func (b *binding) setState(state bindingState) {
+	atomic.StoreInt32((*int32)(&b.st), int32(state))
+}
+
+func (b *binding) state() bindingState {
+	return bindingState(atomic.LoadInt32((*int32)(&b.st)))
+}
+
+func (b *binding) setRefreshedAt(at time.Time) {
+	b.mutex.Lock()
+	defer b.mutex.Unlock()
+
+	b._refreshedAt = at
+}
+
+func (b *binding) refreshedAt() time.Time {
+	b.mutex.RLock()
+	defer b.mutex.RUnlock()
+
+	return b._refreshedAt
+}
+
+// Thread-safe binding map
+type bindingManager struct {
+	chanMap map[uint16]*binding
+	addrMap map[string]*binding
+	next    uint16
+	mutex   sync.RWMutex
+}
+
+func newBindingManager() *bindingManager {
+	return &bindingManager{
+		chanMap: map[uint16]*binding{},
+		addrMap: map[string]*binding{},
+		next:    minChannelNumber,
+	}
+}
+
+func (mgr *bindingManager) assignChannelNumber() uint16 {
+	n := mgr.next
+	if mgr.next == maxChannelNumber {
+		mgr.next = minChannelNumber
+	} else {
+		mgr.next++
+	}
+	return n
+}
+
+func (mgr *bindingManager) create(addr net.Addr) *binding {
+	mgr.mutex.Lock()
+	defer mgr.mutex.Unlock()
+
+	b := &binding{
+		number:       mgr.assignChannelNumber(),
+		addr:         addr,
+		mgr:          mgr,
+		_refreshedAt: time.Now(),
+	}
+
+	mgr.chanMap[b.number] = b
+	mgr.addrMap[b.addr.String()] = b
+	return b
+}
+
+func (mgr *bindingManager) findByAddr(addr net.Addr) (*binding, bool) {
+	mgr.mutex.RLock()
+	defer mgr.mutex.RUnlock()
+
+	b, ok := mgr.addrMap[addr.String()]
+	return b, ok
+}
+
+func (mgr *bindingManager) findByNumber(number uint16) (*binding, bool) {
+	mgr.mutex.RLock()
+	defer mgr.mutex.RUnlock()
+
+	b, ok := mgr.chanMap[number]
+	return b, ok
+}
+
+func (mgr *bindingManager) deleteByAddr(addr net.Addr) bool {
+	mgr.mutex.Lock()
+	defer mgr.mutex.Unlock()
+
+	b, ok := mgr.addrMap[addr.String()]
+	if !ok {
+		return false
+	}
+
+	delete(mgr.addrMap, addr.String())
+	delete(mgr.chanMap, b.number)
+	return true
+}
+
+func (mgr *bindingManager) deleteByNumber(number uint16) bool {
+	mgr.mutex.Lock()
+	defer mgr.mutex.Unlock()
+
+	b, ok := mgr.chanMap[number]
+	if !ok {
+		return false
+	}
+
+	delete(mgr.addrMap, b.addr.String())
+	delete(mgr.chanMap, number)
+	return true
+}
+
+func (mgr *bindingManager) size() int {
+	mgr.mutex.RLock()
+	defer mgr.mutex.RUnlock()
+
+	return len(mgr.chanMap)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/client/conn.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/client/conn.go
new file mode 100644
index 000000000..8a2b1ae75
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/client/conn.go
@@ -0,0 +1,613 @@
+// Package client implements the API for a TURN client
+package client
+
+import (
+	"errors"
+	"fmt"
+	"io"
+	"math"
+	"net"
+	"sync"
+	"time"
+
+	"github.com/pion/logging"
+	"github.com/pion/stun"
+	"github.com/pion/turn/v2/internal/proto"
+)
+
+const (
+	maxReadQueueSize    = 1024
+	permRefreshInterval = 120 * time.Second
+	maxRetryAttempts    = 3
+)
+
+const (
+	timerIDRefreshAlloc int = iota
+	timerIDRefreshPerms
+)
+
+func noDeadline() time.Time {
+	return time.Time{}
+}
+
+type inboundData struct {
+	data []byte
+	from net.Addr
+}
+
+// UDPConnObserver is an interface to UDPConn observer
+type UDPConnObserver interface {
+	TURNServerAddr() net.Addr
+	Username() stun.Username
+	Realm() stun.Realm
+	WriteTo(data []byte, to net.Addr) (int, error)
+	PerformTransaction(msg *stun.Message, to net.Addr, dontWait bool) (TransactionResult, error)
+	OnDeallocated(relayedAddr net.Addr)
+}
+
+// UDPConnConfig is a set of configuration params use by NewUDPConn
+type UDPConnConfig struct {
+	Observer    UDPConnObserver
+	RelayedAddr net.Addr
+	Integrity   stun.MessageIntegrity
+	Nonce       stun.Nonce
+	Lifetime    time.Duration
+	Log         logging.LeveledLogger
+}
+
+// UDPConn is the implementation of the Conn and PacketConn interfaces for UDP network connections.
+// comatible with net.PacketConn and net.Conn
+type UDPConn struct {
+	obs               UDPConnObserver       // read-only
+	relayedAddr       net.Addr              // read-only
+	permMap           *permissionMap        // thread-safe
+	bindingMgr        *bindingManager       // thread-safe
+	integrity         stun.MessageIntegrity // read-only
+	_nonce            stun.Nonce            // needs mutex x
+	_lifetime         time.Duration         // needs mutex x
+	readCh            chan *inboundData     // thread-safe
+	closeCh           chan struct{}         // thread-safe
+	readTimer         *time.Timer           // thread-safe
+	refreshAllocTimer *PeriodicTimer        // thread-safe
+	refreshPermsTimer *PeriodicTimer        // thread-safe
+	mutex             sync.RWMutex          // thread-safe
+	log               logging.LeveledLogger // read-only
+}
+
+// NewUDPConn creates a new instance of UDPConn
+func NewUDPConn(config *UDPConnConfig) *UDPConn {
+	c := &UDPConn{
+		obs:         config.Observer,
+		relayedAddr: config.RelayedAddr,
+		permMap:     newPermissionMap(),
+		bindingMgr:  newBindingManager(),
+		integrity:   config.Integrity,
+		_nonce:      config.Nonce,
+		_lifetime:   config.Lifetime,
+		readCh:      make(chan *inboundData, maxReadQueueSize),
+		closeCh:     make(chan struct{}),
+		readTimer:   time.NewTimer(time.Duration(math.MaxInt64)),
+		log:         config.Log,
+	}
+
+	c.log.Debugf("initial lifetime: %d seconds", int(c.lifetime().Seconds()))
+
+	c.refreshAllocTimer = NewPeriodicTimer(
+		timerIDRefreshAlloc,
+		c.onRefreshTimers,
+		c.lifetime()/2,
+	)
+
+	c.refreshPermsTimer = NewPeriodicTimer(
+		timerIDRefreshPerms,
+		c.onRefreshTimers,
+		permRefreshInterval,
+	)
+
+	if c.refreshAllocTimer.Start() {
+		c.log.Debugf("refreshAllocTimer started")
+	}
+	if c.refreshPermsTimer.Start() {
+		c.log.Debugf("refreshPermsTimer started")
+	}
+
+	return c
+}
+
+// ReadFrom reads a packet from the connection,
+// copying the payload into p. It returns the number of
+// bytes copied into p and the return address that
+// was on the packet.
+// It returns the number of bytes read (0 <= n <= len(p))
+// and any error encountered. Callers should always process
+// the n > 0 bytes returned before considering the error err.
+// ReadFrom can be made to time out and return
+// an Error with Timeout() == true after a fixed time limit;
+// see SetDeadline and SetReadDeadline.
+func (c *UDPConn) ReadFrom(p []byte) (n int, addr net.Addr, err error) {
+	for {
+		select {
+		case ibData := <-c.readCh:
+			n := copy(p, ibData.data)
+			if n < len(ibData.data) {
+				return 0, nil, io.ErrShortBuffer
+			}
+			return n, ibData.from, nil
+
+		case <-c.readTimer.C:
+			return 0, nil, &net.OpError{
+				Op:   "read",
+				Net:  c.LocalAddr().Network(),
+				Addr: c.LocalAddr(),
+				Err:  newTimeoutError("i/o timeout"),
+			}
+
+		case <-c.closeCh:
+			return 0, nil, &net.OpError{
+				Op:   "read",
+				Net:  c.LocalAddr().Network(),
+				Addr: c.LocalAddr(),
+				Err:  errClosed,
+			}
+		}
+	}
+}
+
+// WriteTo writes a packet with payload p to addr.
+// WriteTo can be made to time out and return
+// an Error with Timeout() == true after a fixed time limit;
+// see SetDeadline and SetWriteDeadline.
+// On packet-oriented connections, write timeouts are rare.
+func (c *UDPConn) WriteTo(p []byte, addr net.Addr) (int, error) { //nolint: gocognit
+	var err error
+	_, ok := addr.(*net.UDPAddr)
+	if !ok {
+		return 0, errUDPAddrCast
+	}
+
+	// check if we have a permission for the destination IP addr
+	perm, ok := c.permMap.find(addr)
+	if !ok {
+		perm = &permission{}
+		c.permMap.insert(addr, perm)
+	}
+
+	// This func-block would block, per destination IP (, or perm), until
+	// the perm state becomes "requested". Purpose of this is to guarantee
+	// the order of packets (within the same perm).
+	// Note that CreatePermission transaction may not be complete before
+	// all the data transmission. This is done assuming that the request
+	// will be mostly likely successful and we can tolerate some loss of
+	// UDP packet (or reorder), inorder to minimize the latency in most cases.
+	createPermission := func() error {
+		perm.mutex.Lock()
+		defer perm.mutex.Unlock()
+
+		if perm.state() == permStateIdle {
+			// punch a hole! (this would block a bit..)
+			if err = c.createPermissions(addr); err != nil {
+				c.permMap.delete(addr)
+				return err
+			}
+			perm.setState(permStatePermitted)
+		}
+		return nil
+	}
+
+	for i := 0; i < maxRetryAttempts; i++ {
+		if err = createPermission(); !errors.Is(err, errTryAgain) {
+			break
+		}
+	}
+	if err != nil {
+		return 0, err
+	}
+
+	// bind channel
+	b, ok := c.bindingMgr.findByAddr(addr)
+	if !ok {
+		b = c.bindingMgr.create(addr)
+	}
+
+	bindSt := b.state()
+
+	if bindSt == bindingStateIdle || bindSt == bindingStateRequest || bindSt == bindingStateFailed {
+		func() {
+			// block only callers with the same binding until
+			// the binding transaction has been complete
+			b.muBind.Lock()
+			defer b.muBind.Unlock()
+
+			// binding state may have been changed while waiting. check again.
+			if b.state() == bindingStateIdle {
+				b.setState(bindingStateRequest)
+				go func() {
+					err2 := c.bind(b)
+					if err2 != nil {
+						c.log.Warnf("bind() failed: %s", err2.Error())
+						b.setState(bindingStateFailed)
+						// keep going...
+					} else {
+						b.setState(bindingStateReady)
+					}
+				}()
+			}
+		}()
+
+		// send data using SendIndication
+		peerAddr := addr2PeerAddress(addr)
+		var msg *stun.Message
+		msg, err = stun.Build(
+			stun.TransactionID,
+			stun.NewType(stun.MethodSend, stun.ClassIndication),
+			proto.Data(p),
+			peerAddr,
+			stun.Fingerprint,
+		)
+		if err != nil {
+			return 0, err
+		}
+
+		// indication has no transaction (fire-and-forget)
+
+		return c.obs.WriteTo(msg.Raw, c.obs.TURNServerAddr())
+	}
+
+	// binding is either ready
+
+	// check if the binding needs a refresh
+	func() {
+		b.muBind.Lock()
+		defer b.muBind.Unlock()
+
+		if b.state() == bindingStateReady && time.Since(b.refreshedAt()) > 5*time.Minute {
+			b.setState(bindingStateRefresh)
+			go func() {
+				err = c.bind(b)
+				if err != nil {
+					c.log.Warnf("bind() for refresh failed: %s", err.Error())
+					b.setState(bindingStateFailed)
+					// keep going...
+				} else {
+					b.setRefreshedAt(time.Now())
+					b.setState(bindingStateReady)
+				}
+			}()
+		}
+	}()
+
+	// send via ChannelData
+	return c.sendChannelData(p, b.number)
+}
+
+// Close closes the connection.
+// Any blocked ReadFrom or WriteTo operations will be unblocked and return errors.
+func (c *UDPConn) Close() error {
+	c.refreshAllocTimer.Stop()
+	c.refreshPermsTimer.Stop()
+
+	select {
+	case <-c.closeCh:
+		return errAlreadyClosed
+	default:
+		close(c.closeCh)
+	}
+
+	c.obs.OnDeallocated(c.relayedAddr)
+	return c.refreshAllocation(0, true /* dontWait=true */)
+}
+
+// LocalAddr returns the local network address.
+func (c *UDPConn) LocalAddr() net.Addr {
+	return c.relayedAddr
+}
+
+// SetDeadline sets the read and write deadlines associated
+// with the connection. It is equivalent to calling both
+// SetReadDeadline and SetWriteDeadline.
+//
+// A deadline is an absolute time after which I/O operations
+// fail with a timeout (see type Error) instead of
+// blocking. The deadline applies to all future and pending
+// I/O, not just the immediately following call to ReadFrom or
+// WriteTo. After a deadline has been exceeded, the connection
+// can be refreshed by setting a deadline in the future.
+//
+// An idle timeout can be implemented by repeatedly extending
+// the deadline after successful ReadFrom or WriteTo calls.
+//
+// A zero value for t means I/O operations will not time out.
+func (c *UDPConn) SetDeadline(t time.Time) error {
+	return c.SetReadDeadline(t)
+}
+
+// SetReadDeadline sets the deadline for future ReadFrom calls
+// and any currently-blocked ReadFrom call.
+// A zero value for t means ReadFrom will not time out.
+func (c *UDPConn) SetReadDeadline(t time.Time) error {
+	var d time.Duration
+	if t == noDeadline() {
+		d = time.Duration(math.MaxInt64)
+	} else {
+		d = time.Until(t)
+	}
+	c.readTimer.Reset(d)
+	return nil
+}
+
+// SetWriteDeadline sets the deadline for future WriteTo calls
+// and any currently-blocked WriteTo call.
+// Even if write times out, it may return n > 0, indicating that
+// some of the data was successfully written.
+// A zero value for t means WriteTo will not time out.
+func (c *UDPConn) SetWriteDeadline(t time.Time) error {
+	// Write never blocks.
+	return nil
+}
+
+func addr2PeerAddress(addr net.Addr) proto.PeerAddress {
+	var peerAddr proto.PeerAddress
+	switch a := addr.(type) {
+	case *net.UDPAddr:
+		peerAddr.IP = a.IP
+		peerAddr.Port = a.Port
+	case *net.TCPAddr:
+		peerAddr.IP = a.IP
+		peerAddr.Port = a.Port
+	}
+
+	return peerAddr
+}
+
+func (c *UDPConn) createPermissions(addrs ...net.Addr) error {
+	setters := []stun.Setter{
+		stun.TransactionID,
+		stun.NewType(stun.MethodCreatePermission, stun.ClassRequest),
+	}
+
+	for _, addr := range addrs {
+		setters = append(setters, addr2PeerAddress(addr))
+	}
+
+	setters = append(setters,
+		c.obs.Username(),
+		c.obs.Realm(),
+		c.nonce(),
+		c.integrity,
+		stun.Fingerprint)
+
+	msg, err := stun.Build(setters...)
+	if err != nil {
+		return err
+	}
+
+	trRes, err := c.obs.PerformTransaction(msg, c.obs.TURNServerAddr(), false)
+	if err != nil {
+		return err
+	}
+
+	res := trRes.Msg
+
+	if res.Type.Class == stun.ClassErrorResponse {
+		var code stun.ErrorCodeAttribute
+		if err = code.GetFrom(res); err == nil {
+			if code.Code == stun.CodeStaleNonce {
+				c.setNonceFromMsg(res)
+				return errTryAgain
+			}
+			return fmt.Errorf("%s (error %s)", res.Type, code) //nolint:goerr113
+		}
+
+		return fmt.Errorf("%s", res.Type) //nolint:goerr113
+	}
+
+	return nil
+}
+
+// HandleInbound passes inbound data in UDPConn
+func (c *UDPConn) HandleInbound(data []byte, from net.Addr) {
+	// copy data
+	copied := make([]byte, len(data))
+	copy(copied, data)
+
+	select {
+	case c.readCh <- &inboundData{data: copied, from: from}:
+	default:
+		c.log.Warnf("receive buffer full")
+	}
+}
+
+// FindAddrByChannelNumber returns a peer address associated with the
+// channel number on this UDPConn
+func (c *UDPConn) FindAddrByChannelNumber(chNum uint16) (net.Addr, bool) {
+	b, ok := c.bindingMgr.findByNumber(chNum)
+	if !ok {
+		return nil, false
+	}
+	return b.addr, true
+}
+
+func (c *UDPConn) setNonceFromMsg(msg *stun.Message) {
+	// Update nonce
+	var nonce stun.Nonce
+	if err := nonce.GetFrom(msg); err == nil {
+		c.setNonce(nonce)
+		c.log.Debug("refresh allocation: 438, got new nonce.")
+	} else {
+		c.log.Warn("refresh allocation: 438 but no nonce.")
+	}
+}
+
+func (c *UDPConn) refreshAllocation(lifetime time.Duration, dontWait bool) error {
+	msg, err := stun.Build(
+		stun.TransactionID,
+		stun.NewType(stun.MethodRefresh, stun.ClassRequest),
+		proto.Lifetime{Duration: lifetime},
+		c.obs.Username(),
+		c.obs.Realm(),
+		c.nonce(),
+		c.integrity,
+		stun.Fingerprint,
+	)
+	if err != nil {
+		return fmt.Errorf("%w: %s", errFailedToBuildRefreshRequest, err.Error())
+	}
+
+	c.log.Debugf("send refresh request (dontWait=%v)", dontWait)
+	trRes, err := c.obs.PerformTransaction(msg, c.obs.TURNServerAddr(), dontWait)
+	if err != nil {
+		return fmt.Errorf("%w: %s", errFailedToRefreshAllocation, err.Error())
+	}
+
+	if dontWait {
+		c.log.Debug("refresh request sent")
+		return nil
+	}
+
+	c.log.Debug("refresh request sent, and waiting response")
+
+	res := trRes.Msg
+	if res.Type.Class == stun.ClassErrorResponse {
+		var code stun.ErrorCodeAttribute
+		if err = code.GetFrom(res); err == nil {
+			if code.Code == stun.CodeStaleNonce {
+				c.setNonceFromMsg(res)
+				return errTryAgain
+			}
+			return err
+		}
+		return fmt.Errorf("%s", res.Type) //nolint:goerr113
+	}
+
+	// Getting lifetime from response
+	var updatedLifetime proto.Lifetime
+	if err := updatedLifetime.GetFrom(res); err != nil {
+		return fmt.Errorf("%w: %s", errFailedToGetLifetime, err.Error())
+	}
+
+	c.setLifetime(updatedLifetime.Duration)
+	c.log.Debugf("updated lifetime: %d seconds", int(c.lifetime().Seconds()))
+	return nil
+}
+
+func (c *UDPConn) refreshPermissions() error {
+	addrs := c.permMap.addrs()
+	if len(addrs) == 0 {
+		c.log.Debug("no permission to refresh")
+		return nil
+	}
+	if err := c.createPermissions(addrs...); err != nil {
+		if errors.Is(err, errTryAgain) {
+			return errTryAgain
+		}
+		c.log.Errorf("fail to refresh permissions: %s", err.Error())
+		return err
+	}
+	c.log.Debug("refresh permissions successful")
+	return nil
+}
+
+func (c *UDPConn) bind(b *binding) error {
+	setters := []stun.Setter{
+		stun.TransactionID,
+		stun.NewType(stun.MethodChannelBind, stun.ClassRequest),
+		addr2PeerAddress(b.addr),
+		proto.ChannelNumber(b.number),
+		c.obs.Username(),
+		c.obs.Realm(),
+		c.nonce(),
+		c.integrity,
+		stun.Fingerprint,
+	}
+
+	msg, err := stun.Build(setters...)
+	if err != nil {
+		return err
+	}
+
+	trRes, err := c.obs.PerformTransaction(msg, c.obs.TURNServerAddr(), false)
+	if err != nil {
+		c.bindingMgr.deleteByAddr(b.addr)
+		return err
+	}
+
+	res := trRes.Msg
+
+	if res.Type != stun.NewType(stun.MethodChannelBind, stun.ClassSuccessResponse) {
+		return fmt.Errorf("unexpected response type %s", res.Type) //nolint:goerr113
+	}
+
+	c.log.Debugf("channel binding successful: %s %d", b.addr.String(), b.number)
+
+	// Success.
+	return nil
+}
+
+func (c *UDPConn) sendChannelData(data []byte, chNum uint16) (int, error) {
+	chData := &proto.ChannelData{
+		Data:   data,
+		Number: proto.ChannelNumber(chNum),
+	}
+	chData.Encode()
+	return c.obs.WriteTo(chData.Raw, c.obs.TURNServerAddr())
+}
+
+func (c *UDPConn) onRefreshTimers(id int) {
+	c.log.Debugf("refresh timer %d expired", id)
+	switch id {
+	case timerIDRefreshAlloc:
+		var err error
+		lifetime := c.lifetime()
+		// limit the max retries on errTryAgain to 3
+		// when stale nonce returns, sencond retry should succeed
+		for i := 0; i < maxRetryAttempts; i++ {
+			err = c.refreshAllocation(lifetime, false)
+			if !errors.Is(err, errTryAgain) {
+				break
+			}
+		}
+		if err != nil {
+			c.log.Warnf("refresh allocation failed")
+		}
+	case timerIDRefreshPerms:
+		var err error
+		for i := 0; i < maxRetryAttempts; i++ {
+			err = c.refreshPermissions()
+			if !errors.Is(err, errTryAgain) {
+				break
+			}
+		}
+		if err != nil {
+			c.log.Warnf("refresh permissions failed")
+		}
+	}
+}
+
+func (c *UDPConn) nonce() stun.Nonce {
+	c.mutex.RLock()
+	defer c.mutex.RUnlock()
+
+	return c._nonce
+}
+
+func (c *UDPConn) setNonce(nonce stun.Nonce) {
+	c.mutex.Lock()
+	defer c.mutex.Unlock()
+
+	c.log.Debugf("set new nonce with %d bytes", len(nonce))
+	c._nonce = nonce
+}
+
+func (c *UDPConn) lifetime() time.Duration {
+	c.mutex.RLock()
+	defer c.mutex.RUnlock()
+
+	return c._lifetime
+}
+
+func (c *UDPConn) setLifetime(lifetime time.Duration) {
+	c.mutex.Lock()
+	defer c.mutex.Unlock()
+
+	c._lifetime = lifetime
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/client/errors.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/client/errors.go
new file mode 100644
index 000000000..2d4bd30c4
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/client/errors.go
@@ -0,0 +1,37 @@
+package client
+
+import (
+	"errors"
+)
+
+var (
+	errFakeErr                             = errors.New("fake error")
+	errTryAgain                            = errors.New("try again")
+	errClosed                              = errors.New("use of closed network connection")
+	errUDPAddrCast                         = errors.New("addr is not a net.UDPAddr")
+	errAlreadyClosed                       = errors.New("already closed")
+	errDoubleLock                          = errors.New("try-lock is already locked")
+	errTransactionClosed                   = errors.New("transaction closed")
+	errWaitForResultOnNonResultTransaction = errors.New("WaitForResult called on non-result transaction")
+	errFailedToBuildRefreshRequest         = errors.New("failed to build refresh request")
+	errFailedToRefreshAllocation           = errors.New("failed to refresh allocation")
+	errFailedToGetLifetime                 = errors.New("failed to get lifetime from refresh response")
+)
+
+type timeoutError struct {
+	msg string
+}
+
+func newTimeoutError(msg string) error {
+	return &timeoutError{
+		msg: msg,
+	}
+}
+
+func (e *timeoutError) Error() string {
+	return e.msg
+}
+
+func (e *timeoutError) Timeout() bool {
+	return true
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/client/periodic_timer.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/client/periodic_timer.go
new file mode 100644
index 000000000..fcd567870
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/client/periodic_timer.go
@@ -0,0 +1,82 @@
+package client
+
+import (
+	"sync"
+	"time"
+)
+
+// PeriodicTimerTimeoutHandler is a handler called on timeout
+type PeriodicTimerTimeoutHandler func(timerID int)
+
+// PeriodicTimer is a periodic timer
+type PeriodicTimer struct {
+	id             int
+	interval       time.Duration
+	timeoutHandler PeriodicTimerTimeoutHandler
+	stopFunc       func()
+	mutex          sync.RWMutex
+}
+
+// NewPeriodicTimer create a new timer
+func NewPeriodicTimer(id int, timeoutHandler PeriodicTimerTimeoutHandler, interval time.Duration) *PeriodicTimer {
+	return &PeriodicTimer{
+		id:             id,
+		interval:       interval,
+		timeoutHandler: timeoutHandler,
+	}
+}
+
+// Start starts the timer.
+func (t *PeriodicTimer) Start() bool {
+	t.mutex.Lock()
+	defer t.mutex.Unlock()
+
+	// this is a noop if the timer is always running
+	if t.stopFunc != nil {
+		return false
+	}
+
+	cancelCh := make(chan struct{})
+
+	go func() {
+		canceling := false
+
+		for !canceling {
+			timer := time.NewTimer(t.interval)
+
+			select {
+			case <-timer.C:
+				t.timeoutHandler(t.id)
+			case <-cancelCh:
+				canceling = true
+				timer.Stop()
+			}
+		}
+	}()
+
+	t.stopFunc = func() {
+		close(cancelCh)
+	}
+
+	return true
+}
+
+// Stop stops the timer.
+func (t *PeriodicTimer) Stop() {
+	t.mutex.Lock()
+	defer t.mutex.Unlock()
+
+	if t.stopFunc != nil {
+		t.stopFunc()
+		t.stopFunc = nil
+	}
+}
+
+// IsRunning tests if the timer is running.
+// Debug purpose only
+func (t *PeriodicTimer) IsRunning() bool {
+	t.mutex.RLock()
+	defer t.mutex.RUnlock()
+
+	return (t.stopFunc != nil)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/client/permission.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/client/permission.go
new file mode 100644
index 000000000..5546a22e2
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/client/permission.go
@@ -0,0 +1,90 @@
+package client
+
+import (
+	"net"
+	"sync"
+	"sync/atomic"
+)
+
+type permState int32
+
+const (
+	permStateIdle permState = iota
+	permStatePermitted
+)
+
+type permission struct {
+	st    permState    // thread-safe (atomic op)
+	mutex sync.RWMutex // thread-safe
+}
+
+func (p *permission) setState(state permState) {
+	atomic.StoreInt32((*int32)(&p.st), int32(state))
+}
+
+func (p *permission) state() permState {
+	return permState(atomic.LoadInt32((*int32)(&p.st)))
+}
+
+// Thread-safe permission map
+type permissionMap struct {
+	permMap map[string]*permission
+	mutex   sync.RWMutex
+}
+
+func (m *permissionMap) insert(addr net.Addr, p *permission) bool {
+	m.mutex.Lock()
+	defer m.mutex.Unlock()
+
+	udpAddr, ok := addr.(*net.UDPAddr)
+	if !ok {
+		return false
+	}
+
+	m.permMap[udpAddr.IP.String()] = p
+	return true
+}
+
+func (m *permissionMap) find(addr net.Addr) (*permission, bool) {
+	m.mutex.RLock()
+	defer m.mutex.RUnlock()
+
+	udpAddr, ok := addr.(*net.UDPAddr)
+	if !ok {
+		return nil, false
+	}
+
+	p, ok := m.permMap[udpAddr.IP.String()]
+	return p, ok
+}
+
+func (m *permissionMap) delete(addr net.Addr) {
+	m.mutex.Lock()
+	defer m.mutex.Unlock()
+
+	udpAddr, ok := addr.(*net.UDPAddr)
+	if !ok {
+		return
+	}
+
+	delete(m.permMap, udpAddr.IP.String())
+}
+
+func (m *permissionMap) addrs() []net.Addr {
+	m.mutex.RLock()
+	defer m.mutex.RUnlock()
+
+	addrs := []net.Addr{}
+	for k := range m.permMap {
+		addrs = append(addrs, &net.UDPAddr{
+			IP: net.ParseIP(k),
+		})
+	}
+	return addrs
+}
+
+func newPermissionMap() *permissionMap {
+	return &permissionMap{
+		permMap: map[string]*permission{},
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/client/transaction.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/client/transaction.go
new file mode 100644
index 000000000..610a4d4d2
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/client/transaction.go
@@ -0,0 +1,185 @@
+package client
+
+import (
+	"net"
+	"sync"
+	"time"
+
+	"github.com/pion/stun"
+)
+
+const (
+	maxRtxInterval time.Duration = 1600 * time.Millisecond
+)
+
+// TransactionResult is a bag of result values of a transaction
+type TransactionResult struct {
+	Msg     *stun.Message
+	From    net.Addr
+	Retries int
+	Err     error
+}
+
+// TransactionConfig is a set of config params used by NewTransaction
+type TransactionConfig struct {
+	Key          string
+	Raw          []byte
+	To           net.Addr
+	Interval     time.Duration
+	IgnoreResult bool // true to throw away the result of this transaction (it will not be readable using WaitForResult)
+}
+
+// Transaction represents a transaction
+type Transaction struct {
+	Key      string                 // read-only
+	Raw      []byte                 // read-only
+	To       net.Addr               // read-only
+	nRtx     int                    // modified only by the timer thread
+	interval time.Duration          // modified only by the timer thread
+	timer    *time.Timer            // thread-safe, set only by the creator, and stopper
+	resultCh chan TransactionResult // thread-safe
+	mutex    sync.RWMutex
+}
+
+// NewTransaction creates a new instance of Transaction
+func NewTransaction(config *TransactionConfig) *Transaction {
+	var resultCh chan TransactionResult
+	if !config.IgnoreResult {
+		resultCh = make(chan TransactionResult)
+	}
+
+	return &Transaction{
+		Key:      config.Key,      // read-only
+		Raw:      config.Raw,      // read-only
+		To:       config.To,       // read-only
+		interval: config.Interval, // modified only by the timer thread
+		resultCh: resultCh,        // thread-safe
+	}
+}
+
+// StartRtxTimer starts the transaction timer
+func (t *Transaction) StartRtxTimer(onTimeout func(trKey string, nRtx int)) {
+	t.mutex.Lock()
+	defer t.mutex.Unlock()
+
+	t.timer = time.AfterFunc(t.interval, func() {
+		t.mutex.Lock()
+		t.nRtx++
+		nRtx := t.nRtx
+		t.interval *= 2
+		if t.interval > maxRtxInterval {
+			t.interval = maxRtxInterval
+		}
+		t.mutex.Unlock()
+		onTimeout(t.Key, nRtx)
+	})
+}
+
+// StopRtxTimer stop the transaction timer
+func (t *Transaction) StopRtxTimer() {
+	t.mutex.Lock()
+	defer t.mutex.Unlock()
+
+	if t.timer != nil {
+		t.timer.Stop()
+	}
+}
+
+// WriteResult writes the result to the result channel
+func (t *Transaction) WriteResult(res TransactionResult) bool {
+	if t.resultCh == nil {
+		return false
+	}
+
+	t.resultCh <- res
+
+	return true
+}
+
+// WaitForResult waits for the transaction result
+func (t *Transaction) WaitForResult() TransactionResult {
+	if t.resultCh == nil {
+		return TransactionResult{
+			Err: errWaitForResultOnNonResultTransaction,
+		}
+	}
+
+	result, ok := <-t.resultCh
+	if !ok {
+		result.Err = errTransactionClosed
+	}
+	return result
+}
+
+// Close closes the transaction
+func (t *Transaction) Close() {
+	if t.resultCh != nil {
+		close(t.resultCh)
+	}
+}
+
+// Retries returns the number of retransmission it has made
+func (t *Transaction) Retries() int {
+	t.mutex.RLock()
+	defer t.mutex.RUnlock()
+
+	return t.nRtx
+}
+
+// TransactionMap is a thread-safe transaction map
+type TransactionMap struct {
+	trMap map[string]*Transaction
+	mutex sync.RWMutex
+}
+
+// NewTransactionMap create a new instance of the transaction map
+func NewTransactionMap() *TransactionMap {
+	return &TransactionMap{
+		trMap: map[string]*Transaction{},
+	}
+}
+
+// Insert inserts a trasaction to the map
+func (m *TransactionMap) Insert(key string, tr *Transaction) bool {
+	m.mutex.Lock()
+	defer m.mutex.Unlock()
+
+	m.trMap[key] = tr
+	return true
+}
+
+// Find looks up a transaction by its key
+func (m *TransactionMap) Find(key string) (*Transaction, bool) {
+	m.mutex.RLock()
+	defer m.mutex.RUnlock()
+
+	tr, ok := m.trMap[key]
+	return tr, ok
+}
+
+// Delete deletes a transaction by its key
+func (m *TransactionMap) Delete(key string) {
+	m.mutex.Lock()
+	defer m.mutex.Unlock()
+
+	delete(m.trMap, key)
+}
+
+// CloseAndDeleteAll closes and deletes all transactions
+func (m *TransactionMap) CloseAndDeleteAll() {
+	m.mutex.Lock()
+	defer m.mutex.Unlock()
+
+	for trKey, tr := range m.trMap {
+		tr.Close()
+		delete(m.trMap, trKey)
+	}
+}
+
+// Size returns the length of the transaction map
+func (m *TransactionMap) Size() int {
+	m.mutex.RLock()
+	defer m.mutex.RUnlock()
+
+	return len(m.trMap)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/client/trylock.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/client/trylock.go
new file mode 100644
index 000000000..48e25a054
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/client/trylock.go
@@ -0,0 +1,24 @@
+package client
+
+import (
+	"sync/atomic"
+)
+
+// TryLock implement the classic  "try-lock" operation.
+type TryLock struct {
+	n int32
+}
+
+// Lock tries to lock the try-lock. If successful, it returns true.
+// Otherwise, it returns false immedidately.
+func (c *TryLock) Lock() error {
+	if !atomic.CompareAndSwapInt32(&c.n, 0, 1) {
+		return errDoubleLock
+	}
+	return nil
+}
+
+// Unlock unlocks the try-lock.
+func (c *TryLock) Unlock() {
+	atomic.StoreInt32(&c.n, 0)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/ipnet/util.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/ipnet/util.go
new file mode 100644
index 000000000..9df7f5695
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/ipnet/util.go
@@ -0,0 +1,40 @@
+// Package ipnet contains helper functions around net and IP
+package ipnet
+
+import (
+	"errors"
+	"net"
+)
+
+var errFailedToCastAddr = errors.New("failed to cast net.Addr to *net.UDPAddr or *net.TCPAddr")
+
+// AddrIPPort extracts the IP and Port from a net.Addr
+func AddrIPPort(a net.Addr) (net.IP, int, error) {
+	aUDP, ok := a.(*net.UDPAddr)
+	if ok {
+		return aUDP.IP, aUDP.Port, nil
+	}
+
+	aTCP, ok := a.(*net.TCPAddr)
+	if ok {
+		return aTCP.IP, aTCP.Port, nil
+	}
+
+	return nil, 0, errFailedToCastAddr
+}
+
+// AddrEqual asserts that two net.Addrs are equal
+// Currently only supprots UDP but will be extended in the future to support others
+func AddrEqual(a, b net.Addr) bool {
+	aUDP, ok := a.(*net.UDPAddr)
+	if !ok {
+		return false
+	}
+
+	bUDP, ok := b.(*net.UDPAddr)
+	if !ok {
+		return false
+	}
+
+	return aUDP.IP.Equal(bUDP.IP) && aUDP.Port == bUDP.Port
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/proto/addr.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/proto/addr.go
new file mode 100644
index 000000000..b1d654d9e
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/proto/addr.go
@@ -0,0 +1,65 @@
+package proto
+
+import (
+	"fmt"
+	"net"
+)
+
+// Addr is ip:port.
+type Addr struct {
+	IP   net.IP
+	Port int
+}
+
+// Network implements net.Addr.
+func (Addr) Network() string { return "turn" }
+
+// FromUDPAddr sets addr to UDPAddr.
+func (a *Addr) FromUDPAddr(n *net.UDPAddr) {
+	a.IP = n.IP
+	a.Port = n.Port
+}
+
+// Equal returns true if b == a.
+func (a Addr) Equal(b Addr) bool {
+	if a.Port != b.Port {
+		return false
+	}
+	return a.IP.Equal(b.IP)
+}
+
+// EqualIP returns true if a and b have equal IP addresses.
+func (a Addr) EqualIP(b Addr) bool {
+	return a.IP.Equal(b.IP)
+}
+
+func (a Addr) String() string {
+	return fmt.Sprintf("%s:%d", a.IP, a.Port)
+}
+
+// FiveTuple represents 5-TUPLE value.
+type FiveTuple struct {
+	Client Addr
+	Server Addr
+	Proto  Protocol
+}
+
+func (t FiveTuple) String() string {
+	return fmt.Sprintf("%s->%s (%s)",
+		t.Client, t.Server, t.Proto,
+	)
+}
+
+// Equal returns true if b == t.
+func (t FiveTuple) Equal(b FiveTuple) bool {
+	if t.Proto != b.Proto {
+		return false
+	}
+	if !t.Client.Equal(b.Client) {
+		return false
+	}
+	if !t.Server.Equal(b.Server) {
+		return false
+	}
+	return true
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/proto/chandata.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/proto/chandata.go
new file mode 100644
index 000000000..fb1295b1a
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/proto/chandata.go
@@ -0,0 +1,140 @@
+package proto
+
+import (
+	"bytes"
+	"encoding/binary"
+	"errors"
+	"io"
+)
+
+// ChannelData represents The ChannelData Message.
+//
+// See RFC 5766 Section 11.4
+type ChannelData struct {
+	Data   []byte // can be subslice of Raw
+	Length int    // ignored while encoding, len(Data) is used
+	Number ChannelNumber
+	Raw    []byte
+}
+
+// Equal returns true if b == c.
+func (c *ChannelData) Equal(b *ChannelData) bool {
+	if c == nil && b == nil {
+		return true
+	}
+	if c == nil || b == nil {
+		return false
+	}
+	if c.Number != b.Number {
+		return false
+	}
+	if len(c.Data) != len(b.Data) {
+		return false
+	}
+	return bytes.Equal(c.Data, b.Data)
+}
+
+// grow ensures that internal buffer will fit v more bytes and
+// increases it capacity if necessary.
+//
+// Similar to stun.Message.grow method.
+func (c *ChannelData) grow(v int) {
+	n := len(c.Raw) + v
+	for cap(c.Raw) < n {
+		c.Raw = append(c.Raw, 0)
+	}
+	c.Raw = c.Raw[:n]
+}
+
+// Reset resets Length, Data and Raw length.
+func (c *ChannelData) Reset() {
+	c.Raw = c.Raw[:0]
+	c.Length = 0
+	c.Data = c.Data[:0]
+}
+
+// Encode encodes ChannelData Message to Raw.
+func (c *ChannelData) Encode() {
+	c.Raw = c.Raw[:0]
+	c.WriteHeader()
+	c.Raw = append(c.Raw, c.Data...)
+	padded := nearestPaddedValueLength(len(c.Raw))
+	if bytesToAdd := padded - len(c.Raw); bytesToAdd > 0 {
+		for i := 0; i < bytesToAdd; i++ {
+			c.Raw = append(c.Raw, 0)
+		}
+	}
+}
+
+const padding = 4
+
+func nearestPaddedValueLength(l int) int {
+	n := padding * (l / padding)
+	if n < l {
+		n += padding
+	}
+	return n
+}
+
+// WriteHeader writes channel number and length.
+func (c *ChannelData) WriteHeader() {
+	if len(c.Raw) < channelDataHeaderSize {
+		// Making WriteHeader call valid even when c.Raw
+		// is nil or len(c.Raw) is less than needed for header.
+		c.grow(channelDataHeaderSize)
+	}
+	// Early bounds check to guarantee safety of writes below.
+	_ = c.Raw[:channelDataHeaderSize]
+	binary.BigEndian.PutUint16(c.Raw[:channelDataNumberSize], uint16(c.Number))
+	binary.BigEndian.PutUint16(c.Raw[channelDataNumberSize:channelDataHeaderSize],
+		uint16(len(c.Data)),
+	)
+}
+
+// ErrBadChannelDataLength means that channel data length is not equal
+// to actual data length.
+var ErrBadChannelDataLength = errors.New("channelData length != len(Data)")
+
+// Decode decodes The ChannelData Message from Raw.
+func (c *ChannelData) Decode() error {
+	buf := c.Raw
+	if len(buf) < channelDataHeaderSize {
+		return io.ErrUnexpectedEOF
+	}
+	num := binary.BigEndian.Uint16(buf[:channelDataNumberSize])
+	c.Number = ChannelNumber(num)
+	l := binary.BigEndian.Uint16(buf[channelDataNumberSize:channelDataHeaderSize])
+	c.Data = buf[channelDataHeaderSize:]
+	c.Length = int(l)
+	if !c.Number.Valid() {
+		return ErrInvalidChannelNumber
+	}
+	if int(l) < len(c.Data) {
+		c.Data = c.Data[:int(l)]
+	}
+	if int(l) > len(buf[channelDataHeaderSize:]) {
+		return ErrBadChannelDataLength
+	}
+	return nil
+}
+
+const (
+	channelDataLengthSize = 2
+	channelDataNumberSize = channelDataLengthSize
+	channelDataHeaderSize = channelDataLengthSize + channelDataNumberSize
+)
+
+// IsChannelData returns true if buf looks like the ChannelData Message.
+func IsChannelData(buf []byte) bool {
+	if len(buf) < channelDataHeaderSize {
+		return false
+	}
+
+	if int(binary.BigEndian.Uint16(buf[channelDataNumberSize:channelDataHeaderSize])) > len(buf[channelDataHeaderSize:]) {
+		return false
+	}
+
+	// Quick check for channel number.
+	num := binary.BigEndian.Uint16(buf[0:channelNumberSize])
+	return isChannelNumberValid(num)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/proto/chann.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/proto/chann.go
new file mode 100644
index 000000000..d64ef73f4
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/proto/chann.go
@@ -0,0 +1,67 @@
+package proto
+
+import (
+	"encoding/binary"
+	"errors"
+	"strconv"
+
+	"github.com/pion/stun"
+)
+
+// ChannelNumber represents CHANNEL-NUMBER attribute.
+//
+// The CHANNEL-NUMBER attribute contains the number of the channel.
+//
+// RFC 5766 Section 14.1
+type ChannelNumber uint16 // encoded as uint16
+
+func (n ChannelNumber) String() string { return strconv.Itoa(int(n)) }
+
+// 16 bits of uint + 16 bits of RFFU = 0.
+const channelNumberSize = 4
+
+// AddTo adds CHANNEL-NUMBER to message.
+func (n ChannelNumber) AddTo(m *stun.Message) error {
+	v := make([]byte, channelNumberSize)
+	binary.BigEndian.PutUint16(v[:2], uint16(n))
+	// v[2:4] are zeroes (RFFU = 0)
+	m.Add(stun.AttrChannelNumber, v)
+	return nil
+}
+
+// GetFrom decodes CHANNEL-NUMBER from message.
+func (n *ChannelNumber) GetFrom(m *stun.Message) error {
+	v, err := m.Get(stun.AttrChannelNumber)
+	if err != nil {
+		return err
+	}
+	if err = stun.CheckSize(stun.AttrChannelNumber, len(v), channelNumberSize); err != nil {
+		return err
+	}
+	_ = v[channelNumberSize-1] // asserting length
+	*n = ChannelNumber(binary.BigEndian.Uint16(v[:2]))
+	// v[2:4] is RFFU and equals to 0.
+	return nil
+}
+
+// See https://tools.ietf.org/html/rfc5766#section-11:
+//
+// 0x4000 through 0x7FFF: These values are the allowed channel
+// numbers (16,383 possible values).
+const (
+	MinChannelNumber = 0x4000
+	MaxChannelNumber = 0x7FFF
+)
+
+// ErrInvalidChannelNumber means that channel number is not valid as by RFC 5766 Section 11.
+var ErrInvalidChannelNumber = errors.New("channel number not in [0x4000, 0x7FFF]")
+
+// isChannelNumberValid returns true if c in [0x4000, 0x7FFF].
+func isChannelNumberValid(c uint16) bool {
+	return c >= MinChannelNumber && c <= MaxChannelNumber
+}
+
+// Valid returns true if channel number has correct value that complies RFC 5766 Section 11 range.
+func (n ChannelNumber) Valid() bool {
+	return isChannelNumberValid(uint16(n))
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/proto/data.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/proto/data.go
new file mode 100644
index 000000000..64243e0c5
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/proto/data.go
@@ -0,0 +1,30 @@
+package proto
+
+import "github.com/pion/stun"
+
+// Data represents DATA attribute.
+//
+// The DATA attribute is present in all Send and Data indications.  The
+// value portion of this attribute is variable length and consists of
+// the application data (that is, the data that would immediately follow
+// the UDP header if the data was been sent directly between the client
+// and the peer).
+//
+// RFC 5766 Section 14.4
+type Data []byte
+
+// AddTo adds DATA to message.
+func (d Data) AddTo(m *stun.Message) error {
+	m.Add(stun.AttrData, d)
+	return nil
+}
+
+// GetFrom decodes DATA from message.
+func (d *Data) GetFrom(m *stun.Message) error {
+	v, err := m.Get(stun.AttrData)
+	if err != nil {
+		return err
+	}
+	*d = v
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/proto/dontfrag.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/proto/dontfrag.go
new file mode 100644
index 000000000..eb4d8caf8
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/proto/dontfrag.go
@@ -0,0 +1,18 @@
+package proto
+
+import "github.com/pion/stun"
+
+// DontFragmentAttr represents DONT-FRAGMENT attribute.
+type DontFragmentAttr struct{}
+
+// AddTo adds DONT-FRAGMENT attribute to message.
+func (DontFragmentAttr) AddTo(m *stun.Message) error {
+	m.Add(stun.AttrDontFragment, nil)
+	return nil
+}
+
+// IsSet returns true if DONT-FRAGMENT attribute is set.
+func (DontFragmentAttr) IsSet(m *stun.Message) bool {
+	_, err := m.Get(stun.AttrDontFragment)
+	return err == nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/proto/evenport.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/proto/evenport.go
new file mode 100644
index 000000000..a5a388258
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/proto/evenport.go
@@ -0,0 +1,55 @@
+package proto
+
+import "github.com/pion/stun"
+
+// EvenPort represents EVEN-PORT attribute.
+//
+// This attribute allows the client to request that the port in the
+// relayed transport address be even, and (optionally) that the server
+// reserve the next-higher port number.
+//
+// RFC 5766 Section 14.6
+type EvenPort struct {
+	// ReservePort means that the server is requested to reserve
+	// the next-higher port number (on the same IP address)
+	// for a subsequent allocation.
+	ReservePort bool
+}
+
+func (p EvenPort) String() string {
+	if p.ReservePort {
+		return "reserve: true"
+	}
+	return "reserve: false"
+}
+
+const (
+	evenPortSize = 1
+	firstBitSet  = (1 << 8) - 1 // 0b100000000
+)
+
+// AddTo adds EVEN-PORT to message.
+func (p EvenPort) AddTo(m *stun.Message) error {
+	v := make([]byte, evenPortSize)
+	if p.ReservePort {
+		// Set first bit to 1.
+		v[0] = firstBitSet
+	}
+	m.Add(stun.AttrEvenPort, v)
+	return nil
+}
+
+// GetFrom decodes EVEN-PORT from message.
+func (p *EvenPort) GetFrom(m *stun.Message) error {
+	v, err := m.Get(stun.AttrEvenPort)
+	if err != nil {
+		return err
+	}
+	if err = stun.CheckSize(stun.AttrEvenPort, len(v), evenPortSize); err != nil {
+		return err
+	}
+	if v[0]&firstBitSet > 0 {
+		p.ReservePort = true
+	}
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/proto/fuzz.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/proto/fuzz.go
new file mode 100644
index 000000000..1a171fb74
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/proto/fuzz.go
@@ -0,0 +1,111 @@
+// +build gofuzz
+
+package proto
+
+import (
+	"fmt"
+
+	"github.com/pion/stun"
+)
+
+type attr interface {
+	stun.Getter
+	stun.Setter
+}
+
+type attrs []struct {
+	g attr
+	t stun.AttrType
+}
+
+func (a attrs) pick(v byte) struct {
+	g attr
+	t stun.AttrType
+} {
+	idx := int(v) % len(a)
+	return a[idx]
+}
+
+func FuzzSetters(data []byte) int {
+	var (
+		m1 = &stun.Message{
+			Raw: make([]byte, 0, 2048),
+		}
+		m2 = &stun.Message{
+			Raw: make([]byte, 0, 2048),
+		}
+		m3 = &stun.Message{
+			Raw: make([]byte, 0, 2048),
+		}
+	)
+	attributes := attrs{
+		{new(RequestedTransport), stun.AttrRequestedTransport},
+		{new(RelayedAddress), stun.AttrXORRelayedAddress},
+		{new(ChannelNumber), stun.AttrChannelNumber},
+		{new(Data), stun.AttrData},
+		{new(EvenPort), stun.AttrEvenPort},
+		{new(Lifetime), stun.AttrLifetime},
+		{new(ReservationToken), stun.AttrReservationToken},
+	}
+	var firstByte = byte(0)
+	if len(data) > 0 {
+		firstByte = data[0]
+	}
+	a := attributes.pick(firstByte)
+	value := data
+	if len(data) > 1 {
+		value = value[1:]
+	}
+	m1.WriteHeader()
+	m1.Add(a.t, value)
+	err := a.g.GetFrom(m1)
+	if err == stun.ErrAttributeNotFound {
+		fmt.Println("unexpected 404") // nolint
+		panic(err)                    // nolint
+	}
+	if err != nil {
+		return 1
+	}
+	m2.WriteHeader()
+	if err := a.g.AddTo(m2); err != nil {
+		fmt.Println("failed to add attribute to m2") // nolint
+		panic(err)                                   // nolint
+	}
+	m3.WriteHeader()
+	v, err := m2.Get(a.t)
+	if err != nil {
+		panic(err) // nolint
+	}
+	m3.Add(a.t, v)
+
+	if !m2.Equal(m3) {
+		fmt.Println(m2, "not equal", m3) // nolint
+		panic("not equal")               // nolint
+	}
+	return 1
+}
+
+var d = &ChannelData{}
+
+func FuzzChannelData(data []byte) int {
+	d.Reset()
+	if b := bin.Uint16(data[0:4]); b > 20000 {
+		bin.PutUint16(data[0:4], MinChannelNumber-1)
+	} else if b > 40000 {
+		bin.PutUint16(data[0:4], MinChannelNumber+(MaxChannelNumber-MinChannelNumber)%b)
+	}
+	d.Raw = append(d.Raw, data...)
+	if d.Decode() != nil {
+		return 0
+	}
+	d2 := &ChannelData{}
+	d.Encode()
+	if !d.Number.Valid() {
+		return 1
+	}
+	d2.Raw = d.Raw
+	if err := d2.Decode(); err != nil {
+		panic(err) //nolint
+	}
+	return 1
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/proto/lifetime.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/proto/lifetime.go
new file mode 100644
index 000000000..b78169660
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/proto/lifetime.go
@@ -0,0 +1,52 @@
+package proto
+
+import (
+	"encoding/binary"
+	"time"
+
+	"github.com/pion/stun"
+)
+
+// DefaultLifetime in RFC 5766 is 10 minutes.
+//
+// RFC 5766 Section 2.2
+const DefaultLifetime = time.Minute * 10
+
+// Lifetime represents LIFETIME attribute.
+//
+// The LIFETIME attribute represents the duration for which the server
+// will maintain an allocation in the absence of a refresh. The value
+// portion of this attribute is 4-bytes long and consists of a 32-bit
+// unsigned integral value representing the number of seconds remaining
+// until expiration.
+//
+// RFC 5766 Section 14.2
+type Lifetime struct {
+	time.Duration
+}
+
+// uint32 seconds
+const lifetimeSize = 4 // 4 bytes, 32 bits
+
+// AddTo adds LIFETIME to message.
+func (l Lifetime) AddTo(m *stun.Message) error {
+	v := make([]byte, lifetimeSize)
+	binary.BigEndian.PutUint32(v, uint32(l.Seconds()))
+	m.Add(stun.AttrLifetime, v)
+	return nil
+}
+
+// GetFrom decodes LIFETIME from message.
+func (l *Lifetime) GetFrom(m *stun.Message) error {
+	v, err := m.Get(stun.AttrLifetime)
+	if err != nil {
+		return err
+	}
+	if err = stun.CheckSize(stun.AttrLifetime, len(v), lifetimeSize); err != nil {
+		return err
+	}
+	_ = v[lifetimeSize-1] // asserting length
+	seconds := binary.BigEndian.Uint32(v)
+	l.Duration = time.Second * time.Duration(seconds)
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/proto/peeraddr.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/proto/peeraddr.go
new file mode 100644
index 000000000..b357b823e
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/proto/peeraddr.go
@@ -0,0 +1,42 @@
+package proto
+
+import (
+	"net"
+
+	"github.com/pion/stun"
+)
+
+// PeerAddress implements XOR-PEER-ADDRESS attribute.
+//
+// The XOR-PEER-ADDRESS specifies the address and port of the peer as
+// seen from the TURN server. (For example, the peer's server-reflexive
+// transport address if the peer is behind a NAT.)
+//
+// RFC 5766 Section 14.3
+type PeerAddress struct {
+	IP   net.IP
+	Port int
+}
+
+func (a PeerAddress) String() string {
+	return stun.XORMappedAddress(a).String()
+}
+
+// AddTo adds XOR-PEER-ADDRESS to message.
+func (a PeerAddress) AddTo(m *stun.Message) error {
+	return stun.XORMappedAddress(a).AddToAs(m, stun.AttrXORPeerAddress)
+}
+
+// GetFrom decodes XOR-PEER-ADDRESS from message.
+func (a *PeerAddress) GetFrom(m *stun.Message) error {
+	return (*stun.XORMappedAddress)(a).GetFromAs(m, stun.AttrXORPeerAddress)
+}
+
+// XORPeerAddress implements XOR-PEER-ADDRESS attribute.
+//
+// The XOR-PEER-ADDRESS specifies the address and port of the peer as
+// seen from the TURN server. (For example, the peer's server-reflexive
+// transport address if the peer is behind a NAT.)
+//
+// RFC 5766 Section 14.3
+type XORPeerAddress = PeerAddress
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/proto/proto.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/proto/proto.go
new file mode 100644
index 000000000..4b08c7620
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/proto/proto.go
@@ -0,0 +1,30 @@
+// Package proto implements RFC 5766 Traversal Using Relays around NAT.
+//
+// Merged from gortc/turn v0.80.
+package proto
+
+import (
+	"github.com/pion/stun"
+)
+
+// Default ports for TURN from RFC 5766 Section 4.
+const (
+	// DefaultPort for TURN is same as STUN.
+	DefaultPort = stun.DefaultPort
+	// DefaultTLSPort is for TURN over TLS and is same as STUN.
+	DefaultTLSPort = stun.DefaultTLSPort
+)
+
+// CreatePermissionRequest is shorthand for create permission request type.
+func CreatePermissionRequest() stun.MessageType {
+	return stun.NewType(stun.MethodCreatePermission, stun.ClassRequest)
+}
+
+// AllocateRequest is shorthand for allocation request message type.
+func AllocateRequest() stun.MessageType { return stun.NewType(stun.MethodAllocate, stun.ClassRequest) }
+
+// SendIndication is shorthand for send indication message type.
+func SendIndication() stun.MessageType { return stun.NewType(stun.MethodSend, stun.ClassIndication) }
+
+// RefreshRequest is shorthand for refresh request message type.
+func RefreshRequest() stun.MessageType { return stun.NewType(stun.MethodRefresh, stun.ClassRequest) }
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/proto/relayedaddr.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/proto/relayedaddr.go
new file mode 100644
index 000000000..2169cb756
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/proto/relayedaddr.go
@@ -0,0 +1,40 @@
+package proto
+
+import (
+	"net"
+
+	"github.com/pion/stun"
+)
+
+// RelayedAddress implements XOR-RELAYED-ADDRESS attribute.
+//
+// It specifies the address and port that the server allocated to the
+// client. It is encoded in the same way as XOR-MAPPED-ADDRESS.
+//
+// RFC 5766 Section 14.5
+type RelayedAddress struct {
+	IP   net.IP
+	Port int
+}
+
+func (a RelayedAddress) String() string {
+	return stun.XORMappedAddress(a).String()
+}
+
+// AddTo adds XOR-PEER-ADDRESS to message.
+func (a RelayedAddress) AddTo(m *stun.Message) error {
+	return stun.XORMappedAddress(a).AddToAs(m, stun.AttrXORRelayedAddress)
+}
+
+// GetFrom decodes XOR-PEER-ADDRESS from message.
+func (a *RelayedAddress) GetFrom(m *stun.Message) error {
+	return (*stun.XORMappedAddress)(a).GetFromAs(m, stun.AttrXORRelayedAddress)
+}
+
+// XORRelayedAddress implements XOR-RELAYED-ADDRESS attribute.
+//
+// It specifies the address and port that the server allocated to the
+// client. It is encoded in the same way as XOR-MAPPED-ADDRESS.
+//
+// RFC 5766 Section 14.5
+type XORRelayedAddress = RelayedAddress
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/proto/reqfamily.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/proto/reqfamily.go
new file mode 100644
index 000000000..e83d6bba4
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/proto/reqfamily.go
@@ -0,0 +1,61 @@
+package proto
+
+import (
+	"errors"
+
+	"github.com/pion/stun"
+)
+
+// RequestedAddressFamily represents the REQUESTED-ADDRESS-FAMILY Attribute as
+// defined in RFC 6156 Section 4.1.1.
+type RequestedAddressFamily byte
+
+const requestedFamilySize = 4
+
+var errInvalidRequestedFamilyValue = errors.New("invalid value for requested family attribute")
+
+// GetFrom decodes REQUESTED-ADDRESS-FAMILY from message.
+func (f *RequestedAddressFamily) GetFrom(m *stun.Message) error {
+	v, err := m.Get(stun.AttrRequestedAddressFamily)
+	if err != nil {
+		return err
+	}
+	if err = stun.CheckSize(stun.AttrRequestedAddressFamily, len(v), requestedFamilySize); err != nil {
+		return err
+	}
+	switch v[0] {
+	case byte(RequestedFamilyIPv4), byte(RequestedFamilyIPv6):
+		*f = RequestedAddressFamily(v[0])
+	default:
+		return errInvalidRequestedFamilyValue
+	}
+	return nil
+}
+
+func (f RequestedAddressFamily) String() string {
+	switch f {
+	case RequestedFamilyIPv4:
+		return "IPv4"
+	case RequestedFamilyIPv6:
+		return "IPv6"
+	default:
+		return "unknown"
+	}
+}
+
+// AddTo adds REQUESTED-ADDRESS-FAMILY to message.
+func (f RequestedAddressFamily) AddTo(m *stun.Message) error {
+	v := make([]byte, requestedFamilySize)
+	v[0] = byte(f)
+	// b[1:4] is RFFU = 0.
+	// The RFFU field MUST be set to zero on transmission and MUST be
+	// ignored on reception. It is reserved for future uses.
+	m.Add(stun.AttrRequestedAddressFamily, v)
+	return nil
+}
+
+// Values for RequestedAddressFamily as defined in RFC 6156 Section 4.1.1.
+const (
+	RequestedFamilyIPv4 RequestedAddressFamily = 0x01
+	RequestedFamilyIPv6 RequestedAddressFamily = 0x02
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/proto/reqtrans.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/proto/reqtrans.go
new file mode 100644
index 000000000..a4e48639f
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/proto/reqtrans.go
@@ -0,0 +1,65 @@
+package proto
+
+import (
+	"strconv"
+
+	"github.com/pion/stun"
+)
+
+// Protocol is IANA assigned protocol number.
+type Protocol byte
+
+const (
+	// ProtoUDP is IANA assigned protocol number for UDP.
+	ProtoUDP Protocol = 17
+)
+
+func (p Protocol) String() string {
+	switch p {
+	case ProtoUDP:
+		return "UDP"
+	default:
+		return strconv.Itoa(int(p))
+	}
+}
+
+// RequestedTransport represents REQUESTED-TRANSPORT attribute.
+//
+// This attribute is used by the client to request a specific transport
+// protocol for the allocated transport address. RFC 5766 only allows the use of
+// codepoint 17 (User Datagram Protocol).
+//
+// RFC 5766 Section 14.7
+type RequestedTransport struct {
+	Protocol Protocol
+}
+
+func (t RequestedTransport) String() string {
+	return "protocol: " + t.Protocol.String()
+}
+
+const requestedTransportSize = 4
+
+// AddTo adds REQUESTED-TRANSPORT to message.
+func (t RequestedTransport) AddTo(m *stun.Message) error {
+	v := make([]byte, requestedTransportSize)
+	v[0] = byte(t.Protocol)
+	// b[1:4] is RFFU = 0.
+	// The RFFU field MUST be set to zero on transmission and MUST be
+	// ignored on reception. It is reserved for future uses.
+	m.Add(stun.AttrRequestedTransport, v)
+	return nil
+}
+
+// GetFrom decodes REQUESTED-TRANSPORT from message.
+func (t *RequestedTransport) GetFrom(m *stun.Message) error {
+	v, err := m.Get(stun.AttrRequestedTransport)
+	if err != nil {
+		return err
+	}
+	if err = stun.CheckSize(stun.AttrRequestedTransport, len(v), requestedTransportSize); err != nil {
+		return err
+	}
+	t.Protocol = Protocol(v[0])
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/proto/rsrvtoken.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/proto/rsrvtoken.go
new file mode 100644
index 000000000..6e2ed4d80
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/proto/rsrvtoken.go
@@ -0,0 +1,39 @@
+package proto
+
+import "github.com/pion/stun"
+
+// ReservationToken represents RESERVATION-TOKEN attribute.
+//
+// The RESERVATION-TOKEN attribute contains a token that uniquely
+// identifies a relayed transport address being held in reserve by the
+// server. The server includes this attribute in a success response to
+// tell the client about the token, and the client includes this
+// attribute in a subsequent Allocate request to request the server use
+// that relayed transport address for the allocation.
+//
+// RFC 5766 Section 14.9
+type ReservationToken []byte
+
+const reservationTokenSize = 8 // 8 bytes
+
+// AddTo adds RESERVATION-TOKEN to message.
+func (t ReservationToken) AddTo(m *stun.Message) error {
+	if err := stun.CheckSize(stun.AttrReservationToken, len(t), reservationTokenSize); err != nil {
+		return err
+	}
+	m.Add(stun.AttrReservationToken, t)
+	return nil
+}
+
+// GetFrom decodes RESERVATION-TOKEN from message.
+func (t *ReservationToken) GetFrom(m *stun.Message) error {
+	v, err := m.Get(stun.AttrReservationToken)
+	if err != nil {
+		return err
+	}
+	if err = stun.CheckSize(stun.AttrReservationToken, len(v), reservationTokenSize); err != nil {
+		return err
+	}
+	*t = v
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/server/errors.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/server/errors.go
new file mode 100644
index 000000000..13f8ee1a3
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/server/errors.go
@@ -0,0 +1,26 @@
+package server
+
+import "errors"
+
+var (
+	errFailedToGenerateNonce                  = errors.New("failed to generate nonce")
+	errFailedToSendError                      = errors.New("failed to send error message")
+	errDuplicatedNonce                        = errors.New("duplicated Nonce generated, discarding request")
+	errNoSuchUser                             = errors.New("no such user exists")
+	errUnexpectedClass                        = errors.New("unexpected class")
+	errUnexpectedMethod                       = errors.New("unexpected method")
+	errFailedToHandle                         = errors.New("failed to handle")
+	errUnhandledSTUNPacket                    = errors.New("unhandled STUN packet")
+	errUnableToHandleChannelData              = errors.New("unable to handle ChannelData")
+	errFailedToCreateSTUNPacket               = errors.New("failed to create stun message from packet")
+	errFailedToCreateChannelData              = errors.New("failed to create channel data from packet")
+	errRelayAlreadyAllocatedForFiveTuple      = errors.New("relay already allocated for 5-TUPLE")
+	errRequestedTransportMustBeUDP            = errors.New("RequestedTransport must be UDP")
+	errNoDontFragmentSupport                  = errors.New("no support for DONT-FRAGMENT")
+	errRequestWithReservationTokenAndEvenPort = errors.New("Request must not contain RESERVATION-TOKEN and EVEN-PORT")
+	errNoAllocationFound                      = errors.New("no allocation found")
+	errNoPermission                           = errors.New("unable to handle send-indication, no permission added")
+	errShortWrite                             = errors.New("packet write smaller than packet")
+	errNoSuchChannelBind                      = errors.New("no such channel bind")
+	errFailedWriteSocket                      = errors.New("failed writing to socket")
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/server/server.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/server/server.go
new file mode 100644
index 000000000..27f375839
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/server/server.go
@@ -0,0 +1,109 @@
+// Package server implements the private API to implement a TURN server
+package server
+
+import (
+	"fmt"
+	"net"
+	"sync"
+	"time"
+
+	"github.com/pion/logging"
+	"github.com/pion/stun"
+	"github.com/pion/turn/v2/internal/allocation"
+	"github.com/pion/turn/v2/internal/proto"
+)
+
+// Request contains all the state needed to process a single incoming datagram
+type Request struct {
+	// Current Request State
+	Conn    net.PacketConn
+	SrcAddr net.Addr
+	Buff    []byte
+
+	// Server State
+	AllocationManager *allocation.Manager
+	Nonces            *sync.Map
+
+	// User Configuration
+	AuthHandler        func(username string, realm string, srcAddr net.Addr) (key []byte, ok bool)
+	Log                logging.LeveledLogger
+	Realm              string
+	ChannelBindTimeout time.Duration
+}
+
+// HandleRequest processes the give Request
+func HandleRequest(r Request) error {
+	r.Log.Debugf("received %d bytes of udp from %s on %s", len(r.Buff), r.SrcAddr.String(), r.Conn.LocalAddr().String())
+
+	if proto.IsChannelData(r.Buff) {
+		return handleDataPacket(r)
+	}
+
+	return handleTURNPacket(r)
+}
+
+func handleDataPacket(r Request) error {
+	r.Log.Debugf("received DataPacket from %s", r.SrcAddr.String())
+	c := proto.ChannelData{Raw: r.Buff}
+	if err := c.Decode(); err != nil {
+		return fmt.Errorf("%w: %v", errFailedToCreateChannelData, err)
+	}
+
+	err := handleChannelData(r, &c)
+	if err != nil {
+		err = fmt.Errorf("%w from %v: %v", errUnableToHandleChannelData, r.SrcAddr, err)
+	}
+
+	return err
+}
+
+func handleTURNPacket(r Request) error {
+	r.Log.Debug("handleTURNPacket")
+	m := &stun.Message{Raw: append([]byte{}, r.Buff...)}
+	if err := m.Decode(); err != nil {
+		return fmt.Errorf("%w: %v", errFailedToCreateSTUNPacket, err)
+	}
+
+	h, err := getMessageHandler(m.Type.Class, m.Type.Method)
+	if err != nil {
+		return fmt.Errorf("%w %v-%v from %v: %v", errUnhandledSTUNPacket, m.Type.Method, m.Type.Class, r.SrcAddr, err)
+	}
+
+	err = h(r, m)
+	if err != nil {
+		return fmt.Errorf("%w %v-%v from %v: %v", errFailedToHandle, m.Type.Method, m.Type.Class, r.SrcAddr, err)
+	}
+
+	return nil
+}
+
+func getMessageHandler(class stun.MessageClass, method stun.Method) (func(r Request, m *stun.Message) error, error) {
+	switch class {
+	case stun.ClassIndication:
+		switch method {
+		case stun.MethodSend:
+			return handleSendIndication, nil
+		default:
+			return nil, fmt.Errorf("%w: %s", errUnexpectedMethod, method)
+		}
+
+	case stun.ClassRequest:
+		switch method {
+		case stun.MethodAllocate:
+			return handleAllocateRequest, nil
+		case stun.MethodRefresh:
+			return handleRefreshRequest, nil
+		case stun.MethodCreatePermission:
+			return handleCreatePermissionRequest, nil
+		case stun.MethodChannelBind:
+			return handleChannelBindRequest, nil
+		case stun.MethodBinding:
+			return handleBindingRequest, nil
+		default:
+			return nil, fmt.Errorf("%w: %s", errUnexpectedMethod, method)
+		}
+
+	default:
+		return nil, fmt.Errorf("%w: %s", errUnexpectedClass, class)
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/server/stun.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/server/stun.go
new file mode 100644
index 000000000..673e99f62
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/server/stun.go
@@ -0,0 +1,22 @@
+package server
+
+import (
+	"github.com/pion/stun"
+	"github.com/pion/turn/v2/internal/ipnet"
+)
+
+func handleBindingRequest(r Request, m *stun.Message) error {
+	r.Log.Debugf("received BindingRequest from %s", r.SrcAddr.String())
+
+	ip, port, err := ipnet.AddrIPPort(r.SrcAddr)
+	if err != nil {
+		return err
+	}
+
+	attrs := buildMsg(m.TransactionID, stun.BindingSuccess, &stun.XORMappedAddress{
+		IP:   ip,
+		Port: port,
+	}, stun.Fingerprint)
+
+	return buildAndSend(r.Conn, r.SrcAddr, attrs...)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/server/turn.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/server/turn.go
new file mode 100644
index 000000000..cbac09c2d
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/server/turn.go
@@ -0,0 +1,352 @@
+package server
+
+import (
+	"fmt"
+	"net"
+
+	"github.com/pion/stun"
+	"github.com/pion/turn/v2/internal/allocation"
+	"github.com/pion/turn/v2/internal/ipnet"
+	"github.com/pion/turn/v2/internal/proto"
+)
+
+// // https://tools.ietf.org/html/rfc5766#section-6.2
+func handleAllocateRequest(r Request, m *stun.Message) error {
+	r.Log.Debugf("received AllocateRequest from %s", r.SrcAddr.String())
+
+	// 1. The server MUST require that the request be authenticated.  This
+	//    authentication MUST be done using the long-term credential
+	//    mechanism of [https://tools.ietf.org/html/rfc5389#section-10.2.2]
+	//    unless the client and server agree to use another mechanism through
+	//    some procedure outside the scope of this document.
+	messageIntegrity, hasAuth, err := authenticateRequest(r, m, stun.MethodAllocate)
+	if !hasAuth {
+		return err
+	}
+
+	fiveTuple := &allocation.FiveTuple{
+		SrcAddr:  r.SrcAddr,
+		DstAddr:  r.Conn.LocalAddr(),
+		Protocol: allocation.UDP,
+	}
+	requestedPort := 0
+	reservationToken := ""
+
+	badRequestMsg := buildMsg(m.TransactionID, stun.NewType(stun.MethodAllocate, stun.ClassErrorResponse), &stun.ErrorCodeAttribute{Code: stun.CodeBadRequest})
+	insufficentCapacityMsg := buildMsg(m.TransactionID, stun.NewType(stun.MethodAllocate, stun.ClassErrorResponse), &stun.ErrorCodeAttribute{Code: stun.CodeInsufficientCapacity})
+
+	// 2. The server checks if the 5-tuple is currently in use by an
+	//    existing allocation.  If yes, the server rejects the request with
+	//    a 437 (Allocation Mismatch) error.
+	if alloc := r.AllocationManager.GetAllocation(fiveTuple); alloc != nil {
+		msg := buildMsg(m.TransactionID, stun.NewType(stun.MethodAllocate, stun.ClassErrorResponse), &stun.ErrorCodeAttribute{Code: stun.CodeAllocMismatch})
+		return buildAndSendErr(r.Conn, r.SrcAddr, errRelayAlreadyAllocatedForFiveTuple, msg...)
+	}
+
+	// 3. The server checks if the request contains a REQUESTED-TRANSPORT
+	//    attribute.  If the REQUESTED-TRANSPORT attribute is not included
+	//    or is malformed, the server rejects the request with a 400 (Bad
+	//    Request) error.  Otherwise, if the attribute is included but
+	//    specifies a protocol other that UDP, the server rejects the
+	//    request with a 442 (Unsupported Transport Protocol) error.
+	var requestedTransport proto.RequestedTransport
+	if err = requestedTransport.GetFrom(m); err != nil {
+		return buildAndSendErr(r.Conn, r.SrcAddr, err, badRequestMsg...)
+	} else if requestedTransport.Protocol != proto.ProtoUDP {
+		msg := buildMsg(m.TransactionID, stun.NewType(stun.MethodAllocate, stun.ClassErrorResponse), &stun.ErrorCodeAttribute{Code: stun.CodeUnsupportedTransProto})
+		return buildAndSendErr(r.Conn, r.SrcAddr, errRequestedTransportMustBeUDP, msg...)
+	}
+
+	// 4. The request may contain a DONT-FRAGMENT attribute.  If it does,
+	//    but the server does not support sending UDP datagrams with the DF
+	//    bit set to 1 (see Section 12), then the server treats the DONT-
+	//    FRAGMENT attribute in the Allocate request as an unknown
+	//    comprehension-required attribute.
+	if m.Contains(stun.AttrDontFragment) {
+		msg := buildMsg(m.TransactionID, stun.NewType(stun.MethodAllocate, stun.ClassErrorResponse), &stun.ErrorCodeAttribute{Code: stun.CodeUnknownAttribute}, &stun.UnknownAttributes{stun.AttrDontFragment})
+		return buildAndSendErr(r.Conn, r.SrcAddr, errNoDontFragmentSupport, msg...)
+	}
+
+	// 5.  The server checks if the request contains a RESERVATION-TOKEN
+	//     attribute.  If yes, and the request also contains an EVEN-PORT
+	//     attribute, then the server rejects the request with a 400 (Bad
+	//     Request) error.  Otherwise, it checks to see if the token is
+	//     valid (i.e., the token is in range and has not expired and the
+	//     corresponding relayed transport address is still available).  If
+	//     the token is not valid for some reason, the server rejects the
+	//     request with a 508 (Insufficient Capacity) error.
+	var reservationTokenAttr proto.ReservationToken
+	if err = reservationTokenAttr.GetFrom(m); err == nil {
+		var evenPort proto.EvenPort
+		if err = evenPort.GetFrom(m); err == nil {
+			return buildAndSendErr(r.Conn, r.SrcAddr, errRequestWithReservationTokenAndEvenPort, badRequestMsg...)
+		}
+	}
+
+	// 6. The server checks if the request contains an EVEN-PORT attribute.
+	//    If yes, then the server checks that it can satisfy the request
+	//    (i.e., can allocate a relayed transport address as described
+	//    below).  If the server cannot satisfy the request, then the
+	//    server rejects the request with a 508 (Insufficient Capacity)
+	//    error.
+	var evenPort proto.EvenPort
+	if err = evenPort.GetFrom(m); err == nil {
+		randomPort := 0
+		randomPort, err = r.AllocationManager.GetRandomEvenPort()
+		if err != nil {
+			return buildAndSendErr(r.Conn, r.SrcAddr, err, insufficentCapacityMsg...)
+		}
+		requestedPort = randomPort
+		reservationToken = randSeq(8)
+	}
+
+	// 7. At any point, the server MAY choose to reject the request with a
+	//    486 (Allocation Quota Reached) error if it feels the client is
+	//    trying to exceed some locally defined allocation quota.  The
+	//    server is free to define this allocation quota any way it wishes,
+	//    but SHOULD define it based on the username used to authenticate
+	//    the request, and not on the client's transport address.
+
+	// 8. Also at any point, the server MAY choose to reject the request
+	//    with a 300 (Try Alternate) error if it wishes to redirect the
+	//    client to a different server.  The use of this error code and
+	//    attribute follow the specification in [RFC5389].
+	lifetimeDuration := allocationLifeTime(m)
+	a, err := r.AllocationManager.CreateAllocation(
+		fiveTuple,
+		r.Conn,
+		requestedPort,
+		lifetimeDuration)
+	if err != nil {
+		return buildAndSendErr(r.Conn, r.SrcAddr, err, insufficentCapacityMsg...)
+	}
+
+	// Once the allocation is created, the server replies with a success
+	// response.  The success response contains:
+	//   * An XOR-RELAYED-ADDRESS attribute containing the relayed transport
+	//     address.
+	//   * A LIFETIME attribute containing the current value of the time-to-
+	//     expiry timer.
+	//   * A RESERVATION-TOKEN attribute (if a second relayed transport
+	//     address was reserved).
+	//   * An XOR-MAPPED-ADDRESS attribute containing the client's IP address
+	//     and port (from the 5-tuple).
+
+	srcIP, srcPort, err := ipnet.AddrIPPort(r.SrcAddr)
+	if err != nil {
+		return buildAndSendErr(r.Conn, r.SrcAddr, err, badRequestMsg...)
+	}
+
+	relayIP, relayPort, err := ipnet.AddrIPPort(a.RelayAddr)
+	if err != nil {
+		return buildAndSendErr(r.Conn, r.SrcAddr, err, badRequestMsg...)
+	}
+
+	responseAttrs := []stun.Setter{
+		&proto.RelayedAddress{
+			IP:   relayIP,
+			Port: relayPort,
+		},
+		&proto.Lifetime{
+			Duration: lifetimeDuration,
+		},
+		&stun.XORMappedAddress{
+			IP:   srcIP,
+			Port: srcPort,
+		},
+	}
+
+	if reservationToken != "" {
+		r.AllocationManager.CreateReservation(reservationToken, relayPort)
+		responseAttrs = append(responseAttrs, proto.ReservationToken([]byte(reservationToken)))
+	}
+
+	msg := buildMsg(m.TransactionID, stun.NewType(stun.MethodAllocate, stun.ClassSuccessResponse), append(responseAttrs, messageIntegrity)...)
+	return buildAndSend(r.Conn, r.SrcAddr, msg...)
+}
+
+func handleRefreshRequest(r Request, m *stun.Message) error {
+	r.Log.Debugf("received RefreshRequest from %s", r.SrcAddr.String())
+
+	messageIntegrity, hasAuth, err := authenticateRequest(r, m, stun.MethodRefresh)
+	if !hasAuth {
+		return err
+	}
+
+	lifetimeDuration := allocationLifeTime(m)
+	fiveTuple := &allocation.FiveTuple{
+		SrcAddr:  r.SrcAddr,
+		DstAddr:  r.Conn.LocalAddr(),
+		Protocol: allocation.UDP,
+	}
+
+	if lifetimeDuration != 0 {
+		a := r.AllocationManager.GetAllocation(fiveTuple)
+
+		if a == nil {
+			return fmt.Errorf("%w %v:%v", errNoAllocationFound, r.SrcAddr, r.Conn.LocalAddr())
+		}
+		a.Refresh(lifetimeDuration)
+	} else {
+		r.AllocationManager.DeleteAllocation(fiveTuple)
+	}
+
+	return buildAndSend(r.Conn, r.SrcAddr, buildMsg(m.TransactionID, stun.NewType(stun.MethodRefresh, stun.ClassSuccessResponse), []stun.Setter{
+		&proto.Lifetime{
+			Duration: lifetimeDuration,
+		},
+		messageIntegrity,
+	}...)...)
+}
+
+func handleCreatePermissionRequest(r Request, m *stun.Message) error {
+	r.Log.Debugf("received CreatePermission from %s", r.SrcAddr.String())
+
+	a := r.AllocationManager.GetAllocation(&allocation.FiveTuple{
+		SrcAddr:  r.SrcAddr,
+		DstAddr:  r.Conn.LocalAddr(),
+		Protocol: allocation.UDP,
+	})
+	if a == nil {
+		return fmt.Errorf("%w %v:%v", errNoAllocationFound, r.SrcAddr, r.Conn.LocalAddr())
+	}
+
+	messageIntegrity, hasAuth, err := authenticateRequest(r, m, stun.MethodCreatePermission)
+	if !hasAuth {
+		return err
+	}
+
+	addCount := 0
+
+	if err := m.ForEach(stun.AttrXORPeerAddress, func(m *stun.Message) error {
+		var peerAddress proto.PeerAddress
+		if err := peerAddress.GetFrom(m); err != nil {
+			return err
+		}
+
+		r.Log.Debugf("adding permission for %s", fmt.Sprintf("%s:%d",
+			peerAddress.IP.String(), peerAddress.Port))
+		a.AddPermission(allocation.NewPermission(
+			&net.UDPAddr{
+				IP:   peerAddress.IP,
+				Port: peerAddress.Port,
+			},
+			r.Log,
+		))
+		addCount++
+		return nil
+	}); err != nil {
+		addCount = 0
+	}
+
+	respClass := stun.ClassSuccessResponse
+	if addCount == 0 {
+		respClass = stun.ClassErrorResponse
+	}
+
+	return buildAndSend(r.Conn, r.SrcAddr, buildMsg(m.TransactionID, stun.NewType(stun.MethodCreatePermission, respClass), []stun.Setter{messageIntegrity}...)...)
+}
+
+func handleSendIndication(r Request, m *stun.Message) error {
+	r.Log.Debugf("received SendIndication from %s", r.SrcAddr.String())
+	a := r.AllocationManager.GetAllocation(&allocation.FiveTuple{
+		SrcAddr:  r.SrcAddr,
+		DstAddr:  r.Conn.LocalAddr(),
+		Protocol: allocation.UDP,
+	})
+	if a == nil {
+		return fmt.Errorf("%w %v:%v", errNoAllocationFound, r.SrcAddr, r.Conn.LocalAddr())
+	}
+
+	dataAttr := proto.Data{}
+	if err := dataAttr.GetFrom(m); err != nil {
+		return err
+	}
+
+	peerAddress := proto.PeerAddress{}
+	if err := peerAddress.GetFrom(m); err != nil {
+		return err
+	}
+
+	msgDst := &net.UDPAddr{IP: peerAddress.IP, Port: peerAddress.Port}
+	if perm := a.GetPermission(msgDst); perm == nil {
+		return fmt.Errorf("%w: %v", errNoPermission, msgDst)
+	}
+
+	l, err := a.RelaySocket.WriteTo(dataAttr, msgDst)
+	if l != len(dataAttr) {
+		return fmt.Errorf("%w %d != %d (expected) err: %v", errShortWrite, l, len(dataAttr), err)
+	}
+	return err
+}
+
+func handleChannelBindRequest(r Request, m *stun.Message) error {
+	r.Log.Debugf("received ChannelBindRequest from %s", r.SrcAddr.String())
+
+	a := r.AllocationManager.GetAllocation(&allocation.FiveTuple{
+		SrcAddr:  r.SrcAddr,
+		DstAddr:  r.Conn.LocalAddr(),
+		Protocol: allocation.UDP,
+	})
+	if a == nil {
+		return fmt.Errorf("%w %v:%v", errNoAllocationFound, r.SrcAddr, r.Conn.LocalAddr())
+	}
+
+	badRequestMsg := buildMsg(m.TransactionID, stun.NewType(stun.MethodChannelBind, stun.ClassErrorResponse), &stun.ErrorCodeAttribute{Code: stun.CodeBadRequest})
+
+	messageIntegrity, hasAuth, err := authenticateRequest(r, m, stun.MethodChannelBind)
+	if !hasAuth {
+		return err
+	}
+
+	var channel proto.ChannelNumber
+	if err = channel.GetFrom(m); err != nil {
+		return buildAndSendErr(r.Conn, r.SrcAddr, err, badRequestMsg...)
+	}
+
+	peerAddr := proto.PeerAddress{}
+	if err = peerAddr.GetFrom(m); err != nil {
+		return buildAndSendErr(r.Conn, r.SrcAddr, err, badRequestMsg...)
+	}
+
+	r.Log.Debugf("binding channel %d to %s",
+		channel,
+		fmt.Sprintf("%s:%d", peerAddr.IP.String(), peerAddr.Port))
+	err = a.AddChannelBind(allocation.NewChannelBind(
+		channel,
+		&net.UDPAddr{IP: peerAddr.IP, Port: peerAddr.Port},
+		r.Log,
+	), r.ChannelBindTimeout)
+	if err != nil {
+		return buildAndSendErr(r.Conn, r.SrcAddr, err, badRequestMsg...)
+	}
+
+	return buildAndSend(r.Conn, r.SrcAddr, buildMsg(m.TransactionID, stun.NewType(stun.MethodChannelBind, stun.ClassSuccessResponse), []stun.Setter{messageIntegrity}...)...)
+}
+
+func handleChannelData(r Request, c *proto.ChannelData) error {
+	r.Log.Debugf("received ChannelData from %s", r.SrcAddr.String())
+
+	a := r.AllocationManager.GetAllocation(&allocation.FiveTuple{
+		SrcAddr:  r.SrcAddr,
+		DstAddr:  r.Conn.LocalAddr(),
+		Protocol: allocation.UDP,
+	})
+	if a == nil {
+		return fmt.Errorf("%w %v:%v", errNoAllocationFound, r.SrcAddr, r.Conn.LocalAddr())
+	}
+
+	channel := a.GetChannelByNumber(c.Number)
+	if channel == nil {
+		return fmt.Errorf("%w %x", errNoSuchChannelBind, uint16(c.Number))
+	}
+
+	l, err := a.RelaySocket.WriteTo(c.Data, channel.Peer)
+	if err != nil {
+		return fmt.Errorf("%w: %s", errFailedWriteSocket, err.Error())
+	} else if l != len(c.Data) {
+		return fmt.Errorf("%w %d != %d (expected)", errShortWrite, l, len(c.Data))
+	}
+
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/server/util.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/server/util.go
new file mode 100644
index 000000000..c6baffbd1
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/internal/server/util.go
@@ -0,0 +1,133 @@
+package server
+
+import (
+	"crypto/md5" //nolint:gosec,gci
+	"fmt"
+	"io"
+	"math/rand"
+	"net"
+	"strconv"
+	"time"
+
+	"github.com/pion/stun"
+	"github.com/pion/turn/v2/internal/proto"
+)
+
+const (
+	maximumAllocationLifetime = time.Hour // https://tools.ietf.org/html/rfc5766#section-6.2 defines 3600 seconds recommendation
+	nonceLifetime             = time.Hour // https://tools.ietf.org/html/rfc5766#section-4
+
+)
+
+func randSeq(n int) string {
+	letters := []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ")
+	b := make([]rune, n)
+	for i := range b {
+		b[i] = letters[rand.Intn(len(letters))] //nolint:gosec
+	}
+	return string(b)
+}
+
+func buildNonce() (string, error) {
+	/* #nosec */
+	h := md5.New()
+	if _, err := io.WriteString(h, strconv.FormatInt(time.Now().Unix(), 10)); err != nil {
+		return "", fmt.Errorf("%w: %v", errFailedToGenerateNonce, err)
+	}
+	if _, err := io.WriteString(h, strconv.FormatInt(rand.Int63(), 10)); err != nil { //nolint:gosec
+		return "", fmt.Errorf("%w: %v", errFailedToGenerateNonce, err)
+	}
+	return fmt.Sprintf("%x", h.Sum(nil)), nil
+}
+
+func buildAndSend(conn net.PacketConn, dst net.Addr, attrs ...stun.Setter) error {
+	msg, err := stun.Build(attrs...)
+	if err != nil {
+		return err
+	}
+	_, err = conn.WriteTo(msg.Raw, dst)
+	return err
+}
+
+// Send a STUN packet and return the original error to the caller
+func buildAndSendErr(conn net.PacketConn, dst net.Addr, err error, attrs ...stun.Setter) error {
+	if sendErr := buildAndSend(conn, dst, attrs...); sendErr != nil {
+		err = fmt.Errorf("%w %v %v", errFailedToSendError, sendErr, err)
+	}
+	return err
+}
+
+func buildMsg(transactionID [stun.TransactionIDSize]byte, msgType stun.MessageType, additional ...stun.Setter) []stun.Setter {
+	return append([]stun.Setter{&stun.Message{TransactionID: transactionID}, msgType}, additional...)
+}
+
+func authenticateRequest(r Request, m *stun.Message, callingMethod stun.Method) (stun.MessageIntegrity, bool, error) {
+	respondWithNonce := func(responseCode stun.ErrorCode) (stun.MessageIntegrity, bool, error) {
+		nonce, err := buildNonce()
+		if err != nil {
+			return nil, false, err
+		}
+
+		// Nonce has already been taken
+		if _, keyCollision := r.Nonces.LoadOrStore(nonce, time.Now()); keyCollision {
+			return nil, false, errDuplicatedNonce
+		}
+
+		return nil, false, buildAndSend(r.Conn, r.SrcAddr, buildMsg(m.TransactionID,
+			stun.NewType(callingMethod, stun.ClassErrorResponse),
+			&stun.ErrorCodeAttribute{Code: responseCode},
+			stun.NewNonce(nonce),
+			stun.NewRealm(r.Realm),
+		)...)
+	}
+
+	if !m.Contains(stun.AttrMessageIntegrity) {
+		return respondWithNonce(stun.CodeUnauthorized)
+	}
+
+	nonceAttr := &stun.Nonce{}
+	usernameAttr := &stun.Username{}
+	realmAttr := &stun.Realm{}
+	badRequestMsg := buildMsg(m.TransactionID, stun.NewType(callingMethod, stun.ClassErrorResponse), &stun.ErrorCodeAttribute{Code: stun.CodeBadRequest})
+
+	if err := nonceAttr.GetFrom(m); err != nil {
+		return nil, false, buildAndSendErr(r.Conn, r.SrcAddr, err, badRequestMsg...)
+	}
+
+	// Assert Nonce exists and is not expired
+	nonceCreationTime, ok := r.Nonces.Load(string(*nonceAttr))
+	if !ok || time.Since(nonceCreationTime.(time.Time)) >= nonceLifetime {
+		r.Nonces.Delete(nonceAttr)
+		return respondWithNonce(stun.CodeStaleNonce)
+	}
+
+	if err := realmAttr.GetFrom(m); err != nil {
+		return nil, false, buildAndSendErr(r.Conn, r.SrcAddr, err, badRequestMsg...)
+	} else if err := usernameAttr.GetFrom(m); err != nil {
+		return nil, false, buildAndSendErr(r.Conn, r.SrcAddr, err, badRequestMsg...)
+	}
+
+	ourKey, ok := r.AuthHandler(usernameAttr.String(), realmAttr.String(), r.SrcAddr)
+	if !ok {
+		return nil, false, buildAndSendErr(r.Conn, r.SrcAddr, fmt.Errorf("%w %s", errNoSuchUser, usernameAttr.String()), badRequestMsg...)
+	}
+
+	if err := stun.MessageIntegrity(ourKey).Check(m); err != nil {
+		return nil, false, buildAndSendErr(r.Conn, r.SrcAddr, err, badRequestMsg...)
+	}
+
+	return stun.MessageIntegrity(ourKey), true, nil
+}
+
+func allocationLifeTime(m *stun.Message) time.Duration {
+	lifetimeDuration := proto.DefaultLifetime
+
+	var lifetime proto.Lifetime
+	if err := lifetime.GetFrom(m); err == nil {
+		if lifetime.Duration < maximumAllocationLifetime {
+			lifetimeDuration = lifetime.Duration
+		}
+	}
+
+	return lifetimeDuration
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/lt_cred.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/lt_cred.go
new file mode 100644
index 000000000..07520b1ed
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/lt_cred.go
@@ -0,0 +1,56 @@
+package turn
+
+import ( //nolint:gci
+	"crypto/hmac"
+	"crypto/sha1" //nolint:gosec,gci
+	"encoding/base64"
+	"net"
+	"strconv"
+	"time"
+
+	"github.com/pion/logging"
+)
+
+// GenerateCredentials can be used to create credentials valid for [duration] time
+func GenerateLongTermCredentials(sharedSecret string, duration time.Duration) (string, string, error) {
+	t := time.Now().Add(duration).Unix()
+	username := strconv.FormatInt(t, 10)
+	password, err := longTermCredentials(username, sharedSecret)
+	return username, password, err
+}
+
+func longTermCredentials(username string, sharedSecret string) (string, error) {
+	mac := hmac.New(sha1.New, []byte(sharedSecret))
+	_, err := mac.Write([]byte(username))
+	if err != nil {
+		return "", err // Not sure if this will ever happen
+	}
+	password := mac.Sum(nil)
+	return base64.StdEncoding.EncodeToString(password), nil
+}
+
+// NewAuthHandler returns a turn.AuthAuthHandler used with Long Term (or Time Windowed) Credentials.
+// https://tools.ietf.org/search/rfc5389#section-10.2
+func NewLongTermAuthHandler(sharedSecret string, l logging.LeveledLogger) AuthHandler {
+	if l == nil {
+		l = logging.NewDefaultLoggerFactory().NewLogger("turn")
+	}
+	return func(username, realm string, srcAddr net.Addr) (key []byte, ok bool) {
+		l.Tracef("Authentication username=%q realm=%q srcAddr=%v\n", username, realm, srcAddr)
+		t, err := strconv.Atoi(username)
+		if err != nil {
+			l.Errorf("Invalid time-windowed username %q", username)
+			return nil, false
+		}
+		if int64(t) < time.Now().Unix() {
+			l.Errorf("Expired time-windowed username %q", username)
+			return nil, false
+		}
+		password, err := longTermCredentials(username, sharedSecret)
+		if err != nil {
+			l.Error(err.Error())
+			return nil, false
+		}
+		return GenerateAuthKey(username, realm, password), true
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/relay_address_generator_none.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/relay_address_generator_none.go
new file mode 100644
index 000000000..6fab06105
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/relay_address_generator_none.go
@@ -0,0 +1,45 @@
+package turn
+
+import (
+	"net"
+	"strconv"
+
+	"github.com/pion/transport/vnet"
+)
+
+// RelayAddressGeneratorNone returns the listener with no modifications
+type RelayAddressGeneratorNone struct {
+	// Address is passed to Listen/ListenPacket when creating the Relay
+	Address string
+
+	Net *vnet.Net
+}
+
+// Validate is caled on server startup and confirms the RelayAddressGenerator is properly configured
+func (r *RelayAddressGeneratorNone) Validate() error {
+	if r.Net == nil {
+		r.Net = vnet.NewNet(nil)
+	}
+
+	switch {
+	case r.Address == "":
+		return errListeningAddressInvalid
+	default:
+		return nil
+	}
+}
+
+// AllocatePacketConn generates a new PacketConn to receive traffic on and the IP/Port to populate the allocation response with
+func (r *RelayAddressGeneratorNone) AllocatePacketConn(network string, requestedPort int) (net.PacketConn, net.Addr, error) {
+	conn, err := r.Net.ListenPacket(network, r.Address+":"+strconv.Itoa(requestedPort))
+	if err != nil {
+		return nil, nil, err
+	}
+
+	return conn, conn.LocalAddr(), nil
+}
+
+// AllocateConn generates a new Conn to receive traffic on and the IP/Port to populate the allocation response with
+func (r *RelayAddressGeneratorNone) AllocateConn(network string, requestedPort int) (net.Conn, net.Addr, error) {
+	return nil, nil, errTODO
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/relay_address_generator_range.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/relay_address_generator_range.go
new file mode 100644
index 000000000..9f95429e2
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/relay_address_generator_range.go
@@ -0,0 +1,92 @@
+package turn
+
+import (
+	"fmt"
+	"net"
+
+	"github.com/pion/randutil"
+	"github.com/pion/transport/vnet"
+)
+
+// RelayAddressGeneratorPortRange can be used to only allocate connections inside a defined port range.
+// Similar to the RelayAddressGeneratorStatic a static ip address can be set.
+type RelayAddressGeneratorPortRange struct {
+	// RelayAddress is the IP returned to the user when the relay is created
+	RelayAddress net.IP
+
+	// MinPort the minimum port to allocate
+	MinPort uint16
+	// MaxPort the maximum (inclusive) port to allocate
+	MaxPort uint16
+
+	// MaxRetries the amount of tries to allocate a random port in the defined range
+	MaxRetries int
+
+	// Rand the random source of numbers
+	Rand randutil.MathRandomGenerator
+
+	// Address is passed to Listen/ListenPacket when creating the Relay
+	Address string
+
+	Net *vnet.Net
+}
+
+// Validate is called on server startup and confirms the RelayAddressGenerator is properly configured
+func (r *RelayAddressGeneratorPortRange) Validate() error {
+	if r.Net == nil {
+		r.Net = vnet.NewNet(nil)
+	}
+
+	if r.Rand == nil {
+		r.Rand = randutil.NewMathRandomGenerator()
+	}
+
+	if r.MaxRetries == 0 {
+		r.MaxRetries = 10
+	}
+
+	switch {
+	case r.MinPort == 0:
+		return errMinPortNotZero
+	case r.MaxPort == 0:
+		return errMaxPortNotZero
+	case r.RelayAddress == nil:
+		return errRelayAddressInvalid
+	case r.Address == "":
+		return errListeningAddressInvalid
+	default:
+		return nil
+	}
+}
+
+// AllocatePacketConn generates a new PacketConn to receive traffic on and the IP/Port to populate the allocation response with
+func (r *RelayAddressGeneratorPortRange) AllocatePacketConn(network string, requestedPort int) (net.PacketConn, net.Addr, error) {
+	if requestedPort != 0 {
+		conn, err := r.Net.ListenPacket(network, fmt.Sprintf("%s:%d", r.Address, requestedPort))
+		if err != nil {
+			return nil, nil, err
+		}
+		relayAddr := conn.LocalAddr().(*net.UDPAddr)
+		relayAddr.IP = r.RelayAddress
+		return conn, relayAddr, nil
+	}
+
+	for try := 0; try < r.MaxRetries; try++ {
+		port := r.MinPort + uint16(r.Rand.Intn(int((r.MaxPort+1)-r.MinPort)))
+		conn, err := r.Net.ListenPacket(network, fmt.Sprintf("%s:%d", r.Address, port))
+		if err != nil {
+			continue
+		}
+
+		relayAddr := conn.LocalAddr().(*net.UDPAddr)
+		relayAddr.IP = r.RelayAddress
+		return conn, relayAddr, nil
+	}
+
+	return nil, nil, errMaxRetriesExceeded
+}
+
+// AllocateConn generates a new Conn to receive traffic on and the IP/Port to populate the allocation response with
+func (r *RelayAddressGeneratorPortRange) AllocateConn(network string, requestedPort int) (net.Conn, net.Addr, error) {
+	return nil, nil, errTODO
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/relay_address_generator_static.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/relay_address_generator_static.go
new file mode 100644
index 000000000..ae921e7f2
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/relay_address_generator_static.go
@@ -0,0 +1,55 @@
+package turn
+
+import (
+	"net"
+	"strconv"
+
+	"github.com/pion/transport/vnet"
+)
+
+// RelayAddressGeneratorStatic can be used to return static IP address each time a relay is created.
+// This can be used when you have a single static IP address that you want to use
+type RelayAddressGeneratorStatic struct {
+	// RelayAddress is the IP returned to the user when the relay is created
+	RelayAddress net.IP
+
+	// Address is passed to Listen/ListenPacket when creating the Relay
+	Address string
+
+	Net *vnet.Net
+}
+
+// Validate is caled on server startup and confirms the RelayAddressGenerator is properly configured
+func (r *RelayAddressGeneratorStatic) Validate() error {
+	if r.Net == nil {
+		r.Net = vnet.NewNet(nil)
+	}
+
+	switch {
+	case r.RelayAddress == nil:
+		return errRelayAddressInvalid
+	case r.Address == "":
+		return errListeningAddressInvalid
+	default:
+		return nil
+	}
+}
+
+// AllocatePacketConn generates a new PacketConn to receive traffic on and the IP/Port to populate the allocation response with
+func (r *RelayAddressGeneratorStatic) AllocatePacketConn(network string, requestedPort int) (net.PacketConn, net.Addr, error) {
+	conn, err := r.Net.ListenPacket(network, r.Address+":"+strconv.Itoa(requestedPort))
+	if err != nil {
+		return nil, nil, err
+	}
+
+	// Replace actual listening IP with the user requested one of RelayAddressGeneratorStatic
+	relayAddr := conn.LocalAddr().(*net.UDPAddr)
+	relayAddr.IP = r.RelayAddress
+
+	return conn, relayAddr, nil
+}
+
+// AllocateConn generates a new Conn to receive traffic on and the IP/Port to populate the allocation response with
+func (r *RelayAddressGeneratorStatic) AllocateConn(network string, requestedPort int) (net.Conn, net.Addr, error) {
+	return nil, nil, errTODO
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/renovate.json b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/renovate.json
new file mode 100644
index 000000000..4400fd9b2
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/renovate.json
@@ -0,0 +1,15 @@
+{
+  "extends": [
+    "config:base"
+  ],
+  "postUpdateOptions": [
+    "gomodTidy"
+  ],
+  "commitBody": "Generated by renovateBot",
+  "packageRules": [
+    {
+      "packagePatterns": ["^golang.org/x/"],
+      "schedule": ["on the first day of the month"]
+    }
+  ]
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/server.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/server.go
new file mode 100644
index 000000000..c8deba81c
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/server.go
@@ -0,0 +1,161 @@
+// Package turn contains the public API for pion/turn, a toolkit for building TURN clients and servers
+package turn
+
+import (
+	"fmt"
+	"net"
+	"sync"
+	"time"
+
+	"github.com/pion/logging"
+	"github.com/pion/turn/v2/internal/allocation"
+	"github.com/pion/turn/v2/internal/proto"
+	"github.com/pion/turn/v2/internal/server"
+)
+
+const (
+	inboundMTU = 1500
+)
+
+// Server is an instance of the Pion TURN Server
+type Server struct {
+	log                logging.LeveledLogger
+	authHandler        AuthHandler
+	realm              string
+	channelBindTimeout time.Duration
+	nonces             *sync.Map
+
+	packetConnConfigs []PacketConnConfig
+	listenerConfigs   []ListenerConfig
+}
+
+// NewServer creates the Pion TURN server
+func NewServer(config ServerConfig) (*Server, error) {
+	if err := config.validate(); err != nil {
+		return nil, err
+	}
+
+	loggerFactory := config.LoggerFactory
+	if loggerFactory == nil {
+		loggerFactory = logging.NewDefaultLoggerFactory()
+	}
+
+	s := &Server{
+		log:                loggerFactory.NewLogger("turn"),
+		authHandler:        config.AuthHandler,
+		realm:              config.Realm,
+		channelBindTimeout: config.ChannelBindTimeout,
+		packetConnConfigs:  config.PacketConnConfigs,
+		listenerConfigs:    config.ListenerConfigs,
+		nonces:             &sync.Map{},
+	}
+
+	if s.channelBindTimeout == 0 {
+		s.channelBindTimeout = proto.DefaultLifetime
+	}
+
+	for i := range s.packetConnConfigs {
+		go func(p PacketConnConfig) {
+			allocationManager, err := allocation.NewManager(allocation.ManagerConfig{
+				AllocatePacketConn: p.RelayAddressGenerator.AllocatePacketConn,
+				AllocateConn:       p.RelayAddressGenerator.AllocateConn,
+				LeveledLogger:      s.log,
+			})
+			if err != nil {
+				s.log.Errorf("exit read loop on error: %s", err.Error())
+				return
+			}
+			defer func() {
+				if err := allocationManager.Close(); err != nil {
+					s.log.Errorf("Failed to close AllocationManager: %s", err.Error())
+				}
+			}()
+
+			s.readLoop(p.PacketConn, allocationManager)
+		}(s.packetConnConfigs[i])
+	}
+
+	for _, listener := range s.listenerConfigs {
+		go func(l ListenerConfig) {
+			allocationManager, err := allocation.NewManager(allocation.ManagerConfig{
+				AllocatePacketConn: l.RelayAddressGenerator.AllocatePacketConn,
+				AllocateConn:       l.RelayAddressGenerator.AllocateConn,
+				LeveledLogger:      s.log,
+			})
+			if err != nil {
+				s.log.Errorf("exit read loop on error: %s", err.Error())
+				return
+			}
+			defer func() {
+				if err := allocationManager.Close(); err != nil {
+					s.log.Errorf("Failed to close AllocationManager: %s", err.Error())
+				}
+			}()
+
+			for {
+				conn, err := l.Listener.Accept()
+				if err != nil {
+					s.log.Debugf("exit accept loop on error: %s", err.Error())
+					return
+				}
+
+				go s.readLoop(NewSTUNConn(conn), allocationManager)
+			}
+		}(listener)
+	}
+
+	return s, nil
+}
+
+// Close stops the TURN Server. It cleans up any associated state and closes all connections it is managing
+func (s *Server) Close() error {
+	var errors []error
+
+	for _, p := range s.packetConnConfigs {
+		if err := p.PacketConn.Close(); err != nil {
+			errors = append(errors, err)
+		}
+	}
+
+	for _, l := range s.listenerConfigs {
+		if err := l.Listener.Close(); err != nil {
+			errors = append(errors, err)
+		}
+	}
+
+	if len(errors) == 0 {
+		return nil
+	}
+
+	err := errFailedToClose
+	for _, e := range errors {
+		err = fmt.Errorf("%s; Close error (%v) ", err.Error(), e) //nolint:goerr113
+	}
+
+	return err
+}
+
+func (s *Server) readLoop(p net.PacketConn, allocationManager *allocation.Manager) {
+	buf := make([]byte, inboundMTU)
+	for {
+		n, addr, err := p.ReadFrom(buf)
+		if err != nil {
+			s.log.Debugf("exit read loop on error: %s", err.Error())
+			return
+		}
+
+		if err := server.HandleRequest(server.Request{
+			Conn:               p,
+			SrcAddr:            addr,
+			Buff:               buf[:n],
+			Log:                s.log,
+			AuthHandler:        s.authHandler,
+			Realm:              s.realm,
+			AllocationManager:  allocationManager,
+			ChannelBindTimeout: s.channelBindTimeout,
+			Nonces:             s.nonces,
+		}); err != nil {
+			s.log.Errorf("error when handling datagram: %v", err)
+		}
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/server_config.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/server_config.go
new file mode 100644
index 000000000..9ff3872f4
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/server_config.go
@@ -0,0 +1,116 @@
+package turn
+
+import (
+	"crypto/md5" //nolint:gosec,gci
+	"fmt"
+	"net"
+	"strings"
+	"time"
+
+	"github.com/pion/logging"
+)
+
+// RelayAddressGenerator is used to generate a RelayAddress when creating an allocation.
+// You can use one of the provided ones or provide your own.
+type RelayAddressGenerator interface {
+	// Validate confirms that the RelayAddressGenerator is properly initialized
+	Validate() error
+
+	// Allocate a PacketConn (UDP) RelayAddress
+	AllocatePacketConn(network string, requestedPort int) (net.PacketConn, net.Addr, error)
+
+	// Allocate a Conn (TCP) RelayAddress
+	AllocateConn(network string, requestedPort int) (net.Conn, net.Addr, error)
+}
+
+// PacketConnConfig is a single net.PacketConn to listen/write on. This will be used for UDP listeners
+type PacketConnConfig struct {
+	PacketConn net.PacketConn
+
+	// When an allocation is generated the RelayAddressGenerator
+	// creates the net.PacketConn and returns the IP/Port it is available at
+	RelayAddressGenerator RelayAddressGenerator
+}
+
+func (c *PacketConnConfig) validate() error {
+	if c.PacketConn == nil {
+		return errConnUnset
+	}
+	if c.RelayAddressGenerator == nil {
+		return errRelayAddressGeneratorUnset
+	}
+
+	return c.RelayAddressGenerator.Validate()
+}
+
+// ListenerConfig is a single net.Listener to accept connections on. This will be used for TCP, TLS and DTLS listeners
+type ListenerConfig struct {
+	Listener net.Listener
+
+	// When an allocation is generated the RelayAddressGenerator
+	// creates the net.PacketConn and returns the IP/Port it is available at
+	RelayAddressGenerator RelayAddressGenerator
+}
+
+func (c *ListenerConfig) validate() error {
+	if c.Listener == nil {
+		return errListenerUnset
+	}
+
+	if c.RelayAddressGenerator == nil {
+		return errRelayAddressGeneratorUnset
+	}
+
+	return c.RelayAddressGenerator.Validate()
+}
+
+// AuthHandler is a callback used to handle incoming auth requests, allowing users to customize Pion TURN with custom behavior
+type AuthHandler func(username, realm string, srcAddr net.Addr) (key []byte, ok bool)
+
+// GenerateAuthKey is a convince function to easily generate keys in the format used by AuthHandler
+func GenerateAuthKey(username, realm, password string) []byte {
+	// #nosec
+	h := md5.New()
+	fmt.Fprint(h, strings.Join([]string{username, realm, password}, ":"))
+	return h.Sum(nil)
+}
+
+// ServerConfig configures the Pion TURN Server
+type ServerConfig struct {
+	// PacketConnConfigs and ListenerConfigs are a list of all the turn listeners
+	// Each listener can have custom behavior around the creation of Relays
+	PacketConnConfigs []PacketConnConfig
+	ListenerConfigs   []ListenerConfig
+
+	// LoggerFactory must be set for logging from this server.
+	LoggerFactory logging.LoggerFactory
+
+	// Realm sets the realm for this server
+	Realm string
+
+	// AuthHandler is a callback used to handle incoming auth requests, allowing users to customize Pion TURN with custom behavior
+	AuthHandler AuthHandler
+
+	// ChannelBindTimeout sets the lifetime of channel binding. Defaults to 10 minutes.
+	ChannelBindTimeout time.Duration
+}
+
+func (s *ServerConfig) validate() error {
+	if len(s.PacketConnConfigs) == 0 && len(s.ListenerConfigs) == 0 {
+		return errNoAvailableConns
+	}
+
+	for _, s := range s.PacketConnConfigs {
+		if err := s.validate(); err != nil {
+			return err
+		}
+	}
+
+	for _, s := range s.ListenerConfigs {
+		if err := s.validate(); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/stun_conn.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/stun_conn.go
new file mode 100644
index 000000000..e1446bd10
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/turn/v2/stun_conn.go
@@ -0,0 +1,121 @@
+package turn
+
+import (
+	"encoding/binary"
+	"errors"
+	"net"
+	"time"
+
+	"github.com/pion/stun"
+	"github.com/pion/turn/v2/internal/proto"
+)
+
+var (
+	errInvalidTURNFrame    = errors.New("data is not a valid TURN frame, no STUN or ChannelData found")
+	errIncompleteTURNFrame = errors.New("data contains incomplete STUN or TURN frame")
+)
+
+// STUNConn wraps a net.Conn and implements
+// net.PacketConn by being STUN aware and
+// packetizing the stream
+type STUNConn struct {
+	nextConn net.Conn
+	buff     []byte
+}
+
+const (
+	stunHeaderSize = 20
+
+	channelDataLengthSize = 2
+	channelDataNumberSize = channelDataLengthSize
+	channelDataHeaderSize = channelDataLengthSize + channelDataNumberSize
+	channelDataPadding    = 4
+)
+
+// Given a buffer give the last offset of the TURN frame
+// If the buffer isn't a valid STUN or ChannelData packet
+// or the length doesn't match return false
+func consumeSingleTURNFrame(p []byte) (int, error) {
+	// Too short to determine if ChannelData or STUN
+	if len(p) < 9 {
+		return 0, errIncompleteTURNFrame
+	}
+
+	var datagramSize uint16
+	if stun.IsMessage(p) {
+		datagramSize = binary.BigEndian.Uint16(p[2:4]) + stunHeaderSize
+	} else if num := binary.BigEndian.Uint16(p[0:4]); proto.ChannelNumber(num).Valid() {
+		datagramSize = binary.BigEndian.Uint16(p[channelDataNumberSize:channelDataHeaderSize])
+		if paddingOverflow := (datagramSize + channelDataPadding) % channelDataPadding; paddingOverflow != 0 {
+			datagramSize = (datagramSize + channelDataPadding) - paddingOverflow
+		}
+
+		datagramSize += channelDataHeaderSize
+	} else {
+		return 0, errInvalidTURNFrame
+	}
+
+	if len(p) < int(datagramSize) {
+		return 0, errIncompleteTURNFrame
+	}
+
+	return int(datagramSize), nil
+}
+
+// ReadFrom implements ReadFrom from net.PacketConn
+func (s *STUNConn) ReadFrom(p []byte) (n int, addr net.Addr, err error) {
+	// First pass any buffered data from previous reads
+	n, err = consumeSingleTURNFrame(s.buff)
+	if errors.Is(err, errInvalidTURNFrame) {
+		return 0, nil, err
+	} else if err == nil {
+		copy(p, s.buff[:n])
+		s.buff = s.buff[n:]
+
+		return n, s.nextConn.RemoteAddr(), nil
+	}
+
+	// Then read from the nextConn, appending to our buff
+	n, err = s.nextConn.Read(p)
+	if err != nil {
+		return 0, nil, err
+	}
+
+	s.buff = append(s.buff, append([]byte{}, p[:n]...)...)
+	return s.ReadFrom(p)
+}
+
+// WriteTo implements WriteTo from net.PacketConn
+func (s *STUNConn) WriteTo(p []byte, addr net.Addr) (n int, err error) {
+	return s.nextConn.Write(p)
+}
+
+// Close implements Close from net.PacketConn
+func (s *STUNConn) Close() error {
+	return s.nextConn.Close()
+}
+
+// LocalAddr implements LocalAddr from net.PacketConn
+func (s *STUNConn) LocalAddr() net.Addr {
+	return s.nextConn.LocalAddr()
+}
+
+// SetDeadline implements SetDeadline from net.PacketConn
+func (s *STUNConn) SetDeadline(t time.Time) error {
+	return s.nextConn.SetDeadline(t)
+}
+
+// SetReadDeadline implements SetReadDeadline from net.PacketConn
+func (s *STUNConn) SetReadDeadline(t time.Time) error {
+	return s.nextConn.SetReadDeadline(t)
+}
+
+// SetWriteDeadline implements SetWriteDeadline from net.PacketConn
+func (s *STUNConn) SetWriteDeadline(t time.Time) error {
+	return s.nextConn.SetWriteDeadline(t)
+}
+
+// NewSTUNConn creates a STUNConn
+func NewSTUNConn(nextConn net.Conn) *STUNConn {
+	return &STUNConn{nextConn: nextConn}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/udp/.gitignore b/trunk/3rdparty/srs-bench/vendor/github.com/pion/udp/.gitignore
new file mode 100644
index 000000000..f7b34922f
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/udp/.gitignore
@@ -0,0 +1,15 @@
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+
+# Test binary, built with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Dependency directories (remove the comment below to include it)
+# vendor/
\ No newline at end of file
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/udp/.golangci.yml b/trunk/3rdparty/srs-bench/vendor/github.com/pion/udp/.golangci.yml
new file mode 100644
index 000000000..1387b5576
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/udp/.golangci.yml
@@ -0,0 +1,12 @@
+linters-settings:
+  govet:
+    check-shadowing: true
+  misspell:
+    locale: US
+
+linters:
+  enable-all: true
+  disable:
+
+issues:
+  exclude-use-default: false
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/udp/LICENSE b/trunk/3rdparty/srs-bench/vendor/github.com/pion/udp/LICENSE
new file mode 100644
index 000000000..81f990d60
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/udp/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2020
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/udp/README.md b/trunk/3rdparty/srs-bench/vendor/github.com/pion/udp/README.md
new file mode 100644
index 000000000..f96659f10
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/udp/README.md
@@ -0,0 +1,39 @@
+<h1 align="center">
+  <br>
+  Pion UDP
+  <br>
+</h1>
+<h4 align="center">A connection-oriented listener over a UDP PacketConn</h4>
+<p align="center">
+  <a href="https://pion.ly"><img src="https://img.shields.io/badge/pion-udp-gray.svg?longCache=true&colorB=brightgreen" alt="Pion UDP"></a>
+  <!--<a href="https://sourcegraph.com/github.com/pion/webrtc?badge"><img src="https://sourcegraph.com/github.com/pion/webrtc/-/badge.svg" alt="Sourcegraph Widget"></a>-->
+  <a href="https://pion.ly/slack"><img src="https://img.shields.io/badge/join-us%20on%20slack-gray.svg?longCache=true&logo=slack&colorB=brightgreen" alt="Slack Widget"></a>
+  <br>
+  <a href="https://travis-ci.org/pion/udp"><img src="https://travis-ci.org/pion/udp.svg?branch=master" alt="Build Status"></a>
+  <a href="https://pkg.go.dev/github.com/pion/udp"><img src="https://godoc.org/github.com/pion/udp?status.svg" alt="GoDoc"></a>
+  <a href="https://codecov.io/gh/pion/udp"><img src="https://codecov.io/gh/pion/udp/branch/master/graph/badge.svg" alt="Coverage Status"></a>
+  <a href="https://goreportcard.com/report/github.com/pion/udp"><img src="https://goreportcard.com/badge/github.com/pion/udp" alt="Go Report Card"></a>
+  <!--<a href="https://www.codacy.com/app/Sean-Der/webrtc"><img src="https://api.codacy.com/project/badge/Grade/18f4aec384894e6aac0b94effe51961d" alt="Codacy Badge"></a>-->
+  <a href="LICENSE"><img src="https://img.shields.io/badge/License-MIT-yellow.svg" alt="License: MIT"></a>
+</p>
+<br>
+
+### Roadmap
+This package is used in the [DTLS](https://github.com/pion/dtls) and [SCTP](https://github.com/pion/sctp) transport to provide a connection-oriented listener over a UDP.
+
+### Community
+Pion has an active community on the [Golang Slack](https://pion.ly/slack/). You can also use [Pion mailing list](https://groups.google.com/forum/#!forum/pion).
+
+We are always looking to support **your projects**. Please reach out if you have something to build!
+
+If you need commercial support or don't want to use public methods you can contact us at [team@pion.ly](mailto:team@pion.ly)
+
+### Contributing
+Check out the **[contributing wiki](https://github.com/pion/webrtc/wiki/Contributing)** to join the group of amazing people making this project possible:
+
+* [Sean DuBois](https://github.com/Sean-Der) - *Original Author*
+* [Michiel De Backker](https://github.com/backkem) - *Original Author*
+* [Atsushi Watanabe](https://github.com/at-wat) - *Original Author*
+
+### License
+MIT License - see [LICENSE](LICENSE) for full text
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/udp/conn.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/udp/conn.go
new file mode 100644
index 000000000..9f680e83c
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/udp/conn.go
@@ -0,0 +1,296 @@
+// Package udp provides a connection-oriented listener over a UDP PacketConn
+package udp
+
+import (
+	"context"
+	"errors"
+	"net"
+	"sync"
+	"sync/atomic"
+	"time"
+
+	"github.com/pion/transport/deadline"
+	"github.com/pion/transport/packetio"
+)
+
+const receiveMTU = 8192
+const defaultListenBacklog = 128 // same as Linux default
+
+var errClosedListener = errors.New("udp: listener closed")
+var errListenQueueExceeded = errors.New("udp: listen queue exceeded")
+
+// listener augments a connection-oriented Listener over a UDP PacketConn
+type listener struct {
+	pConn *net.UDPConn
+
+	accepting    atomic.Value // bool
+	acceptCh     chan *Conn
+	doneCh       chan struct{}
+	doneOnce     sync.Once
+	acceptFilter func([]byte) bool
+
+	connLock sync.Mutex
+	conns    map[string]*Conn
+	connWG   sync.WaitGroup
+
+	readWG   sync.WaitGroup
+	errClose atomic.Value // error
+}
+
+// Accept waits for and returns the next connection to the listener.
+func (l *listener) Accept() (net.Conn, error) {
+	select {
+	case c := <-l.acceptCh:
+		l.connWG.Add(1)
+		return c, nil
+
+	case <-l.doneCh:
+		return nil, errClosedListener
+	}
+}
+
+// Close closes the listener.
+// Any blocked Accept operations will be unblocked and return errors.
+func (l *listener) Close() error {
+	var err error
+	l.doneOnce.Do(func() {
+		l.accepting.Store(false)
+		close(l.doneCh)
+
+		l.connLock.Lock()
+		// Close unaccepted connections
+	L_CLOSE:
+		for {
+			select {
+			case c := <-l.acceptCh:
+				close(c.doneCh)
+				delete(l.conns, c.rAddr.String())
+
+			default:
+				break L_CLOSE
+			}
+		}
+		nConns := len(l.conns)
+		l.connLock.Unlock()
+
+		l.connWG.Done()
+
+		if nConns == 0 {
+			// Wait if this is the final connection
+			l.readWG.Wait()
+			if errClose, ok := l.errClose.Load().(error); ok {
+				err = errClose
+			}
+		} else {
+			err = nil
+		}
+	})
+
+	return err
+}
+
+// Addr returns the listener's network address.
+func (l *listener) Addr() net.Addr {
+	return l.pConn.LocalAddr()
+}
+
+// ListenConfig stores options for listening to an address.
+type ListenConfig struct {
+	// Backlog defines the maximum length of the queue of pending
+	// connections. It is equivalent of the backlog argument of
+	// POSIX listen function.
+	// If a connection request arrives when the queue is full,
+	// the request will be silently discarded, unlike TCP.
+	// Set zero to use default value 128 which is same as Linux default.
+	Backlog int
+
+	// AcceptFilter determines whether the new conn should be made for
+	// the incoming packet. If not set, any packet creates new conn.
+	AcceptFilter func([]byte) bool
+}
+
+// Listen creates a new listener based on the ListenConfig.
+func (lc *ListenConfig) Listen(network string, laddr *net.UDPAddr) (net.Listener, error) {
+	if lc.Backlog == 0 {
+		lc.Backlog = defaultListenBacklog
+	}
+
+	conn, err := net.ListenUDP(network, laddr)
+	if err != nil {
+		return nil, err
+	}
+
+	l := &listener{
+		pConn:        conn,
+		acceptCh:     make(chan *Conn, lc.Backlog),
+		conns:        make(map[string]*Conn),
+		doneCh:       make(chan struct{}),
+		acceptFilter: lc.AcceptFilter,
+	}
+	l.accepting.Store(true)
+	l.connWG.Add(1)
+	l.readWG.Add(2) // wait readLoop and Close execution routine
+
+	go l.readLoop()
+	go func() {
+		l.connWG.Wait()
+		if err := l.pConn.Close(); err != nil {
+			l.errClose.Store(err)
+		}
+		l.readWG.Done()
+	}()
+
+	return l, nil
+}
+
+// Listen creates a new listener using default ListenConfig.
+func Listen(network string, laddr *net.UDPAddr) (net.Listener, error) {
+	return (&ListenConfig{}).Listen(network, laddr)
+}
+
+var readBufferPool = &sync.Pool{
+	New: func() interface{} {
+		buf := make([]byte, receiveMTU)
+		return &buf
+	},
+}
+
+// readLoop has to tasks:
+// 1. Dispatching incoming packets to the correct Conn.
+//    It can therefore not be ended until all Conns are closed.
+// 2. Creating a new Conn when receiving from a new remote.
+func (l *listener) readLoop() {
+	defer l.readWG.Done()
+
+	for {
+		buf := *(readBufferPool.Get().(*[]byte))
+		n, raddr, err := l.pConn.ReadFrom(buf)
+		if err != nil {
+			return
+		}
+		conn, ok, err := l.getConn(raddr, buf[:n])
+		if err != nil {
+			continue
+		}
+		if ok {
+			_, _ = conn.buffer.Write(buf[:n])
+		}
+	}
+}
+
+func (l *listener) getConn(raddr net.Addr, buf []byte) (*Conn, bool, error) {
+	l.connLock.Lock()
+	defer l.connLock.Unlock()
+	conn, ok := l.conns[raddr.String()]
+	if !ok {
+		if !l.accepting.Load().(bool) {
+			return nil, false, errClosedListener
+		}
+		if l.acceptFilter != nil {
+			if !l.acceptFilter(buf) {
+				return nil, false, nil
+			}
+		}
+		conn = l.newConn(raddr)
+		select {
+		case l.acceptCh <- conn:
+			l.conns[raddr.String()] = conn
+		default:
+			return nil, false, errListenQueueExceeded
+		}
+	}
+	return conn, true, nil
+}
+
+// Conn augments a connection-oriented connection over a UDP PacketConn
+type Conn struct {
+	listener *listener
+
+	rAddr net.Addr
+
+	buffer *packetio.Buffer
+
+	doneCh   chan struct{}
+	doneOnce sync.Once
+
+	writeDeadline *deadline.Deadline
+}
+
+func (l *listener) newConn(rAddr net.Addr) *Conn {
+	return &Conn{
+		listener:      l,
+		rAddr:         rAddr,
+		buffer:        packetio.NewBuffer(),
+		doneCh:        make(chan struct{}),
+		writeDeadline: deadline.New(),
+	}
+}
+
+// Read
+func (c *Conn) Read(p []byte) (int, error) {
+	return c.buffer.Read(p)
+}
+
+// Write writes len(p) bytes from p to the DTLS connection
+func (c *Conn) Write(p []byte) (n int, err error) {
+	select {
+	case <-c.writeDeadline.Done():
+		return 0, context.DeadlineExceeded
+	default:
+	}
+	return c.listener.pConn.WriteTo(p, c.rAddr)
+}
+
+// Close closes the conn and releases any Read calls
+func (c *Conn) Close() error {
+	var err error
+	c.doneOnce.Do(func() {
+		c.listener.connWG.Done()
+		close(c.doneCh)
+		c.listener.connLock.Lock()
+		delete(c.listener.conns, c.rAddr.String())
+		nConns := len(c.listener.conns)
+		c.listener.connLock.Unlock()
+
+		if nConns == 0 && !c.listener.accepting.Load().(bool) {
+			// Wait if this is the final connection
+			c.listener.readWG.Wait()
+			if errClose, ok := c.listener.errClose.Load().(error); ok {
+				err = errClose
+			}
+		} else {
+			err = nil
+		}
+	})
+
+	return err
+}
+
+// LocalAddr implements net.Conn.LocalAddr
+func (c *Conn) LocalAddr() net.Addr {
+	return c.listener.pConn.LocalAddr()
+}
+
+// RemoteAddr implements net.Conn.RemoteAddr
+func (c *Conn) RemoteAddr() net.Addr {
+	return c.rAddr
+}
+
+// SetDeadline implements net.Conn.SetDeadline
+func (c *Conn) SetDeadline(t time.Time) error {
+	c.writeDeadline.Set(t)
+	return c.SetReadDeadline(t)
+}
+
+// SetReadDeadline implements net.Conn.SetDeadline
+func (c *Conn) SetReadDeadline(t time.Time) error {
+	return c.buffer.SetReadDeadline(t)
+}
+
+// SetWriteDeadline implements net.Conn.SetDeadline
+func (c *Conn) SetWriteDeadline(t time.Time) error {
+	c.writeDeadline.Set(t)
+	// Write deadline of underlying connection should not be changed
+	// since the connection can be shared.
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/udp/go.mod b/trunk/3rdparty/srs-bench/vendor/github.com/pion/udp/go.mod
new file mode 100644
index 000000000..59289b648
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/udp/go.mod
@@ -0,0 +1,5 @@
+module github.com/pion/udp
+
+go 1.14
+
+require github.com/pion/transport v0.10.0
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/udp/go.sum b/trunk/3rdparty/srs-bench/vendor/github.com/pion/udp/go.sum
new file mode 100644
index 000000000..cd0abb22c
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/udp/go.sum
@@ -0,0 +1,19 @@
+github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/pion/logging v0.2.2/go.mod h1:k0/tDVsRCX2Mb2ZEmTqNa7CWsQPc+YYCB7Q+5pahoms=
+github.com/pion/transport v0.10.0 h1:9M12BSneJm6ggGhJyWpDveFOstJsTiQjkLf4M44rm80=
+github.com/pion/transport v0.10.0/go.mod h1:BnHnUipd0rZQyTVB2SBGojFHT9CBt5C5TcsJSQGkvSE=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H4=
+github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/net v0.0.0-20200226121028-0de0cce0169b h1:0mm1VjtFUOIlE1SbDlwjYaDxZVDP2S5ou6y0gSgXHu8=
+golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/.codacy.yaml b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/.codacy.yaml
new file mode 100644
index 000000000..a8c225b74
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/.codacy.yaml
@@ -0,0 +1,3 @@
+---
+exclude_paths:
+  - examples/examples.json
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/.eslintrc.json b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/.eslintrc.json
new file mode 100644
index 000000000..a755cdbfe
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/.eslintrc.json
@@ -0,0 +1,3 @@
+{
+  "extends": ["standard"]
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/.gitignore b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/.gitignore
new file mode 100644
index 000000000..83db74ba5
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/.gitignore
@@ -0,0 +1,24 @@
+### JetBrains IDE ###
+#####################
+.idea/
+
+### Emacs Temporary Files ###
+#############################
+*~
+
+### Folders ###
+###############
+bin/
+vendor/
+node_modules/
+
+### Files ###
+#############
+*.ivf
+*.ogg
+tags
+cover.out
+*.sw[poe]
+*.wasm
+examples/sfu-ws/cert.pem
+examples/sfu-ws/key.pem
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/.golangci.yml b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/.golangci.yml
new file mode 100644
index 000000000..d6162c970
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/.golangci.yml
@@ -0,0 +1,89 @@
+linters-settings:
+  govet:
+    check-shadowing: true
+  misspell:
+    locale: US
+  exhaustive:
+    default-signifies-exhaustive: true
+  gomodguard:
+    blocked:
+      modules:
+        - github.com/pkg/errors:
+            recommendations:
+            - errors
+
+linters:
+  enable:
+    - asciicheck       # Simple linter to check that your code does not contain non-ASCII identifiers
+    - bodyclose        # checks whether HTTP response body is closed successfully
+    - deadcode         # Finds unused code
+    - depguard         # Go linter that checks if package imports are in a list of acceptable packages
+    - dogsled          # Checks assignments with too many blank identifiers (e.g. x, _, _, _, := f())
+    - dupl             # Tool for code clone detection
+    - errcheck         # Errcheck is a program for checking for unchecked errors in go programs. These unchecked errors can be critical bugs in some cases
+    - exhaustive       # check exhaustiveness of enum switch statements
+    - exportloopref    # checks for pointers to enclosing loop variables
+    - gci              # Gci control golang package import order and make it always deterministic.
+    - gochecknoglobals # Checks that no globals are present in Go code
+    - gochecknoinits   # Checks that no init functions are present in Go code
+    - gocognit         # Computes and checks the cognitive complexity of functions
+    - goconst          # Finds repeated strings that could be replaced by a constant
+    - gocritic         # The most opinionated Go source code linter
+    - godox            # Tool for detection of FIXME, TODO and other comment keywords
+    - goerr113         # Golang linter to check the errors handling expressions
+    - gofmt            # Gofmt checks whether code was gofmt-ed. By default this tool runs with -s option to check for code simplification
+    - gofumpt          # Gofumpt checks whether code was gofumpt-ed.
+    - goheader         # Checks is file header matches to pattern
+    - goimports        # Goimports does everything that gofmt does. Additionally it checks unused imports
+    - golint           # Golint differs from gofmt. Gofmt reformats Go source code, whereas golint prints out style mistakes
+    - gomodguard       # Allow and block list linter for direct Go module dependencies. This is different from depguard where there are different block types for example version constraints and module recommendations.
+    - goprintffuncname # Checks that printf-like functions are named with `f` at the end
+    - gosec            # Inspects source code for security problems
+    - gosimple         # Linter for Go source code that specializes in simplifying a code
+    - govet            # Vet examines Go source code and reports suspicious constructs, such as Printf calls whose arguments do not align with the format string
+    - ineffassign      # Detects when assignments to existing variables are not used
+    - misspell         # Finds commonly misspelled English words in comments
+    - nakedret         # Finds naked returns in functions greater than a specified function length
+    - noctx            # noctx finds sending http request without context.Context
+    - scopelint        # Scopelint checks for unpinned variables in go programs
+    - staticcheck      # Staticcheck is a go vet on steroids, applying a ton of static analysis checks
+    - structcheck      # Finds unused struct fields
+    - stylecheck       # Stylecheck is a replacement for golint
+    - typecheck        # Like the front-end of a Go compiler, parses and type-checks Go code
+    - unconvert        # Remove unnecessary type conversions
+    - unparam          # Reports unused function parameters
+    - unused           # Checks Go code for unused constants, variables, functions and types
+    - varcheck         # Finds unused global variables and constants
+    - whitespace       # Tool for detection of leading and trailing whitespace
+  disable:
+    - funlen           # Tool for detection of long functions
+    - gocyclo          # Computes and checks the cyclomatic complexity of functions
+    - godot            # Check if comments end in a period
+    - gomnd            # An analyzer to detect magic numbers.
+    - lll              # Reports long lines
+    - maligned         # Tool to detect Go structs that would take less memory if their fields were sorted
+    - nestif           # Reports deeply nested if statements
+    - nlreturn         # nlreturn checks for a new line before return and branch statements to increase code clarity
+    - nolintlint       # Reports ill-formed or insufficient nolint directives
+    - prealloc         # Finds slice declarations that could potentially be preallocated
+    - rowserrcheck     # checks whether Err of rows is checked successfully
+    - sqlclosecheck    # Checks that sql.Rows and sql.Stmt are closed.
+    - testpackage      # linter that makes you use a separate _test package
+    - wsl              # Whitespace Linter - Forces you to use empty lines!
+
+issues:
+  exclude-use-default: false
+  exclude-rules:
+    # Allow complex tests, better to be self contained
+    - path: _test\.go
+      linters:
+        - gocognit
+
+    # Allow complex main function in examples
+    - path: examples
+      text: "of func `main` is high"
+      linters:
+        - gocognit
+
+run:
+  skip-dirs-use-default: false
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/DESIGN.md b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/DESIGN.md
new file mode 100644
index 000000000..e22b08e30
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/DESIGN.md
@@ -0,0 +1,43 @@
+<h1 align="center">
+  Design
+</h1>
+WebRTC is a powerful, but complicated technology you can build amazing things with, it comes with a steep learning curve though.
+Using WebRTC in the browser is easy, but outside the browser is more of a challenge. There are multiple libraries, and they all have
+varying levels of quality. Most are also difficult to build, and depend on libraries that aren't available in repos or portable.
+
+Pion WebRTC aims to solve all that! Built in native Go you should be able to send and receive media and text from anywhere with minimal headache.
+These are the design principals that drive Pion WebRTC and hopefully convince you it is worth a try.
+
+### Portable
+Pion WebRTC is written in Go and extremely portable. Anywhere Golang runs, Pion WebRTC should work as well! Instead of dealing with complicated
+cross-compiling of multiple libraries, you now can run anywhere with one `go build`
+
+### Flexible
+When possible we leave all decisions to the user. When choice is possible (like what logging library is used) we defer to the developer.
+
+### Simple API
+If you know how to use WebRTC in your browser, you know how to use Pion WebRTC.
+We try our best just to duplicate the Javascript API, so your code can look the same everywhere.
+
+If this is your first time using WebRTC, don't worry! We have multiple [examples](https://github.com/pion/webrtc/tree/master/examples) and [GoDoc](https://pkg.go.dev/github.com/pion/webrtc/v3)
+
+### Bring your own media
+Pion WebRTC doesn't make any assumptions about where your audio, video or text come from. You can use FFmpeg, GStreamer, MLT or just serve a video file.
+This library only serves to transport, not create media.
+
+### Safe
+Golang provides a great foundation to build safe network services.
+Especially when running a networked service that is highly concurrent bugs can be devastating.
+
+### Readable
+If code comes from an RFC we try to make sure everything is commented with a link to the spec.
+This makes learning and debugging easier, this WebRTC library was written to also serve as a guide for others.
+
+### Tested
+Every commit is tested via travis-ci Go provides fantastic facilities for testing, and more will be added as time goes on.
+
+### Shared libraries
+Every Pion project is built using shared libraries, allowing others to review and reuse our libraries.
+
+### Community
+The most important part of Pion is the community. This projects only exist because of individual contributions. We aim to be radically open and do everything we can to support those that make Pion possible.
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/LICENSE b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/LICENSE
new file mode 100644
index 000000000..ab602974d
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2018 
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/README.md b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/README.md
new file mode 100644
index 000000000..8aafa709e
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/README.md
@@ -0,0 +1,264 @@
+<h1 align="center">
+  <a href="https://pion.ly"><img src="./.github/pion-gopher-webrtc.png" alt="Pion WebRTC" height="250px"></a>
+  <br>
+  Pion WebRTC
+  <br>
+</h1>
+<h4 align="center">A pure Go implementation of the WebRTC API</h4>
+<p align="center">
+  <a href="https://pion.ly"><img src="https://img.shields.io/badge/pion-webrtc-gray.svg?longCache=true&colorB=brightgreen" alt="Pion webrtc"></a>
+  <a href="https://sourcegraph.com/github.com/pion/webrtc?badge"><img src="https://sourcegraph.com/github.com/pion/webrtc/-/badge.svg" alt="Sourcegraph Widget"></a>
+  <a href="https://pion.ly/slack"><img src="https://img.shields.io/badge/join-us%20on%20slack-gray.svg?longCache=true&logo=slack&colorB=brightgreen" alt="Slack Widget"></a>
+  <a href="https://twitter.com/_pion?ref_src=twsrc%5Etfw"><img src="https://img.shields.io/twitter/url.svg?label=Follow%20%40_pion&style=social&url=https%3A%2F%2Ftwitter.com%2F_pion" alt="Twitter Widget"></a>
+  <a href="https://github.com/pion/awesome-pion" alt="Awesome Pion"><img src="https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg"></a>
+  <br>
+  <a href="https://travis-ci.org/pion/webrtc"><img src="https://travis-ci.org/pion/webrtc.svg?branch=master" alt="Build Status"></a>
+  <a href="https://pkg.go.dev/github.com/pion/webrtc/v3"><img src="https://pkg.go.dev/badge/github.com/pion/webrtc/v3" alt="PkgGoDev"></a>
+  <a href="https://codecov.io/gh/pion/webrtc"><img src="https://codecov.io/gh/pion/webrtc/branch/master/graph/badge.svg" alt="Coverage Status"></a>
+  <a href="https://goreportcard.com/report/github.com/pion/webrtc"><img src="https://goreportcard.com/badge/github.com/pion/webrtc" alt="Go Report Card"></a>
+  <a href="https://www.codacy.com/app/Sean-Der/webrtc"><img src="https://api.codacy.com/project/badge/Grade/18f4aec384894e6aac0b94effe51961d" alt="Codacy Badge"></a>
+  <a href="LICENSE"><img src="https://img.shields.io/badge/License-MIT-yellow.svg" alt="License: MIT"></a>
+</p>
+<br>
+
+### New Release
+
+Pion WebRTC v3.0.0 has been released! See the [release notes](https://github.com/pion/webrtc/wiki/Release-WebRTC@v3.0.0) to learn about new features and breaking changes.
+
+If you aren't able to upgrade yet check the [tags](https://github.com/pion/webrtc/tags) for the latest `v2` release.
+
+We would love your feedback! Please create GitHub issues or join [the Slack channel](https://pion.ly/slack) to follow development and speak with the maintainers.
+
+----
+
+### Usage
+[Go Modules](https://blog.golang.org/using-go-modules) are mandatory for using Pion WebRTC. So make sure you set `export GO111MODULE=on`, and explicitly specify `/v2` or `/v3` when importing.
+
+
+**[example applications](examples/README.md)** contains code samples of common things people build with Pion WebRTC.
+
+**[example-webrtc-applications](https://github.com/pion/example-webrtc-applications)** contains more full featured examples that use 3rd party libraries.
+
+**[awesome-pion](https://github.com/pion/awesome-pion)** contains projects that have used Pion, and serve as real world examples of usage.
+
+**[GoDoc](https://pkg.go.dev/github.com/pion/webrtc/v3)** is an auto generated API reference. All our Public APIs are commented.
+
+**[FAQ](https://github.com/pion/webrtc/wiki/FAQ)** has answers to common questions. If you have a question not covered please ask in [Slack](https://pion.ly/slack) we are always looking to expand it.
+
+Now go build something awesome! Here are some **ideas** to get your creative juices flowing:
+* Send a video file to multiple browser in real time for perfectly synchronized movie watching.
+* Send a webcam on an embedded device to your browser with no additional server required!
+* Securely send data between two servers, without using pub/sub.
+* Record your webcam and do special effects server side.
+* Build a conferencing application that processes audio/video and make decisions off of it.
+* Remotely control a robots and stream its cameras in realtime.
+
+### Want to learn more about WebRTC?
+Check out [WebRTC for the Curious](https://webrtcforthecurious.com). A book about WebRTC in depth, not just about the APIs.
+Learn the full details of ICE, SCTP, DTLS, SRTP, and how they work together to make up the WebRTC stack.
+
+This is also a great resource if you are trying to debug. Learn the tools of the trade and how to approach WebRTC issues.
+
+This book is vendor agnostic and will not have any Pion specific information.
+
+### Features
+#### PeerConnection API
+* Go implementation of [webrtc-pc](https://w3c.github.io/webrtc-pc/) and [webrtc-stats](https://www.w3.org/TR/webrtc-stats/)
+* DataChannels
+* Send/Receive audio and video
+* Renegotiation
+* Plan-B and Unified Plan
+* [SettingEngine](https://pkg.go.dev/github.com/pion/webrtc/v3#SettingEngine) for Pion specific extensions
+
+
+#### Connectivity
+* Full ICE Agent
+* ICE Restart
+* Trickle ICE
+* STUN
+* TURN (UDP, TCP, DTLS and TLS)
+* mDNS candidates
+
+#### DataChannels
+* Ordered/Unordered
+* Lossy/Lossless
+
+#### Media
+* API with direct RTP/RTCP access
+* Opus, PCM, H264, VP8 and VP9 packetizer
+* API also allows developer to pass their own packetizer
+* IVF, Ogg, H264 and Matroska provided for easy sending and saving
+* [getUserMedia](https://github.com/pion/mediadevices) implementation (Requires Cgo)
+* Easy integration with x264, libvpx, GStreamer and ffmpeg.
+* [Simulcast](https://github.com/pion/webrtc/tree/master/examples/simulcast)
+* [SVC](https://github.com/pion/rtp/blob/master/codecs/vp9_packet.go#L138)
+* [NACK](https://github.com/pion/interceptor/pull/4)
+* Full loss recovery and congestion control is not complete, see [pion/interceptor](https://github.com/pion/interceptor) for progress
+  * See [ion](https://github.com/pion/ion-sfu/tree/master/pkg/buffer) for how an implementor can do it today
+
+#### Security
+* TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 and TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA for DTLS v1.2
+* SRTP_AEAD_AES_256_GCM and SRTP_AES128_CM_HMAC_SHA1_80 for SRTP
+* Hardware acceleration available for GCM suites
+
+#### Pure Go
+* No Cgo usage
+* Wide platform support
+  * Windows, macOS, Linux, FreeBSD
+  * iOS, Android
+  * [WASM](https://github.com/pion/webrtc/wiki/WebAssembly-Development-and-Testing) see [examples](examples/README.md#webassembly)
+  *  386, amd64, arm, mips, ppc64
+* Easy to build *Numbers generated on Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz*
+  * **Time to build examples/play-from-disk** - 0.66s user 0.20s system 306% cpu 0.279 total
+  * **Time to run entire test suite** - 25.60s user 9.40s system 45% cpu 1:16.69 total
+* Tools to measure performance [provided](https://github.com/pion/rtsp-bench)
+
+
+### Roadmap
+The library is in active development, please refer to the [roadmap](https://github.com/pion/webrtc/issues/9) to track our major milestones.
+We also maintain a list of [Big Ideas](https://github.com/pion/webrtc/wiki/Big-Ideas) these are things we want to build but don't have a clear plan or the resources yet.
+If you are looking to get involved this is a great place to get started! We would also love to hear your ideas! Even if you can't implement it yourself, it could inspire others.
+
+### Community
+Pion has an active community on the [Slack](https://pion.ly/slack).
+
+Follow the [Pion Twitter](https://twitter.com/_pion) for project updates and important WebRTC news.
+
+We are always looking to support **your projects**. Please reach out if you have something to build!
+If you need commercial support or don't want to use public methods you can contact us at [team@pion.ly](mailto:team@pion.ly)
+
+### Contributing
+Check out the **[contributing wiki](https://github.com/pion/webrtc/wiki/Contributing)** to join the group of amazing people making this project possible:
+
+* [John Bradley](https://github.com/kc5nra) - *Original Author*
+* [Michael Melvin Santry](https://github.com/santrym) - *Mascot*
+* [Raphael Randschau](https://github.com/nicolai86) - *STUN*
+* [Sean DuBois](https://github.com/Sean-Der) - *Original Author*
+* [Michiel De Backker](https://github.com/backkem) - *SDP, Public API, Project Management*
+* [Brendan Rius](https://github.com/brendanrius) - *Cleanup*
+* [Konstantin Itskov](https://github.com/trivigy) - *SDP Parsing*
+* [chenkaiC4](https://github.com/chenkaiC4) - *Fix GolangCI Linter*
+* [Ronan J](https://github.com/ronanj) - *Fix STCP PPID*
+* [wattanakorn495](https://github.com/wattanakorn495)
+* [Max Hawkins](https://github.com/maxhawkins) - *RTCP*
+* [Justin Okamoto](https://github.com/justinokamoto) - *Fix Docs*
+* [leeoxiang](https://github.com/notedit) - *Implement Janus examples*
+* [Denis](https://github.com/Hixon10) - *Adding docker-compose to pion-to-pion example*
+* [earle](https://github.com/aguilEA) - *Generate DTLS fingerprint in Go*
+* [Jake B](https://github.com/silbinarywolf) - *Fix Windows installation instructions*
+* [Michael MacDonald](https://github.com/mjmac) - *Plan B compatibility, Remote TURN/Trickle-ICE, Logging framework*
+* [Oleg Kovalov](https://github.com/cristaloleg) *Use wildcards instead of hardcoding travis-ci config*
+* [Woodrow Douglass](https://github.com/wdouglass) *RTCP, RTP improvements, G.722 support, Bugfixes*
+* [Tobias Fridén](https://github.com/tobiasfriden) *SRTP authentication verification*
+* [Yutaka Takeda](https://github.com/enobufs) *Fix ICE connection timeout*
+* [Hugo Arregui](https://github.com/hugoArregui) *Fix connection timeout*
+* [Rob Deutsch](https://github.com/rob-deutsch) *RTPReceiver graceful shutdown*
+* [Jin Lei](https://github.com/jinleileiking) - *SFU example use http*
+* [Will Watson](https://github.com/wwatson) - *Enable gocritic*
+* [Luke Curley](https://github.com/kixelated)
+* [Antoine Baché](https://github.com/Antonito) - *OGG Opus export*
+* [frank](https://github.com/feixiao) - *Building examples on OSX*
+* [mxmCherry](https://github.com/mxmCherry)
+* [Alex Browne](https://github.com/albrow) - *JavaScript/Wasm bindings*
+* [adwpc](https://github.com/adwpc) - *SFU example with websocket*
+* [imalic3](https://github.com/imalic3) - *SFU websocket example with datachannel broadcast*
+* [Žiga Željko](https://github.com/zigazeljko)
+* [Simonacca Fotokite](https://github.com/simonacca-fotokite)
+* [Marouane](https://github.com/nindolabs) *Fix Offer bundle generation*
+* [Christopher Fry](https://github.com/christopherfry)
+* [Adam Kiss](https://github.com/masterada)
+* [xsbchen](https://github.com/xsbchen)
+* [Alex Harford](https://github.com/alexjh)
+* [Aleksandr Razumov](https://github.com/ernado)
+* [mchlrhw](https://github.com/mchlrhw)
+* [AlexWoo(武杰)](https://github.com/AlexWoo) *Fix RemoteDescription parsing for certificate fingerprint*
+* [Cecylia Bocovich](https://github.com/cohosh)
+* [Slugalisk](https://github.com/slugalisk)
+* [Agugua Kenechukwu](https://github.com/spaceCh1mp)
+* [Ato Araki](https://github.com/atotto)
+* [Rafael Viscarra](https://github.com/rviscarra)
+* [Mike Coleman](https://github.com/fivebats)
+* [Suhas Gaddam](https://github.com/suhasgaddam)
+* [Atsushi Watanabe](https://github.com/at-wat)
+* [Robert Eperjesi](https://github.com/epes)
+* [Aaron France](https://github.com/AeroNotix)
+* [Gareth Hayes](https://github.com/gazhayes)
+* [Sebastian Waisbrot](https://github.com/seppo0010)
+* [Masataka Hisasue](https://github.com/sylba2050) - *Fix Docs*
+* [Hongchao Ma(马洪超)](https://github.com/hcm007)
+* [Aaron France](https://github.com/AeroNotix)
+* [Chris Hiszpanski](https://github.com/thinkski) - *Fix Answer bundle generation*
+* [Vicken Simonian](https://github.com/vsimon)
+* [Guilherme Souza](https://github.com/gqgs)
+* [Andrew N. Shalaev](https://github.com/isqad)
+* [David Hamilton](https://github.com/dihamilton)
+* [Ilya Mayorov](https://github.com/faroyam)
+* [Patrick Lange](https://github.com/langep)
+* [cyannuk](https://github.com/cyannuk)
+* [Lukas Herman](https://github.com/lherman-cs)
+* [Konstantin Chugalinskiy](https://github.com/kchugalinskiy)
+* [Bao Nguyen](https://github.com/sysbot)
+* [Luke S](https://github.com/encounter)
+* [Hendrik Hofstadt](https://github.com/hendrikhofstadt)
+* [Clayton McCray](https://github.com/ClaytonMcCray)
+* [lawl](https://github.com/lawl)
+* [Jorropo](https://github.com/Jorropo)
+* [Akil](https://github.com/akilude)
+* [Quentin Renard](https://github.com/asticode)
+* [opennota](https://github.com/opennota)
+* [Simon Eisenmann](https://github.com/longsleep)
+* [Ben Weitzman](https://github.com/benweitzman)
+* [Masahiro Nakamura](https://github.com/tsuu32)
+* [Tarrence van As](https://github.com/tarrencev)
+* [Yuki Igarashi](https://github.com/bonprosoft)
+* [Egon Elbre](https://github.com/egonelbre)
+* [Jerko Steiner](https://github.com/jeremija)
+* [Roman Romanenko](https://github.com/r-novel)
+* [YongXin SHI](https://github.com/a-wing)
+* [Magnus Wahlstrand](https://github.com/kyeett)
+* [Chad Retz](https://github.com/cretz)
+* [Simone Gotti](https://github.com/sgotti)
+* [Cedric Fung](https://github.com/cedricfung)
+* [Norman Rasmussen](https://github.com/normanr) - *Fix Empty DataChannel messages*
+* [salmān aljammāz](https://github.com/saljam)
+* [cnderrauber](https://github.com/cnderrauber)
+* [Juliusz Chroboczek](https://github.com/jech)
+* [John Berthels](https://github.com/jbert)
+* [Somers Matthews](https://github.com/somersbmatthews)
+* [Vitaliy F](https://github.com/funvit)
+* [Ivan Egorov](https://github.com/vany-egorov)
+* [Nick Mykins](https://github.com/nmyk)
+* [Jason Brady](https://github.com/jbrady42)
+* [krishna chiatanya](https://github.com/kittuov)
+* [JacobZwang](https://github.com/JacobZwang)
+* [박종훈](https://github.com/JonghunBok)
+* [Sam Lancia](https://github.com/nerd2)
+* [Henry](https://github.com/cryptix)
+* [Jeff Tchang](https://github.com/tachang)
+* [JooYoung Lim](https://github.com/DevRockstarZ)
+* [Sidney San Martín](https://github.com/s4y)
+* [soolaugust](https://github.com/soolaugust)
+* [Kuzmin Vladimir](https://github.com/tekig)
+* [Alessandro Ros](https://github.com/aler9)
+* [Thomas Miller](https://github.com/tmiv)
+* [yoko(q191201771)](https://github.com/q191201771)
+* [Joshua Obasaju](https://github.com/obasajujoshua31)
+* [Mission Liao](https://github.com/mission-liao)
+* [Hanjun Kim](https://github.com/hallazzang)
+* [ZHENK](https://github.com/scorpionknifes)
+* [Rahul Nakre](https://github.com/rahulnakre)
+* [OrlandoCo](https://github.com/OrlandoCo)
+* [Assad Obaid](https://github.com/assadobaid)
+* [Jamie Good](https://github.com/jamiegood) - *Bug fix in jsfiddle example*
+* [Artur Shellunts](https://github.com/ashellunts)
+* [Sean Knight](https://github.com/SeanKnight)
+* [o0olele](https://github.com/o0olele)
+* [Bo Shi](https://github.com/bshimc)
+* [Suzuki Takeo](https://github.com/BambooTuna)
+* [baiyufei](https://github.com/baiyufei)
+* [pascal-ace](https://github.com/pascal-ace)
+* [Threadnaught](https://github.com/Threadnaught)
+* [Dean Eigenmann](https://github.com/decanus)
+
+### License
+MIT License - see [LICENSE](LICENSE) for full text
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/api.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/api.go
new file mode 100644
index 000000000..60ac72809
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/api.go
@@ -0,0 +1,73 @@
+// +build !js
+
+package webrtc
+
+import (
+	"github.com/pion/interceptor"
+	"github.com/pion/logging"
+)
+
+// API bundles the global functions of the WebRTC and ORTC API.
+// Some of these functions are also exported globally using the
+// defaultAPI object. Note that the global version of the API
+// may be phased out in the future.
+type API struct {
+	settingEngine *SettingEngine
+	mediaEngine   *MediaEngine
+	interceptor   interceptor.Interceptor
+}
+
+// NewAPI Creates a new API object for keeping semi-global settings to WebRTC objects
+func NewAPI(options ...func(*API)) *API {
+	a := &API{}
+
+	for _, o := range options {
+		o(a)
+	}
+
+	if a.settingEngine == nil {
+		a.settingEngine = &SettingEngine{}
+	}
+
+	if a.settingEngine.LoggerFactory == nil {
+		a.settingEngine.LoggerFactory = logging.NewDefaultLoggerFactory()
+	}
+
+	if a.mediaEngine == nil {
+		a.mediaEngine = &MediaEngine{}
+	}
+
+	if a.interceptor == nil {
+		a.interceptor = &interceptor.NoOp{}
+	}
+
+	return a
+}
+
+// WithMediaEngine allows providing a MediaEngine to the API.
+// Settings can be changed after passing the engine to an API.
+func WithMediaEngine(m *MediaEngine) func(a *API) {
+	return func(a *API) {
+		if m != nil {
+			a.mediaEngine = m
+		} else {
+			a.mediaEngine = &MediaEngine{}
+		}
+	}
+}
+
+// WithSettingEngine allows providing a SettingEngine to the API.
+// Settings should not be changed after passing the engine to an API.
+func WithSettingEngine(s SettingEngine) func(a *API) {
+	return func(a *API) {
+		a.settingEngine = &s
+	}
+}
+
+// WithInterceptorRegistry allows providing Interceptors to the API.
+// Settings should not be changed after passing the registry to an API.
+func WithInterceptorRegistry(interceptorRegistry *interceptor.Registry) func(a *API) {
+	return func(a *API) {
+		a.interceptor = interceptorRegistry.Build()
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/api_js.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/api_js.go
new file mode 100644
index 000000000..964b7b05e
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/api_js.go
@@ -0,0 +1,31 @@
+// +build js,wasm
+
+package webrtc
+
+// API bundles the global funcions of the WebRTC and ORTC API.
+type API struct {
+	settingEngine *SettingEngine
+}
+
+// NewAPI Creates a new API object for keeping semi-global settings to WebRTC objects
+func NewAPI(options ...func(*API)) *API {
+	a := &API{}
+
+	for _, o := range options {
+		o(a)
+	}
+
+	if a.settingEngine == nil {
+		a.settingEngine = &SettingEngine{}
+	}
+
+	return a
+}
+
+// WithSettingEngine allows providing a SettingEngine to the API.
+// Settings should not be changed after passing the engine to an API.
+func WithSettingEngine(s SettingEngine) func(a *API) {
+	return func(a *API) {
+		a.settingEngine = &s
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/atomicbool.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/atomicbool.go
new file mode 100644
index 000000000..c5ace62d0
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/atomicbool.go
@@ -0,0 +1,20 @@
+package webrtc
+
+import "sync/atomic"
+
+type atomicBool struct {
+	val int32
+}
+
+func (b *atomicBool) set(value bool) { // nolint: unparam
+	var i int32
+	if value {
+		i = 1
+	}
+
+	atomic.StoreInt32(&(b.val), i)
+}
+
+func (b *atomicBool) get() bool {
+	return atomic.LoadInt32(&(b.val)) != 0
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/bundlepolicy.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/bundlepolicy.go
new file mode 100644
index 000000000..6d39a2773
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/bundlepolicy.go
@@ -0,0 +1,78 @@
+package webrtc
+
+import (
+	"encoding/json"
+)
+
+// BundlePolicy affects which media tracks are negotiated if the remote
+// endpoint is not bundle-aware, and what ICE candidates are gathered. If the
+// remote endpoint is bundle-aware, all media tracks and data channels are
+// bundled onto the same transport.
+type BundlePolicy int
+
+const (
+	// BundlePolicyBalanced indicates to gather ICE candidates for each
+	// media type in use (audio, video, and data). If the remote endpoint is
+	// not bundle-aware, negotiate only one audio and video track on separate
+	// transports.
+	BundlePolicyBalanced BundlePolicy = iota + 1
+
+	// BundlePolicyMaxCompat indicates to gather ICE candidates for each
+	// track. If the remote endpoint is not bundle-aware, negotiate all media
+	// tracks on separate transports.
+	BundlePolicyMaxCompat
+
+	// BundlePolicyMaxBundle indicates to gather ICE candidates for only
+	// one track. If the remote endpoint is not bundle-aware, negotiate only
+	// one media track.
+	BundlePolicyMaxBundle
+)
+
+// This is done this way because of a linter.
+const (
+	bundlePolicyBalancedStr  = "balanced"
+	bundlePolicyMaxCompatStr = "max-compat"
+	bundlePolicyMaxBundleStr = "max-bundle"
+)
+
+func newBundlePolicy(raw string) BundlePolicy {
+	switch raw {
+	case bundlePolicyBalancedStr:
+		return BundlePolicyBalanced
+	case bundlePolicyMaxCompatStr:
+		return BundlePolicyMaxCompat
+	case bundlePolicyMaxBundleStr:
+		return BundlePolicyMaxBundle
+	default:
+		return BundlePolicy(Unknown)
+	}
+}
+
+func (t BundlePolicy) String() string {
+	switch t {
+	case BundlePolicyBalanced:
+		return bundlePolicyBalancedStr
+	case BundlePolicyMaxCompat:
+		return bundlePolicyMaxCompatStr
+	case BundlePolicyMaxBundle:
+		return bundlePolicyMaxBundleStr
+	default:
+		return ErrUnknownType.Error()
+	}
+}
+
+// UnmarshalJSON parses the JSON-encoded data and stores the result
+func (t *BundlePolicy) UnmarshalJSON(b []byte) error {
+	var val string
+	if err := json.Unmarshal(b, &val); err != nil {
+		return err
+	}
+
+	*t = newBundlePolicy(val)
+	return nil
+}
+
+// MarshalJSON returns the JSON encoding
+func (t BundlePolicy) MarshalJSON() ([]byte, error) {
+	return json.Marshal(t.String())
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/certificate.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/certificate.go
new file mode 100644
index 000000000..bf106d6af
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/certificate.go
@@ -0,0 +1,185 @@
+// +build !js
+
+package webrtc
+
+import (
+	"crypto"
+	"crypto/ecdsa"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"encoding/base64"
+	"encoding/hex"
+	"fmt"
+	"math/big"
+	"time"
+
+	"github.com/pion/dtls/v2/pkg/crypto/fingerprint"
+	"github.com/pion/webrtc/v3/pkg/rtcerr"
+)
+
+// Certificate represents a x509Cert used to authenticate WebRTC communications.
+type Certificate struct {
+	privateKey crypto.PrivateKey
+	x509Cert   *x509.Certificate
+	statsID    string
+}
+
+// NewCertificate generates a new x509 compliant Certificate to be used
+// by DTLS for encrypting data sent over the wire. This method differs from
+// GenerateCertificate by allowing to specify a template x509.Certificate to
+// be used in order to define certificate parameters.
+func NewCertificate(key crypto.PrivateKey, tpl x509.Certificate) (*Certificate, error) {
+	var err error
+	var certDER []byte
+	switch sk := key.(type) {
+	case *rsa.PrivateKey:
+		pk := sk.Public()
+		tpl.SignatureAlgorithm = x509.SHA256WithRSA
+		certDER, err = x509.CreateCertificate(rand.Reader, &tpl, &tpl, pk, sk)
+		if err != nil {
+			return nil, &rtcerr.UnknownError{Err: err}
+		}
+	case *ecdsa.PrivateKey:
+		pk := sk.Public()
+		tpl.SignatureAlgorithm = x509.ECDSAWithSHA256
+		certDER, err = x509.CreateCertificate(rand.Reader, &tpl, &tpl, pk, sk)
+		if err != nil {
+			return nil, &rtcerr.UnknownError{Err: err}
+		}
+	default:
+		return nil, &rtcerr.NotSupportedError{Err: ErrPrivateKeyType}
+	}
+
+	cert, err := x509.ParseCertificate(certDER)
+	if err != nil {
+		return nil, &rtcerr.UnknownError{Err: err}
+	}
+
+	return &Certificate{privateKey: key, x509Cert: cert, statsID: fmt.Sprintf("certificate-%d", time.Now().UnixNano())}, nil
+}
+
+// Equals determines if two certificates are identical by comparing both the
+// secretKeys and x509Certificates.
+func (c Certificate) Equals(o Certificate) bool {
+	switch cSK := c.privateKey.(type) {
+	case *rsa.PrivateKey:
+		if oSK, ok := o.privateKey.(*rsa.PrivateKey); ok {
+			if cSK.N.Cmp(oSK.N) != 0 {
+				return false
+			}
+			return c.x509Cert.Equal(o.x509Cert)
+		}
+		return false
+	case *ecdsa.PrivateKey:
+		if oSK, ok := o.privateKey.(*ecdsa.PrivateKey); ok {
+			if cSK.X.Cmp(oSK.X) != 0 || cSK.Y.Cmp(oSK.Y) != 0 {
+				return false
+			}
+			return c.x509Cert.Equal(o.x509Cert)
+		}
+		return false
+	default:
+		return false
+	}
+}
+
+// Expires returns the timestamp after which this certificate is no longer valid.
+func (c Certificate) Expires() time.Time {
+	if c.x509Cert == nil {
+		return time.Time{}
+	}
+	return c.x509Cert.NotAfter
+}
+
+// GetFingerprints returns the list of certificate fingerprints, one of which
+// is computed with the digest algorithm used in the certificate signature.
+func (c Certificate) GetFingerprints() ([]DTLSFingerprint, error) {
+	fingerprintAlgorithms := []crypto.Hash{crypto.SHA256}
+	res := make([]DTLSFingerprint, len(fingerprintAlgorithms))
+
+	i := 0
+	for _, algo := range fingerprintAlgorithms {
+		name, err := fingerprint.StringFromHash(algo)
+		if err != nil {
+			return nil, fmt.Errorf("%w: %v", ErrFailedToGenerateCertificateFingerprint, err)
+		}
+		value, err := fingerprint.Fingerprint(c.x509Cert, algo)
+		if err != nil {
+			return nil, fmt.Errorf("%w: %v", ErrFailedToGenerateCertificateFingerprint, err)
+		}
+		res[i] = DTLSFingerprint{
+			Algorithm: name,
+			Value:     value,
+		}
+	}
+
+	return res[:i+1], nil
+}
+
+// GenerateCertificate causes the creation of an X.509 certificate and
+// corresponding private key.
+func GenerateCertificate(secretKey crypto.PrivateKey) (*Certificate, error) {
+	origin := make([]byte, 16)
+	/* #nosec */
+	if _, err := rand.Read(origin); err != nil {
+		return nil, &rtcerr.UnknownError{Err: err}
+	}
+
+	// Max random value, a 130-bits integer, i.e 2^130 - 1
+	maxBigInt := new(big.Int)
+	/* #nosec */
+	maxBigInt.Exp(big.NewInt(2), big.NewInt(130), nil).Sub(maxBigInt, big.NewInt(1))
+	/* #nosec */
+	serialNumber, err := rand.Int(rand.Reader, maxBigInt)
+	if err != nil {
+		return nil, &rtcerr.UnknownError{Err: err}
+	}
+
+	return NewCertificate(secretKey, x509.Certificate{
+		ExtKeyUsage: []x509.ExtKeyUsage{
+			x509.ExtKeyUsageClientAuth,
+			x509.ExtKeyUsageServerAuth,
+		},
+		BasicConstraintsValid: true,
+		NotBefore:             time.Now(),
+		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
+		NotAfter:              time.Now().AddDate(0, 1, 0),
+		SerialNumber:          serialNumber,
+		Version:               2,
+		Subject:               pkix.Name{CommonName: hex.EncodeToString(origin)},
+		IsCA:                  true,
+	})
+}
+
+// CertificateFromX509 creates a new WebRTC Certificate from a given PrivateKey and Certificate
+//
+// This can be used if you want to share a certificate across multiple PeerConnections
+func CertificateFromX509(privateKey crypto.PrivateKey, certificate *x509.Certificate) Certificate {
+	return Certificate{privateKey, certificate, fmt.Sprintf("certificate-%d", time.Now().UnixNano())}
+}
+
+func (c Certificate) collectStats(report *statsReportCollector) error {
+	report.Collecting()
+
+	fingerPrintAlgo, err := c.GetFingerprints()
+	if err != nil {
+		return err
+	}
+
+	base64Certificate := base64.RawURLEncoding.EncodeToString(c.x509Cert.Raw)
+
+	stats := CertificateStats{
+		Timestamp:            statsTimestampFrom(time.Now()),
+		Type:                 StatsTypeCertificate,
+		ID:                   c.statsID,
+		Fingerprint:          fingerPrintAlgo[0].Value,
+		FingerprintAlgorithm: fingerPrintAlgo[0].Algorithm,
+		Base64Certificate:    base64Certificate,
+		IssuerCertificateID:  c.x509Cert.Issuer.String(),
+	}
+
+	report.Collect(stats.ID, stats)
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/codecov.yml b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/codecov.yml
new file mode 100644
index 000000000..085200a48
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/codecov.yml
@@ -0,0 +1,20 @@
+#
+# DO NOT EDIT THIS FILE
+#
+# It is automatically copied from https://github.com/pion/.goassets repository.
+#
+
+coverage:
+  status:
+    project:
+      default:
+        # Allow decreasing 2% of total coverage to avoid noise.
+        threshold: 2%
+    patch:
+      default:
+        target: 70%
+        only_pulls: true
+
+ignore:
+  - "examples/*"
+  - "examples/**/*"
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/configuration.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/configuration.go
new file mode 100644
index 000000000..056fec5f0
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/configuration.go
@@ -0,0 +1,51 @@
+// +build !js
+
+package webrtc
+
+// A Configuration defines how peer-to-peer communication via PeerConnection
+// is established or re-established.
+// Configurations may be set up once and reused across multiple connections.
+// Configurations are treated as readonly. As long as they are unmodified,
+// they are safe for concurrent use.
+type Configuration struct {
+	// ICEServers defines a slice describing servers available to be used by
+	// ICE, such as STUN and TURN servers.
+	ICEServers []ICEServer `json:"iceServers,omitempty"`
+
+	// ICETransportPolicy indicates which candidates the ICEAgent is allowed
+	// to use.
+	ICETransportPolicy ICETransportPolicy `json:"iceTransportPolicy,omitempty"`
+
+	// BundlePolicy indicates which media-bundling policy to use when gathering
+	// ICE candidates.
+	BundlePolicy BundlePolicy `json:"bundlePolicy,omitempty"`
+
+	// RTCPMuxPolicy indicates which rtcp-mux policy to use when gathering ICE
+	// candidates.
+	RTCPMuxPolicy RTCPMuxPolicy `json:"rtcpMuxPolicy,omitempty"`
+
+	// PeerIdentity sets the target peer identity for the PeerConnection.
+	// The PeerConnection will not establish a connection to a remote peer
+	// unless it can be successfully authenticated with the provided name.
+	PeerIdentity string `json:"peerIdentity"`
+
+	// Certificates describes a set of certificates that the PeerConnection
+	// uses to authenticate. Valid values for this parameter are created
+	// through calls to the GenerateCertificate function. Although any given
+	// DTLS connection will use only one certificate, this attribute allows the
+	// caller to provide multiple certificates that support different
+	// algorithms. The final certificate will be selected based on the DTLS
+	// handshake, which establishes which certificates are allowed. The
+	// PeerConnection implementation selects which of the certificates is
+	// used for a given connection; how certificates are selected is outside
+	// the scope of this specification. If this value is absent, then a default
+	// set of certificates is generated for each PeerConnection instance.
+	Certificates []Certificate `json:"certificates,omitempty"`
+
+	// ICECandidatePoolSize describes the size of the prefetched ICE pool.
+	ICECandidatePoolSize uint8 `json:"iceCandidatePoolSize,omitempty"`
+
+	// SDPSemantics controls the type of SDP offers accepted by and
+	// SDP answers generated by the PeerConnection.
+	SDPSemantics SDPSemantics `json:"sdpSemantics,omitempty"`
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/configuration_common.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/configuration_common.go
new file mode 100644
index 000000000..92fc22831
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/configuration_common.go
@@ -0,0 +1,24 @@
+package webrtc
+
+import "strings"
+
+// getICEServers side-steps the strict parsing mode of the ice package
+// (as defined in https://tools.ietf.org/html/rfc7064) by copying and then
+// stripping any erroneous queries from "stun(s):" URLs before parsing.
+func (c Configuration) getICEServers() []ICEServer {
+	iceServers := append([]ICEServer{}, c.ICEServers...)
+
+	for iceServersIndex := range iceServers {
+		iceServers[iceServersIndex].URLs = append([]string{}, iceServers[iceServersIndex].URLs...)
+
+		for urlsIndex, rawURL := range iceServers[iceServersIndex].URLs {
+			if strings.HasPrefix(rawURL, "stun") {
+				// strip the query from "stun(s):" if present
+				parts := strings.Split(rawURL, "?")
+				rawURL = parts[0]
+			}
+			iceServers[iceServersIndex].URLs[urlsIndex] = rawURL
+		}
+	}
+	return iceServers
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/configuration_js.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/configuration_js.go
new file mode 100644
index 000000000..44ab9f3c5
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/configuration_js.go
@@ -0,0 +1,35 @@
+// +build js,wasm
+
+package webrtc
+
+// Configuration defines a set of parameters to configure how the
+// peer-to-peer communication via PeerConnection is established or
+// re-established.
+type Configuration struct {
+	// ICEServers defines a slice describing servers available to be used by
+	// ICE, such as STUN and TURN servers.
+	ICEServers []ICEServer
+
+	// ICETransportPolicy indicates which candidates the ICEAgent is allowed
+	// to use.
+	ICETransportPolicy ICETransportPolicy
+
+	// BundlePolicy indicates which media-bundling policy to use when gathering
+	// ICE candidates.
+	BundlePolicy BundlePolicy
+
+	// RTCPMuxPolicy indicates which rtcp-mux policy to use when gathering ICE
+	// candidates.
+	RTCPMuxPolicy RTCPMuxPolicy
+
+	// PeerIdentity sets the target peer identity for the PeerConnection.
+	// The PeerConnection will not establish a connection to a remote peer
+	// unless it can be successfully authenticated with the provided name.
+	PeerIdentity string
+
+	// Certificates are not supported in the JavaScript/Wasm bindings.
+	// Certificates []Certificate
+
+	// ICECandidatePoolSize describes the size of the prefetched ICE pool.
+	ICECandidatePoolSize uint8
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/constants.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/constants.go
new file mode 100644
index 000000000..79d759ae8
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/constants.go
@@ -0,0 +1,25 @@
+package webrtc
+
+const (
+	// Unknown defines default public constant to use for "enum" like struct
+	// comparisons when no value was defined.
+	Unknown    = iota
+	unknownStr = "unknown"
+	ssrcStr    = "ssrc"
+
+	// Equal to UDP MTU
+	receiveMTU = 1460
+
+	// simulcastProbeCount is the amount of RTP Packets
+	// that handleUndeclaredSSRC will read and try to dispatch from
+	// mid and rid values
+	simulcastProbeCount = 10
+
+	// simulcastMaxProbeRoutines is how many active routines can be used to probe
+	// If the total amount of incoming SSRCes exceeds this new requests will be ignored
+	simulcastMaxProbeRoutines = 25
+
+	mediaSectionApplication = "application"
+
+	rtpOutboundMTU = 1200
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/datachannel.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/datachannel.go
new file mode 100644
index 000000000..f391e7f2f
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/datachannel.go
@@ -0,0 +1,597 @@
+// +build !js
+
+package webrtc
+
+import (
+	"errors"
+	"fmt"
+	"io"
+	"math"
+	"sync"
+	"sync/atomic"
+	"time"
+
+	"github.com/pion/datachannel"
+	"github.com/pion/logging"
+	"github.com/pion/webrtc/v3/pkg/rtcerr"
+)
+
+const dataChannelBufferSize = math.MaxUint16 // message size limit for Chromium
+var errSCTPNotEstablished = errors.New("SCTP not established")
+
+// DataChannel represents a WebRTC DataChannel
+// The DataChannel interface represents a network channel
+// which can be used for bidirectional peer-to-peer transfers of arbitrary data
+type DataChannel struct {
+	mu sync.RWMutex
+
+	statsID                    string
+	label                      string
+	ordered                    bool
+	maxPacketLifeTime          *uint16
+	maxRetransmits             *uint16
+	protocol                   string
+	negotiated                 bool
+	id                         *uint16
+	readyState                 atomic.Value // DataChannelState
+	bufferedAmountLowThreshold uint64
+	detachCalled               bool
+
+	// The binaryType represents attribute MUST, on getting, return the value to
+	// which it was last set. On setting, if the new value is either the string
+	// "blob" or the string "arraybuffer", then set the IDL attribute to this
+	// new value. Otherwise, throw a SyntaxError. When an DataChannel object
+	// is created, the binaryType attribute MUST be initialized to the string
+	// "blob". This attribute controls how binary data is exposed to scripts.
+	// binaryType                 string
+
+	onMessageHandler    func(DataChannelMessage)
+	openHandlerOnce     sync.Once
+	onOpenHandler       func()
+	onCloseHandler      func()
+	onBufferedAmountLow func()
+	onErrorHandler      func(error)
+
+	sctpTransport *SCTPTransport
+	dataChannel   *datachannel.DataChannel
+
+	// A reference to the associated api object used by this datachannel
+	api *API
+	log logging.LeveledLogger
+}
+
+// NewDataChannel creates a new DataChannel.
+// This constructor is part of the ORTC API. It is not
+// meant to be used together with the basic WebRTC API.
+func (api *API) NewDataChannel(transport *SCTPTransport, params *DataChannelParameters) (*DataChannel, error) {
+	d, err := api.newDataChannel(params, api.settingEngine.LoggerFactory.NewLogger("ortc"))
+	if err != nil {
+		return nil, err
+	}
+
+	err = d.open(transport)
+	if err != nil {
+		return nil, err
+	}
+
+	return d, nil
+}
+
+// newDataChannel is an internal constructor for the data channel used to
+// create the DataChannel object before the networking is set up.
+func (api *API) newDataChannel(params *DataChannelParameters, log logging.LeveledLogger) (*DataChannel, error) {
+	// https://w3c.github.io/webrtc-pc/#peer-to-peer-data-api (Step #5)
+	if len(params.Label) > 65535 {
+		return nil, &rtcerr.TypeError{Err: ErrStringSizeLimit}
+	}
+
+	d := &DataChannel{
+		statsID:           fmt.Sprintf("DataChannel-%d", time.Now().UnixNano()),
+		label:             params.Label,
+		protocol:          params.Protocol,
+		negotiated:        params.Negotiated,
+		id:                params.ID,
+		ordered:           params.Ordered,
+		maxPacketLifeTime: params.MaxPacketLifeTime,
+		maxRetransmits:    params.MaxRetransmits,
+		api:               api,
+		log:               log,
+	}
+
+	d.setReadyState(DataChannelStateConnecting)
+	return d, nil
+}
+
+// open opens the datachannel over the sctp transport
+func (d *DataChannel) open(sctpTransport *SCTPTransport) error {
+	d.mu.Lock()
+	if d.sctpTransport != nil {
+		// already open
+		d.mu.Unlock()
+		return nil
+	}
+	d.sctpTransport = sctpTransport
+
+	if err := d.ensureSCTP(); err != nil {
+		d.mu.Unlock()
+		return err
+	}
+
+	var channelType datachannel.ChannelType
+	var reliabilityParameter uint32
+
+	switch {
+	case d.maxPacketLifeTime == nil && d.maxRetransmits == nil:
+		if d.ordered {
+			channelType = datachannel.ChannelTypeReliable
+		} else {
+			channelType = datachannel.ChannelTypeReliableUnordered
+		}
+
+	case d.maxRetransmits != nil:
+		reliabilityParameter = uint32(*d.maxRetransmits)
+		if d.ordered {
+			channelType = datachannel.ChannelTypePartialReliableRexmit
+		} else {
+			channelType = datachannel.ChannelTypePartialReliableRexmitUnordered
+		}
+	default:
+		reliabilityParameter = uint32(*d.maxPacketLifeTime)
+		if d.ordered {
+			channelType = datachannel.ChannelTypePartialReliableTimed
+		} else {
+			channelType = datachannel.ChannelTypePartialReliableTimedUnordered
+		}
+	}
+
+	cfg := &datachannel.Config{
+		ChannelType:          channelType,
+		Priority:             datachannel.ChannelPriorityNormal,
+		ReliabilityParameter: reliabilityParameter,
+		Label:                d.label,
+		Protocol:             d.protocol,
+		Negotiated:           d.negotiated,
+		LoggerFactory:        d.api.settingEngine.LoggerFactory,
+	}
+
+	if d.id == nil {
+		err := d.sctpTransport.generateAndSetDataChannelID(d.sctpTransport.dtlsTransport.role(), &d.id)
+		if err != nil {
+			return err
+		}
+	}
+
+	dc, err := datachannel.Dial(d.sctpTransport.association, *d.id, cfg)
+	if err != nil {
+		d.mu.Unlock()
+		return err
+	}
+
+	// bufferedAmountLowThreshold and onBufferedAmountLow might be set earlier
+	dc.SetBufferedAmountLowThreshold(d.bufferedAmountLowThreshold)
+	dc.OnBufferedAmountLow(d.onBufferedAmountLow)
+	d.mu.Unlock()
+
+	d.handleOpen(dc)
+	return nil
+}
+
+func (d *DataChannel) ensureSCTP() error {
+	if d.sctpTransport == nil {
+		return errSCTPNotEstablished
+	}
+
+	d.sctpTransport.lock.RLock()
+	defer d.sctpTransport.lock.RUnlock()
+	if d.sctpTransport.association == nil {
+		return errSCTPNotEstablished
+	}
+	return nil
+}
+
+// Transport returns the SCTPTransport instance the DataChannel is sending over.
+func (d *DataChannel) Transport() *SCTPTransport {
+	d.mu.RLock()
+	defer d.mu.RUnlock()
+
+	return d.sctpTransport
+}
+
+// After onOpen is complete check that the user called detach
+// and provide an error message if the call was missed
+func (d *DataChannel) checkDetachAfterOpen() {
+	d.mu.RLock()
+	defer d.mu.RUnlock()
+
+	if d.api.settingEngine.detach.DataChannels && !d.detachCalled {
+		d.log.Warn("webrtc.DetachDataChannels() enabled but didn't Detach, call Detach from OnOpen")
+	}
+}
+
+// OnOpen sets an event handler which is invoked when
+// the underlying data transport has been established (or re-established).
+func (d *DataChannel) OnOpen(f func()) {
+	d.mu.Lock()
+	d.openHandlerOnce = sync.Once{}
+	d.onOpenHandler = f
+	d.mu.Unlock()
+
+	if d.ReadyState() == DataChannelStateOpen {
+		// If the data channel is already open, call the handler immediately.
+		go d.openHandlerOnce.Do(func() {
+			f()
+			d.checkDetachAfterOpen()
+		})
+	}
+}
+
+func (d *DataChannel) onOpen() {
+	d.mu.RLock()
+	handler := d.onOpenHandler
+	d.mu.RUnlock()
+
+	if handler != nil {
+		go d.openHandlerOnce.Do(func() {
+			handler()
+			d.checkDetachAfterOpen()
+		})
+	}
+}
+
+// OnClose sets an event handler which is invoked when
+// the underlying data transport has been closed.
+func (d *DataChannel) OnClose(f func()) {
+	d.mu.Lock()
+	defer d.mu.Unlock()
+	d.onCloseHandler = f
+}
+
+func (d *DataChannel) onClose() {
+	d.mu.RLock()
+	handler := d.onCloseHandler
+	d.mu.RUnlock()
+
+	if handler != nil {
+		go handler()
+	}
+}
+
+// OnMessage sets an event handler which is invoked on a binary
+// message arrival over the sctp transport from a remote peer.
+// OnMessage can currently receive messages up to 16384 bytes
+// in size. Check out the detach API if you want to use larger
+// message sizes. Note that browser support for larger messages
+// is also limited.
+func (d *DataChannel) OnMessage(f func(msg DataChannelMessage)) {
+	d.mu.Lock()
+	defer d.mu.Unlock()
+	d.onMessageHandler = f
+}
+
+func (d *DataChannel) onMessage(msg DataChannelMessage) {
+	d.mu.RLock()
+	handler := d.onMessageHandler
+	d.mu.RUnlock()
+
+	if handler == nil {
+		return
+	}
+	handler(msg)
+}
+
+func (d *DataChannel) handleOpen(dc *datachannel.DataChannel) {
+	d.mu.Lock()
+	d.dataChannel = dc
+	d.mu.Unlock()
+	d.setReadyState(DataChannelStateOpen)
+
+	d.onOpen()
+
+	d.mu.Lock()
+	defer d.mu.Unlock()
+
+	if !d.api.settingEngine.detach.DataChannels {
+		go d.readLoop()
+	}
+}
+
+// OnError sets an event handler which is invoked when
+// the underlying data transport cannot be read.
+func (d *DataChannel) OnError(f func(err error)) {
+	d.mu.Lock()
+	defer d.mu.Unlock()
+	d.onErrorHandler = f
+}
+
+func (d *DataChannel) onError(err error) {
+	d.mu.RLock()
+	handler := d.onErrorHandler
+	d.mu.RUnlock()
+
+	if handler != nil {
+		go handler(err)
+	}
+}
+
+// See https://github.com/pion/webrtc/issues/1516
+// nolint:gochecknoglobals
+var rlBufPool = sync.Pool{New: func() interface{} {
+	return make([]byte, dataChannelBufferSize)
+}}
+
+func (d *DataChannel) readLoop() {
+	for {
+		buffer := rlBufPool.Get().([]byte)
+		n, isString, err := d.dataChannel.ReadDataChannel(buffer)
+		if err != nil {
+			rlBufPool.Put(buffer) // nolint:staticcheck
+			d.setReadyState(DataChannelStateClosed)
+			if err != io.EOF {
+				d.onError(err)
+			}
+			d.onClose()
+			return
+		}
+
+		m := DataChannelMessage{Data: make([]byte, n), IsString: isString}
+		copy(m.Data, buffer[:n])
+		// The 'staticcheck' pragma is a false positive on the part of the CI linter.
+		rlBufPool.Put(buffer) // nolint:staticcheck
+
+		// NB: Why was DataChannelMessage not passed as a pointer value?
+		d.onMessage(m) // nolint:staticcheck
+	}
+}
+
+// Send sends the binary message to the DataChannel peer
+func (d *DataChannel) Send(data []byte) error {
+	err := d.ensureOpen()
+	if err != nil {
+		return err
+	}
+
+	_, err = d.dataChannel.WriteDataChannel(data, false)
+	return err
+}
+
+// SendText sends the text message to the DataChannel peer
+func (d *DataChannel) SendText(s string) error {
+	err := d.ensureOpen()
+	if err != nil {
+		return err
+	}
+
+	_, err = d.dataChannel.WriteDataChannel([]byte(s), true)
+	return err
+}
+
+func (d *DataChannel) ensureOpen() error {
+	d.mu.RLock()
+	defer d.mu.RUnlock()
+	if d.ReadyState() != DataChannelStateOpen {
+		return io.ErrClosedPipe
+	}
+	return nil
+}
+
+// Detach allows you to detach the underlying datachannel. This provides
+// an idiomatic API to work with, however it disables the OnMessage callback.
+// Before calling Detach you have to enable this behavior by calling
+// webrtc.DetachDataChannels(). Combining detached and normal data channels
+// is not supported.
+// Please refer to the data-channels-detach example and the
+// pion/datachannel documentation for the correct way to handle the
+// resulting DataChannel object.
+func (d *DataChannel) Detach() (datachannel.ReadWriteCloser, error) {
+	d.mu.Lock()
+	defer d.mu.Unlock()
+
+	if !d.api.settingEngine.detach.DataChannels {
+		return nil, errDetachNotEnabled
+	}
+
+	if d.dataChannel == nil {
+		return nil, errDetachBeforeOpened
+	}
+
+	d.detachCalled = true
+
+	return d.dataChannel, nil
+}
+
+// Close Closes the DataChannel. It may be called regardless of whether
+// the DataChannel object was created by this peer or the remote peer.
+func (d *DataChannel) Close() error {
+	d.mu.Lock()
+	haveSctpTransport := d.dataChannel != nil
+	d.mu.Unlock()
+
+	if d.ReadyState() == DataChannelStateClosed {
+		return nil
+	}
+
+	d.setReadyState(DataChannelStateClosing)
+	if !haveSctpTransport {
+		return nil
+	}
+
+	return d.dataChannel.Close()
+}
+
+// Label represents a label that can be used to distinguish this
+// DataChannel object from other DataChannel objects. Scripts are
+// allowed to create multiple DataChannel objects with the same label.
+func (d *DataChannel) Label() string {
+	d.mu.RLock()
+	defer d.mu.RUnlock()
+
+	return d.label
+}
+
+// Ordered represents if the DataChannel is ordered, and false if
+// out-of-order delivery is allowed.
+func (d *DataChannel) Ordered() bool {
+	d.mu.RLock()
+	defer d.mu.RUnlock()
+
+	return d.ordered
+}
+
+// MaxPacketLifeTime represents the length of the time window (msec) during
+// which transmissions and retransmissions may occur in unreliable mode.
+func (d *DataChannel) MaxPacketLifeTime() *uint16 {
+	d.mu.RLock()
+	defer d.mu.RUnlock()
+
+	return d.maxPacketLifeTime
+}
+
+// MaxRetransmits represents the maximum number of retransmissions that are
+// attempted in unreliable mode.
+func (d *DataChannel) MaxRetransmits() *uint16 {
+	d.mu.RLock()
+	defer d.mu.RUnlock()
+
+	return d.maxRetransmits
+}
+
+// Protocol represents the name of the sub-protocol used with this
+// DataChannel.
+func (d *DataChannel) Protocol() string {
+	d.mu.RLock()
+	defer d.mu.RUnlock()
+
+	return d.protocol
+}
+
+// Negotiated represents whether this DataChannel was negotiated by the
+// application (true), or not (false).
+func (d *DataChannel) Negotiated() bool {
+	d.mu.RLock()
+	defer d.mu.RUnlock()
+
+	return d.negotiated
+}
+
+// ID represents the ID for this DataChannel. The value is initially
+// null, which is what will be returned if the ID was not provided at
+// channel creation time, and the DTLS role of the SCTP transport has not
+// yet been negotiated. Otherwise, it will return the ID that was either
+// selected by the script or generated. After the ID is set to a non-null
+// value, it will not change.
+func (d *DataChannel) ID() *uint16 {
+	d.mu.RLock()
+	defer d.mu.RUnlock()
+
+	return d.id
+}
+
+// ReadyState represents the state of the DataChannel object.
+func (d *DataChannel) ReadyState() DataChannelState {
+	if v := d.readyState.Load(); v != nil {
+		return v.(DataChannelState)
+	}
+	return DataChannelState(0)
+}
+
+// BufferedAmount represents the number of bytes of application data
+// (UTF-8 text and binary data) that have been queued using send(). Even
+// though the data transmission can occur in parallel, the returned value
+// MUST NOT be decreased before the current task yielded back to the event
+// loop to prevent race conditions. The value does not include framing
+// overhead incurred by the protocol, or buffering done by the operating
+// system or network hardware. The value of BufferedAmount slot will only
+// increase with each call to the send() method as long as the ReadyState is
+// open; however, BufferedAmount does not reset to zero once the channel
+// closes.
+func (d *DataChannel) BufferedAmount() uint64 {
+	d.mu.RLock()
+	defer d.mu.RUnlock()
+
+	if d.dataChannel == nil {
+		return 0
+	}
+	return d.dataChannel.BufferedAmount()
+}
+
+// BufferedAmountLowThreshold represents the threshold at which the
+// bufferedAmount is considered to be low. When the bufferedAmount decreases
+// from above this threshold to equal or below it, the bufferedamountlow
+// event fires. BufferedAmountLowThreshold is initially zero on each new
+// DataChannel, but the application may change its value at any time.
+// The threshold is set to 0 by default.
+func (d *DataChannel) BufferedAmountLowThreshold() uint64 {
+	d.mu.RLock()
+	defer d.mu.RUnlock()
+
+	if d.dataChannel == nil {
+		return d.bufferedAmountLowThreshold
+	}
+	return d.dataChannel.BufferedAmountLowThreshold()
+}
+
+// SetBufferedAmountLowThreshold is used to update the threshold.
+// See BufferedAmountLowThreshold().
+func (d *DataChannel) SetBufferedAmountLowThreshold(th uint64) {
+	d.mu.Lock()
+	defer d.mu.Unlock()
+
+	d.bufferedAmountLowThreshold = th
+
+	if d.dataChannel != nil {
+		d.dataChannel.SetBufferedAmountLowThreshold(th)
+	}
+}
+
+// OnBufferedAmountLow sets an event handler which is invoked when
+// the number of bytes of outgoing data becomes lower than the
+// BufferedAmountLowThreshold.
+func (d *DataChannel) OnBufferedAmountLow(f func()) {
+	d.mu.Lock()
+	defer d.mu.Unlock()
+
+	d.onBufferedAmountLow = f
+	if d.dataChannel != nil {
+		d.dataChannel.OnBufferedAmountLow(f)
+	}
+}
+
+func (d *DataChannel) getStatsID() string {
+	d.mu.Lock()
+	defer d.mu.Unlock()
+	return d.statsID
+}
+
+func (d *DataChannel) collectStats(collector *statsReportCollector) {
+	collector.Collecting()
+
+	d.mu.Lock()
+	defer d.mu.Unlock()
+
+	stats := DataChannelStats{
+		Timestamp: statsTimestampNow(),
+		Type:      StatsTypeDataChannel,
+		ID:        d.statsID,
+		Label:     d.label,
+		Protocol:  d.protocol,
+		// TransportID string `json:"transportId"`
+		State: d.ReadyState(),
+	}
+
+	if d.id != nil {
+		stats.DataChannelIdentifier = int32(*d.id)
+	}
+
+	if d.dataChannel != nil {
+		stats.MessagesSent = d.dataChannel.MessagesSent()
+		stats.BytesSent = d.dataChannel.BytesSent()
+		stats.MessagesReceived = d.dataChannel.MessagesReceived()
+		stats.BytesReceived = d.dataChannel.BytesReceived()
+	}
+
+	collector.Collect(stats.ID, stats)
+}
+
+func (d *DataChannel) setReadyState(r DataChannelState) {
+	d.readyState.Store(r)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/datachannel_js.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/datachannel_js.go
new file mode 100644
index 000000000..7aa6d99f8
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/datachannel_js.go
@@ -0,0 +1,319 @@
+// +build js,wasm
+
+package webrtc
+
+import (
+	"fmt"
+	"syscall/js"
+
+	"github.com/pion/datachannel"
+)
+
+const dataChannelBufferSize = 16384 // Lowest common denominator among browsers
+
+// DataChannel represents a WebRTC DataChannel
+// The DataChannel interface represents a network channel
+// which can be used for bidirectional peer-to-peer transfers of arbitrary data
+type DataChannel struct {
+	// Pointer to the underlying JavaScript RTCPeerConnection object.
+	underlying js.Value
+
+	// Keep track of handlers/callbacks so we can call Release as required by the
+	// syscall/js API. Initially nil.
+	onOpenHandler       *js.Func
+	onCloseHandler      *js.Func
+	onMessageHandler    *js.Func
+	onBufferedAmountLow *js.Func
+
+	// A reference to the associated api object used by this datachannel
+	api *API
+}
+
+// OnOpen sets an event handler which is invoked when
+// the underlying data transport has been established (or re-established).
+func (d *DataChannel) OnOpen(f func()) {
+	if d.onOpenHandler != nil {
+		oldHandler := d.onOpenHandler
+		defer oldHandler.Release()
+	}
+	onOpenHandler := js.FuncOf(func(this js.Value, args []js.Value) interface{} {
+		go f()
+		return js.Undefined()
+	})
+	d.onOpenHandler = &onOpenHandler
+	d.underlying.Set("onopen", onOpenHandler)
+}
+
+// OnClose sets an event handler which is invoked when
+// the underlying data transport has been closed.
+func (d *DataChannel) OnClose(f func()) {
+	if d.onCloseHandler != nil {
+		oldHandler := d.onCloseHandler
+		defer oldHandler.Release()
+	}
+	onCloseHandler := js.FuncOf(func(this js.Value, args []js.Value) interface{} {
+		go f()
+		return js.Undefined()
+	})
+	d.onCloseHandler = &onCloseHandler
+	d.underlying.Set("onclose", onCloseHandler)
+}
+
+// OnMessage sets an event handler which is invoked on a binary message arrival
+// from a remote peer. Note that browsers may place limitations on message size.
+func (d *DataChannel) OnMessage(f func(msg DataChannelMessage)) {
+	if d.onMessageHandler != nil {
+		oldHandler := d.onMessageHandler
+		defer oldHandler.Release()
+	}
+	onMessageHandler := js.FuncOf(func(this js.Value, args []js.Value) interface{} {
+		// pion/webrtc/projects/15
+		data := args[0].Get("data")
+		go func() {
+			// valueToDataChannelMessage may block when handling 'Blob' data
+			// so we need to call it from a new routine. See:
+			// https://pkg.go.dev/syscall/js#FuncOf
+			msg := valueToDataChannelMessage(data)
+			f(msg)
+		}()
+		return js.Undefined()
+	})
+	d.onMessageHandler = &onMessageHandler
+	d.underlying.Set("onmessage", onMessageHandler)
+}
+
+// Send sends the binary message to the DataChannel peer
+func (d *DataChannel) Send(data []byte) (err error) {
+	defer func() {
+		if e := recover(); e != nil {
+			err = recoveryToError(e)
+		}
+	}()
+	array := js.Global().Get("Uint8Array").New(len(data))
+	js.CopyBytesToJS(array, data)
+	d.underlying.Call("send", array)
+	return nil
+}
+
+// SendText sends the text message to the DataChannel peer
+func (d *DataChannel) SendText(s string) (err error) {
+	defer func() {
+		if e := recover(); e != nil {
+			err = recoveryToError(e)
+		}
+	}()
+	d.underlying.Call("send", s)
+	return nil
+}
+
+// Detach allows you to detach the underlying datachannel. This provides
+// an idiomatic API to work with, however it disables the OnMessage callback.
+// Before calling Detach you have to enable this behavior by calling
+// webrtc.DetachDataChannels(). Combining detached and normal data channels
+// is not supported.
+// Please reffer to the data-channels-detach example and the
+// pion/datachannel documentation for the correct way to handle the
+// resulting DataChannel object.
+func (d *DataChannel) Detach() (datachannel.ReadWriteCloser, error) {
+	if !d.api.settingEngine.detach.DataChannels {
+		return nil, fmt.Errorf("enable detaching by calling webrtc.DetachDataChannels()")
+	}
+
+	detached := newDetachedDataChannel(d)
+	return detached, nil
+}
+
+// Close Closes the DataChannel. It may be called regardless of whether
+// the DataChannel object was created by this peer or the remote peer.
+func (d *DataChannel) Close() (err error) {
+	defer func() {
+		if e := recover(); e != nil {
+			err = recoveryToError(e)
+		}
+	}()
+
+	d.underlying.Call("close")
+
+	// Release any handlers as required by the syscall/js API.
+	if d.onOpenHandler != nil {
+		d.onOpenHandler.Release()
+	}
+	if d.onCloseHandler != nil {
+		d.onCloseHandler.Release()
+	}
+	if d.onMessageHandler != nil {
+		d.onMessageHandler.Release()
+	}
+	if d.onBufferedAmountLow != nil {
+		d.onBufferedAmountLow.Release()
+	}
+
+	return nil
+}
+
+// Label represents a label that can be used to distinguish this
+// DataChannel object from other DataChannel objects. Scripts are
+// allowed to create multiple DataChannel objects with the same label.
+func (d *DataChannel) Label() string {
+	return d.underlying.Get("label").String()
+}
+
+// Ordered represents if the DataChannel is ordered, and false if
+// out-of-order delivery is allowed.
+func (d *DataChannel) Ordered() bool {
+	ordered := d.underlying.Get("ordered")
+	if jsValueIsUndefined(ordered) {
+		return true // default is true
+	}
+	return ordered.Bool()
+}
+
+// MaxPacketLifeTime represents the length of the time window (msec) during
+// which transmissions and retransmissions may occur in unreliable mode.
+func (d *DataChannel) MaxPacketLifeTime() *uint16 {
+	if !jsValueIsUndefined(d.underlying.Get("maxPacketLifeTime")) {
+		return valueToUint16Pointer(d.underlying.Get("maxPacketLifeTime"))
+	} else {
+		// See https://bugs.chromium.org/p/chromium/issues/detail?id=696681
+		// Chrome calls this "maxRetransmitTime"
+		return valueToUint16Pointer(d.underlying.Get("maxRetransmitTime"))
+	}
+}
+
+// MaxRetransmits represents the maximum number of retransmissions that are
+// attempted in unreliable mode.
+func (d *DataChannel) MaxRetransmits() *uint16 {
+	return valueToUint16Pointer(d.underlying.Get("maxRetransmits"))
+}
+
+// Protocol represents the name of the sub-protocol used with this
+// DataChannel.
+func (d *DataChannel) Protocol() string {
+	return d.underlying.Get("protocol").String()
+}
+
+// Negotiated represents whether this DataChannel was negotiated by the
+// application (true), or not (false).
+func (d *DataChannel) Negotiated() bool {
+	return d.underlying.Get("negotiated").Bool()
+}
+
+// ID represents the ID for this DataChannel. The value is initially
+// null, which is what will be returned if the ID was not provided at
+// channel creation time. Otherwise, it will return the ID that was either
+// selected by the script or generated. After the ID is set to a non-null
+// value, it will not change.
+func (d *DataChannel) ID() *uint16 {
+	return valueToUint16Pointer(d.underlying.Get("id"))
+}
+
+// ReadyState represents the state of the DataChannel object.
+func (d *DataChannel) ReadyState() DataChannelState {
+	return newDataChannelState(d.underlying.Get("readyState").String())
+}
+
+// BufferedAmount represents the number of bytes of application data
+// (UTF-8 text and binary data) that have been queued using send(). Even
+// though the data transmission can occur in parallel, the returned value
+// MUST NOT be decreased before the current task yielded back to the event
+// loop to prevent race conditions. The value does not include framing
+// overhead incurred by the protocol, or buffering done by the operating
+// system or network hardware. The value of BufferedAmount slot will only
+// increase with each call to the send() method as long as the ReadyState is
+// open; however, BufferedAmount does not reset to zero once the channel
+// closes.
+func (d *DataChannel) BufferedAmount() uint64 {
+	return uint64(d.underlying.Get("bufferedAmount").Int())
+}
+
+// BufferedAmountLowThreshold represents the threshold at which the
+// bufferedAmount is considered to be low. When the bufferedAmount decreases
+// from above this threshold to equal or below it, the bufferedamountlow
+// event fires. BufferedAmountLowThreshold is initially zero on each new
+// DataChannel, but the application may change its value at any time.
+func (d *DataChannel) BufferedAmountLowThreshold() uint64 {
+	return uint64(d.underlying.Get("bufferedAmountLowThreshold").Int())
+}
+
+// SetBufferedAmountLowThreshold is used to update the threshold.
+// See BufferedAmountLowThreshold().
+func (d *DataChannel) SetBufferedAmountLowThreshold(th uint64) {
+	d.underlying.Set("bufferedAmountLowThreshold", th)
+}
+
+// OnBufferedAmountLow sets an event handler which is invoked when
+// the number of bytes of outgoing data becomes lower than the
+// BufferedAmountLowThreshold.
+func (d *DataChannel) OnBufferedAmountLow(f func()) {
+	if d.onBufferedAmountLow != nil {
+		oldHandler := d.onBufferedAmountLow
+		defer oldHandler.Release()
+	}
+	onBufferedAmountLow := js.FuncOf(func(this js.Value, args []js.Value) interface{} {
+		go f()
+		return js.Undefined()
+	})
+	d.onBufferedAmountLow = &onBufferedAmountLow
+	d.underlying.Set("onbufferedamountlow", onBufferedAmountLow)
+}
+
+// valueToDataChannelMessage converts the given value to a DataChannelMessage.
+// val should be obtained from MessageEvent.data where MessageEvent is received
+// via the RTCDataChannel.onmessage callback.
+func valueToDataChannelMessage(val js.Value) DataChannelMessage {
+	// If val is of type string, the conversion is straightforward.
+	if val.Type() == js.TypeString {
+		return DataChannelMessage{
+			IsString: true,
+			Data:     []byte(val.String()),
+		}
+	}
+
+	// For other types, we need to first determine val.constructor.name.
+	constructorName := val.Get("constructor").Get("name").String()
+	var data []byte
+	switch constructorName {
+	case "Uint8Array":
+		// We can easily convert Uint8Array to []byte
+		data = uint8ArrayValueToBytes(val)
+	case "Blob":
+		// Convert the Blob to an ArrayBuffer and then convert the ArrayBuffer
+		// to a Uint8Array.
+		// See: https://developer.mozilla.org/en-US/docs/Web/API/Blob
+
+		// The JavaScript API for reading from the Blob is asynchronous. We use a
+		// channel to signal when reading is done.
+		reader := js.Global().Get("FileReader").New()
+		doneChan := make(chan struct{})
+		reader.Call("addEventListener", "loadend", js.FuncOf(func(this js.Value, args []js.Value) interface{} {
+			go func() {
+				// Signal that the FileReader is done reading/loading by sending through
+				// the doneChan.
+				doneChan <- struct{}{}
+			}()
+			return js.Undefined()
+		}))
+
+		reader.Call("readAsArrayBuffer", val)
+
+		// Wait for the FileReader to finish reading/loading.
+		<-doneChan
+
+		// At this point buffer.result is a typed array, which we know how to
+		// handle.
+		buffer := reader.Get("result")
+		uint8Array := js.Global().Get("Uint8Array").New(buffer)
+		data = uint8ArrayValueToBytes(uint8Array)
+	default:
+		// Assume we have an ArrayBufferView type which we can convert to a
+		// Uint8Array in JavaScript.
+		// See: https://developer.mozilla.org/en-US/docs/Web/API/ArrayBufferView
+		uint8Array := js.Global().Get("Uint8Array").New(val)
+		data = uint8ArrayValueToBytes(uint8Array)
+	}
+
+	return DataChannelMessage{
+		IsString: false,
+		Data:     data,
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/datachannel_js_detach.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/datachannel_js_detach.go
new file mode 100644
index 000000000..dd0069e01
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/datachannel_js_detach.go
@@ -0,0 +1,71 @@
+// +build js,wasm
+
+package webrtc
+
+import (
+	"errors"
+)
+
+type detachedDataChannel struct {
+	dc *DataChannel
+
+	read chan DataChannelMessage
+	done chan struct{}
+}
+
+func newDetachedDataChannel(dc *DataChannel) *detachedDataChannel {
+	read := make(chan DataChannelMessage)
+	done := make(chan struct{})
+
+	// Wire up callbacks
+	dc.OnMessage(func(msg DataChannelMessage) {
+		read <- msg // pion/webrtc/projects/15
+	})
+
+	// pion/webrtc/projects/15
+
+	return &detachedDataChannel{
+		dc:   dc,
+		read: read,
+		done: done,
+	}
+}
+
+func (c *detachedDataChannel) Read(p []byte) (int, error) {
+	n, _, err := c.ReadDataChannel(p)
+	return n, err
+}
+
+func (c *detachedDataChannel) ReadDataChannel(p []byte) (int, bool, error) {
+	select {
+	case <-c.done:
+		return 0, false, errors.New("Reader closed")
+	case msg := <-c.read:
+		n := copy(p, msg.Data)
+		if n < len(msg.Data) {
+			return n, msg.IsString, errors.New("Read buffer to small")
+		}
+		return n, msg.IsString, nil
+	}
+}
+
+func (c *detachedDataChannel) Write(p []byte) (n int, err error) {
+	return c.WriteDataChannel(p, false)
+}
+
+func (c *detachedDataChannel) WriteDataChannel(p []byte, isString bool) (n int, err error) {
+	if isString {
+		err = c.dc.SendText(string(p))
+		return len(p), err
+	}
+
+	err = c.dc.Send(p)
+
+	return len(p), err
+}
+
+func (c *detachedDataChannel) Close() error {
+	close(c.done)
+
+	return c.dc.Close()
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/datachannelinit.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/datachannelinit.go
new file mode 100644
index 000000000..a4320e463
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/datachannelinit.go
@@ -0,0 +1,33 @@
+package webrtc
+
+// DataChannelInit can be used to configure properties of the underlying
+// channel such as data reliability.
+type DataChannelInit struct {
+	// Ordered indicates if data is allowed to be delivered out of order. The
+	// default value of true, guarantees that data will be delivered in order.
+	Ordered *bool
+
+	// MaxPacketLifeTime limits the time (in milliseconds) during which the
+	// channel will transmit or retransmit data if not acknowledged. This value
+	// may be clamped if it exceeds the maximum value supported.
+	MaxPacketLifeTime *uint16
+
+	// MaxRetransmits limits the number of times a channel will retransmit data
+	// if not successfully delivered. This value may be clamped if it exceeds
+	// the maximum value supported.
+	MaxRetransmits *uint16
+
+	// Protocol describes the subprotocol name used for this channel.
+	Protocol *string
+
+	// Negotiated describes if the data channel is created by the local peer or
+	// the remote peer. The default value of false tells the user agent to
+	// announce the channel in-band and instruct the other peer to dispatch a
+	// corresponding DataChannel. If set to true, it is up to the application
+	// to negotiate the channel and create an DataChannel with the same id
+	// at the other peer.
+	Negotiated *bool
+
+	// ID overrides the default selection of ID for this channel.
+	ID *uint16
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/datachannelmessage.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/datachannelmessage.go
new file mode 100644
index 000000000..1e3c63b36
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/datachannelmessage.go
@@ -0,0 +1,10 @@
+package webrtc
+
+// DataChannelMessage represents a message received from the
+// data channel. IsString will be set to true if the incoming
+// message is of the string type. Otherwise the message is of
+// a binary type.
+type DataChannelMessage struct {
+	IsString bool
+	Data     []byte
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/datachannelparameters.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/datachannelparameters.go
new file mode 100644
index 000000000..d67a63b09
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/datachannelparameters.go
@@ -0,0 +1,12 @@
+package webrtc
+
+// DataChannelParameters describes the configuration of the DataChannel.
+type DataChannelParameters struct {
+	Label             string  `json:"label"`
+	Protocol          string  `json:"protocol"`
+	ID                *uint16 `json:"id"`
+	Ordered           bool    `json:"ordered"`
+	MaxPacketLifeTime *uint16 `json:"maxPacketLifeTime"`
+	MaxRetransmits    *uint16 `json:"maxRetransmits"`
+	Negotiated        bool    `json:"negotiated"`
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/datachannelstate.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/datachannelstate.go
new file mode 100644
index 000000000..a2c7b95de
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/datachannelstate.go
@@ -0,0 +1,61 @@
+package webrtc
+
+// DataChannelState indicates the state of a data channel.
+type DataChannelState int
+
+const (
+	// DataChannelStateConnecting indicates that the data channel is being
+	// established. This is the initial state of DataChannel, whether created
+	// with CreateDataChannel, or dispatched as a part of an DataChannelEvent.
+	DataChannelStateConnecting DataChannelState = iota + 1
+
+	// DataChannelStateOpen indicates that the underlying data transport is
+	// established and communication is possible.
+	DataChannelStateOpen
+
+	// DataChannelStateClosing indicates that the procedure to close down the
+	// underlying data transport has started.
+	DataChannelStateClosing
+
+	// DataChannelStateClosed indicates that the underlying data transport
+	// has been closed or could not be established.
+	DataChannelStateClosed
+)
+
+// This is done this way because of a linter.
+const (
+	dataChannelStateConnectingStr = "connecting"
+	dataChannelStateOpenStr       = "open"
+	dataChannelStateClosingStr    = "closing"
+	dataChannelStateClosedStr     = "closed"
+)
+
+func newDataChannelState(raw string) DataChannelState {
+	switch raw {
+	case dataChannelStateConnectingStr:
+		return DataChannelStateConnecting
+	case dataChannelStateOpenStr:
+		return DataChannelStateOpen
+	case dataChannelStateClosingStr:
+		return DataChannelStateClosing
+	case dataChannelStateClosedStr:
+		return DataChannelStateClosed
+	default:
+		return DataChannelState(Unknown)
+	}
+}
+
+func (t DataChannelState) String() string {
+	switch t {
+	case DataChannelStateConnecting:
+		return dataChannelStateConnectingStr
+	case DataChannelStateOpen:
+		return dataChannelStateOpenStr
+	case DataChannelStateClosing:
+		return dataChannelStateClosingStr
+	case DataChannelStateClosed:
+		return dataChannelStateClosedStr
+	default:
+		return ErrUnknownType.Error()
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/dtlsfingerprint.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/dtlsfingerprint.go
new file mode 100644
index 000000000..db13d3ec6
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/dtlsfingerprint.go
@@ -0,0 +1,14 @@
+package webrtc
+
+// DTLSFingerprint specifies the hash function algorithm and certificate
+// fingerprint as described in https://tools.ietf.org/html/rfc4572.
+type DTLSFingerprint struct {
+	// Algorithm specifies one of the the hash function algorithms defined in
+	// the 'Hash function Textual Names' registry.
+	Algorithm string `json:"algorithm"`
+
+	// Value specifies the value of the certificate fingerprint in lowercase
+	// hex string as expressed utilizing the syntax of 'fingerprint' in
+	// https://tools.ietf.org/html/rfc4572#section-5.
+	Value string `json:"value"`
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/dtlsparameters.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/dtlsparameters.go
new file mode 100644
index 000000000..4b4b56836
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/dtlsparameters.go
@@ -0,0 +1,7 @@
+package webrtc
+
+// DTLSParameters holds information relating to DTLS configuration.
+type DTLSParameters struct {
+	Role         DTLSRole          `json:"role"`
+	Fingerprints []DTLSFingerprint `json:"fingerprints"`
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/dtlsrole.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/dtlsrole.go
new file mode 100644
index 000000000..6e67f60e1
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/dtlsrole.go
@@ -0,0 +1,92 @@
+package webrtc
+
+import (
+	"github.com/pion/sdp/v3"
+)
+
+// DTLSRole indicates the role of the DTLS transport.
+type DTLSRole byte
+
+const (
+	// DTLSRoleAuto defines the DTLS role is determined based on
+	// the resolved ICE role: the ICE controlled role acts as the DTLS
+	// client and the ICE controlling role acts as the DTLS server.
+	DTLSRoleAuto DTLSRole = iota + 1
+
+	// DTLSRoleClient defines the DTLS client role.
+	DTLSRoleClient
+
+	// DTLSRoleServer defines the DTLS server role.
+	DTLSRoleServer
+)
+
+const (
+	// https://tools.ietf.org/html/rfc5763
+	/*
+		The answerer MUST use either a
+		setup attribute value of setup:active or setup:passive.  Note that
+		if the answerer uses setup:passive, then the DTLS handshake will
+		not begin until the answerer is received, which adds additional
+		latency. setup:active allows the answer and the DTLS handshake to
+		occur in parallel.  Thus, setup:active is RECOMMENDED.
+	*/
+	defaultDtlsRoleAnswer = DTLSRoleClient
+	/*
+		The endpoint that is the offerer MUST use the setup attribute
+		value of setup:actpass and be prepared to receive a client_hello
+		before it receives the answer.
+	*/
+	defaultDtlsRoleOffer = DTLSRoleAuto
+)
+
+func (r DTLSRole) String() string {
+	switch r {
+	case DTLSRoleAuto:
+		return "auto"
+	case DTLSRoleClient:
+		return "client"
+	case DTLSRoleServer:
+		return "server"
+	default:
+		return unknownStr
+	}
+}
+
+// Iterate a SessionDescription from a remote to determine if an explicit
+// role can been determined from it. The decision is made from the first role we we parse.
+// If no role can be found we return DTLSRoleAuto
+func dtlsRoleFromRemoteSDP(sessionDescription *sdp.SessionDescription) DTLSRole {
+	if sessionDescription == nil {
+		return DTLSRoleAuto
+	}
+
+	for _, mediaSection := range sessionDescription.MediaDescriptions {
+		for _, attribute := range mediaSection.Attributes {
+			if attribute.Key == "setup" {
+				switch attribute.Value {
+				case sdp.ConnectionRoleActive.String():
+					return DTLSRoleClient
+				case sdp.ConnectionRolePassive.String():
+					return DTLSRoleServer
+				default:
+					return DTLSRoleAuto
+				}
+			}
+		}
+	}
+
+	return DTLSRoleAuto
+}
+
+func connectionRoleFromDtlsRole(d DTLSRole) sdp.ConnectionRole {
+	switch d {
+	case DTLSRoleClient:
+		return sdp.ConnectionRoleActive
+	case DTLSRoleServer:
+		return sdp.ConnectionRolePassive
+	case DTLSRoleAuto:
+		return sdp.ConnectionRoleActpass
+	default:
+		return sdp.ConnectionRole(0)
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/dtlstransport.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/dtlstransport.go
new file mode 100644
index 000000000..d11009290
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/dtlstransport.go
@@ -0,0 +1,419 @@
+// +build !js
+
+package webrtc
+
+import (
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"crypto/rand"
+	"crypto/tls"
+	"crypto/x509"
+	"errors"
+	"fmt"
+	"strings"
+	"sync"
+	"sync/atomic"
+	"time"
+
+	"github.com/pion/dtls/v2"
+	"github.com/pion/dtls/v2/pkg/crypto/fingerprint"
+	"github.com/pion/srtp/v2"
+	"github.com/pion/webrtc/v3/internal/mux"
+	"github.com/pion/webrtc/v3/internal/util"
+	"github.com/pion/webrtc/v3/pkg/rtcerr"
+)
+
+// DTLSTransport allows an application access to information about the DTLS
+// transport over which RTP and RTCP packets are sent and received by
+// RTPSender and RTPReceiver, as well other data such as SCTP packets sent
+// and received by data channels.
+type DTLSTransport struct {
+	lock sync.RWMutex
+
+	iceTransport          *ICETransport
+	certificates          []Certificate
+	remoteParameters      DTLSParameters
+	remoteCertificate     []byte
+	state                 DTLSTransportState
+	srtpProtectionProfile srtp.ProtectionProfile
+
+	onStateChangeHandler func(DTLSTransportState)
+
+	conn *dtls.Conn
+
+	srtpSession, srtcpSession   atomic.Value
+	srtpEndpoint, srtcpEndpoint *mux.Endpoint
+	simulcastStreams            []*srtp.ReadStreamSRTP
+	srtpReady                   chan struct{}
+
+	dtlsMatcher mux.MatchFunc
+
+	api *API
+}
+
+// NewDTLSTransport creates a new DTLSTransport.
+// This constructor is part of the ORTC API. It is not
+// meant to be used together with the basic WebRTC API.
+func (api *API) NewDTLSTransport(transport *ICETransport, certificates []Certificate) (*DTLSTransport, error) {
+	t := &DTLSTransport{
+		iceTransport: transport,
+		api:          api,
+		state:        DTLSTransportStateNew,
+		dtlsMatcher:  mux.MatchDTLS,
+		srtpReady:    make(chan struct{}),
+	}
+
+	if len(certificates) > 0 {
+		now := time.Now()
+		for _, x509Cert := range certificates {
+			if !x509Cert.Expires().IsZero() && now.After(x509Cert.Expires()) {
+				return nil, &rtcerr.InvalidAccessError{Err: ErrCertificateExpired}
+			}
+			t.certificates = append(t.certificates, x509Cert)
+		}
+	} else {
+		sk, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+		if err != nil {
+			return nil, &rtcerr.UnknownError{Err: err}
+		}
+		certificate, err := GenerateCertificate(sk)
+		if err != nil {
+			return nil, err
+		}
+		t.certificates = []Certificate{*certificate}
+	}
+
+	return t, nil
+}
+
+// ICETransport returns the currently-configured *ICETransport or nil
+// if one has not been configured
+func (t *DTLSTransport) ICETransport() *ICETransport {
+	t.lock.RLock()
+	defer t.lock.RUnlock()
+	return t.iceTransport
+}
+
+// onStateChange requires the caller holds the lock
+func (t *DTLSTransport) onStateChange(state DTLSTransportState) {
+	t.state = state
+	handler := t.onStateChangeHandler
+	if handler != nil {
+		handler(state)
+	}
+}
+
+// OnStateChange sets a handler that is fired when the DTLS
+// connection state changes.
+func (t *DTLSTransport) OnStateChange(f func(DTLSTransportState)) {
+	t.lock.Lock()
+	defer t.lock.Unlock()
+	t.onStateChangeHandler = f
+}
+
+// State returns the current dtls transport state.
+func (t *DTLSTransport) State() DTLSTransportState {
+	t.lock.RLock()
+	defer t.lock.RUnlock()
+	return t.state
+}
+
+// GetLocalParameters returns the DTLS parameters of the local DTLSTransport upon construction.
+func (t *DTLSTransport) GetLocalParameters() (DTLSParameters, error) {
+	fingerprints := []DTLSFingerprint{}
+
+	for _, c := range t.certificates {
+		prints, err := c.GetFingerprints()
+		if err != nil {
+			return DTLSParameters{}, err
+		}
+
+		fingerprints = append(fingerprints, prints...)
+	}
+
+	return DTLSParameters{
+		Role:         DTLSRoleAuto, // always returns the default role
+		Fingerprints: fingerprints,
+	}, nil
+}
+
+// GetRemoteCertificate returns the certificate chain in use by the remote side
+// returns an empty list prior to selection of the remote certificate
+func (t *DTLSTransport) GetRemoteCertificate() []byte {
+	t.lock.RLock()
+	defer t.lock.RUnlock()
+	return t.remoteCertificate
+}
+
+func (t *DTLSTransport) startSRTP() error {
+	srtpConfig := &srtp.Config{
+		Profile:       t.srtpProtectionProfile,
+		BufferFactory: t.api.settingEngine.BufferFactory,
+		LoggerFactory: t.api.settingEngine.LoggerFactory,
+	}
+	if t.api.settingEngine.replayProtection.SRTP != nil {
+		srtpConfig.RemoteOptions = append(
+			srtpConfig.RemoteOptions,
+			srtp.SRTPReplayProtection(*t.api.settingEngine.replayProtection.SRTP),
+		)
+	}
+
+	if t.api.settingEngine.disableSRTPReplayProtection {
+		srtpConfig.RemoteOptions = append(
+			srtpConfig.RemoteOptions,
+			srtp.SRTPNoReplayProtection(),
+		)
+	}
+
+	if t.api.settingEngine.replayProtection.SRTCP != nil {
+		srtpConfig.RemoteOptions = append(
+			srtpConfig.RemoteOptions,
+			srtp.SRTCPReplayProtection(*t.api.settingEngine.replayProtection.SRTCP),
+		)
+	}
+
+	if t.api.settingEngine.disableSRTCPReplayProtection {
+		srtpConfig.RemoteOptions = append(
+			srtpConfig.RemoteOptions,
+			srtp.SRTCPNoReplayProtection(),
+		)
+	}
+
+	connState := t.conn.ConnectionState()
+	err := srtpConfig.ExtractSessionKeysFromDTLS(&connState, t.role() == DTLSRoleClient)
+	if err != nil {
+		return fmt.Errorf("%w: %v", errDtlsKeyExtractionFailed, err)
+	}
+
+	srtpSession, err := srtp.NewSessionSRTP(t.srtpEndpoint, srtpConfig)
+	if err != nil {
+		return fmt.Errorf("%w: %v", errFailedToStartSRTP, err)
+	}
+
+	srtcpSession, err := srtp.NewSessionSRTCP(t.srtcpEndpoint, srtpConfig)
+	if err != nil {
+		return fmt.Errorf("%w: %v", errFailedToStartSRTCP, err)
+	}
+
+	t.srtpSession.Store(srtpSession)
+	t.srtcpSession.Store(srtcpSession)
+	close(t.srtpReady)
+	return nil
+}
+
+func (t *DTLSTransport) getSRTPSession() (*srtp.SessionSRTP, error) {
+	if value := t.srtpSession.Load(); value != nil {
+		return value.(*srtp.SessionSRTP), nil
+	}
+
+	return nil, errDtlsTransportNotStarted
+}
+
+func (t *DTLSTransport) getSRTCPSession() (*srtp.SessionSRTCP, error) {
+	if value := t.srtcpSession.Load(); value != nil {
+		return value.(*srtp.SessionSRTCP), nil
+	}
+
+	return nil, errDtlsTransportNotStarted
+}
+
+func (t *DTLSTransport) role() DTLSRole {
+	// If remote has an explicit role use the inverse
+	switch t.remoteParameters.Role {
+	case DTLSRoleClient:
+		return DTLSRoleServer
+	case DTLSRoleServer:
+		return DTLSRoleClient
+	default:
+	}
+
+	// If SettingEngine has an explicit role
+	switch t.api.settingEngine.answeringDTLSRole {
+	case DTLSRoleServer:
+		return DTLSRoleServer
+	case DTLSRoleClient:
+		return DTLSRoleClient
+	default:
+	}
+
+	// Remote was auto and no explicit role was configured via SettingEngine
+	if t.iceTransport.Role() == ICERoleControlling {
+		return DTLSRoleServer
+	}
+	return defaultDtlsRoleAnswer
+}
+
+// Start DTLS transport negotiation with the parameters of the remote DTLS transport
+func (t *DTLSTransport) Start(remoteParameters DTLSParameters) error {
+	// Take lock and prepare connection, we must not hold the lock
+	// when connecting
+	prepareTransport := func() (DTLSRole, *dtls.Config, error) {
+		t.lock.Lock()
+		defer t.lock.Unlock()
+
+		if err := t.ensureICEConn(); err != nil {
+			return DTLSRole(0), nil, err
+		}
+
+		if t.state != DTLSTransportStateNew {
+			return DTLSRole(0), nil, &rtcerr.InvalidStateError{Err: fmt.Errorf("%w: %s", errInvalidDTLSStart, t.state)}
+		}
+
+		t.srtpEndpoint = t.iceTransport.NewEndpoint(mux.MatchSRTP)
+		t.srtcpEndpoint = t.iceTransport.NewEndpoint(mux.MatchSRTCP)
+		t.remoteParameters = remoteParameters
+
+		cert := t.certificates[0]
+		t.onStateChange(DTLSTransportStateConnecting)
+
+		return t.role(), &dtls.Config{
+			Certificates: []tls.Certificate{
+				{
+					Certificate: [][]byte{cert.x509Cert.Raw},
+					PrivateKey:  cert.privateKey,
+				},
+			},
+			SRTPProtectionProfiles: []dtls.SRTPProtectionProfile{dtls.SRTP_AEAD_AES_128_GCM, dtls.SRTP_AES128_CM_HMAC_SHA1_80},
+			ClientAuth:             dtls.RequireAnyClientCert,
+			LoggerFactory:          t.api.settingEngine.LoggerFactory,
+			InsecureSkipVerify:     true,
+		}, nil
+	}
+
+	var dtlsConn *dtls.Conn
+	dtlsEndpoint := t.iceTransport.NewEndpoint(mux.MatchDTLS)
+	role, dtlsConfig, err := prepareTransport()
+	if err != nil {
+		return err
+	}
+
+	if t.api.settingEngine.replayProtection.DTLS != nil {
+		dtlsConfig.ReplayProtectionWindow = int(*t.api.settingEngine.replayProtection.DTLS)
+	}
+
+	// Connect as DTLS Client/Server, function is blocking and we
+	// must not hold the DTLSTransport lock
+	if role == DTLSRoleClient {
+		dtlsConn, err = dtls.Client(dtlsEndpoint, dtlsConfig)
+	} else {
+		dtlsConn, err = dtls.Server(dtlsEndpoint, dtlsConfig)
+	}
+
+	// Re-take the lock, nothing beyond here is blocking
+	t.lock.Lock()
+	defer t.lock.Unlock()
+
+	if err != nil {
+		t.onStateChange(DTLSTransportStateFailed)
+		return err
+	}
+
+	srtpProfile, ok := dtlsConn.SelectedSRTPProtectionProfile()
+	if !ok {
+		t.onStateChange(DTLSTransportStateFailed)
+		return ErrNoSRTPProtectionProfile
+	}
+
+	switch srtpProfile {
+	case dtls.SRTP_AEAD_AES_128_GCM:
+		t.srtpProtectionProfile = srtp.ProtectionProfileAeadAes128Gcm
+	case dtls.SRTP_AES128_CM_HMAC_SHA1_80:
+		t.srtpProtectionProfile = srtp.ProtectionProfileAes128CmHmacSha1_80
+	default:
+		t.onStateChange(DTLSTransportStateFailed)
+		return ErrNoSRTPProtectionProfile
+	}
+
+	t.conn = dtlsConn
+	t.onStateChange(DTLSTransportStateConnected)
+
+	if t.api.settingEngine.disableCertificateFingerprintVerification {
+		return nil
+	}
+
+	// Check the fingerprint if a certificate was exchanged
+	remoteCerts := t.conn.ConnectionState().PeerCertificates
+	if len(remoteCerts) == 0 {
+		t.onStateChange(DTLSTransportStateFailed)
+		return errNoRemoteCertificate
+	}
+	t.remoteCertificate = remoteCerts[0]
+
+	parsedRemoteCert, err := x509.ParseCertificate(t.remoteCertificate)
+	if err != nil {
+		t.onStateChange(DTLSTransportStateFailed)
+		return err
+	}
+
+	if err = t.validateFingerPrint(parsedRemoteCert); err != nil {
+		t.onStateChange(DTLSTransportStateFailed)
+		return err
+	}
+
+	return t.startSRTP()
+}
+
+// Stop stops and closes the DTLSTransport object.
+func (t *DTLSTransport) Stop() error {
+	t.lock.Lock()
+	defer t.lock.Unlock()
+
+	// Try closing everything and collect the errors
+	var closeErrs []error
+
+	if srtpSessionValue := t.srtpSession.Load(); srtpSessionValue != nil {
+		closeErrs = append(closeErrs, srtpSessionValue.(*srtp.SessionSRTP).Close())
+	}
+
+	if srtcpSessionValue := t.srtcpSession.Load(); srtcpSessionValue != nil {
+		closeErrs = append(closeErrs, srtcpSessionValue.(*srtp.SessionSRTCP).Close())
+	}
+
+	for i := range t.simulcastStreams {
+		closeErrs = append(closeErrs, t.simulcastStreams[i].Close())
+	}
+
+	if t.conn != nil {
+		// dtls connection may be closed on sctp close.
+		if err := t.conn.Close(); err != nil && !errors.Is(err, dtls.ErrConnClosed) {
+			closeErrs = append(closeErrs, err)
+		}
+	}
+	t.onStateChange(DTLSTransportStateClosed)
+	return util.FlattenErrs(closeErrs)
+}
+
+func (t *DTLSTransport) validateFingerPrint(remoteCert *x509.Certificate) error {
+	for _, fp := range t.remoteParameters.Fingerprints {
+		hashAlgo, err := fingerprint.HashFromString(fp.Algorithm)
+		if err != nil {
+			return err
+		}
+
+		remoteValue, err := fingerprint.Fingerprint(remoteCert, hashAlgo)
+		if err != nil {
+			return err
+		}
+
+		if strings.EqualFold(remoteValue, fp.Value) {
+			return nil
+		}
+	}
+
+	return errNoMatchingCertificateFingerprint
+}
+
+func (t *DTLSTransport) ensureICEConn() error {
+	if t.iceTransport == nil || t.iceTransport.State() == ICETransportStateNew {
+		return errICEConnectionNotStarted
+	}
+
+	return nil
+}
+
+func (t *DTLSTransport) storeSimulcastStream(s *srtp.ReadStreamSRTP) {
+	t.lock.Lock()
+	defer t.lock.Unlock()
+
+	t.simulcastStreams = append(t.simulcastStreams, s)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/dtlstransportstate.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/dtlstransportstate.go
new file mode 100644
index 000000000..900b50b75
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/dtlstransportstate.go
@@ -0,0 +1,71 @@
+package webrtc
+
+// DTLSTransportState indicates the DTLS transport establishment state.
+type DTLSTransportState int
+
+const (
+	// DTLSTransportStateNew indicates that DTLS has not started negotiating
+	// yet.
+	DTLSTransportStateNew DTLSTransportState = iota + 1
+
+	// DTLSTransportStateConnecting indicates that DTLS is in the process of
+	// negotiating a secure connection and verifying the remote fingerprint.
+	DTLSTransportStateConnecting
+
+	// DTLSTransportStateConnected indicates that DTLS has completed
+	// negotiation of a secure connection and verified the remote fingerprint.
+	DTLSTransportStateConnected
+
+	// DTLSTransportStateClosed indicates that the transport has been closed
+	// intentionally as the result of receipt of a close_notify alert, or
+	// calling close().
+	DTLSTransportStateClosed
+
+	// DTLSTransportStateFailed indicates that the transport has failed as
+	// the result of an error (such as receipt of an error alert or failure to
+	// validate the remote fingerprint).
+	DTLSTransportStateFailed
+)
+
+// This is done this way because of a linter.
+const (
+	dtlsTransportStateNewStr        = "new"
+	dtlsTransportStateConnectingStr = "connecting"
+	dtlsTransportStateConnectedStr  = "connected"
+	dtlsTransportStateClosedStr     = "closed"
+	dtlsTransportStateFailedStr     = "failed"
+)
+
+func newDTLSTransportState(raw string) DTLSTransportState {
+	switch raw {
+	case dtlsTransportStateNewStr:
+		return DTLSTransportStateNew
+	case dtlsTransportStateConnectingStr:
+		return DTLSTransportStateConnecting
+	case dtlsTransportStateConnectedStr:
+		return DTLSTransportStateConnected
+	case dtlsTransportStateClosedStr:
+		return DTLSTransportStateClosed
+	case dtlsTransportStateFailedStr:
+		return DTLSTransportStateFailed
+	default:
+		return DTLSTransportState(Unknown)
+	}
+}
+
+func (t DTLSTransportState) String() string {
+	switch t {
+	case DTLSTransportStateNew:
+		return dtlsTransportStateNewStr
+	case DTLSTransportStateConnecting:
+		return dtlsTransportStateConnectingStr
+	case DTLSTransportStateConnected:
+		return dtlsTransportStateConnectedStr
+	case DTLSTransportStateClosed:
+		return dtlsTransportStateClosedStr
+	case DTLSTransportStateFailed:
+		return dtlsTransportStateFailedStr
+	default:
+		return ErrUnknownType.Error()
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/errors.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/errors.go
new file mode 100644
index 000000000..a9daf16db
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/errors.go
@@ -0,0 +1,220 @@
+package webrtc
+
+import (
+	"errors"
+)
+
+var (
+	// ErrUnknownType indicates an error with Unknown info.
+	ErrUnknownType = errors.New("unknown")
+
+	// ErrConnectionClosed indicates an operation executed after connection
+	// has already been closed.
+	ErrConnectionClosed = errors.New("connection closed")
+
+	// ErrDataChannelNotOpen indicates an operation executed when the data
+	// channel is not (yet) open.
+	ErrDataChannelNotOpen = errors.New("data channel not open")
+
+	// ErrCertificateExpired indicates that an x509 certificate has expired.
+	ErrCertificateExpired = errors.New("x509Cert expired")
+
+	// ErrNoTurnCredentials indicates that a TURN server URL was provided
+	// without required credentials.
+	ErrNoTurnCredentials = errors.New("turn server credentials required")
+
+	// ErrTurnCredentials indicates that provided TURN credentials are partial
+	// or malformed.
+	ErrTurnCredentials = errors.New("invalid turn server credentials")
+
+	// ErrExistingTrack indicates that a track already exists.
+	ErrExistingTrack = errors.New("track already exists")
+
+	// ErrPrivateKeyType indicates that a particular private key encryption
+	// chosen to generate a certificate is not supported.
+	ErrPrivateKeyType = errors.New("private key type not supported")
+
+	// ErrModifyingPeerIdentity indicates that an attempt to modify
+	// PeerIdentity was made after PeerConnection has been initialized.
+	ErrModifyingPeerIdentity = errors.New("peerIdentity cannot be modified")
+
+	// ErrModifyingCertificates indicates that an attempt to modify
+	// Certificates was made after PeerConnection has been initialized.
+	ErrModifyingCertificates = errors.New("certificates cannot be modified")
+
+	// ErrModifyingBundlePolicy indicates that an attempt to modify
+	// BundlePolicy was made after PeerConnection has been initialized.
+	ErrModifyingBundlePolicy = errors.New("bundle policy cannot be modified")
+
+	// ErrModifyingRTCPMuxPolicy indicates that an attempt to modify
+	// RTCPMuxPolicy was made after PeerConnection has been initialized.
+	ErrModifyingRTCPMuxPolicy = errors.New("rtcp mux policy cannot be modified")
+
+	// ErrModifyingICECandidatePoolSize indicates that an attempt to modify
+	// ICECandidatePoolSize was made after PeerConnection has been initialized.
+	ErrModifyingICECandidatePoolSize = errors.New("ice candidate pool size cannot be modified")
+
+	// ErrStringSizeLimit indicates that the character size limit of string is
+	// exceeded. The limit is hardcoded to 65535 according to specifications.
+	ErrStringSizeLimit = errors.New("data channel label exceeds size limit")
+
+	// ErrMaxDataChannelID indicates that the maximum number ID that could be
+	// specified for a data channel has been exceeded.
+	ErrMaxDataChannelID = errors.New("maximum number ID for datachannel specified")
+
+	// ErrNegotiatedWithoutID indicates that an attempt to create a data channel
+	// was made while setting the negotiated option to true without providing
+	// the negotiated channel ID.
+	ErrNegotiatedWithoutID = errors.New("negotiated set without channel id")
+
+	// ErrRetransmitsOrPacketLifeTime indicates that an attempt to create a data
+	// channel was made with both options MaxPacketLifeTime and MaxRetransmits
+	// set together. Such configuration is not supported by the specification
+	// and is mutually exclusive.
+	ErrRetransmitsOrPacketLifeTime = errors.New("both MaxPacketLifeTime and MaxRetransmits was set")
+
+	// ErrCodecNotFound is returned when a codec search to the Media Engine fails
+	ErrCodecNotFound = errors.New("codec not found")
+
+	// ErrNoRemoteDescription indicates that an operation was rejected because
+	// the remote description is not set
+	ErrNoRemoteDescription = errors.New("remote description is not set")
+
+	// ErrIncorrectSDPSemantics indicates that the PeerConnection was configured to
+	// generate SDP Answers with different SDP Semantics than the received Offer
+	ErrIncorrectSDPSemantics = errors.New("offer SDP semantics does not match configuration")
+
+	// ErrIncorrectSignalingState indicates that the signaling state of PeerConnection is not correct
+	ErrIncorrectSignalingState = errors.New("operation can not be run in current signaling state")
+
+	// ErrProtocolTooLarge indicates that value given for a DataChannelInit protocol is
+	// longer then 65535 bytes
+	ErrProtocolTooLarge = errors.New("protocol is larger then 65535 bytes")
+
+	// ErrSenderNotCreatedByConnection indicates RemoveTrack was called with a RtpSender not created
+	// by this PeerConnection
+	ErrSenderNotCreatedByConnection = errors.New("RtpSender not created by this PeerConnection")
+
+	// ErrSessionDescriptionNoFingerprint indicates SetRemoteDescription was called with a SessionDescription that has no
+	// fingerprint
+	ErrSessionDescriptionNoFingerprint = errors.New("SetRemoteDescription called with no fingerprint")
+
+	// ErrSessionDescriptionInvalidFingerprint indicates SetRemoteDescription was called with a SessionDescription that
+	// has an invalid fingerprint
+	ErrSessionDescriptionInvalidFingerprint = errors.New("SetRemoteDescription called with an invalid fingerprint")
+
+	// ErrSessionDescriptionConflictingFingerprints indicates SetRemoteDescription was called with a SessionDescription that
+	// has an conflicting fingerprints
+	ErrSessionDescriptionConflictingFingerprints = errors.New("SetRemoteDescription called with multiple conflicting fingerprint")
+
+	// ErrSessionDescriptionMissingIceUfrag indicates SetRemoteDescription was called with a SessionDescription that
+	// is missing an ice-ufrag value
+	ErrSessionDescriptionMissingIceUfrag = errors.New("SetRemoteDescription called with no ice-ufrag")
+
+	// ErrSessionDescriptionMissingIcePwd indicates SetRemoteDescription was called with a SessionDescription that
+	// is missing an ice-pwd value
+	ErrSessionDescriptionMissingIcePwd = errors.New("SetRemoteDescription called with no ice-pwd")
+
+	// ErrSessionDescriptionConflictingIceUfrag  indicates SetRemoteDescription was called with a SessionDescription that
+	// contains multiple conflicting ice-ufrag values
+	ErrSessionDescriptionConflictingIceUfrag = errors.New("SetRemoteDescription called with multiple conflicting ice-ufrag values")
+
+	// ErrSessionDescriptionConflictingIcePwd indicates SetRemoteDescription was called with a SessionDescription that
+	// contains multiple conflicting ice-pwd values
+	ErrSessionDescriptionConflictingIcePwd = errors.New("SetRemoteDescription called with multiple conflicting ice-pwd values")
+
+	// ErrNoSRTPProtectionProfile indicates that the DTLS handshake completed and no SRTP Protection Profile was chosen
+	ErrNoSRTPProtectionProfile = errors.New("DTLS Handshake completed and no SRTP Protection Profile was chosen")
+
+	// ErrFailedToGenerateCertificateFingerprint indicates that we failed to generate the fingerprint used for comparing certificates
+	ErrFailedToGenerateCertificateFingerprint = errors.New("failed to generate certificate fingerprint")
+
+	// ErrNoCodecsAvailable indicates that operation isn't possible because the MediaEngine has no codecs available
+	ErrNoCodecsAvailable = errors.New("operation failed no codecs are available")
+
+	// ErrUnsupportedCodec indicates the remote peer doesn't support the requested codec
+	ErrUnsupportedCodec = errors.New("unable to start track, codec is not supported by remote")
+
+	// ErrUnbindFailed indicates that a TrackLocal was not able to be unbind
+	ErrUnbindFailed = errors.New("failed to unbind TrackLocal from PeerConnection")
+
+	// ErrNoPayloaderForCodec indicates that the requested codec does not have a payloader
+	ErrNoPayloaderForCodec = errors.New("the requested codec does not have a payloader")
+
+	// ErrRegisterHeaderExtensionInvalidDirection indicates that a extension was registered with a direction besides `sendonly` or `recvonly`
+	ErrRegisterHeaderExtensionInvalidDirection = errors.New("a header extension must be registered as 'recvonly', 'sendonly' or both")
+
+	// ErrSimulcastProbeOverflow indicates that too many Simulcast probe streams are in flight and the requested SSRC was ignored
+	ErrSimulcastProbeOverflow = errors.New("simulcast probe limit has been reached, new SSRC has been discarded")
+
+	errDetachNotEnabled                 = errors.New("enable detaching by calling webrtc.DetachDataChannels()")
+	errDetachBeforeOpened               = errors.New("datachannel not opened yet, try calling Detach from OnOpen")
+	errDtlsTransportNotStarted          = errors.New("the DTLS transport has not started yet")
+	errDtlsKeyExtractionFailed          = errors.New("failed extracting keys from DTLS for SRTP")
+	errFailedToStartSRTP                = errors.New("failed to start SRTP")
+	errFailedToStartSRTCP               = errors.New("failed to start SRTCP")
+	errInvalidDTLSStart                 = errors.New("attempted to start DTLSTransport that is not in new state")
+	errNoRemoteCertificate              = errors.New("peer didn't provide certificate via DTLS")
+	errIdentityProviderNotImplemented   = errors.New("identity provider is not implemented")
+	errNoMatchingCertificateFingerprint = errors.New("remote certificate does not match any fingerprint")
+
+	errICEConnectionNotStarted        = errors.New("ICE connection not started")
+	errICECandidateTypeUnknown        = errors.New("unknown candidate type")
+	errICEInvalidConvertCandidateType = errors.New("cannot convert ice.CandidateType into webrtc.ICECandidateType, invalid type")
+	errICEAgentNotExist               = errors.New("ICEAgent does not exist")
+	errICECandiatesCoversionFailed    = errors.New("unable to convert ICE candidates to ICECandidates")
+	errICERoleUnknown                 = errors.New("unknown ICE Role")
+	errICEProtocolUnknown             = errors.New("unknown protocol")
+	errICEGathererNotStarted          = errors.New("gatherer not started")
+
+	errNetworkTypeUnknown = errors.New("unknown network type")
+
+	errSDPDoesNotMatchOffer                           = errors.New("new sdp does not match previous offer")
+	errSDPDoesNotMatchAnswer                          = errors.New("new sdp does not match previous answer")
+	errPeerConnSDPTypeInvalidValue                    = errors.New("provided value is not a valid enum value of type SDPType")
+	errPeerConnStateChangeInvalid                     = errors.New("invalid state change op")
+	errPeerConnStateChangeUnhandled                   = errors.New("unhandled state change op")
+	errPeerConnSDPTypeInvalidValueSetLocalDescription = errors.New("invalid SDP type supplied to SetLocalDescription()")
+	errPeerConnRemoteDescriptionWithoutMidValue       = errors.New("remoteDescription contained media section without mid value")
+	errPeerConnRemoteDescriptionNil                   = errors.New("remoteDescription has not been set yet")
+	errPeerConnSingleMediaSectionHasExplicitSSRC      = errors.New("single media section has an explicit SSRC")
+	errPeerConnRemoteSSRCAddTransceiver               = errors.New("could not add transceiver for remote SSRC")
+	errPeerConnSimulcastMidRTPExtensionRequired       = errors.New("mid RTP Extensions required for Simulcast")
+	errPeerConnSimulcastStreamIDRTPExtensionRequired  = errors.New("stream id RTP Extensions required for Simulcast")
+	errPeerConnSimulcastIncomingSSRCFailed            = errors.New("incoming SSRC failed Simulcast probing")
+	errPeerConnAddTransceiverFromKindOnlyAcceptsOne   = errors.New("AddTransceiverFromKind only accepts one RtpTransceiverInit")
+	errPeerConnAddTransceiverFromTrackOnlyAcceptsOne  = errors.New("AddTransceiverFromTrack only accepts one RtpTransceiverInit")
+	errPeerConnAddTransceiverFromKindSupport          = errors.New("AddTransceiverFromKind currently only supports recvonly")
+	errPeerConnAddTransceiverFromTrackSupport         = errors.New("AddTransceiverFromTrack currently only supports sendonly and sendrecv")
+	errPeerConnSetIdentityProviderNotImplemented      = errors.New("TODO SetIdentityProvider")
+	errPeerConnWriteRTCPOpenWriteStream               = errors.New("WriteRTCP failed to open WriteStream")
+	errPeerConnTranscieverMidNil                      = errors.New("cannot find transceiver with mid")
+
+	errRTPReceiverDTLSTransportNil            = errors.New("DTLSTransport must not be nil")
+	errRTPReceiverReceiveAlreadyCalled        = errors.New("Receive has already been called")
+	errRTPReceiverWithSSRCTrackStreamNotFound = errors.New("unable to find stream for Track with SSRC")
+	errRTPReceiverForSSRCTrackStreamNotFound  = errors.New("no trackStreams found for SSRC")
+	errRTPReceiverForRIDTrackStreamNotFound   = errors.New("no trackStreams found for RID")
+
+	errRTPSenderTrackNil          = errors.New("Track must not be nil")
+	errRTPSenderDTLSTransportNil  = errors.New("DTLSTransport must not be nil")
+	errRTPSenderSendAlreadyCalled = errors.New("Send has already been called")
+
+	errRTPTransceiverCannotChangeMid        = errors.New("errRTPSenderTrackNil")
+	errRTPTransceiverSetSendingInvalidState = errors.New("invalid state change in RTPTransceiver.setSending")
+
+	errSCTPTransportDTLS = errors.New("DTLS not established")
+
+	errSDPZeroTransceivers                 = errors.New("addTransceiverSDP() called with 0 transceivers")
+	errSDPMediaSectionMediaDataChanInvalid = errors.New("invalid Media Section. Media + DataChannel both enabled")
+	errSDPMediaSectionMultipleTrackInvalid = errors.New("invalid Media Section. Can not have multiple tracks in one MediaSection in UnifiedPlan")
+
+	errSettingEngineSetAnsweringDTLSRole = errors.New("SetAnsweringDTLSRole must DTLSRoleClient or DTLSRoleServer")
+
+	errSignalingStateCannotRollback            = errors.New("can't rollback from stable state")
+	errSignalingStateProposedTransitionInvalid = errors.New("invalid proposed signaling state transition")
+
+	errStatsICECandidateStateInvalid = errors.New("cannot convert to StatsICECandidatePairStateSucceeded invalid ice candidate state")
+
+	errICETransportNotInNew = errors.New("ICETransport can only be called in ICETransportStateNew")
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/gathering_complete_promise.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/gathering_complete_promise.go
new file mode 100644
index 000000000..a4d52f943
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/gathering_complete_promise.go
@@ -0,0 +1,24 @@
+package webrtc
+
+import (
+	"context"
+)
+
+// GatheringCompletePromise is a Pion specific helper function that returns a channel that is closed when gathering is complete.
+// This function may be helpful in cases where you are unable to trickle your ICE Candidates.
+//
+// It is better to not use this function, and instead trickle candidates. If you use this function you will see longer connection startup times.
+// When the call is connected you will see no impact however.
+func GatheringCompletePromise(pc *PeerConnection) (gatherComplete <-chan struct{}) {
+	gatheringComplete, done := context.WithCancel(context.Background())
+
+	// It's possible to miss the GatherComplete event since setGatherCompleteHandler is an atomic operation and the
+	// promise might have been created after the gathering is finished. Therefore, we need to check if the ICE gathering
+	// state has changed to complete so that we don't block the caller forever.
+	pc.setGatherCompleteHandler(func() { done() })
+	if pc.ICEGatheringState() == ICEGatheringStateComplete {
+		done()
+	}
+
+	return gatheringComplete.Done()
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/go.mod b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/go.mod
new file mode 100644
index 000000000..9025eafe3
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/go.mod
@@ -0,0 +1,23 @@
+module github.com/pion/webrtc/v3
+
+go 1.12
+
+require (
+	github.com/onsi/ginkgo v1.14.2 // indirect
+	github.com/onsi/gomega v1.10.3 // indirect
+	github.com/pion/datachannel v1.4.21
+	github.com/pion/dtls/v2 v2.0.4
+	github.com/pion/ice/v2 v2.0.14
+	github.com/pion/interceptor v0.0.9
+	github.com/pion/logging v0.2.2
+	github.com/pion/randutil v0.1.0
+	github.com/pion/rtcp v1.2.6
+	github.com/pion/rtp v1.6.2
+	github.com/pion/sctp v1.7.11
+	github.com/pion/sdp/v3 v3.0.4
+	github.com/pion/srtp/v2 v2.0.1
+	github.com/pion/transport v0.12.2
+	github.com/sclevine/agouti v3.0.0+incompatible
+	github.com/stretchr/testify v1.7.0
+	golang.org/x/net v0.0.0-20201201195509-5d6afe98e0b7
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/go.sum b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/go.sum
new file mode 100644
index 000000000..fd0314bf7
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/go.sum
@@ -0,0 +1,138 @@
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
+github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4=
+github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
+github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
+github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
+github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
+github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
+github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
+github.com/golang/protobuf v1.4.2 h1:+Z5KGCizgyZCbGh1KZqA0fcLLkwbsjIzS4aV2v7wJX0=
+github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.4.0 h1:xsAVV57WRhGj6kEIi8ReJzQlHHqcBYCElAvkovg3B/4=
+github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/uuid v1.1.2 h1:EVhdT+1Kseyi1/pUmXKaFxYsDNy9RQYkMWRH68J/W7Y=
+github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
+github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
+github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/nxadm/tail v1.4.4 h1:DQuhQpB1tVlglWS2hLQ5OV6B5r8aGxSrPc5Qo6uTN78=
+github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
+github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
+github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
+github.com/onsi/ginkgo v1.14.2 h1:8mVmC9kjFFmA8H4pKMUhcblgifdkOIXPvbhN1T36q1M=
+github.com/onsi/ginkgo v1.14.2/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY=
+github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
+github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
+github.com/onsi/gomega v1.10.3 h1:gph6h/qe9GSUw1NhH1gp+qb+h8rXD8Cy60Z32Qw3ELA=
+github.com/onsi/gomega v1.10.3/go.mod h1:V9xEwhxec5O8UDM77eCW8vLymOMltsqPVYWrpDsH8xc=
+github.com/pion/datachannel v1.4.21 h1:3ZvhNyfmxsAqltQrApLPQMhSFNA+aT87RqyCq4OXmf0=
+github.com/pion/datachannel v1.4.21/go.mod h1:oiNyP4gHx2DIwRzX/MFyH0Rz/Gz05OgBlayAI2hAWjg=
+github.com/pion/dtls/v2 v2.0.4 h1:WuUcqi6oYMu/noNTz92QrF1DaFj4eXbhQ6dzaaAwOiI=
+github.com/pion/dtls/v2 v2.0.4/go.mod h1:qAkFscX0ZHoI1E07RfYPoRw3manThveu+mlTDdOxoGI=
+github.com/pion/ice/v2 v2.0.14 h1:FxXxauyykf89SWAtkQCfnHkno6G8+bhRkNguSh9zU+4=
+github.com/pion/ice/v2 v2.0.14/go.mod h1:wqaUbOq5ObDNU5ox1hRsEst0rWfsKuH1zXjQFEWiZwM=
+github.com/pion/interceptor v0.0.9 h1:fk5hTdyLO3KURQsf/+RjMpEm4NE3yeTY9Kh97b5BvwA=
+github.com/pion/interceptor v0.0.9/go.mod h1:dHgEP5dtxOTf21MObuBAjJeAayPxLUAZjerGH8Xr07c=
+github.com/pion/logging v0.2.2 h1:M9+AIj/+pxNsDfAT64+MAVgJO0rsyLnoJKCqf//DoeY=
+github.com/pion/logging v0.2.2/go.mod h1:k0/tDVsRCX2Mb2ZEmTqNa7CWsQPc+YYCB7Q+5pahoms=
+github.com/pion/mdns v0.0.4 h1:O4vvVqr4DGX63vzmO6Fw9vpy3lfztVWHGCQfyw0ZLSY=
+github.com/pion/mdns v0.0.4/go.mod h1:R1sL0p50l42S5lJs91oNdUL58nm0QHrhxnSegr++qC0=
+github.com/pion/randutil v0.1.0 h1:CFG1UdESneORglEsnimhUjf33Rwjubwj6xfiOXBa3mA=
+github.com/pion/randutil v0.1.0/go.mod h1:XcJrSMMbbMRhASFVOlj/5hQial/Y8oH/HVo7TBZq+j8=
+github.com/pion/rtcp v1.2.6 h1:1zvwBbyd0TeEuuWftrd/4d++m+/kZSeiguxU61LFWpo=
+github.com/pion/rtcp v1.2.6/go.mod h1:52rMNPWFsjr39z9B9MhnkqhPLoeHTv1aN63o/42bWE0=
+github.com/pion/rtp v1.6.2 h1:iGBerLX6JiDjB9NXuaPzHyxHFG9JsIEdgwTC0lp5n/U=
+github.com/pion/rtp v1.6.2/go.mod h1:bDb5n+BFZxXx0Ea7E5qe+klMuqiBrP+w8XSjiWtCUko=
+github.com/pion/sctp v1.7.10/go.mod h1:EhpTUQu1/lcK3xI+eriS6/96fWetHGCvBi9MSsnaBN0=
+github.com/pion/sctp v1.7.11 h1:UCnj7MsobLKLuP/Hh+JMiI/6W5Bs/VF45lWKgHFjSIE=
+github.com/pion/sctp v1.7.11/go.mod h1:EhpTUQu1/lcK3xI+eriS6/96fWetHGCvBi9MSsnaBN0=
+github.com/pion/sdp/v3 v3.0.4 h1:2Kf+dgrzJflNCSw3TV5v2VLeI0s/qkzy2r5jlR0wzf8=
+github.com/pion/sdp/v3 v3.0.4/go.mod h1:bNiSknmJE0HYBprTHXKPQ3+JjacTv5uap92ueJZKsRk=
+github.com/pion/srtp/v2 v2.0.1 h1:kgfh65ob3EcnFYA4kUBvU/menCp9u7qaJLXwWgpobzs=
+github.com/pion/srtp/v2 v2.0.1/go.mod h1:c8NWHhhkFf/drmHTAblkdu8++lsISEBBdAuiyxgqIsE=
+github.com/pion/stun v0.3.5 h1:uLUCBCkQby4S1cf6CGuR9QrVOKcvUwFeemaC865QHDg=
+github.com/pion/stun v0.3.5/go.mod h1:gDMim+47EeEtfWogA37n6qXZS88L5V6LqFcf+DZA2UA=
+github.com/pion/transport v0.8.10/go.mod h1:tBmha/UCjpum5hqTWhfAEs3CO4/tHSg0MYRhSzR+CZ8=
+github.com/pion/transport v0.10.0/go.mod h1:BnHnUipd0rZQyTVB2SBGojFHT9CBt5C5TcsJSQGkvSE=
+github.com/pion/transport v0.10.1/go.mod h1:PBis1stIILMiis0PewDw91WJeLJkyIMcEk+DwKOzf4A=
+github.com/pion/transport v0.12.0/go.mod h1:N3+vZQD9HlDP5GWkZ85LohxNsDcNgofQmyL6ojX5d8Q=
+github.com/pion/transport v0.12.2 h1:WYEjhloRHt1R86LhUKjC5y+P52Y11/QqEUalvtzVoys=
+github.com/pion/transport v0.12.2/go.mod h1:N3+vZQD9HlDP5GWkZ85LohxNsDcNgofQmyL6ojX5d8Q=
+github.com/pion/turn/v2 v2.0.5 h1:iwMHqDfPEDEOFzwWKT56eFmh6DYC6o/+xnLAEzgISbA=
+github.com/pion/turn/v2 v2.0.5/go.mod h1:APg43CFyt/14Uy7heYUOGWdkem/Wu4PhCO/bjyrTqMw=
+github.com/pion/udp v0.1.0 h1:uGxQsNyrqG3GLINv36Ff60covYmfrLoxzwnCsIYspXI=
+github.com/pion/udp v0.1.0/go.mod h1:BPELIjbwE9PRbd/zxI/KYBnbo7B6+oA6YuEaNE8lths=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/sclevine/agouti v3.0.0+incompatible h1:8IBJS6PWz3uTlMP3YBIR5f+KAldcGuOeFkFbUWfBgK4=
+github.com/sclevine/agouti v3.0.0+incompatible/go.mod h1:b4WX9W9L1sfQKXeJf1mUTLZKJ48R1S7H23Ji7oFO5Bw=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
+github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897 h1:pLI5jrR7OSLijeIDcmRxNmw2api+jEfxLoykJVice/E=
+golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20191126235420-ef20fe5d7933/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20201006153459-a7d1128ccaa0/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20201201195509-5d6afe98e0b7 h1:3uJsdck53FDIpWwLeAXlia9p4C8j0BO2xZrqzKpL0D8=
+golang.org/x/net v0.0.0-20201201195509-5d6afe98e0b7/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f h1:+Nyd8tzPX9R7BWHguqsrbFdRx3WQ/1ib8I44HXV5yTA=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
+google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
+google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
+google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
+google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
+google.golang.org/protobuf v1.23.0 h1:4MY060fB1DLGMB/7MBTLnwQUY6+F09GEiz6SsrNqyzM=
+google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo=
+gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
+gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
+gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU=
+gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/ice_go.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/ice_go.go
new file mode 100644
index 000000000..897ed0da3
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/ice_go.go
@@ -0,0 +1,10 @@
+// +build !js
+
+package webrtc
+
+// NewICETransport creates a new NewICETransport.
+// This constructor is part of the ORTC API. It is not
+// meant to be used together with the basic WebRTC API.
+func (api *API) NewICETransport(gatherer *ICEGatherer) *ICETransport {
+	return NewICETransport(gatherer, api.settingEngine.LoggerFactory)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/icecandidate.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/icecandidate.go
new file mode 100644
index 000000000..1b0fbfcdb
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/icecandidate.go
@@ -0,0 +1,169 @@
+package webrtc
+
+import (
+	"fmt"
+
+	"github.com/pion/ice/v2"
+)
+
+// ICECandidate represents a ice candidate
+type ICECandidate struct {
+	statsID        string
+	Foundation     string           `json:"foundation"`
+	Priority       uint32           `json:"priority"`
+	Address        string           `json:"address"`
+	Protocol       ICEProtocol      `json:"protocol"`
+	Port           uint16           `json:"port"`
+	Typ            ICECandidateType `json:"type"`
+	Component      uint16           `json:"component"`
+	RelatedAddress string           `json:"relatedAddress"`
+	RelatedPort    uint16           `json:"relatedPort"`
+	TCPType        string           `json:"tcpType"`
+}
+
+// Conversion for package ice
+
+func newICECandidatesFromICE(iceCandidates []ice.Candidate) ([]ICECandidate, error) {
+	candidates := []ICECandidate{}
+
+	for _, i := range iceCandidates {
+		c, err := newICECandidateFromICE(i)
+		if err != nil {
+			return nil, err
+		}
+		candidates = append(candidates, c)
+	}
+
+	return candidates, nil
+}
+
+func newICECandidateFromICE(i ice.Candidate) (ICECandidate, error) {
+	typ, err := convertTypeFromICE(i.Type())
+	if err != nil {
+		return ICECandidate{}, err
+	}
+	protocol, err := NewICEProtocol(i.NetworkType().NetworkShort())
+	if err != nil {
+		return ICECandidate{}, err
+	}
+
+	c := ICECandidate{
+		statsID:    i.ID(),
+		Foundation: i.Foundation(),
+		Priority:   i.Priority(),
+		Address:    i.Address(),
+		Protocol:   protocol,
+		Port:       uint16(i.Port()),
+		Component:  i.Component(),
+		Typ:        typ,
+		TCPType:    i.TCPType().String(),
+	}
+
+	if i.RelatedAddress() != nil {
+		c.RelatedAddress = i.RelatedAddress().Address
+		c.RelatedPort = uint16(i.RelatedAddress().Port)
+	}
+
+	return c, nil
+}
+
+func (c ICECandidate) toICE() (ice.Candidate, error) {
+	candidateID := c.statsID
+	switch c.Typ {
+	case ICECandidateTypeHost:
+		config := ice.CandidateHostConfig{
+			CandidateID: candidateID,
+			Network:     c.Protocol.String(),
+			Address:     c.Address,
+			Port:        int(c.Port),
+			Component:   c.Component,
+			TCPType:     ice.NewTCPType(c.TCPType),
+			Foundation:  c.Foundation,
+			Priority:    c.Priority,
+		}
+		return ice.NewCandidateHost(&config)
+	case ICECandidateTypeSrflx:
+		config := ice.CandidateServerReflexiveConfig{
+			CandidateID: candidateID,
+			Network:     c.Protocol.String(),
+			Address:     c.Address,
+			Port:        int(c.Port),
+			Component:   c.Component,
+			Foundation:  c.Foundation,
+			Priority:    c.Priority,
+			RelAddr:     c.RelatedAddress,
+			RelPort:     int(c.RelatedPort),
+		}
+		return ice.NewCandidateServerReflexive(&config)
+	case ICECandidateTypePrflx:
+		config := ice.CandidatePeerReflexiveConfig{
+			CandidateID: candidateID,
+			Network:     c.Protocol.String(),
+			Address:     c.Address,
+			Port:        int(c.Port),
+			Component:   c.Component,
+			Foundation:  c.Foundation,
+			Priority:    c.Priority,
+			RelAddr:     c.RelatedAddress,
+			RelPort:     int(c.RelatedPort),
+		}
+		return ice.NewCandidatePeerReflexive(&config)
+	case ICECandidateTypeRelay:
+		config := ice.CandidateRelayConfig{
+			CandidateID: candidateID,
+			Network:     c.Protocol.String(),
+			Address:     c.Address,
+			Port:        int(c.Port),
+			Component:   c.Component,
+			Foundation:  c.Foundation,
+			Priority:    c.Priority,
+			RelAddr:     c.RelatedAddress,
+			RelPort:     int(c.RelatedPort),
+		}
+		return ice.NewCandidateRelay(&config)
+	default:
+		return nil, fmt.Errorf("%w: %s", errICECandidateTypeUnknown, c.Typ)
+	}
+}
+
+func convertTypeFromICE(t ice.CandidateType) (ICECandidateType, error) {
+	switch t {
+	case ice.CandidateTypeHost:
+		return ICECandidateTypeHost, nil
+	case ice.CandidateTypeServerReflexive:
+		return ICECandidateTypeSrflx, nil
+	case ice.CandidateTypePeerReflexive:
+		return ICECandidateTypePrflx, nil
+	case ice.CandidateTypeRelay:
+		return ICECandidateTypeRelay, nil
+	default:
+		return ICECandidateType(t), fmt.Errorf("%w: %s", errICECandidateTypeUnknown, t)
+	}
+}
+
+func (c ICECandidate) String() string {
+	ic, err := c.toICE()
+	if err != nil {
+		return fmt.Sprintf("%#v failed to convert to ICE: %s", c, err)
+	}
+	return ic.String()
+}
+
+// ToJSON returns an ICECandidateInit
+// as indicated by the spec https://w3c.github.io/webrtc-pc/#dom-rtcicecandidate-tojson
+func (c ICECandidate) ToJSON() ICECandidateInit {
+	zeroVal := uint16(0)
+	emptyStr := ""
+	candidateStr := ""
+
+	candidate, err := c.toICE()
+	if err == nil {
+		candidateStr = candidate.Marshal()
+	}
+
+	return ICECandidateInit{
+		Candidate:     fmt.Sprintf("candidate:%s", candidateStr),
+		SDPMid:        &emptyStr,
+		SDPMLineIndex: &zeroVal,
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/icecandidateinit.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/icecandidateinit.go
new file mode 100644
index 000000000..31ebb4ba7
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/icecandidateinit.go
@@ -0,0 +1,9 @@
+package webrtc
+
+// ICECandidateInit is used to serialize ice candidates
+type ICECandidateInit struct {
+	Candidate        string  `json:"candidate"`
+	SDPMid           *string `json:"sdpMid"`
+	SDPMLineIndex    *uint16 `json:"sdpMLineIndex"`
+	UsernameFragment *string `json:"usernameFragment"`
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/icecandidatepair.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/icecandidatepair.go
new file mode 100644
index 000000000..7350fbe59
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/icecandidatepair.go
@@ -0,0 +1,29 @@
+package webrtc
+
+import "fmt"
+
+// ICECandidatePair represents an ICE Candidate pair
+type ICECandidatePair struct {
+	statsID string
+	Local   *ICECandidate
+	Remote  *ICECandidate
+}
+
+func newICECandidatePairStatsID(localID, remoteID string) string {
+	return fmt.Sprintf("%s-%s", localID, remoteID)
+}
+
+func (p *ICECandidatePair) String() string {
+	return fmt.Sprintf("(local) %s <-> (remote) %s", p.Local, p.Remote)
+}
+
+// NewICECandidatePair returns an initialized *ICECandidatePair
+// for the given pair of ICECandidate instances
+func NewICECandidatePair(local, remote *ICECandidate) *ICECandidatePair {
+	statsID := newICECandidatePairStatsID(local.statsID, remote.statsID)
+	return &ICECandidatePair{
+		statsID: statsID,
+		Local:   local,
+		Remote:  remote,
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/icecandidatetype.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/icecandidatetype.go
new file mode 100644
index 000000000..e57bf14af
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/icecandidatetype.go
@@ -0,0 +1,94 @@
+package webrtc
+
+import (
+	"fmt"
+
+	"github.com/pion/ice/v2"
+)
+
+// ICECandidateType represents the type of the ICE candidate used.
+type ICECandidateType int
+
+const (
+	// ICECandidateTypeHost indicates that the candidate is of Host type as
+	// described in https://tools.ietf.org/html/rfc8445#section-5.1.1.1. A
+	// candidate obtained by binding to a specific port from an IP address on
+	// the host. This includes IP addresses on physical interfaces and logical
+	// ones, such as ones obtained through VPNs.
+	ICECandidateTypeHost ICECandidateType = iota + 1
+
+	// ICECandidateTypeSrflx indicates the the candidate is of Server
+	// Reflexive type as described
+	// https://tools.ietf.org/html/rfc8445#section-5.1.1.2. A candidate type
+	// whose IP address and port are a binding allocated by a NAT for an ICE
+	// agent after it sends a packet through the NAT to a server, such as a
+	// STUN server.
+	ICECandidateTypeSrflx
+
+	// ICECandidateTypePrflx indicates that the candidate is of Peer
+	// Reflexive type. A candidate type whose IP address and port are a binding
+	// allocated by a NAT for an ICE agent after it sends a packet through the
+	// NAT to its peer.
+	ICECandidateTypePrflx
+
+	// ICECandidateTypeRelay indicates the the candidate is of Relay type as
+	// described in https://tools.ietf.org/html/rfc8445#section-5.1.1.2. A
+	// candidate type obtained from a relay server, such as a TURN server.
+	ICECandidateTypeRelay
+)
+
+// This is done this way because of a linter.
+const (
+	iceCandidateTypeHostStr  = "host"
+	iceCandidateTypeSrflxStr = "srflx"
+	iceCandidateTypePrflxStr = "prflx"
+	iceCandidateTypeRelayStr = "relay"
+)
+
+// NewICECandidateType takes a string and converts it into ICECandidateType
+func NewICECandidateType(raw string) (ICECandidateType, error) {
+	switch raw {
+	case iceCandidateTypeHostStr:
+		return ICECandidateTypeHost, nil
+	case iceCandidateTypeSrflxStr:
+		return ICECandidateTypeSrflx, nil
+	case iceCandidateTypePrflxStr:
+		return ICECandidateTypePrflx, nil
+	case iceCandidateTypeRelayStr:
+		return ICECandidateTypeRelay, nil
+	default:
+		return ICECandidateType(Unknown), fmt.Errorf("%w: %s", errICECandidateTypeUnknown, raw)
+	}
+}
+
+func (t ICECandidateType) String() string {
+	switch t {
+	case ICECandidateTypeHost:
+		return iceCandidateTypeHostStr
+	case ICECandidateTypeSrflx:
+		return iceCandidateTypeSrflxStr
+	case ICECandidateTypePrflx:
+		return iceCandidateTypePrflxStr
+	case ICECandidateTypeRelay:
+		return iceCandidateTypeRelayStr
+	default:
+		return ErrUnknownType.Error()
+	}
+}
+
+func getCandidateType(candidateType ice.CandidateType) (ICECandidateType, error) {
+	switch candidateType {
+	case ice.CandidateTypeHost:
+		return ICECandidateTypeHost, nil
+	case ice.CandidateTypeServerReflexive:
+		return ICECandidateTypeSrflx, nil
+	case ice.CandidateTypePeerReflexive:
+		return ICECandidateTypePrflx, nil
+	case ice.CandidateTypeRelay:
+		return ICECandidateTypeRelay, nil
+	default:
+		// NOTE: this should never happen[tm]
+		err := fmt.Errorf("%w: %s", errICEInvalidConvertCandidateType, candidateType.String())
+		return ICECandidateType(Unknown), err
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/icecomponent.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/icecomponent.go
new file mode 100644
index 000000000..1f03ec5b0
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/icecomponent.go
@@ -0,0 +1,47 @@
+package webrtc
+
+// ICEComponent describes if the ice transport is used for RTP
+// (or RTCP multiplexing).
+type ICEComponent int
+
+const (
+	// ICEComponentRTP indicates that the ICE Transport is used for RTP (or
+	// RTCP multiplexing), as defined in
+	// https://tools.ietf.org/html/rfc5245#section-4.1.1.1. Protocols
+	// multiplexed with RTP (e.g. data channel) share its component ID. This
+	// represents the component-id value 1 when encoded in candidate-attribute.
+	ICEComponentRTP ICEComponent = iota + 1
+
+	// ICEComponentRTCP indicates that the ICE Transport is used for RTCP as
+	// defined by https://tools.ietf.org/html/rfc5245#section-4.1.1.1. This
+	// represents the component-id value 2 when encoded in candidate-attribute.
+	ICEComponentRTCP
+)
+
+// This is done this way because of a linter.
+const (
+	iceComponentRTPStr  = "rtp"
+	iceComponentRTCPStr = "rtcp"
+)
+
+func newICEComponent(raw string) ICEComponent {
+	switch raw {
+	case iceComponentRTPStr:
+		return ICEComponentRTP
+	case iceComponentRTCPStr:
+		return ICEComponentRTCP
+	default:
+		return ICEComponent(Unknown)
+	}
+}
+
+func (t ICEComponent) String() string {
+	switch t {
+	case ICEComponentRTP:
+		return iceComponentRTPStr
+	case ICEComponentRTCP:
+		return iceComponentRTCPStr
+	default:
+		return ErrUnknownType.Error()
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/iceconnectionstate.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/iceconnectionstate.go
new file mode 100644
index 000000000..22fd26975
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/iceconnectionstate.go
@@ -0,0 +1,94 @@
+package webrtc
+
+// ICEConnectionState indicates signaling state of the ICE Connection.
+type ICEConnectionState int
+
+const (
+	// ICEConnectionStateNew indicates that any of the ICETransports are
+	// in the "new" state and none of them are in the "checking", "disconnected"
+	// or "failed" state, or all ICETransports are in the "closed" state, or
+	// there are no transports.
+	ICEConnectionStateNew ICEConnectionState = iota + 1
+
+	// ICEConnectionStateChecking indicates that any of the ICETransports
+	// are in the "checking" state and none of them are in the "disconnected"
+	// or "failed" state.
+	ICEConnectionStateChecking
+
+	// ICEConnectionStateConnected indicates that all ICETransports are
+	// in the "connected", "completed" or "closed" state and at least one of
+	// them is in the "connected" state.
+	ICEConnectionStateConnected
+
+	// ICEConnectionStateCompleted indicates that all ICETransports are
+	// in the "completed" or "closed" state and at least one of them is in the
+	// "completed" state.
+	ICEConnectionStateCompleted
+
+	// ICEConnectionStateDisconnected indicates that any of the
+	// ICETransports are in the "disconnected" state and none of them are
+	// in the "failed" state.
+	ICEConnectionStateDisconnected
+
+	// ICEConnectionStateFailed indicates that any of the ICETransports
+	// are in the "failed" state.
+	ICEConnectionStateFailed
+
+	// ICEConnectionStateClosed indicates that the PeerConnection's
+	// isClosed is true.
+	ICEConnectionStateClosed
+)
+
+// This is done this way because of a linter.
+const (
+	iceConnectionStateNewStr          = "new"
+	iceConnectionStateCheckingStr     = "checking"
+	iceConnectionStateConnectedStr    = "connected"
+	iceConnectionStateCompletedStr    = "completed"
+	iceConnectionStateDisconnectedStr = "disconnected"
+	iceConnectionStateFailedStr       = "failed"
+	iceConnectionStateClosedStr       = "closed"
+)
+
+// NewICEConnectionState takes a string and converts it to ICEConnectionState
+func NewICEConnectionState(raw string) ICEConnectionState {
+	switch raw {
+	case iceConnectionStateNewStr:
+		return ICEConnectionStateNew
+	case iceConnectionStateCheckingStr:
+		return ICEConnectionStateChecking
+	case iceConnectionStateConnectedStr:
+		return ICEConnectionStateConnected
+	case iceConnectionStateCompletedStr:
+		return ICEConnectionStateCompleted
+	case iceConnectionStateDisconnectedStr:
+		return ICEConnectionStateDisconnected
+	case iceConnectionStateFailedStr:
+		return ICEConnectionStateFailed
+	case iceConnectionStateClosedStr:
+		return ICEConnectionStateClosed
+	default:
+		return ICEConnectionState(Unknown)
+	}
+}
+
+func (c ICEConnectionState) String() string {
+	switch c {
+	case ICEConnectionStateNew:
+		return iceConnectionStateNewStr
+	case ICEConnectionStateChecking:
+		return iceConnectionStateCheckingStr
+	case ICEConnectionStateConnected:
+		return iceConnectionStateConnectedStr
+	case ICEConnectionStateCompleted:
+		return iceConnectionStateCompletedStr
+	case ICEConnectionStateDisconnected:
+		return iceConnectionStateDisconnectedStr
+	case ICEConnectionStateFailed:
+		return iceConnectionStateFailedStr
+	case ICEConnectionStateClosed:
+		return iceConnectionStateClosedStr
+	default:
+		return ErrUnknownType.Error()
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/icecredentialtype.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/icecredentialtype.go
new file mode 100644
index 000000000..3967c16da
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/icecredentialtype.go
@@ -0,0 +1,43 @@
+package webrtc
+
+// ICECredentialType indicates the type of credentials used to connect to
+// an ICE server.
+type ICECredentialType int
+
+const (
+	// ICECredentialTypePassword describes username and password based
+	// credentials as described in https://tools.ietf.org/html/rfc5389.
+	ICECredentialTypePassword ICECredentialType = iota
+
+	// ICECredentialTypeOauth describes token based credential as described
+	// in https://tools.ietf.org/html/rfc7635.
+	ICECredentialTypeOauth
+)
+
+// This is done this way because of a linter.
+const (
+	iceCredentialTypePasswordStr = "password"
+	iceCredentialTypeOauthStr    = "oauth"
+)
+
+func newICECredentialType(raw string) ICECredentialType {
+	switch raw {
+	case iceCredentialTypePasswordStr:
+		return ICECredentialTypePassword
+	case iceCredentialTypeOauthStr:
+		return ICECredentialTypeOauth
+	default:
+		return ICECredentialType(Unknown)
+	}
+}
+
+func (t ICECredentialType) String() string {
+	switch t {
+	case ICECredentialTypePassword:
+		return iceCredentialTypePasswordStr
+	case ICECredentialTypeOauth:
+		return iceCredentialTypeOauthStr
+	default:
+		return ErrUnknownType.Error()
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/icegatherer.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/icegatherer.go
new file mode 100644
index 000000000..31c64ee85
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/icegatherer.go
@@ -0,0 +1,367 @@
+// +build !js
+
+package webrtc
+
+import (
+	"sync"
+	"sync/atomic"
+
+	"github.com/pion/ice/v2"
+	"github.com/pion/logging"
+)
+
+// ICEGatherer gathers local host, server reflexive and relay
+// candidates, as well as enabling the retrieval of local Interactive
+// Connectivity Establishment (ICE) parameters which can be
+// exchanged in signaling.
+type ICEGatherer struct {
+	lock  sync.RWMutex
+	log   logging.LeveledLogger
+	state ICEGathererState
+
+	validatedServers []*ice.URL
+	gatherPolicy     ICETransportPolicy
+
+	agent *ice.Agent
+
+	onLocalCandidateHandler atomic.Value // func(candidate *ICECandidate)
+	onStateChangeHandler    atomic.Value // func(state ICEGathererState)
+
+	// Used for GatheringCompletePromise
+	onGatheringCompleteHandler atomic.Value // func()
+
+	api *API
+}
+
+// NewICEGatherer creates a new NewICEGatherer.
+// This constructor is part of the ORTC API. It is not
+// meant to be used together with the basic WebRTC API.
+func (api *API) NewICEGatherer(opts ICEGatherOptions) (*ICEGatherer, error) {
+	var validatedServers []*ice.URL
+	if len(opts.ICEServers) > 0 {
+		for _, server := range opts.ICEServers {
+			url, err := server.urls()
+			if err != nil {
+				return nil, err
+			}
+			validatedServers = append(validatedServers, url...)
+		}
+	}
+
+	return &ICEGatherer{
+		state:            ICEGathererStateNew,
+		gatherPolicy:     opts.ICEGatherPolicy,
+		validatedServers: validatedServers,
+		api:              api,
+		log:              api.settingEngine.LoggerFactory.NewLogger("ice"),
+	}, nil
+}
+
+func (g *ICEGatherer) createAgent() error {
+	g.lock.Lock()
+	defer g.lock.Unlock()
+
+	if g.agent != nil || g.State() != ICEGathererStateNew {
+		return nil
+	}
+
+	candidateTypes := []ice.CandidateType{}
+	if g.api.settingEngine.candidates.ICELite {
+		candidateTypes = append(candidateTypes, ice.CandidateTypeHost)
+	} else if g.gatherPolicy == ICETransportPolicyRelay {
+		candidateTypes = append(candidateTypes, ice.CandidateTypeRelay)
+	}
+
+	var nat1To1CandiTyp ice.CandidateType
+	switch g.api.settingEngine.candidates.NAT1To1IPCandidateType {
+	case ICECandidateTypeHost:
+		nat1To1CandiTyp = ice.CandidateTypeHost
+	case ICECandidateTypeSrflx:
+		nat1To1CandiTyp = ice.CandidateTypeServerReflexive
+	default:
+		nat1To1CandiTyp = ice.CandidateTypeUnspecified
+	}
+
+	mDNSMode := g.api.settingEngine.candidates.MulticastDNSMode
+	if mDNSMode != ice.MulticastDNSModeDisabled && mDNSMode != ice.MulticastDNSModeQueryAndGather {
+		// If enum is in state we don't recognized default to MulticastDNSModeQueryOnly
+		mDNSMode = ice.MulticastDNSModeQueryOnly
+	}
+
+	config := &ice.AgentConfig{
+		Lite:                   g.api.settingEngine.candidates.ICELite,
+		Urls:                   g.validatedServers,
+		PortMin:                g.api.settingEngine.ephemeralUDP.PortMin,
+		PortMax:                g.api.settingEngine.ephemeralUDP.PortMax,
+		DisconnectedTimeout:    g.api.settingEngine.timeout.ICEDisconnectedTimeout,
+		FailedTimeout:          g.api.settingEngine.timeout.ICEFailedTimeout,
+		KeepaliveInterval:      g.api.settingEngine.timeout.ICEKeepaliveInterval,
+		LoggerFactory:          g.api.settingEngine.LoggerFactory,
+		CandidateTypes:         candidateTypes,
+		HostAcceptanceMinWait:  g.api.settingEngine.timeout.ICEHostAcceptanceMinWait,
+		SrflxAcceptanceMinWait: g.api.settingEngine.timeout.ICESrflxAcceptanceMinWait,
+		PrflxAcceptanceMinWait: g.api.settingEngine.timeout.ICEPrflxAcceptanceMinWait,
+		RelayAcceptanceMinWait: g.api.settingEngine.timeout.ICERelayAcceptanceMinWait,
+		InterfaceFilter:        g.api.settingEngine.candidates.InterfaceFilter,
+		NAT1To1IPs:             g.api.settingEngine.candidates.NAT1To1IPs,
+		NAT1To1IPCandidateType: nat1To1CandiTyp,
+		Net:                    g.api.settingEngine.vnet,
+		MulticastDNSMode:       mDNSMode,
+		MulticastDNSHostName:   g.api.settingEngine.candidates.MulticastDNSHostName,
+		LocalUfrag:             g.api.settingEngine.candidates.UsernameFragment,
+		LocalPwd:               g.api.settingEngine.candidates.Password,
+		TCPMux:                 g.api.settingEngine.iceTCPMux,
+		ProxyDialer:            g.api.settingEngine.iceProxyDialer,
+	}
+
+	requestedNetworkTypes := g.api.settingEngine.candidates.ICENetworkTypes
+	if len(requestedNetworkTypes) == 0 {
+		requestedNetworkTypes = supportedNetworkTypes()
+	}
+
+	for _, typ := range requestedNetworkTypes {
+		config.NetworkTypes = append(config.NetworkTypes, ice.NetworkType(typ))
+	}
+
+	agent, err := ice.NewAgent(config)
+	if err != nil {
+		return err
+	}
+
+	g.agent = agent
+	return nil
+}
+
+// Gather ICE candidates.
+func (g *ICEGatherer) Gather() error {
+	if err := g.createAgent(); err != nil {
+		return err
+	}
+
+	g.lock.Lock()
+	agent := g.agent
+	g.lock.Unlock()
+
+	g.setState(ICEGathererStateGathering)
+	if err := agent.OnCandidate(func(candidate ice.Candidate) {
+		onLocalCandidateHandler := func(*ICECandidate) {}
+		if handler, ok := g.onLocalCandidateHandler.Load().(func(candidate *ICECandidate)); ok && handler != nil {
+			onLocalCandidateHandler = handler
+		}
+
+		onGatheringCompleteHandler := func() {}
+		if handler, ok := g.onGatheringCompleteHandler.Load().(func()); ok && handler != nil {
+			onGatheringCompleteHandler = handler
+		}
+
+		if candidate != nil {
+			c, err := newICECandidateFromICE(candidate)
+			if err != nil {
+				g.log.Warnf("Failed to convert ice.Candidate: %s", err)
+				return
+			}
+			onLocalCandidateHandler(&c)
+		} else {
+			g.setState(ICEGathererStateComplete)
+
+			onGatheringCompleteHandler()
+			onLocalCandidateHandler(nil)
+		}
+	}); err != nil {
+		return err
+	}
+	return agent.GatherCandidates()
+}
+
+// Close prunes all local candidates, and closes the ports.
+func (g *ICEGatherer) Close() error {
+	g.lock.Lock()
+	defer g.lock.Unlock()
+
+	if g.agent == nil {
+		return nil
+	} else if err := g.agent.Close(); err != nil {
+		return err
+	}
+
+	g.agent = nil
+	g.setState(ICEGathererStateClosed)
+
+	return nil
+}
+
+// GetLocalParameters returns the ICE parameters of the ICEGatherer.
+func (g *ICEGatherer) GetLocalParameters() (ICEParameters, error) {
+	if err := g.createAgent(); err != nil {
+		return ICEParameters{}, err
+	}
+
+	frag, pwd, err := g.agent.GetLocalUserCredentials()
+	if err != nil {
+		return ICEParameters{}, err
+	}
+
+	return ICEParameters{
+		UsernameFragment: frag,
+		Password:         pwd,
+		ICELite:          false,
+	}, nil
+}
+
+// GetLocalCandidates returns the sequence of valid local candidates associated with the ICEGatherer.
+func (g *ICEGatherer) GetLocalCandidates() ([]ICECandidate, error) {
+	if err := g.createAgent(); err != nil {
+		return nil, err
+	}
+	iceCandidates, err := g.agent.GetLocalCandidates()
+	if err != nil {
+		return nil, err
+	}
+
+	return newICECandidatesFromICE(iceCandidates)
+}
+
+// OnLocalCandidate sets an event handler which fires when a new local ICE candidate is available
+// Take note that the handler is gonna be called with a nil pointer when gathering is finished.
+func (g *ICEGatherer) OnLocalCandidate(f func(*ICECandidate)) {
+	g.onLocalCandidateHandler.Store(f)
+}
+
+// OnStateChange fires any time the ICEGatherer changes
+func (g *ICEGatherer) OnStateChange(f func(ICEGathererState)) {
+	g.onStateChangeHandler.Store(f)
+}
+
+// State indicates the current state of the ICE gatherer.
+func (g *ICEGatherer) State() ICEGathererState {
+	return atomicLoadICEGathererState(&g.state)
+}
+
+func (g *ICEGatherer) setState(s ICEGathererState) {
+	atomicStoreICEGathererState(&g.state, s)
+
+	if handler, ok := g.onStateChangeHandler.Load().(func(state ICEGathererState)); ok && handler != nil {
+		handler(s)
+	}
+}
+
+func (g *ICEGatherer) getAgent() *ice.Agent {
+	g.lock.RLock()
+	defer g.lock.RUnlock()
+	return g.agent
+}
+
+func (g *ICEGatherer) collectStats(collector *statsReportCollector) {
+	agent := g.getAgent()
+	if agent == nil {
+		return
+	}
+
+	collector.Collecting()
+	go func(collector *statsReportCollector, agent *ice.Agent) {
+		for _, candidatePairStats := range agent.GetCandidatePairsStats() {
+			collector.Collecting()
+
+			state, err := toStatsICECandidatePairState(candidatePairStats.State)
+			if err != nil {
+				g.log.Error(err.Error())
+			}
+
+			pairID := newICECandidatePairStatsID(candidatePairStats.LocalCandidateID,
+				candidatePairStats.RemoteCandidateID)
+
+			stats := ICECandidatePairStats{
+				Timestamp: statsTimestampFrom(candidatePairStats.Timestamp),
+				Type:      StatsTypeCandidatePair,
+				ID:        pairID,
+				// TransportID:
+				LocalCandidateID:            candidatePairStats.LocalCandidateID,
+				RemoteCandidateID:           candidatePairStats.RemoteCandidateID,
+				State:                       state,
+				Nominated:                   candidatePairStats.Nominated,
+				PacketsSent:                 candidatePairStats.PacketsSent,
+				PacketsReceived:             candidatePairStats.PacketsReceived,
+				BytesSent:                   candidatePairStats.BytesSent,
+				BytesReceived:               candidatePairStats.BytesReceived,
+				LastPacketSentTimestamp:     statsTimestampFrom(candidatePairStats.LastPacketSentTimestamp),
+				LastPacketReceivedTimestamp: statsTimestampFrom(candidatePairStats.LastPacketReceivedTimestamp),
+				FirstRequestTimestamp:       statsTimestampFrom(candidatePairStats.FirstRequestTimestamp),
+				LastRequestTimestamp:        statsTimestampFrom(candidatePairStats.LastRequestTimestamp),
+				LastResponseTimestamp:       statsTimestampFrom(candidatePairStats.LastResponseTimestamp),
+				TotalRoundTripTime:          candidatePairStats.TotalRoundTripTime,
+				CurrentRoundTripTime:        candidatePairStats.CurrentRoundTripTime,
+				AvailableOutgoingBitrate:    candidatePairStats.AvailableOutgoingBitrate,
+				AvailableIncomingBitrate:    candidatePairStats.AvailableIncomingBitrate,
+				CircuitBreakerTriggerCount:  candidatePairStats.CircuitBreakerTriggerCount,
+				RequestsReceived:            candidatePairStats.RequestsReceived,
+				RequestsSent:                candidatePairStats.RequestsSent,
+				ResponsesReceived:           candidatePairStats.ResponsesReceived,
+				ResponsesSent:               candidatePairStats.ResponsesSent,
+				RetransmissionsReceived:     candidatePairStats.RetransmissionsReceived,
+				RetransmissionsSent:         candidatePairStats.RetransmissionsSent,
+				ConsentRequestsSent:         candidatePairStats.ConsentRequestsSent,
+				ConsentExpiredTimestamp:     statsTimestampFrom(candidatePairStats.ConsentExpiredTimestamp),
+			}
+			collector.Collect(stats.ID, stats)
+		}
+
+		for _, candidateStats := range agent.GetLocalCandidatesStats() {
+			collector.Collecting()
+
+			networkType, err := getNetworkType(candidateStats.NetworkType)
+			if err != nil {
+				g.log.Error(err.Error())
+			}
+
+			candidateType, err := getCandidateType(candidateStats.CandidateType)
+			if err != nil {
+				g.log.Error(err.Error())
+			}
+
+			stats := ICECandidateStats{
+				Timestamp:     statsTimestampFrom(candidateStats.Timestamp),
+				ID:            candidateStats.ID,
+				Type:          StatsTypeLocalCandidate,
+				NetworkType:   networkType,
+				IP:            candidateStats.IP,
+				Port:          int32(candidateStats.Port),
+				Protocol:      networkType.Protocol(),
+				CandidateType: candidateType,
+				Priority:      int32(candidateStats.Priority),
+				URL:           candidateStats.URL,
+				RelayProtocol: candidateStats.RelayProtocol,
+				Deleted:       candidateStats.Deleted,
+			}
+			collector.Collect(stats.ID, stats)
+		}
+
+		for _, candidateStats := range agent.GetRemoteCandidatesStats() {
+			collector.Collecting()
+			networkType, err := getNetworkType(candidateStats.NetworkType)
+			if err != nil {
+				g.log.Error(err.Error())
+			}
+
+			candidateType, err := getCandidateType(candidateStats.CandidateType)
+			if err != nil {
+				g.log.Error(err.Error())
+			}
+
+			stats := ICECandidateStats{
+				Timestamp:     statsTimestampFrom(candidateStats.Timestamp),
+				ID:            candidateStats.ID,
+				Type:          StatsTypeRemoteCandidate,
+				NetworkType:   networkType,
+				IP:            candidateStats.IP,
+				Port:          int32(candidateStats.Port),
+				Protocol:      networkType.Protocol(),
+				CandidateType: candidateType,
+				Priority:      int32(candidateStats.Priority),
+				URL:           candidateStats.URL,
+				RelayProtocol: candidateStats.RelayProtocol,
+			}
+			collector.Collect(stats.ID, stats)
+		}
+		collector.Done()
+	}(collector, agent)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/icegathererstate.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/icegathererstate.go
new file mode 100644
index 000000000..80dc77a2d
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/icegathererstate.go
@@ -0,0 +1,48 @@
+package webrtc
+
+import (
+	"sync/atomic"
+)
+
+// ICEGathererState represents the current state of the ICE gatherer.
+type ICEGathererState uint32
+
+const (
+	// ICEGathererStateNew indicates object has been created but
+	// gather() has not been called.
+	ICEGathererStateNew ICEGathererState = iota + 1
+
+	// ICEGathererStateGathering indicates gather() has been called,
+	// and the ICEGatherer is in the process of gathering candidates.
+	ICEGathererStateGathering
+
+	// ICEGathererStateComplete indicates the ICEGatherer has completed gathering.
+	ICEGathererStateComplete
+
+	// ICEGathererStateClosed indicates the closed state can only be entered
+	// when the ICEGatherer has been closed intentionally by calling close().
+	ICEGathererStateClosed
+)
+
+func (s ICEGathererState) String() string {
+	switch s {
+	case ICEGathererStateNew:
+		return "new"
+	case ICEGathererStateGathering:
+		return "gathering"
+	case ICEGathererStateComplete:
+		return "complete"
+	case ICEGathererStateClosed:
+		return "closed"
+	default:
+		return unknownStr
+	}
+}
+
+func atomicStoreICEGathererState(state *ICEGathererState, newState ICEGathererState) {
+	atomic.StoreUint32((*uint32)(state), uint32(newState))
+}
+
+func atomicLoadICEGathererState(state *ICEGathererState) ICEGathererState {
+	return ICEGathererState(atomic.LoadUint32((*uint32)(state)))
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/icegatheringstate.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/icegatheringstate.go
new file mode 100644
index 000000000..21361f912
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/icegatheringstate.go
@@ -0,0 +1,53 @@
+package webrtc
+
+// ICEGatheringState describes the state of the candidate gathering process.
+type ICEGatheringState int
+
+const (
+	// ICEGatheringStateNew indicates that any of the ICETransports are
+	// in the "new" gathering state and none of the transports are in the
+	// "gathering" state, or there are no transports.
+	ICEGatheringStateNew ICEGatheringState = iota + 1
+
+	// ICEGatheringStateGathering indicates that any of the ICETransports
+	// are in the "gathering" state.
+	ICEGatheringStateGathering
+
+	// ICEGatheringStateComplete indicates that at least one ICETransport
+	// exists, and all ICETransports are in the "completed" gathering state.
+	ICEGatheringStateComplete
+)
+
+// This is done this way because of a linter.
+const (
+	iceGatheringStateNewStr       = "new"
+	iceGatheringStateGatheringStr = "gathering"
+	iceGatheringStateCompleteStr  = "complete"
+)
+
+// NewICEGatheringState takes a string and converts it to ICEGatheringState
+func NewICEGatheringState(raw string) ICEGatheringState {
+	switch raw {
+	case iceGatheringStateNewStr:
+		return ICEGatheringStateNew
+	case iceGatheringStateGatheringStr:
+		return ICEGatheringStateGathering
+	case iceGatheringStateCompleteStr:
+		return ICEGatheringStateComplete
+	default:
+		return ICEGatheringState(Unknown)
+	}
+}
+
+func (t ICEGatheringState) String() string {
+	switch t {
+	case ICEGatheringStateNew:
+		return iceGatheringStateNewStr
+	case ICEGatheringStateGathering:
+		return iceGatheringStateGatheringStr
+	case ICEGatheringStateComplete:
+		return iceGatheringStateCompleteStr
+	default:
+		return ErrUnknownType.Error()
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/icegatheroptions.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/icegatheroptions.go
new file mode 100644
index 000000000..88421c74e
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/icegatheroptions.go
@@ -0,0 +1,7 @@
+package webrtc
+
+// ICEGatherOptions provides options relating to the gathering of ICE candidates.
+type ICEGatherOptions struct {
+	ICEServers      []ICEServer
+	ICEGatherPolicy ICETransportPolicy
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/iceparameters.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/iceparameters.go
new file mode 100644
index 000000000..0c03a88bf
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/iceparameters.go
@@ -0,0 +1,9 @@
+package webrtc
+
+// ICEParameters includes the ICE username fragment
+// and password and other ICE-related parameters.
+type ICEParameters struct {
+	UsernameFragment string `json:"usernameFragment"`
+	Password         string `json:"password"`
+	ICELite          bool   `json:"iceLite"`
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/iceprotocol.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/iceprotocol.go
new file mode 100644
index 000000000..f9eb0cfab
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/iceprotocol.go
@@ -0,0 +1,47 @@
+package webrtc
+
+import (
+	"fmt"
+	"strings"
+)
+
+// ICEProtocol indicates the transport protocol type that is used in the
+// ice.URL structure.
+type ICEProtocol int
+
+const (
+	// ICEProtocolUDP indicates the URL uses a UDP transport.
+	ICEProtocolUDP ICEProtocol = iota + 1
+
+	// ICEProtocolTCP indicates the URL uses a TCP transport.
+	ICEProtocolTCP
+)
+
+// This is done this way because of a linter.
+const (
+	iceProtocolUDPStr = "udp"
+	iceProtocolTCPStr = "tcp"
+)
+
+// NewICEProtocol takes a string and converts it to ICEProtocol
+func NewICEProtocol(raw string) (ICEProtocol, error) {
+	switch {
+	case strings.EqualFold(iceProtocolUDPStr, raw):
+		return ICEProtocolUDP, nil
+	case strings.EqualFold(iceProtocolTCPStr, raw):
+		return ICEProtocolTCP, nil
+	default:
+		return ICEProtocol(Unknown), fmt.Errorf("%w: %s", errICEProtocolUnknown, raw)
+	}
+}
+
+func (t ICEProtocol) String() string {
+	switch t {
+	case ICEProtocolUDP:
+		return iceProtocolUDPStr
+	case ICEProtocolTCP:
+		return iceProtocolTCPStr
+	default:
+		return ErrUnknownType.Error()
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/icerole.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/icerole.go
new file mode 100644
index 000000000..11187863b
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/icerole.go
@@ -0,0 +1,45 @@
+package webrtc
+
+// ICERole describes the role ice.Agent is playing in selecting the
+// preferred the candidate pair.
+type ICERole int
+
+const (
+	// ICERoleControlling indicates that the ICE agent that is responsible
+	// for selecting the final choice of candidate pairs and signaling them
+	// through STUN and an updated offer, if needed. In any session, one agent
+	// is always controlling. The other is the controlled agent.
+	ICERoleControlling ICERole = iota + 1
+
+	// ICERoleControlled indicates that an ICE agent that waits for the
+	// controlling agent to select the final choice of candidate pairs.
+	ICERoleControlled
+)
+
+// This is done this way because of a linter.
+const (
+	iceRoleControllingStr = "controlling"
+	iceRoleControlledStr  = "controlled"
+)
+
+func newICERole(raw string) ICERole {
+	switch raw {
+	case iceRoleControllingStr:
+		return ICERoleControlling
+	case iceRoleControlledStr:
+		return ICERoleControlled
+	default:
+		return ICERole(Unknown)
+	}
+}
+
+func (t ICERole) String() string {
+	switch t {
+	case ICERoleControlling:
+		return iceRoleControllingStr
+	case ICERoleControlled:
+		return iceRoleControlledStr
+	default:
+		return ErrUnknownType.Error()
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/iceserver.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/iceserver.go
new file mode 100644
index 000000000..76146ece2
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/iceserver.go
@@ -0,0 +1,68 @@
+// +build !js
+
+package webrtc
+
+import (
+	"github.com/pion/ice/v2"
+	"github.com/pion/webrtc/v3/pkg/rtcerr"
+)
+
+// ICEServer describes a single STUN and TURN server that can be used by
+// the ICEAgent to establish a connection with a peer.
+type ICEServer struct {
+	URLs           []string          `json:"urls"`
+	Username       string            `json:"username,omitempty"`
+	Credential     interface{}       `json:"credential,omitempty"`
+	CredentialType ICECredentialType `json:"credentialType,omitempty"`
+}
+
+func (s ICEServer) parseURL(i int) (*ice.URL, error) {
+	return ice.ParseURL(s.URLs[i])
+}
+
+func (s ICEServer) validate() error {
+	_, err := s.urls()
+	return err
+}
+
+func (s ICEServer) urls() ([]*ice.URL, error) {
+	urls := []*ice.URL{}
+
+	for i := range s.URLs {
+		url, err := s.parseURL(i)
+		if err != nil {
+			return nil, &rtcerr.InvalidAccessError{Err: err}
+		}
+
+		if url.Scheme == ice.SchemeTypeTURN || url.Scheme == ice.SchemeTypeTURNS {
+			// https://www.w3.org/TR/webrtc/#set-the-configuration (step #11.3.2)
+			if s.Username == "" || s.Credential == nil {
+				return nil, &rtcerr.InvalidAccessError{Err: ErrNoTurnCredentials}
+			}
+			url.Username = s.Username
+
+			switch s.CredentialType {
+			case ICECredentialTypePassword:
+				// https://www.w3.org/TR/webrtc/#set-the-configuration (step #11.3.3)
+				password, ok := s.Credential.(string)
+				if !ok {
+					return nil, &rtcerr.InvalidAccessError{Err: ErrTurnCredentials}
+				}
+				url.Password = password
+
+			case ICECredentialTypeOauth:
+				// https://www.w3.org/TR/webrtc/#set-the-configuration (step #11.3.4)
+				if _, ok := s.Credential.(OAuthCredential); !ok {
+					return nil, &rtcerr.InvalidAccessError{Err: ErrTurnCredentials}
+				}
+
+			default:
+				return nil, &rtcerr.InvalidAccessError{Err: ErrTurnCredentials}
+			}
+		}
+
+		urls = append(urls, url)
+	}
+
+	return urls, nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/iceserver_js.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/iceserver_js.go
new file mode 100644
index 000000000..07b2dcba6
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/iceserver_js.go
@@ -0,0 +1,42 @@
+// +build js,wasm
+
+package webrtc
+
+import (
+	"errors"
+
+	"github.com/pion/ice/v2"
+)
+
+// ICEServer describes a single STUN and TURN server that can be used by
+// the ICEAgent to establish a connection with a peer.
+type ICEServer struct {
+	URLs     []string
+	Username string
+	// Note: TURN is not supported in the WASM bindings yet
+	Credential     interface{}
+	CredentialType ICECredentialType
+}
+
+func (s ICEServer) parseURL(i int) (*ice.URL, error) {
+	return ice.ParseURL(s.URLs[i])
+}
+
+func (s ICEServer) validate() ([]*ice.URL, error) {
+	urls := []*ice.URL{}
+
+	for i := range s.URLs {
+		url, err := s.parseURL(i)
+		if err != nil {
+			return nil, err
+		}
+
+		if url.Scheme == ice.SchemeTypeTURN || url.Scheme == ice.SchemeTypeTURNS {
+			return nil, errors.New("TURN is not currently supported in the JavaScript/Wasm bindings")
+		}
+
+		urls = append(urls, url)
+	}
+
+	return urls, nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/icetcp.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/icetcp.go
new file mode 100644
index 000000000..a5f1d0942
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/icetcp.go
@@ -0,0 +1,18 @@
+package webrtc
+
+import (
+	"net"
+
+	"github.com/pion/ice/v2"
+	"github.com/pion/logging"
+)
+
+// NewICETCPMux creates a new instance of ice.TCPMuxDefault. It enables use of
+// passive ICE TCP candidates.
+func NewICETCPMux(logger logging.LeveledLogger, listener net.Listener, readBufferSize int) ice.TCPMux {
+	return ice.NewTCPMuxDefault(ice.TCPMuxParams{
+		Listener:       listener,
+		Logger:         logger,
+		ReadBufferSize: readBufferSize,
+	})
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/icetransport.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/icetransport.go
new file mode 100644
index 000000000..ba20ec156
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/icetransport.go
@@ -0,0 +1,368 @@
+// +build !js
+
+package webrtc
+
+import (
+	"context"
+	"fmt"
+	"sync"
+	"sync/atomic"
+	"time"
+
+	"github.com/pion/ice/v2"
+	"github.com/pion/logging"
+	"github.com/pion/webrtc/v3/internal/mux"
+)
+
+// ICETransport allows an application access to information about the ICE
+// transport over which packets are sent and received.
+type ICETransport struct {
+	lock sync.RWMutex
+
+	role ICERole
+	// Component ICEComponent
+	// State ICETransportState
+	// gatheringState ICEGathererState
+
+	onConnectionStateChangeHandler       atomic.Value // func(ICETransportState)
+	onSelectedCandidatePairChangeHandler atomic.Value // func(*ICECandidatePair)
+
+	state atomic.Value // ICETransportState
+
+	gatherer *ICEGatherer
+	conn     *ice.Conn
+	mux      *mux.Mux
+
+	ctx       context.Context
+	ctxCancel func()
+
+	loggerFactory logging.LoggerFactory
+
+	log logging.LeveledLogger
+}
+
+// func (t *ICETransport) GetLocalCandidates() []ICECandidate {
+//
+// }
+//
+// func (t *ICETransport) GetRemoteCandidates() []ICECandidate {
+//
+// }
+//
+// func (t *ICETransport) GetSelectedCandidatePair() ICECandidatePair {
+//
+// }
+//
+// func (t *ICETransport) GetLocalParameters() ICEParameters {
+//
+// }
+//
+// func (t *ICETransport) GetRemoteParameters() ICEParameters {
+//
+// }
+
+// NewICETransport creates a new NewICETransport.
+func NewICETransport(gatherer *ICEGatherer, loggerFactory logging.LoggerFactory) *ICETransport {
+	iceTransport := &ICETransport{
+		gatherer:      gatherer,
+		loggerFactory: loggerFactory,
+		log:           loggerFactory.NewLogger("ortc"),
+	}
+	iceTransport.setState(ICETransportStateNew)
+	return iceTransport
+}
+
+// Start incoming connectivity checks based on its configured role.
+func (t *ICETransport) Start(gatherer *ICEGatherer, params ICEParameters, role *ICERole) error {
+	t.lock.Lock()
+	defer t.lock.Unlock()
+
+	if t.State() != ICETransportStateNew {
+		return errICETransportNotInNew
+	}
+
+	if gatherer != nil {
+		t.gatherer = gatherer
+	}
+
+	if err := t.ensureGatherer(); err != nil {
+		return err
+	}
+
+	agent := t.gatherer.getAgent()
+	if agent == nil {
+		return fmt.Errorf("%w: unable to start ICETransport", errICEAgentNotExist)
+	}
+
+	if err := agent.OnConnectionStateChange(func(iceState ice.ConnectionState) {
+		state := newICETransportStateFromICE(iceState)
+
+		t.setState(state)
+		t.onConnectionStateChange(state)
+	}); err != nil {
+		return err
+	}
+	if err := agent.OnSelectedCandidatePairChange(func(local, remote ice.Candidate) {
+		candidates, err := newICECandidatesFromICE([]ice.Candidate{local, remote})
+		if err != nil {
+			t.log.Warnf("%w: %s", errICECandiatesCoversionFailed, err)
+			return
+		}
+		t.onSelectedCandidatePairChange(NewICECandidatePair(&candidates[0], &candidates[1]))
+	}); err != nil {
+		return err
+	}
+
+	if role == nil {
+		controlled := ICERoleControlled
+		role = &controlled
+	}
+	t.role = *role
+
+	t.ctx, t.ctxCancel = context.WithCancel(context.Background())
+
+	// Drop the lock here to allow ICE candidates to be
+	// added so that the agent can complete a connection
+	t.lock.Unlock()
+
+	var iceConn *ice.Conn
+	var err error
+	switch *role {
+	case ICERoleControlling:
+		iceConn, err = agent.Dial(t.ctx,
+			params.UsernameFragment,
+			params.Password)
+
+	case ICERoleControlled:
+		iceConn, err = agent.Accept(t.ctx,
+			params.UsernameFragment,
+			params.Password)
+
+	default:
+		err = errICERoleUnknown
+	}
+
+	// Reacquire the lock to set the connection/mux
+	t.lock.Lock()
+	if err != nil {
+		return err
+	}
+
+	t.conn = iceConn
+
+	config := mux.Config{
+		Conn:          t.conn,
+		BufferSize:    receiveMTU,
+		LoggerFactory: t.loggerFactory,
+	}
+	t.mux = mux.NewMux(config)
+
+	return nil
+}
+
+// restart is not exposed currently because ORTC has users create a whole new ICETransport
+// so for now lets keep it private so we don't cause ORTC users to depend on non-standard APIs
+func (t *ICETransport) restart() error {
+	t.lock.Lock()
+	defer t.lock.Unlock()
+
+	agent := t.gatherer.getAgent()
+	if agent == nil {
+		return fmt.Errorf("%w: unable to restart ICETransport", errICEAgentNotExist)
+	}
+
+	if err := agent.Restart(t.gatherer.api.settingEngine.candidates.UsernameFragment, t.gatherer.api.settingEngine.candidates.Password); err != nil {
+		return err
+	}
+	return t.gatherer.Gather()
+}
+
+// Stop irreversibly stops the ICETransport.
+func (t *ICETransport) Stop() error {
+	t.lock.Lock()
+	defer t.lock.Unlock()
+
+	t.setState(ICETransportStateClosed)
+
+	if t.ctxCancel != nil {
+		t.ctxCancel()
+	}
+
+	if t.mux != nil {
+		return t.mux.Close()
+	} else if t.gatherer != nil {
+		return t.gatherer.Close()
+	}
+	return nil
+}
+
+// OnSelectedCandidatePairChange sets a handler that is invoked when a new
+// ICE candidate pair is selected
+func (t *ICETransport) OnSelectedCandidatePairChange(f func(*ICECandidatePair)) {
+	t.onSelectedCandidatePairChangeHandler.Store(f)
+}
+
+func (t *ICETransport) onSelectedCandidatePairChange(pair *ICECandidatePair) {
+	handler := t.onSelectedCandidatePairChangeHandler.Load()
+	if handler != nil {
+		handler.(func(*ICECandidatePair))(pair)
+	}
+}
+
+// OnConnectionStateChange sets a handler that is fired when the ICE
+// connection state changes.
+func (t *ICETransport) OnConnectionStateChange(f func(ICETransportState)) {
+	t.onConnectionStateChangeHandler.Store(f)
+}
+
+func (t *ICETransport) onConnectionStateChange(state ICETransportState) {
+	handler := t.onConnectionStateChangeHandler.Load()
+	if handler != nil {
+		handler.(func(ICETransportState))(state)
+	}
+}
+
+// Role indicates the current role of the ICE transport.
+func (t *ICETransport) Role() ICERole {
+	t.lock.RLock()
+	defer t.lock.RUnlock()
+
+	return t.role
+}
+
+// SetRemoteCandidates sets the sequence of candidates associated with the remote ICETransport.
+func (t *ICETransport) SetRemoteCandidates(remoteCandidates []ICECandidate) error {
+	t.lock.RLock()
+	defer t.lock.RUnlock()
+
+	if err := t.ensureGatherer(); err != nil {
+		return err
+	}
+
+	agent := t.gatherer.getAgent()
+	if agent == nil {
+		return fmt.Errorf("%w: unable to set remote candidates", errICEAgentNotExist)
+	}
+
+	for _, c := range remoteCandidates {
+		i, err := c.toICE()
+		if err != nil {
+			return err
+		}
+
+		if err = agent.AddRemoteCandidate(i); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+// AddRemoteCandidate adds a candidate associated with the remote ICETransport.
+func (t *ICETransport) AddRemoteCandidate(remoteCandidate *ICECandidate) error {
+	t.lock.RLock()
+	defer t.lock.RUnlock()
+
+	var (
+		c   ice.Candidate
+		err error
+	)
+
+	if err = t.ensureGatherer(); err != nil {
+		return err
+	}
+
+	if remoteCandidate != nil {
+		if c, err = remoteCandidate.toICE(); err != nil {
+			return err
+		}
+	}
+
+	agent := t.gatherer.getAgent()
+	if agent == nil {
+		return fmt.Errorf("%w: unable to add remote candidates", errICEAgentNotExist)
+	}
+
+	return agent.AddRemoteCandidate(c)
+}
+
+// State returns the current ice transport state.
+func (t *ICETransport) State() ICETransportState {
+	if v := t.state.Load(); v != nil {
+		return v.(ICETransportState)
+	}
+	return ICETransportState(0)
+}
+
+func (t *ICETransport) setState(i ICETransportState) {
+	t.state.Store(i)
+}
+
+// NewEndpoint registers a new endpoint on the underlying mux.
+func (t *ICETransport) NewEndpoint(f mux.MatchFunc) *mux.Endpoint {
+	t.lock.Lock()
+	defer t.lock.Unlock()
+	return t.mux.NewEndpoint(f)
+}
+
+func (t *ICETransport) ensureGatherer() error {
+	if t.gatherer == nil {
+		return errICEGathererNotStarted
+	} else if t.gatherer.getAgent() == nil {
+		if err := t.gatherer.createAgent(); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (t *ICETransport) collectStats(collector *statsReportCollector) {
+	t.lock.Lock()
+	conn := t.conn
+	t.lock.Unlock()
+
+	collector.Collecting()
+
+	stats := TransportStats{
+		Timestamp: statsTimestampFrom(time.Now()),
+		Type:      StatsTypeTransport,
+		ID:        "iceTransport",
+	}
+
+	if conn != nil {
+		stats.BytesSent = conn.BytesSent()
+		stats.BytesReceived = conn.BytesReceived()
+	}
+
+	collector.Collect(stats.ID, stats)
+}
+
+func (t *ICETransport) haveRemoteCredentialsChange(newUfrag, newPwd string) bool {
+	t.lock.Lock()
+	defer t.lock.Unlock()
+
+	agent := t.gatherer.getAgent()
+	if agent == nil {
+		return false
+	}
+
+	uFrag, uPwd, err := agent.GetRemoteUserCredentials()
+	if err != nil {
+		return false
+	}
+
+	return uFrag != newUfrag || uPwd != newPwd
+}
+
+func (t *ICETransport) setRemoteCredentials(newUfrag, newPwd string) error {
+	t.lock.Lock()
+	defer t.lock.Unlock()
+
+	agent := t.gatherer.getAgent()
+	if agent == nil {
+		return fmt.Errorf("%w: unable to SetRemoteCredentials", errICEAgentNotExist)
+	}
+
+	return agent.SetRemoteCredentials(newUfrag, newPwd)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/icetransportpolicy.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/icetransportpolicy.go
new file mode 100644
index 000000000..16273f569
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/icetransportpolicy.go
@@ -0,0 +1,65 @@
+package webrtc
+
+import (
+	"encoding/json"
+)
+
+// ICETransportPolicy defines the ICE candidate policy surface the
+// permitted candidates. Only these candidates are used for connectivity checks.
+type ICETransportPolicy int
+
+// ICEGatherPolicy is the ORTC equivalent of ICETransportPolicy
+type ICEGatherPolicy = ICETransportPolicy
+
+const (
+	// ICETransportPolicyAll indicates any type of candidate is used.
+	ICETransportPolicyAll ICETransportPolicy = iota
+
+	// ICETransportPolicyRelay indicates only media relay candidates such
+	// as candidates passing through a TURN server are used.
+	ICETransportPolicyRelay
+)
+
+// This is done this way because of a linter.
+const (
+	iceTransportPolicyRelayStr = "relay"
+	iceTransportPolicyAllStr   = "all"
+)
+
+// NewICETransportPolicy takes a string and converts it to ICETransportPolicy
+func NewICETransportPolicy(raw string) ICETransportPolicy {
+	switch raw {
+	case iceTransportPolicyRelayStr:
+		return ICETransportPolicyRelay
+	case iceTransportPolicyAllStr:
+		return ICETransportPolicyAll
+	default:
+		return ICETransportPolicy(Unknown)
+	}
+}
+
+func (t ICETransportPolicy) String() string {
+	switch t {
+	case ICETransportPolicyRelay:
+		return iceTransportPolicyRelayStr
+	case ICETransportPolicyAll:
+		return iceTransportPolicyAllStr
+	default:
+		return ErrUnknownType.Error()
+	}
+}
+
+// UnmarshalJSON parses the JSON-encoded data and stores the result
+func (t *ICETransportPolicy) UnmarshalJSON(b []byte) error {
+	var val string
+	if err := json.Unmarshal(b, &val); err != nil {
+		return err
+	}
+	*t = NewICETransportPolicy(val)
+	return nil
+}
+
+// MarshalJSON returns the JSON encoding
+func (t ICETransportPolicy) MarshalJSON() ([]byte, error) {
+	return json.Marshal(t.String())
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/icetransportstate.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/icetransportstate.go
new file mode 100644
index 000000000..da93e44d4
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/icetransportstate.go
@@ -0,0 +1,107 @@
+package webrtc
+
+import "github.com/pion/ice/v2"
+
+// ICETransportState represents the current state of the ICE transport.
+type ICETransportState int
+
+const (
+	// ICETransportStateNew indicates the ICETransport is waiting
+	// for remote candidates to be supplied.
+	ICETransportStateNew = iota + 1
+
+	// ICETransportStateChecking indicates the ICETransport has
+	// received at least one remote candidate, and a local and remote
+	// ICECandidateComplete dictionary was not added as the last candidate.
+	ICETransportStateChecking
+
+	// ICETransportStateConnected indicates the ICETransport has
+	// received a response to an outgoing connectivity check, or has
+	// received incoming DTLS/media after a successful response to an
+	// incoming connectivity check, but is still checking other candidate
+	// pairs to see if there is a better connection.
+	ICETransportStateConnected
+
+	// ICETransportStateCompleted indicates the ICETransport tested
+	// all appropriate candidate pairs and at least one functioning
+	// candidate pair has been found.
+	ICETransportStateCompleted
+
+	// ICETransportStateFailed indicates the ICETransport the last
+	// candidate was added and all appropriate candidate pairs have either
+	// failed connectivity checks or have lost consent.
+	ICETransportStateFailed
+
+	// ICETransportStateDisconnected indicates the ICETransport has received
+	// at least one local and remote candidate, but the final candidate was
+	// received yet and all appropriate candidate pairs thus far have been
+	// tested and failed.
+	ICETransportStateDisconnected
+
+	// ICETransportStateClosed indicates the ICETransport has shut down
+	// and is no longer responding to STUN requests.
+	ICETransportStateClosed
+)
+
+func (c ICETransportState) String() string {
+	switch c {
+	case ICETransportStateNew:
+		return "new"
+	case ICETransportStateChecking:
+		return "checking"
+	case ICETransportStateConnected:
+		return "connected"
+	case ICETransportStateCompleted:
+		return "completed"
+	case ICETransportStateFailed:
+		return "failed"
+	case ICETransportStateDisconnected:
+		return "disconnected"
+	case ICETransportStateClosed:
+		return "closed"
+	default:
+		return unknownStr
+	}
+}
+
+func newICETransportStateFromICE(i ice.ConnectionState) ICETransportState {
+	switch i {
+	case ice.ConnectionStateNew:
+		return ICETransportStateNew
+	case ice.ConnectionStateChecking:
+		return ICETransportStateChecking
+	case ice.ConnectionStateConnected:
+		return ICETransportStateConnected
+	case ice.ConnectionStateCompleted:
+		return ICETransportStateCompleted
+	case ice.ConnectionStateFailed:
+		return ICETransportStateFailed
+	case ice.ConnectionStateDisconnected:
+		return ICETransportStateDisconnected
+	case ice.ConnectionStateClosed:
+		return ICETransportStateClosed
+	default:
+		return ICETransportState(Unknown)
+	}
+}
+
+func (c ICETransportState) toICE() ice.ConnectionState {
+	switch c {
+	case ICETransportStateNew:
+		return ice.ConnectionStateNew
+	case ICETransportStateChecking:
+		return ice.ConnectionStateChecking
+	case ICETransportStateConnected:
+		return ice.ConnectionStateConnected
+	case ICETransportStateCompleted:
+		return ice.ConnectionStateCompleted
+	case ICETransportStateFailed:
+		return ice.ConnectionStateFailed
+	case ICETransportStateDisconnected:
+		return ice.ConnectionStateDisconnected
+	case ICETransportStateClosed:
+		return ice.ConnectionStateClosed
+	default:
+		return ice.ConnectionState(Unknown)
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/interceptor.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/interceptor.go
new file mode 100644
index 000000000..d76793b99
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/interceptor.go
@@ -0,0 +1,85 @@
+// +build !js
+
+package webrtc
+
+import (
+	"sync/atomic"
+
+	"github.com/pion/interceptor"
+	"github.com/pion/interceptor/pkg/nack"
+	"github.com/pion/rtp"
+)
+
+// RegisterDefaultInterceptors will register some useful interceptors.
+// If you want to customize which interceptors are loaded, you should copy the
+// code from this method and remove unwanted interceptors.
+func RegisterDefaultInterceptors(mediaEngine *MediaEngine, interceptorRegistry *interceptor.Registry) error {
+	if err := ConfigureNack(mediaEngine, interceptorRegistry); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// ConfigureNack will setup everything necessary for handling generating/responding to nack messages.
+func ConfigureNack(mediaEngine *MediaEngine, interceptorRegistry *interceptor.Registry) error {
+	generator, err := nack.NewGeneratorInterceptor()
+	if err != nil {
+		return err
+	}
+
+	responder, err := nack.NewResponderInterceptor()
+	if err != nil {
+		return err
+	}
+
+	mediaEngine.RegisterFeedback(RTCPFeedback{Type: "nack"}, RTPCodecTypeVideo)
+	mediaEngine.RegisterFeedback(RTCPFeedback{Type: "nack", Parameter: "pli"}, RTPCodecTypeVideo)
+	interceptorRegistry.Add(responder)
+	interceptorRegistry.Add(generator)
+	return nil
+}
+
+type interceptorToTrackLocalWriter struct{ interceptor atomic.Value } // interceptor.RTPWriter }
+
+func (i *interceptorToTrackLocalWriter) WriteRTP(header *rtp.Header, payload []byte) (int, error) {
+	if writer, ok := i.interceptor.Load().(interceptor.RTPWriter); ok && writer != nil {
+		return writer.Write(header, payload, interceptor.Attributes{})
+	}
+
+	return 0, nil
+}
+
+func (i *interceptorToTrackLocalWriter) Write(b []byte) (int, error) {
+	packet := &rtp.Packet{}
+	if err := packet.Unmarshal(b); err != nil {
+		return 0, err
+	}
+
+	return i.WriteRTP(&packet.Header, packet.Payload)
+}
+
+func createStreamInfo(id string, ssrc SSRC, payloadType PayloadType, codec RTPCodecCapability, webrtcHeaderExtensions []RTPHeaderExtensionParameter) interceptor.StreamInfo {
+	headerExtensions := make([]interceptor.RTPHeaderExtension, 0, len(webrtcHeaderExtensions))
+	for _, h := range webrtcHeaderExtensions {
+		headerExtensions = append(headerExtensions, interceptor.RTPHeaderExtension{ID: h.ID, URI: h.URI})
+	}
+
+	feedbacks := make([]interceptor.RTCPFeedback, 0, len(codec.RTCPFeedback))
+	for _, f := range codec.RTCPFeedback {
+		feedbacks = append(feedbacks, interceptor.RTCPFeedback{Type: f.Type, Parameter: f.Parameter})
+	}
+
+	return interceptor.StreamInfo{
+		ID:                  id,
+		Attributes:          interceptor.Attributes{},
+		SSRC:                uint32(ssrc),
+		PayloadType:         uint8(payloadType),
+		RTPHeaderExtensions: headerExtensions,
+		MimeType:            codec.MimeType,
+		ClockRate:           codec.ClockRate,
+		Channels:            codec.Channels,
+		SDPFmtpLine:         codec.SDPFmtpLine,
+		RTCPFeedback:        feedbacks,
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/internal/mux/endpoint.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/internal/mux/endpoint.go
new file mode 100644
index 000000000..afccc0778
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/internal/mux/endpoint.go
@@ -0,0 +1,75 @@
+package mux
+
+import (
+	"errors"
+	"io"
+	"net"
+	"time"
+
+	"github.com/pion/ice/v2"
+	"github.com/pion/transport/packetio"
+)
+
+// Endpoint implements net.Conn. It is used to read muxed packets.
+type Endpoint struct {
+	mux    *Mux
+	buffer *packetio.Buffer
+}
+
+// Close unregisters the endpoint from the Mux
+func (e *Endpoint) Close() (err error) {
+	err = e.close()
+	if err != nil {
+		return err
+	}
+
+	e.mux.RemoveEndpoint(e)
+	return nil
+}
+
+func (e *Endpoint) close() error {
+	return e.buffer.Close()
+}
+
+// Read reads a packet of len(p) bytes from the underlying conn
+// that are matched by the associated MuxFunc
+func (e *Endpoint) Read(p []byte) (int, error) {
+	return e.buffer.Read(p)
+}
+
+// Write writes len(p) bytes to the underlying conn
+func (e *Endpoint) Write(p []byte) (int, error) {
+	n, err := e.mux.nextConn.Write(p)
+	if errors.Is(err, ice.ErrNoCandidatePairs) {
+		return 0, nil
+	} else if errors.Is(err, ice.ErrClosed) {
+		return 0, io.ErrClosedPipe
+	}
+
+	return n, err
+}
+
+// LocalAddr is a stub
+func (e *Endpoint) LocalAddr() net.Addr {
+	return e.mux.nextConn.LocalAddr()
+}
+
+// RemoteAddr is a stub
+func (e *Endpoint) RemoteAddr() net.Addr {
+	return e.mux.nextConn.RemoteAddr()
+}
+
+// SetDeadline is a stub
+func (e *Endpoint) SetDeadline(t time.Time) error {
+	return nil
+}
+
+// SetReadDeadline is a stub
+func (e *Endpoint) SetReadDeadline(t time.Time) error {
+	return nil
+}
+
+// SetWriteDeadline is a stub
+func (e *Endpoint) SetWriteDeadline(t time.Time) error {
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/internal/mux/mux.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/internal/mux/mux.go
new file mode 100644
index 000000000..83aaa26bc
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/internal/mux/mux.go
@@ -0,0 +1,145 @@
+// Package mux multiplexes packets on a single socket (RFC7983)
+package mux
+
+import (
+	"net"
+	"sync"
+
+	"github.com/pion/logging"
+	"github.com/pion/transport/packetio"
+)
+
+// The maximum amount of data that can be buffered before returning errors.
+const maxBufferSize = 1000 * 1000 // 1MB
+
+// Config collects the arguments to mux.Mux construction into
+// a single structure
+type Config struct {
+	Conn          net.Conn
+	BufferSize    int
+	LoggerFactory logging.LoggerFactory
+}
+
+// Mux allows multiplexing
+type Mux struct {
+	lock       sync.RWMutex
+	nextConn   net.Conn
+	endpoints  map[*Endpoint]MatchFunc
+	bufferSize int
+	closedCh   chan struct{}
+
+	log logging.LeveledLogger
+}
+
+// NewMux creates a new Mux
+func NewMux(config Config) *Mux {
+	m := &Mux{
+		nextConn:   config.Conn,
+		endpoints:  make(map[*Endpoint]MatchFunc),
+		bufferSize: config.BufferSize,
+		closedCh:   make(chan struct{}),
+		log:        config.LoggerFactory.NewLogger("mux"),
+	}
+
+	go m.readLoop()
+
+	return m
+}
+
+// NewEndpoint creates a new Endpoint
+func (m *Mux) NewEndpoint(f MatchFunc) *Endpoint {
+	e := &Endpoint{
+		mux:    m,
+		buffer: packetio.NewBuffer(),
+	}
+
+	// Set a maximum size of the buffer in bytes.
+	// NOTE: We actually won't get anywhere close to this limit.
+	// SRTP will constantly read from the endpoint and drop packets if it's full.
+	e.buffer.SetLimitSize(maxBufferSize)
+
+	m.lock.Lock()
+	m.endpoints[e] = f
+	m.lock.Unlock()
+
+	return e
+}
+
+// RemoveEndpoint removes an endpoint from the Mux
+func (m *Mux) RemoveEndpoint(e *Endpoint) {
+	m.lock.Lock()
+	defer m.lock.Unlock()
+	delete(m.endpoints, e)
+}
+
+// Close closes the Mux and all associated Endpoints.
+func (m *Mux) Close() error {
+	m.lock.Lock()
+	for e := range m.endpoints {
+		err := e.close()
+		if err != nil {
+			return err
+		}
+
+		delete(m.endpoints, e)
+	}
+	m.lock.Unlock()
+
+	err := m.nextConn.Close()
+	if err != nil {
+		return err
+	}
+
+	// Wait for readLoop to end
+	<-m.closedCh
+
+	return nil
+}
+
+func (m *Mux) readLoop() {
+	defer func() {
+		close(m.closedCh)
+	}()
+
+	buf := make([]byte, m.bufferSize)
+	for {
+		n, err := m.nextConn.Read(buf)
+		if err != nil {
+			return
+		}
+
+		err = m.dispatch(buf[:n])
+		if err != nil {
+			return
+		}
+	}
+}
+
+func (m *Mux) dispatch(buf []byte) error {
+	var endpoint *Endpoint
+
+	m.lock.Lock()
+	for e, f := range m.endpoints {
+		if f(buf) {
+			endpoint = e
+			break
+		}
+	}
+	m.lock.Unlock()
+
+	if endpoint == nil {
+		if len(buf) > 0 {
+			m.log.Warnf("Warning: mux: no endpoint for packet starting with %d\n", buf[0])
+		} else {
+			m.log.Warnf("Warning: mux: no endpoint for zero length packet")
+		}
+		return nil
+	}
+
+	_, err := endpoint.buffer.Write(buf)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/internal/mux/muxfunc.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/internal/mux/muxfunc.go
new file mode 100644
index 000000000..2ab585bf9
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/internal/mux/muxfunc.go
@@ -0,0 +1,101 @@
+package mux
+
+import (
+	"bytes"
+	"encoding/binary"
+)
+
+// MatchFunc allows custom logic for mapping packets to an Endpoint
+type MatchFunc func([]byte) bool
+
+// MatchAll always returns true
+func MatchAll(b []byte) bool {
+	return true
+}
+
+// MatchNone always returns false
+func MatchNone(b []byte) bool {
+	return false
+}
+
+// MatchRange is a MatchFunc that accepts packets with the first byte in [lower..upper]
+func MatchRange(lower, upper byte) MatchFunc {
+	return func(buf []byte) bool {
+		if len(buf) < 1 {
+			return false
+		}
+		b := buf[0]
+		return b >= lower && b <= upper
+	}
+}
+
+// MatchFuncs as described in RFC7983
+// https://tools.ietf.org/html/rfc7983
+//              +----------------+
+//              |        [0..3] -+--> forward to STUN
+//              |                |
+//              |      [16..19] -+--> forward to ZRTP
+//              |                |
+//  packet -->  |      [20..63] -+--> forward to DTLS
+//              |                |
+//              |      [64..79] -+--> forward to TURN Channel
+//              |                |
+//              |    [128..191] -+--> forward to RTP/RTCP
+//              +----------------+
+
+// MatchSTUN is a MatchFunc that accepts packets with the first byte in [0..3]
+// as defied in RFC7983
+func MatchSTUN(b []byte) bool {
+	return MatchRange(0, 3)(b)
+}
+
+// MatchZRTP is a MatchFunc that accepts packets with the first byte in [16..19]
+// as defied in RFC7983
+func MatchZRTP(b []byte) bool {
+	return MatchRange(16, 19)(b)
+}
+
+// MatchDTLS is a MatchFunc that accepts packets with the first byte in [20..63]
+// as defied in RFC7983
+func MatchDTLS(b []byte) bool {
+	return MatchRange(20, 63)(b)
+}
+
+// MatchTURN is a MatchFunc that accepts packets with the first byte in [64..79]
+// as defied in RFC7983
+func MatchTURN(b []byte) bool {
+	return MatchRange(64, 79)(b)
+}
+
+// MatchSRTPOrSRTCP is a MatchFunc that accepts packets with the first byte in [128..191]
+// as defied in RFC7983
+func MatchSRTPOrSRTCP(b []byte) bool {
+	return MatchRange(128, 191)(b)
+}
+
+func isRTCP(buf []byte) bool {
+	// Not long enough to determine RTP/RTCP
+	if len(buf) < 4 {
+		return false
+	}
+
+	var rtcpPacketType uint8
+	r := bytes.NewReader([]byte{buf[1]})
+	if err := binary.Read(r, binary.BigEndian, &rtcpPacketType); err != nil {
+		return false
+	} else if rtcpPacketType >= 192 && rtcpPacketType <= 223 {
+		return true
+	}
+
+	return false
+}
+
+// MatchSRTP is a MatchFunc that only matches SRTP and not SRTCP
+func MatchSRTP(buf []byte) bool {
+	return MatchSRTPOrSRTCP(buf) && !isRTCP(buf)
+}
+
+// MatchSRTCP is a MatchFunc that only matches SRTCP and not SRTP
+func MatchSRTCP(buf []byte) bool {
+	return MatchSRTPOrSRTCP(buf) && isRTCP(buf)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/internal/util/util.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/internal/util/util.go
new file mode 100644
index 000000000..6e12b6410
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/internal/util/util.go
@@ -0,0 +1,72 @@
+// Package util provides auxiliary functions internally used in webrtc package
+package util
+
+import (
+	"errors"
+	"strings"
+
+	"github.com/pion/randutil"
+)
+
+const (
+	runesAlpha = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
+)
+
+// Use global random generator to properly seed by crypto grade random.
+var globalMathRandomGenerator = randutil.NewMathRandomGenerator() // nolint:gochecknoglobals
+
+// MathRandAlpha generates a mathmatical random alphabet sequence of the requested length.
+func MathRandAlpha(n int) string {
+	return globalMathRandomGenerator.GenerateString(n, runesAlpha)
+}
+
+// RandUint32 generates a mathmatical random uint32.
+func RandUint32() uint32 {
+	return globalMathRandomGenerator.Uint32()
+}
+
+// FlattenErrs flattens multiple errors into one
+func FlattenErrs(errs []error) error {
+	errs2 := []error{}
+	for _, e := range errs {
+		if e != nil {
+			errs2 = append(errs2, e)
+		}
+	}
+	if len(errs2) == 0 {
+		return nil
+	}
+	return multiError(errs2)
+}
+
+type multiError []error
+
+func (me multiError) Error() string {
+	var errstrings []string
+
+	for _, err := range me {
+		if err != nil {
+			errstrings = append(errstrings, err.Error())
+		}
+	}
+
+	if len(errstrings) == 0 {
+		return "multiError must contain multiple error but is empty"
+	}
+
+	return strings.Join(errstrings, "\n")
+}
+
+func (me multiError) Is(err error) bool {
+	for _, e := range me {
+		if errors.Is(e, err) {
+			return true
+		}
+		if me2, ok := e.(multiError); ok {
+			if me2.Is(err) {
+				return true
+			}
+		}
+	}
+	return false
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/js_compare.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/js_compare.go
new file mode 100644
index 000000000..31e39802b
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/js_compare.go
@@ -0,0 +1,13 @@
+// +build js,go1.14
+
+package webrtc
+
+import "syscall/js"
+
+func jsValueIsUndefined(v js.Value) bool {
+	return v.IsUndefined()
+}
+
+func jsValueIsNull(v js.Value) bool {
+	return v.IsNull()
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/js_compare_legacy.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/js_compare_legacy.go
new file mode 100644
index 000000000..e2e247a0e
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/js_compare_legacy.go
@@ -0,0 +1,13 @@
+// +build js,!go1.14
+
+package webrtc
+
+import "syscall/js"
+
+func jsValueIsUndefined(v js.Value) bool {
+	return v == js.Undefined()
+}
+
+func jsValueIsNull(v js.Value) bool {
+	return v == js.Null()
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/js_utils.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/js_utils.go
new file mode 100644
index 000000000..25e89396b
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/js_utils.go
@@ -0,0 +1,168 @@
+// +build js,wasm
+
+package webrtc
+
+import (
+	"fmt"
+	"syscall/js"
+)
+
+// awaitPromise accepts a js.Value representing a Promise. If the promise
+// resolves, it returns (result, nil). If the promise rejects, it returns
+// (js.Undefined, error). awaitPromise has a synchronous-like API but does not
+// block the JavaScript event loop.
+func awaitPromise(promise js.Value) (js.Value, error) {
+	resultsChan := make(chan js.Value)
+	errChan := make(chan js.Error)
+
+	thenFunc := js.FuncOf(func(this js.Value, args []js.Value) interface{} {
+		go func() {
+			resultsChan <- args[0]
+		}()
+		return js.Undefined()
+	})
+	defer thenFunc.Release()
+	promise.Call("then", thenFunc)
+
+	catchFunc := js.FuncOf(func(this js.Value, args []js.Value) interface{} {
+		go func() {
+			errChan <- js.Error{args[0]}
+		}()
+		return js.Undefined()
+	})
+	defer catchFunc.Release()
+	promise.Call("catch", catchFunc)
+
+	select {
+	case result := <-resultsChan:
+		return result, nil
+	case err := <-errChan:
+		return js.Undefined(), err
+	}
+}
+
+func valueToUint16Pointer(val js.Value) *uint16 {
+	if jsValueIsNull(val) || jsValueIsUndefined(val) {
+		return nil
+	}
+	convertedVal := uint16(val.Int())
+	return &convertedVal
+}
+
+func valueToStringPointer(val js.Value) *string {
+	if jsValueIsNull(val) || jsValueIsUndefined(val) {
+		return nil
+	}
+	stringVal := val.String()
+	return &stringVal
+}
+
+func stringToValueOrUndefined(val string) js.Value {
+	if val == "" {
+		return js.Undefined()
+	}
+	return js.ValueOf(val)
+}
+
+func uint8ToValueOrUndefined(val uint8) js.Value {
+	if val == 0 {
+		return js.Undefined()
+	}
+	return js.ValueOf(val)
+}
+
+func interfaceToValueOrUndefined(val interface{}) js.Value {
+	if val == nil {
+		return js.Undefined()
+	}
+	return js.ValueOf(val)
+}
+
+func valueToStringOrZero(val js.Value) string {
+	if jsValueIsUndefined(val) || jsValueIsNull(val) {
+		return ""
+	}
+	return val.String()
+}
+
+func valueToUint8OrZero(val js.Value) uint8 {
+	if jsValueIsUndefined(val) || jsValueIsNull(val) {
+		return 0
+	}
+	return uint8(val.Int())
+}
+
+func valueToUint16OrZero(val js.Value) uint16 {
+	if jsValueIsNull(val) || jsValueIsUndefined(val) {
+		return 0
+	}
+	return uint16(val.Int())
+}
+
+func valueToUint32OrZero(val js.Value) uint32 {
+	if jsValueIsNull(val) || jsValueIsUndefined(val) {
+		return 0
+	}
+	return uint32(val.Int())
+}
+
+func valueToStrings(val js.Value) []string {
+	result := make([]string, val.Length())
+	for i := 0; i < val.Length(); i++ {
+		result[i] = val.Index(i).String()
+	}
+	return result
+}
+
+func stringPointerToValue(val *string) js.Value {
+	if val == nil {
+		return js.Undefined()
+	}
+	return js.ValueOf(*val)
+}
+
+func uint16PointerToValue(val *uint16) js.Value {
+	if val == nil {
+		return js.Undefined()
+	}
+	return js.ValueOf(*val)
+}
+
+func boolPointerToValue(val *bool) js.Value {
+	if val == nil {
+		return js.Undefined()
+	}
+	return js.ValueOf(*val)
+}
+
+func stringsToValue(strings []string) js.Value {
+	val := make([]interface{}, len(strings))
+	for i, s := range strings {
+		val[i] = s
+	}
+	return js.ValueOf(val)
+}
+
+func stringEnumToValueOrUndefined(s string) js.Value {
+	if s == "unknown" {
+		return js.Undefined()
+	}
+	return js.ValueOf(s)
+}
+
+// Converts the return value of recover() to an error.
+func recoveryToError(e interface{}) error {
+	switch e := e.(type) {
+	case error:
+		return e
+	default:
+		return fmt.Errorf("recovered with non-error value: (%T) %s", e, e)
+	}
+}
+
+func uint8ArrayValueToBytes(val js.Value) []byte {
+	result := make([]byte, val.Length())
+	js.CopyBytesToGo(result, val)
+
+	return result
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/mediaengine.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/mediaengine.go
new file mode 100644
index 000000000..a2d68f6e9
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/mediaengine.go
@@ -0,0 +1,512 @@
+// +build !js
+
+package webrtc
+
+import (
+	"fmt"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/pion/rtp"
+	"github.com/pion/rtp/codecs"
+	"github.com/pion/sdp/v3"
+)
+
+const (
+	// MimeTypeH264 H264 MIME type.
+	// Note: Matching should be case insensitive.
+	MimeTypeH264 = "video/h264"
+	// MimeTypeOpus Opus MIME type
+	// Note: Matching should be case insensitive.
+	MimeTypeOpus = "audio/opus"
+	// MimeTypeVP8 VP8 MIME type
+	// Note: Matching should be case insensitive.
+	MimeTypeVP8 = "video/vp8"
+	// MimeTypeVP9 VP9 MIME type
+	// Note: Matching should be case insensitive.
+	MimeTypeVP9 = "video/vp9"
+	// MimeTypeG722 G722 MIME type
+	// Note: Matching should be case insensitive.
+	MimeTypeG722 = "audio/G722"
+	// MimeTypePCMU PCMU MIME type
+	// Note: Matching should be case insensitive.
+	MimeTypePCMU = "audio/PCMU"
+	// MimeTypePCMA PCMA MIME type
+	// Note: Matching should be case insensitive.
+	MimeTypePCMA = "audio/PCMA"
+)
+
+type mediaEngineHeaderExtension struct {
+	uri              string
+	isAudio, isVideo bool
+
+	// If set only Transceivers of this direction are allowed
+	allowedDirections []RTPTransceiverDirection
+}
+
+// A MediaEngine defines the codecs supported by a PeerConnection, and the
+// configuration of those codecs. A MediaEngine must not be shared between
+// PeerConnections.
+type MediaEngine struct {
+	// If we have attempted to negotiate a codec type yet.
+	negotiatedVideo, negotiatedAudio bool
+
+	videoCodecs, audioCodecs                     []RTPCodecParameters
+	negotiatedVideoCodecs, negotiatedAudioCodecs []RTPCodecParameters
+
+	headerExtensions           []mediaEngineHeaderExtension
+	negotiatedHeaderExtensions map[int]mediaEngineHeaderExtension
+}
+
+// RegisterDefaultCodecs registers the default codecs supported by Pion WebRTC.
+// RegisterDefaultCodecs is not safe for concurrent use.
+func (m *MediaEngine) RegisterDefaultCodecs() error {
+	// Default Pion Audio Codecs
+	for _, codec := range []RTPCodecParameters{
+		{
+			RTPCodecCapability: RTPCodecCapability{MimeTypeOpus, 48000, 2, "minptime=10;useinbandfec=1", nil},
+			PayloadType:        111,
+		},
+		{
+			RTPCodecCapability: RTPCodecCapability{MimeTypeG722, 8000, 0, "", nil},
+			PayloadType:        9,
+		},
+		{
+			RTPCodecCapability: RTPCodecCapability{MimeTypePCMU, 8000, 0, "", nil},
+			PayloadType:        0,
+		},
+		{
+			RTPCodecCapability: RTPCodecCapability{MimeTypePCMA, 8000, 0, "", nil},
+			PayloadType:        8,
+		},
+	} {
+		if err := m.RegisterCodec(codec, RTPCodecTypeAudio); err != nil {
+			return err
+		}
+	}
+
+	// Default Pion Audio Header Extensions
+	for _, extension := range []string{
+		"urn:ietf:params:rtp-hdrext:sdes:mid",
+		"urn:ietf:params:rtp-hdrext:sdes:rtp-stream-id",
+		"urn:ietf:params:rtp-hdrext:sdes:repaired-rtp-stream-id",
+	} {
+		if err := m.RegisterHeaderExtension(RTPHeaderExtensionCapability{extension}, RTPCodecTypeAudio); err != nil {
+			return err
+		}
+	}
+
+	videoRTCPFeedback := []RTCPFeedback{{"goog-remb", ""}, {"ccm", "fir"}, {"nack", ""}, {"nack", "pli"}}
+	for _, codec := range []RTPCodecParameters{
+		{
+			RTPCodecCapability: RTPCodecCapability{MimeTypeVP8, 90000, 0, "", videoRTCPFeedback},
+			PayloadType:        96,
+		},
+		{
+			RTPCodecCapability: RTPCodecCapability{"video/rtx", 90000, 0, "apt=96", nil},
+			PayloadType:        97,
+		},
+
+		{
+			RTPCodecCapability: RTPCodecCapability{MimeTypeVP9, 90000, 0, "profile-id=0", videoRTCPFeedback},
+			PayloadType:        98,
+		},
+		{
+			RTPCodecCapability: RTPCodecCapability{"video/rtx", 90000, 0, "apt=98", nil},
+			PayloadType:        99,
+		},
+
+		{
+			RTPCodecCapability: RTPCodecCapability{MimeTypeVP9, 90000, 0, "profile-id=1", videoRTCPFeedback},
+			PayloadType:        100,
+		},
+		{
+			RTPCodecCapability: RTPCodecCapability{"video/rtx", 90000, 0, "apt=100", nil},
+			PayloadType:        101,
+		},
+
+		{
+			RTPCodecCapability: RTPCodecCapability{MimeTypeH264, 90000, 0, "level-asymmetry-allowed=1;packetization-mode=1;profile-level-id=42001f", videoRTCPFeedback},
+			PayloadType:        102,
+		},
+		{
+			RTPCodecCapability: RTPCodecCapability{"video/rtx", 90000, 0, "apt=102", nil},
+			PayloadType:        121,
+		},
+
+		{
+			RTPCodecCapability: RTPCodecCapability{MimeTypeH264, 90000, 0, "level-asymmetry-allowed=1;packetization-mode=0;profile-level-id=42001f", videoRTCPFeedback},
+			PayloadType:        127,
+		},
+		{
+			RTPCodecCapability: RTPCodecCapability{"video/rtx", 90000, 0, "apt=127", nil},
+			PayloadType:        120,
+		},
+
+		{
+			RTPCodecCapability: RTPCodecCapability{MimeTypeH264, 90000, 0, "level-asymmetry-allowed=1;packetization-mode=1;profile-level-id=42e01f", videoRTCPFeedback},
+			PayloadType:        125,
+		},
+		{
+			RTPCodecCapability: RTPCodecCapability{"video/rtx", 90000, 0, "apt=125", nil},
+			PayloadType:        107,
+		},
+
+		{
+			RTPCodecCapability: RTPCodecCapability{MimeTypeH264, 90000, 0, "level-asymmetry-allowed=1;packetization-mode=0;profile-level-id=42e01f", videoRTCPFeedback},
+			PayloadType:        108,
+		},
+		{
+			RTPCodecCapability: RTPCodecCapability{"video/rtx", 90000, 0, "apt=108", nil},
+			PayloadType:        109,
+		},
+
+		{
+			RTPCodecCapability: RTPCodecCapability{MimeTypeH264, 90000, 0, "level-asymmetry-allowed=1;packetization-mode=0;profile-level-id=42001f", videoRTCPFeedback},
+			PayloadType:        127,
+		},
+		{
+			RTPCodecCapability: RTPCodecCapability{"video/rtx", 90000, 0, "apt=127", nil},
+			PayloadType:        120,
+		},
+
+		{
+			RTPCodecCapability: RTPCodecCapability{MimeTypeH264, 90000, 0, "level-asymmetry-allowed=1;packetization-mode=1;profile-level-id=640032", videoRTCPFeedback},
+			PayloadType:        123,
+		},
+		{
+			RTPCodecCapability: RTPCodecCapability{"video/rtx", 90000, 0, "apt=123", nil},
+			PayloadType:        118,
+		},
+
+		{
+			RTPCodecCapability: RTPCodecCapability{"video/ulpfec", 90000, 0, "", nil},
+			PayloadType:        116,
+		},
+	} {
+		if err := m.RegisterCodec(codec, RTPCodecTypeVideo); err != nil {
+			return err
+		}
+	}
+
+	// Default Pion Video Header Extensions
+	for _, extension := range []string{
+		"urn:ietf:params:rtp-hdrext:sdes:mid",
+		"urn:ietf:params:rtp-hdrext:sdes:rtp-stream-id",
+		"urn:ietf:params:rtp-hdrext:sdes:repaired-rtp-stream-id",
+	} {
+		if err := m.RegisterHeaderExtension(RTPHeaderExtensionCapability{extension}, RTPCodecTypeVideo); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+// RegisterCodec adds codec to the MediaEngine
+// These are the list of codecs supported by this PeerConnection.
+// RegisterCodec is not safe for concurrent use.
+func (m *MediaEngine) RegisterCodec(codec RTPCodecParameters, typ RTPCodecType) error {
+	codec.statsID = fmt.Sprintf("RTPCodec-%d", time.Now().UnixNano())
+	switch typ {
+	case RTPCodecTypeAudio:
+		m.audioCodecs = append(m.audioCodecs, codec)
+	case RTPCodecTypeVideo:
+		m.videoCodecs = append(m.videoCodecs, codec)
+	default:
+		return ErrUnknownType
+	}
+	return nil
+}
+
+// RegisterHeaderExtension adds a header extension to the MediaEngine
+// To determine the negotiated value use `GetHeaderExtensionID` after signaling is complete
+func (m *MediaEngine) RegisterHeaderExtension(extension RTPHeaderExtensionCapability, typ RTPCodecType, allowedDirections ...RTPTransceiverDirection) error {
+	if m.negotiatedHeaderExtensions == nil {
+		m.negotiatedHeaderExtensions = map[int]mediaEngineHeaderExtension{}
+	}
+
+	if len(allowedDirections) == 0 {
+		allowedDirections = []RTPTransceiverDirection{RTPTransceiverDirectionRecvonly, RTPTransceiverDirectionSendonly}
+	}
+
+	for _, direction := range allowedDirections {
+		if direction != RTPTransceiverDirectionRecvonly && direction != RTPTransceiverDirectionSendonly {
+			return ErrRegisterHeaderExtensionInvalidDirection
+		}
+	}
+
+	extensionIndex := -1
+	for i := range m.headerExtensions {
+		if extension.URI == m.headerExtensions[i].uri {
+			extensionIndex = i
+		}
+	}
+
+	if extensionIndex == -1 {
+		m.headerExtensions = append(m.headerExtensions, mediaEngineHeaderExtension{})
+		extensionIndex = len(m.headerExtensions) - 1
+	}
+
+	if typ == RTPCodecTypeAudio {
+		m.headerExtensions[extensionIndex].isAudio = true
+	} else if typ == RTPCodecTypeVideo {
+		m.headerExtensions[extensionIndex].isVideo = true
+	}
+
+	m.headerExtensions[extensionIndex].uri = extension.URI
+	m.headerExtensions[extensionIndex].allowedDirections = allowedDirections
+
+	return nil
+}
+
+// RegisterFeedback adds feedback mechanism to already registered codecs.
+func (m *MediaEngine) RegisterFeedback(feedback RTCPFeedback, typ RTPCodecType) {
+	switch typ {
+	case RTPCodecTypeVideo:
+		for i, v := range m.videoCodecs {
+			v.RTCPFeedback = append(v.RTCPFeedback, feedback)
+			m.videoCodecs[i] = v
+		}
+	case RTPCodecTypeAudio:
+		for i, v := range m.audioCodecs {
+			v.RTCPFeedback = append(v.RTCPFeedback, feedback)
+			m.audioCodecs[i] = v
+		}
+	}
+}
+
+// getHeaderExtensionID returns the negotiated ID for a header extension.
+// If the Header Extension isn't enabled ok will be false
+func (m *MediaEngine) getHeaderExtensionID(extension RTPHeaderExtensionCapability) (val int, audioNegotiated, videoNegotiated bool) {
+	if m.negotiatedHeaderExtensions == nil {
+		return 0, false, false
+	}
+
+	for id, h := range m.negotiatedHeaderExtensions {
+		if extension.URI == h.uri {
+			return id, h.isAudio, h.isVideo
+		}
+	}
+
+	return
+}
+
+func (m *MediaEngine) getCodecByPayload(payloadType PayloadType) (RTPCodecParameters, RTPCodecType, error) {
+	for _, codec := range m.negotiatedVideoCodecs {
+		if codec.PayloadType == payloadType {
+			return codec, RTPCodecTypeVideo, nil
+		}
+	}
+	for _, codec := range m.negotiatedAudioCodecs {
+		if codec.PayloadType == payloadType {
+			return codec, RTPCodecTypeAudio, nil
+		}
+	}
+
+	return RTPCodecParameters{}, 0, ErrCodecNotFound
+}
+
+func (m *MediaEngine) collectStats(collector *statsReportCollector) {
+	statsLoop := func(codecs []RTPCodecParameters) {
+		for _, codec := range codecs {
+			collector.Collecting()
+			stats := CodecStats{
+				Timestamp:   statsTimestampFrom(time.Now()),
+				Type:        StatsTypeCodec,
+				ID:          codec.statsID,
+				PayloadType: codec.PayloadType,
+				MimeType:    codec.MimeType,
+				ClockRate:   codec.ClockRate,
+				Channels:    uint8(codec.Channels),
+				SDPFmtpLine: codec.SDPFmtpLine,
+			}
+
+			collector.Collect(stats.ID, stats)
+		}
+	}
+
+	statsLoop(m.videoCodecs)
+	statsLoop(m.audioCodecs)
+}
+
+// Look up a codec and enable if it exists
+func (m *MediaEngine) updateCodecParameters(remoteCodec RTPCodecParameters, typ RTPCodecType) error {
+	codecs := m.videoCodecs
+	if typ == RTPCodecTypeAudio {
+		codecs = m.audioCodecs
+	}
+
+	pushCodec := func(codec RTPCodecParameters) error {
+		if typ == RTPCodecTypeAudio {
+			m.negotiatedAudioCodecs = append(m.negotiatedAudioCodecs, codec)
+		} else if typ == RTPCodecTypeVideo {
+			m.negotiatedVideoCodecs = append(m.negotiatedVideoCodecs, codec)
+		}
+		return nil
+	}
+
+	if strings.HasPrefix(remoteCodec.RTPCodecCapability.SDPFmtpLine, "apt=") {
+		payloadType, err := strconv.Atoi(strings.TrimPrefix(remoteCodec.RTPCodecCapability.SDPFmtpLine, "apt="))
+		if err != nil {
+			return err
+		}
+
+		if _, _, err = m.getCodecByPayload(PayloadType(payloadType)); err != nil {
+			return nil // not an error, we just ignore this codec we don't support
+		}
+	}
+
+	if _, err := codecParametersFuzzySearch(remoteCodec, codecs); err == nil {
+		return pushCodec(remoteCodec)
+	}
+
+	return nil
+}
+
+// Look up a header extension and enable if it exists
+func (m *MediaEngine) updateHeaderExtension(id int, extension string, typ RTPCodecType) error {
+	if m.negotiatedHeaderExtensions == nil {
+		return nil
+	}
+
+	for _, localExtension := range m.headerExtensions {
+		if localExtension.uri == extension {
+			h := mediaEngineHeaderExtension{uri: extension, allowedDirections: localExtension.allowedDirections}
+			if existingValue, ok := m.negotiatedHeaderExtensions[id]; ok {
+				h = existingValue
+			}
+
+			switch {
+			case localExtension.isAudio && typ == RTPCodecTypeAudio:
+				h.isAudio = true
+			case localExtension.isVideo && typ == RTPCodecTypeVideo:
+				h.isVideo = true
+			}
+
+			m.negotiatedHeaderExtensions[id] = h
+		}
+	}
+	return nil
+}
+
+// Update the MediaEngine from a remote description
+func (m *MediaEngine) updateFromRemoteDescription(desc sdp.SessionDescription) error {
+	for _, media := range desc.MediaDescriptions {
+		var typ RTPCodecType
+		switch {
+		case !m.negotiatedAudio && strings.EqualFold(media.MediaName.Media, "audio"):
+			m.negotiatedAudio = true
+			typ = RTPCodecTypeAudio
+		case !m.negotiatedVideo && strings.EqualFold(media.MediaName.Media, "video"):
+			m.negotiatedVideo = true
+			typ = RTPCodecTypeVideo
+		default:
+			continue
+		}
+
+		codecs, err := codecsFromMediaDescription(media)
+		if err != nil {
+			return err
+		}
+
+		for _, codec := range codecs {
+			if err = m.updateCodecParameters(codec, typ); err != nil {
+				return err
+			}
+		}
+
+		extensions, err := rtpExtensionsFromMediaDescription(media)
+		if err != nil {
+			return err
+		}
+
+		for extension, id := range extensions {
+			if err = m.updateHeaderExtension(id, extension, typ); err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}
+
+func (m *MediaEngine) getCodecsByKind(typ RTPCodecType) []RTPCodecParameters {
+	if typ == RTPCodecTypeVideo {
+		if m.negotiatedVideo {
+			return m.negotiatedVideoCodecs
+		}
+
+		return m.videoCodecs
+	} else if typ == RTPCodecTypeAudio {
+		if m.negotiatedAudio {
+			return m.negotiatedAudioCodecs
+		}
+
+		return m.audioCodecs
+	}
+
+	return nil
+}
+
+func (m *MediaEngine) getRTPParametersByKind(typ RTPCodecType, directions []RTPTransceiverDirection) RTPParameters {
+	headerExtensions := make([]RTPHeaderExtensionParameter, 0)
+
+	if m.negotiatedVideo && typ == RTPCodecTypeVideo ||
+		m.negotiatedAudio && typ == RTPCodecTypeAudio {
+		for id, e := range m.negotiatedHeaderExtensions {
+			if haveRTPTransceiverDirectionIntersection(e.allowedDirections, directions) && (e.isAudio && typ == RTPCodecTypeAudio || e.isVideo && typ == RTPCodecTypeVideo) {
+				headerExtensions = append(headerExtensions, RTPHeaderExtensionParameter{ID: id, URI: e.uri})
+			}
+		}
+	} else {
+		for id, e := range m.headerExtensions {
+			if haveRTPTransceiverDirectionIntersection(e.allowedDirections, directions) && (e.isAudio && typ == RTPCodecTypeAudio || e.isVideo && typ == RTPCodecTypeVideo) {
+				headerExtensions = append(headerExtensions, RTPHeaderExtensionParameter{ID: id + 1, URI: e.uri})
+			}
+		}
+	}
+
+	return RTPParameters{
+		HeaderExtensions: headerExtensions,
+		Codecs:           m.getCodecsByKind(typ),
+	}
+}
+
+func (m *MediaEngine) getRTPParametersByPayloadType(payloadType PayloadType) (RTPParameters, error) {
+	codec, typ, err := m.getCodecByPayload(payloadType)
+	if err != nil {
+		return RTPParameters{}, err
+	}
+
+	headerExtensions := make([]RTPHeaderExtensionParameter, 0)
+	for id, e := range m.negotiatedHeaderExtensions {
+		if e.isAudio && typ == RTPCodecTypeAudio || e.isVideo && typ == RTPCodecTypeVideo {
+			headerExtensions = append(headerExtensions, RTPHeaderExtensionParameter{ID: id, URI: e.uri})
+		}
+	}
+
+	return RTPParameters{
+		HeaderExtensions: headerExtensions,
+		Codecs:           []RTPCodecParameters{codec},
+	}, nil
+}
+
+func payloaderForCodec(codec RTPCodecCapability) (rtp.Payloader, error) {
+	switch strings.ToLower(codec.MimeType) {
+	case strings.ToLower(MimeTypeH264):
+		return &codecs.H264Payloader{}, nil
+	case strings.ToLower(MimeTypeOpus):
+		return &codecs.OpusPayloader{}, nil
+	case strings.ToLower(MimeTypeVP8):
+		return &codecs.VP8Payloader{}, nil
+	case strings.ToLower(MimeTypeVP9):
+		return &codecs.VP9Payloader{}, nil
+	case strings.ToLower(MimeTypeG722):
+		return &codecs.G722Payloader{}, nil
+	case strings.ToLower(MimeTypePCMU), strings.ToLower(MimeTypePCMA):
+		return &codecs.G711Payloader{}, nil
+	default:
+		return nil, ErrNoPayloaderForCodec
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/networktype.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/networktype.go
new file mode 100644
index 000000000..e5dd84073
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/networktype.go
@@ -0,0 +1,104 @@
+package webrtc
+
+import (
+	"fmt"
+
+	"github.com/pion/ice/v2"
+)
+
+func supportedNetworkTypes() []NetworkType {
+	return []NetworkType{
+		NetworkTypeUDP4,
+		NetworkTypeUDP6,
+		// NetworkTypeTCP4, // Not supported yet
+		// NetworkTypeTCP6, // Not supported yet
+	}
+}
+
+// NetworkType represents the type of network
+type NetworkType int
+
+const (
+	// NetworkTypeUDP4 indicates UDP over IPv4.
+	NetworkTypeUDP4 NetworkType = iota + 1
+
+	// NetworkTypeUDP6 indicates UDP over IPv6.
+	NetworkTypeUDP6
+
+	// NetworkTypeTCP4 indicates TCP over IPv4.
+	NetworkTypeTCP4
+
+	// NetworkTypeTCP6 indicates TCP over IPv6.
+	NetworkTypeTCP6
+)
+
+// This is done this way because of a linter.
+const (
+	networkTypeUDP4Str = "udp4"
+	networkTypeUDP6Str = "udp6"
+	networkTypeTCP4Str = "tcp4"
+	networkTypeTCP6Str = "tcp6"
+)
+
+func (t NetworkType) String() string {
+	switch t {
+	case NetworkTypeUDP4:
+		return networkTypeUDP4Str
+	case NetworkTypeUDP6:
+		return networkTypeUDP6Str
+	case NetworkTypeTCP4:
+		return networkTypeTCP4Str
+	case NetworkTypeTCP6:
+		return networkTypeTCP6Str
+	default:
+		return ErrUnknownType.Error()
+	}
+}
+
+// Protocol returns udp or tcp
+func (t NetworkType) Protocol() string {
+	switch t {
+	case NetworkTypeUDP4:
+		return "udp"
+	case NetworkTypeUDP6:
+		return "udp"
+	case NetworkTypeTCP4:
+		return "tcp"
+	case NetworkTypeTCP6:
+		return "tcp"
+	default:
+		return ErrUnknownType.Error()
+	}
+}
+
+// NewNetworkType allows create network type from string
+// It will be useful for getting custom network types from external config.
+func NewNetworkType(raw string) (NetworkType, error) {
+	switch raw {
+	case networkTypeUDP4Str:
+		return NetworkTypeUDP4, nil
+	case networkTypeUDP6Str:
+		return NetworkTypeUDP6, nil
+	case networkTypeTCP4Str:
+		return NetworkTypeTCP4, nil
+	case networkTypeTCP6Str:
+		return NetworkTypeTCP6, nil
+	default:
+		return NetworkType(Unknown), fmt.Errorf("%w: %s", errNetworkTypeUnknown, raw)
+	}
+}
+
+func getNetworkType(iceNetworkType ice.NetworkType) (NetworkType, error) {
+	switch iceNetworkType {
+	case ice.NetworkTypeUDP4:
+		return NetworkTypeUDP4, nil
+	case ice.NetworkTypeUDP6:
+		return NetworkTypeUDP6, nil
+	case ice.NetworkTypeTCP4:
+		return NetworkTypeTCP4, nil
+	case ice.NetworkTypeTCP6:
+		return NetworkTypeTCP6, nil
+	default:
+		return NetworkType(Unknown), fmt.Errorf("%w: %s", errNetworkTypeUnknown, iceNetworkType.String())
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/oauthcredential.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/oauthcredential.go
new file mode 100644
index 000000000..46170c7a2
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/oauthcredential.go
@@ -0,0 +1,15 @@
+package webrtc
+
+// OAuthCredential represents OAuth credential information which is used by
+// the STUN/TURN client to connect to an ICE server as defined in
+// https://tools.ietf.org/html/rfc7635. Note that the kid parameter is not
+// located in OAuthCredential, but in ICEServer's username member.
+type OAuthCredential struct {
+	// MACKey is a base64-url encoded format. It is used in STUN message
+	// integrity hash calculation.
+	MACKey string
+
+	// AccessToken is a base64-encoded format. This is an encrypted
+	// self-contained token that is opaque to the application.
+	AccessToken string
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/offeransweroptions.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/offeransweroptions.go
new file mode 100644
index 000000000..2a34aed43
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/offeransweroptions.go
@@ -0,0 +1,26 @@
+package webrtc
+
+// OfferAnswerOptions is a base structure which describes the options that
+// can be used to control the offer/answer creation process.
+type OfferAnswerOptions struct {
+	// VoiceActivityDetection allows the application to provide information
+	// about whether it wishes voice detection feature to be enabled or disabled.
+	VoiceActivityDetection bool
+}
+
+// AnswerOptions structure describes the options used to control the answer
+// creation process.
+type AnswerOptions struct {
+	OfferAnswerOptions
+}
+
+// OfferOptions structure describes the options used to control the offer
+// creation process
+type OfferOptions struct {
+	OfferAnswerOptions
+
+	// ICERestart forces the underlying ice gathering process to be restarted.
+	// When this value is true, the generated description will have ICE
+	// credentials that are different from the current credentials
+	ICERestart bool
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/operations.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/operations.go
new file mode 100644
index 000000000..82bc83224
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/operations.go
@@ -0,0 +1,87 @@
+package webrtc
+
+import (
+	"sync"
+)
+
+// Operation is a function
+type operation func()
+
+// Operations is a task executor.
+type operations struct {
+	mu   sync.Mutex
+	busy bool
+	ops  []operation
+}
+
+func newOperations() *operations {
+	return &operations{}
+}
+
+// Enqueue adds a new action to be executed. If there are no actions scheduled,
+// the execution will start immediately in a new goroutine.
+func (o *operations) Enqueue(op operation) {
+	if op == nil {
+		return
+	}
+
+	o.mu.Lock()
+	running := o.busy
+	o.ops = append(o.ops, op)
+	o.busy = true
+	o.mu.Unlock()
+
+	if !running {
+		go o.start()
+	}
+}
+
+// IsEmpty checks if there are tasks in the queue
+func (o *operations) IsEmpty() bool {
+	o.mu.Lock()
+	defer o.mu.Unlock()
+	return len(o.ops) == 0
+}
+
+// Done blocks until all currently enqueued operations are finished executing.
+// For more complex synchronization, use Enqueue directly.
+func (o *operations) Done() {
+	var wg sync.WaitGroup
+	wg.Add(1)
+	o.Enqueue(func() {
+		wg.Done()
+	})
+	wg.Wait()
+}
+
+func (o *operations) pop() func() {
+	o.mu.Lock()
+	defer o.mu.Unlock()
+	if len(o.ops) == 0 {
+		return nil
+	}
+
+	fn := o.ops[0]
+	o.ops = o.ops[1:]
+	return fn
+}
+
+func (o *operations) start() {
+	defer func() {
+		o.mu.Lock()
+		defer o.mu.Unlock()
+		if len(o.ops) == 0 {
+			o.busy = false
+			return
+		}
+		// either a new operation was enqueued while we
+		// were busy, or an operation panicked
+		go o.start()
+	}()
+
+	fn := o.pop()
+	for fn != nil {
+		fn()
+		fn = o.pop()
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/package.json b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/package.json
new file mode 100644
index 000000000..429f3efb3
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/package.json
@@ -0,0 +1,11 @@
+{
+  "name": "webrtc",
+  "repository": "git@github.com:pion/webrtc.git",
+  "private": true,
+  "devDependencies": {
+    "wrtc": "0.4.7"
+  },
+  "dependencies": {
+    "request": "2.88.2"
+  }
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/peerconnection.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/peerconnection.go
new file mode 100644
index 000000000..f8c0d153e
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/peerconnection.go
@@ -0,0 +1,2294 @@
+// +build !js
+
+package webrtc
+
+import (
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"crypto/rand"
+	"fmt"
+	"io"
+	"strconv"
+	"strings"
+	"sync"
+	"sync/atomic"
+	"time"
+
+	"github.com/pion/ice/v2"
+	"github.com/pion/interceptor"
+	"github.com/pion/logging"
+	"github.com/pion/rtcp"
+	"github.com/pion/sdp/v3"
+	"github.com/pion/webrtc/v3/internal/util"
+	"github.com/pion/webrtc/v3/pkg/rtcerr"
+)
+
+// PeerConnection represents a WebRTC connection that establishes a
+// peer-to-peer communications with another PeerConnection instance in a
+// browser, or to another endpoint implementing the required protocols.
+type PeerConnection struct {
+	statsID string
+	mu      sync.RWMutex
+
+	// ops is an operations queue which will ensure the enqueued actions are
+	// executed in order. It is used for asynchronously, but serially processing
+	// remote and local descriptions
+	ops *operations
+
+	configuration Configuration
+
+	currentLocalDescription  *SessionDescription
+	pendingLocalDescription  *SessionDescription
+	currentRemoteDescription *SessionDescription
+	pendingRemoteDescription *SessionDescription
+	signalingState           SignalingState
+	iceConnectionState       ICEConnectionState
+	connectionState          PeerConnectionState
+
+	idpLoginURL *string
+
+	isClosed               *atomicBool
+	isNegotiationNeeded    *atomicBool
+	negotiationNeededState negotiationNeededState
+
+	lastOffer  string
+	lastAnswer string
+
+	// a value containing the last known greater mid value
+	// we internally generate mids as numbers. Needed since JSEP
+	// requires that when reusing a media section a new unique mid
+	// should be defined (see JSEP 3.4.1).
+	greaterMid int
+
+	rtpTransceivers []*RTPTransceiver
+
+	onSignalingStateChangeHandler     func(SignalingState)
+	onICEConnectionStateChangeHandler func(ICEConnectionState)
+	onConnectionStateChangeHandler    func(PeerConnectionState)
+	onTrackHandler                    func(*TrackRemote, *RTPReceiver)
+	onDataChannelHandler              func(*DataChannel)
+	onNegotiationNeededHandler        atomic.Value // func()
+
+	iceGatherer   *ICEGatherer
+	iceTransport  *ICETransport
+	dtlsTransport *DTLSTransport
+	sctpTransport *SCTPTransport
+
+	// A reference to the associated API state used by this connection
+	api *API
+	log logging.LeveledLogger
+
+	interceptorRTCPWriter interceptor.RTCPWriter
+}
+
+// NewPeerConnection creates a PeerConnection with the default codecs and
+// interceptors.  See RegisterDefaultCodecs and RegisterDefaultInterceptors.
+//
+// If you wish to customize the set of available codecs or the set of
+// active interceptors, create a MediaEngine and call api.NewPeerConnection
+// instead of this function.
+func NewPeerConnection(configuration Configuration) (*PeerConnection, error) {
+	m := &MediaEngine{}
+	if err := m.RegisterDefaultCodecs(); err != nil {
+		return nil, err
+	}
+
+	i := &interceptor.Registry{}
+	if err := RegisterDefaultInterceptors(m, i); err != nil {
+		return nil, err
+	}
+
+	api := NewAPI(WithMediaEngine(m), WithInterceptorRegistry(i))
+	return api.NewPeerConnection(configuration)
+}
+
+// NewPeerConnection creates a new PeerConnection with the provided configuration against the received API object
+func (api *API) NewPeerConnection(configuration Configuration) (*PeerConnection, error) {
+	// https://w3c.github.io/webrtc-pc/#constructor (Step #2)
+	// Some variables defined explicitly despite their implicit zero values to
+	// allow better readability to understand what is happening.
+	pc := &PeerConnection{
+		statsID: fmt.Sprintf("PeerConnection-%d", time.Now().UnixNano()),
+		configuration: Configuration{
+			ICEServers:           []ICEServer{},
+			ICETransportPolicy:   ICETransportPolicyAll,
+			BundlePolicy:         BundlePolicyBalanced,
+			RTCPMuxPolicy:        RTCPMuxPolicyRequire,
+			Certificates:         []Certificate{},
+			ICECandidatePoolSize: 0,
+		},
+		ops:                    newOperations(),
+		isClosed:               &atomicBool{},
+		isNegotiationNeeded:    &atomicBool{},
+		negotiationNeededState: negotiationNeededStateEmpty,
+		lastOffer:              "",
+		lastAnswer:             "",
+		greaterMid:             -1,
+		signalingState:         SignalingStateStable,
+		iceConnectionState:     ICEConnectionStateNew,
+		connectionState:        PeerConnectionStateNew,
+
+		api: api,
+		log: api.settingEngine.LoggerFactory.NewLogger("pc"),
+	}
+
+	pc.interceptorRTCPWriter = api.interceptor.BindRTCPWriter(interceptor.RTCPWriterFunc(pc.writeRTCP))
+
+	var err error
+	if err = pc.initConfiguration(configuration); err != nil {
+		return nil, err
+	}
+
+	pc.iceGatherer, err = pc.createICEGatherer()
+	if err != nil {
+		return nil, err
+	}
+
+	// Create the ice transport
+	iceTransport := pc.createICETransport()
+	pc.iceTransport = iceTransport
+
+	// Create the DTLS transport
+	dtlsTransport, err := pc.api.NewDTLSTransport(pc.iceTransport, pc.configuration.Certificates)
+	if err != nil {
+		return nil, err
+	}
+	pc.dtlsTransport = dtlsTransport
+
+	// Create the SCTP transport
+	pc.sctpTransport = pc.api.NewSCTPTransport(pc.dtlsTransport)
+
+	// Wire up the on datachannel handler
+	pc.sctpTransport.OnDataChannel(func(d *DataChannel) {
+		pc.mu.RLock()
+		handler := pc.onDataChannelHandler
+		pc.mu.RUnlock()
+		if handler != nil {
+			handler(d)
+		}
+	})
+
+	return pc, nil
+}
+
+// initConfiguration defines validation of the specified Configuration and
+// its assignment to the internal configuration variable. This function differs
+// from its SetConfiguration counterpart because most of the checks do not
+// include verification statements related to the existing state. Thus the
+// function describes only minor verification of some the struct variables.
+func (pc *PeerConnection) initConfiguration(configuration Configuration) error {
+	if configuration.PeerIdentity != "" {
+		pc.configuration.PeerIdentity = configuration.PeerIdentity
+	}
+
+	// https://www.w3.org/TR/webrtc/#constructor (step #3)
+	if len(configuration.Certificates) > 0 {
+		now := time.Now()
+		for _, x509Cert := range configuration.Certificates {
+			if !x509Cert.Expires().IsZero() && now.After(x509Cert.Expires()) {
+				return &rtcerr.InvalidAccessError{Err: ErrCertificateExpired}
+			}
+			pc.configuration.Certificates = append(pc.configuration.Certificates, x509Cert)
+		}
+	} else {
+		sk, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+		if err != nil {
+			return &rtcerr.UnknownError{Err: err}
+		}
+		certificate, err := GenerateCertificate(sk)
+		if err != nil {
+			return err
+		}
+		pc.configuration.Certificates = []Certificate{*certificate}
+	}
+
+	if configuration.BundlePolicy != BundlePolicy(Unknown) {
+		pc.configuration.BundlePolicy = configuration.BundlePolicy
+	}
+
+	if configuration.RTCPMuxPolicy != RTCPMuxPolicy(Unknown) {
+		pc.configuration.RTCPMuxPolicy = configuration.RTCPMuxPolicy
+	}
+
+	if configuration.ICECandidatePoolSize != 0 {
+		pc.configuration.ICECandidatePoolSize = configuration.ICECandidatePoolSize
+	}
+
+	if configuration.ICETransportPolicy != ICETransportPolicy(Unknown) {
+		pc.configuration.ICETransportPolicy = configuration.ICETransportPolicy
+	}
+
+	if configuration.SDPSemantics != SDPSemantics(Unknown) {
+		pc.configuration.SDPSemantics = configuration.SDPSemantics
+	}
+
+	sanitizedICEServers := configuration.getICEServers()
+	if len(sanitizedICEServers) > 0 {
+		for _, server := range sanitizedICEServers {
+			if err := server.validate(); err != nil {
+				return err
+			}
+		}
+		pc.configuration.ICEServers = sanitizedICEServers
+	}
+
+	return nil
+}
+
+// OnSignalingStateChange sets an event handler which is invoked when the
+// peer connection's signaling state changes
+func (pc *PeerConnection) OnSignalingStateChange(f func(SignalingState)) {
+	pc.mu.Lock()
+	defer pc.mu.Unlock()
+	pc.onSignalingStateChangeHandler = f
+}
+
+func (pc *PeerConnection) onSignalingStateChange(newState SignalingState) {
+	pc.mu.RLock()
+	handler := pc.onSignalingStateChangeHandler
+	pc.mu.RUnlock()
+
+	pc.log.Infof("signaling state changed to %s", newState)
+	if handler != nil {
+		go handler(newState)
+	}
+}
+
+// OnDataChannel sets an event handler which is invoked when a data
+// channel message arrives from a remote peer.
+func (pc *PeerConnection) OnDataChannel(f func(*DataChannel)) {
+	pc.mu.Lock()
+	defer pc.mu.Unlock()
+	pc.onDataChannelHandler = f
+}
+
+// OnNegotiationNeeded sets an event handler which is invoked when
+// a change has occurred which requires session negotiation
+func (pc *PeerConnection) OnNegotiationNeeded(f func()) {
+	pc.onNegotiationNeededHandler.Store(f)
+}
+
+func (pc *PeerConnection) onNegotiationNeeded() {
+	// https://w3c.github.io/webrtc-pc/#updating-the-negotiation-needed-flag
+	// non-canon step 1
+	pc.mu.Lock()
+	defer pc.mu.Unlock()
+	if pc.negotiationNeededState == negotiationNeededStateRun {
+		pc.negotiationNeededState = negotiationNeededStateQueue
+		return
+	} else if pc.negotiationNeededState == negotiationNeededStateQueue {
+		return
+	}
+
+	pc.negotiationNeededState = negotiationNeededStateRun
+
+	pc.ops.Enqueue(pc.negotiationNeededOp)
+}
+
+func (pc *PeerConnection) negotiationNeededOp() {
+	// Don't run NegotiatedNeeded checks if OnNegotiationNeeded is not set
+	if handler := pc.onNegotiationNeededHandler.Load(); handler == nil {
+		return
+	}
+
+	// https://www.w3.org/TR/webrtc/#updating-the-negotiation-needed-flag
+	// Step 2.1
+	if pc.isClosed.get() {
+		return
+	}
+	// non-canon step 2.2
+	if !pc.ops.IsEmpty() {
+		pc.ops.Enqueue(pc.negotiationNeededOp)
+		return
+	}
+
+	// non-canon, run again if there was a request
+	defer func() {
+		pc.mu.Lock()
+		if pc.negotiationNeededState == negotiationNeededStateQueue {
+			defer pc.onNegotiationNeeded()
+		}
+		pc.negotiationNeededState = negotiationNeededStateEmpty
+		pc.mu.Unlock()
+	}()
+
+	// Step 2.3
+	if pc.SignalingState() != SignalingStateStable {
+		return
+	}
+
+	// Step 2.4
+	if !pc.checkNegotiationNeeded() {
+		pc.isNegotiationNeeded.set(false)
+		return
+	}
+
+	// Step 2.5
+	if pc.isNegotiationNeeded.get() {
+		return
+	}
+
+	// Step 2.6
+	pc.isNegotiationNeeded.set(true)
+
+	// Step 2.7
+	if handler, ok := pc.onNegotiationNeededHandler.Load().(func()); ok && handler != nil {
+		handler()
+	}
+}
+
+func (pc *PeerConnection) checkNegotiationNeeded() bool { //nolint:gocognit
+	// To check if negotiation is needed for connection, perform the following checks:
+	// Skip 1, 2 steps
+	// Step 3
+	pc.mu.Lock()
+	defer pc.mu.Unlock()
+
+	localDesc := pc.currentLocalDescription
+	remoteDesc := pc.currentRemoteDescription
+
+	if localDesc == nil {
+		return true
+	}
+
+	pc.sctpTransport.lock.Lock()
+	lenDataChannel := len(pc.sctpTransport.dataChannels)
+	pc.sctpTransport.lock.Unlock()
+
+	if lenDataChannel != 0 && haveDataChannel(localDesc) == nil {
+		return true
+	}
+
+	for _, t := range pc.rtpTransceivers {
+		// https://www.w3.org/TR/webrtc/#dfn-update-the-negotiation-needed-flag
+		// Step 5.1
+		// if t.stopping && !t.stopped {
+		// 	return true
+		// }
+		m := getByMid(t.Mid(), localDesc)
+		// Step 5.2
+		if !t.stopped && m == nil {
+			return true
+		}
+		if !t.stopped && m != nil {
+			// Step 5.3.1
+			if t.Direction() == RTPTransceiverDirectionSendrecv || t.Direction() == RTPTransceiverDirectionSendonly {
+				descMsid, okMsid := m.Attribute(sdp.AttrKeyMsid)
+				track := t.Sender().Track()
+				if !okMsid || descMsid != track.StreamID()+" "+track.ID() {
+					return true
+				}
+			}
+			switch localDesc.Type {
+			case SDPTypeOffer:
+				// Step 5.3.2
+				rm := getByMid(t.Mid(), remoteDesc)
+				if rm == nil {
+					return true
+				}
+
+				if getPeerDirection(m) != t.Direction() && getPeerDirection(rm) != t.Direction().Revers() {
+					return true
+				}
+			case SDPTypeAnswer:
+				// Step 5.3.3
+				if _, ok := m.Attribute(t.Direction().String()); !ok {
+					return true
+				}
+			default:
+			}
+		}
+		// Step 5.4
+		if t.stopped && t.Mid() != "" {
+			if getByMid(t.Mid(), localDesc) != nil || getByMid(t.Mid(), remoteDesc) != nil {
+				return true
+			}
+		}
+	}
+	// Step 6
+	return false
+}
+
+// OnICECandidate sets an event handler which is invoked when a new ICE
+// candidate is found.
+// Take note that the handler is gonna be called with a nil pointer when
+// gathering is finished.
+func (pc *PeerConnection) OnICECandidate(f func(*ICECandidate)) {
+	pc.iceGatherer.OnLocalCandidate(f)
+}
+
+// OnICEGatheringStateChange sets an event handler which is invoked when the
+// ICE candidate gathering state has changed.
+func (pc *PeerConnection) OnICEGatheringStateChange(f func(ICEGathererState)) {
+	pc.iceGatherer.OnStateChange(f)
+}
+
+// OnTrack sets an event handler which is called when remote track
+// arrives from a remote peer.
+func (pc *PeerConnection) OnTrack(f func(*TrackRemote, *RTPReceiver)) {
+	pc.mu.Lock()
+	defer pc.mu.Unlock()
+	pc.onTrackHandler = f
+}
+
+func (pc *PeerConnection) onTrack(t *TrackRemote, r *RTPReceiver) {
+	pc.mu.RLock()
+	handler := pc.onTrackHandler
+	pc.mu.RUnlock()
+
+	pc.log.Debugf("got new track: %+v", t)
+	if t != nil {
+		if handler != nil {
+			go handler(t, r)
+		} else {
+			pc.log.Warnf("OnTrack unset, unable to handle incoming media streams")
+		}
+	}
+}
+
+// OnICEConnectionStateChange sets an event handler which is called
+// when an ICE connection state is changed.
+func (pc *PeerConnection) OnICEConnectionStateChange(f func(ICEConnectionState)) {
+	pc.mu.Lock()
+	defer pc.mu.Unlock()
+	pc.onICEConnectionStateChangeHandler = f
+}
+
+func (pc *PeerConnection) onICEConnectionStateChange(cs ICEConnectionState) {
+	pc.mu.Lock()
+	pc.iceConnectionState = cs
+	handler := pc.onICEConnectionStateChangeHandler
+	pc.mu.Unlock()
+
+	pc.log.Infof("ICE connection state changed: %s", cs)
+	if handler != nil {
+		go handler(cs)
+	}
+}
+
+// OnConnectionStateChange sets an event handler which is called
+// when the PeerConnectionState has changed
+func (pc *PeerConnection) OnConnectionStateChange(f func(PeerConnectionState)) {
+	pc.mu.Lock()
+	defer pc.mu.Unlock()
+	pc.onConnectionStateChangeHandler = f
+}
+
+// SetConfiguration updates the configuration of this PeerConnection object.
+func (pc *PeerConnection) SetConfiguration(configuration Configuration) error { //nolint:gocognit
+	// https://www.w3.org/TR/webrtc/#dom-rtcpeerconnection-setconfiguration (step #2)
+	if pc.isClosed.get() {
+		return &rtcerr.InvalidStateError{Err: ErrConnectionClosed}
+	}
+
+	// https://www.w3.org/TR/webrtc/#set-the-configuration (step #3)
+	if configuration.PeerIdentity != "" {
+		if configuration.PeerIdentity != pc.configuration.PeerIdentity {
+			return &rtcerr.InvalidModificationError{Err: ErrModifyingPeerIdentity}
+		}
+		pc.configuration.PeerIdentity = configuration.PeerIdentity
+	}
+
+	// https://www.w3.org/TR/webrtc/#set-the-configuration (step #4)
+	if len(configuration.Certificates) > 0 {
+		if len(configuration.Certificates) != len(pc.configuration.Certificates) {
+			return &rtcerr.InvalidModificationError{Err: ErrModifyingCertificates}
+		}
+
+		for i, certificate := range configuration.Certificates {
+			if !pc.configuration.Certificates[i].Equals(certificate) {
+				return &rtcerr.InvalidModificationError{Err: ErrModifyingCertificates}
+			}
+		}
+		pc.configuration.Certificates = configuration.Certificates
+	}
+
+	// https://www.w3.org/TR/webrtc/#set-the-configuration (step #5)
+	if configuration.BundlePolicy != BundlePolicy(Unknown) {
+		if configuration.BundlePolicy != pc.configuration.BundlePolicy {
+			return &rtcerr.InvalidModificationError{Err: ErrModifyingBundlePolicy}
+		}
+		pc.configuration.BundlePolicy = configuration.BundlePolicy
+	}
+
+	// https://www.w3.org/TR/webrtc/#set-the-configuration (step #6)
+	if configuration.RTCPMuxPolicy != RTCPMuxPolicy(Unknown) {
+		if configuration.RTCPMuxPolicy != pc.configuration.RTCPMuxPolicy {
+			return &rtcerr.InvalidModificationError{Err: ErrModifyingRTCPMuxPolicy}
+		}
+		pc.configuration.RTCPMuxPolicy = configuration.RTCPMuxPolicy
+	}
+
+	// https://www.w3.org/TR/webrtc/#set-the-configuration (step #7)
+	if configuration.ICECandidatePoolSize != 0 {
+		if pc.configuration.ICECandidatePoolSize != configuration.ICECandidatePoolSize &&
+			pc.LocalDescription() != nil {
+			return &rtcerr.InvalidModificationError{Err: ErrModifyingICECandidatePoolSize}
+		}
+		pc.configuration.ICECandidatePoolSize = configuration.ICECandidatePoolSize
+	}
+
+	// https://www.w3.org/TR/webrtc/#set-the-configuration (step #8)
+	if configuration.ICETransportPolicy != ICETransportPolicy(Unknown) {
+		pc.configuration.ICETransportPolicy = configuration.ICETransportPolicy
+	}
+
+	// https://www.w3.org/TR/webrtc/#set-the-configuration (step #11)
+	if len(configuration.ICEServers) > 0 {
+		// https://www.w3.org/TR/webrtc/#set-the-configuration (step #11.3)
+		for _, server := range configuration.ICEServers {
+			if err := server.validate(); err != nil {
+				return err
+			}
+		}
+		pc.configuration.ICEServers = configuration.ICEServers
+	}
+	return nil
+}
+
+// GetConfiguration returns a Configuration object representing the current
+// configuration of this PeerConnection object. The returned object is a
+// copy and direct mutation on it will not take affect until SetConfiguration
+// has been called with Configuration passed as its only argument.
+// https://www.w3.org/TR/webrtc/#dom-rtcpeerconnection-getconfiguration
+func (pc *PeerConnection) GetConfiguration() Configuration {
+	return pc.configuration
+}
+
+func (pc *PeerConnection) getStatsID() string {
+	pc.mu.RLock()
+	defer pc.mu.RUnlock()
+	return pc.statsID
+}
+
+func (pc *PeerConnection) hasLocalDescriptionChanged(desc *SessionDescription) bool {
+	for _, t := range pc.GetTransceivers() {
+		m := getByMid(t.Mid(), desc)
+		if m == nil {
+			return true
+		}
+
+		if getPeerDirection(m) != t.Direction() {
+			return true
+		}
+	}
+
+	return false
+}
+
+// CreateOffer starts the PeerConnection and generates the localDescription
+// https://w3c.github.io/webrtc-pc/#dom-rtcpeerconnection-createoffer
+func (pc *PeerConnection) CreateOffer(options *OfferOptions) (SessionDescription, error) { //nolint:gocognit
+	useIdentity := pc.idpLoginURL != nil
+	switch {
+	case useIdentity:
+		return SessionDescription{}, errIdentityProviderNotImplemented
+	case pc.isClosed.get():
+		return SessionDescription{}, &rtcerr.InvalidStateError{Err: ErrConnectionClosed}
+	}
+
+	if options != nil && options.ICERestart {
+		if err := pc.iceTransport.restart(); err != nil {
+			return SessionDescription{}, err
+		}
+	}
+
+	var (
+		d     *sdp.SessionDescription
+		offer SessionDescription
+		err   error
+	)
+
+	// This may be necessary to recompute if, for example, createOffer was called when only an
+	// audio RTCRtpTransceiver was added to connection, but while performing the in-parallel
+	// steps to create an offer, a video RTCRtpTransceiver was added, requiring additional
+	// inspection of video system resources.
+	for {
+		// We cache current transceivers to ensure they aren't
+		// mutated during offer generation. We later check if they have
+		// been mutated and recompute the offer if necessary.
+		currentTransceivers := pc.GetTransceivers()
+
+		// in-parallel steps to create an offer
+		// https://w3c.github.io/webrtc-pc/#dfn-in-parallel-steps-to-create-an-offer
+		isPlanB := pc.configuration.SDPSemantics == SDPSemanticsPlanB
+		if pc.currentRemoteDescription != nil {
+			isPlanB = descriptionIsPlanB(pc.RemoteDescription())
+		}
+
+		// include unmatched local transceivers
+		if !isPlanB {
+			// update the greater mid if the remote description provides a greater one
+			if pc.currentRemoteDescription != nil {
+				var numericMid int
+				for _, media := range pc.currentRemoteDescription.parsed.MediaDescriptions {
+					mid := getMidValue(media)
+					if mid == "" {
+						continue
+					}
+					numericMid, err = strconv.Atoi(mid)
+					if err != nil {
+						continue
+					}
+					if numericMid > pc.greaterMid {
+						pc.greaterMid = numericMid
+					}
+				}
+			}
+			for _, t := range currentTransceivers {
+				if t.Mid() != "" {
+					continue
+				}
+				pc.greaterMid++
+				err = t.setMid(strconv.Itoa(pc.greaterMid))
+				if err != nil {
+					return SessionDescription{}, err
+				}
+			}
+		}
+
+		if pc.currentRemoteDescription == nil {
+			d, err = pc.generateUnmatchedSDP(currentTransceivers, useIdentity)
+		} else {
+			d, err = pc.generateMatchedSDP(currentTransceivers, useIdentity, true /*includeUnmatched */, connectionRoleFromDtlsRole(defaultDtlsRoleOffer))
+		}
+
+		if err != nil {
+			return SessionDescription{}, err
+		}
+
+		sdpBytes, err := d.Marshal()
+		if err != nil {
+			return SessionDescription{}, err
+		}
+
+		offer = SessionDescription{
+			Type:   SDPTypeOffer,
+			SDP:    string(sdpBytes),
+			parsed: d,
+		}
+
+		// Verify local media hasn't changed during offer
+		// generation. Recompute if necessary
+		if isPlanB || !pc.hasLocalDescriptionChanged(&offer) {
+			break
+		}
+	}
+
+	pc.lastOffer = offer.SDP
+	return offer, nil
+}
+
+func (pc *PeerConnection) createICEGatherer() (*ICEGatherer, error) {
+	g, err := pc.api.NewICEGatherer(ICEGatherOptions{
+		ICEServers:      pc.configuration.getICEServers(),
+		ICEGatherPolicy: pc.configuration.ICETransportPolicy,
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	return g, nil
+}
+
+// Update the PeerConnectionState given the state of relevant transports
+// https://www.w3.org/TR/webrtc/#rtcpeerconnectionstate-enum
+func (pc *PeerConnection) updateConnectionState(iceConnectionState ICEConnectionState, dtlsTransportState DTLSTransportState) {
+	pc.mu.Lock()
+	defer pc.mu.Unlock()
+
+	connectionState := PeerConnectionStateNew
+	switch {
+	// The RTCPeerConnection object's [[IsClosed]] slot is true.
+	case pc.isClosed.get():
+		connectionState = PeerConnectionStateClosed
+
+	// Any of the RTCIceTransports or RTCDtlsTransports are in a "failed" state.
+	case iceConnectionState == ICEConnectionStateFailed || dtlsTransportState == DTLSTransportStateFailed:
+		connectionState = PeerConnectionStateFailed
+
+	// Any of the RTCIceTransports or RTCDtlsTransports are in the "disconnected"
+	// state and none of them are in the "failed" or "connecting" or "checking" state.  */
+	case iceConnectionState == ICEConnectionStateDisconnected:
+		connectionState = PeerConnectionStateDisconnected
+
+	// All RTCIceTransports and RTCDtlsTransports are in the "connected", "completed" or "closed"
+	// state and at least one of them is in the "connected" or "completed" state.
+	case iceConnectionState == ICEConnectionStateConnected && dtlsTransportState == DTLSTransportStateConnected:
+		connectionState = PeerConnectionStateConnected
+
+	//  Any of the RTCIceTransports or RTCDtlsTransports are in the "connecting" or
+	// "checking" state and none of them is in the "failed" state.
+	case iceConnectionState == ICEConnectionStateChecking && dtlsTransportState == DTLSTransportStateConnecting:
+		connectionState = PeerConnectionStateConnecting
+	}
+
+	if pc.connectionState == connectionState {
+		return
+	}
+
+	pc.log.Infof("peer connection state changed: %s", connectionState)
+	pc.connectionState = connectionState
+	handler := pc.onConnectionStateChangeHandler
+	if handler != nil {
+		go handler(connectionState)
+	}
+}
+
+func (pc *PeerConnection) createICETransport() *ICETransport {
+	t := pc.api.NewICETransport(pc.iceGatherer)
+	t.OnConnectionStateChange(func(state ICETransportState) {
+		var cs ICEConnectionState
+		switch state {
+		case ICETransportStateNew:
+			cs = ICEConnectionStateNew
+		case ICETransportStateChecking:
+			cs = ICEConnectionStateChecking
+		case ICETransportStateConnected:
+			cs = ICEConnectionStateConnected
+		case ICETransportStateCompleted:
+			cs = ICEConnectionStateCompleted
+		case ICETransportStateFailed:
+			cs = ICEConnectionStateFailed
+		case ICETransportStateDisconnected:
+			cs = ICEConnectionStateDisconnected
+		case ICETransportStateClosed:
+			cs = ICEConnectionStateClosed
+		default:
+			pc.log.Warnf("OnConnectionStateChange: unhandled ICE state: %s", state)
+			return
+		}
+		pc.onICEConnectionStateChange(cs)
+		pc.updateConnectionState(cs, pc.dtlsTransport.State())
+	})
+
+	return t
+}
+
+// CreateAnswer starts the PeerConnection and generates the localDescription
+func (pc *PeerConnection) CreateAnswer(options *AnswerOptions) (SessionDescription, error) {
+	useIdentity := pc.idpLoginURL != nil
+	switch {
+	case pc.RemoteDescription() == nil:
+		return SessionDescription{}, &rtcerr.InvalidStateError{Err: ErrNoRemoteDescription}
+	case useIdentity:
+		return SessionDescription{}, errIdentityProviderNotImplemented
+	case pc.isClosed.get():
+		return SessionDescription{}, &rtcerr.InvalidStateError{Err: ErrConnectionClosed}
+	case pc.signalingState.Get() != SignalingStateHaveRemoteOffer && pc.signalingState.Get() != SignalingStateHaveLocalPranswer:
+		return SessionDescription{}, &rtcerr.InvalidStateError{Err: ErrIncorrectSignalingState}
+	}
+
+	connectionRole := connectionRoleFromDtlsRole(pc.api.settingEngine.answeringDTLSRole)
+	if connectionRole == sdp.ConnectionRole(0) {
+		connectionRole = connectionRoleFromDtlsRole(defaultDtlsRoleAnswer)
+	}
+
+	currentTransceivers := pc.GetTransceivers()
+	d, err := pc.generateMatchedSDP(currentTransceivers, useIdentity, false /*includeUnmatched */, connectionRole)
+	if err != nil {
+		return SessionDescription{}, err
+	}
+
+	sdpBytes, err := d.Marshal()
+	if err != nil {
+		return SessionDescription{}, err
+	}
+
+	desc := SessionDescription{
+		Type:   SDPTypeAnswer,
+		SDP:    string(sdpBytes),
+		parsed: d,
+	}
+	pc.lastAnswer = desc.SDP
+	return desc, nil
+}
+
+// 4.4.1.6 Set the SessionDescription
+func (pc *PeerConnection) setDescription(sd *SessionDescription, op stateChangeOp) error { //nolint:gocognit
+	switch {
+	case pc.isClosed.get():
+		return &rtcerr.InvalidStateError{Err: ErrConnectionClosed}
+	case NewSDPType(sd.Type.String()) == SDPType(Unknown):
+		return &rtcerr.TypeError{Err: fmt.Errorf("%w: '%d' is not a valid enum value of type SDPType", errPeerConnSDPTypeInvalidValue, sd.Type)}
+	}
+
+	nextState, err := func() (SignalingState, error) {
+		pc.mu.Lock()
+		defer pc.mu.Unlock()
+
+		cur := pc.SignalingState()
+		setLocal := stateChangeOpSetLocal
+		setRemote := stateChangeOpSetRemote
+		newSDPDoesNotMatchOffer := &rtcerr.InvalidModificationError{Err: errSDPDoesNotMatchOffer}
+		newSDPDoesNotMatchAnswer := &rtcerr.InvalidModificationError{Err: errSDPDoesNotMatchAnswer}
+
+		var nextState SignalingState
+		var err error
+		switch op {
+		case setLocal:
+			switch sd.Type {
+			// stable->SetLocal(offer)->have-local-offer
+			case SDPTypeOffer:
+				if sd.SDP != pc.lastOffer {
+					return nextState, newSDPDoesNotMatchOffer
+				}
+				nextState, err = checkNextSignalingState(cur, SignalingStateHaveLocalOffer, setLocal, sd.Type)
+				if err == nil {
+					pc.pendingLocalDescription = sd
+				}
+			// have-remote-offer->SetLocal(answer)->stable
+			// have-local-pranswer->SetLocal(answer)->stable
+			case SDPTypeAnswer:
+				if sd.SDP != pc.lastAnswer {
+					return nextState, newSDPDoesNotMatchAnswer
+				}
+				nextState, err = checkNextSignalingState(cur, SignalingStateStable, setLocal, sd.Type)
+				if err == nil {
+					pc.currentLocalDescription = sd
+					pc.currentRemoteDescription = pc.pendingRemoteDescription
+					pc.pendingRemoteDescription = nil
+					pc.pendingLocalDescription = nil
+				}
+			case SDPTypeRollback:
+				nextState, err = checkNextSignalingState(cur, SignalingStateStable, setLocal, sd.Type)
+				if err == nil {
+					pc.pendingLocalDescription = nil
+				}
+			// have-remote-offer->SetLocal(pranswer)->have-local-pranswer
+			case SDPTypePranswer:
+				if sd.SDP != pc.lastAnswer {
+					return nextState, newSDPDoesNotMatchAnswer
+				}
+				nextState, err = checkNextSignalingState(cur, SignalingStateHaveLocalPranswer, setLocal, sd.Type)
+				if err == nil {
+					pc.pendingLocalDescription = sd
+				}
+			default:
+				return nextState, &rtcerr.OperationError{Err: fmt.Errorf("%w: %s(%s)", errPeerConnStateChangeInvalid, op, sd.Type)}
+			}
+		case setRemote:
+			switch sd.Type {
+			// stable->SetRemote(offer)->have-remote-offer
+			case SDPTypeOffer:
+				nextState, err = checkNextSignalingState(cur, SignalingStateHaveRemoteOffer, setRemote, sd.Type)
+				if err == nil {
+					pc.pendingRemoteDescription = sd
+				}
+			// have-local-offer->SetRemote(answer)->stable
+			// have-remote-pranswer->SetRemote(answer)->stable
+			case SDPTypeAnswer:
+				nextState, err = checkNextSignalingState(cur, SignalingStateStable, setRemote, sd.Type)
+				if err == nil {
+					pc.currentRemoteDescription = sd
+					pc.currentLocalDescription = pc.pendingLocalDescription
+					pc.pendingRemoteDescription = nil
+					pc.pendingLocalDescription = nil
+				}
+			case SDPTypeRollback:
+				nextState, err = checkNextSignalingState(cur, SignalingStateStable, setRemote, sd.Type)
+				if err == nil {
+					pc.pendingRemoteDescription = nil
+				}
+			// have-local-offer->SetRemote(pranswer)->have-remote-pranswer
+			case SDPTypePranswer:
+				nextState, err = checkNextSignalingState(cur, SignalingStateHaveRemotePranswer, setRemote, sd.Type)
+				if err == nil {
+					pc.pendingRemoteDescription = sd
+				}
+			default:
+				return nextState, &rtcerr.OperationError{Err: fmt.Errorf("%w: %s(%s)", errPeerConnStateChangeInvalid, op, sd.Type)}
+			}
+		default:
+			return nextState, &rtcerr.OperationError{Err: fmt.Errorf("%w: %q", errPeerConnStateChangeUnhandled, op)}
+		}
+
+		return nextState, err
+	}()
+
+	if err == nil {
+		pc.signalingState.Set(nextState)
+		if pc.signalingState.Get() == SignalingStateStable {
+			pc.isNegotiationNeeded.set(false)
+			pc.onNegotiationNeeded()
+		}
+		pc.onSignalingStateChange(nextState)
+	}
+	return err
+}
+
+// SetLocalDescription sets the SessionDescription of the local peer
+func (pc *PeerConnection) SetLocalDescription(desc SessionDescription) error {
+	if pc.isClosed.get() {
+		return &rtcerr.InvalidStateError{Err: ErrConnectionClosed}
+	}
+
+	haveLocalDescription := pc.currentLocalDescription != nil
+
+	// JSEP 5.4
+	if desc.SDP == "" {
+		switch desc.Type {
+		case SDPTypeAnswer, SDPTypePranswer:
+			desc.SDP = pc.lastAnswer
+		case SDPTypeOffer:
+			desc.SDP = pc.lastOffer
+		default:
+			return &rtcerr.InvalidModificationError{
+				Err: fmt.Errorf("%w: %s", errPeerConnSDPTypeInvalidValueSetLocalDescription, desc.Type),
+			}
+		}
+	}
+
+	desc.parsed = &sdp.SessionDescription{}
+	if err := desc.parsed.Unmarshal([]byte(desc.SDP)); err != nil {
+		return err
+	}
+	if err := pc.setDescription(&desc, stateChangeOpSetLocal); err != nil {
+		return err
+	}
+
+	currentTransceivers := append([]*RTPTransceiver{}, pc.GetTransceivers()...)
+
+	weAnswer := desc.Type == SDPTypeAnswer
+	remoteDesc := pc.RemoteDescription()
+	if weAnswer && remoteDesc != nil {
+		if err := pc.startRTPSenders(currentTransceivers); err != nil {
+			return err
+		}
+		pc.ops.Enqueue(func() {
+			pc.startRTP(haveLocalDescription, remoteDesc, currentTransceivers)
+		})
+	}
+
+	if pc.iceGatherer.State() == ICEGathererStateNew {
+		return pc.iceGatherer.Gather()
+	}
+	return nil
+}
+
+// LocalDescription returns PendingLocalDescription if it is not null and
+// otherwise it returns CurrentLocalDescription. This property is used to
+// determine if SetLocalDescription has already been called.
+// https://www.w3.org/TR/webrtc/#dom-rtcpeerconnection-localdescription
+func (pc *PeerConnection) LocalDescription() *SessionDescription {
+	if pendingLocalDescription := pc.PendingLocalDescription(); pendingLocalDescription != nil {
+		return pendingLocalDescription
+	}
+	return pc.CurrentLocalDescription()
+}
+
+// SetRemoteDescription sets the SessionDescription of the remote peer
+// nolint: gocyclo
+func (pc *PeerConnection) SetRemoteDescription(desc SessionDescription) error { //nolint:gocognit
+	if pc.isClosed.get() {
+		return &rtcerr.InvalidStateError{Err: ErrConnectionClosed}
+	}
+
+	isRenegotation := pc.currentRemoteDescription != nil
+
+	if _, err := desc.Unmarshal(); err != nil {
+		return err
+	}
+	if err := pc.setDescription(&desc, stateChangeOpSetRemote); err != nil {
+		return err
+	}
+
+	if err := pc.api.mediaEngine.updateFromRemoteDescription(*desc.parsed); err != nil {
+		return err
+	}
+
+	var t *RTPTransceiver
+	localTransceivers := append([]*RTPTransceiver{}, pc.GetTransceivers()...)
+	detectedPlanB := descriptionIsPlanB(pc.RemoteDescription())
+	weOffer := desc.Type == SDPTypeAnswer
+
+	if !weOffer && !detectedPlanB {
+		for _, media := range pc.RemoteDescription().parsed.MediaDescriptions {
+			midValue := getMidValue(media)
+			if midValue == "" {
+				return errPeerConnRemoteDescriptionWithoutMidValue
+			}
+
+			if media.MediaName.Media == mediaSectionApplication {
+				continue
+			}
+
+			kind := NewRTPCodecType(media.MediaName.Media)
+			direction := getPeerDirection(media)
+			if kind == 0 || direction == RTPTransceiverDirection(Unknown) {
+				continue
+			}
+
+			t, localTransceivers = findByMid(midValue, localTransceivers)
+			if t == nil {
+				t, localTransceivers = satisfyTypeAndDirection(kind, direction, localTransceivers)
+			} else if direction == RTPTransceiverDirectionInactive {
+				if err := t.Stop(); err != nil {
+					return err
+				}
+			}
+
+			if t == nil {
+				receiver, err := pc.api.NewRTPReceiver(kind, pc.dtlsTransport)
+				if err != nil {
+					return err
+				}
+				t = pc.newRTPTransceiver(receiver, nil, RTPTransceiverDirectionRecvonly, kind)
+
+				pc.onNegotiationNeeded()
+			}
+			if t.Mid() == "" {
+				if err := t.setMid(midValue); err != nil {
+					return err
+				}
+			}
+		}
+	}
+
+	remoteUfrag, remotePwd, candidates, err := extractICEDetails(desc.parsed)
+	if err != nil {
+		return err
+	}
+
+	if isRenegotation && pc.iceTransport.haveRemoteCredentialsChange(remoteUfrag, remotePwd) {
+		// An ICE Restart only happens implicitly for a SetRemoteDescription of type offer
+		if !weOffer {
+			if err = pc.iceTransport.restart(); err != nil {
+				return err
+			}
+		}
+
+		if err = pc.iceTransport.setRemoteCredentials(remoteUfrag, remotePwd); err != nil {
+			return err
+		}
+	}
+
+	for i := range candidates {
+		if err = pc.iceTransport.AddRemoteCandidate(&candidates[i]); err != nil {
+			return err
+		}
+	}
+
+	currentTransceivers := append([]*RTPTransceiver{}, pc.GetTransceivers()...)
+
+	if isRenegotation {
+		if weOffer {
+			if err = pc.startRTPSenders(currentTransceivers); err != nil {
+				return err
+			}
+			pc.ops.Enqueue(func() {
+				pc.startRTP(true, &desc, currentTransceivers)
+			})
+		}
+		return nil
+	}
+
+	remoteIsLite := false
+	if liteValue, haveRemoteIs := desc.parsed.Attribute(sdp.AttrKeyICELite); haveRemoteIs && liteValue == sdp.AttrKeyICELite {
+		remoteIsLite = true
+	}
+
+	fingerprint, fingerprintHash, err := extractFingerprint(desc.parsed)
+	if err != nil {
+		return err
+	}
+
+	iceRole := ICERoleControlled
+	// If one of the agents is lite and the other one is not, the lite agent must be the controlling agent.
+	// If both or neither agents are lite the offering agent is controlling.
+	// RFC 8445 S6.1.1
+	if (weOffer && remoteIsLite == pc.api.settingEngine.candidates.ICELite) || (remoteIsLite && !pc.api.settingEngine.candidates.ICELite) {
+		iceRole = ICERoleControlling
+	}
+
+	// Start the networking in a new routine since it will block until
+	// the connection is actually established.
+	if weOffer {
+		if err := pc.startRTPSenders(currentTransceivers); err != nil {
+			return err
+		}
+	}
+
+	pc.ops.Enqueue(func() {
+		pc.startTransports(iceRole, dtlsRoleFromRemoteSDP(desc.parsed), remoteUfrag, remotePwd, fingerprint, fingerprintHash)
+		if weOffer {
+			pc.startRTP(false, &desc, currentTransceivers)
+		}
+	})
+	return nil
+}
+
+func (pc *PeerConnection) startReceiver(incoming trackDetails, receiver *RTPReceiver) {
+	encodings := []RTPDecodingParameters{}
+	if incoming.ssrc != 0 {
+		encodings = append(encodings, RTPDecodingParameters{RTPCodingParameters{SSRC: incoming.ssrc}})
+	}
+	for _, rid := range incoming.rids {
+		encodings = append(encodings, RTPDecodingParameters{RTPCodingParameters{RID: rid}})
+	}
+
+	if err := receiver.Receive(RTPReceiveParameters{Encodings: encodings}); err != nil {
+		pc.log.Warnf("RTPReceiver Receive failed %s", err)
+		return
+	}
+
+	// set track id and label early so they can be set as new track information
+	// is received from the SDP.
+	for i := range receiver.tracks {
+		receiver.tracks[i].track.mu.Lock()
+		receiver.tracks[i].track.id = incoming.id
+		receiver.tracks[i].track.streamID = incoming.streamID
+		receiver.tracks[i].track.mu.Unlock()
+	}
+
+	// We can't block and wait for a single SSRC
+	if incoming.ssrc == 0 {
+		return
+	}
+
+	go func() {
+		if err := receiver.Track().determinePayloadType(); err != nil {
+			pc.log.Warnf("Could not determine PayloadType for SSRC %d", receiver.Track().SSRC())
+			return
+		}
+
+		params, err := pc.api.mediaEngine.getRTPParametersByPayloadType(receiver.Track().PayloadType())
+		if err != nil {
+			pc.log.Warnf("no codec could be found for payloadType %d", receiver.Track().PayloadType())
+			return
+		}
+
+		receiver.Track().mu.Lock()
+		receiver.Track().kind = receiver.kind
+		receiver.Track().codec = params.Codecs[0]
+		receiver.Track().params = params
+		receiver.Track().mu.Unlock()
+
+		pc.onTrack(receiver.Track(), receiver)
+	}()
+}
+
+// startRTPReceivers opens knows inbound SRTP streams from the RemoteDescription
+func (pc *PeerConnection) startRTPReceivers(incomingTracks []trackDetails, currentTransceivers []*RTPTransceiver) { //nolint:gocognit
+	localTransceivers := append([]*RTPTransceiver{}, currentTransceivers...)
+
+	remoteIsPlanB := false
+	switch pc.configuration.SDPSemantics {
+	case SDPSemanticsPlanB:
+		remoteIsPlanB = true
+	case SDPSemanticsUnifiedPlanWithFallback:
+		remoteIsPlanB = descriptionIsPlanB(pc.RemoteDescription())
+	default:
+		// none
+	}
+
+	// Ensure we haven't already started a transceiver for this ssrc
+	for i := range incomingTracks {
+		if len(incomingTracks) <= i {
+			break
+		}
+		incomingTrack := incomingTracks[i]
+
+		for _, t := range localTransceivers {
+			if (t.Receiver()) == nil || t.Receiver().Track() == nil || t.Receiver().Track().ssrc != incomingTrack.ssrc {
+				continue
+			}
+
+			incomingTracks = filterTrackWithSSRC(incomingTracks, incomingTrack.ssrc)
+		}
+	}
+
+	unhandledTracks := incomingTracks[:0]
+	for i := range incomingTracks {
+		trackHandled := false
+		for j := range localTransceivers {
+			t := localTransceivers[j]
+			incomingTrack := incomingTracks[i]
+
+			if t.Mid() != incomingTrack.mid {
+				continue
+			}
+
+			if (incomingTrack.kind != t.kind) ||
+				(t.Direction() != RTPTransceiverDirectionRecvonly && t.Direction() != RTPTransceiverDirectionSendrecv) ||
+				(t.Receiver()) == nil ||
+				(t.Receiver().haveReceived()) {
+				continue
+			}
+
+			pc.startReceiver(incomingTrack, t.Receiver())
+			trackHandled = true
+			break
+		}
+
+		if !trackHandled {
+			unhandledTracks = append(unhandledTracks, incomingTracks[i])
+		}
+	}
+
+	if remoteIsPlanB {
+		for _, incoming := range unhandledTracks {
+			t, err := pc.AddTransceiverFromKind(incoming.kind, RtpTransceiverInit{
+				Direction: RTPTransceiverDirectionSendrecv,
+			})
+			if err != nil {
+				pc.log.Warnf("Could not add transceiver for remote SSRC %d: %s", incoming.ssrc, err)
+				continue
+			}
+			pc.startReceiver(incoming, t.Receiver())
+		}
+	}
+}
+
+// startRTPSenders starts all outbound RTP streams
+func (pc *PeerConnection) startRTPSenders(currentTransceivers []*RTPTransceiver) error {
+	for _, transceiver := range currentTransceivers {
+		if transceiver.Sender() != nil && transceiver.Sender().isNegotiated() && !transceiver.Sender().hasSent() {
+			err := transceiver.Sender().Send(RTPSendParameters{
+				Encodings: []RTPEncodingParameters{
+					{
+						RTPCodingParameters{
+							SSRC:        transceiver.Sender().ssrc,
+							PayloadType: transceiver.Sender().payloadType,
+						},
+					},
+				},
+			})
+			if err != nil {
+				return err
+			}
+		}
+	}
+
+	return nil
+}
+
+// Start SCTP subsystem
+func (pc *PeerConnection) startSCTP() {
+	// Start sctp
+	if err := pc.sctpTransport.Start(SCTPCapabilities{
+		MaxMessageSize: 0,
+	}); err != nil {
+		pc.log.Warnf("Failed to start SCTP: %s", err)
+		if err = pc.sctpTransport.Stop(); err != nil {
+			pc.log.Warnf("Failed to stop SCTPTransport: %s", err)
+		}
+
+		return
+	}
+
+	// DataChannels that need to be opened now that SCTP is available
+	// make a copy we may have incoming DataChannels mutating this while we open
+	pc.sctpTransport.lock.RLock()
+	dataChannels := append([]*DataChannel{}, pc.sctpTransport.dataChannels...)
+	pc.sctpTransport.lock.RUnlock()
+
+	var openedDCCount uint32
+	for _, d := range dataChannels {
+		if d.ReadyState() == DataChannelStateConnecting {
+			err := d.open(pc.sctpTransport)
+			if err != nil {
+				pc.log.Warnf("failed to open data channel: %s", err)
+				continue
+			}
+			openedDCCount++
+		}
+	}
+
+	pc.sctpTransport.lock.Lock()
+	pc.sctpTransport.dataChannelsOpened += openedDCCount
+	pc.sctpTransport.lock.Unlock()
+}
+
+func (pc *PeerConnection) handleUndeclaredSSRC(rtpStream io.Reader, ssrc SSRC) error { //nolint:gocognit
+	remoteDescription := pc.RemoteDescription()
+	if remoteDescription == nil {
+		return errPeerConnRemoteDescriptionNil
+	}
+
+	// If the remote SDP was only one media section the ssrc doesn't have to be explicitly declared
+	if len(remoteDescription.parsed.MediaDescriptions) == 1 {
+		onlyMediaSection := remoteDescription.parsed.MediaDescriptions[0]
+		for _, a := range onlyMediaSection.Attributes {
+			if a.Key == ssrcStr {
+				return errPeerConnSingleMediaSectionHasExplicitSSRC
+			}
+		}
+
+		incoming := trackDetails{
+			ssrc: ssrc,
+			kind: RTPCodecTypeVideo,
+		}
+		if onlyMediaSection.MediaName.Media == RTPCodecTypeAudio.String() {
+			incoming.kind = RTPCodecTypeAudio
+		}
+
+		t, err := pc.AddTransceiverFromKind(incoming.kind, RtpTransceiverInit{
+			Direction: RTPTransceiverDirectionSendrecv,
+		})
+		if err != nil {
+			return fmt.Errorf("%w: %d: %s", errPeerConnRemoteSSRCAddTransceiver, ssrc, err)
+		}
+		pc.startReceiver(incoming, t.Receiver())
+		return nil
+	}
+
+	midExtensionID, audioSupported, videoSupported := pc.api.mediaEngine.getHeaderExtensionID(RTPHeaderExtensionCapability{sdp.SDESMidURI})
+	if !audioSupported && !videoSupported {
+		return errPeerConnSimulcastMidRTPExtensionRequired
+	}
+
+	streamIDExtensionID, audioSupported, videoSupported := pc.api.mediaEngine.getHeaderExtensionID(RTPHeaderExtensionCapability{sdp.SDESRTPStreamIDURI})
+	if !audioSupported && !videoSupported {
+		return errPeerConnSimulcastStreamIDRTPExtensionRequired
+	}
+
+	b := make([]byte, receiveMTU)
+	var mid, rid string
+	for readCount := 0; readCount <= simulcastProbeCount; readCount++ {
+		i, err := rtpStream.Read(b)
+		if err != nil {
+			return err
+		}
+
+		maybeMid, maybeRid, payloadType, err := handleUnknownRTPPacket(b[:i], uint8(midExtensionID), uint8(streamIDExtensionID))
+		if err != nil {
+			return err
+		}
+
+		if maybeMid != "" {
+			mid = maybeMid
+		}
+		if maybeRid != "" {
+			rid = maybeRid
+		}
+
+		if mid == "" || rid == "" {
+			continue
+		}
+
+		params, err := pc.api.mediaEngine.getRTPParametersByPayloadType(payloadType)
+		if err != nil {
+			return err
+		}
+
+		for _, t := range pc.GetTransceivers() {
+			if t.Mid() != mid || t.Receiver() == nil {
+				continue
+			}
+
+			track, err := t.Receiver().receiveForRid(rid, params, ssrc)
+			if err != nil {
+				return err
+			}
+			pc.onTrack(track, t.Receiver())
+			return nil
+		}
+	}
+
+	return errPeerConnSimulcastIncomingSSRCFailed
+}
+
+// undeclaredMediaProcessor handles RTP/RTCP packets that don't match any a:ssrc lines
+func (pc *PeerConnection) undeclaredMediaProcessor() {
+	go func() {
+		var simulcastRoutineCount uint64
+		for {
+			srtpSession, err := pc.dtlsTransport.getSRTPSession()
+			if err != nil {
+				pc.log.Warnf("undeclaredMediaProcessor failed to open SrtpSession: %v", err)
+				return
+			}
+
+			stream, ssrc, err := srtpSession.AcceptStream()
+			if err != nil {
+				pc.log.Warnf("Failed to accept RTP %v", err)
+				return
+			}
+
+			if pc.isClosed.get() {
+				if err = stream.Close(); err != nil {
+					pc.log.Warnf("Failed to close RTP stream %v", err)
+				}
+				continue
+			}
+
+			if atomic.AddUint64(&simulcastRoutineCount, 1) >= simulcastMaxProbeRoutines {
+				atomic.AddUint64(&simulcastRoutineCount, ^uint64(0))
+				pc.log.Warn(ErrSimulcastProbeOverflow.Error())
+				continue
+			}
+
+			go func(rtpStream io.Reader, ssrc SSRC) {
+				pc.dtlsTransport.storeSimulcastStream(stream)
+
+				if err := pc.handleUndeclaredSSRC(rtpStream, ssrc); err != nil {
+					pc.log.Errorf("Incoming unhandled RTP ssrc(%d), OnTrack will not be fired. %v", ssrc, err)
+				}
+				atomic.AddUint64(&simulcastRoutineCount, ^uint64(0))
+			}(stream, SSRC(ssrc))
+		}
+	}()
+
+	go func() {
+		for {
+			srtcpSession, err := pc.dtlsTransport.getSRTCPSession()
+			if err != nil {
+				pc.log.Warnf("undeclaredMediaProcessor failed to open SrtcpSession: %v", err)
+				return
+			}
+
+			_, ssrc, err := srtcpSession.AcceptStream()
+			if err != nil {
+				pc.log.Warnf("Failed to accept RTCP %v", err)
+				return
+			}
+			pc.log.Warnf("Incoming unhandled RTCP ssrc(%d), OnTrack will not be fired", ssrc)
+		}
+	}()
+}
+
+// RemoteDescription returns pendingRemoteDescription if it is not null and
+// otherwise it returns currentRemoteDescription. This property is used to
+// determine if setRemoteDescription has already been called.
+// https://www.w3.org/TR/webrtc/#dom-rtcpeerconnection-remotedescription
+func (pc *PeerConnection) RemoteDescription() *SessionDescription {
+	pc.mu.RLock()
+	defer pc.mu.RUnlock()
+
+	if pc.pendingRemoteDescription != nil {
+		return pc.pendingRemoteDescription
+	}
+	return pc.currentRemoteDescription
+}
+
+// AddICECandidate accepts an ICE candidate string and adds it
+// to the existing set of candidates.
+func (pc *PeerConnection) AddICECandidate(candidate ICECandidateInit) error {
+	if pc.RemoteDescription() == nil {
+		return &rtcerr.InvalidStateError{Err: ErrNoRemoteDescription}
+	}
+
+	candidateValue := strings.TrimPrefix(candidate.Candidate, "candidate:")
+
+	var iceCandidate *ICECandidate
+	if candidateValue != "" {
+		candidate, err := ice.UnmarshalCandidate(candidateValue)
+		if err != nil {
+			return err
+		}
+
+		c, err := newICECandidateFromICE(candidate)
+		if err != nil {
+			return err
+		}
+		iceCandidate = &c
+	}
+
+	return pc.iceTransport.AddRemoteCandidate(iceCandidate)
+}
+
+// ICEConnectionState returns the ICE connection state of the
+// PeerConnection instance.
+func (pc *PeerConnection) ICEConnectionState() ICEConnectionState {
+	pc.mu.RLock()
+	defer pc.mu.RUnlock()
+
+	return pc.iceConnectionState
+}
+
+// GetSenders returns the RTPSender that are currently attached to this PeerConnection
+func (pc *PeerConnection) GetSenders() []*RTPSender {
+	pc.mu.Lock()
+	defer pc.mu.Unlock()
+
+	result := []*RTPSender{}
+	for _, transceiver := range pc.rtpTransceivers {
+		if transceiver.Sender() != nil {
+			result = append(result, transceiver.Sender())
+		}
+	}
+	return result
+}
+
+// GetReceivers returns the RTPReceivers that are currently attached to this PeerConnection
+func (pc *PeerConnection) GetReceivers() (receivers []*RTPReceiver) {
+	pc.mu.Lock()
+	defer pc.mu.Unlock()
+
+	for _, transceiver := range pc.rtpTransceivers {
+		if transceiver.Receiver() != nil {
+			receivers = append(receivers, transceiver.Receiver())
+		}
+	}
+	return
+}
+
+// GetTransceivers returns the RtpTransceiver that are currently attached to this PeerConnection
+func (pc *PeerConnection) GetTransceivers() []*RTPTransceiver {
+	pc.mu.Lock()
+	defer pc.mu.Unlock()
+
+	return pc.rtpTransceivers
+}
+
+// AddTrack adds a Track to the PeerConnection
+func (pc *PeerConnection) AddTrack(track TrackLocal) (*RTPSender, error) {
+	if pc.isClosed.get() {
+		return nil, &rtcerr.InvalidStateError{Err: ErrConnectionClosed}
+	}
+
+	var transceiver *RTPTransceiver
+	for _, t := range pc.GetTransceivers() {
+		if !t.stopped && t.kind == track.Kind() && t.Sender() == nil {
+			transceiver = t
+			break
+		}
+	}
+	if transceiver != nil {
+		sender, err := pc.api.NewRTPSender(track, pc.dtlsTransport)
+		if err != nil {
+			return nil, err
+		}
+		transceiver.setSender(sender)
+		// we still need to call setSendingTrack to ensure direction has changed
+		if err := transceiver.setSendingTrack(track); err != nil {
+			return nil, err
+		}
+		pc.onNegotiationNeeded()
+
+		return sender, nil
+	}
+
+	transceiver, err := pc.AddTransceiverFromTrack(track)
+	if err != nil {
+		return nil, err
+	}
+
+	return transceiver.Sender(), nil
+}
+
+// RemoveTrack removes a Track from the PeerConnection
+func (pc *PeerConnection) RemoveTrack(sender *RTPSender) error {
+	if pc.isClosed.get() {
+		return &rtcerr.InvalidStateError{Err: ErrConnectionClosed}
+	}
+
+	var transceiver *RTPTransceiver
+	for _, t := range pc.GetTransceivers() {
+		if t.Sender() == sender {
+			transceiver = t
+			break
+		}
+	}
+
+	if transceiver == nil {
+		return &rtcerr.InvalidAccessError{Err: ErrSenderNotCreatedByConnection}
+	} else if err := sender.Stop(); err != nil {
+		return err
+	}
+
+	if err := transceiver.setSendingTrack(nil); err != nil {
+		return err
+	}
+
+	pc.onNegotiationNeeded()
+
+	return nil
+}
+
+// AddTransceiverFromKind Create a new RtpTransceiver(SendRecv or RecvOnly) and add it to the set of transceivers.
+func (pc *PeerConnection) AddTransceiverFromKind(kind RTPCodecType, init ...RtpTransceiverInit) (*RTPTransceiver, error) {
+	if pc.isClosed.get() {
+		return nil, &rtcerr.InvalidStateError{Err: ErrConnectionClosed}
+	}
+
+	direction := RTPTransceiverDirectionSendrecv
+	if len(init) > 1 {
+		return nil, errPeerConnAddTransceiverFromKindOnlyAcceptsOne
+	} else if len(init) == 1 {
+		direction = init[0].Direction
+	}
+
+	switch direction {
+	case RTPTransceiverDirectionSendrecv:
+		codecs := pc.api.mediaEngine.getCodecsByKind(kind)
+		if len(codecs) == 0 {
+			return nil, ErrNoCodecsAvailable
+		}
+
+		track, err := NewTrackLocalStaticSample(codecs[0].RTPCodecCapability, util.MathRandAlpha(16), util.MathRandAlpha(16))
+		if err != nil {
+			return nil, err
+		}
+
+		return pc.AddTransceiverFromTrack(track, init...)
+	case RTPTransceiverDirectionRecvonly:
+		receiver, err := pc.api.NewRTPReceiver(kind, pc.dtlsTransport)
+		if err != nil {
+			return nil, err
+		}
+
+		t := pc.newRTPTransceiver(
+			receiver,
+			nil,
+			RTPTransceiverDirectionRecvonly,
+			kind,
+		)
+
+		pc.onNegotiationNeeded()
+
+		return t, nil
+	default:
+		return nil, errPeerConnAddTransceiverFromKindSupport
+	}
+}
+
+// AddTransceiverFromTrack Create a new RtpTransceiver(SendRecv or SendOnly) and add it to the set of transceivers.
+func (pc *PeerConnection) AddTransceiverFromTrack(track TrackLocal, init ...RtpTransceiverInit) (*RTPTransceiver, error) {
+	if pc.isClosed.get() {
+		return nil, &rtcerr.InvalidStateError{Err: ErrConnectionClosed}
+	}
+
+	direction := RTPTransceiverDirectionSendrecv
+	if len(init) > 1 {
+		return nil, errPeerConnAddTransceiverFromTrackOnlyAcceptsOne
+	} else if len(init) == 1 {
+		direction = init[0].Direction
+	}
+
+	switch direction {
+	case RTPTransceiverDirectionSendrecv:
+		receiver, err := pc.api.NewRTPReceiver(track.Kind(), pc.dtlsTransport)
+		if err != nil {
+			return nil, err
+		}
+
+		sender, err := pc.api.NewRTPSender(track, pc.dtlsTransport)
+		if err != nil {
+			return nil, err
+		}
+
+		t := pc.newRTPTransceiver(
+			receiver,
+			sender,
+			RTPTransceiverDirectionSendrecv,
+			track.Kind(),
+		)
+
+		pc.onNegotiationNeeded()
+
+		return t, nil
+
+	case RTPTransceiverDirectionSendonly:
+		sender, err := pc.api.NewRTPSender(track, pc.dtlsTransport)
+		if err != nil {
+			return nil, err
+		}
+
+		t := pc.newRTPTransceiver(
+			nil,
+			sender,
+			RTPTransceiverDirectionSendonly,
+			track.Kind(),
+		)
+
+		pc.onNegotiationNeeded()
+
+		return t, nil
+	default:
+		return nil, errPeerConnAddTransceiverFromTrackSupport
+	}
+}
+
+// CreateDataChannel creates a new DataChannel object with the given label
+// and optional DataChannelInit used to configure properties of the
+// underlying channel such as data reliability.
+func (pc *PeerConnection) CreateDataChannel(label string, options *DataChannelInit) (*DataChannel, error) {
+	// https://w3c.github.io/webrtc-pc/#peer-to-peer-data-api (Step #2)
+	if pc.isClosed.get() {
+		return nil, &rtcerr.InvalidStateError{Err: ErrConnectionClosed}
+	}
+
+	params := &DataChannelParameters{
+		Label:   label,
+		Ordered: true,
+	}
+
+	// https://w3c.github.io/webrtc-pc/#peer-to-peer-data-api (Step #19)
+	if options != nil {
+		params.ID = options.ID
+	}
+
+	if options != nil {
+		// Ordered indicates if data is allowed to be delivered out of order. The
+		// default value of true, guarantees that data will be delivered in order.
+		// https://w3c.github.io/webrtc-pc/#peer-to-peer-data-api (Step #9)
+		if options.Ordered != nil {
+			params.Ordered = *options.Ordered
+		}
+
+		// https://w3c.github.io/webrtc-pc/#peer-to-peer-data-api (Step #7)
+		if options.MaxPacketLifeTime != nil {
+			params.MaxPacketLifeTime = options.MaxPacketLifeTime
+		}
+
+		// https://w3c.github.io/webrtc-pc/#peer-to-peer-data-api (Step #8)
+		if options.MaxRetransmits != nil {
+			params.MaxRetransmits = options.MaxRetransmits
+		}
+
+		// https://w3c.github.io/webrtc-pc/#peer-to-peer-data-api (Step #10)
+		if options.Protocol != nil {
+			params.Protocol = *options.Protocol
+		}
+
+		// https://w3c.github.io/webrtc-pc/#peer-to-peer-data-api (Step #11)
+		if len(params.Protocol) > 65535 {
+			return nil, &rtcerr.TypeError{Err: ErrProtocolTooLarge}
+		}
+
+		// https://w3c.github.io/webrtc-pc/#peer-to-peer-data-api (Step #12)
+		if options.Negotiated != nil {
+			params.Negotiated = *options.Negotiated
+		}
+	}
+
+	d, err := pc.api.newDataChannel(params, pc.log)
+	if err != nil {
+		return nil, err
+	}
+
+	// https://w3c.github.io/webrtc-pc/#peer-to-peer-data-api (Step #16)
+	if d.maxPacketLifeTime != nil && d.maxRetransmits != nil {
+		return nil, &rtcerr.TypeError{Err: ErrRetransmitsOrPacketLifeTime}
+	}
+
+	pc.sctpTransport.lock.Lock()
+	pc.sctpTransport.dataChannels = append(pc.sctpTransport.dataChannels, d)
+	pc.sctpTransport.dataChannelsRequested++
+	pc.sctpTransport.lock.Unlock()
+
+	// If SCTP already connected open all the channels
+	if pc.sctpTransport.State() == SCTPTransportStateConnected {
+		if err = d.open(pc.sctpTransport); err != nil {
+			return nil, err
+		}
+	}
+
+	pc.onNegotiationNeeded()
+
+	return d, nil
+}
+
+// SetIdentityProvider is used to configure an identity provider to generate identity assertions
+func (pc *PeerConnection) SetIdentityProvider(provider string) error {
+	return errPeerConnSetIdentityProviderNotImplemented
+}
+
+// WriteRTCP sends a user provided RTCP packet to the connected peer. If no peer is connected the
+// packet is discarded. It also runs any configured interceptors.
+func (pc *PeerConnection) WriteRTCP(pkts []rtcp.Packet) error {
+	_, err := pc.interceptorRTCPWriter.Write(pkts, make(interceptor.Attributes))
+	return err
+}
+
+func (pc *PeerConnection) writeRTCP(pkts []rtcp.Packet, _ interceptor.Attributes) (int, error) {
+	raw, err := rtcp.Marshal(pkts)
+	if err != nil {
+		return 0, err
+	}
+
+	srtcpSession, err := pc.dtlsTransport.getSRTCPSession()
+	if err != nil {
+		return 0, nil
+	}
+
+	writeStream, err := srtcpSession.OpenWriteStream()
+	if err != nil {
+		return 0, fmt.Errorf("%w: %v", errPeerConnWriteRTCPOpenWriteStream, err)
+	}
+
+	if n, err := writeStream.Write(raw); err != nil {
+		return n, err
+	}
+	return 0, nil
+}
+
+// Close ends the PeerConnection
+func (pc *PeerConnection) Close() error {
+	// https://www.w3.org/TR/webrtc/#dom-rtcpeerconnection-close (step #1)
+	if pc.isClosed.get() {
+		return nil
+	}
+
+	// https://www.w3.org/TR/webrtc/#dom-rtcpeerconnection-close (step #2)
+	pc.isClosed.set(true)
+
+	// https://www.w3.org/TR/webrtc/#dom-rtcpeerconnection-close (step #3)
+	pc.signalingState.Set(SignalingStateClosed)
+
+	// Try closing everything and collect the errors
+	// Shutdown strategy:
+	// 1. All Conn close by closing their underlying Conn.
+	// 2. A Mux stops this chain. It won't close the underlying
+	//    Conn if one of the endpoints is closed down. To
+	//    continue the chain the Mux has to be closed.
+	closeErrs := make([]error, 4)
+
+	closeErrs = append(closeErrs, pc.api.interceptor.Close())
+
+	// https://www.w3.org/TR/webrtc/#dom-rtcpeerconnection-close (step #4)
+	for _, t := range pc.GetTransceivers() {
+		if !t.stopped {
+			closeErrs = append(closeErrs, t.Stop())
+		}
+	}
+
+	// https://www.w3.org/TR/webrtc/#dom-rtcpeerconnection-close (step #5)
+	pc.sctpTransport.lock.Lock()
+	for _, d := range pc.sctpTransport.dataChannels {
+		d.setReadyState(DataChannelStateClosed)
+	}
+	pc.sctpTransport.lock.Unlock()
+
+	// https://www.w3.org/TR/webrtc/#dom-rtcpeerconnection-close (step #6)
+	if pc.sctpTransport != nil {
+		closeErrs = append(closeErrs, pc.sctpTransport.Stop())
+	}
+
+	// https://www.w3.org/TR/webrtc/#dom-rtcpeerconnection-close (step #7)
+	closeErrs = append(closeErrs, pc.dtlsTransport.Stop())
+
+	// https://www.w3.org/TR/webrtc/#dom-rtcpeerconnection-close (step #8, #9, #10)
+	if pc.iceTransport != nil {
+		closeErrs = append(closeErrs, pc.iceTransport.Stop())
+	}
+
+	// https://www.w3.org/TR/webrtc/#dom-rtcpeerconnection-close (step #11)
+	pc.updateConnectionState(pc.ICEConnectionState(), pc.dtlsTransport.State())
+
+	return util.FlattenErrs(closeErrs)
+}
+
+func (pc *PeerConnection) newRTPTransceiver(
+	receiver *RTPReceiver,
+	sender *RTPSender,
+	direction RTPTransceiverDirection,
+	kind RTPCodecType,
+) *RTPTransceiver {
+	t := &RTPTransceiver{kind: kind}
+	t.setReceiver(receiver)
+	t.setSender(sender)
+	t.setDirection(direction)
+
+	pc.mu.Lock()
+	pc.rtpTransceivers = append(pc.rtpTransceivers, t)
+	pc.mu.Unlock()
+
+	return t
+}
+
+// CurrentLocalDescription represents the local description that was
+// successfully negotiated the last time the PeerConnection transitioned
+// into the stable state plus any local candidates that have been generated
+// by the ICEAgent since the offer or answer was created.
+func (pc *PeerConnection) CurrentLocalDescription() *SessionDescription {
+	pc.mu.Lock()
+	defer pc.mu.Unlock()
+	return populateLocalCandidates(pc.currentLocalDescription, pc.iceGatherer, pc.ICEGatheringState())
+}
+
+// PendingLocalDescription represents a local description that is in the
+// process of being negotiated plus any local candidates that have been
+// generated by the ICEAgent since the offer or answer was created. If the
+// PeerConnection is in the stable state, the value is null.
+func (pc *PeerConnection) PendingLocalDescription() *SessionDescription {
+	pc.mu.Lock()
+	defer pc.mu.Unlock()
+	return populateLocalCandidates(pc.pendingLocalDescription, pc.iceGatherer, pc.ICEGatheringState())
+}
+
+// CurrentRemoteDescription represents the last remote description that was
+// successfully negotiated the last time the PeerConnection transitioned
+// into the stable state plus any remote candidates that have been supplied
+// via AddICECandidate() since the offer or answer was created.
+func (pc *PeerConnection) CurrentRemoteDescription() *SessionDescription {
+	return pc.currentRemoteDescription
+}
+
+// PendingRemoteDescription represents a remote description that is in the
+// process of being negotiated, complete with any remote candidates that
+// have been supplied via AddICECandidate() since the offer or answer was
+// created. If the PeerConnection is in the stable state, the value is
+// null.
+func (pc *PeerConnection) PendingRemoteDescription() *SessionDescription {
+	return pc.pendingRemoteDescription
+}
+
+// SignalingState attribute returns the signaling state of the
+// PeerConnection instance.
+func (pc *PeerConnection) SignalingState() SignalingState {
+	return pc.signalingState.Get()
+}
+
+// ICEGatheringState attribute returns the ICE gathering state of the
+// PeerConnection instance.
+func (pc *PeerConnection) ICEGatheringState() ICEGatheringState {
+	if pc.iceGatherer == nil {
+		return ICEGatheringStateNew
+	}
+
+	switch pc.iceGatherer.State() {
+	case ICEGathererStateNew:
+		return ICEGatheringStateNew
+	case ICEGathererStateGathering:
+		return ICEGatheringStateGathering
+	default:
+		return ICEGatheringStateComplete
+	}
+}
+
+// ConnectionState attribute returns the connection state of the
+// PeerConnection instance.
+func (pc *PeerConnection) ConnectionState() PeerConnectionState {
+	pc.mu.Lock()
+	defer pc.mu.Unlock()
+
+	return pc.connectionState
+}
+
+// GetStats return data providing statistics about the overall connection
+func (pc *PeerConnection) GetStats() StatsReport {
+	var (
+		dataChannelsAccepted  uint32
+		dataChannelsClosed    uint32
+		dataChannelsOpened    uint32
+		dataChannelsRequested uint32
+	)
+	statsCollector := newStatsReportCollector()
+	statsCollector.Collecting()
+
+	pc.mu.Lock()
+	if pc.iceGatherer != nil {
+		pc.iceGatherer.collectStats(statsCollector)
+	}
+	if pc.iceTransport != nil {
+		pc.iceTransport.collectStats(statsCollector)
+	}
+
+	pc.sctpTransport.lock.Lock()
+	dataChannels := append([]*DataChannel{}, pc.sctpTransport.dataChannels...)
+	dataChannelsAccepted = pc.sctpTransport.dataChannelsAccepted
+	dataChannelsOpened = pc.sctpTransport.dataChannelsOpened
+	dataChannelsRequested = pc.sctpTransport.dataChannelsRequested
+	pc.sctpTransport.lock.Unlock()
+
+	for _, d := range dataChannels {
+		state := d.ReadyState()
+		if state != DataChannelStateConnecting && state != DataChannelStateOpen {
+			dataChannelsClosed++
+		}
+
+		d.collectStats(statsCollector)
+	}
+	pc.sctpTransport.collectStats(statsCollector)
+
+	stats := PeerConnectionStats{
+		Timestamp:             statsTimestampNow(),
+		Type:                  StatsTypePeerConnection,
+		ID:                    pc.statsID,
+		DataChannelsAccepted:  dataChannelsAccepted,
+		DataChannelsClosed:    dataChannelsClosed,
+		DataChannelsOpened:    dataChannelsOpened,
+		DataChannelsRequested: dataChannelsRequested,
+	}
+
+	statsCollector.Collect(stats.ID, stats)
+
+	certificates := pc.configuration.Certificates
+	for _, certificate := range certificates {
+		if err := certificate.collectStats(statsCollector); err != nil {
+			continue
+		}
+	}
+	pc.mu.Unlock()
+
+	pc.api.mediaEngine.collectStats(statsCollector)
+
+	return statsCollector.Ready()
+}
+
+// Start all transports. PeerConnection now has enough state
+func (pc *PeerConnection) startTransports(iceRole ICERole, dtlsRole DTLSRole, remoteUfrag, remotePwd, fingerprint, fingerprintHash string) {
+	// Start the ice transport
+	err := pc.iceTransport.Start(
+		pc.iceGatherer,
+		ICEParameters{
+			UsernameFragment: remoteUfrag,
+			Password:         remotePwd,
+			ICELite:          false,
+		},
+		&iceRole,
+	)
+	if err != nil {
+		pc.log.Warnf("Failed to start manager: %s", err)
+		return
+	}
+
+	// Start the dtls transport
+	err = pc.dtlsTransport.Start(DTLSParameters{
+		Role:         dtlsRole,
+		Fingerprints: []DTLSFingerprint{{Algorithm: fingerprintHash, Value: fingerprint}},
+	})
+	pc.updateConnectionState(pc.ICEConnectionState(), pc.dtlsTransport.State())
+	if err != nil {
+		pc.log.Warnf("Failed to start manager: %s", err)
+		return
+	}
+}
+
+func (pc *PeerConnection) startRTP(isRenegotiation bool, remoteDesc *SessionDescription, currentTransceivers []*RTPTransceiver) {
+	trackDetails := trackDetailsFromSDP(pc.log, remoteDesc.parsed)
+	if isRenegotiation {
+		for _, t := range currentTransceivers {
+			if t.Receiver() == nil || t.Receiver().Track() == nil {
+				continue
+			}
+
+			t.Receiver().Track().mu.Lock()
+			ssrc := t.Receiver().Track().ssrc
+
+			if details := trackDetailsForSSRC(trackDetails, ssrc); details != nil {
+				t.Receiver().Track().id = details.id
+				t.Receiver().Track().streamID = details.streamID
+				t.Receiver().Track().mu.Unlock()
+				continue
+			}
+
+			t.Receiver().Track().mu.Unlock()
+
+			if err := t.Receiver().Stop(); err != nil {
+				pc.log.Warnf("Failed to stop RtpReceiver: %s", err)
+				continue
+			}
+
+			receiver, err := pc.api.NewRTPReceiver(t.Receiver().kind, pc.dtlsTransport)
+			if err != nil {
+				pc.log.Warnf("Failed to create new RtpReceiver: %s", err)
+				continue
+			}
+			t.setReceiver(receiver)
+		}
+	}
+
+	pc.startRTPReceivers(trackDetails, currentTransceivers)
+	if haveApplicationMediaSection(remoteDesc.parsed) {
+		pc.startSCTP()
+	}
+
+	if !isRenegotiation {
+		pc.undeclaredMediaProcessor()
+	}
+}
+
+// generateUnmatchedSDP generates an SDP that doesn't take remote state into account
+// This is used for the initial call for CreateOffer
+func (pc *PeerConnection) generateUnmatchedSDP(transceivers []*RTPTransceiver, useIdentity bool) (*sdp.SessionDescription, error) {
+	d, err := sdp.NewJSEPSessionDescription(useIdentity)
+	if err != nil {
+		return nil, err
+	}
+
+	iceParams, err := pc.iceGatherer.GetLocalParameters()
+	if err != nil {
+		return nil, err
+	}
+
+	candidates, err := pc.iceGatherer.GetLocalCandidates()
+	if err != nil {
+		return nil, err
+	}
+
+	isPlanB := pc.configuration.SDPSemantics == SDPSemanticsPlanB
+	mediaSections := []mediaSection{}
+
+	// Needed for pc.sctpTransport.dataChannelsRequested
+	pc.sctpTransport.lock.Lock()
+	defer pc.sctpTransport.lock.Unlock()
+
+	if isPlanB {
+		video := make([]*RTPTransceiver, 0)
+		audio := make([]*RTPTransceiver, 0)
+
+		for _, t := range transceivers {
+			if t.kind == RTPCodecTypeVideo {
+				video = append(video, t)
+			} else if t.kind == RTPCodecTypeAudio {
+				audio = append(audio, t)
+			}
+			if t.Sender() != nil {
+				t.Sender().setNegotiated()
+			}
+		}
+
+		if len(video) > 0 {
+			mediaSections = append(mediaSections, mediaSection{id: "video", transceivers: video})
+		}
+		if len(audio) > 0 {
+			mediaSections = append(mediaSections, mediaSection{id: "audio", transceivers: audio})
+		}
+
+		if pc.sctpTransport.dataChannelsRequested != 0 {
+			mediaSections = append(mediaSections, mediaSection{id: "data", data: true})
+		}
+	} else {
+		for _, t := range transceivers {
+			if t.Sender() != nil {
+				t.Sender().setNegotiated()
+			}
+			mediaSections = append(mediaSections, mediaSection{id: t.Mid(), transceivers: []*RTPTransceiver{t}})
+		}
+
+		if pc.sctpTransport.dataChannelsRequested != 0 {
+			mediaSections = append(mediaSections, mediaSection{id: strconv.Itoa(len(mediaSections)), data: true})
+		}
+	}
+
+	dtlsFingerprints, err := pc.configuration.Certificates[0].GetFingerprints()
+	if err != nil {
+		return nil, err
+	}
+
+	return populateSDP(d, isPlanB, dtlsFingerprints, pc.api.settingEngine.sdpMediaLevelFingerprints, pc.api.settingEngine.candidates.ICELite, pc.api.mediaEngine, connectionRoleFromDtlsRole(defaultDtlsRoleOffer), candidates, iceParams, mediaSections, pc.ICEGatheringState())
+}
+
+// generateMatchedSDP generates a SDP and takes the remote state into account
+// this is used everytime we have a RemoteDescription
+// nolint: gocyclo
+func (pc *PeerConnection) generateMatchedSDP(transceivers []*RTPTransceiver, useIdentity bool, includeUnmatched bool, connectionRole sdp.ConnectionRole) (*sdp.SessionDescription, error) { //nolint:gocognit
+	d, err := sdp.NewJSEPSessionDescription(useIdentity)
+	if err != nil {
+		return nil, err
+	}
+
+	iceParams, err := pc.iceGatherer.GetLocalParameters()
+	if err != nil {
+		return nil, err
+	}
+
+	candidates, err := pc.iceGatherer.GetLocalCandidates()
+	if err != nil {
+		return nil, err
+	}
+
+	var t *RTPTransceiver
+	localTransceivers := append([]*RTPTransceiver{}, transceivers...)
+	detectedPlanB := descriptionIsPlanB(pc.RemoteDescription())
+	mediaSections := []mediaSection{}
+	alreadyHaveApplicationMediaSection := false
+
+	for _, media := range pc.RemoteDescription().parsed.MediaDescriptions {
+		midValue := getMidValue(media)
+		if midValue == "" {
+			return nil, errPeerConnRemoteDescriptionWithoutMidValue
+		}
+
+		if media.MediaName.Media == mediaSectionApplication {
+			mediaSections = append(mediaSections, mediaSection{id: midValue, data: true})
+			alreadyHaveApplicationMediaSection = true
+			continue
+		}
+
+		kind := NewRTPCodecType(media.MediaName.Media)
+		direction := getPeerDirection(media)
+		if kind == 0 || direction == RTPTransceiverDirection(Unknown) {
+			continue
+		}
+
+		sdpSemantics := pc.configuration.SDPSemantics
+
+		switch {
+		case sdpSemantics == SDPSemanticsPlanB || sdpSemantics == SDPSemanticsUnifiedPlanWithFallback && detectedPlanB:
+			if !detectedPlanB {
+				return nil, &rtcerr.TypeError{Err: ErrIncorrectSDPSemantics}
+			}
+			// If we're responding to a plan-b offer, then we should try to fill up this
+			// media entry with all matching local transceivers
+			mediaTransceivers := []*RTPTransceiver{}
+			for {
+				// keep going until we can't get any more
+				t, localTransceivers = satisfyTypeAndDirection(kind, direction, localTransceivers)
+				if t == nil {
+					if len(mediaTransceivers) == 0 {
+						t = &RTPTransceiver{kind: kind}
+						t.setDirection(RTPTransceiverDirectionInactive)
+						mediaTransceivers = append(mediaTransceivers, t)
+					}
+					break
+				}
+				if t.Sender() != nil {
+					t.Sender().setNegotiated()
+				}
+				mediaTransceivers = append(mediaTransceivers, t)
+			}
+			mediaSections = append(mediaSections, mediaSection{id: midValue, transceivers: mediaTransceivers})
+		case sdpSemantics == SDPSemanticsUnifiedPlan || sdpSemantics == SDPSemanticsUnifiedPlanWithFallback:
+			if detectedPlanB {
+				return nil, &rtcerr.TypeError{Err: ErrIncorrectSDPSemantics}
+			}
+			t, localTransceivers = findByMid(midValue, localTransceivers)
+			if t == nil {
+				return nil, fmt.Errorf("%w: %q", errPeerConnTranscieverMidNil, midValue)
+			}
+			if t.Sender() != nil {
+				t.Sender().setNegotiated()
+			}
+			mediaTransceivers := []*RTPTransceiver{t}
+			mediaSections = append(mediaSections, mediaSection{id: midValue, transceivers: mediaTransceivers, ridMap: getRids(media)})
+		}
+	}
+
+	// If we are offering also include unmatched local transceivers
+	if includeUnmatched {
+		if !detectedPlanB {
+			for _, t := range localTransceivers {
+				if t.Sender() != nil {
+					t.Sender().setNegotiated()
+				}
+				mediaSections = append(mediaSections, mediaSection{id: t.Mid(), transceivers: []*RTPTransceiver{t}})
+			}
+		}
+
+		if pc.sctpTransport.dataChannelsRequested != 0 && !alreadyHaveApplicationMediaSection {
+			if detectedPlanB {
+				mediaSections = append(mediaSections, mediaSection{id: "data", data: true})
+			} else {
+				mediaSections = append(mediaSections, mediaSection{id: strconv.Itoa(len(mediaSections)), data: true})
+			}
+		}
+	}
+
+	if pc.configuration.SDPSemantics == SDPSemanticsUnifiedPlanWithFallback && detectedPlanB {
+		pc.log.Info("Plan-B Offer detected; responding with Plan-B Answer")
+	}
+
+	dtlsFingerprints, err := pc.configuration.Certificates[0].GetFingerprints()
+	if err != nil {
+		return nil, err
+	}
+
+	return populateSDP(d, detectedPlanB, dtlsFingerprints, pc.api.settingEngine.sdpMediaLevelFingerprints, pc.api.settingEngine.candidates.ICELite, pc.api.mediaEngine, connectionRole, candidates, iceParams, mediaSections, pc.ICEGatheringState())
+}
+
+func (pc *PeerConnection) setGatherCompleteHandler(handler func()) {
+	pc.iceGatherer.onGatheringCompleteHandler.Store(handler)
+}
+
+// SCTP returns the SCTPTransport for this PeerConnection
+//
+// The SCTP transport over which SCTP data is sent and received. If SCTP has not been negotiated, the value is nil.
+// https://www.w3.org/TR/webrtc/#attributes-15
+func (pc *PeerConnection) SCTP() *SCTPTransport {
+	return pc.sctpTransport
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/peerconnection_js.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/peerconnection_js.go
new file mode 100644
index 000000000..c29319407
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/peerconnection_js.go
@@ -0,0 +1,676 @@
+// +build js,wasm
+
+// Package webrtc implements the WebRTC 1.0 as defined in W3C WebRTC specification document.
+package webrtc
+
+import (
+	"syscall/js"
+
+	"github.com/pion/ice/v2"
+	"github.com/pion/webrtc/v3/pkg/rtcerr"
+)
+
+// PeerConnection represents a WebRTC connection that establishes a
+// peer-to-peer communications with another PeerConnection instance in a
+// browser, or to another endpoint implementing the required protocols.
+type PeerConnection struct {
+	// Pointer to the underlying JavaScript RTCPeerConnection object.
+	underlying js.Value
+
+	// Keep track of handlers/callbacks so we can call Release as required by the
+	// syscall/js API. Initially nil.
+	onSignalingStateChangeHandler     *js.Func
+	onDataChannelHandler              *js.Func
+	onNegotiationNeededHandler        *js.Func
+	onConnectionStateChangeHandler    *js.Func
+	onICEConnectionStateChangeHandler *js.Func
+	onICECandidateHandler             *js.Func
+	onICEGatheringStateChangeHandler  *js.Func
+
+	// Used by GatheringCompletePromise
+	onGatherCompleteHandler func()
+
+	// A reference to the associated API state used by this connection
+	api *API
+}
+
+// NewPeerConnection creates a peerconnection.
+func NewPeerConnection(configuration Configuration) (*PeerConnection, error) {
+	api := NewAPI()
+	return api.NewPeerConnection(configuration)
+}
+
+// NewPeerConnection creates a new PeerConnection with the provided configuration against the received API object
+func (api *API) NewPeerConnection(configuration Configuration) (_ *PeerConnection, err error) {
+	defer func() {
+		if e := recover(); e != nil {
+			err = recoveryToError(e)
+		}
+	}()
+	configMap := configurationToValue(configuration)
+	underlying := js.Global().Get("window").Get("RTCPeerConnection").New(configMap)
+	return &PeerConnection{
+		underlying: underlying,
+		api:        api,
+	}, nil
+}
+
+func (pc *PeerConnection) JSValue() js.Value {
+	return pc.underlying
+}
+
+// OnSignalingStateChange sets an event handler which is invoked when the
+// peer connection's signaling state changes
+func (pc *PeerConnection) OnSignalingStateChange(f func(SignalingState)) {
+	if pc.onSignalingStateChangeHandler != nil {
+		oldHandler := pc.onSignalingStateChangeHandler
+		defer oldHandler.Release()
+	}
+	onSignalingStateChangeHandler := js.FuncOf(func(this js.Value, args []js.Value) interface{} {
+		state := newSignalingState(args[0].String())
+		go f(state)
+		return js.Undefined()
+	})
+	pc.onSignalingStateChangeHandler = &onSignalingStateChangeHandler
+	pc.underlying.Set("onsignalingstatechange", onSignalingStateChangeHandler)
+}
+
+// OnDataChannel sets an event handler which is invoked when a data
+// channel message arrives from a remote peer.
+func (pc *PeerConnection) OnDataChannel(f func(*DataChannel)) {
+	if pc.onDataChannelHandler != nil {
+		oldHandler := pc.onDataChannelHandler
+		defer oldHandler.Release()
+	}
+	onDataChannelHandler := js.FuncOf(func(this js.Value, args []js.Value) interface{} {
+		// pion/webrtc/projects/15
+		// This reference to the underlying DataChannel doesn't know
+		// about any other references to the same DataChannel. This might result in
+		// memory leaks where we don't clean up handler functions. Could possibly fix
+		// by keeping a mutex-protected list of all DataChannel references as a
+		// property of this PeerConnection, but at the cost of additional overhead.
+		dataChannel := &DataChannel{
+			underlying: args[0].Get("channel"),
+			api:        pc.api,
+		}
+		go f(dataChannel)
+		return js.Undefined()
+	})
+	pc.onDataChannelHandler = &onDataChannelHandler
+	pc.underlying.Set("ondatachannel", onDataChannelHandler)
+}
+
+// OnNegotiationNeeded sets an event handler which is invoked when
+// a change has occurred which requires session negotiation
+func (pc *PeerConnection) OnNegotiationNeeded(f func()) {
+	if pc.onNegotiationNeededHandler != nil {
+		oldHandler := pc.onNegotiationNeededHandler
+		defer oldHandler.Release()
+	}
+	onNegotiationNeededHandler := js.FuncOf(func(this js.Value, args []js.Value) interface{} {
+		go f()
+		return js.Undefined()
+	})
+	pc.onNegotiationNeededHandler = &onNegotiationNeededHandler
+	pc.underlying.Set("onnegotiationneeded", onNegotiationNeededHandler)
+}
+
+// OnICEConnectionStateChange sets an event handler which is called
+// when an ICE connection state is changed.
+func (pc *PeerConnection) OnICEConnectionStateChange(f func(ICEConnectionState)) {
+	if pc.onICEConnectionStateChangeHandler != nil {
+		oldHandler := pc.onICEConnectionStateChangeHandler
+		defer oldHandler.Release()
+	}
+	onICEConnectionStateChangeHandler := js.FuncOf(func(this js.Value, args []js.Value) interface{} {
+		connectionState := NewICEConnectionState(pc.underlying.Get("iceConnectionState").String())
+		go f(connectionState)
+		return js.Undefined()
+	})
+	pc.onICEConnectionStateChangeHandler = &onICEConnectionStateChangeHandler
+	pc.underlying.Set("oniceconnectionstatechange", onICEConnectionStateChangeHandler)
+}
+
+// OnConnectionStateChange sets an event handler which is called
+// when an PeerConnectionState is changed.
+func (pc *PeerConnection) OnConnectionStateChange(f func(PeerConnectionState)) {
+	if pc.onConnectionStateChangeHandler != nil {
+		oldHandler := pc.onConnectionStateChangeHandler
+		defer oldHandler.Release()
+	}
+	onConnectionStateChangeHandler := js.FuncOf(func(this js.Value, args []js.Value) interface{} {
+		connectionState := newPeerConnectionState(pc.underlying.Get("connectionState").String())
+		go f(connectionState)
+		return js.Undefined()
+	})
+	pc.onConnectionStateChangeHandler = &onConnectionStateChangeHandler
+	pc.underlying.Set("onconnectionstatechange", onConnectionStateChangeHandler)
+}
+
+func (pc *PeerConnection) checkConfiguration(configuration Configuration) error {
+	// https://www.w3.org/TR/webrtc/#dom-rtcpeerconnection-setconfiguration (step #2)
+	if pc.ConnectionState() == PeerConnectionStateClosed {
+		return &rtcerr.InvalidStateError{Err: ErrConnectionClosed}
+	}
+
+	existingConfig := pc.GetConfiguration()
+	// https://www.w3.org/TR/webrtc/#set-the-configuration (step #3)
+	if configuration.PeerIdentity != "" {
+		if configuration.PeerIdentity != existingConfig.PeerIdentity {
+			return &rtcerr.InvalidModificationError{Err: ErrModifyingPeerIdentity}
+		}
+	}
+
+	// https://github.com/pion/webrtc/issues/513
+	// https://www.w3.org/TR/webrtc/#set-the-configuration (step #4)
+	// if len(configuration.Certificates) > 0 {
+	// 	if len(configuration.Certificates) != len(existingConfiguration.Certificates) {
+	// 		return &rtcerr.InvalidModificationError{Err: ErrModifyingCertificates}
+	// 	}
+
+	// 	for i, certificate := range configuration.Certificates {
+	// 		if !pc.configuration.Certificates[i].Equals(certificate) {
+	// 			return &rtcerr.InvalidModificationError{Err: ErrModifyingCertificates}
+	// 		}
+	// 	}
+	// 	pc.configuration.Certificates = configuration.Certificates
+	// }
+
+	// https://www.w3.org/TR/webrtc/#set-the-configuration (step #5)
+	if configuration.BundlePolicy != BundlePolicy(Unknown) {
+		if configuration.BundlePolicy != existingConfig.BundlePolicy {
+			return &rtcerr.InvalidModificationError{Err: ErrModifyingBundlePolicy}
+		}
+	}
+
+	// https://www.w3.org/TR/webrtc/#set-the-configuration (step #6)
+	if configuration.RTCPMuxPolicy != RTCPMuxPolicy(Unknown) {
+		if configuration.RTCPMuxPolicy != existingConfig.RTCPMuxPolicy {
+			return &rtcerr.InvalidModificationError{Err: ErrModifyingRTCPMuxPolicy}
+		}
+	}
+
+	// https://www.w3.org/TR/webrtc/#set-the-configuration (step #7)
+	if configuration.ICECandidatePoolSize != 0 {
+		if configuration.ICECandidatePoolSize != existingConfig.ICECandidatePoolSize &&
+			pc.LocalDescription() != nil {
+			return &rtcerr.InvalidModificationError{Err: ErrModifyingICECandidatePoolSize}
+		}
+	}
+
+	// https://www.w3.org/TR/webrtc/#set-the-configuration (step #11)
+	if len(configuration.ICEServers) > 0 {
+		// https://www.w3.org/TR/webrtc/#set-the-configuration (step #11.3)
+		for _, server := range configuration.ICEServers {
+			if _, err := server.validate(); err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}
+
+// SetConfiguration updates the configuration of this PeerConnection object.
+func (pc *PeerConnection) SetConfiguration(configuration Configuration) (err error) {
+	defer func() {
+		if e := recover(); e != nil {
+			err = recoveryToError(e)
+		}
+	}()
+	if err := pc.checkConfiguration(configuration); err != nil {
+		return err
+	}
+	configMap := configurationToValue(configuration)
+	pc.underlying.Call("setConfiguration", configMap)
+	return nil
+}
+
+// GetConfiguration returns a Configuration object representing the current
+// configuration of this PeerConnection object. The returned object is a
+// copy and direct mutation on it will not take affect until SetConfiguration
+// has been called with Configuration passed as its only argument.
+// https://www.w3.org/TR/webrtc/#dom-rtcpeerconnection-getconfiguration
+func (pc *PeerConnection) GetConfiguration() Configuration {
+	return valueToConfiguration(pc.underlying.Call("getConfiguration"))
+}
+
+// CreateOffer starts the PeerConnection and generates the localDescription
+func (pc *PeerConnection) CreateOffer(options *OfferOptions) (_ SessionDescription, err error) {
+	defer func() {
+		if e := recover(); e != nil {
+			err = recoveryToError(e)
+		}
+	}()
+	promise := pc.underlying.Call("createOffer", offerOptionsToValue(options))
+	desc, err := awaitPromise(promise)
+	if err != nil {
+		return SessionDescription{}, err
+	}
+	return *valueToSessionDescription(desc), nil
+}
+
+// CreateAnswer starts the PeerConnection and generates the localDescription
+func (pc *PeerConnection) CreateAnswer(options *AnswerOptions) (_ SessionDescription, err error) {
+	defer func() {
+		if e := recover(); e != nil {
+			err = recoveryToError(e)
+		}
+	}()
+	promise := pc.underlying.Call("createAnswer", answerOptionsToValue(options))
+	desc, err := awaitPromise(promise)
+	if err != nil {
+		return SessionDescription{}, err
+	}
+	return *valueToSessionDescription(desc), nil
+}
+
+// SetLocalDescription sets the SessionDescription of the local peer
+func (pc *PeerConnection) SetLocalDescription(desc SessionDescription) (err error) {
+	defer func() {
+		if e := recover(); e != nil {
+			err = recoveryToError(e)
+		}
+	}()
+	promise := pc.underlying.Call("setLocalDescription", sessionDescriptionToValue(&desc))
+	_, err = awaitPromise(promise)
+	return err
+}
+
+// LocalDescription returns PendingLocalDescription if it is not null and
+// otherwise it returns CurrentLocalDescription. This property is used to
+// determine if setLocalDescription has already been called.
+// https://www.w3.org/TR/webrtc/#dom-rtcpeerconnection-localdescription
+func (pc *PeerConnection) LocalDescription() *SessionDescription {
+	return valueToSessionDescription(pc.underlying.Get("localDescription"))
+}
+
+// SetRemoteDescription sets the SessionDescription of the remote peer
+func (pc *PeerConnection) SetRemoteDescription(desc SessionDescription) (err error) {
+	defer func() {
+		if e := recover(); e != nil {
+			err = recoveryToError(e)
+		}
+	}()
+	promise := pc.underlying.Call("setRemoteDescription", sessionDescriptionToValue(&desc))
+	_, err = awaitPromise(promise)
+	return err
+}
+
+// RemoteDescription returns PendingRemoteDescription if it is not null and
+// otherwise it returns CurrentRemoteDescription. This property is used to
+// determine if setRemoteDescription has already been called.
+// https://www.w3.org/TR/webrtc/#dom-rtcpeerconnection-remotedescription
+func (pc *PeerConnection) RemoteDescription() *SessionDescription {
+	return valueToSessionDescription(pc.underlying.Get("remoteDescription"))
+}
+
+// AddICECandidate accepts an ICE candidate string and adds it
+// to the existing set of candidates
+func (pc *PeerConnection) AddICECandidate(candidate ICECandidateInit) (err error) {
+	defer func() {
+		if e := recover(); e != nil {
+			err = recoveryToError(e)
+		}
+	}()
+	promise := pc.underlying.Call("addIceCandidate", iceCandidateInitToValue(candidate))
+	_, err = awaitPromise(promise)
+	return err
+}
+
+// ICEConnectionState returns the ICE connection state of the
+// PeerConnection instance.
+func (pc *PeerConnection) ICEConnectionState() ICEConnectionState {
+	return NewICEConnectionState(pc.underlying.Get("iceConnectionState").String())
+}
+
+// OnICECandidate sets an event handler which is invoked when a new ICE
+// candidate is found.
+func (pc *PeerConnection) OnICECandidate(f func(candidate *ICECandidate)) {
+	if pc.onICECandidateHandler != nil {
+		oldHandler := pc.onICECandidateHandler
+		defer oldHandler.Release()
+	}
+	onICECandidateHandler := js.FuncOf(func(this js.Value, args []js.Value) interface{} {
+		candidate := valueToICECandidate(args[0].Get("candidate"))
+		if candidate == nil && pc.onGatherCompleteHandler != nil {
+			go pc.onGatherCompleteHandler()
+		}
+
+		go f(candidate)
+		return js.Undefined()
+	})
+	pc.onICECandidateHandler = &onICECandidateHandler
+	pc.underlying.Set("onicecandidate", onICECandidateHandler)
+}
+
+// OnICEGatheringStateChange sets an event handler which is invoked when the
+// ICE candidate gathering state has changed.
+func (pc *PeerConnection) OnICEGatheringStateChange(f func()) {
+	if pc.onICEGatheringStateChangeHandler != nil {
+		oldHandler := pc.onICEGatheringStateChangeHandler
+		defer oldHandler.Release()
+	}
+	onICEGatheringStateChangeHandler := js.FuncOf(func(this js.Value, args []js.Value) interface{} {
+		go f()
+		return js.Undefined()
+	})
+	pc.onICEGatheringStateChangeHandler = &onICEGatheringStateChangeHandler
+	pc.underlying.Set("onicegatheringstatechange", onICEGatheringStateChangeHandler)
+}
+
+// CreateDataChannel creates a new DataChannel object with the given label
+// and optional DataChannelInit used to configure properties of the
+// underlying channel such as data reliability.
+func (pc *PeerConnection) CreateDataChannel(label string, options *DataChannelInit) (_ *DataChannel, err error) {
+	defer func() {
+		if e := recover(); e != nil {
+			err = recoveryToError(e)
+		}
+	}()
+	channel := pc.underlying.Call("createDataChannel", label, dataChannelInitToValue(options))
+	return &DataChannel{
+		underlying: channel,
+		api:        pc.api,
+	}, nil
+}
+
+// SetIdentityProvider is used to configure an identity provider to generate identity assertions
+func (pc *PeerConnection) SetIdentityProvider(provider string) (err error) {
+	defer func() {
+		if e := recover(); e != nil {
+			err = recoveryToError(e)
+		}
+	}()
+	pc.underlying.Call("setIdentityProvider", provider)
+	return nil
+}
+
+// Close ends the PeerConnection
+func (pc *PeerConnection) Close() (err error) {
+	defer func() {
+		if e := recover(); e != nil {
+			err = recoveryToError(e)
+		}
+	}()
+
+	pc.underlying.Call("close")
+
+	// Release any handlers as required by the syscall/js API.
+	if pc.onSignalingStateChangeHandler != nil {
+		pc.onSignalingStateChangeHandler.Release()
+	}
+	if pc.onDataChannelHandler != nil {
+		pc.onDataChannelHandler.Release()
+	}
+	if pc.onNegotiationNeededHandler != nil {
+		pc.onNegotiationNeededHandler.Release()
+	}
+	if pc.onConnectionStateChangeHandler != nil {
+		pc.onConnectionStateChangeHandler.Release()
+	}
+	if pc.onICEConnectionStateChangeHandler != nil {
+		pc.onICEConnectionStateChangeHandler.Release()
+	}
+	if pc.onICECandidateHandler != nil {
+		pc.onICECandidateHandler.Release()
+	}
+	if pc.onICEGatheringStateChangeHandler != nil {
+		pc.onICEGatheringStateChangeHandler.Release()
+	}
+
+	return nil
+}
+
+// CurrentLocalDescription represents the local description that was
+// successfully negotiated the last time the PeerConnection transitioned
+// into the stable state plus any local candidates that have been generated
+// by the ICEAgent since the offer or answer was created.
+func (pc *PeerConnection) CurrentLocalDescription() *SessionDescription {
+	desc := pc.underlying.Get("currentLocalDescription")
+	return valueToSessionDescription(desc)
+}
+
+// PendingLocalDescription represents a local description that is in the
+// process of being negotiated plus any local candidates that have been
+// generated by the ICEAgent since the offer or answer was created. If the
+// PeerConnection is in the stable state, the value is null.
+func (pc *PeerConnection) PendingLocalDescription() *SessionDescription {
+	desc := pc.underlying.Get("pendingLocalDescription")
+	return valueToSessionDescription(desc)
+}
+
+// CurrentRemoteDescription represents the last remote description that was
+// successfully negotiated the last time the PeerConnection transitioned
+// into the stable state plus any remote candidates that have been supplied
+// via AddICECandidate() since the offer or answer was created.
+func (pc *PeerConnection) CurrentRemoteDescription() *SessionDescription {
+	desc := pc.underlying.Get("currentRemoteDescription")
+	return valueToSessionDescription(desc)
+}
+
+// PendingRemoteDescription represents a remote description that is in the
+// process of being negotiated, complete with any remote candidates that
+// have been supplied via AddICECandidate() since the offer or answer was
+// created. If the PeerConnection is in the stable state, the value is
+// null.
+func (pc *PeerConnection) PendingRemoteDescription() *SessionDescription {
+	desc := pc.underlying.Get("pendingRemoteDescription")
+	return valueToSessionDescription(desc)
+}
+
+// SignalingState returns the signaling state of the PeerConnection instance.
+func (pc *PeerConnection) SignalingState() SignalingState {
+	rawState := pc.underlying.Get("signalingState").String()
+	return newSignalingState(rawState)
+}
+
+// ICEGatheringState attribute the ICE gathering state of the PeerConnection
+// instance.
+func (pc *PeerConnection) ICEGatheringState() ICEGatheringState {
+	rawState := pc.underlying.Get("iceGatheringState").String()
+	return NewICEGatheringState(rawState)
+}
+
+// ConnectionState attribute the connection state of the PeerConnection
+// instance.
+func (pc *PeerConnection) ConnectionState() PeerConnectionState {
+	rawState := pc.underlying.Get("connectionState").String()
+	return newPeerConnectionState(rawState)
+}
+
+func (pc *PeerConnection) setGatherCompleteHandler(handler func()) {
+	pc.onGatherCompleteHandler = handler
+
+	// If no onIceCandidate handler has been set provide an empty one
+	// otherwise our onGatherCompleteHandler will not be executed
+	if pc.onICECandidateHandler == nil {
+		pc.OnICECandidate(func(i *ICECandidate) {})
+	}
+}
+
+// Converts a Configuration to js.Value so it can be passed
+// through to the JavaScript WebRTC API. Any zero values are converted to
+// js.Undefined(), which will result in the default value being used.
+func configurationToValue(configuration Configuration) js.Value {
+	return js.ValueOf(map[string]interface{}{
+		"iceServers":           iceServersToValue(configuration.ICEServers),
+		"iceTransportPolicy":   stringEnumToValueOrUndefined(configuration.ICETransportPolicy.String()),
+		"bundlePolicy":         stringEnumToValueOrUndefined(configuration.BundlePolicy.String()),
+		"rtcpMuxPolicy":        stringEnumToValueOrUndefined(configuration.RTCPMuxPolicy.String()),
+		"peerIdentity":         stringToValueOrUndefined(configuration.PeerIdentity),
+		"iceCandidatePoolSize": uint8ToValueOrUndefined(configuration.ICECandidatePoolSize),
+
+		// Note: Certificates are not currently supported.
+		// "certificates": configuration.Certificates,
+	})
+}
+
+func iceServersToValue(iceServers []ICEServer) js.Value {
+	if len(iceServers) == 0 {
+		return js.Undefined()
+	}
+	maps := make([]interface{}, len(iceServers))
+	for i, server := range iceServers {
+		maps[i] = iceServerToValue(server)
+	}
+	return js.ValueOf(maps)
+}
+
+func iceServerToValue(server ICEServer) js.Value {
+	return js.ValueOf(map[string]interface{}{
+		"urls":     stringsToValue(server.URLs), // required
+		"username": stringToValueOrUndefined(server.Username),
+		// Note: credential and credentialType are not currently supported.
+		// "credential":     interfaceToValueOrUndefined(server.Credential),
+		// "credentialType": stringEnumToValueOrUndefined(server.CredentialType.String()),
+	})
+}
+
+func valueToConfiguration(configValue js.Value) Configuration {
+	if jsValueIsNull(configValue) || jsValueIsUndefined(configValue) {
+		return Configuration{}
+	}
+	return Configuration{
+		ICEServers:           valueToICEServers(configValue.Get("iceServers")),
+		ICETransportPolicy:   NewICETransportPolicy(valueToStringOrZero(configValue.Get("iceTransportPolicy"))),
+		BundlePolicy:         newBundlePolicy(valueToStringOrZero(configValue.Get("bundlePolicy"))),
+		RTCPMuxPolicy:        newRTCPMuxPolicy(valueToStringOrZero(configValue.Get("rtcpMuxPolicy"))),
+		PeerIdentity:         valueToStringOrZero(configValue.Get("peerIdentity")),
+		ICECandidatePoolSize: valueToUint8OrZero(configValue.Get("iceCandidatePoolSize")),
+
+		// Note: Certificates are not supported.
+		// Certificates []Certificate
+	}
+}
+
+func valueToICEServers(iceServersValue js.Value) []ICEServer {
+	if jsValueIsNull(iceServersValue) || jsValueIsUndefined(iceServersValue) {
+		return nil
+	}
+	iceServers := make([]ICEServer, iceServersValue.Length())
+	for i := 0; i < iceServersValue.Length(); i++ {
+		iceServers[i] = valueToICEServer(iceServersValue.Index(i))
+	}
+	return iceServers
+}
+
+func valueToICEServer(iceServerValue js.Value) ICEServer {
+	return ICEServer{
+		URLs:     valueToStrings(iceServerValue.Get("urls")), // required
+		Username: valueToStringOrZero(iceServerValue.Get("username")),
+		// Note: Credential and CredentialType are not currently supported.
+		// Credential: iceServerValue.Get("credential"),
+		// CredentialType: newICECredentialType(valueToStringOrZero(iceServerValue.Get("credentialType"))),
+	}
+}
+
+func valueToICECandidate(val js.Value) *ICECandidate {
+	if jsValueIsNull(val) || jsValueIsUndefined(val) {
+		return nil
+	}
+	if jsValueIsUndefined(val.Get("protocol")) && !jsValueIsUndefined(val.Get("candidate")) {
+		// Missing some fields, assume it's Firefox and parse SDP candidate.
+		c, err := ice.UnmarshalCandidate(val.Get("candidate").String())
+		if err != nil {
+			return nil
+		}
+
+		iceCandidate, err := newICECandidateFromICE(c)
+		if err != nil {
+			return nil
+		}
+
+		return &iceCandidate
+	}
+	protocol, _ := NewICEProtocol(val.Get("protocol").String())
+	candidateType, _ := NewICECandidateType(val.Get("type").String())
+	return &ICECandidate{
+		Foundation:     val.Get("foundation").String(),
+		Priority:       valueToUint32OrZero(val.Get("priority")),
+		Address:        val.Get("address").String(),
+		Protocol:       protocol,
+		Port:           valueToUint16OrZero(val.Get("port")),
+		Typ:            candidateType,
+		Component:      stringToComponentIDOrZero(val.Get("component").String()),
+		RelatedAddress: val.Get("relatedAddress").String(),
+		RelatedPort:    valueToUint16OrZero(val.Get("relatedPort")),
+	}
+}
+
+func stringToComponentIDOrZero(val string) uint16 {
+	// See: https://developer.mozilla.org/en-US/docs/Web/API/RTCIceComponent
+	switch val {
+	case "rtp":
+		return 1
+	case "rtcp":
+		return 2
+	}
+	return 0
+}
+
+func sessionDescriptionToValue(desc *SessionDescription) js.Value {
+	if desc == nil {
+		return js.Undefined()
+	}
+	return js.ValueOf(map[string]interface{}{
+		"type": desc.Type.String(),
+		"sdp":  desc.SDP,
+	})
+}
+
+func valueToSessionDescription(descValue js.Value) *SessionDescription {
+	if jsValueIsNull(descValue) || jsValueIsUndefined(descValue) {
+		return nil
+	}
+	return &SessionDescription{
+		Type: NewSDPType(descValue.Get("type").String()),
+		SDP:  descValue.Get("sdp").String(),
+	}
+}
+
+func offerOptionsToValue(offerOptions *OfferOptions) js.Value {
+	if offerOptions == nil {
+		return js.Undefined()
+	}
+	return js.ValueOf(map[string]interface{}{
+		"iceRestart":             offerOptions.ICERestart,
+		"voiceActivityDetection": offerOptions.VoiceActivityDetection,
+	})
+}
+
+func answerOptionsToValue(answerOptions *AnswerOptions) js.Value {
+	if answerOptions == nil {
+		return js.Undefined()
+	}
+	return js.ValueOf(map[string]interface{}{
+		"voiceActivityDetection": answerOptions.VoiceActivityDetection,
+	})
+}
+
+func iceCandidateInitToValue(candidate ICECandidateInit) js.Value {
+	return js.ValueOf(map[string]interface{}{
+		"candidate":        candidate.Candidate,
+		"sdpMid":           stringPointerToValue(candidate.SDPMid),
+		"sdpMLineIndex":    uint16PointerToValue(candidate.SDPMLineIndex),
+		"usernameFragment": stringPointerToValue(candidate.UsernameFragment),
+	})
+}
+
+func dataChannelInitToValue(options *DataChannelInit) js.Value {
+	if options == nil {
+		return js.Undefined()
+	}
+
+	maxPacketLifeTime := uint16PointerToValue(options.MaxPacketLifeTime)
+	return js.ValueOf(map[string]interface{}{
+		"ordered":           boolPointerToValue(options.Ordered),
+		"maxPacketLifeTime": maxPacketLifeTime,
+		// See https://bugs.chromium.org/p/chromium/issues/detail?id=696681
+		// Chrome calls this "maxRetransmitTime"
+		"maxRetransmitTime": maxPacketLifeTime,
+		"maxRetransmits":    uint16PointerToValue(options.MaxRetransmits),
+		"protocol":          stringPointerToValue(options.Protocol),
+		"negotiated":        boolPointerToValue(options.Negotiated),
+		"id":                uint16PointerToValue(options.ID),
+	})
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/peerconnectionstate.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/peerconnectionstate.go
new file mode 100644
index 000000000..66ac20eef
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/peerconnectionstate.go
@@ -0,0 +1,94 @@
+package webrtc
+
+// PeerConnectionState indicates the state of the PeerConnection.
+type PeerConnectionState int
+
+const (
+	// PeerConnectionStateNew indicates that any of the ICETransports or
+	// DTLSTransports are in the "new" state and none of the transports are
+	// in the "connecting", "checking", "failed" or "disconnected" state, or
+	// all transports are in the "closed" state, or there are no transports.
+	PeerConnectionStateNew PeerConnectionState = iota + 1
+
+	// PeerConnectionStateConnecting indicates that any of the
+	// ICETransports or DTLSTransports are in the "connecting" or
+	// "checking" state and none of them is in the "failed" state.
+	PeerConnectionStateConnecting
+
+	// PeerConnectionStateConnected indicates that all ICETransports and
+	// DTLSTransports are in the "connected", "completed" or "closed" state
+	// and at least one of them is in the "connected" or "completed" state.
+	PeerConnectionStateConnected
+
+	// PeerConnectionStateDisconnected indicates that any of the
+	// ICETransports or DTLSTransports are in the "disconnected" state
+	// and none of them are in the "failed" or "connecting" or "checking" state.
+	PeerConnectionStateDisconnected
+
+	// PeerConnectionStateFailed indicates that any of the ICETransports
+	// or DTLSTransports are in a "failed" state.
+	PeerConnectionStateFailed
+
+	// PeerConnectionStateClosed indicates the peer connection is closed
+	// and the isClosed member variable of PeerConnection is true.
+	PeerConnectionStateClosed
+)
+
+// This is done this way because of a linter.
+const (
+	peerConnectionStateNewStr          = "new"
+	peerConnectionStateConnectingStr   = "connecting"
+	peerConnectionStateConnectedStr    = "connected"
+	peerConnectionStateDisconnectedStr = "disconnected"
+	peerConnectionStateFailedStr       = "failed"
+	peerConnectionStateClosedStr       = "closed"
+)
+
+func newPeerConnectionState(raw string) PeerConnectionState {
+	switch raw {
+	case peerConnectionStateNewStr:
+		return PeerConnectionStateNew
+	case peerConnectionStateConnectingStr:
+		return PeerConnectionStateConnecting
+	case peerConnectionStateConnectedStr:
+		return PeerConnectionStateConnected
+	case peerConnectionStateDisconnectedStr:
+		return PeerConnectionStateDisconnected
+	case peerConnectionStateFailedStr:
+		return PeerConnectionStateFailed
+	case peerConnectionStateClosedStr:
+		return PeerConnectionStateClosed
+	default:
+		return PeerConnectionState(Unknown)
+	}
+}
+
+func (t PeerConnectionState) String() string {
+	switch t {
+	case PeerConnectionStateNew:
+		return peerConnectionStateNewStr
+	case PeerConnectionStateConnecting:
+		return peerConnectionStateConnectingStr
+	case PeerConnectionStateConnected:
+		return peerConnectionStateConnectedStr
+	case PeerConnectionStateDisconnected:
+		return peerConnectionStateDisconnectedStr
+	case PeerConnectionStateFailed:
+		return peerConnectionStateFailedStr
+	case PeerConnectionStateClosed:
+		return peerConnectionStateClosedStr
+	default:
+		return ErrUnknownType.Error()
+	}
+}
+
+type negotiationNeededState int
+
+const (
+	// NegotiationNeededStateEmpty not running and queue is empty
+	negotiationNeededStateEmpty = iota
+	// NegotiationNeededStateEmpty running and queue is empty
+	negotiationNeededStateRun
+	// NegotiationNeededStateEmpty running and queue
+	negotiationNeededStateQueue
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/pkg/media/h264reader/h264reader.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/pkg/media/h264reader/h264reader.go
new file mode 100644
index 000000000..79fbe8452
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/pkg/media/h264reader/h264reader.go
@@ -0,0 +1,191 @@
+// Package h264reader implements a H264 Annex-B Reader
+package h264reader
+
+import (
+	"bytes"
+	"errors"
+	"io"
+)
+
+// H264Reader reads data from stream and constructs h264 nal units
+type H264Reader struct {
+	stream                      io.Reader
+	nalBuffer                   []byte
+	countOfConsecutiveZeroBytes int
+	nalPrefixParsed             bool
+	readBuffer                  []byte
+}
+
+var (
+	errNilReader           = errors.New("stream is nil")
+	errDataIsNotH264Stream = errors.New("data is not a H264 bitstream")
+)
+
+// NewReader creates new H264Reader
+func NewReader(in io.Reader) (*H264Reader, error) {
+	if in == nil {
+		return nil, errNilReader
+	}
+
+	reader := &H264Reader{
+		stream:          in,
+		nalBuffer:       make([]byte, 0),
+		nalPrefixParsed: false,
+		readBuffer:      make([]byte, 0),
+	}
+
+	return reader, nil
+}
+
+// NAL H.264 Network Abstraction Layer
+type NAL struct {
+	PictureOrderCount uint32
+
+	// NAL header
+	ForbiddenZeroBit bool
+	RefIdc           uint8
+	UnitType         NalUnitType
+
+	Data []byte // header byte + rbsp
+}
+
+func (reader *H264Reader) read(numToRead int) (data []byte) {
+	for len(reader.readBuffer) < numToRead {
+		buf := make([]byte, 4096)
+		n, err := reader.stream.Read(buf)
+		if n == 0 || err != nil {
+			break
+		}
+		buf = buf[0:n]
+		reader.readBuffer = append(reader.readBuffer, buf...)
+	}
+	var numShouldRead int
+	if numToRead <= len(reader.readBuffer) {
+		numShouldRead = numToRead
+	} else {
+		numShouldRead = len(reader.readBuffer)
+	}
+	data = reader.readBuffer[0:numShouldRead]
+	reader.readBuffer = reader.readBuffer[numShouldRead:]
+	return data
+}
+
+func (reader *H264Reader) bitStreamStartsWithH264Prefix() (prefixLength int, e error) {
+	nalPrefix3Bytes := []byte{0, 0, 1}
+	nalPrefix4Bytes := []byte{0, 0, 0, 1}
+
+	prefixBuffer := reader.read(4)
+
+	n := len(prefixBuffer)
+
+	if n == 0 {
+		return 0, io.EOF
+	}
+
+	if n < 3 {
+		return 0, errDataIsNotH264Stream
+	}
+
+	nalPrefix3BytesFound := bytes.Equal(nalPrefix3Bytes, prefixBuffer[:3])
+	if n == 3 {
+		if nalPrefix3BytesFound {
+			return 0, io.EOF
+		}
+		return 0, errDataIsNotH264Stream
+	}
+
+	// n == 4
+	if nalPrefix3BytesFound {
+		reader.nalBuffer = append(reader.nalBuffer, prefixBuffer[3])
+		return 3, nil
+	}
+
+	nalPrefix4BytesFound := bytes.Equal(nalPrefix4Bytes, prefixBuffer)
+	if nalPrefix4BytesFound {
+		return 4, nil
+	}
+	return 0, errDataIsNotH264Stream
+}
+
+// NextNAL reads from stream and returns then next NAL,
+// and an error if there is incomplete frame data.
+// Returns all nil values when no more NALs are available.
+func (reader *H264Reader) NextNAL() (*NAL, error) {
+	if !reader.nalPrefixParsed {
+		_, err := reader.bitStreamStartsWithH264Prefix()
+		if err != nil {
+			return nil, err
+		}
+
+		reader.nalPrefixParsed = true
+	}
+
+	for {
+		buffer := reader.read(1)
+		n := len(buffer)
+
+		if n != 1 {
+			break
+		}
+		readByte := buffer[0]
+		nalFound := reader.processByte(readByte)
+		if nalFound {
+			nal := newNal(reader.nalBuffer)
+			nal.parseHeader()
+			if nal.UnitType == NalUnitTypeSEI {
+				reader.nalBuffer = nil
+				continue
+			} else {
+				break
+			}
+		}
+
+		reader.nalBuffer = append(reader.nalBuffer, readByte)
+	}
+
+	if len(reader.nalBuffer) == 0 {
+		return nil, io.EOF
+	}
+
+	nal := newNal(reader.nalBuffer)
+	reader.nalBuffer = nil
+	nal.parseHeader()
+
+	return nal, nil
+}
+
+func (reader *H264Reader) processByte(readByte byte) (nalFound bool) {
+	nalFound = false
+
+	switch readByte {
+	case 0:
+		reader.countOfConsecutiveZeroBytes++
+	case 1:
+		if reader.countOfConsecutiveZeroBytes >= 2 {
+			countOfConsecutiveZeroBytesInPrefix := 2
+			if reader.countOfConsecutiveZeroBytes > 2 {
+				countOfConsecutiveZeroBytesInPrefix = 3
+			}
+			nalUnitLength := len(reader.nalBuffer) - countOfConsecutiveZeroBytesInPrefix
+			reader.nalBuffer = reader.nalBuffer[0:nalUnitLength]
+			nalFound = true
+		} else {
+			reader.countOfConsecutiveZeroBytes = 0
+		}
+	default:
+		reader.countOfConsecutiveZeroBytes = 0
+	}
+
+	return nalFound
+}
+
+func newNal(data []byte) *NAL {
+	return &NAL{PictureOrderCount: 0, ForbiddenZeroBit: false, RefIdc: 0, UnitType: NalUnitTypeUnspecified, Data: data}
+}
+
+func (h *NAL) parseHeader() {
+	firstByte := h.Data[0]
+	h.ForbiddenZeroBit = (((firstByte & 0x80) >> 7) == 1) // 0x80 = 0b10000000
+	h.RefIdc = (firstByte & 0x60) >> 5                    // 0x60 = 0b01100000
+	h.UnitType = NalUnitType((firstByte & 0x1F) >> 0)     // 0x1F = 0b00011111
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/pkg/media/h264reader/nalunittype.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/pkg/media/h264reader/nalunittype.go
new file mode 100644
index 000000000..6c7293f3b
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/pkg/media/h264reader/nalunittype.go
@@ -0,0 +1,68 @@
+package h264reader
+
+import "strconv"
+
+// NalUnitType is the type of a NAL
+type NalUnitType uint8
+
+// Enums for NalUnitTypes
+const (
+	NalUnitTypeUnspecified              NalUnitType = 0  // Unspecified
+	NalUnitTypeCodedSliceNonIdr         NalUnitType = 1  // Coded slice of a non-IDR picture
+	NalUnitTypeCodedSliceDataPartitionA NalUnitType = 2  // Coded slice data partition A
+	NalUnitTypeCodedSliceDataPartitionB NalUnitType = 3  // Coded slice data partition B
+	NalUnitTypeCodedSliceDataPartitionC NalUnitType = 4  // Coded slice data partition C
+	NalUnitTypeCodedSliceIdr            NalUnitType = 5  // Coded slice of an IDR picture
+	NalUnitTypeSEI                      NalUnitType = 6  // Supplemental enhancement information (SEI)
+	NalUnitTypeSPS                      NalUnitType = 7  // Sequence parameter set
+	NalUnitTypePPS                      NalUnitType = 8  // Picture parameter set
+	NalUnitTypeAUD                      NalUnitType = 9  // Access unit delimiter
+	NalUnitTypeEndOfSequence            NalUnitType = 10 // End of sequence
+	NalUnitTypeEndOfStream              NalUnitType = 11 // End of stream
+	NalUnitTypeFiller                   NalUnitType = 12 // Filler data
+	NalUnitTypeSpsExt                   NalUnitType = 13 // Sequence parameter set extension
+	NalUnitTypeCodedSliceAux            NalUnitType = 19 // Coded slice of an auxiliary coded picture without partitioning
+	// 14..18                                            // Reserved
+	// 20..23                                            // Reserved
+	// 24..31                                            // Unspecified
+)
+
+func (n *NalUnitType) String() string {
+	var str string
+	switch *n {
+	case NalUnitTypeUnspecified:
+		str = "Unspecified"
+	case NalUnitTypeCodedSliceNonIdr:
+		str = "CodedSliceNonIdr"
+	case NalUnitTypeCodedSliceDataPartitionA:
+		str = "CodedSliceDataPartitionA"
+	case NalUnitTypeCodedSliceDataPartitionB:
+		str = "CodedSliceDataPartitionB"
+	case NalUnitTypeCodedSliceDataPartitionC:
+		str = "CodedSliceDataPartitionC"
+	case NalUnitTypeCodedSliceIdr:
+		str = "CodedSliceIdr"
+	case NalUnitTypeSEI:
+		str = "SEI"
+	case NalUnitTypeSPS:
+		str = "SPS"
+	case NalUnitTypePPS:
+		str = "PPS"
+	case NalUnitTypeAUD:
+		str = "AUD"
+	case NalUnitTypeEndOfSequence:
+		str = "EndOfSequence"
+	case NalUnitTypeEndOfStream:
+		str = "EndOfStream"
+	case NalUnitTypeFiller:
+		str = "Filler"
+	case NalUnitTypeSpsExt:
+		str = "SpsExt"
+	case NalUnitTypeCodedSliceAux:
+		str = "NalUnitTypeCodedSliceAux"
+	default:
+		str = "Unknown"
+	}
+	str = str + "(" + strconv.FormatInt(int64(*n), 10) + ")"
+	return str
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/pkg/media/h264writer/h264writer.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/pkg/media/h264writer/h264writer.go
new file mode 100644
index 000000000..9637441d4
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/pkg/media/h264writer/h264writer.go
@@ -0,0 +1,90 @@
+// Package h264writer implements H264 media container writer
+package h264writer
+
+import (
+	"bytes"
+	"encoding/binary"
+	"io"
+	"os"
+
+	"github.com/pion/rtp"
+	"github.com/pion/rtp/codecs"
+)
+
+type (
+	// H264Writer is used to take RTP packets, parse them and
+	// write the data to an io.Writer.
+	// Currently it only supports non-interleaved mode
+	// Therefore, only 1-23, 24 (STAP-A), 28 (FU-A) NAL types are allowed.
+	// https://tools.ietf.org/html/rfc6184#section-5.2
+	H264Writer struct {
+		writer      io.Writer
+		hasKeyFrame bool
+	}
+)
+
+// New builds a new H264 writer
+func New(filename string) (*H264Writer, error) {
+	f, err := os.Create(filename)
+	if err != nil {
+		return nil, err
+	}
+
+	return NewWith(f), nil
+}
+
+// NewWith initializes a new H264 writer with an io.Writer output
+func NewWith(w io.Writer) *H264Writer {
+	return &H264Writer{
+		writer: w,
+	}
+}
+
+// WriteRTP adds a new packet and writes the appropriate headers for it
+func (h *H264Writer) WriteRTP(packet *rtp.Packet) error {
+	if len(packet.Payload) == 0 {
+		return nil
+	}
+
+	if !h.hasKeyFrame {
+		if h.hasKeyFrame = isKeyFrame(packet.Payload); !h.hasKeyFrame {
+			// key frame not defined yet. discarding packet
+			return nil
+		}
+	}
+
+	data, err := (&codecs.H264Packet{}).Unmarshal(packet.Payload)
+	if err != nil {
+		return err
+	}
+
+	_, err = h.writer.Write(data)
+
+	return err
+}
+
+// Close closes the underlying writer
+func (h *H264Writer) Close() error {
+	if h.writer != nil {
+		if closer, ok := h.writer.(io.Closer); ok {
+			return closer.Close()
+		}
+	}
+
+	return nil
+}
+
+func isKeyFrame(data []byte) bool {
+	const typeSTAPA = 24
+
+	var word uint32
+
+	payload := bytes.NewReader(data)
+	err := binary.Read(payload, binary.BigEndian, &word)
+
+	if err != nil || (word&0x1F000000)>>24 != typeSTAPA {
+		return false
+	}
+
+	return word&0x1F == 7
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/pkg/media/ivfwriter/ivfwriter.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/pkg/media/ivfwriter/ivfwriter.go
new file mode 100644
index 000000000..3dcd16dab
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/pkg/media/ivfwriter/ivfwriter.go
@@ -0,0 +1,147 @@
+// Package ivfwriter implements IVF media container writer
+package ivfwriter
+
+import (
+	"encoding/binary"
+	"errors"
+	"io"
+	"os"
+
+	"github.com/pion/rtp"
+	"github.com/pion/rtp/codecs"
+)
+
+var (
+	errFileNotOpened    = errors.New("file not opened")
+	errInvalidNilPacket = errors.New("invalid nil packet")
+)
+
+// IVFWriter is used to take RTP packets and write them to an IVF on disk
+type IVFWriter struct {
+	ioWriter     io.Writer
+	count        uint64
+	seenKeyFrame bool
+	currentFrame []byte
+}
+
+// New builds a new IVF writer
+func New(fileName string) (*IVFWriter, error) {
+	f, err := os.Create(fileName)
+	if err != nil {
+		return nil, err
+	}
+	writer, err := NewWith(f)
+	if err != nil {
+		return nil, err
+	}
+	writer.ioWriter = f
+	return writer, nil
+}
+
+// NewWith initialize a new IVF writer with an io.Writer output
+func NewWith(out io.Writer) (*IVFWriter, error) {
+	if out == nil {
+		return nil, errFileNotOpened
+	}
+
+	writer := &IVFWriter{
+		ioWriter:     out,
+		seenKeyFrame: false,
+	}
+	if err := writer.writeHeader(); err != nil {
+		return nil, err
+	}
+	return writer, nil
+}
+
+func (i *IVFWriter) writeHeader() error {
+	header := make([]byte, 32)
+	copy(header[0:], "DKIF")                        // DKIF
+	binary.LittleEndian.PutUint16(header[4:], 0)    // Version
+	binary.LittleEndian.PutUint16(header[6:], 32)   // Header size
+	copy(header[8:], "VP80")                        // FOURCC
+	binary.LittleEndian.PutUint16(header[12:], 640) // Width in pixels
+	binary.LittleEndian.PutUint16(header[14:], 480) // Height in pixels
+	binary.LittleEndian.PutUint32(header[16:], 30)  // Framerate denominator
+	binary.LittleEndian.PutUint32(header[20:], 1)   // Framerate numerator
+	binary.LittleEndian.PutUint32(header[24:], 900) // Frame count, will be updated on first Close() call
+	binary.LittleEndian.PutUint32(header[28:], 0)   // Unused
+
+	_, err := i.ioWriter.Write(header)
+	return err
+}
+
+// WriteRTP adds a new packet and writes the appropriate headers for it
+func (i *IVFWriter) WriteRTP(packet *rtp.Packet) error {
+	if i.ioWriter == nil {
+		return errFileNotOpened
+	}
+
+	vp8Packet := codecs.VP8Packet{}
+	if _, err := vp8Packet.Unmarshal(packet.Payload); err != nil {
+		return err
+	}
+
+	isKeyFrame := vp8Packet.Payload[0] & 0x01
+	switch {
+	case !i.seenKeyFrame && isKeyFrame == 1:
+		return nil
+	case i.currentFrame == nil && vp8Packet.S != 1:
+		return nil
+	}
+
+	i.seenKeyFrame = true
+	i.currentFrame = append(i.currentFrame, vp8Packet.Payload[0:]...)
+
+	if !packet.Marker {
+		return nil
+	} else if len(i.currentFrame) == 0 {
+		return nil
+	}
+
+	frameHeader := make([]byte, 12)
+	binary.LittleEndian.PutUint32(frameHeader[0:], uint32(len(i.currentFrame))) // Frame length
+	binary.LittleEndian.PutUint64(frameHeader[4:], i.count)                     // PTS
+
+	i.count++
+
+	if _, err := i.ioWriter.Write(frameHeader); err != nil {
+		return err
+	} else if _, err := i.ioWriter.Write(i.currentFrame); err != nil {
+		return err
+	}
+
+	i.currentFrame = nil
+	return nil
+}
+
+// Close stops the recording
+func (i *IVFWriter) Close() error {
+	if i.ioWriter == nil {
+		// Returns no error as it may be convenient to call
+		// Close() multiple times
+		return nil
+	}
+
+	defer func() {
+		i.ioWriter = nil
+	}()
+
+	if ws, ok := i.ioWriter.(io.WriteSeeker); ok {
+		// Update the framecount
+		if _, err := ws.Seek(24, 0); err != nil {
+			return err
+		}
+		buff := make([]byte, 4)
+		binary.LittleEndian.PutUint32(buff, uint32(i.count))
+		if _, err := ws.Write(buff); err != nil {
+			return err
+		}
+	}
+
+	if closer, ok := i.ioWriter.(io.Closer); ok {
+		return closer.Close()
+	}
+
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/pkg/media/media.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/pkg/media/media.go
new file mode 100644
index 000000000..bcd7e3389
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/pkg/media/media.go
@@ -0,0 +1,25 @@
+// Package media provides media writer and filters
+package media
+
+import (
+	"time"
+
+	"github.com/pion/rtp"
+)
+
+// A Sample contains encoded media and timing information
+type Sample struct {
+	Data      []byte
+	Timestamp time.Time
+	Duration  time.Duration
+}
+
+// Writer defines an interface to handle
+// the creation of media files
+type Writer interface {
+	// Add the content of an RTP packet to the media
+	WriteRTP(packet *rtp.Packet) error
+	// Close the media
+	// Note: Close implementation must be idempotent
+	Close() error
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/pkg/media/oggreader/oggreader.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/pkg/media/oggreader/oggreader.go
new file mode 100644
index 000000000..6a7005de3
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/pkg/media/oggreader/oggreader.go
@@ -0,0 +1,215 @@
+// Package oggreader implements the Ogg media container reader
+package oggreader
+
+import (
+	"encoding/binary"
+	"errors"
+	"io"
+)
+
+const (
+	pageHeaderTypeBeginningOfStream = 0x02
+	pageHeaderSignature             = "OggS"
+
+	idPageSignature = "OpusHead"
+
+	pageHeaderLen       = 27
+	idPagePayloadLength = 19
+)
+
+var (
+	errNilStream                 = errors.New("stream is nil")
+	errBadIDPageSignature        = errors.New("bad header signature")
+	errBadIDPageType             = errors.New("wrong header, expected beginning of stream")
+	errBadIDPageLength           = errors.New("payload for id page must be 19 bytes")
+	errBadIDPagePayloadSignature = errors.New("bad payload signature")
+	errShortPageHeader           = errors.New("not enough data for payload header")
+	errChecksumMismatch          = errors.New("expected and actual checksum do not match")
+)
+
+// OggReader is used to read Ogg files and return page payloads
+type OggReader struct {
+	stream               io.ReadSeeker
+	bytesReadSuccesfully int64
+	checksumTable        *[256]uint32
+	doChecksum           bool
+}
+
+// OggHeader is the metadata from the first two pages
+// in the file (ID and Comment)
+//
+// https://tools.ietf.org/html/rfc7845.html#section-3
+type OggHeader struct {
+	ChannelMap uint8
+	Channels   uint8
+	OutputGain uint16
+	PreSkip    uint16
+	SampleRate uint32
+	Version    uint8
+}
+
+// OggPageHeader is the metadata for a Page
+// Pages are the fundamental unit of multiplexing in an Ogg stream
+//
+// https://tools.ietf.org/html/rfc7845.html#section-1
+type OggPageHeader struct {
+	GranulePosition uint64
+
+	sig           [4]byte
+	version       uint8
+	headerType    uint8
+	serial        uint32
+	index         uint32
+	segmentsCount uint8
+}
+
+// NewWith returns a new Ogg reader and Ogg header
+// with an io.ReadSeeker input
+func NewWith(in io.ReadSeeker) (*OggReader, *OggHeader, error) {
+	return newWith(in /* doChecksum */, true)
+}
+
+func newWith(in io.ReadSeeker, doChecksum bool) (*OggReader, *OggHeader, error) {
+	if in == nil {
+		return nil, nil, errNilStream
+	}
+
+	reader := &OggReader{
+		stream:        in,
+		checksumTable: generateChecksumTable(),
+		doChecksum:    doChecksum,
+	}
+
+	header, err := reader.readHeaders()
+	if err != nil {
+		return nil, nil, err
+	}
+
+	return reader, header, nil
+}
+
+func (o *OggReader) readHeaders() (*OggHeader, error) {
+	payload, pageHeader, err := o.ParseNextPage()
+	if err != nil {
+		return nil, err
+	}
+
+	header := &OggHeader{}
+	if string(pageHeader.sig[:]) != pageHeaderSignature {
+		return nil, errBadIDPageSignature
+	}
+
+	if pageHeader.headerType != pageHeaderTypeBeginningOfStream {
+		return nil, errBadIDPageType
+	}
+
+	if len(payload) != idPagePayloadLength {
+		return nil, errBadIDPageLength
+	}
+
+	if s := string(payload[:8]); s != idPageSignature {
+		return nil, errBadIDPagePayloadSignature
+	}
+
+	header.Version = payload[8]
+	header.Channels = payload[9]
+	header.PreSkip = binary.LittleEndian.Uint16(payload[10:12])
+	header.SampleRate = binary.LittleEndian.Uint32(payload[12:16])
+	header.OutputGain = binary.LittleEndian.Uint16(payload[16:18])
+	header.ChannelMap = payload[18]
+
+	return header, nil
+}
+
+// ParseNextPage reads from stream and returns Ogg page payload, header,
+// and an error if there is incomplete page data.
+func (o *OggReader) ParseNextPage() ([]byte, *OggPageHeader, error) {
+	h := make([]byte, pageHeaderLen)
+
+	n, err := io.ReadFull(o.stream, h)
+	if err != nil {
+		return nil, nil, err
+	} else if n < len(h) {
+		return nil, nil, errShortPageHeader
+	}
+
+	pageHeader := &OggPageHeader{
+		sig: [4]byte{h[0], h[1], h[2], h[3]},
+	}
+
+	pageHeader.version = h[4]
+	pageHeader.headerType = h[5]
+	pageHeader.GranulePosition = binary.LittleEndian.Uint64(h[6 : 6+8])
+	pageHeader.serial = binary.LittleEndian.Uint32(h[14 : 14+4])
+	pageHeader.index = binary.LittleEndian.Uint32(h[18 : 18+4])
+	pageHeader.segmentsCount = h[26]
+
+	sizeBuffer := make([]byte, pageHeader.segmentsCount)
+	if _, err = io.ReadFull(o.stream, sizeBuffer); err != nil {
+		return nil, nil, err
+	}
+
+	payloadSize := 0
+	for _, s := range sizeBuffer {
+		payloadSize += int(s)
+	}
+
+	payload := make([]byte, payloadSize)
+	if _, err = io.ReadFull(o.stream, payload); err != nil {
+		return nil, nil, err
+	}
+
+	if o.doChecksum {
+		var checksum uint32
+		updateChecksum := func(v byte) {
+			checksum = (checksum << 8) ^ o.checksumTable[byte(checksum>>24)^v]
+		}
+
+		for index := range h {
+			// Don't include expected checksum in our generation
+			if index > 21 && index < 26 {
+				updateChecksum(0)
+				continue
+			}
+
+			updateChecksum(h[index])
+		}
+		for _, s := range sizeBuffer {
+			updateChecksum(s)
+		}
+		for index := range payload {
+			updateChecksum(payload[index])
+		}
+
+		if binary.LittleEndian.Uint32(h[22:22+4]) != checksum {
+			return nil, nil, errChecksumMismatch
+		}
+	}
+
+	return payload, pageHeader, nil
+}
+
+// ResetReader resets the internal stream of OggReader. This is useful
+// for live streams, where the end of the file might be read without the
+// data being finished.
+func (o *OggReader) ResetReader(reset func(bytesRead int64) io.ReadSeeker) {
+	o.stream = reset(o.bytesReadSuccesfully)
+}
+
+func generateChecksumTable() *[256]uint32 {
+	var table [256]uint32
+	const poly = 0x04c11db7
+
+	for i := range table {
+		r := uint32(i) << 24
+		for j := 0; j < 8; j++ {
+			if (r & 0x80000000) != 0 {
+				r = (r << 1) ^ poly
+			} else {
+				r <<= 1
+			}
+			table[i] = (r & 0xffffffff)
+		}
+	}
+	return &table
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/pkg/media/oggwriter/oggwriter.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/pkg/media/oggwriter/oggwriter.go
new file mode 100644
index 000000000..e20492b7a
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/pkg/media/oggwriter/oggwriter.go
@@ -0,0 +1,261 @@
+// Package oggwriter implements OGG media container writer
+package oggwriter
+
+import (
+	"encoding/binary"
+	"errors"
+	"io"
+	"os"
+
+	"github.com/pion/randutil"
+	"github.com/pion/rtp"
+	"github.com/pion/rtp/codecs"
+)
+
+const (
+	pageHeaderTypeContinuationOfStream = 0x00
+	pageHeaderTypeBeginningOfStream    = 0x02
+	pageHeaderTypeEndOfStream          = 0x04
+	defaultPreSkip                     = 3840 // 3840 recommended in the RFC
+	idPageSignature                    = "OpusHead"
+	commentPageSignature               = "OpusTags"
+	pageHeaderSignature                = "OggS"
+)
+
+var (
+	errFileNotOpened    = errors.New("file not opened")
+	errInvalidNilPacket = errors.New("invalid nil packet")
+)
+
+// OggWriter is used to take RTP packets and write them to an OGG on disk
+type OggWriter struct {
+	stream                  io.Writer
+	fd                      *os.File
+	sampleRate              uint32
+	channelCount            uint16
+	serial                  uint32
+	pageIndex               uint32
+	checksumTable           *[256]uint32
+	previousGranulePosition uint64
+	previousTimestamp       uint32
+	lastPayloadSize         int
+}
+
+// New builds a new OGG Opus writer
+func New(fileName string, sampleRate uint32, channelCount uint16) (*OggWriter, error) {
+	f, err := os.Create(fileName)
+	if err != nil {
+		return nil, err
+	}
+	writer, err := NewWith(f, sampleRate, channelCount)
+	if err != nil {
+		return nil, f.Close()
+	}
+	writer.fd = f
+	return writer, nil
+}
+
+// NewWith initialize a new OGG Opus writer with an io.Writer output
+func NewWith(out io.Writer, sampleRate uint32, channelCount uint16) (*OggWriter, error) {
+	if out == nil {
+		return nil, errFileNotOpened
+	}
+
+	writer := &OggWriter{
+		stream:        out,
+		sampleRate:    sampleRate,
+		channelCount:  channelCount,
+		serial:        randutil.NewMathRandomGenerator().Uint32(),
+		checksumTable: generateChecksumTable(),
+
+		// Timestamp and Granule MUST start from 1
+		// Only headers can have 0 values
+		previousTimestamp:       1,
+		previousGranulePosition: 1,
+	}
+	if err := writer.writeHeaders(); err != nil {
+		return nil, err
+	}
+
+	return writer, nil
+}
+
+/*
+    ref: https://tools.ietf.org/html/rfc7845.html
+    https://git.xiph.org/?p=opus-tools.git;a=blob;f=src/opus_header.c#l219
+
+       Page 0         Pages 1 ... n        Pages (n+1) ...
+    +------------+ +---+ +---+ ... +---+ +-----------+ +---------+ +--
+    |            | |   | |   |     |   | |           | |         | |
+    |+----------+| |+-----------------+| |+-------------------+ +-----
+    |||ID Header|| ||  Comment Header || ||Audio Data Packet 1| | ...
+    |+----------+| |+-----------------+| |+-------------------+ +-----
+    |            | |   | |   |     |   | |           | |         | |
+    +------------+ +---+ +---+ ... +---+ +-----------+ +---------+ +--
+    ^      ^                           ^
+    |      |                           |
+    |      |                           Mandatory Page Break
+    |      |
+    |      ID header is contained on a single page
+    |
+    'Beginning Of Stream'
+
+   Figure 1: Example Packet Organization for a Logical Ogg Opus Stream
+*/
+
+func (i *OggWriter) writeHeaders() error {
+	// ID Header
+	oggIDHeader := make([]byte, 19)
+
+	copy(oggIDHeader[0:], idPageSignature)                          // Magic Signature 'OpusHead'
+	oggIDHeader[8] = 1                                              // Version
+	oggIDHeader[9] = uint8(i.channelCount)                          // Channel count
+	binary.LittleEndian.PutUint16(oggIDHeader[10:], defaultPreSkip) // pre-skip
+	binary.LittleEndian.PutUint32(oggIDHeader[12:], i.sampleRate)   // original sample rate, any valid sample e.g 48000
+	binary.LittleEndian.PutUint16(oggIDHeader[16:], 0)              // output gain
+	oggIDHeader[18] = 0                                             // channel map 0 = one stream: mono or stereo
+
+	// Reference: https://tools.ietf.org/html/rfc7845.html#page-6
+	// RFC specifies that the ID Header page should have a granule position of 0 and a Header Type set to 2 (StartOfStream)
+	data := i.createPage(oggIDHeader, pageHeaderTypeBeginningOfStream, 0, i.pageIndex)
+	if err := i.writeToStream(data); err != nil {
+		return err
+	}
+	i.pageIndex++
+
+	// Comment Header
+	oggCommentHeader := make([]byte, 21)
+	copy(oggCommentHeader[0:], commentPageSignature)        // Magic Signature 'OpusTags'
+	binary.LittleEndian.PutUint32(oggCommentHeader[8:], 5)  // Vendor Length
+	copy(oggCommentHeader[12:], "pion")                     // Vendor name 'pion'
+	binary.LittleEndian.PutUint32(oggCommentHeader[17:], 0) // User Comment List Length
+
+	// RFC specifies that the page where the CommentHeader completes should have a granule position of 0
+	data = i.createPage(oggCommentHeader, pageHeaderTypeContinuationOfStream, 0, i.pageIndex)
+	if err := i.writeToStream(data); err != nil {
+		return err
+	}
+	i.pageIndex++
+
+	return nil
+}
+
+const (
+	pageHeaderSize = 27
+)
+
+func (i *OggWriter) createPage(payload []uint8, headerType uint8, granulePos uint64, pageIndex uint32) []byte {
+	i.lastPayloadSize = len(payload)
+	page := make([]byte, pageHeaderSize+1+i.lastPayloadSize)
+
+	copy(page[0:], pageHeaderSignature)                 // page headers starts with 'OggS'
+	page[4] = 0                                         // Version
+	page[5] = headerType                                // 1 = continuation, 2 = beginning of stream, 4 = end of stream
+	binary.LittleEndian.PutUint64(page[6:], granulePos) // granule position
+	binary.LittleEndian.PutUint32(page[14:], i.serial)  // Bitstream serial number
+	binary.LittleEndian.PutUint32(page[18:], pageIndex) // Page sequence number
+	page[26] = 1                                        // Number of segments in page, giving always 1 segment
+	page[27] = uint8(i.lastPayloadSize)                 // Segment Table inserting at 27th position since page header length is 27
+	copy(page[28:], payload)                            // inserting at 28th since Segment Table(1) + header length(27)
+
+	var checksum uint32
+	for index := range page {
+		checksum = (checksum << 8) ^ i.checksumTable[byte(checksum>>24)^page[index]]
+	}
+	binary.LittleEndian.PutUint32(page[22:], checksum) // Checksum - generating for page data and inserting at 22th position into 32 bits
+
+	return page
+}
+
+// WriteRTP adds a new packet and writes the appropriate headers for it
+func (i *OggWriter) WriteRTP(packet *rtp.Packet) error {
+	if packet == nil {
+		return errInvalidNilPacket
+	}
+
+	opusPacket := codecs.OpusPacket{}
+	if _, err := opusPacket.Unmarshal(packet.Payload); err != nil {
+		// Only handle Opus packets
+		return err
+	}
+
+	payload := opusPacket.Payload[0:]
+
+	// Should be equivalent to sampleRate * duration
+	if i.previousTimestamp != 1 {
+		increment := packet.Timestamp - i.previousTimestamp
+		i.previousGranulePosition += uint64(increment)
+	}
+	i.previousTimestamp = packet.Timestamp
+
+	data := i.createPage(payload, pageHeaderTypeContinuationOfStream, i.previousGranulePosition, i.pageIndex)
+	i.pageIndex++
+	return i.writeToStream(data)
+}
+
+// Close stops the recording
+func (i *OggWriter) Close() error {
+	defer func() {
+		i.fd = nil
+		i.stream = nil
+	}()
+
+	// Returns no error has it may be convenient to call
+	// Close() multiple times
+	if i.fd == nil {
+		// Close stream if we are operating on a stream
+		if closer, ok := i.stream.(io.Closer); ok {
+			return closer.Close()
+		}
+		return nil
+	}
+
+	// Seek back one page, we need to update the header and generate new CRC
+	pageOffset, err := i.fd.Seek(-1*int64(i.lastPayloadSize+pageHeaderSize+1), 2)
+	if err != nil {
+		return err
+	}
+
+	payload := make([]byte, i.lastPayloadSize)
+	if _, err := i.fd.ReadAt(payload, pageOffset+pageHeaderSize+1); err != nil {
+		return err
+	}
+
+	data := i.createPage(payload, pageHeaderTypeEndOfStream, i.previousGranulePosition, i.pageIndex-1)
+	if err := i.writeToStream(data); err != nil {
+		return err
+	}
+
+	// Update the last page if we are operating on files
+	// to mark it as the EOS
+	return i.fd.Close()
+}
+
+// Wraps writing to the stream and maintains state
+// so we can set values for EOS
+func (i *OggWriter) writeToStream(p []byte) error {
+	if i.stream == nil {
+		return errFileNotOpened
+	}
+
+	_, err := i.stream.Write(p)
+	return err
+}
+
+func generateChecksumTable() *[256]uint32 {
+	var table [256]uint32
+	const poly = 0x04c11db7
+
+	for i := range table {
+		r := uint32(i) << 24
+		for j := 0; j < 8; j++ {
+			if (r & 0x80000000) != 0 {
+				r = (r << 1) ^ poly
+			} else {
+				r <<= 1
+			}
+			table[i] = (r & 0xffffffff)
+		}
+	}
+	return &table
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/pkg/rtcerr/errors.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/pkg/rtcerr/errors.go
new file mode 100644
index 000000000..aa94b7bf9
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/pkg/rtcerr/errors.go
@@ -0,0 +1,160 @@
+// Package rtcerr implements the error wrappers defined throughout the
+// WebRTC 1.0 specifications.
+package rtcerr
+
+import (
+	"fmt"
+)
+
+// UnknownError indicates the operation failed for an unknown transient reason.
+type UnknownError struct {
+	Err error
+}
+
+func (e *UnknownError) Error() string {
+	return fmt.Sprintf("UnknownError: %v", e.Err)
+}
+
+// Unwrap returns the result of calling the Unwrap method on err, if err's type contains
+// an Unwrap method returning error. Otherwise, Unwrap returns nil.
+func (e *UnknownError) Unwrap() error {
+	return e.Err
+}
+
+// InvalidStateError indicates the object is in an invalid state.
+type InvalidStateError struct {
+	Err error
+}
+
+func (e *InvalidStateError) Error() string {
+	return fmt.Sprintf("InvalidStateError: %v", e.Err)
+}
+
+// Unwrap returns the result of calling the Unwrap method on err, if err's type contains
+// an Unwrap method returning error. Otherwise, Unwrap returns nil.
+func (e *InvalidStateError) Unwrap() error {
+	return e.Err
+}
+
+// InvalidAccessError indicates the object does not support the operation or
+// argument.
+type InvalidAccessError struct {
+	Err error
+}
+
+func (e *InvalidAccessError) Error() string {
+	return fmt.Sprintf("InvalidAccessError: %v", e.Err)
+}
+
+// Unwrap returns the result of calling the Unwrap method on err, if err's type contains
+// an Unwrap method returning error. Otherwise, Unwrap returns nil.
+func (e *InvalidAccessError) Unwrap() error {
+	return e.Err
+}
+
+// NotSupportedError indicates the operation is not supported.
+type NotSupportedError struct {
+	Err error
+}
+
+func (e *NotSupportedError) Error() string {
+	return fmt.Sprintf("NotSupportedError: %v", e.Err)
+}
+
+// Unwrap returns the result of calling the Unwrap method on err, if err's type contains
+// an Unwrap method returning error. Otherwise, Unwrap returns nil.
+func (e *NotSupportedError) Unwrap() error {
+	return e.Err
+}
+
+// InvalidModificationError indicates the object cannot be modified in this way.
+type InvalidModificationError struct {
+	Err error
+}
+
+func (e *InvalidModificationError) Error() string {
+	return fmt.Sprintf("InvalidModificationError: %v", e.Err)
+}
+
+// Unwrap returns the result of calling the Unwrap method on err, if err's type contains
+// an Unwrap method returning error. Otherwise, Unwrap returns nil.
+func (e *InvalidModificationError) Unwrap() error {
+	return e.Err
+}
+
+// SyntaxError indicates the string did not match the expected pattern.
+type SyntaxError struct {
+	Err error
+}
+
+func (e *SyntaxError) Error() string {
+	return fmt.Sprintf("SyntaxError: %v", e.Err)
+}
+
+// Unwrap returns the result of calling the Unwrap method on err, if err's type contains
+// an Unwrap method returning error. Otherwise, Unwrap returns nil.
+func (e *SyntaxError) Unwrap() error {
+	return e.Err
+}
+
+// TypeError indicates an error when a value is not of the expected type.
+type TypeError struct {
+	Err error
+}
+
+func (e *TypeError) Error() string {
+	return fmt.Sprintf("TypeError: %v", e.Err)
+}
+
+// Unwrap returns the result of calling the Unwrap method on err, if err's type contains
+// an Unwrap method returning error. Otherwise, Unwrap returns nil.
+func (e *TypeError) Unwrap() error {
+	return e.Err
+}
+
+// OperationError indicates the operation failed for an operation-specific
+// reason.
+type OperationError struct {
+	Err error
+}
+
+func (e *OperationError) Error() string {
+	return fmt.Sprintf("OperationError: %v", e.Err)
+}
+
+// Unwrap returns the result of calling the Unwrap method on err, if err's type contains
+// an Unwrap method returning error. Otherwise, Unwrap returns nil.
+func (e *OperationError) Unwrap() error {
+	return e.Err
+}
+
+// NotReadableError indicates the input/output read operation failed.
+type NotReadableError struct {
+	Err error
+}
+
+func (e *NotReadableError) Error() string {
+	return fmt.Sprintf("NotReadableError: %v", e.Err)
+}
+
+// Unwrap returns the result of calling the Unwrap method on err, if err's type contains
+// an Unwrap method returning error. Otherwise, Unwrap returns nil.
+func (e *NotReadableError) Unwrap() error {
+	return e.Err
+}
+
+// RangeError indicates an error when a value is not in the set or range
+// of allowed values.
+type RangeError struct {
+	Err error
+}
+
+func (e *RangeError) Error() string {
+	return fmt.Sprintf("RangeError: %v", e.Err)
+}
+
+// Unwrap returns the result of calling the Unwrap method on err, if err's type contains
+// an Unwrap method returning error. Otherwise, Unwrap returns nil.
+func (e *RangeError) Unwrap() error {
+	return e.Err
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/renovate.json b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/renovate.json
new file mode 100644
index 000000000..4400fd9b2
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/renovate.json
@@ -0,0 +1,15 @@
+{
+  "extends": [
+    "config:base"
+  ],
+  "postUpdateOptions": [
+    "gomodTidy"
+  ],
+  "commitBody": "Generated by renovateBot",
+  "packageRules": [
+    {
+      "packagePatterns": ["^golang.org/x/"],
+      "schedule": ["on the first day of the month"]
+    }
+  ]
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/rtcpfeedback.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/rtcpfeedback.go
new file mode 100644
index 000000000..b377738f6
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/rtcpfeedback.go
@@ -0,0 +1,31 @@
+package webrtc
+
+const (
+	// TypeRTCPFBTransportCC ..
+	TypeRTCPFBTransportCC = "transport-cc"
+
+	// TypeRTCPFBGoogREMB ..
+	TypeRTCPFBGoogREMB = "goog-remb"
+
+	// TypeRTCPFBACK ..
+	TypeRTCPFBACK = "ack"
+
+	// TypeRTCPFBCCM ..
+	TypeRTCPFBCCM = "ccm"
+
+	// TypeRTCPFBNACK ..
+	TypeRTCPFBNACK = "nack"
+)
+
+// RTCPFeedback signals the connection to use additional RTCP packet types.
+// https://draft.ortc.org/#dom-rtcrtcpfeedback
+type RTCPFeedback struct {
+	// Type is the type of feedback.
+	// see: https://draft.ortc.org/#dom-rtcrtcpfeedback
+	// valid: ack, ccm, nack, goog-remb, transport-cc
+	Type string
+
+	// The parameter value depends on the type.
+	// For example, type="nack" parameter="pli" will send Picture Loss Indicator packets.
+	Parameter string
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/rtcpmuxpolicy.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/rtcpmuxpolicy.go
new file mode 100644
index 000000000..f74e440b3
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/rtcpmuxpolicy.go
@@ -0,0 +1,66 @@
+package webrtc
+
+import (
+	"encoding/json"
+)
+
+// RTCPMuxPolicy affects what ICE candidates are gathered to support
+// non-multiplexed RTCP.
+type RTCPMuxPolicy int
+
+const (
+	// RTCPMuxPolicyNegotiate indicates to gather ICE candidates for both
+	// RTP and RTCP candidates. If the remote-endpoint is capable of
+	// multiplexing RTCP, multiplex RTCP on the RTP candidates. If it is not,
+	// use both the RTP and RTCP candidates separately.
+	RTCPMuxPolicyNegotiate RTCPMuxPolicy = iota + 1
+
+	// RTCPMuxPolicyRequire indicates to gather ICE candidates only for
+	// RTP and multiplex RTCP on the RTP candidates. If the remote endpoint is
+	// not capable of rtcp-mux, session negotiation will fail.
+	RTCPMuxPolicyRequire
+)
+
+// This is done this way because of a linter.
+const (
+	rtcpMuxPolicyNegotiateStr = "negotiate"
+	rtcpMuxPolicyRequireStr   = "require"
+)
+
+func newRTCPMuxPolicy(raw string) RTCPMuxPolicy {
+	switch raw {
+	case rtcpMuxPolicyNegotiateStr:
+		return RTCPMuxPolicyNegotiate
+	case rtcpMuxPolicyRequireStr:
+		return RTCPMuxPolicyRequire
+	default:
+		return RTCPMuxPolicy(Unknown)
+	}
+}
+
+func (t RTCPMuxPolicy) String() string {
+	switch t {
+	case RTCPMuxPolicyNegotiate:
+		return rtcpMuxPolicyNegotiateStr
+	case RTCPMuxPolicyRequire:
+		return rtcpMuxPolicyRequireStr
+	default:
+		return ErrUnknownType.Error()
+	}
+}
+
+// UnmarshalJSON parses the JSON-encoded data and stores the result
+func (t *RTCPMuxPolicy) UnmarshalJSON(b []byte) error {
+	var val string
+	if err := json.Unmarshal(b, &val); err != nil {
+		return err
+	}
+
+	*t = newRTCPMuxPolicy(val)
+	return nil
+}
+
+// MarshalJSON returns the JSON encoding
+func (t RTCPMuxPolicy) MarshalJSON() ([]byte, error) {
+	return json.Marshal(t.String())
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/rtpcapabilities.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/rtpcapabilities.go
new file mode 100644
index 000000000..dc42230d1
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/rtpcapabilities.go
@@ -0,0 +1,9 @@
+package webrtc
+
+// RTPCapabilities represents the capabilities of a transceiver
+//
+// https://w3c.github.io/webrtc-pc/#rtcrtpcapabilities
+type RTPCapabilities struct {
+	Codecs           []RTPCodecCapability
+	HeaderExtensions []RTPHeaderExtensionCapability
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/rtpcodec.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/rtpcodec.go
new file mode 100644
index 000000000..f1bb1c165
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/rtpcodec.go
@@ -0,0 +1,107 @@
+package webrtc
+
+import (
+	"strings"
+)
+
+// RTPCodecType determines the type of a codec
+type RTPCodecType int
+
+const (
+
+	// RTPCodecTypeAudio indicates this is an audio codec
+	RTPCodecTypeAudio RTPCodecType = iota + 1
+
+	// RTPCodecTypeVideo indicates this is a video codec
+	RTPCodecTypeVideo
+)
+
+func (t RTPCodecType) String() string {
+	switch t {
+	case RTPCodecTypeAudio:
+		return "audio"
+	case RTPCodecTypeVideo:
+		return "video" //nolint: goconst
+	default:
+		return ErrUnknownType.Error()
+	}
+}
+
+// NewRTPCodecType creates a RTPCodecType from a string
+func NewRTPCodecType(r string) RTPCodecType {
+	switch {
+	case strings.EqualFold(r, RTPCodecTypeAudio.String()):
+		return RTPCodecTypeAudio
+	case strings.EqualFold(r, RTPCodecTypeVideo.String()):
+		return RTPCodecTypeVideo
+	default:
+		return RTPCodecType(0)
+	}
+}
+
+// RTPCodecCapability provides information about codec capabilities.
+//
+// https://w3c.github.io/webrtc-pc/#dictionary-rtcrtpcodeccapability-members
+type RTPCodecCapability struct {
+	MimeType     string
+	ClockRate    uint32
+	Channels     uint16
+	SDPFmtpLine  string
+	RTCPFeedback []RTCPFeedback
+}
+
+// RTPHeaderExtensionCapability is used to define a RFC5285 RTP header extension supported by the codec.
+//
+// https://w3c.github.io/webrtc-pc/#dom-rtcrtpcapabilities-headerextensions
+type RTPHeaderExtensionCapability struct {
+	URI string
+}
+
+// RTPHeaderExtensionParameter represents a negotiated RFC5285 RTP header extension.
+//
+// https://w3c.github.io/webrtc-pc/#dictionary-rtcrtpheaderextensionparameters-members
+type RTPHeaderExtensionParameter struct {
+	URI string
+	ID  int
+}
+
+// RTPCodecParameters is a sequence containing the media codecs that an RtpSender
+// will choose from, as well as entries for RTX, RED and FEC mechanisms. This also
+// includes the PayloadType that has been negotiated
+//
+// https://w3c.github.io/webrtc-pc/#rtcrtpcodecparameters
+type RTPCodecParameters struct {
+	RTPCodecCapability
+	PayloadType PayloadType
+
+	statsID string
+}
+
+// RTPParameters is a list of negotiated codecs and header extensions
+//
+// https://w3c.github.io/webrtc-pc/#dictionary-rtcrtpparameters-members
+type RTPParameters struct {
+	HeaderExtensions []RTPHeaderExtensionParameter
+	Codecs           []RTPCodecParameters
+}
+
+// Do a fuzzy find for a codec in the list of codecs
+// Used for lookup up a codec in an existing list to find a match
+func codecParametersFuzzySearch(needle RTPCodecParameters, haystack []RTPCodecParameters) (RTPCodecParameters, error) {
+	// First attempt to match on MimeType + SDPFmtpLine
+	for _, c := range haystack {
+		if strings.EqualFold(c.RTPCodecCapability.MimeType, needle.RTPCodecCapability.MimeType) &&
+			c.RTPCodecCapability.SDPFmtpLine == needle.RTPCodecCapability.SDPFmtpLine {
+			return c, nil
+		}
+	}
+
+	// Fallback to just MimeType
+	for _, c := range haystack {
+		if strings.EqualFold(c.RTPCodecCapability.MimeType, needle.RTPCodecCapability.MimeType) {
+			return c, nil
+		}
+	}
+
+	return RTPCodecParameters{}, ErrCodecNotFound
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/rtpcodingparameters.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/rtpcodingparameters.go
new file mode 100644
index 000000000..8a08c3321
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/rtpcodingparameters.go
@@ -0,0 +1,10 @@
+package webrtc
+
+// RTPCodingParameters provides information relating to both encoding and decoding.
+// This is a subset of the RFC since Pion WebRTC doesn't implement encoding/decoding itself
+// http://draft.ortc.org/#dom-rtcrtpcodingparameters
+type RTPCodingParameters struct {
+	RID         string      `json:"rid"`
+	SSRC        SSRC        `json:"ssrc"`
+	PayloadType PayloadType `json:"payloadType"`
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/rtpdecodingparameters.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/rtpdecodingparameters.go
new file mode 100644
index 000000000..77aa1fc1c
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/rtpdecodingparameters.go
@@ -0,0 +1,8 @@
+package webrtc
+
+// RTPDecodingParameters provides information relating to both encoding and decoding.
+// This is a subset of the RFC since Pion WebRTC doesn't implement decoding itself
+// http://draft.ortc.org/#dom-rtcrtpdecodingparameters
+type RTPDecodingParameters struct {
+	RTPCodingParameters
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/rtpencodingparameters.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/rtpencodingparameters.go
new file mode 100644
index 000000000..09481a570
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/rtpencodingparameters.go
@@ -0,0 +1,8 @@
+package webrtc
+
+// RTPEncodingParameters provides information relating to both encoding and decoding.
+// This is a subset of the RFC since Pion WebRTC doesn't implement encoding itself
+// http://draft.ortc.org/#dom-rtcrtpencodingparameters
+type RTPEncodingParameters struct {
+	RTPCodingParameters
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/rtpreceiveparameters.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/rtpreceiveparameters.go
new file mode 100644
index 000000000..badf6b733
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/rtpreceiveparameters.go
@@ -0,0 +1,6 @@
+package webrtc
+
+// RTPReceiveParameters contains the RTP stack settings used by receivers
+type RTPReceiveParameters struct {
+	Encodings []RTPDecodingParameters
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/rtpreceiver.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/rtpreceiver.go
new file mode 100644
index 000000000..8d558e050
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/rtpreceiver.go
@@ -0,0 +1,361 @@
+// +build !js
+
+package webrtc
+
+import (
+	"fmt"
+	"io"
+	"sync"
+	"time"
+
+	"github.com/pion/interceptor"
+	"github.com/pion/rtcp"
+	"github.com/pion/srtp/v2"
+	"github.com/pion/webrtc/v3/internal/util"
+)
+
+// trackStreams maintains a mapping of RTP/RTCP streams to a specific track
+// a RTPReceiver may contain multiple streams if we are dealing with Multicast
+type trackStreams struct {
+	track *TrackRemote
+
+	rtpReadStream  *srtp.ReadStreamSRTP
+	rtpInterceptor interceptor.RTPReader
+
+	rtcpReadStream  *srtp.ReadStreamSRTCP
+	rtcpInterceptor interceptor.RTCPReader
+}
+
+// RTPReceiver allows an application to inspect the receipt of a TrackRemote
+type RTPReceiver struct {
+	kind      RTPCodecType
+	transport *DTLSTransport
+
+	tracks []trackStreams
+
+	closed, received chan interface{}
+	mu               sync.RWMutex
+
+	// A reference to the associated api object
+	api *API
+}
+
+// NewRTPReceiver constructs a new RTPReceiver
+func (api *API) NewRTPReceiver(kind RTPCodecType, transport *DTLSTransport) (*RTPReceiver, error) {
+	if transport == nil {
+		return nil, errRTPReceiverDTLSTransportNil
+	}
+
+	r := &RTPReceiver{
+		kind:      kind,
+		transport: transport,
+		api:       api,
+		closed:    make(chan interface{}),
+		received:  make(chan interface{}),
+		tracks:    []trackStreams{},
+	}
+
+	return r, nil
+}
+
+// Transport returns the currently-configured *DTLSTransport or nil
+// if one has not yet been configured
+func (r *RTPReceiver) Transport() *DTLSTransport {
+	r.mu.RLock()
+	defer r.mu.RUnlock()
+	return r.transport
+}
+
+// GetParameters describes the current configuration for the encoding and
+// transmission of media on the receiver's track.
+func (r *RTPReceiver) GetParameters() RTPParameters {
+	return r.api.mediaEngine.getRTPParametersByKind(r.kind, []RTPTransceiverDirection{RTPTransceiverDirectionRecvonly})
+}
+
+// Track returns the RtpTransceiver TrackRemote
+func (r *RTPReceiver) Track() *TrackRemote {
+	r.mu.RLock()
+	defer r.mu.RUnlock()
+
+	if len(r.tracks) != 1 {
+		return nil
+	}
+	return r.tracks[0].track
+}
+
+// Tracks returns the RtpTransceiver tracks
+// A RTPReceiver to support Simulcast may now have multiple tracks
+func (r *RTPReceiver) Tracks() []*TrackRemote {
+	r.mu.RLock()
+	defer r.mu.RUnlock()
+
+	var tracks []*TrackRemote
+	for i := range r.tracks {
+		tracks = append(tracks, r.tracks[i].track)
+	}
+	return tracks
+}
+
+// Receive initialize the track and starts all the transports
+func (r *RTPReceiver) Receive(parameters RTPReceiveParameters) error {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+	select {
+	case <-r.received:
+		return errRTPReceiverReceiveAlreadyCalled
+	default:
+	}
+	defer close(r.received)
+
+	if len(parameters.Encodings) == 1 && parameters.Encodings[0].SSRC != 0 {
+		t := trackStreams{
+			track: newTrackRemote(
+				r.kind,
+				parameters.Encodings[0].SSRC,
+				"",
+				r,
+			),
+		}
+
+		globalParams := r.GetParameters()
+		codec := RTPCodecCapability{}
+		if len(globalParams.Codecs) != 0 {
+			codec = globalParams.Codecs[0].RTPCodecCapability
+		}
+
+		streamInfo := createStreamInfo("", parameters.Encodings[0].SSRC, 0, codec, globalParams.HeaderExtensions)
+		var err error
+		if t.rtpReadStream, t.rtpInterceptor, t.rtcpReadStream, t.rtcpInterceptor, err = r.streamsForSSRC(parameters.Encodings[0].SSRC, streamInfo); err != nil {
+			return err
+		}
+
+		r.tracks = append(r.tracks, t)
+	} else {
+		for _, encoding := range parameters.Encodings {
+			r.tracks = append(r.tracks, trackStreams{
+				track: newTrackRemote(
+					r.kind,
+					0,
+					encoding.RID,
+					r,
+				),
+			})
+		}
+	}
+
+	return nil
+}
+
+// Read reads incoming RTCP for this RTPReceiver
+func (r *RTPReceiver) Read(b []byte) (n int, a interceptor.Attributes, err error) {
+	select {
+	case <-r.received:
+		return r.tracks[0].rtcpInterceptor.Read(b, a)
+	case <-r.closed:
+		return 0, nil, io.ErrClosedPipe
+	}
+}
+
+// ReadSimulcast reads incoming RTCP for this RTPReceiver for given rid
+func (r *RTPReceiver) ReadSimulcast(b []byte, rid string) (n int, a interceptor.Attributes, err error) {
+	select {
+	case <-r.received:
+		for _, t := range r.tracks {
+			if t.track != nil && t.track.rid == rid {
+				return t.rtcpInterceptor.Read(b, a)
+			}
+		}
+		return 0, nil, fmt.Errorf("%w: %s", errRTPReceiverForRIDTrackStreamNotFound, rid)
+	case <-r.closed:
+		return 0, nil, io.ErrClosedPipe
+	}
+}
+
+// ReadRTCP is a convenience method that wraps Read and unmarshal for you.
+// It also runs any configured interceptors.
+func (r *RTPReceiver) ReadRTCP() ([]rtcp.Packet, interceptor.Attributes, error) {
+	b := make([]byte, receiveMTU)
+	i, attributes, err := r.Read(b)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	pkts, err := rtcp.Unmarshal(b[:i])
+	if err != nil {
+		return nil, nil, err
+	}
+
+	return pkts, attributes, nil
+}
+
+// ReadSimulcastRTCP is a convenience method that wraps ReadSimulcast and unmarshal for you
+func (r *RTPReceiver) ReadSimulcastRTCP(rid string) ([]rtcp.Packet, interceptor.Attributes, error) {
+	b := make([]byte, receiveMTU)
+	i, attributes, err := r.ReadSimulcast(b, rid)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	pkts, err := rtcp.Unmarshal(b[:i])
+	return pkts, attributes, err
+}
+
+func (r *RTPReceiver) haveReceived() bool {
+	select {
+	case <-r.received:
+		return true
+	default:
+		return false
+	}
+}
+
+// Stop irreversibly stops the RTPReceiver
+func (r *RTPReceiver) Stop() error {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+	var err error
+
+	select {
+	case <-r.closed:
+		return err
+	default:
+	}
+
+	select {
+	case <-r.received:
+		for i := range r.tracks {
+			errs := []error{}
+
+			if r.tracks[i].rtcpReadStream != nil {
+				errs = append(errs, r.tracks[i].rtcpReadStream.Close())
+			}
+
+			if r.tracks[i].rtpReadStream != nil {
+				errs = append(errs, r.tracks[i].rtpReadStream.Close())
+			}
+
+			err = util.FlattenErrs(errs)
+		}
+	default:
+	}
+
+	close(r.closed)
+	return err
+}
+
+func (r *RTPReceiver) streamsForTrack(t *TrackRemote) *trackStreams {
+	for i := range r.tracks {
+		if r.tracks[i].track == t {
+			return &r.tracks[i]
+		}
+	}
+	return nil
+}
+
+// readRTP should only be called by a track, this only exists so we can keep state in one place
+func (r *RTPReceiver) readRTP(b []byte, reader *TrackRemote) (n int, a interceptor.Attributes, err error) {
+	<-r.received
+	if t := r.streamsForTrack(reader); t != nil {
+		return t.rtpInterceptor.Read(b, a)
+	}
+
+	return 0, nil, fmt.Errorf("%w: %d", errRTPReceiverWithSSRCTrackStreamNotFound, reader.SSRC())
+}
+
+// receiveForRid is the sibling of Receive expect for RIDs instead of SSRCs
+// It populates all the internal state for the given RID
+func (r *RTPReceiver) receiveForRid(rid string, params RTPParameters, ssrc SSRC) (*TrackRemote, error) {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+
+	for i := range r.tracks {
+		if r.tracks[i].track.RID() == rid {
+			r.tracks[i].track.mu.Lock()
+			r.tracks[i].track.kind = r.kind
+			r.tracks[i].track.codec = params.Codecs[0]
+			r.tracks[i].track.params = params
+			r.tracks[i].track.ssrc = ssrc
+			streamInfo := createStreamInfo("", ssrc, params.Codecs[0].PayloadType, params.Codecs[0].RTPCodecCapability, params.HeaderExtensions)
+			r.tracks[i].track.mu.Unlock()
+
+			var err error
+			if r.tracks[i].rtpReadStream, r.tracks[i].rtpInterceptor, r.tracks[i].rtcpReadStream, r.tracks[i].rtcpInterceptor, err = r.streamsForSSRC(ssrc, streamInfo); err != nil {
+				return nil, err
+			}
+
+			return r.tracks[i].track, nil
+		}
+	}
+
+	return nil, fmt.Errorf("%w: %d", errRTPReceiverForSSRCTrackStreamNotFound, ssrc)
+}
+
+func (r *RTPReceiver) streamsForSSRC(ssrc SSRC, streamInfo interceptor.StreamInfo) (*srtp.ReadStreamSRTP, interceptor.RTPReader, *srtp.ReadStreamSRTCP, interceptor.RTCPReader, error) {
+	srtpSession, err := r.transport.getSRTPSession()
+	if err != nil {
+		return nil, nil, nil, nil, err
+	}
+
+	rtpReadStream, err := srtpSession.OpenReadStream(uint32(ssrc))
+	if err != nil {
+		return nil, nil, nil, nil, err
+	}
+
+	rtpInterceptor := r.api.interceptor.BindRemoteStream(&streamInfo, interceptor.RTPReaderFunc(func(in []byte, a interceptor.Attributes) (n int, attributes interceptor.Attributes, err error) {
+		n, err = rtpReadStream.Read(in)
+		return n, a, err
+	}))
+
+	srtcpSession, err := r.transport.getSRTCPSession()
+	if err != nil {
+		return nil, nil, nil, nil, err
+	}
+
+	rtcpReadStream, err := srtcpSession.OpenReadStream(uint32(ssrc))
+	if err != nil {
+		return nil, nil, nil, nil, err
+	}
+
+	rtcpInterceptor := r.api.interceptor.BindRTCPReader(interceptor.RTPReaderFunc(func(in []byte, a interceptor.Attributes) (n int, attributes interceptor.Attributes, err error) {
+		n, err = rtcpReadStream.Read(in)
+		return n, a, err
+	}))
+
+	return rtpReadStream, rtpInterceptor, rtcpReadStream, rtcpInterceptor, nil
+}
+
+// SetReadDeadline sets the max amount of time the RTCP stream will block before returning. 0 is forever.
+func (r *RTPReceiver) SetReadDeadline(t time.Time) error {
+	r.mu.RLock()
+	defer r.mu.RUnlock()
+
+	if err := r.tracks[0].rtcpReadStream.SetReadDeadline(t); err != nil {
+		return err
+	}
+	return nil
+}
+
+// SetReadDeadlineSimulcast sets the max amount of time the RTCP stream for a given rid will block before returning. 0 is forever.
+func (r *RTPReceiver) SetReadDeadlineSimulcast(deadline time.Time, rid string) error {
+	r.mu.RLock()
+	defer r.mu.RUnlock()
+
+	for _, t := range r.tracks {
+		if t.track != nil && t.track.rid == rid {
+			return t.rtcpReadStream.SetReadDeadline(deadline)
+		}
+	}
+	return fmt.Errorf("%w: %s", errRTPReceiverForRIDTrackStreamNotFound, rid)
+}
+
+// setRTPReadDeadline sets the max amount of time the RTP stream will block before returning. 0 is forever.
+// This should be fired by calling SetReadDeadline on the TrackRemote
+func (r *RTPReceiver) setRTPReadDeadline(deadline time.Time, reader *TrackRemote) error {
+	r.mu.RLock()
+	defer r.mu.RUnlock()
+
+	if t := r.streamsForTrack(reader); t != nil {
+		return t.rtpReadStream.SetReadDeadline(deadline)
+	}
+	return fmt.Errorf("%w: %d", errRTPReceiverWithSSRCTrackStreamNotFound, reader.SSRC())
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/rtpsender.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/rtpsender.go
new file mode 100644
index 000000000..c29cbeede
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/rtpsender.go
@@ -0,0 +1,254 @@
+// +build !js
+
+package webrtc
+
+import (
+	"io"
+	"sync"
+
+	"github.com/pion/interceptor"
+	"github.com/pion/randutil"
+	"github.com/pion/rtcp"
+	"github.com/pion/rtp"
+)
+
+// RTPSender allows an application to control how a given Track is encoded and transmitted to a remote peer
+type RTPSender struct {
+	track TrackLocal
+
+	srtpStream      *srtpWriterFuture
+	rtcpInterceptor interceptor.RTCPReader
+
+	context TrackLocalContext
+
+	transport *DTLSTransport
+
+	payloadType PayloadType
+	ssrc        SSRC
+
+	// nolint:godox
+	// TODO(sgotti) remove this when in future we'll avoid replacing
+	// a transceiver sender since we can just check the
+	// transceiver negotiation status
+	negotiated bool
+
+	// A reference to the associated api object
+	api *API
+	id  string
+
+	mu                     sync.RWMutex
+	sendCalled, stopCalled chan struct{}
+}
+
+// NewRTPSender constructs a new RTPSender
+func (api *API) NewRTPSender(track TrackLocal, transport *DTLSTransport) (*RTPSender, error) {
+	if track == nil {
+		return nil, errRTPSenderTrackNil
+	} else if transport == nil {
+		return nil, errRTPSenderDTLSTransportNil
+	}
+
+	id, err := randutil.GenerateCryptoRandomString(32, "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ")
+	if err != nil {
+		return nil, err
+	}
+
+	r := &RTPSender{
+		track:      track,
+		transport:  transport,
+		api:        api,
+		sendCalled: make(chan struct{}),
+		stopCalled: make(chan struct{}),
+		ssrc:       SSRC(randutil.NewMathRandomGenerator().Uint32()),
+		id:         id,
+		srtpStream: &srtpWriterFuture{},
+	}
+
+	r.srtpStream.rtpSender = r
+
+	r.rtcpInterceptor = r.api.interceptor.BindRTCPReader(interceptor.RTPReaderFunc(func(in []byte, a interceptor.Attributes) (n int, attributes interceptor.Attributes, err error) {
+		n, err = r.srtpStream.Read(in)
+		return n, a, err
+	}))
+
+	return r, nil
+}
+
+func (r *RTPSender) isNegotiated() bool {
+	r.mu.RLock()
+	defer r.mu.RUnlock()
+	return r.negotiated
+}
+
+func (r *RTPSender) setNegotiated() {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+	r.negotiated = true
+}
+
+// Transport returns the currently-configured *DTLSTransport or nil
+// if one has not yet been configured
+func (r *RTPSender) Transport() *DTLSTransport {
+	r.mu.RLock()
+	defer r.mu.RUnlock()
+	return r.transport
+}
+
+// GetParameters describes the current configuration for the encoding and
+// transmission of media on the sender's track.
+func (r *RTPSender) GetParameters() RTPSendParameters {
+	return RTPSendParameters{
+		RTPParameters: r.api.mediaEngine.getRTPParametersByKind(
+			r.track.Kind(),
+			[]RTPTransceiverDirection{RTPTransceiverDirectionSendonly},
+		),
+		Encodings: []RTPEncodingParameters{
+			{
+				RTPCodingParameters: RTPCodingParameters{
+					SSRC:        r.ssrc,
+					PayloadType: r.payloadType,
+				},
+			},
+		},
+	}
+}
+
+// Track returns the RTCRtpTransceiver track, or nil
+func (r *RTPSender) Track() TrackLocal {
+	r.mu.RLock()
+	defer r.mu.RUnlock()
+	return r.track
+}
+
+// ReplaceTrack replaces the track currently being used as the sender's source with a new TrackLocal.
+// The new track must be of the same media kind (audio, video, etc) and switching the track should not
+// require negotiation.
+func (r *RTPSender) ReplaceTrack(track TrackLocal) error {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+
+	if r.hasSent() && r.track != nil {
+		if err := r.track.Unbind(r.context); err != nil {
+			return err
+		}
+	}
+
+	if !r.hasSent() || track == nil {
+		r.track = track
+		return nil
+	}
+
+	if _, err := track.Bind(r.context); err != nil {
+		// Re-bind the original track
+		if _, reBindErr := r.track.Bind(r.context); reBindErr != nil {
+			return reBindErr
+		}
+
+		return err
+	}
+
+	r.track = track
+	return nil
+}
+
+// Send Attempts to set the parameters controlling the sending of media.
+func (r *RTPSender) Send(parameters RTPSendParameters) error {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+
+	if r.hasSent() {
+		return errRTPSenderSendAlreadyCalled
+	}
+
+	writeStream := &interceptorToTrackLocalWriter{}
+	r.context = TrackLocalContext{
+		id:          r.id,
+		params:      r.api.mediaEngine.getRTPParametersByKind(r.track.Kind(), []RTPTransceiverDirection{RTPTransceiverDirectionSendonly}),
+		ssrc:        parameters.Encodings[0].SSRC,
+		writeStream: writeStream,
+	}
+
+	codec, err := r.track.Bind(r.context)
+	if err != nil {
+		return err
+	}
+	r.context.params.Codecs = []RTPCodecParameters{codec}
+
+	streamInfo := createStreamInfo(r.id, parameters.Encodings[0].SSRC, codec.PayloadType, codec.RTPCodecCapability, parameters.HeaderExtensions)
+	rtpInterceptor := r.api.interceptor.BindLocalStream(&streamInfo, interceptor.RTPWriterFunc(func(header *rtp.Header, payload []byte, attributes interceptor.Attributes) (int, error) {
+		return r.srtpStream.WriteRTP(header, payload)
+	}))
+	writeStream.interceptor.Store(rtpInterceptor)
+
+	close(r.sendCalled)
+	return nil
+}
+
+// Stop irreversibly stops the RTPSender
+func (r *RTPSender) Stop() error {
+	r.mu.Lock()
+
+	if stopped := r.hasStopped(); stopped {
+		r.mu.Unlock()
+		return nil
+	}
+
+	close(r.stopCalled)
+	r.mu.Unlock()
+
+	if !r.hasSent() {
+		return nil
+	}
+
+	if err := r.ReplaceTrack(nil); err != nil {
+		return err
+	}
+
+	return r.srtpStream.Close()
+}
+
+// Read reads incoming RTCP for this RTPReceiver
+func (r *RTPSender) Read(b []byte) (n int, a interceptor.Attributes, err error) {
+	select {
+	case <-r.sendCalled:
+		return r.rtcpInterceptor.Read(b, a)
+	case <-r.stopCalled:
+		return 0, nil, io.ErrClosedPipe
+	}
+}
+
+// ReadRTCP is a convenience method that wraps Read and unmarshals for you.
+func (r *RTPSender) ReadRTCP() ([]rtcp.Packet, interceptor.Attributes, error) {
+	b := make([]byte, receiveMTU)
+	i, attributes, err := r.Read(b)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	pkts, err := rtcp.Unmarshal(b[:i])
+	if err != nil {
+		return nil, nil, err
+	}
+
+	return pkts, attributes, nil
+}
+
+// hasSent tells if data has been ever sent for this instance
+func (r *RTPSender) hasSent() bool {
+	select {
+	case <-r.sendCalled:
+		return true
+	default:
+		return false
+	}
+}
+
+// hasStopped tells if stop has been called
+func (r *RTPSender) hasStopped() bool {
+	select {
+	case <-r.stopCalled:
+		return true
+	default:
+		return false
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/rtpsendparameters.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/rtpsendparameters.go
new file mode 100644
index 000000000..cc55e5dcc
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/rtpsendparameters.go
@@ -0,0 +1,7 @@
+package webrtc
+
+// RTPSendParameters contains the RTP stack settings used by receivers
+type RTPSendParameters struct {
+	RTPParameters
+	Encodings []RTPEncodingParameters
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/rtptransceiver.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/rtptransceiver.go
new file mode 100644
index 000000000..b0c1f03d1
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/rtptransceiver.go
@@ -0,0 +1,187 @@
+// +build !js
+
+package webrtc
+
+import (
+	"fmt"
+	"sync/atomic"
+
+	"github.com/pion/rtp"
+)
+
+// RTPTransceiver represents a combination of an RTPSender and an RTPReceiver that share a common mid.
+type RTPTransceiver struct {
+	mid       atomic.Value // string
+	sender    atomic.Value // *RTPSender
+	receiver  atomic.Value // *RTPReceiver
+	direction atomic.Value // RTPTransceiverDirection
+
+	stopped bool
+	kind    RTPCodecType
+}
+
+// Sender returns the RTPTransceiver's RTPSender if it has one
+func (t *RTPTransceiver) Sender() *RTPSender {
+	if v := t.sender.Load(); v != nil {
+		return v.(*RTPSender)
+	}
+
+	return nil
+}
+
+// SetSender sets the RTPSender and Track to current transceiver
+func (t *RTPTransceiver) SetSender(s *RTPSender, track TrackLocal) error {
+	t.setSender(s)
+	return t.setSendingTrack(track)
+}
+
+func (t *RTPTransceiver) setSender(s *RTPSender) {
+	t.sender.Store(s)
+}
+
+// Receiver returns the RTPTransceiver's RTPReceiver if it has one
+func (t *RTPTransceiver) Receiver() *RTPReceiver {
+	if v := t.receiver.Load(); v != nil {
+		return v.(*RTPReceiver)
+	}
+
+	return nil
+}
+
+// setMid sets the RTPTransceiver's mid. If it was already set, will return an error.
+func (t *RTPTransceiver) setMid(mid string) error {
+	if currentMid := t.Mid(); currentMid != "" {
+		return fmt.Errorf("%w: %s to %s", errRTPTransceiverCannotChangeMid, currentMid, mid)
+	}
+	t.mid.Store(mid)
+	return nil
+}
+
+// Mid gets the Transceiver's mid value. When not already set, this value will be set in CreateOffer or CreateAnswer.
+func (t *RTPTransceiver) Mid() string {
+	if v := t.mid.Load(); v != nil {
+		return v.(string)
+	}
+	return ""
+}
+
+// Kind returns RTPTransceiver's kind.
+func (t *RTPTransceiver) Kind() RTPCodecType {
+	return t.kind
+}
+
+// Direction returns the RTPTransceiver's current direction
+func (t *RTPTransceiver) Direction() RTPTransceiverDirection {
+	return t.direction.Load().(RTPTransceiverDirection)
+}
+
+// Stop irreversibly stops the RTPTransceiver
+func (t *RTPTransceiver) Stop() error {
+	if t.Sender() != nil {
+		if err := t.Sender().Stop(); err != nil {
+			return err
+		}
+	}
+	if t.Receiver() != nil {
+		if err := t.Receiver().Stop(); err != nil {
+			return err
+		}
+	}
+
+	t.setDirection(RTPTransceiverDirectionInactive)
+	return nil
+}
+
+func (t *RTPTransceiver) setReceiver(r *RTPReceiver) {
+	t.receiver.Store(r)
+}
+
+func (t *RTPTransceiver) setDirection(d RTPTransceiverDirection) {
+	t.direction.Store(d)
+}
+
+func (t *RTPTransceiver) setSendingTrack(track TrackLocal) error {
+	if err := t.Sender().ReplaceTrack(track); err != nil {
+		return err
+	}
+	if track == nil {
+		t.setSender(nil)
+	}
+
+	switch {
+	case track != nil && t.Direction() == RTPTransceiverDirectionRecvonly:
+		t.setDirection(RTPTransceiverDirectionSendrecv)
+	case track != nil && t.Direction() == RTPTransceiverDirectionInactive:
+		t.setDirection(RTPTransceiverDirectionSendonly)
+	case track == nil && t.Direction() == RTPTransceiverDirectionSendrecv:
+		t.setDirection(RTPTransceiverDirectionRecvonly)
+	case track == nil && t.Direction() == RTPTransceiverDirectionSendonly:
+		t.setDirection(RTPTransceiverDirectionInactive)
+	default:
+		return errRTPTransceiverSetSendingInvalidState
+	}
+	return nil
+}
+
+func findByMid(mid string, localTransceivers []*RTPTransceiver) (*RTPTransceiver, []*RTPTransceiver) {
+	for i, t := range localTransceivers {
+		if t.Mid() == mid {
+			return t, append(localTransceivers[:i], localTransceivers[i+1:]...)
+		}
+	}
+
+	return nil, localTransceivers
+}
+
+// Given a direction+type pluck a transceiver from the passed list
+// if no entry satisfies the requested type+direction return a inactive Transceiver
+func satisfyTypeAndDirection(remoteKind RTPCodecType, remoteDirection RTPTransceiverDirection, localTransceivers []*RTPTransceiver) (*RTPTransceiver, []*RTPTransceiver) {
+	// Get direction order from most preferred to least
+	getPreferredDirections := func() []RTPTransceiverDirection {
+		switch remoteDirection {
+		case RTPTransceiverDirectionSendrecv:
+			return []RTPTransceiverDirection{RTPTransceiverDirectionRecvonly, RTPTransceiverDirectionSendrecv}
+		case RTPTransceiverDirectionSendonly:
+			return []RTPTransceiverDirection{RTPTransceiverDirectionRecvonly, RTPTransceiverDirectionSendrecv}
+		case RTPTransceiverDirectionRecvonly:
+			return []RTPTransceiverDirection{RTPTransceiverDirectionSendonly, RTPTransceiverDirectionSendrecv}
+		default:
+			return []RTPTransceiverDirection{}
+		}
+	}
+
+	for _, possibleDirection := range getPreferredDirections() {
+		for i := range localTransceivers {
+			t := localTransceivers[i]
+			if t.Mid() == "" && t.kind == remoteKind && possibleDirection == t.Direction() {
+				return t, append(localTransceivers[:i], localTransceivers[i+1:]...)
+			}
+		}
+	}
+
+	return nil, localTransceivers
+}
+
+// handleUnknownRTPPacket consumes a single RTP Packet and returns information that is helpful
+// for demuxing and handling an unknown SSRC (usually for Simulcast)
+func handleUnknownRTPPacket(buf []byte, midExtensionID, streamIDExtensionID uint8) (mid, rid string, payloadType PayloadType, err error) {
+	rp := &rtp.Packet{}
+	if err = rp.Unmarshal(buf); err != nil {
+		return
+	}
+
+	if !rp.Header.Extension {
+		return
+	}
+
+	payloadType = PayloadType(rp.PayloadType)
+	if payload := rp.GetExtension(midExtensionID); payload != nil {
+		mid = string(payload)
+	}
+
+	if payload := rp.GetExtension(streamIDExtensionID); payload != nil {
+		rid = string(payload)
+	}
+
+	return
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/rtptransceiverdirection.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/rtptransceiverdirection.go
new file mode 100644
index 000000000..307301473
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/rtptransceiverdirection.go
@@ -0,0 +1,85 @@
+package webrtc
+
+// RTPTransceiverDirection indicates the direction of the RTPTransceiver.
+type RTPTransceiverDirection int
+
+const (
+	// RTPTransceiverDirectionSendrecv indicates the RTPSender will offer
+	// to send RTP and RTPReceiver the will offer to receive RTP.
+	RTPTransceiverDirectionSendrecv RTPTransceiverDirection = iota + 1
+
+	// RTPTransceiverDirectionSendonly indicates the RTPSender will offer
+	// to send RTP.
+	RTPTransceiverDirectionSendonly
+
+	// RTPTransceiverDirectionRecvonly indicates the RTPReceiver the will
+	// offer to receive RTP.
+	RTPTransceiverDirectionRecvonly
+
+	// RTPTransceiverDirectionInactive indicates the RTPSender won't offer
+	// to send RTP and RTPReceiver the won't offer to receive RTP.
+	RTPTransceiverDirectionInactive
+)
+
+// This is done this way because of a linter.
+const (
+	rtpTransceiverDirectionSendrecvStr = "sendrecv"
+	rtpTransceiverDirectionSendonlyStr = "sendonly"
+	rtpTransceiverDirectionRecvonlyStr = "recvonly"
+	rtpTransceiverDirectionInactiveStr = "inactive"
+)
+
+// NewRTPTransceiverDirection defines a procedure for creating a new
+// RTPTransceiverDirection from a raw string naming the transceiver direction.
+func NewRTPTransceiverDirection(raw string) RTPTransceiverDirection {
+	switch raw {
+	case rtpTransceiverDirectionSendrecvStr:
+		return RTPTransceiverDirectionSendrecv
+	case rtpTransceiverDirectionSendonlyStr:
+		return RTPTransceiverDirectionSendonly
+	case rtpTransceiverDirectionRecvonlyStr:
+		return RTPTransceiverDirectionRecvonly
+	case rtpTransceiverDirectionInactiveStr:
+		return RTPTransceiverDirectionInactive
+	default:
+		return RTPTransceiverDirection(Unknown)
+	}
+}
+
+func (t RTPTransceiverDirection) String() string {
+	switch t {
+	case RTPTransceiverDirectionSendrecv:
+		return rtpTransceiverDirectionSendrecvStr
+	case RTPTransceiverDirectionSendonly:
+		return rtpTransceiverDirectionSendonlyStr
+	case RTPTransceiverDirectionRecvonly:
+		return rtpTransceiverDirectionRecvonlyStr
+	case RTPTransceiverDirectionInactive:
+		return rtpTransceiverDirectionInactiveStr
+	default:
+		return ErrUnknownType.Error()
+	}
+}
+
+// Revers indicate the opposite direction
+func (t RTPTransceiverDirection) Revers() RTPTransceiverDirection {
+	switch t {
+	case RTPTransceiverDirectionSendonly:
+		return RTPTransceiverDirectionRecvonly
+	case RTPTransceiverDirectionRecvonly:
+		return RTPTransceiverDirectionSendonly
+	default:
+		return t
+	}
+}
+
+func haveRTPTransceiverDirectionIntersection(haystack []RTPTransceiverDirection, needle []RTPTransceiverDirection) bool {
+	for _, n := range needle {
+		for _, h := range haystack {
+			if n == h {
+				return true
+			}
+		}
+	}
+	return false
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/rtptransceiverinit.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/rtptransceiverinit.go
new file mode 100644
index 000000000..3c439b7f7
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/rtptransceiverinit.go
@@ -0,0 +1,12 @@
+package webrtc
+
+// RTPTransceiverInit dictionary is used when calling the WebRTC function addTransceiver() to provide configuration options for the new transceiver.
+type RTPTransceiverInit struct {
+	Direction     RTPTransceiverDirection
+	SendEncodings []RTPEncodingParameters
+	// Streams       []*Track
+}
+
+// RtpTransceiverInit is a temporary mapping while we fix case sensitivity
+// Deprecated: Use RTPTransceiverInit instead
+type RtpTransceiverInit = RTPTransceiverInit //nolint: stylecheck,golint
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/sctpcapabilities.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/sctpcapabilities.go
new file mode 100644
index 000000000..34399d3b0
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/sctpcapabilities.go
@@ -0,0 +1,6 @@
+package webrtc
+
+// SCTPCapabilities indicates the capabilities of the SCTPTransport.
+type SCTPCapabilities struct {
+	MaxMessageSize uint32 `json:"maxMessageSize"`
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/sctptransport.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/sctptransport.go
new file mode 100644
index 000000000..d7b3764c3
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/sctptransport.go
@@ -0,0 +1,379 @@
+// +build !js
+
+package webrtc
+
+import (
+	"io"
+	"math"
+	"sync"
+	"time"
+
+	"github.com/pion/datachannel"
+	"github.com/pion/logging"
+	"github.com/pion/sctp"
+	"github.com/pion/webrtc/v3/pkg/rtcerr"
+)
+
+const sctpMaxChannels = uint16(65535)
+
+// SCTPTransport provides details about the SCTP transport.
+type SCTPTransport struct {
+	lock sync.RWMutex
+
+	dtlsTransport *DTLSTransport
+
+	// State represents the current state of the SCTP transport.
+	state SCTPTransportState
+
+	// SCTPTransportState doesn't have an enum to distinguish between New/Connecting
+	// so we need a dedicated field
+	isStarted bool
+
+	// MaxMessageSize represents the maximum size of data that can be passed to
+	// DataChannel's send() method.
+	maxMessageSize float64
+
+	// MaxChannels represents the maximum amount of DataChannel's that can
+	// be used simultaneously.
+	maxChannels *uint16
+
+	// OnStateChange  func()
+
+	onErrorHandler func(error)
+
+	association                *sctp.Association
+	onDataChannelHandler       func(*DataChannel)
+	onDataChannelOpenedHandler func(*DataChannel)
+
+	// DataChannels
+	dataChannels          []*DataChannel
+	dataChannelsOpened    uint32
+	dataChannelsRequested uint32
+	dataChannelsAccepted  uint32
+
+	api *API
+	log logging.LeveledLogger
+}
+
+// NewSCTPTransport creates a new SCTPTransport.
+// This constructor is part of the ORTC API. It is not
+// meant to be used together with the basic WebRTC API.
+func (api *API) NewSCTPTransport(dtls *DTLSTransport) *SCTPTransport {
+	res := &SCTPTransport{
+		dtlsTransport: dtls,
+		state:         SCTPTransportStateConnecting,
+		api:           api,
+		log:           api.settingEngine.LoggerFactory.NewLogger("ortc"),
+	}
+
+	res.updateMessageSize()
+	res.updateMaxChannels()
+
+	return res
+}
+
+// Transport returns the DTLSTransport instance the SCTPTransport is sending over.
+func (r *SCTPTransport) Transport() *DTLSTransport {
+	r.lock.RLock()
+	defer r.lock.RUnlock()
+
+	return r.dtlsTransport
+}
+
+// GetCapabilities returns the SCTPCapabilities of the SCTPTransport.
+func (r *SCTPTransport) GetCapabilities() SCTPCapabilities {
+	return SCTPCapabilities{
+		MaxMessageSize: 0,
+	}
+}
+
+// Start the SCTPTransport. Since both local and remote parties must mutually
+// create an SCTPTransport, SCTP SO (Simultaneous Open) is used to establish
+// a connection over SCTP.
+func (r *SCTPTransport) Start(remoteCaps SCTPCapabilities) error {
+	if r.isStarted {
+		return nil
+	}
+	r.isStarted = true
+
+	if err := r.ensureDTLS(); err != nil {
+		return err
+	}
+
+	sctpAssociation, err := sctp.Client(sctp.Config{
+		NetConn:       r.Transport().conn,
+		LoggerFactory: r.api.settingEngine.LoggerFactory,
+	})
+	if err != nil {
+		return err
+	}
+
+	r.lock.Lock()
+	defer r.lock.Unlock()
+
+	r.association = sctpAssociation
+	r.state = SCTPTransportStateConnected
+
+	go r.acceptDataChannels(sctpAssociation)
+
+	return nil
+}
+
+// Stop stops the SCTPTransport
+func (r *SCTPTransport) Stop() error {
+	r.lock.Lock()
+	defer r.lock.Unlock()
+	if r.association == nil {
+		return nil
+	}
+	err := r.association.Close()
+	if err != nil {
+		return err
+	}
+
+	r.association = nil
+	r.state = SCTPTransportStateClosed
+
+	return nil
+}
+
+func (r *SCTPTransport) ensureDTLS() error {
+	dtlsTransport := r.Transport()
+	if dtlsTransport == nil || dtlsTransport.conn == nil {
+		return errSCTPTransportDTLS
+	}
+
+	return nil
+}
+
+func (r *SCTPTransport) acceptDataChannels(a *sctp.Association) {
+	for {
+		dc, err := datachannel.Accept(a, &datachannel.Config{
+			LoggerFactory: r.api.settingEngine.LoggerFactory,
+		})
+		if err != nil {
+			if err != io.EOF {
+				r.log.Errorf("Failed to accept data channel: %v", err)
+				r.onError(err)
+			}
+			return
+		}
+
+		var (
+			maxRetransmits    *uint16
+			maxPacketLifeTime *uint16
+		)
+		val := uint16(dc.Config.ReliabilityParameter)
+		ordered := true
+
+		switch dc.Config.ChannelType {
+		case datachannel.ChannelTypeReliable:
+			ordered = true
+		case datachannel.ChannelTypeReliableUnordered:
+			ordered = false
+		case datachannel.ChannelTypePartialReliableRexmit:
+			ordered = true
+			maxRetransmits = &val
+		case datachannel.ChannelTypePartialReliableRexmitUnordered:
+			ordered = false
+			maxRetransmits = &val
+		case datachannel.ChannelTypePartialReliableTimed:
+			ordered = true
+			maxPacketLifeTime = &val
+		case datachannel.ChannelTypePartialReliableTimedUnordered:
+			ordered = false
+			maxPacketLifeTime = &val
+		default:
+		}
+
+		sid := dc.StreamIdentifier()
+		rtcDC, err := r.api.newDataChannel(&DataChannelParameters{
+			ID:                &sid,
+			Label:             dc.Config.Label,
+			Protocol:          dc.Config.Protocol,
+			Negotiated:        dc.Config.Negotiated,
+			Ordered:           ordered,
+			MaxPacketLifeTime: maxPacketLifeTime,
+			MaxRetransmits:    maxRetransmits,
+		}, r.api.settingEngine.LoggerFactory.NewLogger("ortc"))
+		if err != nil {
+			r.log.Errorf("Failed to accept data channel: %v", err)
+			r.onError(err)
+			return
+		}
+
+		<-r.onDataChannel(rtcDC)
+		rtcDC.handleOpen(dc)
+
+		r.lock.Lock()
+		r.dataChannelsOpened++
+		handler := r.onDataChannelOpenedHandler
+		r.lock.Unlock()
+
+		if handler != nil {
+			handler(rtcDC)
+		}
+	}
+}
+
+// OnError sets an event handler which is invoked when
+// the SCTP connection error occurs.
+func (r *SCTPTransport) OnError(f func(err error)) {
+	r.lock.Lock()
+	defer r.lock.Unlock()
+	r.onErrorHandler = f
+}
+
+func (r *SCTPTransport) onError(err error) {
+	r.lock.RLock()
+	handler := r.onErrorHandler
+	r.lock.RUnlock()
+
+	if handler != nil {
+		go handler(err)
+	}
+}
+
+// OnDataChannel sets an event handler which is invoked when a data
+// channel message arrives from a remote peer.
+func (r *SCTPTransport) OnDataChannel(f func(*DataChannel)) {
+	r.lock.Lock()
+	defer r.lock.Unlock()
+	r.onDataChannelHandler = f
+}
+
+// OnDataChannelOpened sets an event handler which is invoked when a data
+// channel is opened
+func (r *SCTPTransport) OnDataChannelOpened(f func(*DataChannel)) {
+	r.lock.Lock()
+	defer r.lock.Unlock()
+	r.onDataChannelOpenedHandler = f
+}
+
+func (r *SCTPTransport) onDataChannel(dc *DataChannel) (done chan struct{}) {
+	r.lock.Lock()
+	r.dataChannels = append(r.dataChannels, dc)
+	r.dataChannelsAccepted++
+	handler := r.onDataChannelHandler
+	r.lock.Unlock()
+
+	done = make(chan struct{})
+	if handler == nil || dc == nil {
+		close(done)
+		return
+	}
+
+	// Run this synchronously to allow setup done in onDataChannelFn()
+	// to complete before datachannel event handlers might be called.
+	go func() {
+		handler(dc)
+		close(done)
+	}()
+
+	return
+}
+
+func (r *SCTPTransport) updateMessageSize() {
+	r.lock.Lock()
+	defer r.lock.Unlock()
+
+	var remoteMaxMessageSize float64 = 65536 // pion/webrtc#758
+	var canSendSize float64 = 65536          // pion/webrtc#758
+
+	r.maxMessageSize = r.calcMessageSize(remoteMaxMessageSize, canSendSize)
+}
+
+func (r *SCTPTransport) calcMessageSize(remoteMaxMessageSize, canSendSize float64) float64 {
+	switch {
+	case remoteMaxMessageSize == 0 &&
+		canSendSize == 0:
+		return math.Inf(1)
+
+	case remoteMaxMessageSize == 0:
+		return canSendSize
+
+	case canSendSize == 0:
+		return remoteMaxMessageSize
+
+	case canSendSize > remoteMaxMessageSize:
+		return remoteMaxMessageSize
+
+	default:
+		return canSendSize
+	}
+}
+
+func (r *SCTPTransport) updateMaxChannels() {
+	val := sctpMaxChannels
+	r.maxChannels = &val
+}
+
+// MaxChannels is the maximum number of RTCDataChannels that can be open simultaneously.
+func (r *SCTPTransport) MaxChannels() uint16 {
+	r.lock.Lock()
+	defer r.lock.Unlock()
+
+	if r.maxChannels == nil {
+		return sctpMaxChannels
+	}
+
+	return *r.maxChannels
+}
+
+// State returns the current state of the SCTPTransport
+func (r *SCTPTransport) State() SCTPTransportState {
+	r.lock.RLock()
+	defer r.lock.RUnlock()
+	return r.state
+}
+
+func (r *SCTPTransport) collectStats(collector *statsReportCollector) {
+	r.lock.Lock()
+	association := r.association
+	r.lock.Unlock()
+
+	collector.Collecting()
+
+	stats := TransportStats{
+		Timestamp: statsTimestampFrom(time.Now()),
+		Type:      StatsTypeTransport,
+		ID:        "sctpTransport",
+	}
+
+	if association != nil {
+		stats.BytesSent = association.BytesSent()
+		stats.BytesReceived = association.BytesReceived()
+	}
+
+	collector.Collect(stats.ID, stats)
+}
+
+func (r *SCTPTransport) generateAndSetDataChannelID(dtlsRole DTLSRole, idOut **uint16) error {
+	isChannelWithID := func(id uint16) bool {
+		for _, d := range r.dataChannels {
+			if d.id != nil && *d.id == id {
+				return true
+			}
+		}
+		return false
+	}
+
+	var id uint16
+	if dtlsRole != DTLSRoleClient {
+		id++
+	}
+
+	max := r.MaxChannels()
+
+	r.lock.Lock()
+	defer r.lock.Unlock()
+	for ; id < max-1; id += 2 {
+		if isChannelWithID(id) {
+			continue
+		}
+		*idOut = &id
+		return nil
+	}
+
+	return &rtcerr.OperationError{Err: ErrMaxDataChannelID}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/sctptransportstate.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/sctptransportstate.go
new file mode 100644
index 000000000..8dc794162
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/sctptransportstate.go
@@ -0,0 +1,54 @@
+package webrtc
+
+// SCTPTransportState indicates the state of the SCTP transport.
+type SCTPTransportState int
+
+const (
+	// SCTPTransportStateConnecting indicates the SCTPTransport is in the
+	// process of negotiating an association. This is the initial state of the
+	// SCTPTransportState when an SCTPTransport is created.
+	SCTPTransportStateConnecting SCTPTransportState = iota + 1
+
+	// SCTPTransportStateConnected indicates the negotiation of an
+	// association is completed.
+	SCTPTransportStateConnected
+
+	// SCTPTransportStateClosed indicates a SHUTDOWN or ABORT chunk is
+	// received or when the SCTP association has been closed intentionally,
+	// such as by closing the peer connection or applying a remote description
+	// that rejects data or changes the SCTP port.
+	SCTPTransportStateClosed
+)
+
+// This is done this way because of a linter.
+const (
+	sctpTransportStateConnectingStr = "connecting"
+	sctpTransportStateConnectedStr  = "connected"
+	sctpTransportStateClosedStr     = "closed"
+)
+
+func newSCTPTransportState(raw string) SCTPTransportState {
+	switch raw {
+	case sctpTransportStateConnectingStr:
+		return SCTPTransportStateConnecting
+	case sctpTransportStateConnectedStr:
+		return SCTPTransportStateConnected
+	case sctpTransportStateClosedStr:
+		return SCTPTransportStateClosed
+	default:
+		return SCTPTransportState(Unknown)
+	}
+}
+
+func (s SCTPTransportState) String() string {
+	switch s {
+	case SCTPTransportStateConnecting:
+		return sctpTransportStateConnectingStr
+	case SCTPTransportStateConnected:
+		return sctpTransportStateConnectedStr
+	case SCTPTransportStateClosed:
+		return sctpTransportStateClosedStr
+	default:
+		return ErrUnknownType.Error()
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/sdp.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/sdp.go
new file mode 100644
index 000000000..7454696fd
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/sdp.go
@@ -0,0 +1,643 @@
+// +build !js
+
+package webrtc
+
+import (
+	"fmt"
+	"net/url"
+	"regexp"
+	"strconv"
+	"strings"
+
+	"github.com/pion/ice/v2"
+	"github.com/pion/logging"
+	"github.com/pion/sdp/v3"
+)
+
+// trackDetails represents any media source that can be represented in a SDP
+// This isn't keyed by SSRC because it also needs to support rid based sources
+type trackDetails struct {
+	mid      string
+	kind     RTPCodecType
+	streamID string
+	id       string
+	ssrc     SSRC
+	rids     []string
+}
+
+func trackDetailsForSSRC(trackDetails []trackDetails, ssrc SSRC) *trackDetails {
+	for i := range trackDetails {
+		if trackDetails[i].ssrc == ssrc {
+			return &trackDetails[i]
+		}
+	}
+	return nil
+}
+
+func filterTrackWithSSRC(incomingTracks []trackDetails, ssrc SSRC) []trackDetails {
+	filtered := []trackDetails{}
+	for i := range incomingTracks {
+		if incomingTracks[i].ssrc != ssrc {
+			filtered = append(filtered, incomingTracks[i])
+		}
+	}
+	return filtered
+}
+
+// extract all trackDetails from an SDP.
+func trackDetailsFromSDP(log logging.LeveledLogger, s *sdp.SessionDescription) []trackDetails { // nolint:gocognit
+	incomingTracks := []trackDetails{}
+	rtxRepairFlows := map[uint32]bool{}
+
+	for _, media := range s.MediaDescriptions {
+		// Plan B can have multiple tracks in a signle media section
+		streamID := ""
+		trackID := ""
+
+		// If media section is recvonly or inactive skip
+		if _, ok := media.Attribute(sdp.AttrKeyRecvOnly); ok {
+			continue
+		} else if _, ok := media.Attribute(sdp.AttrKeyInactive); ok {
+			continue
+		}
+
+		midValue := getMidValue(media)
+		if midValue == "" {
+			continue
+		}
+
+		codecType := NewRTPCodecType(media.MediaName.Media)
+		if codecType == 0 {
+			continue
+		}
+
+		for _, attr := range media.Attributes {
+			switch attr.Key {
+			case sdp.AttrKeySSRCGroup:
+				split := strings.Split(attr.Value, " ")
+				if split[0] == sdp.SemanticTokenFlowIdentification {
+					// Add rtx ssrcs to blacklist, to avoid adding them as tracks
+					// Essentially lines like `a=ssrc-group:FID 2231627014 632943048` are processed by this section
+					// as this declares that the second SSRC (632943048) is a rtx repair flow (RFC4588) for the first
+					// (2231627014) as specified in RFC5576
+					if len(split) == 3 {
+						_, err := strconv.ParseUint(split[1], 10, 32)
+						if err != nil {
+							log.Warnf("Failed to parse SSRC: %v", err)
+							continue
+						}
+						rtxRepairFlow, err := strconv.ParseUint(split[2], 10, 32)
+						if err != nil {
+							log.Warnf("Failed to parse SSRC: %v", err)
+							continue
+						}
+						rtxRepairFlows[uint32(rtxRepairFlow)] = true
+						incomingTracks = filterTrackWithSSRC(incomingTracks, SSRC(rtxRepairFlow)) // Remove if rtx was added as track before
+					}
+				}
+
+			// Handle `a=msid:<stream_id> <track_label>` for Unified plan. The first value is the same as MediaStream.id
+			// in the browser and can be used to figure out which tracks belong to the same stream. The browser should
+			// figure this out automatically when an ontrack event is emitted on RTCPeerConnection.
+			case sdp.AttrKeyMsid:
+				split := strings.Split(attr.Value, " ")
+				if len(split) == 2 {
+					streamID = split[0]
+					trackID = split[1]
+				}
+
+			case sdp.AttrKeySSRC:
+				split := strings.Split(attr.Value, " ")
+				ssrc, err := strconv.ParseUint(split[0], 10, 32)
+				if err != nil {
+					log.Warnf("Failed to parse SSRC: %v", err)
+					continue
+				}
+
+				if rtxRepairFlow := rtxRepairFlows[uint32(ssrc)]; rtxRepairFlow {
+					continue // This ssrc is a RTX repair flow, ignore
+				}
+
+				if len(split) == 3 && strings.HasPrefix(split[1], "msid:") {
+					streamID = split[1][len("msid:"):]
+					trackID = split[2]
+				}
+
+				isNewTrack := true
+				trackDetails := &trackDetails{}
+				for i := range incomingTracks {
+					if incomingTracks[i].ssrc == SSRC(ssrc) {
+						trackDetails = &incomingTracks[i]
+						isNewTrack = false
+					}
+				}
+
+				trackDetails.mid = midValue
+				trackDetails.kind = codecType
+				trackDetails.streamID = streamID
+				trackDetails.id = trackID
+				trackDetails.ssrc = SSRC(ssrc)
+
+				if isNewTrack {
+					incomingTracks = append(incomingTracks, *trackDetails)
+				}
+			}
+		}
+
+		if rids := getRids(media); len(rids) != 0 && trackID != "" && streamID != "" {
+			newTrack := trackDetails{
+				mid:      midValue,
+				kind:     codecType,
+				streamID: streamID,
+				id:       trackID,
+				rids:     []string{},
+			}
+			for rid := range rids {
+				newTrack.rids = append(newTrack.rids, rid)
+			}
+
+			incomingTracks = append(incomingTracks, newTrack)
+		}
+	}
+	return incomingTracks
+}
+
+func getRids(media *sdp.MediaDescription) map[string]string {
+	rids := map[string]string{}
+	for _, attr := range media.Attributes {
+		if attr.Key == "rid" {
+			split := strings.Split(attr.Value, " ")
+			rids[split[0]] = attr.Value
+		}
+	}
+	return rids
+}
+
+func addCandidatesToMediaDescriptions(candidates []ICECandidate, m *sdp.MediaDescription, iceGatheringState ICEGatheringState) error {
+	appendCandidateIfNew := func(c ice.Candidate, attributes []sdp.Attribute) {
+		marshaled := c.Marshal()
+		for _, a := range attributes {
+			if marshaled == a.Value {
+				return
+			}
+		}
+
+		m.WithValueAttribute("candidate", marshaled)
+	}
+
+	for _, c := range candidates {
+		candidate, err := c.toICE()
+		if err != nil {
+			return err
+		}
+
+		candidate.SetComponent(1)
+		appendCandidateIfNew(candidate, m.Attributes)
+
+		candidate.SetComponent(2)
+		appendCandidateIfNew(candidate, m.Attributes)
+	}
+
+	if iceGatheringState != ICEGatheringStateComplete {
+		return nil
+	}
+	for _, a := range m.Attributes {
+		if a.Key == "end-of-candidates" {
+			return nil
+		}
+	}
+
+	m.WithPropertyAttribute("end-of-candidates")
+	return nil
+}
+
+func addDataMediaSection(d *sdp.SessionDescription, shouldAddCandidates bool, dtlsFingerprints []DTLSFingerprint, midValue string, iceParams ICEParameters, candidates []ICECandidate, dtlsRole sdp.ConnectionRole, iceGatheringState ICEGatheringState) error {
+	media := (&sdp.MediaDescription{
+		MediaName: sdp.MediaName{
+			Media:   mediaSectionApplication,
+			Port:    sdp.RangedPort{Value: 9},
+			Protos:  []string{"UDP", "DTLS", "SCTP"},
+			Formats: []string{"webrtc-datachannel"},
+		},
+		ConnectionInformation: &sdp.ConnectionInformation{
+			NetworkType: "IN",
+			AddressType: "IP4",
+			Address: &sdp.Address{
+				Address: "0.0.0.0",
+			},
+		},
+	}).
+		WithValueAttribute(sdp.AttrKeyConnectionSetup, dtlsRole.String()).
+		WithValueAttribute(sdp.AttrKeyMID, midValue).
+		WithPropertyAttribute(RTPTransceiverDirectionSendrecv.String()).
+		WithPropertyAttribute("sctp-port:5000").
+		WithICECredentials(iceParams.UsernameFragment, iceParams.Password)
+
+	for _, f := range dtlsFingerprints {
+		media = media.WithFingerprint(f.Algorithm, strings.ToUpper(f.Value))
+	}
+
+	if shouldAddCandidates {
+		if err := addCandidatesToMediaDescriptions(candidates, media, iceGatheringState); err != nil {
+			return err
+		}
+	}
+
+	d.WithMedia(media)
+	return nil
+}
+
+func populateLocalCandidates(sessionDescription *SessionDescription, i *ICEGatherer, iceGatheringState ICEGatheringState) *SessionDescription {
+	if sessionDescription == nil || i == nil {
+		return sessionDescription
+	}
+
+	candidates, err := i.GetLocalCandidates()
+	if err != nil {
+		return sessionDescription
+	}
+
+	parsed := sessionDescription.parsed
+	if len(parsed.MediaDescriptions) > 0 {
+		m := parsed.MediaDescriptions[0]
+		if err = addCandidatesToMediaDescriptions(candidates, m, iceGatheringState); err != nil {
+			return sessionDescription
+		}
+	}
+
+	sdp, err := parsed.Marshal()
+	if err != nil {
+		return sessionDescription
+	}
+
+	return &SessionDescription{
+		SDP:  string(sdp),
+		Type: sessionDescription.Type,
+	}
+}
+
+func addTransceiverSDP(d *sdp.SessionDescription, isPlanB, shouldAddCandidates bool, dtlsFingerprints []DTLSFingerprint, mediaEngine *MediaEngine, midValue string, iceParams ICEParameters, candidates []ICECandidate, dtlsRole sdp.ConnectionRole, iceGatheringState ICEGatheringState, mediaSection mediaSection) (bool, error) {
+	transceivers := mediaSection.transceivers
+	if len(transceivers) < 1 {
+		return false, errSDPZeroTransceivers
+	}
+	// Use the first transceiver to generate the section attributes
+	t := transceivers[0]
+	media := sdp.NewJSEPMediaDescription(t.kind.String(), []string{}).
+		WithValueAttribute(sdp.AttrKeyConnectionSetup, dtlsRole.String()).
+		WithValueAttribute(sdp.AttrKeyMID, midValue).
+		WithICECredentials(iceParams.UsernameFragment, iceParams.Password).
+		WithPropertyAttribute(sdp.AttrKeyRTCPMux).
+		WithPropertyAttribute(sdp.AttrKeyRTCPRsize)
+
+	codecs := mediaEngine.getCodecsByKind(t.kind)
+	for _, codec := range codecs {
+		name := strings.TrimPrefix(codec.MimeType, "audio/")
+		name = strings.TrimPrefix(name, "video/")
+		media.WithCodec(uint8(codec.PayloadType), name, codec.ClockRate, codec.Channels, codec.SDPFmtpLine)
+
+		for _, feedback := range codec.RTPCodecCapability.RTCPFeedback {
+			media.WithValueAttribute("rtcp-fb", fmt.Sprintf("%d %s %s", codec.PayloadType, feedback.Type, feedback.Parameter))
+		}
+	}
+	if len(codecs) == 0 {
+		// Explicitly reject track if we don't have the codec
+		d.WithMedia(&sdp.MediaDescription{
+			MediaName: sdp.MediaName{
+				Media:   t.kind.String(),
+				Port:    sdp.RangedPort{Value: 0},
+				Protos:  []string{"UDP", "TLS", "RTP", "SAVPF"},
+				Formats: []string{"0"},
+			},
+		})
+		return false, nil
+	}
+
+	directions := []RTPTransceiverDirection{}
+	if t.Sender() != nil {
+		directions = append(directions, RTPTransceiverDirectionSendonly)
+	}
+	if t.Receiver() != nil {
+		directions = append(directions, RTPTransceiverDirectionRecvonly)
+	}
+
+	parameters := mediaEngine.getRTPParametersByKind(t.kind, directions)
+	for _, rtpExtension := range parameters.HeaderExtensions {
+		extURL, err := url.Parse(rtpExtension.URI)
+		if err != nil {
+			return false, err
+		}
+		media.WithExtMap(sdp.ExtMap{Value: rtpExtension.ID, URI: extURL})
+	}
+
+	if len(mediaSection.ridMap) > 0 {
+		recvRids := make([]string, 0, len(mediaSection.ridMap))
+
+		for rid := range mediaSection.ridMap {
+			media.WithValueAttribute("rid", rid+" recv")
+			recvRids = append(recvRids, rid)
+		}
+		// Simulcast
+		media.WithValueAttribute("simulcast", "recv "+strings.Join(recvRids, ";"))
+	}
+
+	for _, mt := range transceivers {
+		if mt.Sender() != nil && mt.Sender().Track() != nil {
+			track := mt.Sender().Track()
+			media = media.WithMediaSource(uint32(mt.Sender().ssrc), track.StreamID() /* cname */, track.StreamID() /* streamLabel */, track.ID())
+			if !isPlanB {
+				media = media.WithPropertyAttribute("msid:" + track.StreamID() + " " + track.ID())
+				break
+			}
+		}
+	}
+
+	media = media.WithPropertyAttribute(t.Direction().String())
+
+	for _, fingerprint := range dtlsFingerprints {
+		media = media.WithFingerprint(fingerprint.Algorithm, strings.ToUpper(fingerprint.Value))
+	}
+
+	if shouldAddCandidates {
+		if err := addCandidatesToMediaDescriptions(candidates, media, iceGatheringState); err != nil {
+			return false, err
+		}
+	}
+
+	d.WithMedia(media)
+
+	return true, nil
+}
+
+type mediaSection struct {
+	id           string
+	transceivers []*RTPTransceiver
+	data         bool
+	ridMap       map[string]string
+}
+
+// populateSDP serializes a PeerConnections state into an SDP
+func populateSDP(d *sdp.SessionDescription, isPlanB bool, dtlsFingerprints []DTLSFingerprint, mediaDescriptionFingerprint bool, isICELite bool, mediaEngine *MediaEngine, connectionRole sdp.ConnectionRole, candidates []ICECandidate, iceParams ICEParameters, mediaSections []mediaSection, iceGatheringState ICEGatheringState) (*sdp.SessionDescription, error) {
+	var err error
+	mediaDtlsFingerprints := []DTLSFingerprint{}
+
+	if mediaDescriptionFingerprint {
+		mediaDtlsFingerprints = dtlsFingerprints
+	}
+
+	bundleValue := "BUNDLE"
+	bundleCount := 0
+	appendBundle := func(midValue string) {
+		bundleValue += " " + midValue
+		bundleCount++
+	}
+
+	for i, m := range mediaSections {
+		if m.data && len(m.transceivers) != 0 {
+			return nil, errSDPMediaSectionMediaDataChanInvalid
+		} else if !isPlanB && len(m.transceivers) > 1 {
+			return nil, errSDPMediaSectionMultipleTrackInvalid
+		}
+
+		shouldAddID := true
+		shouldAddCanidates := i == 0
+		if m.data {
+			if err = addDataMediaSection(d, shouldAddCanidates, mediaDtlsFingerprints, m.id, iceParams, candidates, connectionRole, iceGatheringState); err != nil {
+				return nil, err
+			}
+		} else {
+			shouldAddID, err = addTransceiverSDP(d, isPlanB, shouldAddCanidates, mediaDtlsFingerprints, mediaEngine, m.id, iceParams, candidates, connectionRole, iceGatheringState, m)
+			if err != nil {
+				return nil, err
+			}
+		}
+
+		if shouldAddID {
+			appendBundle(m.id)
+		}
+	}
+
+	if !mediaDescriptionFingerprint {
+		for _, fingerprint := range dtlsFingerprints {
+			d.WithFingerprint(fingerprint.Algorithm, strings.ToUpper(fingerprint.Value))
+		}
+	}
+
+	if isICELite {
+		// RFC 5245 S15.3
+		d = d.WithValueAttribute(sdp.AttrKeyICELite, sdp.AttrKeyICELite)
+	}
+
+	return d.WithValueAttribute(sdp.AttrKeyGroup, bundleValue), nil
+}
+
+func getMidValue(media *sdp.MediaDescription) string {
+	for _, attr := range media.Attributes {
+		if attr.Key == "mid" {
+			return attr.Value
+		}
+	}
+	return ""
+}
+
+func descriptionIsPlanB(desc *SessionDescription) bool {
+	if desc == nil || desc.parsed == nil {
+		return false
+	}
+
+	detectionRegex := regexp.MustCompile(`(?i)^(audio|video|data)$`)
+	for _, media := range desc.parsed.MediaDescriptions {
+		if len(detectionRegex.FindStringSubmatch(getMidValue(media))) == 2 {
+			return true
+		}
+	}
+	return false
+}
+
+func getPeerDirection(media *sdp.MediaDescription) RTPTransceiverDirection {
+	for _, a := range media.Attributes {
+		if direction := NewRTPTransceiverDirection(a.Key); direction != RTPTransceiverDirection(Unknown) {
+			return direction
+		}
+	}
+	return RTPTransceiverDirection(Unknown)
+}
+
+func extractFingerprint(desc *sdp.SessionDescription) (string, string, error) {
+	fingerprints := []string{}
+
+	if fingerprint, haveFingerprint := desc.Attribute("fingerprint"); haveFingerprint {
+		fingerprints = append(fingerprints, fingerprint)
+	}
+
+	for _, m := range desc.MediaDescriptions {
+		if fingerprint, haveFingerprint := m.Attribute("fingerprint"); haveFingerprint {
+			fingerprints = append(fingerprints, fingerprint)
+		}
+	}
+
+	if len(fingerprints) < 1 {
+		return "", "", ErrSessionDescriptionNoFingerprint
+	}
+
+	for _, m := range fingerprints {
+		if m != fingerprints[0] {
+			return "", "", ErrSessionDescriptionConflictingFingerprints
+		}
+	}
+
+	parts := strings.Split(fingerprints[0], " ")
+	if len(parts) != 2 {
+		return "", "", ErrSessionDescriptionInvalidFingerprint
+	}
+	return parts[1], parts[0], nil
+}
+
+func extractICEDetails(desc *sdp.SessionDescription) (string, string, []ICECandidate, error) {
+	candidates := []ICECandidate{}
+	remotePwds := []string{}
+	remoteUfrags := []string{}
+
+	if ufrag, haveUfrag := desc.Attribute("ice-ufrag"); haveUfrag {
+		remoteUfrags = append(remoteUfrags, ufrag)
+	}
+	if pwd, havePwd := desc.Attribute("ice-pwd"); havePwd {
+		remotePwds = append(remotePwds, pwd)
+	}
+
+	for _, m := range desc.MediaDescriptions {
+		if ufrag, haveUfrag := m.Attribute("ice-ufrag"); haveUfrag {
+			remoteUfrags = append(remoteUfrags, ufrag)
+		}
+		if pwd, havePwd := m.Attribute("ice-pwd"); havePwd {
+			remotePwds = append(remotePwds, pwd)
+		}
+
+		for _, a := range m.Attributes {
+			if a.IsICECandidate() {
+				c, err := ice.UnmarshalCandidate(a.Value)
+				if err != nil {
+					return "", "", nil, err
+				}
+
+				candidate, err := newICECandidateFromICE(c)
+				if err != nil {
+					return "", "", nil, err
+				}
+
+				candidates = append(candidates, candidate)
+			}
+		}
+	}
+
+	if len(remoteUfrags) == 0 {
+		return "", "", nil, ErrSessionDescriptionMissingIceUfrag
+	} else if len(remotePwds) == 0 {
+		return "", "", nil, ErrSessionDescriptionMissingIcePwd
+	}
+
+	for _, m := range remoteUfrags {
+		if m != remoteUfrags[0] {
+			return "", "", nil, ErrSessionDescriptionConflictingIceUfrag
+		}
+	}
+
+	for _, m := range remotePwds {
+		if m != remotePwds[0] {
+			return "", "", nil, ErrSessionDescriptionConflictingIcePwd
+		}
+	}
+
+	return remoteUfrags[0], remotePwds[0], candidates, nil
+}
+
+func haveApplicationMediaSection(desc *sdp.SessionDescription) bool {
+	for _, m := range desc.MediaDescriptions {
+		if m.MediaName.Media == mediaSectionApplication {
+			return true
+		}
+	}
+
+	return false
+}
+
+func getByMid(searchMid string, desc *SessionDescription) *sdp.MediaDescription {
+	for _, m := range desc.parsed.MediaDescriptions {
+		if mid, ok := m.Attribute(sdp.AttrKeyMID); ok && mid == searchMid {
+			return m
+		}
+	}
+	return nil
+}
+
+// haveDataChannel return MediaDescription with MediaName equal application
+func haveDataChannel(desc *SessionDescription) *sdp.MediaDescription {
+	for _, d := range desc.parsed.MediaDescriptions {
+		if d.MediaName.Media == mediaSectionApplication {
+			return d
+		}
+	}
+	return nil
+}
+
+func codecsFromMediaDescription(m *sdp.MediaDescription) (out []RTPCodecParameters, err error) {
+	s := &sdp.SessionDescription{
+		MediaDescriptions: []*sdp.MediaDescription{m},
+	}
+
+	for _, payloadStr := range m.MediaName.Formats {
+		payloadType, err := strconv.Atoi(payloadStr)
+		if err != nil {
+			return nil, err
+		}
+
+		codec, err := s.GetCodecForPayloadType(uint8(payloadType))
+		if err != nil {
+			if payloadType == 0 {
+				continue
+			}
+			return nil, err
+		}
+
+		channels := uint16(0)
+		val, err := strconv.Atoi(codec.EncodingParameters)
+		if err == nil {
+			channels = uint16(val)
+		}
+
+		feedback := []RTCPFeedback{}
+		for _, raw := range codec.RTCPFeedback {
+			split := strings.Split(raw, " ")
+			entry := RTCPFeedback{Type: split[0]}
+			if len(split) == 2 {
+				entry.Parameter = split[1]
+			}
+
+			feedback = append(feedback, entry)
+		}
+
+		out = append(out, RTPCodecParameters{
+			RTPCodecCapability: RTPCodecCapability{m.MediaName.Media + "/" + codec.Name, codec.ClockRate, channels, codec.Fmtp, feedback},
+			PayloadType:        PayloadType(payloadType),
+		})
+	}
+
+	return out, nil
+}
+
+func rtpExtensionsFromMediaDescription(m *sdp.MediaDescription) (map[string]int, error) {
+	out := map[string]int{}
+
+	for _, a := range m.Attributes {
+		if a.Key == sdp.AttrKeyExtMap {
+			e := sdp.ExtMap{}
+			if err := e.Unmarshal(a.String()); err != nil {
+				return nil, err
+			}
+
+			out[e.URI.String()] = e.Value
+		}
+	}
+
+	return out, nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/sdpsemantics.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/sdpsemantics.go
new file mode 100644
index 000000000..b8d396c9b
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/sdpsemantics.go
@@ -0,0 +1,74 @@
+package webrtc
+
+import (
+	"encoding/json"
+)
+
+// SDPSemantics determines which style of SDP offers and answers
+// can be used
+type SDPSemantics int
+
+const (
+	// SDPSemanticsUnifiedPlan uses unified-plan offers and answers
+	// (the default in Chrome since M72)
+	// https://tools.ietf.org/html/draft-roach-mmusic-unified-plan-00
+	SDPSemanticsUnifiedPlan SDPSemantics = iota
+
+	// SDPSemanticsPlanB uses plan-b offers and answers
+	// NB: This format should be considered deprecated
+	// https://tools.ietf.org/html/draft-uberti-rtcweb-plan-00
+	SDPSemanticsPlanB
+
+	// SDPSemanticsUnifiedPlanWithFallback prefers unified-plan
+	// offers and answers, but will respond to a plan-b offer
+	// with a plan-b answer
+	SDPSemanticsUnifiedPlanWithFallback
+)
+
+const (
+	sdpSemanticsUnifiedPlanWithFallback = "unified-plan-with-fallback"
+	sdpSemanticsUnifiedPlan             = "unified-plan"
+	sdpSemanticsPlanB                   = "plan-b"
+)
+
+func newSDPSemantics(raw string) SDPSemantics {
+	switch raw {
+	case sdpSemanticsUnifiedPlan:
+		return SDPSemanticsUnifiedPlan
+	case sdpSemanticsPlanB:
+		return SDPSemanticsPlanB
+	case sdpSemanticsUnifiedPlanWithFallback:
+		return SDPSemanticsUnifiedPlanWithFallback
+	default:
+		return SDPSemantics(Unknown)
+	}
+}
+
+func (s SDPSemantics) String() string {
+	switch s {
+	case SDPSemanticsUnifiedPlanWithFallback:
+		return sdpSemanticsUnifiedPlanWithFallback
+	case SDPSemanticsUnifiedPlan:
+		return sdpSemanticsUnifiedPlan
+	case SDPSemanticsPlanB:
+		return sdpSemanticsPlanB
+	default:
+		return ErrUnknownType.Error()
+	}
+}
+
+// UnmarshalJSON parses the JSON-encoded data and stores the result
+func (s *SDPSemantics) UnmarshalJSON(b []byte) error {
+	var val string
+	if err := json.Unmarshal(b, &val); err != nil {
+		return err
+	}
+
+	*s = newSDPSemantics(val)
+	return nil
+}
+
+// MarshalJSON returns the JSON encoding
+func (s SDPSemantics) MarshalJSON() ([]byte, error) {
+	return json.Marshal(s.String())
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/sdptype.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/sdptype.go
new file mode 100644
index 000000000..bd49b6d14
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/sdptype.go
@@ -0,0 +1,100 @@
+package webrtc
+
+import (
+	"encoding/json"
+	"strings"
+)
+
+// SDPType describes the type of an SessionDescription.
+type SDPType int
+
+const (
+	// SDPTypeOffer indicates that a description MUST be treated as an SDP
+	// offer.
+	SDPTypeOffer SDPType = iota + 1
+
+	// SDPTypePranswer indicates that a description MUST be treated as an
+	// SDP answer, but not a final answer. A description used as an SDP
+	// pranswer may be applied as a response to an SDP offer, or an update to
+	// a previously sent SDP pranswer.
+	SDPTypePranswer
+
+	// SDPTypeAnswer indicates that a description MUST be treated as an SDP
+	// final answer, and the offer-answer exchange MUST be considered complete.
+	// A description used as an SDP answer may be applied as a response to an
+	// SDP offer or as an update to a previously sent SDP pranswer.
+	SDPTypeAnswer
+
+	// SDPTypeRollback indicates that a description MUST be treated as
+	// canceling the current SDP negotiation and moving the SDP offer and
+	// answer back to what it was in the previous stable state. Note the
+	// local or remote SDP descriptions in the previous stable state could be
+	// null if there has not yet been a successful offer-answer negotiation.
+	SDPTypeRollback
+)
+
+// This is done this way because of a linter.
+const (
+	sdpTypeOfferStr    = "offer"
+	sdpTypePranswerStr = "pranswer"
+	sdpTypeAnswerStr   = "answer"
+	sdpTypeRollbackStr = "rollback"
+)
+
+// NewSDPType creates an SDPType from a string
+func NewSDPType(raw string) SDPType {
+	switch raw {
+	case sdpTypeOfferStr:
+		return SDPTypeOffer
+	case sdpTypePranswerStr:
+		return SDPTypePranswer
+	case sdpTypeAnswerStr:
+		return SDPTypeAnswer
+	case sdpTypeRollbackStr:
+		return SDPTypeRollback
+	default:
+		return SDPType(Unknown)
+	}
+}
+
+func (t SDPType) String() string {
+	switch t {
+	case SDPTypeOffer:
+		return sdpTypeOfferStr
+	case SDPTypePranswer:
+		return sdpTypePranswerStr
+	case SDPTypeAnswer:
+		return sdpTypeAnswerStr
+	case SDPTypeRollback:
+		return sdpTypeRollbackStr
+	default:
+		return ErrUnknownType.Error()
+	}
+}
+
+// MarshalJSON enables JSON marshaling of a SDPType
+func (t SDPType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(t.String())
+}
+
+// UnmarshalJSON enables JSON unmarshaling of a SDPType
+func (t *SDPType) UnmarshalJSON(b []byte) error {
+	var s string
+	if err := json.Unmarshal(b, &s); err != nil {
+		return err
+	}
+	switch strings.ToLower(s) {
+	default:
+		return ErrUnknownType
+	case "offer":
+		*t = SDPTypeOffer
+	case "pranswer":
+		*t = SDPTypePranswer
+	case "answer":
+		*t = SDPTypeAnswer
+	case "rollback":
+		*t = SDPTypeRollback
+	}
+
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/sessiondescription.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/sessiondescription.go
new file mode 100644
index 000000000..ea8927e02
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/sessiondescription.go
@@ -0,0 +1,25 @@
+package webrtc
+
+import (
+	"github.com/pion/sdp/v3"
+)
+
+// SessionDescription is used to expose local and remote session descriptions.
+type SessionDescription struct {
+	Type SDPType `json:"type"`
+	SDP  string  `json:"sdp"`
+
+	// This will never be initialized by callers, internal use only
+	parsed *sdp.SessionDescription
+}
+
+// Unmarshal is a helper to deserialize the sdp, and re-use it internally
+// if required
+func (sd *SessionDescription) Unmarshal() (*sdp.SessionDescription, error) {
+	if sd.parsed != nil {
+		return sd.parsed, nil
+	}
+	sd.parsed = &sdp.SessionDescription{}
+	err := sd.parsed.Unmarshal([]byte(sd.SDP))
+	return sd.parsed, err
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/settingengine.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/settingengine.go
new file mode 100644
index 000000000..dbbd3f3e8
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/settingengine.go
@@ -0,0 +1,257 @@
+// +build !js
+
+package webrtc
+
+import (
+	"io"
+	"time"
+
+	"github.com/pion/ice/v2"
+	"github.com/pion/logging"
+	"github.com/pion/transport/packetio"
+	"github.com/pion/transport/vnet"
+	"golang.org/x/net/proxy"
+)
+
+// SettingEngine allows influencing behavior in ways that are not
+// supported by the WebRTC API. This allows us to support additional
+// use-cases without deviating from the WebRTC API elsewhere.
+type SettingEngine struct {
+	ephemeralUDP struct {
+		PortMin uint16
+		PortMax uint16
+	}
+	detach struct {
+		DataChannels bool
+	}
+	timeout struct {
+		ICEDisconnectedTimeout    *time.Duration
+		ICEFailedTimeout          *time.Duration
+		ICEKeepaliveInterval      *time.Duration
+		ICEHostAcceptanceMinWait  *time.Duration
+		ICESrflxAcceptanceMinWait *time.Duration
+		ICEPrflxAcceptanceMinWait *time.Duration
+		ICERelayAcceptanceMinWait *time.Duration
+	}
+	candidates struct {
+		ICELite                bool
+		ICENetworkTypes        []NetworkType
+		InterfaceFilter        func(string) bool
+		NAT1To1IPs             []string
+		NAT1To1IPCandidateType ICECandidateType
+		MulticastDNSMode       ice.MulticastDNSMode
+		MulticastDNSHostName   string
+		UsernameFragment       string
+		Password               string
+	}
+	replayProtection struct {
+		DTLS  *uint
+		SRTP  *uint
+		SRTCP *uint
+	}
+	sdpMediaLevelFingerprints                 bool
+	answeringDTLSRole                         DTLSRole
+	disableCertificateFingerprintVerification bool
+	disableSRTPReplayProtection               bool
+	disableSRTCPReplayProtection              bool
+	vnet                                      *vnet.Net
+	BufferFactory                             func(packetType packetio.BufferPacketType, ssrc uint32) io.ReadWriteCloser
+	LoggerFactory                             logging.LoggerFactory
+	iceTCPMux                                 ice.TCPMux
+	iceProxyDialer                            proxy.Dialer
+}
+
+// DetachDataChannels enables detaching data channels. When enabled
+// data channels have to be detached in the OnOpen callback using the
+// DataChannel.Detach method.
+func (e *SettingEngine) DetachDataChannels() {
+	e.detach.DataChannels = true
+}
+
+// SetICETimeouts sets the behavior around ICE Timeouts
+// * disconnectedTimeout is the duration without network activity before a Agent is considered disconnected. Default is 5 Seconds
+// * failedTimeout is the duration without network activity before a Agent is considered failed after disconnected. Default is 25 Seconds
+// * keepAliveInterval is how often the ICE Agent sends extra traffic if there is no activity, if media is flowing no traffic will be sent. Default is 2 seconds
+func (e *SettingEngine) SetICETimeouts(disconnectedTimeout, failedTimeout, keepAliveInterval time.Duration) {
+	e.timeout.ICEDisconnectedTimeout = &disconnectedTimeout
+	e.timeout.ICEFailedTimeout = &failedTimeout
+	e.timeout.ICEKeepaliveInterval = &keepAliveInterval
+}
+
+// SetHostAcceptanceMinWait sets the ICEHostAcceptanceMinWait
+func (e *SettingEngine) SetHostAcceptanceMinWait(t time.Duration) {
+	e.timeout.ICEHostAcceptanceMinWait = &t
+}
+
+// SetSrflxAcceptanceMinWait sets the ICESrflxAcceptanceMinWait
+func (e *SettingEngine) SetSrflxAcceptanceMinWait(t time.Duration) {
+	e.timeout.ICESrflxAcceptanceMinWait = &t
+}
+
+// SetPrflxAcceptanceMinWait sets the ICEPrflxAcceptanceMinWait
+func (e *SettingEngine) SetPrflxAcceptanceMinWait(t time.Duration) {
+	e.timeout.ICEPrflxAcceptanceMinWait = &t
+}
+
+// SetRelayAcceptanceMinWait sets the ICERelayAcceptanceMinWait
+func (e *SettingEngine) SetRelayAcceptanceMinWait(t time.Duration) {
+	e.timeout.ICERelayAcceptanceMinWait = &t
+}
+
+// SetEphemeralUDPPortRange limits the pool of ephemeral ports that
+// ICE UDP connections can allocate from. This affects both host candidates,
+// and the local address of server reflexive candidates.
+func (e *SettingEngine) SetEphemeralUDPPortRange(portMin, portMax uint16) error {
+	if portMax < portMin {
+		return ice.ErrPort
+	}
+
+	e.ephemeralUDP.PortMin = portMin
+	e.ephemeralUDP.PortMax = portMax
+	return nil
+}
+
+// SetLite configures whether or not the ice agent should be a lite agent
+func (e *SettingEngine) SetLite(lite bool) {
+	e.candidates.ICELite = lite
+}
+
+// SetNetworkTypes configures what types of candidate networks are supported
+// during local and server reflexive gathering.
+func (e *SettingEngine) SetNetworkTypes(candidateTypes []NetworkType) {
+	e.candidates.ICENetworkTypes = candidateTypes
+}
+
+// SetInterfaceFilter sets the filtering functions when gathering ICE candidates
+// This can be used to exclude certain network interfaces from ICE. Which may be
+// useful if you know a certain interface will never succeed, or if you wish to reduce
+// the amount of information you wish to expose to the remote peer
+func (e *SettingEngine) SetInterfaceFilter(filter func(string) bool) {
+	e.candidates.InterfaceFilter = filter
+}
+
+// SetNAT1To1IPs sets a list of external IP addresses of 1:1 (D)NAT
+// and a candidate type for which the external IP address is used.
+// This is useful when you are host a server using Pion on an AWS EC2 instance
+// which has a private address, behind a 1:1 DNAT with a public IP (e.g.
+// Elastic IP). In this case, you can give the public IP address so that
+// Pion will use the public IP address in its candidate instead of the private
+// IP address. The second argument, candidateType, is used to tell Pion which
+// type of candidate should use the given public IP address.
+// Two types of candidates are supported:
+//
+// ICECandidateTypeHost:
+//		The public IP address will be used for the host candidate in the SDP.
+// ICECandidateTypeSrflx:
+//		A server reflexive candidate with the given public IP address will be added
+// to the SDP.
+//
+// Please note that if you choose ICECandidateTypeHost, then the private IP address
+// won't be advertised with the peer. Also, this option cannot be used along with mDNS.
+//
+// If you choose ICECandidateTypeSrflx, it simply adds a server reflexive candidate
+// with the public IP. The host candidate is still available along with mDNS
+// capabilities unaffected. Also, you cannot give STUN server URL at the same time.
+// It will result in an error otherwise.
+func (e *SettingEngine) SetNAT1To1IPs(ips []string, candidateType ICECandidateType) {
+	e.candidates.NAT1To1IPs = ips
+	e.candidates.NAT1To1IPCandidateType = candidateType
+}
+
+// SetAnsweringDTLSRole sets the DTLS role that is selected when offering
+// The DTLS role controls if the WebRTC Client as a client or server. This
+// may be useful when interacting with non-compliant clients or debugging issues.
+//
+// DTLSRoleActive:
+// 		Act as DTLS Client, send the ClientHello and starts the handshake
+// DTLSRolePassive:
+// 		Act as DTLS Server, wait for ClientHello
+func (e *SettingEngine) SetAnsweringDTLSRole(role DTLSRole) error {
+	if role != DTLSRoleClient && role != DTLSRoleServer {
+		return errSettingEngineSetAnsweringDTLSRole
+	}
+
+	e.answeringDTLSRole = role
+	return nil
+}
+
+// SetVNet sets the VNet instance that is passed to pion/ice
+//
+// VNet is a virtual network layer for Pion, allowing users to simulate
+// different topologies, latency, loss and jitter. This can be useful for
+// learning WebRTC concepts or testing your application in a lab environment
+func (e *SettingEngine) SetVNet(vnet *vnet.Net) {
+	e.vnet = vnet
+}
+
+// SetICEMulticastDNSMode controls if pion/ice queries and generates mDNS ICE Candidates
+func (e *SettingEngine) SetICEMulticastDNSMode(multicastDNSMode ice.MulticastDNSMode) {
+	e.candidates.MulticastDNSMode = multicastDNSMode
+}
+
+// SetMulticastDNSHostName sets a static HostName to be used by pion/ice instead of generating one on startup
+//
+// This should only be used for a single PeerConnection. Having multiple PeerConnections with the same HostName will cause
+// undefined behavior
+func (e *SettingEngine) SetMulticastDNSHostName(hostName string) {
+	e.candidates.MulticastDNSHostName = hostName
+}
+
+// SetICECredentials sets a staic uFrag/uPwd to be used by pion/ice
+//
+// This is useful if you want to do signalless WebRTC session, or having a reproducible environment with static credentials
+func (e *SettingEngine) SetICECredentials(usernameFragment, password string) {
+	e.candidates.UsernameFragment = usernameFragment
+	e.candidates.Password = password
+}
+
+// DisableCertificateFingerprintVerification disables fingerprint verification after DTLS Handshake has finished
+func (e *SettingEngine) DisableCertificateFingerprintVerification(isDisabled bool) {
+	e.disableCertificateFingerprintVerification = isDisabled
+}
+
+// SetDTLSReplayProtectionWindow sets a replay attack protection window size of DTLS connection.
+func (e *SettingEngine) SetDTLSReplayProtectionWindow(n uint) {
+	e.replayProtection.DTLS = &n
+}
+
+// SetSRTPReplayProtectionWindow sets a replay attack protection window size of SRTP session.
+func (e *SettingEngine) SetSRTPReplayProtectionWindow(n uint) {
+	e.disableSRTPReplayProtection = false
+	e.replayProtection.SRTP = &n
+}
+
+// SetSRTCPReplayProtectionWindow sets a replay attack protection window size of SRTCP session.
+func (e *SettingEngine) SetSRTCPReplayProtectionWindow(n uint) {
+	e.disableSRTCPReplayProtection = false
+	e.replayProtection.SRTCP = &n
+}
+
+// DisableSRTPReplayProtection disables SRTP replay protection.
+func (e *SettingEngine) DisableSRTPReplayProtection(isDisabled bool) {
+	e.disableSRTPReplayProtection = isDisabled
+}
+
+// DisableSRTCPReplayProtection disables SRTCP replay protection.
+func (e *SettingEngine) DisableSRTCPReplayProtection(isDisabled bool) {
+	e.disableSRTCPReplayProtection = isDisabled
+}
+
+// SetSDPMediaLevelFingerprints configures the logic for DTLS Fingerprint insertion
+// If true, fingerprints will be inserted in the sdp at the fingerprint
+// level, instead of the session level. This helps with compatibility with
+// some webrtc implementations.
+func (e *SettingEngine) SetSDPMediaLevelFingerprints(sdpMediaLevelFingerprints bool) {
+	e.sdpMediaLevelFingerprints = sdpMediaLevelFingerprints
+}
+
+// SetICETCPMux enables ICE-TCP when set to a non-nil value. Make sure that
+// NetworkTypeTCP4 or NetworkTypeTCP6 is enabled as well.
+func (e *SettingEngine) SetICETCPMux(tcpMux ice.TCPMux) {
+	e.iceTCPMux = tcpMux
+}
+
+// SetICEProxyDialer sets the proxy dialer interface based on golang.org/x/net/proxy.
+func (e *SettingEngine) SetICEProxyDialer(d proxy.Dialer) {
+	e.iceProxyDialer = d
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/settingengine_js.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/settingengine_js.go
new file mode 100644
index 000000000..5b77d6602
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/settingengine_js.go
@@ -0,0 +1,19 @@
+// +build js,wasm
+
+package webrtc
+
+// SettingEngine allows influencing behavior in ways that are not
+// supported by the WebRTC API. This allows us to support additional
+// use-cases without deviating from the WebRTC API elsewhere.
+type SettingEngine struct {
+	detach struct {
+		DataChannels bool
+	}
+}
+
+// DetachDataChannels enables detaching data channels. When enabled
+// data channels have to be detached in the OnOpen callback using the
+// DataChannel.Detach method.
+func (e *SettingEngine) DetachDataChannels() {
+	e.detach.DataChannels = true
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/signalingstate.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/signalingstate.go
new file mode 100644
index 000000000..b64dffca8
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/signalingstate.go
@@ -0,0 +1,188 @@
+package webrtc
+
+import (
+	"fmt"
+	"sync/atomic"
+
+	"github.com/pion/webrtc/v3/pkg/rtcerr"
+)
+
+type stateChangeOp int
+
+const (
+	stateChangeOpSetLocal stateChangeOp = iota + 1
+	stateChangeOpSetRemote
+)
+
+func (op stateChangeOp) String() string {
+	switch op {
+	case stateChangeOpSetLocal:
+		return "SetLocal"
+	case stateChangeOpSetRemote:
+		return "SetRemote"
+	default:
+		return "Unknown State Change Operation"
+	}
+}
+
+// SignalingState indicates the signaling state of the offer/answer process.
+type SignalingState int32
+
+const (
+	// SignalingStateStable indicates there is no offer/answer exchange in
+	// progress. This is also the initial state, in which case the local and
+	// remote descriptions are nil.
+	SignalingStateStable SignalingState = iota + 1
+
+	// SignalingStateHaveLocalOffer indicates that a local description, of
+	// type "offer", has been successfully applied.
+	SignalingStateHaveLocalOffer
+
+	// SignalingStateHaveRemoteOffer indicates that a remote description, of
+	// type "offer", has been successfully applied.
+	SignalingStateHaveRemoteOffer
+
+	// SignalingStateHaveLocalPranswer indicates that a remote description
+	// of type "offer" has been successfully applied and a local description
+	// of type "pranswer" has been successfully applied.
+	SignalingStateHaveLocalPranswer
+
+	// SignalingStateHaveRemotePranswer indicates that a local description
+	// of type "offer" has been successfully applied and a remote description
+	// of type "pranswer" has been successfully applied.
+	SignalingStateHaveRemotePranswer
+
+	// SignalingStateClosed indicates The PeerConnection has been closed.
+	SignalingStateClosed
+)
+
+// This is done this way because of a linter.
+const (
+	signalingStateStableStr             = "stable"
+	signalingStateHaveLocalOfferStr     = "have-local-offer"
+	signalingStateHaveRemoteOfferStr    = "have-remote-offer"
+	signalingStateHaveLocalPranswerStr  = "have-local-pranswer"
+	signalingStateHaveRemotePranswerStr = "have-remote-pranswer"
+	signalingStateClosedStr             = "closed"
+)
+
+func newSignalingState(raw string) SignalingState {
+	switch raw {
+	case signalingStateStableStr:
+		return SignalingStateStable
+	case signalingStateHaveLocalOfferStr:
+		return SignalingStateHaveLocalOffer
+	case signalingStateHaveRemoteOfferStr:
+		return SignalingStateHaveRemoteOffer
+	case signalingStateHaveLocalPranswerStr:
+		return SignalingStateHaveLocalPranswer
+	case signalingStateHaveRemotePranswerStr:
+		return SignalingStateHaveRemotePranswer
+	case signalingStateClosedStr:
+		return SignalingStateClosed
+	default:
+		return SignalingState(Unknown)
+	}
+}
+
+func (t SignalingState) String() string {
+	switch t {
+	case SignalingStateStable:
+		return signalingStateStableStr
+	case SignalingStateHaveLocalOffer:
+		return signalingStateHaveLocalOfferStr
+	case SignalingStateHaveRemoteOffer:
+		return signalingStateHaveRemoteOfferStr
+	case SignalingStateHaveLocalPranswer:
+		return signalingStateHaveLocalPranswerStr
+	case SignalingStateHaveRemotePranswer:
+		return signalingStateHaveRemotePranswerStr
+	case SignalingStateClosed:
+		return signalingStateClosedStr
+	default:
+		return ErrUnknownType.Error()
+	}
+}
+
+// Get thread safe read value
+func (t *SignalingState) Get() SignalingState {
+	return SignalingState(atomic.LoadInt32((*int32)(t)))
+}
+
+// Set thread safe write value
+func (t *SignalingState) Set(state SignalingState) {
+	atomic.StoreInt32((*int32)(t), int32(state))
+}
+
+func checkNextSignalingState(cur, next SignalingState, op stateChangeOp, sdpType SDPType) (SignalingState, error) { // nolint:gocognit
+	// Special case for rollbacks
+	if sdpType == SDPTypeRollback && cur == SignalingStateStable {
+		return cur, &rtcerr.InvalidModificationError{
+			Err: errSignalingStateCannotRollback,
+		}
+	}
+
+	// 4.3.1 valid state transitions
+	switch cur { // nolint:exhaustive
+	case SignalingStateStable:
+		switch op {
+		case stateChangeOpSetLocal:
+			// stable->SetLocal(offer)->have-local-offer
+			if sdpType == SDPTypeOffer && next == SignalingStateHaveLocalOffer {
+				return next, nil
+			}
+		case stateChangeOpSetRemote:
+			// stable->SetRemote(offer)->have-remote-offer
+			if sdpType == SDPTypeOffer && next == SignalingStateHaveRemoteOffer {
+				return next, nil
+			}
+		}
+	case SignalingStateHaveLocalOffer:
+		if op == stateChangeOpSetRemote {
+			switch sdpType { // nolint:exhaustive
+			// have-local-offer->SetRemote(answer)->stable
+			case SDPTypeAnswer:
+				if next == SignalingStateStable {
+					return next, nil
+				}
+			// have-local-offer->SetRemote(pranswer)->have-remote-pranswer
+			case SDPTypePranswer:
+				if next == SignalingStateHaveRemotePranswer {
+					return next, nil
+				}
+			}
+		}
+	case SignalingStateHaveRemotePranswer:
+		if op == stateChangeOpSetRemote && sdpType == SDPTypeAnswer {
+			// have-remote-pranswer->SetRemote(answer)->stable
+			if next == SignalingStateStable {
+				return next, nil
+			}
+		}
+	case SignalingStateHaveRemoteOffer:
+		if op == stateChangeOpSetLocal {
+			switch sdpType { // nolint:exhaustive
+			// have-remote-offer->SetLocal(answer)->stable
+			case SDPTypeAnswer:
+				if next == SignalingStateStable {
+					return next, nil
+				}
+			// have-remote-offer->SetLocal(pranswer)->have-local-pranswer
+			case SDPTypePranswer:
+				if next == SignalingStateHaveLocalPranswer {
+					return next, nil
+				}
+			}
+		}
+	case SignalingStateHaveLocalPranswer:
+		if op == stateChangeOpSetLocal && sdpType == SDPTypeAnswer {
+			// have-local-pranswer->SetLocal(answer)->stable
+			if next == SignalingStateStable {
+				return next, nil
+			}
+		}
+	}
+	return cur, &rtcerr.InvalidModificationError{
+		Err: fmt.Errorf("%w: %s->%s(%s)->%s", errSignalingStateProposedTransitionInvalid, cur, op, sdpType, next),
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/srtp_writer_future.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/srtp_writer_future.go
new file mode 100644
index 000000000..fd3d22107
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/srtp_writer_future.go
@@ -0,0 +1,105 @@
+// +build !js
+
+package webrtc
+
+import (
+	"io"
+	"sync/atomic"
+
+	"github.com/pion/rtp"
+	"github.com/pion/srtp/v2"
+)
+
+// srtpWriterFuture blocks Read/Write calls until
+// the SRTP Session is available
+type srtpWriterFuture struct {
+	rtpSender      *RTPSender
+	rtcpReadStream atomic.Value // *srtp.ReadStreamSRTCP
+	rtpWriteStream atomic.Value // *srtp.WriteStreamSRTP
+}
+
+func (s *srtpWriterFuture) init(returnWhenNoSRTP bool) error {
+	if returnWhenNoSRTP {
+		select {
+		case <-s.rtpSender.stopCalled:
+			return io.ErrClosedPipe
+		case <-s.rtpSender.transport.srtpReady:
+		default:
+			return nil
+		}
+	} else {
+		select {
+		case <-s.rtpSender.stopCalled:
+			return io.ErrClosedPipe
+		case <-s.rtpSender.transport.srtpReady:
+		}
+	}
+
+	srtcpSession, err := s.rtpSender.transport.getSRTCPSession()
+	if err != nil {
+		return err
+	}
+
+	rtcpReadStream, err := srtcpSession.OpenReadStream(uint32(s.rtpSender.ssrc))
+	if err != nil {
+		return err
+	}
+
+	srtpSession, err := s.rtpSender.transport.getSRTPSession()
+	if err != nil {
+		return err
+	}
+
+	rtpWriteStream, err := srtpSession.OpenWriteStream()
+	if err != nil {
+		return err
+	}
+
+	s.rtcpReadStream.Store(rtcpReadStream)
+	s.rtpWriteStream.Store(rtpWriteStream)
+	return nil
+}
+
+func (s *srtpWriterFuture) Close() error {
+	if value := s.rtcpReadStream.Load(); value != nil {
+		return value.(*srtp.ReadStreamSRTCP).Close()
+	}
+
+	return nil
+}
+
+func (s *srtpWriterFuture) Read(b []byte) (n int, err error) {
+	if value := s.rtcpReadStream.Load(); value != nil {
+		return value.(*srtp.ReadStreamSRTCP).Read(b)
+	}
+
+	if err := s.init(false); err != nil || s.rtcpReadStream.Load() == nil {
+		return 0, err
+	}
+
+	return s.Read(b)
+}
+
+func (s *srtpWriterFuture) WriteRTP(header *rtp.Header, payload []byte) (int, error) {
+	if value := s.rtpWriteStream.Load(); value != nil {
+		return value.(*srtp.WriteStreamSRTP).WriteRTP(header, payload)
+	}
+
+	if err := s.init(true); err != nil || s.rtpWriteStream.Load() == nil {
+		return 0, err
+	}
+
+	return s.WriteRTP(header, payload)
+}
+
+func (s *srtpWriterFuture) Write(b []byte) (int, error) {
+	if value := s.rtpWriteStream.Load(); value != nil {
+		return value.(*srtp.WriteStreamSRTP).Write(b)
+	}
+
+	if err := s.init(true); err != nil || s.rtpWriteStream.Load() == nil {
+		return 0, err
+	}
+
+	return s.Write(b)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/stats.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/stats.go
new file mode 100644
index 000000000..a218d9e8f
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/stats.go
@@ -0,0 +1,1452 @@
+package webrtc
+
+import (
+	"fmt"
+	"sync"
+	"time"
+
+	"github.com/pion/ice/v2"
+)
+
+// A Stats object contains a set of statistics copies out of a monitored component
+// of the WebRTC stack at a specific time.
+type Stats interface{}
+
+// StatsType indicates the type of the object that a Stats object represents.
+type StatsType string
+
+const (
+	// StatsTypeCodec is used by CodecStats.
+	StatsTypeCodec StatsType = "codec"
+
+	// StatsTypeInboundRTP is used by InboundRTPStreamStats.
+	StatsTypeInboundRTP StatsType = "inbound-rtp"
+
+	// StatsTypeOutboundRTP is used by OutboundRTPStreamStats.
+	StatsTypeOutboundRTP StatsType = "outbound-rtp"
+
+	// StatsTypeRemoteInboundRTP is used by RemoteInboundRTPStreamStats.
+	StatsTypeRemoteInboundRTP StatsType = "remote-inbound-rtp"
+
+	// StatsTypeRemoteOutboundRTP is used by RemoteOutboundRTPStreamStats.
+	StatsTypeRemoteOutboundRTP StatsType = "remote-outbound-rtp"
+
+	// StatsTypeCSRC is used by RTPContributingSourceStats.
+	StatsTypeCSRC StatsType = "csrc"
+
+	// StatsTypePeerConnection used by PeerConnectionStats.
+	StatsTypePeerConnection StatsType = "peer-connection"
+
+	// StatsTypeDataChannel is used by DataChannelStats.
+	StatsTypeDataChannel StatsType = "data-channel"
+
+	// StatsTypeStream is used by MediaStreamStats.
+	StatsTypeStream StatsType = "stream"
+
+	// StatsTypeTrack is used by SenderVideoTrackAttachmentStats and SenderAudioTrackAttachmentStats.
+	StatsTypeTrack StatsType = "track"
+
+	// StatsTypeSender is used by by the AudioSenderStats or VideoSenderStats depending on kind.
+	StatsTypeSender StatsType = "sender"
+
+	// StatsTypeReceiver is used by the AudioReceiverStats or VideoReceiverStats depending on kind.
+	StatsTypeReceiver StatsType = "receiver"
+
+	// StatsTypeTransport is used by TransportStats.
+	StatsTypeTransport StatsType = "transport"
+
+	// StatsTypeCandidatePair is used by ICECandidatePairStats.
+	StatsTypeCandidatePair StatsType = "candidate-pair"
+
+	// StatsTypeLocalCandidate is used by ICECandidateStats for the local candidate.
+	StatsTypeLocalCandidate StatsType = "local-candidate"
+
+	// StatsTypeRemoteCandidate is used by ICECandidateStats for the remote candidate.
+	StatsTypeRemoteCandidate StatsType = "remote-candidate"
+
+	// StatsTypeCertificate is used by CertificateStats.
+	StatsTypeCertificate StatsType = "certificate"
+)
+
+// StatsTimestamp is a timestamp represented by the floating point number of
+// milliseconds since the epoch.
+type StatsTimestamp float64
+
+// Time returns the time.Time represented by this timestamp.
+func (s StatsTimestamp) Time() time.Time {
+	millis := float64(s)
+	nanos := int64(millis * float64(time.Millisecond))
+
+	return time.Unix(0, nanos).UTC()
+}
+
+func statsTimestampFrom(t time.Time) StatsTimestamp {
+	return StatsTimestamp(t.UnixNano() / int64(time.Millisecond))
+}
+
+func statsTimestampNow() StatsTimestamp {
+	return statsTimestampFrom(time.Now())
+}
+
+// StatsReport collects Stats objects indexed by their ID.
+type StatsReport map[string]Stats
+
+type statsReportCollector struct {
+	collectingGroup sync.WaitGroup
+	report          StatsReport
+	mux             sync.Mutex
+}
+
+func newStatsReportCollector() *statsReportCollector {
+	return &statsReportCollector{report: make(StatsReport)}
+}
+
+func (src *statsReportCollector) Collecting() {
+	src.collectingGroup.Add(1)
+}
+
+func (src *statsReportCollector) Collect(id string, stats Stats) {
+	src.mux.Lock()
+	defer src.mux.Unlock()
+
+	src.report[id] = stats
+	src.collectingGroup.Done()
+}
+
+func (src *statsReportCollector) Done() {
+	src.collectingGroup.Done()
+}
+
+func (src *statsReportCollector) Ready() StatsReport {
+	src.collectingGroup.Wait()
+	src.mux.Lock()
+	defer src.mux.Unlock()
+	return src.report
+}
+
+// CodecType specifies whether a CodecStats objects represents a media format
+// that is being encoded or decoded
+type CodecType string
+
+const (
+	// CodecTypeEncode means the attached CodecStats represents a media format that
+	// is being encoded, or that the implementation is prepared to encode.
+	CodecTypeEncode CodecType = "encode"
+
+	// CodecTypeDecode means the attached CodecStats represents a media format
+	// that the implementation is prepared to decode.
+	CodecTypeDecode CodecType = "decode"
+)
+
+// CodecStats contains statistics for a codec that is currently being used by RTP streams
+// being sent or received by this PeerConnection object.
+type CodecStats struct {
+	// Timestamp is the timestamp associated with this object.
+	Timestamp StatsTimestamp `json:"timestamp"`
+
+	// Type is the object's StatsType
+	Type StatsType `json:"type"`
+
+	// ID is a unique id that is associated with the component inspected to produce
+	// this Stats object. Two Stats objects will have the same ID if they were produced
+	// by inspecting the same underlying object.
+	ID string `json:"id"`
+
+	// PayloadType as used in RTP encoding or decoding
+	PayloadType PayloadType `json:"payloadType"`
+
+	// CodecType of this CodecStats
+	CodecType CodecType `json:"codecType"`
+
+	// TransportID is the unique identifier of the transport on which this codec is
+	// being used, which can be used to look up the corresponding TransportStats object.
+	TransportID string `json:"transportId"`
+
+	// MimeType is the codec MIME media type/subtype. e.g., video/vp8 or equivalent.
+	MimeType string `json:"mimeType"`
+
+	// ClockRate represents the media sampling rate.
+	ClockRate uint32 `json:"clockRate"`
+
+	// Channels is 2 for stereo, missing for most other cases.
+	Channels uint8 `json:"channels"`
+
+	// SDPFmtpLine is the a=fmtp line in the SDP corresponding to the codec,
+	// i.e., after the colon following the PT.
+	SDPFmtpLine string `json:"sdpFmtpLine"`
+
+	// Implementation identifies the implementation used. This is useful for diagnosing
+	// interoperability issues.
+	Implementation string `json:"implementation"`
+}
+
+// InboundRTPStreamStats contains statistics for an inbound RTP stream that is
+// currently received with this PeerConnection object.
+type InboundRTPStreamStats struct {
+	// Timestamp is the timestamp associated with this object.
+	Timestamp StatsTimestamp `json:"timestamp"`
+
+	// Type is the object's StatsType
+	Type StatsType `json:"type"`
+
+	// ID is a unique id that is associated with the component inspected to produce
+	// this Stats object. Two Stats objects will have the same ID if they were produced
+	// by inspecting the same underlying object.
+	ID string `json:"id"`
+
+	// SSRC is the 32-bit unsigned integer value used to identify the source of the
+	// stream of RTP packets that this stats object concerns.
+	SSRC SSRC `json:"ssrc"`
+
+	// Kind is either "audio" or "video"
+	Kind string `json:"kind"`
+
+	// It is a unique identifier that is associated to the object that was inspected
+	// to produce the TransportStats associated with this RTP stream.
+	TransportID string `json:"transportId"`
+
+	// CodecID is a unique identifier that is associated to the object that was inspected
+	// to produce the CodecStats associated with this RTP stream.
+	CodecID string `json:"codecId"`
+
+	// FIRCount counts the total number of Full Intra Request (FIR) packets received
+	// by the sender. This metric is only valid for video and is sent by receiver.
+	FIRCount uint32 `json:"firCount"`
+
+	// PLICount counts the total number of Picture Loss Indication (PLI) packets
+	// received by the sender. This metric is only valid for video and is sent by receiver.
+	PLICount uint32 `json:"pliCount"`
+
+	// NACKCount counts the total number of Negative ACKnowledgement (NACK) packets
+	// received by the sender and is sent by receiver.
+	NACKCount uint32 `json:"nackCount"`
+
+	// SLICount counts the total number of Slice Loss Indication (SLI) packets received
+	// by the sender. This metric is only valid for video and is sent by receiver.
+	SLICount uint32 `json:"sliCount"`
+
+	// QPSum is the sum of the QP values of frames passed. The count of frames is
+	// in FramesDecoded for inbound stream stats, and in FramesEncoded for outbound stream stats.
+	QPSum uint64 `json:"qpSum"`
+
+	// PacketsReceived is the total number of RTP packets received for this SSRC.
+	PacketsReceived uint32 `json:"packetsReceived"`
+
+	// PacketsLost is the total number of RTP packets lost for this SSRC. Note that
+	// because of how this is estimated, it can be negative if more packets are received than sent.
+	PacketsLost int32 `json:"packetsLost"`
+
+	// Jitter is the packet jitter measured in seconds for this SSRC
+	Jitter float64 `json:"jitter"`
+
+	// PacketsDiscarded is the cumulative number of RTP packets discarded by the jitter
+	// buffer due to late or early-arrival, i.e., these packets are not played out.
+	// RTP packets discarded due to packet duplication are not reported in this metric.
+	PacketsDiscarded uint32 `json:"packetsDiscarded"`
+
+	// PacketsRepaired is the cumulative number of lost RTP packets repaired after applying
+	// an error-resilience mechanism. It is measured for the primary source RTP packets
+	// and only counted for RTP packets that have no further chance of repair.
+	PacketsRepaired uint32 `json:"packetsRepaired"`
+
+	// BurstPacketsLost is the cumulative number of RTP packets lost during loss bursts.
+	BurstPacketsLost uint32 `json:"burstPacketsLost"`
+
+	// BurstPacketsDiscarded is the cumulative number of RTP packets discarded during discard bursts.
+	BurstPacketsDiscarded uint32 `json:"burstPacketsDiscarded"`
+
+	// BurstLossCount is the cumulative number of bursts of lost RTP packets.
+	BurstLossCount uint32 `json:"burstLossCount"`
+
+	// BurstDiscardCount is the cumulative number of bursts of discarded RTP packets.
+	BurstDiscardCount uint32 `json:"burstDiscardCount"`
+
+	// BurstLossRate is the fraction of RTP packets lost during bursts to the
+	// total number of RTP packets expected in the bursts.
+	BurstLossRate float64 `json:"burstLossRate"`
+
+	// BurstDiscardRate is the fraction of RTP packets discarded during bursts to
+	// the total number of RTP packets expected in bursts.
+	BurstDiscardRate float64 `json:"burstDiscardRate"`
+
+	// GapLossRate is the fraction of RTP packets lost during the gap periods.
+	GapLossRate float64 `json:"gapLossRate"`
+
+	// GapDiscardRate is the fraction of RTP packets discarded during the gap periods.
+	GapDiscardRate float64 `json:"gapDiscardRate"`
+
+	// TrackID is the identifier of the stats object representing the receiving track,
+	// a ReceiverAudioTrackAttachmentStats or ReceiverVideoTrackAttachmentStats.
+	TrackID string `json:"trackId"`
+
+	// ReceiverID is the stats ID used to look up the AudioReceiverStats or VideoReceiverStats
+	// object receiving this stream.
+	ReceiverID string `json:"receiverId"`
+
+	// RemoteID is used for looking up the remote RemoteOutboundRTPStreamStats object
+	// for the same SSRC.
+	RemoteID string `json:"remoteId"`
+
+	// FramesDecoded represents the total number of frames correctly decoded for this SSRC,
+	// i.e., frames that would be displayed if no frames are dropped. Only valid for video.
+	FramesDecoded uint32 `json:"framesDecoded"`
+
+	// LastPacketReceivedTimestamp represents the timestamp at which the last packet was
+	// received for this SSRC. This differs from Timestamp, which represents the time
+	// at which the statistics were generated by the local endpoint.
+	LastPacketReceivedTimestamp StatsTimestamp `json:"lastPacketReceivedTimestamp"`
+
+	// AverageRTCPInterval is the average RTCP interval between two consecutive compound RTCP packets.
+	// This is calculated by the sending endpoint when sending compound RTCP reports.
+	// Compound packets must contain at least a RTCP RR or SR packet and an SDES packet
+	// with the CNAME item.
+	AverageRTCPInterval float64 `json:"averageRtcpInterval"`
+
+	// FECPacketsReceived is the total number of RTP FEC packets received for this SSRC.
+	// This counter can also be incremented when receiving FEC packets in-band with media packets (e.g., with Opus).
+	FECPacketsReceived uint32 `json:"fecPacketsReceived"`
+
+	// BytesReceived is the total number of bytes received for this SSRC.
+	BytesReceived uint64 `json:"bytesReceived"`
+
+	// PacketsFailedDecryption is the cumulative number of RTP packets that failed
+	// to be decrypted. These packets are not counted by PacketsDiscarded.
+	PacketsFailedDecryption uint32 `json:"packetsFailedDecryption"`
+
+	// PacketsDuplicated is the cumulative number of packets discarded because they
+	// are duplicated. Duplicate packets are not counted in PacketsDiscarded.
+	//
+	// Duplicated packets have the same RTP sequence number and content as a previously
+	// received packet. If multiple duplicates of a packet are received, all of them are counted.
+	// An improved estimate of lost packets can be calculated by adding PacketsDuplicated to PacketsLost.
+	PacketsDuplicated uint32 `json:"packetsDuplicated"`
+
+	// PerDSCPPacketsReceived is the total number of packets received for this SSRC,
+	// per Differentiated Services code point (DSCP) [RFC2474]. DSCPs are identified
+	// as decimal integers in string form. Note that due to network remapping and bleaching,
+	// these numbers are not expected to match the numbers seen on sending. Not all
+	// OSes make this information available.
+	PerDSCPPacketsReceived map[string]uint32 `json:"perDscpPacketsReceived"`
+}
+
+// QualityLimitationReason lists the reason for limiting the resolution and/or framerate.
+// Only valid for video.
+type QualityLimitationReason string
+
+const (
+	// QualityLimitationReasonNone means the resolution and/or framerate is not limited.
+	QualityLimitationReasonNone QualityLimitationReason = "none"
+
+	// QualityLimitationReasonCPU means the resolution and/or framerate is primarily limited due to CPU load.
+	QualityLimitationReasonCPU QualityLimitationReason = "cpu"
+
+	// QualityLimitationReasonBandwidth means the resolution and/or framerate is primarily limited due to congestion cues during bandwidth estimation. Typical, congestion control algorithms use inter-arrival time, round-trip time, packet or other congestion cues to perform bandwidth estimation.
+	QualityLimitationReasonBandwidth QualityLimitationReason = "bandwidth"
+
+	// QualityLimitationReasonOther means the resolution and/or framerate is primarily limited for a reason other than the above.
+	QualityLimitationReasonOther QualityLimitationReason = "other"
+)
+
+// OutboundRTPStreamStats contains statistics for an outbound RTP stream that is
+// currently sent with this PeerConnection object.
+type OutboundRTPStreamStats struct {
+	// Timestamp is the timestamp associated with this object.
+	Timestamp StatsTimestamp `json:"timestamp"`
+
+	// Type is the object's StatsType
+	Type StatsType `json:"type"`
+
+	// ID is a unique id that is associated with the component inspected to produce
+	// this Stats object. Two Stats objects will have the same ID if they were produced
+	// by inspecting the same underlying object.
+	ID string `json:"id"`
+
+	// SSRC is the 32-bit unsigned integer value used to identify the source of the
+	// stream of RTP packets that this stats object concerns.
+	SSRC SSRC `json:"ssrc"`
+
+	// Kind is either "audio" or "video"
+	Kind string `json:"kind"`
+
+	// It is a unique identifier that is associated to the object that was inspected
+	// to produce the TransportStats associated with this RTP stream.
+	TransportID string `json:"transportId"`
+
+	// CodecID is a unique identifier that is associated to the object that was inspected
+	// to produce the CodecStats associated with this RTP stream.
+	CodecID string `json:"codecId"`
+
+	// FIRCount counts the total number of Full Intra Request (FIR) packets received
+	// by the sender. This metric is only valid for video and is sent by receiver.
+	FIRCount uint32 `json:"firCount"`
+
+	// PLICount counts the total number of Picture Loss Indication (PLI) packets
+	// received by the sender. This metric is only valid for video and is sent by receiver.
+	PLICount uint32 `json:"pliCount"`
+
+	// NACKCount counts the total number of Negative ACKnowledgement (NACK) packets
+	// received by the sender and is sent by receiver.
+	NACKCount uint32 `json:"nackCount"`
+
+	// SLICount counts the total number of Slice Loss Indication (SLI) packets received
+	// by the sender. This metric is only valid for video and is sent by receiver.
+	SLICount uint32 `json:"sliCount"`
+
+	// QPSum is the sum of the QP values of frames passed. The count of frames is
+	// in FramesDecoded for inbound stream stats, and in FramesEncoded for outbound stream stats.
+	QPSum uint64 `json:"qpSum"`
+
+	// PacketsSent is the total number of RTP packets sent for this SSRC.
+	PacketsSent uint32 `json:"packetsSent"`
+
+	// PacketsDiscardedOnSend is the total number of RTP packets for this SSRC that
+	// have been discarded due to socket errors, i.e. a socket error occurred when handing
+	// the packets to the socket. This might happen due to various reasons, including
+	// full buffer or no available memory.
+	PacketsDiscardedOnSend uint32 `json:"packetsDiscardedOnSend"`
+
+	// FECPacketsSent is the total number of RTP FEC packets sent for this SSRC.
+	// This counter can also be incremented when sending FEC packets in-band with
+	// media packets (e.g., with Opus).
+	FECPacketsSent uint32 `json:"fecPacketsSent"`
+
+	// BytesSent is the total number of bytes sent for this SSRC.
+	BytesSent uint64 `json:"bytesSent"`
+
+	// BytesDiscardedOnSend is the total number of bytes for this SSRC that have
+	// been discarded due to socket errors, i.e. a socket error occurred when handing
+	// the packets containing the bytes to the socket. This might happen due to various
+	// reasons, including full buffer or no available memory.
+	BytesDiscardedOnSend uint64 `json:"bytesDiscardedOnSend"`
+
+	// TrackID is the identifier of the stats object representing the current track
+	// attachment to the sender of this stream, a SenderAudioTrackAttachmentStats
+	// or SenderVideoTrackAttachmentStats.
+	TrackID string `json:"trackId"`
+
+	// SenderID is the stats ID used to look up the AudioSenderStats or VideoSenderStats
+	// object sending this stream.
+	SenderID string `json:"senderId"`
+
+	// RemoteID is used for looking up the remote RemoteInboundRTPStreamStats object
+	// for the same SSRC.
+	RemoteID string `json:"remoteId"`
+
+	// LastPacketSentTimestamp represents the timestamp at which the last packet was
+	// sent for this SSRC. This differs from timestamp, which represents the time at
+	// which the statistics were generated by the local endpoint.
+	LastPacketSentTimestamp StatsTimestamp `json:"lastPacketSentTimestamp"`
+
+	// TargetBitrate is the current target bitrate configured for this particular SSRC
+	// and is the Transport Independent Application Specific (TIAS) bitrate [RFC3890].
+	// Typically, the target bitrate is a configuration parameter provided to the codec's
+	// encoder and does not count the size of the IP or other transport layers like TCP or UDP.
+	// It is measured in bits per second and the bitrate is calculated over a 1 second window.
+	TargetBitrate float64 `json:"targetBitrate"`
+
+	// FramesEncoded represents the total number of frames successfully encoded for this RTP media stream.
+	// Only valid for video.
+	FramesEncoded uint32 `json:"framesEncoded"`
+
+	// TotalEncodeTime is the total number of seconds that has been spent encoding the
+	// framesEncoded frames of this stream. The average encode time can be calculated by
+	// dividing this value with FramesEncoded. The time it takes to encode one frame is the
+	// time passed between feeding the encoder a frame and the encoder returning encoded data
+	// for that frame. This does not include any additional time it may take to packetize the resulting data.
+	TotalEncodeTime float64 `json:"totalEncodeTime"`
+
+	// AverageRTCPInterval is the average RTCP interval between two consecutive compound RTCP
+	// packets. This is calculated by the sending endpoint when sending compound RTCP reports.
+	// Compound packets must contain at least a RTCP RR or SR packet and an SDES packet with the CNAME item.
+	AverageRTCPInterval float64 `json:"averageRtcpInterval"`
+
+	// QualityLimitationReason is the current reason for limiting the resolution and/or framerate,
+	// or "none" if not limited. Only valid for video.
+	QualityLimitationReason QualityLimitationReason `json:"qualityLimitationReason"`
+
+	// QualityLimitationDurations is record of the total time, in seconds, that this
+	// stream has spent in each quality limitation state. The record includes a mapping
+	// for all QualityLimitationReason types, including "none". Only valid for video.
+	QualityLimitationDurations map[string]float64 `json:"qualityLimitationDurations"`
+
+	// PerDSCPPacketsSent is the total number of packets sent for this SSRC, per DSCP.
+	// DSCPs are identified as decimal integers in string form.
+	PerDSCPPacketsSent map[string]uint32 `json:"perDscpPacketsSent"`
+}
+
+// RemoteInboundRTPStreamStats contains statistics for the remote endpoint's inbound
+// RTP stream corresponding to an outbound stream that is currently sent with this
+// PeerConnection object. It is measured at the remote endpoint and reported in an RTCP
+// Receiver Report (RR) or RTCP Extended Report (XR).
+type RemoteInboundRTPStreamStats struct {
+	// Timestamp is the timestamp associated with this object.
+	Timestamp StatsTimestamp `json:"timestamp"`
+
+	// Type is the object's StatsType
+	Type StatsType `json:"type"`
+
+	// ID is a unique id that is associated with the component inspected to produce
+	// this Stats object. Two Stats objects will have the same ID if they were produced
+	// by inspecting the same underlying object.
+	ID string `json:"id"`
+
+	// SSRC is the 32-bit unsigned integer value used to identify the source of the
+	// stream of RTP packets that this stats object concerns.
+	SSRC SSRC `json:"ssrc"`
+
+	// Kind is either "audio" or "video"
+	Kind string `json:"kind"`
+
+	// It is a unique identifier that is associated to the object that was inspected
+	// to produce the TransportStats associated with this RTP stream.
+	TransportID string `json:"transportId"`
+
+	// CodecID is a unique identifier that is associated to the object that was inspected
+	// to produce the CodecStats associated with this RTP stream.
+	CodecID string `json:"codecId"`
+
+	// FIRCount counts the total number of Full Intra Request (FIR) packets received
+	// by the sender. This metric is only valid for video and is sent by receiver.
+	FIRCount uint32 `json:"firCount"`
+
+	// PLICount counts the total number of Picture Loss Indication (PLI) packets
+	// received by the sender. This metric is only valid for video and is sent by receiver.
+	PLICount uint32 `json:"pliCount"`
+
+	// NACKCount counts the total number of Negative ACKnowledgement (NACK) packets
+	// received by the sender and is sent by receiver.
+	NACKCount uint32 `json:"nackCount"`
+
+	// SLICount counts the total number of Slice Loss Indication (SLI) packets received
+	// by the sender. This metric is only valid for video and is sent by receiver.
+	SLICount uint32 `json:"sliCount"`
+
+	// QPSum is the sum of the QP values of frames passed. The count of frames is
+	// in FramesDecoded for inbound stream stats, and in FramesEncoded for outbound stream stats.
+	QPSum uint64 `json:"qpSum"`
+
+	// PacketsReceived is the total number of RTP packets received for this SSRC.
+	PacketsReceived uint32 `json:"packetsReceived"`
+
+	// PacketsLost is the total number of RTP packets lost for this SSRC. Note that
+	// because of how this is estimated, it can be negative if more packets are received than sent.
+	PacketsLost int32 `json:"packetsLost"`
+
+	// Jitter is the packet jitter measured in seconds for this SSRC
+	Jitter float64 `json:"jitter"`
+
+	// PacketsDiscarded is the cumulative number of RTP packets discarded by the jitter
+	// buffer due to late or early-arrival, i.e., these packets are not played out.
+	// RTP packets discarded due to packet duplication are not reported in this metric.
+	PacketsDiscarded uint32 `json:"packetsDiscarded"`
+
+	// PacketsRepaired is the cumulative number of lost RTP packets repaired after applying
+	// an error-resilience mechanism. It is measured for the primary source RTP packets
+	// and only counted for RTP packets that have no further chance of repair.
+	PacketsRepaired uint32 `json:"packetsRepaired"`
+
+	// BurstPacketsLost is the cumulative number of RTP packets lost during loss bursts.
+	BurstPacketsLost uint32 `json:"burstPacketsLost"`
+
+	// BurstPacketsDiscarded is the cumulative number of RTP packets discarded during discard bursts.
+	BurstPacketsDiscarded uint32 `json:"burstPacketsDiscarded"`
+
+	// BurstLossCount is the cumulative number of bursts of lost RTP packets.
+	BurstLossCount uint32 `json:"burstLossCount"`
+
+	// BurstDiscardCount is the cumulative number of bursts of discarded RTP packets.
+	BurstDiscardCount uint32 `json:"burstDiscardCount"`
+
+	// BurstLossRate is the fraction of RTP packets lost during bursts to the
+	// total number of RTP packets expected in the bursts.
+	BurstLossRate float64 `json:"burstLossRate"`
+
+	// BurstDiscardRate is the fraction of RTP packets discarded during bursts to
+	// the total number of RTP packets expected in bursts.
+	BurstDiscardRate float64 `json:"burstDiscardRate"`
+
+	// GapLossRate is the fraction of RTP packets lost during the gap periods.
+	GapLossRate float64 `json:"gapLossRate"`
+
+	// GapDiscardRate is the fraction of RTP packets discarded during the gap periods.
+	GapDiscardRate float64 `json:"gapDiscardRate"`
+
+	// LocalID is used for looking up the local OutboundRTPStreamStats object for the same SSRC.
+	LocalID string `json:"localId"`
+
+	// RoundTripTime is the estimated round trip time for this SSRC based on the
+	// RTCP timestamps in the RTCP Receiver Report (RR) and measured in seconds.
+	RoundTripTime float64 `json:"roundTripTime"`
+
+	// FractionLost is the the fraction packet loss reported for this SSRC.
+	FractionLost float64 `json:"fractionLost"`
+}
+
+// RemoteOutboundRTPStreamStats contains statistics for the remote endpoint's outbound
+// RTP stream corresponding to an inbound stream that is currently received with this
+// PeerConnection object. It is measured at the remote endpoint and reported in an
+// RTCP Sender Report (SR).
+type RemoteOutboundRTPStreamStats struct {
+	// Timestamp is the timestamp associated with this object.
+	Timestamp StatsTimestamp `json:"timestamp"`
+
+	// Type is the object's StatsType
+	Type StatsType `json:"type"`
+
+	// ID is a unique id that is associated with the component inspected to produce
+	// this Stats object. Two Stats objects will have the same ID if they were produced
+	// by inspecting the same underlying object.
+	ID string `json:"id"`
+
+	// SSRC is the 32-bit unsigned integer value used to identify the source of the
+	// stream of RTP packets that this stats object concerns.
+	SSRC SSRC `json:"ssrc"`
+
+	// Kind is either "audio" or "video"
+	Kind string `json:"kind"`
+
+	// It is a unique identifier that is associated to the object that was inspected
+	// to produce the TransportStats associated with this RTP stream.
+	TransportID string `json:"transportId"`
+
+	// CodecID is a unique identifier that is associated to the object that was inspected
+	// to produce the CodecStats associated with this RTP stream.
+	CodecID string `json:"codecId"`
+
+	// FIRCount counts the total number of Full Intra Request (FIR) packets received
+	// by the sender. This metric is only valid for video and is sent by receiver.
+	FIRCount uint32 `json:"firCount"`
+
+	// PLICount counts the total number of Picture Loss Indication (PLI) packets
+	// received by the sender. This metric is only valid for video and is sent by receiver.
+	PLICount uint32 `json:"pliCount"`
+
+	// NACKCount counts the total number of Negative ACKnowledgement (NACK) packets
+	// received by the sender and is sent by receiver.
+	NACKCount uint32 `json:"nackCount"`
+
+	// SLICount counts the total number of Slice Loss Indication (SLI) packets received
+	// by the sender. This metric is only valid for video and is sent by receiver.
+	SLICount uint32 `json:"sliCount"`
+
+	// QPSum is the sum of the QP values of frames passed. The count of frames is
+	// in FramesDecoded for inbound stream stats, and in FramesEncoded for outbound stream stats.
+	QPSum uint64 `json:"qpSum"`
+
+	// PacketsSent is the total number of RTP packets sent for this SSRC.
+	PacketsSent uint32 `json:"packetsSent"`
+
+	// PacketsDiscardedOnSend is the total number of RTP packets for this SSRC that
+	// have been discarded due to socket errors, i.e. a socket error occurred when handing
+	// the packets to the socket. This might happen due to various reasons, including
+	// full buffer or no available memory.
+	PacketsDiscardedOnSend uint32 `json:"packetsDiscardedOnSend"`
+
+	// FECPacketsSent is the total number of RTP FEC packets sent for this SSRC.
+	// This counter can also be incremented when sending FEC packets in-band with
+	// media packets (e.g., with Opus).
+	FECPacketsSent uint32 `json:"fecPacketsSent"`
+
+	// BytesSent is the total number of bytes sent for this SSRC.
+	BytesSent uint64 `json:"bytesSent"`
+
+	// BytesDiscardedOnSend is the total number of bytes for this SSRC that have
+	// been discarded due to socket errors, i.e. a socket error occurred when handing
+	// the packets containing the bytes to the socket. This might happen due to various
+	// reasons, including full buffer or no available memory.
+	BytesDiscardedOnSend uint64 `json:"bytesDiscardedOnSend"`
+
+	// LocalID is used for looking up the local InboundRTPStreamStats object for the same SSRC.
+	LocalID string `json:"localId"`
+
+	// RemoteTimestamp represents the remote timestamp at which these statistics were
+	// sent by the remote endpoint. This differs from timestamp, which represents the
+	// time at which the statistics were generated or received by the local endpoint.
+	// The RemoteTimestamp, if present, is derived from the NTP timestamp in an RTCP
+	// Sender Report (SR) packet, which reflects the remote endpoint's clock.
+	// That clock may not be synchronized with the local clock.
+	RemoteTimestamp StatsTimestamp `json:"remoteTimestamp"`
+}
+
+// RTPContributingSourceStats contains statistics for a contributing source (CSRC) that contributed
+// to an inbound RTP stream.
+type RTPContributingSourceStats struct {
+	// Timestamp is the timestamp associated with this object.
+	Timestamp StatsTimestamp `json:"timestamp"`
+
+	// Type is the object's StatsType
+	Type StatsType `json:"type"`
+
+	// ID is a unique id that is associated with the component inspected to produce
+	// this Stats object. Two Stats objects will have the same ID if they were produced
+	// by inspecting the same underlying object.
+	ID string `json:"id"`
+
+	// ContributorSSRC is the SSRC identifier of the contributing source represented
+	// by this stats object. It is a 32-bit unsigned integer that appears in the CSRC
+	// list of any packets the relevant source contributed to.
+	ContributorSSRC SSRC `json:"contributorSsrc"`
+
+	// InboundRTPStreamID is the ID of the InboundRTPStreamStats object representing
+	// the inbound RTP stream that this contributing source is contributing to.
+	InboundRTPStreamID string `json:"inboundRtpStreamId"`
+
+	// PacketsContributedTo is the total number of RTP packets that this contributing
+	// source contributed to. This value is incremented each time a packet is counted
+	// by InboundRTPStreamStats.packetsReceived, and the packet's CSRC list contains
+	// the SSRC identifier of this contributing source, ContributorSSRC.
+	PacketsContributedTo uint32 `json:"packetsContributedTo"`
+
+	// AudioLevel is present if the last received RTP packet that this source contributed
+	// to contained an [RFC6465] mixer-to-client audio level header extension. The value
+	// of audioLevel is between 0..1 (linear), where 1.0 represents 0 dBov, 0 represents
+	// silence, and 0.5 represents approximately 6 dBSPL change in the sound pressure level from 0 dBov.
+	AudioLevel float64 `json:"audioLevel"`
+}
+
+// PeerConnectionStats contains statistics related to the PeerConnection object.
+type PeerConnectionStats struct {
+	// Timestamp is the timestamp associated with this object.
+	Timestamp StatsTimestamp `json:"timestamp"`
+
+	// Type is the object's StatsType
+	Type StatsType `json:"type"`
+
+	// ID is a unique id that is associated with the component inspected to produce
+	// this Stats object. Two Stats objects will have the same ID if they were produced
+	// by inspecting the same underlying object.
+	ID string `json:"id"`
+
+	// DataChannelsOpened represents the number of unique DataChannels that have
+	// entered the "open" state during their lifetime.
+	DataChannelsOpened uint32 `json:"dataChannelsOpened"`
+
+	// DataChannelsClosed represents the number of unique DataChannels that have
+	// left the "open" state during their lifetime (due to being closed by either
+	// end or the underlying transport being closed). DataChannels that transition
+	// from "connecting" to "closing" or "closed" without ever being "open"
+	// are not counted in this number.
+	DataChannelsClosed uint32 `json:"dataChannelsClosed"`
+
+	// DataChannelsRequested Represents the number of unique DataChannels returned
+	// from a successful createDataChannel() call on the PeerConnection. If the
+	// underlying data transport is not established, these may be in the "connecting" state.
+	DataChannelsRequested uint32 `json:"dataChannelsRequested"`
+
+	// DataChannelsAccepted represents the number of unique DataChannels signaled
+	// in a "datachannel" event on the PeerConnection.
+	DataChannelsAccepted uint32 `json:"dataChannelsAccepted"`
+}
+
+// DataChannelStats contains statistics related to each DataChannel ID.
+type DataChannelStats struct {
+	// Timestamp is the timestamp associated with this object.
+	Timestamp StatsTimestamp `json:"timestamp"`
+
+	// Type is the object's StatsType
+	Type StatsType `json:"type"`
+
+	// ID is a unique id that is associated with the component inspected to produce
+	// this Stats object. Two Stats objects will have the same ID if they were produced
+	// by inspecting the same underlying object.
+	ID string `json:"id"`
+
+	// Label is the "label" value of the DataChannel object.
+	Label string `json:"label"`
+
+	// Protocol is the "protocol" value of the DataChannel object.
+	Protocol string `json:"protocol"`
+
+	// DataChannelIdentifier is the "id" attribute of the DataChannel object.
+	DataChannelIdentifier int32 `json:"dataChannelIdentifier"`
+
+	// TransportID the ID of the TransportStats object for transport used to carry this datachannel.
+	TransportID string `json:"transportId"`
+
+	// State is the "readyState" value of the DataChannel object.
+	State DataChannelState `json:"state"`
+
+	// MessagesSent represents the total number of API "message" events sent.
+	MessagesSent uint32 `json:"messagesSent"`
+
+	// BytesSent represents the total number of payload bytes sent on this
+	// datachannel not including headers or padding.
+	BytesSent uint64 `json:"bytesSent"`
+
+	// MessagesReceived represents the total number of API "message" events received.
+	MessagesReceived uint32 `json:"messagesReceived"`
+
+	// BytesReceived represents the total number of bytes received on this
+	// datachannel not including headers or padding.
+	BytesReceived uint64 `json:"bytesReceived"`
+}
+
+// MediaStreamStats contains statistics related to a specific MediaStream.
+type MediaStreamStats struct {
+	// Timestamp is the timestamp associated with this object.
+	Timestamp StatsTimestamp `json:"timestamp"`
+
+	// Type is the object's StatsType
+	Type StatsType `json:"type"`
+
+	// ID is a unique id that is associated with the component inspected to produce
+	// this Stats object. Two Stats objects will have the same ID if they were produced
+	// by inspecting the same underlying object.
+	ID string `json:"id"`
+
+	// StreamIdentifier is the "id" property of the MediaStream
+	StreamIdentifier string `json:"streamIdentifier"`
+
+	// TrackIDs is a list of the identifiers of the stats object representing the
+	// stream's tracks, either ReceiverAudioTrackAttachmentStats or ReceiverVideoTrackAttachmentStats.
+	TrackIDs []string `json:"trackIds"`
+}
+
+// AudioSenderStats represents the stats about one audio sender of a PeerConnection
+// object for which one calls GetStats.
+//
+// It appears in the stats as soon as the RTPSender is added by either AddTrack
+// or AddTransceiver, or by media negotiation.
+type AudioSenderStats struct {
+	// Timestamp is the timestamp associated with this object.
+	Timestamp StatsTimestamp `json:"timestamp"`
+
+	// Type is the object's StatsType
+	Type StatsType `json:"type"`
+
+	// ID is a unique id that is associated with the component inspected to produce
+	// this Stats object. Two Stats objects will have the same ID if they were produced
+	// by inspecting the same underlying object.
+	ID string `json:"id"`
+
+	// TrackIdentifier represents the id property of the track.
+	TrackIdentifier string `json:"trackIdentifier"`
+
+	// RemoteSource is true if the source is remote, for instance if it is sourced
+	// from another host via a PeerConnection. False otherwise. Only applicable for 'track' stats.
+	RemoteSource bool `json:"remoteSource"`
+
+	// Ended reflects the "ended" state of the track.
+	Ended bool `json:"ended"`
+
+	// Kind is either "audio" or "video". This reflects the "kind" attribute of the MediaStreamTrack.
+	Kind string `json:"kind"`
+
+	// AudioLevel represents the output audio level of the track.
+	//
+	// The value is a value between 0..1 (linear), where 1.0 represents 0 dBov,
+	// 0 represents silence, and 0.5 represents approximately 6 dBSPL change in
+	// the sound pressure level from 0 dBov.
+	//
+	// If the track is sourced from an Receiver, does no audio processing, has a
+	// constant level, and has a volume setting of 1.0, the audio level is expected
+	// to be the same as the audio level of the source SSRC, while if the volume setting
+	// is 0.5, the AudioLevel is expected to be half that value.
+	//
+	// For outgoing audio tracks, the AudioLevel is the level of the audio being sent.
+	AudioLevel float64 `json:"audioLevel"`
+
+	// TotalAudioEnergy is the total energy of all the audio samples sent/received
+	// for this object, calculated by duration * Math.pow(energy/maxEnergy, 2) for
+	// each audio sample seen.
+	TotalAudioEnergy float64 `json:"totalAudioEnergy"`
+
+	// VoiceActivityFlag represents whether the last RTP packet sent or played out
+	// by this track contained voice activity or not based on the presence of the
+	// V bit in the extension header, as defined in [RFC6464].
+	//
+	// This value indicates the voice activity in the latest RTP packet played out
+	// from a given SSRC, and is defined in RTPSynchronizationSource.voiceActivityFlag.
+	VoiceActivityFlag bool `json:"voiceActivityFlag"`
+
+	// TotalSamplesDuration represents the total duration in seconds of all samples
+	// that have sent or received (and thus counted by TotalSamplesSent or TotalSamplesReceived).
+	// Can be used with TotalAudioEnergy to compute an average audio level over different intervals.
+	TotalSamplesDuration float64 `json:"totalSamplesDuration"`
+
+	// EchoReturnLoss is only present while the sender is sending a track sourced from
+	// a microphone where echo cancellation is applied. Calculated in decibels.
+	EchoReturnLoss float64 `json:"echoReturnLoss"`
+
+	// EchoReturnLossEnhancement is only present while the sender is sending a track
+	// sourced from a microphone where echo cancellation is applied. Calculated in decibels.
+	EchoReturnLossEnhancement float64 `json:"echoReturnLossEnhancement"`
+
+	// TotalSamplesSent is the total number of samples that have been sent by this sender.
+	TotalSamplesSent uint64 `json:"totalSamplesSent"`
+}
+
+// SenderAudioTrackAttachmentStats object represents the stats about one attachment
+// of an audio MediaStreamTrack to the PeerConnection object for which one calls GetStats.
+//
+// It appears in the stats as soon as it is attached (via AddTrack, via AddTransceiver,
+// via ReplaceTrack on an RTPSender object).
+//
+// If an audio track is attached twice (via AddTransceiver or ReplaceTrack), there
+// will be two SenderAudioTrackAttachmentStats objects, one for each attachment.
+// They will have the same "TrackIdentifier" attribute, but different "ID" attributes.
+//
+// If the track is detached from the PeerConnection (via removeTrack or via replaceTrack),
+// it continues to appear, but with the "ObjectDeleted" member set to true.
+type SenderAudioTrackAttachmentStats AudioSenderStats
+
+// VideoSenderStats represents the stats about one video sender of a PeerConnection
+// object for which one calls GetStats.
+//
+// It appears in the stats as soon as the sender is added by either AddTrack or
+// AddTransceiver, or by media negotiation.
+type VideoSenderStats struct {
+	// Timestamp is the timestamp associated with this object.
+	Timestamp StatsTimestamp `json:"timestamp"`
+
+	// Type is the object's StatsType
+	Type StatsType `json:"type"`
+
+	// ID is a unique id that is associated with the component inspected to produce
+	// this Stats object. Two Stats objects will have the same ID if they were produced
+	// by inspecting the same underlying object.
+	ID string `json:"id"`
+
+	// FramesCaptured represents the total number of frames captured, before encoding,
+	// for this RTPSender (or for this MediaStreamTrack, if type is "track"). For example,
+	// if type is "sender" and this sender's track represents a camera, then this is the
+	// number of frames produced by the camera for this track while being sent by this sender,
+	// combined with the number of frames produced by all tracks previously attached to this
+	// sender while being sent by this sender. Framerates can vary due to hardware limitations
+	// or environmental factors such as lighting conditions.
+	FramesCaptured uint32 `json:"framesCaptured"`
+
+	// FramesSent represents the total number of frames sent by this RTPSender
+	// (or for this MediaStreamTrack, if type is "track").
+	FramesSent uint32 `json:"framesSent"`
+
+	// HugeFramesSent represents the total number of huge frames sent by this RTPSender
+	// (or for this MediaStreamTrack, if type is "track"). Huge frames, by definition,
+	// are frames that have an encoded size at least 2.5 times the average size of the frames.
+	// The average size of the frames is defined as the target bitrate per second divided
+	// by the target fps at the time the frame was encoded. These are usually complex
+	// to encode frames with a lot of changes in the picture. This can be used to estimate,
+	// e.g slide changes in the streamed presentation. If a huge frame is also a key frame,
+	// then both counters HugeFramesSent and KeyFramesSent are incremented.
+	HugeFramesSent uint32 `json:"hugeFramesSent"`
+
+	// KeyFramesSent represents the total number of key frames sent by this RTPSender
+	// (or for this MediaStreamTrack, if type is "track"), such as Infra-frames in
+	// VP8 [RFC6386] or I-frames in H.264 [RFC6184]. This is a subset of FramesSent.
+	// FramesSent - KeyFramesSent gives you the number of delta frames sent.
+	KeyFramesSent uint32 `json:"keyFramesSent"`
+}
+
+// SenderVideoTrackAttachmentStats represents the stats about one attachment of a
+// video MediaStreamTrack to the PeerConnection object for which one calls GetStats.
+//
+// It appears in the stats as soon as it is attached (via AddTrack, via AddTransceiver,
+// via ReplaceTrack on an RTPSender object).
+//
+// If a video track is attached twice (via AddTransceiver or ReplaceTrack), there
+// will be two SenderVideoTrackAttachmentStats objects, one for each attachment.
+// They will have the same "TrackIdentifier" attribute, but different "ID" attributes.
+//
+// If the track is detached from the PeerConnection (via RemoveTrack or via ReplaceTrack),
+// it continues to appear, but with the "ObjectDeleted" member set to true.
+type SenderVideoTrackAttachmentStats VideoSenderStats
+
+// AudioReceiverStats contains audio metrics related to a specific receiver.
+type AudioReceiverStats struct {
+	// Timestamp is the timestamp associated with this object.
+	Timestamp StatsTimestamp `json:"timestamp"`
+
+	// Type is the object's StatsType
+	Type StatsType `json:"type"`
+
+	// ID is a unique id that is associated with the component inspected to produce
+	// this Stats object. Two Stats objects will have the same ID if they were produced
+	// by inspecting the same underlying object.
+	ID string `json:"id"`
+
+	// AudioLevel represents the output audio level of the track.
+	//
+	// The value is a value between 0..1 (linear), where 1.0 represents 0 dBov,
+	// 0 represents silence, and 0.5 represents approximately 6 dBSPL change in
+	// the sound pressure level from 0 dBov.
+	//
+	// If the track is sourced from an Receiver, does no audio processing, has a
+	// constant level, and has a volume setting of 1.0, the audio level is expected
+	// to be the same as the audio level of the source SSRC, while if the volume setting
+	// is 0.5, the AudioLevel is expected to be half that value.
+	//
+	// For outgoing audio tracks, the AudioLevel is the level of the audio being sent.
+	AudioLevel float64 `json:"audioLevel"`
+
+	// TotalAudioEnergy is the total energy of all the audio samples sent/received
+	// for this object, calculated by duration * Math.pow(energy/maxEnergy, 2) for
+	// each audio sample seen.
+	TotalAudioEnergy float64 `json:"totalAudioEnergy"`
+
+	// VoiceActivityFlag represents whether the last RTP packet sent or played out
+	// by this track contained voice activity or not based on the presence of the
+	// V bit in the extension header, as defined in [RFC6464].
+	//
+	// This value indicates the voice activity in the latest RTP packet played out
+	// from a given SSRC, and is defined in RTPSynchronizationSource.voiceActivityFlag.
+	VoiceActivityFlag bool `json:"voiceActivityFlag"`
+
+	// TotalSamplesDuration represents the total duration in seconds of all samples
+	// that have sent or received (and thus counted by TotalSamplesSent or TotalSamplesReceived).
+	// Can be used with TotalAudioEnergy to compute an average audio level over different intervals.
+	TotalSamplesDuration float64 `json:"totalSamplesDuration"`
+
+	// EstimatedPlayoutTimestamp is the estimated playout time of this receiver's
+	// track. The playout time is the NTP timestamp of the last playable sample that
+	// has a known timestamp (from an RTCP SR packet mapping RTP timestamps to NTP
+	// timestamps), extrapolated with the time elapsed since it was ready to be played out.
+	// This is the "current time" of the track in NTP clock time of the sender and
+	// can be present even if there is no audio currently playing.
+	//
+	// This can be useful for estimating how much audio and video is out of
+	// sync for two tracks from the same source:
+	// 		AudioTrackStats.EstimatedPlayoutTimestamp - VideoTrackStats.EstimatedPlayoutTimestamp
+	EstimatedPlayoutTimestamp StatsTimestamp `json:"estimatedPlayoutTimestamp"`
+
+	// JitterBufferDelay is the sum of the time, in seconds, each sample takes from
+	// the time it is received and to the time it exits the jitter buffer.
+	// This increases upon samples exiting, having completed their time in the buffer
+	// (incrementing JitterBufferEmittedCount). The average jitter buffer delay can
+	// be calculated by dividing the JitterBufferDelay with the JitterBufferEmittedCount.
+	JitterBufferDelay float64 `json:"jitterBufferDelay"`
+
+	// JitterBufferEmittedCount is the total number of samples that have come out
+	// of the jitter buffer (increasing JitterBufferDelay).
+	JitterBufferEmittedCount uint64 `json:"jitterBufferEmittedCount"`
+
+	// TotalSamplesReceived is the total number of samples that have been received
+	// by this receiver. This includes ConcealedSamples.
+	TotalSamplesReceived uint64 `json:"totalSamplesReceived"`
+
+	// ConcealedSamples is the total number of samples that are concealed samples.
+	// A concealed sample is a sample that is based on data that was synthesized
+	// to conceal packet loss and does not represent incoming data.
+	ConcealedSamples uint64 `json:"concealedSamples"`
+
+	// ConcealmentEvents is the number of concealment events. This counter increases
+	// every time a concealed sample is synthesized after a non-concealed sample.
+	// That is, multiple consecutive concealed samples will increase the concealedSamples
+	// count multiple times but is a single concealment event.
+	ConcealmentEvents uint64 `json:"concealmentEvents"`
+}
+
+// VideoReceiverStats contains video metrics related to a specific receiver.
+type VideoReceiverStats struct {
+	// Timestamp is the timestamp associated with this object.
+	Timestamp StatsTimestamp `json:"timestamp"`
+
+	// Type is the object's StatsType
+	Type StatsType `json:"type"`
+
+	// ID is a unique id that is associated with the component inspected to produce
+	// this Stats object. Two Stats objects will have the same ID if they were produced
+	// by inspecting the same underlying object.
+	ID string `json:"id"`
+
+	// FrameWidth represents the width of the last processed frame for this track.
+	// Before the first frame is processed this attribute is missing.
+	FrameWidth uint32 `json:"frameWidth"`
+
+	// FrameHeight represents the height of the last processed frame for this track.
+	// Before the first frame is processed this attribute is missing.
+	FrameHeight uint32 `json:"frameHeight"`
+
+	// FramesPerSecond represents the nominal FPS value before the degradation preference
+	// is applied. It is the number of complete frames in the last second. For sending
+	// tracks it is the current captured FPS and for the receiving tracks it is the
+	// current decoding framerate.
+	FramesPerSecond float64 `json:"framesPerSecond"`
+
+	// EstimatedPlayoutTimestamp is the estimated playout time of this receiver's
+	// track. The playout time is the NTP timestamp of the last playable sample that
+	// has a known timestamp (from an RTCP SR packet mapping RTP timestamps to NTP
+	// timestamps), extrapolated with the time elapsed since it was ready to be played out.
+	// This is the "current time" of the track in NTP clock time of the sender and
+	// can be present even if there is no audio currently playing.
+	//
+	// This can be useful for estimating how much audio and video is out of
+	// sync for two tracks from the same source:
+	// 		AudioTrackStats.EstimatedPlayoutTimestamp - VideoTrackStats.EstimatedPlayoutTimestamp
+	EstimatedPlayoutTimestamp StatsTimestamp `json:"estimatedPlayoutTimestamp"`
+
+	// JitterBufferDelay is the sum of the time, in seconds, each sample takes from
+	// the time it is received and to the time it exits the jitter buffer.
+	// This increases upon samples exiting, having completed their time in the buffer
+	// (incrementing JitterBufferEmittedCount). The average jitter buffer delay can
+	// be calculated by dividing the JitterBufferDelay with the JitterBufferEmittedCount.
+	JitterBufferDelay float64 `json:"jitterBufferDelay"`
+
+	// JitterBufferEmittedCount is the total number of samples that have come out
+	// of the jitter buffer (increasing JitterBufferDelay).
+	JitterBufferEmittedCount uint64 `json:"jitterBufferEmittedCount"`
+
+	// FramesReceived Represents the total number of complete frames received for
+	// this receiver. This metric is incremented when the complete frame is received.
+	FramesReceived uint32 `json:"framesReceived"`
+
+	// KeyFramesReceived represents the total number of complete key frames received
+	// for this MediaStreamTrack, such as Infra-frames in VP8 [RFC6386] or I-frames
+	// in H.264 [RFC6184]. This is a subset of framesReceived. `framesReceived - keyFramesReceived`
+	// gives you the number of delta frames received. This metric is incremented when
+	// the complete key frame is received. It is not incremented if a partial key
+	// frames is received and sent for decoding, i.e., the frame could not be recovered
+	// via retransmission or FEC.
+	KeyFramesReceived uint32 `json:"keyFramesReceived"`
+
+	// FramesDecoded represents the total number of frames correctly decoded for this
+	// SSRC, i.e., frames that would be displayed if no frames are dropped.
+	FramesDecoded uint32 `json:"framesDecoded"`
+
+	// FramesDropped is the total number of frames dropped predecode or dropped
+	// because the frame missed its display deadline for this receiver's track.
+	FramesDropped uint32 `json:"framesDropped"`
+
+	// The cumulative number of partial frames lost. This metric is incremented when
+	// the frame is sent to the decoder. If the partial frame is received and recovered
+	// via retransmission or FEC before decoding, the FramesReceived counter is incremented.
+	PartialFramesLost uint32 `json:"partialFramesLost"`
+
+	// FullFramesLost is the cumulative number of full frames lost.
+	FullFramesLost uint32 `json:"fullFramesLost"`
+}
+
+// TransportStats contains transport statistics related to the PeerConnection object.
+type TransportStats struct {
+	// Timestamp is the timestamp associated with this object.
+	Timestamp StatsTimestamp `json:"timestamp"`
+
+	// Type is the object's StatsType
+	Type StatsType `json:"type"`
+
+	// ID is a unique id that is associated with the component inspected to produce
+	// this Stats object. Two Stats objects will have the same ID if they were produced
+	// by inspecting the same underlying object.
+	ID string `json:"id"`
+
+	// PacketsSent represents the total number of packets sent over this transport.
+	PacketsSent uint32 `json:"packetsSent"`
+
+	// PacketsReceived represents the total number of packets received on this transport.
+	PacketsReceived uint32 `json:"packetsReceived"`
+
+	// BytesSent represents the total number of payload bytes sent on this PeerConnection
+	// not including headers or padding.
+	BytesSent uint64 `json:"bytesSent"`
+
+	// BytesReceived represents the total number of bytes received on this PeerConnection
+	// not including headers or padding.
+	BytesReceived uint64 `json:"bytesReceived"`
+
+	// RTCPTransportStatsID is the ID of the transport that gives stats for the RTCP
+	// component If RTP and RTCP are not multiplexed and this record has only
+	// the RTP component stats.
+	RTCPTransportStatsID string `json:"rtcpTransportStatsId"`
+
+	// ICERole is set to the current value of the "role" attribute of the underlying
+	// DTLSTransport's "transport".
+	ICERole ICERole `json:"iceRole"`
+
+	// DTLSState is set to the current value of the "state" attribute of the underlying DTLSTransport.
+	DTLSState DTLSTransportState `json:"dtlsState"`
+
+	// SelectedCandidatePairID is a unique identifier that is associated to the object
+	// that was inspected to produce the ICECandidatePairStats associated with this transport.
+	SelectedCandidatePairID string `json:"selectedCandidatePairId"`
+
+	// LocalCertificateID is the ID of the CertificateStats for the local certificate.
+	// Present only if DTLS is negotiated.
+	LocalCertificateID string `json:"localCertificateId"`
+
+	// LocalCertificateID is the ID of the CertificateStats for the remote certificate.
+	// Present only if DTLS is negotiated.
+	RemoteCertificateID string `json:"remoteCertificateId"`
+
+	// DTLSCipher is the descriptive name of the cipher suite used for the DTLS transport,
+	// as defined in the "Description" column of the IANA cipher suite registry.
+	DTLSCipher string `json:"dtlsCipher"`
+
+	// SRTPCipher is the descriptive name of the protection profile used for the SRTP
+	// transport, as defined in the "Profile" column of the IANA DTLS-SRTP protection
+	// profile registry.
+	SRTPCipher string `json:"srtpCipher"`
+}
+
+// StatsICECandidatePairState is the state of an ICE candidate pair used in the
+// ICECandidatePairStats object.
+type StatsICECandidatePairState string
+
+func toStatsICECandidatePairState(state ice.CandidatePairState) (StatsICECandidatePairState, error) {
+	switch state {
+	case ice.CandidatePairStateWaiting:
+		return StatsICECandidatePairStateWaiting, nil
+	case ice.CandidatePairStateInProgress:
+		return StatsICECandidatePairStateInProgress, nil
+	case ice.CandidatePairStateFailed:
+		return StatsICECandidatePairStateFailed, nil
+	case ice.CandidatePairStateSucceeded:
+		return StatsICECandidatePairStateSucceeded, nil
+	default:
+		// NOTE: this should never happen[tm]
+		err := fmt.Errorf("%w: %s", errStatsICECandidateStateInvalid, state.String())
+		return StatsICECandidatePairState("Unknown"), err
+	}
+}
+
+const (
+	// StatsICECandidatePairStateFrozen means a check for this pair hasn't been
+	// performed, and it can't yet be performed until some other check succeeds,
+	// allowing this pair to unfreeze and move into the Waiting state.
+	StatsICECandidatePairStateFrozen StatsICECandidatePairState = "frozen"
+
+	// StatsICECandidatePairStateWaiting means a check has not been performed for
+	// this pair, and can be performed as soon as it is the highest-priority Waiting
+	// pair on the check list.
+	StatsICECandidatePairStateWaiting StatsICECandidatePairState = "waiting"
+
+	// StatsICECandidatePairStateInProgress means a check has been sent for this pair,
+	// but the transaction is in progress.
+	StatsICECandidatePairStateInProgress StatsICECandidatePairState = "in-progress"
+
+	// StatsICECandidatePairStateFailed means a check for this pair was already done
+	// and failed, either never producing any response or producing an unrecoverable
+	// failure response.
+	StatsICECandidatePairStateFailed StatsICECandidatePairState = "failed"
+
+	// StatsICECandidatePairStateSucceeded means a check for this pair was already
+	// done and produced a successful result.
+	StatsICECandidatePairStateSucceeded StatsICECandidatePairState = "succeeded"
+)
+
+// ICECandidatePairStats contains ICE candidate pair statistics related
+// to the ICETransport objects.
+type ICECandidatePairStats struct {
+	// Timestamp is the timestamp associated with this object.
+	Timestamp StatsTimestamp `json:"timestamp"`
+
+	// Type is the object's StatsType
+	Type StatsType `json:"type"`
+
+	// ID is a unique id that is associated with the component inspected to produce
+	// this Stats object. Two Stats objects will have the same ID if they were produced
+	// by inspecting the same underlying object.
+	ID string `json:"id"`
+
+	// TransportID is a unique identifier that is associated to the object that
+	// was inspected to produce the TransportStats associated with this candidate pair.
+	TransportID string `json:"transportId"`
+
+	// LocalCandidateID is a unique identifier that is associated to the object
+	// that was inspected to produce the ICECandidateStats for the local candidate
+	// associated with this candidate pair.
+	LocalCandidateID string `json:"localCandidateId"`
+
+	// RemoteCandidateID is a unique identifier that is associated to the object
+	// that was inspected to produce the ICECandidateStats for the remote candidate
+	// associated with this candidate pair.
+	RemoteCandidateID string `json:"remoteCandidateId"`
+
+	// State represents the state of the checklist for the local and remote
+	// candidates in a pair.
+	State StatsICECandidatePairState `json:"state"`
+
+	// Nominated is true when this valid pair that should be used for media
+	// if it is the highest-priority one amongst those whose nominated flag is set
+	Nominated bool `json:"nominated"`
+
+	// PacketsSent represents the total number of packets sent on this candidate pair.
+	PacketsSent uint32 `json:"packetsSent"`
+
+	// PacketsReceived represents the total number of packets received on this candidate pair.
+	PacketsReceived uint32 `json:"packetsReceived"`
+
+	// BytesSent represents the total number of payload bytes sent on this candidate pair
+	// not including headers or padding.
+	BytesSent uint64 `json:"bytesSent"`
+
+	// BytesReceived represents the total number of payload bytes received on this candidate pair
+	// not including headers or padding.
+	BytesReceived uint64 `json:"bytesReceived"`
+
+	// LastPacketSentTimestamp represents the timestamp at which the last packet was
+	// sent on this particular candidate pair, excluding STUN packets.
+	LastPacketSentTimestamp StatsTimestamp `json:"lastPacketSentTimestamp"`
+
+	// LastPacketReceivedTimestamp represents the timestamp at which the last packet
+	// was received on this particular candidate pair, excluding STUN packets.
+	LastPacketReceivedTimestamp StatsTimestamp `json:"lastPacketReceivedTimestamp"`
+
+	// FirstRequestTimestamp represents the timestamp at which the first STUN request
+	// was sent on this particular candidate pair.
+	FirstRequestTimestamp StatsTimestamp `json:"firstRequestTimestamp"`
+
+	// LastRequestTimestamp represents the timestamp at which the last STUN request
+	// was sent on this particular candidate pair. The average interval between two
+	// consecutive connectivity checks sent can be calculated with
+	// (LastRequestTimestamp - FirstRequestTimestamp) / RequestsSent.
+	LastRequestTimestamp StatsTimestamp `json:"lastRequestTimestamp"`
+
+	// LastResponseTimestamp represents the timestamp at which the last STUN response
+	// was received on this particular candidate pair.
+	LastResponseTimestamp StatsTimestamp `json:"lastResponseTimestamp"`
+
+	// TotalRoundTripTime represents the sum of all round trip time measurements
+	// in seconds since the beginning of the session, based on STUN connectivity
+	// check responses (ResponsesReceived), including those that reply to requests
+	// that are sent in order to verify consent. The average round trip time can
+	// be computed from TotalRoundTripTime by dividing it by ResponsesReceived.
+	TotalRoundTripTime float64 `json:"totalRoundTripTime"`
+
+	// CurrentRoundTripTime represents the latest round trip time measured in seconds,
+	// computed from both STUN connectivity checks, including those that are sent
+	// for consent verification.
+	CurrentRoundTripTime float64 `json:"currentRoundTripTime"`
+
+	// AvailableOutgoingBitrate is calculated by the underlying congestion control
+	// by combining the available bitrate for all the outgoing RTP streams using
+	// this candidate pair. The bitrate measurement does not count the size of the
+	// IP or other transport layers like TCP or UDP. It is similar to the TIAS defined
+	// in RFC 3890, i.e., it is measured in bits per second and the bitrate is calculated
+	// over a 1 second window.
+	AvailableOutgoingBitrate float64 `json:"availableOutgoingBitrate"`
+
+	// AvailableIncomingBitrate is calculated by the underlying congestion control
+	// by combining the available bitrate for all the incoming RTP streams using
+	// this candidate pair. The bitrate measurement does not count the size of the
+	// IP or other transport layers like TCP or UDP. It is similar to the TIAS defined
+	// in  RFC 3890, i.e., it is measured in bits per second and the bitrate is
+	// calculated over a 1 second window.
+	AvailableIncomingBitrate float64 `json:"availableIncomingBitrate"`
+
+	// CircuitBreakerTriggerCount represents the number of times the circuit breaker
+	// is triggered for this particular 5-tuple, ceasing transmission.
+	CircuitBreakerTriggerCount uint32 `json:"circuitBreakerTriggerCount"`
+
+	// RequestsReceived represents the total number of connectivity check requests
+	// received (including retransmissions). It is impossible for the receiver to
+	// tell whether the request was sent in order to check connectivity or check
+	// consent, so all connectivity checks requests are counted here.
+	RequestsReceived uint64 `json:"requestsReceived"`
+
+	// RequestsSent represents the total number of connectivity check requests
+	// sent (not including retransmissions).
+	RequestsSent uint64 `json:"requestsSent"`
+
+	// ResponsesReceived represents the total number of connectivity check responses received.
+	ResponsesReceived uint64 `json:"responsesReceived"`
+
+	// ResponsesSent represents the total number of connectivity check responses sent.
+	// Since we cannot distinguish connectivity check requests and consent requests,
+	// all responses are counted.
+	ResponsesSent uint64 `json:"responsesSent"`
+
+	// RetransmissionsReceived represents the total number of connectivity check
+	// request retransmissions received.
+	RetransmissionsReceived uint64 `json:"retransmissionsReceived"`
+
+	// RetransmissionsSent represents the total number of connectivity check
+	// request retransmissions sent.
+	RetransmissionsSent uint64 `json:"retransmissionsSent"`
+
+	// ConsentRequestsSent represents the total number of consent requests sent.
+	ConsentRequestsSent uint64 `json:"consentRequestsSent"`
+
+	// ConsentExpiredTimestamp represents the timestamp at which the latest valid
+	// STUN binding response expired.
+	ConsentExpiredTimestamp StatsTimestamp `json:"consentExpiredTimestamp"`
+}
+
+// ICECandidateStats contains ICE candidate statistics related to the ICETransport objects.
+type ICECandidateStats struct {
+	// Timestamp is the timestamp associated with this object.
+	Timestamp StatsTimestamp `json:"timestamp"`
+
+	// Type is the object's StatsType
+	Type StatsType `json:"type"`
+
+	// ID is a unique id that is associated with the component inspected to produce
+	// this Stats object. Two Stats objects will have the same ID if they were produced
+	// by inspecting the same underlying object.
+	ID string `json:"id"`
+
+	// TransportID is a unique identifier that is associated to the object that
+	// was inspected to produce the TransportStats associated with this candidate.
+	TransportID string `json:"transportId"`
+
+	// NetworkType represents the type of network interface used by the base of a
+	// local candidate (the address the ICE agent sends from). Only present for
+	// local candidates; it's not possible to know what type of network interface
+	// a remote candidate is using.
+	//
+	// Note:
+	// This stat only tells you about the network interface used by the first "hop";
+	// it's possible that a connection will be bottlenecked by another type of network.
+	// For example, when using Wi-Fi tethering, the networkType of the relevant candidate
+	// would be "wifi", even when the next hop is over a cellular connection.
+	NetworkType NetworkType `json:"networkType"`
+
+	// IP is the IP address of the candidate, allowing for IPv4 addresses and
+	// IPv6 addresses, but fully qualified domain names (FQDNs) are not allowed.
+	IP string `json:"ip"`
+
+	// Port is the port number of the candidate.
+	Port int32 `json:"port"`
+
+	// Protocol is one of udp and tcp.
+	Protocol string `json:"protocol"`
+
+	// CandidateType is the "Type" field of the ICECandidate.
+	CandidateType ICECandidateType `json:"candidateType"`
+
+	// Priority is the "Priority" field of the ICECandidate.
+	Priority int32 `json:"priority"`
+
+	// URL is the URL of the TURN or STUN server indicated in the that translated
+	// this IP address. It is the URL address surfaced in an PeerConnectionICEEvent.
+	URL string `json:"url"`
+
+	// RelayProtocol is the protocol used by the endpoint to communicate with the
+	// TURN server. This is only present for local candidates. Valid values for
+	// the TURN URL protocol is one of udp, tcp, or tls.
+	RelayProtocol string `json:"relayProtocol"`
+
+	// Deleted is true if the candidate has been deleted/freed. For host candidates,
+	// this means that any network resources (typically a socket) associated with the
+	// candidate have been released. For TURN candidates, this means the TURN allocation
+	// is no longer active.
+	//
+	// Only defined for local candidates. For remote candidates, this property is not applicable.
+	Deleted bool `json:"deleted"`
+}
+
+// CertificateStats contains information about a certificate used by an ICETransport.
+type CertificateStats struct {
+	// Timestamp is the timestamp associated with this object.
+	Timestamp StatsTimestamp `json:"timestamp"`
+
+	// Type is the object's StatsType
+	Type StatsType `json:"type"`
+
+	// ID is a unique id that is associated with the component inspected to produce
+	// this Stats object. Two Stats objects will have the same ID if they were produced
+	// by inspecting the same underlying object.
+	ID string `json:"id"`
+
+	// Fingerprint is the fingerprint of the certificate.
+	Fingerprint string `json:"fingerprint"`
+
+	// FingerprintAlgorithm is the hash function used to compute the certificate fingerprint. For instance, "sha-256".
+	FingerprintAlgorithm string `json:"fingerprintAlgorithm"`
+
+	// Base64Certificate is the DER-encoded base-64 representation of the certificate.
+	Base64Certificate string `json:"base64Certificate"`
+
+	// IssuerCertificateID refers to the stats object that contains the next certificate
+	// in the certificate chain. If the current certificate is at the end of the chain
+	// (i.e. a self-signed certificate), this will not be set.
+	IssuerCertificateID string `json:"issuerCertificateId"`
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/stats_go.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/stats_go.go
new file mode 100644
index 000000000..e1f622e5a
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/stats_go.go
@@ -0,0 +1,93 @@
+// +build !js
+
+package webrtc
+
+// GetConnectionStats is a helper method to return the associated stats for a given PeerConnection
+func (r StatsReport) GetConnectionStats(conn *PeerConnection) (PeerConnectionStats, bool) {
+	statsID := conn.getStatsID()
+	stats, ok := r[statsID]
+	if !ok {
+		return PeerConnectionStats{}, false
+	}
+
+	pcStats, ok := stats.(PeerConnectionStats)
+	if !ok {
+		return PeerConnectionStats{}, false
+	}
+	return pcStats, true
+}
+
+// GetDataChannelStats is a helper method to return the associated stats for a given DataChannel
+func (r StatsReport) GetDataChannelStats(dc *DataChannel) (DataChannelStats, bool) {
+	statsID := dc.getStatsID()
+	stats, ok := r[statsID]
+	if !ok {
+		return DataChannelStats{}, false
+	}
+
+	dcStats, ok := stats.(DataChannelStats)
+	if !ok {
+		return DataChannelStats{}, false
+	}
+	return dcStats, true
+}
+
+// GetICECandidateStats is a helper method to return the associated stats for a given ICECandidate
+func (r StatsReport) GetICECandidateStats(c *ICECandidate) (ICECandidateStats, bool) {
+	statsID := c.statsID
+	stats, ok := r[statsID]
+	if !ok {
+		return ICECandidateStats{}, false
+	}
+
+	candidateStats, ok := stats.(ICECandidateStats)
+	if !ok {
+		return ICECandidateStats{}, false
+	}
+	return candidateStats, true
+}
+
+// GetICECandidatePairStats is a helper method to return the associated stats for a given ICECandidatePair
+func (r StatsReport) GetICECandidatePairStats(c *ICECandidatePair) (ICECandidatePairStats, bool) {
+	statsID := c.statsID
+	stats, ok := r[statsID]
+	if !ok {
+		return ICECandidatePairStats{}, false
+	}
+
+	candidateStats, ok := stats.(ICECandidatePairStats)
+	if !ok {
+		return ICECandidatePairStats{}, false
+	}
+	return candidateStats, true
+}
+
+// GetCertificateStats is a helper method to return the associated stats for a given Certificate
+func (r StatsReport) GetCertificateStats(c *Certificate) (CertificateStats, bool) {
+	statsID := c.statsID
+	stats, ok := r[statsID]
+	if !ok {
+		return CertificateStats{}, false
+	}
+
+	certificateStats, ok := stats.(CertificateStats)
+	if !ok {
+		return CertificateStats{}, false
+	}
+	return certificateStats, true
+}
+
+// GetCodecStats is a helper method to return the associated stats for a given Codec
+func (r StatsReport) GetCodecStats(c *RTPCodecParameters) (CodecStats, bool) {
+	statsID := c.statsID
+	stats, ok := r[statsID]
+	if !ok {
+		return CodecStats{}, false
+	}
+
+	codecStats, ok := stats.(CodecStats)
+	if !ok {
+		return CodecStats{}, false
+	}
+	return codecStats, true
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/track_local.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/track_local.go
new file mode 100644
index 000000000..e6e1da1f4
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/track_local.go
@@ -0,0 +1,75 @@
+package webrtc
+
+import "github.com/pion/rtp"
+
+// TrackLocalWriter is the Writer for outbound RTP Packets
+type TrackLocalWriter interface {
+	// WriteRTP encrypts a RTP packet and writes to the connection
+	WriteRTP(header *rtp.Header, payload []byte) (int, error)
+
+	// Write encrypts and writes a full RTP packet
+	Write(b []byte) (int, error)
+}
+
+// TrackLocalContext is the Context passed when a TrackLocal has been Binded/Unbinded from a PeerConnection, and used
+// in Interceptors.
+type TrackLocalContext struct {
+	id          string
+	params      RTPParameters
+	ssrc        SSRC
+	writeStream TrackLocalWriter
+}
+
+// CodecParameters returns the negotiated RTPCodecParameters. These are the codecs supported by both
+// PeerConnections and the SSRC/PayloadTypes
+func (t *TrackLocalContext) CodecParameters() []RTPCodecParameters {
+	return t.params.Codecs
+}
+
+// HeaderExtensions returns the negotiated RTPHeaderExtensionParameters. These are the header extensions supported by
+// both PeerConnections and the SSRC/PayloadTypes
+func (t *TrackLocalContext) HeaderExtensions() []RTPHeaderExtensionParameter {
+	return t.params.HeaderExtensions
+}
+
+// SSRC requires the negotiated SSRC of this track
+// This track may have multiple if RTX is enabled
+func (t *TrackLocalContext) SSRC() SSRC {
+	return t.ssrc
+}
+
+// WriteStream returns the WriteStream for this TrackLocal. The implementer writes the outbound
+// media packets to it
+func (t *TrackLocalContext) WriteStream() TrackLocalWriter {
+	return t.writeStream
+}
+
+// ID is a unique identifier that is used for both Bind/Unbind
+func (t *TrackLocalContext) ID() string {
+	return t.id
+}
+
+// TrackLocal is an interface that controls how the user can send media
+// The user can provide their own TrackLocal implementatiosn, or use
+// the implementations in pkg/media
+type TrackLocal interface {
+	// Bind should implement the way how the media data flows from the Track to the PeerConnection
+	// This will be called internally after signaling is complete and the list of available
+	// codecs has been determined
+	Bind(TrackLocalContext) (RTPCodecParameters, error)
+
+	// Unbind should implement the teardown logic when the track is no longer needed. This happens
+	// because a track has been stopped.
+	Unbind(TrackLocalContext) error
+
+	// ID is the unique identifier for this Track. This should be unique for the
+	// stream, but doesn't have to globally unique. A common example would be 'audio' or 'video'
+	// and StreamID would be 'desktop' or 'webcam'
+	ID() string
+
+	// StreamID is the group this track belongs too. This must be unique
+	StreamID() string
+
+	// Kind controls if this TrackLocal is audio or video
+	Kind() RTPCodecType
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/track_local_static.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/track_local_static.go
new file mode 100644
index 000000000..ff6a53490
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/track_local_static.go
@@ -0,0 +1,242 @@
+// +build !js
+
+package webrtc
+
+import (
+	"strings"
+	"sync"
+
+	"github.com/pion/rtp"
+	"github.com/pion/webrtc/v3/internal/util"
+	"github.com/pion/webrtc/v3/pkg/media"
+)
+
+// trackBinding is a single bind for a Track
+// Bind can be called multiple times, this stores the
+// result for a single bind call so that it can be used when writing
+type trackBinding struct {
+	id          string
+	ssrc        SSRC
+	payloadType PayloadType
+	writeStream TrackLocalWriter
+}
+
+// TrackLocalStaticRTP  is a TrackLocal that has a pre-set codec and accepts RTP Packets.
+// If you wish to send a media.Sample use TrackLocalStaticSample
+type TrackLocalStaticRTP struct {
+	mu           sync.RWMutex
+	bindings     []trackBinding
+	codec        RTPCodecCapability
+	id, streamID string
+}
+
+// NewTrackLocalStaticRTP returns a TrackLocalStaticRTP.
+func NewTrackLocalStaticRTP(c RTPCodecCapability, id, streamID string) (*TrackLocalStaticRTP, error) {
+	return &TrackLocalStaticRTP{
+		codec:    c,
+		bindings: []trackBinding{},
+		id:       id,
+		streamID: streamID,
+	}, nil
+}
+
+// Bind is called by the PeerConnection after negotiation is complete
+// This asserts that the code requested is supported by the remote peer.
+// If so it setups all the state (SSRC and PayloadType) to have a call
+func (s *TrackLocalStaticRTP) Bind(t TrackLocalContext) (RTPCodecParameters, error) {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	parameters := RTPCodecParameters{RTPCodecCapability: s.codec}
+	if codec, err := codecParametersFuzzySearch(parameters, t.CodecParameters()); err == nil {
+		s.bindings = append(s.bindings, trackBinding{
+			ssrc:        t.SSRC(),
+			payloadType: codec.PayloadType,
+			writeStream: t.WriteStream(),
+			id:          t.ID(),
+		})
+		return codec, nil
+	}
+
+	return RTPCodecParameters{}, ErrUnsupportedCodec
+}
+
+// Unbind implements the teardown logic when the track is no longer needed. This happens
+// because a track has been stopped.
+func (s *TrackLocalStaticRTP) Unbind(t TrackLocalContext) error {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	for i := range s.bindings {
+		if s.bindings[i].id == t.ID() {
+			s.bindings[i] = s.bindings[len(s.bindings)-1]
+			s.bindings = s.bindings[:len(s.bindings)-1]
+			return nil
+		}
+	}
+
+	return ErrUnbindFailed
+}
+
+// ID is the unique identifier for this Track. This should be unique for the
+// stream, but doesn't have to globally unique. A common example would be 'audio' or 'video'
+// and StreamID would be 'desktop' or 'webcam'
+func (s *TrackLocalStaticRTP) ID() string { return s.id }
+
+// StreamID is the group this track belongs too. This must be unique
+func (s *TrackLocalStaticRTP) StreamID() string { return s.streamID }
+
+// Kind controls if this TrackLocal is audio or video
+func (s *TrackLocalStaticRTP) Kind() RTPCodecType {
+	switch {
+	case strings.HasPrefix(s.codec.MimeType, "audio/"):
+		return RTPCodecTypeAudio
+	case strings.HasPrefix(s.codec.MimeType, "video/"):
+		return RTPCodecTypeVideo
+	default:
+		return RTPCodecType(0)
+	}
+}
+
+// Codec gets the Codec of the track
+func (s *TrackLocalStaticRTP) Codec() RTPCodecCapability {
+	return s.codec
+}
+
+// WriteRTP writes a RTP Packet to the TrackLocalStaticRTP
+// If one PeerConnection fails the packets will still be sent to
+// all PeerConnections. The error message will contain the ID of the failed
+// PeerConnections so you can remove them
+func (s *TrackLocalStaticRTP) WriteRTP(p *rtp.Packet) error {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+
+	writeErrs := []error{}
+	outboundPacket := *p
+
+	for _, b := range s.bindings {
+		outboundPacket.Header.SSRC = uint32(b.ssrc)
+		outboundPacket.Header.PayloadType = uint8(b.payloadType)
+		if _, err := b.writeStream.WriteRTP(&outboundPacket.Header, outboundPacket.Payload); err != nil {
+			writeErrs = append(writeErrs, err)
+		}
+	}
+
+	return util.FlattenErrs(writeErrs)
+}
+
+// Write writes a RTP Packet as a buffer to the TrackLocalStaticRTP
+// If one PeerConnection fails the packets will still be sent to
+// all PeerConnections. The error message will contain the ID of the failed
+// PeerConnections so you can remove them
+func (s *TrackLocalStaticRTP) Write(b []byte) (n int, err error) {
+	packet := &rtp.Packet{}
+	if err = packet.Unmarshal(b); err != nil {
+		return 0, err
+	}
+
+	return len(b), s.WriteRTP(packet)
+}
+
+// TrackLocalStaticSample is a TrackLocal that has a pre-set codec and accepts Samples.
+// If you wish to send a RTP Packet use TrackLocalStaticRTP
+type TrackLocalStaticSample struct {
+	packetizer rtp.Packetizer
+	rtpTrack   *TrackLocalStaticRTP
+	clockRate  float64
+}
+
+// NewTrackLocalStaticSample returns a TrackLocalStaticSample
+func NewTrackLocalStaticSample(c RTPCodecCapability, id, streamID string) (*TrackLocalStaticSample, error) {
+	rtpTrack, err := NewTrackLocalStaticRTP(c, id, streamID)
+	if err != nil {
+		return nil, err
+	}
+
+	return &TrackLocalStaticSample{
+		rtpTrack: rtpTrack,
+	}, nil
+}
+
+// ID is the unique identifier for this Track. This should be unique for the
+// stream, but doesn't have to globally unique. A common example would be 'audio' or 'video'
+// and StreamID would be 'desktop' or 'webcam'
+func (s *TrackLocalStaticSample) ID() string { return s.rtpTrack.ID() }
+
+// StreamID is the group this track belongs too. This must be unique
+func (s *TrackLocalStaticSample) StreamID() string { return s.rtpTrack.StreamID() }
+
+// Kind controls if this TrackLocal is audio or video
+func (s *TrackLocalStaticSample) Kind() RTPCodecType { return s.rtpTrack.Kind() }
+
+// Codec gets the Codec of the track
+func (s *TrackLocalStaticSample) Codec() RTPCodecCapability {
+	return s.rtpTrack.Codec()
+}
+
+// Bind is called by the PeerConnection after negotiation is complete
+// This asserts that the code requested is supported by the remote peer.
+// If so it setups all the state (SSRC and PayloadType) to have a call
+func (s *TrackLocalStaticSample) Bind(t TrackLocalContext) (RTPCodecParameters, error) {
+	codec, err := s.rtpTrack.Bind(t)
+	if err != nil {
+		return codec, err
+	}
+
+	s.rtpTrack.mu.Lock()
+	defer s.rtpTrack.mu.Unlock()
+
+	// We only need one packetizer
+	if s.packetizer != nil {
+		return codec, nil
+	}
+
+	payloader, err := payloaderForCodec(codec.RTPCodecCapability)
+	if err != nil {
+		return codec, err
+	}
+
+	s.packetizer = rtp.NewPacketizer(
+		rtpOutboundMTU,
+		0, // Value is handled when writing
+		0, // Value is handled when writing
+		payloader,
+		rtp.NewRandomSequencer(),
+		codec.ClockRate,
+	)
+	s.clockRate = float64(codec.RTPCodecCapability.ClockRate)
+	return codec, nil
+}
+
+// Unbind implements the teardown logic when the track is no longer needed. This happens
+// because a track has been stopped.
+func (s *TrackLocalStaticSample) Unbind(t TrackLocalContext) error {
+	return s.rtpTrack.Unbind(t)
+}
+
+// WriteSample writes a Sample to the TrackLocalStaticSample
+// If one PeerConnection fails the packets will still be sent to
+// all PeerConnections. The error message will contain the ID of the failed
+// PeerConnections so you can remove them
+func (s *TrackLocalStaticSample) WriteSample(sample media.Sample) error {
+	s.rtpTrack.mu.RLock()
+	p := s.packetizer
+	clockRate := s.clockRate
+	s.rtpTrack.mu.RUnlock()
+
+	if p == nil {
+		return nil
+	}
+
+	samples := sample.Duration.Seconds() * clockRate
+	packets := p.(rtp.Packetizer).Packetize(sample.Data, uint32(samples))
+
+	writeErrs := []error{}
+	for _, p := range packets {
+		if err := s.rtpTrack.WriteRTP(p); err != nil {
+			writeErrs = append(writeErrs, err)
+		}
+	}
+
+	return util.FlattenErrs(writeErrs)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/track_remote.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/track_remote.go
new file mode 100644
index 000000000..6733b7cfb
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/track_remote.go
@@ -0,0 +1,183 @@
+// +build !js
+
+package webrtc
+
+import (
+	"sync"
+	"time"
+
+	"github.com/pion/interceptor"
+	"github.com/pion/rtp"
+)
+
+// TrackRemote represents a single inbound source of media
+type TrackRemote struct {
+	mu sync.RWMutex
+
+	id       string
+	streamID string
+
+	payloadType PayloadType
+	kind        RTPCodecType
+	ssrc        SSRC
+	codec       RTPCodecParameters
+	params      RTPParameters
+	rid         string
+
+	receiver         *RTPReceiver
+	peeked           []byte
+	peekedAttributes interceptor.Attributes
+}
+
+func newTrackRemote(kind RTPCodecType, ssrc SSRC, rid string, receiver *RTPReceiver) *TrackRemote {
+	return &TrackRemote{
+		kind:     kind,
+		ssrc:     ssrc,
+		rid:      rid,
+		receiver: receiver,
+	}
+}
+
+// ID is the unique identifier for this Track. This should be unique for the
+// stream, but doesn't have to globally unique. A common example would be 'audio' or 'video'
+// and StreamID would be 'desktop' or 'webcam'
+func (t *TrackRemote) ID() string {
+	t.mu.RLock()
+	defer t.mu.RUnlock()
+	return t.id
+}
+
+// RID gets the RTP Stream ID of this Track
+// With Simulcast you will have multiple tracks with the same ID, but different RID values.
+// In many cases a TrackRemote will not have an RID, so it is important to assert it is non-zero
+func (t *TrackRemote) RID() string {
+	t.mu.RLock()
+	defer t.mu.RUnlock()
+
+	return t.rid
+}
+
+// PayloadType gets the PayloadType of the track
+func (t *TrackRemote) PayloadType() PayloadType {
+	t.mu.RLock()
+	defer t.mu.RUnlock()
+	return t.payloadType
+}
+
+// Kind gets the Kind of the track
+func (t *TrackRemote) Kind() RTPCodecType {
+	t.mu.RLock()
+	defer t.mu.RUnlock()
+	return t.kind
+}
+
+// StreamID is the group this track belongs too. This must be unique
+func (t *TrackRemote) StreamID() string {
+	t.mu.RLock()
+	defer t.mu.RUnlock()
+	return t.streamID
+}
+
+// SSRC gets the SSRC of the track
+func (t *TrackRemote) SSRC() SSRC {
+	t.mu.RLock()
+	defer t.mu.RUnlock()
+	return t.ssrc
+}
+
+// Msid gets the Msid of the track
+func (t *TrackRemote) Msid() string {
+	return t.StreamID() + " " + t.ID()
+}
+
+// Codec gets the Codec of the track
+func (t *TrackRemote) Codec() RTPCodecParameters {
+	t.mu.RLock()
+	defer t.mu.RUnlock()
+	return t.codec
+}
+
+// Read reads data from the track.
+func (t *TrackRemote) Read(b []byte) (n int, attributes interceptor.Attributes, err error) {
+	t.mu.RLock()
+	r := t.receiver
+	peeked := t.peeked != nil
+	t.mu.RUnlock()
+
+	if peeked {
+		t.mu.Lock()
+		data := t.peeked
+		attributes = t.peekedAttributes
+
+		t.peeked = nil
+		t.peekedAttributes = nil
+		t.mu.Unlock()
+		// someone else may have stolen our packet when we
+		// released the lock.  Deal with it.
+		if data != nil {
+			n = copy(b, data)
+			return
+		}
+	}
+
+	return r.readRTP(b, t)
+}
+
+// ReadRTP is a convenience method that wraps Read and unmarshals for you.
+func (t *TrackRemote) ReadRTP() (*rtp.Packet, interceptor.Attributes, error) {
+	b := make([]byte, receiveMTU)
+	i, attributes, err := t.Read(b)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	r := &rtp.Packet{}
+	if err := r.Unmarshal(b[:i]); err != nil {
+		return nil, nil, err
+	}
+	return r, attributes, nil
+}
+
+// determinePayloadType blocks and reads a single packet to determine the PayloadType for this Track
+// this is useful because we can't announce it to the user until we know the payloadType
+func (t *TrackRemote) determinePayloadType() error {
+	b := make([]byte, receiveMTU)
+	n, _, err := t.peek(b)
+	if err != nil {
+		return err
+	}
+	r := rtp.Packet{}
+	if err := r.Unmarshal(b[:n]); err != nil {
+		return err
+	}
+
+	t.mu.Lock()
+	t.payloadType = PayloadType(r.PayloadType)
+	defer t.mu.Unlock()
+
+	return nil
+}
+
+// peek is like Read, but it doesn't discard the packet read
+func (t *TrackRemote) peek(b []byte) (n int, a interceptor.Attributes, err error) {
+	n, a, err = t.Read(b)
+	if err != nil {
+		return
+	}
+
+	t.mu.Lock()
+	// this might overwrite data if somebody peeked between the Read
+	// and us getting the lock.  Oh well, we'll just drop a packet in
+	// that case.
+	data := make([]byte, n)
+	n = copy(data, b[:n])
+	t.peeked = data
+	t.peekedAttributes = a
+	t.mu.Unlock()
+	return
+}
+
+// SetReadDeadline sets the max amount of time the RTP stream will block before returning. 0 is forever.
+func (t *TrackRemote) SetReadDeadline(deadline time.Time) error {
+	return t.receiver.setRTPReadDeadline(deadline, t)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/webrtc.go b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/webrtc.go
new file mode 100644
index 000000000..ff32a5578
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/webrtc.go
@@ -0,0 +1,17 @@
+// Package webrtc implements the WebRTC 1.0 as defined in W3C WebRTC specification document.
+package webrtc
+
+// SSRC represents a synchronization source
+// A synchronization source is a randomly chosen
+// value meant to be globally unique within a particular
+// RTP session. Used to identify a single stream of media.
+//
+// https://tools.ietf.org/html/rfc3550#section-3
+type SSRC uint32
+
+// PayloadType identifies the format of the RTP payload and determines
+// its interpretation by the application. Each codec in a RTP Session
+// will have a different PayloadType
+//
+// https://tools.ietf.org/html/rfc3550#section-3
+type PayloadType uint8
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/yarn.lock b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/yarn.lock
new file mode 100644
index 000000000..90f73c219
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pion/webrtc/v3/yarn.lock
@@ -0,0 +1,795 @@
+# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
+# yarn lockfile v1
+
+
+abbrev@1:
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/abbrev/-/abbrev-1.1.1.tgz#f8f2c887ad10bf67f634f005b6987fed3179aac8"
+  integrity sha512-nne9/IiQ/hzIhY6pdDnbBtz7DjPTKrY00P/zvPSm5pOFkl6xuGrGnXn/VtTNNfNtAfZ9/1RtehkszU9qcTii0Q==
+
+ajv@^6.5.5:
+  version "6.12.2"
+  resolved "https://registry.yarnpkg.com/ajv/-/ajv-6.12.2.tgz#c629c5eced17baf314437918d2da88c99d5958cd"
+  integrity sha512-k+V+hzjm5q/Mr8ef/1Y9goCmlsK4I6Sm74teeyGvFk1XrOsbsKLjEdrvny42CZ+a8sXbk8KWpY/bDwS+FLL2UQ==
+  dependencies:
+    fast-deep-equal "^3.1.1"
+    fast-json-stable-stringify "^2.0.0"
+    json-schema-traverse "^0.4.1"
+    uri-js "^4.2.2"
+
+ansi-regex@^2.0.0:
+  version "2.1.1"
+  resolved "https://registry.yarnpkg.com/ansi-regex/-/ansi-regex-2.1.1.tgz#c3b33ab5ee360d86e0e628f0468ae7ef27d654df"
+  integrity sha1-w7M6te42DYbg5ijwRorn7yfWVN8=
+
+ansi-regex@^3.0.0:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/ansi-regex/-/ansi-regex-3.0.0.tgz#ed0317c322064f79466c02966bddb605ab37d998"
+  integrity sha1-7QMXwyIGT3lGbAKWa922Bas32Zg=
+
+aproba@^1.0.3:
+  version "1.2.0"
+  resolved "https://registry.yarnpkg.com/aproba/-/aproba-1.2.0.tgz#6802e6264efd18c790a1b0d517f0f2627bf2c94a"
+  integrity sha512-Y9J6ZjXtoYh8RnXVCMOU/ttDmk1aBjunq9vO0ta5x85WDQiQfUF9sIPBITdbiiIVcBo03Hi3jMxigBtsddlXRw==
+
+are-we-there-yet@~1.1.2:
+  version "1.1.5"
+  resolved "https://registry.yarnpkg.com/are-we-there-yet/-/are-we-there-yet-1.1.5.tgz#4b35c2944f062a8bfcda66410760350fe9ddfc21"
+  integrity sha512-5hYdAkZlcG8tOLujVDTgCT+uPX0VnpAH28gWsLfzpXYm7wP6mp5Q/gYyR7YQ0cKVJcXJnl3j2kpBan13PtQf6w==
+  dependencies:
+    delegates "^1.0.0"
+    readable-stream "^2.0.6"
+
+asn1@~0.2.3:
+  version "0.2.4"
+  resolved "https://registry.yarnpkg.com/asn1/-/asn1-0.2.4.tgz#8d2475dfab553bb33e77b54e59e880bb8ce23136"
+  integrity sha512-jxwzQpLQjSmWXgwaCZE9Nz+glAG01yF1QnWgbhGwHI5A6FRIEY6IVqtHhIepHqI7/kyEyQEagBC5mBEFlIYvdg==
+  dependencies:
+    safer-buffer "~2.1.0"
+
+assert-plus@1.0.0, assert-plus@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/assert-plus/-/assert-plus-1.0.0.tgz#f12e0f3c5d77b0b1cdd9146942e4e96c1e4dd525"
+  integrity sha1-8S4PPF13sLHN2RRpQuTpbB5N1SU=
+
+asynckit@^0.4.0:
+  version "0.4.0"
+  resolved "https://registry.yarnpkg.com/asynckit/-/asynckit-0.4.0.tgz#c79ed97f7f34cb8f2ba1bc9790bcc366474b4b79"
+  integrity sha1-x57Zf380y48robyXkLzDZkdLS3k=
+
+aws-sign2@~0.7.0:
+  version "0.7.0"
+  resolved "https://registry.yarnpkg.com/aws-sign2/-/aws-sign2-0.7.0.tgz#b46e890934a9591f2d2f6f86d7e6a9f1b3fe76a8"
+  integrity sha1-tG6JCTSpWR8tL2+G1+ap8bP+dqg=
+
+aws4@^1.8.0:
+  version "1.10.0"
+  resolved "https://registry.yarnpkg.com/aws4/-/aws4-1.10.0.tgz#a17b3a8ea811060e74d47d306122400ad4497ae2"
+  integrity sha512-3YDiu347mtVtjpyV3u5kVqQLP242c06zwDOgpeRnybmXlYYsLbtTrUBUm8i8srONt+FWobl5aibnU1030PeeuA==
+
+balanced-match@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/balanced-match/-/balanced-match-1.0.0.tgz#89b4d199ab2bee49de164ea02b89ce462d71b767"
+  integrity sha1-ibTRmasr7kneFk6gK4nORi1xt2c=
+
+bcrypt-pbkdf@^1.0.0:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.2.tgz#a4301d389b6a43f9b67ff3ca11a3f6637e360e9e"
+  integrity sha1-pDAdOJtqQ/m2f/PKEaP2Y342Dp4=
+  dependencies:
+    tweetnacl "^0.14.3"
+
+brace-expansion@^1.1.7:
+  version "1.1.11"
+  resolved "https://registry.yarnpkg.com/brace-expansion/-/brace-expansion-1.1.11.tgz#3c7fcbf529d87226f3d2f52b966ff5271eb441dd"
+  integrity sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==
+  dependencies:
+    balanced-match "^1.0.0"
+    concat-map "0.0.1"
+
+caseless@~0.12.0:
+  version "0.12.0"
+  resolved "https://registry.yarnpkg.com/caseless/-/caseless-0.12.0.tgz#1b681c21ff84033c826543090689420d187151dc"
+  integrity sha1-G2gcIf+EAzyCZUMJBolCDRhxUdw=
+
+chownr@^1.1.1:
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/chownr/-/chownr-1.1.1.tgz#54726b8b8fff4df053c42187e801fb4412df1494"
+  integrity sha512-j38EvO5+LHX84jlo6h4UzmOwi0UgW61WRyPtJz4qaadK5eY3BTS5TY/S1Stc3Uk2lIM6TPevAlULiEJwie860g==
+
+code-point-at@^1.0.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/code-point-at/-/code-point-at-1.1.0.tgz#0d070b4d043a5bea33a2f1a40e2edb3d9a4ccf77"
+  integrity sha1-DQcLTQQ6W+ozovGkDi7bPZpMz3c=
+
+combined-stream@^1.0.6, combined-stream@~1.0.6:
+  version "1.0.8"
+  resolved "https://registry.yarnpkg.com/combined-stream/-/combined-stream-1.0.8.tgz#c3d45a8b34fd730631a110a8a2520682b31d5a7f"
+  integrity sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==
+  dependencies:
+    delayed-stream "~1.0.0"
+
+concat-map@0.0.1:
+  version "0.0.1"
+  resolved "https://registry.yarnpkg.com/concat-map/-/concat-map-0.0.1.tgz#d8a96bd77fd68df7793a73036a3ba0d5405d477b"
+  integrity sha1-2Klr13/Wjfd5OnMDajug1UBdR3s=
+
+console-control-strings@^1.0.0, console-control-strings@~1.1.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/console-control-strings/-/console-control-strings-1.1.0.tgz#3d7cf4464db6446ea644bf4b39507f9851008e8e"
+  integrity sha1-PXz0Rk22RG6mRL9LOVB/mFEAjo4=
+
+core-util-is@1.0.2, core-util-is@~1.0.0:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/core-util-is/-/core-util-is-1.0.2.tgz#b5fd54220aa2bc5ab57aab7140c940754503c1a7"
+  integrity sha1-tf1UIgqivFq1eqtxQMlAdUUDwac=
+
+dashdash@^1.12.0:
+  version "1.14.1"
+  resolved "https://registry.yarnpkg.com/dashdash/-/dashdash-1.14.1.tgz#853cfa0f7cbe2fed5de20326b8dd581035f6e2f0"
+  integrity sha1-hTz6D3y+L+1d4gMmuN1YEDX24vA=
+  dependencies:
+    assert-plus "^1.0.0"
+
+debug@^2.1.2:
+  version "2.6.9"
+  resolved "https://registry.yarnpkg.com/debug/-/debug-2.6.9.tgz#5d128515df134ff327e90a4c93f4e077a536341f"
+  integrity sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==
+  dependencies:
+    ms "2.0.0"
+
+deep-extend@^0.6.0:
+  version "0.6.0"
+  resolved "https://registry.yarnpkg.com/deep-extend/-/deep-extend-0.6.0.tgz#c4fa7c95404a17a9c3e8ca7e1537312b736330ac"
+  integrity sha512-LOHxIOaPYdHlJRtCQfDIVZtfw/ufM8+rVj649RIHzcm/vGwQRXFt6OPqIFWsm2XEMrNIEtWR64sY1LEKD2vAOA==
+
+delayed-stream@~1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/delayed-stream/-/delayed-stream-1.0.0.tgz#df3ae199acadfb7d440aaae0b29e2272b24ec619"
+  integrity sha1-3zrhmayt+31ECqrgsp4icrJOxhk=
+
+delegates@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/delegates/-/delegates-1.0.0.tgz#84c6e159b81904fdca59a0ef44cd870d31250f9a"
+  integrity sha1-hMbhWbgZBP3KWaDvRM2HDTElD5o=
+
+detect-libc@^1.0.2:
+  version "1.0.3"
+  resolved "https://registry.yarnpkg.com/detect-libc/-/detect-libc-1.0.3.tgz#fa137c4bd698edf55cd5cd02ac559f91a4c4ba9b"
+  integrity sha1-+hN8S9aY7fVc1c0CrFWfkaTEups=
+
+domexception@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/domexception/-/domexception-1.0.1.tgz#937442644ca6a31261ef36e3ec677fe805582c90"
+  integrity sha512-raigMkn7CJNNo6Ihro1fzG7wr3fHuYVytzquZKX5n0yizGsTcYgzdIUwj1X9pK0VvjeihV+XiclP+DjwbsSKug==
+  dependencies:
+    webidl-conversions "^4.0.2"
+
+ecc-jsbn@~0.1.1:
+  version "0.1.2"
+  resolved "https://registry.yarnpkg.com/ecc-jsbn/-/ecc-jsbn-0.1.2.tgz#3a83a904e54353287874c564b7549386849a98c9"
+  integrity sha1-OoOpBOVDUyh4dMVkt1SThoSamMk=
+  dependencies:
+    jsbn "~0.1.0"
+    safer-buffer "^2.1.0"
+
+extend@~3.0.2:
+  version "3.0.2"
+  resolved "https://registry.yarnpkg.com/extend/-/extend-3.0.2.tgz#f8b1136b4071fbd8eb140aff858b1019ec2915fa"
+  integrity sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g==
+
+extsprintf@1.3.0:
+  version "1.3.0"
+  resolved "https://registry.yarnpkg.com/extsprintf/-/extsprintf-1.3.0.tgz#96918440e3041a7a414f8c52e3c574eb3c3e1e05"
+  integrity sha1-lpGEQOMEGnpBT4xS48V06zw+HgU=
+
+extsprintf@^1.2.0:
+  version "1.4.0"
+  resolved "https://registry.yarnpkg.com/extsprintf/-/extsprintf-1.4.0.tgz#e2689f8f356fad62cca65a3a91c5df5f9551692f"
+  integrity sha1-4mifjzVvrWLMplo6kcXfX5VRaS8=
+
+fast-deep-equal@^3.1.1:
+  version "3.1.1"
+  resolved "https://registry.yarnpkg.com/fast-deep-equal/-/fast-deep-equal-3.1.1.tgz#545145077c501491e33b15ec408c294376e94ae4"
+  integrity sha512-8UEa58QDLauDNfpbrX55Q9jrGHThw2ZMdOky5Gl1CDtVeJDPVrG4Jxx1N8jw2gkWaff5UUuX1KJd+9zGe2B+ZA==
+
+fast-json-stable-stringify@^2.0.0:
+  version "2.1.0"
+  resolved "https://registry.yarnpkg.com/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz#874bf69c6f404c2b5d99c481341399fd55892633"
+  integrity sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw==
+
+forever-agent@~0.6.1:
+  version "0.6.1"
+  resolved "https://registry.yarnpkg.com/forever-agent/-/forever-agent-0.6.1.tgz#fbc71f0c41adeb37f96c577ad1ed42d8fdacca91"
+  integrity sha1-+8cfDEGt6zf5bFd60e1C2P2sypE=
+
+form-data@~2.3.2:
+  version "2.3.3"
+  resolved "https://registry.yarnpkg.com/form-data/-/form-data-2.3.3.tgz#dcce52c05f644f298c6a7ab936bd724ceffbf3a6"
+  integrity sha512-1lLKB2Mu3aGP1Q/2eCOx0fNbRMe7XdwktwOruhfqqd0rIJWwN4Dh+E3hrPSlDCXnSR7UtZ1N38rVXm+6+MEhJQ==
+  dependencies:
+    asynckit "^0.4.0"
+    combined-stream "^1.0.6"
+    mime-types "^2.1.12"
+
+fs-minipass@^1.2.5:
+  version "1.2.5"
+  resolved "https://registry.yarnpkg.com/fs-minipass/-/fs-minipass-1.2.5.tgz#06c277218454ec288df77ada54a03b8702aacb9d"
+  integrity sha512-JhBl0skXjUPCFH7x6x61gQxrKyXsxB5gcgePLZCwfyCGGsTISMoIeObbrvVeP6Xmyaudw4TT43qV2Gz+iyd2oQ==
+  dependencies:
+    minipass "^2.2.1"
+
+fs.realpath@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/fs.realpath/-/fs.realpath-1.0.0.tgz#1504ad2523158caa40db4a2787cb01411994ea4f"
+  integrity sha1-FQStJSMVjKpA20onh8sBQRmU6k8=
+
+gauge@~2.7.3:
+  version "2.7.4"
+  resolved "https://registry.yarnpkg.com/gauge/-/gauge-2.7.4.tgz#2c03405c7538c39d7eb37b317022e325fb018bf7"
+  integrity sha1-LANAXHU4w51+s3sxcCLjJfsBi/c=
+  dependencies:
+    aproba "^1.0.3"
+    console-control-strings "^1.0.0"
+    has-unicode "^2.0.0"
+    object-assign "^4.1.0"
+    signal-exit "^3.0.0"
+    string-width "^1.0.1"
+    strip-ansi "^3.0.1"
+    wide-align "^1.1.0"
+
+getpass@^0.1.1:
+  version "0.1.7"
+  resolved "https://registry.yarnpkg.com/getpass/-/getpass-0.1.7.tgz#5eff8e3e684d569ae4cb2b1282604e8ba62149fa"
+  integrity sha1-Xv+OPmhNVprkyysSgmBOi6YhSfo=
+  dependencies:
+    assert-plus "^1.0.0"
+
+glob@^7.1.3:
+  version "7.1.3"
+  resolved "https://registry.yarnpkg.com/glob/-/glob-7.1.3.tgz#3960832d3f1574108342dafd3a67b332c0969df1"
+  integrity sha512-vcfuiIxogLV4DlGBHIUOwI0IbrJ8HWPc4MU7HzviGeNho/UJDfi6B5p3sHeWIQ0KGIU0Jpxi5ZHxemQfLkkAwQ==
+  dependencies:
+    fs.realpath "^1.0.0"
+    inflight "^1.0.4"
+    inherits "2"
+    minimatch "^3.0.4"
+    once "^1.3.0"
+    path-is-absolute "^1.0.0"
+
+har-schema@^2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/har-schema/-/har-schema-2.0.0.tgz#a94c2224ebcac04782a0d9035521f24735b7ec92"
+  integrity sha1-qUwiJOvKwEeCoNkDVSHyRzW37JI=
+
+har-validator@~5.1.3:
+  version "5.1.3"
+  resolved "https://registry.yarnpkg.com/har-validator/-/har-validator-5.1.3.tgz#1ef89ebd3e4996557675eed9893110dc350fa080"
+  integrity sha512-sNvOCzEQNr/qrvJgc3UG/kD4QtlHycrzwS+6mfTrrSq97BvaYcPZZI1ZSqGSPR73Cxn4LKTD4PttRwfU7jWq5g==
+  dependencies:
+    ajv "^6.5.5"
+    har-schema "^2.0.0"
+
+has-unicode@^2.0.0:
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/has-unicode/-/has-unicode-2.0.1.tgz#e0e6fe6a28cf51138855e086d1691e771de2a8b9"
+  integrity sha1-4Ob+aijPUROIVeCG0Wkedx3iqLk=
+
+http-signature@~1.2.0:
+  version "1.2.0"
+  resolved "https://registry.yarnpkg.com/http-signature/-/http-signature-1.2.0.tgz#9aecd925114772f3d95b65a60abb8f7c18fbace1"
+  integrity sha1-muzZJRFHcvPZW2WmCruPfBj7rOE=
+  dependencies:
+    assert-plus "^1.0.0"
+    jsprim "^1.2.2"
+    sshpk "^1.7.0"
+
+iconv-lite@^0.4.4:
+  version "0.4.24"
+  resolved "https://registry.yarnpkg.com/iconv-lite/-/iconv-lite-0.4.24.tgz#2022b4b25fbddc21d2f524974a474aafe733908b"
+  integrity sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==
+  dependencies:
+    safer-buffer ">= 2.1.2 < 3"
+
+ignore-walk@^3.0.1:
+  version "3.0.1"
+  resolved "https://registry.yarnpkg.com/ignore-walk/-/ignore-walk-3.0.1.tgz#a83e62e7d272ac0e3b551aaa82831a19b69f82f8"
+  integrity sha512-DTVlMx3IYPe0/JJcYP7Gxg7ttZZu3IInhuEhbchuqneY9wWe5Ojy2mXLBaQFUQmo0AW2r3qG7m1mg86js+gnlQ==
+  dependencies:
+    minimatch "^3.0.4"
+
+inflight@^1.0.4:
+  version "1.0.6"
+  resolved "https://registry.yarnpkg.com/inflight/-/inflight-1.0.6.tgz#49bd6331d7d02d0c09bc910a1075ba8165b56df9"
+  integrity sha1-Sb1jMdfQLQwJvJEKEHW6gWW1bfk=
+  dependencies:
+    once "^1.3.0"
+    wrappy "1"
+
+inherits@2, inherits@~2.0.3:
+  version "2.0.3"
+  resolved "https://registry.yarnpkg.com/inherits/-/inherits-2.0.3.tgz#633c2c83e3da42a502f52466022480f4208261de"
+  integrity sha1-Yzwsg+PaQqUC9SRmAiSA9CCCYd4=
+
+ini@~1.3.0:
+  version "1.3.5"
+  resolved "https://registry.yarnpkg.com/ini/-/ini-1.3.5.tgz#eee25f56db1c9ec6085e0c22778083f596abf927"
+  integrity sha512-RZY5huIKCMRWDUqZlEi72f/lmXKMvuszcMBduliQ3nnWbx9X/ZBQO7DijMEYS9EhHBb2qacRUMtC7svLwe0lcw==
+
+is-fullwidth-code-point@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/is-fullwidth-code-point/-/is-fullwidth-code-point-1.0.0.tgz#ef9e31386f031a7f0d643af82fde50c457ef00cb"
+  integrity sha1-754xOG8DGn8NZDr4L95QxFfvAMs=
+  dependencies:
+    number-is-nan "^1.0.0"
+
+is-fullwidth-code-point@^2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/is-fullwidth-code-point/-/is-fullwidth-code-point-2.0.0.tgz#a3b30a5c4f199183167aaab93beefae3ddfb654f"
+  integrity sha1-o7MKXE8ZkYMWeqq5O+764937ZU8=
+
+is-typedarray@~1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/is-typedarray/-/is-typedarray-1.0.0.tgz#e479c80858df0c1b11ddda6940f96011fcda4a9a"
+  integrity sha1-5HnICFjfDBsR3dppQPlgEfzaSpo=
+
+isarray@~1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/isarray/-/isarray-1.0.0.tgz#bb935d48582cba168c06834957a54a3e07124f11"
+  integrity sha1-u5NdSFgsuhaMBoNJV6VKPgcSTxE=
+
+isstream@~0.1.2:
+  version "0.1.2"
+  resolved "https://registry.yarnpkg.com/isstream/-/isstream-0.1.2.tgz#47e63f7af55afa6f92e1500e690eb8b8529c099a"
+  integrity sha1-R+Y/evVa+m+S4VAOaQ64uFKcCZo=
+
+jsbn@~0.1.0:
+  version "0.1.1"
+  resolved "https://registry.yarnpkg.com/jsbn/-/jsbn-0.1.1.tgz#a5e654c2e5a2deb5f201d96cefbca80c0ef2f513"
+  integrity sha1-peZUwuWi3rXyAdls77yoDA7y9RM=
+
+json-schema-traverse@^0.4.1:
+  version "0.4.1"
+  resolved "https://registry.yarnpkg.com/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz#69f6a87d9513ab8bb8fe63bdb0979c448e684660"
+  integrity sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==
+
+json-schema@0.2.3:
+  version "0.2.3"
+  resolved "https://registry.yarnpkg.com/json-schema/-/json-schema-0.2.3.tgz#b480c892e59a2f05954ce727bd3f2a4e882f9e13"
+  integrity sha1-tIDIkuWaLwWVTOcnvT8qTogvnhM=
+
+json-stringify-safe@~5.0.1:
+  version "5.0.1"
+  resolved "https://registry.yarnpkg.com/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz#1296a2d58fd45f19a0f6ce01d65701e2c735b6eb"
+  integrity sha1-Epai1Y/UXxmg9s4B1lcB4sc1tus=
+
+jsprim@^1.2.2:
+  version "1.4.1"
+  resolved "https://registry.yarnpkg.com/jsprim/-/jsprim-1.4.1.tgz#313e66bc1e5cc06e438bc1b7499c2e5c56acb6a2"
+  integrity sha1-MT5mvB5cwG5Di8G3SZwuXFastqI=
+  dependencies:
+    assert-plus "1.0.0"
+    extsprintf "1.3.0"
+    json-schema "0.2.3"
+    verror "1.10.0"
+
+mime-db@1.44.0:
+  version "1.44.0"
+  resolved "https://registry.yarnpkg.com/mime-db/-/mime-db-1.44.0.tgz#fa11c5eb0aca1334b4233cb4d52f10c5a6272f92"
+  integrity sha512-/NOTfLrsPBVeH7YtFPgsVWveuL+4SjjYxaQ1xtM1KMFj7HdxlBlxeyNLzhyJVx7r4rZGJAZ/6lkKCitSc/Nmpg==
+
+mime-types@^2.1.12, mime-types@~2.1.19:
+  version "2.1.27"
+  resolved "https://registry.yarnpkg.com/mime-types/-/mime-types-2.1.27.tgz#47949f98e279ea53119f5722e0f34e529bec009f"
+  integrity sha512-JIhqnCasI9yD+SsmkquHBxTSEuZdQX5BuQnS2Vc7puQQQ+8yiP5AY5uWhpdv4YL4VM5c6iliiYWPgJ/nJQLp7w==
+  dependencies:
+    mime-db "1.44.0"
+
+minimatch@^3.0.4:
+  version "3.0.4"
+  resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-3.0.4.tgz#5166e286457f03306064be5497e8dbb0c3d32083"
+  integrity sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA==
+  dependencies:
+    brace-expansion "^1.1.7"
+
+minimist@0.0.8:
+  version "0.0.8"
+  resolved "https://registry.yarnpkg.com/minimist/-/minimist-0.0.8.tgz#857fcabfc3397d2625b8228262e86aa7a011b05d"
+  integrity sha1-hX/Kv8M5fSYluCKCYuhqp6ARsF0=
+
+minimist@^1.2.0:
+  version "1.2.0"
+  resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.0.tgz#a35008b20f41383eec1fb914f4cd5df79a264284"
+  integrity sha1-o1AIsg9BOD7sH7kU9M1d95omQoQ=
+
+minipass@^2.2.1, minipass@^2.3.4:
+  version "2.3.5"
+  resolved "https://registry.yarnpkg.com/minipass/-/minipass-2.3.5.tgz#cacebe492022497f656b0f0f51e2682a9ed2d848"
+  integrity sha512-Gi1W4k059gyRbyVUZQ4mEqLm0YIUiGYfvxhF6SIlk3ui1WVxMTGfGdQ2SInh3PDrRTVvPKgULkpJtT4RH10+VA==
+  dependencies:
+    safe-buffer "^5.1.2"
+    yallist "^3.0.0"
+
+minizlib@^1.1.1:
+  version "1.2.1"
+  resolved "https://registry.yarnpkg.com/minizlib/-/minizlib-1.2.1.tgz#dd27ea6136243c7c880684e8672bb3a45fd9b614"
+  integrity sha512-7+4oTUOWKg7AuL3vloEWekXY2/D20cevzsrNT2kGWm+39J9hGTCBv8VI5Pm5lXZ/o3/mdR4f8rflAPhnQb8mPA==
+  dependencies:
+    minipass "^2.2.1"
+
+mkdirp@^0.5.0, mkdirp@^0.5.1:
+  version "0.5.1"
+  resolved "https://registry.yarnpkg.com/mkdirp/-/mkdirp-0.5.1.tgz#30057438eac6cf7f8c4767f38648d6697d75c903"
+  integrity sha1-MAV0OOrGz3+MR2fzhkjWaX11yQM=
+  dependencies:
+    minimist "0.0.8"
+
+ms@2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/ms/-/ms-2.0.0.tgz#5608aeadfc00be6c2901df5f9861788de0d597c8"
+  integrity sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=
+
+needle@^2.2.1:
+  version "2.2.4"
+  resolved "https://registry.yarnpkg.com/needle/-/needle-2.2.4.tgz#51931bff82533b1928b7d1d69e01f1b00ffd2a4e"
+  integrity sha512-HyoqEb4wr/rsoaIDfTH2aVL9nWtQqba2/HvMv+++m8u0dz808MaagKILxtfeSN7QU7nvbQ79zk3vYOJp9zsNEA==
+  dependencies:
+    debug "^2.1.2"
+    iconv-lite "^0.4.4"
+    sax "^1.2.4"
+
+node-pre-gyp@^0.13.0:
+  version "0.13.0"
+  resolved "https://registry.yarnpkg.com/node-pre-gyp/-/node-pre-gyp-0.13.0.tgz#df9ab7b68dd6498137717838e4f92a33fc9daa42"
+  integrity sha512-Md1D3xnEne8b/HGVQkZZwV27WUi1ZRuZBij24TNaZwUPU3ZAFtvT6xxJGaUVillfmMKnn5oD1HoGsp2Ftik7SQ==
+  dependencies:
+    detect-libc "^1.0.2"
+    mkdirp "^0.5.1"
+    needle "^2.2.1"
+    nopt "^4.0.1"
+    npm-packlist "^1.1.6"
+    npmlog "^4.0.2"
+    rc "^1.2.7"
+    rimraf "^2.6.1"
+    semver "^5.3.0"
+    tar "^4"
+
+nopt@^4.0.1:
+  version "4.0.1"
+  resolved "https://registry.yarnpkg.com/nopt/-/nopt-4.0.1.tgz#d0d4685afd5415193c8c7505602d0d17cd64474d"
+  integrity sha1-0NRoWv1UFRk8jHUFYC0NF81kR00=
+  dependencies:
+    abbrev "1"
+    osenv "^0.1.4"
+
+npm-bundled@^1.0.1:
+  version "1.0.6"
+  resolved "https://registry.yarnpkg.com/npm-bundled/-/npm-bundled-1.0.6.tgz#e7ba9aadcef962bb61248f91721cd932b3fe6bdd"
+  integrity sha512-8/JCaftHwbd//k6y2rEWp6k1wxVfpFzB6t1p825+cUb7Ym2XQfhwIC5KwhrvzZRJu+LtDE585zVaS32+CGtf0g==
+
+npm-packlist@^1.1.6:
+  version "1.4.1"
+  resolved "https://registry.yarnpkg.com/npm-packlist/-/npm-packlist-1.4.1.tgz#19064cdf988da80ea3cee45533879d90192bbfbc"
+  integrity sha512-+TcdO7HJJ8peiiYhvPxsEDhF3PJFGUGRcFsGve3vxvxdcpO2Z4Z7rkosRM0kWj6LfbK/P0gu3dzk5RU1ffvFcw==
+  dependencies:
+    ignore-walk "^3.0.1"
+    npm-bundled "^1.0.1"
+
+npmlog@^4.0.2:
+  version "4.1.2"
+  resolved "https://registry.yarnpkg.com/npmlog/-/npmlog-4.1.2.tgz#08a7f2a8bf734604779a9efa4ad5cc717abb954b"
+  integrity sha512-2uUqazuKlTaSI/dC8AzicUck7+IrEaOnN/e0jd3Xtt1KcGpwx30v50mL7oPyr/h9bL3E4aZccVwpwP+5W9Vjkg==
+  dependencies:
+    are-we-there-yet "~1.1.2"
+    console-control-strings "~1.1.0"
+    gauge "~2.7.3"
+    set-blocking "~2.0.0"
+
+number-is-nan@^1.0.0:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/number-is-nan/-/number-is-nan-1.0.1.tgz#097b602b53422a522c1afb8790318336941a011d"
+  integrity sha1-CXtgK1NCKlIsGvuHkDGDNpQaAR0=
+
+oauth-sign@~0.9.0:
+  version "0.9.0"
+  resolved "https://registry.yarnpkg.com/oauth-sign/-/oauth-sign-0.9.0.tgz#47a7b016baa68b5fa0ecf3dee08a85c679ac6455"
+  integrity sha512-fexhUFFPTGV8ybAtSIGbV6gOkSv8UtRbDBnAyLQw4QPKkgNlsH2ByPGtMUqdWkos6YCRmAqViwgZrJc/mRDzZQ==
+
+object-assign@^4.1.0:
+  version "4.1.1"
+  resolved "https://registry.yarnpkg.com/object-assign/-/object-assign-4.1.1.tgz#2109adc7965887cfc05cbbd442cac8bfbb360863"
+  integrity sha1-IQmtx5ZYh8/AXLvUQsrIv7s2CGM=
+
+once@^1.3.0:
+  version "1.4.0"
+  resolved "https://registry.yarnpkg.com/once/-/once-1.4.0.tgz#583b1aa775961d4b113ac17d9c50baef9dd76bd1"
+  integrity sha1-WDsap3WWHUsROsF9nFC6753Xa9E=
+  dependencies:
+    wrappy "1"
+
+os-homedir@^1.0.0:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/os-homedir/-/os-homedir-1.0.2.tgz#ffbc4988336e0e833de0c168c7ef152121aa7fb3"
+  integrity sha1-/7xJiDNuDoM94MFox+8VISGqf7M=
+
+os-tmpdir@^1.0.0:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/os-tmpdir/-/os-tmpdir-1.0.2.tgz#bbe67406c79aa85c5cfec766fe5734555dfa1274"
+  integrity sha1-u+Z0BseaqFxc/sdm/lc0VV36EnQ=
+
+osenv@^0.1.4:
+  version "0.1.5"
+  resolved "https://registry.yarnpkg.com/osenv/-/osenv-0.1.5.tgz#85cdfafaeb28e8677f416e287592b5f3f49ea410"
+  integrity sha512-0CWcCECdMVc2Rw3U5w9ZjqX6ga6ubk1xDVKxtBQPK7wis/0F2r9T6k4ydGYhecl7YUBxBVxhL5oisPsNxAPe2g==
+  dependencies:
+    os-homedir "^1.0.0"
+    os-tmpdir "^1.0.0"
+
+path-is-absolute@^1.0.0:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/path-is-absolute/-/path-is-absolute-1.0.1.tgz#174b9268735534ffbc7ace6bf53a5a9e1b5c5f5f"
+  integrity sha1-F0uSaHNVNP+8es5r9TpanhtcX18=
+
+performance-now@^2.1.0:
+  version "2.1.0"
+  resolved "https://registry.yarnpkg.com/performance-now/-/performance-now-2.1.0.tgz#6309f4e0e5fa913ec1c69307ae364b4b377c9e7b"
+  integrity sha1-Ywn04OX6kT7BxpMHrjZLSzd8nns=
+
+process-nextick-args@~2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/process-nextick-args/-/process-nextick-args-2.0.0.tgz#a37d732f4271b4ab1ad070d35508e8290788ffaa"
+  integrity sha512-MtEC1TqN0EU5nephaJ4rAtThHtC86dNN9qCuEhtshvpVBkAW5ZO7BASN9REnF9eoXGcRub+pFuKEpOHE+HbEMw==
+
+psl@^1.1.28:
+  version "1.8.0"
+  resolved "https://registry.yarnpkg.com/psl/-/psl-1.8.0.tgz#9326f8bcfb013adcc005fdff056acce020e51c24"
+  integrity sha512-RIdOzyoavK+hA18OGGWDqUTsCLhtA7IcZ/6NCs4fFJaHBDab+pDDmDIByWFRQJq2Cd7r1OoQxBGKOaztq+hjIQ==
+
+punycode@^2.1.0, punycode@^2.1.1:
+  version "2.1.1"
+  resolved "https://registry.yarnpkg.com/punycode/-/punycode-2.1.1.tgz#b58b010ac40c22c5657616c8d2c2c02c7bf479ec"
+  integrity sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A==
+
+qs@~6.5.2:
+  version "6.5.2"
+  resolved "https://registry.yarnpkg.com/qs/-/qs-6.5.2.tgz#cb3ae806e8740444584ef154ce8ee98d403f3e36"
+  integrity sha512-N5ZAX4/LxJmF+7wN74pUD6qAh9/wnvdQcjq9TZjevvXzSUo7bfmw91saqMjzGS2xq91/odN2dW/WOl7qQHNDGA==
+
+rc@^1.2.7:
+  version "1.2.8"
+  resolved "https://registry.yarnpkg.com/rc/-/rc-1.2.8.tgz#cd924bf5200a075b83c188cd6b9e211b7fc0d3ed"
+  integrity sha512-y3bGgqKj3QBdxLbLkomlohkvsA8gdAiUQlSBJnBhfn+BPxg4bc62d8TcBW15wavDfgexCgccckhcZvywyQYPOw==
+  dependencies:
+    deep-extend "^0.6.0"
+    ini "~1.3.0"
+    minimist "^1.2.0"
+    strip-json-comments "~2.0.1"
+
+readable-stream@^2.0.6:
+  version "2.3.6"
+  resolved "https://registry.yarnpkg.com/readable-stream/-/readable-stream-2.3.6.tgz#b11c27d88b8ff1fbe070643cf94b0c79ae1b0aaf"
+  integrity sha512-tQtKA9WIAhBF3+VLAseyMqZeBjW0AHJoxOtYqSUZNJxauErmLbVm2FW1y+J/YA9dUrAC39ITejlZWhVIwawkKw==
+  dependencies:
+    core-util-is "~1.0.0"
+    inherits "~2.0.3"
+    isarray "~1.0.0"
+    process-nextick-args "~2.0.0"
+    safe-buffer "~5.1.1"
+    string_decoder "~1.1.1"
+    util-deprecate "~1.0.1"
+
+request@2.88.2:
+  version "2.88.2"
+  resolved "https://registry.yarnpkg.com/request/-/request-2.88.2.tgz#d73c918731cb5a87da047e207234146f664d12b3"
+  integrity sha512-MsvtOrfG9ZcrOwAW+Qi+F6HbD0CWXEh9ou77uOb7FM2WPhwT7smM833PzanhJLsgXjN89Ir6V2PczXNnMpwKhw==
+  dependencies:
+    aws-sign2 "~0.7.0"
+    aws4 "^1.8.0"
+    caseless "~0.12.0"
+    combined-stream "~1.0.6"
+    extend "~3.0.2"
+    forever-agent "~0.6.1"
+    form-data "~2.3.2"
+    har-validator "~5.1.3"
+    http-signature "~1.2.0"
+    is-typedarray "~1.0.0"
+    isstream "~0.1.2"
+    json-stringify-safe "~5.0.1"
+    mime-types "~2.1.19"
+    oauth-sign "~0.9.0"
+    performance-now "^2.1.0"
+    qs "~6.5.2"
+    safe-buffer "^5.1.2"
+    tough-cookie "~2.5.0"
+    tunnel-agent "^0.6.0"
+    uuid "^3.3.2"
+
+rimraf@^2.6.1:
+  version "2.6.3"
+  resolved "https://registry.yarnpkg.com/rimraf/-/rimraf-2.6.3.tgz#b2d104fe0d8fb27cf9e0a1cda8262dd3833c6cab"
+  integrity sha512-mwqeW5XsA2qAejG46gYdENaxXjx9onRNCfn7L0duuP4hCuTIi/QO7PDK07KJfp1d+izWPrzEJDcSqBa0OZQriA==
+  dependencies:
+    glob "^7.1.3"
+
+safe-buffer@^5.0.1:
+  version "5.2.1"
+  resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.2.1.tgz#1eaf9fa9bdb1fdd4ec75f58f9cdb4e6b7827eec6"
+  integrity sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==
+
+safe-buffer@^5.1.2, safe-buffer@~5.1.0, safe-buffer@~5.1.1:
+  version "5.1.2"
+  resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.1.2.tgz#991ec69d296e0313747d59bdfd2b745c35f8828d"
+  integrity sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==
+
+"safer-buffer@>= 2.1.2 < 3", safer-buffer@^2.0.2, safer-buffer@^2.1.0, safer-buffer@~2.1.0:
+  version "2.1.2"
+  resolved "https://registry.yarnpkg.com/safer-buffer/-/safer-buffer-2.1.2.tgz#44fa161b0187b9549dd84bb91802f9bd8385cd6a"
+  integrity sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==
+
+sax@^1.2.4:
+  version "1.2.4"
+  resolved "https://registry.yarnpkg.com/sax/-/sax-1.2.4.tgz#2816234e2378bddc4e5354fab5caa895df7100d9"
+  integrity sha512-NqVDv9TpANUjFm0N8uM5GxL36UgKi9/atZw+x7YFnQ8ckwFGKrl4xX4yWtrey3UJm5nP1kUbnYgLopqWNSRhWw==
+
+semver@^5.3.0:
+  version "5.6.0"
+  resolved "https://registry.yarnpkg.com/semver/-/semver-5.6.0.tgz#7e74256fbaa49c75aa7c7a205cc22799cac80004"
+  integrity sha512-RS9R6R35NYgQn++fkDWaOmqGoj4Ek9gGs+DPxNUZKuwE183xjJroKvyo1IzVFeXvUrvmALy6FWD5xrdJT25gMg==
+
+set-blocking@~2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/set-blocking/-/set-blocking-2.0.0.tgz#045f9782d011ae9a6803ddd382b24392b3d890f7"
+  integrity sha1-BF+XgtARrppoA93TgrJDkrPYkPc=
+
+signal-exit@^3.0.0:
+  version "3.0.2"
+  resolved "https://registry.yarnpkg.com/signal-exit/-/signal-exit-3.0.2.tgz#b5fdc08f1287ea1178628e415e25132b73646c6d"
+  integrity sha1-tf3AjxKH6hF4Yo5BXiUTK3NkbG0=
+
+sshpk@^1.7.0:
+  version "1.16.1"
+  resolved "https://registry.yarnpkg.com/sshpk/-/sshpk-1.16.1.tgz#fb661c0bef29b39db40769ee39fa70093d6f6877"
+  integrity sha512-HXXqVUq7+pcKeLqqZj6mHFUMvXtOJt1uoUx09pFW6011inTMxqI8BA8PM95myrIyyKwdnzjdFjLiE6KBPVtJIg==
+  dependencies:
+    asn1 "~0.2.3"
+    assert-plus "^1.0.0"
+    bcrypt-pbkdf "^1.0.0"
+    dashdash "^1.12.0"
+    ecc-jsbn "~0.1.1"
+    getpass "^0.1.1"
+    jsbn "~0.1.0"
+    safer-buffer "^2.0.2"
+    tweetnacl "~0.14.0"
+
+string-width@^1.0.1:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/string-width/-/string-width-1.0.2.tgz#118bdf5b8cdc51a2a7e70d211e07e2b0b9b107d3"
+  integrity sha1-EYvfW4zcUaKn5w0hHgfisLmxB9M=
+  dependencies:
+    code-point-at "^1.0.0"
+    is-fullwidth-code-point "^1.0.0"
+    strip-ansi "^3.0.0"
+
+"string-width@^1.0.2 || 2":
+  version "2.1.1"
+  resolved "https://registry.yarnpkg.com/string-width/-/string-width-2.1.1.tgz#ab93f27a8dc13d28cac815c462143a6d9012ae9e"
+  integrity sha512-nOqH59deCq9SRHlxq1Aw85Jnt4w6KvLKqWVik6oA9ZklXLNIOlqg4F2yrT1MVaTjAqvVwdfeZ7w7aCvJD7ugkw==
+  dependencies:
+    is-fullwidth-code-point "^2.0.0"
+    strip-ansi "^4.0.0"
+
+string_decoder@~1.1.1:
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/string_decoder/-/string_decoder-1.1.1.tgz#9cf1611ba62685d7030ae9e4ba34149c3af03fc8"
+  integrity sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==
+  dependencies:
+    safe-buffer "~5.1.0"
+
+strip-ansi@^3.0.0, strip-ansi@^3.0.1:
+  version "3.0.1"
+  resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-3.0.1.tgz#6a385fb8853d952d5ff05d0e8aaf94278dc63dcf"
+  integrity sha1-ajhfuIU9lS1f8F0Oiq+UJ43GPc8=
+  dependencies:
+    ansi-regex "^2.0.0"
+
+strip-ansi@^4.0.0:
+  version "4.0.0"
+  resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-4.0.0.tgz#a8479022eb1ac368a871389b635262c505ee368f"
+  integrity sha1-qEeQIusaw2iocTibY1JixQXuNo8=
+  dependencies:
+    ansi-regex "^3.0.0"
+
+strip-json-comments@~2.0.1:
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/strip-json-comments/-/strip-json-comments-2.0.1.tgz#3c531942e908c2697c0ec344858c286c7ca0a60a"
+  integrity sha1-PFMZQukIwml8DsNEhYwobHygpgo=
+
+tar@^4:
+  version "4.4.8"
+  resolved "https://registry.yarnpkg.com/tar/-/tar-4.4.8.tgz#b19eec3fde2a96e64666df9fdb40c5ca1bc3747d"
+  integrity sha512-LzHF64s5chPQQS0IYBn9IN5h3i98c12bo4NCO7e0sGM2llXQ3p2FGC5sdENN4cTW48O915Sh+x+EXx7XW96xYQ==
+  dependencies:
+    chownr "^1.1.1"
+    fs-minipass "^1.2.5"
+    minipass "^2.3.4"
+    minizlib "^1.1.1"
+    mkdirp "^0.5.0"
+    safe-buffer "^5.1.2"
+    yallist "^3.0.2"
+
+tough-cookie@~2.5.0:
+  version "2.5.0"
+  resolved "https://registry.yarnpkg.com/tough-cookie/-/tough-cookie-2.5.0.tgz#cd9fb2a0aa1d5a12b473bd9fb96fa3dcff65ade2"
+  integrity sha512-nlLsUzgm1kfLXSXfRZMc1KLAugd4hqJHDTvc2hDIwS3mZAfMEuMbc03SujMF+GEcpaX/qboeycw6iO8JwVv2+g==
+  dependencies:
+    psl "^1.1.28"
+    punycode "^2.1.1"
+
+tunnel-agent@^0.6.0:
+  version "0.6.0"
+  resolved "https://registry.yarnpkg.com/tunnel-agent/-/tunnel-agent-0.6.0.tgz#27a5dea06b36b04a0a9966774b290868f0fc40fd"
+  integrity sha1-J6XeoGs2sEoKmWZ3SykIaPD8QP0=
+  dependencies:
+    safe-buffer "^5.0.1"
+
+tweetnacl@^0.14.3, tweetnacl@~0.14.0:
+  version "0.14.5"
+  resolved "https://registry.yarnpkg.com/tweetnacl/-/tweetnacl-0.14.5.tgz#5ae68177f192d4456269d108afa93ff8743f4f64"
+  integrity sha1-WuaBd/GS1EViadEIr6k/+HQ/T2Q=
+
+uri-js@^4.2.2:
+  version "4.2.2"
+  resolved "https://registry.yarnpkg.com/uri-js/-/uri-js-4.2.2.tgz#94c540e1ff772956e2299507c010aea6c8838eb0"
+  integrity sha512-KY9Frmirql91X2Qgjry0Wd4Y+YTdrdZheS8TFwvkbLWf/G5KNJDCh6pKL5OZctEW4+0Baa5idK2ZQuELRwPznQ==
+  dependencies:
+    punycode "^2.1.0"
+
+util-deprecate@~1.0.1:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/util-deprecate/-/util-deprecate-1.0.2.tgz#450d4dc9fa70de732762fbd2d4a28981419a0ccf"
+  integrity sha1-RQ1Nyfpw3nMnYvvS1KKJgUGaDM8=
+
+uuid@^3.3.2:
+  version "3.4.0"
+  resolved "https://registry.yarnpkg.com/uuid/-/uuid-3.4.0.tgz#b23e4358afa8a202fe7a100af1f5f883f02007ee"
+  integrity sha512-HjSDRw6gZE5JMggctHBcjVak08+KEVhSIiDzFnT9S9aegmp85S/bReBVTb4QTFaRNptJ9kuYaNhnbNEOkbKb/A==
+
+verror@1.10.0:
+  version "1.10.0"
+  resolved "https://registry.yarnpkg.com/verror/-/verror-1.10.0.tgz#3a105ca17053af55d6e270c1f8288682e18da400"
+  integrity sha1-OhBcoXBTr1XW4nDB+CiGguGNpAA=
+  dependencies:
+    assert-plus "^1.0.0"
+    core-util-is "1.0.2"
+    extsprintf "^1.2.0"
+
+webidl-conversions@^4.0.2:
+  version "4.0.2"
+  resolved "https://registry.yarnpkg.com/webidl-conversions/-/webidl-conversions-4.0.2.tgz#a855980b1f0b6b359ba1d5d9fb39ae941faa63ad"
+  integrity sha512-YQ+BmxuTgd6UXZW3+ICGfyqRyHXVlD5GtQr5+qjiNW7bF0cqrzX500HVXPBOvgXb5YnzDd+h0zqyv61KUD7+Sg==
+
+wide-align@^1.1.0:
+  version "1.1.3"
+  resolved "https://registry.yarnpkg.com/wide-align/-/wide-align-1.1.3.tgz#ae074e6bdc0c14a431e804e624549c633b000457"
+  integrity sha512-QGkOQc8XL6Bt5PwnsExKBPuMKBxnGxWWW3fU55Xt4feHozMUhdUMaBCk290qpm/wG5u/RSKzwdAC4i51YigihA==
+  dependencies:
+    string-width "^1.0.2 || 2"
+
+wrappy@1:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/wrappy/-/wrappy-1.0.2.tgz#b5243d8f3ec1aa35f1364605bc0d1036e30ab69f"
+  integrity sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8=
+
+wrtc@0.4.7:
+  version "0.4.7"
+  resolved "https://registry.yarnpkg.com/wrtc/-/wrtc-0.4.7.tgz#c61530cd662713e50bffe64b7a78673ce070426c"
+  integrity sha512-P6Hn7VT4lfSH49HxLHcHhDq+aFf/jd9dPY7lDHeFhZ22N3858EKuwm2jmnlPzpsRGEPaoF6XwkcxY5SYnt4f/g==
+  dependencies:
+    node-pre-gyp "^0.13.0"
+  optionalDependencies:
+    domexception "^1.0.1"
+
+yallist@^3.0.0, yallist@^3.0.2:
+  version "3.0.3"
+  resolved "https://registry.yarnpkg.com/yallist/-/yallist-3.0.3.tgz#b4b049e314be545e3ce802236d6cd22cd91c3de9"
+  integrity sha512-S+Zk8DEWE6oKpV+vI3qWkaK+jSbIK86pCwe2IF/xwIpQ8jEuxpw9NyaGjmp9+BoJv5FV2piqCDcoCtStppiq2A==
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pkg/errors/.gitignore b/trunk/3rdparty/srs-bench/vendor/github.com/pkg/errors/.gitignore
new file mode 100644
index 000000000..daf913b1b
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pkg/errors/.gitignore
@@ -0,0 +1,24 @@
+# Compiled Object files, Static and Dynamic libs (Shared Objects)
+*.o
+*.a
+*.so
+
+# Folders
+_obj
+_test
+
+# Architecture specific extensions/prefixes
+*.[568vq]
+[568vq].out
+
+*.cgo1.go
+*.cgo2.c
+_cgo_defun.c
+_cgo_gotypes.go
+_cgo_export.*
+
+_testmain.go
+
+*.exe
+*.test
+*.prof
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pkg/errors/.travis.yml b/trunk/3rdparty/srs-bench/vendor/github.com/pkg/errors/.travis.yml
new file mode 100644
index 000000000..9159de03e
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pkg/errors/.travis.yml
@@ -0,0 +1,10 @@
+language: go
+go_import_path: github.com/pkg/errors
+go:
+  - 1.11.x
+  - 1.12.x
+  - 1.13.x
+  - tip
+
+script:
+  - make check
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pkg/errors/LICENSE b/trunk/3rdparty/srs-bench/vendor/github.com/pkg/errors/LICENSE
new file mode 100644
index 000000000..835ba3e75
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pkg/errors/LICENSE
@@ -0,0 +1,23 @@
+Copyright (c) 2015, Dave Cheney <dave@cheney.net>
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+* Redistributions of source code must retain the above copyright notice, this
+  list of conditions and the following disclaimer.
+
+* Redistributions in binary form must reproduce the above copyright notice,
+  this list of conditions and the following disclaimer in the documentation
+  and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pkg/errors/Makefile b/trunk/3rdparty/srs-bench/vendor/github.com/pkg/errors/Makefile
new file mode 100644
index 000000000..ce9d7cded
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pkg/errors/Makefile
@@ -0,0 +1,44 @@
+PKGS := github.com/pkg/errors
+SRCDIRS := $(shell go list -f '{{.Dir}}' $(PKGS))
+GO := go
+
+check: test vet gofmt misspell unconvert staticcheck ineffassign unparam
+
+test: 
+	$(GO) test $(PKGS)
+
+vet: | test
+	$(GO) vet $(PKGS)
+
+staticcheck:
+	$(GO) get honnef.co/go/tools/cmd/staticcheck
+	staticcheck -checks all $(PKGS)
+
+misspell:
+	$(GO) get github.com/client9/misspell/cmd/misspell
+	misspell \
+		-locale GB \
+		-error \
+		*.md *.go
+
+unconvert:
+	$(GO) get github.com/mdempsky/unconvert
+	unconvert -v $(PKGS)
+
+ineffassign:
+	$(GO) get github.com/gordonklaus/ineffassign
+	find $(SRCDIRS) -name '*.go' | xargs ineffassign
+
+pedantic: check errcheck
+
+unparam:
+	$(GO) get mvdan.cc/unparam
+	unparam ./...
+
+errcheck:
+	$(GO) get github.com/kisielk/errcheck
+	errcheck $(PKGS)
+
+gofmt:  
+	@echo Checking code is gofmted
+	@test -z "$(shell gofmt -s -l -d -e $(SRCDIRS) | tee /dev/stderr)"
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pkg/errors/README.md b/trunk/3rdparty/srs-bench/vendor/github.com/pkg/errors/README.md
new file mode 100644
index 000000000..54dfdcb12
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pkg/errors/README.md
@@ -0,0 +1,59 @@
+# errors [![Travis-CI](https://travis-ci.org/pkg/errors.svg)](https://travis-ci.org/pkg/errors) [![AppVeyor](https://ci.appveyor.com/api/projects/status/b98mptawhudj53ep/branch/master?svg=true)](https://ci.appveyor.com/project/davecheney/errors/branch/master) [![GoDoc](https://godoc.org/github.com/pkg/errors?status.svg)](http://godoc.org/github.com/pkg/errors) [![Report card](https://goreportcard.com/badge/github.com/pkg/errors)](https://goreportcard.com/report/github.com/pkg/errors) [![Sourcegraph](https://sourcegraph.com/github.com/pkg/errors/-/badge.svg)](https://sourcegraph.com/github.com/pkg/errors?badge)
+
+Package errors provides simple error handling primitives.
+
+`go get github.com/pkg/errors`
+
+The traditional error handling idiom in Go is roughly akin to
+```go
+if err != nil {
+        return err
+}
+```
+which applied recursively up the call stack results in error reports without context or debugging information. The errors package allows programmers to add context to the failure path in their code in a way that does not destroy the original value of the error.
+
+## Adding context to an error
+
+The errors.Wrap function returns a new error that adds context to the original error. For example
+```go
+_, err := ioutil.ReadAll(r)
+if err != nil {
+        return errors.Wrap(err, "read failed")
+}
+```
+## Retrieving the cause of an error
+
+Using `errors.Wrap` constructs a stack of errors, adding context to the preceding error. Depending on the nature of the error it may be necessary to reverse the operation of errors.Wrap to retrieve the original error for inspection. Any error value which implements this interface can be inspected by `errors.Cause`.
+```go
+type causer interface {
+        Cause() error
+}
+```
+`errors.Cause` will recursively retrieve the topmost error which does not implement `causer`, which is assumed to be the original cause. For example:
+```go
+switch err := errors.Cause(err).(type) {
+case *MyError:
+        // handle specifically
+default:
+        // unknown error
+}
+```
+
+[Read the package documentation for more information](https://godoc.org/github.com/pkg/errors).
+
+## Roadmap
+
+With the upcoming [Go2 error proposals](https://go.googlesource.com/proposal/+/master/design/go2draft.md) this package is moving into maintenance mode. The roadmap for a 1.0 release is as follows:
+
+- 0.9. Remove pre Go 1.9 and Go 1.10 support, address outstanding pull requests (if possible)
+- 1.0. Final release.
+
+## Contributing
+
+Because of the Go2 errors changes, this package is not accepting proposals for new functionality. With that said, we welcome pull requests, bug fixes and issue reports. 
+
+Before sending a PR, please discuss your change by raising an issue.
+
+## License
+
+BSD-2-Clause
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pkg/errors/appveyor.yml b/trunk/3rdparty/srs-bench/vendor/github.com/pkg/errors/appveyor.yml
new file mode 100644
index 000000000..a932eade0
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pkg/errors/appveyor.yml
@@ -0,0 +1,32 @@
+version: build-{build}.{branch}
+
+clone_folder: C:\gopath\src\github.com\pkg\errors
+shallow_clone: true # for startup speed
+
+environment:
+  GOPATH: C:\gopath
+
+platform:
+  - x64
+
+# http://www.appveyor.com/docs/installed-software
+install:
+  # some helpful output for debugging builds
+  - go version
+  - go env
+  # pre-installed MinGW at C:\MinGW is 32bit only
+  # but MSYS2 at C:\msys64 has mingw64
+  - set PATH=C:\msys64\mingw64\bin;%PATH%
+  - gcc --version
+  - g++ --version
+
+build_script:
+  - go install -v ./...
+
+test_script:
+  - set PATH=C:\gopath\bin;%PATH%
+  - go test -v ./...
+
+#artifacts:
+#  - path: '%GOPATH%\bin\*.exe'
+deploy: off
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pkg/errors/errors.go b/trunk/3rdparty/srs-bench/vendor/github.com/pkg/errors/errors.go
new file mode 100644
index 000000000..161aea258
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pkg/errors/errors.go
@@ -0,0 +1,288 @@
+// Package errors provides simple error handling primitives.
+//
+// The traditional error handling idiom in Go is roughly akin to
+//
+//     if err != nil {
+//             return err
+//     }
+//
+// which when applied recursively up the call stack results in error reports
+// without context or debugging information. The errors package allows
+// programmers to add context to the failure path in their code in a way
+// that does not destroy the original value of the error.
+//
+// Adding context to an error
+//
+// The errors.Wrap function returns a new error that adds context to the
+// original error by recording a stack trace at the point Wrap is called,
+// together with the supplied message. For example
+//
+//     _, err := ioutil.ReadAll(r)
+//     if err != nil {
+//             return errors.Wrap(err, "read failed")
+//     }
+//
+// If additional control is required, the errors.WithStack and
+// errors.WithMessage functions destructure errors.Wrap into its component
+// operations: annotating an error with a stack trace and with a message,
+// respectively.
+//
+// Retrieving the cause of an error
+//
+// Using errors.Wrap constructs a stack of errors, adding context to the
+// preceding error. Depending on the nature of the error it may be necessary
+// to reverse the operation of errors.Wrap to retrieve the original error
+// for inspection. Any error value which implements this interface
+//
+//     type causer interface {
+//             Cause() error
+//     }
+//
+// can be inspected by errors.Cause. errors.Cause will recursively retrieve
+// the topmost error that does not implement causer, which is assumed to be
+// the original cause. For example:
+//
+//     switch err := errors.Cause(err).(type) {
+//     case *MyError:
+//             // handle specifically
+//     default:
+//             // unknown error
+//     }
+//
+// Although the causer interface is not exported by this package, it is
+// considered a part of its stable public interface.
+//
+// Formatted printing of errors
+//
+// All error values returned from this package implement fmt.Formatter and can
+// be formatted by the fmt package. The following verbs are supported:
+//
+//     %s    print the error. If the error has a Cause it will be
+//           printed recursively.
+//     %v    see %s
+//     %+v   extended format. Each Frame of the error's StackTrace will
+//           be printed in detail.
+//
+// Retrieving the stack trace of an error or wrapper
+//
+// New, Errorf, Wrap, and Wrapf record a stack trace at the point they are
+// invoked. This information can be retrieved with the following interface:
+//
+//     type stackTracer interface {
+//             StackTrace() errors.StackTrace
+//     }
+//
+// The returned errors.StackTrace type is defined as
+//
+//     type StackTrace []Frame
+//
+// The Frame type represents a call site in the stack trace. Frame supports
+// the fmt.Formatter interface that can be used for printing information about
+// the stack trace of this error. For example:
+//
+//     if err, ok := err.(stackTracer); ok {
+//             for _, f := range err.StackTrace() {
+//                     fmt.Printf("%+s:%d\n", f, f)
+//             }
+//     }
+//
+// Although the stackTracer interface is not exported by this package, it is
+// considered a part of its stable public interface.
+//
+// See the documentation for Frame.Format for more details.
+package errors
+
+import (
+	"fmt"
+	"io"
+)
+
+// New returns an error with the supplied message.
+// New also records the stack trace at the point it was called.
+func New(message string) error {
+	return &fundamental{
+		msg:   message,
+		stack: callers(),
+	}
+}
+
+// Errorf formats according to a format specifier and returns the string
+// as a value that satisfies error.
+// Errorf also records the stack trace at the point it was called.
+func Errorf(format string, args ...interface{}) error {
+	return &fundamental{
+		msg:   fmt.Sprintf(format, args...),
+		stack: callers(),
+	}
+}
+
+// fundamental is an error that has a message and a stack, but no caller.
+type fundamental struct {
+	msg string
+	*stack
+}
+
+func (f *fundamental) Error() string { return f.msg }
+
+func (f *fundamental) Format(s fmt.State, verb rune) {
+	switch verb {
+	case 'v':
+		if s.Flag('+') {
+			io.WriteString(s, f.msg)
+			f.stack.Format(s, verb)
+			return
+		}
+		fallthrough
+	case 's':
+		io.WriteString(s, f.msg)
+	case 'q':
+		fmt.Fprintf(s, "%q", f.msg)
+	}
+}
+
+// WithStack annotates err with a stack trace at the point WithStack was called.
+// If err is nil, WithStack returns nil.
+func WithStack(err error) error {
+	if err == nil {
+		return nil
+	}
+	return &withStack{
+		err,
+		callers(),
+	}
+}
+
+type withStack struct {
+	error
+	*stack
+}
+
+func (w *withStack) Cause() error { return w.error }
+
+// Unwrap provides compatibility for Go 1.13 error chains.
+func (w *withStack) Unwrap() error { return w.error }
+
+func (w *withStack) Format(s fmt.State, verb rune) {
+	switch verb {
+	case 'v':
+		if s.Flag('+') {
+			fmt.Fprintf(s, "%+v", w.Cause())
+			w.stack.Format(s, verb)
+			return
+		}
+		fallthrough
+	case 's':
+		io.WriteString(s, w.Error())
+	case 'q':
+		fmt.Fprintf(s, "%q", w.Error())
+	}
+}
+
+// Wrap returns an error annotating err with a stack trace
+// at the point Wrap is called, and the supplied message.
+// If err is nil, Wrap returns nil.
+func Wrap(err error, message string) error {
+	if err == nil {
+		return nil
+	}
+	err = &withMessage{
+		cause: err,
+		msg:   message,
+	}
+	return &withStack{
+		err,
+		callers(),
+	}
+}
+
+// Wrapf returns an error annotating err with a stack trace
+// at the point Wrapf is called, and the format specifier.
+// If err is nil, Wrapf returns nil.
+func Wrapf(err error, format string, args ...interface{}) error {
+	if err == nil {
+		return nil
+	}
+	err = &withMessage{
+		cause: err,
+		msg:   fmt.Sprintf(format, args...),
+	}
+	return &withStack{
+		err,
+		callers(),
+	}
+}
+
+// WithMessage annotates err with a new message.
+// If err is nil, WithMessage returns nil.
+func WithMessage(err error, message string) error {
+	if err == nil {
+		return nil
+	}
+	return &withMessage{
+		cause: err,
+		msg:   message,
+	}
+}
+
+// WithMessagef annotates err with the format specifier.
+// If err is nil, WithMessagef returns nil.
+func WithMessagef(err error, format string, args ...interface{}) error {
+	if err == nil {
+		return nil
+	}
+	return &withMessage{
+		cause: err,
+		msg:   fmt.Sprintf(format, args...),
+	}
+}
+
+type withMessage struct {
+	cause error
+	msg   string
+}
+
+func (w *withMessage) Error() string { return w.msg + ": " + w.cause.Error() }
+func (w *withMessage) Cause() error  { return w.cause }
+
+// Unwrap provides compatibility for Go 1.13 error chains.
+func (w *withMessage) Unwrap() error { return w.cause }
+
+func (w *withMessage) Format(s fmt.State, verb rune) {
+	switch verb {
+	case 'v':
+		if s.Flag('+') {
+			fmt.Fprintf(s, "%+v\n", w.Cause())
+			io.WriteString(s, w.msg)
+			return
+		}
+		fallthrough
+	case 's', 'q':
+		io.WriteString(s, w.Error())
+	}
+}
+
+// Cause returns the underlying cause of the error, if possible.
+// An error value has a cause if it implements the following
+// interface:
+//
+//     type causer interface {
+//            Cause() error
+//     }
+//
+// If the error does not implement Cause, the original error will
+// be returned. If the error is nil, nil will be returned without further
+// investigation.
+func Cause(err error) error {
+	type causer interface {
+		Cause() error
+	}
+
+	for err != nil {
+		cause, ok := err.(causer)
+		if !ok {
+			break
+		}
+		err = cause.Cause()
+	}
+	return err
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pkg/errors/go113.go b/trunk/3rdparty/srs-bench/vendor/github.com/pkg/errors/go113.go
new file mode 100644
index 000000000..be0d10d0c
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pkg/errors/go113.go
@@ -0,0 +1,38 @@
+// +build go1.13
+
+package errors
+
+import (
+	stderrors "errors"
+)
+
+// Is reports whether any error in err's chain matches target.
+//
+// The chain consists of err itself followed by the sequence of errors obtained by
+// repeatedly calling Unwrap.
+//
+// An error is considered to match a target if it is equal to that target or if
+// it implements a method Is(error) bool such that Is(target) returns true.
+func Is(err, target error) bool { return stderrors.Is(err, target) }
+
+// As finds the first error in err's chain that matches target, and if so, sets
+// target to that error value and returns true.
+//
+// The chain consists of err itself followed by the sequence of errors obtained by
+// repeatedly calling Unwrap.
+//
+// An error matches target if the error's concrete value is assignable to the value
+// pointed to by target, or if the error has a method As(interface{}) bool such that
+// As(target) returns true. In the latter case, the As method is responsible for
+// setting target.
+//
+// As will panic if target is not a non-nil pointer to either a type that implements
+// error, or to any interface type. As returns false if err is nil.
+func As(err error, target interface{}) bool { return stderrors.As(err, target) }
+
+// Unwrap returns the result of calling the Unwrap method on err, if err's
+// type contains an Unwrap method returning error.
+// Otherwise, Unwrap returns nil.
+func Unwrap(err error) error {
+	return stderrors.Unwrap(err)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/github.com/pkg/errors/stack.go b/trunk/3rdparty/srs-bench/vendor/github.com/pkg/errors/stack.go
new file mode 100644
index 000000000..779a8348f
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/github.com/pkg/errors/stack.go
@@ -0,0 +1,177 @@
+package errors
+
+import (
+	"fmt"
+	"io"
+	"path"
+	"runtime"
+	"strconv"
+	"strings"
+)
+
+// Frame represents a program counter inside a stack frame.
+// For historical reasons if Frame is interpreted as a uintptr
+// its value represents the program counter + 1.
+type Frame uintptr
+
+// pc returns the program counter for this frame;
+// multiple frames may have the same PC value.
+func (f Frame) pc() uintptr { return uintptr(f) - 1 }
+
+// file returns the full path to the file that contains the
+// function for this Frame's pc.
+func (f Frame) file() string {
+	fn := runtime.FuncForPC(f.pc())
+	if fn == nil {
+		return "unknown"
+	}
+	file, _ := fn.FileLine(f.pc())
+	return file
+}
+
+// line returns the line number of source code of the
+// function for this Frame's pc.
+func (f Frame) line() int {
+	fn := runtime.FuncForPC(f.pc())
+	if fn == nil {
+		return 0
+	}
+	_, line := fn.FileLine(f.pc())
+	return line
+}
+
+// name returns the name of this function, if known.
+func (f Frame) name() string {
+	fn := runtime.FuncForPC(f.pc())
+	if fn == nil {
+		return "unknown"
+	}
+	return fn.Name()
+}
+
+// Format formats the frame according to the fmt.Formatter interface.
+//
+//    %s    source file
+//    %d    source line
+//    %n    function name
+//    %v    equivalent to %s:%d
+//
+// Format accepts flags that alter the printing of some verbs, as follows:
+//
+//    %+s   function name and path of source file relative to the compile time
+//          GOPATH separated by \n\t (<funcname>\n\t<path>)
+//    %+v   equivalent to %+s:%d
+func (f Frame) Format(s fmt.State, verb rune) {
+	switch verb {
+	case 's':
+		switch {
+		case s.Flag('+'):
+			io.WriteString(s, f.name())
+			io.WriteString(s, "\n\t")
+			io.WriteString(s, f.file())
+		default:
+			io.WriteString(s, path.Base(f.file()))
+		}
+	case 'd':
+		io.WriteString(s, strconv.Itoa(f.line()))
+	case 'n':
+		io.WriteString(s, funcname(f.name()))
+	case 'v':
+		f.Format(s, 's')
+		io.WriteString(s, ":")
+		f.Format(s, 'd')
+	}
+}
+
+// MarshalText formats a stacktrace Frame as a text string. The output is the
+// same as that of fmt.Sprintf("%+v", f), but without newlines or tabs.
+func (f Frame) MarshalText() ([]byte, error) {
+	name := f.name()
+	if name == "unknown" {
+		return []byte(name), nil
+	}
+	return []byte(fmt.Sprintf("%s %s:%d", name, f.file(), f.line())), nil
+}
+
+// StackTrace is stack of Frames from innermost (newest) to outermost (oldest).
+type StackTrace []Frame
+
+// Format formats the stack of Frames according to the fmt.Formatter interface.
+//
+//    %s	lists source files for each Frame in the stack
+//    %v	lists the source file and line number for each Frame in the stack
+//
+// Format accepts flags that alter the printing of some verbs, as follows:
+//
+//    %+v   Prints filename, function, and line number for each Frame in the stack.
+func (st StackTrace) Format(s fmt.State, verb rune) {
+	switch verb {
+	case 'v':
+		switch {
+		case s.Flag('+'):
+			for _, f := range st {
+				io.WriteString(s, "\n")
+				f.Format(s, verb)
+			}
+		case s.Flag('#'):
+			fmt.Fprintf(s, "%#v", []Frame(st))
+		default:
+			st.formatSlice(s, verb)
+		}
+	case 's':
+		st.formatSlice(s, verb)
+	}
+}
+
+// formatSlice will format this StackTrace into the given buffer as a slice of
+// Frame, only valid when called with '%s' or '%v'.
+func (st StackTrace) formatSlice(s fmt.State, verb rune) {
+	io.WriteString(s, "[")
+	for i, f := range st {
+		if i > 0 {
+			io.WriteString(s, " ")
+		}
+		f.Format(s, verb)
+	}
+	io.WriteString(s, "]")
+}
+
+// stack represents a stack of program counters.
+type stack []uintptr
+
+func (s *stack) Format(st fmt.State, verb rune) {
+	switch verb {
+	case 'v':
+		switch {
+		case st.Flag('+'):
+			for _, pc := range *s {
+				f := Frame(pc)
+				fmt.Fprintf(st, "\n%+v", f)
+			}
+		}
+	}
+}
+
+func (s *stack) StackTrace() StackTrace {
+	f := make([]Frame, len(*s))
+	for i := 0; i < len(f); i++ {
+		f[i] = Frame((*s)[i])
+	}
+	return f
+}
+
+func callers() *stack {
+	const depth = 32
+	var pcs [depth]uintptr
+	n := runtime.Callers(3, pcs[:])
+	var st stack = pcs[0:n]
+	return &st
+}
+
+// funcname removes the path prefix component of a function's name reported by func.Name().
+func funcname(name string) string {
+	i := strings.LastIndex(name, "/")
+	name = name[i+1:]
+	i = strings.Index(name, ".")
+	return name[i+1:]
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/crypto/AUTHORS b/trunk/3rdparty/srs-bench/vendor/golang.org/x/crypto/AUTHORS
new file mode 100644
index 000000000..2b00ddba0
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/crypto/AUTHORS
@@ -0,0 +1,3 @@
+# This source code refers to The Go Authors for copyright purposes.
+# The master list of authors is in the main Go distribution,
+# visible at https://tip.golang.org/AUTHORS.
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/crypto/CONTRIBUTORS b/trunk/3rdparty/srs-bench/vendor/golang.org/x/crypto/CONTRIBUTORS
new file mode 100644
index 000000000..1fbd3e976
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/crypto/CONTRIBUTORS
@@ -0,0 +1,3 @@
+# This source code was written by the Go contributors.
+# The master list of contributors is in the main Go distribution,
+# visible at https://tip.golang.org/CONTRIBUTORS.
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/crypto/LICENSE b/trunk/3rdparty/srs-bench/vendor/golang.org/x/crypto/LICENSE
new file mode 100644
index 000000000..6a66aea5e
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/crypto/LICENSE
@@ -0,0 +1,27 @@
+Copyright (c) 2009 The Go Authors. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+   * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/crypto/PATENTS b/trunk/3rdparty/srs-bench/vendor/golang.org/x/crypto/PATENTS
new file mode 100644
index 000000000..733099041
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/crypto/PATENTS
@@ -0,0 +1,22 @@
+Additional IP Rights Grant (Patents)
+
+"This implementation" means the copyrightable works distributed by
+Google as part of the Go project.
+
+Google hereby grants to You a perpetual, worldwide, non-exclusive,
+no-charge, royalty-free, irrevocable (except as stated in this section)
+patent license to make, have made, use, offer to sell, sell, import,
+transfer and otherwise run, modify and propagate the contents of this
+implementation of Go, where such license applies only to those patent
+claims, both currently owned or controlled by Google and acquired in
+the future, licensable by Google that are necessarily infringed by this
+implementation of Go.  This grant does not include claims that would be
+infringed only as a consequence of further modification of this
+implementation.  If you or your agent or exclusive licensee institute or
+order or agree to the institution of patent litigation against any
+entity (including a cross-claim or counterclaim in a lawsuit) alleging
+that this implementation of Go or any code incorporated within this
+implementation of Go constitutes direct or contributory patent
+infringement, or inducement of patent infringement, then any patent
+rights granted to you under this License for this implementation of Go
+shall terminate as of the date such litigation is filed.
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/crypto/cryptobyte/asn1.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/crypto/cryptobyte/asn1.go
new file mode 100644
index 000000000..d3596ee66
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/crypto/cryptobyte/asn1.go
@@ -0,0 +1,752 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cryptobyte
+
+import (
+	encoding_asn1 "encoding/asn1"
+	"fmt"
+	"math/big"
+	"reflect"
+	"time"
+
+	"golang.org/x/crypto/cryptobyte/asn1"
+)
+
+// This file contains ASN.1-related methods for String and Builder.
+
+// Builder
+
+// AddASN1Int64 appends a DER-encoded ASN.1 INTEGER.
+func (b *Builder) AddASN1Int64(v int64) {
+	b.addASN1Signed(asn1.INTEGER, v)
+}
+
+// AddASN1Int64WithTag appends a DER-encoded ASN.1 INTEGER with the
+// given tag.
+func (b *Builder) AddASN1Int64WithTag(v int64, tag asn1.Tag) {
+	b.addASN1Signed(tag, v)
+}
+
+// AddASN1Enum appends a DER-encoded ASN.1 ENUMERATION.
+func (b *Builder) AddASN1Enum(v int64) {
+	b.addASN1Signed(asn1.ENUM, v)
+}
+
+func (b *Builder) addASN1Signed(tag asn1.Tag, v int64) {
+	b.AddASN1(tag, func(c *Builder) {
+		length := 1
+		for i := v; i >= 0x80 || i < -0x80; i >>= 8 {
+			length++
+		}
+
+		for ; length > 0; length-- {
+			i := v >> uint((length-1)*8) & 0xff
+			c.AddUint8(uint8(i))
+		}
+	})
+}
+
+// AddASN1Uint64 appends a DER-encoded ASN.1 INTEGER.
+func (b *Builder) AddASN1Uint64(v uint64) {
+	b.AddASN1(asn1.INTEGER, func(c *Builder) {
+		length := 1
+		for i := v; i >= 0x80; i >>= 8 {
+			length++
+		}
+
+		for ; length > 0; length-- {
+			i := v >> uint((length-1)*8) & 0xff
+			c.AddUint8(uint8(i))
+		}
+	})
+}
+
+// AddASN1BigInt appends a DER-encoded ASN.1 INTEGER.
+func (b *Builder) AddASN1BigInt(n *big.Int) {
+	if b.err != nil {
+		return
+	}
+
+	b.AddASN1(asn1.INTEGER, func(c *Builder) {
+		if n.Sign() < 0 {
+			// A negative number has to be converted to two's-complement form. So we
+			// invert and subtract 1. If the most-significant-bit isn't set then
+			// we'll need to pad the beginning with 0xff in order to keep the number
+			// negative.
+			nMinus1 := new(big.Int).Neg(n)
+			nMinus1.Sub(nMinus1, bigOne)
+			bytes := nMinus1.Bytes()
+			for i := range bytes {
+				bytes[i] ^= 0xff
+			}
+			if len(bytes) == 0 || bytes[0]&0x80 == 0 {
+				c.add(0xff)
+			}
+			c.add(bytes...)
+		} else if n.Sign() == 0 {
+			c.add(0)
+		} else {
+			bytes := n.Bytes()
+			if bytes[0]&0x80 != 0 {
+				c.add(0)
+			}
+			c.add(bytes...)
+		}
+	})
+}
+
+// AddASN1OctetString appends a DER-encoded ASN.1 OCTET STRING.
+func (b *Builder) AddASN1OctetString(bytes []byte) {
+	b.AddASN1(asn1.OCTET_STRING, func(c *Builder) {
+		c.AddBytes(bytes)
+	})
+}
+
+const generalizedTimeFormatStr = "20060102150405Z0700"
+
+// AddASN1GeneralizedTime appends a DER-encoded ASN.1 GENERALIZEDTIME.
+func (b *Builder) AddASN1GeneralizedTime(t time.Time) {
+	if t.Year() < 0 || t.Year() > 9999 {
+		b.err = fmt.Errorf("cryptobyte: cannot represent %v as a GeneralizedTime", t)
+		return
+	}
+	b.AddASN1(asn1.GeneralizedTime, func(c *Builder) {
+		c.AddBytes([]byte(t.Format(generalizedTimeFormatStr)))
+	})
+}
+
+// AddASN1BitString appends a DER-encoded ASN.1 BIT STRING. This does not
+// support BIT STRINGs that are not a whole number of bytes.
+func (b *Builder) AddASN1BitString(data []byte) {
+	b.AddASN1(asn1.BIT_STRING, func(b *Builder) {
+		b.AddUint8(0)
+		b.AddBytes(data)
+	})
+}
+
+func (b *Builder) addBase128Int(n int64) {
+	var length int
+	if n == 0 {
+		length = 1
+	} else {
+		for i := n; i > 0; i >>= 7 {
+			length++
+		}
+	}
+
+	for i := length - 1; i >= 0; i-- {
+		o := byte(n >> uint(i*7))
+		o &= 0x7f
+		if i != 0 {
+			o |= 0x80
+		}
+
+		b.add(o)
+	}
+}
+
+func isValidOID(oid encoding_asn1.ObjectIdentifier) bool {
+	if len(oid) < 2 {
+		return false
+	}
+
+	if oid[0] > 2 || (oid[0] <= 1 && oid[1] >= 40) {
+		return false
+	}
+
+	for _, v := range oid {
+		if v < 0 {
+			return false
+		}
+	}
+
+	return true
+}
+
+func (b *Builder) AddASN1ObjectIdentifier(oid encoding_asn1.ObjectIdentifier) {
+	b.AddASN1(asn1.OBJECT_IDENTIFIER, func(b *Builder) {
+		if !isValidOID(oid) {
+			b.err = fmt.Errorf("cryptobyte: invalid OID: %v", oid)
+			return
+		}
+
+		b.addBase128Int(int64(oid[0])*40 + int64(oid[1]))
+		for _, v := range oid[2:] {
+			b.addBase128Int(int64(v))
+		}
+	})
+}
+
+func (b *Builder) AddASN1Boolean(v bool) {
+	b.AddASN1(asn1.BOOLEAN, func(b *Builder) {
+		if v {
+			b.AddUint8(0xff)
+		} else {
+			b.AddUint8(0)
+		}
+	})
+}
+
+func (b *Builder) AddASN1NULL() {
+	b.add(uint8(asn1.NULL), 0)
+}
+
+// MarshalASN1 calls encoding_asn1.Marshal on its input and appends the result if
+// successful or records an error if one occurred.
+func (b *Builder) MarshalASN1(v interface{}) {
+	// NOTE(martinkr): This is somewhat of a hack to allow propagation of
+	// encoding_asn1.Marshal errors into Builder.err. N.B. if you call MarshalASN1 with a
+	// value embedded into a struct, its tag information is lost.
+	if b.err != nil {
+		return
+	}
+	bytes, err := encoding_asn1.Marshal(v)
+	if err != nil {
+		b.err = err
+		return
+	}
+	b.AddBytes(bytes)
+}
+
+// AddASN1 appends an ASN.1 object. The object is prefixed with the given tag.
+// Tags greater than 30 are not supported and result in an error (i.e.
+// low-tag-number form only). The child builder passed to the
+// BuilderContinuation can be used to build the content of the ASN.1 object.
+func (b *Builder) AddASN1(tag asn1.Tag, f BuilderContinuation) {
+	if b.err != nil {
+		return
+	}
+	// Identifiers with the low five bits set indicate high-tag-number format
+	// (two or more octets), which we don't support.
+	if tag&0x1f == 0x1f {
+		b.err = fmt.Errorf("cryptobyte: high-tag number identifier octects not supported: 0x%x", tag)
+		return
+	}
+	b.AddUint8(uint8(tag))
+	b.addLengthPrefixed(1, true, f)
+}
+
+// String
+
+// ReadASN1Boolean decodes an ASN.1 BOOLEAN and converts it to a boolean
+// representation into out and advances. It reports whether the read
+// was successful.
+func (s *String) ReadASN1Boolean(out *bool) bool {
+	var bytes String
+	if !s.ReadASN1(&bytes, asn1.BOOLEAN) || len(bytes) != 1 {
+		return false
+	}
+
+	switch bytes[0] {
+	case 0:
+		*out = false
+	case 0xff:
+		*out = true
+	default:
+		return false
+	}
+
+	return true
+}
+
+var bigIntType = reflect.TypeOf((*big.Int)(nil)).Elem()
+
+// ReadASN1Integer decodes an ASN.1 INTEGER into out and advances. If out does
+// not point to an integer or to a big.Int, it panics. It reports whether the
+// read was successful.
+func (s *String) ReadASN1Integer(out interface{}) bool {
+	if reflect.TypeOf(out).Kind() != reflect.Ptr {
+		panic("out is not a pointer")
+	}
+	switch reflect.ValueOf(out).Elem().Kind() {
+	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+		var i int64
+		if !s.readASN1Int64(&i) || reflect.ValueOf(out).Elem().OverflowInt(i) {
+			return false
+		}
+		reflect.ValueOf(out).Elem().SetInt(i)
+		return true
+	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64:
+		var u uint64
+		if !s.readASN1Uint64(&u) || reflect.ValueOf(out).Elem().OverflowUint(u) {
+			return false
+		}
+		reflect.ValueOf(out).Elem().SetUint(u)
+		return true
+	case reflect.Struct:
+		if reflect.TypeOf(out).Elem() == bigIntType {
+			return s.readASN1BigInt(out.(*big.Int))
+		}
+	}
+	panic("out does not point to an integer type")
+}
+
+func checkASN1Integer(bytes []byte) bool {
+	if len(bytes) == 0 {
+		// An INTEGER is encoded with at least one octet.
+		return false
+	}
+	if len(bytes) == 1 {
+		return true
+	}
+	if bytes[0] == 0 && bytes[1]&0x80 == 0 || bytes[0] == 0xff && bytes[1]&0x80 == 0x80 {
+		// Value is not minimally encoded.
+		return false
+	}
+	return true
+}
+
+var bigOne = big.NewInt(1)
+
+func (s *String) readASN1BigInt(out *big.Int) bool {
+	var bytes String
+	if !s.ReadASN1(&bytes, asn1.INTEGER) || !checkASN1Integer(bytes) {
+		return false
+	}
+	if bytes[0]&0x80 == 0x80 {
+		// Negative number.
+		neg := make([]byte, len(bytes))
+		for i, b := range bytes {
+			neg[i] = ^b
+		}
+		out.SetBytes(neg)
+		out.Add(out, bigOne)
+		out.Neg(out)
+	} else {
+		out.SetBytes(bytes)
+	}
+	return true
+}
+
+func (s *String) readASN1Int64(out *int64) bool {
+	var bytes String
+	if !s.ReadASN1(&bytes, asn1.INTEGER) || !checkASN1Integer(bytes) || !asn1Signed(out, bytes) {
+		return false
+	}
+	return true
+}
+
+func asn1Signed(out *int64, n []byte) bool {
+	length := len(n)
+	if length > 8 {
+		return false
+	}
+	for i := 0; i < length; i++ {
+		*out <<= 8
+		*out |= int64(n[i])
+	}
+	// Shift up and down in order to sign extend the result.
+	*out <<= 64 - uint8(length)*8
+	*out >>= 64 - uint8(length)*8
+	return true
+}
+
+func (s *String) readASN1Uint64(out *uint64) bool {
+	var bytes String
+	if !s.ReadASN1(&bytes, asn1.INTEGER) || !checkASN1Integer(bytes) || !asn1Unsigned(out, bytes) {
+		return false
+	}
+	return true
+}
+
+func asn1Unsigned(out *uint64, n []byte) bool {
+	length := len(n)
+	if length > 9 || length == 9 && n[0] != 0 {
+		// Too large for uint64.
+		return false
+	}
+	if n[0]&0x80 != 0 {
+		// Negative number.
+		return false
+	}
+	for i := 0; i < length; i++ {
+		*out <<= 8
+		*out |= uint64(n[i])
+	}
+	return true
+}
+
+// ReadASN1Int64WithTag decodes an ASN.1 INTEGER with the given tag into out
+// and advances. It reports whether the read was successful and resulted in a
+// value that can be represented in an int64.
+func (s *String) ReadASN1Int64WithTag(out *int64, tag asn1.Tag) bool {
+	var bytes String
+	return s.ReadASN1(&bytes, tag) && checkASN1Integer(bytes) && asn1Signed(out, bytes)
+}
+
+// ReadASN1Enum decodes an ASN.1 ENUMERATION into out and advances. It reports
+// whether the read was successful.
+func (s *String) ReadASN1Enum(out *int) bool {
+	var bytes String
+	var i int64
+	if !s.ReadASN1(&bytes, asn1.ENUM) || !checkASN1Integer(bytes) || !asn1Signed(&i, bytes) {
+		return false
+	}
+	if int64(int(i)) != i {
+		return false
+	}
+	*out = int(i)
+	return true
+}
+
+func (s *String) readBase128Int(out *int) bool {
+	ret := 0
+	for i := 0; len(*s) > 0; i++ {
+		if i == 4 {
+			return false
+		}
+		ret <<= 7
+		b := s.read(1)[0]
+		ret |= int(b & 0x7f)
+		if b&0x80 == 0 {
+			*out = ret
+			return true
+		}
+	}
+	return false // truncated
+}
+
+// ReadASN1ObjectIdentifier decodes an ASN.1 OBJECT IDENTIFIER into out and
+// advances. It reports whether the read was successful.
+func (s *String) ReadASN1ObjectIdentifier(out *encoding_asn1.ObjectIdentifier) bool {
+	var bytes String
+	if !s.ReadASN1(&bytes, asn1.OBJECT_IDENTIFIER) || len(bytes) == 0 {
+		return false
+	}
+
+	// In the worst case, we get two elements from the first byte (which is
+	// encoded differently) and then every varint is a single byte long.
+	components := make([]int, len(bytes)+1)
+
+	// The first varint is 40*value1 + value2:
+	// According to this packing, value1 can take the values 0, 1 and 2 only.
+	// When value1 = 0 or value1 = 1, then value2 is <= 39. When value1 = 2,
+	// then there are no restrictions on value2.
+	var v int
+	if !bytes.readBase128Int(&v) {
+		return false
+	}
+	if v < 80 {
+		components[0] = v / 40
+		components[1] = v % 40
+	} else {
+		components[0] = 2
+		components[1] = v - 80
+	}
+
+	i := 2
+	for ; len(bytes) > 0; i++ {
+		if !bytes.readBase128Int(&v) {
+			return false
+		}
+		components[i] = v
+	}
+	*out = components[:i]
+	return true
+}
+
+// ReadASN1GeneralizedTime decodes an ASN.1 GENERALIZEDTIME into out and
+// advances. It reports whether the read was successful.
+func (s *String) ReadASN1GeneralizedTime(out *time.Time) bool {
+	var bytes String
+	if !s.ReadASN1(&bytes, asn1.GeneralizedTime) {
+		return false
+	}
+	t := string(bytes)
+	res, err := time.Parse(generalizedTimeFormatStr, t)
+	if err != nil {
+		return false
+	}
+	if serialized := res.Format(generalizedTimeFormatStr); serialized != t {
+		return false
+	}
+	*out = res
+	return true
+}
+
+// ReadASN1BitString decodes an ASN.1 BIT STRING into out and advances.
+// It reports whether the read was successful.
+func (s *String) ReadASN1BitString(out *encoding_asn1.BitString) bool {
+	var bytes String
+	if !s.ReadASN1(&bytes, asn1.BIT_STRING) || len(bytes) == 0 ||
+		len(bytes)*8/8 != len(bytes) {
+		return false
+	}
+
+	paddingBits := uint8(bytes[0])
+	bytes = bytes[1:]
+	if paddingBits > 7 ||
+		len(bytes) == 0 && paddingBits != 0 ||
+		len(bytes) > 0 && bytes[len(bytes)-1]&(1<<paddingBits-1) != 0 {
+		return false
+	}
+
+	out.BitLength = len(bytes)*8 - int(paddingBits)
+	out.Bytes = bytes
+	return true
+}
+
+// ReadASN1BitString decodes an ASN.1 BIT STRING into out and advances. It is
+// an error if the BIT STRING is not a whole number of bytes. It reports
+// whether the read was successful.
+func (s *String) ReadASN1BitStringAsBytes(out *[]byte) bool {
+	var bytes String
+	if !s.ReadASN1(&bytes, asn1.BIT_STRING) || len(bytes) == 0 {
+		return false
+	}
+
+	paddingBits := uint8(bytes[0])
+	if paddingBits != 0 {
+		return false
+	}
+	*out = bytes[1:]
+	return true
+}
+
+// ReadASN1Bytes reads the contents of a DER-encoded ASN.1 element (not including
+// tag and length bytes) into out, and advances. The element must match the
+// given tag. It reports whether the read was successful.
+func (s *String) ReadASN1Bytes(out *[]byte, tag asn1.Tag) bool {
+	return s.ReadASN1((*String)(out), tag)
+}
+
+// ReadASN1 reads the contents of a DER-encoded ASN.1 element (not including
+// tag and length bytes) into out, and advances. The element must match the
+// given tag. It reports whether the read was successful.
+//
+// Tags greater than 30 are not supported (i.e. low-tag-number format only).
+func (s *String) ReadASN1(out *String, tag asn1.Tag) bool {
+	var t asn1.Tag
+	if !s.ReadAnyASN1(out, &t) || t != tag {
+		return false
+	}
+	return true
+}
+
+// ReadASN1Element reads the contents of a DER-encoded ASN.1 element (including
+// tag and length bytes) into out, and advances. The element must match the
+// given tag. It reports whether the read was successful.
+//
+// Tags greater than 30 are not supported (i.e. low-tag-number format only).
+func (s *String) ReadASN1Element(out *String, tag asn1.Tag) bool {
+	var t asn1.Tag
+	if !s.ReadAnyASN1Element(out, &t) || t != tag {
+		return false
+	}
+	return true
+}
+
+// ReadAnyASN1 reads the contents of a DER-encoded ASN.1 element (not including
+// tag and length bytes) into out, sets outTag to its tag, and advances.
+// It reports whether the read was successful.
+//
+// Tags greater than 30 are not supported (i.e. low-tag-number format only).
+func (s *String) ReadAnyASN1(out *String, outTag *asn1.Tag) bool {
+	return s.readASN1(out, outTag, true /* skip header */)
+}
+
+// ReadAnyASN1Element reads the contents of a DER-encoded ASN.1 element
+// (including tag and length bytes) into out, sets outTag to is tag, and
+// advances. It reports whether the read was successful.
+//
+// Tags greater than 30 are not supported (i.e. low-tag-number format only).
+func (s *String) ReadAnyASN1Element(out *String, outTag *asn1.Tag) bool {
+	return s.readASN1(out, outTag, false /* include header */)
+}
+
+// PeekASN1Tag reports whether the next ASN.1 value on the string starts with
+// the given tag.
+func (s String) PeekASN1Tag(tag asn1.Tag) bool {
+	if len(s) == 0 {
+		return false
+	}
+	return asn1.Tag(s[0]) == tag
+}
+
+// SkipASN1 reads and discards an ASN.1 element with the given tag. It
+// reports whether the operation was successful.
+func (s *String) SkipASN1(tag asn1.Tag) bool {
+	var unused String
+	return s.ReadASN1(&unused, tag)
+}
+
+// ReadOptionalASN1 attempts to read the contents of a DER-encoded ASN.1
+// element (not including tag and length bytes) tagged with the given tag into
+// out. It stores whether an element with the tag was found in outPresent,
+// unless outPresent is nil. It reports whether the read was successful.
+func (s *String) ReadOptionalASN1(out *String, outPresent *bool, tag asn1.Tag) bool {
+	present := s.PeekASN1Tag(tag)
+	if outPresent != nil {
+		*outPresent = present
+	}
+	if present && !s.ReadASN1(out, tag) {
+		return false
+	}
+	return true
+}
+
+// SkipOptionalASN1 advances s over an ASN.1 element with the given tag, or
+// else leaves s unchanged. It reports whether the operation was successful.
+func (s *String) SkipOptionalASN1(tag asn1.Tag) bool {
+	if !s.PeekASN1Tag(tag) {
+		return true
+	}
+	var unused String
+	return s.ReadASN1(&unused, tag)
+}
+
+// ReadOptionalASN1Integer attempts to read an optional ASN.1 INTEGER
+// explicitly tagged with tag into out and advances. If no element with a
+// matching tag is present, it writes defaultValue into out instead. If out
+// does not point to an integer or to a big.Int, it panics. It reports
+// whether the read was successful.
+func (s *String) ReadOptionalASN1Integer(out interface{}, tag asn1.Tag, defaultValue interface{}) bool {
+	if reflect.TypeOf(out).Kind() != reflect.Ptr {
+		panic("out is not a pointer")
+	}
+	var present bool
+	var i String
+	if !s.ReadOptionalASN1(&i, &present, tag) {
+		return false
+	}
+	if !present {
+		switch reflect.ValueOf(out).Elem().Kind() {
+		case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64,
+			reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64:
+			reflect.ValueOf(out).Elem().Set(reflect.ValueOf(defaultValue))
+		case reflect.Struct:
+			if reflect.TypeOf(out).Elem() != bigIntType {
+				panic("invalid integer type")
+			}
+			if reflect.TypeOf(defaultValue).Kind() != reflect.Ptr ||
+				reflect.TypeOf(defaultValue).Elem() != bigIntType {
+				panic("out points to big.Int, but defaultValue does not")
+			}
+			out.(*big.Int).Set(defaultValue.(*big.Int))
+		default:
+			panic("invalid integer type")
+		}
+		return true
+	}
+	if !i.ReadASN1Integer(out) || !i.Empty() {
+		return false
+	}
+	return true
+}
+
+// ReadOptionalASN1OctetString attempts to read an optional ASN.1 OCTET STRING
+// explicitly tagged with tag into out and advances. If no element with a
+// matching tag is present, it sets "out" to nil instead. It reports
+// whether the read was successful.
+func (s *String) ReadOptionalASN1OctetString(out *[]byte, outPresent *bool, tag asn1.Tag) bool {
+	var present bool
+	var child String
+	if !s.ReadOptionalASN1(&child, &present, tag) {
+		return false
+	}
+	if outPresent != nil {
+		*outPresent = present
+	}
+	if present {
+		var oct String
+		if !child.ReadASN1(&oct, asn1.OCTET_STRING) || !child.Empty() {
+			return false
+		}
+		*out = oct
+	} else {
+		*out = nil
+	}
+	return true
+}
+
+// ReadOptionalASN1Boolean sets *out to the value of the next ASN.1 BOOLEAN or,
+// if the next bytes are not an ASN.1 BOOLEAN, to the value of defaultValue.
+// It reports whether the operation was successful.
+func (s *String) ReadOptionalASN1Boolean(out *bool, defaultValue bool) bool {
+	var present bool
+	var child String
+	if !s.ReadOptionalASN1(&child, &present, asn1.BOOLEAN) {
+		return false
+	}
+
+	if !present {
+		*out = defaultValue
+		return true
+	}
+
+	return s.ReadASN1Boolean(out)
+}
+
+func (s *String) readASN1(out *String, outTag *asn1.Tag, skipHeader bool) bool {
+	if len(*s) < 2 {
+		return false
+	}
+	tag, lenByte := (*s)[0], (*s)[1]
+
+	if tag&0x1f == 0x1f {
+		// ITU-T X.690 section 8.1.2
+		//
+		// An identifier octet with a tag part of 0x1f indicates a high-tag-number
+		// form identifier with two or more octets. We only support tags less than
+		// 31 (i.e. low-tag-number form, single octet identifier).
+		return false
+	}
+
+	if outTag != nil {
+		*outTag = asn1.Tag(tag)
+	}
+
+	// ITU-T X.690 section 8.1.3
+	//
+	// Bit 8 of the first length byte indicates whether the length is short- or
+	// long-form.
+	var length, headerLen uint32 // length includes headerLen
+	if lenByte&0x80 == 0 {
+		// Short-form length (section 8.1.3.4), encoded in bits 1-7.
+		length = uint32(lenByte) + 2
+		headerLen = 2
+	} else {
+		// Long-form length (section 8.1.3.5). Bits 1-7 encode the number of octets
+		// used to encode the length.
+		lenLen := lenByte & 0x7f
+		var len32 uint32
+
+		if lenLen == 0 || lenLen > 4 || len(*s) < int(2+lenLen) {
+			return false
+		}
+
+		lenBytes := String((*s)[2 : 2+lenLen])
+		if !lenBytes.readUnsigned(&len32, int(lenLen)) {
+			return false
+		}
+
+		// ITU-T X.690 section 10.1 (DER length forms) requires encoding the length
+		// with the minimum number of octets.
+		if len32 < 128 {
+			// Length should have used short-form encoding.
+			return false
+		}
+		if len32>>((lenLen-1)*8) == 0 {
+			// Leading octet is 0. Length should have been at least one byte shorter.
+			return false
+		}
+
+		headerLen = 2 + uint32(lenLen)
+		if headerLen+len32 < len32 {
+			// Overflow.
+			return false
+		}
+		length = headerLen + len32
+	}
+
+	if int(length) < 0 || !s.ReadBytes((*[]byte)(out), int(length)) {
+		return false
+	}
+	if skipHeader && !out.Skip(int(headerLen)) {
+		panic("cryptobyte: internal error")
+	}
+
+	return true
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/crypto/cryptobyte/asn1/asn1.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/crypto/cryptobyte/asn1/asn1.go
new file mode 100644
index 000000000..cda8e3edf
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/crypto/cryptobyte/asn1/asn1.go
@@ -0,0 +1,46 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package asn1 contains supporting types for parsing and building ASN.1
+// messages with the cryptobyte package.
+package asn1 // import "golang.org/x/crypto/cryptobyte/asn1"
+
+// Tag represents an ASN.1 identifier octet, consisting of a tag number
+// (indicating a type) and class (such as context-specific or constructed).
+//
+// Methods in the cryptobyte package only support the low-tag-number form, i.e.
+// a single identifier octet with bits 7-8 encoding the class and bits 1-6
+// encoding the tag number.
+type Tag uint8
+
+const (
+	classConstructed     = 0x20
+	classContextSpecific = 0x80
+)
+
+// Constructed returns t with the constructed class bit set.
+func (t Tag) Constructed() Tag { return t | classConstructed }
+
+// ContextSpecific returns t with the context-specific class bit set.
+func (t Tag) ContextSpecific() Tag { return t | classContextSpecific }
+
+// The following is a list of standard tag and class combinations.
+const (
+	BOOLEAN           = Tag(1)
+	INTEGER           = Tag(2)
+	BIT_STRING        = Tag(3)
+	OCTET_STRING      = Tag(4)
+	NULL              = Tag(5)
+	OBJECT_IDENTIFIER = Tag(6)
+	ENUM              = Tag(10)
+	UTF8String        = Tag(12)
+	SEQUENCE          = Tag(16 | classConstructed)
+	SET               = Tag(17 | classConstructed)
+	PrintableString   = Tag(19)
+	T61String         = Tag(20)
+	IA5String         = Tag(22)
+	UTCTime           = Tag(23)
+	GeneralizedTime   = Tag(24)
+	GeneralString     = Tag(27)
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/crypto/cryptobyte/builder.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/crypto/cryptobyte/builder.go
new file mode 100644
index 000000000..ca7b1db5c
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/crypto/cryptobyte/builder.go
@@ -0,0 +1,337 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cryptobyte
+
+import (
+	"errors"
+	"fmt"
+)
+
+// A Builder builds byte strings from fixed-length and length-prefixed values.
+// Builders either allocate space as needed, or are ‘fixed’, which means that
+// they write into a given buffer and produce an error if it's exhausted.
+//
+// The zero value is a usable Builder that allocates space as needed.
+//
+// Simple values are marshaled and appended to a Builder using methods on the
+// Builder. Length-prefixed values are marshaled by providing a
+// BuilderContinuation, which is a function that writes the inner contents of
+// the value to a given Builder. See the documentation for BuilderContinuation
+// for details.
+type Builder struct {
+	err            error
+	result         []byte
+	fixedSize      bool
+	child          *Builder
+	offset         int
+	pendingLenLen  int
+	pendingIsASN1  bool
+	inContinuation *bool
+}
+
+// NewBuilder creates a Builder that appends its output to the given buffer.
+// Like append(), the slice will be reallocated if its capacity is exceeded.
+// Use Bytes to get the final buffer.
+func NewBuilder(buffer []byte) *Builder {
+	return &Builder{
+		result: buffer,
+	}
+}
+
+// NewFixedBuilder creates a Builder that appends its output into the given
+// buffer. This builder does not reallocate the output buffer. Writes that
+// would exceed the buffer's capacity are treated as an error.
+func NewFixedBuilder(buffer []byte) *Builder {
+	return &Builder{
+		result:    buffer,
+		fixedSize: true,
+	}
+}
+
+// SetError sets the value to be returned as the error from Bytes. Writes
+// performed after calling SetError are ignored.
+func (b *Builder) SetError(err error) {
+	b.err = err
+}
+
+// Bytes returns the bytes written by the builder or an error if one has
+// occurred during building.
+func (b *Builder) Bytes() ([]byte, error) {
+	if b.err != nil {
+		return nil, b.err
+	}
+	return b.result[b.offset:], nil
+}
+
+// BytesOrPanic returns the bytes written by the builder or panics if an error
+// has occurred during building.
+func (b *Builder) BytesOrPanic() []byte {
+	if b.err != nil {
+		panic(b.err)
+	}
+	return b.result[b.offset:]
+}
+
+// AddUint8 appends an 8-bit value to the byte string.
+func (b *Builder) AddUint8(v uint8) {
+	b.add(byte(v))
+}
+
+// AddUint16 appends a big-endian, 16-bit value to the byte string.
+func (b *Builder) AddUint16(v uint16) {
+	b.add(byte(v>>8), byte(v))
+}
+
+// AddUint24 appends a big-endian, 24-bit value to the byte string. The highest
+// byte of the 32-bit input value is silently truncated.
+func (b *Builder) AddUint24(v uint32) {
+	b.add(byte(v>>16), byte(v>>8), byte(v))
+}
+
+// AddUint32 appends a big-endian, 32-bit value to the byte string.
+func (b *Builder) AddUint32(v uint32) {
+	b.add(byte(v>>24), byte(v>>16), byte(v>>8), byte(v))
+}
+
+// AddBytes appends a sequence of bytes to the byte string.
+func (b *Builder) AddBytes(v []byte) {
+	b.add(v...)
+}
+
+// BuilderContinuation is a continuation-passing interface for building
+// length-prefixed byte sequences. Builder methods for length-prefixed
+// sequences (AddUint8LengthPrefixed etc) will invoke the BuilderContinuation
+// supplied to them. The child builder passed to the continuation can be used
+// to build the content of the length-prefixed sequence. For example:
+//
+//   parent := cryptobyte.NewBuilder()
+//   parent.AddUint8LengthPrefixed(func (child *Builder) {
+//     child.AddUint8(42)
+//     child.AddUint8LengthPrefixed(func (grandchild *Builder) {
+//       grandchild.AddUint8(5)
+//     })
+//   })
+//
+// It is an error to write more bytes to the child than allowed by the reserved
+// length prefix. After the continuation returns, the child must be considered
+// invalid, i.e. users must not store any copies or references of the child
+// that outlive the continuation.
+//
+// If the continuation panics with a value of type BuildError then the inner
+// error will be returned as the error from Bytes. If the child panics
+// otherwise then Bytes will repanic with the same value.
+type BuilderContinuation func(child *Builder)
+
+// BuildError wraps an error. If a BuilderContinuation panics with this value,
+// the panic will be recovered and the inner error will be returned from
+// Builder.Bytes.
+type BuildError struct {
+	Err error
+}
+
+// AddUint8LengthPrefixed adds a 8-bit length-prefixed byte sequence.
+func (b *Builder) AddUint8LengthPrefixed(f BuilderContinuation) {
+	b.addLengthPrefixed(1, false, f)
+}
+
+// AddUint16LengthPrefixed adds a big-endian, 16-bit length-prefixed byte sequence.
+func (b *Builder) AddUint16LengthPrefixed(f BuilderContinuation) {
+	b.addLengthPrefixed(2, false, f)
+}
+
+// AddUint24LengthPrefixed adds a big-endian, 24-bit length-prefixed byte sequence.
+func (b *Builder) AddUint24LengthPrefixed(f BuilderContinuation) {
+	b.addLengthPrefixed(3, false, f)
+}
+
+// AddUint32LengthPrefixed adds a big-endian, 32-bit length-prefixed byte sequence.
+func (b *Builder) AddUint32LengthPrefixed(f BuilderContinuation) {
+	b.addLengthPrefixed(4, false, f)
+}
+
+func (b *Builder) callContinuation(f BuilderContinuation, arg *Builder) {
+	if !*b.inContinuation {
+		*b.inContinuation = true
+
+		defer func() {
+			*b.inContinuation = false
+
+			r := recover()
+			if r == nil {
+				return
+			}
+
+			if buildError, ok := r.(BuildError); ok {
+				b.err = buildError.Err
+			} else {
+				panic(r)
+			}
+		}()
+	}
+
+	f(arg)
+}
+
+func (b *Builder) addLengthPrefixed(lenLen int, isASN1 bool, f BuilderContinuation) {
+	// Subsequent writes can be ignored if the builder has encountered an error.
+	if b.err != nil {
+		return
+	}
+
+	offset := len(b.result)
+	b.add(make([]byte, lenLen)...)
+
+	if b.inContinuation == nil {
+		b.inContinuation = new(bool)
+	}
+
+	b.child = &Builder{
+		result:         b.result,
+		fixedSize:      b.fixedSize,
+		offset:         offset,
+		pendingLenLen:  lenLen,
+		pendingIsASN1:  isASN1,
+		inContinuation: b.inContinuation,
+	}
+
+	b.callContinuation(f, b.child)
+	b.flushChild()
+	if b.child != nil {
+		panic("cryptobyte: internal error")
+	}
+}
+
+func (b *Builder) flushChild() {
+	if b.child == nil {
+		return
+	}
+	b.child.flushChild()
+	child := b.child
+	b.child = nil
+
+	if child.err != nil {
+		b.err = child.err
+		return
+	}
+
+	length := len(child.result) - child.pendingLenLen - child.offset
+
+	if length < 0 {
+		panic("cryptobyte: internal error") // result unexpectedly shrunk
+	}
+
+	if child.pendingIsASN1 {
+		// For ASN.1, we reserved a single byte for the length. If that turned out
+		// to be incorrect, we have to move the contents along in order to make
+		// space.
+		if child.pendingLenLen != 1 {
+			panic("cryptobyte: internal error")
+		}
+		var lenLen, lenByte uint8
+		if int64(length) > 0xfffffffe {
+			b.err = errors.New("pending ASN.1 child too long")
+			return
+		} else if length > 0xffffff {
+			lenLen = 5
+			lenByte = 0x80 | 4
+		} else if length > 0xffff {
+			lenLen = 4
+			lenByte = 0x80 | 3
+		} else if length > 0xff {
+			lenLen = 3
+			lenByte = 0x80 | 2
+		} else if length > 0x7f {
+			lenLen = 2
+			lenByte = 0x80 | 1
+		} else {
+			lenLen = 1
+			lenByte = uint8(length)
+			length = 0
+		}
+
+		// Insert the initial length byte, make space for successive length bytes,
+		// and adjust the offset.
+		child.result[child.offset] = lenByte
+		extraBytes := int(lenLen - 1)
+		if extraBytes != 0 {
+			child.add(make([]byte, extraBytes)...)
+			childStart := child.offset + child.pendingLenLen
+			copy(child.result[childStart+extraBytes:], child.result[childStart:])
+		}
+		child.offset++
+		child.pendingLenLen = extraBytes
+	}
+
+	l := length
+	for i := child.pendingLenLen - 1; i >= 0; i-- {
+		child.result[child.offset+i] = uint8(l)
+		l >>= 8
+	}
+	if l != 0 {
+		b.err = fmt.Errorf("cryptobyte: pending child length %d exceeds %d-byte length prefix", length, child.pendingLenLen)
+		return
+	}
+
+	if b.fixedSize && &b.result[0] != &child.result[0] {
+		panic("cryptobyte: BuilderContinuation reallocated a fixed-size buffer")
+	}
+
+	b.result = child.result
+}
+
+func (b *Builder) add(bytes ...byte) {
+	if b.err != nil {
+		return
+	}
+	if b.child != nil {
+		panic("cryptobyte: attempted write while child is pending")
+	}
+	if len(b.result)+len(bytes) < len(bytes) {
+		b.err = errors.New("cryptobyte: length overflow")
+	}
+	if b.fixedSize && len(b.result)+len(bytes) > cap(b.result) {
+		b.err = errors.New("cryptobyte: Builder is exceeding its fixed-size buffer")
+		return
+	}
+	b.result = append(b.result, bytes...)
+}
+
+// Unwrite rolls back n bytes written directly to the Builder. An attempt by a
+// child builder passed to a continuation to unwrite bytes from its parent will
+// panic.
+func (b *Builder) Unwrite(n int) {
+	if b.err != nil {
+		return
+	}
+	if b.child != nil {
+		panic("cryptobyte: attempted unwrite while child is pending")
+	}
+	length := len(b.result) - b.pendingLenLen - b.offset
+	if length < 0 {
+		panic("cryptobyte: internal error")
+	}
+	if n > length {
+		panic("cryptobyte: attempted to unwrite more than was written")
+	}
+	b.result = b.result[:len(b.result)-n]
+}
+
+// A MarshalingValue marshals itself into a Builder.
+type MarshalingValue interface {
+	// Marshal is called by Builder.AddValue. It receives a pointer to a builder
+	// to marshal itself into. It may return an error that occurred during
+	// marshaling, such as unset or invalid values.
+	Marshal(b *Builder) error
+}
+
+// AddValue calls Marshal on v, passing a pointer to the builder to append to.
+// If Marshal returns an error, it is set on the Builder so that subsequent
+// appends don't have an effect.
+func (b *Builder) AddValue(v MarshalingValue) {
+	err := v.Marshal(b)
+	if err != nil {
+		b.err = err
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/crypto/cryptobyte/string.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/crypto/cryptobyte/string.go
new file mode 100644
index 000000000..589d297e6
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/crypto/cryptobyte/string.go
@@ -0,0 +1,161 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package cryptobyte contains types that help with parsing and constructing
+// length-prefixed, binary messages, including ASN.1 DER. (The asn1 subpackage
+// contains useful ASN.1 constants.)
+//
+// The String type is for parsing. It wraps a []byte slice and provides helper
+// functions for consuming structures, value by value.
+//
+// The Builder type is for constructing messages. It providers helper functions
+// for appending values and also for appending length-prefixed submessages –
+// without having to worry about calculating the length prefix ahead of time.
+//
+// See the documentation and examples for the Builder and String types to get
+// started.
+package cryptobyte // import "golang.org/x/crypto/cryptobyte"
+
+// String represents a string of bytes. It provides methods for parsing
+// fixed-length and length-prefixed values from it.
+type String []byte
+
+// read advances a String by n bytes and returns them. If less than n bytes
+// remain, it returns nil.
+func (s *String) read(n int) []byte {
+	if len(*s) < n || n < 0 {
+		return nil
+	}
+	v := (*s)[:n]
+	*s = (*s)[n:]
+	return v
+}
+
+// Skip advances the String by n byte and reports whether it was successful.
+func (s *String) Skip(n int) bool {
+	return s.read(n) != nil
+}
+
+// ReadUint8 decodes an 8-bit value into out and advances over it.
+// It reports whether the read was successful.
+func (s *String) ReadUint8(out *uint8) bool {
+	v := s.read(1)
+	if v == nil {
+		return false
+	}
+	*out = uint8(v[0])
+	return true
+}
+
+// ReadUint16 decodes a big-endian, 16-bit value into out and advances over it.
+// It reports whether the read was successful.
+func (s *String) ReadUint16(out *uint16) bool {
+	v := s.read(2)
+	if v == nil {
+		return false
+	}
+	*out = uint16(v[0])<<8 | uint16(v[1])
+	return true
+}
+
+// ReadUint24 decodes a big-endian, 24-bit value into out and advances over it.
+// It reports whether the read was successful.
+func (s *String) ReadUint24(out *uint32) bool {
+	v := s.read(3)
+	if v == nil {
+		return false
+	}
+	*out = uint32(v[0])<<16 | uint32(v[1])<<8 | uint32(v[2])
+	return true
+}
+
+// ReadUint32 decodes a big-endian, 32-bit value into out and advances over it.
+// It reports whether the read was successful.
+func (s *String) ReadUint32(out *uint32) bool {
+	v := s.read(4)
+	if v == nil {
+		return false
+	}
+	*out = uint32(v[0])<<24 | uint32(v[1])<<16 | uint32(v[2])<<8 | uint32(v[3])
+	return true
+}
+
+func (s *String) readUnsigned(out *uint32, length int) bool {
+	v := s.read(length)
+	if v == nil {
+		return false
+	}
+	var result uint32
+	for i := 0; i < length; i++ {
+		result <<= 8
+		result |= uint32(v[i])
+	}
+	*out = result
+	return true
+}
+
+func (s *String) readLengthPrefixed(lenLen int, outChild *String) bool {
+	lenBytes := s.read(lenLen)
+	if lenBytes == nil {
+		return false
+	}
+	var length uint32
+	for _, b := range lenBytes {
+		length = length << 8
+		length = length | uint32(b)
+	}
+	v := s.read(int(length))
+	if v == nil {
+		return false
+	}
+	*outChild = v
+	return true
+}
+
+// ReadUint8LengthPrefixed reads the content of an 8-bit length-prefixed value
+// into out and advances over it. It reports whether the read was successful.
+func (s *String) ReadUint8LengthPrefixed(out *String) bool {
+	return s.readLengthPrefixed(1, out)
+}
+
+// ReadUint16LengthPrefixed reads the content of a big-endian, 16-bit
+// length-prefixed value into out and advances over it. It reports whether the
+// read was successful.
+func (s *String) ReadUint16LengthPrefixed(out *String) bool {
+	return s.readLengthPrefixed(2, out)
+}
+
+// ReadUint24LengthPrefixed reads the content of a big-endian, 24-bit
+// length-prefixed value into out and advances over it. It reports whether
+// the read was successful.
+func (s *String) ReadUint24LengthPrefixed(out *String) bool {
+	return s.readLengthPrefixed(3, out)
+}
+
+// ReadBytes reads n bytes into out and advances over them. It reports
+// whether the read was successful.
+func (s *String) ReadBytes(out *[]byte, n int) bool {
+	v := s.read(n)
+	if v == nil {
+		return false
+	}
+	*out = v
+	return true
+}
+
+// CopyBytes copies len(out) bytes into out and advances over them. It reports
+// whether the copy operation was successful
+func (s *String) CopyBytes(out []byte) bool {
+	n := len(out)
+	v := s.read(n)
+	if v == nil {
+		return false
+	}
+	return copy(out, v) == n
+}
+
+// Empty reports whether the string does not contain any bytes.
+func (s String) Empty() bool {
+	return len(s) == 0
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/crypto/curve25519/curve25519.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/crypto/curve25519/curve25519.go
new file mode 100644
index 000000000..4b9a655d1
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/crypto/curve25519/curve25519.go
@@ -0,0 +1,95 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package curve25519 provides an implementation of the X25519 function, which
+// performs scalar multiplication on the elliptic curve known as Curve25519.
+// See RFC 7748.
+package curve25519 // import "golang.org/x/crypto/curve25519"
+
+import (
+	"crypto/subtle"
+	"fmt"
+)
+
+// ScalarMult sets dst to the product scalar * point.
+//
+// Deprecated: when provided a low-order point, ScalarMult will set dst to all
+// zeroes, irrespective of the scalar. Instead, use the X25519 function, which
+// will return an error.
+func ScalarMult(dst, scalar, point *[32]byte) {
+	scalarMult(dst, scalar, point)
+}
+
+// ScalarBaseMult sets dst to the product scalar * base where base is the
+// standard generator.
+//
+// It is recommended to use the X25519 function with Basepoint instead, as
+// copying into fixed size arrays can lead to unexpected bugs.
+func ScalarBaseMult(dst, scalar *[32]byte) {
+	ScalarMult(dst, scalar, &basePoint)
+}
+
+const (
+	// ScalarSize is the size of the scalar input to X25519.
+	ScalarSize = 32
+	// PointSize is the size of the point input to X25519.
+	PointSize = 32
+)
+
+// Basepoint is the canonical Curve25519 generator.
+var Basepoint []byte
+
+var basePoint = [32]byte{9, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
+
+func init() { Basepoint = basePoint[:] }
+
+func checkBasepoint() {
+	if subtle.ConstantTimeCompare(Basepoint, []byte{
+		0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	}) != 1 {
+		panic("curve25519: global Basepoint value was modified")
+	}
+}
+
+// X25519 returns the result of the scalar multiplication (scalar * point),
+// according to RFC 7748, Section 5. scalar, point and the return value are
+// slices of 32 bytes.
+//
+// scalar can be generated at random, for example with crypto/rand. point should
+// be either Basepoint or the output of another X25519 call.
+//
+// If point is Basepoint (but not if it's a different slice with the same
+// contents) a precomputed implementation might be used for performance.
+func X25519(scalar, point []byte) ([]byte, error) {
+	// Outline the body of function, to let the allocation be inlined in the
+	// caller, and possibly avoid escaping to the heap.
+	var dst [32]byte
+	return x25519(&dst, scalar, point)
+}
+
+func x25519(dst *[32]byte, scalar, point []byte) ([]byte, error) {
+	var in [32]byte
+	if l := len(scalar); l != 32 {
+		return nil, fmt.Errorf("bad scalar length: %d, expected %d", l, 32)
+	}
+	if l := len(point); l != 32 {
+		return nil, fmt.Errorf("bad point length: %d, expected %d", l, 32)
+	}
+	copy(in[:], scalar)
+	if &point[0] == &Basepoint[0] {
+		checkBasepoint()
+		ScalarBaseMult(dst, &in)
+	} else {
+		var base, zero [32]byte
+		copy(base[:], point)
+		ScalarMult(dst, &in, &base)
+		if subtle.ConstantTimeCompare(dst[:], zero[:]) == 1 {
+			return nil, fmt.Errorf("bad input point: low order point")
+		}
+	}
+	return dst[:], nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/crypto/curve25519/curve25519_amd64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/crypto/curve25519/curve25519_amd64.go
new file mode 100644
index 000000000..5120b779b
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/crypto/curve25519/curve25519_amd64.go
@@ -0,0 +1,240 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build amd64,!gccgo,!appengine,!purego
+
+package curve25519
+
+// These functions are implemented in the .s files. The names of the functions
+// in the rest of the file are also taken from the SUPERCOP sources to help
+// people following along.
+
+//go:noescape
+
+func cswap(inout *[5]uint64, v uint64)
+
+//go:noescape
+
+func ladderstep(inout *[5][5]uint64)
+
+//go:noescape
+
+func freeze(inout *[5]uint64)
+
+//go:noescape
+
+func mul(dest, a, b *[5]uint64)
+
+//go:noescape
+
+func square(out, in *[5]uint64)
+
+// mladder uses a Montgomery ladder to calculate (xr/zr) *= s.
+func mladder(xr, zr *[5]uint64, s *[32]byte) {
+	var work [5][5]uint64
+
+	work[0] = *xr
+	setint(&work[1], 1)
+	setint(&work[2], 0)
+	work[3] = *xr
+	setint(&work[4], 1)
+
+	j := uint(6)
+	var prevbit byte
+
+	for i := 31; i >= 0; i-- {
+		for j < 8 {
+			bit := ((*s)[i] >> j) & 1
+			swap := bit ^ prevbit
+			prevbit = bit
+			cswap(&work[1], uint64(swap))
+			ladderstep(&work)
+			j--
+		}
+		j = 7
+	}
+
+	*xr = work[1]
+	*zr = work[2]
+}
+
+func scalarMult(out, in, base *[32]byte) {
+	var e [32]byte
+	copy(e[:], (*in)[:])
+	e[0] &= 248
+	e[31] &= 127
+	e[31] |= 64
+
+	var t, z [5]uint64
+	unpack(&t, base)
+	mladder(&t, &z, &e)
+	invert(&z, &z)
+	mul(&t, &t, &z)
+	pack(out, &t)
+}
+
+func setint(r *[5]uint64, v uint64) {
+	r[0] = v
+	r[1] = 0
+	r[2] = 0
+	r[3] = 0
+	r[4] = 0
+}
+
+// unpack sets r = x where r consists of 5, 51-bit limbs in little-endian
+// order.
+func unpack(r *[5]uint64, x *[32]byte) {
+	r[0] = uint64(x[0]) |
+		uint64(x[1])<<8 |
+		uint64(x[2])<<16 |
+		uint64(x[3])<<24 |
+		uint64(x[4])<<32 |
+		uint64(x[5])<<40 |
+		uint64(x[6]&7)<<48
+
+	r[1] = uint64(x[6])>>3 |
+		uint64(x[7])<<5 |
+		uint64(x[8])<<13 |
+		uint64(x[9])<<21 |
+		uint64(x[10])<<29 |
+		uint64(x[11])<<37 |
+		uint64(x[12]&63)<<45
+
+	r[2] = uint64(x[12])>>6 |
+		uint64(x[13])<<2 |
+		uint64(x[14])<<10 |
+		uint64(x[15])<<18 |
+		uint64(x[16])<<26 |
+		uint64(x[17])<<34 |
+		uint64(x[18])<<42 |
+		uint64(x[19]&1)<<50
+
+	r[3] = uint64(x[19])>>1 |
+		uint64(x[20])<<7 |
+		uint64(x[21])<<15 |
+		uint64(x[22])<<23 |
+		uint64(x[23])<<31 |
+		uint64(x[24])<<39 |
+		uint64(x[25]&15)<<47
+
+	r[4] = uint64(x[25])>>4 |
+		uint64(x[26])<<4 |
+		uint64(x[27])<<12 |
+		uint64(x[28])<<20 |
+		uint64(x[29])<<28 |
+		uint64(x[30])<<36 |
+		uint64(x[31]&127)<<44
+}
+
+// pack sets out = x where out is the usual, little-endian form of the 5,
+// 51-bit limbs in x.
+func pack(out *[32]byte, x *[5]uint64) {
+	t := *x
+	freeze(&t)
+
+	out[0] = byte(t[0])
+	out[1] = byte(t[0] >> 8)
+	out[2] = byte(t[0] >> 16)
+	out[3] = byte(t[0] >> 24)
+	out[4] = byte(t[0] >> 32)
+	out[5] = byte(t[0] >> 40)
+	out[6] = byte(t[0] >> 48)
+
+	out[6] ^= byte(t[1]<<3) & 0xf8
+	out[7] = byte(t[1] >> 5)
+	out[8] = byte(t[1] >> 13)
+	out[9] = byte(t[1] >> 21)
+	out[10] = byte(t[1] >> 29)
+	out[11] = byte(t[1] >> 37)
+	out[12] = byte(t[1] >> 45)
+
+	out[12] ^= byte(t[2]<<6) & 0xc0
+	out[13] = byte(t[2] >> 2)
+	out[14] = byte(t[2] >> 10)
+	out[15] = byte(t[2] >> 18)
+	out[16] = byte(t[2] >> 26)
+	out[17] = byte(t[2] >> 34)
+	out[18] = byte(t[2] >> 42)
+	out[19] = byte(t[2] >> 50)
+
+	out[19] ^= byte(t[3]<<1) & 0xfe
+	out[20] = byte(t[3] >> 7)
+	out[21] = byte(t[3] >> 15)
+	out[22] = byte(t[3] >> 23)
+	out[23] = byte(t[3] >> 31)
+	out[24] = byte(t[3] >> 39)
+	out[25] = byte(t[3] >> 47)
+
+	out[25] ^= byte(t[4]<<4) & 0xf0
+	out[26] = byte(t[4] >> 4)
+	out[27] = byte(t[4] >> 12)
+	out[28] = byte(t[4] >> 20)
+	out[29] = byte(t[4] >> 28)
+	out[30] = byte(t[4] >> 36)
+	out[31] = byte(t[4] >> 44)
+}
+
+// invert calculates r = x^-1 mod p using Fermat's little theorem.
+func invert(r *[5]uint64, x *[5]uint64) {
+	var z2, z9, z11, z2_5_0, z2_10_0, z2_20_0, z2_50_0, z2_100_0, t [5]uint64
+
+	square(&z2, x)        /* 2 */
+	square(&t, &z2)       /* 4 */
+	square(&t, &t)        /* 8 */
+	mul(&z9, &t, x)       /* 9 */
+	mul(&z11, &z9, &z2)   /* 11 */
+	square(&t, &z11)      /* 22 */
+	mul(&z2_5_0, &t, &z9) /* 2^5 - 2^0 = 31 */
+
+	square(&t, &z2_5_0)      /* 2^6 - 2^1 */
+	for i := 1; i < 5; i++ { /* 2^20 - 2^10 */
+		square(&t, &t)
+	}
+	mul(&z2_10_0, &t, &z2_5_0) /* 2^10 - 2^0 */
+
+	square(&t, &z2_10_0)      /* 2^11 - 2^1 */
+	for i := 1; i < 10; i++ { /* 2^20 - 2^10 */
+		square(&t, &t)
+	}
+	mul(&z2_20_0, &t, &z2_10_0) /* 2^20 - 2^0 */
+
+	square(&t, &z2_20_0)      /* 2^21 - 2^1 */
+	for i := 1; i < 20; i++ { /* 2^40 - 2^20 */
+		square(&t, &t)
+	}
+	mul(&t, &t, &z2_20_0) /* 2^40 - 2^0 */
+
+	square(&t, &t)            /* 2^41 - 2^1 */
+	for i := 1; i < 10; i++ { /* 2^50 - 2^10 */
+		square(&t, &t)
+	}
+	mul(&z2_50_0, &t, &z2_10_0) /* 2^50 - 2^0 */
+
+	square(&t, &z2_50_0)      /* 2^51 - 2^1 */
+	for i := 1; i < 50; i++ { /* 2^100 - 2^50 */
+		square(&t, &t)
+	}
+	mul(&z2_100_0, &t, &z2_50_0) /* 2^100 - 2^0 */
+
+	square(&t, &z2_100_0)      /* 2^101 - 2^1 */
+	for i := 1; i < 100; i++ { /* 2^200 - 2^100 */
+		square(&t, &t)
+	}
+	mul(&t, &t, &z2_100_0) /* 2^200 - 2^0 */
+
+	square(&t, &t)            /* 2^201 - 2^1 */
+	for i := 1; i < 50; i++ { /* 2^250 - 2^50 */
+		square(&t, &t)
+	}
+	mul(&t, &t, &z2_50_0) /* 2^250 - 2^0 */
+
+	square(&t, &t) /* 2^251 - 2^1 */
+	square(&t, &t) /* 2^252 - 2^2 */
+	square(&t, &t) /* 2^253 - 2^3 */
+
+	square(&t, &t) /* 2^254 - 2^4 */
+
+	square(&t, &t)   /* 2^255 - 2^5 */
+	mul(r, &t, &z11) /* 2^255 - 21 */
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/crypto/curve25519/curve25519_amd64.s b/trunk/3rdparty/srs-bench/vendor/golang.org/x/crypto/curve25519/curve25519_amd64.s
new file mode 100644
index 000000000..0250c8885
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/crypto/curve25519/curve25519_amd64.s
@@ -0,0 +1,1793 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// This code was translated into a form compatible with 6a from the public
+// domain sources in SUPERCOP: https://bench.cr.yp.to/supercop.html
+
+// +build amd64,!gccgo,!appengine,!purego
+
+#define REDMASK51     0x0007FFFFFFFFFFFF
+
+// These constants cannot be encoded in non-MOVQ immediates.
+// We access them directly from memory instead.
+
+DATA ·_121666_213(SB)/8, $996687872
+GLOBL ·_121666_213(SB), 8, $8
+
+DATA ·_2P0(SB)/8, $0xFFFFFFFFFFFDA
+GLOBL ·_2P0(SB), 8, $8
+
+DATA ·_2P1234(SB)/8, $0xFFFFFFFFFFFFE
+GLOBL ·_2P1234(SB), 8, $8
+
+// func freeze(inout *[5]uint64)
+TEXT ·freeze(SB),7,$0-8
+	MOVQ inout+0(FP), DI
+
+	MOVQ 0(DI),SI
+	MOVQ 8(DI),DX
+	MOVQ 16(DI),CX
+	MOVQ 24(DI),R8
+	MOVQ 32(DI),R9
+	MOVQ $REDMASK51,AX
+	MOVQ AX,R10
+	SUBQ $18,R10
+	MOVQ $3,R11
+REDUCELOOP:
+	MOVQ SI,R12
+	SHRQ $51,R12
+	ANDQ AX,SI
+	ADDQ R12,DX
+	MOVQ DX,R12
+	SHRQ $51,R12
+	ANDQ AX,DX
+	ADDQ R12,CX
+	MOVQ CX,R12
+	SHRQ $51,R12
+	ANDQ AX,CX
+	ADDQ R12,R8
+	MOVQ R8,R12
+	SHRQ $51,R12
+	ANDQ AX,R8
+	ADDQ R12,R9
+	MOVQ R9,R12
+	SHRQ $51,R12
+	ANDQ AX,R9
+	IMUL3Q $19,R12,R12
+	ADDQ R12,SI
+	SUBQ $1,R11
+	JA REDUCELOOP
+	MOVQ $1,R12
+	CMPQ R10,SI
+	CMOVQLT R11,R12
+	CMPQ AX,DX
+	CMOVQNE R11,R12
+	CMPQ AX,CX
+	CMOVQNE R11,R12
+	CMPQ AX,R8
+	CMOVQNE R11,R12
+	CMPQ AX,R9
+	CMOVQNE R11,R12
+	NEGQ R12
+	ANDQ R12,AX
+	ANDQ R12,R10
+	SUBQ R10,SI
+	SUBQ AX,DX
+	SUBQ AX,CX
+	SUBQ AX,R8
+	SUBQ AX,R9
+	MOVQ SI,0(DI)
+	MOVQ DX,8(DI)
+	MOVQ CX,16(DI)
+	MOVQ R8,24(DI)
+	MOVQ R9,32(DI)
+	RET
+
+// func ladderstep(inout *[5][5]uint64)
+TEXT ·ladderstep(SB),0,$296-8
+	MOVQ inout+0(FP),DI
+
+	MOVQ 40(DI),SI
+	MOVQ 48(DI),DX
+	MOVQ 56(DI),CX
+	MOVQ 64(DI),R8
+	MOVQ 72(DI),R9
+	MOVQ SI,AX
+	MOVQ DX,R10
+	MOVQ CX,R11
+	MOVQ R8,R12
+	MOVQ R9,R13
+	ADDQ ·_2P0(SB),AX
+	ADDQ ·_2P1234(SB),R10
+	ADDQ ·_2P1234(SB),R11
+	ADDQ ·_2P1234(SB),R12
+	ADDQ ·_2P1234(SB),R13
+	ADDQ 80(DI),SI
+	ADDQ 88(DI),DX
+	ADDQ 96(DI),CX
+	ADDQ 104(DI),R8
+	ADDQ 112(DI),R9
+	SUBQ 80(DI),AX
+	SUBQ 88(DI),R10
+	SUBQ 96(DI),R11
+	SUBQ 104(DI),R12
+	SUBQ 112(DI),R13
+	MOVQ SI,0(SP)
+	MOVQ DX,8(SP)
+	MOVQ CX,16(SP)
+	MOVQ R8,24(SP)
+	MOVQ R9,32(SP)
+	MOVQ AX,40(SP)
+	MOVQ R10,48(SP)
+	MOVQ R11,56(SP)
+	MOVQ R12,64(SP)
+	MOVQ R13,72(SP)
+	MOVQ 40(SP),AX
+	MULQ 40(SP)
+	MOVQ AX,SI
+	MOVQ DX,CX
+	MOVQ 40(SP),AX
+	SHLQ $1,AX
+	MULQ 48(SP)
+	MOVQ AX,R8
+	MOVQ DX,R9
+	MOVQ 40(SP),AX
+	SHLQ $1,AX
+	MULQ 56(SP)
+	MOVQ AX,R10
+	MOVQ DX,R11
+	MOVQ 40(SP),AX
+	SHLQ $1,AX
+	MULQ 64(SP)
+	MOVQ AX,R12
+	MOVQ DX,R13
+	MOVQ 40(SP),AX
+	SHLQ $1,AX
+	MULQ 72(SP)
+	MOVQ AX,R14
+	MOVQ DX,R15
+	MOVQ 48(SP),AX
+	MULQ 48(SP)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 48(SP),AX
+	SHLQ $1,AX
+	MULQ 56(SP)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ 48(SP),AX
+	SHLQ $1,AX
+	MULQ 64(SP)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 48(SP),DX
+	IMUL3Q $38,DX,AX
+	MULQ 72(SP)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 56(SP),AX
+	MULQ 56(SP)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 56(SP),DX
+	IMUL3Q $38,DX,AX
+	MULQ 64(SP)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 56(SP),DX
+	IMUL3Q $38,DX,AX
+	MULQ 72(SP)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 64(SP),DX
+	IMUL3Q $19,DX,AX
+	MULQ 64(SP)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 64(SP),DX
+	IMUL3Q $38,DX,AX
+	MULQ 72(SP)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 72(SP),DX
+	IMUL3Q $19,DX,AX
+	MULQ 72(SP)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ $REDMASK51,DX
+	SHLQ $13,SI,CX
+	ANDQ DX,SI
+	SHLQ $13,R8,R9
+	ANDQ DX,R8
+	ADDQ CX,R8
+	SHLQ $13,R10,R11
+	ANDQ DX,R10
+	ADDQ R9,R10
+	SHLQ $13,R12,R13
+	ANDQ DX,R12
+	ADDQ R11,R12
+	SHLQ $13,R14,R15
+	ANDQ DX,R14
+	ADDQ R13,R14
+	IMUL3Q $19,R15,CX
+	ADDQ CX,SI
+	MOVQ SI,CX
+	SHRQ $51,CX
+	ADDQ R8,CX
+	ANDQ DX,SI
+	MOVQ CX,R8
+	SHRQ $51,CX
+	ADDQ R10,CX
+	ANDQ DX,R8
+	MOVQ CX,R9
+	SHRQ $51,CX
+	ADDQ R12,CX
+	ANDQ DX,R9
+	MOVQ CX,AX
+	SHRQ $51,CX
+	ADDQ R14,CX
+	ANDQ DX,AX
+	MOVQ CX,R10
+	SHRQ $51,CX
+	IMUL3Q $19,CX,CX
+	ADDQ CX,SI
+	ANDQ DX,R10
+	MOVQ SI,80(SP)
+	MOVQ R8,88(SP)
+	MOVQ R9,96(SP)
+	MOVQ AX,104(SP)
+	MOVQ R10,112(SP)
+	MOVQ 0(SP),AX
+	MULQ 0(SP)
+	MOVQ AX,SI
+	MOVQ DX,CX
+	MOVQ 0(SP),AX
+	SHLQ $1,AX
+	MULQ 8(SP)
+	MOVQ AX,R8
+	MOVQ DX,R9
+	MOVQ 0(SP),AX
+	SHLQ $1,AX
+	MULQ 16(SP)
+	MOVQ AX,R10
+	MOVQ DX,R11
+	MOVQ 0(SP),AX
+	SHLQ $1,AX
+	MULQ 24(SP)
+	MOVQ AX,R12
+	MOVQ DX,R13
+	MOVQ 0(SP),AX
+	SHLQ $1,AX
+	MULQ 32(SP)
+	MOVQ AX,R14
+	MOVQ DX,R15
+	MOVQ 8(SP),AX
+	MULQ 8(SP)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 8(SP),AX
+	SHLQ $1,AX
+	MULQ 16(SP)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ 8(SP),AX
+	SHLQ $1,AX
+	MULQ 24(SP)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 8(SP),DX
+	IMUL3Q $38,DX,AX
+	MULQ 32(SP)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 16(SP),AX
+	MULQ 16(SP)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 16(SP),DX
+	IMUL3Q $38,DX,AX
+	MULQ 24(SP)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 16(SP),DX
+	IMUL3Q $38,DX,AX
+	MULQ 32(SP)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 24(SP),DX
+	IMUL3Q $19,DX,AX
+	MULQ 24(SP)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 24(SP),DX
+	IMUL3Q $38,DX,AX
+	MULQ 32(SP)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 32(SP),DX
+	IMUL3Q $19,DX,AX
+	MULQ 32(SP)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ $REDMASK51,DX
+	SHLQ $13,SI,CX
+	ANDQ DX,SI
+	SHLQ $13,R8,R9
+	ANDQ DX,R8
+	ADDQ CX,R8
+	SHLQ $13,R10,R11
+	ANDQ DX,R10
+	ADDQ R9,R10
+	SHLQ $13,R12,R13
+	ANDQ DX,R12
+	ADDQ R11,R12
+	SHLQ $13,R14,R15
+	ANDQ DX,R14
+	ADDQ R13,R14
+	IMUL3Q $19,R15,CX
+	ADDQ CX,SI
+	MOVQ SI,CX
+	SHRQ $51,CX
+	ADDQ R8,CX
+	ANDQ DX,SI
+	MOVQ CX,R8
+	SHRQ $51,CX
+	ADDQ R10,CX
+	ANDQ DX,R8
+	MOVQ CX,R9
+	SHRQ $51,CX
+	ADDQ R12,CX
+	ANDQ DX,R9
+	MOVQ CX,AX
+	SHRQ $51,CX
+	ADDQ R14,CX
+	ANDQ DX,AX
+	MOVQ CX,R10
+	SHRQ $51,CX
+	IMUL3Q $19,CX,CX
+	ADDQ CX,SI
+	ANDQ DX,R10
+	MOVQ SI,120(SP)
+	MOVQ R8,128(SP)
+	MOVQ R9,136(SP)
+	MOVQ AX,144(SP)
+	MOVQ R10,152(SP)
+	MOVQ SI,SI
+	MOVQ R8,DX
+	MOVQ R9,CX
+	MOVQ AX,R8
+	MOVQ R10,R9
+	ADDQ ·_2P0(SB),SI
+	ADDQ ·_2P1234(SB),DX
+	ADDQ ·_2P1234(SB),CX
+	ADDQ ·_2P1234(SB),R8
+	ADDQ ·_2P1234(SB),R9
+	SUBQ 80(SP),SI
+	SUBQ 88(SP),DX
+	SUBQ 96(SP),CX
+	SUBQ 104(SP),R8
+	SUBQ 112(SP),R9
+	MOVQ SI,160(SP)
+	MOVQ DX,168(SP)
+	MOVQ CX,176(SP)
+	MOVQ R8,184(SP)
+	MOVQ R9,192(SP)
+	MOVQ 120(DI),SI
+	MOVQ 128(DI),DX
+	MOVQ 136(DI),CX
+	MOVQ 144(DI),R8
+	MOVQ 152(DI),R9
+	MOVQ SI,AX
+	MOVQ DX,R10
+	MOVQ CX,R11
+	MOVQ R8,R12
+	MOVQ R9,R13
+	ADDQ ·_2P0(SB),AX
+	ADDQ ·_2P1234(SB),R10
+	ADDQ ·_2P1234(SB),R11
+	ADDQ ·_2P1234(SB),R12
+	ADDQ ·_2P1234(SB),R13
+	ADDQ 160(DI),SI
+	ADDQ 168(DI),DX
+	ADDQ 176(DI),CX
+	ADDQ 184(DI),R8
+	ADDQ 192(DI),R9
+	SUBQ 160(DI),AX
+	SUBQ 168(DI),R10
+	SUBQ 176(DI),R11
+	SUBQ 184(DI),R12
+	SUBQ 192(DI),R13
+	MOVQ SI,200(SP)
+	MOVQ DX,208(SP)
+	MOVQ CX,216(SP)
+	MOVQ R8,224(SP)
+	MOVQ R9,232(SP)
+	MOVQ AX,240(SP)
+	MOVQ R10,248(SP)
+	MOVQ R11,256(SP)
+	MOVQ R12,264(SP)
+	MOVQ R13,272(SP)
+	MOVQ 224(SP),SI
+	IMUL3Q $19,SI,AX
+	MOVQ AX,280(SP)
+	MULQ 56(SP)
+	MOVQ AX,SI
+	MOVQ DX,CX
+	MOVQ 232(SP),DX
+	IMUL3Q $19,DX,AX
+	MOVQ AX,288(SP)
+	MULQ 48(SP)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 200(SP),AX
+	MULQ 40(SP)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 200(SP),AX
+	MULQ 48(SP)
+	MOVQ AX,R8
+	MOVQ DX,R9
+	MOVQ 200(SP),AX
+	MULQ 56(SP)
+	MOVQ AX,R10
+	MOVQ DX,R11
+	MOVQ 200(SP),AX
+	MULQ 64(SP)
+	MOVQ AX,R12
+	MOVQ DX,R13
+	MOVQ 200(SP),AX
+	MULQ 72(SP)
+	MOVQ AX,R14
+	MOVQ DX,R15
+	MOVQ 208(SP),AX
+	MULQ 40(SP)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 208(SP),AX
+	MULQ 48(SP)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 208(SP),AX
+	MULQ 56(SP)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ 208(SP),AX
+	MULQ 64(SP)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 208(SP),DX
+	IMUL3Q $19,DX,AX
+	MULQ 72(SP)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 216(SP),AX
+	MULQ 40(SP)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 216(SP),AX
+	MULQ 48(SP)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ 216(SP),AX
+	MULQ 56(SP)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 216(SP),DX
+	IMUL3Q $19,DX,AX
+	MULQ 64(SP)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 216(SP),DX
+	IMUL3Q $19,DX,AX
+	MULQ 72(SP)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 224(SP),AX
+	MULQ 40(SP)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ 224(SP),AX
+	MULQ 48(SP)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 280(SP),AX
+	MULQ 64(SP)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 280(SP),AX
+	MULQ 72(SP)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 232(SP),AX
+	MULQ 40(SP)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 288(SP),AX
+	MULQ 56(SP)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 288(SP),AX
+	MULQ 64(SP)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 288(SP),AX
+	MULQ 72(SP)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ $REDMASK51,DX
+	SHLQ $13,SI,CX
+	ANDQ DX,SI
+	SHLQ $13,R8,R9
+	ANDQ DX,R8
+	ADDQ CX,R8
+	SHLQ $13,R10,R11
+	ANDQ DX,R10
+	ADDQ R9,R10
+	SHLQ $13,R12,R13
+	ANDQ DX,R12
+	ADDQ R11,R12
+	SHLQ $13,R14,R15
+	ANDQ DX,R14
+	ADDQ R13,R14
+	IMUL3Q $19,R15,CX
+	ADDQ CX,SI
+	MOVQ SI,CX
+	SHRQ $51,CX
+	ADDQ R8,CX
+	MOVQ CX,R8
+	SHRQ $51,CX
+	ANDQ DX,SI
+	ADDQ R10,CX
+	MOVQ CX,R9
+	SHRQ $51,CX
+	ANDQ DX,R8
+	ADDQ R12,CX
+	MOVQ CX,AX
+	SHRQ $51,CX
+	ANDQ DX,R9
+	ADDQ R14,CX
+	MOVQ CX,R10
+	SHRQ $51,CX
+	ANDQ DX,AX
+	IMUL3Q $19,CX,CX
+	ADDQ CX,SI
+	ANDQ DX,R10
+	MOVQ SI,40(SP)
+	MOVQ R8,48(SP)
+	MOVQ R9,56(SP)
+	MOVQ AX,64(SP)
+	MOVQ R10,72(SP)
+	MOVQ 264(SP),SI
+	IMUL3Q $19,SI,AX
+	MOVQ AX,200(SP)
+	MULQ 16(SP)
+	MOVQ AX,SI
+	MOVQ DX,CX
+	MOVQ 272(SP),DX
+	IMUL3Q $19,DX,AX
+	MOVQ AX,208(SP)
+	MULQ 8(SP)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 240(SP),AX
+	MULQ 0(SP)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 240(SP),AX
+	MULQ 8(SP)
+	MOVQ AX,R8
+	MOVQ DX,R9
+	MOVQ 240(SP),AX
+	MULQ 16(SP)
+	MOVQ AX,R10
+	MOVQ DX,R11
+	MOVQ 240(SP),AX
+	MULQ 24(SP)
+	MOVQ AX,R12
+	MOVQ DX,R13
+	MOVQ 240(SP),AX
+	MULQ 32(SP)
+	MOVQ AX,R14
+	MOVQ DX,R15
+	MOVQ 248(SP),AX
+	MULQ 0(SP)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 248(SP),AX
+	MULQ 8(SP)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 248(SP),AX
+	MULQ 16(SP)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ 248(SP),AX
+	MULQ 24(SP)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 248(SP),DX
+	IMUL3Q $19,DX,AX
+	MULQ 32(SP)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 256(SP),AX
+	MULQ 0(SP)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 256(SP),AX
+	MULQ 8(SP)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ 256(SP),AX
+	MULQ 16(SP)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 256(SP),DX
+	IMUL3Q $19,DX,AX
+	MULQ 24(SP)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 256(SP),DX
+	IMUL3Q $19,DX,AX
+	MULQ 32(SP)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 264(SP),AX
+	MULQ 0(SP)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ 264(SP),AX
+	MULQ 8(SP)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 200(SP),AX
+	MULQ 24(SP)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 200(SP),AX
+	MULQ 32(SP)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 272(SP),AX
+	MULQ 0(SP)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 208(SP),AX
+	MULQ 16(SP)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 208(SP),AX
+	MULQ 24(SP)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 208(SP),AX
+	MULQ 32(SP)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ $REDMASK51,DX
+	SHLQ $13,SI,CX
+	ANDQ DX,SI
+	SHLQ $13,R8,R9
+	ANDQ DX,R8
+	ADDQ CX,R8
+	SHLQ $13,R10,R11
+	ANDQ DX,R10
+	ADDQ R9,R10
+	SHLQ $13,R12,R13
+	ANDQ DX,R12
+	ADDQ R11,R12
+	SHLQ $13,R14,R15
+	ANDQ DX,R14
+	ADDQ R13,R14
+	IMUL3Q $19,R15,CX
+	ADDQ CX,SI
+	MOVQ SI,CX
+	SHRQ $51,CX
+	ADDQ R8,CX
+	MOVQ CX,R8
+	SHRQ $51,CX
+	ANDQ DX,SI
+	ADDQ R10,CX
+	MOVQ CX,R9
+	SHRQ $51,CX
+	ANDQ DX,R8
+	ADDQ R12,CX
+	MOVQ CX,AX
+	SHRQ $51,CX
+	ANDQ DX,R9
+	ADDQ R14,CX
+	MOVQ CX,R10
+	SHRQ $51,CX
+	ANDQ DX,AX
+	IMUL3Q $19,CX,CX
+	ADDQ CX,SI
+	ANDQ DX,R10
+	MOVQ SI,DX
+	MOVQ R8,CX
+	MOVQ R9,R11
+	MOVQ AX,R12
+	MOVQ R10,R13
+	ADDQ ·_2P0(SB),DX
+	ADDQ ·_2P1234(SB),CX
+	ADDQ ·_2P1234(SB),R11
+	ADDQ ·_2P1234(SB),R12
+	ADDQ ·_2P1234(SB),R13
+	ADDQ 40(SP),SI
+	ADDQ 48(SP),R8
+	ADDQ 56(SP),R9
+	ADDQ 64(SP),AX
+	ADDQ 72(SP),R10
+	SUBQ 40(SP),DX
+	SUBQ 48(SP),CX
+	SUBQ 56(SP),R11
+	SUBQ 64(SP),R12
+	SUBQ 72(SP),R13
+	MOVQ SI,120(DI)
+	MOVQ R8,128(DI)
+	MOVQ R9,136(DI)
+	MOVQ AX,144(DI)
+	MOVQ R10,152(DI)
+	MOVQ DX,160(DI)
+	MOVQ CX,168(DI)
+	MOVQ R11,176(DI)
+	MOVQ R12,184(DI)
+	MOVQ R13,192(DI)
+	MOVQ 120(DI),AX
+	MULQ 120(DI)
+	MOVQ AX,SI
+	MOVQ DX,CX
+	MOVQ 120(DI),AX
+	SHLQ $1,AX
+	MULQ 128(DI)
+	MOVQ AX,R8
+	MOVQ DX,R9
+	MOVQ 120(DI),AX
+	SHLQ $1,AX
+	MULQ 136(DI)
+	MOVQ AX,R10
+	MOVQ DX,R11
+	MOVQ 120(DI),AX
+	SHLQ $1,AX
+	MULQ 144(DI)
+	MOVQ AX,R12
+	MOVQ DX,R13
+	MOVQ 120(DI),AX
+	SHLQ $1,AX
+	MULQ 152(DI)
+	MOVQ AX,R14
+	MOVQ DX,R15
+	MOVQ 128(DI),AX
+	MULQ 128(DI)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 128(DI),AX
+	SHLQ $1,AX
+	MULQ 136(DI)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ 128(DI),AX
+	SHLQ $1,AX
+	MULQ 144(DI)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 128(DI),DX
+	IMUL3Q $38,DX,AX
+	MULQ 152(DI)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 136(DI),AX
+	MULQ 136(DI)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 136(DI),DX
+	IMUL3Q $38,DX,AX
+	MULQ 144(DI)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 136(DI),DX
+	IMUL3Q $38,DX,AX
+	MULQ 152(DI)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 144(DI),DX
+	IMUL3Q $19,DX,AX
+	MULQ 144(DI)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 144(DI),DX
+	IMUL3Q $38,DX,AX
+	MULQ 152(DI)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 152(DI),DX
+	IMUL3Q $19,DX,AX
+	MULQ 152(DI)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ $REDMASK51,DX
+	SHLQ $13,SI,CX
+	ANDQ DX,SI
+	SHLQ $13,R8,R9
+	ANDQ DX,R8
+	ADDQ CX,R8
+	SHLQ $13,R10,R11
+	ANDQ DX,R10
+	ADDQ R9,R10
+	SHLQ $13,R12,R13
+	ANDQ DX,R12
+	ADDQ R11,R12
+	SHLQ $13,R14,R15
+	ANDQ DX,R14
+	ADDQ R13,R14
+	IMUL3Q $19,R15,CX
+	ADDQ CX,SI
+	MOVQ SI,CX
+	SHRQ $51,CX
+	ADDQ R8,CX
+	ANDQ DX,SI
+	MOVQ CX,R8
+	SHRQ $51,CX
+	ADDQ R10,CX
+	ANDQ DX,R8
+	MOVQ CX,R9
+	SHRQ $51,CX
+	ADDQ R12,CX
+	ANDQ DX,R9
+	MOVQ CX,AX
+	SHRQ $51,CX
+	ADDQ R14,CX
+	ANDQ DX,AX
+	MOVQ CX,R10
+	SHRQ $51,CX
+	IMUL3Q $19,CX,CX
+	ADDQ CX,SI
+	ANDQ DX,R10
+	MOVQ SI,120(DI)
+	MOVQ R8,128(DI)
+	MOVQ R9,136(DI)
+	MOVQ AX,144(DI)
+	MOVQ R10,152(DI)
+	MOVQ 160(DI),AX
+	MULQ 160(DI)
+	MOVQ AX,SI
+	MOVQ DX,CX
+	MOVQ 160(DI),AX
+	SHLQ $1,AX
+	MULQ 168(DI)
+	MOVQ AX,R8
+	MOVQ DX,R9
+	MOVQ 160(DI),AX
+	SHLQ $1,AX
+	MULQ 176(DI)
+	MOVQ AX,R10
+	MOVQ DX,R11
+	MOVQ 160(DI),AX
+	SHLQ $1,AX
+	MULQ 184(DI)
+	MOVQ AX,R12
+	MOVQ DX,R13
+	MOVQ 160(DI),AX
+	SHLQ $1,AX
+	MULQ 192(DI)
+	MOVQ AX,R14
+	MOVQ DX,R15
+	MOVQ 168(DI),AX
+	MULQ 168(DI)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 168(DI),AX
+	SHLQ $1,AX
+	MULQ 176(DI)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ 168(DI),AX
+	SHLQ $1,AX
+	MULQ 184(DI)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 168(DI),DX
+	IMUL3Q $38,DX,AX
+	MULQ 192(DI)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 176(DI),AX
+	MULQ 176(DI)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 176(DI),DX
+	IMUL3Q $38,DX,AX
+	MULQ 184(DI)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 176(DI),DX
+	IMUL3Q $38,DX,AX
+	MULQ 192(DI)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 184(DI),DX
+	IMUL3Q $19,DX,AX
+	MULQ 184(DI)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 184(DI),DX
+	IMUL3Q $38,DX,AX
+	MULQ 192(DI)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 192(DI),DX
+	IMUL3Q $19,DX,AX
+	MULQ 192(DI)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ $REDMASK51,DX
+	SHLQ $13,SI,CX
+	ANDQ DX,SI
+	SHLQ $13,R8,R9
+	ANDQ DX,R8
+	ADDQ CX,R8
+	SHLQ $13,R10,R11
+	ANDQ DX,R10
+	ADDQ R9,R10
+	SHLQ $13,R12,R13
+	ANDQ DX,R12
+	ADDQ R11,R12
+	SHLQ $13,R14,R15
+	ANDQ DX,R14
+	ADDQ R13,R14
+	IMUL3Q $19,R15,CX
+	ADDQ CX,SI
+	MOVQ SI,CX
+	SHRQ $51,CX
+	ADDQ R8,CX
+	ANDQ DX,SI
+	MOVQ CX,R8
+	SHRQ $51,CX
+	ADDQ R10,CX
+	ANDQ DX,R8
+	MOVQ CX,R9
+	SHRQ $51,CX
+	ADDQ R12,CX
+	ANDQ DX,R9
+	MOVQ CX,AX
+	SHRQ $51,CX
+	ADDQ R14,CX
+	ANDQ DX,AX
+	MOVQ CX,R10
+	SHRQ $51,CX
+	IMUL3Q $19,CX,CX
+	ADDQ CX,SI
+	ANDQ DX,R10
+	MOVQ SI,160(DI)
+	MOVQ R8,168(DI)
+	MOVQ R9,176(DI)
+	MOVQ AX,184(DI)
+	MOVQ R10,192(DI)
+	MOVQ 184(DI),SI
+	IMUL3Q $19,SI,AX
+	MOVQ AX,0(SP)
+	MULQ 16(DI)
+	MOVQ AX,SI
+	MOVQ DX,CX
+	MOVQ 192(DI),DX
+	IMUL3Q $19,DX,AX
+	MOVQ AX,8(SP)
+	MULQ 8(DI)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 160(DI),AX
+	MULQ 0(DI)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 160(DI),AX
+	MULQ 8(DI)
+	MOVQ AX,R8
+	MOVQ DX,R9
+	MOVQ 160(DI),AX
+	MULQ 16(DI)
+	MOVQ AX,R10
+	MOVQ DX,R11
+	MOVQ 160(DI),AX
+	MULQ 24(DI)
+	MOVQ AX,R12
+	MOVQ DX,R13
+	MOVQ 160(DI),AX
+	MULQ 32(DI)
+	MOVQ AX,R14
+	MOVQ DX,R15
+	MOVQ 168(DI),AX
+	MULQ 0(DI)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 168(DI),AX
+	MULQ 8(DI)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 168(DI),AX
+	MULQ 16(DI)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ 168(DI),AX
+	MULQ 24(DI)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 168(DI),DX
+	IMUL3Q $19,DX,AX
+	MULQ 32(DI)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 176(DI),AX
+	MULQ 0(DI)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 176(DI),AX
+	MULQ 8(DI)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ 176(DI),AX
+	MULQ 16(DI)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 176(DI),DX
+	IMUL3Q $19,DX,AX
+	MULQ 24(DI)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 176(DI),DX
+	IMUL3Q $19,DX,AX
+	MULQ 32(DI)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 184(DI),AX
+	MULQ 0(DI)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ 184(DI),AX
+	MULQ 8(DI)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 0(SP),AX
+	MULQ 24(DI)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 0(SP),AX
+	MULQ 32(DI)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 192(DI),AX
+	MULQ 0(DI)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 8(SP),AX
+	MULQ 16(DI)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 8(SP),AX
+	MULQ 24(DI)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 8(SP),AX
+	MULQ 32(DI)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ $REDMASK51,DX
+	SHLQ $13,SI,CX
+	ANDQ DX,SI
+	SHLQ $13,R8,R9
+	ANDQ DX,R8
+	ADDQ CX,R8
+	SHLQ $13,R10,R11
+	ANDQ DX,R10
+	ADDQ R9,R10
+	SHLQ $13,R12,R13
+	ANDQ DX,R12
+	ADDQ R11,R12
+	SHLQ $13,R14,R15
+	ANDQ DX,R14
+	ADDQ R13,R14
+	IMUL3Q $19,R15,CX
+	ADDQ CX,SI
+	MOVQ SI,CX
+	SHRQ $51,CX
+	ADDQ R8,CX
+	MOVQ CX,R8
+	SHRQ $51,CX
+	ANDQ DX,SI
+	ADDQ R10,CX
+	MOVQ CX,R9
+	SHRQ $51,CX
+	ANDQ DX,R8
+	ADDQ R12,CX
+	MOVQ CX,AX
+	SHRQ $51,CX
+	ANDQ DX,R9
+	ADDQ R14,CX
+	MOVQ CX,R10
+	SHRQ $51,CX
+	ANDQ DX,AX
+	IMUL3Q $19,CX,CX
+	ADDQ CX,SI
+	ANDQ DX,R10
+	MOVQ SI,160(DI)
+	MOVQ R8,168(DI)
+	MOVQ R9,176(DI)
+	MOVQ AX,184(DI)
+	MOVQ R10,192(DI)
+	MOVQ 144(SP),SI
+	IMUL3Q $19,SI,AX
+	MOVQ AX,0(SP)
+	MULQ 96(SP)
+	MOVQ AX,SI
+	MOVQ DX,CX
+	MOVQ 152(SP),DX
+	IMUL3Q $19,DX,AX
+	MOVQ AX,8(SP)
+	MULQ 88(SP)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 120(SP),AX
+	MULQ 80(SP)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 120(SP),AX
+	MULQ 88(SP)
+	MOVQ AX,R8
+	MOVQ DX,R9
+	MOVQ 120(SP),AX
+	MULQ 96(SP)
+	MOVQ AX,R10
+	MOVQ DX,R11
+	MOVQ 120(SP),AX
+	MULQ 104(SP)
+	MOVQ AX,R12
+	MOVQ DX,R13
+	MOVQ 120(SP),AX
+	MULQ 112(SP)
+	MOVQ AX,R14
+	MOVQ DX,R15
+	MOVQ 128(SP),AX
+	MULQ 80(SP)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 128(SP),AX
+	MULQ 88(SP)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 128(SP),AX
+	MULQ 96(SP)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ 128(SP),AX
+	MULQ 104(SP)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 128(SP),DX
+	IMUL3Q $19,DX,AX
+	MULQ 112(SP)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 136(SP),AX
+	MULQ 80(SP)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 136(SP),AX
+	MULQ 88(SP)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ 136(SP),AX
+	MULQ 96(SP)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 136(SP),DX
+	IMUL3Q $19,DX,AX
+	MULQ 104(SP)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 136(SP),DX
+	IMUL3Q $19,DX,AX
+	MULQ 112(SP)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 144(SP),AX
+	MULQ 80(SP)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ 144(SP),AX
+	MULQ 88(SP)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 0(SP),AX
+	MULQ 104(SP)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 0(SP),AX
+	MULQ 112(SP)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 152(SP),AX
+	MULQ 80(SP)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 8(SP),AX
+	MULQ 96(SP)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 8(SP),AX
+	MULQ 104(SP)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 8(SP),AX
+	MULQ 112(SP)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ $REDMASK51,DX
+	SHLQ $13,SI,CX
+	ANDQ DX,SI
+	SHLQ $13,R8,R9
+	ANDQ DX,R8
+	ADDQ CX,R8
+	SHLQ $13,R10,R11
+	ANDQ DX,R10
+	ADDQ R9,R10
+	SHLQ $13,R12,R13
+	ANDQ DX,R12
+	ADDQ R11,R12
+	SHLQ $13,R14,R15
+	ANDQ DX,R14
+	ADDQ R13,R14
+	IMUL3Q $19,R15,CX
+	ADDQ CX,SI
+	MOVQ SI,CX
+	SHRQ $51,CX
+	ADDQ R8,CX
+	MOVQ CX,R8
+	SHRQ $51,CX
+	ANDQ DX,SI
+	ADDQ R10,CX
+	MOVQ CX,R9
+	SHRQ $51,CX
+	ANDQ DX,R8
+	ADDQ R12,CX
+	MOVQ CX,AX
+	SHRQ $51,CX
+	ANDQ DX,R9
+	ADDQ R14,CX
+	MOVQ CX,R10
+	SHRQ $51,CX
+	ANDQ DX,AX
+	IMUL3Q $19,CX,CX
+	ADDQ CX,SI
+	ANDQ DX,R10
+	MOVQ SI,40(DI)
+	MOVQ R8,48(DI)
+	MOVQ R9,56(DI)
+	MOVQ AX,64(DI)
+	MOVQ R10,72(DI)
+	MOVQ 160(SP),AX
+	MULQ ·_121666_213(SB)
+	SHRQ $13,AX
+	MOVQ AX,SI
+	MOVQ DX,CX
+	MOVQ 168(SP),AX
+	MULQ ·_121666_213(SB)
+	SHRQ $13,AX
+	ADDQ AX,CX
+	MOVQ DX,R8
+	MOVQ 176(SP),AX
+	MULQ ·_121666_213(SB)
+	SHRQ $13,AX
+	ADDQ AX,R8
+	MOVQ DX,R9
+	MOVQ 184(SP),AX
+	MULQ ·_121666_213(SB)
+	SHRQ $13,AX
+	ADDQ AX,R9
+	MOVQ DX,R10
+	MOVQ 192(SP),AX
+	MULQ ·_121666_213(SB)
+	SHRQ $13,AX
+	ADDQ AX,R10
+	IMUL3Q $19,DX,DX
+	ADDQ DX,SI
+	ADDQ 80(SP),SI
+	ADDQ 88(SP),CX
+	ADDQ 96(SP),R8
+	ADDQ 104(SP),R9
+	ADDQ 112(SP),R10
+	MOVQ SI,80(DI)
+	MOVQ CX,88(DI)
+	MOVQ R8,96(DI)
+	MOVQ R9,104(DI)
+	MOVQ R10,112(DI)
+	MOVQ 104(DI),SI
+	IMUL3Q $19,SI,AX
+	MOVQ AX,0(SP)
+	MULQ 176(SP)
+	MOVQ AX,SI
+	MOVQ DX,CX
+	MOVQ 112(DI),DX
+	IMUL3Q $19,DX,AX
+	MOVQ AX,8(SP)
+	MULQ 168(SP)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 80(DI),AX
+	MULQ 160(SP)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 80(DI),AX
+	MULQ 168(SP)
+	MOVQ AX,R8
+	MOVQ DX,R9
+	MOVQ 80(DI),AX
+	MULQ 176(SP)
+	MOVQ AX,R10
+	MOVQ DX,R11
+	MOVQ 80(DI),AX
+	MULQ 184(SP)
+	MOVQ AX,R12
+	MOVQ DX,R13
+	MOVQ 80(DI),AX
+	MULQ 192(SP)
+	MOVQ AX,R14
+	MOVQ DX,R15
+	MOVQ 88(DI),AX
+	MULQ 160(SP)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 88(DI),AX
+	MULQ 168(SP)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 88(DI),AX
+	MULQ 176(SP)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ 88(DI),AX
+	MULQ 184(SP)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 88(DI),DX
+	IMUL3Q $19,DX,AX
+	MULQ 192(SP)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 96(DI),AX
+	MULQ 160(SP)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 96(DI),AX
+	MULQ 168(SP)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ 96(DI),AX
+	MULQ 176(SP)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 96(DI),DX
+	IMUL3Q $19,DX,AX
+	MULQ 184(SP)
+	ADDQ AX,SI
+	ADCQ DX,CX
+	MOVQ 96(DI),DX
+	IMUL3Q $19,DX,AX
+	MULQ 192(SP)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 104(DI),AX
+	MULQ 160(SP)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ 104(DI),AX
+	MULQ 168(SP)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 0(SP),AX
+	MULQ 184(SP)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 0(SP),AX
+	MULQ 192(SP)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 112(DI),AX
+	MULQ 160(SP)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 8(SP),AX
+	MULQ 176(SP)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 8(SP),AX
+	MULQ 184(SP)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 8(SP),AX
+	MULQ 192(SP)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ $REDMASK51,DX
+	SHLQ $13,SI,CX
+	ANDQ DX,SI
+	SHLQ $13,R8,R9
+	ANDQ DX,R8
+	ADDQ CX,R8
+	SHLQ $13,R10,R11
+	ANDQ DX,R10
+	ADDQ R9,R10
+	SHLQ $13,R12,R13
+	ANDQ DX,R12
+	ADDQ R11,R12
+	SHLQ $13,R14,R15
+	ANDQ DX,R14
+	ADDQ R13,R14
+	IMUL3Q $19,R15,CX
+	ADDQ CX,SI
+	MOVQ SI,CX
+	SHRQ $51,CX
+	ADDQ R8,CX
+	MOVQ CX,R8
+	SHRQ $51,CX
+	ANDQ DX,SI
+	ADDQ R10,CX
+	MOVQ CX,R9
+	SHRQ $51,CX
+	ANDQ DX,R8
+	ADDQ R12,CX
+	MOVQ CX,AX
+	SHRQ $51,CX
+	ANDQ DX,R9
+	ADDQ R14,CX
+	MOVQ CX,R10
+	SHRQ $51,CX
+	ANDQ DX,AX
+	IMUL3Q $19,CX,CX
+	ADDQ CX,SI
+	ANDQ DX,R10
+	MOVQ SI,80(DI)
+	MOVQ R8,88(DI)
+	MOVQ R9,96(DI)
+	MOVQ AX,104(DI)
+	MOVQ R10,112(DI)
+	RET
+
+// func cswap(inout *[4][5]uint64, v uint64)
+TEXT ·cswap(SB),7,$0
+	MOVQ inout+0(FP),DI
+	MOVQ v+8(FP),SI
+
+	SUBQ $1, SI
+	NOTQ SI
+	MOVQ SI, X15
+	PSHUFD $0x44, X15, X15
+
+	MOVOU 0(DI), X0
+	MOVOU 16(DI), X2
+	MOVOU 32(DI), X4
+	MOVOU 48(DI), X6
+	MOVOU 64(DI), X8
+	MOVOU 80(DI), X1
+	MOVOU 96(DI), X3
+	MOVOU 112(DI), X5
+	MOVOU 128(DI), X7
+	MOVOU 144(DI), X9
+
+	MOVO X1, X10
+	MOVO X3, X11
+	MOVO X5, X12
+	MOVO X7, X13
+	MOVO X9, X14
+
+	PXOR X0, X10
+	PXOR X2, X11
+	PXOR X4, X12
+	PXOR X6, X13
+	PXOR X8, X14
+	PAND X15, X10
+	PAND X15, X11
+	PAND X15, X12
+	PAND X15, X13
+	PAND X15, X14
+	PXOR X10, X0
+	PXOR X10, X1
+	PXOR X11, X2
+	PXOR X11, X3
+	PXOR X12, X4
+	PXOR X12, X5
+	PXOR X13, X6
+	PXOR X13, X7
+	PXOR X14, X8
+	PXOR X14, X9
+
+	MOVOU X0, 0(DI)
+	MOVOU X2, 16(DI)
+	MOVOU X4, 32(DI)
+	MOVOU X6, 48(DI)
+	MOVOU X8, 64(DI)
+	MOVOU X1, 80(DI)
+	MOVOU X3, 96(DI)
+	MOVOU X5, 112(DI)
+	MOVOU X7, 128(DI)
+	MOVOU X9, 144(DI)
+	RET
+
+// func mul(dest, a, b *[5]uint64)
+TEXT ·mul(SB),0,$16-24
+	MOVQ dest+0(FP), DI
+	MOVQ a+8(FP), SI
+	MOVQ b+16(FP), DX
+
+	MOVQ DX,CX
+	MOVQ 24(SI),DX
+	IMUL3Q $19,DX,AX
+	MOVQ AX,0(SP)
+	MULQ 16(CX)
+	MOVQ AX,R8
+	MOVQ DX,R9
+	MOVQ 32(SI),DX
+	IMUL3Q $19,DX,AX
+	MOVQ AX,8(SP)
+	MULQ 8(CX)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 0(SI),AX
+	MULQ 0(CX)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 0(SI),AX
+	MULQ 8(CX)
+	MOVQ AX,R10
+	MOVQ DX,R11
+	MOVQ 0(SI),AX
+	MULQ 16(CX)
+	MOVQ AX,R12
+	MOVQ DX,R13
+	MOVQ 0(SI),AX
+	MULQ 24(CX)
+	MOVQ AX,R14
+	MOVQ DX,R15
+	MOVQ 0(SI),AX
+	MULQ 32(CX)
+	MOVQ AX,BX
+	MOVQ DX,BP
+	MOVQ 8(SI),AX
+	MULQ 0(CX)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 8(SI),AX
+	MULQ 8(CX)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ 8(SI),AX
+	MULQ 16(CX)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 8(SI),AX
+	MULQ 24(CX)
+	ADDQ AX,BX
+	ADCQ DX,BP
+	MOVQ 8(SI),DX
+	IMUL3Q $19,DX,AX
+	MULQ 32(CX)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 16(SI),AX
+	MULQ 0(CX)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ 16(SI),AX
+	MULQ 8(CX)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 16(SI),AX
+	MULQ 16(CX)
+	ADDQ AX,BX
+	ADCQ DX,BP
+	MOVQ 16(SI),DX
+	IMUL3Q $19,DX,AX
+	MULQ 24(CX)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 16(SI),DX
+	IMUL3Q $19,DX,AX
+	MULQ 32(CX)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 24(SI),AX
+	MULQ 0(CX)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 24(SI),AX
+	MULQ 8(CX)
+	ADDQ AX,BX
+	ADCQ DX,BP
+	MOVQ 0(SP),AX
+	MULQ 24(CX)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 0(SP),AX
+	MULQ 32(CX)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ 32(SI),AX
+	MULQ 0(CX)
+	ADDQ AX,BX
+	ADCQ DX,BP
+	MOVQ 8(SP),AX
+	MULQ 16(CX)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 8(SP),AX
+	MULQ 24(CX)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ 8(SP),AX
+	MULQ 32(CX)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ $REDMASK51,SI
+	SHLQ $13,R8,R9
+	ANDQ SI,R8
+	SHLQ $13,R10,R11
+	ANDQ SI,R10
+	ADDQ R9,R10
+	SHLQ $13,R12,R13
+	ANDQ SI,R12
+	ADDQ R11,R12
+	SHLQ $13,R14,R15
+	ANDQ SI,R14
+	ADDQ R13,R14
+	SHLQ $13,BX,BP
+	ANDQ SI,BX
+	ADDQ R15,BX
+	IMUL3Q $19,BP,DX
+	ADDQ DX,R8
+	MOVQ R8,DX
+	SHRQ $51,DX
+	ADDQ R10,DX
+	MOVQ DX,CX
+	SHRQ $51,DX
+	ANDQ SI,R8
+	ADDQ R12,DX
+	MOVQ DX,R9
+	SHRQ $51,DX
+	ANDQ SI,CX
+	ADDQ R14,DX
+	MOVQ DX,AX
+	SHRQ $51,DX
+	ANDQ SI,R9
+	ADDQ BX,DX
+	MOVQ DX,R10
+	SHRQ $51,DX
+	ANDQ SI,AX
+	IMUL3Q $19,DX,DX
+	ADDQ DX,R8
+	ANDQ SI,R10
+	MOVQ R8,0(DI)
+	MOVQ CX,8(DI)
+	MOVQ R9,16(DI)
+	MOVQ AX,24(DI)
+	MOVQ R10,32(DI)
+	RET
+
+// func square(out, in *[5]uint64)
+TEXT ·square(SB),7,$0-16
+	MOVQ out+0(FP), DI
+	MOVQ in+8(FP), SI
+
+	MOVQ 0(SI),AX
+	MULQ 0(SI)
+	MOVQ AX,CX
+	MOVQ DX,R8
+	MOVQ 0(SI),AX
+	SHLQ $1,AX
+	MULQ 8(SI)
+	MOVQ AX,R9
+	MOVQ DX,R10
+	MOVQ 0(SI),AX
+	SHLQ $1,AX
+	MULQ 16(SI)
+	MOVQ AX,R11
+	MOVQ DX,R12
+	MOVQ 0(SI),AX
+	SHLQ $1,AX
+	MULQ 24(SI)
+	MOVQ AX,R13
+	MOVQ DX,R14
+	MOVQ 0(SI),AX
+	SHLQ $1,AX
+	MULQ 32(SI)
+	MOVQ AX,R15
+	MOVQ DX,BX
+	MOVQ 8(SI),AX
+	MULQ 8(SI)
+	ADDQ AX,R11
+	ADCQ DX,R12
+	MOVQ 8(SI),AX
+	SHLQ $1,AX
+	MULQ 16(SI)
+	ADDQ AX,R13
+	ADCQ DX,R14
+	MOVQ 8(SI),AX
+	SHLQ $1,AX
+	MULQ 24(SI)
+	ADDQ AX,R15
+	ADCQ DX,BX
+	MOVQ 8(SI),DX
+	IMUL3Q $38,DX,AX
+	MULQ 32(SI)
+	ADDQ AX,CX
+	ADCQ DX,R8
+	MOVQ 16(SI),AX
+	MULQ 16(SI)
+	ADDQ AX,R15
+	ADCQ DX,BX
+	MOVQ 16(SI),DX
+	IMUL3Q $38,DX,AX
+	MULQ 24(SI)
+	ADDQ AX,CX
+	ADCQ DX,R8
+	MOVQ 16(SI),DX
+	IMUL3Q $38,DX,AX
+	MULQ 32(SI)
+	ADDQ AX,R9
+	ADCQ DX,R10
+	MOVQ 24(SI),DX
+	IMUL3Q $19,DX,AX
+	MULQ 24(SI)
+	ADDQ AX,R9
+	ADCQ DX,R10
+	MOVQ 24(SI),DX
+	IMUL3Q $38,DX,AX
+	MULQ 32(SI)
+	ADDQ AX,R11
+	ADCQ DX,R12
+	MOVQ 32(SI),DX
+	IMUL3Q $19,DX,AX
+	MULQ 32(SI)
+	ADDQ AX,R13
+	ADCQ DX,R14
+	MOVQ $REDMASK51,SI
+	SHLQ $13,CX,R8
+	ANDQ SI,CX
+	SHLQ $13,R9,R10
+	ANDQ SI,R9
+	ADDQ R8,R9
+	SHLQ $13,R11,R12
+	ANDQ SI,R11
+	ADDQ R10,R11
+	SHLQ $13,R13,R14
+	ANDQ SI,R13
+	ADDQ R12,R13
+	SHLQ $13,R15,BX
+	ANDQ SI,R15
+	ADDQ R14,R15
+	IMUL3Q $19,BX,DX
+	ADDQ DX,CX
+	MOVQ CX,DX
+	SHRQ $51,DX
+	ADDQ R9,DX
+	ANDQ SI,CX
+	MOVQ DX,R8
+	SHRQ $51,DX
+	ADDQ R11,DX
+	ANDQ SI,R8
+	MOVQ DX,R9
+	SHRQ $51,DX
+	ADDQ R13,DX
+	ANDQ SI,R9
+	MOVQ DX,AX
+	SHRQ $51,DX
+	ADDQ R15,DX
+	ANDQ SI,AX
+	MOVQ DX,R10
+	SHRQ $51,DX
+	IMUL3Q $19,DX,DX
+	ADDQ DX,CX
+	ANDQ SI,R10
+	MOVQ CX,0(DI)
+	MOVQ R8,8(DI)
+	MOVQ R9,16(DI)
+	MOVQ AX,24(DI)
+	MOVQ R10,32(DI)
+	RET
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/crypto/curve25519/curve25519_generic.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/crypto/curve25519/curve25519_generic.go
new file mode 100644
index 000000000..c43b13fc8
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/crypto/curve25519/curve25519_generic.go
@@ -0,0 +1,828 @@
+// Copyright 2013 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package curve25519
+
+import "encoding/binary"
+
+// This code is a port of the public domain, "ref10" implementation of
+// curve25519 from SUPERCOP 20130419 by D. J. Bernstein.
+
+// fieldElement represents an element of the field GF(2^255 - 19). An element
+// t, entries t[0]...t[9], represents the integer t[0]+2^26 t[1]+2^51 t[2]+2^77
+// t[3]+2^102 t[4]+...+2^230 t[9]. Bounds on each t[i] vary depending on
+// context.
+type fieldElement [10]int32
+
+func feZero(fe *fieldElement) {
+	for i := range fe {
+		fe[i] = 0
+	}
+}
+
+func feOne(fe *fieldElement) {
+	feZero(fe)
+	fe[0] = 1
+}
+
+func feAdd(dst, a, b *fieldElement) {
+	for i := range dst {
+		dst[i] = a[i] + b[i]
+	}
+}
+
+func feSub(dst, a, b *fieldElement) {
+	for i := range dst {
+		dst[i] = a[i] - b[i]
+	}
+}
+
+func feCopy(dst, src *fieldElement) {
+	for i := range dst {
+		dst[i] = src[i]
+	}
+}
+
+// feCSwap replaces (f,g) with (g,f) if b == 1; replaces (f,g) with (f,g) if b == 0.
+//
+// Preconditions: b in {0,1}.
+func feCSwap(f, g *fieldElement, b int32) {
+	b = -b
+	for i := range f {
+		t := b & (f[i] ^ g[i])
+		f[i] ^= t
+		g[i] ^= t
+	}
+}
+
+// load3 reads a 24-bit, little-endian value from in.
+func load3(in []byte) int64 {
+	var r int64
+	r = int64(in[0])
+	r |= int64(in[1]) << 8
+	r |= int64(in[2]) << 16
+	return r
+}
+
+// load4 reads a 32-bit, little-endian value from in.
+func load4(in []byte) int64 {
+	return int64(binary.LittleEndian.Uint32(in))
+}
+
+func feFromBytes(dst *fieldElement, src *[32]byte) {
+	h0 := load4(src[:])
+	h1 := load3(src[4:]) << 6
+	h2 := load3(src[7:]) << 5
+	h3 := load3(src[10:]) << 3
+	h4 := load3(src[13:]) << 2
+	h5 := load4(src[16:])
+	h6 := load3(src[20:]) << 7
+	h7 := load3(src[23:]) << 5
+	h8 := load3(src[26:]) << 4
+	h9 := (load3(src[29:]) & 0x7fffff) << 2
+
+	var carry [10]int64
+	carry[9] = (h9 + 1<<24) >> 25
+	h0 += carry[9] * 19
+	h9 -= carry[9] << 25
+	carry[1] = (h1 + 1<<24) >> 25
+	h2 += carry[1]
+	h1 -= carry[1] << 25
+	carry[3] = (h3 + 1<<24) >> 25
+	h4 += carry[3]
+	h3 -= carry[3] << 25
+	carry[5] = (h5 + 1<<24) >> 25
+	h6 += carry[5]
+	h5 -= carry[5] << 25
+	carry[7] = (h7 + 1<<24) >> 25
+	h8 += carry[7]
+	h7 -= carry[7] << 25
+
+	carry[0] = (h0 + 1<<25) >> 26
+	h1 += carry[0]
+	h0 -= carry[0] << 26
+	carry[2] = (h2 + 1<<25) >> 26
+	h3 += carry[2]
+	h2 -= carry[2] << 26
+	carry[4] = (h4 + 1<<25) >> 26
+	h5 += carry[4]
+	h4 -= carry[4] << 26
+	carry[6] = (h6 + 1<<25) >> 26
+	h7 += carry[6]
+	h6 -= carry[6] << 26
+	carry[8] = (h8 + 1<<25) >> 26
+	h9 += carry[8]
+	h8 -= carry[8] << 26
+
+	dst[0] = int32(h0)
+	dst[1] = int32(h1)
+	dst[2] = int32(h2)
+	dst[3] = int32(h3)
+	dst[4] = int32(h4)
+	dst[5] = int32(h5)
+	dst[6] = int32(h6)
+	dst[7] = int32(h7)
+	dst[8] = int32(h8)
+	dst[9] = int32(h9)
+}
+
+// feToBytes marshals h to s.
+// Preconditions:
+//   |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+//
+// Write p=2^255-19; q=floor(h/p).
+// Basic claim: q = floor(2^(-255)(h + 19 2^(-25)h9 + 2^(-1))).
+//
+// Proof:
+//   Have |h|<=p so |q|<=1 so |19^2 2^(-255) q|<1/4.
+//   Also have |h-2^230 h9|<2^230 so |19 2^(-255)(h-2^230 h9)|<1/4.
+//
+//   Write y=2^(-1)-19^2 2^(-255)q-19 2^(-255)(h-2^230 h9).
+//   Then 0<y<1.
+//
+//   Write r=h-pq.
+//   Have 0<=r<=p-1=2^255-20.
+//   Thus 0<=r+19(2^-255)r<r+19(2^-255)2^255<=2^255-1.
+//
+//   Write x=r+19(2^-255)r+y.
+//   Then 0<x<2^255 so floor(2^(-255)x) = 0 so floor(q+2^(-255)x) = q.
+//
+//   Have q+2^(-255)x = 2^(-255)(h + 19 2^(-25) h9 + 2^(-1))
+//   so floor(2^(-255)(h + 19 2^(-25) h9 + 2^(-1))) = q.
+func feToBytes(s *[32]byte, h *fieldElement) {
+	var carry [10]int32
+
+	q := (19*h[9] + (1 << 24)) >> 25
+	q = (h[0] + q) >> 26
+	q = (h[1] + q) >> 25
+	q = (h[2] + q) >> 26
+	q = (h[3] + q) >> 25
+	q = (h[4] + q) >> 26
+	q = (h[5] + q) >> 25
+	q = (h[6] + q) >> 26
+	q = (h[7] + q) >> 25
+	q = (h[8] + q) >> 26
+	q = (h[9] + q) >> 25
+
+	// Goal: Output h-(2^255-19)q, which is between 0 and 2^255-20.
+	h[0] += 19 * q
+	// Goal: Output h-2^255 q, which is between 0 and 2^255-20.
+
+	carry[0] = h[0] >> 26
+	h[1] += carry[0]
+	h[0] -= carry[0] << 26
+	carry[1] = h[1] >> 25
+	h[2] += carry[1]
+	h[1] -= carry[1] << 25
+	carry[2] = h[2] >> 26
+	h[3] += carry[2]
+	h[2] -= carry[2] << 26
+	carry[3] = h[3] >> 25
+	h[4] += carry[3]
+	h[3] -= carry[3] << 25
+	carry[4] = h[4] >> 26
+	h[5] += carry[4]
+	h[4] -= carry[4] << 26
+	carry[5] = h[5] >> 25
+	h[6] += carry[5]
+	h[5] -= carry[5] << 25
+	carry[6] = h[6] >> 26
+	h[7] += carry[6]
+	h[6] -= carry[6] << 26
+	carry[7] = h[7] >> 25
+	h[8] += carry[7]
+	h[7] -= carry[7] << 25
+	carry[8] = h[8] >> 26
+	h[9] += carry[8]
+	h[8] -= carry[8] << 26
+	carry[9] = h[9] >> 25
+	h[9] -= carry[9] << 25
+	// h10 = carry9
+
+	// Goal: Output h[0]+...+2^255 h10-2^255 q, which is between 0 and 2^255-20.
+	// Have h[0]+...+2^230 h[9] between 0 and 2^255-1;
+	// evidently 2^255 h10-2^255 q = 0.
+	// Goal: Output h[0]+...+2^230 h[9].
+
+	s[0] = byte(h[0] >> 0)
+	s[1] = byte(h[0] >> 8)
+	s[2] = byte(h[0] >> 16)
+	s[3] = byte((h[0] >> 24) | (h[1] << 2))
+	s[4] = byte(h[1] >> 6)
+	s[5] = byte(h[1] >> 14)
+	s[6] = byte((h[1] >> 22) | (h[2] << 3))
+	s[7] = byte(h[2] >> 5)
+	s[8] = byte(h[2] >> 13)
+	s[9] = byte((h[2] >> 21) | (h[3] << 5))
+	s[10] = byte(h[3] >> 3)
+	s[11] = byte(h[3] >> 11)
+	s[12] = byte((h[3] >> 19) | (h[4] << 6))
+	s[13] = byte(h[4] >> 2)
+	s[14] = byte(h[4] >> 10)
+	s[15] = byte(h[4] >> 18)
+	s[16] = byte(h[5] >> 0)
+	s[17] = byte(h[5] >> 8)
+	s[18] = byte(h[5] >> 16)
+	s[19] = byte((h[5] >> 24) | (h[6] << 1))
+	s[20] = byte(h[6] >> 7)
+	s[21] = byte(h[6] >> 15)
+	s[22] = byte((h[6] >> 23) | (h[7] << 3))
+	s[23] = byte(h[7] >> 5)
+	s[24] = byte(h[7] >> 13)
+	s[25] = byte((h[7] >> 21) | (h[8] << 4))
+	s[26] = byte(h[8] >> 4)
+	s[27] = byte(h[8] >> 12)
+	s[28] = byte((h[8] >> 20) | (h[9] << 6))
+	s[29] = byte(h[9] >> 2)
+	s[30] = byte(h[9] >> 10)
+	s[31] = byte(h[9] >> 18)
+}
+
+// feMul calculates h = f * g
+// Can overlap h with f or g.
+//
+// Preconditions:
+//    |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+//    |g| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+//
+// Postconditions:
+//    |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+//
+// Notes on implementation strategy:
+//
+// Using schoolbook multiplication.
+// Karatsuba would save a little in some cost models.
+//
+// Most multiplications by 2 and 19 are 32-bit precomputations;
+// cheaper than 64-bit postcomputations.
+//
+// There is one remaining multiplication by 19 in the carry chain;
+// one *19 precomputation can be merged into this,
+// but the resulting data flow is considerably less clean.
+//
+// There are 12 carries below.
+// 10 of them are 2-way parallelizable and vectorizable.
+// Can get away with 11 carries, but then data flow is much deeper.
+//
+// With tighter constraints on inputs can squeeze carries into int32.
+func feMul(h, f, g *fieldElement) {
+	f0 := f[0]
+	f1 := f[1]
+	f2 := f[2]
+	f3 := f[3]
+	f4 := f[4]
+	f5 := f[5]
+	f6 := f[6]
+	f7 := f[7]
+	f8 := f[8]
+	f9 := f[9]
+	g0 := g[0]
+	g1 := g[1]
+	g2 := g[2]
+	g3 := g[3]
+	g4 := g[4]
+	g5 := g[5]
+	g6 := g[6]
+	g7 := g[7]
+	g8 := g[8]
+	g9 := g[9]
+	g1_19 := 19 * g1 // 1.4*2^29
+	g2_19 := 19 * g2 // 1.4*2^30; still ok
+	g3_19 := 19 * g3
+	g4_19 := 19 * g4
+	g5_19 := 19 * g5
+	g6_19 := 19 * g6
+	g7_19 := 19 * g7
+	g8_19 := 19 * g8
+	g9_19 := 19 * g9
+	f1_2 := 2 * f1
+	f3_2 := 2 * f3
+	f5_2 := 2 * f5
+	f7_2 := 2 * f7
+	f9_2 := 2 * f9
+	f0g0 := int64(f0) * int64(g0)
+	f0g1 := int64(f0) * int64(g1)
+	f0g2 := int64(f0) * int64(g2)
+	f0g3 := int64(f0) * int64(g3)
+	f0g4 := int64(f0) * int64(g4)
+	f0g5 := int64(f0) * int64(g5)
+	f0g6 := int64(f0) * int64(g6)
+	f0g7 := int64(f0) * int64(g7)
+	f0g8 := int64(f0) * int64(g8)
+	f0g9 := int64(f0) * int64(g9)
+	f1g0 := int64(f1) * int64(g0)
+	f1g1_2 := int64(f1_2) * int64(g1)
+	f1g2 := int64(f1) * int64(g2)
+	f1g3_2 := int64(f1_2) * int64(g3)
+	f1g4 := int64(f1) * int64(g4)
+	f1g5_2 := int64(f1_2) * int64(g5)
+	f1g6 := int64(f1) * int64(g6)
+	f1g7_2 := int64(f1_2) * int64(g7)
+	f1g8 := int64(f1) * int64(g8)
+	f1g9_38 := int64(f1_2) * int64(g9_19)
+	f2g0 := int64(f2) * int64(g0)
+	f2g1 := int64(f2) * int64(g1)
+	f2g2 := int64(f2) * int64(g2)
+	f2g3 := int64(f2) * int64(g3)
+	f2g4 := int64(f2) * int64(g4)
+	f2g5 := int64(f2) * int64(g5)
+	f2g6 := int64(f2) * int64(g6)
+	f2g7 := int64(f2) * int64(g7)
+	f2g8_19 := int64(f2) * int64(g8_19)
+	f2g9_19 := int64(f2) * int64(g9_19)
+	f3g0 := int64(f3) * int64(g0)
+	f3g1_2 := int64(f3_2) * int64(g1)
+	f3g2 := int64(f3) * int64(g2)
+	f3g3_2 := int64(f3_2) * int64(g3)
+	f3g4 := int64(f3) * int64(g4)
+	f3g5_2 := int64(f3_2) * int64(g5)
+	f3g6 := int64(f3) * int64(g6)
+	f3g7_38 := int64(f3_2) * int64(g7_19)
+	f3g8_19 := int64(f3) * int64(g8_19)
+	f3g9_38 := int64(f3_2) * int64(g9_19)
+	f4g0 := int64(f4) * int64(g0)
+	f4g1 := int64(f4) * int64(g1)
+	f4g2 := int64(f4) * int64(g2)
+	f4g3 := int64(f4) * int64(g3)
+	f4g4 := int64(f4) * int64(g4)
+	f4g5 := int64(f4) * int64(g5)
+	f4g6_19 := int64(f4) * int64(g6_19)
+	f4g7_19 := int64(f4) * int64(g7_19)
+	f4g8_19 := int64(f4) * int64(g8_19)
+	f4g9_19 := int64(f4) * int64(g9_19)
+	f5g0 := int64(f5) * int64(g0)
+	f5g1_2 := int64(f5_2) * int64(g1)
+	f5g2 := int64(f5) * int64(g2)
+	f5g3_2 := int64(f5_2) * int64(g3)
+	f5g4 := int64(f5) * int64(g4)
+	f5g5_38 := int64(f5_2) * int64(g5_19)
+	f5g6_19 := int64(f5) * int64(g6_19)
+	f5g7_38 := int64(f5_2) * int64(g7_19)
+	f5g8_19 := int64(f5) * int64(g8_19)
+	f5g9_38 := int64(f5_2) * int64(g9_19)
+	f6g0 := int64(f6) * int64(g0)
+	f6g1 := int64(f6) * int64(g1)
+	f6g2 := int64(f6) * int64(g2)
+	f6g3 := int64(f6) * int64(g3)
+	f6g4_19 := int64(f6) * int64(g4_19)
+	f6g5_19 := int64(f6) * int64(g5_19)
+	f6g6_19 := int64(f6) * int64(g6_19)
+	f6g7_19 := int64(f6) * int64(g7_19)
+	f6g8_19 := int64(f6) * int64(g8_19)
+	f6g9_19 := int64(f6) * int64(g9_19)
+	f7g0 := int64(f7) * int64(g0)
+	f7g1_2 := int64(f7_2) * int64(g1)
+	f7g2 := int64(f7) * int64(g2)
+	f7g3_38 := int64(f7_2) * int64(g3_19)
+	f7g4_19 := int64(f7) * int64(g4_19)
+	f7g5_38 := int64(f7_2) * int64(g5_19)
+	f7g6_19 := int64(f7) * int64(g6_19)
+	f7g7_38 := int64(f7_2) * int64(g7_19)
+	f7g8_19 := int64(f7) * int64(g8_19)
+	f7g9_38 := int64(f7_2) * int64(g9_19)
+	f8g0 := int64(f8) * int64(g0)
+	f8g1 := int64(f8) * int64(g1)
+	f8g2_19 := int64(f8) * int64(g2_19)
+	f8g3_19 := int64(f8) * int64(g3_19)
+	f8g4_19 := int64(f8) * int64(g4_19)
+	f8g5_19 := int64(f8) * int64(g5_19)
+	f8g6_19 := int64(f8) * int64(g6_19)
+	f8g7_19 := int64(f8) * int64(g7_19)
+	f8g8_19 := int64(f8) * int64(g8_19)
+	f8g9_19 := int64(f8) * int64(g9_19)
+	f9g0 := int64(f9) * int64(g0)
+	f9g1_38 := int64(f9_2) * int64(g1_19)
+	f9g2_19 := int64(f9) * int64(g2_19)
+	f9g3_38 := int64(f9_2) * int64(g3_19)
+	f9g4_19 := int64(f9) * int64(g4_19)
+	f9g5_38 := int64(f9_2) * int64(g5_19)
+	f9g6_19 := int64(f9) * int64(g6_19)
+	f9g7_38 := int64(f9_2) * int64(g7_19)
+	f9g8_19 := int64(f9) * int64(g8_19)
+	f9g9_38 := int64(f9_2) * int64(g9_19)
+	h0 := f0g0 + f1g9_38 + f2g8_19 + f3g7_38 + f4g6_19 + f5g5_38 + f6g4_19 + f7g3_38 + f8g2_19 + f9g1_38
+	h1 := f0g1 + f1g0 + f2g9_19 + f3g8_19 + f4g7_19 + f5g6_19 + f6g5_19 + f7g4_19 + f8g3_19 + f9g2_19
+	h2 := f0g2 + f1g1_2 + f2g0 + f3g9_38 + f4g8_19 + f5g7_38 + f6g6_19 + f7g5_38 + f8g4_19 + f9g3_38
+	h3 := f0g3 + f1g2 + f2g1 + f3g0 + f4g9_19 + f5g8_19 + f6g7_19 + f7g6_19 + f8g5_19 + f9g4_19
+	h4 := f0g4 + f1g3_2 + f2g2 + f3g1_2 + f4g0 + f5g9_38 + f6g8_19 + f7g7_38 + f8g6_19 + f9g5_38
+	h5 := f0g5 + f1g4 + f2g3 + f3g2 + f4g1 + f5g0 + f6g9_19 + f7g8_19 + f8g7_19 + f9g6_19
+	h6 := f0g6 + f1g5_2 + f2g4 + f3g3_2 + f4g2 + f5g1_2 + f6g0 + f7g9_38 + f8g8_19 + f9g7_38
+	h7 := f0g7 + f1g6 + f2g5 + f3g4 + f4g3 + f5g2 + f6g1 + f7g0 + f8g9_19 + f9g8_19
+	h8 := f0g8 + f1g7_2 + f2g6 + f3g5_2 + f4g4 + f5g3_2 + f6g2 + f7g1_2 + f8g0 + f9g9_38
+	h9 := f0g9 + f1g8 + f2g7 + f3g6 + f4g5 + f5g4 + f6g3 + f7g2 + f8g1 + f9g0
+	var carry [10]int64
+
+	// |h0| <= (1.1*1.1*2^52*(1+19+19+19+19)+1.1*1.1*2^50*(38+38+38+38+38))
+	//   i.e. |h0| <= 1.2*2^59; narrower ranges for h2, h4, h6, h8
+	// |h1| <= (1.1*1.1*2^51*(1+1+19+19+19+19+19+19+19+19))
+	//   i.e. |h1| <= 1.5*2^58; narrower ranges for h3, h5, h7, h9
+
+	carry[0] = (h0 + (1 << 25)) >> 26
+	h1 += carry[0]
+	h0 -= carry[0] << 26
+	carry[4] = (h4 + (1 << 25)) >> 26
+	h5 += carry[4]
+	h4 -= carry[4] << 26
+	// |h0| <= 2^25
+	// |h4| <= 2^25
+	// |h1| <= 1.51*2^58
+	// |h5| <= 1.51*2^58
+
+	carry[1] = (h1 + (1 << 24)) >> 25
+	h2 += carry[1]
+	h1 -= carry[1] << 25
+	carry[5] = (h5 + (1 << 24)) >> 25
+	h6 += carry[5]
+	h5 -= carry[5] << 25
+	// |h1| <= 2^24; from now on fits into int32
+	// |h5| <= 2^24; from now on fits into int32
+	// |h2| <= 1.21*2^59
+	// |h6| <= 1.21*2^59
+
+	carry[2] = (h2 + (1 << 25)) >> 26
+	h3 += carry[2]
+	h2 -= carry[2] << 26
+	carry[6] = (h6 + (1 << 25)) >> 26
+	h7 += carry[6]
+	h6 -= carry[6] << 26
+	// |h2| <= 2^25; from now on fits into int32 unchanged
+	// |h6| <= 2^25; from now on fits into int32 unchanged
+	// |h3| <= 1.51*2^58
+	// |h7| <= 1.51*2^58
+
+	carry[3] = (h3 + (1 << 24)) >> 25
+	h4 += carry[3]
+	h3 -= carry[3] << 25
+	carry[7] = (h7 + (1 << 24)) >> 25
+	h8 += carry[7]
+	h7 -= carry[7] << 25
+	// |h3| <= 2^24; from now on fits into int32 unchanged
+	// |h7| <= 2^24; from now on fits into int32 unchanged
+	// |h4| <= 1.52*2^33
+	// |h8| <= 1.52*2^33
+
+	carry[4] = (h4 + (1 << 25)) >> 26
+	h5 += carry[4]
+	h4 -= carry[4] << 26
+	carry[8] = (h8 + (1 << 25)) >> 26
+	h9 += carry[8]
+	h8 -= carry[8] << 26
+	// |h4| <= 2^25; from now on fits into int32 unchanged
+	// |h8| <= 2^25; from now on fits into int32 unchanged
+	// |h5| <= 1.01*2^24
+	// |h9| <= 1.51*2^58
+
+	carry[9] = (h9 + (1 << 24)) >> 25
+	h0 += carry[9] * 19
+	h9 -= carry[9] << 25
+	// |h9| <= 2^24; from now on fits into int32 unchanged
+	// |h0| <= 1.8*2^37
+
+	carry[0] = (h0 + (1 << 25)) >> 26
+	h1 += carry[0]
+	h0 -= carry[0] << 26
+	// |h0| <= 2^25; from now on fits into int32 unchanged
+	// |h1| <= 1.01*2^24
+
+	h[0] = int32(h0)
+	h[1] = int32(h1)
+	h[2] = int32(h2)
+	h[3] = int32(h3)
+	h[4] = int32(h4)
+	h[5] = int32(h5)
+	h[6] = int32(h6)
+	h[7] = int32(h7)
+	h[8] = int32(h8)
+	h[9] = int32(h9)
+}
+
+// feSquare calculates h = f*f. Can overlap h with f.
+//
+// Preconditions:
+//    |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+//
+// Postconditions:
+//    |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+func feSquare(h, f *fieldElement) {
+	f0 := f[0]
+	f1 := f[1]
+	f2 := f[2]
+	f3 := f[3]
+	f4 := f[4]
+	f5 := f[5]
+	f6 := f[6]
+	f7 := f[7]
+	f8 := f[8]
+	f9 := f[9]
+	f0_2 := 2 * f0
+	f1_2 := 2 * f1
+	f2_2 := 2 * f2
+	f3_2 := 2 * f3
+	f4_2 := 2 * f4
+	f5_2 := 2 * f5
+	f6_2 := 2 * f6
+	f7_2 := 2 * f7
+	f5_38 := 38 * f5 // 1.31*2^30
+	f6_19 := 19 * f6 // 1.31*2^30
+	f7_38 := 38 * f7 // 1.31*2^30
+	f8_19 := 19 * f8 // 1.31*2^30
+	f9_38 := 38 * f9 // 1.31*2^30
+	f0f0 := int64(f0) * int64(f0)
+	f0f1_2 := int64(f0_2) * int64(f1)
+	f0f2_2 := int64(f0_2) * int64(f2)
+	f0f3_2 := int64(f0_2) * int64(f3)
+	f0f4_2 := int64(f0_2) * int64(f4)
+	f0f5_2 := int64(f0_2) * int64(f5)
+	f0f6_2 := int64(f0_2) * int64(f6)
+	f0f7_2 := int64(f0_2) * int64(f7)
+	f0f8_2 := int64(f0_2) * int64(f8)
+	f0f9_2 := int64(f0_2) * int64(f9)
+	f1f1_2 := int64(f1_2) * int64(f1)
+	f1f2_2 := int64(f1_2) * int64(f2)
+	f1f3_4 := int64(f1_2) * int64(f3_2)
+	f1f4_2 := int64(f1_2) * int64(f4)
+	f1f5_4 := int64(f1_2) * int64(f5_2)
+	f1f6_2 := int64(f1_2) * int64(f6)
+	f1f7_4 := int64(f1_2) * int64(f7_2)
+	f1f8_2 := int64(f1_2) * int64(f8)
+	f1f9_76 := int64(f1_2) * int64(f9_38)
+	f2f2 := int64(f2) * int64(f2)
+	f2f3_2 := int64(f2_2) * int64(f3)
+	f2f4_2 := int64(f2_2) * int64(f4)
+	f2f5_2 := int64(f2_2) * int64(f5)
+	f2f6_2 := int64(f2_2) * int64(f6)
+	f2f7_2 := int64(f2_2) * int64(f7)
+	f2f8_38 := int64(f2_2) * int64(f8_19)
+	f2f9_38 := int64(f2) * int64(f9_38)
+	f3f3_2 := int64(f3_2) * int64(f3)
+	f3f4_2 := int64(f3_2) * int64(f4)
+	f3f5_4 := int64(f3_2) * int64(f5_2)
+	f3f6_2 := int64(f3_2) * int64(f6)
+	f3f7_76 := int64(f3_2) * int64(f7_38)
+	f3f8_38 := int64(f3_2) * int64(f8_19)
+	f3f9_76 := int64(f3_2) * int64(f9_38)
+	f4f4 := int64(f4) * int64(f4)
+	f4f5_2 := int64(f4_2) * int64(f5)
+	f4f6_38 := int64(f4_2) * int64(f6_19)
+	f4f7_38 := int64(f4) * int64(f7_38)
+	f4f8_38 := int64(f4_2) * int64(f8_19)
+	f4f9_38 := int64(f4) * int64(f9_38)
+	f5f5_38 := int64(f5) * int64(f5_38)
+	f5f6_38 := int64(f5_2) * int64(f6_19)
+	f5f7_76 := int64(f5_2) * int64(f7_38)
+	f5f8_38 := int64(f5_2) * int64(f8_19)
+	f5f9_76 := int64(f5_2) * int64(f9_38)
+	f6f6_19 := int64(f6) * int64(f6_19)
+	f6f7_38 := int64(f6) * int64(f7_38)
+	f6f8_38 := int64(f6_2) * int64(f8_19)
+	f6f9_38 := int64(f6) * int64(f9_38)
+	f7f7_38 := int64(f7) * int64(f7_38)
+	f7f8_38 := int64(f7_2) * int64(f8_19)
+	f7f9_76 := int64(f7_2) * int64(f9_38)
+	f8f8_19 := int64(f8) * int64(f8_19)
+	f8f9_38 := int64(f8) * int64(f9_38)
+	f9f9_38 := int64(f9) * int64(f9_38)
+	h0 := f0f0 + f1f9_76 + f2f8_38 + f3f7_76 + f4f6_38 + f5f5_38
+	h1 := f0f1_2 + f2f9_38 + f3f8_38 + f4f7_38 + f5f6_38
+	h2 := f0f2_2 + f1f1_2 + f3f9_76 + f4f8_38 + f5f7_76 + f6f6_19
+	h3 := f0f3_2 + f1f2_2 + f4f9_38 + f5f8_38 + f6f7_38
+	h4 := f0f4_2 + f1f3_4 + f2f2 + f5f9_76 + f6f8_38 + f7f7_38
+	h5 := f0f5_2 + f1f4_2 + f2f3_2 + f6f9_38 + f7f8_38
+	h6 := f0f6_2 + f1f5_4 + f2f4_2 + f3f3_2 + f7f9_76 + f8f8_19
+	h7 := f0f7_2 + f1f6_2 + f2f5_2 + f3f4_2 + f8f9_38
+	h8 := f0f8_2 + f1f7_4 + f2f6_2 + f3f5_4 + f4f4 + f9f9_38
+	h9 := f0f9_2 + f1f8_2 + f2f7_2 + f3f6_2 + f4f5_2
+	var carry [10]int64
+
+	carry[0] = (h0 + (1 << 25)) >> 26
+	h1 += carry[0]
+	h0 -= carry[0] << 26
+	carry[4] = (h4 + (1 << 25)) >> 26
+	h5 += carry[4]
+	h4 -= carry[4] << 26
+
+	carry[1] = (h1 + (1 << 24)) >> 25
+	h2 += carry[1]
+	h1 -= carry[1] << 25
+	carry[5] = (h5 + (1 << 24)) >> 25
+	h6 += carry[5]
+	h5 -= carry[5] << 25
+
+	carry[2] = (h2 + (1 << 25)) >> 26
+	h3 += carry[2]
+	h2 -= carry[2] << 26
+	carry[6] = (h6 + (1 << 25)) >> 26
+	h7 += carry[6]
+	h6 -= carry[6] << 26
+
+	carry[3] = (h3 + (1 << 24)) >> 25
+	h4 += carry[3]
+	h3 -= carry[3] << 25
+	carry[7] = (h7 + (1 << 24)) >> 25
+	h8 += carry[7]
+	h7 -= carry[7] << 25
+
+	carry[4] = (h4 + (1 << 25)) >> 26
+	h5 += carry[4]
+	h4 -= carry[4] << 26
+	carry[8] = (h8 + (1 << 25)) >> 26
+	h9 += carry[8]
+	h8 -= carry[8] << 26
+
+	carry[9] = (h9 + (1 << 24)) >> 25
+	h0 += carry[9] * 19
+	h9 -= carry[9] << 25
+
+	carry[0] = (h0 + (1 << 25)) >> 26
+	h1 += carry[0]
+	h0 -= carry[0] << 26
+
+	h[0] = int32(h0)
+	h[1] = int32(h1)
+	h[2] = int32(h2)
+	h[3] = int32(h3)
+	h[4] = int32(h4)
+	h[5] = int32(h5)
+	h[6] = int32(h6)
+	h[7] = int32(h7)
+	h[8] = int32(h8)
+	h[9] = int32(h9)
+}
+
+// feMul121666 calculates h = f * 121666. Can overlap h with f.
+//
+// Preconditions:
+//    |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+//
+// Postconditions:
+//    |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+func feMul121666(h, f *fieldElement) {
+	h0 := int64(f[0]) * 121666
+	h1 := int64(f[1]) * 121666
+	h2 := int64(f[2]) * 121666
+	h3 := int64(f[3]) * 121666
+	h4 := int64(f[4]) * 121666
+	h5 := int64(f[5]) * 121666
+	h6 := int64(f[6]) * 121666
+	h7 := int64(f[7]) * 121666
+	h8 := int64(f[8]) * 121666
+	h9 := int64(f[9]) * 121666
+	var carry [10]int64
+
+	carry[9] = (h9 + (1 << 24)) >> 25
+	h0 += carry[9] * 19
+	h9 -= carry[9] << 25
+	carry[1] = (h1 + (1 << 24)) >> 25
+	h2 += carry[1]
+	h1 -= carry[1] << 25
+	carry[3] = (h3 + (1 << 24)) >> 25
+	h4 += carry[3]
+	h3 -= carry[3] << 25
+	carry[5] = (h5 + (1 << 24)) >> 25
+	h6 += carry[5]
+	h5 -= carry[5] << 25
+	carry[7] = (h7 + (1 << 24)) >> 25
+	h8 += carry[7]
+	h7 -= carry[7] << 25
+
+	carry[0] = (h0 + (1 << 25)) >> 26
+	h1 += carry[0]
+	h0 -= carry[0] << 26
+	carry[2] = (h2 + (1 << 25)) >> 26
+	h3 += carry[2]
+	h2 -= carry[2] << 26
+	carry[4] = (h4 + (1 << 25)) >> 26
+	h5 += carry[4]
+	h4 -= carry[4] << 26
+	carry[6] = (h6 + (1 << 25)) >> 26
+	h7 += carry[6]
+	h6 -= carry[6] << 26
+	carry[8] = (h8 + (1 << 25)) >> 26
+	h9 += carry[8]
+	h8 -= carry[8] << 26
+
+	h[0] = int32(h0)
+	h[1] = int32(h1)
+	h[2] = int32(h2)
+	h[3] = int32(h3)
+	h[4] = int32(h4)
+	h[5] = int32(h5)
+	h[6] = int32(h6)
+	h[7] = int32(h7)
+	h[8] = int32(h8)
+	h[9] = int32(h9)
+}
+
+// feInvert sets out = z^-1.
+func feInvert(out, z *fieldElement) {
+	var t0, t1, t2, t3 fieldElement
+	var i int
+
+	feSquare(&t0, z)
+	for i = 1; i < 1; i++ {
+		feSquare(&t0, &t0)
+	}
+	feSquare(&t1, &t0)
+	for i = 1; i < 2; i++ {
+		feSquare(&t1, &t1)
+	}
+	feMul(&t1, z, &t1)
+	feMul(&t0, &t0, &t1)
+	feSquare(&t2, &t0)
+	for i = 1; i < 1; i++ {
+		feSquare(&t2, &t2)
+	}
+	feMul(&t1, &t1, &t2)
+	feSquare(&t2, &t1)
+	for i = 1; i < 5; i++ {
+		feSquare(&t2, &t2)
+	}
+	feMul(&t1, &t2, &t1)
+	feSquare(&t2, &t1)
+	for i = 1; i < 10; i++ {
+		feSquare(&t2, &t2)
+	}
+	feMul(&t2, &t2, &t1)
+	feSquare(&t3, &t2)
+	for i = 1; i < 20; i++ {
+		feSquare(&t3, &t3)
+	}
+	feMul(&t2, &t3, &t2)
+	feSquare(&t2, &t2)
+	for i = 1; i < 10; i++ {
+		feSquare(&t2, &t2)
+	}
+	feMul(&t1, &t2, &t1)
+	feSquare(&t2, &t1)
+	for i = 1; i < 50; i++ {
+		feSquare(&t2, &t2)
+	}
+	feMul(&t2, &t2, &t1)
+	feSquare(&t3, &t2)
+	for i = 1; i < 100; i++ {
+		feSquare(&t3, &t3)
+	}
+	feMul(&t2, &t3, &t2)
+	feSquare(&t2, &t2)
+	for i = 1; i < 50; i++ {
+		feSquare(&t2, &t2)
+	}
+	feMul(&t1, &t2, &t1)
+	feSquare(&t1, &t1)
+	for i = 1; i < 5; i++ {
+		feSquare(&t1, &t1)
+	}
+	feMul(out, &t1, &t0)
+}
+
+func scalarMultGeneric(out, in, base *[32]byte) {
+	var e [32]byte
+
+	copy(e[:], in[:])
+	e[0] &= 248
+	e[31] &= 127
+	e[31] |= 64
+
+	var x1, x2, z2, x3, z3, tmp0, tmp1 fieldElement
+	feFromBytes(&x1, base)
+	feOne(&x2)
+	feCopy(&x3, &x1)
+	feOne(&z3)
+
+	swap := int32(0)
+	for pos := 254; pos >= 0; pos-- {
+		b := e[pos/8] >> uint(pos&7)
+		b &= 1
+		swap ^= int32(b)
+		feCSwap(&x2, &x3, swap)
+		feCSwap(&z2, &z3, swap)
+		swap = int32(b)
+
+		feSub(&tmp0, &x3, &z3)
+		feSub(&tmp1, &x2, &z2)
+		feAdd(&x2, &x2, &z2)
+		feAdd(&z2, &x3, &z3)
+		feMul(&z3, &tmp0, &x2)
+		feMul(&z2, &z2, &tmp1)
+		feSquare(&tmp0, &tmp1)
+		feSquare(&tmp1, &x2)
+		feAdd(&x3, &z3, &z2)
+		feSub(&z2, &z3, &z2)
+		feMul(&x2, &tmp1, &tmp0)
+		feSub(&tmp1, &tmp1, &tmp0)
+		feSquare(&z2, &z2)
+		feMul121666(&z3, &tmp1)
+		feSquare(&x3, &x3)
+		feAdd(&tmp0, &tmp0, &z3)
+		feMul(&z3, &x1, &z2)
+		feMul(&z2, &tmp1, &tmp0)
+	}
+
+	feCSwap(&x2, &x3, swap)
+	feCSwap(&z2, &z3, swap)
+
+	feInvert(&z2, &z2)
+	feMul(&x2, &x2, &z2)
+	feToBytes(out, &x2)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/crypto/curve25519/curve25519_noasm.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/crypto/curve25519/curve25519_noasm.go
new file mode 100644
index 000000000..047d49afc
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/crypto/curve25519/curve25519_noasm.go
@@ -0,0 +1,11 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !amd64 gccgo appengine purego
+
+package curve25519
+
+func scalarMult(out, in, base *[32]byte) {
+	scalarMultGeneric(out, in, base)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/AUTHORS b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/AUTHORS
new file mode 100644
index 000000000..15167cd74
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/AUTHORS
@@ -0,0 +1,3 @@
+# This source code refers to The Go Authors for copyright purposes.
+# The master list of authors is in the main Go distribution,
+# visible at http://tip.golang.org/AUTHORS.
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/CONTRIBUTORS b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/CONTRIBUTORS
new file mode 100644
index 000000000..1c4577e96
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/CONTRIBUTORS
@@ -0,0 +1,3 @@
+# This source code was written by the Go contributors.
+# The master list of contributors is in the main Go distribution,
+# visible at http://tip.golang.org/CONTRIBUTORS.
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/LICENSE b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/LICENSE
new file mode 100644
index 000000000..6a66aea5e
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/LICENSE
@@ -0,0 +1,27 @@
+Copyright (c) 2009 The Go Authors. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+   * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/PATENTS b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/PATENTS
new file mode 100644
index 000000000..733099041
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/PATENTS
@@ -0,0 +1,22 @@
+Additional IP Rights Grant (Patents)
+
+"This implementation" means the copyrightable works distributed by
+Google as part of the Go project.
+
+Google hereby grants to You a perpetual, worldwide, non-exclusive,
+no-charge, royalty-free, irrevocable (except as stated in this section)
+patent license to make, have made, use, offer to sell, sell, import,
+transfer and otherwise run, modify and propagate the contents of this
+implementation of Go, where such license applies only to those patent
+claims, both currently owned or controlled by Google and acquired in
+the future, licensable by Google that are necessarily infringed by this
+implementation of Go.  This grant does not include claims that would be
+infringed only as a consequence of further modification of this
+implementation.  If you or your agent or exclusive licensee institute or
+order or agree to the institution of patent litigation against any
+entity (including a cross-claim or counterclaim in a lawsuit) alleging
+that this implementation of Go or any code incorporated within this
+implementation of Go constitutes direct or contributory patent
+infringement, or inducement of patent infringement, then any patent
+rights granted to you under this License for this implementation of Go
+shall terminate as of the date such litigation is filed.
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/bpf/asm.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/bpf/asm.go
new file mode 100644
index 000000000..15e21b181
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/bpf/asm.go
@@ -0,0 +1,41 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package bpf
+
+import "fmt"
+
+// Assemble converts insts into raw instructions suitable for loading
+// into a BPF virtual machine.
+//
+// Currently, no optimization is attempted, the assembled program flow
+// is exactly as provided.
+func Assemble(insts []Instruction) ([]RawInstruction, error) {
+	ret := make([]RawInstruction, len(insts))
+	var err error
+	for i, inst := range insts {
+		ret[i], err = inst.Assemble()
+		if err != nil {
+			return nil, fmt.Errorf("assembling instruction %d: %s", i+1, err)
+		}
+	}
+	return ret, nil
+}
+
+// Disassemble attempts to parse raw back into
+// Instructions. Unrecognized RawInstructions are assumed to be an
+// extension not implemented by this package, and are passed through
+// unchanged to the output. The allDecoded value reports whether insts
+// contains no RawInstructions.
+func Disassemble(raw []RawInstruction) (insts []Instruction, allDecoded bool) {
+	insts = make([]Instruction, len(raw))
+	allDecoded = true
+	for i, r := range raw {
+		insts[i] = r.Disassemble()
+		if _, ok := insts[i].(RawInstruction); ok {
+			allDecoded = false
+		}
+	}
+	return insts, allDecoded
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/bpf/constants.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/bpf/constants.go
new file mode 100644
index 000000000..12f3ee835
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/bpf/constants.go
@@ -0,0 +1,222 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package bpf
+
+// A Register is a register of the BPF virtual machine.
+type Register uint16
+
+const (
+	// RegA is the accumulator register. RegA is always the
+	// destination register of ALU operations.
+	RegA Register = iota
+	// RegX is the indirection register, used by LoadIndirect
+	// operations.
+	RegX
+)
+
+// An ALUOp is an arithmetic or logic operation.
+type ALUOp uint16
+
+// ALU binary operation types.
+const (
+	ALUOpAdd ALUOp = iota << 4
+	ALUOpSub
+	ALUOpMul
+	ALUOpDiv
+	ALUOpOr
+	ALUOpAnd
+	ALUOpShiftLeft
+	ALUOpShiftRight
+	aluOpNeg // Not exported because it's the only unary ALU operation, and gets its own instruction type.
+	ALUOpMod
+	ALUOpXor
+)
+
+// A JumpTest is a comparison operator used in conditional jumps.
+type JumpTest uint16
+
+// Supported operators for conditional jumps.
+// K can be RegX for JumpIfX
+const (
+	// K == A
+	JumpEqual JumpTest = iota
+	// K != A
+	JumpNotEqual
+	// K > A
+	JumpGreaterThan
+	// K < A
+	JumpLessThan
+	// K >= A
+	JumpGreaterOrEqual
+	// K <= A
+	JumpLessOrEqual
+	// K & A != 0
+	JumpBitsSet
+	// K & A == 0
+	JumpBitsNotSet
+)
+
+// An Extension is a function call provided by the kernel that
+// performs advanced operations that are expensive or impossible
+// within the BPF virtual machine.
+//
+// Extensions are only implemented by the Linux kernel.
+//
+// TODO: should we prune this list? Some of these extensions seem
+// either broken or near-impossible to use correctly, whereas other
+// (len, random, ifindex) are quite useful.
+type Extension int
+
+// Extension functions available in the Linux kernel.
+const (
+	// extOffset is the negative maximum number of instructions used
+	// to load instructions by overloading the K argument.
+	extOffset = -0x1000
+	// ExtLen returns the length of the packet.
+	ExtLen Extension = 1
+	// ExtProto returns the packet's L3 protocol type.
+	ExtProto Extension = 0
+	// ExtType returns the packet's type (skb->pkt_type in the kernel)
+	//
+	// TODO: better documentation. How nice an API do we want to
+	// provide for these esoteric extensions?
+	ExtType Extension = 4
+	// ExtPayloadOffset returns the offset of the packet payload, or
+	// the first protocol header that the kernel does not know how to
+	// parse.
+	ExtPayloadOffset Extension = 52
+	// ExtInterfaceIndex returns the index of the interface on which
+	// the packet was received.
+	ExtInterfaceIndex Extension = 8
+	// ExtNetlinkAttr returns the netlink attribute of type X at
+	// offset A.
+	ExtNetlinkAttr Extension = 12
+	// ExtNetlinkAttrNested returns the nested netlink attribute of
+	// type X at offset A.
+	ExtNetlinkAttrNested Extension = 16
+	// ExtMark returns the packet's mark value.
+	ExtMark Extension = 20
+	// ExtQueue returns the packet's assigned hardware queue.
+	ExtQueue Extension = 24
+	// ExtLinkLayerType returns the packet's hardware address type
+	// (e.g. Ethernet, Infiniband).
+	ExtLinkLayerType Extension = 28
+	// ExtRXHash returns the packets receive hash.
+	//
+	// TODO: figure out what this rxhash actually is.
+	ExtRXHash Extension = 32
+	// ExtCPUID returns the ID of the CPU processing the current
+	// packet.
+	ExtCPUID Extension = 36
+	// ExtVLANTag returns the packet's VLAN tag.
+	ExtVLANTag Extension = 44
+	// ExtVLANTagPresent returns non-zero if the packet has a VLAN
+	// tag.
+	//
+	// TODO: I think this might be a lie: it reads bit 0x1000 of the
+	// VLAN header, which changed meaning in recent revisions of the
+	// spec - this extension may now return meaningless information.
+	ExtVLANTagPresent Extension = 48
+	// ExtVLANProto returns 0x8100 if the frame has a VLAN header,
+	// 0x88a8 if the frame has a "Q-in-Q" double VLAN header, or some
+	// other value if no VLAN information is present.
+	ExtVLANProto Extension = 60
+	// ExtRand returns a uniformly random uint32.
+	ExtRand Extension = 56
+)
+
+// The following gives names to various bit patterns used in opcode construction.
+
+const (
+	opMaskCls uint16 = 0x7
+	// opClsLoad masks
+	opMaskLoadDest  = 0x01
+	opMaskLoadWidth = 0x18
+	opMaskLoadMode  = 0xe0
+	// opClsALU & opClsJump
+	opMaskOperand  = 0x08
+	opMaskOperator = 0xf0
+)
+
+const (
+	// +---------------+-----------------+---+---+---+
+	// | AddrMode (3b) | LoadWidth (2b)  | 0 | 0 | 0 |
+	// +---------------+-----------------+---+---+---+
+	opClsLoadA uint16 = iota
+	// +---------------+-----------------+---+---+---+
+	// | AddrMode (3b) | LoadWidth (2b)  | 0 | 0 | 1 |
+	// +---------------+-----------------+---+---+---+
+	opClsLoadX
+	// +---+---+---+---+---+---+---+---+
+	// | 0 | 0 | 0 | 0 | 0 | 0 | 1 | 0 |
+	// +---+---+---+---+---+---+---+---+
+	opClsStoreA
+	// +---+---+---+---+---+---+---+---+
+	// | 0 | 0 | 0 | 0 | 0 | 0 | 1 | 1 |
+	// +---+---+---+---+---+---+---+---+
+	opClsStoreX
+	// +---------------+-----------------+---+---+---+
+	// | Operator (4b) | OperandSrc (1b) | 1 | 0 | 0 |
+	// +---------------+-----------------+---+---+---+
+	opClsALU
+	// +-----------------------------+---+---+---+---+
+	// |      TestOperator (4b)      | 0 | 1 | 0 | 1 |
+	// +-----------------------------+---+---+---+---+
+	opClsJump
+	// +---+-------------------------+---+---+---+---+
+	// | 0 | 0 | 0 |   RetSrc (1b)   | 0 | 1 | 1 | 0 |
+	// +---+-------------------------+---+---+---+---+
+	opClsReturn
+	// +---+-------------------------+---+---+---+---+
+	// | 0 | 0 | 0 |  TXAorTAX (1b)  | 0 | 1 | 1 | 1 |
+	// +---+-------------------------+---+---+---+---+
+	opClsMisc
+)
+
+const (
+	opAddrModeImmediate uint16 = iota << 5
+	opAddrModeAbsolute
+	opAddrModeIndirect
+	opAddrModeScratch
+	opAddrModePacketLen // actually an extension, not an addressing mode.
+	opAddrModeMemShift
+)
+
+const (
+	opLoadWidth4 uint16 = iota << 3
+	opLoadWidth2
+	opLoadWidth1
+)
+
+// Operand for ALU and Jump instructions
+type opOperand uint16
+
+// Supported operand sources.
+const (
+	opOperandConstant opOperand = iota << 3
+	opOperandX
+)
+
+// An jumpOp is a conditional jump condition.
+type jumpOp uint16
+
+// Supported jump conditions.
+const (
+	opJumpAlways jumpOp = iota << 4
+	opJumpEqual
+	opJumpGT
+	opJumpGE
+	opJumpSet
+)
+
+const (
+	opRetSrcConstant uint16 = iota << 4
+	opRetSrcA
+)
+
+const (
+	opMiscTAX = 0x00
+	opMiscTXA = 0x80
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/bpf/doc.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/bpf/doc.go
new file mode 100644
index 000000000..ae62feb53
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/bpf/doc.go
@@ -0,0 +1,82 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+/*
+
+Package bpf implements marshaling and unmarshaling of programs for the
+Berkeley Packet Filter virtual machine, and provides a Go implementation
+of the virtual machine.
+
+BPF's main use is to specify a packet filter for network taps, so that
+the kernel doesn't have to expensively copy every packet it sees to
+userspace. However, it's been repurposed to other areas where running
+user code in-kernel is needed. For example, Linux's seccomp uses BPF
+to apply security policies to system calls. For simplicity, this
+documentation refers only to packets, but other uses of BPF have their
+own data payloads.
+
+BPF programs run in a restricted virtual machine. It has almost no
+access to kernel functions, and while conditional branches are
+allowed, they can only jump forwards, to guarantee that there are no
+infinite loops.
+
+The virtual machine
+
+The BPF VM is an accumulator machine. Its main register, called
+register A, is an implicit source and destination in all arithmetic
+and logic operations. The machine also has 16 scratch registers for
+temporary storage, and an indirection register (register X) for
+indirect memory access. All registers are 32 bits wide.
+
+Each run of a BPF program is given one packet, which is placed in the
+VM's read-only "main memory". LoadAbsolute and LoadIndirect
+instructions can fetch up to 32 bits at a time into register A for
+examination.
+
+The goal of a BPF program is to produce and return a verdict (uint32),
+which tells the kernel what to do with the packet. In the context of
+packet filtering, the returned value is the number of bytes of the
+packet to forward to userspace, or 0 to ignore the packet. Other
+contexts like seccomp define their own return values.
+
+In order to simplify programs, attempts to read past the end of the
+packet terminate the program execution with a verdict of 0 (ignore
+packet). This means that the vast majority of BPF programs don't need
+to do any explicit bounds checking.
+
+In addition to the bytes of the packet, some BPF programs have access
+to extensions, which are essentially calls to kernel utility
+functions. Currently, the only extensions supported by this package
+are the Linux packet filter extensions.
+
+Examples
+
+This packet filter selects all ARP packets.
+
+	bpf.Assemble([]bpf.Instruction{
+		// Load "EtherType" field from the ethernet header.
+		bpf.LoadAbsolute{Off: 12, Size: 2},
+		// Skip over the next instruction if EtherType is not ARP.
+		bpf.JumpIf{Cond: bpf.JumpNotEqual, Val: 0x0806, SkipTrue: 1},
+		// Verdict is "send up to 4k of the packet to userspace."
+		bpf.RetConstant{Val: 4096},
+		// Verdict is "ignore packet."
+		bpf.RetConstant{Val: 0},
+	})
+
+This packet filter captures a random 1% sample of traffic.
+
+	bpf.Assemble([]bpf.Instruction{
+		// Get a 32-bit random number from the Linux kernel.
+		bpf.LoadExtension{Num: bpf.ExtRand},
+		// 1% dice roll?
+		bpf.JumpIf{Cond: bpf.JumpLessThan, Val: 2^32/100, SkipFalse: 1},
+		// Capture.
+		bpf.RetConstant{Val: 4096},
+		// Ignore.
+		bpf.RetConstant{Val: 0},
+	})
+
+*/
+package bpf // import "golang.org/x/net/bpf"
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/bpf/instructions.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/bpf/instructions.go
new file mode 100644
index 000000000..3cffcaa01
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/bpf/instructions.go
@@ -0,0 +1,726 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package bpf
+
+import "fmt"
+
+// An Instruction is one instruction executed by the BPF virtual
+// machine.
+type Instruction interface {
+	// Assemble assembles the Instruction into a RawInstruction.
+	Assemble() (RawInstruction, error)
+}
+
+// A RawInstruction is a raw BPF virtual machine instruction.
+type RawInstruction struct {
+	// Operation to execute.
+	Op uint16
+	// For conditional jump instructions, the number of instructions
+	// to skip if the condition is true/false.
+	Jt uint8
+	Jf uint8
+	// Constant parameter. The meaning depends on the Op.
+	K uint32
+}
+
+// Assemble implements the Instruction Assemble method.
+func (ri RawInstruction) Assemble() (RawInstruction, error) { return ri, nil }
+
+// Disassemble parses ri into an Instruction and returns it. If ri is
+// not recognized by this package, ri itself is returned.
+func (ri RawInstruction) Disassemble() Instruction {
+	switch ri.Op & opMaskCls {
+	case opClsLoadA, opClsLoadX:
+		reg := Register(ri.Op & opMaskLoadDest)
+		sz := 0
+		switch ri.Op & opMaskLoadWidth {
+		case opLoadWidth4:
+			sz = 4
+		case opLoadWidth2:
+			sz = 2
+		case opLoadWidth1:
+			sz = 1
+		default:
+			return ri
+		}
+		switch ri.Op & opMaskLoadMode {
+		case opAddrModeImmediate:
+			if sz != 4 {
+				return ri
+			}
+			return LoadConstant{Dst: reg, Val: ri.K}
+		case opAddrModeScratch:
+			if sz != 4 || ri.K > 15 {
+				return ri
+			}
+			return LoadScratch{Dst: reg, N: int(ri.K)}
+		case opAddrModeAbsolute:
+			if ri.K > extOffset+0xffffffff {
+				return LoadExtension{Num: Extension(-extOffset + ri.K)}
+			}
+			return LoadAbsolute{Size: sz, Off: ri.K}
+		case opAddrModeIndirect:
+			return LoadIndirect{Size: sz, Off: ri.K}
+		case opAddrModePacketLen:
+			if sz != 4 {
+				return ri
+			}
+			return LoadExtension{Num: ExtLen}
+		case opAddrModeMemShift:
+			return LoadMemShift{Off: ri.K}
+		default:
+			return ri
+		}
+
+	case opClsStoreA:
+		if ri.Op != opClsStoreA || ri.K > 15 {
+			return ri
+		}
+		return StoreScratch{Src: RegA, N: int(ri.K)}
+
+	case opClsStoreX:
+		if ri.Op != opClsStoreX || ri.K > 15 {
+			return ri
+		}
+		return StoreScratch{Src: RegX, N: int(ri.K)}
+
+	case opClsALU:
+		switch op := ALUOp(ri.Op & opMaskOperator); op {
+		case ALUOpAdd, ALUOpSub, ALUOpMul, ALUOpDiv, ALUOpOr, ALUOpAnd, ALUOpShiftLeft, ALUOpShiftRight, ALUOpMod, ALUOpXor:
+			switch operand := opOperand(ri.Op & opMaskOperand); operand {
+			case opOperandX:
+				return ALUOpX{Op: op}
+			case opOperandConstant:
+				return ALUOpConstant{Op: op, Val: ri.K}
+			default:
+				return ri
+			}
+		case aluOpNeg:
+			return NegateA{}
+		default:
+			return ri
+		}
+
+	case opClsJump:
+		switch op := jumpOp(ri.Op & opMaskOperator); op {
+		case opJumpAlways:
+			return Jump{Skip: ri.K}
+		case opJumpEqual, opJumpGT, opJumpGE, opJumpSet:
+			cond, skipTrue, skipFalse := jumpOpToTest(op, ri.Jt, ri.Jf)
+			switch operand := opOperand(ri.Op & opMaskOperand); operand {
+			case opOperandX:
+				return JumpIfX{Cond: cond, SkipTrue: skipTrue, SkipFalse: skipFalse}
+			case opOperandConstant:
+				return JumpIf{Cond: cond, Val: ri.K, SkipTrue: skipTrue, SkipFalse: skipFalse}
+			default:
+				return ri
+			}
+		default:
+			return ri
+		}
+
+	case opClsReturn:
+		switch ri.Op {
+		case opClsReturn | opRetSrcA:
+			return RetA{}
+		case opClsReturn | opRetSrcConstant:
+			return RetConstant{Val: ri.K}
+		default:
+			return ri
+		}
+
+	case opClsMisc:
+		switch ri.Op {
+		case opClsMisc | opMiscTAX:
+			return TAX{}
+		case opClsMisc | opMiscTXA:
+			return TXA{}
+		default:
+			return ri
+		}
+
+	default:
+		panic("unreachable") // switch is exhaustive on the bit pattern
+	}
+}
+
+func jumpOpToTest(op jumpOp, skipTrue uint8, skipFalse uint8) (JumpTest, uint8, uint8) {
+	var test JumpTest
+
+	// Decode "fake" jump conditions that don't appear in machine code
+	// Ensures the Assemble -> Disassemble stage recreates the same instructions
+	// See https://github.com/golang/go/issues/18470
+	if skipTrue == 0 {
+		switch op {
+		case opJumpEqual:
+			test = JumpNotEqual
+		case opJumpGT:
+			test = JumpLessOrEqual
+		case opJumpGE:
+			test = JumpLessThan
+		case opJumpSet:
+			test = JumpBitsNotSet
+		}
+
+		return test, skipFalse, 0
+	}
+
+	switch op {
+	case opJumpEqual:
+		test = JumpEqual
+	case opJumpGT:
+		test = JumpGreaterThan
+	case opJumpGE:
+		test = JumpGreaterOrEqual
+	case opJumpSet:
+		test = JumpBitsSet
+	}
+
+	return test, skipTrue, skipFalse
+}
+
+// LoadConstant loads Val into register Dst.
+type LoadConstant struct {
+	Dst Register
+	Val uint32
+}
+
+// Assemble implements the Instruction Assemble method.
+func (a LoadConstant) Assemble() (RawInstruction, error) {
+	return assembleLoad(a.Dst, 4, opAddrModeImmediate, a.Val)
+}
+
+// String returns the instruction in assembler notation.
+func (a LoadConstant) String() string {
+	switch a.Dst {
+	case RegA:
+		return fmt.Sprintf("ld #%d", a.Val)
+	case RegX:
+		return fmt.Sprintf("ldx #%d", a.Val)
+	default:
+		return fmt.Sprintf("unknown instruction: %#v", a)
+	}
+}
+
+// LoadScratch loads scratch[N] into register Dst.
+type LoadScratch struct {
+	Dst Register
+	N   int // 0-15
+}
+
+// Assemble implements the Instruction Assemble method.
+func (a LoadScratch) Assemble() (RawInstruction, error) {
+	if a.N < 0 || a.N > 15 {
+		return RawInstruction{}, fmt.Errorf("invalid scratch slot %d", a.N)
+	}
+	return assembleLoad(a.Dst, 4, opAddrModeScratch, uint32(a.N))
+}
+
+// String returns the instruction in assembler notation.
+func (a LoadScratch) String() string {
+	switch a.Dst {
+	case RegA:
+		return fmt.Sprintf("ld M[%d]", a.N)
+	case RegX:
+		return fmt.Sprintf("ldx M[%d]", a.N)
+	default:
+		return fmt.Sprintf("unknown instruction: %#v", a)
+	}
+}
+
+// LoadAbsolute loads packet[Off:Off+Size] as an integer value into
+// register A.
+type LoadAbsolute struct {
+	Off  uint32
+	Size int // 1, 2 or 4
+}
+
+// Assemble implements the Instruction Assemble method.
+func (a LoadAbsolute) Assemble() (RawInstruction, error) {
+	return assembleLoad(RegA, a.Size, opAddrModeAbsolute, a.Off)
+}
+
+// String returns the instruction in assembler notation.
+func (a LoadAbsolute) String() string {
+	switch a.Size {
+	case 1: // byte
+		return fmt.Sprintf("ldb [%d]", a.Off)
+	case 2: // half word
+		return fmt.Sprintf("ldh [%d]", a.Off)
+	case 4: // word
+		if a.Off > extOffset+0xffffffff {
+			return LoadExtension{Num: Extension(a.Off + 0x1000)}.String()
+		}
+		return fmt.Sprintf("ld [%d]", a.Off)
+	default:
+		return fmt.Sprintf("unknown instruction: %#v", a)
+	}
+}
+
+// LoadIndirect loads packet[X+Off:X+Off+Size] as an integer value
+// into register A.
+type LoadIndirect struct {
+	Off  uint32
+	Size int // 1, 2 or 4
+}
+
+// Assemble implements the Instruction Assemble method.
+func (a LoadIndirect) Assemble() (RawInstruction, error) {
+	return assembleLoad(RegA, a.Size, opAddrModeIndirect, a.Off)
+}
+
+// String returns the instruction in assembler notation.
+func (a LoadIndirect) String() string {
+	switch a.Size {
+	case 1: // byte
+		return fmt.Sprintf("ldb [x + %d]", a.Off)
+	case 2: // half word
+		return fmt.Sprintf("ldh [x + %d]", a.Off)
+	case 4: // word
+		return fmt.Sprintf("ld [x + %d]", a.Off)
+	default:
+		return fmt.Sprintf("unknown instruction: %#v", a)
+	}
+}
+
+// LoadMemShift multiplies the first 4 bits of the byte at packet[Off]
+// by 4 and stores the result in register X.
+//
+// This instruction is mainly useful to load into X the length of an
+// IPv4 packet header in a single instruction, rather than have to do
+// the arithmetic on the header's first byte by hand.
+type LoadMemShift struct {
+	Off uint32
+}
+
+// Assemble implements the Instruction Assemble method.
+func (a LoadMemShift) Assemble() (RawInstruction, error) {
+	return assembleLoad(RegX, 1, opAddrModeMemShift, a.Off)
+}
+
+// String returns the instruction in assembler notation.
+func (a LoadMemShift) String() string {
+	return fmt.Sprintf("ldx 4*([%d]&0xf)", a.Off)
+}
+
+// LoadExtension invokes a linux-specific extension and stores the
+// result in register A.
+type LoadExtension struct {
+	Num Extension
+}
+
+// Assemble implements the Instruction Assemble method.
+func (a LoadExtension) Assemble() (RawInstruction, error) {
+	if a.Num == ExtLen {
+		return assembleLoad(RegA, 4, opAddrModePacketLen, 0)
+	}
+	return assembleLoad(RegA, 4, opAddrModeAbsolute, uint32(extOffset+a.Num))
+}
+
+// String returns the instruction in assembler notation.
+func (a LoadExtension) String() string {
+	switch a.Num {
+	case ExtLen:
+		return "ld #len"
+	case ExtProto:
+		return "ld #proto"
+	case ExtType:
+		return "ld #type"
+	case ExtPayloadOffset:
+		return "ld #poff"
+	case ExtInterfaceIndex:
+		return "ld #ifidx"
+	case ExtNetlinkAttr:
+		return "ld #nla"
+	case ExtNetlinkAttrNested:
+		return "ld #nlan"
+	case ExtMark:
+		return "ld #mark"
+	case ExtQueue:
+		return "ld #queue"
+	case ExtLinkLayerType:
+		return "ld #hatype"
+	case ExtRXHash:
+		return "ld #rxhash"
+	case ExtCPUID:
+		return "ld #cpu"
+	case ExtVLANTag:
+		return "ld #vlan_tci"
+	case ExtVLANTagPresent:
+		return "ld #vlan_avail"
+	case ExtVLANProto:
+		return "ld #vlan_tpid"
+	case ExtRand:
+		return "ld #rand"
+	default:
+		return fmt.Sprintf("unknown instruction: %#v", a)
+	}
+}
+
+// StoreScratch stores register Src into scratch[N].
+type StoreScratch struct {
+	Src Register
+	N   int // 0-15
+}
+
+// Assemble implements the Instruction Assemble method.
+func (a StoreScratch) Assemble() (RawInstruction, error) {
+	if a.N < 0 || a.N > 15 {
+		return RawInstruction{}, fmt.Errorf("invalid scratch slot %d", a.N)
+	}
+	var op uint16
+	switch a.Src {
+	case RegA:
+		op = opClsStoreA
+	case RegX:
+		op = opClsStoreX
+	default:
+		return RawInstruction{}, fmt.Errorf("invalid source register %v", a.Src)
+	}
+
+	return RawInstruction{
+		Op: op,
+		K:  uint32(a.N),
+	}, nil
+}
+
+// String returns the instruction in assembler notation.
+func (a StoreScratch) String() string {
+	switch a.Src {
+	case RegA:
+		return fmt.Sprintf("st M[%d]", a.N)
+	case RegX:
+		return fmt.Sprintf("stx M[%d]", a.N)
+	default:
+		return fmt.Sprintf("unknown instruction: %#v", a)
+	}
+}
+
+// ALUOpConstant executes A = A <Op> Val.
+type ALUOpConstant struct {
+	Op  ALUOp
+	Val uint32
+}
+
+// Assemble implements the Instruction Assemble method.
+func (a ALUOpConstant) Assemble() (RawInstruction, error) {
+	return RawInstruction{
+		Op: opClsALU | uint16(opOperandConstant) | uint16(a.Op),
+		K:  a.Val,
+	}, nil
+}
+
+// String returns the instruction in assembler notation.
+func (a ALUOpConstant) String() string {
+	switch a.Op {
+	case ALUOpAdd:
+		return fmt.Sprintf("add #%d", a.Val)
+	case ALUOpSub:
+		return fmt.Sprintf("sub #%d", a.Val)
+	case ALUOpMul:
+		return fmt.Sprintf("mul #%d", a.Val)
+	case ALUOpDiv:
+		return fmt.Sprintf("div #%d", a.Val)
+	case ALUOpMod:
+		return fmt.Sprintf("mod #%d", a.Val)
+	case ALUOpAnd:
+		return fmt.Sprintf("and #%d", a.Val)
+	case ALUOpOr:
+		return fmt.Sprintf("or #%d", a.Val)
+	case ALUOpXor:
+		return fmt.Sprintf("xor #%d", a.Val)
+	case ALUOpShiftLeft:
+		return fmt.Sprintf("lsh #%d", a.Val)
+	case ALUOpShiftRight:
+		return fmt.Sprintf("rsh #%d", a.Val)
+	default:
+		return fmt.Sprintf("unknown instruction: %#v", a)
+	}
+}
+
+// ALUOpX executes A = A <Op> X
+type ALUOpX struct {
+	Op ALUOp
+}
+
+// Assemble implements the Instruction Assemble method.
+func (a ALUOpX) Assemble() (RawInstruction, error) {
+	return RawInstruction{
+		Op: opClsALU | uint16(opOperandX) | uint16(a.Op),
+	}, nil
+}
+
+// String returns the instruction in assembler notation.
+func (a ALUOpX) String() string {
+	switch a.Op {
+	case ALUOpAdd:
+		return "add x"
+	case ALUOpSub:
+		return "sub x"
+	case ALUOpMul:
+		return "mul x"
+	case ALUOpDiv:
+		return "div x"
+	case ALUOpMod:
+		return "mod x"
+	case ALUOpAnd:
+		return "and x"
+	case ALUOpOr:
+		return "or x"
+	case ALUOpXor:
+		return "xor x"
+	case ALUOpShiftLeft:
+		return "lsh x"
+	case ALUOpShiftRight:
+		return "rsh x"
+	default:
+		return fmt.Sprintf("unknown instruction: %#v", a)
+	}
+}
+
+// NegateA executes A = -A.
+type NegateA struct{}
+
+// Assemble implements the Instruction Assemble method.
+func (a NegateA) Assemble() (RawInstruction, error) {
+	return RawInstruction{
+		Op: opClsALU | uint16(aluOpNeg),
+	}, nil
+}
+
+// String returns the instruction in assembler notation.
+func (a NegateA) String() string {
+	return fmt.Sprintf("neg")
+}
+
+// Jump skips the following Skip instructions in the program.
+type Jump struct {
+	Skip uint32
+}
+
+// Assemble implements the Instruction Assemble method.
+func (a Jump) Assemble() (RawInstruction, error) {
+	return RawInstruction{
+		Op: opClsJump | uint16(opJumpAlways),
+		K:  a.Skip,
+	}, nil
+}
+
+// String returns the instruction in assembler notation.
+func (a Jump) String() string {
+	return fmt.Sprintf("ja %d", a.Skip)
+}
+
+// JumpIf skips the following Skip instructions in the program if A
+// <Cond> Val is true.
+type JumpIf struct {
+	Cond      JumpTest
+	Val       uint32
+	SkipTrue  uint8
+	SkipFalse uint8
+}
+
+// Assemble implements the Instruction Assemble method.
+func (a JumpIf) Assemble() (RawInstruction, error) {
+	return jumpToRaw(a.Cond, opOperandConstant, a.Val, a.SkipTrue, a.SkipFalse)
+}
+
+// String returns the instruction in assembler notation.
+func (a JumpIf) String() string {
+	return jumpToString(a.Cond, fmt.Sprintf("#%d", a.Val), a.SkipTrue, a.SkipFalse)
+}
+
+// JumpIfX skips the following Skip instructions in the program if A
+// <Cond> X is true.
+type JumpIfX struct {
+	Cond      JumpTest
+	SkipTrue  uint8
+	SkipFalse uint8
+}
+
+// Assemble implements the Instruction Assemble method.
+func (a JumpIfX) Assemble() (RawInstruction, error) {
+	return jumpToRaw(a.Cond, opOperandX, 0, a.SkipTrue, a.SkipFalse)
+}
+
+// String returns the instruction in assembler notation.
+func (a JumpIfX) String() string {
+	return jumpToString(a.Cond, "x", a.SkipTrue, a.SkipFalse)
+}
+
+// jumpToRaw assembles a jump instruction into a RawInstruction
+func jumpToRaw(test JumpTest, operand opOperand, k uint32, skipTrue, skipFalse uint8) (RawInstruction, error) {
+	var (
+		cond jumpOp
+		flip bool
+	)
+	switch test {
+	case JumpEqual:
+		cond = opJumpEqual
+	case JumpNotEqual:
+		cond, flip = opJumpEqual, true
+	case JumpGreaterThan:
+		cond = opJumpGT
+	case JumpLessThan:
+		cond, flip = opJumpGE, true
+	case JumpGreaterOrEqual:
+		cond = opJumpGE
+	case JumpLessOrEqual:
+		cond, flip = opJumpGT, true
+	case JumpBitsSet:
+		cond = opJumpSet
+	case JumpBitsNotSet:
+		cond, flip = opJumpSet, true
+	default:
+		return RawInstruction{}, fmt.Errorf("unknown JumpTest %v", test)
+	}
+	jt, jf := skipTrue, skipFalse
+	if flip {
+		jt, jf = jf, jt
+	}
+	return RawInstruction{
+		Op: opClsJump | uint16(cond) | uint16(operand),
+		Jt: jt,
+		Jf: jf,
+		K:  k,
+	}, nil
+}
+
+// jumpToString converts a jump instruction to assembler notation
+func jumpToString(cond JumpTest, operand string, skipTrue, skipFalse uint8) string {
+	switch cond {
+	// K == A
+	case JumpEqual:
+		return conditionalJump(operand, skipTrue, skipFalse, "jeq", "jneq")
+	// K != A
+	case JumpNotEqual:
+		return fmt.Sprintf("jneq %s,%d", operand, skipTrue)
+	// K > A
+	case JumpGreaterThan:
+		return conditionalJump(operand, skipTrue, skipFalse, "jgt", "jle")
+	// K < A
+	case JumpLessThan:
+		return fmt.Sprintf("jlt %s,%d", operand, skipTrue)
+	// K >= A
+	case JumpGreaterOrEqual:
+		return conditionalJump(operand, skipTrue, skipFalse, "jge", "jlt")
+	// K <= A
+	case JumpLessOrEqual:
+		return fmt.Sprintf("jle %s,%d", operand, skipTrue)
+	// K & A != 0
+	case JumpBitsSet:
+		if skipFalse > 0 {
+			return fmt.Sprintf("jset %s,%d,%d", operand, skipTrue, skipFalse)
+		}
+		return fmt.Sprintf("jset %s,%d", operand, skipTrue)
+	// K & A == 0, there is no assembler instruction for JumpBitNotSet, use JumpBitSet and invert skips
+	case JumpBitsNotSet:
+		return jumpToString(JumpBitsSet, operand, skipFalse, skipTrue)
+	default:
+		return fmt.Sprintf("unknown JumpTest %#v", cond)
+	}
+}
+
+func conditionalJump(operand string, skipTrue, skipFalse uint8, positiveJump, negativeJump string) string {
+	if skipTrue > 0 {
+		if skipFalse > 0 {
+			return fmt.Sprintf("%s %s,%d,%d", positiveJump, operand, skipTrue, skipFalse)
+		}
+		return fmt.Sprintf("%s %s,%d", positiveJump, operand, skipTrue)
+	}
+	return fmt.Sprintf("%s %s,%d", negativeJump, operand, skipFalse)
+}
+
+// RetA exits the BPF program, returning the value of register A.
+type RetA struct{}
+
+// Assemble implements the Instruction Assemble method.
+func (a RetA) Assemble() (RawInstruction, error) {
+	return RawInstruction{
+		Op: opClsReturn | opRetSrcA,
+	}, nil
+}
+
+// String returns the instruction in assembler notation.
+func (a RetA) String() string {
+	return fmt.Sprintf("ret a")
+}
+
+// RetConstant exits the BPF program, returning a constant value.
+type RetConstant struct {
+	Val uint32
+}
+
+// Assemble implements the Instruction Assemble method.
+func (a RetConstant) Assemble() (RawInstruction, error) {
+	return RawInstruction{
+		Op: opClsReturn | opRetSrcConstant,
+		K:  a.Val,
+	}, nil
+}
+
+// String returns the instruction in assembler notation.
+func (a RetConstant) String() string {
+	return fmt.Sprintf("ret #%d", a.Val)
+}
+
+// TXA copies the value of register X to register A.
+type TXA struct{}
+
+// Assemble implements the Instruction Assemble method.
+func (a TXA) Assemble() (RawInstruction, error) {
+	return RawInstruction{
+		Op: opClsMisc | opMiscTXA,
+	}, nil
+}
+
+// String returns the instruction in assembler notation.
+func (a TXA) String() string {
+	return fmt.Sprintf("txa")
+}
+
+// TAX copies the value of register A to register X.
+type TAX struct{}
+
+// Assemble implements the Instruction Assemble method.
+func (a TAX) Assemble() (RawInstruction, error) {
+	return RawInstruction{
+		Op: opClsMisc | opMiscTAX,
+	}, nil
+}
+
+// String returns the instruction in assembler notation.
+func (a TAX) String() string {
+	return fmt.Sprintf("tax")
+}
+
+func assembleLoad(dst Register, loadSize int, mode uint16, k uint32) (RawInstruction, error) {
+	var (
+		cls uint16
+		sz  uint16
+	)
+	switch dst {
+	case RegA:
+		cls = opClsLoadA
+	case RegX:
+		cls = opClsLoadX
+	default:
+		return RawInstruction{}, fmt.Errorf("invalid target register %v", dst)
+	}
+	switch loadSize {
+	case 1:
+		sz = opLoadWidth1
+	case 2:
+		sz = opLoadWidth2
+	case 4:
+		sz = opLoadWidth4
+	default:
+		return RawInstruction{}, fmt.Errorf("invalid load byte length %d", sz)
+	}
+	return RawInstruction{
+		Op: cls | sz | mode,
+		K:  k,
+	}, nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/bpf/setter.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/bpf/setter.go
new file mode 100644
index 000000000..43e35f0ac
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/bpf/setter.go
@@ -0,0 +1,10 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package bpf
+
+// A Setter is a type which can attach a compiled BPF filter to itself.
+type Setter interface {
+	SetBPF(filter []RawInstruction) error
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/bpf/vm.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/bpf/vm.go
new file mode 100644
index 000000000..73f57f1f7
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/bpf/vm.go
@@ -0,0 +1,150 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package bpf
+
+import (
+	"errors"
+	"fmt"
+)
+
+// A VM is an emulated BPF virtual machine.
+type VM struct {
+	filter []Instruction
+}
+
+// NewVM returns a new VM using the input BPF program.
+func NewVM(filter []Instruction) (*VM, error) {
+	if len(filter) == 0 {
+		return nil, errors.New("one or more Instructions must be specified")
+	}
+
+	for i, ins := range filter {
+		check := len(filter) - (i + 1)
+		switch ins := ins.(type) {
+		// Check for out-of-bounds jumps in instructions
+		case Jump:
+			if check <= int(ins.Skip) {
+				return nil, fmt.Errorf("cannot jump %d instructions; jumping past program bounds", ins.Skip)
+			}
+		case JumpIf:
+			if check <= int(ins.SkipTrue) {
+				return nil, fmt.Errorf("cannot jump %d instructions in true case; jumping past program bounds", ins.SkipTrue)
+			}
+			if check <= int(ins.SkipFalse) {
+				return nil, fmt.Errorf("cannot jump %d instructions in false case; jumping past program bounds", ins.SkipFalse)
+			}
+		case JumpIfX:
+			if check <= int(ins.SkipTrue) {
+				return nil, fmt.Errorf("cannot jump %d instructions in true case; jumping past program bounds", ins.SkipTrue)
+			}
+			if check <= int(ins.SkipFalse) {
+				return nil, fmt.Errorf("cannot jump %d instructions in false case; jumping past program bounds", ins.SkipFalse)
+			}
+		// Check for division or modulus by zero
+		case ALUOpConstant:
+			if ins.Val != 0 {
+				break
+			}
+
+			switch ins.Op {
+			case ALUOpDiv, ALUOpMod:
+				return nil, errors.New("cannot divide by zero using ALUOpConstant")
+			}
+		// Check for unknown extensions
+		case LoadExtension:
+			switch ins.Num {
+			case ExtLen:
+			default:
+				return nil, fmt.Errorf("extension %d not implemented", ins.Num)
+			}
+		}
+	}
+
+	// Make sure last instruction is a return instruction
+	switch filter[len(filter)-1].(type) {
+	case RetA, RetConstant:
+	default:
+		return nil, errors.New("BPF program must end with RetA or RetConstant")
+	}
+
+	// Though our VM works using disassembled instructions, we
+	// attempt to assemble the input filter anyway to ensure it is compatible
+	// with an operating system VM.
+	_, err := Assemble(filter)
+
+	return &VM{
+		filter: filter,
+	}, err
+}
+
+// Run runs the VM's BPF program against the input bytes.
+// Run returns the number of bytes accepted by the BPF program, and any errors
+// which occurred while processing the program.
+func (v *VM) Run(in []byte) (int, error) {
+	var (
+		// Registers of the virtual machine
+		regA       uint32
+		regX       uint32
+		regScratch [16]uint32
+
+		// OK is true if the program should continue processing the next
+		// instruction, or false if not, causing the loop to break
+		ok = true
+	)
+
+	// TODO(mdlayher): implement:
+	// - NegateA:
+	//   - would require a change from uint32 registers to int32
+	//     registers
+
+	// TODO(mdlayher): add interop tests that check signedness of ALU
+	// operations against kernel implementation, and make sure Go
+	// implementation matches behavior
+
+	for i := 0; i < len(v.filter) && ok; i++ {
+		ins := v.filter[i]
+
+		switch ins := ins.(type) {
+		case ALUOpConstant:
+			regA = aluOpConstant(ins, regA)
+		case ALUOpX:
+			regA, ok = aluOpX(ins, regA, regX)
+		case Jump:
+			i += int(ins.Skip)
+		case JumpIf:
+			jump := jumpIf(ins, regA)
+			i += jump
+		case JumpIfX:
+			jump := jumpIfX(ins, regA, regX)
+			i += jump
+		case LoadAbsolute:
+			regA, ok = loadAbsolute(ins, in)
+		case LoadConstant:
+			regA, regX = loadConstant(ins, regA, regX)
+		case LoadExtension:
+			regA = loadExtension(ins, in)
+		case LoadIndirect:
+			regA, ok = loadIndirect(ins, in, regX)
+		case LoadMemShift:
+			regX, ok = loadMemShift(ins, in)
+		case LoadScratch:
+			regA, regX = loadScratch(ins, regScratch, regA, regX)
+		case RetA:
+			return int(regA), nil
+		case RetConstant:
+			return int(ins.Val), nil
+		case StoreScratch:
+			regScratch = storeScratch(ins, regScratch, regA, regX)
+		case TAX:
+			regX = regA
+		case TXA:
+			regA = regX
+		default:
+			return 0, fmt.Errorf("unknown Instruction at index %d: %T", i, ins)
+		}
+	}
+
+	return 0, nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/bpf/vm_instructions.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/bpf/vm_instructions.go
new file mode 100644
index 000000000..cf8947c33
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/bpf/vm_instructions.go
@@ -0,0 +1,182 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package bpf
+
+import (
+	"encoding/binary"
+	"fmt"
+)
+
+func aluOpConstant(ins ALUOpConstant, regA uint32) uint32 {
+	return aluOpCommon(ins.Op, regA, ins.Val)
+}
+
+func aluOpX(ins ALUOpX, regA uint32, regX uint32) (uint32, bool) {
+	// Guard against division or modulus by zero by terminating
+	// the program, as the OS BPF VM does
+	if regX == 0 {
+		switch ins.Op {
+		case ALUOpDiv, ALUOpMod:
+			return 0, false
+		}
+	}
+
+	return aluOpCommon(ins.Op, regA, regX), true
+}
+
+func aluOpCommon(op ALUOp, regA uint32, value uint32) uint32 {
+	switch op {
+	case ALUOpAdd:
+		return regA + value
+	case ALUOpSub:
+		return regA - value
+	case ALUOpMul:
+		return regA * value
+	case ALUOpDiv:
+		// Division by zero not permitted by NewVM and aluOpX checks
+		return regA / value
+	case ALUOpOr:
+		return regA | value
+	case ALUOpAnd:
+		return regA & value
+	case ALUOpShiftLeft:
+		return regA << value
+	case ALUOpShiftRight:
+		return regA >> value
+	case ALUOpMod:
+		// Modulus by zero not permitted by NewVM and aluOpX checks
+		return regA % value
+	case ALUOpXor:
+		return regA ^ value
+	default:
+		return regA
+	}
+}
+
+func jumpIf(ins JumpIf, regA uint32) int {
+	return jumpIfCommon(ins.Cond, ins.SkipTrue, ins.SkipFalse, regA, ins.Val)
+}
+
+func jumpIfX(ins JumpIfX, regA uint32, regX uint32) int {
+	return jumpIfCommon(ins.Cond, ins.SkipTrue, ins.SkipFalse, regA, regX)
+}
+
+func jumpIfCommon(cond JumpTest, skipTrue, skipFalse uint8, regA uint32, value uint32) int {
+	var ok bool
+
+	switch cond {
+	case JumpEqual:
+		ok = regA == value
+	case JumpNotEqual:
+		ok = regA != value
+	case JumpGreaterThan:
+		ok = regA > value
+	case JumpLessThan:
+		ok = regA < value
+	case JumpGreaterOrEqual:
+		ok = regA >= value
+	case JumpLessOrEqual:
+		ok = regA <= value
+	case JumpBitsSet:
+		ok = (regA & value) != 0
+	case JumpBitsNotSet:
+		ok = (regA & value) == 0
+	}
+
+	if ok {
+		return int(skipTrue)
+	}
+
+	return int(skipFalse)
+}
+
+func loadAbsolute(ins LoadAbsolute, in []byte) (uint32, bool) {
+	offset := int(ins.Off)
+	size := int(ins.Size)
+
+	return loadCommon(in, offset, size)
+}
+
+func loadConstant(ins LoadConstant, regA uint32, regX uint32) (uint32, uint32) {
+	switch ins.Dst {
+	case RegA:
+		regA = ins.Val
+	case RegX:
+		regX = ins.Val
+	}
+
+	return regA, regX
+}
+
+func loadExtension(ins LoadExtension, in []byte) uint32 {
+	switch ins.Num {
+	case ExtLen:
+		return uint32(len(in))
+	default:
+		panic(fmt.Sprintf("unimplemented extension: %d", ins.Num))
+	}
+}
+
+func loadIndirect(ins LoadIndirect, in []byte, regX uint32) (uint32, bool) {
+	offset := int(ins.Off) + int(regX)
+	size := int(ins.Size)
+
+	return loadCommon(in, offset, size)
+}
+
+func loadMemShift(ins LoadMemShift, in []byte) (uint32, bool) {
+	offset := int(ins.Off)
+
+	// Size of LoadMemShift is always 1 byte
+	if !inBounds(len(in), offset, 1) {
+		return 0, false
+	}
+
+	// Mask off high 4 bits and multiply low 4 bits by 4
+	return uint32(in[offset]&0x0f) * 4, true
+}
+
+func inBounds(inLen int, offset int, size int) bool {
+	return offset+size <= inLen
+}
+
+func loadCommon(in []byte, offset int, size int) (uint32, bool) {
+	if !inBounds(len(in), offset, size) {
+		return 0, false
+	}
+
+	switch size {
+	case 1:
+		return uint32(in[offset]), true
+	case 2:
+		return uint32(binary.BigEndian.Uint16(in[offset : offset+size])), true
+	case 4:
+		return uint32(binary.BigEndian.Uint32(in[offset : offset+size])), true
+	default:
+		panic(fmt.Sprintf("invalid load size: %d", size))
+	}
+}
+
+func loadScratch(ins LoadScratch, regScratch [16]uint32, regA uint32, regX uint32) (uint32, uint32) {
+	switch ins.Dst {
+	case RegA:
+		regA = regScratch[ins.N]
+	case RegX:
+		regX = regScratch[ins.N]
+	}
+
+	return regA, regX
+}
+
+func storeScratch(ins StoreScratch, regScratch [16]uint32, regA uint32, regX uint32) [16]uint32 {
+	switch ins.Src {
+	case RegA:
+		regScratch[ins.N] = regA
+	case RegX:
+		regScratch[ins.N] = regX
+	}
+
+	return regScratch
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/dns/dnsmessage/message.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/dns/dnsmessage/message.go
new file mode 100644
index 000000000..654f191f8
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/dns/dnsmessage/message.go
@@ -0,0 +1,2587 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package dnsmessage provides a mostly RFC 1035 compliant implementation of
+// DNS message packing and unpacking.
+//
+// The package also supports messages with Extension Mechanisms for DNS
+// (EDNS(0)) as defined in RFC 6891.
+//
+// This implementation is designed to minimize heap allocations and avoid
+// unnecessary packing and unpacking as much as possible.
+package dnsmessage
+
+import (
+	"errors"
+)
+
+// Message formats
+
+// A Type is a type of DNS request and response.
+type Type uint16
+
+const (
+	// ResourceHeader.Type and Question.Type
+	TypeA     Type = 1
+	TypeNS    Type = 2
+	TypeCNAME Type = 5
+	TypeSOA   Type = 6
+	TypePTR   Type = 12
+	TypeMX    Type = 15
+	TypeTXT   Type = 16
+	TypeAAAA  Type = 28
+	TypeSRV   Type = 33
+	TypeOPT   Type = 41
+
+	// Question.Type
+	TypeWKS   Type = 11
+	TypeHINFO Type = 13
+	TypeMINFO Type = 14
+	TypeAXFR  Type = 252
+	TypeALL   Type = 255
+)
+
+var typeNames = map[Type]string{
+	TypeA:     "TypeA",
+	TypeNS:    "TypeNS",
+	TypeCNAME: "TypeCNAME",
+	TypeSOA:   "TypeSOA",
+	TypePTR:   "TypePTR",
+	TypeMX:    "TypeMX",
+	TypeTXT:   "TypeTXT",
+	TypeAAAA:  "TypeAAAA",
+	TypeSRV:   "TypeSRV",
+	TypeOPT:   "TypeOPT",
+	TypeWKS:   "TypeWKS",
+	TypeHINFO: "TypeHINFO",
+	TypeMINFO: "TypeMINFO",
+	TypeAXFR:  "TypeAXFR",
+	TypeALL:   "TypeALL",
+}
+
+// String implements fmt.Stringer.String.
+func (t Type) String() string {
+	if n, ok := typeNames[t]; ok {
+		return n
+	}
+	return printUint16(uint16(t))
+}
+
+// GoString implements fmt.GoStringer.GoString.
+func (t Type) GoString() string {
+	if n, ok := typeNames[t]; ok {
+		return "dnsmessage." + n
+	}
+	return printUint16(uint16(t))
+}
+
+// A Class is a type of network.
+type Class uint16
+
+const (
+	// ResourceHeader.Class and Question.Class
+	ClassINET   Class = 1
+	ClassCSNET  Class = 2
+	ClassCHAOS  Class = 3
+	ClassHESIOD Class = 4
+
+	// Question.Class
+	ClassANY Class = 255
+)
+
+var classNames = map[Class]string{
+	ClassINET:   "ClassINET",
+	ClassCSNET:  "ClassCSNET",
+	ClassCHAOS:  "ClassCHAOS",
+	ClassHESIOD: "ClassHESIOD",
+	ClassANY:    "ClassANY",
+}
+
+// String implements fmt.Stringer.String.
+func (c Class) String() string {
+	if n, ok := classNames[c]; ok {
+		return n
+	}
+	return printUint16(uint16(c))
+}
+
+// GoString implements fmt.GoStringer.GoString.
+func (c Class) GoString() string {
+	if n, ok := classNames[c]; ok {
+		return "dnsmessage." + n
+	}
+	return printUint16(uint16(c))
+}
+
+// An OpCode is a DNS operation code.
+type OpCode uint16
+
+// GoString implements fmt.GoStringer.GoString.
+func (o OpCode) GoString() string {
+	return printUint16(uint16(o))
+}
+
+// An RCode is a DNS response status code.
+type RCode uint16
+
+const (
+	// Message.Rcode
+	RCodeSuccess        RCode = 0
+	RCodeFormatError    RCode = 1
+	RCodeServerFailure  RCode = 2
+	RCodeNameError      RCode = 3
+	RCodeNotImplemented RCode = 4
+	RCodeRefused        RCode = 5
+)
+
+var rCodeNames = map[RCode]string{
+	RCodeSuccess:        "RCodeSuccess",
+	RCodeFormatError:    "RCodeFormatError",
+	RCodeServerFailure:  "RCodeServerFailure",
+	RCodeNameError:      "RCodeNameError",
+	RCodeNotImplemented: "RCodeNotImplemented",
+	RCodeRefused:        "RCodeRefused",
+}
+
+// String implements fmt.Stringer.String.
+func (r RCode) String() string {
+	if n, ok := rCodeNames[r]; ok {
+		return n
+	}
+	return printUint16(uint16(r))
+}
+
+// GoString implements fmt.GoStringer.GoString.
+func (r RCode) GoString() string {
+	if n, ok := rCodeNames[r]; ok {
+		return "dnsmessage." + n
+	}
+	return printUint16(uint16(r))
+}
+
+func printPaddedUint8(i uint8) string {
+	b := byte(i)
+	return string([]byte{
+		b/100 + '0',
+		b/10%10 + '0',
+		b%10 + '0',
+	})
+}
+
+func printUint8Bytes(buf []byte, i uint8) []byte {
+	b := byte(i)
+	if i >= 100 {
+		buf = append(buf, b/100+'0')
+	}
+	if i >= 10 {
+		buf = append(buf, b/10%10+'0')
+	}
+	return append(buf, b%10+'0')
+}
+
+func printByteSlice(b []byte) string {
+	if len(b) == 0 {
+		return ""
+	}
+	buf := make([]byte, 0, 5*len(b))
+	buf = printUint8Bytes(buf, uint8(b[0]))
+	for _, n := range b[1:] {
+		buf = append(buf, ',', ' ')
+		buf = printUint8Bytes(buf, uint8(n))
+	}
+	return string(buf)
+}
+
+const hexDigits = "0123456789abcdef"
+
+func printString(str []byte) string {
+	buf := make([]byte, 0, len(str))
+	for i := 0; i < len(str); i++ {
+		c := str[i]
+		if c == '.' || c == '-' || c == ' ' ||
+			'A' <= c && c <= 'Z' ||
+			'a' <= c && c <= 'z' ||
+			'0' <= c && c <= '9' {
+			buf = append(buf, c)
+			continue
+		}
+
+		upper := c >> 4
+		lower := (c << 4) >> 4
+		buf = append(
+			buf,
+			'\\',
+			'x',
+			hexDigits[upper],
+			hexDigits[lower],
+		)
+	}
+	return string(buf)
+}
+
+func printUint16(i uint16) string {
+	return printUint32(uint32(i))
+}
+
+func printUint32(i uint32) string {
+	// Max value is 4294967295.
+	buf := make([]byte, 10)
+	for b, d := buf, uint32(1000000000); d > 0; d /= 10 {
+		b[0] = byte(i/d%10 + '0')
+		if b[0] == '0' && len(b) == len(buf) && len(buf) > 1 {
+			buf = buf[1:]
+		}
+		b = b[1:]
+		i %= d
+	}
+	return string(buf)
+}
+
+func printBool(b bool) string {
+	if b {
+		return "true"
+	}
+	return "false"
+}
+
+var (
+	// ErrNotStarted indicates that the prerequisite information isn't
+	// available yet because the previous records haven't been appropriately
+	// parsed, skipped or finished.
+	ErrNotStarted = errors.New("parsing/packing of this type isn't available yet")
+
+	// ErrSectionDone indicated that all records in the section have been
+	// parsed or finished.
+	ErrSectionDone = errors.New("parsing/packing of this section has completed")
+
+	errBaseLen            = errors.New("insufficient data for base length type")
+	errCalcLen            = errors.New("insufficient data for calculated length type")
+	errReserved           = errors.New("segment prefix is reserved")
+	errTooManyPtr         = errors.New("too many pointers (>10)")
+	errInvalidPtr         = errors.New("invalid pointer")
+	errNilResouceBody     = errors.New("nil resource body")
+	errResourceLen        = errors.New("insufficient data for resource body length")
+	errSegTooLong         = errors.New("segment length too long")
+	errZeroSegLen         = errors.New("zero length segment")
+	errResTooLong         = errors.New("resource length too long")
+	errTooManyQuestions   = errors.New("too many Questions to pack (>65535)")
+	errTooManyAnswers     = errors.New("too many Answers to pack (>65535)")
+	errTooManyAuthorities = errors.New("too many Authorities to pack (>65535)")
+	errTooManyAdditionals = errors.New("too many Additionals to pack (>65535)")
+	errNonCanonicalName   = errors.New("name is not in canonical format (it must end with a .)")
+	errStringTooLong      = errors.New("character string exceeds maximum length (255)")
+	errCompressedSRV      = errors.New("compressed name in SRV resource data")
+)
+
+// Internal constants.
+const (
+	// packStartingCap is the default initial buffer size allocated during
+	// packing.
+	//
+	// The starting capacity doesn't matter too much, but most DNS responses
+	// Will be <= 512 bytes as it is the limit for DNS over UDP.
+	packStartingCap = 512
+
+	// uint16Len is the length (in bytes) of a uint16.
+	uint16Len = 2
+
+	// uint32Len is the length (in bytes) of a uint32.
+	uint32Len = 4
+
+	// headerLen is the length (in bytes) of a DNS header.
+	//
+	// A header is comprised of 6 uint16s and no padding.
+	headerLen = 6 * uint16Len
+)
+
+type nestedError struct {
+	// s is the current level's error message.
+	s string
+
+	// err is the nested error.
+	err error
+}
+
+// nestedError implements error.Error.
+func (e *nestedError) Error() string {
+	return e.s + ": " + e.err.Error()
+}
+
+// Header is a representation of a DNS message header.
+type Header struct {
+	ID                 uint16
+	Response           bool
+	OpCode             OpCode
+	Authoritative      bool
+	Truncated          bool
+	RecursionDesired   bool
+	RecursionAvailable bool
+	RCode              RCode
+}
+
+func (m *Header) pack() (id uint16, bits uint16) {
+	id = m.ID
+	bits = uint16(m.OpCode)<<11 | uint16(m.RCode)
+	if m.RecursionAvailable {
+		bits |= headerBitRA
+	}
+	if m.RecursionDesired {
+		bits |= headerBitRD
+	}
+	if m.Truncated {
+		bits |= headerBitTC
+	}
+	if m.Authoritative {
+		bits |= headerBitAA
+	}
+	if m.Response {
+		bits |= headerBitQR
+	}
+	return
+}
+
+// GoString implements fmt.GoStringer.GoString.
+func (m *Header) GoString() string {
+	return "dnsmessage.Header{" +
+		"ID: " + printUint16(m.ID) + ", " +
+		"Response: " + printBool(m.Response) + ", " +
+		"OpCode: " + m.OpCode.GoString() + ", " +
+		"Authoritative: " + printBool(m.Authoritative) + ", " +
+		"Truncated: " + printBool(m.Truncated) + ", " +
+		"RecursionDesired: " + printBool(m.RecursionDesired) + ", " +
+		"RecursionAvailable: " + printBool(m.RecursionAvailable) + ", " +
+		"RCode: " + m.RCode.GoString() + "}"
+}
+
+// Message is a representation of a DNS message.
+type Message struct {
+	Header
+	Questions   []Question
+	Answers     []Resource
+	Authorities []Resource
+	Additionals []Resource
+}
+
+type section uint8
+
+const (
+	sectionNotStarted section = iota
+	sectionHeader
+	sectionQuestions
+	sectionAnswers
+	sectionAuthorities
+	sectionAdditionals
+	sectionDone
+
+	headerBitQR = 1 << 15 // query/response (response=1)
+	headerBitAA = 1 << 10 // authoritative
+	headerBitTC = 1 << 9  // truncated
+	headerBitRD = 1 << 8  // recursion desired
+	headerBitRA = 1 << 7  // recursion available
+)
+
+var sectionNames = map[section]string{
+	sectionHeader:      "header",
+	sectionQuestions:   "Question",
+	sectionAnswers:     "Answer",
+	sectionAuthorities: "Authority",
+	sectionAdditionals: "Additional",
+}
+
+// header is the wire format for a DNS message header.
+type header struct {
+	id          uint16
+	bits        uint16
+	questions   uint16
+	answers     uint16
+	authorities uint16
+	additionals uint16
+}
+
+func (h *header) count(sec section) uint16 {
+	switch sec {
+	case sectionQuestions:
+		return h.questions
+	case sectionAnswers:
+		return h.answers
+	case sectionAuthorities:
+		return h.authorities
+	case sectionAdditionals:
+		return h.additionals
+	}
+	return 0
+}
+
+// pack appends the wire format of the header to msg.
+func (h *header) pack(msg []byte) []byte {
+	msg = packUint16(msg, h.id)
+	msg = packUint16(msg, h.bits)
+	msg = packUint16(msg, h.questions)
+	msg = packUint16(msg, h.answers)
+	msg = packUint16(msg, h.authorities)
+	return packUint16(msg, h.additionals)
+}
+
+func (h *header) unpack(msg []byte, off int) (int, error) {
+	newOff := off
+	var err error
+	if h.id, newOff, err = unpackUint16(msg, newOff); err != nil {
+		return off, &nestedError{"id", err}
+	}
+	if h.bits, newOff, err = unpackUint16(msg, newOff); err != nil {
+		return off, &nestedError{"bits", err}
+	}
+	if h.questions, newOff, err = unpackUint16(msg, newOff); err != nil {
+		return off, &nestedError{"questions", err}
+	}
+	if h.answers, newOff, err = unpackUint16(msg, newOff); err != nil {
+		return off, &nestedError{"answers", err}
+	}
+	if h.authorities, newOff, err = unpackUint16(msg, newOff); err != nil {
+		return off, &nestedError{"authorities", err}
+	}
+	if h.additionals, newOff, err = unpackUint16(msg, newOff); err != nil {
+		return off, &nestedError{"additionals", err}
+	}
+	return newOff, nil
+}
+
+func (h *header) header() Header {
+	return Header{
+		ID:                 h.id,
+		Response:           (h.bits & headerBitQR) != 0,
+		OpCode:             OpCode(h.bits>>11) & 0xF,
+		Authoritative:      (h.bits & headerBitAA) != 0,
+		Truncated:          (h.bits & headerBitTC) != 0,
+		RecursionDesired:   (h.bits & headerBitRD) != 0,
+		RecursionAvailable: (h.bits & headerBitRA) != 0,
+		RCode:              RCode(h.bits & 0xF),
+	}
+}
+
+// A Resource is a DNS resource record.
+type Resource struct {
+	Header ResourceHeader
+	Body   ResourceBody
+}
+
+func (r *Resource) GoString() string {
+	return "dnsmessage.Resource{" +
+		"Header: " + r.Header.GoString() +
+		", Body: &" + r.Body.GoString() +
+		"}"
+}
+
+// A ResourceBody is a DNS resource record minus the header.
+type ResourceBody interface {
+	// pack packs a Resource except for its header.
+	pack(msg []byte, compression map[string]int, compressionOff int) ([]byte, error)
+
+	// realType returns the actual type of the Resource. This is used to
+	// fill in the header Type field.
+	realType() Type
+
+	// GoString implements fmt.GoStringer.GoString.
+	GoString() string
+}
+
+// pack appends the wire format of the Resource to msg.
+func (r *Resource) pack(msg []byte, compression map[string]int, compressionOff int) ([]byte, error) {
+	if r.Body == nil {
+		return msg, errNilResouceBody
+	}
+	oldMsg := msg
+	r.Header.Type = r.Body.realType()
+	msg, lenOff, err := r.Header.pack(msg, compression, compressionOff)
+	if err != nil {
+		return msg, &nestedError{"ResourceHeader", err}
+	}
+	preLen := len(msg)
+	msg, err = r.Body.pack(msg, compression, compressionOff)
+	if err != nil {
+		return msg, &nestedError{"content", err}
+	}
+	if err := r.Header.fixLen(msg, lenOff, preLen); err != nil {
+		return oldMsg, err
+	}
+	return msg, nil
+}
+
+// A Parser allows incrementally parsing a DNS message.
+//
+// When parsing is started, the Header is parsed. Next, each Question can be
+// either parsed or skipped. Alternatively, all Questions can be skipped at
+// once. When all Questions have been parsed, attempting to parse Questions
+// will return (nil, nil) and attempting to skip Questions will return
+// (true, nil). After all Questions have been either parsed or skipped, all
+// Answers, Authorities and Additionals can be either parsed or skipped in the
+// same way, and each type of Resource must be fully parsed or skipped before
+// proceeding to the next type of Resource.
+//
+// Note that there is no requirement to fully skip or parse the message.
+type Parser struct {
+	msg    []byte
+	header header
+
+	section        section
+	off            int
+	index          int
+	resHeaderValid bool
+	resHeader      ResourceHeader
+}
+
+// Start parses the header and enables the parsing of Questions.
+func (p *Parser) Start(msg []byte) (Header, error) {
+	if p.msg != nil {
+		*p = Parser{}
+	}
+	p.msg = msg
+	var err error
+	if p.off, err = p.header.unpack(msg, 0); err != nil {
+		return Header{}, &nestedError{"unpacking header", err}
+	}
+	p.section = sectionQuestions
+	return p.header.header(), nil
+}
+
+func (p *Parser) checkAdvance(sec section) error {
+	if p.section < sec {
+		return ErrNotStarted
+	}
+	if p.section > sec {
+		return ErrSectionDone
+	}
+	p.resHeaderValid = false
+	if p.index == int(p.header.count(sec)) {
+		p.index = 0
+		p.section++
+		return ErrSectionDone
+	}
+	return nil
+}
+
+func (p *Parser) resource(sec section) (Resource, error) {
+	var r Resource
+	var err error
+	r.Header, err = p.resourceHeader(sec)
+	if err != nil {
+		return r, err
+	}
+	p.resHeaderValid = false
+	r.Body, p.off, err = unpackResourceBody(p.msg, p.off, r.Header)
+	if err != nil {
+		return Resource{}, &nestedError{"unpacking " + sectionNames[sec], err}
+	}
+	p.index++
+	return r, nil
+}
+
+func (p *Parser) resourceHeader(sec section) (ResourceHeader, error) {
+	if p.resHeaderValid {
+		return p.resHeader, nil
+	}
+	if err := p.checkAdvance(sec); err != nil {
+		return ResourceHeader{}, err
+	}
+	var hdr ResourceHeader
+	off, err := hdr.unpack(p.msg, p.off)
+	if err != nil {
+		return ResourceHeader{}, err
+	}
+	p.resHeaderValid = true
+	p.resHeader = hdr
+	p.off = off
+	return hdr, nil
+}
+
+func (p *Parser) skipResource(sec section) error {
+	if p.resHeaderValid {
+		newOff := p.off + int(p.resHeader.Length)
+		if newOff > len(p.msg) {
+			return errResourceLen
+		}
+		p.off = newOff
+		p.resHeaderValid = false
+		p.index++
+		return nil
+	}
+	if err := p.checkAdvance(sec); err != nil {
+		return err
+	}
+	var err error
+	p.off, err = skipResource(p.msg, p.off)
+	if err != nil {
+		return &nestedError{"skipping: " + sectionNames[sec], err}
+	}
+	p.index++
+	return nil
+}
+
+// Question parses a single Question.
+func (p *Parser) Question() (Question, error) {
+	if err := p.checkAdvance(sectionQuestions); err != nil {
+		return Question{}, err
+	}
+	var name Name
+	off, err := name.unpack(p.msg, p.off)
+	if err != nil {
+		return Question{}, &nestedError{"unpacking Question.Name", err}
+	}
+	typ, off, err := unpackType(p.msg, off)
+	if err != nil {
+		return Question{}, &nestedError{"unpacking Question.Type", err}
+	}
+	class, off, err := unpackClass(p.msg, off)
+	if err != nil {
+		return Question{}, &nestedError{"unpacking Question.Class", err}
+	}
+	p.off = off
+	p.index++
+	return Question{name, typ, class}, nil
+}
+
+// AllQuestions parses all Questions.
+func (p *Parser) AllQuestions() ([]Question, error) {
+	// Multiple questions are valid according to the spec,
+	// but servers don't actually support them. There will
+	// be at most one question here.
+	//
+	// Do not pre-allocate based on info in p.header, since
+	// the data is untrusted.
+	qs := []Question{}
+	for {
+		q, err := p.Question()
+		if err == ErrSectionDone {
+			return qs, nil
+		}
+		if err != nil {
+			return nil, err
+		}
+		qs = append(qs, q)
+	}
+}
+
+// SkipQuestion skips a single Question.
+func (p *Parser) SkipQuestion() error {
+	if err := p.checkAdvance(sectionQuestions); err != nil {
+		return err
+	}
+	off, err := skipName(p.msg, p.off)
+	if err != nil {
+		return &nestedError{"skipping Question Name", err}
+	}
+	if off, err = skipType(p.msg, off); err != nil {
+		return &nestedError{"skipping Question Type", err}
+	}
+	if off, err = skipClass(p.msg, off); err != nil {
+		return &nestedError{"skipping Question Class", err}
+	}
+	p.off = off
+	p.index++
+	return nil
+}
+
+// SkipAllQuestions skips all Questions.
+func (p *Parser) SkipAllQuestions() error {
+	for {
+		if err := p.SkipQuestion(); err == ErrSectionDone {
+			return nil
+		} else if err != nil {
+			return err
+		}
+	}
+}
+
+// AnswerHeader parses a single Answer ResourceHeader.
+func (p *Parser) AnswerHeader() (ResourceHeader, error) {
+	return p.resourceHeader(sectionAnswers)
+}
+
+// Answer parses a single Answer Resource.
+func (p *Parser) Answer() (Resource, error) {
+	return p.resource(sectionAnswers)
+}
+
+// AllAnswers parses all Answer Resources.
+func (p *Parser) AllAnswers() ([]Resource, error) {
+	// The most common query is for A/AAAA, which usually returns
+	// a handful of IPs.
+	//
+	// Pre-allocate up to a certain limit, since p.header is
+	// untrusted data.
+	n := int(p.header.answers)
+	if n > 20 {
+		n = 20
+	}
+	as := make([]Resource, 0, n)
+	for {
+		a, err := p.Answer()
+		if err == ErrSectionDone {
+			return as, nil
+		}
+		if err != nil {
+			return nil, err
+		}
+		as = append(as, a)
+	}
+}
+
+// SkipAnswer skips a single Answer Resource.
+func (p *Parser) SkipAnswer() error {
+	return p.skipResource(sectionAnswers)
+}
+
+// SkipAllAnswers skips all Answer Resources.
+func (p *Parser) SkipAllAnswers() error {
+	for {
+		if err := p.SkipAnswer(); err == ErrSectionDone {
+			return nil
+		} else if err != nil {
+			return err
+		}
+	}
+}
+
+// AuthorityHeader parses a single Authority ResourceHeader.
+func (p *Parser) AuthorityHeader() (ResourceHeader, error) {
+	return p.resourceHeader(sectionAuthorities)
+}
+
+// Authority parses a single Authority Resource.
+func (p *Parser) Authority() (Resource, error) {
+	return p.resource(sectionAuthorities)
+}
+
+// AllAuthorities parses all Authority Resources.
+func (p *Parser) AllAuthorities() ([]Resource, error) {
+	// Authorities contains SOA in case of NXDOMAIN and friends,
+	// otherwise it is empty.
+	//
+	// Pre-allocate up to a certain limit, since p.header is
+	// untrusted data.
+	n := int(p.header.authorities)
+	if n > 10 {
+		n = 10
+	}
+	as := make([]Resource, 0, n)
+	for {
+		a, err := p.Authority()
+		if err == ErrSectionDone {
+			return as, nil
+		}
+		if err != nil {
+			return nil, err
+		}
+		as = append(as, a)
+	}
+}
+
+// SkipAuthority skips a single Authority Resource.
+func (p *Parser) SkipAuthority() error {
+	return p.skipResource(sectionAuthorities)
+}
+
+// SkipAllAuthorities skips all Authority Resources.
+func (p *Parser) SkipAllAuthorities() error {
+	for {
+		if err := p.SkipAuthority(); err == ErrSectionDone {
+			return nil
+		} else if err != nil {
+			return err
+		}
+	}
+}
+
+// AdditionalHeader parses a single Additional ResourceHeader.
+func (p *Parser) AdditionalHeader() (ResourceHeader, error) {
+	return p.resourceHeader(sectionAdditionals)
+}
+
+// Additional parses a single Additional Resource.
+func (p *Parser) Additional() (Resource, error) {
+	return p.resource(sectionAdditionals)
+}
+
+// AllAdditionals parses all Additional Resources.
+func (p *Parser) AllAdditionals() ([]Resource, error) {
+	// Additionals usually contain OPT, and sometimes A/AAAA
+	// glue records.
+	//
+	// Pre-allocate up to a certain limit, since p.header is
+	// untrusted data.
+	n := int(p.header.additionals)
+	if n > 10 {
+		n = 10
+	}
+	as := make([]Resource, 0, n)
+	for {
+		a, err := p.Additional()
+		if err == ErrSectionDone {
+			return as, nil
+		}
+		if err != nil {
+			return nil, err
+		}
+		as = append(as, a)
+	}
+}
+
+// SkipAdditional skips a single Additional Resource.
+func (p *Parser) SkipAdditional() error {
+	return p.skipResource(sectionAdditionals)
+}
+
+// SkipAllAdditionals skips all Additional Resources.
+func (p *Parser) SkipAllAdditionals() error {
+	for {
+		if err := p.SkipAdditional(); err == ErrSectionDone {
+			return nil
+		} else if err != nil {
+			return err
+		}
+	}
+}
+
+// CNAMEResource parses a single CNAMEResource.
+//
+// One of the XXXHeader methods must have been called before calling this
+// method.
+func (p *Parser) CNAMEResource() (CNAMEResource, error) {
+	if !p.resHeaderValid || p.resHeader.Type != TypeCNAME {
+		return CNAMEResource{}, ErrNotStarted
+	}
+	r, err := unpackCNAMEResource(p.msg, p.off)
+	if err != nil {
+		return CNAMEResource{}, err
+	}
+	p.off += int(p.resHeader.Length)
+	p.resHeaderValid = false
+	p.index++
+	return r, nil
+}
+
+// MXResource parses a single MXResource.
+//
+// One of the XXXHeader methods must have been called before calling this
+// method.
+func (p *Parser) MXResource() (MXResource, error) {
+	if !p.resHeaderValid || p.resHeader.Type != TypeMX {
+		return MXResource{}, ErrNotStarted
+	}
+	r, err := unpackMXResource(p.msg, p.off)
+	if err != nil {
+		return MXResource{}, err
+	}
+	p.off += int(p.resHeader.Length)
+	p.resHeaderValid = false
+	p.index++
+	return r, nil
+}
+
+// NSResource parses a single NSResource.
+//
+// One of the XXXHeader methods must have been called before calling this
+// method.
+func (p *Parser) NSResource() (NSResource, error) {
+	if !p.resHeaderValid || p.resHeader.Type != TypeNS {
+		return NSResource{}, ErrNotStarted
+	}
+	r, err := unpackNSResource(p.msg, p.off)
+	if err != nil {
+		return NSResource{}, err
+	}
+	p.off += int(p.resHeader.Length)
+	p.resHeaderValid = false
+	p.index++
+	return r, nil
+}
+
+// PTRResource parses a single PTRResource.
+//
+// One of the XXXHeader methods must have been called before calling this
+// method.
+func (p *Parser) PTRResource() (PTRResource, error) {
+	if !p.resHeaderValid || p.resHeader.Type != TypePTR {
+		return PTRResource{}, ErrNotStarted
+	}
+	r, err := unpackPTRResource(p.msg, p.off)
+	if err != nil {
+		return PTRResource{}, err
+	}
+	p.off += int(p.resHeader.Length)
+	p.resHeaderValid = false
+	p.index++
+	return r, nil
+}
+
+// SOAResource parses a single SOAResource.
+//
+// One of the XXXHeader methods must have been called before calling this
+// method.
+func (p *Parser) SOAResource() (SOAResource, error) {
+	if !p.resHeaderValid || p.resHeader.Type != TypeSOA {
+		return SOAResource{}, ErrNotStarted
+	}
+	r, err := unpackSOAResource(p.msg, p.off)
+	if err != nil {
+		return SOAResource{}, err
+	}
+	p.off += int(p.resHeader.Length)
+	p.resHeaderValid = false
+	p.index++
+	return r, nil
+}
+
+// TXTResource parses a single TXTResource.
+//
+// One of the XXXHeader methods must have been called before calling this
+// method.
+func (p *Parser) TXTResource() (TXTResource, error) {
+	if !p.resHeaderValid || p.resHeader.Type != TypeTXT {
+		return TXTResource{}, ErrNotStarted
+	}
+	r, err := unpackTXTResource(p.msg, p.off, p.resHeader.Length)
+	if err != nil {
+		return TXTResource{}, err
+	}
+	p.off += int(p.resHeader.Length)
+	p.resHeaderValid = false
+	p.index++
+	return r, nil
+}
+
+// SRVResource parses a single SRVResource.
+//
+// One of the XXXHeader methods must have been called before calling this
+// method.
+func (p *Parser) SRVResource() (SRVResource, error) {
+	if !p.resHeaderValid || p.resHeader.Type != TypeSRV {
+		return SRVResource{}, ErrNotStarted
+	}
+	r, err := unpackSRVResource(p.msg, p.off)
+	if err != nil {
+		return SRVResource{}, err
+	}
+	p.off += int(p.resHeader.Length)
+	p.resHeaderValid = false
+	p.index++
+	return r, nil
+}
+
+// AResource parses a single AResource.
+//
+// One of the XXXHeader methods must have been called before calling this
+// method.
+func (p *Parser) AResource() (AResource, error) {
+	if !p.resHeaderValid || p.resHeader.Type != TypeA {
+		return AResource{}, ErrNotStarted
+	}
+	r, err := unpackAResource(p.msg, p.off)
+	if err != nil {
+		return AResource{}, err
+	}
+	p.off += int(p.resHeader.Length)
+	p.resHeaderValid = false
+	p.index++
+	return r, nil
+}
+
+// AAAAResource parses a single AAAAResource.
+//
+// One of the XXXHeader methods must have been called before calling this
+// method.
+func (p *Parser) AAAAResource() (AAAAResource, error) {
+	if !p.resHeaderValid || p.resHeader.Type != TypeAAAA {
+		return AAAAResource{}, ErrNotStarted
+	}
+	r, err := unpackAAAAResource(p.msg, p.off)
+	if err != nil {
+		return AAAAResource{}, err
+	}
+	p.off += int(p.resHeader.Length)
+	p.resHeaderValid = false
+	p.index++
+	return r, nil
+}
+
+// OPTResource parses a single OPTResource.
+//
+// One of the XXXHeader methods must have been called before calling this
+// method.
+func (p *Parser) OPTResource() (OPTResource, error) {
+	if !p.resHeaderValid || p.resHeader.Type != TypeOPT {
+		return OPTResource{}, ErrNotStarted
+	}
+	r, err := unpackOPTResource(p.msg, p.off, p.resHeader.Length)
+	if err != nil {
+		return OPTResource{}, err
+	}
+	p.off += int(p.resHeader.Length)
+	p.resHeaderValid = false
+	p.index++
+	return r, nil
+}
+
+// Unpack parses a full Message.
+func (m *Message) Unpack(msg []byte) error {
+	var p Parser
+	var err error
+	if m.Header, err = p.Start(msg); err != nil {
+		return err
+	}
+	if m.Questions, err = p.AllQuestions(); err != nil {
+		return err
+	}
+	if m.Answers, err = p.AllAnswers(); err != nil {
+		return err
+	}
+	if m.Authorities, err = p.AllAuthorities(); err != nil {
+		return err
+	}
+	if m.Additionals, err = p.AllAdditionals(); err != nil {
+		return err
+	}
+	return nil
+}
+
+// Pack packs a full Message.
+func (m *Message) Pack() ([]byte, error) {
+	return m.AppendPack(make([]byte, 0, packStartingCap))
+}
+
+// AppendPack is like Pack but appends the full Message to b and returns the
+// extended buffer.
+func (m *Message) AppendPack(b []byte) ([]byte, error) {
+	// Validate the lengths. It is very unlikely that anyone will try to
+	// pack more than 65535 of any particular type, but it is possible and
+	// we should fail gracefully.
+	if len(m.Questions) > int(^uint16(0)) {
+		return nil, errTooManyQuestions
+	}
+	if len(m.Answers) > int(^uint16(0)) {
+		return nil, errTooManyAnswers
+	}
+	if len(m.Authorities) > int(^uint16(0)) {
+		return nil, errTooManyAuthorities
+	}
+	if len(m.Additionals) > int(^uint16(0)) {
+		return nil, errTooManyAdditionals
+	}
+
+	var h header
+	h.id, h.bits = m.Header.pack()
+
+	h.questions = uint16(len(m.Questions))
+	h.answers = uint16(len(m.Answers))
+	h.authorities = uint16(len(m.Authorities))
+	h.additionals = uint16(len(m.Additionals))
+
+	compressionOff := len(b)
+	msg := h.pack(b)
+
+	// RFC 1035 allows (but does not require) compression for packing. RFC
+	// 1035 requires unpacking implementations to support compression, so
+	// unconditionally enabling it is fine.
+	//
+	// DNS lookups are typically done over UDP, and RFC 1035 states that UDP
+	// DNS messages can be a maximum of 512 bytes long. Without compression,
+	// many DNS response messages are over this limit, so enabling
+	// compression will help ensure compliance.
+	compression := map[string]int{}
+
+	for i := range m.Questions {
+		var err error
+		if msg, err = m.Questions[i].pack(msg, compression, compressionOff); err != nil {
+			return nil, &nestedError{"packing Question", err}
+		}
+	}
+	for i := range m.Answers {
+		var err error
+		if msg, err = m.Answers[i].pack(msg, compression, compressionOff); err != nil {
+			return nil, &nestedError{"packing Answer", err}
+		}
+	}
+	for i := range m.Authorities {
+		var err error
+		if msg, err = m.Authorities[i].pack(msg, compression, compressionOff); err != nil {
+			return nil, &nestedError{"packing Authority", err}
+		}
+	}
+	for i := range m.Additionals {
+		var err error
+		if msg, err = m.Additionals[i].pack(msg, compression, compressionOff); err != nil {
+			return nil, &nestedError{"packing Additional", err}
+		}
+	}
+
+	return msg, nil
+}
+
+// GoString implements fmt.GoStringer.GoString.
+func (m *Message) GoString() string {
+	s := "dnsmessage.Message{Header: " + m.Header.GoString() + ", " +
+		"Questions: []dnsmessage.Question{"
+	if len(m.Questions) > 0 {
+		s += m.Questions[0].GoString()
+		for _, q := range m.Questions[1:] {
+			s += ", " + q.GoString()
+		}
+	}
+	s += "}, Answers: []dnsmessage.Resource{"
+	if len(m.Answers) > 0 {
+		s += m.Answers[0].GoString()
+		for _, a := range m.Answers[1:] {
+			s += ", " + a.GoString()
+		}
+	}
+	s += "}, Authorities: []dnsmessage.Resource{"
+	if len(m.Authorities) > 0 {
+		s += m.Authorities[0].GoString()
+		for _, a := range m.Authorities[1:] {
+			s += ", " + a.GoString()
+		}
+	}
+	s += "}, Additionals: []dnsmessage.Resource{"
+	if len(m.Additionals) > 0 {
+		s += m.Additionals[0].GoString()
+		for _, a := range m.Additionals[1:] {
+			s += ", " + a.GoString()
+		}
+	}
+	return s + "}}"
+}
+
+// A Builder allows incrementally packing a DNS message.
+//
+// Example usage:
+//	buf := make([]byte, 2, 514)
+//	b := NewBuilder(buf, Header{...})
+//	b.EnableCompression()
+//	// Optionally start a section and add things to that section.
+//	// Repeat adding sections as necessary.
+//	buf, err := b.Finish()
+//	// If err is nil, buf[2:] will contain the built bytes.
+type Builder struct {
+	// msg is the storage for the message being built.
+	msg []byte
+
+	// section keeps track of the current section being built.
+	section section
+
+	// header keeps track of what should go in the header when Finish is
+	// called.
+	header header
+
+	// start is the starting index of the bytes allocated in msg for header.
+	start int
+
+	// compression is a mapping from name suffixes to their starting index
+	// in msg.
+	compression map[string]int
+}
+
+// NewBuilder creates a new builder with compression disabled.
+//
+// Note: Most users will want to immediately enable compression with the
+// EnableCompression method. See that method's comment for why you may or may
+// not want to enable compression.
+//
+// The DNS message is appended to the provided initial buffer buf (which may be
+// nil) as it is built. The final message is returned by the (*Builder).Finish
+// method, which may return the same underlying array if there was sufficient
+// capacity in the slice.
+func NewBuilder(buf []byte, h Header) Builder {
+	if buf == nil {
+		buf = make([]byte, 0, packStartingCap)
+	}
+	b := Builder{msg: buf, start: len(buf)}
+	b.header.id, b.header.bits = h.pack()
+	var hb [headerLen]byte
+	b.msg = append(b.msg, hb[:]...)
+	b.section = sectionHeader
+	return b
+}
+
+// EnableCompression enables compression in the Builder.
+//
+// Leaving compression disabled avoids compression related allocations, but can
+// result in larger message sizes. Be careful with this mode as it can cause
+// messages to exceed the UDP size limit.
+//
+// According to RFC 1035, section 4.1.4, the use of compression is optional, but
+// all implementations must accept both compressed and uncompressed DNS
+// messages.
+//
+// Compression should be enabled before any sections are added for best results.
+func (b *Builder) EnableCompression() {
+	b.compression = map[string]int{}
+}
+
+func (b *Builder) startCheck(s section) error {
+	if b.section <= sectionNotStarted {
+		return ErrNotStarted
+	}
+	if b.section > s {
+		return ErrSectionDone
+	}
+	return nil
+}
+
+// StartQuestions prepares the builder for packing Questions.
+func (b *Builder) StartQuestions() error {
+	if err := b.startCheck(sectionQuestions); err != nil {
+		return err
+	}
+	b.section = sectionQuestions
+	return nil
+}
+
+// StartAnswers prepares the builder for packing Answers.
+func (b *Builder) StartAnswers() error {
+	if err := b.startCheck(sectionAnswers); err != nil {
+		return err
+	}
+	b.section = sectionAnswers
+	return nil
+}
+
+// StartAuthorities prepares the builder for packing Authorities.
+func (b *Builder) StartAuthorities() error {
+	if err := b.startCheck(sectionAuthorities); err != nil {
+		return err
+	}
+	b.section = sectionAuthorities
+	return nil
+}
+
+// StartAdditionals prepares the builder for packing Additionals.
+func (b *Builder) StartAdditionals() error {
+	if err := b.startCheck(sectionAdditionals); err != nil {
+		return err
+	}
+	b.section = sectionAdditionals
+	return nil
+}
+
+func (b *Builder) incrementSectionCount() error {
+	var count *uint16
+	var err error
+	switch b.section {
+	case sectionQuestions:
+		count = &b.header.questions
+		err = errTooManyQuestions
+	case sectionAnswers:
+		count = &b.header.answers
+		err = errTooManyAnswers
+	case sectionAuthorities:
+		count = &b.header.authorities
+		err = errTooManyAuthorities
+	case sectionAdditionals:
+		count = &b.header.additionals
+		err = errTooManyAdditionals
+	}
+	if *count == ^uint16(0) {
+		return err
+	}
+	*count++
+	return nil
+}
+
+// Question adds a single Question.
+func (b *Builder) Question(q Question) error {
+	if b.section < sectionQuestions {
+		return ErrNotStarted
+	}
+	if b.section > sectionQuestions {
+		return ErrSectionDone
+	}
+	msg, err := q.pack(b.msg, b.compression, b.start)
+	if err != nil {
+		return err
+	}
+	if err := b.incrementSectionCount(); err != nil {
+		return err
+	}
+	b.msg = msg
+	return nil
+}
+
+func (b *Builder) checkResourceSection() error {
+	if b.section < sectionAnswers {
+		return ErrNotStarted
+	}
+	if b.section > sectionAdditionals {
+		return ErrSectionDone
+	}
+	return nil
+}
+
+// CNAMEResource adds a single CNAMEResource.
+func (b *Builder) CNAMEResource(h ResourceHeader, r CNAMEResource) error {
+	if err := b.checkResourceSection(); err != nil {
+		return err
+	}
+	h.Type = r.realType()
+	msg, lenOff, err := h.pack(b.msg, b.compression, b.start)
+	if err != nil {
+		return &nestedError{"ResourceHeader", err}
+	}
+	preLen := len(msg)
+	if msg, err = r.pack(msg, b.compression, b.start); err != nil {
+		return &nestedError{"CNAMEResource body", err}
+	}
+	if err := h.fixLen(msg, lenOff, preLen); err != nil {
+		return err
+	}
+	if err := b.incrementSectionCount(); err != nil {
+		return err
+	}
+	b.msg = msg
+	return nil
+}
+
+// MXResource adds a single MXResource.
+func (b *Builder) MXResource(h ResourceHeader, r MXResource) error {
+	if err := b.checkResourceSection(); err != nil {
+		return err
+	}
+	h.Type = r.realType()
+	msg, lenOff, err := h.pack(b.msg, b.compression, b.start)
+	if err != nil {
+		return &nestedError{"ResourceHeader", err}
+	}
+	preLen := len(msg)
+	if msg, err = r.pack(msg, b.compression, b.start); err != nil {
+		return &nestedError{"MXResource body", err}
+	}
+	if err := h.fixLen(msg, lenOff, preLen); err != nil {
+		return err
+	}
+	if err := b.incrementSectionCount(); err != nil {
+		return err
+	}
+	b.msg = msg
+	return nil
+}
+
+// NSResource adds a single NSResource.
+func (b *Builder) NSResource(h ResourceHeader, r NSResource) error {
+	if err := b.checkResourceSection(); err != nil {
+		return err
+	}
+	h.Type = r.realType()
+	msg, lenOff, err := h.pack(b.msg, b.compression, b.start)
+	if err != nil {
+		return &nestedError{"ResourceHeader", err}
+	}
+	preLen := len(msg)
+	if msg, err = r.pack(msg, b.compression, b.start); err != nil {
+		return &nestedError{"NSResource body", err}
+	}
+	if err := h.fixLen(msg, lenOff, preLen); err != nil {
+		return err
+	}
+	if err := b.incrementSectionCount(); err != nil {
+		return err
+	}
+	b.msg = msg
+	return nil
+}
+
+// PTRResource adds a single PTRResource.
+func (b *Builder) PTRResource(h ResourceHeader, r PTRResource) error {
+	if err := b.checkResourceSection(); err != nil {
+		return err
+	}
+	h.Type = r.realType()
+	msg, lenOff, err := h.pack(b.msg, b.compression, b.start)
+	if err != nil {
+		return &nestedError{"ResourceHeader", err}
+	}
+	preLen := len(msg)
+	if msg, err = r.pack(msg, b.compression, b.start); err != nil {
+		return &nestedError{"PTRResource body", err}
+	}
+	if err := h.fixLen(msg, lenOff, preLen); err != nil {
+		return err
+	}
+	if err := b.incrementSectionCount(); err != nil {
+		return err
+	}
+	b.msg = msg
+	return nil
+}
+
+// SOAResource adds a single SOAResource.
+func (b *Builder) SOAResource(h ResourceHeader, r SOAResource) error {
+	if err := b.checkResourceSection(); err != nil {
+		return err
+	}
+	h.Type = r.realType()
+	msg, lenOff, err := h.pack(b.msg, b.compression, b.start)
+	if err != nil {
+		return &nestedError{"ResourceHeader", err}
+	}
+	preLen := len(msg)
+	if msg, err = r.pack(msg, b.compression, b.start); err != nil {
+		return &nestedError{"SOAResource body", err}
+	}
+	if err := h.fixLen(msg, lenOff, preLen); err != nil {
+		return err
+	}
+	if err := b.incrementSectionCount(); err != nil {
+		return err
+	}
+	b.msg = msg
+	return nil
+}
+
+// TXTResource adds a single TXTResource.
+func (b *Builder) TXTResource(h ResourceHeader, r TXTResource) error {
+	if err := b.checkResourceSection(); err != nil {
+		return err
+	}
+	h.Type = r.realType()
+	msg, lenOff, err := h.pack(b.msg, b.compression, b.start)
+	if err != nil {
+		return &nestedError{"ResourceHeader", err}
+	}
+	preLen := len(msg)
+	if msg, err = r.pack(msg, b.compression, b.start); err != nil {
+		return &nestedError{"TXTResource body", err}
+	}
+	if err := h.fixLen(msg, lenOff, preLen); err != nil {
+		return err
+	}
+	if err := b.incrementSectionCount(); err != nil {
+		return err
+	}
+	b.msg = msg
+	return nil
+}
+
+// SRVResource adds a single SRVResource.
+func (b *Builder) SRVResource(h ResourceHeader, r SRVResource) error {
+	if err := b.checkResourceSection(); err != nil {
+		return err
+	}
+	h.Type = r.realType()
+	msg, lenOff, err := h.pack(b.msg, b.compression, b.start)
+	if err != nil {
+		return &nestedError{"ResourceHeader", err}
+	}
+	preLen := len(msg)
+	if msg, err = r.pack(msg, b.compression, b.start); err != nil {
+		return &nestedError{"SRVResource body", err}
+	}
+	if err := h.fixLen(msg, lenOff, preLen); err != nil {
+		return err
+	}
+	if err := b.incrementSectionCount(); err != nil {
+		return err
+	}
+	b.msg = msg
+	return nil
+}
+
+// AResource adds a single AResource.
+func (b *Builder) AResource(h ResourceHeader, r AResource) error {
+	if err := b.checkResourceSection(); err != nil {
+		return err
+	}
+	h.Type = r.realType()
+	msg, lenOff, err := h.pack(b.msg, b.compression, b.start)
+	if err != nil {
+		return &nestedError{"ResourceHeader", err}
+	}
+	preLen := len(msg)
+	if msg, err = r.pack(msg, b.compression, b.start); err != nil {
+		return &nestedError{"AResource body", err}
+	}
+	if err := h.fixLen(msg, lenOff, preLen); err != nil {
+		return err
+	}
+	if err := b.incrementSectionCount(); err != nil {
+		return err
+	}
+	b.msg = msg
+	return nil
+}
+
+// AAAAResource adds a single AAAAResource.
+func (b *Builder) AAAAResource(h ResourceHeader, r AAAAResource) error {
+	if err := b.checkResourceSection(); err != nil {
+		return err
+	}
+	h.Type = r.realType()
+	msg, lenOff, err := h.pack(b.msg, b.compression, b.start)
+	if err != nil {
+		return &nestedError{"ResourceHeader", err}
+	}
+	preLen := len(msg)
+	if msg, err = r.pack(msg, b.compression, b.start); err != nil {
+		return &nestedError{"AAAAResource body", err}
+	}
+	if err := h.fixLen(msg, lenOff, preLen); err != nil {
+		return err
+	}
+	if err := b.incrementSectionCount(); err != nil {
+		return err
+	}
+	b.msg = msg
+	return nil
+}
+
+// OPTResource adds a single OPTResource.
+func (b *Builder) OPTResource(h ResourceHeader, r OPTResource) error {
+	if err := b.checkResourceSection(); err != nil {
+		return err
+	}
+	h.Type = r.realType()
+	msg, lenOff, err := h.pack(b.msg, b.compression, b.start)
+	if err != nil {
+		return &nestedError{"ResourceHeader", err}
+	}
+	preLen := len(msg)
+	if msg, err = r.pack(msg, b.compression, b.start); err != nil {
+		return &nestedError{"OPTResource body", err}
+	}
+	if err := h.fixLen(msg, lenOff, preLen); err != nil {
+		return err
+	}
+	if err := b.incrementSectionCount(); err != nil {
+		return err
+	}
+	b.msg = msg
+	return nil
+}
+
+// Finish ends message building and generates a binary message.
+func (b *Builder) Finish() ([]byte, error) {
+	if b.section < sectionHeader {
+		return nil, ErrNotStarted
+	}
+	b.section = sectionDone
+	// Space for the header was allocated in NewBuilder.
+	b.header.pack(b.msg[b.start:b.start])
+	return b.msg, nil
+}
+
+// A ResourceHeader is the header of a DNS resource record. There are
+// many types of DNS resource records, but they all share the same header.
+type ResourceHeader struct {
+	// Name is the domain name for which this resource record pertains.
+	Name Name
+
+	// Type is the type of DNS resource record.
+	//
+	// This field will be set automatically during packing.
+	Type Type
+
+	// Class is the class of network to which this DNS resource record
+	// pertains.
+	Class Class
+
+	// TTL is the length of time (measured in seconds) which this resource
+	// record is valid for (time to live). All Resources in a set should
+	// have the same TTL (RFC 2181 Section 5.2).
+	TTL uint32
+
+	// Length is the length of data in the resource record after the header.
+	//
+	// This field will be set automatically during packing.
+	Length uint16
+}
+
+// GoString implements fmt.GoStringer.GoString.
+func (h *ResourceHeader) GoString() string {
+	return "dnsmessage.ResourceHeader{" +
+		"Name: " + h.Name.GoString() + ", " +
+		"Type: " + h.Type.GoString() + ", " +
+		"Class: " + h.Class.GoString() + ", " +
+		"TTL: " + printUint32(h.TTL) + ", " +
+		"Length: " + printUint16(h.Length) + "}"
+}
+
+// pack appends the wire format of the ResourceHeader to oldMsg.
+//
+// lenOff is the offset in msg where the Length field was packed.
+func (h *ResourceHeader) pack(oldMsg []byte, compression map[string]int, compressionOff int) (msg []byte, lenOff int, err error) {
+	msg = oldMsg
+	if msg, err = h.Name.pack(msg, compression, compressionOff); err != nil {
+		return oldMsg, 0, &nestedError{"Name", err}
+	}
+	msg = packType(msg, h.Type)
+	msg = packClass(msg, h.Class)
+	msg = packUint32(msg, h.TTL)
+	lenOff = len(msg)
+	msg = packUint16(msg, h.Length)
+	return msg, lenOff, nil
+}
+
+func (h *ResourceHeader) unpack(msg []byte, off int) (int, error) {
+	newOff := off
+	var err error
+	if newOff, err = h.Name.unpack(msg, newOff); err != nil {
+		return off, &nestedError{"Name", err}
+	}
+	if h.Type, newOff, err = unpackType(msg, newOff); err != nil {
+		return off, &nestedError{"Type", err}
+	}
+	if h.Class, newOff, err = unpackClass(msg, newOff); err != nil {
+		return off, &nestedError{"Class", err}
+	}
+	if h.TTL, newOff, err = unpackUint32(msg, newOff); err != nil {
+		return off, &nestedError{"TTL", err}
+	}
+	if h.Length, newOff, err = unpackUint16(msg, newOff); err != nil {
+		return off, &nestedError{"Length", err}
+	}
+	return newOff, nil
+}
+
+// fixLen updates a packed ResourceHeader to include the length of the
+// ResourceBody.
+//
+// lenOff is the offset of the ResourceHeader.Length field in msg.
+//
+// preLen is the length that msg was before the ResourceBody was packed.
+func (h *ResourceHeader) fixLen(msg []byte, lenOff int, preLen int) error {
+	conLen := len(msg) - preLen
+	if conLen > int(^uint16(0)) {
+		return errResTooLong
+	}
+
+	// Fill in the length now that we know how long the content is.
+	packUint16(msg[lenOff:lenOff], uint16(conLen))
+	h.Length = uint16(conLen)
+
+	return nil
+}
+
+// EDNS(0) wire constants.
+const (
+	edns0Version = 0
+
+	edns0DNSSECOK     = 0x00008000
+	ednsVersionMask   = 0x00ff0000
+	edns0DNSSECOKMask = 0x00ff8000
+)
+
+// SetEDNS0 configures h for EDNS(0).
+//
+// The provided extRCode must be an extedned RCode.
+func (h *ResourceHeader) SetEDNS0(udpPayloadLen int, extRCode RCode, dnssecOK bool) error {
+	h.Name = Name{Data: [nameLen]byte{'.'}, Length: 1} // RFC 6891 section 6.1.2
+	h.Type = TypeOPT
+	h.Class = Class(udpPayloadLen)
+	h.TTL = uint32(extRCode) >> 4 << 24
+	if dnssecOK {
+		h.TTL |= edns0DNSSECOK
+	}
+	return nil
+}
+
+// DNSSECAllowed reports whether the DNSSEC OK bit is set.
+func (h *ResourceHeader) DNSSECAllowed() bool {
+	return h.TTL&edns0DNSSECOKMask == edns0DNSSECOK // RFC 6891 section 6.1.3
+}
+
+// ExtendedRCode returns an extended RCode.
+//
+// The provided rcode must be the RCode in DNS message header.
+func (h *ResourceHeader) ExtendedRCode(rcode RCode) RCode {
+	if h.TTL&ednsVersionMask == edns0Version { // RFC 6891 section 6.1.3
+		return RCode(h.TTL>>24<<4) | rcode
+	}
+	return rcode
+}
+
+func skipResource(msg []byte, off int) (int, error) {
+	newOff, err := skipName(msg, off)
+	if err != nil {
+		return off, &nestedError{"Name", err}
+	}
+	if newOff, err = skipType(msg, newOff); err != nil {
+		return off, &nestedError{"Type", err}
+	}
+	if newOff, err = skipClass(msg, newOff); err != nil {
+		return off, &nestedError{"Class", err}
+	}
+	if newOff, err = skipUint32(msg, newOff); err != nil {
+		return off, &nestedError{"TTL", err}
+	}
+	length, newOff, err := unpackUint16(msg, newOff)
+	if err != nil {
+		return off, &nestedError{"Length", err}
+	}
+	if newOff += int(length); newOff > len(msg) {
+		return off, errResourceLen
+	}
+	return newOff, nil
+}
+
+// packUint16 appends the wire format of field to msg.
+func packUint16(msg []byte, field uint16) []byte {
+	return append(msg, byte(field>>8), byte(field))
+}
+
+func unpackUint16(msg []byte, off int) (uint16, int, error) {
+	if off+uint16Len > len(msg) {
+		return 0, off, errBaseLen
+	}
+	return uint16(msg[off])<<8 | uint16(msg[off+1]), off + uint16Len, nil
+}
+
+func skipUint16(msg []byte, off int) (int, error) {
+	if off+uint16Len > len(msg) {
+		return off, errBaseLen
+	}
+	return off + uint16Len, nil
+}
+
+// packType appends the wire format of field to msg.
+func packType(msg []byte, field Type) []byte {
+	return packUint16(msg, uint16(field))
+}
+
+func unpackType(msg []byte, off int) (Type, int, error) {
+	t, o, err := unpackUint16(msg, off)
+	return Type(t), o, err
+}
+
+func skipType(msg []byte, off int) (int, error) {
+	return skipUint16(msg, off)
+}
+
+// packClass appends the wire format of field to msg.
+func packClass(msg []byte, field Class) []byte {
+	return packUint16(msg, uint16(field))
+}
+
+func unpackClass(msg []byte, off int) (Class, int, error) {
+	c, o, err := unpackUint16(msg, off)
+	return Class(c), o, err
+}
+
+func skipClass(msg []byte, off int) (int, error) {
+	return skipUint16(msg, off)
+}
+
+// packUint32 appends the wire format of field to msg.
+func packUint32(msg []byte, field uint32) []byte {
+	return append(
+		msg,
+		byte(field>>24),
+		byte(field>>16),
+		byte(field>>8),
+		byte(field),
+	)
+}
+
+func unpackUint32(msg []byte, off int) (uint32, int, error) {
+	if off+uint32Len > len(msg) {
+		return 0, off, errBaseLen
+	}
+	v := uint32(msg[off])<<24 | uint32(msg[off+1])<<16 | uint32(msg[off+2])<<8 | uint32(msg[off+3])
+	return v, off + uint32Len, nil
+}
+
+func skipUint32(msg []byte, off int) (int, error) {
+	if off+uint32Len > len(msg) {
+		return off, errBaseLen
+	}
+	return off + uint32Len, nil
+}
+
+// packText appends the wire format of field to msg.
+func packText(msg []byte, field string) ([]byte, error) {
+	l := len(field)
+	if l > 255 {
+		return nil, errStringTooLong
+	}
+	msg = append(msg, byte(l))
+	msg = append(msg, field...)
+
+	return msg, nil
+}
+
+func unpackText(msg []byte, off int) (string, int, error) {
+	if off >= len(msg) {
+		return "", off, errBaseLen
+	}
+	beginOff := off + 1
+	endOff := beginOff + int(msg[off])
+	if endOff > len(msg) {
+		return "", off, errCalcLen
+	}
+	return string(msg[beginOff:endOff]), endOff, nil
+}
+
+// packBytes appends the wire format of field to msg.
+func packBytes(msg []byte, field []byte) []byte {
+	return append(msg, field...)
+}
+
+func unpackBytes(msg []byte, off int, field []byte) (int, error) {
+	newOff := off + len(field)
+	if newOff > len(msg) {
+		return off, errBaseLen
+	}
+	copy(field, msg[off:newOff])
+	return newOff, nil
+}
+
+const nameLen = 255
+
+// A Name is a non-encoded domain name. It is used instead of strings to avoid
+// allocations.
+type Name struct {
+	Data   [nameLen]byte
+	Length uint8
+}
+
+// NewName creates a new Name from a string.
+func NewName(name string) (Name, error) {
+	if len([]byte(name)) > nameLen {
+		return Name{}, errCalcLen
+	}
+	n := Name{Length: uint8(len(name))}
+	copy(n.Data[:], []byte(name))
+	return n, nil
+}
+
+// MustNewName creates a new Name from a string and panics on error.
+func MustNewName(name string) Name {
+	n, err := NewName(name)
+	if err != nil {
+		panic("creating name: " + err.Error())
+	}
+	return n
+}
+
+// String implements fmt.Stringer.String.
+func (n Name) String() string {
+	return string(n.Data[:n.Length])
+}
+
+// GoString implements fmt.GoStringer.GoString.
+func (n *Name) GoString() string {
+	return `dnsmessage.MustNewName("` + printString(n.Data[:n.Length]) + `")`
+}
+
+// pack appends the wire format of the Name to msg.
+//
+// Domain names are a sequence of counted strings split at the dots. They end
+// with a zero-length string. Compression can be used to reuse domain suffixes.
+//
+// The compression map will be updated with new domain suffixes. If compression
+// is nil, compression will not be used.
+func (n *Name) pack(msg []byte, compression map[string]int, compressionOff int) ([]byte, error) {
+	oldMsg := msg
+
+	// Add a trailing dot to canonicalize name.
+	if n.Length == 0 || n.Data[n.Length-1] != '.' {
+		return oldMsg, errNonCanonicalName
+	}
+
+	// Allow root domain.
+	if n.Data[0] == '.' && n.Length == 1 {
+		return append(msg, 0), nil
+	}
+
+	// Emit sequence of counted strings, chopping at dots.
+	for i, begin := 0, 0; i < int(n.Length); i++ {
+		// Check for the end of the segment.
+		if n.Data[i] == '.' {
+			// The two most significant bits have special meaning.
+			// It isn't allowed for segments to be long enough to
+			// need them.
+			if i-begin >= 1<<6 {
+				return oldMsg, errSegTooLong
+			}
+
+			// Segments must have a non-zero length.
+			if i-begin == 0 {
+				return oldMsg, errZeroSegLen
+			}
+
+			msg = append(msg, byte(i-begin))
+
+			for j := begin; j < i; j++ {
+				msg = append(msg, n.Data[j])
+			}
+
+			begin = i + 1
+			continue
+		}
+
+		// We can only compress domain suffixes starting with a new
+		// segment. A pointer is two bytes with the two most significant
+		// bits set to 1 to indicate that it is a pointer.
+		if (i == 0 || n.Data[i-1] == '.') && compression != nil {
+			if ptr, ok := compression[string(n.Data[i:])]; ok {
+				// Hit. Emit a pointer instead of the rest of
+				// the domain.
+				return append(msg, byte(ptr>>8|0xC0), byte(ptr)), nil
+			}
+
+			// Miss. Add the suffix to the compression table if the
+			// offset can be stored in the available 14 bytes.
+			if len(msg) <= int(^uint16(0)>>2) {
+				compression[string(n.Data[i:])] = len(msg) - compressionOff
+			}
+		}
+	}
+	return append(msg, 0), nil
+}
+
+// unpack unpacks a domain name.
+func (n *Name) unpack(msg []byte, off int) (int, error) {
+	return n.unpackCompressed(msg, off, true /* allowCompression */)
+}
+
+func (n *Name) unpackCompressed(msg []byte, off int, allowCompression bool) (int, error) {
+	// currOff is the current working offset.
+	currOff := off
+
+	// newOff is the offset where the next record will start. Pointers lead
+	// to data that belongs to other names and thus doesn't count towards to
+	// the usage of this name.
+	newOff := off
+
+	// ptr is the number of pointers followed.
+	var ptr int
+
+	// Name is a slice representation of the name data.
+	name := n.Data[:0]
+
+Loop:
+	for {
+		if currOff >= len(msg) {
+			return off, errBaseLen
+		}
+		c := int(msg[currOff])
+		currOff++
+		switch c & 0xC0 {
+		case 0x00: // String segment
+			if c == 0x00 {
+				// A zero length signals the end of the name.
+				break Loop
+			}
+			endOff := currOff + c
+			if endOff > len(msg) {
+				return off, errCalcLen
+			}
+			name = append(name, msg[currOff:endOff]...)
+			name = append(name, '.')
+			currOff = endOff
+		case 0xC0: // Pointer
+			if !allowCompression {
+				return off, errCompressedSRV
+			}
+			if currOff >= len(msg) {
+				return off, errInvalidPtr
+			}
+			c1 := msg[currOff]
+			currOff++
+			if ptr == 0 {
+				newOff = currOff
+			}
+			// Don't follow too many pointers, maybe there's a loop.
+			if ptr++; ptr > 10 {
+				return off, errTooManyPtr
+			}
+			currOff = (c^0xC0)<<8 | int(c1)
+		default:
+			// Prefixes 0x80 and 0x40 are reserved.
+			return off, errReserved
+		}
+	}
+	if len(name) == 0 {
+		name = append(name, '.')
+	}
+	if len(name) > len(n.Data) {
+		return off, errCalcLen
+	}
+	n.Length = uint8(len(name))
+	if ptr == 0 {
+		newOff = currOff
+	}
+	return newOff, nil
+}
+
+func skipName(msg []byte, off int) (int, error) {
+	// newOff is the offset where the next record will start. Pointers lead
+	// to data that belongs to other names and thus doesn't count towards to
+	// the usage of this name.
+	newOff := off
+
+Loop:
+	for {
+		if newOff >= len(msg) {
+			return off, errBaseLen
+		}
+		c := int(msg[newOff])
+		newOff++
+		switch c & 0xC0 {
+		case 0x00:
+			if c == 0x00 {
+				// A zero length signals the end of the name.
+				break Loop
+			}
+			// literal string
+			newOff += c
+			if newOff > len(msg) {
+				return off, errCalcLen
+			}
+		case 0xC0:
+			// Pointer to somewhere else in msg.
+
+			// Pointers are two bytes.
+			newOff++
+
+			// Don't follow the pointer as the data here has ended.
+			break Loop
+		default:
+			// Prefixes 0x80 and 0x40 are reserved.
+			return off, errReserved
+		}
+	}
+
+	return newOff, nil
+}
+
+// A Question is a DNS query.
+type Question struct {
+	Name  Name
+	Type  Type
+	Class Class
+}
+
+// pack appends the wire format of the Question to msg.
+func (q *Question) pack(msg []byte, compression map[string]int, compressionOff int) ([]byte, error) {
+	msg, err := q.Name.pack(msg, compression, compressionOff)
+	if err != nil {
+		return msg, &nestedError{"Name", err}
+	}
+	msg = packType(msg, q.Type)
+	return packClass(msg, q.Class), nil
+}
+
+// GoString implements fmt.GoStringer.GoString.
+func (q *Question) GoString() string {
+	return "dnsmessage.Question{" +
+		"Name: " + q.Name.GoString() + ", " +
+		"Type: " + q.Type.GoString() + ", " +
+		"Class: " + q.Class.GoString() + "}"
+}
+
+func unpackResourceBody(msg []byte, off int, hdr ResourceHeader) (ResourceBody, int, error) {
+	var (
+		r    ResourceBody
+		err  error
+		name string
+	)
+	switch hdr.Type {
+	case TypeA:
+		var rb AResource
+		rb, err = unpackAResource(msg, off)
+		r = &rb
+		name = "A"
+	case TypeNS:
+		var rb NSResource
+		rb, err = unpackNSResource(msg, off)
+		r = &rb
+		name = "NS"
+	case TypeCNAME:
+		var rb CNAMEResource
+		rb, err = unpackCNAMEResource(msg, off)
+		r = &rb
+		name = "CNAME"
+	case TypeSOA:
+		var rb SOAResource
+		rb, err = unpackSOAResource(msg, off)
+		r = &rb
+		name = "SOA"
+	case TypePTR:
+		var rb PTRResource
+		rb, err = unpackPTRResource(msg, off)
+		r = &rb
+		name = "PTR"
+	case TypeMX:
+		var rb MXResource
+		rb, err = unpackMXResource(msg, off)
+		r = &rb
+		name = "MX"
+	case TypeTXT:
+		var rb TXTResource
+		rb, err = unpackTXTResource(msg, off, hdr.Length)
+		r = &rb
+		name = "TXT"
+	case TypeAAAA:
+		var rb AAAAResource
+		rb, err = unpackAAAAResource(msg, off)
+		r = &rb
+		name = "AAAA"
+	case TypeSRV:
+		var rb SRVResource
+		rb, err = unpackSRVResource(msg, off)
+		r = &rb
+		name = "SRV"
+	case TypeOPT:
+		var rb OPTResource
+		rb, err = unpackOPTResource(msg, off, hdr.Length)
+		r = &rb
+		name = "OPT"
+	}
+	if err != nil {
+		return nil, off, &nestedError{name + " record", err}
+	}
+	if r == nil {
+		return nil, off, errors.New("invalid resource type: " + hdr.Type.String())
+	}
+	return r, off + int(hdr.Length), nil
+}
+
+// A CNAMEResource is a CNAME Resource record.
+type CNAMEResource struct {
+	CNAME Name
+}
+
+func (r *CNAMEResource) realType() Type {
+	return TypeCNAME
+}
+
+// pack appends the wire format of the CNAMEResource to msg.
+func (r *CNAMEResource) pack(msg []byte, compression map[string]int, compressionOff int) ([]byte, error) {
+	return r.CNAME.pack(msg, compression, compressionOff)
+}
+
+// GoString implements fmt.GoStringer.GoString.
+func (r *CNAMEResource) GoString() string {
+	return "dnsmessage.CNAMEResource{CNAME: " + r.CNAME.GoString() + "}"
+}
+
+func unpackCNAMEResource(msg []byte, off int) (CNAMEResource, error) {
+	var cname Name
+	if _, err := cname.unpack(msg, off); err != nil {
+		return CNAMEResource{}, err
+	}
+	return CNAMEResource{cname}, nil
+}
+
+// An MXResource is an MX Resource record.
+type MXResource struct {
+	Pref uint16
+	MX   Name
+}
+
+func (r *MXResource) realType() Type {
+	return TypeMX
+}
+
+// pack appends the wire format of the MXResource to msg.
+func (r *MXResource) pack(msg []byte, compression map[string]int, compressionOff int) ([]byte, error) {
+	oldMsg := msg
+	msg = packUint16(msg, r.Pref)
+	msg, err := r.MX.pack(msg, compression, compressionOff)
+	if err != nil {
+		return oldMsg, &nestedError{"MXResource.MX", err}
+	}
+	return msg, nil
+}
+
+// GoString implements fmt.GoStringer.GoString.
+func (r *MXResource) GoString() string {
+	return "dnsmessage.MXResource{" +
+		"Pref: " + printUint16(r.Pref) + ", " +
+		"MX: " + r.MX.GoString() + "}"
+}
+
+func unpackMXResource(msg []byte, off int) (MXResource, error) {
+	pref, off, err := unpackUint16(msg, off)
+	if err != nil {
+		return MXResource{}, &nestedError{"Pref", err}
+	}
+	var mx Name
+	if _, err := mx.unpack(msg, off); err != nil {
+		return MXResource{}, &nestedError{"MX", err}
+	}
+	return MXResource{pref, mx}, nil
+}
+
+// An NSResource is an NS Resource record.
+type NSResource struct {
+	NS Name
+}
+
+func (r *NSResource) realType() Type {
+	return TypeNS
+}
+
+// pack appends the wire format of the NSResource to msg.
+func (r *NSResource) pack(msg []byte, compression map[string]int, compressionOff int) ([]byte, error) {
+	return r.NS.pack(msg, compression, compressionOff)
+}
+
+// GoString implements fmt.GoStringer.GoString.
+func (r *NSResource) GoString() string {
+	return "dnsmessage.NSResource{NS: " + r.NS.GoString() + "}"
+}
+
+func unpackNSResource(msg []byte, off int) (NSResource, error) {
+	var ns Name
+	if _, err := ns.unpack(msg, off); err != nil {
+		return NSResource{}, err
+	}
+	return NSResource{ns}, nil
+}
+
+// A PTRResource is a PTR Resource record.
+type PTRResource struct {
+	PTR Name
+}
+
+func (r *PTRResource) realType() Type {
+	return TypePTR
+}
+
+// pack appends the wire format of the PTRResource to msg.
+func (r *PTRResource) pack(msg []byte, compression map[string]int, compressionOff int) ([]byte, error) {
+	return r.PTR.pack(msg, compression, compressionOff)
+}
+
+// GoString implements fmt.GoStringer.GoString.
+func (r *PTRResource) GoString() string {
+	return "dnsmessage.PTRResource{PTR: " + r.PTR.GoString() + "}"
+}
+
+func unpackPTRResource(msg []byte, off int) (PTRResource, error) {
+	var ptr Name
+	if _, err := ptr.unpack(msg, off); err != nil {
+		return PTRResource{}, err
+	}
+	return PTRResource{ptr}, nil
+}
+
+// An SOAResource is an SOA Resource record.
+type SOAResource struct {
+	NS      Name
+	MBox    Name
+	Serial  uint32
+	Refresh uint32
+	Retry   uint32
+	Expire  uint32
+
+	// MinTTL the is the default TTL of Resources records which did not
+	// contain a TTL value and the TTL of negative responses. (RFC 2308
+	// Section 4)
+	MinTTL uint32
+}
+
+func (r *SOAResource) realType() Type {
+	return TypeSOA
+}
+
+// pack appends the wire format of the SOAResource to msg.
+func (r *SOAResource) pack(msg []byte, compression map[string]int, compressionOff int) ([]byte, error) {
+	oldMsg := msg
+	msg, err := r.NS.pack(msg, compression, compressionOff)
+	if err != nil {
+		return oldMsg, &nestedError{"SOAResource.NS", err}
+	}
+	msg, err = r.MBox.pack(msg, compression, compressionOff)
+	if err != nil {
+		return oldMsg, &nestedError{"SOAResource.MBox", err}
+	}
+	msg = packUint32(msg, r.Serial)
+	msg = packUint32(msg, r.Refresh)
+	msg = packUint32(msg, r.Retry)
+	msg = packUint32(msg, r.Expire)
+	return packUint32(msg, r.MinTTL), nil
+}
+
+// GoString implements fmt.GoStringer.GoString.
+func (r *SOAResource) GoString() string {
+	return "dnsmessage.SOAResource{" +
+		"NS: " + r.NS.GoString() + ", " +
+		"MBox: " + r.MBox.GoString() + ", " +
+		"Serial: " + printUint32(r.Serial) + ", " +
+		"Refresh: " + printUint32(r.Refresh) + ", " +
+		"Retry: " + printUint32(r.Retry) + ", " +
+		"Expire: " + printUint32(r.Expire) + ", " +
+		"MinTTL: " + printUint32(r.MinTTL) + "}"
+}
+
+func unpackSOAResource(msg []byte, off int) (SOAResource, error) {
+	var ns Name
+	off, err := ns.unpack(msg, off)
+	if err != nil {
+		return SOAResource{}, &nestedError{"NS", err}
+	}
+	var mbox Name
+	if off, err = mbox.unpack(msg, off); err != nil {
+		return SOAResource{}, &nestedError{"MBox", err}
+	}
+	serial, off, err := unpackUint32(msg, off)
+	if err != nil {
+		return SOAResource{}, &nestedError{"Serial", err}
+	}
+	refresh, off, err := unpackUint32(msg, off)
+	if err != nil {
+		return SOAResource{}, &nestedError{"Refresh", err}
+	}
+	retry, off, err := unpackUint32(msg, off)
+	if err != nil {
+		return SOAResource{}, &nestedError{"Retry", err}
+	}
+	expire, off, err := unpackUint32(msg, off)
+	if err != nil {
+		return SOAResource{}, &nestedError{"Expire", err}
+	}
+	minTTL, _, err := unpackUint32(msg, off)
+	if err != nil {
+		return SOAResource{}, &nestedError{"MinTTL", err}
+	}
+	return SOAResource{ns, mbox, serial, refresh, retry, expire, minTTL}, nil
+}
+
+// A TXTResource is a TXT Resource record.
+type TXTResource struct {
+	TXT []string
+}
+
+func (r *TXTResource) realType() Type {
+	return TypeTXT
+}
+
+// pack appends the wire format of the TXTResource to msg.
+func (r *TXTResource) pack(msg []byte, compression map[string]int, compressionOff int) ([]byte, error) {
+	oldMsg := msg
+	for _, s := range r.TXT {
+		var err error
+		msg, err = packText(msg, s)
+		if err != nil {
+			return oldMsg, err
+		}
+	}
+	return msg, nil
+}
+
+// GoString implements fmt.GoStringer.GoString.
+func (r *TXTResource) GoString() string {
+	s := "dnsmessage.TXTResource{TXT: []string{"
+	if len(r.TXT) == 0 {
+		return s + "}}"
+	}
+	s += `"` + printString([]byte(r.TXT[0]))
+	for _, t := range r.TXT[1:] {
+		s += `", "` + printString([]byte(t))
+	}
+	return s + `"}}`
+}
+
+func unpackTXTResource(msg []byte, off int, length uint16) (TXTResource, error) {
+	txts := make([]string, 0, 1)
+	for n := uint16(0); n < length; {
+		var t string
+		var err error
+		if t, off, err = unpackText(msg, off); err != nil {
+			return TXTResource{}, &nestedError{"text", err}
+		}
+		// Check if we got too many bytes.
+		if length-n < uint16(len(t))+1 {
+			return TXTResource{}, errCalcLen
+		}
+		n += uint16(len(t)) + 1
+		txts = append(txts, t)
+	}
+	return TXTResource{txts}, nil
+}
+
+// An SRVResource is an SRV Resource record.
+type SRVResource struct {
+	Priority uint16
+	Weight   uint16
+	Port     uint16
+	Target   Name // Not compressed as per RFC 2782.
+}
+
+func (r *SRVResource) realType() Type {
+	return TypeSRV
+}
+
+// pack appends the wire format of the SRVResource to msg.
+func (r *SRVResource) pack(msg []byte, compression map[string]int, compressionOff int) ([]byte, error) {
+	oldMsg := msg
+	msg = packUint16(msg, r.Priority)
+	msg = packUint16(msg, r.Weight)
+	msg = packUint16(msg, r.Port)
+	msg, err := r.Target.pack(msg, nil, compressionOff)
+	if err != nil {
+		return oldMsg, &nestedError{"SRVResource.Target", err}
+	}
+	return msg, nil
+}
+
+// GoString implements fmt.GoStringer.GoString.
+func (r *SRVResource) GoString() string {
+	return "dnsmessage.SRVResource{" +
+		"Priority: " + printUint16(r.Priority) + ", " +
+		"Weight: " + printUint16(r.Weight) + ", " +
+		"Port: " + printUint16(r.Port) + ", " +
+		"Target: " + r.Target.GoString() + "}"
+}
+
+func unpackSRVResource(msg []byte, off int) (SRVResource, error) {
+	priority, off, err := unpackUint16(msg, off)
+	if err != nil {
+		return SRVResource{}, &nestedError{"Priority", err}
+	}
+	weight, off, err := unpackUint16(msg, off)
+	if err != nil {
+		return SRVResource{}, &nestedError{"Weight", err}
+	}
+	port, off, err := unpackUint16(msg, off)
+	if err != nil {
+		return SRVResource{}, &nestedError{"Port", err}
+	}
+	var target Name
+	if _, err := target.unpackCompressed(msg, off, false /* allowCompression */); err != nil {
+		return SRVResource{}, &nestedError{"Target", err}
+	}
+	return SRVResource{priority, weight, port, target}, nil
+}
+
+// An AResource is an A Resource record.
+type AResource struct {
+	A [4]byte
+}
+
+func (r *AResource) realType() Type {
+	return TypeA
+}
+
+// pack appends the wire format of the AResource to msg.
+func (r *AResource) pack(msg []byte, compression map[string]int, compressionOff int) ([]byte, error) {
+	return packBytes(msg, r.A[:]), nil
+}
+
+// GoString implements fmt.GoStringer.GoString.
+func (r *AResource) GoString() string {
+	return "dnsmessage.AResource{" +
+		"A: [4]byte{" + printByteSlice(r.A[:]) + "}}"
+}
+
+func unpackAResource(msg []byte, off int) (AResource, error) {
+	var a [4]byte
+	if _, err := unpackBytes(msg, off, a[:]); err != nil {
+		return AResource{}, err
+	}
+	return AResource{a}, nil
+}
+
+// An AAAAResource is an AAAA Resource record.
+type AAAAResource struct {
+	AAAA [16]byte
+}
+
+func (r *AAAAResource) realType() Type {
+	return TypeAAAA
+}
+
+// GoString implements fmt.GoStringer.GoString.
+func (r *AAAAResource) GoString() string {
+	return "dnsmessage.AAAAResource{" +
+		"AAAA: [16]byte{" + printByteSlice(r.AAAA[:]) + "}}"
+}
+
+// pack appends the wire format of the AAAAResource to msg.
+func (r *AAAAResource) pack(msg []byte, compression map[string]int, compressionOff int) ([]byte, error) {
+	return packBytes(msg, r.AAAA[:]), nil
+}
+
+func unpackAAAAResource(msg []byte, off int) (AAAAResource, error) {
+	var aaaa [16]byte
+	if _, err := unpackBytes(msg, off, aaaa[:]); err != nil {
+		return AAAAResource{}, err
+	}
+	return AAAAResource{aaaa}, nil
+}
+
+// An OPTResource is an OPT pseudo Resource record.
+//
+// The pseudo resource record is part of the extension mechanisms for DNS
+// as defined in RFC 6891.
+type OPTResource struct {
+	Options []Option
+}
+
+// An Option represents a DNS message option within OPTResource.
+//
+// The message option is part of the extension mechanisms for DNS as
+// defined in RFC 6891.
+type Option struct {
+	Code uint16 // option code
+	Data []byte
+}
+
+// GoString implements fmt.GoStringer.GoString.
+func (o *Option) GoString() string {
+	return "dnsmessage.Option{" +
+		"Code: " + printUint16(o.Code) + ", " +
+		"Data: []byte{" + printByteSlice(o.Data) + "}}"
+}
+
+func (r *OPTResource) realType() Type {
+	return TypeOPT
+}
+
+func (r *OPTResource) pack(msg []byte, compression map[string]int, compressionOff int) ([]byte, error) {
+	for _, opt := range r.Options {
+		msg = packUint16(msg, opt.Code)
+		l := uint16(len(opt.Data))
+		msg = packUint16(msg, l)
+		msg = packBytes(msg, opt.Data)
+	}
+	return msg, nil
+}
+
+// GoString implements fmt.GoStringer.GoString.
+func (r *OPTResource) GoString() string {
+	s := "dnsmessage.OPTResource{Options: []dnsmessage.Option{"
+	if len(r.Options) == 0 {
+		return s + "}}"
+	}
+	s += r.Options[0].GoString()
+	for _, o := range r.Options[1:] {
+		s += ", " + o.GoString()
+	}
+	return s + "}}"
+}
+
+func unpackOPTResource(msg []byte, off int, length uint16) (OPTResource, error) {
+	var opts []Option
+	for oldOff := off; off < oldOff+int(length); {
+		var err error
+		var o Option
+		o.Code, off, err = unpackUint16(msg, off)
+		if err != nil {
+			return OPTResource{}, &nestedError{"Code", err}
+		}
+		var l uint16
+		l, off, err = unpackUint16(msg, off)
+		if err != nil {
+			return OPTResource{}, &nestedError{"Data", err}
+		}
+		o.Data = make([]byte, l)
+		if copy(o.Data, msg[off:]) != int(l) {
+			return OPTResource{}, &nestedError{"Data", errCalcLen}
+		}
+		off += int(l)
+		opts = append(opts, o)
+	}
+	return OPTResource{opts}, nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/iana/const.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/iana/const.go
new file mode 100644
index 000000000..cea712fac
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/iana/const.go
@@ -0,0 +1,223 @@
+// go generate gen.go
+// Code generated by the command above; DO NOT EDIT.
+
+// Package iana provides protocol number resources managed by the Internet Assigned Numbers Authority (IANA).
+package iana // import "golang.org/x/net/internal/iana"
+
+// Differentiated Services Field Codepoints (DSCP), Updated: 2018-05-04
+const (
+	DiffServCS0           = 0x00 // CS0
+	DiffServCS1           = 0x20 // CS1
+	DiffServCS2           = 0x40 // CS2
+	DiffServCS3           = 0x60 // CS3
+	DiffServCS4           = 0x80 // CS4
+	DiffServCS5           = 0xa0 // CS5
+	DiffServCS6           = 0xc0 // CS6
+	DiffServCS7           = 0xe0 // CS7
+	DiffServAF11          = 0x28 // AF11
+	DiffServAF12          = 0x30 // AF12
+	DiffServAF13          = 0x38 // AF13
+	DiffServAF21          = 0x48 // AF21
+	DiffServAF22          = 0x50 // AF22
+	DiffServAF23          = 0x58 // AF23
+	DiffServAF31          = 0x68 // AF31
+	DiffServAF32          = 0x70 // AF32
+	DiffServAF33          = 0x78 // AF33
+	DiffServAF41          = 0x88 // AF41
+	DiffServAF42          = 0x90 // AF42
+	DiffServAF43          = 0x98 // AF43
+	DiffServEF            = 0xb8 // EF
+	DiffServVOICEADMIT    = 0xb0 // VOICE-ADMIT
+	NotECNTransport       = 0x00 // Not-ECT (Not ECN-Capable Transport)
+	ECNTransport1         = 0x01 // ECT(1) (ECN-Capable Transport(1))
+	ECNTransport0         = 0x02 // ECT(0) (ECN-Capable Transport(0))
+	CongestionExperienced = 0x03 // CE (Congestion Experienced)
+)
+
+// Protocol Numbers, Updated: 2017-10-13
+const (
+	ProtocolIP             = 0   // IPv4 encapsulation, pseudo protocol number
+	ProtocolHOPOPT         = 0   // IPv6 Hop-by-Hop Option
+	ProtocolICMP           = 1   // Internet Control Message
+	ProtocolIGMP           = 2   // Internet Group Management
+	ProtocolGGP            = 3   // Gateway-to-Gateway
+	ProtocolIPv4           = 4   // IPv4 encapsulation
+	ProtocolST             = 5   // Stream
+	ProtocolTCP            = 6   // Transmission Control
+	ProtocolCBT            = 7   // CBT
+	ProtocolEGP            = 8   // Exterior Gateway Protocol
+	ProtocolIGP            = 9   // any private interior gateway (used by Cisco for their IGRP)
+	ProtocolBBNRCCMON      = 10  // BBN RCC Monitoring
+	ProtocolNVPII          = 11  // Network Voice Protocol
+	ProtocolPUP            = 12  // PUP
+	ProtocolEMCON          = 14  // EMCON
+	ProtocolXNET           = 15  // Cross Net Debugger
+	ProtocolCHAOS          = 16  // Chaos
+	ProtocolUDP            = 17  // User Datagram
+	ProtocolMUX            = 18  // Multiplexing
+	ProtocolDCNMEAS        = 19  // DCN Measurement Subsystems
+	ProtocolHMP            = 20  // Host Monitoring
+	ProtocolPRM            = 21  // Packet Radio Measurement
+	ProtocolXNSIDP         = 22  // XEROX NS IDP
+	ProtocolTRUNK1         = 23  // Trunk-1
+	ProtocolTRUNK2         = 24  // Trunk-2
+	ProtocolLEAF1          = 25  // Leaf-1
+	ProtocolLEAF2          = 26  // Leaf-2
+	ProtocolRDP            = 27  // Reliable Data Protocol
+	ProtocolIRTP           = 28  // Internet Reliable Transaction
+	ProtocolISOTP4         = 29  // ISO Transport Protocol Class 4
+	ProtocolNETBLT         = 30  // Bulk Data Transfer Protocol
+	ProtocolMFENSP         = 31  // MFE Network Services Protocol
+	ProtocolMERITINP       = 32  // MERIT Internodal Protocol
+	ProtocolDCCP           = 33  // Datagram Congestion Control Protocol
+	Protocol3PC            = 34  // Third Party Connect Protocol
+	ProtocolIDPR           = 35  // Inter-Domain Policy Routing Protocol
+	ProtocolXTP            = 36  // XTP
+	ProtocolDDP            = 37  // Datagram Delivery Protocol
+	ProtocolIDPRCMTP       = 38  // IDPR Control Message Transport Proto
+	ProtocolTPPP           = 39  // TP++ Transport Protocol
+	ProtocolIL             = 40  // IL Transport Protocol
+	ProtocolIPv6           = 41  // IPv6 encapsulation
+	ProtocolSDRP           = 42  // Source Demand Routing Protocol
+	ProtocolIPv6Route      = 43  // Routing Header for IPv6
+	ProtocolIPv6Frag       = 44  // Fragment Header for IPv6
+	ProtocolIDRP           = 45  // Inter-Domain Routing Protocol
+	ProtocolRSVP           = 46  // Reservation Protocol
+	ProtocolGRE            = 47  // Generic Routing Encapsulation
+	ProtocolDSR            = 48  // Dynamic Source Routing Protocol
+	ProtocolBNA            = 49  // BNA
+	ProtocolESP            = 50  // Encap Security Payload
+	ProtocolAH             = 51  // Authentication Header
+	ProtocolINLSP          = 52  // Integrated Net Layer Security  TUBA
+	ProtocolNARP           = 54  // NBMA Address Resolution Protocol
+	ProtocolMOBILE         = 55  // IP Mobility
+	ProtocolTLSP           = 56  // Transport Layer Security Protocol using Kryptonet key management
+	ProtocolSKIP           = 57  // SKIP
+	ProtocolIPv6ICMP       = 58  // ICMP for IPv6
+	ProtocolIPv6NoNxt      = 59  // No Next Header for IPv6
+	ProtocolIPv6Opts       = 60  // Destination Options for IPv6
+	ProtocolCFTP           = 62  // CFTP
+	ProtocolSATEXPAK       = 64  // SATNET and Backroom EXPAK
+	ProtocolKRYPTOLAN      = 65  // Kryptolan
+	ProtocolRVD            = 66  // MIT Remote Virtual Disk Protocol
+	ProtocolIPPC           = 67  // Internet Pluribus Packet Core
+	ProtocolSATMON         = 69  // SATNET Monitoring
+	ProtocolVISA           = 70  // VISA Protocol
+	ProtocolIPCV           = 71  // Internet Packet Core Utility
+	ProtocolCPNX           = 72  // Computer Protocol Network Executive
+	ProtocolCPHB           = 73  // Computer Protocol Heart Beat
+	ProtocolWSN            = 74  // Wang Span Network
+	ProtocolPVP            = 75  // Packet Video Protocol
+	ProtocolBRSATMON       = 76  // Backroom SATNET Monitoring
+	ProtocolSUNND          = 77  // SUN ND PROTOCOL-Temporary
+	ProtocolWBMON          = 78  // WIDEBAND Monitoring
+	ProtocolWBEXPAK        = 79  // WIDEBAND EXPAK
+	ProtocolISOIP          = 80  // ISO Internet Protocol
+	ProtocolVMTP           = 81  // VMTP
+	ProtocolSECUREVMTP     = 82  // SECURE-VMTP
+	ProtocolVINES          = 83  // VINES
+	ProtocolTTP            = 84  // Transaction Transport Protocol
+	ProtocolIPTM           = 84  // Internet Protocol Traffic Manager
+	ProtocolNSFNETIGP      = 85  // NSFNET-IGP
+	ProtocolDGP            = 86  // Dissimilar Gateway Protocol
+	ProtocolTCF            = 87  // TCF
+	ProtocolEIGRP          = 88  // EIGRP
+	ProtocolOSPFIGP        = 89  // OSPFIGP
+	ProtocolSpriteRPC      = 90  // Sprite RPC Protocol
+	ProtocolLARP           = 91  // Locus Address Resolution Protocol
+	ProtocolMTP            = 92  // Multicast Transport Protocol
+	ProtocolAX25           = 93  // AX.25 Frames
+	ProtocolIPIP           = 94  // IP-within-IP Encapsulation Protocol
+	ProtocolSCCSP          = 96  // Semaphore Communications Sec. Pro.
+	ProtocolETHERIP        = 97  // Ethernet-within-IP Encapsulation
+	ProtocolENCAP          = 98  // Encapsulation Header
+	ProtocolGMTP           = 100 // GMTP
+	ProtocolIFMP           = 101 // Ipsilon Flow Management Protocol
+	ProtocolPNNI           = 102 // PNNI over IP
+	ProtocolPIM            = 103 // Protocol Independent Multicast
+	ProtocolARIS           = 104 // ARIS
+	ProtocolSCPS           = 105 // SCPS
+	ProtocolQNX            = 106 // QNX
+	ProtocolAN             = 107 // Active Networks
+	ProtocolIPComp         = 108 // IP Payload Compression Protocol
+	ProtocolSNP            = 109 // Sitara Networks Protocol
+	ProtocolCompaqPeer     = 110 // Compaq Peer Protocol
+	ProtocolIPXinIP        = 111 // IPX in IP
+	ProtocolVRRP           = 112 // Virtual Router Redundancy Protocol
+	ProtocolPGM            = 113 // PGM Reliable Transport Protocol
+	ProtocolL2TP           = 115 // Layer Two Tunneling Protocol
+	ProtocolDDX            = 116 // D-II Data Exchange (DDX)
+	ProtocolIATP           = 117 // Interactive Agent Transfer Protocol
+	ProtocolSTP            = 118 // Schedule Transfer Protocol
+	ProtocolSRP            = 119 // SpectraLink Radio Protocol
+	ProtocolUTI            = 120 // UTI
+	ProtocolSMP            = 121 // Simple Message Protocol
+	ProtocolPTP            = 123 // Performance Transparency Protocol
+	ProtocolISIS           = 124 // ISIS over IPv4
+	ProtocolFIRE           = 125 // FIRE
+	ProtocolCRTP           = 126 // Combat Radio Transport Protocol
+	ProtocolCRUDP          = 127 // Combat Radio User Datagram
+	ProtocolSSCOPMCE       = 128 // SSCOPMCE
+	ProtocolIPLT           = 129 // IPLT
+	ProtocolSPS            = 130 // Secure Packet Shield
+	ProtocolPIPE           = 131 // Private IP Encapsulation within IP
+	ProtocolSCTP           = 132 // Stream Control Transmission Protocol
+	ProtocolFC             = 133 // Fibre Channel
+	ProtocolRSVPE2EIGNORE  = 134 // RSVP-E2E-IGNORE
+	ProtocolMobilityHeader = 135 // Mobility Header
+	ProtocolUDPLite        = 136 // UDPLite
+	ProtocolMPLSinIP       = 137 // MPLS-in-IP
+	ProtocolMANET          = 138 // MANET Protocols
+	ProtocolHIP            = 139 // Host Identity Protocol
+	ProtocolShim6          = 140 // Shim6 Protocol
+	ProtocolWESP           = 141 // Wrapped Encapsulating Security Payload
+	ProtocolROHC           = 142 // Robust Header Compression
+	ProtocolReserved       = 255 // Reserved
+)
+
+// Address Family Numbers, Updated: 2018-04-02
+const (
+	AddrFamilyIPv4                          = 1     // IP (IP version 4)
+	AddrFamilyIPv6                          = 2     // IP6 (IP version 6)
+	AddrFamilyNSAP                          = 3     // NSAP
+	AddrFamilyHDLC                          = 4     // HDLC (8-bit multidrop)
+	AddrFamilyBBN1822                       = 5     // BBN 1822
+	AddrFamily802                           = 6     // 802 (includes all 802 media plus Ethernet "canonical format")
+	AddrFamilyE163                          = 7     // E.163
+	AddrFamilyE164                          = 8     // E.164 (SMDS, Frame Relay, ATM)
+	AddrFamilyF69                           = 9     // F.69 (Telex)
+	AddrFamilyX121                          = 10    // X.121 (X.25, Frame Relay)
+	AddrFamilyIPX                           = 11    // IPX
+	AddrFamilyAppletalk                     = 12    // Appletalk
+	AddrFamilyDecnetIV                      = 13    // Decnet IV
+	AddrFamilyBanyanVines                   = 14    // Banyan Vines
+	AddrFamilyE164withSubaddress            = 15    // E.164 with NSAP format subaddress
+	AddrFamilyDNS                           = 16    // DNS (Domain Name System)
+	AddrFamilyDistinguishedName             = 17    // Distinguished Name
+	AddrFamilyASNumber                      = 18    // AS Number
+	AddrFamilyXTPoverIPv4                   = 19    // XTP over IP version 4
+	AddrFamilyXTPoverIPv6                   = 20    // XTP over IP version 6
+	AddrFamilyXTPnativemodeXTP              = 21    // XTP native mode XTP
+	AddrFamilyFibreChannelWorldWidePortName = 22    // Fibre Channel World-Wide Port Name
+	AddrFamilyFibreChannelWorldWideNodeName = 23    // Fibre Channel World-Wide Node Name
+	AddrFamilyGWID                          = 24    // GWID
+	AddrFamilyL2VPN                         = 25    // AFI for L2VPN information
+	AddrFamilyMPLSTPSectionEndpointID       = 26    // MPLS-TP Section Endpoint Identifier
+	AddrFamilyMPLSTPLSPEndpointID           = 27    // MPLS-TP LSP Endpoint Identifier
+	AddrFamilyMPLSTPPseudowireEndpointID    = 28    // MPLS-TP Pseudowire Endpoint Identifier
+	AddrFamilyMTIPv4                        = 29    // MT IP: Multi-Topology IP version 4
+	AddrFamilyMTIPv6                        = 30    // MT IPv6: Multi-Topology IP version 6
+	AddrFamilyEIGRPCommonServiceFamily      = 16384 // EIGRP Common Service Family
+	AddrFamilyEIGRPIPv4ServiceFamily        = 16385 // EIGRP IPv4 Service Family
+	AddrFamilyEIGRPIPv6ServiceFamily        = 16386 // EIGRP IPv6 Service Family
+	AddrFamilyLISPCanonicalAddressFormat    = 16387 // LISP Canonical Address Format (LCAF)
+	AddrFamilyBGPLS                         = 16388 // BGP-LS
+	AddrFamily48bitMAC                      = 16389 // 48-bit MAC
+	AddrFamily64bitMAC                      = 16390 // 64-bit MAC
+	AddrFamilyOUI                           = 16391 // OUI
+	AddrFamilyMACFinal24bits                = 16392 // MAC/24
+	AddrFamilyMACFinal40bits                = 16393 // MAC/40
+	AddrFamilyIPv6Initial64bits             = 16394 // IPv6/64
+	AddrFamilyRBridgePortID                 = 16395 // RBridge Port ID
+	AddrFamilyTRILLNickname                 = 16396 // TRILL Nickname
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/cmsghdr.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/cmsghdr.go
new file mode 100644
index 000000000..0cde35a44
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/cmsghdr.go
@@ -0,0 +1,11 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
+
+package socket
+
+func (h *cmsghdr) len() int { return int(h.Len) }
+func (h *cmsghdr) lvl() int { return int(h.Level) }
+func (h *cmsghdr) typ() int { return int(h.Type) }
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/cmsghdr_bsd.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/cmsghdr_bsd.go
new file mode 100644
index 000000000..14dbb3ad4
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/cmsghdr_bsd.go
@@ -0,0 +1,13 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build aix darwin dragonfly freebsd netbsd openbsd
+
+package socket
+
+func (h *cmsghdr) set(l, lvl, typ int) {
+	h.Len = uint32(l)
+	h.Level = int32(lvl)
+	h.Type = int32(typ)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/cmsghdr_linux_32bit.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/cmsghdr_linux_32bit.go
new file mode 100644
index 000000000..bac66811d
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/cmsghdr_linux_32bit.go
@@ -0,0 +1,14 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build arm mips mipsle 386
+// +build linux
+
+package socket
+
+func (h *cmsghdr) set(l, lvl, typ int) {
+	h.Len = uint32(l)
+	h.Level = int32(lvl)
+	h.Type = int32(typ)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/cmsghdr_linux_64bit.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/cmsghdr_linux_64bit.go
new file mode 100644
index 000000000..27be0efac
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/cmsghdr_linux_64bit.go
@@ -0,0 +1,14 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build arm64 amd64 ppc64 ppc64le mips64 mips64le riscv64 s390x
+// +build linux
+
+package socket
+
+func (h *cmsghdr) set(l, lvl, typ int) {
+	h.Len = uint64(l)
+	h.Level = int32(lvl)
+	h.Type = int32(typ)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/cmsghdr_solaris_64bit.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/cmsghdr_solaris_64bit.go
new file mode 100644
index 000000000..7dedd430e
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/cmsghdr_solaris_64bit.go
@@ -0,0 +1,14 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build amd64
+// +build solaris
+
+package socket
+
+func (h *cmsghdr) set(l, lvl, typ int) {
+	h.Len = uint32(l)
+	h.Level = int32(lvl)
+	h.Type = int32(typ)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/cmsghdr_stub.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/cmsghdr_stub.go
new file mode 100644
index 000000000..83c35ecdc
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/cmsghdr_stub.go
@@ -0,0 +1,27 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !aix,!darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd,!solaris,!zos
+
+package socket
+
+func controlHeaderLen() int {
+	return 0
+}
+
+func controlMessageLen(dataLen int) int {
+	return 0
+}
+
+func controlMessageSpace(dataLen int) int {
+	return 0
+}
+
+type cmsghdr struct{}
+
+func (h *cmsghdr) len() int { return 0 }
+func (h *cmsghdr) lvl() int { return 0 }
+func (h *cmsghdr) typ() int { return 0 }
+
+func (h *cmsghdr) set(l, lvl, typ int) {}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/cmsghdr_unix.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/cmsghdr_unix.go
new file mode 100644
index 000000000..c2b2b6595
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/cmsghdr_unix.go
@@ -0,0 +1,21 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
+
+package socket
+
+import "golang.org/x/sys/unix"
+
+func controlHeaderLen() int {
+	return unix.CmsgLen(0)
+}
+
+func controlMessageLen(dataLen int) int {
+	return unix.CmsgLen(dataLen)
+}
+
+func controlMessageSpace(dataLen int) int {
+	return unix.CmsgSpace(dataLen)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/cmsghdr_zos_s390x.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/cmsghdr_zos_s390x.go
new file mode 100644
index 000000000..98be146bc
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/cmsghdr_zos_s390x.go
@@ -0,0 +1,25 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package socket
+
+import "syscall"
+
+func (h *cmsghdr) set(l, lvl, typ int) {
+	h.Len = int32(l)
+	h.Level = int32(lvl)
+	h.Type = int32(typ)
+}
+
+func controlHeaderLen() int {
+	return syscall.CmsgLen(0)
+}
+
+func controlMessageLen(dataLen int) int {
+	return syscall.CmsgLen(dataLen)
+}
+
+func controlMessageSpace(dataLen int) int {
+	return syscall.CmsgSpace(dataLen)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/empty.s b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/empty.s
new file mode 100644
index 000000000..bff0231c7
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/empty.s
@@ -0,0 +1,7 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build darwin,go1.12
+
+// This exists solely so we can linkname in symbols from syscall.
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/error_unix.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/error_unix.go
new file mode 100644
index 000000000..47f0d6e2d
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/error_unix.go
@@ -0,0 +1,31 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
+
+package socket
+
+import "syscall"
+
+var (
+	errEAGAIN error = syscall.EAGAIN
+	errEINVAL error = syscall.EINVAL
+	errENOENT error = syscall.ENOENT
+)
+
+// errnoErr returns common boxed Errno values, to prevent allocations
+// at runtime.
+func errnoErr(errno syscall.Errno) error {
+	switch errno {
+	case 0:
+		return nil
+	case syscall.EAGAIN:
+		return errEAGAIN
+	case syscall.EINVAL:
+		return errEINVAL
+	case syscall.ENOENT:
+		return errENOENT
+	}
+	return errno
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/error_windows.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/error_windows.go
new file mode 100644
index 000000000..6a6379a8b
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/error_windows.go
@@ -0,0 +1,26 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package socket
+
+import "syscall"
+
+var (
+	errERROR_IO_PENDING error = syscall.ERROR_IO_PENDING
+	errEINVAL           error = syscall.EINVAL
+)
+
+// errnoErr returns common boxed Errno values, to prevent allocations
+// at runtime.
+func errnoErr(errno syscall.Errno) error {
+	switch errno {
+	case 0:
+		return nil
+	case syscall.ERROR_IO_PENDING:
+		return errERROR_IO_PENDING
+	case syscall.EINVAL:
+		return errEINVAL
+	}
+	return errno
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/iovec_32bit.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/iovec_32bit.go
new file mode 100644
index 000000000..05d6082d1
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/iovec_32bit.go
@@ -0,0 +1,19 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build arm mips mipsle 386
+// +build darwin dragonfly freebsd linux netbsd openbsd
+
+package socket
+
+import "unsafe"
+
+func (v *iovec) set(b []byte) {
+	l := len(b)
+	if l == 0 {
+		return
+	}
+	v.Base = (*byte)(unsafe.Pointer(&b[0]))
+	v.Len = uint32(l)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/iovec_64bit.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/iovec_64bit.go
new file mode 100644
index 000000000..0309e10fe
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/iovec_64bit.go
@@ -0,0 +1,19 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build arm64 amd64 ppc64 ppc64le mips64 mips64le riscv64 s390x
+// +build aix darwin dragonfly freebsd linux netbsd openbsd zos
+
+package socket
+
+import "unsafe"
+
+func (v *iovec) set(b []byte) {
+	l := len(b)
+	if l == 0 {
+		return
+	}
+	v.Base = (*byte)(unsafe.Pointer(&b[0]))
+	v.Len = uint64(l)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/iovec_solaris_64bit.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/iovec_solaris_64bit.go
new file mode 100644
index 000000000..8d17a40c4
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/iovec_solaris_64bit.go
@@ -0,0 +1,19 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build amd64
+// +build solaris
+
+package socket
+
+import "unsafe"
+
+func (v *iovec) set(b []byte) {
+	l := len(b)
+	if l == 0 {
+		return
+	}
+	v.Base = (*int8)(unsafe.Pointer(&b[0]))
+	v.Len = uint64(l)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/iovec_stub.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/iovec_stub.go
new file mode 100644
index 000000000..f44d4f523
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/iovec_stub.go
@@ -0,0 +1,11 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !aix,!darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd,!solaris,!zos
+
+package socket
+
+type iovec struct{}
+
+func (v *iovec) set(b []byte) {}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/mmsghdr_stub.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/mmsghdr_stub.go
new file mode 100644
index 000000000..1a7f2792f
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/mmsghdr_stub.go
@@ -0,0 +1,21 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !aix,!linux,!netbsd
+
+package socket
+
+import "net"
+
+type mmsghdr struct{}
+
+type mmsghdrs []mmsghdr
+
+func (hs mmsghdrs) pack(ms []Message, parseFn func([]byte, string) (net.Addr, error), marshalFn func(net.Addr) []byte) error {
+	return nil
+}
+
+func (hs mmsghdrs) unpack(ms []Message, parseFn func([]byte, string) (net.Addr, error), hint string) error {
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/mmsghdr_unix.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/mmsghdr_unix.go
new file mode 100644
index 000000000..f1100683a
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/mmsghdr_unix.go
@@ -0,0 +1,42 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build aix linux netbsd
+
+package socket
+
+import "net"
+
+type mmsghdrs []mmsghdr
+
+func (hs mmsghdrs) pack(ms []Message, parseFn func([]byte, string) (net.Addr, error), marshalFn func(net.Addr) []byte) error {
+	for i := range hs {
+		vs := make([]iovec, len(ms[i].Buffers))
+		var sa []byte
+		if parseFn != nil {
+			sa = make([]byte, sizeofSockaddrInet6)
+		}
+		if marshalFn != nil {
+			sa = marshalFn(ms[i].Addr)
+		}
+		hs[i].Hdr.pack(vs, ms[i].Buffers, ms[i].OOB, sa)
+	}
+	return nil
+}
+
+func (hs mmsghdrs) unpack(ms []Message, parseFn func([]byte, string) (net.Addr, error), hint string) error {
+	for i := range hs {
+		ms[i].N = int(hs[i].Len)
+		ms[i].NN = hs[i].Hdr.controllen()
+		ms[i].Flags = hs[i].Hdr.flags()
+		if parseFn != nil {
+			var err error
+			ms[i].Addr, err = parseFn(hs[i].Hdr.name(), hint)
+			if err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/msghdr_bsd.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/msghdr_bsd.go
new file mode 100644
index 000000000..77f44c1f1
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/msghdr_bsd.go
@@ -0,0 +1,39 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build aix darwin dragonfly freebsd netbsd openbsd
+
+package socket
+
+import "unsafe"
+
+func (h *msghdr) pack(vs []iovec, bs [][]byte, oob []byte, sa []byte) {
+	for i := range vs {
+		vs[i].set(bs[i])
+	}
+	h.setIov(vs)
+	if len(oob) > 0 {
+		h.Control = (*byte)(unsafe.Pointer(&oob[0]))
+		h.Controllen = uint32(len(oob))
+	}
+	if sa != nil {
+		h.Name = (*byte)(unsafe.Pointer(&sa[0]))
+		h.Namelen = uint32(len(sa))
+	}
+}
+
+func (h *msghdr) name() []byte {
+	if h.Name != nil && h.Namelen > 0 {
+		return (*[sizeofSockaddrInet6]byte)(unsafe.Pointer(h.Name))[:h.Namelen]
+	}
+	return nil
+}
+
+func (h *msghdr) controllen() int {
+	return int(h.Controllen)
+}
+
+func (h *msghdr) flags() int {
+	return int(h.Flags)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/msghdr_bsdvar.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/msghdr_bsdvar.go
new file mode 100644
index 000000000..c5562dd66
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/msghdr_bsdvar.go
@@ -0,0 +1,16 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build aix darwin dragonfly freebsd netbsd
+
+package socket
+
+func (h *msghdr) setIov(vs []iovec) {
+	l := len(vs)
+	if l == 0 {
+		return
+	}
+	h.Iov = &vs[0]
+	h.Iovlen = int32(l)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/msghdr_linux.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/msghdr_linux.go
new file mode 100644
index 000000000..5a38798cc
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/msghdr_linux.go
@@ -0,0 +1,36 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package socket
+
+import "unsafe"
+
+func (h *msghdr) pack(vs []iovec, bs [][]byte, oob []byte, sa []byte) {
+	for i := range vs {
+		vs[i].set(bs[i])
+	}
+	h.setIov(vs)
+	if len(oob) > 0 {
+		h.setControl(oob)
+	}
+	if sa != nil {
+		h.Name = (*byte)(unsafe.Pointer(&sa[0]))
+		h.Namelen = uint32(len(sa))
+	}
+}
+
+func (h *msghdr) name() []byte {
+	if h.Name != nil && h.Namelen > 0 {
+		return (*[sizeofSockaddrInet6]byte)(unsafe.Pointer(h.Name))[:h.Namelen]
+	}
+	return nil
+}
+
+func (h *msghdr) controllen() int {
+	return int(h.Controllen)
+}
+
+func (h *msghdr) flags() int {
+	return int(h.Flags)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/msghdr_linux_32bit.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/msghdr_linux_32bit.go
new file mode 100644
index 000000000..a7a5987c8
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/msghdr_linux_32bit.go
@@ -0,0 +1,24 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build arm mips mipsle 386
+// +build linux
+
+package socket
+
+import "unsafe"
+
+func (h *msghdr) setIov(vs []iovec) {
+	l := len(vs)
+	if l == 0 {
+		return
+	}
+	h.Iov = &vs[0]
+	h.Iovlen = uint32(l)
+}
+
+func (h *msghdr) setControl(b []byte) {
+	h.Control = (*byte)(unsafe.Pointer(&b[0]))
+	h.Controllen = uint32(len(b))
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/msghdr_linux_64bit.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/msghdr_linux_64bit.go
new file mode 100644
index 000000000..e731833a2
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/msghdr_linux_64bit.go
@@ -0,0 +1,24 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build arm64 amd64 ppc64 ppc64le mips64 mips64le riscv64 s390x
+// +build linux
+
+package socket
+
+import "unsafe"
+
+func (h *msghdr) setIov(vs []iovec) {
+	l := len(vs)
+	if l == 0 {
+		return
+	}
+	h.Iov = &vs[0]
+	h.Iovlen = uint64(l)
+}
+
+func (h *msghdr) setControl(b []byte) {
+	h.Control = (*byte)(unsafe.Pointer(&b[0]))
+	h.Controllen = uint64(len(b))
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/msghdr_openbsd.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/msghdr_openbsd.go
new file mode 100644
index 000000000..71a69e251
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/msghdr_openbsd.go
@@ -0,0 +1,14 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package socket
+
+func (h *msghdr) setIov(vs []iovec) {
+	l := len(vs)
+	if l == 0 {
+		return
+	}
+	h.Iov = &vs[0]
+	h.Iovlen = uint32(l)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/msghdr_solaris_64bit.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/msghdr_solaris_64bit.go
new file mode 100644
index 000000000..6465b2073
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/msghdr_solaris_64bit.go
@@ -0,0 +1,36 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build amd64
+// +build solaris
+
+package socket
+
+import "unsafe"
+
+func (h *msghdr) pack(vs []iovec, bs [][]byte, oob []byte, sa []byte) {
+	for i := range vs {
+		vs[i].set(bs[i])
+	}
+	if len(vs) > 0 {
+		h.Iov = &vs[0]
+		h.Iovlen = int32(len(vs))
+	}
+	if len(oob) > 0 {
+		h.Accrights = (*int8)(unsafe.Pointer(&oob[0]))
+		h.Accrightslen = int32(len(oob))
+	}
+	if sa != nil {
+		h.Name = (*byte)(unsafe.Pointer(&sa[0]))
+		h.Namelen = uint32(len(sa))
+	}
+}
+
+func (h *msghdr) controllen() int {
+	return int(h.Accrightslen)
+}
+
+func (h *msghdr) flags() int {
+	return int(NativeEndian.Uint32(h.Pad_cgo_2[:]))
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/msghdr_stub.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/msghdr_stub.go
new file mode 100644
index 000000000..1a253d2d6
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/msghdr_stub.go
@@ -0,0 +1,14 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !aix,!darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd,!solaris,!zos
+
+package socket
+
+type msghdr struct{}
+
+func (h *msghdr) pack(vs []iovec, bs [][]byte, oob []byte, sa []byte) {}
+func (h *msghdr) name() []byte                                        { return nil }
+func (h *msghdr) controllen() int                                     { return 0 }
+func (h *msghdr) flags() int                                          { return 0 }
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/msghdr_zos_s390x.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/msghdr_zos_s390x.go
new file mode 100644
index 000000000..eb1a99a33
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/msghdr_zos_s390x.go
@@ -0,0 +1,36 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build s390x
+// +build zos
+
+package socket
+
+import "unsafe"
+
+func (h *msghdr) pack(vs []iovec, bs [][]byte, oob []byte, sa []byte) {
+	for i := range vs {
+		vs[i].set(bs[i])
+	}
+	if len(vs) > 0 {
+		h.Iov = &vs[0]
+		h.Iovlen = int32(len(vs))
+	}
+	if len(oob) > 0 {
+		h.Control = (*byte)(unsafe.Pointer(&oob[0]))
+		h.Controllen = uint32(len(oob))
+	}
+	if sa != nil {
+		h.Name = (*byte)(unsafe.Pointer(&sa[0]))
+		h.Namelen = uint32(len(sa))
+	}
+}
+
+func (h *msghdr) controllen() int {
+	return int(h.Controllen)
+}
+
+func (h *msghdr) flags() int {
+	return int(h.Flags)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/norace.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/norace.go
new file mode 100644
index 000000000..9519ffbba
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/norace.go
@@ -0,0 +1,12 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !race
+
+package socket
+
+func (m *Message) raceRead() {
+}
+func (m *Message) raceWrite() {
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/race.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/race.go
new file mode 100644
index 000000000..df60c62ff
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/race.go
@@ -0,0 +1,37 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build race
+
+package socket
+
+import (
+	"runtime"
+	"unsafe"
+)
+
+// This package reads and writes the Message buffers using a
+// direct system call, which the race detector can't see.
+// These functions tell the race detector what is going on during the syscall.
+
+func (m *Message) raceRead() {
+	for _, b := range m.Buffers {
+		if len(b) > 0 {
+			runtime.RaceReadRange(unsafe.Pointer(&b[0]), len(b))
+		}
+	}
+	if b := m.OOB; len(b) > 0 {
+		runtime.RaceReadRange(unsafe.Pointer(&b[0]), len(b))
+	}
+}
+func (m *Message) raceWrite() {
+	for _, b := range m.Buffers {
+		if len(b) > 0 {
+			runtime.RaceWriteRange(unsafe.Pointer(&b[0]), len(b))
+		}
+	}
+	if b := m.OOB; len(b) > 0 {
+		runtime.RaceWriteRange(unsafe.Pointer(&b[0]), len(b))
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/rawconn.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/rawconn.go
new file mode 100644
index 000000000..b07b89005
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/rawconn.go
@@ -0,0 +1,64 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package socket
+
+import (
+	"errors"
+	"net"
+	"os"
+	"syscall"
+)
+
+// A Conn represents a raw connection.
+type Conn struct {
+	network string
+	c       syscall.RawConn
+}
+
+// NewConn returns a new raw connection.
+func NewConn(c net.Conn) (*Conn, error) {
+	var err error
+	var cc Conn
+	switch c := c.(type) {
+	case *net.TCPConn:
+		cc.network = "tcp"
+		cc.c, err = c.SyscallConn()
+	case *net.UDPConn:
+		cc.network = "udp"
+		cc.c, err = c.SyscallConn()
+	case *net.IPConn:
+		cc.network = "ip"
+		cc.c, err = c.SyscallConn()
+	default:
+		return nil, errors.New("unknown connection type")
+	}
+	if err != nil {
+		return nil, err
+	}
+	return &cc, nil
+}
+
+func (o *Option) get(c *Conn, b []byte) (int, error) {
+	var operr error
+	var n int
+	fn := func(s uintptr) {
+		n, operr = getsockopt(s, o.Level, o.Name, b)
+	}
+	if err := c.c.Control(fn); err != nil {
+		return 0, err
+	}
+	return n, os.NewSyscallError("getsockopt", operr)
+}
+
+func (o *Option) set(c *Conn, b []byte) error {
+	var operr error
+	fn := func(s uintptr) {
+		operr = setsockopt(s, o.Level, o.Name, b)
+	}
+	if err := c.c.Control(fn); err != nil {
+		return err
+	}
+	return os.NewSyscallError("setsockopt", operr)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/rawconn_mmsg.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/rawconn_mmsg.go
new file mode 100644
index 000000000..d01fc4c7d
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/rawconn_mmsg.go
@@ -0,0 +1,79 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build linux
+
+package socket
+
+import (
+	"net"
+	"os"
+	"syscall"
+)
+
+func (c *Conn) recvMsgs(ms []Message, flags int) (int, error) {
+	for i := range ms {
+		ms[i].raceWrite()
+	}
+	hs := make(mmsghdrs, len(ms))
+	var parseFn func([]byte, string) (net.Addr, error)
+	if c.network != "tcp" {
+		parseFn = parseInetAddr
+	}
+	if err := hs.pack(ms, parseFn, nil); err != nil {
+		return 0, err
+	}
+	var operr error
+	var n int
+	fn := func(s uintptr) bool {
+		n, operr = recvmmsg(s, hs, flags)
+		if operr == syscall.EAGAIN {
+			return false
+		}
+		return true
+	}
+	if err := c.c.Read(fn); err != nil {
+		return n, err
+	}
+	if operr != nil {
+		return n, os.NewSyscallError("recvmmsg", operr)
+	}
+	if err := hs[:n].unpack(ms[:n], parseFn, c.network); err != nil {
+		return n, err
+	}
+	return n, nil
+}
+
+func (c *Conn) sendMsgs(ms []Message, flags int) (int, error) {
+	for i := range ms {
+		ms[i].raceRead()
+	}
+	hs := make(mmsghdrs, len(ms))
+	var marshalFn func(net.Addr) []byte
+	if c.network != "tcp" {
+		marshalFn = marshalInetAddr
+	}
+	if err := hs.pack(ms, nil, marshalFn); err != nil {
+		return 0, err
+	}
+	var operr error
+	var n int
+	fn := func(s uintptr) bool {
+		n, operr = sendmmsg(s, hs, flags)
+		if operr == syscall.EAGAIN {
+			return false
+		}
+		return true
+	}
+	if err := c.c.Write(fn); err != nil {
+		return n, err
+	}
+	if operr != nil {
+		return n, os.NewSyscallError("sendmmsg", operr)
+	}
+	if err := hs[:n].unpack(ms[:n], nil, ""); err != nil {
+		return n, err
+	}
+	return n, nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/rawconn_msg.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/rawconn_msg.go
new file mode 100644
index 000000000..610b1a1a5
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/rawconn_msg.go
@@ -0,0 +1,79 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris windows zos
+
+package socket
+
+import (
+	"os"
+	"runtime"
+	"syscall"
+)
+
+func (c *Conn) recvMsg(m *Message, flags int) error {
+	m.raceWrite()
+	var h msghdr
+	vs := make([]iovec, len(m.Buffers))
+	var sa []byte
+	if c.network != "tcp" {
+		sa = make([]byte, sizeofSockaddrInet6)
+	}
+	h.pack(vs, m.Buffers, m.OOB, sa)
+	var operr error
+	var n int
+	fn := func(s uintptr) bool {
+		n, operr = recvmsg(s, &h, flags)
+		if operr == syscall.EAGAIN || (runtime.GOOS == "zos" && operr == syscall.EWOULDBLOCK) {
+			return false
+		}
+		return true
+	}
+	if err := c.c.Read(fn); err != nil {
+		return err
+	}
+	if operr != nil {
+		return os.NewSyscallError("recvmsg", operr)
+	}
+	if c.network != "tcp" {
+		var err error
+		m.Addr, err = parseInetAddr(sa[:], c.network)
+		if err != nil {
+			return err
+		}
+	}
+	m.N = n
+	m.NN = h.controllen()
+	m.Flags = h.flags()
+	return nil
+}
+
+func (c *Conn) sendMsg(m *Message, flags int) error {
+	m.raceRead()
+	var h msghdr
+	vs := make([]iovec, len(m.Buffers))
+	var sa []byte
+	if m.Addr != nil {
+		sa = marshalInetAddr(m.Addr)
+	}
+	h.pack(vs, m.Buffers, m.OOB, sa)
+	var operr error
+	var n int
+	fn := func(s uintptr) bool {
+		n, operr = sendmsg(s, &h, flags)
+		if operr == syscall.EAGAIN || (runtime.GOOS == "zos" && operr == syscall.EWOULDBLOCK) {
+			return false
+		}
+		return true
+	}
+	if err := c.c.Write(fn); err != nil {
+		return err
+	}
+	if operr != nil {
+		return os.NewSyscallError("sendmsg", operr)
+	}
+	m.N = n
+	m.NN = len(m.OOB)
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/rawconn_nommsg.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/rawconn_nommsg.go
new file mode 100644
index 000000000..fe5bb942b
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/rawconn_nommsg.go
@@ -0,0 +1,15 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !linux
+
+package socket
+
+func (c *Conn) recvMsgs(ms []Message, flags int) (int, error) {
+	return 0, errNotImplemented
+}
+
+func (c *Conn) sendMsgs(ms []Message, flags int) (int, error) {
+	return 0, errNotImplemented
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/rawconn_nomsg.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/rawconn_nomsg.go
new file mode 100644
index 000000000..e51b60d15
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/rawconn_nomsg.go
@@ -0,0 +1,15 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !aix,!darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd,!solaris,!windows,!zos
+
+package socket
+
+func (c *Conn) recvMsg(m *Message, flags int) error {
+	return errNotImplemented
+}
+
+func (c *Conn) sendMsg(m *Message, flags int) error {
+	return errNotImplemented
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/socket.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/socket.go
new file mode 100644
index 000000000..dba47bf12
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/socket.go
@@ -0,0 +1,280 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package socket provides a portable interface for socket system
+// calls.
+package socket // import "golang.org/x/net/internal/socket"
+
+import (
+	"errors"
+	"net"
+	"runtime"
+	"unsafe"
+)
+
+var errNotImplemented = errors.New("not implemented on " + runtime.GOOS + "/" + runtime.GOARCH)
+
+// An Option represents a sticky socket option.
+type Option struct {
+	Level int // level
+	Name  int // name; must be equal or greater than 1
+	Len   int // length of value in bytes; must be equal or greater than 1
+}
+
+// Get reads a value for the option from the kernel.
+// It returns the number of bytes written into b.
+func (o *Option) Get(c *Conn, b []byte) (int, error) {
+	if o.Name < 1 || o.Len < 1 {
+		return 0, errors.New("invalid option")
+	}
+	if len(b) < o.Len {
+		return 0, errors.New("short buffer")
+	}
+	return o.get(c, b)
+}
+
+// GetInt returns an integer value for the option.
+//
+// The Len field of Option must be either 1 or 4.
+func (o *Option) GetInt(c *Conn) (int, error) {
+	if o.Len != 1 && o.Len != 4 {
+		return 0, errors.New("invalid option")
+	}
+	var b []byte
+	var bb [4]byte
+	if o.Len == 1 {
+		b = bb[:1]
+	} else {
+		b = bb[:4]
+	}
+	n, err := o.get(c, b)
+	if err != nil {
+		return 0, err
+	}
+	if n != o.Len {
+		return 0, errors.New("invalid option length")
+	}
+	if o.Len == 1 {
+		return int(b[0]), nil
+	}
+	return int(NativeEndian.Uint32(b[:4])), nil
+}
+
+// Set writes the option and value to the kernel.
+func (o *Option) Set(c *Conn, b []byte) error {
+	if o.Name < 1 || o.Len < 1 {
+		return errors.New("invalid option")
+	}
+	if len(b) < o.Len {
+		return errors.New("short buffer")
+	}
+	return o.set(c, b)
+}
+
+// SetInt writes the option and value to the kernel.
+//
+// The Len field of Option must be either 1 or 4.
+func (o *Option) SetInt(c *Conn, v int) error {
+	if o.Len != 1 && o.Len != 4 {
+		return errors.New("invalid option")
+	}
+	var b []byte
+	if o.Len == 1 {
+		b = []byte{byte(v)}
+	} else {
+		var bb [4]byte
+		NativeEndian.PutUint32(bb[:o.Len], uint32(v))
+		b = bb[:4]
+	}
+	return o.set(c, b)
+}
+
+// ControlMessageSpace returns the whole length of control message.
+func ControlMessageSpace(dataLen int) int {
+	return controlMessageSpace(dataLen)
+}
+
+// A ControlMessage represents the head message in a stream of control
+// messages.
+//
+// A control message comprises of a header, data and a few padding
+// fields to conform to the interface to the kernel.
+//
+// See RFC 3542 for further information.
+type ControlMessage []byte
+
+// Data returns the data field of the control message at the head on
+// m.
+func (m ControlMessage) Data(dataLen int) []byte {
+	l := controlHeaderLen()
+	if len(m) < l || len(m) < l+dataLen {
+		return nil
+	}
+	return m[l : l+dataLen]
+}
+
+// Next returns the control message at the next on m.
+//
+// Next works only for standard control messages.
+func (m ControlMessage) Next(dataLen int) ControlMessage {
+	l := ControlMessageSpace(dataLen)
+	if len(m) < l {
+		return nil
+	}
+	return m[l:]
+}
+
+// MarshalHeader marshals the header fields of the control message at
+// the head on m.
+func (m ControlMessage) MarshalHeader(lvl, typ, dataLen int) error {
+	if len(m) < controlHeaderLen() {
+		return errors.New("short message")
+	}
+	h := (*cmsghdr)(unsafe.Pointer(&m[0]))
+	h.set(controlMessageLen(dataLen), lvl, typ)
+	return nil
+}
+
+// ParseHeader parses and returns the header fields of the control
+// message at the head on m.
+func (m ControlMessage) ParseHeader() (lvl, typ, dataLen int, err error) {
+	l := controlHeaderLen()
+	if len(m) < l {
+		return 0, 0, 0, errors.New("short message")
+	}
+	h := (*cmsghdr)(unsafe.Pointer(&m[0]))
+	return h.lvl(), h.typ(), int(uint64(h.len()) - uint64(l)), nil
+}
+
+// Marshal marshals the control message at the head on m, and returns
+// the next control message.
+func (m ControlMessage) Marshal(lvl, typ int, data []byte) (ControlMessage, error) {
+	l := len(data)
+	if len(m) < ControlMessageSpace(l) {
+		return nil, errors.New("short message")
+	}
+	h := (*cmsghdr)(unsafe.Pointer(&m[0]))
+	h.set(controlMessageLen(l), lvl, typ)
+	if l > 0 {
+		copy(m.Data(l), data)
+	}
+	return m.Next(l), nil
+}
+
+// Parse parses m as a single or multiple control messages.
+//
+// Parse works for both standard and compatible messages.
+func (m ControlMessage) Parse() ([]ControlMessage, error) {
+	var ms []ControlMessage
+	for len(m) >= controlHeaderLen() {
+		h := (*cmsghdr)(unsafe.Pointer(&m[0]))
+		l := h.len()
+		if l <= 0 {
+			return nil, errors.New("invalid header length")
+		}
+		if uint64(l) < uint64(controlHeaderLen()) {
+			return nil, errors.New("invalid message length")
+		}
+		if uint64(l) > uint64(len(m)) {
+			return nil, errors.New("short buffer")
+		}
+		// On message reception:
+		//
+		// |<- ControlMessageSpace --------------->|
+		// |<- controlMessageLen ---------->|      |
+		// |<- controlHeaderLen ->|         |      |
+		// +---------------+------+---------+------+
+		// |    Header     | PadH |  Data   | PadD |
+		// +---------------+------+---------+------+
+		//
+		// On compatible message reception:
+		//
+		// | ... |<- controlMessageLen ----------->|
+		// | ... |<- controlHeaderLen ->|          |
+		// +-----+---------------+------+----------+
+		// | ... |    Header     | PadH |   Data   |
+		// +-----+---------------+------+----------+
+		ms = append(ms, ControlMessage(m[:l]))
+		ll := l - controlHeaderLen()
+		if len(m) >= ControlMessageSpace(ll) {
+			m = m[ControlMessageSpace(ll):]
+		} else {
+			m = m[controlMessageLen(ll):]
+		}
+	}
+	return ms, nil
+}
+
+// NewControlMessage returns a new stream of control messages.
+func NewControlMessage(dataLen []int) ControlMessage {
+	var l int
+	for i := range dataLen {
+		l += ControlMessageSpace(dataLen[i])
+	}
+	return make([]byte, l)
+}
+
+// A Message represents an IO message.
+type Message struct {
+	// When writing, the Buffers field must contain at least one
+	// byte to write.
+	// When reading, the Buffers field will always contain a byte
+	// to read.
+	Buffers [][]byte
+
+	// OOB contains protocol-specific control or miscellaneous
+	// ancillary data known as out-of-band data.
+	OOB []byte
+
+	// Addr specifies a destination address when writing.
+	// It can be nil when the underlying protocol of the raw
+	// connection uses connection-oriented communication.
+	// After a successful read, it may contain the source address
+	// on the received packet.
+	Addr net.Addr
+
+	N     int // # of bytes read or written from/to Buffers
+	NN    int // # of bytes read or written from/to OOB
+	Flags int // protocol-specific information on the received message
+}
+
+// RecvMsg wraps recvmsg system call.
+//
+// The provided flags is a set of platform-dependent flags, such as
+// syscall.MSG_PEEK.
+func (c *Conn) RecvMsg(m *Message, flags int) error {
+	return c.recvMsg(m, flags)
+}
+
+// SendMsg wraps sendmsg system call.
+//
+// The provided flags is a set of platform-dependent flags, such as
+// syscall.MSG_DONTROUTE.
+func (c *Conn) SendMsg(m *Message, flags int) error {
+	return c.sendMsg(m, flags)
+}
+
+// RecvMsgs wraps recvmmsg system call.
+//
+// It returns the number of processed messages.
+//
+// The provided flags is a set of platform-dependent flags, such as
+// syscall.MSG_PEEK.
+//
+// Only Linux supports this.
+func (c *Conn) RecvMsgs(ms []Message, flags int) (int, error) {
+	return c.recvMsgs(ms, flags)
+}
+
+// SendMsgs wraps sendmmsg system call.
+//
+// It returns the number of processed messages.
+//
+// The provided flags is a set of platform-dependent flags, such as
+// syscall.MSG_DONTROUTE.
+//
+// Only Linux supports this.
+func (c *Conn) SendMsgs(ms []Message, flags int) (int, error) {
+	return c.sendMsgs(ms, flags)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys.go
new file mode 100644
index 000000000..4a26af186
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys.go
@@ -0,0 +1,23 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package socket
+
+import (
+	"encoding/binary"
+	"unsafe"
+)
+
+// NativeEndian is the machine native endian implementation of ByteOrder.
+var NativeEndian binary.ByteOrder
+
+func init() {
+	i := uint32(1)
+	b := (*[4]byte)(unsafe.Pointer(&i))
+	if b[0] == 1 {
+		NativeEndian = binary.LittleEndian
+	} else {
+		NativeEndian = binary.BigEndian
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_bsd.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_bsd.go
new file mode 100644
index 000000000..d432835b4
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_bsd.go
@@ -0,0 +1,15 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build aix darwin dragonfly freebsd openbsd
+
+package socket
+
+func recvmmsg(s uintptr, hs []mmsghdr, flags int) (int, error) {
+	return 0, errNotImplemented
+}
+
+func sendmmsg(s uintptr, hs []mmsghdr, flags int) (int, error) {
+	return 0, errNotImplemented
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_const_unix.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_const_unix.go
new file mode 100644
index 000000000..43797d6e5
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_const_unix.go
@@ -0,0 +1,17 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
+
+package socket
+
+import "golang.org/x/sys/unix"
+
+const (
+	sysAF_UNSPEC = unix.AF_UNSPEC
+	sysAF_INET   = unix.AF_INET
+	sysAF_INET6  = unix.AF_INET6
+
+	sysSOCK_RAW = unix.SOCK_RAW
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_const_zos.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_const_zos.go
new file mode 100644
index 000000000..01b637203
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_const_zos.go
@@ -0,0 +1,17 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build zos
+
+package socket
+
+import "syscall"
+
+const (
+	sysAF_UNSPEC = syscall.AF_UNSPEC
+	sysAF_INET   = syscall.AF_INET
+	sysAF_INET6  = syscall.AF_INET6
+
+	sysSOCK_RAW = syscall.SOCK_RAW
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_linkname.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_linkname.go
new file mode 100644
index 000000000..61c3f38a5
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_linkname.go
@@ -0,0 +1,42 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build aix go1.12,darwin
+
+package socket
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+//go:linkname syscall_getsockopt syscall.getsockopt
+func syscall_getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *uint32) error
+
+func getsockopt(s uintptr, level, name int, b []byte) (int, error) {
+	l := uint32(len(b))
+	err := syscall_getsockopt(int(s), level, name, unsafe.Pointer(&b[0]), &l)
+	return int(l), err
+}
+
+//go:linkname syscall_setsockopt syscall.setsockopt
+func syscall_setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) error
+
+func setsockopt(s uintptr, level, name int, b []byte) error {
+	return syscall_setsockopt(int(s), level, name, unsafe.Pointer(&b[0]), uintptr(len(b)))
+}
+
+//go:linkname syscall_recvmsg syscall.recvmsg
+func syscall_recvmsg(s int, msg *syscall.Msghdr, flags int) (n int, err error)
+
+func recvmsg(s uintptr, h *msghdr, flags int) (int, error) {
+	return syscall_recvmsg(int(s), (*syscall.Msghdr)(unsafe.Pointer(h)), flags)
+}
+
+//go:linkname syscall_sendmsg syscall.sendmsg
+func syscall_sendmsg(s int, msg *syscall.Msghdr, flags int) (n int, err error)
+
+func sendmsg(s uintptr, h *msghdr, flags int) (int, error) {
+	return syscall_sendmsg(int(s), (*syscall.Msghdr)(unsafe.Pointer(h)), flags)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_linux.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_linux.go
new file mode 100644
index 000000000..8b03cd6de
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_linux.go
@@ -0,0 +1,22 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build linux,!s390x,!386
+
+package socket
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+func recvmmsg(s uintptr, hs []mmsghdr, flags int) (int, error) {
+	n, _, errno := syscall.Syscall6(sysRECVMMSG, s, uintptr(unsafe.Pointer(&hs[0])), uintptr(len(hs)), uintptr(flags), 0, 0)
+	return int(n), errnoErr(errno)
+}
+
+func sendmmsg(s uintptr, hs []mmsghdr, flags int) (int, error) {
+	n, _, errno := syscall.Syscall6(sysSENDMMSG, s, uintptr(unsafe.Pointer(&hs[0])), uintptr(len(hs)), uintptr(flags), 0, 0)
+	return int(n), errnoErr(errno)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_linux_386.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_linux_386.go
new file mode 100644
index 000000000..651215321
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_linux_386.go
@@ -0,0 +1,53 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package socket
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+const (
+	sysSETSOCKOPT = 0xe
+	sysGETSOCKOPT = 0xf
+	sysSENDMSG    = 0x10
+	sysRECVMSG    = 0x11
+	sysRECVMMSG   = 0x13
+	sysSENDMMSG   = 0x14
+)
+
+func socketcall(call, a0, a1, a2, a3, a4, a5 uintptr) (uintptr, syscall.Errno)
+func rawsocketcall(call, a0, a1, a2, a3, a4, a5 uintptr) (uintptr, syscall.Errno)
+
+func getsockopt(s uintptr, level, name int, b []byte) (int, error) {
+	l := uint32(len(b))
+	_, errno := socketcall(sysGETSOCKOPT, s, uintptr(level), uintptr(name), uintptr(unsafe.Pointer(&b[0])), uintptr(unsafe.Pointer(&l)), 0)
+	return int(l), errnoErr(errno)
+}
+
+func setsockopt(s uintptr, level, name int, b []byte) error {
+	_, errno := socketcall(sysSETSOCKOPT, s, uintptr(level), uintptr(name), uintptr(unsafe.Pointer(&b[0])), uintptr(len(b)), 0)
+	return errnoErr(errno)
+}
+
+func recvmsg(s uintptr, h *msghdr, flags int) (int, error) {
+	n, errno := socketcall(sysRECVMSG, s, uintptr(unsafe.Pointer(h)), uintptr(flags), 0, 0, 0)
+	return int(n), errnoErr(errno)
+}
+
+func sendmsg(s uintptr, h *msghdr, flags int) (int, error) {
+	n, errno := socketcall(sysSENDMSG, s, uintptr(unsafe.Pointer(h)), uintptr(flags), 0, 0, 0)
+	return int(n), errnoErr(errno)
+}
+
+func recvmmsg(s uintptr, hs []mmsghdr, flags int) (int, error) {
+	n, errno := socketcall(sysRECVMMSG, s, uintptr(unsafe.Pointer(&hs[0])), uintptr(len(hs)), uintptr(flags), 0, 0)
+	return int(n), errnoErr(errno)
+}
+
+func sendmmsg(s uintptr, hs []mmsghdr, flags int) (int, error) {
+	n, errno := socketcall(sysSENDMMSG, s, uintptr(unsafe.Pointer(&hs[0])), uintptr(len(hs)), uintptr(flags), 0, 0)
+	return int(n), errnoErr(errno)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_linux_386.s b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_linux_386.s
new file mode 100644
index 000000000..93e7d75ec
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_linux_386.s
@@ -0,0 +1,11 @@
+// Copyright 2014 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+#include "textflag.h"
+
+TEXT	·socketcall(SB),NOSPLIT,$0-36
+	JMP	syscall·socketcall(SB)
+
+TEXT	·rawsocketcall(SB),NOSPLIT,$0-36
+	JMP	syscall·rawsocketcall(SB)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_linux_amd64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_linux_amd64.go
new file mode 100644
index 000000000..9decee2e5
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_linux_amd64.go
@@ -0,0 +1,10 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package socket
+
+const (
+	sysRECVMMSG = 0x12b
+	sysSENDMMSG = 0x133
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_linux_arm.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_linux_arm.go
new file mode 100644
index 000000000..d753b436d
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_linux_arm.go
@@ -0,0 +1,10 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package socket
+
+const (
+	sysRECVMMSG = 0x16d
+	sysSENDMMSG = 0x176
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_linux_arm64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_linux_arm64.go
new file mode 100644
index 000000000..b67089436
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_linux_arm64.go
@@ -0,0 +1,10 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package socket
+
+const (
+	sysRECVMMSG = 0xf3
+	sysSENDMMSG = 0x10d
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_linux_mips.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_linux_mips.go
new file mode 100644
index 000000000..9c0d74014
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_linux_mips.go
@@ -0,0 +1,10 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package socket
+
+const (
+	sysRECVMMSG = 0x10ef
+	sysSENDMMSG = 0x10f7
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_linux_mips64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_linux_mips64.go
new file mode 100644
index 000000000..071a4aba8
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_linux_mips64.go
@@ -0,0 +1,10 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package socket
+
+const (
+	sysRECVMMSG = 0x14ae
+	sysSENDMMSG = 0x14b6
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_linux_mips64le.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_linux_mips64le.go
new file mode 100644
index 000000000..071a4aba8
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_linux_mips64le.go
@@ -0,0 +1,10 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package socket
+
+const (
+	sysRECVMMSG = 0x14ae
+	sysSENDMMSG = 0x14b6
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_linux_mipsle.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_linux_mipsle.go
new file mode 100644
index 000000000..9c0d74014
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_linux_mipsle.go
@@ -0,0 +1,10 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package socket
+
+const (
+	sysRECVMMSG = 0x10ef
+	sysSENDMMSG = 0x10f7
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_linux_ppc64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_linux_ppc64.go
new file mode 100644
index 000000000..21c1e3f00
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_linux_ppc64.go
@@ -0,0 +1,10 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package socket
+
+const (
+	sysRECVMMSG = 0x157
+	sysSENDMMSG = 0x15d
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_linux_ppc64le.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_linux_ppc64le.go
new file mode 100644
index 000000000..21c1e3f00
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_linux_ppc64le.go
@@ -0,0 +1,10 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package socket
+
+const (
+	sysRECVMMSG = 0x157
+	sysSENDMMSG = 0x15d
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_linux_riscv64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_linux_riscv64.go
new file mode 100644
index 000000000..64f69f1dc
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_linux_riscv64.go
@@ -0,0 +1,12 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build riscv64
+
+package socket
+
+const (
+	sysRECVMMSG = 0xf3
+	sysSENDMMSG = 0x10d
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_linux_s390x.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_linux_s390x.go
new file mode 100644
index 000000000..651215321
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_linux_s390x.go
@@ -0,0 +1,53 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package socket
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+const (
+	sysSETSOCKOPT = 0xe
+	sysGETSOCKOPT = 0xf
+	sysSENDMSG    = 0x10
+	sysRECVMSG    = 0x11
+	sysRECVMMSG   = 0x13
+	sysSENDMMSG   = 0x14
+)
+
+func socketcall(call, a0, a1, a2, a3, a4, a5 uintptr) (uintptr, syscall.Errno)
+func rawsocketcall(call, a0, a1, a2, a3, a4, a5 uintptr) (uintptr, syscall.Errno)
+
+func getsockopt(s uintptr, level, name int, b []byte) (int, error) {
+	l := uint32(len(b))
+	_, errno := socketcall(sysGETSOCKOPT, s, uintptr(level), uintptr(name), uintptr(unsafe.Pointer(&b[0])), uintptr(unsafe.Pointer(&l)), 0)
+	return int(l), errnoErr(errno)
+}
+
+func setsockopt(s uintptr, level, name int, b []byte) error {
+	_, errno := socketcall(sysSETSOCKOPT, s, uintptr(level), uintptr(name), uintptr(unsafe.Pointer(&b[0])), uintptr(len(b)), 0)
+	return errnoErr(errno)
+}
+
+func recvmsg(s uintptr, h *msghdr, flags int) (int, error) {
+	n, errno := socketcall(sysRECVMSG, s, uintptr(unsafe.Pointer(h)), uintptr(flags), 0, 0, 0)
+	return int(n), errnoErr(errno)
+}
+
+func sendmsg(s uintptr, h *msghdr, flags int) (int, error) {
+	n, errno := socketcall(sysSENDMSG, s, uintptr(unsafe.Pointer(h)), uintptr(flags), 0, 0, 0)
+	return int(n), errnoErr(errno)
+}
+
+func recvmmsg(s uintptr, hs []mmsghdr, flags int) (int, error) {
+	n, errno := socketcall(sysRECVMMSG, s, uintptr(unsafe.Pointer(&hs[0])), uintptr(len(hs)), uintptr(flags), 0, 0)
+	return int(n), errnoErr(errno)
+}
+
+func sendmmsg(s uintptr, hs []mmsghdr, flags int) (int, error) {
+	n, errno := socketcall(sysSENDMMSG, s, uintptr(unsafe.Pointer(&hs[0])), uintptr(len(hs)), uintptr(flags), 0, 0)
+	return int(n), errnoErr(errno)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_linux_s390x.s b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_linux_s390x.s
new file mode 100644
index 000000000..06d75628c
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_linux_s390x.s
@@ -0,0 +1,11 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+#include "textflag.h"
+
+TEXT	·socketcall(SB),NOSPLIT,$0-72
+	JMP	syscall·socketcall(SB)
+
+TEXT	·rawsocketcall(SB),NOSPLIT,$0-72
+	JMP	syscall·rawsocketcall(SB)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_netbsd.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_netbsd.go
new file mode 100644
index 000000000..431851c12
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_netbsd.go
@@ -0,0 +1,25 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package socket
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+const (
+	sysRECVMMSG = 0x1db
+	sysSENDMMSG = 0x1dc
+)
+
+func recvmmsg(s uintptr, hs []mmsghdr, flags int) (int, error) {
+	n, _, errno := syscall.Syscall6(sysRECVMMSG, s, uintptr(unsafe.Pointer(&hs[0])), uintptr(len(hs)), uintptr(flags), 0, 0)
+	return int(n), errnoErr(errno)
+}
+
+func sendmmsg(s uintptr, hs []mmsghdr, flags int) (int, error) {
+	n, _, errno := syscall.Syscall6(sysSENDMMSG, s, uintptr(unsafe.Pointer(&hs[0])), uintptr(len(hs)), uintptr(flags), 0, 0)
+	return int(n), errnoErr(errno)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_posix.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_posix.go
new file mode 100644
index 000000000..05ded237e
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_posix.go
@@ -0,0 +1,183 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris windows zos
+
+package socket
+
+import (
+	"encoding/binary"
+	"errors"
+	"net"
+	"runtime"
+	"strconv"
+	"sync"
+	"time"
+)
+
+func marshalInetAddr(a net.Addr) []byte {
+	switch a := a.(type) {
+	case *net.TCPAddr:
+		return marshalSockaddr(a.IP, a.Port, a.Zone)
+	case *net.UDPAddr:
+		return marshalSockaddr(a.IP, a.Port, a.Zone)
+	case *net.IPAddr:
+		return marshalSockaddr(a.IP, 0, a.Zone)
+	default:
+		return nil
+	}
+}
+
+func marshalSockaddr(ip net.IP, port int, zone string) []byte {
+	if ip4 := ip.To4(); ip4 != nil {
+		b := make([]byte, sizeofSockaddrInet)
+		switch runtime.GOOS {
+		case "android", "illumos", "linux", "solaris", "windows":
+			NativeEndian.PutUint16(b[:2], uint16(sysAF_INET))
+		default:
+			b[0] = sizeofSockaddrInet
+			b[1] = sysAF_INET
+		}
+		binary.BigEndian.PutUint16(b[2:4], uint16(port))
+		copy(b[4:8], ip4)
+		return b
+	}
+	if ip6 := ip.To16(); ip6 != nil && ip.To4() == nil {
+		b := make([]byte, sizeofSockaddrInet6)
+		switch runtime.GOOS {
+		case "android", "illumos", "linux", "solaris", "windows":
+			NativeEndian.PutUint16(b[:2], uint16(sysAF_INET6))
+		default:
+			b[0] = sizeofSockaddrInet6
+			b[1] = sysAF_INET6
+		}
+		binary.BigEndian.PutUint16(b[2:4], uint16(port))
+		copy(b[8:24], ip6)
+		if zone != "" {
+			NativeEndian.PutUint32(b[24:28], uint32(zoneCache.index(zone)))
+		}
+		return b
+	}
+	return nil
+}
+
+func parseInetAddr(b []byte, network string) (net.Addr, error) {
+	if len(b) < 2 {
+		return nil, errors.New("invalid address")
+	}
+	var af int
+	switch runtime.GOOS {
+	case "android", "illumos", "linux", "solaris", "windows":
+		af = int(NativeEndian.Uint16(b[:2]))
+	default:
+		af = int(b[1])
+	}
+	var ip net.IP
+	var zone string
+	if af == sysAF_INET {
+		if len(b) < sizeofSockaddrInet {
+			return nil, errors.New("short address")
+		}
+		ip = make(net.IP, net.IPv4len)
+		copy(ip, b[4:8])
+	}
+	if af == sysAF_INET6 {
+		if len(b) < sizeofSockaddrInet6 {
+			return nil, errors.New("short address")
+		}
+		ip = make(net.IP, net.IPv6len)
+		copy(ip, b[8:24])
+		if id := int(NativeEndian.Uint32(b[24:28])); id > 0 {
+			zone = zoneCache.name(id)
+		}
+	}
+	switch network {
+	case "tcp", "tcp4", "tcp6":
+		return &net.TCPAddr{IP: ip, Port: int(binary.BigEndian.Uint16(b[2:4])), Zone: zone}, nil
+	case "udp", "udp4", "udp6":
+		return &net.UDPAddr{IP: ip, Port: int(binary.BigEndian.Uint16(b[2:4])), Zone: zone}, nil
+	default:
+		return &net.IPAddr{IP: ip, Zone: zone}, nil
+	}
+}
+
+// An ipv6ZoneCache represents a cache holding partial network
+// interface information. It is used for reducing the cost of IPv6
+// addressing scope zone resolution.
+//
+// Multiple names sharing the index are managed by first-come
+// first-served basis for consistency.
+type ipv6ZoneCache struct {
+	sync.RWMutex                // guard the following
+	lastFetched  time.Time      // last time routing information was fetched
+	toIndex      map[string]int // interface name to its index
+	toName       map[int]string // interface index to its name
+}
+
+var zoneCache = ipv6ZoneCache{
+	toIndex: make(map[string]int),
+	toName:  make(map[int]string),
+}
+
+// update refreshes the network interface information if the cache was last
+// updated more than 1 minute ago, or if force is set. It returns whether the
+// cache was updated.
+func (zc *ipv6ZoneCache) update(ift []net.Interface, force bool) (updated bool) {
+	zc.Lock()
+	defer zc.Unlock()
+	now := time.Now()
+	if !force && zc.lastFetched.After(now.Add(-60*time.Second)) {
+		return false
+	}
+	zc.lastFetched = now
+	if len(ift) == 0 {
+		var err error
+		if ift, err = net.Interfaces(); err != nil {
+			return false
+		}
+	}
+	zc.toIndex = make(map[string]int, len(ift))
+	zc.toName = make(map[int]string, len(ift))
+	for _, ifi := range ift {
+		zc.toIndex[ifi.Name] = ifi.Index
+		if _, ok := zc.toName[ifi.Index]; !ok {
+			zc.toName[ifi.Index] = ifi.Name
+		}
+	}
+	return true
+}
+
+func (zc *ipv6ZoneCache) name(zone int) string {
+	updated := zoneCache.update(nil, false)
+	zoneCache.RLock()
+	name, ok := zoneCache.toName[zone]
+	zoneCache.RUnlock()
+	if !ok && !updated {
+		zoneCache.update(nil, true)
+		zoneCache.RLock()
+		name, ok = zoneCache.toName[zone]
+		zoneCache.RUnlock()
+	}
+	if !ok { // last resort
+		name = strconv.Itoa(zone)
+	}
+	return name
+}
+
+func (zc *ipv6ZoneCache) index(zone string) int {
+	updated := zoneCache.update(nil, false)
+	zoneCache.RLock()
+	index, ok := zoneCache.toIndex[zone]
+	zoneCache.RUnlock()
+	if !ok && !updated {
+		zoneCache.update(nil, true)
+		zoneCache.RLock()
+		index, ok = zoneCache.toIndex[zone]
+		zoneCache.RUnlock()
+	}
+	if !ok { // last resort
+		index, _ = strconv.Atoi(zone)
+	}
+	return index
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_solaris.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_solaris.go
new file mode 100644
index 000000000..e79ca9518
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_solaris.go
@@ -0,0 +1,59 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package socket
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+//go:cgo_import_dynamic libc___xnet_getsockopt __xnet_getsockopt "libsocket.so"
+//go:cgo_import_dynamic libc_setsockopt setsockopt "libsocket.so"
+//go:cgo_import_dynamic libc___xnet_recvmsg __xnet_recvmsg "libsocket.so"
+//go:cgo_import_dynamic libc___xnet_sendmsg __xnet_sendmsg "libsocket.so"
+
+//go:linkname procGetsockopt libc___xnet_getsockopt
+//go:linkname procSetsockopt libc_setsockopt
+//go:linkname procRecvmsg libc___xnet_recvmsg
+//go:linkname procSendmsg libc___xnet_sendmsg
+
+var (
+	procGetsockopt uintptr
+	procSetsockopt uintptr
+	procRecvmsg    uintptr
+	procSendmsg    uintptr
+)
+
+func sysvicall6(trap, nargs, a1, a2, a3, a4, a5, a6 uintptr) (uintptr, uintptr, syscall.Errno)
+func rawSysvicall6(trap, nargs, a1, a2, a3, a4, a5, a6 uintptr) (uintptr, uintptr, syscall.Errno)
+
+func getsockopt(s uintptr, level, name int, b []byte) (int, error) {
+	l := uint32(len(b))
+	_, _, errno := sysvicall6(uintptr(unsafe.Pointer(&procGetsockopt)), 5, s, uintptr(level), uintptr(name), uintptr(unsafe.Pointer(&b[0])), uintptr(unsafe.Pointer(&l)), 0)
+	return int(l), errnoErr(errno)
+}
+
+func setsockopt(s uintptr, level, name int, b []byte) error {
+	_, _, errno := sysvicall6(uintptr(unsafe.Pointer(&procSetsockopt)), 5, s, uintptr(level), uintptr(name), uintptr(unsafe.Pointer(&b[0])), uintptr(len(b)), 0)
+	return errnoErr(errno)
+}
+
+func recvmsg(s uintptr, h *msghdr, flags int) (int, error) {
+	n, _, errno := sysvicall6(uintptr(unsafe.Pointer(&procRecvmsg)), 3, s, uintptr(unsafe.Pointer(h)), uintptr(flags), 0, 0, 0)
+	return int(n), errnoErr(errno)
+}
+
+func sendmsg(s uintptr, h *msghdr, flags int) (int, error) {
+	n, _, errno := sysvicall6(uintptr(unsafe.Pointer(&procSendmsg)), 3, s, uintptr(unsafe.Pointer(h)), uintptr(flags), 0, 0, 0)
+	return int(n), errnoErr(errno)
+}
+
+func recvmmsg(s uintptr, hs []mmsghdr, flags int) (int, error) {
+	return 0, errNotImplemented
+}
+
+func sendmmsg(s uintptr, hs []mmsghdr, flags int) (int, error) {
+	return 0, errNotImplemented
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_solaris_amd64.s b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_solaris_amd64.s
new file mode 100644
index 000000000..a18ac5ed7
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_solaris_amd64.s
@@ -0,0 +1,11 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+#include "textflag.h"
+
+TEXT	·sysvicall6(SB),NOSPLIT,$0-88
+	JMP	syscall·sysvicall6(SB)
+
+TEXT	·rawSysvicall6(SB),NOSPLIT,$0-88
+	JMP	syscall·rawSysvicall6(SB)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_stub.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_stub.go
new file mode 100644
index 000000000..3c97008da
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_stub.go
@@ -0,0 +1,49 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !aix,!darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd,!solaris,!windows,!zos
+
+package socket
+
+import "net"
+
+const (
+	sysAF_UNSPEC = 0x0
+	sysAF_INET   = 0x2
+	sysAF_INET6  = 0xa
+
+	sysSOCK_RAW = 0x3
+)
+
+func marshalInetAddr(ip net.IP, port int, zone string) []byte {
+	return nil
+}
+
+func parseInetAddr(b []byte, network string) (net.Addr, error) {
+	return nil, errNotImplemented
+}
+
+func getsockopt(s uintptr, level, name int, b []byte) (int, error) {
+	return 0, errNotImplemented
+}
+
+func setsockopt(s uintptr, level, name int, b []byte) error {
+	return errNotImplemented
+}
+
+func recvmsg(s uintptr, h *msghdr, flags int) (int, error) {
+	return 0, errNotImplemented
+}
+
+func sendmsg(s uintptr, h *msghdr, flags int) (int, error) {
+	return 0, errNotImplemented
+}
+
+func recvmmsg(s uintptr, hs []mmsghdr, flags int) (int, error) {
+	return 0, errNotImplemented
+}
+
+func sendmmsg(s uintptr, hs []mmsghdr, flags int) (int, error) {
+	return 0, errNotImplemented
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_unix.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_unix.go
new file mode 100644
index 000000000..0eb71283f
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_unix.go
@@ -0,0 +1,33 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build dragonfly freebsd linux,!s390x,!386 netbsd openbsd
+
+package socket
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+func getsockopt(s uintptr, level, name int, b []byte) (int, error) {
+	l := uint32(len(b))
+	_, _, errno := syscall.Syscall6(syscall.SYS_GETSOCKOPT, s, uintptr(level), uintptr(name), uintptr(unsafe.Pointer(&b[0])), uintptr(unsafe.Pointer(&l)), 0)
+	return int(l), errnoErr(errno)
+}
+
+func setsockopt(s uintptr, level, name int, b []byte) error {
+	_, _, errno := syscall.Syscall6(syscall.SYS_SETSOCKOPT, s, uintptr(level), uintptr(name), uintptr(unsafe.Pointer(&b[0])), uintptr(len(b)), 0)
+	return errnoErr(errno)
+}
+
+func recvmsg(s uintptr, h *msghdr, flags int) (int, error) {
+	n, _, errno := syscall.Syscall(syscall.SYS_RECVMSG, s, uintptr(unsafe.Pointer(h)), uintptr(flags))
+	return int(n), errnoErr(errno)
+}
+
+func sendmsg(s uintptr, h *msghdr, flags int) (int, error) {
+	n, _, errno := syscall.Syscall(syscall.SYS_SENDMSG, s, uintptr(unsafe.Pointer(h)), uintptr(flags))
+	return int(n), errnoErr(errno)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_windows.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_windows.go
new file mode 100644
index 000000000..d556a4461
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_windows.go
@@ -0,0 +1,71 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package socket
+
+import (
+	"syscall"
+	"unsafe"
+
+	"golang.org/x/sys/windows"
+)
+
+func probeProtocolStack() int {
+	var p uintptr
+	return int(unsafe.Sizeof(p))
+}
+
+const (
+	sysAF_UNSPEC = windows.AF_UNSPEC
+	sysAF_INET   = windows.AF_INET
+	sysAF_INET6  = windows.AF_INET6
+
+	sysSOCK_RAW = windows.SOCK_RAW
+)
+
+type sockaddrInet struct {
+	Family uint16
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]uint8
+}
+
+type sockaddrInet6 struct {
+	Family   uint16
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+const (
+	sizeofSockaddrInet  = 0x10
+	sizeofSockaddrInet6 = 0x1c
+)
+
+func getsockopt(s uintptr, level, name int, b []byte) (int, error) {
+	l := uint32(len(b))
+	err := syscall.Getsockopt(syscall.Handle(s), int32(level), int32(name), (*byte)(unsafe.Pointer(&b[0])), (*int32)(unsafe.Pointer(&l)))
+	return int(l), err
+}
+
+func setsockopt(s uintptr, level, name int, b []byte) error {
+	return syscall.Setsockopt(syscall.Handle(s), int32(level), int32(name), (*byte)(unsafe.Pointer(&b[0])), int32(len(b)))
+}
+
+func recvmsg(s uintptr, h *msghdr, flags int) (int, error) {
+	return 0, errNotImplemented
+}
+
+func sendmsg(s uintptr, h *msghdr, flags int) (int, error) {
+	return 0, errNotImplemented
+}
+
+func recvmmsg(s uintptr, hs []mmsghdr, flags int) (int, error) {
+	return 0, errNotImplemented
+}
+
+func sendmmsg(s uintptr, hs []mmsghdr, flags int) (int, error) {
+	return 0, errNotImplemented
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_zos_s390x.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_zos_s390x.go
new file mode 100644
index 000000000..1e38b9223
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_zos_s390x.go
@@ -0,0 +1,38 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package socket
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+func syscall_syscall(trap, a1, a2, a3 uintptr) (r1, r2 uintptr, err syscall.Errno)
+func syscall_syscall6(trap, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err syscall.Errno)
+
+func probeProtocolStack() int {
+	return 4 // sizeof(int) on GOOS=zos GOARCH=s390x
+}
+
+func getsockopt(s uintptr, level, name int, b []byte) (int, error) {
+	l := uint32(len(b))
+	_, _, errno := syscall_syscall6(syscall.SYS_GETSOCKOPT, s, uintptr(level), uintptr(name), uintptr(unsafe.Pointer(&b[0])), uintptr(unsafe.Pointer(&l)), 0)
+	return int(l), errnoErr(errno)
+}
+
+func setsockopt(s uintptr, level, name int, b []byte) error {
+	_, _, errno := syscall_syscall6(syscall.SYS_SETSOCKOPT, s, uintptr(level), uintptr(name), uintptr(unsafe.Pointer(&b[0])), uintptr(len(b)), 0)
+	return errnoErr(errno)
+}
+
+func recvmsg(s uintptr, h *msghdr, flags int) (int, error) {
+	n, _, errno := syscall_syscall(syscall.SYS___RECVMSG_A, s, uintptr(unsafe.Pointer(h)), uintptr(flags))
+	return int(n), errnoErr(errno)
+}
+
+func sendmsg(s uintptr, h *msghdr, flags int) (int, error) {
+	n, _, errno := syscall_syscall(syscall.SYS___SENDMSG_A, s, uintptr(unsafe.Pointer(h)), uintptr(flags))
+	return int(n), errnoErr(errno)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_zos_s390x.s b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_zos_s390x.s
new file mode 100644
index 000000000..60d5839c2
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/sys_zos_s390x.s
@@ -0,0 +1,11 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+#include "textflag.h"
+
+TEXT ·syscall_syscall(SB),NOSPLIT,$0
+        JMP     syscall·_syscall(SB)
+
+TEXT ·syscall_syscall6(SB),NOSPLIT,$0
+        JMP     syscall·_syscall6(SB)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_aix_ppc64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_aix_ppc64.go
new file mode 100644
index 000000000..93d923ad7
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_aix_ppc64.go
@@ -0,0 +1,59 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_aix.go
+
+// Added for go1.11 compatibility
+// +build aix
+
+package socket
+
+type iovec struct {
+	Base *byte
+	Len  uint64
+}
+
+type msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Iov        *iovec
+	Iovlen     int32
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type mmsghdr struct {
+	Hdr       msghdr
+	Len       uint32
+	Pad_cgo_0 [4]byte
+}
+
+type cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type sockaddrInet struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]uint8
+}
+
+type sockaddrInet6 struct {
+	Len      uint8
+	Family   uint8
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+const (
+	sizeofIovec  = 0x10
+	sizeofMsghdr = 0x30
+
+	sizeofSockaddrInet  = 0x10
+	sizeofSockaddrInet6 = 0x1c
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_darwin_386.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_darwin_386.go
new file mode 100644
index 000000000..150f980f5
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_darwin_386.go
@@ -0,0 +1,50 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_darwin.go
+
+package socket
+
+type iovec struct {
+	Base *byte
+	Len  uint32
+}
+
+type msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Iov        *iovec
+	Iovlen     int32
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type sockaddrInet struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]int8
+}
+
+type sockaddrInet6 struct {
+	Len      uint8
+	Family   uint8
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+const (
+	sizeofIovec  = 0x8
+	sizeofMsghdr = 0x1c
+
+	sizeofSockaddrInet  = 0x10
+	sizeofSockaddrInet6 = 0x1c
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_darwin_amd64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_darwin_amd64.go
new file mode 100644
index 000000000..a686c9528
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_darwin_amd64.go
@@ -0,0 +1,52 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_darwin.go
+
+package socket
+
+type iovec struct {
+	Base *byte
+	Len  uint64
+}
+
+type msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Pad_cgo_0  [4]byte
+	Iov        *iovec
+	Iovlen     int32
+	Pad_cgo_1  [4]byte
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type sockaddrInet struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]int8
+}
+
+type sockaddrInet6 struct {
+	Len      uint8
+	Family   uint8
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+const (
+	sizeofIovec  = 0x10
+	sizeofMsghdr = 0x30
+
+	sizeofSockaddrInet  = 0x10
+	sizeofSockaddrInet6 = 0x1c
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_darwin_arm.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_darwin_arm.go
new file mode 100644
index 000000000..150f980f5
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_darwin_arm.go
@@ -0,0 +1,50 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_darwin.go
+
+package socket
+
+type iovec struct {
+	Base *byte
+	Len  uint32
+}
+
+type msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Iov        *iovec
+	Iovlen     int32
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type sockaddrInet struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]int8
+}
+
+type sockaddrInet6 struct {
+	Len      uint8
+	Family   uint8
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+const (
+	sizeofIovec  = 0x8
+	sizeofMsghdr = 0x1c
+
+	sizeofSockaddrInet  = 0x10
+	sizeofSockaddrInet6 = 0x1c
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_darwin_arm64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_darwin_arm64.go
new file mode 100644
index 000000000..a686c9528
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_darwin_arm64.go
@@ -0,0 +1,52 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_darwin.go
+
+package socket
+
+type iovec struct {
+	Base *byte
+	Len  uint64
+}
+
+type msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Pad_cgo_0  [4]byte
+	Iov        *iovec
+	Iovlen     int32
+	Pad_cgo_1  [4]byte
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type sockaddrInet struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]int8
+}
+
+type sockaddrInet6 struct {
+	Len      uint8
+	Family   uint8
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+const (
+	sizeofIovec  = 0x10
+	sizeofMsghdr = 0x30
+
+	sizeofSockaddrInet  = 0x10
+	sizeofSockaddrInet6 = 0x1c
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_dragonfly_amd64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_dragonfly_amd64.go
new file mode 100644
index 000000000..d45c197e2
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_dragonfly_amd64.go
@@ -0,0 +1,52 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_dragonfly.go
+
+package socket
+
+type iovec struct {
+	Base *byte
+	Len  uint64
+}
+
+type msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Pad_cgo_0  [4]byte
+	Iov        *iovec
+	Iovlen     int32
+	Pad_cgo_1  [4]byte
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type sockaddrInet struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]int8
+}
+
+type sockaddrInet6 struct {
+	Len      uint8
+	Family   uint8
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+const (
+	sizeofIovec  = 0x10
+	sizeofMsghdr = 0x30
+
+	sizeofSockaddrInet  = 0x10
+	sizeofSockaddrInet6 = 0x1c
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_freebsd_386.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_freebsd_386.go
new file mode 100644
index 000000000..ffec860ea
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_freebsd_386.go
@@ -0,0 +1,50 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_freebsd.go
+
+package socket
+
+type iovec struct {
+	Base *byte
+	Len  uint32
+}
+
+type msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Iov        *iovec
+	Iovlen     int32
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type sockaddrInet struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]int8
+}
+
+type sockaddrInet6 struct {
+	Len      uint8
+	Family   uint8
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+const (
+	sizeofIovec  = 0x8
+	sizeofMsghdr = 0x1c
+
+	sizeofSockaddrInet  = 0x10
+	sizeofSockaddrInet6 = 0x1c
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_freebsd_amd64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_freebsd_amd64.go
new file mode 100644
index 000000000..aa701ab67
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_freebsd_amd64.go
@@ -0,0 +1,52 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_freebsd.go
+
+package socket
+
+type iovec struct {
+	Base *byte
+	Len  uint64
+}
+
+type msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Pad_cgo_0  [4]byte
+	Iov        *iovec
+	Iovlen     int32
+	Pad_cgo_1  [4]byte
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type sockaddrInet struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]int8
+}
+
+type sockaddrInet6 struct {
+	Len      uint8
+	Family   uint8
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+const (
+	sizeofIovec  = 0x10
+	sizeofMsghdr = 0x30
+
+	sizeofSockaddrInet  = 0x10
+	sizeofSockaddrInet6 = 0x1c
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_freebsd_arm.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_freebsd_arm.go
new file mode 100644
index 000000000..ffec860ea
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_freebsd_arm.go
@@ -0,0 +1,50 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_freebsd.go
+
+package socket
+
+type iovec struct {
+	Base *byte
+	Len  uint32
+}
+
+type msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Iov        *iovec
+	Iovlen     int32
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type sockaddrInet struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]int8
+}
+
+type sockaddrInet6 struct {
+	Len      uint8
+	Family   uint8
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+const (
+	sizeofIovec  = 0x8
+	sizeofMsghdr = 0x1c
+
+	sizeofSockaddrInet  = 0x10
+	sizeofSockaddrInet6 = 0x1c
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_freebsd_arm64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_freebsd_arm64.go
new file mode 100644
index 000000000..aa701ab67
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_freebsd_arm64.go
@@ -0,0 +1,52 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_freebsd.go
+
+package socket
+
+type iovec struct {
+	Base *byte
+	Len  uint64
+}
+
+type msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Pad_cgo_0  [4]byte
+	Iov        *iovec
+	Iovlen     int32
+	Pad_cgo_1  [4]byte
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type sockaddrInet struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]int8
+}
+
+type sockaddrInet6 struct {
+	Len      uint8
+	Family   uint8
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+const (
+	sizeofIovec  = 0x10
+	sizeofMsghdr = 0x30
+
+	sizeofSockaddrInet  = 0x10
+	sizeofSockaddrInet6 = 0x1c
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_linux_386.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_linux_386.go
new file mode 100644
index 000000000..0c847bee7
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_linux_386.go
@@ -0,0 +1,53 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_linux.go
+
+package socket
+
+type iovec struct {
+	Base *byte
+	Len  uint32
+}
+
+type msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Iov        *iovec
+	Iovlen     uint32
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type mmsghdr struct {
+	Hdr msghdr
+	Len uint32
+}
+
+type cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type sockaddrInet struct {
+	Family uint16
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	X__pad [8]uint8
+}
+
+type sockaddrInet6 struct {
+	Family   uint16
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+const (
+	sizeofIovec  = 0x8
+	sizeofMsghdr = 0x1c
+
+	sizeofSockaddrInet  = 0x10
+	sizeofSockaddrInet6 = 0x1c
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_linux_amd64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_linux_amd64.go
new file mode 100644
index 000000000..15e2aecaa
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_linux_amd64.go
@@ -0,0 +1,56 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_linux.go
+
+package socket
+
+type iovec struct {
+	Base *byte
+	Len  uint64
+}
+
+type msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Pad_cgo_0  [4]byte
+	Iov        *iovec
+	Iovlen     uint64
+	Control    *byte
+	Controllen uint64
+	Flags      int32
+	Pad_cgo_1  [4]byte
+}
+
+type mmsghdr struct {
+	Hdr       msghdr
+	Len       uint32
+	Pad_cgo_0 [4]byte
+}
+
+type cmsghdr struct {
+	Len   uint64
+	Level int32
+	Type  int32
+}
+
+type sockaddrInet struct {
+	Family uint16
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	X__pad [8]uint8
+}
+
+type sockaddrInet6 struct {
+	Family   uint16
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+const (
+	sizeofIovec  = 0x10
+	sizeofMsghdr = 0x38
+
+	sizeofSockaddrInet  = 0x10
+	sizeofSockaddrInet6 = 0x1c
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_linux_arm.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_linux_arm.go
new file mode 100644
index 000000000..0c847bee7
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_linux_arm.go
@@ -0,0 +1,53 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_linux.go
+
+package socket
+
+type iovec struct {
+	Base *byte
+	Len  uint32
+}
+
+type msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Iov        *iovec
+	Iovlen     uint32
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type mmsghdr struct {
+	Hdr msghdr
+	Len uint32
+}
+
+type cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type sockaddrInet struct {
+	Family uint16
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	X__pad [8]uint8
+}
+
+type sockaddrInet6 struct {
+	Family   uint16
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+const (
+	sizeofIovec  = 0x8
+	sizeofMsghdr = 0x1c
+
+	sizeofSockaddrInet  = 0x10
+	sizeofSockaddrInet6 = 0x1c
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_linux_arm64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_linux_arm64.go
new file mode 100644
index 000000000..15e2aecaa
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_linux_arm64.go
@@ -0,0 +1,56 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_linux.go
+
+package socket
+
+type iovec struct {
+	Base *byte
+	Len  uint64
+}
+
+type msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Pad_cgo_0  [4]byte
+	Iov        *iovec
+	Iovlen     uint64
+	Control    *byte
+	Controllen uint64
+	Flags      int32
+	Pad_cgo_1  [4]byte
+}
+
+type mmsghdr struct {
+	Hdr       msghdr
+	Len       uint32
+	Pad_cgo_0 [4]byte
+}
+
+type cmsghdr struct {
+	Len   uint64
+	Level int32
+	Type  int32
+}
+
+type sockaddrInet struct {
+	Family uint16
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	X__pad [8]uint8
+}
+
+type sockaddrInet6 struct {
+	Family   uint16
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+const (
+	sizeofIovec  = 0x10
+	sizeofMsghdr = 0x38
+
+	sizeofSockaddrInet  = 0x10
+	sizeofSockaddrInet6 = 0x1c
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_linux_mips.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_linux_mips.go
new file mode 100644
index 000000000..0c847bee7
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_linux_mips.go
@@ -0,0 +1,53 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_linux.go
+
+package socket
+
+type iovec struct {
+	Base *byte
+	Len  uint32
+}
+
+type msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Iov        *iovec
+	Iovlen     uint32
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type mmsghdr struct {
+	Hdr msghdr
+	Len uint32
+}
+
+type cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type sockaddrInet struct {
+	Family uint16
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	X__pad [8]uint8
+}
+
+type sockaddrInet6 struct {
+	Family   uint16
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+const (
+	sizeofIovec  = 0x8
+	sizeofMsghdr = 0x1c
+
+	sizeofSockaddrInet  = 0x10
+	sizeofSockaddrInet6 = 0x1c
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_linux_mips64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_linux_mips64.go
new file mode 100644
index 000000000..15e2aecaa
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_linux_mips64.go
@@ -0,0 +1,56 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_linux.go
+
+package socket
+
+type iovec struct {
+	Base *byte
+	Len  uint64
+}
+
+type msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Pad_cgo_0  [4]byte
+	Iov        *iovec
+	Iovlen     uint64
+	Control    *byte
+	Controllen uint64
+	Flags      int32
+	Pad_cgo_1  [4]byte
+}
+
+type mmsghdr struct {
+	Hdr       msghdr
+	Len       uint32
+	Pad_cgo_0 [4]byte
+}
+
+type cmsghdr struct {
+	Len   uint64
+	Level int32
+	Type  int32
+}
+
+type sockaddrInet struct {
+	Family uint16
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	X__pad [8]uint8
+}
+
+type sockaddrInet6 struct {
+	Family   uint16
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+const (
+	sizeofIovec  = 0x10
+	sizeofMsghdr = 0x38
+
+	sizeofSockaddrInet  = 0x10
+	sizeofSockaddrInet6 = 0x1c
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_linux_mips64le.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_linux_mips64le.go
new file mode 100644
index 000000000..15e2aecaa
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_linux_mips64le.go
@@ -0,0 +1,56 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_linux.go
+
+package socket
+
+type iovec struct {
+	Base *byte
+	Len  uint64
+}
+
+type msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Pad_cgo_0  [4]byte
+	Iov        *iovec
+	Iovlen     uint64
+	Control    *byte
+	Controllen uint64
+	Flags      int32
+	Pad_cgo_1  [4]byte
+}
+
+type mmsghdr struct {
+	Hdr       msghdr
+	Len       uint32
+	Pad_cgo_0 [4]byte
+}
+
+type cmsghdr struct {
+	Len   uint64
+	Level int32
+	Type  int32
+}
+
+type sockaddrInet struct {
+	Family uint16
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	X__pad [8]uint8
+}
+
+type sockaddrInet6 struct {
+	Family   uint16
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+const (
+	sizeofIovec  = 0x10
+	sizeofMsghdr = 0x38
+
+	sizeofSockaddrInet  = 0x10
+	sizeofSockaddrInet6 = 0x1c
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_linux_mipsle.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_linux_mipsle.go
new file mode 100644
index 000000000..0c847bee7
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_linux_mipsle.go
@@ -0,0 +1,53 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_linux.go
+
+package socket
+
+type iovec struct {
+	Base *byte
+	Len  uint32
+}
+
+type msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Iov        *iovec
+	Iovlen     uint32
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type mmsghdr struct {
+	Hdr msghdr
+	Len uint32
+}
+
+type cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type sockaddrInet struct {
+	Family uint16
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	X__pad [8]uint8
+}
+
+type sockaddrInet6 struct {
+	Family   uint16
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+const (
+	sizeofIovec  = 0x8
+	sizeofMsghdr = 0x1c
+
+	sizeofSockaddrInet  = 0x10
+	sizeofSockaddrInet6 = 0x1c
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_linux_ppc64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_linux_ppc64.go
new file mode 100644
index 000000000..15e2aecaa
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_linux_ppc64.go
@@ -0,0 +1,56 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_linux.go
+
+package socket
+
+type iovec struct {
+	Base *byte
+	Len  uint64
+}
+
+type msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Pad_cgo_0  [4]byte
+	Iov        *iovec
+	Iovlen     uint64
+	Control    *byte
+	Controllen uint64
+	Flags      int32
+	Pad_cgo_1  [4]byte
+}
+
+type mmsghdr struct {
+	Hdr       msghdr
+	Len       uint32
+	Pad_cgo_0 [4]byte
+}
+
+type cmsghdr struct {
+	Len   uint64
+	Level int32
+	Type  int32
+}
+
+type sockaddrInet struct {
+	Family uint16
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	X__pad [8]uint8
+}
+
+type sockaddrInet6 struct {
+	Family   uint16
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+const (
+	sizeofIovec  = 0x10
+	sizeofMsghdr = 0x38
+
+	sizeofSockaddrInet  = 0x10
+	sizeofSockaddrInet6 = 0x1c
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_linux_ppc64le.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_linux_ppc64le.go
new file mode 100644
index 000000000..15e2aecaa
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_linux_ppc64le.go
@@ -0,0 +1,56 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_linux.go
+
+package socket
+
+type iovec struct {
+	Base *byte
+	Len  uint64
+}
+
+type msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Pad_cgo_0  [4]byte
+	Iov        *iovec
+	Iovlen     uint64
+	Control    *byte
+	Controllen uint64
+	Flags      int32
+	Pad_cgo_1  [4]byte
+}
+
+type mmsghdr struct {
+	Hdr       msghdr
+	Len       uint32
+	Pad_cgo_0 [4]byte
+}
+
+type cmsghdr struct {
+	Len   uint64
+	Level int32
+	Type  int32
+}
+
+type sockaddrInet struct {
+	Family uint16
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	X__pad [8]uint8
+}
+
+type sockaddrInet6 struct {
+	Family   uint16
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+const (
+	sizeofIovec  = 0x10
+	sizeofMsghdr = 0x38
+
+	sizeofSockaddrInet  = 0x10
+	sizeofSockaddrInet6 = 0x1c
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_linux_riscv64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_linux_riscv64.go
new file mode 100644
index 000000000..8640c03e4
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_linux_riscv64.go
@@ -0,0 +1,57 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_linux.go
+
+// +build riscv64
+
+package socket
+
+type iovec struct {
+	Base *byte
+	Len  uint64
+}
+
+type msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Iov        *iovec
+	Iovlen     uint64
+	Control    *byte
+	Controllen uint64
+	Flags      int32
+	Pad_cgo_0  [4]byte
+}
+
+type mmsghdr struct {
+	Hdr       msghdr
+	Len       uint32
+	Pad_cgo_0 [4]byte
+}
+
+type cmsghdr struct {
+	Len   uint64
+	Level int32
+	Type  int32
+}
+
+type sockaddrInet struct {
+	Family uint16
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	X__pad [8]uint8
+}
+
+type sockaddrInet6 struct {
+	Family   uint16
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+const (
+	sizeofIovec  = 0x10
+	sizeofMsghdr = 0x38
+
+	sizeofSockaddrInet  = 0x10
+	sizeofSockaddrInet6 = 0x1c
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_linux_s390x.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_linux_s390x.go
new file mode 100644
index 000000000..15e2aecaa
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_linux_s390x.go
@@ -0,0 +1,56 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_linux.go
+
+package socket
+
+type iovec struct {
+	Base *byte
+	Len  uint64
+}
+
+type msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Pad_cgo_0  [4]byte
+	Iov        *iovec
+	Iovlen     uint64
+	Control    *byte
+	Controllen uint64
+	Flags      int32
+	Pad_cgo_1  [4]byte
+}
+
+type mmsghdr struct {
+	Hdr       msghdr
+	Len       uint32
+	Pad_cgo_0 [4]byte
+}
+
+type cmsghdr struct {
+	Len   uint64
+	Level int32
+	Type  int32
+}
+
+type sockaddrInet struct {
+	Family uint16
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	X__pad [8]uint8
+}
+
+type sockaddrInet6 struct {
+	Family   uint16
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+const (
+	sizeofIovec  = 0x10
+	sizeofMsghdr = 0x38
+
+	sizeofSockaddrInet  = 0x10
+	sizeofSockaddrInet6 = 0x1c
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_netbsd_386.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_netbsd_386.go
new file mode 100644
index 000000000..6b72d24dd
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_netbsd_386.go
@@ -0,0 +1,55 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_netbsd.go
+
+package socket
+
+type iovec struct {
+	Base *byte
+	Len  uint32
+}
+
+type msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Iov        *iovec
+	Iovlen     int32
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type mmsghdr struct {
+	Hdr msghdr
+	Len uint32
+}
+
+type cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type sockaddrInet struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]int8
+}
+
+type sockaddrInet6 struct {
+	Len      uint8
+	Family   uint8
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+const (
+	sizeofIovec  = 0x8
+	sizeofMsghdr = 0x1c
+
+	sizeofSockaddrInet  = 0x10
+	sizeofSockaddrInet6 = 0x1c
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_netbsd_amd64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_netbsd_amd64.go
new file mode 100644
index 000000000..9aaa4ab1c
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_netbsd_amd64.go
@@ -0,0 +1,58 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_netbsd.go
+
+package socket
+
+type iovec struct {
+	Base *byte
+	Len  uint64
+}
+
+type msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Pad_cgo_0  [4]byte
+	Iov        *iovec
+	Iovlen     int32
+	Pad_cgo_1  [4]byte
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type mmsghdr struct {
+	Hdr       msghdr
+	Len       uint32
+	Pad_cgo_0 [4]byte
+}
+
+type cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type sockaddrInet struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]int8
+}
+
+type sockaddrInet6 struct {
+	Len      uint8
+	Family   uint8
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+const (
+	sizeofIovec  = 0x10
+	sizeofMsghdr = 0x30
+
+	sizeofSockaddrInet  = 0x10
+	sizeofSockaddrInet6 = 0x1c
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_netbsd_arm.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_netbsd_arm.go
new file mode 100644
index 000000000..6b72d24dd
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_netbsd_arm.go
@@ -0,0 +1,55 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_netbsd.go
+
+package socket
+
+type iovec struct {
+	Base *byte
+	Len  uint32
+}
+
+type msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Iov        *iovec
+	Iovlen     int32
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type mmsghdr struct {
+	Hdr msghdr
+	Len uint32
+}
+
+type cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type sockaddrInet struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]int8
+}
+
+type sockaddrInet6 struct {
+	Len      uint8
+	Family   uint8
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+const (
+	sizeofIovec  = 0x8
+	sizeofMsghdr = 0x1c
+
+	sizeofSockaddrInet  = 0x10
+	sizeofSockaddrInet6 = 0x1c
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_netbsd_arm64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_netbsd_arm64.go
new file mode 100644
index 000000000..9aaa4ab1c
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_netbsd_arm64.go
@@ -0,0 +1,58 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_netbsd.go
+
+package socket
+
+type iovec struct {
+	Base *byte
+	Len  uint64
+}
+
+type msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Pad_cgo_0  [4]byte
+	Iov        *iovec
+	Iovlen     int32
+	Pad_cgo_1  [4]byte
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type mmsghdr struct {
+	Hdr       msghdr
+	Len       uint32
+	Pad_cgo_0 [4]byte
+}
+
+type cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type sockaddrInet struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]int8
+}
+
+type sockaddrInet6 struct {
+	Len      uint8
+	Family   uint8
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+const (
+	sizeofIovec  = 0x10
+	sizeofMsghdr = 0x30
+
+	sizeofSockaddrInet  = 0x10
+	sizeofSockaddrInet6 = 0x1c
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_openbsd_386.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_openbsd_386.go
new file mode 100644
index 000000000..3ec8d42fe
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_openbsd_386.go
@@ -0,0 +1,50 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_openbsd.go
+
+package socket
+
+type iovec struct {
+	Base *byte
+	Len  uint32
+}
+
+type msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Iov        *iovec
+	Iovlen     uint32
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type sockaddrInet struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]int8
+}
+
+type sockaddrInet6 struct {
+	Len      uint8
+	Family   uint8
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+const (
+	sizeofIovec  = 0x8
+	sizeofMsghdr = 0x1c
+
+	sizeofSockaddrInet  = 0x10
+	sizeofSockaddrInet6 = 0x1c
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_openbsd_amd64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_openbsd_amd64.go
new file mode 100644
index 000000000..ea0ee008d
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_openbsd_amd64.go
@@ -0,0 +1,52 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_openbsd.go
+
+package socket
+
+type iovec struct {
+	Base *byte
+	Len  uint64
+}
+
+type msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Pad_cgo_0  [4]byte
+	Iov        *iovec
+	Iovlen     uint32
+	Pad_cgo_1  [4]byte
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type sockaddrInet struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]int8
+}
+
+type sockaddrInet6 struct {
+	Len      uint8
+	Family   uint8
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+const (
+	sizeofIovec  = 0x10
+	sizeofMsghdr = 0x30
+
+	sizeofSockaddrInet  = 0x10
+	sizeofSockaddrInet6 = 0x1c
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_openbsd_arm.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_openbsd_arm.go
new file mode 100644
index 000000000..3ec8d42fe
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_openbsd_arm.go
@@ -0,0 +1,50 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_openbsd.go
+
+package socket
+
+type iovec struct {
+	Base *byte
+	Len  uint32
+}
+
+type msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Iov        *iovec
+	Iovlen     uint32
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type sockaddrInet struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]int8
+}
+
+type sockaddrInet6 struct {
+	Len      uint8
+	Family   uint8
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+const (
+	sizeofIovec  = 0x8
+	sizeofMsghdr = 0x1c
+
+	sizeofSockaddrInet  = 0x10
+	sizeofSockaddrInet6 = 0x1c
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_openbsd_arm64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_openbsd_arm64.go
new file mode 100644
index 000000000..ea0ee008d
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_openbsd_arm64.go
@@ -0,0 +1,52 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_openbsd.go
+
+package socket
+
+type iovec struct {
+	Base *byte
+	Len  uint64
+}
+
+type msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Pad_cgo_0  [4]byte
+	Iov        *iovec
+	Iovlen     uint32
+	Pad_cgo_1  [4]byte
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type sockaddrInet struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]int8
+}
+
+type sockaddrInet6 struct {
+	Len      uint8
+	Family   uint8
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+const (
+	sizeofIovec  = 0x10
+	sizeofMsghdr = 0x30
+
+	sizeofSockaddrInet  = 0x10
+	sizeofSockaddrInet6 = 0x1c
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_solaris_amd64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_solaris_amd64.go
new file mode 100644
index 000000000..48b2b591f
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_solaris_amd64.go
@@ -0,0 +1,51 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_solaris.go
+
+package socket
+
+type iovec struct {
+	Base *int8
+	Len  uint64
+}
+
+type msghdr struct {
+	Name         *byte
+	Namelen      uint32
+	Pad_cgo_0    [4]byte
+	Iov          *iovec
+	Iovlen       int32
+	Pad_cgo_1    [4]byte
+	Accrights    *int8
+	Accrightslen int32
+	Pad_cgo_2    [4]byte
+}
+
+type cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type sockaddrInet struct {
+	Family uint16
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]int8
+}
+
+type sockaddrInet6 struct {
+	Family         uint16
+	Port           uint16
+	Flowinfo       uint32
+	Addr           [16]byte /* in6_addr */
+	Scope_id       uint32
+	X__sin6_src_id uint32
+}
+
+const (
+	sizeofIovec  = 0x10
+	sizeofMsghdr = 0x30
+
+	sizeofSockaddrInet  = 0x10
+	sizeofSockaddrInet6 = 0x20
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_zos_s390x.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_zos_s390x.go
new file mode 100644
index 000000000..514ca3754
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socket/zsys_zos_s390x.go
@@ -0,0 +1,32 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package socket
+
+type iovec struct {
+	Base *byte
+	Len  uint64
+}
+
+type msghdr struct {
+	Name       *byte
+	Iov        *iovec
+	Control    *byte
+	Flags      int32
+	Namelen    uint32
+	Iovlen     int32
+	Controllen uint32
+}
+
+type cmsghdr struct {
+	Len   int32
+	Level int32
+	Type  int32
+}
+
+const (
+	sizeofCmsghdr       = 12
+	sizeofSockaddrInet  = 16
+	sizeofSockaddrInet6 = 28
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socks/client.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socks/client.go
new file mode 100644
index 000000000..3d6f516a5
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socks/client.go
@@ -0,0 +1,168 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package socks
+
+import (
+	"context"
+	"errors"
+	"io"
+	"net"
+	"strconv"
+	"time"
+)
+
+var (
+	noDeadline   = time.Time{}
+	aLongTimeAgo = time.Unix(1, 0)
+)
+
+func (d *Dialer) connect(ctx context.Context, c net.Conn, address string) (_ net.Addr, ctxErr error) {
+	host, port, err := splitHostPort(address)
+	if err != nil {
+		return nil, err
+	}
+	if deadline, ok := ctx.Deadline(); ok && !deadline.IsZero() {
+		c.SetDeadline(deadline)
+		defer c.SetDeadline(noDeadline)
+	}
+	if ctx != context.Background() {
+		errCh := make(chan error, 1)
+		done := make(chan struct{})
+		defer func() {
+			close(done)
+			if ctxErr == nil {
+				ctxErr = <-errCh
+			}
+		}()
+		go func() {
+			select {
+			case <-ctx.Done():
+				c.SetDeadline(aLongTimeAgo)
+				errCh <- ctx.Err()
+			case <-done:
+				errCh <- nil
+			}
+		}()
+	}
+
+	b := make([]byte, 0, 6+len(host)) // the size here is just an estimate
+	b = append(b, Version5)
+	if len(d.AuthMethods) == 0 || d.Authenticate == nil {
+		b = append(b, 1, byte(AuthMethodNotRequired))
+	} else {
+		ams := d.AuthMethods
+		if len(ams) > 255 {
+			return nil, errors.New("too many authentication methods")
+		}
+		b = append(b, byte(len(ams)))
+		for _, am := range ams {
+			b = append(b, byte(am))
+		}
+	}
+	if _, ctxErr = c.Write(b); ctxErr != nil {
+		return
+	}
+
+	if _, ctxErr = io.ReadFull(c, b[:2]); ctxErr != nil {
+		return
+	}
+	if b[0] != Version5 {
+		return nil, errors.New("unexpected protocol version " + strconv.Itoa(int(b[0])))
+	}
+	am := AuthMethod(b[1])
+	if am == AuthMethodNoAcceptableMethods {
+		return nil, errors.New("no acceptable authentication methods")
+	}
+	if d.Authenticate != nil {
+		if ctxErr = d.Authenticate(ctx, c, am); ctxErr != nil {
+			return
+		}
+	}
+
+	b = b[:0]
+	b = append(b, Version5, byte(d.cmd), 0)
+	if ip := net.ParseIP(host); ip != nil {
+		if ip4 := ip.To4(); ip4 != nil {
+			b = append(b, AddrTypeIPv4)
+			b = append(b, ip4...)
+		} else if ip6 := ip.To16(); ip6 != nil {
+			b = append(b, AddrTypeIPv6)
+			b = append(b, ip6...)
+		} else {
+			return nil, errors.New("unknown address type")
+		}
+	} else {
+		if len(host) > 255 {
+			return nil, errors.New("FQDN too long")
+		}
+		b = append(b, AddrTypeFQDN)
+		b = append(b, byte(len(host)))
+		b = append(b, host...)
+	}
+	b = append(b, byte(port>>8), byte(port))
+	if _, ctxErr = c.Write(b); ctxErr != nil {
+		return
+	}
+
+	if _, ctxErr = io.ReadFull(c, b[:4]); ctxErr != nil {
+		return
+	}
+	if b[0] != Version5 {
+		return nil, errors.New("unexpected protocol version " + strconv.Itoa(int(b[0])))
+	}
+	if cmdErr := Reply(b[1]); cmdErr != StatusSucceeded {
+		return nil, errors.New("unknown error " + cmdErr.String())
+	}
+	if b[2] != 0 {
+		return nil, errors.New("non-zero reserved field")
+	}
+	l := 2
+	var a Addr
+	switch b[3] {
+	case AddrTypeIPv4:
+		l += net.IPv4len
+		a.IP = make(net.IP, net.IPv4len)
+	case AddrTypeIPv6:
+		l += net.IPv6len
+		a.IP = make(net.IP, net.IPv6len)
+	case AddrTypeFQDN:
+		if _, err := io.ReadFull(c, b[:1]); err != nil {
+			return nil, err
+		}
+		l += int(b[0])
+	default:
+		return nil, errors.New("unknown address type " + strconv.Itoa(int(b[3])))
+	}
+	if cap(b) < l {
+		b = make([]byte, l)
+	} else {
+		b = b[:l]
+	}
+	if _, ctxErr = io.ReadFull(c, b); ctxErr != nil {
+		return
+	}
+	if a.IP != nil {
+		copy(a.IP, b)
+	} else {
+		a.Name = string(b[:len(b)-2])
+	}
+	a.Port = int(b[len(b)-2])<<8 | int(b[len(b)-1])
+	return &a, nil
+}
+
+func splitHostPort(address string) (string, int, error) {
+	host, port, err := net.SplitHostPort(address)
+	if err != nil {
+		return "", 0, err
+	}
+	portnum, err := strconv.Atoi(port)
+	if err != nil {
+		return "", 0, err
+	}
+	if 1 > portnum || portnum > 0xffff {
+		return "", 0, errors.New("port number out of range " + port)
+	}
+	return host, portnum, nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socks/socks.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socks/socks.go
new file mode 100644
index 000000000..97db2340e
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/internal/socks/socks.go
@@ -0,0 +1,317 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package socks provides a SOCKS version 5 client implementation.
+//
+// SOCKS protocol version 5 is defined in RFC 1928.
+// Username/Password authentication for SOCKS version 5 is defined in
+// RFC 1929.
+package socks
+
+import (
+	"context"
+	"errors"
+	"io"
+	"net"
+	"strconv"
+)
+
+// A Command represents a SOCKS command.
+type Command int
+
+func (cmd Command) String() string {
+	switch cmd {
+	case CmdConnect:
+		return "socks connect"
+	case cmdBind:
+		return "socks bind"
+	default:
+		return "socks " + strconv.Itoa(int(cmd))
+	}
+}
+
+// An AuthMethod represents a SOCKS authentication method.
+type AuthMethod int
+
+// A Reply represents a SOCKS command reply code.
+type Reply int
+
+func (code Reply) String() string {
+	switch code {
+	case StatusSucceeded:
+		return "succeeded"
+	case 0x01:
+		return "general SOCKS server failure"
+	case 0x02:
+		return "connection not allowed by ruleset"
+	case 0x03:
+		return "network unreachable"
+	case 0x04:
+		return "host unreachable"
+	case 0x05:
+		return "connection refused"
+	case 0x06:
+		return "TTL expired"
+	case 0x07:
+		return "command not supported"
+	case 0x08:
+		return "address type not supported"
+	default:
+		return "unknown code: " + strconv.Itoa(int(code))
+	}
+}
+
+// Wire protocol constants.
+const (
+	Version5 = 0x05
+
+	AddrTypeIPv4 = 0x01
+	AddrTypeFQDN = 0x03
+	AddrTypeIPv6 = 0x04
+
+	CmdConnect Command = 0x01 // establishes an active-open forward proxy connection
+	cmdBind    Command = 0x02 // establishes a passive-open forward proxy connection
+
+	AuthMethodNotRequired         AuthMethod = 0x00 // no authentication required
+	AuthMethodUsernamePassword    AuthMethod = 0x02 // use username/password
+	AuthMethodNoAcceptableMethods AuthMethod = 0xff // no acceptable authentication methods
+
+	StatusSucceeded Reply = 0x00
+)
+
+// An Addr represents a SOCKS-specific address.
+// Either Name or IP is used exclusively.
+type Addr struct {
+	Name string // fully-qualified domain name
+	IP   net.IP
+	Port int
+}
+
+func (a *Addr) Network() string { return "socks" }
+
+func (a *Addr) String() string {
+	if a == nil {
+		return "<nil>"
+	}
+	port := strconv.Itoa(a.Port)
+	if a.IP == nil {
+		return net.JoinHostPort(a.Name, port)
+	}
+	return net.JoinHostPort(a.IP.String(), port)
+}
+
+// A Conn represents a forward proxy connection.
+type Conn struct {
+	net.Conn
+
+	boundAddr net.Addr
+}
+
+// BoundAddr returns the address assigned by the proxy server for
+// connecting to the command target address from the proxy server.
+func (c *Conn) BoundAddr() net.Addr {
+	if c == nil {
+		return nil
+	}
+	return c.boundAddr
+}
+
+// A Dialer holds SOCKS-specific options.
+type Dialer struct {
+	cmd          Command // either CmdConnect or cmdBind
+	proxyNetwork string  // network between a proxy server and a client
+	proxyAddress string  // proxy server address
+
+	// ProxyDial specifies the optional dial function for
+	// establishing the transport connection.
+	ProxyDial func(context.Context, string, string) (net.Conn, error)
+
+	// AuthMethods specifies the list of request authentication
+	// methods.
+	// If empty, SOCKS client requests only AuthMethodNotRequired.
+	AuthMethods []AuthMethod
+
+	// Authenticate specifies the optional authentication
+	// function. It must be non-nil when AuthMethods is not empty.
+	// It must return an error when the authentication is failed.
+	Authenticate func(context.Context, io.ReadWriter, AuthMethod) error
+}
+
+// DialContext connects to the provided address on the provided
+// network.
+//
+// The returned error value may be a net.OpError. When the Op field of
+// net.OpError contains "socks", the Source field contains a proxy
+// server address and the Addr field contains a command target
+// address.
+//
+// See func Dial of the net package of standard library for a
+// description of the network and address parameters.
+func (d *Dialer) DialContext(ctx context.Context, network, address string) (net.Conn, error) {
+	if err := d.validateTarget(network, address); err != nil {
+		proxy, dst, _ := d.pathAddrs(address)
+		return nil, &net.OpError{Op: d.cmd.String(), Net: network, Source: proxy, Addr: dst, Err: err}
+	}
+	if ctx == nil {
+		proxy, dst, _ := d.pathAddrs(address)
+		return nil, &net.OpError{Op: d.cmd.String(), Net: network, Source: proxy, Addr: dst, Err: errors.New("nil context")}
+	}
+	var err error
+	var c net.Conn
+	if d.ProxyDial != nil {
+		c, err = d.ProxyDial(ctx, d.proxyNetwork, d.proxyAddress)
+	} else {
+		var dd net.Dialer
+		c, err = dd.DialContext(ctx, d.proxyNetwork, d.proxyAddress)
+	}
+	if err != nil {
+		proxy, dst, _ := d.pathAddrs(address)
+		return nil, &net.OpError{Op: d.cmd.String(), Net: network, Source: proxy, Addr: dst, Err: err}
+	}
+	a, err := d.connect(ctx, c, address)
+	if err != nil {
+		c.Close()
+		proxy, dst, _ := d.pathAddrs(address)
+		return nil, &net.OpError{Op: d.cmd.String(), Net: network, Source: proxy, Addr: dst, Err: err}
+	}
+	return &Conn{Conn: c, boundAddr: a}, nil
+}
+
+// DialWithConn initiates a connection from SOCKS server to the target
+// network and address using the connection c that is already
+// connected to the SOCKS server.
+//
+// It returns the connection's local address assigned by the SOCKS
+// server.
+func (d *Dialer) DialWithConn(ctx context.Context, c net.Conn, network, address string) (net.Addr, error) {
+	if err := d.validateTarget(network, address); err != nil {
+		proxy, dst, _ := d.pathAddrs(address)
+		return nil, &net.OpError{Op: d.cmd.String(), Net: network, Source: proxy, Addr: dst, Err: err}
+	}
+	if ctx == nil {
+		proxy, dst, _ := d.pathAddrs(address)
+		return nil, &net.OpError{Op: d.cmd.String(), Net: network, Source: proxy, Addr: dst, Err: errors.New("nil context")}
+	}
+	a, err := d.connect(ctx, c, address)
+	if err != nil {
+		proxy, dst, _ := d.pathAddrs(address)
+		return nil, &net.OpError{Op: d.cmd.String(), Net: network, Source: proxy, Addr: dst, Err: err}
+	}
+	return a, nil
+}
+
+// Dial connects to the provided address on the provided network.
+//
+// Unlike DialContext, it returns a raw transport connection instead
+// of a forward proxy connection.
+//
+// Deprecated: Use DialContext or DialWithConn instead.
+func (d *Dialer) Dial(network, address string) (net.Conn, error) {
+	if err := d.validateTarget(network, address); err != nil {
+		proxy, dst, _ := d.pathAddrs(address)
+		return nil, &net.OpError{Op: d.cmd.String(), Net: network, Source: proxy, Addr: dst, Err: err}
+	}
+	var err error
+	var c net.Conn
+	if d.ProxyDial != nil {
+		c, err = d.ProxyDial(context.Background(), d.proxyNetwork, d.proxyAddress)
+	} else {
+		c, err = net.Dial(d.proxyNetwork, d.proxyAddress)
+	}
+	if err != nil {
+		proxy, dst, _ := d.pathAddrs(address)
+		return nil, &net.OpError{Op: d.cmd.String(), Net: network, Source: proxy, Addr: dst, Err: err}
+	}
+	if _, err := d.DialWithConn(context.Background(), c, network, address); err != nil {
+		c.Close()
+		return nil, err
+	}
+	return c, nil
+}
+
+func (d *Dialer) validateTarget(network, address string) error {
+	switch network {
+	case "tcp", "tcp6", "tcp4":
+	default:
+		return errors.New("network not implemented")
+	}
+	switch d.cmd {
+	case CmdConnect, cmdBind:
+	default:
+		return errors.New("command not implemented")
+	}
+	return nil
+}
+
+func (d *Dialer) pathAddrs(address string) (proxy, dst net.Addr, err error) {
+	for i, s := range []string{d.proxyAddress, address} {
+		host, port, err := splitHostPort(s)
+		if err != nil {
+			return nil, nil, err
+		}
+		a := &Addr{Port: port}
+		a.IP = net.ParseIP(host)
+		if a.IP == nil {
+			a.Name = host
+		}
+		if i == 0 {
+			proxy = a
+		} else {
+			dst = a
+		}
+	}
+	return
+}
+
+// NewDialer returns a new Dialer that dials through the provided
+// proxy server's network and address.
+func NewDialer(network, address string) *Dialer {
+	return &Dialer{proxyNetwork: network, proxyAddress: address, cmd: CmdConnect}
+}
+
+const (
+	authUsernamePasswordVersion = 0x01
+	authStatusSucceeded         = 0x00
+)
+
+// UsernamePassword are the credentials for the username/password
+// authentication method.
+type UsernamePassword struct {
+	Username string
+	Password string
+}
+
+// Authenticate authenticates a pair of username and password with the
+// proxy server.
+func (up *UsernamePassword) Authenticate(ctx context.Context, rw io.ReadWriter, auth AuthMethod) error {
+	switch auth {
+	case AuthMethodNotRequired:
+		return nil
+	case AuthMethodUsernamePassword:
+		if len(up.Username) == 0 || len(up.Username) > 255 || len(up.Password) == 0 || len(up.Password) > 255 {
+			return errors.New("invalid username/password")
+		}
+		b := []byte{authUsernamePasswordVersion}
+		b = append(b, byte(len(up.Username)))
+		b = append(b, up.Username...)
+		b = append(b, byte(len(up.Password)))
+		b = append(b, up.Password...)
+		// TODO(mikio): handle IO deadlines and cancelation if
+		// necessary
+		if _, err := rw.Write(b); err != nil {
+			return err
+		}
+		if _, err := io.ReadFull(rw, b[:2]); err != nil {
+			return err
+		}
+		if b[0] != authUsernamePasswordVersion {
+			return errors.New("invalid username/password version")
+		}
+		if b[1] != authStatusSucceeded {
+			return errors.New("username/password authentication failed")
+		}
+		return nil
+	}
+	return errors.New("unsupported authentication method " + strconv.Itoa(int(auth)))
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/batch.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/batch.go
new file mode 100644
index 000000000..1a3a4fc0c
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/batch.go
@@ -0,0 +1,194 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package ipv4
+
+import (
+	"net"
+	"runtime"
+
+	"golang.org/x/net/internal/socket"
+)
+
+// BUG(mikio): On Windows, the ReadBatch and WriteBatch methods of
+// PacketConn are not implemented.
+
+// BUG(mikio): On Windows, the ReadBatch and WriteBatch methods of
+// RawConn are not implemented.
+
+// A Message represents an IO message.
+//
+//	type Message struct {
+//		Buffers [][]byte
+//		OOB     []byte
+//		Addr    net.Addr
+//		N       int
+//		NN      int
+//		Flags   int
+//	}
+//
+// The Buffers fields represents a list of contiguous buffers, which
+// can be used for vectored IO, for example, putting a header and a
+// payload in each slice.
+// When writing, the Buffers field must contain at least one byte to
+// write.
+// When reading, the Buffers field will always contain a byte to read.
+//
+// The OOB field contains protocol-specific control or miscellaneous
+// ancillary data known as out-of-band data.
+// It can be nil when not required.
+//
+// The Addr field specifies a destination address when writing.
+// It can be nil when the underlying protocol of the endpoint uses
+// connection-oriented communication.
+// After a successful read, it may contain the source address on the
+// received packet.
+//
+// The N field indicates the number of bytes read or written from/to
+// Buffers.
+//
+// The NN field indicates the number of bytes read or written from/to
+// OOB.
+//
+// The Flags field contains protocol-specific information on the
+// received message.
+type Message = socket.Message
+
+// ReadBatch reads a batch of messages.
+//
+// The provided flags is a set of platform-dependent flags, such as
+// syscall.MSG_PEEK.
+//
+// On a successful read it returns the number of messages received, up
+// to len(ms).
+//
+// On Linux, a batch read will be optimized.
+// On other platforms, this method will read only a single message.
+//
+// Unlike the ReadFrom method, it doesn't strip the IPv4 header
+// followed by option headers from the received IPv4 datagram when the
+// underlying transport is net.IPConn. Each Buffers field of Message
+// must be large enough to accommodate an IPv4 header and option
+// headers.
+func (c *payloadHandler) ReadBatch(ms []Message, flags int) (int, error) {
+	if !c.ok() {
+		return 0, errInvalidConn
+	}
+	switch runtime.GOOS {
+	case "linux":
+		n, err := c.RecvMsgs([]socket.Message(ms), flags)
+		if err != nil {
+			err = &net.OpError{Op: "read", Net: c.PacketConn.LocalAddr().Network(), Source: c.PacketConn.LocalAddr(), Err: err}
+		}
+		return n, err
+	default:
+		n := 1
+		err := c.RecvMsg(&ms[0], flags)
+		if err != nil {
+			n = 0
+			err = &net.OpError{Op: "read", Net: c.PacketConn.LocalAddr().Network(), Source: c.PacketConn.LocalAddr(), Err: err}
+		}
+		if compatFreeBSD32 && ms[0].NN > 0 {
+			adjustFreeBSD32(&ms[0])
+		}
+		return n, err
+	}
+}
+
+// WriteBatch writes a batch of messages.
+//
+// The provided flags is a set of platform-dependent flags, such as
+// syscall.MSG_DONTROUTE.
+//
+// It returns the number of messages written on a successful write.
+//
+// On Linux, a batch write will be optimized.
+// On other platforms, this method will write only a single message.
+func (c *payloadHandler) WriteBatch(ms []Message, flags int) (int, error) {
+	if !c.ok() {
+		return 0, errInvalidConn
+	}
+	switch runtime.GOOS {
+	case "linux":
+		n, err := c.SendMsgs([]socket.Message(ms), flags)
+		if err != nil {
+			err = &net.OpError{Op: "write", Net: c.PacketConn.LocalAddr().Network(), Source: c.PacketConn.LocalAddr(), Err: err}
+		}
+		return n, err
+	default:
+		n := 1
+		err := c.SendMsg(&ms[0], flags)
+		if err != nil {
+			n = 0
+			err = &net.OpError{Op: "write", Net: c.PacketConn.LocalAddr().Network(), Source: c.PacketConn.LocalAddr(), Err: err}
+		}
+		return n, err
+	}
+}
+
+// ReadBatch reads a batch of messages.
+//
+// The provided flags is a set of platform-dependent flags, such as
+// syscall.MSG_PEEK.
+//
+// On a successful read it returns the number of messages received, up
+// to len(ms).
+//
+// On Linux, a batch read will be optimized.
+// On other platforms, this method will read only a single message.
+func (c *packetHandler) ReadBatch(ms []Message, flags int) (int, error) {
+	if !c.ok() {
+		return 0, errInvalidConn
+	}
+	switch runtime.GOOS {
+	case "linux":
+		n, err := c.RecvMsgs([]socket.Message(ms), flags)
+		if err != nil {
+			err = &net.OpError{Op: "read", Net: c.IPConn.LocalAddr().Network(), Source: c.IPConn.LocalAddr(), Err: err}
+		}
+		return n, err
+	default:
+		n := 1
+		err := c.RecvMsg(&ms[0], flags)
+		if err != nil {
+			n = 0
+			err = &net.OpError{Op: "read", Net: c.IPConn.LocalAddr().Network(), Source: c.IPConn.LocalAddr(), Err: err}
+		}
+		if compatFreeBSD32 && ms[0].NN > 0 {
+			adjustFreeBSD32(&ms[0])
+		}
+		return n, err
+	}
+}
+
+// WriteBatch writes a batch of messages.
+//
+// The provided flags is a set of platform-dependent flags, such as
+// syscall.MSG_DONTROUTE.
+//
+// It returns the number of messages written on a successful write.
+//
+// On Linux, a batch write will be optimized.
+// On other platforms, this method will write only a single message.
+func (c *packetHandler) WriteBatch(ms []Message, flags int) (int, error) {
+	if !c.ok() {
+		return 0, errInvalidConn
+	}
+	switch runtime.GOOS {
+	case "linux":
+		n, err := c.SendMsgs([]socket.Message(ms), flags)
+		if err != nil {
+			err = &net.OpError{Op: "write", Net: c.IPConn.LocalAddr().Network(), Source: c.IPConn.LocalAddr(), Err: err}
+		}
+		return n, err
+	default:
+		n := 1
+		err := c.SendMsg(&ms[0], flags)
+		if err != nil {
+			n = 0
+			err = &net.OpError{Op: "write", Net: c.IPConn.LocalAddr().Network(), Source: c.IPConn.LocalAddr(), Err: err}
+		}
+		return n, err
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/control.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/control.go
new file mode 100644
index 000000000..a2b02ca95
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/control.go
@@ -0,0 +1,144 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package ipv4
+
+import (
+	"fmt"
+	"net"
+	"sync"
+
+	"golang.org/x/net/internal/iana"
+	"golang.org/x/net/internal/socket"
+)
+
+type rawOpt struct {
+	sync.RWMutex
+	cflags ControlFlags
+}
+
+func (c *rawOpt) set(f ControlFlags)        { c.cflags |= f }
+func (c *rawOpt) clear(f ControlFlags)      { c.cflags &^= f }
+func (c *rawOpt) isset(f ControlFlags) bool { return c.cflags&f != 0 }
+
+type ControlFlags uint
+
+const (
+	FlagTTL       ControlFlags = 1 << iota // pass the TTL on the received packet
+	FlagSrc                                // pass the source address on the received packet
+	FlagDst                                // pass the destination address on the received packet
+	FlagInterface                          // pass the interface index on the received packet
+)
+
+// A ControlMessage represents per packet basis IP-level socket options.
+type ControlMessage struct {
+	// Receiving socket options: SetControlMessage allows to
+	// receive the options from the protocol stack using ReadFrom
+	// method of PacketConn or RawConn.
+	//
+	// Specifying socket options: ControlMessage for WriteTo
+	// method of PacketConn or RawConn allows to send the options
+	// to the protocol stack.
+	//
+	TTL     int    // time-to-live, receiving only
+	Src     net.IP // source address, specifying only
+	Dst     net.IP // destination address, receiving only
+	IfIndex int    // interface index, must be 1 <= value when specifying
+}
+
+func (cm *ControlMessage) String() string {
+	if cm == nil {
+		return "<nil>"
+	}
+	return fmt.Sprintf("ttl=%d src=%v dst=%v ifindex=%d", cm.TTL, cm.Src, cm.Dst, cm.IfIndex)
+}
+
+// Marshal returns the binary encoding of cm.
+func (cm *ControlMessage) Marshal() []byte {
+	if cm == nil {
+		return nil
+	}
+	var m socket.ControlMessage
+	if ctlOpts[ctlPacketInfo].name > 0 && (cm.Src.To4() != nil || cm.IfIndex > 0) {
+		m = socket.NewControlMessage([]int{ctlOpts[ctlPacketInfo].length})
+	}
+	if len(m) > 0 {
+		ctlOpts[ctlPacketInfo].marshal(m, cm)
+	}
+	return m
+}
+
+// Parse parses b as a control message and stores the result in cm.
+func (cm *ControlMessage) Parse(b []byte) error {
+	ms, err := socket.ControlMessage(b).Parse()
+	if err != nil {
+		return err
+	}
+	for _, m := range ms {
+		lvl, typ, l, err := m.ParseHeader()
+		if err != nil {
+			return err
+		}
+		if lvl != iana.ProtocolIP {
+			continue
+		}
+		switch {
+		case typ == ctlOpts[ctlTTL].name && l >= ctlOpts[ctlTTL].length:
+			ctlOpts[ctlTTL].parse(cm, m.Data(l))
+		case typ == ctlOpts[ctlDst].name && l >= ctlOpts[ctlDst].length:
+			ctlOpts[ctlDst].parse(cm, m.Data(l))
+		case typ == ctlOpts[ctlInterface].name && l >= ctlOpts[ctlInterface].length:
+			ctlOpts[ctlInterface].parse(cm, m.Data(l))
+		case typ == ctlOpts[ctlPacketInfo].name && l >= ctlOpts[ctlPacketInfo].length:
+			ctlOpts[ctlPacketInfo].parse(cm, m.Data(l))
+		}
+	}
+	return nil
+}
+
+// NewControlMessage returns a new control message.
+//
+// The returned message is large enough for options specified by cf.
+func NewControlMessage(cf ControlFlags) []byte {
+	opt := rawOpt{cflags: cf}
+	var l int
+	if opt.isset(FlagTTL) && ctlOpts[ctlTTL].name > 0 {
+		l += socket.ControlMessageSpace(ctlOpts[ctlTTL].length)
+	}
+	if ctlOpts[ctlPacketInfo].name > 0 {
+		if opt.isset(FlagSrc | FlagDst | FlagInterface) {
+			l += socket.ControlMessageSpace(ctlOpts[ctlPacketInfo].length)
+		}
+	} else {
+		if opt.isset(FlagDst) && ctlOpts[ctlDst].name > 0 {
+			l += socket.ControlMessageSpace(ctlOpts[ctlDst].length)
+		}
+		if opt.isset(FlagInterface) && ctlOpts[ctlInterface].name > 0 {
+			l += socket.ControlMessageSpace(ctlOpts[ctlInterface].length)
+		}
+	}
+	var b []byte
+	if l > 0 {
+		b = make([]byte, l)
+	}
+	return b
+}
+
+// Ancillary data socket options
+const (
+	ctlTTL        = iota // header field
+	ctlSrc               // header field
+	ctlDst               // header field
+	ctlInterface         // inbound or outbound interface
+	ctlPacketInfo        // inbound or outbound packet path
+	ctlMax
+)
+
+// A ctlOpt represents a binding for ancillary data socket option.
+type ctlOpt struct {
+	name    int // option name, must be equal or greater than 1
+	length  int // option length
+	marshal func([]byte, *ControlMessage) []byte
+	parse   func(*ControlMessage, []byte)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/control_bsd.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/control_bsd.go
new file mode 100644
index 000000000..69c4f553c
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/control_bsd.go
@@ -0,0 +1,41 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build aix darwin dragonfly freebsd netbsd openbsd
+
+package ipv4
+
+import (
+	"net"
+	"syscall"
+	"unsafe"
+
+	"golang.org/x/net/internal/iana"
+	"golang.org/x/net/internal/socket"
+)
+
+func marshalDst(b []byte, cm *ControlMessage) []byte {
+	m := socket.ControlMessage(b)
+	m.MarshalHeader(iana.ProtocolIP, sysIP_RECVDSTADDR, net.IPv4len)
+	return m.Next(net.IPv4len)
+}
+
+func parseDst(cm *ControlMessage, b []byte) {
+	if len(cm.Dst) < net.IPv4len {
+		cm.Dst = make(net.IP, net.IPv4len)
+	}
+	copy(cm.Dst, b[:net.IPv4len])
+}
+
+func marshalInterface(b []byte, cm *ControlMessage) []byte {
+	m := socket.ControlMessage(b)
+	m.MarshalHeader(iana.ProtocolIP, sysIP_RECVIF, syscall.SizeofSockaddrDatalink)
+	return m.Next(syscall.SizeofSockaddrDatalink)
+}
+
+func parseInterface(cm *ControlMessage, b []byte) {
+	var sadl syscall.SockaddrDatalink
+	copy((*[unsafe.Sizeof(sadl)]byte)(unsafe.Pointer(&sadl))[:], b)
+	cm.IfIndex = int(sadl.Index)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/control_pktinfo.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/control_pktinfo.go
new file mode 100644
index 000000000..425338f35
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/control_pktinfo.go
@@ -0,0 +1,39 @@
+// Copyright 2014 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build darwin linux solaris
+
+package ipv4
+
+import (
+	"net"
+	"unsafe"
+
+	"golang.org/x/net/internal/iana"
+	"golang.org/x/net/internal/socket"
+)
+
+func marshalPacketInfo(b []byte, cm *ControlMessage) []byte {
+	m := socket.ControlMessage(b)
+	m.MarshalHeader(iana.ProtocolIP, sysIP_PKTINFO, sizeofInetPktinfo)
+	if cm != nil {
+		pi := (*inetPktinfo)(unsafe.Pointer(&m.Data(sizeofInetPktinfo)[0]))
+		if ip := cm.Src.To4(); ip != nil {
+			copy(pi.Spec_dst[:], ip)
+		}
+		if cm.IfIndex > 0 {
+			pi.setIfindex(cm.IfIndex)
+		}
+	}
+	return m.Next(sizeofInetPktinfo)
+}
+
+func parsePacketInfo(cm *ControlMessage, b []byte) {
+	pi := (*inetPktinfo)(unsafe.Pointer(&b[0]))
+	cm.IfIndex = int(pi.Ifindex)
+	if len(cm.Dst) < net.IPv4len {
+		cm.Dst = make(net.IP, net.IPv4len)
+	}
+	copy(cm.Dst, pi.Addr[:])
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/control_stub.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/control_stub.go
new file mode 100644
index 000000000..9d8253479
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/control_stub.go
@@ -0,0 +1,13 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !aix,!darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd,!solaris,!windows,!zos
+
+package ipv4
+
+import "golang.org/x/net/internal/socket"
+
+func setControlMessage(c *socket.Conn, opt *rawOpt, cf ControlFlags, on bool) error {
+	return errNotImplemented
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/control_unix.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/control_unix.go
new file mode 100644
index 000000000..b27fa4903
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/control_unix.go
@@ -0,0 +1,73 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
+
+package ipv4
+
+import (
+	"unsafe"
+
+	"golang.org/x/net/internal/iana"
+	"golang.org/x/net/internal/socket"
+)
+
+func setControlMessage(c *socket.Conn, opt *rawOpt, cf ControlFlags, on bool) error {
+	opt.Lock()
+	defer opt.Unlock()
+	if so, ok := sockOpts[ssoReceiveTTL]; ok && cf&FlagTTL != 0 {
+		if err := so.SetInt(c, boolint(on)); err != nil {
+			return err
+		}
+		if on {
+			opt.set(FlagTTL)
+		} else {
+			opt.clear(FlagTTL)
+		}
+	}
+	if so, ok := sockOpts[ssoPacketInfo]; ok {
+		if cf&(FlagSrc|FlagDst|FlagInterface) != 0 {
+			if err := so.SetInt(c, boolint(on)); err != nil {
+				return err
+			}
+			if on {
+				opt.set(cf & (FlagSrc | FlagDst | FlagInterface))
+			} else {
+				opt.clear(cf & (FlagSrc | FlagDst | FlagInterface))
+			}
+		}
+	} else {
+		if so, ok := sockOpts[ssoReceiveDst]; ok && cf&FlagDst != 0 {
+			if err := so.SetInt(c, boolint(on)); err != nil {
+				return err
+			}
+			if on {
+				opt.set(FlagDst)
+			} else {
+				opt.clear(FlagDst)
+			}
+		}
+		if so, ok := sockOpts[ssoReceiveInterface]; ok && cf&FlagInterface != 0 {
+			if err := so.SetInt(c, boolint(on)); err != nil {
+				return err
+			}
+			if on {
+				opt.set(FlagInterface)
+			} else {
+				opt.clear(FlagInterface)
+			}
+		}
+	}
+	return nil
+}
+
+func marshalTTL(b []byte, cm *ControlMessage) []byte {
+	m := socket.ControlMessage(b)
+	m.MarshalHeader(iana.ProtocolIP, sysIP_RECVTTL, 1)
+	return m.Next(1)
+}
+
+func parseTTL(cm *ControlMessage, b []byte) {
+	cm.TTL = int(*(*byte)(unsafe.Pointer(&b[:1][0])))
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/control_windows.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/control_windows.go
new file mode 100644
index 000000000..82c630642
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/control_windows.go
@@ -0,0 +1,12 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package ipv4
+
+import "golang.org/x/net/internal/socket"
+
+func setControlMessage(c *socket.Conn, opt *rawOpt, cf ControlFlags, on bool) error {
+	// TODO(mikio): implement this
+	return errNotImplemented
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/control_zos.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/control_zos.go
new file mode 100644
index 000000000..04420003e
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/control_zos.go
@@ -0,0 +1,86 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package ipv4
+
+import (
+	"net"
+	"unsafe"
+
+	"golang.org/x/net/internal/iana"
+	"golang.org/x/net/internal/socket"
+)
+
+func marshalPacketInfo(b []byte, cm *ControlMessage) []byte {
+	m := socket.ControlMessage(b)
+	m.MarshalHeader(iana.ProtocolIP, sysIP_PKTINFO, sizeofInetPktinfo)
+	if cm != nil {
+		pi := (*inetPktinfo)(unsafe.Pointer(&m.Data(sizeofInetPktinfo)[0]))
+		if ip := cm.Src.To4(); ip != nil {
+			copy(pi.Addr[:], ip)
+		}
+		if cm.IfIndex > 0 {
+			pi.setIfindex(cm.IfIndex)
+		}
+	}
+	return m.Next(sizeofInetPktinfo)
+}
+
+func parsePacketInfo(cm *ControlMessage, b []byte) {
+	pi := (*inetPktinfo)(unsafe.Pointer(&b[0]))
+	cm.IfIndex = int(pi.Ifindex)
+	if len(cm.Dst) < net.IPv4len {
+		cm.Dst = make(net.IP, net.IPv4len)
+	}
+	copy(cm.Dst, pi.Addr[:])
+}
+
+func setControlMessage(c *socket.Conn, opt *rawOpt, cf ControlFlags, on bool) error {
+	opt.Lock()
+	defer opt.Unlock()
+	if so, ok := sockOpts[ssoReceiveTTL]; ok && cf&FlagTTL != 0 {
+		if err := so.SetInt(c, boolint(on)); err != nil {
+			return err
+		}
+		if on {
+			opt.set(FlagTTL)
+		} else {
+			opt.clear(FlagTTL)
+		}
+	}
+	if so, ok := sockOpts[ssoPacketInfo]; ok {
+		if cf&(FlagSrc|FlagDst|FlagInterface) != 0 {
+			if err := so.SetInt(c, boolint(on)); err != nil {
+				return err
+			}
+			if on {
+				opt.set(cf & (FlagSrc | FlagDst | FlagInterface))
+			} else {
+				opt.clear(cf & (FlagSrc | FlagDst | FlagInterface))
+			}
+		}
+	} else {
+		if so, ok := sockOpts[ssoReceiveDst]; ok && cf&FlagDst != 0 {
+			if err := so.SetInt(c, boolint(on)); err != nil {
+				return err
+			}
+			if on {
+				opt.set(FlagDst)
+			} else {
+				opt.clear(FlagDst)
+			}
+		}
+		if so, ok := sockOpts[ssoReceiveInterface]; ok && cf&FlagInterface != 0 {
+			if err := so.SetInt(c, boolint(on)); err != nil {
+				return err
+			}
+			if on {
+				opt.set(FlagInterface)
+			} else {
+				opt.clear(FlagInterface)
+			}
+		}
+	}
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/dgramopt.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/dgramopt.go
new file mode 100644
index 000000000..c191c22ab
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/dgramopt.go
@@ -0,0 +1,264 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package ipv4
+
+import (
+	"net"
+
+	"golang.org/x/net/bpf"
+)
+
+// MulticastTTL returns the time-to-live field value for outgoing
+// multicast packets.
+func (c *dgramOpt) MulticastTTL() (int, error) {
+	if !c.ok() {
+		return 0, errInvalidConn
+	}
+	so, ok := sockOpts[ssoMulticastTTL]
+	if !ok {
+		return 0, errNotImplemented
+	}
+	return so.GetInt(c.Conn)
+}
+
+// SetMulticastTTL sets the time-to-live field value for future
+// outgoing multicast packets.
+func (c *dgramOpt) SetMulticastTTL(ttl int) error {
+	if !c.ok() {
+		return errInvalidConn
+	}
+	so, ok := sockOpts[ssoMulticastTTL]
+	if !ok {
+		return errNotImplemented
+	}
+	return so.SetInt(c.Conn, ttl)
+}
+
+// MulticastInterface returns the default interface for multicast
+// packet transmissions.
+func (c *dgramOpt) MulticastInterface() (*net.Interface, error) {
+	if !c.ok() {
+		return nil, errInvalidConn
+	}
+	so, ok := sockOpts[ssoMulticastInterface]
+	if !ok {
+		return nil, errNotImplemented
+	}
+	return so.getMulticastInterface(c.Conn)
+}
+
+// SetMulticastInterface sets the default interface for future
+// multicast packet transmissions.
+func (c *dgramOpt) SetMulticastInterface(ifi *net.Interface) error {
+	if !c.ok() {
+		return errInvalidConn
+	}
+	so, ok := sockOpts[ssoMulticastInterface]
+	if !ok {
+		return errNotImplemented
+	}
+	return so.setMulticastInterface(c.Conn, ifi)
+}
+
+// MulticastLoopback reports whether transmitted multicast packets
+// should be copied and send back to the originator.
+func (c *dgramOpt) MulticastLoopback() (bool, error) {
+	if !c.ok() {
+		return false, errInvalidConn
+	}
+	so, ok := sockOpts[ssoMulticastLoopback]
+	if !ok {
+		return false, errNotImplemented
+	}
+	on, err := so.GetInt(c.Conn)
+	if err != nil {
+		return false, err
+	}
+	return on == 1, nil
+}
+
+// SetMulticastLoopback sets whether transmitted multicast packets
+// should be copied and send back to the originator.
+func (c *dgramOpt) SetMulticastLoopback(on bool) error {
+	if !c.ok() {
+		return errInvalidConn
+	}
+	so, ok := sockOpts[ssoMulticastLoopback]
+	if !ok {
+		return errNotImplemented
+	}
+	return so.SetInt(c.Conn, boolint(on))
+}
+
+// JoinGroup joins the group address group on the interface ifi.
+// By default all sources that can cast data to group are accepted.
+// It's possible to mute and unmute data transmission from a specific
+// source by using ExcludeSourceSpecificGroup and
+// IncludeSourceSpecificGroup.
+// JoinGroup uses the system assigned multicast interface when ifi is
+// nil, although this is not recommended because the assignment
+// depends on platforms and sometimes it might require routing
+// configuration.
+func (c *dgramOpt) JoinGroup(ifi *net.Interface, group net.Addr) error {
+	if !c.ok() {
+		return errInvalidConn
+	}
+	so, ok := sockOpts[ssoJoinGroup]
+	if !ok {
+		return errNotImplemented
+	}
+	grp := netAddrToIP4(group)
+	if grp == nil {
+		return errMissingAddress
+	}
+	return so.setGroup(c.Conn, ifi, grp)
+}
+
+// LeaveGroup leaves the group address group on the interface ifi
+// regardless of whether the group is any-source group or
+// source-specific group.
+func (c *dgramOpt) LeaveGroup(ifi *net.Interface, group net.Addr) error {
+	if !c.ok() {
+		return errInvalidConn
+	}
+	so, ok := sockOpts[ssoLeaveGroup]
+	if !ok {
+		return errNotImplemented
+	}
+	grp := netAddrToIP4(group)
+	if grp == nil {
+		return errMissingAddress
+	}
+	return so.setGroup(c.Conn, ifi, grp)
+}
+
+// JoinSourceSpecificGroup joins the source-specific group comprising
+// group and source on the interface ifi.
+// JoinSourceSpecificGroup uses the system assigned multicast
+// interface when ifi is nil, although this is not recommended because
+// the assignment depends on platforms and sometimes it might require
+// routing configuration.
+func (c *dgramOpt) JoinSourceSpecificGroup(ifi *net.Interface, group, source net.Addr) error {
+	if !c.ok() {
+		return errInvalidConn
+	}
+	so, ok := sockOpts[ssoJoinSourceGroup]
+	if !ok {
+		return errNotImplemented
+	}
+	grp := netAddrToIP4(group)
+	if grp == nil {
+		return errMissingAddress
+	}
+	src := netAddrToIP4(source)
+	if src == nil {
+		return errMissingAddress
+	}
+	return so.setSourceGroup(c.Conn, ifi, grp, src)
+}
+
+// LeaveSourceSpecificGroup leaves the source-specific group on the
+// interface ifi.
+func (c *dgramOpt) LeaveSourceSpecificGroup(ifi *net.Interface, group, source net.Addr) error {
+	if !c.ok() {
+		return errInvalidConn
+	}
+	so, ok := sockOpts[ssoLeaveSourceGroup]
+	if !ok {
+		return errNotImplemented
+	}
+	grp := netAddrToIP4(group)
+	if grp == nil {
+		return errMissingAddress
+	}
+	src := netAddrToIP4(source)
+	if src == nil {
+		return errMissingAddress
+	}
+	return so.setSourceGroup(c.Conn, ifi, grp, src)
+}
+
+// ExcludeSourceSpecificGroup excludes the source-specific group from
+// the already joined any-source groups by JoinGroup on the interface
+// ifi.
+func (c *dgramOpt) ExcludeSourceSpecificGroup(ifi *net.Interface, group, source net.Addr) error {
+	if !c.ok() {
+		return errInvalidConn
+	}
+	so, ok := sockOpts[ssoBlockSourceGroup]
+	if !ok {
+		return errNotImplemented
+	}
+	grp := netAddrToIP4(group)
+	if grp == nil {
+		return errMissingAddress
+	}
+	src := netAddrToIP4(source)
+	if src == nil {
+		return errMissingAddress
+	}
+	return so.setSourceGroup(c.Conn, ifi, grp, src)
+}
+
+// IncludeSourceSpecificGroup includes the excluded source-specific
+// group by ExcludeSourceSpecificGroup again on the interface ifi.
+func (c *dgramOpt) IncludeSourceSpecificGroup(ifi *net.Interface, group, source net.Addr) error {
+	if !c.ok() {
+		return errInvalidConn
+	}
+	so, ok := sockOpts[ssoUnblockSourceGroup]
+	if !ok {
+		return errNotImplemented
+	}
+	grp := netAddrToIP4(group)
+	if grp == nil {
+		return errMissingAddress
+	}
+	src := netAddrToIP4(source)
+	if src == nil {
+		return errMissingAddress
+	}
+	return so.setSourceGroup(c.Conn, ifi, grp, src)
+}
+
+// ICMPFilter returns an ICMP filter.
+// Currently only Linux supports this.
+func (c *dgramOpt) ICMPFilter() (*ICMPFilter, error) {
+	if !c.ok() {
+		return nil, errInvalidConn
+	}
+	so, ok := sockOpts[ssoICMPFilter]
+	if !ok {
+		return nil, errNotImplemented
+	}
+	return so.getICMPFilter(c.Conn)
+}
+
+// SetICMPFilter deploys the ICMP filter.
+// Currently only Linux supports this.
+func (c *dgramOpt) SetICMPFilter(f *ICMPFilter) error {
+	if !c.ok() {
+		return errInvalidConn
+	}
+	so, ok := sockOpts[ssoICMPFilter]
+	if !ok {
+		return errNotImplemented
+	}
+	return so.setICMPFilter(c.Conn, f)
+}
+
+// SetBPF attaches a BPF program to the connection.
+//
+// Only supported on Linux.
+func (c *dgramOpt) SetBPF(filter []bpf.RawInstruction) error {
+	if !c.ok() {
+		return errInvalidConn
+	}
+	so, ok := sockOpts[ssoAttachFilter]
+	if !ok {
+		return errNotImplemented
+	}
+	return so.setBPF(c.Conn, filter)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/doc.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/doc.go
new file mode 100644
index 000000000..245834979
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/doc.go
@@ -0,0 +1,244 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package ipv4 implements IP-level socket options for the Internet
+// Protocol version 4.
+//
+// The package provides IP-level socket options that allow
+// manipulation of IPv4 facilities.
+//
+// The IPv4 protocol and basic host requirements for IPv4 are defined
+// in RFC 791 and RFC 1122.
+// Host extensions for multicasting and socket interface extensions
+// for multicast source filters are defined in RFC 1112 and RFC 3678.
+// IGMPv1, IGMPv2 and IGMPv3 are defined in RFC 1112, RFC 2236 and RFC
+// 3376.
+// Source-specific multicast is defined in RFC 4607.
+//
+//
+// Unicasting
+//
+// The options for unicasting are available for net.TCPConn,
+// net.UDPConn and net.IPConn which are created as network connections
+// that use the IPv4 transport. When a single TCP connection carrying
+// a data flow of multiple packets needs to indicate the flow is
+// important, Conn is used to set the type-of-service field on the
+// IPv4 header for each packet.
+//
+//	ln, err := net.Listen("tcp4", "0.0.0.0:1024")
+//	if err != nil {
+//		// error handling
+//	}
+//	defer ln.Close()
+//	for {
+//		c, err := ln.Accept()
+//		if err != nil {
+//			// error handling
+//		}
+//		go func(c net.Conn) {
+//			defer c.Close()
+//
+// The outgoing packets will be labeled DiffServ assured forwarding
+// class 1 low drop precedence, known as AF11 packets.
+//
+//			if err := ipv4.NewConn(c).SetTOS(0x28); err != nil {
+//				// error handling
+//			}
+//			if _, err := c.Write(data); err != nil {
+//				// error handling
+//			}
+//		}(c)
+//	}
+//
+//
+// Multicasting
+//
+// The options for multicasting are available for net.UDPConn and
+// net.IPConn which are created as network connections that use the
+// IPv4 transport. A few network facilities must be prepared before
+// you begin multicasting, at a minimum joining network interfaces and
+// multicast groups.
+//
+//	en0, err := net.InterfaceByName("en0")
+//	if err != nil {
+//		// error handling
+//	}
+//	en1, err := net.InterfaceByIndex(911)
+//	if err != nil {
+//		// error handling
+//	}
+//	group := net.IPv4(224, 0, 0, 250)
+//
+// First, an application listens to an appropriate address with an
+// appropriate service port.
+//
+//	c, err := net.ListenPacket("udp4", "0.0.0.0:1024")
+//	if err != nil {
+//		// error handling
+//	}
+//	defer c.Close()
+//
+// Second, the application joins multicast groups, starts listening to
+// the groups on the specified network interfaces. Note that the
+// service port for transport layer protocol does not matter with this
+// operation as joining groups affects only network and link layer
+// protocols, such as IPv4 and Ethernet.
+//
+//	p := ipv4.NewPacketConn(c)
+//	if err := p.JoinGroup(en0, &net.UDPAddr{IP: group}); err != nil {
+//		// error handling
+//	}
+//	if err := p.JoinGroup(en1, &net.UDPAddr{IP: group}); err != nil {
+//		// error handling
+//	}
+//
+// The application might set per packet control message transmissions
+// between the protocol stack within the kernel. When the application
+// needs a destination address on an incoming packet,
+// SetControlMessage of PacketConn is used to enable control message
+// transmissions.
+//
+//	if err := p.SetControlMessage(ipv4.FlagDst, true); err != nil {
+//		// error handling
+//	}
+//
+// The application could identify whether the received packets are
+// of interest by using the control message that contains the
+// destination address of the received packet.
+//
+//	b := make([]byte, 1500)
+//	for {
+//		n, cm, src, err := p.ReadFrom(b)
+//		if err != nil {
+//			// error handling
+//		}
+//		if cm.Dst.IsMulticast() {
+//			if cm.Dst.Equal(group) {
+//				// joined group, do something
+//			} else {
+//				// unknown group, discard
+//				continue
+//			}
+//		}
+//
+// The application can also send both unicast and multicast packets.
+//
+//		p.SetTOS(0x0)
+//		p.SetTTL(16)
+//		if _, err := p.WriteTo(data, nil, src); err != nil {
+//			// error handling
+//		}
+//		dst := &net.UDPAddr{IP: group, Port: 1024}
+//		for _, ifi := range []*net.Interface{en0, en1} {
+//			if err := p.SetMulticastInterface(ifi); err != nil {
+//				// error handling
+//			}
+//			p.SetMulticastTTL(2)
+//			if _, err := p.WriteTo(data, nil, dst); err != nil {
+//				// error handling
+//			}
+//		}
+//	}
+//
+//
+// More multicasting
+//
+// An application that uses PacketConn or RawConn may join multiple
+// multicast groups. For example, a UDP listener with port 1024 might
+// join two different groups across over two different network
+// interfaces by using:
+//
+//	c, err := net.ListenPacket("udp4", "0.0.0.0:1024")
+//	if err != nil {
+//		// error handling
+//	}
+//	defer c.Close()
+//	p := ipv4.NewPacketConn(c)
+//	if err := p.JoinGroup(en0, &net.UDPAddr{IP: net.IPv4(224, 0, 0, 248)}); err != nil {
+//		// error handling
+//	}
+//	if err := p.JoinGroup(en0, &net.UDPAddr{IP: net.IPv4(224, 0, 0, 249)}); err != nil {
+//		// error handling
+//	}
+//	if err := p.JoinGroup(en1, &net.UDPAddr{IP: net.IPv4(224, 0, 0, 249)}); err != nil {
+//		// error handling
+//	}
+//
+// It is possible for multiple UDP listeners that listen on the same
+// UDP port to join the same multicast group. The net package will
+// provide a socket that listens to a wildcard address with reusable
+// UDP port when an appropriate multicast address prefix is passed to
+// the net.ListenPacket or net.ListenUDP.
+//
+//	c1, err := net.ListenPacket("udp4", "224.0.0.0:1024")
+//	if err != nil {
+//		// error handling
+//	}
+//	defer c1.Close()
+//	c2, err := net.ListenPacket("udp4", "224.0.0.0:1024")
+//	if err != nil {
+//		// error handling
+//	}
+//	defer c2.Close()
+//	p1 := ipv4.NewPacketConn(c1)
+//	if err := p1.JoinGroup(en0, &net.UDPAddr{IP: net.IPv4(224, 0, 0, 248)}); err != nil {
+//		// error handling
+//	}
+//	p2 := ipv4.NewPacketConn(c2)
+//	if err := p2.JoinGroup(en0, &net.UDPAddr{IP: net.IPv4(224, 0, 0, 248)}); err != nil {
+//		// error handling
+//	}
+//
+// Also it is possible for the application to leave or rejoin a
+// multicast group on the network interface.
+//
+//	if err := p.LeaveGroup(en0, &net.UDPAddr{IP: net.IPv4(224, 0, 0, 248)}); err != nil {
+//		// error handling
+//	}
+//	if err := p.JoinGroup(en0, &net.UDPAddr{IP: net.IPv4(224, 0, 0, 250)}); err != nil {
+//		// error handling
+//	}
+//
+//
+// Source-specific multicasting
+//
+// An application that uses PacketConn or RawConn on IGMPv3 supported
+// platform is able to join source-specific multicast groups.
+// The application may use JoinSourceSpecificGroup and
+// LeaveSourceSpecificGroup for the operation known as "include" mode,
+//
+//	ssmgroup := net.UDPAddr{IP: net.IPv4(232, 7, 8, 9)}
+//	ssmsource := net.UDPAddr{IP: net.IPv4(192, 168, 0, 1)}
+//	if err := p.JoinSourceSpecificGroup(en0, &ssmgroup, &ssmsource); err != nil {
+//		// error handling
+//	}
+//	if err := p.LeaveSourceSpecificGroup(en0, &ssmgroup, &ssmsource); err != nil {
+//		// error handling
+//	}
+//
+// or JoinGroup, ExcludeSourceSpecificGroup,
+// IncludeSourceSpecificGroup and LeaveGroup for the operation known
+// as "exclude" mode.
+//
+//	exclsource := net.UDPAddr{IP: net.IPv4(192, 168, 0, 254)}
+//	if err := p.JoinGroup(en0, &ssmgroup); err != nil {
+//		// error handling
+//	}
+//	if err := p.ExcludeSourceSpecificGroup(en0, &ssmgroup, &exclsource); err != nil {
+//		// error handling
+//	}
+//	if err := p.LeaveGroup(en0, &ssmgroup); err != nil {
+//		// error handling
+//	}
+//
+// Note that it depends on each platform implementation what happens
+// when an application which runs on IGMPv3 unsupported platform uses
+// JoinSourceSpecificGroup and LeaveSourceSpecificGroup.
+// In general the platform tries to fall back to conversations using
+// IGMPv1 or IGMPv2 and starts to listen to multicast traffic.
+// In the fallback case, ExcludeSourceSpecificGroup and
+// IncludeSourceSpecificGroup may return an error.
+package ipv4 // import "golang.org/x/net/ipv4"
+
+// BUG(mikio): This package is not implemented on JS, NaCl and Plan 9.
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/endpoint.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/endpoint.go
new file mode 100644
index 000000000..4a6d7a85e
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/endpoint.go
@@ -0,0 +1,186 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package ipv4
+
+import (
+	"net"
+	"time"
+
+	"golang.org/x/net/internal/socket"
+)
+
+// BUG(mikio): On Windows, the JoinSourceSpecificGroup,
+// LeaveSourceSpecificGroup, ExcludeSourceSpecificGroup and
+// IncludeSourceSpecificGroup methods of PacketConn and RawConn are
+// not implemented.
+
+// A Conn represents a network endpoint that uses the IPv4 transport.
+// It is used to control basic IP-level socket options such as TOS and
+// TTL.
+type Conn struct {
+	genericOpt
+}
+
+type genericOpt struct {
+	*socket.Conn
+}
+
+func (c *genericOpt) ok() bool { return c != nil && c.Conn != nil }
+
+// NewConn returns a new Conn.
+func NewConn(c net.Conn) *Conn {
+	cc, _ := socket.NewConn(c)
+	return &Conn{
+		genericOpt: genericOpt{Conn: cc},
+	}
+}
+
+// A PacketConn represents a packet network endpoint that uses the
+// IPv4 transport. It is used to control several IP-level socket
+// options including multicasting. It also provides datagram based
+// network I/O methods specific to the IPv4 and higher layer protocols
+// such as UDP.
+type PacketConn struct {
+	genericOpt
+	dgramOpt
+	payloadHandler
+}
+
+type dgramOpt struct {
+	*socket.Conn
+}
+
+func (c *dgramOpt) ok() bool { return c != nil && c.Conn != nil }
+
+// SetControlMessage sets the per packet IP-level socket options.
+func (c *PacketConn) SetControlMessage(cf ControlFlags, on bool) error {
+	if !c.payloadHandler.ok() {
+		return errInvalidConn
+	}
+	return setControlMessage(c.dgramOpt.Conn, &c.payloadHandler.rawOpt, cf, on)
+}
+
+// SetDeadline sets the read and write deadlines associated with the
+// endpoint.
+func (c *PacketConn) SetDeadline(t time.Time) error {
+	if !c.payloadHandler.ok() {
+		return errInvalidConn
+	}
+	return c.payloadHandler.PacketConn.SetDeadline(t)
+}
+
+// SetReadDeadline sets the read deadline associated with the
+// endpoint.
+func (c *PacketConn) SetReadDeadline(t time.Time) error {
+	if !c.payloadHandler.ok() {
+		return errInvalidConn
+	}
+	return c.payloadHandler.PacketConn.SetReadDeadline(t)
+}
+
+// SetWriteDeadline sets the write deadline associated with the
+// endpoint.
+func (c *PacketConn) SetWriteDeadline(t time.Time) error {
+	if !c.payloadHandler.ok() {
+		return errInvalidConn
+	}
+	return c.payloadHandler.PacketConn.SetWriteDeadline(t)
+}
+
+// Close closes the endpoint.
+func (c *PacketConn) Close() error {
+	if !c.payloadHandler.ok() {
+		return errInvalidConn
+	}
+	return c.payloadHandler.PacketConn.Close()
+}
+
+// NewPacketConn returns a new PacketConn using c as its underlying
+// transport.
+func NewPacketConn(c net.PacketConn) *PacketConn {
+	cc, _ := socket.NewConn(c.(net.Conn))
+	p := &PacketConn{
+		genericOpt:     genericOpt{Conn: cc},
+		dgramOpt:       dgramOpt{Conn: cc},
+		payloadHandler: payloadHandler{PacketConn: c, Conn: cc},
+	}
+	return p
+}
+
+// A RawConn represents a packet network endpoint that uses the IPv4
+// transport. It is used to control several IP-level socket options
+// including IPv4 header manipulation. It also provides datagram
+// based network I/O methods specific to the IPv4 and higher layer
+// protocols that handle IPv4 datagram directly such as OSPF, GRE.
+type RawConn struct {
+	genericOpt
+	dgramOpt
+	packetHandler
+}
+
+// SetControlMessage sets the per packet IP-level socket options.
+func (c *RawConn) SetControlMessage(cf ControlFlags, on bool) error {
+	if !c.packetHandler.ok() {
+		return errInvalidConn
+	}
+	return setControlMessage(c.dgramOpt.Conn, &c.packetHandler.rawOpt, cf, on)
+}
+
+// SetDeadline sets the read and write deadlines associated with the
+// endpoint.
+func (c *RawConn) SetDeadline(t time.Time) error {
+	if !c.packetHandler.ok() {
+		return errInvalidConn
+	}
+	return c.packetHandler.IPConn.SetDeadline(t)
+}
+
+// SetReadDeadline sets the read deadline associated with the
+// endpoint.
+func (c *RawConn) SetReadDeadline(t time.Time) error {
+	if !c.packetHandler.ok() {
+		return errInvalidConn
+	}
+	return c.packetHandler.IPConn.SetReadDeadline(t)
+}
+
+// SetWriteDeadline sets the write deadline associated with the
+// endpoint.
+func (c *RawConn) SetWriteDeadline(t time.Time) error {
+	if !c.packetHandler.ok() {
+		return errInvalidConn
+	}
+	return c.packetHandler.IPConn.SetWriteDeadline(t)
+}
+
+// Close closes the endpoint.
+func (c *RawConn) Close() error {
+	if !c.packetHandler.ok() {
+		return errInvalidConn
+	}
+	return c.packetHandler.IPConn.Close()
+}
+
+// NewRawConn returns a new RawConn using c as its underlying
+// transport.
+func NewRawConn(c net.PacketConn) (*RawConn, error) {
+	cc, err := socket.NewConn(c.(net.Conn))
+	if err != nil {
+		return nil, err
+	}
+	r := &RawConn{
+		genericOpt:    genericOpt{Conn: cc},
+		dgramOpt:      dgramOpt{Conn: cc},
+		packetHandler: packetHandler{IPConn: c.(*net.IPConn), Conn: cc},
+	}
+	so, ok := sockOpts[ssoHeaderPrepend]
+	if !ok {
+		return nil, errNotImplemented
+	}
+	if err := so.SetInt(r.dgramOpt.Conn, boolint(true)); err != nil {
+		return nil, err
+	}
+	return r, nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/genericopt.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/genericopt.go
new file mode 100644
index 000000000..51c12371e
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/genericopt.go
@@ -0,0 +1,55 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package ipv4
+
+// TOS returns the type-of-service field value for outgoing packets.
+func (c *genericOpt) TOS() (int, error) {
+	if !c.ok() {
+		return 0, errInvalidConn
+	}
+	so, ok := sockOpts[ssoTOS]
+	if !ok {
+		return 0, errNotImplemented
+	}
+	return so.GetInt(c.Conn)
+}
+
+// SetTOS sets the type-of-service field value for future outgoing
+// packets.
+func (c *genericOpt) SetTOS(tos int) error {
+	if !c.ok() {
+		return errInvalidConn
+	}
+	so, ok := sockOpts[ssoTOS]
+	if !ok {
+		return errNotImplemented
+	}
+	return so.SetInt(c.Conn, tos)
+}
+
+// TTL returns the time-to-live field value for outgoing packets.
+func (c *genericOpt) TTL() (int, error) {
+	if !c.ok() {
+		return 0, errInvalidConn
+	}
+	so, ok := sockOpts[ssoTTL]
+	if !ok {
+		return 0, errNotImplemented
+	}
+	return so.GetInt(c.Conn)
+}
+
+// SetTTL sets the time-to-live field value for future outgoing
+// packets.
+func (c *genericOpt) SetTTL(ttl int) error {
+	if !c.ok() {
+		return errInvalidConn
+	}
+	so, ok := sockOpts[ssoTTL]
+	if !ok {
+		return errNotImplemented
+	}
+	return so.SetInt(c.Conn, ttl)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/header.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/header.go
new file mode 100644
index 000000000..a00a3eaff
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/header.go
@@ -0,0 +1,172 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package ipv4
+
+import (
+	"encoding/binary"
+	"fmt"
+	"net"
+	"runtime"
+
+	"golang.org/x/net/internal/socket"
+)
+
+const (
+	Version   = 4  // protocol version
+	HeaderLen = 20 // header length without extension headers
+)
+
+type HeaderFlags int
+
+const (
+	MoreFragments HeaderFlags = 1 << iota // more fragments flag
+	DontFragment                          // don't fragment flag
+)
+
+// A Header represents an IPv4 header.
+type Header struct {
+	Version  int         // protocol version
+	Len      int         // header length
+	TOS      int         // type-of-service
+	TotalLen int         // packet total length
+	ID       int         // identification
+	Flags    HeaderFlags // flags
+	FragOff  int         // fragment offset
+	TTL      int         // time-to-live
+	Protocol int         // next protocol
+	Checksum int         // checksum
+	Src      net.IP      // source address
+	Dst      net.IP      // destination address
+	Options  []byte      // options, extension headers
+}
+
+func (h *Header) String() string {
+	if h == nil {
+		return "<nil>"
+	}
+	return fmt.Sprintf("ver=%d hdrlen=%d tos=%#x totallen=%d id=%#x flags=%#x fragoff=%#x ttl=%d proto=%d cksum=%#x src=%v dst=%v", h.Version, h.Len, h.TOS, h.TotalLen, h.ID, h.Flags, h.FragOff, h.TTL, h.Protocol, h.Checksum, h.Src, h.Dst)
+}
+
+// Marshal returns the binary encoding of h.
+//
+// The returned slice is in the format used by a raw IP socket on the
+// local system.
+// This may differ from the wire format, depending on the system.
+func (h *Header) Marshal() ([]byte, error) {
+	if h == nil {
+		return nil, errNilHeader
+	}
+	if h.Len < HeaderLen {
+		return nil, errHeaderTooShort
+	}
+	hdrlen := HeaderLen + len(h.Options)
+	b := make([]byte, hdrlen)
+	b[0] = byte(Version<<4 | (hdrlen >> 2 & 0x0f))
+	b[1] = byte(h.TOS)
+	flagsAndFragOff := (h.FragOff & 0x1fff) | int(h.Flags<<13)
+	switch runtime.GOOS {
+	case "darwin", "ios", "dragonfly", "netbsd":
+		socket.NativeEndian.PutUint16(b[2:4], uint16(h.TotalLen))
+		socket.NativeEndian.PutUint16(b[6:8], uint16(flagsAndFragOff))
+	case "freebsd":
+		if freebsdVersion < 1100000 {
+			socket.NativeEndian.PutUint16(b[2:4], uint16(h.TotalLen))
+			socket.NativeEndian.PutUint16(b[6:8], uint16(flagsAndFragOff))
+		} else {
+			binary.BigEndian.PutUint16(b[2:4], uint16(h.TotalLen))
+			binary.BigEndian.PutUint16(b[6:8], uint16(flagsAndFragOff))
+		}
+	default:
+		binary.BigEndian.PutUint16(b[2:4], uint16(h.TotalLen))
+		binary.BigEndian.PutUint16(b[6:8], uint16(flagsAndFragOff))
+	}
+	binary.BigEndian.PutUint16(b[4:6], uint16(h.ID))
+	b[8] = byte(h.TTL)
+	b[9] = byte(h.Protocol)
+	binary.BigEndian.PutUint16(b[10:12], uint16(h.Checksum))
+	if ip := h.Src.To4(); ip != nil {
+		copy(b[12:16], ip[:net.IPv4len])
+	}
+	if ip := h.Dst.To4(); ip != nil {
+		copy(b[16:20], ip[:net.IPv4len])
+	} else {
+		return nil, errMissingAddress
+	}
+	if len(h.Options) > 0 {
+		copy(b[HeaderLen:], h.Options)
+	}
+	return b, nil
+}
+
+// Parse parses b as an IPv4 header and stores the result in h.
+//
+// The provided b must be in the format used by a raw IP socket on the
+// local system.
+// This may differ from the wire format, depending on the system.
+func (h *Header) Parse(b []byte) error {
+	if h == nil || b == nil {
+		return errNilHeader
+	}
+	if len(b) < HeaderLen {
+		return errHeaderTooShort
+	}
+	hdrlen := int(b[0]&0x0f) << 2
+	if len(b) < hdrlen {
+		return errExtHeaderTooShort
+	}
+	h.Version = int(b[0] >> 4)
+	h.Len = hdrlen
+	h.TOS = int(b[1])
+	h.ID = int(binary.BigEndian.Uint16(b[4:6]))
+	h.TTL = int(b[8])
+	h.Protocol = int(b[9])
+	h.Checksum = int(binary.BigEndian.Uint16(b[10:12]))
+	h.Src = net.IPv4(b[12], b[13], b[14], b[15])
+	h.Dst = net.IPv4(b[16], b[17], b[18], b[19])
+	switch runtime.GOOS {
+	case "darwin", "ios", "dragonfly", "netbsd":
+		h.TotalLen = int(socket.NativeEndian.Uint16(b[2:4])) + hdrlen
+		h.FragOff = int(socket.NativeEndian.Uint16(b[6:8]))
+	case "freebsd":
+		if freebsdVersion < 1100000 {
+			h.TotalLen = int(socket.NativeEndian.Uint16(b[2:4]))
+			if freebsdVersion < 1000000 {
+				h.TotalLen += hdrlen
+			}
+			h.FragOff = int(socket.NativeEndian.Uint16(b[6:8]))
+		} else {
+			h.TotalLen = int(binary.BigEndian.Uint16(b[2:4]))
+			h.FragOff = int(binary.BigEndian.Uint16(b[6:8]))
+		}
+	default:
+		h.TotalLen = int(binary.BigEndian.Uint16(b[2:4]))
+		h.FragOff = int(binary.BigEndian.Uint16(b[6:8]))
+	}
+	h.Flags = HeaderFlags(h.FragOff&0xe000) >> 13
+	h.FragOff = h.FragOff & 0x1fff
+	optlen := hdrlen - HeaderLen
+	if optlen > 0 && len(b) >= hdrlen {
+		if cap(h.Options) < optlen {
+			h.Options = make([]byte, optlen)
+		} else {
+			h.Options = h.Options[:optlen]
+		}
+		copy(h.Options, b[HeaderLen:hdrlen])
+	}
+	return nil
+}
+
+// ParseHeader parses b as an IPv4 header.
+//
+// The provided b must be in the format used by a raw IP socket on the
+// local system.
+// This may differ from the wire format, depending on the system.
+func ParseHeader(b []byte) (*Header, error) {
+	h := new(Header)
+	if err := h.Parse(b); err != nil {
+		return nil, err
+	}
+	return h, nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/helper.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/helper.go
new file mode 100644
index 000000000..e845a7376
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/helper.go
@@ -0,0 +1,77 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package ipv4
+
+import (
+	"errors"
+	"net"
+	"runtime"
+
+	"golang.org/x/net/internal/socket"
+)
+
+var (
+	errInvalidConn       = errors.New("invalid connection")
+	errMissingAddress    = errors.New("missing address")
+	errNilHeader         = errors.New("nil header")
+	errHeaderTooShort    = errors.New("header too short")
+	errExtHeaderTooShort = errors.New("extension header too short")
+	errInvalidConnType   = errors.New("invalid conn type")
+	errNotImplemented    = errors.New("not implemented on " + runtime.GOOS + "/" + runtime.GOARCH)
+
+	// See https://www.freebsd.org/doc/en/books/porters-handbook/versions.html.
+	freebsdVersion  uint32
+	compatFreeBSD32 bool // 386 emulation on amd64
+)
+
+// See golang.org/issue/30899.
+func adjustFreeBSD32(m *socket.Message) {
+	// FreeBSD 12.0-RELEASE is affected by https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=236737
+	if 1200086 <= freebsdVersion && freebsdVersion < 1201000 {
+		l := (m.NN + 4 - 1) &^ (4 - 1)
+		if m.NN < l && l <= len(m.OOB) {
+			m.NN = l
+		}
+	}
+}
+
+func boolint(b bool) int {
+	if b {
+		return 1
+	}
+	return 0
+}
+
+func netAddrToIP4(a net.Addr) net.IP {
+	switch v := a.(type) {
+	case *net.UDPAddr:
+		if ip := v.IP.To4(); ip != nil {
+			return ip
+		}
+	case *net.IPAddr:
+		if ip := v.IP.To4(); ip != nil {
+			return ip
+		}
+	}
+	return nil
+}
+
+func opAddr(a net.Addr) net.Addr {
+	switch a.(type) {
+	case *net.TCPAddr:
+		if a == nil {
+			return nil
+		}
+	case *net.UDPAddr:
+		if a == nil {
+			return nil
+		}
+	case *net.IPAddr:
+		if a == nil {
+			return nil
+		}
+	}
+	return a
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/iana.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/iana.go
new file mode 100644
index 000000000..4375b4099
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/iana.go
@@ -0,0 +1,38 @@
+// go generate gen.go
+// Code generated by the command above; DO NOT EDIT.
+
+package ipv4
+
+// Internet Control Message Protocol (ICMP) Parameters, Updated: 2018-02-26
+const (
+	ICMPTypeEchoReply              ICMPType = 0  // Echo Reply
+	ICMPTypeDestinationUnreachable ICMPType = 3  // Destination Unreachable
+	ICMPTypeRedirect               ICMPType = 5  // Redirect
+	ICMPTypeEcho                   ICMPType = 8  // Echo
+	ICMPTypeRouterAdvertisement    ICMPType = 9  // Router Advertisement
+	ICMPTypeRouterSolicitation     ICMPType = 10 // Router Solicitation
+	ICMPTypeTimeExceeded           ICMPType = 11 // Time Exceeded
+	ICMPTypeParameterProblem       ICMPType = 12 // Parameter Problem
+	ICMPTypeTimestamp              ICMPType = 13 // Timestamp
+	ICMPTypeTimestampReply         ICMPType = 14 // Timestamp Reply
+	ICMPTypePhoturis               ICMPType = 40 // Photuris
+	ICMPTypeExtendedEchoRequest    ICMPType = 42 // Extended Echo Request
+	ICMPTypeExtendedEchoReply      ICMPType = 43 // Extended Echo Reply
+)
+
+// Internet Control Message Protocol (ICMP) Parameters, Updated: 2018-02-26
+var icmpTypes = map[ICMPType]string{
+	0:  "echo reply",
+	3:  "destination unreachable",
+	5:  "redirect",
+	8:  "echo",
+	9:  "router advertisement",
+	10: "router solicitation",
+	11: "time exceeded",
+	12: "parameter problem",
+	13: "timestamp",
+	14: "timestamp reply",
+	40: "photuris",
+	42: "extended echo request",
+	43: "extended echo reply",
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/icmp.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/icmp.go
new file mode 100644
index 000000000..9902bb3d2
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/icmp.go
@@ -0,0 +1,57 @@
+// Copyright 2013 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package ipv4
+
+import "golang.org/x/net/internal/iana"
+
+// An ICMPType represents a type of ICMP message.
+type ICMPType int
+
+func (typ ICMPType) String() string {
+	s, ok := icmpTypes[typ]
+	if !ok {
+		return "<nil>"
+	}
+	return s
+}
+
+// Protocol returns the ICMPv4 protocol number.
+func (typ ICMPType) Protocol() int {
+	return iana.ProtocolICMP
+}
+
+// An ICMPFilter represents an ICMP message filter for incoming
+// packets. The filter belongs to a packet delivery path on a host and
+// it cannot interact with forwarding packets or tunnel-outer packets.
+//
+// Note: RFC 8200 defines a reasonable role model and it works not
+// only for IPv6 but IPv4. A node means a device that implements IP.
+// A router means a node that forwards IP packets not explicitly
+// addressed to itself, and a host means a node that is not a router.
+type ICMPFilter struct {
+	icmpFilter
+}
+
+// Accept accepts incoming ICMP packets including the type field value
+// typ.
+func (f *ICMPFilter) Accept(typ ICMPType) {
+	f.accept(typ)
+}
+
+// Block blocks incoming ICMP packets including the type field value
+// typ.
+func (f *ICMPFilter) Block(typ ICMPType) {
+	f.block(typ)
+}
+
+// SetAll sets the filter action to the filter.
+func (f *ICMPFilter) SetAll(block bool) {
+	f.setAll(block)
+}
+
+// WillBlock reports whether the ICMP type will be blocked.
+func (f *ICMPFilter) WillBlock(typ ICMPType) bool {
+	return f.willBlock(typ)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/icmp_linux.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/icmp_linux.go
new file mode 100644
index 000000000..6e1c5c80a
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/icmp_linux.go
@@ -0,0 +1,25 @@
+// Copyright 2014 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package ipv4
+
+func (f *icmpFilter) accept(typ ICMPType) {
+	f.Data &^= 1 << (uint32(typ) & 31)
+}
+
+func (f *icmpFilter) block(typ ICMPType) {
+	f.Data |= 1 << (uint32(typ) & 31)
+}
+
+func (f *icmpFilter) setAll(block bool) {
+	if block {
+		f.Data = 1<<32 - 1
+	} else {
+		f.Data = 0
+	}
+}
+
+func (f *icmpFilter) willBlock(typ ICMPType) bool {
+	return f.Data&(1<<(uint32(typ)&31)) != 0
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/icmp_stub.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/icmp_stub.go
new file mode 100644
index 000000000..21bb29ab3
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/icmp_stub.go
@@ -0,0 +1,25 @@
+// Copyright 2014 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !linux
+
+package ipv4
+
+const sizeofICMPFilter = 0x0
+
+type icmpFilter struct {
+}
+
+func (f *icmpFilter) accept(typ ICMPType) {
+}
+
+func (f *icmpFilter) block(typ ICMPType) {
+}
+
+func (f *icmpFilter) setAll(block bool) {
+}
+
+func (f *icmpFilter) willBlock(typ ICMPType) bool {
+	return false
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/packet.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/packet.go
new file mode 100644
index 000000000..7d784e06d
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/packet.go
@@ -0,0 +1,117 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package ipv4
+
+import (
+	"net"
+
+	"golang.org/x/net/internal/socket"
+)
+
+// BUG(mikio): On Windows, the ReadFrom and WriteTo methods of RawConn
+// are not implemented.
+
+// A packetHandler represents the IPv4 datagram handler.
+type packetHandler struct {
+	*net.IPConn
+	*socket.Conn
+	rawOpt
+}
+
+func (c *packetHandler) ok() bool { return c != nil && c.IPConn != nil && c.Conn != nil }
+
+// ReadFrom reads an IPv4 datagram from the endpoint c, copying the
+// datagram into b. It returns the received datagram as the IPv4
+// header h, the payload p and the control message cm.
+func (c *packetHandler) ReadFrom(b []byte) (h *Header, p []byte, cm *ControlMessage, err error) {
+	if !c.ok() {
+		return nil, nil, nil, errInvalidConn
+	}
+	c.rawOpt.RLock()
+	m := socket.Message{
+		Buffers: [][]byte{b},
+		OOB:     NewControlMessage(c.rawOpt.cflags),
+	}
+	c.rawOpt.RUnlock()
+	if err := c.RecvMsg(&m, 0); err != nil {
+		return nil, nil, nil, &net.OpError{Op: "read", Net: c.IPConn.LocalAddr().Network(), Source: c.IPConn.LocalAddr(), Err: err}
+	}
+	var hs []byte
+	if hs, p, err = slicePacket(b[:m.N]); err != nil {
+		return nil, nil, nil, &net.OpError{Op: "read", Net: c.IPConn.LocalAddr().Network(), Source: c.IPConn.LocalAddr(), Err: err}
+	}
+	if h, err = ParseHeader(hs); err != nil {
+		return nil, nil, nil, &net.OpError{Op: "read", Net: c.IPConn.LocalAddr().Network(), Source: c.IPConn.LocalAddr(), Err: err}
+	}
+	if m.NN > 0 {
+		if compatFreeBSD32 {
+			adjustFreeBSD32(&m)
+		}
+		cm = new(ControlMessage)
+		if err := cm.Parse(m.OOB[:m.NN]); err != nil {
+			return nil, nil, nil, &net.OpError{Op: "read", Net: c.IPConn.LocalAddr().Network(), Source: c.IPConn.LocalAddr(), Err: err}
+		}
+	}
+	if src, ok := m.Addr.(*net.IPAddr); ok && cm != nil {
+		cm.Src = src.IP
+	}
+	return
+}
+
+func slicePacket(b []byte) (h, p []byte, err error) {
+	if len(b) < HeaderLen {
+		return nil, nil, errHeaderTooShort
+	}
+	hdrlen := int(b[0]&0x0f) << 2
+	return b[:hdrlen], b[hdrlen:], nil
+}
+
+// WriteTo writes an IPv4 datagram through the endpoint c, copying the
+// datagram from the IPv4 header h and the payload p. The control
+// message cm allows the datagram path and the outgoing interface to be
+// specified.  Currently only Darwin and Linux support this. The cm
+// may be nil if control of the outgoing datagram is not required.
+//
+// The IPv4 header h must contain appropriate fields that include:
+//
+//	Version       = <must be specified>
+//	Len           = <must be specified>
+//	TOS           = <must be specified>
+//	TotalLen      = <must be specified>
+//	ID            = platform sets an appropriate value if ID is zero
+//	FragOff       = <must be specified>
+//	TTL           = <must be specified>
+//	Protocol      = <must be specified>
+//	Checksum      = platform sets an appropriate value if Checksum is zero
+//	Src           = platform sets an appropriate value if Src is nil
+//	Dst           = <must be specified>
+//	Options       = optional
+func (c *packetHandler) WriteTo(h *Header, p []byte, cm *ControlMessage) error {
+	if !c.ok() {
+		return errInvalidConn
+	}
+	m := socket.Message{
+		OOB: cm.Marshal(),
+	}
+	wh, err := h.Marshal()
+	if err != nil {
+		return err
+	}
+	m.Buffers = [][]byte{wh, p}
+	dst := new(net.IPAddr)
+	if cm != nil {
+		if ip := cm.Dst.To4(); ip != nil {
+			dst.IP = ip
+		}
+	}
+	if dst.IP == nil {
+		dst.IP = h.Dst
+	}
+	m.Addr = dst
+	if err := c.SendMsg(&m, 0); err != nil {
+		return &net.OpError{Op: "write", Net: c.IPConn.LocalAddr().Network(), Source: c.IPConn.LocalAddr(), Addr: opAddr(dst), Err: err}
+	}
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/payload.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/payload.go
new file mode 100644
index 000000000..f95f811ac
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/payload.go
@@ -0,0 +1,23 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package ipv4
+
+import (
+	"net"
+
+	"golang.org/x/net/internal/socket"
+)
+
+// BUG(mikio): On Windows, the ControlMessage for ReadFrom and WriteTo
+// methods of PacketConn is not implemented.
+
+// A payloadHandler represents the IPv4 datagram payload handler.
+type payloadHandler struct {
+	net.PacketConn
+	*socket.Conn
+	rawOpt
+}
+
+func (c *payloadHandler) ok() bool { return c != nil && c.PacketConn != nil && c.Conn != nil }
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/payload_cmsg.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/payload_cmsg.go
new file mode 100644
index 000000000..7bde68947
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/payload_cmsg.go
@@ -0,0 +1,84 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
+
+package ipv4
+
+import (
+	"net"
+
+	"golang.org/x/net/internal/socket"
+)
+
+// ReadFrom reads a payload of the received IPv4 datagram, from the
+// endpoint c, copying the payload into b. It returns the number of
+// bytes copied into b, the control message cm and the source address
+// src of the received datagram.
+func (c *payloadHandler) ReadFrom(b []byte) (n int, cm *ControlMessage, src net.Addr, err error) {
+	if !c.ok() {
+		return 0, nil, nil, errInvalidConn
+	}
+	c.rawOpt.RLock()
+	m := socket.Message{
+		OOB: NewControlMessage(c.rawOpt.cflags),
+	}
+	c.rawOpt.RUnlock()
+	switch c.PacketConn.(type) {
+	case *net.UDPConn:
+		m.Buffers = [][]byte{b}
+		if err := c.RecvMsg(&m, 0); err != nil {
+			return 0, nil, nil, &net.OpError{Op: "read", Net: c.PacketConn.LocalAddr().Network(), Source: c.PacketConn.LocalAddr(), Err: err}
+		}
+	case *net.IPConn:
+		h := make([]byte, HeaderLen)
+		m.Buffers = [][]byte{h, b}
+		if err := c.RecvMsg(&m, 0); err != nil {
+			return 0, nil, nil, &net.OpError{Op: "read", Net: c.PacketConn.LocalAddr().Network(), Source: c.PacketConn.LocalAddr(), Err: err}
+		}
+		hdrlen := int(h[0]&0x0f) << 2
+		if hdrlen > len(h) {
+			d := hdrlen - len(h)
+			copy(b, b[d:])
+			m.N -= d
+		} else {
+			m.N -= hdrlen
+		}
+	default:
+		return 0, nil, nil, &net.OpError{Op: "read", Net: c.PacketConn.LocalAddr().Network(), Source: c.PacketConn.LocalAddr(), Err: errInvalidConnType}
+	}
+	if m.NN > 0 {
+		if compatFreeBSD32 {
+			adjustFreeBSD32(&m)
+		}
+		cm = new(ControlMessage)
+		if err := cm.Parse(m.OOB[:m.NN]); err != nil {
+			return 0, nil, nil, &net.OpError{Op: "read", Net: c.PacketConn.LocalAddr().Network(), Source: c.PacketConn.LocalAddr(), Err: err}
+		}
+		cm.Src = netAddrToIP4(m.Addr)
+	}
+	return m.N, cm, m.Addr, nil
+}
+
+// WriteTo writes a payload of the IPv4 datagram, to the destination
+// address dst through the endpoint c, copying the payload from b. It
+// returns the number of bytes written. The control message cm allows
+// the datagram path and the outgoing interface to be specified.
+// Currently only Darwin and Linux support this. The cm may be nil if
+// control of the outgoing datagram is not required.
+func (c *payloadHandler) WriteTo(b []byte, cm *ControlMessage, dst net.Addr) (n int, err error) {
+	if !c.ok() {
+		return 0, errInvalidConn
+	}
+	m := socket.Message{
+		Buffers: [][]byte{b},
+		OOB:     cm.Marshal(),
+		Addr:    dst,
+	}
+	err = c.SendMsg(&m, 0)
+	if err != nil {
+		err = &net.OpError{Op: "write", Net: c.PacketConn.LocalAddr().Network(), Source: c.PacketConn.LocalAddr(), Addr: opAddr(dst), Err: err}
+	}
+	return m.N, err
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/payload_nocmsg.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/payload_nocmsg.go
new file mode 100644
index 000000000..251bd0c70
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/payload_nocmsg.go
@@ -0,0 +1,39 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !aix,!darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd,!solaris,!zos
+
+package ipv4
+
+import "net"
+
+// ReadFrom reads a payload of the received IPv4 datagram, from the
+// endpoint c, copying the payload into b. It returns the number of
+// bytes copied into b, the control message cm and the source address
+// src of the received datagram.
+func (c *payloadHandler) ReadFrom(b []byte) (n int, cm *ControlMessage, src net.Addr, err error) {
+	if !c.ok() {
+		return 0, nil, nil, errInvalidConn
+	}
+	if n, src, err = c.PacketConn.ReadFrom(b); err != nil {
+		return 0, nil, nil, err
+	}
+	return
+}
+
+// WriteTo writes a payload of the IPv4 datagram, to the destination
+// address dst through the endpoint c, copying the payload from b. It
+// returns the number of bytes written. The control message cm allows
+// the datagram path and the outgoing interface to be specified.
+// Currently only Darwin and Linux support this. The cm may be nil if
+// control of the outgoing datagram is not required.
+func (c *payloadHandler) WriteTo(b []byte, cm *ControlMessage, dst net.Addr) (n int, err error) {
+	if !c.ok() {
+		return 0, errInvalidConn
+	}
+	if dst == nil {
+		return 0, errMissingAddress
+	}
+	return c.PacketConn.WriteTo(b, dst)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sockopt.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sockopt.go
new file mode 100644
index 000000000..22e90c039
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sockopt.go
@@ -0,0 +1,44 @@
+// Copyright 2014 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package ipv4
+
+import "golang.org/x/net/internal/socket"
+
+// Sticky socket options
+const (
+	ssoTOS                = iota // header field for unicast packet
+	ssoTTL                       // header field for unicast packet
+	ssoMulticastTTL              // header field for multicast packet
+	ssoMulticastInterface        // outbound interface for multicast packet
+	ssoMulticastLoopback         // loopback for multicast packet
+	ssoReceiveTTL                // header field on received packet
+	ssoReceiveDst                // header field on received packet
+	ssoReceiveInterface          // inbound interface on received packet
+	ssoPacketInfo                // incbound or outbound packet path
+	ssoHeaderPrepend             // ipv4 header prepend
+	ssoStripHeader               // strip ipv4 header
+	ssoICMPFilter                // icmp filter
+	ssoJoinGroup                 // any-source multicast
+	ssoLeaveGroup                // any-source multicast
+	ssoJoinSourceGroup           // source-specific multicast
+	ssoLeaveSourceGroup          // source-specific multicast
+	ssoBlockSourceGroup          // any-source or source-specific multicast
+	ssoUnblockSourceGroup        // any-source or source-specific multicast
+	ssoAttachFilter              // attach BPF for filtering inbound traffic
+)
+
+// Sticky socket option value types
+const (
+	ssoTypeIPMreq = iota + 1
+	ssoTypeIPMreqn
+	ssoTypeGroupReq
+	ssoTypeGroupSourceReq
+)
+
+// A sockOpt represents a binding for sticky socket option.
+type sockOpt struct {
+	socket.Option
+	typ int // hint for option value type; optional
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sockopt_posix.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sockopt_posix.go
new file mode 100644
index 000000000..ef29718d1
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sockopt_posix.go
@@ -0,0 +1,71 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris windows zos
+
+package ipv4
+
+import (
+	"net"
+	"unsafe"
+
+	"golang.org/x/net/bpf"
+	"golang.org/x/net/internal/socket"
+)
+
+func (so *sockOpt) getMulticastInterface(c *socket.Conn) (*net.Interface, error) {
+	switch so.typ {
+	case ssoTypeIPMreqn:
+		return so.getIPMreqn(c)
+	default:
+		return so.getMulticastIf(c)
+	}
+}
+
+func (so *sockOpt) setMulticastInterface(c *socket.Conn, ifi *net.Interface) error {
+	switch so.typ {
+	case ssoTypeIPMreqn:
+		return so.setIPMreqn(c, ifi, nil)
+	default:
+		return so.setMulticastIf(c, ifi)
+	}
+}
+
+func (so *sockOpt) getICMPFilter(c *socket.Conn) (*ICMPFilter, error) {
+	b := make([]byte, so.Len)
+	n, err := so.Get(c, b)
+	if err != nil {
+		return nil, err
+	}
+	if n != sizeofICMPFilter {
+		return nil, errNotImplemented
+	}
+	return (*ICMPFilter)(unsafe.Pointer(&b[0])), nil
+}
+
+func (so *sockOpt) setICMPFilter(c *socket.Conn, f *ICMPFilter) error {
+	b := (*[sizeofICMPFilter]byte)(unsafe.Pointer(f))[:sizeofICMPFilter]
+	return so.Set(c, b)
+}
+
+func (so *sockOpt) setGroup(c *socket.Conn, ifi *net.Interface, grp net.IP) error {
+	switch so.typ {
+	case ssoTypeIPMreq:
+		return so.setIPMreq(c, ifi, grp)
+	case ssoTypeIPMreqn:
+		return so.setIPMreqn(c, ifi, grp)
+	case ssoTypeGroupReq:
+		return so.setGroupReq(c, ifi, grp)
+	default:
+		return errNotImplemented
+	}
+}
+
+func (so *sockOpt) setSourceGroup(c *socket.Conn, ifi *net.Interface, grp, src net.IP) error {
+	return so.setGroupSourceReq(c, ifi, grp, src)
+}
+
+func (so *sockOpt) setBPF(c *socket.Conn, f []bpf.RawInstruction) error {
+	return so.setAttachFilter(c, f)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sockopt_stub.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sockopt_stub.go
new file mode 100644
index 000000000..fbca52684
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sockopt_stub.go
@@ -0,0 +1,42 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !aix,!darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd,!solaris,!windows,!zos
+
+package ipv4
+
+import (
+	"net"
+
+	"golang.org/x/net/bpf"
+	"golang.org/x/net/internal/socket"
+)
+
+func (so *sockOpt) getMulticastInterface(c *socket.Conn) (*net.Interface, error) {
+	return nil, errNotImplemented
+}
+
+func (so *sockOpt) setMulticastInterface(c *socket.Conn, ifi *net.Interface) error {
+	return errNotImplemented
+}
+
+func (so *sockOpt) getICMPFilter(c *socket.Conn) (*ICMPFilter, error) {
+	return nil, errNotImplemented
+}
+
+func (so *sockOpt) setICMPFilter(c *socket.Conn, f *ICMPFilter) error {
+	return errNotImplemented
+}
+
+func (so *sockOpt) setGroup(c *socket.Conn, ifi *net.Interface, grp net.IP) error {
+	return errNotImplemented
+}
+
+func (so *sockOpt) setSourceGroup(c *socket.Conn, ifi *net.Interface, grp, src net.IP) error {
+	return errNotImplemented
+}
+
+func (so *sockOpt) setBPF(c *socket.Conn, f []bpf.RawInstruction) error {
+	return errNotImplemented
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_aix.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_aix.go
new file mode 100644
index 000000000..3d1201e6d
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_aix.go
@@ -0,0 +1,38 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Added for go1.11 compatibility
+// +build aix
+
+package ipv4
+
+import (
+	"net"
+	"syscall"
+
+	"golang.org/x/net/internal/iana"
+	"golang.org/x/net/internal/socket"
+)
+
+var (
+	ctlOpts = [ctlMax]ctlOpt{
+		ctlTTL:       {sysIP_RECVTTL, 1, marshalTTL, parseTTL},
+		ctlDst:       {sysIP_RECVDSTADDR, net.IPv4len, marshalDst, parseDst},
+		ctlInterface: {sysIP_RECVIF, syscall.SizeofSockaddrDatalink, marshalInterface, parseInterface},
+	}
+
+	sockOpts = map[int]*sockOpt{
+		ssoTOS:                {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_TOS, Len: 4}},
+		ssoTTL:                {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_TTL, Len: 4}},
+		ssoMulticastTTL:       {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_MULTICAST_TTL, Len: 1}},
+		ssoMulticastInterface: {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_MULTICAST_IF, Len: 4}},
+		ssoMulticastLoopback:  {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_MULTICAST_LOOP, Len: 1}},
+		ssoReceiveTTL:         {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_RECVTTL, Len: 4}},
+		ssoReceiveDst:         {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_RECVDSTADDR, Len: 4}},
+		ssoReceiveInterface:   {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_RECVIF, Len: 4}},
+		ssoHeaderPrepend:      {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_HDRINCL, Len: 4}},
+		ssoJoinGroup:          {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_ADD_MEMBERSHIP, Len: sizeofIPMreq}, typ: ssoTypeIPMreq},
+		ssoLeaveGroup:         {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_DROP_MEMBERSHIP, Len: sizeofIPMreq}, typ: ssoTypeIPMreq},
+	}
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_asmreq.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_asmreq.go
new file mode 100644
index 000000000..76d670aca
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_asmreq.go
@@ -0,0 +1,122 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build aix darwin dragonfly freebsd netbsd openbsd solaris windows
+
+package ipv4
+
+import (
+	"errors"
+	"net"
+	"unsafe"
+
+	"golang.org/x/net/internal/socket"
+)
+
+var errNoSuchInterface = errors.New("no such interface")
+
+func (so *sockOpt) setIPMreq(c *socket.Conn, ifi *net.Interface, grp net.IP) error {
+	mreq := ipMreq{Multiaddr: [4]byte{grp[0], grp[1], grp[2], grp[3]}}
+	if err := setIPMreqInterface(&mreq, ifi); err != nil {
+		return err
+	}
+	b := (*[sizeofIPMreq]byte)(unsafe.Pointer(&mreq))[:sizeofIPMreq]
+	return so.Set(c, b)
+}
+
+func (so *sockOpt) getMulticastIf(c *socket.Conn) (*net.Interface, error) {
+	var b [4]byte
+	if _, err := so.Get(c, b[:]); err != nil {
+		return nil, err
+	}
+	ifi, err := netIP4ToInterface(net.IPv4(b[0], b[1], b[2], b[3]))
+	if err != nil {
+		return nil, err
+	}
+	return ifi, nil
+}
+
+func (so *sockOpt) setMulticastIf(c *socket.Conn, ifi *net.Interface) error {
+	ip, err := netInterfaceToIP4(ifi)
+	if err != nil {
+		return err
+	}
+	var b [4]byte
+	copy(b[:], ip)
+	return so.Set(c, b[:])
+}
+
+func setIPMreqInterface(mreq *ipMreq, ifi *net.Interface) error {
+	if ifi == nil {
+		return nil
+	}
+	ifat, err := ifi.Addrs()
+	if err != nil {
+		return err
+	}
+	for _, ifa := range ifat {
+		switch ifa := ifa.(type) {
+		case *net.IPAddr:
+			if ip := ifa.IP.To4(); ip != nil {
+				copy(mreq.Interface[:], ip)
+				return nil
+			}
+		case *net.IPNet:
+			if ip := ifa.IP.To4(); ip != nil {
+				copy(mreq.Interface[:], ip)
+				return nil
+			}
+		}
+	}
+	return errNoSuchInterface
+}
+
+func netIP4ToInterface(ip net.IP) (*net.Interface, error) {
+	ift, err := net.Interfaces()
+	if err != nil {
+		return nil, err
+	}
+	for _, ifi := range ift {
+		ifat, err := ifi.Addrs()
+		if err != nil {
+			return nil, err
+		}
+		for _, ifa := range ifat {
+			switch ifa := ifa.(type) {
+			case *net.IPAddr:
+				if ip.Equal(ifa.IP) {
+					return &ifi, nil
+				}
+			case *net.IPNet:
+				if ip.Equal(ifa.IP) {
+					return &ifi, nil
+				}
+			}
+		}
+	}
+	return nil, errNoSuchInterface
+}
+
+func netInterfaceToIP4(ifi *net.Interface) (net.IP, error) {
+	if ifi == nil {
+		return net.IPv4zero.To4(), nil
+	}
+	ifat, err := ifi.Addrs()
+	if err != nil {
+		return nil, err
+	}
+	for _, ifa := range ifat {
+		switch ifa := ifa.(type) {
+		case *net.IPAddr:
+			if ip := ifa.IP.To4(); ip != nil {
+				return ip, nil
+			}
+		case *net.IPNet:
+			if ip := ifa.IP.To4(); ip != nil {
+				return ip, nil
+			}
+		}
+	}
+	return nil, errNoSuchInterface
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_asmreq_stub.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_asmreq_stub.go
new file mode 100644
index 000000000..6dc339ce6
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_asmreq_stub.go
@@ -0,0 +1,25 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !aix,!darwin,!dragonfly,!freebsd,!netbsd,!openbsd,!solaris,!windows
+
+package ipv4
+
+import (
+	"net"
+
+	"golang.org/x/net/internal/socket"
+)
+
+func (so *sockOpt) setIPMreq(c *socket.Conn, ifi *net.Interface, grp net.IP) error {
+	return errNotImplemented
+}
+
+func (so *sockOpt) getMulticastIf(c *socket.Conn) (*net.Interface, error) {
+	return nil, errNotImplemented
+}
+
+func (so *sockOpt) setMulticastIf(c *socket.Conn, ifi *net.Interface) error {
+	return errNotImplemented
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_asmreqn.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_asmreqn.go
new file mode 100644
index 000000000..1f24f69f3
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_asmreqn.go
@@ -0,0 +1,42 @@
+// Copyright 2014 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build darwin freebsd linux
+
+package ipv4
+
+import (
+	"net"
+	"unsafe"
+
+	"golang.org/x/net/internal/socket"
+)
+
+func (so *sockOpt) getIPMreqn(c *socket.Conn) (*net.Interface, error) {
+	b := make([]byte, so.Len)
+	if _, err := so.Get(c, b); err != nil {
+		return nil, err
+	}
+	mreqn := (*ipMreqn)(unsafe.Pointer(&b[0]))
+	if mreqn.Ifindex == 0 {
+		return nil, nil
+	}
+	ifi, err := net.InterfaceByIndex(int(mreqn.Ifindex))
+	if err != nil {
+		return nil, err
+	}
+	return ifi, nil
+}
+
+func (so *sockOpt) setIPMreqn(c *socket.Conn, ifi *net.Interface, grp net.IP) error {
+	var mreqn ipMreqn
+	if ifi != nil {
+		mreqn.Ifindex = int32(ifi.Index)
+	}
+	if grp != nil {
+		mreqn.Multiaddr = [4]byte{grp[0], grp[1], grp[2], grp[3]}
+	}
+	b := (*[sizeofIPMreqn]byte)(unsafe.Pointer(&mreqn))[:sizeofIPMreqn]
+	return so.Set(c, b)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_asmreqn_stub.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_asmreqn_stub.go
new file mode 100644
index 000000000..48ef55624
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_asmreqn_stub.go
@@ -0,0 +1,21 @@
+// Copyright 2014 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !darwin,!freebsd,!linux
+
+package ipv4
+
+import (
+	"net"
+
+	"golang.org/x/net/internal/socket"
+)
+
+func (so *sockOpt) getIPMreqn(c *socket.Conn) (*net.Interface, error) {
+	return nil, errNotImplemented
+}
+
+func (so *sockOpt) setIPMreqn(c *socket.Conn, ifi *net.Interface, grp net.IP) error {
+	return errNotImplemented
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_bpf.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_bpf.go
new file mode 100644
index 000000000..5c03dce3b
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_bpf.go
@@ -0,0 +1,24 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build linux
+
+package ipv4
+
+import (
+	"unsafe"
+
+	"golang.org/x/net/bpf"
+	"golang.org/x/net/internal/socket"
+	"golang.org/x/sys/unix"
+)
+
+func (so *sockOpt) setAttachFilter(c *socket.Conn, f []bpf.RawInstruction) error {
+	prog := unix.SockFprog{
+		Len:    uint16(len(f)),
+		Filter: (*unix.SockFilter)(unsafe.Pointer(&f[0])),
+	}
+	b := (*[unix.SizeofSockFprog]byte)(unsafe.Pointer(&prog))[:unix.SizeofSockFprog]
+	return so.Set(c, b)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_bpf_stub.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_bpf_stub.go
new file mode 100644
index 000000000..5c9864271
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_bpf_stub.go
@@ -0,0 +1,16 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !linux
+
+package ipv4
+
+import (
+	"golang.org/x/net/bpf"
+	"golang.org/x/net/internal/socket"
+)
+
+func (so *sockOpt) setAttachFilter(c *socket.Conn, f []bpf.RawInstruction) error {
+	return errNotImplemented
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_bsd.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_bsd.go
new file mode 100644
index 000000000..58256dd9d
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_bsd.go
@@ -0,0 +1,37 @@
+// Copyright 2014 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build netbsd openbsd
+
+package ipv4
+
+import (
+	"net"
+	"syscall"
+
+	"golang.org/x/net/internal/iana"
+	"golang.org/x/net/internal/socket"
+)
+
+var (
+	ctlOpts = [ctlMax]ctlOpt{
+		ctlTTL:       {sysIP_RECVTTL, 1, marshalTTL, parseTTL},
+		ctlDst:       {sysIP_RECVDSTADDR, net.IPv4len, marshalDst, parseDst},
+		ctlInterface: {sysIP_RECVIF, syscall.SizeofSockaddrDatalink, marshalInterface, parseInterface},
+	}
+
+	sockOpts = map[int]*sockOpt{
+		ssoTOS:                {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_TOS, Len: 4}},
+		ssoTTL:                {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_TTL, Len: 4}},
+		ssoMulticastTTL:       {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_MULTICAST_TTL, Len: 1}},
+		ssoMulticastInterface: {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_MULTICAST_IF, Len: 4}},
+		ssoMulticastLoopback:  {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_MULTICAST_LOOP, Len: 1}},
+		ssoReceiveTTL:         {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_RECVTTL, Len: 4}},
+		ssoReceiveDst:         {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_RECVDSTADDR, Len: 4}},
+		ssoReceiveInterface:   {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_RECVIF, Len: 4}},
+		ssoHeaderPrepend:      {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_HDRINCL, Len: 4}},
+		ssoJoinGroup:          {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_ADD_MEMBERSHIP, Len: sizeofIPMreq}, typ: ssoTypeIPMreq},
+		ssoLeaveGroup:         {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_DROP_MEMBERSHIP, Len: sizeofIPMreq}, typ: ssoTypeIPMreq},
+	}
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_darwin.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_darwin.go
new file mode 100644
index 000000000..ac213c735
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_darwin.go
@@ -0,0 +1,65 @@
+// Copyright 2014 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package ipv4
+
+import (
+	"net"
+	"syscall"
+	"unsafe"
+
+	"golang.org/x/net/internal/iana"
+	"golang.org/x/net/internal/socket"
+)
+
+var (
+	ctlOpts = [ctlMax]ctlOpt{
+		ctlTTL:        {sysIP_RECVTTL, 1, marshalTTL, parseTTL},
+		ctlDst:        {sysIP_RECVDSTADDR, net.IPv4len, marshalDst, parseDst},
+		ctlInterface:  {sysIP_RECVIF, syscall.SizeofSockaddrDatalink, marshalInterface, parseInterface},
+		ctlPacketInfo: {sysIP_PKTINFO, sizeofInetPktinfo, marshalPacketInfo, parsePacketInfo},
+	}
+
+	sockOpts = map[int]*sockOpt{
+		ssoTOS:                {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_TOS, Len: 4}},
+		ssoTTL:                {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_TTL, Len: 4}},
+		ssoMulticastTTL:       {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_MULTICAST_TTL, Len: 1}},
+		ssoMulticastInterface: {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_MULTICAST_IF, Len: sizeofIPMreqn}, typ: ssoTypeIPMreqn},
+		ssoMulticastLoopback:  {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_MULTICAST_LOOP, Len: 4}},
+		ssoReceiveTTL:         {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_RECVTTL, Len: 4}},
+		ssoReceiveDst:         {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_RECVDSTADDR, Len: 4}},
+		ssoReceiveInterface:   {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_RECVIF, Len: 4}},
+		ssoHeaderPrepend:      {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_HDRINCL, Len: 4}},
+		ssoStripHeader:        {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_STRIPHDR, Len: 4}},
+		ssoJoinGroup:          {Option: socket.Option{Level: iana.ProtocolIP, Name: sysMCAST_JOIN_GROUP, Len: sizeofGroupReq}, typ: ssoTypeGroupReq},
+		ssoLeaveGroup:         {Option: socket.Option{Level: iana.ProtocolIP, Name: sysMCAST_LEAVE_GROUP, Len: sizeofGroupReq}, typ: ssoTypeGroupReq},
+		ssoJoinSourceGroup:    {Option: socket.Option{Level: iana.ProtocolIP, Name: sysMCAST_JOIN_SOURCE_GROUP, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
+		ssoLeaveSourceGroup:   {Option: socket.Option{Level: iana.ProtocolIP, Name: sysMCAST_LEAVE_SOURCE_GROUP, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
+		ssoBlockSourceGroup:   {Option: socket.Option{Level: iana.ProtocolIP, Name: sysMCAST_BLOCK_SOURCE, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
+		ssoUnblockSourceGroup: {Option: socket.Option{Level: iana.ProtocolIP, Name: sysMCAST_UNBLOCK_SOURCE, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
+		ssoPacketInfo:         {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_RECVPKTINFO, Len: 4}},
+	}
+)
+
+func (pi *inetPktinfo) setIfindex(i int) {
+	pi.Ifindex = uint32(i)
+}
+
+func (gr *groupReq) setGroup(grp net.IP) {
+	sa := (*sockaddrInet)(unsafe.Pointer(uintptr(unsafe.Pointer(gr)) + 4))
+	sa.Len = sizeofSockaddrInet
+	sa.Family = syscall.AF_INET
+	copy(sa.Addr[:], grp)
+}
+
+func (gsr *groupSourceReq) setSourceGroup(grp, src net.IP) {
+	sa := (*sockaddrInet)(unsafe.Pointer(uintptr(unsafe.Pointer(gsr)) + 4))
+	sa.Len = sizeofSockaddrInet
+	sa.Family = syscall.AF_INET
+	copy(sa.Addr[:], grp)
+	sa = (*sockaddrInet)(unsafe.Pointer(uintptr(unsafe.Pointer(gsr)) + 132))
+	sa.Len = sizeofSockaddrInet
+	sa.Family = syscall.AF_INET
+	copy(sa.Addr[:], src)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_dragonfly.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_dragonfly.go
new file mode 100644
index 000000000..859764f33
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_dragonfly.go
@@ -0,0 +1,35 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package ipv4
+
+import (
+	"net"
+	"syscall"
+
+	"golang.org/x/net/internal/iana"
+	"golang.org/x/net/internal/socket"
+)
+
+var (
+	ctlOpts = [ctlMax]ctlOpt{
+		ctlTTL:       {sysIP_RECVTTL, 1, marshalTTL, parseTTL},
+		ctlDst:       {sysIP_RECVDSTADDR, net.IPv4len, marshalDst, parseDst},
+		ctlInterface: {sysIP_RECVIF, syscall.SizeofSockaddrDatalink, marshalInterface, parseInterface},
+	}
+
+	sockOpts = map[int]*sockOpt{
+		ssoTOS:                {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_TOS, Len: 4}},
+		ssoTTL:                {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_TTL, Len: 4}},
+		ssoMulticastTTL:       {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_MULTICAST_TTL, Len: 1}},
+		ssoMulticastInterface: {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_MULTICAST_IF, Len: 4}},
+		ssoMulticastLoopback:  {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_MULTICAST_LOOP, Len: 4}},
+		ssoReceiveTTL:         {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_RECVTTL, Len: 4}},
+		ssoReceiveDst:         {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_RECVDSTADDR, Len: 4}},
+		ssoReceiveInterface:   {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_RECVIF, Len: 4}},
+		ssoHeaderPrepend:      {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_HDRINCL, Len: 4}},
+		ssoJoinGroup:          {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_ADD_MEMBERSHIP, Len: sizeofIPMreq}, typ: ssoTypeIPMreq},
+		ssoLeaveGroup:         {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_DROP_MEMBERSHIP, Len: sizeofIPMreq}, typ: ssoTypeIPMreq},
+	}
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_freebsd.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_freebsd.go
new file mode 100644
index 000000000..482873d9a
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_freebsd.go
@@ -0,0 +1,76 @@
+// Copyright 2014 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package ipv4
+
+import (
+	"net"
+	"runtime"
+	"strings"
+	"syscall"
+	"unsafe"
+
+	"golang.org/x/net/internal/iana"
+	"golang.org/x/net/internal/socket"
+)
+
+var (
+	ctlOpts = [ctlMax]ctlOpt{
+		ctlTTL:       {sysIP_RECVTTL, 1, marshalTTL, parseTTL},
+		ctlDst:       {sysIP_RECVDSTADDR, net.IPv4len, marshalDst, parseDst},
+		ctlInterface: {sysIP_RECVIF, syscall.SizeofSockaddrDatalink, marshalInterface, parseInterface},
+	}
+
+	sockOpts = map[int]*sockOpt{
+		ssoTOS:                {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_TOS, Len: 4}},
+		ssoTTL:                {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_TTL, Len: 4}},
+		ssoMulticastTTL:       {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_MULTICAST_TTL, Len: 1}},
+		ssoMulticastInterface: {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_MULTICAST_IF, Len: 4}},
+		ssoMulticastLoopback:  {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_MULTICAST_LOOP, Len: 4}},
+		ssoReceiveTTL:         {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_RECVTTL, Len: 4}},
+		ssoReceiveDst:         {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_RECVDSTADDR, Len: 4}},
+		ssoReceiveInterface:   {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_RECVIF, Len: 4}},
+		ssoHeaderPrepend:      {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_HDRINCL, Len: 4}},
+		ssoJoinGroup:          {Option: socket.Option{Level: iana.ProtocolIP, Name: sysMCAST_JOIN_GROUP, Len: sizeofGroupReq}, typ: ssoTypeGroupReq},
+		ssoLeaveGroup:         {Option: socket.Option{Level: iana.ProtocolIP, Name: sysMCAST_LEAVE_GROUP, Len: sizeofGroupReq}, typ: ssoTypeGroupReq},
+		ssoJoinSourceGroup:    {Option: socket.Option{Level: iana.ProtocolIP, Name: sysMCAST_JOIN_SOURCE_GROUP, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
+		ssoLeaveSourceGroup:   {Option: socket.Option{Level: iana.ProtocolIP, Name: sysMCAST_LEAVE_SOURCE_GROUP, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
+		ssoBlockSourceGroup:   {Option: socket.Option{Level: iana.ProtocolIP, Name: sysMCAST_BLOCK_SOURCE, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
+		ssoUnblockSourceGroup: {Option: socket.Option{Level: iana.ProtocolIP, Name: sysMCAST_UNBLOCK_SOURCE, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
+	}
+)
+
+func init() {
+	freebsdVersion, _ = syscall.SysctlUint32("kern.osreldate")
+	if freebsdVersion >= 1000000 {
+		sockOpts[ssoMulticastInterface] = &sockOpt{Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_MULTICAST_IF, Len: sizeofIPMreqn}, typ: ssoTypeIPMreqn}
+	}
+	if runtime.GOOS == "freebsd" && runtime.GOARCH == "386" {
+		archs, _ := syscall.Sysctl("kern.supported_archs")
+		for _, s := range strings.Fields(archs) {
+			if s == "amd64" {
+				compatFreeBSD32 = true
+				break
+			}
+		}
+	}
+}
+
+func (gr *groupReq) setGroup(grp net.IP) {
+	sa := (*sockaddrInet)(unsafe.Pointer(&gr.Group))
+	sa.Len = sizeofSockaddrInet
+	sa.Family = syscall.AF_INET
+	copy(sa.Addr[:], grp)
+}
+
+func (gsr *groupSourceReq) setSourceGroup(grp, src net.IP) {
+	sa := (*sockaddrInet)(unsafe.Pointer(&gsr.Group))
+	sa.Len = sizeofSockaddrInet
+	sa.Family = syscall.AF_INET
+	copy(sa.Addr[:], grp)
+	sa = (*sockaddrInet)(unsafe.Pointer(&gsr.Source))
+	sa.Len = sizeofSockaddrInet
+	sa.Family = syscall.AF_INET
+	copy(sa.Addr[:], src)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_linux.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_linux.go
new file mode 100644
index 000000000..cf755c7fb
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_linux.go
@@ -0,0 +1,60 @@
+// Copyright 2014 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package ipv4
+
+import (
+	"net"
+	"syscall"
+	"unsafe"
+
+	"golang.org/x/net/internal/iana"
+	"golang.org/x/net/internal/socket"
+	"golang.org/x/sys/unix"
+)
+
+var (
+	ctlOpts = [ctlMax]ctlOpt{
+		ctlTTL:        {sysIP_TTL, 1, marshalTTL, parseTTL},
+		ctlPacketInfo: {sysIP_PKTINFO, sizeofInetPktinfo, marshalPacketInfo, parsePacketInfo},
+	}
+
+	sockOpts = map[int]*sockOpt{
+		ssoTOS:                {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_TOS, Len: 4}},
+		ssoTTL:                {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_TTL, Len: 4}},
+		ssoMulticastTTL:       {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_MULTICAST_TTL, Len: 4}},
+		ssoMulticastInterface: {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_MULTICAST_IF, Len: sizeofIPMreqn}, typ: ssoTypeIPMreqn},
+		ssoMulticastLoopback:  {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_MULTICAST_LOOP, Len: 4}},
+		ssoReceiveTTL:         {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_RECVTTL, Len: 4}},
+		ssoPacketInfo:         {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_PKTINFO, Len: 4}},
+		ssoHeaderPrepend:      {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_HDRINCL, Len: 4}},
+		ssoICMPFilter:         {Option: socket.Option{Level: iana.ProtocolReserved, Name: sysICMP_FILTER, Len: sizeofICMPFilter}},
+		ssoJoinGroup:          {Option: socket.Option{Level: iana.ProtocolIP, Name: sysMCAST_JOIN_GROUP, Len: sizeofGroupReq}, typ: ssoTypeGroupReq},
+		ssoLeaveGroup:         {Option: socket.Option{Level: iana.ProtocolIP, Name: sysMCAST_LEAVE_GROUP, Len: sizeofGroupReq}, typ: ssoTypeGroupReq},
+		ssoJoinSourceGroup:    {Option: socket.Option{Level: iana.ProtocolIP, Name: sysMCAST_JOIN_SOURCE_GROUP, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
+		ssoLeaveSourceGroup:   {Option: socket.Option{Level: iana.ProtocolIP, Name: sysMCAST_LEAVE_SOURCE_GROUP, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
+		ssoBlockSourceGroup:   {Option: socket.Option{Level: iana.ProtocolIP, Name: sysMCAST_BLOCK_SOURCE, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
+		ssoUnblockSourceGroup: {Option: socket.Option{Level: iana.ProtocolIP, Name: sysMCAST_UNBLOCK_SOURCE, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
+		ssoAttachFilter:       {Option: socket.Option{Level: unix.SOL_SOCKET, Name: unix.SO_ATTACH_FILTER, Len: unix.SizeofSockFprog}},
+	}
+)
+
+func (pi *inetPktinfo) setIfindex(i int) {
+	pi.Ifindex = int32(i)
+}
+
+func (gr *groupReq) setGroup(grp net.IP) {
+	sa := (*sockaddrInet)(unsafe.Pointer(&gr.Group))
+	sa.Family = syscall.AF_INET
+	copy(sa.Addr[:], grp)
+}
+
+func (gsr *groupSourceReq) setSourceGroup(grp, src net.IP) {
+	sa := (*sockaddrInet)(unsafe.Pointer(&gsr.Group))
+	sa.Family = syscall.AF_INET
+	copy(sa.Addr[:], grp)
+	sa = (*sockaddrInet)(unsafe.Pointer(&gsr.Source))
+	sa.Family = syscall.AF_INET
+	copy(sa.Addr[:], src)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_solaris.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_solaris.go
new file mode 100644
index 000000000..832fef1e2
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_solaris.go
@@ -0,0 +1,57 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package ipv4
+
+import (
+	"net"
+	"syscall"
+	"unsafe"
+
+	"golang.org/x/net/internal/iana"
+	"golang.org/x/net/internal/socket"
+)
+
+var (
+	ctlOpts = [ctlMax]ctlOpt{
+		ctlTTL:        {sysIP_RECVTTL, 4, marshalTTL, parseTTL},
+		ctlPacketInfo: {sysIP_PKTINFO, sizeofInetPktinfo, marshalPacketInfo, parsePacketInfo},
+	}
+
+	sockOpts = map[int]sockOpt{
+		ssoTOS:                {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_TOS, Len: 4}},
+		ssoTTL:                {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_TTL, Len: 4}},
+		ssoMulticastTTL:       {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_MULTICAST_TTL, Len: 1}},
+		ssoMulticastInterface: {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_MULTICAST_IF, Len: 4}},
+		ssoMulticastLoopback:  {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_MULTICAST_LOOP, Len: 1}},
+		ssoReceiveTTL:         {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_RECVTTL, Len: 4}},
+		ssoPacketInfo:         {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_RECVPKTINFO, Len: 4}},
+		ssoHeaderPrepend:      {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_HDRINCL, Len: 4}},
+		ssoJoinGroup:          {Option: socket.Option{Level: iana.ProtocolIP, Name: sysMCAST_JOIN_GROUP, Len: sizeofGroupReq}, typ: ssoTypeGroupReq},
+		ssoLeaveGroup:         {Option: socket.Option{Level: iana.ProtocolIP, Name: sysMCAST_LEAVE_GROUP, Len: sizeofGroupReq}, typ: ssoTypeGroupReq},
+		ssoJoinSourceGroup:    {Option: socket.Option{Level: iana.ProtocolIP, Name: sysMCAST_JOIN_SOURCE_GROUP, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
+		ssoLeaveSourceGroup:   {Option: socket.Option{Level: iana.ProtocolIP, Name: sysMCAST_LEAVE_SOURCE_GROUP, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
+		ssoBlockSourceGroup:   {Option: socket.Option{Level: iana.ProtocolIP, Name: sysMCAST_BLOCK_SOURCE, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
+		ssoUnblockSourceGroup: {Option: socket.Option{Level: iana.ProtocolIP, Name: sysMCAST_UNBLOCK_SOURCE, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
+	}
+)
+
+func (pi *inetPktinfo) setIfindex(i int) {
+	pi.Ifindex = uint32(i)
+}
+
+func (gr *groupReq) setGroup(grp net.IP) {
+	sa := (*sockaddrInet)(unsafe.Pointer(uintptr(unsafe.Pointer(gr)) + 4))
+	sa.Family = syscall.AF_INET
+	copy(sa.Addr[:], grp)
+}
+
+func (gsr *groupSourceReq) setSourceGroup(grp, src net.IP) {
+	sa := (*sockaddrInet)(unsafe.Pointer(uintptr(unsafe.Pointer(gsr)) + 4))
+	sa.Family = syscall.AF_INET
+	copy(sa.Addr[:], grp)
+	sa = (*sockaddrInet)(unsafe.Pointer(uintptr(unsafe.Pointer(gsr)) + 260))
+	sa.Family = syscall.AF_INET
+	copy(sa.Addr[:], src)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_ssmreq.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_ssmreq.go
new file mode 100644
index 000000000..eeced7f31
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_ssmreq.go
@@ -0,0 +1,52 @@
+// Copyright 2014 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build darwin freebsd linux solaris
+
+package ipv4
+
+import (
+	"net"
+	"unsafe"
+
+	"golang.org/x/net/internal/socket"
+)
+
+func (so *sockOpt) setGroupReq(c *socket.Conn, ifi *net.Interface, grp net.IP) error {
+	var gr groupReq
+	if ifi != nil {
+		gr.Interface = uint32(ifi.Index)
+	}
+	gr.setGroup(grp)
+	var b []byte
+	if compatFreeBSD32 {
+		var d [sizeofGroupReq + 4]byte
+		s := (*[sizeofGroupReq]byte)(unsafe.Pointer(&gr))
+		copy(d[:4], s[:4])
+		copy(d[8:], s[4:])
+		b = d[:]
+	} else {
+		b = (*[sizeofGroupReq]byte)(unsafe.Pointer(&gr))[:sizeofGroupReq]
+	}
+	return so.Set(c, b)
+}
+
+func (so *sockOpt) setGroupSourceReq(c *socket.Conn, ifi *net.Interface, grp, src net.IP) error {
+	var gsr groupSourceReq
+	if ifi != nil {
+		gsr.Interface = uint32(ifi.Index)
+	}
+	gsr.setSourceGroup(grp, src)
+	var b []byte
+	if compatFreeBSD32 {
+		var d [sizeofGroupSourceReq + 4]byte
+		s := (*[sizeofGroupSourceReq]byte)(unsafe.Pointer(&gsr))
+		copy(d[:4], s[:4])
+		copy(d[8:], s[4:])
+		b = d[:]
+	} else {
+		b = (*[sizeofGroupSourceReq]byte)(unsafe.Pointer(&gsr))[:sizeofGroupSourceReq]
+	}
+	return so.Set(c, b)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_ssmreq_stub.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_ssmreq_stub.go
new file mode 100644
index 000000000..c0921674b
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_ssmreq_stub.go
@@ -0,0 +1,21 @@
+// Copyright 2014 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !darwin,!freebsd,!linux,!solaris
+
+package ipv4
+
+import (
+	"net"
+
+	"golang.org/x/net/internal/socket"
+)
+
+func (so *sockOpt) setGroupReq(c *socket.Conn, ifi *net.Interface, grp net.IP) error {
+	return errNotImplemented
+}
+
+func (so *sockOpt) setGroupSourceReq(c *socket.Conn, ifi *net.Interface, grp, src net.IP) error {
+	return errNotImplemented
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_stub.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_stub.go
new file mode 100644
index 000000000..555585188
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_stub.go
@@ -0,0 +1,13 @@
+// Copyright 2014 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !aix,!darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd,!solaris,!windows,!zos
+
+package ipv4
+
+var (
+	ctlOpts = [ctlMax]ctlOpt{}
+
+	sockOpts = map[int]*sockOpt{}
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_windows.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_windows.go
new file mode 100644
index 000000000..b0913d539
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_windows.go
@@ -0,0 +1,67 @@
+// Copyright 2014 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package ipv4
+
+import (
+	"golang.org/x/net/internal/iana"
+	"golang.org/x/net/internal/socket"
+)
+
+const (
+	// See ws2tcpip.h.
+	sysIP_OPTIONS                = 0x1
+	sysIP_HDRINCL                = 0x2
+	sysIP_TOS                    = 0x3
+	sysIP_TTL                    = 0x4
+	sysIP_MULTICAST_IF           = 0x9
+	sysIP_MULTICAST_TTL          = 0xa
+	sysIP_MULTICAST_LOOP         = 0xb
+	sysIP_ADD_MEMBERSHIP         = 0xc
+	sysIP_DROP_MEMBERSHIP        = 0xd
+	sysIP_DONTFRAGMENT           = 0xe
+	sysIP_ADD_SOURCE_MEMBERSHIP  = 0xf
+	sysIP_DROP_SOURCE_MEMBERSHIP = 0x10
+	sysIP_PKTINFO                = 0x13
+
+	sizeofInetPktinfo  = 0x8
+	sizeofIPMreq       = 0x8
+	sizeofIPMreqSource = 0xc
+)
+
+type inetPktinfo struct {
+	Addr    [4]byte
+	Ifindex int32
+}
+
+type ipMreq struct {
+	Multiaddr [4]byte
+	Interface [4]byte
+}
+
+type ipMreqSource struct {
+	Multiaddr  [4]byte
+	Sourceaddr [4]byte
+	Interface  [4]byte
+}
+
+// See http://msdn.microsoft.com/en-us/library/windows/desktop/ms738586(v=vs.85).aspx
+var (
+	ctlOpts = [ctlMax]ctlOpt{}
+
+	sockOpts = map[int]*sockOpt{
+		ssoTOS:                {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_TOS, Len: 4}},
+		ssoTTL:                {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_TTL, Len: 4}},
+		ssoMulticastTTL:       {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_MULTICAST_TTL, Len: 4}},
+		ssoMulticastInterface: {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_MULTICAST_IF, Len: 4}},
+		ssoMulticastLoopback:  {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_MULTICAST_LOOP, Len: 4}},
+		ssoHeaderPrepend:      {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_HDRINCL, Len: 4}},
+		ssoJoinGroup:          {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_ADD_MEMBERSHIP, Len: sizeofIPMreq}, typ: ssoTypeIPMreq},
+		ssoLeaveGroup:         {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_DROP_MEMBERSHIP, Len: sizeofIPMreq}, typ: ssoTypeIPMreq},
+	}
+)
+
+func (pi *inetPktinfo) setIfindex(i int) {
+	pi.Ifindex = int32(i)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_zos.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_zos.go
new file mode 100644
index 000000000..7426606cf
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/sys_zos.go
@@ -0,0 +1,55 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package ipv4
+
+import (
+	"net"
+	"syscall"
+	"unsafe"
+
+	"golang.org/x/net/internal/iana"
+	"golang.org/x/net/internal/socket"
+)
+
+var (
+	ctlOpts = [ctlMax]ctlOpt{
+		ctlPacketInfo: {sysIP_PKTINFO, sizeofInetPktinfo, marshalPacketInfo, parsePacketInfo},
+	}
+
+	sockOpts = map[int]*sockOpt{
+		ssoMulticastTTL:       {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_MULTICAST_TTL, Len: 1}},
+		ssoMulticastInterface: {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_MULTICAST_IF, Len: 4}},
+		ssoMulticastLoopback:  {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_MULTICAST_LOOP, Len: 1}},
+		ssoPacketInfo:         {Option: socket.Option{Level: iana.ProtocolIP, Name: sysIP_RECVPKTINFO, Len: 4}},
+		ssoJoinGroup:          {Option: socket.Option{Level: iana.ProtocolIP, Name: sysMCAST_JOIN_GROUP, Len: sizeofGroupReq}, typ: ssoTypeGroupReq},
+		ssoLeaveGroup:         {Option: socket.Option{Level: iana.ProtocolIP, Name: sysMCAST_LEAVE_GROUP, Len: sizeofGroupReq}, typ: ssoTypeGroupReq},
+		ssoJoinSourceGroup:    {Option: socket.Option{Level: iana.ProtocolIP, Name: sysMCAST_JOIN_SOURCE_GROUP, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
+		ssoLeaveSourceGroup:   {Option: socket.Option{Level: iana.ProtocolIP, Name: sysMCAST_LEAVE_SOURCE_GROUP, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
+		ssoBlockSourceGroup:   {Option: socket.Option{Level: iana.ProtocolIP, Name: sysMCAST_BLOCK_SOURCE, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
+		ssoUnblockSourceGroup: {Option: socket.Option{Level: iana.ProtocolIP, Name: sysMCAST_UNBLOCK_SOURCE, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
+	}
+)
+
+func (pi *inetPktinfo) setIfindex(i int) {
+	pi.Ifindex = uint32(i)
+}
+
+func (gr *groupReq) setGroup(grp net.IP) {
+	sa := (*sockaddrInet4)(unsafe.Pointer(&gr.Group))
+	sa.Family = syscall.AF_INET
+	sa.Len = sizeofSockaddrInet4
+	copy(sa.Addr[:], grp)
+}
+
+func (gsr *groupSourceReq) setSourceGroup(grp, src net.IP) {
+	sa := (*sockaddrInet4)(unsafe.Pointer(&gsr.Group))
+	sa.Family = syscall.AF_INET
+	sa.Len = sizeofSockaddrInet4
+	copy(sa.Addr[:], grp)
+	sa = (*sockaddrInet4)(unsafe.Pointer(&gsr.Source))
+	sa.Family = syscall.AF_INET
+	sa.Len = sizeofSockaddrInet4
+	copy(sa.Addr[:], src)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_aix_ppc64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_aix_ppc64.go
new file mode 100644
index 000000000..c741d5c8e
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_aix_ppc64.go
@@ -0,0 +1,33 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_aix.go
+
+// Added for go1.11 compatibility
+// +build aix
+
+package ipv4
+
+const (
+	sysIP_OPTIONS     = 0x1
+	sysIP_HDRINCL     = 0x2
+	sysIP_TOS         = 0x3
+	sysIP_TTL         = 0x4
+	sysIP_RECVOPTS    = 0x5
+	sysIP_RECVRETOPTS = 0x6
+	sysIP_RECVDSTADDR = 0x7
+	sysIP_RETOPTS     = 0x8
+	sysIP_RECVIF      = 0x20
+	sysIP_RECVTTL     = 0x22
+
+	sysIP_MULTICAST_IF    = 0x9
+	sysIP_MULTICAST_TTL   = 0xa
+	sysIP_MULTICAST_LOOP  = 0xb
+	sysIP_ADD_MEMBERSHIP  = 0xc
+	sysIP_DROP_MEMBERSHIP = 0xd
+
+	sizeofIPMreq = 0x8
+)
+
+type ipMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_darwin.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_darwin.go
new file mode 100644
index 000000000..e05a251ba
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_darwin.go
@@ -0,0 +1,99 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_darwin.go
+
+package ipv4
+
+const (
+	sysIP_OPTIONS     = 0x1
+	sysIP_HDRINCL     = 0x2
+	sysIP_TOS         = 0x3
+	sysIP_TTL         = 0x4
+	sysIP_RECVOPTS    = 0x5
+	sysIP_RECVRETOPTS = 0x6
+	sysIP_RECVDSTADDR = 0x7
+	sysIP_RETOPTS     = 0x8
+	sysIP_RECVIF      = 0x14
+	sysIP_STRIPHDR    = 0x17
+	sysIP_RECVTTL     = 0x18
+	sysIP_BOUND_IF    = 0x19
+	sysIP_PKTINFO     = 0x1a
+	sysIP_RECVPKTINFO = 0x1a
+
+	sysIP_MULTICAST_IF           = 0x9
+	sysIP_MULTICAST_TTL          = 0xa
+	sysIP_MULTICAST_LOOP         = 0xb
+	sysIP_ADD_MEMBERSHIP         = 0xc
+	sysIP_DROP_MEMBERSHIP        = 0xd
+	sysIP_MULTICAST_VIF          = 0xe
+	sysIP_MULTICAST_IFINDEX      = 0x42
+	sysIP_ADD_SOURCE_MEMBERSHIP  = 0x46
+	sysIP_DROP_SOURCE_MEMBERSHIP = 0x47
+	sysIP_BLOCK_SOURCE           = 0x48
+	sysIP_UNBLOCK_SOURCE         = 0x49
+	sysMCAST_JOIN_GROUP          = 0x50
+	sysMCAST_LEAVE_GROUP         = 0x51
+	sysMCAST_JOIN_SOURCE_GROUP   = 0x52
+	sysMCAST_LEAVE_SOURCE_GROUP  = 0x53
+	sysMCAST_BLOCK_SOURCE        = 0x54
+	sysMCAST_UNBLOCK_SOURCE      = 0x55
+
+	sizeofSockaddrStorage = 0x80
+	sizeofSockaddrInet    = 0x10
+	sizeofInetPktinfo     = 0xc
+
+	sizeofIPMreq         = 0x8
+	sizeofIPMreqn        = 0xc
+	sizeofIPMreqSource   = 0xc
+	sizeofGroupReq       = 0x84
+	sizeofGroupSourceReq = 0x104
+)
+
+type sockaddrStorage struct {
+	Len         uint8
+	Family      uint8
+	X__ss_pad1  [6]int8
+	X__ss_align int64
+	X__ss_pad2  [112]int8
+}
+
+type sockaddrInet struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]int8
+}
+
+type inetPktinfo struct {
+	Ifindex  uint32
+	Spec_dst [4]byte /* in_addr */
+	Addr     [4]byte /* in_addr */
+}
+
+type ipMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
+
+type ipMreqn struct {
+	Multiaddr [4]byte /* in_addr */
+	Address   [4]byte /* in_addr */
+	Ifindex   int32
+}
+
+type ipMreqSource struct {
+	Multiaddr  [4]byte /* in_addr */
+	Sourceaddr [4]byte /* in_addr */
+	Interface  [4]byte /* in_addr */
+}
+
+type groupReq struct {
+	Interface uint32
+	Pad_cgo_0 [128]byte
+}
+
+type groupSourceReq struct {
+	Interface uint32
+	Pad_cgo_0 [128]byte
+	Pad_cgo_1 [128]byte
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_dragonfly.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_dragonfly.go
new file mode 100644
index 000000000..6d65e9fcb
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_dragonfly.go
@@ -0,0 +1,31 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_dragonfly.go
+
+package ipv4
+
+const (
+	sysIP_OPTIONS     = 0x1
+	sysIP_HDRINCL     = 0x2
+	sysIP_TOS         = 0x3
+	sysIP_TTL         = 0x4
+	sysIP_RECVOPTS    = 0x5
+	sysIP_RECVRETOPTS = 0x6
+	sysIP_RECVDSTADDR = 0x7
+	sysIP_RETOPTS     = 0x8
+	sysIP_RECVIF      = 0x14
+	sysIP_RECVTTL     = 0x41
+
+	sysIP_MULTICAST_IF    = 0x9
+	sysIP_MULTICAST_TTL   = 0xa
+	sysIP_MULTICAST_LOOP  = 0xb
+	sysIP_MULTICAST_VIF   = 0xe
+	sysIP_ADD_MEMBERSHIP  = 0xc
+	sysIP_DROP_MEMBERSHIP = 0xd
+
+	sizeofIPMreq = 0x8
+)
+
+type ipMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_freebsd_386.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_freebsd_386.go
new file mode 100644
index 000000000..136e2b8f1
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_freebsd_386.go
@@ -0,0 +1,93 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_freebsd.go
+
+package ipv4
+
+const (
+	sysIP_OPTIONS     = 0x1
+	sysIP_HDRINCL     = 0x2
+	sysIP_TOS         = 0x3
+	sysIP_TTL         = 0x4
+	sysIP_RECVOPTS    = 0x5
+	sysIP_RECVRETOPTS = 0x6
+	sysIP_RECVDSTADDR = 0x7
+	sysIP_SENDSRCADDR = 0x7
+	sysIP_RETOPTS     = 0x8
+	sysIP_RECVIF      = 0x14
+	sysIP_ONESBCAST   = 0x17
+	sysIP_BINDANY     = 0x18
+	sysIP_RECVTTL     = 0x41
+	sysIP_MINTTL      = 0x42
+	sysIP_DONTFRAG    = 0x43
+	sysIP_RECVTOS     = 0x44
+
+	sysIP_MULTICAST_IF           = 0x9
+	sysIP_MULTICAST_TTL          = 0xa
+	sysIP_MULTICAST_LOOP         = 0xb
+	sysIP_ADD_MEMBERSHIP         = 0xc
+	sysIP_DROP_MEMBERSHIP        = 0xd
+	sysIP_MULTICAST_VIF          = 0xe
+	sysIP_ADD_SOURCE_MEMBERSHIP  = 0x46
+	sysIP_DROP_SOURCE_MEMBERSHIP = 0x47
+	sysIP_BLOCK_SOURCE           = 0x48
+	sysIP_UNBLOCK_SOURCE         = 0x49
+	sysMCAST_JOIN_GROUP          = 0x50
+	sysMCAST_LEAVE_GROUP         = 0x51
+	sysMCAST_JOIN_SOURCE_GROUP   = 0x52
+	sysMCAST_LEAVE_SOURCE_GROUP  = 0x53
+	sysMCAST_BLOCK_SOURCE        = 0x54
+	sysMCAST_UNBLOCK_SOURCE      = 0x55
+
+	sizeofSockaddrStorage = 0x80
+	sizeofSockaddrInet    = 0x10
+
+	sizeofIPMreq         = 0x8
+	sizeofIPMreqn        = 0xc
+	sizeofIPMreqSource   = 0xc
+	sizeofGroupReq       = 0x84
+	sizeofGroupSourceReq = 0x104
+)
+
+type sockaddrStorage struct {
+	Len         uint8
+	Family      uint8
+	X__ss_pad1  [6]int8
+	X__ss_align int64
+	X__ss_pad2  [112]int8
+}
+
+type sockaddrInet struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]int8
+}
+
+type ipMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
+
+type ipMreqn struct {
+	Multiaddr [4]byte /* in_addr */
+	Address   [4]byte /* in_addr */
+	Ifindex   int32
+}
+
+type ipMreqSource struct {
+	Multiaddr  [4]byte /* in_addr */
+	Sourceaddr [4]byte /* in_addr */
+	Interface  [4]byte /* in_addr */
+}
+
+type groupReq struct {
+	Interface uint32
+	Group     sockaddrStorage
+}
+
+type groupSourceReq struct {
+	Interface uint32
+	Group     sockaddrStorage
+	Source    sockaddrStorage
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_freebsd_amd64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_freebsd_amd64.go
new file mode 100644
index 000000000..4f730f19e
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_freebsd_amd64.go
@@ -0,0 +1,95 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_freebsd.go
+
+package ipv4
+
+const (
+	sysIP_OPTIONS     = 0x1
+	sysIP_HDRINCL     = 0x2
+	sysIP_TOS         = 0x3
+	sysIP_TTL         = 0x4
+	sysIP_RECVOPTS    = 0x5
+	sysIP_RECVRETOPTS = 0x6
+	sysIP_RECVDSTADDR = 0x7
+	sysIP_SENDSRCADDR = 0x7
+	sysIP_RETOPTS     = 0x8
+	sysIP_RECVIF      = 0x14
+	sysIP_ONESBCAST   = 0x17
+	sysIP_BINDANY     = 0x18
+	sysIP_RECVTTL     = 0x41
+	sysIP_MINTTL      = 0x42
+	sysIP_DONTFRAG    = 0x43
+	sysIP_RECVTOS     = 0x44
+
+	sysIP_MULTICAST_IF           = 0x9
+	sysIP_MULTICAST_TTL          = 0xa
+	sysIP_MULTICAST_LOOP         = 0xb
+	sysIP_ADD_MEMBERSHIP         = 0xc
+	sysIP_DROP_MEMBERSHIP        = 0xd
+	sysIP_MULTICAST_VIF          = 0xe
+	sysIP_ADD_SOURCE_MEMBERSHIP  = 0x46
+	sysIP_DROP_SOURCE_MEMBERSHIP = 0x47
+	sysIP_BLOCK_SOURCE           = 0x48
+	sysIP_UNBLOCK_SOURCE         = 0x49
+	sysMCAST_JOIN_GROUP          = 0x50
+	sysMCAST_LEAVE_GROUP         = 0x51
+	sysMCAST_JOIN_SOURCE_GROUP   = 0x52
+	sysMCAST_LEAVE_SOURCE_GROUP  = 0x53
+	sysMCAST_BLOCK_SOURCE        = 0x54
+	sysMCAST_UNBLOCK_SOURCE      = 0x55
+
+	sizeofSockaddrStorage = 0x80
+	sizeofSockaddrInet    = 0x10
+
+	sizeofIPMreq         = 0x8
+	sizeofIPMreqn        = 0xc
+	sizeofIPMreqSource   = 0xc
+	sizeofGroupReq       = 0x88
+	sizeofGroupSourceReq = 0x108
+)
+
+type sockaddrStorage struct {
+	Len         uint8
+	Family      uint8
+	X__ss_pad1  [6]int8
+	X__ss_align int64
+	X__ss_pad2  [112]int8
+}
+
+type sockaddrInet struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]int8
+}
+
+type ipMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
+
+type ipMreqn struct {
+	Multiaddr [4]byte /* in_addr */
+	Address   [4]byte /* in_addr */
+	Ifindex   int32
+}
+
+type ipMreqSource struct {
+	Multiaddr  [4]byte /* in_addr */
+	Sourceaddr [4]byte /* in_addr */
+	Interface  [4]byte /* in_addr */
+}
+
+type groupReq struct {
+	Interface uint32
+	Pad_cgo_0 [4]byte
+	Group     sockaddrStorage
+}
+
+type groupSourceReq struct {
+	Interface uint32
+	Pad_cgo_0 [4]byte
+	Group     sockaddrStorage
+	Source    sockaddrStorage
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_freebsd_arm.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_freebsd_arm.go
new file mode 100644
index 000000000..4f730f19e
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_freebsd_arm.go
@@ -0,0 +1,95 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_freebsd.go
+
+package ipv4
+
+const (
+	sysIP_OPTIONS     = 0x1
+	sysIP_HDRINCL     = 0x2
+	sysIP_TOS         = 0x3
+	sysIP_TTL         = 0x4
+	sysIP_RECVOPTS    = 0x5
+	sysIP_RECVRETOPTS = 0x6
+	sysIP_RECVDSTADDR = 0x7
+	sysIP_SENDSRCADDR = 0x7
+	sysIP_RETOPTS     = 0x8
+	sysIP_RECVIF      = 0x14
+	sysIP_ONESBCAST   = 0x17
+	sysIP_BINDANY     = 0x18
+	sysIP_RECVTTL     = 0x41
+	sysIP_MINTTL      = 0x42
+	sysIP_DONTFRAG    = 0x43
+	sysIP_RECVTOS     = 0x44
+
+	sysIP_MULTICAST_IF           = 0x9
+	sysIP_MULTICAST_TTL          = 0xa
+	sysIP_MULTICAST_LOOP         = 0xb
+	sysIP_ADD_MEMBERSHIP         = 0xc
+	sysIP_DROP_MEMBERSHIP        = 0xd
+	sysIP_MULTICAST_VIF          = 0xe
+	sysIP_ADD_SOURCE_MEMBERSHIP  = 0x46
+	sysIP_DROP_SOURCE_MEMBERSHIP = 0x47
+	sysIP_BLOCK_SOURCE           = 0x48
+	sysIP_UNBLOCK_SOURCE         = 0x49
+	sysMCAST_JOIN_GROUP          = 0x50
+	sysMCAST_LEAVE_GROUP         = 0x51
+	sysMCAST_JOIN_SOURCE_GROUP   = 0x52
+	sysMCAST_LEAVE_SOURCE_GROUP  = 0x53
+	sysMCAST_BLOCK_SOURCE        = 0x54
+	sysMCAST_UNBLOCK_SOURCE      = 0x55
+
+	sizeofSockaddrStorage = 0x80
+	sizeofSockaddrInet    = 0x10
+
+	sizeofIPMreq         = 0x8
+	sizeofIPMreqn        = 0xc
+	sizeofIPMreqSource   = 0xc
+	sizeofGroupReq       = 0x88
+	sizeofGroupSourceReq = 0x108
+)
+
+type sockaddrStorage struct {
+	Len         uint8
+	Family      uint8
+	X__ss_pad1  [6]int8
+	X__ss_align int64
+	X__ss_pad2  [112]int8
+}
+
+type sockaddrInet struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]int8
+}
+
+type ipMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
+
+type ipMreqn struct {
+	Multiaddr [4]byte /* in_addr */
+	Address   [4]byte /* in_addr */
+	Ifindex   int32
+}
+
+type ipMreqSource struct {
+	Multiaddr  [4]byte /* in_addr */
+	Sourceaddr [4]byte /* in_addr */
+	Interface  [4]byte /* in_addr */
+}
+
+type groupReq struct {
+	Interface uint32
+	Pad_cgo_0 [4]byte
+	Group     sockaddrStorage
+}
+
+type groupSourceReq struct {
+	Interface uint32
+	Pad_cgo_0 [4]byte
+	Group     sockaddrStorage
+	Source    sockaddrStorage
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_freebsd_arm64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_freebsd_arm64.go
new file mode 100644
index 000000000..ecebf3272
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_freebsd_arm64.go
@@ -0,0 +1,93 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_freebsd.go
+
+package ipv4
+
+const (
+	sysIP_OPTIONS     = 0x1
+	sysIP_HDRINCL     = 0x2
+	sysIP_TOS         = 0x3
+	sysIP_TTL         = 0x4
+	sysIP_RECVOPTS    = 0x5
+	sysIP_RECVRETOPTS = 0x6
+	sysIP_RECVDSTADDR = 0x7
+	sysIP_SENDSRCADDR = 0x7
+	sysIP_RETOPTS     = 0x8
+	sysIP_RECVIF      = 0x14
+	sysIP_ONESBCAST   = 0x17
+	sysIP_BINDANY     = 0x18
+	sysIP_RECVTTL     = 0x41
+	sysIP_MINTTL      = 0x42
+	sysIP_DONTFRAG    = 0x43
+	sysIP_RECVTOS     = 0x44
+
+	sysIP_MULTICAST_IF           = 0x9
+	sysIP_MULTICAST_TTL          = 0xa
+	sysIP_MULTICAST_LOOP         = 0xb
+	sysIP_ADD_MEMBERSHIP         = 0xc
+	sysIP_DROP_MEMBERSHIP        = 0xd
+	sysIP_MULTICAST_VIF          = 0xe
+	sysIP_ADD_SOURCE_MEMBERSHIP  = 0x46
+	sysIP_DROP_SOURCE_MEMBERSHIP = 0x47
+	sysIP_BLOCK_SOURCE           = 0x48
+	sysIP_UNBLOCK_SOURCE         = 0x49
+	sysMCAST_JOIN_GROUP          = 0x50
+	sysMCAST_LEAVE_GROUP         = 0x51
+	sysMCAST_JOIN_SOURCE_GROUP   = 0x52
+	sysMCAST_LEAVE_SOURCE_GROUP  = 0x53
+	sysMCAST_BLOCK_SOURCE        = 0x54
+	sysMCAST_UNBLOCK_SOURCE      = 0x55
+
+	sizeofSockaddrStorage = 0x80
+	sizeofSockaddrInet    = 0x10
+
+	sizeofIPMreq         = 0x8
+	sizeofIPMreqn        = 0xc
+	sizeofIPMreqSource   = 0xc
+	sizeofGroupReq       = 0x88
+	sizeofGroupSourceReq = 0x108
+)
+
+type sockaddrStorage struct {
+	Len         uint8
+	Family      uint8
+	X__ss_pad1  [6]uint8
+	X__ss_align int64
+	X__ss_pad2  [112]uint8
+}
+
+type sockaddrInet struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]uint8
+}
+
+type ipMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
+
+type ipMreqn struct {
+	Multiaddr [4]byte /* in_addr */
+	Address   [4]byte /* in_addr */
+	Ifindex   int32
+}
+
+type ipMreqSource struct {
+	Multiaddr  [4]byte /* in_addr */
+	Sourceaddr [4]byte /* in_addr */
+	Interface  [4]byte /* in_addr */
+}
+
+type groupReq struct {
+	Interface uint32
+	Group     sockaddrStorage
+}
+
+type groupSourceReq struct {
+	Interface uint32
+	Group     sockaddrStorage
+	Source    sockaddrStorage
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_linux_386.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_linux_386.go
new file mode 100644
index 000000000..1c7fdfa13
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_linux_386.go
@@ -0,0 +1,130 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_linux.go
+
+package ipv4
+
+const (
+	sysIP_TOS             = 0x1
+	sysIP_TTL             = 0x2
+	sysIP_HDRINCL         = 0x3
+	sysIP_OPTIONS         = 0x4
+	sysIP_ROUTER_ALERT    = 0x5
+	sysIP_RECVOPTS        = 0x6
+	sysIP_RETOPTS         = 0x7
+	sysIP_PKTINFO         = 0x8
+	sysIP_PKTOPTIONS      = 0x9
+	sysIP_MTU_DISCOVER    = 0xa
+	sysIP_RECVERR         = 0xb
+	sysIP_RECVTTL         = 0xc
+	sysIP_RECVTOS         = 0xd
+	sysIP_MTU             = 0xe
+	sysIP_FREEBIND        = 0xf
+	sysIP_TRANSPARENT     = 0x13
+	sysIP_RECVRETOPTS     = 0x7
+	sysIP_ORIGDSTADDR     = 0x14
+	sysIP_RECVORIGDSTADDR = 0x14
+	sysIP_MINTTL          = 0x15
+	sysIP_NODEFRAG        = 0x16
+	sysIP_UNICAST_IF      = 0x32
+
+	sysIP_MULTICAST_IF           = 0x20
+	sysIP_MULTICAST_TTL          = 0x21
+	sysIP_MULTICAST_LOOP         = 0x22
+	sysIP_ADD_MEMBERSHIP         = 0x23
+	sysIP_DROP_MEMBERSHIP        = 0x24
+	sysIP_UNBLOCK_SOURCE         = 0x25
+	sysIP_BLOCK_SOURCE           = 0x26
+	sysIP_ADD_SOURCE_MEMBERSHIP  = 0x27
+	sysIP_DROP_SOURCE_MEMBERSHIP = 0x28
+	sysIP_MSFILTER               = 0x29
+	sysMCAST_JOIN_GROUP          = 0x2a
+	sysMCAST_LEAVE_GROUP         = 0x2d
+	sysMCAST_JOIN_SOURCE_GROUP   = 0x2e
+	sysMCAST_LEAVE_SOURCE_GROUP  = 0x2f
+	sysMCAST_BLOCK_SOURCE        = 0x2b
+	sysMCAST_UNBLOCK_SOURCE      = 0x2c
+	sysMCAST_MSFILTER            = 0x30
+	sysIP_MULTICAST_ALL          = 0x31
+
+	sysICMP_FILTER = 0x1
+
+	sysSO_EE_ORIGIN_NONE         = 0x0
+	sysSO_EE_ORIGIN_LOCAL        = 0x1
+	sysSO_EE_ORIGIN_ICMP         = 0x2
+	sysSO_EE_ORIGIN_ICMP6        = 0x3
+	sysSO_EE_ORIGIN_TXSTATUS     = 0x4
+	sysSO_EE_ORIGIN_TIMESTAMPING = 0x4
+
+	sizeofKernelSockaddrStorage = 0x80
+	sizeofSockaddrInet          = 0x10
+	sizeofInetPktinfo           = 0xc
+	sizeofSockExtendedErr       = 0x10
+
+	sizeofIPMreq         = 0x8
+	sizeofIPMreqn        = 0xc
+	sizeofIPMreqSource   = 0xc
+	sizeofGroupReq       = 0x84
+	sizeofGroupSourceReq = 0x104
+
+	sizeofICMPFilter = 0x4
+)
+
+type kernelSockaddrStorage struct {
+	Family  uint16
+	X__data [126]int8
+}
+
+type sockaddrInet struct {
+	Family uint16
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	X__pad [8]uint8
+}
+
+type inetPktinfo struct {
+	Ifindex  int32
+	Spec_dst [4]byte /* in_addr */
+	Addr     [4]byte /* in_addr */
+}
+
+type sockExtendedErr struct {
+	Errno  uint32
+	Origin uint8
+	Type   uint8
+	Code   uint8
+	Pad    uint8
+	Info   uint32
+	Data   uint32
+}
+
+type ipMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
+
+type ipMreqn struct {
+	Multiaddr [4]byte /* in_addr */
+	Address   [4]byte /* in_addr */
+	Ifindex   int32
+}
+
+type ipMreqSource struct {
+	Multiaddr  uint32
+	Interface  uint32
+	Sourceaddr uint32
+}
+
+type groupReq struct {
+	Interface uint32
+	Group     kernelSockaddrStorage
+}
+
+type groupSourceReq struct {
+	Interface uint32
+	Group     kernelSockaddrStorage
+	Source    kernelSockaddrStorage
+}
+
+type icmpFilter struct {
+	Data uint32
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_linux_amd64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_linux_amd64.go
new file mode 100644
index 000000000..a04e78518
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_linux_amd64.go
@@ -0,0 +1,132 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_linux.go
+
+package ipv4
+
+const (
+	sysIP_TOS             = 0x1
+	sysIP_TTL             = 0x2
+	sysIP_HDRINCL         = 0x3
+	sysIP_OPTIONS         = 0x4
+	sysIP_ROUTER_ALERT    = 0x5
+	sysIP_RECVOPTS        = 0x6
+	sysIP_RETOPTS         = 0x7
+	sysIP_PKTINFO         = 0x8
+	sysIP_PKTOPTIONS      = 0x9
+	sysIP_MTU_DISCOVER    = 0xa
+	sysIP_RECVERR         = 0xb
+	sysIP_RECVTTL         = 0xc
+	sysIP_RECVTOS         = 0xd
+	sysIP_MTU             = 0xe
+	sysIP_FREEBIND        = 0xf
+	sysIP_TRANSPARENT     = 0x13
+	sysIP_RECVRETOPTS     = 0x7
+	sysIP_ORIGDSTADDR     = 0x14
+	sysIP_RECVORIGDSTADDR = 0x14
+	sysIP_MINTTL          = 0x15
+	sysIP_NODEFRAG        = 0x16
+	sysIP_UNICAST_IF      = 0x32
+
+	sysIP_MULTICAST_IF           = 0x20
+	sysIP_MULTICAST_TTL          = 0x21
+	sysIP_MULTICAST_LOOP         = 0x22
+	sysIP_ADD_MEMBERSHIP         = 0x23
+	sysIP_DROP_MEMBERSHIP        = 0x24
+	sysIP_UNBLOCK_SOURCE         = 0x25
+	sysIP_BLOCK_SOURCE           = 0x26
+	sysIP_ADD_SOURCE_MEMBERSHIP  = 0x27
+	sysIP_DROP_SOURCE_MEMBERSHIP = 0x28
+	sysIP_MSFILTER               = 0x29
+	sysMCAST_JOIN_GROUP          = 0x2a
+	sysMCAST_LEAVE_GROUP         = 0x2d
+	sysMCAST_JOIN_SOURCE_GROUP   = 0x2e
+	sysMCAST_LEAVE_SOURCE_GROUP  = 0x2f
+	sysMCAST_BLOCK_SOURCE        = 0x2b
+	sysMCAST_UNBLOCK_SOURCE      = 0x2c
+	sysMCAST_MSFILTER            = 0x30
+	sysIP_MULTICAST_ALL          = 0x31
+
+	sysICMP_FILTER = 0x1
+
+	sysSO_EE_ORIGIN_NONE         = 0x0
+	sysSO_EE_ORIGIN_LOCAL        = 0x1
+	sysSO_EE_ORIGIN_ICMP         = 0x2
+	sysSO_EE_ORIGIN_ICMP6        = 0x3
+	sysSO_EE_ORIGIN_TXSTATUS     = 0x4
+	sysSO_EE_ORIGIN_TIMESTAMPING = 0x4
+
+	sizeofKernelSockaddrStorage = 0x80
+	sizeofSockaddrInet          = 0x10
+	sizeofInetPktinfo           = 0xc
+	sizeofSockExtendedErr       = 0x10
+
+	sizeofIPMreq         = 0x8
+	sizeofIPMreqn        = 0xc
+	sizeofIPMreqSource   = 0xc
+	sizeofGroupReq       = 0x88
+	sizeofGroupSourceReq = 0x108
+
+	sizeofICMPFilter = 0x4
+)
+
+type kernelSockaddrStorage struct {
+	Family  uint16
+	X__data [126]int8
+}
+
+type sockaddrInet struct {
+	Family uint16
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	X__pad [8]uint8
+}
+
+type inetPktinfo struct {
+	Ifindex  int32
+	Spec_dst [4]byte /* in_addr */
+	Addr     [4]byte /* in_addr */
+}
+
+type sockExtendedErr struct {
+	Errno  uint32
+	Origin uint8
+	Type   uint8
+	Code   uint8
+	Pad    uint8
+	Info   uint32
+	Data   uint32
+}
+
+type ipMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
+
+type ipMreqn struct {
+	Multiaddr [4]byte /* in_addr */
+	Address   [4]byte /* in_addr */
+	Ifindex   int32
+}
+
+type ipMreqSource struct {
+	Multiaddr  uint32
+	Interface  uint32
+	Sourceaddr uint32
+}
+
+type groupReq struct {
+	Interface uint32
+	Pad_cgo_0 [4]byte
+	Group     kernelSockaddrStorage
+}
+
+type groupSourceReq struct {
+	Interface uint32
+	Pad_cgo_0 [4]byte
+	Group     kernelSockaddrStorage
+	Source    kernelSockaddrStorage
+}
+
+type icmpFilter struct {
+	Data uint32
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_linux_arm.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_linux_arm.go
new file mode 100644
index 000000000..1c7fdfa13
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_linux_arm.go
@@ -0,0 +1,130 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_linux.go
+
+package ipv4
+
+const (
+	sysIP_TOS             = 0x1
+	sysIP_TTL             = 0x2
+	sysIP_HDRINCL         = 0x3
+	sysIP_OPTIONS         = 0x4
+	sysIP_ROUTER_ALERT    = 0x5
+	sysIP_RECVOPTS        = 0x6
+	sysIP_RETOPTS         = 0x7
+	sysIP_PKTINFO         = 0x8
+	sysIP_PKTOPTIONS      = 0x9
+	sysIP_MTU_DISCOVER    = 0xa
+	sysIP_RECVERR         = 0xb
+	sysIP_RECVTTL         = 0xc
+	sysIP_RECVTOS         = 0xd
+	sysIP_MTU             = 0xe
+	sysIP_FREEBIND        = 0xf
+	sysIP_TRANSPARENT     = 0x13
+	sysIP_RECVRETOPTS     = 0x7
+	sysIP_ORIGDSTADDR     = 0x14
+	sysIP_RECVORIGDSTADDR = 0x14
+	sysIP_MINTTL          = 0x15
+	sysIP_NODEFRAG        = 0x16
+	sysIP_UNICAST_IF      = 0x32
+
+	sysIP_MULTICAST_IF           = 0x20
+	sysIP_MULTICAST_TTL          = 0x21
+	sysIP_MULTICAST_LOOP         = 0x22
+	sysIP_ADD_MEMBERSHIP         = 0x23
+	sysIP_DROP_MEMBERSHIP        = 0x24
+	sysIP_UNBLOCK_SOURCE         = 0x25
+	sysIP_BLOCK_SOURCE           = 0x26
+	sysIP_ADD_SOURCE_MEMBERSHIP  = 0x27
+	sysIP_DROP_SOURCE_MEMBERSHIP = 0x28
+	sysIP_MSFILTER               = 0x29
+	sysMCAST_JOIN_GROUP          = 0x2a
+	sysMCAST_LEAVE_GROUP         = 0x2d
+	sysMCAST_JOIN_SOURCE_GROUP   = 0x2e
+	sysMCAST_LEAVE_SOURCE_GROUP  = 0x2f
+	sysMCAST_BLOCK_SOURCE        = 0x2b
+	sysMCAST_UNBLOCK_SOURCE      = 0x2c
+	sysMCAST_MSFILTER            = 0x30
+	sysIP_MULTICAST_ALL          = 0x31
+
+	sysICMP_FILTER = 0x1
+
+	sysSO_EE_ORIGIN_NONE         = 0x0
+	sysSO_EE_ORIGIN_LOCAL        = 0x1
+	sysSO_EE_ORIGIN_ICMP         = 0x2
+	sysSO_EE_ORIGIN_ICMP6        = 0x3
+	sysSO_EE_ORIGIN_TXSTATUS     = 0x4
+	sysSO_EE_ORIGIN_TIMESTAMPING = 0x4
+
+	sizeofKernelSockaddrStorage = 0x80
+	sizeofSockaddrInet          = 0x10
+	sizeofInetPktinfo           = 0xc
+	sizeofSockExtendedErr       = 0x10
+
+	sizeofIPMreq         = 0x8
+	sizeofIPMreqn        = 0xc
+	sizeofIPMreqSource   = 0xc
+	sizeofGroupReq       = 0x84
+	sizeofGroupSourceReq = 0x104
+
+	sizeofICMPFilter = 0x4
+)
+
+type kernelSockaddrStorage struct {
+	Family  uint16
+	X__data [126]int8
+}
+
+type sockaddrInet struct {
+	Family uint16
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	X__pad [8]uint8
+}
+
+type inetPktinfo struct {
+	Ifindex  int32
+	Spec_dst [4]byte /* in_addr */
+	Addr     [4]byte /* in_addr */
+}
+
+type sockExtendedErr struct {
+	Errno  uint32
+	Origin uint8
+	Type   uint8
+	Code   uint8
+	Pad    uint8
+	Info   uint32
+	Data   uint32
+}
+
+type ipMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
+
+type ipMreqn struct {
+	Multiaddr [4]byte /* in_addr */
+	Address   [4]byte /* in_addr */
+	Ifindex   int32
+}
+
+type ipMreqSource struct {
+	Multiaddr  uint32
+	Interface  uint32
+	Sourceaddr uint32
+}
+
+type groupReq struct {
+	Interface uint32
+	Group     kernelSockaddrStorage
+}
+
+type groupSourceReq struct {
+	Interface uint32
+	Group     kernelSockaddrStorage
+	Source    kernelSockaddrStorage
+}
+
+type icmpFilter struct {
+	Data uint32
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_linux_arm64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_linux_arm64.go
new file mode 100644
index 000000000..a04e78518
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_linux_arm64.go
@@ -0,0 +1,132 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_linux.go
+
+package ipv4
+
+const (
+	sysIP_TOS             = 0x1
+	sysIP_TTL             = 0x2
+	sysIP_HDRINCL         = 0x3
+	sysIP_OPTIONS         = 0x4
+	sysIP_ROUTER_ALERT    = 0x5
+	sysIP_RECVOPTS        = 0x6
+	sysIP_RETOPTS         = 0x7
+	sysIP_PKTINFO         = 0x8
+	sysIP_PKTOPTIONS      = 0x9
+	sysIP_MTU_DISCOVER    = 0xa
+	sysIP_RECVERR         = 0xb
+	sysIP_RECVTTL         = 0xc
+	sysIP_RECVTOS         = 0xd
+	sysIP_MTU             = 0xe
+	sysIP_FREEBIND        = 0xf
+	sysIP_TRANSPARENT     = 0x13
+	sysIP_RECVRETOPTS     = 0x7
+	sysIP_ORIGDSTADDR     = 0x14
+	sysIP_RECVORIGDSTADDR = 0x14
+	sysIP_MINTTL          = 0x15
+	sysIP_NODEFRAG        = 0x16
+	sysIP_UNICAST_IF      = 0x32
+
+	sysIP_MULTICAST_IF           = 0x20
+	sysIP_MULTICAST_TTL          = 0x21
+	sysIP_MULTICAST_LOOP         = 0x22
+	sysIP_ADD_MEMBERSHIP         = 0x23
+	sysIP_DROP_MEMBERSHIP        = 0x24
+	sysIP_UNBLOCK_SOURCE         = 0x25
+	sysIP_BLOCK_SOURCE           = 0x26
+	sysIP_ADD_SOURCE_MEMBERSHIP  = 0x27
+	sysIP_DROP_SOURCE_MEMBERSHIP = 0x28
+	sysIP_MSFILTER               = 0x29
+	sysMCAST_JOIN_GROUP          = 0x2a
+	sysMCAST_LEAVE_GROUP         = 0x2d
+	sysMCAST_JOIN_SOURCE_GROUP   = 0x2e
+	sysMCAST_LEAVE_SOURCE_GROUP  = 0x2f
+	sysMCAST_BLOCK_SOURCE        = 0x2b
+	sysMCAST_UNBLOCK_SOURCE      = 0x2c
+	sysMCAST_MSFILTER            = 0x30
+	sysIP_MULTICAST_ALL          = 0x31
+
+	sysICMP_FILTER = 0x1
+
+	sysSO_EE_ORIGIN_NONE         = 0x0
+	sysSO_EE_ORIGIN_LOCAL        = 0x1
+	sysSO_EE_ORIGIN_ICMP         = 0x2
+	sysSO_EE_ORIGIN_ICMP6        = 0x3
+	sysSO_EE_ORIGIN_TXSTATUS     = 0x4
+	sysSO_EE_ORIGIN_TIMESTAMPING = 0x4
+
+	sizeofKernelSockaddrStorage = 0x80
+	sizeofSockaddrInet          = 0x10
+	sizeofInetPktinfo           = 0xc
+	sizeofSockExtendedErr       = 0x10
+
+	sizeofIPMreq         = 0x8
+	sizeofIPMreqn        = 0xc
+	sizeofIPMreqSource   = 0xc
+	sizeofGroupReq       = 0x88
+	sizeofGroupSourceReq = 0x108
+
+	sizeofICMPFilter = 0x4
+)
+
+type kernelSockaddrStorage struct {
+	Family  uint16
+	X__data [126]int8
+}
+
+type sockaddrInet struct {
+	Family uint16
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	X__pad [8]uint8
+}
+
+type inetPktinfo struct {
+	Ifindex  int32
+	Spec_dst [4]byte /* in_addr */
+	Addr     [4]byte /* in_addr */
+}
+
+type sockExtendedErr struct {
+	Errno  uint32
+	Origin uint8
+	Type   uint8
+	Code   uint8
+	Pad    uint8
+	Info   uint32
+	Data   uint32
+}
+
+type ipMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
+
+type ipMreqn struct {
+	Multiaddr [4]byte /* in_addr */
+	Address   [4]byte /* in_addr */
+	Ifindex   int32
+}
+
+type ipMreqSource struct {
+	Multiaddr  uint32
+	Interface  uint32
+	Sourceaddr uint32
+}
+
+type groupReq struct {
+	Interface uint32
+	Pad_cgo_0 [4]byte
+	Group     kernelSockaddrStorage
+}
+
+type groupSourceReq struct {
+	Interface uint32
+	Pad_cgo_0 [4]byte
+	Group     kernelSockaddrStorage
+	Source    kernelSockaddrStorage
+}
+
+type icmpFilter struct {
+	Data uint32
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_linux_mips.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_linux_mips.go
new file mode 100644
index 000000000..1c7fdfa13
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_linux_mips.go
@@ -0,0 +1,130 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_linux.go
+
+package ipv4
+
+const (
+	sysIP_TOS             = 0x1
+	sysIP_TTL             = 0x2
+	sysIP_HDRINCL         = 0x3
+	sysIP_OPTIONS         = 0x4
+	sysIP_ROUTER_ALERT    = 0x5
+	sysIP_RECVOPTS        = 0x6
+	sysIP_RETOPTS         = 0x7
+	sysIP_PKTINFO         = 0x8
+	sysIP_PKTOPTIONS      = 0x9
+	sysIP_MTU_DISCOVER    = 0xa
+	sysIP_RECVERR         = 0xb
+	sysIP_RECVTTL         = 0xc
+	sysIP_RECVTOS         = 0xd
+	sysIP_MTU             = 0xe
+	sysIP_FREEBIND        = 0xf
+	sysIP_TRANSPARENT     = 0x13
+	sysIP_RECVRETOPTS     = 0x7
+	sysIP_ORIGDSTADDR     = 0x14
+	sysIP_RECVORIGDSTADDR = 0x14
+	sysIP_MINTTL          = 0x15
+	sysIP_NODEFRAG        = 0x16
+	sysIP_UNICAST_IF      = 0x32
+
+	sysIP_MULTICAST_IF           = 0x20
+	sysIP_MULTICAST_TTL          = 0x21
+	sysIP_MULTICAST_LOOP         = 0x22
+	sysIP_ADD_MEMBERSHIP         = 0x23
+	sysIP_DROP_MEMBERSHIP        = 0x24
+	sysIP_UNBLOCK_SOURCE         = 0x25
+	sysIP_BLOCK_SOURCE           = 0x26
+	sysIP_ADD_SOURCE_MEMBERSHIP  = 0x27
+	sysIP_DROP_SOURCE_MEMBERSHIP = 0x28
+	sysIP_MSFILTER               = 0x29
+	sysMCAST_JOIN_GROUP          = 0x2a
+	sysMCAST_LEAVE_GROUP         = 0x2d
+	sysMCAST_JOIN_SOURCE_GROUP   = 0x2e
+	sysMCAST_LEAVE_SOURCE_GROUP  = 0x2f
+	sysMCAST_BLOCK_SOURCE        = 0x2b
+	sysMCAST_UNBLOCK_SOURCE      = 0x2c
+	sysMCAST_MSFILTER            = 0x30
+	sysIP_MULTICAST_ALL          = 0x31
+
+	sysICMP_FILTER = 0x1
+
+	sysSO_EE_ORIGIN_NONE         = 0x0
+	sysSO_EE_ORIGIN_LOCAL        = 0x1
+	sysSO_EE_ORIGIN_ICMP         = 0x2
+	sysSO_EE_ORIGIN_ICMP6        = 0x3
+	sysSO_EE_ORIGIN_TXSTATUS     = 0x4
+	sysSO_EE_ORIGIN_TIMESTAMPING = 0x4
+
+	sizeofKernelSockaddrStorage = 0x80
+	sizeofSockaddrInet          = 0x10
+	sizeofInetPktinfo           = 0xc
+	sizeofSockExtendedErr       = 0x10
+
+	sizeofIPMreq         = 0x8
+	sizeofIPMreqn        = 0xc
+	sizeofIPMreqSource   = 0xc
+	sizeofGroupReq       = 0x84
+	sizeofGroupSourceReq = 0x104
+
+	sizeofICMPFilter = 0x4
+)
+
+type kernelSockaddrStorage struct {
+	Family  uint16
+	X__data [126]int8
+}
+
+type sockaddrInet struct {
+	Family uint16
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	X__pad [8]uint8
+}
+
+type inetPktinfo struct {
+	Ifindex  int32
+	Spec_dst [4]byte /* in_addr */
+	Addr     [4]byte /* in_addr */
+}
+
+type sockExtendedErr struct {
+	Errno  uint32
+	Origin uint8
+	Type   uint8
+	Code   uint8
+	Pad    uint8
+	Info   uint32
+	Data   uint32
+}
+
+type ipMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
+
+type ipMreqn struct {
+	Multiaddr [4]byte /* in_addr */
+	Address   [4]byte /* in_addr */
+	Ifindex   int32
+}
+
+type ipMreqSource struct {
+	Multiaddr  uint32
+	Interface  uint32
+	Sourceaddr uint32
+}
+
+type groupReq struct {
+	Interface uint32
+	Group     kernelSockaddrStorage
+}
+
+type groupSourceReq struct {
+	Interface uint32
+	Group     kernelSockaddrStorage
+	Source    kernelSockaddrStorage
+}
+
+type icmpFilter struct {
+	Data uint32
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_linux_mips64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_linux_mips64.go
new file mode 100644
index 000000000..a04e78518
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_linux_mips64.go
@@ -0,0 +1,132 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_linux.go
+
+package ipv4
+
+const (
+	sysIP_TOS             = 0x1
+	sysIP_TTL             = 0x2
+	sysIP_HDRINCL         = 0x3
+	sysIP_OPTIONS         = 0x4
+	sysIP_ROUTER_ALERT    = 0x5
+	sysIP_RECVOPTS        = 0x6
+	sysIP_RETOPTS         = 0x7
+	sysIP_PKTINFO         = 0x8
+	sysIP_PKTOPTIONS      = 0x9
+	sysIP_MTU_DISCOVER    = 0xa
+	sysIP_RECVERR         = 0xb
+	sysIP_RECVTTL         = 0xc
+	sysIP_RECVTOS         = 0xd
+	sysIP_MTU             = 0xe
+	sysIP_FREEBIND        = 0xf
+	sysIP_TRANSPARENT     = 0x13
+	sysIP_RECVRETOPTS     = 0x7
+	sysIP_ORIGDSTADDR     = 0x14
+	sysIP_RECVORIGDSTADDR = 0x14
+	sysIP_MINTTL          = 0x15
+	sysIP_NODEFRAG        = 0x16
+	sysIP_UNICAST_IF      = 0x32
+
+	sysIP_MULTICAST_IF           = 0x20
+	sysIP_MULTICAST_TTL          = 0x21
+	sysIP_MULTICAST_LOOP         = 0x22
+	sysIP_ADD_MEMBERSHIP         = 0x23
+	sysIP_DROP_MEMBERSHIP        = 0x24
+	sysIP_UNBLOCK_SOURCE         = 0x25
+	sysIP_BLOCK_SOURCE           = 0x26
+	sysIP_ADD_SOURCE_MEMBERSHIP  = 0x27
+	sysIP_DROP_SOURCE_MEMBERSHIP = 0x28
+	sysIP_MSFILTER               = 0x29
+	sysMCAST_JOIN_GROUP          = 0x2a
+	sysMCAST_LEAVE_GROUP         = 0x2d
+	sysMCAST_JOIN_SOURCE_GROUP   = 0x2e
+	sysMCAST_LEAVE_SOURCE_GROUP  = 0x2f
+	sysMCAST_BLOCK_SOURCE        = 0x2b
+	sysMCAST_UNBLOCK_SOURCE      = 0x2c
+	sysMCAST_MSFILTER            = 0x30
+	sysIP_MULTICAST_ALL          = 0x31
+
+	sysICMP_FILTER = 0x1
+
+	sysSO_EE_ORIGIN_NONE         = 0x0
+	sysSO_EE_ORIGIN_LOCAL        = 0x1
+	sysSO_EE_ORIGIN_ICMP         = 0x2
+	sysSO_EE_ORIGIN_ICMP6        = 0x3
+	sysSO_EE_ORIGIN_TXSTATUS     = 0x4
+	sysSO_EE_ORIGIN_TIMESTAMPING = 0x4
+
+	sizeofKernelSockaddrStorage = 0x80
+	sizeofSockaddrInet          = 0x10
+	sizeofInetPktinfo           = 0xc
+	sizeofSockExtendedErr       = 0x10
+
+	sizeofIPMreq         = 0x8
+	sizeofIPMreqn        = 0xc
+	sizeofIPMreqSource   = 0xc
+	sizeofGroupReq       = 0x88
+	sizeofGroupSourceReq = 0x108
+
+	sizeofICMPFilter = 0x4
+)
+
+type kernelSockaddrStorage struct {
+	Family  uint16
+	X__data [126]int8
+}
+
+type sockaddrInet struct {
+	Family uint16
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	X__pad [8]uint8
+}
+
+type inetPktinfo struct {
+	Ifindex  int32
+	Spec_dst [4]byte /* in_addr */
+	Addr     [4]byte /* in_addr */
+}
+
+type sockExtendedErr struct {
+	Errno  uint32
+	Origin uint8
+	Type   uint8
+	Code   uint8
+	Pad    uint8
+	Info   uint32
+	Data   uint32
+}
+
+type ipMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
+
+type ipMreqn struct {
+	Multiaddr [4]byte /* in_addr */
+	Address   [4]byte /* in_addr */
+	Ifindex   int32
+}
+
+type ipMreqSource struct {
+	Multiaddr  uint32
+	Interface  uint32
+	Sourceaddr uint32
+}
+
+type groupReq struct {
+	Interface uint32
+	Pad_cgo_0 [4]byte
+	Group     kernelSockaddrStorage
+}
+
+type groupSourceReq struct {
+	Interface uint32
+	Pad_cgo_0 [4]byte
+	Group     kernelSockaddrStorage
+	Source    kernelSockaddrStorage
+}
+
+type icmpFilter struct {
+	Data uint32
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_linux_mips64le.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_linux_mips64le.go
new file mode 100644
index 000000000..a04e78518
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_linux_mips64le.go
@@ -0,0 +1,132 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_linux.go
+
+package ipv4
+
+const (
+	sysIP_TOS             = 0x1
+	sysIP_TTL             = 0x2
+	sysIP_HDRINCL         = 0x3
+	sysIP_OPTIONS         = 0x4
+	sysIP_ROUTER_ALERT    = 0x5
+	sysIP_RECVOPTS        = 0x6
+	sysIP_RETOPTS         = 0x7
+	sysIP_PKTINFO         = 0x8
+	sysIP_PKTOPTIONS      = 0x9
+	sysIP_MTU_DISCOVER    = 0xa
+	sysIP_RECVERR         = 0xb
+	sysIP_RECVTTL         = 0xc
+	sysIP_RECVTOS         = 0xd
+	sysIP_MTU             = 0xe
+	sysIP_FREEBIND        = 0xf
+	sysIP_TRANSPARENT     = 0x13
+	sysIP_RECVRETOPTS     = 0x7
+	sysIP_ORIGDSTADDR     = 0x14
+	sysIP_RECVORIGDSTADDR = 0x14
+	sysIP_MINTTL          = 0x15
+	sysIP_NODEFRAG        = 0x16
+	sysIP_UNICAST_IF      = 0x32
+
+	sysIP_MULTICAST_IF           = 0x20
+	sysIP_MULTICAST_TTL          = 0x21
+	sysIP_MULTICAST_LOOP         = 0x22
+	sysIP_ADD_MEMBERSHIP         = 0x23
+	sysIP_DROP_MEMBERSHIP        = 0x24
+	sysIP_UNBLOCK_SOURCE         = 0x25
+	sysIP_BLOCK_SOURCE           = 0x26
+	sysIP_ADD_SOURCE_MEMBERSHIP  = 0x27
+	sysIP_DROP_SOURCE_MEMBERSHIP = 0x28
+	sysIP_MSFILTER               = 0x29
+	sysMCAST_JOIN_GROUP          = 0x2a
+	sysMCAST_LEAVE_GROUP         = 0x2d
+	sysMCAST_JOIN_SOURCE_GROUP   = 0x2e
+	sysMCAST_LEAVE_SOURCE_GROUP  = 0x2f
+	sysMCAST_BLOCK_SOURCE        = 0x2b
+	sysMCAST_UNBLOCK_SOURCE      = 0x2c
+	sysMCAST_MSFILTER            = 0x30
+	sysIP_MULTICAST_ALL          = 0x31
+
+	sysICMP_FILTER = 0x1
+
+	sysSO_EE_ORIGIN_NONE         = 0x0
+	sysSO_EE_ORIGIN_LOCAL        = 0x1
+	sysSO_EE_ORIGIN_ICMP         = 0x2
+	sysSO_EE_ORIGIN_ICMP6        = 0x3
+	sysSO_EE_ORIGIN_TXSTATUS     = 0x4
+	sysSO_EE_ORIGIN_TIMESTAMPING = 0x4
+
+	sizeofKernelSockaddrStorage = 0x80
+	sizeofSockaddrInet          = 0x10
+	sizeofInetPktinfo           = 0xc
+	sizeofSockExtendedErr       = 0x10
+
+	sizeofIPMreq         = 0x8
+	sizeofIPMreqn        = 0xc
+	sizeofIPMreqSource   = 0xc
+	sizeofGroupReq       = 0x88
+	sizeofGroupSourceReq = 0x108
+
+	sizeofICMPFilter = 0x4
+)
+
+type kernelSockaddrStorage struct {
+	Family  uint16
+	X__data [126]int8
+}
+
+type sockaddrInet struct {
+	Family uint16
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	X__pad [8]uint8
+}
+
+type inetPktinfo struct {
+	Ifindex  int32
+	Spec_dst [4]byte /* in_addr */
+	Addr     [4]byte /* in_addr */
+}
+
+type sockExtendedErr struct {
+	Errno  uint32
+	Origin uint8
+	Type   uint8
+	Code   uint8
+	Pad    uint8
+	Info   uint32
+	Data   uint32
+}
+
+type ipMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
+
+type ipMreqn struct {
+	Multiaddr [4]byte /* in_addr */
+	Address   [4]byte /* in_addr */
+	Ifindex   int32
+}
+
+type ipMreqSource struct {
+	Multiaddr  uint32
+	Interface  uint32
+	Sourceaddr uint32
+}
+
+type groupReq struct {
+	Interface uint32
+	Pad_cgo_0 [4]byte
+	Group     kernelSockaddrStorage
+}
+
+type groupSourceReq struct {
+	Interface uint32
+	Pad_cgo_0 [4]byte
+	Group     kernelSockaddrStorage
+	Source    kernelSockaddrStorage
+}
+
+type icmpFilter struct {
+	Data uint32
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_linux_mipsle.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_linux_mipsle.go
new file mode 100644
index 000000000..1c7fdfa13
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_linux_mipsle.go
@@ -0,0 +1,130 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_linux.go
+
+package ipv4
+
+const (
+	sysIP_TOS             = 0x1
+	sysIP_TTL             = 0x2
+	sysIP_HDRINCL         = 0x3
+	sysIP_OPTIONS         = 0x4
+	sysIP_ROUTER_ALERT    = 0x5
+	sysIP_RECVOPTS        = 0x6
+	sysIP_RETOPTS         = 0x7
+	sysIP_PKTINFO         = 0x8
+	sysIP_PKTOPTIONS      = 0x9
+	sysIP_MTU_DISCOVER    = 0xa
+	sysIP_RECVERR         = 0xb
+	sysIP_RECVTTL         = 0xc
+	sysIP_RECVTOS         = 0xd
+	sysIP_MTU             = 0xe
+	sysIP_FREEBIND        = 0xf
+	sysIP_TRANSPARENT     = 0x13
+	sysIP_RECVRETOPTS     = 0x7
+	sysIP_ORIGDSTADDR     = 0x14
+	sysIP_RECVORIGDSTADDR = 0x14
+	sysIP_MINTTL          = 0x15
+	sysIP_NODEFRAG        = 0x16
+	sysIP_UNICAST_IF      = 0x32
+
+	sysIP_MULTICAST_IF           = 0x20
+	sysIP_MULTICAST_TTL          = 0x21
+	sysIP_MULTICAST_LOOP         = 0x22
+	sysIP_ADD_MEMBERSHIP         = 0x23
+	sysIP_DROP_MEMBERSHIP        = 0x24
+	sysIP_UNBLOCK_SOURCE         = 0x25
+	sysIP_BLOCK_SOURCE           = 0x26
+	sysIP_ADD_SOURCE_MEMBERSHIP  = 0x27
+	sysIP_DROP_SOURCE_MEMBERSHIP = 0x28
+	sysIP_MSFILTER               = 0x29
+	sysMCAST_JOIN_GROUP          = 0x2a
+	sysMCAST_LEAVE_GROUP         = 0x2d
+	sysMCAST_JOIN_SOURCE_GROUP   = 0x2e
+	sysMCAST_LEAVE_SOURCE_GROUP  = 0x2f
+	sysMCAST_BLOCK_SOURCE        = 0x2b
+	sysMCAST_UNBLOCK_SOURCE      = 0x2c
+	sysMCAST_MSFILTER            = 0x30
+	sysIP_MULTICAST_ALL          = 0x31
+
+	sysICMP_FILTER = 0x1
+
+	sysSO_EE_ORIGIN_NONE         = 0x0
+	sysSO_EE_ORIGIN_LOCAL        = 0x1
+	sysSO_EE_ORIGIN_ICMP         = 0x2
+	sysSO_EE_ORIGIN_ICMP6        = 0x3
+	sysSO_EE_ORIGIN_TXSTATUS     = 0x4
+	sysSO_EE_ORIGIN_TIMESTAMPING = 0x4
+
+	sizeofKernelSockaddrStorage = 0x80
+	sizeofSockaddrInet          = 0x10
+	sizeofInetPktinfo           = 0xc
+	sizeofSockExtendedErr       = 0x10
+
+	sizeofIPMreq         = 0x8
+	sizeofIPMreqn        = 0xc
+	sizeofIPMreqSource   = 0xc
+	sizeofGroupReq       = 0x84
+	sizeofGroupSourceReq = 0x104
+
+	sizeofICMPFilter = 0x4
+)
+
+type kernelSockaddrStorage struct {
+	Family  uint16
+	X__data [126]int8
+}
+
+type sockaddrInet struct {
+	Family uint16
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	X__pad [8]uint8
+}
+
+type inetPktinfo struct {
+	Ifindex  int32
+	Spec_dst [4]byte /* in_addr */
+	Addr     [4]byte /* in_addr */
+}
+
+type sockExtendedErr struct {
+	Errno  uint32
+	Origin uint8
+	Type   uint8
+	Code   uint8
+	Pad    uint8
+	Info   uint32
+	Data   uint32
+}
+
+type ipMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
+
+type ipMreqn struct {
+	Multiaddr [4]byte /* in_addr */
+	Address   [4]byte /* in_addr */
+	Ifindex   int32
+}
+
+type ipMreqSource struct {
+	Multiaddr  uint32
+	Interface  uint32
+	Sourceaddr uint32
+}
+
+type groupReq struct {
+	Interface uint32
+	Group     kernelSockaddrStorage
+}
+
+type groupSourceReq struct {
+	Interface uint32
+	Group     kernelSockaddrStorage
+	Source    kernelSockaddrStorage
+}
+
+type icmpFilter struct {
+	Data uint32
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_linux_ppc.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_linux_ppc.go
new file mode 100644
index 000000000..3c5ea5473
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_linux_ppc.go
@@ -0,0 +1,130 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_linux.go
+
+package ipv4
+
+const (
+	sysIP_TOS             = 0x1
+	sysIP_TTL             = 0x2
+	sysIP_HDRINCL         = 0x3
+	sysIP_OPTIONS         = 0x4
+	sysIP_ROUTER_ALERT    = 0x5
+	sysIP_RECVOPTS        = 0x6
+	sysIP_RETOPTS         = 0x7
+	sysIP_PKTINFO         = 0x8
+	sysIP_PKTOPTIONS      = 0x9
+	sysIP_MTU_DISCOVER    = 0xa
+	sysIP_RECVERR         = 0xb
+	sysIP_RECVTTL         = 0xc
+	sysIP_RECVTOS         = 0xd
+	sysIP_MTU             = 0xe
+	sysIP_FREEBIND        = 0xf
+	sysIP_TRANSPARENT     = 0x13
+	sysIP_RECVRETOPTS     = 0x7
+	sysIP_ORIGDSTADDR     = 0x14
+	sysIP_RECVORIGDSTADDR = 0x14
+	sysIP_MINTTL          = 0x15
+	sysIP_NODEFRAG        = 0x16
+	sysIP_UNICAST_IF      = 0x32
+
+	sysIP_MULTICAST_IF           = 0x20
+	sysIP_MULTICAST_TTL          = 0x21
+	sysIP_MULTICAST_LOOP         = 0x22
+	sysIP_ADD_MEMBERSHIP         = 0x23
+	sysIP_DROP_MEMBERSHIP        = 0x24
+	sysIP_UNBLOCK_SOURCE         = 0x25
+	sysIP_BLOCK_SOURCE           = 0x26
+	sysIP_ADD_SOURCE_MEMBERSHIP  = 0x27
+	sysIP_DROP_SOURCE_MEMBERSHIP = 0x28
+	sysIP_MSFILTER               = 0x29
+	sysMCAST_JOIN_GROUP          = 0x2a
+	sysMCAST_LEAVE_GROUP         = 0x2d
+	sysMCAST_JOIN_SOURCE_GROUP   = 0x2e
+	sysMCAST_LEAVE_SOURCE_GROUP  = 0x2f
+	sysMCAST_BLOCK_SOURCE        = 0x2b
+	sysMCAST_UNBLOCK_SOURCE      = 0x2c
+	sysMCAST_MSFILTER            = 0x30
+	sysIP_MULTICAST_ALL          = 0x31
+
+	sysICMP_FILTER = 0x1
+
+	sysSO_EE_ORIGIN_NONE         = 0x0
+	sysSO_EE_ORIGIN_LOCAL        = 0x1
+	sysSO_EE_ORIGIN_ICMP         = 0x2
+	sysSO_EE_ORIGIN_ICMP6        = 0x3
+	sysSO_EE_ORIGIN_TXSTATUS     = 0x4
+	sysSO_EE_ORIGIN_TIMESTAMPING = 0x4
+
+	sizeofKernelSockaddrStorage = 0x80
+	sizeofSockaddrInet          = 0x10
+	sizeofInetPktinfo           = 0xc
+	sizeofSockExtendedErr       = 0x10
+
+	sizeofIPMreq         = 0x8
+	sizeofIPMreqn        = 0xc
+	sizeofIPMreqSource   = 0xc
+	sizeofGroupReq       = 0x84
+	sizeofGroupSourceReq = 0x104
+
+	sizeofICMPFilter = 0x4
+)
+
+type kernelSockaddrStorage struct {
+	Family  uint16
+	X__data [126]uint8
+}
+
+type sockaddrInet struct {
+	Family uint16
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	X__pad [8]uint8
+}
+
+type inetPktinfo struct {
+	Ifindex  int32
+	Spec_dst [4]byte /* in_addr */
+	Addr     [4]byte /* in_addr */
+}
+
+type sockExtendedErr struct {
+	Errno  uint32
+	Origin uint8
+	Type   uint8
+	Code   uint8
+	Pad    uint8
+	Info   uint32
+	Data   uint32
+}
+
+type ipMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
+
+type ipMreqn struct {
+	Multiaddr [4]byte /* in_addr */
+	Address   [4]byte /* in_addr */
+	Ifindex   int32
+}
+
+type ipMreqSource struct {
+	Multiaddr  uint32
+	Interface  uint32
+	Sourceaddr uint32
+}
+
+type groupReq struct {
+	Interface uint32
+	Group     kernelSockaddrStorage
+}
+
+type groupSourceReq struct {
+	Interface uint32
+	Group     kernelSockaddrStorage
+	Source    kernelSockaddrStorage
+}
+
+type icmpFilter struct {
+	Data uint32
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_linux_ppc64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_linux_ppc64.go
new file mode 100644
index 000000000..a04e78518
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_linux_ppc64.go
@@ -0,0 +1,132 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_linux.go
+
+package ipv4
+
+const (
+	sysIP_TOS             = 0x1
+	sysIP_TTL             = 0x2
+	sysIP_HDRINCL         = 0x3
+	sysIP_OPTIONS         = 0x4
+	sysIP_ROUTER_ALERT    = 0x5
+	sysIP_RECVOPTS        = 0x6
+	sysIP_RETOPTS         = 0x7
+	sysIP_PKTINFO         = 0x8
+	sysIP_PKTOPTIONS      = 0x9
+	sysIP_MTU_DISCOVER    = 0xa
+	sysIP_RECVERR         = 0xb
+	sysIP_RECVTTL         = 0xc
+	sysIP_RECVTOS         = 0xd
+	sysIP_MTU             = 0xe
+	sysIP_FREEBIND        = 0xf
+	sysIP_TRANSPARENT     = 0x13
+	sysIP_RECVRETOPTS     = 0x7
+	sysIP_ORIGDSTADDR     = 0x14
+	sysIP_RECVORIGDSTADDR = 0x14
+	sysIP_MINTTL          = 0x15
+	sysIP_NODEFRAG        = 0x16
+	sysIP_UNICAST_IF      = 0x32
+
+	sysIP_MULTICAST_IF           = 0x20
+	sysIP_MULTICAST_TTL          = 0x21
+	sysIP_MULTICAST_LOOP         = 0x22
+	sysIP_ADD_MEMBERSHIP         = 0x23
+	sysIP_DROP_MEMBERSHIP        = 0x24
+	sysIP_UNBLOCK_SOURCE         = 0x25
+	sysIP_BLOCK_SOURCE           = 0x26
+	sysIP_ADD_SOURCE_MEMBERSHIP  = 0x27
+	sysIP_DROP_SOURCE_MEMBERSHIP = 0x28
+	sysIP_MSFILTER               = 0x29
+	sysMCAST_JOIN_GROUP          = 0x2a
+	sysMCAST_LEAVE_GROUP         = 0x2d
+	sysMCAST_JOIN_SOURCE_GROUP   = 0x2e
+	sysMCAST_LEAVE_SOURCE_GROUP  = 0x2f
+	sysMCAST_BLOCK_SOURCE        = 0x2b
+	sysMCAST_UNBLOCK_SOURCE      = 0x2c
+	sysMCAST_MSFILTER            = 0x30
+	sysIP_MULTICAST_ALL          = 0x31
+
+	sysICMP_FILTER = 0x1
+
+	sysSO_EE_ORIGIN_NONE         = 0x0
+	sysSO_EE_ORIGIN_LOCAL        = 0x1
+	sysSO_EE_ORIGIN_ICMP         = 0x2
+	sysSO_EE_ORIGIN_ICMP6        = 0x3
+	sysSO_EE_ORIGIN_TXSTATUS     = 0x4
+	sysSO_EE_ORIGIN_TIMESTAMPING = 0x4
+
+	sizeofKernelSockaddrStorage = 0x80
+	sizeofSockaddrInet          = 0x10
+	sizeofInetPktinfo           = 0xc
+	sizeofSockExtendedErr       = 0x10
+
+	sizeofIPMreq         = 0x8
+	sizeofIPMreqn        = 0xc
+	sizeofIPMreqSource   = 0xc
+	sizeofGroupReq       = 0x88
+	sizeofGroupSourceReq = 0x108
+
+	sizeofICMPFilter = 0x4
+)
+
+type kernelSockaddrStorage struct {
+	Family  uint16
+	X__data [126]int8
+}
+
+type sockaddrInet struct {
+	Family uint16
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	X__pad [8]uint8
+}
+
+type inetPktinfo struct {
+	Ifindex  int32
+	Spec_dst [4]byte /* in_addr */
+	Addr     [4]byte /* in_addr */
+}
+
+type sockExtendedErr struct {
+	Errno  uint32
+	Origin uint8
+	Type   uint8
+	Code   uint8
+	Pad    uint8
+	Info   uint32
+	Data   uint32
+}
+
+type ipMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
+
+type ipMreqn struct {
+	Multiaddr [4]byte /* in_addr */
+	Address   [4]byte /* in_addr */
+	Ifindex   int32
+}
+
+type ipMreqSource struct {
+	Multiaddr  uint32
+	Interface  uint32
+	Sourceaddr uint32
+}
+
+type groupReq struct {
+	Interface uint32
+	Pad_cgo_0 [4]byte
+	Group     kernelSockaddrStorage
+}
+
+type groupSourceReq struct {
+	Interface uint32
+	Pad_cgo_0 [4]byte
+	Group     kernelSockaddrStorage
+	Source    kernelSockaddrStorage
+}
+
+type icmpFilter struct {
+	Data uint32
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_linux_ppc64le.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_linux_ppc64le.go
new file mode 100644
index 000000000..a04e78518
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_linux_ppc64le.go
@@ -0,0 +1,132 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_linux.go
+
+package ipv4
+
+const (
+	sysIP_TOS             = 0x1
+	sysIP_TTL             = 0x2
+	sysIP_HDRINCL         = 0x3
+	sysIP_OPTIONS         = 0x4
+	sysIP_ROUTER_ALERT    = 0x5
+	sysIP_RECVOPTS        = 0x6
+	sysIP_RETOPTS         = 0x7
+	sysIP_PKTINFO         = 0x8
+	sysIP_PKTOPTIONS      = 0x9
+	sysIP_MTU_DISCOVER    = 0xa
+	sysIP_RECVERR         = 0xb
+	sysIP_RECVTTL         = 0xc
+	sysIP_RECVTOS         = 0xd
+	sysIP_MTU             = 0xe
+	sysIP_FREEBIND        = 0xf
+	sysIP_TRANSPARENT     = 0x13
+	sysIP_RECVRETOPTS     = 0x7
+	sysIP_ORIGDSTADDR     = 0x14
+	sysIP_RECVORIGDSTADDR = 0x14
+	sysIP_MINTTL          = 0x15
+	sysIP_NODEFRAG        = 0x16
+	sysIP_UNICAST_IF      = 0x32
+
+	sysIP_MULTICAST_IF           = 0x20
+	sysIP_MULTICAST_TTL          = 0x21
+	sysIP_MULTICAST_LOOP         = 0x22
+	sysIP_ADD_MEMBERSHIP         = 0x23
+	sysIP_DROP_MEMBERSHIP        = 0x24
+	sysIP_UNBLOCK_SOURCE         = 0x25
+	sysIP_BLOCK_SOURCE           = 0x26
+	sysIP_ADD_SOURCE_MEMBERSHIP  = 0x27
+	sysIP_DROP_SOURCE_MEMBERSHIP = 0x28
+	sysIP_MSFILTER               = 0x29
+	sysMCAST_JOIN_GROUP          = 0x2a
+	sysMCAST_LEAVE_GROUP         = 0x2d
+	sysMCAST_JOIN_SOURCE_GROUP   = 0x2e
+	sysMCAST_LEAVE_SOURCE_GROUP  = 0x2f
+	sysMCAST_BLOCK_SOURCE        = 0x2b
+	sysMCAST_UNBLOCK_SOURCE      = 0x2c
+	sysMCAST_MSFILTER            = 0x30
+	sysIP_MULTICAST_ALL          = 0x31
+
+	sysICMP_FILTER = 0x1
+
+	sysSO_EE_ORIGIN_NONE         = 0x0
+	sysSO_EE_ORIGIN_LOCAL        = 0x1
+	sysSO_EE_ORIGIN_ICMP         = 0x2
+	sysSO_EE_ORIGIN_ICMP6        = 0x3
+	sysSO_EE_ORIGIN_TXSTATUS     = 0x4
+	sysSO_EE_ORIGIN_TIMESTAMPING = 0x4
+
+	sizeofKernelSockaddrStorage = 0x80
+	sizeofSockaddrInet          = 0x10
+	sizeofInetPktinfo           = 0xc
+	sizeofSockExtendedErr       = 0x10
+
+	sizeofIPMreq         = 0x8
+	sizeofIPMreqn        = 0xc
+	sizeofIPMreqSource   = 0xc
+	sizeofGroupReq       = 0x88
+	sizeofGroupSourceReq = 0x108
+
+	sizeofICMPFilter = 0x4
+)
+
+type kernelSockaddrStorage struct {
+	Family  uint16
+	X__data [126]int8
+}
+
+type sockaddrInet struct {
+	Family uint16
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	X__pad [8]uint8
+}
+
+type inetPktinfo struct {
+	Ifindex  int32
+	Spec_dst [4]byte /* in_addr */
+	Addr     [4]byte /* in_addr */
+}
+
+type sockExtendedErr struct {
+	Errno  uint32
+	Origin uint8
+	Type   uint8
+	Code   uint8
+	Pad    uint8
+	Info   uint32
+	Data   uint32
+}
+
+type ipMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
+
+type ipMreqn struct {
+	Multiaddr [4]byte /* in_addr */
+	Address   [4]byte /* in_addr */
+	Ifindex   int32
+}
+
+type ipMreqSource struct {
+	Multiaddr  uint32
+	Interface  uint32
+	Sourceaddr uint32
+}
+
+type groupReq struct {
+	Interface uint32
+	Pad_cgo_0 [4]byte
+	Group     kernelSockaddrStorage
+}
+
+type groupSourceReq struct {
+	Interface uint32
+	Pad_cgo_0 [4]byte
+	Group     kernelSockaddrStorage
+	Source    kernelSockaddrStorage
+}
+
+type icmpFilter struct {
+	Data uint32
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_linux_riscv64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_linux_riscv64.go
new file mode 100644
index 000000000..e626134a8
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_linux_riscv64.go
@@ -0,0 +1,134 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_linux.go
+
+// +build riscv64
+
+package ipv4
+
+const (
+	sysIP_TOS             = 0x1
+	sysIP_TTL             = 0x2
+	sysIP_HDRINCL         = 0x3
+	sysIP_OPTIONS         = 0x4
+	sysIP_ROUTER_ALERT    = 0x5
+	sysIP_RECVOPTS        = 0x6
+	sysIP_RETOPTS         = 0x7
+	sysIP_PKTINFO         = 0x8
+	sysIP_PKTOPTIONS      = 0x9
+	sysIP_MTU_DISCOVER    = 0xa
+	sysIP_RECVERR         = 0xb
+	sysIP_RECVTTL         = 0xc
+	sysIP_RECVTOS         = 0xd
+	sysIP_MTU             = 0xe
+	sysIP_FREEBIND        = 0xf
+	sysIP_TRANSPARENT     = 0x13
+	sysIP_RECVRETOPTS     = 0x7
+	sysIP_ORIGDSTADDR     = 0x14
+	sysIP_RECVORIGDSTADDR = 0x14
+	sysIP_MINTTL          = 0x15
+	sysIP_NODEFRAG        = 0x16
+	sysIP_UNICAST_IF      = 0x32
+
+	sysIP_MULTICAST_IF           = 0x20
+	sysIP_MULTICAST_TTL          = 0x21
+	sysIP_MULTICAST_LOOP         = 0x22
+	sysIP_ADD_MEMBERSHIP         = 0x23
+	sysIP_DROP_MEMBERSHIP        = 0x24
+	sysIP_UNBLOCK_SOURCE         = 0x25
+	sysIP_BLOCK_SOURCE           = 0x26
+	sysIP_ADD_SOURCE_MEMBERSHIP  = 0x27
+	sysIP_DROP_SOURCE_MEMBERSHIP = 0x28
+	sysIP_MSFILTER               = 0x29
+	sysMCAST_JOIN_GROUP          = 0x2a
+	sysMCAST_LEAVE_GROUP         = 0x2d
+	sysMCAST_JOIN_SOURCE_GROUP   = 0x2e
+	sysMCAST_LEAVE_SOURCE_GROUP  = 0x2f
+	sysMCAST_BLOCK_SOURCE        = 0x2b
+	sysMCAST_UNBLOCK_SOURCE      = 0x2c
+	sysMCAST_MSFILTER            = 0x30
+	sysIP_MULTICAST_ALL          = 0x31
+
+	sysICMP_FILTER = 0x1
+
+	sysSO_EE_ORIGIN_NONE         = 0x0
+	sysSO_EE_ORIGIN_LOCAL        = 0x1
+	sysSO_EE_ORIGIN_ICMP         = 0x2
+	sysSO_EE_ORIGIN_ICMP6        = 0x3
+	sysSO_EE_ORIGIN_TXSTATUS     = 0x4
+	sysSO_EE_ORIGIN_TIMESTAMPING = 0x4
+
+	sizeofKernelSockaddrStorage = 0x80
+	sizeofSockaddrInet          = 0x10
+	sizeofInetPktinfo           = 0xc
+	sizeofSockExtendedErr       = 0x10
+
+	sizeofIPMreq         = 0x8
+	sizeofIPMreqn        = 0xc
+	sizeofIPMreqSource   = 0xc
+	sizeofGroupReq       = 0x88
+	sizeofGroupSourceReq = 0x108
+
+	sizeofICMPFilter = 0x4
+)
+
+type kernelSockaddrStorage struct {
+	Family  uint16
+	X__data [126]int8
+}
+
+type sockaddrInet struct {
+	Family uint16
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	X__pad [8]uint8
+}
+
+type inetPktinfo struct {
+	Ifindex  int32
+	Spec_dst [4]byte /* in_addr */
+	Addr     [4]byte /* in_addr */
+}
+
+type sockExtendedErr struct {
+	Errno  uint32
+	Origin uint8
+	Type   uint8
+	Code   uint8
+	Pad    uint8
+	Info   uint32
+	Data   uint32
+}
+
+type ipMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
+
+type ipMreqn struct {
+	Multiaddr [4]byte /* in_addr */
+	Address   [4]byte /* in_addr */
+	Ifindex   int32
+}
+
+type ipMreqSource struct {
+	Multiaddr  uint32
+	Interface  uint32
+	Sourceaddr uint32
+}
+
+type groupReq struct {
+	Interface uint32
+	Pad_cgo_0 [4]byte
+	Group     kernelSockaddrStorage
+}
+
+type groupSourceReq struct {
+	Interface uint32
+	Pad_cgo_0 [4]byte
+	Group     kernelSockaddrStorage
+	Source    kernelSockaddrStorage
+}
+
+type icmpFilter struct {
+	Data uint32
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_linux_s390x.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_linux_s390x.go
new file mode 100644
index 000000000..a04e78518
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_linux_s390x.go
@@ -0,0 +1,132 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_linux.go
+
+package ipv4
+
+const (
+	sysIP_TOS             = 0x1
+	sysIP_TTL             = 0x2
+	sysIP_HDRINCL         = 0x3
+	sysIP_OPTIONS         = 0x4
+	sysIP_ROUTER_ALERT    = 0x5
+	sysIP_RECVOPTS        = 0x6
+	sysIP_RETOPTS         = 0x7
+	sysIP_PKTINFO         = 0x8
+	sysIP_PKTOPTIONS      = 0x9
+	sysIP_MTU_DISCOVER    = 0xa
+	sysIP_RECVERR         = 0xb
+	sysIP_RECVTTL         = 0xc
+	sysIP_RECVTOS         = 0xd
+	sysIP_MTU             = 0xe
+	sysIP_FREEBIND        = 0xf
+	sysIP_TRANSPARENT     = 0x13
+	sysIP_RECVRETOPTS     = 0x7
+	sysIP_ORIGDSTADDR     = 0x14
+	sysIP_RECVORIGDSTADDR = 0x14
+	sysIP_MINTTL          = 0x15
+	sysIP_NODEFRAG        = 0x16
+	sysIP_UNICAST_IF      = 0x32
+
+	sysIP_MULTICAST_IF           = 0x20
+	sysIP_MULTICAST_TTL          = 0x21
+	sysIP_MULTICAST_LOOP         = 0x22
+	sysIP_ADD_MEMBERSHIP         = 0x23
+	sysIP_DROP_MEMBERSHIP        = 0x24
+	sysIP_UNBLOCK_SOURCE         = 0x25
+	sysIP_BLOCK_SOURCE           = 0x26
+	sysIP_ADD_SOURCE_MEMBERSHIP  = 0x27
+	sysIP_DROP_SOURCE_MEMBERSHIP = 0x28
+	sysIP_MSFILTER               = 0x29
+	sysMCAST_JOIN_GROUP          = 0x2a
+	sysMCAST_LEAVE_GROUP         = 0x2d
+	sysMCAST_JOIN_SOURCE_GROUP   = 0x2e
+	sysMCAST_LEAVE_SOURCE_GROUP  = 0x2f
+	sysMCAST_BLOCK_SOURCE        = 0x2b
+	sysMCAST_UNBLOCK_SOURCE      = 0x2c
+	sysMCAST_MSFILTER            = 0x30
+	sysIP_MULTICAST_ALL          = 0x31
+
+	sysICMP_FILTER = 0x1
+
+	sysSO_EE_ORIGIN_NONE         = 0x0
+	sysSO_EE_ORIGIN_LOCAL        = 0x1
+	sysSO_EE_ORIGIN_ICMP         = 0x2
+	sysSO_EE_ORIGIN_ICMP6        = 0x3
+	sysSO_EE_ORIGIN_TXSTATUS     = 0x4
+	sysSO_EE_ORIGIN_TIMESTAMPING = 0x4
+
+	sizeofKernelSockaddrStorage = 0x80
+	sizeofSockaddrInet          = 0x10
+	sizeofInetPktinfo           = 0xc
+	sizeofSockExtendedErr       = 0x10
+
+	sizeofIPMreq         = 0x8
+	sizeofIPMreqn        = 0xc
+	sizeofIPMreqSource   = 0xc
+	sizeofGroupReq       = 0x88
+	sizeofGroupSourceReq = 0x108
+
+	sizeofICMPFilter = 0x4
+)
+
+type kernelSockaddrStorage struct {
+	Family  uint16
+	X__data [126]int8
+}
+
+type sockaddrInet struct {
+	Family uint16
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	X__pad [8]uint8
+}
+
+type inetPktinfo struct {
+	Ifindex  int32
+	Spec_dst [4]byte /* in_addr */
+	Addr     [4]byte /* in_addr */
+}
+
+type sockExtendedErr struct {
+	Errno  uint32
+	Origin uint8
+	Type   uint8
+	Code   uint8
+	Pad    uint8
+	Info   uint32
+	Data   uint32
+}
+
+type ipMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
+
+type ipMreqn struct {
+	Multiaddr [4]byte /* in_addr */
+	Address   [4]byte /* in_addr */
+	Ifindex   int32
+}
+
+type ipMreqSource struct {
+	Multiaddr  uint32
+	Interface  uint32
+	Sourceaddr uint32
+}
+
+type groupReq struct {
+	Interface uint32
+	Pad_cgo_0 [4]byte
+	Group     kernelSockaddrStorage
+}
+
+type groupSourceReq struct {
+	Interface uint32
+	Pad_cgo_0 [4]byte
+	Group     kernelSockaddrStorage
+	Source    kernelSockaddrStorage
+}
+
+type icmpFilter struct {
+	Data uint32
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_netbsd.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_netbsd.go
new file mode 100644
index 000000000..8cfc648ad
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_netbsd.go
@@ -0,0 +1,30 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_netbsd.go
+
+package ipv4
+
+const (
+	sysIP_OPTIONS     = 0x1
+	sysIP_HDRINCL     = 0x2
+	sysIP_TOS         = 0x3
+	sysIP_TTL         = 0x4
+	sysIP_RECVOPTS    = 0x5
+	sysIP_RECVRETOPTS = 0x6
+	sysIP_RECVDSTADDR = 0x7
+	sysIP_RETOPTS     = 0x8
+	sysIP_RECVIF      = 0x14
+	sysIP_RECVTTL     = 0x17
+
+	sysIP_MULTICAST_IF    = 0x9
+	sysIP_MULTICAST_TTL   = 0xa
+	sysIP_MULTICAST_LOOP  = 0xb
+	sysIP_ADD_MEMBERSHIP  = 0xc
+	sysIP_DROP_MEMBERSHIP = 0xd
+
+	sizeofIPMreq = 0x8
+)
+
+type ipMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_openbsd.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_openbsd.go
new file mode 100644
index 000000000..37629cb0a
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_openbsd.go
@@ -0,0 +1,30 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_openbsd.go
+
+package ipv4
+
+const (
+	sysIP_OPTIONS     = 0x1
+	sysIP_HDRINCL     = 0x2
+	sysIP_TOS         = 0x3
+	sysIP_TTL         = 0x4
+	sysIP_RECVOPTS    = 0x5
+	sysIP_RECVRETOPTS = 0x6
+	sysIP_RECVDSTADDR = 0x7
+	sysIP_RETOPTS     = 0x8
+	sysIP_RECVIF      = 0x1e
+	sysIP_RECVTTL     = 0x1f
+
+	sysIP_MULTICAST_IF    = 0x9
+	sysIP_MULTICAST_TTL   = 0xa
+	sysIP_MULTICAST_LOOP  = 0xb
+	sysIP_ADD_MEMBERSHIP  = 0xc
+	sysIP_DROP_MEMBERSHIP = 0xd
+
+	sizeofIPMreq = 0x8
+)
+
+type ipMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_solaris.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_solaris.go
new file mode 100644
index 000000000..cb80a308b
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_solaris.go
@@ -0,0 +1,100 @@
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs defs_solaris.go
+
+package ipv4
+
+const (
+	sysIP_OPTIONS     = 0x1
+	sysIP_HDRINCL     = 0x2
+	sysIP_TOS         = 0x3
+	sysIP_TTL         = 0x4
+	sysIP_RECVOPTS    = 0x5
+	sysIP_RECVRETOPTS = 0x6
+	sysIP_RECVDSTADDR = 0x7
+	sysIP_RETOPTS     = 0x8
+	sysIP_RECVIF      = 0x9
+	sysIP_RECVSLLA    = 0xa
+	sysIP_RECVTTL     = 0xb
+
+	sysIP_MULTICAST_IF           = 0x10
+	sysIP_MULTICAST_TTL          = 0x11
+	sysIP_MULTICAST_LOOP         = 0x12
+	sysIP_ADD_MEMBERSHIP         = 0x13
+	sysIP_DROP_MEMBERSHIP        = 0x14
+	sysIP_BLOCK_SOURCE           = 0x15
+	sysIP_UNBLOCK_SOURCE         = 0x16
+	sysIP_ADD_SOURCE_MEMBERSHIP  = 0x17
+	sysIP_DROP_SOURCE_MEMBERSHIP = 0x18
+	sysIP_NEXTHOP                = 0x19
+
+	sysIP_PKTINFO     = 0x1a
+	sysIP_RECVPKTINFO = 0x1a
+	sysIP_DONTFRAG    = 0x1b
+
+	sysIP_BOUND_IF      = 0x41
+	sysIP_UNSPEC_SRC    = 0x42
+	sysIP_BROADCAST_TTL = 0x43
+	sysIP_DHCPINIT_IF   = 0x45
+
+	sysIP_REUSEADDR = 0x104
+	sysIP_DONTROUTE = 0x105
+	sysIP_BROADCAST = 0x106
+
+	sysMCAST_JOIN_GROUP         = 0x29
+	sysMCAST_LEAVE_GROUP        = 0x2a
+	sysMCAST_BLOCK_SOURCE       = 0x2b
+	sysMCAST_UNBLOCK_SOURCE     = 0x2c
+	sysMCAST_JOIN_SOURCE_GROUP  = 0x2d
+	sysMCAST_LEAVE_SOURCE_GROUP = 0x2e
+
+	sizeofSockaddrStorage = 0x100
+	sizeofSockaddrInet    = 0x10
+	sizeofInetPktinfo     = 0xc
+
+	sizeofIPMreq         = 0x8
+	sizeofIPMreqSource   = 0xc
+	sizeofGroupReq       = 0x104
+	sizeofGroupSourceReq = 0x204
+)
+
+type sockaddrStorage struct {
+	Family     uint16
+	X_ss_pad1  [6]int8
+	X_ss_align float64
+	X_ss_pad2  [240]int8
+}
+
+type sockaddrInet struct {
+	Family uint16
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]int8
+}
+
+type inetPktinfo struct {
+	Ifindex  uint32
+	Spec_dst [4]byte /* in_addr */
+	Addr     [4]byte /* in_addr */
+}
+
+type ipMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
+
+type ipMreqSource struct {
+	Multiaddr  [4]byte /* in_addr */
+	Sourceaddr [4]byte /* in_addr */
+	Interface  [4]byte /* in_addr */
+}
+
+type groupReq struct {
+	Interface uint32
+	Pad_cgo_0 [256]byte
+}
+
+type groupSourceReq struct {
+	Interface uint32
+	Pad_cgo_0 [256]byte
+	Pad_cgo_1 [256]byte
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_zos_s390x.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_zos_s390x.go
new file mode 100644
index 000000000..4bbfda07d
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/ipv4/zsys_zos_s390x.go
@@ -0,0 +1,80 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Hand edited based on zerrors_zos_s390x.go
+// TODO(Bill O'Farrell): auto-generate.
+
+package ipv4
+
+const (
+	sysIP_ADD_MEMBERSHIP         = 5
+	sysIP_ADD_SOURCE_MEMBERSHIP  = 12
+	sysIP_BLOCK_SOURCE           = 10
+	sysIP_DEFAULT_MULTICAST_LOOP = 1
+	sysIP_DEFAULT_MULTICAST_TTL  = 1
+	sysIP_DROP_MEMBERSHIP        = 6
+	sysIP_DROP_SOURCE_MEMBERSHIP = 13
+	sysIP_MAX_MEMBERSHIPS        = 20
+	sysIP_MULTICAST_IF           = 7
+	sysIP_MULTICAST_LOOP         = 4
+	sysIP_MULTICAST_TTL          = 3
+	sysIP_OPTIONS                = 1
+	sysIP_PKTINFO                = 101
+	sysIP_RECVPKTINFO            = 102
+	sysIP_TOS                    = 2
+	sysIP_UNBLOCK_SOURCE         = 11
+
+	sysMCAST_JOIN_GROUP         = 40
+	sysMCAST_LEAVE_GROUP        = 41
+	sysMCAST_JOIN_SOURCE_GROUP  = 42
+	sysMCAST_LEAVE_SOURCE_GROUP = 43
+	sysMCAST_BLOCK_SOURCE       = 44
+	sysMCAST_UNBLOCK_SOURCE     = 45
+
+	sizeofIPMreq          = 8
+	sizeofSockaddrInet4   = 16
+	sizeofSockaddrStorage = 128
+	sizeofGroupReq        = 136
+	sizeofGroupSourceReq  = 264
+	sizeofInetPktinfo     = 8
+)
+
+type sockaddrInet4 struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte
+	Zero   [8]uint8
+}
+
+type inetPktinfo struct {
+	Addr    [4]byte
+	Ifindex uint32
+}
+
+type sockaddrStorage struct {
+	Len      uint8
+	Family   byte
+	ss_pad1  [6]byte
+	ss_align int64
+	ss_pad2  [112]byte
+}
+
+type groupReq struct {
+	Interface uint32
+	reserved  uint32
+	Group     sockaddrStorage
+}
+
+type groupSourceReq struct {
+	Interface uint32
+	reserved  uint32
+	Group     sockaddrStorage
+	Source    sockaddrStorage
+}
+
+type ipMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/proxy/dial.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/proxy/dial.go
new file mode 100644
index 000000000..811c2e4e9
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/proxy/dial.go
@@ -0,0 +1,54 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package proxy
+
+import (
+	"context"
+	"net"
+)
+
+// A ContextDialer dials using a context.
+type ContextDialer interface {
+	DialContext(ctx context.Context, network, address string) (net.Conn, error)
+}
+
+// Dial works like DialContext on net.Dialer but using a dialer returned by FromEnvironment.
+//
+// The passed ctx is only used for returning the Conn, not the lifetime of the Conn.
+//
+// Custom dialers (registered via RegisterDialerType) that do not implement ContextDialer
+// can leak a goroutine for as long as it takes the underlying Dialer implementation to timeout.
+//
+// A Conn returned from a successful Dial after the context has been cancelled will be immediately closed.
+func Dial(ctx context.Context, network, address string) (net.Conn, error) {
+	d := FromEnvironment()
+	if xd, ok := d.(ContextDialer); ok {
+		return xd.DialContext(ctx, network, address)
+	}
+	return dialContext(ctx, d, network, address)
+}
+
+// WARNING: this can leak a goroutine for as long as the underlying Dialer implementation takes to timeout
+// A Conn returned from a successful Dial after the context has been cancelled will be immediately closed.
+func dialContext(ctx context.Context, d Dialer, network, address string) (net.Conn, error) {
+	var (
+		conn net.Conn
+		done = make(chan struct{}, 1)
+		err  error
+	)
+	go func() {
+		conn, err = d.Dial(network, address)
+		close(done)
+		if conn != nil && ctx.Err() != nil {
+			conn.Close()
+		}
+	}()
+	select {
+	case <-ctx.Done():
+		err = ctx.Err()
+	case <-done:
+	}
+	return conn, err
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/proxy/direct.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/proxy/direct.go
new file mode 100644
index 000000000..3d66bdef9
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/proxy/direct.go
@@ -0,0 +1,31 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package proxy
+
+import (
+	"context"
+	"net"
+)
+
+type direct struct{}
+
+// Direct implements Dialer by making network connections directly using net.Dial or net.DialContext.
+var Direct = direct{}
+
+var (
+	_ Dialer        = Direct
+	_ ContextDialer = Direct
+)
+
+// Dial directly invokes net.Dial with the supplied parameters.
+func (direct) Dial(network, addr string) (net.Conn, error) {
+	return net.Dial(network, addr)
+}
+
+// DialContext instantiates a net.Dialer and invokes its DialContext receiver with the supplied parameters.
+func (direct) DialContext(ctx context.Context, network, addr string) (net.Conn, error) {
+	var d net.Dialer
+	return d.DialContext(ctx, network, addr)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/proxy/per_host.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/proxy/per_host.go
new file mode 100644
index 000000000..573fe79e8
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/proxy/per_host.go
@@ -0,0 +1,155 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package proxy
+
+import (
+	"context"
+	"net"
+	"strings"
+)
+
+// A PerHost directs connections to a default Dialer unless the host name
+// requested matches one of a number of exceptions.
+type PerHost struct {
+	def, bypass Dialer
+
+	bypassNetworks []*net.IPNet
+	bypassIPs      []net.IP
+	bypassZones    []string
+	bypassHosts    []string
+}
+
+// NewPerHost returns a PerHost Dialer that directs connections to either
+// defaultDialer or bypass, depending on whether the connection matches one of
+// the configured rules.
+func NewPerHost(defaultDialer, bypass Dialer) *PerHost {
+	return &PerHost{
+		def:    defaultDialer,
+		bypass: bypass,
+	}
+}
+
+// Dial connects to the address addr on the given network through either
+// defaultDialer or bypass.
+func (p *PerHost) Dial(network, addr string) (c net.Conn, err error) {
+	host, _, err := net.SplitHostPort(addr)
+	if err != nil {
+		return nil, err
+	}
+
+	return p.dialerForRequest(host).Dial(network, addr)
+}
+
+// DialContext connects to the address addr on the given network through either
+// defaultDialer or bypass.
+func (p *PerHost) DialContext(ctx context.Context, network, addr string) (c net.Conn, err error) {
+	host, _, err := net.SplitHostPort(addr)
+	if err != nil {
+		return nil, err
+	}
+	d := p.dialerForRequest(host)
+	if x, ok := d.(ContextDialer); ok {
+		return x.DialContext(ctx, network, addr)
+	}
+	return dialContext(ctx, d, network, addr)
+}
+
+func (p *PerHost) dialerForRequest(host string) Dialer {
+	if ip := net.ParseIP(host); ip != nil {
+		for _, net := range p.bypassNetworks {
+			if net.Contains(ip) {
+				return p.bypass
+			}
+		}
+		for _, bypassIP := range p.bypassIPs {
+			if bypassIP.Equal(ip) {
+				return p.bypass
+			}
+		}
+		return p.def
+	}
+
+	for _, zone := range p.bypassZones {
+		if strings.HasSuffix(host, zone) {
+			return p.bypass
+		}
+		if host == zone[1:] {
+			// For a zone ".example.com", we match "example.com"
+			// too.
+			return p.bypass
+		}
+	}
+	for _, bypassHost := range p.bypassHosts {
+		if bypassHost == host {
+			return p.bypass
+		}
+	}
+	return p.def
+}
+
+// AddFromString parses a string that contains comma-separated values
+// specifying hosts that should use the bypass proxy. Each value is either an
+// IP address, a CIDR range, a zone (*.example.com) or a host name
+// (localhost). A best effort is made to parse the string and errors are
+// ignored.
+func (p *PerHost) AddFromString(s string) {
+	hosts := strings.Split(s, ",")
+	for _, host := range hosts {
+		host = strings.TrimSpace(host)
+		if len(host) == 0 {
+			continue
+		}
+		if strings.Contains(host, "/") {
+			// We assume that it's a CIDR address like 127.0.0.0/8
+			if _, net, err := net.ParseCIDR(host); err == nil {
+				p.AddNetwork(net)
+			}
+			continue
+		}
+		if ip := net.ParseIP(host); ip != nil {
+			p.AddIP(ip)
+			continue
+		}
+		if strings.HasPrefix(host, "*.") {
+			p.AddZone(host[1:])
+			continue
+		}
+		p.AddHost(host)
+	}
+}
+
+// AddIP specifies an IP address that will use the bypass proxy. Note that
+// this will only take effect if a literal IP address is dialed. A connection
+// to a named host will never match an IP.
+func (p *PerHost) AddIP(ip net.IP) {
+	p.bypassIPs = append(p.bypassIPs, ip)
+}
+
+// AddNetwork specifies an IP range that will use the bypass proxy. Note that
+// this will only take effect if a literal IP address is dialed. A connection
+// to a named host will never match.
+func (p *PerHost) AddNetwork(net *net.IPNet) {
+	p.bypassNetworks = append(p.bypassNetworks, net)
+}
+
+// AddZone specifies a DNS suffix that will use the bypass proxy. A zone of
+// "example.com" matches "example.com" and all of its subdomains.
+func (p *PerHost) AddZone(zone string) {
+	if strings.HasSuffix(zone, ".") {
+		zone = zone[:len(zone)-1]
+	}
+	if !strings.HasPrefix(zone, ".") {
+		zone = "." + zone
+	}
+	p.bypassZones = append(p.bypassZones, zone)
+}
+
+// AddHost specifies a host name that will use the bypass proxy.
+func (p *PerHost) AddHost(host string) {
+	if strings.HasSuffix(host, ".") {
+		host = host[:len(host)-1]
+	}
+	p.bypassHosts = append(p.bypassHosts, host)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/proxy/proxy.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/proxy/proxy.go
new file mode 100644
index 000000000..9ff4b9a77
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/proxy/proxy.go
@@ -0,0 +1,149 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package proxy provides support for a variety of protocols to proxy network
+// data.
+package proxy // import "golang.org/x/net/proxy"
+
+import (
+	"errors"
+	"net"
+	"net/url"
+	"os"
+	"sync"
+)
+
+// A Dialer is a means to establish a connection.
+// Custom dialers should also implement ContextDialer.
+type Dialer interface {
+	// Dial connects to the given address via the proxy.
+	Dial(network, addr string) (c net.Conn, err error)
+}
+
+// Auth contains authentication parameters that specific Dialers may require.
+type Auth struct {
+	User, Password string
+}
+
+// FromEnvironment returns the dialer specified by the proxy-related
+// variables in the environment and makes underlying connections
+// directly.
+func FromEnvironment() Dialer {
+	return FromEnvironmentUsing(Direct)
+}
+
+// FromEnvironmentUsing returns the dialer specify by the proxy-related
+// variables in the environment and makes underlying connections
+// using the provided forwarding Dialer (for instance, a *net.Dialer
+// with desired configuration).
+func FromEnvironmentUsing(forward Dialer) Dialer {
+	allProxy := allProxyEnv.Get()
+	if len(allProxy) == 0 {
+		return forward
+	}
+
+	proxyURL, err := url.Parse(allProxy)
+	if err != nil {
+		return forward
+	}
+	proxy, err := FromURL(proxyURL, forward)
+	if err != nil {
+		return forward
+	}
+
+	noProxy := noProxyEnv.Get()
+	if len(noProxy) == 0 {
+		return proxy
+	}
+
+	perHost := NewPerHost(proxy, forward)
+	perHost.AddFromString(noProxy)
+	return perHost
+}
+
+// proxySchemes is a map from URL schemes to a function that creates a Dialer
+// from a URL with such a scheme.
+var proxySchemes map[string]func(*url.URL, Dialer) (Dialer, error)
+
+// RegisterDialerType takes a URL scheme and a function to generate Dialers from
+// a URL with that scheme and a forwarding Dialer. Registered schemes are used
+// by FromURL.
+func RegisterDialerType(scheme string, f func(*url.URL, Dialer) (Dialer, error)) {
+	if proxySchemes == nil {
+		proxySchemes = make(map[string]func(*url.URL, Dialer) (Dialer, error))
+	}
+	proxySchemes[scheme] = f
+}
+
+// FromURL returns a Dialer given a URL specification and an underlying
+// Dialer for it to make network requests.
+func FromURL(u *url.URL, forward Dialer) (Dialer, error) {
+	var auth *Auth
+	if u.User != nil {
+		auth = new(Auth)
+		auth.User = u.User.Username()
+		if p, ok := u.User.Password(); ok {
+			auth.Password = p
+		}
+	}
+
+	switch u.Scheme {
+	case "socks5", "socks5h":
+		addr := u.Hostname()
+		port := u.Port()
+		if port == "" {
+			port = "1080"
+		}
+		return SOCKS5("tcp", net.JoinHostPort(addr, port), auth, forward)
+	}
+
+	// If the scheme doesn't match any of the built-in schemes, see if it
+	// was registered by another package.
+	if proxySchemes != nil {
+		if f, ok := proxySchemes[u.Scheme]; ok {
+			return f(u, forward)
+		}
+	}
+
+	return nil, errors.New("proxy: unknown scheme: " + u.Scheme)
+}
+
+var (
+	allProxyEnv = &envOnce{
+		names: []string{"ALL_PROXY", "all_proxy"},
+	}
+	noProxyEnv = &envOnce{
+		names: []string{"NO_PROXY", "no_proxy"},
+	}
+)
+
+// envOnce looks up an environment variable (optionally by multiple
+// names) once. It mitigates expensive lookups on some platforms
+// (e.g. Windows).
+// (Borrowed from net/http/transport.go)
+type envOnce struct {
+	names []string
+	once  sync.Once
+	val   string
+}
+
+func (e *envOnce) Get() string {
+	e.once.Do(e.init)
+	return e.val
+}
+
+func (e *envOnce) init() {
+	for _, n := range e.names {
+		e.val = os.Getenv(n)
+		if e.val != "" {
+			return
+		}
+	}
+}
+
+// reset is used by tests
+func (e *envOnce) reset() {
+	e.once = sync.Once{}
+	e.val = ""
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/proxy/socks5.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/proxy/socks5.go
new file mode 100644
index 000000000..c91651f96
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/net/proxy/socks5.go
@@ -0,0 +1,42 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package proxy
+
+import (
+	"context"
+	"net"
+
+	"golang.org/x/net/internal/socks"
+)
+
+// SOCKS5 returns a Dialer that makes SOCKSv5 connections to the given
+// address with an optional username and password.
+// See RFC 1928 and RFC 1929.
+func SOCKS5(network, address string, auth *Auth, forward Dialer) (Dialer, error) {
+	d := socks.NewDialer(network, address)
+	if forward != nil {
+		if f, ok := forward.(ContextDialer); ok {
+			d.ProxyDial = func(ctx context.Context, network string, address string) (net.Conn, error) {
+				return f.DialContext(ctx, network, address)
+			}
+		} else {
+			d.ProxyDial = func(ctx context.Context, network string, address string) (net.Conn, error) {
+				return dialContext(ctx, forward, network, address)
+			}
+		}
+	}
+	if auth != nil {
+		up := socks.UsernamePassword{
+			Username: auth.User,
+			Password: auth.Password,
+		}
+		d.AuthMethods = []socks.AuthMethod{
+			socks.AuthMethodNotRequired,
+			socks.AuthMethodUsernamePassword,
+		}
+		d.Authenticate = up.Authenticate
+	}
+	return d, nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/AUTHORS b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/AUTHORS
new file mode 100644
index 000000000..15167cd74
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/AUTHORS
@@ -0,0 +1,3 @@
+# This source code refers to The Go Authors for copyright purposes.
+# The master list of authors is in the main Go distribution,
+# visible at http://tip.golang.org/AUTHORS.
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/CONTRIBUTORS b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/CONTRIBUTORS
new file mode 100644
index 000000000..1c4577e96
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/CONTRIBUTORS
@@ -0,0 +1,3 @@
+# This source code was written by the Go contributors.
+# The master list of contributors is in the main Go distribution,
+# visible at http://tip.golang.org/CONTRIBUTORS.
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/LICENSE b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/LICENSE
new file mode 100644
index 000000000..6a66aea5e
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/LICENSE
@@ -0,0 +1,27 @@
+Copyright (c) 2009 The Go Authors. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+   * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/PATENTS b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/PATENTS
new file mode 100644
index 000000000..733099041
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/PATENTS
@@ -0,0 +1,22 @@
+Additional IP Rights Grant (Patents)
+
+"This implementation" means the copyrightable works distributed by
+Google as part of the Go project.
+
+Google hereby grants to You a perpetual, worldwide, non-exclusive,
+no-charge, royalty-free, irrevocable (except as stated in this section)
+patent license to make, have made, use, offer to sell, sell, import,
+transfer and otherwise run, modify and propagate the contents of this
+implementation of Go, where such license applies only to those patent
+claims, both currently owned or controlled by Google and acquired in
+the future, licensable by Google that are necessarily infringed by this
+implementation of Go.  This grant does not include claims that would be
+infringed only as a consequence of further modification of this
+implementation.  If you or your agent or exclusive licensee institute or
+order or agree to the institution of patent litigation against any
+entity (including a cross-claim or counterclaim in a lawsuit) alleging
+that this implementation of Go or any code incorporated within this
+implementation of Go constitutes direct or contributory patent
+infringement, or inducement of patent infringement, then any patent
+rights granted to you under this License for this implementation of Go
+shall terminate as of the date such litigation is filed.
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/internal/unsafeheader/unsafeheader.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/internal/unsafeheader/unsafeheader.go
new file mode 100644
index 000000000..e07899b90
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/internal/unsafeheader/unsafeheader.go
@@ -0,0 +1,30 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package unsafeheader contains header declarations for the Go runtime's
+// slice and string implementations.
+//
+// This package allows x/sys to use types equivalent to
+// reflect.SliceHeader and reflect.StringHeader without introducing
+// a dependency on the (relatively heavy) "reflect" package.
+package unsafeheader
+
+import (
+	"unsafe"
+)
+
+// Slice is the runtime representation of a slice.
+// It cannot be used safely or portably and its representation may change in a later release.
+type Slice struct {
+	Data unsafe.Pointer
+	Len  int
+	Cap  int
+}
+
+// String is the runtime representation of a string.
+// It cannot be used safely or portably and its representation may change in a later release.
+type String struct {
+	Data unsafe.Pointer
+	Len  int
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/.gitignore b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/.gitignore
new file mode 100644
index 000000000..e3e0fc6f8
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/.gitignore
@@ -0,0 +1,2 @@
+_obj/
+unix.test
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/README.md b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/README.md
new file mode 100644
index 000000000..579d2d735
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/README.md
@@ -0,0 +1,184 @@
+# Building `sys/unix`
+
+The sys/unix package provides access to the raw system call interface of the
+underlying operating system. See: https://godoc.org/golang.org/x/sys/unix
+
+Porting Go to a new architecture/OS combination or adding syscalls, types, or
+constants to an existing architecture/OS pair requires some manual effort;
+however, there are tools that automate much of the process.
+
+## Build Systems
+
+There are currently two ways we generate the necessary files. We are currently
+migrating the build system to use containers so the builds are reproducible.
+This is being done on an OS-by-OS basis. Please update this documentation as
+components of the build system change.
+
+### Old Build System (currently for `GOOS != "linux"`)
+
+The old build system generates the Go files based on the C header files
+present on your system. This means that files
+for a given GOOS/GOARCH pair must be generated on a system with that OS and
+architecture. This also means that the generated code can differ from system
+to system, based on differences in the header files.
+
+To avoid this, if you are using the old build system, only generate the Go
+files on an installation with unmodified header files. It is also important to
+keep track of which version of the OS the files were generated from (ex.
+Darwin 14 vs Darwin 15). This makes it easier to track the progress of changes
+and have each OS upgrade correspond to a single change.
+
+To build the files for your current OS and architecture, make sure GOOS and
+GOARCH are set correctly and run `mkall.sh`. This will generate the files for
+your specific system. Running `mkall.sh -n` shows the commands that will be run.
+
+Requirements: bash, go
+
+### New Build System (currently for `GOOS == "linux"`)
+
+The new build system uses a Docker container to generate the go files directly
+from source checkouts of the kernel and various system libraries. This means
+that on any platform that supports Docker, all the files using the new build
+system can be generated at once, and generated files will not change based on
+what the person running the scripts has installed on their computer.
+
+The OS specific files for the new build system are located in the `${GOOS}`
+directory, and the build is coordinated by the `${GOOS}/mkall.go` program. When
+the kernel or system library updates, modify the Dockerfile at
+`${GOOS}/Dockerfile` to checkout the new release of the source.
+
+To build all the files under the new build system, you must be on an amd64/Linux
+system and have your GOOS and GOARCH set accordingly. Running `mkall.sh` will
+then generate all of the files for all of the GOOS/GOARCH pairs in the new build
+system. Running `mkall.sh -n` shows the commands that will be run.
+
+Requirements: bash, go, docker
+
+## Component files
+
+This section describes the various files used in the code generation process.
+It also contains instructions on how to modify these files to add a new
+architecture/OS or to add additional syscalls, types, or constants. Note that
+if you are using the new build system, the scripts/programs cannot be called normally.
+They must be called from within the docker container.
+
+### asm files
+
+The hand-written assembly file at `asm_${GOOS}_${GOARCH}.s` implements system
+call dispatch. There are three entry points:
+```
+  func Syscall(trap, a1, a2, a3 uintptr) (r1, r2, err uintptr)
+  func Syscall6(trap, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2, err uintptr)
+  func RawSyscall(trap, a1, a2, a3 uintptr) (r1, r2, err uintptr)
+```
+The first and second are the standard ones; they differ only in how many
+arguments can be passed to the kernel. The third is for low-level use by the
+ForkExec wrapper. Unlike the first two, it does not call into the scheduler to
+let it know that a system call is running.
+
+When porting Go to an new architecture/OS, this file must be implemented for
+each GOOS/GOARCH pair.
+
+### mksysnum
+
+Mksysnum is a Go program located at `${GOOS}/mksysnum.go` (or `mksysnum_${GOOS}.go`
+for the old system). This program takes in a list of header files containing the
+syscall number declarations and parses them to produce the corresponding list of
+Go numeric constants. See `zsysnum_${GOOS}_${GOARCH}.go` for the generated
+constants.
+
+Adding new syscall numbers is mostly done by running the build on a sufficiently
+new installation of the target OS (or updating the source checkouts for the
+new build system). However, depending on the OS, you may need to update the
+parsing in mksysnum.
+
+### mksyscall.go
+
+The `syscall.go`, `syscall_${GOOS}.go`, `syscall_${GOOS}_${GOARCH}.go` are
+hand-written Go files which implement system calls (for unix, the specific OS,
+or the specific OS/Architecture pair respectively) that need special handling
+and list `//sys` comments giving prototypes for ones that can be generated.
+
+The mksyscall.go program takes the `//sys` and `//sysnb` comments and converts
+them into syscalls. This requires the name of the prototype in the comment to
+match a syscall number in the `zsysnum_${GOOS}_${GOARCH}.go` file. The function
+prototype can be exported (capitalized) or not.
+
+Adding a new syscall often just requires adding a new `//sys` function prototype
+with the desired arguments and a capitalized name so it is exported. However, if
+you want the interface to the syscall to be different, often one will make an
+unexported `//sys` prototype, an then write a custom wrapper in
+`syscall_${GOOS}.go`.
+
+### types files
+
+For each OS, there is a hand-written Go file at `${GOOS}/types.go` (or
+`types_${GOOS}.go` on the old system). This file includes standard C headers and
+creates Go type aliases to the corresponding C types. The file is then fed
+through godef to get the Go compatible definitions. Finally, the generated code
+is fed though mkpost.go to format the code correctly and remove any hidden or
+private identifiers. This cleaned-up code is written to
+`ztypes_${GOOS}_${GOARCH}.go`.
+
+The hardest part about preparing this file is figuring out which headers to
+include and which symbols need to be `#define`d to get the actual data
+structures that pass through to the kernel system calls. Some C libraries
+preset alternate versions for binary compatibility and translate them on the
+way in and out of system calls, but there is almost always a `#define` that can
+get the real ones.
+See `types_darwin.go` and `linux/types.go` for examples.
+
+To add a new type, add in the necessary include statement at the top of the
+file (if it is not already there) and add in a type alias line. Note that if
+your type is significantly different on different architectures, you may need
+some `#if/#elif` macros in your include statements.
+
+### mkerrors.sh
+
+This script is used to generate the system's various constants. This doesn't
+just include the error numbers and error strings, but also the signal numbers
+an a wide variety of miscellaneous constants. The constants come from the list
+of include files in the `includes_${uname}` variable. A regex then picks out
+the desired `#define` statements, and generates the corresponding Go constants.
+The error numbers and strings are generated from `#include <errno.h>`, and the
+signal numbers and strings are generated from `#include <signal.h>`. All of
+these constants are written to `zerrors_${GOOS}_${GOARCH}.go` via a C program,
+`_errors.c`, which prints out all the constants.
+
+To add a constant, add the header that includes it to the appropriate variable.
+Then, edit the regex (if necessary) to match the desired constant. Avoid making
+the regex too broad to avoid matching unintended constants.
+
+### mkmerge.go
+
+This program is used to extract duplicate const, func, and type declarations
+from the generated architecture-specific files listed below, and merge these
+into a common file for each OS.
+
+The merge is performed in the following steps:
+1. Construct the set of common code that is idential in all architecture-specific files.
+2. Write this common code to the merged file.
+3. Remove the common code from all architecture-specific files.
+
+
+## Generated files
+
+### `zerrors_${GOOS}_${GOARCH}.go`
+
+A file containing all of the system's generated error numbers, error strings,
+signal numbers, and constants. Generated by `mkerrors.sh` (see above).
+
+### `zsyscall_${GOOS}_${GOARCH}.go`
+
+A file containing all the generated syscalls for a specific GOOS and GOARCH.
+Generated by `mksyscall.go` (see above).
+
+### `zsysnum_${GOOS}_${GOARCH}.go`
+
+A list of numeric constants for all the syscall number of the specific GOOS
+and GOARCH. Generated by mksysnum (see above).
+
+### `ztypes_${GOOS}_${GOARCH}.go`
+
+A file containing Go types for passing into (or returning from) syscalls.
+Generated by godefs and the types file (see above).
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/affinity_linux.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/affinity_linux.go
new file mode 100644
index 000000000..6e5c81acd
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/affinity_linux.go
@@ -0,0 +1,86 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// CPU affinity functions
+
+package unix
+
+import (
+	"math/bits"
+	"unsafe"
+)
+
+const cpuSetSize = _CPU_SETSIZE / _NCPUBITS
+
+// CPUSet represents a CPU affinity mask.
+type CPUSet [cpuSetSize]cpuMask
+
+func schedAffinity(trap uintptr, pid int, set *CPUSet) error {
+	_, _, e := RawSyscall(trap, uintptr(pid), uintptr(unsafe.Sizeof(*set)), uintptr(unsafe.Pointer(set)))
+	if e != 0 {
+		return errnoErr(e)
+	}
+	return nil
+}
+
+// SchedGetaffinity gets the CPU affinity mask of the thread specified by pid.
+// If pid is 0 the calling thread is used.
+func SchedGetaffinity(pid int, set *CPUSet) error {
+	return schedAffinity(SYS_SCHED_GETAFFINITY, pid, set)
+}
+
+// SchedSetaffinity sets the CPU affinity mask of the thread specified by pid.
+// If pid is 0 the calling thread is used.
+func SchedSetaffinity(pid int, set *CPUSet) error {
+	return schedAffinity(SYS_SCHED_SETAFFINITY, pid, set)
+}
+
+// Zero clears the set s, so that it contains no CPUs.
+func (s *CPUSet) Zero() {
+	for i := range s {
+		s[i] = 0
+	}
+}
+
+func cpuBitsIndex(cpu int) int {
+	return cpu / _NCPUBITS
+}
+
+func cpuBitsMask(cpu int) cpuMask {
+	return cpuMask(1 << (uint(cpu) % _NCPUBITS))
+}
+
+// Set adds cpu to the set s.
+func (s *CPUSet) Set(cpu int) {
+	i := cpuBitsIndex(cpu)
+	if i < len(s) {
+		s[i] |= cpuBitsMask(cpu)
+	}
+}
+
+// Clear removes cpu from the set s.
+func (s *CPUSet) Clear(cpu int) {
+	i := cpuBitsIndex(cpu)
+	if i < len(s) {
+		s[i] &^= cpuBitsMask(cpu)
+	}
+}
+
+// IsSet reports whether cpu is in the set s.
+func (s *CPUSet) IsSet(cpu int) bool {
+	i := cpuBitsIndex(cpu)
+	if i < len(s) {
+		return s[i]&cpuBitsMask(cpu) != 0
+	}
+	return false
+}
+
+// Count returns the number of CPUs in the set s.
+func (s *CPUSet) Count() int {
+	c := 0
+	for _, b := range s {
+		c += bits.OnesCount64(uint64(b))
+	}
+	return c
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/aliases.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/aliases.go
new file mode 100644
index 000000000..951fce4d0
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/aliases.go
@@ -0,0 +1,14 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
+// +build go1.9
+
+package unix
+
+import "syscall"
+
+type Signal = syscall.Signal
+type Errno = syscall.Errno
+type SysProcAttr = syscall.SysProcAttr
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s
new file mode 100644
index 000000000..06f84b855
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s
@@ -0,0 +1,17 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !gccgo
+
+#include "textflag.h"
+
+//
+// System calls for ppc64, AIX are implemented in runtime/syscall_aix.go
+//
+
+TEXT ·syscall6(SB),NOSPLIT,$0-88
+	JMP	syscall·syscall6(SB)
+
+TEXT ·rawSyscall6(SB),NOSPLIT,$0-88
+	JMP	syscall·rawSyscall6(SB)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_darwin_386.s b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_darwin_386.s
new file mode 100644
index 000000000..8a7278319
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_darwin_386.s
@@ -0,0 +1,29 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !gccgo
+
+#include "textflag.h"
+
+//
+// System call support for 386, Darwin
+//
+
+// Just jump to package syscall's implementation for all these functions.
+// The runtime may know about them.
+
+TEXT	·Syscall(SB),NOSPLIT,$0-28
+	JMP	syscall·Syscall(SB)
+
+TEXT	·Syscall6(SB),NOSPLIT,$0-40
+	JMP	syscall·Syscall6(SB)
+
+TEXT	·Syscall9(SB),NOSPLIT,$0-52
+	JMP	syscall·Syscall9(SB)
+
+TEXT ·RawSyscall(SB),NOSPLIT,$0-28
+	JMP	syscall·RawSyscall(SB)
+
+TEXT	·RawSyscall6(SB),NOSPLIT,$0-40
+	JMP	syscall·RawSyscall6(SB)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_darwin_amd64.s b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_darwin_amd64.s
new file mode 100644
index 000000000..6321421f2
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_darwin_amd64.s
@@ -0,0 +1,29 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !gccgo
+
+#include "textflag.h"
+
+//
+// System call support for AMD64, Darwin
+//
+
+// Just jump to package syscall's implementation for all these functions.
+// The runtime may know about them.
+
+TEXT	·Syscall(SB),NOSPLIT,$0-56
+	JMP	syscall·Syscall(SB)
+
+TEXT	·Syscall6(SB),NOSPLIT,$0-80
+	JMP	syscall·Syscall6(SB)
+
+TEXT	·Syscall9(SB),NOSPLIT,$0-104
+	JMP	syscall·Syscall9(SB)
+
+TEXT	·RawSyscall(SB),NOSPLIT,$0-56
+	JMP	syscall·RawSyscall(SB)
+
+TEXT	·RawSyscall6(SB),NOSPLIT,$0-80
+	JMP	syscall·RawSyscall6(SB)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_darwin_arm.s b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_darwin_arm.s
new file mode 100644
index 000000000..333242d50
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_darwin_arm.s
@@ -0,0 +1,30 @@
+// Copyright 2015 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !gccgo
+// +build arm,darwin
+
+#include "textflag.h"
+
+//
+// System call support for ARM, Darwin
+//
+
+// Just jump to package syscall's implementation for all these functions.
+// The runtime may know about them.
+
+TEXT	·Syscall(SB),NOSPLIT,$0-28
+	B	syscall·Syscall(SB)
+
+TEXT	·Syscall6(SB),NOSPLIT,$0-40
+	B	syscall·Syscall6(SB)
+
+TEXT	·Syscall9(SB),NOSPLIT,$0-52
+	B	syscall·Syscall9(SB)
+
+TEXT	·RawSyscall(SB),NOSPLIT,$0-28
+	B	syscall·RawSyscall(SB)
+
+TEXT	·RawSyscall6(SB),NOSPLIT,$0-40
+	B	syscall·RawSyscall6(SB)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_darwin_arm64.s b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_darwin_arm64.s
new file mode 100644
index 000000000..97e017437
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_darwin_arm64.s
@@ -0,0 +1,30 @@
+// Copyright 2015 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !gccgo
+// +build arm64,darwin
+
+#include "textflag.h"
+
+//
+// System call support for AMD64, Darwin
+//
+
+// Just jump to package syscall's implementation for all these functions.
+// The runtime may know about them.
+
+TEXT	·Syscall(SB),NOSPLIT,$0-56
+	B	syscall·Syscall(SB)
+
+TEXT	·Syscall6(SB),NOSPLIT,$0-80
+	B	syscall·Syscall6(SB)
+
+TEXT	·Syscall9(SB),NOSPLIT,$0-104
+	B	syscall·Syscall9(SB)
+
+TEXT	·RawSyscall(SB),NOSPLIT,$0-56
+	B	syscall·RawSyscall(SB)
+
+TEXT	·RawSyscall6(SB),NOSPLIT,$0-80
+	B	syscall·RawSyscall6(SB)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_dragonfly_amd64.s b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_dragonfly_amd64.s
new file mode 100644
index 000000000..603dd5728
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_dragonfly_amd64.s
@@ -0,0 +1,29 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !gccgo
+
+#include "textflag.h"
+
+//
+// System call support for AMD64, DragonFly
+//
+
+// Just jump to package syscall's implementation for all these functions.
+// The runtime may know about them.
+
+TEXT	·Syscall(SB),NOSPLIT,$0-56
+	JMP	syscall·Syscall(SB)
+
+TEXT	·Syscall6(SB),NOSPLIT,$0-80
+	JMP	syscall·Syscall6(SB)
+
+TEXT	·Syscall9(SB),NOSPLIT,$0-104
+	JMP	syscall·Syscall9(SB)
+
+TEXT ·RawSyscall(SB),NOSPLIT,$0-56
+	JMP	syscall·RawSyscall(SB)
+
+TEXT	·RawSyscall6(SB),NOSPLIT,$0-80
+	JMP	syscall·RawSyscall6(SB)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_freebsd_386.s b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_freebsd_386.s
new file mode 100644
index 000000000..c9a0a2601
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_freebsd_386.s
@@ -0,0 +1,29 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !gccgo
+
+#include "textflag.h"
+
+//
+// System call support for 386, FreeBSD
+//
+
+// Just jump to package syscall's implementation for all these functions.
+// The runtime may know about them.
+
+TEXT	·Syscall(SB),NOSPLIT,$0-28
+	JMP	syscall·Syscall(SB)
+
+TEXT	·Syscall6(SB),NOSPLIT,$0-40
+	JMP	syscall·Syscall6(SB)
+
+TEXT	·Syscall9(SB),NOSPLIT,$0-52
+	JMP	syscall·Syscall9(SB)
+
+TEXT ·RawSyscall(SB),NOSPLIT,$0-28
+	JMP	syscall·RawSyscall(SB)
+
+TEXT	·RawSyscall6(SB),NOSPLIT,$0-40
+	JMP	syscall·RawSyscall6(SB)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_freebsd_amd64.s b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_freebsd_amd64.s
new file mode 100644
index 000000000..35172477c
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_freebsd_amd64.s
@@ -0,0 +1,29 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !gccgo
+
+#include "textflag.h"
+
+//
+// System call support for AMD64, FreeBSD
+//
+
+// Just jump to package syscall's implementation for all these functions.
+// The runtime may know about them.
+
+TEXT	·Syscall(SB),NOSPLIT,$0-56
+	JMP	syscall·Syscall(SB)
+
+TEXT	·Syscall6(SB),NOSPLIT,$0-80
+	JMP	syscall·Syscall6(SB)
+
+TEXT	·Syscall9(SB),NOSPLIT,$0-104
+	JMP	syscall·Syscall9(SB)
+
+TEXT ·RawSyscall(SB),NOSPLIT,$0-56
+	JMP	syscall·RawSyscall(SB)
+
+TEXT	·RawSyscall6(SB),NOSPLIT,$0-80
+	JMP	syscall·RawSyscall6(SB)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_freebsd_arm.s b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_freebsd_arm.s
new file mode 100644
index 000000000..9227c875b
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_freebsd_arm.s
@@ -0,0 +1,29 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !gccgo
+
+#include "textflag.h"
+
+//
+// System call support for ARM, FreeBSD
+//
+
+// Just jump to package syscall's implementation for all these functions.
+// The runtime may know about them.
+
+TEXT	·Syscall(SB),NOSPLIT,$0-28
+	B	syscall·Syscall(SB)
+
+TEXT	·Syscall6(SB),NOSPLIT,$0-40
+	B	syscall·Syscall6(SB)
+
+TEXT	·Syscall9(SB),NOSPLIT,$0-52
+	B	syscall·Syscall9(SB)
+
+TEXT	·RawSyscall(SB),NOSPLIT,$0-28
+	B	syscall·RawSyscall(SB)
+
+TEXT	·RawSyscall6(SB),NOSPLIT,$0-40
+	B	syscall·RawSyscall6(SB)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_freebsd_arm64.s b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_freebsd_arm64.s
new file mode 100644
index 000000000..d9318cbf0
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_freebsd_arm64.s
@@ -0,0 +1,29 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !gccgo
+
+#include "textflag.h"
+
+//
+// System call support for ARM64, FreeBSD
+//
+
+// Just jump to package syscall's implementation for all these functions.
+// The runtime may know about them.
+
+TEXT	·Syscall(SB),NOSPLIT,$0-56
+	JMP	syscall·Syscall(SB)
+
+TEXT	·Syscall6(SB),NOSPLIT,$0-80
+	JMP	syscall·Syscall6(SB)
+
+TEXT	·Syscall9(SB),NOSPLIT,$0-104
+	JMP	syscall·Syscall9(SB)
+
+TEXT ·RawSyscall(SB),NOSPLIT,$0-56
+	JMP	syscall·RawSyscall(SB)
+
+TEXT	·RawSyscall6(SB),NOSPLIT,$0-80
+	JMP	syscall·RawSyscall6(SB)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_linux_386.s b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_linux_386.s
new file mode 100644
index 000000000..448bebbb5
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_linux_386.s
@@ -0,0 +1,65 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !gccgo
+
+#include "textflag.h"
+
+//
+// System calls for 386, Linux
+//
+
+// See ../runtime/sys_linux_386.s for the reason why we always use int 0x80
+// instead of the glibc-specific "CALL 0x10(GS)".
+#define INVOKE_SYSCALL	INT	$0x80
+
+// Just jump to package syscall's implementation for all these functions.
+// The runtime may know about them.
+
+TEXT ·Syscall(SB),NOSPLIT,$0-28
+	JMP	syscall·Syscall(SB)
+
+TEXT ·Syscall6(SB),NOSPLIT,$0-40
+	JMP	syscall·Syscall6(SB)
+
+TEXT ·SyscallNoError(SB),NOSPLIT,$0-24
+	CALL	runtime·entersyscall(SB)
+	MOVL	trap+0(FP), AX  // syscall entry
+	MOVL	a1+4(FP), BX
+	MOVL	a2+8(FP), CX
+	MOVL	a3+12(FP), DX
+	MOVL	$0, SI
+	MOVL	$0, DI
+	INVOKE_SYSCALL
+	MOVL	AX, r1+16(FP)
+	MOVL	DX, r2+20(FP)
+	CALL	runtime·exitsyscall(SB)
+	RET
+
+TEXT ·RawSyscall(SB),NOSPLIT,$0-28
+	JMP	syscall·RawSyscall(SB)
+
+TEXT ·RawSyscall6(SB),NOSPLIT,$0-40
+	JMP	syscall·RawSyscall6(SB)
+
+TEXT ·RawSyscallNoError(SB),NOSPLIT,$0-24
+	MOVL	trap+0(FP), AX  // syscall entry
+	MOVL	a1+4(FP), BX
+	MOVL	a2+8(FP), CX
+	MOVL	a3+12(FP), DX
+	MOVL	$0, SI
+	MOVL	$0, DI
+	INVOKE_SYSCALL
+	MOVL	AX, r1+16(FP)
+	MOVL	DX, r2+20(FP)
+	RET
+
+TEXT ·socketcall(SB),NOSPLIT,$0-36
+	JMP	syscall·socketcall(SB)
+
+TEXT ·rawsocketcall(SB),NOSPLIT,$0-36
+	JMP	syscall·rawsocketcall(SB)
+
+TEXT ·seek(SB),NOSPLIT,$0-28
+	JMP	syscall·seek(SB)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_linux_amd64.s b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_linux_amd64.s
new file mode 100644
index 000000000..c6468a958
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_linux_amd64.s
@@ -0,0 +1,57 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !gccgo
+
+#include "textflag.h"
+
+//
+// System calls for AMD64, Linux
+//
+
+// Just jump to package syscall's implementation for all these functions.
+// The runtime may know about them.
+
+TEXT ·Syscall(SB),NOSPLIT,$0-56
+	JMP	syscall·Syscall(SB)
+
+TEXT ·Syscall6(SB),NOSPLIT,$0-80
+	JMP	syscall·Syscall6(SB)
+
+TEXT ·SyscallNoError(SB),NOSPLIT,$0-48
+	CALL	runtime·entersyscall(SB)
+	MOVQ	a1+8(FP), DI
+	MOVQ	a2+16(FP), SI
+	MOVQ	a3+24(FP), DX
+	MOVQ	$0, R10
+	MOVQ	$0, R8
+	MOVQ	$0, R9
+	MOVQ	trap+0(FP), AX	// syscall entry
+	SYSCALL
+	MOVQ	AX, r1+32(FP)
+	MOVQ	DX, r2+40(FP)
+	CALL	runtime·exitsyscall(SB)
+	RET
+
+TEXT ·RawSyscall(SB),NOSPLIT,$0-56
+	JMP	syscall·RawSyscall(SB)
+
+TEXT ·RawSyscall6(SB),NOSPLIT,$0-80
+	JMP	syscall·RawSyscall6(SB)
+
+TEXT ·RawSyscallNoError(SB),NOSPLIT,$0-48
+	MOVQ	a1+8(FP), DI
+	MOVQ	a2+16(FP), SI
+	MOVQ	a3+24(FP), DX
+	MOVQ	$0, R10
+	MOVQ	$0, R8
+	MOVQ	$0, R9
+	MOVQ	trap+0(FP), AX	// syscall entry
+	SYSCALL
+	MOVQ	AX, r1+32(FP)
+	MOVQ	DX, r2+40(FP)
+	RET
+
+TEXT ·gettimeofday(SB),NOSPLIT,$0-16
+	JMP	syscall·gettimeofday(SB)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_linux_arm.s b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_linux_arm.s
new file mode 100644
index 000000000..cf0f3575c
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_linux_arm.s
@@ -0,0 +1,56 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !gccgo
+
+#include "textflag.h"
+
+//
+// System calls for arm, Linux
+//
+
+// Just jump to package syscall's implementation for all these functions.
+// The runtime may know about them.
+
+TEXT ·Syscall(SB),NOSPLIT,$0-28
+	B	syscall·Syscall(SB)
+
+TEXT ·Syscall6(SB),NOSPLIT,$0-40
+	B	syscall·Syscall6(SB)
+
+TEXT ·SyscallNoError(SB),NOSPLIT,$0-24
+	BL	runtime·entersyscall(SB)
+	MOVW	trap+0(FP), R7
+	MOVW	a1+4(FP), R0
+	MOVW	a2+8(FP), R1
+	MOVW	a3+12(FP), R2
+	MOVW	$0, R3
+	MOVW	$0, R4
+	MOVW	$0, R5
+	SWI	$0
+	MOVW	R0, r1+16(FP)
+	MOVW	$0, R0
+	MOVW	R0, r2+20(FP)
+	BL	runtime·exitsyscall(SB)
+	RET
+
+TEXT ·RawSyscall(SB),NOSPLIT,$0-28
+	B	syscall·RawSyscall(SB)
+
+TEXT ·RawSyscall6(SB),NOSPLIT,$0-40
+	B	syscall·RawSyscall6(SB)
+
+TEXT ·RawSyscallNoError(SB),NOSPLIT,$0-24
+	MOVW	trap+0(FP), R7	// syscall entry
+	MOVW	a1+4(FP), R0
+	MOVW	a2+8(FP), R1
+	MOVW	a3+12(FP), R2
+	SWI	$0
+	MOVW	R0, r1+16(FP)
+	MOVW	$0, R0
+	MOVW	R0, r2+20(FP)
+	RET
+
+TEXT ·seek(SB),NOSPLIT,$0-28
+	B	syscall·seek(SB)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_linux_arm64.s b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_linux_arm64.s
new file mode 100644
index 000000000..afe6fdf6b
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_linux_arm64.s
@@ -0,0 +1,52 @@
+// Copyright 2015 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build linux
+// +build arm64
+// +build !gccgo
+
+#include "textflag.h"
+
+// Just jump to package syscall's implementation for all these functions.
+// The runtime may know about them.
+
+TEXT ·Syscall(SB),NOSPLIT,$0-56
+	B	syscall·Syscall(SB)
+
+TEXT ·Syscall6(SB),NOSPLIT,$0-80
+	B	syscall·Syscall6(SB)
+
+TEXT ·SyscallNoError(SB),NOSPLIT,$0-48
+	BL	runtime·entersyscall(SB)
+	MOVD	a1+8(FP), R0
+	MOVD	a2+16(FP), R1
+	MOVD	a3+24(FP), R2
+	MOVD	$0, R3
+	MOVD	$0, R4
+	MOVD	$0, R5
+	MOVD	trap+0(FP), R8	// syscall entry
+	SVC
+	MOVD	R0, r1+32(FP)	// r1
+	MOVD	R1, r2+40(FP)	// r2
+	BL	runtime·exitsyscall(SB)
+	RET
+
+TEXT ·RawSyscall(SB),NOSPLIT,$0-56
+	B	syscall·RawSyscall(SB)
+
+TEXT ·RawSyscall6(SB),NOSPLIT,$0-80
+	B	syscall·RawSyscall6(SB)
+
+TEXT ·RawSyscallNoError(SB),NOSPLIT,$0-48
+	MOVD	a1+8(FP), R0
+	MOVD	a2+16(FP), R1
+	MOVD	a3+24(FP), R2
+	MOVD	$0, R3
+	MOVD	$0, R4
+	MOVD	$0, R5
+	MOVD	trap+0(FP), R8	// syscall entry
+	SVC
+	MOVD	R0, r1+32(FP)
+	MOVD	R1, r2+40(FP)
+	RET
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s
new file mode 100644
index 000000000..ab9d63831
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s
@@ -0,0 +1,56 @@
+// Copyright 2015 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build linux
+// +build mips64 mips64le
+// +build !gccgo
+
+#include "textflag.h"
+
+//
+// System calls for mips64, Linux
+//
+
+// Just jump to package syscall's implementation for all these functions.
+// The runtime may know about them.
+
+TEXT ·Syscall(SB),NOSPLIT,$0-56
+	JMP	syscall·Syscall(SB)
+
+TEXT ·Syscall6(SB),NOSPLIT,$0-80
+	JMP	syscall·Syscall6(SB)
+
+TEXT ·SyscallNoError(SB),NOSPLIT,$0-48
+	JAL	runtime·entersyscall(SB)
+	MOVV	a1+8(FP), R4
+	MOVV	a2+16(FP), R5
+	MOVV	a3+24(FP), R6
+	MOVV	R0, R7
+	MOVV	R0, R8
+	MOVV	R0, R9
+	MOVV	trap+0(FP), R2	// syscall entry
+	SYSCALL
+	MOVV	R2, r1+32(FP)
+	MOVV	R3, r2+40(FP)
+	JAL	runtime·exitsyscall(SB)
+	RET
+
+TEXT ·RawSyscall(SB),NOSPLIT,$0-56
+	JMP	syscall·RawSyscall(SB)
+
+TEXT ·RawSyscall6(SB),NOSPLIT,$0-80
+	JMP	syscall·RawSyscall6(SB)
+
+TEXT ·RawSyscallNoError(SB),NOSPLIT,$0-48
+	MOVV	a1+8(FP), R4
+	MOVV	a2+16(FP), R5
+	MOVV	a3+24(FP), R6
+	MOVV	R0, R7
+	MOVV	R0, R8
+	MOVV	R0, R9
+	MOVV	trap+0(FP), R2	// syscall entry
+	SYSCALL
+	MOVV	R2, r1+32(FP)
+	MOVV	R3, r2+40(FP)
+	RET
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s
new file mode 100644
index 000000000..99e539904
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s
@@ -0,0 +1,54 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build linux
+// +build mips mipsle
+// +build !gccgo
+
+#include "textflag.h"
+
+//
+// System calls for mips, Linux
+//
+
+// Just jump to package syscall's implementation for all these functions.
+// The runtime may know about them.
+
+TEXT ·Syscall(SB),NOSPLIT,$0-28
+	JMP syscall·Syscall(SB)
+
+TEXT ·Syscall6(SB),NOSPLIT,$0-40
+	JMP syscall·Syscall6(SB)
+
+TEXT ·Syscall9(SB),NOSPLIT,$0-52
+	JMP syscall·Syscall9(SB)
+
+TEXT ·SyscallNoError(SB),NOSPLIT,$0-24
+	JAL	runtime·entersyscall(SB)
+	MOVW	a1+4(FP), R4
+	MOVW	a2+8(FP), R5
+	MOVW	a3+12(FP), R6
+	MOVW	R0, R7
+	MOVW	trap+0(FP), R2	// syscall entry
+	SYSCALL
+	MOVW	R2, r1+16(FP)	// r1
+	MOVW	R3, r2+20(FP)	// r2
+	JAL	runtime·exitsyscall(SB)
+	RET
+
+TEXT ·RawSyscall(SB),NOSPLIT,$0-28
+	JMP syscall·RawSyscall(SB)
+
+TEXT ·RawSyscall6(SB),NOSPLIT,$0-40
+	JMP syscall·RawSyscall6(SB)
+
+TEXT ·RawSyscallNoError(SB),NOSPLIT,$0-24
+	MOVW	a1+4(FP), R4
+	MOVW	a2+8(FP), R5
+	MOVW	a3+12(FP), R6
+	MOVW	trap+0(FP), R2	// syscall entry
+	SYSCALL
+	MOVW	R2, r1+16(FP)
+	MOVW	R3, r2+20(FP)
+	RET
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s
new file mode 100644
index 000000000..88f712557
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s
@@ -0,0 +1,44 @@
+// Copyright 2014 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build linux
+// +build ppc64 ppc64le
+// +build !gccgo
+
+#include "textflag.h"
+
+//
+// System calls for ppc64, Linux
+//
+
+// Just jump to package syscall's implementation for all these functions.
+// The runtime may know about them.
+
+TEXT ·SyscallNoError(SB),NOSPLIT,$0-48
+	BL	runtime·entersyscall(SB)
+	MOVD	a1+8(FP), R3
+	MOVD	a2+16(FP), R4
+	MOVD	a3+24(FP), R5
+	MOVD	R0, R6
+	MOVD	R0, R7
+	MOVD	R0, R8
+	MOVD	trap+0(FP), R9	// syscall entry
+	SYSCALL R9
+	MOVD	R3, r1+32(FP)
+	MOVD	R4, r2+40(FP)
+	BL	runtime·exitsyscall(SB)
+	RET
+
+TEXT ·RawSyscallNoError(SB),NOSPLIT,$0-48
+	MOVD	a1+8(FP), R3
+	MOVD	a2+16(FP), R4
+	MOVD	a3+24(FP), R5
+	MOVD	R0, R6
+	MOVD	R0, R7
+	MOVD	R0, R8
+	MOVD	trap+0(FP), R9	// syscall entry
+	SYSCALL R9
+	MOVD	R3, r1+32(FP)
+	MOVD	R4, r2+40(FP)
+	RET
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s
new file mode 100644
index 000000000..3cfefed2e
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s
@@ -0,0 +1,47 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build riscv64,!gccgo
+
+#include "textflag.h"
+
+//
+// System calls for linux/riscv64.
+//
+// Where available, just jump to package syscall's implementation of
+// these functions.
+
+TEXT ·Syscall(SB),NOSPLIT,$0-56
+	JMP	syscall·Syscall(SB)
+
+TEXT ·Syscall6(SB),NOSPLIT,$0-80
+	JMP	syscall·Syscall6(SB)
+
+TEXT ·SyscallNoError(SB),NOSPLIT,$0-48
+	CALL	runtime·entersyscall(SB)
+	MOV	a1+8(FP), A0
+	MOV	a2+16(FP), A1
+	MOV	a3+24(FP), A2
+	MOV	trap+0(FP), A7	// syscall entry
+	ECALL
+	MOV	A0, r1+32(FP)	// r1
+	MOV	A1, r2+40(FP)	// r2
+	CALL	runtime·exitsyscall(SB)
+	RET
+
+TEXT ·RawSyscall(SB),NOSPLIT,$0-56
+	JMP	syscall·RawSyscall(SB)
+
+TEXT ·RawSyscall6(SB),NOSPLIT,$0-80
+	JMP	syscall·RawSyscall6(SB)
+
+TEXT ·RawSyscallNoError(SB),NOSPLIT,$0-48
+	MOV	a1+8(FP), A0
+	MOV	a2+16(FP), A1
+	MOV	a3+24(FP), A2
+	MOV	trap+0(FP), A7	// syscall entry
+	ECALL
+	MOV	A0, r1+32(FP)
+	MOV	A1, r2+40(FP)
+	RET
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_linux_s390x.s b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_linux_s390x.s
new file mode 100644
index 000000000..a5a863c6b
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_linux_s390x.s
@@ -0,0 +1,56 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build s390x
+// +build linux
+// +build !gccgo
+
+#include "textflag.h"
+
+//
+// System calls for s390x, Linux
+//
+
+// Just jump to package syscall's implementation for all these functions.
+// The runtime may know about them.
+
+TEXT ·Syscall(SB),NOSPLIT,$0-56
+	BR	syscall·Syscall(SB)
+
+TEXT ·Syscall6(SB),NOSPLIT,$0-80
+	BR	syscall·Syscall6(SB)
+
+TEXT ·SyscallNoError(SB),NOSPLIT,$0-48
+	BL	runtime·entersyscall(SB)
+	MOVD	a1+8(FP), R2
+	MOVD	a2+16(FP), R3
+	MOVD	a3+24(FP), R4
+	MOVD	$0, R5
+	MOVD	$0, R6
+	MOVD	$0, R7
+	MOVD	trap+0(FP), R1	// syscall entry
+	SYSCALL
+	MOVD	R2, r1+32(FP)
+	MOVD	R3, r2+40(FP)
+	BL	runtime·exitsyscall(SB)
+	RET
+
+TEXT ·RawSyscall(SB),NOSPLIT,$0-56
+	BR	syscall·RawSyscall(SB)
+
+TEXT ·RawSyscall6(SB),NOSPLIT,$0-80
+	BR	syscall·RawSyscall6(SB)
+
+TEXT ·RawSyscallNoError(SB),NOSPLIT,$0-48
+	MOVD	a1+8(FP), R2
+	MOVD	a2+16(FP), R3
+	MOVD	a3+24(FP), R4
+	MOVD	$0, R5
+	MOVD	$0, R6
+	MOVD	$0, R7
+	MOVD	trap+0(FP), R1	// syscall entry
+	SYSCALL
+	MOVD	R2, r1+32(FP)
+	MOVD	R3, r2+40(FP)
+	RET
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_netbsd_386.s b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_netbsd_386.s
new file mode 100644
index 000000000..48bdcd763
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_netbsd_386.s
@@ -0,0 +1,29 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !gccgo
+
+#include "textflag.h"
+
+//
+// System call support for 386, NetBSD
+//
+
+// Just jump to package syscall's implementation for all these functions.
+// The runtime may know about them.
+
+TEXT	·Syscall(SB),NOSPLIT,$0-28
+	JMP	syscall·Syscall(SB)
+
+TEXT	·Syscall6(SB),NOSPLIT,$0-40
+	JMP	syscall·Syscall6(SB)
+
+TEXT	·Syscall9(SB),NOSPLIT,$0-52
+	JMP	syscall·Syscall9(SB)
+
+TEXT ·RawSyscall(SB),NOSPLIT,$0-28
+	JMP	syscall·RawSyscall(SB)
+
+TEXT	·RawSyscall6(SB),NOSPLIT,$0-40
+	JMP	syscall·RawSyscall6(SB)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_netbsd_amd64.s b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_netbsd_amd64.s
new file mode 100644
index 000000000..2ede05c72
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_netbsd_amd64.s
@@ -0,0 +1,29 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !gccgo
+
+#include "textflag.h"
+
+//
+// System call support for AMD64, NetBSD
+//
+
+// Just jump to package syscall's implementation for all these functions.
+// The runtime may know about them.
+
+TEXT	·Syscall(SB),NOSPLIT,$0-56
+	JMP	syscall·Syscall(SB)
+
+TEXT	·Syscall6(SB),NOSPLIT,$0-80
+	JMP	syscall·Syscall6(SB)
+
+TEXT	·Syscall9(SB),NOSPLIT,$0-104
+	JMP	syscall·Syscall9(SB)
+
+TEXT	·RawSyscall(SB),NOSPLIT,$0-56
+	JMP	syscall·RawSyscall(SB)
+
+TEXT	·RawSyscall6(SB),NOSPLIT,$0-80
+	JMP	syscall·RawSyscall6(SB)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_netbsd_arm.s b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_netbsd_arm.s
new file mode 100644
index 000000000..e8928571c
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_netbsd_arm.s
@@ -0,0 +1,29 @@
+// Copyright 2013 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !gccgo
+
+#include "textflag.h"
+
+//
+// System call support for ARM, NetBSD
+//
+
+// Just jump to package syscall's implementation for all these functions.
+// The runtime may know about them.
+
+TEXT	·Syscall(SB),NOSPLIT,$0-28
+	B	syscall·Syscall(SB)
+
+TEXT	·Syscall6(SB),NOSPLIT,$0-40
+	B	syscall·Syscall6(SB)
+
+TEXT	·Syscall9(SB),NOSPLIT,$0-52
+	B	syscall·Syscall9(SB)
+
+TEXT	·RawSyscall(SB),NOSPLIT,$0-28
+	B	syscall·RawSyscall(SB)
+
+TEXT	·RawSyscall6(SB),NOSPLIT,$0-40
+	B	syscall·RawSyscall6(SB)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_netbsd_arm64.s b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_netbsd_arm64.s
new file mode 100644
index 000000000..6f98ba5a3
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_netbsd_arm64.s
@@ -0,0 +1,29 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !gccgo
+
+#include "textflag.h"
+
+//
+// System call support for ARM64, NetBSD
+//
+
+// Just jump to package syscall's implementation for all these functions.
+// The runtime may know about them.
+
+TEXT	·Syscall(SB),NOSPLIT,$0-56
+	B	syscall·Syscall(SB)
+
+TEXT	·Syscall6(SB),NOSPLIT,$0-80
+	B	syscall·Syscall6(SB)
+
+TEXT	·Syscall9(SB),NOSPLIT,$0-104
+	B	syscall·Syscall9(SB)
+
+TEXT	·RawSyscall(SB),NOSPLIT,$0-56
+	B	syscall·RawSyscall(SB)
+
+TEXT	·RawSyscall6(SB),NOSPLIT,$0-80
+	B	syscall·RawSyscall6(SB)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_openbsd_386.s b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_openbsd_386.s
new file mode 100644
index 000000000..00576f3c8
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_openbsd_386.s
@@ -0,0 +1,29 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !gccgo
+
+#include "textflag.h"
+
+//
+// System call support for 386, OpenBSD
+//
+
+// Just jump to package syscall's implementation for all these functions.
+// The runtime may know about them.
+
+TEXT	·Syscall(SB),NOSPLIT,$0-28
+	JMP	syscall·Syscall(SB)
+
+TEXT	·Syscall6(SB),NOSPLIT,$0-40
+	JMP	syscall·Syscall6(SB)
+
+TEXT	·Syscall9(SB),NOSPLIT,$0-52
+	JMP	syscall·Syscall9(SB)
+
+TEXT ·RawSyscall(SB),NOSPLIT,$0-28
+	JMP	syscall·RawSyscall(SB)
+
+TEXT	·RawSyscall6(SB),NOSPLIT,$0-40
+	JMP	syscall·RawSyscall6(SB)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_openbsd_amd64.s b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_openbsd_amd64.s
new file mode 100644
index 000000000..790ef77f8
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_openbsd_amd64.s
@@ -0,0 +1,29 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !gccgo
+
+#include "textflag.h"
+
+//
+// System call support for AMD64, OpenBSD
+//
+
+// Just jump to package syscall's implementation for all these functions.
+// The runtime may know about them.
+
+TEXT	·Syscall(SB),NOSPLIT,$0-56
+	JMP	syscall·Syscall(SB)
+
+TEXT	·Syscall6(SB),NOSPLIT,$0-80
+	JMP	syscall·Syscall6(SB)
+
+TEXT	·Syscall9(SB),NOSPLIT,$0-104
+	JMP	syscall·Syscall9(SB)
+
+TEXT	·RawSyscall(SB),NOSPLIT,$0-56
+	JMP	syscall·RawSyscall(SB)
+
+TEXT	·RawSyscall6(SB),NOSPLIT,$0-80
+	JMP	syscall·RawSyscall6(SB)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_openbsd_arm.s b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_openbsd_arm.s
new file mode 100644
index 000000000..469bfa100
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_openbsd_arm.s
@@ -0,0 +1,29 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !gccgo
+
+#include "textflag.h"
+
+//
+// System call support for ARM, OpenBSD
+//
+
+// Just jump to package syscall's implementation for all these functions.
+// The runtime may know about them.
+
+TEXT	·Syscall(SB),NOSPLIT,$0-28
+	B	syscall·Syscall(SB)
+
+TEXT	·Syscall6(SB),NOSPLIT,$0-40
+	B	syscall·Syscall6(SB)
+
+TEXT	·Syscall9(SB),NOSPLIT,$0-52
+	B	syscall·Syscall9(SB)
+
+TEXT	·RawSyscall(SB),NOSPLIT,$0-28
+	B	syscall·RawSyscall(SB)
+
+TEXT	·RawSyscall6(SB),NOSPLIT,$0-40
+	B	syscall·RawSyscall6(SB)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_openbsd_arm64.s b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_openbsd_arm64.s
new file mode 100644
index 000000000..0cedea3d3
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_openbsd_arm64.s
@@ -0,0 +1,29 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !gccgo
+
+#include "textflag.h"
+
+//
+// System call support for arm64, OpenBSD
+//
+
+// Just jump to package syscall's implementation for all these functions.
+// The runtime may know about them.
+
+TEXT	·Syscall(SB),NOSPLIT,$0-56
+	JMP	syscall·Syscall(SB)
+
+TEXT	·Syscall6(SB),NOSPLIT,$0-80
+	JMP	syscall·Syscall6(SB)
+
+TEXT	·Syscall9(SB),NOSPLIT,$0-104
+	JMP	syscall·Syscall9(SB)
+
+TEXT	·RawSyscall(SB),NOSPLIT,$0-56
+	JMP	syscall·RawSyscall(SB)
+
+TEXT	·RawSyscall6(SB),NOSPLIT,$0-80
+	JMP	syscall·RawSyscall6(SB)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s
new file mode 100644
index 000000000..567a4763c
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s
@@ -0,0 +1,29 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !gccgo
+
+#include "textflag.h"
+
+//
+// System call support for mips64, OpenBSD
+//
+
+// Just jump to package syscall's implementation for all these functions.
+// The runtime may know about them.
+
+TEXT	·Syscall(SB),NOSPLIT,$0-56
+	JMP	syscall·Syscall(SB)
+
+TEXT	·Syscall6(SB),NOSPLIT,$0-80
+	JMP	syscall·Syscall6(SB)
+
+TEXT	·Syscall9(SB),NOSPLIT,$0-104
+	JMP	syscall·Syscall9(SB)
+
+TEXT	·RawSyscall(SB),NOSPLIT,$0-56
+	JMP	syscall·RawSyscall(SB)
+
+TEXT	·RawSyscall6(SB),NOSPLIT,$0-80
+	JMP	syscall·RawSyscall6(SB)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s
new file mode 100644
index 000000000..ded8260f3
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s
@@ -0,0 +1,17 @@
+// Copyright 2014 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !gccgo
+
+#include "textflag.h"
+
+//
+// System calls for amd64, Solaris are implemented in runtime/syscall_solaris.go
+//
+
+TEXT ·sysvicall6(SB),NOSPLIT,$0-88
+	JMP	syscall·sysvicall6(SB)
+
+TEXT ·rawSysvicall6(SB),NOSPLIT,$0-88
+	JMP	syscall·rawSysvicall6(SB)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/bluetooth_linux.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/bluetooth_linux.go
new file mode 100644
index 000000000..a178a6149
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/bluetooth_linux.go
@@ -0,0 +1,36 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Bluetooth sockets and messages
+
+package unix
+
+// Bluetooth Protocols
+const (
+	BTPROTO_L2CAP  = 0
+	BTPROTO_HCI    = 1
+	BTPROTO_SCO    = 2
+	BTPROTO_RFCOMM = 3
+	BTPROTO_BNEP   = 4
+	BTPROTO_CMTP   = 5
+	BTPROTO_HIDP   = 6
+	BTPROTO_AVDTP  = 7
+)
+
+const (
+	HCI_CHANNEL_RAW     = 0
+	HCI_CHANNEL_USER    = 1
+	HCI_CHANNEL_MONITOR = 2
+	HCI_CHANNEL_CONTROL = 3
+	HCI_CHANNEL_LOGGING = 4
+)
+
+// Socketoption Level
+const (
+	SOL_BLUETOOTH = 0x112
+	SOL_HCI       = 0x0
+	SOL_L2CAP     = 0x6
+	SOL_RFCOMM    = 0x12
+	SOL_SCO       = 0x11
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/cap_freebsd.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/cap_freebsd.go
new file mode 100644
index 000000000..df5204877
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/cap_freebsd.go
@@ -0,0 +1,195 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build freebsd
+
+package unix
+
+import (
+	"errors"
+	"fmt"
+)
+
+// Go implementation of C mostly found in /usr/src/sys/kern/subr_capability.c
+
+const (
+	// This is the version of CapRights this package understands. See C implementation for parallels.
+	capRightsGoVersion = CAP_RIGHTS_VERSION_00
+	capArSizeMin       = CAP_RIGHTS_VERSION_00 + 2
+	capArSizeMax       = capRightsGoVersion + 2
+)
+
+var (
+	bit2idx = []int{
+		-1, 0, 1, -1, 2, -1, -1, -1, 3, -1, -1, -1, -1, -1, -1, -1,
+		4, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+	}
+)
+
+func capidxbit(right uint64) int {
+	return int((right >> 57) & 0x1f)
+}
+
+func rightToIndex(right uint64) (int, error) {
+	idx := capidxbit(right)
+	if idx < 0 || idx >= len(bit2idx) {
+		return -2, fmt.Errorf("index for right 0x%x out of range", right)
+	}
+	return bit2idx[idx], nil
+}
+
+func caprver(right uint64) int {
+	return int(right >> 62)
+}
+
+func capver(rights *CapRights) int {
+	return caprver(rights.Rights[0])
+}
+
+func caparsize(rights *CapRights) int {
+	return capver(rights) + 2
+}
+
+// CapRightsSet sets the permissions in setrights in rights.
+func CapRightsSet(rights *CapRights, setrights []uint64) error {
+	// This is essentially a copy of cap_rights_vset()
+	if capver(rights) != CAP_RIGHTS_VERSION_00 {
+		return fmt.Errorf("bad rights version %d", capver(rights))
+	}
+
+	n := caparsize(rights)
+	if n < capArSizeMin || n > capArSizeMax {
+		return errors.New("bad rights size")
+	}
+
+	for _, right := range setrights {
+		if caprver(right) != CAP_RIGHTS_VERSION_00 {
+			return errors.New("bad right version")
+		}
+		i, err := rightToIndex(right)
+		if err != nil {
+			return err
+		}
+		if i >= n {
+			return errors.New("index overflow")
+		}
+		if capidxbit(rights.Rights[i]) != capidxbit(right) {
+			return errors.New("index mismatch")
+		}
+		rights.Rights[i] |= right
+		if capidxbit(rights.Rights[i]) != capidxbit(right) {
+			return errors.New("index mismatch (after assign)")
+		}
+	}
+
+	return nil
+}
+
+// CapRightsClear clears the permissions in clearrights from rights.
+func CapRightsClear(rights *CapRights, clearrights []uint64) error {
+	// This is essentially a copy of cap_rights_vclear()
+	if capver(rights) != CAP_RIGHTS_VERSION_00 {
+		return fmt.Errorf("bad rights version %d", capver(rights))
+	}
+
+	n := caparsize(rights)
+	if n < capArSizeMin || n > capArSizeMax {
+		return errors.New("bad rights size")
+	}
+
+	for _, right := range clearrights {
+		if caprver(right) != CAP_RIGHTS_VERSION_00 {
+			return errors.New("bad right version")
+		}
+		i, err := rightToIndex(right)
+		if err != nil {
+			return err
+		}
+		if i >= n {
+			return errors.New("index overflow")
+		}
+		if capidxbit(rights.Rights[i]) != capidxbit(right) {
+			return errors.New("index mismatch")
+		}
+		rights.Rights[i] &= ^(right & 0x01FFFFFFFFFFFFFF)
+		if capidxbit(rights.Rights[i]) != capidxbit(right) {
+			return errors.New("index mismatch (after assign)")
+		}
+	}
+
+	return nil
+}
+
+// CapRightsIsSet checks whether all the permissions in setrights are present in rights.
+func CapRightsIsSet(rights *CapRights, setrights []uint64) (bool, error) {
+	// This is essentially a copy of cap_rights_is_vset()
+	if capver(rights) != CAP_RIGHTS_VERSION_00 {
+		return false, fmt.Errorf("bad rights version %d", capver(rights))
+	}
+
+	n := caparsize(rights)
+	if n < capArSizeMin || n > capArSizeMax {
+		return false, errors.New("bad rights size")
+	}
+
+	for _, right := range setrights {
+		if caprver(right) != CAP_RIGHTS_VERSION_00 {
+			return false, errors.New("bad right version")
+		}
+		i, err := rightToIndex(right)
+		if err != nil {
+			return false, err
+		}
+		if i >= n {
+			return false, errors.New("index overflow")
+		}
+		if capidxbit(rights.Rights[i]) != capidxbit(right) {
+			return false, errors.New("index mismatch")
+		}
+		if (rights.Rights[i] & right) != right {
+			return false, nil
+		}
+	}
+
+	return true, nil
+}
+
+func capright(idx uint64, bit uint64) uint64 {
+	return ((1 << (57 + idx)) | bit)
+}
+
+// CapRightsInit returns a pointer to an initialised CapRights structure filled with rights.
+// See man cap_rights_init(3) and rights(4).
+func CapRightsInit(rights []uint64) (*CapRights, error) {
+	var r CapRights
+	r.Rights[0] = (capRightsGoVersion << 62) | capright(0, 0)
+	r.Rights[1] = capright(1, 0)
+
+	err := CapRightsSet(&r, rights)
+	if err != nil {
+		return nil, err
+	}
+	return &r, nil
+}
+
+// CapRightsLimit reduces the operations permitted on fd to at most those contained in rights.
+// The capability rights on fd can never be increased by CapRightsLimit.
+// See man cap_rights_limit(2) and rights(4).
+func CapRightsLimit(fd uintptr, rights *CapRights) error {
+	return capRightsLimit(int(fd), rights)
+}
+
+// CapRightsGet returns a CapRights structure containing the operations permitted on fd.
+// See man cap_rights_get(3) and rights(4).
+func CapRightsGet(fd uintptr) (*CapRights, error) {
+	r, err := CapRightsInit(nil)
+	if err != nil {
+		return nil, err
+	}
+	err = capRightsGet(capRightsGoVersion, int(fd), r)
+	if err != nil {
+		return nil, err
+	}
+	return r, nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/constants.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/constants.go
new file mode 100644
index 000000000..3a6ac648d
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/constants.go
@@ -0,0 +1,13 @@
+// Copyright 2015 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
+
+package unix
+
+const (
+	R_OK = 0x4
+	W_OK = 0x2
+	X_OK = 0x1
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/dev_aix_ppc.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/dev_aix_ppc.go
new file mode 100644
index 000000000..5e5fb4510
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/dev_aix_ppc.go
@@ -0,0 +1,27 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build aix
+// +build ppc
+
+// Functions to access/create device major and minor numbers matching the
+// encoding used by AIX.
+
+package unix
+
+// Major returns the major component of a Linux device number.
+func Major(dev uint64) uint32 {
+	return uint32((dev >> 16) & 0xffff)
+}
+
+// Minor returns the minor component of a Linux device number.
+func Minor(dev uint64) uint32 {
+	return uint32(dev & 0xffff)
+}
+
+// Mkdev returns a Linux device number generated from the given major and minor
+// components.
+func Mkdev(major, minor uint32) uint64 {
+	return uint64(((major) << 16) | (minor))
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/dev_aix_ppc64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/dev_aix_ppc64.go
new file mode 100644
index 000000000..8b401244c
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/dev_aix_ppc64.go
@@ -0,0 +1,29 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build aix
+// +build ppc64
+
+// Functions to access/create device major and minor numbers matching the
+// encoding used AIX.
+
+package unix
+
+// Major returns the major component of a Linux device number.
+func Major(dev uint64) uint32 {
+	return uint32((dev & 0x3fffffff00000000) >> 32)
+}
+
+// Minor returns the minor component of a Linux device number.
+func Minor(dev uint64) uint32 {
+	return uint32((dev & 0x00000000ffffffff) >> 0)
+}
+
+// Mkdev returns a Linux device number generated from the given major and minor
+// components.
+func Mkdev(major, minor uint32) uint64 {
+	var DEVNO64 uint64
+	DEVNO64 = 0x8000000000000000
+	return ((uint64(major) << 32) | (uint64(minor) & 0x00000000FFFFFFFF) | DEVNO64)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/dev_darwin.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/dev_darwin.go
new file mode 100644
index 000000000..8d1dc0fa3
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/dev_darwin.go
@@ -0,0 +1,24 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Functions to access/create device major and minor numbers matching the
+// encoding used in Darwin's sys/types.h header.
+
+package unix
+
+// Major returns the major component of a Darwin device number.
+func Major(dev uint64) uint32 {
+	return uint32((dev >> 24) & 0xff)
+}
+
+// Minor returns the minor component of a Darwin device number.
+func Minor(dev uint64) uint32 {
+	return uint32(dev & 0xffffff)
+}
+
+// Mkdev returns a Darwin device number generated from the given major and minor
+// components.
+func Mkdev(major, minor uint32) uint64 {
+	return (uint64(major) << 24) | uint64(minor)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/dev_dragonfly.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/dev_dragonfly.go
new file mode 100644
index 000000000..8502f202c
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/dev_dragonfly.go
@@ -0,0 +1,30 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Functions to access/create device major and minor numbers matching the
+// encoding used in Dragonfly's sys/types.h header.
+//
+// The information below is extracted and adapted from sys/types.h:
+//
+// Minor gives a cookie instead of an index since in order to avoid changing the
+// meanings of bits 0-15 or wasting time and space shifting bits 16-31 for
+// devices that don't use them.
+
+package unix
+
+// Major returns the major component of a DragonFlyBSD device number.
+func Major(dev uint64) uint32 {
+	return uint32((dev >> 8) & 0xff)
+}
+
+// Minor returns the minor component of a DragonFlyBSD device number.
+func Minor(dev uint64) uint32 {
+	return uint32(dev & 0xffff00ff)
+}
+
+// Mkdev returns a DragonFlyBSD device number generated from the given major and
+// minor components.
+func Mkdev(major, minor uint32) uint64 {
+	return (uint64(major) << 8) | uint64(minor)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/dev_freebsd.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/dev_freebsd.go
new file mode 100644
index 000000000..eba3b4bd3
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/dev_freebsd.go
@@ -0,0 +1,30 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Functions to access/create device major and minor numbers matching the
+// encoding used in FreeBSD's sys/types.h header.
+//
+// The information below is extracted and adapted from sys/types.h:
+//
+// Minor gives a cookie instead of an index since in order to avoid changing the
+// meanings of bits 0-15 or wasting time and space shifting bits 16-31 for
+// devices that don't use them.
+
+package unix
+
+// Major returns the major component of a FreeBSD device number.
+func Major(dev uint64) uint32 {
+	return uint32((dev >> 8) & 0xff)
+}
+
+// Minor returns the minor component of a FreeBSD device number.
+func Minor(dev uint64) uint32 {
+	return uint32(dev & 0xffff00ff)
+}
+
+// Mkdev returns a FreeBSD device number generated from the given major and
+// minor components.
+func Mkdev(major, minor uint32) uint64 {
+	return (uint64(major) << 8) | uint64(minor)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/dev_linux.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/dev_linux.go
new file mode 100644
index 000000000..d165d6f30
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/dev_linux.go
@@ -0,0 +1,42 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Functions to access/create device major and minor numbers matching the
+// encoding used by the Linux kernel and glibc.
+//
+// The information below is extracted and adapted from bits/sysmacros.h in the
+// glibc sources:
+//
+// dev_t in glibc is 64-bit, with 32-bit major and minor numbers. glibc's
+// default encoding is MMMM Mmmm mmmM MMmm, where M is a hex digit of the major
+// number and m is a hex digit of the minor number. This is backward compatible
+// with legacy systems where dev_t is 16 bits wide, encoded as MMmm. It is also
+// backward compatible with the Linux kernel, which for some architectures uses
+// 32-bit dev_t, encoded as mmmM MMmm.
+
+package unix
+
+// Major returns the major component of a Linux device number.
+func Major(dev uint64) uint32 {
+	major := uint32((dev & 0x00000000000fff00) >> 8)
+	major |= uint32((dev & 0xfffff00000000000) >> 32)
+	return major
+}
+
+// Minor returns the minor component of a Linux device number.
+func Minor(dev uint64) uint32 {
+	minor := uint32((dev & 0x00000000000000ff) >> 0)
+	minor |= uint32((dev & 0x00000ffffff00000) >> 12)
+	return minor
+}
+
+// Mkdev returns a Linux device number generated from the given major and minor
+// components.
+func Mkdev(major, minor uint32) uint64 {
+	dev := (uint64(major) & 0x00000fff) << 8
+	dev |= (uint64(major) & 0xfffff000) << 32
+	dev |= (uint64(minor) & 0x000000ff) << 0
+	dev |= (uint64(minor) & 0xffffff00) << 12
+	return dev
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/dev_netbsd.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/dev_netbsd.go
new file mode 100644
index 000000000..b4a203d0c
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/dev_netbsd.go
@@ -0,0 +1,29 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Functions to access/create device major and minor numbers matching the
+// encoding used in NetBSD's sys/types.h header.
+
+package unix
+
+// Major returns the major component of a NetBSD device number.
+func Major(dev uint64) uint32 {
+	return uint32((dev & 0x000fff00) >> 8)
+}
+
+// Minor returns the minor component of a NetBSD device number.
+func Minor(dev uint64) uint32 {
+	minor := uint32((dev & 0x000000ff) >> 0)
+	minor |= uint32((dev & 0xfff00000) >> 12)
+	return minor
+}
+
+// Mkdev returns a NetBSD device number generated from the given major and minor
+// components.
+func Mkdev(major, minor uint32) uint64 {
+	dev := (uint64(major) << 8) & 0x000fff00
+	dev |= (uint64(minor) << 12) & 0xfff00000
+	dev |= (uint64(minor) << 0) & 0x000000ff
+	return dev
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/dev_openbsd.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/dev_openbsd.go
new file mode 100644
index 000000000..f3430c42f
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/dev_openbsd.go
@@ -0,0 +1,29 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Functions to access/create device major and minor numbers matching the
+// encoding used in OpenBSD's sys/types.h header.
+
+package unix
+
+// Major returns the major component of an OpenBSD device number.
+func Major(dev uint64) uint32 {
+	return uint32((dev & 0x0000ff00) >> 8)
+}
+
+// Minor returns the minor component of an OpenBSD device number.
+func Minor(dev uint64) uint32 {
+	minor := uint32((dev & 0x000000ff) >> 0)
+	minor |= uint32((dev & 0xffff0000) >> 8)
+	return minor
+}
+
+// Mkdev returns an OpenBSD device number generated from the given major and minor
+// components.
+func Mkdev(major, minor uint32) uint64 {
+	dev := (uint64(major) << 8) & 0x0000ff00
+	dev |= (uint64(minor) << 8) & 0xffff0000
+	dev |= (uint64(minor) << 0) & 0x000000ff
+	return dev
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/dirent.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/dirent.go
new file mode 100644
index 000000000..304016b68
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/dirent.go
@@ -0,0 +1,102 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
+
+package unix
+
+import "unsafe"
+
+// readInt returns the size-bytes unsigned integer in native byte order at offset off.
+func readInt(b []byte, off, size uintptr) (u uint64, ok bool) {
+	if len(b) < int(off+size) {
+		return 0, false
+	}
+	if isBigEndian {
+		return readIntBE(b[off:], size), true
+	}
+	return readIntLE(b[off:], size), true
+}
+
+func readIntBE(b []byte, size uintptr) uint64 {
+	switch size {
+	case 1:
+		return uint64(b[0])
+	case 2:
+		_ = b[1] // bounds check hint to compiler; see golang.org/issue/14808
+		return uint64(b[1]) | uint64(b[0])<<8
+	case 4:
+		_ = b[3] // bounds check hint to compiler; see golang.org/issue/14808
+		return uint64(b[3]) | uint64(b[2])<<8 | uint64(b[1])<<16 | uint64(b[0])<<24
+	case 8:
+		_ = b[7] // bounds check hint to compiler; see golang.org/issue/14808
+		return uint64(b[7]) | uint64(b[6])<<8 | uint64(b[5])<<16 | uint64(b[4])<<24 |
+			uint64(b[3])<<32 | uint64(b[2])<<40 | uint64(b[1])<<48 | uint64(b[0])<<56
+	default:
+		panic("syscall: readInt with unsupported size")
+	}
+}
+
+func readIntLE(b []byte, size uintptr) uint64 {
+	switch size {
+	case 1:
+		return uint64(b[0])
+	case 2:
+		_ = b[1] // bounds check hint to compiler; see golang.org/issue/14808
+		return uint64(b[0]) | uint64(b[1])<<8
+	case 4:
+		_ = b[3] // bounds check hint to compiler; see golang.org/issue/14808
+		return uint64(b[0]) | uint64(b[1])<<8 | uint64(b[2])<<16 | uint64(b[3])<<24
+	case 8:
+		_ = b[7] // bounds check hint to compiler; see golang.org/issue/14808
+		return uint64(b[0]) | uint64(b[1])<<8 | uint64(b[2])<<16 | uint64(b[3])<<24 |
+			uint64(b[4])<<32 | uint64(b[5])<<40 | uint64(b[6])<<48 | uint64(b[7])<<56
+	default:
+		panic("syscall: readInt with unsupported size")
+	}
+}
+
+// ParseDirent parses up to max directory entries in buf,
+// appending the names to names. It returns the number of
+// bytes consumed from buf, the number of entries added
+// to names, and the new names slice.
+func ParseDirent(buf []byte, max int, names []string) (consumed int, count int, newnames []string) {
+	origlen := len(buf)
+	count = 0
+	for max != 0 && len(buf) > 0 {
+		reclen, ok := direntReclen(buf)
+		if !ok || reclen > uint64(len(buf)) {
+			return origlen, count, names
+		}
+		rec := buf[:reclen]
+		buf = buf[reclen:]
+		ino, ok := direntIno(rec)
+		if !ok {
+			break
+		}
+		if ino == 0 { // File absent in directory.
+			continue
+		}
+		const namoff = uint64(unsafe.Offsetof(Dirent{}.Name))
+		namlen, ok := direntNamlen(rec)
+		if !ok || namoff+namlen > uint64(len(rec)) {
+			break
+		}
+		name := rec[namoff : namoff+namlen]
+		for i, c := range name {
+			if c == 0 {
+				name = name[:i]
+				break
+			}
+		}
+		// Check for useless names before allocating a string.
+		if string(name) == "." || string(name) == ".." {
+			continue
+		}
+		max--
+		count++
+		names = append(names, string(name))
+	}
+	return origlen - len(buf), count, names
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/endian_big.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/endian_big.go
new file mode 100644
index 000000000..5e9269063
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/endian_big.go
@@ -0,0 +1,9 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+//
+// +build ppc64 s390x mips mips64
+
+package unix
+
+const isBigEndian = true
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/endian_little.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/endian_little.go
new file mode 100644
index 000000000..bcdb5d30e
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/endian_little.go
@@ -0,0 +1,9 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+//
+// +build 386 amd64 amd64p32 arm arm64 ppc64le mipsle mips64le riscv64
+
+package unix
+
+const isBigEndian = false
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/env_unix.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/env_unix.go
new file mode 100644
index 000000000..84178b0a1
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/env_unix.go
@@ -0,0 +1,31 @@
+// Copyright 2010 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
+
+// Unix environment variables.
+
+package unix
+
+import "syscall"
+
+func Getenv(key string) (value string, found bool) {
+	return syscall.Getenv(key)
+}
+
+func Setenv(key, value string) error {
+	return syscall.Setenv(key, value)
+}
+
+func Clearenv() {
+	syscall.Clearenv()
+}
+
+func Environ() []string {
+	return syscall.Environ()
+}
+
+func Unsetenv(key string) error {
+	return syscall.Unsetenv(key)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/errors_freebsd_386.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/errors_freebsd_386.go
new file mode 100644
index 000000000..761db66ef
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/errors_freebsd_386.go
@@ -0,0 +1,233 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Constants that were deprecated or moved to enums in the FreeBSD headers. Keep
+// them here for backwards compatibility.
+
+package unix
+
+const (
+	DLT_HHDLC                         = 0x79
+	IFF_SMART                         = 0x20
+	IFT_1822                          = 0x2
+	IFT_A12MPPSWITCH                  = 0x82
+	IFT_AAL2                          = 0xbb
+	IFT_AAL5                          = 0x31
+	IFT_ADSL                          = 0x5e
+	IFT_AFLANE8023                    = 0x3b
+	IFT_AFLANE8025                    = 0x3c
+	IFT_ARAP                          = 0x58
+	IFT_ARCNET                        = 0x23
+	IFT_ARCNETPLUS                    = 0x24
+	IFT_ASYNC                         = 0x54
+	IFT_ATM                           = 0x25
+	IFT_ATMDXI                        = 0x69
+	IFT_ATMFUNI                       = 0x6a
+	IFT_ATMIMA                        = 0x6b
+	IFT_ATMLOGICAL                    = 0x50
+	IFT_ATMRADIO                      = 0xbd
+	IFT_ATMSUBINTERFACE               = 0x86
+	IFT_ATMVCIENDPT                   = 0xc2
+	IFT_ATMVIRTUAL                    = 0x95
+	IFT_BGPPOLICYACCOUNTING           = 0xa2
+	IFT_BSC                           = 0x53
+	IFT_CCTEMUL                       = 0x3d
+	IFT_CEPT                          = 0x13
+	IFT_CES                           = 0x85
+	IFT_CHANNEL                       = 0x46
+	IFT_CNR                           = 0x55
+	IFT_COFFEE                        = 0x84
+	IFT_COMPOSITELINK                 = 0x9b
+	IFT_DCN                           = 0x8d
+	IFT_DIGITALPOWERLINE              = 0x8a
+	IFT_DIGITALWRAPPEROVERHEADCHANNEL = 0xba
+	IFT_DLSW                          = 0x4a
+	IFT_DOCSCABLEDOWNSTREAM           = 0x80
+	IFT_DOCSCABLEMACLAYER             = 0x7f
+	IFT_DOCSCABLEUPSTREAM             = 0x81
+	IFT_DS0                           = 0x51
+	IFT_DS0BUNDLE                     = 0x52
+	IFT_DS1FDL                        = 0xaa
+	IFT_DS3                           = 0x1e
+	IFT_DTM                           = 0x8c
+	IFT_DVBASILN                      = 0xac
+	IFT_DVBASIOUT                     = 0xad
+	IFT_DVBRCCDOWNSTREAM              = 0x93
+	IFT_DVBRCCMACLAYER                = 0x92
+	IFT_DVBRCCUPSTREAM                = 0x94
+	IFT_ENC                           = 0xf4
+	IFT_EON                           = 0x19
+	IFT_EPLRS                         = 0x57
+	IFT_ESCON                         = 0x49
+	IFT_ETHER                         = 0x6
+	IFT_FAITH                         = 0xf2
+	IFT_FAST                          = 0x7d
+	IFT_FASTETHER                     = 0x3e
+	IFT_FASTETHERFX                   = 0x45
+	IFT_FDDI                          = 0xf
+	IFT_FIBRECHANNEL                  = 0x38
+	IFT_FRAMERELAYINTERCONNECT        = 0x3a
+	IFT_FRAMERELAYMPI                 = 0x5c
+	IFT_FRDLCIENDPT                   = 0xc1
+	IFT_FRELAY                        = 0x20
+	IFT_FRELAYDCE                     = 0x2c
+	IFT_FRF16MFRBUNDLE                = 0xa3
+	IFT_FRFORWARD                     = 0x9e
+	IFT_G703AT2MB                     = 0x43
+	IFT_G703AT64K                     = 0x42
+	IFT_GIF                           = 0xf0
+	IFT_GIGABITETHERNET               = 0x75
+	IFT_GR303IDT                      = 0xb2
+	IFT_GR303RDT                      = 0xb1
+	IFT_H323GATEKEEPER                = 0xa4
+	IFT_H323PROXY                     = 0xa5
+	IFT_HDH1822                       = 0x3
+	IFT_HDLC                          = 0x76
+	IFT_HDSL2                         = 0xa8
+	IFT_HIPERLAN2                     = 0xb7
+	IFT_HIPPI                         = 0x2f
+	IFT_HIPPIINTERFACE                = 0x39
+	IFT_HOSTPAD                       = 0x5a
+	IFT_HSSI                          = 0x2e
+	IFT_HY                            = 0xe
+	IFT_IBM370PARCHAN                 = 0x48
+	IFT_IDSL                          = 0x9a
+	IFT_IEEE80211                     = 0x47
+	IFT_IEEE80212                     = 0x37
+	IFT_IEEE8023ADLAG                 = 0xa1
+	IFT_IFGSN                         = 0x91
+	IFT_IMT                           = 0xbe
+	IFT_INTERLEAVE                    = 0x7c
+	IFT_IP                            = 0x7e
+	IFT_IPFORWARD                     = 0x8e
+	IFT_IPOVERATM                     = 0x72
+	IFT_IPOVERCDLC                    = 0x6d
+	IFT_IPOVERCLAW                    = 0x6e
+	IFT_IPSWITCH                      = 0x4e
+	IFT_IPXIP                         = 0xf9
+	IFT_ISDN                          = 0x3f
+	IFT_ISDNBASIC                     = 0x14
+	IFT_ISDNPRIMARY                   = 0x15
+	IFT_ISDNS                         = 0x4b
+	IFT_ISDNU                         = 0x4c
+	IFT_ISO88022LLC                   = 0x29
+	IFT_ISO88023                      = 0x7
+	IFT_ISO88024                      = 0x8
+	IFT_ISO88025                      = 0x9
+	IFT_ISO88025CRFPINT               = 0x62
+	IFT_ISO88025DTR                   = 0x56
+	IFT_ISO88025FIBER                 = 0x73
+	IFT_ISO88026                      = 0xa
+	IFT_ISUP                          = 0xb3
+	IFT_L3IPXVLAN                     = 0x89
+	IFT_LAPB                          = 0x10
+	IFT_LAPD                          = 0x4d
+	IFT_LAPF                          = 0x77
+	IFT_LOCALTALK                     = 0x2a
+	IFT_LOOP                          = 0x18
+	IFT_MEDIAMAILOVERIP               = 0x8b
+	IFT_MFSIGLINK                     = 0xa7
+	IFT_MIOX25                        = 0x26
+	IFT_MODEM                         = 0x30
+	IFT_MPC                           = 0x71
+	IFT_MPLS                          = 0xa6
+	IFT_MPLSTUNNEL                    = 0x96
+	IFT_MSDSL                         = 0x8f
+	IFT_MVL                           = 0xbf
+	IFT_MYRINET                       = 0x63
+	IFT_NFAS                          = 0xaf
+	IFT_NSIP                          = 0x1b
+	IFT_OPTICALCHANNEL                = 0xc3
+	IFT_OPTICALTRANSPORT              = 0xc4
+	IFT_OTHER                         = 0x1
+	IFT_P10                           = 0xc
+	IFT_P80                           = 0xd
+	IFT_PARA                          = 0x22
+	IFT_PFLOG                         = 0xf6
+	IFT_PFSYNC                        = 0xf7
+	IFT_PLC                           = 0xae
+	IFT_POS                           = 0xab
+	IFT_PPPMULTILINKBUNDLE            = 0x6c
+	IFT_PROPBWAP2MP                   = 0xb8
+	IFT_PROPCNLS                      = 0x59
+	IFT_PROPDOCSWIRELESSDOWNSTREAM    = 0xb5
+	IFT_PROPDOCSWIRELESSMACLAYER      = 0xb4
+	IFT_PROPDOCSWIRELESSUPSTREAM      = 0xb6
+	IFT_PROPMUX                       = 0x36
+	IFT_PROPWIRELESSP2P               = 0x9d
+	IFT_PTPSERIAL                     = 0x16
+	IFT_PVC                           = 0xf1
+	IFT_QLLC                          = 0x44
+	IFT_RADIOMAC                      = 0xbc
+	IFT_RADSL                         = 0x5f
+	IFT_REACHDSL                      = 0xc0
+	IFT_RFC1483                       = 0x9f
+	IFT_RS232                         = 0x21
+	IFT_RSRB                          = 0x4f
+	IFT_SDLC                          = 0x11
+	IFT_SDSL                          = 0x60
+	IFT_SHDSL                         = 0xa9
+	IFT_SIP                           = 0x1f
+	IFT_SLIP                          = 0x1c
+	IFT_SMDSDXI                       = 0x2b
+	IFT_SMDSICIP                      = 0x34
+	IFT_SONET                         = 0x27
+	IFT_SONETOVERHEADCHANNEL          = 0xb9
+	IFT_SONETPATH                     = 0x32
+	IFT_SONETVT                       = 0x33
+	IFT_SRP                           = 0x97
+	IFT_SS7SIGLINK                    = 0x9c
+	IFT_STACKTOSTACK                  = 0x6f
+	IFT_STARLAN                       = 0xb
+	IFT_STF                           = 0xd7
+	IFT_T1                            = 0x12
+	IFT_TDLC                          = 0x74
+	IFT_TERMPAD                       = 0x5b
+	IFT_TR008                         = 0xb0
+	IFT_TRANSPHDLC                    = 0x7b
+	IFT_TUNNEL                        = 0x83
+	IFT_ULTRA                         = 0x1d
+	IFT_USB                           = 0xa0
+	IFT_V11                           = 0x40
+	IFT_V35                           = 0x2d
+	IFT_V36                           = 0x41
+	IFT_V37                           = 0x78
+	IFT_VDSL                          = 0x61
+	IFT_VIRTUALIPADDRESS              = 0x70
+	IFT_VOICEEM                       = 0x64
+	IFT_VOICEENCAP                    = 0x67
+	IFT_VOICEFXO                      = 0x65
+	IFT_VOICEFXS                      = 0x66
+	IFT_VOICEOVERATM                  = 0x98
+	IFT_VOICEOVERFRAMERELAY           = 0x99
+	IFT_VOICEOVERIP                   = 0x68
+	IFT_X213                          = 0x5d
+	IFT_X25                           = 0x5
+	IFT_X25DDN                        = 0x4
+	IFT_X25HUNTGROUP                  = 0x7a
+	IFT_X25MLP                        = 0x79
+	IFT_X25PLE                        = 0x28
+	IFT_XETHER                        = 0x1a
+	IPPROTO_MAXID                     = 0x34
+	IPV6_FAITH                        = 0x1d
+	IPV6_MIN_MEMBERSHIPS              = 0x1f
+	IP_FAITH                          = 0x16
+	IP_MAX_SOURCE_FILTER              = 0x400
+	IP_MIN_MEMBERSHIPS                = 0x1f
+	MAP_NORESERVE                     = 0x40
+	MAP_RENAME                        = 0x20
+	NET_RT_MAXID                      = 0x6
+	RTF_PRCLONING                     = 0x10000
+	RTM_OLDADD                        = 0x9
+	RTM_OLDDEL                        = 0xa
+	RT_CACHING_CONTEXT                = 0x1
+	RT_NORTREF                        = 0x2
+	SIOCADDRT                         = 0x8030720a
+	SIOCALIFADDR                      = 0x8118691b
+	SIOCDELRT                         = 0x8030720b
+	SIOCDLIFADDR                      = 0x8118691d
+	SIOCGLIFADDR                      = 0xc118691c
+	SIOCGLIFPHYADDR                   = 0xc118694b
+	SIOCSLIFPHYADDR                   = 0x8118694a
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/errors_freebsd_amd64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/errors_freebsd_amd64.go
new file mode 100644
index 000000000..070f44b65
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/errors_freebsd_amd64.go
@@ -0,0 +1,233 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Constants that were deprecated or moved to enums in the FreeBSD headers. Keep
+// them here for backwards compatibility.
+
+package unix
+
+const (
+	DLT_HHDLC                         = 0x79
+	IFF_SMART                         = 0x20
+	IFT_1822                          = 0x2
+	IFT_A12MPPSWITCH                  = 0x82
+	IFT_AAL2                          = 0xbb
+	IFT_AAL5                          = 0x31
+	IFT_ADSL                          = 0x5e
+	IFT_AFLANE8023                    = 0x3b
+	IFT_AFLANE8025                    = 0x3c
+	IFT_ARAP                          = 0x58
+	IFT_ARCNET                        = 0x23
+	IFT_ARCNETPLUS                    = 0x24
+	IFT_ASYNC                         = 0x54
+	IFT_ATM                           = 0x25
+	IFT_ATMDXI                        = 0x69
+	IFT_ATMFUNI                       = 0x6a
+	IFT_ATMIMA                        = 0x6b
+	IFT_ATMLOGICAL                    = 0x50
+	IFT_ATMRADIO                      = 0xbd
+	IFT_ATMSUBINTERFACE               = 0x86
+	IFT_ATMVCIENDPT                   = 0xc2
+	IFT_ATMVIRTUAL                    = 0x95
+	IFT_BGPPOLICYACCOUNTING           = 0xa2
+	IFT_BSC                           = 0x53
+	IFT_CCTEMUL                       = 0x3d
+	IFT_CEPT                          = 0x13
+	IFT_CES                           = 0x85
+	IFT_CHANNEL                       = 0x46
+	IFT_CNR                           = 0x55
+	IFT_COFFEE                        = 0x84
+	IFT_COMPOSITELINK                 = 0x9b
+	IFT_DCN                           = 0x8d
+	IFT_DIGITALPOWERLINE              = 0x8a
+	IFT_DIGITALWRAPPEROVERHEADCHANNEL = 0xba
+	IFT_DLSW                          = 0x4a
+	IFT_DOCSCABLEDOWNSTREAM           = 0x80
+	IFT_DOCSCABLEMACLAYER             = 0x7f
+	IFT_DOCSCABLEUPSTREAM             = 0x81
+	IFT_DS0                           = 0x51
+	IFT_DS0BUNDLE                     = 0x52
+	IFT_DS1FDL                        = 0xaa
+	IFT_DS3                           = 0x1e
+	IFT_DTM                           = 0x8c
+	IFT_DVBASILN                      = 0xac
+	IFT_DVBASIOUT                     = 0xad
+	IFT_DVBRCCDOWNSTREAM              = 0x93
+	IFT_DVBRCCMACLAYER                = 0x92
+	IFT_DVBRCCUPSTREAM                = 0x94
+	IFT_ENC                           = 0xf4
+	IFT_EON                           = 0x19
+	IFT_EPLRS                         = 0x57
+	IFT_ESCON                         = 0x49
+	IFT_ETHER                         = 0x6
+	IFT_FAITH                         = 0xf2
+	IFT_FAST                          = 0x7d
+	IFT_FASTETHER                     = 0x3e
+	IFT_FASTETHERFX                   = 0x45
+	IFT_FDDI                          = 0xf
+	IFT_FIBRECHANNEL                  = 0x38
+	IFT_FRAMERELAYINTERCONNECT        = 0x3a
+	IFT_FRAMERELAYMPI                 = 0x5c
+	IFT_FRDLCIENDPT                   = 0xc1
+	IFT_FRELAY                        = 0x20
+	IFT_FRELAYDCE                     = 0x2c
+	IFT_FRF16MFRBUNDLE                = 0xa3
+	IFT_FRFORWARD                     = 0x9e
+	IFT_G703AT2MB                     = 0x43
+	IFT_G703AT64K                     = 0x42
+	IFT_GIF                           = 0xf0
+	IFT_GIGABITETHERNET               = 0x75
+	IFT_GR303IDT                      = 0xb2
+	IFT_GR303RDT                      = 0xb1
+	IFT_H323GATEKEEPER                = 0xa4
+	IFT_H323PROXY                     = 0xa5
+	IFT_HDH1822                       = 0x3
+	IFT_HDLC                          = 0x76
+	IFT_HDSL2                         = 0xa8
+	IFT_HIPERLAN2                     = 0xb7
+	IFT_HIPPI                         = 0x2f
+	IFT_HIPPIINTERFACE                = 0x39
+	IFT_HOSTPAD                       = 0x5a
+	IFT_HSSI                          = 0x2e
+	IFT_HY                            = 0xe
+	IFT_IBM370PARCHAN                 = 0x48
+	IFT_IDSL                          = 0x9a
+	IFT_IEEE80211                     = 0x47
+	IFT_IEEE80212                     = 0x37
+	IFT_IEEE8023ADLAG                 = 0xa1
+	IFT_IFGSN                         = 0x91
+	IFT_IMT                           = 0xbe
+	IFT_INTERLEAVE                    = 0x7c
+	IFT_IP                            = 0x7e
+	IFT_IPFORWARD                     = 0x8e
+	IFT_IPOVERATM                     = 0x72
+	IFT_IPOVERCDLC                    = 0x6d
+	IFT_IPOVERCLAW                    = 0x6e
+	IFT_IPSWITCH                      = 0x4e
+	IFT_IPXIP                         = 0xf9
+	IFT_ISDN                          = 0x3f
+	IFT_ISDNBASIC                     = 0x14
+	IFT_ISDNPRIMARY                   = 0x15
+	IFT_ISDNS                         = 0x4b
+	IFT_ISDNU                         = 0x4c
+	IFT_ISO88022LLC                   = 0x29
+	IFT_ISO88023                      = 0x7
+	IFT_ISO88024                      = 0x8
+	IFT_ISO88025                      = 0x9
+	IFT_ISO88025CRFPINT               = 0x62
+	IFT_ISO88025DTR                   = 0x56
+	IFT_ISO88025FIBER                 = 0x73
+	IFT_ISO88026                      = 0xa
+	IFT_ISUP                          = 0xb3
+	IFT_L3IPXVLAN                     = 0x89
+	IFT_LAPB                          = 0x10
+	IFT_LAPD                          = 0x4d
+	IFT_LAPF                          = 0x77
+	IFT_LOCALTALK                     = 0x2a
+	IFT_LOOP                          = 0x18
+	IFT_MEDIAMAILOVERIP               = 0x8b
+	IFT_MFSIGLINK                     = 0xa7
+	IFT_MIOX25                        = 0x26
+	IFT_MODEM                         = 0x30
+	IFT_MPC                           = 0x71
+	IFT_MPLS                          = 0xa6
+	IFT_MPLSTUNNEL                    = 0x96
+	IFT_MSDSL                         = 0x8f
+	IFT_MVL                           = 0xbf
+	IFT_MYRINET                       = 0x63
+	IFT_NFAS                          = 0xaf
+	IFT_NSIP                          = 0x1b
+	IFT_OPTICALCHANNEL                = 0xc3
+	IFT_OPTICALTRANSPORT              = 0xc4
+	IFT_OTHER                         = 0x1
+	IFT_P10                           = 0xc
+	IFT_P80                           = 0xd
+	IFT_PARA                          = 0x22
+	IFT_PFLOG                         = 0xf6
+	IFT_PFSYNC                        = 0xf7
+	IFT_PLC                           = 0xae
+	IFT_POS                           = 0xab
+	IFT_PPPMULTILINKBUNDLE            = 0x6c
+	IFT_PROPBWAP2MP                   = 0xb8
+	IFT_PROPCNLS                      = 0x59
+	IFT_PROPDOCSWIRELESSDOWNSTREAM    = 0xb5
+	IFT_PROPDOCSWIRELESSMACLAYER      = 0xb4
+	IFT_PROPDOCSWIRELESSUPSTREAM      = 0xb6
+	IFT_PROPMUX                       = 0x36
+	IFT_PROPWIRELESSP2P               = 0x9d
+	IFT_PTPSERIAL                     = 0x16
+	IFT_PVC                           = 0xf1
+	IFT_QLLC                          = 0x44
+	IFT_RADIOMAC                      = 0xbc
+	IFT_RADSL                         = 0x5f
+	IFT_REACHDSL                      = 0xc0
+	IFT_RFC1483                       = 0x9f
+	IFT_RS232                         = 0x21
+	IFT_RSRB                          = 0x4f
+	IFT_SDLC                          = 0x11
+	IFT_SDSL                          = 0x60
+	IFT_SHDSL                         = 0xa9
+	IFT_SIP                           = 0x1f
+	IFT_SLIP                          = 0x1c
+	IFT_SMDSDXI                       = 0x2b
+	IFT_SMDSICIP                      = 0x34
+	IFT_SONET                         = 0x27
+	IFT_SONETOVERHEADCHANNEL          = 0xb9
+	IFT_SONETPATH                     = 0x32
+	IFT_SONETVT                       = 0x33
+	IFT_SRP                           = 0x97
+	IFT_SS7SIGLINK                    = 0x9c
+	IFT_STACKTOSTACK                  = 0x6f
+	IFT_STARLAN                       = 0xb
+	IFT_STF                           = 0xd7
+	IFT_T1                            = 0x12
+	IFT_TDLC                          = 0x74
+	IFT_TERMPAD                       = 0x5b
+	IFT_TR008                         = 0xb0
+	IFT_TRANSPHDLC                    = 0x7b
+	IFT_TUNNEL                        = 0x83
+	IFT_ULTRA                         = 0x1d
+	IFT_USB                           = 0xa0
+	IFT_V11                           = 0x40
+	IFT_V35                           = 0x2d
+	IFT_V36                           = 0x41
+	IFT_V37                           = 0x78
+	IFT_VDSL                          = 0x61
+	IFT_VIRTUALIPADDRESS              = 0x70
+	IFT_VOICEEM                       = 0x64
+	IFT_VOICEENCAP                    = 0x67
+	IFT_VOICEFXO                      = 0x65
+	IFT_VOICEFXS                      = 0x66
+	IFT_VOICEOVERATM                  = 0x98
+	IFT_VOICEOVERFRAMERELAY           = 0x99
+	IFT_VOICEOVERIP                   = 0x68
+	IFT_X213                          = 0x5d
+	IFT_X25                           = 0x5
+	IFT_X25DDN                        = 0x4
+	IFT_X25HUNTGROUP                  = 0x7a
+	IFT_X25MLP                        = 0x79
+	IFT_X25PLE                        = 0x28
+	IFT_XETHER                        = 0x1a
+	IPPROTO_MAXID                     = 0x34
+	IPV6_FAITH                        = 0x1d
+	IPV6_MIN_MEMBERSHIPS              = 0x1f
+	IP_FAITH                          = 0x16
+	IP_MAX_SOURCE_FILTER              = 0x400
+	IP_MIN_MEMBERSHIPS                = 0x1f
+	MAP_NORESERVE                     = 0x40
+	MAP_RENAME                        = 0x20
+	NET_RT_MAXID                      = 0x6
+	RTF_PRCLONING                     = 0x10000
+	RTM_OLDADD                        = 0x9
+	RTM_OLDDEL                        = 0xa
+	RT_CACHING_CONTEXT                = 0x1
+	RT_NORTREF                        = 0x2
+	SIOCADDRT                         = 0x8040720a
+	SIOCALIFADDR                      = 0x8118691b
+	SIOCDELRT                         = 0x8040720b
+	SIOCDLIFADDR                      = 0x8118691d
+	SIOCGLIFADDR                      = 0xc118691c
+	SIOCGLIFPHYADDR                   = 0xc118694b
+	SIOCSLIFPHYADDR                   = 0x8118694a
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/errors_freebsd_arm.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/errors_freebsd_arm.go
new file mode 100644
index 000000000..856dca325
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/errors_freebsd_arm.go
@@ -0,0 +1,226 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package unix
+
+const (
+	IFT_1822                          = 0x2
+	IFT_A12MPPSWITCH                  = 0x82
+	IFT_AAL2                          = 0xbb
+	IFT_AAL5                          = 0x31
+	IFT_ADSL                          = 0x5e
+	IFT_AFLANE8023                    = 0x3b
+	IFT_AFLANE8025                    = 0x3c
+	IFT_ARAP                          = 0x58
+	IFT_ARCNET                        = 0x23
+	IFT_ARCNETPLUS                    = 0x24
+	IFT_ASYNC                         = 0x54
+	IFT_ATM                           = 0x25
+	IFT_ATMDXI                        = 0x69
+	IFT_ATMFUNI                       = 0x6a
+	IFT_ATMIMA                        = 0x6b
+	IFT_ATMLOGICAL                    = 0x50
+	IFT_ATMRADIO                      = 0xbd
+	IFT_ATMSUBINTERFACE               = 0x86
+	IFT_ATMVCIENDPT                   = 0xc2
+	IFT_ATMVIRTUAL                    = 0x95
+	IFT_BGPPOLICYACCOUNTING           = 0xa2
+	IFT_BSC                           = 0x53
+	IFT_CCTEMUL                       = 0x3d
+	IFT_CEPT                          = 0x13
+	IFT_CES                           = 0x85
+	IFT_CHANNEL                       = 0x46
+	IFT_CNR                           = 0x55
+	IFT_COFFEE                        = 0x84
+	IFT_COMPOSITELINK                 = 0x9b
+	IFT_DCN                           = 0x8d
+	IFT_DIGITALPOWERLINE              = 0x8a
+	IFT_DIGITALWRAPPEROVERHEADCHANNEL = 0xba
+	IFT_DLSW                          = 0x4a
+	IFT_DOCSCABLEDOWNSTREAM           = 0x80
+	IFT_DOCSCABLEMACLAYER             = 0x7f
+	IFT_DOCSCABLEUPSTREAM             = 0x81
+	IFT_DS0                           = 0x51
+	IFT_DS0BUNDLE                     = 0x52
+	IFT_DS1FDL                        = 0xaa
+	IFT_DS3                           = 0x1e
+	IFT_DTM                           = 0x8c
+	IFT_DVBASILN                      = 0xac
+	IFT_DVBASIOUT                     = 0xad
+	IFT_DVBRCCDOWNSTREAM              = 0x93
+	IFT_DVBRCCMACLAYER                = 0x92
+	IFT_DVBRCCUPSTREAM                = 0x94
+	IFT_ENC                           = 0xf4
+	IFT_EON                           = 0x19
+	IFT_EPLRS                         = 0x57
+	IFT_ESCON                         = 0x49
+	IFT_ETHER                         = 0x6
+	IFT_FAST                          = 0x7d
+	IFT_FASTETHER                     = 0x3e
+	IFT_FASTETHERFX                   = 0x45
+	IFT_FDDI                          = 0xf
+	IFT_FIBRECHANNEL                  = 0x38
+	IFT_FRAMERELAYINTERCONNECT        = 0x3a
+	IFT_FRAMERELAYMPI                 = 0x5c
+	IFT_FRDLCIENDPT                   = 0xc1
+	IFT_FRELAY                        = 0x20
+	IFT_FRELAYDCE                     = 0x2c
+	IFT_FRF16MFRBUNDLE                = 0xa3
+	IFT_FRFORWARD                     = 0x9e
+	IFT_G703AT2MB                     = 0x43
+	IFT_G703AT64K                     = 0x42
+	IFT_GIF                           = 0xf0
+	IFT_GIGABITETHERNET               = 0x75
+	IFT_GR303IDT                      = 0xb2
+	IFT_GR303RDT                      = 0xb1
+	IFT_H323GATEKEEPER                = 0xa4
+	IFT_H323PROXY                     = 0xa5
+	IFT_HDH1822                       = 0x3
+	IFT_HDLC                          = 0x76
+	IFT_HDSL2                         = 0xa8
+	IFT_HIPERLAN2                     = 0xb7
+	IFT_HIPPI                         = 0x2f
+	IFT_HIPPIINTERFACE                = 0x39
+	IFT_HOSTPAD                       = 0x5a
+	IFT_HSSI                          = 0x2e
+	IFT_HY                            = 0xe
+	IFT_IBM370PARCHAN                 = 0x48
+	IFT_IDSL                          = 0x9a
+	IFT_IEEE80211                     = 0x47
+	IFT_IEEE80212                     = 0x37
+	IFT_IEEE8023ADLAG                 = 0xa1
+	IFT_IFGSN                         = 0x91
+	IFT_IMT                           = 0xbe
+	IFT_INTERLEAVE                    = 0x7c
+	IFT_IP                            = 0x7e
+	IFT_IPFORWARD                     = 0x8e
+	IFT_IPOVERATM                     = 0x72
+	IFT_IPOVERCDLC                    = 0x6d
+	IFT_IPOVERCLAW                    = 0x6e
+	IFT_IPSWITCH                      = 0x4e
+	IFT_ISDN                          = 0x3f
+	IFT_ISDNBASIC                     = 0x14
+	IFT_ISDNPRIMARY                   = 0x15
+	IFT_ISDNS                         = 0x4b
+	IFT_ISDNU                         = 0x4c
+	IFT_ISO88022LLC                   = 0x29
+	IFT_ISO88023                      = 0x7
+	IFT_ISO88024                      = 0x8
+	IFT_ISO88025                      = 0x9
+	IFT_ISO88025CRFPINT               = 0x62
+	IFT_ISO88025DTR                   = 0x56
+	IFT_ISO88025FIBER                 = 0x73
+	IFT_ISO88026                      = 0xa
+	IFT_ISUP                          = 0xb3
+	IFT_L3IPXVLAN                     = 0x89
+	IFT_LAPB                          = 0x10
+	IFT_LAPD                          = 0x4d
+	IFT_LAPF                          = 0x77
+	IFT_LOCALTALK                     = 0x2a
+	IFT_LOOP                          = 0x18
+	IFT_MEDIAMAILOVERIP               = 0x8b
+	IFT_MFSIGLINK                     = 0xa7
+	IFT_MIOX25                        = 0x26
+	IFT_MODEM                         = 0x30
+	IFT_MPC                           = 0x71
+	IFT_MPLS                          = 0xa6
+	IFT_MPLSTUNNEL                    = 0x96
+	IFT_MSDSL                         = 0x8f
+	IFT_MVL                           = 0xbf
+	IFT_MYRINET                       = 0x63
+	IFT_NFAS                          = 0xaf
+	IFT_NSIP                          = 0x1b
+	IFT_OPTICALCHANNEL                = 0xc3
+	IFT_OPTICALTRANSPORT              = 0xc4
+	IFT_OTHER                         = 0x1
+	IFT_P10                           = 0xc
+	IFT_P80                           = 0xd
+	IFT_PARA                          = 0x22
+	IFT_PFLOG                         = 0xf6
+	IFT_PFSYNC                        = 0xf7
+	IFT_PLC                           = 0xae
+	IFT_POS                           = 0xab
+	IFT_PPPMULTILINKBUNDLE            = 0x6c
+	IFT_PROPBWAP2MP                   = 0xb8
+	IFT_PROPCNLS                      = 0x59
+	IFT_PROPDOCSWIRELESSDOWNSTREAM    = 0xb5
+	IFT_PROPDOCSWIRELESSMACLAYER      = 0xb4
+	IFT_PROPDOCSWIRELESSUPSTREAM      = 0xb6
+	IFT_PROPMUX                       = 0x36
+	IFT_PROPWIRELESSP2P               = 0x9d
+	IFT_PTPSERIAL                     = 0x16
+	IFT_PVC                           = 0xf1
+	IFT_QLLC                          = 0x44
+	IFT_RADIOMAC                      = 0xbc
+	IFT_RADSL                         = 0x5f
+	IFT_REACHDSL                      = 0xc0
+	IFT_RFC1483                       = 0x9f
+	IFT_RS232                         = 0x21
+	IFT_RSRB                          = 0x4f
+	IFT_SDLC                          = 0x11
+	IFT_SDSL                          = 0x60
+	IFT_SHDSL                         = 0xa9
+	IFT_SIP                           = 0x1f
+	IFT_SLIP                          = 0x1c
+	IFT_SMDSDXI                       = 0x2b
+	IFT_SMDSICIP                      = 0x34
+	IFT_SONET                         = 0x27
+	IFT_SONETOVERHEADCHANNEL          = 0xb9
+	IFT_SONETPATH                     = 0x32
+	IFT_SONETVT                       = 0x33
+	IFT_SRP                           = 0x97
+	IFT_SS7SIGLINK                    = 0x9c
+	IFT_STACKTOSTACK                  = 0x6f
+	IFT_STARLAN                       = 0xb
+	IFT_STF                           = 0xd7
+	IFT_T1                            = 0x12
+	IFT_TDLC                          = 0x74
+	IFT_TERMPAD                       = 0x5b
+	IFT_TR008                         = 0xb0
+	IFT_TRANSPHDLC                    = 0x7b
+	IFT_TUNNEL                        = 0x83
+	IFT_ULTRA                         = 0x1d
+	IFT_USB                           = 0xa0
+	IFT_V11                           = 0x40
+	IFT_V35                           = 0x2d
+	IFT_V36                           = 0x41
+	IFT_V37                           = 0x78
+	IFT_VDSL                          = 0x61
+	IFT_VIRTUALIPADDRESS              = 0x70
+	IFT_VOICEEM                       = 0x64
+	IFT_VOICEENCAP                    = 0x67
+	IFT_VOICEFXO                      = 0x65
+	IFT_VOICEFXS                      = 0x66
+	IFT_VOICEOVERATM                  = 0x98
+	IFT_VOICEOVERFRAMERELAY           = 0x99
+	IFT_VOICEOVERIP                   = 0x68
+	IFT_X213                          = 0x5d
+	IFT_X25                           = 0x5
+	IFT_X25DDN                        = 0x4
+	IFT_X25HUNTGROUP                  = 0x7a
+	IFT_X25MLP                        = 0x79
+	IFT_X25PLE                        = 0x28
+	IFT_XETHER                        = 0x1a
+
+	// missing constants on FreeBSD-11.1-RELEASE, copied from old values in ztypes_freebsd_arm.go
+	IFF_SMART       = 0x20
+	IFT_FAITH       = 0xf2
+	IFT_IPXIP       = 0xf9
+	IPPROTO_MAXID   = 0x34
+	IPV6_FAITH      = 0x1d
+	IP_FAITH        = 0x16
+	MAP_NORESERVE   = 0x40
+	MAP_RENAME      = 0x20
+	NET_RT_MAXID    = 0x6
+	RTF_PRCLONING   = 0x10000
+	RTM_OLDADD      = 0x9
+	RTM_OLDDEL      = 0xa
+	SIOCADDRT       = 0x8030720a
+	SIOCALIFADDR    = 0x8118691b
+	SIOCDELRT       = 0x8030720b
+	SIOCDLIFADDR    = 0x8118691d
+	SIOCGLIFADDR    = 0xc118691c
+	SIOCGLIFPHYADDR = 0xc118694b
+	SIOCSLIFPHYADDR = 0x8118694a
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/errors_freebsd_arm64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/errors_freebsd_arm64.go
new file mode 100644
index 000000000..946dcf3fc
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/errors_freebsd_arm64.go
@@ -0,0 +1,17 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Constants that were deprecated or moved to enums in the FreeBSD headers. Keep
+// them here for backwards compatibility.
+
+package unix
+
+const (
+	DLT_HHDLC            = 0x79
+	IPV6_MIN_MEMBERSHIPS = 0x1f
+	IP_MAX_SOURCE_FILTER = 0x400
+	IP_MIN_MEMBERSHIPS   = 0x1f
+	RT_CACHING_CONTEXT   = 0x1
+	RT_NORTREF           = 0x2
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/fcntl.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/fcntl.go
new file mode 100644
index 000000000..4dc534864
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/fcntl.go
@@ -0,0 +1,36 @@
+// Copyright 2014 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build dragonfly freebsd linux netbsd openbsd
+
+package unix
+
+import "unsafe"
+
+// fcntl64Syscall is usually SYS_FCNTL, but is overridden on 32-bit Linux
+// systems by fcntl_linux_32bit.go to be SYS_FCNTL64.
+var fcntl64Syscall uintptr = SYS_FCNTL
+
+func fcntl(fd int, cmd, arg int) (int, error) {
+	valptr, _, errno := Syscall(fcntl64Syscall, uintptr(fd), uintptr(cmd), uintptr(arg))
+	var err error
+	if errno != 0 {
+		err = errno
+	}
+	return int(valptr), err
+}
+
+// FcntlInt performs a fcntl syscall on fd with the provided command and argument.
+func FcntlInt(fd uintptr, cmd, arg int) (int, error) {
+	return fcntl(int(fd), cmd, arg)
+}
+
+// FcntlFlock performs a fcntl syscall for the F_GETLK, F_SETLK or F_SETLKW command.
+func FcntlFlock(fd uintptr, cmd int, lk *Flock_t) error {
+	_, _, errno := Syscall(fcntl64Syscall, fd, uintptr(cmd), uintptr(unsafe.Pointer(lk)))
+	if errno == 0 {
+		return nil
+	}
+	return errno
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/fcntl_darwin.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/fcntl_darwin.go
new file mode 100644
index 000000000..a9911c7c1
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/fcntl_darwin.go
@@ -0,0 +1,24 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package unix
+
+import "unsafe"
+
+// FcntlInt performs a fcntl syscall on fd with the provided command and argument.
+func FcntlInt(fd uintptr, cmd, arg int) (int, error) {
+	return fcntl(int(fd), cmd, arg)
+}
+
+// FcntlFlock performs a fcntl syscall for the F_GETLK, F_SETLK or F_SETLKW command.
+func FcntlFlock(fd uintptr, cmd int, lk *Flock_t) error {
+	_, err := fcntl(int(fd), cmd, int(uintptr(unsafe.Pointer(lk))))
+	return err
+}
+
+// FcntlFstore performs a fcntl syscall for the F_PREALLOCATE command.
+func FcntlFstore(fd uintptr, cmd int, fstore *Fstore_t) error {
+	_, err := fcntl(int(fd), cmd, int(uintptr(unsafe.Pointer(fstore))))
+	return err
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/fcntl_linux_32bit.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/fcntl_linux_32bit.go
new file mode 100644
index 000000000..fc0e50e03
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/fcntl_linux_32bit.go
@@ -0,0 +1,13 @@
+// +build linux,386 linux,arm linux,mips linux,mipsle
+
+// Copyright 2014 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package unix
+
+func init() {
+	// On 32-bit Linux systems, the fcntl syscall that matches Go's
+	// Flock_t type is SYS_FCNTL64, not SYS_FCNTL.
+	fcntl64Syscall = SYS_FCNTL64
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/fdset.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/fdset.go
new file mode 100644
index 000000000..b27be0a01
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/fdset.go
@@ -0,0 +1,29 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
+
+package unix
+
+// Set adds fd to the set fds.
+func (fds *FdSet) Set(fd int) {
+	fds.Bits[fd/NFDBITS] |= (1 << (uintptr(fd) % NFDBITS))
+}
+
+// Clear removes fd from the set fds.
+func (fds *FdSet) Clear(fd int) {
+	fds.Bits[fd/NFDBITS] &^= (1 << (uintptr(fd) % NFDBITS))
+}
+
+// IsSet returns whether fd is in the set fds.
+func (fds *FdSet) IsSet(fd int) bool {
+	return fds.Bits[fd/NFDBITS]&(1<<(uintptr(fd)%NFDBITS)) != 0
+}
+
+// Zero clears the set fds.
+func (fds *FdSet) Zero() {
+	for i := range fds.Bits {
+		fds.Bits[i] = 0
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/gccgo.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/gccgo.go
new file mode 100644
index 000000000..86032c11e
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/gccgo.go
@@ -0,0 +1,60 @@
+// Copyright 2015 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build gccgo
+// +build !aix
+
+package unix
+
+import "syscall"
+
+// We can't use the gc-syntax .s files for gccgo. On the plus side
+// much of the functionality can be written directly in Go.
+
+func realSyscallNoError(trap, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r uintptr)
+
+func realSyscall(trap, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r, errno uintptr)
+
+func SyscallNoError(trap, a1, a2, a3 uintptr) (r1, r2 uintptr) {
+	syscall.Entersyscall()
+	r := realSyscallNoError(trap, a1, a2, a3, 0, 0, 0, 0, 0, 0)
+	syscall.Exitsyscall()
+	return r, 0
+}
+
+func Syscall(trap, a1, a2, a3 uintptr) (r1, r2 uintptr, err syscall.Errno) {
+	syscall.Entersyscall()
+	r, errno := realSyscall(trap, a1, a2, a3, 0, 0, 0, 0, 0, 0)
+	syscall.Exitsyscall()
+	return r, 0, syscall.Errno(errno)
+}
+
+func Syscall6(trap, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err syscall.Errno) {
+	syscall.Entersyscall()
+	r, errno := realSyscall(trap, a1, a2, a3, a4, a5, a6, 0, 0, 0)
+	syscall.Exitsyscall()
+	return r, 0, syscall.Errno(errno)
+}
+
+func Syscall9(trap, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno) {
+	syscall.Entersyscall()
+	r, errno := realSyscall(trap, a1, a2, a3, a4, a5, a6, a7, a8, a9)
+	syscall.Exitsyscall()
+	return r, 0, syscall.Errno(errno)
+}
+
+func RawSyscallNoError(trap, a1, a2, a3 uintptr) (r1, r2 uintptr) {
+	r := realSyscallNoError(trap, a1, a2, a3, 0, 0, 0, 0, 0, 0)
+	return r, 0
+}
+
+func RawSyscall(trap, a1, a2, a3 uintptr) (r1, r2 uintptr, err syscall.Errno) {
+	r, errno := realSyscall(trap, a1, a2, a3, 0, 0, 0, 0, 0, 0)
+	return r, 0, syscall.Errno(errno)
+}
+
+func RawSyscall6(trap, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err syscall.Errno) {
+	r, errno := realSyscall(trap, a1, a2, a3, a4, a5, a6, 0, 0, 0)
+	return r, 0, syscall.Errno(errno)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/gccgo_c.c b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/gccgo_c.c
new file mode 100644
index 000000000..2cb1fefac
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/gccgo_c.c
@@ -0,0 +1,45 @@
+// Copyright 2015 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build gccgo
+// +build !aix
+
+#include <errno.h>
+#include <stdint.h>
+#include <unistd.h>
+
+#define _STRINGIFY2_(x) #x
+#define _STRINGIFY_(x) _STRINGIFY2_(x)
+#define GOSYM_PREFIX _STRINGIFY_(__USER_LABEL_PREFIX__)
+
+// Call syscall from C code because the gccgo support for calling from
+// Go to C does not support varargs functions.
+
+struct ret {
+	uintptr_t r;
+	uintptr_t err;
+};
+
+struct ret gccgoRealSyscall(uintptr_t trap, uintptr_t a1, uintptr_t a2, uintptr_t a3, uintptr_t a4, uintptr_t a5, uintptr_t a6, uintptr_t a7, uintptr_t a8, uintptr_t a9)
+  __asm__(GOSYM_PREFIX GOPKGPATH ".realSyscall");
+
+struct ret
+gccgoRealSyscall(uintptr_t trap, uintptr_t a1, uintptr_t a2, uintptr_t a3, uintptr_t a4, uintptr_t a5, uintptr_t a6, uintptr_t a7, uintptr_t a8, uintptr_t a9)
+{
+	struct ret r;
+
+	errno = 0;
+	r.r = syscall(trap, a1, a2, a3, a4, a5, a6, a7, a8, a9);
+	r.err = errno;
+	return r;
+}
+
+uintptr_t gccgoRealSyscallNoError(uintptr_t trap, uintptr_t a1, uintptr_t a2, uintptr_t a3, uintptr_t a4, uintptr_t a5, uintptr_t a6, uintptr_t a7, uintptr_t a8, uintptr_t a9)
+  __asm__(GOSYM_PREFIX GOPKGPATH ".realSyscallNoError");
+
+uintptr_t
+gccgoRealSyscallNoError(uintptr_t trap, uintptr_t a1, uintptr_t a2, uintptr_t a3, uintptr_t a4, uintptr_t a5, uintptr_t a6, uintptr_t a7, uintptr_t a8, uintptr_t a9)
+{
+	return syscall(trap, a1, a2, a3, a4, a5, a6, a7, a8, a9);
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/gccgo_linux_amd64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/gccgo_linux_amd64.go
new file mode 100644
index 000000000..251a977a8
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/gccgo_linux_amd64.go
@@ -0,0 +1,20 @@
+// Copyright 2015 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build gccgo,linux,amd64
+
+package unix
+
+import "syscall"
+
+//extern gettimeofday
+func realGettimeofday(*Timeval, *byte) int32
+
+func gettimeofday(tv *Timeval) (err syscall.Errno) {
+	r := realGettimeofday(tv, nil)
+	if r < 0 {
+		return syscall.GetErrno()
+	}
+	return 0
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ioctl.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ioctl.go
new file mode 100644
index 000000000..564167861
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ioctl.go
@@ -0,0 +1,74 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
+
+package unix
+
+import (
+	"runtime"
+	"unsafe"
+)
+
+// ioctl itself should not be exposed directly, but additional get/set
+// functions for specific types are permissible.
+
+// IoctlSetInt performs an ioctl operation which sets an integer value
+// on fd, using the specified request number.
+func IoctlSetInt(fd int, req uint, value int) error {
+	return ioctl(fd, req, uintptr(value))
+}
+
+// IoctlSetPointerInt performs an ioctl operation which sets an
+// integer value on fd, using the specified request number. The ioctl
+// argument is called with a pointer to the integer value, rather than
+// passing the integer value directly.
+func IoctlSetPointerInt(fd int, req uint, value int) error {
+	v := int32(value)
+	return ioctl(fd, req, uintptr(unsafe.Pointer(&v)))
+}
+
+// IoctlSetWinsize performs an ioctl on fd with a *Winsize argument.
+//
+// To change fd's window size, the req argument should be TIOCSWINSZ.
+func IoctlSetWinsize(fd int, req uint, value *Winsize) error {
+	// TODO: if we get the chance, remove the req parameter and
+	// hardcode TIOCSWINSZ.
+	err := ioctl(fd, req, uintptr(unsafe.Pointer(value)))
+	runtime.KeepAlive(value)
+	return err
+}
+
+// IoctlSetTermios performs an ioctl on fd with a *Termios.
+//
+// The req value will usually be TCSETA or TIOCSETA.
+func IoctlSetTermios(fd int, req uint, value *Termios) error {
+	// TODO: if we get the chance, remove the req parameter.
+	err := ioctl(fd, req, uintptr(unsafe.Pointer(value)))
+	runtime.KeepAlive(value)
+	return err
+}
+
+// IoctlGetInt performs an ioctl operation which gets an integer value
+// from fd, using the specified request number.
+//
+// A few ioctl requests use the return value as an output parameter;
+// for those, IoctlRetInt should be used instead of this function.
+func IoctlGetInt(fd int, req uint) (int, error) {
+	var value int
+	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
+	return value, err
+}
+
+func IoctlGetWinsize(fd int, req uint) (*Winsize, error) {
+	var value Winsize
+	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
+	return &value, err
+}
+
+func IoctlGetTermios(fd int, req uint) (*Termios, error) {
+	var value Termios
+	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
+	return &value, err
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/mkall.sh b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/mkall.sh
new file mode 100644
index 000000000..d257fac50
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/mkall.sh
@@ -0,0 +1,243 @@
+#!/usr/bin/env bash
+# Copyright 2009 The Go Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style
+# license that can be found in the LICENSE file.
+
+# This script runs or (given -n) prints suggested commands to generate files for
+# the Architecture/OS specified by the GOARCH and GOOS environment variables.
+# See README.md for more information about how the build system works.
+
+GOOSARCH="${GOOS}_${GOARCH}"
+
+# defaults
+mksyscall="go run mksyscall.go"
+mkerrors="./mkerrors.sh"
+zerrors="zerrors_$GOOSARCH.go"
+mksysctl=""
+zsysctl="zsysctl_$GOOSARCH.go"
+mksysnum=
+mktypes=
+mkasm=
+run="sh"
+cmd=""
+
+case "$1" in
+-syscalls)
+	for i in zsyscall*go
+	do
+		# Run the command line that appears in the first line
+		# of the generated file to regenerate it.
+		sed 1q $i | sed 's;^// ;;' | sh > _$i && gofmt < _$i > $i
+		rm _$i
+	done
+	exit 0
+	;;
+-n)
+	run="cat"
+	cmd="echo"
+	shift
+esac
+
+case "$#" in
+0)
+	;;
+*)
+	echo 'usage: mkall.sh [-n]' 1>&2
+	exit 2
+esac
+
+if [[ "$GOOS" = "linux" ]]; then
+	# Use the Docker-based build system
+	# Files generated through docker (use $cmd so you can Ctl-C the build or run)
+	$cmd docker build --tag generate:$GOOS $GOOS
+	$cmd docker run --interactive --tty --volume $(cd -- "$(dirname -- "$0")" && /bin/pwd):/build generate:$GOOS
+	exit
+fi
+
+GOOSARCH_in=syscall_$GOOSARCH.go
+case "$GOOSARCH" in
+_* | *_ | _)
+	echo 'undefined $GOOS_$GOARCH:' "$GOOSARCH" 1>&2
+	exit 1
+	;;
+aix_ppc)
+	mkerrors="$mkerrors -maix32"
+	mksyscall="go run mksyscall_aix_ppc.go -aix"
+	mktypes="GOARCH=$GOARCH go tool cgo -godefs"
+	;;
+aix_ppc64)
+	mkerrors="$mkerrors -maix64"
+	mksyscall="go run mksyscall_aix_ppc64.go -aix"
+	mktypes="GOARCH=$GOARCH go tool cgo -godefs"
+	;;
+darwin_386)
+	mkerrors="$mkerrors -m32"
+	mksyscall="go run mksyscall.go -l32"
+	mktypes="GOARCH=$GOARCH go tool cgo -godefs"
+	mkasm="go run mkasm_darwin.go"
+	;;
+darwin_amd64)
+	mkerrors="$mkerrors -m64"
+	mktypes="GOARCH=$GOARCH go tool cgo -godefs"
+	mkasm="go run mkasm_darwin.go"
+	;;
+darwin_arm)
+	mkerrors="$mkerrors"
+	mksyscall="go run mksyscall.go -l32"
+	mktypes="GOARCH=$GOARCH go tool cgo -godefs"
+	mkasm="go run mkasm_darwin.go"
+	;;
+darwin_arm64)
+	mkerrors="$mkerrors -m64"
+	mktypes="GOARCH=$GOARCH go tool cgo -godefs"
+	mkasm="go run mkasm_darwin.go"
+	;;
+dragonfly_amd64)
+	mkerrors="$mkerrors -m64"
+	mksyscall="go run mksyscall.go -dragonfly"
+	mksysnum="go run mksysnum.go 'https://gitweb.dragonflybsd.org/dragonfly.git/blob_plain/HEAD:/sys/kern/syscalls.master'"
+	mktypes="GOARCH=$GOARCH go tool cgo -godefs"
+	;;
+freebsd_386)
+	mkerrors="$mkerrors -m32"
+	mksyscall="go run mksyscall.go -l32"
+	mksysnum="go run mksysnum.go 'https://svn.freebsd.org/base/stable/11/sys/kern/syscalls.master'"
+	mktypes="GOARCH=$GOARCH go tool cgo -godefs"
+	;;
+freebsd_amd64)
+	mkerrors="$mkerrors -m64"
+	mksysnum="go run mksysnum.go 'https://svn.freebsd.org/base/stable/11/sys/kern/syscalls.master'"
+	mktypes="GOARCH=$GOARCH go tool cgo -godefs"
+	;;
+freebsd_arm)
+	mkerrors="$mkerrors"
+	mksyscall="go run mksyscall.go -l32 -arm"
+	mksysnum="go run mksysnum.go 'https://svn.freebsd.org/base/stable/11/sys/kern/syscalls.master'"
+	# Let the type of C char be signed for making the bare syscall
+	# API consistent across platforms.
+	mktypes="GOARCH=$GOARCH go tool cgo -godefs -- -fsigned-char"
+	;;
+freebsd_arm64)
+	mkerrors="$mkerrors -m64"
+	mksysnum="go run mksysnum.go 'https://svn.freebsd.org/base/stable/11/sys/kern/syscalls.master'"
+	mktypes="GOARCH=$GOARCH go tool cgo -godefs -- -fsigned-char"
+	;;
+netbsd_386)
+	mkerrors="$mkerrors -m32"
+	mksyscall="go run mksyscall.go -l32 -netbsd"
+	mksysnum="go run mksysnum.go 'http://cvsweb.netbsd.org/bsdweb.cgi/~checkout~/src/sys/kern/syscalls.master'"
+	mktypes="GOARCH=$GOARCH go tool cgo -godefs"
+	;;
+netbsd_amd64)
+	mkerrors="$mkerrors -m64"
+	mksyscall="go run mksyscall.go -netbsd"
+	mksysnum="go run mksysnum.go 'http://cvsweb.netbsd.org/bsdweb.cgi/~checkout~/src/sys/kern/syscalls.master'"
+	mktypes="GOARCH=$GOARCH go tool cgo -godefs"
+	;;
+netbsd_arm)
+	mkerrors="$mkerrors"
+	mksyscall="go run mksyscall.go -l32 -netbsd -arm"
+	mksysnum="go run mksysnum.go 'http://cvsweb.netbsd.org/bsdweb.cgi/~checkout~/src/sys/kern/syscalls.master'"
+	# Let the type of C char be signed for making the bare syscall
+	# API consistent across platforms.
+	mktypes="GOARCH=$GOARCH go tool cgo -godefs -- -fsigned-char"
+	;;
+netbsd_arm64)
+	mkerrors="$mkerrors -m64"
+	mksyscall="go run mksyscall.go -netbsd"
+	mksysnum="go run mksysnum.go 'http://cvsweb.netbsd.org/bsdweb.cgi/~checkout~/src/sys/kern/syscalls.master'"
+	mktypes="GOARCH=$GOARCH go tool cgo -godefs"
+	;;
+openbsd_386)
+	mkerrors="$mkerrors -m32"
+	mksyscall="go run mksyscall.go -l32 -openbsd"
+	mksysctl="go run mksysctl_openbsd.go"
+	mksysnum="go run mksysnum.go 'https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/sys/kern/syscalls.master'"
+	mktypes="GOARCH=$GOARCH go tool cgo -godefs"
+	;;
+openbsd_amd64)
+	mkerrors="$mkerrors -m64"
+	mksyscall="go run mksyscall.go -openbsd"
+	mksysctl="go run mksysctl_openbsd.go"
+	mksysnum="go run mksysnum.go 'https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/sys/kern/syscalls.master'"
+	mktypes="GOARCH=$GOARCH go tool cgo -godefs"
+	;;
+openbsd_arm)
+	mkerrors="$mkerrors"
+	mksyscall="go run mksyscall.go -l32 -openbsd -arm"
+	mksysctl="go run mksysctl_openbsd.go"
+	mksysnum="go run mksysnum.go 'https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/sys/kern/syscalls.master'"
+	# Let the type of C char be signed for making the bare syscall
+	# API consistent across platforms.
+	mktypes="GOARCH=$GOARCH go tool cgo -godefs -- -fsigned-char"
+	;;
+openbsd_arm64)
+	mkerrors="$mkerrors -m64"
+	mksyscall="go run mksyscall.go -openbsd"
+	mksysctl="go run mksysctl_openbsd.go"
+	mksysnum="go run mksysnum.go 'https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/sys/kern/syscalls.master'"
+	# Let the type of C char be signed for making the bare syscall
+	# API consistent across platforms.
+	mktypes="GOARCH=$GOARCH go tool cgo -godefs -- -fsigned-char"
+	;;
+openbsd_mips64)
+	mkerrors="$mkerrors -m64"
+	mksyscall="go run mksyscall.go -openbsd"
+	mksysctl="go run mksysctl_openbsd.go"
+	mksysnum="go run mksysnum.go 'https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/sys/kern/syscalls.master'"
+	# Let the type of C char be signed for making the bare syscall
+	# API consistent across platforms.
+	mktypes="GOARCH=$GOARCH go tool cgo -godefs -- -fsigned-char"
+	;;
+solaris_amd64)
+	mksyscall="go run mksyscall_solaris.go"
+	mkerrors="$mkerrors -m64"
+	mksysnum=
+	mktypes="GOARCH=$GOARCH go tool cgo -godefs"
+	;;
+illumos_amd64)
+        mksyscall="go run mksyscall_solaris.go"
+	mkerrors=
+	mksysnum=
+	mktypes=
+	;;
+*)
+	echo 'unrecognized $GOOS_$GOARCH: ' "$GOOSARCH" 1>&2
+	exit 1
+	;;
+esac
+
+(
+	if [ -n "$mkerrors" ]; then echo "$mkerrors |gofmt >$zerrors"; fi
+	case "$GOOS" in
+	*)
+		syscall_goos="syscall_$GOOS.go"
+		case "$GOOS" in
+		darwin | dragonfly | freebsd | netbsd | openbsd)
+			syscall_goos="syscall_bsd.go $syscall_goos"
+			;;
+		esac
+		if [ -n "$mksyscall" ]; then
+			if [ "$GOOSARCH" == "aix_ppc64" ]; then
+				# aix/ppc64 script generates files instead of writing to stdin.
+				echo "$mksyscall -tags $GOOS,$GOARCH $syscall_goos $GOOSARCH_in && gofmt -w zsyscall_$GOOSARCH.go && gofmt -w zsyscall_"$GOOSARCH"_gccgo.go && gofmt -w zsyscall_"$GOOSARCH"_gc.go " ;
+			elif [ "$GOOS" == "darwin" ]; then
+			        # 1.12 and later, syscalls via libSystem
+				echo "$mksyscall -tags $GOOS,$GOARCH,go1.12 $syscall_goos $GOOSARCH_in |gofmt >zsyscall_$GOOSARCH.go";
+				# 1.13 and later, syscalls via libSystem (including syscallPtr)
+				echo "$mksyscall -tags $GOOS,$GOARCH,go1.13 syscall_darwin.1_13.go |gofmt >zsyscall_$GOOSARCH.1_13.go";
+			elif [ "$GOOS" == "illumos" ]; then
+			        # illumos code generation requires a --illumos switch
+			        echo "$mksyscall -illumos -tags illumos,$GOARCH syscall_illumos.go |gofmt > zsyscall_illumos_$GOARCH.go";
+			        # illumos implies solaris, so solaris code generation is also required
+				echo "$mksyscall -tags solaris,$GOARCH syscall_solaris.go syscall_solaris_$GOARCH.go |gofmt >zsyscall_solaris_$GOARCH.go";
+			else
+				echo "$mksyscall -tags $GOOS,$GOARCH $syscall_goos $GOOSARCH_in |gofmt >zsyscall_$GOOSARCH.go";
+			fi
+		fi
+	esac
+	if [ -n "$mksysctl" ]; then echo "$mksysctl |gofmt >$zsysctl"; fi
+	if [ -n "$mksysnum" ]; then echo "$mksysnum |gofmt >zsysnum_$GOOSARCH.go"; fi
+	if [ -n "$mktypes" ]; then echo "$mktypes types_$GOOS.go | go run mkpost.go > ztypes_$GOOSARCH.go"; fi
+	if [ -n "$mkasm" ]; then echo "$mkasm $GOARCH"; fi
+) | $run
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/mkerrors.sh b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/mkerrors.sh
new file mode 100644
index 000000000..1bef7148d
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/mkerrors.sh
@@ -0,0 +1,714 @@
+#!/usr/bin/env bash
+# Copyright 2009 The Go Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style
+# license that can be found in the LICENSE file.
+
+# Generate Go code listing errors and other #defined constant
+# values (ENAMETOOLONG etc.), by asking the preprocessor
+# about the definitions.
+
+unset LANG
+export LC_ALL=C
+export LC_CTYPE=C
+
+if test -z "$GOARCH" -o -z "$GOOS"; then
+	echo 1>&2 "GOARCH or GOOS not defined in environment"
+	exit 1
+fi
+
+# Check that we are using the new build system if we should
+if [[ "$GOOS" = "linux" ]] && [[ "$GOLANG_SYS_BUILD" != "docker" ]]; then
+	echo 1>&2 "In the Docker based build system, mkerrors should not be called directly."
+	echo 1>&2 "See README.md"
+	exit 1
+fi
+
+if [[ "$GOOS" = "aix" ]]; then
+	CC=${CC:-gcc}
+else
+	CC=${CC:-cc}
+fi
+
+if [[ "$GOOS" = "solaris" ]]; then
+	# Assumes GNU versions of utilities in PATH.
+	export PATH=/usr/gnu/bin:$PATH
+fi
+
+uname=$(uname)
+
+includes_AIX='
+#include <net/if.h>
+#include <net/netopt.h>
+#include <netinet/ip_mroute.h>
+#include <sys/protosw.h>
+#include <sys/stropts.h>
+#include <sys/mman.h>
+#include <sys/poll.h>
+#include <sys/select.h>
+#include <sys/termio.h>
+#include <termios.h>
+#include <fcntl.h>
+
+#define AF_LOCAL AF_UNIX
+'
+
+includes_Darwin='
+#define _DARWIN_C_SOURCE
+#define KERNEL
+#define _DARWIN_USE_64_BIT_INODE
+#include <stdint.h>
+#include <sys/attr.h>
+#include <sys/clonefile.h>
+#include <sys/types.h>
+#include <sys/event.h>
+#include <sys/ptrace.h>
+#include <sys/select.h>
+#include <sys/socket.h>
+#include <sys/sockio.h>
+#include <sys/sysctl.h>
+#include <sys/mman.h>
+#include <sys/mount.h>
+#include <sys/utsname.h>
+#include <sys/wait.h>
+#include <sys/xattr.h>
+#include <net/bpf.h>
+#include <net/if.h>
+#include <net/if_types.h>
+#include <net/route.h>
+#include <netinet/in.h>
+#include <netinet/ip.h>
+#include <termios.h>
+'
+
+includes_DragonFly='
+#include <sys/types.h>
+#include <sys/event.h>
+#include <sys/select.h>
+#include <sys/socket.h>
+#include <sys/sockio.h>
+#include <sys/stat.h>
+#include <sys/sysctl.h>
+#include <sys/mman.h>
+#include <sys/mount.h>
+#include <sys/wait.h>
+#include <sys/ioctl.h>
+#include <net/bpf.h>
+#include <net/if.h>
+#include <net/if_types.h>
+#include <net/route.h>
+#include <netinet/in.h>
+#include <termios.h>
+#include <netinet/ip.h>
+#include <net/ip_mroute/ip_mroute.h>
+'
+
+includes_FreeBSD='
+#include <sys/capsicum.h>
+#include <sys/param.h>
+#include <sys/types.h>
+#include <sys/disk.h>
+#include <sys/event.h>
+#include <sys/sched.h>
+#include <sys/select.h>
+#include <sys/socket.h>
+#include <sys/sockio.h>
+#include <sys/stat.h>
+#include <sys/sysctl.h>
+#include <sys/mman.h>
+#include <sys/mount.h>
+#include <sys/wait.h>
+#include <sys/ioctl.h>
+#include <net/bpf.h>
+#include <net/if.h>
+#include <net/if_types.h>
+#include <net/route.h>
+#include <netinet/in.h>
+#include <termios.h>
+#include <netinet/ip.h>
+#include <netinet/ip_mroute.h>
+#include <sys/extattr.h>
+
+#if __FreeBSD__ >= 10
+#define IFT_CARP	0xf8	// IFT_CARP is deprecated in FreeBSD 10
+#undef SIOCAIFADDR
+#define SIOCAIFADDR	_IOW(105, 26, struct oifaliasreq)	// ifaliasreq contains if_data
+#undef SIOCSIFPHYADDR
+#define SIOCSIFPHYADDR	_IOW(105, 70, struct oifaliasreq)	// ifaliasreq contains if_data
+#endif
+'
+
+includes_Linux='
+#define _LARGEFILE_SOURCE
+#define _LARGEFILE64_SOURCE
+#ifndef __LP64__
+#define _FILE_OFFSET_BITS 64
+#endif
+#define _GNU_SOURCE
+
+// <sys/ioctl.h> is broken on powerpc64, as it fails to include definitions of
+// these structures. We just include them copied from <bits/termios.h>.
+#if defined(__powerpc__)
+struct sgttyb {
+        char    sg_ispeed;
+        char    sg_ospeed;
+        char    sg_erase;
+        char    sg_kill;
+        short   sg_flags;
+};
+
+struct tchars {
+        char    t_intrc;
+        char    t_quitc;
+        char    t_startc;
+        char    t_stopc;
+        char    t_eofc;
+        char    t_brkc;
+};
+
+struct ltchars {
+        char    t_suspc;
+        char    t_dsuspc;
+        char    t_rprntc;
+        char    t_flushc;
+        char    t_werasc;
+        char    t_lnextc;
+};
+#endif
+
+#include <bits/sockaddr.h>
+#include <sys/epoll.h>
+#include <sys/eventfd.h>
+#include <sys/inotify.h>
+#include <sys/ioctl.h>
+#include <sys/mman.h>
+#include <sys/mount.h>
+#include <sys/prctl.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <sys/time.h>
+#include <sys/select.h>
+#include <sys/signalfd.h>
+#include <sys/socket.h>
+#include <sys/timerfd.h>
+#include <sys/uio.h>
+#include <sys/xattr.h>
+#include <linux/bpf.h>
+#include <linux/can.h>
+#include <linux/can/error.h>
+#include <linux/can/raw.h>
+#include <linux/capability.h>
+#include <linux/cryptouser.h>
+#include <linux/devlink.h>
+#include <linux/dm-ioctl.h>
+#include <linux/errqueue.h>
+#include <linux/falloc.h>
+#include <linux/fanotify.h>
+#include <linux/filter.h>
+#include <linux/fs.h>
+#include <linux/fscrypt.h>
+#include <linux/fsverity.h>
+#include <linux/genetlink.h>
+#include <linux/hdreg.h>
+#include <linux/icmpv6.h>
+#include <linux/if.h>
+#include <linux/if_addr.h>
+#include <linux/if_alg.h>
+#include <linux/if_arp.h>
+#include <linux/if_ether.h>
+#include <linux/if_ppp.h>
+#include <linux/if_tun.h>
+#include <linux/if_packet.h>
+#include <linux/if_xdp.h>
+#include <linux/kexec.h>
+#include <linux/keyctl.h>
+#include <linux/loop.h>
+#include <linux/magic.h>
+#include <linux/memfd.h>
+#include <linux/module.h>
+#include <linux/netfilter/nfnetlink.h>
+#include <linux/netlink.h>
+#include <linux/net_namespace.h>
+#include <linux/nsfs.h>
+#include <linux/perf_event.h>
+#include <linux/ptrace.h>
+#include <linux/random.h>
+#include <linux/reboot.h>
+#include <linux/rtc.h>
+#include <linux/rtnetlink.h>
+#include <linux/sched.h>
+#include <linux/seccomp.h>
+#include <linux/serial.h>
+#include <linux/sockios.h>
+#include <linux/taskstats.h>
+#include <linux/tipc.h>
+#include <linux/vm_sockets.h>
+#include <linux/wait.h>
+#include <linux/watchdog.h>
+
+#include <mtd/ubi-user.h>
+#include <net/route.h>
+
+#if defined(__sparc__)
+// On sparc{,64}, the kernel defines struct termios2 itself which clashes with the
+// definition in glibc. As only the error constants are needed here, include the
+// generic termibits.h (which is included by termbits.h on sparc).
+#include <asm-generic/termbits.h>
+#else
+#include <asm/termbits.h>
+#endif
+
+#ifndef MSG_FASTOPEN
+#define MSG_FASTOPEN    0x20000000
+#endif
+
+#ifndef PTRACE_GETREGS
+#define PTRACE_GETREGS	0xc
+#endif
+
+#ifndef PTRACE_SETREGS
+#define PTRACE_SETREGS	0xd
+#endif
+
+#ifndef SOL_NETLINK
+#define SOL_NETLINK	270
+#endif
+
+#ifdef SOL_BLUETOOTH
+// SPARC includes this in /usr/include/sparc64-linux-gnu/bits/socket.h
+// but it is already in bluetooth_linux.go
+#undef SOL_BLUETOOTH
+#endif
+
+// Certain constants are missing from the fs/crypto UAPI
+#define FS_KEY_DESC_PREFIX              "fscrypt:"
+#define FS_KEY_DESC_PREFIX_SIZE         8
+#define FS_MAX_KEY_SIZE                 64
+
+// The code generator produces -0x1 for (~0), but an unsigned value is necessary
+// for the tipc_subscr timeout __u32 field.
+#undef TIPC_WAIT_FOREVER
+#define TIPC_WAIT_FOREVER 0xffffffff
+
+// Copied from linux/l2tp.h
+// Including linux/l2tp.h here causes conflicts between linux/in.h
+// and netinet/in.h included via net/route.h above.
+#define IPPROTO_L2TP		115
+'
+
+includes_NetBSD='
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/event.h>
+#include <sys/extattr.h>
+#include <sys/mman.h>
+#include <sys/mount.h>
+#include <sys/sched.h>
+#include <sys/select.h>
+#include <sys/socket.h>
+#include <sys/sockio.h>
+#include <sys/sysctl.h>
+#include <sys/termios.h>
+#include <sys/ttycom.h>
+#include <sys/wait.h>
+#include <net/bpf.h>
+#include <net/if.h>
+#include <net/if_types.h>
+#include <net/route.h>
+#include <netinet/in.h>
+#include <netinet/in_systm.h>
+#include <netinet/ip.h>
+#include <netinet/ip_mroute.h>
+#include <netinet/if_ether.h>
+
+// Needed since <sys/param.h> refers to it...
+#define schedppq 1
+'
+
+includes_OpenBSD='
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/event.h>
+#include <sys/mman.h>
+#include <sys/mount.h>
+#include <sys/select.h>
+#include <sys/sched.h>
+#include <sys/socket.h>
+#include <sys/sockio.h>
+#include <sys/stat.h>
+#include <sys/sysctl.h>
+#include <sys/termios.h>
+#include <sys/ttycom.h>
+#include <sys/unistd.h>
+#include <sys/wait.h>
+#include <net/bpf.h>
+#include <net/if.h>
+#include <net/if_types.h>
+#include <net/if_var.h>
+#include <net/route.h>
+#include <netinet/in.h>
+#include <netinet/in_systm.h>
+#include <netinet/ip.h>
+#include <netinet/ip_mroute.h>
+#include <netinet/if_ether.h>
+#include <net/if_bridge.h>
+
+// We keep some constants not supported in OpenBSD 5.5 and beyond for
+// the promise of compatibility.
+#define EMUL_ENABLED		0x1
+#define EMUL_NATIVE		0x2
+#define IPV6_FAITH		0x1d
+#define IPV6_OPTIONS		0x1
+#define IPV6_RTHDR_STRICT	0x1
+#define IPV6_SOCKOPT_RESERVED1	0x3
+#define SIOCGIFGENERIC		0xc020693a
+#define SIOCSIFGENERIC		0x80206939
+#define WALTSIG			0x4
+'
+
+includes_SunOS='
+#include <limits.h>
+#include <sys/types.h>
+#include <sys/select.h>
+#include <sys/socket.h>
+#include <sys/sockio.h>
+#include <sys/stat.h>
+#include <sys/mman.h>
+#include <sys/wait.h>
+#include <sys/ioctl.h>
+#include <sys/mkdev.h>
+#include <net/bpf.h>
+#include <net/if.h>
+#include <net/if_arp.h>
+#include <net/if_types.h>
+#include <net/route.h>
+#include <netinet/in.h>
+#include <termios.h>
+#include <netinet/ip.h>
+#include <netinet/ip_mroute.h>
+'
+
+
+includes='
+#include <sys/types.h>
+#include <sys/file.h>
+#include <fcntl.h>
+#include <dirent.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <netinet/ip.h>
+#include <netinet/ip6.h>
+#include <netinet/tcp.h>
+#include <errno.h>
+#include <sys/signal.h>
+#include <signal.h>
+#include <sys/resource.h>
+#include <time.h>
+'
+ccflags="$@"
+
+# Write go tool cgo -godefs input.
+(
+	echo package unix
+	echo
+	echo '/*'
+	indirect="includes_$(uname)"
+	echo "${!indirect} $includes"
+	echo '*/'
+	echo 'import "C"'
+	echo 'import "syscall"'
+	echo
+	echo 'const ('
+
+	# The gcc command line prints all the #defines
+	# it encounters while processing the input
+	echo "${!indirect} $includes" | $CC -x c - -E -dM $ccflags |
+	awk '
+		$1 != "#define" || $2 ~ /\(/ || $3 == "" {next}
+
+		$2 ~ /^E([ABCD]X|[BIS]P|[SD]I|S|FL)$/ {next}  # 386 registers
+		$2 ~ /^(SIGEV_|SIGSTKSZ|SIGRT(MIN|MAX))/ {next}
+		$2 ~ /^(SCM_SRCRT)$/ {next}
+		$2 ~ /^(MAP_FAILED)$/ {next}
+		$2 ~ /^ELF_.*$/ {next}# <asm/elf.h> contains ELF_ARCH, etc.
+
+		$2 ~ /^EXTATTR_NAMESPACE_NAMES/ ||
+		$2 ~ /^EXTATTR_NAMESPACE_[A-Z]+_STRING/ {next}
+
+		$2 !~ /^ECCAPBITS/ &&
+		$2 !~ /^ETH_/ &&
+		$2 !~ /^EPROC_/ &&
+		$2 !~ /^EQUIV_/ &&
+		$2 !~ /^EXPR_/ &&
+		$2 ~ /^E[A-Z0-9_]+$/ ||
+		$2 ~ /^B[0-9_]+$/ ||
+		$2 ~ /^(OLD|NEW)DEV$/ ||
+		$2 == "BOTHER" ||
+		$2 ~ /^CI?BAUD(EX)?$/ ||
+		$2 == "IBSHIFT" ||
+		$2 ~ /^V[A-Z0-9]+$/ ||
+		$2 ~ /^CS[A-Z0-9]/ ||
+		$2 ~ /^I(SIG|CANON|CRNL|UCLC|EXTEN|MAXBEL|STRIP|UTF8)$/ ||
+		$2 ~ /^IGN/ ||
+		$2 ~ /^IX(ON|ANY|OFF)$/ ||
+		$2 ~ /^IN(LCR|PCK)$/ ||
+		$2 !~ "X86_CR3_PCID_NOFLUSH" &&
+		$2 ~ /(^FLU?SH)|(FLU?SH$)/ ||
+		$2 ~ /^C(LOCAL|READ|MSPAR|RTSCTS)$/ ||
+		$2 == "BRKINT" ||
+		$2 == "HUPCL" ||
+		$2 == "PENDIN" ||
+		$2 == "TOSTOP" ||
+		$2 == "XCASE" ||
+		$2 == "ALTWERASE" ||
+		$2 == "NOKERNINFO" ||
+		$2 == "NFDBITS" ||
+		$2 ~ /^PAR/ ||
+		$2 ~ /^SIG[^_]/ ||
+		$2 ~ /^O[CNPFPL][A-Z]+[^_][A-Z]+$/ ||
+		$2 ~ /^(NL|CR|TAB|BS|VT|FF)DLY$/ ||
+		$2 ~ /^(NL|CR|TAB|BS|VT|FF)[0-9]$/ ||
+		$2 ~ /^O?XTABS$/ ||
+		$2 ~ /^TC[IO](ON|OFF)$/ ||
+		$2 ~ /^IN_/ ||
+		$2 ~ /^LOCK_(SH|EX|NB|UN)$/ ||
+		$2 ~ /^LO_(KEY|NAME)_SIZE$/ ||
+		$2 ~ /^LOOP_(CLR|CTL|GET|SET)_/ ||
+		$2 ~ /^(AF|SOCK|SO|SOL|IPPROTO|IP|IPV6|ICMP6|TCP|MCAST|EVFILT|NOTE|EV|SHUT|PROT|MAP|MFD|T?PACKET|MSG|SCM|MCL|DT|MADV|PR)_/ ||
+		$2 ~ /^TP_STATUS_/ ||
+		$2 ~ /^FALLOC_/ ||
+		$2 == "ICMPV6_FILTER" ||
+		$2 == "SOMAXCONN" ||
+		$2 == "NAME_MAX" ||
+		$2 == "IFNAMSIZ" ||
+		$2 ~ /^CTL_(HW|KERN|MAXNAME|NET|QUERY)$/ ||
+		$2 ~ /^KERN_(HOSTNAME|OS(RELEASE|TYPE)|VERSION)$/ ||
+		$2 ~ /^HW_MACHINE$/ ||
+		$2 ~ /^SYSCTL_VERS/ ||
+		$2 !~ "MNT_BITS" &&
+		$2 ~ /^(MS|MNT|UMOUNT)_/ ||
+		$2 ~ /^NS_GET_/ ||
+		$2 ~ /^TUN(SET|GET|ATTACH|DETACH)/ ||
+		$2 ~ /^(O|F|[ES]?FD|NAME|S|PTRACE|PT|TFD)_/ ||
+		$2 ~ /^KEXEC_/ ||
+		$2 ~ /^LINUX_REBOOT_CMD_/ ||
+		$2 ~ /^LINUX_REBOOT_MAGIC[12]$/ ||
+		$2 ~ /^MODULE_INIT_/ ||
+		$2 !~ "NLA_TYPE_MASK" &&
+		$2 !~ /^RTC_VL_(ACCURACY|BACKUP|DATA)/ &&
+		$2 ~ /^(NETLINK|NLM|NLMSG|NLA|IFA|IFAN|RT|RTC|RTCF|RTN|RTPROT|RTNH|ARPHRD|ETH_P|NETNSA)_/ ||
+		$2 ~ /^SIOC/ ||
+		$2 ~ /^TIOC/ ||
+		$2 ~ /^TCGET/ ||
+		$2 ~ /^TCSET/ ||
+		$2 ~ /^TC(FLSH|SBRKP?|XONC)$/ ||
+		$2 !~ "RTF_BITS" &&
+		$2 ~ /^(IFF|IFT|NET_RT|RTM(GRP)?|RTF|RTV|RTA|RTAX)_/ ||
+		$2 ~ /^BIOC/ ||
+		$2 ~ /^DIOC/ ||
+		$2 ~ /^RUSAGE_(SELF|CHILDREN|THREAD)/ ||
+		$2 ~ /^RLIMIT_(AS|CORE|CPU|DATA|FSIZE|LOCKS|MEMLOCK|MSGQUEUE|NICE|NOFILE|NPROC|RSS|RTPRIO|RTTIME|SIGPENDING|STACK)|RLIM_INFINITY/ ||
+		$2 ~ /^PRIO_(PROCESS|PGRP|USER)/ ||
+		$2 ~ /^CLONE_[A-Z_]+/ ||
+		$2 !~ /^(BPF_TIMEVAL|BPF_FIB_LOOKUP_[A-Z]+)$/ &&
+		$2 ~ /^(BPF|DLT)_/ ||
+		$2 ~ /^(CLOCK|TIMER)_/ ||
+		$2 ~ /^CAN_/ ||
+		$2 ~ /^CAP_/ ||
+		$2 ~ /^CP_/ ||
+		$2 ~ /^CPUSTATES$/ ||
+		$2 ~ /^ALG_/ ||
+		$2 ~ /^FI(CLONE|DEDUPERANGE)/ ||
+		$2 ~ /^FS_(POLICY_FLAGS|KEY_DESC|ENCRYPTION_MODE|[A-Z0-9_]+_KEY_SIZE)/ ||
+		$2 ~ /^FS_IOC_.*(ENCRYPTION|VERITY|[GS]ETFLAGS)/ ||
+		$2 ~ /^FS_VERITY_/ ||
+		$2 ~ /^FSCRYPT_/ ||
+		$2 ~ /^DM_/ ||
+		$2 ~ /^GRND_/ ||
+		$2 ~ /^RND/ ||
+		$2 ~ /^KEY_(SPEC|REQKEY_DEFL)_/ ||
+		$2 ~ /^KEYCTL_/ ||
+		$2 ~ /^PERF_EVENT_IOC_/ ||
+		$2 ~ /^SECCOMP_MODE_/ ||
+		$2 ~ /^SPLICE_/ ||
+		$2 ~ /^SYNC_FILE_RANGE_/ ||
+		$2 !~ /^AUDIT_RECORD_MAGIC/ &&
+		$2 !~ /IOC_MAGIC/ &&
+		$2 ~ /^[A-Z][A-Z0-9_]+_MAGIC2?$/ ||
+		$2 ~ /^(VM|VMADDR)_/ ||
+		$2 ~ /^IOCTL_VM_SOCKETS_/ ||
+		$2 ~ /^(TASKSTATS|TS)_/ ||
+		$2 ~ /^CGROUPSTATS_/ ||
+		$2 ~ /^GENL_/ ||
+		$2 ~ /^STATX_/ ||
+		$2 ~ /^RENAME/ ||
+		$2 ~ /^UBI_IOC[A-Z]/ ||
+		$2 ~ /^UTIME_/ ||
+		$2 ~ /^XATTR_(CREATE|REPLACE|NO(DEFAULT|FOLLOW|SECURITY)|SHOWCOMPRESSION)/ ||
+		$2 ~ /^ATTR_(BIT_MAP_COUNT|(CMN|VOL|FILE)_)/ ||
+		$2 ~ /^FSOPT_/ ||
+		$2 ~ /^WDIOC_/ ||
+		$2 ~ /^NFN/ ||
+		$2 ~ /^XDP_/ ||
+		$2 ~ /^RWF_/ ||
+		$2 ~ /^(HDIO|WIN|SMART)_/ ||
+		$2 ~ /^CRYPTO_/ ||
+		$2 ~ /^TIPC_/ ||
+		$2 ~ /^DEVLINK_/ ||
+		$2 !~ "WMESGLEN" &&
+		$2 ~ /^W[A-Z0-9]+$/ ||
+		$2 ~/^PPPIOC/ ||
+		$2 ~ /^FAN_|FANOTIFY_/ ||
+		$2 ~ /^BLK[A-Z]*(GET$|SET$|BUF$|PART$|SIZE)/ {printf("\t%s = C.%s\n", $2, $2)}
+		$2 ~ /^__WCOREFLAG$/ {next}
+		$2 ~ /^__W[A-Z0-9]+$/ {printf("\t%s = C.%s\n", substr($2,3), $2)}
+
+		{next}
+	' | sort
+
+	echo ')'
+) >_const.go
+
+# Pull out the error names for later.
+errors=$(
+	echo '#include <errno.h>' | $CC -x c - -E -dM $ccflags |
+	awk '$1=="#define" && $2 ~ /^E[A-Z0-9_]+$/ { print $2 }' |
+	sort
+)
+
+# Pull out the signal names for later.
+signals=$(
+	echo '#include <signal.h>' | $CC -x c - -E -dM $ccflags |
+	awk '$1=="#define" && $2 ~ /^SIG[A-Z0-9]+$/ { print $2 }' |
+	egrep -v '(SIGSTKSIZE|SIGSTKSZ|SIGRT|SIGMAX64)' |
+	sort
+)
+
+# Again, writing regexps to a file.
+echo '#include <errno.h>' | $CC -x c - -E -dM $ccflags |
+	awk '$1=="#define" && $2 ~ /^E[A-Z0-9_]+$/ { print "^\t" $2 "[ \t]*=" }' |
+	sort >_error.grep
+echo '#include <signal.h>' | $CC -x c - -E -dM $ccflags |
+	awk '$1=="#define" && $2 ~ /^SIG[A-Z0-9]+$/ { print "^\t" $2 "[ \t]*=" }' |
+	egrep -v '(SIGSTKSIZE|SIGSTKSZ|SIGRT|SIGMAX64)' |
+	sort >_signal.grep
+
+echo '// mkerrors.sh' "$@"
+echo '// Code generated by the command above; see README.md. DO NOT EDIT.'
+echo
+echo "// +build ${GOARCH},${GOOS}"
+echo
+go tool cgo -godefs -- "$@" _const.go >_error.out
+cat _error.out | grep -vf _error.grep | grep -vf _signal.grep
+echo
+echo '// Errors'
+echo 'const ('
+cat _error.out | grep -f _error.grep | sed 's/=\(.*\)/= syscall.Errno(\1)/'
+echo ')'
+
+echo
+echo '// Signals'
+echo 'const ('
+cat _error.out | grep -f _signal.grep | sed 's/=\(.*\)/= syscall.Signal(\1)/'
+echo ')'
+
+# Run C program to print error and syscall strings.
+(
+	echo -E "
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <ctype.h>
+#include <string.h>
+#include <signal.h>
+
+#define nelem(x) (sizeof(x)/sizeof((x)[0]))
+
+enum { A = 'A', Z = 'Z', a = 'a', z = 'z' }; // avoid need for single quotes below
+
+struct tuple {
+	int num;
+	const char *name;
+};
+
+struct tuple errors[] = {
+"
+	for i in $errors
+	do
+		echo -E '	{'$i', "'$i'" },'
+	done
+
+	echo -E "
+};
+
+struct tuple signals[] = {
+"
+	for i in $signals
+	do
+		echo -E '	{'$i', "'$i'" },'
+	done
+
+	# Use -E because on some systems bash builtin interprets \n itself.
+	echo -E '
+};
+
+static int
+tuplecmp(const void *a, const void *b)
+{
+	return ((struct tuple *)a)->num - ((struct tuple *)b)->num;
+}
+
+int
+main(void)
+{
+	int i, e;
+	char buf[1024], *p;
+
+	printf("\n\n// Error table\n");
+	printf("var errorList = [...]struct {\n");
+	printf("\tnum  syscall.Errno\n");
+	printf("\tname string\n");
+	printf("\tdesc string\n");
+	printf("} {\n");
+	qsort(errors, nelem(errors), sizeof errors[0], tuplecmp);
+	for(i=0; i<nelem(errors); i++) {
+		e = errors[i].num;
+		if(i > 0 && errors[i-1].num == e)
+			continue;
+		strcpy(buf, strerror(e));
+		// lowercase first letter: Bad -> bad, but STREAM -> STREAM.
+		if(A <= buf[0] && buf[0] <= Z && a <= buf[1] && buf[1] <= z)
+			buf[0] += a - A;
+		printf("\t{ %d, \"%s\", \"%s\" },\n", e, errors[i].name, buf);
+	}
+	printf("}\n\n");
+
+	printf("\n\n// Signal table\n");
+	printf("var signalList = [...]struct {\n");
+	printf("\tnum  syscall.Signal\n");
+	printf("\tname string\n");
+	printf("\tdesc string\n");
+	printf("} {\n");
+	qsort(signals, nelem(signals), sizeof signals[0], tuplecmp);
+	for(i=0; i<nelem(signals); i++) {
+		e = signals[i].num;
+		if(i > 0 && signals[i-1].num == e)
+			continue;
+		strcpy(buf, strsignal(e));
+		// lowercase first letter: Bad -> bad, but STREAM -> STREAM.
+		if(A <= buf[0] && buf[0] <= Z && a <= buf[1] && buf[1] <= z)
+			buf[0] += a - A;
+		// cut trailing : number.
+		p = strrchr(buf, ":"[0]);
+		if(p)
+			*p = '\0';
+		printf("\t{ %d, \"%s\", \"%s\" },\n", e, signals[i].name, buf);
+	}
+	printf("}\n\n");
+
+	return 0;
+}
+
+'
+) >_errors.c
+
+$CC $ccflags -o _errors _errors.c && $GORUN ./_errors && rm -f _errors.c _errors _const.go _error.grep _signal.grep _error.out
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/pagesize_unix.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/pagesize_unix.go
new file mode 100644
index 000000000..bc2f3629a
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/pagesize_unix.go
@@ -0,0 +1,15 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
+
+// For Unix, get the pagesize from the runtime.
+
+package unix
+
+import "syscall"
+
+func Getpagesize() int {
+	return syscall.Getpagesize()
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/pledge_openbsd.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/pledge_openbsd.go
new file mode 100644
index 000000000..eb48294b2
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/pledge_openbsd.go
@@ -0,0 +1,163 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package unix
+
+import (
+	"errors"
+	"fmt"
+	"strconv"
+	"syscall"
+	"unsafe"
+)
+
+// Pledge implements the pledge syscall.
+//
+// The pledge syscall does not accept execpromises on OpenBSD releases
+// before 6.3.
+//
+// execpromises must be empty when Pledge is called on OpenBSD
+// releases predating 6.3, otherwise an error will be returned.
+//
+// For more information see pledge(2).
+func Pledge(promises, execpromises string) error {
+	maj, min, err := majmin()
+	if err != nil {
+		return err
+	}
+
+	err = pledgeAvailable(maj, min, execpromises)
+	if err != nil {
+		return err
+	}
+
+	pptr, err := syscall.BytePtrFromString(promises)
+	if err != nil {
+		return err
+	}
+
+	// This variable will hold either a nil unsafe.Pointer or
+	// an unsafe.Pointer to a string (execpromises).
+	var expr unsafe.Pointer
+
+	// If we're running on OpenBSD > 6.2, pass execpromises to the syscall.
+	if maj > 6 || (maj == 6 && min > 2) {
+		exptr, err := syscall.BytePtrFromString(execpromises)
+		if err != nil {
+			return err
+		}
+		expr = unsafe.Pointer(exptr)
+	}
+
+	_, _, e := syscall.Syscall(SYS_PLEDGE, uintptr(unsafe.Pointer(pptr)), uintptr(expr), 0)
+	if e != 0 {
+		return e
+	}
+
+	return nil
+}
+
+// PledgePromises implements the pledge syscall.
+//
+// This changes the promises and leaves the execpromises untouched.
+//
+// For more information see pledge(2).
+func PledgePromises(promises string) error {
+	maj, min, err := majmin()
+	if err != nil {
+		return err
+	}
+
+	err = pledgeAvailable(maj, min, "")
+	if err != nil {
+		return err
+	}
+
+	// This variable holds the execpromises and is always nil.
+	var expr unsafe.Pointer
+
+	pptr, err := syscall.BytePtrFromString(promises)
+	if err != nil {
+		return err
+	}
+
+	_, _, e := syscall.Syscall(SYS_PLEDGE, uintptr(unsafe.Pointer(pptr)), uintptr(expr), 0)
+	if e != 0 {
+		return e
+	}
+
+	return nil
+}
+
+// PledgeExecpromises implements the pledge syscall.
+//
+// This changes the execpromises and leaves the promises untouched.
+//
+// For more information see pledge(2).
+func PledgeExecpromises(execpromises string) error {
+	maj, min, err := majmin()
+	if err != nil {
+		return err
+	}
+
+	err = pledgeAvailable(maj, min, execpromises)
+	if err != nil {
+		return err
+	}
+
+	// This variable holds the promises and is always nil.
+	var pptr unsafe.Pointer
+
+	exptr, err := syscall.BytePtrFromString(execpromises)
+	if err != nil {
+		return err
+	}
+
+	_, _, e := syscall.Syscall(SYS_PLEDGE, uintptr(pptr), uintptr(unsafe.Pointer(exptr)), 0)
+	if e != 0 {
+		return e
+	}
+
+	return nil
+}
+
+// majmin returns major and minor version number for an OpenBSD system.
+func majmin() (major int, minor int, err error) {
+	var v Utsname
+	err = Uname(&v)
+	if err != nil {
+		return
+	}
+
+	major, err = strconv.Atoi(string(v.Release[0]))
+	if err != nil {
+		err = errors.New("cannot parse major version number returned by uname")
+		return
+	}
+
+	minor, err = strconv.Atoi(string(v.Release[2]))
+	if err != nil {
+		err = errors.New("cannot parse minor version number returned by uname")
+		return
+	}
+
+	return
+}
+
+// pledgeAvailable checks for availability of the pledge(2) syscall
+// based on the running OpenBSD version.
+func pledgeAvailable(maj, min int, execpromises string) error {
+	// If OpenBSD <= 5.9, pledge is not available.
+	if (maj == 5 && min != 9) || maj < 5 {
+		return fmt.Errorf("pledge syscall is not available on OpenBSD %d.%d", maj, min)
+	}
+
+	// If OpenBSD <= 6.2 and execpromises is not empty,
+	// return an error - execpromises is not available before 6.3
+	if (maj < 6 || (maj == 6 && min <= 2)) && execpromises != "" {
+		return fmt.Errorf("cannot use execpromises on OpenBSD %d.%d", maj, min)
+	}
+
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/race.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/race.go
new file mode 100644
index 000000000..61712b51c
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/race.go
@@ -0,0 +1,30 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build darwin,race linux,race freebsd,race
+
+package unix
+
+import (
+	"runtime"
+	"unsafe"
+)
+
+const raceenabled = true
+
+func raceAcquire(addr unsafe.Pointer) {
+	runtime.RaceAcquire(addr)
+}
+
+func raceReleaseMerge(addr unsafe.Pointer) {
+	runtime.RaceReleaseMerge(addr)
+}
+
+func raceReadRange(addr unsafe.Pointer, len int) {
+	runtime.RaceReadRange(addr, len)
+}
+
+func raceWriteRange(addr unsafe.Pointer, len int) {
+	runtime.RaceWriteRange(addr, len)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/race0.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/race0.go
new file mode 100644
index 000000000..ad026678c
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/race0.go
@@ -0,0 +1,25 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build aix darwin,!race linux,!race freebsd,!race netbsd openbsd solaris dragonfly
+
+package unix
+
+import (
+	"unsafe"
+)
+
+const raceenabled = false
+
+func raceAcquire(addr unsafe.Pointer) {
+}
+
+func raceReleaseMerge(addr unsafe.Pointer) {
+}
+
+func raceReadRange(addr unsafe.Pointer, len int) {
+}
+
+func raceWriteRange(addr unsafe.Pointer, len int) {
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/readdirent_getdents.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/readdirent_getdents.go
new file mode 100644
index 000000000..3a90aa6df
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/readdirent_getdents.go
@@ -0,0 +1,12 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build aix dragonfly freebsd linux netbsd openbsd
+
+package unix
+
+// ReadDirent reads directory entries from fd and writes them into buf.
+func ReadDirent(fd int, buf []byte) (n int, err error) {
+	return Getdents(fd, buf)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go
new file mode 100644
index 000000000..5fdae40b3
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go
@@ -0,0 +1,19 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build darwin
+
+package unix
+
+import "unsafe"
+
+// ReadDirent reads directory entries from fd and writes them into buf.
+func ReadDirent(fd int, buf []byte) (n int, err error) {
+	// Final argument is (basep *uintptr) and the syscall doesn't take nil.
+	// 64 bits should be enough. (32 bits isn't even on 386). Since the
+	// actual system call is getdirentries64, 64 is a good guess.
+	// TODO(rsc): Can we use a single global basep for all calls?
+	var base = (*uintptr)(unsafe.Pointer(new(uint64)))
+	return Getdirentries(fd, buf, base)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/sockcmsg_dragonfly.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/sockcmsg_dragonfly.go
new file mode 100644
index 000000000..5144deecc
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/sockcmsg_dragonfly.go
@@ -0,0 +1,16 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package unix
+
+// Round the length of a raw sockaddr up to align it properly.
+func cmsgAlignOf(salen int) int {
+	salign := SizeofPtr
+	if SizeofPtr == 8 && !supportsABI(_dragonflyABIChangeVersion) {
+		// 64-bit Dragonfly before the September 2019 ABI changes still requires
+		// 32-bit aligned access to network subsystem.
+		salign = 4
+	}
+	return (salen + salign - 1) & ^(salign - 1)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/sockcmsg_linux.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/sockcmsg_linux.go
new file mode 100644
index 000000000..8bf457059
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/sockcmsg_linux.go
@@ -0,0 +1,36 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Socket control messages
+
+package unix
+
+import "unsafe"
+
+// UnixCredentials encodes credentials into a socket control message
+// for sending to another process. This can be used for
+// authentication.
+func UnixCredentials(ucred *Ucred) []byte {
+	b := make([]byte, CmsgSpace(SizeofUcred))
+	h := (*Cmsghdr)(unsafe.Pointer(&b[0]))
+	h.Level = SOL_SOCKET
+	h.Type = SCM_CREDENTIALS
+	h.SetLen(CmsgLen(SizeofUcred))
+	*(*Ucred)(h.data(0)) = *ucred
+	return b
+}
+
+// ParseUnixCredentials decodes a socket control message that contains
+// credentials in a Ucred structure. To receive such a message, the
+// SO_PASSCRED option must be enabled on the socket.
+func ParseUnixCredentials(m *SocketControlMessage) (*Ucred, error) {
+	if m.Header.Level != SOL_SOCKET {
+		return nil, EINVAL
+	}
+	if m.Header.Type != SCM_CREDENTIALS {
+		return nil, EINVAL
+	}
+	ucred := *(*Ucred)(unsafe.Pointer(&m.Data[0]))
+	return &ucred, nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/sockcmsg_unix.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/sockcmsg_unix.go
new file mode 100644
index 000000000..003916ed7
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/sockcmsg_unix.go
@@ -0,0 +1,92 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
+
+// Socket control messages
+
+package unix
+
+import (
+	"unsafe"
+)
+
+// CmsgLen returns the value to store in the Len field of the Cmsghdr
+// structure, taking into account any necessary alignment.
+func CmsgLen(datalen int) int {
+	return cmsgAlignOf(SizeofCmsghdr) + datalen
+}
+
+// CmsgSpace returns the number of bytes an ancillary element with
+// payload of the passed data length occupies.
+func CmsgSpace(datalen int) int {
+	return cmsgAlignOf(SizeofCmsghdr) + cmsgAlignOf(datalen)
+}
+
+func (h *Cmsghdr) data(offset uintptr) unsafe.Pointer {
+	return unsafe.Pointer(uintptr(unsafe.Pointer(h)) + uintptr(cmsgAlignOf(SizeofCmsghdr)) + offset)
+}
+
+// SocketControlMessage represents a socket control message.
+type SocketControlMessage struct {
+	Header Cmsghdr
+	Data   []byte
+}
+
+// ParseSocketControlMessage parses b as an array of socket control
+// messages.
+func ParseSocketControlMessage(b []byte) ([]SocketControlMessage, error) {
+	var msgs []SocketControlMessage
+	i := 0
+	for i+CmsgLen(0) <= len(b) {
+		h, dbuf, err := socketControlMessageHeaderAndData(b[i:])
+		if err != nil {
+			return nil, err
+		}
+		m := SocketControlMessage{Header: *h, Data: dbuf}
+		msgs = append(msgs, m)
+		i += cmsgAlignOf(int(h.Len))
+	}
+	return msgs, nil
+}
+
+func socketControlMessageHeaderAndData(b []byte) (*Cmsghdr, []byte, error) {
+	h := (*Cmsghdr)(unsafe.Pointer(&b[0]))
+	if h.Len < SizeofCmsghdr || uint64(h.Len) > uint64(len(b)) {
+		return nil, nil, EINVAL
+	}
+	return h, b[cmsgAlignOf(SizeofCmsghdr):h.Len], nil
+}
+
+// UnixRights encodes a set of open file descriptors into a socket
+// control message for sending to another process.
+func UnixRights(fds ...int) []byte {
+	datalen := len(fds) * 4
+	b := make([]byte, CmsgSpace(datalen))
+	h := (*Cmsghdr)(unsafe.Pointer(&b[0]))
+	h.Level = SOL_SOCKET
+	h.Type = SCM_RIGHTS
+	h.SetLen(CmsgLen(datalen))
+	for i, fd := range fds {
+		*(*int32)(h.data(4 * uintptr(i))) = int32(fd)
+	}
+	return b
+}
+
+// ParseUnixRights decodes a socket control message that contains an
+// integer array of open file descriptors from another process.
+func ParseUnixRights(m *SocketControlMessage) ([]int, error) {
+	if m.Header.Level != SOL_SOCKET {
+		return nil, EINVAL
+	}
+	if m.Header.Type != SCM_RIGHTS {
+		return nil, EINVAL
+	}
+	fds := make([]int, len(m.Data)>>2)
+	for i, j := 0, 0; i < len(m.Data); i += 4 {
+		fds[j] = int(*(*int32)(unsafe.Pointer(&m.Data[i])))
+		j++
+	}
+	return fds, nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/sockcmsg_unix_other.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/sockcmsg_unix_other.go
new file mode 100644
index 000000000..57a0021da
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/sockcmsg_unix_other.go
@@ -0,0 +1,42 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build aix darwin freebsd linux netbsd openbsd solaris
+
+package unix
+
+import (
+	"runtime"
+)
+
+// Round the length of a raw sockaddr up to align it properly.
+func cmsgAlignOf(salen int) int {
+	salign := SizeofPtr
+
+	// dragonfly needs to check ABI version at runtime, see cmsgAlignOf in
+	// sockcmsg_dragonfly.go
+	switch runtime.GOOS {
+	case "aix":
+		// There is no alignment on AIX.
+		salign = 1
+	case "darwin", "ios", "illumos", "solaris":
+		// NOTE: It seems like 64-bit Darwin, Illumos and Solaris
+		// kernels still require 32-bit aligned access to network
+		// subsystem.
+		if SizeofPtr == 8 {
+			salign = 4
+		}
+	case "netbsd", "openbsd":
+		// NetBSD and OpenBSD armv7 require 64-bit alignment.
+		if runtime.GOARCH == "arm" {
+			salign = 8
+		}
+		// NetBSD aarch64 requires 128-bit alignment.
+		if runtime.GOOS == "netbsd" && runtime.GOARCH == "arm64" {
+			salign = 16
+		}
+	}
+
+	return (salen + salign - 1) & ^(salign - 1)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/str.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/str.go
new file mode 100644
index 000000000..17fb69868
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/str.go
@@ -0,0 +1,26 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
+
+package unix
+
+func itoa(val int) string { // do it here rather than with fmt to avoid dependency
+	if val < 0 {
+		return "-" + uitoa(uint(-val))
+	}
+	return uitoa(uint(val))
+}
+
+func uitoa(val uint) string {
+	var buf [32]byte // big enough for int64
+	i := len(buf) - 1
+	for val >= 10 {
+		buf[i] = byte(val%10 + '0')
+		i--
+		val /= 10
+	}
+	buf[i] = byte(val + '0')
+	return string(buf[i:])
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall.go
new file mode 100644
index 000000000..fd4ee8ebe
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall.go
@@ -0,0 +1,53 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
+
+// Package unix contains an interface to the low-level operating system
+// primitives. OS details vary depending on the underlying system, and
+// by default, godoc will display OS-specific documentation for the current
+// system. If you want godoc to display OS documentation for another
+// system, set $GOOS and $GOARCH to the desired system. For example, if
+// you want to view documentation for freebsd/arm on linux/amd64, set $GOOS
+// to freebsd and $GOARCH to arm.
+//
+// The primary use of this package is inside other packages that provide a more
+// portable interface to the system, such as "os", "time" and "net".  Use
+// those packages rather than this one if you can.
+//
+// For details of the functions and data types in this package consult
+// the manuals for the appropriate operating system.
+//
+// These calls return err == nil to indicate success; otherwise
+// err represents an operating system error describing the failure and
+// holds a value of type syscall.Errno.
+package unix // import "golang.org/x/sys/unix"
+
+import "strings"
+
+// ByteSliceFromString returns a NUL-terminated slice of bytes
+// containing the text of s. If s contains a NUL byte at any
+// location, it returns (nil, EINVAL).
+func ByteSliceFromString(s string) ([]byte, error) {
+	if strings.IndexByte(s, 0) != -1 {
+		return nil, EINVAL
+	}
+	a := make([]byte, len(s)+1)
+	copy(a, s)
+	return a, nil
+}
+
+// BytePtrFromString returns a pointer to a NUL-terminated array of
+// bytes containing the text of s. If s contains a NUL byte at any
+// location, it returns (nil, EINVAL).
+func BytePtrFromString(s string) (*byte, error) {
+	a, err := ByteSliceFromString(s)
+	if err != nil {
+		return nil, err
+	}
+	return &a[0], nil
+}
+
+// Single-word zero for use when we need a valid pointer to 0 bytes.
+var _zero uintptr
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_aix.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_aix.go
new file mode 100644
index 000000000..9ad8a0d4a
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_aix.go
@@ -0,0 +1,536 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build aix
+
+// Aix system calls.
+// This file is compiled as ordinary Go code,
+// but it is also input to mksyscall,
+// which parses the //sys lines and generates system call stubs.
+// Note that sometimes we use a lowercase //sys name and
+// wrap it in our own nicer implementation.
+
+package unix
+
+import "unsafe"
+
+/*
+ * Wrapped
+ */
+
+//sys	utimes(path string, times *[2]Timeval) (err error)
+func Utimes(path string, tv []Timeval) error {
+	if len(tv) != 2 {
+		return EINVAL
+	}
+	return utimes(path, (*[2]Timeval)(unsafe.Pointer(&tv[0])))
+}
+
+//sys	utimensat(dirfd int, path string, times *[2]Timespec, flag int) (err error)
+func UtimesNano(path string, ts []Timespec) error {
+	if len(ts) != 2 {
+		return EINVAL
+	}
+	return utimensat(AT_FDCWD, path, (*[2]Timespec)(unsafe.Pointer(&ts[0])), 0)
+}
+
+func UtimesNanoAt(dirfd int, path string, ts []Timespec, flags int) error {
+	if ts == nil {
+		return utimensat(dirfd, path, nil, flags)
+	}
+	if len(ts) != 2 {
+		return EINVAL
+	}
+	return utimensat(dirfd, path, (*[2]Timespec)(unsafe.Pointer(&ts[0])), flags)
+}
+
+func (sa *SockaddrInet4) sockaddr() (unsafe.Pointer, _Socklen, error) {
+	if sa.Port < 0 || sa.Port > 0xFFFF {
+		return nil, 0, EINVAL
+	}
+	sa.raw.Family = AF_INET
+	p := (*[2]byte)(unsafe.Pointer(&sa.raw.Port))
+	p[0] = byte(sa.Port >> 8)
+	p[1] = byte(sa.Port)
+	for i := 0; i < len(sa.Addr); i++ {
+		sa.raw.Addr[i] = sa.Addr[i]
+	}
+	return unsafe.Pointer(&sa.raw), SizeofSockaddrInet4, nil
+}
+
+func (sa *SockaddrInet6) sockaddr() (unsafe.Pointer, _Socklen, error) {
+	if sa.Port < 0 || sa.Port > 0xFFFF {
+		return nil, 0, EINVAL
+	}
+	sa.raw.Family = AF_INET6
+	p := (*[2]byte)(unsafe.Pointer(&sa.raw.Port))
+	p[0] = byte(sa.Port >> 8)
+	p[1] = byte(sa.Port)
+	sa.raw.Scope_id = sa.ZoneId
+	for i := 0; i < len(sa.Addr); i++ {
+		sa.raw.Addr[i] = sa.Addr[i]
+	}
+	return unsafe.Pointer(&sa.raw), SizeofSockaddrInet6, nil
+}
+
+func (sa *SockaddrUnix) sockaddr() (unsafe.Pointer, _Socklen, error) {
+	name := sa.Name
+	n := len(name)
+	if n > len(sa.raw.Path) {
+		return nil, 0, EINVAL
+	}
+	if n == len(sa.raw.Path) && name[0] != '@' {
+		return nil, 0, EINVAL
+	}
+	sa.raw.Family = AF_UNIX
+	for i := 0; i < n; i++ {
+		sa.raw.Path[i] = uint8(name[i])
+	}
+	// length is family (uint16), name, NUL.
+	sl := _Socklen(2)
+	if n > 0 {
+		sl += _Socklen(n) + 1
+	}
+	if sa.raw.Path[0] == '@' {
+		sa.raw.Path[0] = 0
+		// Don't count trailing NUL for abstract address.
+		sl--
+	}
+
+	return unsafe.Pointer(&sa.raw), sl, nil
+}
+
+func Getsockname(fd int) (sa Sockaddr, err error) {
+	var rsa RawSockaddrAny
+	var len _Socklen = SizeofSockaddrAny
+	if err = getsockname(fd, &rsa, &len); err != nil {
+		return
+	}
+	return anyToSockaddr(fd, &rsa)
+}
+
+//sys	getcwd(buf []byte) (err error)
+
+const ImplementsGetwd = true
+
+func Getwd() (ret string, err error) {
+	for len := uint64(4096); ; len *= 2 {
+		b := make([]byte, len)
+		err := getcwd(b)
+		if err == nil {
+			i := 0
+			for b[i] != 0 {
+				i++
+			}
+			return string(b[0:i]), nil
+		}
+		if err != ERANGE {
+			return "", err
+		}
+	}
+}
+
+func Getcwd(buf []byte) (n int, err error) {
+	err = getcwd(buf)
+	if err == nil {
+		i := 0
+		for buf[i] != 0 {
+			i++
+		}
+		n = i + 1
+	}
+	return
+}
+
+func Getgroups() (gids []int, err error) {
+	n, err := getgroups(0, nil)
+	if err != nil {
+		return nil, err
+	}
+	if n == 0 {
+		return nil, nil
+	}
+
+	// Sanity check group count. Max is 16 on BSD.
+	if n < 0 || n > 1000 {
+		return nil, EINVAL
+	}
+
+	a := make([]_Gid_t, n)
+	n, err = getgroups(n, &a[0])
+	if err != nil {
+		return nil, err
+	}
+	gids = make([]int, n)
+	for i, v := range a[0:n] {
+		gids[i] = int(v)
+	}
+	return
+}
+
+func Setgroups(gids []int) (err error) {
+	if len(gids) == 0 {
+		return setgroups(0, nil)
+	}
+
+	a := make([]_Gid_t, len(gids))
+	for i, v := range gids {
+		a[i] = _Gid_t(v)
+	}
+	return setgroups(len(a), &a[0])
+}
+
+/*
+ * Socket
+ */
+
+//sys	accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error)
+
+func Accept(fd int) (nfd int, sa Sockaddr, err error) {
+	var rsa RawSockaddrAny
+	var len _Socklen = SizeofSockaddrAny
+	nfd, err = accept(fd, &rsa, &len)
+	if nfd == -1 {
+		return
+	}
+	sa, err = anyToSockaddr(fd, &rsa)
+	if err != nil {
+		Close(nfd)
+		nfd = 0
+	}
+	return
+}
+
+func Recvmsg(fd int, p, oob []byte, flags int) (n, oobn int, recvflags int, from Sockaddr, err error) {
+	// Recvmsg not implemented on AIX
+	sa := new(SockaddrUnix)
+	return -1, -1, -1, sa, ENOSYS
+}
+
+func Sendmsg(fd int, p, oob []byte, to Sockaddr, flags int) (err error) {
+	_, err = SendmsgN(fd, p, oob, to, flags)
+	return
+}
+
+func SendmsgN(fd int, p, oob []byte, to Sockaddr, flags int) (n int, err error) {
+	// SendmsgN not implemented on AIX
+	return -1, ENOSYS
+}
+
+func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) {
+	switch rsa.Addr.Family {
+
+	case AF_UNIX:
+		pp := (*RawSockaddrUnix)(unsafe.Pointer(rsa))
+		sa := new(SockaddrUnix)
+
+		// Some versions of AIX have a bug in getsockname (see IV78655).
+		// We can't rely on sa.Len being set correctly.
+		n := SizeofSockaddrUnix - 3 // subtract leading Family, Len, terminating NUL.
+		for i := 0; i < n; i++ {
+			if pp.Path[i] == 0 {
+				n = i
+				break
+			}
+		}
+
+		bytes := (*[10000]byte)(unsafe.Pointer(&pp.Path[0]))[0:n]
+		sa.Name = string(bytes)
+		return sa, nil
+
+	case AF_INET:
+		pp := (*RawSockaddrInet4)(unsafe.Pointer(rsa))
+		sa := new(SockaddrInet4)
+		p := (*[2]byte)(unsafe.Pointer(&pp.Port))
+		sa.Port = int(p[0])<<8 + int(p[1])
+		for i := 0; i < len(sa.Addr); i++ {
+			sa.Addr[i] = pp.Addr[i]
+		}
+		return sa, nil
+
+	case AF_INET6:
+		pp := (*RawSockaddrInet6)(unsafe.Pointer(rsa))
+		sa := new(SockaddrInet6)
+		p := (*[2]byte)(unsafe.Pointer(&pp.Port))
+		sa.Port = int(p[0])<<8 + int(p[1])
+		sa.ZoneId = pp.Scope_id
+		for i := 0; i < len(sa.Addr); i++ {
+			sa.Addr[i] = pp.Addr[i]
+		}
+		return sa, nil
+	}
+	return nil, EAFNOSUPPORT
+}
+
+func Gettimeofday(tv *Timeval) (err error) {
+	err = gettimeofday(tv, nil)
+	return
+}
+
+func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
+	if raceenabled {
+		raceReleaseMerge(unsafe.Pointer(&ioSync))
+	}
+	return sendfile(outfd, infd, offset, count)
+}
+
+// TODO
+func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
+	return -1, ENOSYS
+}
+
+func direntIno(buf []byte) (uint64, bool) {
+	return readInt(buf, unsafe.Offsetof(Dirent{}.Ino), unsafe.Sizeof(Dirent{}.Ino))
+}
+
+func direntReclen(buf []byte) (uint64, bool) {
+	return readInt(buf, unsafe.Offsetof(Dirent{}.Reclen), unsafe.Sizeof(Dirent{}.Reclen))
+}
+
+func direntNamlen(buf []byte) (uint64, bool) {
+	reclen, ok := direntReclen(buf)
+	if !ok {
+		return 0, false
+	}
+	return reclen - uint64(unsafe.Offsetof(Dirent{}.Name)), true
+}
+
+//sys	getdirent(fd int, buf []byte) (n int, err error)
+func Getdents(fd int, buf []byte) (n int, err error) {
+	return getdirent(fd, buf)
+}
+
+//sys	wait4(pid Pid_t, status *_C_int, options int, rusage *Rusage) (wpid Pid_t, err error)
+func Wait4(pid int, wstatus *WaitStatus, options int, rusage *Rusage) (wpid int, err error) {
+	var status _C_int
+	var r Pid_t
+	err = ERESTART
+	// AIX wait4 may return with ERESTART errno, while the processus is still
+	// active.
+	for err == ERESTART {
+		r, err = wait4(Pid_t(pid), &status, options, rusage)
+	}
+	wpid = int(r)
+	if wstatus != nil {
+		*wstatus = WaitStatus(status)
+	}
+	return
+}
+
+/*
+ * Wait
+ */
+
+type WaitStatus uint32
+
+func (w WaitStatus) Stopped() bool { return w&0x40 != 0 }
+func (w WaitStatus) StopSignal() Signal {
+	if !w.Stopped() {
+		return -1
+	}
+	return Signal(w>>8) & 0xFF
+}
+
+func (w WaitStatus) Exited() bool { return w&0xFF == 0 }
+func (w WaitStatus) ExitStatus() int {
+	if !w.Exited() {
+		return -1
+	}
+	return int((w >> 8) & 0xFF)
+}
+
+func (w WaitStatus) Signaled() bool { return w&0x40 == 0 && w&0xFF != 0 }
+func (w WaitStatus) Signal() Signal {
+	if !w.Signaled() {
+		return -1
+	}
+	return Signal(w>>16) & 0xFF
+}
+
+func (w WaitStatus) Continued() bool { return w&0x01000000 != 0 }
+
+func (w WaitStatus) CoreDump() bool { return w&0x80 == 0x80 }
+
+func (w WaitStatus) TrapCause() int { return -1 }
+
+//sys	ioctl(fd int, req uint, arg uintptr) (err error)
+
+// fcntl must never be called with cmd=F_DUP2FD because it doesn't work on AIX
+// There is no way to create a custom fcntl and to keep //sys fcntl easily,
+// Therefore, the programmer must call dup2 instead of fcntl in this case.
+
+// FcntlInt performs a fcntl syscall on fd with the provided command and argument.
+//sys	FcntlInt(fd uintptr, cmd int, arg int) (r int,err error) = fcntl
+
+// FcntlFlock performs a fcntl syscall for the F_GETLK, F_SETLK or F_SETLKW command.
+//sys	FcntlFlock(fd uintptr, cmd int, lk *Flock_t) (err error) = fcntl
+
+//sys	fcntl(fd int, cmd int, arg int) (val int, err error)
+
+/*
+ * Direct access
+ */
+
+//sys	Acct(path string) (err error)
+//sys	Chdir(path string) (err error)
+//sys	Chroot(path string) (err error)
+//sys	Close(fd int) (err error)
+//sys	Dup(oldfd int) (fd int, err error)
+//sys	Exit(code int)
+//sys	Faccessat(dirfd int, path string, mode uint32, flags int) (err error)
+//sys	Fchdir(fd int) (err error)
+//sys	Fchmod(fd int, mode uint32) (err error)
+//sys	Fchmodat(dirfd int, path string, mode uint32, flags int) (err error)
+//sys	Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error)
+//sys	Fdatasync(fd int) (err error)
+//sys	Fsync(fd int) (err error)
+// readdir_r
+//sysnb	Getpgid(pid int) (pgid int, err error)
+
+//sys	Getpgrp() (pid int)
+
+//sysnb	Getpid() (pid int)
+//sysnb	Getppid() (ppid int)
+//sys	Getpriority(which int, who int) (prio int, err error)
+//sysnb	Getrusage(who int, rusage *Rusage) (err error)
+//sysnb	Getsid(pid int) (sid int, err error)
+//sysnb	Kill(pid int, sig Signal) (err error)
+//sys	Klogctl(typ int, buf []byte) (n int, err error) = syslog
+//sys	Mkdir(dirfd int, path string, mode uint32) (err error)
+//sys	Mkdirat(dirfd int, path string, mode uint32) (err error)
+//sys	Mkfifo(path string, mode uint32) (err error)
+//sys	Mknod(path string, mode uint32, dev int) (err error)
+//sys	Mknodat(dirfd int, path string, mode uint32, dev int) (err error)
+//sys	Nanosleep(time *Timespec, leftover *Timespec) (err error)
+//sys   Open(path string, mode int, perm uint32) (fd int, err error) = open64
+//sys   Openat(dirfd int, path string, flags int, mode uint32) (fd int, err error)
+//sys	read(fd int, p []byte) (n int, err error)
+//sys	Readlink(path string, buf []byte) (n int, err error)
+//sys	Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error)
+//sys	Setdomainname(p []byte) (err error)
+//sys	Sethostname(p []byte) (err error)
+//sysnb	Setpgid(pid int, pgid int) (err error)
+//sysnb	Setsid() (pid int, err error)
+//sysnb	Settimeofday(tv *Timeval) (err error)
+
+//sys	Setuid(uid int) (err error)
+//sys	Setgid(uid int) (err error)
+
+//sys	Setpriority(which int, who int, prio int) (err error)
+//sys	Statx(dirfd int, path string, flags int, mask int, stat *Statx_t) (err error)
+//sys	Sync()
+//sysnb	Times(tms *Tms) (ticks uintptr, err error)
+//sysnb	Umask(mask int) (oldmask int)
+//sysnb	Uname(buf *Utsname) (err error)
+//sys   Unlink(path string) (err error)
+//sys   Unlinkat(dirfd int, path string, flags int) (err error)
+//sys	Ustat(dev int, ubuf *Ustat_t) (err error)
+//sys	write(fd int, p []byte) (n int, err error)
+//sys	readlen(fd int, p *byte, np int) (n int, err error) = read
+//sys	writelen(fd int, p *byte, np int) (n int, err error) = write
+
+//sys	Dup2(oldfd int, newfd int) (err error)
+//sys	Fadvise(fd int, offset int64, length int64, advice int) (err error) = posix_fadvise64
+//sys	Fchown(fd int, uid int, gid int) (err error)
+//sys	fstat(fd int, stat *Stat_t) (err error)
+//sys	fstatat(dirfd int, path string, stat *Stat_t, flags int) (err error) = fstatat
+//sys	Fstatfs(fd int, buf *Statfs_t) (err error)
+//sys	Ftruncate(fd int, length int64) (err error)
+//sysnb	Getegid() (egid int)
+//sysnb	Geteuid() (euid int)
+//sysnb	Getgid() (gid int)
+//sysnb	Getuid() (uid int)
+//sys	Lchown(path string, uid int, gid int) (err error)
+//sys	Listen(s int, n int) (err error)
+//sys	lstat(path string, stat *Stat_t) (err error)
+//sys	Pause() (err error)
+//sys	Pread(fd int, p []byte, offset int64) (n int, err error) = pread64
+//sys	Pwrite(fd int, p []byte, offset int64) (n int, err error) = pwrite64
+//sys	Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error)
+//sys	Pselect(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timespec, sigmask *Sigset_t) (n int, err error)
+//sysnb	Setregid(rgid int, egid int) (err error)
+//sysnb	Setreuid(ruid int, euid int) (err error)
+//sys	Shutdown(fd int, how int) (err error)
+//sys	Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error)
+//sys	stat(path string, statptr *Stat_t) (err error)
+//sys	Statfs(path string, buf *Statfs_t) (err error)
+//sys	Truncate(path string, length int64) (err error)
+
+//sys	bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error)
+//sys	connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error)
+//sysnb	getgroups(n int, list *_Gid_t) (nn int, err error)
+//sysnb	setgroups(n int, list *_Gid_t) (err error)
+//sys	getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error)
+//sys	setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error)
+//sysnb	socket(domain int, typ int, proto int) (fd int, err error)
+//sysnb	socketpair(domain int, typ int, proto int, fd *[2]int32) (err error)
+//sysnb	getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error)
+//sysnb	getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error)
+//sys	recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error)
+//sys	sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error)
+
+// In order to use msghdr structure with Control, Controllen, nrecvmsg and nsendmsg must be used.
+//sys	recvmsg(s int, msg *Msghdr, flags int) (n int, err error) = nrecvmsg
+//sys	sendmsg(s int, msg *Msghdr, flags int) (n int, err error) = nsendmsg
+
+//sys	munmap(addr uintptr, length uintptr) (err error)
+
+var mapper = &mmapper{
+	active: make(map[*byte][]byte),
+	mmap:   mmap,
+	munmap: munmap,
+}
+
+func Mmap(fd int, offset int64, length int, prot int, flags int) (data []byte, err error) {
+	return mapper.Mmap(fd, offset, length, prot, flags)
+}
+
+func Munmap(b []byte) (err error) {
+	return mapper.Munmap(b)
+}
+
+//sys	Madvise(b []byte, advice int) (err error)
+//sys	Mprotect(b []byte, prot int) (err error)
+//sys	Mlock(b []byte) (err error)
+//sys	Mlockall(flags int) (err error)
+//sys	Msync(b []byte, flags int) (err error)
+//sys	Munlock(b []byte) (err error)
+//sys	Munlockall() (err error)
+
+//sysnb pipe(p *[2]_C_int) (err error)
+
+func Pipe(p []int) (err error) {
+	if len(p) != 2 {
+		return EINVAL
+	}
+	var pp [2]_C_int
+	err = pipe(&pp)
+	p[0] = int(pp[0])
+	p[1] = int(pp[1])
+	return
+}
+
+//sys	poll(fds *PollFd, nfds int, timeout int) (n int, err error)
+
+func Poll(fds []PollFd, timeout int) (n int, err error) {
+	if len(fds) == 0 {
+		return poll(nil, 0, timeout)
+	}
+	return poll(&fds[0], len(fds), timeout)
+}
+
+//sys	gettimeofday(tv *Timeval, tzp *Timezone) (err error)
+//sysnb	Time(t *Time_t) (tt Time_t, err error)
+//sys	Utime(path string, buf *Utimbuf) (err error)
+
+//sys	Getsystemcfg(label int) (n uint64)
+
+//sys	umount(target string) (err error)
+func Unmount(target string, flags int) (err error) {
+	if flags != 0 {
+		// AIX doesn't have any flags for umount.
+		return ENOSYS
+	}
+	return umount(target)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go
new file mode 100644
index 000000000..b3c8e3301
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go
@@ -0,0 +1,54 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build aix
+// +build ppc
+
+package unix
+
+//sysnb	Getrlimit(resource int, rlim *Rlimit) (err error) = getrlimit64
+//sysnb	Setrlimit(resource int, rlim *Rlimit) (err error) = setrlimit64
+//sys	Seek(fd int, offset int64, whence int) (off int64, err error) = lseek64
+
+//sys	mmap(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (xaddr uintptr, err error)
+
+func setTimespec(sec, nsec int64) Timespec {
+	return Timespec{Sec: int32(sec), Nsec: int32(nsec)}
+}
+
+func setTimeval(sec, usec int64) Timeval {
+	return Timeval{Sec: int32(sec), Usec: int32(usec)}
+}
+
+func (iov *Iovec) SetLen(length int) {
+	iov.Len = uint32(length)
+}
+
+func (msghdr *Msghdr) SetControllen(length int) {
+	msghdr.Controllen = uint32(length)
+}
+
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = int32(length)
+}
+
+func (cmsg *Cmsghdr) SetLen(length int) {
+	cmsg.Len = uint32(length)
+}
+
+func Fstat(fd int, stat *Stat_t) error {
+	return fstat(fd, stat)
+}
+
+func Fstatat(dirfd int, path string, stat *Stat_t, flags int) error {
+	return fstatat(dirfd, path, stat, flags)
+}
+
+func Lstat(path string, stat *Stat_t) error {
+	return lstat(path, stat)
+}
+
+func Stat(path string, statptr *Stat_t) error {
+	return stat(path, statptr)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go
new file mode 100644
index 000000000..9a6e02417
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go
@@ -0,0 +1,85 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build aix
+// +build ppc64
+
+package unix
+
+//sysnb	Getrlimit(resource int, rlim *Rlimit) (err error)
+//sysnb	Setrlimit(resource int, rlim *Rlimit) (err error)
+//sys	Seek(fd int, offset int64, whence int) (off int64, err error) = lseek
+
+//sys	mmap(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (xaddr uintptr, err error) = mmap64
+
+func setTimespec(sec, nsec int64) Timespec {
+	return Timespec{Sec: sec, Nsec: nsec}
+}
+
+func setTimeval(sec, usec int64) Timeval {
+	return Timeval{Sec: int64(sec), Usec: int32(usec)}
+}
+
+func (iov *Iovec) SetLen(length int) {
+	iov.Len = uint64(length)
+}
+
+func (msghdr *Msghdr) SetControllen(length int) {
+	msghdr.Controllen = uint32(length)
+}
+
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = int32(length)
+}
+
+func (cmsg *Cmsghdr) SetLen(length int) {
+	cmsg.Len = uint32(length)
+}
+
+// In order to only have Timespec structure, type of Stat_t's fields
+// Atim, Mtim and Ctim is changed from StTimespec to Timespec during
+// ztypes generation.
+// On ppc64, Timespec.Nsec is an int64 while StTimespec.Nsec is an
+// int32, so the fields' value must be modified.
+func fixStatTimFields(stat *Stat_t) {
+	stat.Atim.Nsec >>= 32
+	stat.Mtim.Nsec >>= 32
+	stat.Ctim.Nsec >>= 32
+}
+
+func Fstat(fd int, stat *Stat_t) error {
+	err := fstat(fd, stat)
+	if err != nil {
+		return err
+	}
+	fixStatTimFields(stat)
+	return nil
+}
+
+func Fstatat(dirfd int, path string, stat *Stat_t, flags int) error {
+	err := fstatat(dirfd, path, stat, flags)
+	if err != nil {
+		return err
+	}
+	fixStatTimFields(stat)
+	return nil
+}
+
+func Lstat(path string, stat *Stat_t) error {
+	err := lstat(path, stat)
+	if err != nil {
+		return err
+	}
+	fixStatTimFields(stat)
+	return nil
+}
+
+func Stat(path string, statptr *Stat_t) error {
+	err := stat(path, statptr)
+	if err != nil {
+		return err
+	}
+	fixStatTimFields(statptr)
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_bsd.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_bsd.go
new file mode 100644
index 000000000..123536a02
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_bsd.go
@@ -0,0 +1,663 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build darwin dragonfly freebsd netbsd openbsd
+
+// BSD system call wrappers shared by *BSD based systems
+// including OS X (Darwin) and FreeBSD.  Like the other
+// syscall_*.go files it is compiled as Go code but also
+// used as input to mksyscall which parses the //sys
+// lines and generates system call stubs.
+
+package unix
+
+import (
+	"runtime"
+	"syscall"
+	"unsafe"
+)
+
+const ImplementsGetwd = true
+
+func Getwd() (string, error) {
+	var buf [PathMax]byte
+	_, err := Getcwd(buf[0:])
+	if err != nil {
+		return "", err
+	}
+	n := clen(buf[:])
+	if n < 1 {
+		return "", EINVAL
+	}
+	return string(buf[:n]), nil
+}
+
+/*
+ * Wrapped
+ */
+
+//sysnb	getgroups(ngid int, gid *_Gid_t) (n int, err error)
+//sysnb	setgroups(ngid int, gid *_Gid_t) (err error)
+
+func Getgroups() (gids []int, err error) {
+	n, err := getgroups(0, nil)
+	if err != nil {
+		return nil, err
+	}
+	if n == 0 {
+		return nil, nil
+	}
+
+	// Sanity check group count. Max is 16 on BSD.
+	if n < 0 || n > 1000 {
+		return nil, EINVAL
+	}
+
+	a := make([]_Gid_t, n)
+	n, err = getgroups(n, &a[0])
+	if err != nil {
+		return nil, err
+	}
+	gids = make([]int, n)
+	for i, v := range a[0:n] {
+		gids[i] = int(v)
+	}
+	return
+}
+
+func Setgroups(gids []int) (err error) {
+	if len(gids) == 0 {
+		return setgroups(0, nil)
+	}
+
+	a := make([]_Gid_t, len(gids))
+	for i, v := range gids {
+		a[i] = _Gid_t(v)
+	}
+	return setgroups(len(a), &a[0])
+}
+
+// Wait status is 7 bits at bottom, either 0 (exited),
+// 0x7F (stopped), or a signal number that caused an exit.
+// The 0x80 bit is whether there was a core dump.
+// An extra number (exit code, signal causing a stop)
+// is in the high bits.
+
+type WaitStatus uint32
+
+const (
+	mask  = 0x7F
+	core  = 0x80
+	shift = 8
+
+	exited  = 0
+	killed  = 9
+	stopped = 0x7F
+)
+
+func (w WaitStatus) Exited() bool { return w&mask == exited }
+
+func (w WaitStatus) ExitStatus() int {
+	if w&mask != exited {
+		return -1
+	}
+	return int(w >> shift)
+}
+
+func (w WaitStatus) Signaled() bool { return w&mask != stopped && w&mask != 0 }
+
+func (w WaitStatus) Signal() syscall.Signal {
+	sig := syscall.Signal(w & mask)
+	if sig == stopped || sig == 0 {
+		return -1
+	}
+	return sig
+}
+
+func (w WaitStatus) CoreDump() bool { return w.Signaled() && w&core != 0 }
+
+func (w WaitStatus) Stopped() bool { return w&mask == stopped && syscall.Signal(w>>shift) != SIGSTOP }
+
+func (w WaitStatus) Killed() bool { return w&mask == killed && syscall.Signal(w>>shift) != SIGKILL }
+
+func (w WaitStatus) Continued() bool { return w&mask == stopped && syscall.Signal(w>>shift) == SIGSTOP }
+
+func (w WaitStatus) StopSignal() syscall.Signal {
+	if !w.Stopped() {
+		return -1
+	}
+	return syscall.Signal(w>>shift) & 0xFF
+}
+
+func (w WaitStatus) TrapCause() int { return -1 }
+
+//sys	wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error)
+
+func Wait4(pid int, wstatus *WaitStatus, options int, rusage *Rusage) (wpid int, err error) {
+	var status _C_int
+	wpid, err = wait4(pid, &status, options, rusage)
+	if wstatus != nil {
+		*wstatus = WaitStatus(status)
+	}
+	return
+}
+
+//sys	accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error)
+//sys	bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error)
+//sys	connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error)
+//sysnb	socket(domain int, typ int, proto int) (fd int, err error)
+//sys	getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error)
+//sys	setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error)
+//sysnb	getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error)
+//sysnb	getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error)
+//sys	Shutdown(s int, how int) (err error)
+
+func (sa *SockaddrInet4) sockaddr() (unsafe.Pointer, _Socklen, error) {
+	if sa.Port < 0 || sa.Port > 0xFFFF {
+		return nil, 0, EINVAL
+	}
+	sa.raw.Len = SizeofSockaddrInet4
+	sa.raw.Family = AF_INET
+	p := (*[2]byte)(unsafe.Pointer(&sa.raw.Port))
+	p[0] = byte(sa.Port >> 8)
+	p[1] = byte(sa.Port)
+	for i := 0; i < len(sa.Addr); i++ {
+		sa.raw.Addr[i] = sa.Addr[i]
+	}
+	return unsafe.Pointer(&sa.raw), _Socklen(sa.raw.Len), nil
+}
+
+func (sa *SockaddrInet6) sockaddr() (unsafe.Pointer, _Socklen, error) {
+	if sa.Port < 0 || sa.Port > 0xFFFF {
+		return nil, 0, EINVAL
+	}
+	sa.raw.Len = SizeofSockaddrInet6
+	sa.raw.Family = AF_INET6
+	p := (*[2]byte)(unsafe.Pointer(&sa.raw.Port))
+	p[0] = byte(sa.Port >> 8)
+	p[1] = byte(sa.Port)
+	sa.raw.Scope_id = sa.ZoneId
+	for i := 0; i < len(sa.Addr); i++ {
+		sa.raw.Addr[i] = sa.Addr[i]
+	}
+	return unsafe.Pointer(&sa.raw), _Socklen(sa.raw.Len), nil
+}
+
+func (sa *SockaddrUnix) sockaddr() (unsafe.Pointer, _Socklen, error) {
+	name := sa.Name
+	n := len(name)
+	if n >= len(sa.raw.Path) || n == 0 {
+		return nil, 0, EINVAL
+	}
+	sa.raw.Len = byte(3 + n) // 2 for Family, Len; 1 for NUL
+	sa.raw.Family = AF_UNIX
+	for i := 0; i < n; i++ {
+		sa.raw.Path[i] = int8(name[i])
+	}
+	return unsafe.Pointer(&sa.raw), _Socklen(sa.raw.Len), nil
+}
+
+func (sa *SockaddrDatalink) sockaddr() (unsafe.Pointer, _Socklen, error) {
+	if sa.Index == 0 {
+		return nil, 0, EINVAL
+	}
+	sa.raw.Len = sa.Len
+	sa.raw.Family = AF_LINK
+	sa.raw.Index = sa.Index
+	sa.raw.Type = sa.Type
+	sa.raw.Nlen = sa.Nlen
+	sa.raw.Alen = sa.Alen
+	sa.raw.Slen = sa.Slen
+	for i := 0; i < len(sa.raw.Data); i++ {
+		sa.raw.Data[i] = sa.Data[i]
+	}
+	return unsafe.Pointer(&sa.raw), SizeofSockaddrDatalink, nil
+}
+
+func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) {
+	switch rsa.Addr.Family {
+	case AF_LINK:
+		pp := (*RawSockaddrDatalink)(unsafe.Pointer(rsa))
+		sa := new(SockaddrDatalink)
+		sa.Len = pp.Len
+		sa.Family = pp.Family
+		sa.Index = pp.Index
+		sa.Type = pp.Type
+		sa.Nlen = pp.Nlen
+		sa.Alen = pp.Alen
+		sa.Slen = pp.Slen
+		for i := 0; i < len(sa.Data); i++ {
+			sa.Data[i] = pp.Data[i]
+		}
+		return sa, nil
+
+	case AF_UNIX:
+		pp := (*RawSockaddrUnix)(unsafe.Pointer(rsa))
+		if pp.Len < 2 || pp.Len > SizeofSockaddrUnix {
+			return nil, EINVAL
+		}
+		sa := new(SockaddrUnix)
+
+		// Some BSDs include the trailing NUL in the length, whereas
+		// others do not. Work around this by subtracting the leading
+		// family and len. The path is then scanned to see if a NUL
+		// terminator still exists within the length.
+		n := int(pp.Len) - 2 // subtract leading Family, Len
+		for i := 0; i < n; i++ {
+			if pp.Path[i] == 0 {
+				// found early NUL; assume Len included the NUL
+				// or was overestimating.
+				n = i
+				break
+			}
+		}
+		bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n]
+		sa.Name = string(bytes)
+		return sa, nil
+
+	case AF_INET:
+		pp := (*RawSockaddrInet4)(unsafe.Pointer(rsa))
+		sa := new(SockaddrInet4)
+		p := (*[2]byte)(unsafe.Pointer(&pp.Port))
+		sa.Port = int(p[0])<<8 + int(p[1])
+		for i := 0; i < len(sa.Addr); i++ {
+			sa.Addr[i] = pp.Addr[i]
+		}
+		return sa, nil
+
+	case AF_INET6:
+		pp := (*RawSockaddrInet6)(unsafe.Pointer(rsa))
+		sa := new(SockaddrInet6)
+		p := (*[2]byte)(unsafe.Pointer(&pp.Port))
+		sa.Port = int(p[0])<<8 + int(p[1])
+		sa.ZoneId = pp.Scope_id
+		for i := 0; i < len(sa.Addr); i++ {
+			sa.Addr[i] = pp.Addr[i]
+		}
+		return sa, nil
+	}
+	return nil, EAFNOSUPPORT
+}
+
+func Accept(fd int) (nfd int, sa Sockaddr, err error) {
+	var rsa RawSockaddrAny
+	var len _Socklen = SizeofSockaddrAny
+	nfd, err = accept(fd, &rsa, &len)
+	if err != nil {
+		return
+	}
+	if (runtime.GOOS == "darwin" || runtime.GOOS == "ios") && len == 0 {
+		// Accepted socket has no address.
+		// This is likely due to a bug in xnu kernels,
+		// where instead of ECONNABORTED error socket
+		// is accepted, but has no address.
+		Close(nfd)
+		return 0, nil, ECONNABORTED
+	}
+	sa, err = anyToSockaddr(fd, &rsa)
+	if err != nil {
+		Close(nfd)
+		nfd = 0
+	}
+	return
+}
+
+func Getsockname(fd int) (sa Sockaddr, err error) {
+	var rsa RawSockaddrAny
+	var len _Socklen = SizeofSockaddrAny
+	if err = getsockname(fd, &rsa, &len); err != nil {
+		return
+	}
+	// TODO(jsing): DragonFly has a "bug" (see issue 3349), which should be
+	// reported upstream.
+	if runtime.GOOS == "dragonfly" && rsa.Addr.Family == AF_UNSPEC && rsa.Addr.Len == 0 {
+		rsa.Addr.Family = AF_UNIX
+		rsa.Addr.Len = SizeofSockaddrUnix
+	}
+	return anyToSockaddr(fd, &rsa)
+}
+
+//sysnb socketpair(domain int, typ int, proto int, fd *[2]int32) (err error)
+
+// GetsockoptString returns the string value of the socket option opt for the
+// socket associated with fd at the given socket level.
+func GetsockoptString(fd, level, opt int) (string, error) {
+	buf := make([]byte, 256)
+	vallen := _Socklen(len(buf))
+	err := getsockopt(fd, level, opt, unsafe.Pointer(&buf[0]), &vallen)
+	if err != nil {
+		return "", err
+	}
+	return string(buf[:vallen-1]), nil
+}
+
+//sys   recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error)
+//sys   sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error)
+//sys	recvmsg(s int, msg *Msghdr, flags int) (n int, err error)
+
+func Recvmsg(fd int, p, oob []byte, flags int) (n, oobn int, recvflags int, from Sockaddr, err error) {
+	var msg Msghdr
+	var rsa RawSockaddrAny
+	msg.Name = (*byte)(unsafe.Pointer(&rsa))
+	msg.Namelen = uint32(SizeofSockaddrAny)
+	var iov Iovec
+	if len(p) > 0 {
+		iov.Base = (*byte)(unsafe.Pointer(&p[0]))
+		iov.SetLen(len(p))
+	}
+	var dummy byte
+	if len(oob) > 0 {
+		// receive at least one normal byte
+		if len(p) == 0 {
+			iov.Base = &dummy
+			iov.SetLen(1)
+		}
+		msg.Control = (*byte)(unsafe.Pointer(&oob[0]))
+		msg.SetControllen(len(oob))
+	}
+	msg.Iov = &iov
+	msg.Iovlen = 1
+	if n, err = recvmsg(fd, &msg, flags); err != nil {
+		return
+	}
+	oobn = int(msg.Controllen)
+	recvflags = int(msg.Flags)
+	// source address is only specified if the socket is unconnected
+	if rsa.Addr.Family != AF_UNSPEC {
+		from, err = anyToSockaddr(fd, &rsa)
+	}
+	return
+}
+
+//sys	sendmsg(s int, msg *Msghdr, flags int) (n int, err error)
+
+func Sendmsg(fd int, p, oob []byte, to Sockaddr, flags int) (err error) {
+	_, err = SendmsgN(fd, p, oob, to, flags)
+	return
+}
+
+func SendmsgN(fd int, p, oob []byte, to Sockaddr, flags int) (n int, err error) {
+	var ptr unsafe.Pointer
+	var salen _Socklen
+	if to != nil {
+		ptr, salen, err = to.sockaddr()
+		if err != nil {
+			return 0, err
+		}
+	}
+	var msg Msghdr
+	msg.Name = (*byte)(unsafe.Pointer(ptr))
+	msg.Namelen = uint32(salen)
+	var iov Iovec
+	if len(p) > 0 {
+		iov.Base = (*byte)(unsafe.Pointer(&p[0]))
+		iov.SetLen(len(p))
+	}
+	var dummy byte
+	if len(oob) > 0 {
+		// send at least one normal byte
+		if len(p) == 0 {
+			iov.Base = &dummy
+			iov.SetLen(1)
+		}
+		msg.Control = (*byte)(unsafe.Pointer(&oob[0]))
+		msg.SetControllen(len(oob))
+	}
+	msg.Iov = &iov
+	msg.Iovlen = 1
+	if n, err = sendmsg(fd, &msg, flags); err != nil {
+		return 0, err
+	}
+	if len(oob) > 0 && len(p) == 0 {
+		n = 0
+	}
+	return n, nil
+}
+
+//sys	kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, nevent int, timeout *Timespec) (n int, err error)
+
+func Kevent(kq int, changes, events []Kevent_t, timeout *Timespec) (n int, err error) {
+	var change, event unsafe.Pointer
+	if len(changes) > 0 {
+		change = unsafe.Pointer(&changes[0])
+	}
+	if len(events) > 0 {
+		event = unsafe.Pointer(&events[0])
+	}
+	return kevent(kq, change, len(changes), event, len(events), timeout)
+}
+
+// sysctlmib translates name to mib number and appends any additional args.
+func sysctlmib(name string, args ...int) ([]_C_int, error) {
+	// Translate name to mib number.
+	mib, err := nametomib(name)
+	if err != nil {
+		return nil, err
+	}
+
+	for _, a := range args {
+		mib = append(mib, _C_int(a))
+	}
+
+	return mib, nil
+}
+
+func Sysctl(name string) (string, error) {
+	return SysctlArgs(name)
+}
+
+func SysctlArgs(name string, args ...int) (string, error) {
+	buf, err := SysctlRaw(name, args...)
+	if err != nil {
+		return "", err
+	}
+	n := len(buf)
+
+	// Throw away terminating NUL.
+	if n > 0 && buf[n-1] == '\x00' {
+		n--
+	}
+	return string(buf[0:n]), nil
+}
+
+func SysctlUint32(name string) (uint32, error) {
+	return SysctlUint32Args(name)
+}
+
+func SysctlUint32Args(name string, args ...int) (uint32, error) {
+	mib, err := sysctlmib(name, args...)
+	if err != nil {
+		return 0, err
+	}
+
+	n := uintptr(4)
+	buf := make([]byte, 4)
+	if err := sysctl(mib, &buf[0], &n, nil, 0); err != nil {
+		return 0, err
+	}
+	if n != 4 {
+		return 0, EIO
+	}
+	return *(*uint32)(unsafe.Pointer(&buf[0])), nil
+}
+
+func SysctlUint64(name string, args ...int) (uint64, error) {
+	mib, err := sysctlmib(name, args...)
+	if err != nil {
+		return 0, err
+	}
+
+	n := uintptr(8)
+	buf := make([]byte, 8)
+	if err := sysctl(mib, &buf[0], &n, nil, 0); err != nil {
+		return 0, err
+	}
+	if n != 8 {
+		return 0, EIO
+	}
+	return *(*uint64)(unsafe.Pointer(&buf[0])), nil
+}
+
+func SysctlRaw(name string, args ...int) ([]byte, error) {
+	mib, err := sysctlmib(name, args...)
+	if err != nil {
+		return nil, err
+	}
+
+	// Find size.
+	n := uintptr(0)
+	if err := sysctl(mib, nil, &n, nil, 0); err != nil {
+		return nil, err
+	}
+	if n == 0 {
+		return nil, nil
+	}
+
+	// Read into buffer of that size.
+	buf := make([]byte, n)
+	if err := sysctl(mib, &buf[0], &n, nil, 0); err != nil {
+		return nil, err
+	}
+
+	// The actual call may return less than the original reported required
+	// size so ensure we deal with that.
+	return buf[:n], nil
+}
+
+func SysctlClockinfo(name string) (*Clockinfo, error) {
+	mib, err := sysctlmib(name)
+	if err != nil {
+		return nil, err
+	}
+
+	n := uintptr(SizeofClockinfo)
+	var ci Clockinfo
+	if err := sysctl(mib, (*byte)(unsafe.Pointer(&ci)), &n, nil, 0); err != nil {
+		return nil, err
+	}
+	if n != SizeofClockinfo {
+		return nil, EIO
+	}
+	return &ci, nil
+}
+
+func SysctlTimeval(name string) (*Timeval, error) {
+	mib, err := sysctlmib(name)
+	if err != nil {
+		return nil, err
+	}
+
+	var tv Timeval
+	n := uintptr(unsafe.Sizeof(tv))
+	if err := sysctl(mib, (*byte)(unsafe.Pointer(&tv)), &n, nil, 0); err != nil {
+		return nil, err
+	}
+	if n != unsafe.Sizeof(tv) {
+		return nil, EIO
+	}
+	return &tv, nil
+}
+
+//sys	utimes(path string, timeval *[2]Timeval) (err error)
+
+func Utimes(path string, tv []Timeval) error {
+	if tv == nil {
+		return utimes(path, nil)
+	}
+	if len(tv) != 2 {
+		return EINVAL
+	}
+	return utimes(path, (*[2]Timeval)(unsafe.Pointer(&tv[0])))
+}
+
+func UtimesNano(path string, ts []Timespec) error {
+	if ts == nil {
+		err := utimensat(AT_FDCWD, path, nil, 0)
+		if err != ENOSYS {
+			return err
+		}
+		return utimes(path, nil)
+	}
+	if len(ts) != 2 {
+		return EINVAL
+	}
+	// Darwin setattrlist can set nanosecond timestamps
+	err := setattrlistTimes(path, ts, 0)
+	if err != ENOSYS {
+		return err
+	}
+	err = utimensat(AT_FDCWD, path, (*[2]Timespec)(unsafe.Pointer(&ts[0])), 0)
+	if err != ENOSYS {
+		return err
+	}
+	// Not as efficient as it could be because Timespec and
+	// Timeval have different types in the different OSes
+	tv := [2]Timeval{
+		NsecToTimeval(TimespecToNsec(ts[0])),
+		NsecToTimeval(TimespecToNsec(ts[1])),
+	}
+	return utimes(path, (*[2]Timeval)(unsafe.Pointer(&tv[0])))
+}
+
+func UtimesNanoAt(dirfd int, path string, ts []Timespec, flags int) error {
+	if ts == nil {
+		return utimensat(dirfd, path, nil, flags)
+	}
+	if len(ts) != 2 {
+		return EINVAL
+	}
+	err := setattrlistTimes(path, ts, flags)
+	if err != ENOSYS {
+		return err
+	}
+	return utimensat(dirfd, path, (*[2]Timespec)(unsafe.Pointer(&ts[0])), flags)
+}
+
+//sys	futimes(fd int, timeval *[2]Timeval) (err error)
+
+func Futimes(fd int, tv []Timeval) error {
+	if tv == nil {
+		return futimes(fd, nil)
+	}
+	if len(tv) != 2 {
+		return EINVAL
+	}
+	return futimes(fd, (*[2]Timeval)(unsafe.Pointer(&tv[0])))
+}
+
+//sys   poll(fds *PollFd, nfds int, timeout int) (n int, err error)
+
+func Poll(fds []PollFd, timeout int) (n int, err error) {
+	if len(fds) == 0 {
+		return poll(nil, 0, timeout)
+	}
+	return poll(&fds[0], len(fds), timeout)
+}
+
+// TODO: wrap
+//	Acct(name nil-string) (err error)
+//	Gethostuuid(uuid *byte, timeout *Timespec) (err error)
+//	Ptrace(req int, pid int, addr uintptr, data int) (ret uintptr, err error)
+
+var mapper = &mmapper{
+	active: make(map[*byte][]byte),
+	mmap:   mmap,
+	munmap: munmap,
+}
+
+func Mmap(fd int, offset int64, length int, prot int, flags int) (data []byte, err error) {
+	return mapper.Mmap(fd, offset, length, prot, flags)
+}
+
+func Munmap(b []byte) (err error) {
+	return mapper.Munmap(b)
+}
+
+//sys	Madvise(b []byte, behav int) (err error)
+//sys	Mlock(b []byte) (err error)
+//sys	Mlockall(flags int) (err error)
+//sys	Mprotect(b []byte, prot int) (err error)
+//sys	Msync(b []byte, flags int) (err error)
+//sys	Munlock(b []byte) (err error)
+//sys	Munlockall() (err error)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_darwin.1_12.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_darwin.1_12.go
new file mode 100644
index 000000000..b31ef0358
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_darwin.1_12.go
@@ -0,0 +1,31 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build darwin,go1.12,!go1.13
+
+package unix
+
+import (
+	"unsafe"
+)
+
+const _SYS_GETDIRENTRIES64 = 344
+
+func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
+	// To implement this using libSystem we'd need syscall_syscallPtr for
+	// fdopendir. However, syscallPtr was only added in Go 1.13, so we fall
+	// back to raw syscalls for this func on Go 1.12.
+	var p unsafe.Pointer
+	if len(buf) > 0 {
+		p = unsafe.Pointer(&buf[0])
+	} else {
+		p = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(_SYS_GETDIRENTRIES64, uintptr(fd), uintptr(p), uintptr(len(buf)), uintptr(unsafe.Pointer(basep)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		return n, errnoErr(e1)
+	}
+	return n, nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_darwin.1_13.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_darwin.1_13.go
new file mode 100644
index 000000000..dc0befee3
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_darwin.1_13.go
@@ -0,0 +1,108 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build darwin,go1.13
+
+package unix
+
+import (
+	"unsafe"
+
+	"golang.org/x/sys/internal/unsafeheader"
+)
+
+//sys	closedir(dir uintptr) (err error)
+//sys	readdir_r(dir uintptr, entry *Dirent, result **Dirent) (res Errno)
+
+func fdopendir(fd int) (dir uintptr, err error) {
+	r0, _, e1 := syscall_syscallPtr(funcPC(libc_fdopendir_trampoline), uintptr(fd), 0, 0)
+	dir = uintptr(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fdopendir_trampoline()
+
+//go:linkname libc_fdopendir libc_fdopendir
+//go:cgo_import_dynamic libc_fdopendir fdopendir "/usr/lib/libSystem.B.dylib"
+
+func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
+	// Simulate Getdirentries using fdopendir/readdir_r/closedir.
+	// We store the number of entries to skip in the seek
+	// offset of fd. See issue #31368.
+	// It's not the full required semantics, but should handle the case
+	// of calling Getdirentries or ReadDirent repeatedly.
+	// It won't handle assigning the results of lseek to *basep, or handle
+	// the directory being edited underfoot.
+	skip, err := Seek(fd, 0, 1 /* SEEK_CUR */)
+	if err != nil {
+		return 0, err
+	}
+
+	// We need to duplicate the incoming file descriptor
+	// because the caller expects to retain control of it, but
+	// fdopendir expects to take control of its argument.
+	// Just Dup'ing the file descriptor is not enough, as the
+	// result shares underlying state. Use Openat to make a really
+	// new file descriptor referring to the same directory.
+	fd2, err := Openat(fd, ".", O_RDONLY, 0)
+	if err != nil {
+		return 0, err
+	}
+	d, err := fdopendir(fd2)
+	if err != nil {
+		Close(fd2)
+		return 0, err
+	}
+	defer closedir(d)
+
+	var cnt int64
+	for {
+		var entry Dirent
+		var entryp *Dirent
+		e := readdir_r(d, &entry, &entryp)
+		if e != 0 {
+			return n, errnoErr(e)
+		}
+		if entryp == nil {
+			break
+		}
+		if skip > 0 {
+			skip--
+			cnt++
+			continue
+		}
+
+		reclen := int(entry.Reclen)
+		if reclen > len(buf) {
+			// Not enough room. Return for now.
+			// The counter will let us know where we should start up again.
+			// Note: this strategy for suspending in the middle and
+			// restarting is O(n^2) in the length of the directory. Oh well.
+			break
+		}
+
+		// Copy entry into return buffer.
+		var s []byte
+		hdr := (*unsafeheader.Slice)(unsafe.Pointer(&s))
+		hdr.Data = unsafe.Pointer(&entry)
+		hdr.Cap = reclen
+		hdr.Len = reclen
+		copy(buf, s)
+
+		buf = buf[reclen:]
+		n += reclen
+		cnt++
+	}
+	// Set the seek offset of the input fd to record
+	// how many files we've already returned.
+	_, err = Seek(fd, cnt, 0 /* SEEK_SET */)
+	if err != nil {
+		return n, err
+	}
+
+	return n, nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_darwin.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_darwin.go
new file mode 100644
index 000000000..21b8092cd
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_darwin.go
@@ -0,0 +1,605 @@
+// Copyright 2009,2010 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Darwin system calls.
+// This file is compiled as ordinary Go code,
+// but it is also input to mksyscall,
+// which parses the //sys lines and generates system call stubs.
+// Note that sometimes we use a lowercase //sys name and wrap
+// it in our own nicer implementation, either here or in
+// syscall_bsd.go or syscall_unix.go.
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+// SockaddrDatalink implements the Sockaddr interface for AF_LINK type sockets.
+type SockaddrDatalink struct {
+	Len    uint8
+	Family uint8
+	Index  uint16
+	Type   uint8
+	Nlen   uint8
+	Alen   uint8
+	Slen   uint8
+	Data   [12]int8
+	raw    RawSockaddrDatalink
+}
+
+// Some external packages rely on SYS___SYSCTL being defined to implement their
+// own sysctl wrappers. Provide it here, even though direct syscalls are no
+// longer supported on darwin.
+const SYS___SYSCTL = 202
+
+// Translate "kern.hostname" to []_C_int{0,1,2,3}.
+func nametomib(name string) (mib []_C_int, err error) {
+	const siz = unsafe.Sizeof(mib[0])
+
+	// NOTE(rsc): It seems strange to set the buffer to have
+	// size CTL_MAXNAME+2 but use only CTL_MAXNAME
+	// as the size. I don't know why the +2 is here, but the
+	// kernel uses +2 for its own implementation of this function.
+	// I am scared that if we don't include the +2 here, the kernel
+	// will silently write 2 words farther than we specify
+	// and we'll get memory corruption.
+	var buf [CTL_MAXNAME + 2]_C_int
+	n := uintptr(CTL_MAXNAME) * siz
+
+	p := (*byte)(unsafe.Pointer(&buf[0]))
+	bytes, err := ByteSliceFromString(name)
+	if err != nil {
+		return nil, err
+	}
+
+	// Magic sysctl: "setting" 0.3 to a string name
+	// lets you read back the array of integers form.
+	if err = sysctl([]_C_int{0, 3}, p, &n, &bytes[0], uintptr(len(name))); err != nil {
+		return nil, err
+	}
+	return buf[0 : n/siz], nil
+}
+
+func direntIno(buf []byte) (uint64, bool) {
+	return readInt(buf, unsafe.Offsetof(Dirent{}.Ino), unsafe.Sizeof(Dirent{}.Ino))
+}
+
+func direntReclen(buf []byte) (uint64, bool) {
+	return readInt(buf, unsafe.Offsetof(Dirent{}.Reclen), unsafe.Sizeof(Dirent{}.Reclen))
+}
+
+func direntNamlen(buf []byte) (uint64, bool) {
+	return readInt(buf, unsafe.Offsetof(Dirent{}.Namlen), unsafe.Sizeof(Dirent{}.Namlen))
+}
+
+func PtraceAttach(pid int) (err error) { return ptrace(PT_ATTACH, pid, 0, 0) }
+func PtraceDetach(pid int) (err error) { return ptrace(PT_DETACH, pid, 0, 0) }
+
+type attrList struct {
+	bitmapCount uint16
+	_           uint16
+	CommonAttr  uint32
+	VolAttr     uint32
+	DirAttr     uint32
+	FileAttr    uint32
+	Forkattr    uint32
+}
+
+//sysnb pipe() (r int, w int, err error)
+
+func Pipe(p []int) (err error) {
+	if len(p) != 2 {
+		return EINVAL
+	}
+	p[0], p[1], err = pipe()
+	return
+}
+
+func Getfsstat(buf []Statfs_t, flags int) (n int, err error) {
+	var _p0 unsafe.Pointer
+	var bufsize uintptr
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+		bufsize = unsafe.Sizeof(Statfs_t{}) * uintptr(len(buf))
+	}
+	return getfsstat(_p0, bufsize, flags)
+}
+
+func xattrPointer(dest []byte) *byte {
+	// It's only when dest is set to NULL that the OS X implementations of
+	// getxattr() and listxattr() return the current sizes of the named attributes.
+	// An empty byte array is not sufficient. To maintain the same behaviour as the
+	// linux implementation, we wrap around the system calls and pass in NULL when
+	// dest is empty.
+	var destp *byte
+	if len(dest) > 0 {
+		destp = &dest[0]
+	}
+	return destp
+}
+
+//sys	getxattr(path string, attr string, dest *byte, size int, position uint32, options int) (sz int, err error)
+
+func Getxattr(path string, attr string, dest []byte) (sz int, err error) {
+	return getxattr(path, attr, xattrPointer(dest), len(dest), 0, 0)
+}
+
+func Lgetxattr(link string, attr string, dest []byte) (sz int, err error) {
+	return getxattr(link, attr, xattrPointer(dest), len(dest), 0, XATTR_NOFOLLOW)
+}
+
+//sys	fgetxattr(fd int, attr string, dest *byte, size int, position uint32, options int) (sz int, err error)
+
+func Fgetxattr(fd int, attr string, dest []byte) (sz int, err error) {
+	return fgetxattr(fd, attr, xattrPointer(dest), len(dest), 0, 0)
+}
+
+//sys	setxattr(path string, attr string, data *byte, size int, position uint32, options int) (err error)
+
+func Setxattr(path string, attr string, data []byte, flags int) (err error) {
+	// The parameters for the OS X implementation vary slightly compared to the
+	// linux system call, specifically the position parameter:
+	//
+	//  linux:
+	//      int setxattr(
+	//          const char *path,
+	//          const char *name,
+	//          const void *value,
+	//          size_t size,
+	//          int flags
+	//      );
+	//
+	//  darwin:
+	//      int setxattr(
+	//          const char *path,
+	//          const char *name,
+	//          void *value,
+	//          size_t size,
+	//          u_int32_t position,
+	//          int options
+	//      );
+	//
+	// position specifies the offset within the extended attribute. In the
+	// current implementation, only the resource fork extended attribute makes
+	// use of this argument. For all others, position is reserved. We simply
+	// default to setting it to zero.
+	return setxattr(path, attr, xattrPointer(data), len(data), 0, flags)
+}
+
+func Lsetxattr(link string, attr string, data []byte, flags int) (err error) {
+	return setxattr(link, attr, xattrPointer(data), len(data), 0, flags|XATTR_NOFOLLOW)
+}
+
+//sys	fsetxattr(fd int, attr string, data *byte, size int, position uint32, options int) (err error)
+
+func Fsetxattr(fd int, attr string, data []byte, flags int) (err error) {
+	return fsetxattr(fd, attr, xattrPointer(data), len(data), 0, 0)
+}
+
+//sys	removexattr(path string, attr string, options int) (err error)
+
+func Removexattr(path string, attr string) (err error) {
+	// We wrap around and explicitly zero out the options provided to the OS X
+	// implementation of removexattr, we do so for interoperability with the
+	// linux variant.
+	return removexattr(path, attr, 0)
+}
+
+func Lremovexattr(link string, attr string) (err error) {
+	return removexattr(link, attr, XATTR_NOFOLLOW)
+}
+
+//sys	fremovexattr(fd int, attr string, options int) (err error)
+
+func Fremovexattr(fd int, attr string) (err error) {
+	return fremovexattr(fd, attr, 0)
+}
+
+//sys	listxattr(path string, dest *byte, size int, options int) (sz int, err error)
+
+func Listxattr(path string, dest []byte) (sz int, err error) {
+	return listxattr(path, xattrPointer(dest), len(dest), 0)
+}
+
+func Llistxattr(link string, dest []byte) (sz int, err error) {
+	return listxattr(link, xattrPointer(dest), len(dest), XATTR_NOFOLLOW)
+}
+
+//sys	flistxattr(fd int, dest *byte, size int, options int) (sz int, err error)
+
+func Flistxattr(fd int, dest []byte) (sz int, err error) {
+	return flistxattr(fd, xattrPointer(dest), len(dest), 0)
+}
+
+func setattrlistTimes(path string, times []Timespec, flags int) error {
+	_p0, err := BytePtrFromString(path)
+	if err != nil {
+		return err
+	}
+
+	var attrList attrList
+	attrList.bitmapCount = ATTR_BIT_MAP_COUNT
+	attrList.CommonAttr = ATTR_CMN_MODTIME | ATTR_CMN_ACCTIME
+
+	// order is mtime, atime: the opposite of Chtimes
+	attributes := [2]Timespec{times[1], times[0]}
+	options := 0
+	if flags&AT_SYMLINK_NOFOLLOW != 0 {
+		options |= FSOPT_NOFOLLOW
+	}
+	return setattrlist(
+		_p0,
+		unsafe.Pointer(&attrList),
+		unsafe.Pointer(&attributes),
+		unsafe.Sizeof(attributes),
+		options)
+}
+
+//sys setattrlist(path *byte, list unsafe.Pointer, buf unsafe.Pointer, size uintptr, options int) (err error)
+
+func utimensat(dirfd int, path string, times *[2]Timespec, flags int) error {
+	// Darwin doesn't support SYS_UTIMENSAT
+	return ENOSYS
+}
+
+/*
+ * Wrapped
+ */
+
+//sys	fcntl(fd int, cmd int, arg int) (val int, err error)
+
+//sys	kill(pid int, signum int, posix int) (err error)
+
+func Kill(pid int, signum syscall.Signal) (err error) { return kill(pid, int(signum), 1) }
+
+//sys	ioctl(fd int, req uint, arg uintptr) (err error)
+
+//sys   sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS_SYSCTL
+
+func Uname(uname *Utsname) error {
+	mib := []_C_int{CTL_KERN, KERN_OSTYPE}
+	n := unsafe.Sizeof(uname.Sysname)
+	if err := sysctl(mib, &uname.Sysname[0], &n, nil, 0); err != nil {
+		return err
+	}
+
+	mib = []_C_int{CTL_KERN, KERN_HOSTNAME}
+	n = unsafe.Sizeof(uname.Nodename)
+	if err := sysctl(mib, &uname.Nodename[0], &n, nil, 0); err != nil {
+		return err
+	}
+
+	mib = []_C_int{CTL_KERN, KERN_OSRELEASE}
+	n = unsafe.Sizeof(uname.Release)
+	if err := sysctl(mib, &uname.Release[0], &n, nil, 0); err != nil {
+		return err
+	}
+
+	mib = []_C_int{CTL_KERN, KERN_VERSION}
+	n = unsafe.Sizeof(uname.Version)
+	if err := sysctl(mib, &uname.Version[0], &n, nil, 0); err != nil {
+		return err
+	}
+
+	// The version might have newlines or tabs in it, convert them to
+	// spaces.
+	for i, b := range uname.Version {
+		if b == '\n' || b == '\t' {
+			if i == len(uname.Version)-1 {
+				uname.Version[i] = 0
+			} else {
+				uname.Version[i] = ' '
+			}
+		}
+	}
+
+	mib = []_C_int{CTL_HW, HW_MACHINE}
+	n = unsafe.Sizeof(uname.Machine)
+	if err := sysctl(mib, &uname.Machine[0], &n, nil, 0); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
+	if raceenabled {
+		raceReleaseMerge(unsafe.Pointer(&ioSync))
+	}
+	var length = int64(count)
+	err = sendfile(infd, outfd, *offset, &length, nil, 0)
+	written = int(length)
+	return
+}
+
+//sys	sendfile(infd int, outfd int, offset int64, len *int64, hdtr unsafe.Pointer, flags int) (err error)
+
+/*
+ * Exposed directly
+ */
+//sys	Access(path string, mode uint32) (err error)
+//sys	Adjtime(delta *Timeval, olddelta *Timeval) (err error)
+//sys	Chdir(path string) (err error)
+//sys	Chflags(path string, flags int) (err error)
+//sys	Chmod(path string, mode uint32) (err error)
+//sys	Chown(path string, uid int, gid int) (err error)
+//sys	Chroot(path string) (err error)
+//sys	ClockGettime(clockid int32, time *Timespec) (err error)
+//sys	Close(fd int) (err error)
+//sys	Clonefile(src string, dst string, flags int) (err error)
+//sys	Clonefileat(srcDirfd int, src string, dstDirfd int, dst string, flags int) (err error)
+//sys	Dup(fd int) (nfd int, err error)
+//sys	Dup2(from int, to int) (err error)
+//sys	Exchangedata(path1 string, path2 string, options int) (err error)
+//sys	Exit(code int)
+//sys	Faccessat(dirfd int, path string, mode uint32, flags int) (err error)
+//sys	Fchdir(fd int) (err error)
+//sys	Fchflags(fd int, flags int) (err error)
+//sys	Fchmod(fd int, mode uint32) (err error)
+//sys	Fchmodat(dirfd int, path string, mode uint32, flags int) (err error)
+//sys	Fchown(fd int, uid int, gid int) (err error)
+//sys	Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error)
+//sys	Fclonefileat(srcDirfd int, dstDirfd int, dst string, flags int) (err error)
+//sys	Flock(fd int, how int) (err error)
+//sys	Fpathconf(fd int, name int) (val int, err error)
+//sys	Fsync(fd int) (err error)
+//sys	Ftruncate(fd int, length int64) (err error)
+//sys	Getcwd(buf []byte) (n int, err error)
+//sys	Getdtablesize() (size int)
+//sysnb	Getegid() (egid int)
+//sysnb	Geteuid() (uid int)
+//sysnb	Getgid() (gid int)
+//sysnb	Getpgid(pid int) (pgid int, err error)
+//sysnb	Getpgrp() (pgrp int)
+//sysnb	Getpid() (pid int)
+//sysnb	Getppid() (ppid int)
+//sys	Getpriority(which int, who int) (prio int, err error)
+//sysnb	Getrlimit(which int, lim *Rlimit) (err error)
+//sysnb	Getrusage(who int, rusage *Rusage) (err error)
+//sysnb	Getsid(pid int) (sid int, err error)
+//sysnb	Gettimeofday(tp *Timeval) (err error)
+//sysnb	Getuid() (uid int)
+//sysnb	Issetugid() (tainted bool)
+//sys	Kqueue() (fd int, err error)
+//sys	Lchown(path string, uid int, gid int) (err error)
+//sys	Link(path string, link string) (err error)
+//sys	Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error)
+//sys	Listen(s int, backlog int) (err error)
+//sys	Mkdir(path string, mode uint32) (err error)
+//sys	Mkdirat(dirfd int, path string, mode uint32) (err error)
+//sys	Mkfifo(path string, mode uint32) (err error)
+//sys	Mknod(path string, mode uint32, dev int) (err error)
+//sys	Open(path string, mode int, perm uint32) (fd int, err error)
+//sys	Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error)
+//sys	Pathconf(path string, name int) (val int, err error)
+//sys	Pread(fd int, p []byte, offset int64) (n int, err error)
+//sys	Pwrite(fd int, p []byte, offset int64) (n int, err error)
+//sys	read(fd int, p []byte) (n int, err error)
+//sys	Readlink(path string, buf []byte) (n int, err error)
+//sys	Readlinkat(dirfd int, path string, buf []byte) (n int, err error)
+//sys	Rename(from string, to string) (err error)
+//sys	Renameat(fromfd int, from string, tofd int, to string) (err error)
+//sys	Revoke(path string) (err error)
+//sys	Rmdir(path string) (err error)
+//sys	Seek(fd int, offset int64, whence int) (newoffset int64, err error) = SYS_LSEEK
+//sys	Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error)
+//sys	Setegid(egid int) (err error)
+//sysnb	Seteuid(euid int) (err error)
+//sysnb	Setgid(gid int) (err error)
+//sys	Setlogin(name string) (err error)
+//sysnb	Setpgid(pid int, pgid int) (err error)
+//sys	Setpriority(which int, who int, prio int) (err error)
+//sys	Setprivexec(flag int) (err error)
+//sysnb	Setregid(rgid int, egid int) (err error)
+//sysnb	Setreuid(ruid int, euid int) (err error)
+//sysnb	Setrlimit(which int, lim *Rlimit) (err error)
+//sysnb	Setsid() (pid int, err error)
+//sysnb	Settimeofday(tp *Timeval) (err error)
+//sysnb	Setuid(uid int) (err error)
+//sys	Symlink(path string, link string) (err error)
+//sys	Symlinkat(oldpath string, newdirfd int, newpath string) (err error)
+//sys	Sync() (err error)
+//sys	Truncate(path string, length int64) (err error)
+//sys	Umask(newmask int) (oldmask int)
+//sys	Undelete(path string) (err error)
+//sys	Unlink(path string) (err error)
+//sys	Unlinkat(dirfd int, path string, flags int) (err error)
+//sys	Unmount(path string, flags int) (err error)
+//sys	write(fd int, p []byte) (n int, err error)
+//sys   mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error)
+//sys   munmap(addr uintptr, length uintptr) (err error)
+//sys	readlen(fd int, buf *byte, nbuf int) (n int, err error) = SYS_READ
+//sys	writelen(fd int, buf *byte, nbuf int) (n int, err error) = SYS_WRITE
+
+/*
+ * Unimplemented
+ */
+// Profil
+// Sigaction
+// Sigprocmask
+// Getlogin
+// Sigpending
+// Sigaltstack
+// Ioctl
+// Reboot
+// Execve
+// Vfork
+// Sbrk
+// Sstk
+// Ovadvise
+// Mincore
+// Setitimer
+// Swapon
+// Select
+// Sigsuspend
+// Readv
+// Writev
+// Nfssvc
+// Getfh
+// Quotactl
+// Mount
+// Csops
+// Waitid
+// Add_profil
+// Kdebug_trace
+// Sigreturn
+// Atsocket
+// Kqueue_from_portset_np
+// Kqueue_portset
+// Getattrlist
+// Setattrlist
+// Getdirentriesattr
+// Searchfs
+// Delete
+// Copyfile
+// Watchevent
+// Waitevent
+// Modwatch
+// Fsctl
+// Initgroups
+// Posix_spawn
+// Nfsclnt
+// Fhopen
+// Minherit
+// Semsys
+// Msgsys
+// Shmsys
+// Semctl
+// Semget
+// Semop
+// Msgctl
+// Msgget
+// Msgsnd
+// Msgrcv
+// Shmat
+// Shmctl
+// Shmdt
+// Shmget
+// Shm_open
+// Shm_unlink
+// Sem_open
+// Sem_close
+// Sem_unlink
+// Sem_wait
+// Sem_trywait
+// Sem_post
+// Sem_getvalue
+// Sem_init
+// Sem_destroy
+// Open_extended
+// Umask_extended
+// Stat_extended
+// Lstat_extended
+// Fstat_extended
+// Chmod_extended
+// Fchmod_extended
+// Access_extended
+// Settid
+// Gettid
+// Setsgroups
+// Getsgroups
+// Setwgroups
+// Getwgroups
+// Mkfifo_extended
+// Mkdir_extended
+// Identitysvc
+// Shared_region_check_np
+// Shared_region_map_np
+// __pthread_mutex_destroy
+// __pthread_mutex_init
+// __pthread_mutex_lock
+// __pthread_mutex_trylock
+// __pthread_mutex_unlock
+// __pthread_cond_init
+// __pthread_cond_destroy
+// __pthread_cond_broadcast
+// __pthread_cond_signal
+// Setsid_with_pid
+// __pthread_cond_timedwait
+// Aio_fsync
+// Aio_return
+// Aio_suspend
+// Aio_cancel
+// Aio_error
+// Aio_read
+// Aio_write
+// Lio_listio
+// __pthread_cond_wait
+// Iopolicysys
+// __pthread_kill
+// __pthread_sigmask
+// __sigwait
+// __disable_threadsignal
+// __pthread_markcancel
+// __pthread_canceled
+// __semwait_signal
+// Proc_info
+// sendfile
+// Stat64_extended
+// Lstat64_extended
+// Fstat64_extended
+// __pthread_chdir
+// __pthread_fchdir
+// Audit
+// Auditon
+// Getauid
+// Setauid
+// Getaudit
+// Setaudit
+// Getaudit_addr
+// Setaudit_addr
+// Auditctl
+// Bsdthread_create
+// Bsdthread_terminate
+// Stack_snapshot
+// Bsdthread_register
+// Workq_open
+// Workq_ops
+// __mac_execve
+// __mac_syscall
+// __mac_get_file
+// __mac_set_file
+// __mac_get_link
+// __mac_set_link
+// __mac_get_proc
+// __mac_set_proc
+// __mac_get_fd
+// __mac_set_fd
+// __mac_get_pid
+// __mac_get_lcid
+// __mac_get_lctx
+// __mac_set_lctx
+// Setlcid
+// Read_nocancel
+// Write_nocancel
+// Open_nocancel
+// Close_nocancel
+// Wait4_nocancel
+// Recvmsg_nocancel
+// Sendmsg_nocancel
+// Recvfrom_nocancel
+// Accept_nocancel
+// Fcntl_nocancel
+// Select_nocancel
+// Fsync_nocancel
+// Connect_nocancel
+// Sigsuspend_nocancel
+// Readv_nocancel
+// Writev_nocancel
+// Sendto_nocancel
+// Pread_nocancel
+// Pwrite_nocancel
+// Waitid_nocancel
+// Poll_nocancel
+// Msgsnd_nocancel
+// Msgrcv_nocancel
+// Sem_wait_nocancel
+// Aio_suspend_nocancel
+// __sigwait_nocancel
+// __semwait_signal_nocancel
+// __mac_mount
+// __mac_get_mount
+// __mac_getfsstat
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_darwin_386.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_darwin_386.go
new file mode 100644
index 000000000..ea0be1e92
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_darwin_386.go
@@ -0,0 +1,53 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build 386,darwin
+
+package unix
+
+import (
+	"syscall"
+)
+
+//sys   ptrace(request int, pid int, addr uintptr, data uintptr) (err error)
+
+func setTimespec(sec, nsec int64) Timespec {
+	return Timespec{Sec: int32(sec), Nsec: int32(nsec)}
+}
+
+func setTimeval(sec, usec int64) Timeval {
+	return Timeval{Sec: int32(sec), Usec: int32(usec)}
+}
+
+func SetKevent(k *Kevent_t, fd, mode, flags int) {
+	k.Ident = uint32(fd)
+	k.Filter = int16(mode)
+	k.Flags = uint16(flags)
+}
+
+func (iov *Iovec) SetLen(length int) {
+	iov.Len = uint32(length)
+}
+
+func (msghdr *Msghdr) SetControllen(length int) {
+	msghdr.Controllen = uint32(length)
+}
+
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = int32(length)
+}
+
+func (cmsg *Cmsghdr) SetLen(length int) {
+	cmsg.Len = uint32(length)
+}
+
+func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno)
+
+//sys	Fstat(fd int, stat *Stat_t) (err error) = SYS_FSTAT64
+//sys	Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) = SYS_FSTATAT64
+//sys	Fstatfs(fd int, stat *Statfs_t) (err error) = SYS_FSTATFS64
+//sys	getfsstat(buf unsafe.Pointer, size uintptr, flags int) (n int, err error) = SYS_GETFSSTAT64
+//sys	Lstat(path string, stat *Stat_t) (err error) = SYS_LSTAT64
+//sys	Stat(path string, stat *Stat_t) (err error) = SYS_STAT64
+//sys	Statfs(path string, stat *Statfs_t) (err error) = SYS_STATFS64
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go
new file mode 100644
index 000000000..586240448
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go
@@ -0,0 +1,53 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build amd64,darwin
+
+package unix
+
+import (
+	"syscall"
+)
+
+//sys   ptrace(request int, pid int, addr uintptr, data uintptr) (err error)
+
+func setTimespec(sec, nsec int64) Timespec {
+	return Timespec{Sec: sec, Nsec: nsec}
+}
+
+func setTimeval(sec, usec int64) Timeval {
+	return Timeval{Sec: sec, Usec: int32(usec)}
+}
+
+func SetKevent(k *Kevent_t, fd, mode, flags int) {
+	k.Ident = uint64(fd)
+	k.Filter = int16(mode)
+	k.Flags = uint16(flags)
+}
+
+func (iov *Iovec) SetLen(length int) {
+	iov.Len = uint64(length)
+}
+
+func (msghdr *Msghdr) SetControllen(length int) {
+	msghdr.Controllen = uint32(length)
+}
+
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = int32(length)
+}
+
+func (cmsg *Cmsghdr) SetLen(length int) {
+	cmsg.Len = uint32(length)
+}
+
+func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno)
+
+//sys	Fstat(fd int, stat *Stat_t) (err error) = SYS_FSTAT64
+//sys	Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) = SYS_FSTATAT64
+//sys	Fstatfs(fd int, stat *Statfs_t) (err error) = SYS_FSTATFS64
+//sys	getfsstat(buf unsafe.Pointer, size uintptr, flags int) (n int, err error) = SYS_GETFSSTAT64
+//sys	Lstat(path string, stat *Stat_t) (err error) = SYS_LSTAT64
+//sys	Stat(path string, stat *Stat_t) (err error) = SYS_STAT64
+//sys	Statfs(path string, stat *Statfs_t) (err error) = SYS_STATFS64
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_darwin_arm.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_darwin_arm.go
new file mode 100644
index 000000000..b8b314181
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_darwin_arm.go
@@ -0,0 +1,53 @@
+// Copyright 2015 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package unix
+
+import (
+	"syscall"
+)
+
+func ptrace(request int, pid int, addr uintptr, data uintptr) error {
+	return ENOTSUP
+}
+
+func setTimespec(sec, nsec int64) Timespec {
+	return Timespec{Sec: int32(sec), Nsec: int32(nsec)}
+}
+
+func setTimeval(sec, usec int64) Timeval {
+	return Timeval{Sec: int32(sec), Usec: int32(usec)}
+}
+
+func SetKevent(k *Kevent_t, fd, mode, flags int) {
+	k.Ident = uint32(fd)
+	k.Filter = int16(mode)
+	k.Flags = uint16(flags)
+}
+
+func (iov *Iovec) SetLen(length int) {
+	iov.Len = uint32(length)
+}
+
+func (msghdr *Msghdr) SetControllen(length int) {
+	msghdr.Controllen = uint32(length)
+}
+
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = int32(length)
+}
+
+func (cmsg *Cmsghdr) SetLen(length int) {
+	cmsg.Len = uint32(length)
+}
+
+func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno) // sic
+
+//sys	Fstat(fd int, stat *Stat_t) (err error)
+//sys	Fstatat(fd int, path string, stat *Stat_t, flags int) (err error)
+//sys	Fstatfs(fd int, stat *Statfs_t) (err error)
+//sys	getfsstat(buf unsafe.Pointer, size uintptr, flags int) (n int, err error) = SYS_GETFSSTAT
+//sys	Lstat(path string, stat *Stat_t) (err error)
+//sys	Stat(path string, stat *Stat_t) (err error)
+//sys	Statfs(path string, stat *Statfs_t) (err error)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go
new file mode 100644
index 000000000..674139837
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go
@@ -0,0 +1,55 @@
+// Copyright 2015 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build arm64,darwin
+
+package unix
+
+import (
+	"syscall"
+)
+
+func ptrace(request int, pid int, addr uintptr, data uintptr) error {
+	return ENOTSUP
+}
+
+func setTimespec(sec, nsec int64) Timespec {
+	return Timespec{Sec: sec, Nsec: nsec}
+}
+
+func setTimeval(sec, usec int64) Timeval {
+	return Timeval{Sec: sec, Usec: int32(usec)}
+}
+
+func SetKevent(k *Kevent_t, fd, mode, flags int) {
+	k.Ident = uint64(fd)
+	k.Filter = int16(mode)
+	k.Flags = uint16(flags)
+}
+
+func (iov *Iovec) SetLen(length int) {
+	iov.Len = uint64(length)
+}
+
+func (msghdr *Msghdr) SetControllen(length int) {
+	msghdr.Controllen = uint32(length)
+}
+
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = int32(length)
+}
+
+func (cmsg *Cmsghdr) SetLen(length int) {
+	cmsg.Len = uint32(length)
+}
+
+func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno) // sic
+
+//sys	Fstat(fd int, stat *Stat_t) (err error)
+//sys	Fstatat(fd int, path string, stat *Stat_t, flags int) (err error)
+//sys	Fstatfs(fd int, stat *Statfs_t) (err error)
+//sys	getfsstat(buf unsafe.Pointer, size uintptr, flags int) (n int, err error) = SYS_GETFSSTAT
+//sys	Lstat(path string, stat *Stat_t) (err error)
+//sys	Stat(path string, stat *Stat_t) (err error)
+//sys	Statfs(path string, stat *Statfs_t) (err error)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go
new file mode 100644
index 000000000..f34c86c89
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go
@@ -0,0 +1,33 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build darwin,go1.12
+
+package unix
+
+import "unsafe"
+
+// Implemented in the runtime package (runtime/sys_darwin.go)
+func syscall_syscall(fn, a1, a2, a3 uintptr) (r1, r2 uintptr, err Errno)
+func syscall_syscall6(fn, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err Errno)
+func syscall_syscall6X(fn, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err Errno)
+func syscall_syscall9(fn, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err Errno) // 32-bit only
+func syscall_rawSyscall(fn, a1, a2, a3 uintptr) (r1, r2 uintptr, err Errno)
+func syscall_rawSyscall6(fn, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err Errno)
+func syscall_syscallPtr(fn, a1, a2, a3 uintptr) (r1, r2 uintptr, err Errno)
+
+//go:linkname syscall_syscall syscall.syscall
+//go:linkname syscall_syscall6 syscall.syscall6
+//go:linkname syscall_syscall6X syscall.syscall6X
+//go:linkname syscall_syscall9 syscall.syscall9
+//go:linkname syscall_rawSyscall syscall.rawSyscall
+//go:linkname syscall_rawSyscall6 syscall.rawSyscall6
+//go:linkname syscall_syscallPtr syscall.syscallPtr
+
+// Find the entry point for f. See comments in runtime/proc.go for the
+// function of the same name.
+//go:nosplit
+func funcPC(f func()) uintptr {
+	return **(**uintptr)(unsafe.Pointer(&f))
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_dragonfly.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_dragonfly.go
new file mode 100644
index 000000000..bed7dcfec
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_dragonfly.go
@@ -0,0 +1,524 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// DragonFly BSD system calls.
+// This file is compiled as ordinary Go code,
+// but it is also input to mksyscall,
+// which parses the //sys lines and generates system call stubs.
+// Note that sometimes we use a lowercase //sys name and wrap
+// it in our own nicer implementation, either here or in
+// syscall_bsd.go or syscall_unix.go.
+
+package unix
+
+import (
+	"sync"
+	"unsafe"
+)
+
+// See version list in https://github.com/DragonFlyBSD/DragonFlyBSD/blob/master/sys/sys/param.h
+var (
+	osreldateOnce sync.Once
+	osreldate     uint32
+)
+
+// First __DragonFly_version after September 2019 ABI changes
+// http://lists.dragonflybsd.org/pipermail/users/2019-September/358280.html
+const _dragonflyABIChangeVersion = 500705
+
+func supportsABI(ver uint32) bool {
+	osreldateOnce.Do(func() { osreldate, _ = SysctlUint32("kern.osreldate") })
+	return osreldate >= ver
+}
+
+// SockaddrDatalink implements the Sockaddr interface for AF_LINK type sockets.
+type SockaddrDatalink struct {
+	Len    uint8
+	Family uint8
+	Index  uint16
+	Type   uint8
+	Nlen   uint8
+	Alen   uint8
+	Slen   uint8
+	Data   [12]int8
+	Rcf    uint16
+	Route  [16]uint16
+	raw    RawSockaddrDatalink
+}
+
+// Translate "kern.hostname" to []_C_int{0,1,2,3}.
+func nametomib(name string) (mib []_C_int, err error) {
+	const siz = unsafe.Sizeof(mib[0])
+
+	// NOTE(rsc): It seems strange to set the buffer to have
+	// size CTL_MAXNAME+2 but use only CTL_MAXNAME
+	// as the size. I don't know why the +2 is here, but the
+	// kernel uses +2 for its own implementation of this function.
+	// I am scared that if we don't include the +2 here, the kernel
+	// will silently write 2 words farther than we specify
+	// and we'll get memory corruption.
+	var buf [CTL_MAXNAME + 2]_C_int
+	n := uintptr(CTL_MAXNAME) * siz
+
+	p := (*byte)(unsafe.Pointer(&buf[0]))
+	bytes, err := ByteSliceFromString(name)
+	if err != nil {
+		return nil, err
+	}
+
+	// Magic sysctl: "setting" 0.3 to a string name
+	// lets you read back the array of integers form.
+	if err = sysctl([]_C_int{0, 3}, p, &n, &bytes[0], uintptr(len(name))); err != nil {
+		return nil, err
+	}
+	return buf[0 : n/siz], nil
+}
+
+func direntIno(buf []byte) (uint64, bool) {
+	return readInt(buf, unsafe.Offsetof(Dirent{}.Fileno), unsafe.Sizeof(Dirent{}.Fileno))
+}
+
+func direntReclen(buf []byte) (uint64, bool) {
+	namlen, ok := direntNamlen(buf)
+	if !ok {
+		return 0, false
+	}
+	return (16 + namlen + 1 + 7) &^ 7, true
+}
+
+func direntNamlen(buf []byte) (uint64, bool) {
+	return readInt(buf, unsafe.Offsetof(Dirent{}.Namlen), unsafe.Sizeof(Dirent{}.Namlen))
+}
+
+//sysnb pipe() (r int, w int, err error)
+
+func Pipe(p []int) (err error) {
+	if len(p) != 2 {
+		return EINVAL
+	}
+	p[0], p[1], err = pipe()
+	return
+}
+
+//sys	extpread(fd int, p []byte, flags int, offset int64) (n int, err error)
+func Pread(fd int, p []byte, offset int64) (n int, err error) {
+	return extpread(fd, p, 0, offset)
+}
+
+//sys	extpwrite(fd int, p []byte, flags int, offset int64) (n int, err error)
+func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
+	return extpwrite(fd, p, 0, offset)
+}
+
+func Accept4(fd, flags int) (nfd int, sa Sockaddr, err error) {
+	var rsa RawSockaddrAny
+	var len _Socklen = SizeofSockaddrAny
+	nfd, err = accept4(fd, &rsa, &len, flags)
+	if err != nil {
+		return
+	}
+	if len > SizeofSockaddrAny {
+		panic("RawSockaddrAny too small")
+	}
+	sa, err = anyToSockaddr(fd, &rsa)
+	if err != nil {
+		Close(nfd)
+		nfd = 0
+	}
+	return
+}
+
+//sys	Getcwd(buf []byte) (n int, err error) = SYS___GETCWD
+
+func Getfsstat(buf []Statfs_t, flags int) (n int, err error) {
+	var _p0 unsafe.Pointer
+	var bufsize uintptr
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+		bufsize = unsafe.Sizeof(Statfs_t{}) * uintptr(len(buf))
+	}
+	r0, _, e1 := Syscall(SYS_GETFSSTAT, uintptr(_p0), bufsize, uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+func setattrlistTimes(path string, times []Timespec, flags int) error {
+	// used on Darwin for UtimesNano
+	return ENOSYS
+}
+
+//sys	ioctl(fd int, req uint, arg uintptr) (err error)
+
+//sys   sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS___SYSCTL
+
+func sysctlUname(mib []_C_int, old *byte, oldlen *uintptr) error {
+	err := sysctl(mib, old, oldlen, nil, 0)
+	if err != nil {
+		// Utsname members on Dragonfly are only 32 bytes and
+		// the syscall returns ENOMEM in case the actual value
+		// is longer.
+		if err == ENOMEM {
+			err = nil
+		}
+	}
+	return err
+}
+
+func Uname(uname *Utsname) error {
+	mib := []_C_int{CTL_KERN, KERN_OSTYPE}
+	n := unsafe.Sizeof(uname.Sysname)
+	if err := sysctlUname(mib, &uname.Sysname[0], &n); err != nil {
+		return err
+	}
+	uname.Sysname[unsafe.Sizeof(uname.Sysname)-1] = 0
+
+	mib = []_C_int{CTL_KERN, KERN_HOSTNAME}
+	n = unsafe.Sizeof(uname.Nodename)
+	if err := sysctlUname(mib, &uname.Nodename[0], &n); err != nil {
+		return err
+	}
+	uname.Nodename[unsafe.Sizeof(uname.Nodename)-1] = 0
+
+	mib = []_C_int{CTL_KERN, KERN_OSRELEASE}
+	n = unsafe.Sizeof(uname.Release)
+	if err := sysctlUname(mib, &uname.Release[0], &n); err != nil {
+		return err
+	}
+	uname.Release[unsafe.Sizeof(uname.Release)-1] = 0
+
+	mib = []_C_int{CTL_KERN, KERN_VERSION}
+	n = unsafe.Sizeof(uname.Version)
+	if err := sysctlUname(mib, &uname.Version[0], &n); err != nil {
+		return err
+	}
+
+	// The version might have newlines or tabs in it, convert them to
+	// spaces.
+	for i, b := range uname.Version {
+		if b == '\n' || b == '\t' {
+			if i == len(uname.Version)-1 {
+				uname.Version[i] = 0
+			} else {
+				uname.Version[i] = ' '
+			}
+		}
+	}
+
+	mib = []_C_int{CTL_HW, HW_MACHINE}
+	n = unsafe.Sizeof(uname.Machine)
+	if err := sysctlUname(mib, &uname.Machine[0], &n); err != nil {
+		return err
+	}
+	uname.Machine[unsafe.Sizeof(uname.Machine)-1] = 0
+
+	return nil
+}
+
+func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
+	if raceenabled {
+		raceReleaseMerge(unsafe.Pointer(&ioSync))
+	}
+	return sendfile(outfd, infd, offset, count)
+}
+
+/*
+ * Exposed directly
+ */
+//sys	Access(path string, mode uint32) (err error)
+//sys	Adjtime(delta *Timeval, olddelta *Timeval) (err error)
+//sys	Chdir(path string) (err error)
+//sys	Chflags(path string, flags int) (err error)
+//sys	Chmod(path string, mode uint32) (err error)
+//sys	Chown(path string, uid int, gid int) (err error)
+//sys	Chroot(path string) (err error)
+//sys	Close(fd int) (err error)
+//sys	Dup(fd int) (nfd int, err error)
+//sys	Dup2(from int, to int) (err error)
+//sys	Exit(code int)
+//sys	Faccessat(dirfd int, path string, mode uint32, flags int) (err error)
+//sys	Fchdir(fd int) (err error)
+//sys	Fchflags(fd int, flags int) (err error)
+//sys	Fchmod(fd int, mode uint32) (err error)
+//sys	Fchmodat(dirfd int, path string, mode uint32, flags int) (err error)
+//sys	Fchown(fd int, uid int, gid int) (err error)
+//sys	Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error)
+//sys	Flock(fd int, how int) (err error)
+//sys	Fpathconf(fd int, name int) (val int, err error)
+//sys	Fstat(fd int, stat *Stat_t) (err error)
+//sys	Fstatat(fd int, path string, stat *Stat_t, flags int) (err error)
+//sys	Fstatfs(fd int, stat *Statfs_t) (err error)
+//sys	Fsync(fd int) (err error)
+//sys	Ftruncate(fd int, length int64) (err error)
+//sys	Getdents(fd int, buf []byte) (n int, err error)
+//sys	Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error)
+//sys	Getdtablesize() (size int)
+//sysnb	Getegid() (egid int)
+//sysnb	Geteuid() (uid int)
+//sysnb	Getgid() (gid int)
+//sysnb	Getpgid(pid int) (pgid int, err error)
+//sysnb	Getpgrp() (pgrp int)
+//sysnb	Getpid() (pid int)
+//sysnb	Getppid() (ppid int)
+//sys	Getpriority(which int, who int) (prio int, err error)
+//sysnb	Getrlimit(which int, lim *Rlimit) (err error)
+//sysnb	Getrusage(who int, rusage *Rusage) (err error)
+//sysnb	Getsid(pid int) (sid int, err error)
+//sysnb	Gettimeofday(tv *Timeval) (err error)
+//sysnb	Getuid() (uid int)
+//sys	Issetugid() (tainted bool)
+//sys	Kill(pid int, signum syscall.Signal) (err error)
+//sys	Kqueue() (fd int, err error)
+//sys	Lchown(path string, uid int, gid int) (err error)
+//sys	Link(path string, link string) (err error)
+//sys	Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error)
+//sys	Listen(s int, backlog int) (err error)
+//sys	Lstat(path string, stat *Stat_t) (err error)
+//sys	Mkdir(path string, mode uint32) (err error)
+//sys	Mkdirat(dirfd int, path string, mode uint32) (err error)
+//sys	Mkfifo(path string, mode uint32) (err error)
+//sys	Mknod(path string, mode uint32, dev int) (err error)
+//sys	Mknodat(fd int, path string, mode uint32, dev int) (err error)
+//sys	Nanosleep(time *Timespec, leftover *Timespec) (err error)
+//sys	Open(path string, mode int, perm uint32) (fd int, err error)
+//sys	Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error)
+//sys	Pathconf(path string, name int) (val int, err error)
+//sys	read(fd int, p []byte) (n int, err error)
+//sys	Readlink(path string, buf []byte) (n int, err error)
+//sys	Rename(from string, to string) (err error)
+//sys	Renameat(fromfd int, from string, tofd int, to string) (err error)
+//sys	Revoke(path string) (err error)
+//sys	Rmdir(path string) (err error)
+//sys	Seek(fd int, offset int64, whence int) (newoffset int64, err error) = SYS_LSEEK
+//sys	Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error)
+//sysnb	Setegid(egid int) (err error)
+//sysnb	Seteuid(euid int) (err error)
+//sysnb	Setgid(gid int) (err error)
+//sys	Setlogin(name string) (err error)
+//sysnb	Setpgid(pid int, pgid int) (err error)
+//sys	Setpriority(which int, who int, prio int) (err error)
+//sysnb	Setregid(rgid int, egid int) (err error)
+//sysnb	Setreuid(ruid int, euid int) (err error)
+//sysnb	Setresgid(rgid int, egid int, sgid int) (err error)
+//sysnb	Setresuid(ruid int, euid int, suid int) (err error)
+//sysnb	Setrlimit(which int, lim *Rlimit) (err error)
+//sysnb	Setsid() (pid int, err error)
+//sysnb	Settimeofday(tp *Timeval) (err error)
+//sysnb	Setuid(uid int) (err error)
+//sys	Stat(path string, stat *Stat_t) (err error)
+//sys	Statfs(path string, stat *Statfs_t) (err error)
+//sys	Symlink(path string, link string) (err error)
+//sys	Symlinkat(oldpath string, newdirfd int, newpath string) (err error)
+//sys	Sync() (err error)
+//sys	Truncate(path string, length int64) (err error)
+//sys	Umask(newmask int) (oldmask int)
+//sys	Undelete(path string) (err error)
+//sys	Unlink(path string) (err error)
+//sys	Unlinkat(dirfd int, path string, flags int) (err error)
+//sys	Unmount(path string, flags int) (err error)
+//sys	write(fd int, p []byte) (n int, err error)
+//sys   mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error)
+//sys   munmap(addr uintptr, length uintptr) (err error)
+//sys	readlen(fd int, buf *byte, nbuf int) (n int, err error) = SYS_READ
+//sys	writelen(fd int, buf *byte, nbuf int) (n int, err error) = SYS_WRITE
+//sys	accept4(fd int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (nfd int, err error)
+//sys	utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error)
+
+/*
+ * Unimplemented
+ * TODO(jsing): Update this list for DragonFly.
+ */
+// Profil
+// Sigaction
+// Sigprocmask
+// Getlogin
+// Sigpending
+// Sigaltstack
+// Reboot
+// Execve
+// Vfork
+// Sbrk
+// Sstk
+// Ovadvise
+// Mincore
+// Setitimer
+// Swapon
+// Select
+// Sigsuspend
+// Readv
+// Writev
+// Nfssvc
+// Getfh
+// Quotactl
+// Mount
+// Csops
+// Waitid
+// Add_profil
+// Kdebug_trace
+// Sigreturn
+// Atsocket
+// Kqueue_from_portset_np
+// Kqueue_portset
+// Getattrlist
+// Setattrlist
+// Getdirentriesattr
+// Searchfs
+// Delete
+// Copyfile
+// Watchevent
+// Waitevent
+// Modwatch
+// Getxattr
+// Fgetxattr
+// Setxattr
+// Fsetxattr
+// Removexattr
+// Fremovexattr
+// Listxattr
+// Flistxattr
+// Fsctl
+// Initgroups
+// Posix_spawn
+// Nfsclnt
+// Fhopen
+// Minherit
+// Semsys
+// Msgsys
+// Shmsys
+// Semctl
+// Semget
+// Semop
+// Msgctl
+// Msgget
+// Msgsnd
+// Msgrcv
+// Shmat
+// Shmctl
+// Shmdt
+// Shmget
+// Shm_open
+// Shm_unlink
+// Sem_open
+// Sem_close
+// Sem_unlink
+// Sem_wait
+// Sem_trywait
+// Sem_post
+// Sem_getvalue
+// Sem_init
+// Sem_destroy
+// Open_extended
+// Umask_extended
+// Stat_extended
+// Lstat_extended
+// Fstat_extended
+// Chmod_extended
+// Fchmod_extended
+// Access_extended
+// Settid
+// Gettid
+// Setsgroups
+// Getsgroups
+// Setwgroups
+// Getwgroups
+// Mkfifo_extended
+// Mkdir_extended
+// Identitysvc
+// Shared_region_check_np
+// Shared_region_map_np
+// __pthread_mutex_destroy
+// __pthread_mutex_init
+// __pthread_mutex_lock
+// __pthread_mutex_trylock
+// __pthread_mutex_unlock
+// __pthread_cond_init
+// __pthread_cond_destroy
+// __pthread_cond_broadcast
+// __pthread_cond_signal
+// Setsid_with_pid
+// __pthread_cond_timedwait
+// Aio_fsync
+// Aio_return
+// Aio_suspend
+// Aio_cancel
+// Aio_error
+// Aio_read
+// Aio_write
+// Lio_listio
+// __pthread_cond_wait
+// Iopolicysys
+// __pthread_kill
+// __pthread_sigmask
+// __sigwait
+// __disable_threadsignal
+// __pthread_markcancel
+// __pthread_canceled
+// __semwait_signal
+// Proc_info
+// Stat64_extended
+// Lstat64_extended
+// Fstat64_extended
+// __pthread_chdir
+// __pthread_fchdir
+// Audit
+// Auditon
+// Getauid
+// Setauid
+// Getaudit
+// Setaudit
+// Getaudit_addr
+// Setaudit_addr
+// Auditctl
+// Bsdthread_create
+// Bsdthread_terminate
+// Stack_snapshot
+// Bsdthread_register
+// Workq_open
+// Workq_ops
+// __mac_execve
+// __mac_syscall
+// __mac_get_file
+// __mac_set_file
+// __mac_get_link
+// __mac_set_link
+// __mac_get_proc
+// __mac_set_proc
+// __mac_get_fd
+// __mac_set_fd
+// __mac_get_pid
+// __mac_get_lcid
+// __mac_get_lctx
+// __mac_set_lctx
+// Setlcid
+// Read_nocancel
+// Write_nocancel
+// Open_nocancel
+// Close_nocancel
+// Wait4_nocancel
+// Recvmsg_nocancel
+// Sendmsg_nocancel
+// Recvfrom_nocancel
+// Accept_nocancel
+// Fcntl_nocancel
+// Select_nocancel
+// Fsync_nocancel
+// Connect_nocancel
+// Sigsuspend_nocancel
+// Readv_nocancel
+// Writev_nocancel
+// Sendto_nocancel
+// Pread_nocancel
+// Pwrite_nocancel
+// Waitid_nocancel
+// Msgsnd_nocancel
+// Msgrcv_nocancel
+// Sem_wait_nocancel
+// Aio_suspend_nocancel
+// __sigwait_nocancel
+// __semwait_signal_nocancel
+// __mac_mount
+// __mac_get_mount
+// __mac_getfsstat
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_dragonfly_amd64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_dragonfly_amd64.go
new file mode 100644
index 000000000..a6b4830ac
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_dragonfly_amd64.go
@@ -0,0 +1,56 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build amd64,dragonfly
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+func setTimespec(sec, nsec int64) Timespec {
+	return Timespec{Sec: sec, Nsec: nsec}
+}
+
+func setTimeval(sec, usec int64) Timeval {
+	return Timeval{Sec: sec, Usec: usec}
+}
+
+func SetKevent(k *Kevent_t, fd, mode, flags int) {
+	k.Ident = uint64(fd)
+	k.Filter = int16(mode)
+	k.Flags = uint16(flags)
+}
+
+func (iov *Iovec) SetLen(length int) {
+	iov.Len = uint64(length)
+}
+
+func (msghdr *Msghdr) SetControllen(length int) {
+	msghdr.Controllen = uint32(length)
+}
+
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = int32(length)
+}
+
+func (cmsg *Cmsghdr) SetLen(length int) {
+	cmsg.Len = uint32(length)
+}
+
+func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
+	var writtenOut uint64 = 0
+	_, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr(count), 0, uintptr(unsafe.Pointer(&writtenOut)), 0, 0, 0)
+
+	written = int(writtenOut)
+
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_freebsd.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_freebsd.go
new file mode 100644
index 000000000..f6db02aff
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_freebsd.go
@@ -0,0 +1,859 @@
+// Copyright 2009,2010 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// FreeBSD system calls.
+// This file is compiled as ordinary Go code,
+// but it is also input to mksyscall,
+// which parses the //sys lines and generates system call stubs.
+// Note that sometimes we use a lowercase //sys name and wrap
+// it in our own nicer implementation, either here or in
+// syscall_bsd.go or syscall_unix.go.
+
+package unix
+
+import (
+	"sync"
+	"unsafe"
+)
+
+const (
+	SYS_FSTAT_FREEBSD12         = 551 // { int fstat(int fd, _Out_ struct stat *sb); }
+	SYS_FSTATAT_FREEBSD12       = 552 // { int fstatat(int fd, _In_z_ char *path, \
+	SYS_GETDIRENTRIES_FREEBSD12 = 554 // { ssize_t getdirentries(int fd, \
+	SYS_STATFS_FREEBSD12        = 555 // { int statfs(_In_z_ char *path, \
+	SYS_FSTATFS_FREEBSD12       = 556 // { int fstatfs(int fd, \
+	SYS_GETFSSTAT_FREEBSD12     = 557 // { int getfsstat( \
+	SYS_MKNODAT_FREEBSD12       = 559 // { int mknodat(int fd, _In_z_ char *path, \
+)
+
+// See https://www.freebsd.org/doc/en_US.ISO8859-1/books/porters-handbook/versions.html.
+var (
+	osreldateOnce sync.Once
+	osreldate     uint32
+)
+
+// INO64_FIRST from /usr/src/lib/libc/sys/compat-ino64.h
+const _ino64First = 1200031
+
+func supportsABI(ver uint32) bool {
+	osreldateOnce.Do(func() { osreldate, _ = SysctlUint32("kern.osreldate") })
+	return osreldate >= ver
+}
+
+// SockaddrDatalink implements the Sockaddr interface for AF_LINK type sockets.
+type SockaddrDatalink struct {
+	Len    uint8
+	Family uint8
+	Index  uint16
+	Type   uint8
+	Nlen   uint8
+	Alen   uint8
+	Slen   uint8
+	Data   [46]int8
+	raw    RawSockaddrDatalink
+}
+
+// Translate "kern.hostname" to []_C_int{0,1,2,3}.
+func nametomib(name string) (mib []_C_int, err error) {
+	const siz = unsafe.Sizeof(mib[0])
+
+	// NOTE(rsc): It seems strange to set the buffer to have
+	// size CTL_MAXNAME+2 but use only CTL_MAXNAME
+	// as the size. I don't know why the +2 is here, but the
+	// kernel uses +2 for its own implementation of this function.
+	// I am scared that if we don't include the +2 here, the kernel
+	// will silently write 2 words farther than we specify
+	// and we'll get memory corruption.
+	var buf [CTL_MAXNAME + 2]_C_int
+	n := uintptr(CTL_MAXNAME) * siz
+
+	p := (*byte)(unsafe.Pointer(&buf[0]))
+	bytes, err := ByteSliceFromString(name)
+	if err != nil {
+		return nil, err
+	}
+
+	// Magic sysctl: "setting" 0.3 to a string name
+	// lets you read back the array of integers form.
+	if err = sysctl([]_C_int{0, 3}, p, &n, &bytes[0], uintptr(len(name))); err != nil {
+		return nil, err
+	}
+	return buf[0 : n/siz], nil
+}
+
+func direntIno(buf []byte) (uint64, bool) {
+	return readInt(buf, unsafe.Offsetof(Dirent{}.Fileno), unsafe.Sizeof(Dirent{}.Fileno))
+}
+
+func direntReclen(buf []byte) (uint64, bool) {
+	return readInt(buf, unsafe.Offsetof(Dirent{}.Reclen), unsafe.Sizeof(Dirent{}.Reclen))
+}
+
+func direntNamlen(buf []byte) (uint64, bool) {
+	return readInt(buf, unsafe.Offsetof(Dirent{}.Namlen), unsafe.Sizeof(Dirent{}.Namlen))
+}
+
+func Pipe(p []int) (err error) {
+	return Pipe2(p, 0)
+}
+
+//sysnb	pipe2(p *[2]_C_int, flags int) (err error)
+
+func Pipe2(p []int, flags int) error {
+	if len(p) != 2 {
+		return EINVAL
+	}
+	var pp [2]_C_int
+	err := pipe2(&pp, flags)
+	p[0] = int(pp[0])
+	p[1] = int(pp[1])
+	return err
+}
+
+func GetsockoptIPMreqn(fd, level, opt int) (*IPMreqn, error) {
+	var value IPMreqn
+	vallen := _Socklen(SizeofIPMreqn)
+	errno := getsockopt(fd, level, opt, unsafe.Pointer(&value), &vallen)
+	return &value, errno
+}
+
+func SetsockoptIPMreqn(fd, level, opt int, mreq *IPMreqn) (err error) {
+	return setsockopt(fd, level, opt, unsafe.Pointer(mreq), unsafe.Sizeof(*mreq))
+}
+
+func Accept4(fd, flags int) (nfd int, sa Sockaddr, err error) {
+	var rsa RawSockaddrAny
+	var len _Socklen = SizeofSockaddrAny
+	nfd, err = accept4(fd, &rsa, &len, flags)
+	if err != nil {
+		return
+	}
+	if len > SizeofSockaddrAny {
+		panic("RawSockaddrAny too small")
+	}
+	sa, err = anyToSockaddr(fd, &rsa)
+	if err != nil {
+		Close(nfd)
+		nfd = 0
+	}
+	return
+}
+
+//sys	Getcwd(buf []byte) (n int, err error) = SYS___GETCWD
+
+func Getfsstat(buf []Statfs_t, flags int) (n int, err error) {
+	var (
+		_p0          unsafe.Pointer
+		bufsize      uintptr
+		oldBuf       []statfs_freebsd11_t
+		needsConvert bool
+	)
+
+	if len(buf) > 0 {
+		if supportsABI(_ino64First) {
+			_p0 = unsafe.Pointer(&buf[0])
+			bufsize = unsafe.Sizeof(Statfs_t{}) * uintptr(len(buf))
+		} else {
+			n := len(buf)
+			oldBuf = make([]statfs_freebsd11_t, n)
+			_p0 = unsafe.Pointer(&oldBuf[0])
+			bufsize = unsafe.Sizeof(statfs_freebsd11_t{}) * uintptr(n)
+			needsConvert = true
+		}
+	}
+	var sysno uintptr = SYS_GETFSSTAT
+	if supportsABI(_ino64First) {
+		sysno = SYS_GETFSSTAT_FREEBSD12
+	}
+	r0, _, e1 := Syscall(sysno, uintptr(_p0), bufsize, uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	if e1 == 0 && needsConvert {
+		for i := range oldBuf {
+			buf[i].convertFrom(&oldBuf[i])
+		}
+	}
+	return
+}
+
+func setattrlistTimes(path string, times []Timespec, flags int) error {
+	// used on Darwin for UtimesNano
+	return ENOSYS
+}
+
+//sys   ioctl(fd int, req uint, arg uintptr) (err error)
+
+//sys   sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS___SYSCTL
+
+func Uname(uname *Utsname) error {
+	mib := []_C_int{CTL_KERN, KERN_OSTYPE}
+	n := unsafe.Sizeof(uname.Sysname)
+	if err := sysctl(mib, &uname.Sysname[0], &n, nil, 0); err != nil {
+		return err
+	}
+
+	mib = []_C_int{CTL_KERN, KERN_HOSTNAME}
+	n = unsafe.Sizeof(uname.Nodename)
+	if err := sysctl(mib, &uname.Nodename[0], &n, nil, 0); err != nil {
+		return err
+	}
+
+	mib = []_C_int{CTL_KERN, KERN_OSRELEASE}
+	n = unsafe.Sizeof(uname.Release)
+	if err := sysctl(mib, &uname.Release[0], &n, nil, 0); err != nil {
+		return err
+	}
+
+	mib = []_C_int{CTL_KERN, KERN_VERSION}
+	n = unsafe.Sizeof(uname.Version)
+	if err := sysctl(mib, &uname.Version[0], &n, nil, 0); err != nil {
+		return err
+	}
+
+	// The version might have newlines or tabs in it, convert them to
+	// spaces.
+	for i, b := range uname.Version {
+		if b == '\n' || b == '\t' {
+			if i == len(uname.Version)-1 {
+				uname.Version[i] = 0
+			} else {
+				uname.Version[i] = ' '
+			}
+		}
+	}
+
+	mib = []_C_int{CTL_HW, HW_MACHINE}
+	n = unsafe.Sizeof(uname.Machine)
+	if err := sysctl(mib, &uname.Machine[0], &n, nil, 0); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func Stat(path string, st *Stat_t) (err error) {
+	var oldStat stat_freebsd11_t
+	if supportsABI(_ino64First) {
+		return fstatat_freebsd12(AT_FDCWD, path, st, 0)
+	}
+	err = stat(path, &oldStat)
+	if err != nil {
+		return err
+	}
+
+	st.convertFrom(&oldStat)
+	return nil
+}
+
+func Lstat(path string, st *Stat_t) (err error) {
+	var oldStat stat_freebsd11_t
+	if supportsABI(_ino64First) {
+		return fstatat_freebsd12(AT_FDCWD, path, st, AT_SYMLINK_NOFOLLOW)
+	}
+	err = lstat(path, &oldStat)
+	if err != nil {
+		return err
+	}
+
+	st.convertFrom(&oldStat)
+	return nil
+}
+
+func Fstat(fd int, st *Stat_t) (err error) {
+	var oldStat stat_freebsd11_t
+	if supportsABI(_ino64First) {
+		return fstat_freebsd12(fd, st)
+	}
+	err = fstat(fd, &oldStat)
+	if err != nil {
+		return err
+	}
+
+	st.convertFrom(&oldStat)
+	return nil
+}
+
+func Fstatat(fd int, path string, st *Stat_t, flags int) (err error) {
+	var oldStat stat_freebsd11_t
+	if supportsABI(_ino64First) {
+		return fstatat_freebsd12(fd, path, st, flags)
+	}
+	err = fstatat(fd, path, &oldStat, flags)
+	if err != nil {
+		return err
+	}
+
+	st.convertFrom(&oldStat)
+	return nil
+}
+
+func Statfs(path string, st *Statfs_t) (err error) {
+	var oldStatfs statfs_freebsd11_t
+	if supportsABI(_ino64First) {
+		return statfs_freebsd12(path, st)
+	}
+	err = statfs(path, &oldStatfs)
+	if err != nil {
+		return err
+	}
+
+	st.convertFrom(&oldStatfs)
+	return nil
+}
+
+func Fstatfs(fd int, st *Statfs_t) (err error) {
+	var oldStatfs statfs_freebsd11_t
+	if supportsABI(_ino64First) {
+		return fstatfs_freebsd12(fd, st)
+	}
+	err = fstatfs(fd, &oldStatfs)
+	if err != nil {
+		return err
+	}
+
+	st.convertFrom(&oldStatfs)
+	return nil
+}
+
+func Getdents(fd int, buf []byte) (n int, err error) {
+	return Getdirentries(fd, buf, nil)
+}
+
+func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
+	if supportsABI(_ino64First) {
+		if basep == nil || unsafe.Sizeof(*basep) == 8 {
+			return getdirentries_freebsd12(fd, buf, (*uint64)(unsafe.Pointer(basep)))
+		}
+		// The freebsd12 syscall needs a 64-bit base. On 32-bit machines
+		// we can't just use the basep passed in. See #32498.
+		var base uint64 = uint64(*basep)
+		n, err = getdirentries_freebsd12(fd, buf, &base)
+		*basep = uintptr(base)
+		if base>>32 != 0 {
+			// We can't stuff the base back into a uintptr, so any
+			// future calls would be suspect. Generate an error.
+			// EIO is allowed by getdirentries.
+			err = EIO
+		}
+		return
+	}
+
+	// The old syscall entries are smaller than the new. Use 1/4 of the original
+	// buffer size rounded up to DIRBLKSIZ (see /usr/src/lib/libc/sys/getdirentries.c).
+	oldBufLen := roundup(len(buf)/4, _dirblksiz)
+	oldBuf := make([]byte, oldBufLen)
+	n, err = getdirentries(fd, oldBuf, basep)
+	if err == nil && n > 0 {
+		n = convertFromDirents11(buf, oldBuf[:n])
+	}
+	return
+}
+
+func Mknod(path string, mode uint32, dev uint64) (err error) {
+	var oldDev int
+	if supportsABI(_ino64First) {
+		return mknodat_freebsd12(AT_FDCWD, path, mode, dev)
+	}
+	oldDev = int(dev)
+	return mknod(path, mode, oldDev)
+}
+
+func Mknodat(fd int, path string, mode uint32, dev uint64) (err error) {
+	var oldDev int
+	if supportsABI(_ino64First) {
+		return mknodat_freebsd12(fd, path, mode, dev)
+	}
+	oldDev = int(dev)
+	return mknodat(fd, path, mode, oldDev)
+}
+
+// round x to the nearest multiple of y, larger or equal to x.
+//
+// from /usr/include/sys/param.h Macros for counting and rounding.
+// #define roundup(x, y)   ((((x)+((y)-1))/(y))*(y))
+func roundup(x, y int) int {
+	return ((x + y - 1) / y) * y
+}
+
+func (s *Stat_t) convertFrom(old *stat_freebsd11_t) {
+	*s = Stat_t{
+		Dev:     uint64(old.Dev),
+		Ino:     uint64(old.Ino),
+		Nlink:   uint64(old.Nlink),
+		Mode:    old.Mode,
+		Uid:     old.Uid,
+		Gid:     old.Gid,
+		Rdev:    uint64(old.Rdev),
+		Atim:    old.Atim,
+		Mtim:    old.Mtim,
+		Ctim:    old.Ctim,
+		Btim:    old.Btim,
+		Size:    old.Size,
+		Blocks:  old.Blocks,
+		Blksize: old.Blksize,
+		Flags:   old.Flags,
+		Gen:     uint64(old.Gen),
+	}
+}
+
+func (s *Statfs_t) convertFrom(old *statfs_freebsd11_t) {
+	*s = Statfs_t{
+		Version:     _statfsVersion,
+		Type:        old.Type,
+		Flags:       old.Flags,
+		Bsize:       old.Bsize,
+		Iosize:      old.Iosize,
+		Blocks:      old.Blocks,
+		Bfree:       old.Bfree,
+		Bavail:      old.Bavail,
+		Files:       old.Files,
+		Ffree:       old.Ffree,
+		Syncwrites:  old.Syncwrites,
+		Asyncwrites: old.Asyncwrites,
+		Syncreads:   old.Syncreads,
+		Asyncreads:  old.Asyncreads,
+		// Spare
+		Namemax: old.Namemax,
+		Owner:   old.Owner,
+		Fsid:    old.Fsid,
+		// Charspare
+		// Fstypename
+		// Mntfromname
+		// Mntonname
+	}
+
+	sl := old.Fstypename[:]
+	n := clen(*(*[]byte)(unsafe.Pointer(&sl)))
+	copy(s.Fstypename[:], old.Fstypename[:n])
+
+	sl = old.Mntfromname[:]
+	n = clen(*(*[]byte)(unsafe.Pointer(&sl)))
+	copy(s.Mntfromname[:], old.Mntfromname[:n])
+
+	sl = old.Mntonname[:]
+	n = clen(*(*[]byte)(unsafe.Pointer(&sl)))
+	copy(s.Mntonname[:], old.Mntonname[:n])
+}
+
+func convertFromDirents11(buf []byte, old []byte) int {
+	const (
+		fixedSize    = int(unsafe.Offsetof(Dirent{}.Name))
+		oldFixedSize = int(unsafe.Offsetof(dirent_freebsd11{}.Name))
+	)
+
+	dstPos := 0
+	srcPos := 0
+	for dstPos+fixedSize < len(buf) && srcPos+oldFixedSize < len(old) {
+		var dstDirent Dirent
+		var srcDirent dirent_freebsd11
+
+		// If multiple direntries are written, sometimes when we reach the final one,
+		// we may have cap of old less than size of dirent_freebsd11.
+		copy((*[unsafe.Sizeof(srcDirent)]byte)(unsafe.Pointer(&srcDirent))[:], old[srcPos:])
+
+		reclen := roundup(fixedSize+int(srcDirent.Namlen)+1, 8)
+		if dstPos+reclen > len(buf) {
+			break
+		}
+
+		dstDirent.Fileno = uint64(srcDirent.Fileno)
+		dstDirent.Off = 0
+		dstDirent.Reclen = uint16(reclen)
+		dstDirent.Type = srcDirent.Type
+		dstDirent.Pad0 = 0
+		dstDirent.Namlen = uint16(srcDirent.Namlen)
+		dstDirent.Pad1 = 0
+
+		copy(dstDirent.Name[:], srcDirent.Name[:srcDirent.Namlen])
+		copy(buf[dstPos:], (*[unsafe.Sizeof(dstDirent)]byte)(unsafe.Pointer(&dstDirent))[:])
+		padding := buf[dstPos+fixedSize+int(dstDirent.Namlen) : dstPos+reclen]
+		for i := range padding {
+			padding[i] = 0
+		}
+
+		dstPos += int(dstDirent.Reclen)
+		srcPos += int(srcDirent.Reclen)
+	}
+
+	return dstPos
+}
+
+func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
+	if raceenabled {
+		raceReleaseMerge(unsafe.Pointer(&ioSync))
+	}
+	return sendfile(outfd, infd, offset, count)
+}
+
+//sys	ptrace(request int, pid int, addr uintptr, data int) (err error)
+
+func PtraceAttach(pid int) (err error) {
+	return ptrace(PTRACE_ATTACH, pid, 0, 0)
+}
+
+func PtraceCont(pid int, signal int) (err error) {
+	return ptrace(PTRACE_CONT, pid, 1, signal)
+}
+
+func PtraceDetach(pid int) (err error) {
+	return ptrace(PTRACE_DETACH, pid, 1, 0)
+}
+
+func PtraceGetFpRegs(pid int, fpregsout *FpReg) (err error) {
+	return ptrace(PTRACE_GETFPREGS, pid, uintptr(unsafe.Pointer(fpregsout)), 0)
+}
+
+func PtraceGetRegs(pid int, regsout *Reg) (err error) {
+	return ptrace(PTRACE_GETREGS, pid, uintptr(unsafe.Pointer(regsout)), 0)
+}
+
+func PtraceLwpEvents(pid int, enable int) (err error) {
+	return ptrace(PTRACE_LWPEVENTS, pid, 0, enable)
+}
+
+func PtraceLwpInfo(pid int, info uintptr) (err error) {
+	return ptrace(PTRACE_LWPINFO, pid, info, int(unsafe.Sizeof(PtraceLwpInfoStruct{})))
+}
+
+func PtracePeekData(pid int, addr uintptr, out []byte) (count int, err error) {
+	return PtraceIO(PIOD_READ_D, pid, addr, out, SizeofLong)
+}
+
+func PtracePeekText(pid int, addr uintptr, out []byte) (count int, err error) {
+	return PtraceIO(PIOD_READ_I, pid, addr, out, SizeofLong)
+}
+
+func PtracePokeData(pid int, addr uintptr, data []byte) (count int, err error) {
+	return PtraceIO(PIOD_WRITE_D, pid, addr, data, SizeofLong)
+}
+
+func PtracePokeText(pid int, addr uintptr, data []byte) (count int, err error) {
+	return PtraceIO(PIOD_WRITE_I, pid, addr, data, SizeofLong)
+}
+
+func PtraceSetRegs(pid int, regs *Reg) (err error) {
+	return ptrace(PTRACE_SETREGS, pid, uintptr(unsafe.Pointer(regs)), 0)
+}
+
+func PtraceSingleStep(pid int) (err error) {
+	return ptrace(PTRACE_SINGLESTEP, pid, 1, 0)
+}
+
+/*
+ * Exposed directly
+ */
+//sys	Access(path string, mode uint32) (err error)
+//sys	Adjtime(delta *Timeval, olddelta *Timeval) (err error)
+//sys	CapEnter() (err error)
+//sys	capRightsGet(version int, fd int, rightsp *CapRights) (err error) = SYS___CAP_RIGHTS_GET
+//sys	capRightsLimit(fd int, rightsp *CapRights) (err error)
+//sys	Chdir(path string) (err error)
+//sys	Chflags(path string, flags int) (err error)
+//sys	Chmod(path string, mode uint32) (err error)
+//sys	Chown(path string, uid int, gid int) (err error)
+//sys	Chroot(path string) (err error)
+//sys	Close(fd int) (err error)
+//sys	Dup(fd int) (nfd int, err error)
+//sys	Dup2(from int, to int) (err error)
+//sys	Exit(code int)
+//sys	ExtattrGetFd(fd int, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error)
+//sys	ExtattrSetFd(fd int, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error)
+//sys	ExtattrDeleteFd(fd int, attrnamespace int, attrname string) (err error)
+//sys	ExtattrListFd(fd int, attrnamespace int, data uintptr, nbytes int) (ret int, err error)
+//sys	ExtattrGetFile(file string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error)
+//sys	ExtattrSetFile(file string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error)
+//sys	ExtattrDeleteFile(file string, attrnamespace int, attrname string) (err error)
+//sys	ExtattrListFile(file string, attrnamespace int, data uintptr, nbytes int) (ret int, err error)
+//sys	ExtattrGetLink(link string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error)
+//sys	ExtattrSetLink(link string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error)
+//sys	ExtattrDeleteLink(link string, attrnamespace int, attrname string) (err error)
+//sys	ExtattrListLink(link string, attrnamespace int, data uintptr, nbytes int) (ret int, err error)
+//sys	Fadvise(fd int, offset int64, length int64, advice int) (err error) = SYS_POSIX_FADVISE
+//sys	Faccessat(dirfd int, path string, mode uint32, flags int) (err error)
+//sys	Fchdir(fd int) (err error)
+//sys	Fchflags(fd int, flags int) (err error)
+//sys	Fchmod(fd int, mode uint32) (err error)
+//sys	Fchmodat(dirfd int, path string, mode uint32, flags int) (err error)
+//sys	Fchown(fd int, uid int, gid int) (err error)
+//sys	Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error)
+//sys	Flock(fd int, how int) (err error)
+//sys	Fpathconf(fd int, name int) (val int, err error)
+//sys	fstat(fd int, stat *stat_freebsd11_t) (err error)
+//sys	fstat_freebsd12(fd int, stat *Stat_t) (err error)
+//sys	fstatat(fd int, path string, stat *stat_freebsd11_t, flags int) (err error)
+//sys	fstatat_freebsd12(fd int, path string, stat *Stat_t, flags int) (err error)
+//sys	fstatfs(fd int, stat *statfs_freebsd11_t) (err error)
+//sys	fstatfs_freebsd12(fd int, stat *Statfs_t) (err error)
+//sys	Fsync(fd int) (err error)
+//sys	Ftruncate(fd int, length int64) (err error)
+//sys	getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error)
+//sys	getdirentries_freebsd12(fd int, buf []byte, basep *uint64) (n int, err error)
+//sys	Getdtablesize() (size int)
+//sysnb	Getegid() (egid int)
+//sysnb	Geteuid() (uid int)
+//sysnb	Getgid() (gid int)
+//sysnb	Getpgid(pid int) (pgid int, err error)
+//sysnb	Getpgrp() (pgrp int)
+//sysnb	Getpid() (pid int)
+//sysnb	Getppid() (ppid int)
+//sys	Getpriority(which int, who int) (prio int, err error)
+//sysnb	Getrlimit(which int, lim *Rlimit) (err error)
+//sysnb	Getrusage(who int, rusage *Rusage) (err error)
+//sysnb	Getsid(pid int) (sid int, err error)
+//sysnb	Gettimeofday(tv *Timeval) (err error)
+//sysnb	Getuid() (uid int)
+//sys	Issetugid() (tainted bool)
+//sys	Kill(pid int, signum syscall.Signal) (err error)
+//sys	Kqueue() (fd int, err error)
+//sys	Lchown(path string, uid int, gid int) (err error)
+//sys	Link(path string, link string) (err error)
+//sys	Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error)
+//sys	Listen(s int, backlog int) (err error)
+//sys	lstat(path string, stat *stat_freebsd11_t) (err error)
+//sys	Mkdir(path string, mode uint32) (err error)
+//sys	Mkdirat(dirfd int, path string, mode uint32) (err error)
+//sys	Mkfifo(path string, mode uint32) (err error)
+//sys	mknod(path string, mode uint32, dev int) (err error)
+//sys	mknodat(fd int, path string, mode uint32, dev int) (err error)
+//sys	mknodat_freebsd12(fd int, path string, mode uint32, dev uint64) (err error)
+//sys	Nanosleep(time *Timespec, leftover *Timespec) (err error)
+//sys	Open(path string, mode int, perm uint32) (fd int, err error)
+//sys	Openat(fdat int, path string, mode int, perm uint32) (fd int, err error)
+//sys	Pathconf(path string, name int) (val int, err error)
+//sys	Pread(fd int, p []byte, offset int64) (n int, err error)
+//sys	Pwrite(fd int, p []byte, offset int64) (n int, err error)
+//sys	read(fd int, p []byte) (n int, err error)
+//sys	Readlink(path string, buf []byte) (n int, err error)
+//sys	Readlinkat(dirfd int, path string, buf []byte) (n int, err error)
+//sys	Rename(from string, to string) (err error)
+//sys	Renameat(fromfd int, from string, tofd int, to string) (err error)
+//sys	Revoke(path string) (err error)
+//sys	Rmdir(path string) (err error)
+//sys	Seek(fd int, offset int64, whence int) (newoffset int64, err error) = SYS_LSEEK
+//sys	Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error)
+//sysnb	Setegid(egid int) (err error)
+//sysnb	Seteuid(euid int) (err error)
+//sysnb	Setgid(gid int) (err error)
+//sys	Setlogin(name string) (err error)
+//sysnb	Setpgid(pid int, pgid int) (err error)
+//sys	Setpriority(which int, who int, prio int) (err error)
+//sysnb	Setregid(rgid int, egid int) (err error)
+//sysnb	Setreuid(ruid int, euid int) (err error)
+//sysnb	Setresgid(rgid int, egid int, sgid int) (err error)
+//sysnb	Setresuid(ruid int, euid int, suid int) (err error)
+//sysnb	Setrlimit(which int, lim *Rlimit) (err error)
+//sysnb	Setsid() (pid int, err error)
+//sysnb	Settimeofday(tp *Timeval) (err error)
+//sysnb	Setuid(uid int) (err error)
+//sys	stat(path string, stat *stat_freebsd11_t) (err error)
+//sys	statfs(path string, stat *statfs_freebsd11_t) (err error)
+//sys	statfs_freebsd12(path string, stat *Statfs_t) (err error)
+//sys	Symlink(path string, link string) (err error)
+//sys	Symlinkat(oldpath string, newdirfd int, newpath string) (err error)
+//sys	Sync() (err error)
+//sys	Truncate(path string, length int64) (err error)
+//sys	Umask(newmask int) (oldmask int)
+//sys	Undelete(path string) (err error)
+//sys	Unlink(path string) (err error)
+//sys	Unlinkat(dirfd int, path string, flags int) (err error)
+//sys	Unmount(path string, flags int) (err error)
+//sys	write(fd int, p []byte) (n int, err error)
+//sys   mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error)
+//sys   munmap(addr uintptr, length uintptr) (err error)
+//sys	readlen(fd int, buf *byte, nbuf int) (n int, err error) = SYS_READ
+//sys	writelen(fd int, buf *byte, nbuf int) (n int, err error) = SYS_WRITE
+//sys	accept4(fd int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (nfd int, err error)
+//sys	utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error)
+
+/*
+ * Unimplemented
+ */
+// Profil
+// Sigaction
+// Sigprocmask
+// Getlogin
+// Sigpending
+// Sigaltstack
+// Ioctl
+// Reboot
+// Execve
+// Vfork
+// Sbrk
+// Sstk
+// Ovadvise
+// Mincore
+// Setitimer
+// Swapon
+// Select
+// Sigsuspend
+// Readv
+// Writev
+// Nfssvc
+// Getfh
+// Quotactl
+// Mount
+// Csops
+// Waitid
+// Add_profil
+// Kdebug_trace
+// Sigreturn
+// Atsocket
+// Kqueue_from_portset_np
+// Kqueue_portset
+// Getattrlist
+// Setattrlist
+// Getdents
+// Getdirentriesattr
+// Searchfs
+// Delete
+// Copyfile
+// Watchevent
+// Waitevent
+// Modwatch
+// Fsctl
+// Initgroups
+// Posix_spawn
+// Nfsclnt
+// Fhopen
+// Minherit
+// Semsys
+// Msgsys
+// Shmsys
+// Semctl
+// Semget
+// Semop
+// Msgctl
+// Msgget
+// Msgsnd
+// Msgrcv
+// Shmat
+// Shmctl
+// Shmdt
+// Shmget
+// Shm_open
+// Shm_unlink
+// Sem_open
+// Sem_close
+// Sem_unlink
+// Sem_wait
+// Sem_trywait
+// Sem_post
+// Sem_getvalue
+// Sem_init
+// Sem_destroy
+// Open_extended
+// Umask_extended
+// Stat_extended
+// Lstat_extended
+// Fstat_extended
+// Chmod_extended
+// Fchmod_extended
+// Access_extended
+// Settid
+// Gettid
+// Setsgroups
+// Getsgroups
+// Setwgroups
+// Getwgroups
+// Mkfifo_extended
+// Mkdir_extended
+// Identitysvc
+// Shared_region_check_np
+// Shared_region_map_np
+// __pthread_mutex_destroy
+// __pthread_mutex_init
+// __pthread_mutex_lock
+// __pthread_mutex_trylock
+// __pthread_mutex_unlock
+// __pthread_cond_init
+// __pthread_cond_destroy
+// __pthread_cond_broadcast
+// __pthread_cond_signal
+// Setsid_with_pid
+// __pthread_cond_timedwait
+// Aio_fsync
+// Aio_return
+// Aio_suspend
+// Aio_cancel
+// Aio_error
+// Aio_read
+// Aio_write
+// Lio_listio
+// __pthread_cond_wait
+// Iopolicysys
+// __pthread_kill
+// __pthread_sigmask
+// __sigwait
+// __disable_threadsignal
+// __pthread_markcancel
+// __pthread_canceled
+// __semwait_signal
+// Proc_info
+// Stat64_extended
+// Lstat64_extended
+// Fstat64_extended
+// __pthread_chdir
+// __pthread_fchdir
+// Audit
+// Auditon
+// Getauid
+// Setauid
+// Getaudit
+// Setaudit
+// Getaudit_addr
+// Setaudit_addr
+// Auditctl
+// Bsdthread_create
+// Bsdthread_terminate
+// Stack_snapshot
+// Bsdthread_register
+// Workq_open
+// Workq_ops
+// __mac_execve
+// __mac_syscall
+// __mac_get_file
+// __mac_set_file
+// __mac_get_link
+// __mac_set_link
+// __mac_get_proc
+// __mac_set_proc
+// __mac_get_fd
+// __mac_set_fd
+// __mac_get_pid
+// __mac_get_lcid
+// __mac_get_lctx
+// __mac_set_lctx
+// Setlcid
+// Read_nocancel
+// Write_nocancel
+// Open_nocancel
+// Close_nocancel
+// Wait4_nocancel
+// Recvmsg_nocancel
+// Sendmsg_nocancel
+// Recvfrom_nocancel
+// Accept_nocancel
+// Fcntl_nocancel
+// Select_nocancel
+// Fsync_nocancel
+// Connect_nocancel
+// Sigsuspend_nocancel
+// Readv_nocancel
+// Writev_nocancel
+// Sendto_nocancel
+// Pread_nocancel
+// Pwrite_nocancel
+// Waitid_nocancel
+// Poll_nocancel
+// Msgsnd_nocancel
+// Msgrcv_nocancel
+// Sem_wait_nocancel
+// Aio_suspend_nocancel
+// __sigwait_nocancel
+// __semwait_signal_nocancel
+// __mac_mount
+// __mac_get_mount
+// __mac_getfsstat
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go
new file mode 100644
index 000000000..72a506ddc
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go
@@ -0,0 +1,66 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build 386,freebsd
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+func setTimespec(sec, nsec int64) Timespec {
+	return Timespec{Sec: int32(sec), Nsec: int32(nsec)}
+}
+
+func setTimeval(sec, usec int64) Timeval {
+	return Timeval{Sec: int32(sec), Usec: int32(usec)}
+}
+
+func SetKevent(k *Kevent_t, fd, mode, flags int) {
+	k.Ident = uint32(fd)
+	k.Filter = int16(mode)
+	k.Flags = uint16(flags)
+}
+
+func (iov *Iovec) SetLen(length int) {
+	iov.Len = uint32(length)
+}
+
+func (msghdr *Msghdr) SetControllen(length int) {
+	msghdr.Controllen = uint32(length)
+}
+
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = int32(length)
+}
+
+func (cmsg *Cmsghdr) SetLen(length int) {
+	cmsg.Len = uint32(length)
+}
+
+func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
+	var writtenOut uint64 = 0
+	_, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr((*offset)>>32), uintptr(count), 0, uintptr(unsafe.Pointer(&writtenOut)), 0, 0)
+
+	written = int(writtenOut)
+
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno)
+
+func PtraceGetFsBase(pid int, fsbase *int64) (err error) {
+	return ptrace(PTRACE_GETFSBASE, pid, uintptr(unsafe.Pointer(fsbase)), 0)
+}
+
+func PtraceIO(req int, pid int, addr uintptr, out []byte, countin int) (count int, err error) {
+	ioDesc := PtraceIoDesc{Op: int32(req), Offs: (*byte)(unsafe.Pointer(addr)), Addr: (*byte)(unsafe.Pointer(&out[0])), Len: uint32(countin)}
+	err = ptrace(PTRACE_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0)
+	return int(ioDesc.Len), err
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go
new file mode 100644
index 000000000..d5e376aca
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go
@@ -0,0 +1,66 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build amd64,freebsd
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+func setTimespec(sec, nsec int64) Timespec {
+	return Timespec{Sec: sec, Nsec: nsec}
+}
+
+func setTimeval(sec, usec int64) Timeval {
+	return Timeval{Sec: sec, Usec: usec}
+}
+
+func SetKevent(k *Kevent_t, fd, mode, flags int) {
+	k.Ident = uint64(fd)
+	k.Filter = int16(mode)
+	k.Flags = uint16(flags)
+}
+
+func (iov *Iovec) SetLen(length int) {
+	iov.Len = uint64(length)
+}
+
+func (msghdr *Msghdr) SetControllen(length int) {
+	msghdr.Controllen = uint32(length)
+}
+
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = int32(length)
+}
+
+func (cmsg *Cmsghdr) SetLen(length int) {
+	cmsg.Len = uint32(length)
+}
+
+func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
+	var writtenOut uint64 = 0
+	_, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr(count), 0, uintptr(unsafe.Pointer(&writtenOut)), 0, 0, 0)
+
+	written = int(writtenOut)
+
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno)
+
+func PtraceGetFsBase(pid int, fsbase *int64) (err error) {
+	return ptrace(PTRACE_GETFSBASE, pid, uintptr(unsafe.Pointer(fsbase)), 0)
+}
+
+func PtraceIO(req int, pid int, addr uintptr, out []byte, countin int) (count int, err error) {
+	ioDesc := PtraceIoDesc{Op: int32(req), Offs: (*byte)(unsafe.Pointer(addr)), Addr: (*byte)(unsafe.Pointer(&out[0])), Len: uint64(countin)}
+	err = ptrace(PTRACE_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0)
+	return int(ioDesc.Len), err
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go
new file mode 100644
index 000000000..4ea45bce5
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go
@@ -0,0 +1,62 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build arm,freebsd
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+func setTimespec(sec, nsec int64) Timespec {
+	return Timespec{Sec: sec, Nsec: int32(nsec)}
+}
+
+func setTimeval(sec, usec int64) Timeval {
+	return Timeval{Sec: sec, Usec: int32(usec)}
+}
+
+func SetKevent(k *Kevent_t, fd, mode, flags int) {
+	k.Ident = uint32(fd)
+	k.Filter = int16(mode)
+	k.Flags = uint16(flags)
+}
+
+func (iov *Iovec) SetLen(length int) {
+	iov.Len = uint32(length)
+}
+
+func (msghdr *Msghdr) SetControllen(length int) {
+	msghdr.Controllen = uint32(length)
+}
+
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = int32(length)
+}
+
+func (cmsg *Cmsghdr) SetLen(length int) {
+	cmsg.Len = uint32(length)
+}
+
+func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
+	var writtenOut uint64 = 0
+	_, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr((*offset)>>32), uintptr(count), 0, uintptr(unsafe.Pointer(&writtenOut)), 0, 0)
+
+	written = int(writtenOut)
+
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno)
+
+func PtraceIO(req int, pid int, addr uintptr, out []byte, countin int) (count int, err error) {
+	ioDesc := PtraceIoDesc{Op: int32(req), Offs: (*byte)(unsafe.Pointer(addr)), Addr: (*byte)(unsafe.Pointer(&out[0])), Len: uint32(countin)}
+	err = ptrace(PTRACE_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0)
+	return int(ioDesc.Len), err
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go
new file mode 100644
index 000000000..aa5326db1
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go
@@ -0,0 +1,62 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build arm64,freebsd
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+func setTimespec(sec, nsec int64) Timespec {
+	return Timespec{Sec: sec, Nsec: nsec}
+}
+
+func setTimeval(sec, usec int64) Timeval {
+	return Timeval{Sec: sec, Usec: usec}
+}
+
+func SetKevent(k *Kevent_t, fd, mode, flags int) {
+	k.Ident = uint64(fd)
+	k.Filter = int16(mode)
+	k.Flags = uint16(flags)
+}
+
+func (iov *Iovec) SetLen(length int) {
+	iov.Len = uint64(length)
+}
+
+func (msghdr *Msghdr) SetControllen(length int) {
+	msghdr.Controllen = uint32(length)
+}
+
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = int32(length)
+}
+
+func (cmsg *Cmsghdr) SetLen(length int) {
+	cmsg.Len = uint32(length)
+}
+
+func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
+	var writtenOut uint64 = 0
+	_, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr(count), 0, uintptr(unsafe.Pointer(&writtenOut)), 0, 0, 0)
+
+	written = int(writtenOut)
+
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno)
+
+func PtraceIO(req int, pid int, addr uintptr, out []byte, countin int) (count int, err error) {
+	ioDesc := PtraceIoDesc{Op: int32(req), Offs: (*byte)(unsafe.Pointer(addr)), Addr: (*byte)(unsafe.Pointer(&out[0])), Len: uint64(countin)}
+	err = ptrace(PTRACE_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0)
+	return int(ioDesc.Len), err
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_illumos.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_illumos.go
new file mode 100644
index 000000000..bbc4f3ea5
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_illumos.go
@@ -0,0 +1,90 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// illumos system calls not present on Solaris.
+
+// +build amd64,illumos
+
+package unix
+
+import "unsafe"
+
+func bytes2iovec(bs [][]byte) []Iovec {
+	iovecs := make([]Iovec, len(bs))
+	for i, b := range bs {
+		iovecs[i].SetLen(len(b))
+		if len(b) > 0 {
+			// somehow Iovec.Base on illumos is (*int8), not (*byte)
+			iovecs[i].Base = (*int8)(unsafe.Pointer(&b[0]))
+		} else {
+			iovecs[i].Base = (*int8)(unsafe.Pointer(&_zero))
+		}
+	}
+	return iovecs
+}
+
+//sys	readv(fd int, iovs []Iovec) (n int, err error)
+
+func Readv(fd int, iovs [][]byte) (n int, err error) {
+	iovecs := bytes2iovec(iovs)
+	n, err = readv(fd, iovecs)
+	return n, err
+}
+
+//sys	preadv(fd int, iovs []Iovec, off int64) (n int, err error)
+
+func Preadv(fd int, iovs [][]byte, off int64) (n int, err error) {
+	iovecs := bytes2iovec(iovs)
+	n, err = preadv(fd, iovecs, off)
+	return n, err
+}
+
+//sys	writev(fd int, iovs []Iovec) (n int, err error)
+
+func Writev(fd int, iovs [][]byte) (n int, err error) {
+	iovecs := bytes2iovec(iovs)
+	n, err = writev(fd, iovecs)
+	return n, err
+}
+
+//sys	pwritev(fd int, iovs []Iovec, off int64) (n int, err error)
+
+func Pwritev(fd int, iovs [][]byte, off int64) (n int, err error) {
+	iovecs := bytes2iovec(iovs)
+	n, err = pwritev(fd, iovecs, off)
+	return n, err
+}
+
+//sys	accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) = libsocket.accept4
+
+func Accept4(fd int, flags int) (nfd int, sa Sockaddr, err error) {
+	var rsa RawSockaddrAny
+	var len _Socklen = SizeofSockaddrAny
+	nfd, err = accept4(fd, &rsa, &len, flags)
+	if err != nil {
+		return
+	}
+	if len > SizeofSockaddrAny {
+		panic("RawSockaddrAny too small")
+	}
+	sa, err = anyToSockaddr(fd, &rsa)
+	if err != nil {
+		Close(nfd)
+		nfd = 0
+	}
+	return
+}
+
+//sysnb	pipe2(p *[2]_C_int, flags int) (err error)
+
+func Pipe2(p []int, flags int) error {
+	if len(p) != 2 {
+		return EINVAL
+	}
+	var pp [2]_C_int
+	err := pipe2(&pp, flags)
+	p[0] = int(pp[0])
+	p[1] = int(pp[1])
+	return err
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_linux.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_linux.go
new file mode 100644
index 000000000..94dafa4e5
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_linux.go
@@ -0,0 +1,2328 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Linux system calls.
+// This file is compiled as ordinary Go code,
+// but it is also input to mksyscall,
+// which parses the //sys lines and generates system call stubs.
+// Note that sometimes we use a lowercase //sys name and
+// wrap it in our own nicer implementation.
+
+package unix
+
+import (
+	"encoding/binary"
+	"runtime"
+	"syscall"
+	"unsafe"
+)
+
+/*
+ * Wrapped
+ */
+
+func Access(path string, mode uint32) (err error) {
+	return Faccessat(AT_FDCWD, path, mode, 0)
+}
+
+func Chmod(path string, mode uint32) (err error) {
+	return Fchmodat(AT_FDCWD, path, mode, 0)
+}
+
+func Chown(path string, uid int, gid int) (err error) {
+	return Fchownat(AT_FDCWD, path, uid, gid, 0)
+}
+
+func Creat(path string, mode uint32) (fd int, err error) {
+	return Open(path, O_CREAT|O_WRONLY|O_TRUNC, mode)
+}
+
+//sys	FanotifyInit(flags uint, event_f_flags uint) (fd int, err error)
+//sys	fanotifyMark(fd int, flags uint, mask uint64, dirFd int, pathname *byte) (err error)
+
+func FanotifyMark(fd int, flags uint, mask uint64, dirFd int, pathname string) (err error) {
+	if pathname == "" {
+		return fanotifyMark(fd, flags, mask, dirFd, nil)
+	}
+	p, err := BytePtrFromString(pathname)
+	if err != nil {
+		return err
+	}
+	return fanotifyMark(fd, flags, mask, dirFd, p)
+}
+
+//sys	fchmodat(dirfd int, path string, mode uint32) (err error)
+
+func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
+	// Linux fchmodat doesn't support the flags parameter. Mimick glibc's behavior
+	// and check the flags. Otherwise the mode would be applied to the symlink
+	// destination which is not what the user expects.
+	if flags&^AT_SYMLINK_NOFOLLOW != 0 {
+		return EINVAL
+	} else if flags&AT_SYMLINK_NOFOLLOW != 0 {
+		return EOPNOTSUPP
+	}
+	return fchmodat(dirfd, path, mode)
+}
+
+//sys	ioctl(fd int, req uint, arg uintptr) (err error)
+
+// ioctl itself should not be exposed directly, but additional get/set
+// functions for specific types are permissible.
+
+// IoctlRetInt performs an ioctl operation specified by req on a device
+// associated with opened file descriptor fd, and returns a non-negative
+// integer that is returned by the ioctl syscall.
+func IoctlRetInt(fd int, req uint) (int, error) {
+	ret, _, err := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), 0)
+	if err != 0 {
+		return 0, err
+	}
+	return int(ret), nil
+}
+
+func IoctlSetRTCTime(fd int, value *RTCTime) error {
+	err := ioctl(fd, RTC_SET_TIME, uintptr(unsafe.Pointer(value)))
+	runtime.KeepAlive(value)
+	return err
+}
+
+func IoctlSetRTCWkAlrm(fd int, value *RTCWkAlrm) error {
+	err := ioctl(fd, RTC_WKALM_SET, uintptr(unsafe.Pointer(value)))
+	runtime.KeepAlive(value)
+	return err
+}
+
+func IoctlGetUint32(fd int, req uint) (uint32, error) {
+	var value uint32
+	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
+	return value, err
+}
+
+func IoctlGetRTCTime(fd int) (*RTCTime, error) {
+	var value RTCTime
+	err := ioctl(fd, RTC_RD_TIME, uintptr(unsafe.Pointer(&value)))
+	return &value, err
+}
+
+func IoctlGetRTCWkAlrm(fd int) (*RTCWkAlrm, error) {
+	var value RTCWkAlrm
+	err := ioctl(fd, RTC_WKALM_RD, uintptr(unsafe.Pointer(&value)))
+	return &value, err
+}
+
+// IoctlFileClone performs an FICLONERANGE ioctl operation to clone the range of
+// data conveyed in value to the file associated with the file descriptor
+// destFd. See the ioctl_ficlonerange(2) man page for details.
+func IoctlFileCloneRange(destFd int, value *FileCloneRange) error {
+	err := ioctl(destFd, FICLONERANGE, uintptr(unsafe.Pointer(value)))
+	runtime.KeepAlive(value)
+	return err
+}
+
+// IoctlFileClone performs an FICLONE ioctl operation to clone the entire file
+// associated with the file description srcFd to the file associated with the
+// file descriptor destFd. See the ioctl_ficlone(2) man page for details.
+func IoctlFileClone(destFd, srcFd int) error {
+	return ioctl(destFd, FICLONE, uintptr(srcFd))
+}
+
+// IoctlFileClone performs an FIDEDUPERANGE ioctl operation to share the range of
+// data conveyed in value with the file associated with the file descriptor
+// destFd. See the ioctl_fideduperange(2) man page for details.
+func IoctlFileDedupeRange(destFd int, value *FileDedupeRange) error {
+	err := ioctl(destFd, FIDEDUPERANGE, uintptr(unsafe.Pointer(value)))
+	runtime.KeepAlive(value)
+	return err
+}
+
+//sys	Linkat(olddirfd int, oldpath string, newdirfd int, newpath string, flags int) (err error)
+
+func Link(oldpath string, newpath string) (err error) {
+	return Linkat(AT_FDCWD, oldpath, AT_FDCWD, newpath, 0)
+}
+
+func Mkdir(path string, mode uint32) (err error) {
+	return Mkdirat(AT_FDCWD, path, mode)
+}
+
+func Mknod(path string, mode uint32, dev int) (err error) {
+	return Mknodat(AT_FDCWD, path, mode, dev)
+}
+
+func Open(path string, mode int, perm uint32) (fd int, err error) {
+	return openat(AT_FDCWD, path, mode|O_LARGEFILE, perm)
+}
+
+//sys	openat(dirfd int, path string, flags int, mode uint32) (fd int, err error)
+
+func Openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) {
+	return openat(dirfd, path, flags|O_LARGEFILE, mode)
+}
+
+//sys	openat2(dirfd int, path string, open_how *OpenHow, size int) (fd int, err error)
+
+func Openat2(dirfd int, path string, how *OpenHow) (fd int, err error) {
+	return openat2(dirfd, path, how, SizeofOpenHow)
+}
+
+//sys	ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error)
+
+func Ppoll(fds []PollFd, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
+	if len(fds) == 0 {
+		return ppoll(nil, 0, timeout, sigmask)
+	}
+	return ppoll(&fds[0], len(fds), timeout, sigmask)
+}
+
+//sys	Readlinkat(dirfd int, path string, buf []byte) (n int, err error)
+
+func Readlink(path string, buf []byte) (n int, err error) {
+	return Readlinkat(AT_FDCWD, path, buf)
+}
+
+func Rename(oldpath string, newpath string) (err error) {
+	return Renameat(AT_FDCWD, oldpath, AT_FDCWD, newpath)
+}
+
+func Rmdir(path string) error {
+	return Unlinkat(AT_FDCWD, path, AT_REMOVEDIR)
+}
+
+//sys	Symlinkat(oldpath string, newdirfd int, newpath string) (err error)
+
+func Symlink(oldpath string, newpath string) (err error) {
+	return Symlinkat(oldpath, AT_FDCWD, newpath)
+}
+
+func Unlink(path string) error {
+	return Unlinkat(AT_FDCWD, path, 0)
+}
+
+//sys	Unlinkat(dirfd int, path string, flags int) (err error)
+
+func Utimes(path string, tv []Timeval) error {
+	if tv == nil {
+		err := utimensat(AT_FDCWD, path, nil, 0)
+		if err != ENOSYS {
+			return err
+		}
+		return utimes(path, nil)
+	}
+	if len(tv) != 2 {
+		return EINVAL
+	}
+	var ts [2]Timespec
+	ts[0] = NsecToTimespec(TimevalToNsec(tv[0]))
+	ts[1] = NsecToTimespec(TimevalToNsec(tv[1]))
+	err := utimensat(AT_FDCWD, path, (*[2]Timespec)(unsafe.Pointer(&ts[0])), 0)
+	if err != ENOSYS {
+		return err
+	}
+	return utimes(path, (*[2]Timeval)(unsafe.Pointer(&tv[0])))
+}
+
+//sys	utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error)
+
+func UtimesNano(path string, ts []Timespec) error {
+	if ts == nil {
+		err := utimensat(AT_FDCWD, path, nil, 0)
+		if err != ENOSYS {
+			return err
+		}
+		return utimes(path, nil)
+	}
+	if len(ts) != 2 {
+		return EINVAL
+	}
+	err := utimensat(AT_FDCWD, path, (*[2]Timespec)(unsafe.Pointer(&ts[0])), 0)
+	if err != ENOSYS {
+		return err
+	}
+	// If the utimensat syscall isn't available (utimensat was added to Linux
+	// in 2.6.22, Released, 8 July 2007) then fall back to utimes
+	var tv [2]Timeval
+	for i := 0; i < 2; i++ {
+		tv[i] = NsecToTimeval(TimespecToNsec(ts[i]))
+	}
+	return utimes(path, (*[2]Timeval)(unsafe.Pointer(&tv[0])))
+}
+
+func UtimesNanoAt(dirfd int, path string, ts []Timespec, flags int) error {
+	if ts == nil {
+		return utimensat(dirfd, path, nil, flags)
+	}
+	if len(ts) != 2 {
+		return EINVAL
+	}
+	return utimensat(dirfd, path, (*[2]Timespec)(unsafe.Pointer(&ts[0])), flags)
+}
+
+func Futimesat(dirfd int, path string, tv []Timeval) error {
+	if tv == nil {
+		return futimesat(dirfd, path, nil)
+	}
+	if len(tv) != 2 {
+		return EINVAL
+	}
+	return futimesat(dirfd, path, (*[2]Timeval)(unsafe.Pointer(&tv[0])))
+}
+
+func Futimes(fd int, tv []Timeval) (err error) {
+	// Believe it or not, this is the best we can do on Linux
+	// (and is what glibc does).
+	return Utimes("/proc/self/fd/"+itoa(fd), tv)
+}
+
+const ImplementsGetwd = true
+
+//sys	Getcwd(buf []byte) (n int, err error)
+
+func Getwd() (wd string, err error) {
+	var buf [PathMax]byte
+	n, err := Getcwd(buf[0:])
+	if err != nil {
+		return "", err
+	}
+	// Getcwd returns the number of bytes written to buf, including the NUL.
+	if n < 1 || n > len(buf) || buf[n-1] != 0 {
+		return "", EINVAL
+	}
+	return string(buf[0 : n-1]), nil
+}
+
+func Getgroups() (gids []int, err error) {
+	n, err := getgroups(0, nil)
+	if err != nil {
+		return nil, err
+	}
+	if n == 0 {
+		return nil, nil
+	}
+
+	// Sanity check group count. Max is 1<<16 on Linux.
+	if n < 0 || n > 1<<20 {
+		return nil, EINVAL
+	}
+
+	a := make([]_Gid_t, n)
+	n, err = getgroups(n, &a[0])
+	if err != nil {
+		return nil, err
+	}
+	gids = make([]int, n)
+	for i, v := range a[0:n] {
+		gids[i] = int(v)
+	}
+	return
+}
+
+func Setgroups(gids []int) (err error) {
+	if len(gids) == 0 {
+		return setgroups(0, nil)
+	}
+
+	a := make([]_Gid_t, len(gids))
+	for i, v := range gids {
+		a[i] = _Gid_t(v)
+	}
+	return setgroups(len(a), &a[0])
+}
+
+type WaitStatus uint32
+
+// Wait status is 7 bits at bottom, either 0 (exited),
+// 0x7F (stopped), or a signal number that caused an exit.
+// The 0x80 bit is whether there was a core dump.
+// An extra number (exit code, signal causing a stop)
+// is in the high bits. At least that's the idea.
+// There are various irregularities. For example, the
+// "continued" status is 0xFFFF, distinguishing itself
+// from stopped via the core dump bit.
+
+const (
+	mask    = 0x7F
+	core    = 0x80
+	exited  = 0x00
+	stopped = 0x7F
+	shift   = 8
+)
+
+func (w WaitStatus) Exited() bool { return w&mask == exited }
+
+func (w WaitStatus) Signaled() bool { return w&mask != stopped && w&mask != exited }
+
+func (w WaitStatus) Stopped() bool { return w&0xFF == stopped }
+
+func (w WaitStatus) Continued() bool { return w == 0xFFFF }
+
+func (w WaitStatus) CoreDump() bool { return w.Signaled() && w&core != 0 }
+
+func (w WaitStatus) ExitStatus() int {
+	if !w.Exited() {
+		return -1
+	}
+	return int(w>>shift) & 0xFF
+}
+
+func (w WaitStatus) Signal() syscall.Signal {
+	if !w.Signaled() {
+		return -1
+	}
+	return syscall.Signal(w & mask)
+}
+
+func (w WaitStatus) StopSignal() syscall.Signal {
+	if !w.Stopped() {
+		return -1
+	}
+	return syscall.Signal(w>>shift) & 0xFF
+}
+
+func (w WaitStatus) TrapCause() int {
+	if w.StopSignal() != SIGTRAP {
+		return -1
+	}
+	return int(w>>shift) >> 8
+}
+
+//sys	wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error)
+
+func Wait4(pid int, wstatus *WaitStatus, options int, rusage *Rusage) (wpid int, err error) {
+	var status _C_int
+	wpid, err = wait4(pid, &status, options, rusage)
+	if wstatus != nil {
+		*wstatus = WaitStatus(status)
+	}
+	return
+}
+
+func Mkfifo(path string, mode uint32) error {
+	return Mknod(path, mode|S_IFIFO, 0)
+}
+
+func Mkfifoat(dirfd int, path string, mode uint32) error {
+	return Mknodat(dirfd, path, mode|S_IFIFO, 0)
+}
+
+func (sa *SockaddrInet4) sockaddr() (unsafe.Pointer, _Socklen, error) {
+	if sa.Port < 0 || sa.Port > 0xFFFF {
+		return nil, 0, EINVAL
+	}
+	sa.raw.Family = AF_INET
+	p := (*[2]byte)(unsafe.Pointer(&sa.raw.Port))
+	p[0] = byte(sa.Port >> 8)
+	p[1] = byte(sa.Port)
+	for i := 0; i < len(sa.Addr); i++ {
+		sa.raw.Addr[i] = sa.Addr[i]
+	}
+	return unsafe.Pointer(&sa.raw), SizeofSockaddrInet4, nil
+}
+
+func (sa *SockaddrInet6) sockaddr() (unsafe.Pointer, _Socklen, error) {
+	if sa.Port < 0 || sa.Port > 0xFFFF {
+		return nil, 0, EINVAL
+	}
+	sa.raw.Family = AF_INET6
+	p := (*[2]byte)(unsafe.Pointer(&sa.raw.Port))
+	p[0] = byte(sa.Port >> 8)
+	p[1] = byte(sa.Port)
+	sa.raw.Scope_id = sa.ZoneId
+	for i := 0; i < len(sa.Addr); i++ {
+		sa.raw.Addr[i] = sa.Addr[i]
+	}
+	return unsafe.Pointer(&sa.raw), SizeofSockaddrInet6, nil
+}
+
+func (sa *SockaddrUnix) sockaddr() (unsafe.Pointer, _Socklen, error) {
+	name := sa.Name
+	n := len(name)
+	if n >= len(sa.raw.Path) {
+		return nil, 0, EINVAL
+	}
+	sa.raw.Family = AF_UNIX
+	for i := 0; i < n; i++ {
+		sa.raw.Path[i] = int8(name[i])
+	}
+	// length is family (uint16), name, NUL.
+	sl := _Socklen(2)
+	if n > 0 {
+		sl += _Socklen(n) + 1
+	}
+	if sa.raw.Path[0] == '@' {
+		sa.raw.Path[0] = 0
+		// Don't count trailing NUL for abstract address.
+		sl--
+	}
+
+	return unsafe.Pointer(&sa.raw), sl, nil
+}
+
+// SockaddrLinklayer implements the Sockaddr interface for AF_PACKET type sockets.
+type SockaddrLinklayer struct {
+	Protocol uint16
+	Ifindex  int
+	Hatype   uint16
+	Pkttype  uint8
+	Halen    uint8
+	Addr     [8]byte
+	raw      RawSockaddrLinklayer
+}
+
+func (sa *SockaddrLinklayer) sockaddr() (unsafe.Pointer, _Socklen, error) {
+	if sa.Ifindex < 0 || sa.Ifindex > 0x7fffffff {
+		return nil, 0, EINVAL
+	}
+	sa.raw.Family = AF_PACKET
+	sa.raw.Protocol = sa.Protocol
+	sa.raw.Ifindex = int32(sa.Ifindex)
+	sa.raw.Hatype = sa.Hatype
+	sa.raw.Pkttype = sa.Pkttype
+	sa.raw.Halen = sa.Halen
+	for i := 0; i < len(sa.Addr); i++ {
+		sa.raw.Addr[i] = sa.Addr[i]
+	}
+	return unsafe.Pointer(&sa.raw), SizeofSockaddrLinklayer, nil
+}
+
+// SockaddrNetlink implements the Sockaddr interface for AF_NETLINK type sockets.
+type SockaddrNetlink struct {
+	Family uint16
+	Pad    uint16
+	Pid    uint32
+	Groups uint32
+	raw    RawSockaddrNetlink
+}
+
+func (sa *SockaddrNetlink) sockaddr() (unsafe.Pointer, _Socklen, error) {
+	sa.raw.Family = AF_NETLINK
+	sa.raw.Pad = sa.Pad
+	sa.raw.Pid = sa.Pid
+	sa.raw.Groups = sa.Groups
+	return unsafe.Pointer(&sa.raw), SizeofSockaddrNetlink, nil
+}
+
+// SockaddrHCI implements the Sockaddr interface for AF_BLUETOOTH type sockets
+// using the HCI protocol.
+type SockaddrHCI struct {
+	Dev     uint16
+	Channel uint16
+	raw     RawSockaddrHCI
+}
+
+func (sa *SockaddrHCI) sockaddr() (unsafe.Pointer, _Socklen, error) {
+	sa.raw.Family = AF_BLUETOOTH
+	sa.raw.Dev = sa.Dev
+	sa.raw.Channel = sa.Channel
+	return unsafe.Pointer(&sa.raw), SizeofSockaddrHCI, nil
+}
+
+// SockaddrL2 implements the Sockaddr interface for AF_BLUETOOTH type sockets
+// using the L2CAP protocol.
+type SockaddrL2 struct {
+	PSM      uint16
+	CID      uint16
+	Addr     [6]uint8
+	AddrType uint8
+	raw      RawSockaddrL2
+}
+
+func (sa *SockaddrL2) sockaddr() (unsafe.Pointer, _Socklen, error) {
+	sa.raw.Family = AF_BLUETOOTH
+	psm := (*[2]byte)(unsafe.Pointer(&sa.raw.Psm))
+	psm[0] = byte(sa.PSM)
+	psm[1] = byte(sa.PSM >> 8)
+	for i := 0; i < len(sa.Addr); i++ {
+		sa.raw.Bdaddr[i] = sa.Addr[len(sa.Addr)-1-i]
+	}
+	cid := (*[2]byte)(unsafe.Pointer(&sa.raw.Cid))
+	cid[0] = byte(sa.CID)
+	cid[1] = byte(sa.CID >> 8)
+	sa.raw.Bdaddr_type = sa.AddrType
+	return unsafe.Pointer(&sa.raw), SizeofSockaddrL2, nil
+}
+
+// SockaddrRFCOMM implements the Sockaddr interface for AF_BLUETOOTH type sockets
+// using the RFCOMM protocol.
+//
+// Server example:
+//
+//      fd, _ := Socket(AF_BLUETOOTH, SOCK_STREAM, BTPROTO_RFCOMM)
+//      _ = unix.Bind(fd, &unix.SockaddrRFCOMM{
+//      	Channel: 1,
+//      	Addr:    [6]uint8{0, 0, 0, 0, 0, 0}, // BDADDR_ANY or 00:00:00:00:00:00
+//      })
+//      _ = Listen(fd, 1)
+//      nfd, sa, _ := Accept(fd)
+//      fmt.Printf("conn addr=%v fd=%d", sa.(*unix.SockaddrRFCOMM).Addr, nfd)
+//      Read(nfd, buf)
+//
+// Client example:
+//
+//      fd, _ := Socket(AF_BLUETOOTH, SOCK_STREAM, BTPROTO_RFCOMM)
+//      _ = Connect(fd, &SockaddrRFCOMM{
+//      	Channel: 1,
+//      	Addr:    [6]byte{0x11, 0x22, 0x33, 0xaa, 0xbb, 0xcc}, // CC:BB:AA:33:22:11
+//      })
+//      Write(fd, []byte(`hello`))
+type SockaddrRFCOMM struct {
+	// Addr represents a bluetooth address, byte ordering is little-endian.
+	Addr [6]uint8
+
+	// Channel is a designated bluetooth channel, only 1-30 are available for use.
+	// Since Linux 2.6.7 and further zero value is the first available channel.
+	Channel uint8
+
+	raw RawSockaddrRFCOMM
+}
+
+func (sa *SockaddrRFCOMM) sockaddr() (unsafe.Pointer, _Socklen, error) {
+	sa.raw.Family = AF_BLUETOOTH
+	sa.raw.Channel = sa.Channel
+	sa.raw.Bdaddr = sa.Addr
+	return unsafe.Pointer(&sa.raw), SizeofSockaddrRFCOMM, nil
+}
+
+// SockaddrCAN implements the Sockaddr interface for AF_CAN type sockets.
+// The RxID and TxID fields are used for transport protocol addressing in
+// (CAN_TP16, CAN_TP20, CAN_MCNET, and CAN_ISOTP), they can be left with
+// zero values for CAN_RAW and CAN_BCM sockets as they have no meaning.
+//
+// The SockaddrCAN struct must be bound to the socket file descriptor
+// using Bind before the CAN socket can be used.
+//
+//      // Read one raw CAN frame
+//      fd, _ := Socket(AF_CAN, SOCK_RAW, CAN_RAW)
+//      addr := &SockaddrCAN{Ifindex: index}
+//      Bind(fd, addr)
+//      frame := make([]byte, 16)
+//      Read(fd, frame)
+//
+// The full SocketCAN documentation can be found in the linux kernel
+// archives at: https://www.kernel.org/doc/Documentation/networking/can.txt
+type SockaddrCAN struct {
+	Ifindex int
+	RxID    uint32
+	TxID    uint32
+	raw     RawSockaddrCAN
+}
+
+func (sa *SockaddrCAN) sockaddr() (unsafe.Pointer, _Socklen, error) {
+	if sa.Ifindex < 0 || sa.Ifindex > 0x7fffffff {
+		return nil, 0, EINVAL
+	}
+	sa.raw.Family = AF_CAN
+	sa.raw.Ifindex = int32(sa.Ifindex)
+	rx := (*[4]byte)(unsafe.Pointer(&sa.RxID))
+	for i := 0; i < 4; i++ {
+		sa.raw.Addr[i] = rx[i]
+	}
+	tx := (*[4]byte)(unsafe.Pointer(&sa.TxID))
+	for i := 0; i < 4; i++ {
+		sa.raw.Addr[i+4] = tx[i]
+	}
+	return unsafe.Pointer(&sa.raw), SizeofSockaddrCAN, nil
+}
+
+// SockaddrALG implements the Sockaddr interface for AF_ALG type sockets.
+// SockaddrALG enables userspace access to the Linux kernel's cryptography
+// subsystem. The Type and Name fields specify which type of hash or cipher
+// should be used with a given socket.
+//
+// To create a file descriptor that provides access to a hash or cipher, both
+// Bind and Accept must be used. Once the setup process is complete, input
+// data can be written to the socket, processed by the kernel, and then read
+// back as hash output or ciphertext.
+//
+// Here is an example of using an AF_ALG socket with SHA1 hashing.
+// The initial socket setup process is as follows:
+//
+//      // Open a socket to perform SHA1 hashing.
+//      fd, _ := unix.Socket(unix.AF_ALG, unix.SOCK_SEQPACKET, 0)
+//      addr := &unix.SockaddrALG{Type: "hash", Name: "sha1"}
+//      unix.Bind(fd, addr)
+//      // Note: unix.Accept does not work at this time; must invoke accept()
+//      // manually using unix.Syscall.
+//      hashfd, _, _ := unix.Syscall(unix.SYS_ACCEPT, uintptr(fd), 0, 0)
+//
+// Once a file descriptor has been returned from Accept, it may be used to
+// perform SHA1 hashing. The descriptor is not safe for concurrent use, but
+// may be re-used repeatedly with subsequent Write and Read operations.
+//
+// When hashing a small byte slice or string, a single Write and Read may
+// be used:
+//
+//      // Assume hashfd is already configured using the setup process.
+//      hash := os.NewFile(hashfd, "sha1")
+//      // Hash an input string and read the results. Each Write discards
+//      // previous hash state. Read always reads the current state.
+//      b := make([]byte, 20)
+//      for i := 0; i < 2; i++ {
+//          io.WriteString(hash, "Hello, world.")
+//          hash.Read(b)
+//          fmt.Println(hex.EncodeToString(b))
+//      }
+//      // Output:
+//      // 2ae01472317d1935a84797ec1983ae243fc6aa28
+//      // 2ae01472317d1935a84797ec1983ae243fc6aa28
+//
+// For hashing larger byte slices, or byte streams such as those read from
+// a file or socket, use Sendto with MSG_MORE to instruct the kernel to update
+// the hash digest instead of creating a new one for a given chunk and finalizing it.
+//
+//      // Assume hashfd and addr are already configured using the setup process.
+//      hash := os.NewFile(hashfd, "sha1")
+//      // Hash the contents of a file.
+//      f, _ := os.Open("/tmp/linux-4.10-rc7.tar.xz")
+//      b := make([]byte, 4096)
+//      for {
+//          n, err := f.Read(b)
+//          if err == io.EOF {
+//              break
+//          }
+//          unix.Sendto(hashfd, b[:n], unix.MSG_MORE, addr)
+//      }
+//      hash.Read(b)
+//      fmt.Println(hex.EncodeToString(b))
+//      // Output: 85cdcad0c06eef66f805ecce353bec9accbeecc5
+//
+// For more information, see: http://www.chronox.de/crypto-API/crypto/userspace-if.html.
+type SockaddrALG struct {
+	Type    string
+	Name    string
+	Feature uint32
+	Mask    uint32
+	raw     RawSockaddrALG
+}
+
+func (sa *SockaddrALG) sockaddr() (unsafe.Pointer, _Socklen, error) {
+	// Leave room for NUL byte terminator.
+	if len(sa.Type) > 13 {
+		return nil, 0, EINVAL
+	}
+	if len(sa.Name) > 63 {
+		return nil, 0, EINVAL
+	}
+
+	sa.raw.Family = AF_ALG
+	sa.raw.Feat = sa.Feature
+	sa.raw.Mask = sa.Mask
+
+	typ, err := ByteSliceFromString(sa.Type)
+	if err != nil {
+		return nil, 0, err
+	}
+	name, err := ByteSliceFromString(sa.Name)
+	if err != nil {
+		return nil, 0, err
+	}
+
+	copy(sa.raw.Type[:], typ)
+	copy(sa.raw.Name[:], name)
+
+	return unsafe.Pointer(&sa.raw), SizeofSockaddrALG, nil
+}
+
+// SockaddrVM implements the Sockaddr interface for AF_VSOCK type sockets.
+// SockaddrVM provides access to Linux VM sockets: a mechanism that enables
+// bidirectional communication between a hypervisor and its guest virtual
+// machines.
+type SockaddrVM struct {
+	// CID and Port specify a context ID and port address for a VM socket.
+	// Guests have a unique CID, and hosts may have a well-known CID of:
+	//  - VMADDR_CID_HYPERVISOR: refers to the hypervisor process.
+	//  - VMADDR_CID_HOST: refers to other processes on the host.
+	CID  uint32
+	Port uint32
+	raw  RawSockaddrVM
+}
+
+func (sa *SockaddrVM) sockaddr() (unsafe.Pointer, _Socklen, error) {
+	sa.raw.Family = AF_VSOCK
+	sa.raw.Port = sa.Port
+	sa.raw.Cid = sa.CID
+
+	return unsafe.Pointer(&sa.raw), SizeofSockaddrVM, nil
+}
+
+type SockaddrXDP struct {
+	Flags        uint16
+	Ifindex      uint32
+	QueueID      uint32
+	SharedUmemFD uint32
+	raw          RawSockaddrXDP
+}
+
+func (sa *SockaddrXDP) sockaddr() (unsafe.Pointer, _Socklen, error) {
+	sa.raw.Family = AF_XDP
+	sa.raw.Flags = sa.Flags
+	sa.raw.Ifindex = sa.Ifindex
+	sa.raw.Queue_id = sa.QueueID
+	sa.raw.Shared_umem_fd = sa.SharedUmemFD
+
+	return unsafe.Pointer(&sa.raw), SizeofSockaddrXDP, nil
+}
+
+// This constant mirrors the #define of PX_PROTO_OE in
+// linux/if_pppox.h. We're defining this by hand here instead of
+// autogenerating through mkerrors.sh because including
+// linux/if_pppox.h causes some declaration conflicts with other
+// includes (linux/if_pppox.h includes linux/in.h, which conflicts
+// with netinet/in.h). Given that we only need a single zero constant
+// out of that file, it's cleaner to just define it by hand here.
+const px_proto_oe = 0
+
+type SockaddrPPPoE struct {
+	SID    uint16
+	Remote []byte
+	Dev    string
+	raw    RawSockaddrPPPoX
+}
+
+func (sa *SockaddrPPPoE) sockaddr() (unsafe.Pointer, _Socklen, error) {
+	if len(sa.Remote) != 6 {
+		return nil, 0, EINVAL
+	}
+	if len(sa.Dev) > IFNAMSIZ-1 {
+		return nil, 0, EINVAL
+	}
+
+	*(*uint16)(unsafe.Pointer(&sa.raw[0])) = AF_PPPOX
+	// This next field is in host-endian byte order. We can't use the
+	// same unsafe pointer cast as above, because this value is not
+	// 32-bit aligned and some architectures don't allow unaligned
+	// access.
+	//
+	// However, the value of px_proto_oe is 0, so we can use
+	// encoding/binary helpers to write the bytes without worrying
+	// about the ordering.
+	binary.BigEndian.PutUint32(sa.raw[2:6], px_proto_oe)
+	// This field is deliberately big-endian, unlike the previous
+	// one. The kernel expects SID to be in network byte order.
+	binary.BigEndian.PutUint16(sa.raw[6:8], sa.SID)
+	copy(sa.raw[8:14], sa.Remote)
+	for i := 14; i < 14+IFNAMSIZ; i++ {
+		sa.raw[i] = 0
+	}
+	copy(sa.raw[14:], sa.Dev)
+	return unsafe.Pointer(&sa.raw), SizeofSockaddrPPPoX, nil
+}
+
+// SockaddrTIPC implements the Sockaddr interface for AF_TIPC type sockets.
+// For more information on TIPC, see: http://tipc.sourceforge.net/.
+type SockaddrTIPC struct {
+	// Scope is the publication scopes when binding service/service range.
+	// Should be set to TIPC_CLUSTER_SCOPE or TIPC_NODE_SCOPE.
+	Scope int
+
+	// Addr is the type of address used to manipulate a socket. Addr must be
+	// one of:
+	//  - *TIPCSocketAddr: "id" variant in the C addr union
+	//  - *TIPCServiceRange: "nameseq" variant in the C addr union
+	//  - *TIPCServiceName: "name" variant in the C addr union
+	//
+	// If nil, EINVAL will be returned when the structure is used.
+	Addr TIPCAddr
+
+	raw RawSockaddrTIPC
+}
+
+// TIPCAddr is implemented by types that can be used as an address for
+// SockaddrTIPC. It is only implemented by *TIPCSocketAddr, *TIPCServiceRange,
+// and *TIPCServiceName.
+type TIPCAddr interface {
+	tipcAddrtype() uint8
+	tipcAddr() [12]byte
+}
+
+func (sa *TIPCSocketAddr) tipcAddr() [12]byte {
+	var out [12]byte
+	copy(out[:], (*(*[unsafe.Sizeof(TIPCSocketAddr{})]byte)(unsafe.Pointer(sa)))[:])
+	return out
+}
+
+func (sa *TIPCSocketAddr) tipcAddrtype() uint8 { return TIPC_SOCKET_ADDR }
+
+func (sa *TIPCServiceRange) tipcAddr() [12]byte {
+	var out [12]byte
+	copy(out[:], (*(*[unsafe.Sizeof(TIPCServiceRange{})]byte)(unsafe.Pointer(sa)))[:])
+	return out
+}
+
+func (sa *TIPCServiceRange) tipcAddrtype() uint8 { return TIPC_SERVICE_RANGE }
+
+func (sa *TIPCServiceName) tipcAddr() [12]byte {
+	var out [12]byte
+	copy(out[:], (*(*[unsafe.Sizeof(TIPCServiceName{})]byte)(unsafe.Pointer(sa)))[:])
+	return out
+}
+
+func (sa *TIPCServiceName) tipcAddrtype() uint8 { return TIPC_SERVICE_ADDR }
+
+func (sa *SockaddrTIPC) sockaddr() (unsafe.Pointer, _Socklen, error) {
+	if sa.Addr == nil {
+		return nil, 0, EINVAL
+	}
+
+	sa.raw.Family = AF_TIPC
+	sa.raw.Scope = int8(sa.Scope)
+	sa.raw.Addrtype = sa.Addr.tipcAddrtype()
+	sa.raw.Addr = sa.Addr.tipcAddr()
+
+	return unsafe.Pointer(&sa.raw), SizeofSockaddrTIPC, nil
+}
+
+// SockaddrL2TPIP implements the Sockaddr interface for IPPROTO_L2TP/AF_INET sockets.
+type SockaddrL2TPIP struct {
+	Addr   [4]byte
+	ConnId uint32
+	raw    RawSockaddrL2TPIP
+}
+
+func (sa *SockaddrL2TPIP) sockaddr() (unsafe.Pointer, _Socklen, error) {
+	sa.raw.Family = AF_INET
+	sa.raw.Conn_id = sa.ConnId
+	for i := 0; i < len(sa.Addr); i++ {
+		sa.raw.Addr[i] = sa.Addr[i]
+	}
+	return unsafe.Pointer(&sa.raw), SizeofSockaddrL2TPIP, nil
+}
+
+// SockaddrL2TPIP6 implements the Sockaddr interface for IPPROTO_L2TP/AF_INET6 sockets.
+type SockaddrL2TPIP6 struct {
+	Addr   [16]byte
+	ZoneId uint32
+	ConnId uint32
+	raw    RawSockaddrL2TPIP6
+}
+
+func (sa *SockaddrL2TPIP6) sockaddr() (unsafe.Pointer, _Socklen, error) {
+	sa.raw.Family = AF_INET6
+	sa.raw.Conn_id = sa.ConnId
+	sa.raw.Scope_id = sa.ZoneId
+	for i := 0; i < len(sa.Addr); i++ {
+		sa.raw.Addr[i] = sa.Addr[i]
+	}
+	return unsafe.Pointer(&sa.raw), SizeofSockaddrL2TPIP6, nil
+}
+
+// SockaddrIUCV implements the Sockaddr interface for AF_IUCV sockets.
+type SockaddrIUCV struct {
+	UserID string
+	Name   string
+	raw    RawSockaddrIUCV
+}
+
+func (sa *SockaddrIUCV) sockaddr() (unsafe.Pointer, _Socklen, error) {
+	sa.raw.Family = AF_IUCV
+	// These are EBCDIC encoded by the kernel, but we still need to pad them
+	// with blanks. Initializing with blanks allows the caller to feed in either
+	// a padded or an unpadded string.
+	for i := 0; i < 8; i++ {
+		sa.raw.Nodeid[i] = ' '
+		sa.raw.User_id[i] = ' '
+		sa.raw.Name[i] = ' '
+	}
+	if len(sa.UserID) > 8 || len(sa.Name) > 8 {
+		return nil, 0, EINVAL
+	}
+	for i, b := range []byte(sa.UserID[:]) {
+		sa.raw.User_id[i] = int8(b)
+	}
+	for i, b := range []byte(sa.Name[:]) {
+		sa.raw.Name[i] = int8(b)
+	}
+	return unsafe.Pointer(&sa.raw), SizeofSockaddrIUCV, nil
+}
+
+func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) {
+	switch rsa.Addr.Family {
+	case AF_NETLINK:
+		pp := (*RawSockaddrNetlink)(unsafe.Pointer(rsa))
+		sa := new(SockaddrNetlink)
+		sa.Family = pp.Family
+		sa.Pad = pp.Pad
+		sa.Pid = pp.Pid
+		sa.Groups = pp.Groups
+		return sa, nil
+
+	case AF_PACKET:
+		pp := (*RawSockaddrLinklayer)(unsafe.Pointer(rsa))
+		sa := new(SockaddrLinklayer)
+		sa.Protocol = pp.Protocol
+		sa.Ifindex = int(pp.Ifindex)
+		sa.Hatype = pp.Hatype
+		sa.Pkttype = pp.Pkttype
+		sa.Halen = pp.Halen
+		for i := 0; i < len(sa.Addr); i++ {
+			sa.Addr[i] = pp.Addr[i]
+		}
+		return sa, nil
+
+	case AF_UNIX:
+		pp := (*RawSockaddrUnix)(unsafe.Pointer(rsa))
+		sa := new(SockaddrUnix)
+		if pp.Path[0] == 0 {
+			// "Abstract" Unix domain socket.
+			// Rewrite leading NUL as @ for textual display.
+			// (This is the standard convention.)
+			// Not friendly to overwrite in place,
+			// but the callers below don't care.
+			pp.Path[0] = '@'
+		}
+
+		// Assume path ends at NUL.
+		// This is not technically the Linux semantics for
+		// abstract Unix domain sockets--they are supposed
+		// to be uninterpreted fixed-size binary blobs--but
+		// everyone uses this convention.
+		n := 0
+		for n < len(pp.Path) && pp.Path[n] != 0 {
+			n++
+		}
+		bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n]
+		sa.Name = string(bytes)
+		return sa, nil
+
+	case AF_INET:
+		proto, err := GetsockoptInt(fd, SOL_SOCKET, SO_PROTOCOL)
+		if err != nil {
+			return nil, err
+		}
+
+		switch proto {
+		case IPPROTO_L2TP:
+			pp := (*RawSockaddrL2TPIP)(unsafe.Pointer(rsa))
+			sa := new(SockaddrL2TPIP)
+			sa.ConnId = pp.Conn_id
+			for i := 0; i < len(sa.Addr); i++ {
+				sa.Addr[i] = pp.Addr[i]
+			}
+			return sa, nil
+		default:
+			pp := (*RawSockaddrInet4)(unsafe.Pointer(rsa))
+			sa := new(SockaddrInet4)
+			p := (*[2]byte)(unsafe.Pointer(&pp.Port))
+			sa.Port = int(p[0])<<8 + int(p[1])
+			for i := 0; i < len(sa.Addr); i++ {
+				sa.Addr[i] = pp.Addr[i]
+			}
+			return sa, nil
+		}
+
+	case AF_INET6:
+		proto, err := GetsockoptInt(fd, SOL_SOCKET, SO_PROTOCOL)
+		if err != nil {
+			return nil, err
+		}
+
+		switch proto {
+		case IPPROTO_L2TP:
+			pp := (*RawSockaddrL2TPIP6)(unsafe.Pointer(rsa))
+			sa := new(SockaddrL2TPIP6)
+			sa.ConnId = pp.Conn_id
+			sa.ZoneId = pp.Scope_id
+			for i := 0; i < len(sa.Addr); i++ {
+				sa.Addr[i] = pp.Addr[i]
+			}
+			return sa, nil
+		default:
+			pp := (*RawSockaddrInet6)(unsafe.Pointer(rsa))
+			sa := new(SockaddrInet6)
+			p := (*[2]byte)(unsafe.Pointer(&pp.Port))
+			sa.Port = int(p[0])<<8 + int(p[1])
+			sa.ZoneId = pp.Scope_id
+			for i := 0; i < len(sa.Addr); i++ {
+				sa.Addr[i] = pp.Addr[i]
+			}
+			return sa, nil
+		}
+
+	case AF_VSOCK:
+		pp := (*RawSockaddrVM)(unsafe.Pointer(rsa))
+		sa := &SockaddrVM{
+			CID:  pp.Cid,
+			Port: pp.Port,
+		}
+		return sa, nil
+	case AF_BLUETOOTH:
+		proto, err := GetsockoptInt(fd, SOL_SOCKET, SO_PROTOCOL)
+		if err != nil {
+			return nil, err
+		}
+		// only BTPROTO_L2CAP and BTPROTO_RFCOMM can accept connections
+		switch proto {
+		case BTPROTO_L2CAP:
+			pp := (*RawSockaddrL2)(unsafe.Pointer(rsa))
+			sa := &SockaddrL2{
+				PSM:      pp.Psm,
+				CID:      pp.Cid,
+				Addr:     pp.Bdaddr,
+				AddrType: pp.Bdaddr_type,
+			}
+			return sa, nil
+		case BTPROTO_RFCOMM:
+			pp := (*RawSockaddrRFCOMM)(unsafe.Pointer(rsa))
+			sa := &SockaddrRFCOMM{
+				Channel: pp.Channel,
+				Addr:    pp.Bdaddr,
+			}
+			return sa, nil
+		}
+	case AF_XDP:
+		pp := (*RawSockaddrXDP)(unsafe.Pointer(rsa))
+		sa := &SockaddrXDP{
+			Flags:        pp.Flags,
+			Ifindex:      pp.Ifindex,
+			QueueID:      pp.Queue_id,
+			SharedUmemFD: pp.Shared_umem_fd,
+		}
+		return sa, nil
+	case AF_PPPOX:
+		pp := (*RawSockaddrPPPoX)(unsafe.Pointer(rsa))
+		if binary.BigEndian.Uint32(pp[2:6]) != px_proto_oe {
+			return nil, EINVAL
+		}
+		sa := &SockaddrPPPoE{
+			SID:    binary.BigEndian.Uint16(pp[6:8]),
+			Remote: pp[8:14],
+		}
+		for i := 14; i < 14+IFNAMSIZ; i++ {
+			if pp[i] == 0 {
+				sa.Dev = string(pp[14:i])
+				break
+			}
+		}
+		return sa, nil
+	case AF_TIPC:
+		pp := (*RawSockaddrTIPC)(unsafe.Pointer(rsa))
+
+		sa := &SockaddrTIPC{
+			Scope: int(pp.Scope),
+		}
+
+		// Determine which union variant is present in pp.Addr by checking
+		// pp.Addrtype.
+		switch pp.Addrtype {
+		case TIPC_SERVICE_RANGE:
+			sa.Addr = (*TIPCServiceRange)(unsafe.Pointer(&pp.Addr))
+		case TIPC_SERVICE_ADDR:
+			sa.Addr = (*TIPCServiceName)(unsafe.Pointer(&pp.Addr))
+		case TIPC_SOCKET_ADDR:
+			sa.Addr = (*TIPCSocketAddr)(unsafe.Pointer(&pp.Addr))
+		default:
+			return nil, EINVAL
+		}
+
+		return sa, nil
+	case AF_IUCV:
+		pp := (*RawSockaddrIUCV)(unsafe.Pointer(rsa))
+
+		var user [8]byte
+		var name [8]byte
+
+		for i := 0; i < 8; i++ {
+			user[i] = byte(pp.User_id[i])
+			name[i] = byte(pp.Name[i])
+		}
+
+		sa := &SockaddrIUCV{
+			UserID: string(user[:]),
+			Name:   string(name[:]),
+		}
+		return sa, nil
+
+	case AF_CAN:
+		pp := (*RawSockaddrCAN)(unsafe.Pointer(rsa))
+		sa := &SockaddrCAN{
+			Ifindex: int(pp.Ifindex),
+		}
+		rx := (*[4]byte)(unsafe.Pointer(&sa.RxID))
+		for i := 0; i < 4; i++ {
+			rx[i] = pp.Addr[i]
+		}
+		tx := (*[4]byte)(unsafe.Pointer(&sa.TxID))
+		for i := 0; i < 4; i++ {
+			tx[i] = pp.Addr[i+4]
+		}
+		return sa, nil
+
+	}
+	return nil, EAFNOSUPPORT
+}
+
+func Accept(fd int) (nfd int, sa Sockaddr, err error) {
+	var rsa RawSockaddrAny
+	var len _Socklen = SizeofSockaddrAny
+	nfd, err = accept(fd, &rsa, &len)
+	if err != nil {
+		return
+	}
+	sa, err = anyToSockaddr(fd, &rsa)
+	if err != nil {
+		Close(nfd)
+		nfd = 0
+	}
+	return
+}
+
+func Accept4(fd int, flags int) (nfd int, sa Sockaddr, err error) {
+	var rsa RawSockaddrAny
+	var len _Socklen = SizeofSockaddrAny
+	nfd, err = accept4(fd, &rsa, &len, flags)
+	if err != nil {
+		return
+	}
+	if len > SizeofSockaddrAny {
+		panic("RawSockaddrAny too small")
+	}
+	sa, err = anyToSockaddr(fd, &rsa)
+	if err != nil {
+		Close(nfd)
+		nfd = 0
+	}
+	return
+}
+
+func Getsockname(fd int) (sa Sockaddr, err error) {
+	var rsa RawSockaddrAny
+	var len _Socklen = SizeofSockaddrAny
+	if err = getsockname(fd, &rsa, &len); err != nil {
+		return
+	}
+	return anyToSockaddr(fd, &rsa)
+}
+
+func GetsockoptIPMreqn(fd, level, opt int) (*IPMreqn, error) {
+	var value IPMreqn
+	vallen := _Socklen(SizeofIPMreqn)
+	err := getsockopt(fd, level, opt, unsafe.Pointer(&value), &vallen)
+	return &value, err
+}
+
+func GetsockoptUcred(fd, level, opt int) (*Ucred, error) {
+	var value Ucred
+	vallen := _Socklen(SizeofUcred)
+	err := getsockopt(fd, level, opt, unsafe.Pointer(&value), &vallen)
+	return &value, err
+}
+
+func GetsockoptTCPInfo(fd, level, opt int) (*TCPInfo, error) {
+	var value TCPInfo
+	vallen := _Socklen(SizeofTCPInfo)
+	err := getsockopt(fd, level, opt, unsafe.Pointer(&value), &vallen)
+	return &value, err
+}
+
+// GetsockoptString returns the string value of the socket option opt for the
+// socket associated with fd at the given socket level.
+func GetsockoptString(fd, level, opt int) (string, error) {
+	buf := make([]byte, 256)
+	vallen := _Socklen(len(buf))
+	err := getsockopt(fd, level, opt, unsafe.Pointer(&buf[0]), &vallen)
+	if err != nil {
+		if err == ERANGE {
+			buf = make([]byte, vallen)
+			err = getsockopt(fd, level, opt, unsafe.Pointer(&buf[0]), &vallen)
+		}
+		if err != nil {
+			return "", err
+		}
+	}
+	return string(buf[:vallen-1]), nil
+}
+
+func GetsockoptTpacketStats(fd, level, opt int) (*TpacketStats, error) {
+	var value TpacketStats
+	vallen := _Socklen(SizeofTpacketStats)
+	err := getsockopt(fd, level, opt, unsafe.Pointer(&value), &vallen)
+	return &value, err
+}
+
+func GetsockoptTpacketStatsV3(fd, level, opt int) (*TpacketStatsV3, error) {
+	var value TpacketStatsV3
+	vallen := _Socklen(SizeofTpacketStatsV3)
+	err := getsockopt(fd, level, opt, unsafe.Pointer(&value), &vallen)
+	return &value, err
+}
+
+func SetsockoptIPMreqn(fd, level, opt int, mreq *IPMreqn) (err error) {
+	return setsockopt(fd, level, opt, unsafe.Pointer(mreq), unsafe.Sizeof(*mreq))
+}
+
+func SetsockoptPacketMreq(fd, level, opt int, mreq *PacketMreq) error {
+	return setsockopt(fd, level, opt, unsafe.Pointer(mreq), unsafe.Sizeof(*mreq))
+}
+
+// SetsockoptSockFprog attaches a classic BPF or an extended BPF program to a
+// socket to filter incoming packets.  See 'man 7 socket' for usage information.
+func SetsockoptSockFprog(fd, level, opt int, fprog *SockFprog) error {
+	return setsockopt(fd, level, opt, unsafe.Pointer(fprog), unsafe.Sizeof(*fprog))
+}
+
+func SetsockoptCanRawFilter(fd, level, opt int, filter []CanFilter) error {
+	var p unsafe.Pointer
+	if len(filter) > 0 {
+		p = unsafe.Pointer(&filter[0])
+	}
+	return setsockopt(fd, level, opt, p, uintptr(len(filter)*SizeofCanFilter))
+}
+
+func SetsockoptTpacketReq(fd, level, opt int, tp *TpacketReq) error {
+	return setsockopt(fd, level, opt, unsafe.Pointer(tp), unsafe.Sizeof(*tp))
+}
+
+func SetsockoptTpacketReq3(fd, level, opt int, tp *TpacketReq3) error {
+	return setsockopt(fd, level, opt, unsafe.Pointer(tp), unsafe.Sizeof(*tp))
+}
+
+// Keyctl Commands (http://man7.org/linux/man-pages/man2/keyctl.2.html)
+
+// KeyctlInt calls keyctl commands in which each argument is an int.
+// These commands are KEYCTL_REVOKE, KEYCTL_CHOWN, KEYCTL_CLEAR, KEYCTL_LINK,
+// KEYCTL_UNLINK, KEYCTL_NEGATE, KEYCTL_SET_REQKEY_KEYRING, KEYCTL_SET_TIMEOUT,
+// KEYCTL_ASSUME_AUTHORITY, KEYCTL_SESSION_TO_PARENT, KEYCTL_REJECT,
+// KEYCTL_INVALIDATE, and KEYCTL_GET_PERSISTENT.
+//sys	KeyctlInt(cmd int, arg2 int, arg3 int, arg4 int, arg5 int) (ret int, err error) = SYS_KEYCTL
+
+// KeyctlBuffer calls keyctl commands in which the third and fourth
+// arguments are a buffer and its length, respectively.
+// These commands are KEYCTL_UPDATE, KEYCTL_READ, and KEYCTL_INSTANTIATE.
+//sys	KeyctlBuffer(cmd int, arg2 int, buf []byte, arg5 int) (ret int, err error) = SYS_KEYCTL
+
+// KeyctlString calls keyctl commands which return a string.
+// These commands are KEYCTL_DESCRIBE and KEYCTL_GET_SECURITY.
+func KeyctlString(cmd int, id int) (string, error) {
+	// We must loop as the string data may change in between the syscalls.
+	// We could allocate a large buffer here to reduce the chance that the
+	// syscall needs to be called twice; however, this is unnecessary as
+	// the performance loss is negligible.
+	var buffer []byte
+	for {
+		// Try to fill the buffer with data
+		length, err := KeyctlBuffer(cmd, id, buffer, 0)
+		if err != nil {
+			return "", err
+		}
+
+		// Check if the data was written
+		if length <= len(buffer) {
+			// Exclude the null terminator
+			return string(buffer[:length-1]), nil
+		}
+
+		// Make a bigger buffer if needed
+		buffer = make([]byte, length)
+	}
+}
+
+// Keyctl commands with special signatures.
+
+// KeyctlGetKeyringID implements the KEYCTL_GET_KEYRING_ID command.
+// See the full documentation at:
+// http://man7.org/linux/man-pages/man3/keyctl_get_keyring_ID.3.html
+func KeyctlGetKeyringID(id int, create bool) (ringid int, err error) {
+	createInt := 0
+	if create {
+		createInt = 1
+	}
+	return KeyctlInt(KEYCTL_GET_KEYRING_ID, id, createInt, 0, 0)
+}
+
+// KeyctlSetperm implements the KEYCTL_SETPERM command. The perm value is the
+// key handle permission mask as described in the "keyctl setperm" section of
+// http://man7.org/linux/man-pages/man1/keyctl.1.html.
+// See the full documentation at:
+// http://man7.org/linux/man-pages/man3/keyctl_setperm.3.html
+func KeyctlSetperm(id int, perm uint32) error {
+	_, err := KeyctlInt(KEYCTL_SETPERM, id, int(perm), 0, 0)
+	return err
+}
+
+//sys	keyctlJoin(cmd int, arg2 string) (ret int, err error) = SYS_KEYCTL
+
+// KeyctlJoinSessionKeyring implements the KEYCTL_JOIN_SESSION_KEYRING command.
+// See the full documentation at:
+// http://man7.org/linux/man-pages/man3/keyctl_join_session_keyring.3.html
+func KeyctlJoinSessionKeyring(name string) (ringid int, err error) {
+	return keyctlJoin(KEYCTL_JOIN_SESSION_KEYRING, name)
+}
+
+//sys	keyctlSearch(cmd int, arg2 int, arg3 string, arg4 string, arg5 int) (ret int, err error) = SYS_KEYCTL
+
+// KeyctlSearch implements the KEYCTL_SEARCH command.
+// See the full documentation at:
+// http://man7.org/linux/man-pages/man3/keyctl_search.3.html
+func KeyctlSearch(ringid int, keyType, description string, destRingid int) (id int, err error) {
+	return keyctlSearch(KEYCTL_SEARCH, ringid, keyType, description, destRingid)
+}
+
+//sys	keyctlIOV(cmd int, arg2 int, payload []Iovec, arg5 int) (err error) = SYS_KEYCTL
+
+// KeyctlInstantiateIOV implements the KEYCTL_INSTANTIATE_IOV command. This
+// command is similar to KEYCTL_INSTANTIATE, except that the payload is a slice
+// of Iovec (each of which represents a buffer) instead of a single buffer.
+// See the full documentation at:
+// http://man7.org/linux/man-pages/man3/keyctl_instantiate_iov.3.html
+func KeyctlInstantiateIOV(id int, payload []Iovec, ringid int) error {
+	return keyctlIOV(KEYCTL_INSTANTIATE_IOV, id, payload, ringid)
+}
+
+//sys	keyctlDH(cmd int, arg2 *KeyctlDHParams, buf []byte) (ret int, err error) = SYS_KEYCTL
+
+// KeyctlDHCompute implements the KEYCTL_DH_COMPUTE command. This command
+// computes a Diffie-Hellman shared secret based on the provide params. The
+// secret is written to the provided buffer and the returned size is the number
+// of bytes written (returning an error if there is insufficient space in the
+// buffer). If a nil buffer is passed in, this function returns the minimum
+// buffer length needed to store the appropriate data. Note that this differs
+// from KEYCTL_READ's behavior which always returns the requested payload size.
+// See the full documentation at:
+// http://man7.org/linux/man-pages/man3/keyctl_dh_compute.3.html
+func KeyctlDHCompute(params *KeyctlDHParams, buffer []byte) (size int, err error) {
+	return keyctlDH(KEYCTL_DH_COMPUTE, params, buffer)
+}
+
+// KeyctlRestrictKeyring implements the KEYCTL_RESTRICT_KEYRING command. This
+// command limits the set of keys that can be linked to the keyring, regardless
+// of keyring permissions. The command requires the "setattr" permission.
+//
+// When called with an empty keyType the command locks the keyring, preventing
+// any further keys from being linked to the keyring.
+//
+// The "asymmetric" keyType defines restrictions requiring key payloads to be
+// DER encoded X.509 certificates signed by keys in another keyring. Restrictions
+// for "asymmetric" include "builtin_trusted", "builtin_and_secondary_trusted",
+// "key_or_keyring:<key>", and "key_or_keyring:<key>:chain".
+//
+// As of Linux 4.12, only the "asymmetric" keyType defines type-specific
+// restrictions.
+//
+// See the full documentation at:
+// http://man7.org/linux/man-pages/man3/keyctl_restrict_keyring.3.html
+// http://man7.org/linux/man-pages/man2/keyctl.2.html
+func KeyctlRestrictKeyring(ringid int, keyType string, restriction string) error {
+	if keyType == "" {
+		return keyctlRestrictKeyring(KEYCTL_RESTRICT_KEYRING, ringid)
+	}
+	return keyctlRestrictKeyringByType(KEYCTL_RESTRICT_KEYRING, ringid, keyType, restriction)
+}
+
+//sys keyctlRestrictKeyringByType(cmd int, arg2 int, keyType string, restriction string) (err error) = SYS_KEYCTL
+//sys keyctlRestrictKeyring(cmd int, arg2 int) (err error) = SYS_KEYCTL
+
+func Recvmsg(fd int, p, oob []byte, flags int) (n, oobn int, recvflags int, from Sockaddr, err error) {
+	var msg Msghdr
+	var rsa RawSockaddrAny
+	msg.Name = (*byte)(unsafe.Pointer(&rsa))
+	msg.Namelen = uint32(SizeofSockaddrAny)
+	var iov Iovec
+	if len(p) > 0 {
+		iov.Base = &p[0]
+		iov.SetLen(len(p))
+	}
+	var dummy byte
+	if len(oob) > 0 {
+		if len(p) == 0 {
+			var sockType int
+			sockType, err = GetsockoptInt(fd, SOL_SOCKET, SO_TYPE)
+			if err != nil {
+				return
+			}
+			// receive at least one normal byte
+			if sockType != SOCK_DGRAM {
+				iov.Base = &dummy
+				iov.SetLen(1)
+			}
+		}
+		msg.Control = &oob[0]
+		msg.SetControllen(len(oob))
+	}
+	msg.Iov = &iov
+	msg.Iovlen = 1
+	if n, err = recvmsg(fd, &msg, flags); err != nil {
+		return
+	}
+	oobn = int(msg.Controllen)
+	recvflags = int(msg.Flags)
+	// source address is only specified if the socket is unconnected
+	if rsa.Addr.Family != AF_UNSPEC {
+		from, err = anyToSockaddr(fd, &rsa)
+	}
+	return
+}
+
+func Sendmsg(fd int, p, oob []byte, to Sockaddr, flags int) (err error) {
+	_, err = SendmsgN(fd, p, oob, to, flags)
+	return
+}
+
+func SendmsgN(fd int, p, oob []byte, to Sockaddr, flags int) (n int, err error) {
+	var ptr unsafe.Pointer
+	var salen _Socklen
+	if to != nil {
+		var err error
+		ptr, salen, err = to.sockaddr()
+		if err != nil {
+			return 0, err
+		}
+	}
+	var msg Msghdr
+	msg.Name = (*byte)(ptr)
+	msg.Namelen = uint32(salen)
+	var iov Iovec
+	if len(p) > 0 {
+		iov.Base = &p[0]
+		iov.SetLen(len(p))
+	}
+	var dummy byte
+	if len(oob) > 0 {
+		if len(p) == 0 {
+			var sockType int
+			sockType, err = GetsockoptInt(fd, SOL_SOCKET, SO_TYPE)
+			if err != nil {
+				return 0, err
+			}
+			// send at least one normal byte
+			if sockType != SOCK_DGRAM {
+				iov.Base = &dummy
+				iov.SetLen(1)
+			}
+		}
+		msg.Control = &oob[0]
+		msg.SetControllen(len(oob))
+	}
+	msg.Iov = &iov
+	msg.Iovlen = 1
+	if n, err = sendmsg(fd, &msg, flags); err != nil {
+		return 0, err
+	}
+	if len(oob) > 0 && len(p) == 0 {
+		n = 0
+	}
+	return n, nil
+}
+
+// BindToDevice binds the socket associated with fd to device.
+func BindToDevice(fd int, device string) (err error) {
+	return SetsockoptString(fd, SOL_SOCKET, SO_BINDTODEVICE, device)
+}
+
+//sys	ptrace(request int, pid int, addr uintptr, data uintptr) (err error)
+
+func ptracePeek(req int, pid int, addr uintptr, out []byte) (count int, err error) {
+	// The peek requests are machine-size oriented, so we wrap it
+	// to retrieve arbitrary-length data.
+
+	// The ptrace syscall differs from glibc's ptrace.
+	// Peeks returns the word in *data, not as the return value.
+
+	var buf [SizeofPtr]byte
+
+	// Leading edge. PEEKTEXT/PEEKDATA don't require aligned
+	// access (PEEKUSER warns that it might), but if we don't
+	// align our reads, we might straddle an unmapped page
+	// boundary and not get the bytes leading up to the page
+	// boundary.
+	n := 0
+	if addr%SizeofPtr != 0 {
+		err = ptrace(req, pid, addr-addr%SizeofPtr, uintptr(unsafe.Pointer(&buf[0])))
+		if err != nil {
+			return 0, err
+		}
+		n += copy(out, buf[addr%SizeofPtr:])
+		out = out[n:]
+	}
+
+	// Remainder.
+	for len(out) > 0 {
+		// We use an internal buffer to guarantee alignment.
+		// It's not documented if this is necessary, but we're paranoid.
+		err = ptrace(req, pid, addr+uintptr(n), uintptr(unsafe.Pointer(&buf[0])))
+		if err != nil {
+			return n, err
+		}
+		copied := copy(out, buf[0:])
+		n += copied
+		out = out[copied:]
+	}
+
+	return n, nil
+}
+
+func PtracePeekText(pid int, addr uintptr, out []byte) (count int, err error) {
+	return ptracePeek(PTRACE_PEEKTEXT, pid, addr, out)
+}
+
+func PtracePeekData(pid int, addr uintptr, out []byte) (count int, err error) {
+	return ptracePeek(PTRACE_PEEKDATA, pid, addr, out)
+}
+
+func PtracePeekUser(pid int, addr uintptr, out []byte) (count int, err error) {
+	return ptracePeek(PTRACE_PEEKUSR, pid, addr, out)
+}
+
+func ptracePoke(pokeReq int, peekReq int, pid int, addr uintptr, data []byte) (count int, err error) {
+	// As for ptracePeek, we need to align our accesses to deal
+	// with the possibility of straddling an invalid page.
+
+	// Leading edge.
+	n := 0
+	if addr%SizeofPtr != 0 {
+		var buf [SizeofPtr]byte
+		err = ptrace(peekReq, pid, addr-addr%SizeofPtr, uintptr(unsafe.Pointer(&buf[0])))
+		if err != nil {
+			return 0, err
+		}
+		n += copy(buf[addr%SizeofPtr:], data)
+		word := *((*uintptr)(unsafe.Pointer(&buf[0])))
+		err = ptrace(pokeReq, pid, addr-addr%SizeofPtr, word)
+		if err != nil {
+			return 0, err
+		}
+		data = data[n:]
+	}
+
+	// Interior.
+	for len(data) > SizeofPtr {
+		word := *((*uintptr)(unsafe.Pointer(&data[0])))
+		err = ptrace(pokeReq, pid, addr+uintptr(n), word)
+		if err != nil {
+			return n, err
+		}
+		n += SizeofPtr
+		data = data[SizeofPtr:]
+	}
+
+	// Trailing edge.
+	if len(data) > 0 {
+		var buf [SizeofPtr]byte
+		err = ptrace(peekReq, pid, addr+uintptr(n), uintptr(unsafe.Pointer(&buf[0])))
+		if err != nil {
+			return n, err
+		}
+		copy(buf[0:], data)
+		word := *((*uintptr)(unsafe.Pointer(&buf[0])))
+		err = ptrace(pokeReq, pid, addr+uintptr(n), word)
+		if err != nil {
+			return n, err
+		}
+		n += len(data)
+	}
+
+	return n, nil
+}
+
+func PtracePokeText(pid int, addr uintptr, data []byte) (count int, err error) {
+	return ptracePoke(PTRACE_POKETEXT, PTRACE_PEEKTEXT, pid, addr, data)
+}
+
+func PtracePokeData(pid int, addr uintptr, data []byte) (count int, err error) {
+	return ptracePoke(PTRACE_POKEDATA, PTRACE_PEEKDATA, pid, addr, data)
+}
+
+func PtracePokeUser(pid int, addr uintptr, data []byte) (count int, err error) {
+	return ptracePoke(PTRACE_POKEUSR, PTRACE_PEEKUSR, pid, addr, data)
+}
+
+func PtraceGetRegs(pid int, regsout *PtraceRegs) (err error) {
+	return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout)))
+}
+
+func PtraceSetRegs(pid int, regs *PtraceRegs) (err error) {
+	return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs)))
+}
+
+func PtraceSetOptions(pid int, options int) (err error) {
+	return ptrace(PTRACE_SETOPTIONS, pid, 0, uintptr(options))
+}
+
+func PtraceGetEventMsg(pid int) (msg uint, err error) {
+	var data _C_long
+	err = ptrace(PTRACE_GETEVENTMSG, pid, 0, uintptr(unsafe.Pointer(&data)))
+	msg = uint(data)
+	return
+}
+
+func PtraceCont(pid int, signal int) (err error) {
+	return ptrace(PTRACE_CONT, pid, 0, uintptr(signal))
+}
+
+func PtraceSyscall(pid int, signal int) (err error) {
+	return ptrace(PTRACE_SYSCALL, pid, 0, uintptr(signal))
+}
+
+func PtraceSingleStep(pid int) (err error) { return ptrace(PTRACE_SINGLESTEP, pid, 0, 0) }
+
+func PtraceInterrupt(pid int) (err error) { return ptrace(PTRACE_INTERRUPT, pid, 0, 0) }
+
+func PtraceAttach(pid int) (err error) { return ptrace(PTRACE_ATTACH, pid, 0, 0) }
+
+func PtraceSeize(pid int) (err error) { return ptrace(PTRACE_SEIZE, pid, 0, 0) }
+
+func PtraceDetach(pid int) (err error) { return ptrace(PTRACE_DETACH, pid, 0, 0) }
+
+//sys	reboot(magic1 uint, magic2 uint, cmd int, arg string) (err error)
+
+func Reboot(cmd int) (err error) {
+	return reboot(LINUX_REBOOT_MAGIC1, LINUX_REBOOT_MAGIC2, cmd, "")
+}
+
+func direntIno(buf []byte) (uint64, bool) {
+	return readInt(buf, unsafe.Offsetof(Dirent{}.Ino), unsafe.Sizeof(Dirent{}.Ino))
+}
+
+func direntReclen(buf []byte) (uint64, bool) {
+	return readInt(buf, unsafe.Offsetof(Dirent{}.Reclen), unsafe.Sizeof(Dirent{}.Reclen))
+}
+
+func direntNamlen(buf []byte) (uint64, bool) {
+	reclen, ok := direntReclen(buf)
+	if !ok {
+		return 0, false
+	}
+	return reclen - uint64(unsafe.Offsetof(Dirent{}.Name)), true
+}
+
+//sys	mount(source string, target string, fstype string, flags uintptr, data *byte) (err error)
+
+func Mount(source string, target string, fstype string, flags uintptr, data string) (err error) {
+	// Certain file systems get rather angry and EINVAL if you give
+	// them an empty string of data, rather than NULL.
+	if data == "" {
+		return mount(source, target, fstype, flags, nil)
+	}
+	datap, err := BytePtrFromString(data)
+	if err != nil {
+		return err
+	}
+	return mount(source, target, fstype, flags, datap)
+}
+
+func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
+	if raceenabled {
+		raceReleaseMerge(unsafe.Pointer(&ioSync))
+	}
+	return sendfile(outfd, infd, offset, count)
+}
+
+// Sendto
+// Recvfrom
+// Socketpair
+
+/*
+ * Direct access
+ */
+//sys	Acct(path string) (err error)
+//sys	AddKey(keyType string, description string, payload []byte, ringid int) (id int, err error)
+//sys	Adjtimex(buf *Timex) (state int, err error)
+//sysnb	Capget(hdr *CapUserHeader, data *CapUserData) (err error)
+//sysnb	Capset(hdr *CapUserHeader, data *CapUserData) (err error)
+//sys	Chdir(path string) (err error)
+//sys	Chroot(path string) (err error)
+//sys	ClockGetres(clockid int32, res *Timespec) (err error)
+//sys	ClockGettime(clockid int32, time *Timespec) (err error)
+//sys	ClockNanosleep(clockid int32, flags int, request *Timespec, remain *Timespec) (err error)
+//sys	Close(fd int) (err error)
+//sys	CopyFileRange(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int, err error)
+//sys	DeleteModule(name string, flags int) (err error)
+//sys	Dup(oldfd int) (fd int, err error)
+
+func Dup2(oldfd, newfd int) error {
+	// Android O and newer blocks dup2; riscv and arm64 don't implement dup2.
+	if runtime.GOOS == "android" || runtime.GOARCH == "riscv64" || runtime.GOARCH == "arm64" {
+		return Dup3(oldfd, newfd, 0)
+	}
+	return dup2(oldfd, newfd)
+}
+
+//sys	Dup3(oldfd int, newfd int, flags int) (err error)
+//sysnb	EpollCreate1(flag int) (fd int, err error)
+//sysnb	EpollCtl(epfd int, op int, fd int, event *EpollEvent) (err error)
+//sys	Eventfd(initval uint, flags int) (fd int, err error) = SYS_EVENTFD2
+//sys	Exit(code int) = SYS_EXIT_GROUP
+//sys	Fallocate(fd int, mode uint32, off int64, len int64) (err error)
+//sys	Fchdir(fd int) (err error)
+//sys	Fchmod(fd int, mode uint32) (err error)
+//sys	Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error)
+//sys	Fdatasync(fd int) (err error)
+//sys	Fgetxattr(fd int, attr string, dest []byte) (sz int, err error)
+//sys	FinitModule(fd int, params string, flags int) (err error)
+//sys	Flistxattr(fd int, dest []byte) (sz int, err error)
+//sys	Flock(fd int, how int) (err error)
+//sys	Fremovexattr(fd int, attr string) (err error)
+//sys	Fsetxattr(fd int, attr string, dest []byte, flags int) (err error)
+//sys	Fsync(fd int) (err error)
+//sys	Getdents(fd int, buf []byte) (n int, err error) = SYS_GETDENTS64
+//sysnb	Getpgid(pid int) (pgid int, err error)
+
+func Getpgrp() (pid int) {
+	pid, _ = Getpgid(0)
+	return
+}
+
+//sysnb	Getpid() (pid int)
+//sysnb	Getppid() (ppid int)
+//sys	Getpriority(which int, who int) (prio int, err error)
+//sys	Getrandom(buf []byte, flags int) (n int, err error)
+//sysnb	Getrusage(who int, rusage *Rusage) (err error)
+//sysnb	Getsid(pid int) (sid int, err error)
+//sysnb	Gettid() (tid int)
+//sys	Getxattr(path string, attr string, dest []byte) (sz int, err error)
+//sys	InitModule(moduleImage []byte, params string) (err error)
+//sys	InotifyAddWatch(fd int, pathname string, mask uint32) (watchdesc int, err error)
+//sysnb	InotifyInit1(flags int) (fd int, err error)
+//sysnb	InotifyRmWatch(fd int, watchdesc uint32) (success int, err error)
+//sysnb	Kill(pid int, sig syscall.Signal) (err error)
+//sys	Klogctl(typ int, buf []byte) (n int, err error) = SYS_SYSLOG
+//sys	Lgetxattr(path string, attr string, dest []byte) (sz int, err error)
+//sys	Listxattr(path string, dest []byte) (sz int, err error)
+//sys	Llistxattr(path string, dest []byte) (sz int, err error)
+//sys	Lremovexattr(path string, attr string) (err error)
+//sys	Lsetxattr(path string, attr string, data []byte, flags int) (err error)
+//sys	MemfdCreate(name string, flags int) (fd int, err error)
+//sys	Mkdirat(dirfd int, path string, mode uint32) (err error)
+//sys	Mknodat(dirfd int, path string, mode uint32, dev int) (err error)
+//sys	Nanosleep(time *Timespec, leftover *Timespec) (err error)
+//sys	PerfEventOpen(attr *PerfEventAttr, pid int, cpu int, groupFd int, flags int) (fd int, err error)
+//sys	PivotRoot(newroot string, putold string) (err error) = SYS_PIVOT_ROOT
+//sysnb prlimit(pid int, resource int, newlimit *Rlimit, old *Rlimit) (err error) = SYS_PRLIMIT64
+//sys   Prctl(option int, arg2 uintptr, arg3 uintptr, arg4 uintptr, arg5 uintptr) (err error)
+//sys	Pselect(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timespec, sigmask *Sigset_t) (n int, err error) = SYS_PSELECT6
+//sys	read(fd int, p []byte) (n int, err error)
+//sys	Removexattr(path string, attr string) (err error)
+//sys	Renameat2(olddirfd int, oldpath string, newdirfd int, newpath string, flags uint) (err error)
+//sys	RequestKey(keyType string, description string, callback string, destRingid int) (id int, err error)
+//sys	Setdomainname(p []byte) (err error)
+//sys	Sethostname(p []byte) (err error)
+//sysnb	Setpgid(pid int, pgid int) (err error)
+//sysnb	Setsid() (pid int, err error)
+//sysnb	Settimeofday(tv *Timeval) (err error)
+//sys	Setns(fd int, nstype int) (err error)
+
+// PrctlRetInt performs a prctl operation specified by option and further
+// optional arguments arg2 through arg5 depending on option. It returns a
+// non-negative integer that is returned by the prctl syscall.
+func PrctlRetInt(option int, arg2 uintptr, arg3 uintptr, arg4 uintptr, arg5 uintptr) (int, error) {
+	ret, _, err := Syscall6(SYS_PRCTL, uintptr(option), uintptr(arg2), uintptr(arg3), uintptr(arg4), uintptr(arg5), 0)
+	if err != 0 {
+		return 0, err
+	}
+	return int(ret), nil
+}
+
+// issue 1435.
+// On linux Setuid and Setgid only affects the current thread, not the process.
+// This does not match what most callers expect so we must return an error
+// here rather than letting the caller think that the call succeeded.
+
+func Setuid(uid int) (err error) {
+	return EOPNOTSUPP
+}
+
+func Setgid(uid int) (err error) {
+	return EOPNOTSUPP
+}
+
+// SetfsgidRetGid sets fsgid for current thread and returns previous fsgid set.
+// setfsgid(2) will return a non-nil error only if its caller lacks CAP_SETUID capability.
+// If the call fails due to other reasons, current fsgid will be returned.
+func SetfsgidRetGid(gid int) (int, error) {
+	return setfsgid(gid)
+}
+
+// SetfsuidRetUid sets fsuid for current thread and returns previous fsuid set.
+// setfsgid(2) will return a non-nil error only if its caller lacks CAP_SETUID capability
+// If the call fails due to other reasons, current fsuid will be returned.
+func SetfsuidRetUid(uid int) (int, error) {
+	return setfsuid(uid)
+}
+
+func Setfsgid(gid int) error {
+	_, err := setfsgid(gid)
+	return err
+}
+
+func Setfsuid(uid int) error {
+	_, err := setfsuid(uid)
+	return err
+}
+
+func Signalfd(fd int, sigmask *Sigset_t, flags int) (newfd int, err error) {
+	return signalfd(fd, sigmask, _C__NSIG/8, flags)
+}
+
+//sys	Setpriority(which int, who int, prio int) (err error)
+//sys	Setxattr(path string, attr string, data []byte, flags int) (err error)
+//sys	signalfd(fd int, sigmask *Sigset_t, maskSize uintptr, flags int) (newfd int, err error) = SYS_SIGNALFD4
+//sys	Statx(dirfd int, path string, flags int, mask int, stat *Statx_t) (err error)
+//sys	Sync()
+//sys	Syncfs(fd int) (err error)
+//sysnb	Sysinfo(info *Sysinfo_t) (err error)
+//sys	Tee(rfd int, wfd int, len int, flags int) (n int64, err error)
+//sysnb TimerfdCreate(clockid int, flags int) (fd int, err error)
+//sysnb TimerfdGettime(fd int, currValue *ItimerSpec) (err error)
+//sysnb TimerfdSettime(fd int, flags int, newValue *ItimerSpec, oldValue *ItimerSpec) (err error)
+//sysnb	Tgkill(tgid int, tid int, sig syscall.Signal) (err error)
+//sysnb	Times(tms *Tms) (ticks uintptr, err error)
+//sysnb	Umask(mask int) (oldmask int)
+//sysnb	Uname(buf *Utsname) (err error)
+//sys	Unmount(target string, flags int) (err error) = SYS_UMOUNT2
+//sys	Unshare(flags int) (err error)
+//sys	write(fd int, p []byte) (n int, err error)
+//sys	exitThread(code int) (err error) = SYS_EXIT
+//sys	readlen(fd int, p *byte, np int) (n int, err error) = SYS_READ
+//sys	writelen(fd int, p *byte, np int) (n int, err error) = SYS_WRITE
+//sys	readv(fd int, iovs []Iovec) (n int, err error) = SYS_READV
+//sys	writev(fd int, iovs []Iovec) (n int, err error) = SYS_WRITEV
+//sys	preadv(fd int, iovs []Iovec, offs_l uintptr, offs_h uintptr) (n int, err error) = SYS_PREADV
+//sys	pwritev(fd int, iovs []Iovec, offs_l uintptr, offs_h uintptr) (n int, err error) = SYS_PWRITEV
+//sys	preadv2(fd int, iovs []Iovec, offs_l uintptr, offs_h uintptr, flags int) (n int, err error) = SYS_PREADV2
+//sys	pwritev2(fd int, iovs []Iovec, offs_l uintptr, offs_h uintptr, flags int) (n int, err error) = SYS_PWRITEV2
+
+func bytes2iovec(bs [][]byte) []Iovec {
+	iovecs := make([]Iovec, len(bs))
+	for i, b := range bs {
+		iovecs[i].SetLen(len(b))
+		if len(b) > 0 {
+			iovecs[i].Base = &b[0]
+		} else {
+			iovecs[i].Base = (*byte)(unsafe.Pointer(&_zero))
+		}
+	}
+	return iovecs
+}
+
+// offs2lohi splits offs into its lower and upper unsigned long. On 64-bit
+// systems, hi will always be 0. On 32-bit systems, offs will be split in half.
+// preadv/pwritev chose this calling convention so they don't need to add a
+// padding-register for alignment on ARM.
+func offs2lohi(offs int64) (lo, hi uintptr) {
+	return uintptr(offs), uintptr(uint64(offs) >> SizeofLong)
+}
+
+func Readv(fd int, iovs [][]byte) (n int, err error) {
+	iovecs := bytes2iovec(iovs)
+	n, err = readv(fd, iovecs)
+	readvRacedetect(iovecs, n, err)
+	return n, err
+}
+
+func Preadv(fd int, iovs [][]byte, offset int64) (n int, err error) {
+	iovecs := bytes2iovec(iovs)
+	lo, hi := offs2lohi(offset)
+	n, err = preadv(fd, iovecs, lo, hi)
+	readvRacedetect(iovecs, n, err)
+	return n, err
+}
+
+func Preadv2(fd int, iovs [][]byte, offset int64, flags int) (n int, err error) {
+	iovecs := bytes2iovec(iovs)
+	lo, hi := offs2lohi(offset)
+	n, err = preadv2(fd, iovecs, lo, hi, flags)
+	readvRacedetect(iovecs, n, err)
+	return n, err
+}
+
+func readvRacedetect(iovecs []Iovec, n int, err error) {
+	if !raceenabled {
+		return
+	}
+	for i := 0; n > 0 && i < len(iovecs); i++ {
+		m := int(iovecs[i].Len)
+		if m > n {
+			m = n
+		}
+		n -= m
+		if m > 0 {
+			raceWriteRange(unsafe.Pointer(iovecs[i].Base), m)
+		}
+	}
+	if err == nil {
+		raceAcquire(unsafe.Pointer(&ioSync))
+	}
+}
+
+func Writev(fd int, iovs [][]byte) (n int, err error) {
+	iovecs := bytes2iovec(iovs)
+	if raceenabled {
+		raceReleaseMerge(unsafe.Pointer(&ioSync))
+	}
+	n, err = writev(fd, iovecs)
+	writevRacedetect(iovecs, n)
+	return n, err
+}
+
+func Pwritev(fd int, iovs [][]byte, offset int64) (n int, err error) {
+	iovecs := bytes2iovec(iovs)
+	if raceenabled {
+		raceReleaseMerge(unsafe.Pointer(&ioSync))
+	}
+	lo, hi := offs2lohi(offset)
+	n, err = pwritev(fd, iovecs, lo, hi)
+	writevRacedetect(iovecs, n)
+	return n, err
+}
+
+func Pwritev2(fd int, iovs [][]byte, offset int64, flags int) (n int, err error) {
+	iovecs := bytes2iovec(iovs)
+	if raceenabled {
+		raceReleaseMerge(unsafe.Pointer(&ioSync))
+	}
+	lo, hi := offs2lohi(offset)
+	n, err = pwritev2(fd, iovecs, lo, hi, flags)
+	writevRacedetect(iovecs, n)
+	return n, err
+}
+
+func writevRacedetect(iovecs []Iovec, n int) {
+	if !raceenabled {
+		return
+	}
+	for i := 0; n > 0 && i < len(iovecs); i++ {
+		m := int(iovecs[i].Len)
+		if m > n {
+			m = n
+		}
+		n -= m
+		if m > 0 {
+			raceReadRange(unsafe.Pointer(iovecs[i].Base), m)
+		}
+	}
+}
+
+// mmap varies by architecture; see syscall_linux_*.go.
+//sys	munmap(addr uintptr, length uintptr) (err error)
+
+var mapper = &mmapper{
+	active: make(map[*byte][]byte),
+	mmap:   mmap,
+	munmap: munmap,
+}
+
+func Mmap(fd int, offset int64, length int, prot int, flags int) (data []byte, err error) {
+	return mapper.Mmap(fd, offset, length, prot, flags)
+}
+
+func Munmap(b []byte) (err error) {
+	return mapper.Munmap(b)
+}
+
+//sys	Madvise(b []byte, advice int) (err error)
+//sys	Mprotect(b []byte, prot int) (err error)
+//sys	Mlock(b []byte) (err error)
+//sys	Mlockall(flags int) (err error)
+//sys	Msync(b []byte, flags int) (err error)
+//sys	Munlock(b []byte) (err error)
+//sys	Munlockall() (err error)
+
+// Vmsplice splices user pages from a slice of Iovecs into a pipe specified by fd,
+// using the specified flags.
+func Vmsplice(fd int, iovs []Iovec, flags int) (int, error) {
+	var p unsafe.Pointer
+	if len(iovs) > 0 {
+		p = unsafe.Pointer(&iovs[0])
+	}
+
+	n, _, errno := Syscall6(SYS_VMSPLICE, uintptr(fd), uintptr(p), uintptr(len(iovs)), uintptr(flags), 0, 0)
+	if errno != 0 {
+		return 0, syscall.Errno(errno)
+	}
+
+	return int(n), nil
+}
+
+func isGroupMember(gid int) bool {
+	groups, err := Getgroups()
+	if err != nil {
+		return false
+	}
+
+	for _, g := range groups {
+		if g == gid {
+			return true
+		}
+	}
+	return false
+}
+
+//sys	faccessat(dirfd int, path string, mode uint32) (err error)
+//sys	Faccessat2(dirfd int, path string, mode uint32, flags int) (err error)
+
+func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
+	if flags == 0 {
+		return faccessat(dirfd, path, mode)
+	}
+
+	if err := Faccessat2(dirfd, path, mode, flags); err != ENOSYS && err != EPERM {
+		return err
+	}
+
+	// The Linux kernel faccessat system call does not take any flags.
+	// The glibc faccessat implements the flags itself; see
+	// https://sourceware.org/git/?p=glibc.git;a=blob;f=sysdeps/unix/sysv/linux/faccessat.c;hb=HEAD
+	// Because people naturally expect syscall.Faccessat to act
+	// like C faccessat, we do the same.
+
+	if flags & ^(AT_SYMLINK_NOFOLLOW|AT_EACCESS) != 0 {
+		return EINVAL
+	}
+
+	var st Stat_t
+	if err := Fstatat(dirfd, path, &st, flags&AT_SYMLINK_NOFOLLOW); err != nil {
+		return err
+	}
+
+	mode &= 7
+	if mode == 0 {
+		return nil
+	}
+
+	var uid int
+	if flags&AT_EACCESS != 0 {
+		uid = Geteuid()
+	} else {
+		uid = Getuid()
+	}
+
+	if uid == 0 {
+		if mode&1 == 0 {
+			// Root can read and write any file.
+			return nil
+		}
+		if st.Mode&0111 != 0 {
+			// Root can execute any file that anybody can execute.
+			return nil
+		}
+		return EACCES
+	}
+
+	var fmode uint32
+	if uint32(uid) == st.Uid {
+		fmode = (st.Mode >> 6) & 7
+	} else {
+		var gid int
+		if flags&AT_EACCESS != 0 {
+			gid = Getegid()
+		} else {
+			gid = Getgid()
+		}
+
+		if uint32(gid) == st.Gid || isGroupMember(gid) {
+			fmode = (st.Mode >> 3) & 7
+		} else {
+			fmode = st.Mode & 7
+		}
+	}
+
+	if fmode&mode == mode {
+		return nil
+	}
+
+	return EACCES
+}
+
+//sys nameToHandleAt(dirFD int, pathname string, fh *fileHandle, mountID *_C_int, flags int) (err error) = SYS_NAME_TO_HANDLE_AT
+//sys openByHandleAt(mountFD int, fh *fileHandle, flags int) (fd int, err error) = SYS_OPEN_BY_HANDLE_AT
+
+// fileHandle is the argument to nameToHandleAt and openByHandleAt. We
+// originally tried to generate it via unix/linux/types.go with "type
+// fileHandle C.struct_file_handle" but that generated empty structs
+// for mips64 and mips64le. Instead, hard code it for now (it's the
+// same everywhere else) until the mips64 generator issue is fixed.
+type fileHandle struct {
+	Bytes uint32
+	Type  int32
+}
+
+// FileHandle represents the C struct file_handle used by
+// name_to_handle_at (see NameToHandleAt) and open_by_handle_at (see
+// OpenByHandleAt).
+type FileHandle struct {
+	*fileHandle
+}
+
+// NewFileHandle constructs a FileHandle.
+func NewFileHandle(handleType int32, handle []byte) FileHandle {
+	const hdrSize = unsafe.Sizeof(fileHandle{})
+	buf := make([]byte, hdrSize+uintptr(len(handle)))
+	copy(buf[hdrSize:], handle)
+	fh := (*fileHandle)(unsafe.Pointer(&buf[0]))
+	fh.Type = handleType
+	fh.Bytes = uint32(len(handle))
+	return FileHandle{fh}
+}
+
+func (fh *FileHandle) Size() int   { return int(fh.fileHandle.Bytes) }
+func (fh *FileHandle) Type() int32 { return fh.fileHandle.Type }
+func (fh *FileHandle) Bytes() []byte {
+	n := fh.Size()
+	if n == 0 {
+		return nil
+	}
+	return (*[1 << 30]byte)(unsafe.Pointer(uintptr(unsafe.Pointer(&fh.fileHandle.Type)) + 4))[:n:n]
+}
+
+// NameToHandleAt wraps the name_to_handle_at system call; it obtains
+// a handle for a path name.
+func NameToHandleAt(dirfd int, path string, flags int) (handle FileHandle, mountID int, err error) {
+	var mid _C_int
+	// Try first with a small buffer, assuming the handle will
+	// only be 32 bytes.
+	size := uint32(32 + unsafe.Sizeof(fileHandle{}))
+	didResize := false
+	for {
+		buf := make([]byte, size)
+		fh := (*fileHandle)(unsafe.Pointer(&buf[0]))
+		fh.Bytes = size - uint32(unsafe.Sizeof(fileHandle{}))
+		err = nameToHandleAt(dirfd, path, fh, &mid, flags)
+		if err == EOVERFLOW {
+			if didResize {
+				// We shouldn't need to resize more than once
+				return
+			}
+			didResize = true
+			size = fh.Bytes + uint32(unsafe.Sizeof(fileHandle{}))
+			continue
+		}
+		if err != nil {
+			return
+		}
+		return FileHandle{fh}, int(mid), nil
+	}
+}
+
+// OpenByHandleAt wraps the open_by_handle_at system call; it opens a
+// file via a handle as previously returned by NameToHandleAt.
+func OpenByHandleAt(mountFD int, handle FileHandle, flags int) (fd int, err error) {
+	return openByHandleAt(mountFD, handle.fileHandle, flags)
+}
+
+// Klogset wraps the sys_syslog system call; it sets console_loglevel to
+// the value specified by arg and passes a dummy pointer to bufp.
+func Klogset(typ int, arg int) (err error) {
+	var p unsafe.Pointer
+	_, _, errno := Syscall(SYS_SYSLOG, uintptr(typ), uintptr(p), uintptr(arg))
+	if errno != 0 {
+		return errnoErr(errno)
+	}
+	return nil
+}
+
+// RemoteIovec is Iovec with the pointer replaced with an integer.
+// It is used for ProcessVMReadv and ProcessVMWritev, where the pointer
+// refers to a location in a different process' address space, which
+// would confuse the Go garbage collector.
+type RemoteIovec struct {
+	Base uintptr
+	Len  int
+}
+
+//sys	ProcessVMReadv(pid int, localIov []Iovec, remoteIov []RemoteIovec, flags uint) (n int, err error) = SYS_PROCESS_VM_READV
+//sys	ProcessVMWritev(pid int, localIov []Iovec, remoteIov []RemoteIovec, flags uint) (n int, err error) = SYS_PROCESS_VM_WRITEV
+
+/*
+ * Unimplemented
+ */
+// AfsSyscall
+// Alarm
+// ArchPrctl
+// Brk
+// ClockNanosleep
+// ClockSettime
+// Clone
+// EpollCtlOld
+// EpollPwait
+// EpollWaitOld
+// Execve
+// Fork
+// Futex
+// GetKernelSyms
+// GetMempolicy
+// GetRobustList
+// GetThreadArea
+// Getitimer
+// Getpmsg
+// IoCancel
+// IoDestroy
+// IoGetevents
+// IoSetup
+// IoSubmit
+// IoprioGet
+// IoprioSet
+// KexecLoad
+// LookupDcookie
+// Mbind
+// MigratePages
+// Mincore
+// ModifyLdt
+// Mount
+// MovePages
+// MqGetsetattr
+// MqNotify
+// MqOpen
+// MqTimedreceive
+// MqTimedsend
+// MqUnlink
+// Mremap
+// Msgctl
+// Msgget
+// Msgrcv
+// Msgsnd
+// Nfsservctl
+// Personality
+// Pselect6
+// Ptrace
+// Putpmsg
+// Quotactl
+// Readahead
+// Readv
+// RemapFilePages
+// RestartSyscall
+// RtSigaction
+// RtSigpending
+// RtSigprocmask
+// RtSigqueueinfo
+// RtSigreturn
+// RtSigsuspend
+// RtSigtimedwait
+// SchedGetPriorityMax
+// SchedGetPriorityMin
+// SchedGetparam
+// SchedGetscheduler
+// SchedRrGetInterval
+// SchedSetparam
+// SchedYield
+// Security
+// Semctl
+// Semget
+// Semop
+// Semtimedop
+// SetMempolicy
+// SetRobustList
+// SetThreadArea
+// SetTidAddress
+// Shmat
+// Shmctl
+// Shmdt
+// Shmget
+// Sigaltstack
+// Swapoff
+// Swapon
+// Sysfs
+// TimerCreate
+// TimerDelete
+// TimerGetoverrun
+// TimerGettime
+// TimerSettime
+// Tkill (obsolete)
+// Tuxcall
+// Umount2
+// Uselib
+// Utimensat
+// Vfork
+// Vhangup
+// Vserver
+// Waitid
+// _Sysctl
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_linux_386.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_linux_386.go
new file mode 100644
index 000000000..048d18e3c
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_linux_386.go
@@ -0,0 +1,390 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// TODO(rsc): Rewrite all nn(SP) references into name+(nn-8)(FP)
+// so that go vet can check that they are correct.
+
+// +build 386,linux
+
+package unix
+
+import (
+	"unsafe"
+)
+
+func setTimespec(sec, nsec int64) Timespec {
+	return Timespec{Sec: int32(sec), Nsec: int32(nsec)}
+}
+
+func setTimeval(sec, usec int64) Timeval {
+	return Timeval{Sec: int32(sec), Usec: int32(usec)}
+}
+
+//sysnb	pipe(p *[2]_C_int) (err error)
+
+func Pipe(p []int) (err error) {
+	if len(p) != 2 {
+		return EINVAL
+	}
+	var pp [2]_C_int
+	err = pipe(&pp)
+	p[0] = int(pp[0])
+	p[1] = int(pp[1])
+	return
+}
+
+//sysnb pipe2(p *[2]_C_int, flags int) (err error)
+
+func Pipe2(p []int, flags int) (err error) {
+	if len(p) != 2 {
+		return EINVAL
+	}
+	var pp [2]_C_int
+	err = pipe2(&pp, flags)
+	p[0] = int(pp[0])
+	p[1] = int(pp[1])
+	return
+}
+
+// 64-bit file system and 32-bit uid calls
+// (386 default is 32-bit file system and 16-bit uid).
+//sys	dup2(oldfd int, newfd int) (err error)
+//sysnb	EpollCreate(size int) (fd int, err error)
+//sys	EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error)
+//sys	Fadvise(fd int, offset int64, length int64, advice int) (err error) = SYS_FADVISE64_64
+//sys	Fchown(fd int, uid int, gid int) (err error) = SYS_FCHOWN32
+//sys	Fstat(fd int, stat *Stat_t) (err error) = SYS_FSTAT64
+//sys	Fstatat(dirfd int, path string, stat *Stat_t, flags int) (err error) = SYS_FSTATAT64
+//sys	Ftruncate(fd int, length int64) (err error) = SYS_FTRUNCATE64
+//sysnb	Getegid() (egid int) = SYS_GETEGID32
+//sysnb	Geteuid() (euid int) = SYS_GETEUID32
+//sysnb	Getgid() (gid int) = SYS_GETGID32
+//sysnb	Getuid() (uid int) = SYS_GETUID32
+//sysnb	InotifyInit() (fd int, err error)
+//sys	Ioperm(from int, num int, on int) (err error)
+//sys	Iopl(level int) (err error)
+//sys	Lchown(path string, uid int, gid int) (err error) = SYS_LCHOWN32
+//sys	Lstat(path string, stat *Stat_t) (err error) = SYS_LSTAT64
+//sys	Pread(fd int, p []byte, offset int64) (n int, err error) = SYS_PREAD64
+//sys	Pwrite(fd int, p []byte, offset int64) (n int, err error) = SYS_PWRITE64
+//sys	Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error)
+//sys	sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) = SYS_SENDFILE64
+//sys	setfsgid(gid int) (prev int, err error) = SYS_SETFSGID32
+//sys	setfsuid(uid int) (prev int, err error) = SYS_SETFSUID32
+//sysnb	Setregid(rgid int, egid int) (err error) = SYS_SETREGID32
+//sysnb	Setresgid(rgid int, egid int, sgid int) (err error) = SYS_SETRESGID32
+//sysnb	Setresuid(ruid int, euid int, suid int) (err error) = SYS_SETRESUID32
+//sysnb	Setreuid(ruid int, euid int) (err error) = SYS_SETREUID32
+//sys	Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int, err error)
+//sys	Stat(path string, stat *Stat_t) (err error) = SYS_STAT64
+//sys	SyncFileRange(fd int, off int64, n int64, flags int) (err error)
+//sys	Truncate(path string, length int64) (err error) = SYS_TRUNCATE64
+//sys	Ustat(dev int, ubuf *Ustat_t) (err error)
+//sysnb	getgroups(n int, list *_Gid_t) (nn int, err error) = SYS_GETGROUPS32
+//sysnb	setgroups(n int, list *_Gid_t) (err error) = SYS_SETGROUPS32
+//sys	Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) = SYS__NEWSELECT
+
+//sys	mmap2(addr uintptr, length uintptr, prot int, flags int, fd int, pageOffset uintptr) (xaddr uintptr, err error)
+//sys	Pause() (err error)
+
+func mmap(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (xaddr uintptr, err error) {
+	page := uintptr(offset / 4096)
+	if offset != int64(page)*4096 {
+		return 0, EINVAL
+	}
+	return mmap2(addr, length, prot, flags, fd, page)
+}
+
+type rlimit32 struct {
+	Cur uint32
+	Max uint32
+}
+
+//sysnb getrlimit(resource int, rlim *rlimit32) (err error) = SYS_GETRLIMIT
+
+const rlimInf32 = ^uint32(0)
+const rlimInf64 = ^uint64(0)
+
+func Getrlimit(resource int, rlim *Rlimit) (err error) {
+	err = prlimit(0, resource, nil, rlim)
+	if err != ENOSYS {
+		return err
+	}
+
+	rl := rlimit32{}
+	err = getrlimit(resource, &rl)
+	if err != nil {
+		return
+	}
+
+	if rl.Cur == rlimInf32 {
+		rlim.Cur = rlimInf64
+	} else {
+		rlim.Cur = uint64(rl.Cur)
+	}
+
+	if rl.Max == rlimInf32 {
+		rlim.Max = rlimInf64
+	} else {
+		rlim.Max = uint64(rl.Max)
+	}
+	return
+}
+
+//sysnb setrlimit(resource int, rlim *rlimit32) (err error) = SYS_SETRLIMIT
+
+func Setrlimit(resource int, rlim *Rlimit) (err error) {
+	err = prlimit(0, resource, rlim, nil)
+	if err != ENOSYS {
+		return err
+	}
+
+	rl := rlimit32{}
+	if rlim.Cur == rlimInf64 {
+		rl.Cur = rlimInf32
+	} else if rlim.Cur < uint64(rlimInf32) {
+		rl.Cur = uint32(rlim.Cur)
+	} else {
+		return EINVAL
+	}
+	if rlim.Max == rlimInf64 {
+		rl.Max = rlimInf32
+	} else if rlim.Max < uint64(rlimInf32) {
+		rl.Max = uint32(rlim.Max)
+	} else {
+		return EINVAL
+	}
+
+	return setrlimit(resource, &rl)
+}
+
+func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
+	newoffset, errno := seek(fd, offset, whence)
+	if errno != 0 {
+		return 0, errno
+	}
+	return newoffset, nil
+}
+
+//sys	futimesat(dirfd int, path string, times *[2]Timeval) (err error)
+//sysnb	Gettimeofday(tv *Timeval) (err error)
+//sysnb	Time(t *Time_t) (tt Time_t, err error)
+//sys	Utime(path string, buf *Utimbuf) (err error)
+//sys	utimes(path string, times *[2]Timeval) (err error)
+
+// On x86 Linux, all the socket calls go through an extra indirection,
+// I think because the 5-register system call interface can't handle
+// the 6-argument calls like sendto and recvfrom. Instead the
+// arguments to the underlying system call are the number below
+// and a pointer to an array of uintptr. We hide the pointer in the
+// socketcall assembly to avoid allocation on every system call.
+
+const (
+	// see linux/net.h
+	_SOCKET      = 1
+	_BIND        = 2
+	_CONNECT     = 3
+	_LISTEN      = 4
+	_ACCEPT      = 5
+	_GETSOCKNAME = 6
+	_GETPEERNAME = 7
+	_SOCKETPAIR  = 8
+	_SEND        = 9
+	_RECV        = 10
+	_SENDTO      = 11
+	_RECVFROM    = 12
+	_SHUTDOWN    = 13
+	_SETSOCKOPT  = 14
+	_GETSOCKOPT  = 15
+	_SENDMSG     = 16
+	_RECVMSG     = 17
+	_ACCEPT4     = 18
+	_RECVMMSG    = 19
+	_SENDMMSG    = 20
+)
+
+func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
+	fd, e := socketcall(_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), 0, 0, 0)
+	if e != 0 {
+		err = e
+	}
+	return
+}
+
+func accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) {
+	fd, e := socketcall(_ACCEPT4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0)
+	if e != 0 {
+		err = e
+	}
+	return
+}
+
+func getsockname(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, e := rawsocketcall(_GETSOCKNAME, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), 0, 0, 0)
+	if e != 0 {
+		err = e
+	}
+	return
+}
+
+func getpeername(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, e := rawsocketcall(_GETPEERNAME, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), 0, 0, 0)
+	if e != 0 {
+		err = e
+	}
+	return
+}
+
+func socketpair(domain int, typ int, flags int, fd *[2]int32) (err error) {
+	_, e := rawsocketcall(_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(flags), uintptr(unsafe.Pointer(fd)), 0, 0)
+	if e != 0 {
+		err = e
+	}
+	return
+}
+
+func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, e := socketcall(_BIND, uintptr(s), uintptr(addr), uintptr(addrlen), 0, 0, 0)
+	if e != 0 {
+		err = e
+	}
+	return
+}
+
+func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, e := socketcall(_CONNECT, uintptr(s), uintptr(addr), uintptr(addrlen), 0, 0, 0)
+	if e != 0 {
+		err = e
+	}
+	return
+}
+
+func socket(domain int, typ int, proto int) (fd int, err error) {
+	fd, e := rawsocketcall(_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto), 0, 0, 0)
+	if e != 0 {
+		err = e
+	}
+	return
+}
+
+func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
+	_, e := socketcall(_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
+	if e != 0 {
+		err = e
+	}
+	return
+}
+
+func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
+	_, e := socketcall(_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), vallen, 0)
+	if e != 0 {
+		err = e
+	}
+	return
+}
+
+func recvfrom(s int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
+	var base uintptr
+	if len(p) > 0 {
+		base = uintptr(unsafe.Pointer(&p[0]))
+	}
+	n, e := socketcall(_RECVFROM, uintptr(s), base, uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+	if e != 0 {
+		err = e
+	}
+	return
+}
+
+func sendto(s int, p []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) {
+	var base uintptr
+	if len(p) > 0 {
+		base = uintptr(unsafe.Pointer(&p[0]))
+	}
+	_, e := socketcall(_SENDTO, uintptr(s), base, uintptr(len(p)), uintptr(flags), uintptr(to), uintptr(addrlen))
+	if e != 0 {
+		err = e
+	}
+	return
+}
+
+func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	n, e := socketcall(_RECVMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags), 0, 0, 0)
+	if e != 0 {
+		err = e
+	}
+	return
+}
+
+func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	n, e := socketcall(_SENDMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags), 0, 0, 0)
+	if e != 0 {
+		err = e
+	}
+	return
+}
+
+func Listen(s int, n int) (err error) {
+	_, e := socketcall(_LISTEN, uintptr(s), uintptr(n), 0, 0, 0, 0)
+	if e != 0 {
+		err = e
+	}
+	return
+}
+
+func Shutdown(s, how int) (err error) {
+	_, e := socketcall(_SHUTDOWN, uintptr(s), uintptr(how), 0, 0, 0, 0)
+	if e != 0 {
+		err = e
+	}
+	return
+}
+
+func Fstatfs(fd int, buf *Statfs_t) (err error) {
+	_, _, e := Syscall(SYS_FSTATFS64, uintptr(fd), unsafe.Sizeof(*buf), uintptr(unsafe.Pointer(buf)))
+	if e != 0 {
+		err = e
+	}
+	return
+}
+
+func Statfs(path string, buf *Statfs_t) (err error) {
+	pathp, err := BytePtrFromString(path)
+	if err != nil {
+		return err
+	}
+	_, _, e := Syscall(SYS_STATFS64, uintptr(unsafe.Pointer(pathp)), unsafe.Sizeof(*buf), uintptr(unsafe.Pointer(buf)))
+	if e != 0 {
+		err = e
+	}
+	return
+}
+
+func (r *PtraceRegs) PC() uint64 { return uint64(uint32(r.Eip)) }
+
+func (r *PtraceRegs) SetPC(pc uint64) { r.Eip = int32(pc) }
+
+func (iov *Iovec) SetLen(length int) {
+	iov.Len = uint32(length)
+}
+
+func (msghdr *Msghdr) SetControllen(length int) {
+	msghdr.Controllen = uint32(length)
+}
+
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = uint32(length)
+}
+
+func (cmsg *Cmsghdr) SetLen(length int) {
+	cmsg.Len = uint32(length)
+}
+
+//sys	poll(fds *PollFd, nfds int, timeout int) (n int, err error)
+
+func Poll(fds []PollFd, timeout int) (n int, err error) {
+	if len(fds) == 0 {
+		return poll(nil, 0, timeout)
+	}
+	return poll(&fds[0], len(fds), timeout)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go
new file mode 100644
index 000000000..72efe86ed
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go
@@ -0,0 +1,194 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build amd64,linux
+
+package unix
+
+//sys	dup2(oldfd int, newfd int) (err error)
+//sysnb	EpollCreate(size int) (fd int, err error)
+//sys	EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error)
+//sys	Fadvise(fd int, offset int64, length int64, advice int) (err error) = SYS_FADVISE64
+//sys	Fchown(fd int, uid int, gid int) (err error)
+//sys	Fstat(fd int, stat *Stat_t) (err error)
+//sys	Fstatat(dirfd int, path string, stat *Stat_t, flags int) (err error) = SYS_NEWFSTATAT
+//sys	Fstatfs(fd int, buf *Statfs_t) (err error)
+//sys	Ftruncate(fd int, length int64) (err error)
+//sysnb	Getegid() (egid int)
+//sysnb	Geteuid() (euid int)
+//sysnb	Getgid() (gid int)
+//sysnb	Getrlimit(resource int, rlim *Rlimit) (err error)
+//sysnb	Getuid() (uid int)
+//sysnb	inotifyInit() (fd int, err error)
+
+func InotifyInit() (fd int, err error) {
+	// First try inotify_init1, because Android's seccomp policy blocks the latter.
+	fd, err = InotifyInit1(0)
+	if err == ENOSYS {
+		fd, err = inotifyInit()
+	}
+	return
+}
+
+//sys	Ioperm(from int, num int, on int) (err error)
+//sys	Iopl(level int) (err error)
+//sys	Lchown(path string, uid int, gid int) (err error)
+//sys	Listen(s int, n int) (err error)
+
+func Lstat(path string, stat *Stat_t) (err error) {
+	return Fstatat(AT_FDCWD, path, stat, AT_SYMLINK_NOFOLLOW)
+}
+
+//sys	Pause() (err error)
+//sys	Pread(fd int, p []byte, offset int64) (n int, err error) = SYS_PREAD64
+//sys	Pwrite(fd int, p []byte, offset int64) (n int, err error) = SYS_PWRITE64
+//sys	Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error)
+//sys	Seek(fd int, offset int64, whence int) (off int64, err error) = SYS_LSEEK
+
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	var ts *Timespec
+	if timeout != nil {
+		ts = &Timespec{Sec: timeout.Sec, Nsec: timeout.Usec * 1000}
+	}
+	return Pselect(nfd, r, w, e, ts, nil)
+}
+
+//sys	sendfile(outfd int, infd int, offset *int64, count int) (written int, err error)
+//sys	setfsgid(gid int) (prev int, err error)
+//sys	setfsuid(uid int) (prev int, err error)
+//sysnb	Setregid(rgid int, egid int) (err error)
+//sysnb	Setresgid(rgid int, egid int, sgid int) (err error)
+//sysnb	Setresuid(ruid int, euid int, suid int) (err error)
+//sysnb	Setrlimit(resource int, rlim *Rlimit) (err error)
+//sysnb	Setreuid(ruid int, euid int) (err error)
+//sys	Shutdown(fd int, how int) (err error)
+//sys	Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error)
+
+func Stat(path string, stat *Stat_t) (err error) {
+	// Use fstatat, because Android's seccomp policy blocks stat.
+	return Fstatat(AT_FDCWD, path, stat, 0)
+}
+
+//sys	Statfs(path string, buf *Statfs_t) (err error)
+//sys	SyncFileRange(fd int, off int64, n int64, flags int) (err error)
+//sys	Truncate(path string, length int64) (err error)
+//sys	Ustat(dev int, ubuf *Ustat_t) (err error)
+//sys	accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error)
+//sys	accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error)
+//sys	bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error)
+//sys	connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error)
+//sysnb	getgroups(n int, list *_Gid_t) (nn int, err error)
+//sysnb	setgroups(n int, list *_Gid_t) (err error)
+//sys	getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error)
+//sys	setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error)
+//sysnb	socket(domain int, typ int, proto int) (fd int, err error)
+//sysnb	socketpair(domain int, typ int, proto int, fd *[2]int32) (err error)
+//sysnb	getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error)
+//sysnb	getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error)
+//sys	recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error)
+//sys	sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error)
+//sys	recvmsg(s int, msg *Msghdr, flags int) (n int, err error)
+//sys	sendmsg(s int, msg *Msghdr, flags int) (n int, err error)
+//sys	mmap(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (xaddr uintptr, err error)
+
+//sys	futimesat(dirfd int, path string, times *[2]Timeval) (err error)
+
+func Gettimeofday(tv *Timeval) (err error) {
+	errno := gettimeofday(tv)
+	if errno != 0 {
+		return errno
+	}
+	return nil
+}
+
+func Time(t *Time_t) (tt Time_t, err error) {
+	var tv Timeval
+	errno := gettimeofday(&tv)
+	if errno != 0 {
+		return 0, errno
+	}
+	if t != nil {
+		*t = Time_t(tv.Sec)
+	}
+	return Time_t(tv.Sec), nil
+}
+
+//sys	Utime(path string, buf *Utimbuf) (err error)
+//sys	utimes(path string, times *[2]Timeval) (err error)
+
+func setTimespec(sec, nsec int64) Timespec {
+	return Timespec{Sec: sec, Nsec: nsec}
+}
+
+func setTimeval(sec, usec int64) Timeval {
+	return Timeval{Sec: sec, Usec: usec}
+}
+
+//sysnb	pipe(p *[2]_C_int) (err error)
+
+func Pipe(p []int) (err error) {
+	if len(p) != 2 {
+		return EINVAL
+	}
+	var pp [2]_C_int
+	err = pipe(&pp)
+	p[0] = int(pp[0])
+	p[1] = int(pp[1])
+	return
+}
+
+//sysnb pipe2(p *[2]_C_int, flags int) (err error)
+
+func Pipe2(p []int, flags int) (err error) {
+	if len(p) != 2 {
+		return EINVAL
+	}
+	var pp [2]_C_int
+	err = pipe2(&pp, flags)
+	p[0] = int(pp[0])
+	p[1] = int(pp[1])
+	return
+}
+
+func (r *PtraceRegs) PC() uint64 { return r.Rip }
+
+func (r *PtraceRegs) SetPC(pc uint64) { r.Rip = pc }
+
+func (iov *Iovec) SetLen(length int) {
+	iov.Len = uint64(length)
+}
+
+func (msghdr *Msghdr) SetControllen(length int) {
+	msghdr.Controllen = uint64(length)
+}
+
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = uint64(length)
+}
+
+func (cmsg *Cmsghdr) SetLen(length int) {
+	cmsg.Len = uint64(length)
+}
+
+//sys	poll(fds *PollFd, nfds int, timeout int) (n int, err error)
+
+func Poll(fds []PollFd, timeout int) (n int, err error) {
+	if len(fds) == 0 {
+		return poll(nil, 0, timeout)
+	}
+	return poll(&fds[0], len(fds), timeout)
+}
+
+//sys	kexecFileLoad(kernelFd int, initrdFd int, cmdlineLen int, cmdline string, flags int) (err error)
+
+func KexecFileLoad(kernelFd int, initrdFd int, cmdline string, flags int) error {
+	cmdlineLen := len(cmdline)
+	if cmdlineLen > 0 {
+		// Account for the additional NULL byte added by
+		// BytePtrFromString in kexecFileLoad. The kexec_file_load
+		// syscall expects a NULL-terminated string.
+		cmdlineLen++
+	}
+	return kexecFileLoad(kernelFd, initrdFd, cmdlineLen, cmdline, flags)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go
new file mode 100644
index 000000000..21a4946ba
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go
@@ -0,0 +1,13 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build amd64,linux
+// +build !gccgo
+
+package unix
+
+import "syscall"
+
+//go:noescape
+func gettimeofday(tv *Timeval) (err syscall.Errno)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_linux_arm.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_linux_arm.go
new file mode 100644
index 000000000..496837b1e
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_linux_arm.go
@@ -0,0 +1,286 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build arm,linux
+
+package unix
+
+import (
+	"unsafe"
+)
+
+func setTimespec(sec, nsec int64) Timespec {
+	return Timespec{Sec: int32(sec), Nsec: int32(nsec)}
+}
+
+func setTimeval(sec, usec int64) Timeval {
+	return Timeval{Sec: int32(sec), Usec: int32(usec)}
+}
+
+//sysnb	pipe(p *[2]_C_int) (err error)
+
+func Pipe(p []int) (err error) {
+	if len(p) != 2 {
+		return EINVAL
+	}
+	var pp [2]_C_int
+	// Try pipe2 first for Android O, then try pipe for kernel 2.6.23.
+	err = pipe2(&pp, 0)
+	if err == ENOSYS {
+		err = pipe(&pp)
+	}
+	p[0] = int(pp[0])
+	p[1] = int(pp[1])
+	return
+}
+
+//sysnb pipe2(p *[2]_C_int, flags int) (err error)
+
+func Pipe2(p []int, flags int) (err error) {
+	if len(p) != 2 {
+		return EINVAL
+	}
+	var pp [2]_C_int
+	err = pipe2(&pp, flags)
+	p[0] = int(pp[0])
+	p[1] = int(pp[1])
+	return
+}
+
+func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
+	newoffset, errno := seek(fd, offset, whence)
+	if errno != 0 {
+		return 0, errno
+	}
+	return newoffset, nil
+}
+
+//sys	accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error)
+//sys	accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error)
+//sys	bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error)
+//sys	connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error)
+//sysnb	getgroups(n int, list *_Gid_t) (nn int, err error) = SYS_GETGROUPS32
+//sysnb	setgroups(n int, list *_Gid_t) (err error) = SYS_SETGROUPS32
+//sys	getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error)
+//sys	setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error)
+//sysnb	socket(domain int, typ int, proto int) (fd int, err error)
+//sysnb	getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error)
+//sysnb	getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error)
+//sys	recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error)
+//sys	sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error)
+//sysnb	socketpair(domain int, typ int, flags int, fd *[2]int32) (err error)
+//sys	recvmsg(s int, msg *Msghdr, flags int) (n int, err error)
+//sys	sendmsg(s int, msg *Msghdr, flags int) (n int, err error)
+
+// 64-bit file system and 32-bit uid calls
+// (16-bit uid calls are not always supported in newer kernels)
+//sys	dup2(oldfd int, newfd int) (err error)
+//sysnb	EpollCreate(size int) (fd int, err error)
+//sys	EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error)
+//sys	Fchown(fd int, uid int, gid int) (err error) = SYS_FCHOWN32
+//sys	Fstat(fd int, stat *Stat_t) (err error) = SYS_FSTAT64
+//sys	Fstatat(dirfd int, path string, stat *Stat_t, flags int) (err error) = SYS_FSTATAT64
+//sysnb	Getegid() (egid int) = SYS_GETEGID32
+//sysnb	Geteuid() (euid int) = SYS_GETEUID32
+//sysnb	Getgid() (gid int) = SYS_GETGID32
+//sysnb	Getuid() (uid int) = SYS_GETUID32
+//sysnb	InotifyInit() (fd int, err error)
+//sys	Lchown(path string, uid int, gid int) (err error) = SYS_LCHOWN32
+//sys	Listen(s int, n int) (err error)
+//sys	Lstat(path string, stat *Stat_t) (err error) = SYS_LSTAT64
+//sys	Pause() (err error)
+//sys	Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error)
+//sys	sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) = SYS_SENDFILE64
+//sys	Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) = SYS__NEWSELECT
+//sys	setfsgid(gid int) (prev int, err error) = SYS_SETFSGID32
+//sys	setfsuid(uid int) (prev int, err error) = SYS_SETFSUID32
+//sysnb	Setregid(rgid int, egid int) (err error) = SYS_SETREGID32
+//sysnb	Setresgid(rgid int, egid int, sgid int) (err error) = SYS_SETRESGID32
+//sysnb	Setresuid(ruid int, euid int, suid int) (err error) = SYS_SETRESUID32
+//sysnb	Setreuid(ruid int, euid int) (err error) = SYS_SETREUID32
+//sys	Shutdown(fd int, how int) (err error)
+//sys	Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int, err error)
+//sys	Stat(path string, stat *Stat_t) (err error) = SYS_STAT64
+//sys	Ustat(dev int, ubuf *Ustat_t) (err error)
+
+//sys	futimesat(dirfd int, path string, times *[2]Timeval) (err error)
+//sysnb	Gettimeofday(tv *Timeval) (err error)
+
+func Time(t *Time_t) (Time_t, error) {
+	var tv Timeval
+	err := Gettimeofday(&tv)
+	if err != nil {
+		return 0, err
+	}
+	if t != nil {
+		*t = Time_t(tv.Sec)
+	}
+	return Time_t(tv.Sec), nil
+}
+
+func Utime(path string, buf *Utimbuf) error {
+	tv := []Timeval{
+		{Sec: buf.Actime},
+		{Sec: buf.Modtime},
+	}
+	return Utimes(path, tv)
+}
+
+//sys	utimes(path string, times *[2]Timeval) (err error)
+
+//sys   Pread(fd int, p []byte, offset int64) (n int, err error) = SYS_PREAD64
+//sys   Pwrite(fd int, p []byte, offset int64) (n int, err error) = SYS_PWRITE64
+//sys	Truncate(path string, length int64) (err error) = SYS_TRUNCATE64
+//sys	Ftruncate(fd int, length int64) (err error) = SYS_FTRUNCATE64
+
+func Fadvise(fd int, offset int64, length int64, advice int) (err error) {
+	_, _, e1 := Syscall6(SYS_ARM_FADVISE64_64, uintptr(fd), uintptr(advice), uintptr(offset), uintptr(offset>>32), uintptr(length), uintptr(length>>32))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+//sys	mmap2(addr uintptr, length uintptr, prot int, flags int, fd int, pageOffset uintptr) (xaddr uintptr, err error)
+
+func Fstatfs(fd int, buf *Statfs_t) (err error) {
+	_, _, e := Syscall(SYS_FSTATFS64, uintptr(fd), unsafe.Sizeof(*buf), uintptr(unsafe.Pointer(buf)))
+	if e != 0 {
+		err = e
+	}
+	return
+}
+
+func Statfs(path string, buf *Statfs_t) (err error) {
+	pathp, err := BytePtrFromString(path)
+	if err != nil {
+		return err
+	}
+	_, _, e := Syscall(SYS_STATFS64, uintptr(unsafe.Pointer(pathp)), unsafe.Sizeof(*buf), uintptr(unsafe.Pointer(buf)))
+	if e != 0 {
+		err = e
+	}
+	return
+}
+
+func mmap(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (xaddr uintptr, err error) {
+	page := uintptr(offset / 4096)
+	if offset != int64(page)*4096 {
+		return 0, EINVAL
+	}
+	return mmap2(addr, length, prot, flags, fd, page)
+}
+
+type rlimit32 struct {
+	Cur uint32
+	Max uint32
+}
+
+//sysnb getrlimit(resource int, rlim *rlimit32) (err error) = SYS_UGETRLIMIT
+
+const rlimInf32 = ^uint32(0)
+const rlimInf64 = ^uint64(0)
+
+func Getrlimit(resource int, rlim *Rlimit) (err error) {
+	err = prlimit(0, resource, nil, rlim)
+	if err != ENOSYS {
+		return err
+	}
+
+	rl := rlimit32{}
+	err = getrlimit(resource, &rl)
+	if err != nil {
+		return
+	}
+
+	if rl.Cur == rlimInf32 {
+		rlim.Cur = rlimInf64
+	} else {
+		rlim.Cur = uint64(rl.Cur)
+	}
+
+	if rl.Max == rlimInf32 {
+		rlim.Max = rlimInf64
+	} else {
+		rlim.Max = uint64(rl.Max)
+	}
+	return
+}
+
+//sysnb setrlimit(resource int, rlim *rlimit32) (err error) = SYS_SETRLIMIT
+
+func Setrlimit(resource int, rlim *Rlimit) (err error) {
+	err = prlimit(0, resource, rlim, nil)
+	if err != ENOSYS {
+		return err
+	}
+
+	rl := rlimit32{}
+	if rlim.Cur == rlimInf64 {
+		rl.Cur = rlimInf32
+	} else if rlim.Cur < uint64(rlimInf32) {
+		rl.Cur = uint32(rlim.Cur)
+	} else {
+		return EINVAL
+	}
+	if rlim.Max == rlimInf64 {
+		rl.Max = rlimInf32
+	} else if rlim.Max < uint64(rlimInf32) {
+		rl.Max = uint32(rlim.Max)
+	} else {
+		return EINVAL
+	}
+
+	return setrlimit(resource, &rl)
+}
+
+func (r *PtraceRegs) PC() uint64 { return uint64(r.Uregs[15]) }
+
+func (r *PtraceRegs) SetPC(pc uint64) { r.Uregs[15] = uint32(pc) }
+
+func (iov *Iovec) SetLen(length int) {
+	iov.Len = uint32(length)
+}
+
+func (msghdr *Msghdr) SetControllen(length int) {
+	msghdr.Controllen = uint32(length)
+}
+
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = uint32(length)
+}
+
+func (cmsg *Cmsghdr) SetLen(length int) {
+	cmsg.Len = uint32(length)
+}
+
+//sys	poll(fds *PollFd, nfds int, timeout int) (n int, err error)
+
+func Poll(fds []PollFd, timeout int) (n int, err error) {
+	if len(fds) == 0 {
+		return poll(nil, 0, timeout)
+	}
+	return poll(&fds[0], len(fds), timeout)
+}
+
+//sys	armSyncFileRange(fd int, flags int, off int64, n int64) (err error) = SYS_ARM_SYNC_FILE_RANGE
+
+func SyncFileRange(fd int, off int64, n int64, flags int) error {
+	// The sync_file_range and arm_sync_file_range syscalls differ only in the
+	// order of their arguments.
+	return armSyncFileRange(fd, flags, off, n)
+}
+
+//sys	kexecFileLoad(kernelFd int, initrdFd int, cmdlineLen int, cmdline string, flags int) (err error)
+
+func KexecFileLoad(kernelFd int, initrdFd int, cmdline string, flags int) error {
+	cmdlineLen := len(cmdline)
+	if cmdlineLen > 0 {
+		// Account for the additional NULL byte added by
+		// BytePtrFromString in kexecFileLoad. The kexec_file_load
+		// syscall expects a NULL-terminated string.
+		cmdlineLen++
+	}
+	return kexecFileLoad(kernelFd, initrdFd, cmdlineLen, cmdline, flags)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go
new file mode 100644
index 000000000..c6de6b913
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go
@@ -0,0 +1,245 @@
+// Copyright 2015 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build arm64,linux
+
+package unix
+
+import "unsafe"
+
+func EpollCreate(size int) (fd int, err error) {
+	if size <= 0 {
+		return -1, EINVAL
+	}
+	return EpollCreate1(0)
+}
+
+//sys	EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) = SYS_EPOLL_PWAIT
+//sys	Fadvise(fd int, offset int64, length int64, advice int) (err error) = SYS_FADVISE64
+//sys	Fchown(fd int, uid int, gid int) (err error)
+//sys	Fstat(fd int, stat *Stat_t) (err error)
+//sys	Fstatat(fd int, path string, stat *Stat_t, flags int) (err error)
+//sys	Fstatfs(fd int, buf *Statfs_t) (err error)
+//sys	Ftruncate(fd int, length int64) (err error)
+//sysnb	Getegid() (egid int)
+//sysnb	Geteuid() (euid int)
+//sysnb	Getgid() (gid int)
+//sysnb	getrlimit(resource int, rlim *Rlimit) (err error)
+//sysnb	Getuid() (uid int)
+//sys	Listen(s int, n int) (err error)
+//sys	Pread(fd int, p []byte, offset int64) (n int, err error) = SYS_PREAD64
+//sys	Pwrite(fd int, p []byte, offset int64) (n int, err error) = SYS_PWRITE64
+//sys	Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error)
+//sys	Seek(fd int, offset int64, whence int) (off int64, err error) = SYS_LSEEK
+
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	var ts *Timespec
+	if timeout != nil {
+		ts = &Timespec{Sec: timeout.Sec, Nsec: timeout.Usec * 1000}
+	}
+	return Pselect(nfd, r, w, e, ts, nil)
+}
+
+//sys	sendfile(outfd int, infd int, offset *int64, count int) (written int, err error)
+//sys	setfsgid(gid int) (prev int, err error)
+//sys	setfsuid(uid int) (prev int, err error)
+//sysnb	Setregid(rgid int, egid int) (err error)
+//sysnb	Setresgid(rgid int, egid int, sgid int) (err error)
+//sysnb	Setresuid(ruid int, euid int, suid int) (err error)
+//sysnb	setrlimit(resource int, rlim *Rlimit) (err error)
+//sysnb	Setreuid(ruid int, euid int) (err error)
+//sys	Shutdown(fd int, how int) (err error)
+//sys	Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error)
+
+func Stat(path string, stat *Stat_t) (err error) {
+	return Fstatat(AT_FDCWD, path, stat, 0)
+}
+
+func Lchown(path string, uid int, gid int) (err error) {
+	return Fchownat(AT_FDCWD, path, uid, gid, AT_SYMLINK_NOFOLLOW)
+}
+
+func Lstat(path string, stat *Stat_t) (err error) {
+	return Fstatat(AT_FDCWD, path, stat, AT_SYMLINK_NOFOLLOW)
+}
+
+//sys	Statfs(path string, buf *Statfs_t) (err error)
+//sys	SyncFileRange(fd int, off int64, n int64, flags int) (err error)
+//sys	Truncate(path string, length int64) (err error)
+
+func Ustat(dev int, ubuf *Ustat_t) (err error) {
+	return ENOSYS
+}
+
+//sys	accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error)
+//sys	accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error)
+//sys	bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error)
+//sys	connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error)
+//sysnb	getgroups(n int, list *_Gid_t) (nn int, err error)
+//sysnb	setgroups(n int, list *_Gid_t) (err error)
+//sys	getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error)
+//sys	setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error)
+//sysnb	socket(domain int, typ int, proto int) (fd int, err error)
+//sysnb	socketpair(domain int, typ int, proto int, fd *[2]int32) (err error)
+//sysnb	getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error)
+//sysnb	getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error)
+//sys	recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error)
+//sys	sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error)
+//sys	recvmsg(s int, msg *Msghdr, flags int) (n int, err error)
+//sys	sendmsg(s int, msg *Msghdr, flags int) (n int, err error)
+//sys	mmap(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (xaddr uintptr, err error)
+
+//sysnb	Gettimeofday(tv *Timeval) (err error)
+
+func setTimespec(sec, nsec int64) Timespec {
+	return Timespec{Sec: sec, Nsec: nsec}
+}
+
+func setTimeval(sec, usec int64) Timeval {
+	return Timeval{Sec: sec, Usec: usec}
+}
+
+func futimesat(dirfd int, path string, tv *[2]Timeval) (err error) {
+	if tv == nil {
+		return utimensat(dirfd, path, nil, 0)
+	}
+
+	ts := []Timespec{
+		NsecToTimespec(TimevalToNsec(tv[0])),
+		NsecToTimespec(TimevalToNsec(tv[1])),
+	}
+	return utimensat(dirfd, path, (*[2]Timespec)(unsafe.Pointer(&ts[0])), 0)
+}
+
+func Time(t *Time_t) (Time_t, error) {
+	var tv Timeval
+	err := Gettimeofday(&tv)
+	if err != nil {
+		return 0, err
+	}
+	if t != nil {
+		*t = Time_t(tv.Sec)
+	}
+	return Time_t(tv.Sec), nil
+}
+
+func Utime(path string, buf *Utimbuf) error {
+	tv := []Timeval{
+		{Sec: buf.Actime},
+		{Sec: buf.Modtime},
+	}
+	return Utimes(path, tv)
+}
+
+func utimes(path string, tv *[2]Timeval) (err error) {
+	if tv == nil {
+		return utimensat(AT_FDCWD, path, nil, 0)
+	}
+
+	ts := []Timespec{
+		NsecToTimespec(TimevalToNsec(tv[0])),
+		NsecToTimespec(TimevalToNsec(tv[1])),
+	}
+	return utimensat(AT_FDCWD, path, (*[2]Timespec)(unsafe.Pointer(&ts[0])), 0)
+}
+
+func Pipe(p []int) (err error) {
+	if len(p) != 2 {
+		return EINVAL
+	}
+	var pp [2]_C_int
+	err = pipe2(&pp, 0)
+	p[0] = int(pp[0])
+	p[1] = int(pp[1])
+	return
+}
+
+//sysnb pipe2(p *[2]_C_int, flags int) (err error)
+
+func Pipe2(p []int, flags int) (err error) {
+	if len(p) != 2 {
+		return EINVAL
+	}
+	var pp [2]_C_int
+	err = pipe2(&pp, flags)
+	p[0] = int(pp[0])
+	p[1] = int(pp[1])
+	return
+}
+
+// Getrlimit prefers the prlimit64 system call. See issue 38604.
+func Getrlimit(resource int, rlim *Rlimit) error {
+	err := prlimit(0, resource, nil, rlim)
+	if err != ENOSYS {
+		return err
+	}
+	return getrlimit(resource, rlim)
+}
+
+// Setrlimit prefers the prlimit64 system call. See issue 38604.
+func Setrlimit(resource int, rlim *Rlimit) error {
+	err := prlimit(0, resource, rlim, nil)
+	if err != ENOSYS {
+		return err
+	}
+	return setrlimit(resource, rlim)
+}
+
+func (r *PtraceRegs) PC() uint64 { return r.Pc }
+
+func (r *PtraceRegs) SetPC(pc uint64) { r.Pc = pc }
+
+func (iov *Iovec) SetLen(length int) {
+	iov.Len = uint64(length)
+}
+
+func (msghdr *Msghdr) SetControllen(length int) {
+	msghdr.Controllen = uint64(length)
+}
+
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = uint64(length)
+}
+
+func (cmsg *Cmsghdr) SetLen(length int) {
+	cmsg.Len = uint64(length)
+}
+
+func InotifyInit() (fd int, err error) {
+	return InotifyInit1(0)
+}
+
+// dup2 exists because func Dup3 in syscall_linux.go references
+// it in an unreachable path. dup2 isn't available on arm64.
+func dup2(oldfd int, newfd int) error
+
+func Pause() error {
+	_, err := ppoll(nil, 0, nil, nil)
+	return err
+}
+
+func Poll(fds []PollFd, timeout int) (n int, err error) {
+	var ts *Timespec
+	if timeout >= 0 {
+		ts = new(Timespec)
+		*ts = NsecToTimespec(int64(timeout) * 1e6)
+	}
+	if len(fds) == 0 {
+		return ppoll(nil, 0, ts, nil)
+	}
+	return ppoll(&fds[0], len(fds), ts, nil)
+}
+
+//sys	kexecFileLoad(kernelFd int, initrdFd int, cmdlineLen int, cmdline string, flags int) (err error)
+
+func KexecFileLoad(kernelFd int, initrdFd int, cmdline string, flags int) error {
+	cmdlineLen := len(cmdline)
+	if cmdlineLen > 0 {
+		// Account for the additional NULL byte added by
+		// BytePtrFromString in kexecFileLoad. The kexec_file_load
+		// syscall expects a NULL-terminated string.
+		cmdlineLen++
+	}
+	return kexecFileLoad(kernelFd, initrdFd, cmdlineLen, cmdline, flags)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_linux_gc.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_linux_gc.go
new file mode 100644
index 000000000..c26e6ec23
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_linux_gc.go
@@ -0,0 +1,14 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build linux,!gccgo
+
+package unix
+
+// SyscallNoError may be used instead of Syscall for syscalls that don't fail.
+func SyscallNoError(trap, a1, a2, a3 uintptr) (r1, r2 uintptr)
+
+// RawSyscallNoError may be used instead of RawSyscall for syscalls that don't
+// fail.
+func RawSyscallNoError(trap, a1, a2, a3 uintptr) (r1, r2 uintptr)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go
new file mode 100644
index 000000000..070bd3899
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go
@@ -0,0 +1,16 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build linux,!gccgo,386
+
+package unix
+
+import "syscall"
+
+// Underlying system call writes to newoffset via pointer.
+// Implemented in assembly to avoid allocation.
+func seek(fd int, offset int64, whence int) (newoffset int64, err syscall.Errno)
+
+func socketcall(call int, a0, a1, a2, a3, a4, a5 uintptr) (n int, err syscall.Errno)
+func rawsocketcall(call int, a0, a1, a2, a3, a4, a5 uintptr) (n int, err syscall.Errno)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_linux_gc_arm.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_linux_gc_arm.go
new file mode 100644
index 000000000..8c514c95e
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_linux_gc_arm.go
@@ -0,0 +1,13 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build arm,!gccgo,linux
+
+package unix
+
+import "syscall"
+
+// Underlying system call writes to newoffset via pointer.
+// Implemented in assembly to avoid allocation.
+func seek(fd int, offset int64, whence int) (newoffset int64, err syscall.Errno)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_386.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_386.go
new file mode 100644
index 000000000..308eb7aec
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_386.go
@@ -0,0 +1,30 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build linux,gccgo,386
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+func seek(fd int, offset int64, whence int) (int64, syscall.Errno) {
+	var newoffset int64
+	offsetLow := uint32(offset & 0xffffffff)
+	offsetHigh := uint32((offset >> 32) & 0xffffffff)
+	_, _, err := Syscall6(SYS__LLSEEK, uintptr(fd), uintptr(offsetHigh), uintptr(offsetLow), uintptr(unsafe.Pointer(&newoffset)), uintptr(whence), 0)
+	return newoffset, err
+}
+
+func socketcall(call int, a0, a1, a2, a3, a4, a5 uintptr) (int, syscall.Errno) {
+	fd, _, err := Syscall(SYS_SOCKETCALL, uintptr(call), uintptr(unsafe.Pointer(&a0)), 0)
+	return int(fd), err
+}
+
+func rawsocketcall(call int, a0, a1, a2, a3, a4, a5 uintptr) (int, syscall.Errno) {
+	fd, _, err := RawSyscall(SYS_SOCKETCALL, uintptr(call), uintptr(unsafe.Pointer(&a0)), 0)
+	return int(fd), err
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_arm.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_arm.go
new file mode 100644
index 000000000..aa7fc9e19
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_arm.go
@@ -0,0 +1,20 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build linux,gccgo,arm
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+func seek(fd int, offset int64, whence int) (int64, syscall.Errno) {
+	var newoffset int64
+	offsetLow := uint32(offset & 0xffffffff)
+	offsetHigh := uint32((offset >> 32) & 0xffffffff)
+	_, _, err := Syscall6(SYS__LLSEEK, uintptr(fd), uintptr(offsetHigh), uintptr(offsetLow), uintptr(unsafe.Pointer(&newoffset)), uintptr(whence), 0)
+	return newoffset, err
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go
new file mode 100644
index 000000000..f0287476c
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go
@@ -0,0 +1,230 @@
+// Copyright 2015 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build linux
+// +build mips64 mips64le
+
+package unix
+
+//sys	dup2(oldfd int, newfd int) (err error)
+//sysnb	EpollCreate(size int) (fd int, err error)
+//sys	EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error)
+//sys	Fadvise(fd int, offset int64, length int64, advice int) (err error) = SYS_FADVISE64
+//sys	Fchown(fd int, uid int, gid int) (err error)
+//sys	Fstatfs(fd int, buf *Statfs_t) (err error)
+//sys	Ftruncate(fd int, length int64) (err error)
+//sysnb	Getegid() (egid int)
+//sysnb	Geteuid() (euid int)
+//sysnb	Getgid() (gid int)
+//sysnb	Getrlimit(resource int, rlim *Rlimit) (err error)
+//sysnb	Getuid() (uid int)
+//sys	Lchown(path string, uid int, gid int) (err error)
+//sys	Listen(s int, n int) (err error)
+//sys	Pause() (err error)
+//sys	Pread(fd int, p []byte, offset int64) (n int, err error) = SYS_PREAD64
+//sys	Pwrite(fd int, p []byte, offset int64) (n int, err error) = SYS_PWRITE64
+//sys	Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error)
+//sys	Seek(fd int, offset int64, whence int) (off int64, err error) = SYS_LSEEK
+
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	var ts *Timespec
+	if timeout != nil {
+		ts = &Timespec{Sec: timeout.Sec, Nsec: timeout.Usec * 1000}
+	}
+	return Pselect(nfd, r, w, e, ts, nil)
+}
+
+//sys	sendfile(outfd int, infd int, offset *int64, count int) (written int, err error)
+//sys	setfsgid(gid int) (prev int, err error)
+//sys	setfsuid(uid int) (prev int, err error)
+//sysnb	Setregid(rgid int, egid int) (err error)
+//sysnb	Setresgid(rgid int, egid int, sgid int) (err error)
+//sysnb	Setresuid(ruid int, euid int, suid int) (err error)
+//sysnb	Setrlimit(resource int, rlim *Rlimit) (err error)
+//sysnb	Setreuid(ruid int, euid int) (err error)
+//sys	Shutdown(fd int, how int) (err error)
+//sys	Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error)
+//sys	Statfs(path string, buf *Statfs_t) (err error)
+//sys	SyncFileRange(fd int, off int64, n int64, flags int) (err error)
+//sys	Truncate(path string, length int64) (err error)
+//sys	Ustat(dev int, ubuf *Ustat_t) (err error)
+//sys	accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error)
+//sys	accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error)
+//sys	bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error)
+//sys	connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error)
+//sysnb	getgroups(n int, list *_Gid_t) (nn int, err error)
+//sysnb	setgroups(n int, list *_Gid_t) (err error)
+//sys	getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error)
+//sys	setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error)
+//sysnb	socket(domain int, typ int, proto int) (fd int, err error)
+//sysnb	socketpair(domain int, typ int, proto int, fd *[2]int32) (err error)
+//sysnb	getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error)
+//sysnb	getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error)
+//sys	recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error)
+//sys	sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error)
+//sys	recvmsg(s int, msg *Msghdr, flags int) (n int, err error)
+//sys	sendmsg(s int, msg *Msghdr, flags int) (n int, err error)
+//sys	mmap(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (xaddr uintptr, err error)
+
+//sys	futimesat(dirfd int, path string, times *[2]Timeval) (err error)
+//sysnb	Gettimeofday(tv *Timeval) (err error)
+
+func Time(t *Time_t) (tt Time_t, err error) {
+	var tv Timeval
+	err = Gettimeofday(&tv)
+	if err != nil {
+		return 0, err
+	}
+	if t != nil {
+		*t = Time_t(tv.Sec)
+	}
+	return Time_t(tv.Sec), nil
+}
+
+//sys	Utime(path string, buf *Utimbuf) (err error)
+//sys	utimes(path string, times *[2]Timeval) (err error)
+
+func setTimespec(sec, nsec int64) Timespec {
+	return Timespec{Sec: sec, Nsec: nsec}
+}
+
+func setTimeval(sec, usec int64) Timeval {
+	return Timeval{Sec: sec, Usec: usec}
+}
+
+func Pipe(p []int) (err error) {
+	if len(p) != 2 {
+		return EINVAL
+	}
+	var pp [2]_C_int
+	err = pipe2(&pp, 0)
+	p[0] = int(pp[0])
+	p[1] = int(pp[1])
+	return
+}
+
+//sysnb pipe2(p *[2]_C_int, flags int) (err error)
+
+func Pipe2(p []int, flags int) (err error) {
+	if len(p) != 2 {
+		return EINVAL
+	}
+	var pp [2]_C_int
+	err = pipe2(&pp, flags)
+	p[0] = int(pp[0])
+	p[1] = int(pp[1])
+	return
+}
+
+func Ioperm(from int, num int, on int) (err error) {
+	return ENOSYS
+}
+
+func Iopl(level int) (err error) {
+	return ENOSYS
+}
+
+type stat_t struct {
+	Dev        uint32
+	Pad0       [3]int32
+	Ino        uint64
+	Mode       uint32
+	Nlink      uint32
+	Uid        uint32
+	Gid        uint32
+	Rdev       uint32
+	Pad1       [3]uint32
+	Size       int64
+	Atime      uint32
+	Atime_nsec uint32
+	Mtime      uint32
+	Mtime_nsec uint32
+	Ctime      uint32
+	Ctime_nsec uint32
+	Blksize    uint32
+	Pad2       uint32
+	Blocks     int64
+}
+
+//sys	fstat(fd int, st *stat_t) (err error)
+//sys	fstatat(dirfd int, path string, st *stat_t, flags int) (err error) = SYS_NEWFSTATAT
+//sys	lstat(path string, st *stat_t) (err error)
+//sys	stat(path string, st *stat_t) (err error)
+
+func Fstat(fd int, s *Stat_t) (err error) {
+	st := &stat_t{}
+	err = fstat(fd, st)
+	fillStat_t(s, st)
+	return
+}
+
+func Fstatat(dirfd int, path string, s *Stat_t, flags int) (err error) {
+	st := &stat_t{}
+	err = fstatat(dirfd, path, st, flags)
+	fillStat_t(s, st)
+	return
+}
+
+func Lstat(path string, s *Stat_t) (err error) {
+	st := &stat_t{}
+	err = lstat(path, st)
+	fillStat_t(s, st)
+	return
+}
+
+func Stat(path string, s *Stat_t) (err error) {
+	st := &stat_t{}
+	err = stat(path, st)
+	fillStat_t(s, st)
+	return
+}
+
+func fillStat_t(s *Stat_t, st *stat_t) {
+	s.Dev = st.Dev
+	s.Ino = st.Ino
+	s.Mode = st.Mode
+	s.Nlink = st.Nlink
+	s.Uid = st.Uid
+	s.Gid = st.Gid
+	s.Rdev = st.Rdev
+	s.Size = st.Size
+	s.Atim = Timespec{int64(st.Atime), int64(st.Atime_nsec)}
+	s.Mtim = Timespec{int64(st.Mtime), int64(st.Mtime_nsec)}
+	s.Ctim = Timespec{int64(st.Ctime), int64(st.Ctime_nsec)}
+	s.Blksize = st.Blksize
+	s.Blocks = st.Blocks
+}
+
+func (r *PtraceRegs) PC() uint64 { return r.Epc }
+
+func (r *PtraceRegs) SetPC(pc uint64) { r.Epc = pc }
+
+func (iov *Iovec) SetLen(length int) {
+	iov.Len = uint64(length)
+}
+
+func (msghdr *Msghdr) SetControllen(length int) {
+	msghdr.Controllen = uint64(length)
+}
+
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = uint64(length)
+}
+
+func (cmsg *Cmsghdr) SetLen(length int) {
+	cmsg.Len = uint64(length)
+}
+
+func InotifyInit() (fd int, err error) {
+	return InotifyInit1(0)
+}
+
+//sys	poll(fds *PollFd, nfds int, timeout int) (n int, err error)
+
+func Poll(fds []PollFd, timeout int) (n int, err error) {
+	if len(fds) == 0 {
+		return poll(nil, 0, timeout)
+	}
+	return poll(&fds[0], len(fds), timeout)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go
new file mode 100644
index 000000000..c11328111
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go
@@ -0,0 +1,238 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build linux
+// +build mips mipsle
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+func Syscall9(trap, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno)
+
+//sys	dup2(oldfd int, newfd int) (err error)
+//sysnb	EpollCreate(size int) (fd int, err error)
+//sys	EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error)
+//sys	Fadvise(fd int, offset int64, length int64, advice int) (err error) = SYS_FADVISE64
+//sys	Fchown(fd int, uid int, gid int) (err error)
+//sys	Ftruncate(fd int, length int64) (err error) = SYS_FTRUNCATE64
+//sysnb	Getegid() (egid int)
+//sysnb	Geteuid() (euid int)
+//sysnb	Getgid() (gid int)
+//sysnb	Getuid() (uid int)
+//sys	Lchown(path string, uid int, gid int) (err error)
+//sys	Listen(s int, n int) (err error)
+//sys	Pread(fd int, p []byte, offset int64) (n int, err error) = SYS_PREAD64
+//sys	Pwrite(fd int, p []byte, offset int64) (n int, err error) = SYS_PWRITE64
+//sys	Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error)
+//sys	Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) = SYS__NEWSELECT
+//sys	sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) = SYS_SENDFILE64
+//sys	setfsgid(gid int) (prev int, err error)
+//sys	setfsuid(uid int) (prev int, err error)
+//sysnb	Setregid(rgid int, egid int) (err error)
+//sysnb	Setresgid(rgid int, egid int, sgid int) (err error)
+//sysnb	Setresuid(ruid int, euid int, suid int) (err error)
+//sysnb	Setreuid(ruid int, euid int) (err error)
+//sys	Shutdown(fd int, how int) (err error)
+//sys	Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int, err error)
+//sys	SyncFileRange(fd int, off int64, n int64, flags int) (err error)
+//sys	Truncate(path string, length int64) (err error) = SYS_TRUNCATE64
+//sys	Ustat(dev int, ubuf *Ustat_t) (err error)
+//sys	accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error)
+//sys	accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error)
+//sys	bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error)
+//sys	connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error)
+//sysnb	getgroups(n int, list *_Gid_t) (nn int, err error)
+//sysnb	setgroups(n int, list *_Gid_t) (err error)
+//sys	getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error)
+//sys	setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error)
+//sysnb	socket(domain int, typ int, proto int) (fd int, err error)
+//sysnb	socketpair(domain int, typ int, proto int, fd *[2]int32) (err error)
+//sysnb	getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error)
+//sysnb	getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error)
+//sys	recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error)
+//sys	sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error)
+//sys	recvmsg(s int, msg *Msghdr, flags int) (n int, err error)
+//sys	sendmsg(s int, msg *Msghdr, flags int) (n int, err error)
+
+//sysnb	InotifyInit() (fd int, err error)
+//sys	Ioperm(from int, num int, on int) (err error)
+//sys	Iopl(level int) (err error)
+
+//sys	futimesat(dirfd int, path string, times *[2]Timeval) (err error)
+//sysnb	Gettimeofday(tv *Timeval) (err error)
+//sysnb	Time(t *Time_t) (tt Time_t, err error)
+//sys	Utime(path string, buf *Utimbuf) (err error)
+//sys	utimes(path string, times *[2]Timeval) (err error)
+
+//sys	Lstat(path string, stat *Stat_t) (err error) = SYS_LSTAT64
+//sys	Fstat(fd int, stat *Stat_t) (err error) = SYS_FSTAT64
+//sys	Fstatat(dirfd int, path string, stat *Stat_t, flags int) (err error) = SYS_FSTATAT64
+//sys	Stat(path string, stat *Stat_t) (err error) = SYS_STAT64
+
+//sys	Pause() (err error)
+
+func Fstatfs(fd int, buf *Statfs_t) (err error) {
+	_, _, e := Syscall(SYS_FSTATFS64, uintptr(fd), unsafe.Sizeof(*buf), uintptr(unsafe.Pointer(buf)))
+	if e != 0 {
+		err = errnoErr(e)
+	}
+	return
+}
+
+func Statfs(path string, buf *Statfs_t) (err error) {
+	p, err := BytePtrFromString(path)
+	if err != nil {
+		return err
+	}
+	_, _, e := Syscall(SYS_STATFS64, uintptr(unsafe.Pointer(p)), unsafe.Sizeof(*buf), uintptr(unsafe.Pointer(buf)))
+	if e != 0 {
+		err = errnoErr(e)
+	}
+	return
+}
+
+func Seek(fd int, offset int64, whence int) (off int64, err error) {
+	_, _, e := Syscall6(SYS__LLSEEK, uintptr(fd), uintptr(offset>>32), uintptr(offset), uintptr(unsafe.Pointer(&off)), uintptr(whence), 0)
+	if e != 0 {
+		err = errnoErr(e)
+	}
+	return
+}
+
+func setTimespec(sec, nsec int64) Timespec {
+	return Timespec{Sec: int32(sec), Nsec: int32(nsec)}
+}
+
+func setTimeval(sec, usec int64) Timeval {
+	return Timeval{Sec: int32(sec), Usec: int32(usec)}
+}
+
+//sysnb pipe2(p *[2]_C_int, flags int) (err error)
+
+func Pipe2(p []int, flags int) (err error) {
+	if len(p) != 2 {
+		return EINVAL
+	}
+	var pp [2]_C_int
+	err = pipe2(&pp, flags)
+	p[0] = int(pp[0])
+	p[1] = int(pp[1])
+	return
+}
+
+//sysnb pipe() (p1 int, p2 int, err error)
+
+func Pipe(p []int) (err error) {
+	if len(p) != 2 {
+		return EINVAL
+	}
+	p[0], p[1], err = pipe()
+	return
+}
+
+//sys	mmap2(addr uintptr, length uintptr, prot int, flags int, fd int, pageOffset uintptr) (xaddr uintptr, err error)
+
+func mmap(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (xaddr uintptr, err error) {
+	page := uintptr(offset / 4096)
+	if offset != int64(page)*4096 {
+		return 0, EINVAL
+	}
+	return mmap2(addr, length, prot, flags, fd, page)
+}
+
+const rlimInf32 = ^uint32(0)
+const rlimInf64 = ^uint64(0)
+
+type rlimit32 struct {
+	Cur uint32
+	Max uint32
+}
+
+//sysnb getrlimit(resource int, rlim *rlimit32) (err error) = SYS_GETRLIMIT
+
+func Getrlimit(resource int, rlim *Rlimit) (err error) {
+	err = prlimit(0, resource, nil, rlim)
+	if err != ENOSYS {
+		return err
+	}
+
+	rl := rlimit32{}
+	err = getrlimit(resource, &rl)
+	if err != nil {
+		return
+	}
+
+	if rl.Cur == rlimInf32 {
+		rlim.Cur = rlimInf64
+	} else {
+		rlim.Cur = uint64(rl.Cur)
+	}
+
+	if rl.Max == rlimInf32 {
+		rlim.Max = rlimInf64
+	} else {
+		rlim.Max = uint64(rl.Max)
+	}
+	return
+}
+
+//sysnb setrlimit(resource int, rlim *rlimit32) (err error) = SYS_SETRLIMIT
+
+func Setrlimit(resource int, rlim *Rlimit) (err error) {
+	err = prlimit(0, resource, rlim, nil)
+	if err != ENOSYS {
+		return err
+	}
+
+	rl := rlimit32{}
+	if rlim.Cur == rlimInf64 {
+		rl.Cur = rlimInf32
+	} else if rlim.Cur < uint64(rlimInf32) {
+		rl.Cur = uint32(rlim.Cur)
+	} else {
+		return EINVAL
+	}
+	if rlim.Max == rlimInf64 {
+		rl.Max = rlimInf32
+	} else if rlim.Max < uint64(rlimInf32) {
+		rl.Max = uint32(rlim.Max)
+	} else {
+		return EINVAL
+	}
+
+	return setrlimit(resource, &rl)
+}
+
+func (r *PtraceRegs) PC() uint64 { return r.Epc }
+
+func (r *PtraceRegs) SetPC(pc uint64) { r.Epc = pc }
+
+func (iov *Iovec) SetLen(length int) {
+	iov.Len = uint32(length)
+}
+
+func (msghdr *Msghdr) SetControllen(length int) {
+	msghdr.Controllen = uint32(length)
+}
+
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = uint32(length)
+}
+
+func (cmsg *Cmsghdr) SetLen(length int) {
+	cmsg.Len = uint32(length)
+}
+
+//sys	poll(fds *PollFd, nfds int, timeout int) (n int, err error)
+
+func Poll(fds []PollFd, timeout int) (n int, err error) {
+	if len(fds) == 0 {
+		return poll(nil, 0, timeout)
+	}
+	return poll(&fds[0], len(fds), timeout)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go
new file mode 100644
index 000000000..349374409
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go
@@ -0,0 +1,156 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build linux
+// +build ppc64 ppc64le
+
+package unix
+
+//sys	dup2(oldfd int, newfd int) (err error)
+//sysnb	EpollCreate(size int) (fd int, err error)
+//sys	EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error)
+//sys	Fadvise(fd int, offset int64, length int64, advice int) (err error) = SYS_FADVISE64
+//sys	Fchown(fd int, uid int, gid int) (err error)
+//sys	Fstat(fd int, stat *Stat_t) (err error)
+//sys	Fstatat(dirfd int, path string, stat *Stat_t, flags int) (err error) = SYS_NEWFSTATAT
+//sys	Fstatfs(fd int, buf *Statfs_t) (err error)
+//sys	Ftruncate(fd int, length int64) (err error)
+//sysnb	Getegid() (egid int)
+//sysnb	Geteuid() (euid int)
+//sysnb	Getgid() (gid int)
+//sysnb	Getrlimit(resource int, rlim *Rlimit) (err error) = SYS_UGETRLIMIT
+//sysnb	Getuid() (uid int)
+//sysnb	InotifyInit() (fd int, err error)
+//sys	Ioperm(from int, num int, on int) (err error)
+//sys	Iopl(level int) (err error)
+//sys	Lchown(path string, uid int, gid int) (err error)
+//sys	Listen(s int, n int) (err error)
+//sys	Lstat(path string, stat *Stat_t) (err error)
+//sys	Pause() (err error)
+//sys	Pread(fd int, p []byte, offset int64) (n int, err error) = SYS_PREAD64
+//sys	Pwrite(fd int, p []byte, offset int64) (n int, err error) = SYS_PWRITE64
+//sys	Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error)
+//sys	Seek(fd int, offset int64, whence int) (off int64, err error) = SYS_LSEEK
+//sys	Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) = SYS__NEWSELECT
+//sys	sendfile(outfd int, infd int, offset *int64, count int) (written int, err error)
+//sys	setfsgid(gid int) (prev int, err error)
+//sys	setfsuid(uid int) (prev int, err error)
+//sysnb	Setregid(rgid int, egid int) (err error)
+//sysnb	Setresgid(rgid int, egid int, sgid int) (err error)
+//sysnb	Setresuid(ruid int, euid int, suid int) (err error)
+//sysnb	Setrlimit(resource int, rlim *Rlimit) (err error)
+//sysnb	Setreuid(ruid int, euid int) (err error)
+//sys	Shutdown(fd int, how int) (err error)
+//sys	Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error)
+//sys	Stat(path string, stat *Stat_t) (err error)
+//sys	Statfs(path string, buf *Statfs_t) (err error)
+//sys	Truncate(path string, length int64) (err error)
+//sys	Ustat(dev int, ubuf *Ustat_t) (err error)
+//sys	accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error)
+//sys	accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error)
+//sys	bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error)
+//sys	connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error)
+//sysnb	getgroups(n int, list *_Gid_t) (nn int, err error)
+//sysnb	setgroups(n int, list *_Gid_t) (err error)
+//sys	getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error)
+//sys	setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error)
+//sysnb	socket(domain int, typ int, proto int) (fd int, err error)
+//sysnb	socketpair(domain int, typ int, proto int, fd *[2]int32) (err error)
+//sysnb	getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error)
+//sysnb	getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error)
+//sys	recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error)
+//sys	sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error)
+//sys	recvmsg(s int, msg *Msghdr, flags int) (n int, err error)
+//sys	sendmsg(s int, msg *Msghdr, flags int) (n int, err error)
+//sys	mmap(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (xaddr uintptr, err error)
+
+//sys	futimesat(dirfd int, path string, times *[2]Timeval) (err error)
+//sysnb	Gettimeofday(tv *Timeval) (err error)
+//sysnb	Time(t *Time_t) (tt Time_t, err error)
+//sys	Utime(path string, buf *Utimbuf) (err error)
+//sys	utimes(path string, times *[2]Timeval) (err error)
+
+func setTimespec(sec, nsec int64) Timespec {
+	return Timespec{Sec: sec, Nsec: nsec}
+}
+
+func setTimeval(sec, usec int64) Timeval {
+	return Timeval{Sec: sec, Usec: usec}
+}
+
+func (r *PtraceRegs) PC() uint64 { return r.Nip }
+
+func (r *PtraceRegs) SetPC(pc uint64) { r.Nip = pc }
+
+func (iov *Iovec) SetLen(length int) {
+	iov.Len = uint64(length)
+}
+
+func (msghdr *Msghdr) SetControllen(length int) {
+	msghdr.Controllen = uint64(length)
+}
+
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = uint64(length)
+}
+
+func (cmsg *Cmsghdr) SetLen(length int) {
+	cmsg.Len = uint64(length)
+}
+
+//sysnb pipe(p *[2]_C_int) (err error)
+
+func Pipe(p []int) (err error) {
+	if len(p) != 2 {
+		return EINVAL
+	}
+	var pp [2]_C_int
+	err = pipe(&pp)
+	p[0] = int(pp[0])
+	p[1] = int(pp[1])
+	return
+}
+
+//sysnb pipe2(p *[2]_C_int, flags int) (err error)
+
+func Pipe2(p []int, flags int) (err error) {
+	if len(p) != 2 {
+		return EINVAL
+	}
+	var pp [2]_C_int
+	err = pipe2(&pp, flags)
+	p[0] = int(pp[0])
+	p[1] = int(pp[1])
+	return
+}
+
+//sys	poll(fds *PollFd, nfds int, timeout int) (n int, err error)
+
+func Poll(fds []PollFd, timeout int) (n int, err error) {
+	if len(fds) == 0 {
+		return poll(nil, 0, timeout)
+	}
+	return poll(&fds[0], len(fds), timeout)
+}
+
+//sys	syncFileRange2(fd int, flags int, off int64, n int64) (err error) = SYS_SYNC_FILE_RANGE2
+
+func SyncFileRange(fd int, off int64, n int64, flags int) error {
+	// The sync_file_range and sync_file_range2 syscalls differ only in the
+	// order of their arguments.
+	return syncFileRange2(fd, flags, off, n)
+}
+
+//sys	kexecFileLoad(kernelFd int, initrdFd int, cmdlineLen int, cmdline string, flags int) (err error)
+
+func KexecFileLoad(kernelFd int, initrdFd int, cmdline string, flags int) error {
+	cmdlineLen := len(cmdline)
+	if cmdlineLen > 0 {
+		// Account for the additional NULL byte added by
+		// BytePtrFromString in kexecFileLoad. The kexec_file_load
+		// syscall expects a NULL-terminated string.
+		cmdlineLen++
+	}
+	return kexecFileLoad(kernelFd, initrdFd, cmdlineLen, cmdline, flags)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go
new file mode 100644
index 000000000..b0b150556
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go
@@ -0,0 +1,230 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build riscv64,linux
+
+package unix
+
+import "unsafe"
+
+func EpollCreate(size int) (fd int, err error) {
+	if size <= 0 {
+		return -1, EINVAL
+	}
+	return EpollCreate1(0)
+}
+
+//sys	EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) = SYS_EPOLL_PWAIT
+//sys	Fadvise(fd int, offset int64, length int64, advice int) (err error) = SYS_FADVISE64
+//sys	Fchown(fd int, uid int, gid int) (err error)
+//sys	Fstat(fd int, stat *Stat_t) (err error)
+//sys	Fstatat(fd int, path string, stat *Stat_t, flags int) (err error)
+//sys	Fstatfs(fd int, buf *Statfs_t) (err error)
+//sys	Ftruncate(fd int, length int64) (err error)
+//sysnb	Getegid() (egid int)
+//sysnb	Geteuid() (euid int)
+//sysnb	Getgid() (gid int)
+//sysnb	Getrlimit(resource int, rlim *Rlimit) (err error)
+//sysnb	Getuid() (uid int)
+//sys	Listen(s int, n int) (err error)
+//sys	Pread(fd int, p []byte, offset int64) (n int, err error) = SYS_PREAD64
+//sys	Pwrite(fd int, p []byte, offset int64) (n int, err error) = SYS_PWRITE64
+//sys	Seek(fd int, offset int64, whence int) (off int64, err error) = SYS_LSEEK
+
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	var ts *Timespec
+	if timeout != nil {
+		ts = &Timespec{Sec: timeout.Sec, Nsec: timeout.Usec * 1000}
+	}
+	return Pselect(nfd, r, w, e, ts, nil)
+}
+
+//sys	sendfile(outfd int, infd int, offset *int64, count int) (written int, err error)
+//sys	setfsgid(gid int) (prev int, err error)
+//sys	setfsuid(uid int) (prev int, err error)
+//sysnb	Setregid(rgid int, egid int) (err error)
+//sysnb	Setresgid(rgid int, egid int, sgid int) (err error)
+//sysnb	Setresuid(ruid int, euid int, suid int) (err error)
+//sysnb	Setrlimit(resource int, rlim *Rlimit) (err error)
+//sysnb	Setreuid(ruid int, euid int) (err error)
+//sys	Shutdown(fd int, how int) (err error)
+//sys	Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error)
+
+func Stat(path string, stat *Stat_t) (err error) {
+	return Fstatat(AT_FDCWD, path, stat, 0)
+}
+
+func Lchown(path string, uid int, gid int) (err error) {
+	return Fchownat(AT_FDCWD, path, uid, gid, AT_SYMLINK_NOFOLLOW)
+}
+
+func Lstat(path string, stat *Stat_t) (err error) {
+	return Fstatat(AT_FDCWD, path, stat, AT_SYMLINK_NOFOLLOW)
+}
+
+//sys	Statfs(path string, buf *Statfs_t) (err error)
+//sys	SyncFileRange(fd int, off int64, n int64, flags int) (err error)
+//sys	Truncate(path string, length int64) (err error)
+
+func Ustat(dev int, ubuf *Ustat_t) (err error) {
+	return ENOSYS
+}
+
+//sys	accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error)
+//sys	accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error)
+//sys	bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error)
+//sys	connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error)
+//sysnb	getgroups(n int, list *_Gid_t) (nn int, err error)
+//sysnb	setgroups(n int, list *_Gid_t) (err error)
+//sys	getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error)
+//sys	setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error)
+//sysnb	socket(domain int, typ int, proto int) (fd int, err error)
+//sysnb	socketpair(domain int, typ int, proto int, fd *[2]int32) (err error)
+//sysnb	getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error)
+//sysnb	getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error)
+//sys	recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error)
+//sys	sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error)
+//sys	recvmsg(s int, msg *Msghdr, flags int) (n int, err error)
+//sys	sendmsg(s int, msg *Msghdr, flags int) (n int, err error)
+//sys	mmap(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (xaddr uintptr, err error)
+
+//sysnb	Gettimeofday(tv *Timeval) (err error)
+
+func setTimespec(sec, nsec int64) Timespec {
+	return Timespec{Sec: sec, Nsec: nsec}
+}
+
+func setTimeval(sec, usec int64) Timeval {
+	return Timeval{Sec: sec, Usec: usec}
+}
+
+func futimesat(dirfd int, path string, tv *[2]Timeval) (err error) {
+	if tv == nil {
+		return utimensat(dirfd, path, nil, 0)
+	}
+
+	ts := []Timespec{
+		NsecToTimespec(TimevalToNsec(tv[0])),
+		NsecToTimespec(TimevalToNsec(tv[1])),
+	}
+	return utimensat(dirfd, path, (*[2]Timespec)(unsafe.Pointer(&ts[0])), 0)
+}
+
+func Time(t *Time_t) (Time_t, error) {
+	var tv Timeval
+	err := Gettimeofday(&tv)
+	if err != nil {
+		return 0, err
+	}
+	if t != nil {
+		*t = Time_t(tv.Sec)
+	}
+	return Time_t(tv.Sec), nil
+}
+
+func Utime(path string, buf *Utimbuf) error {
+	tv := []Timeval{
+		{Sec: buf.Actime},
+		{Sec: buf.Modtime},
+	}
+	return Utimes(path, tv)
+}
+
+func utimes(path string, tv *[2]Timeval) (err error) {
+	if tv == nil {
+		return utimensat(AT_FDCWD, path, nil, 0)
+	}
+
+	ts := []Timespec{
+		NsecToTimespec(TimevalToNsec(tv[0])),
+		NsecToTimespec(TimevalToNsec(tv[1])),
+	}
+	return utimensat(AT_FDCWD, path, (*[2]Timespec)(unsafe.Pointer(&ts[0])), 0)
+}
+
+func Pipe(p []int) (err error) {
+	if len(p) != 2 {
+		return EINVAL
+	}
+	var pp [2]_C_int
+	err = pipe2(&pp, 0)
+	p[0] = int(pp[0])
+	p[1] = int(pp[1])
+	return
+}
+
+//sysnb pipe2(p *[2]_C_int, flags int) (err error)
+
+func Pipe2(p []int, flags int) (err error) {
+	if len(p) != 2 {
+		return EINVAL
+	}
+	var pp [2]_C_int
+	err = pipe2(&pp, flags)
+	p[0] = int(pp[0])
+	p[1] = int(pp[1])
+	return
+}
+
+func (r *PtraceRegs) PC() uint64 { return r.Pc }
+
+func (r *PtraceRegs) SetPC(pc uint64) { r.Pc = pc }
+
+func (iov *Iovec) SetLen(length int) {
+	iov.Len = uint64(length)
+}
+
+func (msghdr *Msghdr) SetControllen(length int) {
+	msghdr.Controllen = uint64(length)
+}
+
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = uint64(length)
+}
+
+func (cmsg *Cmsghdr) SetLen(length int) {
+	cmsg.Len = uint64(length)
+}
+
+func InotifyInit() (fd int, err error) {
+	return InotifyInit1(0)
+}
+
+func Pause() error {
+	_, err := ppoll(nil, 0, nil, nil)
+	return err
+}
+
+func Poll(fds []PollFd, timeout int) (n int, err error) {
+	var ts *Timespec
+	if timeout >= 0 {
+		ts = new(Timespec)
+		*ts = NsecToTimespec(int64(timeout) * 1e6)
+	}
+	if len(fds) == 0 {
+		return ppoll(nil, 0, ts, nil)
+	}
+	return ppoll(&fds[0], len(fds), ts, nil)
+}
+
+func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
+	return Renameat2(olddirfd, oldpath, newdirfd, newpath, 0)
+}
+
+//sys	kexecFileLoad(kernelFd int, initrdFd int, cmdlineLen int, cmdline string, flags int) (err error)
+
+func KexecFileLoad(kernelFd int, initrdFd int, cmdline string, flags int) error {
+	cmdlineLen := len(cmdline)
+	if cmdlineLen > 0 {
+		// Account for the additional NULL byte added by
+		// BytePtrFromString in kexecFileLoad. The kexec_file_load
+		// syscall expects a NULL-terminated string.
+		cmdlineLen++
+	}
+	return kexecFileLoad(kernelFd, initrdFd, cmdlineLen, cmdline, flags)
+}
+
+// dup2 exists because func Dup3 in syscall_linux.go references
+// it in an unreachable path. dup2 isn't available on arm64.
+func dup2(oldfd int, newfd int) error
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go
new file mode 100644
index 000000000..2363f7499
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go
@@ -0,0 +1,342 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build s390x,linux
+
+package unix
+
+import (
+	"unsafe"
+)
+
+//sys	dup2(oldfd int, newfd int) (err error)
+//sysnb	EpollCreate(size int) (fd int, err error)
+//sys	EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error)
+//sys	Fadvise(fd int, offset int64, length int64, advice int) (err error) = SYS_FADVISE64
+//sys	Fchown(fd int, uid int, gid int) (err error)
+//sys	Fstat(fd int, stat *Stat_t) (err error)
+//sys	Fstatat(dirfd int, path string, stat *Stat_t, flags int) (err error) = SYS_NEWFSTATAT
+//sys	Fstatfs(fd int, buf *Statfs_t) (err error)
+//sys	Ftruncate(fd int, length int64) (err error)
+//sysnb	Getegid() (egid int)
+//sysnb	Geteuid() (euid int)
+//sysnb	Getgid() (gid int)
+//sysnb	Getrlimit(resource int, rlim *Rlimit) (err error)
+//sysnb	Getuid() (uid int)
+//sysnb	InotifyInit() (fd int, err error)
+//sys	Lchown(path string, uid int, gid int) (err error)
+//sys	Lstat(path string, stat *Stat_t) (err error)
+//sys	Pause() (err error)
+//sys	Pread(fd int, p []byte, offset int64) (n int, err error) = SYS_PREAD64
+//sys	Pwrite(fd int, p []byte, offset int64) (n int, err error) = SYS_PWRITE64
+//sys	Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error)
+//sys	Seek(fd int, offset int64, whence int) (off int64, err error) = SYS_LSEEK
+//sys	Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error)
+//sys	sendfile(outfd int, infd int, offset *int64, count int) (written int, err error)
+//sys	setfsgid(gid int) (prev int, err error)
+//sys	setfsuid(uid int) (prev int, err error)
+//sysnb	Setregid(rgid int, egid int) (err error)
+//sysnb	Setresgid(rgid int, egid int, sgid int) (err error)
+//sysnb	Setresuid(ruid int, euid int, suid int) (err error)
+//sysnb	Setrlimit(resource int, rlim *Rlimit) (err error)
+//sysnb	Setreuid(ruid int, euid int) (err error)
+//sys	Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error)
+//sys	Stat(path string, stat *Stat_t) (err error)
+//sys	Statfs(path string, buf *Statfs_t) (err error)
+//sys	SyncFileRange(fd int, off int64, n int64, flags int) (err error)
+//sys	Truncate(path string, length int64) (err error)
+//sys	Ustat(dev int, ubuf *Ustat_t) (err error)
+//sysnb	getgroups(n int, list *_Gid_t) (nn int, err error)
+//sysnb	setgroups(n int, list *_Gid_t) (err error)
+
+//sys	futimesat(dirfd int, path string, times *[2]Timeval) (err error)
+//sysnb	Gettimeofday(tv *Timeval) (err error)
+
+func Time(t *Time_t) (tt Time_t, err error) {
+	var tv Timeval
+	err = Gettimeofday(&tv)
+	if err != nil {
+		return 0, err
+	}
+	if t != nil {
+		*t = Time_t(tv.Sec)
+	}
+	return Time_t(tv.Sec), nil
+}
+
+//sys	Utime(path string, buf *Utimbuf) (err error)
+//sys	utimes(path string, times *[2]Timeval) (err error)
+
+func setTimespec(sec, nsec int64) Timespec {
+	return Timespec{Sec: sec, Nsec: nsec}
+}
+
+func setTimeval(sec, usec int64) Timeval {
+	return Timeval{Sec: sec, Usec: usec}
+}
+
+//sysnb pipe2(p *[2]_C_int, flags int) (err error)
+
+func Pipe(p []int) (err error) {
+	if len(p) != 2 {
+		return EINVAL
+	}
+	var pp [2]_C_int
+	err = pipe2(&pp, 0) // pipe2 is the same as pipe when flags are set to 0.
+	p[0] = int(pp[0])
+	p[1] = int(pp[1])
+	return
+}
+
+func Pipe2(p []int, flags int) (err error) {
+	if len(p) != 2 {
+		return EINVAL
+	}
+	var pp [2]_C_int
+	err = pipe2(&pp, flags)
+	p[0] = int(pp[0])
+	p[1] = int(pp[1])
+	return
+}
+
+func Ioperm(from int, num int, on int) (err error) {
+	return ENOSYS
+}
+
+func Iopl(level int) (err error) {
+	return ENOSYS
+}
+
+func (r *PtraceRegs) PC() uint64 { return r.Psw.Addr }
+
+func (r *PtraceRegs) SetPC(pc uint64) { r.Psw.Addr = pc }
+
+func (iov *Iovec) SetLen(length int) {
+	iov.Len = uint64(length)
+}
+
+func (msghdr *Msghdr) SetControllen(length int) {
+	msghdr.Controllen = uint64(length)
+}
+
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = uint64(length)
+}
+
+func (cmsg *Cmsghdr) SetLen(length int) {
+	cmsg.Len = uint64(length)
+}
+
+// Linux on s390x uses the old mmap interface, which requires arguments to be passed in a struct.
+// mmap2 also requires arguments to be passed in a struct; it is currently not exposed in <asm/unistd.h>.
+func mmap(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (xaddr uintptr, err error) {
+	mmap_args := [6]uintptr{addr, length, uintptr(prot), uintptr(flags), uintptr(fd), uintptr(offset)}
+	r0, _, e1 := Syscall(SYS_MMAP, uintptr(unsafe.Pointer(&mmap_args[0])), 0, 0)
+	xaddr = uintptr(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// On s390x Linux, all the socket calls go through an extra indirection.
+// The arguments to the underlying system call (SYS_SOCKETCALL) are the
+// number below and a pointer to an array of uintptr.
+const (
+	// see linux/net.h
+	netSocket      = 1
+	netBind        = 2
+	netConnect     = 3
+	netListen      = 4
+	netAccept      = 5
+	netGetSockName = 6
+	netGetPeerName = 7
+	netSocketPair  = 8
+	netSend        = 9
+	netRecv        = 10
+	netSendTo      = 11
+	netRecvFrom    = 12
+	netShutdown    = 13
+	netSetSockOpt  = 14
+	netGetSockOpt  = 15
+	netSendMsg     = 16
+	netRecvMsg     = 17
+	netAccept4     = 18
+	netRecvMMsg    = 19
+	netSendMMsg    = 20
+)
+
+func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (int, error) {
+	args := [3]uintptr{uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))}
+	fd, _, err := Syscall(SYS_SOCKETCALL, netAccept, uintptr(unsafe.Pointer(&args)), 0)
+	if err != 0 {
+		return 0, err
+	}
+	return int(fd), nil
+}
+
+func accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (int, error) {
+	args := [4]uintptr{uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags)}
+	fd, _, err := Syscall(SYS_SOCKETCALL, netAccept4, uintptr(unsafe.Pointer(&args)), 0)
+	if err != 0 {
+		return 0, err
+	}
+	return int(fd), nil
+}
+
+func getsockname(s int, rsa *RawSockaddrAny, addrlen *_Socklen) error {
+	args := [3]uintptr{uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))}
+	_, _, err := RawSyscall(SYS_SOCKETCALL, netGetSockName, uintptr(unsafe.Pointer(&args)), 0)
+	if err != 0 {
+		return err
+	}
+	return nil
+}
+
+func getpeername(s int, rsa *RawSockaddrAny, addrlen *_Socklen) error {
+	args := [3]uintptr{uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))}
+	_, _, err := RawSyscall(SYS_SOCKETCALL, netGetPeerName, uintptr(unsafe.Pointer(&args)), 0)
+	if err != 0 {
+		return err
+	}
+	return nil
+}
+
+func socketpair(domain int, typ int, flags int, fd *[2]int32) error {
+	args := [4]uintptr{uintptr(domain), uintptr(typ), uintptr(flags), uintptr(unsafe.Pointer(fd))}
+	_, _, err := RawSyscall(SYS_SOCKETCALL, netSocketPair, uintptr(unsafe.Pointer(&args)), 0)
+	if err != 0 {
+		return err
+	}
+	return nil
+}
+
+func bind(s int, addr unsafe.Pointer, addrlen _Socklen) error {
+	args := [3]uintptr{uintptr(s), uintptr(addr), uintptr(addrlen)}
+	_, _, err := Syscall(SYS_SOCKETCALL, netBind, uintptr(unsafe.Pointer(&args)), 0)
+	if err != 0 {
+		return err
+	}
+	return nil
+}
+
+func connect(s int, addr unsafe.Pointer, addrlen _Socklen) error {
+	args := [3]uintptr{uintptr(s), uintptr(addr), uintptr(addrlen)}
+	_, _, err := Syscall(SYS_SOCKETCALL, netConnect, uintptr(unsafe.Pointer(&args)), 0)
+	if err != 0 {
+		return err
+	}
+	return nil
+}
+
+func socket(domain int, typ int, proto int) (int, error) {
+	args := [3]uintptr{uintptr(domain), uintptr(typ), uintptr(proto)}
+	fd, _, err := RawSyscall(SYS_SOCKETCALL, netSocket, uintptr(unsafe.Pointer(&args)), 0)
+	if err != 0 {
+		return 0, err
+	}
+	return int(fd), nil
+}
+
+func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) error {
+	args := [5]uintptr{uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen))}
+	_, _, err := Syscall(SYS_SOCKETCALL, netGetSockOpt, uintptr(unsafe.Pointer(&args)), 0)
+	if err != 0 {
+		return err
+	}
+	return nil
+}
+
+func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) error {
+	args := [4]uintptr{uintptr(s), uintptr(level), uintptr(name), uintptr(val)}
+	_, _, err := Syscall(SYS_SOCKETCALL, netSetSockOpt, uintptr(unsafe.Pointer(&args)), 0)
+	if err != 0 {
+		return err
+	}
+	return nil
+}
+
+func recvfrom(s int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (int, error) {
+	var base uintptr
+	if len(p) > 0 {
+		base = uintptr(unsafe.Pointer(&p[0]))
+	}
+	args := [6]uintptr{uintptr(s), base, uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen))}
+	n, _, err := Syscall(SYS_SOCKETCALL, netRecvFrom, uintptr(unsafe.Pointer(&args)), 0)
+	if err != 0 {
+		return 0, err
+	}
+	return int(n), nil
+}
+
+func sendto(s int, p []byte, flags int, to unsafe.Pointer, addrlen _Socklen) error {
+	var base uintptr
+	if len(p) > 0 {
+		base = uintptr(unsafe.Pointer(&p[0]))
+	}
+	args := [6]uintptr{uintptr(s), base, uintptr(len(p)), uintptr(flags), uintptr(to), uintptr(addrlen)}
+	_, _, err := Syscall(SYS_SOCKETCALL, netSendTo, uintptr(unsafe.Pointer(&args)), 0)
+	if err != 0 {
+		return err
+	}
+	return nil
+}
+
+func recvmsg(s int, msg *Msghdr, flags int) (int, error) {
+	args := [3]uintptr{uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags)}
+	n, _, err := Syscall(SYS_SOCKETCALL, netRecvMsg, uintptr(unsafe.Pointer(&args)), 0)
+	if err != 0 {
+		return 0, err
+	}
+	return int(n), nil
+}
+
+func sendmsg(s int, msg *Msghdr, flags int) (int, error) {
+	args := [3]uintptr{uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags)}
+	n, _, err := Syscall(SYS_SOCKETCALL, netSendMsg, uintptr(unsafe.Pointer(&args)), 0)
+	if err != 0 {
+		return 0, err
+	}
+	return int(n), nil
+}
+
+func Listen(s int, n int) error {
+	args := [2]uintptr{uintptr(s), uintptr(n)}
+	_, _, err := Syscall(SYS_SOCKETCALL, netListen, uintptr(unsafe.Pointer(&args)), 0)
+	if err != 0 {
+		return err
+	}
+	return nil
+}
+
+func Shutdown(s, how int) error {
+	args := [2]uintptr{uintptr(s), uintptr(how)}
+	_, _, err := Syscall(SYS_SOCKETCALL, netShutdown, uintptr(unsafe.Pointer(&args)), 0)
+	if err != 0 {
+		return err
+	}
+	return nil
+}
+
+//sys	poll(fds *PollFd, nfds int, timeout int) (n int, err error)
+
+func Poll(fds []PollFd, timeout int) (n int, err error) {
+	if len(fds) == 0 {
+		return poll(nil, 0, timeout)
+	}
+	return poll(&fds[0], len(fds), timeout)
+}
+
+//sys	kexecFileLoad(kernelFd int, initrdFd int, cmdlineLen int, cmdline string, flags int) (err error)
+
+func KexecFileLoad(kernelFd int, initrdFd int, cmdline string, flags int) error {
+	cmdlineLen := len(cmdline)
+	if cmdlineLen > 0 {
+		// Account for the additional NULL byte added by
+		// BytePtrFromString in kexecFileLoad. The kexec_file_load
+		// syscall expects a NULL-terminated string.
+		cmdlineLen++
+	}
+	return kexecFileLoad(kernelFd, initrdFd, cmdlineLen, cmdline, flags)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go
new file mode 100644
index 000000000..d389f1518
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go
@@ -0,0 +1,151 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build sparc64,linux
+
+package unix
+
+//sys	EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error)
+//sys	Fadvise(fd int, offset int64, length int64, advice int) (err error) = SYS_FADVISE64
+//sys	dup2(oldfd int, newfd int) (err error)
+//sys	Fchown(fd int, uid int, gid int) (err error)
+//sys	Fstat(fd int, stat *Stat_t) (err error)
+//sys	Fstatat(dirfd int, path string, stat *Stat_t, flags int) (err error) = SYS_FSTATAT64
+//sys	Fstatfs(fd int, buf *Statfs_t) (err error)
+//sys	Ftruncate(fd int, length int64) (err error)
+//sysnb	Getegid() (egid int)
+//sysnb	Geteuid() (euid int)
+//sysnb	Getgid() (gid int)
+//sysnb	Getrlimit(resource int, rlim *Rlimit) (err error)
+//sysnb	Getuid() (uid int)
+//sysnb	InotifyInit() (fd int, err error)
+//sys	Lchown(path string, uid int, gid int) (err error)
+//sys	Listen(s int, n int) (err error)
+//sys	Lstat(path string, stat *Stat_t) (err error)
+//sys	Pause() (err error)
+//sys	Pread(fd int, p []byte, offset int64) (n int, err error) = SYS_PREAD64
+//sys	Pwrite(fd int, p []byte, offset int64) (n int, err error) = SYS_PWRITE64
+//sys	Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error)
+//sys	Seek(fd int, offset int64, whence int) (off int64, err error) = SYS_LSEEK
+//sys	Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error)
+//sys	sendfile(outfd int, infd int, offset *int64, count int) (written int, err error)
+//sys	setfsgid(gid int) (prev int, err error)
+//sys	setfsuid(uid int) (prev int, err error)
+//sysnb	Setregid(rgid int, egid int) (err error)
+//sysnb	Setresgid(rgid int, egid int, sgid int) (err error)
+//sysnb	Setresuid(ruid int, euid int, suid int) (err error)
+//sysnb	Setrlimit(resource int, rlim *Rlimit) (err error)
+//sysnb	Setreuid(ruid int, euid int) (err error)
+//sys	Shutdown(fd int, how int) (err error)
+//sys	Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error)
+//sys	Stat(path string, stat *Stat_t) (err error)
+//sys	Statfs(path string, buf *Statfs_t) (err error)
+//sys	SyncFileRange(fd int, off int64, n int64, flags int) (err error)
+//sys	Truncate(path string, length int64) (err error)
+//sys	accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error)
+//sys	accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error)
+//sys	bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error)
+//sys	connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error)
+//sysnb	getgroups(n int, list *_Gid_t) (nn int, err error)
+//sysnb	setgroups(n int, list *_Gid_t) (err error)
+//sys	getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error)
+//sys	setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error)
+//sysnb	socket(domain int, typ int, proto int) (fd int, err error)
+//sysnb	socketpair(domain int, typ int, proto int, fd *[2]int32) (err error)
+//sysnb	getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error)
+//sysnb	getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error)
+//sys	recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error)
+//sys	sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error)
+//sys	recvmsg(s int, msg *Msghdr, flags int) (n int, err error)
+//sys	sendmsg(s int, msg *Msghdr, flags int) (n int, err error)
+//sys	mmap(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (xaddr uintptr, err error)
+
+func Ioperm(from int, num int, on int) (err error) {
+	return ENOSYS
+}
+
+func Iopl(level int) (err error) {
+	return ENOSYS
+}
+
+//sys	futimesat(dirfd int, path string, times *[2]Timeval) (err error)
+//sysnb	Gettimeofday(tv *Timeval) (err error)
+
+func Time(t *Time_t) (tt Time_t, err error) {
+	var tv Timeval
+	err = Gettimeofday(&tv)
+	if err != nil {
+		return 0, err
+	}
+	if t != nil {
+		*t = Time_t(tv.Sec)
+	}
+	return Time_t(tv.Sec), nil
+}
+
+//sys	Utime(path string, buf *Utimbuf) (err error)
+//sys	utimes(path string, times *[2]Timeval) (err error)
+
+func setTimespec(sec, nsec int64) Timespec {
+	return Timespec{Sec: sec, Nsec: nsec}
+}
+
+func setTimeval(sec, usec int64) Timeval {
+	return Timeval{Sec: sec, Usec: int32(usec)}
+}
+
+func (r *PtraceRegs) PC() uint64 { return r.Tpc }
+
+func (r *PtraceRegs) SetPC(pc uint64) { r.Tpc = pc }
+
+func (iov *Iovec) SetLen(length int) {
+	iov.Len = uint64(length)
+}
+
+func (msghdr *Msghdr) SetControllen(length int) {
+	msghdr.Controllen = uint64(length)
+}
+
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = uint64(length)
+}
+
+func (cmsg *Cmsghdr) SetLen(length int) {
+	cmsg.Len = uint64(length)
+}
+
+//sysnb pipe(p *[2]_C_int) (err error)
+
+func Pipe(p []int) (err error) {
+	if len(p) != 2 {
+		return EINVAL
+	}
+	var pp [2]_C_int
+	err = pipe(&pp)
+	p[0] = int(pp[0])
+	p[1] = int(pp[1])
+	return
+}
+
+//sysnb pipe2(p *[2]_C_int, flags int) (err error)
+
+func Pipe2(p []int, flags int) (err error) {
+	if len(p) != 2 {
+		return EINVAL
+	}
+	var pp [2]_C_int
+	err = pipe2(&pp, flags)
+	p[0] = int(pp[0])
+	p[1] = int(pp[1])
+	return
+}
+
+//sys	poll(fds *PollFd, nfds int, timeout int) (n int, err error)
+
+func Poll(fds []PollFd, timeout int) (n int, err error) {
+	if len(fds) == 0 {
+		return poll(nil, 0, timeout)
+	}
+	return poll(&fds[0], len(fds), timeout)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_netbsd.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_netbsd.go
new file mode 100644
index 000000000..dbd5e03b6
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_netbsd.go
@@ -0,0 +1,599 @@
+// Copyright 2009,2010 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// NetBSD system calls.
+// This file is compiled as ordinary Go code,
+// but it is also input to mksyscall,
+// which parses the //sys lines and generates system call stubs.
+// Note that sometimes we use a lowercase //sys name and wrap
+// it in our own nicer implementation, either here or in
+// syscall_bsd.go or syscall_unix.go.
+
+package unix
+
+import (
+	"runtime"
+	"syscall"
+	"unsafe"
+)
+
+// SockaddrDatalink implements the Sockaddr interface for AF_LINK type sockets.
+type SockaddrDatalink struct {
+	Len    uint8
+	Family uint8
+	Index  uint16
+	Type   uint8
+	Nlen   uint8
+	Alen   uint8
+	Slen   uint8
+	Data   [12]int8
+	raw    RawSockaddrDatalink
+}
+
+func Syscall9(trap, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno)
+
+func sysctlNodes(mib []_C_int) (nodes []Sysctlnode, err error) {
+	var olen uintptr
+
+	// Get a list of all sysctl nodes below the given MIB by performing
+	// a sysctl for the given MIB with CTL_QUERY appended.
+	mib = append(mib, CTL_QUERY)
+	qnode := Sysctlnode{Flags: SYSCTL_VERS_1}
+	qp := (*byte)(unsafe.Pointer(&qnode))
+	sz := unsafe.Sizeof(qnode)
+	if err = sysctl(mib, nil, &olen, qp, sz); err != nil {
+		return nil, err
+	}
+
+	// Now that we know the size, get the actual nodes.
+	nodes = make([]Sysctlnode, olen/sz)
+	np := (*byte)(unsafe.Pointer(&nodes[0]))
+	if err = sysctl(mib, np, &olen, qp, sz); err != nil {
+		return nil, err
+	}
+
+	return nodes, nil
+}
+
+func nametomib(name string) (mib []_C_int, err error) {
+	// Split name into components.
+	var parts []string
+	last := 0
+	for i := 0; i < len(name); i++ {
+		if name[i] == '.' {
+			parts = append(parts, name[last:i])
+			last = i + 1
+		}
+	}
+	parts = append(parts, name[last:])
+
+	// Discover the nodes and construct the MIB OID.
+	for partno, part := range parts {
+		nodes, err := sysctlNodes(mib)
+		if err != nil {
+			return nil, err
+		}
+		for _, node := range nodes {
+			n := make([]byte, 0)
+			for i := range node.Name {
+				if node.Name[i] != 0 {
+					n = append(n, byte(node.Name[i]))
+				}
+			}
+			if string(n) == part {
+				mib = append(mib, _C_int(node.Num))
+				break
+			}
+		}
+		if len(mib) != partno+1 {
+			return nil, EINVAL
+		}
+	}
+
+	return mib, nil
+}
+
+func direntIno(buf []byte) (uint64, bool) {
+	return readInt(buf, unsafe.Offsetof(Dirent{}.Fileno), unsafe.Sizeof(Dirent{}.Fileno))
+}
+
+func direntReclen(buf []byte) (uint64, bool) {
+	return readInt(buf, unsafe.Offsetof(Dirent{}.Reclen), unsafe.Sizeof(Dirent{}.Reclen))
+}
+
+func direntNamlen(buf []byte) (uint64, bool) {
+	return readInt(buf, unsafe.Offsetof(Dirent{}.Namlen), unsafe.Sizeof(Dirent{}.Namlen))
+}
+
+//sysnb pipe() (fd1 int, fd2 int, err error)
+func Pipe(p []int) (err error) {
+	if len(p) != 2 {
+		return EINVAL
+	}
+	p[0], p[1], err = pipe()
+	return
+}
+
+//sys Getdents(fd int, buf []byte) (n int, err error)
+func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
+	n, err = Getdents(fd, buf)
+	if err != nil || basep == nil {
+		return
+	}
+
+	var off int64
+	off, err = Seek(fd, 0, 1 /* SEEK_CUR */)
+	if err != nil {
+		*basep = ^uintptr(0)
+		return
+	}
+	*basep = uintptr(off)
+	if unsafe.Sizeof(*basep) == 8 {
+		return
+	}
+	if off>>32 != 0 {
+		// We can't stuff the offset back into a uintptr, so any
+		// future calls would be suspect. Generate an error.
+		// EIO is allowed by getdirentries.
+		err = EIO
+	}
+	return
+}
+
+//sys	Getcwd(buf []byte) (n int, err error) = SYS___GETCWD
+
+// TODO
+func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
+	return -1, ENOSYS
+}
+
+func setattrlistTimes(path string, times []Timespec, flags int) error {
+	// used on Darwin for UtimesNano
+	return ENOSYS
+}
+
+//sys	ioctl(fd int, req uint, arg uintptr) (err error)
+
+//sys   sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS___SYSCTL
+
+func IoctlGetPtmget(fd int, req uint) (*Ptmget, error) {
+	var value Ptmget
+	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
+	runtime.KeepAlive(value)
+	return &value, err
+}
+
+func Uname(uname *Utsname) error {
+	mib := []_C_int{CTL_KERN, KERN_OSTYPE}
+	n := unsafe.Sizeof(uname.Sysname)
+	if err := sysctl(mib, &uname.Sysname[0], &n, nil, 0); err != nil {
+		return err
+	}
+
+	mib = []_C_int{CTL_KERN, KERN_HOSTNAME}
+	n = unsafe.Sizeof(uname.Nodename)
+	if err := sysctl(mib, &uname.Nodename[0], &n, nil, 0); err != nil {
+		return err
+	}
+
+	mib = []_C_int{CTL_KERN, KERN_OSRELEASE}
+	n = unsafe.Sizeof(uname.Release)
+	if err := sysctl(mib, &uname.Release[0], &n, nil, 0); err != nil {
+		return err
+	}
+
+	mib = []_C_int{CTL_KERN, KERN_VERSION}
+	n = unsafe.Sizeof(uname.Version)
+	if err := sysctl(mib, &uname.Version[0], &n, nil, 0); err != nil {
+		return err
+	}
+
+	// The version might have newlines or tabs in it, convert them to
+	// spaces.
+	for i, b := range uname.Version {
+		if b == '\n' || b == '\t' {
+			if i == len(uname.Version)-1 {
+				uname.Version[i] = 0
+			} else {
+				uname.Version[i] = ' '
+			}
+		}
+	}
+
+	mib = []_C_int{CTL_HW, HW_MACHINE}
+	n = unsafe.Sizeof(uname.Machine)
+	if err := sysctl(mib, &uname.Machine[0], &n, nil, 0); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
+	if raceenabled {
+		raceReleaseMerge(unsafe.Pointer(&ioSync))
+	}
+	return sendfile(outfd, infd, offset, count)
+}
+
+func Fstatvfs(fd int, buf *Statvfs_t) (err error) {
+	return Fstatvfs1(fd, buf, ST_WAIT)
+}
+
+func Statvfs(path string, buf *Statvfs_t) (err error) {
+	return Statvfs1(path, buf, ST_WAIT)
+}
+
+/*
+ * Exposed directly
+ */
+//sys	Access(path string, mode uint32) (err error)
+//sys	Adjtime(delta *Timeval, olddelta *Timeval) (err error)
+//sys	Chdir(path string) (err error)
+//sys	Chflags(path string, flags int) (err error)
+//sys	Chmod(path string, mode uint32) (err error)
+//sys	Chown(path string, uid int, gid int) (err error)
+//sys	Chroot(path string) (err error)
+//sys	Close(fd int) (err error)
+//sys	Dup(fd int) (nfd int, err error)
+//sys	Dup2(from int, to int) (err error)
+//sys	Dup3(from int, to int, flags int) (err error)
+//sys	Exit(code int)
+//sys	ExtattrGetFd(fd int, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error)
+//sys	ExtattrSetFd(fd int, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error)
+//sys	ExtattrDeleteFd(fd int, attrnamespace int, attrname string) (err error)
+//sys	ExtattrListFd(fd int, attrnamespace int, data uintptr, nbytes int) (ret int, err error)
+//sys	ExtattrGetFile(file string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error)
+//sys	ExtattrSetFile(file string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error)
+//sys	ExtattrDeleteFile(file string, attrnamespace int, attrname string) (err error)
+//sys	ExtattrListFile(file string, attrnamespace int, data uintptr, nbytes int) (ret int, err error)
+//sys	ExtattrGetLink(link string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error)
+//sys	ExtattrSetLink(link string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error)
+//sys	ExtattrDeleteLink(link string, attrnamespace int, attrname string) (err error)
+//sys	ExtattrListLink(link string, attrnamespace int, data uintptr, nbytes int) (ret int, err error)
+//sys	Faccessat(dirfd int, path string, mode uint32, flags int) (err error)
+//sys	Fadvise(fd int, offset int64, length int64, advice int) (err error) = SYS_POSIX_FADVISE
+//sys	Fchdir(fd int) (err error)
+//sys	Fchflags(fd int, flags int) (err error)
+//sys	Fchmod(fd int, mode uint32) (err error)
+//sys	Fchmodat(dirfd int, path string, mode uint32, flags int) (err error)
+//sys	Fchown(fd int, uid int, gid int) (err error)
+//sys	Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error)
+//sys	Flock(fd int, how int) (err error)
+//sys	Fpathconf(fd int, name int) (val int, err error)
+//sys	Fstat(fd int, stat *Stat_t) (err error)
+//sys	Fstatat(fd int, path string, stat *Stat_t, flags int) (err error)
+//sys	Fstatvfs1(fd int, buf *Statvfs_t, flags int) (err error) = SYS_FSTATVFS1
+//sys	Fsync(fd int) (err error)
+//sys	Ftruncate(fd int, length int64) (err error)
+//sysnb	Getegid() (egid int)
+//sysnb	Geteuid() (uid int)
+//sysnb	Getgid() (gid int)
+//sysnb	Getpgid(pid int) (pgid int, err error)
+//sysnb	Getpgrp() (pgrp int)
+//sysnb	Getpid() (pid int)
+//sysnb	Getppid() (ppid int)
+//sys	Getpriority(which int, who int) (prio int, err error)
+//sysnb	Getrlimit(which int, lim *Rlimit) (err error)
+//sysnb	Getrusage(who int, rusage *Rusage) (err error)
+//sysnb	Getsid(pid int) (sid int, err error)
+//sysnb	Gettimeofday(tv *Timeval) (err error)
+//sysnb	Getuid() (uid int)
+//sys	Issetugid() (tainted bool)
+//sys	Kill(pid int, signum syscall.Signal) (err error)
+//sys	Kqueue() (fd int, err error)
+//sys	Lchown(path string, uid int, gid int) (err error)
+//sys	Link(path string, link string) (err error)
+//sys	Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error)
+//sys	Listen(s int, backlog int) (err error)
+//sys	Lstat(path string, stat *Stat_t) (err error)
+//sys	Mkdir(path string, mode uint32) (err error)
+//sys	Mkdirat(dirfd int, path string, mode uint32) (err error)
+//sys	Mkfifo(path string, mode uint32) (err error)
+//sys	Mkfifoat(dirfd int, path string, mode uint32) (err error)
+//sys	Mknod(path string, mode uint32, dev int) (err error)
+//sys	Mknodat(dirfd int, path string, mode uint32, dev int) (err error)
+//sys	Nanosleep(time *Timespec, leftover *Timespec) (err error)
+//sys	Open(path string, mode int, perm uint32) (fd int, err error)
+//sys	Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error)
+//sys	Pathconf(path string, name int) (val int, err error)
+//sys	Pread(fd int, p []byte, offset int64) (n int, err error)
+//sys	Pwrite(fd int, p []byte, offset int64) (n int, err error)
+//sys	read(fd int, p []byte) (n int, err error)
+//sys	Readlink(path string, buf []byte) (n int, err error)
+//sys	Readlinkat(dirfd int, path string, buf []byte) (n int, err error)
+//sys	Rename(from string, to string) (err error)
+//sys	Renameat(fromfd int, from string, tofd int, to string) (err error)
+//sys	Revoke(path string) (err error)
+//sys	Rmdir(path string) (err error)
+//sys	Seek(fd int, offset int64, whence int) (newoffset int64, err error) = SYS_LSEEK
+//sys	Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error)
+//sysnb	Setegid(egid int) (err error)
+//sysnb	Seteuid(euid int) (err error)
+//sysnb	Setgid(gid int) (err error)
+//sysnb	Setpgid(pid int, pgid int) (err error)
+//sys	Setpriority(which int, who int, prio int) (err error)
+//sysnb	Setregid(rgid int, egid int) (err error)
+//sysnb	Setreuid(ruid int, euid int) (err error)
+//sysnb	Setrlimit(which int, lim *Rlimit) (err error)
+//sysnb	Setsid() (pid int, err error)
+//sysnb	Settimeofday(tp *Timeval) (err error)
+//sysnb	Setuid(uid int) (err error)
+//sys	Stat(path string, stat *Stat_t) (err error)
+//sys	Statvfs1(path string, buf *Statvfs_t, flags int) (err error) = SYS_STATVFS1
+//sys	Symlink(path string, link string) (err error)
+//sys	Symlinkat(oldpath string, newdirfd int, newpath string) (err error)
+//sys	Sync() (err error)
+//sys	Truncate(path string, length int64) (err error)
+//sys	Umask(newmask int) (oldmask int)
+//sys	Unlink(path string) (err error)
+//sys	Unlinkat(dirfd int, path string, flags int) (err error)
+//sys	Unmount(path string, flags int) (err error)
+//sys	write(fd int, p []byte) (n int, err error)
+//sys	mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error)
+//sys	munmap(addr uintptr, length uintptr) (err error)
+//sys	readlen(fd int, buf *byte, nbuf int) (n int, err error) = SYS_READ
+//sys	writelen(fd int, buf *byte, nbuf int) (n int, err error) = SYS_WRITE
+//sys	utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error)
+
+/*
+ * Unimplemented
+ */
+// ____semctl13
+// __clone
+// __fhopen40
+// __fhstat40
+// __fhstatvfs140
+// __fstat30
+// __getcwd
+// __getfh30
+// __getlogin
+// __lstat30
+// __mount50
+// __msgctl13
+// __msync13
+// __ntp_gettime30
+// __posix_chown
+// __posix_fchown
+// __posix_lchown
+// __posix_rename
+// __setlogin
+// __shmctl13
+// __sigaction_sigtramp
+// __sigaltstack14
+// __sigpending14
+// __sigprocmask14
+// __sigsuspend14
+// __sigtimedwait
+// __stat30
+// __syscall
+// __vfork14
+// _ksem_close
+// _ksem_destroy
+// _ksem_getvalue
+// _ksem_init
+// _ksem_open
+// _ksem_post
+// _ksem_trywait
+// _ksem_unlink
+// _ksem_wait
+// _lwp_continue
+// _lwp_create
+// _lwp_ctl
+// _lwp_detach
+// _lwp_exit
+// _lwp_getname
+// _lwp_getprivate
+// _lwp_kill
+// _lwp_park
+// _lwp_self
+// _lwp_setname
+// _lwp_setprivate
+// _lwp_suspend
+// _lwp_unpark
+// _lwp_unpark_all
+// _lwp_wait
+// _lwp_wakeup
+// _pset_bind
+// _sched_getaffinity
+// _sched_getparam
+// _sched_setaffinity
+// _sched_setparam
+// acct
+// aio_cancel
+// aio_error
+// aio_fsync
+// aio_read
+// aio_return
+// aio_suspend
+// aio_write
+// break
+// clock_getres
+// clock_gettime
+// clock_settime
+// compat_09_ogetdomainname
+// compat_09_osetdomainname
+// compat_09_ouname
+// compat_10_omsgsys
+// compat_10_osemsys
+// compat_10_oshmsys
+// compat_12_fstat12
+// compat_12_getdirentries
+// compat_12_lstat12
+// compat_12_msync
+// compat_12_oreboot
+// compat_12_oswapon
+// compat_12_stat12
+// compat_13_sigaction13
+// compat_13_sigaltstack13
+// compat_13_sigpending13
+// compat_13_sigprocmask13
+// compat_13_sigreturn13
+// compat_13_sigsuspend13
+// compat_14___semctl
+// compat_14_msgctl
+// compat_14_shmctl
+// compat_16___sigaction14
+// compat_16___sigreturn14
+// compat_20_fhstatfs
+// compat_20_fstatfs
+// compat_20_getfsstat
+// compat_20_statfs
+// compat_30___fhstat30
+// compat_30___fstat13
+// compat_30___lstat13
+// compat_30___stat13
+// compat_30_fhopen
+// compat_30_fhstat
+// compat_30_fhstatvfs1
+// compat_30_getdents
+// compat_30_getfh
+// compat_30_ntp_gettime
+// compat_30_socket
+// compat_40_mount
+// compat_43_fstat43
+// compat_43_lstat43
+// compat_43_oaccept
+// compat_43_ocreat
+// compat_43_oftruncate
+// compat_43_ogetdirentries
+// compat_43_ogetdtablesize
+// compat_43_ogethostid
+// compat_43_ogethostname
+// compat_43_ogetkerninfo
+// compat_43_ogetpagesize
+// compat_43_ogetpeername
+// compat_43_ogetrlimit
+// compat_43_ogetsockname
+// compat_43_okillpg
+// compat_43_olseek
+// compat_43_ommap
+// compat_43_oquota
+// compat_43_orecv
+// compat_43_orecvfrom
+// compat_43_orecvmsg
+// compat_43_osend
+// compat_43_osendmsg
+// compat_43_osethostid
+// compat_43_osethostname
+// compat_43_osetrlimit
+// compat_43_osigblock
+// compat_43_osigsetmask
+// compat_43_osigstack
+// compat_43_osigvec
+// compat_43_otruncate
+// compat_43_owait
+// compat_43_stat43
+// execve
+// extattr_delete_fd
+// extattr_delete_file
+// extattr_delete_link
+// extattr_get_fd
+// extattr_get_file
+// extattr_get_link
+// extattr_list_fd
+// extattr_list_file
+// extattr_list_link
+// extattr_set_fd
+// extattr_set_file
+// extattr_set_link
+// extattrctl
+// fchroot
+// fdatasync
+// fgetxattr
+// fktrace
+// flistxattr
+// fork
+// fremovexattr
+// fsetxattr
+// fstatvfs1
+// fsync_range
+// getcontext
+// getitimer
+// getvfsstat
+// getxattr
+// ktrace
+// lchflags
+// lchmod
+// lfs_bmapv
+// lfs_markv
+// lfs_segclean
+// lfs_segwait
+// lgetxattr
+// lio_listio
+// listxattr
+// llistxattr
+// lremovexattr
+// lseek
+// lsetxattr
+// lutimes
+// madvise
+// mincore
+// minherit
+// modctl
+// mq_close
+// mq_getattr
+// mq_notify
+// mq_open
+// mq_receive
+// mq_send
+// mq_setattr
+// mq_timedreceive
+// mq_timedsend
+// mq_unlink
+// mremap
+// msgget
+// msgrcv
+// msgsnd
+// nfssvc
+// ntp_adjtime
+// pmc_control
+// pmc_get_info
+// pollts
+// preadv
+// profil
+// pselect
+// pset_assign
+// pset_create
+// pset_destroy
+// ptrace
+// pwritev
+// quotactl
+// rasctl
+// readv
+// reboot
+// removexattr
+// sa_enable
+// sa_preempt
+// sa_register
+// sa_setconcurrency
+// sa_stacks
+// sa_yield
+// sbrk
+// sched_yield
+// semconfig
+// semget
+// semop
+// setcontext
+// setitimer
+// setxattr
+// shmat
+// shmdt
+// shmget
+// sstk
+// statvfs1
+// swapctl
+// sysarch
+// syscall
+// timer_create
+// timer_delete
+// timer_getoverrun
+// timer_gettime
+// timer_settime
+// undelete
+// utrace
+// uuidgen
+// vadvise
+// vfork
+// writev
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_netbsd_386.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_netbsd_386.go
new file mode 100644
index 000000000..24da8b524
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_netbsd_386.go
@@ -0,0 +1,37 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build 386,netbsd
+
+package unix
+
+func setTimespec(sec, nsec int64) Timespec {
+	return Timespec{Sec: sec, Nsec: int32(nsec)}
+}
+
+func setTimeval(sec, usec int64) Timeval {
+	return Timeval{Sec: sec, Usec: int32(usec)}
+}
+
+func SetKevent(k *Kevent_t, fd, mode, flags int) {
+	k.Ident = uint32(fd)
+	k.Filter = uint32(mode)
+	k.Flags = uint32(flags)
+}
+
+func (iov *Iovec) SetLen(length int) {
+	iov.Len = uint32(length)
+}
+
+func (msghdr *Msghdr) SetControllen(length int) {
+	msghdr.Controllen = uint32(length)
+}
+
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = int32(length)
+}
+
+func (cmsg *Cmsghdr) SetLen(length int) {
+	cmsg.Len = uint32(length)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_netbsd_amd64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_netbsd_amd64.go
new file mode 100644
index 000000000..25a0ac825
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_netbsd_amd64.go
@@ -0,0 +1,37 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build amd64,netbsd
+
+package unix
+
+func setTimespec(sec, nsec int64) Timespec {
+	return Timespec{Sec: sec, Nsec: nsec}
+}
+
+func setTimeval(sec, usec int64) Timeval {
+	return Timeval{Sec: sec, Usec: int32(usec)}
+}
+
+func SetKevent(k *Kevent_t, fd, mode, flags int) {
+	k.Ident = uint64(fd)
+	k.Filter = uint32(mode)
+	k.Flags = uint32(flags)
+}
+
+func (iov *Iovec) SetLen(length int) {
+	iov.Len = uint64(length)
+}
+
+func (msghdr *Msghdr) SetControllen(length int) {
+	msghdr.Controllen = uint32(length)
+}
+
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = int32(length)
+}
+
+func (cmsg *Cmsghdr) SetLen(length int) {
+	cmsg.Len = uint32(length)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_netbsd_arm.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_netbsd_arm.go
new file mode 100644
index 000000000..21591ecd4
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_netbsd_arm.go
@@ -0,0 +1,37 @@
+// Copyright 2013 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build arm,netbsd
+
+package unix
+
+func setTimespec(sec, nsec int64) Timespec {
+	return Timespec{Sec: sec, Nsec: int32(nsec)}
+}
+
+func setTimeval(sec, usec int64) Timeval {
+	return Timeval{Sec: sec, Usec: int32(usec)}
+}
+
+func SetKevent(k *Kevent_t, fd, mode, flags int) {
+	k.Ident = uint32(fd)
+	k.Filter = uint32(mode)
+	k.Flags = uint32(flags)
+}
+
+func (iov *Iovec) SetLen(length int) {
+	iov.Len = uint32(length)
+}
+
+func (msghdr *Msghdr) SetControllen(length int) {
+	msghdr.Controllen = uint32(length)
+}
+
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = int32(length)
+}
+
+func (cmsg *Cmsghdr) SetLen(length int) {
+	cmsg.Len = uint32(length)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_netbsd_arm64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_netbsd_arm64.go
new file mode 100644
index 000000000..804749635
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_netbsd_arm64.go
@@ -0,0 +1,37 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build arm64,netbsd
+
+package unix
+
+func setTimespec(sec, nsec int64) Timespec {
+	return Timespec{Sec: sec, Nsec: nsec}
+}
+
+func setTimeval(sec, usec int64) Timeval {
+	return Timeval{Sec: sec, Usec: int32(usec)}
+}
+
+func SetKevent(k *Kevent_t, fd, mode, flags int) {
+	k.Ident = uint64(fd)
+	k.Filter = uint32(mode)
+	k.Flags = uint32(flags)
+}
+
+func (iov *Iovec) SetLen(length int) {
+	iov.Len = uint64(length)
+}
+
+func (msghdr *Msghdr) SetControllen(length int) {
+	msghdr.Controllen = uint32(length)
+}
+
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = int32(length)
+}
+
+func (cmsg *Cmsghdr) SetLen(length int) {
+	cmsg.Len = uint32(length)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_openbsd.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_openbsd.go
new file mode 100644
index 000000000..2c1f46ea1
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_openbsd.go
@@ -0,0 +1,386 @@
+// Copyright 2009,2010 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// OpenBSD system calls.
+// This file is compiled as ordinary Go code,
+// but it is also input to mksyscall,
+// which parses the //sys lines and generates system call stubs.
+// Note that sometimes we use a lowercase //sys name and wrap
+// it in our own nicer implementation, either here or in
+// syscall_bsd.go or syscall_unix.go.
+
+package unix
+
+import (
+	"sort"
+	"syscall"
+	"unsafe"
+)
+
+// SockaddrDatalink implements the Sockaddr interface for AF_LINK type sockets.
+type SockaddrDatalink struct {
+	Len    uint8
+	Family uint8
+	Index  uint16
+	Type   uint8
+	Nlen   uint8
+	Alen   uint8
+	Slen   uint8
+	Data   [24]int8
+	raw    RawSockaddrDatalink
+}
+
+func Syscall9(trap, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno)
+
+func nametomib(name string) (mib []_C_int, err error) {
+	i := sort.Search(len(sysctlMib), func(i int) bool {
+		return sysctlMib[i].ctlname >= name
+	})
+	if i < len(sysctlMib) && sysctlMib[i].ctlname == name {
+		return sysctlMib[i].ctloid, nil
+	}
+	return nil, EINVAL
+}
+
+func direntIno(buf []byte) (uint64, bool) {
+	return readInt(buf, unsafe.Offsetof(Dirent{}.Fileno), unsafe.Sizeof(Dirent{}.Fileno))
+}
+
+func direntReclen(buf []byte) (uint64, bool) {
+	return readInt(buf, unsafe.Offsetof(Dirent{}.Reclen), unsafe.Sizeof(Dirent{}.Reclen))
+}
+
+func direntNamlen(buf []byte) (uint64, bool) {
+	return readInt(buf, unsafe.Offsetof(Dirent{}.Namlen), unsafe.Sizeof(Dirent{}.Namlen))
+}
+
+func SysctlUvmexp(name string) (*Uvmexp, error) {
+	mib, err := sysctlmib(name)
+	if err != nil {
+		return nil, err
+	}
+
+	n := uintptr(SizeofUvmexp)
+	var u Uvmexp
+	if err := sysctl(mib, (*byte)(unsafe.Pointer(&u)), &n, nil, 0); err != nil {
+		return nil, err
+	}
+	if n != SizeofUvmexp {
+		return nil, EIO
+	}
+	return &u, nil
+}
+
+func Pipe(p []int) (err error) {
+	return Pipe2(p, 0)
+}
+
+//sysnb	pipe2(p *[2]_C_int, flags int) (err error)
+func Pipe2(p []int, flags int) error {
+	if len(p) != 2 {
+		return EINVAL
+	}
+	var pp [2]_C_int
+	err := pipe2(&pp, flags)
+	p[0] = int(pp[0])
+	p[1] = int(pp[1])
+	return err
+}
+
+//sys Getdents(fd int, buf []byte) (n int, err error)
+func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
+	n, err = Getdents(fd, buf)
+	if err != nil || basep == nil {
+		return
+	}
+
+	var off int64
+	off, err = Seek(fd, 0, 1 /* SEEK_CUR */)
+	if err != nil {
+		*basep = ^uintptr(0)
+		return
+	}
+	*basep = uintptr(off)
+	if unsafe.Sizeof(*basep) == 8 {
+		return
+	}
+	if off>>32 != 0 {
+		// We can't stuff the offset back into a uintptr, so any
+		// future calls would be suspect. Generate an error.
+		// EIO was allowed by getdirentries.
+		err = EIO
+	}
+	return
+}
+
+//sys	Getcwd(buf []byte) (n int, err error) = SYS___GETCWD
+
+func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
+	if raceenabled {
+		raceReleaseMerge(unsafe.Pointer(&ioSync))
+	}
+	return sendfile(outfd, infd, offset, count)
+}
+
+// TODO
+func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
+	return -1, ENOSYS
+}
+
+func Getfsstat(buf []Statfs_t, flags int) (n int, err error) {
+	var _p0 unsafe.Pointer
+	var bufsize uintptr
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+		bufsize = unsafe.Sizeof(Statfs_t{}) * uintptr(len(buf))
+	}
+	r0, _, e1 := Syscall(SYS_GETFSSTAT, uintptr(_p0), bufsize, uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+func setattrlistTimes(path string, times []Timespec, flags int) error {
+	// used on Darwin for UtimesNano
+	return ENOSYS
+}
+
+//sys	ioctl(fd int, req uint, arg uintptr) (err error)
+
+//sys   sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS___SYSCTL
+
+//sys	ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error)
+
+func Ppoll(fds []PollFd, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
+	if len(fds) == 0 {
+		return ppoll(nil, 0, timeout, sigmask)
+	}
+	return ppoll(&fds[0], len(fds), timeout, sigmask)
+}
+
+func Uname(uname *Utsname) error {
+	mib := []_C_int{CTL_KERN, KERN_OSTYPE}
+	n := unsafe.Sizeof(uname.Sysname)
+	if err := sysctl(mib, &uname.Sysname[0], &n, nil, 0); err != nil {
+		return err
+	}
+
+	mib = []_C_int{CTL_KERN, KERN_HOSTNAME}
+	n = unsafe.Sizeof(uname.Nodename)
+	if err := sysctl(mib, &uname.Nodename[0], &n, nil, 0); err != nil {
+		return err
+	}
+
+	mib = []_C_int{CTL_KERN, KERN_OSRELEASE}
+	n = unsafe.Sizeof(uname.Release)
+	if err := sysctl(mib, &uname.Release[0], &n, nil, 0); err != nil {
+		return err
+	}
+
+	mib = []_C_int{CTL_KERN, KERN_VERSION}
+	n = unsafe.Sizeof(uname.Version)
+	if err := sysctl(mib, &uname.Version[0], &n, nil, 0); err != nil {
+		return err
+	}
+
+	// The version might have newlines or tabs in it, convert them to
+	// spaces.
+	for i, b := range uname.Version {
+		if b == '\n' || b == '\t' {
+			if i == len(uname.Version)-1 {
+				uname.Version[i] = 0
+			} else {
+				uname.Version[i] = ' '
+			}
+		}
+	}
+
+	mib = []_C_int{CTL_HW, HW_MACHINE}
+	n = unsafe.Sizeof(uname.Machine)
+	if err := sysctl(mib, &uname.Machine[0], &n, nil, 0); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+/*
+ * Exposed directly
+ */
+//sys	Access(path string, mode uint32) (err error)
+//sys	Adjtime(delta *Timeval, olddelta *Timeval) (err error)
+//sys	Chdir(path string) (err error)
+//sys	Chflags(path string, flags int) (err error)
+//sys	Chmod(path string, mode uint32) (err error)
+//sys	Chown(path string, uid int, gid int) (err error)
+//sys	Chroot(path string) (err error)
+//sys	Close(fd int) (err error)
+//sys	Dup(fd int) (nfd int, err error)
+//sys	Dup2(from int, to int) (err error)
+//sys	Dup3(from int, to int, flags int) (err error)
+//sys	Exit(code int)
+//sys	Faccessat(dirfd int, path string, mode uint32, flags int) (err error)
+//sys	Fchdir(fd int) (err error)
+//sys	Fchflags(fd int, flags int) (err error)
+//sys	Fchmod(fd int, mode uint32) (err error)
+//sys	Fchmodat(dirfd int, path string, mode uint32, flags int) (err error)
+//sys	Fchown(fd int, uid int, gid int) (err error)
+//sys	Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error)
+//sys	Flock(fd int, how int) (err error)
+//sys	Fpathconf(fd int, name int) (val int, err error)
+//sys	Fstat(fd int, stat *Stat_t) (err error)
+//sys	Fstatat(fd int, path string, stat *Stat_t, flags int) (err error)
+//sys	Fstatfs(fd int, stat *Statfs_t) (err error)
+//sys	Fsync(fd int) (err error)
+//sys	Ftruncate(fd int, length int64) (err error)
+//sysnb	Getegid() (egid int)
+//sysnb	Geteuid() (uid int)
+//sysnb	Getgid() (gid int)
+//sysnb	Getpgid(pid int) (pgid int, err error)
+//sysnb	Getpgrp() (pgrp int)
+//sysnb	Getpid() (pid int)
+//sysnb	Getppid() (ppid int)
+//sys	Getpriority(which int, who int) (prio int, err error)
+//sysnb	Getrlimit(which int, lim *Rlimit) (err error)
+//sysnb	Getrtable() (rtable int, err error)
+//sysnb	Getrusage(who int, rusage *Rusage) (err error)
+//sysnb	Getsid(pid int) (sid int, err error)
+//sysnb	Gettimeofday(tv *Timeval) (err error)
+//sysnb	Getuid() (uid int)
+//sys	Issetugid() (tainted bool)
+//sys	Kill(pid int, signum syscall.Signal) (err error)
+//sys	Kqueue() (fd int, err error)
+//sys	Lchown(path string, uid int, gid int) (err error)
+//sys	Link(path string, link string) (err error)
+//sys	Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error)
+//sys	Listen(s int, backlog int) (err error)
+//sys	Lstat(path string, stat *Stat_t) (err error)
+//sys	Mkdir(path string, mode uint32) (err error)
+//sys	Mkdirat(dirfd int, path string, mode uint32) (err error)
+//sys	Mkfifo(path string, mode uint32) (err error)
+//sys	Mkfifoat(dirfd int, path string, mode uint32) (err error)
+//sys	Mknod(path string, mode uint32, dev int) (err error)
+//sys	Mknodat(dirfd int, path string, mode uint32, dev int) (err error)
+//sys	Nanosleep(time *Timespec, leftover *Timespec) (err error)
+//sys	Open(path string, mode int, perm uint32) (fd int, err error)
+//sys	Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error)
+//sys	Pathconf(path string, name int) (val int, err error)
+//sys	Pread(fd int, p []byte, offset int64) (n int, err error)
+//sys	Pwrite(fd int, p []byte, offset int64) (n int, err error)
+//sys	read(fd int, p []byte) (n int, err error)
+//sys	Readlink(path string, buf []byte) (n int, err error)
+//sys	Readlinkat(dirfd int, path string, buf []byte) (n int, err error)
+//sys	Rename(from string, to string) (err error)
+//sys	Renameat(fromfd int, from string, tofd int, to string) (err error)
+//sys	Revoke(path string) (err error)
+//sys	Rmdir(path string) (err error)
+//sys	Seek(fd int, offset int64, whence int) (newoffset int64, err error) = SYS_LSEEK
+//sys	Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error)
+//sysnb	Setegid(egid int) (err error)
+//sysnb	Seteuid(euid int) (err error)
+//sysnb	Setgid(gid int) (err error)
+//sys	Setlogin(name string) (err error)
+//sysnb	Setpgid(pid int, pgid int) (err error)
+//sys	Setpriority(which int, who int, prio int) (err error)
+//sysnb	Setregid(rgid int, egid int) (err error)
+//sysnb	Setreuid(ruid int, euid int) (err error)
+//sysnb	Setresgid(rgid int, egid int, sgid int) (err error)
+//sysnb	Setresuid(ruid int, euid int, suid int) (err error)
+//sysnb	Setrlimit(which int, lim *Rlimit) (err error)
+//sysnb	Setrtable(rtable int) (err error)
+//sysnb	Setsid() (pid int, err error)
+//sysnb	Settimeofday(tp *Timeval) (err error)
+//sysnb	Setuid(uid int) (err error)
+//sys	Stat(path string, stat *Stat_t) (err error)
+//sys	Statfs(path string, stat *Statfs_t) (err error)
+//sys	Symlink(path string, link string) (err error)
+//sys	Symlinkat(oldpath string, newdirfd int, newpath string) (err error)
+//sys	Sync() (err error)
+//sys	Truncate(path string, length int64) (err error)
+//sys	Umask(newmask int) (oldmask int)
+//sys	Unlink(path string) (err error)
+//sys	Unlinkat(dirfd int, path string, flags int) (err error)
+//sys	Unmount(path string, flags int) (err error)
+//sys	write(fd int, p []byte) (n int, err error)
+//sys	mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error)
+//sys	munmap(addr uintptr, length uintptr) (err error)
+//sys	readlen(fd int, buf *byte, nbuf int) (n int, err error) = SYS_READ
+//sys	writelen(fd int, buf *byte, nbuf int) (n int, err error) = SYS_WRITE
+//sys	utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error)
+
+/*
+ * Unimplemented
+ */
+// __getcwd
+// __semctl
+// __syscall
+// __sysctl
+// adjfreq
+// break
+// clock_getres
+// clock_gettime
+// clock_settime
+// closefrom
+// execve
+// fhopen
+// fhstat
+// fhstatfs
+// fork
+// futimens
+// getfh
+// getgid
+// getitimer
+// getlogin
+// getresgid
+// getresuid
+// getthrid
+// ktrace
+// lfs_bmapv
+// lfs_markv
+// lfs_segclean
+// lfs_segwait
+// mincore
+// minherit
+// mount
+// mquery
+// msgctl
+// msgget
+// msgrcv
+// msgsnd
+// nfssvc
+// nnpfspioctl
+// preadv
+// profil
+// pwritev
+// quotactl
+// readv
+// reboot
+// renameat
+// rfork
+// sched_yield
+// semget
+// semop
+// setgroups
+// setitimer
+// setsockopt
+// shmat
+// shmctl
+// shmdt
+// shmget
+// sigaction
+// sigaltstack
+// sigpending
+// sigprocmask
+// sigreturn
+// sigsuspend
+// sysarch
+// syscall
+// threxit
+// thrsigdivert
+// thrsleep
+// thrwakeup
+// vfork
+// writev
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_openbsd_386.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_openbsd_386.go
new file mode 100644
index 000000000..42b5a0e51
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_openbsd_386.go
@@ -0,0 +1,41 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build 386,openbsd
+
+package unix
+
+func setTimespec(sec, nsec int64) Timespec {
+	return Timespec{Sec: sec, Nsec: int32(nsec)}
+}
+
+func setTimeval(sec, usec int64) Timeval {
+	return Timeval{Sec: sec, Usec: int32(usec)}
+}
+
+func SetKevent(k *Kevent_t, fd, mode, flags int) {
+	k.Ident = uint32(fd)
+	k.Filter = int16(mode)
+	k.Flags = uint16(flags)
+}
+
+func (iov *Iovec) SetLen(length int) {
+	iov.Len = uint32(length)
+}
+
+func (msghdr *Msghdr) SetControllen(length int) {
+	msghdr.Controllen = uint32(length)
+}
+
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = uint32(length)
+}
+
+func (cmsg *Cmsghdr) SetLen(length int) {
+	cmsg.Len = uint32(length)
+}
+
+// SYS___SYSCTL is used by syscall_bsd.go for all BSDs, but in modern versions
+// of openbsd/386 the syscall is called sysctl instead of __sysctl.
+const SYS___SYSCTL = SYS_SYSCTL
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_openbsd_amd64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_openbsd_amd64.go
new file mode 100644
index 000000000..6ea4b4883
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_openbsd_amd64.go
@@ -0,0 +1,41 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build amd64,openbsd
+
+package unix
+
+func setTimespec(sec, nsec int64) Timespec {
+	return Timespec{Sec: sec, Nsec: nsec}
+}
+
+func setTimeval(sec, usec int64) Timeval {
+	return Timeval{Sec: sec, Usec: usec}
+}
+
+func SetKevent(k *Kevent_t, fd, mode, flags int) {
+	k.Ident = uint64(fd)
+	k.Filter = int16(mode)
+	k.Flags = uint16(flags)
+}
+
+func (iov *Iovec) SetLen(length int) {
+	iov.Len = uint64(length)
+}
+
+func (msghdr *Msghdr) SetControllen(length int) {
+	msghdr.Controllen = uint32(length)
+}
+
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = uint32(length)
+}
+
+func (cmsg *Cmsghdr) SetLen(length int) {
+	cmsg.Len = uint32(length)
+}
+
+// SYS___SYSCTL is used by syscall_bsd.go for all BSDs, but in modern versions
+// of openbsd/amd64 the syscall is called sysctl instead of __sysctl.
+const SYS___SYSCTL = SYS_SYSCTL
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_openbsd_arm.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_openbsd_arm.go
new file mode 100644
index 000000000..1c3d26fa2
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_openbsd_arm.go
@@ -0,0 +1,41 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build arm,openbsd
+
+package unix
+
+func setTimespec(sec, nsec int64) Timespec {
+	return Timespec{Sec: sec, Nsec: int32(nsec)}
+}
+
+func setTimeval(sec, usec int64) Timeval {
+	return Timeval{Sec: sec, Usec: int32(usec)}
+}
+
+func SetKevent(k *Kevent_t, fd, mode, flags int) {
+	k.Ident = uint32(fd)
+	k.Filter = int16(mode)
+	k.Flags = uint16(flags)
+}
+
+func (iov *Iovec) SetLen(length int) {
+	iov.Len = uint32(length)
+}
+
+func (msghdr *Msghdr) SetControllen(length int) {
+	msghdr.Controllen = uint32(length)
+}
+
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = uint32(length)
+}
+
+func (cmsg *Cmsghdr) SetLen(length int) {
+	cmsg.Len = uint32(length)
+}
+
+// SYS___SYSCTL is used by syscall_bsd.go for all BSDs, but in modern versions
+// of openbsd/arm the syscall is called sysctl instead of __sysctl.
+const SYS___SYSCTL = SYS_SYSCTL
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_openbsd_arm64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_openbsd_arm64.go
new file mode 100644
index 000000000..a8c458cb0
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_openbsd_arm64.go
@@ -0,0 +1,41 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build arm64,openbsd
+
+package unix
+
+func setTimespec(sec, nsec int64) Timespec {
+	return Timespec{Sec: sec, Nsec: nsec}
+}
+
+func setTimeval(sec, usec int64) Timeval {
+	return Timeval{Sec: sec, Usec: usec}
+}
+
+func SetKevent(k *Kevent_t, fd, mode, flags int) {
+	k.Ident = uint64(fd)
+	k.Filter = int16(mode)
+	k.Flags = uint16(flags)
+}
+
+func (iov *Iovec) SetLen(length int) {
+	iov.Len = uint64(length)
+}
+
+func (msghdr *Msghdr) SetControllen(length int) {
+	msghdr.Controllen = uint32(length)
+}
+
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = uint32(length)
+}
+
+func (cmsg *Cmsghdr) SetLen(length int) {
+	cmsg.Len = uint32(length)
+}
+
+// SYS___SYSCTL is used by syscall_bsd.go for all BSDs, but in modern versions
+// of openbsd/amd64 the syscall is called sysctl instead of __sysctl.
+const SYS___SYSCTL = SYS_SYSCTL
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_openbsd_mips64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_openbsd_mips64.go
new file mode 100644
index 000000000..30f285343
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_openbsd_mips64.go
@@ -0,0 +1,35 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package unix
+
+func setTimespec(sec, nsec int64) Timespec {
+	return Timespec{Sec: sec, Nsec: nsec}
+}
+
+func setTimeval(sec, usec int64) Timeval {
+	return Timeval{Sec: sec, Usec: usec}
+}
+
+func SetKevent(k *Kevent_t, fd, mode, flags int) {
+	k.Ident = uint64(fd)
+	k.Filter = int16(mode)
+	k.Flags = uint16(flags)
+}
+
+func (iov *Iovec) SetLen(length int) {
+	iov.Len = uint64(length)
+}
+
+func (msghdr *Msghdr) SetControllen(length int) {
+	msghdr.Controllen = uint32(length)
+}
+
+func (cmsg *Cmsghdr) SetLen(length int) {
+	cmsg.Len = uint32(length)
+}
+
+// SYS___SYSCTL is used by syscall_bsd.go for all BSDs, but in modern versions
+// of OpenBSD the syscall is called sysctl instead of __sysctl.
+const SYS___SYSCTL = SYS_SYSCTL
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_solaris.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_solaris.go
new file mode 100644
index 000000000..0e2a696ad
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_solaris.go
@@ -0,0 +1,724 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Solaris system calls.
+// This file is compiled as ordinary Go code,
+// but it is also input to mksyscall,
+// which parses the //sys lines and generates system call stubs.
+// Note that sometimes we use a lowercase //sys name and wrap
+// it in our own nicer implementation, either here or in
+// syscall_solaris.go or syscall_unix.go.
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+// Implemented in runtime/syscall_solaris.go.
+type syscallFunc uintptr
+
+func rawSysvicall6(trap, nargs, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err syscall.Errno)
+func sysvicall6(trap, nargs, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err syscall.Errno)
+
+// SockaddrDatalink implements the Sockaddr interface for AF_LINK type sockets.
+type SockaddrDatalink struct {
+	Family uint16
+	Index  uint16
+	Type   uint8
+	Nlen   uint8
+	Alen   uint8
+	Slen   uint8
+	Data   [244]int8
+	raw    RawSockaddrDatalink
+}
+
+func direntIno(buf []byte) (uint64, bool) {
+	return readInt(buf, unsafe.Offsetof(Dirent{}.Ino), unsafe.Sizeof(Dirent{}.Ino))
+}
+
+func direntReclen(buf []byte) (uint64, bool) {
+	return readInt(buf, unsafe.Offsetof(Dirent{}.Reclen), unsafe.Sizeof(Dirent{}.Reclen))
+}
+
+func direntNamlen(buf []byte) (uint64, bool) {
+	reclen, ok := direntReclen(buf)
+	if !ok {
+		return 0, false
+	}
+	return reclen - uint64(unsafe.Offsetof(Dirent{}.Name)), true
+}
+
+//sysnb	pipe(p *[2]_C_int) (n int, err error)
+
+func Pipe(p []int) (err error) {
+	if len(p) != 2 {
+		return EINVAL
+	}
+	var pp [2]_C_int
+	n, err := pipe(&pp)
+	if n != 0 {
+		return err
+	}
+	p[0] = int(pp[0])
+	p[1] = int(pp[1])
+	return nil
+}
+
+func (sa *SockaddrInet4) sockaddr() (unsafe.Pointer, _Socklen, error) {
+	if sa.Port < 0 || sa.Port > 0xFFFF {
+		return nil, 0, EINVAL
+	}
+	sa.raw.Family = AF_INET
+	p := (*[2]byte)(unsafe.Pointer(&sa.raw.Port))
+	p[0] = byte(sa.Port >> 8)
+	p[1] = byte(sa.Port)
+	for i := 0; i < len(sa.Addr); i++ {
+		sa.raw.Addr[i] = sa.Addr[i]
+	}
+	return unsafe.Pointer(&sa.raw), SizeofSockaddrInet4, nil
+}
+
+func (sa *SockaddrInet6) sockaddr() (unsafe.Pointer, _Socklen, error) {
+	if sa.Port < 0 || sa.Port > 0xFFFF {
+		return nil, 0, EINVAL
+	}
+	sa.raw.Family = AF_INET6
+	p := (*[2]byte)(unsafe.Pointer(&sa.raw.Port))
+	p[0] = byte(sa.Port >> 8)
+	p[1] = byte(sa.Port)
+	sa.raw.Scope_id = sa.ZoneId
+	for i := 0; i < len(sa.Addr); i++ {
+		sa.raw.Addr[i] = sa.Addr[i]
+	}
+	return unsafe.Pointer(&sa.raw), SizeofSockaddrInet6, nil
+}
+
+func (sa *SockaddrUnix) sockaddr() (unsafe.Pointer, _Socklen, error) {
+	name := sa.Name
+	n := len(name)
+	if n >= len(sa.raw.Path) {
+		return nil, 0, EINVAL
+	}
+	sa.raw.Family = AF_UNIX
+	for i := 0; i < n; i++ {
+		sa.raw.Path[i] = int8(name[i])
+	}
+	// length is family (uint16), name, NUL.
+	sl := _Socklen(2)
+	if n > 0 {
+		sl += _Socklen(n) + 1
+	}
+	if sa.raw.Path[0] == '@' {
+		sa.raw.Path[0] = 0
+		// Don't count trailing NUL for abstract address.
+		sl--
+	}
+
+	return unsafe.Pointer(&sa.raw), sl, nil
+}
+
+//sys	getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) = libsocket.getsockname
+
+func Getsockname(fd int) (sa Sockaddr, err error) {
+	var rsa RawSockaddrAny
+	var len _Socklen = SizeofSockaddrAny
+	if err = getsockname(fd, &rsa, &len); err != nil {
+		return
+	}
+	return anyToSockaddr(fd, &rsa)
+}
+
+// GetsockoptString returns the string value of the socket option opt for the
+// socket associated with fd at the given socket level.
+func GetsockoptString(fd, level, opt int) (string, error) {
+	buf := make([]byte, 256)
+	vallen := _Socklen(len(buf))
+	err := getsockopt(fd, level, opt, unsafe.Pointer(&buf[0]), &vallen)
+	if err != nil {
+		return "", err
+	}
+	return string(buf[:vallen-1]), nil
+}
+
+const ImplementsGetwd = true
+
+//sys	Getcwd(buf []byte) (n int, err error)
+
+func Getwd() (wd string, err error) {
+	var buf [PathMax]byte
+	// Getcwd will return an error if it failed for any reason.
+	_, err = Getcwd(buf[0:])
+	if err != nil {
+		return "", err
+	}
+	n := clen(buf[:])
+	if n < 1 {
+		return "", EINVAL
+	}
+	return string(buf[:n]), nil
+}
+
+/*
+ * Wrapped
+ */
+
+//sysnb	getgroups(ngid int, gid *_Gid_t) (n int, err error)
+//sysnb	setgroups(ngid int, gid *_Gid_t) (err error)
+
+func Getgroups() (gids []int, err error) {
+	n, err := getgroups(0, nil)
+	// Check for error and sanity check group count. Newer versions of
+	// Solaris allow up to 1024 (NGROUPS_MAX).
+	if n < 0 || n > 1024 {
+		if err != nil {
+			return nil, err
+		}
+		return nil, EINVAL
+	} else if n == 0 {
+		return nil, nil
+	}
+
+	a := make([]_Gid_t, n)
+	n, err = getgroups(n, &a[0])
+	if n == -1 {
+		return nil, err
+	}
+	gids = make([]int, n)
+	for i, v := range a[0:n] {
+		gids[i] = int(v)
+	}
+	return
+}
+
+func Setgroups(gids []int) (err error) {
+	if len(gids) == 0 {
+		return setgroups(0, nil)
+	}
+
+	a := make([]_Gid_t, len(gids))
+	for i, v := range gids {
+		a[i] = _Gid_t(v)
+	}
+	return setgroups(len(a), &a[0])
+}
+
+// ReadDirent reads directory entries from fd and writes them into buf.
+func ReadDirent(fd int, buf []byte) (n int, err error) {
+	// Final argument is (basep *uintptr) and the syscall doesn't take nil.
+	// TODO(rsc): Can we use a single global basep for all calls?
+	return Getdents(fd, buf, new(uintptr))
+}
+
+// Wait status is 7 bits at bottom, either 0 (exited),
+// 0x7F (stopped), or a signal number that caused an exit.
+// The 0x80 bit is whether there was a core dump.
+// An extra number (exit code, signal causing a stop)
+// is in the high bits.
+
+type WaitStatus uint32
+
+const (
+	mask  = 0x7F
+	core  = 0x80
+	shift = 8
+
+	exited  = 0
+	stopped = 0x7F
+)
+
+func (w WaitStatus) Exited() bool { return w&mask == exited }
+
+func (w WaitStatus) ExitStatus() int {
+	if w&mask != exited {
+		return -1
+	}
+	return int(w >> shift)
+}
+
+func (w WaitStatus) Signaled() bool { return w&mask != stopped && w&mask != 0 }
+
+func (w WaitStatus) Signal() syscall.Signal {
+	sig := syscall.Signal(w & mask)
+	if sig == stopped || sig == 0 {
+		return -1
+	}
+	return sig
+}
+
+func (w WaitStatus) CoreDump() bool { return w.Signaled() && w&core != 0 }
+
+func (w WaitStatus) Stopped() bool { return w&mask == stopped && syscall.Signal(w>>shift) != SIGSTOP }
+
+func (w WaitStatus) Continued() bool { return w&mask == stopped && syscall.Signal(w>>shift) == SIGSTOP }
+
+func (w WaitStatus) StopSignal() syscall.Signal {
+	if !w.Stopped() {
+		return -1
+	}
+	return syscall.Signal(w>>shift) & 0xFF
+}
+
+func (w WaitStatus) TrapCause() int { return -1 }
+
+//sys	wait4(pid int32, statusp *_C_int, options int, rusage *Rusage) (wpid int32, err error)
+
+func Wait4(pid int, wstatus *WaitStatus, options int, rusage *Rusage) (int, error) {
+	var status _C_int
+	rpid, err := wait4(int32(pid), &status, options, rusage)
+	wpid := int(rpid)
+	if wpid == -1 {
+		return wpid, err
+	}
+	if wstatus != nil {
+		*wstatus = WaitStatus(status)
+	}
+	return wpid, nil
+}
+
+//sys	gethostname(buf []byte) (n int, err error)
+
+func Gethostname() (name string, err error) {
+	var buf [MaxHostNameLen]byte
+	n, err := gethostname(buf[:])
+	if n != 0 {
+		return "", err
+	}
+	n = clen(buf[:])
+	if n < 1 {
+		return "", EFAULT
+	}
+	return string(buf[:n]), nil
+}
+
+//sys	utimes(path string, times *[2]Timeval) (err error)
+
+func Utimes(path string, tv []Timeval) (err error) {
+	if tv == nil {
+		return utimes(path, nil)
+	}
+	if len(tv) != 2 {
+		return EINVAL
+	}
+	return utimes(path, (*[2]Timeval)(unsafe.Pointer(&tv[0])))
+}
+
+//sys	utimensat(fd int, path string, times *[2]Timespec, flag int) (err error)
+
+func UtimesNano(path string, ts []Timespec) error {
+	if ts == nil {
+		return utimensat(AT_FDCWD, path, nil, 0)
+	}
+	if len(ts) != 2 {
+		return EINVAL
+	}
+	return utimensat(AT_FDCWD, path, (*[2]Timespec)(unsafe.Pointer(&ts[0])), 0)
+}
+
+func UtimesNanoAt(dirfd int, path string, ts []Timespec, flags int) error {
+	if ts == nil {
+		return utimensat(dirfd, path, nil, flags)
+	}
+	if len(ts) != 2 {
+		return EINVAL
+	}
+	return utimensat(dirfd, path, (*[2]Timespec)(unsafe.Pointer(&ts[0])), flags)
+}
+
+//sys	fcntl(fd int, cmd int, arg int) (val int, err error)
+
+// FcntlInt performs a fcntl syscall on fd with the provided command and argument.
+func FcntlInt(fd uintptr, cmd, arg int) (int, error) {
+	valptr, _, errno := sysvicall6(uintptr(unsafe.Pointer(&procfcntl)), 3, uintptr(fd), uintptr(cmd), uintptr(arg), 0, 0, 0)
+	var err error
+	if errno != 0 {
+		err = errno
+	}
+	return int(valptr), err
+}
+
+// FcntlFlock performs a fcntl syscall for the F_GETLK, F_SETLK or F_SETLKW command.
+func FcntlFlock(fd uintptr, cmd int, lk *Flock_t) error {
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procfcntl)), 3, uintptr(fd), uintptr(cmd), uintptr(unsafe.Pointer(lk)), 0, 0, 0)
+	if e1 != 0 {
+		return e1
+	}
+	return nil
+}
+
+//sys	futimesat(fildes int, path *byte, times *[2]Timeval) (err error)
+
+func Futimesat(dirfd int, path string, tv []Timeval) error {
+	pathp, err := BytePtrFromString(path)
+	if err != nil {
+		return err
+	}
+	if tv == nil {
+		return futimesat(dirfd, pathp, nil)
+	}
+	if len(tv) != 2 {
+		return EINVAL
+	}
+	return futimesat(dirfd, pathp, (*[2]Timeval)(unsafe.Pointer(&tv[0])))
+}
+
+// Solaris doesn't have an futimes function because it allows NULL to be
+// specified as the path for futimesat. However, Go doesn't like
+// NULL-style string interfaces, so this simple wrapper is provided.
+func Futimes(fd int, tv []Timeval) error {
+	if tv == nil {
+		return futimesat(fd, nil, nil)
+	}
+	if len(tv) != 2 {
+		return EINVAL
+	}
+	return futimesat(fd, nil, (*[2]Timeval)(unsafe.Pointer(&tv[0])))
+}
+
+func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) {
+	switch rsa.Addr.Family {
+	case AF_UNIX:
+		pp := (*RawSockaddrUnix)(unsafe.Pointer(rsa))
+		sa := new(SockaddrUnix)
+		// Assume path ends at NUL.
+		// This is not technically the Solaris semantics for
+		// abstract Unix domain sockets -- they are supposed
+		// to be uninterpreted fixed-size binary blobs -- but
+		// everyone uses this convention.
+		n := 0
+		for n < len(pp.Path) && pp.Path[n] != 0 {
+			n++
+		}
+		bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n]
+		sa.Name = string(bytes)
+		return sa, nil
+
+	case AF_INET:
+		pp := (*RawSockaddrInet4)(unsafe.Pointer(rsa))
+		sa := new(SockaddrInet4)
+		p := (*[2]byte)(unsafe.Pointer(&pp.Port))
+		sa.Port = int(p[0])<<8 + int(p[1])
+		for i := 0; i < len(sa.Addr); i++ {
+			sa.Addr[i] = pp.Addr[i]
+		}
+		return sa, nil
+
+	case AF_INET6:
+		pp := (*RawSockaddrInet6)(unsafe.Pointer(rsa))
+		sa := new(SockaddrInet6)
+		p := (*[2]byte)(unsafe.Pointer(&pp.Port))
+		sa.Port = int(p[0])<<8 + int(p[1])
+		sa.ZoneId = pp.Scope_id
+		for i := 0; i < len(sa.Addr); i++ {
+			sa.Addr[i] = pp.Addr[i]
+		}
+		return sa, nil
+	}
+	return nil, EAFNOSUPPORT
+}
+
+//sys	accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) = libsocket.accept
+
+func Accept(fd int) (nfd int, sa Sockaddr, err error) {
+	var rsa RawSockaddrAny
+	var len _Socklen = SizeofSockaddrAny
+	nfd, err = accept(fd, &rsa, &len)
+	if nfd == -1 {
+		return
+	}
+	sa, err = anyToSockaddr(fd, &rsa)
+	if err != nil {
+		Close(nfd)
+		nfd = 0
+	}
+	return
+}
+
+//sys	recvmsg(s int, msg *Msghdr, flags int) (n int, err error) = libsocket.__xnet_recvmsg
+
+func Recvmsg(fd int, p, oob []byte, flags int) (n, oobn int, recvflags int, from Sockaddr, err error) {
+	var msg Msghdr
+	var rsa RawSockaddrAny
+	msg.Name = (*byte)(unsafe.Pointer(&rsa))
+	msg.Namelen = uint32(SizeofSockaddrAny)
+	var iov Iovec
+	if len(p) > 0 {
+		iov.Base = (*int8)(unsafe.Pointer(&p[0]))
+		iov.SetLen(len(p))
+	}
+	var dummy int8
+	if len(oob) > 0 {
+		// receive at least one normal byte
+		if len(p) == 0 {
+			iov.Base = &dummy
+			iov.SetLen(1)
+		}
+		msg.Accrightslen = int32(len(oob))
+	}
+	msg.Iov = &iov
+	msg.Iovlen = 1
+	if n, err = recvmsg(fd, &msg, flags); n == -1 {
+		return
+	}
+	oobn = int(msg.Accrightslen)
+	// source address is only specified if the socket is unconnected
+	if rsa.Addr.Family != AF_UNSPEC {
+		from, err = anyToSockaddr(fd, &rsa)
+	}
+	return
+}
+
+func Sendmsg(fd int, p, oob []byte, to Sockaddr, flags int) (err error) {
+	_, err = SendmsgN(fd, p, oob, to, flags)
+	return
+}
+
+//sys	sendmsg(s int, msg *Msghdr, flags int) (n int, err error) = libsocket.__xnet_sendmsg
+
+func SendmsgN(fd int, p, oob []byte, to Sockaddr, flags int) (n int, err error) {
+	var ptr unsafe.Pointer
+	var salen _Socklen
+	if to != nil {
+		ptr, salen, err = to.sockaddr()
+		if err != nil {
+			return 0, err
+		}
+	}
+	var msg Msghdr
+	msg.Name = (*byte)(unsafe.Pointer(ptr))
+	msg.Namelen = uint32(salen)
+	var iov Iovec
+	if len(p) > 0 {
+		iov.Base = (*int8)(unsafe.Pointer(&p[0]))
+		iov.SetLen(len(p))
+	}
+	var dummy int8
+	if len(oob) > 0 {
+		// send at least one normal byte
+		if len(p) == 0 {
+			iov.Base = &dummy
+			iov.SetLen(1)
+		}
+		msg.Accrightslen = int32(len(oob))
+	}
+	msg.Iov = &iov
+	msg.Iovlen = 1
+	if n, err = sendmsg(fd, &msg, flags); err != nil {
+		return 0, err
+	}
+	if len(oob) > 0 && len(p) == 0 {
+		n = 0
+	}
+	return n, nil
+}
+
+//sys	acct(path *byte) (err error)
+
+func Acct(path string) (err error) {
+	if len(path) == 0 {
+		// Assume caller wants to disable accounting.
+		return acct(nil)
+	}
+
+	pathp, err := BytePtrFromString(path)
+	if err != nil {
+		return err
+	}
+	return acct(pathp)
+}
+
+//sys	__makedev(version int, major uint, minor uint) (val uint64)
+
+func Mkdev(major, minor uint32) uint64 {
+	return __makedev(NEWDEV, uint(major), uint(minor))
+}
+
+//sys	__major(version int, dev uint64) (val uint)
+
+func Major(dev uint64) uint32 {
+	return uint32(__major(NEWDEV, dev))
+}
+
+//sys	__minor(version int, dev uint64) (val uint)
+
+func Minor(dev uint64) uint32 {
+	return uint32(__minor(NEWDEV, dev))
+}
+
+/*
+ * Expose the ioctl function
+ */
+
+//sys	ioctl(fd int, req uint, arg uintptr) (err error)
+
+func IoctlSetTermio(fd int, req uint, value *Termio) (err error) {
+	return ioctl(fd, req, uintptr(unsafe.Pointer(value)))
+}
+
+func IoctlGetTermio(fd int, req uint) (*Termio, error) {
+	var value Termio
+	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
+	return &value, err
+}
+
+//sys   poll(fds *PollFd, nfds int, timeout int) (n int, err error)
+
+func Poll(fds []PollFd, timeout int) (n int, err error) {
+	if len(fds) == 0 {
+		return poll(nil, 0, timeout)
+	}
+	return poll(&fds[0], len(fds), timeout)
+}
+
+func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
+	if raceenabled {
+		raceReleaseMerge(unsafe.Pointer(&ioSync))
+	}
+	return sendfile(outfd, infd, offset, count)
+}
+
+/*
+ * Exposed directly
+ */
+//sys	Access(path string, mode uint32) (err error)
+//sys	Adjtime(delta *Timeval, olddelta *Timeval) (err error)
+//sys	Chdir(path string) (err error)
+//sys	Chmod(path string, mode uint32) (err error)
+//sys	Chown(path string, uid int, gid int) (err error)
+//sys	Chroot(path string) (err error)
+//sys	Close(fd int) (err error)
+//sys	Creat(path string, mode uint32) (fd int, err error)
+//sys	Dup(fd int) (nfd int, err error)
+//sys	Dup2(oldfd int, newfd int) (err error)
+//sys	Exit(code int)
+//sys	Faccessat(dirfd int, path string, mode uint32, flags int) (err error)
+//sys	Fchdir(fd int) (err error)
+//sys	Fchmod(fd int, mode uint32) (err error)
+//sys	Fchmodat(dirfd int, path string, mode uint32, flags int) (err error)
+//sys	Fchown(fd int, uid int, gid int) (err error)
+//sys	Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error)
+//sys	Fdatasync(fd int) (err error)
+//sys	Flock(fd int, how int) (err error)
+//sys	Fpathconf(fd int, name int) (val int, err error)
+//sys	Fstat(fd int, stat *Stat_t) (err error)
+//sys	Fstatat(fd int, path string, stat *Stat_t, flags int) (err error)
+//sys	Fstatvfs(fd int, vfsstat *Statvfs_t) (err error)
+//sys	Getdents(fd int, buf []byte, basep *uintptr) (n int, err error)
+//sysnb	Getgid() (gid int)
+//sysnb	Getpid() (pid int)
+//sysnb	Getpgid(pid int) (pgid int, err error)
+//sysnb	Getpgrp() (pgid int, err error)
+//sys	Geteuid() (euid int)
+//sys	Getegid() (egid int)
+//sys	Getppid() (ppid int)
+//sys	Getpriority(which int, who int) (n int, err error)
+//sysnb	Getrlimit(which int, lim *Rlimit) (err error)
+//sysnb	Getrusage(who int, rusage *Rusage) (err error)
+//sysnb	Gettimeofday(tv *Timeval) (err error)
+//sysnb	Getuid() (uid int)
+//sys	Kill(pid int, signum syscall.Signal) (err error)
+//sys	Lchown(path string, uid int, gid int) (err error)
+//sys	Link(path string, link string) (err error)
+//sys	Listen(s int, backlog int) (err error) = libsocket.__xnet_llisten
+//sys	Lstat(path string, stat *Stat_t) (err error)
+//sys	Madvise(b []byte, advice int) (err error)
+//sys	Mkdir(path string, mode uint32) (err error)
+//sys	Mkdirat(dirfd int, path string, mode uint32) (err error)
+//sys	Mkfifo(path string, mode uint32) (err error)
+//sys	Mkfifoat(dirfd int, path string, mode uint32) (err error)
+//sys	Mknod(path string, mode uint32, dev int) (err error)
+//sys	Mknodat(dirfd int, path string, mode uint32, dev int) (err error)
+//sys	Mlock(b []byte) (err error)
+//sys	Mlockall(flags int) (err error)
+//sys	Mprotect(b []byte, prot int) (err error)
+//sys	Msync(b []byte, flags int) (err error)
+//sys	Munlock(b []byte) (err error)
+//sys	Munlockall() (err error)
+//sys	Nanosleep(time *Timespec, leftover *Timespec) (err error)
+//sys	Open(path string, mode int, perm uint32) (fd int, err error)
+//sys	Openat(dirfd int, path string, flags int, mode uint32) (fd int, err error)
+//sys	Pathconf(path string, name int) (val int, err error)
+//sys	Pause() (err error)
+//sys	Pread(fd int, p []byte, offset int64) (n int, err error)
+//sys	Pwrite(fd int, p []byte, offset int64) (n int, err error)
+//sys	read(fd int, p []byte) (n int, err error)
+//sys	Readlink(path string, buf []byte) (n int, err error)
+//sys	Rename(from string, to string) (err error)
+//sys	Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error)
+//sys	Rmdir(path string) (err error)
+//sys	Seek(fd int, offset int64, whence int) (newoffset int64, err error) = lseek
+//sys	Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error)
+//sysnb	Setegid(egid int) (err error)
+//sysnb	Seteuid(euid int) (err error)
+//sysnb	Setgid(gid int) (err error)
+//sys	Sethostname(p []byte) (err error)
+//sysnb	Setpgid(pid int, pgid int) (err error)
+//sys	Setpriority(which int, who int, prio int) (err error)
+//sysnb	Setregid(rgid int, egid int) (err error)
+//sysnb	Setreuid(ruid int, euid int) (err error)
+//sysnb	Setrlimit(which int, lim *Rlimit) (err error)
+//sysnb	Setsid() (pid int, err error)
+//sysnb	Setuid(uid int) (err error)
+//sys	Shutdown(s int, how int) (err error) = libsocket.shutdown
+//sys	Stat(path string, stat *Stat_t) (err error)
+//sys	Statvfs(path string, vfsstat *Statvfs_t) (err error)
+//sys	Symlink(path string, link string) (err error)
+//sys	Sync() (err error)
+//sysnb	Times(tms *Tms) (ticks uintptr, err error)
+//sys	Truncate(path string, length int64) (err error)
+//sys	Fsync(fd int) (err error)
+//sys	Ftruncate(fd int, length int64) (err error)
+//sys	Umask(mask int) (oldmask int)
+//sysnb	Uname(buf *Utsname) (err error)
+//sys	Unmount(target string, flags int) (err error) = libc.umount
+//sys	Unlink(path string) (err error)
+//sys	Unlinkat(dirfd int, path string, flags int) (err error)
+//sys	Ustat(dev int, ubuf *Ustat_t) (err error)
+//sys	Utime(path string, buf *Utimbuf) (err error)
+//sys	bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) = libsocket.__xnet_bind
+//sys	connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) = libsocket.__xnet_connect
+//sys	mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error)
+//sys	munmap(addr uintptr, length uintptr) (err error)
+//sys	sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) = libsendfile.sendfile
+//sys	sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) = libsocket.__xnet_sendto
+//sys	socket(domain int, typ int, proto int) (fd int, err error) = libsocket.__xnet_socket
+//sysnb	socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) = libsocket.__xnet_socketpair
+//sys	write(fd int, p []byte) (n int, err error)
+//sys	getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) = libsocket.__xnet_getsockopt
+//sysnb	getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) = libsocket.getpeername
+//sys	setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) = libsocket.setsockopt
+//sys	recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) = libsocket.recvfrom
+
+func readlen(fd int, buf *byte, nbuf int) (n int, err error) {
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procread)), 3, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf), 0, 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+func writelen(fd int, buf *byte, nbuf int) (n int, err error) {
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procwrite)), 3, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf), 0, 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+var mapper = &mmapper{
+	active: make(map[*byte][]byte),
+	mmap:   mmap,
+	munmap: munmap,
+}
+
+func Mmap(fd int, offset int64, length int, prot int, flags int) (data []byte, err error) {
+	return mapper.Mmap(fd, offset, length, prot, flags)
+}
+
+func Munmap(b []byte) (err error) {
+	return mapper.Munmap(b)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_solaris_amd64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_solaris_amd64.go
new file mode 100644
index 000000000..b22a34d7a
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_solaris_amd64.go
@@ -0,0 +1,27 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build amd64,solaris
+
+package unix
+
+func setTimespec(sec, nsec int64) Timespec {
+	return Timespec{Sec: sec, Nsec: nsec}
+}
+
+func setTimeval(sec, usec int64) Timeval {
+	return Timeval{Sec: sec, Usec: usec}
+}
+
+func (iov *Iovec) SetLen(length int) {
+	iov.Len = uint64(length)
+}
+
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = int32(length)
+}
+
+func (cmsg *Cmsghdr) SetLen(length int) {
+	cmsg.Len = uint32(length)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_unix.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_unix.go
new file mode 100644
index 000000000..400ba9fbc
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_unix.go
@@ -0,0 +1,430 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
+
+package unix
+
+import (
+	"bytes"
+	"sort"
+	"sync"
+	"syscall"
+	"unsafe"
+
+	"golang.org/x/sys/internal/unsafeheader"
+)
+
+var (
+	Stdin  = 0
+	Stdout = 1
+	Stderr = 2
+)
+
+// Do the interface allocations only once for common
+// Errno values.
+var (
+	errEAGAIN error = syscall.EAGAIN
+	errEINVAL error = syscall.EINVAL
+	errENOENT error = syscall.ENOENT
+)
+
+var (
+	signalNameMapOnce sync.Once
+	signalNameMap     map[string]syscall.Signal
+)
+
+// errnoErr returns common boxed Errno values, to prevent
+// allocations at runtime.
+func errnoErr(e syscall.Errno) error {
+	switch e {
+	case 0:
+		return nil
+	case EAGAIN:
+		return errEAGAIN
+	case EINVAL:
+		return errEINVAL
+	case ENOENT:
+		return errENOENT
+	}
+	return e
+}
+
+// ErrnoName returns the error name for error number e.
+func ErrnoName(e syscall.Errno) string {
+	i := sort.Search(len(errorList), func(i int) bool {
+		return errorList[i].num >= e
+	})
+	if i < len(errorList) && errorList[i].num == e {
+		return errorList[i].name
+	}
+	return ""
+}
+
+// SignalName returns the signal name for signal number s.
+func SignalName(s syscall.Signal) string {
+	i := sort.Search(len(signalList), func(i int) bool {
+		return signalList[i].num >= s
+	})
+	if i < len(signalList) && signalList[i].num == s {
+		return signalList[i].name
+	}
+	return ""
+}
+
+// SignalNum returns the syscall.Signal for signal named s,
+// or 0 if a signal with such name is not found.
+// The signal name should start with "SIG".
+func SignalNum(s string) syscall.Signal {
+	signalNameMapOnce.Do(func() {
+		signalNameMap = make(map[string]syscall.Signal, len(signalList))
+		for _, signal := range signalList {
+			signalNameMap[signal.name] = signal.num
+		}
+	})
+	return signalNameMap[s]
+}
+
+// clen returns the index of the first NULL byte in n or len(n) if n contains no NULL byte.
+func clen(n []byte) int {
+	i := bytes.IndexByte(n, 0)
+	if i == -1 {
+		i = len(n)
+	}
+	return i
+}
+
+// Mmap manager, for use by operating system-specific implementations.
+
+type mmapper struct {
+	sync.Mutex
+	active map[*byte][]byte // active mappings; key is last byte in mapping
+	mmap   func(addr, length uintptr, prot, flags, fd int, offset int64) (uintptr, error)
+	munmap func(addr uintptr, length uintptr) error
+}
+
+func (m *mmapper) Mmap(fd int, offset int64, length int, prot int, flags int) (data []byte, err error) {
+	if length <= 0 {
+		return nil, EINVAL
+	}
+
+	// Map the requested memory.
+	addr, errno := m.mmap(0, uintptr(length), prot, flags, fd, offset)
+	if errno != nil {
+		return nil, errno
+	}
+
+	// Use unsafe to convert addr into a []byte.
+	var b []byte
+	hdr := (*unsafeheader.Slice)(unsafe.Pointer(&b))
+	hdr.Data = unsafe.Pointer(addr)
+	hdr.Cap = length
+	hdr.Len = length
+
+	// Register mapping in m and return it.
+	p := &b[cap(b)-1]
+	m.Lock()
+	defer m.Unlock()
+	m.active[p] = b
+	return b, nil
+}
+
+func (m *mmapper) Munmap(data []byte) (err error) {
+	if len(data) == 0 || len(data) != cap(data) {
+		return EINVAL
+	}
+
+	// Find the base of the mapping.
+	p := &data[cap(data)-1]
+	m.Lock()
+	defer m.Unlock()
+	b := m.active[p]
+	if b == nil || &b[0] != &data[0] {
+		return EINVAL
+	}
+
+	// Unmap the memory and update m.
+	if errno := m.munmap(uintptr(unsafe.Pointer(&b[0])), uintptr(len(b))); errno != nil {
+		return errno
+	}
+	delete(m.active, p)
+	return nil
+}
+
+func Read(fd int, p []byte) (n int, err error) {
+	n, err = read(fd, p)
+	if raceenabled {
+		if n > 0 {
+			raceWriteRange(unsafe.Pointer(&p[0]), n)
+		}
+		if err == nil {
+			raceAcquire(unsafe.Pointer(&ioSync))
+		}
+	}
+	return
+}
+
+func Write(fd int, p []byte) (n int, err error) {
+	if raceenabled {
+		raceReleaseMerge(unsafe.Pointer(&ioSync))
+	}
+	n, err = write(fd, p)
+	if raceenabled && n > 0 {
+		raceReadRange(unsafe.Pointer(&p[0]), n)
+	}
+	return
+}
+
+// For testing: clients can set this flag to force
+// creation of IPv6 sockets to return EAFNOSUPPORT.
+var SocketDisableIPv6 bool
+
+// Sockaddr represents a socket address.
+type Sockaddr interface {
+	sockaddr() (ptr unsafe.Pointer, len _Socklen, err error) // lowercase; only we can define Sockaddrs
+}
+
+// SockaddrInet4 implements the Sockaddr interface for AF_INET type sockets.
+type SockaddrInet4 struct {
+	Port int
+	Addr [4]byte
+	raw  RawSockaddrInet4
+}
+
+// SockaddrInet6 implements the Sockaddr interface for AF_INET6 type sockets.
+type SockaddrInet6 struct {
+	Port   int
+	ZoneId uint32
+	Addr   [16]byte
+	raw    RawSockaddrInet6
+}
+
+// SockaddrUnix implements the Sockaddr interface for AF_UNIX type sockets.
+type SockaddrUnix struct {
+	Name string
+	raw  RawSockaddrUnix
+}
+
+func Bind(fd int, sa Sockaddr) (err error) {
+	ptr, n, err := sa.sockaddr()
+	if err != nil {
+		return err
+	}
+	return bind(fd, ptr, n)
+}
+
+func Connect(fd int, sa Sockaddr) (err error) {
+	ptr, n, err := sa.sockaddr()
+	if err != nil {
+		return err
+	}
+	return connect(fd, ptr, n)
+}
+
+func Getpeername(fd int) (sa Sockaddr, err error) {
+	var rsa RawSockaddrAny
+	var len _Socklen = SizeofSockaddrAny
+	if err = getpeername(fd, &rsa, &len); err != nil {
+		return
+	}
+	return anyToSockaddr(fd, &rsa)
+}
+
+func GetsockoptByte(fd, level, opt int) (value byte, err error) {
+	var n byte
+	vallen := _Socklen(1)
+	err = getsockopt(fd, level, opt, unsafe.Pointer(&n), &vallen)
+	return n, err
+}
+
+func GetsockoptInt(fd, level, opt int) (value int, err error) {
+	var n int32
+	vallen := _Socklen(4)
+	err = getsockopt(fd, level, opt, unsafe.Pointer(&n), &vallen)
+	return int(n), err
+}
+
+func GetsockoptInet4Addr(fd, level, opt int) (value [4]byte, err error) {
+	vallen := _Socklen(4)
+	err = getsockopt(fd, level, opt, unsafe.Pointer(&value[0]), &vallen)
+	return value, err
+}
+
+func GetsockoptIPMreq(fd, level, opt int) (*IPMreq, error) {
+	var value IPMreq
+	vallen := _Socklen(SizeofIPMreq)
+	err := getsockopt(fd, level, opt, unsafe.Pointer(&value), &vallen)
+	return &value, err
+}
+
+func GetsockoptIPv6Mreq(fd, level, opt int) (*IPv6Mreq, error) {
+	var value IPv6Mreq
+	vallen := _Socklen(SizeofIPv6Mreq)
+	err := getsockopt(fd, level, opt, unsafe.Pointer(&value), &vallen)
+	return &value, err
+}
+
+func GetsockoptIPv6MTUInfo(fd, level, opt int) (*IPv6MTUInfo, error) {
+	var value IPv6MTUInfo
+	vallen := _Socklen(SizeofIPv6MTUInfo)
+	err := getsockopt(fd, level, opt, unsafe.Pointer(&value), &vallen)
+	return &value, err
+}
+
+func GetsockoptICMPv6Filter(fd, level, opt int) (*ICMPv6Filter, error) {
+	var value ICMPv6Filter
+	vallen := _Socklen(SizeofICMPv6Filter)
+	err := getsockopt(fd, level, opt, unsafe.Pointer(&value), &vallen)
+	return &value, err
+}
+
+func GetsockoptLinger(fd, level, opt int) (*Linger, error) {
+	var linger Linger
+	vallen := _Socklen(SizeofLinger)
+	err := getsockopt(fd, level, opt, unsafe.Pointer(&linger), &vallen)
+	return &linger, err
+}
+
+func GetsockoptTimeval(fd, level, opt int) (*Timeval, error) {
+	var tv Timeval
+	vallen := _Socklen(unsafe.Sizeof(tv))
+	err := getsockopt(fd, level, opt, unsafe.Pointer(&tv), &vallen)
+	return &tv, err
+}
+
+func GetsockoptUint64(fd, level, opt int) (value uint64, err error) {
+	var n uint64
+	vallen := _Socklen(8)
+	err = getsockopt(fd, level, opt, unsafe.Pointer(&n), &vallen)
+	return n, err
+}
+
+func Recvfrom(fd int, p []byte, flags int) (n int, from Sockaddr, err error) {
+	var rsa RawSockaddrAny
+	var len _Socklen = SizeofSockaddrAny
+	if n, err = recvfrom(fd, p, flags, &rsa, &len); err != nil {
+		return
+	}
+	if rsa.Addr.Family != AF_UNSPEC {
+		from, err = anyToSockaddr(fd, &rsa)
+	}
+	return
+}
+
+func Sendto(fd int, p []byte, flags int, to Sockaddr) (err error) {
+	ptr, n, err := to.sockaddr()
+	if err != nil {
+		return err
+	}
+	return sendto(fd, p, flags, ptr, n)
+}
+
+func SetsockoptByte(fd, level, opt int, value byte) (err error) {
+	return setsockopt(fd, level, opt, unsafe.Pointer(&value), 1)
+}
+
+func SetsockoptInt(fd, level, opt int, value int) (err error) {
+	var n = int32(value)
+	return setsockopt(fd, level, opt, unsafe.Pointer(&n), 4)
+}
+
+func SetsockoptInet4Addr(fd, level, opt int, value [4]byte) (err error) {
+	return setsockopt(fd, level, opt, unsafe.Pointer(&value[0]), 4)
+}
+
+func SetsockoptIPMreq(fd, level, opt int, mreq *IPMreq) (err error) {
+	return setsockopt(fd, level, opt, unsafe.Pointer(mreq), SizeofIPMreq)
+}
+
+func SetsockoptIPv6Mreq(fd, level, opt int, mreq *IPv6Mreq) (err error) {
+	return setsockopt(fd, level, opt, unsafe.Pointer(mreq), SizeofIPv6Mreq)
+}
+
+func SetsockoptICMPv6Filter(fd, level, opt int, filter *ICMPv6Filter) error {
+	return setsockopt(fd, level, opt, unsafe.Pointer(filter), SizeofICMPv6Filter)
+}
+
+func SetsockoptLinger(fd, level, opt int, l *Linger) (err error) {
+	return setsockopt(fd, level, opt, unsafe.Pointer(l), SizeofLinger)
+}
+
+func SetsockoptString(fd, level, opt int, s string) (err error) {
+	var p unsafe.Pointer
+	if len(s) > 0 {
+		p = unsafe.Pointer(&[]byte(s)[0])
+	}
+	return setsockopt(fd, level, opt, p, uintptr(len(s)))
+}
+
+func SetsockoptTimeval(fd, level, opt int, tv *Timeval) (err error) {
+	return setsockopt(fd, level, opt, unsafe.Pointer(tv), unsafe.Sizeof(*tv))
+}
+
+func SetsockoptUint64(fd, level, opt int, value uint64) (err error) {
+	return setsockopt(fd, level, opt, unsafe.Pointer(&value), 8)
+}
+
+func Socket(domain, typ, proto int) (fd int, err error) {
+	if domain == AF_INET6 && SocketDisableIPv6 {
+		return -1, EAFNOSUPPORT
+	}
+	fd, err = socket(domain, typ, proto)
+	return
+}
+
+func Socketpair(domain, typ, proto int) (fd [2]int, err error) {
+	var fdx [2]int32
+	err = socketpair(domain, typ, proto, &fdx)
+	if err == nil {
+		fd[0] = int(fdx[0])
+		fd[1] = int(fdx[1])
+	}
+	return
+}
+
+var ioSync int64
+
+func CloseOnExec(fd int) { fcntl(fd, F_SETFD, FD_CLOEXEC) }
+
+func SetNonblock(fd int, nonblocking bool) (err error) {
+	flag, err := fcntl(fd, F_GETFL, 0)
+	if err != nil {
+		return err
+	}
+	if nonblocking {
+		flag |= O_NONBLOCK
+	} else {
+		flag &= ^O_NONBLOCK
+	}
+	_, err = fcntl(fd, F_SETFL, flag)
+	return err
+}
+
+// Exec calls execve(2), which replaces the calling executable in the process
+// tree. argv0 should be the full path to an executable ("/bin/ls") and the
+// executable name should also be the first argument in argv (["ls", "-l"]).
+// envv are the environment variables that should be passed to the new
+// process (["USER=go", "PWD=/tmp"]).
+func Exec(argv0 string, argv []string, envv []string) error {
+	return syscall.Exec(argv0, argv, envv)
+}
+
+// Lutimes sets the access and modification times tv on path. If path refers to
+// a symlink, it is not dereferenced and the timestamps are set on the symlink.
+// If tv is nil, the access and modification times are set to the current time.
+// Otherwise tv must contain exactly 2 elements, with access time as the first
+// element and modification time as the second element.
+func Lutimes(path string, tv []Timeval) error {
+	if tv == nil {
+		return UtimesNanoAt(AT_FDCWD, path, nil, AT_SYMLINK_NOFOLLOW)
+	}
+	if len(tv) != 2 {
+		return EINVAL
+	}
+	ts := []Timespec{
+		NsecToTimespec(TimevalToNsec(tv[0])),
+		NsecToTimespec(TimevalToNsec(tv[1])),
+	}
+	return UtimesNanoAt(AT_FDCWD, path, ts, AT_SYMLINK_NOFOLLOW)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_unix_gc.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_unix_gc.go
new file mode 100644
index 000000000..1c70d1b69
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_unix_gc.go
@@ -0,0 +1,15 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build darwin dragonfly freebsd linux netbsd openbsd solaris
+// +build !gccgo,!ppc64le,!ppc64
+
+package unix
+
+import "syscall"
+
+func Syscall(trap, a1, a2, a3 uintptr) (r1, r2 uintptr, err syscall.Errno)
+func Syscall6(trap, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err syscall.Errno)
+func RawSyscall(trap, a1, a2, a3 uintptr) (r1, r2 uintptr, err syscall.Errno)
+func RawSyscall6(trap, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err syscall.Errno)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_unix_gc_ppc64x.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_unix_gc_ppc64x.go
new file mode 100644
index 000000000..86dc765ab
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/syscall_unix_gc_ppc64x.go
@@ -0,0 +1,24 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build linux
+// +build ppc64le ppc64
+// +build !gccgo
+
+package unix
+
+import "syscall"
+
+func Syscall(trap, a1, a2, a3 uintptr) (r1, r2 uintptr, err syscall.Errno) {
+	return syscall.Syscall(trap, a1, a2, a3)
+}
+func Syscall6(trap, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err syscall.Errno) {
+	return syscall.Syscall6(trap, a1, a2, a3, a4, a5, a6)
+}
+func RawSyscall(trap, a1, a2, a3 uintptr) (r1, r2 uintptr, err syscall.Errno) {
+	return syscall.RawSyscall(trap, a1, a2, a3)
+}
+func RawSyscall6(trap, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err syscall.Errno) {
+	return syscall.RawSyscall6(trap, a1, a2, a3, a4, a5, a6)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/timestruct.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/timestruct.go
new file mode 100644
index 000000000..4a672f569
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/timestruct.go
@@ -0,0 +1,82 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
+
+package unix
+
+import "time"
+
+// TimespecToNsec converts a Timespec value into a number of
+// nanoseconds since the Unix epoch.
+func TimespecToNsec(ts Timespec) int64 { return int64(ts.Sec)*1e9 + int64(ts.Nsec) }
+
+// NsecToTimespec takes a number of nanoseconds since the Unix epoch
+// and returns the corresponding Timespec value.
+func NsecToTimespec(nsec int64) Timespec {
+	sec := nsec / 1e9
+	nsec = nsec % 1e9
+	if nsec < 0 {
+		nsec += 1e9
+		sec--
+	}
+	return setTimespec(sec, nsec)
+}
+
+// TimeToTimespec converts t into a Timespec.
+// On some 32-bit systems the range of valid Timespec values are smaller
+// than that of time.Time values.  So if t is out of the valid range of
+// Timespec, it returns a zero Timespec and ERANGE.
+func TimeToTimespec(t time.Time) (Timespec, error) {
+	sec := t.Unix()
+	nsec := int64(t.Nanosecond())
+	ts := setTimespec(sec, nsec)
+
+	// Currently all targets have either int32 or int64 for Timespec.Sec.
+	// If there were a new target with floating point type for it, we have
+	// to consider the rounding error.
+	if int64(ts.Sec) != sec {
+		return Timespec{}, ERANGE
+	}
+	return ts, nil
+}
+
+// TimevalToNsec converts a Timeval value into a number of nanoseconds
+// since the Unix epoch.
+func TimevalToNsec(tv Timeval) int64 { return int64(tv.Sec)*1e9 + int64(tv.Usec)*1e3 }
+
+// NsecToTimeval takes a number of nanoseconds since the Unix epoch
+// and returns the corresponding Timeval value.
+func NsecToTimeval(nsec int64) Timeval {
+	nsec += 999 // round up to microsecond
+	usec := nsec % 1e9 / 1e3
+	sec := nsec / 1e9
+	if usec < 0 {
+		usec += 1e6
+		sec--
+	}
+	return setTimeval(sec, usec)
+}
+
+// Unix returns ts as the number of seconds and nanoseconds elapsed since the
+// Unix epoch.
+func (ts *Timespec) Unix() (sec int64, nsec int64) {
+	return int64(ts.Sec), int64(ts.Nsec)
+}
+
+// Unix returns tv as the number of seconds and nanoseconds elapsed since the
+// Unix epoch.
+func (tv *Timeval) Unix() (sec int64, nsec int64) {
+	return int64(tv.Sec), int64(tv.Usec) * 1000
+}
+
+// Nano returns ts as the number of nanoseconds elapsed since the Unix epoch.
+func (ts *Timespec) Nano() int64 {
+	return int64(ts.Sec)*1e9 + int64(ts.Nsec)
+}
+
+// Nano returns tv as the number of nanoseconds elapsed since the Unix epoch.
+func (tv *Timeval) Nano() int64 {
+	return int64(tv.Sec)*1e9 + int64(tv.Usec)*1000
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/unveil_openbsd.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/unveil_openbsd.go
new file mode 100644
index 000000000..168d5ae77
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/unveil_openbsd.go
@@ -0,0 +1,42 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+// Unveil implements the unveil syscall.
+// For more information see unveil(2).
+// Note that the special case of blocking further
+// unveil calls is handled by UnveilBlock.
+func Unveil(path string, flags string) error {
+	pathPtr, err := syscall.BytePtrFromString(path)
+	if err != nil {
+		return err
+	}
+	flagsPtr, err := syscall.BytePtrFromString(flags)
+	if err != nil {
+		return err
+	}
+	_, _, e := syscall.Syscall(SYS_UNVEIL, uintptr(unsafe.Pointer(pathPtr)), uintptr(unsafe.Pointer(flagsPtr)), 0)
+	if e != 0 {
+		return e
+	}
+	return nil
+}
+
+// UnveilBlock blocks future unveil calls.
+// For more information see unveil(2).
+func UnveilBlock() error {
+	// Both pointers must be nil.
+	var pathUnsafe, flagsUnsafe unsafe.Pointer
+	_, _, e := syscall.Syscall(SYS_UNVEIL, uintptr(pathUnsafe), uintptr(flagsUnsafe), 0)
+	if e != 0 {
+		return e
+	}
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/xattr_bsd.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/xattr_bsd.go
new file mode 100644
index 000000000..30c1d71f4
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/xattr_bsd.go
@@ -0,0 +1,240 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build freebsd netbsd
+
+package unix
+
+import (
+	"strings"
+	"unsafe"
+)
+
+// Derive extattr namespace and attribute name
+
+func xattrnamespace(fullattr string) (ns int, attr string, err error) {
+	s := strings.IndexByte(fullattr, '.')
+	if s == -1 {
+		return -1, "", ENOATTR
+	}
+
+	namespace := fullattr[0:s]
+	attr = fullattr[s+1:]
+
+	switch namespace {
+	case "user":
+		return EXTATTR_NAMESPACE_USER, attr, nil
+	case "system":
+		return EXTATTR_NAMESPACE_SYSTEM, attr, nil
+	default:
+		return -1, "", ENOATTR
+	}
+}
+
+func initxattrdest(dest []byte, idx int) (d unsafe.Pointer) {
+	if len(dest) > idx {
+		return unsafe.Pointer(&dest[idx])
+	} else {
+		return unsafe.Pointer(_zero)
+	}
+}
+
+// FreeBSD and NetBSD implement their own syscalls to handle extended attributes
+
+func Getxattr(file string, attr string, dest []byte) (sz int, err error) {
+	d := initxattrdest(dest, 0)
+	destsize := len(dest)
+
+	nsid, a, err := xattrnamespace(attr)
+	if err != nil {
+		return -1, err
+	}
+
+	return ExtattrGetFile(file, nsid, a, uintptr(d), destsize)
+}
+
+func Fgetxattr(fd int, attr string, dest []byte) (sz int, err error) {
+	d := initxattrdest(dest, 0)
+	destsize := len(dest)
+
+	nsid, a, err := xattrnamespace(attr)
+	if err != nil {
+		return -1, err
+	}
+
+	return ExtattrGetFd(fd, nsid, a, uintptr(d), destsize)
+}
+
+func Lgetxattr(link string, attr string, dest []byte) (sz int, err error) {
+	d := initxattrdest(dest, 0)
+	destsize := len(dest)
+
+	nsid, a, err := xattrnamespace(attr)
+	if err != nil {
+		return -1, err
+	}
+
+	return ExtattrGetLink(link, nsid, a, uintptr(d), destsize)
+}
+
+// flags are unused on FreeBSD
+
+func Fsetxattr(fd int, attr string, data []byte, flags int) (err error) {
+	var d unsafe.Pointer
+	if len(data) > 0 {
+		d = unsafe.Pointer(&data[0])
+	}
+	datasiz := len(data)
+
+	nsid, a, err := xattrnamespace(attr)
+	if err != nil {
+		return
+	}
+
+	_, err = ExtattrSetFd(fd, nsid, a, uintptr(d), datasiz)
+	return
+}
+
+func Setxattr(file string, attr string, data []byte, flags int) (err error) {
+	var d unsafe.Pointer
+	if len(data) > 0 {
+		d = unsafe.Pointer(&data[0])
+	}
+	datasiz := len(data)
+
+	nsid, a, err := xattrnamespace(attr)
+	if err != nil {
+		return
+	}
+
+	_, err = ExtattrSetFile(file, nsid, a, uintptr(d), datasiz)
+	return
+}
+
+func Lsetxattr(link string, attr string, data []byte, flags int) (err error) {
+	var d unsafe.Pointer
+	if len(data) > 0 {
+		d = unsafe.Pointer(&data[0])
+	}
+	datasiz := len(data)
+
+	nsid, a, err := xattrnamespace(attr)
+	if err != nil {
+		return
+	}
+
+	_, err = ExtattrSetLink(link, nsid, a, uintptr(d), datasiz)
+	return
+}
+
+func Removexattr(file string, attr string) (err error) {
+	nsid, a, err := xattrnamespace(attr)
+	if err != nil {
+		return
+	}
+
+	err = ExtattrDeleteFile(file, nsid, a)
+	return
+}
+
+func Fremovexattr(fd int, attr string) (err error) {
+	nsid, a, err := xattrnamespace(attr)
+	if err != nil {
+		return
+	}
+
+	err = ExtattrDeleteFd(fd, nsid, a)
+	return
+}
+
+func Lremovexattr(link string, attr string) (err error) {
+	nsid, a, err := xattrnamespace(attr)
+	if err != nil {
+		return
+	}
+
+	err = ExtattrDeleteLink(link, nsid, a)
+	return
+}
+
+func Listxattr(file string, dest []byte) (sz int, err error) {
+	d := initxattrdest(dest, 0)
+	destsiz := len(dest)
+
+	// FreeBSD won't allow you to list xattrs from multiple namespaces
+	s := 0
+	for _, nsid := range [...]int{EXTATTR_NAMESPACE_USER, EXTATTR_NAMESPACE_SYSTEM} {
+		stmp, e := ExtattrListFile(file, nsid, uintptr(d), destsiz)
+
+		/* Errors accessing system attrs are ignored so that
+		 * we can implement the Linux-like behavior of omitting errors that
+		 * we don't have read permissions on
+		 *
+		 * Linux will still error if we ask for user attributes on a file that
+		 * we don't have read permissions on, so don't ignore those errors
+		 */
+		if e != nil && e == EPERM && nsid != EXTATTR_NAMESPACE_USER {
+			continue
+		} else if e != nil {
+			return s, e
+		}
+
+		s += stmp
+		destsiz -= s
+		if destsiz < 0 {
+			destsiz = 0
+		}
+		d = initxattrdest(dest, s)
+	}
+
+	return s, nil
+}
+
+func Flistxattr(fd int, dest []byte) (sz int, err error) {
+	d := initxattrdest(dest, 0)
+	destsiz := len(dest)
+
+	s := 0
+	for _, nsid := range [...]int{EXTATTR_NAMESPACE_USER, EXTATTR_NAMESPACE_SYSTEM} {
+		stmp, e := ExtattrListFd(fd, nsid, uintptr(d), destsiz)
+		if e != nil && e == EPERM && nsid != EXTATTR_NAMESPACE_USER {
+			continue
+		} else if e != nil {
+			return s, e
+		}
+
+		s += stmp
+		destsiz -= s
+		if destsiz < 0 {
+			destsiz = 0
+		}
+		d = initxattrdest(dest, s)
+	}
+
+	return s, nil
+}
+
+func Llistxattr(link string, dest []byte) (sz int, err error) {
+	d := initxattrdest(dest, 0)
+	destsiz := len(dest)
+
+	s := 0
+	for _, nsid := range [...]int{EXTATTR_NAMESPACE_USER, EXTATTR_NAMESPACE_SYSTEM} {
+		stmp, e := ExtattrListLink(link, nsid, uintptr(d), destsiz)
+		if e != nil && e == EPERM && nsid != EXTATTR_NAMESPACE_USER {
+			continue
+		} else if e != nil {
+			return s, e
+		}
+
+		s += stmp
+		destsiz -= s
+		if destsiz < 0 {
+			destsiz = 0
+		}
+		d = initxattrdest(dest, s)
+	}
+
+	return s, nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_aix_ppc.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_aix_ppc.go
new file mode 100644
index 000000000..104994bc6
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_aix_ppc.go
@@ -0,0 +1,1384 @@
+// mkerrors.sh -maix32
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build ppc,aix
+
+// Created by cgo -godefs - DO NOT EDIT
+// cgo -godefs -- -maix32 _const.go
+
+package unix
+
+import "syscall"
+
+const (
+	AF_APPLETALK                  = 0x10
+	AF_BYPASS                     = 0x19
+	AF_CCITT                      = 0xa
+	AF_CHAOS                      = 0x5
+	AF_DATAKIT                    = 0x9
+	AF_DECnet                     = 0xc
+	AF_DLI                        = 0xd
+	AF_ECMA                       = 0x8
+	AF_HYLINK                     = 0xf
+	AF_IMPLINK                    = 0x3
+	AF_INET                       = 0x2
+	AF_INET6                      = 0x18
+	AF_INTF                       = 0x14
+	AF_ISO                        = 0x7
+	AF_LAT                        = 0xe
+	AF_LINK                       = 0x12
+	AF_LOCAL                      = 0x1
+	AF_MAX                        = 0x1e
+	AF_NDD                        = 0x17
+	AF_NETWARE                    = 0x16
+	AF_NS                         = 0x6
+	AF_OSI                        = 0x7
+	AF_PUP                        = 0x4
+	AF_RIF                        = 0x15
+	AF_ROUTE                      = 0x11
+	AF_SNA                        = 0xb
+	AF_UNIX                       = 0x1
+	AF_UNSPEC                     = 0x0
+	ALTWERASE                     = 0x400000
+	ARPHRD_802_3                  = 0x6
+	ARPHRD_802_5                  = 0x6
+	ARPHRD_ETHER                  = 0x1
+	ARPHRD_FDDI                   = 0x1
+	B0                            = 0x0
+	B110                          = 0x3
+	B1200                         = 0x9
+	B134                          = 0x4
+	B150                          = 0x5
+	B1800                         = 0xa
+	B19200                        = 0xe
+	B200                          = 0x6
+	B2400                         = 0xb
+	B300                          = 0x7
+	B38400                        = 0xf
+	B4800                         = 0xc
+	B50                           = 0x1
+	B600                          = 0x8
+	B75                           = 0x2
+	B9600                         = 0xd
+	BRKINT                        = 0x2
+	BS0                           = 0x0
+	BS1                           = 0x1000
+	BSDLY                         = 0x1000
+	CAP_AACCT                     = 0x6
+	CAP_ARM_APPLICATION           = 0x5
+	CAP_BYPASS_RAC_VMM            = 0x3
+	CAP_CLEAR                     = 0x0
+	CAP_CREDENTIALS               = 0x7
+	CAP_EFFECTIVE                 = 0x1
+	CAP_EWLM_AGENT                = 0x4
+	CAP_INHERITABLE               = 0x2
+	CAP_MAXIMUM                   = 0x7
+	CAP_NUMA_ATTACH               = 0x2
+	CAP_PERMITTED                 = 0x3
+	CAP_PROPAGATE                 = 0x1
+	CAP_PROPOGATE                 = 0x1
+	CAP_SET                       = 0x1
+	CBAUD                         = 0xf
+	CFLUSH                        = 0xf
+	CIBAUD                        = 0xf0000
+	CLOCAL                        = 0x800
+	CLOCK_MONOTONIC               = 0xa
+	CLOCK_PROCESS_CPUTIME_ID      = 0xb
+	CLOCK_REALTIME                = 0x9
+	CLOCK_THREAD_CPUTIME_ID       = 0xc
+	CR0                           = 0x0
+	CR1                           = 0x100
+	CR2                           = 0x200
+	CR3                           = 0x300
+	CRDLY                         = 0x300
+	CREAD                         = 0x80
+	CS5                           = 0x0
+	CS6                           = 0x10
+	CS7                           = 0x20
+	CS8                           = 0x30
+	CSIOCGIFCONF                  = -0x3ff796dc
+	CSIZE                         = 0x30
+	CSMAP_DIR                     = "/usr/lib/nls/csmap/"
+	CSTART                        = '\021'
+	CSTOP                         = '\023'
+	CSTOPB                        = 0x40
+	CSUSP                         = 0x1a
+	ECHO                          = 0x8
+	ECHOCTL                       = 0x20000
+	ECHOE                         = 0x10
+	ECHOK                         = 0x20
+	ECHOKE                        = 0x80000
+	ECHONL                        = 0x40
+	ECHOPRT                       = 0x40000
+	ECH_ICMPID                    = 0x2
+	ETHERNET_CSMACD               = 0x6
+	EVENP                         = 0x80
+	EXCONTINUE                    = 0x0
+	EXDLOK                        = 0x3
+	EXIO                          = 0x2
+	EXPGIO                        = 0x0
+	EXRESUME                      = 0x2
+	EXRETURN                      = 0x1
+	EXSIG                         = 0x4
+	EXTA                          = 0xe
+	EXTB                          = 0xf
+	EXTRAP                        = 0x1
+	EYEC_RTENTRYA                 = 0x257274656e747241
+	EYEC_RTENTRYF                 = 0x257274656e747246
+	E_ACC                         = 0x0
+	FD_CLOEXEC                    = 0x1
+	FD_SETSIZE                    = 0xfffe
+	FF0                           = 0x0
+	FF1                           = 0x2000
+	FFDLY                         = 0x2000
+	FLUSHBAND                     = 0x40
+	FLUSHLOW                      = 0x8
+	FLUSHO                        = 0x100000
+	FLUSHR                        = 0x1
+	FLUSHRW                       = 0x3
+	FLUSHW                        = 0x2
+	F_CLOSEM                      = 0xa
+	F_DUP2FD                      = 0xe
+	F_DUPFD                       = 0x0
+	F_GETFD                       = 0x1
+	F_GETFL                       = 0x3
+	F_GETLK                       = 0x5
+	F_GETLK64                     = 0xb
+	F_GETOWN                      = 0x8
+	F_LOCK                        = 0x1
+	F_OK                          = 0x0
+	F_RDLCK                       = 0x1
+	F_SETFD                       = 0x2
+	F_SETFL                       = 0x4
+	F_SETLK                       = 0x6
+	F_SETLK64                     = 0xc
+	F_SETLKW                      = 0x7
+	F_SETLKW64                    = 0xd
+	F_SETOWN                      = 0x9
+	F_TEST                        = 0x3
+	F_TLOCK                       = 0x2
+	F_TSTLK                       = 0xf
+	F_ULOCK                       = 0x0
+	F_UNLCK                       = 0x3
+	F_WRLCK                       = 0x2
+	HUPCL                         = 0x400
+	IBSHIFT                       = 0x10
+	ICANON                        = 0x2
+	ICMP6_FILTER                  = 0x26
+	ICMP6_SEC_SEND_DEL            = 0x46
+	ICMP6_SEC_SEND_GET            = 0x47
+	ICMP6_SEC_SEND_SET            = 0x44
+	ICMP6_SEC_SEND_SET_CGA_ADDR   = 0x45
+	ICRNL                         = 0x100
+	IEXTEN                        = 0x200000
+	IFA_FIRSTALIAS                = 0x2000
+	IFA_ROUTE                     = 0x1
+	IFF_64BIT                     = 0x4000000
+	IFF_ALLCAST                   = 0x20000
+	IFF_ALLMULTI                  = 0x200
+	IFF_BPF                       = 0x8000000
+	IFF_BRIDGE                    = 0x40000
+	IFF_BROADCAST                 = 0x2
+	IFF_CANTCHANGE                = 0x80c52
+	IFF_CHECKSUM_OFFLOAD          = 0x10000000
+	IFF_D1                        = 0x8000
+	IFF_D2                        = 0x4000
+	IFF_D3                        = 0x2000
+	IFF_D4                        = 0x1000
+	IFF_DEBUG                     = 0x4
+	IFF_DEVHEALTH                 = 0x4000
+	IFF_DO_HW_LOOPBACK            = 0x10000
+	IFF_GROUP_ROUTING             = 0x2000000
+	IFF_IFBUFMGT                  = 0x800000
+	IFF_LINK0                     = 0x100000
+	IFF_LINK1                     = 0x200000
+	IFF_LINK2                     = 0x400000
+	IFF_LOOPBACK                  = 0x8
+	IFF_MULTICAST                 = 0x80000
+	IFF_NOARP                     = 0x80
+	IFF_NOECHO                    = 0x800
+	IFF_NOTRAILERS                = 0x20
+	IFF_OACTIVE                   = 0x400
+	IFF_POINTOPOINT               = 0x10
+	IFF_PROMISC                   = 0x100
+	IFF_PSEG                      = 0x40000000
+	IFF_RUNNING                   = 0x40
+	IFF_SIMPLEX                   = 0x800
+	IFF_SNAP                      = 0x8000
+	IFF_TCP_DISABLE_CKSUM         = 0x20000000
+	IFF_TCP_NOCKSUM               = 0x1000000
+	IFF_UP                        = 0x1
+	IFF_VIPA                      = 0x80000000
+	IFNAMSIZ                      = 0x10
+	IFO_FLUSH                     = 0x1
+	IFT_1822                      = 0x2
+	IFT_AAL5                      = 0x31
+	IFT_ARCNET                    = 0x23
+	IFT_ARCNETPLUS                = 0x24
+	IFT_ATM                       = 0x25
+	IFT_CEPT                      = 0x13
+	IFT_CLUSTER                   = 0x3e
+	IFT_DS3                       = 0x1e
+	IFT_EON                       = 0x19
+	IFT_ETHER                     = 0x6
+	IFT_FCS                       = 0x3a
+	IFT_FDDI                      = 0xf
+	IFT_FRELAY                    = 0x20
+	IFT_FRELAYDCE                 = 0x2c
+	IFT_GIFTUNNEL                 = 0x3c
+	IFT_HDH1822                   = 0x3
+	IFT_HF                        = 0x3d
+	IFT_HIPPI                     = 0x2f
+	IFT_HSSI                      = 0x2e
+	IFT_HY                        = 0xe
+	IFT_IB                        = 0xc7
+	IFT_ISDNBASIC                 = 0x14
+	IFT_ISDNPRIMARY               = 0x15
+	IFT_ISO88022LLC               = 0x29
+	IFT_ISO88023                  = 0x7
+	IFT_ISO88024                  = 0x8
+	IFT_ISO88025                  = 0x9
+	IFT_ISO88026                  = 0xa
+	IFT_LAPB                      = 0x10
+	IFT_LOCALTALK                 = 0x2a
+	IFT_LOOP                      = 0x18
+	IFT_MIOX25                    = 0x26
+	IFT_MODEM                     = 0x30
+	IFT_NSIP                      = 0x1b
+	IFT_OTHER                     = 0x1
+	IFT_P10                       = 0xc
+	IFT_P80                       = 0xd
+	IFT_PARA                      = 0x22
+	IFT_PPP                       = 0x17
+	IFT_PROPMUX                   = 0x36
+	IFT_PROPVIRTUAL               = 0x35
+	IFT_PTPSERIAL                 = 0x16
+	IFT_RS232                     = 0x21
+	IFT_SDLC                      = 0x11
+	IFT_SIP                       = 0x1f
+	IFT_SLIP                      = 0x1c
+	IFT_SMDSDXI                   = 0x2b
+	IFT_SMDSICIP                  = 0x34
+	IFT_SN                        = 0x38
+	IFT_SONET                     = 0x27
+	IFT_SONETPATH                 = 0x32
+	IFT_SONETVT                   = 0x33
+	IFT_SP                        = 0x39
+	IFT_STARLAN                   = 0xb
+	IFT_T1                        = 0x12
+	IFT_TUNNEL                    = 0x3b
+	IFT_ULTRA                     = 0x1d
+	IFT_V35                       = 0x2d
+	IFT_VIPA                      = 0x37
+	IFT_X25                       = 0x5
+	IFT_X25DDN                    = 0x4
+	IFT_X25PLE                    = 0x28
+	IFT_XETHER                    = 0x1a
+	IGNBRK                        = 0x1
+	IGNCR                         = 0x80
+	IGNPAR                        = 0x4
+	IMAXBEL                       = 0x10000
+	INLCR                         = 0x40
+	INPCK                         = 0x10
+	IN_CLASSA_HOST                = 0xffffff
+	IN_CLASSA_MAX                 = 0x80
+	IN_CLASSA_NET                 = 0xff000000
+	IN_CLASSA_NSHIFT              = 0x18
+	IN_CLASSB_HOST                = 0xffff
+	IN_CLASSB_MAX                 = 0x10000
+	IN_CLASSB_NET                 = 0xffff0000
+	IN_CLASSB_NSHIFT              = 0x10
+	IN_CLASSC_HOST                = 0xff
+	IN_CLASSC_NET                 = 0xffffff00
+	IN_CLASSC_NSHIFT              = 0x8
+	IN_CLASSD_HOST                = 0xfffffff
+	IN_CLASSD_NET                 = 0xf0000000
+	IN_CLASSD_NSHIFT              = 0x1c
+	IN_LOOPBACKNET                = 0x7f
+	IN_USE                        = 0x1
+	IPPROTO_AH                    = 0x33
+	IPPROTO_BIP                   = 0x53
+	IPPROTO_DSTOPTS               = 0x3c
+	IPPROTO_EGP                   = 0x8
+	IPPROTO_EON                   = 0x50
+	IPPROTO_ESP                   = 0x32
+	IPPROTO_FRAGMENT              = 0x2c
+	IPPROTO_GGP                   = 0x3
+	IPPROTO_GIF                   = 0x8c
+	IPPROTO_GRE                   = 0x2f
+	IPPROTO_HOPOPTS               = 0x0
+	IPPROTO_ICMP                  = 0x1
+	IPPROTO_ICMPV6                = 0x3a
+	IPPROTO_IDP                   = 0x16
+	IPPROTO_IGMP                  = 0x2
+	IPPROTO_IP                    = 0x0
+	IPPROTO_IPIP                  = 0x4
+	IPPROTO_IPV6                  = 0x29
+	IPPROTO_LOCAL                 = 0x3f
+	IPPROTO_MAX                   = 0x100
+	IPPROTO_MH                    = 0x87
+	IPPROTO_NONE                  = 0x3b
+	IPPROTO_PUP                   = 0xc
+	IPPROTO_QOS                   = 0x2d
+	IPPROTO_RAW                   = 0xff
+	IPPROTO_ROUTING               = 0x2b
+	IPPROTO_RSVP                  = 0x2e
+	IPPROTO_SCTP                  = 0x84
+	IPPROTO_TCP                   = 0x6
+	IPPROTO_TP                    = 0x1d
+	IPPROTO_UDP                   = 0x11
+	IPV6_ADDRFORM                 = 0x16
+	IPV6_ADDR_PREFERENCES         = 0x4a
+	IPV6_ADD_MEMBERSHIP           = 0xc
+	IPV6_AIXRAWSOCKET             = 0x39
+	IPV6_CHECKSUM                 = 0x27
+	IPV6_DONTFRAG                 = 0x2d
+	IPV6_DROP_MEMBERSHIP          = 0xd
+	IPV6_DSTOPTS                  = 0x36
+	IPV6_FLOWINFO_FLOWLABEL       = 0xffffff
+	IPV6_FLOWINFO_PRIFLOW         = 0xfffffff
+	IPV6_FLOWINFO_PRIORITY        = 0xf000000
+	IPV6_FLOWINFO_SRFLAG          = 0x10000000
+	IPV6_FLOWINFO_VERSION         = 0xf0000000
+	IPV6_HOPLIMIT                 = 0x28
+	IPV6_HOPOPTS                  = 0x34
+	IPV6_JOIN_GROUP               = 0xc
+	IPV6_LEAVE_GROUP              = 0xd
+	IPV6_MIPDSTOPTS               = 0x36
+	IPV6_MULTICAST_HOPS           = 0xa
+	IPV6_MULTICAST_IF             = 0x9
+	IPV6_MULTICAST_LOOP           = 0xb
+	IPV6_NEXTHOP                  = 0x30
+	IPV6_NOPROBE                  = 0x1c
+	IPV6_PATHMTU                  = 0x2e
+	IPV6_PKTINFO                  = 0x21
+	IPV6_PKTOPTIONS               = 0x24
+	IPV6_PRIORITY_10              = 0xa000000
+	IPV6_PRIORITY_11              = 0xb000000
+	IPV6_PRIORITY_12              = 0xc000000
+	IPV6_PRIORITY_13              = 0xd000000
+	IPV6_PRIORITY_14              = 0xe000000
+	IPV6_PRIORITY_15              = 0xf000000
+	IPV6_PRIORITY_8               = 0x8000000
+	IPV6_PRIORITY_9               = 0x9000000
+	IPV6_PRIORITY_BULK            = 0x4000000
+	IPV6_PRIORITY_CONTROL         = 0x7000000
+	IPV6_PRIORITY_FILLER          = 0x1000000
+	IPV6_PRIORITY_INTERACTIVE     = 0x6000000
+	IPV6_PRIORITY_RESERVED1       = 0x3000000
+	IPV6_PRIORITY_RESERVED2       = 0x5000000
+	IPV6_PRIORITY_UNATTENDED      = 0x2000000
+	IPV6_PRIORITY_UNCHARACTERIZED = 0x0
+	IPV6_RECVDSTOPTS              = 0x38
+	IPV6_RECVHOPLIMIT             = 0x29
+	IPV6_RECVHOPOPTS              = 0x35
+	IPV6_RECVHOPS                 = 0x22
+	IPV6_RECVIF                   = 0x1e
+	IPV6_RECVPATHMTU              = 0x2f
+	IPV6_RECVPKTINFO              = 0x23
+	IPV6_RECVRTHDR                = 0x33
+	IPV6_RECVSRCRT                = 0x1d
+	IPV6_RECVTCLASS               = 0x2a
+	IPV6_RTHDR                    = 0x32
+	IPV6_RTHDRDSTOPTS             = 0x37
+	IPV6_RTHDR_TYPE_0             = 0x0
+	IPV6_RTHDR_TYPE_2             = 0x2
+	IPV6_SENDIF                   = 0x1f
+	IPV6_SRFLAG_LOOSE             = 0x0
+	IPV6_SRFLAG_STRICT            = 0x10000000
+	IPV6_TCLASS                   = 0x2b
+	IPV6_TOKEN_LENGTH             = 0x40
+	IPV6_UNICAST_HOPS             = 0x4
+	IPV6_USE_MIN_MTU              = 0x2c
+	IPV6_V6ONLY                   = 0x25
+	IPV6_VERSION                  = 0x60000000
+	IP_ADDRFORM                   = 0x16
+	IP_ADD_MEMBERSHIP             = 0xc
+	IP_ADD_SOURCE_MEMBERSHIP      = 0x3c
+	IP_BLOCK_SOURCE               = 0x3a
+	IP_BROADCAST_IF               = 0x10
+	IP_CACHE_LINE_SIZE            = 0x80
+	IP_DEFAULT_MULTICAST_LOOP     = 0x1
+	IP_DEFAULT_MULTICAST_TTL      = 0x1
+	IP_DF                         = 0x4000
+	IP_DHCPMODE                   = 0x11
+	IP_DONTFRAG                   = 0x19
+	IP_DROP_MEMBERSHIP            = 0xd
+	IP_DROP_SOURCE_MEMBERSHIP     = 0x3d
+	IP_FINDPMTU                   = 0x1a
+	IP_HDRINCL                    = 0x2
+	IP_INC_MEMBERSHIPS            = 0x14
+	IP_INIT_MEMBERSHIP            = 0x14
+	IP_MAXPACKET                  = 0xffff
+	IP_MF                         = 0x2000
+	IP_MSS                        = 0x240
+	IP_MULTICAST_HOPS             = 0xa
+	IP_MULTICAST_IF               = 0x9
+	IP_MULTICAST_LOOP             = 0xb
+	IP_MULTICAST_TTL              = 0xa
+	IP_OPT                        = 0x1b
+	IP_OPTIONS                    = 0x1
+	IP_PMTUAGE                    = 0x1b
+	IP_RECVDSTADDR                = 0x7
+	IP_RECVIF                     = 0x14
+	IP_RECVIFINFO                 = 0xf
+	IP_RECVINTERFACE              = 0x20
+	IP_RECVMACHDR                 = 0xe
+	IP_RECVOPTS                   = 0x5
+	IP_RECVRETOPTS                = 0x6
+	IP_RECVTTL                    = 0x22
+	IP_RETOPTS                    = 0x8
+	IP_SOURCE_FILTER              = 0x48
+	IP_TOS                        = 0x3
+	IP_TTL                        = 0x4
+	IP_UNBLOCK_SOURCE             = 0x3b
+	IP_UNICAST_HOPS               = 0x4
+	ISIG                          = 0x1
+	ISTRIP                        = 0x20
+	IUCLC                         = 0x800
+	IXANY                         = 0x1000
+	IXOFF                         = 0x400
+	IXON                          = 0x200
+	I_FLUSH                       = 0x20005305
+	LNOFLSH                       = 0x8000
+	LOCK_EX                       = 0x2
+	LOCK_NB                       = 0x4
+	LOCK_SH                       = 0x1
+	LOCK_UN                       = 0x8
+	MADV_DONTNEED                 = 0x4
+	MADV_NORMAL                   = 0x0
+	MADV_RANDOM                   = 0x1
+	MADV_SEQUENTIAL               = 0x2
+	MADV_SPACEAVAIL               = 0x5
+	MADV_WILLNEED                 = 0x3
+	MAP_ANON                      = 0x10
+	MAP_ANONYMOUS                 = 0x10
+	MAP_FILE                      = 0x0
+	MAP_FIXED                     = 0x100
+	MAP_PRIVATE                   = 0x2
+	MAP_SHARED                    = 0x1
+	MAP_TYPE                      = 0xf0
+	MAP_VARIABLE                  = 0x0
+	MCAST_BLOCK_SOURCE            = 0x40
+	MCAST_EXCLUDE                 = 0x2
+	MCAST_INCLUDE                 = 0x1
+	MCAST_JOIN_GROUP              = 0x3e
+	MCAST_JOIN_SOURCE_GROUP       = 0x42
+	MCAST_LEAVE_GROUP             = 0x3f
+	MCAST_LEAVE_SOURCE_GROUP      = 0x43
+	MCAST_SOURCE_FILTER           = 0x49
+	MCAST_UNBLOCK_SOURCE          = 0x41
+	MCL_CURRENT                   = 0x100
+	MCL_FUTURE                    = 0x200
+	MSG_ANY                       = 0x4
+	MSG_ARGEXT                    = 0x400
+	MSG_BAND                      = 0x2
+	MSG_COMPAT                    = 0x8000
+	MSG_CTRUNC                    = 0x20
+	MSG_DONTROUTE                 = 0x4
+	MSG_EOR                       = 0x8
+	MSG_HIPRI                     = 0x1
+	MSG_MAXIOVLEN                 = 0x10
+	MSG_MPEG2                     = 0x80
+	MSG_NONBLOCK                  = 0x4000
+	MSG_NOSIGNAL                  = 0x100
+	MSG_OOB                       = 0x1
+	MSG_PEEK                      = 0x2
+	MSG_TRUNC                     = 0x10
+	MSG_WAITALL                   = 0x40
+	MSG_WAITFORONE                = 0x200
+	MS_ASYNC                      = 0x10
+	MS_EINTR                      = 0x80
+	MS_INVALIDATE                 = 0x40
+	MS_PER_SEC                    = 0x3e8
+	MS_SYNC                       = 0x20
+	NFDBITS                       = 0x20
+	NL0                           = 0x0
+	NL1                           = 0x4000
+	NL2                           = 0x8000
+	NL3                           = 0xc000
+	NLDLY                         = 0x4000
+	NOFLSH                        = 0x80
+	NOFLUSH                       = 0x80000000
+	OCRNL                         = 0x8
+	OFDEL                         = 0x80
+	OFILL                         = 0x40
+	OLCUC                         = 0x2
+	ONLCR                         = 0x4
+	ONLRET                        = 0x20
+	ONOCR                         = 0x10
+	ONOEOT                        = 0x80000
+	OPOST                         = 0x1
+	OXTABS                        = 0x40000
+	O_ACCMODE                     = 0x23
+	O_APPEND                      = 0x8
+	O_CIO                         = 0x80
+	O_CIOR                        = 0x800000000
+	O_CLOEXEC                     = 0x800000
+	O_CREAT                       = 0x100
+	O_DEFER                       = 0x2000
+	O_DELAY                       = 0x4000
+	O_DIRECT                      = 0x8000000
+	O_DIRECTORY                   = 0x80000
+	O_DSYNC                       = 0x400000
+	O_EFSOFF                      = 0x400000000
+	O_EFSON                       = 0x200000000
+	O_EXCL                        = 0x400
+	O_EXEC                        = 0x20
+	O_LARGEFILE                   = 0x4000000
+	O_NDELAY                      = 0x8000
+	O_NOCACHE                     = 0x100000
+	O_NOCTTY                      = 0x800
+	O_NOFOLLOW                    = 0x1000000
+	O_NONBLOCK                    = 0x4
+	O_NONE                        = 0x3
+	O_NSHARE                      = 0x10000
+	O_RAW                         = 0x100000000
+	O_RDONLY                      = 0x0
+	O_RDWR                        = 0x2
+	O_RSHARE                      = 0x1000
+	O_RSYNC                       = 0x200000
+	O_SEARCH                      = 0x20
+	O_SNAPSHOT                    = 0x40
+	O_SYNC                        = 0x10
+	O_TRUNC                       = 0x200
+	O_TTY_INIT                    = 0x0
+	O_WRONLY                      = 0x1
+	PARENB                        = 0x100
+	PAREXT                        = 0x100000
+	PARMRK                        = 0x8
+	PARODD                        = 0x200
+	PENDIN                        = 0x20000000
+	PRIO_PGRP                     = 0x1
+	PRIO_PROCESS                  = 0x0
+	PRIO_USER                     = 0x2
+	PROT_EXEC                     = 0x4
+	PROT_NONE                     = 0x0
+	PROT_READ                     = 0x1
+	PROT_WRITE                    = 0x2
+	PR_64BIT                      = 0x20
+	PR_ADDR                       = 0x2
+	PR_ARGEXT                     = 0x400
+	PR_ATOMIC                     = 0x1
+	PR_CONNREQUIRED               = 0x4
+	PR_FASTHZ                     = 0x5
+	PR_INP                        = 0x40
+	PR_INTRLEVEL                  = 0x8000
+	PR_MLS                        = 0x100
+	PR_MLS_1_LABEL                = 0x200
+	PR_NOEOR                      = 0x4000
+	PR_RIGHTS                     = 0x10
+	PR_SLOWHZ                     = 0x2
+	PR_WANTRCVD                   = 0x8
+	RLIMIT_AS                     = 0x6
+	RLIMIT_CORE                   = 0x4
+	RLIMIT_CPU                    = 0x0
+	RLIMIT_DATA                   = 0x2
+	RLIMIT_FSIZE                  = 0x1
+	RLIMIT_NOFILE                 = 0x7
+	RLIMIT_NPROC                  = 0x9
+	RLIMIT_RSS                    = 0x5
+	RLIMIT_STACK                  = 0x3
+	RLIM_INFINITY                 = 0x7fffffff
+	RTAX_AUTHOR                   = 0x6
+	RTAX_BRD                      = 0x7
+	RTAX_DST                      = 0x0
+	RTAX_GATEWAY                  = 0x1
+	RTAX_GENMASK                  = 0x3
+	RTAX_IFA                      = 0x5
+	RTAX_IFP                      = 0x4
+	RTAX_MAX                      = 0x8
+	RTAX_NETMASK                  = 0x2
+	RTA_AUTHOR                    = 0x40
+	RTA_BRD                       = 0x80
+	RTA_DOWNSTREAM                = 0x100
+	RTA_DST                       = 0x1
+	RTA_GATEWAY                   = 0x2
+	RTA_GENMASK                   = 0x8
+	RTA_IFA                       = 0x20
+	RTA_IFP                       = 0x10
+	RTA_NETMASK                   = 0x4
+	RTC_IA64                      = 0x3
+	RTC_POWER                     = 0x1
+	RTC_POWER_PC                  = 0x2
+	RTF_ACTIVE_DGD                = 0x1000000
+	RTF_BCE                       = 0x80000
+	RTF_BLACKHOLE                 = 0x1000
+	RTF_BROADCAST                 = 0x400000
+	RTF_BUL                       = 0x2000
+	RTF_CLONE                     = 0x10000
+	RTF_CLONED                    = 0x20000
+	RTF_CLONING                   = 0x100
+	RTF_DONE                      = 0x40
+	RTF_DYNAMIC                   = 0x10
+	RTF_FREE_IN_PROG              = 0x4000000
+	RTF_GATEWAY                   = 0x2
+	RTF_HOST                      = 0x4
+	RTF_LLINFO                    = 0x400
+	RTF_LOCAL                     = 0x200000
+	RTF_MASK                      = 0x80
+	RTF_MODIFIED                  = 0x20
+	RTF_MULTICAST                 = 0x800000
+	RTF_PERMANENT6                = 0x8000000
+	RTF_PINNED                    = 0x100000
+	RTF_PROTO1                    = 0x8000
+	RTF_PROTO2                    = 0x4000
+	RTF_PROTO3                    = 0x40000
+	RTF_REJECT                    = 0x8
+	RTF_SMALLMTU                  = 0x40000
+	RTF_STATIC                    = 0x800
+	RTF_STOPSRCH                  = 0x2000000
+	RTF_UNREACHABLE               = 0x10000000
+	RTF_UP                        = 0x1
+	RTF_XRESOLVE                  = 0x200
+	RTM_ADD                       = 0x1
+	RTM_CHANGE                    = 0x3
+	RTM_DELADDR                   = 0xd
+	RTM_DELETE                    = 0x2
+	RTM_EXPIRE                    = 0xf
+	RTM_GET                       = 0x4
+	RTM_GETNEXT                   = 0x11
+	RTM_IFINFO                    = 0xe
+	RTM_LOCK                      = 0x8
+	RTM_LOSING                    = 0x5
+	RTM_MISS                      = 0x7
+	RTM_NEWADDR                   = 0xc
+	RTM_OLDADD                    = 0x9
+	RTM_OLDDEL                    = 0xa
+	RTM_REDIRECT                  = 0x6
+	RTM_RESOLVE                   = 0xb
+	RTM_RTLOST                    = 0x10
+	RTM_RTTUNIT                   = 0xf4240
+	RTM_SAMEADDR                  = 0x12
+	RTM_SET                       = 0x13
+	RTM_VERSION                   = 0x2
+	RTM_VERSION_GR                = 0x4
+	RTM_VERSION_GR_COMPAT         = 0x3
+	RTM_VERSION_POLICY            = 0x5
+	RTM_VERSION_POLICY_EXT        = 0x6
+	RTM_VERSION_POLICY_PRFN       = 0x7
+	RTV_EXPIRE                    = 0x4
+	RTV_HOPCOUNT                  = 0x2
+	RTV_MTU                       = 0x1
+	RTV_RPIPE                     = 0x8
+	RTV_RTT                       = 0x40
+	RTV_RTTVAR                    = 0x80
+	RTV_SPIPE                     = 0x10
+	RTV_SSTHRESH                  = 0x20
+	RUSAGE_CHILDREN               = -0x1
+	RUSAGE_SELF                   = 0x0
+	RUSAGE_THREAD                 = 0x1
+	SCM_RIGHTS                    = 0x1
+	SHUT_RD                       = 0x0
+	SHUT_RDWR                     = 0x2
+	SHUT_WR                       = 0x1
+	SIGMAX64                      = 0xff
+	SIGQUEUE_MAX                  = 0x20
+	SIOCADDIFVIPA                 = 0x20006942
+	SIOCADDMTU                    = -0x7ffb9690
+	SIOCADDMULTI                  = -0x7fdf96cf
+	SIOCADDNETID                  = -0x7fd796a9
+	SIOCADDRT                     = -0x7fcf8df6
+	SIOCAIFADDR                   = -0x7fbf96e6
+	SIOCATMARK                    = 0x40047307
+	SIOCDARP                      = -0x7fb396e0
+	SIOCDELIFVIPA                 = 0x20006943
+	SIOCDELMTU                    = -0x7ffb968f
+	SIOCDELMULTI                  = -0x7fdf96ce
+	SIOCDELPMTU                   = -0x7fd78ff6
+	SIOCDELRT                     = -0x7fcf8df5
+	SIOCDIFADDR                   = -0x7fd796e7
+	SIOCDNETOPT                   = -0x3ffe9680
+	SIOCDX25XLATE                 = -0x7fd7969b
+	SIOCFIFADDR                   = -0x7fdf966d
+	SIOCGARP                      = -0x3fb396da
+	SIOCGETMTUS                   = 0x2000696f
+	SIOCGETSGCNT                  = -0x3feb8acc
+	SIOCGETVIFCNT                 = -0x3feb8acd
+	SIOCGHIWAT                    = 0x40047301
+	SIOCGIFADDR                   = -0x3fd796df
+	SIOCGIFADDRS                  = 0x2000698c
+	SIOCGIFBAUDRATE               = -0x3fdf9669
+	SIOCGIFBRDADDR                = -0x3fd796dd
+	SIOCGIFCONF                   = -0x3ff796bb
+	SIOCGIFCONFGLOB               = -0x3ff79670
+	SIOCGIFDSTADDR                = -0x3fd796de
+	SIOCGIFFLAGS                  = -0x3fd796ef
+	SIOCGIFGIDLIST                = 0x20006968
+	SIOCGIFHWADDR                 = -0x3fab966b
+	SIOCGIFMETRIC                 = -0x3fd796e9
+	SIOCGIFMTU                    = -0x3fd796aa
+	SIOCGIFNETMASK                = -0x3fd796db
+	SIOCGIFOPTIONS                = -0x3fd796d6
+	SIOCGISNO                     = -0x3fd79695
+	SIOCGLOADF                    = -0x3ffb967e
+	SIOCGLOWAT                    = 0x40047303
+	SIOCGNETOPT                   = -0x3ffe96a5
+	SIOCGNETOPT1                  = -0x3fdf967f
+	SIOCGNMTUS                    = 0x2000696e
+	SIOCGPGRP                     = 0x40047309
+	SIOCGSIZIFCONF                = 0x4004696a
+	SIOCGSRCFILTER                = -0x3fe796cb
+	SIOCGTUNEPHASE                = -0x3ffb9676
+	SIOCGX25XLATE                 = -0x3fd7969c
+	SIOCIFATTACH                  = -0x7fdf9699
+	SIOCIFDETACH                  = -0x7fdf969a
+	SIOCIFGETPKEY                 = -0x7fdf969b
+	SIOCIF_ATM_DARP               = -0x7fdf9683
+	SIOCIF_ATM_DUMPARP            = -0x7fdf9685
+	SIOCIF_ATM_GARP               = -0x7fdf9682
+	SIOCIF_ATM_IDLE               = -0x7fdf9686
+	SIOCIF_ATM_SARP               = -0x7fdf9681
+	SIOCIF_ATM_SNMPARP            = -0x7fdf9687
+	SIOCIF_ATM_SVC                = -0x7fdf9684
+	SIOCIF_ATM_UBR                = -0x7fdf9688
+	SIOCIF_DEVHEALTH              = -0x7ffb966c
+	SIOCIF_IB_ARP_INCOMP          = -0x7fdf9677
+	SIOCIF_IB_ARP_TIMER           = -0x7fdf9678
+	SIOCIF_IB_CLEAR_PINFO         = -0x3fdf966f
+	SIOCIF_IB_DEL_ARP             = -0x7fdf967f
+	SIOCIF_IB_DEL_PINFO           = -0x3fdf9670
+	SIOCIF_IB_DUMP_ARP            = -0x7fdf9680
+	SIOCIF_IB_GET_ARP             = -0x7fdf967e
+	SIOCIF_IB_GET_INFO            = -0x3f879675
+	SIOCIF_IB_GET_STATS           = -0x3f879672
+	SIOCIF_IB_NOTIFY_ADDR_REM     = -0x3f87966a
+	SIOCIF_IB_RESET_STATS         = -0x3f879671
+	SIOCIF_IB_RESIZE_CQ           = -0x7fdf9679
+	SIOCIF_IB_SET_ARP             = -0x7fdf967d
+	SIOCIF_IB_SET_PKEY            = -0x7fdf967c
+	SIOCIF_IB_SET_PORT            = -0x7fdf967b
+	SIOCIF_IB_SET_QKEY            = -0x7fdf9676
+	SIOCIF_IB_SET_QSIZE           = -0x7fdf967a
+	SIOCLISTIFVIPA                = 0x20006944
+	SIOCSARP                      = -0x7fb396e2
+	SIOCSHIWAT                    = 0x80047300
+	SIOCSIFADDR                   = -0x7fd796f4
+	SIOCSIFADDRORI                = -0x7fdb9673
+	SIOCSIFBRDADDR                = -0x7fd796ed
+	SIOCSIFDSTADDR                = -0x7fd796f2
+	SIOCSIFFLAGS                  = -0x7fd796f0
+	SIOCSIFGIDLIST                = 0x20006969
+	SIOCSIFMETRIC                 = -0x7fd796e8
+	SIOCSIFMTU                    = -0x7fd796a8
+	SIOCSIFNETDUMP                = -0x7fd796e4
+	SIOCSIFNETMASK                = -0x7fd796ea
+	SIOCSIFOPTIONS                = -0x7fd796d7
+	SIOCSIFSUBCHAN                = -0x7fd796e5
+	SIOCSISNO                     = -0x7fd79694
+	SIOCSLOADF                    = -0x3ffb967d
+	SIOCSLOWAT                    = 0x80047302
+	SIOCSNETOPT                   = -0x7ffe96a6
+	SIOCSPGRP                     = 0x80047308
+	SIOCSX25XLATE                 = -0x7fd7969d
+	SOCK_CONN_DGRAM               = 0x6
+	SOCK_DGRAM                    = 0x2
+	SOCK_RAW                      = 0x3
+	SOCK_RDM                      = 0x4
+	SOCK_SEQPACKET                = 0x5
+	SOCK_STREAM                   = 0x1
+	SOL_SOCKET                    = 0xffff
+	SOMAXCONN                     = 0x400
+	SO_ACCEPTCONN                 = 0x2
+	SO_AUDIT                      = 0x8000
+	SO_BROADCAST                  = 0x20
+	SO_CKSUMRECV                  = 0x800
+	SO_DEBUG                      = 0x1
+	SO_DONTROUTE                  = 0x10
+	SO_ERROR                      = 0x1007
+	SO_KEEPALIVE                  = 0x8
+	SO_KERNACCEPT                 = 0x2000
+	SO_LINGER                     = 0x80
+	SO_NOMULTIPATH                = 0x4000
+	SO_NOREUSEADDR                = 0x1000
+	SO_OOBINLINE                  = 0x100
+	SO_PEERID                     = 0x1009
+	SO_RCVBUF                     = 0x1002
+	SO_RCVLOWAT                   = 0x1004
+	SO_RCVTIMEO                   = 0x1006
+	SO_REUSEADDR                  = 0x4
+	SO_REUSEPORT                  = 0x200
+	SO_SNDBUF                     = 0x1001
+	SO_SNDLOWAT                   = 0x1003
+	SO_SNDTIMEO                   = 0x1005
+	SO_TIMESTAMPNS                = 0x100a
+	SO_TYPE                       = 0x1008
+	SO_USELOOPBACK                = 0x40
+	SO_USE_IFBUFS                 = 0x400
+	S_BANDURG                     = 0x400
+	S_EMODFMT                     = 0x3c000000
+	S_ENFMT                       = 0x400
+	S_ERROR                       = 0x100
+	S_HANGUP                      = 0x200
+	S_HIPRI                       = 0x2
+	S_ICRYPTO                     = 0x80000
+	S_IEXEC                       = 0x40
+	S_IFBLK                       = 0x6000
+	S_IFCHR                       = 0x2000
+	S_IFDIR                       = 0x4000
+	S_IFIFO                       = 0x1000
+	S_IFJOURNAL                   = 0x10000
+	S_IFLNK                       = 0xa000
+	S_IFMPX                       = 0x2200
+	S_IFMT                        = 0xf000
+	S_IFPDIR                      = 0x4000000
+	S_IFPSDIR                     = 0x8000000
+	S_IFPSSDIR                    = 0xc000000
+	S_IFREG                       = 0x8000
+	S_IFSOCK                      = 0xc000
+	S_IFSYSEA                     = 0x30000000
+	S_INPUT                       = 0x1
+	S_IREAD                       = 0x100
+	S_IRGRP                       = 0x20
+	S_IROTH                       = 0x4
+	S_IRUSR                       = 0x100
+	S_IRWXG                       = 0x38
+	S_IRWXO                       = 0x7
+	S_IRWXU                       = 0x1c0
+	S_ISGID                       = 0x400
+	S_ISUID                       = 0x800
+	S_ISVTX                       = 0x200
+	S_ITCB                        = 0x1000000
+	S_ITP                         = 0x800000
+	S_IWGRP                       = 0x10
+	S_IWOTH                       = 0x2
+	S_IWRITE                      = 0x80
+	S_IWUSR                       = 0x80
+	S_IXACL                       = 0x2000000
+	S_IXATTR                      = 0x40000
+	S_IXGRP                       = 0x8
+	S_IXINTERFACE                 = 0x100000
+	S_IXMOD                       = 0x40000000
+	S_IXOTH                       = 0x1
+	S_IXUSR                       = 0x40
+	S_MSG                         = 0x8
+	S_OUTPUT                      = 0x4
+	S_RDBAND                      = 0x20
+	S_RDNORM                      = 0x10
+	S_RESERVED1                   = 0x20000
+	S_RESERVED2                   = 0x200000
+	S_RESERVED3                   = 0x400000
+	S_RESERVED4                   = 0x80000000
+	S_RESFMT1                     = 0x10000000
+	S_RESFMT10                    = 0x34000000
+	S_RESFMT11                    = 0x38000000
+	S_RESFMT12                    = 0x3c000000
+	S_RESFMT2                     = 0x14000000
+	S_RESFMT3                     = 0x18000000
+	S_RESFMT4                     = 0x1c000000
+	S_RESFMT5                     = 0x20000000
+	S_RESFMT6                     = 0x24000000
+	S_RESFMT7                     = 0x28000000
+	S_RESFMT8                     = 0x2c000000
+	S_WRBAND                      = 0x80
+	S_WRNORM                      = 0x40
+	TAB0                          = 0x0
+	TAB1                          = 0x400
+	TAB2                          = 0x800
+	TAB3                          = 0xc00
+	TABDLY                        = 0xc00
+	TCFLSH                        = 0x540c
+	TCGETA                        = 0x5405
+	TCGETS                        = 0x5401
+	TCIFLUSH                      = 0x0
+	TCIOFF                        = 0x2
+	TCIOFLUSH                     = 0x2
+	TCION                         = 0x3
+	TCOFLUSH                      = 0x1
+	TCOOFF                        = 0x0
+	TCOON                         = 0x1
+	TCP_24DAYS_WORTH_OF_SLOWTICKS = 0x3f4800
+	TCP_ACLADD                    = 0x23
+	TCP_ACLBIND                   = 0x26
+	TCP_ACLCLEAR                  = 0x22
+	TCP_ACLDEL                    = 0x24
+	TCP_ACLDENY                   = 0x8
+	TCP_ACLFLUSH                  = 0x21
+	TCP_ACLGID                    = 0x1
+	TCP_ACLLS                     = 0x25
+	TCP_ACLSUBNET                 = 0x4
+	TCP_ACLUID                    = 0x2
+	TCP_CWND_DF                   = 0x16
+	TCP_CWND_IF                   = 0x15
+	TCP_DELAY_ACK_FIN             = 0x2
+	TCP_DELAY_ACK_SYN             = 0x1
+	TCP_FASTNAME                  = 0x101080a
+	TCP_KEEPCNT                   = 0x13
+	TCP_KEEPIDLE                  = 0x11
+	TCP_KEEPINTVL                 = 0x12
+	TCP_LSPRIV                    = 0x29
+	TCP_LUID                      = 0x20
+	TCP_MAXBURST                  = 0x8
+	TCP_MAXDF                     = 0x64
+	TCP_MAXIF                     = 0x64
+	TCP_MAXSEG                    = 0x2
+	TCP_MAXWIN                    = 0xffff
+	TCP_MAXWINDOWSCALE            = 0xe
+	TCP_MAX_SACK                  = 0x4
+	TCP_MSS                       = 0x5b4
+	TCP_NODELAY                   = 0x1
+	TCP_NODELAYACK                = 0x14
+	TCP_NOREDUCE_CWND_EXIT_FRXMT  = 0x19
+	TCP_NOREDUCE_CWND_IN_FRXMT    = 0x18
+	TCP_NOTENTER_SSTART           = 0x17
+	TCP_OPT                       = 0x19
+	TCP_RFC1323                   = 0x4
+	TCP_SETPRIV                   = 0x27
+	TCP_STDURG                    = 0x10
+	TCP_TIMESTAMP_OPTLEN          = 0xc
+	TCP_UNSETPRIV                 = 0x28
+	TCSAFLUSH                     = 0x2
+	TCSBRK                        = 0x5409
+	TCSETA                        = 0x5406
+	TCSETAF                       = 0x5408
+	TCSETAW                       = 0x5407
+	TCSETS                        = 0x5402
+	TCSETSF                       = 0x5404
+	TCSETSW                       = 0x5403
+	TCXONC                        = 0x540b
+	TIMER_ABSTIME                 = 0x3e7
+	TIMER_MAX                     = 0x20
+	TIOC                          = 0x5400
+	TIOCCBRK                      = 0x2000747a
+	TIOCCDTR                      = 0x20007478
+	TIOCCONS                      = 0x80047462
+	TIOCEXCL                      = 0x2000740d
+	TIOCFLUSH                     = 0x80047410
+	TIOCGETC                      = 0x40067412
+	TIOCGETD                      = 0x40047400
+	TIOCGETP                      = 0x40067408
+	TIOCGLTC                      = 0x40067474
+	TIOCGPGRP                     = 0x40047477
+	TIOCGSID                      = 0x40047448
+	TIOCGSIZE                     = 0x40087468
+	TIOCGWINSZ                    = 0x40087468
+	TIOCHPCL                      = 0x20007402
+	TIOCLBIC                      = 0x8004747e
+	TIOCLBIS                      = 0x8004747f
+	TIOCLGET                      = 0x4004747c
+	TIOCLSET                      = 0x8004747d
+	TIOCMBIC                      = 0x8004746b
+	TIOCMBIS                      = 0x8004746c
+	TIOCMGET                      = 0x4004746a
+	TIOCMIWAIT                    = 0x80047464
+	TIOCMODG                      = 0x40047403
+	TIOCMODS                      = 0x80047404
+	TIOCMSET                      = 0x8004746d
+	TIOCM_CAR                     = 0x40
+	TIOCM_CD                      = 0x40
+	TIOCM_CTS                     = 0x20
+	TIOCM_DSR                     = 0x100
+	TIOCM_DTR                     = 0x2
+	TIOCM_LE                      = 0x1
+	TIOCM_RI                      = 0x80
+	TIOCM_RNG                     = 0x80
+	TIOCM_RTS                     = 0x4
+	TIOCM_SR                      = 0x10
+	TIOCM_ST                      = 0x8
+	TIOCNOTTY                     = 0x20007471
+	TIOCNXCL                      = 0x2000740e
+	TIOCOUTQ                      = 0x40047473
+	TIOCPKT                       = 0x80047470
+	TIOCPKT_DATA                  = 0x0
+	TIOCPKT_DOSTOP                = 0x20
+	TIOCPKT_FLUSHREAD             = 0x1
+	TIOCPKT_FLUSHWRITE            = 0x2
+	TIOCPKT_NOSTOP                = 0x10
+	TIOCPKT_START                 = 0x8
+	TIOCPKT_STOP                  = 0x4
+	TIOCREMOTE                    = 0x80047469
+	TIOCSBRK                      = 0x2000747b
+	TIOCSDTR                      = 0x20007479
+	TIOCSETC                      = 0x80067411
+	TIOCSETD                      = 0x80047401
+	TIOCSETN                      = 0x8006740a
+	TIOCSETP                      = 0x80067409
+	TIOCSLTC                      = 0x80067475
+	TIOCSPGRP                     = 0x80047476
+	TIOCSSIZE                     = 0x80087467
+	TIOCSTART                     = 0x2000746e
+	TIOCSTI                       = 0x80017472
+	TIOCSTOP                      = 0x2000746f
+	TIOCSWINSZ                    = 0x80087467
+	TIOCUCNTL                     = 0x80047466
+	TOSTOP                        = 0x10000
+	UTIME_NOW                     = -0x2
+	UTIME_OMIT                    = -0x3
+	VDISCRD                       = 0xc
+	VDSUSP                        = 0xa
+	VEOF                          = 0x4
+	VEOL                          = 0x5
+	VEOL2                         = 0x6
+	VERASE                        = 0x2
+	VINTR                         = 0x0
+	VKILL                         = 0x3
+	VLNEXT                        = 0xe
+	VMIN                          = 0x4
+	VQUIT                         = 0x1
+	VREPRINT                      = 0xb
+	VSTART                        = 0x7
+	VSTOP                         = 0x8
+	VSTRT                         = 0x7
+	VSUSP                         = 0x9
+	VT0                           = 0x0
+	VT1                           = 0x8000
+	VTDELAY                       = 0x2000
+	VTDLY                         = 0x8000
+	VTIME                         = 0x5
+	VWERSE                        = 0xd
+	WPARSTART                     = 0x1
+	WPARSTOP                      = 0x2
+	WPARTTYNAME                   = "Global"
+	XCASE                         = 0x4
+	XTABS                         = 0xc00
+	_FDATAFLUSH                   = 0x2000000000
+)
+
+// Errors
+const (
+	E2BIG           = syscall.Errno(0x7)
+	EACCES          = syscall.Errno(0xd)
+	EADDRINUSE      = syscall.Errno(0x43)
+	EADDRNOTAVAIL   = syscall.Errno(0x44)
+	EAFNOSUPPORT    = syscall.Errno(0x42)
+	EAGAIN          = syscall.Errno(0xb)
+	EALREADY        = syscall.Errno(0x38)
+	EBADF           = syscall.Errno(0x9)
+	EBADMSG         = syscall.Errno(0x78)
+	EBUSY           = syscall.Errno(0x10)
+	ECANCELED       = syscall.Errno(0x75)
+	ECHILD          = syscall.Errno(0xa)
+	ECHRNG          = syscall.Errno(0x25)
+	ECLONEME        = syscall.Errno(0x52)
+	ECONNABORTED    = syscall.Errno(0x48)
+	ECONNREFUSED    = syscall.Errno(0x4f)
+	ECONNRESET      = syscall.Errno(0x49)
+	ECORRUPT        = syscall.Errno(0x59)
+	EDEADLK         = syscall.Errno(0x2d)
+	EDESTADDREQ     = syscall.Errno(0x3a)
+	EDESTADDRREQ    = syscall.Errno(0x3a)
+	EDIST           = syscall.Errno(0x35)
+	EDOM            = syscall.Errno(0x21)
+	EDQUOT          = syscall.Errno(0x58)
+	EEXIST          = syscall.Errno(0x11)
+	EFAULT          = syscall.Errno(0xe)
+	EFBIG           = syscall.Errno(0x1b)
+	EFORMAT         = syscall.Errno(0x30)
+	EHOSTDOWN       = syscall.Errno(0x50)
+	EHOSTUNREACH    = syscall.Errno(0x51)
+	EIDRM           = syscall.Errno(0x24)
+	EILSEQ          = syscall.Errno(0x74)
+	EINPROGRESS     = syscall.Errno(0x37)
+	EINTR           = syscall.Errno(0x4)
+	EINVAL          = syscall.Errno(0x16)
+	EIO             = syscall.Errno(0x5)
+	EISCONN         = syscall.Errno(0x4b)
+	EISDIR          = syscall.Errno(0x15)
+	EL2HLT          = syscall.Errno(0x2c)
+	EL2NSYNC        = syscall.Errno(0x26)
+	EL3HLT          = syscall.Errno(0x27)
+	EL3RST          = syscall.Errno(0x28)
+	ELNRNG          = syscall.Errno(0x29)
+	ELOOP           = syscall.Errno(0x55)
+	EMEDIA          = syscall.Errno(0x6e)
+	EMFILE          = syscall.Errno(0x18)
+	EMLINK          = syscall.Errno(0x1f)
+	EMSGSIZE        = syscall.Errno(0x3b)
+	EMULTIHOP       = syscall.Errno(0x7d)
+	ENAMETOOLONG    = syscall.Errno(0x56)
+	ENETDOWN        = syscall.Errno(0x45)
+	ENETRESET       = syscall.Errno(0x47)
+	ENETUNREACH     = syscall.Errno(0x46)
+	ENFILE          = syscall.Errno(0x17)
+	ENOATTR         = syscall.Errno(0x70)
+	ENOBUFS         = syscall.Errno(0x4a)
+	ENOCONNECT      = syscall.Errno(0x32)
+	ENOCSI          = syscall.Errno(0x2b)
+	ENODATA         = syscall.Errno(0x7a)
+	ENODEV          = syscall.Errno(0x13)
+	ENOENT          = syscall.Errno(0x2)
+	ENOEXEC         = syscall.Errno(0x8)
+	ENOLCK          = syscall.Errno(0x31)
+	ENOLINK         = syscall.Errno(0x7e)
+	ENOMEM          = syscall.Errno(0xc)
+	ENOMSG          = syscall.Errno(0x23)
+	ENOPROTOOPT     = syscall.Errno(0x3d)
+	ENOSPC          = syscall.Errno(0x1c)
+	ENOSR           = syscall.Errno(0x76)
+	ENOSTR          = syscall.Errno(0x7b)
+	ENOSYS          = syscall.Errno(0x6d)
+	ENOTBLK         = syscall.Errno(0xf)
+	ENOTCONN        = syscall.Errno(0x4c)
+	ENOTDIR         = syscall.Errno(0x14)
+	ENOTEMPTY       = syscall.Errno(0x11)
+	ENOTREADY       = syscall.Errno(0x2e)
+	ENOTRECOVERABLE = syscall.Errno(0x5e)
+	ENOTRUST        = syscall.Errno(0x72)
+	ENOTSOCK        = syscall.Errno(0x39)
+	ENOTSUP         = syscall.Errno(0x7c)
+	ENOTTY          = syscall.Errno(0x19)
+	ENXIO           = syscall.Errno(0x6)
+	EOPNOTSUPP      = syscall.Errno(0x40)
+	EOVERFLOW       = syscall.Errno(0x7f)
+	EOWNERDEAD      = syscall.Errno(0x5f)
+	EPERM           = syscall.Errno(0x1)
+	EPFNOSUPPORT    = syscall.Errno(0x41)
+	EPIPE           = syscall.Errno(0x20)
+	EPROCLIM        = syscall.Errno(0x53)
+	EPROTO          = syscall.Errno(0x79)
+	EPROTONOSUPPORT = syscall.Errno(0x3e)
+	EPROTOTYPE      = syscall.Errno(0x3c)
+	ERANGE          = syscall.Errno(0x22)
+	EREMOTE         = syscall.Errno(0x5d)
+	ERESTART        = syscall.Errno(0x52)
+	EROFS           = syscall.Errno(0x1e)
+	ESAD            = syscall.Errno(0x71)
+	ESHUTDOWN       = syscall.Errno(0x4d)
+	ESOCKTNOSUPPORT = syscall.Errno(0x3f)
+	ESOFT           = syscall.Errno(0x6f)
+	ESPIPE          = syscall.Errno(0x1d)
+	ESRCH           = syscall.Errno(0x3)
+	ESTALE          = syscall.Errno(0x34)
+	ESYSERROR       = syscall.Errno(0x5a)
+	ETIME           = syscall.Errno(0x77)
+	ETIMEDOUT       = syscall.Errno(0x4e)
+	ETOOMANYREFS    = syscall.Errno(0x73)
+	ETXTBSY         = syscall.Errno(0x1a)
+	EUNATCH         = syscall.Errno(0x2a)
+	EUSERS          = syscall.Errno(0x54)
+	EWOULDBLOCK     = syscall.Errno(0xb)
+	EWRPROTECT      = syscall.Errno(0x2f)
+	EXDEV           = syscall.Errno(0x12)
+)
+
+// Signals
+const (
+	SIGABRT     = syscall.Signal(0x6)
+	SIGAIO      = syscall.Signal(0x17)
+	SIGALRM     = syscall.Signal(0xe)
+	SIGALRM1    = syscall.Signal(0x26)
+	SIGBUS      = syscall.Signal(0xa)
+	SIGCAPI     = syscall.Signal(0x31)
+	SIGCHLD     = syscall.Signal(0x14)
+	SIGCLD      = syscall.Signal(0x14)
+	SIGCONT     = syscall.Signal(0x13)
+	SIGCPUFAIL  = syscall.Signal(0x3b)
+	SIGDANGER   = syscall.Signal(0x21)
+	SIGEMT      = syscall.Signal(0x7)
+	SIGFPE      = syscall.Signal(0x8)
+	SIGGRANT    = syscall.Signal(0x3c)
+	SIGHUP      = syscall.Signal(0x1)
+	SIGILL      = syscall.Signal(0x4)
+	SIGINT      = syscall.Signal(0x2)
+	SIGIO       = syscall.Signal(0x17)
+	SIGIOINT    = syscall.Signal(0x10)
+	SIGIOT      = syscall.Signal(0x6)
+	SIGKAP      = syscall.Signal(0x3c)
+	SIGKILL     = syscall.Signal(0x9)
+	SIGLOST     = syscall.Signal(0x6)
+	SIGMAX      = syscall.Signal(0x3f)
+	SIGMAX32    = syscall.Signal(0x3f)
+	SIGMIGRATE  = syscall.Signal(0x23)
+	SIGMSG      = syscall.Signal(0x1b)
+	SIGPIPE     = syscall.Signal(0xd)
+	SIGPOLL     = syscall.Signal(0x17)
+	SIGPRE      = syscall.Signal(0x24)
+	SIGPROF     = syscall.Signal(0x20)
+	SIGPTY      = syscall.Signal(0x17)
+	SIGPWR      = syscall.Signal(0x1d)
+	SIGQUIT     = syscall.Signal(0x3)
+	SIGRECONFIG = syscall.Signal(0x3a)
+	SIGRETRACT  = syscall.Signal(0x3d)
+	SIGSAK      = syscall.Signal(0x3f)
+	SIGSEGV     = syscall.Signal(0xb)
+	SIGSOUND    = syscall.Signal(0x3e)
+	SIGSTOP     = syscall.Signal(0x11)
+	SIGSYS      = syscall.Signal(0xc)
+	SIGSYSERROR = syscall.Signal(0x30)
+	SIGTALRM    = syscall.Signal(0x26)
+	SIGTERM     = syscall.Signal(0xf)
+	SIGTRAP     = syscall.Signal(0x5)
+	SIGTSTP     = syscall.Signal(0x12)
+	SIGTTIN     = syscall.Signal(0x15)
+	SIGTTOU     = syscall.Signal(0x16)
+	SIGURG      = syscall.Signal(0x10)
+	SIGUSR1     = syscall.Signal(0x1e)
+	SIGUSR2     = syscall.Signal(0x1f)
+	SIGVIRT     = syscall.Signal(0x25)
+	SIGVTALRM   = syscall.Signal(0x22)
+	SIGWAITING  = syscall.Signal(0x27)
+	SIGWINCH    = syscall.Signal(0x1c)
+	SIGXCPU     = syscall.Signal(0x18)
+	SIGXFSZ     = syscall.Signal(0x19)
+)
+
+// Error table
+var errorList = [...]struct {
+	num  syscall.Errno
+	name string
+	desc string
+}{
+	{1, "EPERM", "not owner"},
+	{2, "ENOENT", "no such file or directory"},
+	{3, "ESRCH", "no such process"},
+	{4, "EINTR", "interrupted system call"},
+	{5, "EIO", "I/O error"},
+	{6, "ENXIO", "no such device or address"},
+	{7, "E2BIG", "arg list too long"},
+	{8, "ENOEXEC", "exec format error"},
+	{9, "EBADF", "bad file number"},
+	{10, "ECHILD", "no child processes"},
+	{11, "EWOULDBLOCK", "resource temporarily unavailable"},
+	{12, "ENOMEM", "not enough space"},
+	{13, "EACCES", "permission denied"},
+	{14, "EFAULT", "bad address"},
+	{15, "ENOTBLK", "block device required"},
+	{16, "EBUSY", "device busy"},
+	{17, "ENOTEMPTY", "file exists"},
+	{18, "EXDEV", "cross-device link"},
+	{19, "ENODEV", "no such device"},
+	{20, "ENOTDIR", "not a directory"},
+	{21, "EISDIR", "is a directory"},
+	{22, "EINVAL", "invalid argument"},
+	{23, "ENFILE", "file table overflow"},
+	{24, "EMFILE", "too many open files"},
+	{25, "ENOTTY", "not a typewriter"},
+	{26, "ETXTBSY", "text file busy"},
+	{27, "EFBIG", "file too large"},
+	{28, "ENOSPC", "no space left on device"},
+	{29, "ESPIPE", "illegal seek"},
+	{30, "EROFS", "read-only file system"},
+	{31, "EMLINK", "too many links"},
+	{32, "EPIPE", "broken pipe"},
+	{33, "EDOM", "argument out of domain"},
+	{34, "ERANGE", "result too large"},
+	{35, "ENOMSG", "no message of desired type"},
+	{36, "EIDRM", "identifier removed"},
+	{37, "ECHRNG", "channel number out of range"},
+	{38, "EL2NSYNC", "level 2 not synchronized"},
+	{39, "EL3HLT", "level 3 halted"},
+	{40, "EL3RST", "level 3 reset"},
+	{41, "ELNRNG", "link number out of range"},
+	{42, "EUNATCH", "protocol driver not attached"},
+	{43, "ENOCSI", "no CSI structure available"},
+	{44, "EL2HLT", "level 2 halted"},
+	{45, "EDEADLK", "deadlock condition if locked"},
+	{46, "ENOTREADY", "device not ready"},
+	{47, "EWRPROTECT", "write-protected media"},
+	{48, "EFORMAT", "unformatted or incompatible media"},
+	{49, "ENOLCK", "no locks available"},
+	{50, "ENOCONNECT", "cannot Establish Connection"},
+	{52, "ESTALE", "missing file or filesystem"},
+	{53, "EDIST", "requests blocked by Administrator"},
+	{55, "EINPROGRESS", "operation now in progress"},
+	{56, "EALREADY", "operation already in progress"},
+	{57, "ENOTSOCK", "socket operation on non-socket"},
+	{58, "EDESTADDREQ", "destination address required"},
+	{59, "EMSGSIZE", "message too long"},
+	{60, "EPROTOTYPE", "protocol wrong type for socket"},
+	{61, "ENOPROTOOPT", "protocol not available"},
+	{62, "EPROTONOSUPPORT", "protocol not supported"},
+	{63, "ESOCKTNOSUPPORT", "socket type not supported"},
+	{64, "EOPNOTSUPP", "operation not supported on socket"},
+	{65, "EPFNOSUPPORT", "protocol family not supported"},
+	{66, "EAFNOSUPPORT", "addr family not supported by protocol"},
+	{67, "EADDRINUSE", "address already in use"},
+	{68, "EADDRNOTAVAIL", "can't assign requested address"},
+	{69, "ENETDOWN", "network is down"},
+	{70, "ENETUNREACH", "network is unreachable"},
+	{71, "ENETRESET", "network dropped connection on reset"},
+	{72, "ECONNABORTED", "software caused connection abort"},
+	{73, "ECONNRESET", "connection reset by peer"},
+	{74, "ENOBUFS", "no buffer space available"},
+	{75, "EISCONN", "socket is already connected"},
+	{76, "ENOTCONN", "socket is not connected"},
+	{77, "ESHUTDOWN", "can't send after socket shutdown"},
+	{78, "ETIMEDOUT", "connection timed out"},
+	{79, "ECONNREFUSED", "connection refused"},
+	{80, "EHOSTDOWN", "host is down"},
+	{81, "EHOSTUNREACH", "no route to host"},
+	{82, "ERESTART", "restart the system call"},
+	{83, "EPROCLIM", "too many processes"},
+	{84, "EUSERS", "too many users"},
+	{85, "ELOOP", "too many levels of symbolic links"},
+	{86, "ENAMETOOLONG", "file name too long"},
+	{88, "EDQUOT", "disk quota exceeded"},
+	{89, "ECORRUPT", "invalid file system control data detected"},
+	{90, "ESYSERROR", "for future use "},
+	{93, "EREMOTE", "item is not local to host"},
+	{94, "ENOTRECOVERABLE", "state not recoverable "},
+	{95, "EOWNERDEAD", "previous owner died "},
+	{109, "ENOSYS", "function not implemented"},
+	{110, "EMEDIA", "media surface error"},
+	{111, "ESOFT", "I/O completed, but needs relocation"},
+	{112, "ENOATTR", "no attribute found"},
+	{113, "ESAD", "security Authentication Denied"},
+	{114, "ENOTRUST", "not a Trusted Program"},
+	{115, "ETOOMANYREFS", "too many references: can't splice"},
+	{116, "EILSEQ", "invalid wide character"},
+	{117, "ECANCELED", "asynchronous I/O cancelled"},
+	{118, "ENOSR", "out of STREAMS resources"},
+	{119, "ETIME", "system call timed out"},
+	{120, "EBADMSG", "next message has wrong type"},
+	{121, "EPROTO", "error in protocol"},
+	{122, "ENODATA", "no message on stream head read q"},
+	{123, "ENOSTR", "fd not associated with a stream"},
+	{124, "ENOTSUP", "unsupported attribute value"},
+	{125, "EMULTIHOP", "multihop is not allowed"},
+	{126, "ENOLINK", "the server link has been severed"},
+	{127, "EOVERFLOW", "value too large to be stored in data type"},
+}
+
+// Signal table
+var signalList = [...]struct {
+	num  syscall.Signal
+	name string
+	desc string
+}{
+	{1, "SIGHUP", "hangup"},
+	{2, "SIGINT", "interrupt"},
+	{3, "SIGQUIT", "quit"},
+	{4, "SIGILL", "illegal instruction"},
+	{5, "SIGTRAP", "trace/BPT trap"},
+	{6, "SIGIOT", "IOT/Abort trap"},
+	{7, "SIGEMT", "EMT trap"},
+	{8, "SIGFPE", "floating point exception"},
+	{9, "SIGKILL", "killed"},
+	{10, "SIGBUS", "bus error"},
+	{11, "SIGSEGV", "segmentation fault"},
+	{12, "SIGSYS", "bad system call"},
+	{13, "SIGPIPE", "broken pipe"},
+	{14, "SIGALRM", "alarm clock"},
+	{15, "SIGTERM", "terminated"},
+	{16, "SIGURG", "urgent I/O condition"},
+	{17, "SIGSTOP", "stopped (signal)"},
+	{18, "SIGTSTP", "stopped"},
+	{19, "SIGCONT", "continued"},
+	{20, "SIGCHLD", "child exited"},
+	{21, "SIGTTIN", "stopped (tty input)"},
+	{22, "SIGTTOU", "stopped (tty output)"},
+	{23, "SIGIO", "I/O possible/complete"},
+	{24, "SIGXCPU", "cputime limit exceeded"},
+	{25, "SIGXFSZ", "filesize limit exceeded"},
+	{27, "SIGMSG", "input device data"},
+	{28, "SIGWINCH", "window size changes"},
+	{29, "SIGPWR", "power-failure"},
+	{30, "SIGUSR1", "user defined signal 1"},
+	{31, "SIGUSR2", "user defined signal 2"},
+	{32, "SIGPROF", "profiling timer expired"},
+	{33, "SIGDANGER", "paging space low"},
+	{34, "SIGVTALRM", "virtual timer expired"},
+	{35, "SIGMIGRATE", "signal 35"},
+	{36, "SIGPRE", "signal 36"},
+	{37, "SIGVIRT", "signal 37"},
+	{38, "SIGTALRM", "signal 38"},
+	{39, "SIGWAITING", "signal 39"},
+	{48, "SIGSYSERROR", "signal 48"},
+	{49, "SIGCAPI", "signal 49"},
+	{58, "SIGRECONFIG", "signal 58"},
+	{59, "SIGCPUFAIL", "CPU Failure Predicted"},
+	{60, "SIGKAP", "monitor mode granted"},
+	{61, "SIGRETRACT", "monitor mode retracted"},
+	{62, "SIGSOUND", "sound completed"},
+	{63, "SIGSAK", "secure attention"},
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_aix_ppc64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_aix_ppc64.go
new file mode 100644
index 000000000..4fc8d3064
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_aix_ppc64.go
@@ -0,0 +1,1385 @@
+// mkerrors.sh -maix64
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build ppc64,aix
+
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs -- -maix64 _const.go
+
+package unix
+
+import "syscall"
+
+const (
+	AF_APPLETALK                  = 0x10
+	AF_BYPASS                     = 0x19
+	AF_CCITT                      = 0xa
+	AF_CHAOS                      = 0x5
+	AF_DATAKIT                    = 0x9
+	AF_DECnet                     = 0xc
+	AF_DLI                        = 0xd
+	AF_ECMA                       = 0x8
+	AF_HYLINK                     = 0xf
+	AF_IMPLINK                    = 0x3
+	AF_INET                       = 0x2
+	AF_INET6                      = 0x18
+	AF_INTF                       = 0x14
+	AF_ISO                        = 0x7
+	AF_LAT                        = 0xe
+	AF_LINK                       = 0x12
+	AF_LOCAL                      = 0x1
+	AF_MAX                        = 0x1e
+	AF_NDD                        = 0x17
+	AF_NETWARE                    = 0x16
+	AF_NS                         = 0x6
+	AF_OSI                        = 0x7
+	AF_PUP                        = 0x4
+	AF_RIF                        = 0x15
+	AF_ROUTE                      = 0x11
+	AF_SNA                        = 0xb
+	AF_UNIX                       = 0x1
+	AF_UNSPEC                     = 0x0
+	ALTWERASE                     = 0x400000
+	ARPHRD_802_3                  = 0x6
+	ARPHRD_802_5                  = 0x6
+	ARPHRD_ETHER                  = 0x1
+	ARPHRD_FDDI                   = 0x1
+	B0                            = 0x0
+	B110                          = 0x3
+	B1200                         = 0x9
+	B134                          = 0x4
+	B150                          = 0x5
+	B1800                         = 0xa
+	B19200                        = 0xe
+	B200                          = 0x6
+	B2400                         = 0xb
+	B300                          = 0x7
+	B38400                        = 0xf
+	B4800                         = 0xc
+	B50                           = 0x1
+	B600                          = 0x8
+	B75                           = 0x2
+	B9600                         = 0xd
+	BRKINT                        = 0x2
+	BS0                           = 0x0
+	BS1                           = 0x1000
+	BSDLY                         = 0x1000
+	CAP_AACCT                     = 0x6
+	CAP_ARM_APPLICATION           = 0x5
+	CAP_BYPASS_RAC_VMM            = 0x3
+	CAP_CLEAR                     = 0x0
+	CAP_CREDENTIALS               = 0x7
+	CAP_EFFECTIVE                 = 0x1
+	CAP_EWLM_AGENT                = 0x4
+	CAP_INHERITABLE               = 0x2
+	CAP_MAXIMUM                   = 0x7
+	CAP_NUMA_ATTACH               = 0x2
+	CAP_PERMITTED                 = 0x3
+	CAP_PROPAGATE                 = 0x1
+	CAP_PROPOGATE                 = 0x1
+	CAP_SET                       = 0x1
+	CBAUD                         = 0xf
+	CFLUSH                        = 0xf
+	CIBAUD                        = 0xf0000
+	CLOCAL                        = 0x800
+	CLOCK_MONOTONIC               = 0xa
+	CLOCK_PROCESS_CPUTIME_ID      = 0xb
+	CLOCK_REALTIME                = 0x9
+	CLOCK_THREAD_CPUTIME_ID       = 0xc
+	CR0                           = 0x0
+	CR1                           = 0x100
+	CR2                           = 0x200
+	CR3                           = 0x300
+	CRDLY                         = 0x300
+	CREAD                         = 0x80
+	CS5                           = 0x0
+	CS6                           = 0x10
+	CS7                           = 0x20
+	CS8                           = 0x30
+	CSIOCGIFCONF                  = -0x3fef96dc
+	CSIZE                         = 0x30
+	CSMAP_DIR                     = "/usr/lib/nls/csmap/"
+	CSTART                        = '\021'
+	CSTOP                         = '\023'
+	CSTOPB                        = 0x40
+	CSUSP                         = 0x1a
+	ECHO                          = 0x8
+	ECHOCTL                       = 0x20000
+	ECHOE                         = 0x10
+	ECHOK                         = 0x20
+	ECHOKE                        = 0x80000
+	ECHONL                        = 0x40
+	ECHOPRT                       = 0x40000
+	ECH_ICMPID                    = 0x2
+	ETHERNET_CSMACD               = 0x6
+	EVENP                         = 0x80
+	EXCONTINUE                    = 0x0
+	EXDLOK                        = 0x3
+	EXIO                          = 0x2
+	EXPGIO                        = 0x0
+	EXRESUME                      = 0x2
+	EXRETURN                      = 0x1
+	EXSIG                         = 0x4
+	EXTA                          = 0xe
+	EXTB                          = 0xf
+	EXTRAP                        = 0x1
+	EYEC_RTENTRYA                 = 0x257274656e747241
+	EYEC_RTENTRYF                 = 0x257274656e747246
+	E_ACC                         = 0x0
+	FD_CLOEXEC                    = 0x1
+	FD_SETSIZE                    = 0xfffe
+	FF0                           = 0x0
+	FF1                           = 0x2000
+	FFDLY                         = 0x2000
+	FLUSHBAND                     = 0x40
+	FLUSHLOW                      = 0x8
+	FLUSHO                        = 0x100000
+	FLUSHR                        = 0x1
+	FLUSHRW                       = 0x3
+	FLUSHW                        = 0x2
+	F_CLOSEM                      = 0xa
+	F_DUP2FD                      = 0xe
+	F_DUPFD                       = 0x0
+	F_GETFD                       = 0x1
+	F_GETFL                       = 0x3
+	F_GETLK                       = 0xb
+	F_GETLK64                     = 0xb
+	F_GETOWN                      = 0x8
+	F_LOCK                        = 0x1
+	F_OK                          = 0x0
+	F_RDLCK                       = 0x1
+	F_SETFD                       = 0x2
+	F_SETFL                       = 0x4
+	F_SETLK                       = 0xc
+	F_SETLK64                     = 0xc
+	F_SETLKW                      = 0xd
+	F_SETLKW64                    = 0xd
+	F_SETOWN                      = 0x9
+	F_TEST                        = 0x3
+	F_TLOCK                       = 0x2
+	F_TSTLK                       = 0xf
+	F_ULOCK                       = 0x0
+	F_UNLCK                       = 0x3
+	F_WRLCK                       = 0x2
+	HUPCL                         = 0x400
+	IBSHIFT                       = 0x10
+	ICANON                        = 0x2
+	ICMP6_FILTER                  = 0x26
+	ICMP6_SEC_SEND_DEL            = 0x46
+	ICMP6_SEC_SEND_GET            = 0x47
+	ICMP6_SEC_SEND_SET            = 0x44
+	ICMP6_SEC_SEND_SET_CGA_ADDR   = 0x45
+	ICRNL                         = 0x100
+	IEXTEN                        = 0x200000
+	IFA_FIRSTALIAS                = 0x2000
+	IFA_ROUTE                     = 0x1
+	IFF_64BIT                     = 0x4000000
+	IFF_ALLCAST                   = 0x20000
+	IFF_ALLMULTI                  = 0x200
+	IFF_BPF                       = 0x8000000
+	IFF_BRIDGE                    = 0x40000
+	IFF_BROADCAST                 = 0x2
+	IFF_CANTCHANGE                = 0x80c52
+	IFF_CHECKSUM_OFFLOAD          = 0x10000000
+	IFF_D1                        = 0x8000
+	IFF_D2                        = 0x4000
+	IFF_D3                        = 0x2000
+	IFF_D4                        = 0x1000
+	IFF_DEBUG                     = 0x4
+	IFF_DEVHEALTH                 = 0x4000
+	IFF_DO_HW_LOOPBACK            = 0x10000
+	IFF_GROUP_ROUTING             = 0x2000000
+	IFF_IFBUFMGT                  = 0x800000
+	IFF_LINK0                     = 0x100000
+	IFF_LINK1                     = 0x200000
+	IFF_LINK2                     = 0x400000
+	IFF_LOOPBACK                  = 0x8
+	IFF_MULTICAST                 = 0x80000
+	IFF_NOARP                     = 0x80
+	IFF_NOECHO                    = 0x800
+	IFF_NOTRAILERS                = 0x20
+	IFF_OACTIVE                   = 0x400
+	IFF_POINTOPOINT               = 0x10
+	IFF_PROMISC                   = 0x100
+	IFF_PSEG                      = 0x40000000
+	IFF_RUNNING                   = 0x40
+	IFF_SIMPLEX                   = 0x800
+	IFF_SNAP                      = 0x8000
+	IFF_TCP_DISABLE_CKSUM         = 0x20000000
+	IFF_TCP_NOCKSUM               = 0x1000000
+	IFF_UP                        = 0x1
+	IFF_VIPA                      = 0x80000000
+	IFNAMSIZ                      = 0x10
+	IFO_FLUSH                     = 0x1
+	IFT_1822                      = 0x2
+	IFT_AAL5                      = 0x31
+	IFT_ARCNET                    = 0x23
+	IFT_ARCNETPLUS                = 0x24
+	IFT_ATM                       = 0x25
+	IFT_CEPT                      = 0x13
+	IFT_CLUSTER                   = 0x3e
+	IFT_DS3                       = 0x1e
+	IFT_EON                       = 0x19
+	IFT_ETHER                     = 0x6
+	IFT_FCS                       = 0x3a
+	IFT_FDDI                      = 0xf
+	IFT_FRELAY                    = 0x20
+	IFT_FRELAYDCE                 = 0x2c
+	IFT_GIFTUNNEL                 = 0x3c
+	IFT_HDH1822                   = 0x3
+	IFT_HF                        = 0x3d
+	IFT_HIPPI                     = 0x2f
+	IFT_HSSI                      = 0x2e
+	IFT_HY                        = 0xe
+	IFT_IB                        = 0xc7
+	IFT_ISDNBASIC                 = 0x14
+	IFT_ISDNPRIMARY               = 0x15
+	IFT_ISO88022LLC               = 0x29
+	IFT_ISO88023                  = 0x7
+	IFT_ISO88024                  = 0x8
+	IFT_ISO88025                  = 0x9
+	IFT_ISO88026                  = 0xa
+	IFT_LAPB                      = 0x10
+	IFT_LOCALTALK                 = 0x2a
+	IFT_LOOP                      = 0x18
+	IFT_MIOX25                    = 0x26
+	IFT_MODEM                     = 0x30
+	IFT_NSIP                      = 0x1b
+	IFT_OTHER                     = 0x1
+	IFT_P10                       = 0xc
+	IFT_P80                       = 0xd
+	IFT_PARA                      = 0x22
+	IFT_PPP                       = 0x17
+	IFT_PROPMUX                   = 0x36
+	IFT_PROPVIRTUAL               = 0x35
+	IFT_PTPSERIAL                 = 0x16
+	IFT_RS232                     = 0x21
+	IFT_SDLC                      = 0x11
+	IFT_SIP                       = 0x1f
+	IFT_SLIP                      = 0x1c
+	IFT_SMDSDXI                   = 0x2b
+	IFT_SMDSICIP                  = 0x34
+	IFT_SN                        = 0x38
+	IFT_SONET                     = 0x27
+	IFT_SONETPATH                 = 0x32
+	IFT_SONETVT                   = 0x33
+	IFT_SP                        = 0x39
+	IFT_STARLAN                   = 0xb
+	IFT_T1                        = 0x12
+	IFT_TUNNEL                    = 0x3b
+	IFT_ULTRA                     = 0x1d
+	IFT_V35                       = 0x2d
+	IFT_VIPA                      = 0x37
+	IFT_X25                       = 0x5
+	IFT_X25DDN                    = 0x4
+	IFT_X25PLE                    = 0x28
+	IFT_XETHER                    = 0x1a
+	IGNBRK                        = 0x1
+	IGNCR                         = 0x80
+	IGNPAR                        = 0x4
+	IMAXBEL                       = 0x10000
+	INLCR                         = 0x40
+	INPCK                         = 0x10
+	IN_CLASSA_HOST                = 0xffffff
+	IN_CLASSA_MAX                 = 0x80
+	IN_CLASSA_NET                 = 0xff000000
+	IN_CLASSA_NSHIFT              = 0x18
+	IN_CLASSB_HOST                = 0xffff
+	IN_CLASSB_MAX                 = 0x10000
+	IN_CLASSB_NET                 = 0xffff0000
+	IN_CLASSB_NSHIFT              = 0x10
+	IN_CLASSC_HOST                = 0xff
+	IN_CLASSC_NET                 = 0xffffff00
+	IN_CLASSC_NSHIFT              = 0x8
+	IN_CLASSD_HOST                = 0xfffffff
+	IN_CLASSD_NET                 = 0xf0000000
+	IN_CLASSD_NSHIFT              = 0x1c
+	IN_LOOPBACKNET                = 0x7f
+	IN_USE                        = 0x1
+	IPPROTO_AH                    = 0x33
+	IPPROTO_BIP                   = 0x53
+	IPPROTO_DSTOPTS               = 0x3c
+	IPPROTO_EGP                   = 0x8
+	IPPROTO_EON                   = 0x50
+	IPPROTO_ESP                   = 0x32
+	IPPROTO_FRAGMENT              = 0x2c
+	IPPROTO_GGP                   = 0x3
+	IPPROTO_GIF                   = 0x8c
+	IPPROTO_GRE                   = 0x2f
+	IPPROTO_HOPOPTS               = 0x0
+	IPPROTO_ICMP                  = 0x1
+	IPPROTO_ICMPV6                = 0x3a
+	IPPROTO_IDP                   = 0x16
+	IPPROTO_IGMP                  = 0x2
+	IPPROTO_IP                    = 0x0
+	IPPROTO_IPIP                  = 0x4
+	IPPROTO_IPV6                  = 0x29
+	IPPROTO_LOCAL                 = 0x3f
+	IPPROTO_MAX                   = 0x100
+	IPPROTO_MH                    = 0x87
+	IPPROTO_NONE                  = 0x3b
+	IPPROTO_PUP                   = 0xc
+	IPPROTO_QOS                   = 0x2d
+	IPPROTO_RAW                   = 0xff
+	IPPROTO_ROUTING               = 0x2b
+	IPPROTO_RSVP                  = 0x2e
+	IPPROTO_SCTP                  = 0x84
+	IPPROTO_TCP                   = 0x6
+	IPPROTO_TP                    = 0x1d
+	IPPROTO_UDP                   = 0x11
+	IPV6_ADDRFORM                 = 0x16
+	IPV6_ADDR_PREFERENCES         = 0x4a
+	IPV6_ADD_MEMBERSHIP           = 0xc
+	IPV6_AIXRAWSOCKET             = 0x39
+	IPV6_CHECKSUM                 = 0x27
+	IPV6_DONTFRAG                 = 0x2d
+	IPV6_DROP_MEMBERSHIP          = 0xd
+	IPV6_DSTOPTS                  = 0x36
+	IPV6_FLOWINFO_FLOWLABEL       = 0xffffff
+	IPV6_FLOWINFO_PRIFLOW         = 0xfffffff
+	IPV6_FLOWINFO_PRIORITY        = 0xf000000
+	IPV6_FLOWINFO_SRFLAG          = 0x10000000
+	IPV6_FLOWINFO_VERSION         = 0xf0000000
+	IPV6_HOPLIMIT                 = 0x28
+	IPV6_HOPOPTS                  = 0x34
+	IPV6_JOIN_GROUP               = 0xc
+	IPV6_LEAVE_GROUP              = 0xd
+	IPV6_MIPDSTOPTS               = 0x36
+	IPV6_MULTICAST_HOPS           = 0xa
+	IPV6_MULTICAST_IF             = 0x9
+	IPV6_MULTICAST_LOOP           = 0xb
+	IPV6_NEXTHOP                  = 0x30
+	IPV6_NOPROBE                  = 0x1c
+	IPV6_PATHMTU                  = 0x2e
+	IPV6_PKTINFO                  = 0x21
+	IPV6_PKTOPTIONS               = 0x24
+	IPV6_PRIORITY_10              = 0xa000000
+	IPV6_PRIORITY_11              = 0xb000000
+	IPV6_PRIORITY_12              = 0xc000000
+	IPV6_PRIORITY_13              = 0xd000000
+	IPV6_PRIORITY_14              = 0xe000000
+	IPV6_PRIORITY_15              = 0xf000000
+	IPV6_PRIORITY_8               = 0x8000000
+	IPV6_PRIORITY_9               = 0x9000000
+	IPV6_PRIORITY_BULK            = 0x4000000
+	IPV6_PRIORITY_CONTROL         = 0x7000000
+	IPV6_PRIORITY_FILLER          = 0x1000000
+	IPV6_PRIORITY_INTERACTIVE     = 0x6000000
+	IPV6_PRIORITY_RESERVED1       = 0x3000000
+	IPV6_PRIORITY_RESERVED2       = 0x5000000
+	IPV6_PRIORITY_UNATTENDED      = 0x2000000
+	IPV6_PRIORITY_UNCHARACTERIZED = 0x0
+	IPV6_RECVDSTOPTS              = 0x38
+	IPV6_RECVHOPLIMIT             = 0x29
+	IPV6_RECVHOPOPTS              = 0x35
+	IPV6_RECVHOPS                 = 0x22
+	IPV6_RECVIF                   = 0x1e
+	IPV6_RECVPATHMTU              = 0x2f
+	IPV6_RECVPKTINFO              = 0x23
+	IPV6_RECVRTHDR                = 0x33
+	IPV6_RECVSRCRT                = 0x1d
+	IPV6_RECVTCLASS               = 0x2a
+	IPV6_RTHDR                    = 0x32
+	IPV6_RTHDRDSTOPTS             = 0x37
+	IPV6_RTHDR_TYPE_0             = 0x0
+	IPV6_RTHDR_TYPE_2             = 0x2
+	IPV6_SENDIF                   = 0x1f
+	IPV6_SRFLAG_LOOSE             = 0x0
+	IPV6_SRFLAG_STRICT            = 0x10000000
+	IPV6_TCLASS                   = 0x2b
+	IPV6_TOKEN_LENGTH             = 0x40
+	IPV6_UNICAST_HOPS             = 0x4
+	IPV6_USE_MIN_MTU              = 0x2c
+	IPV6_V6ONLY                   = 0x25
+	IPV6_VERSION                  = 0x60000000
+	IP_ADDRFORM                   = 0x16
+	IP_ADD_MEMBERSHIP             = 0xc
+	IP_ADD_SOURCE_MEMBERSHIP      = 0x3c
+	IP_BLOCK_SOURCE               = 0x3a
+	IP_BROADCAST_IF               = 0x10
+	IP_CACHE_LINE_SIZE            = 0x80
+	IP_DEFAULT_MULTICAST_LOOP     = 0x1
+	IP_DEFAULT_MULTICAST_TTL      = 0x1
+	IP_DF                         = 0x4000
+	IP_DHCPMODE                   = 0x11
+	IP_DONTFRAG                   = 0x19
+	IP_DROP_MEMBERSHIP            = 0xd
+	IP_DROP_SOURCE_MEMBERSHIP     = 0x3d
+	IP_FINDPMTU                   = 0x1a
+	IP_HDRINCL                    = 0x2
+	IP_INC_MEMBERSHIPS            = 0x14
+	IP_INIT_MEMBERSHIP            = 0x14
+	IP_MAXPACKET                  = 0xffff
+	IP_MF                         = 0x2000
+	IP_MSS                        = 0x240
+	IP_MULTICAST_HOPS             = 0xa
+	IP_MULTICAST_IF               = 0x9
+	IP_MULTICAST_LOOP             = 0xb
+	IP_MULTICAST_TTL              = 0xa
+	IP_OPT                        = 0x1b
+	IP_OPTIONS                    = 0x1
+	IP_PMTUAGE                    = 0x1b
+	IP_RECVDSTADDR                = 0x7
+	IP_RECVIF                     = 0x14
+	IP_RECVIFINFO                 = 0xf
+	IP_RECVINTERFACE              = 0x20
+	IP_RECVMACHDR                 = 0xe
+	IP_RECVOPTS                   = 0x5
+	IP_RECVRETOPTS                = 0x6
+	IP_RECVTTL                    = 0x22
+	IP_RETOPTS                    = 0x8
+	IP_SOURCE_FILTER              = 0x48
+	IP_TOS                        = 0x3
+	IP_TTL                        = 0x4
+	IP_UNBLOCK_SOURCE             = 0x3b
+	IP_UNICAST_HOPS               = 0x4
+	ISIG                          = 0x1
+	ISTRIP                        = 0x20
+	IUCLC                         = 0x800
+	IXANY                         = 0x1000
+	IXOFF                         = 0x400
+	IXON                          = 0x200
+	I_FLUSH                       = 0x20005305
+	LNOFLSH                       = 0x8000
+	LOCK_EX                       = 0x2
+	LOCK_NB                       = 0x4
+	LOCK_SH                       = 0x1
+	LOCK_UN                       = 0x8
+	MADV_DONTNEED                 = 0x4
+	MADV_NORMAL                   = 0x0
+	MADV_RANDOM                   = 0x1
+	MADV_SEQUENTIAL               = 0x2
+	MADV_SPACEAVAIL               = 0x5
+	MADV_WILLNEED                 = 0x3
+	MAP_ANON                      = 0x10
+	MAP_ANONYMOUS                 = 0x10
+	MAP_FILE                      = 0x0
+	MAP_FIXED                     = 0x100
+	MAP_PRIVATE                   = 0x2
+	MAP_SHARED                    = 0x1
+	MAP_TYPE                      = 0xf0
+	MAP_VARIABLE                  = 0x0
+	MCAST_BLOCK_SOURCE            = 0x40
+	MCAST_EXCLUDE                 = 0x2
+	MCAST_INCLUDE                 = 0x1
+	MCAST_JOIN_GROUP              = 0x3e
+	MCAST_JOIN_SOURCE_GROUP       = 0x42
+	MCAST_LEAVE_GROUP             = 0x3f
+	MCAST_LEAVE_SOURCE_GROUP      = 0x43
+	MCAST_SOURCE_FILTER           = 0x49
+	MCAST_UNBLOCK_SOURCE          = 0x41
+	MCL_CURRENT                   = 0x100
+	MCL_FUTURE                    = 0x200
+	MSG_ANY                       = 0x4
+	MSG_ARGEXT                    = 0x400
+	MSG_BAND                      = 0x2
+	MSG_COMPAT                    = 0x8000
+	MSG_CTRUNC                    = 0x20
+	MSG_DONTROUTE                 = 0x4
+	MSG_EOR                       = 0x8
+	MSG_HIPRI                     = 0x1
+	MSG_MAXIOVLEN                 = 0x10
+	MSG_MPEG2                     = 0x80
+	MSG_NONBLOCK                  = 0x4000
+	MSG_NOSIGNAL                  = 0x100
+	MSG_OOB                       = 0x1
+	MSG_PEEK                      = 0x2
+	MSG_TRUNC                     = 0x10
+	MSG_WAITALL                   = 0x40
+	MSG_WAITFORONE                = 0x200
+	MS_ASYNC                      = 0x10
+	MS_EINTR                      = 0x80
+	MS_INVALIDATE                 = 0x40
+	MS_PER_SEC                    = 0x3e8
+	MS_SYNC                       = 0x20
+	NFDBITS                       = 0x40
+	NL0                           = 0x0
+	NL1                           = 0x4000
+	NL2                           = 0x8000
+	NL3                           = 0xc000
+	NLDLY                         = 0x4000
+	NOFLSH                        = 0x80
+	NOFLUSH                       = 0x80000000
+	OCRNL                         = 0x8
+	OFDEL                         = 0x80
+	OFILL                         = 0x40
+	OLCUC                         = 0x2
+	ONLCR                         = 0x4
+	ONLRET                        = 0x20
+	ONOCR                         = 0x10
+	ONOEOT                        = 0x80000
+	OPOST                         = 0x1
+	OXTABS                        = 0x40000
+	O_ACCMODE                     = 0x23
+	O_APPEND                      = 0x8
+	O_CIO                         = 0x80
+	O_CIOR                        = 0x800000000
+	O_CLOEXEC                     = 0x800000
+	O_CREAT                       = 0x100
+	O_DEFER                       = 0x2000
+	O_DELAY                       = 0x4000
+	O_DIRECT                      = 0x8000000
+	O_DIRECTORY                   = 0x80000
+	O_DSYNC                       = 0x400000
+	O_EFSOFF                      = 0x400000000
+	O_EFSON                       = 0x200000000
+	O_EXCL                        = 0x400
+	O_EXEC                        = 0x20
+	O_LARGEFILE                   = 0x4000000
+	O_NDELAY                      = 0x8000
+	O_NOCACHE                     = 0x100000
+	O_NOCTTY                      = 0x800
+	O_NOFOLLOW                    = 0x1000000
+	O_NONBLOCK                    = 0x4
+	O_NONE                        = 0x3
+	O_NSHARE                      = 0x10000
+	O_RAW                         = 0x100000000
+	O_RDONLY                      = 0x0
+	O_RDWR                        = 0x2
+	O_RSHARE                      = 0x1000
+	O_RSYNC                       = 0x200000
+	O_SEARCH                      = 0x20
+	O_SNAPSHOT                    = 0x40
+	O_SYNC                        = 0x10
+	O_TRUNC                       = 0x200
+	O_TTY_INIT                    = 0x0
+	O_WRONLY                      = 0x1
+	PARENB                        = 0x100
+	PAREXT                        = 0x100000
+	PARMRK                        = 0x8
+	PARODD                        = 0x200
+	PENDIN                        = 0x20000000
+	PRIO_PGRP                     = 0x1
+	PRIO_PROCESS                  = 0x0
+	PRIO_USER                     = 0x2
+	PROT_EXEC                     = 0x4
+	PROT_NONE                     = 0x0
+	PROT_READ                     = 0x1
+	PROT_WRITE                    = 0x2
+	PR_64BIT                      = 0x20
+	PR_ADDR                       = 0x2
+	PR_ARGEXT                     = 0x400
+	PR_ATOMIC                     = 0x1
+	PR_CONNREQUIRED               = 0x4
+	PR_FASTHZ                     = 0x5
+	PR_INP                        = 0x40
+	PR_INTRLEVEL                  = 0x8000
+	PR_MLS                        = 0x100
+	PR_MLS_1_LABEL                = 0x200
+	PR_NOEOR                      = 0x4000
+	PR_RIGHTS                     = 0x10
+	PR_SLOWHZ                     = 0x2
+	PR_WANTRCVD                   = 0x8
+	RLIMIT_AS                     = 0x6
+	RLIMIT_CORE                   = 0x4
+	RLIMIT_CPU                    = 0x0
+	RLIMIT_DATA                   = 0x2
+	RLIMIT_FSIZE                  = 0x1
+	RLIMIT_NOFILE                 = 0x7
+	RLIMIT_NPROC                  = 0x9
+	RLIMIT_RSS                    = 0x5
+	RLIMIT_STACK                  = 0x3
+	RLIM_INFINITY                 = 0x7fffffffffffffff
+	RTAX_AUTHOR                   = 0x6
+	RTAX_BRD                      = 0x7
+	RTAX_DST                      = 0x0
+	RTAX_GATEWAY                  = 0x1
+	RTAX_GENMASK                  = 0x3
+	RTAX_IFA                      = 0x5
+	RTAX_IFP                      = 0x4
+	RTAX_MAX                      = 0x8
+	RTAX_NETMASK                  = 0x2
+	RTA_AUTHOR                    = 0x40
+	RTA_BRD                       = 0x80
+	RTA_DOWNSTREAM                = 0x100
+	RTA_DST                       = 0x1
+	RTA_GATEWAY                   = 0x2
+	RTA_GENMASK                   = 0x8
+	RTA_IFA                       = 0x20
+	RTA_IFP                       = 0x10
+	RTA_NETMASK                   = 0x4
+	RTC_IA64                      = 0x3
+	RTC_POWER                     = 0x1
+	RTC_POWER_PC                  = 0x2
+	RTF_ACTIVE_DGD                = 0x1000000
+	RTF_BCE                       = 0x80000
+	RTF_BLACKHOLE                 = 0x1000
+	RTF_BROADCAST                 = 0x400000
+	RTF_BUL                       = 0x2000
+	RTF_CLONE                     = 0x10000
+	RTF_CLONED                    = 0x20000
+	RTF_CLONING                   = 0x100
+	RTF_DONE                      = 0x40
+	RTF_DYNAMIC                   = 0x10
+	RTF_FREE_IN_PROG              = 0x4000000
+	RTF_GATEWAY                   = 0x2
+	RTF_HOST                      = 0x4
+	RTF_LLINFO                    = 0x400
+	RTF_LOCAL                     = 0x200000
+	RTF_MASK                      = 0x80
+	RTF_MODIFIED                  = 0x20
+	RTF_MULTICAST                 = 0x800000
+	RTF_PERMANENT6                = 0x8000000
+	RTF_PINNED                    = 0x100000
+	RTF_PROTO1                    = 0x8000
+	RTF_PROTO2                    = 0x4000
+	RTF_PROTO3                    = 0x40000
+	RTF_REJECT                    = 0x8
+	RTF_SMALLMTU                  = 0x40000
+	RTF_STATIC                    = 0x800
+	RTF_STOPSRCH                  = 0x2000000
+	RTF_UNREACHABLE               = 0x10000000
+	RTF_UP                        = 0x1
+	RTF_XRESOLVE                  = 0x200
+	RTM_ADD                       = 0x1
+	RTM_CHANGE                    = 0x3
+	RTM_DELADDR                   = 0xd
+	RTM_DELETE                    = 0x2
+	RTM_EXPIRE                    = 0xf
+	RTM_GET                       = 0x4
+	RTM_GETNEXT                   = 0x11
+	RTM_IFINFO                    = 0xe
+	RTM_LOCK                      = 0x8
+	RTM_LOSING                    = 0x5
+	RTM_MISS                      = 0x7
+	RTM_NEWADDR                   = 0xc
+	RTM_OLDADD                    = 0x9
+	RTM_OLDDEL                    = 0xa
+	RTM_REDIRECT                  = 0x6
+	RTM_RESOLVE                   = 0xb
+	RTM_RTLOST                    = 0x10
+	RTM_RTTUNIT                   = 0xf4240
+	RTM_SAMEADDR                  = 0x12
+	RTM_SET                       = 0x13
+	RTM_VERSION                   = 0x2
+	RTM_VERSION_GR                = 0x4
+	RTM_VERSION_GR_COMPAT         = 0x3
+	RTM_VERSION_POLICY            = 0x5
+	RTM_VERSION_POLICY_EXT        = 0x6
+	RTM_VERSION_POLICY_PRFN       = 0x7
+	RTV_EXPIRE                    = 0x4
+	RTV_HOPCOUNT                  = 0x2
+	RTV_MTU                       = 0x1
+	RTV_RPIPE                     = 0x8
+	RTV_RTT                       = 0x40
+	RTV_RTTVAR                    = 0x80
+	RTV_SPIPE                     = 0x10
+	RTV_SSTHRESH                  = 0x20
+	RUSAGE_CHILDREN               = -0x1
+	RUSAGE_SELF                   = 0x0
+	RUSAGE_THREAD                 = 0x1
+	SCM_RIGHTS                    = 0x1
+	SHUT_RD                       = 0x0
+	SHUT_RDWR                     = 0x2
+	SHUT_WR                       = 0x1
+	SIGMAX64                      = 0xff
+	SIGQUEUE_MAX                  = 0x20
+	SIOCADDIFVIPA                 = 0x20006942
+	SIOCADDMTU                    = -0x7ffb9690
+	SIOCADDMULTI                  = -0x7fdf96cf
+	SIOCADDNETID                  = -0x7fd796a9
+	SIOCADDRT                     = -0x7fc78df6
+	SIOCAIFADDR                   = -0x7fbf96e6
+	SIOCATMARK                    = 0x40047307
+	SIOCDARP                      = -0x7fb396e0
+	SIOCDELIFVIPA                 = 0x20006943
+	SIOCDELMTU                    = -0x7ffb968f
+	SIOCDELMULTI                  = -0x7fdf96ce
+	SIOCDELPMTU                   = -0x7fd78ff6
+	SIOCDELRT                     = -0x7fc78df5
+	SIOCDIFADDR                   = -0x7fd796e7
+	SIOCDNETOPT                   = -0x3ffe9680
+	SIOCDX25XLATE                 = -0x7fd7969b
+	SIOCFIFADDR                   = -0x7fdf966d
+	SIOCGARP                      = -0x3fb396da
+	SIOCGETMTUS                   = 0x2000696f
+	SIOCGETSGCNT                  = -0x3feb8acc
+	SIOCGETVIFCNT                 = -0x3feb8acd
+	SIOCGHIWAT                    = 0x40047301
+	SIOCGIFADDR                   = -0x3fd796df
+	SIOCGIFADDRS                  = 0x2000698c
+	SIOCGIFBAUDRATE               = -0x3fdf9669
+	SIOCGIFBRDADDR                = -0x3fd796dd
+	SIOCGIFCONF                   = -0x3fef96bb
+	SIOCGIFCONFGLOB               = -0x3fef9670
+	SIOCGIFDSTADDR                = -0x3fd796de
+	SIOCGIFFLAGS                  = -0x3fd796ef
+	SIOCGIFGIDLIST                = 0x20006968
+	SIOCGIFHWADDR                 = -0x3fab966b
+	SIOCGIFMETRIC                 = -0x3fd796e9
+	SIOCGIFMTU                    = -0x3fd796aa
+	SIOCGIFNETMASK                = -0x3fd796db
+	SIOCGIFOPTIONS                = -0x3fd796d6
+	SIOCGISNO                     = -0x3fd79695
+	SIOCGLOADF                    = -0x3ffb967e
+	SIOCGLOWAT                    = 0x40047303
+	SIOCGNETOPT                   = -0x3ffe96a5
+	SIOCGNETOPT1                  = -0x3fdf967f
+	SIOCGNMTUS                    = 0x2000696e
+	SIOCGPGRP                     = 0x40047309
+	SIOCGSIZIFCONF                = 0x4004696a
+	SIOCGSRCFILTER                = -0x3fe796cb
+	SIOCGTUNEPHASE                = -0x3ffb9676
+	SIOCGX25XLATE                 = -0x3fd7969c
+	SIOCIFATTACH                  = -0x7fdf9699
+	SIOCIFDETACH                  = -0x7fdf969a
+	SIOCIFGETPKEY                 = -0x7fdf969b
+	SIOCIF_ATM_DARP               = -0x7fdf9683
+	SIOCIF_ATM_DUMPARP            = -0x7fdf9685
+	SIOCIF_ATM_GARP               = -0x7fdf9682
+	SIOCIF_ATM_IDLE               = -0x7fdf9686
+	SIOCIF_ATM_SARP               = -0x7fdf9681
+	SIOCIF_ATM_SNMPARP            = -0x7fdf9687
+	SIOCIF_ATM_SVC                = -0x7fdf9684
+	SIOCIF_ATM_UBR                = -0x7fdf9688
+	SIOCIF_DEVHEALTH              = -0x7ffb966c
+	SIOCIF_IB_ARP_INCOMP          = -0x7fdf9677
+	SIOCIF_IB_ARP_TIMER           = -0x7fdf9678
+	SIOCIF_IB_CLEAR_PINFO         = -0x3fdf966f
+	SIOCIF_IB_DEL_ARP             = -0x7fdf967f
+	SIOCIF_IB_DEL_PINFO           = -0x3fdf9670
+	SIOCIF_IB_DUMP_ARP            = -0x7fdf9680
+	SIOCIF_IB_GET_ARP             = -0x7fdf967e
+	SIOCIF_IB_GET_INFO            = -0x3f879675
+	SIOCIF_IB_GET_STATS           = -0x3f879672
+	SIOCIF_IB_NOTIFY_ADDR_REM     = -0x3f87966a
+	SIOCIF_IB_RESET_STATS         = -0x3f879671
+	SIOCIF_IB_RESIZE_CQ           = -0x7fdf9679
+	SIOCIF_IB_SET_ARP             = -0x7fdf967d
+	SIOCIF_IB_SET_PKEY            = -0x7fdf967c
+	SIOCIF_IB_SET_PORT            = -0x7fdf967b
+	SIOCIF_IB_SET_QKEY            = -0x7fdf9676
+	SIOCIF_IB_SET_QSIZE           = -0x7fdf967a
+	SIOCLISTIFVIPA                = 0x20006944
+	SIOCSARP                      = -0x7fb396e2
+	SIOCSHIWAT                    = 0xffffffff80047300
+	SIOCSIFADDR                   = -0x7fd796f4
+	SIOCSIFADDRORI                = -0x7fdb9673
+	SIOCSIFBRDADDR                = -0x7fd796ed
+	SIOCSIFDSTADDR                = -0x7fd796f2
+	SIOCSIFFLAGS                  = -0x7fd796f0
+	SIOCSIFGIDLIST                = 0x20006969
+	SIOCSIFMETRIC                 = -0x7fd796e8
+	SIOCSIFMTU                    = -0x7fd796a8
+	SIOCSIFNETDUMP                = -0x7fd796e4
+	SIOCSIFNETMASK                = -0x7fd796ea
+	SIOCSIFOPTIONS                = -0x7fd796d7
+	SIOCSIFSUBCHAN                = -0x7fd796e5
+	SIOCSISNO                     = -0x7fd79694
+	SIOCSLOADF                    = -0x3ffb967d
+	SIOCSLOWAT                    = 0xffffffff80047302
+	SIOCSNETOPT                   = -0x7ffe96a6
+	SIOCSPGRP                     = 0xffffffff80047308
+	SIOCSX25XLATE                 = -0x7fd7969d
+	SOCK_CONN_DGRAM               = 0x6
+	SOCK_DGRAM                    = 0x2
+	SOCK_RAW                      = 0x3
+	SOCK_RDM                      = 0x4
+	SOCK_SEQPACKET                = 0x5
+	SOCK_STREAM                   = 0x1
+	SOL_SOCKET                    = 0xffff
+	SOMAXCONN                     = 0x400
+	SO_ACCEPTCONN                 = 0x2
+	SO_AUDIT                      = 0x8000
+	SO_BROADCAST                  = 0x20
+	SO_CKSUMRECV                  = 0x800
+	SO_DEBUG                      = 0x1
+	SO_DONTROUTE                  = 0x10
+	SO_ERROR                      = 0x1007
+	SO_KEEPALIVE                  = 0x8
+	SO_KERNACCEPT                 = 0x2000
+	SO_LINGER                     = 0x80
+	SO_NOMULTIPATH                = 0x4000
+	SO_NOREUSEADDR                = 0x1000
+	SO_OOBINLINE                  = 0x100
+	SO_PEERID                     = 0x1009
+	SO_RCVBUF                     = 0x1002
+	SO_RCVLOWAT                   = 0x1004
+	SO_RCVTIMEO                   = 0x1006
+	SO_REUSEADDR                  = 0x4
+	SO_REUSEPORT                  = 0x200
+	SO_SNDBUF                     = 0x1001
+	SO_SNDLOWAT                   = 0x1003
+	SO_SNDTIMEO                   = 0x1005
+	SO_TIMESTAMPNS                = 0x100a
+	SO_TYPE                       = 0x1008
+	SO_USELOOPBACK                = 0x40
+	SO_USE_IFBUFS                 = 0x400
+	S_BANDURG                     = 0x400
+	S_EMODFMT                     = 0x3c000000
+	S_ENFMT                       = 0x400
+	S_ERROR                       = 0x100
+	S_HANGUP                      = 0x200
+	S_HIPRI                       = 0x2
+	S_ICRYPTO                     = 0x80000
+	S_IEXEC                       = 0x40
+	S_IFBLK                       = 0x6000
+	S_IFCHR                       = 0x2000
+	S_IFDIR                       = 0x4000
+	S_IFIFO                       = 0x1000
+	S_IFJOURNAL                   = 0x10000
+	S_IFLNK                       = 0xa000
+	S_IFMPX                       = 0x2200
+	S_IFMT                        = 0xf000
+	S_IFPDIR                      = 0x4000000
+	S_IFPSDIR                     = 0x8000000
+	S_IFPSSDIR                    = 0xc000000
+	S_IFREG                       = 0x8000
+	S_IFSOCK                      = 0xc000
+	S_IFSYSEA                     = 0x30000000
+	S_INPUT                       = 0x1
+	S_IREAD                       = 0x100
+	S_IRGRP                       = 0x20
+	S_IROTH                       = 0x4
+	S_IRUSR                       = 0x100
+	S_IRWXG                       = 0x38
+	S_IRWXO                       = 0x7
+	S_IRWXU                       = 0x1c0
+	S_ISGID                       = 0x400
+	S_ISUID                       = 0x800
+	S_ISVTX                       = 0x200
+	S_ITCB                        = 0x1000000
+	S_ITP                         = 0x800000
+	S_IWGRP                       = 0x10
+	S_IWOTH                       = 0x2
+	S_IWRITE                      = 0x80
+	S_IWUSR                       = 0x80
+	S_IXACL                       = 0x2000000
+	S_IXATTR                      = 0x40000
+	S_IXGRP                       = 0x8
+	S_IXINTERFACE                 = 0x100000
+	S_IXMOD                       = 0x40000000
+	S_IXOTH                       = 0x1
+	S_IXUSR                       = 0x40
+	S_MSG                         = 0x8
+	S_OUTPUT                      = 0x4
+	S_RDBAND                      = 0x20
+	S_RDNORM                      = 0x10
+	S_RESERVED1                   = 0x20000
+	S_RESERVED2                   = 0x200000
+	S_RESERVED3                   = 0x400000
+	S_RESERVED4                   = 0x80000000
+	S_RESFMT1                     = 0x10000000
+	S_RESFMT10                    = 0x34000000
+	S_RESFMT11                    = 0x38000000
+	S_RESFMT12                    = 0x3c000000
+	S_RESFMT2                     = 0x14000000
+	S_RESFMT3                     = 0x18000000
+	S_RESFMT4                     = 0x1c000000
+	S_RESFMT5                     = 0x20000000
+	S_RESFMT6                     = 0x24000000
+	S_RESFMT7                     = 0x28000000
+	S_RESFMT8                     = 0x2c000000
+	S_WRBAND                      = 0x80
+	S_WRNORM                      = 0x40
+	TAB0                          = 0x0
+	TAB1                          = 0x400
+	TAB2                          = 0x800
+	TAB3                          = 0xc00
+	TABDLY                        = 0xc00
+	TCFLSH                        = 0x540c
+	TCGETA                        = 0x5405
+	TCGETS                        = 0x5401
+	TCIFLUSH                      = 0x0
+	TCIOFF                        = 0x2
+	TCIOFLUSH                     = 0x2
+	TCION                         = 0x3
+	TCOFLUSH                      = 0x1
+	TCOOFF                        = 0x0
+	TCOON                         = 0x1
+	TCP_24DAYS_WORTH_OF_SLOWTICKS = 0x3f4800
+	TCP_ACLADD                    = 0x23
+	TCP_ACLBIND                   = 0x26
+	TCP_ACLCLEAR                  = 0x22
+	TCP_ACLDEL                    = 0x24
+	TCP_ACLDENY                   = 0x8
+	TCP_ACLFLUSH                  = 0x21
+	TCP_ACLGID                    = 0x1
+	TCP_ACLLS                     = 0x25
+	TCP_ACLSUBNET                 = 0x4
+	TCP_ACLUID                    = 0x2
+	TCP_CWND_DF                   = 0x16
+	TCP_CWND_IF                   = 0x15
+	TCP_DELAY_ACK_FIN             = 0x2
+	TCP_DELAY_ACK_SYN             = 0x1
+	TCP_FASTNAME                  = 0x101080a
+	TCP_KEEPCNT                   = 0x13
+	TCP_KEEPIDLE                  = 0x11
+	TCP_KEEPINTVL                 = 0x12
+	TCP_LSPRIV                    = 0x29
+	TCP_LUID                      = 0x20
+	TCP_MAXBURST                  = 0x8
+	TCP_MAXDF                     = 0x64
+	TCP_MAXIF                     = 0x64
+	TCP_MAXSEG                    = 0x2
+	TCP_MAXWIN                    = 0xffff
+	TCP_MAXWINDOWSCALE            = 0xe
+	TCP_MAX_SACK                  = 0x4
+	TCP_MSS                       = 0x5b4
+	TCP_NODELAY                   = 0x1
+	TCP_NODELAYACK                = 0x14
+	TCP_NOREDUCE_CWND_EXIT_FRXMT  = 0x19
+	TCP_NOREDUCE_CWND_IN_FRXMT    = 0x18
+	TCP_NOTENTER_SSTART           = 0x17
+	TCP_OPT                       = 0x19
+	TCP_RFC1323                   = 0x4
+	TCP_SETPRIV                   = 0x27
+	TCP_STDURG                    = 0x10
+	TCP_TIMESTAMP_OPTLEN          = 0xc
+	TCP_UNSETPRIV                 = 0x28
+	TCSAFLUSH                     = 0x2
+	TCSBRK                        = 0x5409
+	TCSETA                        = 0x5406
+	TCSETAF                       = 0x5408
+	TCSETAW                       = 0x5407
+	TCSETS                        = 0x5402
+	TCSETSF                       = 0x5404
+	TCSETSW                       = 0x5403
+	TCXONC                        = 0x540b
+	TIMER_ABSTIME                 = 0x3e7
+	TIMER_MAX                     = 0x20
+	TIOC                          = 0x5400
+	TIOCCBRK                      = 0x2000747a
+	TIOCCDTR                      = 0x20007478
+	TIOCCONS                      = 0xffffffff80047462
+	TIOCEXCL                      = 0x2000740d
+	TIOCFLUSH                     = 0xffffffff80047410
+	TIOCGETC                      = 0x40067412
+	TIOCGETD                      = 0x40047400
+	TIOCGETP                      = 0x40067408
+	TIOCGLTC                      = 0x40067474
+	TIOCGPGRP                     = 0x40047477
+	TIOCGSID                      = 0x40047448
+	TIOCGSIZE                     = 0x40087468
+	TIOCGWINSZ                    = 0x40087468
+	TIOCHPCL                      = 0x20007402
+	TIOCLBIC                      = 0xffffffff8004747e
+	TIOCLBIS                      = 0xffffffff8004747f
+	TIOCLGET                      = 0x4004747c
+	TIOCLSET                      = 0xffffffff8004747d
+	TIOCMBIC                      = 0xffffffff8004746b
+	TIOCMBIS                      = 0xffffffff8004746c
+	TIOCMGET                      = 0x4004746a
+	TIOCMIWAIT                    = 0xffffffff80047464
+	TIOCMODG                      = 0x40047403
+	TIOCMODS                      = 0xffffffff80047404
+	TIOCMSET                      = 0xffffffff8004746d
+	TIOCM_CAR                     = 0x40
+	TIOCM_CD                      = 0x40
+	TIOCM_CTS                     = 0x20
+	TIOCM_DSR                     = 0x100
+	TIOCM_DTR                     = 0x2
+	TIOCM_LE                      = 0x1
+	TIOCM_RI                      = 0x80
+	TIOCM_RNG                     = 0x80
+	TIOCM_RTS                     = 0x4
+	TIOCM_SR                      = 0x10
+	TIOCM_ST                      = 0x8
+	TIOCNOTTY                     = 0x20007471
+	TIOCNXCL                      = 0x2000740e
+	TIOCOUTQ                      = 0x40047473
+	TIOCPKT                       = 0xffffffff80047470
+	TIOCPKT_DATA                  = 0x0
+	TIOCPKT_DOSTOP                = 0x20
+	TIOCPKT_FLUSHREAD             = 0x1
+	TIOCPKT_FLUSHWRITE            = 0x2
+	TIOCPKT_NOSTOP                = 0x10
+	TIOCPKT_START                 = 0x8
+	TIOCPKT_STOP                  = 0x4
+	TIOCREMOTE                    = 0xffffffff80047469
+	TIOCSBRK                      = 0x2000747b
+	TIOCSDTR                      = 0x20007479
+	TIOCSETC                      = 0xffffffff80067411
+	TIOCSETD                      = 0xffffffff80047401
+	TIOCSETN                      = 0xffffffff8006740a
+	TIOCSETP                      = 0xffffffff80067409
+	TIOCSLTC                      = 0xffffffff80067475
+	TIOCSPGRP                     = 0xffffffff80047476
+	TIOCSSIZE                     = 0xffffffff80087467
+	TIOCSTART                     = 0x2000746e
+	TIOCSTI                       = 0xffffffff80017472
+	TIOCSTOP                      = 0x2000746f
+	TIOCSWINSZ                    = 0xffffffff80087467
+	TIOCUCNTL                     = 0xffffffff80047466
+	TOSTOP                        = 0x10000
+	UTIME_NOW                     = -0x2
+	UTIME_OMIT                    = -0x3
+	VDISCRD                       = 0xc
+	VDSUSP                        = 0xa
+	VEOF                          = 0x4
+	VEOL                          = 0x5
+	VEOL2                         = 0x6
+	VERASE                        = 0x2
+	VINTR                         = 0x0
+	VKILL                         = 0x3
+	VLNEXT                        = 0xe
+	VMIN                          = 0x4
+	VQUIT                         = 0x1
+	VREPRINT                      = 0xb
+	VSTART                        = 0x7
+	VSTOP                         = 0x8
+	VSTRT                         = 0x7
+	VSUSP                         = 0x9
+	VT0                           = 0x0
+	VT1                           = 0x8000
+	VTDELAY                       = 0x2000
+	VTDLY                         = 0x8000
+	VTIME                         = 0x5
+	VWERSE                        = 0xd
+	WPARSTART                     = 0x1
+	WPARSTOP                      = 0x2
+	WPARTTYNAME                   = "Global"
+	XCASE                         = 0x4
+	XTABS                         = 0xc00
+	_FDATAFLUSH                   = 0x2000000000
+)
+
+// Errors
+const (
+	E2BIG           = syscall.Errno(0x7)
+	EACCES          = syscall.Errno(0xd)
+	EADDRINUSE      = syscall.Errno(0x43)
+	EADDRNOTAVAIL   = syscall.Errno(0x44)
+	EAFNOSUPPORT    = syscall.Errno(0x42)
+	EAGAIN          = syscall.Errno(0xb)
+	EALREADY        = syscall.Errno(0x38)
+	EBADF           = syscall.Errno(0x9)
+	EBADMSG         = syscall.Errno(0x78)
+	EBUSY           = syscall.Errno(0x10)
+	ECANCELED       = syscall.Errno(0x75)
+	ECHILD          = syscall.Errno(0xa)
+	ECHRNG          = syscall.Errno(0x25)
+	ECLONEME        = syscall.Errno(0x52)
+	ECONNABORTED    = syscall.Errno(0x48)
+	ECONNREFUSED    = syscall.Errno(0x4f)
+	ECONNRESET      = syscall.Errno(0x49)
+	ECORRUPT        = syscall.Errno(0x59)
+	EDEADLK         = syscall.Errno(0x2d)
+	EDESTADDREQ     = syscall.Errno(0x3a)
+	EDESTADDRREQ    = syscall.Errno(0x3a)
+	EDIST           = syscall.Errno(0x35)
+	EDOM            = syscall.Errno(0x21)
+	EDQUOT          = syscall.Errno(0x58)
+	EEXIST          = syscall.Errno(0x11)
+	EFAULT          = syscall.Errno(0xe)
+	EFBIG           = syscall.Errno(0x1b)
+	EFORMAT         = syscall.Errno(0x30)
+	EHOSTDOWN       = syscall.Errno(0x50)
+	EHOSTUNREACH    = syscall.Errno(0x51)
+	EIDRM           = syscall.Errno(0x24)
+	EILSEQ          = syscall.Errno(0x74)
+	EINPROGRESS     = syscall.Errno(0x37)
+	EINTR           = syscall.Errno(0x4)
+	EINVAL          = syscall.Errno(0x16)
+	EIO             = syscall.Errno(0x5)
+	EISCONN         = syscall.Errno(0x4b)
+	EISDIR          = syscall.Errno(0x15)
+	EL2HLT          = syscall.Errno(0x2c)
+	EL2NSYNC        = syscall.Errno(0x26)
+	EL3HLT          = syscall.Errno(0x27)
+	EL3RST          = syscall.Errno(0x28)
+	ELNRNG          = syscall.Errno(0x29)
+	ELOOP           = syscall.Errno(0x55)
+	EMEDIA          = syscall.Errno(0x6e)
+	EMFILE          = syscall.Errno(0x18)
+	EMLINK          = syscall.Errno(0x1f)
+	EMSGSIZE        = syscall.Errno(0x3b)
+	EMULTIHOP       = syscall.Errno(0x7d)
+	ENAMETOOLONG    = syscall.Errno(0x56)
+	ENETDOWN        = syscall.Errno(0x45)
+	ENETRESET       = syscall.Errno(0x47)
+	ENETUNREACH     = syscall.Errno(0x46)
+	ENFILE          = syscall.Errno(0x17)
+	ENOATTR         = syscall.Errno(0x70)
+	ENOBUFS         = syscall.Errno(0x4a)
+	ENOCONNECT      = syscall.Errno(0x32)
+	ENOCSI          = syscall.Errno(0x2b)
+	ENODATA         = syscall.Errno(0x7a)
+	ENODEV          = syscall.Errno(0x13)
+	ENOENT          = syscall.Errno(0x2)
+	ENOEXEC         = syscall.Errno(0x8)
+	ENOLCK          = syscall.Errno(0x31)
+	ENOLINK         = syscall.Errno(0x7e)
+	ENOMEM          = syscall.Errno(0xc)
+	ENOMSG          = syscall.Errno(0x23)
+	ENOPROTOOPT     = syscall.Errno(0x3d)
+	ENOSPC          = syscall.Errno(0x1c)
+	ENOSR           = syscall.Errno(0x76)
+	ENOSTR          = syscall.Errno(0x7b)
+	ENOSYS          = syscall.Errno(0x6d)
+	ENOTBLK         = syscall.Errno(0xf)
+	ENOTCONN        = syscall.Errno(0x4c)
+	ENOTDIR         = syscall.Errno(0x14)
+	ENOTEMPTY       = syscall.Errno(0x11)
+	ENOTREADY       = syscall.Errno(0x2e)
+	ENOTRECOVERABLE = syscall.Errno(0x5e)
+	ENOTRUST        = syscall.Errno(0x72)
+	ENOTSOCK        = syscall.Errno(0x39)
+	ENOTSUP         = syscall.Errno(0x7c)
+	ENOTTY          = syscall.Errno(0x19)
+	ENXIO           = syscall.Errno(0x6)
+	EOPNOTSUPP      = syscall.Errno(0x40)
+	EOVERFLOW       = syscall.Errno(0x7f)
+	EOWNERDEAD      = syscall.Errno(0x5f)
+	EPERM           = syscall.Errno(0x1)
+	EPFNOSUPPORT    = syscall.Errno(0x41)
+	EPIPE           = syscall.Errno(0x20)
+	EPROCLIM        = syscall.Errno(0x53)
+	EPROTO          = syscall.Errno(0x79)
+	EPROTONOSUPPORT = syscall.Errno(0x3e)
+	EPROTOTYPE      = syscall.Errno(0x3c)
+	ERANGE          = syscall.Errno(0x22)
+	EREMOTE         = syscall.Errno(0x5d)
+	ERESTART        = syscall.Errno(0x52)
+	EROFS           = syscall.Errno(0x1e)
+	ESAD            = syscall.Errno(0x71)
+	ESHUTDOWN       = syscall.Errno(0x4d)
+	ESOCKTNOSUPPORT = syscall.Errno(0x3f)
+	ESOFT           = syscall.Errno(0x6f)
+	ESPIPE          = syscall.Errno(0x1d)
+	ESRCH           = syscall.Errno(0x3)
+	ESTALE          = syscall.Errno(0x34)
+	ESYSERROR       = syscall.Errno(0x5a)
+	ETIME           = syscall.Errno(0x77)
+	ETIMEDOUT       = syscall.Errno(0x4e)
+	ETOOMANYREFS    = syscall.Errno(0x73)
+	ETXTBSY         = syscall.Errno(0x1a)
+	EUNATCH         = syscall.Errno(0x2a)
+	EUSERS          = syscall.Errno(0x54)
+	EWOULDBLOCK     = syscall.Errno(0xb)
+	EWRPROTECT      = syscall.Errno(0x2f)
+	EXDEV           = syscall.Errno(0x12)
+)
+
+// Signals
+const (
+	SIGABRT     = syscall.Signal(0x6)
+	SIGAIO      = syscall.Signal(0x17)
+	SIGALRM     = syscall.Signal(0xe)
+	SIGALRM1    = syscall.Signal(0x26)
+	SIGBUS      = syscall.Signal(0xa)
+	SIGCAPI     = syscall.Signal(0x31)
+	SIGCHLD     = syscall.Signal(0x14)
+	SIGCLD      = syscall.Signal(0x14)
+	SIGCONT     = syscall.Signal(0x13)
+	SIGCPUFAIL  = syscall.Signal(0x3b)
+	SIGDANGER   = syscall.Signal(0x21)
+	SIGEMT      = syscall.Signal(0x7)
+	SIGFPE      = syscall.Signal(0x8)
+	SIGGRANT    = syscall.Signal(0x3c)
+	SIGHUP      = syscall.Signal(0x1)
+	SIGILL      = syscall.Signal(0x4)
+	SIGINT      = syscall.Signal(0x2)
+	SIGIO       = syscall.Signal(0x17)
+	SIGIOINT    = syscall.Signal(0x10)
+	SIGIOT      = syscall.Signal(0x6)
+	SIGKAP      = syscall.Signal(0x3c)
+	SIGKILL     = syscall.Signal(0x9)
+	SIGLOST     = syscall.Signal(0x6)
+	SIGMAX      = syscall.Signal(0xff)
+	SIGMAX32    = syscall.Signal(0x3f)
+	SIGMIGRATE  = syscall.Signal(0x23)
+	SIGMSG      = syscall.Signal(0x1b)
+	SIGPIPE     = syscall.Signal(0xd)
+	SIGPOLL     = syscall.Signal(0x17)
+	SIGPRE      = syscall.Signal(0x24)
+	SIGPROF     = syscall.Signal(0x20)
+	SIGPTY      = syscall.Signal(0x17)
+	SIGPWR      = syscall.Signal(0x1d)
+	SIGQUIT     = syscall.Signal(0x3)
+	SIGRECONFIG = syscall.Signal(0x3a)
+	SIGRETRACT  = syscall.Signal(0x3d)
+	SIGSAK      = syscall.Signal(0x3f)
+	SIGSEGV     = syscall.Signal(0xb)
+	SIGSOUND    = syscall.Signal(0x3e)
+	SIGSTOP     = syscall.Signal(0x11)
+	SIGSYS      = syscall.Signal(0xc)
+	SIGSYSERROR = syscall.Signal(0x30)
+	SIGTALRM    = syscall.Signal(0x26)
+	SIGTERM     = syscall.Signal(0xf)
+	SIGTRAP     = syscall.Signal(0x5)
+	SIGTSTP     = syscall.Signal(0x12)
+	SIGTTIN     = syscall.Signal(0x15)
+	SIGTTOU     = syscall.Signal(0x16)
+	SIGURG      = syscall.Signal(0x10)
+	SIGUSR1     = syscall.Signal(0x1e)
+	SIGUSR2     = syscall.Signal(0x1f)
+	SIGVIRT     = syscall.Signal(0x25)
+	SIGVTALRM   = syscall.Signal(0x22)
+	SIGWAITING  = syscall.Signal(0x27)
+	SIGWINCH    = syscall.Signal(0x1c)
+	SIGXCPU     = syscall.Signal(0x18)
+	SIGXFSZ     = syscall.Signal(0x19)
+)
+
+// Error table
+var errorList = [...]struct {
+	num  syscall.Errno
+	name string
+	desc string
+}{
+	{1, "EPERM", "not owner"},
+	{2, "ENOENT", "no such file or directory"},
+	{3, "ESRCH", "no such process"},
+	{4, "EINTR", "interrupted system call"},
+	{5, "EIO", "I/O error"},
+	{6, "ENXIO", "no such device or address"},
+	{7, "E2BIG", "arg list too long"},
+	{8, "ENOEXEC", "exec format error"},
+	{9, "EBADF", "bad file number"},
+	{10, "ECHILD", "no child processes"},
+	{11, "EWOULDBLOCK", "resource temporarily unavailable"},
+	{12, "ENOMEM", "not enough space"},
+	{13, "EACCES", "permission denied"},
+	{14, "EFAULT", "bad address"},
+	{15, "ENOTBLK", "block device required"},
+	{16, "EBUSY", "device busy"},
+	{17, "ENOTEMPTY", "file exists"},
+	{18, "EXDEV", "cross-device link"},
+	{19, "ENODEV", "no such device"},
+	{20, "ENOTDIR", "not a directory"},
+	{21, "EISDIR", "is a directory"},
+	{22, "EINVAL", "invalid argument"},
+	{23, "ENFILE", "file table overflow"},
+	{24, "EMFILE", "too many open files"},
+	{25, "ENOTTY", "not a typewriter"},
+	{26, "ETXTBSY", "text file busy"},
+	{27, "EFBIG", "file too large"},
+	{28, "ENOSPC", "no space left on device"},
+	{29, "ESPIPE", "illegal seek"},
+	{30, "EROFS", "read-only file system"},
+	{31, "EMLINK", "too many links"},
+	{32, "EPIPE", "broken pipe"},
+	{33, "EDOM", "argument out of domain"},
+	{34, "ERANGE", "result too large"},
+	{35, "ENOMSG", "no message of desired type"},
+	{36, "EIDRM", "identifier removed"},
+	{37, "ECHRNG", "channel number out of range"},
+	{38, "EL2NSYNC", "level 2 not synchronized"},
+	{39, "EL3HLT", "level 3 halted"},
+	{40, "EL3RST", "level 3 reset"},
+	{41, "ELNRNG", "link number out of range"},
+	{42, "EUNATCH", "protocol driver not attached"},
+	{43, "ENOCSI", "no CSI structure available"},
+	{44, "EL2HLT", "level 2 halted"},
+	{45, "EDEADLK", "deadlock condition if locked"},
+	{46, "ENOTREADY", "device not ready"},
+	{47, "EWRPROTECT", "write-protected media"},
+	{48, "EFORMAT", "unformatted or incompatible media"},
+	{49, "ENOLCK", "no locks available"},
+	{50, "ENOCONNECT", "cannot Establish Connection"},
+	{52, "ESTALE", "missing file or filesystem"},
+	{53, "EDIST", "requests blocked by Administrator"},
+	{55, "EINPROGRESS", "operation now in progress"},
+	{56, "EALREADY", "operation already in progress"},
+	{57, "ENOTSOCK", "socket operation on non-socket"},
+	{58, "EDESTADDREQ", "destination address required"},
+	{59, "EMSGSIZE", "message too long"},
+	{60, "EPROTOTYPE", "protocol wrong type for socket"},
+	{61, "ENOPROTOOPT", "protocol not available"},
+	{62, "EPROTONOSUPPORT", "protocol not supported"},
+	{63, "ESOCKTNOSUPPORT", "socket type not supported"},
+	{64, "EOPNOTSUPP", "operation not supported on socket"},
+	{65, "EPFNOSUPPORT", "protocol family not supported"},
+	{66, "EAFNOSUPPORT", "addr family not supported by protocol"},
+	{67, "EADDRINUSE", "address already in use"},
+	{68, "EADDRNOTAVAIL", "can't assign requested address"},
+	{69, "ENETDOWN", "network is down"},
+	{70, "ENETUNREACH", "network is unreachable"},
+	{71, "ENETRESET", "network dropped connection on reset"},
+	{72, "ECONNABORTED", "software caused connection abort"},
+	{73, "ECONNRESET", "connection reset by peer"},
+	{74, "ENOBUFS", "no buffer space available"},
+	{75, "EISCONN", "socket is already connected"},
+	{76, "ENOTCONN", "socket is not connected"},
+	{77, "ESHUTDOWN", "can't send after socket shutdown"},
+	{78, "ETIMEDOUT", "connection timed out"},
+	{79, "ECONNREFUSED", "connection refused"},
+	{80, "EHOSTDOWN", "host is down"},
+	{81, "EHOSTUNREACH", "no route to host"},
+	{82, "ERESTART", "restart the system call"},
+	{83, "EPROCLIM", "too many processes"},
+	{84, "EUSERS", "too many users"},
+	{85, "ELOOP", "too many levels of symbolic links"},
+	{86, "ENAMETOOLONG", "file name too long"},
+	{88, "EDQUOT", "disk quota exceeded"},
+	{89, "ECORRUPT", "invalid file system control data detected"},
+	{90, "ESYSERROR", "for future use "},
+	{93, "EREMOTE", "item is not local to host"},
+	{94, "ENOTRECOVERABLE", "state not recoverable "},
+	{95, "EOWNERDEAD", "previous owner died "},
+	{109, "ENOSYS", "function not implemented"},
+	{110, "EMEDIA", "media surface error"},
+	{111, "ESOFT", "I/O completed, but needs relocation"},
+	{112, "ENOATTR", "no attribute found"},
+	{113, "ESAD", "security Authentication Denied"},
+	{114, "ENOTRUST", "not a Trusted Program"},
+	{115, "ETOOMANYREFS", "too many references: can't splice"},
+	{116, "EILSEQ", "invalid wide character"},
+	{117, "ECANCELED", "asynchronous I/O cancelled"},
+	{118, "ENOSR", "out of STREAMS resources"},
+	{119, "ETIME", "system call timed out"},
+	{120, "EBADMSG", "next message has wrong type"},
+	{121, "EPROTO", "error in protocol"},
+	{122, "ENODATA", "no message on stream head read q"},
+	{123, "ENOSTR", "fd not associated with a stream"},
+	{124, "ENOTSUP", "unsupported attribute value"},
+	{125, "EMULTIHOP", "multihop is not allowed"},
+	{126, "ENOLINK", "the server link has been severed"},
+	{127, "EOVERFLOW", "value too large to be stored in data type"},
+}
+
+// Signal table
+var signalList = [...]struct {
+	num  syscall.Signal
+	name string
+	desc string
+}{
+	{1, "SIGHUP", "hangup"},
+	{2, "SIGINT", "interrupt"},
+	{3, "SIGQUIT", "quit"},
+	{4, "SIGILL", "illegal instruction"},
+	{5, "SIGTRAP", "trace/BPT trap"},
+	{6, "SIGIOT", "IOT/Abort trap"},
+	{7, "SIGEMT", "EMT trap"},
+	{8, "SIGFPE", "floating point exception"},
+	{9, "SIGKILL", "killed"},
+	{10, "SIGBUS", "bus error"},
+	{11, "SIGSEGV", "segmentation fault"},
+	{12, "SIGSYS", "bad system call"},
+	{13, "SIGPIPE", "broken pipe"},
+	{14, "SIGALRM", "alarm clock"},
+	{15, "SIGTERM", "terminated"},
+	{16, "SIGURG", "urgent I/O condition"},
+	{17, "SIGSTOP", "stopped (signal)"},
+	{18, "SIGTSTP", "stopped"},
+	{19, "SIGCONT", "continued"},
+	{20, "SIGCHLD", "child exited"},
+	{21, "SIGTTIN", "stopped (tty input)"},
+	{22, "SIGTTOU", "stopped (tty output)"},
+	{23, "SIGIO", "I/O possible/complete"},
+	{24, "SIGXCPU", "cputime limit exceeded"},
+	{25, "SIGXFSZ", "filesize limit exceeded"},
+	{27, "SIGMSG", "input device data"},
+	{28, "SIGWINCH", "window size changes"},
+	{29, "SIGPWR", "power-failure"},
+	{30, "SIGUSR1", "user defined signal 1"},
+	{31, "SIGUSR2", "user defined signal 2"},
+	{32, "SIGPROF", "profiling timer expired"},
+	{33, "SIGDANGER", "paging space low"},
+	{34, "SIGVTALRM", "virtual timer expired"},
+	{35, "SIGMIGRATE", "signal 35"},
+	{36, "SIGPRE", "signal 36"},
+	{37, "SIGVIRT", "signal 37"},
+	{38, "SIGTALRM", "signal 38"},
+	{39, "SIGWAITING", "signal 39"},
+	{48, "SIGSYSERROR", "signal 48"},
+	{49, "SIGCAPI", "signal 49"},
+	{58, "SIGRECONFIG", "signal 58"},
+	{59, "SIGCPUFAIL", "CPU Failure Predicted"},
+	{60, "SIGGRANT", "monitor mode granted"},
+	{61, "SIGRETRACT", "monitor mode retracted"},
+	{62, "SIGSOUND", "sound completed"},
+	{63, "SIGMAX32", "secure attention"},
+	{255, "SIGMAX", "signal 255"},
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_darwin_386.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_darwin_386.go
new file mode 100644
index 000000000..6f333594b
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_darwin_386.go
@@ -0,0 +1,1786 @@
+// mkerrors.sh -m32
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build 386,darwin
+
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs -- -m32 _const.go
+
+package unix
+
+import "syscall"
+
+const (
+	AF_APPLETALK                      = 0x10
+	AF_CCITT                          = 0xa
+	AF_CHAOS                          = 0x5
+	AF_CNT                            = 0x15
+	AF_COIP                           = 0x14
+	AF_DATAKIT                        = 0x9
+	AF_DECnet                         = 0xc
+	AF_DLI                            = 0xd
+	AF_E164                           = 0x1c
+	AF_ECMA                           = 0x8
+	AF_HYLINK                         = 0xf
+	AF_IEEE80211                      = 0x25
+	AF_IMPLINK                        = 0x3
+	AF_INET                           = 0x2
+	AF_INET6                          = 0x1e
+	AF_IPX                            = 0x17
+	AF_ISDN                           = 0x1c
+	AF_ISO                            = 0x7
+	AF_LAT                            = 0xe
+	AF_LINK                           = 0x12
+	AF_LOCAL                          = 0x1
+	AF_MAX                            = 0x28
+	AF_NATM                           = 0x1f
+	AF_NDRV                           = 0x1b
+	AF_NETBIOS                        = 0x21
+	AF_NS                             = 0x6
+	AF_OSI                            = 0x7
+	AF_PPP                            = 0x22
+	AF_PUP                            = 0x4
+	AF_RESERVED_36                    = 0x24
+	AF_ROUTE                          = 0x11
+	AF_SIP                            = 0x18
+	AF_SNA                            = 0xb
+	AF_SYSTEM                         = 0x20
+	AF_UNIX                           = 0x1
+	AF_UNSPEC                         = 0x0
+	AF_UTUN                           = 0x26
+	ALTWERASE                         = 0x200
+	ATTR_BIT_MAP_COUNT                = 0x5
+	ATTR_CMN_ACCESSMASK               = 0x20000
+	ATTR_CMN_ACCTIME                  = 0x1000
+	ATTR_CMN_ADDEDTIME                = 0x10000000
+	ATTR_CMN_BKUPTIME                 = 0x2000
+	ATTR_CMN_CHGTIME                  = 0x800
+	ATTR_CMN_CRTIME                   = 0x200
+	ATTR_CMN_DATA_PROTECT_FLAGS       = 0x40000000
+	ATTR_CMN_DEVID                    = 0x2
+	ATTR_CMN_DOCUMENT_ID              = 0x100000
+	ATTR_CMN_ERROR                    = 0x20000000
+	ATTR_CMN_EXTENDED_SECURITY        = 0x400000
+	ATTR_CMN_FILEID                   = 0x2000000
+	ATTR_CMN_FLAGS                    = 0x40000
+	ATTR_CMN_FNDRINFO                 = 0x4000
+	ATTR_CMN_FSID                     = 0x4
+	ATTR_CMN_FULLPATH                 = 0x8000000
+	ATTR_CMN_GEN_COUNT                = 0x80000
+	ATTR_CMN_GRPID                    = 0x10000
+	ATTR_CMN_GRPUUID                  = 0x1000000
+	ATTR_CMN_MODTIME                  = 0x400
+	ATTR_CMN_NAME                     = 0x1
+	ATTR_CMN_NAMEDATTRCOUNT           = 0x80000
+	ATTR_CMN_NAMEDATTRLIST            = 0x100000
+	ATTR_CMN_OBJID                    = 0x20
+	ATTR_CMN_OBJPERMANENTID           = 0x40
+	ATTR_CMN_OBJTAG                   = 0x10
+	ATTR_CMN_OBJTYPE                  = 0x8
+	ATTR_CMN_OWNERID                  = 0x8000
+	ATTR_CMN_PARENTID                 = 0x4000000
+	ATTR_CMN_PAROBJID                 = 0x80
+	ATTR_CMN_RETURNED_ATTRS           = 0x80000000
+	ATTR_CMN_SCRIPT                   = 0x100
+	ATTR_CMN_SETMASK                  = 0x41c7ff00
+	ATTR_CMN_USERACCESS               = 0x200000
+	ATTR_CMN_UUID                     = 0x800000
+	ATTR_CMN_VALIDMASK                = 0xffffffff
+	ATTR_CMN_VOLSETMASK               = 0x6700
+	ATTR_FILE_ALLOCSIZE               = 0x4
+	ATTR_FILE_CLUMPSIZE               = 0x10
+	ATTR_FILE_DATAALLOCSIZE           = 0x400
+	ATTR_FILE_DATAEXTENTS             = 0x800
+	ATTR_FILE_DATALENGTH              = 0x200
+	ATTR_FILE_DEVTYPE                 = 0x20
+	ATTR_FILE_FILETYPE                = 0x40
+	ATTR_FILE_FORKCOUNT               = 0x80
+	ATTR_FILE_FORKLIST                = 0x100
+	ATTR_FILE_IOBLOCKSIZE             = 0x8
+	ATTR_FILE_LINKCOUNT               = 0x1
+	ATTR_FILE_RSRCALLOCSIZE           = 0x2000
+	ATTR_FILE_RSRCEXTENTS             = 0x4000
+	ATTR_FILE_RSRCLENGTH              = 0x1000
+	ATTR_FILE_SETMASK                 = 0x20
+	ATTR_FILE_TOTALSIZE               = 0x2
+	ATTR_FILE_VALIDMASK               = 0x37ff
+	ATTR_VOL_ALLOCATIONCLUMP          = 0x40
+	ATTR_VOL_ATTRIBUTES               = 0x40000000
+	ATTR_VOL_CAPABILITIES             = 0x20000
+	ATTR_VOL_DIRCOUNT                 = 0x400
+	ATTR_VOL_ENCODINGSUSED            = 0x10000
+	ATTR_VOL_FILECOUNT                = 0x200
+	ATTR_VOL_FSTYPE                   = 0x1
+	ATTR_VOL_INFO                     = 0x80000000
+	ATTR_VOL_IOBLOCKSIZE              = 0x80
+	ATTR_VOL_MAXOBJCOUNT              = 0x800
+	ATTR_VOL_MINALLOCATION            = 0x20
+	ATTR_VOL_MOUNTEDDEVICE            = 0x8000
+	ATTR_VOL_MOUNTFLAGS               = 0x4000
+	ATTR_VOL_MOUNTPOINT               = 0x1000
+	ATTR_VOL_NAME                     = 0x2000
+	ATTR_VOL_OBJCOUNT                 = 0x100
+	ATTR_VOL_QUOTA_SIZE               = 0x10000000
+	ATTR_VOL_RESERVED_SIZE            = 0x20000000
+	ATTR_VOL_SETMASK                  = 0x80002000
+	ATTR_VOL_SIGNATURE                = 0x2
+	ATTR_VOL_SIZE                     = 0x4
+	ATTR_VOL_SPACEAVAIL               = 0x10
+	ATTR_VOL_SPACEFREE                = 0x8
+	ATTR_VOL_UUID                     = 0x40000
+	ATTR_VOL_VALIDMASK                = 0xf007ffff
+	B0                                = 0x0
+	B110                              = 0x6e
+	B115200                           = 0x1c200
+	B1200                             = 0x4b0
+	B134                              = 0x86
+	B14400                            = 0x3840
+	B150                              = 0x96
+	B1800                             = 0x708
+	B19200                            = 0x4b00
+	B200                              = 0xc8
+	B230400                           = 0x38400
+	B2400                             = 0x960
+	B28800                            = 0x7080
+	B300                              = 0x12c
+	B38400                            = 0x9600
+	B4800                             = 0x12c0
+	B50                               = 0x32
+	B57600                            = 0xe100
+	B600                              = 0x258
+	B7200                             = 0x1c20
+	B75                               = 0x4b
+	B76800                            = 0x12c00
+	B9600                             = 0x2580
+	BIOCFLUSH                         = 0x20004268
+	BIOCGBLEN                         = 0x40044266
+	BIOCGDLT                          = 0x4004426a
+	BIOCGDLTLIST                      = 0xc00c4279
+	BIOCGETIF                         = 0x4020426b
+	BIOCGHDRCMPLT                     = 0x40044274
+	BIOCGRSIG                         = 0x40044272
+	BIOCGRTIMEOUT                     = 0x4008426e
+	BIOCGSEESENT                      = 0x40044276
+	BIOCGSTATS                        = 0x4008426f
+	BIOCIMMEDIATE                     = 0x80044270
+	BIOCPROMISC                       = 0x20004269
+	BIOCSBLEN                         = 0xc0044266
+	BIOCSDLT                          = 0x80044278
+	BIOCSETF                          = 0x80084267
+	BIOCSETFNR                        = 0x8008427e
+	BIOCSETIF                         = 0x8020426c
+	BIOCSHDRCMPLT                     = 0x80044275
+	BIOCSRSIG                         = 0x80044273
+	BIOCSRTIMEOUT                     = 0x8008426d
+	BIOCSSEESENT                      = 0x80044277
+	BIOCVERSION                       = 0x40044271
+	BPF_A                             = 0x10
+	BPF_ABS                           = 0x20
+	BPF_ADD                           = 0x0
+	BPF_ALIGNMENT                     = 0x4
+	BPF_ALU                           = 0x4
+	BPF_AND                           = 0x50
+	BPF_B                             = 0x10
+	BPF_DIV                           = 0x30
+	BPF_H                             = 0x8
+	BPF_IMM                           = 0x0
+	BPF_IND                           = 0x40
+	BPF_JA                            = 0x0
+	BPF_JEQ                           = 0x10
+	BPF_JGE                           = 0x30
+	BPF_JGT                           = 0x20
+	BPF_JMP                           = 0x5
+	BPF_JSET                          = 0x40
+	BPF_K                             = 0x0
+	BPF_LD                            = 0x0
+	BPF_LDX                           = 0x1
+	BPF_LEN                           = 0x80
+	BPF_LSH                           = 0x60
+	BPF_MAJOR_VERSION                 = 0x1
+	BPF_MAXBUFSIZE                    = 0x80000
+	BPF_MAXINSNS                      = 0x200
+	BPF_MEM                           = 0x60
+	BPF_MEMWORDS                      = 0x10
+	BPF_MINBUFSIZE                    = 0x20
+	BPF_MINOR_VERSION                 = 0x1
+	BPF_MISC                          = 0x7
+	BPF_MSH                           = 0xa0
+	BPF_MUL                           = 0x20
+	BPF_NEG                           = 0x80
+	BPF_OR                            = 0x40
+	BPF_RELEASE                       = 0x30bb6
+	BPF_RET                           = 0x6
+	BPF_RSH                           = 0x70
+	BPF_ST                            = 0x2
+	BPF_STX                           = 0x3
+	BPF_SUB                           = 0x10
+	BPF_TAX                           = 0x0
+	BPF_TXA                           = 0x80
+	BPF_W                             = 0x0
+	BPF_X                             = 0x8
+	BRKINT                            = 0x2
+	BS0                               = 0x0
+	BS1                               = 0x8000
+	BSDLY                             = 0x8000
+	CFLUSH                            = 0xf
+	CLOCAL                            = 0x8000
+	CLOCK_MONOTONIC                   = 0x6
+	CLOCK_MONOTONIC_RAW               = 0x4
+	CLOCK_MONOTONIC_RAW_APPROX        = 0x5
+	CLOCK_PROCESS_CPUTIME_ID          = 0xc
+	CLOCK_REALTIME                    = 0x0
+	CLOCK_THREAD_CPUTIME_ID           = 0x10
+	CLOCK_UPTIME_RAW                  = 0x8
+	CLOCK_UPTIME_RAW_APPROX           = 0x9
+	CLONE_NOFOLLOW                    = 0x1
+	CLONE_NOOWNERCOPY                 = 0x2
+	CR0                               = 0x0
+	CR1                               = 0x1000
+	CR2                               = 0x2000
+	CR3                               = 0x3000
+	CRDLY                             = 0x3000
+	CREAD                             = 0x800
+	CRTSCTS                           = 0x30000
+	CS5                               = 0x0
+	CS6                               = 0x100
+	CS7                               = 0x200
+	CS8                               = 0x300
+	CSIZE                             = 0x300
+	CSTART                            = 0x11
+	CSTATUS                           = 0x14
+	CSTOP                             = 0x13
+	CSTOPB                            = 0x400
+	CSUSP                             = 0x1a
+	CTL_HW                            = 0x6
+	CTL_KERN                          = 0x1
+	CTL_MAXNAME                       = 0xc
+	CTL_NET                           = 0x4
+	DLT_A429                          = 0xb8
+	DLT_A653_ICM                      = 0xb9
+	DLT_AIRONET_HEADER                = 0x78
+	DLT_AOS                           = 0xde
+	DLT_APPLE_IP_OVER_IEEE1394        = 0x8a
+	DLT_ARCNET                        = 0x7
+	DLT_ARCNET_LINUX                  = 0x81
+	DLT_ATM_CLIP                      = 0x13
+	DLT_ATM_RFC1483                   = 0xb
+	DLT_AURORA                        = 0x7e
+	DLT_AX25                          = 0x3
+	DLT_AX25_KISS                     = 0xca
+	DLT_BACNET_MS_TP                  = 0xa5
+	DLT_BLUETOOTH_HCI_H4              = 0xbb
+	DLT_BLUETOOTH_HCI_H4_WITH_PHDR    = 0xc9
+	DLT_CAN20B                        = 0xbe
+	DLT_CAN_SOCKETCAN                 = 0xe3
+	DLT_CHAOS                         = 0x5
+	DLT_CHDLC                         = 0x68
+	DLT_CISCO_IOS                     = 0x76
+	DLT_C_HDLC                        = 0x68
+	DLT_C_HDLC_WITH_DIR               = 0xcd
+	DLT_DBUS                          = 0xe7
+	DLT_DECT                          = 0xdd
+	DLT_DOCSIS                        = 0x8f
+	DLT_DVB_CI                        = 0xeb
+	DLT_ECONET                        = 0x73
+	DLT_EN10MB                        = 0x1
+	DLT_EN3MB                         = 0x2
+	DLT_ENC                           = 0x6d
+	DLT_ERF                           = 0xc5
+	DLT_ERF_ETH                       = 0xaf
+	DLT_ERF_POS                       = 0xb0
+	DLT_FC_2                          = 0xe0
+	DLT_FC_2_WITH_FRAME_DELIMS        = 0xe1
+	DLT_FDDI                          = 0xa
+	DLT_FLEXRAY                       = 0xd2
+	DLT_FRELAY                        = 0x6b
+	DLT_FRELAY_WITH_DIR               = 0xce
+	DLT_GCOM_SERIAL                   = 0xad
+	DLT_GCOM_T1E1                     = 0xac
+	DLT_GPF_F                         = 0xab
+	DLT_GPF_T                         = 0xaa
+	DLT_GPRS_LLC                      = 0xa9
+	DLT_GSMTAP_ABIS                   = 0xda
+	DLT_GSMTAP_UM                     = 0xd9
+	DLT_HHDLC                         = 0x79
+	DLT_IBM_SN                        = 0x92
+	DLT_IBM_SP                        = 0x91
+	DLT_IEEE802                       = 0x6
+	DLT_IEEE802_11                    = 0x69
+	DLT_IEEE802_11_RADIO              = 0x7f
+	DLT_IEEE802_11_RADIO_AVS          = 0xa3
+	DLT_IEEE802_15_4                  = 0xc3
+	DLT_IEEE802_15_4_LINUX            = 0xbf
+	DLT_IEEE802_15_4_NOFCS            = 0xe6
+	DLT_IEEE802_15_4_NONASK_PHY       = 0xd7
+	DLT_IEEE802_16_MAC_CPS            = 0xbc
+	DLT_IEEE802_16_MAC_CPS_RADIO      = 0xc1
+	DLT_IPFILTER                      = 0x74
+	DLT_IPMB                          = 0xc7
+	DLT_IPMB_LINUX                    = 0xd1
+	DLT_IPNET                         = 0xe2
+	DLT_IPOIB                         = 0xf2
+	DLT_IPV4                          = 0xe4
+	DLT_IPV6                          = 0xe5
+	DLT_IP_OVER_FC                    = 0x7a
+	DLT_JUNIPER_ATM1                  = 0x89
+	DLT_JUNIPER_ATM2                  = 0x87
+	DLT_JUNIPER_ATM_CEMIC             = 0xee
+	DLT_JUNIPER_CHDLC                 = 0xb5
+	DLT_JUNIPER_ES                    = 0x84
+	DLT_JUNIPER_ETHER                 = 0xb2
+	DLT_JUNIPER_FIBRECHANNEL          = 0xea
+	DLT_JUNIPER_FRELAY                = 0xb4
+	DLT_JUNIPER_GGSN                  = 0x85
+	DLT_JUNIPER_ISM                   = 0xc2
+	DLT_JUNIPER_MFR                   = 0x86
+	DLT_JUNIPER_MLFR                  = 0x83
+	DLT_JUNIPER_MLPPP                 = 0x82
+	DLT_JUNIPER_MONITOR               = 0xa4
+	DLT_JUNIPER_PIC_PEER              = 0xae
+	DLT_JUNIPER_PPP                   = 0xb3
+	DLT_JUNIPER_PPPOE                 = 0xa7
+	DLT_JUNIPER_PPPOE_ATM             = 0xa8
+	DLT_JUNIPER_SERVICES              = 0x88
+	DLT_JUNIPER_SRX_E2E               = 0xe9
+	DLT_JUNIPER_ST                    = 0xc8
+	DLT_JUNIPER_VP                    = 0xb7
+	DLT_JUNIPER_VS                    = 0xe8
+	DLT_LAPB_WITH_DIR                 = 0xcf
+	DLT_LAPD                          = 0xcb
+	DLT_LIN                           = 0xd4
+	DLT_LINUX_EVDEV                   = 0xd8
+	DLT_LINUX_IRDA                    = 0x90
+	DLT_LINUX_LAPD                    = 0xb1
+	DLT_LINUX_PPP_WITHDIRECTION       = 0xa6
+	DLT_LINUX_SLL                     = 0x71
+	DLT_LOOP                          = 0x6c
+	DLT_LTALK                         = 0x72
+	DLT_MATCHING_MAX                  = 0xf5
+	DLT_MATCHING_MIN                  = 0x68
+	DLT_MFR                           = 0xb6
+	DLT_MOST                          = 0xd3
+	DLT_MPEG_2_TS                     = 0xf3
+	DLT_MPLS                          = 0xdb
+	DLT_MTP2                          = 0x8c
+	DLT_MTP2_WITH_PHDR                = 0x8b
+	DLT_MTP3                          = 0x8d
+	DLT_MUX27010                      = 0xec
+	DLT_NETANALYZER                   = 0xf0
+	DLT_NETANALYZER_TRANSPARENT       = 0xf1
+	DLT_NFC_LLCP                      = 0xf5
+	DLT_NFLOG                         = 0xef
+	DLT_NG40                          = 0xf4
+	DLT_NULL                          = 0x0
+	DLT_PCI_EXP                       = 0x7d
+	DLT_PFLOG                         = 0x75
+	DLT_PFSYNC                        = 0x12
+	DLT_PPI                           = 0xc0
+	DLT_PPP                           = 0x9
+	DLT_PPP_BSDOS                     = 0x10
+	DLT_PPP_ETHER                     = 0x33
+	DLT_PPP_PPPD                      = 0xa6
+	DLT_PPP_SERIAL                    = 0x32
+	DLT_PPP_WITH_DIR                  = 0xcc
+	DLT_PPP_WITH_DIRECTION            = 0xa6
+	DLT_PRISM_HEADER                  = 0x77
+	DLT_PRONET                        = 0x4
+	DLT_RAIF1                         = 0xc6
+	DLT_RAW                           = 0xc
+	DLT_RIO                           = 0x7c
+	DLT_SCCP                          = 0x8e
+	DLT_SITA                          = 0xc4
+	DLT_SLIP                          = 0x8
+	DLT_SLIP_BSDOS                    = 0xf
+	DLT_STANAG_5066_D_PDU             = 0xed
+	DLT_SUNATM                        = 0x7b
+	DLT_SYMANTEC_FIREWALL             = 0x63
+	DLT_TZSP                          = 0x80
+	DLT_USB                           = 0xba
+	DLT_USB_LINUX                     = 0xbd
+	DLT_USB_LINUX_MMAPPED             = 0xdc
+	DLT_USER0                         = 0x93
+	DLT_USER1                         = 0x94
+	DLT_USER10                        = 0x9d
+	DLT_USER11                        = 0x9e
+	DLT_USER12                        = 0x9f
+	DLT_USER13                        = 0xa0
+	DLT_USER14                        = 0xa1
+	DLT_USER15                        = 0xa2
+	DLT_USER2                         = 0x95
+	DLT_USER3                         = 0x96
+	DLT_USER4                         = 0x97
+	DLT_USER5                         = 0x98
+	DLT_USER6                         = 0x99
+	DLT_USER7                         = 0x9a
+	DLT_USER8                         = 0x9b
+	DLT_USER9                         = 0x9c
+	DLT_WIHART                        = 0xdf
+	DLT_X2E_SERIAL                    = 0xd5
+	DLT_X2E_XORAYA                    = 0xd6
+	DT_BLK                            = 0x6
+	DT_CHR                            = 0x2
+	DT_DIR                            = 0x4
+	DT_FIFO                           = 0x1
+	DT_LNK                            = 0xa
+	DT_REG                            = 0x8
+	DT_SOCK                           = 0xc
+	DT_UNKNOWN                        = 0x0
+	DT_WHT                            = 0xe
+	ECHO                              = 0x8
+	ECHOCTL                           = 0x40
+	ECHOE                             = 0x2
+	ECHOK                             = 0x4
+	ECHOKE                            = 0x1
+	ECHONL                            = 0x10
+	ECHOPRT                           = 0x20
+	EVFILT_AIO                        = -0x3
+	EVFILT_EXCEPT                     = -0xf
+	EVFILT_FS                         = -0x9
+	EVFILT_MACHPORT                   = -0x8
+	EVFILT_PROC                       = -0x5
+	EVFILT_READ                       = -0x1
+	EVFILT_SIGNAL                     = -0x6
+	EVFILT_SYSCOUNT                   = 0xf
+	EVFILT_THREADMARKER               = 0xf
+	EVFILT_TIMER                      = -0x7
+	EVFILT_USER                       = -0xa
+	EVFILT_VM                         = -0xc
+	EVFILT_VNODE                      = -0x4
+	EVFILT_WRITE                      = -0x2
+	EV_ADD                            = 0x1
+	EV_CLEAR                          = 0x20
+	EV_DELETE                         = 0x2
+	EV_DISABLE                        = 0x8
+	EV_DISPATCH                       = 0x80
+	EV_DISPATCH2                      = 0x180
+	EV_ENABLE                         = 0x4
+	EV_EOF                            = 0x8000
+	EV_ERROR                          = 0x4000
+	EV_FLAG0                          = 0x1000
+	EV_FLAG1                          = 0x2000
+	EV_ONESHOT                        = 0x10
+	EV_OOBAND                         = 0x2000
+	EV_POLL                           = 0x1000
+	EV_RECEIPT                        = 0x40
+	EV_SYSFLAGS                       = 0xf000
+	EV_UDATA_SPECIFIC                 = 0x100
+	EV_VANISHED                       = 0x200
+	EXTA                              = 0x4b00
+	EXTB                              = 0x9600
+	EXTPROC                           = 0x800
+	FD_CLOEXEC                        = 0x1
+	FD_SETSIZE                        = 0x400
+	FF0                               = 0x0
+	FF1                               = 0x4000
+	FFDLY                             = 0x4000
+	FLUSHO                            = 0x800000
+	FSOPT_ATTR_CMN_EXTENDED           = 0x20
+	FSOPT_NOFOLLOW                    = 0x1
+	FSOPT_NOINMEMUPDATE               = 0x2
+	FSOPT_PACK_INVAL_ATTRS            = 0x8
+	FSOPT_REPORT_FULLSIZE             = 0x4
+	F_ADDFILESIGS                     = 0x3d
+	F_ADDFILESIGS_FOR_DYLD_SIM        = 0x53
+	F_ADDFILESIGS_RETURN              = 0x61
+	F_ADDSIGS                         = 0x3b
+	F_ALLOCATEALL                     = 0x4
+	F_ALLOCATECONTIG                  = 0x2
+	F_BARRIERFSYNC                    = 0x55
+	F_CHECK_LV                        = 0x62
+	F_CHKCLEAN                        = 0x29
+	F_DUPFD                           = 0x0
+	F_DUPFD_CLOEXEC                   = 0x43
+	F_FINDSIGS                        = 0x4e
+	F_FLUSH_DATA                      = 0x28
+	F_FREEZE_FS                       = 0x35
+	F_FULLFSYNC                       = 0x33
+	F_GETCODEDIR                      = 0x48
+	F_GETFD                           = 0x1
+	F_GETFL                           = 0x3
+	F_GETLK                           = 0x7
+	F_GETLKPID                        = 0x42
+	F_GETNOSIGPIPE                    = 0x4a
+	F_GETOWN                          = 0x5
+	F_GETPATH                         = 0x32
+	F_GETPATH_MTMINFO                 = 0x47
+	F_GETPROTECTIONCLASS              = 0x3f
+	F_GETPROTECTIONLEVEL              = 0x4d
+	F_GLOBAL_NOCACHE                  = 0x37
+	F_LOG2PHYS                        = 0x31
+	F_LOG2PHYS_EXT                    = 0x41
+	F_NOCACHE                         = 0x30
+	F_NODIRECT                        = 0x3e
+	F_OK                              = 0x0
+	F_PATHPKG_CHECK                   = 0x34
+	F_PEOFPOSMODE                     = 0x3
+	F_PREALLOCATE                     = 0x2a
+	F_PUNCHHOLE                       = 0x63
+	F_RDADVISE                        = 0x2c
+	F_RDAHEAD                         = 0x2d
+	F_RDLCK                           = 0x1
+	F_SETBACKINGSTORE                 = 0x46
+	F_SETFD                           = 0x2
+	F_SETFL                           = 0x4
+	F_SETLK                           = 0x8
+	F_SETLKW                          = 0x9
+	F_SETLKWTIMEOUT                   = 0xa
+	F_SETNOSIGPIPE                    = 0x49
+	F_SETOWN                          = 0x6
+	F_SETPROTECTIONCLASS              = 0x40
+	F_SETSIZE                         = 0x2b
+	F_SINGLE_WRITER                   = 0x4c
+	F_THAW_FS                         = 0x36
+	F_TRANSCODEKEY                    = 0x4b
+	F_TRIM_ACTIVE_FILE                = 0x64
+	F_UNLCK                           = 0x2
+	F_VOLPOSMODE                      = 0x4
+	F_WRLCK                           = 0x3
+	HUPCL                             = 0x4000
+	HW_MACHINE                        = 0x1
+	ICANON                            = 0x100
+	ICMP6_FILTER                      = 0x12
+	ICRNL                             = 0x100
+	IEXTEN                            = 0x400
+	IFF_ALLMULTI                      = 0x200
+	IFF_ALTPHYS                       = 0x4000
+	IFF_BROADCAST                     = 0x2
+	IFF_DEBUG                         = 0x4
+	IFF_LINK0                         = 0x1000
+	IFF_LINK1                         = 0x2000
+	IFF_LINK2                         = 0x4000
+	IFF_LOOPBACK                      = 0x8
+	IFF_MULTICAST                     = 0x8000
+	IFF_NOARP                         = 0x80
+	IFF_NOTRAILERS                    = 0x20
+	IFF_OACTIVE                       = 0x400
+	IFF_POINTOPOINT                   = 0x10
+	IFF_PROMISC                       = 0x100
+	IFF_RUNNING                       = 0x40
+	IFF_SIMPLEX                       = 0x800
+	IFF_UP                            = 0x1
+	IFNAMSIZ                          = 0x10
+	IFT_1822                          = 0x2
+	IFT_AAL5                          = 0x31
+	IFT_ARCNET                        = 0x23
+	IFT_ARCNETPLUS                    = 0x24
+	IFT_ATM                           = 0x25
+	IFT_BRIDGE                        = 0xd1
+	IFT_CARP                          = 0xf8
+	IFT_CELLULAR                      = 0xff
+	IFT_CEPT                          = 0x13
+	IFT_DS3                           = 0x1e
+	IFT_ENC                           = 0xf4
+	IFT_EON                           = 0x19
+	IFT_ETHER                         = 0x6
+	IFT_FAITH                         = 0x38
+	IFT_FDDI                          = 0xf
+	IFT_FRELAY                        = 0x20
+	IFT_FRELAYDCE                     = 0x2c
+	IFT_GIF                           = 0x37
+	IFT_HDH1822                       = 0x3
+	IFT_HIPPI                         = 0x2f
+	IFT_HSSI                          = 0x2e
+	IFT_HY                            = 0xe
+	IFT_IEEE1394                      = 0x90
+	IFT_IEEE8023ADLAG                 = 0x88
+	IFT_ISDNBASIC                     = 0x14
+	IFT_ISDNPRIMARY                   = 0x15
+	IFT_ISO88022LLC                   = 0x29
+	IFT_ISO88023                      = 0x7
+	IFT_ISO88024                      = 0x8
+	IFT_ISO88025                      = 0x9
+	IFT_ISO88026                      = 0xa
+	IFT_L2VLAN                        = 0x87
+	IFT_LAPB                          = 0x10
+	IFT_LOCALTALK                     = 0x2a
+	IFT_LOOP                          = 0x18
+	IFT_MIOX25                        = 0x26
+	IFT_MODEM                         = 0x30
+	IFT_NSIP                          = 0x1b
+	IFT_OTHER                         = 0x1
+	IFT_P10                           = 0xc
+	IFT_P80                           = 0xd
+	IFT_PARA                          = 0x22
+	IFT_PDP                           = 0xff
+	IFT_PFLOG                         = 0xf5
+	IFT_PFSYNC                        = 0xf6
+	IFT_PKTAP                         = 0xfe
+	IFT_PPP                           = 0x17
+	IFT_PROPMUX                       = 0x36
+	IFT_PROPVIRTUAL                   = 0x35
+	IFT_PTPSERIAL                     = 0x16
+	IFT_RS232                         = 0x21
+	IFT_SDLC                          = 0x11
+	IFT_SIP                           = 0x1f
+	IFT_SLIP                          = 0x1c
+	IFT_SMDSDXI                       = 0x2b
+	IFT_SMDSICIP                      = 0x34
+	IFT_SONET                         = 0x27
+	IFT_SONETPATH                     = 0x32
+	IFT_SONETVT                       = 0x33
+	IFT_STARLAN                       = 0xb
+	IFT_STF                           = 0x39
+	IFT_T1                            = 0x12
+	IFT_ULTRA                         = 0x1d
+	IFT_V35                           = 0x2d
+	IFT_X25                           = 0x5
+	IFT_X25DDN                        = 0x4
+	IFT_X25PLE                        = 0x28
+	IFT_XETHER                        = 0x1a
+	IGNBRK                            = 0x1
+	IGNCR                             = 0x80
+	IGNPAR                            = 0x4
+	IMAXBEL                           = 0x2000
+	INLCR                             = 0x40
+	INPCK                             = 0x10
+	IN_CLASSA_HOST                    = 0xffffff
+	IN_CLASSA_MAX                     = 0x80
+	IN_CLASSA_NET                     = 0xff000000
+	IN_CLASSA_NSHIFT                  = 0x18
+	IN_CLASSB_HOST                    = 0xffff
+	IN_CLASSB_MAX                     = 0x10000
+	IN_CLASSB_NET                     = 0xffff0000
+	IN_CLASSB_NSHIFT                  = 0x10
+	IN_CLASSC_HOST                    = 0xff
+	IN_CLASSC_NET                     = 0xffffff00
+	IN_CLASSC_NSHIFT                  = 0x8
+	IN_CLASSD_HOST                    = 0xfffffff
+	IN_CLASSD_NET                     = 0xf0000000
+	IN_CLASSD_NSHIFT                  = 0x1c
+	IN_LINKLOCALNETNUM                = 0xa9fe0000
+	IN_LOOPBACKNET                    = 0x7f
+	IPPROTO_3PC                       = 0x22
+	IPPROTO_ADFS                      = 0x44
+	IPPROTO_AH                        = 0x33
+	IPPROTO_AHIP                      = 0x3d
+	IPPROTO_APES                      = 0x63
+	IPPROTO_ARGUS                     = 0xd
+	IPPROTO_AX25                      = 0x5d
+	IPPROTO_BHA                       = 0x31
+	IPPROTO_BLT                       = 0x1e
+	IPPROTO_BRSATMON                  = 0x4c
+	IPPROTO_CFTP                      = 0x3e
+	IPPROTO_CHAOS                     = 0x10
+	IPPROTO_CMTP                      = 0x26
+	IPPROTO_CPHB                      = 0x49
+	IPPROTO_CPNX                      = 0x48
+	IPPROTO_DDP                       = 0x25
+	IPPROTO_DGP                       = 0x56
+	IPPROTO_DIVERT                    = 0xfe
+	IPPROTO_DONE                      = 0x101
+	IPPROTO_DSTOPTS                   = 0x3c
+	IPPROTO_EGP                       = 0x8
+	IPPROTO_EMCON                     = 0xe
+	IPPROTO_ENCAP                     = 0x62
+	IPPROTO_EON                       = 0x50
+	IPPROTO_ESP                       = 0x32
+	IPPROTO_ETHERIP                   = 0x61
+	IPPROTO_FRAGMENT                  = 0x2c
+	IPPROTO_GGP                       = 0x3
+	IPPROTO_GMTP                      = 0x64
+	IPPROTO_GRE                       = 0x2f
+	IPPROTO_HELLO                     = 0x3f
+	IPPROTO_HMP                       = 0x14
+	IPPROTO_HOPOPTS                   = 0x0
+	IPPROTO_ICMP                      = 0x1
+	IPPROTO_ICMPV6                    = 0x3a
+	IPPROTO_IDP                       = 0x16
+	IPPROTO_IDPR                      = 0x23
+	IPPROTO_IDRP                      = 0x2d
+	IPPROTO_IGMP                      = 0x2
+	IPPROTO_IGP                       = 0x55
+	IPPROTO_IGRP                      = 0x58
+	IPPROTO_IL                        = 0x28
+	IPPROTO_INLSP                     = 0x34
+	IPPROTO_INP                       = 0x20
+	IPPROTO_IP                        = 0x0
+	IPPROTO_IPCOMP                    = 0x6c
+	IPPROTO_IPCV                      = 0x47
+	IPPROTO_IPEIP                     = 0x5e
+	IPPROTO_IPIP                      = 0x4
+	IPPROTO_IPPC                      = 0x43
+	IPPROTO_IPV4                      = 0x4
+	IPPROTO_IPV6                      = 0x29
+	IPPROTO_IRTP                      = 0x1c
+	IPPROTO_KRYPTOLAN                 = 0x41
+	IPPROTO_LARP                      = 0x5b
+	IPPROTO_LEAF1                     = 0x19
+	IPPROTO_LEAF2                     = 0x1a
+	IPPROTO_MAX                       = 0x100
+	IPPROTO_MAXID                     = 0x34
+	IPPROTO_MEAS                      = 0x13
+	IPPROTO_MHRP                      = 0x30
+	IPPROTO_MICP                      = 0x5f
+	IPPROTO_MTP                       = 0x5c
+	IPPROTO_MUX                       = 0x12
+	IPPROTO_ND                        = 0x4d
+	IPPROTO_NHRP                      = 0x36
+	IPPROTO_NONE                      = 0x3b
+	IPPROTO_NSP                       = 0x1f
+	IPPROTO_NVPII                     = 0xb
+	IPPROTO_OSPFIGP                   = 0x59
+	IPPROTO_PGM                       = 0x71
+	IPPROTO_PIGP                      = 0x9
+	IPPROTO_PIM                       = 0x67
+	IPPROTO_PRM                       = 0x15
+	IPPROTO_PUP                       = 0xc
+	IPPROTO_PVP                       = 0x4b
+	IPPROTO_RAW                       = 0xff
+	IPPROTO_RCCMON                    = 0xa
+	IPPROTO_RDP                       = 0x1b
+	IPPROTO_ROUTING                   = 0x2b
+	IPPROTO_RSVP                      = 0x2e
+	IPPROTO_RVD                       = 0x42
+	IPPROTO_SATEXPAK                  = 0x40
+	IPPROTO_SATMON                    = 0x45
+	IPPROTO_SCCSP                     = 0x60
+	IPPROTO_SCTP                      = 0x84
+	IPPROTO_SDRP                      = 0x2a
+	IPPROTO_SEP                       = 0x21
+	IPPROTO_SRPC                      = 0x5a
+	IPPROTO_ST                        = 0x7
+	IPPROTO_SVMTP                     = 0x52
+	IPPROTO_SWIPE                     = 0x35
+	IPPROTO_TCF                       = 0x57
+	IPPROTO_TCP                       = 0x6
+	IPPROTO_TP                        = 0x1d
+	IPPROTO_TPXX                      = 0x27
+	IPPROTO_TRUNK1                    = 0x17
+	IPPROTO_TRUNK2                    = 0x18
+	IPPROTO_TTP                       = 0x54
+	IPPROTO_UDP                       = 0x11
+	IPPROTO_VINES                     = 0x53
+	IPPROTO_VISA                      = 0x46
+	IPPROTO_VMTP                      = 0x51
+	IPPROTO_WBEXPAK                   = 0x4f
+	IPPROTO_WBMON                     = 0x4e
+	IPPROTO_WSN                       = 0x4a
+	IPPROTO_XNET                      = 0xf
+	IPPROTO_XTP                       = 0x24
+	IPV6_2292DSTOPTS                  = 0x17
+	IPV6_2292HOPLIMIT                 = 0x14
+	IPV6_2292HOPOPTS                  = 0x16
+	IPV6_2292NEXTHOP                  = 0x15
+	IPV6_2292PKTINFO                  = 0x13
+	IPV6_2292PKTOPTIONS               = 0x19
+	IPV6_2292RTHDR                    = 0x18
+	IPV6_BINDV6ONLY                   = 0x1b
+	IPV6_BOUND_IF                     = 0x7d
+	IPV6_CHECKSUM                     = 0x1a
+	IPV6_DEFAULT_MULTICAST_HOPS       = 0x1
+	IPV6_DEFAULT_MULTICAST_LOOP       = 0x1
+	IPV6_DEFHLIM                      = 0x40
+	IPV6_FAITH                        = 0x1d
+	IPV6_FLOWINFO_MASK                = 0xffffff0f
+	IPV6_FLOWLABEL_MASK               = 0xffff0f00
+	IPV6_FLOW_ECN_MASK                = 0x300
+	IPV6_FRAGTTL                      = 0x3c
+	IPV6_FW_ADD                       = 0x1e
+	IPV6_FW_DEL                       = 0x1f
+	IPV6_FW_FLUSH                     = 0x20
+	IPV6_FW_GET                       = 0x22
+	IPV6_FW_ZERO                      = 0x21
+	IPV6_HLIMDEC                      = 0x1
+	IPV6_IPSEC_POLICY                 = 0x1c
+	IPV6_JOIN_GROUP                   = 0xc
+	IPV6_LEAVE_GROUP                  = 0xd
+	IPV6_MAXHLIM                      = 0xff
+	IPV6_MAXOPTHDR                    = 0x800
+	IPV6_MAXPACKET                    = 0xffff
+	IPV6_MAX_GROUP_SRC_FILTER         = 0x200
+	IPV6_MAX_MEMBERSHIPS              = 0xfff
+	IPV6_MAX_SOCK_SRC_FILTER          = 0x80
+	IPV6_MIN_MEMBERSHIPS              = 0x1f
+	IPV6_MMTU                         = 0x500
+	IPV6_MULTICAST_HOPS               = 0xa
+	IPV6_MULTICAST_IF                 = 0x9
+	IPV6_MULTICAST_LOOP               = 0xb
+	IPV6_PORTRANGE                    = 0xe
+	IPV6_PORTRANGE_DEFAULT            = 0x0
+	IPV6_PORTRANGE_HIGH               = 0x1
+	IPV6_PORTRANGE_LOW                = 0x2
+	IPV6_RECVTCLASS                   = 0x23
+	IPV6_RTHDR_LOOSE                  = 0x0
+	IPV6_RTHDR_STRICT                 = 0x1
+	IPV6_RTHDR_TYPE_0                 = 0x0
+	IPV6_SOCKOPT_RESERVED1            = 0x3
+	IPV6_TCLASS                       = 0x24
+	IPV6_UNICAST_HOPS                 = 0x4
+	IPV6_V6ONLY                       = 0x1b
+	IPV6_VERSION                      = 0x60
+	IPV6_VERSION_MASK                 = 0xf0
+	IP_ADD_MEMBERSHIP                 = 0xc
+	IP_ADD_SOURCE_MEMBERSHIP          = 0x46
+	IP_BLOCK_SOURCE                   = 0x48
+	IP_BOUND_IF                       = 0x19
+	IP_DEFAULT_MULTICAST_LOOP         = 0x1
+	IP_DEFAULT_MULTICAST_TTL          = 0x1
+	IP_DF                             = 0x4000
+	IP_DROP_MEMBERSHIP                = 0xd
+	IP_DROP_SOURCE_MEMBERSHIP         = 0x47
+	IP_DUMMYNET_CONFIGURE             = 0x3c
+	IP_DUMMYNET_DEL                   = 0x3d
+	IP_DUMMYNET_FLUSH                 = 0x3e
+	IP_DUMMYNET_GET                   = 0x40
+	IP_FAITH                          = 0x16
+	IP_FW_ADD                         = 0x28
+	IP_FW_DEL                         = 0x29
+	IP_FW_FLUSH                       = 0x2a
+	IP_FW_GET                         = 0x2c
+	IP_FW_RESETLOG                    = 0x2d
+	IP_FW_ZERO                        = 0x2b
+	IP_HDRINCL                        = 0x2
+	IP_IPSEC_POLICY                   = 0x15
+	IP_MAXPACKET                      = 0xffff
+	IP_MAX_GROUP_SRC_FILTER           = 0x200
+	IP_MAX_MEMBERSHIPS                = 0xfff
+	IP_MAX_SOCK_MUTE_FILTER           = 0x80
+	IP_MAX_SOCK_SRC_FILTER            = 0x80
+	IP_MF                             = 0x2000
+	IP_MIN_MEMBERSHIPS                = 0x1f
+	IP_MSFILTER                       = 0x4a
+	IP_MSS                            = 0x240
+	IP_MULTICAST_IF                   = 0x9
+	IP_MULTICAST_IFINDEX              = 0x42
+	IP_MULTICAST_LOOP                 = 0xb
+	IP_MULTICAST_TTL                  = 0xa
+	IP_MULTICAST_VIF                  = 0xe
+	IP_NAT__XXX                       = 0x37
+	IP_OFFMASK                        = 0x1fff
+	IP_OLD_FW_ADD                     = 0x32
+	IP_OLD_FW_DEL                     = 0x33
+	IP_OLD_FW_FLUSH                   = 0x34
+	IP_OLD_FW_GET                     = 0x36
+	IP_OLD_FW_RESETLOG                = 0x38
+	IP_OLD_FW_ZERO                    = 0x35
+	IP_OPTIONS                        = 0x1
+	IP_PKTINFO                        = 0x1a
+	IP_PORTRANGE                      = 0x13
+	IP_PORTRANGE_DEFAULT              = 0x0
+	IP_PORTRANGE_HIGH                 = 0x1
+	IP_PORTRANGE_LOW                  = 0x2
+	IP_RECVDSTADDR                    = 0x7
+	IP_RECVIF                         = 0x14
+	IP_RECVOPTS                       = 0x5
+	IP_RECVPKTINFO                    = 0x1a
+	IP_RECVRETOPTS                    = 0x6
+	IP_RECVTOS                        = 0x1b
+	IP_RECVTTL                        = 0x18
+	IP_RETOPTS                        = 0x8
+	IP_RF                             = 0x8000
+	IP_RSVP_OFF                       = 0x10
+	IP_RSVP_ON                        = 0xf
+	IP_RSVP_VIF_OFF                   = 0x12
+	IP_RSVP_VIF_ON                    = 0x11
+	IP_STRIPHDR                       = 0x17
+	IP_TOS                            = 0x3
+	IP_TRAFFIC_MGT_BACKGROUND         = 0x41
+	IP_TTL                            = 0x4
+	IP_UNBLOCK_SOURCE                 = 0x49
+	ISIG                              = 0x80
+	ISTRIP                            = 0x20
+	IUTF8                             = 0x4000
+	IXANY                             = 0x800
+	IXOFF                             = 0x400
+	IXON                              = 0x200
+	KERN_HOSTNAME                     = 0xa
+	KERN_OSRELEASE                    = 0x2
+	KERN_OSTYPE                       = 0x1
+	KERN_VERSION                      = 0x4
+	LOCK_EX                           = 0x2
+	LOCK_NB                           = 0x4
+	LOCK_SH                           = 0x1
+	LOCK_UN                           = 0x8
+	MADV_CAN_REUSE                    = 0x9
+	MADV_DONTNEED                     = 0x4
+	MADV_FREE                         = 0x5
+	MADV_FREE_REUSABLE                = 0x7
+	MADV_FREE_REUSE                   = 0x8
+	MADV_NORMAL                       = 0x0
+	MADV_PAGEOUT                      = 0xa
+	MADV_RANDOM                       = 0x1
+	MADV_SEQUENTIAL                   = 0x2
+	MADV_WILLNEED                     = 0x3
+	MADV_ZERO_WIRED_PAGES             = 0x6
+	MAP_ANON                          = 0x1000
+	MAP_ANONYMOUS                     = 0x1000
+	MAP_COPY                          = 0x2
+	MAP_FILE                          = 0x0
+	MAP_FIXED                         = 0x10
+	MAP_HASSEMAPHORE                  = 0x200
+	MAP_JIT                           = 0x800
+	MAP_NOCACHE                       = 0x400
+	MAP_NOEXTEND                      = 0x100
+	MAP_NORESERVE                     = 0x40
+	MAP_PRIVATE                       = 0x2
+	MAP_RENAME                        = 0x20
+	MAP_RESERVED0080                  = 0x80
+	MAP_RESILIENT_CODESIGN            = 0x2000
+	MAP_RESILIENT_MEDIA               = 0x4000
+	MAP_SHARED                        = 0x1
+	MCL_CURRENT                       = 0x1
+	MCL_FUTURE                        = 0x2
+	MNT_ASYNC                         = 0x40
+	MNT_AUTOMOUNTED                   = 0x400000
+	MNT_CMDFLAGS                      = 0xf0000
+	MNT_CPROTECT                      = 0x80
+	MNT_DEFWRITE                      = 0x2000000
+	MNT_DONTBROWSE                    = 0x100000
+	MNT_DOVOLFS                       = 0x8000
+	MNT_DWAIT                         = 0x4
+	MNT_EXPORTED                      = 0x100
+	MNT_FORCE                         = 0x80000
+	MNT_IGNORE_OWNERSHIP              = 0x200000
+	MNT_JOURNALED                     = 0x800000
+	MNT_LOCAL                         = 0x1000
+	MNT_MULTILABEL                    = 0x4000000
+	MNT_NOATIME                       = 0x10000000
+	MNT_NOBLOCK                       = 0x20000
+	MNT_NODEV                         = 0x10
+	MNT_NOEXEC                        = 0x4
+	MNT_NOSUID                        = 0x8
+	MNT_NOUSERXATTR                   = 0x1000000
+	MNT_NOWAIT                        = 0x2
+	MNT_QUARANTINE                    = 0x400
+	MNT_QUOTA                         = 0x2000
+	MNT_RDONLY                        = 0x1
+	MNT_RELOAD                        = 0x40000
+	MNT_ROOTFS                        = 0x4000
+	MNT_SYNCHRONOUS                   = 0x2
+	MNT_UNION                         = 0x20
+	MNT_UNKNOWNPERMISSIONS            = 0x200000
+	MNT_UPDATE                        = 0x10000
+	MNT_VISFLAGMASK                   = 0x17f0f5ff
+	MNT_WAIT                          = 0x1
+	MSG_CTRUNC                        = 0x20
+	MSG_DONTROUTE                     = 0x4
+	MSG_DONTWAIT                      = 0x80
+	MSG_EOF                           = 0x100
+	MSG_EOR                           = 0x8
+	MSG_FLUSH                         = 0x400
+	MSG_HAVEMORE                      = 0x2000
+	MSG_HOLD                          = 0x800
+	MSG_NEEDSA                        = 0x10000
+	MSG_OOB                           = 0x1
+	MSG_PEEK                          = 0x2
+	MSG_RCVMORE                       = 0x4000
+	MSG_SEND                          = 0x1000
+	MSG_TRUNC                         = 0x10
+	MSG_WAITALL                       = 0x40
+	MSG_WAITSTREAM                    = 0x200
+	MS_ASYNC                          = 0x1
+	MS_DEACTIVATE                     = 0x8
+	MS_INVALIDATE                     = 0x2
+	MS_KILLPAGES                      = 0x4
+	MS_SYNC                           = 0x10
+	NAME_MAX                          = 0xff
+	NET_RT_DUMP                       = 0x1
+	NET_RT_DUMP2                      = 0x7
+	NET_RT_FLAGS                      = 0x2
+	NET_RT_IFLIST                     = 0x3
+	NET_RT_IFLIST2                    = 0x6
+	NET_RT_MAXID                      = 0xa
+	NET_RT_STAT                       = 0x4
+	NET_RT_TRASH                      = 0x5
+	NFDBITS                           = 0x20
+	NL0                               = 0x0
+	NL1                               = 0x100
+	NL2                               = 0x200
+	NL3                               = 0x300
+	NLDLY                             = 0x300
+	NOFLSH                            = 0x80000000
+	NOKERNINFO                        = 0x2000000
+	NOTE_ABSOLUTE                     = 0x8
+	NOTE_ATTRIB                       = 0x8
+	NOTE_BACKGROUND                   = 0x40
+	NOTE_CHILD                        = 0x4
+	NOTE_CRITICAL                     = 0x20
+	NOTE_DELETE                       = 0x1
+	NOTE_EXEC                         = 0x20000000
+	NOTE_EXIT                         = 0x80000000
+	NOTE_EXITSTATUS                   = 0x4000000
+	NOTE_EXIT_CSERROR                 = 0x40000
+	NOTE_EXIT_DECRYPTFAIL             = 0x10000
+	NOTE_EXIT_DETAIL                  = 0x2000000
+	NOTE_EXIT_DETAIL_MASK             = 0x70000
+	NOTE_EXIT_MEMORY                  = 0x20000
+	NOTE_EXIT_REPARENTED              = 0x80000
+	NOTE_EXTEND                       = 0x4
+	NOTE_FFAND                        = 0x40000000
+	NOTE_FFCOPY                       = 0xc0000000
+	NOTE_FFCTRLMASK                   = 0xc0000000
+	NOTE_FFLAGSMASK                   = 0xffffff
+	NOTE_FFNOP                        = 0x0
+	NOTE_FFOR                         = 0x80000000
+	NOTE_FORK                         = 0x40000000
+	NOTE_FUNLOCK                      = 0x100
+	NOTE_LEEWAY                       = 0x10
+	NOTE_LINK                         = 0x10
+	NOTE_LOWAT                        = 0x1
+	NOTE_MACH_CONTINUOUS_TIME         = 0x80
+	NOTE_NONE                         = 0x80
+	NOTE_NSECONDS                     = 0x4
+	NOTE_OOB                          = 0x2
+	NOTE_PCTRLMASK                    = -0x100000
+	NOTE_PDATAMASK                    = 0xfffff
+	NOTE_REAP                         = 0x10000000
+	NOTE_RENAME                       = 0x20
+	NOTE_REVOKE                       = 0x40
+	NOTE_SECONDS                      = 0x1
+	NOTE_SIGNAL                       = 0x8000000
+	NOTE_TRACK                        = 0x1
+	NOTE_TRACKERR                     = 0x2
+	NOTE_TRIGGER                      = 0x1000000
+	NOTE_USECONDS                     = 0x2
+	NOTE_VM_ERROR                     = 0x10000000
+	NOTE_VM_PRESSURE                  = 0x80000000
+	NOTE_VM_PRESSURE_SUDDEN_TERMINATE = 0x20000000
+	NOTE_VM_PRESSURE_TERMINATE        = 0x40000000
+	NOTE_WRITE                        = 0x2
+	OCRNL                             = 0x10
+	OFDEL                             = 0x20000
+	OFILL                             = 0x80
+	ONLCR                             = 0x2
+	ONLRET                            = 0x40
+	ONOCR                             = 0x20
+	ONOEOT                            = 0x8
+	OPOST                             = 0x1
+	OXTABS                            = 0x4
+	O_ACCMODE                         = 0x3
+	O_ALERT                           = 0x20000000
+	O_APPEND                          = 0x8
+	O_ASYNC                           = 0x40
+	O_CLOEXEC                         = 0x1000000
+	O_CREAT                           = 0x200
+	O_DIRECTORY                       = 0x100000
+	O_DP_GETRAWENCRYPTED              = 0x1
+	O_DP_GETRAWUNENCRYPTED            = 0x2
+	O_DSYNC                           = 0x400000
+	O_EVTONLY                         = 0x8000
+	O_EXCL                            = 0x800
+	O_EXLOCK                          = 0x20
+	O_FSYNC                           = 0x80
+	O_NDELAY                          = 0x4
+	O_NOCTTY                          = 0x20000
+	O_NOFOLLOW                        = 0x100
+	O_NONBLOCK                        = 0x4
+	O_POPUP                           = 0x80000000
+	O_RDONLY                          = 0x0
+	O_RDWR                            = 0x2
+	O_SHLOCK                          = 0x10
+	O_SYMLINK                         = 0x200000
+	O_SYNC                            = 0x80
+	O_TRUNC                           = 0x400
+	O_WRONLY                          = 0x1
+	PARENB                            = 0x1000
+	PARMRK                            = 0x8
+	PARODD                            = 0x2000
+	PENDIN                            = 0x20000000
+	PRIO_PGRP                         = 0x1
+	PRIO_PROCESS                      = 0x0
+	PRIO_USER                         = 0x2
+	PROT_EXEC                         = 0x4
+	PROT_NONE                         = 0x0
+	PROT_READ                         = 0x1
+	PROT_WRITE                        = 0x2
+	PT_ATTACH                         = 0xa
+	PT_ATTACHEXC                      = 0xe
+	PT_CONTINUE                       = 0x7
+	PT_DENY_ATTACH                    = 0x1f
+	PT_DETACH                         = 0xb
+	PT_FIRSTMACH                      = 0x20
+	PT_FORCEQUOTA                     = 0x1e
+	PT_KILL                           = 0x8
+	PT_READ_D                         = 0x2
+	PT_READ_I                         = 0x1
+	PT_READ_U                         = 0x3
+	PT_SIGEXC                         = 0xc
+	PT_STEP                           = 0x9
+	PT_THUPDATE                       = 0xd
+	PT_TRACE_ME                       = 0x0
+	PT_WRITE_D                        = 0x5
+	PT_WRITE_I                        = 0x4
+	PT_WRITE_U                        = 0x6
+	RLIMIT_AS                         = 0x5
+	RLIMIT_CORE                       = 0x4
+	RLIMIT_CPU                        = 0x0
+	RLIMIT_CPU_USAGE_MONITOR          = 0x2
+	RLIMIT_DATA                       = 0x2
+	RLIMIT_FSIZE                      = 0x1
+	RLIMIT_MEMLOCK                    = 0x6
+	RLIMIT_NOFILE                     = 0x8
+	RLIMIT_NPROC                      = 0x7
+	RLIMIT_RSS                        = 0x5
+	RLIMIT_STACK                      = 0x3
+	RLIM_INFINITY                     = 0x7fffffffffffffff
+	RTAX_AUTHOR                       = 0x6
+	RTAX_BRD                          = 0x7
+	RTAX_DST                          = 0x0
+	RTAX_GATEWAY                      = 0x1
+	RTAX_GENMASK                      = 0x3
+	RTAX_IFA                          = 0x5
+	RTAX_IFP                          = 0x4
+	RTAX_MAX                          = 0x8
+	RTAX_NETMASK                      = 0x2
+	RTA_AUTHOR                        = 0x40
+	RTA_BRD                           = 0x80
+	RTA_DST                           = 0x1
+	RTA_GATEWAY                       = 0x2
+	RTA_GENMASK                       = 0x8
+	RTA_IFA                           = 0x20
+	RTA_IFP                           = 0x10
+	RTA_NETMASK                       = 0x4
+	RTF_BLACKHOLE                     = 0x1000
+	RTF_BROADCAST                     = 0x400000
+	RTF_CLONING                       = 0x100
+	RTF_CONDEMNED                     = 0x2000000
+	RTF_DELCLONE                      = 0x80
+	RTF_DONE                          = 0x40
+	RTF_DYNAMIC                       = 0x10
+	RTF_GATEWAY                       = 0x2
+	RTF_HOST                          = 0x4
+	RTF_IFREF                         = 0x4000000
+	RTF_IFSCOPE                       = 0x1000000
+	RTF_LLINFO                        = 0x400
+	RTF_LOCAL                         = 0x200000
+	RTF_MODIFIED                      = 0x20
+	RTF_MULTICAST                     = 0x800000
+	RTF_NOIFREF                       = 0x2000
+	RTF_PINNED                        = 0x100000
+	RTF_PRCLONING                     = 0x10000
+	RTF_PROTO1                        = 0x8000
+	RTF_PROTO2                        = 0x4000
+	RTF_PROTO3                        = 0x40000
+	RTF_PROXY                         = 0x8000000
+	RTF_REJECT                        = 0x8
+	RTF_ROUTER                        = 0x10000000
+	RTF_STATIC                        = 0x800
+	RTF_UP                            = 0x1
+	RTF_WASCLONED                     = 0x20000
+	RTF_XRESOLVE                      = 0x200
+	RTM_ADD                           = 0x1
+	RTM_CHANGE                        = 0x3
+	RTM_DELADDR                       = 0xd
+	RTM_DELETE                        = 0x2
+	RTM_DELMADDR                      = 0x10
+	RTM_GET                           = 0x4
+	RTM_GET2                          = 0x14
+	RTM_IFINFO                        = 0xe
+	RTM_IFINFO2                       = 0x12
+	RTM_LOCK                          = 0x8
+	RTM_LOSING                        = 0x5
+	RTM_MISS                          = 0x7
+	RTM_NEWADDR                       = 0xc
+	RTM_NEWMADDR                      = 0xf
+	RTM_NEWMADDR2                     = 0x13
+	RTM_OLDADD                        = 0x9
+	RTM_OLDDEL                        = 0xa
+	RTM_REDIRECT                      = 0x6
+	RTM_RESOLVE                       = 0xb
+	RTM_RTTUNIT                       = 0xf4240
+	RTM_VERSION                       = 0x5
+	RTV_EXPIRE                        = 0x4
+	RTV_HOPCOUNT                      = 0x2
+	RTV_MTU                           = 0x1
+	RTV_RPIPE                         = 0x8
+	RTV_RTT                           = 0x40
+	RTV_RTTVAR                        = 0x80
+	RTV_SPIPE                         = 0x10
+	RTV_SSTHRESH                      = 0x20
+	RUSAGE_CHILDREN                   = -0x1
+	RUSAGE_SELF                       = 0x0
+	SCM_CREDS                         = 0x3
+	SCM_RIGHTS                        = 0x1
+	SCM_TIMESTAMP                     = 0x2
+	SCM_TIMESTAMP_MONOTONIC           = 0x4
+	SHUT_RD                           = 0x0
+	SHUT_RDWR                         = 0x2
+	SHUT_WR                           = 0x1
+	SIOCADDMULTI                      = 0x80206931
+	SIOCAIFADDR                       = 0x8040691a
+	SIOCARPIPLL                       = 0xc0206928
+	SIOCATMARK                        = 0x40047307
+	SIOCAUTOADDR                      = 0xc0206926
+	SIOCAUTONETMASK                   = 0x80206927
+	SIOCDELMULTI                      = 0x80206932
+	SIOCDIFADDR                       = 0x80206919
+	SIOCDIFPHYADDR                    = 0x80206941
+	SIOCGDRVSPEC                      = 0xc01c697b
+	SIOCGETVLAN                       = 0xc020697f
+	SIOCGHIWAT                        = 0x40047301
+	SIOCGIFADDR                       = 0xc0206921
+	SIOCGIFALTMTU                     = 0xc0206948
+	SIOCGIFASYNCMAP                   = 0xc020697c
+	SIOCGIFBOND                       = 0xc0206947
+	SIOCGIFBRDADDR                    = 0xc0206923
+	SIOCGIFCAP                        = 0xc020695b
+	SIOCGIFCONF                       = 0xc0086924
+	SIOCGIFDEVMTU                     = 0xc0206944
+	SIOCGIFDSTADDR                    = 0xc0206922
+	SIOCGIFFLAGS                      = 0xc0206911
+	SIOCGIFGENERIC                    = 0xc020693a
+	SIOCGIFKPI                        = 0xc0206987
+	SIOCGIFMAC                        = 0xc0206982
+	SIOCGIFMEDIA                      = 0xc0286938
+	SIOCGIFMETRIC                     = 0xc0206917
+	SIOCGIFMTU                        = 0xc0206933
+	SIOCGIFNETMASK                    = 0xc0206925
+	SIOCGIFPDSTADDR                   = 0xc0206940
+	SIOCGIFPHYS                       = 0xc0206935
+	SIOCGIFPSRCADDR                   = 0xc020693f
+	SIOCGIFSTATUS                     = 0xc331693d
+	SIOCGIFVLAN                       = 0xc020697f
+	SIOCGIFWAKEFLAGS                  = 0xc0206988
+	SIOCGLOWAT                        = 0x40047303
+	SIOCGPGRP                         = 0x40047309
+	SIOCIFCREATE                      = 0xc0206978
+	SIOCIFCREATE2                     = 0xc020697a
+	SIOCIFDESTROY                     = 0x80206979
+	SIOCIFGCLONERS                    = 0xc00c6981
+	SIOCRSLVMULTI                     = 0xc008693b
+	SIOCSDRVSPEC                      = 0x801c697b
+	SIOCSETVLAN                       = 0x8020697e
+	SIOCSHIWAT                        = 0x80047300
+	SIOCSIFADDR                       = 0x8020690c
+	SIOCSIFALTMTU                     = 0x80206945
+	SIOCSIFASYNCMAP                   = 0x8020697d
+	SIOCSIFBOND                       = 0x80206946
+	SIOCSIFBRDADDR                    = 0x80206913
+	SIOCSIFCAP                        = 0x8020695a
+	SIOCSIFDSTADDR                    = 0x8020690e
+	SIOCSIFFLAGS                      = 0x80206910
+	SIOCSIFGENERIC                    = 0x80206939
+	SIOCSIFKPI                        = 0x80206986
+	SIOCSIFLLADDR                     = 0x8020693c
+	SIOCSIFMAC                        = 0x80206983
+	SIOCSIFMEDIA                      = 0xc0206937
+	SIOCSIFMETRIC                     = 0x80206918
+	SIOCSIFMTU                        = 0x80206934
+	SIOCSIFNETMASK                    = 0x80206916
+	SIOCSIFPHYADDR                    = 0x8040693e
+	SIOCSIFPHYS                       = 0x80206936
+	SIOCSIFVLAN                       = 0x8020697e
+	SIOCSLOWAT                        = 0x80047302
+	SIOCSPGRP                         = 0x80047308
+	SOCK_DGRAM                        = 0x2
+	SOCK_MAXADDRLEN                   = 0xff
+	SOCK_RAW                          = 0x3
+	SOCK_RDM                          = 0x4
+	SOCK_SEQPACKET                    = 0x5
+	SOCK_STREAM                       = 0x1
+	SOL_SOCKET                        = 0xffff
+	SOMAXCONN                         = 0x80
+	SO_ACCEPTCONN                     = 0x2
+	SO_BROADCAST                      = 0x20
+	SO_DEBUG                          = 0x1
+	SO_DONTROUTE                      = 0x10
+	SO_DONTTRUNC                      = 0x2000
+	SO_ERROR                          = 0x1007
+	SO_KEEPALIVE                      = 0x8
+	SO_LABEL                          = 0x1010
+	SO_LINGER                         = 0x80
+	SO_LINGER_SEC                     = 0x1080
+	SO_NETSVC_MARKING_LEVEL           = 0x1119
+	SO_NET_SERVICE_TYPE               = 0x1116
+	SO_NKE                            = 0x1021
+	SO_NOADDRERR                      = 0x1023
+	SO_NOSIGPIPE                      = 0x1022
+	SO_NOTIFYCONFLICT                 = 0x1026
+	SO_NP_EXTENSIONS                  = 0x1083
+	SO_NREAD                          = 0x1020
+	SO_NUMRCVPKT                      = 0x1112
+	SO_NWRITE                         = 0x1024
+	SO_OOBINLINE                      = 0x100
+	SO_PEERLABEL                      = 0x1011
+	SO_RANDOMPORT                     = 0x1082
+	SO_RCVBUF                         = 0x1002
+	SO_RCVLOWAT                       = 0x1004
+	SO_RCVTIMEO                       = 0x1006
+	SO_REUSEADDR                      = 0x4
+	SO_REUSEPORT                      = 0x200
+	SO_REUSESHAREUID                  = 0x1025
+	SO_SNDBUF                         = 0x1001
+	SO_SNDLOWAT                       = 0x1003
+	SO_SNDTIMEO                       = 0x1005
+	SO_TIMESTAMP                      = 0x400
+	SO_TIMESTAMP_MONOTONIC            = 0x800
+	SO_TYPE                           = 0x1008
+	SO_UPCALLCLOSEWAIT                = 0x1027
+	SO_USELOOPBACK                    = 0x40
+	SO_WANTMORE                       = 0x4000
+	SO_WANTOOBFLAG                    = 0x8000
+	S_IEXEC                           = 0x40
+	S_IFBLK                           = 0x6000
+	S_IFCHR                           = 0x2000
+	S_IFDIR                           = 0x4000
+	S_IFIFO                           = 0x1000
+	S_IFLNK                           = 0xa000
+	S_IFMT                            = 0xf000
+	S_IFREG                           = 0x8000
+	S_IFSOCK                          = 0xc000
+	S_IFWHT                           = 0xe000
+	S_IREAD                           = 0x100
+	S_IRGRP                           = 0x20
+	S_IROTH                           = 0x4
+	S_IRUSR                           = 0x100
+	S_IRWXG                           = 0x38
+	S_IRWXO                           = 0x7
+	S_IRWXU                           = 0x1c0
+	S_ISGID                           = 0x400
+	S_ISTXT                           = 0x200
+	S_ISUID                           = 0x800
+	S_ISVTX                           = 0x200
+	S_IWGRP                           = 0x10
+	S_IWOTH                           = 0x2
+	S_IWRITE                          = 0x80
+	S_IWUSR                           = 0x80
+	S_IXGRP                           = 0x8
+	S_IXOTH                           = 0x1
+	S_IXUSR                           = 0x40
+	TAB0                              = 0x0
+	TAB1                              = 0x400
+	TAB2                              = 0x800
+	TAB3                              = 0x4
+	TABDLY                            = 0xc04
+	TCIFLUSH                          = 0x1
+	TCIOFF                            = 0x3
+	TCIOFLUSH                         = 0x3
+	TCION                             = 0x4
+	TCOFLUSH                          = 0x2
+	TCOOFF                            = 0x1
+	TCOON                             = 0x2
+	TCP_CONNECTIONTIMEOUT             = 0x20
+	TCP_CONNECTION_INFO               = 0x106
+	TCP_ENABLE_ECN                    = 0x104
+	TCP_FASTOPEN                      = 0x105
+	TCP_KEEPALIVE                     = 0x10
+	TCP_KEEPCNT                       = 0x102
+	TCP_KEEPINTVL                     = 0x101
+	TCP_MAXHLEN                       = 0x3c
+	TCP_MAXOLEN                       = 0x28
+	TCP_MAXSEG                        = 0x2
+	TCP_MAXWIN                        = 0xffff
+	TCP_MAX_SACK                      = 0x4
+	TCP_MAX_WINSHIFT                  = 0xe
+	TCP_MINMSS                        = 0xd8
+	TCP_MSS                           = 0x200
+	TCP_NODELAY                       = 0x1
+	TCP_NOOPT                         = 0x8
+	TCP_NOPUSH                        = 0x4
+	TCP_NOTSENT_LOWAT                 = 0x201
+	TCP_RXT_CONNDROPTIME              = 0x80
+	TCP_RXT_FINDROP                   = 0x100
+	TCP_SENDMOREACKS                  = 0x103
+	TCSAFLUSH                         = 0x2
+	TIOCCBRK                          = 0x2000747a
+	TIOCCDTR                          = 0x20007478
+	TIOCCONS                          = 0x80047462
+	TIOCDCDTIMESTAMP                  = 0x40087458
+	TIOCDRAIN                         = 0x2000745e
+	TIOCDSIMICROCODE                  = 0x20007455
+	TIOCEXCL                          = 0x2000740d
+	TIOCEXT                           = 0x80047460
+	TIOCFLUSH                         = 0x80047410
+	TIOCGDRAINWAIT                    = 0x40047456
+	TIOCGETA                          = 0x402c7413
+	TIOCGETD                          = 0x4004741a
+	TIOCGPGRP                         = 0x40047477
+	TIOCGWINSZ                        = 0x40087468
+	TIOCIXOFF                         = 0x20007480
+	TIOCIXON                          = 0x20007481
+	TIOCMBIC                          = 0x8004746b
+	TIOCMBIS                          = 0x8004746c
+	TIOCMGDTRWAIT                     = 0x4004745a
+	TIOCMGET                          = 0x4004746a
+	TIOCMODG                          = 0x40047403
+	TIOCMODS                          = 0x80047404
+	TIOCMSDTRWAIT                     = 0x8004745b
+	TIOCMSET                          = 0x8004746d
+	TIOCM_CAR                         = 0x40
+	TIOCM_CD                          = 0x40
+	TIOCM_CTS                         = 0x20
+	TIOCM_DSR                         = 0x100
+	TIOCM_DTR                         = 0x2
+	TIOCM_LE                          = 0x1
+	TIOCM_RI                          = 0x80
+	TIOCM_RNG                         = 0x80
+	TIOCM_RTS                         = 0x4
+	TIOCM_SR                          = 0x10
+	TIOCM_ST                          = 0x8
+	TIOCNOTTY                         = 0x20007471
+	TIOCNXCL                          = 0x2000740e
+	TIOCOUTQ                          = 0x40047473
+	TIOCPKT                           = 0x80047470
+	TIOCPKT_DATA                      = 0x0
+	TIOCPKT_DOSTOP                    = 0x20
+	TIOCPKT_FLUSHREAD                 = 0x1
+	TIOCPKT_FLUSHWRITE                = 0x2
+	TIOCPKT_IOCTL                     = 0x40
+	TIOCPKT_NOSTOP                    = 0x10
+	TIOCPKT_START                     = 0x8
+	TIOCPKT_STOP                      = 0x4
+	TIOCPTYGNAME                      = 0x40807453
+	TIOCPTYGRANT                      = 0x20007454
+	TIOCPTYUNLK                       = 0x20007452
+	TIOCREMOTE                        = 0x80047469
+	TIOCSBRK                          = 0x2000747b
+	TIOCSCONS                         = 0x20007463
+	TIOCSCTTY                         = 0x20007461
+	TIOCSDRAINWAIT                    = 0x80047457
+	TIOCSDTR                          = 0x20007479
+	TIOCSETA                          = 0x802c7414
+	TIOCSETAF                         = 0x802c7416
+	TIOCSETAW                         = 0x802c7415
+	TIOCSETD                          = 0x8004741b
+	TIOCSIG                           = 0x2000745f
+	TIOCSPGRP                         = 0x80047476
+	TIOCSTART                         = 0x2000746e
+	TIOCSTAT                          = 0x20007465
+	TIOCSTI                           = 0x80017472
+	TIOCSTOP                          = 0x2000746f
+	TIOCSWINSZ                        = 0x80087467
+	TIOCTIMESTAMP                     = 0x40087459
+	TIOCUCNTL                         = 0x80047466
+	TOSTOP                            = 0x400000
+	VDISCARD                          = 0xf
+	VDSUSP                            = 0xb
+	VEOF                              = 0x0
+	VEOL                              = 0x1
+	VEOL2                             = 0x2
+	VERASE                            = 0x3
+	VINTR                             = 0x8
+	VKILL                             = 0x5
+	VLNEXT                            = 0xe
+	VMIN                              = 0x10
+	VM_LOADAVG                        = 0x2
+	VM_MACHFACTOR                     = 0x4
+	VM_MAXID                          = 0x6
+	VM_METER                          = 0x1
+	VM_SWAPUSAGE                      = 0x5
+	VQUIT                             = 0x9
+	VREPRINT                          = 0x6
+	VSTART                            = 0xc
+	VSTATUS                           = 0x12
+	VSTOP                             = 0xd
+	VSUSP                             = 0xa
+	VT0                               = 0x0
+	VT1                               = 0x10000
+	VTDLY                             = 0x10000
+	VTIME                             = 0x11
+	VWERASE                           = 0x4
+	WCONTINUED                        = 0x10
+	WCOREFLAG                         = 0x80
+	WEXITED                           = 0x4
+	WNOHANG                           = 0x1
+	WNOWAIT                           = 0x20
+	WORDSIZE                          = 0x20
+	WSTOPPED                          = 0x8
+	WUNTRACED                         = 0x2
+	XATTR_CREATE                      = 0x2
+	XATTR_NODEFAULT                   = 0x10
+	XATTR_NOFOLLOW                    = 0x1
+	XATTR_NOSECURITY                  = 0x8
+	XATTR_REPLACE                     = 0x4
+	XATTR_SHOWCOMPRESSION             = 0x20
+)
+
+// Errors
+const (
+	E2BIG           = syscall.Errno(0x7)
+	EACCES          = syscall.Errno(0xd)
+	EADDRINUSE      = syscall.Errno(0x30)
+	EADDRNOTAVAIL   = syscall.Errno(0x31)
+	EAFNOSUPPORT    = syscall.Errno(0x2f)
+	EAGAIN          = syscall.Errno(0x23)
+	EALREADY        = syscall.Errno(0x25)
+	EAUTH           = syscall.Errno(0x50)
+	EBADARCH        = syscall.Errno(0x56)
+	EBADEXEC        = syscall.Errno(0x55)
+	EBADF           = syscall.Errno(0x9)
+	EBADMACHO       = syscall.Errno(0x58)
+	EBADMSG         = syscall.Errno(0x5e)
+	EBADRPC         = syscall.Errno(0x48)
+	EBUSY           = syscall.Errno(0x10)
+	ECANCELED       = syscall.Errno(0x59)
+	ECHILD          = syscall.Errno(0xa)
+	ECONNABORTED    = syscall.Errno(0x35)
+	ECONNREFUSED    = syscall.Errno(0x3d)
+	ECONNRESET      = syscall.Errno(0x36)
+	EDEADLK         = syscall.Errno(0xb)
+	EDESTADDRREQ    = syscall.Errno(0x27)
+	EDEVERR         = syscall.Errno(0x53)
+	EDOM            = syscall.Errno(0x21)
+	EDQUOT          = syscall.Errno(0x45)
+	EEXIST          = syscall.Errno(0x11)
+	EFAULT          = syscall.Errno(0xe)
+	EFBIG           = syscall.Errno(0x1b)
+	EFTYPE          = syscall.Errno(0x4f)
+	EHOSTDOWN       = syscall.Errno(0x40)
+	EHOSTUNREACH    = syscall.Errno(0x41)
+	EIDRM           = syscall.Errno(0x5a)
+	EILSEQ          = syscall.Errno(0x5c)
+	EINPROGRESS     = syscall.Errno(0x24)
+	EINTR           = syscall.Errno(0x4)
+	EINVAL          = syscall.Errno(0x16)
+	EIO             = syscall.Errno(0x5)
+	EISCONN         = syscall.Errno(0x38)
+	EISDIR          = syscall.Errno(0x15)
+	ELAST           = syscall.Errno(0x6a)
+	ELOOP           = syscall.Errno(0x3e)
+	EMFILE          = syscall.Errno(0x18)
+	EMLINK          = syscall.Errno(0x1f)
+	EMSGSIZE        = syscall.Errno(0x28)
+	EMULTIHOP       = syscall.Errno(0x5f)
+	ENAMETOOLONG    = syscall.Errno(0x3f)
+	ENEEDAUTH       = syscall.Errno(0x51)
+	ENETDOWN        = syscall.Errno(0x32)
+	ENETRESET       = syscall.Errno(0x34)
+	ENETUNREACH     = syscall.Errno(0x33)
+	ENFILE          = syscall.Errno(0x17)
+	ENOATTR         = syscall.Errno(0x5d)
+	ENOBUFS         = syscall.Errno(0x37)
+	ENODATA         = syscall.Errno(0x60)
+	ENODEV          = syscall.Errno(0x13)
+	ENOENT          = syscall.Errno(0x2)
+	ENOEXEC         = syscall.Errno(0x8)
+	ENOLCK          = syscall.Errno(0x4d)
+	ENOLINK         = syscall.Errno(0x61)
+	ENOMEM          = syscall.Errno(0xc)
+	ENOMSG          = syscall.Errno(0x5b)
+	ENOPOLICY       = syscall.Errno(0x67)
+	ENOPROTOOPT     = syscall.Errno(0x2a)
+	ENOSPC          = syscall.Errno(0x1c)
+	ENOSR           = syscall.Errno(0x62)
+	ENOSTR          = syscall.Errno(0x63)
+	ENOSYS          = syscall.Errno(0x4e)
+	ENOTBLK         = syscall.Errno(0xf)
+	ENOTCONN        = syscall.Errno(0x39)
+	ENOTDIR         = syscall.Errno(0x14)
+	ENOTEMPTY       = syscall.Errno(0x42)
+	ENOTRECOVERABLE = syscall.Errno(0x68)
+	ENOTSOCK        = syscall.Errno(0x26)
+	ENOTSUP         = syscall.Errno(0x2d)
+	ENOTTY          = syscall.Errno(0x19)
+	ENXIO           = syscall.Errno(0x6)
+	EOPNOTSUPP      = syscall.Errno(0x66)
+	EOVERFLOW       = syscall.Errno(0x54)
+	EOWNERDEAD      = syscall.Errno(0x69)
+	EPERM           = syscall.Errno(0x1)
+	EPFNOSUPPORT    = syscall.Errno(0x2e)
+	EPIPE           = syscall.Errno(0x20)
+	EPROCLIM        = syscall.Errno(0x43)
+	EPROCUNAVAIL    = syscall.Errno(0x4c)
+	EPROGMISMATCH   = syscall.Errno(0x4b)
+	EPROGUNAVAIL    = syscall.Errno(0x4a)
+	EPROTO          = syscall.Errno(0x64)
+	EPROTONOSUPPORT = syscall.Errno(0x2b)
+	EPROTOTYPE      = syscall.Errno(0x29)
+	EPWROFF         = syscall.Errno(0x52)
+	EQFULL          = syscall.Errno(0x6a)
+	ERANGE          = syscall.Errno(0x22)
+	EREMOTE         = syscall.Errno(0x47)
+	EROFS           = syscall.Errno(0x1e)
+	ERPCMISMATCH    = syscall.Errno(0x49)
+	ESHLIBVERS      = syscall.Errno(0x57)
+	ESHUTDOWN       = syscall.Errno(0x3a)
+	ESOCKTNOSUPPORT = syscall.Errno(0x2c)
+	ESPIPE          = syscall.Errno(0x1d)
+	ESRCH           = syscall.Errno(0x3)
+	ESTALE          = syscall.Errno(0x46)
+	ETIME           = syscall.Errno(0x65)
+	ETIMEDOUT       = syscall.Errno(0x3c)
+	ETOOMANYREFS    = syscall.Errno(0x3b)
+	ETXTBSY         = syscall.Errno(0x1a)
+	EUSERS          = syscall.Errno(0x44)
+	EWOULDBLOCK     = syscall.Errno(0x23)
+	EXDEV           = syscall.Errno(0x12)
+)
+
+// Signals
+const (
+	SIGABRT   = syscall.Signal(0x6)
+	SIGALRM   = syscall.Signal(0xe)
+	SIGBUS    = syscall.Signal(0xa)
+	SIGCHLD   = syscall.Signal(0x14)
+	SIGCONT   = syscall.Signal(0x13)
+	SIGEMT    = syscall.Signal(0x7)
+	SIGFPE    = syscall.Signal(0x8)
+	SIGHUP    = syscall.Signal(0x1)
+	SIGILL    = syscall.Signal(0x4)
+	SIGINFO   = syscall.Signal(0x1d)
+	SIGINT    = syscall.Signal(0x2)
+	SIGIO     = syscall.Signal(0x17)
+	SIGIOT    = syscall.Signal(0x6)
+	SIGKILL   = syscall.Signal(0x9)
+	SIGPIPE   = syscall.Signal(0xd)
+	SIGPROF   = syscall.Signal(0x1b)
+	SIGQUIT   = syscall.Signal(0x3)
+	SIGSEGV   = syscall.Signal(0xb)
+	SIGSTOP   = syscall.Signal(0x11)
+	SIGSYS    = syscall.Signal(0xc)
+	SIGTERM   = syscall.Signal(0xf)
+	SIGTRAP   = syscall.Signal(0x5)
+	SIGTSTP   = syscall.Signal(0x12)
+	SIGTTIN   = syscall.Signal(0x15)
+	SIGTTOU   = syscall.Signal(0x16)
+	SIGURG    = syscall.Signal(0x10)
+	SIGUSR1   = syscall.Signal(0x1e)
+	SIGUSR2   = syscall.Signal(0x1f)
+	SIGVTALRM = syscall.Signal(0x1a)
+	SIGWINCH  = syscall.Signal(0x1c)
+	SIGXCPU   = syscall.Signal(0x18)
+	SIGXFSZ   = syscall.Signal(0x19)
+)
+
+// Error table
+var errorList = [...]struct {
+	num  syscall.Errno
+	name string
+	desc string
+}{
+	{1, "EPERM", "operation not permitted"},
+	{2, "ENOENT", "no such file or directory"},
+	{3, "ESRCH", "no such process"},
+	{4, "EINTR", "interrupted system call"},
+	{5, "EIO", "input/output error"},
+	{6, "ENXIO", "device not configured"},
+	{7, "E2BIG", "argument list too long"},
+	{8, "ENOEXEC", "exec format error"},
+	{9, "EBADF", "bad file descriptor"},
+	{10, "ECHILD", "no child processes"},
+	{11, "EDEADLK", "resource deadlock avoided"},
+	{12, "ENOMEM", "cannot allocate memory"},
+	{13, "EACCES", "permission denied"},
+	{14, "EFAULT", "bad address"},
+	{15, "ENOTBLK", "block device required"},
+	{16, "EBUSY", "resource busy"},
+	{17, "EEXIST", "file exists"},
+	{18, "EXDEV", "cross-device link"},
+	{19, "ENODEV", "operation not supported by device"},
+	{20, "ENOTDIR", "not a directory"},
+	{21, "EISDIR", "is a directory"},
+	{22, "EINVAL", "invalid argument"},
+	{23, "ENFILE", "too many open files in system"},
+	{24, "EMFILE", "too many open files"},
+	{25, "ENOTTY", "inappropriate ioctl for device"},
+	{26, "ETXTBSY", "text file busy"},
+	{27, "EFBIG", "file too large"},
+	{28, "ENOSPC", "no space left on device"},
+	{29, "ESPIPE", "illegal seek"},
+	{30, "EROFS", "read-only file system"},
+	{31, "EMLINK", "too many links"},
+	{32, "EPIPE", "broken pipe"},
+	{33, "EDOM", "numerical argument out of domain"},
+	{34, "ERANGE", "result too large"},
+	{35, "EAGAIN", "resource temporarily unavailable"},
+	{36, "EINPROGRESS", "operation now in progress"},
+	{37, "EALREADY", "operation already in progress"},
+	{38, "ENOTSOCK", "socket operation on non-socket"},
+	{39, "EDESTADDRREQ", "destination address required"},
+	{40, "EMSGSIZE", "message too long"},
+	{41, "EPROTOTYPE", "protocol wrong type for socket"},
+	{42, "ENOPROTOOPT", "protocol not available"},
+	{43, "EPROTONOSUPPORT", "protocol not supported"},
+	{44, "ESOCKTNOSUPPORT", "socket type not supported"},
+	{45, "ENOTSUP", "operation not supported"},
+	{46, "EPFNOSUPPORT", "protocol family not supported"},
+	{47, "EAFNOSUPPORT", "address family not supported by protocol family"},
+	{48, "EADDRINUSE", "address already in use"},
+	{49, "EADDRNOTAVAIL", "can't assign requested address"},
+	{50, "ENETDOWN", "network is down"},
+	{51, "ENETUNREACH", "network is unreachable"},
+	{52, "ENETRESET", "network dropped connection on reset"},
+	{53, "ECONNABORTED", "software caused connection abort"},
+	{54, "ECONNRESET", "connection reset by peer"},
+	{55, "ENOBUFS", "no buffer space available"},
+	{56, "EISCONN", "socket is already connected"},
+	{57, "ENOTCONN", "socket is not connected"},
+	{58, "ESHUTDOWN", "can't send after socket shutdown"},
+	{59, "ETOOMANYREFS", "too many references: can't splice"},
+	{60, "ETIMEDOUT", "operation timed out"},
+	{61, "ECONNREFUSED", "connection refused"},
+	{62, "ELOOP", "too many levels of symbolic links"},
+	{63, "ENAMETOOLONG", "file name too long"},
+	{64, "EHOSTDOWN", "host is down"},
+	{65, "EHOSTUNREACH", "no route to host"},
+	{66, "ENOTEMPTY", "directory not empty"},
+	{67, "EPROCLIM", "too many processes"},
+	{68, "EUSERS", "too many users"},
+	{69, "EDQUOT", "disc quota exceeded"},
+	{70, "ESTALE", "stale NFS file handle"},
+	{71, "EREMOTE", "too many levels of remote in path"},
+	{72, "EBADRPC", "RPC struct is bad"},
+	{73, "ERPCMISMATCH", "RPC version wrong"},
+	{74, "EPROGUNAVAIL", "RPC prog. not avail"},
+	{75, "EPROGMISMATCH", "program version wrong"},
+	{76, "EPROCUNAVAIL", "bad procedure for program"},
+	{77, "ENOLCK", "no locks available"},
+	{78, "ENOSYS", "function not implemented"},
+	{79, "EFTYPE", "inappropriate file type or format"},
+	{80, "EAUTH", "authentication error"},
+	{81, "ENEEDAUTH", "need authenticator"},
+	{82, "EPWROFF", "device power is off"},
+	{83, "EDEVERR", "device error"},
+	{84, "EOVERFLOW", "value too large to be stored in data type"},
+	{85, "EBADEXEC", "bad executable (or shared library)"},
+	{86, "EBADARCH", "bad CPU type in executable"},
+	{87, "ESHLIBVERS", "shared library version mismatch"},
+	{88, "EBADMACHO", "malformed Mach-o file"},
+	{89, "ECANCELED", "operation canceled"},
+	{90, "EIDRM", "identifier removed"},
+	{91, "ENOMSG", "no message of desired type"},
+	{92, "EILSEQ", "illegal byte sequence"},
+	{93, "ENOATTR", "attribute not found"},
+	{94, "EBADMSG", "bad message"},
+	{95, "EMULTIHOP", "EMULTIHOP (Reserved)"},
+	{96, "ENODATA", "no message available on STREAM"},
+	{97, "ENOLINK", "ENOLINK (Reserved)"},
+	{98, "ENOSR", "no STREAM resources"},
+	{99, "ENOSTR", "not a STREAM"},
+	{100, "EPROTO", "protocol error"},
+	{101, "ETIME", "STREAM ioctl timeout"},
+	{102, "EOPNOTSUPP", "operation not supported on socket"},
+	{103, "ENOPOLICY", "policy not found"},
+	{104, "ENOTRECOVERABLE", "state not recoverable"},
+	{105, "EOWNERDEAD", "previous owner died"},
+	{106, "EQFULL", "interface output queue is full"},
+}
+
+// Signal table
+var signalList = [...]struct {
+	num  syscall.Signal
+	name string
+	desc string
+}{
+	{1, "SIGHUP", "hangup"},
+	{2, "SIGINT", "interrupt"},
+	{3, "SIGQUIT", "quit"},
+	{4, "SIGILL", "illegal instruction"},
+	{5, "SIGTRAP", "trace/BPT trap"},
+	{6, "SIGABRT", "abort trap"},
+	{7, "SIGEMT", "EMT trap"},
+	{8, "SIGFPE", "floating point exception"},
+	{9, "SIGKILL", "killed"},
+	{10, "SIGBUS", "bus error"},
+	{11, "SIGSEGV", "segmentation fault"},
+	{12, "SIGSYS", "bad system call"},
+	{13, "SIGPIPE", "broken pipe"},
+	{14, "SIGALRM", "alarm clock"},
+	{15, "SIGTERM", "terminated"},
+	{16, "SIGURG", "urgent I/O condition"},
+	{17, "SIGSTOP", "suspended (signal)"},
+	{18, "SIGTSTP", "suspended"},
+	{19, "SIGCONT", "continued"},
+	{20, "SIGCHLD", "child exited"},
+	{21, "SIGTTIN", "stopped (tty input)"},
+	{22, "SIGTTOU", "stopped (tty output)"},
+	{23, "SIGIO", "I/O possible"},
+	{24, "SIGXCPU", "cputime limit exceeded"},
+	{25, "SIGXFSZ", "filesize limit exceeded"},
+	{26, "SIGVTALRM", "virtual timer expired"},
+	{27, "SIGPROF", "profiling timer expired"},
+	{28, "SIGWINCH", "window size changes"},
+	{29, "SIGINFO", "information request"},
+	{30, "SIGUSR1", "user defined signal 1"},
+	{31, "SIGUSR2", "user defined signal 2"},
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go
new file mode 100644
index 000000000..db767eb25
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go
@@ -0,0 +1,1786 @@
+// mkerrors.sh -m64
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build amd64,darwin
+
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs -- -m64 _const.go
+
+package unix
+
+import "syscall"
+
+const (
+	AF_APPLETALK                      = 0x10
+	AF_CCITT                          = 0xa
+	AF_CHAOS                          = 0x5
+	AF_CNT                            = 0x15
+	AF_COIP                           = 0x14
+	AF_DATAKIT                        = 0x9
+	AF_DECnet                         = 0xc
+	AF_DLI                            = 0xd
+	AF_E164                           = 0x1c
+	AF_ECMA                           = 0x8
+	AF_HYLINK                         = 0xf
+	AF_IEEE80211                      = 0x25
+	AF_IMPLINK                        = 0x3
+	AF_INET                           = 0x2
+	AF_INET6                          = 0x1e
+	AF_IPX                            = 0x17
+	AF_ISDN                           = 0x1c
+	AF_ISO                            = 0x7
+	AF_LAT                            = 0xe
+	AF_LINK                           = 0x12
+	AF_LOCAL                          = 0x1
+	AF_MAX                            = 0x28
+	AF_NATM                           = 0x1f
+	AF_NDRV                           = 0x1b
+	AF_NETBIOS                        = 0x21
+	AF_NS                             = 0x6
+	AF_OSI                            = 0x7
+	AF_PPP                            = 0x22
+	AF_PUP                            = 0x4
+	AF_RESERVED_36                    = 0x24
+	AF_ROUTE                          = 0x11
+	AF_SIP                            = 0x18
+	AF_SNA                            = 0xb
+	AF_SYSTEM                         = 0x20
+	AF_UNIX                           = 0x1
+	AF_UNSPEC                         = 0x0
+	AF_UTUN                           = 0x26
+	ALTWERASE                         = 0x200
+	ATTR_BIT_MAP_COUNT                = 0x5
+	ATTR_CMN_ACCESSMASK               = 0x20000
+	ATTR_CMN_ACCTIME                  = 0x1000
+	ATTR_CMN_ADDEDTIME                = 0x10000000
+	ATTR_CMN_BKUPTIME                 = 0x2000
+	ATTR_CMN_CHGTIME                  = 0x800
+	ATTR_CMN_CRTIME                   = 0x200
+	ATTR_CMN_DATA_PROTECT_FLAGS       = 0x40000000
+	ATTR_CMN_DEVID                    = 0x2
+	ATTR_CMN_DOCUMENT_ID              = 0x100000
+	ATTR_CMN_ERROR                    = 0x20000000
+	ATTR_CMN_EXTENDED_SECURITY        = 0x400000
+	ATTR_CMN_FILEID                   = 0x2000000
+	ATTR_CMN_FLAGS                    = 0x40000
+	ATTR_CMN_FNDRINFO                 = 0x4000
+	ATTR_CMN_FSID                     = 0x4
+	ATTR_CMN_FULLPATH                 = 0x8000000
+	ATTR_CMN_GEN_COUNT                = 0x80000
+	ATTR_CMN_GRPID                    = 0x10000
+	ATTR_CMN_GRPUUID                  = 0x1000000
+	ATTR_CMN_MODTIME                  = 0x400
+	ATTR_CMN_NAME                     = 0x1
+	ATTR_CMN_NAMEDATTRCOUNT           = 0x80000
+	ATTR_CMN_NAMEDATTRLIST            = 0x100000
+	ATTR_CMN_OBJID                    = 0x20
+	ATTR_CMN_OBJPERMANENTID           = 0x40
+	ATTR_CMN_OBJTAG                   = 0x10
+	ATTR_CMN_OBJTYPE                  = 0x8
+	ATTR_CMN_OWNERID                  = 0x8000
+	ATTR_CMN_PARENTID                 = 0x4000000
+	ATTR_CMN_PAROBJID                 = 0x80
+	ATTR_CMN_RETURNED_ATTRS           = 0x80000000
+	ATTR_CMN_SCRIPT                   = 0x100
+	ATTR_CMN_SETMASK                  = 0x41c7ff00
+	ATTR_CMN_USERACCESS               = 0x200000
+	ATTR_CMN_UUID                     = 0x800000
+	ATTR_CMN_VALIDMASK                = 0xffffffff
+	ATTR_CMN_VOLSETMASK               = 0x6700
+	ATTR_FILE_ALLOCSIZE               = 0x4
+	ATTR_FILE_CLUMPSIZE               = 0x10
+	ATTR_FILE_DATAALLOCSIZE           = 0x400
+	ATTR_FILE_DATAEXTENTS             = 0x800
+	ATTR_FILE_DATALENGTH              = 0x200
+	ATTR_FILE_DEVTYPE                 = 0x20
+	ATTR_FILE_FILETYPE                = 0x40
+	ATTR_FILE_FORKCOUNT               = 0x80
+	ATTR_FILE_FORKLIST                = 0x100
+	ATTR_FILE_IOBLOCKSIZE             = 0x8
+	ATTR_FILE_LINKCOUNT               = 0x1
+	ATTR_FILE_RSRCALLOCSIZE           = 0x2000
+	ATTR_FILE_RSRCEXTENTS             = 0x4000
+	ATTR_FILE_RSRCLENGTH              = 0x1000
+	ATTR_FILE_SETMASK                 = 0x20
+	ATTR_FILE_TOTALSIZE               = 0x2
+	ATTR_FILE_VALIDMASK               = 0x37ff
+	ATTR_VOL_ALLOCATIONCLUMP          = 0x40
+	ATTR_VOL_ATTRIBUTES               = 0x40000000
+	ATTR_VOL_CAPABILITIES             = 0x20000
+	ATTR_VOL_DIRCOUNT                 = 0x400
+	ATTR_VOL_ENCODINGSUSED            = 0x10000
+	ATTR_VOL_FILECOUNT                = 0x200
+	ATTR_VOL_FSTYPE                   = 0x1
+	ATTR_VOL_INFO                     = 0x80000000
+	ATTR_VOL_IOBLOCKSIZE              = 0x80
+	ATTR_VOL_MAXOBJCOUNT              = 0x800
+	ATTR_VOL_MINALLOCATION            = 0x20
+	ATTR_VOL_MOUNTEDDEVICE            = 0x8000
+	ATTR_VOL_MOUNTFLAGS               = 0x4000
+	ATTR_VOL_MOUNTPOINT               = 0x1000
+	ATTR_VOL_NAME                     = 0x2000
+	ATTR_VOL_OBJCOUNT                 = 0x100
+	ATTR_VOL_QUOTA_SIZE               = 0x10000000
+	ATTR_VOL_RESERVED_SIZE            = 0x20000000
+	ATTR_VOL_SETMASK                  = 0x80002000
+	ATTR_VOL_SIGNATURE                = 0x2
+	ATTR_VOL_SIZE                     = 0x4
+	ATTR_VOL_SPACEAVAIL               = 0x10
+	ATTR_VOL_SPACEFREE                = 0x8
+	ATTR_VOL_UUID                     = 0x40000
+	ATTR_VOL_VALIDMASK                = 0xf007ffff
+	B0                                = 0x0
+	B110                              = 0x6e
+	B115200                           = 0x1c200
+	B1200                             = 0x4b0
+	B134                              = 0x86
+	B14400                            = 0x3840
+	B150                              = 0x96
+	B1800                             = 0x708
+	B19200                            = 0x4b00
+	B200                              = 0xc8
+	B230400                           = 0x38400
+	B2400                             = 0x960
+	B28800                            = 0x7080
+	B300                              = 0x12c
+	B38400                            = 0x9600
+	B4800                             = 0x12c0
+	B50                               = 0x32
+	B57600                            = 0xe100
+	B600                              = 0x258
+	B7200                             = 0x1c20
+	B75                               = 0x4b
+	B76800                            = 0x12c00
+	B9600                             = 0x2580
+	BIOCFLUSH                         = 0x20004268
+	BIOCGBLEN                         = 0x40044266
+	BIOCGDLT                          = 0x4004426a
+	BIOCGDLTLIST                      = 0xc00c4279
+	BIOCGETIF                         = 0x4020426b
+	BIOCGHDRCMPLT                     = 0x40044274
+	BIOCGRSIG                         = 0x40044272
+	BIOCGRTIMEOUT                     = 0x4010426e
+	BIOCGSEESENT                      = 0x40044276
+	BIOCGSTATS                        = 0x4008426f
+	BIOCIMMEDIATE                     = 0x80044270
+	BIOCPROMISC                       = 0x20004269
+	BIOCSBLEN                         = 0xc0044266
+	BIOCSDLT                          = 0x80044278
+	BIOCSETF                          = 0x80104267
+	BIOCSETFNR                        = 0x8010427e
+	BIOCSETIF                         = 0x8020426c
+	BIOCSHDRCMPLT                     = 0x80044275
+	BIOCSRSIG                         = 0x80044273
+	BIOCSRTIMEOUT                     = 0x8010426d
+	BIOCSSEESENT                      = 0x80044277
+	BIOCVERSION                       = 0x40044271
+	BPF_A                             = 0x10
+	BPF_ABS                           = 0x20
+	BPF_ADD                           = 0x0
+	BPF_ALIGNMENT                     = 0x4
+	BPF_ALU                           = 0x4
+	BPF_AND                           = 0x50
+	BPF_B                             = 0x10
+	BPF_DIV                           = 0x30
+	BPF_H                             = 0x8
+	BPF_IMM                           = 0x0
+	BPF_IND                           = 0x40
+	BPF_JA                            = 0x0
+	BPF_JEQ                           = 0x10
+	BPF_JGE                           = 0x30
+	BPF_JGT                           = 0x20
+	BPF_JMP                           = 0x5
+	BPF_JSET                          = 0x40
+	BPF_K                             = 0x0
+	BPF_LD                            = 0x0
+	BPF_LDX                           = 0x1
+	BPF_LEN                           = 0x80
+	BPF_LSH                           = 0x60
+	BPF_MAJOR_VERSION                 = 0x1
+	BPF_MAXBUFSIZE                    = 0x80000
+	BPF_MAXINSNS                      = 0x200
+	BPF_MEM                           = 0x60
+	BPF_MEMWORDS                      = 0x10
+	BPF_MINBUFSIZE                    = 0x20
+	BPF_MINOR_VERSION                 = 0x1
+	BPF_MISC                          = 0x7
+	BPF_MSH                           = 0xa0
+	BPF_MUL                           = 0x20
+	BPF_NEG                           = 0x80
+	BPF_OR                            = 0x40
+	BPF_RELEASE                       = 0x30bb6
+	BPF_RET                           = 0x6
+	BPF_RSH                           = 0x70
+	BPF_ST                            = 0x2
+	BPF_STX                           = 0x3
+	BPF_SUB                           = 0x10
+	BPF_TAX                           = 0x0
+	BPF_TXA                           = 0x80
+	BPF_W                             = 0x0
+	BPF_X                             = 0x8
+	BRKINT                            = 0x2
+	BS0                               = 0x0
+	BS1                               = 0x8000
+	BSDLY                             = 0x8000
+	CFLUSH                            = 0xf
+	CLOCAL                            = 0x8000
+	CLOCK_MONOTONIC                   = 0x6
+	CLOCK_MONOTONIC_RAW               = 0x4
+	CLOCK_MONOTONIC_RAW_APPROX        = 0x5
+	CLOCK_PROCESS_CPUTIME_ID          = 0xc
+	CLOCK_REALTIME                    = 0x0
+	CLOCK_THREAD_CPUTIME_ID           = 0x10
+	CLOCK_UPTIME_RAW                  = 0x8
+	CLOCK_UPTIME_RAW_APPROX           = 0x9
+	CLONE_NOFOLLOW                    = 0x1
+	CLONE_NOOWNERCOPY                 = 0x2
+	CR0                               = 0x0
+	CR1                               = 0x1000
+	CR2                               = 0x2000
+	CR3                               = 0x3000
+	CRDLY                             = 0x3000
+	CREAD                             = 0x800
+	CRTSCTS                           = 0x30000
+	CS5                               = 0x0
+	CS6                               = 0x100
+	CS7                               = 0x200
+	CS8                               = 0x300
+	CSIZE                             = 0x300
+	CSTART                            = 0x11
+	CSTATUS                           = 0x14
+	CSTOP                             = 0x13
+	CSTOPB                            = 0x400
+	CSUSP                             = 0x1a
+	CTL_HW                            = 0x6
+	CTL_KERN                          = 0x1
+	CTL_MAXNAME                       = 0xc
+	CTL_NET                           = 0x4
+	DLT_A429                          = 0xb8
+	DLT_A653_ICM                      = 0xb9
+	DLT_AIRONET_HEADER                = 0x78
+	DLT_AOS                           = 0xde
+	DLT_APPLE_IP_OVER_IEEE1394        = 0x8a
+	DLT_ARCNET                        = 0x7
+	DLT_ARCNET_LINUX                  = 0x81
+	DLT_ATM_CLIP                      = 0x13
+	DLT_ATM_RFC1483                   = 0xb
+	DLT_AURORA                        = 0x7e
+	DLT_AX25                          = 0x3
+	DLT_AX25_KISS                     = 0xca
+	DLT_BACNET_MS_TP                  = 0xa5
+	DLT_BLUETOOTH_HCI_H4              = 0xbb
+	DLT_BLUETOOTH_HCI_H4_WITH_PHDR    = 0xc9
+	DLT_CAN20B                        = 0xbe
+	DLT_CAN_SOCKETCAN                 = 0xe3
+	DLT_CHAOS                         = 0x5
+	DLT_CHDLC                         = 0x68
+	DLT_CISCO_IOS                     = 0x76
+	DLT_C_HDLC                        = 0x68
+	DLT_C_HDLC_WITH_DIR               = 0xcd
+	DLT_DBUS                          = 0xe7
+	DLT_DECT                          = 0xdd
+	DLT_DOCSIS                        = 0x8f
+	DLT_DVB_CI                        = 0xeb
+	DLT_ECONET                        = 0x73
+	DLT_EN10MB                        = 0x1
+	DLT_EN3MB                         = 0x2
+	DLT_ENC                           = 0x6d
+	DLT_ERF                           = 0xc5
+	DLT_ERF_ETH                       = 0xaf
+	DLT_ERF_POS                       = 0xb0
+	DLT_FC_2                          = 0xe0
+	DLT_FC_2_WITH_FRAME_DELIMS        = 0xe1
+	DLT_FDDI                          = 0xa
+	DLT_FLEXRAY                       = 0xd2
+	DLT_FRELAY                        = 0x6b
+	DLT_FRELAY_WITH_DIR               = 0xce
+	DLT_GCOM_SERIAL                   = 0xad
+	DLT_GCOM_T1E1                     = 0xac
+	DLT_GPF_F                         = 0xab
+	DLT_GPF_T                         = 0xaa
+	DLT_GPRS_LLC                      = 0xa9
+	DLT_GSMTAP_ABIS                   = 0xda
+	DLT_GSMTAP_UM                     = 0xd9
+	DLT_HHDLC                         = 0x79
+	DLT_IBM_SN                        = 0x92
+	DLT_IBM_SP                        = 0x91
+	DLT_IEEE802                       = 0x6
+	DLT_IEEE802_11                    = 0x69
+	DLT_IEEE802_11_RADIO              = 0x7f
+	DLT_IEEE802_11_RADIO_AVS          = 0xa3
+	DLT_IEEE802_15_4                  = 0xc3
+	DLT_IEEE802_15_4_LINUX            = 0xbf
+	DLT_IEEE802_15_4_NOFCS            = 0xe6
+	DLT_IEEE802_15_4_NONASK_PHY       = 0xd7
+	DLT_IEEE802_16_MAC_CPS            = 0xbc
+	DLT_IEEE802_16_MAC_CPS_RADIO      = 0xc1
+	DLT_IPFILTER                      = 0x74
+	DLT_IPMB                          = 0xc7
+	DLT_IPMB_LINUX                    = 0xd1
+	DLT_IPNET                         = 0xe2
+	DLT_IPOIB                         = 0xf2
+	DLT_IPV4                          = 0xe4
+	DLT_IPV6                          = 0xe5
+	DLT_IP_OVER_FC                    = 0x7a
+	DLT_JUNIPER_ATM1                  = 0x89
+	DLT_JUNIPER_ATM2                  = 0x87
+	DLT_JUNIPER_ATM_CEMIC             = 0xee
+	DLT_JUNIPER_CHDLC                 = 0xb5
+	DLT_JUNIPER_ES                    = 0x84
+	DLT_JUNIPER_ETHER                 = 0xb2
+	DLT_JUNIPER_FIBRECHANNEL          = 0xea
+	DLT_JUNIPER_FRELAY                = 0xb4
+	DLT_JUNIPER_GGSN                  = 0x85
+	DLT_JUNIPER_ISM                   = 0xc2
+	DLT_JUNIPER_MFR                   = 0x86
+	DLT_JUNIPER_MLFR                  = 0x83
+	DLT_JUNIPER_MLPPP                 = 0x82
+	DLT_JUNIPER_MONITOR               = 0xa4
+	DLT_JUNIPER_PIC_PEER              = 0xae
+	DLT_JUNIPER_PPP                   = 0xb3
+	DLT_JUNIPER_PPPOE                 = 0xa7
+	DLT_JUNIPER_PPPOE_ATM             = 0xa8
+	DLT_JUNIPER_SERVICES              = 0x88
+	DLT_JUNIPER_SRX_E2E               = 0xe9
+	DLT_JUNIPER_ST                    = 0xc8
+	DLT_JUNIPER_VP                    = 0xb7
+	DLT_JUNIPER_VS                    = 0xe8
+	DLT_LAPB_WITH_DIR                 = 0xcf
+	DLT_LAPD                          = 0xcb
+	DLT_LIN                           = 0xd4
+	DLT_LINUX_EVDEV                   = 0xd8
+	DLT_LINUX_IRDA                    = 0x90
+	DLT_LINUX_LAPD                    = 0xb1
+	DLT_LINUX_PPP_WITHDIRECTION       = 0xa6
+	DLT_LINUX_SLL                     = 0x71
+	DLT_LOOP                          = 0x6c
+	DLT_LTALK                         = 0x72
+	DLT_MATCHING_MAX                  = 0xf5
+	DLT_MATCHING_MIN                  = 0x68
+	DLT_MFR                           = 0xb6
+	DLT_MOST                          = 0xd3
+	DLT_MPEG_2_TS                     = 0xf3
+	DLT_MPLS                          = 0xdb
+	DLT_MTP2                          = 0x8c
+	DLT_MTP2_WITH_PHDR                = 0x8b
+	DLT_MTP3                          = 0x8d
+	DLT_MUX27010                      = 0xec
+	DLT_NETANALYZER                   = 0xf0
+	DLT_NETANALYZER_TRANSPARENT       = 0xf1
+	DLT_NFC_LLCP                      = 0xf5
+	DLT_NFLOG                         = 0xef
+	DLT_NG40                          = 0xf4
+	DLT_NULL                          = 0x0
+	DLT_PCI_EXP                       = 0x7d
+	DLT_PFLOG                         = 0x75
+	DLT_PFSYNC                        = 0x12
+	DLT_PPI                           = 0xc0
+	DLT_PPP                           = 0x9
+	DLT_PPP_BSDOS                     = 0x10
+	DLT_PPP_ETHER                     = 0x33
+	DLT_PPP_PPPD                      = 0xa6
+	DLT_PPP_SERIAL                    = 0x32
+	DLT_PPP_WITH_DIR                  = 0xcc
+	DLT_PPP_WITH_DIRECTION            = 0xa6
+	DLT_PRISM_HEADER                  = 0x77
+	DLT_PRONET                        = 0x4
+	DLT_RAIF1                         = 0xc6
+	DLT_RAW                           = 0xc
+	DLT_RIO                           = 0x7c
+	DLT_SCCP                          = 0x8e
+	DLT_SITA                          = 0xc4
+	DLT_SLIP                          = 0x8
+	DLT_SLIP_BSDOS                    = 0xf
+	DLT_STANAG_5066_D_PDU             = 0xed
+	DLT_SUNATM                        = 0x7b
+	DLT_SYMANTEC_FIREWALL             = 0x63
+	DLT_TZSP                          = 0x80
+	DLT_USB                           = 0xba
+	DLT_USB_LINUX                     = 0xbd
+	DLT_USB_LINUX_MMAPPED             = 0xdc
+	DLT_USER0                         = 0x93
+	DLT_USER1                         = 0x94
+	DLT_USER10                        = 0x9d
+	DLT_USER11                        = 0x9e
+	DLT_USER12                        = 0x9f
+	DLT_USER13                        = 0xa0
+	DLT_USER14                        = 0xa1
+	DLT_USER15                        = 0xa2
+	DLT_USER2                         = 0x95
+	DLT_USER3                         = 0x96
+	DLT_USER4                         = 0x97
+	DLT_USER5                         = 0x98
+	DLT_USER6                         = 0x99
+	DLT_USER7                         = 0x9a
+	DLT_USER8                         = 0x9b
+	DLT_USER9                         = 0x9c
+	DLT_WIHART                        = 0xdf
+	DLT_X2E_SERIAL                    = 0xd5
+	DLT_X2E_XORAYA                    = 0xd6
+	DT_BLK                            = 0x6
+	DT_CHR                            = 0x2
+	DT_DIR                            = 0x4
+	DT_FIFO                           = 0x1
+	DT_LNK                            = 0xa
+	DT_REG                            = 0x8
+	DT_SOCK                           = 0xc
+	DT_UNKNOWN                        = 0x0
+	DT_WHT                            = 0xe
+	ECHO                              = 0x8
+	ECHOCTL                           = 0x40
+	ECHOE                             = 0x2
+	ECHOK                             = 0x4
+	ECHOKE                            = 0x1
+	ECHONL                            = 0x10
+	ECHOPRT                           = 0x20
+	EVFILT_AIO                        = -0x3
+	EVFILT_EXCEPT                     = -0xf
+	EVFILT_FS                         = -0x9
+	EVFILT_MACHPORT                   = -0x8
+	EVFILT_PROC                       = -0x5
+	EVFILT_READ                       = -0x1
+	EVFILT_SIGNAL                     = -0x6
+	EVFILT_SYSCOUNT                   = 0xf
+	EVFILT_THREADMARKER               = 0xf
+	EVFILT_TIMER                      = -0x7
+	EVFILT_USER                       = -0xa
+	EVFILT_VM                         = -0xc
+	EVFILT_VNODE                      = -0x4
+	EVFILT_WRITE                      = -0x2
+	EV_ADD                            = 0x1
+	EV_CLEAR                          = 0x20
+	EV_DELETE                         = 0x2
+	EV_DISABLE                        = 0x8
+	EV_DISPATCH                       = 0x80
+	EV_DISPATCH2                      = 0x180
+	EV_ENABLE                         = 0x4
+	EV_EOF                            = 0x8000
+	EV_ERROR                          = 0x4000
+	EV_FLAG0                          = 0x1000
+	EV_FLAG1                          = 0x2000
+	EV_ONESHOT                        = 0x10
+	EV_OOBAND                         = 0x2000
+	EV_POLL                           = 0x1000
+	EV_RECEIPT                        = 0x40
+	EV_SYSFLAGS                       = 0xf000
+	EV_UDATA_SPECIFIC                 = 0x100
+	EV_VANISHED                       = 0x200
+	EXTA                              = 0x4b00
+	EXTB                              = 0x9600
+	EXTPROC                           = 0x800
+	FD_CLOEXEC                        = 0x1
+	FD_SETSIZE                        = 0x400
+	FF0                               = 0x0
+	FF1                               = 0x4000
+	FFDLY                             = 0x4000
+	FLUSHO                            = 0x800000
+	FSOPT_ATTR_CMN_EXTENDED           = 0x20
+	FSOPT_NOFOLLOW                    = 0x1
+	FSOPT_NOINMEMUPDATE               = 0x2
+	FSOPT_PACK_INVAL_ATTRS            = 0x8
+	FSOPT_REPORT_FULLSIZE             = 0x4
+	F_ADDFILESIGS                     = 0x3d
+	F_ADDFILESIGS_FOR_DYLD_SIM        = 0x53
+	F_ADDFILESIGS_RETURN              = 0x61
+	F_ADDSIGS                         = 0x3b
+	F_ALLOCATEALL                     = 0x4
+	F_ALLOCATECONTIG                  = 0x2
+	F_BARRIERFSYNC                    = 0x55
+	F_CHECK_LV                        = 0x62
+	F_CHKCLEAN                        = 0x29
+	F_DUPFD                           = 0x0
+	F_DUPFD_CLOEXEC                   = 0x43
+	F_FINDSIGS                        = 0x4e
+	F_FLUSH_DATA                      = 0x28
+	F_FREEZE_FS                       = 0x35
+	F_FULLFSYNC                       = 0x33
+	F_GETCODEDIR                      = 0x48
+	F_GETFD                           = 0x1
+	F_GETFL                           = 0x3
+	F_GETLK                           = 0x7
+	F_GETLKPID                        = 0x42
+	F_GETNOSIGPIPE                    = 0x4a
+	F_GETOWN                          = 0x5
+	F_GETPATH                         = 0x32
+	F_GETPATH_MTMINFO                 = 0x47
+	F_GETPROTECTIONCLASS              = 0x3f
+	F_GETPROTECTIONLEVEL              = 0x4d
+	F_GLOBAL_NOCACHE                  = 0x37
+	F_LOG2PHYS                        = 0x31
+	F_LOG2PHYS_EXT                    = 0x41
+	F_NOCACHE                         = 0x30
+	F_NODIRECT                        = 0x3e
+	F_OK                              = 0x0
+	F_PATHPKG_CHECK                   = 0x34
+	F_PEOFPOSMODE                     = 0x3
+	F_PREALLOCATE                     = 0x2a
+	F_PUNCHHOLE                       = 0x63
+	F_RDADVISE                        = 0x2c
+	F_RDAHEAD                         = 0x2d
+	F_RDLCK                           = 0x1
+	F_SETBACKINGSTORE                 = 0x46
+	F_SETFD                           = 0x2
+	F_SETFL                           = 0x4
+	F_SETLK                           = 0x8
+	F_SETLKW                          = 0x9
+	F_SETLKWTIMEOUT                   = 0xa
+	F_SETNOSIGPIPE                    = 0x49
+	F_SETOWN                          = 0x6
+	F_SETPROTECTIONCLASS              = 0x40
+	F_SETSIZE                         = 0x2b
+	F_SINGLE_WRITER                   = 0x4c
+	F_THAW_FS                         = 0x36
+	F_TRANSCODEKEY                    = 0x4b
+	F_TRIM_ACTIVE_FILE                = 0x64
+	F_UNLCK                           = 0x2
+	F_VOLPOSMODE                      = 0x4
+	F_WRLCK                           = 0x3
+	HUPCL                             = 0x4000
+	HW_MACHINE                        = 0x1
+	ICANON                            = 0x100
+	ICMP6_FILTER                      = 0x12
+	ICRNL                             = 0x100
+	IEXTEN                            = 0x400
+	IFF_ALLMULTI                      = 0x200
+	IFF_ALTPHYS                       = 0x4000
+	IFF_BROADCAST                     = 0x2
+	IFF_DEBUG                         = 0x4
+	IFF_LINK0                         = 0x1000
+	IFF_LINK1                         = 0x2000
+	IFF_LINK2                         = 0x4000
+	IFF_LOOPBACK                      = 0x8
+	IFF_MULTICAST                     = 0x8000
+	IFF_NOARP                         = 0x80
+	IFF_NOTRAILERS                    = 0x20
+	IFF_OACTIVE                       = 0x400
+	IFF_POINTOPOINT                   = 0x10
+	IFF_PROMISC                       = 0x100
+	IFF_RUNNING                       = 0x40
+	IFF_SIMPLEX                       = 0x800
+	IFF_UP                            = 0x1
+	IFNAMSIZ                          = 0x10
+	IFT_1822                          = 0x2
+	IFT_AAL5                          = 0x31
+	IFT_ARCNET                        = 0x23
+	IFT_ARCNETPLUS                    = 0x24
+	IFT_ATM                           = 0x25
+	IFT_BRIDGE                        = 0xd1
+	IFT_CARP                          = 0xf8
+	IFT_CELLULAR                      = 0xff
+	IFT_CEPT                          = 0x13
+	IFT_DS3                           = 0x1e
+	IFT_ENC                           = 0xf4
+	IFT_EON                           = 0x19
+	IFT_ETHER                         = 0x6
+	IFT_FAITH                         = 0x38
+	IFT_FDDI                          = 0xf
+	IFT_FRELAY                        = 0x20
+	IFT_FRELAYDCE                     = 0x2c
+	IFT_GIF                           = 0x37
+	IFT_HDH1822                       = 0x3
+	IFT_HIPPI                         = 0x2f
+	IFT_HSSI                          = 0x2e
+	IFT_HY                            = 0xe
+	IFT_IEEE1394                      = 0x90
+	IFT_IEEE8023ADLAG                 = 0x88
+	IFT_ISDNBASIC                     = 0x14
+	IFT_ISDNPRIMARY                   = 0x15
+	IFT_ISO88022LLC                   = 0x29
+	IFT_ISO88023                      = 0x7
+	IFT_ISO88024                      = 0x8
+	IFT_ISO88025                      = 0x9
+	IFT_ISO88026                      = 0xa
+	IFT_L2VLAN                        = 0x87
+	IFT_LAPB                          = 0x10
+	IFT_LOCALTALK                     = 0x2a
+	IFT_LOOP                          = 0x18
+	IFT_MIOX25                        = 0x26
+	IFT_MODEM                         = 0x30
+	IFT_NSIP                          = 0x1b
+	IFT_OTHER                         = 0x1
+	IFT_P10                           = 0xc
+	IFT_P80                           = 0xd
+	IFT_PARA                          = 0x22
+	IFT_PDP                           = 0xff
+	IFT_PFLOG                         = 0xf5
+	IFT_PFSYNC                        = 0xf6
+	IFT_PKTAP                         = 0xfe
+	IFT_PPP                           = 0x17
+	IFT_PROPMUX                       = 0x36
+	IFT_PROPVIRTUAL                   = 0x35
+	IFT_PTPSERIAL                     = 0x16
+	IFT_RS232                         = 0x21
+	IFT_SDLC                          = 0x11
+	IFT_SIP                           = 0x1f
+	IFT_SLIP                          = 0x1c
+	IFT_SMDSDXI                       = 0x2b
+	IFT_SMDSICIP                      = 0x34
+	IFT_SONET                         = 0x27
+	IFT_SONETPATH                     = 0x32
+	IFT_SONETVT                       = 0x33
+	IFT_STARLAN                       = 0xb
+	IFT_STF                           = 0x39
+	IFT_T1                            = 0x12
+	IFT_ULTRA                         = 0x1d
+	IFT_V35                           = 0x2d
+	IFT_X25                           = 0x5
+	IFT_X25DDN                        = 0x4
+	IFT_X25PLE                        = 0x28
+	IFT_XETHER                        = 0x1a
+	IGNBRK                            = 0x1
+	IGNCR                             = 0x80
+	IGNPAR                            = 0x4
+	IMAXBEL                           = 0x2000
+	INLCR                             = 0x40
+	INPCK                             = 0x10
+	IN_CLASSA_HOST                    = 0xffffff
+	IN_CLASSA_MAX                     = 0x80
+	IN_CLASSA_NET                     = 0xff000000
+	IN_CLASSA_NSHIFT                  = 0x18
+	IN_CLASSB_HOST                    = 0xffff
+	IN_CLASSB_MAX                     = 0x10000
+	IN_CLASSB_NET                     = 0xffff0000
+	IN_CLASSB_NSHIFT                  = 0x10
+	IN_CLASSC_HOST                    = 0xff
+	IN_CLASSC_NET                     = 0xffffff00
+	IN_CLASSC_NSHIFT                  = 0x8
+	IN_CLASSD_HOST                    = 0xfffffff
+	IN_CLASSD_NET                     = 0xf0000000
+	IN_CLASSD_NSHIFT                  = 0x1c
+	IN_LINKLOCALNETNUM                = 0xa9fe0000
+	IN_LOOPBACKNET                    = 0x7f
+	IPPROTO_3PC                       = 0x22
+	IPPROTO_ADFS                      = 0x44
+	IPPROTO_AH                        = 0x33
+	IPPROTO_AHIP                      = 0x3d
+	IPPROTO_APES                      = 0x63
+	IPPROTO_ARGUS                     = 0xd
+	IPPROTO_AX25                      = 0x5d
+	IPPROTO_BHA                       = 0x31
+	IPPROTO_BLT                       = 0x1e
+	IPPROTO_BRSATMON                  = 0x4c
+	IPPROTO_CFTP                      = 0x3e
+	IPPROTO_CHAOS                     = 0x10
+	IPPROTO_CMTP                      = 0x26
+	IPPROTO_CPHB                      = 0x49
+	IPPROTO_CPNX                      = 0x48
+	IPPROTO_DDP                       = 0x25
+	IPPROTO_DGP                       = 0x56
+	IPPROTO_DIVERT                    = 0xfe
+	IPPROTO_DONE                      = 0x101
+	IPPROTO_DSTOPTS                   = 0x3c
+	IPPROTO_EGP                       = 0x8
+	IPPROTO_EMCON                     = 0xe
+	IPPROTO_ENCAP                     = 0x62
+	IPPROTO_EON                       = 0x50
+	IPPROTO_ESP                       = 0x32
+	IPPROTO_ETHERIP                   = 0x61
+	IPPROTO_FRAGMENT                  = 0x2c
+	IPPROTO_GGP                       = 0x3
+	IPPROTO_GMTP                      = 0x64
+	IPPROTO_GRE                       = 0x2f
+	IPPROTO_HELLO                     = 0x3f
+	IPPROTO_HMP                       = 0x14
+	IPPROTO_HOPOPTS                   = 0x0
+	IPPROTO_ICMP                      = 0x1
+	IPPROTO_ICMPV6                    = 0x3a
+	IPPROTO_IDP                       = 0x16
+	IPPROTO_IDPR                      = 0x23
+	IPPROTO_IDRP                      = 0x2d
+	IPPROTO_IGMP                      = 0x2
+	IPPROTO_IGP                       = 0x55
+	IPPROTO_IGRP                      = 0x58
+	IPPROTO_IL                        = 0x28
+	IPPROTO_INLSP                     = 0x34
+	IPPROTO_INP                       = 0x20
+	IPPROTO_IP                        = 0x0
+	IPPROTO_IPCOMP                    = 0x6c
+	IPPROTO_IPCV                      = 0x47
+	IPPROTO_IPEIP                     = 0x5e
+	IPPROTO_IPIP                      = 0x4
+	IPPROTO_IPPC                      = 0x43
+	IPPROTO_IPV4                      = 0x4
+	IPPROTO_IPV6                      = 0x29
+	IPPROTO_IRTP                      = 0x1c
+	IPPROTO_KRYPTOLAN                 = 0x41
+	IPPROTO_LARP                      = 0x5b
+	IPPROTO_LEAF1                     = 0x19
+	IPPROTO_LEAF2                     = 0x1a
+	IPPROTO_MAX                       = 0x100
+	IPPROTO_MAXID                     = 0x34
+	IPPROTO_MEAS                      = 0x13
+	IPPROTO_MHRP                      = 0x30
+	IPPROTO_MICP                      = 0x5f
+	IPPROTO_MTP                       = 0x5c
+	IPPROTO_MUX                       = 0x12
+	IPPROTO_ND                        = 0x4d
+	IPPROTO_NHRP                      = 0x36
+	IPPROTO_NONE                      = 0x3b
+	IPPROTO_NSP                       = 0x1f
+	IPPROTO_NVPII                     = 0xb
+	IPPROTO_OSPFIGP                   = 0x59
+	IPPROTO_PGM                       = 0x71
+	IPPROTO_PIGP                      = 0x9
+	IPPROTO_PIM                       = 0x67
+	IPPROTO_PRM                       = 0x15
+	IPPROTO_PUP                       = 0xc
+	IPPROTO_PVP                       = 0x4b
+	IPPROTO_RAW                       = 0xff
+	IPPROTO_RCCMON                    = 0xa
+	IPPROTO_RDP                       = 0x1b
+	IPPROTO_ROUTING                   = 0x2b
+	IPPROTO_RSVP                      = 0x2e
+	IPPROTO_RVD                       = 0x42
+	IPPROTO_SATEXPAK                  = 0x40
+	IPPROTO_SATMON                    = 0x45
+	IPPROTO_SCCSP                     = 0x60
+	IPPROTO_SCTP                      = 0x84
+	IPPROTO_SDRP                      = 0x2a
+	IPPROTO_SEP                       = 0x21
+	IPPROTO_SRPC                      = 0x5a
+	IPPROTO_ST                        = 0x7
+	IPPROTO_SVMTP                     = 0x52
+	IPPROTO_SWIPE                     = 0x35
+	IPPROTO_TCF                       = 0x57
+	IPPROTO_TCP                       = 0x6
+	IPPROTO_TP                        = 0x1d
+	IPPROTO_TPXX                      = 0x27
+	IPPROTO_TRUNK1                    = 0x17
+	IPPROTO_TRUNK2                    = 0x18
+	IPPROTO_TTP                       = 0x54
+	IPPROTO_UDP                       = 0x11
+	IPPROTO_VINES                     = 0x53
+	IPPROTO_VISA                      = 0x46
+	IPPROTO_VMTP                      = 0x51
+	IPPROTO_WBEXPAK                   = 0x4f
+	IPPROTO_WBMON                     = 0x4e
+	IPPROTO_WSN                       = 0x4a
+	IPPROTO_XNET                      = 0xf
+	IPPROTO_XTP                       = 0x24
+	IPV6_2292DSTOPTS                  = 0x17
+	IPV6_2292HOPLIMIT                 = 0x14
+	IPV6_2292HOPOPTS                  = 0x16
+	IPV6_2292NEXTHOP                  = 0x15
+	IPV6_2292PKTINFO                  = 0x13
+	IPV6_2292PKTOPTIONS               = 0x19
+	IPV6_2292RTHDR                    = 0x18
+	IPV6_BINDV6ONLY                   = 0x1b
+	IPV6_BOUND_IF                     = 0x7d
+	IPV6_CHECKSUM                     = 0x1a
+	IPV6_DEFAULT_MULTICAST_HOPS       = 0x1
+	IPV6_DEFAULT_MULTICAST_LOOP       = 0x1
+	IPV6_DEFHLIM                      = 0x40
+	IPV6_FAITH                        = 0x1d
+	IPV6_FLOWINFO_MASK                = 0xffffff0f
+	IPV6_FLOWLABEL_MASK               = 0xffff0f00
+	IPV6_FLOW_ECN_MASK                = 0x300
+	IPV6_FRAGTTL                      = 0x3c
+	IPV6_FW_ADD                       = 0x1e
+	IPV6_FW_DEL                       = 0x1f
+	IPV6_FW_FLUSH                     = 0x20
+	IPV6_FW_GET                       = 0x22
+	IPV6_FW_ZERO                      = 0x21
+	IPV6_HLIMDEC                      = 0x1
+	IPV6_IPSEC_POLICY                 = 0x1c
+	IPV6_JOIN_GROUP                   = 0xc
+	IPV6_LEAVE_GROUP                  = 0xd
+	IPV6_MAXHLIM                      = 0xff
+	IPV6_MAXOPTHDR                    = 0x800
+	IPV6_MAXPACKET                    = 0xffff
+	IPV6_MAX_GROUP_SRC_FILTER         = 0x200
+	IPV6_MAX_MEMBERSHIPS              = 0xfff
+	IPV6_MAX_SOCK_SRC_FILTER          = 0x80
+	IPV6_MIN_MEMBERSHIPS              = 0x1f
+	IPV6_MMTU                         = 0x500
+	IPV6_MULTICAST_HOPS               = 0xa
+	IPV6_MULTICAST_IF                 = 0x9
+	IPV6_MULTICAST_LOOP               = 0xb
+	IPV6_PORTRANGE                    = 0xe
+	IPV6_PORTRANGE_DEFAULT            = 0x0
+	IPV6_PORTRANGE_HIGH               = 0x1
+	IPV6_PORTRANGE_LOW                = 0x2
+	IPV6_RECVTCLASS                   = 0x23
+	IPV6_RTHDR_LOOSE                  = 0x0
+	IPV6_RTHDR_STRICT                 = 0x1
+	IPV6_RTHDR_TYPE_0                 = 0x0
+	IPV6_SOCKOPT_RESERVED1            = 0x3
+	IPV6_TCLASS                       = 0x24
+	IPV6_UNICAST_HOPS                 = 0x4
+	IPV6_V6ONLY                       = 0x1b
+	IPV6_VERSION                      = 0x60
+	IPV6_VERSION_MASK                 = 0xf0
+	IP_ADD_MEMBERSHIP                 = 0xc
+	IP_ADD_SOURCE_MEMBERSHIP          = 0x46
+	IP_BLOCK_SOURCE                   = 0x48
+	IP_BOUND_IF                       = 0x19
+	IP_DEFAULT_MULTICAST_LOOP         = 0x1
+	IP_DEFAULT_MULTICAST_TTL          = 0x1
+	IP_DF                             = 0x4000
+	IP_DROP_MEMBERSHIP                = 0xd
+	IP_DROP_SOURCE_MEMBERSHIP         = 0x47
+	IP_DUMMYNET_CONFIGURE             = 0x3c
+	IP_DUMMYNET_DEL                   = 0x3d
+	IP_DUMMYNET_FLUSH                 = 0x3e
+	IP_DUMMYNET_GET                   = 0x40
+	IP_FAITH                          = 0x16
+	IP_FW_ADD                         = 0x28
+	IP_FW_DEL                         = 0x29
+	IP_FW_FLUSH                       = 0x2a
+	IP_FW_GET                         = 0x2c
+	IP_FW_RESETLOG                    = 0x2d
+	IP_FW_ZERO                        = 0x2b
+	IP_HDRINCL                        = 0x2
+	IP_IPSEC_POLICY                   = 0x15
+	IP_MAXPACKET                      = 0xffff
+	IP_MAX_GROUP_SRC_FILTER           = 0x200
+	IP_MAX_MEMBERSHIPS                = 0xfff
+	IP_MAX_SOCK_MUTE_FILTER           = 0x80
+	IP_MAX_SOCK_SRC_FILTER            = 0x80
+	IP_MF                             = 0x2000
+	IP_MIN_MEMBERSHIPS                = 0x1f
+	IP_MSFILTER                       = 0x4a
+	IP_MSS                            = 0x240
+	IP_MULTICAST_IF                   = 0x9
+	IP_MULTICAST_IFINDEX              = 0x42
+	IP_MULTICAST_LOOP                 = 0xb
+	IP_MULTICAST_TTL                  = 0xa
+	IP_MULTICAST_VIF                  = 0xe
+	IP_NAT__XXX                       = 0x37
+	IP_OFFMASK                        = 0x1fff
+	IP_OLD_FW_ADD                     = 0x32
+	IP_OLD_FW_DEL                     = 0x33
+	IP_OLD_FW_FLUSH                   = 0x34
+	IP_OLD_FW_GET                     = 0x36
+	IP_OLD_FW_RESETLOG                = 0x38
+	IP_OLD_FW_ZERO                    = 0x35
+	IP_OPTIONS                        = 0x1
+	IP_PKTINFO                        = 0x1a
+	IP_PORTRANGE                      = 0x13
+	IP_PORTRANGE_DEFAULT              = 0x0
+	IP_PORTRANGE_HIGH                 = 0x1
+	IP_PORTRANGE_LOW                  = 0x2
+	IP_RECVDSTADDR                    = 0x7
+	IP_RECVIF                         = 0x14
+	IP_RECVOPTS                       = 0x5
+	IP_RECVPKTINFO                    = 0x1a
+	IP_RECVRETOPTS                    = 0x6
+	IP_RECVTOS                        = 0x1b
+	IP_RECVTTL                        = 0x18
+	IP_RETOPTS                        = 0x8
+	IP_RF                             = 0x8000
+	IP_RSVP_OFF                       = 0x10
+	IP_RSVP_ON                        = 0xf
+	IP_RSVP_VIF_OFF                   = 0x12
+	IP_RSVP_VIF_ON                    = 0x11
+	IP_STRIPHDR                       = 0x17
+	IP_TOS                            = 0x3
+	IP_TRAFFIC_MGT_BACKGROUND         = 0x41
+	IP_TTL                            = 0x4
+	IP_UNBLOCK_SOURCE                 = 0x49
+	ISIG                              = 0x80
+	ISTRIP                            = 0x20
+	IUTF8                             = 0x4000
+	IXANY                             = 0x800
+	IXOFF                             = 0x400
+	IXON                              = 0x200
+	KERN_HOSTNAME                     = 0xa
+	KERN_OSRELEASE                    = 0x2
+	KERN_OSTYPE                       = 0x1
+	KERN_VERSION                      = 0x4
+	LOCK_EX                           = 0x2
+	LOCK_NB                           = 0x4
+	LOCK_SH                           = 0x1
+	LOCK_UN                           = 0x8
+	MADV_CAN_REUSE                    = 0x9
+	MADV_DONTNEED                     = 0x4
+	MADV_FREE                         = 0x5
+	MADV_FREE_REUSABLE                = 0x7
+	MADV_FREE_REUSE                   = 0x8
+	MADV_NORMAL                       = 0x0
+	MADV_PAGEOUT                      = 0xa
+	MADV_RANDOM                       = 0x1
+	MADV_SEQUENTIAL                   = 0x2
+	MADV_WILLNEED                     = 0x3
+	MADV_ZERO_WIRED_PAGES             = 0x6
+	MAP_ANON                          = 0x1000
+	MAP_ANONYMOUS                     = 0x1000
+	MAP_COPY                          = 0x2
+	MAP_FILE                          = 0x0
+	MAP_FIXED                         = 0x10
+	MAP_HASSEMAPHORE                  = 0x200
+	MAP_JIT                           = 0x800
+	MAP_NOCACHE                       = 0x400
+	MAP_NOEXTEND                      = 0x100
+	MAP_NORESERVE                     = 0x40
+	MAP_PRIVATE                       = 0x2
+	MAP_RENAME                        = 0x20
+	MAP_RESERVED0080                  = 0x80
+	MAP_RESILIENT_CODESIGN            = 0x2000
+	MAP_RESILIENT_MEDIA               = 0x4000
+	MAP_SHARED                        = 0x1
+	MCL_CURRENT                       = 0x1
+	MCL_FUTURE                        = 0x2
+	MNT_ASYNC                         = 0x40
+	MNT_AUTOMOUNTED                   = 0x400000
+	MNT_CMDFLAGS                      = 0xf0000
+	MNT_CPROTECT                      = 0x80
+	MNT_DEFWRITE                      = 0x2000000
+	MNT_DONTBROWSE                    = 0x100000
+	MNT_DOVOLFS                       = 0x8000
+	MNT_DWAIT                         = 0x4
+	MNT_EXPORTED                      = 0x100
+	MNT_FORCE                         = 0x80000
+	MNT_IGNORE_OWNERSHIP              = 0x200000
+	MNT_JOURNALED                     = 0x800000
+	MNT_LOCAL                         = 0x1000
+	MNT_MULTILABEL                    = 0x4000000
+	MNT_NOATIME                       = 0x10000000
+	MNT_NOBLOCK                       = 0x20000
+	MNT_NODEV                         = 0x10
+	MNT_NOEXEC                        = 0x4
+	MNT_NOSUID                        = 0x8
+	MNT_NOUSERXATTR                   = 0x1000000
+	MNT_NOWAIT                        = 0x2
+	MNT_QUARANTINE                    = 0x400
+	MNT_QUOTA                         = 0x2000
+	MNT_RDONLY                        = 0x1
+	MNT_RELOAD                        = 0x40000
+	MNT_ROOTFS                        = 0x4000
+	MNT_SYNCHRONOUS                   = 0x2
+	MNT_UNION                         = 0x20
+	MNT_UNKNOWNPERMISSIONS            = 0x200000
+	MNT_UPDATE                        = 0x10000
+	MNT_VISFLAGMASK                   = 0x17f0f5ff
+	MNT_WAIT                          = 0x1
+	MSG_CTRUNC                        = 0x20
+	MSG_DONTROUTE                     = 0x4
+	MSG_DONTWAIT                      = 0x80
+	MSG_EOF                           = 0x100
+	MSG_EOR                           = 0x8
+	MSG_FLUSH                         = 0x400
+	MSG_HAVEMORE                      = 0x2000
+	MSG_HOLD                          = 0x800
+	MSG_NEEDSA                        = 0x10000
+	MSG_OOB                           = 0x1
+	MSG_PEEK                          = 0x2
+	MSG_RCVMORE                       = 0x4000
+	MSG_SEND                          = 0x1000
+	MSG_TRUNC                         = 0x10
+	MSG_WAITALL                       = 0x40
+	MSG_WAITSTREAM                    = 0x200
+	MS_ASYNC                          = 0x1
+	MS_DEACTIVATE                     = 0x8
+	MS_INVALIDATE                     = 0x2
+	MS_KILLPAGES                      = 0x4
+	MS_SYNC                           = 0x10
+	NAME_MAX                          = 0xff
+	NET_RT_DUMP                       = 0x1
+	NET_RT_DUMP2                      = 0x7
+	NET_RT_FLAGS                      = 0x2
+	NET_RT_IFLIST                     = 0x3
+	NET_RT_IFLIST2                    = 0x6
+	NET_RT_MAXID                      = 0xa
+	NET_RT_STAT                       = 0x4
+	NET_RT_TRASH                      = 0x5
+	NFDBITS                           = 0x20
+	NL0                               = 0x0
+	NL1                               = 0x100
+	NL2                               = 0x200
+	NL3                               = 0x300
+	NLDLY                             = 0x300
+	NOFLSH                            = 0x80000000
+	NOKERNINFO                        = 0x2000000
+	NOTE_ABSOLUTE                     = 0x8
+	NOTE_ATTRIB                       = 0x8
+	NOTE_BACKGROUND                   = 0x40
+	NOTE_CHILD                        = 0x4
+	NOTE_CRITICAL                     = 0x20
+	NOTE_DELETE                       = 0x1
+	NOTE_EXEC                         = 0x20000000
+	NOTE_EXIT                         = 0x80000000
+	NOTE_EXITSTATUS                   = 0x4000000
+	NOTE_EXIT_CSERROR                 = 0x40000
+	NOTE_EXIT_DECRYPTFAIL             = 0x10000
+	NOTE_EXIT_DETAIL                  = 0x2000000
+	NOTE_EXIT_DETAIL_MASK             = 0x70000
+	NOTE_EXIT_MEMORY                  = 0x20000
+	NOTE_EXIT_REPARENTED              = 0x80000
+	NOTE_EXTEND                       = 0x4
+	NOTE_FFAND                        = 0x40000000
+	NOTE_FFCOPY                       = 0xc0000000
+	NOTE_FFCTRLMASK                   = 0xc0000000
+	NOTE_FFLAGSMASK                   = 0xffffff
+	NOTE_FFNOP                        = 0x0
+	NOTE_FFOR                         = 0x80000000
+	NOTE_FORK                         = 0x40000000
+	NOTE_FUNLOCK                      = 0x100
+	NOTE_LEEWAY                       = 0x10
+	NOTE_LINK                         = 0x10
+	NOTE_LOWAT                        = 0x1
+	NOTE_MACH_CONTINUOUS_TIME         = 0x80
+	NOTE_NONE                         = 0x80
+	NOTE_NSECONDS                     = 0x4
+	NOTE_OOB                          = 0x2
+	NOTE_PCTRLMASK                    = -0x100000
+	NOTE_PDATAMASK                    = 0xfffff
+	NOTE_REAP                         = 0x10000000
+	NOTE_RENAME                       = 0x20
+	NOTE_REVOKE                       = 0x40
+	NOTE_SECONDS                      = 0x1
+	NOTE_SIGNAL                       = 0x8000000
+	NOTE_TRACK                        = 0x1
+	NOTE_TRACKERR                     = 0x2
+	NOTE_TRIGGER                      = 0x1000000
+	NOTE_USECONDS                     = 0x2
+	NOTE_VM_ERROR                     = 0x10000000
+	NOTE_VM_PRESSURE                  = 0x80000000
+	NOTE_VM_PRESSURE_SUDDEN_TERMINATE = 0x20000000
+	NOTE_VM_PRESSURE_TERMINATE        = 0x40000000
+	NOTE_WRITE                        = 0x2
+	OCRNL                             = 0x10
+	OFDEL                             = 0x20000
+	OFILL                             = 0x80
+	ONLCR                             = 0x2
+	ONLRET                            = 0x40
+	ONOCR                             = 0x20
+	ONOEOT                            = 0x8
+	OPOST                             = 0x1
+	OXTABS                            = 0x4
+	O_ACCMODE                         = 0x3
+	O_ALERT                           = 0x20000000
+	O_APPEND                          = 0x8
+	O_ASYNC                           = 0x40
+	O_CLOEXEC                         = 0x1000000
+	O_CREAT                           = 0x200
+	O_DIRECTORY                       = 0x100000
+	O_DP_GETRAWENCRYPTED              = 0x1
+	O_DP_GETRAWUNENCRYPTED            = 0x2
+	O_DSYNC                           = 0x400000
+	O_EVTONLY                         = 0x8000
+	O_EXCL                            = 0x800
+	O_EXLOCK                          = 0x20
+	O_FSYNC                           = 0x80
+	O_NDELAY                          = 0x4
+	O_NOCTTY                          = 0x20000
+	O_NOFOLLOW                        = 0x100
+	O_NONBLOCK                        = 0x4
+	O_POPUP                           = 0x80000000
+	O_RDONLY                          = 0x0
+	O_RDWR                            = 0x2
+	O_SHLOCK                          = 0x10
+	O_SYMLINK                         = 0x200000
+	O_SYNC                            = 0x80
+	O_TRUNC                           = 0x400
+	O_WRONLY                          = 0x1
+	PARENB                            = 0x1000
+	PARMRK                            = 0x8
+	PARODD                            = 0x2000
+	PENDIN                            = 0x20000000
+	PRIO_PGRP                         = 0x1
+	PRIO_PROCESS                      = 0x0
+	PRIO_USER                         = 0x2
+	PROT_EXEC                         = 0x4
+	PROT_NONE                         = 0x0
+	PROT_READ                         = 0x1
+	PROT_WRITE                        = 0x2
+	PT_ATTACH                         = 0xa
+	PT_ATTACHEXC                      = 0xe
+	PT_CONTINUE                       = 0x7
+	PT_DENY_ATTACH                    = 0x1f
+	PT_DETACH                         = 0xb
+	PT_FIRSTMACH                      = 0x20
+	PT_FORCEQUOTA                     = 0x1e
+	PT_KILL                           = 0x8
+	PT_READ_D                         = 0x2
+	PT_READ_I                         = 0x1
+	PT_READ_U                         = 0x3
+	PT_SIGEXC                         = 0xc
+	PT_STEP                           = 0x9
+	PT_THUPDATE                       = 0xd
+	PT_TRACE_ME                       = 0x0
+	PT_WRITE_D                        = 0x5
+	PT_WRITE_I                        = 0x4
+	PT_WRITE_U                        = 0x6
+	RLIMIT_AS                         = 0x5
+	RLIMIT_CORE                       = 0x4
+	RLIMIT_CPU                        = 0x0
+	RLIMIT_CPU_USAGE_MONITOR          = 0x2
+	RLIMIT_DATA                       = 0x2
+	RLIMIT_FSIZE                      = 0x1
+	RLIMIT_MEMLOCK                    = 0x6
+	RLIMIT_NOFILE                     = 0x8
+	RLIMIT_NPROC                      = 0x7
+	RLIMIT_RSS                        = 0x5
+	RLIMIT_STACK                      = 0x3
+	RLIM_INFINITY                     = 0x7fffffffffffffff
+	RTAX_AUTHOR                       = 0x6
+	RTAX_BRD                          = 0x7
+	RTAX_DST                          = 0x0
+	RTAX_GATEWAY                      = 0x1
+	RTAX_GENMASK                      = 0x3
+	RTAX_IFA                          = 0x5
+	RTAX_IFP                          = 0x4
+	RTAX_MAX                          = 0x8
+	RTAX_NETMASK                      = 0x2
+	RTA_AUTHOR                        = 0x40
+	RTA_BRD                           = 0x80
+	RTA_DST                           = 0x1
+	RTA_GATEWAY                       = 0x2
+	RTA_GENMASK                       = 0x8
+	RTA_IFA                           = 0x20
+	RTA_IFP                           = 0x10
+	RTA_NETMASK                       = 0x4
+	RTF_BLACKHOLE                     = 0x1000
+	RTF_BROADCAST                     = 0x400000
+	RTF_CLONING                       = 0x100
+	RTF_CONDEMNED                     = 0x2000000
+	RTF_DELCLONE                      = 0x80
+	RTF_DONE                          = 0x40
+	RTF_DYNAMIC                       = 0x10
+	RTF_GATEWAY                       = 0x2
+	RTF_HOST                          = 0x4
+	RTF_IFREF                         = 0x4000000
+	RTF_IFSCOPE                       = 0x1000000
+	RTF_LLINFO                        = 0x400
+	RTF_LOCAL                         = 0x200000
+	RTF_MODIFIED                      = 0x20
+	RTF_MULTICAST                     = 0x800000
+	RTF_NOIFREF                       = 0x2000
+	RTF_PINNED                        = 0x100000
+	RTF_PRCLONING                     = 0x10000
+	RTF_PROTO1                        = 0x8000
+	RTF_PROTO2                        = 0x4000
+	RTF_PROTO3                        = 0x40000
+	RTF_PROXY                         = 0x8000000
+	RTF_REJECT                        = 0x8
+	RTF_ROUTER                        = 0x10000000
+	RTF_STATIC                        = 0x800
+	RTF_UP                            = 0x1
+	RTF_WASCLONED                     = 0x20000
+	RTF_XRESOLVE                      = 0x200
+	RTM_ADD                           = 0x1
+	RTM_CHANGE                        = 0x3
+	RTM_DELADDR                       = 0xd
+	RTM_DELETE                        = 0x2
+	RTM_DELMADDR                      = 0x10
+	RTM_GET                           = 0x4
+	RTM_GET2                          = 0x14
+	RTM_IFINFO                        = 0xe
+	RTM_IFINFO2                       = 0x12
+	RTM_LOCK                          = 0x8
+	RTM_LOSING                        = 0x5
+	RTM_MISS                          = 0x7
+	RTM_NEWADDR                       = 0xc
+	RTM_NEWMADDR                      = 0xf
+	RTM_NEWMADDR2                     = 0x13
+	RTM_OLDADD                        = 0x9
+	RTM_OLDDEL                        = 0xa
+	RTM_REDIRECT                      = 0x6
+	RTM_RESOLVE                       = 0xb
+	RTM_RTTUNIT                       = 0xf4240
+	RTM_VERSION                       = 0x5
+	RTV_EXPIRE                        = 0x4
+	RTV_HOPCOUNT                      = 0x2
+	RTV_MTU                           = 0x1
+	RTV_RPIPE                         = 0x8
+	RTV_RTT                           = 0x40
+	RTV_RTTVAR                        = 0x80
+	RTV_SPIPE                         = 0x10
+	RTV_SSTHRESH                      = 0x20
+	RUSAGE_CHILDREN                   = -0x1
+	RUSAGE_SELF                       = 0x0
+	SCM_CREDS                         = 0x3
+	SCM_RIGHTS                        = 0x1
+	SCM_TIMESTAMP                     = 0x2
+	SCM_TIMESTAMP_MONOTONIC           = 0x4
+	SHUT_RD                           = 0x0
+	SHUT_RDWR                         = 0x2
+	SHUT_WR                           = 0x1
+	SIOCADDMULTI                      = 0x80206931
+	SIOCAIFADDR                       = 0x8040691a
+	SIOCARPIPLL                       = 0xc0206928
+	SIOCATMARK                        = 0x40047307
+	SIOCAUTOADDR                      = 0xc0206926
+	SIOCAUTONETMASK                   = 0x80206927
+	SIOCDELMULTI                      = 0x80206932
+	SIOCDIFADDR                       = 0x80206919
+	SIOCDIFPHYADDR                    = 0x80206941
+	SIOCGDRVSPEC                      = 0xc028697b
+	SIOCGETVLAN                       = 0xc020697f
+	SIOCGHIWAT                        = 0x40047301
+	SIOCGIFADDR                       = 0xc0206921
+	SIOCGIFALTMTU                     = 0xc0206948
+	SIOCGIFASYNCMAP                   = 0xc020697c
+	SIOCGIFBOND                       = 0xc0206947
+	SIOCGIFBRDADDR                    = 0xc0206923
+	SIOCGIFCAP                        = 0xc020695b
+	SIOCGIFCONF                       = 0xc00c6924
+	SIOCGIFDEVMTU                     = 0xc0206944
+	SIOCGIFDSTADDR                    = 0xc0206922
+	SIOCGIFFLAGS                      = 0xc0206911
+	SIOCGIFGENERIC                    = 0xc020693a
+	SIOCGIFKPI                        = 0xc0206987
+	SIOCGIFMAC                        = 0xc0206982
+	SIOCGIFMEDIA                      = 0xc02c6938
+	SIOCGIFMETRIC                     = 0xc0206917
+	SIOCGIFMTU                        = 0xc0206933
+	SIOCGIFNETMASK                    = 0xc0206925
+	SIOCGIFPDSTADDR                   = 0xc0206940
+	SIOCGIFPHYS                       = 0xc0206935
+	SIOCGIFPSRCADDR                   = 0xc020693f
+	SIOCGIFSTATUS                     = 0xc331693d
+	SIOCGIFVLAN                       = 0xc020697f
+	SIOCGIFWAKEFLAGS                  = 0xc0206988
+	SIOCGLOWAT                        = 0x40047303
+	SIOCGPGRP                         = 0x40047309
+	SIOCIFCREATE                      = 0xc0206978
+	SIOCIFCREATE2                     = 0xc020697a
+	SIOCIFDESTROY                     = 0x80206979
+	SIOCIFGCLONERS                    = 0xc0106981
+	SIOCRSLVMULTI                     = 0xc010693b
+	SIOCSDRVSPEC                      = 0x8028697b
+	SIOCSETVLAN                       = 0x8020697e
+	SIOCSHIWAT                        = 0x80047300
+	SIOCSIFADDR                       = 0x8020690c
+	SIOCSIFALTMTU                     = 0x80206945
+	SIOCSIFASYNCMAP                   = 0x8020697d
+	SIOCSIFBOND                       = 0x80206946
+	SIOCSIFBRDADDR                    = 0x80206913
+	SIOCSIFCAP                        = 0x8020695a
+	SIOCSIFDSTADDR                    = 0x8020690e
+	SIOCSIFFLAGS                      = 0x80206910
+	SIOCSIFGENERIC                    = 0x80206939
+	SIOCSIFKPI                        = 0x80206986
+	SIOCSIFLLADDR                     = 0x8020693c
+	SIOCSIFMAC                        = 0x80206983
+	SIOCSIFMEDIA                      = 0xc0206937
+	SIOCSIFMETRIC                     = 0x80206918
+	SIOCSIFMTU                        = 0x80206934
+	SIOCSIFNETMASK                    = 0x80206916
+	SIOCSIFPHYADDR                    = 0x8040693e
+	SIOCSIFPHYS                       = 0x80206936
+	SIOCSIFVLAN                       = 0x8020697e
+	SIOCSLOWAT                        = 0x80047302
+	SIOCSPGRP                         = 0x80047308
+	SOCK_DGRAM                        = 0x2
+	SOCK_MAXADDRLEN                   = 0xff
+	SOCK_RAW                          = 0x3
+	SOCK_RDM                          = 0x4
+	SOCK_SEQPACKET                    = 0x5
+	SOCK_STREAM                       = 0x1
+	SOL_SOCKET                        = 0xffff
+	SOMAXCONN                         = 0x80
+	SO_ACCEPTCONN                     = 0x2
+	SO_BROADCAST                      = 0x20
+	SO_DEBUG                          = 0x1
+	SO_DONTROUTE                      = 0x10
+	SO_DONTTRUNC                      = 0x2000
+	SO_ERROR                          = 0x1007
+	SO_KEEPALIVE                      = 0x8
+	SO_LABEL                          = 0x1010
+	SO_LINGER                         = 0x80
+	SO_LINGER_SEC                     = 0x1080
+	SO_NETSVC_MARKING_LEVEL           = 0x1119
+	SO_NET_SERVICE_TYPE               = 0x1116
+	SO_NKE                            = 0x1021
+	SO_NOADDRERR                      = 0x1023
+	SO_NOSIGPIPE                      = 0x1022
+	SO_NOTIFYCONFLICT                 = 0x1026
+	SO_NP_EXTENSIONS                  = 0x1083
+	SO_NREAD                          = 0x1020
+	SO_NUMRCVPKT                      = 0x1112
+	SO_NWRITE                         = 0x1024
+	SO_OOBINLINE                      = 0x100
+	SO_PEERLABEL                      = 0x1011
+	SO_RANDOMPORT                     = 0x1082
+	SO_RCVBUF                         = 0x1002
+	SO_RCVLOWAT                       = 0x1004
+	SO_RCVTIMEO                       = 0x1006
+	SO_REUSEADDR                      = 0x4
+	SO_REUSEPORT                      = 0x200
+	SO_REUSESHAREUID                  = 0x1025
+	SO_SNDBUF                         = 0x1001
+	SO_SNDLOWAT                       = 0x1003
+	SO_SNDTIMEO                       = 0x1005
+	SO_TIMESTAMP                      = 0x400
+	SO_TIMESTAMP_MONOTONIC            = 0x800
+	SO_TYPE                           = 0x1008
+	SO_UPCALLCLOSEWAIT                = 0x1027
+	SO_USELOOPBACK                    = 0x40
+	SO_WANTMORE                       = 0x4000
+	SO_WANTOOBFLAG                    = 0x8000
+	S_IEXEC                           = 0x40
+	S_IFBLK                           = 0x6000
+	S_IFCHR                           = 0x2000
+	S_IFDIR                           = 0x4000
+	S_IFIFO                           = 0x1000
+	S_IFLNK                           = 0xa000
+	S_IFMT                            = 0xf000
+	S_IFREG                           = 0x8000
+	S_IFSOCK                          = 0xc000
+	S_IFWHT                           = 0xe000
+	S_IREAD                           = 0x100
+	S_IRGRP                           = 0x20
+	S_IROTH                           = 0x4
+	S_IRUSR                           = 0x100
+	S_IRWXG                           = 0x38
+	S_IRWXO                           = 0x7
+	S_IRWXU                           = 0x1c0
+	S_ISGID                           = 0x400
+	S_ISTXT                           = 0x200
+	S_ISUID                           = 0x800
+	S_ISVTX                           = 0x200
+	S_IWGRP                           = 0x10
+	S_IWOTH                           = 0x2
+	S_IWRITE                          = 0x80
+	S_IWUSR                           = 0x80
+	S_IXGRP                           = 0x8
+	S_IXOTH                           = 0x1
+	S_IXUSR                           = 0x40
+	TAB0                              = 0x0
+	TAB1                              = 0x400
+	TAB2                              = 0x800
+	TAB3                              = 0x4
+	TABDLY                            = 0xc04
+	TCIFLUSH                          = 0x1
+	TCIOFF                            = 0x3
+	TCIOFLUSH                         = 0x3
+	TCION                             = 0x4
+	TCOFLUSH                          = 0x2
+	TCOOFF                            = 0x1
+	TCOON                             = 0x2
+	TCP_CONNECTIONTIMEOUT             = 0x20
+	TCP_CONNECTION_INFO               = 0x106
+	TCP_ENABLE_ECN                    = 0x104
+	TCP_FASTOPEN                      = 0x105
+	TCP_KEEPALIVE                     = 0x10
+	TCP_KEEPCNT                       = 0x102
+	TCP_KEEPINTVL                     = 0x101
+	TCP_MAXHLEN                       = 0x3c
+	TCP_MAXOLEN                       = 0x28
+	TCP_MAXSEG                        = 0x2
+	TCP_MAXWIN                        = 0xffff
+	TCP_MAX_SACK                      = 0x4
+	TCP_MAX_WINSHIFT                  = 0xe
+	TCP_MINMSS                        = 0xd8
+	TCP_MSS                           = 0x200
+	TCP_NODELAY                       = 0x1
+	TCP_NOOPT                         = 0x8
+	TCP_NOPUSH                        = 0x4
+	TCP_NOTSENT_LOWAT                 = 0x201
+	TCP_RXT_CONNDROPTIME              = 0x80
+	TCP_RXT_FINDROP                   = 0x100
+	TCP_SENDMOREACKS                  = 0x103
+	TCSAFLUSH                         = 0x2
+	TIOCCBRK                          = 0x2000747a
+	TIOCCDTR                          = 0x20007478
+	TIOCCONS                          = 0x80047462
+	TIOCDCDTIMESTAMP                  = 0x40107458
+	TIOCDRAIN                         = 0x2000745e
+	TIOCDSIMICROCODE                  = 0x20007455
+	TIOCEXCL                          = 0x2000740d
+	TIOCEXT                           = 0x80047460
+	TIOCFLUSH                         = 0x80047410
+	TIOCGDRAINWAIT                    = 0x40047456
+	TIOCGETA                          = 0x40487413
+	TIOCGETD                          = 0x4004741a
+	TIOCGPGRP                         = 0x40047477
+	TIOCGWINSZ                        = 0x40087468
+	TIOCIXOFF                         = 0x20007480
+	TIOCIXON                          = 0x20007481
+	TIOCMBIC                          = 0x8004746b
+	TIOCMBIS                          = 0x8004746c
+	TIOCMGDTRWAIT                     = 0x4004745a
+	TIOCMGET                          = 0x4004746a
+	TIOCMODG                          = 0x40047403
+	TIOCMODS                          = 0x80047404
+	TIOCMSDTRWAIT                     = 0x8004745b
+	TIOCMSET                          = 0x8004746d
+	TIOCM_CAR                         = 0x40
+	TIOCM_CD                          = 0x40
+	TIOCM_CTS                         = 0x20
+	TIOCM_DSR                         = 0x100
+	TIOCM_DTR                         = 0x2
+	TIOCM_LE                          = 0x1
+	TIOCM_RI                          = 0x80
+	TIOCM_RNG                         = 0x80
+	TIOCM_RTS                         = 0x4
+	TIOCM_SR                          = 0x10
+	TIOCM_ST                          = 0x8
+	TIOCNOTTY                         = 0x20007471
+	TIOCNXCL                          = 0x2000740e
+	TIOCOUTQ                          = 0x40047473
+	TIOCPKT                           = 0x80047470
+	TIOCPKT_DATA                      = 0x0
+	TIOCPKT_DOSTOP                    = 0x20
+	TIOCPKT_FLUSHREAD                 = 0x1
+	TIOCPKT_FLUSHWRITE                = 0x2
+	TIOCPKT_IOCTL                     = 0x40
+	TIOCPKT_NOSTOP                    = 0x10
+	TIOCPKT_START                     = 0x8
+	TIOCPKT_STOP                      = 0x4
+	TIOCPTYGNAME                      = 0x40807453
+	TIOCPTYGRANT                      = 0x20007454
+	TIOCPTYUNLK                       = 0x20007452
+	TIOCREMOTE                        = 0x80047469
+	TIOCSBRK                          = 0x2000747b
+	TIOCSCONS                         = 0x20007463
+	TIOCSCTTY                         = 0x20007461
+	TIOCSDRAINWAIT                    = 0x80047457
+	TIOCSDTR                          = 0x20007479
+	TIOCSETA                          = 0x80487414
+	TIOCSETAF                         = 0x80487416
+	TIOCSETAW                         = 0x80487415
+	TIOCSETD                          = 0x8004741b
+	TIOCSIG                           = 0x2000745f
+	TIOCSPGRP                         = 0x80047476
+	TIOCSTART                         = 0x2000746e
+	TIOCSTAT                          = 0x20007465
+	TIOCSTI                           = 0x80017472
+	TIOCSTOP                          = 0x2000746f
+	TIOCSWINSZ                        = 0x80087467
+	TIOCTIMESTAMP                     = 0x40107459
+	TIOCUCNTL                         = 0x80047466
+	TOSTOP                            = 0x400000
+	VDISCARD                          = 0xf
+	VDSUSP                            = 0xb
+	VEOF                              = 0x0
+	VEOL                              = 0x1
+	VEOL2                             = 0x2
+	VERASE                            = 0x3
+	VINTR                             = 0x8
+	VKILL                             = 0x5
+	VLNEXT                            = 0xe
+	VMIN                              = 0x10
+	VM_LOADAVG                        = 0x2
+	VM_MACHFACTOR                     = 0x4
+	VM_MAXID                          = 0x6
+	VM_METER                          = 0x1
+	VM_SWAPUSAGE                      = 0x5
+	VQUIT                             = 0x9
+	VREPRINT                          = 0x6
+	VSTART                            = 0xc
+	VSTATUS                           = 0x12
+	VSTOP                             = 0xd
+	VSUSP                             = 0xa
+	VT0                               = 0x0
+	VT1                               = 0x10000
+	VTDLY                             = 0x10000
+	VTIME                             = 0x11
+	VWERASE                           = 0x4
+	WCONTINUED                        = 0x10
+	WCOREFLAG                         = 0x80
+	WEXITED                           = 0x4
+	WNOHANG                           = 0x1
+	WNOWAIT                           = 0x20
+	WORDSIZE                          = 0x40
+	WSTOPPED                          = 0x8
+	WUNTRACED                         = 0x2
+	XATTR_CREATE                      = 0x2
+	XATTR_NODEFAULT                   = 0x10
+	XATTR_NOFOLLOW                    = 0x1
+	XATTR_NOSECURITY                  = 0x8
+	XATTR_REPLACE                     = 0x4
+	XATTR_SHOWCOMPRESSION             = 0x20
+)
+
+// Errors
+const (
+	E2BIG           = syscall.Errno(0x7)
+	EACCES          = syscall.Errno(0xd)
+	EADDRINUSE      = syscall.Errno(0x30)
+	EADDRNOTAVAIL   = syscall.Errno(0x31)
+	EAFNOSUPPORT    = syscall.Errno(0x2f)
+	EAGAIN          = syscall.Errno(0x23)
+	EALREADY        = syscall.Errno(0x25)
+	EAUTH           = syscall.Errno(0x50)
+	EBADARCH        = syscall.Errno(0x56)
+	EBADEXEC        = syscall.Errno(0x55)
+	EBADF           = syscall.Errno(0x9)
+	EBADMACHO       = syscall.Errno(0x58)
+	EBADMSG         = syscall.Errno(0x5e)
+	EBADRPC         = syscall.Errno(0x48)
+	EBUSY           = syscall.Errno(0x10)
+	ECANCELED       = syscall.Errno(0x59)
+	ECHILD          = syscall.Errno(0xa)
+	ECONNABORTED    = syscall.Errno(0x35)
+	ECONNREFUSED    = syscall.Errno(0x3d)
+	ECONNRESET      = syscall.Errno(0x36)
+	EDEADLK         = syscall.Errno(0xb)
+	EDESTADDRREQ    = syscall.Errno(0x27)
+	EDEVERR         = syscall.Errno(0x53)
+	EDOM            = syscall.Errno(0x21)
+	EDQUOT          = syscall.Errno(0x45)
+	EEXIST          = syscall.Errno(0x11)
+	EFAULT          = syscall.Errno(0xe)
+	EFBIG           = syscall.Errno(0x1b)
+	EFTYPE          = syscall.Errno(0x4f)
+	EHOSTDOWN       = syscall.Errno(0x40)
+	EHOSTUNREACH    = syscall.Errno(0x41)
+	EIDRM           = syscall.Errno(0x5a)
+	EILSEQ          = syscall.Errno(0x5c)
+	EINPROGRESS     = syscall.Errno(0x24)
+	EINTR           = syscall.Errno(0x4)
+	EINVAL          = syscall.Errno(0x16)
+	EIO             = syscall.Errno(0x5)
+	EISCONN         = syscall.Errno(0x38)
+	EISDIR          = syscall.Errno(0x15)
+	ELAST           = syscall.Errno(0x6a)
+	ELOOP           = syscall.Errno(0x3e)
+	EMFILE          = syscall.Errno(0x18)
+	EMLINK          = syscall.Errno(0x1f)
+	EMSGSIZE        = syscall.Errno(0x28)
+	EMULTIHOP       = syscall.Errno(0x5f)
+	ENAMETOOLONG    = syscall.Errno(0x3f)
+	ENEEDAUTH       = syscall.Errno(0x51)
+	ENETDOWN        = syscall.Errno(0x32)
+	ENETRESET       = syscall.Errno(0x34)
+	ENETUNREACH     = syscall.Errno(0x33)
+	ENFILE          = syscall.Errno(0x17)
+	ENOATTR         = syscall.Errno(0x5d)
+	ENOBUFS         = syscall.Errno(0x37)
+	ENODATA         = syscall.Errno(0x60)
+	ENODEV          = syscall.Errno(0x13)
+	ENOENT          = syscall.Errno(0x2)
+	ENOEXEC         = syscall.Errno(0x8)
+	ENOLCK          = syscall.Errno(0x4d)
+	ENOLINK         = syscall.Errno(0x61)
+	ENOMEM          = syscall.Errno(0xc)
+	ENOMSG          = syscall.Errno(0x5b)
+	ENOPOLICY       = syscall.Errno(0x67)
+	ENOPROTOOPT     = syscall.Errno(0x2a)
+	ENOSPC          = syscall.Errno(0x1c)
+	ENOSR           = syscall.Errno(0x62)
+	ENOSTR          = syscall.Errno(0x63)
+	ENOSYS          = syscall.Errno(0x4e)
+	ENOTBLK         = syscall.Errno(0xf)
+	ENOTCONN        = syscall.Errno(0x39)
+	ENOTDIR         = syscall.Errno(0x14)
+	ENOTEMPTY       = syscall.Errno(0x42)
+	ENOTRECOVERABLE = syscall.Errno(0x68)
+	ENOTSOCK        = syscall.Errno(0x26)
+	ENOTSUP         = syscall.Errno(0x2d)
+	ENOTTY          = syscall.Errno(0x19)
+	ENXIO           = syscall.Errno(0x6)
+	EOPNOTSUPP      = syscall.Errno(0x66)
+	EOVERFLOW       = syscall.Errno(0x54)
+	EOWNERDEAD      = syscall.Errno(0x69)
+	EPERM           = syscall.Errno(0x1)
+	EPFNOSUPPORT    = syscall.Errno(0x2e)
+	EPIPE           = syscall.Errno(0x20)
+	EPROCLIM        = syscall.Errno(0x43)
+	EPROCUNAVAIL    = syscall.Errno(0x4c)
+	EPROGMISMATCH   = syscall.Errno(0x4b)
+	EPROGUNAVAIL    = syscall.Errno(0x4a)
+	EPROTO          = syscall.Errno(0x64)
+	EPROTONOSUPPORT = syscall.Errno(0x2b)
+	EPROTOTYPE      = syscall.Errno(0x29)
+	EPWROFF         = syscall.Errno(0x52)
+	EQFULL          = syscall.Errno(0x6a)
+	ERANGE          = syscall.Errno(0x22)
+	EREMOTE         = syscall.Errno(0x47)
+	EROFS           = syscall.Errno(0x1e)
+	ERPCMISMATCH    = syscall.Errno(0x49)
+	ESHLIBVERS      = syscall.Errno(0x57)
+	ESHUTDOWN       = syscall.Errno(0x3a)
+	ESOCKTNOSUPPORT = syscall.Errno(0x2c)
+	ESPIPE          = syscall.Errno(0x1d)
+	ESRCH           = syscall.Errno(0x3)
+	ESTALE          = syscall.Errno(0x46)
+	ETIME           = syscall.Errno(0x65)
+	ETIMEDOUT       = syscall.Errno(0x3c)
+	ETOOMANYREFS    = syscall.Errno(0x3b)
+	ETXTBSY         = syscall.Errno(0x1a)
+	EUSERS          = syscall.Errno(0x44)
+	EWOULDBLOCK     = syscall.Errno(0x23)
+	EXDEV           = syscall.Errno(0x12)
+)
+
+// Signals
+const (
+	SIGABRT   = syscall.Signal(0x6)
+	SIGALRM   = syscall.Signal(0xe)
+	SIGBUS    = syscall.Signal(0xa)
+	SIGCHLD   = syscall.Signal(0x14)
+	SIGCONT   = syscall.Signal(0x13)
+	SIGEMT    = syscall.Signal(0x7)
+	SIGFPE    = syscall.Signal(0x8)
+	SIGHUP    = syscall.Signal(0x1)
+	SIGILL    = syscall.Signal(0x4)
+	SIGINFO   = syscall.Signal(0x1d)
+	SIGINT    = syscall.Signal(0x2)
+	SIGIO     = syscall.Signal(0x17)
+	SIGIOT    = syscall.Signal(0x6)
+	SIGKILL   = syscall.Signal(0x9)
+	SIGPIPE   = syscall.Signal(0xd)
+	SIGPROF   = syscall.Signal(0x1b)
+	SIGQUIT   = syscall.Signal(0x3)
+	SIGSEGV   = syscall.Signal(0xb)
+	SIGSTOP   = syscall.Signal(0x11)
+	SIGSYS    = syscall.Signal(0xc)
+	SIGTERM   = syscall.Signal(0xf)
+	SIGTRAP   = syscall.Signal(0x5)
+	SIGTSTP   = syscall.Signal(0x12)
+	SIGTTIN   = syscall.Signal(0x15)
+	SIGTTOU   = syscall.Signal(0x16)
+	SIGURG    = syscall.Signal(0x10)
+	SIGUSR1   = syscall.Signal(0x1e)
+	SIGUSR2   = syscall.Signal(0x1f)
+	SIGVTALRM = syscall.Signal(0x1a)
+	SIGWINCH  = syscall.Signal(0x1c)
+	SIGXCPU   = syscall.Signal(0x18)
+	SIGXFSZ   = syscall.Signal(0x19)
+)
+
+// Error table
+var errorList = [...]struct {
+	num  syscall.Errno
+	name string
+	desc string
+}{
+	{1, "EPERM", "operation not permitted"},
+	{2, "ENOENT", "no such file or directory"},
+	{3, "ESRCH", "no such process"},
+	{4, "EINTR", "interrupted system call"},
+	{5, "EIO", "input/output error"},
+	{6, "ENXIO", "device not configured"},
+	{7, "E2BIG", "argument list too long"},
+	{8, "ENOEXEC", "exec format error"},
+	{9, "EBADF", "bad file descriptor"},
+	{10, "ECHILD", "no child processes"},
+	{11, "EDEADLK", "resource deadlock avoided"},
+	{12, "ENOMEM", "cannot allocate memory"},
+	{13, "EACCES", "permission denied"},
+	{14, "EFAULT", "bad address"},
+	{15, "ENOTBLK", "block device required"},
+	{16, "EBUSY", "resource busy"},
+	{17, "EEXIST", "file exists"},
+	{18, "EXDEV", "cross-device link"},
+	{19, "ENODEV", "operation not supported by device"},
+	{20, "ENOTDIR", "not a directory"},
+	{21, "EISDIR", "is a directory"},
+	{22, "EINVAL", "invalid argument"},
+	{23, "ENFILE", "too many open files in system"},
+	{24, "EMFILE", "too many open files"},
+	{25, "ENOTTY", "inappropriate ioctl for device"},
+	{26, "ETXTBSY", "text file busy"},
+	{27, "EFBIG", "file too large"},
+	{28, "ENOSPC", "no space left on device"},
+	{29, "ESPIPE", "illegal seek"},
+	{30, "EROFS", "read-only file system"},
+	{31, "EMLINK", "too many links"},
+	{32, "EPIPE", "broken pipe"},
+	{33, "EDOM", "numerical argument out of domain"},
+	{34, "ERANGE", "result too large"},
+	{35, "EAGAIN", "resource temporarily unavailable"},
+	{36, "EINPROGRESS", "operation now in progress"},
+	{37, "EALREADY", "operation already in progress"},
+	{38, "ENOTSOCK", "socket operation on non-socket"},
+	{39, "EDESTADDRREQ", "destination address required"},
+	{40, "EMSGSIZE", "message too long"},
+	{41, "EPROTOTYPE", "protocol wrong type for socket"},
+	{42, "ENOPROTOOPT", "protocol not available"},
+	{43, "EPROTONOSUPPORT", "protocol not supported"},
+	{44, "ESOCKTNOSUPPORT", "socket type not supported"},
+	{45, "ENOTSUP", "operation not supported"},
+	{46, "EPFNOSUPPORT", "protocol family not supported"},
+	{47, "EAFNOSUPPORT", "address family not supported by protocol family"},
+	{48, "EADDRINUSE", "address already in use"},
+	{49, "EADDRNOTAVAIL", "can't assign requested address"},
+	{50, "ENETDOWN", "network is down"},
+	{51, "ENETUNREACH", "network is unreachable"},
+	{52, "ENETRESET", "network dropped connection on reset"},
+	{53, "ECONNABORTED", "software caused connection abort"},
+	{54, "ECONNRESET", "connection reset by peer"},
+	{55, "ENOBUFS", "no buffer space available"},
+	{56, "EISCONN", "socket is already connected"},
+	{57, "ENOTCONN", "socket is not connected"},
+	{58, "ESHUTDOWN", "can't send after socket shutdown"},
+	{59, "ETOOMANYREFS", "too many references: can't splice"},
+	{60, "ETIMEDOUT", "operation timed out"},
+	{61, "ECONNREFUSED", "connection refused"},
+	{62, "ELOOP", "too many levels of symbolic links"},
+	{63, "ENAMETOOLONG", "file name too long"},
+	{64, "EHOSTDOWN", "host is down"},
+	{65, "EHOSTUNREACH", "no route to host"},
+	{66, "ENOTEMPTY", "directory not empty"},
+	{67, "EPROCLIM", "too many processes"},
+	{68, "EUSERS", "too many users"},
+	{69, "EDQUOT", "disc quota exceeded"},
+	{70, "ESTALE", "stale NFS file handle"},
+	{71, "EREMOTE", "too many levels of remote in path"},
+	{72, "EBADRPC", "RPC struct is bad"},
+	{73, "ERPCMISMATCH", "RPC version wrong"},
+	{74, "EPROGUNAVAIL", "RPC prog. not avail"},
+	{75, "EPROGMISMATCH", "program version wrong"},
+	{76, "EPROCUNAVAIL", "bad procedure for program"},
+	{77, "ENOLCK", "no locks available"},
+	{78, "ENOSYS", "function not implemented"},
+	{79, "EFTYPE", "inappropriate file type or format"},
+	{80, "EAUTH", "authentication error"},
+	{81, "ENEEDAUTH", "need authenticator"},
+	{82, "EPWROFF", "device power is off"},
+	{83, "EDEVERR", "device error"},
+	{84, "EOVERFLOW", "value too large to be stored in data type"},
+	{85, "EBADEXEC", "bad executable (or shared library)"},
+	{86, "EBADARCH", "bad CPU type in executable"},
+	{87, "ESHLIBVERS", "shared library version mismatch"},
+	{88, "EBADMACHO", "malformed Mach-o file"},
+	{89, "ECANCELED", "operation canceled"},
+	{90, "EIDRM", "identifier removed"},
+	{91, "ENOMSG", "no message of desired type"},
+	{92, "EILSEQ", "illegal byte sequence"},
+	{93, "ENOATTR", "attribute not found"},
+	{94, "EBADMSG", "bad message"},
+	{95, "EMULTIHOP", "EMULTIHOP (Reserved)"},
+	{96, "ENODATA", "no message available on STREAM"},
+	{97, "ENOLINK", "ENOLINK (Reserved)"},
+	{98, "ENOSR", "no STREAM resources"},
+	{99, "ENOSTR", "not a STREAM"},
+	{100, "EPROTO", "protocol error"},
+	{101, "ETIME", "STREAM ioctl timeout"},
+	{102, "EOPNOTSUPP", "operation not supported on socket"},
+	{103, "ENOPOLICY", "policy not found"},
+	{104, "ENOTRECOVERABLE", "state not recoverable"},
+	{105, "EOWNERDEAD", "previous owner died"},
+	{106, "EQFULL", "interface output queue is full"},
+}
+
+// Signal table
+var signalList = [...]struct {
+	num  syscall.Signal
+	name string
+	desc string
+}{
+	{1, "SIGHUP", "hangup"},
+	{2, "SIGINT", "interrupt"},
+	{3, "SIGQUIT", "quit"},
+	{4, "SIGILL", "illegal instruction"},
+	{5, "SIGTRAP", "trace/BPT trap"},
+	{6, "SIGABRT", "abort trap"},
+	{7, "SIGEMT", "EMT trap"},
+	{8, "SIGFPE", "floating point exception"},
+	{9, "SIGKILL", "killed"},
+	{10, "SIGBUS", "bus error"},
+	{11, "SIGSEGV", "segmentation fault"},
+	{12, "SIGSYS", "bad system call"},
+	{13, "SIGPIPE", "broken pipe"},
+	{14, "SIGALRM", "alarm clock"},
+	{15, "SIGTERM", "terminated"},
+	{16, "SIGURG", "urgent I/O condition"},
+	{17, "SIGSTOP", "suspended (signal)"},
+	{18, "SIGTSTP", "suspended"},
+	{19, "SIGCONT", "continued"},
+	{20, "SIGCHLD", "child exited"},
+	{21, "SIGTTIN", "stopped (tty input)"},
+	{22, "SIGTTOU", "stopped (tty output)"},
+	{23, "SIGIO", "I/O possible"},
+	{24, "SIGXCPU", "cputime limit exceeded"},
+	{25, "SIGXFSZ", "filesize limit exceeded"},
+	{26, "SIGVTALRM", "virtual timer expired"},
+	{27, "SIGPROF", "profiling timer expired"},
+	{28, "SIGWINCH", "window size changes"},
+	{29, "SIGINFO", "information request"},
+	{30, "SIGUSR1", "user defined signal 1"},
+	{31, "SIGUSR2", "user defined signal 2"},
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_darwin_arm.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_darwin_arm.go
new file mode 100644
index 000000000..ddc5d001b
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_darwin_arm.go
@@ -0,0 +1,1786 @@
+// mkerrors.sh
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build arm,darwin
+
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs -- _const.go
+
+package unix
+
+import "syscall"
+
+const (
+	AF_APPLETALK                      = 0x10
+	AF_CCITT                          = 0xa
+	AF_CHAOS                          = 0x5
+	AF_CNT                            = 0x15
+	AF_COIP                           = 0x14
+	AF_DATAKIT                        = 0x9
+	AF_DECnet                         = 0xc
+	AF_DLI                            = 0xd
+	AF_E164                           = 0x1c
+	AF_ECMA                           = 0x8
+	AF_HYLINK                         = 0xf
+	AF_IEEE80211                      = 0x25
+	AF_IMPLINK                        = 0x3
+	AF_INET                           = 0x2
+	AF_INET6                          = 0x1e
+	AF_IPX                            = 0x17
+	AF_ISDN                           = 0x1c
+	AF_ISO                            = 0x7
+	AF_LAT                            = 0xe
+	AF_LINK                           = 0x12
+	AF_LOCAL                          = 0x1
+	AF_MAX                            = 0x28
+	AF_NATM                           = 0x1f
+	AF_NDRV                           = 0x1b
+	AF_NETBIOS                        = 0x21
+	AF_NS                             = 0x6
+	AF_OSI                            = 0x7
+	AF_PPP                            = 0x22
+	AF_PUP                            = 0x4
+	AF_RESERVED_36                    = 0x24
+	AF_ROUTE                          = 0x11
+	AF_SIP                            = 0x18
+	AF_SNA                            = 0xb
+	AF_SYSTEM                         = 0x20
+	AF_UNIX                           = 0x1
+	AF_UNSPEC                         = 0x0
+	AF_UTUN                           = 0x26
+	ALTWERASE                         = 0x200
+	ATTR_BIT_MAP_COUNT                = 0x5
+	ATTR_CMN_ACCESSMASK               = 0x20000
+	ATTR_CMN_ACCTIME                  = 0x1000
+	ATTR_CMN_ADDEDTIME                = 0x10000000
+	ATTR_CMN_BKUPTIME                 = 0x2000
+	ATTR_CMN_CHGTIME                  = 0x800
+	ATTR_CMN_CRTIME                   = 0x200
+	ATTR_CMN_DATA_PROTECT_FLAGS       = 0x40000000
+	ATTR_CMN_DEVID                    = 0x2
+	ATTR_CMN_DOCUMENT_ID              = 0x100000
+	ATTR_CMN_ERROR                    = 0x20000000
+	ATTR_CMN_EXTENDED_SECURITY        = 0x400000
+	ATTR_CMN_FILEID                   = 0x2000000
+	ATTR_CMN_FLAGS                    = 0x40000
+	ATTR_CMN_FNDRINFO                 = 0x4000
+	ATTR_CMN_FSID                     = 0x4
+	ATTR_CMN_FULLPATH                 = 0x8000000
+	ATTR_CMN_GEN_COUNT                = 0x80000
+	ATTR_CMN_GRPID                    = 0x10000
+	ATTR_CMN_GRPUUID                  = 0x1000000
+	ATTR_CMN_MODTIME                  = 0x400
+	ATTR_CMN_NAME                     = 0x1
+	ATTR_CMN_NAMEDATTRCOUNT           = 0x80000
+	ATTR_CMN_NAMEDATTRLIST            = 0x100000
+	ATTR_CMN_OBJID                    = 0x20
+	ATTR_CMN_OBJPERMANENTID           = 0x40
+	ATTR_CMN_OBJTAG                   = 0x10
+	ATTR_CMN_OBJTYPE                  = 0x8
+	ATTR_CMN_OWNERID                  = 0x8000
+	ATTR_CMN_PARENTID                 = 0x4000000
+	ATTR_CMN_PAROBJID                 = 0x80
+	ATTR_CMN_RETURNED_ATTRS           = 0x80000000
+	ATTR_CMN_SCRIPT                   = 0x100
+	ATTR_CMN_SETMASK                  = 0x41c7ff00
+	ATTR_CMN_USERACCESS               = 0x200000
+	ATTR_CMN_UUID                     = 0x800000
+	ATTR_CMN_VALIDMASK                = 0xffffffff
+	ATTR_CMN_VOLSETMASK               = 0x6700
+	ATTR_FILE_ALLOCSIZE               = 0x4
+	ATTR_FILE_CLUMPSIZE               = 0x10
+	ATTR_FILE_DATAALLOCSIZE           = 0x400
+	ATTR_FILE_DATAEXTENTS             = 0x800
+	ATTR_FILE_DATALENGTH              = 0x200
+	ATTR_FILE_DEVTYPE                 = 0x20
+	ATTR_FILE_FILETYPE                = 0x40
+	ATTR_FILE_FORKCOUNT               = 0x80
+	ATTR_FILE_FORKLIST                = 0x100
+	ATTR_FILE_IOBLOCKSIZE             = 0x8
+	ATTR_FILE_LINKCOUNT               = 0x1
+	ATTR_FILE_RSRCALLOCSIZE           = 0x2000
+	ATTR_FILE_RSRCEXTENTS             = 0x4000
+	ATTR_FILE_RSRCLENGTH              = 0x1000
+	ATTR_FILE_SETMASK                 = 0x20
+	ATTR_FILE_TOTALSIZE               = 0x2
+	ATTR_FILE_VALIDMASK               = 0x37ff
+	ATTR_VOL_ALLOCATIONCLUMP          = 0x40
+	ATTR_VOL_ATTRIBUTES               = 0x40000000
+	ATTR_VOL_CAPABILITIES             = 0x20000
+	ATTR_VOL_DIRCOUNT                 = 0x400
+	ATTR_VOL_ENCODINGSUSED            = 0x10000
+	ATTR_VOL_FILECOUNT                = 0x200
+	ATTR_VOL_FSTYPE                   = 0x1
+	ATTR_VOL_INFO                     = 0x80000000
+	ATTR_VOL_IOBLOCKSIZE              = 0x80
+	ATTR_VOL_MAXOBJCOUNT              = 0x800
+	ATTR_VOL_MINALLOCATION            = 0x20
+	ATTR_VOL_MOUNTEDDEVICE            = 0x8000
+	ATTR_VOL_MOUNTFLAGS               = 0x4000
+	ATTR_VOL_MOUNTPOINT               = 0x1000
+	ATTR_VOL_NAME                     = 0x2000
+	ATTR_VOL_OBJCOUNT                 = 0x100
+	ATTR_VOL_QUOTA_SIZE               = 0x10000000
+	ATTR_VOL_RESERVED_SIZE            = 0x20000000
+	ATTR_VOL_SETMASK                  = 0x80002000
+	ATTR_VOL_SIGNATURE                = 0x2
+	ATTR_VOL_SIZE                     = 0x4
+	ATTR_VOL_SPACEAVAIL               = 0x10
+	ATTR_VOL_SPACEFREE                = 0x8
+	ATTR_VOL_UUID                     = 0x40000
+	ATTR_VOL_VALIDMASK                = 0xf007ffff
+	B0                                = 0x0
+	B110                              = 0x6e
+	B115200                           = 0x1c200
+	B1200                             = 0x4b0
+	B134                              = 0x86
+	B14400                            = 0x3840
+	B150                              = 0x96
+	B1800                             = 0x708
+	B19200                            = 0x4b00
+	B200                              = 0xc8
+	B230400                           = 0x38400
+	B2400                             = 0x960
+	B28800                            = 0x7080
+	B300                              = 0x12c
+	B38400                            = 0x9600
+	B4800                             = 0x12c0
+	B50                               = 0x32
+	B57600                            = 0xe100
+	B600                              = 0x258
+	B7200                             = 0x1c20
+	B75                               = 0x4b
+	B76800                            = 0x12c00
+	B9600                             = 0x2580
+	BIOCFLUSH                         = 0x20004268
+	BIOCGBLEN                         = 0x40044266
+	BIOCGDLT                          = 0x4004426a
+	BIOCGDLTLIST                      = 0xc00c4279
+	BIOCGETIF                         = 0x4020426b
+	BIOCGHDRCMPLT                     = 0x40044274
+	BIOCGRSIG                         = 0x40044272
+	BIOCGRTIMEOUT                     = 0x4010426e
+	BIOCGSEESENT                      = 0x40044276
+	BIOCGSTATS                        = 0x4008426f
+	BIOCIMMEDIATE                     = 0x80044270
+	BIOCPROMISC                       = 0x20004269
+	BIOCSBLEN                         = 0xc0044266
+	BIOCSDLT                          = 0x80044278
+	BIOCSETF                          = 0x80104267
+	BIOCSETFNR                        = 0x8010427e
+	BIOCSETIF                         = 0x8020426c
+	BIOCSHDRCMPLT                     = 0x80044275
+	BIOCSRSIG                         = 0x80044273
+	BIOCSRTIMEOUT                     = 0x8010426d
+	BIOCSSEESENT                      = 0x80044277
+	BIOCVERSION                       = 0x40044271
+	BPF_A                             = 0x10
+	BPF_ABS                           = 0x20
+	BPF_ADD                           = 0x0
+	BPF_ALIGNMENT                     = 0x4
+	BPF_ALU                           = 0x4
+	BPF_AND                           = 0x50
+	BPF_B                             = 0x10
+	BPF_DIV                           = 0x30
+	BPF_H                             = 0x8
+	BPF_IMM                           = 0x0
+	BPF_IND                           = 0x40
+	BPF_JA                            = 0x0
+	BPF_JEQ                           = 0x10
+	BPF_JGE                           = 0x30
+	BPF_JGT                           = 0x20
+	BPF_JMP                           = 0x5
+	BPF_JSET                          = 0x40
+	BPF_K                             = 0x0
+	BPF_LD                            = 0x0
+	BPF_LDX                           = 0x1
+	BPF_LEN                           = 0x80
+	BPF_LSH                           = 0x60
+	BPF_MAJOR_VERSION                 = 0x1
+	BPF_MAXBUFSIZE                    = 0x80000
+	BPF_MAXINSNS                      = 0x200
+	BPF_MEM                           = 0x60
+	BPF_MEMWORDS                      = 0x10
+	BPF_MINBUFSIZE                    = 0x20
+	BPF_MINOR_VERSION                 = 0x1
+	BPF_MISC                          = 0x7
+	BPF_MSH                           = 0xa0
+	BPF_MUL                           = 0x20
+	BPF_NEG                           = 0x80
+	BPF_OR                            = 0x40
+	BPF_RELEASE                       = 0x30bb6
+	BPF_RET                           = 0x6
+	BPF_RSH                           = 0x70
+	BPF_ST                            = 0x2
+	BPF_STX                           = 0x3
+	BPF_SUB                           = 0x10
+	BPF_TAX                           = 0x0
+	BPF_TXA                           = 0x80
+	BPF_W                             = 0x0
+	BPF_X                             = 0x8
+	BRKINT                            = 0x2
+	BS0                               = 0x0
+	BS1                               = 0x8000
+	BSDLY                             = 0x8000
+	CFLUSH                            = 0xf
+	CLOCAL                            = 0x8000
+	CLOCK_MONOTONIC                   = 0x6
+	CLOCK_MONOTONIC_RAW               = 0x4
+	CLOCK_MONOTONIC_RAW_APPROX        = 0x5
+	CLOCK_PROCESS_CPUTIME_ID          = 0xc
+	CLOCK_REALTIME                    = 0x0
+	CLOCK_THREAD_CPUTIME_ID           = 0x10
+	CLOCK_UPTIME_RAW                  = 0x8
+	CLOCK_UPTIME_RAW_APPROX           = 0x9
+	CLONE_NOFOLLOW                    = 0x1
+	CLONE_NOOWNERCOPY                 = 0x2
+	CR0                               = 0x0
+	CR1                               = 0x1000
+	CR2                               = 0x2000
+	CR3                               = 0x3000
+	CRDLY                             = 0x3000
+	CREAD                             = 0x800
+	CRTSCTS                           = 0x30000
+	CS5                               = 0x0
+	CS6                               = 0x100
+	CS7                               = 0x200
+	CS8                               = 0x300
+	CSIZE                             = 0x300
+	CSTART                            = 0x11
+	CSTATUS                           = 0x14
+	CSTOP                             = 0x13
+	CSTOPB                            = 0x400
+	CSUSP                             = 0x1a
+	CTL_HW                            = 0x6
+	CTL_KERN                          = 0x1
+	CTL_MAXNAME                       = 0xc
+	CTL_NET                           = 0x4
+	DLT_A429                          = 0xb8
+	DLT_A653_ICM                      = 0xb9
+	DLT_AIRONET_HEADER                = 0x78
+	DLT_AOS                           = 0xde
+	DLT_APPLE_IP_OVER_IEEE1394        = 0x8a
+	DLT_ARCNET                        = 0x7
+	DLT_ARCNET_LINUX                  = 0x81
+	DLT_ATM_CLIP                      = 0x13
+	DLT_ATM_RFC1483                   = 0xb
+	DLT_AURORA                        = 0x7e
+	DLT_AX25                          = 0x3
+	DLT_AX25_KISS                     = 0xca
+	DLT_BACNET_MS_TP                  = 0xa5
+	DLT_BLUETOOTH_HCI_H4              = 0xbb
+	DLT_BLUETOOTH_HCI_H4_WITH_PHDR    = 0xc9
+	DLT_CAN20B                        = 0xbe
+	DLT_CAN_SOCKETCAN                 = 0xe3
+	DLT_CHAOS                         = 0x5
+	DLT_CHDLC                         = 0x68
+	DLT_CISCO_IOS                     = 0x76
+	DLT_C_HDLC                        = 0x68
+	DLT_C_HDLC_WITH_DIR               = 0xcd
+	DLT_DBUS                          = 0xe7
+	DLT_DECT                          = 0xdd
+	DLT_DOCSIS                        = 0x8f
+	DLT_DVB_CI                        = 0xeb
+	DLT_ECONET                        = 0x73
+	DLT_EN10MB                        = 0x1
+	DLT_EN3MB                         = 0x2
+	DLT_ENC                           = 0x6d
+	DLT_ERF                           = 0xc5
+	DLT_ERF_ETH                       = 0xaf
+	DLT_ERF_POS                       = 0xb0
+	DLT_FC_2                          = 0xe0
+	DLT_FC_2_WITH_FRAME_DELIMS        = 0xe1
+	DLT_FDDI                          = 0xa
+	DLT_FLEXRAY                       = 0xd2
+	DLT_FRELAY                        = 0x6b
+	DLT_FRELAY_WITH_DIR               = 0xce
+	DLT_GCOM_SERIAL                   = 0xad
+	DLT_GCOM_T1E1                     = 0xac
+	DLT_GPF_F                         = 0xab
+	DLT_GPF_T                         = 0xaa
+	DLT_GPRS_LLC                      = 0xa9
+	DLT_GSMTAP_ABIS                   = 0xda
+	DLT_GSMTAP_UM                     = 0xd9
+	DLT_HHDLC                         = 0x79
+	DLT_IBM_SN                        = 0x92
+	DLT_IBM_SP                        = 0x91
+	DLT_IEEE802                       = 0x6
+	DLT_IEEE802_11                    = 0x69
+	DLT_IEEE802_11_RADIO              = 0x7f
+	DLT_IEEE802_11_RADIO_AVS          = 0xa3
+	DLT_IEEE802_15_4                  = 0xc3
+	DLT_IEEE802_15_4_LINUX            = 0xbf
+	DLT_IEEE802_15_4_NOFCS            = 0xe6
+	DLT_IEEE802_15_4_NONASK_PHY       = 0xd7
+	DLT_IEEE802_16_MAC_CPS            = 0xbc
+	DLT_IEEE802_16_MAC_CPS_RADIO      = 0xc1
+	DLT_IPFILTER                      = 0x74
+	DLT_IPMB                          = 0xc7
+	DLT_IPMB_LINUX                    = 0xd1
+	DLT_IPNET                         = 0xe2
+	DLT_IPOIB                         = 0xf2
+	DLT_IPV4                          = 0xe4
+	DLT_IPV6                          = 0xe5
+	DLT_IP_OVER_FC                    = 0x7a
+	DLT_JUNIPER_ATM1                  = 0x89
+	DLT_JUNIPER_ATM2                  = 0x87
+	DLT_JUNIPER_ATM_CEMIC             = 0xee
+	DLT_JUNIPER_CHDLC                 = 0xb5
+	DLT_JUNIPER_ES                    = 0x84
+	DLT_JUNIPER_ETHER                 = 0xb2
+	DLT_JUNIPER_FIBRECHANNEL          = 0xea
+	DLT_JUNIPER_FRELAY                = 0xb4
+	DLT_JUNIPER_GGSN                  = 0x85
+	DLT_JUNIPER_ISM                   = 0xc2
+	DLT_JUNIPER_MFR                   = 0x86
+	DLT_JUNIPER_MLFR                  = 0x83
+	DLT_JUNIPER_MLPPP                 = 0x82
+	DLT_JUNIPER_MONITOR               = 0xa4
+	DLT_JUNIPER_PIC_PEER              = 0xae
+	DLT_JUNIPER_PPP                   = 0xb3
+	DLT_JUNIPER_PPPOE                 = 0xa7
+	DLT_JUNIPER_PPPOE_ATM             = 0xa8
+	DLT_JUNIPER_SERVICES              = 0x88
+	DLT_JUNIPER_SRX_E2E               = 0xe9
+	DLT_JUNIPER_ST                    = 0xc8
+	DLT_JUNIPER_VP                    = 0xb7
+	DLT_JUNIPER_VS                    = 0xe8
+	DLT_LAPB_WITH_DIR                 = 0xcf
+	DLT_LAPD                          = 0xcb
+	DLT_LIN                           = 0xd4
+	DLT_LINUX_EVDEV                   = 0xd8
+	DLT_LINUX_IRDA                    = 0x90
+	DLT_LINUX_LAPD                    = 0xb1
+	DLT_LINUX_PPP_WITHDIRECTION       = 0xa6
+	DLT_LINUX_SLL                     = 0x71
+	DLT_LOOP                          = 0x6c
+	DLT_LTALK                         = 0x72
+	DLT_MATCHING_MAX                  = 0xf5
+	DLT_MATCHING_MIN                  = 0x68
+	DLT_MFR                           = 0xb6
+	DLT_MOST                          = 0xd3
+	DLT_MPEG_2_TS                     = 0xf3
+	DLT_MPLS                          = 0xdb
+	DLT_MTP2                          = 0x8c
+	DLT_MTP2_WITH_PHDR                = 0x8b
+	DLT_MTP3                          = 0x8d
+	DLT_MUX27010                      = 0xec
+	DLT_NETANALYZER                   = 0xf0
+	DLT_NETANALYZER_TRANSPARENT       = 0xf1
+	DLT_NFC_LLCP                      = 0xf5
+	DLT_NFLOG                         = 0xef
+	DLT_NG40                          = 0xf4
+	DLT_NULL                          = 0x0
+	DLT_PCI_EXP                       = 0x7d
+	DLT_PFLOG                         = 0x75
+	DLT_PFSYNC                        = 0x12
+	DLT_PPI                           = 0xc0
+	DLT_PPP                           = 0x9
+	DLT_PPP_BSDOS                     = 0x10
+	DLT_PPP_ETHER                     = 0x33
+	DLT_PPP_PPPD                      = 0xa6
+	DLT_PPP_SERIAL                    = 0x32
+	DLT_PPP_WITH_DIR                  = 0xcc
+	DLT_PPP_WITH_DIRECTION            = 0xa6
+	DLT_PRISM_HEADER                  = 0x77
+	DLT_PRONET                        = 0x4
+	DLT_RAIF1                         = 0xc6
+	DLT_RAW                           = 0xc
+	DLT_RIO                           = 0x7c
+	DLT_SCCP                          = 0x8e
+	DLT_SITA                          = 0xc4
+	DLT_SLIP                          = 0x8
+	DLT_SLIP_BSDOS                    = 0xf
+	DLT_STANAG_5066_D_PDU             = 0xed
+	DLT_SUNATM                        = 0x7b
+	DLT_SYMANTEC_FIREWALL             = 0x63
+	DLT_TZSP                          = 0x80
+	DLT_USB                           = 0xba
+	DLT_USB_LINUX                     = 0xbd
+	DLT_USB_LINUX_MMAPPED             = 0xdc
+	DLT_USER0                         = 0x93
+	DLT_USER1                         = 0x94
+	DLT_USER10                        = 0x9d
+	DLT_USER11                        = 0x9e
+	DLT_USER12                        = 0x9f
+	DLT_USER13                        = 0xa0
+	DLT_USER14                        = 0xa1
+	DLT_USER15                        = 0xa2
+	DLT_USER2                         = 0x95
+	DLT_USER3                         = 0x96
+	DLT_USER4                         = 0x97
+	DLT_USER5                         = 0x98
+	DLT_USER6                         = 0x99
+	DLT_USER7                         = 0x9a
+	DLT_USER8                         = 0x9b
+	DLT_USER9                         = 0x9c
+	DLT_WIHART                        = 0xdf
+	DLT_X2E_SERIAL                    = 0xd5
+	DLT_X2E_XORAYA                    = 0xd6
+	DT_BLK                            = 0x6
+	DT_CHR                            = 0x2
+	DT_DIR                            = 0x4
+	DT_FIFO                           = 0x1
+	DT_LNK                            = 0xa
+	DT_REG                            = 0x8
+	DT_SOCK                           = 0xc
+	DT_UNKNOWN                        = 0x0
+	DT_WHT                            = 0xe
+	ECHO                              = 0x8
+	ECHOCTL                           = 0x40
+	ECHOE                             = 0x2
+	ECHOK                             = 0x4
+	ECHOKE                            = 0x1
+	ECHONL                            = 0x10
+	ECHOPRT                           = 0x20
+	EVFILT_AIO                        = -0x3
+	EVFILT_EXCEPT                     = -0xf
+	EVFILT_FS                         = -0x9
+	EVFILT_MACHPORT                   = -0x8
+	EVFILT_PROC                       = -0x5
+	EVFILT_READ                       = -0x1
+	EVFILT_SIGNAL                     = -0x6
+	EVFILT_SYSCOUNT                   = 0xf
+	EVFILT_THREADMARKER               = 0xf
+	EVFILT_TIMER                      = -0x7
+	EVFILT_USER                       = -0xa
+	EVFILT_VM                         = -0xc
+	EVFILT_VNODE                      = -0x4
+	EVFILT_WRITE                      = -0x2
+	EV_ADD                            = 0x1
+	EV_CLEAR                          = 0x20
+	EV_DELETE                         = 0x2
+	EV_DISABLE                        = 0x8
+	EV_DISPATCH                       = 0x80
+	EV_DISPATCH2                      = 0x180
+	EV_ENABLE                         = 0x4
+	EV_EOF                            = 0x8000
+	EV_ERROR                          = 0x4000
+	EV_FLAG0                          = 0x1000
+	EV_FLAG1                          = 0x2000
+	EV_ONESHOT                        = 0x10
+	EV_OOBAND                         = 0x2000
+	EV_POLL                           = 0x1000
+	EV_RECEIPT                        = 0x40
+	EV_SYSFLAGS                       = 0xf000
+	EV_UDATA_SPECIFIC                 = 0x100
+	EV_VANISHED                       = 0x200
+	EXTA                              = 0x4b00
+	EXTB                              = 0x9600
+	EXTPROC                           = 0x800
+	FD_CLOEXEC                        = 0x1
+	FD_SETSIZE                        = 0x400
+	FF0                               = 0x0
+	FF1                               = 0x4000
+	FFDLY                             = 0x4000
+	FLUSHO                            = 0x800000
+	FSOPT_ATTR_CMN_EXTENDED           = 0x20
+	FSOPT_NOFOLLOW                    = 0x1
+	FSOPT_NOINMEMUPDATE               = 0x2
+	FSOPT_PACK_INVAL_ATTRS            = 0x8
+	FSOPT_REPORT_FULLSIZE             = 0x4
+	F_ADDFILESIGS                     = 0x3d
+	F_ADDFILESIGS_FOR_DYLD_SIM        = 0x53
+	F_ADDFILESIGS_RETURN              = 0x61
+	F_ADDSIGS                         = 0x3b
+	F_ALLOCATEALL                     = 0x4
+	F_ALLOCATECONTIG                  = 0x2
+	F_BARRIERFSYNC                    = 0x55
+	F_CHECK_LV                        = 0x62
+	F_CHKCLEAN                        = 0x29
+	F_DUPFD                           = 0x0
+	F_DUPFD_CLOEXEC                   = 0x43
+	F_FINDSIGS                        = 0x4e
+	F_FLUSH_DATA                      = 0x28
+	F_FREEZE_FS                       = 0x35
+	F_FULLFSYNC                       = 0x33
+	F_GETCODEDIR                      = 0x48
+	F_GETFD                           = 0x1
+	F_GETFL                           = 0x3
+	F_GETLK                           = 0x7
+	F_GETLKPID                        = 0x42
+	F_GETNOSIGPIPE                    = 0x4a
+	F_GETOWN                          = 0x5
+	F_GETPATH                         = 0x32
+	F_GETPATH_MTMINFO                 = 0x47
+	F_GETPROTECTIONCLASS              = 0x3f
+	F_GETPROTECTIONLEVEL              = 0x4d
+	F_GLOBAL_NOCACHE                  = 0x37
+	F_LOG2PHYS                        = 0x31
+	F_LOG2PHYS_EXT                    = 0x41
+	F_NOCACHE                         = 0x30
+	F_NODIRECT                        = 0x3e
+	F_OK                              = 0x0
+	F_PATHPKG_CHECK                   = 0x34
+	F_PEOFPOSMODE                     = 0x3
+	F_PREALLOCATE                     = 0x2a
+	F_PUNCHHOLE                       = 0x63
+	F_RDADVISE                        = 0x2c
+	F_RDAHEAD                         = 0x2d
+	F_RDLCK                           = 0x1
+	F_SETBACKINGSTORE                 = 0x46
+	F_SETFD                           = 0x2
+	F_SETFL                           = 0x4
+	F_SETLK                           = 0x8
+	F_SETLKW                          = 0x9
+	F_SETLKWTIMEOUT                   = 0xa
+	F_SETNOSIGPIPE                    = 0x49
+	F_SETOWN                          = 0x6
+	F_SETPROTECTIONCLASS              = 0x40
+	F_SETSIZE                         = 0x2b
+	F_SINGLE_WRITER                   = 0x4c
+	F_THAW_FS                         = 0x36
+	F_TRANSCODEKEY                    = 0x4b
+	F_TRIM_ACTIVE_FILE                = 0x64
+	F_UNLCK                           = 0x2
+	F_VOLPOSMODE                      = 0x4
+	F_WRLCK                           = 0x3
+	HUPCL                             = 0x4000
+	HW_MACHINE                        = 0x1
+	ICANON                            = 0x100
+	ICMP6_FILTER                      = 0x12
+	ICRNL                             = 0x100
+	IEXTEN                            = 0x400
+	IFF_ALLMULTI                      = 0x200
+	IFF_ALTPHYS                       = 0x4000
+	IFF_BROADCAST                     = 0x2
+	IFF_DEBUG                         = 0x4
+	IFF_LINK0                         = 0x1000
+	IFF_LINK1                         = 0x2000
+	IFF_LINK2                         = 0x4000
+	IFF_LOOPBACK                      = 0x8
+	IFF_MULTICAST                     = 0x8000
+	IFF_NOARP                         = 0x80
+	IFF_NOTRAILERS                    = 0x20
+	IFF_OACTIVE                       = 0x400
+	IFF_POINTOPOINT                   = 0x10
+	IFF_PROMISC                       = 0x100
+	IFF_RUNNING                       = 0x40
+	IFF_SIMPLEX                       = 0x800
+	IFF_UP                            = 0x1
+	IFNAMSIZ                          = 0x10
+	IFT_1822                          = 0x2
+	IFT_AAL5                          = 0x31
+	IFT_ARCNET                        = 0x23
+	IFT_ARCNETPLUS                    = 0x24
+	IFT_ATM                           = 0x25
+	IFT_BRIDGE                        = 0xd1
+	IFT_CARP                          = 0xf8
+	IFT_CELLULAR                      = 0xff
+	IFT_CEPT                          = 0x13
+	IFT_DS3                           = 0x1e
+	IFT_ENC                           = 0xf4
+	IFT_EON                           = 0x19
+	IFT_ETHER                         = 0x6
+	IFT_FAITH                         = 0x38
+	IFT_FDDI                          = 0xf
+	IFT_FRELAY                        = 0x20
+	IFT_FRELAYDCE                     = 0x2c
+	IFT_GIF                           = 0x37
+	IFT_HDH1822                       = 0x3
+	IFT_HIPPI                         = 0x2f
+	IFT_HSSI                          = 0x2e
+	IFT_HY                            = 0xe
+	IFT_IEEE1394                      = 0x90
+	IFT_IEEE8023ADLAG                 = 0x88
+	IFT_ISDNBASIC                     = 0x14
+	IFT_ISDNPRIMARY                   = 0x15
+	IFT_ISO88022LLC                   = 0x29
+	IFT_ISO88023                      = 0x7
+	IFT_ISO88024                      = 0x8
+	IFT_ISO88025                      = 0x9
+	IFT_ISO88026                      = 0xa
+	IFT_L2VLAN                        = 0x87
+	IFT_LAPB                          = 0x10
+	IFT_LOCALTALK                     = 0x2a
+	IFT_LOOP                          = 0x18
+	IFT_MIOX25                        = 0x26
+	IFT_MODEM                         = 0x30
+	IFT_NSIP                          = 0x1b
+	IFT_OTHER                         = 0x1
+	IFT_P10                           = 0xc
+	IFT_P80                           = 0xd
+	IFT_PARA                          = 0x22
+	IFT_PDP                           = 0xff
+	IFT_PFLOG                         = 0xf5
+	IFT_PFSYNC                        = 0xf6
+	IFT_PKTAP                         = 0xfe
+	IFT_PPP                           = 0x17
+	IFT_PROPMUX                       = 0x36
+	IFT_PROPVIRTUAL                   = 0x35
+	IFT_PTPSERIAL                     = 0x16
+	IFT_RS232                         = 0x21
+	IFT_SDLC                          = 0x11
+	IFT_SIP                           = 0x1f
+	IFT_SLIP                          = 0x1c
+	IFT_SMDSDXI                       = 0x2b
+	IFT_SMDSICIP                      = 0x34
+	IFT_SONET                         = 0x27
+	IFT_SONETPATH                     = 0x32
+	IFT_SONETVT                       = 0x33
+	IFT_STARLAN                       = 0xb
+	IFT_STF                           = 0x39
+	IFT_T1                            = 0x12
+	IFT_ULTRA                         = 0x1d
+	IFT_V35                           = 0x2d
+	IFT_X25                           = 0x5
+	IFT_X25DDN                        = 0x4
+	IFT_X25PLE                        = 0x28
+	IFT_XETHER                        = 0x1a
+	IGNBRK                            = 0x1
+	IGNCR                             = 0x80
+	IGNPAR                            = 0x4
+	IMAXBEL                           = 0x2000
+	INLCR                             = 0x40
+	INPCK                             = 0x10
+	IN_CLASSA_HOST                    = 0xffffff
+	IN_CLASSA_MAX                     = 0x80
+	IN_CLASSA_NET                     = 0xff000000
+	IN_CLASSA_NSHIFT                  = 0x18
+	IN_CLASSB_HOST                    = 0xffff
+	IN_CLASSB_MAX                     = 0x10000
+	IN_CLASSB_NET                     = 0xffff0000
+	IN_CLASSB_NSHIFT                  = 0x10
+	IN_CLASSC_HOST                    = 0xff
+	IN_CLASSC_NET                     = 0xffffff00
+	IN_CLASSC_NSHIFT                  = 0x8
+	IN_CLASSD_HOST                    = 0xfffffff
+	IN_CLASSD_NET                     = 0xf0000000
+	IN_CLASSD_NSHIFT                  = 0x1c
+	IN_LINKLOCALNETNUM                = 0xa9fe0000
+	IN_LOOPBACKNET                    = 0x7f
+	IPPROTO_3PC                       = 0x22
+	IPPROTO_ADFS                      = 0x44
+	IPPROTO_AH                        = 0x33
+	IPPROTO_AHIP                      = 0x3d
+	IPPROTO_APES                      = 0x63
+	IPPROTO_ARGUS                     = 0xd
+	IPPROTO_AX25                      = 0x5d
+	IPPROTO_BHA                       = 0x31
+	IPPROTO_BLT                       = 0x1e
+	IPPROTO_BRSATMON                  = 0x4c
+	IPPROTO_CFTP                      = 0x3e
+	IPPROTO_CHAOS                     = 0x10
+	IPPROTO_CMTP                      = 0x26
+	IPPROTO_CPHB                      = 0x49
+	IPPROTO_CPNX                      = 0x48
+	IPPROTO_DDP                       = 0x25
+	IPPROTO_DGP                       = 0x56
+	IPPROTO_DIVERT                    = 0xfe
+	IPPROTO_DONE                      = 0x101
+	IPPROTO_DSTOPTS                   = 0x3c
+	IPPROTO_EGP                       = 0x8
+	IPPROTO_EMCON                     = 0xe
+	IPPROTO_ENCAP                     = 0x62
+	IPPROTO_EON                       = 0x50
+	IPPROTO_ESP                       = 0x32
+	IPPROTO_ETHERIP                   = 0x61
+	IPPROTO_FRAGMENT                  = 0x2c
+	IPPROTO_GGP                       = 0x3
+	IPPROTO_GMTP                      = 0x64
+	IPPROTO_GRE                       = 0x2f
+	IPPROTO_HELLO                     = 0x3f
+	IPPROTO_HMP                       = 0x14
+	IPPROTO_HOPOPTS                   = 0x0
+	IPPROTO_ICMP                      = 0x1
+	IPPROTO_ICMPV6                    = 0x3a
+	IPPROTO_IDP                       = 0x16
+	IPPROTO_IDPR                      = 0x23
+	IPPROTO_IDRP                      = 0x2d
+	IPPROTO_IGMP                      = 0x2
+	IPPROTO_IGP                       = 0x55
+	IPPROTO_IGRP                      = 0x58
+	IPPROTO_IL                        = 0x28
+	IPPROTO_INLSP                     = 0x34
+	IPPROTO_INP                       = 0x20
+	IPPROTO_IP                        = 0x0
+	IPPROTO_IPCOMP                    = 0x6c
+	IPPROTO_IPCV                      = 0x47
+	IPPROTO_IPEIP                     = 0x5e
+	IPPROTO_IPIP                      = 0x4
+	IPPROTO_IPPC                      = 0x43
+	IPPROTO_IPV4                      = 0x4
+	IPPROTO_IPV6                      = 0x29
+	IPPROTO_IRTP                      = 0x1c
+	IPPROTO_KRYPTOLAN                 = 0x41
+	IPPROTO_LARP                      = 0x5b
+	IPPROTO_LEAF1                     = 0x19
+	IPPROTO_LEAF2                     = 0x1a
+	IPPROTO_MAX                       = 0x100
+	IPPROTO_MAXID                     = 0x34
+	IPPROTO_MEAS                      = 0x13
+	IPPROTO_MHRP                      = 0x30
+	IPPROTO_MICP                      = 0x5f
+	IPPROTO_MTP                       = 0x5c
+	IPPROTO_MUX                       = 0x12
+	IPPROTO_ND                        = 0x4d
+	IPPROTO_NHRP                      = 0x36
+	IPPROTO_NONE                      = 0x3b
+	IPPROTO_NSP                       = 0x1f
+	IPPROTO_NVPII                     = 0xb
+	IPPROTO_OSPFIGP                   = 0x59
+	IPPROTO_PGM                       = 0x71
+	IPPROTO_PIGP                      = 0x9
+	IPPROTO_PIM                       = 0x67
+	IPPROTO_PRM                       = 0x15
+	IPPROTO_PUP                       = 0xc
+	IPPROTO_PVP                       = 0x4b
+	IPPROTO_RAW                       = 0xff
+	IPPROTO_RCCMON                    = 0xa
+	IPPROTO_RDP                       = 0x1b
+	IPPROTO_ROUTING                   = 0x2b
+	IPPROTO_RSVP                      = 0x2e
+	IPPROTO_RVD                       = 0x42
+	IPPROTO_SATEXPAK                  = 0x40
+	IPPROTO_SATMON                    = 0x45
+	IPPROTO_SCCSP                     = 0x60
+	IPPROTO_SCTP                      = 0x84
+	IPPROTO_SDRP                      = 0x2a
+	IPPROTO_SEP                       = 0x21
+	IPPROTO_SRPC                      = 0x5a
+	IPPROTO_ST                        = 0x7
+	IPPROTO_SVMTP                     = 0x52
+	IPPROTO_SWIPE                     = 0x35
+	IPPROTO_TCF                       = 0x57
+	IPPROTO_TCP                       = 0x6
+	IPPROTO_TP                        = 0x1d
+	IPPROTO_TPXX                      = 0x27
+	IPPROTO_TRUNK1                    = 0x17
+	IPPROTO_TRUNK2                    = 0x18
+	IPPROTO_TTP                       = 0x54
+	IPPROTO_UDP                       = 0x11
+	IPPROTO_VINES                     = 0x53
+	IPPROTO_VISA                      = 0x46
+	IPPROTO_VMTP                      = 0x51
+	IPPROTO_WBEXPAK                   = 0x4f
+	IPPROTO_WBMON                     = 0x4e
+	IPPROTO_WSN                       = 0x4a
+	IPPROTO_XNET                      = 0xf
+	IPPROTO_XTP                       = 0x24
+	IPV6_2292DSTOPTS                  = 0x17
+	IPV6_2292HOPLIMIT                 = 0x14
+	IPV6_2292HOPOPTS                  = 0x16
+	IPV6_2292NEXTHOP                  = 0x15
+	IPV6_2292PKTINFO                  = 0x13
+	IPV6_2292PKTOPTIONS               = 0x19
+	IPV6_2292RTHDR                    = 0x18
+	IPV6_BINDV6ONLY                   = 0x1b
+	IPV6_BOUND_IF                     = 0x7d
+	IPV6_CHECKSUM                     = 0x1a
+	IPV6_DEFAULT_MULTICAST_HOPS       = 0x1
+	IPV6_DEFAULT_MULTICAST_LOOP       = 0x1
+	IPV6_DEFHLIM                      = 0x40
+	IPV6_FAITH                        = 0x1d
+	IPV6_FLOWINFO_MASK                = 0xffffff0f
+	IPV6_FLOWLABEL_MASK               = 0xffff0f00
+	IPV6_FLOW_ECN_MASK                = 0x300
+	IPV6_FRAGTTL                      = 0x3c
+	IPV6_FW_ADD                       = 0x1e
+	IPV6_FW_DEL                       = 0x1f
+	IPV6_FW_FLUSH                     = 0x20
+	IPV6_FW_GET                       = 0x22
+	IPV6_FW_ZERO                      = 0x21
+	IPV6_HLIMDEC                      = 0x1
+	IPV6_IPSEC_POLICY                 = 0x1c
+	IPV6_JOIN_GROUP                   = 0xc
+	IPV6_LEAVE_GROUP                  = 0xd
+	IPV6_MAXHLIM                      = 0xff
+	IPV6_MAXOPTHDR                    = 0x800
+	IPV6_MAXPACKET                    = 0xffff
+	IPV6_MAX_GROUP_SRC_FILTER         = 0x200
+	IPV6_MAX_MEMBERSHIPS              = 0xfff
+	IPV6_MAX_SOCK_SRC_FILTER          = 0x80
+	IPV6_MIN_MEMBERSHIPS              = 0x1f
+	IPV6_MMTU                         = 0x500
+	IPV6_MULTICAST_HOPS               = 0xa
+	IPV6_MULTICAST_IF                 = 0x9
+	IPV6_MULTICAST_LOOP               = 0xb
+	IPV6_PORTRANGE                    = 0xe
+	IPV6_PORTRANGE_DEFAULT            = 0x0
+	IPV6_PORTRANGE_HIGH               = 0x1
+	IPV6_PORTRANGE_LOW                = 0x2
+	IPV6_RECVTCLASS                   = 0x23
+	IPV6_RTHDR_LOOSE                  = 0x0
+	IPV6_RTHDR_STRICT                 = 0x1
+	IPV6_RTHDR_TYPE_0                 = 0x0
+	IPV6_SOCKOPT_RESERVED1            = 0x3
+	IPV6_TCLASS                       = 0x24
+	IPV6_UNICAST_HOPS                 = 0x4
+	IPV6_V6ONLY                       = 0x1b
+	IPV6_VERSION                      = 0x60
+	IPV6_VERSION_MASK                 = 0xf0
+	IP_ADD_MEMBERSHIP                 = 0xc
+	IP_ADD_SOURCE_MEMBERSHIP          = 0x46
+	IP_BLOCK_SOURCE                   = 0x48
+	IP_BOUND_IF                       = 0x19
+	IP_DEFAULT_MULTICAST_LOOP         = 0x1
+	IP_DEFAULT_MULTICAST_TTL          = 0x1
+	IP_DF                             = 0x4000
+	IP_DROP_MEMBERSHIP                = 0xd
+	IP_DROP_SOURCE_MEMBERSHIP         = 0x47
+	IP_DUMMYNET_CONFIGURE             = 0x3c
+	IP_DUMMYNET_DEL                   = 0x3d
+	IP_DUMMYNET_FLUSH                 = 0x3e
+	IP_DUMMYNET_GET                   = 0x40
+	IP_FAITH                          = 0x16
+	IP_FW_ADD                         = 0x28
+	IP_FW_DEL                         = 0x29
+	IP_FW_FLUSH                       = 0x2a
+	IP_FW_GET                         = 0x2c
+	IP_FW_RESETLOG                    = 0x2d
+	IP_FW_ZERO                        = 0x2b
+	IP_HDRINCL                        = 0x2
+	IP_IPSEC_POLICY                   = 0x15
+	IP_MAXPACKET                      = 0xffff
+	IP_MAX_GROUP_SRC_FILTER           = 0x200
+	IP_MAX_MEMBERSHIPS                = 0xfff
+	IP_MAX_SOCK_MUTE_FILTER           = 0x80
+	IP_MAX_SOCK_SRC_FILTER            = 0x80
+	IP_MF                             = 0x2000
+	IP_MIN_MEMBERSHIPS                = 0x1f
+	IP_MSFILTER                       = 0x4a
+	IP_MSS                            = 0x240
+	IP_MULTICAST_IF                   = 0x9
+	IP_MULTICAST_IFINDEX              = 0x42
+	IP_MULTICAST_LOOP                 = 0xb
+	IP_MULTICAST_TTL                  = 0xa
+	IP_MULTICAST_VIF                  = 0xe
+	IP_NAT__XXX                       = 0x37
+	IP_OFFMASK                        = 0x1fff
+	IP_OLD_FW_ADD                     = 0x32
+	IP_OLD_FW_DEL                     = 0x33
+	IP_OLD_FW_FLUSH                   = 0x34
+	IP_OLD_FW_GET                     = 0x36
+	IP_OLD_FW_RESETLOG                = 0x38
+	IP_OLD_FW_ZERO                    = 0x35
+	IP_OPTIONS                        = 0x1
+	IP_PKTINFO                        = 0x1a
+	IP_PORTRANGE                      = 0x13
+	IP_PORTRANGE_DEFAULT              = 0x0
+	IP_PORTRANGE_HIGH                 = 0x1
+	IP_PORTRANGE_LOW                  = 0x2
+	IP_RECVDSTADDR                    = 0x7
+	IP_RECVIF                         = 0x14
+	IP_RECVOPTS                       = 0x5
+	IP_RECVPKTINFO                    = 0x1a
+	IP_RECVRETOPTS                    = 0x6
+	IP_RECVTOS                        = 0x1b
+	IP_RECVTTL                        = 0x18
+	IP_RETOPTS                        = 0x8
+	IP_RF                             = 0x8000
+	IP_RSVP_OFF                       = 0x10
+	IP_RSVP_ON                        = 0xf
+	IP_RSVP_VIF_OFF                   = 0x12
+	IP_RSVP_VIF_ON                    = 0x11
+	IP_STRIPHDR                       = 0x17
+	IP_TOS                            = 0x3
+	IP_TRAFFIC_MGT_BACKGROUND         = 0x41
+	IP_TTL                            = 0x4
+	IP_UNBLOCK_SOURCE                 = 0x49
+	ISIG                              = 0x80
+	ISTRIP                            = 0x20
+	IUTF8                             = 0x4000
+	IXANY                             = 0x800
+	IXOFF                             = 0x400
+	IXON                              = 0x200
+	KERN_HOSTNAME                     = 0xa
+	KERN_OSRELEASE                    = 0x2
+	KERN_OSTYPE                       = 0x1
+	KERN_VERSION                      = 0x4
+	LOCK_EX                           = 0x2
+	LOCK_NB                           = 0x4
+	LOCK_SH                           = 0x1
+	LOCK_UN                           = 0x8
+	MADV_CAN_REUSE                    = 0x9
+	MADV_DONTNEED                     = 0x4
+	MADV_FREE                         = 0x5
+	MADV_FREE_REUSABLE                = 0x7
+	MADV_FREE_REUSE                   = 0x8
+	MADV_NORMAL                       = 0x0
+	MADV_PAGEOUT                      = 0xa
+	MADV_RANDOM                       = 0x1
+	MADV_SEQUENTIAL                   = 0x2
+	MADV_WILLNEED                     = 0x3
+	MADV_ZERO_WIRED_PAGES             = 0x6
+	MAP_ANON                          = 0x1000
+	MAP_ANONYMOUS                     = 0x1000
+	MAP_COPY                          = 0x2
+	MAP_FILE                          = 0x0
+	MAP_FIXED                         = 0x10
+	MAP_HASSEMAPHORE                  = 0x200
+	MAP_JIT                           = 0x800
+	MAP_NOCACHE                       = 0x400
+	MAP_NOEXTEND                      = 0x100
+	MAP_NORESERVE                     = 0x40
+	MAP_PRIVATE                       = 0x2
+	MAP_RENAME                        = 0x20
+	MAP_RESERVED0080                  = 0x80
+	MAP_RESILIENT_CODESIGN            = 0x2000
+	MAP_RESILIENT_MEDIA               = 0x4000
+	MAP_SHARED                        = 0x1
+	MCL_CURRENT                       = 0x1
+	MCL_FUTURE                        = 0x2
+	MNT_ASYNC                         = 0x40
+	MNT_AUTOMOUNTED                   = 0x400000
+	MNT_CMDFLAGS                      = 0xf0000
+	MNT_CPROTECT                      = 0x80
+	MNT_DEFWRITE                      = 0x2000000
+	MNT_DONTBROWSE                    = 0x100000
+	MNT_DOVOLFS                       = 0x8000
+	MNT_DWAIT                         = 0x4
+	MNT_EXPORTED                      = 0x100
+	MNT_FORCE                         = 0x80000
+	MNT_IGNORE_OWNERSHIP              = 0x200000
+	MNT_JOURNALED                     = 0x800000
+	MNT_LOCAL                         = 0x1000
+	MNT_MULTILABEL                    = 0x4000000
+	MNT_NOATIME                       = 0x10000000
+	MNT_NOBLOCK                       = 0x20000
+	MNT_NODEV                         = 0x10
+	MNT_NOEXEC                        = 0x4
+	MNT_NOSUID                        = 0x8
+	MNT_NOUSERXATTR                   = 0x1000000
+	MNT_NOWAIT                        = 0x2
+	MNT_QUARANTINE                    = 0x400
+	MNT_QUOTA                         = 0x2000
+	MNT_RDONLY                        = 0x1
+	MNT_RELOAD                        = 0x40000
+	MNT_ROOTFS                        = 0x4000
+	MNT_SYNCHRONOUS                   = 0x2
+	MNT_UNION                         = 0x20
+	MNT_UNKNOWNPERMISSIONS            = 0x200000
+	MNT_UPDATE                        = 0x10000
+	MNT_VISFLAGMASK                   = 0x17f0f5ff
+	MNT_WAIT                          = 0x1
+	MSG_CTRUNC                        = 0x20
+	MSG_DONTROUTE                     = 0x4
+	MSG_DONTWAIT                      = 0x80
+	MSG_EOF                           = 0x100
+	MSG_EOR                           = 0x8
+	MSG_FLUSH                         = 0x400
+	MSG_HAVEMORE                      = 0x2000
+	MSG_HOLD                          = 0x800
+	MSG_NEEDSA                        = 0x10000
+	MSG_OOB                           = 0x1
+	MSG_PEEK                          = 0x2
+	MSG_RCVMORE                       = 0x4000
+	MSG_SEND                          = 0x1000
+	MSG_TRUNC                         = 0x10
+	MSG_WAITALL                       = 0x40
+	MSG_WAITSTREAM                    = 0x200
+	MS_ASYNC                          = 0x1
+	MS_DEACTIVATE                     = 0x8
+	MS_INVALIDATE                     = 0x2
+	MS_KILLPAGES                      = 0x4
+	MS_SYNC                           = 0x10
+	NAME_MAX                          = 0xff
+	NET_RT_DUMP                       = 0x1
+	NET_RT_DUMP2                      = 0x7
+	NET_RT_FLAGS                      = 0x2
+	NET_RT_IFLIST                     = 0x3
+	NET_RT_IFLIST2                    = 0x6
+	NET_RT_MAXID                      = 0xa
+	NET_RT_STAT                       = 0x4
+	NET_RT_TRASH                      = 0x5
+	NFDBITS                           = 0x20
+	NL0                               = 0x0
+	NL1                               = 0x100
+	NL2                               = 0x200
+	NL3                               = 0x300
+	NLDLY                             = 0x300
+	NOFLSH                            = 0x80000000
+	NOKERNINFO                        = 0x2000000
+	NOTE_ABSOLUTE                     = 0x8
+	NOTE_ATTRIB                       = 0x8
+	NOTE_BACKGROUND                   = 0x40
+	NOTE_CHILD                        = 0x4
+	NOTE_CRITICAL                     = 0x20
+	NOTE_DELETE                       = 0x1
+	NOTE_EXEC                         = 0x20000000
+	NOTE_EXIT                         = 0x80000000
+	NOTE_EXITSTATUS                   = 0x4000000
+	NOTE_EXIT_CSERROR                 = 0x40000
+	NOTE_EXIT_DECRYPTFAIL             = 0x10000
+	NOTE_EXIT_DETAIL                  = 0x2000000
+	NOTE_EXIT_DETAIL_MASK             = 0x70000
+	NOTE_EXIT_MEMORY                  = 0x20000
+	NOTE_EXIT_REPARENTED              = 0x80000
+	NOTE_EXTEND                       = 0x4
+	NOTE_FFAND                        = 0x40000000
+	NOTE_FFCOPY                       = 0xc0000000
+	NOTE_FFCTRLMASK                   = 0xc0000000
+	NOTE_FFLAGSMASK                   = 0xffffff
+	NOTE_FFNOP                        = 0x0
+	NOTE_FFOR                         = 0x80000000
+	NOTE_FORK                         = 0x40000000
+	NOTE_FUNLOCK                      = 0x100
+	NOTE_LEEWAY                       = 0x10
+	NOTE_LINK                         = 0x10
+	NOTE_LOWAT                        = 0x1
+	NOTE_MACH_CONTINUOUS_TIME         = 0x80
+	NOTE_NONE                         = 0x80
+	NOTE_NSECONDS                     = 0x4
+	NOTE_OOB                          = 0x2
+	NOTE_PCTRLMASK                    = -0x100000
+	NOTE_PDATAMASK                    = 0xfffff
+	NOTE_REAP                         = 0x10000000
+	NOTE_RENAME                       = 0x20
+	NOTE_REVOKE                       = 0x40
+	NOTE_SECONDS                      = 0x1
+	NOTE_SIGNAL                       = 0x8000000
+	NOTE_TRACK                        = 0x1
+	NOTE_TRACKERR                     = 0x2
+	NOTE_TRIGGER                      = 0x1000000
+	NOTE_USECONDS                     = 0x2
+	NOTE_VM_ERROR                     = 0x10000000
+	NOTE_VM_PRESSURE                  = 0x80000000
+	NOTE_VM_PRESSURE_SUDDEN_TERMINATE = 0x20000000
+	NOTE_VM_PRESSURE_TERMINATE        = 0x40000000
+	NOTE_WRITE                        = 0x2
+	OCRNL                             = 0x10
+	OFDEL                             = 0x20000
+	OFILL                             = 0x80
+	ONLCR                             = 0x2
+	ONLRET                            = 0x40
+	ONOCR                             = 0x20
+	ONOEOT                            = 0x8
+	OPOST                             = 0x1
+	OXTABS                            = 0x4
+	O_ACCMODE                         = 0x3
+	O_ALERT                           = 0x20000000
+	O_APPEND                          = 0x8
+	O_ASYNC                           = 0x40
+	O_CLOEXEC                         = 0x1000000
+	O_CREAT                           = 0x200
+	O_DIRECTORY                       = 0x100000
+	O_DP_GETRAWENCRYPTED              = 0x1
+	O_DP_GETRAWUNENCRYPTED            = 0x2
+	O_DSYNC                           = 0x400000
+	O_EVTONLY                         = 0x8000
+	O_EXCL                            = 0x800
+	O_EXLOCK                          = 0x20
+	O_FSYNC                           = 0x80
+	O_NDELAY                          = 0x4
+	O_NOCTTY                          = 0x20000
+	O_NOFOLLOW                        = 0x100
+	O_NONBLOCK                        = 0x4
+	O_POPUP                           = 0x80000000
+	O_RDONLY                          = 0x0
+	O_RDWR                            = 0x2
+	O_SHLOCK                          = 0x10
+	O_SYMLINK                         = 0x200000
+	O_SYNC                            = 0x80
+	O_TRUNC                           = 0x400
+	O_WRONLY                          = 0x1
+	PARENB                            = 0x1000
+	PARMRK                            = 0x8
+	PARODD                            = 0x2000
+	PENDIN                            = 0x20000000
+	PRIO_PGRP                         = 0x1
+	PRIO_PROCESS                      = 0x0
+	PRIO_USER                         = 0x2
+	PROT_EXEC                         = 0x4
+	PROT_NONE                         = 0x0
+	PROT_READ                         = 0x1
+	PROT_WRITE                        = 0x2
+	PT_ATTACH                         = 0xa
+	PT_ATTACHEXC                      = 0xe
+	PT_CONTINUE                       = 0x7
+	PT_DENY_ATTACH                    = 0x1f
+	PT_DETACH                         = 0xb
+	PT_FIRSTMACH                      = 0x20
+	PT_FORCEQUOTA                     = 0x1e
+	PT_KILL                           = 0x8
+	PT_READ_D                         = 0x2
+	PT_READ_I                         = 0x1
+	PT_READ_U                         = 0x3
+	PT_SIGEXC                         = 0xc
+	PT_STEP                           = 0x9
+	PT_THUPDATE                       = 0xd
+	PT_TRACE_ME                       = 0x0
+	PT_WRITE_D                        = 0x5
+	PT_WRITE_I                        = 0x4
+	PT_WRITE_U                        = 0x6
+	RLIMIT_AS                         = 0x5
+	RLIMIT_CORE                       = 0x4
+	RLIMIT_CPU                        = 0x0
+	RLIMIT_CPU_USAGE_MONITOR          = 0x2
+	RLIMIT_DATA                       = 0x2
+	RLIMIT_FSIZE                      = 0x1
+	RLIMIT_MEMLOCK                    = 0x6
+	RLIMIT_NOFILE                     = 0x8
+	RLIMIT_NPROC                      = 0x7
+	RLIMIT_RSS                        = 0x5
+	RLIMIT_STACK                      = 0x3
+	RLIM_INFINITY                     = 0x7fffffffffffffff
+	RTAX_AUTHOR                       = 0x6
+	RTAX_BRD                          = 0x7
+	RTAX_DST                          = 0x0
+	RTAX_GATEWAY                      = 0x1
+	RTAX_GENMASK                      = 0x3
+	RTAX_IFA                          = 0x5
+	RTAX_IFP                          = 0x4
+	RTAX_MAX                          = 0x8
+	RTAX_NETMASK                      = 0x2
+	RTA_AUTHOR                        = 0x40
+	RTA_BRD                           = 0x80
+	RTA_DST                           = 0x1
+	RTA_GATEWAY                       = 0x2
+	RTA_GENMASK                       = 0x8
+	RTA_IFA                           = 0x20
+	RTA_IFP                           = 0x10
+	RTA_NETMASK                       = 0x4
+	RTF_BLACKHOLE                     = 0x1000
+	RTF_BROADCAST                     = 0x400000
+	RTF_CLONING                       = 0x100
+	RTF_CONDEMNED                     = 0x2000000
+	RTF_DELCLONE                      = 0x80
+	RTF_DONE                          = 0x40
+	RTF_DYNAMIC                       = 0x10
+	RTF_GATEWAY                       = 0x2
+	RTF_HOST                          = 0x4
+	RTF_IFREF                         = 0x4000000
+	RTF_IFSCOPE                       = 0x1000000
+	RTF_LLINFO                        = 0x400
+	RTF_LOCAL                         = 0x200000
+	RTF_MODIFIED                      = 0x20
+	RTF_MULTICAST                     = 0x800000
+	RTF_NOIFREF                       = 0x2000
+	RTF_PINNED                        = 0x100000
+	RTF_PRCLONING                     = 0x10000
+	RTF_PROTO1                        = 0x8000
+	RTF_PROTO2                        = 0x4000
+	RTF_PROTO3                        = 0x40000
+	RTF_PROXY                         = 0x8000000
+	RTF_REJECT                        = 0x8
+	RTF_ROUTER                        = 0x10000000
+	RTF_STATIC                        = 0x800
+	RTF_UP                            = 0x1
+	RTF_WASCLONED                     = 0x20000
+	RTF_XRESOLVE                      = 0x200
+	RTM_ADD                           = 0x1
+	RTM_CHANGE                        = 0x3
+	RTM_DELADDR                       = 0xd
+	RTM_DELETE                        = 0x2
+	RTM_DELMADDR                      = 0x10
+	RTM_GET                           = 0x4
+	RTM_GET2                          = 0x14
+	RTM_IFINFO                        = 0xe
+	RTM_IFINFO2                       = 0x12
+	RTM_LOCK                          = 0x8
+	RTM_LOSING                        = 0x5
+	RTM_MISS                          = 0x7
+	RTM_NEWADDR                       = 0xc
+	RTM_NEWMADDR                      = 0xf
+	RTM_NEWMADDR2                     = 0x13
+	RTM_OLDADD                        = 0x9
+	RTM_OLDDEL                        = 0xa
+	RTM_REDIRECT                      = 0x6
+	RTM_RESOLVE                       = 0xb
+	RTM_RTTUNIT                       = 0xf4240
+	RTM_VERSION                       = 0x5
+	RTV_EXPIRE                        = 0x4
+	RTV_HOPCOUNT                      = 0x2
+	RTV_MTU                           = 0x1
+	RTV_RPIPE                         = 0x8
+	RTV_RTT                           = 0x40
+	RTV_RTTVAR                        = 0x80
+	RTV_SPIPE                         = 0x10
+	RTV_SSTHRESH                      = 0x20
+	RUSAGE_CHILDREN                   = -0x1
+	RUSAGE_SELF                       = 0x0
+	SCM_CREDS                         = 0x3
+	SCM_RIGHTS                        = 0x1
+	SCM_TIMESTAMP                     = 0x2
+	SCM_TIMESTAMP_MONOTONIC           = 0x4
+	SHUT_RD                           = 0x0
+	SHUT_RDWR                         = 0x2
+	SHUT_WR                           = 0x1
+	SIOCADDMULTI                      = 0x80206931
+	SIOCAIFADDR                       = 0x8040691a
+	SIOCARPIPLL                       = 0xc0206928
+	SIOCATMARK                        = 0x40047307
+	SIOCAUTOADDR                      = 0xc0206926
+	SIOCAUTONETMASK                   = 0x80206927
+	SIOCDELMULTI                      = 0x80206932
+	SIOCDIFADDR                       = 0x80206919
+	SIOCDIFPHYADDR                    = 0x80206941
+	SIOCGDRVSPEC                      = 0xc028697b
+	SIOCGETVLAN                       = 0xc020697f
+	SIOCGHIWAT                        = 0x40047301
+	SIOCGIFADDR                       = 0xc0206921
+	SIOCGIFALTMTU                     = 0xc0206948
+	SIOCGIFASYNCMAP                   = 0xc020697c
+	SIOCGIFBOND                       = 0xc0206947
+	SIOCGIFBRDADDR                    = 0xc0206923
+	SIOCGIFCAP                        = 0xc020695b
+	SIOCGIFCONF                       = 0xc00c6924
+	SIOCGIFDEVMTU                     = 0xc0206944
+	SIOCGIFDSTADDR                    = 0xc0206922
+	SIOCGIFFLAGS                      = 0xc0206911
+	SIOCGIFGENERIC                    = 0xc020693a
+	SIOCGIFKPI                        = 0xc0206987
+	SIOCGIFMAC                        = 0xc0206982
+	SIOCGIFMEDIA                      = 0xc02c6938
+	SIOCGIFMETRIC                     = 0xc0206917
+	SIOCGIFMTU                        = 0xc0206933
+	SIOCGIFNETMASK                    = 0xc0206925
+	SIOCGIFPDSTADDR                   = 0xc0206940
+	SIOCGIFPHYS                       = 0xc0206935
+	SIOCGIFPSRCADDR                   = 0xc020693f
+	SIOCGIFSTATUS                     = 0xc331693d
+	SIOCGIFVLAN                       = 0xc020697f
+	SIOCGIFWAKEFLAGS                  = 0xc0206988
+	SIOCGLOWAT                        = 0x40047303
+	SIOCGPGRP                         = 0x40047309
+	SIOCIFCREATE                      = 0xc0206978
+	SIOCIFCREATE2                     = 0xc020697a
+	SIOCIFDESTROY                     = 0x80206979
+	SIOCIFGCLONERS                    = 0xc0106981
+	SIOCRSLVMULTI                     = 0xc010693b
+	SIOCSDRVSPEC                      = 0x8028697b
+	SIOCSETVLAN                       = 0x8020697e
+	SIOCSHIWAT                        = 0x80047300
+	SIOCSIFADDR                       = 0x8020690c
+	SIOCSIFALTMTU                     = 0x80206945
+	SIOCSIFASYNCMAP                   = 0x8020697d
+	SIOCSIFBOND                       = 0x80206946
+	SIOCSIFBRDADDR                    = 0x80206913
+	SIOCSIFCAP                        = 0x8020695a
+	SIOCSIFDSTADDR                    = 0x8020690e
+	SIOCSIFFLAGS                      = 0x80206910
+	SIOCSIFGENERIC                    = 0x80206939
+	SIOCSIFKPI                        = 0x80206986
+	SIOCSIFLLADDR                     = 0x8020693c
+	SIOCSIFMAC                        = 0x80206983
+	SIOCSIFMEDIA                      = 0xc0206937
+	SIOCSIFMETRIC                     = 0x80206918
+	SIOCSIFMTU                        = 0x80206934
+	SIOCSIFNETMASK                    = 0x80206916
+	SIOCSIFPHYADDR                    = 0x8040693e
+	SIOCSIFPHYS                       = 0x80206936
+	SIOCSIFVLAN                       = 0x8020697e
+	SIOCSLOWAT                        = 0x80047302
+	SIOCSPGRP                         = 0x80047308
+	SOCK_DGRAM                        = 0x2
+	SOCK_MAXADDRLEN                   = 0xff
+	SOCK_RAW                          = 0x3
+	SOCK_RDM                          = 0x4
+	SOCK_SEQPACKET                    = 0x5
+	SOCK_STREAM                       = 0x1
+	SOL_SOCKET                        = 0xffff
+	SOMAXCONN                         = 0x80
+	SO_ACCEPTCONN                     = 0x2
+	SO_BROADCAST                      = 0x20
+	SO_DEBUG                          = 0x1
+	SO_DONTROUTE                      = 0x10
+	SO_DONTTRUNC                      = 0x2000
+	SO_ERROR                          = 0x1007
+	SO_KEEPALIVE                      = 0x8
+	SO_LABEL                          = 0x1010
+	SO_LINGER                         = 0x80
+	SO_LINGER_SEC                     = 0x1080
+	SO_NETSVC_MARKING_LEVEL           = 0x1119
+	SO_NET_SERVICE_TYPE               = 0x1116
+	SO_NKE                            = 0x1021
+	SO_NOADDRERR                      = 0x1023
+	SO_NOSIGPIPE                      = 0x1022
+	SO_NOTIFYCONFLICT                 = 0x1026
+	SO_NP_EXTENSIONS                  = 0x1083
+	SO_NREAD                          = 0x1020
+	SO_NUMRCVPKT                      = 0x1112
+	SO_NWRITE                         = 0x1024
+	SO_OOBINLINE                      = 0x100
+	SO_PEERLABEL                      = 0x1011
+	SO_RANDOMPORT                     = 0x1082
+	SO_RCVBUF                         = 0x1002
+	SO_RCVLOWAT                       = 0x1004
+	SO_RCVTIMEO                       = 0x1006
+	SO_REUSEADDR                      = 0x4
+	SO_REUSEPORT                      = 0x200
+	SO_REUSESHAREUID                  = 0x1025
+	SO_SNDBUF                         = 0x1001
+	SO_SNDLOWAT                       = 0x1003
+	SO_SNDTIMEO                       = 0x1005
+	SO_TIMESTAMP                      = 0x400
+	SO_TIMESTAMP_MONOTONIC            = 0x800
+	SO_TYPE                           = 0x1008
+	SO_UPCALLCLOSEWAIT                = 0x1027
+	SO_USELOOPBACK                    = 0x40
+	SO_WANTMORE                       = 0x4000
+	SO_WANTOOBFLAG                    = 0x8000
+	S_IEXEC                           = 0x40
+	S_IFBLK                           = 0x6000
+	S_IFCHR                           = 0x2000
+	S_IFDIR                           = 0x4000
+	S_IFIFO                           = 0x1000
+	S_IFLNK                           = 0xa000
+	S_IFMT                            = 0xf000
+	S_IFREG                           = 0x8000
+	S_IFSOCK                          = 0xc000
+	S_IFWHT                           = 0xe000
+	S_IREAD                           = 0x100
+	S_IRGRP                           = 0x20
+	S_IROTH                           = 0x4
+	S_IRUSR                           = 0x100
+	S_IRWXG                           = 0x38
+	S_IRWXO                           = 0x7
+	S_IRWXU                           = 0x1c0
+	S_ISGID                           = 0x400
+	S_ISTXT                           = 0x200
+	S_ISUID                           = 0x800
+	S_ISVTX                           = 0x200
+	S_IWGRP                           = 0x10
+	S_IWOTH                           = 0x2
+	S_IWRITE                          = 0x80
+	S_IWUSR                           = 0x80
+	S_IXGRP                           = 0x8
+	S_IXOTH                           = 0x1
+	S_IXUSR                           = 0x40
+	TAB0                              = 0x0
+	TAB1                              = 0x400
+	TAB2                              = 0x800
+	TAB3                              = 0x4
+	TABDLY                            = 0xc04
+	TCIFLUSH                          = 0x1
+	TCIOFF                            = 0x3
+	TCIOFLUSH                         = 0x3
+	TCION                             = 0x4
+	TCOFLUSH                          = 0x2
+	TCOOFF                            = 0x1
+	TCOON                             = 0x2
+	TCP_CONNECTIONTIMEOUT             = 0x20
+	TCP_CONNECTION_INFO               = 0x106
+	TCP_ENABLE_ECN                    = 0x104
+	TCP_FASTOPEN                      = 0x105
+	TCP_KEEPALIVE                     = 0x10
+	TCP_KEEPCNT                       = 0x102
+	TCP_KEEPINTVL                     = 0x101
+	TCP_MAXHLEN                       = 0x3c
+	TCP_MAXOLEN                       = 0x28
+	TCP_MAXSEG                        = 0x2
+	TCP_MAXWIN                        = 0xffff
+	TCP_MAX_SACK                      = 0x4
+	TCP_MAX_WINSHIFT                  = 0xe
+	TCP_MINMSS                        = 0xd8
+	TCP_MSS                           = 0x200
+	TCP_NODELAY                       = 0x1
+	TCP_NOOPT                         = 0x8
+	TCP_NOPUSH                        = 0x4
+	TCP_NOTSENT_LOWAT                 = 0x201
+	TCP_RXT_CONNDROPTIME              = 0x80
+	TCP_RXT_FINDROP                   = 0x100
+	TCP_SENDMOREACKS                  = 0x103
+	TCSAFLUSH                         = 0x2
+	TIOCCBRK                          = 0x2000747a
+	TIOCCDTR                          = 0x20007478
+	TIOCCONS                          = 0x80047462
+	TIOCDCDTIMESTAMP                  = 0x40107458
+	TIOCDRAIN                         = 0x2000745e
+	TIOCDSIMICROCODE                  = 0x20007455
+	TIOCEXCL                          = 0x2000740d
+	TIOCEXT                           = 0x80047460
+	TIOCFLUSH                         = 0x80047410
+	TIOCGDRAINWAIT                    = 0x40047456
+	TIOCGETA                          = 0x40487413
+	TIOCGETD                          = 0x4004741a
+	TIOCGPGRP                         = 0x40047477
+	TIOCGWINSZ                        = 0x40087468
+	TIOCIXOFF                         = 0x20007480
+	TIOCIXON                          = 0x20007481
+	TIOCMBIC                          = 0x8004746b
+	TIOCMBIS                          = 0x8004746c
+	TIOCMGDTRWAIT                     = 0x4004745a
+	TIOCMGET                          = 0x4004746a
+	TIOCMODG                          = 0x40047403
+	TIOCMODS                          = 0x80047404
+	TIOCMSDTRWAIT                     = 0x8004745b
+	TIOCMSET                          = 0x8004746d
+	TIOCM_CAR                         = 0x40
+	TIOCM_CD                          = 0x40
+	TIOCM_CTS                         = 0x20
+	TIOCM_DSR                         = 0x100
+	TIOCM_DTR                         = 0x2
+	TIOCM_LE                          = 0x1
+	TIOCM_RI                          = 0x80
+	TIOCM_RNG                         = 0x80
+	TIOCM_RTS                         = 0x4
+	TIOCM_SR                          = 0x10
+	TIOCM_ST                          = 0x8
+	TIOCNOTTY                         = 0x20007471
+	TIOCNXCL                          = 0x2000740e
+	TIOCOUTQ                          = 0x40047473
+	TIOCPKT                           = 0x80047470
+	TIOCPKT_DATA                      = 0x0
+	TIOCPKT_DOSTOP                    = 0x20
+	TIOCPKT_FLUSHREAD                 = 0x1
+	TIOCPKT_FLUSHWRITE                = 0x2
+	TIOCPKT_IOCTL                     = 0x40
+	TIOCPKT_NOSTOP                    = 0x10
+	TIOCPKT_START                     = 0x8
+	TIOCPKT_STOP                      = 0x4
+	TIOCPTYGNAME                      = 0x40807453
+	TIOCPTYGRANT                      = 0x20007454
+	TIOCPTYUNLK                       = 0x20007452
+	TIOCREMOTE                        = 0x80047469
+	TIOCSBRK                          = 0x2000747b
+	TIOCSCONS                         = 0x20007463
+	TIOCSCTTY                         = 0x20007461
+	TIOCSDRAINWAIT                    = 0x80047457
+	TIOCSDTR                          = 0x20007479
+	TIOCSETA                          = 0x80487414
+	TIOCSETAF                         = 0x80487416
+	TIOCSETAW                         = 0x80487415
+	TIOCSETD                          = 0x8004741b
+	TIOCSIG                           = 0x2000745f
+	TIOCSPGRP                         = 0x80047476
+	TIOCSTART                         = 0x2000746e
+	TIOCSTAT                          = 0x20007465
+	TIOCSTI                           = 0x80017472
+	TIOCSTOP                          = 0x2000746f
+	TIOCSWINSZ                        = 0x80087467
+	TIOCTIMESTAMP                     = 0x40107459
+	TIOCUCNTL                         = 0x80047466
+	TOSTOP                            = 0x400000
+	VDISCARD                          = 0xf
+	VDSUSP                            = 0xb
+	VEOF                              = 0x0
+	VEOL                              = 0x1
+	VEOL2                             = 0x2
+	VERASE                            = 0x3
+	VINTR                             = 0x8
+	VKILL                             = 0x5
+	VLNEXT                            = 0xe
+	VMIN                              = 0x10
+	VM_LOADAVG                        = 0x2
+	VM_MACHFACTOR                     = 0x4
+	VM_MAXID                          = 0x6
+	VM_METER                          = 0x1
+	VM_SWAPUSAGE                      = 0x5
+	VQUIT                             = 0x9
+	VREPRINT                          = 0x6
+	VSTART                            = 0xc
+	VSTATUS                           = 0x12
+	VSTOP                             = 0xd
+	VSUSP                             = 0xa
+	VT0                               = 0x0
+	VT1                               = 0x10000
+	VTDLY                             = 0x10000
+	VTIME                             = 0x11
+	VWERASE                           = 0x4
+	WCONTINUED                        = 0x10
+	WCOREFLAG                         = 0x80
+	WEXITED                           = 0x4
+	WNOHANG                           = 0x1
+	WNOWAIT                           = 0x20
+	WORDSIZE                          = 0x40
+	WSTOPPED                          = 0x8
+	WUNTRACED                         = 0x2
+	XATTR_CREATE                      = 0x2
+	XATTR_NODEFAULT                   = 0x10
+	XATTR_NOFOLLOW                    = 0x1
+	XATTR_NOSECURITY                  = 0x8
+	XATTR_REPLACE                     = 0x4
+	XATTR_SHOWCOMPRESSION             = 0x20
+)
+
+// Errors
+const (
+	E2BIG           = syscall.Errno(0x7)
+	EACCES          = syscall.Errno(0xd)
+	EADDRINUSE      = syscall.Errno(0x30)
+	EADDRNOTAVAIL   = syscall.Errno(0x31)
+	EAFNOSUPPORT    = syscall.Errno(0x2f)
+	EAGAIN          = syscall.Errno(0x23)
+	EALREADY        = syscall.Errno(0x25)
+	EAUTH           = syscall.Errno(0x50)
+	EBADARCH        = syscall.Errno(0x56)
+	EBADEXEC        = syscall.Errno(0x55)
+	EBADF           = syscall.Errno(0x9)
+	EBADMACHO       = syscall.Errno(0x58)
+	EBADMSG         = syscall.Errno(0x5e)
+	EBADRPC         = syscall.Errno(0x48)
+	EBUSY           = syscall.Errno(0x10)
+	ECANCELED       = syscall.Errno(0x59)
+	ECHILD          = syscall.Errno(0xa)
+	ECONNABORTED    = syscall.Errno(0x35)
+	ECONNREFUSED    = syscall.Errno(0x3d)
+	ECONNRESET      = syscall.Errno(0x36)
+	EDEADLK         = syscall.Errno(0xb)
+	EDESTADDRREQ    = syscall.Errno(0x27)
+	EDEVERR         = syscall.Errno(0x53)
+	EDOM            = syscall.Errno(0x21)
+	EDQUOT          = syscall.Errno(0x45)
+	EEXIST          = syscall.Errno(0x11)
+	EFAULT          = syscall.Errno(0xe)
+	EFBIG           = syscall.Errno(0x1b)
+	EFTYPE          = syscall.Errno(0x4f)
+	EHOSTDOWN       = syscall.Errno(0x40)
+	EHOSTUNREACH    = syscall.Errno(0x41)
+	EIDRM           = syscall.Errno(0x5a)
+	EILSEQ          = syscall.Errno(0x5c)
+	EINPROGRESS     = syscall.Errno(0x24)
+	EINTR           = syscall.Errno(0x4)
+	EINVAL          = syscall.Errno(0x16)
+	EIO             = syscall.Errno(0x5)
+	EISCONN         = syscall.Errno(0x38)
+	EISDIR          = syscall.Errno(0x15)
+	ELAST           = syscall.Errno(0x6a)
+	ELOOP           = syscall.Errno(0x3e)
+	EMFILE          = syscall.Errno(0x18)
+	EMLINK          = syscall.Errno(0x1f)
+	EMSGSIZE        = syscall.Errno(0x28)
+	EMULTIHOP       = syscall.Errno(0x5f)
+	ENAMETOOLONG    = syscall.Errno(0x3f)
+	ENEEDAUTH       = syscall.Errno(0x51)
+	ENETDOWN        = syscall.Errno(0x32)
+	ENETRESET       = syscall.Errno(0x34)
+	ENETUNREACH     = syscall.Errno(0x33)
+	ENFILE          = syscall.Errno(0x17)
+	ENOATTR         = syscall.Errno(0x5d)
+	ENOBUFS         = syscall.Errno(0x37)
+	ENODATA         = syscall.Errno(0x60)
+	ENODEV          = syscall.Errno(0x13)
+	ENOENT          = syscall.Errno(0x2)
+	ENOEXEC         = syscall.Errno(0x8)
+	ENOLCK          = syscall.Errno(0x4d)
+	ENOLINK         = syscall.Errno(0x61)
+	ENOMEM          = syscall.Errno(0xc)
+	ENOMSG          = syscall.Errno(0x5b)
+	ENOPOLICY       = syscall.Errno(0x67)
+	ENOPROTOOPT     = syscall.Errno(0x2a)
+	ENOSPC          = syscall.Errno(0x1c)
+	ENOSR           = syscall.Errno(0x62)
+	ENOSTR          = syscall.Errno(0x63)
+	ENOSYS          = syscall.Errno(0x4e)
+	ENOTBLK         = syscall.Errno(0xf)
+	ENOTCONN        = syscall.Errno(0x39)
+	ENOTDIR         = syscall.Errno(0x14)
+	ENOTEMPTY       = syscall.Errno(0x42)
+	ENOTRECOVERABLE = syscall.Errno(0x68)
+	ENOTSOCK        = syscall.Errno(0x26)
+	ENOTSUP         = syscall.Errno(0x2d)
+	ENOTTY          = syscall.Errno(0x19)
+	ENXIO           = syscall.Errno(0x6)
+	EOPNOTSUPP      = syscall.Errno(0x66)
+	EOVERFLOW       = syscall.Errno(0x54)
+	EOWNERDEAD      = syscall.Errno(0x69)
+	EPERM           = syscall.Errno(0x1)
+	EPFNOSUPPORT    = syscall.Errno(0x2e)
+	EPIPE           = syscall.Errno(0x20)
+	EPROCLIM        = syscall.Errno(0x43)
+	EPROCUNAVAIL    = syscall.Errno(0x4c)
+	EPROGMISMATCH   = syscall.Errno(0x4b)
+	EPROGUNAVAIL    = syscall.Errno(0x4a)
+	EPROTO          = syscall.Errno(0x64)
+	EPROTONOSUPPORT = syscall.Errno(0x2b)
+	EPROTOTYPE      = syscall.Errno(0x29)
+	EPWROFF         = syscall.Errno(0x52)
+	EQFULL          = syscall.Errno(0x6a)
+	ERANGE          = syscall.Errno(0x22)
+	EREMOTE         = syscall.Errno(0x47)
+	EROFS           = syscall.Errno(0x1e)
+	ERPCMISMATCH    = syscall.Errno(0x49)
+	ESHLIBVERS      = syscall.Errno(0x57)
+	ESHUTDOWN       = syscall.Errno(0x3a)
+	ESOCKTNOSUPPORT = syscall.Errno(0x2c)
+	ESPIPE          = syscall.Errno(0x1d)
+	ESRCH           = syscall.Errno(0x3)
+	ESTALE          = syscall.Errno(0x46)
+	ETIME           = syscall.Errno(0x65)
+	ETIMEDOUT       = syscall.Errno(0x3c)
+	ETOOMANYREFS    = syscall.Errno(0x3b)
+	ETXTBSY         = syscall.Errno(0x1a)
+	EUSERS          = syscall.Errno(0x44)
+	EWOULDBLOCK     = syscall.Errno(0x23)
+	EXDEV           = syscall.Errno(0x12)
+)
+
+// Signals
+const (
+	SIGABRT   = syscall.Signal(0x6)
+	SIGALRM   = syscall.Signal(0xe)
+	SIGBUS    = syscall.Signal(0xa)
+	SIGCHLD   = syscall.Signal(0x14)
+	SIGCONT   = syscall.Signal(0x13)
+	SIGEMT    = syscall.Signal(0x7)
+	SIGFPE    = syscall.Signal(0x8)
+	SIGHUP    = syscall.Signal(0x1)
+	SIGILL    = syscall.Signal(0x4)
+	SIGINFO   = syscall.Signal(0x1d)
+	SIGINT    = syscall.Signal(0x2)
+	SIGIO     = syscall.Signal(0x17)
+	SIGIOT    = syscall.Signal(0x6)
+	SIGKILL   = syscall.Signal(0x9)
+	SIGPIPE   = syscall.Signal(0xd)
+	SIGPROF   = syscall.Signal(0x1b)
+	SIGQUIT   = syscall.Signal(0x3)
+	SIGSEGV   = syscall.Signal(0xb)
+	SIGSTOP   = syscall.Signal(0x11)
+	SIGSYS    = syscall.Signal(0xc)
+	SIGTERM   = syscall.Signal(0xf)
+	SIGTRAP   = syscall.Signal(0x5)
+	SIGTSTP   = syscall.Signal(0x12)
+	SIGTTIN   = syscall.Signal(0x15)
+	SIGTTOU   = syscall.Signal(0x16)
+	SIGURG    = syscall.Signal(0x10)
+	SIGUSR1   = syscall.Signal(0x1e)
+	SIGUSR2   = syscall.Signal(0x1f)
+	SIGVTALRM = syscall.Signal(0x1a)
+	SIGWINCH  = syscall.Signal(0x1c)
+	SIGXCPU   = syscall.Signal(0x18)
+	SIGXFSZ   = syscall.Signal(0x19)
+)
+
+// Error table
+var errorList = [...]struct {
+	num  syscall.Errno
+	name string
+	desc string
+}{
+	{1, "EPERM", "operation not permitted"},
+	{2, "ENOENT", "no such file or directory"},
+	{3, "ESRCH", "no such process"},
+	{4, "EINTR", "interrupted system call"},
+	{5, "EIO", "input/output error"},
+	{6, "ENXIO", "device not configured"},
+	{7, "E2BIG", "argument list too long"},
+	{8, "ENOEXEC", "exec format error"},
+	{9, "EBADF", "bad file descriptor"},
+	{10, "ECHILD", "no child processes"},
+	{11, "EDEADLK", "resource deadlock avoided"},
+	{12, "ENOMEM", "cannot allocate memory"},
+	{13, "EACCES", "permission denied"},
+	{14, "EFAULT", "bad address"},
+	{15, "ENOTBLK", "block device required"},
+	{16, "EBUSY", "resource busy"},
+	{17, "EEXIST", "file exists"},
+	{18, "EXDEV", "cross-device link"},
+	{19, "ENODEV", "operation not supported by device"},
+	{20, "ENOTDIR", "not a directory"},
+	{21, "EISDIR", "is a directory"},
+	{22, "EINVAL", "invalid argument"},
+	{23, "ENFILE", "too many open files in system"},
+	{24, "EMFILE", "too many open files"},
+	{25, "ENOTTY", "inappropriate ioctl for device"},
+	{26, "ETXTBSY", "text file busy"},
+	{27, "EFBIG", "file too large"},
+	{28, "ENOSPC", "no space left on device"},
+	{29, "ESPIPE", "illegal seek"},
+	{30, "EROFS", "read-only file system"},
+	{31, "EMLINK", "too many links"},
+	{32, "EPIPE", "broken pipe"},
+	{33, "EDOM", "numerical argument out of domain"},
+	{34, "ERANGE", "result too large"},
+	{35, "EAGAIN", "resource temporarily unavailable"},
+	{36, "EINPROGRESS", "operation now in progress"},
+	{37, "EALREADY", "operation already in progress"},
+	{38, "ENOTSOCK", "socket operation on non-socket"},
+	{39, "EDESTADDRREQ", "destination address required"},
+	{40, "EMSGSIZE", "message too long"},
+	{41, "EPROTOTYPE", "protocol wrong type for socket"},
+	{42, "ENOPROTOOPT", "protocol not available"},
+	{43, "EPROTONOSUPPORT", "protocol not supported"},
+	{44, "ESOCKTNOSUPPORT", "socket type not supported"},
+	{45, "ENOTSUP", "operation not supported"},
+	{46, "EPFNOSUPPORT", "protocol family not supported"},
+	{47, "EAFNOSUPPORT", "address family not supported by protocol family"},
+	{48, "EADDRINUSE", "address already in use"},
+	{49, "EADDRNOTAVAIL", "can't assign requested address"},
+	{50, "ENETDOWN", "network is down"},
+	{51, "ENETUNREACH", "network is unreachable"},
+	{52, "ENETRESET", "network dropped connection on reset"},
+	{53, "ECONNABORTED", "software caused connection abort"},
+	{54, "ECONNRESET", "connection reset by peer"},
+	{55, "ENOBUFS", "no buffer space available"},
+	{56, "EISCONN", "socket is already connected"},
+	{57, "ENOTCONN", "socket is not connected"},
+	{58, "ESHUTDOWN", "can't send after socket shutdown"},
+	{59, "ETOOMANYREFS", "too many references: can't splice"},
+	{60, "ETIMEDOUT", "operation timed out"},
+	{61, "ECONNREFUSED", "connection refused"},
+	{62, "ELOOP", "too many levels of symbolic links"},
+	{63, "ENAMETOOLONG", "file name too long"},
+	{64, "EHOSTDOWN", "host is down"},
+	{65, "EHOSTUNREACH", "no route to host"},
+	{66, "ENOTEMPTY", "directory not empty"},
+	{67, "EPROCLIM", "too many processes"},
+	{68, "EUSERS", "too many users"},
+	{69, "EDQUOT", "disc quota exceeded"},
+	{70, "ESTALE", "stale NFS file handle"},
+	{71, "EREMOTE", "too many levels of remote in path"},
+	{72, "EBADRPC", "RPC struct is bad"},
+	{73, "ERPCMISMATCH", "RPC version wrong"},
+	{74, "EPROGUNAVAIL", "RPC prog. not avail"},
+	{75, "EPROGMISMATCH", "program version wrong"},
+	{76, "EPROCUNAVAIL", "bad procedure for program"},
+	{77, "ENOLCK", "no locks available"},
+	{78, "ENOSYS", "function not implemented"},
+	{79, "EFTYPE", "inappropriate file type or format"},
+	{80, "EAUTH", "authentication error"},
+	{81, "ENEEDAUTH", "need authenticator"},
+	{82, "EPWROFF", "device power is off"},
+	{83, "EDEVERR", "device error"},
+	{84, "EOVERFLOW", "value too large to be stored in data type"},
+	{85, "EBADEXEC", "bad executable (or shared library)"},
+	{86, "EBADARCH", "bad CPU type in executable"},
+	{87, "ESHLIBVERS", "shared library version mismatch"},
+	{88, "EBADMACHO", "malformed Mach-o file"},
+	{89, "ECANCELED", "operation canceled"},
+	{90, "EIDRM", "identifier removed"},
+	{91, "ENOMSG", "no message of desired type"},
+	{92, "EILSEQ", "illegal byte sequence"},
+	{93, "ENOATTR", "attribute not found"},
+	{94, "EBADMSG", "bad message"},
+	{95, "EMULTIHOP", "EMULTIHOP (Reserved)"},
+	{96, "ENODATA", "no message available on STREAM"},
+	{97, "ENOLINK", "ENOLINK (Reserved)"},
+	{98, "ENOSR", "no STREAM resources"},
+	{99, "ENOSTR", "not a STREAM"},
+	{100, "EPROTO", "protocol error"},
+	{101, "ETIME", "STREAM ioctl timeout"},
+	{102, "EOPNOTSUPP", "operation not supported on socket"},
+	{103, "ENOPOLICY", "policy not found"},
+	{104, "ENOTRECOVERABLE", "state not recoverable"},
+	{105, "EOWNERDEAD", "previous owner died"},
+	{106, "EQFULL", "interface output queue is full"},
+}
+
+// Signal table
+var signalList = [...]struct {
+	num  syscall.Signal
+	name string
+	desc string
+}{
+	{1, "SIGHUP", "hangup"},
+	{2, "SIGINT", "interrupt"},
+	{3, "SIGQUIT", "quit"},
+	{4, "SIGILL", "illegal instruction"},
+	{5, "SIGTRAP", "trace/BPT trap"},
+	{6, "SIGABRT", "abort trap"},
+	{7, "SIGEMT", "EMT trap"},
+	{8, "SIGFPE", "floating point exception"},
+	{9, "SIGKILL", "killed"},
+	{10, "SIGBUS", "bus error"},
+	{11, "SIGSEGV", "segmentation fault"},
+	{12, "SIGSYS", "bad system call"},
+	{13, "SIGPIPE", "broken pipe"},
+	{14, "SIGALRM", "alarm clock"},
+	{15, "SIGTERM", "terminated"},
+	{16, "SIGURG", "urgent I/O condition"},
+	{17, "SIGSTOP", "suspended (signal)"},
+	{18, "SIGTSTP", "suspended"},
+	{19, "SIGCONT", "continued"},
+	{20, "SIGCHLD", "child exited"},
+	{21, "SIGTTIN", "stopped (tty input)"},
+	{22, "SIGTTOU", "stopped (tty output)"},
+	{23, "SIGIO", "I/O possible"},
+	{24, "SIGXCPU", "cputime limit exceeded"},
+	{25, "SIGXFSZ", "filesize limit exceeded"},
+	{26, "SIGVTALRM", "virtual timer expired"},
+	{27, "SIGPROF", "profiling timer expired"},
+	{28, "SIGWINCH", "window size changes"},
+	{29, "SIGINFO", "information request"},
+	{30, "SIGUSR1", "user defined signal 1"},
+	{31, "SIGUSR2", "user defined signal 2"},
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go
new file mode 100644
index 000000000..0614d26d0
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go
@@ -0,0 +1,1786 @@
+// mkerrors.sh -m64
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build arm64,darwin
+
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs -- -m64 _const.go
+
+package unix
+
+import "syscall"
+
+const (
+	AF_APPLETALK                      = 0x10
+	AF_CCITT                          = 0xa
+	AF_CHAOS                          = 0x5
+	AF_CNT                            = 0x15
+	AF_COIP                           = 0x14
+	AF_DATAKIT                        = 0x9
+	AF_DECnet                         = 0xc
+	AF_DLI                            = 0xd
+	AF_E164                           = 0x1c
+	AF_ECMA                           = 0x8
+	AF_HYLINK                         = 0xf
+	AF_IEEE80211                      = 0x25
+	AF_IMPLINK                        = 0x3
+	AF_INET                           = 0x2
+	AF_INET6                          = 0x1e
+	AF_IPX                            = 0x17
+	AF_ISDN                           = 0x1c
+	AF_ISO                            = 0x7
+	AF_LAT                            = 0xe
+	AF_LINK                           = 0x12
+	AF_LOCAL                          = 0x1
+	AF_MAX                            = 0x28
+	AF_NATM                           = 0x1f
+	AF_NDRV                           = 0x1b
+	AF_NETBIOS                        = 0x21
+	AF_NS                             = 0x6
+	AF_OSI                            = 0x7
+	AF_PPP                            = 0x22
+	AF_PUP                            = 0x4
+	AF_RESERVED_36                    = 0x24
+	AF_ROUTE                          = 0x11
+	AF_SIP                            = 0x18
+	AF_SNA                            = 0xb
+	AF_SYSTEM                         = 0x20
+	AF_UNIX                           = 0x1
+	AF_UNSPEC                         = 0x0
+	AF_UTUN                           = 0x26
+	ALTWERASE                         = 0x200
+	ATTR_BIT_MAP_COUNT                = 0x5
+	ATTR_CMN_ACCESSMASK               = 0x20000
+	ATTR_CMN_ACCTIME                  = 0x1000
+	ATTR_CMN_ADDEDTIME                = 0x10000000
+	ATTR_CMN_BKUPTIME                 = 0x2000
+	ATTR_CMN_CHGTIME                  = 0x800
+	ATTR_CMN_CRTIME                   = 0x200
+	ATTR_CMN_DATA_PROTECT_FLAGS       = 0x40000000
+	ATTR_CMN_DEVID                    = 0x2
+	ATTR_CMN_DOCUMENT_ID              = 0x100000
+	ATTR_CMN_ERROR                    = 0x20000000
+	ATTR_CMN_EXTENDED_SECURITY        = 0x400000
+	ATTR_CMN_FILEID                   = 0x2000000
+	ATTR_CMN_FLAGS                    = 0x40000
+	ATTR_CMN_FNDRINFO                 = 0x4000
+	ATTR_CMN_FSID                     = 0x4
+	ATTR_CMN_FULLPATH                 = 0x8000000
+	ATTR_CMN_GEN_COUNT                = 0x80000
+	ATTR_CMN_GRPID                    = 0x10000
+	ATTR_CMN_GRPUUID                  = 0x1000000
+	ATTR_CMN_MODTIME                  = 0x400
+	ATTR_CMN_NAME                     = 0x1
+	ATTR_CMN_NAMEDATTRCOUNT           = 0x80000
+	ATTR_CMN_NAMEDATTRLIST            = 0x100000
+	ATTR_CMN_OBJID                    = 0x20
+	ATTR_CMN_OBJPERMANENTID           = 0x40
+	ATTR_CMN_OBJTAG                   = 0x10
+	ATTR_CMN_OBJTYPE                  = 0x8
+	ATTR_CMN_OWNERID                  = 0x8000
+	ATTR_CMN_PARENTID                 = 0x4000000
+	ATTR_CMN_PAROBJID                 = 0x80
+	ATTR_CMN_RETURNED_ATTRS           = 0x80000000
+	ATTR_CMN_SCRIPT                   = 0x100
+	ATTR_CMN_SETMASK                  = 0x41c7ff00
+	ATTR_CMN_USERACCESS               = 0x200000
+	ATTR_CMN_UUID                     = 0x800000
+	ATTR_CMN_VALIDMASK                = 0xffffffff
+	ATTR_CMN_VOLSETMASK               = 0x6700
+	ATTR_FILE_ALLOCSIZE               = 0x4
+	ATTR_FILE_CLUMPSIZE               = 0x10
+	ATTR_FILE_DATAALLOCSIZE           = 0x400
+	ATTR_FILE_DATAEXTENTS             = 0x800
+	ATTR_FILE_DATALENGTH              = 0x200
+	ATTR_FILE_DEVTYPE                 = 0x20
+	ATTR_FILE_FILETYPE                = 0x40
+	ATTR_FILE_FORKCOUNT               = 0x80
+	ATTR_FILE_FORKLIST                = 0x100
+	ATTR_FILE_IOBLOCKSIZE             = 0x8
+	ATTR_FILE_LINKCOUNT               = 0x1
+	ATTR_FILE_RSRCALLOCSIZE           = 0x2000
+	ATTR_FILE_RSRCEXTENTS             = 0x4000
+	ATTR_FILE_RSRCLENGTH              = 0x1000
+	ATTR_FILE_SETMASK                 = 0x20
+	ATTR_FILE_TOTALSIZE               = 0x2
+	ATTR_FILE_VALIDMASK               = 0x37ff
+	ATTR_VOL_ALLOCATIONCLUMP          = 0x40
+	ATTR_VOL_ATTRIBUTES               = 0x40000000
+	ATTR_VOL_CAPABILITIES             = 0x20000
+	ATTR_VOL_DIRCOUNT                 = 0x400
+	ATTR_VOL_ENCODINGSUSED            = 0x10000
+	ATTR_VOL_FILECOUNT                = 0x200
+	ATTR_VOL_FSTYPE                   = 0x1
+	ATTR_VOL_INFO                     = 0x80000000
+	ATTR_VOL_IOBLOCKSIZE              = 0x80
+	ATTR_VOL_MAXOBJCOUNT              = 0x800
+	ATTR_VOL_MINALLOCATION            = 0x20
+	ATTR_VOL_MOUNTEDDEVICE            = 0x8000
+	ATTR_VOL_MOUNTFLAGS               = 0x4000
+	ATTR_VOL_MOUNTPOINT               = 0x1000
+	ATTR_VOL_NAME                     = 0x2000
+	ATTR_VOL_OBJCOUNT                 = 0x100
+	ATTR_VOL_QUOTA_SIZE               = 0x10000000
+	ATTR_VOL_RESERVED_SIZE            = 0x20000000
+	ATTR_VOL_SETMASK                  = 0x80002000
+	ATTR_VOL_SIGNATURE                = 0x2
+	ATTR_VOL_SIZE                     = 0x4
+	ATTR_VOL_SPACEAVAIL               = 0x10
+	ATTR_VOL_SPACEFREE                = 0x8
+	ATTR_VOL_UUID                     = 0x40000
+	ATTR_VOL_VALIDMASK                = 0xf007ffff
+	B0                                = 0x0
+	B110                              = 0x6e
+	B115200                           = 0x1c200
+	B1200                             = 0x4b0
+	B134                              = 0x86
+	B14400                            = 0x3840
+	B150                              = 0x96
+	B1800                             = 0x708
+	B19200                            = 0x4b00
+	B200                              = 0xc8
+	B230400                           = 0x38400
+	B2400                             = 0x960
+	B28800                            = 0x7080
+	B300                              = 0x12c
+	B38400                            = 0x9600
+	B4800                             = 0x12c0
+	B50                               = 0x32
+	B57600                            = 0xe100
+	B600                              = 0x258
+	B7200                             = 0x1c20
+	B75                               = 0x4b
+	B76800                            = 0x12c00
+	B9600                             = 0x2580
+	BIOCFLUSH                         = 0x20004268
+	BIOCGBLEN                         = 0x40044266
+	BIOCGDLT                          = 0x4004426a
+	BIOCGDLTLIST                      = 0xc00c4279
+	BIOCGETIF                         = 0x4020426b
+	BIOCGHDRCMPLT                     = 0x40044274
+	BIOCGRSIG                         = 0x40044272
+	BIOCGRTIMEOUT                     = 0x4010426e
+	BIOCGSEESENT                      = 0x40044276
+	BIOCGSTATS                        = 0x4008426f
+	BIOCIMMEDIATE                     = 0x80044270
+	BIOCPROMISC                       = 0x20004269
+	BIOCSBLEN                         = 0xc0044266
+	BIOCSDLT                          = 0x80044278
+	BIOCSETF                          = 0x80104267
+	BIOCSETFNR                        = 0x8010427e
+	BIOCSETIF                         = 0x8020426c
+	BIOCSHDRCMPLT                     = 0x80044275
+	BIOCSRSIG                         = 0x80044273
+	BIOCSRTIMEOUT                     = 0x8010426d
+	BIOCSSEESENT                      = 0x80044277
+	BIOCVERSION                       = 0x40044271
+	BPF_A                             = 0x10
+	BPF_ABS                           = 0x20
+	BPF_ADD                           = 0x0
+	BPF_ALIGNMENT                     = 0x4
+	BPF_ALU                           = 0x4
+	BPF_AND                           = 0x50
+	BPF_B                             = 0x10
+	BPF_DIV                           = 0x30
+	BPF_H                             = 0x8
+	BPF_IMM                           = 0x0
+	BPF_IND                           = 0x40
+	BPF_JA                            = 0x0
+	BPF_JEQ                           = 0x10
+	BPF_JGE                           = 0x30
+	BPF_JGT                           = 0x20
+	BPF_JMP                           = 0x5
+	BPF_JSET                          = 0x40
+	BPF_K                             = 0x0
+	BPF_LD                            = 0x0
+	BPF_LDX                           = 0x1
+	BPF_LEN                           = 0x80
+	BPF_LSH                           = 0x60
+	BPF_MAJOR_VERSION                 = 0x1
+	BPF_MAXBUFSIZE                    = 0x80000
+	BPF_MAXINSNS                      = 0x200
+	BPF_MEM                           = 0x60
+	BPF_MEMWORDS                      = 0x10
+	BPF_MINBUFSIZE                    = 0x20
+	BPF_MINOR_VERSION                 = 0x1
+	BPF_MISC                          = 0x7
+	BPF_MSH                           = 0xa0
+	BPF_MUL                           = 0x20
+	BPF_NEG                           = 0x80
+	BPF_OR                            = 0x40
+	BPF_RELEASE                       = 0x30bb6
+	BPF_RET                           = 0x6
+	BPF_RSH                           = 0x70
+	BPF_ST                            = 0x2
+	BPF_STX                           = 0x3
+	BPF_SUB                           = 0x10
+	BPF_TAX                           = 0x0
+	BPF_TXA                           = 0x80
+	BPF_W                             = 0x0
+	BPF_X                             = 0x8
+	BRKINT                            = 0x2
+	BS0                               = 0x0
+	BS1                               = 0x8000
+	BSDLY                             = 0x8000
+	CFLUSH                            = 0xf
+	CLOCAL                            = 0x8000
+	CLOCK_MONOTONIC                   = 0x6
+	CLOCK_MONOTONIC_RAW               = 0x4
+	CLOCK_MONOTONIC_RAW_APPROX        = 0x5
+	CLOCK_PROCESS_CPUTIME_ID          = 0xc
+	CLOCK_REALTIME                    = 0x0
+	CLOCK_THREAD_CPUTIME_ID           = 0x10
+	CLOCK_UPTIME_RAW                  = 0x8
+	CLOCK_UPTIME_RAW_APPROX           = 0x9
+	CLONE_NOFOLLOW                    = 0x1
+	CLONE_NOOWNERCOPY                 = 0x2
+	CR0                               = 0x0
+	CR1                               = 0x1000
+	CR2                               = 0x2000
+	CR3                               = 0x3000
+	CRDLY                             = 0x3000
+	CREAD                             = 0x800
+	CRTSCTS                           = 0x30000
+	CS5                               = 0x0
+	CS6                               = 0x100
+	CS7                               = 0x200
+	CS8                               = 0x300
+	CSIZE                             = 0x300
+	CSTART                            = 0x11
+	CSTATUS                           = 0x14
+	CSTOP                             = 0x13
+	CSTOPB                            = 0x400
+	CSUSP                             = 0x1a
+	CTL_HW                            = 0x6
+	CTL_KERN                          = 0x1
+	CTL_MAXNAME                       = 0xc
+	CTL_NET                           = 0x4
+	DLT_A429                          = 0xb8
+	DLT_A653_ICM                      = 0xb9
+	DLT_AIRONET_HEADER                = 0x78
+	DLT_AOS                           = 0xde
+	DLT_APPLE_IP_OVER_IEEE1394        = 0x8a
+	DLT_ARCNET                        = 0x7
+	DLT_ARCNET_LINUX                  = 0x81
+	DLT_ATM_CLIP                      = 0x13
+	DLT_ATM_RFC1483                   = 0xb
+	DLT_AURORA                        = 0x7e
+	DLT_AX25                          = 0x3
+	DLT_AX25_KISS                     = 0xca
+	DLT_BACNET_MS_TP                  = 0xa5
+	DLT_BLUETOOTH_HCI_H4              = 0xbb
+	DLT_BLUETOOTH_HCI_H4_WITH_PHDR    = 0xc9
+	DLT_CAN20B                        = 0xbe
+	DLT_CAN_SOCKETCAN                 = 0xe3
+	DLT_CHAOS                         = 0x5
+	DLT_CHDLC                         = 0x68
+	DLT_CISCO_IOS                     = 0x76
+	DLT_C_HDLC                        = 0x68
+	DLT_C_HDLC_WITH_DIR               = 0xcd
+	DLT_DBUS                          = 0xe7
+	DLT_DECT                          = 0xdd
+	DLT_DOCSIS                        = 0x8f
+	DLT_DVB_CI                        = 0xeb
+	DLT_ECONET                        = 0x73
+	DLT_EN10MB                        = 0x1
+	DLT_EN3MB                         = 0x2
+	DLT_ENC                           = 0x6d
+	DLT_ERF                           = 0xc5
+	DLT_ERF_ETH                       = 0xaf
+	DLT_ERF_POS                       = 0xb0
+	DLT_FC_2                          = 0xe0
+	DLT_FC_2_WITH_FRAME_DELIMS        = 0xe1
+	DLT_FDDI                          = 0xa
+	DLT_FLEXRAY                       = 0xd2
+	DLT_FRELAY                        = 0x6b
+	DLT_FRELAY_WITH_DIR               = 0xce
+	DLT_GCOM_SERIAL                   = 0xad
+	DLT_GCOM_T1E1                     = 0xac
+	DLT_GPF_F                         = 0xab
+	DLT_GPF_T                         = 0xaa
+	DLT_GPRS_LLC                      = 0xa9
+	DLT_GSMTAP_ABIS                   = 0xda
+	DLT_GSMTAP_UM                     = 0xd9
+	DLT_HHDLC                         = 0x79
+	DLT_IBM_SN                        = 0x92
+	DLT_IBM_SP                        = 0x91
+	DLT_IEEE802                       = 0x6
+	DLT_IEEE802_11                    = 0x69
+	DLT_IEEE802_11_RADIO              = 0x7f
+	DLT_IEEE802_11_RADIO_AVS          = 0xa3
+	DLT_IEEE802_15_4                  = 0xc3
+	DLT_IEEE802_15_4_LINUX            = 0xbf
+	DLT_IEEE802_15_4_NOFCS            = 0xe6
+	DLT_IEEE802_15_4_NONASK_PHY       = 0xd7
+	DLT_IEEE802_16_MAC_CPS            = 0xbc
+	DLT_IEEE802_16_MAC_CPS_RADIO      = 0xc1
+	DLT_IPFILTER                      = 0x74
+	DLT_IPMB                          = 0xc7
+	DLT_IPMB_LINUX                    = 0xd1
+	DLT_IPNET                         = 0xe2
+	DLT_IPOIB                         = 0xf2
+	DLT_IPV4                          = 0xe4
+	DLT_IPV6                          = 0xe5
+	DLT_IP_OVER_FC                    = 0x7a
+	DLT_JUNIPER_ATM1                  = 0x89
+	DLT_JUNIPER_ATM2                  = 0x87
+	DLT_JUNIPER_ATM_CEMIC             = 0xee
+	DLT_JUNIPER_CHDLC                 = 0xb5
+	DLT_JUNIPER_ES                    = 0x84
+	DLT_JUNIPER_ETHER                 = 0xb2
+	DLT_JUNIPER_FIBRECHANNEL          = 0xea
+	DLT_JUNIPER_FRELAY                = 0xb4
+	DLT_JUNIPER_GGSN                  = 0x85
+	DLT_JUNIPER_ISM                   = 0xc2
+	DLT_JUNIPER_MFR                   = 0x86
+	DLT_JUNIPER_MLFR                  = 0x83
+	DLT_JUNIPER_MLPPP                 = 0x82
+	DLT_JUNIPER_MONITOR               = 0xa4
+	DLT_JUNIPER_PIC_PEER              = 0xae
+	DLT_JUNIPER_PPP                   = 0xb3
+	DLT_JUNIPER_PPPOE                 = 0xa7
+	DLT_JUNIPER_PPPOE_ATM             = 0xa8
+	DLT_JUNIPER_SERVICES              = 0x88
+	DLT_JUNIPER_SRX_E2E               = 0xe9
+	DLT_JUNIPER_ST                    = 0xc8
+	DLT_JUNIPER_VP                    = 0xb7
+	DLT_JUNIPER_VS                    = 0xe8
+	DLT_LAPB_WITH_DIR                 = 0xcf
+	DLT_LAPD                          = 0xcb
+	DLT_LIN                           = 0xd4
+	DLT_LINUX_EVDEV                   = 0xd8
+	DLT_LINUX_IRDA                    = 0x90
+	DLT_LINUX_LAPD                    = 0xb1
+	DLT_LINUX_PPP_WITHDIRECTION       = 0xa6
+	DLT_LINUX_SLL                     = 0x71
+	DLT_LOOP                          = 0x6c
+	DLT_LTALK                         = 0x72
+	DLT_MATCHING_MAX                  = 0xf5
+	DLT_MATCHING_MIN                  = 0x68
+	DLT_MFR                           = 0xb6
+	DLT_MOST                          = 0xd3
+	DLT_MPEG_2_TS                     = 0xf3
+	DLT_MPLS                          = 0xdb
+	DLT_MTP2                          = 0x8c
+	DLT_MTP2_WITH_PHDR                = 0x8b
+	DLT_MTP3                          = 0x8d
+	DLT_MUX27010                      = 0xec
+	DLT_NETANALYZER                   = 0xf0
+	DLT_NETANALYZER_TRANSPARENT       = 0xf1
+	DLT_NFC_LLCP                      = 0xf5
+	DLT_NFLOG                         = 0xef
+	DLT_NG40                          = 0xf4
+	DLT_NULL                          = 0x0
+	DLT_PCI_EXP                       = 0x7d
+	DLT_PFLOG                         = 0x75
+	DLT_PFSYNC                        = 0x12
+	DLT_PPI                           = 0xc0
+	DLT_PPP                           = 0x9
+	DLT_PPP_BSDOS                     = 0x10
+	DLT_PPP_ETHER                     = 0x33
+	DLT_PPP_PPPD                      = 0xa6
+	DLT_PPP_SERIAL                    = 0x32
+	DLT_PPP_WITH_DIR                  = 0xcc
+	DLT_PPP_WITH_DIRECTION            = 0xa6
+	DLT_PRISM_HEADER                  = 0x77
+	DLT_PRONET                        = 0x4
+	DLT_RAIF1                         = 0xc6
+	DLT_RAW                           = 0xc
+	DLT_RIO                           = 0x7c
+	DLT_SCCP                          = 0x8e
+	DLT_SITA                          = 0xc4
+	DLT_SLIP                          = 0x8
+	DLT_SLIP_BSDOS                    = 0xf
+	DLT_STANAG_5066_D_PDU             = 0xed
+	DLT_SUNATM                        = 0x7b
+	DLT_SYMANTEC_FIREWALL             = 0x63
+	DLT_TZSP                          = 0x80
+	DLT_USB                           = 0xba
+	DLT_USB_LINUX                     = 0xbd
+	DLT_USB_LINUX_MMAPPED             = 0xdc
+	DLT_USER0                         = 0x93
+	DLT_USER1                         = 0x94
+	DLT_USER10                        = 0x9d
+	DLT_USER11                        = 0x9e
+	DLT_USER12                        = 0x9f
+	DLT_USER13                        = 0xa0
+	DLT_USER14                        = 0xa1
+	DLT_USER15                        = 0xa2
+	DLT_USER2                         = 0x95
+	DLT_USER3                         = 0x96
+	DLT_USER4                         = 0x97
+	DLT_USER5                         = 0x98
+	DLT_USER6                         = 0x99
+	DLT_USER7                         = 0x9a
+	DLT_USER8                         = 0x9b
+	DLT_USER9                         = 0x9c
+	DLT_WIHART                        = 0xdf
+	DLT_X2E_SERIAL                    = 0xd5
+	DLT_X2E_XORAYA                    = 0xd6
+	DT_BLK                            = 0x6
+	DT_CHR                            = 0x2
+	DT_DIR                            = 0x4
+	DT_FIFO                           = 0x1
+	DT_LNK                            = 0xa
+	DT_REG                            = 0x8
+	DT_SOCK                           = 0xc
+	DT_UNKNOWN                        = 0x0
+	DT_WHT                            = 0xe
+	ECHO                              = 0x8
+	ECHOCTL                           = 0x40
+	ECHOE                             = 0x2
+	ECHOK                             = 0x4
+	ECHOKE                            = 0x1
+	ECHONL                            = 0x10
+	ECHOPRT                           = 0x20
+	EVFILT_AIO                        = -0x3
+	EVFILT_EXCEPT                     = -0xf
+	EVFILT_FS                         = -0x9
+	EVFILT_MACHPORT                   = -0x8
+	EVFILT_PROC                       = -0x5
+	EVFILT_READ                       = -0x1
+	EVFILT_SIGNAL                     = -0x6
+	EVFILT_SYSCOUNT                   = 0xf
+	EVFILT_THREADMARKER               = 0xf
+	EVFILT_TIMER                      = -0x7
+	EVFILT_USER                       = -0xa
+	EVFILT_VM                         = -0xc
+	EVFILT_VNODE                      = -0x4
+	EVFILT_WRITE                      = -0x2
+	EV_ADD                            = 0x1
+	EV_CLEAR                          = 0x20
+	EV_DELETE                         = 0x2
+	EV_DISABLE                        = 0x8
+	EV_DISPATCH                       = 0x80
+	EV_DISPATCH2                      = 0x180
+	EV_ENABLE                         = 0x4
+	EV_EOF                            = 0x8000
+	EV_ERROR                          = 0x4000
+	EV_FLAG0                          = 0x1000
+	EV_FLAG1                          = 0x2000
+	EV_ONESHOT                        = 0x10
+	EV_OOBAND                         = 0x2000
+	EV_POLL                           = 0x1000
+	EV_RECEIPT                        = 0x40
+	EV_SYSFLAGS                       = 0xf000
+	EV_UDATA_SPECIFIC                 = 0x100
+	EV_VANISHED                       = 0x200
+	EXTA                              = 0x4b00
+	EXTB                              = 0x9600
+	EXTPROC                           = 0x800
+	FD_CLOEXEC                        = 0x1
+	FD_SETSIZE                        = 0x400
+	FF0                               = 0x0
+	FF1                               = 0x4000
+	FFDLY                             = 0x4000
+	FLUSHO                            = 0x800000
+	FSOPT_ATTR_CMN_EXTENDED           = 0x20
+	FSOPT_NOFOLLOW                    = 0x1
+	FSOPT_NOINMEMUPDATE               = 0x2
+	FSOPT_PACK_INVAL_ATTRS            = 0x8
+	FSOPT_REPORT_FULLSIZE             = 0x4
+	F_ADDFILESIGS                     = 0x3d
+	F_ADDFILESIGS_FOR_DYLD_SIM        = 0x53
+	F_ADDFILESIGS_RETURN              = 0x61
+	F_ADDSIGS                         = 0x3b
+	F_ALLOCATEALL                     = 0x4
+	F_ALLOCATECONTIG                  = 0x2
+	F_BARRIERFSYNC                    = 0x55
+	F_CHECK_LV                        = 0x62
+	F_CHKCLEAN                        = 0x29
+	F_DUPFD                           = 0x0
+	F_DUPFD_CLOEXEC                   = 0x43
+	F_FINDSIGS                        = 0x4e
+	F_FLUSH_DATA                      = 0x28
+	F_FREEZE_FS                       = 0x35
+	F_FULLFSYNC                       = 0x33
+	F_GETCODEDIR                      = 0x48
+	F_GETFD                           = 0x1
+	F_GETFL                           = 0x3
+	F_GETLK                           = 0x7
+	F_GETLKPID                        = 0x42
+	F_GETNOSIGPIPE                    = 0x4a
+	F_GETOWN                          = 0x5
+	F_GETPATH                         = 0x32
+	F_GETPATH_MTMINFO                 = 0x47
+	F_GETPROTECTIONCLASS              = 0x3f
+	F_GETPROTECTIONLEVEL              = 0x4d
+	F_GLOBAL_NOCACHE                  = 0x37
+	F_LOG2PHYS                        = 0x31
+	F_LOG2PHYS_EXT                    = 0x41
+	F_NOCACHE                         = 0x30
+	F_NODIRECT                        = 0x3e
+	F_OK                              = 0x0
+	F_PATHPKG_CHECK                   = 0x34
+	F_PEOFPOSMODE                     = 0x3
+	F_PREALLOCATE                     = 0x2a
+	F_PUNCHHOLE                       = 0x63
+	F_RDADVISE                        = 0x2c
+	F_RDAHEAD                         = 0x2d
+	F_RDLCK                           = 0x1
+	F_SETBACKINGSTORE                 = 0x46
+	F_SETFD                           = 0x2
+	F_SETFL                           = 0x4
+	F_SETLK                           = 0x8
+	F_SETLKW                          = 0x9
+	F_SETLKWTIMEOUT                   = 0xa
+	F_SETNOSIGPIPE                    = 0x49
+	F_SETOWN                          = 0x6
+	F_SETPROTECTIONCLASS              = 0x40
+	F_SETSIZE                         = 0x2b
+	F_SINGLE_WRITER                   = 0x4c
+	F_THAW_FS                         = 0x36
+	F_TRANSCODEKEY                    = 0x4b
+	F_TRIM_ACTIVE_FILE                = 0x64
+	F_UNLCK                           = 0x2
+	F_VOLPOSMODE                      = 0x4
+	F_WRLCK                           = 0x3
+	HUPCL                             = 0x4000
+	HW_MACHINE                        = 0x1
+	ICANON                            = 0x100
+	ICMP6_FILTER                      = 0x12
+	ICRNL                             = 0x100
+	IEXTEN                            = 0x400
+	IFF_ALLMULTI                      = 0x200
+	IFF_ALTPHYS                       = 0x4000
+	IFF_BROADCAST                     = 0x2
+	IFF_DEBUG                         = 0x4
+	IFF_LINK0                         = 0x1000
+	IFF_LINK1                         = 0x2000
+	IFF_LINK2                         = 0x4000
+	IFF_LOOPBACK                      = 0x8
+	IFF_MULTICAST                     = 0x8000
+	IFF_NOARP                         = 0x80
+	IFF_NOTRAILERS                    = 0x20
+	IFF_OACTIVE                       = 0x400
+	IFF_POINTOPOINT                   = 0x10
+	IFF_PROMISC                       = 0x100
+	IFF_RUNNING                       = 0x40
+	IFF_SIMPLEX                       = 0x800
+	IFF_UP                            = 0x1
+	IFNAMSIZ                          = 0x10
+	IFT_1822                          = 0x2
+	IFT_AAL5                          = 0x31
+	IFT_ARCNET                        = 0x23
+	IFT_ARCNETPLUS                    = 0x24
+	IFT_ATM                           = 0x25
+	IFT_BRIDGE                        = 0xd1
+	IFT_CARP                          = 0xf8
+	IFT_CELLULAR                      = 0xff
+	IFT_CEPT                          = 0x13
+	IFT_DS3                           = 0x1e
+	IFT_ENC                           = 0xf4
+	IFT_EON                           = 0x19
+	IFT_ETHER                         = 0x6
+	IFT_FAITH                         = 0x38
+	IFT_FDDI                          = 0xf
+	IFT_FRELAY                        = 0x20
+	IFT_FRELAYDCE                     = 0x2c
+	IFT_GIF                           = 0x37
+	IFT_HDH1822                       = 0x3
+	IFT_HIPPI                         = 0x2f
+	IFT_HSSI                          = 0x2e
+	IFT_HY                            = 0xe
+	IFT_IEEE1394                      = 0x90
+	IFT_IEEE8023ADLAG                 = 0x88
+	IFT_ISDNBASIC                     = 0x14
+	IFT_ISDNPRIMARY                   = 0x15
+	IFT_ISO88022LLC                   = 0x29
+	IFT_ISO88023                      = 0x7
+	IFT_ISO88024                      = 0x8
+	IFT_ISO88025                      = 0x9
+	IFT_ISO88026                      = 0xa
+	IFT_L2VLAN                        = 0x87
+	IFT_LAPB                          = 0x10
+	IFT_LOCALTALK                     = 0x2a
+	IFT_LOOP                          = 0x18
+	IFT_MIOX25                        = 0x26
+	IFT_MODEM                         = 0x30
+	IFT_NSIP                          = 0x1b
+	IFT_OTHER                         = 0x1
+	IFT_P10                           = 0xc
+	IFT_P80                           = 0xd
+	IFT_PARA                          = 0x22
+	IFT_PDP                           = 0xff
+	IFT_PFLOG                         = 0xf5
+	IFT_PFSYNC                        = 0xf6
+	IFT_PKTAP                         = 0xfe
+	IFT_PPP                           = 0x17
+	IFT_PROPMUX                       = 0x36
+	IFT_PROPVIRTUAL                   = 0x35
+	IFT_PTPSERIAL                     = 0x16
+	IFT_RS232                         = 0x21
+	IFT_SDLC                          = 0x11
+	IFT_SIP                           = 0x1f
+	IFT_SLIP                          = 0x1c
+	IFT_SMDSDXI                       = 0x2b
+	IFT_SMDSICIP                      = 0x34
+	IFT_SONET                         = 0x27
+	IFT_SONETPATH                     = 0x32
+	IFT_SONETVT                       = 0x33
+	IFT_STARLAN                       = 0xb
+	IFT_STF                           = 0x39
+	IFT_T1                            = 0x12
+	IFT_ULTRA                         = 0x1d
+	IFT_V35                           = 0x2d
+	IFT_X25                           = 0x5
+	IFT_X25DDN                        = 0x4
+	IFT_X25PLE                        = 0x28
+	IFT_XETHER                        = 0x1a
+	IGNBRK                            = 0x1
+	IGNCR                             = 0x80
+	IGNPAR                            = 0x4
+	IMAXBEL                           = 0x2000
+	INLCR                             = 0x40
+	INPCK                             = 0x10
+	IN_CLASSA_HOST                    = 0xffffff
+	IN_CLASSA_MAX                     = 0x80
+	IN_CLASSA_NET                     = 0xff000000
+	IN_CLASSA_NSHIFT                  = 0x18
+	IN_CLASSB_HOST                    = 0xffff
+	IN_CLASSB_MAX                     = 0x10000
+	IN_CLASSB_NET                     = 0xffff0000
+	IN_CLASSB_NSHIFT                  = 0x10
+	IN_CLASSC_HOST                    = 0xff
+	IN_CLASSC_NET                     = 0xffffff00
+	IN_CLASSC_NSHIFT                  = 0x8
+	IN_CLASSD_HOST                    = 0xfffffff
+	IN_CLASSD_NET                     = 0xf0000000
+	IN_CLASSD_NSHIFT                  = 0x1c
+	IN_LINKLOCALNETNUM                = 0xa9fe0000
+	IN_LOOPBACKNET                    = 0x7f
+	IPPROTO_3PC                       = 0x22
+	IPPROTO_ADFS                      = 0x44
+	IPPROTO_AH                        = 0x33
+	IPPROTO_AHIP                      = 0x3d
+	IPPROTO_APES                      = 0x63
+	IPPROTO_ARGUS                     = 0xd
+	IPPROTO_AX25                      = 0x5d
+	IPPROTO_BHA                       = 0x31
+	IPPROTO_BLT                       = 0x1e
+	IPPROTO_BRSATMON                  = 0x4c
+	IPPROTO_CFTP                      = 0x3e
+	IPPROTO_CHAOS                     = 0x10
+	IPPROTO_CMTP                      = 0x26
+	IPPROTO_CPHB                      = 0x49
+	IPPROTO_CPNX                      = 0x48
+	IPPROTO_DDP                       = 0x25
+	IPPROTO_DGP                       = 0x56
+	IPPROTO_DIVERT                    = 0xfe
+	IPPROTO_DONE                      = 0x101
+	IPPROTO_DSTOPTS                   = 0x3c
+	IPPROTO_EGP                       = 0x8
+	IPPROTO_EMCON                     = 0xe
+	IPPROTO_ENCAP                     = 0x62
+	IPPROTO_EON                       = 0x50
+	IPPROTO_ESP                       = 0x32
+	IPPROTO_ETHERIP                   = 0x61
+	IPPROTO_FRAGMENT                  = 0x2c
+	IPPROTO_GGP                       = 0x3
+	IPPROTO_GMTP                      = 0x64
+	IPPROTO_GRE                       = 0x2f
+	IPPROTO_HELLO                     = 0x3f
+	IPPROTO_HMP                       = 0x14
+	IPPROTO_HOPOPTS                   = 0x0
+	IPPROTO_ICMP                      = 0x1
+	IPPROTO_ICMPV6                    = 0x3a
+	IPPROTO_IDP                       = 0x16
+	IPPROTO_IDPR                      = 0x23
+	IPPROTO_IDRP                      = 0x2d
+	IPPROTO_IGMP                      = 0x2
+	IPPROTO_IGP                       = 0x55
+	IPPROTO_IGRP                      = 0x58
+	IPPROTO_IL                        = 0x28
+	IPPROTO_INLSP                     = 0x34
+	IPPROTO_INP                       = 0x20
+	IPPROTO_IP                        = 0x0
+	IPPROTO_IPCOMP                    = 0x6c
+	IPPROTO_IPCV                      = 0x47
+	IPPROTO_IPEIP                     = 0x5e
+	IPPROTO_IPIP                      = 0x4
+	IPPROTO_IPPC                      = 0x43
+	IPPROTO_IPV4                      = 0x4
+	IPPROTO_IPV6                      = 0x29
+	IPPROTO_IRTP                      = 0x1c
+	IPPROTO_KRYPTOLAN                 = 0x41
+	IPPROTO_LARP                      = 0x5b
+	IPPROTO_LEAF1                     = 0x19
+	IPPROTO_LEAF2                     = 0x1a
+	IPPROTO_MAX                       = 0x100
+	IPPROTO_MAXID                     = 0x34
+	IPPROTO_MEAS                      = 0x13
+	IPPROTO_MHRP                      = 0x30
+	IPPROTO_MICP                      = 0x5f
+	IPPROTO_MTP                       = 0x5c
+	IPPROTO_MUX                       = 0x12
+	IPPROTO_ND                        = 0x4d
+	IPPROTO_NHRP                      = 0x36
+	IPPROTO_NONE                      = 0x3b
+	IPPROTO_NSP                       = 0x1f
+	IPPROTO_NVPII                     = 0xb
+	IPPROTO_OSPFIGP                   = 0x59
+	IPPROTO_PGM                       = 0x71
+	IPPROTO_PIGP                      = 0x9
+	IPPROTO_PIM                       = 0x67
+	IPPROTO_PRM                       = 0x15
+	IPPROTO_PUP                       = 0xc
+	IPPROTO_PVP                       = 0x4b
+	IPPROTO_RAW                       = 0xff
+	IPPROTO_RCCMON                    = 0xa
+	IPPROTO_RDP                       = 0x1b
+	IPPROTO_ROUTING                   = 0x2b
+	IPPROTO_RSVP                      = 0x2e
+	IPPROTO_RVD                       = 0x42
+	IPPROTO_SATEXPAK                  = 0x40
+	IPPROTO_SATMON                    = 0x45
+	IPPROTO_SCCSP                     = 0x60
+	IPPROTO_SCTP                      = 0x84
+	IPPROTO_SDRP                      = 0x2a
+	IPPROTO_SEP                       = 0x21
+	IPPROTO_SRPC                      = 0x5a
+	IPPROTO_ST                        = 0x7
+	IPPROTO_SVMTP                     = 0x52
+	IPPROTO_SWIPE                     = 0x35
+	IPPROTO_TCF                       = 0x57
+	IPPROTO_TCP                       = 0x6
+	IPPROTO_TP                        = 0x1d
+	IPPROTO_TPXX                      = 0x27
+	IPPROTO_TRUNK1                    = 0x17
+	IPPROTO_TRUNK2                    = 0x18
+	IPPROTO_TTP                       = 0x54
+	IPPROTO_UDP                       = 0x11
+	IPPROTO_VINES                     = 0x53
+	IPPROTO_VISA                      = 0x46
+	IPPROTO_VMTP                      = 0x51
+	IPPROTO_WBEXPAK                   = 0x4f
+	IPPROTO_WBMON                     = 0x4e
+	IPPROTO_WSN                       = 0x4a
+	IPPROTO_XNET                      = 0xf
+	IPPROTO_XTP                       = 0x24
+	IPV6_2292DSTOPTS                  = 0x17
+	IPV6_2292HOPLIMIT                 = 0x14
+	IPV6_2292HOPOPTS                  = 0x16
+	IPV6_2292NEXTHOP                  = 0x15
+	IPV6_2292PKTINFO                  = 0x13
+	IPV6_2292PKTOPTIONS               = 0x19
+	IPV6_2292RTHDR                    = 0x18
+	IPV6_BINDV6ONLY                   = 0x1b
+	IPV6_BOUND_IF                     = 0x7d
+	IPV6_CHECKSUM                     = 0x1a
+	IPV6_DEFAULT_MULTICAST_HOPS       = 0x1
+	IPV6_DEFAULT_MULTICAST_LOOP       = 0x1
+	IPV6_DEFHLIM                      = 0x40
+	IPV6_FAITH                        = 0x1d
+	IPV6_FLOWINFO_MASK                = 0xffffff0f
+	IPV6_FLOWLABEL_MASK               = 0xffff0f00
+	IPV6_FLOW_ECN_MASK                = 0x300
+	IPV6_FRAGTTL                      = 0x3c
+	IPV6_FW_ADD                       = 0x1e
+	IPV6_FW_DEL                       = 0x1f
+	IPV6_FW_FLUSH                     = 0x20
+	IPV6_FW_GET                       = 0x22
+	IPV6_FW_ZERO                      = 0x21
+	IPV6_HLIMDEC                      = 0x1
+	IPV6_IPSEC_POLICY                 = 0x1c
+	IPV6_JOIN_GROUP                   = 0xc
+	IPV6_LEAVE_GROUP                  = 0xd
+	IPV6_MAXHLIM                      = 0xff
+	IPV6_MAXOPTHDR                    = 0x800
+	IPV6_MAXPACKET                    = 0xffff
+	IPV6_MAX_GROUP_SRC_FILTER         = 0x200
+	IPV6_MAX_MEMBERSHIPS              = 0xfff
+	IPV6_MAX_SOCK_SRC_FILTER          = 0x80
+	IPV6_MIN_MEMBERSHIPS              = 0x1f
+	IPV6_MMTU                         = 0x500
+	IPV6_MULTICAST_HOPS               = 0xa
+	IPV6_MULTICAST_IF                 = 0x9
+	IPV6_MULTICAST_LOOP               = 0xb
+	IPV6_PORTRANGE                    = 0xe
+	IPV6_PORTRANGE_DEFAULT            = 0x0
+	IPV6_PORTRANGE_HIGH               = 0x1
+	IPV6_PORTRANGE_LOW                = 0x2
+	IPV6_RECVTCLASS                   = 0x23
+	IPV6_RTHDR_LOOSE                  = 0x0
+	IPV6_RTHDR_STRICT                 = 0x1
+	IPV6_RTHDR_TYPE_0                 = 0x0
+	IPV6_SOCKOPT_RESERVED1            = 0x3
+	IPV6_TCLASS                       = 0x24
+	IPV6_UNICAST_HOPS                 = 0x4
+	IPV6_V6ONLY                       = 0x1b
+	IPV6_VERSION                      = 0x60
+	IPV6_VERSION_MASK                 = 0xf0
+	IP_ADD_MEMBERSHIP                 = 0xc
+	IP_ADD_SOURCE_MEMBERSHIP          = 0x46
+	IP_BLOCK_SOURCE                   = 0x48
+	IP_BOUND_IF                       = 0x19
+	IP_DEFAULT_MULTICAST_LOOP         = 0x1
+	IP_DEFAULT_MULTICAST_TTL          = 0x1
+	IP_DF                             = 0x4000
+	IP_DROP_MEMBERSHIP                = 0xd
+	IP_DROP_SOURCE_MEMBERSHIP         = 0x47
+	IP_DUMMYNET_CONFIGURE             = 0x3c
+	IP_DUMMYNET_DEL                   = 0x3d
+	IP_DUMMYNET_FLUSH                 = 0x3e
+	IP_DUMMYNET_GET                   = 0x40
+	IP_FAITH                          = 0x16
+	IP_FW_ADD                         = 0x28
+	IP_FW_DEL                         = 0x29
+	IP_FW_FLUSH                       = 0x2a
+	IP_FW_GET                         = 0x2c
+	IP_FW_RESETLOG                    = 0x2d
+	IP_FW_ZERO                        = 0x2b
+	IP_HDRINCL                        = 0x2
+	IP_IPSEC_POLICY                   = 0x15
+	IP_MAXPACKET                      = 0xffff
+	IP_MAX_GROUP_SRC_FILTER           = 0x200
+	IP_MAX_MEMBERSHIPS                = 0xfff
+	IP_MAX_SOCK_MUTE_FILTER           = 0x80
+	IP_MAX_SOCK_SRC_FILTER            = 0x80
+	IP_MF                             = 0x2000
+	IP_MIN_MEMBERSHIPS                = 0x1f
+	IP_MSFILTER                       = 0x4a
+	IP_MSS                            = 0x240
+	IP_MULTICAST_IF                   = 0x9
+	IP_MULTICAST_IFINDEX              = 0x42
+	IP_MULTICAST_LOOP                 = 0xb
+	IP_MULTICAST_TTL                  = 0xa
+	IP_MULTICAST_VIF                  = 0xe
+	IP_NAT__XXX                       = 0x37
+	IP_OFFMASK                        = 0x1fff
+	IP_OLD_FW_ADD                     = 0x32
+	IP_OLD_FW_DEL                     = 0x33
+	IP_OLD_FW_FLUSH                   = 0x34
+	IP_OLD_FW_GET                     = 0x36
+	IP_OLD_FW_RESETLOG                = 0x38
+	IP_OLD_FW_ZERO                    = 0x35
+	IP_OPTIONS                        = 0x1
+	IP_PKTINFO                        = 0x1a
+	IP_PORTRANGE                      = 0x13
+	IP_PORTRANGE_DEFAULT              = 0x0
+	IP_PORTRANGE_HIGH                 = 0x1
+	IP_PORTRANGE_LOW                  = 0x2
+	IP_RECVDSTADDR                    = 0x7
+	IP_RECVIF                         = 0x14
+	IP_RECVOPTS                       = 0x5
+	IP_RECVPKTINFO                    = 0x1a
+	IP_RECVRETOPTS                    = 0x6
+	IP_RECVTOS                        = 0x1b
+	IP_RECVTTL                        = 0x18
+	IP_RETOPTS                        = 0x8
+	IP_RF                             = 0x8000
+	IP_RSVP_OFF                       = 0x10
+	IP_RSVP_ON                        = 0xf
+	IP_RSVP_VIF_OFF                   = 0x12
+	IP_RSVP_VIF_ON                    = 0x11
+	IP_STRIPHDR                       = 0x17
+	IP_TOS                            = 0x3
+	IP_TRAFFIC_MGT_BACKGROUND         = 0x41
+	IP_TTL                            = 0x4
+	IP_UNBLOCK_SOURCE                 = 0x49
+	ISIG                              = 0x80
+	ISTRIP                            = 0x20
+	IUTF8                             = 0x4000
+	IXANY                             = 0x800
+	IXOFF                             = 0x400
+	IXON                              = 0x200
+	KERN_HOSTNAME                     = 0xa
+	KERN_OSRELEASE                    = 0x2
+	KERN_OSTYPE                       = 0x1
+	KERN_VERSION                      = 0x4
+	LOCK_EX                           = 0x2
+	LOCK_NB                           = 0x4
+	LOCK_SH                           = 0x1
+	LOCK_UN                           = 0x8
+	MADV_CAN_REUSE                    = 0x9
+	MADV_DONTNEED                     = 0x4
+	MADV_FREE                         = 0x5
+	MADV_FREE_REUSABLE                = 0x7
+	MADV_FREE_REUSE                   = 0x8
+	MADV_NORMAL                       = 0x0
+	MADV_PAGEOUT                      = 0xa
+	MADV_RANDOM                       = 0x1
+	MADV_SEQUENTIAL                   = 0x2
+	MADV_WILLNEED                     = 0x3
+	MADV_ZERO_WIRED_PAGES             = 0x6
+	MAP_ANON                          = 0x1000
+	MAP_ANONYMOUS                     = 0x1000
+	MAP_COPY                          = 0x2
+	MAP_FILE                          = 0x0
+	MAP_FIXED                         = 0x10
+	MAP_HASSEMAPHORE                  = 0x200
+	MAP_JIT                           = 0x800
+	MAP_NOCACHE                       = 0x400
+	MAP_NOEXTEND                      = 0x100
+	MAP_NORESERVE                     = 0x40
+	MAP_PRIVATE                       = 0x2
+	MAP_RENAME                        = 0x20
+	MAP_RESERVED0080                  = 0x80
+	MAP_RESILIENT_CODESIGN            = 0x2000
+	MAP_RESILIENT_MEDIA               = 0x4000
+	MAP_SHARED                        = 0x1
+	MCL_CURRENT                       = 0x1
+	MCL_FUTURE                        = 0x2
+	MNT_ASYNC                         = 0x40
+	MNT_AUTOMOUNTED                   = 0x400000
+	MNT_CMDFLAGS                      = 0xf0000
+	MNT_CPROTECT                      = 0x80
+	MNT_DEFWRITE                      = 0x2000000
+	MNT_DONTBROWSE                    = 0x100000
+	MNT_DOVOLFS                       = 0x8000
+	MNT_DWAIT                         = 0x4
+	MNT_EXPORTED                      = 0x100
+	MNT_FORCE                         = 0x80000
+	MNT_IGNORE_OWNERSHIP              = 0x200000
+	MNT_JOURNALED                     = 0x800000
+	MNT_LOCAL                         = 0x1000
+	MNT_MULTILABEL                    = 0x4000000
+	MNT_NOATIME                       = 0x10000000
+	MNT_NOBLOCK                       = 0x20000
+	MNT_NODEV                         = 0x10
+	MNT_NOEXEC                        = 0x4
+	MNT_NOSUID                        = 0x8
+	MNT_NOUSERXATTR                   = 0x1000000
+	MNT_NOWAIT                        = 0x2
+	MNT_QUARANTINE                    = 0x400
+	MNT_QUOTA                         = 0x2000
+	MNT_RDONLY                        = 0x1
+	MNT_RELOAD                        = 0x40000
+	MNT_ROOTFS                        = 0x4000
+	MNT_SYNCHRONOUS                   = 0x2
+	MNT_UNION                         = 0x20
+	MNT_UNKNOWNPERMISSIONS            = 0x200000
+	MNT_UPDATE                        = 0x10000
+	MNT_VISFLAGMASK                   = 0x17f0f5ff
+	MNT_WAIT                          = 0x1
+	MSG_CTRUNC                        = 0x20
+	MSG_DONTROUTE                     = 0x4
+	MSG_DONTWAIT                      = 0x80
+	MSG_EOF                           = 0x100
+	MSG_EOR                           = 0x8
+	MSG_FLUSH                         = 0x400
+	MSG_HAVEMORE                      = 0x2000
+	MSG_HOLD                          = 0x800
+	MSG_NEEDSA                        = 0x10000
+	MSG_OOB                           = 0x1
+	MSG_PEEK                          = 0x2
+	MSG_RCVMORE                       = 0x4000
+	MSG_SEND                          = 0x1000
+	MSG_TRUNC                         = 0x10
+	MSG_WAITALL                       = 0x40
+	MSG_WAITSTREAM                    = 0x200
+	MS_ASYNC                          = 0x1
+	MS_DEACTIVATE                     = 0x8
+	MS_INVALIDATE                     = 0x2
+	MS_KILLPAGES                      = 0x4
+	MS_SYNC                           = 0x10
+	NAME_MAX                          = 0xff
+	NET_RT_DUMP                       = 0x1
+	NET_RT_DUMP2                      = 0x7
+	NET_RT_FLAGS                      = 0x2
+	NET_RT_IFLIST                     = 0x3
+	NET_RT_IFLIST2                    = 0x6
+	NET_RT_MAXID                      = 0xa
+	NET_RT_STAT                       = 0x4
+	NET_RT_TRASH                      = 0x5
+	NFDBITS                           = 0x20
+	NL0                               = 0x0
+	NL1                               = 0x100
+	NL2                               = 0x200
+	NL3                               = 0x300
+	NLDLY                             = 0x300
+	NOFLSH                            = 0x80000000
+	NOKERNINFO                        = 0x2000000
+	NOTE_ABSOLUTE                     = 0x8
+	NOTE_ATTRIB                       = 0x8
+	NOTE_BACKGROUND                   = 0x40
+	NOTE_CHILD                        = 0x4
+	NOTE_CRITICAL                     = 0x20
+	NOTE_DELETE                       = 0x1
+	NOTE_EXEC                         = 0x20000000
+	NOTE_EXIT                         = 0x80000000
+	NOTE_EXITSTATUS                   = 0x4000000
+	NOTE_EXIT_CSERROR                 = 0x40000
+	NOTE_EXIT_DECRYPTFAIL             = 0x10000
+	NOTE_EXIT_DETAIL                  = 0x2000000
+	NOTE_EXIT_DETAIL_MASK             = 0x70000
+	NOTE_EXIT_MEMORY                  = 0x20000
+	NOTE_EXIT_REPARENTED              = 0x80000
+	NOTE_EXTEND                       = 0x4
+	NOTE_FFAND                        = 0x40000000
+	NOTE_FFCOPY                       = 0xc0000000
+	NOTE_FFCTRLMASK                   = 0xc0000000
+	NOTE_FFLAGSMASK                   = 0xffffff
+	NOTE_FFNOP                        = 0x0
+	NOTE_FFOR                         = 0x80000000
+	NOTE_FORK                         = 0x40000000
+	NOTE_FUNLOCK                      = 0x100
+	NOTE_LEEWAY                       = 0x10
+	NOTE_LINK                         = 0x10
+	NOTE_LOWAT                        = 0x1
+	NOTE_MACH_CONTINUOUS_TIME         = 0x80
+	NOTE_NONE                         = 0x80
+	NOTE_NSECONDS                     = 0x4
+	NOTE_OOB                          = 0x2
+	NOTE_PCTRLMASK                    = -0x100000
+	NOTE_PDATAMASK                    = 0xfffff
+	NOTE_REAP                         = 0x10000000
+	NOTE_RENAME                       = 0x20
+	NOTE_REVOKE                       = 0x40
+	NOTE_SECONDS                      = 0x1
+	NOTE_SIGNAL                       = 0x8000000
+	NOTE_TRACK                        = 0x1
+	NOTE_TRACKERR                     = 0x2
+	NOTE_TRIGGER                      = 0x1000000
+	NOTE_USECONDS                     = 0x2
+	NOTE_VM_ERROR                     = 0x10000000
+	NOTE_VM_PRESSURE                  = 0x80000000
+	NOTE_VM_PRESSURE_SUDDEN_TERMINATE = 0x20000000
+	NOTE_VM_PRESSURE_TERMINATE        = 0x40000000
+	NOTE_WRITE                        = 0x2
+	OCRNL                             = 0x10
+	OFDEL                             = 0x20000
+	OFILL                             = 0x80
+	ONLCR                             = 0x2
+	ONLRET                            = 0x40
+	ONOCR                             = 0x20
+	ONOEOT                            = 0x8
+	OPOST                             = 0x1
+	OXTABS                            = 0x4
+	O_ACCMODE                         = 0x3
+	O_ALERT                           = 0x20000000
+	O_APPEND                          = 0x8
+	O_ASYNC                           = 0x40
+	O_CLOEXEC                         = 0x1000000
+	O_CREAT                           = 0x200
+	O_DIRECTORY                       = 0x100000
+	O_DP_GETRAWENCRYPTED              = 0x1
+	O_DP_GETRAWUNENCRYPTED            = 0x2
+	O_DSYNC                           = 0x400000
+	O_EVTONLY                         = 0x8000
+	O_EXCL                            = 0x800
+	O_EXLOCK                          = 0x20
+	O_FSYNC                           = 0x80
+	O_NDELAY                          = 0x4
+	O_NOCTTY                          = 0x20000
+	O_NOFOLLOW                        = 0x100
+	O_NONBLOCK                        = 0x4
+	O_POPUP                           = 0x80000000
+	O_RDONLY                          = 0x0
+	O_RDWR                            = 0x2
+	O_SHLOCK                          = 0x10
+	O_SYMLINK                         = 0x200000
+	O_SYNC                            = 0x80
+	O_TRUNC                           = 0x400
+	O_WRONLY                          = 0x1
+	PARENB                            = 0x1000
+	PARMRK                            = 0x8
+	PARODD                            = 0x2000
+	PENDIN                            = 0x20000000
+	PRIO_PGRP                         = 0x1
+	PRIO_PROCESS                      = 0x0
+	PRIO_USER                         = 0x2
+	PROT_EXEC                         = 0x4
+	PROT_NONE                         = 0x0
+	PROT_READ                         = 0x1
+	PROT_WRITE                        = 0x2
+	PT_ATTACH                         = 0xa
+	PT_ATTACHEXC                      = 0xe
+	PT_CONTINUE                       = 0x7
+	PT_DENY_ATTACH                    = 0x1f
+	PT_DETACH                         = 0xb
+	PT_FIRSTMACH                      = 0x20
+	PT_FORCEQUOTA                     = 0x1e
+	PT_KILL                           = 0x8
+	PT_READ_D                         = 0x2
+	PT_READ_I                         = 0x1
+	PT_READ_U                         = 0x3
+	PT_SIGEXC                         = 0xc
+	PT_STEP                           = 0x9
+	PT_THUPDATE                       = 0xd
+	PT_TRACE_ME                       = 0x0
+	PT_WRITE_D                        = 0x5
+	PT_WRITE_I                        = 0x4
+	PT_WRITE_U                        = 0x6
+	RLIMIT_AS                         = 0x5
+	RLIMIT_CORE                       = 0x4
+	RLIMIT_CPU                        = 0x0
+	RLIMIT_CPU_USAGE_MONITOR          = 0x2
+	RLIMIT_DATA                       = 0x2
+	RLIMIT_FSIZE                      = 0x1
+	RLIMIT_MEMLOCK                    = 0x6
+	RLIMIT_NOFILE                     = 0x8
+	RLIMIT_NPROC                      = 0x7
+	RLIMIT_RSS                        = 0x5
+	RLIMIT_STACK                      = 0x3
+	RLIM_INFINITY                     = 0x7fffffffffffffff
+	RTAX_AUTHOR                       = 0x6
+	RTAX_BRD                          = 0x7
+	RTAX_DST                          = 0x0
+	RTAX_GATEWAY                      = 0x1
+	RTAX_GENMASK                      = 0x3
+	RTAX_IFA                          = 0x5
+	RTAX_IFP                          = 0x4
+	RTAX_MAX                          = 0x8
+	RTAX_NETMASK                      = 0x2
+	RTA_AUTHOR                        = 0x40
+	RTA_BRD                           = 0x80
+	RTA_DST                           = 0x1
+	RTA_GATEWAY                       = 0x2
+	RTA_GENMASK                       = 0x8
+	RTA_IFA                           = 0x20
+	RTA_IFP                           = 0x10
+	RTA_NETMASK                       = 0x4
+	RTF_BLACKHOLE                     = 0x1000
+	RTF_BROADCAST                     = 0x400000
+	RTF_CLONING                       = 0x100
+	RTF_CONDEMNED                     = 0x2000000
+	RTF_DELCLONE                      = 0x80
+	RTF_DONE                          = 0x40
+	RTF_DYNAMIC                       = 0x10
+	RTF_GATEWAY                       = 0x2
+	RTF_HOST                          = 0x4
+	RTF_IFREF                         = 0x4000000
+	RTF_IFSCOPE                       = 0x1000000
+	RTF_LLINFO                        = 0x400
+	RTF_LOCAL                         = 0x200000
+	RTF_MODIFIED                      = 0x20
+	RTF_MULTICAST                     = 0x800000
+	RTF_NOIFREF                       = 0x2000
+	RTF_PINNED                        = 0x100000
+	RTF_PRCLONING                     = 0x10000
+	RTF_PROTO1                        = 0x8000
+	RTF_PROTO2                        = 0x4000
+	RTF_PROTO3                        = 0x40000
+	RTF_PROXY                         = 0x8000000
+	RTF_REJECT                        = 0x8
+	RTF_ROUTER                        = 0x10000000
+	RTF_STATIC                        = 0x800
+	RTF_UP                            = 0x1
+	RTF_WASCLONED                     = 0x20000
+	RTF_XRESOLVE                      = 0x200
+	RTM_ADD                           = 0x1
+	RTM_CHANGE                        = 0x3
+	RTM_DELADDR                       = 0xd
+	RTM_DELETE                        = 0x2
+	RTM_DELMADDR                      = 0x10
+	RTM_GET                           = 0x4
+	RTM_GET2                          = 0x14
+	RTM_IFINFO                        = 0xe
+	RTM_IFINFO2                       = 0x12
+	RTM_LOCK                          = 0x8
+	RTM_LOSING                        = 0x5
+	RTM_MISS                          = 0x7
+	RTM_NEWADDR                       = 0xc
+	RTM_NEWMADDR                      = 0xf
+	RTM_NEWMADDR2                     = 0x13
+	RTM_OLDADD                        = 0x9
+	RTM_OLDDEL                        = 0xa
+	RTM_REDIRECT                      = 0x6
+	RTM_RESOLVE                       = 0xb
+	RTM_RTTUNIT                       = 0xf4240
+	RTM_VERSION                       = 0x5
+	RTV_EXPIRE                        = 0x4
+	RTV_HOPCOUNT                      = 0x2
+	RTV_MTU                           = 0x1
+	RTV_RPIPE                         = 0x8
+	RTV_RTT                           = 0x40
+	RTV_RTTVAR                        = 0x80
+	RTV_SPIPE                         = 0x10
+	RTV_SSTHRESH                      = 0x20
+	RUSAGE_CHILDREN                   = -0x1
+	RUSAGE_SELF                       = 0x0
+	SCM_CREDS                         = 0x3
+	SCM_RIGHTS                        = 0x1
+	SCM_TIMESTAMP                     = 0x2
+	SCM_TIMESTAMP_MONOTONIC           = 0x4
+	SHUT_RD                           = 0x0
+	SHUT_RDWR                         = 0x2
+	SHUT_WR                           = 0x1
+	SIOCADDMULTI                      = 0x80206931
+	SIOCAIFADDR                       = 0x8040691a
+	SIOCARPIPLL                       = 0xc0206928
+	SIOCATMARK                        = 0x40047307
+	SIOCAUTOADDR                      = 0xc0206926
+	SIOCAUTONETMASK                   = 0x80206927
+	SIOCDELMULTI                      = 0x80206932
+	SIOCDIFADDR                       = 0x80206919
+	SIOCDIFPHYADDR                    = 0x80206941
+	SIOCGDRVSPEC                      = 0xc028697b
+	SIOCGETVLAN                       = 0xc020697f
+	SIOCGHIWAT                        = 0x40047301
+	SIOCGIFADDR                       = 0xc0206921
+	SIOCGIFALTMTU                     = 0xc0206948
+	SIOCGIFASYNCMAP                   = 0xc020697c
+	SIOCGIFBOND                       = 0xc0206947
+	SIOCGIFBRDADDR                    = 0xc0206923
+	SIOCGIFCAP                        = 0xc020695b
+	SIOCGIFCONF                       = 0xc00c6924
+	SIOCGIFDEVMTU                     = 0xc0206944
+	SIOCGIFDSTADDR                    = 0xc0206922
+	SIOCGIFFLAGS                      = 0xc0206911
+	SIOCGIFGENERIC                    = 0xc020693a
+	SIOCGIFKPI                        = 0xc0206987
+	SIOCGIFMAC                        = 0xc0206982
+	SIOCGIFMEDIA                      = 0xc02c6938
+	SIOCGIFMETRIC                     = 0xc0206917
+	SIOCGIFMTU                        = 0xc0206933
+	SIOCGIFNETMASK                    = 0xc0206925
+	SIOCGIFPDSTADDR                   = 0xc0206940
+	SIOCGIFPHYS                       = 0xc0206935
+	SIOCGIFPSRCADDR                   = 0xc020693f
+	SIOCGIFSTATUS                     = 0xc331693d
+	SIOCGIFVLAN                       = 0xc020697f
+	SIOCGIFWAKEFLAGS                  = 0xc0206988
+	SIOCGLOWAT                        = 0x40047303
+	SIOCGPGRP                         = 0x40047309
+	SIOCIFCREATE                      = 0xc0206978
+	SIOCIFCREATE2                     = 0xc020697a
+	SIOCIFDESTROY                     = 0x80206979
+	SIOCIFGCLONERS                    = 0xc0106981
+	SIOCRSLVMULTI                     = 0xc010693b
+	SIOCSDRVSPEC                      = 0x8028697b
+	SIOCSETVLAN                       = 0x8020697e
+	SIOCSHIWAT                        = 0x80047300
+	SIOCSIFADDR                       = 0x8020690c
+	SIOCSIFALTMTU                     = 0x80206945
+	SIOCSIFASYNCMAP                   = 0x8020697d
+	SIOCSIFBOND                       = 0x80206946
+	SIOCSIFBRDADDR                    = 0x80206913
+	SIOCSIFCAP                        = 0x8020695a
+	SIOCSIFDSTADDR                    = 0x8020690e
+	SIOCSIFFLAGS                      = 0x80206910
+	SIOCSIFGENERIC                    = 0x80206939
+	SIOCSIFKPI                        = 0x80206986
+	SIOCSIFLLADDR                     = 0x8020693c
+	SIOCSIFMAC                        = 0x80206983
+	SIOCSIFMEDIA                      = 0xc0206937
+	SIOCSIFMETRIC                     = 0x80206918
+	SIOCSIFMTU                        = 0x80206934
+	SIOCSIFNETMASK                    = 0x80206916
+	SIOCSIFPHYADDR                    = 0x8040693e
+	SIOCSIFPHYS                       = 0x80206936
+	SIOCSIFVLAN                       = 0x8020697e
+	SIOCSLOWAT                        = 0x80047302
+	SIOCSPGRP                         = 0x80047308
+	SOCK_DGRAM                        = 0x2
+	SOCK_MAXADDRLEN                   = 0xff
+	SOCK_RAW                          = 0x3
+	SOCK_RDM                          = 0x4
+	SOCK_SEQPACKET                    = 0x5
+	SOCK_STREAM                       = 0x1
+	SOL_SOCKET                        = 0xffff
+	SOMAXCONN                         = 0x80
+	SO_ACCEPTCONN                     = 0x2
+	SO_BROADCAST                      = 0x20
+	SO_DEBUG                          = 0x1
+	SO_DONTROUTE                      = 0x10
+	SO_DONTTRUNC                      = 0x2000
+	SO_ERROR                          = 0x1007
+	SO_KEEPALIVE                      = 0x8
+	SO_LABEL                          = 0x1010
+	SO_LINGER                         = 0x80
+	SO_LINGER_SEC                     = 0x1080
+	SO_NETSVC_MARKING_LEVEL           = 0x1119
+	SO_NET_SERVICE_TYPE               = 0x1116
+	SO_NKE                            = 0x1021
+	SO_NOADDRERR                      = 0x1023
+	SO_NOSIGPIPE                      = 0x1022
+	SO_NOTIFYCONFLICT                 = 0x1026
+	SO_NP_EXTENSIONS                  = 0x1083
+	SO_NREAD                          = 0x1020
+	SO_NUMRCVPKT                      = 0x1112
+	SO_NWRITE                         = 0x1024
+	SO_OOBINLINE                      = 0x100
+	SO_PEERLABEL                      = 0x1011
+	SO_RANDOMPORT                     = 0x1082
+	SO_RCVBUF                         = 0x1002
+	SO_RCVLOWAT                       = 0x1004
+	SO_RCVTIMEO                       = 0x1006
+	SO_REUSEADDR                      = 0x4
+	SO_REUSEPORT                      = 0x200
+	SO_REUSESHAREUID                  = 0x1025
+	SO_SNDBUF                         = 0x1001
+	SO_SNDLOWAT                       = 0x1003
+	SO_SNDTIMEO                       = 0x1005
+	SO_TIMESTAMP                      = 0x400
+	SO_TIMESTAMP_MONOTONIC            = 0x800
+	SO_TYPE                           = 0x1008
+	SO_UPCALLCLOSEWAIT                = 0x1027
+	SO_USELOOPBACK                    = 0x40
+	SO_WANTMORE                       = 0x4000
+	SO_WANTOOBFLAG                    = 0x8000
+	S_IEXEC                           = 0x40
+	S_IFBLK                           = 0x6000
+	S_IFCHR                           = 0x2000
+	S_IFDIR                           = 0x4000
+	S_IFIFO                           = 0x1000
+	S_IFLNK                           = 0xa000
+	S_IFMT                            = 0xf000
+	S_IFREG                           = 0x8000
+	S_IFSOCK                          = 0xc000
+	S_IFWHT                           = 0xe000
+	S_IREAD                           = 0x100
+	S_IRGRP                           = 0x20
+	S_IROTH                           = 0x4
+	S_IRUSR                           = 0x100
+	S_IRWXG                           = 0x38
+	S_IRWXO                           = 0x7
+	S_IRWXU                           = 0x1c0
+	S_ISGID                           = 0x400
+	S_ISTXT                           = 0x200
+	S_ISUID                           = 0x800
+	S_ISVTX                           = 0x200
+	S_IWGRP                           = 0x10
+	S_IWOTH                           = 0x2
+	S_IWRITE                          = 0x80
+	S_IWUSR                           = 0x80
+	S_IXGRP                           = 0x8
+	S_IXOTH                           = 0x1
+	S_IXUSR                           = 0x40
+	TAB0                              = 0x0
+	TAB1                              = 0x400
+	TAB2                              = 0x800
+	TAB3                              = 0x4
+	TABDLY                            = 0xc04
+	TCIFLUSH                          = 0x1
+	TCIOFF                            = 0x3
+	TCIOFLUSH                         = 0x3
+	TCION                             = 0x4
+	TCOFLUSH                          = 0x2
+	TCOOFF                            = 0x1
+	TCOON                             = 0x2
+	TCP_CONNECTIONTIMEOUT             = 0x20
+	TCP_CONNECTION_INFO               = 0x106
+	TCP_ENABLE_ECN                    = 0x104
+	TCP_FASTOPEN                      = 0x105
+	TCP_KEEPALIVE                     = 0x10
+	TCP_KEEPCNT                       = 0x102
+	TCP_KEEPINTVL                     = 0x101
+	TCP_MAXHLEN                       = 0x3c
+	TCP_MAXOLEN                       = 0x28
+	TCP_MAXSEG                        = 0x2
+	TCP_MAXWIN                        = 0xffff
+	TCP_MAX_SACK                      = 0x4
+	TCP_MAX_WINSHIFT                  = 0xe
+	TCP_MINMSS                        = 0xd8
+	TCP_MSS                           = 0x200
+	TCP_NODELAY                       = 0x1
+	TCP_NOOPT                         = 0x8
+	TCP_NOPUSH                        = 0x4
+	TCP_NOTSENT_LOWAT                 = 0x201
+	TCP_RXT_CONNDROPTIME              = 0x80
+	TCP_RXT_FINDROP                   = 0x100
+	TCP_SENDMOREACKS                  = 0x103
+	TCSAFLUSH                         = 0x2
+	TIOCCBRK                          = 0x2000747a
+	TIOCCDTR                          = 0x20007478
+	TIOCCONS                          = 0x80047462
+	TIOCDCDTIMESTAMP                  = 0x40107458
+	TIOCDRAIN                         = 0x2000745e
+	TIOCDSIMICROCODE                  = 0x20007455
+	TIOCEXCL                          = 0x2000740d
+	TIOCEXT                           = 0x80047460
+	TIOCFLUSH                         = 0x80047410
+	TIOCGDRAINWAIT                    = 0x40047456
+	TIOCGETA                          = 0x40487413
+	TIOCGETD                          = 0x4004741a
+	TIOCGPGRP                         = 0x40047477
+	TIOCGWINSZ                        = 0x40087468
+	TIOCIXOFF                         = 0x20007480
+	TIOCIXON                          = 0x20007481
+	TIOCMBIC                          = 0x8004746b
+	TIOCMBIS                          = 0x8004746c
+	TIOCMGDTRWAIT                     = 0x4004745a
+	TIOCMGET                          = 0x4004746a
+	TIOCMODG                          = 0x40047403
+	TIOCMODS                          = 0x80047404
+	TIOCMSDTRWAIT                     = 0x8004745b
+	TIOCMSET                          = 0x8004746d
+	TIOCM_CAR                         = 0x40
+	TIOCM_CD                          = 0x40
+	TIOCM_CTS                         = 0x20
+	TIOCM_DSR                         = 0x100
+	TIOCM_DTR                         = 0x2
+	TIOCM_LE                          = 0x1
+	TIOCM_RI                          = 0x80
+	TIOCM_RNG                         = 0x80
+	TIOCM_RTS                         = 0x4
+	TIOCM_SR                          = 0x10
+	TIOCM_ST                          = 0x8
+	TIOCNOTTY                         = 0x20007471
+	TIOCNXCL                          = 0x2000740e
+	TIOCOUTQ                          = 0x40047473
+	TIOCPKT                           = 0x80047470
+	TIOCPKT_DATA                      = 0x0
+	TIOCPKT_DOSTOP                    = 0x20
+	TIOCPKT_FLUSHREAD                 = 0x1
+	TIOCPKT_FLUSHWRITE                = 0x2
+	TIOCPKT_IOCTL                     = 0x40
+	TIOCPKT_NOSTOP                    = 0x10
+	TIOCPKT_START                     = 0x8
+	TIOCPKT_STOP                      = 0x4
+	TIOCPTYGNAME                      = 0x40807453
+	TIOCPTYGRANT                      = 0x20007454
+	TIOCPTYUNLK                       = 0x20007452
+	TIOCREMOTE                        = 0x80047469
+	TIOCSBRK                          = 0x2000747b
+	TIOCSCONS                         = 0x20007463
+	TIOCSCTTY                         = 0x20007461
+	TIOCSDRAINWAIT                    = 0x80047457
+	TIOCSDTR                          = 0x20007479
+	TIOCSETA                          = 0x80487414
+	TIOCSETAF                         = 0x80487416
+	TIOCSETAW                         = 0x80487415
+	TIOCSETD                          = 0x8004741b
+	TIOCSIG                           = 0x2000745f
+	TIOCSPGRP                         = 0x80047476
+	TIOCSTART                         = 0x2000746e
+	TIOCSTAT                          = 0x20007465
+	TIOCSTI                           = 0x80017472
+	TIOCSTOP                          = 0x2000746f
+	TIOCSWINSZ                        = 0x80087467
+	TIOCTIMESTAMP                     = 0x40107459
+	TIOCUCNTL                         = 0x80047466
+	TOSTOP                            = 0x400000
+	VDISCARD                          = 0xf
+	VDSUSP                            = 0xb
+	VEOF                              = 0x0
+	VEOL                              = 0x1
+	VEOL2                             = 0x2
+	VERASE                            = 0x3
+	VINTR                             = 0x8
+	VKILL                             = 0x5
+	VLNEXT                            = 0xe
+	VMIN                              = 0x10
+	VM_LOADAVG                        = 0x2
+	VM_MACHFACTOR                     = 0x4
+	VM_MAXID                          = 0x6
+	VM_METER                          = 0x1
+	VM_SWAPUSAGE                      = 0x5
+	VQUIT                             = 0x9
+	VREPRINT                          = 0x6
+	VSTART                            = 0xc
+	VSTATUS                           = 0x12
+	VSTOP                             = 0xd
+	VSUSP                             = 0xa
+	VT0                               = 0x0
+	VT1                               = 0x10000
+	VTDLY                             = 0x10000
+	VTIME                             = 0x11
+	VWERASE                           = 0x4
+	WCONTINUED                        = 0x10
+	WCOREFLAG                         = 0x80
+	WEXITED                           = 0x4
+	WNOHANG                           = 0x1
+	WNOWAIT                           = 0x20
+	WORDSIZE                          = 0x40
+	WSTOPPED                          = 0x8
+	WUNTRACED                         = 0x2
+	XATTR_CREATE                      = 0x2
+	XATTR_NODEFAULT                   = 0x10
+	XATTR_NOFOLLOW                    = 0x1
+	XATTR_NOSECURITY                  = 0x8
+	XATTR_REPLACE                     = 0x4
+	XATTR_SHOWCOMPRESSION             = 0x20
+)
+
+// Errors
+const (
+	E2BIG           = syscall.Errno(0x7)
+	EACCES          = syscall.Errno(0xd)
+	EADDRINUSE      = syscall.Errno(0x30)
+	EADDRNOTAVAIL   = syscall.Errno(0x31)
+	EAFNOSUPPORT    = syscall.Errno(0x2f)
+	EAGAIN          = syscall.Errno(0x23)
+	EALREADY        = syscall.Errno(0x25)
+	EAUTH           = syscall.Errno(0x50)
+	EBADARCH        = syscall.Errno(0x56)
+	EBADEXEC        = syscall.Errno(0x55)
+	EBADF           = syscall.Errno(0x9)
+	EBADMACHO       = syscall.Errno(0x58)
+	EBADMSG         = syscall.Errno(0x5e)
+	EBADRPC         = syscall.Errno(0x48)
+	EBUSY           = syscall.Errno(0x10)
+	ECANCELED       = syscall.Errno(0x59)
+	ECHILD          = syscall.Errno(0xa)
+	ECONNABORTED    = syscall.Errno(0x35)
+	ECONNREFUSED    = syscall.Errno(0x3d)
+	ECONNRESET      = syscall.Errno(0x36)
+	EDEADLK         = syscall.Errno(0xb)
+	EDESTADDRREQ    = syscall.Errno(0x27)
+	EDEVERR         = syscall.Errno(0x53)
+	EDOM            = syscall.Errno(0x21)
+	EDQUOT          = syscall.Errno(0x45)
+	EEXIST          = syscall.Errno(0x11)
+	EFAULT          = syscall.Errno(0xe)
+	EFBIG           = syscall.Errno(0x1b)
+	EFTYPE          = syscall.Errno(0x4f)
+	EHOSTDOWN       = syscall.Errno(0x40)
+	EHOSTUNREACH    = syscall.Errno(0x41)
+	EIDRM           = syscall.Errno(0x5a)
+	EILSEQ          = syscall.Errno(0x5c)
+	EINPROGRESS     = syscall.Errno(0x24)
+	EINTR           = syscall.Errno(0x4)
+	EINVAL          = syscall.Errno(0x16)
+	EIO             = syscall.Errno(0x5)
+	EISCONN         = syscall.Errno(0x38)
+	EISDIR          = syscall.Errno(0x15)
+	ELAST           = syscall.Errno(0x6a)
+	ELOOP           = syscall.Errno(0x3e)
+	EMFILE          = syscall.Errno(0x18)
+	EMLINK          = syscall.Errno(0x1f)
+	EMSGSIZE        = syscall.Errno(0x28)
+	EMULTIHOP       = syscall.Errno(0x5f)
+	ENAMETOOLONG    = syscall.Errno(0x3f)
+	ENEEDAUTH       = syscall.Errno(0x51)
+	ENETDOWN        = syscall.Errno(0x32)
+	ENETRESET       = syscall.Errno(0x34)
+	ENETUNREACH     = syscall.Errno(0x33)
+	ENFILE          = syscall.Errno(0x17)
+	ENOATTR         = syscall.Errno(0x5d)
+	ENOBUFS         = syscall.Errno(0x37)
+	ENODATA         = syscall.Errno(0x60)
+	ENODEV          = syscall.Errno(0x13)
+	ENOENT          = syscall.Errno(0x2)
+	ENOEXEC         = syscall.Errno(0x8)
+	ENOLCK          = syscall.Errno(0x4d)
+	ENOLINK         = syscall.Errno(0x61)
+	ENOMEM          = syscall.Errno(0xc)
+	ENOMSG          = syscall.Errno(0x5b)
+	ENOPOLICY       = syscall.Errno(0x67)
+	ENOPROTOOPT     = syscall.Errno(0x2a)
+	ENOSPC          = syscall.Errno(0x1c)
+	ENOSR           = syscall.Errno(0x62)
+	ENOSTR          = syscall.Errno(0x63)
+	ENOSYS          = syscall.Errno(0x4e)
+	ENOTBLK         = syscall.Errno(0xf)
+	ENOTCONN        = syscall.Errno(0x39)
+	ENOTDIR         = syscall.Errno(0x14)
+	ENOTEMPTY       = syscall.Errno(0x42)
+	ENOTRECOVERABLE = syscall.Errno(0x68)
+	ENOTSOCK        = syscall.Errno(0x26)
+	ENOTSUP         = syscall.Errno(0x2d)
+	ENOTTY          = syscall.Errno(0x19)
+	ENXIO           = syscall.Errno(0x6)
+	EOPNOTSUPP      = syscall.Errno(0x66)
+	EOVERFLOW       = syscall.Errno(0x54)
+	EOWNERDEAD      = syscall.Errno(0x69)
+	EPERM           = syscall.Errno(0x1)
+	EPFNOSUPPORT    = syscall.Errno(0x2e)
+	EPIPE           = syscall.Errno(0x20)
+	EPROCLIM        = syscall.Errno(0x43)
+	EPROCUNAVAIL    = syscall.Errno(0x4c)
+	EPROGMISMATCH   = syscall.Errno(0x4b)
+	EPROGUNAVAIL    = syscall.Errno(0x4a)
+	EPROTO          = syscall.Errno(0x64)
+	EPROTONOSUPPORT = syscall.Errno(0x2b)
+	EPROTOTYPE      = syscall.Errno(0x29)
+	EPWROFF         = syscall.Errno(0x52)
+	EQFULL          = syscall.Errno(0x6a)
+	ERANGE          = syscall.Errno(0x22)
+	EREMOTE         = syscall.Errno(0x47)
+	EROFS           = syscall.Errno(0x1e)
+	ERPCMISMATCH    = syscall.Errno(0x49)
+	ESHLIBVERS      = syscall.Errno(0x57)
+	ESHUTDOWN       = syscall.Errno(0x3a)
+	ESOCKTNOSUPPORT = syscall.Errno(0x2c)
+	ESPIPE          = syscall.Errno(0x1d)
+	ESRCH           = syscall.Errno(0x3)
+	ESTALE          = syscall.Errno(0x46)
+	ETIME           = syscall.Errno(0x65)
+	ETIMEDOUT       = syscall.Errno(0x3c)
+	ETOOMANYREFS    = syscall.Errno(0x3b)
+	ETXTBSY         = syscall.Errno(0x1a)
+	EUSERS          = syscall.Errno(0x44)
+	EWOULDBLOCK     = syscall.Errno(0x23)
+	EXDEV           = syscall.Errno(0x12)
+)
+
+// Signals
+const (
+	SIGABRT   = syscall.Signal(0x6)
+	SIGALRM   = syscall.Signal(0xe)
+	SIGBUS    = syscall.Signal(0xa)
+	SIGCHLD   = syscall.Signal(0x14)
+	SIGCONT   = syscall.Signal(0x13)
+	SIGEMT    = syscall.Signal(0x7)
+	SIGFPE    = syscall.Signal(0x8)
+	SIGHUP    = syscall.Signal(0x1)
+	SIGILL    = syscall.Signal(0x4)
+	SIGINFO   = syscall.Signal(0x1d)
+	SIGINT    = syscall.Signal(0x2)
+	SIGIO     = syscall.Signal(0x17)
+	SIGIOT    = syscall.Signal(0x6)
+	SIGKILL   = syscall.Signal(0x9)
+	SIGPIPE   = syscall.Signal(0xd)
+	SIGPROF   = syscall.Signal(0x1b)
+	SIGQUIT   = syscall.Signal(0x3)
+	SIGSEGV   = syscall.Signal(0xb)
+	SIGSTOP   = syscall.Signal(0x11)
+	SIGSYS    = syscall.Signal(0xc)
+	SIGTERM   = syscall.Signal(0xf)
+	SIGTRAP   = syscall.Signal(0x5)
+	SIGTSTP   = syscall.Signal(0x12)
+	SIGTTIN   = syscall.Signal(0x15)
+	SIGTTOU   = syscall.Signal(0x16)
+	SIGURG    = syscall.Signal(0x10)
+	SIGUSR1   = syscall.Signal(0x1e)
+	SIGUSR2   = syscall.Signal(0x1f)
+	SIGVTALRM = syscall.Signal(0x1a)
+	SIGWINCH  = syscall.Signal(0x1c)
+	SIGXCPU   = syscall.Signal(0x18)
+	SIGXFSZ   = syscall.Signal(0x19)
+)
+
+// Error table
+var errorList = [...]struct {
+	num  syscall.Errno
+	name string
+	desc string
+}{
+	{1, "EPERM", "operation not permitted"},
+	{2, "ENOENT", "no such file or directory"},
+	{3, "ESRCH", "no such process"},
+	{4, "EINTR", "interrupted system call"},
+	{5, "EIO", "input/output error"},
+	{6, "ENXIO", "device not configured"},
+	{7, "E2BIG", "argument list too long"},
+	{8, "ENOEXEC", "exec format error"},
+	{9, "EBADF", "bad file descriptor"},
+	{10, "ECHILD", "no child processes"},
+	{11, "EDEADLK", "resource deadlock avoided"},
+	{12, "ENOMEM", "cannot allocate memory"},
+	{13, "EACCES", "permission denied"},
+	{14, "EFAULT", "bad address"},
+	{15, "ENOTBLK", "block device required"},
+	{16, "EBUSY", "resource busy"},
+	{17, "EEXIST", "file exists"},
+	{18, "EXDEV", "cross-device link"},
+	{19, "ENODEV", "operation not supported by device"},
+	{20, "ENOTDIR", "not a directory"},
+	{21, "EISDIR", "is a directory"},
+	{22, "EINVAL", "invalid argument"},
+	{23, "ENFILE", "too many open files in system"},
+	{24, "EMFILE", "too many open files"},
+	{25, "ENOTTY", "inappropriate ioctl for device"},
+	{26, "ETXTBSY", "text file busy"},
+	{27, "EFBIG", "file too large"},
+	{28, "ENOSPC", "no space left on device"},
+	{29, "ESPIPE", "illegal seek"},
+	{30, "EROFS", "read-only file system"},
+	{31, "EMLINK", "too many links"},
+	{32, "EPIPE", "broken pipe"},
+	{33, "EDOM", "numerical argument out of domain"},
+	{34, "ERANGE", "result too large"},
+	{35, "EAGAIN", "resource temporarily unavailable"},
+	{36, "EINPROGRESS", "operation now in progress"},
+	{37, "EALREADY", "operation already in progress"},
+	{38, "ENOTSOCK", "socket operation on non-socket"},
+	{39, "EDESTADDRREQ", "destination address required"},
+	{40, "EMSGSIZE", "message too long"},
+	{41, "EPROTOTYPE", "protocol wrong type for socket"},
+	{42, "ENOPROTOOPT", "protocol not available"},
+	{43, "EPROTONOSUPPORT", "protocol not supported"},
+	{44, "ESOCKTNOSUPPORT", "socket type not supported"},
+	{45, "ENOTSUP", "operation not supported"},
+	{46, "EPFNOSUPPORT", "protocol family not supported"},
+	{47, "EAFNOSUPPORT", "address family not supported by protocol family"},
+	{48, "EADDRINUSE", "address already in use"},
+	{49, "EADDRNOTAVAIL", "can't assign requested address"},
+	{50, "ENETDOWN", "network is down"},
+	{51, "ENETUNREACH", "network is unreachable"},
+	{52, "ENETRESET", "network dropped connection on reset"},
+	{53, "ECONNABORTED", "software caused connection abort"},
+	{54, "ECONNRESET", "connection reset by peer"},
+	{55, "ENOBUFS", "no buffer space available"},
+	{56, "EISCONN", "socket is already connected"},
+	{57, "ENOTCONN", "socket is not connected"},
+	{58, "ESHUTDOWN", "can't send after socket shutdown"},
+	{59, "ETOOMANYREFS", "too many references: can't splice"},
+	{60, "ETIMEDOUT", "operation timed out"},
+	{61, "ECONNREFUSED", "connection refused"},
+	{62, "ELOOP", "too many levels of symbolic links"},
+	{63, "ENAMETOOLONG", "file name too long"},
+	{64, "EHOSTDOWN", "host is down"},
+	{65, "EHOSTUNREACH", "no route to host"},
+	{66, "ENOTEMPTY", "directory not empty"},
+	{67, "EPROCLIM", "too many processes"},
+	{68, "EUSERS", "too many users"},
+	{69, "EDQUOT", "disc quota exceeded"},
+	{70, "ESTALE", "stale NFS file handle"},
+	{71, "EREMOTE", "too many levels of remote in path"},
+	{72, "EBADRPC", "RPC struct is bad"},
+	{73, "ERPCMISMATCH", "RPC version wrong"},
+	{74, "EPROGUNAVAIL", "RPC prog. not avail"},
+	{75, "EPROGMISMATCH", "program version wrong"},
+	{76, "EPROCUNAVAIL", "bad procedure for program"},
+	{77, "ENOLCK", "no locks available"},
+	{78, "ENOSYS", "function not implemented"},
+	{79, "EFTYPE", "inappropriate file type or format"},
+	{80, "EAUTH", "authentication error"},
+	{81, "ENEEDAUTH", "need authenticator"},
+	{82, "EPWROFF", "device power is off"},
+	{83, "EDEVERR", "device error"},
+	{84, "EOVERFLOW", "value too large to be stored in data type"},
+	{85, "EBADEXEC", "bad executable (or shared library)"},
+	{86, "EBADARCH", "bad CPU type in executable"},
+	{87, "ESHLIBVERS", "shared library version mismatch"},
+	{88, "EBADMACHO", "malformed Mach-o file"},
+	{89, "ECANCELED", "operation canceled"},
+	{90, "EIDRM", "identifier removed"},
+	{91, "ENOMSG", "no message of desired type"},
+	{92, "EILSEQ", "illegal byte sequence"},
+	{93, "ENOATTR", "attribute not found"},
+	{94, "EBADMSG", "bad message"},
+	{95, "EMULTIHOP", "EMULTIHOP (Reserved)"},
+	{96, "ENODATA", "no message available on STREAM"},
+	{97, "ENOLINK", "ENOLINK (Reserved)"},
+	{98, "ENOSR", "no STREAM resources"},
+	{99, "ENOSTR", "not a STREAM"},
+	{100, "EPROTO", "protocol error"},
+	{101, "ETIME", "STREAM ioctl timeout"},
+	{102, "EOPNOTSUPP", "operation not supported on socket"},
+	{103, "ENOPOLICY", "policy not found"},
+	{104, "ENOTRECOVERABLE", "state not recoverable"},
+	{105, "EOWNERDEAD", "previous owner died"},
+	{106, "EQFULL", "interface output queue is full"},
+}
+
+// Signal table
+var signalList = [...]struct {
+	num  syscall.Signal
+	name string
+	desc string
+}{
+	{1, "SIGHUP", "hangup"},
+	{2, "SIGINT", "interrupt"},
+	{3, "SIGQUIT", "quit"},
+	{4, "SIGILL", "illegal instruction"},
+	{5, "SIGTRAP", "trace/BPT trap"},
+	{6, "SIGABRT", "abort trap"},
+	{7, "SIGEMT", "EMT trap"},
+	{8, "SIGFPE", "floating point exception"},
+	{9, "SIGKILL", "killed"},
+	{10, "SIGBUS", "bus error"},
+	{11, "SIGSEGV", "segmentation fault"},
+	{12, "SIGSYS", "bad system call"},
+	{13, "SIGPIPE", "broken pipe"},
+	{14, "SIGALRM", "alarm clock"},
+	{15, "SIGTERM", "terminated"},
+	{16, "SIGURG", "urgent I/O condition"},
+	{17, "SIGSTOP", "suspended (signal)"},
+	{18, "SIGTSTP", "suspended"},
+	{19, "SIGCONT", "continued"},
+	{20, "SIGCHLD", "child exited"},
+	{21, "SIGTTIN", "stopped (tty input)"},
+	{22, "SIGTTOU", "stopped (tty output)"},
+	{23, "SIGIO", "I/O possible"},
+	{24, "SIGXCPU", "cputime limit exceeded"},
+	{25, "SIGXFSZ", "filesize limit exceeded"},
+	{26, "SIGVTALRM", "virtual timer expired"},
+	{27, "SIGPROF", "profiling timer expired"},
+	{28, "SIGWINCH", "window size changes"},
+	{29, "SIGINFO", "information request"},
+	{30, "SIGUSR1", "user defined signal 1"},
+	{31, "SIGUSR2", "user defined signal 2"},
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_dragonfly_amd64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_dragonfly_amd64.go
new file mode 100644
index 000000000..613047174
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_dragonfly_amd64.go
@@ -0,0 +1,1651 @@
+// mkerrors.sh -m64
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build amd64,dragonfly
+
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs -- -m64 _const.go
+
+package unix
+
+import "syscall"
+
+const (
+	AF_APPLETALK                      = 0x10
+	AF_ATM                            = 0x1e
+	AF_BLUETOOTH                      = 0x21
+	AF_CCITT                          = 0xa
+	AF_CHAOS                          = 0x5
+	AF_CNT                            = 0x15
+	AF_COIP                           = 0x14
+	AF_DATAKIT                        = 0x9
+	AF_DECnet                         = 0xc
+	AF_DLI                            = 0xd
+	AF_E164                           = 0x1a
+	AF_ECMA                           = 0x8
+	AF_HYLINK                         = 0xf
+	AF_IEEE80211                      = 0x23
+	AF_IMPLINK                        = 0x3
+	AF_INET                           = 0x2
+	AF_INET6                          = 0x1c
+	AF_IPX                            = 0x17
+	AF_ISDN                           = 0x1a
+	AF_ISO                            = 0x7
+	AF_LAT                            = 0xe
+	AF_LINK                           = 0x12
+	AF_LOCAL                          = 0x1
+	AF_MAX                            = 0x24
+	AF_MPLS                           = 0x22
+	AF_NATM                           = 0x1d
+	AF_NETBIOS                        = 0x6
+	AF_NETGRAPH                       = 0x20
+	AF_OSI                            = 0x7
+	AF_PUP                            = 0x4
+	AF_ROUTE                          = 0x11
+	AF_SIP                            = 0x18
+	AF_SNA                            = 0xb
+	AF_UNIX                           = 0x1
+	AF_UNSPEC                         = 0x0
+	ALTWERASE                         = 0x200
+	B0                                = 0x0
+	B110                              = 0x6e
+	B115200                           = 0x1c200
+	B1200                             = 0x4b0
+	B134                              = 0x86
+	B14400                            = 0x3840
+	B150                              = 0x96
+	B1800                             = 0x708
+	B19200                            = 0x4b00
+	B200                              = 0xc8
+	B230400                           = 0x38400
+	B2400                             = 0x960
+	B28800                            = 0x7080
+	B300                              = 0x12c
+	B38400                            = 0x9600
+	B4800                             = 0x12c0
+	B50                               = 0x32
+	B57600                            = 0xe100
+	B600                              = 0x258
+	B7200                             = 0x1c20
+	B75                               = 0x4b
+	B76800                            = 0x12c00
+	B9600                             = 0x2580
+	BIOCFLUSH                         = 0x20004268
+	BIOCGBLEN                         = 0x40044266
+	BIOCGDLT                          = 0x4004426a
+	BIOCGDLTLIST                      = 0xc0104279
+	BIOCGETIF                         = 0x4020426b
+	BIOCGHDRCMPLT                     = 0x40044274
+	BIOCGRSIG                         = 0x40044272
+	BIOCGRTIMEOUT                     = 0x4010426e
+	BIOCGSEESENT                      = 0x40044276
+	BIOCGSTATS                        = 0x4008426f
+	BIOCIMMEDIATE                     = 0x80044270
+	BIOCLOCK                          = 0x2000427a
+	BIOCPROMISC                       = 0x20004269
+	BIOCSBLEN                         = 0xc0044266
+	BIOCSDLT                          = 0x80044278
+	BIOCSETF                          = 0x80104267
+	BIOCSETIF                         = 0x8020426c
+	BIOCSETWF                         = 0x8010427b
+	BIOCSHDRCMPLT                     = 0x80044275
+	BIOCSRSIG                         = 0x80044273
+	BIOCSRTIMEOUT                     = 0x8010426d
+	BIOCSSEESENT                      = 0x80044277
+	BIOCVERSION                       = 0x40044271
+	BPF_A                             = 0x10
+	BPF_ABS                           = 0x20
+	BPF_ADD                           = 0x0
+	BPF_ALIGNMENT                     = 0x8
+	BPF_ALU                           = 0x4
+	BPF_AND                           = 0x50
+	BPF_B                             = 0x10
+	BPF_DEFAULTBUFSIZE                = 0x1000
+	BPF_DIV                           = 0x30
+	BPF_H                             = 0x8
+	BPF_IMM                           = 0x0
+	BPF_IND                           = 0x40
+	BPF_JA                            = 0x0
+	BPF_JEQ                           = 0x10
+	BPF_JGE                           = 0x30
+	BPF_JGT                           = 0x20
+	BPF_JMP                           = 0x5
+	BPF_JSET                          = 0x40
+	BPF_K                             = 0x0
+	BPF_LD                            = 0x0
+	BPF_LDX                           = 0x1
+	BPF_LEN                           = 0x80
+	BPF_LSH                           = 0x60
+	BPF_MAJOR_VERSION                 = 0x1
+	BPF_MAXBUFSIZE                    = 0x80000
+	BPF_MAXINSNS                      = 0x200
+	BPF_MAX_CLONES                    = 0x80
+	BPF_MEM                           = 0x60
+	BPF_MEMWORDS                      = 0x10
+	BPF_MINBUFSIZE                    = 0x20
+	BPF_MINOR_VERSION                 = 0x1
+	BPF_MISC                          = 0x7
+	BPF_MSH                           = 0xa0
+	BPF_MUL                           = 0x20
+	BPF_NEG                           = 0x80
+	BPF_OR                            = 0x40
+	BPF_RELEASE                       = 0x30bb6
+	BPF_RET                           = 0x6
+	BPF_RSH                           = 0x70
+	BPF_ST                            = 0x2
+	BPF_STX                           = 0x3
+	BPF_SUB                           = 0x10
+	BPF_TAX                           = 0x0
+	BPF_TXA                           = 0x80
+	BPF_W                             = 0x0
+	BPF_X                             = 0x8
+	BRKINT                            = 0x2
+	CFLUSH                            = 0xf
+	CLOCAL                            = 0x8000
+	CLOCK_MONOTONIC                   = 0x4
+	CLOCK_MONOTONIC_FAST              = 0xc
+	CLOCK_MONOTONIC_PRECISE           = 0xb
+	CLOCK_PROCESS_CPUTIME_ID          = 0xf
+	CLOCK_PROF                        = 0x2
+	CLOCK_REALTIME                    = 0x0
+	CLOCK_REALTIME_FAST               = 0xa
+	CLOCK_REALTIME_PRECISE            = 0x9
+	CLOCK_SECOND                      = 0xd
+	CLOCK_THREAD_CPUTIME_ID           = 0xe
+	CLOCK_UPTIME                      = 0x5
+	CLOCK_UPTIME_FAST                 = 0x8
+	CLOCK_UPTIME_PRECISE              = 0x7
+	CLOCK_VIRTUAL                     = 0x1
+	CREAD                             = 0x800
+	CRTSCTS                           = 0x30000
+	CS5                               = 0x0
+	CS6                               = 0x100
+	CS7                               = 0x200
+	CS8                               = 0x300
+	CSIZE                             = 0x300
+	CSTART                            = 0x11
+	CSTATUS                           = 0x14
+	CSTOP                             = 0x13
+	CSTOPB                            = 0x400
+	CSUSP                             = 0x1a
+	CTL_HW                            = 0x6
+	CTL_KERN                          = 0x1
+	CTL_MAXNAME                       = 0xc
+	CTL_NET                           = 0x4
+	DLT_A429                          = 0xb8
+	DLT_A653_ICM                      = 0xb9
+	DLT_AIRONET_HEADER                = 0x78
+	DLT_APPLE_IP_OVER_IEEE1394        = 0x8a
+	DLT_ARCNET                        = 0x7
+	DLT_ARCNET_LINUX                  = 0x81
+	DLT_ATM_CLIP                      = 0x13
+	DLT_ATM_RFC1483                   = 0xb
+	DLT_AURORA                        = 0x7e
+	DLT_AX25                          = 0x3
+	DLT_AX25_KISS                     = 0xca
+	DLT_BACNET_MS_TP                  = 0xa5
+	DLT_BLUETOOTH_HCI_H4              = 0xbb
+	DLT_BLUETOOTH_HCI_H4_WITH_PHDR    = 0xc9
+	DLT_CAN20B                        = 0xbe
+	DLT_CHAOS                         = 0x5
+	DLT_CHDLC                         = 0x68
+	DLT_CISCO_IOS                     = 0x76
+	DLT_C_HDLC                        = 0x68
+	DLT_C_HDLC_WITH_DIR               = 0xcd
+	DLT_DOCSIS                        = 0x8f
+	DLT_ECONET                        = 0x73
+	DLT_EN10MB                        = 0x1
+	DLT_EN3MB                         = 0x2
+	DLT_ENC                           = 0x6d
+	DLT_ERF                           = 0xc5
+	DLT_ERF_ETH                       = 0xaf
+	DLT_ERF_POS                       = 0xb0
+	DLT_FDDI                          = 0xa
+	DLT_FLEXRAY                       = 0xd2
+	DLT_FRELAY                        = 0x6b
+	DLT_FRELAY_WITH_DIR               = 0xce
+	DLT_GCOM_SERIAL                   = 0xad
+	DLT_GCOM_T1E1                     = 0xac
+	DLT_GPF_F                         = 0xab
+	DLT_GPF_T                         = 0xaa
+	DLT_GPRS_LLC                      = 0xa9
+	DLT_HHDLC                         = 0x79
+	DLT_IBM_SN                        = 0x92
+	DLT_IBM_SP                        = 0x91
+	DLT_IEEE802                       = 0x6
+	DLT_IEEE802_11                    = 0x69
+	DLT_IEEE802_11_RADIO              = 0x7f
+	DLT_IEEE802_11_RADIO_AVS          = 0xa3
+	DLT_IEEE802_15_4                  = 0xc3
+	DLT_IEEE802_15_4_LINUX            = 0xbf
+	DLT_IEEE802_15_4_NONASK_PHY       = 0xd7
+	DLT_IEEE802_16_MAC_CPS            = 0xbc
+	DLT_IEEE802_16_MAC_CPS_RADIO      = 0xc1
+	DLT_IPFILTER                      = 0x74
+	DLT_IPMB                          = 0xc7
+	DLT_IPMB_LINUX                    = 0xd1
+	DLT_IP_OVER_FC                    = 0x7a
+	DLT_JUNIPER_ATM1                  = 0x89
+	DLT_JUNIPER_ATM2                  = 0x87
+	DLT_JUNIPER_CHDLC                 = 0xb5
+	DLT_JUNIPER_ES                    = 0x84
+	DLT_JUNIPER_ETHER                 = 0xb2
+	DLT_JUNIPER_FRELAY                = 0xb4
+	DLT_JUNIPER_GGSN                  = 0x85
+	DLT_JUNIPER_ISM                   = 0xc2
+	DLT_JUNIPER_MFR                   = 0x86
+	DLT_JUNIPER_MLFR                  = 0x83
+	DLT_JUNIPER_MLPPP                 = 0x82
+	DLT_JUNIPER_MONITOR               = 0xa4
+	DLT_JUNIPER_PIC_PEER              = 0xae
+	DLT_JUNIPER_PPP                   = 0xb3
+	DLT_JUNIPER_PPPOE                 = 0xa7
+	DLT_JUNIPER_PPPOE_ATM             = 0xa8
+	DLT_JUNIPER_SERVICES              = 0x88
+	DLT_JUNIPER_ST                    = 0xc8
+	DLT_JUNIPER_VP                    = 0xb7
+	DLT_LAPB_WITH_DIR                 = 0xcf
+	DLT_LAPD                          = 0xcb
+	DLT_LIN                           = 0xd4
+	DLT_LINUX_IRDA                    = 0x90
+	DLT_LINUX_LAPD                    = 0xb1
+	DLT_LINUX_SLL                     = 0x71
+	DLT_LOOP                          = 0x6c
+	DLT_LTALK                         = 0x72
+	DLT_MFR                           = 0xb6
+	DLT_MOST                          = 0xd3
+	DLT_MTP2                          = 0x8c
+	DLT_MTP2_WITH_PHDR                = 0x8b
+	DLT_MTP3                          = 0x8d
+	DLT_NULL                          = 0x0
+	DLT_PCI_EXP                       = 0x7d
+	DLT_PFLOG                         = 0x75
+	DLT_PFSYNC                        = 0x12
+	DLT_PPI                           = 0xc0
+	DLT_PPP                           = 0x9
+	DLT_PPP_BSDOS                     = 0x10
+	DLT_PPP_ETHER                     = 0x33
+	DLT_PPP_PPPD                      = 0xa6
+	DLT_PPP_SERIAL                    = 0x32
+	DLT_PPP_WITH_DIR                  = 0xcc
+	DLT_PRISM_HEADER                  = 0x77
+	DLT_PRONET                        = 0x4
+	DLT_RAIF1                         = 0xc6
+	DLT_RAW                           = 0xc
+	DLT_REDBACK_SMARTEDGE             = 0x20
+	DLT_RIO                           = 0x7c
+	DLT_SCCP                          = 0x8e
+	DLT_SITA                          = 0xc4
+	DLT_SLIP                          = 0x8
+	DLT_SLIP_BSDOS                    = 0xf
+	DLT_SUNATM                        = 0x7b
+	DLT_SYMANTEC_FIREWALL             = 0x63
+	DLT_TZSP                          = 0x80
+	DLT_USB                           = 0xba
+	DLT_USB_LINUX                     = 0xbd
+	DLT_X2E_SERIAL                    = 0xd5
+	DLT_X2E_XORAYA                    = 0xd6
+	DT_BLK                            = 0x6
+	DT_CHR                            = 0x2
+	DT_DBF                            = 0xf
+	DT_DIR                            = 0x4
+	DT_FIFO                           = 0x1
+	DT_LNK                            = 0xa
+	DT_REG                            = 0x8
+	DT_SOCK                           = 0xc
+	DT_UNKNOWN                        = 0x0
+	DT_WHT                            = 0xe
+	ECHO                              = 0x8
+	ECHOCTL                           = 0x40
+	ECHOE                             = 0x2
+	ECHOK                             = 0x4
+	ECHOKE                            = 0x1
+	ECHONL                            = 0x10
+	ECHOPRT                           = 0x20
+	EVFILT_AIO                        = -0x3
+	EVFILT_EXCEPT                     = -0x8
+	EVFILT_FS                         = -0xa
+	EVFILT_MARKER                     = 0xf
+	EVFILT_PROC                       = -0x5
+	EVFILT_READ                       = -0x1
+	EVFILT_SIGNAL                     = -0x6
+	EVFILT_SYSCOUNT                   = 0xa
+	EVFILT_TIMER                      = -0x7
+	EVFILT_USER                       = -0x9
+	EVFILT_VNODE                      = -0x4
+	EVFILT_WRITE                      = -0x2
+	EV_ADD                            = 0x1
+	EV_CLEAR                          = 0x20
+	EV_DELETE                         = 0x2
+	EV_DISABLE                        = 0x8
+	EV_DISPATCH                       = 0x80
+	EV_ENABLE                         = 0x4
+	EV_EOF                            = 0x8000
+	EV_ERROR                          = 0x4000
+	EV_FLAG1                          = 0x2000
+	EV_NODATA                         = 0x1000
+	EV_ONESHOT                        = 0x10
+	EV_RECEIPT                        = 0x40
+	EV_SYSFLAGS                       = 0xf000
+	EXTA                              = 0x4b00
+	EXTB                              = 0x9600
+	EXTEXIT_LWP                       = 0x10000
+	EXTEXIT_PROC                      = 0x0
+	EXTEXIT_SETINT                    = 0x1
+	EXTEXIT_SIMPLE                    = 0x0
+	EXTPROC                           = 0x800
+	FD_CLOEXEC                        = 0x1
+	FD_SETSIZE                        = 0x400
+	FLUSHO                            = 0x800000
+	F_DUP2FD                          = 0xa
+	F_DUP2FD_CLOEXEC                  = 0x12
+	F_DUPFD                           = 0x0
+	F_DUPFD_CLOEXEC                   = 0x11
+	F_GETFD                           = 0x1
+	F_GETFL                           = 0x3
+	F_GETLK                           = 0x7
+	F_GETOWN                          = 0x5
+	F_OK                              = 0x0
+	F_RDLCK                           = 0x1
+	F_SETFD                           = 0x2
+	F_SETFL                           = 0x4
+	F_SETLK                           = 0x8
+	F_SETLKW                          = 0x9
+	F_SETOWN                          = 0x6
+	F_UNLCK                           = 0x2
+	F_WRLCK                           = 0x3
+	HUPCL                             = 0x4000
+	HW_MACHINE                        = 0x1
+	ICANON                            = 0x100
+	ICMP6_FILTER                      = 0x12
+	ICRNL                             = 0x100
+	IEXTEN                            = 0x400
+	IFAN_ARRIVAL                      = 0x0
+	IFAN_DEPARTURE                    = 0x1
+	IFF_ALLMULTI                      = 0x200
+	IFF_ALTPHYS                       = 0x4000
+	IFF_BROADCAST                     = 0x2
+	IFF_CANTCHANGE                    = 0x118e72
+	IFF_DEBUG                         = 0x4
+	IFF_LINK0                         = 0x1000
+	IFF_LINK1                         = 0x2000
+	IFF_LINK2                         = 0x4000
+	IFF_LOOPBACK                      = 0x8
+	IFF_MONITOR                       = 0x40000
+	IFF_MULTICAST                     = 0x8000
+	IFF_NOARP                         = 0x80
+	IFF_NPOLLING                      = 0x100000
+	IFF_OACTIVE                       = 0x400
+	IFF_OACTIVE_COMPAT                = 0x400
+	IFF_POINTOPOINT                   = 0x10
+	IFF_POLLING                       = 0x10000
+	IFF_POLLING_COMPAT                = 0x10000
+	IFF_PPROMISC                      = 0x20000
+	IFF_PROMISC                       = 0x100
+	IFF_RUNNING                       = 0x40
+	IFF_SIMPLEX                       = 0x800
+	IFF_SMART                         = 0x20
+	IFF_STATICARP                     = 0x80000
+	IFF_UP                            = 0x1
+	IFNAMSIZ                          = 0x10
+	IFT_1822                          = 0x2
+	IFT_A12MPPSWITCH                  = 0x82
+	IFT_AAL2                          = 0xbb
+	IFT_AAL5                          = 0x31
+	IFT_ADSL                          = 0x5e
+	IFT_AFLANE8023                    = 0x3b
+	IFT_AFLANE8025                    = 0x3c
+	IFT_ARAP                          = 0x58
+	IFT_ARCNET                        = 0x23
+	IFT_ARCNETPLUS                    = 0x24
+	IFT_ASYNC                         = 0x54
+	IFT_ATM                           = 0x25
+	IFT_ATMDXI                        = 0x69
+	IFT_ATMFUNI                       = 0x6a
+	IFT_ATMIMA                        = 0x6b
+	IFT_ATMLOGICAL                    = 0x50
+	IFT_ATMRADIO                      = 0xbd
+	IFT_ATMSUBINTERFACE               = 0x86
+	IFT_ATMVCIENDPT                   = 0xc2
+	IFT_ATMVIRTUAL                    = 0x95
+	IFT_BGPPOLICYACCOUNTING           = 0xa2
+	IFT_BRIDGE                        = 0xd1
+	IFT_BSC                           = 0x53
+	IFT_CARP                          = 0xf8
+	IFT_CCTEMUL                       = 0x3d
+	IFT_CEPT                          = 0x13
+	IFT_CES                           = 0x85
+	IFT_CHANNEL                       = 0x46
+	IFT_CNR                           = 0x55
+	IFT_COFFEE                        = 0x84
+	IFT_COMPOSITELINK                 = 0x9b
+	IFT_DCN                           = 0x8d
+	IFT_DIGITALPOWERLINE              = 0x8a
+	IFT_DIGITALWRAPPEROVERHEADCHANNEL = 0xba
+	IFT_DLSW                          = 0x4a
+	IFT_DOCSCABLEDOWNSTREAM           = 0x80
+	IFT_DOCSCABLEMACLAYER             = 0x7f
+	IFT_DOCSCABLEUPSTREAM             = 0x81
+	IFT_DS0                           = 0x51
+	IFT_DS0BUNDLE                     = 0x52
+	IFT_DS1FDL                        = 0xaa
+	IFT_DS3                           = 0x1e
+	IFT_DTM                           = 0x8c
+	IFT_DVBASILN                      = 0xac
+	IFT_DVBASIOUT                     = 0xad
+	IFT_DVBRCCDOWNSTREAM              = 0x93
+	IFT_DVBRCCMACLAYER                = 0x92
+	IFT_DVBRCCUPSTREAM                = 0x94
+	IFT_ENC                           = 0xf4
+	IFT_EON                           = 0x19
+	IFT_EPLRS                         = 0x57
+	IFT_ESCON                         = 0x49
+	IFT_ETHER                         = 0x6
+	IFT_FAITH                         = 0xf2
+	IFT_FAST                          = 0x7d
+	IFT_FASTETHER                     = 0x3e
+	IFT_FASTETHERFX                   = 0x45
+	IFT_FDDI                          = 0xf
+	IFT_FIBRECHANNEL                  = 0x38
+	IFT_FRAMERELAYINTERCONNECT        = 0x3a
+	IFT_FRAMERELAYMPI                 = 0x5c
+	IFT_FRDLCIENDPT                   = 0xc1
+	IFT_FRELAY                        = 0x20
+	IFT_FRELAYDCE                     = 0x2c
+	IFT_FRF16MFRBUNDLE                = 0xa3
+	IFT_FRFORWARD                     = 0x9e
+	IFT_G703AT2MB                     = 0x43
+	IFT_G703AT64K                     = 0x42
+	IFT_GIF                           = 0xf0
+	IFT_GIGABITETHERNET               = 0x75
+	IFT_GR303IDT                      = 0xb2
+	IFT_GR303RDT                      = 0xb1
+	IFT_H323GATEKEEPER                = 0xa4
+	IFT_H323PROXY                     = 0xa5
+	IFT_HDH1822                       = 0x3
+	IFT_HDLC                          = 0x76
+	IFT_HDSL2                         = 0xa8
+	IFT_HIPERLAN2                     = 0xb7
+	IFT_HIPPI                         = 0x2f
+	IFT_HIPPIINTERFACE                = 0x39
+	IFT_HOSTPAD                       = 0x5a
+	IFT_HSSI                          = 0x2e
+	IFT_HY                            = 0xe
+	IFT_IBM370PARCHAN                 = 0x48
+	IFT_IDSL                          = 0x9a
+	IFT_IEEE1394                      = 0x90
+	IFT_IEEE80211                     = 0x47
+	IFT_IEEE80212                     = 0x37
+	IFT_IEEE8023ADLAG                 = 0xa1
+	IFT_IFGSN                         = 0x91
+	IFT_IMT                           = 0xbe
+	IFT_INTERLEAVE                    = 0x7c
+	IFT_IP                            = 0x7e
+	IFT_IPFORWARD                     = 0x8e
+	IFT_IPOVERATM                     = 0x72
+	IFT_IPOVERCDLC                    = 0x6d
+	IFT_IPOVERCLAW                    = 0x6e
+	IFT_IPSWITCH                      = 0x4e
+	IFT_ISDN                          = 0x3f
+	IFT_ISDNBASIC                     = 0x14
+	IFT_ISDNPRIMARY                   = 0x15
+	IFT_ISDNS                         = 0x4b
+	IFT_ISDNU                         = 0x4c
+	IFT_ISO88022LLC                   = 0x29
+	IFT_ISO88023                      = 0x7
+	IFT_ISO88024                      = 0x8
+	IFT_ISO88025                      = 0x9
+	IFT_ISO88025CRFPINT               = 0x62
+	IFT_ISO88025DTR                   = 0x56
+	IFT_ISO88025FIBER                 = 0x73
+	IFT_ISO88026                      = 0xa
+	IFT_ISUP                          = 0xb3
+	IFT_L2VLAN                        = 0x87
+	IFT_L3IPVLAN                      = 0x88
+	IFT_L3IPXVLAN                     = 0x89
+	IFT_LAPB                          = 0x10
+	IFT_LAPD                          = 0x4d
+	IFT_LAPF                          = 0x77
+	IFT_LOCALTALK                     = 0x2a
+	IFT_LOOP                          = 0x18
+	IFT_MEDIAMAILOVERIP               = 0x8b
+	IFT_MFSIGLINK                     = 0xa7
+	IFT_MIOX25                        = 0x26
+	IFT_MODEM                         = 0x30
+	IFT_MPC                           = 0x71
+	IFT_MPLS                          = 0xa6
+	IFT_MPLSTUNNEL                    = 0x96
+	IFT_MSDSL                         = 0x8f
+	IFT_MVL                           = 0xbf
+	IFT_MYRINET                       = 0x63
+	IFT_NFAS                          = 0xaf
+	IFT_NSIP                          = 0x1b
+	IFT_OPTICALCHANNEL                = 0xc3
+	IFT_OPTICALTRANSPORT              = 0xc4
+	IFT_OTHER                         = 0x1
+	IFT_P10                           = 0xc
+	IFT_P80                           = 0xd
+	IFT_PARA                          = 0x22
+	IFT_PFLOG                         = 0xf5
+	IFT_PFSYNC                        = 0xf6
+	IFT_PLC                           = 0xae
+	IFT_POS                           = 0xab
+	IFT_PPP                           = 0x17
+	IFT_PPPMULTILINKBUNDLE            = 0x6c
+	IFT_PROPBWAP2MP                   = 0xb8
+	IFT_PROPCNLS                      = 0x59
+	IFT_PROPDOCSWIRELESSDOWNSTREAM    = 0xb5
+	IFT_PROPDOCSWIRELESSMACLAYER      = 0xb4
+	IFT_PROPDOCSWIRELESSUPSTREAM      = 0xb6
+	IFT_PROPMUX                       = 0x36
+	IFT_PROPVIRTUAL                   = 0x35
+	IFT_PROPWIRELESSP2P               = 0x9d
+	IFT_PTPSERIAL                     = 0x16
+	IFT_PVC                           = 0xf1
+	IFT_QLLC                          = 0x44
+	IFT_RADIOMAC                      = 0xbc
+	IFT_RADSL                         = 0x5f
+	IFT_REACHDSL                      = 0xc0
+	IFT_RFC1483                       = 0x9f
+	IFT_RS232                         = 0x21
+	IFT_RSRB                          = 0x4f
+	IFT_SDLC                          = 0x11
+	IFT_SDSL                          = 0x60
+	IFT_SHDSL                         = 0xa9
+	IFT_SIP                           = 0x1f
+	IFT_SLIP                          = 0x1c
+	IFT_SMDSDXI                       = 0x2b
+	IFT_SMDSICIP                      = 0x34
+	IFT_SONET                         = 0x27
+	IFT_SONETOVERHEADCHANNEL          = 0xb9
+	IFT_SONETPATH                     = 0x32
+	IFT_SONETVT                       = 0x33
+	IFT_SRP                           = 0x97
+	IFT_SS7SIGLINK                    = 0x9c
+	IFT_STACKTOSTACK                  = 0x6f
+	IFT_STARLAN                       = 0xb
+	IFT_STF                           = 0xf3
+	IFT_T1                            = 0x12
+	IFT_TDLC                          = 0x74
+	IFT_TERMPAD                       = 0x5b
+	IFT_TR008                         = 0xb0
+	IFT_TRANSPHDLC                    = 0x7b
+	IFT_TUNNEL                        = 0x83
+	IFT_ULTRA                         = 0x1d
+	IFT_USB                           = 0xa0
+	IFT_V11                           = 0x40
+	IFT_V35                           = 0x2d
+	IFT_V36                           = 0x41
+	IFT_V37                           = 0x78
+	IFT_VDSL                          = 0x61
+	IFT_VIRTUALIPADDRESS              = 0x70
+	IFT_VOICEEM                       = 0x64
+	IFT_VOICEENCAP                    = 0x67
+	IFT_VOICEFXO                      = 0x65
+	IFT_VOICEFXS                      = 0x66
+	IFT_VOICEOVERATM                  = 0x98
+	IFT_VOICEOVERFRAMERELAY           = 0x99
+	IFT_VOICEOVERIP                   = 0x68
+	IFT_X213                          = 0x5d
+	IFT_X25                           = 0x5
+	IFT_X25DDN                        = 0x4
+	IFT_X25HUNTGROUP                  = 0x7a
+	IFT_X25MLP                        = 0x79
+	IFT_X25PLE                        = 0x28
+	IFT_XETHER                        = 0x1a
+	IGNBRK                            = 0x1
+	IGNCR                             = 0x80
+	IGNPAR                            = 0x4
+	IMAXBEL                           = 0x2000
+	INLCR                             = 0x40
+	INPCK                             = 0x10
+	IN_CLASSA_HOST                    = 0xffffff
+	IN_CLASSA_MAX                     = 0x80
+	IN_CLASSA_NET                     = 0xff000000
+	IN_CLASSA_NSHIFT                  = 0x18
+	IN_CLASSB_HOST                    = 0xffff
+	IN_CLASSB_MAX                     = 0x10000
+	IN_CLASSB_NET                     = 0xffff0000
+	IN_CLASSB_NSHIFT                  = 0x10
+	IN_CLASSC_HOST                    = 0xff
+	IN_CLASSC_NET                     = 0xffffff00
+	IN_CLASSC_NSHIFT                  = 0x8
+	IN_CLASSD_HOST                    = 0xfffffff
+	IN_CLASSD_NET                     = 0xf0000000
+	IN_CLASSD_NSHIFT                  = 0x1c
+	IN_LOOPBACKNET                    = 0x7f
+	IPPROTO_3PC                       = 0x22
+	IPPROTO_ADFS                      = 0x44
+	IPPROTO_AH                        = 0x33
+	IPPROTO_AHIP                      = 0x3d
+	IPPROTO_APES                      = 0x63
+	IPPROTO_ARGUS                     = 0xd
+	IPPROTO_AX25                      = 0x5d
+	IPPROTO_BHA                       = 0x31
+	IPPROTO_BLT                       = 0x1e
+	IPPROTO_BRSATMON                  = 0x4c
+	IPPROTO_CARP                      = 0x70
+	IPPROTO_CFTP                      = 0x3e
+	IPPROTO_CHAOS                     = 0x10
+	IPPROTO_CMTP                      = 0x26
+	IPPROTO_CPHB                      = 0x49
+	IPPROTO_CPNX                      = 0x48
+	IPPROTO_DDP                       = 0x25
+	IPPROTO_DGP                       = 0x56
+	IPPROTO_DIVERT                    = 0xfe
+	IPPROTO_DONE                      = 0x101
+	IPPROTO_DSTOPTS                   = 0x3c
+	IPPROTO_EGP                       = 0x8
+	IPPROTO_EMCON                     = 0xe
+	IPPROTO_ENCAP                     = 0x62
+	IPPROTO_EON                       = 0x50
+	IPPROTO_ESP                       = 0x32
+	IPPROTO_ETHERIP                   = 0x61
+	IPPROTO_FRAGMENT                  = 0x2c
+	IPPROTO_GGP                       = 0x3
+	IPPROTO_GMTP                      = 0x64
+	IPPROTO_GRE                       = 0x2f
+	IPPROTO_HELLO                     = 0x3f
+	IPPROTO_HMP                       = 0x14
+	IPPROTO_HOPOPTS                   = 0x0
+	IPPROTO_ICMP                      = 0x1
+	IPPROTO_ICMPV6                    = 0x3a
+	IPPROTO_IDP                       = 0x16
+	IPPROTO_IDPR                      = 0x23
+	IPPROTO_IDRP                      = 0x2d
+	IPPROTO_IGMP                      = 0x2
+	IPPROTO_IGP                       = 0x55
+	IPPROTO_IGRP                      = 0x58
+	IPPROTO_IL                        = 0x28
+	IPPROTO_INLSP                     = 0x34
+	IPPROTO_INP                       = 0x20
+	IPPROTO_IP                        = 0x0
+	IPPROTO_IPCOMP                    = 0x6c
+	IPPROTO_IPCV                      = 0x47
+	IPPROTO_IPEIP                     = 0x5e
+	IPPROTO_IPIP                      = 0x4
+	IPPROTO_IPPC                      = 0x43
+	IPPROTO_IPV4                      = 0x4
+	IPPROTO_IPV6                      = 0x29
+	IPPROTO_IRTP                      = 0x1c
+	IPPROTO_KRYPTOLAN                 = 0x41
+	IPPROTO_LARP                      = 0x5b
+	IPPROTO_LEAF1                     = 0x19
+	IPPROTO_LEAF2                     = 0x1a
+	IPPROTO_MAX                       = 0x100
+	IPPROTO_MAXID                     = 0x34
+	IPPROTO_MEAS                      = 0x13
+	IPPROTO_MHRP                      = 0x30
+	IPPROTO_MICP                      = 0x5f
+	IPPROTO_MOBILE                    = 0x37
+	IPPROTO_MTP                       = 0x5c
+	IPPROTO_MUX                       = 0x12
+	IPPROTO_ND                        = 0x4d
+	IPPROTO_NHRP                      = 0x36
+	IPPROTO_NONE                      = 0x3b
+	IPPROTO_NSP                       = 0x1f
+	IPPROTO_NVPII                     = 0xb
+	IPPROTO_OSPFIGP                   = 0x59
+	IPPROTO_PFSYNC                    = 0xf0
+	IPPROTO_PGM                       = 0x71
+	IPPROTO_PIGP                      = 0x9
+	IPPROTO_PIM                       = 0x67
+	IPPROTO_PRM                       = 0x15
+	IPPROTO_PUP                       = 0xc
+	IPPROTO_PVP                       = 0x4b
+	IPPROTO_RAW                       = 0xff
+	IPPROTO_RCCMON                    = 0xa
+	IPPROTO_RDP                       = 0x1b
+	IPPROTO_ROUTING                   = 0x2b
+	IPPROTO_RSVP                      = 0x2e
+	IPPROTO_RVD                       = 0x42
+	IPPROTO_SATEXPAK                  = 0x40
+	IPPROTO_SATMON                    = 0x45
+	IPPROTO_SCCSP                     = 0x60
+	IPPROTO_SDRP                      = 0x2a
+	IPPROTO_SEP                       = 0x21
+	IPPROTO_SKIP                      = 0x39
+	IPPROTO_SRPC                      = 0x5a
+	IPPROTO_ST                        = 0x7
+	IPPROTO_SVMTP                     = 0x52
+	IPPROTO_SWIPE                     = 0x35
+	IPPROTO_TCF                       = 0x57
+	IPPROTO_TCP                       = 0x6
+	IPPROTO_TLSP                      = 0x38
+	IPPROTO_TP                        = 0x1d
+	IPPROTO_TPXX                      = 0x27
+	IPPROTO_TRUNK1                    = 0x17
+	IPPROTO_TRUNK2                    = 0x18
+	IPPROTO_TTP                       = 0x54
+	IPPROTO_UDP                       = 0x11
+	IPPROTO_UNKNOWN                   = 0x102
+	IPPROTO_VINES                     = 0x53
+	IPPROTO_VISA                      = 0x46
+	IPPROTO_VMTP                      = 0x51
+	IPPROTO_WBEXPAK                   = 0x4f
+	IPPROTO_WBMON                     = 0x4e
+	IPPROTO_WSN                       = 0x4a
+	IPPROTO_XNET                      = 0xf
+	IPPROTO_XTP                       = 0x24
+	IPV6_AUTOFLOWLABEL                = 0x3b
+	IPV6_BINDV6ONLY                   = 0x1b
+	IPV6_CHECKSUM                     = 0x1a
+	IPV6_DEFAULT_MULTICAST_HOPS       = 0x1
+	IPV6_DEFAULT_MULTICAST_LOOP       = 0x1
+	IPV6_DEFHLIM                      = 0x40
+	IPV6_DONTFRAG                     = 0x3e
+	IPV6_DSTOPTS                      = 0x32
+	IPV6_FAITH                        = 0x1d
+	IPV6_FLOWINFO_MASK                = 0xffffff0f
+	IPV6_FLOWLABEL_MASK               = 0xffff0f00
+	IPV6_FRAGTTL                      = 0x78
+	IPV6_FW_ADD                       = 0x1e
+	IPV6_FW_DEL                       = 0x1f
+	IPV6_FW_FLUSH                     = 0x20
+	IPV6_FW_GET                       = 0x22
+	IPV6_FW_ZERO                      = 0x21
+	IPV6_HLIMDEC                      = 0x1
+	IPV6_HOPLIMIT                     = 0x2f
+	IPV6_HOPOPTS                      = 0x31
+	IPV6_IPSEC_POLICY                 = 0x1c
+	IPV6_JOIN_GROUP                   = 0xc
+	IPV6_LEAVE_GROUP                  = 0xd
+	IPV6_MAXHLIM                      = 0xff
+	IPV6_MAXPACKET                    = 0xffff
+	IPV6_MINHLIM                      = 0x28
+	IPV6_MMTU                         = 0x500
+	IPV6_MSFILTER                     = 0x4a
+	IPV6_MULTICAST_HOPS               = 0xa
+	IPV6_MULTICAST_IF                 = 0x9
+	IPV6_MULTICAST_LOOP               = 0xb
+	IPV6_NEXTHOP                      = 0x30
+	IPV6_PATHMTU                      = 0x2c
+	IPV6_PKTINFO                      = 0x2e
+	IPV6_PKTOPTIONS                   = 0x34
+	IPV6_PORTRANGE                    = 0xe
+	IPV6_PORTRANGE_DEFAULT            = 0x0
+	IPV6_PORTRANGE_HIGH               = 0x1
+	IPV6_PORTRANGE_LOW                = 0x2
+	IPV6_PREFER_TEMPADDR              = 0x3f
+	IPV6_RECVDSTOPTS                  = 0x28
+	IPV6_RECVHOPLIMIT                 = 0x25
+	IPV6_RECVHOPOPTS                  = 0x27
+	IPV6_RECVPATHMTU                  = 0x2b
+	IPV6_RECVPKTINFO                  = 0x24
+	IPV6_RECVRTHDR                    = 0x26
+	IPV6_RECVTCLASS                   = 0x39
+	IPV6_RTHDR                        = 0x33
+	IPV6_RTHDRDSTOPTS                 = 0x23
+	IPV6_RTHDR_LOOSE                  = 0x0
+	IPV6_RTHDR_STRICT                 = 0x1
+	IPV6_RTHDR_TYPE_0                 = 0x0
+	IPV6_SOCKOPT_RESERVED1            = 0x3
+	IPV6_TCLASS                       = 0x3d
+	IPV6_UNICAST_HOPS                 = 0x4
+	IPV6_USE_MIN_MTU                  = 0x2a
+	IPV6_V6ONLY                       = 0x1b
+	IPV6_VERSION                      = 0x60
+	IPV6_VERSION_MASK                 = 0xf0
+	IP_ADD_MEMBERSHIP                 = 0xc
+	IP_DEFAULT_MULTICAST_LOOP         = 0x1
+	IP_DEFAULT_MULTICAST_TTL          = 0x1
+	IP_DF                             = 0x4000
+	IP_DROP_MEMBERSHIP                = 0xd
+	IP_DUMMYNET_CONFIGURE             = 0x3c
+	IP_DUMMYNET_DEL                   = 0x3d
+	IP_DUMMYNET_FLUSH                 = 0x3e
+	IP_DUMMYNET_GET                   = 0x40
+	IP_FAITH                          = 0x16
+	IP_FW_ADD                         = 0x32
+	IP_FW_DEL                         = 0x33
+	IP_FW_FLUSH                       = 0x34
+	IP_FW_GET                         = 0x36
+	IP_FW_RESETLOG                    = 0x37
+	IP_FW_X                           = 0x31
+	IP_FW_ZERO                        = 0x35
+	IP_HDRINCL                        = 0x2
+	IP_IPSEC_POLICY                   = 0x15
+	IP_MAXPACKET                      = 0xffff
+	IP_MAX_MEMBERSHIPS                = 0x14
+	IP_MF                             = 0x2000
+	IP_MINTTL                         = 0x42
+	IP_MSS                            = 0x240
+	IP_MULTICAST_IF                   = 0x9
+	IP_MULTICAST_LOOP                 = 0xb
+	IP_MULTICAST_TTL                  = 0xa
+	IP_MULTICAST_VIF                  = 0xe
+	IP_OFFMASK                        = 0x1fff
+	IP_OPTIONS                        = 0x1
+	IP_PORTRANGE                      = 0x13
+	IP_PORTRANGE_DEFAULT              = 0x0
+	IP_PORTRANGE_HIGH                 = 0x1
+	IP_PORTRANGE_LOW                  = 0x2
+	IP_RECVDSTADDR                    = 0x7
+	IP_RECVIF                         = 0x14
+	IP_RECVOPTS                       = 0x5
+	IP_RECVRETOPTS                    = 0x6
+	IP_RECVTTL                        = 0x41
+	IP_RETOPTS                        = 0x8
+	IP_RF                             = 0x8000
+	IP_RSVP_OFF                       = 0x10
+	IP_RSVP_ON                        = 0xf
+	IP_RSVP_VIF_OFF                   = 0x12
+	IP_RSVP_VIF_ON                    = 0x11
+	IP_TOS                            = 0x3
+	IP_TTL                            = 0x4
+	ISIG                              = 0x80
+	ISTRIP                            = 0x20
+	IXANY                             = 0x800
+	IXOFF                             = 0x400
+	IXON                              = 0x200
+	KERN_HOSTNAME                     = 0xa
+	KERN_OSRELEASE                    = 0x2
+	KERN_OSTYPE                       = 0x1
+	KERN_VERSION                      = 0x4
+	LOCK_EX                           = 0x2
+	LOCK_NB                           = 0x4
+	LOCK_SH                           = 0x1
+	LOCK_UN                           = 0x8
+	MADV_AUTOSYNC                     = 0x7
+	MADV_CONTROL_END                  = 0xb
+	MADV_CONTROL_START                = 0xa
+	MADV_CORE                         = 0x9
+	MADV_DONTNEED                     = 0x4
+	MADV_FREE                         = 0x5
+	MADV_INVAL                        = 0xa
+	MADV_NOCORE                       = 0x8
+	MADV_NORMAL                       = 0x0
+	MADV_NOSYNC                       = 0x6
+	MADV_RANDOM                       = 0x1
+	MADV_SEQUENTIAL                   = 0x2
+	MADV_SETMAP                       = 0xb
+	MADV_WILLNEED                     = 0x3
+	MAP_ANON                          = 0x1000
+	MAP_ANONYMOUS                     = 0x1000
+	MAP_COPY                          = 0x2
+	MAP_FILE                          = 0x0
+	MAP_FIXED                         = 0x10
+	MAP_HASSEMAPHORE                  = 0x200
+	MAP_INHERIT                       = 0x80
+	MAP_NOCORE                        = 0x20000
+	MAP_NOEXTEND                      = 0x100
+	MAP_NORESERVE                     = 0x40
+	MAP_NOSYNC                        = 0x800
+	MAP_PRIVATE                       = 0x2
+	MAP_RENAME                        = 0x20
+	MAP_SHARED                        = 0x1
+	MAP_SIZEALIGN                     = 0x40000
+	MAP_STACK                         = 0x400
+	MAP_TRYFIXED                      = 0x10000
+	MAP_VPAGETABLE                    = 0x2000
+	MCL_CURRENT                       = 0x1
+	MCL_FUTURE                        = 0x2
+	MNT_ASYNC                         = 0x40
+	MNT_AUTOMOUNTED                   = 0x20
+	MNT_CMDFLAGS                      = 0xf0000
+	MNT_DEFEXPORTED                   = 0x200
+	MNT_DELEXPORT                     = 0x20000
+	MNT_EXKERB                        = 0x800
+	MNT_EXPORTANON                    = 0x400
+	MNT_EXPORTED                      = 0x100
+	MNT_EXPUBLIC                      = 0x20000000
+	MNT_EXRDONLY                      = 0x80
+	MNT_FORCE                         = 0x80000
+	MNT_IGNORE                        = 0x800000
+	MNT_LAZY                          = 0x4
+	MNT_LOCAL                         = 0x1000
+	MNT_NOATIME                       = 0x10000000
+	MNT_NOCLUSTERR                    = 0x40000000
+	MNT_NOCLUSTERW                    = 0x80000000
+	MNT_NODEV                         = 0x10
+	MNT_NOEXEC                        = 0x4
+	MNT_NOSUID                        = 0x8
+	MNT_NOSYMFOLLOW                   = 0x400000
+	MNT_NOWAIT                        = 0x2
+	MNT_QUOTA                         = 0x2000
+	MNT_RDONLY                        = 0x1
+	MNT_RELOAD                        = 0x40000
+	MNT_ROOTFS                        = 0x4000
+	MNT_SOFTDEP                       = 0x200000
+	MNT_SUIDDIR                       = 0x100000
+	MNT_SYNCHRONOUS                   = 0x2
+	MNT_TRIM                          = 0x1000000
+	MNT_UPDATE                        = 0x10000
+	MNT_USER                          = 0x8000
+	MNT_VISFLAGMASK                   = 0xf1f0ffff
+	MNT_WAIT                          = 0x1
+	MSG_CMSG_CLOEXEC                  = 0x1000
+	MSG_CTRUNC                        = 0x20
+	MSG_DONTROUTE                     = 0x4
+	MSG_DONTWAIT                      = 0x80
+	MSG_EOF                           = 0x100
+	MSG_EOR                           = 0x8
+	MSG_FBLOCKING                     = 0x10000
+	MSG_FMASK                         = 0xffff0000
+	MSG_FNONBLOCKING                  = 0x20000
+	MSG_NOSIGNAL                      = 0x400
+	MSG_OOB                           = 0x1
+	MSG_PEEK                          = 0x2
+	MSG_SYNC                          = 0x800
+	MSG_TRUNC                         = 0x10
+	MSG_UNUSED09                      = 0x200
+	MSG_WAITALL                       = 0x40
+	MS_ASYNC                          = 0x1
+	MS_INVALIDATE                     = 0x2
+	MS_SYNC                           = 0x0
+	NAME_MAX                          = 0xff
+	NET_RT_DUMP                       = 0x1
+	NET_RT_FLAGS                      = 0x2
+	NET_RT_IFLIST                     = 0x3
+	NET_RT_MAXID                      = 0x4
+	NFDBITS                           = 0x40
+	NOFLSH                            = 0x80000000
+	NOKERNINFO                        = 0x2000000
+	NOTE_ATTRIB                       = 0x8
+	NOTE_CHILD                        = 0x4
+	NOTE_DELETE                       = 0x1
+	NOTE_EXEC                         = 0x20000000
+	NOTE_EXIT                         = 0x80000000
+	NOTE_EXTEND                       = 0x4
+	NOTE_FFAND                        = 0x40000000
+	NOTE_FFCOPY                       = 0xc0000000
+	NOTE_FFCTRLMASK                   = 0xc0000000
+	NOTE_FFLAGSMASK                   = 0xffffff
+	NOTE_FFNOP                        = 0x0
+	NOTE_FFOR                         = 0x80000000
+	NOTE_FORK                         = 0x40000000
+	NOTE_LINK                         = 0x10
+	NOTE_LOWAT                        = 0x1
+	NOTE_OOB                          = 0x2
+	NOTE_PCTRLMASK                    = 0xf0000000
+	NOTE_PDATAMASK                    = 0xfffff
+	NOTE_RENAME                       = 0x20
+	NOTE_REVOKE                       = 0x40
+	NOTE_TRACK                        = 0x1
+	NOTE_TRACKERR                     = 0x2
+	NOTE_TRIGGER                      = 0x1000000
+	NOTE_WRITE                        = 0x2
+	OCRNL                             = 0x10
+	ONLCR                             = 0x2
+	ONLRET                            = 0x40
+	ONOCR                             = 0x20
+	ONOEOT                            = 0x8
+	OPOST                             = 0x1
+	OXTABS                            = 0x4
+	O_ACCMODE                         = 0x3
+	O_APPEND                          = 0x8
+	O_ASYNC                           = 0x40
+	O_CLOEXEC                         = 0x20000
+	O_CREAT                           = 0x200
+	O_DIRECT                          = 0x10000
+	O_DIRECTORY                       = 0x8000000
+	O_EXCL                            = 0x800
+	O_EXLOCK                          = 0x20
+	O_FAPPEND                         = 0x100000
+	O_FASYNCWRITE                     = 0x800000
+	O_FBLOCKING                       = 0x40000
+	O_FMASK                           = 0xfc0000
+	O_FNONBLOCKING                    = 0x80000
+	O_FOFFSET                         = 0x200000
+	O_FSYNC                           = 0x80
+	O_FSYNCWRITE                      = 0x400000
+	O_NDELAY                          = 0x4
+	O_NOCTTY                          = 0x8000
+	O_NOFOLLOW                        = 0x100
+	O_NONBLOCK                        = 0x4
+	O_RDONLY                          = 0x0
+	O_RDWR                            = 0x2
+	O_SHLOCK                          = 0x10
+	O_SYNC                            = 0x80
+	O_TRUNC                           = 0x400
+	O_WRONLY                          = 0x1
+	PARENB                            = 0x1000
+	PARMRK                            = 0x8
+	PARODD                            = 0x2000
+	PENDIN                            = 0x20000000
+	PRIO_PGRP                         = 0x1
+	PRIO_PROCESS                      = 0x0
+	PRIO_USER                         = 0x2
+	PROT_EXEC                         = 0x4
+	PROT_NONE                         = 0x0
+	PROT_READ                         = 0x1
+	PROT_WRITE                        = 0x2
+	RLIMIT_AS                         = 0xa
+	RLIMIT_CORE                       = 0x4
+	RLIMIT_CPU                        = 0x0
+	RLIMIT_DATA                       = 0x2
+	RLIMIT_FSIZE                      = 0x1
+	RLIMIT_MEMLOCK                    = 0x6
+	RLIMIT_NOFILE                     = 0x8
+	RLIMIT_NPROC                      = 0x7
+	RLIMIT_RSS                        = 0x5
+	RLIMIT_STACK                      = 0x3
+	RLIM_INFINITY                     = 0x7fffffffffffffff
+	RTAX_AUTHOR                       = 0x6
+	RTAX_BRD                          = 0x7
+	RTAX_DST                          = 0x0
+	RTAX_GATEWAY                      = 0x1
+	RTAX_GENMASK                      = 0x3
+	RTAX_IFA                          = 0x5
+	RTAX_IFP                          = 0x4
+	RTAX_MAX                          = 0xb
+	RTAX_MPLS1                        = 0x8
+	RTAX_MPLS2                        = 0x9
+	RTAX_MPLS3                        = 0xa
+	RTAX_NETMASK                      = 0x2
+	RTA_AUTHOR                        = 0x40
+	RTA_BRD                           = 0x80
+	RTA_DST                           = 0x1
+	RTA_GATEWAY                       = 0x2
+	RTA_GENMASK                       = 0x8
+	RTA_IFA                           = 0x20
+	RTA_IFP                           = 0x10
+	RTA_MPLS1                         = 0x100
+	RTA_MPLS2                         = 0x200
+	RTA_MPLS3                         = 0x400
+	RTA_NETMASK                       = 0x4
+	RTF_BLACKHOLE                     = 0x1000
+	RTF_BROADCAST                     = 0x400000
+	RTF_CLONING                       = 0x100
+	RTF_DONE                          = 0x40
+	RTF_DYNAMIC                       = 0x10
+	RTF_GATEWAY                       = 0x2
+	RTF_HOST                          = 0x4
+	RTF_LLINFO                        = 0x400
+	RTF_LOCAL                         = 0x200000
+	RTF_MODIFIED                      = 0x20
+	RTF_MPLSOPS                       = 0x1000000
+	RTF_MULTICAST                     = 0x800000
+	RTF_PINNED                        = 0x100000
+	RTF_PRCLONING                     = 0x10000
+	RTF_PROTO1                        = 0x8000
+	RTF_PROTO2                        = 0x4000
+	RTF_PROTO3                        = 0x40000
+	RTF_REJECT                        = 0x8
+	RTF_STATIC                        = 0x800
+	RTF_UP                            = 0x1
+	RTF_WASCLONED                     = 0x20000
+	RTF_XRESOLVE                      = 0x200
+	RTM_ADD                           = 0x1
+	RTM_CHANGE                        = 0x3
+	RTM_DELADDR                       = 0xd
+	RTM_DELETE                        = 0x2
+	RTM_DELMADDR                      = 0x10
+	RTM_GET                           = 0x4
+	RTM_IEEE80211                     = 0x12
+	RTM_IFANNOUNCE                    = 0x11
+	RTM_IFINFO                        = 0xe
+	RTM_LOCK                          = 0x8
+	RTM_LOSING                        = 0x5
+	RTM_MISS                          = 0x7
+	RTM_NEWADDR                       = 0xc
+	RTM_NEWMADDR                      = 0xf
+	RTM_OLDADD                        = 0x9
+	RTM_OLDDEL                        = 0xa
+	RTM_REDIRECT                      = 0x6
+	RTM_RESOLVE                       = 0xb
+	RTM_RTTUNIT                       = 0xf4240
+	RTM_VERSION                       = 0x6
+	RTV_EXPIRE                        = 0x4
+	RTV_HOPCOUNT                      = 0x2
+	RTV_IWCAPSEGS                     = 0x400
+	RTV_IWMAXSEGS                     = 0x200
+	RTV_MSL                           = 0x100
+	RTV_MTU                           = 0x1
+	RTV_RPIPE                         = 0x8
+	RTV_RTT                           = 0x40
+	RTV_RTTVAR                        = 0x80
+	RTV_SPIPE                         = 0x10
+	RTV_SSTHRESH                      = 0x20
+	RUSAGE_CHILDREN                   = -0x1
+	RUSAGE_SELF                       = 0x0
+	SCM_CREDS                         = 0x3
+	SCM_RIGHTS                        = 0x1
+	SCM_TIMESTAMP                     = 0x2
+	SHUT_RD                           = 0x0
+	SHUT_RDWR                         = 0x2
+	SHUT_WR                           = 0x1
+	SIOCADDMULTI                      = 0x80206931
+	SIOCADDRT                         = 0x8040720a
+	SIOCAIFADDR                       = 0x8040691a
+	SIOCALIFADDR                      = 0x8118691b
+	SIOCATMARK                        = 0x40047307
+	SIOCDELMULTI                      = 0x80206932
+	SIOCDELRT                         = 0x8040720b
+	SIOCDIFADDR                       = 0x80206919
+	SIOCDIFPHYADDR                    = 0x80206949
+	SIOCDLIFADDR                      = 0x8118691d
+	SIOCGDRVSPEC                      = 0xc028697b
+	SIOCGETSGCNT                      = 0xc0207210
+	SIOCGETVIFCNT                     = 0xc028720f
+	SIOCGHIWAT                        = 0x40047301
+	SIOCGIFADDR                       = 0xc0206921
+	SIOCGIFBRDADDR                    = 0xc0206923
+	SIOCGIFCAP                        = 0xc020691f
+	SIOCGIFCONF                       = 0xc0106924
+	SIOCGIFDATA                       = 0xc0206926
+	SIOCGIFDSTADDR                    = 0xc0206922
+	SIOCGIFFLAGS                      = 0xc0206911
+	SIOCGIFGENERIC                    = 0xc020693a
+	SIOCGIFGMEMB                      = 0xc028698a
+	SIOCGIFINDEX                      = 0xc0206920
+	SIOCGIFMEDIA                      = 0xc0306938
+	SIOCGIFMETRIC                     = 0xc0206917
+	SIOCGIFMTU                        = 0xc0206933
+	SIOCGIFNETMASK                    = 0xc0206925
+	SIOCGIFPDSTADDR                   = 0xc0206948
+	SIOCGIFPHYS                       = 0xc0206935
+	SIOCGIFPOLLCPU                    = 0xc020697e
+	SIOCGIFPSRCADDR                   = 0xc0206947
+	SIOCGIFSTATUS                     = 0xc331693b
+	SIOCGIFTSOLEN                     = 0xc0206980
+	SIOCGLIFADDR                      = 0xc118691c
+	SIOCGLIFPHYADDR                   = 0xc118694b
+	SIOCGLOWAT                        = 0x40047303
+	SIOCGPGRP                         = 0x40047309
+	SIOCGPRIVATE_0                    = 0xc0206950
+	SIOCGPRIVATE_1                    = 0xc0206951
+	SIOCIFCREATE                      = 0xc020697a
+	SIOCIFCREATE2                     = 0xc020697c
+	SIOCIFDESTROY                     = 0x80206979
+	SIOCIFGCLONERS                    = 0xc0106978
+	SIOCSDRVSPEC                      = 0x8028697b
+	SIOCSHIWAT                        = 0x80047300
+	SIOCSIFADDR                       = 0x8020690c
+	SIOCSIFBRDADDR                    = 0x80206913
+	SIOCSIFCAP                        = 0x8020691e
+	SIOCSIFDSTADDR                    = 0x8020690e
+	SIOCSIFFLAGS                      = 0x80206910
+	SIOCSIFGENERIC                    = 0x80206939
+	SIOCSIFLLADDR                     = 0x8020693c
+	SIOCSIFMEDIA                      = 0xc0206937
+	SIOCSIFMETRIC                     = 0x80206918
+	SIOCSIFMTU                        = 0x80206934
+	SIOCSIFNAME                       = 0x80206928
+	SIOCSIFNETMASK                    = 0x80206916
+	SIOCSIFPHYADDR                    = 0x80406946
+	SIOCSIFPHYS                       = 0x80206936
+	SIOCSIFPOLLCPU                    = 0x8020697d
+	SIOCSIFTSOLEN                     = 0x8020697f
+	SIOCSLIFPHYADDR                   = 0x8118694a
+	SIOCSLOWAT                        = 0x80047302
+	SIOCSPGRP                         = 0x80047308
+	SOCK_CLOEXEC                      = 0x10000000
+	SOCK_DGRAM                        = 0x2
+	SOCK_MAXADDRLEN                   = 0xff
+	SOCK_NONBLOCK                     = 0x20000000
+	SOCK_RAW                          = 0x3
+	SOCK_RDM                          = 0x4
+	SOCK_SEQPACKET                    = 0x5
+	SOCK_STREAM                       = 0x1
+	SOL_SOCKET                        = 0xffff
+	SOMAXCONN                         = 0x80
+	SO_ACCEPTCONN                     = 0x2
+	SO_ACCEPTFILTER                   = 0x1000
+	SO_BROADCAST                      = 0x20
+	SO_CPUHINT                        = 0x1030
+	SO_DEBUG                          = 0x1
+	SO_DONTROUTE                      = 0x10
+	SO_ERROR                          = 0x1007
+	SO_KEEPALIVE                      = 0x8
+	SO_LINGER                         = 0x80
+	SO_NOSIGPIPE                      = 0x800
+	SO_OOBINLINE                      = 0x100
+	SO_RCVBUF                         = 0x1002
+	SO_RCVLOWAT                       = 0x1004
+	SO_RCVTIMEO                       = 0x1006
+	SO_REUSEADDR                      = 0x4
+	SO_REUSEPORT                      = 0x200
+	SO_SNDBUF                         = 0x1001
+	SO_SNDLOWAT                       = 0x1003
+	SO_SNDSPACE                       = 0x100a
+	SO_SNDTIMEO                       = 0x1005
+	SO_TIMESTAMP                      = 0x400
+	SO_TYPE                           = 0x1008
+	SO_USELOOPBACK                    = 0x40
+	S_BLKSIZE                         = 0x200
+	S_IEXEC                           = 0x40
+	S_IFBLK                           = 0x6000
+	S_IFCHR                           = 0x2000
+	S_IFDB                            = 0x9000
+	S_IFDIR                           = 0x4000
+	S_IFIFO                           = 0x1000
+	S_IFLNK                           = 0xa000
+	S_IFMT                            = 0xf000
+	S_IFREG                           = 0x8000
+	S_IFSOCK                          = 0xc000
+	S_IFWHT                           = 0xe000
+	S_IREAD                           = 0x100
+	S_IRGRP                           = 0x20
+	S_IROTH                           = 0x4
+	S_IRUSR                           = 0x100
+	S_IRWXG                           = 0x38
+	S_IRWXO                           = 0x7
+	S_IRWXU                           = 0x1c0
+	S_ISGID                           = 0x400
+	S_ISTXT                           = 0x200
+	S_ISUID                           = 0x800
+	S_ISVTX                           = 0x200
+	S_IWGRP                           = 0x10
+	S_IWOTH                           = 0x2
+	S_IWRITE                          = 0x80
+	S_IWUSR                           = 0x80
+	S_IXGRP                           = 0x8
+	S_IXOTH                           = 0x1
+	S_IXUSR                           = 0x40
+	TCIFLUSH                          = 0x1
+	TCIOFF                            = 0x3
+	TCIOFLUSH                         = 0x3
+	TCION                             = 0x4
+	TCOFLUSH                          = 0x2
+	TCOOFF                            = 0x1
+	TCOON                             = 0x2
+	TCP_FASTKEEP                      = 0x80
+	TCP_KEEPCNT                       = 0x400
+	TCP_KEEPIDLE                      = 0x100
+	TCP_KEEPINIT                      = 0x20
+	TCP_KEEPINTVL                     = 0x200
+	TCP_MAXBURST                      = 0x4
+	TCP_MAXHLEN                       = 0x3c
+	TCP_MAXOLEN                       = 0x28
+	TCP_MAXSEG                        = 0x2
+	TCP_MAXWIN                        = 0xffff
+	TCP_MAX_WINSHIFT                  = 0xe
+	TCP_MINMSS                        = 0x100
+	TCP_MIN_WINSHIFT                  = 0x5
+	TCP_MSS                           = 0x200
+	TCP_NODELAY                       = 0x1
+	TCP_NOOPT                         = 0x8
+	TCP_NOPUSH                        = 0x4
+	TCP_SIGNATURE_ENABLE              = 0x10
+	TCSAFLUSH                         = 0x2
+	TIOCCBRK                          = 0x2000747a
+	TIOCCDTR                          = 0x20007478
+	TIOCCONS                          = 0x80047462
+	TIOCDCDTIMESTAMP                  = 0x40107458
+	TIOCDRAIN                         = 0x2000745e
+	TIOCEXCL                          = 0x2000740d
+	TIOCEXT                           = 0x80047460
+	TIOCFLUSH                         = 0x80047410
+	TIOCGDRAINWAIT                    = 0x40047456
+	TIOCGETA                          = 0x402c7413
+	TIOCGETD                          = 0x4004741a
+	TIOCGPGRP                         = 0x40047477
+	TIOCGSID                          = 0x40047463
+	TIOCGSIZE                         = 0x40087468
+	TIOCGWINSZ                        = 0x40087468
+	TIOCISPTMASTER                    = 0x20007455
+	TIOCMBIC                          = 0x8004746b
+	TIOCMBIS                          = 0x8004746c
+	TIOCMGDTRWAIT                     = 0x4004745a
+	TIOCMGET                          = 0x4004746a
+	TIOCMODG                          = 0x40047403
+	TIOCMODS                          = 0x80047404
+	TIOCMSDTRWAIT                     = 0x8004745b
+	TIOCMSET                          = 0x8004746d
+	TIOCM_CAR                         = 0x40
+	TIOCM_CD                          = 0x40
+	TIOCM_CTS                         = 0x20
+	TIOCM_DSR                         = 0x100
+	TIOCM_DTR                         = 0x2
+	TIOCM_LE                          = 0x1
+	TIOCM_RI                          = 0x80
+	TIOCM_RNG                         = 0x80
+	TIOCM_RTS                         = 0x4
+	TIOCM_SR                          = 0x10
+	TIOCM_ST                          = 0x8
+	TIOCNOTTY                         = 0x20007471
+	TIOCNXCL                          = 0x2000740e
+	TIOCOUTQ                          = 0x40047473
+	TIOCPKT                           = 0x80047470
+	TIOCPKT_DATA                      = 0x0
+	TIOCPKT_DOSTOP                    = 0x20
+	TIOCPKT_FLUSHREAD                 = 0x1
+	TIOCPKT_FLUSHWRITE                = 0x2
+	TIOCPKT_IOCTL                     = 0x40
+	TIOCPKT_NOSTOP                    = 0x10
+	TIOCPKT_START                     = 0x8
+	TIOCPKT_STOP                      = 0x4
+	TIOCREMOTE                        = 0x80047469
+	TIOCSBRK                          = 0x2000747b
+	TIOCSCTTY                         = 0x20007461
+	TIOCSDRAINWAIT                    = 0x80047457
+	TIOCSDTR                          = 0x20007479
+	TIOCSETA                          = 0x802c7414
+	TIOCSETAF                         = 0x802c7416
+	TIOCSETAW                         = 0x802c7415
+	TIOCSETD                          = 0x8004741b
+	TIOCSIG                           = 0x2000745f
+	TIOCSPGRP                         = 0x80047476
+	TIOCSSIZE                         = 0x80087467
+	TIOCSTART                         = 0x2000746e
+	TIOCSTAT                          = 0x20007465
+	TIOCSTI                           = 0x80017472
+	TIOCSTOP                          = 0x2000746f
+	TIOCSWINSZ                        = 0x80087467
+	TIOCTIMESTAMP                     = 0x40107459
+	TIOCUCNTL                         = 0x80047466
+	TOSTOP                            = 0x400000
+	VCHECKPT                          = 0x13
+	VDISCARD                          = 0xf
+	VDSUSP                            = 0xb
+	VEOF                              = 0x0
+	VEOL                              = 0x1
+	VEOL2                             = 0x2
+	VERASE                            = 0x3
+	VERASE2                           = 0x7
+	VINTR                             = 0x8
+	VKILL                             = 0x5
+	VLNEXT                            = 0xe
+	VMIN                              = 0x10
+	VM_BCACHE_SIZE_MAX                = 0x0
+	VM_SWZONE_SIZE_MAX                = 0x4000000000
+	VQUIT                             = 0x9
+	VREPRINT                          = 0x6
+	VSTART                            = 0xc
+	VSTATUS                           = 0x12
+	VSTOP                             = 0xd
+	VSUSP                             = 0xa
+	VTIME                             = 0x11
+	VWERASE                           = 0x4
+	WCONTINUED                        = 0x4
+	WCOREFLAG                         = 0x80
+	WLINUXCLONE                       = 0x80000000
+	WNOHANG                           = 0x1
+	WSTOPPED                          = 0x7f
+	WUNTRACED                         = 0x2
+)
+
+// Errors
+const (
+	E2BIG           = syscall.Errno(0x7)
+	EACCES          = syscall.Errno(0xd)
+	EADDRINUSE      = syscall.Errno(0x30)
+	EADDRNOTAVAIL   = syscall.Errno(0x31)
+	EAFNOSUPPORT    = syscall.Errno(0x2f)
+	EAGAIN          = syscall.Errno(0x23)
+	EALREADY        = syscall.Errno(0x25)
+	EASYNC          = syscall.Errno(0x63)
+	EAUTH           = syscall.Errno(0x50)
+	EBADF           = syscall.Errno(0x9)
+	EBADMSG         = syscall.Errno(0x59)
+	EBADRPC         = syscall.Errno(0x48)
+	EBUSY           = syscall.Errno(0x10)
+	ECANCELED       = syscall.Errno(0x55)
+	ECHILD          = syscall.Errno(0xa)
+	ECONNABORTED    = syscall.Errno(0x35)
+	ECONNREFUSED    = syscall.Errno(0x3d)
+	ECONNRESET      = syscall.Errno(0x36)
+	EDEADLK         = syscall.Errno(0xb)
+	EDESTADDRREQ    = syscall.Errno(0x27)
+	EDOM            = syscall.Errno(0x21)
+	EDOOFUS         = syscall.Errno(0x58)
+	EDQUOT          = syscall.Errno(0x45)
+	EEXIST          = syscall.Errno(0x11)
+	EFAULT          = syscall.Errno(0xe)
+	EFBIG           = syscall.Errno(0x1b)
+	EFTYPE          = syscall.Errno(0x4f)
+	EHOSTDOWN       = syscall.Errno(0x40)
+	EHOSTUNREACH    = syscall.Errno(0x41)
+	EIDRM           = syscall.Errno(0x52)
+	EILSEQ          = syscall.Errno(0x56)
+	EINPROGRESS     = syscall.Errno(0x24)
+	EINTR           = syscall.Errno(0x4)
+	EINVAL          = syscall.Errno(0x16)
+	EIO             = syscall.Errno(0x5)
+	EISCONN         = syscall.Errno(0x38)
+	EISDIR          = syscall.Errno(0x15)
+	ELAST           = syscall.Errno(0x63)
+	ELOOP           = syscall.Errno(0x3e)
+	EMFILE          = syscall.Errno(0x18)
+	EMLINK          = syscall.Errno(0x1f)
+	EMSGSIZE        = syscall.Errno(0x28)
+	EMULTIHOP       = syscall.Errno(0x5a)
+	ENAMETOOLONG    = syscall.Errno(0x3f)
+	ENEEDAUTH       = syscall.Errno(0x51)
+	ENETDOWN        = syscall.Errno(0x32)
+	ENETRESET       = syscall.Errno(0x34)
+	ENETUNREACH     = syscall.Errno(0x33)
+	ENFILE          = syscall.Errno(0x17)
+	ENOATTR         = syscall.Errno(0x57)
+	ENOBUFS         = syscall.Errno(0x37)
+	ENODEV          = syscall.Errno(0x13)
+	ENOENT          = syscall.Errno(0x2)
+	ENOEXEC         = syscall.Errno(0x8)
+	ENOLCK          = syscall.Errno(0x4d)
+	ENOLINK         = syscall.Errno(0x5b)
+	ENOMEDIUM       = syscall.Errno(0x5d)
+	ENOMEM          = syscall.Errno(0xc)
+	ENOMSG          = syscall.Errno(0x53)
+	ENOPROTOOPT     = syscall.Errno(0x2a)
+	ENOSPC          = syscall.Errno(0x1c)
+	ENOSYS          = syscall.Errno(0x4e)
+	ENOTBLK         = syscall.Errno(0xf)
+	ENOTCONN        = syscall.Errno(0x39)
+	ENOTDIR         = syscall.Errno(0x14)
+	ENOTEMPTY       = syscall.Errno(0x42)
+	ENOTSOCK        = syscall.Errno(0x26)
+	ENOTSUP         = syscall.Errno(0x2d)
+	ENOTTY          = syscall.Errno(0x19)
+	ENXIO           = syscall.Errno(0x6)
+	EOPNOTSUPP      = syscall.Errno(0x2d)
+	EOVERFLOW       = syscall.Errno(0x54)
+	EPERM           = syscall.Errno(0x1)
+	EPFNOSUPPORT    = syscall.Errno(0x2e)
+	EPIPE           = syscall.Errno(0x20)
+	EPROCLIM        = syscall.Errno(0x43)
+	EPROCUNAVAIL    = syscall.Errno(0x4c)
+	EPROGMISMATCH   = syscall.Errno(0x4b)
+	EPROGUNAVAIL    = syscall.Errno(0x4a)
+	EPROTO          = syscall.Errno(0x5c)
+	EPROTONOSUPPORT = syscall.Errno(0x2b)
+	EPROTOTYPE      = syscall.Errno(0x29)
+	ERANGE          = syscall.Errno(0x22)
+	EREMOTE         = syscall.Errno(0x47)
+	EROFS           = syscall.Errno(0x1e)
+	ERPCMISMATCH    = syscall.Errno(0x49)
+	ESHUTDOWN       = syscall.Errno(0x3a)
+	ESOCKTNOSUPPORT = syscall.Errno(0x2c)
+	ESPIPE          = syscall.Errno(0x1d)
+	ESRCH           = syscall.Errno(0x3)
+	ESTALE          = syscall.Errno(0x46)
+	ETIMEDOUT       = syscall.Errno(0x3c)
+	ETOOMANYREFS    = syscall.Errno(0x3b)
+	ETXTBSY         = syscall.Errno(0x1a)
+	EUNUSED94       = syscall.Errno(0x5e)
+	EUNUSED95       = syscall.Errno(0x5f)
+	EUNUSED96       = syscall.Errno(0x60)
+	EUNUSED97       = syscall.Errno(0x61)
+	EUNUSED98       = syscall.Errno(0x62)
+	EUSERS          = syscall.Errno(0x44)
+	EWOULDBLOCK     = syscall.Errno(0x23)
+	EXDEV           = syscall.Errno(0x12)
+)
+
+// Signals
+const (
+	SIGABRT     = syscall.Signal(0x6)
+	SIGALRM     = syscall.Signal(0xe)
+	SIGBUS      = syscall.Signal(0xa)
+	SIGCHLD     = syscall.Signal(0x14)
+	SIGCKPT     = syscall.Signal(0x21)
+	SIGCKPTEXIT = syscall.Signal(0x22)
+	SIGCONT     = syscall.Signal(0x13)
+	SIGEMT      = syscall.Signal(0x7)
+	SIGFPE      = syscall.Signal(0x8)
+	SIGHUP      = syscall.Signal(0x1)
+	SIGILL      = syscall.Signal(0x4)
+	SIGINFO     = syscall.Signal(0x1d)
+	SIGINT      = syscall.Signal(0x2)
+	SIGIO       = syscall.Signal(0x17)
+	SIGIOT      = syscall.Signal(0x6)
+	SIGKILL     = syscall.Signal(0x9)
+	SIGPIPE     = syscall.Signal(0xd)
+	SIGPROF     = syscall.Signal(0x1b)
+	SIGQUIT     = syscall.Signal(0x3)
+	SIGSEGV     = syscall.Signal(0xb)
+	SIGSTOP     = syscall.Signal(0x11)
+	SIGSYS      = syscall.Signal(0xc)
+	SIGTERM     = syscall.Signal(0xf)
+	SIGTHR      = syscall.Signal(0x20)
+	SIGTRAP     = syscall.Signal(0x5)
+	SIGTSTP     = syscall.Signal(0x12)
+	SIGTTIN     = syscall.Signal(0x15)
+	SIGTTOU     = syscall.Signal(0x16)
+	SIGURG      = syscall.Signal(0x10)
+	SIGUSR1     = syscall.Signal(0x1e)
+	SIGUSR2     = syscall.Signal(0x1f)
+	SIGVTALRM   = syscall.Signal(0x1a)
+	SIGWINCH    = syscall.Signal(0x1c)
+	SIGXCPU     = syscall.Signal(0x18)
+	SIGXFSZ     = syscall.Signal(0x19)
+)
+
+// Error table
+var errorList = [...]struct {
+	num  syscall.Errno
+	name string
+	desc string
+}{
+	{1, "EPERM", "operation not permitted"},
+	{2, "ENOENT", "no such file or directory"},
+	{3, "ESRCH", "no such process"},
+	{4, "EINTR", "interrupted system call"},
+	{5, "EIO", "input/output error"},
+	{6, "ENXIO", "device not configured"},
+	{7, "E2BIG", "argument list too long"},
+	{8, "ENOEXEC", "exec format error"},
+	{9, "EBADF", "bad file descriptor"},
+	{10, "ECHILD", "no child processes"},
+	{11, "EDEADLK", "resource deadlock avoided"},
+	{12, "ENOMEM", "cannot allocate memory"},
+	{13, "EACCES", "permission denied"},
+	{14, "EFAULT", "bad address"},
+	{15, "ENOTBLK", "block device required"},
+	{16, "EBUSY", "device busy"},
+	{17, "EEXIST", "file exists"},
+	{18, "EXDEV", "cross-device link"},
+	{19, "ENODEV", "operation not supported by device"},
+	{20, "ENOTDIR", "not a directory"},
+	{21, "EISDIR", "is a directory"},
+	{22, "EINVAL", "invalid argument"},
+	{23, "ENFILE", "too many open files in system"},
+	{24, "EMFILE", "too many open files"},
+	{25, "ENOTTY", "inappropriate ioctl for device"},
+	{26, "ETXTBSY", "text file busy"},
+	{27, "EFBIG", "file too large"},
+	{28, "ENOSPC", "no space left on device"},
+	{29, "ESPIPE", "illegal seek"},
+	{30, "EROFS", "read-only file system"},
+	{31, "EMLINK", "too many links"},
+	{32, "EPIPE", "broken pipe"},
+	{33, "EDOM", "numerical argument out of domain"},
+	{34, "ERANGE", "result too large"},
+	{35, "EWOULDBLOCK", "resource temporarily unavailable"},
+	{36, "EINPROGRESS", "operation now in progress"},
+	{37, "EALREADY", "operation already in progress"},
+	{38, "ENOTSOCK", "socket operation on non-socket"},
+	{39, "EDESTADDRREQ", "destination address required"},
+	{40, "EMSGSIZE", "message too long"},
+	{41, "EPROTOTYPE", "protocol wrong type for socket"},
+	{42, "ENOPROTOOPT", "protocol not available"},
+	{43, "EPROTONOSUPPORT", "protocol not supported"},
+	{44, "ESOCKTNOSUPPORT", "socket type not supported"},
+	{45, "EOPNOTSUPP", "operation not supported"},
+	{46, "EPFNOSUPPORT", "protocol family not supported"},
+	{47, "EAFNOSUPPORT", "address family not supported by protocol family"},
+	{48, "EADDRINUSE", "address already in use"},
+	{49, "EADDRNOTAVAIL", "can't assign requested address"},
+	{50, "ENETDOWN", "network is down"},
+	{51, "ENETUNREACH", "network is unreachable"},
+	{52, "ENETRESET", "network dropped connection on reset"},
+	{53, "ECONNABORTED", "software caused connection abort"},
+	{54, "ECONNRESET", "connection reset by peer"},
+	{55, "ENOBUFS", "no buffer space available"},
+	{56, "EISCONN", "socket is already connected"},
+	{57, "ENOTCONN", "socket is not connected"},
+	{58, "ESHUTDOWN", "can't send after socket shutdown"},
+	{59, "ETOOMANYREFS", "too many references: can't splice"},
+	{60, "ETIMEDOUT", "operation timed out"},
+	{61, "ECONNREFUSED", "connection refused"},
+	{62, "ELOOP", "too many levels of symbolic links"},
+	{63, "ENAMETOOLONG", "file name too long"},
+	{64, "EHOSTDOWN", "host is down"},
+	{65, "EHOSTUNREACH", "no route to host"},
+	{66, "ENOTEMPTY", "directory not empty"},
+	{67, "EPROCLIM", "too many processes"},
+	{68, "EUSERS", "too many users"},
+	{69, "EDQUOT", "disc quota exceeded"},
+	{70, "ESTALE", "stale NFS file handle"},
+	{71, "EREMOTE", "too many levels of remote in path"},
+	{72, "EBADRPC", "RPC struct is bad"},
+	{73, "ERPCMISMATCH", "RPC version wrong"},
+	{74, "EPROGUNAVAIL", "RPC prog. not avail"},
+	{75, "EPROGMISMATCH", "program version wrong"},
+	{76, "EPROCUNAVAIL", "bad procedure for program"},
+	{77, "ENOLCK", "no locks available"},
+	{78, "ENOSYS", "function not implemented"},
+	{79, "EFTYPE", "inappropriate file type or format"},
+	{80, "EAUTH", "authentication error"},
+	{81, "ENEEDAUTH", "need authenticator"},
+	{82, "EIDRM", "identifier removed"},
+	{83, "ENOMSG", "no message of desired type"},
+	{84, "EOVERFLOW", "value too large to be stored in data type"},
+	{85, "ECANCELED", "operation canceled"},
+	{86, "EILSEQ", "illegal byte sequence"},
+	{87, "ENOATTR", "attribute not found"},
+	{88, "EDOOFUS", "programming error"},
+	{89, "EBADMSG", "bad message"},
+	{90, "EMULTIHOP", "multihop attempted"},
+	{91, "ENOLINK", "link has been severed"},
+	{92, "EPROTO", "protocol error"},
+	{93, "ENOMEDIUM", "no medium found"},
+	{94, "EUNUSED94", "unknown error: 94"},
+	{95, "EUNUSED95", "unknown error: 95"},
+	{96, "EUNUSED96", "unknown error: 96"},
+	{97, "EUNUSED97", "unknown error: 97"},
+	{98, "EUNUSED98", "unknown error: 98"},
+	{99, "ELAST", "unknown error: 99"},
+}
+
+// Signal table
+var signalList = [...]struct {
+	num  syscall.Signal
+	name string
+	desc string
+}{
+	{1, "SIGHUP", "hangup"},
+	{2, "SIGINT", "interrupt"},
+	{3, "SIGQUIT", "quit"},
+	{4, "SIGILL", "illegal instruction"},
+	{5, "SIGTRAP", "trace/BPT trap"},
+	{6, "SIGIOT", "abort trap"},
+	{7, "SIGEMT", "EMT trap"},
+	{8, "SIGFPE", "floating point exception"},
+	{9, "SIGKILL", "killed"},
+	{10, "SIGBUS", "bus error"},
+	{11, "SIGSEGV", "segmentation fault"},
+	{12, "SIGSYS", "bad system call"},
+	{13, "SIGPIPE", "broken pipe"},
+	{14, "SIGALRM", "alarm clock"},
+	{15, "SIGTERM", "terminated"},
+	{16, "SIGURG", "urgent I/O condition"},
+	{17, "SIGSTOP", "suspended (signal)"},
+	{18, "SIGTSTP", "suspended"},
+	{19, "SIGCONT", "continued"},
+	{20, "SIGCHLD", "child exited"},
+	{21, "SIGTTIN", "stopped (tty input)"},
+	{22, "SIGTTOU", "stopped (tty output)"},
+	{23, "SIGIO", "I/O possible"},
+	{24, "SIGXCPU", "cputime limit exceeded"},
+	{25, "SIGXFSZ", "filesize limit exceeded"},
+	{26, "SIGVTALRM", "virtual timer expired"},
+	{27, "SIGPROF", "profiling timer expired"},
+	{28, "SIGWINCH", "window size changes"},
+	{29, "SIGINFO", "information request"},
+	{30, "SIGUSR1", "user defined signal 1"},
+	{31, "SIGUSR2", "user defined signal 2"},
+	{32, "SIGTHR", "thread Scheduler"},
+	{33, "SIGCKPT", "checkPoint"},
+	{34, "SIGCKPTEXIT", "checkPointExit"},
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go
new file mode 100644
index 000000000..3689c8084
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go
@@ -0,0 +1,1936 @@
+// mkerrors.sh -m32
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build 386,freebsd
+
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs -- -m32 _const.go
+
+package unix
+
+import "syscall"
+
+const (
+	AF_APPLETALK                   = 0x10
+	AF_ARP                         = 0x23
+	AF_ATM                         = 0x1e
+	AF_BLUETOOTH                   = 0x24
+	AF_CCITT                       = 0xa
+	AF_CHAOS                       = 0x5
+	AF_CNT                         = 0x15
+	AF_COIP                        = 0x14
+	AF_DATAKIT                     = 0x9
+	AF_DECnet                      = 0xc
+	AF_DLI                         = 0xd
+	AF_E164                        = 0x1a
+	AF_ECMA                        = 0x8
+	AF_HYLINK                      = 0xf
+	AF_IEEE80211                   = 0x25
+	AF_IMPLINK                     = 0x3
+	AF_INET                        = 0x2
+	AF_INET6                       = 0x1c
+	AF_INET6_SDP                   = 0x2a
+	AF_INET_SDP                    = 0x28
+	AF_IPX                         = 0x17
+	AF_ISDN                        = 0x1a
+	AF_ISO                         = 0x7
+	AF_LAT                         = 0xe
+	AF_LINK                        = 0x12
+	AF_LOCAL                       = 0x1
+	AF_MAX                         = 0x2a
+	AF_NATM                        = 0x1d
+	AF_NETBIOS                     = 0x6
+	AF_NETGRAPH                    = 0x20
+	AF_OSI                         = 0x7
+	AF_PUP                         = 0x4
+	AF_ROUTE                       = 0x11
+	AF_SCLUSTER                    = 0x22
+	AF_SIP                         = 0x18
+	AF_SLOW                        = 0x21
+	AF_SNA                         = 0xb
+	AF_UNIX                        = 0x1
+	AF_UNSPEC                      = 0x0
+	AF_VENDOR00                    = 0x27
+	AF_VENDOR01                    = 0x29
+	AF_VENDOR02                    = 0x2b
+	AF_VENDOR03                    = 0x2d
+	AF_VENDOR04                    = 0x2f
+	AF_VENDOR05                    = 0x31
+	AF_VENDOR06                    = 0x33
+	AF_VENDOR07                    = 0x35
+	AF_VENDOR08                    = 0x37
+	AF_VENDOR09                    = 0x39
+	AF_VENDOR10                    = 0x3b
+	AF_VENDOR11                    = 0x3d
+	AF_VENDOR12                    = 0x3f
+	AF_VENDOR13                    = 0x41
+	AF_VENDOR14                    = 0x43
+	AF_VENDOR15                    = 0x45
+	AF_VENDOR16                    = 0x47
+	AF_VENDOR17                    = 0x49
+	AF_VENDOR18                    = 0x4b
+	AF_VENDOR19                    = 0x4d
+	AF_VENDOR20                    = 0x4f
+	AF_VENDOR21                    = 0x51
+	AF_VENDOR22                    = 0x53
+	AF_VENDOR23                    = 0x55
+	AF_VENDOR24                    = 0x57
+	AF_VENDOR25                    = 0x59
+	AF_VENDOR26                    = 0x5b
+	AF_VENDOR27                    = 0x5d
+	AF_VENDOR28                    = 0x5f
+	AF_VENDOR29                    = 0x61
+	AF_VENDOR30                    = 0x63
+	AF_VENDOR31                    = 0x65
+	AF_VENDOR32                    = 0x67
+	AF_VENDOR33                    = 0x69
+	AF_VENDOR34                    = 0x6b
+	AF_VENDOR35                    = 0x6d
+	AF_VENDOR36                    = 0x6f
+	AF_VENDOR37                    = 0x71
+	AF_VENDOR38                    = 0x73
+	AF_VENDOR39                    = 0x75
+	AF_VENDOR40                    = 0x77
+	AF_VENDOR41                    = 0x79
+	AF_VENDOR42                    = 0x7b
+	AF_VENDOR43                    = 0x7d
+	AF_VENDOR44                    = 0x7f
+	AF_VENDOR45                    = 0x81
+	AF_VENDOR46                    = 0x83
+	AF_VENDOR47                    = 0x85
+	ALTWERASE                      = 0x200
+	B0                             = 0x0
+	B110                           = 0x6e
+	B115200                        = 0x1c200
+	B1200                          = 0x4b0
+	B134                           = 0x86
+	B14400                         = 0x3840
+	B150                           = 0x96
+	B1800                          = 0x708
+	B19200                         = 0x4b00
+	B200                           = 0xc8
+	B230400                        = 0x38400
+	B2400                          = 0x960
+	B28800                         = 0x7080
+	B300                           = 0x12c
+	B38400                         = 0x9600
+	B460800                        = 0x70800
+	B4800                          = 0x12c0
+	B50                            = 0x32
+	B57600                         = 0xe100
+	B600                           = 0x258
+	B7200                          = 0x1c20
+	B75                            = 0x4b
+	B76800                         = 0x12c00
+	B921600                        = 0xe1000
+	B9600                          = 0x2580
+	BIOCFEEDBACK                   = 0x8004427c
+	BIOCFLUSH                      = 0x20004268
+	BIOCGBLEN                      = 0x40044266
+	BIOCGDIRECTION                 = 0x40044276
+	BIOCGDLT                       = 0x4004426a
+	BIOCGDLTLIST                   = 0xc0084279
+	BIOCGETBUFMODE                 = 0x4004427d
+	BIOCGETIF                      = 0x4020426b
+	BIOCGETZMAX                    = 0x4004427f
+	BIOCGHDRCMPLT                  = 0x40044274
+	BIOCGRSIG                      = 0x40044272
+	BIOCGRTIMEOUT                  = 0x4008426e
+	BIOCGSEESENT                   = 0x40044276
+	BIOCGSTATS                     = 0x4008426f
+	BIOCGTSTAMP                    = 0x40044283
+	BIOCIMMEDIATE                  = 0x80044270
+	BIOCLOCK                       = 0x2000427a
+	BIOCPROMISC                    = 0x20004269
+	BIOCROTZBUF                    = 0x400c4280
+	BIOCSBLEN                      = 0xc0044266
+	BIOCSDIRECTION                 = 0x80044277
+	BIOCSDLT                       = 0x80044278
+	BIOCSETBUFMODE                 = 0x8004427e
+	BIOCSETF                       = 0x80084267
+	BIOCSETFNR                     = 0x80084282
+	BIOCSETIF                      = 0x8020426c
+	BIOCSETWF                      = 0x8008427b
+	BIOCSETZBUF                    = 0x800c4281
+	BIOCSHDRCMPLT                  = 0x80044275
+	BIOCSRSIG                      = 0x80044273
+	BIOCSRTIMEOUT                  = 0x8008426d
+	BIOCSSEESENT                   = 0x80044277
+	BIOCSTSTAMP                    = 0x80044284
+	BIOCVERSION                    = 0x40044271
+	BPF_A                          = 0x10
+	BPF_ABS                        = 0x20
+	BPF_ADD                        = 0x0
+	BPF_ALIGNMENT                  = 0x4
+	BPF_ALU                        = 0x4
+	BPF_AND                        = 0x50
+	BPF_B                          = 0x10
+	BPF_BUFMODE_BUFFER             = 0x1
+	BPF_BUFMODE_ZBUF               = 0x2
+	BPF_DIV                        = 0x30
+	BPF_H                          = 0x8
+	BPF_IMM                        = 0x0
+	BPF_IND                        = 0x40
+	BPF_JA                         = 0x0
+	BPF_JEQ                        = 0x10
+	BPF_JGE                        = 0x30
+	BPF_JGT                        = 0x20
+	BPF_JMP                        = 0x5
+	BPF_JSET                       = 0x40
+	BPF_K                          = 0x0
+	BPF_LD                         = 0x0
+	BPF_LDX                        = 0x1
+	BPF_LEN                        = 0x80
+	BPF_LSH                        = 0x60
+	BPF_MAJOR_VERSION              = 0x1
+	BPF_MAXBUFSIZE                 = 0x80000
+	BPF_MAXINSNS                   = 0x200
+	BPF_MEM                        = 0x60
+	BPF_MEMWORDS                   = 0x10
+	BPF_MINBUFSIZE                 = 0x20
+	BPF_MINOR_VERSION              = 0x1
+	BPF_MISC                       = 0x7
+	BPF_MOD                        = 0x90
+	BPF_MSH                        = 0xa0
+	BPF_MUL                        = 0x20
+	BPF_NEG                        = 0x80
+	BPF_OR                         = 0x40
+	BPF_RELEASE                    = 0x30bb6
+	BPF_RET                        = 0x6
+	BPF_RSH                        = 0x70
+	BPF_ST                         = 0x2
+	BPF_STX                        = 0x3
+	BPF_SUB                        = 0x10
+	BPF_TAX                        = 0x0
+	BPF_TXA                        = 0x80
+	BPF_T_BINTIME                  = 0x2
+	BPF_T_BINTIME_FAST             = 0x102
+	BPF_T_BINTIME_MONOTONIC        = 0x202
+	BPF_T_BINTIME_MONOTONIC_FAST   = 0x302
+	BPF_T_FAST                     = 0x100
+	BPF_T_FLAG_MASK                = 0x300
+	BPF_T_FORMAT_MASK              = 0x3
+	BPF_T_MICROTIME                = 0x0
+	BPF_T_MICROTIME_FAST           = 0x100
+	BPF_T_MICROTIME_MONOTONIC      = 0x200
+	BPF_T_MICROTIME_MONOTONIC_FAST = 0x300
+	BPF_T_MONOTONIC                = 0x200
+	BPF_T_MONOTONIC_FAST           = 0x300
+	BPF_T_NANOTIME                 = 0x1
+	BPF_T_NANOTIME_FAST            = 0x101
+	BPF_T_NANOTIME_MONOTONIC       = 0x201
+	BPF_T_NANOTIME_MONOTONIC_FAST  = 0x301
+	BPF_T_NONE                     = 0x3
+	BPF_T_NORMAL                   = 0x0
+	BPF_W                          = 0x0
+	BPF_X                          = 0x8
+	BPF_XOR                        = 0xa0
+	BRKINT                         = 0x2
+	CAP_ACCEPT                     = 0x200000020000000
+	CAP_ACL_CHECK                  = 0x400000000010000
+	CAP_ACL_DELETE                 = 0x400000000020000
+	CAP_ACL_GET                    = 0x400000000040000
+	CAP_ACL_SET                    = 0x400000000080000
+	CAP_ALL0                       = 0x20007ffffffffff
+	CAP_ALL1                       = 0x4000000001fffff
+	CAP_BIND                       = 0x200000040000000
+	CAP_BINDAT                     = 0x200008000000400
+	CAP_CHFLAGSAT                  = 0x200000000001400
+	CAP_CONNECT                    = 0x200000080000000
+	CAP_CONNECTAT                  = 0x200010000000400
+	CAP_CREATE                     = 0x200000000000040
+	CAP_EVENT                      = 0x400000000000020
+	CAP_EXTATTR_DELETE             = 0x400000000001000
+	CAP_EXTATTR_GET                = 0x400000000002000
+	CAP_EXTATTR_LIST               = 0x400000000004000
+	CAP_EXTATTR_SET                = 0x400000000008000
+	CAP_FCHDIR                     = 0x200000000000800
+	CAP_FCHFLAGS                   = 0x200000000001000
+	CAP_FCHMOD                     = 0x200000000002000
+	CAP_FCHMODAT                   = 0x200000000002400
+	CAP_FCHOWN                     = 0x200000000004000
+	CAP_FCHOWNAT                   = 0x200000000004400
+	CAP_FCNTL                      = 0x200000000008000
+	CAP_FCNTL_ALL                  = 0x78
+	CAP_FCNTL_GETFL                = 0x8
+	CAP_FCNTL_GETOWN               = 0x20
+	CAP_FCNTL_SETFL                = 0x10
+	CAP_FCNTL_SETOWN               = 0x40
+	CAP_FEXECVE                    = 0x200000000000080
+	CAP_FLOCK                      = 0x200000000010000
+	CAP_FPATHCONF                  = 0x200000000020000
+	CAP_FSCK                       = 0x200000000040000
+	CAP_FSTAT                      = 0x200000000080000
+	CAP_FSTATAT                    = 0x200000000080400
+	CAP_FSTATFS                    = 0x200000000100000
+	CAP_FSYNC                      = 0x200000000000100
+	CAP_FTRUNCATE                  = 0x200000000000200
+	CAP_FUTIMES                    = 0x200000000200000
+	CAP_FUTIMESAT                  = 0x200000000200400
+	CAP_GETPEERNAME                = 0x200000100000000
+	CAP_GETSOCKNAME                = 0x200000200000000
+	CAP_GETSOCKOPT                 = 0x200000400000000
+	CAP_IOCTL                      = 0x400000000000080
+	CAP_IOCTLS_ALL                 = 0x7fffffff
+	CAP_KQUEUE                     = 0x400000000100040
+	CAP_KQUEUE_CHANGE              = 0x400000000100000
+	CAP_KQUEUE_EVENT               = 0x400000000000040
+	CAP_LINKAT_SOURCE              = 0x200020000000400
+	CAP_LINKAT_TARGET              = 0x200000000400400
+	CAP_LISTEN                     = 0x200000800000000
+	CAP_LOOKUP                     = 0x200000000000400
+	CAP_MAC_GET                    = 0x400000000000001
+	CAP_MAC_SET                    = 0x400000000000002
+	CAP_MKDIRAT                    = 0x200000000800400
+	CAP_MKFIFOAT                   = 0x200000001000400
+	CAP_MKNODAT                    = 0x200000002000400
+	CAP_MMAP                       = 0x200000000000010
+	CAP_MMAP_R                     = 0x20000000000001d
+	CAP_MMAP_RW                    = 0x20000000000001f
+	CAP_MMAP_RWX                   = 0x20000000000003f
+	CAP_MMAP_RX                    = 0x20000000000003d
+	CAP_MMAP_W                     = 0x20000000000001e
+	CAP_MMAP_WX                    = 0x20000000000003e
+	CAP_MMAP_X                     = 0x20000000000003c
+	CAP_PDGETPID                   = 0x400000000000200
+	CAP_PDKILL                     = 0x400000000000800
+	CAP_PDWAIT                     = 0x400000000000400
+	CAP_PEELOFF                    = 0x200001000000000
+	CAP_POLL_EVENT                 = 0x400000000000020
+	CAP_PREAD                      = 0x20000000000000d
+	CAP_PWRITE                     = 0x20000000000000e
+	CAP_READ                       = 0x200000000000001
+	CAP_RECV                       = 0x200000000000001
+	CAP_RENAMEAT_SOURCE            = 0x200000004000400
+	CAP_RENAMEAT_TARGET            = 0x200040000000400
+	CAP_RIGHTS_VERSION             = 0x0
+	CAP_RIGHTS_VERSION_00          = 0x0
+	CAP_SEEK                       = 0x20000000000000c
+	CAP_SEEK_TELL                  = 0x200000000000004
+	CAP_SEM_GETVALUE               = 0x400000000000004
+	CAP_SEM_POST                   = 0x400000000000008
+	CAP_SEM_WAIT                   = 0x400000000000010
+	CAP_SEND                       = 0x200000000000002
+	CAP_SETSOCKOPT                 = 0x200002000000000
+	CAP_SHUTDOWN                   = 0x200004000000000
+	CAP_SOCK_CLIENT                = 0x200007780000003
+	CAP_SOCK_SERVER                = 0x200007f60000003
+	CAP_SYMLINKAT                  = 0x200000008000400
+	CAP_TTYHOOK                    = 0x400000000000100
+	CAP_UNLINKAT                   = 0x200000010000400
+	CAP_UNUSED0_44                 = 0x200080000000000
+	CAP_UNUSED0_57                 = 0x300000000000000
+	CAP_UNUSED1_22                 = 0x400000000200000
+	CAP_UNUSED1_57                 = 0x500000000000000
+	CAP_WRITE                      = 0x200000000000002
+	CFLUSH                         = 0xf
+	CLOCAL                         = 0x8000
+	CLOCK_MONOTONIC                = 0x4
+	CLOCK_MONOTONIC_FAST           = 0xc
+	CLOCK_MONOTONIC_PRECISE        = 0xb
+	CLOCK_PROCESS_CPUTIME_ID       = 0xf
+	CLOCK_PROF                     = 0x2
+	CLOCK_REALTIME                 = 0x0
+	CLOCK_REALTIME_FAST            = 0xa
+	CLOCK_REALTIME_PRECISE         = 0x9
+	CLOCK_SECOND                   = 0xd
+	CLOCK_THREAD_CPUTIME_ID        = 0xe
+	CLOCK_UPTIME                   = 0x5
+	CLOCK_UPTIME_FAST              = 0x8
+	CLOCK_UPTIME_PRECISE           = 0x7
+	CLOCK_VIRTUAL                  = 0x1
+	CPUSTATES                      = 0x5
+	CP_IDLE                        = 0x4
+	CP_INTR                        = 0x3
+	CP_NICE                        = 0x1
+	CP_SYS                         = 0x2
+	CP_USER                        = 0x0
+	CREAD                          = 0x800
+	CRTSCTS                        = 0x30000
+	CS5                            = 0x0
+	CS6                            = 0x100
+	CS7                            = 0x200
+	CS8                            = 0x300
+	CSIZE                          = 0x300
+	CSTART                         = 0x11
+	CSTATUS                        = 0x14
+	CSTOP                          = 0x13
+	CSTOPB                         = 0x400
+	CSUSP                          = 0x1a
+	CTL_HW                         = 0x6
+	CTL_KERN                       = 0x1
+	CTL_MAXNAME                    = 0x18
+	CTL_NET                        = 0x4
+	DIOCGATTR                      = 0xc144648e
+	DIOCGDELETE                    = 0x80106488
+	DIOCGFLUSH                     = 0x20006487
+	DIOCGFRONTSTUFF                = 0x40086486
+	DIOCGFWHEADS                   = 0x40046483
+	DIOCGFWSECTORS                 = 0x40046482
+	DIOCGIDENT                     = 0x41006489
+	DIOCGMEDIASIZE                 = 0x40086481
+	DIOCGPHYSPATH                  = 0x4400648d
+	DIOCGPROVIDERNAME              = 0x4400648a
+	DIOCGSECTORSIZE                = 0x40046480
+	DIOCGSTRIPEOFFSET              = 0x4008648c
+	DIOCGSTRIPESIZE                = 0x4008648b
+	DIOCSKERNELDUMP                = 0x804c6490
+	DIOCSKERNELDUMP_FREEBSD11      = 0x80046485
+	DIOCZONECMD                    = 0xc06c648f
+	DLT_A429                       = 0xb8
+	DLT_A653_ICM                   = 0xb9
+	DLT_AIRONET_HEADER             = 0x78
+	DLT_AOS                        = 0xde
+	DLT_APPLE_IP_OVER_IEEE1394     = 0x8a
+	DLT_ARCNET                     = 0x7
+	DLT_ARCNET_LINUX               = 0x81
+	DLT_ATM_CLIP                   = 0x13
+	DLT_ATM_RFC1483                = 0xb
+	DLT_AURORA                     = 0x7e
+	DLT_AX25                       = 0x3
+	DLT_AX25_KISS                  = 0xca
+	DLT_BACNET_MS_TP               = 0xa5
+	DLT_BLUETOOTH_BREDR_BB         = 0xff
+	DLT_BLUETOOTH_HCI_H4           = 0xbb
+	DLT_BLUETOOTH_HCI_H4_WITH_PHDR = 0xc9
+	DLT_BLUETOOTH_LE_LL            = 0xfb
+	DLT_BLUETOOTH_LE_LL_WITH_PHDR  = 0x100
+	DLT_BLUETOOTH_LINUX_MONITOR    = 0xfe
+	DLT_CAN20B                     = 0xbe
+	DLT_CAN_SOCKETCAN              = 0xe3
+	DLT_CHAOS                      = 0x5
+	DLT_CHDLC                      = 0x68
+	DLT_CISCO_IOS                  = 0x76
+	DLT_CLASS_NETBSD_RAWAF         = 0x2240000
+	DLT_C_HDLC                     = 0x68
+	DLT_C_HDLC_WITH_DIR            = 0xcd
+	DLT_DBUS                       = 0xe7
+	DLT_DECT                       = 0xdd
+	DLT_DISPLAYPORT_AUX            = 0x113
+	DLT_DOCSIS                     = 0x8f
+	DLT_DOCSIS31_XRA31             = 0x111
+	DLT_DVB_CI                     = 0xeb
+	DLT_ECONET                     = 0x73
+	DLT_EN10MB                     = 0x1
+	DLT_EN3MB                      = 0x2
+	DLT_ENC                        = 0x6d
+	DLT_EPON                       = 0x103
+	DLT_ERF                        = 0xc5
+	DLT_ERF_ETH                    = 0xaf
+	DLT_ERF_POS                    = 0xb0
+	DLT_ETHERNET_MPACKET           = 0x112
+	DLT_FC_2                       = 0xe0
+	DLT_FC_2_WITH_FRAME_DELIMS     = 0xe1
+	DLT_FDDI                       = 0xa
+	DLT_FLEXRAY                    = 0xd2
+	DLT_FRELAY                     = 0x6b
+	DLT_FRELAY_WITH_DIR            = 0xce
+	DLT_GCOM_SERIAL                = 0xad
+	DLT_GCOM_T1E1                  = 0xac
+	DLT_GPF_F                      = 0xab
+	DLT_GPF_T                      = 0xaa
+	DLT_GPRS_LLC                   = 0xa9
+	DLT_GSMTAP_ABIS                = 0xda
+	DLT_GSMTAP_UM                  = 0xd9
+	DLT_IBM_SN                     = 0x92
+	DLT_IBM_SP                     = 0x91
+	DLT_IEEE802                    = 0x6
+	DLT_IEEE802_11                 = 0x69
+	DLT_IEEE802_11_RADIO           = 0x7f
+	DLT_IEEE802_11_RADIO_AVS       = 0xa3
+	DLT_IEEE802_15_4               = 0xc3
+	DLT_IEEE802_15_4_LINUX         = 0xbf
+	DLT_IEEE802_15_4_NOFCS         = 0xe6
+	DLT_IEEE802_15_4_NONASK_PHY    = 0xd7
+	DLT_IEEE802_16_MAC_CPS         = 0xbc
+	DLT_IEEE802_16_MAC_CPS_RADIO   = 0xc1
+	DLT_INFINIBAND                 = 0xf7
+	DLT_IPFILTER                   = 0x74
+	DLT_IPMB                       = 0xc7
+	DLT_IPMB_LINUX                 = 0xd1
+	DLT_IPMI_HPM_2                 = 0x104
+	DLT_IPNET                      = 0xe2
+	DLT_IPOIB                      = 0xf2
+	DLT_IPV4                       = 0xe4
+	DLT_IPV6                       = 0xe5
+	DLT_IP_OVER_FC                 = 0x7a
+	DLT_ISO_14443                  = 0x108
+	DLT_JUNIPER_ATM1               = 0x89
+	DLT_JUNIPER_ATM2               = 0x87
+	DLT_JUNIPER_ATM_CEMIC          = 0xee
+	DLT_JUNIPER_CHDLC              = 0xb5
+	DLT_JUNIPER_ES                 = 0x84
+	DLT_JUNIPER_ETHER              = 0xb2
+	DLT_JUNIPER_FIBRECHANNEL       = 0xea
+	DLT_JUNIPER_FRELAY             = 0xb4
+	DLT_JUNIPER_GGSN               = 0x85
+	DLT_JUNIPER_ISM                = 0xc2
+	DLT_JUNIPER_MFR                = 0x86
+	DLT_JUNIPER_MLFR               = 0x83
+	DLT_JUNIPER_MLPPP              = 0x82
+	DLT_JUNIPER_MONITOR            = 0xa4
+	DLT_JUNIPER_PIC_PEER           = 0xae
+	DLT_JUNIPER_PPP                = 0xb3
+	DLT_JUNIPER_PPPOE              = 0xa7
+	DLT_JUNIPER_PPPOE_ATM          = 0xa8
+	DLT_JUNIPER_SERVICES           = 0x88
+	DLT_JUNIPER_SRX_E2E            = 0xe9
+	DLT_JUNIPER_ST                 = 0xc8
+	DLT_JUNIPER_VP                 = 0xb7
+	DLT_JUNIPER_VS                 = 0xe8
+	DLT_LAPB_WITH_DIR              = 0xcf
+	DLT_LAPD                       = 0xcb
+	DLT_LIN                        = 0xd4
+	DLT_LINUX_EVDEV                = 0xd8
+	DLT_LINUX_IRDA                 = 0x90
+	DLT_LINUX_LAPD                 = 0xb1
+	DLT_LINUX_PPP_WITHDIRECTION    = 0xa6
+	DLT_LINUX_SLL                  = 0x71
+	DLT_LOOP                       = 0x6c
+	DLT_LORATAP                    = 0x10e
+	DLT_LTALK                      = 0x72
+	DLT_MATCHING_MAX               = 0x113
+	DLT_MATCHING_MIN               = 0x68
+	DLT_MFR                        = 0xb6
+	DLT_MOST                       = 0xd3
+	DLT_MPEG_2_TS                  = 0xf3
+	DLT_MPLS                       = 0xdb
+	DLT_MTP2                       = 0x8c
+	DLT_MTP2_WITH_PHDR             = 0x8b
+	DLT_MTP3                       = 0x8d
+	DLT_MUX27010                   = 0xec
+	DLT_NETANALYZER                = 0xf0
+	DLT_NETANALYZER_TRANSPARENT    = 0xf1
+	DLT_NETLINK                    = 0xfd
+	DLT_NFC_LLCP                   = 0xf5
+	DLT_NFLOG                      = 0xef
+	DLT_NG40                       = 0xf4
+	DLT_NORDIC_BLE                 = 0x110
+	DLT_NULL                       = 0x0
+	DLT_OPENFLOW                   = 0x10b
+	DLT_PCI_EXP                    = 0x7d
+	DLT_PFLOG                      = 0x75
+	DLT_PFSYNC                     = 0x79
+	DLT_PKTAP                      = 0x102
+	DLT_PPI                        = 0xc0
+	DLT_PPP                        = 0x9
+	DLT_PPP_BSDOS                  = 0xe
+	DLT_PPP_ETHER                  = 0x33
+	DLT_PPP_PPPD                   = 0xa6
+	DLT_PPP_SERIAL                 = 0x32
+	DLT_PPP_WITH_DIR               = 0xcc
+	DLT_PPP_WITH_DIRECTION         = 0xa6
+	DLT_PRISM_HEADER               = 0x77
+	DLT_PROFIBUS_DL                = 0x101
+	DLT_PRONET                     = 0x4
+	DLT_RAIF1                      = 0xc6
+	DLT_RAW                        = 0xc
+	DLT_RDS                        = 0x109
+	DLT_REDBACK_SMARTEDGE          = 0x20
+	DLT_RIO                        = 0x7c
+	DLT_RTAC_SERIAL                = 0xfa
+	DLT_SCCP                       = 0x8e
+	DLT_SCTP                       = 0xf8
+	DLT_SDLC                       = 0x10c
+	DLT_SITA                       = 0xc4
+	DLT_SLIP                       = 0x8
+	DLT_SLIP_BSDOS                 = 0xd
+	DLT_STANAG_5066_D_PDU          = 0xed
+	DLT_SUNATM                     = 0x7b
+	DLT_SYMANTEC_FIREWALL          = 0x63
+	DLT_TI_LLN_SNIFFER             = 0x10d
+	DLT_TZSP                       = 0x80
+	DLT_USB                        = 0xba
+	DLT_USBPCAP                    = 0xf9
+	DLT_USB_DARWIN                 = 0x10a
+	DLT_USB_FREEBSD                = 0xba
+	DLT_USB_LINUX                  = 0xbd
+	DLT_USB_LINUX_MMAPPED          = 0xdc
+	DLT_USER0                      = 0x93
+	DLT_USER1                      = 0x94
+	DLT_USER10                     = 0x9d
+	DLT_USER11                     = 0x9e
+	DLT_USER12                     = 0x9f
+	DLT_USER13                     = 0xa0
+	DLT_USER14                     = 0xa1
+	DLT_USER15                     = 0xa2
+	DLT_USER2                      = 0x95
+	DLT_USER3                      = 0x96
+	DLT_USER4                      = 0x97
+	DLT_USER5                      = 0x98
+	DLT_USER6                      = 0x99
+	DLT_USER7                      = 0x9a
+	DLT_USER8                      = 0x9b
+	DLT_USER9                      = 0x9c
+	DLT_VSOCK                      = 0x10f
+	DLT_WATTSTOPPER_DLM            = 0x107
+	DLT_WIHART                     = 0xdf
+	DLT_WIRESHARK_UPPER_PDU        = 0xfc
+	DLT_X2E_SERIAL                 = 0xd5
+	DLT_X2E_XORAYA                 = 0xd6
+	DLT_ZWAVE_R1_R2                = 0x105
+	DLT_ZWAVE_R3                   = 0x106
+	DT_BLK                         = 0x6
+	DT_CHR                         = 0x2
+	DT_DIR                         = 0x4
+	DT_FIFO                        = 0x1
+	DT_LNK                         = 0xa
+	DT_REG                         = 0x8
+	DT_SOCK                        = 0xc
+	DT_UNKNOWN                     = 0x0
+	DT_WHT                         = 0xe
+	ECHO                           = 0x8
+	ECHOCTL                        = 0x40
+	ECHOE                          = 0x2
+	ECHOK                          = 0x4
+	ECHOKE                         = 0x1
+	ECHONL                         = 0x10
+	ECHOPRT                        = 0x20
+	EVFILT_AIO                     = -0x3
+	EVFILT_EMPTY                   = -0xd
+	EVFILT_FS                      = -0x9
+	EVFILT_LIO                     = -0xa
+	EVFILT_PROC                    = -0x5
+	EVFILT_PROCDESC                = -0x8
+	EVFILT_READ                    = -0x1
+	EVFILT_SENDFILE                = -0xc
+	EVFILT_SIGNAL                  = -0x6
+	EVFILT_SYSCOUNT                = 0xd
+	EVFILT_TIMER                   = -0x7
+	EVFILT_USER                    = -0xb
+	EVFILT_VNODE                   = -0x4
+	EVFILT_WRITE                   = -0x2
+	EVNAMEMAP_NAME_SIZE            = 0x40
+	EV_ADD                         = 0x1
+	EV_CLEAR                       = 0x20
+	EV_DELETE                      = 0x2
+	EV_DISABLE                     = 0x8
+	EV_DISPATCH                    = 0x80
+	EV_DROP                        = 0x1000
+	EV_ENABLE                      = 0x4
+	EV_EOF                         = 0x8000
+	EV_ERROR                       = 0x4000
+	EV_FLAG1                       = 0x2000
+	EV_FLAG2                       = 0x4000
+	EV_FORCEONESHOT                = 0x100
+	EV_ONESHOT                     = 0x10
+	EV_RECEIPT                     = 0x40
+	EV_SYSFLAGS                    = 0xf000
+	EXTA                           = 0x4b00
+	EXTATTR_MAXNAMELEN             = 0xff
+	EXTATTR_NAMESPACE_EMPTY        = 0x0
+	EXTATTR_NAMESPACE_SYSTEM       = 0x2
+	EXTATTR_NAMESPACE_USER         = 0x1
+	EXTB                           = 0x9600
+	EXTPROC                        = 0x800
+	FD_CLOEXEC                     = 0x1
+	FD_SETSIZE                     = 0x400
+	FLUSHO                         = 0x800000
+	F_CANCEL                       = 0x5
+	F_DUP2FD                       = 0xa
+	F_DUP2FD_CLOEXEC               = 0x12
+	F_DUPFD                        = 0x0
+	F_DUPFD_CLOEXEC                = 0x11
+	F_GETFD                        = 0x1
+	F_GETFL                        = 0x3
+	F_GETLK                        = 0xb
+	F_GETOWN                       = 0x5
+	F_OGETLK                       = 0x7
+	F_OK                           = 0x0
+	F_OSETLK                       = 0x8
+	F_OSETLKW                      = 0x9
+	F_RDAHEAD                      = 0x10
+	F_RDLCK                        = 0x1
+	F_READAHEAD                    = 0xf
+	F_SETFD                        = 0x2
+	F_SETFL                        = 0x4
+	F_SETLK                        = 0xc
+	F_SETLKW                       = 0xd
+	F_SETLK_REMOTE                 = 0xe
+	F_SETOWN                       = 0x6
+	F_UNLCK                        = 0x2
+	F_UNLCKSYS                     = 0x4
+	F_WRLCK                        = 0x3
+	HUPCL                          = 0x4000
+	HW_MACHINE                     = 0x1
+	ICANON                         = 0x100
+	ICMP6_FILTER                   = 0x12
+	ICRNL                          = 0x100
+	IEXTEN                         = 0x400
+	IFAN_ARRIVAL                   = 0x0
+	IFAN_DEPARTURE                 = 0x1
+	IFCAP_WOL_MAGIC                = 0x2000
+	IFF_ALLMULTI                   = 0x200
+	IFF_ALTPHYS                    = 0x4000
+	IFF_BROADCAST                  = 0x2
+	IFF_CANTCHANGE                 = 0x218f52
+	IFF_CANTCONFIG                 = 0x10000
+	IFF_DEBUG                      = 0x4
+	IFF_DRV_OACTIVE                = 0x400
+	IFF_DRV_RUNNING                = 0x40
+	IFF_DYING                      = 0x200000
+	IFF_LINK0                      = 0x1000
+	IFF_LINK1                      = 0x2000
+	IFF_LINK2                      = 0x4000
+	IFF_LOOPBACK                   = 0x8
+	IFF_MONITOR                    = 0x40000
+	IFF_MULTICAST                  = 0x8000
+	IFF_NOARP                      = 0x80
+	IFF_NOGROUP                    = 0x800000
+	IFF_OACTIVE                    = 0x400
+	IFF_POINTOPOINT                = 0x10
+	IFF_PPROMISC                   = 0x20000
+	IFF_PROMISC                    = 0x100
+	IFF_RENAMING                   = 0x400000
+	IFF_RUNNING                    = 0x40
+	IFF_SIMPLEX                    = 0x800
+	IFF_STATICARP                  = 0x80000
+	IFF_UP                         = 0x1
+	IFNAMSIZ                       = 0x10
+	IFT_BRIDGE                     = 0xd1
+	IFT_CARP                       = 0xf8
+	IFT_IEEE1394                   = 0x90
+	IFT_INFINIBAND                 = 0xc7
+	IFT_L2VLAN                     = 0x87
+	IFT_L3IPVLAN                   = 0x88
+	IFT_PPP                        = 0x17
+	IFT_PROPVIRTUAL                = 0x35
+	IGNBRK                         = 0x1
+	IGNCR                          = 0x80
+	IGNPAR                         = 0x4
+	IMAXBEL                        = 0x2000
+	INLCR                          = 0x40
+	INPCK                          = 0x10
+	IN_CLASSA_HOST                 = 0xffffff
+	IN_CLASSA_MAX                  = 0x80
+	IN_CLASSA_NET                  = 0xff000000
+	IN_CLASSA_NSHIFT               = 0x18
+	IN_CLASSB_HOST                 = 0xffff
+	IN_CLASSB_MAX                  = 0x10000
+	IN_CLASSB_NET                  = 0xffff0000
+	IN_CLASSB_NSHIFT               = 0x10
+	IN_CLASSC_HOST                 = 0xff
+	IN_CLASSC_NET                  = 0xffffff00
+	IN_CLASSC_NSHIFT               = 0x8
+	IN_CLASSD_HOST                 = 0xfffffff
+	IN_CLASSD_NET                  = 0xf0000000
+	IN_CLASSD_NSHIFT               = 0x1c
+	IN_LOOPBACKNET                 = 0x7f
+	IN_RFC3021_MASK                = 0xfffffffe
+	IPPROTO_3PC                    = 0x22
+	IPPROTO_ADFS                   = 0x44
+	IPPROTO_AH                     = 0x33
+	IPPROTO_AHIP                   = 0x3d
+	IPPROTO_APES                   = 0x63
+	IPPROTO_ARGUS                  = 0xd
+	IPPROTO_AX25                   = 0x5d
+	IPPROTO_BHA                    = 0x31
+	IPPROTO_BLT                    = 0x1e
+	IPPROTO_BRSATMON               = 0x4c
+	IPPROTO_CARP                   = 0x70
+	IPPROTO_CFTP                   = 0x3e
+	IPPROTO_CHAOS                  = 0x10
+	IPPROTO_CMTP                   = 0x26
+	IPPROTO_CPHB                   = 0x49
+	IPPROTO_CPNX                   = 0x48
+	IPPROTO_DDP                    = 0x25
+	IPPROTO_DGP                    = 0x56
+	IPPROTO_DIVERT                 = 0x102
+	IPPROTO_DONE                   = 0x101
+	IPPROTO_DSTOPTS                = 0x3c
+	IPPROTO_EGP                    = 0x8
+	IPPROTO_EMCON                  = 0xe
+	IPPROTO_ENCAP                  = 0x62
+	IPPROTO_EON                    = 0x50
+	IPPROTO_ESP                    = 0x32
+	IPPROTO_ETHERIP                = 0x61
+	IPPROTO_FRAGMENT               = 0x2c
+	IPPROTO_GGP                    = 0x3
+	IPPROTO_GMTP                   = 0x64
+	IPPROTO_GRE                    = 0x2f
+	IPPROTO_HELLO                  = 0x3f
+	IPPROTO_HIP                    = 0x8b
+	IPPROTO_HMP                    = 0x14
+	IPPROTO_HOPOPTS                = 0x0
+	IPPROTO_ICMP                   = 0x1
+	IPPROTO_ICMPV6                 = 0x3a
+	IPPROTO_IDP                    = 0x16
+	IPPROTO_IDPR                   = 0x23
+	IPPROTO_IDRP                   = 0x2d
+	IPPROTO_IGMP                   = 0x2
+	IPPROTO_IGP                    = 0x55
+	IPPROTO_IGRP                   = 0x58
+	IPPROTO_IL                     = 0x28
+	IPPROTO_INLSP                  = 0x34
+	IPPROTO_INP                    = 0x20
+	IPPROTO_IP                     = 0x0
+	IPPROTO_IPCOMP                 = 0x6c
+	IPPROTO_IPCV                   = 0x47
+	IPPROTO_IPEIP                  = 0x5e
+	IPPROTO_IPIP                   = 0x4
+	IPPROTO_IPPC                   = 0x43
+	IPPROTO_IPV4                   = 0x4
+	IPPROTO_IPV6                   = 0x29
+	IPPROTO_IRTP                   = 0x1c
+	IPPROTO_KRYPTOLAN              = 0x41
+	IPPROTO_LARP                   = 0x5b
+	IPPROTO_LEAF1                  = 0x19
+	IPPROTO_LEAF2                  = 0x1a
+	IPPROTO_MAX                    = 0x100
+	IPPROTO_MEAS                   = 0x13
+	IPPROTO_MH                     = 0x87
+	IPPROTO_MHRP                   = 0x30
+	IPPROTO_MICP                   = 0x5f
+	IPPROTO_MOBILE                 = 0x37
+	IPPROTO_MPLS                   = 0x89
+	IPPROTO_MTP                    = 0x5c
+	IPPROTO_MUX                    = 0x12
+	IPPROTO_ND                     = 0x4d
+	IPPROTO_NHRP                   = 0x36
+	IPPROTO_NONE                   = 0x3b
+	IPPROTO_NSP                    = 0x1f
+	IPPROTO_NVPII                  = 0xb
+	IPPROTO_OLD_DIVERT             = 0xfe
+	IPPROTO_OSPFIGP                = 0x59
+	IPPROTO_PFSYNC                 = 0xf0
+	IPPROTO_PGM                    = 0x71
+	IPPROTO_PIGP                   = 0x9
+	IPPROTO_PIM                    = 0x67
+	IPPROTO_PRM                    = 0x15
+	IPPROTO_PUP                    = 0xc
+	IPPROTO_PVP                    = 0x4b
+	IPPROTO_RAW                    = 0xff
+	IPPROTO_RCCMON                 = 0xa
+	IPPROTO_RDP                    = 0x1b
+	IPPROTO_RESERVED_253           = 0xfd
+	IPPROTO_RESERVED_254           = 0xfe
+	IPPROTO_ROUTING                = 0x2b
+	IPPROTO_RSVP                   = 0x2e
+	IPPROTO_RVD                    = 0x42
+	IPPROTO_SATEXPAK               = 0x40
+	IPPROTO_SATMON                 = 0x45
+	IPPROTO_SCCSP                  = 0x60
+	IPPROTO_SCTP                   = 0x84
+	IPPROTO_SDRP                   = 0x2a
+	IPPROTO_SEND                   = 0x103
+	IPPROTO_SEP                    = 0x21
+	IPPROTO_SHIM6                  = 0x8c
+	IPPROTO_SKIP                   = 0x39
+	IPPROTO_SPACER                 = 0x7fff
+	IPPROTO_SRPC                   = 0x5a
+	IPPROTO_ST                     = 0x7
+	IPPROTO_SVMTP                  = 0x52
+	IPPROTO_SWIPE                  = 0x35
+	IPPROTO_TCF                    = 0x57
+	IPPROTO_TCP                    = 0x6
+	IPPROTO_TLSP                   = 0x38
+	IPPROTO_TP                     = 0x1d
+	IPPROTO_TPXX                   = 0x27
+	IPPROTO_TRUNK1                 = 0x17
+	IPPROTO_TRUNK2                 = 0x18
+	IPPROTO_TTP                    = 0x54
+	IPPROTO_UDP                    = 0x11
+	IPPROTO_UDPLITE                = 0x88
+	IPPROTO_VINES                  = 0x53
+	IPPROTO_VISA                   = 0x46
+	IPPROTO_VMTP                   = 0x51
+	IPPROTO_WBEXPAK                = 0x4f
+	IPPROTO_WBMON                  = 0x4e
+	IPPROTO_WSN                    = 0x4a
+	IPPROTO_XNET                   = 0xf
+	IPPROTO_XTP                    = 0x24
+	IPV6_AUTOFLOWLABEL             = 0x3b
+	IPV6_BINDANY                   = 0x40
+	IPV6_BINDMULTI                 = 0x41
+	IPV6_BINDV6ONLY                = 0x1b
+	IPV6_CHECKSUM                  = 0x1a
+	IPV6_DEFAULT_MULTICAST_HOPS    = 0x1
+	IPV6_DEFAULT_MULTICAST_LOOP    = 0x1
+	IPV6_DEFHLIM                   = 0x40
+	IPV6_DONTFRAG                  = 0x3e
+	IPV6_DSTOPTS                   = 0x32
+	IPV6_FLOWID                    = 0x43
+	IPV6_FLOWINFO_MASK             = 0xffffff0f
+	IPV6_FLOWLABEL_LEN             = 0x14
+	IPV6_FLOWLABEL_MASK            = 0xffff0f00
+	IPV6_FLOWTYPE                  = 0x44
+	IPV6_FRAGTTL                   = 0x78
+	IPV6_FW_ADD                    = 0x1e
+	IPV6_FW_DEL                    = 0x1f
+	IPV6_FW_FLUSH                  = 0x20
+	IPV6_FW_GET                    = 0x22
+	IPV6_FW_ZERO                   = 0x21
+	IPV6_HLIMDEC                   = 0x1
+	IPV6_HOPLIMIT                  = 0x2f
+	IPV6_HOPOPTS                   = 0x31
+	IPV6_IPSEC_POLICY              = 0x1c
+	IPV6_JOIN_GROUP                = 0xc
+	IPV6_LEAVE_GROUP               = 0xd
+	IPV6_MAXHLIM                   = 0xff
+	IPV6_MAXOPTHDR                 = 0x800
+	IPV6_MAXPACKET                 = 0xffff
+	IPV6_MAX_GROUP_SRC_FILTER      = 0x200
+	IPV6_MAX_MEMBERSHIPS           = 0xfff
+	IPV6_MAX_SOCK_SRC_FILTER       = 0x80
+	IPV6_MMTU                      = 0x500
+	IPV6_MSFILTER                  = 0x4a
+	IPV6_MULTICAST_HOPS            = 0xa
+	IPV6_MULTICAST_IF              = 0x9
+	IPV6_MULTICAST_LOOP            = 0xb
+	IPV6_NEXTHOP                   = 0x30
+	IPV6_ORIGDSTADDR               = 0x48
+	IPV6_PATHMTU                   = 0x2c
+	IPV6_PKTINFO                   = 0x2e
+	IPV6_PORTRANGE                 = 0xe
+	IPV6_PORTRANGE_DEFAULT         = 0x0
+	IPV6_PORTRANGE_HIGH            = 0x1
+	IPV6_PORTRANGE_LOW             = 0x2
+	IPV6_PREFER_TEMPADDR           = 0x3f
+	IPV6_RECVDSTOPTS               = 0x28
+	IPV6_RECVFLOWID                = 0x46
+	IPV6_RECVHOPLIMIT              = 0x25
+	IPV6_RECVHOPOPTS               = 0x27
+	IPV6_RECVORIGDSTADDR           = 0x48
+	IPV6_RECVPATHMTU               = 0x2b
+	IPV6_RECVPKTINFO               = 0x24
+	IPV6_RECVRSSBUCKETID           = 0x47
+	IPV6_RECVRTHDR                 = 0x26
+	IPV6_RECVTCLASS                = 0x39
+	IPV6_RSSBUCKETID               = 0x45
+	IPV6_RSS_LISTEN_BUCKET         = 0x42
+	IPV6_RTHDR                     = 0x33
+	IPV6_RTHDRDSTOPTS              = 0x23
+	IPV6_RTHDR_LOOSE               = 0x0
+	IPV6_RTHDR_STRICT              = 0x1
+	IPV6_RTHDR_TYPE_0              = 0x0
+	IPV6_SOCKOPT_RESERVED1         = 0x3
+	IPV6_TCLASS                    = 0x3d
+	IPV6_UNICAST_HOPS              = 0x4
+	IPV6_USE_MIN_MTU               = 0x2a
+	IPV6_V6ONLY                    = 0x1b
+	IPV6_VERSION                   = 0x60
+	IPV6_VERSION_MASK              = 0xf0
+	IP_ADD_MEMBERSHIP              = 0xc
+	IP_ADD_SOURCE_MEMBERSHIP       = 0x46
+	IP_BINDANY                     = 0x18
+	IP_BINDMULTI                   = 0x19
+	IP_BLOCK_SOURCE                = 0x48
+	IP_DEFAULT_MULTICAST_LOOP      = 0x1
+	IP_DEFAULT_MULTICAST_TTL       = 0x1
+	IP_DF                          = 0x4000
+	IP_DONTFRAG                    = 0x43
+	IP_DROP_MEMBERSHIP             = 0xd
+	IP_DROP_SOURCE_MEMBERSHIP      = 0x47
+	IP_DUMMYNET3                   = 0x31
+	IP_DUMMYNET_CONFIGURE          = 0x3c
+	IP_DUMMYNET_DEL                = 0x3d
+	IP_DUMMYNET_FLUSH              = 0x3e
+	IP_DUMMYNET_GET                = 0x40
+	IP_FLOWID                      = 0x5a
+	IP_FLOWTYPE                    = 0x5b
+	IP_FW3                         = 0x30
+	IP_FW_ADD                      = 0x32
+	IP_FW_DEL                      = 0x33
+	IP_FW_FLUSH                    = 0x34
+	IP_FW_GET                      = 0x36
+	IP_FW_NAT_CFG                  = 0x38
+	IP_FW_NAT_DEL                  = 0x39
+	IP_FW_NAT_GET_CONFIG           = 0x3a
+	IP_FW_NAT_GET_LOG              = 0x3b
+	IP_FW_RESETLOG                 = 0x37
+	IP_FW_TABLE_ADD                = 0x28
+	IP_FW_TABLE_DEL                = 0x29
+	IP_FW_TABLE_FLUSH              = 0x2a
+	IP_FW_TABLE_GETSIZE            = 0x2b
+	IP_FW_TABLE_LIST               = 0x2c
+	IP_FW_ZERO                     = 0x35
+	IP_HDRINCL                     = 0x2
+	IP_IPSEC_POLICY                = 0x15
+	IP_MAXPACKET                   = 0xffff
+	IP_MAX_GROUP_SRC_FILTER        = 0x200
+	IP_MAX_MEMBERSHIPS             = 0xfff
+	IP_MAX_SOCK_MUTE_FILTER        = 0x80
+	IP_MAX_SOCK_SRC_FILTER         = 0x80
+	IP_MF                          = 0x2000
+	IP_MINTTL                      = 0x42
+	IP_MSFILTER                    = 0x4a
+	IP_MSS                         = 0x240
+	IP_MULTICAST_IF                = 0x9
+	IP_MULTICAST_LOOP              = 0xb
+	IP_MULTICAST_TTL               = 0xa
+	IP_MULTICAST_VIF               = 0xe
+	IP_OFFMASK                     = 0x1fff
+	IP_ONESBCAST                   = 0x17
+	IP_OPTIONS                     = 0x1
+	IP_ORIGDSTADDR                 = 0x1b
+	IP_PORTRANGE                   = 0x13
+	IP_PORTRANGE_DEFAULT           = 0x0
+	IP_PORTRANGE_HIGH              = 0x1
+	IP_PORTRANGE_LOW               = 0x2
+	IP_RECVDSTADDR                 = 0x7
+	IP_RECVFLOWID                  = 0x5d
+	IP_RECVIF                      = 0x14
+	IP_RECVOPTS                    = 0x5
+	IP_RECVORIGDSTADDR             = 0x1b
+	IP_RECVRETOPTS                 = 0x6
+	IP_RECVRSSBUCKETID             = 0x5e
+	IP_RECVTOS                     = 0x44
+	IP_RECVTTL                     = 0x41
+	IP_RETOPTS                     = 0x8
+	IP_RF                          = 0x8000
+	IP_RSSBUCKETID                 = 0x5c
+	IP_RSS_LISTEN_BUCKET           = 0x1a
+	IP_RSVP_OFF                    = 0x10
+	IP_RSVP_ON                     = 0xf
+	IP_RSVP_VIF_OFF                = 0x12
+	IP_RSVP_VIF_ON                 = 0x11
+	IP_SENDSRCADDR                 = 0x7
+	IP_TOS                         = 0x3
+	IP_TTL                         = 0x4
+	IP_UNBLOCK_SOURCE              = 0x49
+	ISIG                           = 0x80
+	ISTRIP                         = 0x20
+	IXANY                          = 0x800
+	IXOFF                          = 0x400
+	IXON                           = 0x200
+	KERN_HOSTNAME                  = 0xa
+	KERN_OSRELEASE                 = 0x2
+	KERN_OSTYPE                    = 0x1
+	KERN_VERSION                   = 0x4
+	LOCK_EX                        = 0x2
+	LOCK_NB                        = 0x4
+	LOCK_SH                        = 0x1
+	LOCK_UN                        = 0x8
+	MADV_AUTOSYNC                  = 0x7
+	MADV_CORE                      = 0x9
+	MADV_DONTNEED                  = 0x4
+	MADV_FREE                      = 0x5
+	MADV_NOCORE                    = 0x8
+	MADV_NORMAL                    = 0x0
+	MADV_NOSYNC                    = 0x6
+	MADV_PROTECT                   = 0xa
+	MADV_RANDOM                    = 0x1
+	MADV_SEQUENTIAL                = 0x2
+	MADV_WILLNEED                  = 0x3
+	MAP_ALIGNED_SUPER              = 0x1000000
+	MAP_ALIGNMENT_MASK             = -0x1000000
+	MAP_ALIGNMENT_SHIFT            = 0x18
+	MAP_ANON                       = 0x1000
+	MAP_ANONYMOUS                  = 0x1000
+	MAP_COPY                       = 0x2
+	MAP_EXCL                       = 0x4000
+	MAP_FILE                       = 0x0
+	MAP_FIXED                      = 0x10
+	MAP_GUARD                      = 0x2000
+	MAP_HASSEMAPHORE               = 0x200
+	MAP_NOCORE                     = 0x20000
+	MAP_NOSYNC                     = 0x800
+	MAP_PREFAULT_READ              = 0x40000
+	MAP_PRIVATE                    = 0x2
+	MAP_RESERVED0020               = 0x20
+	MAP_RESERVED0040               = 0x40
+	MAP_RESERVED0080               = 0x80
+	MAP_RESERVED0100               = 0x100
+	MAP_SHARED                     = 0x1
+	MAP_STACK                      = 0x400
+	MCAST_BLOCK_SOURCE             = 0x54
+	MCAST_EXCLUDE                  = 0x2
+	MCAST_INCLUDE                  = 0x1
+	MCAST_JOIN_GROUP               = 0x50
+	MCAST_JOIN_SOURCE_GROUP        = 0x52
+	MCAST_LEAVE_GROUP              = 0x51
+	MCAST_LEAVE_SOURCE_GROUP       = 0x53
+	MCAST_UNBLOCK_SOURCE           = 0x55
+	MCAST_UNDEFINED                = 0x0
+	MCL_CURRENT                    = 0x1
+	MCL_FUTURE                     = 0x2
+	MNT_ACLS                       = 0x8000000
+	MNT_ASYNC                      = 0x40
+	MNT_AUTOMOUNTED                = 0x200000000
+	MNT_BYFSID                     = 0x8000000
+	MNT_CMDFLAGS                   = 0xd0f0000
+	MNT_DEFEXPORTED                = 0x200
+	MNT_DELEXPORT                  = 0x20000
+	MNT_EXKERB                     = 0x800
+	MNT_EXPORTANON                 = 0x400
+	MNT_EXPORTED                   = 0x100
+	MNT_EXPUBLIC                   = 0x20000000
+	MNT_EXRDONLY                   = 0x80
+	MNT_FORCE                      = 0x80000
+	MNT_GJOURNAL                   = 0x2000000
+	MNT_IGNORE                     = 0x800000
+	MNT_LAZY                       = 0x3
+	MNT_LOCAL                      = 0x1000
+	MNT_MULTILABEL                 = 0x4000000
+	MNT_NFS4ACLS                   = 0x10
+	MNT_NOATIME                    = 0x10000000
+	MNT_NOCLUSTERR                 = 0x40000000
+	MNT_NOCLUSTERW                 = 0x80000000
+	MNT_NOEXEC                     = 0x4
+	MNT_NONBUSY                    = 0x4000000
+	MNT_NOSUID                     = 0x8
+	MNT_NOSYMFOLLOW                = 0x400000
+	MNT_NOWAIT                     = 0x2
+	MNT_QUOTA                      = 0x2000
+	MNT_RDONLY                     = 0x1
+	MNT_RELOAD                     = 0x40000
+	MNT_ROOTFS                     = 0x4000
+	MNT_SNAPSHOT                   = 0x1000000
+	MNT_SOFTDEP                    = 0x200000
+	MNT_SUIDDIR                    = 0x100000
+	MNT_SUJ                        = 0x100000000
+	MNT_SUSPEND                    = 0x4
+	MNT_SYNCHRONOUS                = 0x2
+	MNT_UNION                      = 0x20
+	MNT_UNTRUSTED                  = 0x800000000
+	MNT_UPDATE                     = 0x10000
+	MNT_UPDATEMASK                 = 0xad8d0807e
+	MNT_USER                       = 0x8000
+	MNT_VERIFIED                   = 0x400000000
+	MNT_VISFLAGMASK                = 0xffef0ffff
+	MNT_WAIT                       = 0x1
+	MSG_CMSG_CLOEXEC               = 0x40000
+	MSG_COMPAT                     = 0x8000
+	MSG_CTRUNC                     = 0x20
+	MSG_DONTROUTE                  = 0x4
+	MSG_DONTWAIT                   = 0x80
+	MSG_EOF                        = 0x100
+	MSG_EOR                        = 0x8
+	MSG_NBIO                       = 0x4000
+	MSG_NOSIGNAL                   = 0x20000
+	MSG_NOTIFICATION               = 0x2000
+	MSG_OOB                        = 0x1
+	MSG_PEEK                       = 0x2
+	MSG_TRUNC                      = 0x10
+	MSG_WAITALL                    = 0x40
+	MSG_WAITFORONE                 = 0x80000
+	MS_ASYNC                       = 0x1
+	MS_INVALIDATE                  = 0x2
+	MS_SYNC                        = 0x0
+	NAME_MAX                       = 0xff
+	NET_RT_DUMP                    = 0x1
+	NET_RT_FLAGS                   = 0x2
+	NET_RT_IFLIST                  = 0x3
+	NET_RT_IFLISTL                 = 0x5
+	NET_RT_IFMALIST                = 0x4
+	NFDBITS                        = 0x20
+	NOFLSH                         = 0x80000000
+	NOKERNINFO                     = 0x2000000
+	NOTE_ABSTIME                   = 0x10
+	NOTE_ATTRIB                    = 0x8
+	NOTE_CHILD                     = 0x4
+	NOTE_CLOSE                     = 0x100
+	NOTE_CLOSE_WRITE               = 0x200
+	NOTE_DELETE                    = 0x1
+	NOTE_EXEC                      = 0x20000000
+	NOTE_EXIT                      = 0x80000000
+	NOTE_EXTEND                    = 0x4
+	NOTE_FFAND                     = 0x40000000
+	NOTE_FFCOPY                    = 0xc0000000
+	NOTE_FFCTRLMASK                = 0xc0000000
+	NOTE_FFLAGSMASK                = 0xffffff
+	NOTE_FFNOP                     = 0x0
+	NOTE_FFOR                      = 0x80000000
+	NOTE_FILE_POLL                 = 0x2
+	NOTE_FORK                      = 0x40000000
+	NOTE_LINK                      = 0x10
+	NOTE_LOWAT                     = 0x1
+	NOTE_MSECONDS                  = 0x2
+	NOTE_NSECONDS                  = 0x8
+	NOTE_OPEN                      = 0x80
+	NOTE_PCTRLMASK                 = 0xf0000000
+	NOTE_PDATAMASK                 = 0xfffff
+	NOTE_READ                      = 0x400
+	NOTE_RENAME                    = 0x20
+	NOTE_REVOKE                    = 0x40
+	NOTE_SECONDS                   = 0x1
+	NOTE_TRACK                     = 0x1
+	NOTE_TRACKERR                  = 0x2
+	NOTE_TRIGGER                   = 0x1000000
+	NOTE_USECONDS                  = 0x4
+	NOTE_WRITE                     = 0x2
+	OCRNL                          = 0x10
+	ONLCR                          = 0x2
+	ONLRET                         = 0x40
+	ONOCR                          = 0x20
+	ONOEOT                         = 0x8
+	OPOST                          = 0x1
+	OXTABS                         = 0x4
+	O_ACCMODE                      = 0x3
+	O_APPEND                       = 0x8
+	O_ASYNC                        = 0x40
+	O_CLOEXEC                      = 0x100000
+	O_CREAT                        = 0x200
+	O_DIRECT                       = 0x10000
+	O_DIRECTORY                    = 0x20000
+	O_EXCL                         = 0x800
+	O_EXEC                         = 0x40000
+	O_EXLOCK                       = 0x20
+	O_FSYNC                        = 0x80
+	O_NDELAY                       = 0x4
+	O_NOCTTY                       = 0x8000
+	O_NOFOLLOW                     = 0x100
+	O_NONBLOCK                     = 0x4
+	O_RDONLY                       = 0x0
+	O_RDWR                         = 0x2
+	O_SHLOCK                       = 0x10
+	O_SYNC                         = 0x80
+	O_TRUNC                        = 0x400
+	O_TTY_INIT                     = 0x80000
+	O_VERIFY                       = 0x200000
+	O_WRONLY                       = 0x1
+	PARENB                         = 0x1000
+	PARMRK                         = 0x8
+	PARODD                         = 0x2000
+	PENDIN                         = 0x20000000
+	PRIO_PGRP                      = 0x1
+	PRIO_PROCESS                   = 0x0
+	PRIO_USER                      = 0x2
+	PROT_EXEC                      = 0x4
+	PROT_NONE                      = 0x0
+	PROT_READ                      = 0x1
+	PROT_WRITE                     = 0x2
+	RLIMIT_AS                      = 0xa
+	RLIMIT_CORE                    = 0x4
+	RLIMIT_CPU                     = 0x0
+	RLIMIT_DATA                    = 0x2
+	RLIMIT_FSIZE                   = 0x1
+	RLIMIT_MEMLOCK                 = 0x6
+	RLIMIT_NOFILE                  = 0x8
+	RLIMIT_NPROC                   = 0x7
+	RLIMIT_RSS                     = 0x5
+	RLIMIT_STACK                   = 0x3
+	RLIM_INFINITY                  = 0x7fffffffffffffff
+	RTAX_AUTHOR                    = 0x6
+	RTAX_BRD                       = 0x7
+	RTAX_DST                       = 0x0
+	RTAX_GATEWAY                   = 0x1
+	RTAX_GENMASK                   = 0x3
+	RTAX_IFA                       = 0x5
+	RTAX_IFP                       = 0x4
+	RTAX_MAX                       = 0x8
+	RTAX_NETMASK                   = 0x2
+	RTA_AUTHOR                     = 0x40
+	RTA_BRD                        = 0x80
+	RTA_DST                        = 0x1
+	RTA_GATEWAY                    = 0x2
+	RTA_GENMASK                    = 0x8
+	RTA_IFA                        = 0x20
+	RTA_IFP                        = 0x10
+	RTA_NETMASK                    = 0x4
+	RTF_BLACKHOLE                  = 0x1000
+	RTF_BROADCAST                  = 0x400000
+	RTF_DONE                       = 0x40
+	RTF_DYNAMIC                    = 0x10
+	RTF_FIXEDMTU                   = 0x80000
+	RTF_FMASK                      = 0x1004d808
+	RTF_GATEWAY                    = 0x2
+	RTF_GWFLAG_COMPAT              = 0x80000000
+	RTF_HOST                       = 0x4
+	RTF_LLDATA                     = 0x400
+	RTF_LLINFO                     = 0x400
+	RTF_LOCAL                      = 0x200000
+	RTF_MODIFIED                   = 0x20
+	RTF_MULTICAST                  = 0x800000
+	RTF_PINNED                     = 0x100000
+	RTF_PROTO1                     = 0x8000
+	RTF_PROTO2                     = 0x4000
+	RTF_PROTO3                     = 0x40000
+	RTF_REJECT                     = 0x8
+	RTF_RNH_LOCKED                 = 0x40000000
+	RTF_STATIC                     = 0x800
+	RTF_STICKY                     = 0x10000000
+	RTF_UP                         = 0x1
+	RTF_XRESOLVE                   = 0x200
+	RTM_ADD                        = 0x1
+	RTM_CHANGE                     = 0x3
+	RTM_DELADDR                    = 0xd
+	RTM_DELETE                     = 0x2
+	RTM_DELMADDR                   = 0x10
+	RTM_GET                        = 0x4
+	RTM_IEEE80211                  = 0x12
+	RTM_IFANNOUNCE                 = 0x11
+	RTM_IFINFO                     = 0xe
+	RTM_LOCK                       = 0x8
+	RTM_LOSING                     = 0x5
+	RTM_MISS                       = 0x7
+	RTM_NEWADDR                    = 0xc
+	RTM_NEWMADDR                   = 0xf
+	RTM_REDIRECT                   = 0x6
+	RTM_RESOLVE                    = 0xb
+	RTM_RTTUNIT                    = 0xf4240
+	RTM_VERSION                    = 0x5
+	RTV_EXPIRE                     = 0x4
+	RTV_HOPCOUNT                   = 0x2
+	RTV_MTU                        = 0x1
+	RTV_RPIPE                      = 0x8
+	RTV_RTT                        = 0x40
+	RTV_RTTVAR                     = 0x80
+	RTV_SPIPE                      = 0x10
+	RTV_SSTHRESH                   = 0x20
+	RTV_WEIGHT                     = 0x100
+	RT_ALL_FIBS                    = -0x1
+	RT_BLACKHOLE                   = 0x40
+	RT_DEFAULT_FIB                 = 0x0
+	RT_HAS_GW                      = 0x80
+	RT_HAS_HEADER                  = 0x10
+	RT_HAS_HEADER_BIT              = 0x4
+	RT_L2_ME                       = 0x4
+	RT_L2_ME_BIT                   = 0x2
+	RT_LLE_CACHE                   = 0x100
+	RT_MAY_LOOP                    = 0x8
+	RT_MAY_LOOP_BIT                = 0x3
+	RT_REJECT                      = 0x20
+	RUSAGE_CHILDREN                = -0x1
+	RUSAGE_SELF                    = 0x0
+	RUSAGE_THREAD                  = 0x1
+	SCM_BINTIME                    = 0x4
+	SCM_CREDS                      = 0x3
+	SCM_MONOTONIC                  = 0x6
+	SCM_REALTIME                   = 0x5
+	SCM_RIGHTS                     = 0x1
+	SCM_TIMESTAMP                  = 0x2
+	SCM_TIME_INFO                  = 0x7
+	SHUT_RD                        = 0x0
+	SHUT_RDWR                      = 0x2
+	SHUT_WR                        = 0x1
+	SIOCADDMULTI                   = 0x80206931
+	SIOCAIFADDR                    = 0x8040691a
+	SIOCAIFGROUP                   = 0x80246987
+	SIOCATMARK                     = 0x40047307
+	SIOCDELMULTI                   = 0x80206932
+	SIOCDIFADDR                    = 0x80206919
+	SIOCDIFGROUP                   = 0x80246989
+	SIOCDIFPHYADDR                 = 0x80206949
+	SIOCGDRVSPEC                   = 0xc01c697b
+	SIOCGETSGCNT                   = 0xc0147210
+	SIOCGETVIFCNT                  = 0xc014720f
+	SIOCGHIWAT                     = 0x40047301
+	SIOCGHWADDR                    = 0xc020693e
+	SIOCGI2C                       = 0xc020693d
+	SIOCGIFADDR                    = 0xc0206921
+	SIOCGIFBRDADDR                 = 0xc0206923
+	SIOCGIFCAP                     = 0xc020691f
+	SIOCGIFCONF                    = 0xc0086924
+	SIOCGIFDESCR                   = 0xc020692a
+	SIOCGIFDSTADDR                 = 0xc0206922
+	SIOCGIFFIB                     = 0xc020695c
+	SIOCGIFFLAGS                   = 0xc0206911
+	SIOCGIFGENERIC                 = 0xc020693a
+	SIOCGIFGMEMB                   = 0xc024698a
+	SIOCGIFGROUP                   = 0xc0246988
+	SIOCGIFINDEX                   = 0xc0206920
+	SIOCGIFMAC                     = 0xc0206926
+	SIOCGIFMEDIA                   = 0xc0286938
+	SIOCGIFMETRIC                  = 0xc0206917
+	SIOCGIFMTU                     = 0xc0206933
+	SIOCGIFNETMASK                 = 0xc0206925
+	SIOCGIFPDSTADDR                = 0xc0206948
+	SIOCGIFPHYS                    = 0xc0206935
+	SIOCGIFPSRCADDR                = 0xc0206947
+	SIOCGIFRSSHASH                 = 0xc0186997
+	SIOCGIFRSSKEY                  = 0xc0946996
+	SIOCGIFSTATUS                  = 0xc331693b
+	SIOCGIFXMEDIA                  = 0xc028698b
+	SIOCGLANPCP                    = 0xc0206998
+	SIOCGLOWAT                     = 0x40047303
+	SIOCGPGRP                      = 0x40047309
+	SIOCGPRIVATE_0                 = 0xc0206950
+	SIOCGPRIVATE_1                 = 0xc0206951
+	SIOCGTUNFIB                    = 0xc020695e
+	SIOCIFCREATE                   = 0xc020697a
+	SIOCIFCREATE2                  = 0xc020697c
+	SIOCIFDESTROY                  = 0x80206979
+	SIOCIFGCLONERS                 = 0xc00c6978
+	SIOCSDRVSPEC                   = 0x801c697b
+	SIOCSHIWAT                     = 0x80047300
+	SIOCSIFADDR                    = 0x8020690c
+	SIOCSIFBRDADDR                 = 0x80206913
+	SIOCSIFCAP                     = 0x8020691e
+	SIOCSIFDESCR                   = 0x80206929
+	SIOCSIFDSTADDR                 = 0x8020690e
+	SIOCSIFFIB                     = 0x8020695d
+	SIOCSIFFLAGS                   = 0x80206910
+	SIOCSIFGENERIC                 = 0x80206939
+	SIOCSIFLLADDR                  = 0x8020693c
+	SIOCSIFMAC                     = 0x80206927
+	SIOCSIFMEDIA                   = 0xc0206937
+	SIOCSIFMETRIC                  = 0x80206918
+	SIOCSIFMTU                     = 0x80206934
+	SIOCSIFNAME                    = 0x80206928
+	SIOCSIFNETMASK                 = 0x80206916
+	SIOCSIFPHYADDR                 = 0x80406946
+	SIOCSIFPHYS                    = 0x80206936
+	SIOCSIFRVNET                   = 0xc020695b
+	SIOCSIFVNET                    = 0xc020695a
+	SIOCSLANPCP                    = 0x80206999
+	SIOCSLOWAT                     = 0x80047302
+	SIOCSPGRP                      = 0x80047308
+	SIOCSTUNFIB                    = 0x8020695f
+	SOCK_CLOEXEC                   = 0x10000000
+	SOCK_DGRAM                     = 0x2
+	SOCK_MAXADDRLEN                = 0xff
+	SOCK_NONBLOCK                  = 0x20000000
+	SOCK_RAW                       = 0x3
+	SOCK_RDM                       = 0x4
+	SOCK_SEQPACKET                 = 0x5
+	SOCK_STREAM                    = 0x1
+	SOL_SOCKET                     = 0xffff
+	SOMAXCONN                      = 0x80
+	SO_ACCEPTCONN                  = 0x2
+	SO_ACCEPTFILTER                = 0x1000
+	SO_BINTIME                     = 0x2000
+	SO_BROADCAST                   = 0x20
+	SO_DEBUG                       = 0x1
+	SO_DOMAIN                      = 0x1019
+	SO_DONTROUTE                   = 0x10
+	SO_ERROR                       = 0x1007
+	SO_KEEPALIVE                   = 0x8
+	SO_LABEL                       = 0x1009
+	SO_LINGER                      = 0x80
+	SO_LISTENINCQLEN               = 0x1013
+	SO_LISTENQLEN                  = 0x1012
+	SO_LISTENQLIMIT                = 0x1011
+	SO_MAX_PACING_RATE             = 0x1018
+	SO_NOSIGPIPE                   = 0x800
+	SO_NO_DDP                      = 0x8000
+	SO_NO_OFFLOAD                  = 0x4000
+	SO_OOBINLINE                   = 0x100
+	SO_PEERLABEL                   = 0x1010
+	SO_PROTOCOL                    = 0x1016
+	SO_PROTOTYPE                   = 0x1016
+	SO_RCVBUF                      = 0x1002
+	SO_RCVLOWAT                    = 0x1004
+	SO_RCVTIMEO                    = 0x1006
+	SO_REUSEADDR                   = 0x4
+	SO_REUSEPORT                   = 0x200
+	SO_REUSEPORT_LB                = 0x10000
+	SO_SETFIB                      = 0x1014
+	SO_SNDBUF                      = 0x1001
+	SO_SNDLOWAT                    = 0x1003
+	SO_SNDTIMEO                    = 0x1005
+	SO_TIMESTAMP                   = 0x400
+	SO_TS_BINTIME                  = 0x1
+	SO_TS_CLOCK                    = 0x1017
+	SO_TS_CLOCK_MAX                = 0x3
+	SO_TS_DEFAULT                  = 0x0
+	SO_TS_MONOTONIC                = 0x3
+	SO_TS_REALTIME                 = 0x2
+	SO_TS_REALTIME_MICRO           = 0x0
+	SO_TYPE                        = 0x1008
+	SO_USELOOPBACK                 = 0x40
+	SO_USER_COOKIE                 = 0x1015
+	SO_VENDOR                      = 0x80000000
+	S_BLKSIZE                      = 0x200
+	S_IEXEC                        = 0x40
+	S_IFBLK                        = 0x6000
+	S_IFCHR                        = 0x2000
+	S_IFDIR                        = 0x4000
+	S_IFIFO                        = 0x1000
+	S_IFLNK                        = 0xa000
+	S_IFMT                         = 0xf000
+	S_IFREG                        = 0x8000
+	S_IFSOCK                       = 0xc000
+	S_IFWHT                        = 0xe000
+	S_IREAD                        = 0x100
+	S_IRGRP                        = 0x20
+	S_IROTH                        = 0x4
+	S_IRUSR                        = 0x100
+	S_IRWXG                        = 0x38
+	S_IRWXO                        = 0x7
+	S_IRWXU                        = 0x1c0
+	S_ISGID                        = 0x400
+	S_ISTXT                        = 0x200
+	S_ISUID                        = 0x800
+	S_ISVTX                        = 0x200
+	S_IWGRP                        = 0x10
+	S_IWOTH                        = 0x2
+	S_IWRITE                       = 0x80
+	S_IWUSR                        = 0x80
+	S_IXGRP                        = 0x8
+	S_IXOTH                        = 0x1
+	S_IXUSR                        = 0x40
+	TAB0                           = 0x0
+	TAB3                           = 0x4
+	TABDLY                         = 0x4
+	TCIFLUSH                       = 0x1
+	TCIOFF                         = 0x3
+	TCIOFLUSH                      = 0x3
+	TCION                          = 0x4
+	TCOFLUSH                       = 0x2
+	TCOOFF                         = 0x1
+	TCOON                          = 0x2
+	TCP_BBR_ACK_COMP_ALG           = 0x448
+	TCP_BBR_DRAIN_INC_EXTRA        = 0x43c
+	TCP_BBR_DRAIN_PG               = 0x42e
+	TCP_BBR_EXTRA_GAIN             = 0x449
+	TCP_BBR_IWINTSO                = 0x42b
+	TCP_BBR_LOWGAIN_FD             = 0x436
+	TCP_BBR_LOWGAIN_HALF           = 0x435
+	TCP_BBR_LOWGAIN_THRESH         = 0x434
+	TCP_BBR_MAX_RTO                = 0x439
+	TCP_BBR_MIN_RTO                = 0x438
+	TCP_BBR_ONE_RETRAN             = 0x431
+	TCP_BBR_PACE_CROSS             = 0x442
+	TCP_BBR_PACE_DEL_TAR           = 0x43f
+	TCP_BBR_PACE_PER_SEC           = 0x43e
+	TCP_BBR_PACE_SEG_MAX           = 0x440
+	TCP_BBR_PACE_SEG_MIN           = 0x441
+	TCP_BBR_PROBE_RTT_GAIN         = 0x44d
+	TCP_BBR_PROBE_RTT_INT          = 0x430
+	TCP_BBR_PROBE_RTT_LEN          = 0x44e
+	TCP_BBR_RACK_RTT_USE           = 0x44a
+	TCP_BBR_RECFORCE               = 0x42c
+	TCP_BBR_REC_OVER_HPTS          = 0x43a
+	TCP_BBR_RETRAN_WTSO            = 0x44b
+	TCP_BBR_RWND_IS_APP            = 0x42f
+	TCP_BBR_STARTUP_EXIT_EPOCH     = 0x43d
+	TCP_BBR_STARTUP_LOSS_EXIT      = 0x432
+	TCP_BBR_STARTUP_PG             = 0x42d
+	TCP_BBR_UNLIMITED              = 0x43b
+	TCP_BBR_USEDEL_RATE            = 0x437
+	TCP_BBR_USE_LOWGAIN            = 0x433
+	TCP_CA_NAME_MAX                = 0x10
+	TCP_CCALGOOPT                  = 0x41
+	TCP_CONGESTION                 = 0x40
+	TCP_DATA_AFTER_CLOSE           = 0x44c
+	TCP_DELACK                     = 0x48
+	TCP_FASTOPEN                   = 0x401
+	TCP_FASTOPEN_MAX_COOKIE_LEN    = 0x10
+	TCP_FASTOPEN_MIN_COOKIE_LEN    = 0x4
+	TCP_FASTOPEN_PSK_LEN           = 0x10
+	TCP_FUNCTION_BLK               = 0x2000
+	TCP_FUNCTION_NAME_LEN_MAX      = 0x20
+	TCP_INFO                       = 0x20
+	TCP_KEEPCNT                    = 0x400
+	TCP_KEEPIDLE                   = 0x100
+	TCP_KEEPINIT                   = 0x80
+	TCP_KEEPINTVL                  = 0x200
+	TCP_LOG                        = 0x22
+	TCP_LOGBUF                     = 0x23
+	TCP_LOGDUMP                    = 0x25
+	TCP_LOGDUMPID                  = 0x26
+	TCP_LOGID                      = 0x24
+	TCP_LOG_ID_LEN                 = 0x40
+	TCP_MAXBURST                   = 0x4
+	TCP_MAXHLEN                    = 0x3c
+	TCP_MAXOLEN                    = 0x28
+	TCP_MAXSEG                     = 0x2
+	TCP_MAXWIN                     = 0xffff
+	TCP_MAX_SACK                   = 0x4
+	TCP_MAX_WINSHIFT               = 0xe
+	TCP_MD5SIG                     = 0x10
+	TCP_MINMSS                     = 0xd8
+	TCP_MSS                        = 0x218
+	TCP_NODELAY                    = 0x1
+	TCP_NOOPT                      = 0x8
+	TCP_NOPUSH                     = 0x4
+	TCP_PCAP_IN                    = 0x1000
+	TCP_PCAP_OUT                   = 0x800
+	TCP_RACK_EARLY_RECOV           = 0x423
+	TCP_RACK_EARLY_SEG             = 0x424
+	TCP_RACK_IDLE_REDUCE_HIGH      = 0x444
+	TCP_RACK_MIN_PACE              = 0x445
+	TCP_RACK_MIN_PACE_SEG          = 0x446
+	TCP_RACK_MIN_TO                = 0x422
+	TCP_RACK_PACE_ALWAYS           = 0x41f
+	TCP_RACK_PACE_MAX_SEG          = 0x41e
+	TCP_RACK_PACE_REDUCE           = 0x41d
+	TCP_RACK_PKT_DELAY             = 0x428
+	TCP_RACK_PROP                  = 0x41b
+	TCP_RACK_PROP_RATE             = 0x420
+	TCP_RACK_PRR_SENDALOT          = 0x421
+	TCP_RACK_REORD_FADE            = 0x426
+	TCP_RACK_REORD_THRESH          = 0x425
+	TCP_RACK_SESS_CWV              = 0x42a
+	TCP_RACK_TLP_INC_VAR           = 0x429
+	TCP_RACK_TLP_REDUCE            = 0x41c
+	TCP_RACK_TLP_THRESH            = 0x427
+	TCP_RACK_TLP_USE               = 0x447
+	TCP_VENDOR                     = 0x80000000
+	TCSAFLUSH                      = 0x2
+	TIMER_ABSTIME                  = 0x1
+	TIMER_RELTIME                  = 0x0
+	TIOCCBRK                       = 0x2000747a
+	TIOCCDTR                       = 0x20007478
+	TIOCCONS                       = 0x80047462
+	TIOCDRAIN                      = 0x2000745e
+	TIOCEXCL                       = 0x2000740d
+	TIOCEXT                        = 0x80047460
+	TIOCFLUSH                      = 0x80047410
+	TIOCGDRAINWAIT                 = 0x40047456
+	TIOCGETA                       = 0x402c7413
+	TIOCGETD                       = 0x4004741a
+	TIOCGPGRP                      = 0x40047477
+	TIOCGPTN                       = 0x4004740f
+	TIOCGSID                       = 0x40047463
+	TIOCGWINSZ                     = 0x40087468
+	TIOCMBIC                       = 0x8004746b
+	TIOCMBIS                       = 0x8004746c
+	TIOCMGDTRWAIT                  = 0x4004745a
+	TIOCMGET                       = 0x4004746a
+	TIOCMSDTRWAIT                  = 0x8004745b
+	TIOCMSET                       = 0x8004746d
+	TIOCM_CAR                      = 0x40
+	TIOCM_CD                       = 0x40
+	TIOCM_CTS                      = 0x20
+	TIOCM_DCD                      = 0x40
+	TIOCM_DSR                      = 0x100
+	TIOCM_DTR                      = 0x2
+	TIOCM_LE                       = 0x1
+	TIOCM_RI                       = 0x80
+	TIOCM_RNG                      = 0x80
+	TIOCM_RTS                      = 0x4
+	TIOCM_SR                       = 0x10
+	TIOCM_ST                       = 0x8
+	TIOCNOTTY                      = 0x20007471
+	TIOCNXCL                       = 0x2000740e
+	TIOCOUTQ                       = 0x40047473
+	TIOCPKT                        = 0x80047470
+	TIOCPKT_DATA                   = 0x0
+	TIOCPKT_DOSTOP                 = 0x20
+	TIOCPKT_FLUSHREAD              = 0x1
+	TIOCPKT_FLUSHWRITE             = 0x2
+	TIOCPKT_IOCTL                  = 0x40
+	TIOCPKT_NOSTOP                 = 0x10
+	TIOCPKT_START                  = 0x8
+	TIOCPKT_STOP                   = 0x4
+	TIOCPTMASTER                   = 0x2000741c
+	TIOCSBRK                       = 0x2000747b
+	TIOCSCTTY                      = 0x20007461
+	TIOCSDRAINWAIT                 = 0x80047457
+	TIOCSDTR                       = 0x20007479
+	TIOCSETA                       = 0x802c7414
+	TIOCSETAF                      = 0x802c7416
+	TIOCSETAW                      = 0x802c7415
+	TIOCSETD                       = 0x8004741b
+	TIOCSIG                        = 0x2004745f
+	TIOCSPGRP                      = 0x80047476
+	TIOCSTART                      = 0x2000746e
+	TIOCSTAT                       = 0x20007465
+	TIOCSTI                        = 0x80017472
+	TIOCSTOP                       = 0x2000746f
+	TIOCSWINSZ                     = 0x80087467
+	TIOCTIMESTAMP                  = 0x40087459
+	TIOCUCNTL                      = 0x80047466
+	TOSTOP                         = 0x400000
+	UTIME_NOW                      = -0x1
+	UTIME_OMIT                     = -0x2
+	VDISCARD                       = 0xf
+	VDSUSP                         = 0xb
+	VEOF                           = 0x0
+	VEOL                           = 0x1
+	VEOL2                          = 0x2
+	VERASE                         = 0x3
+	VERASE2                        = 0x7
+	VINTR                          = 0x8
+	VKILL                          = 0x5
+	VLNEXT                         = 0xe
+	VMIN                           = 0x10
+	VM_BCACHE_SIZE_MAX             = 0x70e0000
+	VM_SWZONE_SIZE_MAX             = 0x2280000
+	VQUIT                          = 0x9
+	VREPRINT                       = 0x6
+	VSTART                         = 0xc
+	VSTATUS                        = 0x12
+	VSTOP                          = 0xd
+	VSUSP                          = 0xa
+	VTIME                          = 0x11
+	VWERASE                        = 0x4
+	WCONTINUED                     = 0x4
+	WCOREFLAG                      = 0x80
+	WEXITED                        = 0x10
+	WLINUXCLONE                    = 0x80000000
+	WNOHANG                        = 0x1
+	WNOWAIT                        = 0x8
+	WSTOPPED                       = 0x2
+	WTRAPPED                       = 0x20
+	WUNTRACED                      = 0x2
+)
+
+// Errors
+const (
+	E2BIG           = syscall.Errno(0x7)
+	EACCES          = syscall.Errno(0xd)
+	EADDRINUSE      = syscall.Errno(0x30)
+	EADDRNOTAVAIL   = syscall.Errno(0x31)
+	EAFNOSUPPORT    = syscall.Errno(0x2f)
+	EAGAIN          = syscall.Errno(0x23)
+	EALREADY        = syscall.Errno(0x25)
+	EAUTH           = syscall.Errno(0x50)
+	EBADF           = syscall.Errno(0x9)
+	EBADMSG         = syscall.Errno(0x59)
+	EBADRPC         = syscall.Errno(0x48)
+	EBUSY           = syscall.Errno(0x10)
+	ECANCELED       = syscall.Errno(0x55)
+	ECAPMODE        = syscall.Errno(0x5e)
+	ECHILD          = syscall.Errno(0xa)
+	ECONNABORTED    = syscall.Errno(0x35)
+	ECONNREFUSED    = syscall.Errno(0x3d)
+	ECONNRESET      = syscall.Errno(0x36)
+	EDEADLK         = syscall.Errno(0xb)
+	EDESTADDRREQ    = syscall.Errno(0x27)
+	EDOM            = syscall.Errno(0x21)
+	EDOOFUS         = syscall.Errno(0x58)
+	EDQUOT          = syscall.Errno(0x45)
+	EEXIST          = syscall.Errno(0x11)
+	EFAULT          = syscall.Errno(0xe)
+	EFBIG           = syscall.Errno(0x1b)
+	EFTYPE          = syscall.Errno(0x4f)
+	EHOSTDOWN       = syscall.Errno(0x40)
+	EHOSTUNREACH    = syscall.Errno(0x41)
+	EIDRM           = syscall.Errno(0x52)
+	EILSEQ          = syscall.Errno(0x56)
+	EINPROGRESS     = syscall.Errno(0x24)
+	EINTR           = syscall.Errno(0x4)
+	EINVAL          = syscall.Errno(0x16)
+	EIO             = syscall.Errno(0x5)
+	EISCONN         = syscall.Errno(0x38)
+	EISDIR          = syscall.Errno(0x15)
+	ELAST           = syscall.Errno(0x60)
+	ELOOP           = syscall.Errno(0x3e)
+	EMFILE          = syscall.Errno(0x18)
+	EMLINK          = syscall.Errno(0x1f)
+	EMSGSIZE        = syscall.Errno(0x28)
+	EMULTIHOP       = syscall.Errno(0x5a)
+	ENAMETOOLONG    = syscall.Errno(0x3f)
+	ENEEDAUTH       = syscall.Errno(0x51)
+	ENETDOWN        = syscall.Errno(0x32)
+	ENETRESET       = syscall.Errno(0x34)
+	ENETUNREACH     = syscall.Errno(0x33)
+	ENFILE          = syscall.Errno(0x17)
+	ENOATTR         = syscall.Errno(0x57)
+	ENOBUFS         = syscall.Errno(0x37)
+	ENODEV          = syscall.Errno(0x13)
+	ENOENT          = syscall.Errno(0x2)
+	ENOEXEC         = syscall.Errno(0x8)
+	ENOLCK          = syscall.Errno(0x4d)
+	ENOLINK         = syscall.Errno(0x5b)
+	ENOMEM          = syscall.Errno(0xc)
+	ENOMSG          = syscall.Errno(0x53)
+	ENOPROTOOPT     = syscall.Errno(0x2a)
+	ENOSPC          = syscall.Errno(0x1c)
+	ENOSYS          = syscall.Errno(0x4e)
+	ENOTBLK         = syscall.Errno(0xf)
+	ENOTCAPABLE     = syscall.Errno(0x5d)
+	ENOTCONN        = syscall.Errno(0x39)
+	ENOTDIR         = syscall.Errno(0x14)
+	ENOTEMPTY       = syscall.Errno(0x42)
+	ENOTRECOVERABLE = syscall.Errno(0x5f)
+	ENOTSOCK        = syscall.Errno(0x26)
+	ENOTSUP         = syscall.Errno(0x2d)
+	ENOTTY          = syscall.Errno(0x19)
+	ENXIO           = syscall.Errno(0x6)
+	EOPNOTSUPP      = syscall.Errno(0x2d)
+	EOVERFLOW       = syscall.Errno(0x54)
+	EOWNERDEAD      = syscall.Errno(0x60)
+	EPERM           = syscall.Errno(0x1)
+	EPFNOSUPPORT    = syscall.Errno(0x2e)
+	EPIPE           = syscall.Errno(0x20)
+	EPROCLIM        = syscall.Errno(0x43)
+	EPROCUNAVAIL    = syscall.Errno(0x4c)
+	EPROGMISMATCH   = syscall.Errno(0x4b)
+	EPROGUNAVAIL    = syscall.Errno(0x4a)
+	EPROTO          = syscall.Errno(0x5c)
+	EPROTONOSUPPORT = syscall.Errno(0x2b)
+	EPROTOTYPE      = syscall.Errno(0x29)
+	ERANGE          = syscall.Errno(0x22)
+	EREMOTE         = syscall.Errno(0x47)
+	EROFS           = syscall.Errno(0x1e)
+	ERPCMISMATCH    = syscall.Errno(0x49)
+	ESHUTDOWN       = syscall.Errno(0x3a)
+	ESOCKTNOSUPPORT = syscall.Errno(0x2c)
+	ESPIPE          = syscall.Errno(0x1d)
+	ESRCH           = syscall.Errno(0x3)
+	ESTALE          = syscall.Errno(0x46)
+	ETIMEDOUT       = syscall.Errno(0x3c)
+	ETOOMANYREFS    = syscall.Errno(0x3b)
+	ETXTBSY         = syscall.Errno(0x1a)
+	EUSERS          = syscall.Errno(0x44)
+	EWOULDBLOCK     = syscall.Errno(0x23)
+	EXDEV           = syscall.Errno(0x12)
+)
+
+// Signals
+const (
+	SIGABRT   = syscall.Signal(0x6)
+	SIGALRM   = syscall.Signal(0xe)
+	SIGBUS    = syscall.Signal(0xa)
+	SIGCHLD   = syscall.Signal(0x14)
+	SIGCONT   = syscall.Signal(0x13)
+	SIGEMT    = syscall.Signal(0x7)
+	SIGFPE    = syscall.Signal(0x8)
+	SIGHUP    = syscall.Signal(0x1)
+	SIGILL    = syscall.Signal(0x4)
+	SIGINFO   = syscall.Signal(0x1d)
+	SIGINT    = syscall.Signal(0x2)
+	SIGIO     = syscall.Signal(0x17)
+	SIGIOT    = syscall.Signal(0x6)
+	SIGKILL   = syscall.Signal(0x9)
+	SIGLIBRT  = syscall.Signal(0x21)
+	SIGLWP    = syscall.Signal(0x20)
+	SIGPIPE   = syscall.Signal(0xd)
+	SIGPROF   = syscall.Signal(0x1b)
+	SIGQUIT   = syscall.Signal(0x3)
+	SIGSEGV   = syscall.Signal(0xb)
+	SIGSTOP   = syscall.Signal(0x11)
+	SIGSYS    = syscall.Signal(0xc)
+	SIGTERM   = syscall.Signal(0xf)
+	SIGTHR    = syscall.Signal(0x20)
+	SIGTRAP   = syscall.Signal(0x5)
+	SIGTSTP   = syscall.Signal(0x12)
+	SIGTTIN   = syscall.Signal(0x15)
+	SIGTTOU   = syscall.Signal(0x16)
+	SIGURG    = syscall.Signal(0x10)
+	SIGUSR1   = syscall.Signal(0x1e)
+	SIGUSR2   = syscall.Signal(0x1f)
+	SIGVTALRM = syscall.Signal(0x1a)
+	SIGWINCH  = syscall.Signal(0x1c)
+	SIGXCPU   = syscall.Signal(0x18)
+	SIGXFSZ   = syscall.Signal(0x19)
+)
+
+// Error table
+var errorList = [...]struct {
+	num  syscall.Errno
+	name string
+	desc string
+}{
+	{1, "EPERM", "operation not permitted"},
+	{2, "ENOENT", "no such file or directory"},
+	{3, "ESRCH", "no such process"},
+	{4, "EINTR", "interrupted system call"},
+	{5, "EIO", "input/output error"},
+	{6, "ENXIO", "device not configured"},
+	{7, "E2BIG", "argument list too long"},
+	{8, "ENOEXEC", "exec format error"},
+	{9, "EBADF", "bad file descriptor"},
+	{10, "ECHILD", "no child processes"},
+	{11, "EDEADLK", "resource deadlock avoided"},
+	{12, "ENOMEM", "cannot allocate memory"},
+	{13, "EACCES", "permission denied"},
+	{14, "EFAULT", "bad address"},
+	{15, "ENOTBLK", "block device required"},
+	{16, "EBUSY", "device busy"},
+	{17, "EEXIST", "file exists"},
+	{18, "EXDEV", "cross-device link"},
+	{19, "ENODEV", "operation not supported by device"},
+	{20, "ENOTDIR", "not a directory"},
+	{21, "EISDIR", "is a directory"},
+	{22, "EINVAL", "invalid argument"},
+	{23, "ENFILE", "too many open files in system"},
+	{24, "EMFILE", "too many open files"},
+	{25, "ENOTTY", "inappropriate ioctl for device"},
+	{26, "ETXTBSY", "text file busy"},
+	{27, "EFBIG", "file too large"},
+	{28, "ENOSPC", "no space left on device"},
+	{29, "ESPIPE", "illegal seek"},
+	{30, "EROFS", "read-only file system"},
+	{31, "EMLINK", "too many links"},
+	{32, "EPIPE", "broken pipe"},
+	{33, "EDOM", "numerical argument out of domain"},
+	{34, "ERANGE", "result too large"},
+	{35, "EAGAIN", "resource temporarily unavailable"},
+	{36, "EINPROGRESS", "operation now in progress"},
+	{37, "EALREADY", "operation already in progress"},
+	{38, "ENOTSOCK", "socket operation on non-socket"},
+	{39, "EDESTADDRREQ", "destination address required"},
+	{40, "EMSGSIZE", "message too long"},
+	{41, "EPROTOTYPE", "protocol wrong type for socket"},
+	{42, "ENOPROTOOPT", "protocol not available"},
+	{43, "EPROTONOSUPPORT", "protocol not supported"},
+	{44, "ESOCKTNOSUPPORT", "socket type not supported"},
+	{45, "EOPNOTSUPP", "operation not supported"},
+	{46, "EPFNOSUPPORT", "protocol family not supported"},
+	{47, "EAFNOSUPPORT", "address family not supported by protocol family"},
+	{48, "EADDRINUSE", "address already in use"},
+	{49, "EADDRNOTAVAIL", "can't assign requested address"},
+	{50, "ENETDOWN", "network is down"},
+	{51, "ENETUNREACH", "network is unreachable"},
+	{52, "ENETRESET", "network dropped connection on reset"},
+	{53, "ECONNABORTED", "software caused connection abort"},
+	{54, "ECONNRESET", "connection reset by peer"},
+	{55, "ENOBUFS", "no buffer space available"},
+	{56, "EISCONN", "socket is already connected"},
+	{57, "ENOTCONN", "socket is not connected"},
+	{58, "ESHUTDOWN", "can't send after socket shutdown"},
+	{59, "ETOOMANYREFS", "too many references: can't splice"},
+	{60, "ETIMEDOUT", "operation timed out"},
+	{61, "ECONNREFUSED", "connection refused"},
+	{62, "ELOOP", "too many levels of symbolic links"},
+	{63, "ENAMETOOLONG", "file name too long"},
+	{64, "EHOSTDOWN", "host is down"},
+	{65, "EHOSTUNREACH", "no route to host"},
+	{66, "ENOTEMPTY", "directory not empty"},
+	{67, "EPROCLIM", "too many processes"},
+	{68, "EUSERS", "too many users"},
+	{69, "EDQUOT", "disc quota exceeded"},
+	{70, "ESTALE", "stale NFS file handle"},
+	{71, "EREMOTE", "too many levels of remote in path"},
+	{72, "EBADRPC", "RPC struct is bad"},
+	{73, "ERPCMISMATCH", "RPC version wrong"},
+	{74, "EPROGUNAVAIL", "RPC prog. not avail"},
+	{75, "EPROGMISMATCH", "program version wrong"},
+	{76, "EPROCUNAVAIL", "bad procedure for program"},
+	{77, "ENOLCK", "no locks available"},
+	{78, "ENOSYS", "function not implemented"},
+	{79, "EFTYPE", "inappropriate file type or format"},
+	{80, "EAUTH", "authentication error"},
+	{81, "ENEEDAUTH", "need authenticator"},
+	{82, "EIDRM", "identifier removed"},
+	{83, "ENOMSG", "no message of desired type"},
+	{84, "EOVERFLOW", "value too large to be stored in data type"},
+	{85, "ECANCELED", "operation canceled"},
+	{86, "EILSEQ", "illegal byte sequence"},
+	{87, "ENOATTR", "attribute not found"},
+	{88, "EDOOFUS", "programming error"},
+	{89, "EBADMSG", "bad message"},
+	{90, "EMULTIHOP", "multihop attempted"},
+	{91, "ENOLINK", "link has been severed"},
+	{92, "EPROTO", "protocol error"},
+	{93, "ENOTCAPABLE", "capabilities insufficient"},
+	{94, "ECAPMODE", "not permitted in capability mode"},
+	{95, "ENOTRECOVERABLE", "state not recoverable"},
+	{96, "EOWNERDEAD", "previous owner died"},
+}
+
+// Signal table
+var signalList = [...]struct {
+	num  syscall.Signal
+	name string
+	desc string
+}{
+	{1, "SIGHUP", "hangup"},
+	{2, "SIGINT", "interrupt"},
+	{3, "SIGQUIT", "quit"},
+	{4, "SIGILL", "illegal instruction"},
+	{5, "SIGTRAP", "trace/BPT trap"},
+	{6, "SIGIOT", "abort trap"},
+	{7, "SIGEMT", "EMT trap"},
+	{8, "SIGFPE", "floating point exception"},
+	{9, "SIGKILL", "killed"},
+	{10, "SIGBUS", "bus error"},
+	{11, "SIGSEGV", "segmentation fault"},
+	{12, "SIGSYS", "bad system call"},
+	{13, "SIGPIPE", "broken pipe"},
+	{14, "SIGALRM", "alarm clock"},
+	{15, "SIGTERM", "terminated"},
+	{16, "SIGURG", "urgent I/O condition"},
+	{17, "SIGSTOP", "suspended (signal)"},
+	{18, "SIGTSTP", "suspended"},
+	{19, "SIGCONT", "continued"},
+	{20, "SIGCHLD", "child exited"},
+	{21, "SIGTTIN", "stopped (tty input)"},
+	{22, "SIGTTOU", "stopped (tty output)"},
+	{23, "SIGIO", "I/O possible"},
+	{24, "SIGXCPU", "cputime limit exceeded"},
+	{25, "SIGXFSZ", "filesize limit exceeded"},
+	{26, "SIGVTALRM", "virtual timer expired"},
+	{27, "SIGPROF", "profiling timer expired"},
+	{28, "SIGWINCH", "window size changes"},
+	{29, "SIGINFO", "information request"},
+	{30, "SIGUSR1", "user defined signal 1"},
+	{31, "SIGUSR2", "user defined signal 2"},
+	{32, "SIGTHR", "unknown signal"},
+	{33, "SIGLIBRT", "unknown signal"},
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go
new file mode 100644
index 000000000..b8f7c3c93
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go
@@ -0,0 +1,1935 @@
+// mkerrors.sh -m64
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build amd64,freebsd
+
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs -- -m64 _const.go
+
+package unix
+
+import "syscall"
+
+const (
+	AF_APPLETALK                   = 0x10
+	AF_ARP                         = 0x23
+	AF_ATM                         = 0x1e
+	AF_BLUETOOTH                   = 0x24
+	AF_CCITT                       = 0xa
+	AF_CHAOS                       = 0x5
+	AF_CNT                         = 0x15
+	AF_COIP                        = 0x14
+	AF_DATAKIT                     = 0x9
+	AF_DECnet                      = 0xc
+	AF_DLI                         = 0xd
+	AF_E164                        = 0x1a
+	AF_ECMA                        = 0x8
+	AF_HYLINK                      = 0xf
+	AF_IEEE80211                   = 0x25
+	AF_IMPLINK                     = 0x3
+	AF_INET                        = 0x2
+	AF_INET6                       = 0x1c
+	AF_INET6_SDP                   = 0x2a
+	AF_INET_SDP                    = 0x28
+	AF_IPX                         = 0x17
+	AF_ISDN                        = 0x1a
+	AF_ISO                         = 0x7
+	AF_LAT                         = 0xe
+	AF_LINK                        = 0x12
+	AF_LOCAL                       = 0x1
+	AF_MAX                         = 0x2a
+	AF_NATM                        = 0x1d
+	AF_NETBIOS                     = 0x6
+	AF_NETGRAPH                    = 0x20
+	AF_OSI                         = 0x7
+	AF_PUP                         = 0x4
+	AF_ROUTE                       = 0x11
+	AF_SCLUSTER                    = 0x22
+	AF_SIP                         = 0x18
+	AF_SLOW                        = 0x21
+	AF_SNA                         = 0xb
+	AF_UNIX                        = 0x1
+	AF_UNSPEC                      = 0x0
+	AF_VENDOR00                    = 0x27
+	AF_VENDOR01                    = 0x29
+	AF_VENDOR02                    = 0x2b
+	AF_VENDOR03                    = 0x2d
+	AF_VENDOR04                    = 0x2f
+	AF_VENDOR05                    = 0x31
+	AF_VENDOR06                    = 0x33
+	AF_VENDOR07                    = 0x35
+	AF_VENDOR08                    = 0x37
+	AF_VENDOR09                    = 0x39
+	AF_VENDOR10                    = 0x3b
+	AF_VENDOR11                    = 0x3d
+	AF_VENDOR12                    = 0x3f
+	AF_VENDOR13                    = 0x41
+	AF_VENDOR14                    = 0x43
+	AF_VENDOR15                    = 0x45
+	AF_VENDOR16                    = 0x47
+	AF_VENDOR17                    = 0x49
+	AF_VENDOR18                    = 0x4b
+	AF_VENDOR19                    = 0x4d
+	AF_VENDOR20                    = 0x4f
+	AF_VENDOR21                    = 0x51
+	AF_VENDOR22                    = 0x53
+	AF_VENDOR23                    = 0x55
+	AF_VENDOR24                    = 0x57
+	AF_VENDOR25                    = 0x59
+	AF_VENDOR26                    = 0x5b
+	AF_VENDOR27                    = 0x5d
+	AF_VENDOR28                    = 0x5f
+	AF_VENDOR29                    = 0x61
+	AF_VENDOR30                    = 0x63
+	AF_VENDOR31                    = 0x65
+	AF_VENDOR32                    = 0x67
+	AF_VENDOR33                    = 0x69
+	AF_VENDOR34                    = 0x6b
+	AF_VENDOR35                    = 0x6d
+	AF_VENDOR36                    = 0x6f
+	AF_VENDOR37                    = 0x71
+	AF_VENDOR38                    = 0x73
+	AF_VENDOR39                    = 0x75
+	AF_VENDOR40                    = 0x77
+	AF_VENDOR41                    = 0x79
+	AF_VENDOR42                    = 0x7b
+	AF_VENDOR43                    = 0x7d
+	AF_VENDOR44                    = 0x7f
+	AF_VENDOR45                    = 0x81
+	AF_VENDOR46                    = 0x83
+	AF_VENDOR47                    = 0x85
+	ALTWERASE                      = 0x200
+	B0                             = 0x0
+	B110                           = 0x6e
+	B115200                        = 0x1c200
+	B1200                          = 0x4b0
+	B134                           = 0x86
+	B14400                         = 0x3840
+	B150                           = 0x96
+	B1800                          = 0x708
+	B19200                         = 0x4b00
+	B200                           = 0xc8
+	B230400                        = 0x38400
+	B2400                          = 0x960
+	B28800                         = 0x7080
+	B300                           = 0x12c
+	B38400                         = 0x9600
+	B460800                        = 0x70800
+	B4800                          = 0x12c0
+	B50                            = 0x32
+	B57600                         = 0xe100
+	B600                           = 0x258
+	B7200                          = 0x1c20
+	B75                            = 0x4b
+	B76800                         = 0x12c00
+	B921600                        = 0xe1000
+	B9600                          = 0x2580
+	BIOCFEEDBACK                   = 0x8004427c
+	BIOCFLUSH                      = 0x20004268
+	BIOCGBLEN                      = 0x40044266
+	BIOCGDIRECTION                 = 0x40044276
+	BIOCGDLT                       = 0x4004426a
+	BIOCGDLTLIST                   = 0xc0104279
+	BIOCGETBUFMODE                 = 0x4004427d
+	BIOCGETIF                      = 0x4020426b
+	BIOCGETZMAX                    = 0x4008427f
+	BIOCGHDRCMPLT                  = 0x40044274
+	BIOCGRSIG                      = 0x40044272
+	BIOCGRTIMEOUT                  = 0x4010426e
+	BIOCGSEESENT                   = 0x40044276
+	BIOCGSTATS                     = 0x4008426f
+	BIOCGTSTAMP                    = 0x40044283
+	BIOCIMMEDIATE                  = 0x80044270
+	BIOCLOCK                       = 0x2000427a
+	BIOCPROMISC                    = 0x20004269
+	BIOCROTZBUF                    = 0x40184280
+	BIOCSBLEN                      = 0xc0044266
+	BIOCSDIRECTION                 = 0x80044277
+	BIOCSDLT                       = 0x80044278
+	BIOCSETBUFMODE                 = 0x8004427e
+	BIOCSETF                       = 0x80104267
+	BIOCSETFNR                     = 0x80104282
+	BIOCSETIF                      = 0x8020426c
+	BIOCSETWF                      = 0x8010427b
+	BIOCSETZBUF                    = 0x80184281
+	BIOCSHDRCMPLT                  = 0x80044275
+	BIOCSRSIG                      = 0x80044273
+	BIOCSRTIMEOUT                  = 0x8010426d
+	BIOCSSEESENT                   = 0x80044277
+	BIOCSTSTAMP                    = 0x80044284
+	BIOCVERSION                    = 0x40044271
+	BPF_A                          = 0x10
+	BPF_ABS                        = 0x20
+	BPF_ADD                        = 0x0
+	BPF_ALIGNMENT                  = 0x8
+	BPF_ALU                        = 0x4
+	BPF_AND                        = 0x50
+	BPF_B                          = 0x10
+	BPF_BUFMODE_BUFFER             = 0x1
+	BPF_BUFMODE_ZBUF               = 0x2
+	BPF_DIV                        = 0x30
+	BPF_H                          = 0x8
+	BPF_IMM                        = 0x0
+	BPF_IND                        = 0x40
+	BPF_JA                         = 0x0
+	BPF_JEQ                        = 0x10
+	BPF_JGE                        = 0x30
+	BPF_JGT                        = 0x20
+	BPF_JMP                        = 0x5
+	BPF_JSET                       = 0x40
+	BPF_K                          = 0x0
+	BPF_LD                         = 0x0
+	BPF_LDX                        = 0x1
+	BPF_LEN                        = 0x80
+	BPF_LSH                        = 0x60
+	BPF_MAJOR_VERSION              = 0x1
+	BPF_MAXBUFSIZE                 = 0x80000
+	BPF_MAXINSNS                   = 0x200
+	BPF_MEM                        = 0x60
+	BPF_MEMWORDS                   = 0x10
+	BPF_MINBUFSIZE                 = 0x20
+	BPF_MINOR_VERSION              = 0x1
+	BPF_MISC                       = 0x7
+	BPF_MOD                        = 0x90
+	BPF_MSH                        = 0xa0
+	BPF_MUL                        = 0x20
+	BPF_NEG                        = 0x80
+	BPF_OR                         = 0x40
+	BPF_RELEASE                    = 0x30bb6
+	BPF_RET                        = 0x6
+	BPF_RSH                        = 0x70
+	BPF_ST                         = 0x2
+	BPF_STX                        = 0x3
+	BPF_SUB                        = 0x10
+	BPF_TAX                        = 0x0
+	BPF_TXA                        = 0x80
+	BPF_T_BINTIME                  = 0x2
+	BPF_T_BINTIME_FAST             = 0x102
+	BPF_T_BINTIME_MONOTONIC        = 0x202
+	BPF_T_BINTIME_MONOTONIC_FAST   = 0x302
+	BPF_T_FAST                     = 0x100
+	BPF_T_FLAG_MASK                = 0x300
+	BPF_T_FORMAT_MASK              = 0x3
+	BPF_T_MICROTIME                = 0x0
+	BPF_T_MICROTIME_FAST           = 0x100
+	BPF_T_MICROTIME_MONOTONIC      = 0x200
+	BPF_T_MICROTIME_MONOTONIC_FAST = 0x300
+	BPF_T_MONOTONIC                = 0x200
+	BPF_T_MONOTONIC_FAST           = 0x300
+	BPF_T_NANOTIME                 = 0x1
+	BPF_T_NANOTIME_FAST            = 0x101
+	BPF_T_NANOTIME_MONOTONIC       = 0x201
+	BPF_T_NANOTIME_MONOTONIC_FAST  = 0x301
+	BPF_T_NONE                     = 0x3
+	BPF_T_NORMAL                   = 0x0
+	BPF_W                          = 0x0
+	BPF_X                          = 0x8
+	BPF_XOR                        = 0xa0
+	BRKINT                         = 0x2
+	CAP_ACCEPT                     = 0x200000020000000
+	CAP_ACL_CHECK                  = 0x400000000010000
+	CAP_ACL_DELETE                 = 0x400000000020000
+	CAP_ACL_GET                    = 0x400000000040000
+	CAP_ACL_SET                    = 0x400000000080000
+	CAP_ALL0                       = 0x20007ffffffffff
+	CAP_ALL1                       = 0x4000000001fffff
+	CAP_BIND                       = 0x200000040000000
+	CAP_BINDAT                     = 0x200008000000400
+	CAP_CHFLAGSAT                  = 0x200000000001400
+	CAP_CONNECT                    = 0x200000080000000
+	CAP_CONNECTAT                  = 0x200010000000400
+	CAP_CREATE                     = 0x200000000000040
+	CAP_EVENT                      = 0x400000000000020
+	CAP_EXTATTR_DELETE             = 0x400000000001000
+	CAP_EXTATTR_GET                = 0x400000000002000
+	CAP_EXTATTR_LIST               = 0x400000000004000
+	CAP_EXTATTR_SET                = 0x400000000008000
+	CAP_FCHDIR                     = 0x200000000000800
+	CAP_FCHFLAGS                   = 0x200000000001000
+	CAP_FCHMOD                     = 0x200000000002000
+	CAP_FCHMODAT                   = 0x200000000002400
+	CAP_FCHOWN                     = 0x200000000004000
+	CAP_FCHOWNAT                   = 0x200000000004400
+	CAP_FCNTL                      = 0x200000000008000
+	CAP_FCNTL_ALL                  = 0x78
+	CAP_FCNTL_GETFL                = 0x8
+	CAP_FCNTL_GETOWN               = 0x20
+	CAP_FCNTL_SETFL                = 0x10
+	CAP_FCNTL_SETOWN               = 0x40
+	CAP_FEXECVE                    = 0x200000000000080
+	CAP_FLOCK                      = 0x200000000010000
+	CAP_FPATHCONF                  = 0x200000000020000
+	CAP_FSCK                       = 0x200000000040000
+	CAP_FSTAT                      = 0x200000000080000
+	CAP_FSTATAT                    = 0x200000000080400
+	CAP_FSTATFS                    = 0x200000000100000
+	CAP_FSYNC                      = 0x200000000000100
+	CAP_FTRUNCATE                  = 0x200000000000200
+	CAP_FUTIMES                    = 0x200000000200000
+	CAP_FUTIMESAT                  = 0x200000000200400
+	CAP_GETPEERNAME                = 0x200000100000000
+	CAP_GETSOCKNAME                = 0x200000200000000
+	CAP_GETSOCKOPT                 = 0x200000400000000
+	CAP_IOCTL                      = 0x400000000000080
+	CAP_IOCTLS_ALL                 = 0x7fffffffffffffff
+	CAP_KQUEUE                     = 0x400000000100040
+	CAP_KQUEUE_CHANGE              = 0x400000000100000
+	CAP_KQUEUE_EVENT               = 0x400000000000040
+	CAP_LINKAT_SOURCE              = 0x200020000000400
+	CAP_LINKAT_TARGET              = 0x200000000400400
+	CAP_LISTEN                     = 0x200000800000000
+	CAP_LOOKUP                     = 0x200000000000400
+	CAP_MAC_GET                    = 0x400000000000001
+	CAP_MAC_SET                    = 0x400000000000002
+	CAP_MKDIRAT                    = 0x200000000800400
+	CAP_MKFIFOAT                   = 0x200000001000400
+	CAP_MKNODAT                    = 0x200000002000400
+	CAP_MMAP                       = 0x200000000000010
+	CAP_MMAP_R                     = 0x20000000000001d
+	CAP_MMAP_RW                    = 0x20000000000001f
+	CAP_MMAP_RWX                   = 0x20000000000003f
+	CAP_MMAP_RX                    = 0x20000000000003d
+	CAP_MMAP_W                     = 0x20000000000001e
+	CAP_MMAP_WX                    = 0x20000000000003e
+	CAP_MMAP_X                     = 0x20000000000003c
+	CAP_PDGETPID                   = 0x400000000000200
+	CAP_PDKILL                     = 0x400000000000800
+	CAP_PDWAIT                     = 0x400000000000400
+	CAP_PEELOFF                    = 0x200001000000000
+	CAP_POLL_EVENT                 = 0x400000000000020
+	CAP_PREAD                      = 0x20000000000000d
+	CAP_PWRITE                     = 0x20000000000000e
+	CAP_READ                       = 0x200000000000001
+	CAP_RECV                       = 0x200000000000001
+	CAP_RENAMEAT_SOURCE            = 0x200000004000400
+	CAP_RENAMEAT_TARGET            = 0x200040000000400
+	CAP_RIGHTS_VERSION             = 0x0
+	CAP_RIGHTS_VERSION_00          = 0x0
+	CAP_SEEK                       = 0x20000000000000c
+	CAP_SEEK_TELL                  = 0x200000000000004
+	CAP_SEM_GETVALUE               = 0x400000000000004
+	CAP_SEM_POST                   = 0x400000000000008
+	CAP_SEM_WAIT                   = 0x400000000000010
+	CAP_SEND                       = 0x200000000000002
+	CAP_SETSOCKOPT                 = 0x200002000000000
+	CAP_SHUTDOWN                   = 0x200004000000000
+	CAP_SOCK_CLIENT                = 0x200007780000003
+	CAP_SOCK_SERVER                = 0x200007f60000003
+	CAP_SYMLINKAT                  = 0x200000008000400
+	CAP_TTYHOOK                    = 0x400000000000100
+	CAP_UNLINKAT                   = 0x200000010000400
+	CAP_UNUSED0_44                 = 0x200080000000000
+	CAP_UNUSED0_57                 = 0x300000000000000
+	CAP_UNUSED1_22                 = 0x400000000200000
+	CAP_UNUSED1_57                 = 0x500000000000000
+	CAP_WRITE                      = 0x200000000000002
+	CFLUSH                         = 0xf
+	CLOCAL                         = 0x8000
+	CLOCK_MONOTONIC                = 0x4
+	CLOCK_MONOTONIC_FAST           = 0xc
+	CLOCK_MONOTONIC_PRECISE        = 0xb
+	CLOCK_PROCESS_CPUTIME_ID       = 0xf
+	CLOCK_PROF                     = 0x2
+	CLOCK_REALTIME                 = 0x0
+	CLOCK_REALTIME_FAST            = 0xa
+	CLOCK_REALTIME_PRECISE         = 0x9
+	CLOCK_SECOND                   = 0xd
+	CLOCK_THREAD_CPUTIME_ID        = 0xe
+	CLOCK_UPTIME                   = 0x5
+	CLOCK_UPTIME_FAST              = 0x8
+	CLOCK_UPTIME_PRECISE           = 0x7
+	CLOCK_VIRTUAL                  = 0x1
+	CPUSTATES                      = 0x5
+	CP_IDLE                        = 0x4
+	CP_INTR                        = 0x3
+	CP_NICE                        = 0x1
+	CP_SYS                         = 0x2
+	CP_USER                        = 0x0
+	CREAD                          = 0x800
+	CRTSCTS                        = 0x30000
+	CS5                            = 0x0
+	CS6                            = 0x100
+	CS7                            = 0x200
+	CS8                            = 0x300
+	CSIZE                          = 0x300
+	CSTART                         = 0x11
+	CSTATUS                        = 0x14
+	CSTOP                          = 0x13
+	CSTOPB                         = 0x400
+	CSUSP                          = 0x1a
+	CTL_HW                         = 0x6
+	CTL_KERN                       = 0x1
+	CTL_MAXNAME                    = 0x18
+	CTL_NET                        = 0x4
+	DIOCGATTR                      = 0xc148648e
+	DIOCGDELETE                    = 0x80106488
+	DIOCGFLUSH                     = 0x20006487
+	DIOCGFRONTSTUFF                = 0x40086486
+	DIOCGFWHEADS                   = 0x40046483
+	DIOCGFWSECTORS                 = 0x40046482
+	DIOCGIDENT                     = 0x41006489
+	DIOCGMEDIASIZE                 = 0x40086481
+	DIOCGPHYSPATH                  = 0x4400648d
+	DIOCGPROVIDERNAME              = 0x4400648a
+	DIOCGSECTORSIZE                = 0x40046480
+	DIOCGSTRIPEOFFSET              = 0x4008648c
+	DIOCGSTRIPESIZE                = 0x4008648b
+	DIOCSKERNELDUMP                = 0x80506490
+	DIOCSKERNELDUMP_FREEBSD11      = 0x80046485
+	DIOCZONECMD                    = 0xc080648f
+	DLT_A429                       = 0xb8
+	DLT_A653_ICM                   = 0xb9
+	DLT_AIRONET_HEADER             = 0x78
+	DLT_AOS                        = 0xde
+	DLT_APPLE_IP_OVER_IEEE1394     = 0x8a
+	DLT_ARCNET                     = 0x7
+	DLT_ARCNET_LINUX               = 0x81
+	DLT_ATM_CLIP                   = 0x13
+	DLT_ATM_RFC1483                = 0xb
+	DLT_AURORA                     = 0x7e
+	DLT_AX25                       = 0x3
+	DLT_AX25_KISS                  = 0xca
+	DLT_BACNET_MS_TP               = 0xa5
+	DLT_BLUETOOTH_BREDR_BB         = 0xff
+	DLT_BLUETOOTH_HCI_H4           = 0xbb
+	DLT_BLUETOOTH_HCI_H4_WITH_PHDR = 0xc9
+	DLT_BLUETOOTH_LE_LL            = 0xfb
+	DLT_BLUETOOTH_LE_LL_WITH_PHDR  = 0x100
+	DLT_BLUETOOTH_LINUX_MONITOR    = 0xfe
+	DLT_CAN20B                     = 0xbe
+	DLT_CAN_SOCKETCAN              = 0xe3
+	DLT_CHAOS                      = 0x5
+	DLT_CHDLC                      = 0x68
+	DLT_CISCO_IOS                  = 0x76
+	DLT_CLASS_NETBSD_RAWAF         = 0x2240000
+	DLT_C_HDLC                     = 0x68
+	DLT_C_HDLC_WITH_DIR            = 0xcd
+	DLT_DBUS                       = 0xe7
+	DLT_DECT                       = 0xdd
+	DLT_DISPLAYPORT_AUX            = 0x113
+	DLT_DOCSIS                     = 0x8f
+	DLT_DOCSIS31_XRA31             = 0x111
+	DLT_DVB_CI                     = 0xeb
+	DLT_ECONET                     = 0x73
+	DLT_EN10MB                     = 0x1
+	DLT_EN3MB                      = 0x2
+	DLT_ENC                        = 0x6d
+	DLT_EPON                       = 0x103
+	DLT_ERF                        = 0xc5
+	DLT_ERF_ETH                    = 0xaf
+	DLT_ERF_POS                    = 0xb0
+	DLT_ETHERNET_MPACKET           = 0x112
+	DLT_FC_2                       = 0xe0
+	DLT_FC_2_WITH_FRAME_DELIMS     = 0xe1
+	DLT_FDDI                       = 0xa
+	DLT_FLEXRAY                    = 0xd2
+	DLT_FRELAY                     = 0x6b
+	DLT_FRELAY_WITH_DIR            = 0xce
+	DLT_GCOM_SERIAL                = 0xad
+	DLT_GCOM_T1E1                  = 0xac
+	DLT_GPF_F                      = 0xab
+	DLT_GPF_T                      = 0xaa
+	DLT_GPRS_LLC                   = 0xa9
+	DLT_GSMTAP_ABIS                = 0xda
+	DLT_GSMTAP_UM                  = 0xd9
+	DLT_IBM_SN                     = 0x92
+	DLT_IBM_SP                     = 0x91
+	DLT_IEEE802                    = 0x6
+	DLT_IEEE802_11                 = 0x69
+	DLT_IEEE802_11_RADIO           = 0x7f
+	DLT_IEEE802_11_RADIO_AVS       = 0xa3
+	DLT_IEEE802_15_4               = 0xc3
+	DLT_IEEE802_15_4_LINUX         = 0xbf
+	DLT_IEEE802_15_4_NOFCS         = 0xe6
+	DLT_IEEE802_15_4_NONASK_PHY    = 0xd7
+	DLT_IEEE802_16_MAC_CPS         = 0xbc
+	DLT_IEEE802_16_MAC_CPS_RADIO   = 0xc1
+	DLT_INFINIBAND                 = 0xf7
+	DLT_IPFILTER                   = 0x74
+	DLT_IPMB                       = 0xc7
+	DLT_IPMB_LINUX                 = 0xd1
+	DLT_IPMI_HPM_2                 = 0x104
+	DLT_IPNET                      = 0xe2
+	DLT_IPOIB                      = 0xf2
+	DLT_IPV4                       = 0xe4
+	DLT_IPV6                       = 0xe5
+	DLT_IP_OVER_FC                 = 0x7a
+	DLT_ISO_14443                  = 0x108
+	DLT_JUNIPER_ATM1               = 0x89
+	DLT_JUNIPER_ATM2               = 0x87
+	DLT_JUNIPER_ATM_CEMIC          = 0xee
+	DLT_JUNIPER_CHDLC              = 0xb5
+	DLT_JUNIPER_ES                 = 0x84
+	DLT_JUNIPER_ETHER              = 0xb2
+	DLT_JUNIPER_FIBRECHANNEL       = 0xea
+	DLT_JUNIPER_FRELAY             = 0xb4
+	DLT_JUNIPER_GGSN               = 0x85
+	DLT_JUNIPER_ISM                = 0xc2
+	DLT_JUNIPER_MFR                = 0x86
+	DLT_JUNIPER_MLFR               = 0x83
+	DLT_JUNIPER_MLPPP              = 0x82
+	DLT_JUNIPER_MONITOR            = 0xa4
+	DLT_JUNIPER_PIC_PEER           = 0xae
+	DLT_JUNIPER_PPP                = 0xb3
+	DLT_JUNIPER_PPPOE              = 0xa7
+	DLT_JUNIPER_PPPOE_ATM          = 0xa8
+	DLT_JUNIPER_SERVICES           = 0x88
+	DLT_JUNIPER_SRX_E2E            = 0xe9
+	DLT_JUNIPER_ST                 = 0xc8
+	DLT_JUNIPER_VP                 = 0xb7
+	DLT_JUNIPER_VS                 = 0xe8
+	DLT_LAPB_WITH_DIR              = 0xcf
+	DLT_LAPD                       = 0xcb
+	DLT_LIN                        = 0xd4
+	DLT_LINUX_EVDEV                = 0xd8
+	DLT_LINUX_IRDA                 = 0x90
+	DLT_LINUX_LAPD                 = 0xb1
+	DLT_LINUX_PPP_WITHDIRECTION    = 0xa6
+	DLT_LINUX_SLL                  = 0x71
+	DLT_LOOP                       = 0x6c
+	DLT_LORATAP                    = 0x10e
+	DLT_LTALK                      = 0x72
+	DLT_MATCHING_MAX               = 0x113
+	DLT_MATCHING_MIN               = 0x68
+	DLT_MFR                        = 0xb6
+	DLT_MOST                       = 0xd3
+	DLT_MPEG_2_TS                  = 0xf3
+	DLT_MPLS                       = 0xdb
+	DLT_MTP2                       = 0x8c
+	DLT_MTP2_WITH_PHDR             = 0x8b
+	DLT_MTP3                       = 0x8d
+	DLT_MUX27010                   = 0xec
+	DLT_NETANALYZER                = 0xf0
+	DLT_NETANALYZER_TRANSPARENT    = 0xf1
+	DLT_NETLINK                    = 0xfd
+	DLT_NFC_LLCP                   = 0xf5
+	DLT_NFLOG                      = 0xef
+	DLT_NG40                       = 0xf4
+	DLT_NORDIC_BLE                 = 0x110
+	DLT_NULL                       = 0x0
+	DLT_OPENFLOW                   = 0x10b
+	DLT_PCI_EXP                    = 0x7d
+	DLT_PFLOG                      = 0x75
+	DLT_PFSYNC                     = 0x79
+	DLT_PKTAP                      = 0x102
+	DLT_PPI                        = 0xc0
+	DLT_PPP                        = 0x9
+	DLT_PPP_BSDOS                  = 0xe
+	DLT_PPP_ETHER                  = 0x33
+	DLT_PPP_PPPD                   = 0xa6
+	DLT_PPP_SERIAL                 = 0x32
+	DLT_PPP_WITH_DIR               = 0xcc
+	DLT_PPP_WITH_DIRECTION         = 0xa6
+	DLT_PRISM_HEADER               = 0x77
+	DLT_PROFIBUS_DL                = 0x101
+	DLT_PRONET                     = 0x4
+	DLT_RAIF1                      = 0xc6
+	DLT_RAW                        = 0xc
+	DLT_RDS                        = 0x109
+	DLT_REDBACK_SMARTEDGE          = 0x20
+	DLT_RIO                        = 0x7c
+	DLT_RTAC_SERIAL                = 0xfa
+	DLT_SCCP                       = 0x8e
+	DLT_SCTP                       = 0xf8
+	DLT_SDLC                       = 0x10c
+	DLT_SITA                       = 0xc4
+	DLT_SLIP                       = 0x8
+	DLT_SLIP_BSDOS                 = 0xd
+	DLT_STANAG_5066_D_PDU          = 0xed
+	DLT_SUNATM                     = 0x7b
+	DLT_SYMANTEC_FIREWALL          = 0x63
+	DLT_TI_LLN_SNIFFER             = 0x10d
+	DLT_TZSP                       = 0x80
+	DLT_USB                        = 0xba
+	DLT_USBPCAP                    = 0xf9
+	DLT_USB_DARWIN                 = 0x10a
+	DLT_USB_FREEBSD                = 0xba
+	DLT_USB_LINUX                  = 0xbd
+	DLT_USB_LINUX_MMAPPED          = 0xdc
+	DLT_USER0                      = 0x93
+	DLT_USER1                      = 0x94
+	DLT_USER10                     = 0x9d
+	DLT_USER11                     = 0x9e
+	DLT_USER12                     = 0x9f
+	DLT_USER13                     = 0xa0
+	DLT_USER14                     = 0xa1
+	DLT_USER15                     = 0xa2
+	DLT_USER2                      = 0x95
+	DLT_USER3                      = 0x96
+	DLT_USER4                      = 0x97
+	DLT_USER5                      = 0x98
+	DLT_USER6                      = 0x99
+	DLT_USER7                      = 0x9a
+	DLT_USER8                      = 0x9b
+	DLT_USER9                      = 0x9c
+	DLT_VSOCK                      = 0x10f
+	DLT_WATTSTOPPER_DLM            = 0x107
+	DLT_WIHART                     = 0xdf
+	DLT_WIRESHARK_UPPER_PDU        = 0xfc
+	DLT_X2E_SERIAL                 = 0xd5
+	DLT_X2E_XORAYA                 = 0xd6
+	DLT_ZWAVE_R1_R2                = 0x105
+	DLT_ZWAVE_R3                   = 0x106
+	DT_BLK                         = 0x6
+	DT_CHR                         = 0x2
+	DT_DIR                         = 0x4
+	DT_FIFO                        = 0x1
+	DT_LNK                         = 0xa
+	DT_REG                         = 0x8
+	DT_SOCK                        = 0xc
+	DT_UNKNOWN                     = 0x0
+	DT_WHT                         = 0xe
+	ECHO                           = 0x8
+	ECHOCTL                        = 0x40
+	ECHOE                          = 0x2
+	ECHOK                          = 0x4
+	ECHOKE                         = 0x1
+	ECHONL                         = 0x10
+	ECHOPRT                        = 0x20
+	EVFILT_AIO                     = -0x3
+	EVFILT_EMPTY                   = -0xd
+	EVFILT_FS                      = -0x9
+	EVFILT_LIO                     = -0xa
+	EVFILT_PROC                    = -0x5
+	EVFILT_PROCDESC                = -0x8
+	EVFILT_READ                    = -0x1
+	EVFILT_SENDFILE                = -0xc
+	EVFILT_SIGNAL                  = -0x6
+	EVFILT_SYSCOUNT                = 0xd
+	EVFILT_TIMER                   = -0x7
+	EVFILT_USER                    = -0xb
+	EVFILT_VNODE                   = -0x4
+	EVFILT_WRITE                   = -0x2
+	EVNAMEMAP_NAME_SIZE            = 0x40
+	EV_ADD                         = 0x1
+	EV_CLEAR                       = 0x20
+	EV_DELETE                      = 0x2
+	EV_DISABLE                     = 0x8
+	EV_DISPATCH                    = 0x80
+	EV_DROP                        = 0x1000
+	EV_ENABLE                      = 0x4
+	EV_EOF                         = 0x8000
+	EV_ERROR                       = 0x4000
+	EV_FLAG1                       = 0x2000
+	EV_FLAG2                       = 0x4000
+	EV_FORCEONESHOT                = 0x100
+	EV_ONESHOT                     = 0x10
+	EV_RECEIPT                     = 0x40
+	EV_SYSFLAGS                    = 0xf000
+	EXTA                           = 0x4b00
+	EXTATTR_MAXNAMELEN             = 0xff
+	EXTATTR_NAMESPACE_EMPTY        = 0x0
+	EXTATTR_NAMESPACE_SYSTEM       = 0x2
+	EXTATTR_NAMESPACE_USER         = 0x1
+	EXTB                           = 0x9600
+	EXTPROC                        = 0x800
+	FD_CLOEXEC                     = 0x1
+	FD_SETSIZE                     = 0x400
+	FLUSHO                         = 0x800000
+	F_CANCEL                       = 0x5
+	F_DUP2FD                       = 0xa
+	F_DUP2FD_CLOEXEC               = 0x12
+	F_DUPFD                        = 0x0
+	F_DUPFD_CLOEXEC                = 0x11
+	F_GETFD                        = 0x1
+	F_GETFL                        = 0x3
+	F_GETLK                        = 0xb
+	F_GETOWN                       = 0x5
+	F_OGETLK                       = 0x7
+	F_OK                           = 0x0
+	F_OSETLK                       = 0x8
+	F_OSETLKW                      = 0x9
+	F_RDAHEAD                      = 0x10
+	F_RDLCK                        = 0x1
+	F_READAHEAD                    = 0xf
+	F_SETFD                        = 0x2
+	F_SETFL                        = 0x4
+	F_SETLK                        = 0xc
+	F_SETLKW                       = 0xd
+	F_SETLK_REMOTE                 = 0xe
+	F_SETOWN                       = 0x6
+	F_UNLCK                        = 0x2
+	F_UNLCKSYS                     = 0x4
+	F_WRLCK                        = 0x3
+	HUPCL                          = 0x4000
+	HW_MACHINE                     = 0x1
+	ICANON                         = 0x100
+	ICMP6_FILTER                   = 0x12
+	ICRNL                          = 0x100
+	IEXTEN                         = 0x400
+	IFAN_ARRIVAL                   = 0x0
+	IFAN_DEPARTURE                 = 0x1
+	IFCAP_WOL_MAGIC                = 0x2000
+	IFF_ALLMULTI                   = 0x200
+	IFF_ALTPHYS                    = 0x4000
+	IFF_BROADCAST                  = 0x2
+	IFF_CANTCHANGE                 = 0x218f52
+	IFF_CANTCONFIG                 = 0x10000
+	IFF_DEBUG                      = 0x4
+	IFF_DRV_OACTIVE                = 0x400
+	IFF_DRV_RUNNING                = 0x40
+	IFF_DYING                      = 0x200000
+	IFF_LINK0                      = 0x1000
+	IFF_LINK1                      = 0x2000
+	IFF_LINK2                      = 0x4000
+	IFF_LOOPBACK                   = 0x8
+	IFF_MONITOR                    = 0x40000
+	IFF_MULTICAST                  = 0x8000
+	IFF_NOARP                      = 0x80
+	IFF_NOGROUP                    = 0x800000
+	IFF_OACTIVE                    = 0x400
+	IFF_POINTOPOINT                = 0x10
+	IFF_PPROMISC                   = 0x20000
+	IFF_PROMISC                    = 0x100
+	IFF_RENAMING                   = 0x400000
+	IFF_RUNNING                    = 0x40
+	IFF_SIMPLEX                    = 0x800
+	IFF_STATICARP                  = 0x80000
+	IFF_UP                         = 0x1
+	IFNAMSIZ                       = 0x10
+	IFT_BRIDGE                     = 0xd1
+	IFT_CARP                       = 0xf8
+	IFT_IEEE1394                   = 0x90
+	IFT_INFINIBAND                 = 0xc7
+	IFT_L2VLAN                     = 0x87
+	IFT_L3IPVLAN                   = 0x88
+	IFT_PPP                        = 0x17
+	IFT_PROPVIRTUAL                = 0x35
+	IGNBRK                         = 0x1
+	IGNCR                          = 0x80
+	IGNPAR                         = 0x4
+	IMAXBEL                        = 0x2000
+	INLCR                          = 0x40
+	INPCK                          = 0x10
+	IN_CLASSA_HOST                 = 0xffffff
+	IN_CLASSA_MAX                  = 0x80
+	IN_CLASSA_NET                  = 0xff000000
+	IN_CLASSA_NSHIFT               = 0x18
+	IN_CLASSB_HOST                 = 0xffff
+	IN_CLASSB_MAX                  = 0x10000
+	IN_CLASSB_NET                  = 0xffff0000
+	IN_CLASSB_NSHIFT               = 0x10
+	IN_CLASSC_HOST                 = 0xff
+	IN_CLASSC_NET                  = 0xffffff00
+	IN_CLASSC_NSHIFT               = 0x8
+	IN_CLASSD_HOST                 = 0xfffffff
+	IN_CLASSD_NET                  = 0xf0000000
+	IN_CLASSD_NSHIFT               = 0x1c
+	IN_LOOPBACKNET                 = 0x7f
+	IN_RFC3021_MASK                = 0xfffffffe
+	IPPROTO_3PC                    = 0x22
+	IPPROTO_ADFS                   = 0x44
+	IPPROTO_AH                     = 0x33
+	IPPROTO_AHIP                   = 0x3d
+	IPPROTO_APES                   = 0x63
+	IPPROTO_ARGUS                  = 0xd
+	IPPROTO_AX25                   = 0x5d
+	IPPROTO_BHA                    = 0x31
+	IPPROTO_BLT                    = 0x1e
+	IPPROTO_BRSATMON               = 0x4c
+	IPPROTO_CARP                   = 0x70
+	IPPROTO_CFTP                   = 0x3e
+	IPPROTO_CHAOS                  = 0x10
+	IPPROTO_CMTP                   = 0x26
+	IPPROTO_CPHB                   = 0x49
+	IPPROTO_CPNX                   = 0x48
+	IPPROTO_DDP                    = 0x25
+	IPPROTO_DGP                    = 0x56
+	IPPROTO_DIVERT                 = 0x102
+	IPPROTO_DONE                   = 0x101
+	IPPROTO_DSTOPTS                = 0x3c
+	IPPROTO_EGP                    = 0x8
+	IPPROTO_EMCON                  = 0xe
+	IPPROTO_ENCAP                  = 0x62
+	IPPROTO_EON                    = 0x50
+	IPPROTO_ESP                    = 0x32
+	IPPROTO_ETHERIP                = 0x61
+	IPPROTO_FRAGMENT               = 0x2c
+	IPPROTO_GGP                    = 0x3
+	IPPROTO_GMTP                   = 0x64
+	IPPROTO_GRE                    = 0x2f
+	IPPROTO_HELLO                  = 0x3f
+	IPPROTO_HIP                    = 0x8b
+	IPPROTO_HMP                    = 0x14
+	IPPROTO_HOPOPTS                = 0x0
+	IPPROTO_ICMP                   = 0x1
+	IPPROTO_ICMPV6                 = 0x3a
+	IPPROTO_IDP                    = 0x16
+	IPPROTO_IDPR                   = 0x23
+	IPPROTO_IDRP                   = 0x2d
+	IPPROTO_IGMP                   = 0x2
+	IPPROTO_IGP                    = 0x55
+	IPPROTO_IGRP                   = 0x58
+	IPPROTO_IL                     = 0x28
+	IPPROTO_INLSP                  = 0x34
+	IPPROTO_INP                    = 0x20
+	IPPROTO_IP                     = 0x0
+	IPPROTO_IPCOMP                 = 0x6c
+	IPPROTO_IPCV                   = 0x47
+	IPPROTO_IPEIP                  = 0x5e
+	IPPROTO_IPIP                   = 0x4
+	IPPROTO_IPPC                   = 0x43
+	IPPROTO_IPV4                   = 0x4
+	IPPROTO_IPV6                   = 0x29
+	IPPROTO_IRTP                   = 0x1c
+	IPPROTO_KRYPTOLAN              = 0x41
+	IPPROTO_LARP                   = 0x5b
+	IPPROTO_LEAF1                  = 0x19
+	IPPROTO_LEAF2                  = 0x1a
+	IPPROTO_MAX                    = 0x100
+	IPPROTO_MEAS                   = 0x13
+	IPPROTO_MH                     = 0x87
+	IPPROTO_MHRP                   = 0x30
+	IPPROTO_MICP                   = 0x5f
+	IPPROTO_MOBILE                 = 0x37
+	IPPROTO_MPLS                   = 0x89
+	IPPROTO_MTP                    = 0x5c
+	IPPROTO_MUX                    = 0x12
+	IPPROTO_ND                     = 0x4d
+	IPPROTO_NHRP                   = 0x36
+	IPPROTO_NONE                   = 0x3b
+	IPPROTO_NSP                    = 0x1f
+	IPPROTO_NVPII                  = 0xb
+	IPPROTO_OLD_DIVERT             = 0xfe
+	IPPROTO_OSPFIGP                = 0x59
+	IPPROTO_PFSYNC                 = 0xf0
+	IPPROTO_PGM                    = 0x71
+	IPPROTO_PIGP                   = 0x9
+	IPPROTO_PIM                    = 0x67
+	IPPROTO_PRM                    = 0x15
+	IPPROTO_PUP                    = 0xc
+	IPPROTO_PVP                    = 0x4b
+	IPPROTO_RAW                    = 0xff
+	IPPROTO_RCCMON                 = 0xa
+	IPPROTO_RDP                    = 0x1b
+	IPPROTO_RESERVED_253           = 0xfd
+	IPPROTO_RESERVED_254           = 0xfe
+	IPPROTO_ROUTING                = 0x2b
+	IPPROTO_RSVP                   = 0x2e
+	IPPROTO_RVD                    = 0x42
+	IPPROTO_SATEXPAK               = 0x40
+	IPPROTO_SATMON                 = 0x45
+	IPPROTO_SCCSP                  = 0x60
+	IPPROTO_SCTP                   = 0x84
+	IPPROTO_SDRP                   = 0x2a
+	IPPROTO_SEND                   = 0x103
+	IPPROTO_SEP                    = 0x21
+	IPPROTO_SHIM6                  = 0x8c
+	IPPROTO_SKIP                   = 0x39
+	IPPROTO_SPACER                 = 0x7fff
+	IPPROTO_SRPC                   = 0x5a
+	IPPROTO_ST                     = 0x7
+	IPPROTO_SVMTP                  = 0x52
+	IPPROTO_SWIPE                  = 0x35
+	IPPROTO_TCF                    = 0x57
+	IPPROTO_TCP                    = 0x6
+	IPPROTO_TLSP                   = 0x38
+	IPPROTO_TP                     = 0x1d
+	IPPROTO_TPXX                   = 0x27
+	IPPROTO_TRUNK1                 = 0x17
+	IPPROTO_TRUNK2                 = 0x18
+	IPPROTO_TTP                    = 0x54
+	IPPROTO_UDP                    = 0x11
+	IPPROTO_UDPLITE                = 0x88
+	IPPROTO_VINES                  = 0x53
+	IPPROTO_VISA                   = 0x46
+	IPPROTO_VMTP                   = 0x51
+	IPPROTO_WBEXPAK                = 0x4f
+	IPPROTO_WBMON                  = 0x4e
+	IPPROTO_WSN                    = 0x4a
+	IPPROTO_XNET                   = 0xf
+	IPPROTO_XTP                    = 0x24
+	IPV6_AUTOFLOWLABEL             = 0x3b
+	IPV6_BINDANY                   = 0x40
+	IPV6_BINDMULTI                 = 0x41
+	IPV6_BINDV6ONLY                = 0x1b
+	IPV6_CHECKSUM                  = 0x1a
+	IPV6_DEFAULT_MULTICAST_HOPS    = 0x1
+	IPV6_DEFAULT_MULTICAST_LOOP    = 0x1
+	IPV6_DEFHLIM                   = 0x40
+	IPV6_DONTFRAG                  = 0x3e
+	IPV6_DSTOPTS                   = 0x32
+	IPV6_FLOWID                    = 0x43
+	IPV6_FLOWINFO_MASK             = 0xffffff0f
+	IPV6_FLOWLABEL_LEN             = 0x14
+	IPV6_FLOWLABEL_MASK            = 0xffff0f00
+	IPV6_FLOWTYPE                  = 0x44
+	IPV6_FRAGTTL                   = 0x78
+	IPV6_FW_ADD                    = 0x1e
+	IPV6_FW_DEL                    = 0x1f
+	IPV6_FW_FLUSH                  = 0x20
+	IPV6_FW_GET                    = 0x22
+	IPV6_FW_ZERO                   = 0x21
+	IPV6_HLIMDEC                   = 0x1
+	IPV6_HOPLIMIT                  = 0x2f
+	IPV6_HOPOPTS                   = 0x31
+	IPV6_IPSEC_POLICY              = 0x1c
+	IPV6_JOIN_GROUP                = 0xc
+	IPV6_LEAVE_GROUP               = 0xd
+	IPV6_MAXHLIM                   = 0xff
+	IPV6_MAXOPTHDR                 = 0x800
+	IPV6_MAXPACKET                 = 0xffff
+	IPV6_MAX_GROUP_SRC_FILTER      = 0x200
+	IPV6_MAX_MEMBERSHIPS           = 0xfff
+	IPV6_MAX_SOCK_SRC_FILTER       = 0x80
+	IPV6_MMTU                      = 0x500
+	IPV6_MSFILTER                  = 0x4a
+	IPV6_MULTICAST_HOPS            = 0xa
+	IPV6_MULTICAST_IF              = 0x9
+	IPV6_MULTICAST_LOOP            = 0xb
+	IPV6_NEXTHOP                   = 0x30
+	IPV6_ORIGDSTADDR               = 0x48
+	IPV6_PATHMTU                   = 0x2c
+	IPV6_PKTINFO                   = 0x2e
+	IPV6_PORTRANGE                 = 0xe
+	IPV6_PORTRANGE_DEFAULT         = 0x0
+	IPV6_PORTRANGE_HIGH            = 0x1
+	IPV6_PORTRANGE_LOW             = 0x2
+	IPV6_PREFER_TEMPADDR           = 0x3f
+	IPV6_RECVDSTOPTS               = 0x28
+	IPV6_RECVFLOWID                = 0x46
+	IPV6_RECVHOPLIMIT              = 0x25
+	IPV6_RECVHOPOPTS               = 0x27
+	IPV6_RECVORIGDSTADDR           = 0x48
+	IPV6_RECVPATHMTU               = 0x2b
+	IPV6_RECVPKTINFO               = 0x24
+	IPV6_RECVRSSBUCKETID           = 0x47
+	IPV6_RECVRTHDR                 = 0x26
+	IPV6_RECVTCLASS                = 0x39
+	IPV6_RSSBUCKETID               = 0x45
+	IPV6_RSS_LISTEN_BUCKET         = 0x42
+	IPV6_RTHDR                     = 0x33
+	IPV6_RTHDRDSTOPTS              = 0x23
+	IPV6_RTHDR_LOOSE               = 0x0
+	IPV6_RTHDR_STRICT              = 0x1
+	IPV6_RTHDR_TYPE_0              = 0x0
+	IPV6_SOCKOPT_RESERVED1         = 0x3
+	IPV6_TCLASS                    = 0x3d
+	IPV6_UNICAST_HOPS              = 0x4
+	IPV6_USE_MIN_MTU               = 0x2a
+	IPV6_V6ONLY                    = 0x1b
+	IPV6_VERSION                   = 0x60
+	IPV6_VERSION_MASK              = 0xf0
+	IP_ADD_MEMBERSHIP              = 0xc
+	IP_ADD_SOURCE_MEMBERSHIP       = 0x46
+	IP_BINDANY                     = 0x18
+	IP_BINDMULTI                   = 0x19
+	IP_BLOCK_SOURCE                = 0x48
+	IP_DEFAULT_MULTICAST_LOOP      = 0x1
+	IP_DEFAULT_MULTICAST_TTL       = 0x1
+	IP_DF                          = 0x4000
+	IP_DONTFRAG                    = 0x43
+	IP_DROP_MEMBERSHIP             = 0xd
+	IP_DROP_SOURCE_MEMBERSHIP      = 0x47
+	IP_DUMMYNET3                   = 0x31
+	IP_DUMMYNET_CONFIGURE          = 0x3c
+	IP_DUMMYNET_DEL                = 0x3d
+	IP_DUMMYNET_FLUSH              = 0x3e
+	IP_DUMMYNET_GET                = 0x40
+	IP_FLOWID                      = 0x5a
+	IP_FLOWTYPE                    = 0x5b
+	IP_FW3                         = 0x30
+	IP_FW_ADD                      = 0x32
+	IP_FW_DEL                      = 0x33
+	IP_FW_FLUSH                    = 0x34
+	IP_FW_GET                      = 0x36
+	IP_FW_NAT_CFG                  = 0x38
+	IP_FW_NAT_DEL                  = 0x39
+	IP_FW_NAT_GET_CONFIG           = 0x3a
+	IP_FW_NAT_GET_LOG              = 0x3b
+	IP_FW_RESETLOG                 = 0x37
+	IP_FW_TABLE_ADD                = 0x28
+	IP_FW_TABLE_DEL                = 0x29
+	IP_FW_TABLE_FLUSH              = 0x2a
+	IP_FW_TABLE_GETSIZE            = 0x2b
+	IP_FW_TABLE_LIST               = 0x2c
+	IP_FW_ZERO                     = 0x35
+	IP_HDRINCL                     = 0x2
+	IP_IPSEC_POLICY                = 0x15
+	IP_MAXPACKET                   = 0xffff
+	IP_MAX_GROUP_SRC_FILTER        = 0x200
+	IP_MAX_MEMBERSHIPS             = 0xfff
+	IP_MAX_SOCK_MUTE_FILTER        = 0x80
+	IP_MAX_SOCK_SRC_FILTER         = 0x80
+	IP_MF                          = 0x2000
+	IP_MINTTL                      = 0x42
+	IP_MSFILTER                    = 0x4a
+	IP_MSS                         = 0x240
+	IP_MULTICAST_IF                = 0x9
+	IP_MULTICAST_LOOP              = 0xb
+	IP_MULTICAST_TTL               = 0xa
+	IP_MULTICAST_VIF               = 0xe
+	IP_OFFMASK                     = 0x1fff
+	IP_ONESBCAST                   = 0x17
+	IP_OPTIONS                     = 0x1
+	IP_ORIGDSTADDR                 = 0x1b
+	IP_PORTRANGE                   = 0x13
+	IP_PORTRANGE_DEFAULT           = 0x0
+	IP_PORTRANGE_HIGH              = 0x1
+	IP_PORTRANGE_LOW               = 0x2
+	IP_RECVDSTADDR                 = 0x7
+	IP_RECVFLOWID                  = 0x5d
+	IP_RECVIF                      = 0x14
+	IP_RECVOPTS                    = 0x5
+	IP_RECVORIGDSTADDR             = 0x1b
+	IP_RECVRETOPTS                 = 0x6
+	IP_RECVRSSBUCKETID             = 0x5e
+	IP_RECVTOS                     = 0x44
+	IP_RECVTTL                     = 0x41
+	IP_RETOPTS                     = 0x8
+	IP_RF                          = 0x8000
+	IP_RSSBUCKETID                 = 0x5c
+	IP_RSS_LISTEN_BUCKET           = 0x1a
+	IP_RSVP_OFF                    = 0x10
+	IP_RSVP_ON                     = 0xf
+	IP_RSVP_VIF_OFF                = 0x12
+	IP_RSVP_VIF_ON                 = 0x11
+	IP_SENDSRCADDR                 = 0x7
+	IP_TOS                         = 0x3
+	IP_TTL                         = 0x4
+	IP_UNBLOCK_SOURCE              = 0x49
+	ISIG                           = 0x80
+	ISTRIP                         = 0x20
+	IXANY                          = 0x800
+	IXOFF                          = 0x400
+	IXON                           = 0x200
+	KERN_HOSTNAME                  = 0xa
+	KERN_OSRELEASE                 = 0x2
+	KERN_OSTYPE                    = 0x1
+	KERN_VERSION                   = 0x4
+	LOCK_EX                        = 0x2
+	LOCK_NB                        = 0x4
+	LOCK_SH                        = 0x1
+	LOCK_UN                        = 0x8
+	MADV_AUTOSYNC                  = 0x7
+	MADV_CORE                      = 0x9
+	MADV_DONTNEED                  = 0x4
+	MADV_FREE                      = 0x5
+	MADV_NOCORE                    = 0x8
+	MADV_NORMAL                    = 0x0
+	MADV_NOSYNC                    = 0x6
+	MADV_PROTECT                   = 0xa
+	MADV_RANDOM                    = 0x1
+	MADV_SEQUENTIAL                = 0x2
+	MADV_WILLNEED                  = 0x3
+	MAP_32BIT                      = 0x80000
+	MAP_ALIGNED_SUPER              = 0x1000000
+	MAP_ALIGNMENT_MASK             = -0x1000000
+	MAP_ALIGNMENT_SHIFT            = 0x18
+	MAP_ANON                       = 0x1000
+	MAP_ANONYMOUS                  = 0x1000
+	MAP_COPY                       = 0x2
+	MAP_EXCL                       = 0x4000
+	MAP_FILE                       = 0x0
+	MAP_FIXED                      = 0x10
+	MAP_GUARD                      = 0x2000
+	MAP_HASSEMAPHORE               = 0x200
+	MAP_NOCORE                     = 0x20000
+	MAP_NOSYNC                     = 0x800
+	MAP_PREFAULT_READ              = 0x40000
+	MAP_PRIVATE                    = 0x2
+	MAP_RESERVED0020               = 0x20
+	MAP_RESERVED0040               = 0x40
+	MAP_RESERVED0080               = 0x80
+	MAP_RESERVED0100               = 0x100
+	MAP_SHARED                     = 0x1
+	MAP_STACK                      = 0x400
+	MCAST_BLOCK_SOURCE             = 0x54
+	MCAST_EXCLUDE                  = 0x2
+	MCAST_INCLUDE                  = 0x1
+	MCAST_JOIN_GROUP               = 0x50
+	MCAST_JOIN_SOURCE_GROUP        = 0x52
+	MCAST_LEAVE_GROUP              = 0x51
+	MCAST_LEAVE_SOURCE_GROUP       = 0x53
+	MCAST_UNBLOCK_SOURCE           = 0x55
+	MCAST_UNDEFINED                = 0x0
+	MCL_CURRENT                    = 0x1
+	MCL_FUTURE                     = 0x2
+	MNT_ACLS                       = 0x8000000
+	MNT_ASYNC                      = 0x40
+	MNT_AUTOMOUNTED                = 0x200000000
+	MNT_BYFSID                     = 0x8000000
+	MNT_CMDFLAGS                   = 0xd0f0000
+	MNT_DEFEXPORTED                = 0x200
+	MNT_DELEXPORT                  = 0x20000
+	MNT_EXKERB                     = 0x800
+	MNT_EXPORTANON                 = 0x400
+	MNT_EXPORTED                   = 0x100
+	MNT_EXPUBLIC                   = 0x20000000
+	MNT_EXRDONLY                   = 0x80
+	MNT_FORCE                      = 0x80000
+	MNT_GJOURNAL                   = 0x2000000
+	MNT_IGNORE                     = 0x800000
+	MNT_LAZY                       = 0x3
+	MNT_LOCAL                      = 0x1000
+	MNT_MULTILABEL                 = 0x4000000
+	MNT_NFS4ACLS                   = 0x10
+	MNT_NOATIME                    = 0x10000000
+	MNT_NOCLUSTERR                 = 0x40000000
+	MNT_NOCLUSTERW                 = 0x80000000
+	MNT_NOEXEC                     = 0x4
+	MNT_NONBUSY                    = 0x4000000
+	MNT_NOSUID                     = 0x8
+	MNT_NOSYMFOLLOW                = 0x400000
+	MNT_NOWAIT                     = 0x2
+	MNT_QUOTA                      = 0x2000
+	MNT_RDONLY                     = 0x1
+	MNT_RELOAD                     = 0x40000
+	MNT_ROOTFS                     = 0x4000
+	MNT_SNAPSHOT                   = 0x1000000
+	MNT_SOFTDEP                    = 0x200000
+	MNT_SUIDDIR                    = 0x100000
+	MNT_SUJ                        = 0x100000000
+	MNT_SUSPEND                    = 0x4
+	MNT_SYNCHRONOUS                = 0x2
+	MNT_UNION                      = 0x20
+	MNT_UNTRUSTED                  = 0x800000000
+	MNT_UPDATE                     = 0x10000
+	MNT_UPDATEMASK                 = 0xad8d0807e
+	MNT_USER                       = 0x8000
+	MNT_VERIFIED                   = 0x400000000
+	MNT_VISFLAGMASK                = 0xffef0ffff
+	MNT_WAIT                       = 0x1
+	MSG_CMSG_CLOEXEC               = 0x40000
+	MSG_COMPAT                     = 0x8000
+	MSG_CTRUNC                     = 0x20
+	MSG_DONTROUTE                  = 0x4
+	MSG_DONTWAIT                   = 0x80
+	MSG_EOF                        = 0x100
+	MSG_EOR                        = 0x8
+	MSG_NBIO                       = 0x4000
+	MSG_NOSIGNAL                   = 0x20000
+	MSG_NOTIFICATION               = 0x2000
+	MSG_OOB                        = 0x1
+	MSG_PEEK                       = 0x2
+	MSG_TRUNC                      = 0x10
+	MSG_WAITALL                    = 0x40
+	MSG_WAITFORONE                 = 0x80000
+	MS_ASYNC                       = 0x1
+	MS_INVALIDATE                  = 0x2
+	MS_SYNC                        = 0x0
+	NAME_MAX                       = 0xff
+	NET_RT_DUMP                    = 0x1
+	NET_RT_FLAGS                   = 0x2
+	NET_RT_IFLIST                  = 0x3
+	NET_RT_IFLISTL                 = 0x5
+	NET_RT_IFMALIST                = 0x4
+	NFDBITS                        = 0x40
+	NOFLSH                         = 0x80000000
+	NOKERNINFO                     = 0x2000000
+	NOTE_ABSTIME                   = 0x10
+	NOTE_ATTRIB                    = 0x8
+	NOTE_CHILD                     = 0x4
+	NOTE_CLOSE                     = 0x100
+	NOTE_CLOSE_WRITE               = 0x200
+	NOTE_DELETE                    = 0x1
+	NOTE_EXEC                      = 0x20000000
+	NOTE_EXIT                      = 0x80000000
+	NOTE_EXTEND                    = 0x4
+	NOTE_FFAND                     = 0x40000000
+	NOTE_FFCOPY                    = 0xc0000000
+	NOTE_FFCTRLMASK                = 0xc0000000
+	NOTE_FFLAGSMASK                = 0xffffff
+	NOTE_FFNOP                     = 0x0
+	NOTE_FFOR                      = 0x80000000
+	NOTE_FILE_POLL                 = 0x2
+	NOTE_FORK                      = 0x40000000
+	NOTE_LINK                      = 0x10
+	NOTE_LOWAT                     = 0x1
+	NOTE_MSECONDS                  = 0x2
+	NOTE_NSECONDS                  = 0x8
+	NOTE_OPEN                      = 0x80
+	NOTE_PCTRLMASK                 = 0xf0000000
+	NOTE_PDATAMASK                 = 0xfffff
+	NOTE_READ                      = 0x400
+	NOTE_RENAME                    = 0x20
+	NOTE_REVOKE                    = 0x40
+	NOTE_SECONDS                   = 0x1
+	NOTE_TRACK                     = 0x1
+	NOTE_TRACKERR                  = 0x2
+	NOTE_TRIGGER                   = 0x1000000
+	NOTE_USECONDS                  = 0x4
+	NOTE_WRITE                     = 0x2
+	OCRNL                          = 0x10
+	ONLCR                          = 0x2
+	ONLRET                         = 0x40
+	ONOCR                          = 0x20
+	ONOEOT                         = 0x8
+	OPOST                          = 0x1
+	OXTABS                         = 0x4
+	O_ACCMODE                      = 0x3
+	O_APPEND                       = 0x8
+	O_ASYNC                        = 0x40
+	O_CLOEXEC                      = 0x100000
+	O_CREAT                        = 0x200
+	O_DIRECT                       = 0x10000
+	O_DIRECTORY                    = 0x20000
+	O_EXCL                         = 0x800
+	O_EXEC                         = 0x40000
+	O_EXLOCK                       = 0x20
+	O_FSYNC                        = 0x80
+	O_NDELAY                       = 0x4
+	O_NOCTTY                       = 0x8000
+	O_NOFOLLOW                     = 0x100
+	O_NONBLOCK                     = 0x4
+	O_RDONLY                       = 0x0
+	O_RDWR                         = 0x2
+	O_SHLOCK                       = 0x10
+	O_SYNC                         = 0x80
+	O_TRUNC                        = 0x400
+	O_TTY_INIT                     = 0x80000
+	O_VERIFY                       = 0x200000
+	O_WRONLY                       = 0x1
+	PARENB                         = 0x1000
+	PARMRK                         = 0x8
+	PARODD                         = 0x2000
+	PENDIN                         = 0x20000000
+	PRIO_PGRP                      = 0x1
+	PRIO_PROCESS                   = 0x0
+	PRIO_USER                      = 0x2
+	PROT_EXEC                      = 0x4
+	PROT_NONE                      = 0x0
+	PROT_READ                      = 0x1
+	PROT_WRITE                     = 0x2
+	RLIMIT_AS                      = 0xa
+	RLIMIT_CORE                    = 0x4
+	RLIMIT_CPU                     = 0x0
+	RLIMIT_DATA                    = 0x2
+	RLIMIT_FSIZE                   = 0x1
+	RLIMIT_MEMLOCK                 = 0x6
+	RLIMIT_NOFILE                  = 0x8
+	RLIMIT_NPROC                   = 0x7
+	RLIMIT_RSS                     = 0x5
+	RLIMIT_STACK                   = 0x3
+	RLIM_INFINITY                  = 0x7fffffffffffffff
+	RTAX_AUTHOR                    = 0x6
+	RTAX_BRD                       = 0x7
+	RTAX_DST                       = 0x0
+	RTAX_GATEWAY                   = 0x1
+	RTAX_GENMASK                   = 0x3
+	RTAX_IFA                       = 0x5
+	RTAX_IFP                       = 0x4
+	RTAX_MAX                       = 0x8
+	RTAX_NETMASK                   = 0x2
+	RTA_AUTHOR                     = 0x40
+	RTA_BRD                        = 0x80
+	RTA_DST                        = 0x1
+	RTA_GATEWAY                    = 0x2
+	RTA_GENMASK                    = 0x8
+	RTA_IFA                        = 0x20
+	RTA_IFP                        = 0x10
+	RTA_NETMASK                    = 0x4
+	RTF_BLACKHOLE                  = 0x1000
+	RTF_BROADCAST                  = 0x400000
+	RTF_DONE                       = 0x40
+	RTF_DYNAMIC                    = 0x10
+	RTF_FIXEDMTU                   = 0x80000
+	RTF_FMASK                      = 0x1004d808
+	RTF_GATEWAY                    = 0x2
+	RTF_GWFLAG_COMPAT              = 0x80000000
+	RTF_HOST                       = 0x4
+	RTF_LLDATA                     = 0x400
+	RTF_LLINFO                     = 0x400
+	RTF_LOCAL                      = 0x200000
+	RTF_MODIFIED                   = 0x20
+	RTF_MULTICAST                  = 0x800000
+	RTF_PINNED                     = 0x100000
+	RTF_PROTO1                     = 0x8000
+	RTF_PROTO2                     = 0x4000
+	RTF_PROTO3                     = 0x40000
+	RTF_REJECT                     = 0x8
+	RTF_RNH_LOCKED                 = 0x40000000
+	RTF_STATIC                     = 0x800
+	RTF_STICKY                     = 0x10000000
+	RTF_UP                         = 0x1
+	RTF_XRESOLVE                   = 0x200
+	RTM_ADD                        = 0x1
+	RTM_CHANGE                     = 0x3
+	RTM_DELADDR                    = 0xd
+	RTM_DELETE                     = 0x2
+	RTM_DELMADDR                   = 0x10
+	RTM_GET                        = 0x4
+	RTM_IEEE80211                  = 0x12
+	RTM_IFANNOUNCE                 = 0x11
+	RTM_IFINFO                     = 0xe
+	RTM_LOCK                       = 0x8
+	RTM_LOSING                     = 0x5
+	RTM_MISS                       = 0x7
+	RTM_NEWADDR                    = 0xc
+	RTM_NEWMADDR                   = 0xf
+	RTM_REDIRECT                   = 0x6
+	RTM_RESOLVE                    = 0xb
+	RTM_RTTUNIT                    = 0xf4240
+	RTM_VERSION                    = 0x5
+	RTV_EXPIRE                     = 0x4
+	RTV_HOPCOUNT                   = 0x2
+	RTV_MTU                        = 0x1
+	RTV_RPIPE                      = 0x8
+	RTV_RTT                        = 0x40
+	RTV_RTTVAR                     = 0x80
+	RTV_SPIPE                      = 0x10
+	RTV_SSTHRESH                   = 0x20
+	RTV_WEIGHT                     = 0x100
+	RT_ALL_FIBS                    = -0x1
+	RT_BLACKHOLE                   = 0x40
+	RT_DEFAULT_FIB                 = 0x0
+	RT_HAS_GW                      = 0x80
+	RT_HAS_HEADER                  = 0x10
+	RT_HAS_HEADER_BIT              = 0x4
+	RT_L2_ME                       = 0x4
+	RT_L2_ME_BIT                   = 0x2
+	RT_LLE_CACHE                   = 0x100
+	RT_MAY_LOOP                    = 0x8
+	RT_MAY_LOOP_BIT                = 0x3
+	RT_REJECT                      = 0x20
+	RUSAGE_CHILDREN                = -0x1
+	RUSAGE_SELF                    = 0x0
+	RUSAGE_THREAD                  = 0x1
+	SCM_BINTIME                    = 0x4
+	SCM_CREDS                      = 0x3
+	SCM_MONOTONIC                  = 0x6
+	SCM_REALTIME                   = 0x5
+	SCM_RIGHTS                     = 0x1
+	SCM_TIMESTAMP                  = 0x2
+	SCM_TIME_INFO                  = 0x7
+	SHUT_RD                        = 0x0
+	SHUT_RDWR                      = 0x2
+	SHUT_WR                        = 0x1
+	SIOCADDMULTI                   = 0x80206931
+	SIOCAIFADDR                    = 0x8040691a
+	SIOCAIFGROUP                   = 0x80286987
+	SIOCATMARK                     = 0x40047307
+	SIOCDELMULTI                   = 0x80206932
+	SIOCDIFADDR                    = 0x80206919
+	SIOCDIFGROUP                   = 0x80286989
+	SIOCDIFPHYADDR                 = 0x80206949
+	SIOCGDRVSPEC                   = 0xc028697b
+	SIOCGETSGCNT                   = 0xc0207210
+	SIOCGETVIFCNT                  = 0xc028720f
+	SIOCGHIWAT                     = 0x40047301
+	SIOCGHWADDR                    = 0xc020693e
+	SIOCGI2C                       = 0xc020693d
+	SIOCGIFADDR                    = 0xc0206921
+	SIOCGIFBRDADDR                 = 0xc0206923
+	SIOCGIFCAP                     = 0xc020691f
+	SIOCGIFCONF                    = 0xc0106924
+	SIOCGIFDESCR                   = 0xc020692a
+	SIOCGIFDSTADDR                 = 0xc0206922
+	SIOCGIFFIB                     = 0xc020695c
+	SIOCGIFFLAGS                   = 0xc0206911
+	SIOCGIFGENERIC                 = 0xc020693a
+	SIOCGIFGMEMB                   = 0xc028698a
+	SIOCGIFGROUP                   = 0xc0286988
+	SIOCGIFINDEX                   = 0xc0206920
+	SIOCGIFMAC                     = 0xc0206926
+	SIOCGIFMEDIA                   = 0xc0306938
+	SIOCGIFMETRIC                  = 0xc0206917
+	SIOCGIFMTU                     = 0xc0206933
+	SIOCGIFNETMASK                 = 0xc0206925
+	SIOCGIFPDSTADDR                = 0xc0206948
+	SIOCGIFPHYS                    = 0xc0206935
+	SIOCGIFPSRCADDR                = 0xc0206947
+	SIOCGIFRSSHASH                 = 0xc0186997
+	SIOCGIFRSSKEY                  = 0xc0946996
+	SIOCGIFSTATUS                  = 0xc331693b
+	SIOCGIFXMEDIA                  = 0xc030698b
+	SIOCGLANPCP                    = 0xc0206998
+	SIOCGLOWAT                     = 0x40047303
+	SIOCGPGRP                      = 0x40047309
+	SIOCGPRIVATE_0                 = 0xc0206950
+	SIOCGPRIVATE_1                 = 0xc0206951
+	SIOCGTUNFIB                    = 0xc020695e
+	SIOCIFCREATE                   = 0xc020697a
+	SIOCIFCREATE2                  = 0xc020697c
+	SIOCIFDESTROY                  = 0x80206979
+	SIOCIFGCLONERS                 = 0xc0106978
+	SIOCSDRVSPEC                   = 0x8028697b
+	SIOCSHIWAT                     = 0x80047300
+	SIOCSIFADDR                    = 0x8020690c
+	SIOCSIFBRDADDR                 = 0x80206913
+	SIOCSIFCAP                     = 0x8020691e
+	SIOCSIFDESCR                   = 0x80206929
+	SIOCSIFDSTADDR                 = 0x8020690e
+	SIOCSIFFIB                     = 0x8020695d
+	SIOCSIFFLAGS                   = 0x80206910
+	SIOCSIFGENERIC                 = 0x80206939
+	SIOCSIFLLADDR                  = 0x8020693c
+	SIOCSIFMAC                     = 0x80206927
+	SIOCSIFMEDIA                   = 0xc0206937
+	SIOCSIFMETRIC                  = 0x80206918
+	SIOCSIFMTU                     = 0x80206934
+	SIOCSIFNAME                    = 0x80206928
+	SIOCSIFNETMASK                 = 0x80206916
+	SIOCSIFPHYADDR                 = 0x80406946
+	SIOCSIFPHYS                    = 0x80206936
+	SIOCSIFRVNET                   = 0xc020695b
+	SIOCSIFVNET                    = 0xc020695a
+	SIOCSLANPCP                    = 0x80206999
+	SIOCSLOWAT                     = 0x80047302
+	SIOCSPGRP                      = 0x80047308
+	SIOCSTUNFIB                    = 0x8020695f
+	SOCK_CLOEXEC                   = 0x10000000
+	SOCK_DGRAM                     = 0x2
+	SOCK_MAXADDRLEN                = 0xff
+	SOCK_NONBLOCK                  = 0x20000000
+	SOCK_RAW                       = 0x3
+	SOCK_RDM                       = 0x4
+	SOCK_SEQPACKET                 = 0x5
+	SOCK_STREAM                    = 0x1
+	SOL_SOCKET                     = 0xffff
+	SOMAXCONN                      = 0x80
+	SO_ACCEPTCONN                  = 0x2
+	SO_ACCEPTFILTER                = 0x1000
+	SO_BINTIME                     = 0x2000
+	SO_BROADCAST                   = 0x20
+	SO_DEBUG                       = 0x1
+	SO_DOMAIN                      = 0x1019
+	SO_DONTROUTE                   = 0x10
+	SO_ERROR                       = 0x1007
+	SO_KEEPALIVE                   = 0x8
+	SO_LABEL                       = 0x1009
+	SO_LINGER                      = 0x80
+	SO_LISTENINCQLEN               = 0x1013
+	SO_LISTENQLEN                  = 0x1012
+	SO_LISTENQLIMIT                = 0x1011
+	SO_MAX_PACING_RATE             = 0x1018
+	SO_NOSIGPIPE                   = 0x800
+	SO_NO_DDP                      = 0x8000
+	SO_NO_OFFLOAD                  = 0x4000
+	SO_OOBINLINE                   = 0x100
+	SO_PEERLABEL                   = 0x1010
+	SO_PROTOCOL                    = 0x1016
+	SO_PROTOTYPE                   = 0x1016
+	SO_RCVBUF                      = 0x1002
+	SO_RCVLOWAT                    = 0x1004
+	SO_RCVTIMEO                    = 0x1006
+	SO_REUSEADDR                   = 0x4
+	SO_REUSEPORT                   = 0x200
+	SO_REUSEPORT_LB                = 0x10000
+	SO_SETFIB                      = 0x1014
+	SO_SNDBUF                      = 0x1001
+	SO_SNDLOWAT                    = 0x1003
+	SO_SNDTIMEO                    = 0x1005
+	SO_TIMESTAMP                   = 0x400
+	SO_TS_BINTIME                  = 0x1
+	SO_TS_CLOCK                    = 0x1017
+	SO_TS_CLOCK_MAX                = 0x3
+	SO_TS_DEFAULT                  = 0x0
+	SO_TS_MONOTONIC                = 0x3
+	SO_TS_REALTIME                 = 0x2
+	SO_TS_REALTIME_MICRO           = 0x0
+	SO_TYPE                        = 0x1008
+	SO_USELOOPBACK                 = 0x40
+	SO_USER_COOKIE                 = 0x1015
+	SO_VENDOR                      = 0x80000000
+	S_BLKSIZE                      = 0x200
+	S_IEXEC                        = 0x40
+	S_IFBLK                        = 0x6000
+	S_IFCHR                        = 0x2000
+	S_IFDIR                        = 0x4000
+	S_IFIFO                        = 0x1000
+	S_IFLNK                        = 0xa000
+	S_IFMT                         = 0xf000
+	S_IFREG                        = 0x8000
+	S_IFSOCK                       = 0xc000
+	S_IFWHT                        = 0xe000
+	S_IREAD                        = 0x100
+	S_IRGRP                        = 0x20
+	S_IROTH                        = 0x4
+	S_IRUSR                        = 0x100
+	S_IRWXG                        = 0x38
+	S_IRWXO                        = 0x7
+	S_IRWXU                        = 0x1c0
+	S_ISGID                        = 0x400
+	S_ISTXT                        = 0x200
+	S_ISUID                        = 0x800
+	S_ISVTX                        = 0x200
+	S_IWGRP                        = 0x10
+	S_IWOTH                        = 0x2
+	S_IWRITE                       = 0x80
+	S_IWUSR                        = 0x80
+	S_IXGRP                        = 0x8
+	S_IXOTH                        = 0x1
+	S_IXUSR                        = 0x40
+	TAB0                           = 0x0
+	TAB3                           = 0x4
+	TABDLY                         = 0x4
+	TCIFLUSH                       = 0x1
+	TCIOFF                         = 0x3
+	TCIOFLUSH                      = 0x3
+	TCION                          = 0x4
+	TCOFLUSH                       = 0x2
+	TCOOFF                         = 0x1
+	TCOON                          = 0x2
+	TCP_BBR_ACK_COMP_ALG           = 0x448
+	TCP_BBR_DRAIN_INC_EXTRA        = 0x43c
+	TCP_BBR_DRAIN_PG               = 0x42e
+	TCP_BBR_EXTRA_GAIN             = 0x449
+	TCP_BBR_IWINTSO                = 0x42b
+	TCP_BBR_LOWGAIN_FD             = 0x436
+	TCP_BBR_LOWGAIN_HALF           = 0x435
+	TCP_BBR_LOWGAIN_THRESH         = 0x434
+	TCP_BBR_MAX_RTO                = 0x439
+	TCP_BBR_MIN_RTO                = 0x438
+	TCP_BBR_ONE_RETRAN             = 0x431
+	TCP_BBR_PACE_CROSS             = 0x442
+	TCP_BBR_PACE_DEL_TAR           = 0x43f
+	TCP_BBR_PACE_PER_SEC           = 0x43e
+	TCP_BBR_PACE_SEG_MAX           = 0x440
+	TCP_BBR_PACE_SEG_MIN           = 0x441
+	TCP_BBR_PROBE_RTT_GAIN         = 0x44d
+	TCP_BBR_PROBE_RTT_INT          = 0x430
+	TCP_BBR_PROBE_RTT_LEN          = 0x44e
+	TCP_BBR_RACK_RTT_USE           = 0x44a
+	TCP_BBR_RECFORCE               = 0x42c
+	TCP_BBR_REC_OVER_HPTS          = 0x43a
+	TCP_BBR_RETRAN_WTSO            = 0x44b
+	TCP_BBR_RWND_IS_APP            = 0x42f
+	TCP_BBR_STARTUP_EXIT_EPOCH     = 0x43d
+	TCP_BBR_STARTUP_LOSS_EXIT      = 0x432
+	TCP_BBR_STARTUP_PG             = 0x42d
+	TCP_BBR_UNLIMITED              = 0x43b
+	TCP_BBR_USEDEL_RATE            = 0x437
+	TCP_BBR_USE_LOWGAIN            = 0x433
+	TCP_CA_NAME_MAX                = 0x10
+	TCP_CCALGOOPT                  = 0x41
+	TCP_CONGESTION                 = 0x40
+	TCP_DATA_AFTER_CLOSE           = 0x44c
+	TCP_DELACK                     = 0x48
+	TCP_FASTOPEN                   = 0x401
+	TCP_FASTOPEN_MAX_COOKIE_LEN    = 0x10
+	TCP_FASTOPEN_MIN_COOKIE_LEN    = 0x4
+	TCP_FASTOPEN_PSK_LEN           = 0x10
+	TCP_FUNCTION_BLK               = 0x2000
+	TCP_FUNCTION_NAME_LEN_MAX      = 0x20
+	TCP_INFO                       = 0x20
+	TCP_KEEPCNT                    = 0x400
+	TCP_KEEPIDLE                   = 0x100
+	TCP_KEEPINIT                   = 0x80
+	TCP_KEEPINTVL                  = 0x200
+	TCP_LOG                        = 0x22
+	TCP_LOGBUF                     = 0x23
+	TCP_LOGDUMP                    = 0x25
+	TCP_LOGDUMPID                  = 0x26
+	TCP_LOGID                      = 0x24
+	TCP_LOG_ID_LEN                 = 0x40
+	TCP_MAXBURST                   = 0x4
+	TCP_MAXHLEN                    = 0x3c
+	TCP_MAXOLEN                    = 0x28
+	TCP_MAXSEG                     = 0x2
+	TCP_MAXWIN                     = 0xffff
+	TCP_MAX_SACK                   = 0x4
+	TCP_MAX_WINSHIFT               = 0xe
+	TCP_MD5SIG                     = 0x10
+	TCP_MINMSS                     = 0xd8
+	TCP_MSS                        = 0x218
+	TCP_NODELAY                    = 0x1
+	TCP_NOOPT                      = 0x8
+	TCP_NOPUSH                     = 0x4
+	TCP_PCAP_IN                    = 0x1000
+	TCP_PCAP_OUT                   = 0x800
+	TCP_RACK_EARLY_RECOV           = 0x423
+	TCP_RACK_EARLY_SEG             = 0x424
+	TCP_RACK_IDLE_REDUCE_HIGH      = 0x444
+	TCP_RACK_MIN_PACE              = 0x445
+	TCP_RACK_MIN_PACE_SEG          = 0x446
+	TCP_RACK_MIN_TO                = 0x422
+	TCP_RACK_PACE_ALWAYS           = 0x41f
+	TCP_RACK_PACE_MAX_SEG          = 0x41e
+	TCP_RACK_PACE_REDUCE           = 0x41d
+	TCP_RACK_PKT_DELAY             = 0x428
+	TCP_RACK_PROP                  = 0x41b
+	TCP_RACK_PROP_RATE             = 0x420
+	TCP_RACK_PRR_SENDALOT          = 0x421
+	TCP_RACK_REORD_FADE            = 0x426
+	TCP_RACK_REORD_THRESH          = 0x425
+	TCP_RACK_SESS_CWV              = 0x42a
+	TCP_RACK_TLP_INC_VAR           = 0x429
+	TCP_RACK_TLP_REDUCE            = 0x41c
+	TCP_RACK_TLP_THRESH            = 0x427
+	TCP_RACK_TLP_USE               = 0x447
+	TCP_VENDOR                     = 0x80000000
+	TCSAFLUSH                      = 0x2
+	TIMER_ABSTIME                  = 0x1
+	TIMER_RELTIME                  = 0x0
+	TIOCCBRK                       = 0x2000747a
+	TIOCCDTR                       = 0x20007478
+	TIOCCONS                       = 0x80047462
+	TIOCDRAIN                      = 0x2000745e
+	TIOCEXCL                       = 0x2000740d
+	TIOCEXT                        = 0x80047460
+	TIOCFLUSH                      = 0x80047410
+	TIOCGDRAINWAIT                 = 0x40047456
+	TIOCGETA                       = 0x402c7413
+	TIOCGETD                       = 0x4004741a
+	TIOCGPGRP                      = 0x40047477
+	TIOCGPTN                       = 0x4004740f
+	TIOCGSID                       = 0x40047463
+	TIOCGWINSZ                     = 0x40087468
+	TIOCMBIC                       = 0x8004746b
+	TIOCMBIS                       = 0x8004746c
+	TIOCMGDTRWAIT                  = 0x4004745a
+	TIOCMGET                       = 0x4004746a
+	TIOCMSDTRWAIT                  = 0x8004745b
+	TIOCMSET                       = 0x8004746d
+	TIOCM_CAR                      = 0x40
+	TIOCM_CD                       = 0x40
+	TIOCM_CTS                      = 0x20
+	TIOCM_DCD                      = 0x40
+	TIOCM_DSR                      = 0x100
+	TIOCM_DTR                      = 0x2
+	TIOCM_LE                       = 0x1
+	TIOCM_RI                       = 0x80
+	TIOCM_RNG                      = 0x80
+	TIOCM_RTS                      = 0x4
+	TIOCM_SR                       = 0x10
+	TIOCM_ST                       = 0x8
+	TIOCNOTTY                      = 0x20007471
+	TIOCNXCL                       = 0x2000740e
+	TIOCOUTQ                       = 0x40047473
+	TIOCPKT                        = 0x80047470
+	TIOCPKT_DATA                   = 0x0
+	TIOCPKT_DOSTOP                 = 0x20
+	TIOCPKT_FLUSHREAD              = 0x1
+	TIOCPKT_FLUSHWRITE             = 0x2
+	TIOCPKT_IOCTL                  = 0x40
+	TIOCPKT_NOSTOP                 = 0x10
+	TIOCPKT_START                  = 0x8
+	TIOCPKT_STOP                   = 0x4
+	TIOCPTMASTER                   = 0x2000741c
+	TIOCSBRK                       = 0x2000747b
+	TIOCSCTTY                      = 0x20007461
+	TIOCSDRAINWAIT                 = 0x80047457
+	TIOCSDTR                       = 0x20007479
+	TIOCSETA                       = 0x802c7414
+	TIOCSETAF                      = 0x802c7416
+	TIOCSETAW                      = 0x802c7415
+	TIOCSETD                       = 0x8004741b
+	TIOCSIG                        = 0x2004745f
+	TIOCSPGRP                      = 0x80047476
+	TIOCSTART                      = 0x2000746e
+	TIOCSTAT                       = 0x20007465
+	TIOCSTI                        = 0x80017472
+	TIOCSTOP                       = 0x2000746f
+	TIOCSWINSZ                     = 0x80087467
+	TIOCTIMESTAMP                  = 0x40107459
+	TIOCUCNTL                      = 0x80047466
+	TOSTOP                         = 0x400000
+	UTIME_NOW                      = -0x1
+	UTIME_OMIT                     = -0x2
+	VDISCARD                       = 0xf
+	VDSUSP                         = 0xb
+	VEOF                           = 0x0
+	VEOL                           = 0x1
+	VEOL2                          = 0x2
+	VERASE                         = 0x3
+	VERASE2                        = 0x7
+	VINTR                          = 0x8
+	VKILL                          = 0x5
+	VLNEXT                         = 0xe
+	VMIN                           = 0x10
+	VQUIT                          = 0x9
+	VREPRINT                       = 0x6
+	VSTART                         = 0xc
+	VSTATUS                        = 0x12
+	VSTOP                          = 0xd
+	VSUSP                          = 0xa
+	VTIME                          = 0x11
+	VWERASE                        = 0x4
+	WCONTINUED                     = 0x4
+	WCOREFLAG                      = 0x80
+	WEXITED                        = 0x10
+	WLINUXCLONE                    = 0x80000000
+	WNOHANG                        = 0x1
+	WNOWAIT                        = 0x8
+	WSTOPPED                       = 0x2
+	WTRAPPED                       = 0x20
+	WUNTRACED                      = 0x2
+)
+
+// Errors
+const (
+	E2BIG           = syscall.Errno(0x7)
+	EACCES          = syscall.Errno(0xd)
+	EADDRINUSE      = syscall.Errno(0x30)
+	EADDRNOTAVAIL   = syscall.Errno(0x31)
+	EAFNOSUPPORT    = syscall.Errno(0x2f)
+	EAGAIN          = syscall.Errno(0x23)
+	EALREADY        = syscall.Errno(0x25)
+	EAUTH           = syscall.Errno(0x50)
+	EBADF           = syscall.Errno(0x9)
+	EBADMSG         = syscall.Errno(0x59)
+	EBADRPC         = syscall.Errno(0x48)
+	EBUSY           = syscall.Errno(0x10)
+	ECANCELED       = syscall.Errno(0x55)
+	ECAPMODE        = syscall.Errno(0x5e)
+	ECHILD          = syscall.Errno(0xa)
+	ECONNABORTED    = syscall.Errno(0x35)
+	ECONNREFUSED    = syscall.Errno(0x3d)
+	ECONNRESET      = syscall.Errno(0x36)
+	EDEADLK         = syscall.Errno(0xb)
+	EDESTADDRREQ    = syscall.Errno(0x27)
+	EDOM            = syscall.Errno(0x21)
+	EDOOFUS         = syscall.Errno(0x58)
+	EDQUOT          = syscall.Errno(0x45)
+	EEXIST          = syscall.Errno(0x11)
+	EFAULT          = syscall.Errno(0xe)
+	EFBIG           = syscall.Errno(0x1b)
+	EFTYPE          = syscall.Errno(0x4f)
+	EHOSTDOWN       = syscall.Errno(0x40)
+	EHOSTUNREACH    = syscall.Errno(0x41)
+	EIDRM           = syscall.Errno(0x52)
+	EILSEQ          = syscall.Errno(0x56)
+	EINPROGRESS     = syscall.Errno(0x24)
+	EINTR           = syscall.Errno(0x4)
+	EINVAL          = syscall.Errno(0x16)
+	EIO             = syscall.Errno(0x5)
+	EISCONN         = syscall.Errno(0x38)
+	EISDIR          = syscall.Errno(0x15)
+	ELAST           = syscall.Errno(0x60)
+	ELOOP           = syscall.Errno(0x3e)
+	EMFILE          = syscall.Errno(0x18)
+	EMLINK          = syscall.Errno(0x1f)
+	EMSGSIZE        = syscall.Errno(0x28)
+	EMULTIHOP       = syscall.Errno(0x5a)
+	ENAMETOOLONG    = syscall.Errno(0x3f)
+	ENEEDAUTH       = syscall.Errno(0x51)
+	ENETDOWN        = syscall.Errno(0x32)
+	ENETRESET       = syscall.Errno(0x34)
+	ENETUNREACH     = syscall.Errno(0x33)
+	ENFILE          = syscall.Errno(0x17)
+	ENOATTR         = syscall.Errno(0x57)
+	ENOBUFS         = syscall.Errno(0x37)
+	ENODEV          = syscall.Errno(0x13)
+	ENOENT          = syscall.Errno(0x2)
+	ENOEXEC         = syscall.Errno(0x8)
+	ENOLCK          = syscall.Errno(0x4d)
+	ENOLINK         = syscall.Errno(0x5b)
+	ENOMEM          = syscall.Errno(0xc)
+	ENOMSG          = syscall.Errno(0x53)
+	ENOPROTOOPT     = syscall.Errno(0x2a)
+	ENOSPC          = syscall.Errno(0x1c)
+	ENOSYS          = syscall.Errno(0x4e)
+	ENOTBLK         = syscall.Errno(0xf)
+	ENOTCAPABLE     = syscall.Errno(0x5d)
+	ENOTCONN        = syscall.Errno(0x39)
+	ENOTDIR         = syscall.Errno(0x14)
+	ENOTEMPTY       = syscall.Errno(0x42)
+	ENOTRECOVERABLE = syscall.Errno(0x5f)
+	ENOTSOCK        = syscall.Errno(0x26)
+	ENOTSUP         = syscall.Errno(0x2d)
+	ENOTTY          = syscall.Errno(0x19)
+	ENXIO           = syscall.Errno(0x6)
+	EOPNOTSUPP      = syscall.Errno(0x2d)
+	EOVERFLOW       = syscall.Errno(0x54)
+	EOWNERDEAD      = syscall.Errno(0x60)
+	EPERM           = syscall.Errno(0x1)
+	EPFNOSUPPORT    = syscall.Errno(0x2e)
+	EPIPE           = syscall.Errno(0x20)
+	EPROCLIM        = syscall.Errno(0x43)
+	EPROCUNAVAIL    = syscall.Errno(0x4c)
+	EPROGMISMATCH   = syscall.Errno(0x4b)
+	EPROGUNAVAIL    = syscall.Errno(0x4a)
+	EPROTO          = syscall.Errno(0x5c)
+	EPROTONOSUPPORT = syscall.Errno(0x2b)
+	EPROTOTYPE      = syscall.Errno(0x29)
+	ERANGE          = syscall.Errno(0x22)
+	EREMOTE         = syscall.Errno(0x47)
+	EROFS           = syscall.Errno(0x1e)
+	ERPCMISMATCH    = syscall.Errno(0x49)
+	ESHUTDOWN       = syscall.Errno(0x3a)
+	ESOCKTNOSUPPORT = syscall.Errno(0x2c)
+	ESPIPE          = syscall.Errno(0x1d)
+	ESRCH           = syscall.Errno(0x3)
+	ESTALE          = syscall.Errno(0x46)
+	ETIMEDOUT       = syscall.Errno(0x3c)
+	ETOOMANYREFS    = syscall.Errno(0x3b)
+	ETXTBSY         = syscall.Errno(0x1a)
+	EUSERS          = syscall.Errno(0x44)
+	EWOULDBLOCK     = syscall.Errno(0x23)
+	EXDEV           = syscall.Errno(0x12)
+)
+
+// Signals
+const (
+	SIGABRT   = syscall.Signal(0x6)
+	SIGALRM   = syscall.Signal(0xe)
+	SIGBUS    = syscall.Signal(0xa)
+	SIGCHLD   = syscall.Signal(0x14)
+	SIGCONT   = syscall.Signal(0x13)
+	SIGEMT    = syscall.Signal(0x7)
+	SIGFPE    = syscall.Signal(0x8)
+	SIGHUP    = syscall.Signal(0x1)
+	SIGILL    = syscall.Signal(0x4)
+	SIGINFO   = syscall.Signal(0x1d)
+	SIGINT    = syscall.Signal(0x2)
+	SIGIO     = syscall.Signal(0x17)
+	SIGIOT    = syscall.Signal(0x6)
+	SIGKILL   = syscall.Signal(0x9)
+	SIGLIBRT  = syscall.Signal(0x21)
+	SIGLWP    = syscall.Signal(0x20)
+	SIGPIPE   = syscall.Signal(0xd)
+	SIGPROF   = syscall.Signal(0x1b)
+	SIGQUIT   = syscall.Signal(0x3)
+	SIGSEGV   = syscall.Signal(0xb)
+	SIGSTOP   = syscall.Signal(0x11)
+	SIGSYS    = syscall.Signal(0xc)
+	SIGTERM   = syscall.Signal(0xf)
+	SIGTHR    = syscall.Signal(0x20)
+	SIGTRAP   = syscall.Signal(0x5)
+	SIGTSTP   = syscall.Signal(0x12)
+	SIGTTIN   = syscall.Signal(0x15)
+	SIGTTOU   = syscall.Signal(0x16)
+	SIGURG    = syscall.Signal(0x10)
+	SIGUSR1   = syscall.Signal(0x1e)
+	SIGUSR2   = syscall.Signal(0x1f)
+	SIGVTALRM = syscall.Signal(0x1a)
+	SIGWINCH  = syscall.Signal(0x1c)
+	SIGXCPU   = syscall.Signal(0x18)
+	SIGXFSZ   = syscall.Signal(0x19)
+)
+
+// Error table
+var errorList = [...]struct {
+	num  syscall.Errno
+	name string
+	desc string
+}{
+	{1, "EPERM", "operation not permitted"},
+	{2, "ENOENT", "no such file or directory"},
+	{3, "ESRCH", "no such process"},
+	{4, "EINTR", "interrupted system call"},
+	{5, "EIO", "input/output error"},
+	{6, "ENXIO", "device not configured"},
+	{7, "E2BIG", "argument list too long"},
+	{8, "ENOEXEC", "exec format error"},
+	{9, "EBADF", "bad file descriptor"},
+	{10, "ECHILD", "no child processes"},
+	{11, "EDEADLK", "resource deadlock avoided"},
+	{12, "ENOMEM", "cannot allocate memory"},
+	{13, "EACCES", "permission denied"},
+	{14, "EFAULT", "bad address"},
+	{15, "ENOTBLK", "block device required"},
+	{16, "EBUSY", "device busy"},
+	{17, "EEXIST", "file exists"},
+	{18, "EXDEV", "cross-device link"},
+	{19, "ENODEV", "operation not supported by device"},
+	{20, "ENOTDIR", "not a directory"},
+	{21, "EISDIR", "is a directory"},
+	{22, "EINVAL", "invalid argument"},
+	{23, "ENFILE", "too many open files in system"},
+	{24, "EMFILE", "too many open files"},
+	{25, "ENOTTY", "inappropriate ioctl for device"},
+	{26, "ETXTBSY", "text file busy"},
+	{27, "EFBIG", "file too large"},
+	{28, "ENOSPC", "no space left on device"},
+	{29, "ESPIPE", "illegal seek"},
+	{30, "EROFS", "read-only file system"},
+	{31, "EMLINK", "too many links"},
+	{32, "EPIPE", "broken pipe"},
+	{33, "EDOM", "numerical argument out of domain"},
+	{34, "ERANGE", "result too large"},
+	{35, "EAGAIN", "resource temporarily unavailable"},
+	{36, "EINPROGRESS", "operation now in progress"},
+	{37, "EALREADY", "operation already in progress"},
+	{38, "ENOTSOCK", "socket operation on non-socket"},
+	{39, "EDESTADDRREQ", "destination address required"},
+	{40, "EMSGSIZE", "message too long"},
+	{41, "EPROTOTYPE", "protocol wrong type for socket"},
+	{42, "ENOPROTOOPT", "protocol not available"},
+	{43, "EPROTONOSUPPORT", "protocol not supported"},
+	{44, "ESOCKTNOSUPPORT", "socket type not supported"},
+	{45, "EOPNOTSUPP", "operation not supported"},
+	{46, "EPFNOSUPPORT", "protocol family not supported"},
+	{47, "EAFNOSUPPORT", "address family not supported by protocol family"},
+	{48, "EADDRINUSE", "address already in use"},
+	{49, "EADDRNOTAVAIL", "can't assign requested address"},
+	{50, "ENETDOWN", "network is down"},
+	{51, "ENETUNREACH", "network is unreachable"},
+	{52, "ENETRESET", "network dropped connection on reset"},
+	{53, "ECONNABORTED", "software caused connection abort"},
+	{54, "ECONNRESET", "connection reset by peer"},
+	{55, "ENOBUFS", "no buffer space available"},
+	{56, "EISCONN", "socket is already connected"},
+	{57, "ENOTCONN", "socket is not connected"},
+	{58, "ESHUTDOWN", "can't send after socket shutdown"},
+	{59, "ETOOMANYREFS", "too many references: can't splice"},
+	{60, "ETIMEDOUT", "operation timed out"},
+	{61, "ECONNREFUSED", "connection refused"},
+	{62, "ELOOP", "too many levels of symbolic links"},
+	{63, "ENAMETOOLONG", "file name too long"},
+	{64, "EHOSTDOWN", "host is down"},
+	{65, "EHOSTUNREACH", "no route to host"},
+	{66, "ENOTEMPTY", "directory not empty"},
+	{67, "EPROCLIM", "too many processes"},
+	{68, "EUSERS", "too many users"},
+	{69, "EDQUOT", "disc quota exceeded"},
+	{70, "ESTALE", "stale NFS file handle"},
+	{71, "EREMOTE", "too many levels of remote in path"},
+	{72, "EBADRPC", "RPC struct is bad"},
+	{73, "ERPCMISMATCH", "RPC version wrong"},
+	{74, "EPROGUNAVAIL", "RPC prog. not avail"},
+	{75, "EPROGMISMATCH", "program version wrong"},
+	{76, "EPROCUNAVAIL", "bad procedure for program"},
+	{77, "ENOLCK", "no locks available"},
+	{78, "ENOSYS", "function not implemented"},
+	{79, "EFTYPE", "inappropriate file type or format"},
+	{80, "EAUTH", "authentication error"},
+	{81, "ENEEDAUTH", "need authenticator"},
+	{82, "EIDRM", "identifier removed"},
+	{83, "ENOMSG", "no message of desired type"},
+	{84, "EOVERFLOW", "value too large to be stored in data type"},
+	{85, "ECANCELED", "operation canceled"},
+	{86, "EILSEQ", "illegal byte sequence"},
+	{87, "ENOATTR", "attribute not found"},
+	{88, "EDOOFUS", "programming error"},
+	{89, "EBADMSG", "bad message"},
+	{90, "EMULTIHOP", "multihop attempted"},
+	{91, "ENOLINK", "link has been severed"},
+	{92, "EPROTO", "protocol error"},
+	{93, "ENOTCAPABLE", "capabilities insufficient"},
+	{94, "ECAPMODE", "not permitted in capability mode"},
+	{95, "ENOTRECOVERABLE", "state not recoverable"},
+	{96, "EOWNERDEAD", "previous owner died"},
+}
+
+// Signal table
+var signalList = [...]struct {
+	num  syscall.Signal
+	name string
+	desc string
+}{
+	{1, "SIGHUP", "hangup"},
+	{2, "SIGINT", "interrupt"},
+	{3, "SIGQUIT", "quit"},
+	{4, "SIGILL", "illegal instruction"},
+	{5, "SIGTRAP", "trace/BPT trap"},
+	{6, "SIGIOT", "abort trap"},
+	{7, "SIGEMT", "EMT trap"},
+	{8, "SIGFPE", "floating point exception"},
+	{9, "SIGKILL", "killed"},
+	{10, "SIGBUS", "bus error"},
+	{11, "SIGSEGV", "segmentation fault"},
+	{12, "SIGSYS", "bad system call"},
+	{13, "SIGPIPE", "broken pipe"},
+	{14, "SIGALRM", "alarm clock"},
+	{15, "SIGTERM", "terminated"},
+	{16, "SIGURG", "urgent I/O condition"},
+	{17, "SIGSTOP", "suspended (signal)"},
+	{18, "SIGTSTP", "suspended"},
+	{19, "SIGCONT", "continued"},
+	{20, "SIGCHLD", "child exited"},
+	{21, "SIGTTIN", "stopped (tty input)"},
+	{22, "SIGTTOU", "stopped (tty output)"},
+	{23, "SIGIO", "I/O possible"},
+	{24, "SIGXCPU", "cputime limit exceeded"},
+	{25, "SIGXFSZ", "filesize limit exceeded"},
+	{26, "SIGVTALRM", "virtual timer expired"},
+	{27, "SIGPROF", "profiling timer expired"},
+	{28, "SIGWINCH", "window size changes"},
+	{29, "SIGINFO", "information request"},
+	{30, "SIGUSR1", "user defined signal 1"},
+	{31, "SIGUSR2", "user defined signal 2"},
+	{32, "SIGTHR", "unknown signal"},
+	{33, "SIGLIBRT", "unknown signal"},
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go
new file mode 100644
index 000000000..be14bb1a4
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go
@@ -0,0 +1,1825 @@
+// mkerrors.sh
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build arm,freebsd
+
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs -- _const.go
+
+package unix
+
+import "syscall"
+
+const (
+	AF_APPLETALK                   = 0x10
+	AF_ARP                         = 0x23
+	AF_ATM                         = 0x1e
+	AF_BLUETOOTH                   = 0x24
+	AF_CCITT                       = 0xa
+	AF_CHAOS                       = 0x5
+	AF_CNT                         = 0x15
+	AF_COIP                        = 0x14
+	AF_DATAKIT                     = 0x9
+	AF_DECnet                      = 0xc
+	AF_DLI                         = 0xd
+	AF_E164                        = 0x1a
+	AF_ECMA                        = 0x8
+	AF_HYLINK                      = 0xf
+	AF_IEEE80211                   = 0x25
+	AF_IMPLINK                     = 0x3
+	AF_INET                        = 0x2
+	AF_INET6                       = 0x1c
+	AF_INET6_SDP                   = 0x2a
+	AF_INET_SDP                    = 0x28
+	AF_IPX                         = 0x17
+	AF_ISDN                        = 0x1a
+	AF_ISO                         = 0x7
+	AF_LAT                         = 0xe
+	AF_LINK                        = 0x12
+	AF_LOCAL                       = 0x1
+	AF_MAX                         = 0x2a
+	AF_NATM                        = 0x1d
+	AF_NETBIOS                     = 0x6
+	AF_NETGRAPH                    = 0x20
+	AF_OSI                         = 0x7
+	AF_PUP                         = 0x4
+	AF_ROUTE                       = 0x11
+	AF_SCLUSTER                    = 0x22
+	AF_SIP                         = 0x18
+	AF_SLOW                        = 0x21
+	AF_SNA                         = 0xb
+	AF_UNIX                        = 0x1
+	AF_UNSPEC                      = 0x0
+	AF_VENDOR00                    = 0x27
+	AF_VENDOR01                    = 0x29
+	AF_VENDOR02                    = 0x2b
+	AF_VENDOR03                    = 0x2d
+	AF_VENDOR04                    = 0x2f
+	AF_VENDOR05                    = 0x31
+	AF_VENDOR06                    = 0x33
+	AF_VENDOR07                    = 0x35
+	AF_VENDOR08                    = 0x37
+	AF_VENDOR09                    = 0x39
+	AF_VENDOR10                    = 0x3b
+	AF_VENDOR11                    = 0x3d
+	AF_VENDOR12                    = 0x3f
+	AF_VENDOR13                    = 0x41
+	AF_VENDOR14                    = 0x43
+	AF_VENDOR15                    = 0x45
+	AF_VENDOR16                    = 0x47
+	AF_VENDOR17                    = 0x49
+	AF_VENDOR18                    = 0x4b
+	AF_VENDOR19                    = 0x4d
+	AF_VENDOR20                    = 0x4f
+	AF_VENDOR21                    = 0x51
+	AF_VENDOR22                    = 0x53
+	AF_VENDOR23                    = 0x55
+	AF_VENDOR24                    = 0x57
+	AF_VENDOR25                    = 0x59
+	AF_VENDOR26                    = 0x5b
+	AF_VENDOR27                    = 0x5d
+	AF_VENDOR28                    = 0x5f
+	AF_VENDOR29                    = 0x61
+	AF_VENDOR30                    = 0x63
+	AF_VENDOR31                    = 0x65
+	AF_VENDOR32                    = 0x67
+	AF_VENDOR33                    = 0x69
+	AF_VENDOR34                    = 0x6b
+	AF_VENDOR35                    = 0x6d
+	AF_VENDOR36                    = 0x6f
+	AF_VENDOR37                    = 0x71
+	AF_VENDOR38                    = 0x73
+	AF_VENDOR39                    = 0x75
+	AF_VENDOR40                    = 0x77
+	AF_VENDOR41                    = 0x79
+	AF_VENDOR42                    = 0x7b
+	AF_VENDOR43                    = 0x7d
+	AF_VENDOR44                    = 0x7f
+	AF_VENDOR45                    = 0x81
+	AF_VENDOR46                    = 0x83
+	AF_VENDOR47                    = 0x85
+	ALTWERASE                      = 0x200
+	B0                             = 0x0
+	B110                           = 0x6e
+	B115200                        = 0x1c200
+	B1200                          = 0x4b0
+	B134                           = 0x86
+	B14400                         = 0x3840
+	B150                           = 0x96
+	B1800                          = 0x708
+	B19200                         = 0x4b00
+	B200                           = 0xc8
+	B230400                        = 0x38400
+	B2400                          = 0x960
+	B28800                         = 0x7080
+	B300                           = 0x12c
+	B38400                         = 0x9600
+	B460800                        = 0x70800
+	B4800                          = 0x12c0
+	B50                            = 0x32
+	B57600                         = 0xe100
+	B600                           = 0x258
+	B7200                          = 0x1c20
+	B75                            = 0x4b
+	B76800                         = 0x12c00
+	B921600                        = 0xe1000
+	B9600                          = 0x2580
+	BIOCFEEDBACK                   = 0x8004427c
+	BIOCFLUSH                      = 0x20004268
+	BIOCGBLEN                      = 0x40044266
+	BIOCGDIRECTION                 = 0x40044276
+	BIOCGDLT                       = 0x4004426a
+	BIOCGDLTLIST                   = 0xc0084279
+	BIOCGETBUFMODE                 = 0x4004427d
+	BIOCGETIF                      = 0x4020426b
+	BIOCGETZMAX                    = 0x4004427f
+	BIOCGHDRCMPLT                  = 0x40044274
+	BIOCGRSIG                      = 0x40044272
+	BIOCGRTIMEOUT                  = 0x4010426e
+	BIOCGSEESENT                   = 0x40044276
+	BIOCGSTATS                     = 0x4008426f
+	BIOCGTSTAMP                    = 0x40044283
+	BIOCIMMEDIATE                  = 0x80044270
+	BIOCLOCK                       = 0x2000427a
+	BIOCPROMISC                    = 0x20004269
+	BIOCROTZBUF                    = 0x400c4280
+	BIOCSBLEN                      = 0xc0044266
+	BIOCSDIRECTION                 = 0x80044277
+	BIOCSDLT                       = 0x80044278
+	BIOCSETBUFMODE                 = 0x8004427e
+	BIOCSETF                       = 0x80084267
+	BIOCSETFNR                     = 0x80084282
+	BIOCSETIF                      = 0x8020426c
+	BIOCSETWF                      = 0x8008427b
+	BIOCSETZBUF                    = 0x800c4281
+	BIOCSHDRCMPLT                  = 0x80044275
+	BIOCSRSIG                      = 0x80044273
+	BIOCSRTIMEOUT                  = 0x8010426d
+	BIOCSSEESENT                   = 0x80044277
+	BIOCSTSTAMP                    = 0x80044284
+	BIOCVERSION                    = 0x40044271
+	BPF_A                          = 0x10
+	BPF_ABS                        = 0x20
+	BPF_ADD                        = 0x0
+	BPF_ALIGNMENT                  = 0x4
+	BPF_ALU                        = 0x4
+	BPF_AND                        = 0x50
+	BPF_B                          = 0x10
+	BPF_BUFMODE_BUFFER             = 0x1
+	BPF_BUFMODE_ZBUF               = 0x2
+	BPF_DIV                        = 0x30
+	BPF_H                          = 0x8
+	BPF_IMM                        = 0x0
+	BPF_IND                        = 0x40
+	BPF_JA                         = 0x0
+	BPF_JEQ                        = 0x10
+	BPF_JGE                        = 0x30
+	BPF_JGT                        = 0x20
+	BPF_JMP                        = 0x5
+	BPF_JSET                       = 0x40
+	BPF_K                          = 0x0
+	BPF_LD                         = 0x0
+	BPF_LDX                        = 0x1
+	BPF_LEN                        = 0x80
+	BPF_LSH                        = 0x60
+	BPF_MAJOR_VERSION              = 0x1
+	BPF_MAXBUFSIZE                 = 0x80000
+	BPF_MAXINSNS                   = 0x200
+	BPF_MEM                        = 0x60
+	BPF_MEMWORDS                   = 0x10
+	BPF_MINBUFSIZE                 = 0x20
+	BPF_MINOR_VERSION              = 0x1
+	BPF_MISC                       = 0x7
+	BPF_MOD                        = 0x90
+	BPF_MSH                        = 0xa0
+	BPF_MUL                        = 0x20
+	BPF_NEG                        = 0x80
+	BPF_OR                         = 0x40
+	BPF_RELEASE                    = 0x30bb6
+	BPF_RET                        = 0x6
+	BPF_RSH                        = 0x70
+	BPF_ST                         = 0x2
+	BPF_STX                        = 0x3
+	BPF_SUB                        = 0x10
+	BPF_TAX                        = 0x0
+	BPF_TXA                        = 0x80
+	BPF_T_BINTIME                  = 0x2
+	BPF_T_BINTIME_FAST             = 0x102
+	BPF_T_BINTIME_MONOTONIC        = 0x202
+	BPF_T_BINTIME_MONOTONIC_FAST   = 0x302
+	BPF_T_FAST                     = 0x100
+	BPF_T_FLAG_MASK                = 0x300
+	BPF_T_FORMAT_MASK              = 0x3
+	BPF_T_MICROTIME                = 0x0
+	BPF_T_MICROTIME_FAST           = 0x100
+	BPF_T_MICROTIME_MONOTONIC      = 0x200
+	BPF_T_MICROTIME_MONOTONIC_FAST = 0x300
+	BPF_T_MONOTONIC                = 0x200
+	BPF_T_MONOTONIC_FAST           = 0x300
+	BPF_T_NANOTIME                 = 0x1
+	BPF_T_NANOTIME_FAST            = 0x101
+	BPF_T_NANOTIME_MONOTONIC       = 0x201
+	BPF_T_NANOTIME_MONOTONIC_FAST  = 0x301
+	BPF_T_NONE                     = 0x3
+	BPF_T_NORMAL                   = 0x0
+	BPF_W                          = 0x0
+	BPF_X                          = 0x8
+	BPF_XOR                        = 0xa0
+	BRKINT                         = 0x2
+	CAP_ACCEPT                     = 0x200000020000000
+	CAP_ACL_CHECK                  = 0x400000000010000
+	CAP_ACL_DELETE                 = 0x400000000020000
+	CAP_ACL_GET                    = 0x400000000040000
+	CAP_ACL_SET                    = 0x400000000080000
+	CAP_ALL0                       = 0x20007ffffffffff
+	CAP_ALL1                       = 0x4000000001fffff
+	CAP_BIND                       = 0x200000040000000
+	CAP_BINDAT                     = 0x200008000000400
+	CAP_CHFLAGSAT                  = 0x200000000001400
+	CAP_CONNECT                    = 0x200000080000000
+	CAP_CONNECTAT                  = 0x200010000000400
+	CAP_CREATE                     = 0x200000000000040
+	CAP_EVENT                      = 0x400000000000020
+	CAP_EXTATTR_DELETE             = 0x400000000001000
+	CAP_EXTATTR_GET                = 0x400000000002000
+	CAP_EXTATTR_LIST               = 0x400000000004000
+	CAP_EXTATTR_SET                = 0x400000000008000
+	CAP_FCHDIR                     = 0x200000000000800
+	CAP_FCHFLAGS                   = 0x200000000001000
+	CAP_FCHMOD                     = 0x200000000002000
+	CAP_FCHMODAT                   = 0x200000000002400
+	CAP_FCHOWN                     = 0x200000000004000
+	CAP_FCHOWNAT                   = 0x200000000004400
+	CAP_FCNTL                      = 0x200000000008000
+	CAP_FCNTL_ALL                  = 0x78
+	CAP_FCNTL_GETFL                = 0x8
+	CAP_FCNTL_GETOWN               = 0x20
+	CAP_FCNTL_SETFL                = 0x10
+	CAP_FCNTL_SETOWN               = 0x40
+	CAP_FEXECVE                    = 0x200000000000080
+	CAP_FLOCK                      = 0x200000000010000
+	CAP_FPATHCONF                  = 0x200000000020000
+	CAP_FSCK                       = 0x200000000040000
+	CAP_FSTAT                      = 0x200000000080000
+	CAP_FSTATAT                    = 0x200000000080400
+	CAP_FSTATFS                    = 0x200000000100000
+	CAP_FSYNC                      = 0x200000000000100
+	CAP_FTRUNCATE                  = 0x200000000000200
+	CAP_FUTIMES                    = 0x200000000200000
+	CAP_FUTIMESAT                  = 0x200000000200400
+	CAP_GETPEERNAME                = 0x200000100000000
+	CAP_GETSOCKNAME                = 0x200000200000000
+	CAP_GETSOCKOPT                 = 0x200000400000000
+	CAP_IOCTL                      = 0x400000000000080
+	CAP_IOCTLS_ALL                 = 0x7fffffff
+	CAP_KQUEUE                     = 0x400000000100040
+	CAP_KQUEUE_CHANGE              = 0x400000000100000
+	CAP_KQUEUE_EVENT               = 0x400000000000040
+	CAP_LINKAT_SOURCE              = 0x200020000000400
+	CAP_LINKAT_TARGET              = 0x200000000400400
+	CAP_LISTEN                     = 0x200000800000000
+	CAP_LOOKUP                     = 0x200000000000400
+	CAP_MAC_GET                    = 0x400000000000001
+	CAP_MAC_SET                    = 0x400000000000002
+	CAP_MKDIRAT                    = 0x200000000800400
+	CAP_MKFIFOAT                   = 0x200000001000400
+	CAP_MKNODAT                    = 0x200000002000400
+	CAP_MMAP                       = 0x200000000000010
+	CAP_MMAP_R                     = 0x20000000000001d
+	CAP_MMAP_RW                    = 0x20000000000001f
+	CAP_MMAP_RWX                   = 0x20000000000003f
+	CAP_MMAP_RX                    = 0x20000000000003d
+	CAP_MMAP_W                     = 0x20000000000001e
+	CAP_MMAP_WX                    = 0x20000000000003e
+	CAP_MMAP_X                     = 0x20000000000003c
+	CAP_PDGETPID                   = 0x400000000000200
+	CAP_PDKILL                     = 0x400000000000800
+	CAP_PDWAIT                     = 0x400000000000400
+	CAP_PEELOFF                    = 0x200001000000000
+	CAP_POLL_EVENT                 = 0x400000000000020
+	CAP_PREAD                      = 0x20000000000000d
+	CAP_PWRITE                     = 0x20000000000000e
+	CAP_READ                       = 0x200000000000001
+	CAP_RECV                       = 0x200000000000001
+	CAP_RENAMEAT_SOURCE            = 0x200000004000400
+	CAP_RENAMEAT_TARGET            = 0x200040000000400
+	CAP_RIGHTS_VERSION             = 0x0
+	CAP_RIGHTS_VERSION_00          = 0x0
+	CAP_SEEK                       = 0x20000000000000c
+	CAP_SEEK_TELL                  = 0x200000000000004
+	CAP_SEM_GETVALUE               = 0x400000000000004
+	CAP_SEM_POST                   = 0x400000000000008
+	CAP_SEM_WAIT                   = 0x400000000000010
+	CAP_SEND                       = 0x200000000000002
+	CAP_SETSOCKOPT                 = 0x200002000000000
+	CAP_SHUTDOWN                   = 0x200004000000000
+	CAP_SOCK_CLIENT                = 0x200007780000003
+	CAP_SOCK_SERVER                = 0x200007f60000003
+	CAP_SYMLINKAT                  = 0x200000008000400
+	CAP_TTYHOOK                    = 0x400000000000100
+	CAP_UNLINKAT                   = 0x200000010000400
+	CAP_UNUSED0_44                 = 0x200080000000000
+	CAP_UNUSED0_57                 = 0x300000000000000
+	CAP_UNUSED1_22                 = 0x400000000200000
+	CAP_UNUSED1_57                 = 0x500000000000000
+	CAP_WRITE                      = 0x200000000000002
+	CFLUSH                         = 0xf
+	CLOCAL                         = 0x8000
+	CLOCK_MONOTONIC                = 0x4
+	CLOCK_MONOTONIC_FAST           = 0xc
+	CLOCK_MONOTONIC_PRECISE        = 0xb
+	CLOCK_PROCESS_CPUTIME_ID       = 0xf
+	CLOCK_PROF                     = 0x2
+	CLOCK_REALTIME                 = 0x0
+	CLOCK_REALTIME_FAST            = 0xa
+	CLOCK_REALTIME_PRECISE         = 0x9
+	CLOCK_SECOND                   = 0xd
+	CLOCK_THREAD_CPUTIME_ID        = 0xe
+	CLOCK_UPTIME                   = 0x5
+	CLOCK_UPTIME_FAST              = 0x8
+	CLOCK_UPTIME_PRECISE           = 0x7
+	CLOCK_VIRTUAL                  = 0x1
+	CPUSTATES                      = 0x5
+	CP_IDLE                        = 0x4
+	CP_INTR                        = 0x3
+	CP_NICE                        = 0x1
+	CP_SYS                         = 0x2
+	CP_USER                        = 0x0
+	CREAD                          = 0x800
+	CRTSCTS                        = 0x30000
+	CS5                            = 0x0
+	CS6                            = 0x100
+	CS7                            = 0x200
+	CS8                            = 0x300
+	CSIZE                          = 0x300
+	CSTART                         = 0x11
+	CSTATUS                        = 0x14
+	CSTOP                          = 0x13
+	CSTOPB                         = 0x400
+	CSUSP                          = 0x1a
+	CTL_HW                         = 0x6
+	CTL_KERN                       = 0x1
+	CTL_MAXNAME                    = 0x18
+	CTL_NET                        = 0x4
+	DIOCGATTR                      = 0xc144648e
+	DIOCGDELETE                    = 0x80106488
+	DIOCGFLUSH                     = 0x20006487
+	DIOCGFRONTSTUFF                = 0x40086486
+	DIOCGFWHEADS                   = 0x40046483
+	DIOCGFWSECTORS                 = 0x40046482
+	DIOCGIDENT                     = 0x41006489
+	DIOCGMEDIASIZE                 = 0x40086481
+	DIOCGPHYSPATH                  = 0x4400648d
+	DIOCGPROVIDERNAME              = 0x4400648a
+	DIOCGSECTORSIZE                = 0x40046480
+	DIOCGSTRIPEOFFSET              = 0x4008648c
+	DIOCGSTRIPESIZE                = 0x4008648b
+	DIOCSKERNELDUMP                = 0x804c6490
+	DIOCSKERNELDUMP_FREEBSD11      = 0x80046485
+	DIOCZONECMD                    = 0xc06c648f
+	DLT_A429                       = 0xb8
+	DLT_A653_ICM                   = 0xb9
+	DLT_AIRONET_HEADER             = 0x78
+	DLT_AOS                        = 0xde
+	DLT_APPLE_IP_OVER_IEEE1394     = 0x8a
+	DLT_ARCNET                     = 0x7
+	DLT_ARCNET_LINUX               = 0x81
+	DLT_ATM_CLIP                   = 0x13
+	DLT_ATM_RFC1483                = 0xb
+	DLT_AURORA                     = 0x7e
+	DLT_AX25                       = 0x3
+	DLT_AX25_KISS                  = 0xca
+	DLT_BACNET_MS_TP               = 0xa5
+	DLT_BLUETOOTH_BREDR_BB         = 0xff
+	DLT_BLUETOOTH_HCI_H4           = 0xbb
+	DLT_BLUETOOTH_HCI_H4_WITH_PHDR = 0xc9
+	DLT_BLUETOOTH_LE_LL            = 0xfb
+	DLT_BLUETOOTH_LE_LL_WITH_PHDR  = 0x100
+	DLT_BLUETOOTH_LINUX_MONITOR    = 0xfe
+	DLT_CAN20B                     = 0xbe
+	DLT_CAN_SOCKETCAN              = 0xe3
+	DLT_CHAOS                      = 0x5
+	DLT_CHDLC                      = 0x68
+	DLT_CISCO_IOS                  = 0x76
+	DLT_CLASS_NETBSD_RAWAF         = 0x2240000
+	DLT_C_HDLC                     = 0x68
+	DLT_C_HDLC_WITH_DIR            = 0xcd
+	DLT_DBUS                       = 0xe7
+	DLT_DECT                       = 0xdd
+	DLT_DOCSIS                     = 0x8f
+	DLT_DVB_CI                     = 0xeb
+	DLT_ECONET                     = 0x73
+	DLT_EN10MB                     = 0x1
+	DLT_EN3MB                      = 0x2
+	DLT_ENC                        = 0x6d
+	DLT_EPON                       = 0x103
+	DLT_ERF                        = 0xc5
+	DLT_ERF_ETH                    = 0xaf
+	DLT_ERF_POS                    = 0xb0
+	DLT_FC_2                       = 0xe0
+	DLT_FC_2_WITH_FRAME_DELIMS     = 0xe1
+	DLT_FDDI                       = 0xa
+	DLT_FLEXRAY                    = 0xd2
+	DLT_FRELAY                     = 0x6b
+	DLT_FRELAY_WITH_DIR            = 0xce
+	DLT_GCOM_SERIAL                = 0xad
+	DLT_GCOM_T1E1                  = 0xac
+	DLT_GPF_F                      = 0xab
+	DLT_GPF_T                      = 0xaa
+	DLT_GPRS_LLC                   = 0xa9
+	DLT_GSMTAP_ABIS                = 0xda
+	DLT_GSMTAP_UM                  = 0xd9
+	DLT_IBM_SN                     = 0x92
+	DLT_IBM_SP                     = 0x91
+	DLT_IEEE802                    = 0x6
+	DLT_IEEE802_11                 = 0x69
+	DLT_IEEE802_11_RADIO           = 0x7f
+	DLT_IEEE802_11_RADIO_AVS       = 0xa3
+	DLT_IEEE802_15_4               = 0xc3
+	DLT_IEEE802_15_4_LINUX         = 0xbf
+	DLT_IEEE802_15_4_NOFCS         = 0xe6
+	DLT_IEEE802_15_4_NONASK_PHY    = 0xd7
+	DLT_IEEE802_16_MAC_CPS         = 0xbc
+	DLT_IEEE802_16_MAC_CPS_RADIO   = 0xc1
+	DLT_INFINIBAND                 = 0xf7
+	DLT_IPFILTER                   = 0x74
+	DLT_IPMB                       = 0xc7
+	DLT_IPMB_LINUX                 = 0xd1
+	DLT_IPMI_HPM_2                 = 0x104
+	DLT_IPNET                      = 0xe2
+	DLT_IPOIB                      = 0xf2
+	DLT_IPV4                       = 0xe4
+	DLT_IPV6                       = 0xe5
+	DLT_IP_OVER_FC                 = 0x7a
+	DLT_ISO_14443                  = 0x108
+	DLT_JUNIPER_ATM1               = 0x89
+	DLT_JUNIPER_ATM2               = 0x87
+	DLT_JUNIPER_ATM_CEMIC          = 0xee
+	DLT_JUNIPER_CHDLC              = 0xb5
+	DLT_JUNIPER_ES                 = 0x84
+	DLT_JUNIPER_ETHER              = 0xb2
+	DLT_JUNIPER_FIBRECHANNEL       = 0xea
+	DLT_JUNIPER_FRELAY             = 0xb4
+	DLT_JUNIPER_GGSN               = 0x85
+	DLT_JUNIPER_ISM                = 0xc2
+	DLT_JUNIPER_MFR                = 0x86
+	DLT_JUNIPER_MLFR               = 0x83
+	DLT_JUNIPER_MLPPP              = 0x82
+	DLT_JUNIPER_MONITOR            = 0xa4
+	DLT_JUNIPER_PIC_PEER           = 0xae
+	DLT_JUNIPER_PPP                = 0xb3
+	DLT_JUNIPER_PPPOE              = 0xa7
+	DLT_JUNIPER_PPPOE_ATM          = 0xa8
+	DLT_JUNIPER_SERVICES           = 0x88
+	DLT_JUNIPER_SRX_E2E            = 0xe9
+	DLT_JUNIPER_ST                 = 0xc8
+	DLT_JUNIPER_VP                 = 0xb7
+	DLT_JUNIPER_VS                 = 0xe8
+	DLT_LAPB_WITH_DIR              = 0xcf
+	DLT_LAPD                       = 0xcb
+	DLT_LIN                        = 0xd4
+	DLT_LINUX_EVDEV                = 0xd8
+	DLT_LINUX_IRDA                 = 0x90
+	DLT_LINUX_LAPD                 = 0xb1
+	DLT_LINUX_PPP_WITHDIRECTION    = 0xa6
+	DLT_LINUX_SLL                  = 0x71
+	DLT_LOOP                       = 0x6c
+	DLT_LTALK                      = 0x72
+	DLT_MATCHING_MAX               = 0x109
+	DLT_MATCHING_MIN               = 0x68
+	DLT_MFR                        = 0xb6
+	DLT_MOST                       = 0xd3
+	DLT_MPEG_2_TS                  = 0xf3
+	DLT_MPLS                       = 0xdb
+	DLT_MTP2                       = 0x8c
+	DLT_MTP2_WITH_PHDR             = 0x8b
+	DLT_MTP3                       = 0x8d
+	DLT_MUX27010                   = 0xec
+	DLT_NETANALYZER                = 0xf0
+	DLT_NETANALYZER_TRANSPARENT    = 0xf1
+	DLT_NETLINK                    = 0xfd
+	DLT_NFC_LLCP                   = 0xf5
+	DLT_NFLOG                      = 0xef
+	DLT_NG40                       = 0xf4
+	DLT_NULL                       = 0x0
+	DLT_PCI_EXP                    = 0x7d
+	DLT_PFLOG                      = 0x75
+	DLT_PFSYNC                     = 0x79
+	DLT_PKTAP                      = 0x102
+	DLT_PPI                        = 0xc0
+	DLT_PPP                        = 0x9
+	DLT_PPP_BSDOS                  = 0xe
+	DLT_PPP_ETHER                  = 0x33
+	DLT_PPP_PPPD                   = 0xa6
+	DLT_PPP_SERIAL                 = 0x32
+	DLT_PPP_WITH_DIR               = 0xcc
+	DLT_PPP_WITH_DIRECTION         = 0xa6
+	DLT_PRISM_HEADER               = 0x77
+	DLT_PROFIBUS_DL                = 0x101
+	DLT_PRONET                     = 0x4
+	DLT_RAIF1                      = 0xc6
+	DLT_RAW                        = 0xc
+	DLT_RDS                        = 0x109
+	DLT_REDBACK_SMARTEDGE          = 0x20
+	DLT_RIO                        = 0x7c
+	DLT_RTAC_SERIAL                = 0xfa
+	DLT_SCCP                       = 0x8e
+	DLT_SCTP                       = 0xf8
+	DLT_SITA                       = 0xc4
+	DLT_SLIP                       = 0x8
+	DLT_SLIP_BSDOS                 = 0xd
+	DLT_STANAG_5066_D_PDU          = 0xed
+	DLT_SUNATM                     = 0x7b
+	DLT_SYMANTEC_FIREWALL          = 0x63
+	DLT_TZSP                       = 0x80
+	DLT_USB                        = 0xba
+	DLT_USBPCAP                    = 0xf9
+	DLT_USB_FREEBSD                = 0xba
+	DLT_USB_LINUX                  = 0xbd
+	DLT_USB_LINUX_MMAPPED          = 0xdc
+	DLT_USER0                      = 0x93
+	DLT_USER1                      = 0x94
+	DLT_USER10                     = 0x9d
+	DLT_USER11                     = 0x9e
+	DLT_USER12                     = 0x9f
+	DLT_USER13                     = 0xa0
+	DLT_USER14                     = 0xa1
+	DLT_USER15                     = 0xa2
+	DLT_USER2                      = 0x95
+	DLT_USER3                      = 0x96
+	DLT_USER4                      = 0x97
+	DLT_USER5                      = 0x98
+	DLT_USER6                      = 0x99
+	DLT_USER7                      = 0x9a
+	DLT_USER8                      = 0x9b
+	DLT_USER9                      = 0x9c
+	DLT_WATTSTOPPER_DLM            = 0x107
+	DLT_WIHART                     = 0xdf
+	DLT_WIRESHARK_UPPER_PDU        = 0xfc
+	DLT_X2E_SERIAL                 = 0xd5
+	DLT_X2E_XORAYA                 = 0xd6
+	DLT_ZWAVE_R1_R2                = 0x105
+	DLT_ZWAVE_R3                   = 0x106
+	DT_BLK                         = 0x6
+	DT_CHR                         = 0x2
+	DT_DIR                         = 0x4
+	DT_FIFO                        = 0x1
+	DT_LNK                         = 0xa
+	DT_REG                         = 0x8
+	DT_SOCK                        = 0xc
+	DT_UNKNOWN                     = 0x0
+	DT_WHT                         = 0xe
+	ECHO                           = 0x8
+	ECHOCTL                        = 0x40
+	ECHOE                          = 0x2
+	ECHOK                          = 0x4
+	ECHOKE                         = 0x1
+	ECHONL                         = 0x10
+	ECHOPRT                        = 0x20
+	EVFILT_AIO                     = -0x3
+	EVFILT_FS                      = -0x9
+	EVFILT_LIO                     = -0xa
+	EVFILT_PROC                    = -0x5
+	EVFILT_PROCDESC                = -0x8
+	EVFILT_READ                    = -0x1
+	EVFILT_SENDFILE                = -0xc
+	EVFILT_SIGNAL                  = -0x6
+	EVFILT_SYSCOUNT                = 0xc
+	EVFILT_TIMER                   = -0x7
+	EVFILT_USER                    = -0xb
+	EVFILT_VNODE                   = -0x4
+	EVFILT_WRITE                   = -0x2
+	EV_ADD                         = 0x1
+	EV_CLEAR                       = 0x20
+	EV_DELETE                      = 0x2
+	EV_DISABLE                     = 0x8
+	EV_DISPATCH                    = 0x80
+	EV_DROP                        = 0x1000
+	EV_ENABLE                      = 0x4
+	EV_EOF                         = 0x8000
+	EV_ERROR                       = 0x4000
+	EV_FLAG1                       = 0x2000
+	EV_FLAG2                       = 0x4000
+	EV_FORCEONESHOT                = 0x100
+	EV_ONESHOT                     = 0x10
+	EV_RECEIPT                     = 0x40
+	EV_SYSFLAGS                    = 0xf000
+	EXTA                           = 0x4b00
+	EXTATTR_NAMESPACE_EMPTY        = 0x0
+	EXTATTR_NAMESPACE_SYSTEM       = 0x2
+	EXTATTR_NAMESPACE_USER         = 0x1
+	EXTB                           = 0x9600
+	EXTPROC                        = 0x800
+	FD_CLOEXEC                     = 0x1
+	FD_SETSIZE                     = 0x400
+	FLUSHO                         = 0x800000
+	F_CANCEL                       = 0x5
+	F_DUP2FD                       = 0xa
+	F_DUP2FD_CLOEXEC               = 0x12
+	F_DUPFD                        = 0x0
+	F_DUPFD_CLOEXEC                = 0x11
+	F_GETFD                        = 0x1
+	F_GETFL                        = 0x3
+	F_GETLK                        = 0xb
+	F_GETOWN                       = 0x5
+	F_OGETLK                       = 0x7
+	F_OK                           = 0x0
+	F_OSETLK                       = 0x8
+	F_OSETLKW                      = 0x9
+	F_RDAHEAD                      = 0x10
+	F_RDLCK                        = 0x1
+	F_READAHEAD                    = 0xf
+	F_SETFD                        = 0x2
+	F_SETFL                        = 0x4
+	F_SETLK                        = 0xc
+	F_SETLKW                       = 0xd
+	F_SETLK_REMOTE                 = 0xe
+	F_SETOWN                       = 0x6
+	F_UNLCK                        = 0x2
+	F_UNLCKSYS                     = 0x4
+	F_WRLCK                        = 0x3
+	HUPCL                          = 0x4000
+	HW_MACHINE                     = 0x1
+	ICANON                         = 0x100
+	ICMP6_FILTER                   = 0x12
+	ICRNL                          = 0x100
+	IEXTEN                         = 0x400
+	IFAN_ARRIVAL                   = 0x0
+	IFAN_DEPARTURE                 = 0x1
+	IFF_ALLMULTI                   = 0x200
+	IFF_ALTPHYS                    = 0x4000
+	IFF_BROADCAST                  = 0x2
+	IFF_CANTCHANGE                 = 0x218f52
+	IFF_CANTCONFIG                 = 0x10000
+	IFF_DEBUG                      = 0x4
+	IFF_DRV_OACTIVE                = 0x400
+	IFF_DRV_RUNNING                = 0x40
+	IFF_DYING                      = 0x200000
+	IFF_LINK0                      = 0x1000
+	IFF_LINK1                      = 0x2000
+	IFF_LINK2                      = 0x4000
+	IFF_LOOPBACK                   = 0x8
+	IFF_MONITOR                    = 0x40000
+	IFF_MULTICAST                  = 0x8000
+	IFF_NOARP                      = 0x80
+	IFF_OACTIVE                    = 0x400
+	IFF_POINTOPOINT                = 0x10
+	IFF_PPROMISC                   = 0x20000
+	IFF_PROMISC                    = 0x100
+	IFF_RENAMING                   = 0x400000
+	IFF_RUNNING                    = 0x40
+	IFF_SIMPLEX                    = 0x800
+	IFF_STATICARP                  = 0x80000
+	IFF_UP                         = 0x1
+	IFNAMSIZ                       = 0x10
+	IFT_BRIDGE                     = 0xd1
+	IFT_CARP                       = 0xf8
+	IFT_IEEE1394                   = 0x90
+	IFT_INFINIBAND                 = 0xc7
+	IFT_L2VLAN                     = 0x87
+	IFT_L3IPVLAN                   = 0x88
+	IFT_PPP                        = 0x17
+	IFT_PROPVIRTUAL                = 0x35
+	IGNBRK                         = 0x1
+	IGNCR                          = 0x80
+	IGNPAR                         = 0x4
+	IMAXBEL                        = 0x2000
+	INLCR                          = 0x40
+	INPCK                          = 0x10
+	IN_CLASSA_HOST                 = 0xffffff
+	IN_CLASSA_MAX                  = 0x80
+	IN_CLASSA_NET                  = 0xff000000
+	IN_CLASSA_NSHIFT               = 0x18
+	IN_CLASSB_HOST                 = 0xffff
+	IN_CLASSB_MAX                  = 0x10000
+	IN_CLASSB_NET                  = 0xffff0000
+	IN_CLASSB_NSHIFT               = 0x10
+	IN_CLASSC_HOST                 = 0xff
+	IN_CLASSC_NET                  = 0xffffff00
+	IN_CLASSC_NSHIFT               = 0x8
+	IN_CLASSD_HOST                 = 0xfffffff
+	IN_CLASSD_NET                  = 0xf0000000
+	IN_CLASSD_NSHIFT               = 0x1c
+	IN_LOOPBACKNET                 = 0x7f
+	IN_RFC3021_MASK                = 0xfffffffe
+	IPPROTO_3PC                    = 0x22
+	IPPROTO_ADFS                   = 0x44
+	IPPROTO_AH                     = 0x33
+	IPPROTO_AHIP                   = 0x3d
+	IPPROTO_APES                   = 0x63
+	IPPROTO_ARGUS                  = 0xd
+	IPPROTO_AX25                   = 0x5d
+	IPPROTO_BHA                    = 0x31
+	IPPROTO_BLT                    = 0x1e
+	IPPROTO_BRSATMON               = 0x4c
+	IPPROTO_CARP                   = 0x70
+	IPPROTO_CFTP                   = 0x3e
+	IPPROTO_CHAOS                  = 0x10
+	IPPROTO_CMTP                   = 0x26
+	IPPROTO_CPHB                   = 0x49
+	IPPROTO_CPNX                   = 0x48
+	IPPROTO_DDP                    = 0x25
+	IPPROTO_DGP                    = 0x56
+	IPPROTO_DIVERT                 = 0x102
+	IPPROTO_DONE                   = 0x101
+	IPPROTO_DSTOPTS                = 0x3c
+	IPPROTO_EGP                    = 0x8
+	IPPROTO_EMCON                  = 0xe
+	IPPROTO_ENCAP                  = 0x62
+	IPPROTO_EON                    = 0x50
+	IPPROTO_ESP                    = 0x32
+	IPPROTO_ETHERIP                = 0x61
+	IPPROTO_FRAGMENT               = 0x2c
+	IPPROTO_GGP                    = 0x3
+	IPPROTO_GMTP                   = 0x64
+	IPPROTO_GRE                    = 0x2f
+	IPPROTO_HELLO                  = 0x3f
+	IPPROTO_HIP                    = 0x8b
+	IPPROTO_HMP                    = 0x14
+	IPPROTO_HOPOPTS                = 0x0
+	IPPROTO_ICMP                   = 0x1
+	IPPROTO_ICMPV6                 = 0x3a
+	IPPROTO_IDP                    = 0x16
+	IPPROTO_IDPR                   = 0x23
+	IPPROTO_IDRP                   = 0x2d
+	IPPROTO_IGMP                   = 0x2
+	IPPROTO_IGP                    = 0x55
+	IPPROTO_IGRP                   = 0x58
+	IPPROTO_IL                     = 0x28
+	IPPROTO_INLSP                  = 0x34
+	IPPROTO_INP                    = 0x20
+	IPPROTO_IP                     = 0x0
+	IPPROTO_IPCOMP                 = 0x6c
+	IPPROTO_IPCV                   = 0x47
+	IPPROTO_IPEIP                  = 0x5e
+	IPPROTO_IPIP                   = 0x4
+	IPPROTO_IPPC                   = 0x43
+	IPPROTO_IPV4                   = 0x4
+	IPPROTO_IPV6                   = 0x29
+	IPPROTO_IRTP                   = 0x1c
+	IPPROTO_KRYPTOLAN              = 0x41
+	IPPROTO_LARP                   = 0x5b
+	IPPROTO_LEAF1                  = 0x19
+	IPPROTO_LEAF2                  = 0x1a
+	IPPROTO_MAX                    = 0x100
+	IPPROTO_MEAS                   = 0x13
+	IPPROTO_MH                     = 0x87
+	IPPROTO_MHRP                   = 0x30
+	IPPROTO_MICP                   = 0x5f
+	IPPROTO_MOBILE                 = 0x37
+	IPPROTO_MPLS                   = 0x89
+	IPPROTO_MTP                    = 0x5c
+	IPPROTO_MUX                    = 0x12
+	IPPROTO_ND                     = 0x4d
+	IPPROTO_NHRP                   = 0x36
+	IPPROTO_NONE                   = 0x3b
+	IPPROTO_NSP                    = 0x1f
+	IPPROTO_NVPII                  = 0xb
+	IPPROTO_OLD_DIVERT             = 0xfe
+	IPPROTO_OSPFIGP                = 0x59
+	IPPROTO_PFSYNC                 = 0xf0
+	IPPROTO_PGM                    = 0x71
+	IPPROTO_PIGP                   = 0x9
+	IPPROTO_PIM                    = 0x67
+	IPPROTO_PRM                    = 0x15
+	IPPROTO_PUP                    = 0xc
+	IPPROTO_PVP                    = 0x4b
+	IPPROTO_RAW                    = 0xff
+	IPPROTO_RCCMON                 = 0xa
+	IPPROTO_RDP                    = 0x1b
+	IPPROTO_RESERVED_253           = 0xfd
+	IPPROTO_RESERVED_254           = 0xfe
+	IPPROTO_ROUTING                = 0x2b
+	IPPROTO_RSVP                   = 0x2e
+	IPPROTO_RVD                    = 0x42
+	IPPROTO_SATEXPAK               = 0x40
+	IPPROTO_SATMON                 = 0x45
+	IPPROTO_SCCSP                  = 0x60
+	IPPROTO_SCTP                   = 0x84
+	IPPROTO_SDRP                   = 0x2a
+	IPPROTO_SEND                   = 0x103
+	IPPROTO_SEP                    = 0x21
+	IPPROTO_SHIM6                  = 0x8c
+	IPPROTO_SKIP                   = 0x39
+	IPPROTO_SPACER                 = 0x7fff
+	IPPROTO_SRPC                   = 0x5a
+	IPPROTO_ST                     = 0x7
+	IPPROTO_SVMTP                  = 0x52
+	IPPROTO_SWIPE                  = 0x35
+	IPPROTO_TCF                    = 0x57
+	IPPROTO_TCP                    = 0x6
+	IPPROTO_TLSP                   = 0x38
+	IPPROTO_TP                     = 0x1d
+	IPPROTO_TPXX                   = 0x27
+	IPPROTO_TRUNK1                 = 0x17
+	IPPROTO_TRUNK2                 = 0x18
+	IPPROTO_TTP                    = 0x54
+	IPPROTO_UDP                    = 0x11
+	IPPROTO_UDPLITE                = 0x88
+	IPPROTO_VINES                  = 0x53
+	IPPROTO_VISA                   = 0x46
+	IPPROTO_VMTP                   = 0x51
+	IPPROTO_WBEXPAK                = 0x4f
+	IPPROTO_WBMON                  = 0x4e
+	IPPROTO_WSN                    = 0x4a
+	IPPROTO_XNET                   = 0xf
+	IPPROTO_XTP                    = 0x24
+	IPV6_AUTOFLOWLABEL             = 0x3b
+	IPV6_BINDANY                   = 0x40
+	IPV6_BINDMULTI                 = 0x41
+	IPV6_BINDV6ONLY                = 0x1b
+	IPV6_CHECKSUM                  = 0x1a
+	IPV6_DEFAULT_MULTICAST_HOPS    = 0x1
+	IPV6_DEFAULT_MULTICAST_LOOP    = 0x1
+	IPV6_DEFHLIM                   = 0x40
+	IPV6_DONTFRAG                  = 0x3e
+	IPV6_DSTOPTS                   = 0x32
+	IPV6_FLOWID                    = 0x43
+	IPV6_FLOWINFO_MASK             = 0xffffff0f
+	IPV6_FLOWLABEL_MASK            = 0xffff0f00
+	IPV6_FLOWTYPE                  = 0x44
+	IPV6_FRAGTTL                   = 0x78
+	IPV6_FW_ADD                    = 0x1e
+	IPV6_FW_DEL                    = 0x1f
+	IPV6_FW_FLUSH                  = 0x20
+	IPV6_FW_GET                    = 0x22
+	IPV6_FW_ZERO                   = 0x21
+	IPV6_HLIMDEC                   = 0x1
+	IPV6_HOPLIMIT                  = 0x2f
+	IPV6_HOPOPTS                   = 0x31
+	IPV6_IPSEC_POLICY              = 0x1c
+	IPV6_JOIN_GROUP                = 0xc
+	IPV6_LEAVE_GROUP               = 0xd
+	IPV6_MAXHLIM                   = 0xff
+	IPV6_MAXOPTHDR                 = 0x800
+	IPV6_MAXPACKET                 = 0xffff
+	IPV6_MAX_GROUP_SRC_FILTER      = 0x200
+	IPV6_MAX_MEMBERSHIPS           = 0xfff
+	IPV6_MAX_SOCK_SRC_FILTER       = 0x80
+	IPV6_MIN_MEMBERSHIPS           = 0x1f
+	IPV6_MMTU                      = 0x500
+	IPV6_MSFILTER                  = 0x4a
+	IPV6_MULTICAST_HOPS            = 0xa
+	IPV6_MULTICAST_IF              = 0x9
+	IPV6_MULTICAST_LOOP            = 0xb
+	IPV6_NEXTHOP                   = 0x30
+	IPV6_PATHMTU                   = 0x2c
+	IPV6_PKTINFO                   = 0x2e
+	IPV6_PORTRANGE                 = 0xe
+	IPV6_PORTRANGE_DEFAULT         = 0x0
+	IPV6_PORTRANGE_HIGH            = 0x1
+	IPV6_PORTRANGE_LOW             = 0x2
+	IPV6_PREFER_TEMPADDR           = 0x3f
+	IPV6_RECVDSTOPTS               = 0x28
+	IPV6_RECVFLOWID                = 0x46
+	IPV6_RECVHOPLIMIT              = 0x25
+	IPV6_RECVHOPOPTS               = 0x27
+	IPV6_RECVPATHMTU               = 0x2b
+	IPV6_RECVPKTINFO               = 0x24
+	IPV6_RECVRSSBUCKETID           = 0x47
+	IPV6_RECVRTHDR                 = 0x26
+	IPV6_RECVTCLASS                = 0x39
+	IPV6_RSSBUCKETID               = 0x45
+	IPV6_RSS_LISTEN_BUCKET         = 0x42
+	IPV6_RTHDR                     = 0x33
+	IPV6_RTHDRDSTOPTS              = 0x23
+	IPV6_RTHDR_LOOSE               = 0x0
+	IPV6_RTHDR_STRICT              = 0x1
+	IPV6_RTHDR_TYPE_0              = 0x0
+	IPV6_SOCKOPT_RESERVED1         = 0x3
+	IPV6_TCLASS                    = 0x3d
+	IPV6_UNICAST_HOPS              = 0x4
+	IPV6_USE_MIN_MTU               = 0x2a
+	IPV6_V6ONLY                    = 0x1b
+	IPV6_VERSION                   = 0x60
+	IPV6_VERSION_MASK              = 0xf0
+	IP_ADD_MEMBERSHIP              = 0xc
+	IP_ADD_SOURCE_MEMBERSHIP       = 0x46
+	IP_BINDANY                     = 0x18
+	IP_BINDMULTI                   = 0x19
+	IP_BLOCK_SOURCE                = 0x48
+	IP_DEFAULT_MULTICAST_LOOP      = 0x1
+	IP_DEFAULT_MULTICAST_TTL       = 0x1
+	IP_DF                          = 0x4000
+	IP_DONTFRAG                    = 0x43
+	IP_DROP_MEMBERSHIP             = 0xd
+	IP_DROP_SOURCE_MEMBERSHIP      = 0x47
+	IP_DUMMYNET3                   = 0x31
+	IP_DUMMYNET_CONFIGURE          = 0x3c
+	IP_DUMMYNET_DEL                = 0x3d
+	IP_DUMMYNET_FLUSH              = 0x3e
+	IP_DUMMYNET_GET                = 0x40
+	IP_FLOWID                      = 0x5a
+	IP_FLOWTYPE                    = 0x5b
+	IP_FW3                         = 0x30
+	IP_FW_ADD                      = 0x32
+	IP_FW_DEL                      = 0x33
+	IP_FW_FLUSH                    = 0x34
+	IP_FW_GET                      = 0x36
+	IP_FW_NAT_CFG                  = 0x38
+	IP_FW_NAT_DEL                  = 0x39
+	IP_FW_NAT_GET_CONFIG           = 0x3a
+	IP_FW_NAT_GET_LOG              = 0x3b
+	IP_FW_RESETLOG                 = 0x37
+	IP_FW_TABLE_ADD                = 0x28
+	IP_FW_TABLE_DEL                = 0x29
+	IP_FW_TABLE_FLUSH              = 0x2a
+	IP_FW_TABLE_GETSIZE            = 0x2b
+	IP_FW_TABLE_LIST               = 0x2c
+	IP_FW_ZERO                     = 0x35
+	IP_HDRINCL                     = 0x2
+	IP_IPSEC_POLICY                = 0x15
+	IP_MAXPACKET                   = 0xffff
+	IP_MAX_GROUP_SRC_FILTER        = 0x200
+	IP_MAX_MEMBERSHIPS             = 0xfff
+	IP_MAX_SOCK_MUTE_FILTER        = 0x80
+	IP_MAX_SOCK_SRC_FILTER         = 0x80
+	IP_MAX_SOURCE_FILTER           = 0x400
+	IP_MF                          = 0x2000
+	IP_MINTTL                      = 0x42
+	IP_MIN_MEMBERSHIPS             = 0x1f
+	IP_MSFILTER                    = 0x4a
+	IP_MSS                         = 0x240
+	IP_MULTICAST_IF                = 0x9
+	IP_MULTICAST_LOOP              = 0xb
+	IP_MULTICAST_TTL               = 0xa
+	IP_MULTICAST_VIF               = 0xe
+	IP_OFFMASK                     = 0x1fff
+	IP_ONESBCAST                   = 0x17
+	IP_OPTIONS                     = 0x1
+	IP_PORTRANGE                   = 0x13
+	IP_PORTRANGE_DEFAULT           = 0x0
+	IP_PORTRANGE_HIGH              = 0x1
+	IP_PORTRANGE_LOW               = 0x2
+	IP_RECVDSTADDR                 = 0x7
+	IP_RECVFLOWID                  = 0x5d
+	IP_RECVIF                      = 0x14
+	IP_RECVOPTS                    = 0x5
+	IP_RECVRETOPTS                 = 0x6
+	IP_RECVRSSBUCKETID             = 0x5e
+	IP_RECVTOS                     = 0x44
+	IP_RECVTTL                     = 0x41
+	IP_RETOPTS                     = 0x8
+	IP_RF                          = 0x8000
+	IP_RSSBUCKETID                 = 0x5c
+	IP_RSS_LISTEN_BUCKET           = 0x1a
+	IP_RSVP_OFF                    = 0x10
+	IP_RSVP_ON                     = 0xf
+	IP_RSVP_VIF_OFF                = 0x12
+	IP_RSVP_VIF_ON                 = 0x11
+	IP_SENDSRCADDR                 = 0x7
+	IP_TOS                         = 0x3
+	IP_TTL                         = 0x4
+	IP_UNBLOCK_SOURCE              = 0x49
+	ISIG                           = 0x80
+	ISTRIP                         = 0x20
+	IXANY                          = 0x800
+	IXOFF                          = 0x400
+	IXON                           = 0x200
+	KERN_HOSTNAME                  = 0xa
+	KERN_OSRELEASE                 = 0x2
+	KERN_OSTYPE                    = 0x1
+	KERN_VERSION                   = 0x4
+	LOCK_EX                        = 0x2
+	LOCK_NB                        = 0x4
+	LOCK_SH                        = 0x1
+	LOCK_UN                        = 0x8
+	MADV_AUTOSYNC                  = 0x7
+	MADV_CORE                      = 0x9
+	MADV_DONTNEED                  = 0x4
+	MADV_FREE                      = 0x5
+	MADV_NOCORE                    = 0x8
+	MADV_NORMAL                    = 0x0
+	MADV_NOSYNC                    = 0x6
+	MADV_PROTECT                   = 0xa
+	MADV_RANDOM                    = 0x1
+	MADV_SEQUENTIAL                = 0x2
+	MADV_WILLNEED                  = 0x3
+	MAP_ALIGNED_SUPER              = 0x1000000
+	MAP_ALIGNMENT_MASK             = -0x1000000
+	MAP_ALIGNMENT_SHIFT            = 0x18
+	MAP_ANON                       = 0x1000
+	MAP_ANONYMOUS                  = 0x1000
+	MAP_COPY                       = 0x2
+	MAP_EXCL                       = 0x4000
+	MAP_FILE                       = 0x0
+	MAP_FIXED                      = 0x10
+	MAP_GUARD                      = 0x2000
+	MAP_HASSEMAPHORE               = 0x200
+	MAP_NOCORE                     = 0x20000
+	MAP_NOSYNC                     = 0x800
+	MAP_PREFAULT_READ              = 0x40000
+	MAP_PRIVATE                    = 0x2
+	MAP_RESERVED0020               = 0x20
+	MAP_RESERVED0040               = 0x40
+	MAP_RESERVED0080               = 0x80
+	MAP_RESERVED0100               = 0x100
+	MAP_SHARED                     = 0x1
+	MAP_STACK                      = 0x400
+	MCL_CURRENT                    = 0x1
+	MCL_FUTURE                     = 0x2
+	MNT_ACLS                       = 0x8000000
+	MNT_ASYNC                      = 0x40
+	MNT_AUTOMOUNTED                = 0x200000000
+	MNT_BYFSID                     = 0x8000000
+	MNT_CMDFLAGS                   = 0xd0f0000
+	MNT_DEFEXPORTED                = 0x200
+	MNT_DELEXPORT                  = 0x20000
+	MNT_EXKERB                     = 0x800
+	MNT_EXPORTANON                 = 0x400
+	MNT_EXPORTED                   = 0x100
+	MNT_EXPUBLIC                   = 0x20000000
+	MNT_EXRDONLY                   = 0x80
+	MNT_FORCE                      = 0x80000
+	MNT_GJOURNAL                   = 0x2000000
+	MNT_IGNORE                     = 0x800000
+	MNT_LAZY                       = 0x3
+	MNT_LOCAL                      = 0x1000
+	MNT_MULTILABEL                 = 0x4000000
+	MNT_NFS4ACLS                   = 0x10
+	MNT_NOATIME                    = 0x10000000
+	MNT_NOCLUSTERR                 = 0x40000000
+	MNT_NOCLUSTERW                 = 0x80000000
+	MNT_NOEXEC                     = 0x4
+	MNT_NONBUSY                    = 0x4000000
+	MNT_NOSUID                     = 0x8
+	MNT_NOSYMFOLLOW                = 0x400000
+	MNT_NOWAIT                     = 0x2
+	MNT_QUOTA                      = 0x2000
+	MNT_RDONLY                     = 0x1
+	MNT_RELOAD                     = 0x40000
+	MNT_ROOTFS                     = 0x4000
+	MNT_SNAPSHOT                   = 0x1000000
+	MNT_SOFTDEP                    = 0x200000
+	MNT_SUIDDIR                    = 0x100000
+	MNT_SUJ                        = 0x100000000
+	MNT_SUSPEND                    = 0x4
+	MNT_SYNCHRONOUS                = 0x2
+	MNT_UNION                      = 0x20
+	MNT_UPDATE                     = 0x10000
+	MNT_UPDATEMASK                 = 0x2d8d0807e
+	MNT_USER                       = 0x8000
+	MNT_VISFLAGMASK                = 0x3fef0ffff
+	MNT_WAIT                       = 0x1
+	MSG_CMSG_CLOEXEC               = 0x40000
+	MSG_COMPAT                     = 0x8000
+	MSG_CTRUNC                     = 0x20
+	MSG_DONTROUTE                  = 0x4
+	MSG_DONTWAIT                   = 0x80
+	MSG_EOF                        = 0x100
+	MSG_EOR                        = 0x8
+	MSG_NBIO                       = 0x4000
+	MSG_NOSIGNAL                   = 0x20000
+	MSG_NOTIFICATION               = 0x2000
+	MSG_OOB                        = 0x1
+	MSG_PEEK                       = 0x2
+	MSG_TRUNC                      = 0x10
+	MSG_WAITALL                    = 0x40
+	MSG_WAITFORONE                 = 0x80000
+	MS_ASYNC                       = 0x1
+	MS_INVALIDATE                  = 0x2
+	MS_SYNC                        = 0x0
+	NAME_MAX                       = 0xff
+	NET_RT_DUMP                    = 0x1
+	NET_RT_FLAGS                   = 0x2
+	NET_RT_IFLIST                  = 0x3
+	NET_RT_IFLISTL                 = 0x5
+	NET_RT_IFMALIST                = 0x4
+	NFDBITS                        = 0x20
+	NOFLSH                         = 0x80000000
+	NOKERNINFO                     = 0x2000000
+	NOTE_ATTRIB                    = 0x8
+	NOTE_CHILD                     = 0x4
+	NOTE_CLOSE                     = 0x100
+	NOTE_CLOSE_WRITE               = 0x200
+	NOTE_DELETE                    = 0x1
+	NOTE_EXEC                      = 0x20000000
+	NOTE_EXIT                      = 0x80000000
+	NOTE_EXTEND                    = 0x4
+	NOTE_FFAND                     = 0x40000000
+	NOTE_FFCOPY                    = 0xc0000000
+	NOTE_FFCTRLMASK                = 0xc0000000
+	NOTE_FFLAGSMASK                = 0xffffff
+	NOTE_FFNOP                     = 0x0
+	NOTE_FFOR                      = 0x80000000
+	NOTE_FILE_POLL                 = 0x2
+	NOTE_FORK                      = 0x40000000
+	NOTE_LINK                      = 0x10
+	NOTE_LOWAT                     = 0x1
+	NOTE_MSECONDS                  = 0x2
+	NOTE_NSECONDS                  = 0x8
+	NOTE_OPEN                      = 0x80
+	NOTE_PCTRLMASK                 = 0xf0000000
+	NOTE_PDATAMASK                 = 0xfffff
+	NOTE_READ                      = 0x400
+	NOTE_RENAME                    = 0x20
+	NOTE_REVOKE                    = 0x40
+	NOTE_SECONDS                   = 0x1
+	NOTE_TRACK                     = 0x1
+	NOTE_TRACKERR                  = 0x2
+	NOTE_TRIGGER                   = 0x1000000
+	NOTE_USECONDS                  = 0x4
+	NOTE_WRITE                     = 0x2
+	OCRNL                          = 0x10
+	ONLCR                          = 0x2
+	ONLRET                         = 0x40
+	ONOCR                          = 0x20
+	ONOEOT                         = 0x8
+	OPOST                          = 0x1
+	OXTABS                         = 0x4
+	O_ACCMODE                      = 0x3
+	O_APPEND                       = 0x8
+	O_ASYNC                        = 0x40
+	O_CLOEXEC                      = 0x100000
+	O_CREAT                        = 0x200
+	O_DIRECT                       = 0x10000
+	O_DIRECTORY                    = 0x20000
+	O_EXCL                         = 0x800
+	O_EXEC                         = 0x40000
+	O_EXLOCK                       = 0x20
+	O_FSYNC                        = 0x80
+	O_NDELAY                       = 0x4
+	O_NOCTTY                       = 0x8000
+	O_NOFOLLOW                     = 0x100
+	O_NONBLOCK                     = 0x4
+	O_RDONLY                       = 0x0
+	O_RDWR                         = 0x2
+	O_SHLOCK                       = 0x10
+	O_SYNC                         = 0x80
+	O_TRUNC                        = 0x400
+	O_TTY_INIT                     = 0x80000
+	O_VERIFY                       = 0x200000
+	O_WRONLY                       = 0x1
+	PARENB                         = 0x1000
+	PARMRK                         = 0x8
+	PARODD                         = 0x2000
+	PENDIN                         = 0x20000000
+	PRIO_PGRP                      = 0x1
+	PRIO_PROCESS                   = 0x0
+	PRIO_USER                      = 0x2
+	PROT_EXEC                      = 0x4
+	PROT_NONE                      = 0x0
+	PROT_READ                      = 0x1
+	PROT_WRITE                     = 0x2
+	RLIMIT_AS                      = 0xa
+	RLIMIT_CORE                    = 0x4
+	RLIMIT_CPU                     = 0x0
+	RLIMIT_DATA                    = 0x2
+	RLIMIT_FSIZE                   = 0x1
+	RLIMIT_MEMLOCK                 = 0x6
+	RLIMIT_NOFILE                  = 0x8
+	RLIMIT_NPROC                   = 0x7
+	RLIMIT_RSS                     = 0x5
+	RLIMIT_STACK                   = 0x3
+	RLIM_INFINITY                  = 0x7fffffffffffffff
+	RTAX_AUTHOR                    = 0x6
+	RTAX_BRD                       = 0x7
+	RTAX_DST                       = 0x0
+	RTAX_GATEWAY                   = 0x1
+	RTAX_GENMASK                   = 0x3
+	RTAX_IFA                       = 0x5
+	RTAX_IFP                       = 0x4
+	RTAX_MAX                       = 0x8
+	RTAX_NETMASK                   = 0x2
+	RTA_AUTHOR                     = 0x40
+	RTA_BRD                        = 0x80
+	RTA_DST                        = 0x1
+	RTA_GATEWAY                    = 0x2
+	RTA_GENMASK                    = 0x8
+	RTA_IFA                        = 0x20
+	RTA_IFP                        = 0x10
+	RTA_NETMASK                    = 0x4
+	RTF_BLACKHOLE                  = 0x1000
+	RTF_BROADCAST                  = 0x400000
+	RTF_DONE                       = 0x40
+	RTF_DYNAMIC                    = 0x10
+	RTF_FIXEDMTU                   = 0x80000
+	RTF_FMASK                      = 0x1004d808
+	RTF_GATEWAY                    = 0x2
+	RTF_GWFLAG_COMPAT              = 0x80000000
+	RTF_HOST                       = 0x4
+	RTF_LLDATA                     = 0x400
+	RTF_LLINFO                     = 0x400
+	RTF_LOCAL                      = 0x200000
+	RTF_MODIFIED                   = 0x20
+	RTF_MULTICAST                  = 0x800000
+	RTF_PINNED                     = 0x100000
+	RTF_PROTO1                     = 0x8000
+	RTF_PROTO2                     = 0x4000
+	RTF_PROTO3                     = 0x40000
+	RTF_REJECT                     = 0x8
+	RTF_RNH_LOCKED                 = 0x40000000
+	RTF_STATIC                     = 0x800
+	RTF_STICKY                     = 0x10000000
+	RTF_UP                         = 0x1
+	RTF_XRESOLVE                   = 0x200
+	RTM_ADD                        = 0x1
+	RTM_CHANGE                     = 0x3
+	RTM_DELADDR                    = 0xd
+	RTM_DELETE                     = 0x2
+	RTM_DELMADDR                   = 0x10
+	RTM_GET                        = 0x4
+	RTM_IEEE80211                  = 0x12
+	RTM_IFANNOUNCE                 = 0x11
+	RTM_IFINFO                     = 0xe
+	RTM_LOCK                       = 0x8
+	RTM_LOSING                     = 0x5
+	RTM_MISS                       = 0x7
+	RTM_NEWADDR                    = 0xc
+	RTM_NEWMADDR                   = 0xf
+	RTM_REDIRECT                   = 0x6
+	RTM_RESOLVE                    = 0xb
+	RTM_RTTUNIT                    = 0xf4240
+	RTM_VERSION                    = 0x5
+	RTV_EXPIRE                     = 0x4
+	RTV_HOPCOUNT                   = 0x2
+	RTV_MTU                        = 0x1
+	RTV_RPIPE                      = 0x8
+	RTV_RTT                        = 0x40
+	RTV_RTTVAR                     = 0x80
+	RTV_SPIPE                      = 0x10
+	RTV_SSTHRESH                   = 0x20
+	RTV_WEIGHT                     = 0x100
+	RT_ALL_FIBS                    = -0x1
+	RT_BLACKHOLE                   = 0x40
+	RT_CACHING_CONTEXT             = 0x1
+	RT_DEFAULT_FIB                 = 0x0
+	RT_HAS_GW                      = 0x80
+	RT_HAS_HEADER                  = 0x10
+	RT_HAS_HEADER_BIT              = 0x4
+	RT_L2_ME                       = 0x4
+	RT_L2_ME_BIT                   = 0x2
+	RT_LLE_CACHE                   = 0x100
+	RT_MAY_LOOP                    = 0x8
+	RT_MAY_LOOP_BIT                = 0x3
+	RT_NORTREF                     = 0x2
+	RT_REJECT                      = 0x20
+	RUSAGE_CHILDREN                = -0x1
+	RUSAGE_SELF                    = 0x0
+	RUSAGE_THREAD                  = 0x1
+	SCM_BINTIME                    = 0x4
+	SCM_CREDS                      = 0x3
+	SCM_RIGHTS                     = 0x1
+	SCM_TIMESTAMP                  = 0x2
+	SHUT_RD                        = 0x0
+	SHUT_RDWR                      = 0x2
+	SHUT_WR                        = 0x1
+	SIOCADDMULTI                   = 0x80206931
+	SIOCAIFADDR                    = 0x8040691a
+	SIOCAIFGROUP                   = 0x80246987
+	SIOCATMARK                     = 0x40047307
+	SIOCDELMULTI                   = 0x80206932
+	SIOCDIFADDR                    = 0x80206919
+	SIOCDIFGROUP                   = 0x80246989
+	SIOCDIFPHYADDR                 = 0x80206949
+	SIOCGDRVSPEC                   = 0xc01c697b
+	SIOCGETSGCNT                   = 0xc0147210
+	SIOCGETVIFCNT                  = 0xc014720f
+	SIOCGHIWAT                     = 0x40047301
+	SIOCGHWADDR                    = 0xc020693e
+	SIOCGI2C                       = 0xc020693d
+	SIOCGIFADDR                    = 0xc0206921
+	SIOCGIFBRDADDR                 = 0xc0206923
+	SIOCGIFCAP                     = 0xc020691f
+	SIOCGIFCONF                    = 0xc0086924
+	SIOCGIFDESCR                   = 0xc020692a
+	SIOCGIFDSTADDR                 = 0xc0206922
+	SIOCGIFFIB                     = 0xc020695c
+	SIOCGIFFLAGS                   = 0xc0206911
+	SIOCGIFGENERIC                 = 0xc020693a
+	SIOCGIFGMEMB                   = 0xc024698a
+	SIOCGIFGROUP                   = 0xc0246988
+	SIOCGIFINDEX                   = 0xc0206920
+	SIOCGIFMAC                     = 0xc0206926
+	SIOCGIFMEDIA                   = 0xc0286938
+	SIOCGIFMETRIC                  = 0xc0206917
+	SIOCGIFMTU                     = 0xc0206933
+	SIOCGIFNETMASK                 = 0xc0206925
+	SIOCGIFPDSTADDR                = 0xc0206948
+	SIOCGIFPHYS                    = 0xc0206935
+	SIOCGIFPSRCADDR                = 0xc0206947
+	SIOCGIFSTATUS                  = 0xc331693b
+	SIOCGIFXMEDIA                  = 0xc028698b
+	SIOCGLOWAT                     = 0x40047303
+	SIOCGPGRP                      = 0x40047309
+	SIOCGPRIVATE_0                 = 0xc0206950
+	SIOCGPRIVATE_1                 = 0xc0206951
+	SIOCGTUNFIB                    = 0xc020695e
+	SIOCIFCREATE                   = 0xc020697a
+	SIOCIFCREATE2                  = 0xc020697c
+	SIOCIFDESTROY                  = 0x80206979
+	SIOCIFGCLONERS                 = 0xc00c6978
+	SIOCSDRVSPEC                   = 0x801c697b
+	SIOCSHIWAT                     = 0x80047300
+	SIOCSIFADDR                    = 0x8020690c
+	SIOCSIFBRDADDR                 = 0x80206913
+	SIOCSIFCAP                     = 0x8020691e
+	SIOCSIFDESCR                   = 0x80206929
+	SIOCSIFDSTADDR                 = 0x8020690e
+	SIOCSIFFIB                     = 0x8020695d
+	SIOCSIFFLAGS                   = 0x80206910
+	SIOCSIFGENERIC                 = 0x80206939
+	SIOCSIFLLADDR                  = 0x8020693c
+	SIOCSIFMAC                     = 0x80206927
+	SIOCSIFMEDIA                   = 0xc0206937
+	SIOCSIFMETRIC                  = 0x80206918
+	SIOCSIFMTU                     = 0x80206934
+	SIOCSIFNAME                    = 0x80206928
+	SIOCSIFNETMASK                 = 0x80206916
+	SIOCSIFPHYADDR                 = 0x80406946
+	SIOCSIFPHYS                    = 0x80206936
+	SIOCSIFRVNET                   = 0xc020695b
+	SIOCSIFVNET                    = 0xc020695a
+	SIOCSLOWAT                     = 0x80047302
+	SIOCSPGRP                      = 0x80047308
+	SIOCSTUNFIB                    = 0x8020695f
+	SOCK_CLOEXEC                   = 0x10000000
+	SOCK_DGRAM                     = 0x2
+	SOCK_MAXADDRLEN                = 0xff
+	SOCK_NONBLOCK                  = 0x20000000
+	SOCK_RAW                       = 0x3
+	SOCK_RDM                       = 0x4
+	SOCK_SEQPACKET                 = 0x5
+	SOCK_STREAM                    = 0x1
+	SOL_SOCKET                     = 0xffff
+	SOMAXCONN                      = 0x80
+	SO_ACCEPTCONN                  = 0x2
+	SO_ACCEPTFILTER                = 0x1000
+	SO_BINTIME                     = 0x2000
+	SO_BROADCAST                   = 0x20
+	SO_DEBUG                       = 0x1
+	SO_DONTROUTE                   = 0x10
+	SO_ERROR                       = 0x1007
+	SO_KEEPALIVE                   = 0x8
+	SO_LABEL                       = 0x1009
+	SO_LINGER                      = 0x80
+	SO_LISTENINCQLEN               = 0x1013
+	SO_LISTENQLEN                  = 0x1012
+	SO_LISTENQLIMIT                = 0x1011
+	SO_NOSIGPIPE                   = 0x800
+	SO_NO_DDP                      = 0x8000
+	SO_NO_OFFLOAD                  = 0x4000
+	SO_OOBINLINE                   = 0x100
+	SO_PEERLABEL                   = 0x1010
+	SO_PROTOCOL                    = 0x1016
+	SO_PROTOTYPE                   = 0x1016
+	SO_RCVBUF                      = 0x1002
+	SO_RCVLOWAT                    = 0x1004
+	SO_RCVTIMEO                    = 0x1006
+	SO_REUSEADDR                   = 0x4
+	SO_REUSEPORT                   = 0x200
+	SO_SETFIB                      = 0x1014
+	SO_SNDBUF                      = 0x1001
+	SO_SNDLOWAT                    = 0x1003
+	SO_SNDTIMEO                    = 0x1005
+	SO_TIMESTAMP                   = 0x400
+	SO_TYPE                        = 0x1008
+	SO_USELOOPBACK                 = 0x40
+	SO_USER_COOKIE                 = 0x1015
+	SO_VENDOR                      = 0x80000000
+	S_BLKSIZE                      = 0x200
+	S_IEXEC                        = 0x40
+	S_IFBLK                        = 0x6000
+	S_IFCHR                        = 0x2000
+	S_IFDIR                        = 0x4000
+	S_IFIFO                        = 0x1000
+	S_IFLNK                        = 0xa000
+	S_IFMT                         = 0xf000
+	S_IFREG                        = 0x8000
+	S_IFSOCK                       = 0xc000
+	S_IFWHT                        = 0xe000
+	S_IREAD                        = 0x100
+	S_IRGRP                        = 0x20
+	S_IROTH                        = 0x4
+	S_IRUSR                        = 0x100
+	S_IRWXG                        = 0x38
+	S_IRWXO                        = 0x7
+	S_IRWXU                        = 0x1c0
+	S_ISGID                        = 0x400
+	S_ISTXT                        = 0x200
+	S_ISUID                        = 0x800
+	S_ISVTX                        = 0x200
+	S_IWGRP                        = 0x10
+	S_IWOTH                        = 0x2
+	S_IWRITE                       = 0x80
+	S_IWUSR                        = 0x80
+	S_IXGRP                        = 0x8
+	S_IXOTH                        = 0x1
+	S_IXUSR                        = 0x40
+	TAB0                           = 0x0
+	TAB3                           = 0x4
+	TABDLY                         = 0x4
+	TCIFLUSH                       = 0x1
+	TCIOFF                         = 0x3
+	TCIOFLUSH                      = 0x3
+	TCION                          = 0x4
+	TCOFLUSH                       = 0x2
+	TCOOFF                         = 0x1
+	TCOON                          = 0x2
+	TCP_CA_NAME_MAX                = 0x10
+	TCP_CCALGOOPT                  = 0x41
+	TCP_CONGESTION                 = 0x40
+	TCP_FASTOPEN                   = 0x401
+	TCP_FUNCTION_BLK               = 0x2000
+	TCP_FUNCTION_NAME_LEN_MAX      = 0x20
+	TCP_INFO                       = 0x20
+	TCP_KEEPCNT                    = 0x400
+	TCP_KEEPIDLE                   = 0x100
+	TCP_KEEPINIT                   = 0x80
+	TCP_KEEPINTVL                  = 0x200
+	TCP_MAXBURST                   = 0x4
+	TCP_MAXHLEN                    = 0x3c
+	TCP_MAXOLEN                    = 0x28
+	TCP_MAXSEG                     = 0x2
+	TCP_MAXWIN                     = 0xffff
+	TCP_MAX_SACK                   = 0x4
+	TCP_MAX_WINSHIFT               = 0xe
+	TCP_MD5SIG                     = 0x10
+	TCP_MINMSS                     = 0xd8
+	TCP_MSS                        = 0x218
+	TCP_NODELAY                    = 0x1
+	TCP_NOOPT                      = 0x8
+	TCP_NOPUSH                     = 0x4
+	TCP_PCAP_IN                    = 0x1000
+	TCP_PCAP_OUT                   = 0x800
+	TCP_VENDOR                     = 0x80000000
+	TCSAFLUSH                      = 0x2
+	TIOCCBRK                       = 0x2000747a
+	TIOCCDTR                       = 0x20007478
+	TIOCCONS                       = 0x80047462
+	TIOCDRAIN                      = 0x2000745e
+	TIOCEXCL                       = 0x2000740d
+	TIOCEXT                        = 0x80047460
+	TIOCFLUSH                      = 0x80047410
+	TIOCGDRAINWAIT                 = 0x40047456
+	TIOCGETA                       = 0x402c7413
+	TIOCGETD                       = 0x4004741a
+	TIOCGPGRP                      = 0x40047477
+	TIOCGPTN                       = 0x4004740f
+	TIOCGSID                       = 0x40047463
+	TIOCGWINSZ                     = 0x40087468
+	TIOCMBIC                       = 0x8004746b
+	TIOCMBIS                       = 0x8004746c
+	TIOCMGDTRWAIT                  = 0x4004745a
+	TIOCMGET                       = 0x4004746a
+	TIOCMSDTRWAIT                  = 0x8004745b
+	TIOCMSET                       = 0x8004746d
+	TIOCM_CAR                      = 0x40
+	TIOCM_CD                       = 0x40
+	TIOCM_CTS                      = 0x20
+	TIOCM_DCD                      = 0x40
+	TIOCM_DSR                      = 0x100
+	TIOCM_DTR                      = 0x2
+	TIOCM_LE                       = 0x1
+	TIOCM_RI                       = 0x80
+	TIOCM_RNG                      = 0x80
+	TIOCM_RTS                      = 0x4
+	TIOCM_SR                       = 0x10
+	TIOCM_ST                       = 0x8
+	TIOCNOTTY                      = 0x20007471
+	TIOCNXCL                       = 0x2000740e
+	TIOCOUTQ                       = 0x40047473
+	TIOCPKT                        = 0x80047470
+	TIOCPKT_DATA                   = 0x0
+	TIOCPKT_DOSTOP                 = 0x20
+	TIOCPKT_FLUSHREAD              = 0x1
+	TIOCPKT_FLUSHWRITE             = 0x2
+	TIOCPKT_IOCTL                  = 0x40
+	TIOCPKT_NOSTOP                 = 0x10
+	TIOCPKT_START                  = 0x8
+	TIOCPKT_STOP                   = 0x4
+	TIOCPTMASTER                   = 0x2000741c
+	TIOCSBRK                       = 0x2000747b
+	TIOCSCTTY                      = 0x20007461
+	TIOCSDRAINWAIT                 = 0x80047457
+	TIOCSDTR                       = 0x20007479
+	TIOCSETA                       = 0x802c7414
+	TIOCSETAF                      = 0x802c7416
+	TIOCSETAW                      = 0x802c7415
+	TIOCSETD                       = 0x8004741b
+	TIOCSIG                        = 0x2004745f
+	TIOCSPGRP                      = 0x80047476
+	TIOCSTART                      = 0x2000746e
+	TIOCSTAT                       = 0x20007465
+	TIOCSTI                        = 0x80017472
+	TIOCSTOP                       = 0x2000746f
+	TIOCSWINSZ                     = 0x80087467
+	TIOCTIMESTAMP                  = 0x40107459
+	TIOCUCNTL                      = 0x80047466
+	TOSTOP                         = 0x400000
+	VDISCARD                       = 0xf
+	VDSUSP                         = 0xb
+	VEOF                           = 0x0
+	VEOL                           = 0x1
+	VEOL2                          = 0x2
+	VERASE                         = 0x3
+	VERASE2                        = 0x7
+	VINTR                          = 0x8
+	VKILL                          = 0x5
+	VLNEXT                         = 0xe
+	VMIN                           = 0x10
+	VQUIT                          = 0x9
+	VREPRINT                       = 0x6
+	VSTART                         = 0xc
+	VSTATUS                        = 0x12
+	VSTOP                          = 0xd
+	VSUSP                          = 0xa
+	VTIME                          = 0x11
+	VWERASE                        = 0x4
+	WCONTINUED                     = 0x4
+	WCOREFLAG                      = 0x80
+	WEXITED                        = 0x10
+	WLINUXCLONE                    = 0x80000000
+	WNOHANG                        = 0x1
+	WNOWAIT                        = 0x8
+	WSTOPPED                       = 0x2
+	WTRAPPED                       = 0x20
+	WUNTRACED                      = 0x2
+)
+
+// Errors
+const (
+	E2BIG           = syscall.Errno(0x7)
+	EACCES          = syscall.Errno(0xd)
+	EADDRINUSE      = syscall.Errno(0x30)
+	EADDRNOTAVAIL   = syscall.Errno(0x31)
+	EAFNOSUPPORT    = syscall.Errno(0x2f)
+	EAGAIN          = syscall.Errno(0x23)
+	EALREADY        = syscall.Errno(0x25)
+	EAUTH           = syscall.Errno(0x50)
+	EBADF           = syscall.Errno(0x9)
+	EBADMSG         = syscall.Errno(0x59)
+	EBADRPC         = syscall.Errno(0x48)
+	EBUSY           = syscall.Errno(0x10)
+	ECANCELED       = syscall.Errno(0x55)
+	ECAPMODE        = syscall.Errno(0x5e)
+	ECHILD          = syscall.Errno(0xa)
+	ECONNABORTED    = syscall.Errno(0x35)
+	ECONNREFUSED    = syscall.Errno(0x3d)
+	ECONNRESET      = syscall.Errno(0x36)
+	EDEADLK         = syscall.Errno(0xb)
+	EDESTADDRREQ    = syscall.Errno(0x27)
+	EDOM            = syscall.Errno(0x21)
+	EDOOFUS         = syscall.Errno(0x58)
+	EDQUOT          = syscall.Errno(0x45)
+	EEXIST          = syscall.Errno(0x11)
+	EFAULT          = syscall.Errno(0xe)
+	EFBIG           = syscall.Errno(0x1b)
+	EFTYPE          = syscall.Errno(0x4f)
+	EHOSTDOWN       = syscall.Errno(0x40)
+	EHOSTUNREACH    = syscall.Errno(0x41)
+	EIDRM           = syscall.Errno(0x52)
+	EILSEQ          = syscall.Errno(0x56)
+	EINPROGRESS     = syscall.Errno(0x24)
+	EINTR           = syscall.Errno(0x4)
+	EINVAL          = syscall.Errno(0x16)
+	EIO             = syscall.Errno(0x5)
+	EISCONN         = syscall.Errno(0x38)
+	EISDIR          = syscall.Errno(0x15)
+	ELAST           = syscall.Errno(0x60)
+	ELOOP           = syscall.Errno(0x3e)
+	EMFILE          = syscall.Errno(0x18)
+	EMLINK          = syscall.Errno(0x1f)
+	EMSGSIZE        = syscall.Errno(0x28)
+	EMULTIHOP       = syscall.Errno(0x5a)
+	ENAMETOOLONG    = syscall.Errno(0x3f)
+	ENEEDAUTH       = syscall.Errno(0x51)
+	ENETDOWN        = syscall.Errno(0x32)
+	ENETRESET       = syscall.Errno(0x34)
+	ENETUNREACH     = syscall.Errno(0x33)
+	ENFILE          = syscall.Errno(0x17)
+	ENOATTR         = syscall.Errno(0x57)
+	ENOBUFS         = syscall.Errno(0x37)
+	ENODEV          = syscall.Errno(0x13)
+	ENOENT          = syscall.Errno(0x2)
+	ENOEXEC         = syscall.Errno(0x8)
+	ENOLCK          = syscall.Errno(0x4d)
+	ENOLINK         = syscall.Errno(0x5b)
+	ENOMEM          = syscall.Errno(0xc)
+	ENOMSG          = syscall.Errno(0x53)
+	ENOPROTOOPT     = syscall.Errno(0x2a)
+	ENOSPC          = syscall.Errno(0x1c)
+	ENOSYS          = syscall.Errno(0x4e)
+	ENOTBLK         = syscall.Errno(0xf)
+	ENOTCAPABLE     = syscall.Errno(0x5d)
+	ENOTCONN        = syscall.Errno(0x39)
+	ENOTDIR         = syscall.Errno(0x14)
+	ENOTEMPTY       = syscall.Errno(0x42)
+	ENOTRECOVERABLE = syscall.Errno(0x5f)
+	ENOTSOCK        = syscall.Errno(0x26)
+	ENOTSUP         = syscall.Errno(0x2d)
+	ENOTTY          = syscall.Errno(0x19)
+	ENXIO           = syscall.Errno(0x6)
+	EOPNOTSUPP      = syscall.Errno(0x2d)
+	EOVERFLOW       = syscall.Errno(0x54)
+	EOWNERDEAD      = syscall.Errno(0x60)
+	EPERM           = syscall.Errno(0x1)
+	EPFNOSUPPORT    = syscall.Errno(0x2e)
+	EPIPE           = syscall.Errno(0x20)
+	EPROCLIM        = syscall.Errno(0x43)
+	EPROCUNAVAIL    = syscall.Errno(0x4c)
+	EPROGMISMATCH   = syscall.Errno(0x4b)
+	EPROGUNAVAIL    = syscall.Errno(0x4a)
+	EPROTO          = syscall.Errno(0x5c)
+	EPROTONOSUPPORT = syscall.Errno(0x2b)
+	EPROTOTYPE      = syscall.Errno(0x29)
+	ERANGE          = syscall.Errno(0x22)
+	EREMOTE         = syscall.Errno(0x47)
+	EROFS           = syscall.Errno(0x1e)
+	ERPCMISMATCH    = syscall.Errno(0x49)
+	ESHUTDOWN       = syscall.Errno(0x3a)
+	ESOCKTNOSUPPORT = syscall.Errno(0x2c)
+	ESPIPE          = syscall.Errno(0x1d)
+	ESRCH           = syscall.Errno(0x3)
+	ESTALE          = syscall.Errno(0x46)
+	ETIMEDOUT       = syscall.Errno(0x3c)
+	ETOOMANYREFS    = syscall.Errno(0x3b)
+	ETXTBSY         = syscall.Errno(0x1a)
+	EUSERS          = syscall.Errno(0x44)
+	EWOULDBLOCK     = syscall.Errno(0x23)
+	EXDEV           = syscall.Errno(0x12)
+)
+
+// Signals
+const (
+	SIGABRT   = syscall.Signal(0x6)
+	SIGALRM   = syscall.Signal(0xe)
+	SIGBUS    = syscall.Signal(0xa)
+	SIGCHLD   = syscall.Signal(0x14)
+	SIGCONT   = syscall.Signal(0x13)
+	SIGEMT    = syscall.Signal(0x7)
+	SIGFPE    = syscall.Signal(0x8)
+	SIGHUP    = syscall.Signal(0x1)
+	SIGILL    = syscall.Signal(0x4)
+	SIGINFO   = syscall.Signal(0x1d)
+	SIGINT    = syscall.Signal(0x2)
+	SIGIO     = syscall.Signal(0x17)
+	SIGIOT    = syscall.Signal(0x6)
+	SIGKILL   = syscall.Signal(0x9)
+	SIGLIBRT  = syscall.Signal(0x21)
+	SIGLWP    = syscall.Signal(0x20)
+	SIGPIPE   = syscall.Signal(0xd)
+	SIGPROF   = syscall.Signal(0x1b)
+	SIGQUIT   = syscall.Signal(0x3)
+	SIGSEGV   = syscall.Signal(0xb)
+	SIGSTOP   = syscall.Signal(0x11)
+	SIGSYS    = syscall.Signal(0xc)
+	SIGTERM   = syscall.Signal(0xf)
+	SIGTHR    = syscall.Signal(0x20)
+	SIGTRAP   = syscall.Signal(0x5)
+	SIGTSTP   = syscall.Signal(0x12)
+	SIGTTIN   = syscall.Signal(0x15)
+	SIGTTOU   = syscall.Signal(0x16)
+	SIGURG    = syscall.Signal(0x10)
+	SIGUSR1   = syscall.Signal(0x1e)
+	SIGUSR2   = syscall.Signal(0x1f)
+	SIGVTALRM = syscall.Signal(0x1a)
+	SIGWINCH  = syscall.Signal(0x1c)
+	SIGXCPU   = syscall.Signal(0x18)
+	SIGXFSZ   = syscall.Signal(0x19)
+)
+
+// Error table
+var errorList = [...]struct {
+	num  syscall.Errno
+	name string
+	desc string
+}{
+	{1, "EPERM", "operation not permitted"},
+	{2, "ENOENT", "no such file or directory"},
+	{3, "ESRCH", "no such process"},
+	{4, "EINTR", "interrupted system call"},
+	{5, "EIO", "input/output error"},
+	{6, "ENXIO", "device not configured"},
+	{7, "E2BIG", "argument list too long"},
+	{8, "ENOEXEC", "exec format error"},
+	{9, "EBADF", "bad file descriptor"},
+	{10, "ECHILD", "no child processes"},
+	{11, "EDEADLK", "resource deadlock avoided"},
+	{12, "ENOMEM", "cannot allocate memory"},
+	{13, "EACCES", "permission denied"},
+	{14, "EFAULT", "bad address"},
+	{15, "ENOTBLK", "block device required"},
+	{16, "EBUSY", "device busy"},
+	{17, "EEXIST", "file exists"},
+	{18, "EXDEV", "cross-device link"},
+	{19, "ENODEV", "operation not supported by device"},
+	{20, "ENOTDIR", "not a directory"},
+	{21, "EISDIR", "is a directory"},
+	{22, "EINVAL", "invalid argument"},
+	{23, "ENFILE", "too many open files in system"},
+	{24, "EMFILE", "too many open files"},
+	{25, "ENOTTY", "inappropriate ioctl for device"},
+	{26, "ETXTBSY", "text file busy"},
+	{27, "EFBIG", "file too large"},
+	{28, "ENOSPC", "no space left on device"},
+	{29, "ESPIPE", "illegal seek"},
+	{30, "EROFS", "read-only file system"},
+	{31, "EMLINK", "too many links"},
+	{32, "EPIPE", "broken pipe"},
+	{33, "EDOM", "numerical argument out of domain"},
+	{34, "ERANGE", "result too large"},
+	{35, "EAGAIN", "resource temporarily unavailable"},
+	{36, "EINPROGRESS", "operation now in progress"},
+	{37, "EALREADY", "operation already in progress"},
+	{38, "ENOTSOCK", "socket operation on non-socket"},
+	{39, "EDESTADDRREQ", "destination address required"},
+	{40, "EMSGSIZE", "message too long"},
+	{41, "EPROTOTYPE", "protocol wrong type for socket"},
+	{42, "ENOPROTOOPT", "protocol not available"},
+	{43, "EPROTONOSUPPORT", "protocol not supported"},
+	{44, "ESOCKTNOSUPPORT", "socket type not supported"},
+	{45, "EOPNOTSUPP", "operation not supported"},
+	{46, "EPFNOSUPPORT", "protocol family not supported"},
+	{47, "EAFNOSUPPORT", "address family not supported by protocol family"},
+	{48, "EADDRINUSE", "address already in use"},
+	{49, "EADDRNOTAVAIL", "can't assign requested address"},
+	{50, "ENETDOWN", "network is down"},
+	{51, "ENETUNREACH", "network is unreachable"},
+	{52, "ENETRESET", "network dropped connection on reset"},
+	{53, "ECONNABORTED", "software caused connection abort"},
+	{54, "ECONNRESET", "connection reset by peer"},
+	{55, "ENOBUFS", "no buffer space available"},
+	{56, "EISCONN", "socket is already connected"},
+	{57, "ENOTCONN", "socket is not connected"},
+	{58, "ESHUTDOWN", "can't send after socket shutdown"},
+	{59, "ETOOMANYREFS", "too many references: can't splice"},
+	{60, "ETIMEDOUT", "operation timed out"},
+	{61, "ECONNREFUSED", "connection refused"},
+	{62, "ELOOP", "too many levels of symbolic links"},
+	{63, "ENAMETOOLONG", "file name too long"},
+	{64, "EHOSTDOWN", "host is down"},
+	{65, "EHOSTUNREACH", "no route to host"},
+	{66, "ENOTEMPTY", "directory not empty"},
+	{67, "EPROCLIM", "too many processes"},
+	{68, "EUSERS", "too many users"},
+	{69, "EDQUOT", "disc quota exceeded"},
+	{70, "ESTALE", "stale NFS file handle"},
+	{71, "EREMOTE", "too many levels of remote in path"},
+	{72, "EBADRPC", "RPC struct is bad"},
+	{73, "ERPCMISMATCH", "RPC version wrong"},
+	{74, "EPROGUNAVAIL", "RPC prog. not avail"},
+	{75, "EPROGMISMATCH", "program version wrong"},
+	{76, "EPROCUNAVAIL", "bad procedure for program"},
+	{77, "ENOLCK", "no locks available"},
+	{78, "ENOSYS", "function not implemented"},
+	{79, "EFTYPE", "inappropriate file type or format"},
+	{80, "EAUTH", "authentication error"},
+	{81, "ENEEDAUTH", "need authenticator"},
+	{82, "EIDRM", "identifier removed"},
+	{83, "ENOMSG", "no message of desired type"},
+	{84, "EOVERFLOW", "value too large to be stored in data type"},
+	{85, "ECANCELED", "operation canceled"},
+	{86, "EILSEQ", "illegal byte sequence"},
+	{87, "ENOATTR", "attribute not found"},
+	{88, "EDOOFUS", "programming error"},
+	{89, "EBADMSG", "bad message"},
+	{90, "EMULTIHOP", "multihop attempted"},
+	{91, "ENOLINK", "link has been severed"},
+	{92, "EPROTO", "protocol error"},
+	{93, "ENOTCAPABLE", "capabilities insufficient"},
+	{94, "ECAPMODE", "not permitted in capability mode"},
+	{95, "ENOTRECOVERABLE", "state not recoverable"},
+	{96, "EOWNERDEAD", "previous owner died"},
+}
+
+// Signal table
+var signalList = [...]struct {
+	num  syscall.Signal
+	name string
+	desc string
+}{
+	{1, "SIGHUP", "hangup"},
+	{2, "SIGINT", "interrupt"},
+	{3, "SIGQUIT", "quit"},
+	{4, "SIGILL", "illegal instruction"},
+	{5, "SIGTRAP", "trace/BPT trap"},
+	{6, "SIGIOT", "abort trap"},
+	{7, "SIGEMT", "EMT trap"},
+	{8, "SIGFPE", "floating point exception"},
+	{9, "SIGKILL", "killed"},
+	{10, "SIGBUS", "bus error"},
+	{11, "SIGSEGV", "segmentation fault"},
+	{12, "SIGSYS", "bad system call"},
+	{13, "SIGPIPE", "broken pipe"},
+	{14, "SIGALRM", "alarm clock"},
+	{15, "SIGTERM", "terminated"},
+	{16, "SIGURG", "urgent I/O condition"},
+	{17, "SIGSTOP", "suspended (signal)"},
+	{18, "SIGTSTP", "suspended"},
+	{19, "SIGCONT", "continued"},
+	{20, "SIGCHLD", "child exited"},
+	{21, "SIGTTIN", "stopped (tty input)"},
+	{22, "SIGTTOU", "stopped (tty output)"},
+	{23, "SIGIO", "I/O possible"},
+	{24, "SIGXCPU", "cputime limit exceeded"},
+	{25, "SIGXFSZ", "filesize limit exceeded"},
+	{26, "SIGVTALRM", "virtual timer expired"},
+	{27, "SIGPROF", "profiling timer expired"},
+	{28, "SIGWINCH", "window size changes"},
+	{29, "SIGINFO", "information request"},
+	{30, "SIGUSR1", "user defined signal 1"},
+	{31, "SIGUSR2", "user defined signal 2"},
+	{32, "SIGTHR", "unknown signal"},
+	{33, "SIGLIBRT", "unknown signal"},
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go
new file mode 100644
index 000000000..7ce9c0081
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go
@@ -0,0 +1,1936 @@
+// mkerrors.sh -m64
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build arm64,freebsd
+
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs -- -m64 _const.go
+
+package unix
+
+import "syscall"
+
+const (
+	AF_APPLETALK                   = 0x10
+	AF_ARP                         = 0x23
+	AF_ATM                         = 0x1e
+	AF_BLUETOOTH                   = 0x24
+	AF_CCITT                       = 0xa
+	AF_CHAOS                       = 0x5
+	AF_CNT                         = 0x15
+	AF_COIP                        = 0x14
+	AF_DATAKIT                     = 0x9
+	AF_DECnet                      = 0xc
+	AF_DLI                         = 0xd
+	AF_E164                        = 0x1a
+	AF_ECMA                        = 0x8
+	AF_HYLINK                      = 0xf
+	AF_IEEE80211                   = 0x25
+	AF_IMPLINK                     = 0x3
+	AF_INET                        = 0x2
+	AF_INET6                       = 0x1c
+	AF_INET6_SDP                   = 0x2a
+	AF_INET_SDP                    = 0x28
+	AF_IPX                         = 0x17
+	AF_ISDN                        = 0x1a
+	AF_ISO                         = 0x7
+	AF_LAT                         = 0xe
+	AF_LINK                        = 0x12
+	AF_LOCAL                       = 0x1
+	AF_MAX                         = 0x2a
+	AF_NATM                        = 0x1d
+	AF_NETBIOS                     = 0x6
+	AF_NETGRAPH                    = 0x20
+	AF_OSI                         = 0x7
+	AF_PUP                         = 0x4
+	AF_ROUTE                       = 0x11
+	AF_SCLUSTER                    = 0x22
+	AF_SIP                         = 0x18
+	AF_SLOW                        = 0x21
+	AF_SNA                         = 0xb
+	AF_UNIX                        = 0x1
+	AF_UNSPEC                      = 0x0
+	AF_VENDOR00                    = 0x27
+	AF_VENDOR01                    = 0x29
+	AF_VENDOR02                    = 0x2b
+	AF_VENDOR03                    = 0x2d
+	AF_VENDOR04                    = 0x2f
+	AF_VENDOR05                    = 0x31
+	AF_VENDOR06                    = 0x33
+	AF_VENDOR07                    = 0x35
+	AF_VENDOR08                    = 0x37
+	AF_VENDOR09                    = 0x39
+	AF_VENDOR10                    = 0x3b
+	AF_VENDOR11                    = 0x3d
+	AF_VENDOR12                    = 0x3f
+	AF_VENDOR13                    = 0x41
+	AF_VENDOR14                    = 0x43
+	AF_VENDOR15                    = 0x45
+	AF_VENDOR16                    = 0x47
+	AF_VENDOR17                    = 0x49
+	AF_VENDOR18                    = 0x4b
+	AF_VENDOR19                    = 0x4d
+	AF_VENDOR20                    = 0x4f
+	AF_VENDOR21                    = 0x51
+	AF_VENDOR22                    = 0x53
+	AF_VENDOR23                    = 0x55
+	AF_VENDOR24                    = 0x57
+	AF_VENDOR25                    = 0x59
+	AF_VENDOR26                    = 0x5b
+	AF_VENDOR27                    = 0x5d
+	AF_VENDOR28                    = 0x5f
+	AF_VENDOR29                    = 0x61
+	AF_VENDOR30                    = 0x63
+	AF_VENDOR31                    = 0x65
+	AF_VENDOR32                    = 0x67
+	AF_VENDOR33                    = 0x69
+	AF_VENDOR34                    = 0x6b
+	AF_VENDOR35                    = 0x6d
+	AF_VENDOR36                    = 0x6f
+	AF_VENDOR37                    = 0x71
+	AF_VENDOR38                    = 0x73
+	AF_VENDOR39                    = 0x75
+	AF_VENDOR40                    = 0x77
+	AF_VENDOR41                    = 0x79
+	AF_VENDOR42                    = 0x7b
+	AF_VENDOR43                    = 0x7d
+	AF_VENDOR44                    = 0x7f
+	AF_VENDOR45                    = 0x81
+	AF_VENDOR46                    = 0x83
+	AF_VENDOR47                    = 0x85
+	ALTWERASE                      = 0x200
+	B0                             = 0x0
+	B110                           = 0x6e
+	B115200                        = 0x1c200
+	B1200                          = 0x4b0
+	B134                           = 0x86
+	B14400                         = 0x3840
+	B150                           = 0x96
+	B1800                          = 0x708
+	B19200                         = 0x4b00
+	B200                           = 0xc8
+	B230400                        = 0x38400
+	B2400                          = 0x960
+	B28800                         = 0x7080
+	B300                           = 0x12c
+	B38400                         = 0x9600
+	B460800                        = 0x70800
+	B4800                          = 0x12c0
+	B50                            = 0x32
+	B57600                         = 0xe100
+	B600                           = 0x258
+	B7200                          = 0x1c20
+	B75                            = 0x4b
+	B76800                         = 0x12c00
+	B921600                        = 0xe1000
+	B9600                          = 0x2580
+	BIOCFEEDBACK                   = 0x8004427c
+	BIOCFLUSH                      = 0x20004268
+	BIOCGBLEN                      = 0x40044266
+	BIOCGDIRECTION                 = 0x40044276
+	BIOCGDLT                       = 0x4004426a
+	BIOCGDLTLIST                   = 0xc0104279
+	BIOCGETBUFMODE                 = 0x4004427d
+	BIOCGETIF                      = 0x4020426b
+	BIOCGETZMAX                    = 0x4008427f
+	BIOCGHDRCMPLT                  = 0x40044274
+	BIOCGRSIG                      = 0x40044272
+	BIOCGRTIMEOUT                  = 0x4010426e
+	BIOCGSEESENT                   = 0x40044276
+	BIOCGSTATS                     = 0x4008426f
+	BIOCGTSTAMP                    = 0x40044283
+	BIOCIMMEDIATE                  = 0x80044270
+	BIOCLOCK                       = 0x2000427a
+	BIOCPROMISC                    = 0x20004269
+	BIOCROTZBUF                    = 0x40184280
+	BIOCSBLEN                      = 0xc0044266
+	BIOCSDIRECTION                 = 0x80044277
+	BIOCSDLT                       = 0x80044278
+	BIOCSETBUFMODE                 = 0x8004427e
+	BIOCSETF                       = 0x80104267
+	BIOCSETFNR                     = 0x80104282
+	BIOCSETIF                      = 0x8020426c
+	BIOCSETWF                      = 0x8010427b
+	BIOCSETZBUF                    = 0x80184281
+	BIOCSHDRCMPLT                  = 0x80044275
+	BIOCSRSIG                      = 0x80044273
+	BIOCSRTIMEOUT                  = 0x8010426d
+	BIOCSSEESENT                   = 0x80044277
+	BIOCSTSTAMP                    = 0x80044284
+	BIOCVERSION                    = 0x40044271
+	BPF_A                          = 0x10
+	BPF_ABS                        = 0x20
+	BPF_ADD                        = 0x0
+	BPF_ALIGNMENT                  = 0x8
+	BPF_ALU                        = 0x4
+	BPF_AND                        = 0x50
+	BPF_B                          = 0x10
+	BPF_BUFMODE_BUFFER             = 0x1
+	BPF_BUFMODE_ZBUF               = 0x2
+	BPF_DIV                        = 0x30
+	BPF_H                          = 0x8
+	BPF_IMM                        = 0x0
+	BPF_IND                        = 0x40
+	BPF_JA                         = 0x0
+	BPF_JEQ                        = 0x10
+	BPF_JGE                        = 0x30
+	BPF_JGT                        = 0x20
+	BPF_JMP                        = 0x5
+	BPF_JSET                       = 0x40
+	BPF_K                          = 0x0
+	BPF_LD                         = 0x0
+	BPF_LDX                        = 0x1
+	BPF_LEN                        = 0x80
+	BPF_LSH                        = 0x60
+	BPF_MAJOR_VERSION              = 0x1
+	BPF_MAXBUFSIZE                 = 0x80000
+	BPF_MAXINSNS                   = 0x200
+	BPF_MEM                        = 0x60
+	BPF_MEMWORDS                   = 0x10
+	BPF_MINBUFSIZE                 = 0x20
+	BPF_MINOR_VERSION              = 0x1
+	BPF_MISC                       = 0x7
+	BPF_MOD                        = 0x90
+	BPF_MSH                        = 0xa0
+	BPF_MUL                        = 0x20
+	BPF_NEG                        = 0x80
+	BPF_OR                         = 0x40
+	BPF_RELEASE                    = 0x30bb6
+	BPF_RET                        = 0x6
+	BPF_RSH                        = 0x70
+	BPF_ST                         = 0x2
+	BPF_STX                        = 0x3
+	BPF_SUB                        = 0x10
+	BPF_TAX                        = 0x0
+	BPF_TXA                        = 0x80
+	BPF_T_BINTIME                  = 0x2
+	BPF_T_BINTIME_FAST             = 0x102
+	BPF_T_BINTIME_MONOTONIC        = 0x202
+	BPF_T_BINTIME_MONOTONIC_FAST   = 0x302
+	BPF_T_FAST                     = 0x100
+	BPF_T_FLAG_MASK                = 0x300
+	BPF_T_FORMAT_MASK              = 0x3
+	BPF_T_MICROTIME                = 0x0
+	BPF_T_MICROTIME_FAST           = 0x100
+	BPF_T_MICROTIME_MONOTONIC      = 0x200
+	BPF_T_MICROTIME_MONOTONIC_FAST = 0x300
+	BPF_T_MONOTONIC                = 0x200
+	BPF_T_MONOTONIC_FAST           = 0x300
+	BPF_T_NANOTIME                 = 0x1
+	BPF_T_NANOTIME_FAST            = 0x101
+	BPF_T_NANOTIME_MONOTONIC       = 0x201
+	BPF_T_NANOTIME_MONOTONIC_FAST  = 0x301
+	BPF_T_NONE                     = 0x3
+	BPF_T_NORMAL                   = 0x0
+	BPF_W                          = 0x0
+	BPF_X                          = 0x8
+	BPF_XOR                        = 0xa0
+	BRKINT                         = 0x2
+	CAP_ACCEPT                     = 0x200000020000000
+	CAP_ACL_CHECK                  = 0x400000000010000
+	CAP_ACL_DELETE                 = 0x400000000020000
+	CAP_ACL_GET                    = 0x400000000040000
+	CAP_ACL_SET                    = 0x400000000080000
+	CAP_ALL0                       = 0x20007ffffffffff
+	CAP_ALL1                       = 0x4000000001fffff
+	CAP_BIND                       = 0x200000040000000
+	CAP_BINDAT                     = 0x200008000000400
+	CAP_CHFLAGSAT                  = 0x200000000001400
+	CAP_CONNECT                    = 0x200000080000000
+	CAP_CONNECTAT                  = 0x200010000000400
+	CAP_CREATE                     = 0x200000000000040
+	CAP_EVENT                      = 0x400000000000020
+	CAP_EXTATTR_DELETE             = 0x400000000001000
+	CAP_EXTATTR_GET                = 0x400000000002000
+	CAP_EXTATTR_LIST               = 0x400000000004000
+	CAP_EXTATTR_SET                = 0x400000000008000
+	CAP_FCHDIR                     = 0x200000000000800
+	CAP_FCHFLAGS                   = 0x200000000001000
+	CAP_FCHMOD                     = 0x200000000002000
+	CAP_FCHMODAT                   = 0x200000000002400
+	CAP_FCHOWN                     = 0x200000000004000
+	CAP_FCHOWNAT                   = 0x200000000004400
+	CAP_FCNTL                      = 0x200000000008000
+	CAP_FCNTL_ALL                  = 0x78
+	CAP_FCNTL_GETFL                = 0x8
+	CAP_FCNTL_GETOWN               = 0x20
+	CAP_FCNTL_SETFL                = 0x10
+	CAP_FCNTL_SETOWN               = 0x40
+	CAP_FEXECVE                    = 0x200000000000080
+	CAP_FLOCK                      = 0x200000000010000
+	CAP_FPATHCONF                  = 0x200000000020000
+	CAP_FSCK                       = 0x200000000040000
+	CAP_FSTAT                      = 0x200000000080000
+	CAP_FSTATAT                    = 0x200000000080400
+	CAP_FSTATFS                    = 0x200000000100000
+	CAP_FSYNC                      = 0x200000000000100
+	CAP_FTRUNCATE                  = 0x200000000000200
+	CAP_FUTIMES                    = 0x200000000200000
+	CAP_FUTIMESAT                  = 0x200000000200400
+	CAP_GETPEERNAME                = 0x200000100000000
+	CAP_GETSOCKNAME                = 0x200000200000000
+	CAP_GETSOCKOPT                 = 0x200000400000000
+	CAP_IOCTL                      = 0x400000000000080
+	CAP_IOCTLS_ALL                 = 0x7fffffffffffffff
+	CAP_KQUEUE                     = 0x400000000100040
+	CAP_KQUEUE_CHANGE              = 0x400000000100000
+	CAP_KQUEUE_EVENT               = 0x400000000000040
+	CAP_LINKAT_SOURCE              = 0x200020000000400
+	CAP_LINKAT_TARGET              = 0x200000000400400
+	CAP_LISTEN                     = 0x200000800000000
+	CAP_LOOKUP                     = 0x200000000000400
+	CAP_MAC_GET                    = 0x400000000000001
+	CAP_MAC_SET                    = 0x400000000000002
+	CAP_MKDIRAT                    = 0x200000000800400
+	CAP_MKFIFOAT                   = 0x200000001000400
+	CAP_MKNODAT                    = 0x200000002000400
+	CAP_MMAP                       = 0x200000000000010
+	CAP_MMAP_R                     = 0x20000000000001d
+	CAP_MMAP_RW                    = 0x20000000000001f
+	CAP_MMAP_RWX                   = 0x20000000000003f
+	CAP_MMAP_RX                    = 0x20000000000003d
+	CAP_MMAP_W                     = 0x20000000000001e
+	CAP_MMAP_WX                    = 0x20000000000003e
+	CAP_MMAP_X                     = 0x20000000000003c
+	CAP_PDGETPID                   = 0x400000000000200
+	CAP_PDKILL                     = 0x400000000000800
+	CAP_PDWAIT                     = 0x400000000000400
+	CAP_PEELOFF                    = 0x200001000000000
+	CAP_POLL_EVENT                 = 0x400000000000020
+	CAP_PREAD                      = 0x20000000000000d
+	CAP_PWRITE                     = 0x20000000000000e
+	CAP_READ                       = 0x200000000000001
+	CAP_RECV                       = 0x200000000000001
+	CAP_RENAMEAT_SOURCE            = 0x200000004000400
+	CAP_RENAMEAT_TARGET            = 0x200040000000400
+	CAP_RIGHTS_VERSION             = 0x0
+	CAP_RIGHTS_VERSION_00          = 0x0
+	CAP_SEEK                       = 0x20000000000000c
+	CAP_SEEK_TELL                  = 0x200000000000004
+	CAP_SEM_GETVALUE               = 0x400000000000004
+	CAP_SEM_POST                   = 0x400000000000008
+	CAP_SEM_WAIT                   = 0x400000000000010
+	CAP_SEND                       = 0x200000000000002
+	CAP_SETSOCKOPT                 = 0x200002000000000
+	CAP_SHUTDOWN                   = 0x200004000000000
+	CAP_SOCK_CLIENT                = 0x200007780000003
+	CAP_SOCK_SERVER                = 0x200007f60000003
+	CAP_SYMLINKAT                  = 0x200000008000400
+	CAP_TTYHOOK                    = 0x400000000000100
+	CAP_UNLINKAT                   = 0x200000010000400
+	CAP_UNUSED0_44                 = 0x200080000000000
+	CAP_UNUSED0_57                 = 0x300000000000000
+	CAP_UNUSED1_22                 = 0x400000000200000
+	CAP_UNUSED1_57                 = 0x500000000000000
+	CAP_WRITE                      = 0x200000000000002
+	CFLUSH                         = 0xf
+	CLOCAL                         = 0x8000
+	CLOCK_MONOTONIC                = 0x4
+	CLOCK_MONOTONIC_FAST           = 0xc
+	CLOCK_MONOTONIC_PRECISE        = 0xb
+	CLOCK_PROCESS_CPUTIME_ID       = 0xf
+	CLOCK_PROF                     = 0x2
+	CLOCK_REALTIME                 = 0x0
+	CLOCK_REALTIME_FAST            = 0xa
+	CLOCK_REALTIME_PRECISE         = 0x9
+	CLOCK_SECOND                   = 0xd
+	CLOCK_THREAD_CPUTIME_ID        = 0xe
+	CLOCK_UPTIME                   = 0x5
+	CLOCK_UPTIME_FAST              = 0x8
+	CLOCK_UPTIME_PRECISE           = 0x7
+	CLOCK_VIRTUAL                  = 0x1
+	CPUSTATES                      = 0x5
+	CP_IDLE                        = 0x4
+	CP_INTR                        = 0x3
+	CP_NICE                        = 0x1
+	CP_SYS                         = 0x2
+	CP_USER                        = 0x0
+	CREAD                          = 0x800
+	CRTSCTS                        = 0x30000
+	CS5                            = 0x0
+	CS6                            = 0x100
+	CS7                            = 0x200
+	CS8                            = 0x300
+	CSIZE                          = 0x300
+	CSTART                         = 0x11
+	CSTATUS                        = 0x14
+	CSTOP                          = 0x13
+	CSTOPB                         = 0x400
+	CSUSP                          = 0x1a
+	CTL_HW                         = 0x6
+	CTL_KERN                       = 0x1
+	CTL_MAXNAME                    = 0x18
+	CTL_NET                        = 0x4
+	DIOCGATTR                      = 0xc148648e
+	DIOCGDELETE                    = 0x80106488
+	DIOCGFLUSH                     = 0x20006487
+	DIOCGFRONTSTUFF                = 0x40086486
+	DIOCGFWHEADS                   = 0x40046483
+	DIOCGFWSECTORS                 = 0x40046482
+	DIOCGIDENT                     = 0x41006489
+	DIOCGMEDIASIZE                 = 0x40086481
+	DIOCGPHYSPATH                  = 0x4400648d
+	DIOCGPROVIDERNAME              = 0x4400648a
+	DIOCGSECTORSIZE                = 0x40046480
+	DIOCGSTRIPEOFFSET              = 0x4008648c
+	DIOCGSTRIPESIZE                = 0x4008648b
+	DIOCSKERNELDUMP                = 0x80506490
+	DIOCSKERNELDUMP_FREEBSD11      = 0x80046485
+	DIOCZONECMD                    = 0xc080648f
+	DLT_A429                       = 0xb8
+	DLT_A653_ICM                   = 0xb9
+	DLT_AIRONET_HEADER             = 0x78
+	DLT_AOS                        = 0xde
+	DLT_APPLE_IP_OVER_IEEE1394     = 0x8a
+	DLT_ARCNET                     = 0x7
+	DLT_ARCNET_LINUX               = 0x81
+	DLT_ATM_CLIP                   = 0x13
+	DLT_ATM_RFC1483                = 0xb
+	DLT_AURORA                     = 0x7e
+	DLT_AX25                       = 0x3
+	DLT_AX25_KISS                  = 0xca
+	DLT_BACNET_MS_TP               = 0xa5
+	DLT_BLUETOOTH_BREDR_BB         = 0xff
+	DLT_BLUETOOTH_HCI_H4           = 0xbb
+	DLT_BLUETOOTH_HCI_H4_WITH_PHDR = 0xc9
+	DLT_BLUETOOTH_LE_LL            = 0xfb
+	DLT_BLUETOOTH_LE_LL_WITH_PHDR  = 0x100
+	DLT_BLUETOOTH_LINUX_MONITOR    = 0xfe
+	DLT_CAN20B                     = 0xbe
+	DLT_CAN_SOCKETCAN              = 0xe3
+	DLT_CHAOS                      = 0x5
+	DLT_CHDLC                      = 0x68
+	DLT_CISCO_IOS                  = 0x76
+	DLT_CLASS_NETBSD_RAWAF         = 0x2240000
+	DLT_C_HDLC                     = 0x68
+	DLT_C_HDLC_WITH_DIR            = 0xcd
+	DLT_DBUS                       = 0xe7
+	DLT_DECT                       = 0xdd
+	DLT_DISPLAYPORT_AUX            = 0x113
+	DLT_DOCSIS                     = 0x8f
+	DLT_DOCSIS31_XRA31             = 0x111
+	DLT_DVB_CI                     = 0xeb
+	DLT_ECONET                     = 0x73
+	DLT_EN10MB                     = 0x1
+	DLT_EN3MB                      = 0x2
+	DLT_ENC                        = 0x6d
+	DLT_EPON                       = 0x103
+	DLT_ERF                        = 0xc5
+	DLT_ERF_ETH                    = 0xaf
+	DLT_ERF_POS                    = 0xb0
+	DLT_ETHERNET_MPACKET           = 0x112
+	DLT_FC_2                       = 0xe0
+	DLT_FC_2_WITH_FRAME_DELIMS     = 0xe1
+	DLT_FDDI                       = 0xa
+	DLT_FLEXRAY                    = 0xd2
+	DLT_FRELAY                     = 0x6b
+	DLT_FRELAY_WITH_DIR            = 0xce
+	DLT_GCOM_SERIAL                = 0xad
+	DLT_GCOM_T1E1                  = 0xac
+	DLT_GPF_F                      = 0xab
+	DLT_GPF_T                      = 0xaa
+	DLT_GPRS_LLC                   = 0xa9
+	DLT_GSMTAP_ABIS                = 0xda
+	DLT_GSMTAP_UM                  = 0xd9
+	DLT_IBM_SN                     = 0x92
+	DLT_IBM_SP                     = 0x91
+	DLT_IEEE802                    = 0x6
+	DLT_IEEE802_11                 = 0x69
+	DLT_IEEE802_11_RADIO           = 0x7f
+	DLT_IEEE802_11_RADIO_AVS       = 0xa3
+	DLT_IEEE802_15_4               = 0xc3
+	DLT_IEEE802_15_4_LINUX         = 0xbf
+	DLT_IEEE802_15_4_NOFCS         = 0xe6
+	DLT_IEEE802_15_4_NONASK_PHY    = 0xd7
+	DLT_IEEE802_16_MAC_CPS         = 0xbc
+	DLT_IEEE802_16_MAC_CPS_RADIO   = 0xc1
+	DLT_INFINIBAND                 = 0xf7
+	DLT_IPFILTER                   = 0x74
+	DLT_IPMB                       = 0xc7
+	DLT_IPMB_LINUX                 = 0xd1
+	DLT_IPMI_HPM_2                 = 0x104
+	DLT_IPNET                      = 0xe2
+	DLT_IPOIB                      = 0xf2
+	DLT_IPV4                       = 0xe4
+	DLT_IPV6                       = 0xe5
+	DLT_IP_OVER_FC                 = 0x7a
+	DLT_ISO_14443                  = 0x108
+	DLT_JUNIPER_ATM1               = 0x89
+	DLT_JUNIPER_ATM2               = 0x87
+	DLT_JUNIPER_ATM_CEMIC          = 0xee
+	DLT_JUNIPER_CHDLC              = 0xb5
+	DLT_JUNIPER_ES                 = 0x84
+	DLT_JUNIPER_ETHER              = 0xb2
+	DLT_JUNIPER_FIBRECHANNEL       = 0xea
+	DLT_JUNIPER_FRELAY             = 0xb4
+	DLT_JUNIPER_GGSN               = 0x85
+	DLT_JUNIPER_ISM                = 0xc2
+	DLT_JUNIPER_MFR                = 0x86
+	DLT_JUNIPER_MLFR               = 0x83
+	DLT_JUNIPER_MLPPP              = 0x82
+	DLT_JUNIPER_MONITOR            = 0xa4
+	DLT_JUNIPER_PIC_PEER           = 0xae
+	DLT_JUNIPER_PPP                = 0xb3
+	DLT_JUNIPER_PPPOE              = 0xa7
+	DLT_JUNIPER_PPPOE_ATM          = 0xa8
+	DLT_JUNIPER_SERVICES           = 0x88
+	DLT_JUNIPER_SRX_E2E            = 0xe9
+	DLT_JUNIPER_ST                 = 0xc8
+	DLT_JUNIPER_VP                 = 0xb7
+	DLT_JUNIPER_VS                 = 0xe8
+	DLT_LAPB_WITH_DIR              = 0xcf
+	DLT_LAPD                       = 0xcb
+	DLT_LIN                        = 0xd4
+	DLT_LINUX_EVDEV                = 0xd8
+	DLT_LINUX_IRDA                 = 0x90
+	DLT_LINUX_LAPD                 = 0xb1
+	DLT_LINUX_PPP_WITHDIRECTION    = 0xa6
+	DLT_LINUX_SLL                  = 0x71
+	DLT_LOOP                       = 0x6c
+	DLT_LORATAP                    = 0x10e
+	DLT_LTALK                      = 0x72
+	DLT_MATCHING_MAX               = 0x113
+	DLT_MATCHING_MIN               = 0x68
+	DLT_MFR                        = 0xb6
+	DLT_MOST                       = 0xd3
+	DLT_MPEG_2_TS                  = 0xf3
+	DLT_MPLS                       = 0xdb
+	DLT_MTP2                       = 0x8c
+	DLT_MTP2_WITH_PHDR             = 0x8b
+	DLT_MTP3                       = 0x8d
+	DLT_MUX27010                   = 0xec
+	DLT_NETANALYZER                = 0xf0
+	DLT_NETANALYZER_TRANSPARENT    = 0xf1
+	DLT_NETLINK                    = 0xfd
+	DLT_NFC_LLCP                   = 0xf5
+	DLT_NFLOG                      = 0xef
+	DLT_NG40                       = 0xf4
+	DLT_NORDIC_BLE                 = 0x110
+	DLT_NULL                       = 0x0
+	DLT_OPENFLOW                   = 0x10b
+	DLT_PCI_EXP                    = 0x7d
+	DLT_PFLOG                      = 0x75
+	DLT_PFSYNC                     = 0x79
+	DLT_PKTAP                      = 0x102
+	DLT_PPI                        = 0xc0
+	DLT_PPP                        = 0x9
+	DLT_PPP_BSDOS                  = 0xe
+	DLT_PPP_ETHER                  = 0x33
+	DLT_PPP_PPPD                   = 0xa6
+	DLT_PPP_SERIAL                 = 0x32
+	DLT_PPP_WITH_DIR               = 0xcc
+	DLT_PPP_WITH_DIRECTION         = 0xa6
+	DLT_PRISM_HEADER               = 0x77
+	DLT_PROFIBUS_DL                = 0x101
+	DLT_PRONET                     = 0x4
+	DLT_RAIF1                      = 0xc6
+	DLT_RAW                        = 0xc
+	DLT_RDS                        = 0x109
+	DLT_REDBACK_SMARTEDGE          = 0x20
+	DLT_RIO                        = 0x7c
+	DLT_RTAC_SERIAL                = 0xfa
+	DLT_SCCP                       = 0x8e
+	DLT_SCTP                       = 0xf8
+	DLT_SDLC                       = 0x10c
+	DLT_SITA                       = 0xc4
+	DLT_SLIP                       = 0x8
+	DLT_SLIP_BSDOS                 = 0xd
+	DLT_STANAG_5066_D_PDU          = 0xed
+	DLT_SUNATM                     = 0x7b
+	DLT_SYMANTEC_FIREWALL          = 0x63
+	DLT_TI_LLN_SNIFFER             = 0x10d
+	DLT_TZSP                       = 0x80
+	DLT_USB                        = 0xba
+	DLT_USBPCAP                    = 0xf9
+	DLT_USB_DARWIN                 = 0x10a
+	DLT_USB_FREEBSD                = 0xba
+	DLT_USB_LINUX                  = 0xbd
+	DLT_USB_LINUX_MMAPPED          = 0xdc
+	DLT_USER0                      = 0x93
+	DLT_USER1                      = 0x94
+	DLT_USER10                     = 0x9d
+	DLT_USER11                     = 0x9e
+	DLT_USER12                     = 0x9f
+	DLT_USER13                     = 0xa0
+	DLT_USER14                     = 0xa1
+	DLT_USER15                     = 0xa2
+	DLT_USER2                      = 0x95
+	DLT_USER3                      = 0x96
+	DLT_USER4                      = 0x97
+	DLT_USER5                      = 0x98
+	DLT_USER6                      = 0x99
+	DLT_USER7                      = 0x9a
+	DLT_USER8                      = 0x9b
+	DLT_USER9                      = 0x9c
+	DLT_VSOCK                      = 0x10f
+	DLT_WATTSTOPPER_DLM            = 0x107
+	DLT_WIHART                     = 0xdf
+	DLT_WIRESHARK_UPPER_PDU        = 0xfc
+	DLT_X2E_SERIAL                 = 0xd5
+	DLT_X2E_XORAYA                 = 0xd6
+	DLT_ZWAVE_R1_R2                = 0x105
+	DLT_ZWAVE_R3                   = 0x106
+	DT_BLK                         = 0x6
+	DT_CHR                         = 0x2
+	DT_DIR                         = 0x4
+	DT_FIFO                        = 0x1
+	DT_LNK                         = 0xa
+	DT_REG                         = 0x8
+	DT_SOCK                        = 0xc
+	DT_UNKNOWN                     = 0x0
+	DT_WHT                         = 0xe
+	ECHO                           = 0x8
+	ECHOCTL                        = 0x40
+	ECHOE                          = 0x2
+	ECHOK                          = 0x4
+	ECHOKE                         = 0x1
+	ECHONL                         = 0x10
+	ECHOPRT                        = 0x20
+	EVFILT_AIO                     = -0x3
+	EVFILT_EMPTY                   = -0xd
+	EVFILT_FS                      = -0x9
+	EVFILT_LIO                     = -0xa
+	EVFILT_PROC                    = -0x5
+	EVFILT_PROCDESC                = -0x8
+	EVFILT_READ                    = -0x1
+	EVFILT_SENDFILE                = -0xc
+	EVFILT_SIGNAL                  = -0x6
+	EVFILT_SYSCOUNT                = 0xd
+	EVFILT_TIMER                   = -0x7
+	EVFILT_USER                    = -0xb
+	EVFILT_VNODE                   = -0x4
+	EVFILT_WRITE                   = -0x2
+	EVNAMEMAP_NAME_SIZE            = 0x40
+	EV_ADD                         = 0x1
+	EV_CLEAR                       = 0x20
+	EV_DELETE                      = 0x2
+	EV_DISABLE                     = 0x8
+	EV_DISPATCH                    = 0x80
+	EV_DROP                        = 0x1000
+	EV_ENABLE                      = 0x4
+	EV_EOF                         = 0x8000
+	EV_ERROR                       = 0x4000
+	EV_FLAG1                       = 0x2000
+	EV_FLAG2                       = 0x4000
+	EV_FORCEONESHOT                = 0x100
+	EV_ONESHOT                     = 0x10
+	EV_RECEIPT                     = 0x40
+	EV_SYSFLAGS                    = 0xf000
+	EXTA                           = 0x4b00
+	EXTATTR_MAXNAMELEN             = 0xff
+	EXTATTR_NAMESPACE_EMPTY        = 0x0
+	EXTATTR_NAMESPACE_SYSTEM       = 0x2
+	EXTATTR_NAMESPACE_USER         = 0x1
+	EXTB                           = 0x9600
+	EXTPROC                        = 0x800
+	FD_CLOEXEC                     = 0x1
+	FD_SETSIZE                     = 0x400
+	FLUSHO                         = 0x800000
+	F_CANCEL                       = 0x5
+	F_DUP2FD                       = 0xa
+	F_DUP2FD_CLOEXEC               = 0x12
+	F_DUPFD                        = 0x0
+	F_DUPFD_CLOEXEC                = 0x11
+	F_GETFD                        = 0x1
+	F_GETFL                        = 0x3
+	F_GETLK                        = 0xb
+	F_GETOWN                       = 0x5
+	F_OGETLK                       = 0x7
+	F_OK                           = 0x0
+	F_OSETLK                       = 0x8
+	F_OSETLKW                      = 0x9
+	F_RDAHEAD                      = 0x10
+	F_RDLCK                        = 0x1
+	F_READAHEAD                    = 0xf
+	F_SETFD                        = 0x2
+	F_SETFL                        = 0x4
+	F_SETLK                        = 0xc
+	F_SETLKW                       = 0xd
+	F_SETLK_REMOTE                 = 0xe
+	F_SETOWN                       = 0x6
+	F_UNLCK                        = 0x2
+	F_UNLCKSYS                     = 0x4
+	F_WRLCK                        = 0x3
+	HUPCL                          = 0x4000
+	HW_MACHINE                     = 0x1
+	ICANON                         = 0x100
+	ICMP6_FILTER                   = 0x12
+	ICRNL                          = 0x100
+	IEXTEN                         = 0x400
+	IFAN_ARRIVAL                   = 0x0
+	IFAN_DEPARTURE                 = 0x1
+	IFCAP_WOL_MAGIC                = 0x2000
+	IFF_ALLMULTI                   = 0x200
+	IFF_ALTPHYS                    = 0x4000
+	IFF_BROADCAST                  = 0x2
+	IFF_CANTCHANGE                 = 0x218f52
+	IFF_CANTCONFIG                 = 0x10000
+	IFF_DEBUG                      = 0x4
+	IFF_DRV_OACTIVE                = 0x400
+	IFF_DRV_RUNNING                = 0x40
+	IFF_DYING                      = 0x200000
+	IFF_LINK0                      = 0x1000
+	IFF_LINK1                      = 0x2000
+	IFF_LINK2                      = 0x4000
+	IFF_LOOPBACK                   = 0x8
+	IFF_MONITOR                    = 0x40000
+	IFF_MULTICAST                  = 0x8000
+	IFF_NOARP                      = 0x80
+	IFF_NOGROUP                    = 0x800000
+	IFF_OACTIVE                    = 0x400
+	IFF_POINTOPOINT                = 0x10
+	IFF_PPROMISC                   = 0x20000
+	IFF_PROMISC                    = 0x100
+	IFF_RENAMING                   = 0x400000
+	IFF_RUNNING                    = 0x40
+	IFF_SIMPLEX                    = 0x800
+	IFF_STATICARP                  = 0x80000
+	IFF_UP                         = 0x1
+	IFNAMSIZ                       = 0x10
+	IFT_BRIDGE                     = 0xd1
+	IFT_CARP                       = 0xf8
+	IFT_IEEE1394                   = 0x90
+	IFT_INFINIBAND                 = 0xc7
+	IFT_L2VLAN                     = 0x87
+	IFT_L3IPVLAN                   = 0x88
+	IFT_PPP                        = 0x17
+	IFT_PROPVIRTUAL                = 0x35
+	IGNBRK                         = 0x1
+	IGNCR                          = 0x80
+	IGNPAR                         = 0x4
+	IMAXBEL                        = 0x2000
+	INLCR                          = 0x40
+	INPCK                          = 0x10
+	IN_CLASSA_HOST                 = 0xffffff
+	IN_CLASSA_MAX                  = 0x80
+	IN_CLASSA_NET                  = 0xff000000
+	IN_CLASSA_NSHIFT               = 0x18
+	IN_CLASSB_HOST                 = 0xffff
+	IN_CLASSB_MAX                  = 0x10000
+	IN_CLASSB_NET                  = 0xffff0000
+	IN_CLASSB_NSHIFT               = 0x10
+	IN_CLASSC_HOST                 = 0xff
+	IN_CLASSC_NET                  = 0xffffff00
+	IN_CLASSC_NSHIFT               = 0x8
+	IN_CLASSD_HOST                 = 0xfffffff
+	IN_CLASSD_NET                  = 0xf0000000
+	IN_CLASSD_NSHIFT               = 0x1c
+	IN_LOOPBACKNET                 = 0x7f
+	IN_RFC3021_MASK                = 0xfffffffe
+	IPPROTO_3PC                    = 0x22
+	IPPROTO_ADFS                   = 0x44
+	IPPROTO_AH                     = 0x33
+	IPPROTO_AHIP                   = 0x3d
+	IPPROTO_APES                   = 0x63
+	IPPROTO_ARGUS                  = 0xd
+	IPPROTO_AX25                   = 0x5d
+	IPPROTO_BHA                    = 0x31
+	IPPROTO_BLT                    = 0x1e
+	IPPROTO_BRSATMON               = 0x4c
+	IPPROTO_CARP                   = 0x70
+	IPPROTO_CFTP                   = 0x3e
+	IPPROTO_CHAOS                  = 0x10
+	IPPROTO_CMTP                   = 0x26
+	IPPROTO_CPHB                   = 0x49
+	IPPROTO_CPNX                   = 0x48
+	IPPROTO_DDP                    = 0x25
+	IPPROTO_DGP                    = 0x56
+	IPPROTO_DIVERT                 = 0x102
+	IPPROTO_DONE                   = 0x101
+	IPPROTO_DSTOPTS                = 0x3c
+	IPPROTO_EGP                    = 0x8
+	IPPROTO_EMCON                  = 0xe
+	IPPROTO_ENCAP                  = 0x62
+	IPPROTO_EON                    = 0x50
+	IPPROTO_ESP                    = 0x32
+	IPPROTO_ETHERIP                = 0x61
+	IPPROTO_FRAGMENT               = 0x2c
+	IPPROTO_GGP                    = 0x3
+	IPPROTO_GMTP                   = 0x64
+	IPPROTO_GRE                    = 0x2f
+	IPPROTO_HELLO                  = 0x3f
+	IPPROTO_HIP                    = 0x8b
+	IPPROTO_HMP                    = 0x14
+	IPPROTO_HOPOPTS                = 0x0
+	IPPROTO_ICMP                   = 0x1
+	IPPROTO_ICMPV6                 = 0x3a
+	IPPROTO_IDP                    = 0x16
+	IPPROTO_IDPR                   = 0x23
+	IPPROTO_IDRP                   = 0x2d
+	IPPROTO_IGMP                   = 0x2
+	IPPROTO_IGP                    = 0x55
+	IPPROTO_IGRP                   = 0x58
+	IPPROTO_IL                     = 0x28
+	IPPROTO_INLSP                  = 0x34
+	IPPROTO_INP                    = 0x20
+	IPPROTO_IP                     = 0x0
+	IPPROTO_IPCOMP                 = 0x6c
+	IPPROTO_IPCV                   = 0x47
+	IPPROTO_IPEIP                  = 0x5e
+	IPPROTO_IPIP                   = 0x4
+	IPPROTO_IPPC                   = 0x43
+	IPPROTO_IPV4                   = 0x4
+	IPPROTO_IPV6                   = 0x29
+	IPPROTO_IRTP                   = 0x1c
+	IPPROTO_KRYPTOLAN              = 0x41
+	IPPROTO_LARP                   = 0x5b
+	IPPROTO_LEAF1                  = 0x19
+	IPPROTO_LEAF2                  = 0x1a
+	IPPROTO_MAX                    = 0x100
+	IPPROTO_MEAS                   = 0x13
+	IPPROTO_MH                     = 0x87
+	IPPROTO_MHRP                   = 0x30
+	IPPROTO_MICP                   = 0x5f
+	IPPROTO_MOBILE                 = 0x37
+	IPPROTO_MPLS                   = 0x89
+	IPPROTO_MTP                    = 0x5c
+	IPPROTO_MUX                    = 0x12
+	IPPROTO_ND                     = 0x4d
+	IPPROTO_NHRP                   = 0x36
+	IPPROTO_NONE                   = 0x3b
+	IPPROTO_NSP                    = 0x1f
+	IPPROTO_NVPII                  = 0xb
+	IPPROTO_OLD_DIVERT             = 0xfe
+	IPPROTO_OSPFIGP                = 0x59
+	IPPROTO_PFSYNC                 = 0xf0
+	IPPROTO_PGM                    = 0x71
+	IPPROTO_PIGP                   = 0x9
+	IPPROTO_PIM                    = 0x67
+	IPPROTO_PRM                    = 0x15
+	IPPROTO_PUP                    = 0xc
+	IPPROTO_PVP                    = 0x4b
+	IPPROTO_RAW                    = 0xff
+	IPPROTO_RCCMON                 = 0xa
+	IPPROTO_RDP                    = 0x1b
+	IPPROTO_RESERVED_253           = 0xfd
+	IPPROTO_RESERVED_254           = 0xfe
+	IPPROTO_ROUTING                = 0x2b
+	IPPROTO_RSVP                   = 0x2e
+	IPPROTO_RVD                    = 0x42
+	IPPROTO_SATEXPAK               = 0x40
+	IPPROTO_SATMON                 = 0x45
+	IPPROTO_SCCSP                  = 0x60
+	IPPROTO_SCTP                   = 0x84
+	IPPROTO_SDRP                   = 0x2a
+	IPPROTO_SEND                   = 0x103
+	IPPROTO_SEP                    = 0x21
+	IPPROTO_SHIM6                  = 0x8c
+	IPPROTO_SKIP                   = 0x39
+	IPPROTO_SPACER                 = 0x7fff
+	IPPROTO_SRPC                   = 0x5a
+	IPPROTO_ST                     = 0x7
+	IPPROTO_SVMTP                  = 0x52
+	IPPROTO_SWIPE                  = 0x35
+	IPPROTO_TCF                    = 0x57
+	IPPROTO_TCP                    = 0x6
+	IPPROTO_TLSP                   = 0x38
+	IPPROTO_TP                     = 0x1d
+	IPPROTO_TPXX                   = 0x27
+	IPPROTO_TRUNK1                 = 0x17
+	IPPROTO_TRUNK2                 = 0x18
+	IPPROTO_TTP                    = 0x54
+	IPPROTO_UDP                    = 0x11
+	IPPROTO_UDPLITE                = 0x88
+	IPPROTO_VINES                  = 0x53
+	IPPROTO_VISA                   = 0x46
+	IPPROTO_VMTP                   = 0x51
+	IPPROTO_WBEXPAK                = 0x4f
+	IPPROTO_WBMON                  = 0x4e
+	IPPROTO_WSN                    = 0x4a
+	IPPROTO_XNET                   = 0xf
+	IPPROTO_XTP                    = 0x24
+	IPV6_AUTOFLOWLABEL             = 0x3b
+	IPV6_BINDANY                   = 0x40
+	IPV6_BINDMULTI                 = 0x41
+	IPV6_BINDV6ONLY                = 0x1b
+	IPV6_CHECKSUM                  = 0x1a
+	IPV6_DEFAULT_MULTICAST_HOPS    = 0x1
+	IPV6_DEFAULT_MULTICAST_LOOP    = 0x1
+	IPV6_DEFHLIM                   = 0x40
+	IPV6_DONTFRAG                  = 0x3e
+	IPV6_DSTOPTS                   = 0x32
+	IPV6_FLOWID                    = 0x43
+	IPV6_FLOWINFO_MASK             = 0xffffff0f
+	IPV6_FLOWLABEL_LEN             = 0x14
+	IPV6_FLOWLABEL_MASK            = 0xffff0f00
+	IPV6_FLOWTYPE                  = 0x44
+	IPV6_FRAGTTL                   = 0x78
+	IPV6_FW_ADD                    = 0x1e
+	IPV6_FW_DEL                    = 0x1f
+	IPV6_FW_FLUSH                  = 0x20
+	IPV6_FW_GET                    = 0x22
+	IPV6_FW_ZERO                   = 0x21
+	IPV6_HLIMDEC                   = 0x1
+	IPV6_HOPLIMIT                  = 0x2f
+	IPV6_HOPOPTS                   = 0x31
+	IPV6_IPSEC_POLICY              = 0x1c
+	IPV6_JOIN_GROUP                = 0xc
+	IPV6_LEAVE_GROUP               = 0xd
+	IPV6_MAXHLIM                   = 0xff
+	IPV6_MAXOPTHDR                 = 0x800
+	IPV6_MAXPACKET                 = 0xffff
+	IPV6_MAX_GROUP_SRC_FILTER      = 0x200
+	IPV6_MAX_MEMBERSHIPS           = 0xfff
+	IPV6_MAX_SOCK_SRC_FILTER       = 0x80
+	IPV6_MMTU                      = 0x500
+	IPV6_MSFILTER                  = 0x4a
+	IPV6_MULTICAST_HOPS            = 0xa
+	IPV6_MULTICAST_IF              = 0x9
+	IPV6_MULTICAST_LOOP            = 0xb
+	IPV6_NEXTHOP                   = 0x30
+	IPV6_ORIGDSTADDR               = 0x48
+	IPV6_PATHMTU                   = 0x2c
+	IPV6_PKTINFO                   = 0x2e
+	IPV6_PORTRANGE                 = 0xe
+	IPV6_PORTRANGE_DEFAULT         = 0x0
+	IPV6_PORTRANGE_HIGH            = 0x1
+	IPV6_PORTRANGE_LOW             = 0x2
+	IPV6_PREFER_TEMPADDR           = 0x3f
+	IPV6_RECVDSTOPTS               = 0x28
+	IPV6_RECVFLOWID                = 0x46
+	IPV6_RECVHOPLIMIT              = 0x25
+	IPV6_RECVHOPOPTS               = 0x27
+	IPV6_RECVORIGDSTADDR           = 0x48
+	IPV6_RECVPATHMTU               = 0x2b
+	IPV6_RECVPKTINFO               = 0x24
+	IPV6_RECVRSSBUCKETID           = 0x47
+	IPV6_RECVRTHDR                 = 0x26
+	IPV6_RECVTCLASS                = 0x39
+	IPV6_RSSBUCKETID               = 0x45
+	IPV6_RSS_LISTEN_BUCKET         = 0x42
+	IPV6_RTHDR                     = 0x33
+	IPV6_RTHDRDSTOPTS              = 0x23
+	IPV6_RTHDR_LOOSE               = 0x0
+	IPV6_RTHDR_STRICT              = 0x1
+	IPV6_RTHDR_TYPE_0              = 0x0
+	IPV6_SOCKOPT_RESERVED1         = 0x3
+	IPV6_TCLASS                    = 0x3d
+	IPV6_UNICAST_HOPS              = 0x4
+	IPV6_USE_MIN_MTU               = 0x2a
+	IPV6_V6ONLY                    = 0x1b
+	IPV6_VERSION                   = 0x60
+	IPV6_VERSION_MASK              = 0xf0
+	IP_ADD_MEMBERSHIP              = 0xc
+	IP_ADD_SOURCE_MEMBERSHIP       = 0x46
+	IP_BINDANY                     = 0x18
+	IP_BINDMULTI                   = 0x19
+	IP_BLOCK_SOURCE                = 0x48
+	IP_DEFAULT_MULTICAST_LOOP      = 0x1
+	IP_DEFAULT_MULTICAST_TTL       = 0x1
+	IP_DF                          = 0x4000
+	IP_DONTFRAG                    = 0x43
+	IP_DROP_MEMBERSHIP             = 0xd
+	IP_DROP_SOURCE_MEMBERSHIP      = 0x47
+	IP_DUMMYNET3                   = 0x31
+	IP_DUMMYNET_CONFIGURE          = 0x3c
+	IP_DUMMYNET_DEL                = 0x3d
+	IP_DUMMYNET_FLUSH              = 0x3e
+	IP_DUMMYNET_GET                = 0x40
+	IP_FLOWID                      = 0x5a
+	IP_FLOWTYPE                    = 0x5b
+	IP_FW3                         = 0x30
+	IP_FW_ADD                      = 0x32
+	IP_FW_DEL                      = 0x33
+	IP_FW_FLUSH                    = 0x34
+	IP_FW_GET                      = 0x36
+	IP_FW_NAT_CFG                  = 0x38
+	IP_FW_NAT_DEL                  = 0x39
+	IP_FW_NAT_GET_CONFIG           = 0x3a
+	IP_FW_NAT_GET_LOG              = 0x3b
+	IP_FW_RESETLOG                 = 0x37
+	IP_FW_TABLE_ADD                = 0x28
+	IP_FW_TABLE_DEL                = 0x29
+	IP_FW_TABLE_FLUSH              = 0x2a
+	IP_FW_TABLE_GETSIZE            = 0x2b
+	IP_FW_TABLE_LIST               = 0x2c
+	IP_FW_ZERO                     = 0x35
+	IP_HDRINCL                     = 0x2
+	IP_IPSEC_POLICY                = 0x15
+	IP_MAXPACKET                   = 0xffff
+	IP_MAX_GROUP_SRC_FILTER        = 0x200
+	IP_MAX_MEMBERSHIPS             = 0xfff
+	IP_MAX_SOCK_MUTE_FILTER        = 0x80
+	IP_MAX_SOCK_SRC_FILTER         = 0x80
+	IP_MF                          = 0x2000
+	IP_MINTTL                      = 0x42
+	IP_MSFILTER                    = 0x4a
+	IP_MSS                         = 0x240
+	IP_MULTICAST_IF                = 0x9
+	IP_MULTICAST_LOOP              = 0xb
+	IP_MULTICAST_TTL               = 0xa
+	IP_MULTICAST_VIF               = 0xe
+	IP_OFFMASK                     = 0x1fff
+	IP_ONESBCAST                   = 0x17
+	IP_OPTIONS                     = 0x1
+	IP_ORIGDSTADDR                 = 0x1b
+	IP_PORTRANGE                   = 0x13
+	IP_PORTRANGE_DEFAULT           = 0x0
+	IP_PORTRANGE_HIGH              = 0x1
+	IP_PORTRANGE_LOW               = 0x2
+	IP_RECVDSTADDR                 = 0x7
+	IP_RECVFLOWID                  = 0x5d
+	IP_RECVIF                      = 0x14
+	IP_RECVOPTS                    = 0x5
+	IP_RECVORIGDSTADDR             = 0x1b
+	IP_RECVRETOPTS                 = 0x6
+	IP_RECVRSSBUCKETID             = 0x5e
+	IP_RECVTOS                     = 0x44
+	IP_RECVTTL                     = 0x41
+	IP_RETOPTS                     = 0x8
+	IP_RF                          = 0x8000
+	IP_RSSBUCKETID                 = 0x5c
+	IP_RSS_LISTEN_BUCKET           = 0x1a
+	IP_RSVP_OFF                    = 0x10
+	IP_RSVP_ON                     = 0xf
+	IP_RSVP_VIF_OFF                = 0x12
+	IP_RSVP_VIF_ON                 = 0x11
+	IP_SENDSRCADDR                 = 0x7
+	IP_TOS                         = 0x3
+	IP_TTL                         = 0x4
+	IP_UNBLOCK_SOURCE              = 0x49
+	ISIG                           = 0x80
+	ISTRIP                         = 0x20
+	IXANY                          = 0x800
+	IXOFF                          = 0x400
+	IXON                           = 0x200
+	KERN_HOSTNAME                  = 0xa
+	KERN_OSRELEASE                 = 0x2
+	KERN_OSTYPE                    = 0x1
+	KERN_VERSION                   = 0x4
+	LOCK_EX                        = 0x2
+	LOCK_NB                        = 0x4
+	LOCK_SH                        = 0x1
+	LOCK_UN                        = 0x8
+	MADV_AUTOSYNC                  = 0x7
+	MADV_CORE                      = 0x9
+	MADV_DONTNEED                  = 0x4
+	MADV_FREE                      = 0x5
+	MADV_NOCORE                    = 0x8
+	MADV_NORMAL                    = 0x0
+	MADV_NOSYNC                    = 0x6
+	MADV_PROTECT                   = 0xa
+	MADV_RANDOM                    = 0x1
+	MADV_SEQUENTIAL                = 0x2
+	MADV_WILLNEED                  = 0x3
+	MAP_32BIT                      = 0x80000
+	MAP_ALIGNED_SUPER              = 0x1000000
+	MAP_ALIGNMENT_MASK             = -0x1000000
+	MAP_ALIGNMENT_SHIFT            = 0x18
+	MAP_ANON                       = 0x1000
+	MAP_ANONYMOUS                  = 0x1000
+	MAP_COPY                       = 0x2
+	MAP_EXCL                       = 0x4000
+	MAP_FILE                       = 0x0
+	MAP_FIXED                      = 0x10
+	MAP_GUARD                      = 0x2000
+	MAP_HASSEMAPHORE               = 0x200
+	MAP_NOCORE                     = 0x20000
+	MAP_NOSYNC                     = 0x800
+	MAP_PREFAULT_READ              = 0x40000
+	MAP_PRIVATE                    = 0x2
+	MAP_RESERVED0020               = 0x20
+	MAP_RESERVED0040               = 0x40
+	MAP_RESERVED0080               = 0x80
+	MAP_RESERVED0100               = 0x100
+	MAP_SHARED                     = 0x1
+	MAP_STACK                      = 0x400
+	MCAST_BLOCK_SOURCE             = 0x54
+	MCAST_EXCLUDE                  = 0x2
+	MCAST_INCLUDE                  = 0x1
+	MCAST_JOIN_GROUP               = 0x50
+	MCAST_JOIN_SOURCE_GROUP        = 0x52
+	MCAST_LEAVE_GROUP              = 0x51
+	MCAST_LEAVE_SOURCE_GROUP       = 0x53
+	MCAST_UNBLOCK_SOURCE           = 0x55
+	MCAST_UNDEFINED                = 0x0
+	MCL_CURRENT                    = 0x1
+	MCL_FUTURE                     = 0x2
+	MNT_ACLS                       = 0x8000000
+	MNT_ASYNC                      = 0x40
+	MNT_AUTOMOUNTED                = 0x200000000
+	MNT_BYFSID                     = 0x8000000
+	MNT_CMDFLAGS                   = 0xd0f0000
+	MNT_DEFEXPORTED                = 0x200
+	MNT_DELEXPORT                  = 0x20000
+	MNT_EXKERB                     = 0x800
+	MNT_EXPORTANON                 = 0x400
+	MNT_EXPORTED                   = 0x100
+	MNT_EXPUBLIC                   = 0x20000000
+	MNT_EXRDONLY                   = 0x80
+	MNT_FORCE                      = 0x80000
+	MNT_GJOURNAL                   = 0x2000000
+	MNT_IGNORE                     = 0x800000
+	MNT_LAZY                       = 0x3
+	MNT_LOCAL                      = 0x1000
+	MNT_MULTILABEL                 = 0x4000000
+	MNT_NFS4ACLS                   = 0x10
+	MNT_NOATIME                    = 0x10000000
+	MNT_NOCLUSTERR                 = 0x40000000
+	MNT_NOCLUSTERW                 = 0x80000000
+	MNT_NOEXEC                     = 0x4
+	MNT_NONBUSY                    = 0x4000000
+	MNT_NOSUID                     = 0x8
+	MNT_NOSYMFOLLOW                = 0x400000
+	MNT_NOWAIT                     = 0x2
+	MNT_QUOTA                      = 0x2000
+	MNT_RDONLY                     = 0x1
+	MNT_RELOAD                     = 0x40000
+	MNT_ROOTFS                     = 0x4000
+	MNT_SNAPSHOT                   = 0x1000000
+	MNT_SOFTDEP                    = 0x200000
+	MNT_SUIDDIR                    = 0x100000
+	MNT_SUJ                        = 0x100000000
+	MNT_SUSPEND                    = 0x4
+	MNT_SYNCHRONOUS                = 0x2
+	MNT_UNION                      = 0x20
+	MNT_UNTRUSTED                  = 0x800000000
+	MNT_UPDATE                     = 0x10000
+	MNT_UPDATEMASK                 = 0xad8d0807e
+	MNT_USER                       = 0x8000
+	MNT_VERIFIED                   = 0x400000000
+	MNT_VISFLAGMASK                = 0xffef0ffff
+	MNT_WAIT                       = 0x1
+	MSG_CMSG_CLOEXEC               = 0x40000
+	MSG_COMPAT                     = 0x8000
+	MSG_CTRUNC                     = 0x20
+	MSG_DONTROUTE                  = 0x4
+	MSG_DONTWAIT                   = 0x80
+	MSG_EOF                        = 0x100
+	MSG_EOR                        = 0x8
+	MSG_NBIO                       = 0x4000
+	MSG_NOSIGNAL                   = 0x20000
+	MSG_NOTIFICATION               = 0x2000
+	MSG_OOB                        = 0x1
+	MSG_PEEK                       = 0x2
+	MSG_TRUNC                      = 0x10
+	MSG_WAITALL                    = 0x40
+	MSG_WAITFORONE                 = 0x80000
+	MS_ASYNC                       = 0x1
+	MS_INVALIDATE                  = 0x2
+	MS_SYNC                        = 0x0
+	NAME_MAX                       = 0xff
+	NET_RT_DUMP                    = 0x1
+	NET_RT_FLAGS                   = 0x2
+	NET_RT_IFLIST                  = 0x3
+	NET_RT_IFLISTL                 = 0x5
+	NET_RT_IFMALIST                = 0x4
+	NFDBITS                        = 0x40
+	NOFLSH                         = 0x80000000
+	NOKERNINFO                     = 0x2000000
+	NOTE_ABSTIME                   = 0x10
+	NOTE_ATTRIB                    = 0x8
+	NOTE_CHILD                     = 0x4
+	NOTE_CLOSE                     = 0x100
+	NOTE_CLOSE_WRITE               = 0x200
+	NOTE_DELETE                    = 0x1
+	NOTE_EXEC                      = 0x20000000
+	NOTE_EXIT                      = 0x80000000
+	NOTE_EXTEND                    = 0x4
+	NOTE_FFAND                     = 0x40000000
+	NOTE_FFCOPY                    = 0xc0000000
+	NOTE_FFCTRLMASK                = 0xc0000000
+	NOTE_FFLAGSMASK                = 0xffffff
+	NOTE_FFNOP                     = 0x0
+	NOTE_FFOR                      = 0x80000000
+	NOTE_FILE_POLL                 = 0x2
+	NOTE_FORK                      = 0x40000000
+	NOTE_LINK                      = 0x10
+	NOTE_LOWAT                     = 0x1
+	NOTE_MSECONDS                  = 0x2
+	NOTE_NSECONDS                  = 0x8
+	NOTE_OPEN                      = 0x80
+	NOTE_PCTRLMASK                 = 0xf0000000
+	NOTE_PDATAMASK                 = 0xfffff
+	NOTE_READ                      = 0x400
+	NOTE_RENAME                    = 0x20
+	NOTE_REVOKE                    = 0x40
+	NOTE_SECONDS                   = 0x1
+	NOTE_TRACK                     = 0x1
+	NOTE_TRACKERR                  = 0x2
+	NOTE_TRIGGER                   = 0x1000000
+	NOTE_USECONDS                  = 0x4
+	NOTE_WRITE                     = 0x2
+	OCRNL                          = 0x10
+	ONLCR                          = 0x2
+	ONLRET                         = 0x40
+	ONOCR                          = 0x20
+	ONOEOT                         = 0x8
+	OPOST                          = 0x1
+	OXTABS                         = 0x4
+	O_ACCMODE                      = 0x3
+	O_APPEND                       = 0x8
+	O_ASYNC                        = 0x40
+	O_CLOEXEC                      = 0x100000
+	O_CREAT                        = 0x200
+	O_DIRECT                       = 0x10000
+	O_DIRECTORY                    = 0x20000
+	O_EXCL                         = 0x800
+	O_EXEC                         = 0x40000
+	O_EXLOCK                       = 0x20
+	O_FSYNC                        = 0x80
+	O_NDELAY                       = 0x4
+	O_NOCTTY                       = 0x8000
+	O_NOFOLLOW                     = 0x100
+	O_NONBLOCK                     = 0x4
+	O_RDONLY                       = 0x0
+	O_RDWR                         = 0x2
+	O_SHLOCK                       = 0x10
+	O_SYNC                         = 0x80
+	O_TRUNC                        = 0x400
+	O_TTY_INIT                     = 0x80000
+	O_VERIFY                       = 0x200000
+	O_WRONLY                       = 0x1
+	PARENB                         = 0x1000
+	PARMRK                         = 0x8
+	PARODD                         = 0x2000
+	PENDIN                         = 0x20000000
+	PRIO_PGRP                      = 0x1
+	PRIO_PROCESS                   = 0x0
+	PRIO_USER                      = 0x2
+	PROT_EXEC                      = 0x4
+	PROT_NONE                      = 0x0
+	PROT_READ                      = 0x1
+	PROT_WRITE                     = 0x2
+	RLIMIT_AS                      = 0xa
+	RLIMIT_CORE                    = 0x4
+	RLIMIT_CPU                     = 0x0
+	RLIMIT_DATA                    = 0x2
+	RLIMIT_FSIZE                   = 0x1
+	RLIMIT_MEMLOCK                 = 0x6
+	RLIMIT_NOFILE                  = 0x8
+	RLIMIT_NPROC                   = 0x7
+	RLIMIT_RSS                     = 0x5
+	RLIMIT_STACK                   = 0x3
+	RLIM_INFINITY                  = 0x7fffffffffffffff
+	RTAX_AUTHOR                    = 0x6
+	RTAX_BRD                       = 0x7
+	RTAX_DST                       = 0x0
+	RTAX_GATEWAY                   = 0x1
+	RTAX_GENMASK                   = 0x3
+	RTAX_IFA                       = 0x5
+	RTAX_IFP                       = 0x4
+	RTAX_MAX                       = 0x8
+	RTAX_NETMASK                   = 0x2
+	RTA_AUTHOR                     = 0x40
+	RTA_BRD                        = 0x80
+	RTA_DST                        = 0x1
+	RTA_GATEWAY                    = 0x2
+	RTA_GENMASK                    = 0x8
+	RTA_IFA                        = 0x20
+	RTA_IFP                        = 0x10
+	RTA_NETMASK                    = 0x4
+	RTF_BLACKHOLE                  = 0x1000
+	RTF_BROADCAST                  = 0x400000
+	RTF_DONE                       = 0x40
+	RTF_DYNAMIC                    = 0x10
+	RTF_FIXEDMTU                   = 0x80000
+	RTF_FMASK                      = 0x1004d808
+	RTF_GATEWAY                    = 0x2
+	RTF_GWFLAG_COMPAT              = 0x80000000
+	RTF_HOST                       = 0x4
+	RTF_LLDATA                     = 0x400
+	RTF_LLINFO                     = 0x400
+	RTF_LOCAL                      = 0x200000
+	RTF_MODIFIED                   = 0x20
+	RTF_MULTICAST                  = 0x800000
+	RTF_PINNED                     = 0x100000
+	RTF_PROTO1                     = 0x8000
+	RTF_PROTO2                     = 0x4000
+	RTF_PROTO3                     = 0x40000
+	RTF_REJECT                     = 0x8
+	RTF_RNH_LOCKED                 = 0x40000000
+	RTF_STATIC                     = 0x800
+	RTF_STICKY                     = 0x10000000
+	RTF_UP                         = 0x1
+	RTF_XRESOLVE                   = 0x200
+	RTM_ADD                        = 0x1
+	RTM_CHANGE                     = 0x3
+	RTM_DELADDR                    = 0xd
+	RTM_DELETE                     = 0x2
+	RTM_DELMADDR                   = 0x10
+	RTM_GET                        = 0x4
+	RTM_IEEE80211                  = 0x12
+	RTM_IFANNOUNCE                 = 0x11
+	RTM_IFINFO                     = 0xe
+	RTM_LOCK                       = 0x8
+	RTM_LOSING                     = 0x5
+	RTM_MISS                       = 0x7
+	RTM_NEWADDR                    = 0xc
+	RTM_NEWMADDR                   = 0xf
+	RTM_REDIRECT                   = 0x6
+	RTM_RESOLVE                    = 0xb
+	RTM_RTTUNIT                    = 0xf4240
+	RTM_VERSION                    = 0x5
+	RTV_EXPIRE                     = 0x4
+	RTV_HOPCOUNT                   = 0x2
+	RTV_MTU                        = 0x1
+	RTV_RPIPE                      = 0x8
+	RTV_RTT                        = 0x40
+	RTV_RTTVAR                     = 0x80
+	RTV_SPIPE                      = 0x10
+	RTV_SSTHRESH                   = 0x20
+	RTV_WEIGHT                     = 0x100
+	RT_ALL_FIBS                    = -0x1
+	RT_BLACKHOLE                   = 0x40
+	RT_DEFAULT_FIB                 = 0x0
+	RT_HAS_GW                      = 0x80
+	RT_HAS_HEADER                  = 0x10
+	RT_HAS_HEADER_BIT              = 0x4
+	RT_L2_ME                       = 0x4
+	RT_L2_ME_BIT                   = 0x2
+	RT_LLE_CACHE                   = 0x100
+	RT_MAY_LOOP                    = 0x8
+	RT_MAY_LOOP_BIT                = 0x3
+	RT_REJECT                      = 0x20
+	RUSAGE_CHILDREN                = -0x1
+	RUSAGE_SELF                    = 0x0
+	RUSAGE_THREAD                  = 0x1
+	SCM_BINTIME                    = 0x4
+	SCM_CREDS                      = 0x3
+	SCM_MONOTONIC                  = 0x6
+	SCM_REALTIME                   = 0x5
+	SCM_RIGHTS                     = 0x1
+	SCM_TIMESTAMP                  = 0x2
+	SCM_TIME_INFO                  = 0x7
+	SHUT_RD                        = 0x0
+	SHUT_RDWR                      = 0x2
+	SHUT_WR                        = 0x1
+	SIOCADDMULTI                   = 0x80206931
+	SIOCAIFADDR                    = 0x8040691a
+	SIOCAIFGROUP                   = 0x80286987
+	SIOCATMARK                     = 0x40047307
+	SIOCDELMULTI                   = 0x80206932
+	SIOCDIFADDR                    = 0x80206919
+	SIOCDIFGROUP                   = 0x80286989
+	SIOCDIFPHYADDR                 = 0x80206949
+	SIOCGDRVSPEC                   = 0xc028697b
+	SIOCGETSGCNT                   = 0xc0207210
+	SIOCGETVIFCNT                  = 0xc028720f
+	SIOCGHIWAT                     = 0x40047301
+	SIOCGHWADDR                    = 0xc020693e
+	SIOCGI2C                       = 0xc020693d
+	SIOCGIFADDR                    = 0xc0206921
+	SIOCGIFBRDADDR                 = 0xc0206923
+	SIOCGIFCAP                     = 0xc020691f
+	SIOCGIFCONF                    = 0xc0106924
+	SIOCGIFDESCR                   = 0xc020692a
+	SIOCGIFDSTADDR                 = 0xc0206922
+	SIOCGIFFIB                     = 0xc020695c
+	SIOCGIFFLAGS                   = 0xc0206911
+	SIOCGIFGENERIC                 = 0xc020693a
+	SIOCGIFGMEMB                   = 0xc028698a
+	SIOCGIFGROUP                   = 0xc0286988
+	SIOCGIFINDEX                   = 0xc0206920
+	SIOCGIFMAC                     = 0xc0206926
+	SIOCGIFMEDIA                   = 0xc0306938
+	SIOCGIFMETRIC                  = 0xc0206917
+	SIOCGIFMTU                     = 0xc0206933
+	SIOCGIFNETMASK                 = 0xc0206925
+	SIOCGIFPDSTADDR                = 0xc0206948
+	SIOCGIFPHYS                    = 0xc0206935
+	SIOCGIFPSRCADDR                = 0xc0206947
+	SIOCGIFRSSHASH                 = 0xc0186997
+	SIOCGIFRSSKEY                  = 0xc0946996
+	SIOCGIFSTATUS                  = 0xc331693b
+	SIOCGIFXMEDIA                  = 0xc030698b
+	SIOCGLANPCP                    = 0xc0206998
+	SIOCGLOWAT                     = 0x40047303
+	SIOCGPGRP                      = 0x40047309
+	SIOCGPRIVATE_0                 = 0xc0206950
+	SIOCGPRIVATE_1                 = 0xc0206951
+	SIOCGTUNFIB                    = 0xc020695e
+	SIOCIFCREATE                   = 0xc020697a
+	SIOCIFCREATE2                  = 0xc020697c
+	SIOCIFDESTROY                  = 0x80206979
+	SIOCIFGCLONERS                 = 0xc0106978
+	SIOCSDRVSPEC                   = 0x8028697b
+	SIOCSHIWAT                     = 0x80047300
+	SIOCSIFADDR                    = 0x8020690c
+	SIOCSIFBRDADDR                 = 0x80206913
+	SIOCSIFCAP                     = 0x8020691e
+	SIOCSIFDESCR                   = 0x80206929
+	SIOCSIFDSTADDR                 = 0x8020690e
+	SIOCSIFFIB                     = 0x8020695d
+	SIOCSIFFLAGS                   = 0x80206910
+	SIOCSIFGENERIC                 = 0x80206939
+	SIOCSIFLLADDR                  = 0x8020693c
+	SIOCSIFMAC                     = 0x80206927
+	SIOCSIFMEDIA                   = 0xc0206937
+	SIOCSIFMETRIC                  = 0x80206918
+	SIOCSIFMTU                     = 0x80206934
+	SIOCSIFNAME                    = 0x80206928
+	SIOCSIFNETMASK                 = 0x80206916
+	SIOCSIFPHYADDR                 = 0x80406946
+	SIOCSIFPHYS                    = 0x80206936
+	SIOCSIFRVNET                   = 0xc020695b
+	SIOCSIFVNET                    = 0xc020695a
+	SIOCSLANPCP                    = 0x80206999
+	SIOCSLOWAT                     = 0x80047302
+	SIOCSPGRP                      = 0x80047308
+	SIOCSTUNFIB                    = 0x8020695f
+	SOCK_CLOEXEC                   = 0x10000000
+	SOCK_DGRAM                     = 0x2
+	SOCK_MAXADDRLEN                = 0xff
+	SOCK_NONBLOCK                  = 0x20000000
+	SOCK_RAW                       = 0x3
+	SOCK_RDM                       = 0x4
+	SOCK_SEQPACKET                 = 0x5
+	SOCK_STREAM                    = 0x1
+	SOL_SOCKET                     = 0xffff
+	SOMAXCONN                      = 0x80
+	SO_ACCEPTCONN                  = 0x2
+	SO_ACCEPTFILTER                = 0x1000
+	SO_BINTIME                     = 0x2000
+	SO_BROADCAST                   = 0x20
+	SO_DEBUG                       = 0x1
+	SO_DOMAIN                      = 0x1019
+	SO_DONTROUTE                   = 0x10
+	SO_ERROR                       = 0x1007
+	SO_KEEPALIVE                   = 0x8
+	SO_LABEL                       = 0x1009
+	SO_LINGER                      = 0x80
+	SO_LISTENINCQLEN               = 0x1013
+	SO_LISTENQLEN                  = 0x1012
+	SO_LISTENQLIMIT                = 0x1011
+	SO_MAX_PACING_RATE             = 0x1018
+	SO_NOSIGPIPE                   = 0x800
+	SO_NO_DDP                      = 0x8000
+	SO_NO_OFFLOAD                  = 0x4000
+	SO_OOBINLINE                   = 0x100
+	SO_PEERLABEL                   = 0x1010
+	SO_PROTOCOL                    = 0x1016
+	SO_PROTOTYPE                   = 0x1016
+	SO_RCVBUF                      = 0x1002
+	SO_RCVLOWAT                    = 0x1004
+	SO_RCVTIMEO                    = 0x1006
+	SO_REUSEADDR                   = 0x4
+	SO_REUSEPORT                   = 0x200
+	SO_REUSEPORT_LB                = 0x10000
+	SO_SETFIB                      = 0x1014
+	SO_SNDBUF                      = 0x1001
+	SO_SNDLOWAT                    = 0x1003
+	SO_SNDTIMEO                    = 0x1005
+	SO_TIMESTAMP                   = 0x400
+	SO_TS_BINTIME                  = 0x1
+	SO_TS_CLOCK                    = 0x1017
+	SO_TS_CLOCK_MAX                = 0x3
+	SO_TS_DEFAULT                  = 0x0
+	SO_TS_MONOTONIC                = 0x3
+	SO_TS_REALTIME                 = 0x2
+	SO_TS_REALTIME_MICRO           = 0x0
+	SO_TYPE                        = 0x1008
+	SO_USELOOPBACK                 = 0x40
+	SO_USER_COOKIE                 = 0x1015
+	SO_VENDOR                      = 0x80000000
+	S_BLKSIZE                      = 0x200
+	S_IEXEC                        = 0x40
+	S_IFBLK                        = 0x6000
+	S_IFCHR                        = 0x2000
+	S_IFDIR                        = 0x4000
+	S_IFIFO                        = 0x1000
+	S_IFLNK                        = 0xa000
+	S_IFMT                         = 0xf000
+	S_IFREG                        = 0x8000
+	S_IFSOCK                       = 0xc000
+	S_IFWHT                        = 0xe000
+	S_IREAD                        = 0x100
+	S_IRGRP                        = 0x20
+	S_IROTH                        = 0x4
+	S_IRUSR                        = 0x100
+	S_IRWXG                        = 0x38
+	S_IRWXO                        = 0x7
+	S_IRWXU                        = 0x1c0
+	S_ISGID                        = 0x400
+	S_ISTXT                        = 0x200
+	S_ISUID                        = 0x800
+	S_ISVTX                        = 0x200
+	S_IWGRP                        = 0x10
+	S_IWOTH                        = 0x2
+	S_IWRITE                       = 0x80
+	S_IWUSR                        = 0x80
+	S_IXGRP                        = 0x8
+	S_IXOTH                        = 0x1
+	S_IXUSR                        = 0x40
+	TAB0                           = 0x0
+	TAB3                           = 0x4
+	TABDLY                         = 0x4
+	TCIFLUSH                       = 0x1
+	TCIOFF                         = 0x3
+	TCIOFLUSH                      = 0x3
+	TCION                          = 0x4
+	TCOFLUSH                       = 0x2
+	TCOOFF                         = 0x1
+	TCOON                          = 0x2
+	TCP_BBR_ACK_COMP_ALG           = 0x448
+	TCP_BBR_DRAIN_INC_EXTRA        = 0x43c
+	TCP_BBR_DRAIN_PG               = 0x42e
+	TCP_BBR_EXTRA_GAIN             = 0x449
+	TCP_BBR_IWINTSO                = 0x42b
+	TCP_BBR_LOWGAIN_FD             = 0x436
+	TCP_BBR_LOWGAIN_HALF           = 0x435
+	TCP_BBR_LOWGAIN_THRESH         = 0x434
+	TCP_BBR_MAX_RTO                = 0x439
+	TCP_BBR_MIN_RTO                = 0x438
+	TCP_BBR_ONE_RETRAN             = 0x431
+	TCP_BBR_PACE_CROSS             = 0x442
+	TCP_BBR_PACE_DEL_TAR           = 0x43f
+	TCP_BBR_PACE_PER_SEC           = 0x43e
+	TCP_BBR_PACE_SEG_MAX           = 0x440
+	TCP_BBR_PACE_SEG_MIN           = 0x441
+	TCP_BBR_PROBE_RTT_GAIN         = 0x44d
+	TCP_BBR_PROBE_RTT_INT          = 0x430
+	TCP_BBR_PROBE_RTT_LEN          = 0x44e
+	TCP_BBR_RACK_RTT_USE           = 0x44a
+	TCP_BBR_RECFORCE               = 0x42c
+	TCP_BBR_REC_OVER_HPTS          = 0x43a
+	TCP_BBR_RETRAN_WTSO            = 0x44b
+	TCP_BBR_RWND_IS_APP            = 0x42f
+	TCP_BBR_STARTUP_EXIT_EPOCH     = 0x43d
+	TCP_BBR_STARTUP_LOSS_EXIT      = 0x432
+	TCP_BBR_STARTUP_PG             = 0x42d
+	TCP_BBR_UNLIMITED              = 0x43b
+	TCP_BBR_USEDEL_RATE            = 0x437
+	TCP_BBR_USE_LOWGAIN            = 0x433
+	TCP_CA_NAME_MAX                = 0x10
+	TCP_CCALGOOPT                  = 0x41
+	TCP_CONGESTION                 = 0x40
+	TCP_DATA_AFTER_CLOSE           = 0x44c
+	TCP_DELACK                     = 0x48
+	TCP_FASTOPEN                   = 0x401
+	TCP_FASTOPEN_MAX_COOKIE_LEN    = 0x10
+	TCP_FASTOPEN_MIN_COOKIE_LEN    = 0x4
+	TCP_FASTOPEN_PSK_LEN           = 0x10
+	TCP_FUNCTION_BLK               = 0x2000
+	TCP_FUNCTION_NAME_LEN_MAX      = 0x20
+	TCP_INFO                       = 0x20
+	TCP_KEEPCNT                    = 0x400
+	TCP_KEEPIDLE                   = 0x100
+	TCP_KEEPINIT                   = 0x80
+	TCP_KEEPINTVL                  = 0x200
+	TCP_LOG                        = 0x22
+	TCP_LOGBUF                     = 0x23
+	TCP_LOGDUMP                    = 0x25
+	TCP_LOGDUMPID                  = 0x26
+	TCP_LOGID                      = 0x24
+	TCP_LOG_ID_LEN                 = 0x40
+	TCP_MAXBURST                   = 0x4
+	TCP_MAXHLEN                    = 0x3c
+	TCP_MAXOLEN                    = 0x28
+	TCP_MAXSEG                     = 0x2
+	TCP_MAXWIN                     = 0xffff
+	TCP_MAX_SACK                   = 0x4
+	TCP_MAX_WINSHIFT               = 0xe
+	TCP_MD5SIG                     = 0x10
+	TCP_MINMSS                     = 0xd8
+	TCP_MSS                        = 0x218
+	TCP_NODELAY                    = 0x1
+	TCP_NOOPT                      = 0x8
+	TCP_NOPUSH                     = 0x4
+	TCP_PCAP_IN                    = 0x1000
+	TCP_PCAP_OUT                   = 0x800
+	TCP_RACK_EARLY_RECOV           = 0x423
+	TCP_RACK_EARLY_SEG             = 0x424
+	TCP_RACK_IDLE_REDUCE_HIGH      = 0x444
+	TCP_RACK_MIN_PACE              = 0x445
+	TCP_RACK_MIN_PACE_SEG          = 0x446
+	TCP_RACK_MIN_TO                = 0x422
+	TCP_RACK_PACE_ALWAYS           = 0x41f
+	TCP_RACK_PACE_MAX_SEG          = 0x41e
+	TCP_RACK_PACE_REDUCE           = 0x41d
+	TCP_RACK_PKT_DELAY             = 0x428
+	TCP_RACK_PROP                  = 0x41b
+	TCP_RACK_PROP_RATE             = 0x420
+	TCP_RACK_PRR_SENDALOT          = 0x421
+	TCP_RACK_REORD_FADE            = 0x426
+	TCP_RACK_REORD_THRESH          = 0x425
+	TCP_RACK_SESS_CWV              = 0x42a
+	TCP_RACK_TLP_INC_VAR           = 0x429
+	TCP_RACK_TLP_REDUCE            = 0x41c
+	TCP_RACK_TLP_THRESH            = 0x427
+	TCP_RACK_TLP_USE               = 0x447
+	TCP_VENDOR                     = 0x80000000
+	TCSAFLUSH                      = 0x2
+	TIMER_ABSTIME                  = 0x1
+	TIMER_RELTIME                  = 0x0
+	TIOCCBRK                       = 0x2000747a
+	TIOCCDTR                       = 0x20007478
+	TIOCCONS                       = 0x80047462
+	TIOCDRAIN                      = 0x2000745e
+	TIOCEXCL                       = 0x2000740d
+	TIOCEXT                        = 0x80047460
+	TIOCFLUSH                      = 0x80047410
+	TIOCGDRAINWAIT                 = 0x40047456
+	TIOCGETA                       = 0x402c7413
+	TIOCGETD                       = 0x4004741a
+	TIOCGPGRP                      = 0x40047477
+	TIOCGPTN                       = 0x4004740f
+	TIOCGSID                       = 0x40047463
+	TIOCGWINSZ                     = 0x40087468
+	TIOCMBIC                       = 0x8004746b
+	TIOCMBIS                       = 0x8004746c
+	TIOCMGDTRWAIT                  = 0x4004745a
+	TIOCMGET                       = 0x4004746a
+	TIOCMSDTRWAIT                  = 0x8004745b
+	TIOCMSET                       = 0x8004746d
+	TIOCM_CAR                      = 0x40
+	TIOCM_CD                       = 0x40
+	TIOCM_CTS                      = 0x20
+	TIOCM_DCD                      = 0x40
+	TIOCM_DSR                      = 0x100
+	TIOCM_DTR                      = 0x2
+	TIOCM_LE                       = 0x1
+	TIOCM_RI                       = 0x80
+	TIOCM_RNG                      = 0x80
+	TIOCM_RTS                      = 0x4
+	TIOCM_SR                       = 0x10
+	TIOCM_ST                       = 0x8
+	TIOCNOTTY                      = 0x20007471
+	TIOCNXCL                       = 0x2000740e
+	TIOCOUTQ                       = 0x40047473
+	TIOCPKT                        = 0x80047470
+	TIOCPKT_DATA                   = 0x0
+	TIOCPKT_DOSTOP                 = 0x20
+	TIOCPKT_FLUSHREAD              = 0x1
+	TIOCPKT_FLUSHWRITE             = 0x2
+	TIOCPKT_IOCTL                  = 0x40
+	TIOCPKT_NOSTOP                 = 0x10
+	TIOCPKT_START                  = 0x8
+	TIOCPKT_STOP                   = 0x4
+	TIOCPTMASTER                   = 0x2000741c
+	TIOCSBRK                       = 0x2000747b
+	TIOCSCTTY                      = 0x20007461
+	TIOCSDRAINWAIT                 = 0x80047457
+	TIOCSDTR                       = 0x20007479
+	TIOCSETA                       = 0x802c7414
+	TIOCSETAF                      = 0x802c7416
+	TIOCSETAW                      = 0x802c7415
+	TIOCSETD                       = 0x8004741b
+	TIOCSIG                        = 0x2004745f
+	TIOCSPGRP                      = 0x80047476
+	TIOCSTART                      = 0x2000746e
+	TIOCSTAT                       = 0x20007465
+	TIOCSTI                        = 0x80017472
+	TIOCSTOP                       = 0x2000746f
+	TIOCSWINSZ                     = 0x80087467
+	TIOCTIMESTAMP                  = 0x40107459
+	TIOCUCNTL                      = 0x80047466
+	TOSTOP                         = 0x400000
+	UTIME_NOW                      = -0x1
+	UTIME_OMIT                     = -0x2
+	VDISCARD                       = 0xf
+	VDSUSP                         = 0xb
+	VEOF                           = 0x0
+	VEOL                           = 0x1
+	VEOL2                          = 0x2
+	VERASE                         = 0x3
+	VERASE2                        = 0x7
+	VINTR                          = 0x8
+	VKILL                          = 0x5
+	VLNEXT                         = 0xe
+	VMIN                           = 0x10
+	VM_BCACHE_SIZE_MAX             = 0x19000000
+	VQUIT                          = 0x9
+	VREPRINT                       = 0x6
+	VSTART                         = 0xc
+	VSTATUS                        = 0x12
+	VSTOP                          = 0xd
+	VSUSP                          = 0xa
+	VTIME                          = 0x11
+	VWERASE                        = 0x4
+	WCONTINUED                     = 0x4
+	WCOREFLAG                      = 0x80
+	WEXITED                        = 0x10
+	WLINUXCLONE                    = 0x80000000
+	WNOHANG                        = 0x1
+	WNOWAIT                        = 0x8
+	WSTOPPED                       = 0x2
+	WTRAPPED                       = 0x20
+	WUNTRACED                      = 0x2
+)
+
+// Errors
+const (
+	E2BIG           = syscall.Errno(0x7)
+	EACCES          = syscall.Errno(0xd)
+	EADDRINUSE      = syscall.Errno(0x30)
+	EADDRNOTAVAIL   = syscall.Errno(0x31)
+	EAFNOSUPPORT    = syscall.Errno(0x2f)
+	EAGAIN          = syscall.Errno(0x23)
+	EALREADY        = syscall.Errno(0x25)
+	EAUTH           = syscall.Errno(0x50)
+	EBADF           = syscall.Errno(0x9)
+	EBADMSG         = syscall.Errno(0x59)
+	EBADRPC         = syscall.Errno(0x48)
+	EBUSY           = syscall.Errno(0x10)
+	ECANCELED       = syscall.Errno(0x55)
+	ECAPMODE        = syscall.Errno(0x5e)
+	ECHILD          = syscall.Errno(0xa)
+	ECONNABORTED    = syscall.Errno(0x35)
+	ECONNREFUSED    = syscall.Errno(0x3d)
+	ECONNRESET      = syscall.Errno(0x36)
+	EDEADLK         = syscall.Errno(0xb)
+	EDESTADDRREQ    = syscall.Errno(0x27)
+	EDOM            = syscall.Errno(0x21)
+	EDOOFUS         = syscall.Errno(0x58)
+	EDQUOT          = syscall.Errno(0x45)
+	EEXIST          = syscall.Errno(0x11)
+	EFAULT          = syscall.Errno(0xe)
+	EFBIG           = syscall.Errno(0x1b)
+	EFTYPE          = syscall.Errno(0x4f)
+	EHOSTDOWN       = syscall.Errno(0x40)
+	EHOSTUNREACH    = syscall.Errno(0x41)
+	EIDRM           = syscall.Errno(0x52)
+	EILSEQ          = syscall.Errno(0x56)
+	EINPROGRESS     = syscall.Errno(0x24)
+	EINTR           = syscall.Errno(0x4)
+	EINVAL          = syscall.Errno(0x16)
+	EIO             = syscall.Errno(0x5)
+	EISCONN         = syscall.Errno(0x38)
+	EISDIR          = syscall.Errno(0x15)
+	ELAST           = syscall.Errno(0x60)
+	ELOOP           = syscall.Errno(0x3e)
+	EMFILE          = syscall.Errno(0x18)
+	EMLINK          = syscall.Errno(0x1f)
+	EMSGSIZE        = syscall.Errno(0x28)
+	EMULTIHOP       = syscall.Errno(0x5a)
+	ENAMETOOLONG    = syscall.Errno(0x3f)
+	ENEEDAUTH       = syscall.Errno(0x51)
+	ENETDOWN        = syscall.Errno(0x32)
+	ENETRESET       = syscall.Errno(0x34)
+	ENETUNREACH     = syscall.Errno(0x33)
+	ENFILE          = syscall.Errno(0x17)
+	ENOATTR         = syscall.Errno(0x57)
+	ENOBUFS         = syscall.Errno(0x37)
+	ENODEV          = syscall.Errno(0x13)
+	ENOENT          = syscall.Errno(0x2)
+	ENOEXEC         = syscall.Errno(0x8)
+	ENOLCK          = syscall.Errno(0x4d)
+	ENOLINK         = syscall.Errno(0x5b)
+	ENOMEM          = syscall.Errno(0xc)
+	ENOMSG          = syscall.Errno(0x53)
+	ENOPROTOOPT     = syscall.Errno(0x2a)
+	ENOSPC          = syscall.Errno(0x1c)
+	ENOSYS          = syscall.Errno(0x4e)
+	ENOTBLK         = syscall.Errno(0xf)
+	ENOTCAPABLE     = syscall.Errno(0x5d)
+	ENOTCONN        = syscall.Errno(0x39)
+	ENOTDIR         = syscall.Errno(0x14)
+	ENOTEMPTY       = syscall.Errno(0x42)
+	ENOTRECOVERABLE = syscall.Errno(0x5f)
+	ENOTSOCK        = syscall.Errno(0x26)
+	ENOTSUP         = syscall.Errno(0x2d)
+	ENOTTY          = syscall.Errno(0x19)
+	ENXIO           = syscall.Errno(0x6)
+	EOPNOTSUPP      = syscall.Errno(0x2d)
+	EOVERFLOW       = syscall.Errno(0x54)
+	EOWNERDEAD      = syscall.Errno(0x60)
+	EPERM           = syscall.Errno(0x1)
+	EPFNOSUPPORT    = syscall.Errno(0x2e)
+	EPIPE           = syscall.Errno(0x20)
+	EPROCLIM        = syscall.Errno(0x43)
+	EPROCUNAVAIL    = syscall.Errno(0x4c)
+	EPROGMISMATCH   = syscall.Errno(0x4b)
+	EPROGUNAVAIL    = syscall.Errno(0x4a)
+	EPROTO          = syscall.Errno(0x5c)
+	EPROTONOSUPPORT = syscall.Errno(0x2b)
+	EPROTOTYPE      = syscall.Errno(0x29)
+	ERANGE          = syscall.Errno(0x22)
+	EREMOTE         = syscall.Errno(0x47)
+	EROFS           = syscall.Errno(0x1e)
+	ERPCMISMATCH    = syscall.Errno(0x49)
+	ESHUTDOWN       = syscall.Errno(0x3a)
+	ESOCKTNOSUPPORT = syscall.Errno(0x2c)
+	ESPIPE          = syscall.Errno(0x1d)
+	ESRCH           = syscall.Errno(0x3)
+	ESTALE          = syscall.Errno(0x46)
+	ETIMEDOUT       = syscall.Errno(0x3c)
+	ETOOMANYREFS    = syscall.Errno(0x3b)
+	ETXTBSY         = syscall.Errno(0x1a)
+	EUSERS          = syscall.Errno(0x44)
+	EWOULDBLOCK     = syscall.Errno(0x23)
+	EXDEV           = syscall.Errno(0x12)
+)
+
+// Signals
+const (
+	SIGABRT   = syscall.Signal(0x6)
+	SIGALRM   = syscall.Signal(0xe)
+	SIGBUS    = syscall.Signal(0xa)
+	SIGCHLD   = syscall.Signal(0x14)
+	SIGCONT   = syscall.Signal(0x13)
+	SIGEMT    = syscall.Signal(0x7)
+	SIGFPE    = syscall.Signal(0x8)
+	SIGHUP    = syscall.Signal(0x1)
+	SIGILL    = syscall.Signal(0x4)
+	SIGINFO   = syscall.Signal(0x1d)
+	SIGINT    = syscall.Signal(0x2)
+	SIGIO     = syscall.Signal(0x17)
+	SIGIOT    = syscall.Signal(0x6)
+	SIGKILL   = syscall.Signal(0x9)
+	SIGLIBRT  = syscall.Signal(0x21)
+	SIGLWP    = syscall.Signal(0x20)
+	SIGPIPE   = syscall.Signal(0xd)
+	SIGPROF   = syscall.Signal(0x1b)
+	SIGQUIT   = syscall.Signal(0x3)
+	SIGSEGV   = syscall.Signal(0xb)
+	SIGSTOP   = syscall.Signal(0x11)
+	SIGSYS    = syscall.Signal(0xc)
+	SIGTERM   = syscall.Signal(0xf)
+	SIGTHR    = syscall.Signal(0x20)
+	SIGTRAP   = syscall.Signal(0x5)
+	SIGTSTP   = syscall.Signal(0x12)
+	SIGTTIN   = syscall.Signal(0x15)
+	SIGTTOU   = syscall.Signal(0x16)
+	SIGURG    = syscall.Signal(0x10)
+	SIGUSR1   = syscall.Signal(0x1e)
+	SIGUSR2   = syscall.Signal(0x1f)
+	SIGVTALRM = syscall.Signal(0x1a)
+	SIGWINCH  = syscall.Signal(0x1c)
+	SIGXCPU   = syscall.Signal(0x18)
+	SIGXFSZ   = syscall.Signal(0x19)
+)
+
+// Error table
+var errorList = [...]struct {
+	num  syscall.Errno
+	name string
+	desc string
+}{
+	{1, "EPERM", "operation not permitted"},
+	{2, "ENOENT", "no such file or directory"},
+	{3, "ESRCH", "no such process"},
+	{4, "EINTR", "interrupted system call"},
+	{5, "EIO", "input/output error"},
+	{6, "ENXIO", "device not configured"},
+	{7, "E2BIG", "argument list too long"},
+	{8, "ENOEXEC", "exec format error"},
+	{9, "EBADF", "bad file descriptor"},
+	{10, "ECHILD", "no child processes"},
+	{11, "EDEADLK", "resource deadlock avoided"},
+	{12, "ENOMEM", "cannot allocate memory"},
+	{13, "EACCES", "permission denied"},
+	{14, "EFAULT", "bad address"},
+	{15, "ENOTBLK", "block device required"},
+	{16, "EBUSY", "device busy"},
+	{17, "EEXIST", "file exists"},
+	{18, "EXDEV", "cross-device link"},
+	{19, "ENODEV", "operation not supported by device"},
+	{20, "ENOTDIR", "not a directory"},
+	{21, "EISDIR", "is a directory"},
+	{22, "EINVAL", "invalid argument"},
+	{23, "ENFILE", "too many open files in system"},
+	{24, "EMFILE", "too many open files"},
+	{25, "ENOTTY", "inappropriate ioctl for device"},
+	{26, "ETXTBSY", "text file busy"},
+	{27, "EFBIG", "file too large"},
+	{28, "ENOSPC", "no space left on device"},
+	{29, "ESPIPE", "illegal seek"},
+	{30, "EROFS", "read-only file system"},
+	{31, "EMLINK", "too many links"},
+	{32, "EPIPE", "broken pipe"},
+	{33, "EDOM", "numerical argument out of domain"},
+	{34, "ERANGE", "result too large"},
+	{35, "EAGAIN", "resource temporarily unavailable"},
+	{36, "EINPROGRESS", "operation now in progress"},
+	{37, "EALREADY", "operation already in progress"},
+	{38, "ENOTSOCK", "socket operation on non-socket"},
+	{39, "EDESTADDRREQ", "destination address required"},
+	{40, "EMSGSIZE", "message too long"},
+	{41, "EPROTOTYPE", "protocol wrong type for socket"},
+	{42, "ENOPROTOOPT", "protocol not available"},
+	{43, "EPROTONOSUPPORT", "protocol not supported"},
+	{44, "ESOCKTNOSUPPORT", "socket type not supported"},
+	{45, "EOPNOTSUPP", "operation not supported"},
+	{46, "EPFNOSUPPORT", "protocol family not supported"},
+	{47, "EAFNOSUPPORT", "address family not supported by protocol family"},
+	{48, "EADDRINUSE", "address already in use"},
+	{49, "EADDRNOTAVAIL", "can't assign requested address"},
+	{50, "ENETDOWN", "network is down"},
+	{51, "ENETUNREACH", "network is unreachable"},
+	{52, "ENETRESET", "network dropped connection on reset"},
+	{53, "ECONNABORTED", "software caused connection abort"},
+	{54, "ECONNRESET", "connection reset by peer"},
+	{55, "ENOBUFS", "no buffer space available"},
+	{56, "EISCONN", "socket is already connected"},
+	{57, "ENOTCONN", "socket is not connected"},
+	{58, "ESHUTDOWN", "can't send after socket shutdown"},
+	{59, "ETOOMANYREFS", "too many references: can't splice"},
+	{60, "ETIMEDOUT", "operation timed out"},
+	{61, "ECONNREFUSED", "connection refused"},
+	{62, "ELOOP", "too many levels of symbolic links"},
+	{63, "ENAMETOOLONG", "file name too long"},
+	{64, "EHOSTDOWN", "host is down"},
+	{65, "EHOSTUNREACH", "no route to host"},
+	{66, "ENOTEMPTY", "directory not empty"},
+	{67, "EPROCLIM", "too many processes"},
+	{68, "EUSERS", "too many users"},
+	{69, "EDQUOT", "disc quota exceeded"},
+	{70, "ESTALE", "stale NFS file handle"},
+	{71, "EREMOTE", "too many levels of remote in path"},
+	{72, "EBADRPC", "RPC struct is bad"},
+	{73, "ERPCMISMATCH", "RPC version wrong"},
+	{74, "EPROGUNAVAIL", "RPC prog. not avail"},
+	{75, "EPROGMISMATCH", "program version wrong"},
+	{76, "EPROCUNAVAIL", "bad procedure for program"},
+	{77, "ENOLCK", "no locks available"},
+	{78, "ENOSYS", "function not implemented"},
+	{79, "EFTYPE", "inappropriate file type or format"},
+	{80, "EAUTH", "authentication error"},
+	{81, "ENEEDAUTH", "need authenticator"},
+	{82, "EIDRM", "identifier removed"},
+	{83, "ENOMSG", "no message of desired type"},
+	{84, "EOVERFLOW", "value too large to be stored in data type"},
+	{85, "ECANCELED", "operation canceled"},
+	{86, "EILSEQ", "illegal byte sequence"},
+	{87, "ENOATTR", "attribute not found"},
+	{88, "EDOOFUS", "programming error"},
+	{89, "EBADMSG", "bad message"},
+	{90, "EMULTIHOP", "multihop attempted"},
+	{91, "ENOLINK", "link has been severed"},
+	{92, "EPROTO", "protocol error"},
+	{93, "ENOTCAPABLE", "capabilities insufficient"},
+	{94, "ECAPMODE", "not permitted in capability mode"},
+	{95, "ENOTRECOVERABLE", "state not recoverable"},
+	{96, "EOWNERDEAD", "previous owner died"},
+}
+
+// Signal table
+var signalList = [...]struct {
+	num  syscall.Signal
+	name string
+	desc string
+}{
+	{1, "SIGHUP", "hangup"},
+	{2, "SIGINT", "interrupt"},
+	{3, "SIGQUIT", "quit"},
+	{4, "SIGILL", "illegal instruction"},
+	{5, "SIGTRAP", "trace/BPT trap"},
+	{6, "SIGIOT", "abort trap"},
+	{7, "SIGEMT", "EMT trap"},
+	{8, "SIGFPE", "floating point exception"},
+	{9, "SIGKILL", "killed"},
+	{10, "SIGBUS", "bus error"},
+	{11, "SIGSEGV", "segmentation fault"},
+	{12, "SIGSYS", "bad system call"},
+	{13, "SIGPIPE", "broken pipe"},
+	{14, "SIGALRM", "alarm clock"},
+	{15, "SIGTERM", "terminated"},
+	{16, "SIGURG", "urgent I/O condition"},
+	{17, "SIGSTOP", "suspended (signal)"},
+	{18, "SIGTSTP", "suspended"},
+	{19, "SIGCONT", "continued"},
+	{20, "SIGCHLD", "child exited"},
+	{21, "SIGTTIN", "stopped (tty input)"},
+	{22, "SIGTTOU", "stopped (tty output)"},
+	{23, "SIGIO", "I/O possible"},
+	{24, "SIGXCPU", "cputime limit exceeded"},
+	{25, "SIGXFSZ", "filesize limit exceeded"},
+	{26, "SIGVTALRM", "virtual timer expired"},
+	{27, "SIGPROF", "profiling timer expired"},
+	{28, "SIGWINCH", "window size changes"},
+	{29, "SIGINFO", "information request"},
+	{30, "SIGUSR1", "user defined signal 1"},
+	{31, "SIGUSR2", "user defined signal 2"},
+	{32, "SIGTHR", "unknown signal"},
+	{33, "SIGLIBRT", "unknown signal"},
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_linux.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_linux.go
new file mode 100644
index 000000000..79e032f4f
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_linux.go
@@ -0,0 +1,2536 @@
+// Code generated by mkmerge.go; DO NOT EDIT.
+
+// +build linux
+
+package unix
+
+import "syscall"
+
+const (
+	AAFS_MAGIC                                  = 0x5a3c69f0
+	ADFS_SUPER_MAGIC                            = 0xadf5
+	AFFS_SUPER_MAGIC                            = 0xadff
+	AFS_FS_MAGIC                                = 0x6b414653
+	AFS_SUPER_MAGIC                             = 0x5346414f
+	AF_ALG                                      = 0x26
+	AF_APPLETALK                                = 0x5
+	AF_ASH                                      = 0x12
+	AF_ATMPVC                                   = 0x8
+	AF_ATMSVC                                   = 0x14
+	AF_AX25                                     = 0x3
+	AF_BLUETOOTH                                = 0x1f
+	AF_BRIDGE                                   = 0x7
+	AF_CAIF                                     = 0x25
+	AF_CAN                                      = 0x1d
+	AF_DECnet                                   = 0xc
+	AF_ECONET                                   = 0x13
+	AF_FILE                                     = 0x1
+	AF_IB                                       = 0x1b
+	AF_IEEE802154                               = 0x24
+	AF_INET                                     = 0x2
+	AF_INET6                                    = 0xa
+	AF_IPX                                      = 0x4
+	AF_IRDA                                     = 0x17
+	AF_ISDN                                     = 0x22
+	AF_IUCV                                     = 0x20
+	AF_KCM                                      = 0x29
+	AF_KEY                                      = 0xf
+	AF_LLC                                      = 0x1a
+	AF_LOCAL                                    = 0x1
+	AF_MAX                                      = 0x2d
+	AF_MPLS                                     = 0x1c
+	AF_NETBEUI                                  = 0xd
+	AF_NETLINK                                  = 0x10
+	AF_NETROM                                   = 0x6
+	AF_NFC                                      = 0x27
+	AF_PACKET                                   = 0x11
+	AF_PHONET                                   = 0x23
+	AF_PPPOX                                    = 0x18
+	AF_QIPCRTR                                  = 0x2a
+	AF_RDS                                      = 0x15
+	AF_ROSE                                     = 0xb
+	AF_ROUTE                                    = 0x10
+	AF_RXRPC                                    = 0x21
+	AF_SECURITY                                 = 0xe
+	AF_SMC                                      = 0x2b
+	AF_SNA                                      = 0x16
+	AF_TIPC                                     = 0x1e
+	AF_UNIX                                     = 0x1
+	AF_UNSPEC                                   = 0x0
+	AF_VSOCK                                    = 0x28
+	AF_WANPIPE                                  = 0x19
+	AF_X25                                      = 0x9
+	AF_XDP                                      = 0x2c
+	ALG_OP_DECRYPT                              = 0x0
+	ALG_OP_ENCRYPT                              = 0x1
+	ALG_SET_AEAD_ASSOCLEN                       = 0x4
+	ALG_SET_AEAD_AUTHSIZE                       = 0x5
+	ALG_SET_IV                                  = 0x2
+	ALG_SET_KEY                                 = 0x1
+	ALG_SET_OP                                  = 0x3
+	ANON_INODE_FS_MAGIC                         = 0x9041934
+	ARPHRD_6LOWPAN                              = 0x339
+	ARPHRD_ADAPT                                = 0x108
+	ARPHRD_APPLETLK                             = 0x8
+	ARPHRD_ARCNET                               = 0x7
+	ARPHRD_ASH                                  = 0x30d
+	ARPHRD_ATM                                  = 0x13
+	ARPHRD_AX25                                 = 0x3
+	ARPHRD_BIF                                  = 0x307
+	ARPHRD_CAIF                                 = 0x336
+	ARPHRD_CAN                                  = 0x118
+	ARPHRD_CHAOS                                = 0x5
+	ARPHRD_CISCO                                = 0x201
+	ARPHRD_CSLIP                                = 0x101
+	ARPHRD_CSLIP6                               = 0x103
+	ARPHRD_DDCMP                                = 0x205
+	ARPHRD_DLCI                                 = 0xf
+	ARPHRD_ECONET                               = 0x30e
+	ARPHRD_EETHER                               = 0x2
+	ARPHRD_ETHER                                = 0x1
+	ARPHRD_EUI64                                = 0x1b
+	ARPHRD_FCAL                                 = 0x311
+	ARPHRD_FCFABRIC                             = 0x313
+	ARPHRD_FCPL                                 = 0x312
+	ARPHRD_FCPP                                 = 0x310
+	ARPHRD_FDDI                                 = 0x306
+	ARPHRD_FRAD                                 = 0x302
+	ARPHRD_HDLC                                 = 0x201
+	ARPHRD_HIPPI                                = 0x30c
+	ARPHRD_HWX25                                = 0x110
+	ARPHRD_IEEE1394                             = 0x18
+	ARPHRD_IEEE802                              = 0x6
+	ARPHRD_IEEE80211                            = 0x321
+	ARPHRD_IEEE80211_PRISM                      = 0x322
+	ARPHRD_IEEE80211_RADIOTAP                   = 0x323
+	ARPHRD_IEEE802154                           = 0x324
+	ARPHRD_IEEE802154_MONITOR                   = 0x325
+	ARPHRD_IEEE802_TR                           = 0x320
+	ARPHRD_INFINIBAND                           = 0x20
+	ARPHRD_IP6GRE                               = 0x337
+	ARPHRD_IPDDP                                = 0x309
+	ARPHRD_IPGRE                                = 0x30a
+	ARPHRD_IRDA                                 = 0x30f
+	ARPHRD_LAPB                                 = 0x204
+	ARPHRD_LOCALTLK                             = 0x305
+	ARPHRD_LOOPBACK                             = 0x304
+	ARPHRD_METRICOM                             = 0x17
+	ARPHRD_NETLINK                              = 0x338
+	ARPHRD_NETROM                               = 0x0
+	ARPHRD_NONE                                 = 0xfffe
+	ARPHRD_PHONET                               = 0x334
+	ARPHRD_PHONET_PIPE                          = 0x335
+	ARPHRD_PIMREG                               = 0x30b
+	ARPHRD_PPP                                  = 0x200
+	ARPHRD_PRONET                               = 0x4
+	ARPHRD_RAWHDLC                              = 0x206
+	ARPHRD_RAWIP                                = 0x207
+	ARPHRD_ROSE                                 = 0x10e
+	ARPHRD_RSRVD                                = 0x104
+	ARPHRD_SIT                                  = 0x308
+	ARPHRD_SKIP                                 = 0x303
+	ARPHRD_SLIP                                 = 0x100
+	ARPHRD_SLIP6                                = 0x102
+	ARPHRD_TUNNEL                               = 0x300
+	ARPHRD_TUNNEL6                              = 0x301
+	ARPHRD_VOID                                 = 0xffff
+	ARPHRD_VSOCKMON                             = 0x33a
+	ARPHRD_X25                                  = 0x10f
+	AUTOFS_SUPER_MAGIC                          = 0x187
+	B0                                          = 0x0
+	B110                                        = 0x3
+	B1200                                       = 0x9
+	B134                                        = 0x4
+	B150                                        = 0x5
+	B1800                                       = 0xa
+	B19200                                      = 0xe
+	B200                                        = 0x6
+	B2400                                       = 0xb
+	B300                                        = 0x7
+	B38400                                      = 0xf
+	B4800                                       = 0xc
+	B50                                         = 0x1
+	B600                                        = 0x8
+	B75                                         = 0x2
+	B9600                                       = 0xd
+	BALLOON_KVM_MAGIC                           = 0x13661366
+	BDEVFS_MAGIC                                = 0x62646576
+	BINDERFS_SUPER_MAGIC                        = 0x6c6f6f70
+	BINFMTFS_MAGIC                              = 0x42494e4d
+	BPF_A                                       = 0x10
+	BPF_ABS                                     = 0x20
+	BPF_ADD                                     = 0x0
+	BPF_ALU                                     = 0x4
+	BPF_ALU64                                   = 0x7
+	BPF_AND                                     = 0x50
+	BPF_ARSH                                    = 0xc0
+	BPF_B                                       = 0x10
+	BPF_BUILD_ID_SIZE                           = 0x14
+	BPF_CALL                                    = 0x80
+	BPF_DIV                                     = 0x30
+	BPF_DW                                      = 0x18
+	BPF_END                                     = 0xd0
+	BPF_EXIT                                    = 0x90
+	BPF_FROM_BE                                 = 0x8
+	BPF_FROM_LE                                 = 0x0
+	BPF_FS_MAGIC                                = 0xcafe4a11
+	BPF_F_ALLOW_MULTI                           = 0x2
+	BPF_F_ALLOW_OVERRIDE                        = 0x1
+	BPF_F_ANY_ALIGNMENT                         = 0x2
+	BPF_F_QUERY_EFFECTIVE                       = 0x1
+	BPF_F_REPLACE                               = 0x4
+	BPF_F_STRICT_ALIGNMENT                      = 0x1
+	BPF_F_TEST_RND_HI32                         = 0x4
+	BPF_F_TEST_STATE_FREQ                       = 0x8
+	BPF_H                                       = 0x8
+	BPF_IMM                                     = 0x0
+	BPF_IND                                     = 0x40
+	BPF_JA                                      = 0x0
+	BPF_JEQ                                     = 0x10
+	BPF_JGE                                     = 0x30
+	BPF_JGT                                     = 0x20
+	BPF_JLE                                     = 0xb0
+	BPF_JLT                                     = 0xa0
+	BPF_JMP                                     = 0x5
+	BPF_JMP32                                   = 0x6
+	BPF_JNE                                     = 0x50
+	BPF_JSET                                    = 0x40
+	BPF_JSGE                                    = 0x70
+	BPF_JSGT                                    = 0x60
+	BPF_JSLE                                    = 0xd0
+	BPF_JSLT                                    = 0xc0
+	BPF_K                                       = 0x0
+	BPF_LD                                      = 0x0
+	BPF_LDX                                     = 0x1
+	BPF_LEN                                     = 0x80
+	BPF_LL_OFF                                  = -0x200000
+	BPF_LSH                                     = 0x60
+	BPF_MAJOR_VERSION                           = 0x1
+	BPF_MAXINSNS                                = 0x1000
+	BPF_MEM                                     = 0x60
+	BPF_MEMWORDS                                = 0x10
+	BPF_MINOR_VERSION                           = 0x1
+	BPF_MISC                                    = 0x7
+	BPF_MOD                                     = 0x90
+	BPF_MOV                                     = 0xb0
+	BPF_MSH                                     = 0xa0
+	BPF_MUL                                     = 0x20
+	BPF_NEG                                     = 0x80
+	BPF_NET_OFF                                 = -0x100000
+	BPF_OBJ_NAME_LEN                            = 0x10
+	BPF_OR                                      = 0x40
+	BPF_PSEUDO_CALL                             = 0x1
+	BPF_PSEUDO_MAP_FD                           = 0x1
+	BPF_PSEUDO_MAP_VALUE                        = 0x2
+	BPF_RET                                     = 0x6
+	BPF_RSH                                     = 0x70
+	BPF_ST                                      = 0x2
+	BPF_STX                                     = 0x3
+	BPF_SUB                                     = 0x10
+	BPF_TAG_SIZE                                = 0x8
+	BPF_TAX                                     = 0x0
+	BPF_TO_BE                                   = 0x8
+	BPF_TO_LE                                   = 0x0
+	BPF_TXA                                     = 0x80
+	BPF_W                                       = 0x0
+	BPF_X                                       = 0x8
+	BPF_XADD                                    = 0xc0
+	BPF_XOR                                     = 0xa0
+	BRKINT                                      = 0x2
+	BS0                                         = 0x0
+	BTRFS_SUPER_MAGIC                           = 0x9123683e
+	BTRFS_TEST_MAGIC                            = 0x73727279
+	CAN_BCM                                     = 0x2
+	CAN_EFF_FLAG                                = 0x80000000
+	CAN_EFF_ID_BITS                             = 0x1d
+	CAN_EFF_MASK                                = 0x1fffffff
+	CAN_ERR_ACK                                 = 0x20
+	CAN_ERR_BUSERROR                            = 0x80
+	CAN_ERR_BUSOFF                              = 0x40
+	CAN_ERR_CRTL                                = 0x4
+	CAN_ERR_CRTL_ACTIVE                         = 0x40
+	CAN_ERR_CRTL_RX_OVERFLOW                    = 0x1
+	CAN_ERR_CRTL_RX_PASSIVE                     = 0x10
+	CAN_ERR_CRTL_RX_WARNING                     = 0x4
+	CAN_ERR_CRTL_TX_OVERFLOW                    = 0x2
+	CAN_ERR_CRTL_TX_PASSIVE                     = 0x20
+	CAN_ERR_CRTL_TX_WARNING                     = 0x8
+	CAN_ERR_CRTL_UNSPEC                         = 0x0
+	CAN_ERR_DLC                                 = 0x8
+	CAN_ERR_FLAG                                = 0x20000000
+	CAN_ERR_LOSTARB                             = 0x2
+	CAN_ERR_LOSTARB_UNSPEC                      = 0x0
+	CAN_ERR_MASK                                = 0x1fffffff
+	CAN_ERR_PROT                                = 0x8
+	CAN_ERR_PROT_ACTIVE                         = 0x40
+	CAN_ERR_PROT_BIT                            = 0x1
+	CAN_ERR_PROT_BIT0                           = 0x8
+	CAN_ERR_PROT_BIT1                           = 0x10
+	CAN_ERR_PROT_FORM                           = 0x2
+	CAN_ERR_PROT_LOC_ACK                        = 0x19
+	CAN_ERR_PROT_LOC_ACK_DEL                    = 0x1b
+	CAN_ERR_PROT_LOC_CRC_DEL                    = 0x18
+	CAN_ERR_PROT_LOC_CRC_SEQ                    = 0x8
+	CAN_ERR_PROT_LOC_DATA                       = 0xa
+	CAN_ERR_PROT_LOC_DLC                        = 0xb
+	CAN_ERR_PROT_LOC_EOF                        = 0x1a
+	CAN_ERR_PROT_LOC_ID04_00                    = 0xe
+	CAN_ERR_PROT_LOC_ID12_05                    = 0xf
+	CAN_ERR_PROT_LOC_ID17_13                    = 0x7
+	CAN_ERR_PROT_LOC_ID20_18                    = 0x6
+	CAN_ERR_PROT_LOC_ID28_21                    = 0x2
+	CAN_ERR_PROT_LOC_IDE                        = 0x5
+	CAN_ERR_PROT_LOC_INTERM                     = 0x12
+	CAN_ERR_PROT_LOC_RES0                       = 0x9
+	CAN_ERR_PROT_LOC_RES1                       = 0xd
+	CAN_ERR_PROT_LOC_RTR                        = 0xc
+	CAN_ERR_PROT_LOC_SOF                        = 0x3
+	CAN_ERR_PROT_LOC_SRTR                       = 0x4
+	CAN_ERR_PROT_LOC_UNSPEC                     = 0x0
+	CAN_ERR_PROT_OVERLOAD                       = 0x20
+	CAN_ERR_PROT_STUFF                          = 0x4
+	CAN_ERR_PROT_TX                             = 0x80
+	CAN_ERR_PROT_UNSPEC                         = 0x0
+	CAN_ERR_RESTARTED                           = 0x100
+	CAN_ERR_TRX                                 = 0x10
+	CAN_ERR_TRX_CANH_NO_WIRE                    = 0x4
+	CAN_ERR_TRX_CANH_SHORT_TO_BAT               = 0x5
+	CAN_ERR_TRX_CANH_SHORT_TO_GND               = 0x7
+	CAN_ERR_TRX_CANH_SHORT_TO_VCC               = 0x6
+	CAN_ERR_TRX_CANL_NO_WIRE                    = 0x40
+	CAN_ERR_TRX_CANL_SHORT_TO_BAT               = 0x50
+	CAN_ERR_TRX_CANL_SHORT_TO_CANH              = 0x80
+	CAN_ERR_TRX_CANL_SHORT_TO_GND               = 0x70
+	CAN_ERR_TRX_CANL_SHORT_TO_VCC               = 0x60
+	CAN_ERR_TRX_UNSPEC                          = 0x0
+	CAN_ERR_TX_TIMEOUT                          = 0x1
+	CAN_INV_FILTER                              = 0x20000000
+	CAN_ISOTP                                   = 0x6
+	CAN_J1939                                   = 0x7
+	CAN_MAX_DLC                                 = 0x8
+	CAN_MAX_DLEN                                = 0x8
+	CAN_MCNET                                   = 0x5
+	CAN_MTU                                     = 0x10
+	CAN_NPROTO                                  = 0x8
+	CAN_RAW                                     = 0x1
+	CAN_RAW_FILTER_MAX                          = 0x200
+	CAN_RTR_FLAG                                = 0x40000000
+	CAN_SFF_ID_BITS                             = 0xb
+	CAN_SFF_MASK                                = 0x7ff
+	CAN_TP16                                    = 0x3
+	CAN_TP20                                    = 0x4
+	CAP_AUDIT_CONTROL                           = 0x1e
+	CAP_AUDIT_READ                              = 0x25
+	CAP_AUDIT_WRITE                             = 0x1d
+	CAP_BLOCK_SUSPEND                           = 0x24
+	CAP_BPF                                     = 0x27
+	CAP_CHOWN                                   = 0x0
+	CAP_DAC_OVERRIDE                            = 0x1
+	CAP_DAC_READ_SEARCH                         = 0x2
+	CAP_FOWNER                                  = 0x3
+	CAP_FSETID                                  = 0x4
+	CAP_IPC_LOCK                                = 0xe
+	CAP_IPC_OWNER                               = 0xf
+	CAP_KILL                                    = 0x5
+	CAP_LAST_CAP                                = 0x27
+	CAP_LEASE                                   = 0x1c
+	CAP_LINUX_IMMUTABLE                         = 0x9
+	CAP_MAC_ADMIN                               = 0x21
+	CAP_MAC_OVERRIDE                            = 0x20
+	CAP_MKNOD                                   = 0x1b
+	CAP_NET_ADMIN                               = 0xc
+	CAP_NET_BIND_SERVICE                        = 0xa
+	CAP_NET_BROADCAST                           = 0xb
+	CAP_NET_RAW                                 = 0xd
+	CAP_PERFMON                                 = 0x26
+	CAP_SETFCAP                                 = 0x1f
+	CAP_SETGID                                  = 0x6
+	CAP_SETPCAP                                 = 0x8
+	CAP_SETUID                                  = 0x7
+	CAP_SYSLOG                                  = 0x22
+	CAP_SYS_ADMIN                               = 0x15
+	CAP_SYS_BOOT                                = 0x16
+	CAP_SYS_CHROOT                              = 0x12
+	CAP_SYS_MODULE                              = 0x10
+	CAP_SYS_NICE                                = 0x17
+	CAP_SYS_PACCT                               = 0x14
+	CAP_SYS_PTRACE                              = 0x13
+	CAP_SYS_RAWIO                               = 0x11
+	CAP_SYS_RESOURCE                            = 0x18
+	CAP_SYS_TIME                                = 0x19
+	CAP_SYS_TTY_CONFIG                          = 0x1a
+	CAP_WAKE_ALARM                              = 0x23
+	CFLUSH                                      = 0xf
+	CGROUP2_SUPER_MAGIC                         = 0x63677270
+	CGROUP_SUPER_MAGIC                          = 0x27e0eb
+	CLOCK_BOOTTIME                              = 0x7
+	CLOCK_BOOTTIME_ALARM                        = 0x9
+	CLOCK_DEFAULT                               = 0x0
+	CLOCK_EXT                                   = 0x1
+	CLOCK_INT                                   = 0x2
+	CLOCK_MONOTONIC                             = 0x1
+	CLOCK_MONOTONIC_COARSE                      = 0x6
+	CLOCK_MONOTONIC_RAW                         = 0x4
+	CLOCK_PROCESS_CPUTIME_ID                    = 0x2
+	CLOCK_REALTIME                              = 0x0
+	CLOCK_REALTIME_ALARM                        = 0x8
+	CLOCK_REALTIME_COARSE                       = 0x5
+	CLOCK_TAI                                   = 0xb
+	CLOCK_THREAD_CPUTIME_ID                     = 0x3
+	CLOCK_TXFROMRX                              = 0x4
+	CLOCK_TXINT                                 = 0x3
+	CLONE_ARGS_SIZE_VER0                        = 0x40
+	CLONE_ARGS_SIZE_VER1                        = 0x50
+	CLONE_ARGS_SIZE_VER2                        = 0x58
+	CLONE_CHILD_CLEARTID                        = 0x200000
+	CLONE_CHILD_SETTID                          = 0x1000000
+	CLONE_CLEAR_SIGHAND                         = 0x100000000
+	CLONE_DETACHED                              = 0x400000
+	CLONE_FILES                                 = 0x400
+	CLONE_FS                                    = 0x200
+	CLONE_INTO_CGROUP                           = 0x200000000
+	CLONE_IO                                    = 0x80000000
+	CLONE_NEWCGROUP                             = 0x2000000
+	CLONE_NEWIPC                                = 0x8000000
+	CLONE_NEWNET                                = 0x40000000
+	CLONE_NEWNS                                 = 0x20000
+	CLONE_NEWPID                                = 0x20000000
+	CLONE_NEWTIME                               = 0x80
+	CLONE_NEWUSER                               = 0x10000000
+	CLONE_NEWUTS                                = 0x4000000
+	CLONE_PARENT                                = 0x8000
+	CLONE_PARENT_SETTID                         = 0x100000
+	CLONE_PIDFD                                 = 0x1000
+	CLONE_PTRACE                                = 0x2000
+	CLONE_SETTLS                                = 0x80000
+	CLONE_SIGHAND                               = 0x800
+	CLONE_SYSVSEM                               = 0x40000
+	CLONE_THREAD                                = 0x10000
+	CLONE_UNTRACED                              = 0x800000
+	CLONE_VFORK                                 = 0x4000
+	CLONE_VM                                    = 0x100
+	CMSPAR                                      = 0x40000000
+	CODA_SUPER_MAGIC                            = 0x73757245
+	CR0                                         = 0x0
+	CRAMFS_MAGIC                                = 0x28cd3d45
+	CRTSCTS                                     = 0x80000000
+	CRYPTO_MAX_NAME                             = 0x40
+	CRYPTO_MSG_MAX                              = 0x15
+	CRYPTO_NR_MSGTYPES                          = 0x6
+	CRYPTO_REPORT_MAXSIZE                       = 0x160
+	CS5                                         = 0x0
+	CSIGNAL                                     = 0xff
+	CSTART                                      = 0x11
+	CSTATUS                                     = 0x0
+	CSTOP                                       = 0x13
+	CSUSP                                       = 0x1a
+	DAXFS_MAGIC                                 = 0x64646178
+	DEBUGFS_MAGIC                               = 0x64626720
+	DEVLINK_CMD_ESWITCH_MODE_GET                = 0x1d
+	DEVLINK_CMD_ESWITCH_MODE_SET                = 0x1e
+	DEVLINK_GENL_MCGRP_CONFIG_NAME              = "config"
+	DEVLINK_GENL_NAME                           = "devlink"
+	DEVLINK_GENL_VERSION                        = 0x1
+	DEVLINK_SB_THRESHOLD_TO_ALPHA_MAX           = 0x14
+	DEVMEM_MAGIC                                = 0x454d444d
+	DEVPTS_SUPER_MAGIC                          = 0x1cd1
+	DMA_BUF_MAGIC                               = 0x444d4142
+	DM_ACTIVE_PRESENT_FLAG                      = 0x20
+	DM_BUFFER_FULL_FLAG                         = 0x100
+	DM_CONTROL_NODE                             = "control"
+	DM_DATA_OUT_FLAG                            = 0x10000
+	DM_DEFERRED_REMOVE                          = 0x20000
+	DM_DEV_ARM_POLL                             = 0xc138fd10
+	DM_DEV_CREATE                               = 0xc138fd03
+	DM_DEV_REMOVE                               = 0xc138fd04
+	DM_DEV_RENAME                               = 0xc138fd05
+	DM_DEV_SET_GEOMETRY                         = 0xc138fd0f
+	DM_DEV_STATUS                               = 0xc138fd07
+	DM_DEV_SUSPEND                              = 0xc138fd06
+	DM_DEV_WAIT                                 = 0xc138fd08
+	DM_DIR                                      = "mapper"
+	DM_GET_TARGET_VERSION                       = 0xc138fd11
+	DM_INACTIVE_PRESENT_FLAG                    = 0x40
+	DM_INTERNAL_SUSPEND_FLAG                    = 0x40000
+	DM_IOCTL                                    = 0xfd
+	DM_LIST_DEVICES                             = 0xc138fd02
+	DM_LIST_VERSIONS                            = 0xc138fd0d
+	DM_MAX_TYPE_NAME                            = 0x10
+	DM_NAME_LEN                                 = 0x80
+	DM_NOFLUSH_FLAG                             = 0x800
+	DM_PERSISTENT_DEV_FLAG                      = 0x8
+	DM_QUERY_INACTIVE_TABLE_FLAG                = 0x1000
+	DM_READONLY_FLAG                            = 0x1
+	DM_REMOVE_ALL                               = 0xc138fd01
+	DM_SECURE_DATA_FLAG                         = 0x8000
+	DM_SKIP_BDGET_FLAG                          = 0x200
+	DM_SKIP_LOCKFS_FLAG                         = 0x400
+	DM_STATUS_TABLE_FLAG                        = 0x10
+	DM_SUSPEND_FLAG                             = 0x2
+	DM_TABLE_CLEAR                              = 0xc138fd0a
+	DM_TABLE_DEPS                               = 0xc138fd0b
+	DM_TABLE_LOAD                               = 0xc138fd09
+	DM_TABLE_STATUS                             = 0xc138fd0c
+	DM_TARGET_MSG                               = 0xc138fd0e
+	DM_UEVENT_GENERATED_FLAG                    = 0x2000
+	DM_UUID_FLAG                                = 0x4000
+	DM_UUID_LEN                                 = 0x81
+	DM_VERSION                                  = 0xc138fd00
+	DM_VERSION_EXTRA                            = "-ioctl (2020-02-27)"
+	DM_VERSION_MAJOR                            = 0x4
+	DM_VERSION_MINOR                            = 0x2a
+	DM_VERSION_PATCHLEVEL                       = 0x0
+	DT_BLK                                      = 0x6
+	DT_CHR                                      = 0x2
+	DT_DIR                                      = 0x4
+	DT_FIFO                                     = 0x1
+	DT_LNK                                      = 0xa
+	DT_REG                                      = 0x8
+	DT_SOCK                                     = 0xc
+	DT_UNKNOWN                                  = 0x0
+	DT_WHT                                      = 0xe
+	ECHO                                        = 0x8
+	ECRYPTFS_SUPER_MAGIC                        = 0xf15f
+	EFD_SEMAPHORE                               = 0x1
+	EFIVARFS_MAGIC                              = 0xde5e81e4
+	EFS_SUPER_MAGIC                             = 0x414a53
+	ENCODING_DEFAULT                            = 0x0
+	ENCODING_FM_MARK                            = 0x3
+	ENCODING_FM_SPACE                           = 0x4
+	ENCODING_MANCHESTER                         = 0x5
+	ENCODING_NRZ                                = 0x1
+	ENCODING_NRZI                               = 0x2
+	EPOLLERR                                    = 0x8
+	EPOLLET                                     = 0x80000000
+	EPOLLEXCLUSIVE                              = 0x10000000
+	EPOLLHUP                                    = 0x10
+	EPOLLIN                                     = 0x1
+	EPOLLMSG                                    = 0x400
+	EPOLLONESHOT                                = 0x40000000
+	EPOLLOUT                                    = 0x4
+	EPOLLPRI                                    = 0x2
+	EPOLLRDBAND                                 = 0x80
+	EPOLLRDHUP                                  = 0x2000
+	EPOLLRDNORM                                 = 0x40
+	EPOLLWAKEUP                                 = 0x20000000
+	EPOLLWRBAND                                 = 0x200
+	EPOLLWRNORM                                 = 0x100
+	EPOLL_CTL_ADD                               = 0x1
+	EPOLL_CTL_DEL                               = 0x2
+	EPOLL_CTL_MOD                               = 0x3
+	EROFS_SUPER_MAGIC_V1                        = 0xe0f5e1e2
+	ETH_P_1588                                  = 0x88f7
+	ETH_P_8021AD                                = 0x88a8
+	ETH_P_8021AH                                = 0x88e7
+	ETH_P_8021Q                                 = 0x8100
+	ETH_P_80221                                 = 0x8917
+	ETH_P_802_2                                 = 0x4
+	ETH_P_802_3                                 = 0x1
+	ETH_P_802_3_MIN                             = 0x600
+	ETH_P_802_EX1                               = 0x88b5
+	ETH_P_AARP                                  = 0x80f3
+	ETH_P_AF_IUCV                               = 0xfbfb
+	ETH_P_ALL                                   = 0x3
+	ETH_P_AOE                                   = 0x88a2
+	ETH_P_ARCNET                                = 0x1a
+	ETH_P_ARP                                   = 0x806
+	ETH_P_ATALK                                 = 0x809b
+	ETH_P_ATMFATE                               = 0x8884
+	ETH_P_ATMMPOA                               = 0x884c
+	ETH_P_AX25                                  = 0x2
+	ETH_P_BATMAN                                = 0x4305
+	ETH_P_BPQ                                   = 0x8ff
+	ETH_P_CAIF                                  = 0xf7
+	ETH_P_CAN                                   = 0xc
+	ETH_P_CANFD                                 = 0xd
+	ETH_P_CONTROL                               = 0x16
+	ETH_P_CUST                                  = 0x6006
+	ETH_P_DDCMP                                 = 0x6
+	ETH_P_DEC                                   = 0x6000
+	ETH_P_DIAG                                  = 0x6005
+	ETH_P_DNA_DL                                = 0x6001
+	ETH_P_DNA_RC                                = 0x6002
+	ETH_P_DNA_RT                                = 0x6003
+	ETH_P_DSA                                   = 0x1b
+	ETH_P_DSA_8021Q                             = 0xdadb
+	ETH_P_ECONET                                = 0x18
+	ETH_P_EDSA                                  = 0xdada
+	ETH_P_ERSPAN                                = 0x88be
+	ETH_P_ERSPAN2                               = 0x22eb
+	ETH_P_FCOE                                  = 0x8906
+	ETH_P_FIP                                   = 0x8914
+	ETH_P_HDLC                                  = 0x19
+	ETH_P_HSR                                   = 0x892f
+	ETH_P_IBOE                                  = 0x8915
+	ETH_P_IEEE802154                            = 0xf6
+	ETH_P_IEEEPUP                               = 0xa00
+	ETH_P_IEEEPUPAT                             = 0xa01
+	ETH_P_IFE                                   = 0xed3e
+	ETH_P_IP                                    = 0x800
+	ETH_P_IPV6                                  = 0x86dd
+	ETH_P_IPX                                   = 0x8137
+	ETH_P_IRDA                                  = 0x17
+	ETH_P_LAT                                   = 0x6004
+	ETH_P_LINK_CTL                              = 0x886c
+	ETH_P_LLDP                                  = 0x88cc
+	ETH_P_LOCALTALK                             = 0x9
+	ETH_P_LOOP                                  = 0x60
+	ETH_P_LOOPBACK                              = 0x9000
+	ETH_P_MACSEC                                = 0x88e5
+	ETH_P_MAP                                   = 0xf9
+	ETH_P_MOBITEX                               = 0x15
+	ETH_P_MPLS_MC                               = 0x8848
+	ETH_P_MPLS_UC                               = 0x8847
+	ETH_P_MRP                                   = 0x88e3
+	ETH_P_MVRP                                  = 0x88f5
+	ETH_P_NCSI                                  = 0x88f8
+	ETH_P_NSH                                   = 0x894f
+	ETH_P_PAE                                   = 0x888e
+	ETH_P_PAUSE                                 = 0x8808
+	ETH_P_PHONET                                = 0xf5
+	ETH_P_PPPTALK                               = 0x10
+	ETH_P_PPP_DISC                              = 0x8863
+	ETH_P_PPP_MP                                = 0x8
+	ETH_P_PPP_SES                               = 0x8864
+	ETH_P_PREAUTH                               = 0x88c7
+	ETH_P_PRP                                   = 0x88fb
+	ETH_P_PUP                                   = 0x200
+	ETH_P_PUPAT                                 = 0x201
+	ETH_P_QINQ1                                 = 0x9100
+	ETH_P_QINQ2                                 = 0x9200
+	ETH_P_QINQ3                                 = 0x9300
+	ETH_P_RARP                                  = 0x8035
+	ETH_P_SCA                                   = 0x6007
+	ETH_P_SLOW                                  = 0x8809
+	ETH_P_SNAP                                  = 0x5
+	ETH_P_TDLS                                  = 0x890d
+	ETH_P_TEB                                   = 0x6558
+	ETH_P_TIPC                                  = 0x88ca
+	ETH_P_TRAILER                               = 0x1c
+	ETH_P_TR_802_2                              = 0x11
+	ETH_P_TSN                                   = 0x22f0
+	ETH_P_WAN_PPP                               = 0x7
+	ETH_P_WCCP                                  = 0x883e
+	ETH_P_X25                                   = 0x805
+	ETH_P_XDSA                                  = 0xf8
+	EXABYTE_ENABLE_NEST                         = 0xf0
+	EXT2_SUPER_MAGIC                            = 0xef53
+	EXT3_SUPER_MAGIC                            = 0xef53
+	EXT4_SUPER_MAGIC                            = 0xef53
+	EXTA                                        = 0xe
+	EXTB                                        = 0xf
+	F2FS_SUPER_MAGIC                            = 0xf2f52010
+	FALLOC_FL_COLLAPSE_RANGE                    = 0x8
+	FALLOC_FL_INSERT_RANGE                      = 0x20
+	FALLOC_FL_KEEP_SIZE                         = 0x1
+	FALLOC_FL_NO_HIDE_STALE                     = 0x4
+	FALLOC_FL_PUNCH_HOLE                        = 0x2
+	FALLOC_FL_UNSHARE_RANGE                     = 0x40
+	FALLOC_FL_ZERO_RANGE                        = 0x10
+	FANOTIFY_METADATA_VERSION                   = 0x3
+	FAN_ACCESS                                  = 0x1
+	FAN_ACCESS_PERM                             = 0x20000
+	FAN_ALLOW                                   = 0x1
+	FAN_ALL_CLASS_BITS                          = 0xc
+	FAN_ALL_EVENTS                              = 0x3b
+	FAN_ALL_INIT_FLAGS                          = 0x3f
+	FAN_ALL_MARK_FLAGS                          = 0xff
+	FAN_ALL_OUTGOING_EVENTS                     = 0x3403b
+	FAN_ALL_PERM_EVENTS                         = 0x30000
+	FAN_ATTRIB                                  = 0x4
+	FAN_AUDIT                                   = 0x10
+	FAN_CLASS_CONTENT                           = 0x4
+	FAN_CLASS_NOTIF                             = 0x0
+	FAN_CLASS_PRE_CONTENT                       = 0x8
+	FAN_CLOEXEC                                 = 0x1
+	FAN_CLOSE                                   = 0x18
+	FAN_CLOSE_NOWRITE                           = 0x10
+	FAN_CLOSE_WRITE                             = 0x8
+	FAN_CREATE                                  = 0x100
+	FAN_DELETE                                  = 0x200
+	FAN_DELETE_SELF                             = 0x400
+	FAN_DENY                                    = 0x2
+	FAN_DIR_MODIFY                              = 0x80000
+	FAN_ENABLE_AUDIT                            = 0x40
+	FAN_EVENT_INFO_TYPE_DFID_NAME               = 0x2
+	FAN_EVENT_INFO_TYPE_FID                     = 0x1
+	FAN_EVENT_METADATA_LEN                      = 0x18
+	FAN_EVENT_ON_CHILD                          = 0x8000000
+	FAN_MARK_ADD                                = 0x1
+	FAN_MARK_DONT_FOLLOW                        = 0x4
+	FAN_MARK_FILESYSTEM                         = 0x100
+	FAN_MARK_FLUSH                              = 0x80
+	FAN_MARK_IGNORED_MASK                       = 0x20
+	FAN_MARK_IGNORED_SURV_MODIFY                = 0x40
+	FAN_MARK_INODE                              = 0x0
+	FAN_MARK_MOUNT                              = 0x10
+	FAN_MARK_ONLYDIR                            = 0x8
+	FAN_MARK_REMOVE                             = 0x2
+	FAN_MODIFY                                  = 0x2
+	FAN_MOVE                                    = 0xc0
+	FAN_MOVED_FROM                              = 0x40
+	FAN_MOVED_TO                                = 0x80
+	FAN_MOVE_SELF                               = 0x800
+	FAN_NOFD                                    = -0x1
+	FAN_NONBLOCK                                = 0x2
+	FAN_ONDIR                                   = 0x40000000
+	FAN_OPEN                                    = 0x20
+	FAN_OPEN_EXEC                               = 0x1000
+	FAN_OPEN_EXEC_PERM                          = 0x40000
+	FAN_OPEN_PERM                               = 0x10000
+	FAN_Q_OVERFLOW                              = 0x4000
+	FAN_REPORT_FID                              = 0x200
+	FAN_REPORT_TID                              = 0x100
+	FAN_UNLIMITED_MARKS                         = 0x20
+	FAN_UNLIMITED_QUEUE                         = 0x10
+	FD_CLOEXEC                                  = 0x1
+	FD_SETSIZE                                  = 0x400
+	FF0                                         = 0x0
+	FIDEDUPERANGE                               = 0xc0189436
+	FSCRYPT_KEY_DESCRIPTOR_SIZE                 = 0x8
+	FSCRYPT_KEY_DESC_PREFIX                     = "fscrypt:"
+	FSCRYPT_KEY_DESC_PREFIX_SIZE                = 0x8
+	FSCRYPT_KEY_IDENTIFIER_SIZE                 = 0x10
+	FSCRYPT_KEY_REMOVAL_STATUS_FLAG_FILES_BUSY  = 0x1
+	FSCRYPT_KEY_REMOVAL_STATUS_FLAG_OTHER_USERS = 0x2
+	FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR            = 0x1
+	FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER            = 0x2
+	FSCRYPT_KEY_STATUS_ABSENT                   = 0x1
+	FSCRYPT_KEY_STATUS_FLAG_ADDED_BY_SELF       = 0x1
+	FSCRYPT_KEY_STATUS_INCOMPLETELY_REMOVED     = 0x3
+	FSCRYPT_KEY_STATUS_PRESENT                  = 0x2
+	FSCRYPT_MAX_KEY_SIZE                        = 0x40
+	FSCRYPT_MODE_ADIANTUM                       = 0x9
+	FSCRYPT_MODE_AES_128_CBC                    = 0x5
+	FSCRYPT_MODE_AES_128_CTS                    = 0x6
+	FSCRYPT_MODE_AES_256_CTS                    = 0x4
+	FSCRYPT_MODE_AES_256_XTS                    = 0x1
+	FSCRYPT_POLICY_FLAGS_PAD_16                 = 0x2
+	FSCRYPT_POLICY_FLAGS_PAD_32                 = 0x3
+	FSCRYPT_POLICY_FLAGS_PAD_4                  = 0x0
+	FSCRYPT_POLICY_FLAGS_PAD_8                  = 0x1
+	FSCRYPT_POLICY_FLAGS_PAD_MASK               = 0x3
+	FSCRYPT_POLICY_FLAGS_VALID                  = 0x1f
+	FSCRYPT_POLICY_FLAG_DIRECT_KEY              = 0x4
+	FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32          = 0x10
+	FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64          = 0x8
+	FSCRYPT_POLICY_V1                           = 0x0
+	FSCRYPT_POLICY_V2                           = 0x2
+	FS_ENCRYPTION_MODE_ADIANTUM                 = 0x9
+	FS_ENCRYPTION_MODE_AES_128_CBC              = 0x5
+	FS_ENCRYPTION_MODE_AES_128_CTS              = 0x6
+	FS_ENCRYPTION_MODE_AES_256_CBC              = 0x3
+	FS_ENCRYPTION_MODE_AES_256_CTS              = 0x4
+	FS_ENCRYPTION_MODE_AES_256_GCM              = 0x2
+	FS_ENCRYPTION_MODE_AES_256_XTS              = 0x1
+	FS_ENCRYPTION_MODE_INVALID                  = 0x0
+	FS_ENCRYPTION_MODE_SPECK128_256_CTS         = 0x8
+	FS_ENCRYPTION_MODE_SPECK128_256_XTS         = 0x7
+	FS_IOC_ADD_ENCRYPTION_KEY                   = 0xc0506617
+	FS_IOC_GET_ENCRYPTION_KEY_STATUS            = 0xc080661a
+	FS_IOC_GET_ENCRYPTION_POLICY_EX             = 0xc0096616
+	FS_IOC_MEASURE_VERITY                       = 0xc0046686
+	FS_IOC_REMOVE_ENCRYPTION_KEY                = 0xc0406618
+	FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS      = 0xc0406619
+	FS_KEY_DESCRIPTOR_SIZE                      = 0x8
+	FS_KEY_DESC_PREFIX                          = "fscrypt:"
+	FS_KEY_DESC_PREFIX_SIZE                     = 0x8
+	FS_MAX_KEY_SIZE                             = 0x40
+	FS_POLICY_FLAGS_PAD_16                      = 0x2
+	FS_POLICY_FLAGS_PAD_32                      = 0x3
+	FS_POLICY_FLAGS_PAD_4                       = 0x0
+	FS_POLICY_FLAGS_PAD_8                       = 0x1
+	FS_POLICY_FLAGS_PAD_MASK                    = 0x3
+	FS_POLICY_FLAGS_VALID                       = 0x1f
+	FS_VERITY_FL                                = 0x100000
+	FS_VERITY_HASH_ALG_SHA256                   = 0x1
+	FS_VERITY_HASH_ALG_SHA512                   = 0x2
+	FUTEXFS_SUPER_MAGIC                         = 0xbad1dea
+	F_ADD_SEALS                                 = 0x409
+	F_DUPFD                                     = 0x0
+	F_DUPFD_CLOEXEC                             = 0x406
+	F_EXLCK                                     = 0x4
+	F_GETFD                                     = 0x1
+	F_GETFL                                     = 0x3
+	F_GETLEASE                                  = 0x401
+	F_GETOWN_EX                                 = 0x10
+	F_GETPIPE_SZ                                = 0x408
+	F_GETSIG                                    = 0xb
+	F_GET_FILE_RW_HINT                          = 0x40d
+	F_GET_RW_HINT                               = 0x40b
+	F_GET_SEALS                                 = 0x40a
+	F_LOCK                                      = 0x1
+	F_NOTIFY                                    = 0x402
+	F_OFD_GETLK                                 = 0x24
+	F_OFD_SETLK                                 = 0x25
+	F_OFD_SETLKW                                = 0x26
+	F_OK                                        = 0x0
+	F_SEAL_FUTURE_WRITE                         = 0x10
+	F_SEAL_GROW                                 = 0x4
+	F_SEAL_SEAL                                 = 0x1
+	F_SEAL_SHRINK                               = 0x2
+	F_SEAL_WRITE                                = 0x8
+	F_SETFD                                     = 0x2
+	F_SETFL                                     = 0x4
+	F_SETLEASE                                  = 0x400
+	F_SETOWN_EX                                 = 0xf
+	F_SETPIPE_SZ                                = 0x407
+	F_SETSIG                                    = 0xa
+	F_SET_FILE_RW_HINT                          = 0x40e
+	F_SET_RW_HINT                               = 0x40c
+	F_SHLCK                                     = 0x8
+	F_TEST                                      = 0x3
+	F_TLOCK                                     = 0x2
+	F_ULOCK                                     = 0x0
+	GENL_ADMIN_PERM                             = 0x1
+	GENL_CMD_CAP_DO                             = 0x2
+	GENL_CMD_CAP_DUMP                           = 0x4
+	GENL_CMD_CAP_HASPOL                         = 0x8
+	GENL_HDRLEN                                 = 0x4
+	GENL_ID_CTRL                                = 0x10
+	GENL_ID_PMCRAID                             = 0x12
+	GENL_ID_VFS_DQUOT                           = 0x11
+	GENL_MAX_ID                                 = 0x3ff
+	GENL_MIN_ID                                 = 0x10
+	GENL_NAMSIZ                                 = 0x10
+	GENL_START_ALLOC                            = 0x13
+	GENL_UNS_ADMIN_PERM                         = 0x10
+	GRND_INSECURE                               = 0x4
+	GRND_NONBLOCK                               = 0x1
+	GRND_RANDOM                                 = 0x2
+	HDIO_DRIVE_CMD                              = 0x31f
+	HDIO_DRIVE_CMD_AEB                          = 0x31e
+	HDIO_DRIVE_CMD_HDR_SIZE                     = 0x4
+	HDIO_DRIVE_HOB_HDR_SIZE                     = 0x8
+	HDIO_DRIVE_RESET                            = 0x31c
+	HDIO_DRIVE_TASK                             = 0x31e
+	HDIO_DRIVE_TASKFILE                         = 0x31d
+	HDIO_DRIVE_TASK_HDR_SIZE                    = 0x8
+	HDIO_GETGEO                                 = 0x301
+	HDIO_GET_32BIT                              = 0x309
+	HDIO_GET_ACOUSTIC                           = 0x30f
+	HDIO_GET_ADDRESS                            = 0x310
+	HDIO_GET_BUSSTATE                           = 0x31a
+	HDIO_GET_DMA                                = 0x30b
+	HDIO_GET_IDENTITY                           = 0x30d
+	HDIO_GET_KEEPSETTINGS                       = 0x308
+	HDIO_GET_MULTCOUNT                          = 0x304
+	HDIO_GET_NICE                               = 0x30c
+	HDIO_GET_NOWERR                             = 0x30a
+	HDIO_GET_QDMA                               = 0x305
+	HDIO_GET_UNMASKINTR                         = 0x302
+	HDIO_GET_WCACHE                             = 0x30e
+	HDIO_OBSOLETE_IDENTITY                      = 0x307
+	HDIO_SCAN_HWIF                              = 0x328
+	HDIO_SET_32BIT                              = 0x324
+	HDIO_SET_ACOUSTIC                           = 0x32c
+	HDIO_SET_ADDRESS                            = 0x32f
+	HDIO_SET_BUSSTATE                           = 0x32d
+	HDIO_SET_DMA                                = 0x326
+	HDIO_SET_KEEPSETTINGS                       = 0x323
+	HDIO_SET_MULTCOUNT                          = 0x321
+	HDIO_SET_NICE                               = 0x329
+	HDIO_SET_NOWERR                             = 0x325
+	HDIO_SET_PIO_MODE                           = 0x327
+	HDIO_SET_QDMA                               = 0x32e
+	HDIO_SET_UNMASKINTR                         = 0x322
+	HDIO_SET_WCACHE                             = 0x32b
+	HDIO_SET_XFER                               = 0x306
+	HDIO_TRISTATE_HWIF                          = 0x31b
+	HDIO_UNREGISTER_HWIF                        = 0x32a
+	HOSTFS_SUPER_MAGIC                          = 0xc0ffee
+	HPFS_SUPER_MAGIC                            = 0xf995e849
+	HUGETLBFS_MAGIC                             = 0x958458f6
+	IBSHIFT                                     = 0x10
+	ICMPV6_FILTER                               = 0x1
+	ICRNL                                       = 0x100
+	IFA_F_DADFAILED                             = 0x8
+	IFA_F_DEPRECATED                            = 0x20
+	IFA_F_HOMEADDRESS                           = 0x10
+	IFA_F_MANAGETEMPADDR                        = 0x100
+	IFA_F_MCAUTOJOIN                            = 0x400
+	IFA_F_NODAD                                 = 0x2
+	IFA_F_NOPREFIXROUTE                         = 0x200
+	IFA_F_OPTIMISTIC                            = 0x4
+	IFA_F_PERMANENT                             = 0x80
+	IFA_F_SECONDARY                             = 0x1
+	IFA_F_STABLE_PRIVACY                        = 0x800
+	IFA_F_TEMPORARY                             = 0x1
+	IFA_F_TENTATIVE                             = 0x40
+	IFA_MAX                                     = 0xa
+	IFF_ALLMULTI                                = 0x200
+	IFF_ATTACH_QUEUE                            = 0x200
+	IFF_AUTOMEDIA                               = 0x4000
+	IFF_BROADCAST                               = 0x2
+	IFF_DEBUG                                   = 0x4
+	IFF_DETACH_QUEUE                            = 0x400
+	IFF_DORMANT                                 = 0x20000
+	IFF_DYNAMIC                                 = 0x8000
+	IFF_ECHO                                    = 0x40000
+	IFF_LOOPBACK                                = 0x8
+	IFF_LOWER_UP                                = 0x10000
+	IFF_MASTER                                  = 0x400
+	IFF_MULTICAST                               = 0x1000
+	IFF_MULTI_QUEUE                             = 0x100
+	IFF_NAPI                                    = 0x10
+	IFF_NAPI_FRAGS                              = 0x20
+	IFF_NOARP                                   = 0x80
+	IFF_NOFILTER                                = 0x1000
+	IFF_NOTRAILERS                              = 0x20
+	IFF_NO_PI                                   = 0x1000
+	IFF_ONE_QUEUE                               = 0x2000
+	IFF_PERSIST                                 = 0x800
+	IFF_POINTOPOINT                             = 0x10
+	IFF_PORTSEL                                 = 0x2000
+	IFF_PROMISC                                 = 0x100
+	IFF_RUNNING                                 = 0x40
+	IFF_SLAVE                                   = 0x800
+	IFF_TAP                                     = 0x2
+	IFF_TUN                                     = 0x1
+	IFF_TUN_EXCL                                = 0x8000
+	IFF_UP                                      = 0x1
+	IFF_VNET_HDR                                = 0x4000
+	IFF_VOLATILE                                = 0x70c5a
+	IFNAMSIZ                                    = 0x10
+	IGNBRK                                      = 0x1
+	IGNCR                                       = 0x80
+	IGNPAR                                      = 0x4
+	IMAXBEL                                     = 0x2000
+	INLCR                                       = 0x40
+	INPCK                                       = 0x10
+	IN_ACCESS                                   = 0x1
+	IN_ALL_EVENTS                               = 0xfff
+	IN_ATTRIB                                   = 0x4
+	IN_CLASSA_HOST                              = 0xffffff
+	IN_CLASSA_MAX                               = 0x80
+	IN_CLASSA_NET                               = 0xff000000
+	IN_CLASSA_NSHIFT                            = 0x18
+	IN_CLASSB_HOST                              = 0xffff
+	IN_CLASSB_MAX                               = 0x10000
+	IN_CLASSB_NET                               = 0xffff0000
+	IN_CLASSB_NSHIFT                            = 0x10
+	IN_CLASSC_HOST                              = 0xff
+	IN_CLASSC_NET                               = 0xffffff00
+	IN_CLASSC_NSHIFT                            = 0x8
+	IN_CLOSE                                    = 0x18
+	IN_CLOSE_NOWRITE                            = 0x10
+	IN_CLOSE_WRITE                              = 0x8
+	IN_CREATE                                   = 0x100
+	IN_DELETE                                   = 0x200
+	IN_DELETE_SELF                              = 0x400
+	IN_DONT_FOLLOW                              = 0x2000000
+	IN_EXCL_UNLINK                              = 0x4000000
+	IN_IGNORED                                  = 0x8000
+	IN_ISDIR                                    = 0x40000000
+	IN_LOOPBACKNET                              = 0x7f
+	IN_MASK_ADD                                 = 0x20000000
+	IN_MASK_CREATE                              = 0x10000000
+	IN_MODIFY                                   = 0x2
+	IN_MOVE                                     = 0xc0
+	IN_MOVED_FROM                               = 0x40
+	IN_MOVED_TO                                 = 0x80
+	IN_MOVE_SELF                                = 0x800
+	IN_ONESHOT                                  = 0x80000000
+	IN_ONLYDIR                                  = 0x1000000
+	IN_OPEN                                     = 0x20
+	IN_Q_OVERFLOW                               = 0x4000
+	IN_UNMOUNT                                  = 0x2000
+	IPPROTO_AH                                  = 0x33
+	IPPROTO_BEETPH                              = 0x5e
+	IPPROTO_COMP                                = 0x6c
+	IPPROTO_DCCP                                = 0x21
+	IPPROTO_DSTOPTS                             = 0x3c
+	IPPROTO_EGP                                 = 0x8
+	IPPROTO_ENCAP                               = 0x62
+	IPPROTO_ESP                                 = 0x32
+	IPPROTO_ETHERNET                            = 0x8f
+	IPPROTO_FRAGMENT                            = 0x2c
+	IPPROTO_GRE                                 = 0x2f
+	IPPROTO_HOPOPTS                             = 0x0
+	IPPROTO_ICMP                                = 0x1
+	IPPROTO_ICMPV6                              = 0x3a
+	IPPROTO_IDP                                 = 0x16
+	IPPROTO_IGMP                                = 0x2
+	IPPROTO_IP                                  = 0x0
+	IPPROTO_IPIP                                = 0x4
+	IPPROTO_IPV6                                = 0x29
+	IPPROTO_L2TP                                = 0x73
+	IPPROTO_MH                                  = 0x87
+	IPPROTO_MPLS                                = 0x89
+	IPPROTO_MPTCP                               = 0x106
+	IPPROTO_MTP                                 = 0x5c
+	IPPROTO_NONE                                = 0x3b
+	IPPROTO_PIM                                 = 0x67
+	IPPROTO_PUP                                 = 0xc
+	IPPROTO_RAW                                 = 0xff
+	IPPROTO_ROUTING                             = 0x2b
+	IPPROTO_RSVP                                = 0x2e
+	IPPROTO_SCTP                                = 0x84
+	IPPROTO_TCP                                 = 0x6
+	IPPROTO_TP                                  = 0x1d
+	IPPROTO_UDP                                 = 0x11
+	IPPROTO_UDPLITE                             = 0x88
+	IPV6_2292DSTOPTS                            = 0x4
+	IPV6_2292HOPLIMIT                           = 0x8
+	IPV6_2292HOPOPTS                            = 0x3
+	IPV6_2292PKTINFO                            = 0x2
+	IPV6_2292PKTOPTIONS                         = 0x6
+	IPV6_2292RTHDR                              = 0x5
+	IPV6_ADDRFORM                               = 0x1
+	IPV6_ADDR_PREFERENCES                       = 0x48
+	IPV6_ADD_MEMBERSHIP                         = 0x14
+	IPV6_AUTHHDR                                = 0xa
+	IPV6_AUTOFLOWLABEL                          = 0x46
+	IPV6_CHECKSUM                               = 0x7
+	IPV6_DONTFRAG                               = 0x3e
+	IPV6_DROP_MEMBERSHIP                        = 0x15
+	IPV6_DSTOPTS                                = 0x3b
+	IPV6_FREEBIND                               = 0x4e
+	IPV6_HDRINCL                                = 0x24
+	IPV6_HOPLIMIT                               = 0x34
+	IPV6_HOPOPTS                                = 0x36
+	IPV6_IPSEC_POLICY                           = 0x22
+	IPV6_JOIN_ANYCAST                           = 0x1b
+	IPV6_JOIN_GROUP                             = 0x14
+	IPV6_LEAVE_ANYCAST                          = 0x1c
+	IPV6_LEAVE_GROUP                            = 0x15
+	IPV6_MINHOPCOUNT                            = 0x49
+	IPV6_MTU                                    = 0x18
+	IPV6_MTU_DISCOVER                           = 0x17
+	IPV6_MULTICAST_ALL                          = 0x1d
+	IPV6_MULTICAST_HOPS                         = 0x12
+	IPV6_MULTICAST_IF                           = 0x11
+	IPV6_MULTICAST_LOOP                         = 0x13
+	IPV6_NEXTHOP                                = 0x9
+	IPV6_ORIGDSTADDR                            = 0x4a
+	IPV6_PATHMTU                                = 0x3d
+	IPV6_PKTINFO                                = 0x32
+	IPV6_PMTUDISC_DO                            = 0x2
+	IPV6_PMTUDISC_DONT                          = 0x0
+	IPV6_PMTUDISC_INTERFACE                     = 0x4
+	IPV6_PMTUDISC_OMIT                          = 0x5
+	IPV6_PMTUDISC_PROBE                         = 0x3
+	IPV6_PMTUDISC_WANT                          = 0x1
+	IPV6_RECVDSTOPTS                            = 0x3a
+	IPV6_RECVERR                                = 0x19
+	IPV6_RECVFRAGSIZE                           = 0x4d
+	IPV6_RECVHOPLIMIT                           = 0x33
+	IPV6_RECVHOPOPTS                            = 0x35
+	IPV6_RECVORIGDSTADDR                        = 0x4a
+	IPV6_RECVPATHMTU                            = 0x3c
+	IPV6_RECVPKTINFO                            = 0x31
+	IPV6_RECVRTHDR                              = 0x38
+	IPV6_RECVTCLASS                             = 0x42
+	IPV6_ROUTER_ALERT                           = 0x16
+	IPV6_ROUTER_ALERT_ISOLATE                   = 0x1e
+	IPV6_RTHDR                                  = 0x39
+	IPV6_RTHDRDSTOPTS                           = 0x37
+	IPV6_RTHDR_LOOSE                            = 0x0
+	IPV6_RTHDR_STRICT                           = 0x1
+	IPV6_RTHDR_TYPE_0                           = 0x0
+	IPV6_RXDSTOPTS                              = 0x3b
+	IPV6_RXHOPOPTS                              = 0x36
+	IPV6_TCLASS                                 = 0x43
+	IPV6_TRANSPARENT                            = 0x4b
+	IPV6_UNICAST_HOPS                           = 0x10
+	IPV6_UNICAST_IF                             = 0x4c
+	IPV6_V6ONLY                                 = 0x1a
+	IPV6_XFRM_POLICY                            = 0x23
+	IP_ADD_MEMBERSHIP                           = 0x23
+	IP_ADD_SOURCE_MEMBERSHIP                    = 0x27
+	IP_BIND_ADDRESS_NO_PORT                     = 0x18
+	IP_BLOCK_SOURCE                             = 0x26
+	IP_CHECKSUM                                 = 0x17
+	IP_DEFAULT_MULTICAST_LOOP                   = 0x1
+	IP_DEFAULT_MULTICAST_TTL                    = 0x1
+	IP_DF                                       = 0x4000
+	IP_DROP_MEMBERSHIP                          = 0x24
+	IP_DROP_SOURCE_MEMBERSHIP                   = 0x28
+	IP_FREEBIND                                 = 0xf
+	IP_HDRINCL                                  = 0x3
+	IP_IPSEC_POLICY                             = 0x10
+	IP_MAXPACKET                                = 0xffff
+	IP_MAX_MEMBERSHIPS                          = 0x14
+	IP_MF                                       = 0x2000
+	IP_MINTTL                                   = 0x15
+	IP_MSFILTER                                 = 0x29
+	IP_MSS                                      = 0x240
+	IP_MTU                                      = 0xe
+	IP_MTU_DISCOVER                             = 0xa
+	IP_MULTICAST_ALL                            = 0x31
+	IP_MULTICAST_IF                             = 0x20
+	IP_MULTICAST_LOOP                           = 0x22
+	IP_MULTICAST_TTL                            = 0x21
+	IP_NODEFRAG                                 = 0x16
+	IP_OFFMASK                                  = 0x1fff
+	IP_OPTIONS                                  = 0x4
+	IP_ORIGDSTADDR                              = 0x14
+	IP_PASSSEC                                  = 0x12
+	IP_PKTINFO                                  = 0x8
+	IP_PKTOPTIONS                               = 0x9
+	IP_PMTUDISC                                 = 0xa
+	IP_PMTUDISC_DO                              = 0x2
+	IP_PMTUDISC_DONT                            = 0x0
+	IP_PMTUDISC_INTERFACE                       = 0x4
+	IP_PMTUDISC_OMIT                            = 0x5
+	IP_PMTUDISC_PROBE                           = 0x3
+	IP_PMTUDISC_WANT                            = 0x1
+	IP_RECVERR                                  = 0xb
+	IP_RECVFRAGSIZE                             = 0x19
+	IP_RECVOPTS                                 = 0x6
+	IP_RECVORIGDSTADDR                          = 0x14
+	IP_RECVRETOPTS                              = 0x7
+	IP_RECVTOS                                  = 0xd
+	IP_RECVTTL                                  = 0xc
+	IP_RETOPTS                                  = 0x7
+	IP_RF                                       = 0x8000
+	IP_ROUTER_ALERT                             = 0x5
+	IP_TOS                                      = 0x1
+	IP_TRANSPARENT                              = 0x13
+	IP_TTL                                      = 0x2
+	IP_UNBLOCK_SOURCE                           = 0x25
+	IP_UNICAST_IF                               = 0x32
+	IP_XFRM_POLICY                              = 0x11
+	ISOFS_SUPER_MAGIC                           = 0x9660
+	ISTRIP                                      = 0x20
+	IUTF8                                       = 0x4000
+	IXANY                                       = 0x800
+	JFFS2_SUPER_MAGIC                           = 0x72b6
+	KEXEC_ARCH_386                              = 0x30000
+	KEXEC_ARCH_68K                              = 0x40000
+	KEXEC_ARCH_AARCH64                          = 0xb70000
+	KEXEC_ARCH_ARM                              = 0x280000
+	KEXEC_ARCH_DEFAULT                          = 0x0
+	KEXEC_ARCH_IA_64                            = 0x320000
+	KEXEC_ARCH_MASK                             = 0xffff0000
+	KEXEC_ARCH_MIPS                             = 0x80000
+	KEXEC_ARCH_MIPS_LE                          = 0xa0000
+	KEXEC_ARCH_PARISC                           = 0xf0000
+	KEXEC_ARCH_PPC                              = 0x140000
+	KEXEC_ARCH_PPC64                            = 0x150000
+	KEXEC_ARCH_S390                             = 0x160000
+	KEXEC_ARCH_SH                               = 0x2a0000
+	KEXEC_ARCH_X86_64                           = 0x3e0000
+	KEXEC_FILE_NO_INITRAMFS                     = 0x4
+	KEXEC_FILE_ON_CRASH                         = 0x2
+	KEXEC_FILE_UNLOAD                           = 0x1
+	KEXEC_ON_CRASH                              = 0x1
+	KEXEC_PRESERVE_CONTEXT                      = 0x2
+	KEXEC_SEGMENT_MAX                           = 0x10
+	KEYCTL_ASSUME_AUTHORITY                     = 0x10
+	KEYCTL_CAPABILITIES                         = 0x1f
+	KEYCTL_CAPS0_BIG_KEY                        = 0x10
+	KEYCTL_CAPS0_CAPABILITIES                   = 0x1
+	KEYCTL_CAPS0_DIFFIE_HELLMAN                 = 0x4
+	KEYCTL_CAPS0_INVALIDATE                     = 0x20
+	KEYCTL_CAPS0_MOVE                           = 0x80
+	KEYCTL_CAPS0_PERSISTENT_KEYRINGS            = 0x2
+	KEYCTL_CAPS0_PUBLIC_KEY                     = 0x8
+	KEYCTL_CAPS0_RESTRICT_KEYRING               = 0x40
+	KEYCTL_CAPS1_NOTIFICATIONS                  = 0x4
+	KEYCTL_CAPS1_NS_KEYRING_NAME                = 0x1
+	KEYCTL_CAPS1_NS_KEY_TAG                     = 0x2
+	KEYCTL_CHOWN                                = 0x4
+	KEYCTL_CLEAR                                = 0x7
+	KEYCTL_DESCRIBE                             = 0x6
+	KEYCTL_DH_COMPUTE                           = 0x17
+	KEYCTL_GET_KEYRING_ID                       = 0x0
+	KEYCTL_GET_PERSISTENT                       = 0x16
+	KEYCTL_GET_SECURITY                         = 0x11
+	KEYCTL_INSTANTIATE                          = 0xc
+	KEYCTL_INSTANTIATE_IOV                      = 0x14
+	KEYCTL_INVALIDATE                           = 0x15
+	KEYCTL_JOIN_SESSION_KEYRING                 = 0x1
+	KEYCTL_LINK                                 = 0x8
+	KEYCTL_MOVE                                 = 0x1e
+	KEYCTL_MOVE_EXCL                            = 0x1
+	KEYCTL_NEGATE                               = 0xd
+	KEYCTL_PKEY_DECRYPT                         = 0x1a
+	KEYCTL_PKEY_ENCRYPT                         = 0x19
+	KEYCTL_PKEY_QUERY                           = 0x18
+	KEYCTL_PKEY_SIGN                            = 0x1b
+	KEYCTL_PKEY_VERIFY                          = 0x1c
+	KEYCTL_READ                                 = 0xb
+	KEYCTL_REJECT                               = 0x13
+	KEYCTL_RESTRICT_KEYRING                     = 0x1d
+	KEYCTL_REVOKE                               = 0x3
+	KEYCTL_SEARCH                               = 0xa
+	KEYCTL_SESSION_TO_PARENT                    = 0x12
+	KEYCTL_SETPERM                              = 0x5
+	KEYCTL_SET_REQKEY_KEYRING                   = 0xe
+	KEYCTL_SET_TIMEOUT                          = 0xf
+	KEYCTL_SUPPORTS_DECRYPT                     = 0x2
+	KEYCTL_SUPPORTS_ENCRYPT                     = 0x1
+	KEYCTL_SUPPORTS_SIGN                        = 0x4
+	KEYCTL_SUPPORTS_VERIFY                      = 0x8
+	KEYCTL_UNLINK                               = 0x9
+	KEYCTL_UPDATE                               = 0x2
+	KEYCTL_WATCH_KEY                            = 0x20
+	KEY_REQKEY_DEFL_DEFAULT                     = 0x0
+	KEY_REQKEY_DEFL_GROUP_KEYRING               = 0x6
+	KEY_REQKEY_DEFL_NO_CHANGE                   = -0x1
+	KEY_REQKEY_DEFL_PROCESS_KEYRING             = 0x2
+	KEY_REQKEY_DEFL_REQUESTOR_KEYRING           = 0x7
+	KEY_REQKEY_DEFL_SESSION_KEYRING             = 0x3
+	KEY_REQKEY_DEFL_THREAD_KEYRING              = 0x1
+	KEY_REQKEY_DEFL_USER_KEYRING                = 0x4
+	KEY_REQKEY_DEFL_USER_SESSION_KEYRING        = 0x5
+	KEY_SPEC_GROUP_KEYRING                      = -0x6
+	KEY_SPEC_PROCESS_KEYRING                    = -0x2
+	KEY_SPEC_REQKEY_AUTH_KEY                    = -0x7
+	KEY_SPEC_REQUESTOR_KEYRING                  = -0x8
+	KEY_SPEC_SESSION_KEYRING                    = -0x3
+	KEY_SPEC_THREAD_KEYRING                     = -0x1
+	KEY_SPEC_USER_KEYRING                       = -0x4
+	KEY_SPEC_USER_SESSION_KEYRING               = -0x5
+	LINUX_REBOOT_CMD_CAD_OFF                    = 0x0
+	LINUX_REBOOT_CMD_CAD_ON                     = 0x89abcdef
+	LINUX_REBOOT_CMD_HALT                       = 0xcdef0123
+	LINUX_REBOOT_CMD_KEXEC                      = 0x45584543
+	LINUX_REBOOT_CMD_POWER_OFF                  = 0x4321fedc
+	LINUX_REBOOT_CMD_RESTART                    = 0x1234567
+	LINUX_REBOOT_CMD_RESTART2                   = 0xa1b2c3d4
+	LINUX_REBOOT_CMD_SW_SUSPEND                 = 0xd000fce2
+	LINUX_REBOOT_MAGIC1                         = 0xfee1dead
+	LINUX_REBOOT_MAGIC2                         = 0x28121969
+	LOCK_EX                                     = 0x2
+	LOCK_NB                                     = 0x4
+	LOCK_SH                                     = 0x1
+	LOCK_UN                                     = 0x8
+	LOOP_CLR_FD                                 = 0x4c01
+	LOOP_CTL_ADD                                = 0x4c80
+	LOOP_CTL_GET_FREE                           = 0x4c82
+	LOOP_CTL_REMOVE                             = 0x4c81
+	LOOP_GET_STATUS                             = 0x4c03
+	LOOP_GET_STATUS64                           = 0x4c05
+	LOOP_SET_BLOCK_SIZE                         = 0x4c09
+	LOOP_SET_CAPACITY                           = 0x4c07
+	LOOP_SET_DIRECT_IO                          = 0x4c08
+	LOOP_SET_FD                                 = 0x4c00
+	LOOP_SET_STATUS                             = 0x4c02
+	LOOP_SET_STATUS64                           = 0x4c04
+	LOOP_SET_STATUS_CLEARABLE_FLAGS             = 0x4
+	LOOP_SET_STATUS_SETTABLE_FLAGS              = 0xc
+	LO_KEY_SIZE                                 = 0x20
+	LO_NAME_SIZE                                = 0x40
+	MADV_COLD                                   = 0x14
+	MADV_DODUMP                                 = 0x11
+	MADV_DOFORK                                 = 0xb
+	MADV_DONTDUMP                               = 0x10
+	MADV_DONTFORK                               = 0xa
+	MADV_DONTNEED                               = 0x4
+	MADV_FREE                                   = 0x8
+	MADV_HUGEPAGE                               = 0xe
+	MADV_HWPOISON                               = 0x64
+	MADV_KEEPONFORK                             = 0x13
+	MADV_MERGEABLE                              = 0xc
+	MADV_NOHUGEPAGE                             = 0xf
+	MADV_NORMAL                                 = 0x0
+	MADV_PAGEOUT                                = 0x15
+	MADV_RANDOM                                 = 0x1
+	MADV_REMOVE                                 = 0x9
+	MADV_SEQUENTIAL                             = 0x2
+	MADV_UNMERGEABLE                            = 0xd
+	MADV_WILLNEED                               = 0x3
+	MADV_WIPEONFORK                             = 0x12
+	MAP_FILE                                    = 0x0
+	MAP_FIXED                                   = 0x10
+	MAP_FIXED_NOREPLACE                         = 0x100000
+	MAP_HUGE_MASK                               = 0x3f
+	MAP_HUGE_SHIFT                              = 0x1a
+	MAP_PRIVATE                                 = 0x2
+	MAP_SHARED                                  = 0x1
+	MAP_SHARED_VALIDATE                         = 0x3
+	MAP_TYPE                                    = 0xf
+	MCAST_BLOCK_SOURCE                          = 0x2b
+	MCAST_EXCLUDE                               = 0x0
+	MCAST_INCLUDE                               = 0x1
+	MCAST_JOIN_GROUP                            = 0x2a
+	MCAST_JOIN_SOURCE_GROUP                     = 0x2e
+	MCAST_LEAVE_GROUP                           = 0x2d
+	MCAST_LEAVE_SOURCE_GROUP                    = 0x2f
+	MCAST_MSFILTER                              = 0x30
+	MCAST_UNBLOCK_SOURCE                        = 0x2c
+	MFD_ALLOW_SEALING                           = 0x2
+	MFD_CLOEXEC                                 = 0x1
+	MFD_HUGETLB                                 = 0x4
+	MFD_HUGE_16GB                               = -0x78000000
+	MFD_HUGE_16MB                               = 0x60000000
+	MFD_HUGE_1GB                                = 0x78000000
+	MFD_HUGE_1MB                                = 0x50000000
+	MFD_HUGE_256MB                              = 0x70000000
+	MFD_HUGE_2GB                                = 0x7c000000
+	MFD_HUGE_2MB                                = 0x54000000
+	MFD_HUGE_32MB                               = 0x64000000
+	MFD_HUGE_512KB                              = 0x4c000000
+	MFD_HUGE_512MB                              = 0x74000000
+	MFD_HUGE_64KB                               = 0x40000000
+	MFD_HUGE_8MB                                = 0x5c000000
+	MFD_HUGE_MASK                               = 0x3f
+	MFD_HUGE_SHIFT                              = 0x1a
+	MINIX2_SUPER_MAGIC                          = 0x2468
+	MINIX2_SUPER_MAGIC2                         = 0x2478
+	MINIX3_SUPER_MAGIC                          = 0x4d5a
+	MINIX_SUPER_MAGIC                           = 0x137f
+	MINIX_SUPER_MAGIC2                          = 0x138f
+	MNT_DETACH                                  = 0x2
+	MNT_EXPIRE                                  = 0x4
+	MNT_FORCE                                   = 0x1
+	MODULE_INIT_IGNORE_MODVERSIONS              = 0x1
+	MODULE_INIT_IGNORE_VERMAGIC                 = 0x2
+	MSDOS_SUPER_MAGIC                           = 0x4d44
+	MSG_BATCH                                   = 0x40000
+	MSG_CMSG_CLOEXEC                            = 0x40000000
+	MSG_CONFIRM                                 = 0x800
+	MSG_CTRUNC                                  = 0x8
+	MSG_DONTROUTE                               = 0x4
+	MSG_DONTWAIT                                = 0x40
+	MSG_EOR                                     = 0x80
+	MSG_ERRQUEUE                                = 0x2000
+	MSG_FASTOPEN                                = 0x20000000
+	MSG_FIN                                     = 0x200
+	MSG_MORE                                    = 0x8000
+	MSG_NOSIGNAL                                = 0x4000
+	MSG_OOB                                     = 0x1
+	MSG_PEEK                                    = 0x2
+	MSG_PROXY                                   = 0x10
+	MSG_RST                                     = 0x1000
+	MSG_SYN                                     = 0x400
+	MSG_TRUNC                                   = 0x20
+	MSG_TRYHARD                                 = 0x4
+	MSG_WAITALL                                 = 0x100
+	MSG_WAITFORONE                              = 0x10000
+	MSG_ZEROCOPY                                = 0x4000000
+	MS_ACTIVE                                   = 0x40000000
+	MS_ASYNC                                    = 0x1
+	MS_BIND                                     = 0x1000
+	MS_BORN                                     = 0x20000000
+	MS_DIRSYNC                                  = 0x80
+	MS_INVALIDATE                               = 0x2
+	MS_I_VERSION                                = 0x800000
+	MS_KERNMOUNT                                = 0x400000
+	MS_LAZYTIME                                 = 0x2000000
+	MS_MANDLOCK                                 = 0x40
+	MS_MGC_MSK                                  = 0xffff0000
+	MS_MGC_VAL                                  = 0xc0ed0000
+	MS_MOVE                                     = 0x2000
+	MS_NOATIME                                  = 0x400
+	MS_NODEV                                    = 0x4
+	MS_NODIRATIME                               = 0x800
+	MS_NOEXEC                                   = 0x8
+	MS_NOREMOTELOCK                             = 0x8000000
+	MS_NOSEC                                    = 0x10000000
+	MS_NOSUID                                   = 0x2
+	MS_NOUSER                                   = -0x80000000
+	MS_POSIXACL                                 = 0x10000
+	MS_PRIVATE                                  = 0x40000
+	MS_RDONLY                                   = 0x1
+	MS_REC                                      = 0x4000
+	MS_RELATIME                                 = 0x200000
+	MS_REMOUNT                                  = 0x20
+	MS_RMT_MASK                                 = 0x2800051
+	MS_SHARED                                   = 0x100000
+	MS_SILENT                                   = 0x8000
+	MS_SLAVE                                    = 0x80000
+	MS_STRICTATIME                              = 0x1000000
+	MS_SUBMOUNT                                 = 0x4000000
+	MS_SYNC                                     = 0x4
+	MS_SYNCHRONOUS                              = 0x10
+	MS_UNBINDABLE                               = 0x20000
+	MS_VERBOSE                                  = 0x8000
+	MTD_INODE_FS_MAGIC                          = 0x11307854
+	NAME_MAX                                    = 0xff
+	NCP_SUPER_MAGIC                             = 0x564c
+	NETLINK_ADD_MEMBERSHIP                      = 0x1
+	NETLINK_AUDIT                               = 0x9
+	NETLINK_BROADCAST_ERROR                     = 0x4
+	NETLINK_CAP_ACK                             = 0xa
+	NETLINK_CONNECTOR                           = 0xb
+	NETLINK_CRYPTO                              = 0x15
+	NETLINK_DNRTMSG                             = 0xe
+	NETLINK_DROP_MEMBERSHIP                     = 0x2
+	NETLINK_ECRYPTFS                            = 0x13
+	NETLINK_EXT_ACK                             = 0xb
+	NETLINK_FIB_LOOKUP                          = 0xa
+	NETLINK_FIREWALL                            = 0x3
+	NETLINK_GENERIC                             = 0x10
+	NETLINK_GET_STRICT_CHK                      = 0xc
+	NETLINK_INET_DIAG                           = 0x4
+	NETLINK_IP6_FW                              = 0xd
+	NETLINK_ISCSI                               = 0x8
+	NETLINK_KOBJECT_UEVENT                      = 0xf
+	NETLINK_LISTEN_ALL_NSID                     = 0x8
+	NETLINK_LIST_MEMBERSHIPS                    = 0x9
+	NETLINK_NETFILTER                           = 0xc
+	NETLINK_NFLOG                               = 0x5
+	NETLINK_NO_ENOBUFS                          = 0x5
+	NETLINK_PKTINFO                             = 0x3
+	NETLINK_RDMA                                = 0x14
+	NETLINK_ROUTE                               = 0x0
+	NETLINK_RX_RING                             = 0x6
+	NETLINK_SCSITRANSPORT                       = 0x12
+	NETLINK_SELINUX                             = 0x7
+	NETLINK_SMC                                 = 0x16
+	NETLINK_SOCK_DIAG                           = 0x4
+	NETLINK_TX_RING                             = 0x7
+	NETLINK_UNUSED                              = 0x1
+	NETLINK_USERSOCK                            = 0x2
+	NETLINK_XFRM                                = 0x6
+	NETNSA_MAX                                  = 0x5
+	NETNSA_NSID_NOT_ASSIGNED                    = -0x1
+	NFNETLINK_V0                                = 0x0
+	NFNLGRP_ACCT_QUOTA                          = 0x8
+	NFNLGRP_CONNTRACK_DESTROY                   = 0x3
+	NFNLGRP_CONNTRACK_EXP_DESTROY               = 0x6
+	NFNLGRP_CONNTRACK_EXP_NEW                   = 0x4
+	NFNLGRP_CONNTRACK_EXP_UPDATE                = 0x5
+	NFNLGRP_CONNTRACK_NEW                       = 0x1
+	NFNLGRP_CONNTRACK_UPDATE                    = 0x2
+	NFNLGRP_MAX                                 = 0x9
+	NFNLGRP_NFTABLES                            = 0x7
+	NFNLGRP_NFTRACE                             = 0x9
+	NFNLGRP_NONE                                = 0x0
+	NFNL_BATCH_MAX                              = 0x1
+	NFNL_MSG_BATCH_BEGIN                        = 0x10
+	NFNL_MSG_BATCH_END                          = 0x11
+	NFNL_NFA_NEST                               = 0x8000
+	NFNL_SUBSYS_ACCT                            = 0x7
+	NFNL_SUBSYS_COUNT                           = 0xc
+	NFNL_SUBSYS_CTHELPER                        = 0x9
+	NFNL_SUBSYS_CTNETLINK                       = 0x1
+	NFNL_SUBSYS_CTNETLINK_EXP                   = 0x2
+	NFNL_SUBSYS_CTNETLINK_TIMEOUT               = 0x8
+	NFNL_SUBSYS_IPSET                           = 0x6
+	NFNL_SUBSYS_NFTABLES                        = 0xa
+	NFNL_SUBSYS_NFT_COMPAT                      = 0xb
+	NFNL_SUBSYS_NONE                            = 0x0
+	NFNL_SUBSYS_OSF                             = 0x5
+	NFNL_SUBSYS_QUEUE                           = 0x3
+	NFNL_SUBSYS_ULOG                            = 0x4
+	NFS_SUPER_MAGIC                             = 0x6969
+	NILFS_SUPER_MAGIC                           = 0x3434
+	NL0                                         = 0x0
+	NL1                                         = 0x100
+	NLA_ALIGNTO                                 = 0x4
+	NLA_F_NESTED                                = 0x8000
+	NLA_F_NET_BYTEORDER                         = 0x4000
+	NLA_HDRLEN                                  = 0x4
+	NLMSG_ALIGNTO                               = 0x4
+	NLMSG_DONE                                  = 0x3
+	NLMSG_ERROR                                 = 0x2
+	NLMSG_HDRLEN                                = 0x10
+	NLMSG_MIN_TYPE                              = 0x10
+	NLMSG_NOOP                                  = 0x1
+	NLMSG_OVERRUN                               = 0x4
+	NLM_F_ACK                                   = 0x4
+	NLM_F_ACK_TLVS                              = 0x200
+	NLM_F_APPEND                                = 0x800
+	NLM_F_ATOMIC                                = 0x400
+	NLM_F_CAPPED                                = 0x100
+	NLM_F_CREATE                                = 0x400
+	NLM_F_DUMP                                  = 0x300
+	NLM_F_DUMP_FILTERED                         = 0x20
+	NLM_F_DUMP_INTR                             = 0x10
+	NLM_F_ECHO                                  = 0x8
+	NLM_F_EXCL                                  = 0x200
+	NLM_F_MATCH                                 = 0x200
+	NLM_F_MULTI                                 = 0x2
+	NLM_F_NONREC                                = 0x100
+	NLM_F_REPLACE                               = 0x100
+	NLM_F_REQUEST                               = 0x1
+	NLM_F_ROOT                                  = 0x100
+	NSFS_MAGIC                                  = 0x6e736673
+	OCFS2_SUPER_MAGIC                           = 0x7461636f
+	OCRNL                                       = 0x8
+	OFDEL                                       = 0x80
+	OFILL                                       = 0x40
+	ONLRET                                      = 0x20
+	ONOCR                                       = 0x10
+	OPENPROM_SUPER_MAGIC                        = 0x9fa1
+	OPOST                                       = 0x1
+	OVERLAYFS_SUPER_MAGIC                       = 0x794c7630
+	O_ACCMODE                                   = 0x3
+	O_RDONLY                                    = 0x0
+	O_RDWR                                      = 0x2
+	O_WRONLY                                    = 0x1
+	PACKET_ADD_MEMBERSHIP                       = 0x1
+	PACKET_AUXDATA                              = 0x8
+	PACKET_BROADCAST                            = 0x1
+	PACKET_COPY_THRESH                          = 0x7
+	PACKET_DROP_MEMBERSHIP                      = 0x2
+	PACKET_FANOUT                               = 0x12
+	PACKET_FANOUT_CBPF                          = 0x6
+	PACKET_FANOUT_CPU                           = 0x2
+	PACKET_FANOUT_DATA                          = 0x16
+	PACKET_FANOUT_EBPF                          = 0x7
+	PACKET_FANOUT_FLAG_DEFRAG                   = 0x8000
+	PACKET_FANOUT_FLAG_ROLLOVER                 = 0x1000
+	PACKET_FANOUT_FLAG_UNIQUEID                 = 0x2000
+	PACKET_FANOUT_HASH                          = 0x0
+	PACKET_FANOUT_LB                            = 0x1
+	PACKET_FANOUT_QM                            = 0x5
+	PACKET_FANOUT_RND                           = 0x4
+	PACKET_FANOUT_ROLLOVER                      = 0x3
+	PACKET_FASTROUTE                            = 0x6
+	PACKET_HDRLEN                               = 0xb
+	PACKET_HOST                                 = 0x0
+	PACKET_IGNORE_OUTGOING                      = 0x17
+	PACKET_KERNEL                               = 0x7
+	PACKET_LOOPBACK                             = 0x5
+	PACKET_LOSS                                 = 0xe
+	PACKET_MR_ALLMULTI                          = 0x2
+	PACKET_MR_MULTICAST                         = 0x0
+	PACKET_MR_PROMISC                           = 0x1
+	PACKET_MR_UNICAST                           = 0x3
+	PACKET_MULTICAST                            = 0x2
+	PACKET_ORIGDEV                              = 0x9
+	PACKET_OTHERHOST                            = 0x3
+	PACKET_OUTGOING                             = 0x4
+	PACKET_QDISC_BYPASS                         = 0x14
+	PACKET_RECV_OUTPUT                          = 0x3
+	PACKET_RESERVE                              = 0xc
+	PACKET_ROLLOVER_STATS                       = 0x15
+	PACKET_RX_RING                              = 0x5
+	PACKET_STATISTICS                           = 0x6
+	PACKET_TIMESTAMP                            = 0x11
+	PACKET_TX_HAS_OFF                           = 0x13
+	PACKET_TX_RING                              = 0xd
+	PACKET_TX_TIMESTAMP                         = 0x10
+	PACKET_USER                                 = 0x6
+	PACKET_VERSION                              = 0xa
+	PACKET_VNET_HDR                             = 0xf
+	PARITY_CRC16_PR0                            = 0x2
+	PARITY_CRC16_PR0_CCITT                      = 0x4
+	PARITY_CRC16_PR1                            = 0x3
+	PARITY_CRC16_PR1_CCITT                      = 0x5
+	PARITY_CRC32_PR0_CCITT                      = 0x6
+	PARITY_CRC32_PR1_CCITT                      = 0x7
+	PARITY_DEFAULT                              = 0x0
+	PARITY_NONE                                 = 0x1
+	PARMRK                                      = 0x8
+	PIPEFS_MAGIC                                = 0x50495045
+	PPC_CMM_MAGIC                               = 0xc7571590
+	PPPIOCGNPMODE                               = 0xc008744c
+	PPPIOCNEWUNIT                               = 0xc004743e
+	PRIO_PGRP                                   = 0x1
+	PRIO_PROCESS                                = 0x0
+	PRIO_USER                                   = 0x2
+	PROC_SUPER_MAGIC                            = 0x9fa0
+	PROT_EXEC                                   = 0x4
+	PROT_GROWSDOWN                              = 0x1000000
+	PROT_GROWSUP                                = 0x2000000
+	PROT_NONE                                   = 0x0
+	PROT_READ                                   = 0x1
+	PROT_WRITE                                  = 0x2
+	PR_CAPBSET_DROP                             = 0x18
+	PR_CAPBSET_READ                             = 0x17
+	PR_CAP_AMBIENT                              = 0x2f
+	PR_CAP_AMBIENT_CLEAR_ALL                    = 0x4
+	PR_CAP_AMBIENT_IS_SET                       = 0x1
+	PR_CAP_AMBIENT_LOWER                        = 0x3
+	PR_CAP_AMBIENT_RAISE                        = 0x2
+	PR_ENDIAN_BIG                               = 0x0
+	PR_ENDIAN_LITTLE                            = 0x1
+	PR_ENDIAN_PPC_LITTLE                        = 0x2
+	PR_FPEMU_NOPRINT                            = 0x1
+	PR_FPEMU_SIGFPE                             = 0x2
+	PR_FP_EXC_ASYNC                             = 0x2
+	PR_FP_EXC_DISABLED                          = 0x0
+	PR_FP_EXC_DIV                               = 0x10000
+	PR_FP_EXC_INV                               = 0x100000
+	PR_FP_EXC_NONRECOV                          = 0x1
+	PR_FP_EXC_OVF                               = 0x20000
+	PR_FP_EXC_PRECISE                           = 0x3
+	PR_FP_EXC_RES                               = 0x80000
+	PR_FP_EXC_SW_ENABLE                         = 0x80
+	PR_FP_EXC_UND                               = 0x40000
+	PR_FP_MODE_FR                               = 0x1
+	PR_FP_MODE_FRE                              = 0x2
+	PR_GET_CHILD_SUBREAPER                      = 0x25
+	PR_GET_DUMPABLE                             = 0x3
+	PR_GET_ENDIAN                               = 0x13
+	PR_GET_FPEMU                                = 0x9
+	PR_GET_FPEXC                                = 0xb
+	PR_GET_FP_MODE                              = 0x2e
+	PR_GET_IO_FLUSHER                           = 0x3a
+	PR_GET_KEEPCAPS                             = 0x7
+	PR_GET_NAME                                 = 0x10
+	PR_GET_NO_NEW_PRIVS                         = 0x27
+	PR_GET_PDEATHSIG                            = 0x2
+	PR_GET_SECCOMP                              = 0x15
+	PR_GET_SECUREBITS                           = 0x1b
+	PR_GET_SPECULATION_CTRL                     = 0x34
+	PR_GET_TAGGED_ADDR_CTRL                     = 0x38
+	PR_GET_THP_DISABLE                          = 0x2a
+	PR_GET_TID_ADDRESS                          = 0x28
+	PR_GET_TIMERSLACK                           = 0x1e
+	PR_GET_TIMING                               = 0xd
+	PR_GET_TSC                                  = 0x19
+	PR_GET_UNALIGN                              = 0x5
+	PR_MCE_KILL                                 = 0x21
+	PR_MCE_KILL_CLEAR                           = 0x0
+	PR_MCE_KILL_DEFAULT                         = 0x2
+	PR_MCE_KILL_EARLY                           = 0x1
+	PR_MCE_KILL_GET                             = 0x22
+	PR_MCE_KILL_LATE                            = 0x0
+	PR_MCE_KILL_SET                             = 0x1
+	PR_MPX_DISABLE_MANAGEMENT                   = 0x2c
+	PR_MPX_ENABLE_MANAGEMENT                    = 0x2b
+	PR_PAC_APDAKEY                              = 0x4
+	PR_PAC_APDBKEY                              = 0x8
+	PR_PAC_APGAKEY                              = 0x10
+	PR_PAC_APIAKEY                              = 0x1
+	PR_PAC_APIBKEY                              = 0x2
+	PR_PAC_RESET_KEYS                           = 0x36
+	PR_SET_CHILD_SUBREAPER                      = 0x24
+	PR_SET_DUMPABLE                             = 0x4
+	PR_SET_ENDIAN                               = 0x14
+	PR_SET_FPEMU                                = 0xa
+	PR_SET_FPEXC                                = 0xc
+	PR_SET_FP_MODE                              = 0x2d
+	PR_SET_IO_FLUSHER                           = 0x39
+	PR_SET_KEEPCAPS                             = 0x8
+	PR_SET_MM                                   = 0x23
+	PR_SET_MM_ARG_END                           = 0x9
+	PR_SET_MM_ARG_START                         = 0x8
+	PR_SET_MM_AUXV                              = 0xc
+	PR_SET_MM_BRK                               = 0x7
+	PR_SET_MM_END_CODE                          = 0x2
+	PR_SET_MM_END_DATA                          = 0x4
+	PR_SET_MM_ENV_END                           = 0xb
+	PR_SET_MM_ENV_START                         = 0xa
+	PR_SET_MM_EXE_FILE                          = 0xd
+	PR_SET_MM_MAP                               = 0xe
+	PR_SET_MM_MAP_SIZE                          = 0xf
+	PR_SET_MM_START_BRK                         = 0x6
+	PR_SET_MM_START_CODE                        = 0x1
+	PR_SET_MM_START_DATA                        = 0x3
+	PR_SET_MM_START_STACK                       = 0x5
+	PR_SET_NAME                                 = 0xf
+	PR_SET_NO_NEW_PRIVS                         = 0x26
+	PR_SET_PDEATHSIG                            = 0x1
+	PR_SET_PTRACER                              = 0x59616d61
+	PR_SET_SECCOMP                              = 0x16
+	PR_SET_SECUREBITS                           = 0x1c
+	PR_SET_SPECULATION_CTRL                     = 0x35
+	PR_SET_TAGGED_ADDR_CTRL                     = 0x37
+	PR_SET_THP_DISABLE                          = 0x29
+	PR_SET_TIMERSLACK                           = 0x1d
+	PR_SET_TIMING                               = 0xe
+	PR_SET_TSC                                  = 0x1a
+	PR_SET_UNALIGN                              = 0x6
+	PR_SPEC_DISABLE                             = 0x4
+	PR_SPEC_DISABLE_NOEXEC                      = 0x10
+	PR_SPEC_ENABLE                              = 0x2
+	PR_SPEC_FORCE_DISABLE                       = 0x8
+	PR_SPEC_INDIRECT_BRANCH                     = 0x1
+	PR_SPEC_NOT_AFFECTED                        = 0x0
+	PR_SPEC_PRCTL                               = 0x1
+	PR_SPEC_STORE_BYPASS                        = 0x0
+	PR_SVE_GET_VL                               = 0x33
+	PR_SVE_SET_VL                               = 0x32
+	PR_SVE_SET_VL_ONEXEC                        = 0x40000
+	PR_SVE_VL_INHERIT                           = 0x20000
+	PR_SVE_VL_LEN_MASK                          = 0xffff
+	PR_TAGGED_ADDR_ENABLE                       = 0x1
+	PR_TASK_PERF_EVENTS_DISABLE                 = 0x1f
+	PR_TASK_PERF_EVENTS_ENABLE                  = 0x20
+	PR_TIMING_STATISTICAL                       = 0x0
+	PR_TIMING_TIMESTAMP                         = 0x1
+	PR_TSC_ENABLE                               = 0x1
+	PR_TSC_SIGSEGV                              = 0x2
+	PR_UNALIGN_NOPRINT                          = 0x1
+	PR_UNALIGN_SIGBUS                           = 0x2
+	PSTOREFS_MAGIC                              = 0x6165676c
+	PTRACE_ATTACH                               = 0x10
+	PTRACE_CONT                                 = 0x7
+	PTRACE_DETACH                               = 0x11
+	PTRACE_EVENTMSG_SYSCALL_ENTRY               = 0x1
+	PTRACE_EVENTMSG_SYSCALL_EXIT                = 0x2
+	PTRACE_EVENT_CLONE                          = 0x3
+	PTRACE_EVENT_EXEC                           = 0x4
+	PTRACE_EVENT_EXIT                           = 0x6
+	PTRACE_EVENT_FORK                           = 0x1
+	PTRACE_EVENT_SECCOMP                        = 0x7
+	PTRACE_EVENT_STOP                           = 0x80
+	PTRACE_EVENT_VFORK                          = 0x2
+	PTRACE_EVENT_VFORK_DONE                     = 0x5
+	PTRACE_GETEVENTMSG                          = 0x4201
+	PTRACE_GETREGS                              = 0xc
+	PTRACE_GETREGSET                            = 0x4204
+	PTRACE_GETSIGINFO                           = 0x4202
+	PTRACE_GETSIGMASK                           = 0x420a
+	PTRACE_GET_SYSCALL_INFO                     = 0x420e
+	PTRACE_INTERRUPT                            = 0x4207
+	PTRACE_KILL                                 = 0x8
+	PTRACE_LISTEN                               = 0x4208
+	PTRACE_O_EXITKILL                           = 0x100000
+	PTRACE_O_MASK                               = 0x3000ff
+	PTRACE_O_SUSPEND_SECCOMP                    = 0x200000
+	PTRACE_O_TRACECLONE                         = 0x8
+	PTRACE_O_TRACEEXEC                          = 0x10
+	PTRACE_O_TRACEEXIT                          = 0x40
+	PTRACE_O_TRACEFORK                          = 0x2
+	PTRACE_O_TRACESECCOMP                       = 0x80
+	PTRACE_O_TRACESYSGOOD                       = 0x1
+	PTRACE_O_TRACEVFORK                         = 0x4
+	PTRACE_O_TRACEVFORKDONE                     = 0x20
+	PTRACE_PEEKDATA                             = 0x2
+	PTRACE_PEEKSIGINFO                          = 0x4209
+	PTRACE_PEEKSIGINFO_SHARED                   = 0x1
+	PTRACE_PEEKTEXT                             = 0x1
+	PTRACE_PEEKUSR                              = 0x3
+	PTRACE_POKEDATA                             = 0x5
+	PTRACE_POKETEXT                             = 0x4
+	PTRACE_POKEUSR                              = 0x6
+	PTRACE_SECCOMP_GET_FILTER                   = 0x420c
+	PTRACE_SECCOMP_GET_METADATA                 = 0x420d
+	PTRACE_SEIZE                                = 0x4206
+	PTRACE_SETOPTIONS                           = 0x4200
+	PTRACE_SETREGS                              = 0xd
+	PTRACE_SETREGSET                            = 0x4205
+	PTRACE_SETSIGINFO                           = 0x4203
+	PTRACE_SETSIGMASK                           = 0x420b
+	PTRACE_SINGLESTEP                           = 0x9
+	PTRACE_SYSCALL                              = 0x18
+	PTRACE_SYSCALL_INFO_ENTRY                   = 0x1
+	PTRACE_SYSCALL_INFO_EXIT                    = 0x2
+	PTRACE_SYSCALL_INFO_NONE                    = 0x0
+	PTRACE_SYSCALL_INFO_SECCOMP                 = 0x3
+	PTRACE_TRACEME                              = 0x0
+	QNX4_SUPER_MAGIC                            = 0x2f
+	QNX6_SUPER_MAGIC                            = 0x68191122
+	RAMFS_MAGIC                                 = 0x858458f6
+	RDTGROUP_SUPER_MAGIC                        = 0x7655821
+	REISERFS_SUPER_MAGIC                        = 0x52654973
+	RENAME_EXCHANGE                             = 0x2
+	RENAME_NOREPLACE                            = 0x1
+	RENAME_WHITEOUT                             = 0x4
+	RLIMIT_CORE                                 = 0x4
+	RLIMIT_CPU                                  = 0x0
+	RLIMIT_DATA                                 = 0x2
+	RLIMIT_FSIZE                                = 0x1
+	RLIMIT_LOCKS                                = 0xa
+	RLIMIT_MSGQUEUE                             = 0xc
+	RLIMIT_NICE                                 = 0xd
+	RLIMIT_RTPRIO                               = 0xe
+	RLIMIT_RTTIME                               = 0xf
+	RLIMIT_SIGPENDING                           = 0xb
+	RLIMIT_STACK                                = 0x3
+	RLIM_INFINITY                               = 0xffffffffffffffff
+	RTAX_ADVMSS                                 = 0x8
+	RTAX_CC_ALGO                                = 0x10
+	RTAX_CWND                                   = 0x7
+	RTAX_FASTOPEN_NO_COOKIE                     = 0x11
+	RTAX_FEATURES                               = 0xc
+	RTAX_FEATURE_ALLFRAG                        = 0x8
+	RTAX_FEATURE_ECN                            = 0x1
+	RTAX_FEATURE_MASK                           = 0xf
+	RTAX_FEATURE_SACK                           = 0x2
+	RTAX_FEATURE_TIMESTAMP                      = 0x4
+	RTAX_HOPLIMIT                               = 0xa
+	RTAX_INITCWND                               = 0xb
+	RTAX_INITRWND                               = 0xe
+	RTAX_LOCK                                   = 0x1
+	RTAX_MAX                                    = 0x11
+	RTAX_MTU                                    = 0x2
+	RTAX_QUICKACK                               = 0xf
+	RTAX_REORDERING                             = 0x9
+	RTAX_RTO_MIN                                = 0xd
+	RTAX_RTT                                    = 0x4
+	RTAX_RTTVAR                                 = 0x5
+	RTAX_SSTHRESH                               = 0x6
+	RTAX_UNSPEC                                 = 0x0
+	RTAX_WINDOW                                 = 0x3
+	RTA_ALIGNTO                                 = 0x4
+	RTA_MAX                                     = 0x1e
+	RTCF_DIRECTSRC                              = 0x4000000
+	RTCF_DOREDIRECT                             = 0x1000000
+	RTCF_LOG                                    = 0x2000000
+	RTCF_MASQ                                   = 0x400000
+	RTCF_NAT                                    = 0x800000
+	RTCF_VALVE                                  = 0x200000
+	RTC_AF                                      = 0x20
+	RTC_IRQF                                    = 0x80
+	RTC_MAX_FREQ                                = 0x2000
+	RTC_PF                                      = 0x40
+	RTC_UF                                      = 0x10
+	RTF_ADDRCLASSMASK                           = 0xf8000000
+	RTF_ADDRCONF                                = 0x40000
+	RTF_ALLONLINK                               = 0x20000
+	RTF_BROADCAST                               = 0x10000000
+	RTF_CACHE                                   = 0x1000000
+	RTF_DEFAULT                                 = 0x10000
+	RTF_DYNAMIC                                 = 0x10
+	RTF_FLOW                                    = 0x2000000
+	RTF_GATEWAY                                 = 0x2
+	RTF_HOST                                    = 0x4
+	RTF_INTERFACE                               = 0x40000000
+	RTF_IRTT                                    = 0x100
+	RTF_LINKRT                                  = 0x100000
+	RTF_LOCAL                                   = 0x80000000
+	RTF_MODIFIED                                = 0x20
+	RTF_MSS                                     = 0x40
+	RTF_MTU                                     = 0x40
+	RTF_MULTICAST                               = 0x20000000
+	RTF_NAT                                     = 0x8000000
+	RTF_NOFORWARD                               = 0x1000
+	RTF_NONEXTHOP                               = 0x200000
+	RTF_NOPMTUDISC                              = 0x4000
+	RTF_POLICY                                  = 0x4000000
+	RTF_REINSTATE                               = 0x8
+	RTF_REJECT                                  = 0x200
+	RTF_STATIC                                  = 0x400
+	RTF_THROW                                   = 0x2000
+	RTF_UP                                      = 0x1
+	RTF_WINDOW                                  = 0x80
+	RTF_XRESOLVE                                = 0x800
+	RTMGRP_DECnet_IFADDR                        = 0x1000
+	RTMGRP_DECnet_ROUTE                         = 0x4000
+	RTMGRP_IPV4_IFADDR                          = 0x10
+	RTMGRP_IPV4_MROUTE                          = 0x20
+	RTMGRP_IPV4_ROUTE                           = 0x40
+	RTMGRP_IPV4_RULE                            = 0x80
+	RTMGRP_IPV6_IFADDR                          = 0x100
+	RTMGRP_IPV6_IFINFO                          = 0x800
+	RTMGRP_IPV6_MROUTE                          = 0x200
+	RTMGRP_IPV6_PREFIX                          = 0x20000
+	RTMGRP_IPV6_ROUTE                           = 0x400
+	RTMGRP_LINK                                 = 0x1
+	RTMGRP_NEIGH                                = 0x4
+	RTMGRP_NOTIFY                               = 0x2
+	RTMGRP_TC                                   = 0x8
+	RTM_BASE                                    = 0x10
+	RTM_DELACTION                               = 0x31
+	RTM_DELADDR                                 = 0x15
+	RTM_DELADDRLABEL                            = 0x49
+	RTM_DELCHAIN                                = 0x65
+	RTM_DELLINK                                 = 0x11
+	RTM_DELLINKPROP                             = 0x6d
+	RTM_DELMDB                                  = 0x55
+	RTM_DELNEIGH                                = 0x1d
+	RTM_DELNETCONF                              = 0x51
+	RTM_DELNEXTHOP                              = 0x69
+	RTM_DELNSID                                 = 0x59
+	RTM_DELQDISC                                = 0x25
+	RTM_DELROUTE                                = 0x19
+	RTM_DELRULE                                 = 0x21
+	RTM_DELTCLASS                               = 0x29
+	RTM_DELTFILTER                              = 0x2d
+	RTM_DELVLAN                                 = 0x71
+	RTM_F_CLONED                                = 0x200
+	RTM_F_EQUALIZE                              = 0x400
+	RTM_F_FIB_MATCH                             = 0x2000
+	RTM_F_LOOKUP_TABLE                          = 0x1000
+	RTM_F_NOTIFY                                = 0x100
+	RTM_F_OFFLOAD                               = 0x4000
+	RTM_F_PREFIX                                = 0x800
+	RTM_F_TRAP                                  = 0x8000
+	RTM_GETACTION                               = 0x32
+	RTM_GETADDR                                 = 0x16
+	RTM_GETADDRLABEL                            = 0x4a
+	RTM_GETANYCAST                              = 0x3e
+	RTM_GETCHAIN                                = 0x66
+	RTM_GETDCB                                  = 0x4e
+	RTM_GETLINK                                 = 0x12
+	RTM_GETLINKPROP                             = 0x6e
+	RTM_GETMDB                                  = 0x56
+	RTM_GETMULTICAST                            = 0x3a
+	RTM_GETNEIGH                                = 0x1e
+	RTM_GETNEIGHTBL                             = 0x42
+	RTM_GETNETCONF                              = 0x52
+	RTM_GETNEXTHOP                              = 0x6a
+	RTM_GETNSID                                 = 0x5a
+	RTM_GETQDISC                                = 0x26
+	RTM_GETROUTE                                = 0x1a
+	RTM_GETRULE                                 = 0x22
+	RTM_GETSTATS                                = 0x5e
+	RTM_GETTCLASS                               = 0x2a
+	RTM_GETTFILTER                              = 0x2e
+	RTM_GETVLAN                                 = 0x72
+	RTM_MAX                                     = 0x73
+	RTM_NEWACTION                               = 0x30
+	RTM_NEWADDR                                 = 0x14
+	RTM_NEWADDRLABEL                            = 0x48
+	RTM_NEWCACHEREPORT                          = 0x60
+	RTM_NEWCHAIN                                = 0x64
+	RTM_NEWLINK                                 = 0x10
+	RTM_NEWLINKPROP                             = 0x6c
+	RTM_NEWMDB                                  = 0x54
+	RTM_NEWNDUSEROPT                            = 0x44
+	RTM_NEWNEIGH                                = 0x1c
+	RTM_NEWNEIGHTBL                             = 0x40
+	RTM_NEWNETCONF                              = 0x50
+	RTM_NEWNEXTHOP                              = 0x68
+	RTM_NEWNSID                                 = 0x58
+	RTM_NEWNVLAN                                = 0x70
+	RTM_NEWPREFIX                               = 0x34
+	RTM_NEWQDISC                                = 0x24
+	RTM_NEWROUTE                                = 0x18
+	RTM_NEWRULE                                 = 0x20
+	RTM_NEWSTATS                                = 0x5c
+	RTM_NEWTCLASS                               = 0x28
+	RTM_NEWTFILTER                              = 0x2c
+	RTM_NR_FAMILIES                             = 0x19
+	RTM_NR_MSGTYPES                             = 0x64
+	RTM_SETDCB                                  = 0x4f
+	RTM_SETLINK                                 = 0x13
+	RTM_SETNEIGHTBL                             = 0x43
+	RTNH_ALIGNTO                                = 0x4
+	RTNH_COMPARE_MASK                           = 0x19
+	RTNH_F_DEAD                                 = 0x1
+	RTNH_F_LINKDOWN                             = 0x10
+	RTNH_F_OFFLOAD                              = 0x8
+	RTNH_F_ONLINK                               = 0x4
+	RTNH_F_PERVASIVE                            = 0x2
+	RTNH_F_UNRESOLVED                           = 0x20
+	RTN_MAX                                     = 0xb
+	RTPROT_BABEL                                = 0x2a
+	RTPROT_BGP                                  = 0xba
+	RTPROT_BIRD                                 = 0xc
+	RTPROT_BOOT                                 = 0x3
+	RTPROT_DHCP                                 = 0x10
+	RTPROT_DNROUTED                             = 0xd
+	RTPROT_EIGRP                                = 0xc0
+	RTPROT_GATED                                = 0x8
+	RTPROT_ISIS                                 = 0xbb
+	RTPROT_KERNEL                               = 0x2
+	RTPROT_MROUTED                              = 0x11
+	RTPROT_MRT                                  = 0xa
+	RTPROT_NTK                                  = 0xf
+	RTPROT_OSPF                                 = 0xbc
+	RTPROT_RA                                   = 0x9
+	RTPROT_REDIRECT                             = 0x1
+	RTPROT_RIP                                  = 0xbd
+	RTPROT_STATIC                               = 0x4
+	RTPROT_UNSPEC                               = 0x0
+	RTPROT_XORP                                 = 0xe
+	RTPROT_ZEBRA                                = 0xb
+	RT_CLASS_DEFAULT                            = 0xfd
+	RT_CLASS_LOCAL                              = 0xff
+	RT_CLASS_MAIN                               = 0xfe
+	RT_CLASS_MAX                                = 0xff
+	RT_CLASS_UNSPEC                             = 0x0
+	RUSAGE_CHILDREN                             = -0x1
+	RUSAGE_SELF                                 = 0x0
+	RUSAGE_THREAD                               = 0x1
+	RWF_APPEND                                  = 0x10
+	RWF_DSYNC                                   = 0x2
+	RWF_HIPRI                                   = 0x1
+	RWF_NOWAIT                                  = 0x8
+	RWF_SUPPORTED                               = 0x1f
+	RWF_SYNC                                    = 0x4
+	RWF_WRITE_LIFE_NOT_SET                      = 0x0
+	SCM_CREDENTIALS                             = 0x2
+	SCM_RIGHTS                                  = 0x1
+	SCM_TIMESTAMP                               = 0x1d
+	SC_LOG_FLUSH                                = 0x100000
+	SECCOMP_MODE_DISABLED                       = 0x0
+	SECCOMP_MODE_FILTER                         = 0x2
+	SECCOMP_MODE_STRICT                         = 0x1
+	SECURITYFS_MAGIC                            = 0x73636673
+	SELINUX_MAGIC                               = 0xf97cff8c
+	SHUT_RD                                     = 0x0
+	SHUT_RDWR                                   = 0x2
+	SHUT_WR                                     = 0x1
+	SIOCADDDLCI                                 = 0x8980
+	SIOCADDMULTI                                = 0x8931
+	SIOCADDRT                                   = 0x890b
+	SIOCBONDCHANGEACTIVE                        = 0x8995
+	SIOCBONDENSLAVE                             = 0x8990
+	SIOCBONDINFOQUERY                           = 0x8994
+	SIOCBONDRELEASE                             = 0x8991
+	SIOCBONDSETHWADDR                           = 0x8992
+	SIOCBONDSLAVEINFOQUERY                      = 0x8993
+	SIOCBRADDBR                                 = 0x89a0
+	SIOCBRADDIF                                 = 0x89a2
+	SIOCBRDELBR                                 = 0x89a1
+	SIOCBRDELIF                                 = 0x89a3
+	SIOCDARP                                    = 0x8953
+	SIOCDELDLCI                                 = 0x8981
+	SIOCDELMULTI                                = 0x8932
+	SIOCDELRT                                   = 0x890c
+	SIOCDEVPRIVATE                              = 0x89f0
+	SIOCDIFADDR                                 = 0x8936
+	SIOCDRARP                                   = 0x8960
+	SIOCETHTOOL                                 = 0x8946
+	SIOCGARP                                    = 0x8954
+	SIOCGETLINKNAME                             = 0x89e0
+	SIOCGETNODEID                               = 0x89e1
+	SIOCGHWTSTAMP                               = 0x89b1
+	SIOCGIFADDR                                 = 0x8915
+	SIOCGIFBR                                   = 0x8940
+	SIOCGIFBRDADDR                              = 0x8919
+	SIOCGIFCONF                                 = 0x8912
+	SIOCGIFCOUNT                                = 0x8938
+	SIOCGIFDSTADDR                              = 0x8917
+	SIOCGIFENCAP                                = 0x8925
+	SIOCGIFFLAGS                                = 0x8913
+	SIOCGIFHWADDR                               = 0x8927
+	SIOCGIFINDEX                                = 0x8933
+	SIOCGIFMAP                                  = 0x8970
+	SIOCGIFMEM                                  = 0x891f
+	SIOCGIFMETRIC                               = 0x891d
+	SIOCGIFMTU                                  = 0x8921
+	SIOCGIFNAME                                 = 0x8910
+	SIOCGIFNETMASK                              = 0x891b
+	SIOCGIFPFLAGS                               = 0x8935
+	SIOCGIFSLAVE                                = 0x8929
+	SIOCGIFTXQLEN                               = 0x8942
+	SIOCGIFVLAN                                 = 0x8982
+	SIOCGMIIPHY                                 = 0x8947
+	SIOCGMIIREG                                 = 0x8948
+	SIOCGPPPCSTATS                              = 0x89f2
+	SIOCGPPPSTATS                               = 0x89f0
+	SIOCGPPPVER                                 = 0x89f1
+	SIOCGRARP                                   = 0x8961
+	SIOCGSKNS                                   = 0x894c
+	SIOCGSTAMP                                  = 0x8906
+	SIOCGSTAMPNS                                = 0x8907
+	SIOCGSTAMPNS_OLD                            = 0x8907
+	SIOCGSTAMP_OLD                              = 0x8906
+	SIOCOUTQNSD                                 = 0x894b
+	SIOCPROTOPRIVATE                            = 0x89e0
+	SIOCRTMSG                                   = 0x890d
+	SIOCSARP                                    = 0x8955
+	SIOCSHWTSTAMP                               = 0x89b0
+	SIOCSIFADDR                                 = 0x8916
+	SIOCSIFBR                                   = 0x8941
+	SIOCSIFBRDADDR                              = 0x891a
+	SIOCSIFDSTADDR                              = 0x8918
+	SIOCSIFENCAP                                = 0x8926
+	SIOCSIFFLAGS                                = 0x8914
+	SIOCSIFHWADDR                               = 0x8924
+	SIOCSIFHWBROADCAST                          = 0x8937
+	SIOCSIFLINK                                 = 0x8911
+	SIOCSIFMAP                                  = 0x8971
+	SIOCSIFMEM                                  = 0x8920
+	SIOCSIFMETRIC                               = 0x891e
+	SIOCSIFMTU                                  = 0x8922
+	SIOCSIFNAME                                 = 0x8923
+	SIOCSIFNETMASK                              = 0x891c
+	SIOCSIFPFLAGS                               = 0x8934
+	SIOCSIFSLAVE                                = 0x8930
+	SIOCSIFTXQLEN                               = 0x8943
+	SIOCSIFVLAN                                 = 0x8983
+	SIOCSMIIREG                                 = 0x8949
+	SIOCSRARP                                   = 0x8962
+	SIOCWANDEV                                  = 0x894a
+	SMACK_MAGIC                                 = 0x43415d53
+	SMART_AUTOSAVE                              = 0xd2
+	SMART_AUTO_OFFLINE                          = 0xdb
+	SMART_DISABLE                               = 0xd9
+	SMART_ENABLE                                = 0xd8
+	SMART_HCYL_PASS                             = 0xc2
+	SMART_IMMEDIATE_OFFLINE                     = 0xd4
+	SMART_LCYL_PASS                             = 0x4f
+	SMART_READ_LOG_SECTOR                       = 0xd5
+	SMART_READ_THRESHOLDS                       = 0xd1
+	SMART_READ_VALUES                           = 0xd0
+	SMART_SAVE                                  = 0xd3
+	SMART_STATUS                                = 0xda
+	SMART_WRITE_LOG_SECTOR                      = 0xd6
+	SMART_WRITE_THRESHOLDS                      = 0xd7
+	SMB_SUPER_MAGIC                             = 0x517b
+	SOCKFS_MAGIC                                = 0x534f434b
+	SOCK_DCCP                                   = 0x6
+	SOCK_IOC_TYPE                               = 0x89
+	SOCK_PACKET                                 = 0xa
+	SOCK_RAW                                    = 0x3
+	SOCK_RDM                                    = 0x4
+	SOCK_SEQPACKET                              = 0x5
+	SOL_AAL                                     = 0x109
+	SOL_ALG                                     = 0x117
+	SOL_ATM                                     = 0x108
+	SOL_CAIF                                    = 0x116
+	SOL_CAN_BASE                                = 0x64
+	SOL_CAN_RAW                                 = 0x65
+	SOL_DCCP                                    = 0x10d
+	SOL_DECNET                                  = 0x105
+	SOL_ICMPV6                                  = 0x3a
+	SOL_IP                                      = 0x0
+	SOL_IPV6                                    = 0x29
+	SOL_IRDA                                    = 0x10a
+	SOL_IUCV                                    = 0x115
+	SOL_KCM                                     = 0x119
+	SOL_LLC                                     = 0x10c
+	SOL_NETBEUI                                 = 0x10b
+	SOL_NETLINK                                 = 0x10e
+	SOL_NFC                                     = 0x118
+	SOL_PACKET                                  = 0x107
+	SOL_PNPIPE                                  = 0x113
+	SOL_PPPOL2TP                                = 0x111
+	SOL_RAW                                     = 0xff
+	SOL_RDS                                     = 0x114
+	SOL_RXRPC                                   = 0x110
+	SOL_TCP                                     = 0x6
+	SOL_TIPC                                    = 0x10f
+	SOL_TLS                                     = 0x11a
+	SOL_X25                                     = 0x106
+	SOL_XDP                                     = 0x11b
+	SOMAXCONN                                   = 0x1000
+	SO_ATTACH_FILTER                            = 0x1a
+	SO_DEBUG                                    = 0x1
+	SO_DETACH_BPF                               = 0x1b
+	SO_DETACH_FILTER                            = 0x1b
+	SO_EE_CODE_TXTIME_INVALID_PARAM             = 0x1
+	SO_EE_CODE_TXTIME_MISSED                    = 0x2
+	SO_EE_CODE_ZEROCOPY_COPIED                  = 0x1
+	SO_EE_ORIGIN_ICMP                           = 0x2
+	SO_EE_ORIGIN_ICMP6                          = 0x3
+	SO_EE_ORIGIN_LOCAL                          = 0x1
+	SO_EE_ORIGIN_NONE                           = 0x0
+	SO_EE_ORIGIN_TIMESTAMPING                   = 0x4
+	SO_EE_ORIGIN_TXSTATUS                       = 0x4
+	SO_EE_ORIGIN_TXTIME                         = 0x6
+	SO_EE_ORIGIN_ZEROCOPY                       = 0x5
+	SO_GET_FILTER                               = 0x1a
+	SO_NO_CHECK                                 = 0xb
+	SO_PEERNAME                                 = 0x1c
+	SO_PRIORITY                                 = 0xc
+	SO_TIMESTAMP                                = 0x1d
+	SO_TIMESTAMP_OLD                            = 0x1d
+	SO_VM_SOCKETS_BUFFER_MAX_SIZE               = 0x2
+	SO_VM_SOCKETS_BUFFER_MIN_SIZE               = 0x1
+	SO_VM_SOCKETS_BUFFER_SIZE                   = 0x0
+	SO_VM_SOCKETS_CONNECT_TIMEOUT               = 0x6
+	SO_VM_SOCKETS_NONBLOCK_TXRX                 = 0x7
+	SO_VM_SOCKETS_PEER_HOST_VM_ID               = 0x3
+	SO_VM_SOCKETS_TRUSTED                       = 0x5
+	SPLICE_F_GIFT                               = 0x8
+	SPLICE_F_MORE                               = 0x4
+	SPLICE_F_MOVE                               = 0x1
+	SPLICE_F_NONBLOCK                           = 0x2
+	SQUASHFS_MAGIC                              = 0x73717368
+	STACK_END_MAGIC                             = 0x57ac6e9d
+	STATX_ALL                                   = 0xfff
+	STATX_ATIME                                 = 0x20
+	STATX_ATTR_APPEND                           = 0x20
+	STATX_ATTR_AUTOMOUNT                        = 0x1000
+	STATX_ATTR_COMPRESSED                       = 0x4
+	STATX_ATTR_DAX                              = 0x2000
+	STATX_ATTR_ENCRYPTED                        = 0x800
+	STATX_ATTR_IMMUTABLE                        = 0x10
+	STATX_ATTR_MOUNT_ROOT                       = 0x2000
+	STATX_ATTR_NODUMP                           = 0x40
+	STATX_ATTR_VERITY                           = 0x100000
+	STATX_BASIC_STATS                           = 0x7ff
+	STATX_BLOCKS                                = 0x400
+	STATX_BTIME                                 = 0x800
+	STATX_CTIME                                 = 0x80
+	STATX_GID                                   = 0x10
+	STATX_INO                                   = 0x100
+	STATX_MNT_ID                                = 0x1000
+	STATX_MODE                                  = 0x2
+	STATX_MTIME                                 = 0x40
+	STATX_NLINK                                 = 0x4
+	STATX_SIZE                                  = 0x200
+	STATX_TYPE                                  = 0x1
+	STATX_UID                                   = 0x8
+	STATX__RESERVED                             = 0x80000000
+	SYNC_FILE_RANGE_WAIT_AFTER                  = 0x4
+	SYNC_FILE_RANGE_WAIT_BEFORE                 = 0x1
+	SYNC_FILE_RANGE_WRITE                       = 0x2
+	SYNC_FILE_RANGE_WRITE_AND_WAIT              = 0x7
+	SYSFS_MAGIC                                 = 0x62656572
+	S_BLKSIZE                                   = 0x200
+	S_IEXEC                                     = 0x40
+	S_IFBLK                                     = 0x6000
+	S_IFCHR                                     = 0x2000
+	S_IFDIR                                     = 0x4000
+	S_IFIFO                                     = 0x1000
+	S_IFLNK                                     = 0xa000
+	S_IFMT                                      = 0xf000
+	S_IFREG                                     = 0x8000
+	S_IFSOCK                                    = 0xc000
+	S_IREAD                                     = 0x100
+	S_IRGRP                                     = 0x20
+	S_IROTH                                     = 0x4
+	S_IRUSR                                     = 0x100
+	S_IRWXG                                     = 0x38
+	S_IRWXO                                     = 0x7
+	S_IRWXU                                     = 0x1c0
+	S_ISGID                                     = 0x400
+	S_ISUID                                     = 0x800
+	S_ISVTX                                     = 0x200
+	S_IWGRP                                     = 0x10
+	S_IWOTH                                     = 0x2
+	S_IWRITE                                    = 0x80
+	S_IWUSR                                     = 0x80
+	S_IXGRP                                     = 0x8
+	S_IXOTH                                     = 0x1
+	S_IXUSR                                     = 0x40
+	TAB0                                        = 0x0
+	TASKSTATS_CMD_ATTR_MAX                      = 0x4
+	TASKSTATS_CMD_MAX                           = 0x2
+	TASKSTATS_GENL_NAME                         = "TASKSTATS"
+	TASKSTATS_GENL_VERSION                      = 0x1
+	TASKSTATS_TYPE_MAX                          = 0x6
+	TASKSTATS_VERSION                           = 0xa
+	TCIFLUSH                                    = 0x0
+	TCIOFF                                      = 0x2
+	TCIOFLUSH                                   = 0x2
+	TCION                                       = 0x3
+	TCOFLUSH                                    = 0x1
+	TCOOFF                                      = 0x0
+	TCOON                                       = 0x1
+	TCP_CC_INFO                                 = 0x1a
+	TCP_CM_INQ                                  = 0x24
+	TCP_CONGESTION                              = 0xd
+	TCP_COOKIE_IN_ALWAYS                        = 0x1
+	TCP_COOKIE_MAX                              = 0x10
+	TCP_COOKIE_MIN                              = 0x8
+	TCP_COOKIE_OUT_NEVER                        = 0x2
+	TCP_COOKIE_PAIR_SIZE                        = 0x20
+	TCP_COOKIE_TRANSACTIONS                     = 0xf
+	TCP_CORK                                    = 0x3
+	TCP_DEFER_ACCEPT                            = 0x9
+	TCP_FASTOPEN                                = 0x17
+	TCP_FASTOPEN_CONNECT                        = 0x1e
+	TCP_FASTOPEN_KEY                            = 0x21
+	TCP_FASTOPEN_NO_COOKIE                      = 0x22
+	TCP_INFO                                    = 0xb
+	TCP_INQ                                     = 0x24
+	TCP_KEEPCNT                                 = 0x6
+	TCP_KEEPIDLE                                = 0x4
+	TCP_KEEPINTVL                               = 0x5
+	TCP_LINGER2                                 = 0x8
+	TCP_MAXSEG                                  = 0x2
+	TCP_MAXWIN                                  = 0xffff
+	TCP_MAX_WINSHIFT                            = 0xe
+	TCP_MD5SIG                                  = 0xe
+	TCP_MD5SIG_EXT                              = 0x20
+	TCP_MD5SIG_FLAG_PREFIX                      = 0x1
+	TCP_MD5SIG_MAXKEYLEN                        = 0x50
+	TCP_MSS                                     = 0x200
+	TCP_MSS_DEFAULT                             = 0x218
+	TCP_MSS_DESIRED                             = 0x4c4
+	TCP_NODELAY                                 = 0x1
+	TCP_NOTSENT_LOWAT                           = 0x19
+	TCP_QUEUE_SEQ                               = 0x15
+	TCP_QUICKACK                                = 0xc
+	TCP_REPAIR                                  = 0x13
+	TCP_REPAIR_OFF                              = 0x0
+	TCP_REPAIR_OFF_NO_WP                        = -0x1
+	TCP_REPAIR_ON                               = 0x1
+	TCP_REPAIR_OPTIONS                          = 0x16
+	TCP_REPAIR_QUEUE                            = 0x14
+	TCP_REPAIR_WINDOW                           = 0x1d
+	TCP_SAVED_SYN                               = 0x1c
+	TCP_SAVE_SYN                                = 0x1b
+	TCP_SYNCNT                                  = 0x7
+	TCP_S_DATA_IN                               = 0x4
+	TCP_S_DATA_OUT                              = 0x8
+	TCP_THIN_DUPACK                             = 0x11
+	TCP_THIN_LINEAR_TIMEOUTS                    = 0x10
+	TCP_TIMESTAMP                               = 0x18
+	TCP_TX_DELAY                                = 0x25
+	TCP_ULP                                     = 0x1f
+	TCP_USER_TIMEOUT                            = 0x12
+	TCP_WINDOW_CLAMP                            = 0xa
+	TCP_ZEROCOPY_RECEIVE                        = 0x23
+	TFD_TIMER_ABSTIME                           = 0x1
+	TFD_TIMER_CANCEL_ON_SET                     = 0x2
+	TIMER_ABSTIME                               = 0x1
+	TIOCM_DTR                                   = 0x2
+	TIOCM_LE                                    = 0x1
+	TIOCM_RTS                                   = 0x4
+	TIOCPKT_DATA                                = 0x0
+	TIOCPKT_DOSTOP                              = 0x20
+	TIOCPKT_FLUSHREAD                           = 0x1
+	TIOCPKT_FLUSHWRITE                          = 0x2
+	TIOCPKT_IOCTL                               = 0x40
+	TIOCPKT_NOSTOP                              = 0x10
+	TIOCPKT_START                               = 0x8
+	TIOCPKT_STOP                                = 0x4
+	TIPC_ADDR_ID                                = 0x3
+	TIPC_ADDR_MCAST                             = 0x1
+	TIPC_ADDR_NAME                              = 0x2
+	TIPC_ADDR_NAMESEQ                           = 0x1
+	TIPC_AEAD_ALG_NAME                          = 0x20
+	TIPC_AEAD_KEYLEN_MAX                        = 0x24
+	TIPC_AEAD_KEYLEN_MIN                        = 0x14
+	TIPC_AEAD_KEY_SIZE_MAX                      = 0x48
+	TIPC_CFG_SRV                                = 0x0
+	TIPC_CLUSTER_BITS                           = 0xc
+	TIPC_CLUSTER_MASK                           = 0xfff000
+	TIPC_CLUSTER_OFFSET                         = 0xc
+	TIPC_CLUSTER_SIZE                           = 0xfff
+	TIPC_CONN_SHUTDOWN                          = 0x5
+	TIPC_CONN_TIMEOUT                           = 0x82
+	TIPC_CRITICAL_IMPORTANCE                    = 0x3
+	TIPC_DESTNAME                               = 0x3
+	TIPC_DEST_DROPPABLE                         = 0x81
+	TIPC_ERRINFO                                = 0x1
+	TIPC_ERR_NO_NAME                            = 0x1
+	TIPC_ERR_NO_NODE                            = 0x3
+	TIPC_ERR_NO_PORT                            = 0x2
+	TIPC_ERR_OVERLOAD                           = 0x4
+	TIPC_GROUP_JOIN                             = 0x87
+	TIPC_GROUP_LEAVE                            = 0x88
+	TIPC_GROUP_LOOPBACK                         = 0x1
+	TIPC_GROUP_MEMBER_EVTS                      = 0x2
+	TIPC_HIGH_IMPORTANCE                        = 0x2
+	TIPC_IMPORTANCE                             = 0x7f
+	TIPC_LINK_STATE                             = 0x2
+	TIPC_LOW_IMPORTANCE                         = 0x0
+	TIPC_MAX_BEARER_NAME                        = 0x20
+	TIPC_MAX_IF_NAME                            = 0x10
+	TIPC_MAX_LINK_NAME                          = 0x44
+	TIPC_MAX_MEDIA_NAME                         = 0x10
+	TIPC_MAX_USER_MSG_SIZE                      = 0x101d0
+	TIPC_MCAST_BROADCAST                        = 0x85
+	TIPC_MCAST_REPLICAST                        = 0x86
+	TIPC_MEDIUM_IMPORTANCE                      = 0x1
+	TIPC_NODEID_LEN                             = 0x10
+	TIPC_NODELAY                                = 0x8a
+	TIPC_NODE_BITS                              = 0xc
+	TIPC_NODE_MASK                              = 0xfff
+	TIPC_NODE_OFFSET                            = 0x0
+	TIPC_NODE_RECVQ_DEPTH                       = 0x83
+	TIPC_NODE_SIZE                              = 0xfff
+	TIPC_NODE_STATE                             = 0x0
+	TIPC_OK                                     = 0x0
+	TIPC_PUBLISHED                              = 0x1
+	TIPC_RESERVED_TYPES                         = 0x40
+	TIPC_RETDATA                                = 0x2
+	TIPC_SERVICE_ADDR                           = 0x2
+	TIPC_SERVICE_RANGE                          = 0x1
+	TIPC_SOCKET_ADDR                            = 0x3
+	TIPC_SOCK_RECVQ_DEPTH                       = 0x84
+	TIPC_SOCK_RECVQ_USED                        = 0x89
+	TIPC_SRC_DROPPABLE                          = 0x80
+	TIPC_SUBSCR_TIMEOUT                         = 0x3
+	TIPC_SUB_CANCEL                             = 0x4
+	TIPC_SUB_PORTS                              = 0x1
+	TIPC_SUB_SERVICE                            = 0x2
+	TIPC_TOP_SRV                                = 0x1
+	TIPC_WAIT_FOREVER                           = 0xffffffff
+	TIPC_WITHDRAWN                              = 0x2
+	TIPC_ZONE_BITS                              = 0x8
+	TIPC_ZONE_CLUSTER_MASK                      = 0xfffff000
+	TIPC_ZONE_MASK                              = 0xff000000
+	TIPC_ZONE_OFFSET                            = 0x18
+	TIPC_ZONE_SCOPE                             = 0x1
+	TIPC_ZONE_SIZE                              = 0xff
+	TMPFS_MAGIC                                 = 0x1021994
+	TPACKET_ALIGNMENT                           = 0x10
+	TPACKET_HDRLEN                              = 0x34
+	TP_STATUS_AVAILABLE                         = 0x0
+	TP_STATUS_BLK_TMO                           = 0x20
+	TP_STATUS_COPY                              = 0x2
+	TP_STATUS_CSUMNOTREADY                      = 0x8
+	TP_STATUS_CSUM_VALID                        = 0x80
+	TP_STATUS_KERNEL                            = 0x0
+	TP_STATUS_LOSING                            = 0x4
+	TP_STATUS_SENDING                           = 0x2
+	TP_STATUS_SEND_REQUEST                      = 0x1
+	TP_STATUS_TS_RAW_HARDWARE                   = 0x80000000
+	TP_STATUS_TS_SOFTWARE                       = 0x20000000
+	TP_STATUS_TS_SYS_HARDWARE                   = 0x40000000
+	TP_STATUS_USER                              = 0x1
+	TP_STATUS_VLAN_TPID_VALID                   = 0x40
+	TP_STATUS_VLAN_VALID                        = 0x10
+	TP_STATUS_WRONG_FORMAT                      = 0x4
+	TRACEFS_MAGIC                               = 0x74726163
+	TS_COMM_LEN                                 = 0x20
+	UDF_SUPER_MAGIC                             = 0x15013346
+	UMOUNT_NOFOLLOW                             = 0x8
+	USBDEVICE_SUPER_MAGIC                       = 0x9fa2
+	UTIME_NOW                                   = 0x3fffffff
+	UTIME_OMIT                                  = 0x3ffffffe
+	V9FS_MAGIC                                  = 0x1021997
+	VERASE                                      = 0x2
+	VINTR                                       = 0x0
+	VKILL                                       = 0x3
+	VLNEXT                                      = 0xf
+	VMADDR_CID_ANY                              = 0xffffffff
+	VMADDR_CID_HOST                             = 0x2
+	VMADDR_CID_HYPERVISOR                       = 0x0
+	VMADDR_CID_LOCAL                            = 0x1
+	VMADDR_PORT_ANY                             = 0xffffffff
+	VM_SOCKETS_INVALID_VERSION                  = 0xffffffff
+	VQUIT                                       = 0x1
+	VT0                                         = 0x0
+	WALL                                        = 0x40000000
+	WCLONE                                      = 0x80000000
+	WCONTINUED                                  = 0x8
+	WDIOC_SETPRETIMEOUT                         = 0xc0045708
+	WDIOC_SETTIMEOUT                            = 0xc0045706
+	WEXITED                                     = 0x4
+	WIN_ACKMEDIACHANGE                          = 0xdb
+	WIN_CHECKPOWERMODE1                         = 0xe5
+	WIN_CHECKPOWERMODE2                         = 0x98
+	WIN_DEVICE_RESET                            = 0x8
+	WIN_DIAGNOSE                                = 0x90
+	WIN_DOORLOCK                                = 0xde
+	WIN_DOORUNLOCK                              = 0xdf
+	WIN_DOWNLOAD_MICROCODE                      = 0x92
+	WIN_FLUSH_CACHE                             = 0xe7
+	WIN_FLUSH_CACHE_EXT                         = 0xea
+	WIN_FORMAT                                  = 0x50
+	WIN_GETMEDIASTATUS                          = 0xda
+	WIN_IDENTIFY                                = 0xec
+	WIN_IDENTIFY_DMA                            = 0xee
+	WIN_IDLEIMMEDIATE                           = 0xe1
+	WIN_INIT                                    = 0x60
+	WIN_MEDIAEJECT                              = 0xed
+	WIN_MULTREAD                                = 0xc4
+	WIN_MULTREAD_EXT                            = 0x29
+	WIN_MULTWRITE                               = 0xc5
+	WIN_MULTWRITE_EXT                           = 0x39
+	WIN_NOP                                     = 0x0
+	WIN_PACKETCMD                               = 0xa0
+	WIN_PIDENTIFY                               = 0xa1
+	WIN_POSTBOOT                                = 0xdc
+	WIN_PREBOOT                                 = 0xdd
+	WIN_QUEUED_SERVICE                          = 0xa2
+	WIN_READ                                    = 0x20
+	WIN_READDMA                                 = 0xc8
+	WIN_READDMA_EXT                             = 0x25
+	WIN_READDMA_ONCE                            = 0xc9
+	WIN_READDMA_QUEUED                          = 0xc7
+	WIN_READDMA_QUEUED_EXT                      = 0x26
+	WIN_READ_BUFFER                             = 0xe4
+	WIN_READ_EXT                                = 0x24
+	WIN_READ_LONG                               = 0x22
+	WIN_READ_LONG_ONCE                          = 0x23
+	WIN_READ_NATIVE_MAX                         = 0xf8
+	WIN_READ_NATIVE_MAX_EXT                     = 0x27
+	WIN_READ_ONCE                               = 0x21
+	WIN_RECAL                                   = 0x10
+	WIN_RESTORE                                 = 0x10
+	WIN_SECURITY_DISABLE                        = 0xf6
+	WIN_SECURITY_ERASE_PREPARE                  = 0xf3
+	WIN_SECURITY_ERASE_UNIT                     = 0xf4
+	WIN_SECURITY_FREEZE_LOCK                    = 0xf5
+	WIN_SECURITY_SET_PASS                       = 0xf1
+	WIN_SECURITY_UNLOCK                         = 0xf2
+	WIN_SEEK                                    = 0x70
+	WIN_SETFEATURES                             = 0xef
+	WIN_SETIDLE1                                = 0xe3
+	WIN_SETIDLE2                                = 0x97
+	WIN_SETMULT                                 = 0xc6
+	WIN_SET_MAX                                 = 0xf9
+	WIN_SET_MAX_EXT                             = 0x37
+	WIN_SLEEPNOW1                               = 0xe6
+	WIN_SLEEPNOW2                               = 0x99
+	WIN_SMART                                   = 0xb0
+	WIN_SPECIFY                                 = 0x91
+	WIN_SRST                                    = 0x8
+	WIN_STANDBY                                 = 0xe2
+	WIN_STANDBY2                                = 0x96
+	WIN_STANDBYNOW1                             = 0xe0
+	WIN_STANDBYNOW2                             = 0x94
+	WIN_VERIFY                                  = 0x40
+	WIN_VERIFY_EXT                              = 0x42
+	WIN_VERIFY_ONCE                             = 0x41
+	WIN_WRITE                                   = 0x30
+	WIN_WRITEDMA                                = 0xca
+	WIN_WRITEDMA_EXT                            = 0x35
+	WIN_WRITEDMA_ONCE                           = 0xcb
+	WIN_WRITEDMA_QUEUED                         = 0xcc
+	WIN_WRITEDMA_QUEUED_EXT                     = 0x36
+	WIN_WRITE_BUFFER                            = 0xe8
+	WIN_WRITE_EXT                               = 0x34
+	WIN_WRITE_LONG                              = 0x32
+	WIN_WRITE_LONG_ONCE                         = 0x33
+	WIN_WRITE_ONCE                              = 0x31
+	WIN_WRITE_SAME                              = 0xe9
+	WIN_WRITE_VERIFY                            = 0x3c
+	WNOHANG                                     = 0x1
+	WNOTHREAD                                   = 0x20000000
+	WNOWAIT                                     = 0x1000000
+	WSTOPPED                                    = 0x2
+	WUNTRACED                                   = 0x2
+	XATTR_CREATE                                = 0x1
+	XATTR_REPLACE                               = 0x2
+	XDP_COPY                                    = 0x2
+	XDP_FLAGS_DRV_MODE                          = 0x4
+	XDP_FLAGS_HW_MODE                           = 0x8
+	XDP_FLAGS_MASK                              = 0x1f
+	XDP_FLAGS_MODES                             = 0xe
+	XDP_FLAGS_REPLACE                           = 0x10
+	XDP_FLAGS_SKB_MODE                          = 0x2
+	XDP_FLAGS_UPDATE_IF_NOEXIST                 = 0x1
+	XDP_MMAP_OFFSETS                            = 0x1
+	XDP_OPTIONS                                 = 0x8
+	XDP_OPTIONS_ZEROCOPY                        = 0x1
+	XDP_PACKET_HEADROOM                         = 0x100
+	XDP_PGOFF_RX_RING                           = 0x0
+	XDP_PGOFF_TX_RING                           = 0x80000000
+	XDP_RING_NEED_WAKEUP                        = 0x1
+	XDP_RX_RING                                 = 0x2
+	XDP_SHARED_UMEM                             = 0x1
+	XDP_STATISTICS                              = 0x7
+	XDP_TX_RING                                 = 0x3
+	XDP_UMEM_COMPLETION_RING                    = 0x6
+	XDP_UMEM_FILL_RING                          = 0x5
+	XDP_UMEM_PGOFF_COMPLETION_RING              = 0x180000000
+	XDP_UMEM_PGOFF_FILL_RING                    = 0x100000000
+	XDP_UMEM_REG                                = 0x4
+	XDP_UMEM_UNALIGNED_CHUNK_FLAG               = 0x1
+	XDP_USE_NEED_WAKEUP                         = 0x8
+	XDP_ZEROCOPY                                = 0x4
+	XENFS_SUPER_MAGIC                           = 0xabba1974
+	XFS_SUPER_MAGIC                             = 0x58465342
+	Z3FOLD_MAGIC                                = 0x33
+	ZONEFS_MAGIC                                = 0x5a4f4653
+	ZSMALLOC_MAGIC                              = 0x58295829
+)
+
+// Errors
+const (
+	E2BIG       = syscall.Errno(0x7)
+	EACCES      = syscall.Errno(0xd)
+	EAGAIN      = syscall.Errno(0xb)
+	EBADF       = syscall.Errno(0x9)
+	EBUSY       = syscall.Errno(0x10)
+	ECHILD      = syscall.Errno(0xa)
+	EDOM        = syscall.Errno(0x21)
+	EEXIST      = syscall.Errno(0x11)
+	EFAULT      = syscall.Errno(0xe)
+	EFBIG       = syscall.Errno(0x1b)
+	EINTR       = syscall.Errno(0x4)
+	EINVAL      = syscall.Errno(0x16)
+	EIO         = syscall.Errno(0x5)
+	EISDIR      = syscall.Errno(0x15)
+	EMFILE      = syscall.Errno(0x18)
+	EMLINK      = syscall.Errno(0x1f)
+	ENFILE      = syscall.Errno(0x17)
+	ENODEV      = syscall.Errno(0x13)
+	ENOENT      = syscall.Errno(0x2)
+	ENOEXEC     = syscall.Errno(0x8)
+	ENOMEM      = syscall.Errno(0xc)
+	ENOSPC      = syscall.Errno(0x1c)
+	ENOTBLK     = syscall.Errno(0xf)
+	ENOTDIR     = syscall.Errno(0x14)
+	ENOTTY      = syscall.Errno(0x19)
+	ENXIO       = syscall.Errno(0x6)
+	EPERM       = syscall.Errno(0x1)
+	EPIPE       = syscall.Errno(0x20)
+	ERANGE      = syscall.Errno(0x22)
+	EROFS       = syscall.Errno(0x1e)
+	ESPIPE      = syscall.Errno(0x1d)
+	ESRCH       = syscall.Errno(0x3)
+	ETXTBSY     = syscall.Errno(0x1a)
+	EWOULDBLOCK = syscall.Errno(0xb)
+	EXDEV       = syscall.Errno(0x12)
+)
+
+// Signals
+const (
+	SIGABRT = syscall.Signal(0x6)
+	SIGALRM = syscall.Signal(0xe)
+	SIGFPE  = syscall.Signal(0x8)
+	SIGHUP  = syscall.Signal(0x1)
+	SIGILL  = syscall.Signal(0x4)
+	SIGINT  = syscall.Signal(0x2)
+	SIGIOT  = syscall.Signal(0x6)
+	SIGKILL = syscall.Signal(0x9)
+	SIGPIPE = syscall.Signal(0xd)
+	SIGQUIT = syscall.Signal(0x3)
+	SIGSEGV = syscall.Signal(0xb)
+	SIGTERM = syscall.Signal(0xf)
+	SIGTRAP = syscall.Signal(0x5)
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_linux_386.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
new file mode 100644
index 000000000..dd282c08b
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
@@ -0,0 +1,790 @@
+// mkerrors.sh -Wall -Werror -static -I/tmp/include -m32
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build 386,linux
+
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include -m32 _const.go
+
+package unix
+
+import "syscall"
+
+const (
+	B1000000                         = 0x1008
+	B115200                          = 0x1002
+	B1152000                         = 0x1009
+	B1500000                         = 0x100a
+	B2000000                         = 0x100b
+	B230400                          = 0x1003
+	B2500000                         = 0x100c
+	B3000000                         = 0x100d
+	B3500000                         = 0x100e
+	B4000000                         = 0x100f
+	B460800                          = 0x1004
+	B500000                          = 0x1005
+	B57600                           = 0x1001
+	B576000                          = 0x1006
+	B921600                          = 0x1007
+	BLKBSZGET                        = 0x80041270
+	BLKBSZSET                        = 0x40041271
+	BLKFLSBUF                        = 0x1261
+	BLKFRAGET                        = 0x1265
+	BLKFRASET                        = 0x1264
+	BLKGETSIZE                       = 0x1260
+	BLKGETSIZE64                     = 0x80041272
+	BLKPBSZGET                       = 0x127b
+	BLKRAGET                         = 0x1263
+	BLKRASET                         = 0x1262
+	BLKROGET                         = 0x125e
+	BLKROSET                         = 0x125d
+	BLKRRPART                        = 0x125f
+	BLKSECTGET                       = 0x1267
+	BLKSECTSET                       = 0x1266
+	BLKSSZGET                        = 0x1268
+	BOTHER                           = 0x1000
+	BS1                              = 0x2000
+	BSDLY                            = 0x2000
+	CBAUD                            = 0x100f
+	CBAUDEX                          = 0x1000
+	CIBAUD                           = 0x100f0000
+	CLOCAL                           = 0x800
+	CR1                              = 0x200
+	CR2                              = 0x400
+	CR3                              = 0x600
+	CRDLY                            = 0x600
+	CREAD                            = 0x80
+	CS6                              = 0x10
+	CS7                              = 0x20
+	CS8                              = 0x30
+	CSIZE                            = 0x30
+	CSTOPB                           = 0x40
+	ECHOCTL                          = 0x200
+	ECHOE                            = 0x10
+	ECHOK                            = 0x20
+	ECHOKE                           = 0x800
+	ECHONL                           = 0x40
+	ECHOPRT                          = 0x400
+	EFD_CLOEXEC                      = 0x80000
+	EFD_NONBLOCK                     = 0x800
+	EPOLL_CLOEXEC                    = 0x80000
+	EXTPROC                          = 0x10000
+	FF1                              = 0x8000
+	FFDLY                            = 0x8000
+	FICLONE                          = 0x40049409
+	FICLONERANGE                     = 0x4020940d
+	FLUSHO                           = 0x1000
+	FP_XSTATE_MAGIC2                 = 0x46505845
+	FS_IOC_ENABLE_VERITY             = 0x40806685
+	FS_IOC_GETFLAGS                  = 0x80046601
+	FS_IOC_GET_ENCRYPTION_NONCE      = 0x8010661b
+	FS_IOC_GET_ENCRYPTION_POLICY     = 0x400c6615
+	FS_IOC_GET_ENCRYPTION_PWSALT     = 0x40106614
+	FS_IOC_SETFLAGS                  = 0x40046602
+	FS_IOC_SET_ENCRYPTION_POLICY     = 0x800c6613
+	F_GETLK                          = 0xc
+	F_GETLK64                        = 0xc
+	F_GETOWN                         = 0x9
+	F_RDLCK                          = 0x0
+	F_SETLK                          = 0xd
+	F_SETLK64                        = 0xd
+	F_SETLKW                         = 0xe
+	F_SETLKW64                       = 0xe
+	F_SETOWN                         = 0x8
+	F_UNLCK                          = 0x2
+	F_WRLCK                          = 0x1
+	HUPCL                            = 0x400
+	ICANON                           = 0x2
+	IEXTEN                           = 0x8000
+	IN_CLOEXEC                       = 0x80000
+	IN_NONBLOCK                      = 0x800
+	IOCTL_VM_SOCKETS_GET_LOCAL_CID   = 0x7b9
+	ISIG                             = 0x1
+	IUCLC                            = 0x200
+	IXOFF                            = 0x1000
+	IXON                             = 0x400
+	MAP_32BIT                        = 0x40
+	MAP_ANON                         = 0x20
+	MAP_ANONYMOUS                    = 0x20
+	MAP_DENYWRITE                    = 0x800
+	MAP_EXECUTABLE                   = 0x1000
+	MAP_GROWSDOWN                    = 0x100
+	MAP_HUGETLB                      = 0x40000
+	MAP_LOCKED                       = 0x2000
+	MAP_NONBLOCK                     = 0x10000
+	MAP_NORESERVE                    = 0x4000
+	MAP_POPULATE                     = 0x8000
+	MAP_STACK                        = 0x20000
+	MAP_SYNC                         = 0x80000
+	MCL_CURRENT                      = 0x1
+	MCL_FUTURE                       = 0x2
+	MCL_ONFAULT                      = 0x4
+	NFDBITS                          = 0x20
+	NLDLY                            = 0x100
+	NOFLSH                           = 0x80
+	NS_GET_NSTYPE                    = 0xb703
+	NS_GET_OWNER_UID                 = 0xb704
+	NS_GET_PARENT                    = 0xb702
+	NS_GET_USERNS                    = 0xb701
+	OLCUC                            = 0x2
+	ONLCR                            = 0x4
+	O_APPEND                         = 0x400
+	O_ASYNC                          = 0x2000
+	O_CLOEXEC                        = 0x80000
+	O_CREAT                          = 0x40
+	O_DIRECT                         = 0x4000
+	O_DIRECTORY                      = 0x10000
+	O_DSYNC                          = 0x1000
+	O_EXCL                           = 0x80
+	O_FSYNC                          = 0x101000
+	O_LARGEFILE                      = 0x8000
+	O_NDELAY                         = 0x800
+	O_NOATIME                        = 0x40000
+	O_NOCTTY                         = 0x100
+	O_NOFOLLOW                       = 0x20000
+	O_NONBLOCK                       = 0x800
+	O_PATH                           = 0x200000
+	O_RSYNC                          = 0x101000
+	O_SYNC                           = 0x101000
+	O_TMPFILE                        = 0x410000
+	O_TRUNC                          = 0x200
+	PARENB                           = 0x100
+	PARODD                           = 0x200
+	PENDIN                           = 0x4000
+	PERF_EVENT_IOC_DISABLE           = 0x2401
+	PERF_EVENT_IOC_ENABLE            = 0x2400
+	PERF_EVENT_IOC_ID                = 0x80042407
+	PERF_EVENT_IOC_MODIFY_ATTRIBUTES = 0x4004240b
+	PERF_EVENT_IOC_PAUSE_OUTPUT      = 0x40042409
+	PERF_EVENT_IOC_PERIOD            = 0x40082404
+	PERF_EVENT_IOC_QUERY_BPF         = 0xc004240a
+	PERF_EVENT_IOC_REFRESH           = 0x2402
+	PERF_EVENT_IOC_RESET             = 0x2403
+	PERF_EVENT_IOC_SET_BPF           = 0x40042408
+	PERF_EVENT_IOC_SET_FILTER        = 0x40042406
+	PERF_EVENT_IOC_SET_OUTPUT        = 0x2405
+	PPPIOCATTACH                     = 0x4004743d
+	PPPIOCATTCHAN                    = 0x40047438
+	PPPIOCCONNECT                    = 0x4004743a
+	PPPIOCDETACH                     = 0x4004743c
+	PPPIOCDISCONN                    = 0x7439
+	PPPIOCGASYNCMAP                  = 0x80047458
+	PPPIOCGCHAN                      = 0x80047437
+	PPPIOCGDEBUG                     = 0x80047441
+	PPPIOCGFLAGS                     = 0x8004745a
+	PPPIOCGIDLE                      = 0x8008743f
+	PPPIOCGIDLE32                    = 0x8008743f
+	PPPIOCGIDLE64                    = 0x8010743f
+	PPPIOCGL2TPSTATS                 = 0x80487436
+	PPPIOCGMRU                       = 0x80047453
+	PPPIOCGRASYNCMAP                 = 0x80047455
+	PPPIOCGUNIT                      = 0x80047456
+	PPPIOCGXASYNCMAP                 = 0x80207450
+	PPPIOCSACTIVE                    = 0x40087446
+	PPPIOCSASYNCMAP                  = 0x40047457
+	PPPIOCSCOMPRESS                  = 0x400c744d
+	PPPIOCSDEBUG                     = 0x40047440
+	PPPIOCSFLAGS                     = 0x40047459
+	PPPIOCSMAXCID                    = 0x40047451
+	PPPIOCSMRRU                      = 0x4004743b
+	PPPIOCSMRU                       = 0x40047452
+	PPPIOCSNPMODE                    = 0x4008744b
+	PPPIOCSPASS                      = 0x40087447
+	PPPIOCSRASYNCMAP                 = 0x40047454
+	PPPIOCSXASYNCMAP                 = 0x4020744f
+	PPPIOCXFERUNIT                   = 0x744e
+	PR_SET_PTRACER_ANY               = 0xffffffff
+	PTRACE_GETFPREGS                 = 0xe
+	PTRACE_GETFPXREGS                = 0x12
+	PTRACE_GET_THREAD_AREA           = 0x19
+	PTRACE_OLDSETOPTIONS             = 0x15
+	PTRACE_SETFPREGS                 = 0xf
+	PTRACE_SETFPXREGS                = 0x13
+	PTRACE_SET_THREAD_AREA           = 0x1a
+	PTRACE_SINGLEBLOCK               = 0x21
+	PTRACE_SYSEMU                    = 0x1f
+	PTRACE_SYSEMU_SINGLESTEP         = 0x20
+	RLIMIT_AS                        = 0x9
+	RLIMIT_MEMLOCK                   = 0x8
+	RLIMIT_NOFILE                    = 0x7
+	RLIMIT_NPROC                     = 0x6
+	RLIMIT_RSS                       = 0x5
+	RNDADDENTROPY                    = 0x40085203
+	RNDADDTOENTCNT                   = 0x40045201
+	RNDCLEARPOOL                     = 0x5206
+	RNDGETENTCNT                     = 0x80045200
+	RNDGETPOOL                       = 0x80085202
+	RNDRESEEDCRNG                    = 0x5207
+	RNDZAPENTCNT                     = 0x5204
+	RTC_AIE_OFF                      = 0x7002
+	RTC_AIE_ON                       = 0x7001
+	RTC_ALM_READ                     = 0x80247008
+	RTC_ALM_SET                      = 0x40247007
+	RTC_EPOCH_READ                   = 0x8004700d
+	RTC_EPOCH_SET                    = 0x4004700e
+	RTC_IRQP_READ                    = 0x8004700b
+	RTC_IRQP_SET                     = 0x4004700c
+	RTC_PIE_OFF                      = 0x7006
+	RTC_PIE_ON                       = 0x7005
+	RTC_PLL_GET                      = 0x801c7011
+	RTC_PLL_SET                      = 0x401c7012
+	RTC_RD_TIME                      = 0x80247009
+	RTC_SET_TIME                     = 0x4024700a
+	RTC_UIE_OFF                      = 0x7004
+	RTC_UIE_ON                       = 0x7003
+	RTC_VL_CLR                       = 0x7014
+	RTC_VL_READ                      = 0x80047013
+	RTC_WIE_OFF                      = 0x7010
+	RTC_WIE_ON                       = 0x700f
+	RTC_WKALM_RD                     = 0x80287010
+	RTC_WKALM_SET                    = 0x4028700f
+	SCM_TIMESTAMPING                 = 0x25
+	SCM_TIMESTAMPING_OPT_STATS       = 0x36
+	SCM_TIMESTAMPING_PKTINFO         = 0x3a
+	SCM_TIMESTAMPNS                  = 0x23
+	SCM_TXTIME                       = 0x3d
+	SCM_WIFI_STATUS                  = 0x29
+	SFD_CLOEXEC                      = 0x80000
+	SFD_NONBLOCK                     = 0x800
+	SIOCATMARK                       = 0x8905
+	SIOCGPGRP                        = 0x8904
+	SIOCGSTAMPNS_NEW                 = 0x80108907
+	SIOCGSTAMP_NEW                   = 0x80108906
+	SIOCINQ                          = 0x541b
+	SIOCOUTQ                         = 0x5411
+	SIOCSPGRP                        = 0x8902
+	SOCK_CLOEXEC                     = 0x80000
+	SOCK_DGRAM                       = 0x2
+	SOCK_NONBLOCK                    = 0x800
+	SOCK_STREAM                      = 0x1
+	SOL_SOCKET                       = 0x1
+	SO_ACCEPTCONN                    = 0x1e
+	SO_ATTACH_BPF                    = 0x32
+	SO_ATTACH_REUSEPORT_CBPF         = 0x33
+	SO_ATTACH_REUSEPORT_EBPF         = 0x34
+	SO_BINDTODEVICE                  = 0x19
+	SO_BINDTOIFINDEX                 = 0x3e
+	SO_BPF_EXTENSIONS                = 0x30
+	SO_BROADCAST                     = 0x6
+	SO_BSDCOMPAT                     = 0xe
+	SO_BUSY_POLL                     = 0x2e
+	SO_CNX_ADVICE                    = 0x35
+	SO_COOKIE                        = 0x39
+	SO_DETACH_REUSEPORT_BPF          = 0x44
+	SO_DOMAIN                        = 0x27
+	SO_DONTROUTE                     = 0x5
+	SO_ERROR                         = 0x4
+	SO_INCOMING_CPU                  = 0x31
+	SO_INCOMING_NAPI_ID              = 0x38
+	SO_KEEPALIVE                     = 0x9
+	SO_LINGER                        = 0xd
+	SO_LOCK_FILTER                   = 0x2c
+	SO_MARK                          = 0x24
+	SO_MAX_PACING_RATE               = 0x2f
+	SO_MEMINFO                       = 0x37
+	SO_NOFCS                         = 0x2b
+	SO_OOBINLINE                     = 0xa
+	SO_PASSCRED                      = 0x10
+	SO_PASSSEC                       = 0x22
+	SO_PEEK_OFF                      = 0x2a
+	SO_PEERCRED                      = 0x11
+	SO_PEERGROUPS                    = 0x3b
+	SO_PEERSEC                       = 0x1f
+	SO_PROTOCOL                      = 0x26
+	SO_RCVBUF                        = 0x8
+	SO_RCVBUFFORCE                   = 0x21
+	SO_RCVLOWAT                      = 0x12
+	SO_RCVTIMEO                      = 0x14
+	SO_RCVTIMEO_NEW                  = 0x42
+	SO_RCVTIMEO_OLD                  = 0x14
+	SO_REUSEADDR                     = 0x2
+	SO_REUSEPORT                     = 0xf
+	SO_RXQ_OVFL                      = 0x28
+	SO_SECURITY_AUTHENTICATION       = 0x16
+	SO_SECURITY_ENCRYPTION_NETWORK   = 0x18
+	SO_SECURITY_ENCRYPTION_TRANSPORT = 0x17
+	SO_SELECT_ERR_QUEUE              = 0x2d
+	SO_SNDBUF                        = 0x7
+	SO_SNDBUFFORCE                   = 0x20
+	SO_SNDLOWAT                      = 0x13
+	SO_SNDTIMEO                      = 0x15
+	SO_SNDTIMEO_NEW                  = 0x43
+	SO_SNDTIMEO_OLD                  = 0x15
+	SO_TIMESTAMPING                  = 0x25
+	SO_TIMESTAMPING_NEW              = 0x41
+	SO_TIMESTAMPING_OLD              = 0x25
+	SO_TIMESTAMPNS                   = 0x23
+	SO_TIMESTAMPNS_NEW               = 0x40
+	SO_TIMESTAMPNS_OLD               = 0x23
+	SO_TIMESTAMP_NEW                 = 0x3f
+	SO_TXTIME                        = 0x3d
+	SO_TYPE                          = 0x3
+	SO_WIFI_STATUS                   = 0x29
+	SO_ZEROCOPY                      = 0x3c
+	TAB1                             = 0x800
+	TAB2                             = 0x1000
+	TAB3                             = 0x1800
+	TABDLY                           = 0x1800
+	TCFLSH                           = 0x540b
+	TCGETA                           = 0x5405
+	TCGETS                           = 0x5401
+	TCGETS2                          = 0x802c542a
+	TCGETX                           = 0x5432
+	TCSAFLUSH                        = 0x2
+	TCSBRK                           = 0x5409
+	TCSBRKP                          = 0x5425
+	TCSETA                           = 0x5406
+	TCSETAF                          = 0x5408
+	TCSETAW                          = 0x5407
+	TCSETS                           = 0x5402
+	TCSETS2                          = 0x402c542b
+	TCSETSF                          = 0x5404
+	TCSETSF2                         = 0x402c542d
+	TCSETSW                          = 0x5403
+	TCSETSW2                         = 0x402c542c
+	TCSETX                           = 0x5433
+	TCSETXF                          = 0x5434
+	TCSETXW                          = 0x5435
+	TCXONC                           = 0x540a
+	TFD_CLOEXEC                      = 0x80000
+	TFD_NONBLOCK                     = 0x800
+	TIOCCBRK                         = 0x5428
+	TIOCCONS                         = 0x541d
+	TIOCEXCL                         = 0x540c
+	TIOCGDEV                         = 0x80045432
+	TIOCGETD                         = 0x5424
+	TIOCGEXCL                        = 0x80045440
+	TIOCGICOUNT                      = 0x545d
+	TIOCGISO7816                     = 0x80285442
+	TIOCGLCKTRMIOS                   = 0x5456
+	TIOCGPGRP                        = 0x540f
+	TIOCGPKT                         = 0x80045438
+	TIOCGPTLCK                       = 0x80045439
+	TIOCGPTN                         = 0x80045430
+	TIOCGPTPEER                      = 0x5441
+	TIOCGRS485                       = 0x542e
+	TIOCGSERIAL                      = 0x541e
+	TIOCGSID                         = 0x5429
+	TIOCGSOFTCAR                     = 0x5419
+	TIOCGWINSZ                       = 0x5413
+	TIOCINQ                          = 0x541b
+	TIOCLINUX                        = 0x541c
+	TIOCMBIC                         = 0x5417
+	TIOCMBIS                         = 0x5416
+	TIOCMGET                         = 0x5415
+	TIOCMIWAIT                       = 0x545c
+	TIOCMSET                         = 0x5418
+	TIOCM_CAR                        = 0x40
+	TIOCM_CD                         = 0x40
+	TIOCM_CTS                        = 0x20
+	TIOCM_DSR                        = 0x100
+	TIOCM_RI                         = 0x80
+	TIOCM_RNG                        = 0x80
+	TIOCM_SR                         = 0x10
+	TIOCM_ST                         = 0x8
+	TIOCNOTTY                        = 0x5422
+	TIOCNXCL                         = 0x540d
+	TIOCOUTQ                         = 0x5411
+	TIOCPKT                          = 0x5420
+	TIOCSBRK                         = 0x5427
+	TIOCSCTTY                        = 0x540e
+	TIOCSERCONFIG                    = 0x5453
+	TIOCSERGETLSR                    = 0x5459
+	TIOCSERGETMULTI                  = 0x545a
+	TIOCSERGSTRUCT                   = 0x5458
+	TIOCSERGWILD                     = 0x5454
+	TIOCSERSETMULTI                  = 0x545b
+	TIOCSERSWILD                     = 0x5455
+	TIOCSER_TEMT                     = 0x1
+	TIOCSETD                         = 0x5423
+	TIOCSIG                          = 0x40045436
+	TIOCSISO7816                     = 0xc0285443
+	TIOCSLCKTRMIOS                   = 0x5457
+	TIOCSPGRP                        = 0x5410
+	TIOCSPTLCK                       = 0x40045431
+	TIOCSRS485                       = 0x542f
+	TIOCSSERIAL                      = 0x541f
+	TIOCSSOFTCAR                     = 0x541a
+	TIOCSTI                          = 0x5412
+	TIOCSWINSZ                       = 0x5414
+	TIOCVHANGUP                      = 0x5437
+	TOSTOP                           = 0x100
+	TUNATTACHFILTER                  = 0x400854d5
+	TUNDETACHFILTER                  = 0x400854d6
+	TUNGETDEVNETNS                   = 0x54e3
+	TUNGETFEATURES                   = 0x800454cf
+	TUNGETFILTER                     = 0x800854db
+	TUNGETIFF                        = 0x800454d2
+	TUNGETSNDBUF                     = 0x800454d3
+	TUNGETVNETBE                     = 0x800454df
+	TUNGETVNETHDRSZ                  = 0x800454d7
+	TUNGETVNETLE                     = 0x800454dd
+	TUNSETCARRIER                    = 0x400454e2
+	TUNSETDEBUG                      = 0x400454c9
+	TUNSETFILTEREBPF                 = 0x800454e1
+	TUNSETGROUP                      = 0x400454ce
+	TUNSETIFF                        = 0x400454ca
+	TUNSETIFINDEX                    = 0x400454da
+	TUNSETLINK                       = 0x400454cd
+	TUNSETNOCSUM                     = 0x400454c8
+	TUNSETOFFLOAD                    = 0x400454d0
+	TUNSETOWNER                      = 0x400454cc
+	TUNSETPERSIST                    = 0x400454cb
+	TUNSETQUEUE                      = 0x400454d9
+	TUNSETSNDBUF                     = 0x400454d4
+	TUNSETSTEERINGEBPF               = 0x800454e0
+	TUNSETTXFILTER                   = 0x400454d1
+	TUNSETVNETBE                     = 0x400454de
+	TUNSETVNETHDRSZ                  = 0x400454d8
+	TUNSETVNETLE                     = 0x400454dc
+	UBI_IOCATT                       = 0x40186f40
+	UBI_IOCDET                       = 0x40046f41
+	UBI_IOCEBCH                      = 0x40044f02
+	UBI_IOCEBER                      = 0x40044f01
+	UBI_IOCEBISMAP                   = 0x80044f05
+	UBI_IOCEBMAP                     = 0x40084f03
+	UBI_IOCEBUNMAP                   = 0x40044f04
+	UBI_IOCMKVOL                     = 0x40986f00
+	UBI_IOCRMVOL                     = 0x40046f01
+	UBI_IOCRNVOL                     = 0x51106f03
+	UBI_IOCRPEB                      = 0x40046f04
+	UBI_IOCRSVOL                     = 0x400c6f02
+	UBI_IOCSETVOLPROP                = 0x40104f06
+	UBI_IOCSPEB                      = 0x40046f05
+	UBI_IOCVOLCRBLK                  = 0x40804f07
+	UBI_IOCVOLRMBLK                  = 0x4f08
+	UBI_IOCVOLUP                     = 0x40084f00
+	VDISCARD                         = 0xd
+	VEOF                             = 0x4
+	VEOL                             = 0xb
+	VEOL2                            = 0x10
+	VMIN                             = 0x6
+	VREPRINT                         = 0xc
+	VSTART                           = 0x8
+	VSTOP                            = 0x9
+	VSUSP                            = 0xa
+	VSWTC                            = 0x7
+	VT1                              = 0x4000
+	VTDLY                            = 0x4000
+	VTIME                            = 0x5
+	VWERASE                          = 0xe
+	WDIOC_GETBOOTSTATUS              = 0x80045702
+	WDIOC_GETPRETIMEOUT              = 0x80045709
+	WDIOC_GETSTATUS                  = 0x80045701
+	WDIOC_GETSUPPORT                 = 0x80285700
+	WDIOC_GETTEMP                    = 0x80045703
+	WDIOC_GETTIMELEFT                = 0x8004570a
+	WDIOC_GETTIMEOUT                 = 0x80045707
+	WDIOC_KEEPALIVE                  = 0x80045705
+	WDIOC_SETOPTIONS                 = 0x80045704
+	WORDSIZE                         = 0x20
+	X86_FXSR_MAGIC                   = 0x0
+	XCASE                            = 0x4
+	XTABS                            = 0x1800
+)
+
+// Errors
+const (
+	EADDRINUSE      = syscall.Errno(0x62)
+	EADDRNOTAVAIL   = syscall.Errno(0x63)
+	EADV            = syscall.Errno(0x44)
+	EAFNOSUPPORT    = syscall.Errno(0x61)
+	EALREADY        = syscall.Errno(0x72)
+	EBADE           = syscall.Errno(0x34)
+	EBADFD          = syscall.Errno(0x4d)
+	EBADMSG         = syscall.Errno(0x4a)
+	EBADR           = syscall.Errno(0x35)
+	EBADRQC         = syscall.Errno(0x38)
+	EBADSLT         = syscall.Errno(0x39)
+	EBFONT          = syscall.Errno(0x3b)
+	ECANCELED       = syscall.Errno(0x7d)
+	ECHRNG          = syscall.Errno(0x2c)
+	ECOMM           = syscall.Errno(0x46)
+	ECONNABORTED    = syscall.Errno(0x67)
+	ECONNREFUSED    = syscall.Errno(0x6f)
+	ECONNRESET      = syscall.Errno(0x68)
+	EDEADLK         = syscall.Errno(0x23)
+	EDEADLOCK       = syscall.Errno(0x23)
+	EDESTADDRREQ    = syscall.Errno(0x59)
+	EDOTDOT         = syscall.Errno(0x49)
+	EDQUOT          = syscall.Errno(0x7a)
+	EHOSTDOWN       = syscall.Errno(0x70)
+	EHOSTUNREACH    = syscall.Errno(0x71)
+	EHWPOISON       = syscall.Errno(0x85)
+	EIDRM           = syscall.Errno(0x2b)
+	EILSEQ          = syscall.Errno(0x54)
+	EINPROGRESS     = syscall.Errno(0x73)
+	EISCONN         = syscall.Errno(0x6a)
+	EISNAM          = syscall.Errno(0x78)
+	EKEYEXPIRED     = syscall.Errno(0x7f)
+	EKEYREJECTED    = syscall.Errno(0x81)
+	EKEYREVOKED     = syscall.Errno(0x80)
+	EL2HLT          = syscall.Errno(0x33)
+	EL2NSYNC        = syscall.Errno(0x2d)
+	EL3HLT          = syscall.Errno(0x2e)
+	EL3RST          = syscall.Errno(0x2f)
+	ELIBACC         = syscall.Errno(0x4f)
+	ELIBBAD         = syscall.Errno(0x50)
+	ELIBEXEC        = syscall.Errno(0x53)
+	ELIBMAX         = syscall.Errno(0x52)
+	ELIBSCN         = syscall.Errno(0x51)
+	ELNRNG          = syscall.Errno(0x30)
+	ELOOP           = syscall.Errno(0x28)
+	EMEDIUMTYPE     = syscall.Errno(0x7c)
+	EMSGSIZE        = syscall.Errno(0x5a)
+	EMULTIHOP       = syscall.Errno(0x48)
+	ENAMETOOLONG    = syscall.Errno(0x24)
+	ENAVAIL         = syscall.Errno(0x77)
+	ENETDOWN        = syscall.Errno(0x64)
+	ENETRESET       = syscall.Errno(0x66)
+	ENETUNREACH     = syscall.Errno(0x65)
+	ENOANO          = syscall.Errno(0x37)
+	ENOBUFS         = syscall.Errno(0x69)
+	ENOCSI          = syscall.Errno(0x32)
+	ENODATA         = syscall.Errno(0x3d)
+	ENOKEY          = syscall.Errno(0x7e)
+	ENOLCK          = syscall.Errno(0x25)
+	ENOLINK         = syscall.Errno(0x43)
+	ENOMEDIUM       = syscall.Errno(0x7b)
+	ENOMSG          = syscall.Errno(0x2a)
+	ENONET          = syscall.Errno(0x40)
+	ENOPKG          = syscall.Errno(0x41)
+	ENOPROTOOPT     = syscall.Errno(0x5c)
+	ENOSR           = syscall.Errno(0x3f)
+	ENOSTR          = syscall.Errno(0x3c)
+	ENOSYS          = syscall.Errno(0x26)
+	ENOTCONN        = syscall.Errno(0x6b)
+	ENOTEMPTY       = syscall.Errno(0x27)
+	ENOTNAM         = syscall.Errno(0x76)
+	ENOTRECOVERABLE = syscall.Errno(0x83)
+	ENOTSOCK        = syscall.Errno(0x58)
+	ENOTSUP         = syscall.Errno(0x5f)
+	ENOTUNIQ        = syscall.Errno(0x4c)
+	EOPNOTSUPP      = syscall.Errno(0x5f)
+	EOVERFLOW       = syscall.Errno(0x4b)
+	EOWNERDEAD      = syscall.Errno(0x82)
+	EPFNOSUPPORT    = syscall.Errno(0x60)
+	EPROTO          = syscall.Errno(0x47)
+	EPROTONOSUPPORT = syscall.Errno(0x5d)
+	EPROTOTYPE      = syscall.Errno(0x5b)
+	EREMCHG         = syscall.Errno(0x4e)
+	EREMOTE         = syscall.Errno(0x42)
+	EREMOTEIO       = syscall.Errno(0x79)
+	ERESTART        = syscall.Errno(0x55)
+	ERFKILL         = syscall.Errno(0x84)
+	ESHUTDOWN       = syscall.Errno(0x6c)
+	ESOCKTNOSUPPORT = syscall.Errno(0x5e)
+	ESRMNT          = syscall.Errno(0x45)
+	ESTALE          = syscall.Errno(0x74)
+	ESTRPIPE        = syscall.Errno(0x56)
+	ETIME           = syscall.Errno(0x3e)
+	ETIMEDOUT       = syscall.Errno(0x6e)
+	ETOOMANYREFS    = syscall.Errno(0x6d)
+	EUCLEAN         = syscall.Errno(0x75)
+	EUNATCH         = syscall.Errno(0x31)
+	EUSERS          = syscall.Errno(0x57)
+	EXFULL          = syscall.Errno(0x36)
+)
+
+// Signals
+const (
+	SIGBUS    = syscall.Signal(0x7)
+	SIGCHLD   = syscall.Signal(0x11)
+	SIGCLD    = syscall.Signal(0x11)
+	SIGCONT   = syscall.Signal(0x12)
+	SIGIO     = syscall.Signal(0x1d)
+	SIGPOLL   = syscall.Signal(0x1d)
+	SIGPROF   = syscall.Signal(0x1b)
+	SIGPWR    = syscall.Signal(0x1e)
+	SIGSTKFLT = syscall.Signal(0x10)
+	SIGSTOP   = syscall.Signal(0x13)
+	SIGSYS    = syscall.Signal(0x1f)
+	SIGTSTP   = syscall.Signal(0x14)
+	SIGTTIN   = syscall.Signal(0x15)
+	SIGTTOU   = syscall.Signal(0x16)
+	SIGURG    = syscall.Signal(0x17)
+	SIGUSR1   = syscall.Signal(0xa)
+	SIGUSR2   = syscall.Signal(0xc)
+	SIGVTALRM = syscall.Signal(0x1a)
+	SIGWINCH  = syscall.Signal(0x1c)
+	SIGXCPU   = syscall.Signal(0x18)
+	SIGXFSZ   = syscall.Signal(0x19)
+)
+
+// Error table
+var errorList = [...]struct {
+	num  syscall.Errno
+	name string
+	desc string
+}{
+	{1, "EPERM", "operation not permitted"},
+	{2, "ENOENT", "no such file or directory"},
+	{3, "ESRCH", "no such process"},
+	{4, "EINTR", "interrupted system call"},
+	{5, "EIO", "input/output error"},
+	{6, "ENXIO", "no such device or address"},
+	{7, "E2BIG", "argument list too long"},
+	{8, "ENOEXEC", "exec format error"},
+	{9, "EBADF", "bad file descriptor"},
+	{10, "ECHILD", "no child processes"},
+	{11, "EAGAIN", "resource temporarily unavailable"},
+	{12, "ENOMEM", "cannot allocate memory"},
+	{13, "EACCES", "permission denied"},
+	{14, "EFAULT", "bad address"},
+	{15, "ENOTBLK", "block device required"},
+	{16, "EBUSY", "device or resource busy"},
+	{17, "EEXIST", "file exists"},
+	{18, "EXDEV", "invalid cross-device link"},
+	{19, "ENODEV", "no such device"},
+	{20, "ENOTDIR", "not a directory"},
+	{21, "EISDIR", "is a directory"},
+	{22, "EINVAL", "invalid argument"},
+	{23, "ENFILE", "too many open files in system"},
+	{24, "EMFILE", "too many open files"},
+	{25, "ENOTTY", "inappropriate ioctl for device"},
+	{26, "ETXTBSY", "text file busy"},
+	{27, "EFBIG", "file too large"},
+	{28, "ENOSPC", "no space left on device"},
+	{29, "ESPIPE", "illegal seek"},
+	{30, "EROFS", "read-only file system"},
+	{31, "EMLINK", "too many links"},
+	{32, "EPIPE", "broken pipe"},
+	{33, "EDOM", "numerical argument out of domain"},
+	{34, "ERANGE", "numerical result out of range"},
+	{35, "EDEADLK", "resource deadlock avoided"},
+	{36, "ENAMETOOLONG", "file name too long"},
+	{37, "ENOLCK", "no locks available"},
+	{38, "ENOSYS", "function not implemented"},
+	{39, "ENOTEMPTY", "directory not empty"},
+	{40, "ELOOP", "too many levels of symbolic links"},
+	{42, "ENOMSG", "no message of desired type"},
+	{43, "EIDRM", "identifier removed"},
+	{44, "ECHRNG", "channel number out of range"},
+	{45, "EL2NSYNC", "level 2 not synchronized"},
+	{46, "EL3HLT", "level 3 halted"},
+	{47, "EL3RST", "level 3 reset"},
+	{48, "ELNRNG", "link number out of range"},
+	{49, "EUNATCH", "protocol driver not attached"},
+	{50, "ENOCSI", "no CSI structure available"},
+	{51, "EL2HLT", "level 2 halted"},
+	{52, "EBADE", "invalid exchange"},
+	{53, "EBADR", "invalid request descriptor"},
+	{54, "EXFULL", "exchange full"},
+	{55, "ENOANO", "no anode"},
+	{56, "EBADRQC", "invalid request code"},
+	{57, "EBADSLT", "invalid slot"},
+	{59, "EBFONT", "bad font file format"},
+	{60, "ENOSTR", "device not a stream"},
+	{61, "ENODATA", "no data available"},
+	{62, "ETIME", "timer expired"},
+	{63, "ENOSR", "out of streams resources"},
+	{64, "ENONET", "machine is not on the network"},
+	{65, "ENOPKG", "package not installed"},
+	{66, "EREMOTE", "object is remote"},
+	{67, "ENOLINK", "link has been severed"},
+	{68, "EADV", "advertise error"},
+	{69, "ESRMNT", "srmount error"},
+	{70, "ECOMM", "communication error on send"},
+	{71, "EPROTO", "protocol error"},
+	{72, "EMULTIHOP", "multihop attempted"},
+	{73, "EDOTDOT", "RFS specific error"},
+	{74, "EBADMSG", "bad message"},
+	{75, "EOVERFLOW", "value too large for defined data type"},
+	{76, "ENOTUNIQ", "name not unique on network"},
+	{77, "EBADFD", "file descriptor in bad state"},
+	{78, "EREMCHG", "remote address changed"},
+	{79, "ELIBACC", "can not access a needed shared library"},
+	{80, "ELIBBAD", "accessing a corrupted shared library"},
+	{81, "ELIBSCN", ".lib section in a.out corrupted"},
+	{82, "ELIBMAX", "attempting to link in too many shared libraries"},
+	{83, "ELIBEXEC", "cannot exec a shared library directly"},
+	{84, "EILSEQ", "invalid or incomplete multibyte or wide character"},
+	{85, "ERESTART", "interrupted system call should be restarted"},
+	{86, "ESTRPIPE", "streams pipe error"},
+	{87, "EUSERS", "too many users"},
+	{88, "ENOTSOCK", "socket operation on non-socket"},
+	{89, "EDESTADDRREQ", "destination address required"},
+	{90, "EMSGSIZE", "message too long"},
+	{91, "EPROTOTYPE", "protocol wrong type for socket"},
+	{92, "ENOPROTOOPT", "protocol not available"},
+	{93, "EPROTONOSUPPORT", "protocol not supported"},
+	{94, "ESOCKTNOSUPPORT", "socket type not supported"},
+	{95, "ENOTSUP", "operation not supported"},
+	{96, "EPFNOSUPPORT", "protocol family not supported"},
+	{97, "EAFNOSUPPORT", "address family not supported by protocol"},
+	{98, "EADDRINUSE", "address already in use"},
+	{99, "EADDRNOTAVAIL", "cannot assign requested address"},
+	{100, "ENETDOWN", "network is down"},
+	{101, "ENETUNREACH", "network is unreachable"},
+	{102, "ENETRESET", "network dropped connection on reset"},
+	{103, "ECONNABORTED", "software caused connection abort"},
+	{104, "ECONNRESET", "connection reset by peer"},
+	{105, "ENOBUFS", "no buffer space available"},
+	{106, "EISCONN", "transport endpoint is already connected"},
+	{107, "ENOTCONN", "transport endpoint is not connected"},
+	{108, "ESHUTDOWN", "cannot send after transport endpoint shutdown"},
+	{109, "ETOOMANYREFS", "too many references: cannot splice"},
+	{110, "ETIMEDOUT", "connection timed out"},
+	{111, "ECONNREFUSED", "connection refused"},
+	{112, "EHOSTDOWN", "host is down"},
+	{113, "EHOSTUNREACH", "no route to host"},
+	{114, "EALREADY", "operation already in progress"},
+	{115, "EINPROGRESS", "operation now in progress"},
+	{116, "ESTALE", "stale file handle"},
+	{117, "EUCLEAN", "structure needs cleaning"},
+	{118, "ENOTNAM", "not a XENIX named type file"},
+	{119, "ENAVAIL", "no XENIX semaphores available"},
+	{120, "EISNAM", "is a named type file"},
+	{121, "EREMOTEIO", "remote I/O error"},
+	{122, "EDQUOT", "disk quota exceeded"},
+	{123, "ENOMEDIUM", "no medium found"},
+	{124, "EMEDIUMTYPE", "wrong medium type"},
+	{125, "ECANCELED", "operation canceled"},
+	{126, "ENOKEY", "required key not available"},
+	{127, "EKEYEXPIRED", "key has expired"},
+	{128, "EKEYREVOKED", "key has been revoked"},
+	{129, "EKEYREJECTED", "key was rejected by service"},
+	{130, "EOWNERDEAD", "owner died"},
+	{131, "ENOTRECOVERABLE", "state not recoverable"},
+	{132, "ERFKILL", "operation not possible due to RF-kill"},
+	{133, "EHWPOISON", "memory page has hardware error"},
+}
+
+// Signal table
+var signalList = [...]struct {
+	num  syscall.Signal
+	name string
+	desc string
+}{
+	{1, "SIGHUP", "hangup"},
+	{2, "SIGINT", "interrupt"},
+	{3, "SIGQUIT", "quit"},
+	{4, "SIGILL", "illegal instruction"},
+	{5, "SIGTRAP", "trace/breakpoint trap"},
+	{6, "SIGABRT", "aborted"},
+	{7, "SIGBUS", "bus error"},
+	{8, "SIGFPE", "floating point exception"},
+	{9, "SIGKILL", "killed"},
+	{10, "SIGUSR1", "user defined signal 1"},
+	{11, "SIGSEGV", "segmentation fault"},
+	{12, "SIGUSR2", "user defined signal 2"},
+	{13, "SIGPIPE", "broken pipe"},
+	{14, "SIGALRM", "alarm clock"},
+	{15, "SIGTERM", "terminated"},
+	{16, "SIGSTKFLT", "stack fault"},
+	{17, "SIGCHLD", "child exited"},
+	{18, "SIGCONT", "continued"},
+	{19, "SIGSTOP", "stopped (signal)"},
+	{20, "SIGTSTP", "stopped"},
+	{21, "SIGTTIN", "stopped (tty input)"},
+	{22, "SIGTTOU", "stopped (tty output)"},
+	{23, "SIGURG", "urgent I/O condition"},
+	{24, "SIGXCPU", "CPU time limit exceeded"},
+	{25, "SIGXFSZ", "file size limit exceeded"},
+	{26, "SIGVTALRM", "virtual timer expired"},
+	{27, "SIGPROF", "profiling timer expired"},
+	{28, "SIGWINCH", "window changed"},
+	{29, "SIGIO", "I/O possible"},
+	{30, "SIGPWR", "power failure"},
+	{31, "SIGSYS", "bad system call"},
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
new file mode 100644
index 000000000..82fc93c7b
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
@@ -0,0 +1,790 @@
+// mkerrors.sh -Wall -Werror -static -I/tmp/include -m64
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build amd64,linux
+
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include -m64 _const.go
+
+package unix
+
+import "syscall"
+
+const (
+	B1000000                         = 0x1008
+	B115200                          = 0x1002
+	B1152000                         = 0x1009
+	B1500000                         = 0x100a
+	B2000000                         = 0x100b
+	B230400                          = 0x1003
+	B2500000                         = 0x100c
+	B3000000                         = 0x100d
+	B3500000                         = 0x100e
+	B4000000                         = 0x100f
+	B460800                          = 0x1004
+	B500000                          = 0x1005
+	B57600                           = 0x1001
+	B576000                          = 0x1006
+	B921600                          = 0x1007
+	BLKBSZGET                        = 0x80081270
+	BLKBSZSET                        = 0x40081271
+	BLKFLSBUF                        = 0x1261
+	BLKFRAGET                        = 0x1265
+	BLKFRASET                        = 0x1264
+	BLKGETSIZE                       = 0x1260
+	BLKGETSIZE64                     = 0x80081272
+	BLKPBSZGET                       = 0x127b
+	BLKRAGET                         = 0x1263
+	BLKRASET                         = 0x1262
+	BLKROGET                         = 0x125e
+	BLKROSET                         = 0x125d
+	BLKRRPART                        = 0x125f
+	BLKSECTGET                       = 0x1267
+	BLKSECTSET                       = 0x1266
+	BLKSSZGET                        = 0x1268
+	BOTHER                           = 0x1000
+	BS1                              = 0x2000
+	BSDLY                            = 0x2000
+	CBAUD                            = 0x100f
+	CBAUDEX                          = 0x1000
+	CIBAUD                           = 0x100f0000
+	CLOCAL                           = 0x800
+	CR1                              = 0x200
+	CR2                              = 0x400
+	CR3                              = 0x600
+	CRDLY                            = 0x600
+	CREAD                            = 0x80
+	CS6                              = 0x10
+	CS7                              = 0x20
+	CS8                              = 0x30
+	CSIZE                            = 0x30
+	CSTOPB                           = 0x40
+	ECHOCTL                          = 0x200
+	ECHOE                            = 0x10
+	ECHOK                            = 0x20
+	ECHOKE                           = 0x800
+	ECHONL                           = 0x40
+	ECHOPRT                          = 0x400
+	EFD_CLOEXEC                      = 0x80000
+	EFD_NONBLOCK                     = 0x800
+	EPOLL_CLOEXEC                    = 0x80000
+	EXTPROC                          = 0x10000
+	FF1                              = 0x8000
+	FFDLY                            = 0x8000
+	FICLONE                          = 0x40049409
+	FICLONERANGE                     = 0x4020940d
+	FLUSHO                           = 0x1000
+	FP_XSTATE_MAGIC2                 = 0x46505845
+	FS_IOC_ENABLE_VERITY             = 0x40806685
+	FS_IOC_GETFLAGS                  = 0x80086601
+	FS_IOC_GET_ENCRYPTION_NONCE      = 0x8010661b
+	FS_IOC_GET_ENCRYPTION_POLICY     = 0x400c6615
+	FS_IOC_GET_ENCRYPTION_PWSALT     = 0x40106614
+	FS_IOC_SETFLAGS                  = 0x40086602
+	FS_IOC_SET_ENCRYPTION_POLICY     = 0x800c6613
+	F_GETLK                          = 0x5
+	F_GETLK64                        = 0x5
+	F_GETOWN                         = 0x9
+	F_RDLCK                          = 0x0
+	F_SETLK                          = 0x6
+	F_SETLK64                        = 0x6
+	F_SETLKW                         = 0x7
+	F_SETLKW64                       = 0x7
+	F_SETOWN                         = 0x8
+	F_UNLCK                          = 0x2
+	F_WRLCK                          = 0x1
+	HUPCL                            = 0x400
+	ICANON                           = 0x2
+	IEXTEN                           = 0x8000
+	IN_CLOEXEC                       = 0x80000
+	IN_NONBLOCK                      = 0x800
+	IOCTL_VM_SOCKETS_GET_LOCAL_CID   = 0x7b9
+	ISIG                             = 0x1
+	IUCLC                            = 0x200
+	IXOFF                            = 0x1000
+	IXON                             = 0x400
+	MAP_32BIT                        = 0x40
+	MAP_ANON                         = 0x20
+	MAP_ANONYMOUS                    = 0x20
+	MAP_DENYWRITE                    = 0x800
+	MAP_EXECUTABLE                   = 0x1000
+	MAP_GROWSDOWN                    = 0x100
+	MAP_HUGETLB                      = 0x40000
+	MAP_LOCKED                       = 0x2000
+	MAP_NONBLOCK                     = 0x10000
+	MAP_NORESERVE                    = 0x4000
+	MAP_POPULATE                     = 0x8000
+	MAP_STACK                        = 0x20000
+	MAP_SYNC                         = 0x80000
+	MCL_CURRENT                      = 0x1
+	MCL_FUTURE                       = 0x2
+	MCL_ONFAULT                      = 0x4
+	NFDBITS                          = 0x40
+	NLDLY                            = 0x100
+	NOFLSH                           = 0x80
+	NS_GET_NSTYPE                    = 0xb703
+	NS_GET_OWNER_UID                 = 0xb704
+	NS_GET_PARENT                    = 0xb702
+	NS_GET_USERNS                    = 0xb701
+	OLCUC                            = 0x2
+	ONLCR                            = 0x4
+	O_APPEND                         = 0x400
+	O_ASYNC                          = 0x2000
+	O_CLOEXEC                        = 0x80000
+	O_CREAT                          = 0x40
+	O_DIRECT                         = 0x4000
+	O_DIRECTORY                      = 0x10000
+	O_DSYNC                          = 0x1000
+	O_EXCL                           = 0x80
+	O_FSYNC                          = 0x101000
+	O_LARGEFILE                      = 0x0
+	O_NDELAY                         = 0x800
+	O_NOATIME                        = 0x40000
+	O_NOCTTY                         = 0x100
+	O_NOFOLLOW                       = 0x20000
+	O_NONBLOCK                       = 0x800
+	O_PATH                           = 0x200000
+	O_RSYNC                          = 0x101000
+	O_SYNC                           = 0x101000
+	O_TMPFILE                        = 0x410000
+	O_TRUNC                          = 0x200
+	PARENB                           = 0x100
+	PARODD                           = 0x200
+	PENDIN                           = 0x4000
+	PERF_EVENT_IOC_DISABLE           = 0x2401
+	PERF_EVENT_IOC_ENABLE            = 0x2400
+	PERF_EVENT_IOC_ID                = 0x80082407
+	PERF_EVENT_IOC_MODIFY_ATTRIBUTES = 0x4008240b
+	PERF_EVENT_IOC_PAUSE_OUTPUT      = 0x40042409
+	PERF_EVENT_IOC_PERIOD            = 0x40082404
+	PERF_EVENT_IOC_QUERY_BPF         = 0xc008240a
+	PERF_EVENT_IOC_REFRESH           = 0x2402
+	PERF_EVENT_IOC_RESET             = 0x2403
+	PERF_EVENT_IOC_SET_BPF           = 0x40042408
+	PERF_EVENT_IOC_SET_FILTER        = 0x40082406
+	PERF_EVENT_IOC_SET_OUTPUT        = 0x2405
+	PPPIOCATTACH                     = 0x4004743d
+	PPPIOCATTCHAN                    = 0x40047438
+	PPPIOCCONNECT                    = 0x4004743a
+	PPPIOCDETACH                     = 0x4004743c
+	PPPIOCDISCONN                    = 0x7439
+	PPPIOCGASYNCMAP                  = 0x80047458
+	PPPIOCGCHAN                      = 0x80047437
+	PPPIOCGDEBUG                     = 0x80047441
+	PPPIOCGFLAGS                     = 0x8004745a
+	PPPIOCGIDLE                      = 0x8010743f
+	PPPIOCGIDLE32                    = 0x8008743f
+	PPPIOCGIDLE64                    = 0x8010743f
+	PPPIOCGL2TPSTATS                 = 0x80487436
+	PPPIOCGMRU                       = 0x80047453
+	PPPIOCGRASYNCMAP                 = 0x80047455
+	PPPIOCGUNIT                      = 0x80047456
+	PPPIOCGXASYNCMAP                 = 0x80207450
+	PPPIOCSACTIVE                    = 0x40107446
+	PPPIOCSASYNCMAP                  = 0x40047457
+	PPPIOCSCOMPRESS                  = 0x4010744d
+	PPPIOCSDEBUG                     = 0x40047440
+	PPPIOCSFLAGS                     = 0x40047459
+	PPPIOCSMAXCID                    = 0x40047451
+	PPPIOCSMRRU                      = 0x4004743b
+	PPPIOCSMRU                       = 0x40047452
+	PPPIOCSNPMODE                    = 0x4008744b
+	PPPIOCSPASS                      = 0x40107447
+	PPPIOCSRASYNCMAP                 = 0x40047454
+	PPPIOCSXASYNCMAP                 = 0x4020744f
+	PPPIOCXFERUNIT                   = 0x744e
+	PR_SET_PTRACER_ANY               = 0xffffffffffffffff
+	PTRACE_ARCH_PRCTL                = 0x1e
+	PTRACE_GETFPREGS                 = 0xe
+	PTRACE_GETFPXREGS                = 0x12
+	PTRACE_GET_THREAD_AREA           = 0x19
+	PTRACE_OLDSETOPTIONS             = 0x15
+	PTRACE_SETFPREGS                 = 0xf
+	PTRACE_SETFPXREGS                = 0x13
+	PTRACE_SET_THREAD_AREA           = 0x1a
+	PTRACE_SINGLEBLOCK               = 0x21
+	PTRACE_SYSEMU                    = 0x1f
+	PTRACE_SYSEMU_SINGLESTEP         = 0x20
+	RLIMIT_AS                        = 0x9
+	RLIMIT_MEMLOCK                   = 0x8
+	RLIMIT_NOFILE                    = 0x7
+	RLIMIT_NPROC                     = 0x6
+	RLIMIT_RSS                       = 0x5
+	RNDADDENTROPY                    = 0x40085203
+	RNDADDTOENTCNT                   = 0x40045201
+	RNDCLEARPOOL                     = 0x5206
+	RNDGETENTCNT                     = 0x80045200
+	RNDGETPOOL                       = 0x80085202
+	RNDRESEEDCRNG                    = 0x5207
+	RNDZAPENTCNT                     = 0x5204
+	RTC_AIE_OFF                      = 0x7002
+	RTC_AIE_ON                       = 0x7001
+	RTC_ALM_READ                     = 0x80247008
+	RTC_ALM_SET                      = 0x40247007
+	RTC_EPOCH_READ                   = 0x8008700d
+	RTC_EPOCH_SET                    = 0x4008700e
+	RTC_IRQP_READ                    = 0x8008700b
+	RTC_IRQP_SET                     = 0x4008700c
+	RTC_PIE_OFF                      = 0x7006
+	RTC_PIE_ON                       = 0x7005
+	RTC_PLL_GET                      = 0x80207011
+	RTC_PLL_SET                      = 0x40207012
+	RTC_RD_TIME                      = 0x80247009
+	RTC_SET_TIME                     = 0x4024700a
+	RTC_UIE_OFF                      = 0x7004
+	RTC_UIE_ON                       = 0x7003
+	RTC_VL_CLR                       = 0x7014
+	RTC_VL_READ                      = 0x80047013
+	RTC_WIE_OFF                      = 0x7010
+	RTC_WIE_ON                       = 0x700f
+	RTC_WKALM_RD                     = 0x80287010
+	RTC_WKALM_SET                    = 0x4028700f
+	SCM_TIMESTAMPING                 = 0x25
+	SCM_TIMESTAMPING_OPT_STATS       = 0x36
+	SCM_TIMESTAMPING_PKTINFO         = 0x3a
+	SCM_TIMESTAMPNS                  = 0x23
+	SCM_TXTIME                       = 0x3d
+	SCM_WIFI_STATUS                  = 0x29
+	SFD_CLOEXEC                      = 0x80000
+	SFD_NONBLOCK                     = 0x800
+	SIOCATMARK                       = 0x8905
+	SIOCGPGRP                        = 0x8904
+	SIOCGSTAMPNS_NEW                 = 0x80108907
+	SIOCGSTAMP_NEW                   = 0x80108906
+	SIOCINQ                          = 0x541b
+	SIOCOUTQ                         = 0x5411
+	SIOCSPGRP                        = 0x8902
+	SOCK_CLOEXEC                     = 0x80000
+	SOCK_DGRAM                       = 0x2
+	SOCK_NONBLOCK                    = 0x800
+	SOCK_STREAM                      = 0x1
+	SOL_SOCKET                       = 0x1
+	SO_ACCEPTCONN                    = 0x1e
+	SO_ATTACH_BPF                    = 0x32
+	SO_ATTACH_REUSEPORT_CBPF         = 0x33
+	SO_ATTACH_REUSEPORT_EBPF         = 0x34
+	SO_BINDTODEVICE                  = 0x19
+	SO_BINDTOIFINDEX                 = 0x3e
+	SO_BPF_EXTENSIONS                = 0x30
+	SO_BROADCAST                     = 0x6
+	SO_BSDCOMPAT                     = 0xe
+	SO_BUSY_POLL                     = 0x2e
+	SO_CNX_ADVICE                    = 0x35
+	SO_COOKIE                        = 0x39
+	SO_DETACH_REUSEPORT_BPF          = 0x44
+	SO_DOMAIN                        = 0x27
+	SO_DONTROUTE                     = 0x5
+	SO_ERROR                         = 0x4
+	SO_INCOMING_CPU                  = 0x31
+	SO_INCOMING_NAPI_ID              = 0x38
+	SO_KEEPALIVE                     = 0x9
+	SO_LINGER                        = 0xd
+	SO_LOCK_FILTER                   = 0x2c
+	SO_MARK                          = 0x24
+	SO_MAX_PACING_RATE               = 0x2f
+	SO_MEMINFO                       = 0x37
+	SO_NOFCS                         = 0x2b
+	SO_OOBINLINE                     = 0xa
+	SO_PASSCRED                      = 0x10
+	SO_PASSSEC                       = 0x22
+	SO_PEEK_OFF                      = 0x2a
+	SO_PEERCRED                      = 0x11
+	SO_PEERGROUPS                    = 0x3b
+	SO_PEERSEC                       = 0x1f
+	SO_PROTOCOL                      = 0x26
+	SO_RCVBUF                        = 0x8
+	SO_RCVBUFFORCE                   = 0x21
+	SO_RCVLOWAT                      = 0x12
+	SO_RCVTIMEO                      = 0x14
+	SO_RCVTIMEO_NEW                  = 0x42
+	SO_RCVTIMEO_OLD                  = 0x14
+	SO_REUSEADDR                     = 0x2
+	SO_REUSEPORT                     = 0xf
+	SO_RXQ_OVFL                      = 0x28
+	SO_SECURITY_AUTHENTICATION       = 0x16
+	SO_SECURITY_ENCRYPTION_NETWORK   = 0x18
+	SO_SECURITY_ENCRYPTION_TRANSPORT = 0x17
+	SO_SELECT_ERR_QUEUE              = 0x2d
+	SO_SNDBUF                        = 0x7
+	SO_SNDBUFFORCE                   = 0x20
+	SO_SNDLOWAT                      = 0x13
+	SO_SNDTIMEO                      = 0x15
+	SO_SNDTIMEO_NEW                  = 0x43
+	SO_SNDTIMEO_OLD                  = 0x15
+	SO_TIMESTAMPING                  = 0x25
+	SO_TIMESTAMPING_NEW              = 0x41
+	SO_TIMESTAMPING_OLD              = 0x25
+	SO_TIMESTAMPNS                   = 0x23
+	SO_TIMESTAMPNS_NEW               = 0x40
+	SO_TIMESTAMPNS_OLD               = 0x23
+	SO_TIMESTAMP_NEW                 = 0x3f
+	SO_TXTIME                        = 0x3d
+	SO_TYPE                          = 0x3
+	SO_WIFI_STATUS                   = 0x29
+	SO_ZEROCOPY                      = 0x3c
+	TAB1                             = 0x800
+	TAB2                             = 0x1000
+	TAB3                             = 0x1800
+	TABDLY                           = 0x1800
+	TCFLSH                           = 0x540b
+	TCGETA                           = 0x5405
+	TCGETS                           = 0x5401
+	TCGETS2                          = 0x802c542a
+	TCGETX                           = 0x5432
+	TCSAFLUSH                        = 0x2
+	TCSBRK                           = 0x5409
+	TCSBRKP                          = 0x5425
+	TCSETA                           = 0x5406
+	TCSETAF                          = 0x5408
+	TCSETAW                          = 0x5407
+	TCSETS                           = 0x5402
+	TCSETS2                          = 0x402c542b
+	TCSETSF                          = 0x5404
+	TCSETSF2                         = 0x402c542d
+	TCSETSW                          = 0x5403
+	TCSETSW2                         = 0x402c542c
+	TCSETX                           = 0x5433
+	TCSETXF                          = 0x5434
+	TCSETXW                          = 0x5435
+	TCXONC                           = 0x540a
+	TFD_CLOEXEC                      = 0x80000
+	TFD_NONBLOCK                     = 0x800
+	TIOCCBRK                         = 0x5428
+	TIOCCONS                         = 0x541d
+	TIOCEXCL                         = 0x540c
+	TIOCGDEV                         = 0x80045432
+	TIOCGETD                         = 0x5424
+	TIOCGEXCL                        = 0x80045440
+	TIOCGICOUNT                      = 0x545d
+	TIOCGISO7816                     = 0x80285442
+	TIOCGLCKTRMIOS                   = 0x5456
+	TIOCGPGRP                        = 0x540f
+	TIOCGPKT                         = 0x80045438
+	TIOCGPTLCK                       = 0x80045439
+	TIOCGPTN                         = 0x80045430
+	TIOCGPTPEER                      = 0x5441
+	TIOCGRS485                       = 0x542e
+	TIOCGSERIAL                      = 0x541e
+	TIOCGSID                         = 0x5429
+	TIOCGSOFTCAR                     = 0x5419
+	TIOCGWINSZ                       = 0x5413
+	TIOCINQ                          = 0x541b
+	TIOCLINUX                        = 0x541c
+	TIOCMBIC                         = 0x5417
+	TIOCMBIS                         = 0x5416
+	TIOCMGET                         = 0x5415
+	TIOCMIWAIT                       = 0x545c
+	TIOCMSET                         = 0x5418
+	TIOCM_CAR                        = 0x40
+	TIOCM_CD                         = 0x40
+	TIOCM_CTS                        = 0x20
+	TIOCM_DSR                        = 0x100
+	TIOCM_RI                         = 0x80
+	TIOCM_RNG                        = 0x80
+	TIOCM_SR                         = 0x10
+	TIOCM_ST                         = 0x8
+	TIOCNOTTY                        = 0x5422
+	TIOCNXCL                         = 0x540d
+	TIOCOUTQ                         = 0x5411
+	TIOCPKT                          = 0x5420
+	TIOCSBRK                         = 0x5427
+	TIOCSCTTY                        = 0x540e
+	TIOCSERCONFIG                    = 0x5453
+	TIOCSERGETLSR                    = 0x5459
+	TIOCSERGETMULTI                  = 0x545a
+	TIOCSERGSTRUCT                   = 0x5458
+	TIOCSERGWILD                     = 0x5454
+	TIOCSERSETMULTI                  = 0x545b
+	TIOCSERSWILD                     = 0x5455
+	TIOCSER_TEMT                     = 0x1
+	TIOCSETD                         = 0x5423
+	TIOCSIG                          = 0x40045436
+	TIOCSISO7816                     = 0xc0285443
+	TIOCSLCKTRMIOS                   = 0x5457
+	TIOCSPGRP                        = 0x5410
+	TIOCSPTLCK                       = 0x40045431
+	TIOCSRS485                       = 0x542f
+	TIOCSSERIAL                      = 0x541f
+	TIOCSSOFTCAR                     = 0x541a
+	TIOCSTI                          = 0x5412
+	TIOCSWINSZ                       = 0x5414
+	TIOCVHANGUP                      = 0x5437
+	TOSTOP                           = 0x100
+	TUNATTACHFILTER                  = 0x401054d5
+	TUNDETACHFILTER                  = 0x401054d6
+	TUNGETDEVNETNS                   = 0x54e3
+	TUNGETFEATURES                   = 0x800454cf
+	TUNGETFILTER                     = 0x801054db
+	TUNGETIFF                        = 0x800454d2
+	TUNGETSNDBUF                     = 0x800454d3
+	TUNGETVNETBE                     = 0x800454df
+	TUNGETVNETHDRSZ                  = 0x800454d7
+	TUNGETVNETLE                     = 0x800454dd
+	TUNSETCARRIER                    = 0x400454e2
+	TUNSETDEBUG                      = 0x400454c9
+	TUNSETFILTEREBPF                 = 0x800454e1
+	TUNSETGROUP                      = 0x400454ce
+	TUNSETIFF                        = 0x400454ca
+	TUNSETIFINDEX                    = 0x400454da
+	TUNSETLINK                       = 0x400454cd
+	TUNSETNOCSUM                     = 0x400454c8
+	TUNSETOFFLOAD                    = 0x400454d0
+	TUNSETOWNER                      = 0x400454cc
+	TUNSETPERSIST                    = 0x400454cb
+	TUNSETQUEUE                      = 0x400454d9
+	TUNSETSNDBUF                     = 0x400454d4
+	TUNSETSTEERINGEBPF               = 0x800454e0
+	TUNSETTXFILTER                   = 0x400454d1
+	TUNSETVNETBE                     = 0x400454de
+	TUNSETVNETHDRSZ                  = 0x400454d8
+	TUNSETVNETLE                     = 0x400454dc
+	UBI_IOCATT                       = 0x40186f40
+	UBI_IOCDET                       = 0x40046f41
+	UBI_IOCEBCH                      = 0x40044f02
+	UBI_IOCEBER                      = 0x40044f01
+	UBI_IOCEBISMAP                   = 0x80044f05
+	UBI_IOCEBMAP                     = 0x40084f03
+	UBI_IOCEBUNMAP                   = 0x40044f04
+	UBI_IOCMKVOL                     = 0x40986f00
+	UBI_IOCRMVOL                     = 0x40046f01
+	UBI_IOCRNVOL                     = 0x51106f03
+	UBI_IOCRPEB                      = 0x40046f04
+	UBI_IOCRSVOL                     = 0x400c6f02
+	UBI_IOCSETVOLPROP                = 0x40104f06
+	UBI_IOCSPEB                      = 0x40046f05
+	UBI_IOCVOLCRBLK                  = 0x40804f07
+	UBI_IOCVOLRMBLK                  = 0x4f08
+	UBI_IOCVOLUP                     = 0x40084f00
+	VDISCARD                         = 0xd
+	VEOF                             = 0x4
+	VEOL                             = 0xb
+	VEOL2                            = 0x10
+	VMIN                             = 0x6
+	VREPRINT                         = 0xc
+	VSTART                           = 0x8
+	VSTOP                            = 0x9
+	VSUSP                            = 0xa
+	VSWTC                            = 0x7
+	VT1                              = 0x4000
+	VTDLY                            = 0x4000
+	VTIME                            = 0x5
+	VWERASE                          = 0xe
+	WDIOC_GETBOOTSTATUS              = 0x80045702
+	WDIOC_GETPRETIMEOUT              = 0x80045709
+	WDIOC_GETSTATUS                  = 0x80045701
+	WDIOC_GETSUPPORT                 = 0x80285700
+	WDIOC_GETTEMP                    = 0x80045703
+	WDIOC_GETTIMELEFT                = 0x8004570a
+	WDIOC_GETTIMEOUT                 = 0x80045707
+	WDIOC_KEEPALIVE                  = 0x80045705
+	WDIOC_SETOPTIONS                 = 0x80045704
+	WORDSIZE                         = 0x40
+	XCASE                            = 0x4
+	XTABS                            = 0x1800
+)
+
+// Errors
+const (
+	EADDRINUSE      = syscall.Errno(0x62)
+	EADDRNOTAVAIL   = syscall.Errno(0x63)
+	EADV            = syscall.Errno(0x44)
+	EAFNOSUPPORT    = syscall.Errno(0x61)
+	EALREADY        = syscall.Errno(0x72)
+	EBADE           = syscall.Errno(0x34)
+	EBADFD          = syscall.Errno(0x4d)
+	EBADMSG         = syscall.Errno(0x4a)
+	EBADR           = syscall.Errno(0x35)
+	EBADRQC         = syscall.Errno(0x38)
+	EBADSLT         = syscall.Errno(0x39)
+	EBFONT          = syscall.Errno(0x3b)
+	ECANCELED       = syscall.Errno(0x7d)
+	ECHRNG          = syscall.Errno(0x2c)
+	ECOMM           = syscall.Errno(0x46)
+	ECONNABORTED    = syscall.Errno(0x67)
+	ECONNREFUSED    = syscall.Errno(0x6f)
+	ECONNRESET      = syscall.Errno(0x68)
+	EDEADLK         = syscall.Errno(0x23)
+	EDEADLOCK       = syscall.Errno(0x23)
+	EDESTADDRREQ    = syscall.Errno(0x59)
+	EDOTDOT         = syscall.Errno(0x49)
+	EDQUOT          = syscall.Errno(0x7a)
+	EHOSTDOWN       = syscall.Errno(0x70)
+	EHOSTUNREACH    = syscall.Errno(0x71)
+	EHWPOISON       = syscall.Errno(0x85)
+	EIDRM           = syscall.Errno(0x2b)
+	EILSEQ          = syscall.Errno(0x54)
+	EINPROGRESS     = syscall.Errno(0x73)
+	EISCONN         = syscall.Errno(0x6a)
+	EISNAM          = syscall.Errno(0x78)
+	EKEYEXPIRED     = syscall.Errno(0x7f)
+	EKEYREJECTED    = syscall.Errno(0x81)
+	EKEYREVOKED     = syscall.Errno(0x80)
+	EL2HLT          = syscall.Errno(0x33)
+	EL2NSYNC        = syscall.Errno(0x2d)
+	EL3HLT          = syscall.Errno(0x2e)
+	EL3RST          = syscall.Errno(0x2f)
+	ELIBACC         = syscall.Errno(0x4f)
+	ELIBBAD         = syscall.Errno(0x50)
+	ELIBEXEC        = syscall.Errno(0x53)
+	ELIBMAX         = syscall.Errno(0x52)
+	ELIBSCN         = syscall.Errno(0x51)
+	ELNRNG          = syscall.Errno(0x30)
+	ELOOP           = syscall.Errno(0x28)
+	EMEDIUMTYPE     = syscall.Errno(0x7c)
+	EMSGSIZE        = syscall.Errno(0x5a)
+	EMULTIHOP       = syscall.Errno(0x48)
+	ENAMETOOLONG    = syscall.Errno(0x24)
+	ENAVAIL         = syscall.Errno(0x77)
+	ENETDOWN        = syscall.Errno(0x64)
+	ENETRESET       = syscall.Errno(0x66)
+	ENETUNREACH     = syscall.Errno(0x65)
+	ENOANO          = syscall.Errno(0x37)
+	ENOBUFS         = syscall.Errno(0x69)
+	ENOCSI          = syscall.Errno(0x32)
+	ENODATA         = syscall.Errno(0x3d)
+	ENOKEY          = syscall.Errno(0x7e)
+	ENOLCK          = syscall.Errno(0x25)
+	ENOLINK         = syscall.Errno(0x43)
+	ENOMEDIUM       = syscall.Errno(0x7b)
+	ENOMSG          = syscall.Errno(0x2a)
+	ENONET          = syscall.Errno(0x40)
+	ENOPKG          = syscall.Errno(0x41)
+	ENOPROTOOPT     = syscall.Errno(0x5c)
+	ENOSR           = syscall.Errno(0x3f)
+	ENOSTR          = syscall.Errno(0x3c)
+	ENOSYS          = syscall.Errno(0x26)
+	ENOTCONN        = syscall.Errno(0x6b)
+	ENOTEMPTY       = syscall.Errno(0x27)
+	ENOTNAM         = syscall.Errno(0x76)
+	ENOTRECOVERABLE = syscall.Errno(0x83)
+	ENOTSOCK        = syscall.Errno(0x58)
+	ENOTSUP         = syscall.Errno(0x5f)
+	ENOTUNIQ        = syscall.Errno(0x4c)
+	EOPNOTSUPP      = syscall.Errno(0x5f)
+	EOVERFLOW       = syscall.Errno(0x4b)
+	EOWNERDEAD      = syscall.Errno(0x82)
+	EPFNOSUPPORT    = syscall.Errno(0x60)
+	EPROTO          = syscall.Errno(0x47)
+	EPROTONOSUPPORT = syscall.Errno(0x5d)
+	EPROTOTYPE      = syscall.Errno(0x5b)
+	EREMCHG         = syscall.Errno(0x4e)
+	EREMOTE         = syscall.Errno(0x42)
+	EREMOTEIO       = syscall.Errno(0x79)
+	ERESTART        = syscall.Errno(0x55)
+	ERFKILL         = syscall.Errno(0x84)
+	ESHUTDOWN       = syscall.Errno(0x6c)
+	ESOCKTNOSUPPORT = syscall.Errno(0x5e)
+	ESRMNT          = syscall.Errno(0x45)
+	ESTALE          = syscall.Errno(0x74)
+	ESTRPIPE        = syscall.Errno(0x56)
+	ETIME           = syscall.Errno(0x3e)
+	ETIMEDOUT       = syscall.Errno(0x6e)
+	ETOOMANYREFS    = syscall.Errno(0x6d)
+	EUCLEAN         = syscall.Errno(0x75)
+	EUNATCH         = syscall.Errno(0x31)
+	EUSERS          = syscall.Errno(0x57)
+	EXFULL          = syscall.Errno(0x36)
+)
+
+// Signals
+const (
+	SIGBUS    = syscall.Signal(0x7)
+	SIGCHLD   = syscall.Signal(0x11)
+	SIGCLD    = syscall.Signal(0x11)
+	SIGCONT   = syscall.Signal(0x12)
+	SIGIO     = syscall.Signal(0x1d)
+	SIGPOLL   = syscall.Signal(0x1d)
+	SIGPROF   = syscall.Signal(0x1b)
+	SIGPWR    = syscall.Signal(0x1e)
+	SIGSTKFLT = syscall.Signal(0x10)
+	SIGSTOP   = syscall.Signal(0x13)
+	SIGSYS    = syscall.Signal(0x1f)
+	SIGTSTP   = syscall.Signal(0x14)
+	SIGTTIN   = syscall.Signal(0x15)
+	SIGTTOU   = syscall.Signal(0x16)
+	SIGURG    = syscall.Signal(0x17)
+	SIGUSR1   = syscall.Signal(0xa)
+	SIGUSR2   = syscall.Signal(0xc)
+	SIGVTALRM = syscall.Signal(0x1a)
+	SIGWINCH  = syscall.Signal(0x1c)
+	SIGXCPU   = syscall.Signal(0x18)
+	SIGXFSZ   = syscall.Signal(0x19)
+)
+
+// Error table
+var errorList = [...]struct {
+	num  syscall.Errno
+	name string
+	desc string
+}{
+	{1, "EPERM", "operation not permitted"},
+	{2, "ENOENT", "no such file or directory"},
+	{3, "ESRCH", "no such process"},
+	{4, "EINTR", "interrupted system call"},
+	{5, "EIO", "input/output error"},
+	{6, "ENXIO", "no such device or address"},
+	{7, "E2BIG", "argument list too long"},
+	{8, "ENOEXEC", "exec format error"},
+	{9, "EBADF", "bad file descriptor"},
+	{10, "ECHILD", "no child processes"},
+	{11, "EAGAIN", "resource temporarily unavailable"},
+	{12, "ENOMEM", "cannot allocate memory"},
+	{13, "EACCES", "permission denied"},
+	{14, "EFAULT", "bad address"},
+	{15, "ENOTBLK", "block device required"},
+	{16, "EBUSY", "device or resource busy"},
+	{17, "EEXIST", "file exists"},
+	{18, "EXDEV", "invalid cross-device link"},
+	{19, "ENODEV", "no such device"},
+	{20, "ENOTDIR", "not a directory"},
+	{21, "EISDIR", "is a directory"},
+	{22, "EINVAL", "invalid argument"},
+	{23, "ENFILE", "too many open files in system"},
+	{24, "EMFILE", "too many open files"},
+	{25, "ENOTTY", "inappropriate ioctl for device"},
+	{26, "ETXTBSY", "text file busy"},
+	{27, "EFBIG", "file too large"},
+	{28, "ENOSPC", "no space left on device"},
+	{29, "ESPIPE", "illegal seek"},
+	{30, "EROFS", "read-only file system"},
+	{31, "EMLINK", "too many links"},
+	{32, "EPIPE", "broken pipe"},
+	{33, "EDOM", "numerical argument out of domain"},
+	{34, "ERANGE", "numerical result out of range"},
+	{35, "EDEADLK", "resource deadlock avoided"},
+	{36, "ENAMETOOLONG", "file name too long"},
+	{37, "ENOLCK", "no locks available"},
+	{38, "ENOSYS", "function not implemented"},
+	{39, "ENOTEMPTY", "directory not empty"},
+	{40, "ELOOP", "too many levels of symbolic links"},
+	{42, "ENOMSG", "no message of desired type"},
+	{43, "EIDRM", "identifier removed"},
+	{44, "ECHRNG", "channel number out of range"},
+	{45, "EL2NSYNC", "level 2 not synchronized"},
+	{46, "EL3HLT", "level 3 halted"},
+	{47, "EL3RST", "level 3 reset"},
+	{48, "ELNRNG", "link number out of range"},
+	{49, "EUNATCH", "protocol driver not attached"},
+	{50, "ENOCSI", "no CSI structure available"},
+	{51, "EL2HLT", "level 2 halted"},
+	{52, "EBADE", "invalid exchange"},
+	{53, "EBADR", "invalid request descriptor"},
+	{54, "EXFULL", "exchange full"},
+	{55, "ENOANO", "no anode"},
+	{56, "EBADRQC", "invalid request code"},
+	{57, "EBADSLT", "invalid slot"},
+	{59, "EBFONT", "bad font file format"},
+	{60, "ENOSTR", "device not a stream"},
+	{61, "ENODATA", "no data available"},
+	{62, "ETIME", "timer expired"},
+	{63, "ENOSR", "out of streams resources"},
+	{64, "ENONET", "machine is not on the network"},
+	{65, "ENOPKG", "package not installed"},
+	{66, "EREMOTE", "object is remote"},
+	{67, "ENOLINK", "link has been severed"},
+	{68, "EADV", "advertise error"},
+	{69, "ESRMNT", "srmount error"},
+	{70, "ECOMM", "communication error on send"},
+	{71, "EPROTO", "protocol error"},
+	{72, "EMULTIHOP", "multihop attempted"},
+	{73, "EDOTDOT", "RFS specific error"},
+	{74, "EBADMSG", "bad message"},
+	{75, "EOVERFLOW", "value too large for defined data type"},
+	{76, "ENOTUNIQ", "name not unique on network"},
+	{77, "EBADFD", "file descriptor in bad state"},
+	{78, "EREMCHG", "remote address changed"},
+	{79, "ELIBACC", "can not access a needed shared library"},
+	{80, "ELIBBAD", "accessing a corrupted shared library"},
+	{81, "ELIBSCN", ".lib section in a.out corrupted"},
+	{82, "ELIBMAX", "attempting to link in too many shared libraries"},
+	{83, "ELIBEXEC", "cannot exec a shared library directly"},
+	{84, "EILSEQ", "invalid or incomplete multibyte or wide character"},
+	{85, "ERESTART", "interrupted system call should be restarted"},
+	{86, "ESTRPIPE", "streams pipe error"},
+	{87, "EUSERS", "too many users"},
+	{88, "ENOTSOCK", "socket operation on non-socket"},
+	{89, "EDESTADDRREQ", "destination address required"},
+	{90, "EMSGSIZE", "message too long"},
+	{91, "EPROTOTYPE", "protocol wrong type for socket"},
+	{92, "ENOPROTOOPT", "protocol not available"},
+	{93, "EPROTONOSUPPORT", "protocol not supported"},
+	{94, "ESOCKTNOSUPPORT", "socket type not supported"},
+	{95, "ENOTSUP", "operation not supported"},
+	{96, "EPFNOSUPPORT", "protocol family not supported"},
+	{97, "EAFNOSUPPORT", "address family not supported by protocol"},
+	{98, "EADDRINUSE", "address already in use"},
+	{99, "EADDRNOTAVAIL", "cannot assign requested address"},
+	{100, "ENETDOWN", "network is down"},
+	{101, "ENETUNREACH", "network is unreachable"},
+	{102, "ENETRESET", "network dropped connection on reset"},
+	{103, "ECONNABORTED", "software caused connection abort"},
+	{104, "ECONNRESET", "connection reset by peer"},
+	{105, "ENOBUFS", "no buffer space available"},
+	{106, "EISCONN", "transport endpoint is already connected"},
+	{107, "ENOTCONN", "transport endpoint is not connected"},
+	{108, "ESHUTDOWN", "cannot send after transport endpoint shutdown"},
+	{109, "ETOOMANYREFS", "too many references: cannot splice"},
+	{110, "ETIMEDOUT", "connection timed out"},
+	{111, "ECONNREFUSED", "connection refused"},
+	{112, "EHOSTDOWN", "host is down"},
+	{113, "EHOSTUNREACH", "no route to host"},
+	{114, "EALREADY", "operation already in progress"},
+	{115, "EINPROGRESS", "operation now in progress"},
+	{116, "ESTALE", "stale file handle"},
+	{117, "EUCLEAN", "structure needs cleaning"},
+	{118, "ENOTNAM", "not a XENIX named type file"},
+	{119, "ENAVAIL", "no XENIX semaphores available"},
+	{120, "EISNAM", "is a named type file"},
+	{121, "EREMOTEIO", "remote I/O error"},
+	{122, "EDQUOT", "disk quota exceeded"},
+	{123, "ENOMEDIUM", "no medium found"},
+	{124, "EMEDIUMTYPE", "wrong medium type"},
+	{125, "ECANCELED", "operation canceled"},
+	{126, "ENOKEY", "required key not available"},
+	{127, "EKEYEXPIRED", "key has expired"},
+	{128, "EKEYREVOKED", "key has been revoked"},
+	{129, "EKEYREJECTED", "key was rejected by service"},
+	{130, "EOWNERDEAD", "owner died"},
+	{131, "ENOTRECOVERABLE", "state not recoverable"},
+	{132, "ERFKILL", "operation not possible due to RF-kill"},
+	{133, "EHWPOISON", "memory page has hardware error"},
+}
+
+// Signal table
+var signalList = [...]struct {
+	num  syscall.Signal
+	name string
+	desc string
+}{
+	{1, "SIGHUP", "hangup"},
+	{2, "SIGINT", "interrupt"},
+	{3, "SIGQUIT", "quit"},
+	{4, "SIGILL", "illegal instruction"},
+	{5, "SIGTRAP", "trace/breakpoint trap"},
+	{6, "SIGABRT", "aborted"},
+	{7, "SIGBUS", "bus error"},
+	{8, "SIGFPE", "floating point exception"},
+	{9, "SIGKILL", "killed"},
+	{10, "SIGUSR1", "user defined signal 1"},
+	{11, "SIGSEGV", "segmentation fault"},
+	{12, "SIGUSR2", "user defined signal 2"},
+	{13, "SIGPIPE", "broken pipe"},
+	{14, "SIGALRM", "alarm clock"},
+	{15, "SIGTERM", "terminated"},
+	{16, "SIGSTKFLT", "stack fault"},
+	{17, "SIGCHLD", "child exited"},
+	{18, "SIGCONT", "continued"},
+	{19, "SIGSTOP", "stopped (signal)"},
+	{20, "SIGTSTP", "stopped"},
+	{21, "SIGTTIN", "stopped (tty input)"},
+	{22, "SIGTTOU", "stopped (tty output)"},
+	{23, "SIGURG", "urgent I/O condition"},
+	{24, "SIGXCPU", "CPU time limit exceeded"},
+	{25, "SIGXFSZ", "file size limit exceeded"},
+	{26, "SIGVTALRM", "virtual timer expired"},
+	{27, "SIGPROF", "profiling timer expired"},
+	{28, "SIGWINCH", "window changed"},
+	{29, "SIGIO", "I/O possible"},
+	{30, "SIGPWR", "power failure"},
+	{31, "SIGSYS", "bad system call"},
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
new file mode 100644
index 000000000..fe7094f27
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
@@ -0,0 +1,796 @@
+// mkerrors.sh -Wall -Werror -static -I/tmp/include
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build arm,linux
+
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include _const.go
+
+package unix
+
+import "syscall"
+
+const (
+	B1000000                         = 0x1008
+	B115200                          = 0x1002
+	B1152000                         = 0x1009
+	B1500000                         = 0x100a
+	B2000000                         = 0x100b
+	B230400                          = 0x1003
+	B2500000                         = 0x100c
+	B3000000                         = 0x100d
+	B3500000                         = 0x100e
+	B4000000                         = 0x100f
+	B460800                          = 0x1004
+	B500000                          = 0x1005
+	B57600                           = 0x1001
+	B576000                          = 0x1006
+	B921600                          = 0x1007
+	BLKBSZGET                        = 0x80041270
+	BLKBSZSET                        = 0x40041271
+	BLKFLSBUF                        = 0x1261
+	BLKFRAGET                        = 0x1265
+	BLKFRASET                        = 0x1264
+	BLKGETSIZE                       = 0x1260
+	BLKGETSIZE64                     = 0x80041272
+	BLKPBSZGET                       = 0x127b
+	BLKRAGET                         = 0x1263
+	BLKRASET                         = 0x1262
+	BLKROGET                         = 0x125e
+	BLKROSET                         = 0x125d
+	BLKRRPART                        = 0x125f
+	BLKSECTGET                       = 0x1267
+	BLKSECTSET                       = 0x1266
+	BLKSSZGET                        = 0x1268
+	BOTHER                           = 0x1000
+	BS1                              = 0x2000
+	BSDLY                            = 0x2000
+	CBAUD                            = 0x100f
+	CBAUDEX                          = 0x1000
+	CIBAUD                           = 0x100f0000
+	CLOCAL                           = 0x800
+	CR1                              = 0x200
+	CR2                              = 0x400
+	CR3                              = 0x600
+	CRDLY                            = 0x600
+	CREAD                            = 0x80
+	CS6                              = 0x10
+	CS7                              = 0x20
+	CS8                              = 0x30
+	CSIZE                            = 0x30
+	CSTOPB                           = 0x40
+	ECHOCTL                          = 0x200
+	ECHOE                            = 0x10
+	ECHOK                            = 0x20
+	ECHOKE                           = 0x800
+	ECHONL                           = 0x40
+	ECHOPRT                          = 0x400
+	EFD_CLOEXEC                      = 0x80000
+	EFD_NONBLOCK                     = 0x800
+	EPOLL_CLOEXEC                    = 0x80000
+	EXTPROC                          = 0x10000
+	FF1                              = 0x8000
+	FFDLY                            = 0x8000
+	FICLONE                          = 0x40049409
+	FICLONERANGE                     = 0x4020940d
+	FLUSHO                           = 0x1000
+	FS_IOC_ENABLE_VERITY             = 0x40806685
+	FS_IOC_GETFLAGS                  = 0x80046601
+	FS_IOC_GET_ENCRYPTION_NONCE      = 0x8010661b
+	FS_IOC_GET_ENCRYPTION_POLICY     = 0x400c6615
+	FS_IOC_GET_ENCRYPTION_PWSALT     = 0x40106614
+	FS_IOC_SETFLAGS                  = 0x40046602
+	FS_IOC_SET_ENCRYPTION_POLICY     = 0x800c6613
+	F_GETLK                          = 0xc
+	F_GETLK64                        = 0xc
+	F_GETOWN                         = 0x9
+	F_RDLCK                          = 0x0
+	F_SETLK                          = 0xd
+	F_SETLK64                        = 0xd
+	F_SETLKW                         = 0xe
+	F_SETLKW64                       = 0xe
+	F_SETOWN                         = 0x8
+	F_UNLCK                          = 0x2
+	F_WRLCK                          = 0x1
+	HUPCL                            = 0x400
+	ICANON                           = 0x2
+	IEXTEN                           = 0x8000
+	IN_CLOEXEC                       = 0x80000
+	IN_NONBLOCK                      = 0x800
+	IOCTL_VM_SOCKETS_GET_LOCAL_CID   = 0x7b9
+	ISIG                             = 0x1
+	IUCLC                            = 0x200
+	IXOFF                            = 0x1000
+	IXON                             = 0x400
+	MAP_ANON                         = 0x20
+	MAP_ANONYMOUS                    = 0x20
+	MAP_DENYWRITE                    = 0x800
+	MAP_EXECUTABLE                   = 0x1000
+	MAP_GROWSDOWN                    = 0x100
+	MAP_HUGETLB                      = 0x40000
+	MAP_LOCKED                       = 0x2000
+	MAP_NONBLOCK                     = 0x10000
+	MAP_NORESERVE                    = 0x4000
+	MAP_POPULATE                     = 0x8000
+	MAP_STACK                        = 0x20000
+	MAP_SYNC                         = 0x80000
+	MCL_CURRENT                      = 0x1
+	MCL_FUTURE                       = 0x2
+	MCL_ONFAULT                      = 0x4
+	NFDBITS                          = 0x20
+	NLDLY                            = 0x100
+	NOFLSH                           = 0x80
+	NS_GET_NSTYPE                    = 0xb703
+	NS_GET_OWNER_UID                 = 0xb704
+	NS_GET_PARENT                    = 0xb702
+	NS_GET_USERNS                    = 0xb701
+	OLCUC                            = 0x2
+	ONLCR                            = 0x4
+	O_APPEND                         = 0x400
+	O_ASYNC                          = 0x2000
+	O_CLOEXEC                        = 0x80000
+	O_CREAT                          = 0x40
+	O_DIRECT                         = 0x10000
+	O_DIRECTORY                      = 0x4000
+	O_DSYNC                          = 0x1000
+	O_EXCL                           = 0x80
+	O_FSYNC                          = 0x101000
+	O_LARGEFILE                      = 0x20000
+	O_NDELAY                         = 0x800
+	O_NOATIME                        = 0x40000
+	O_NOCTTY                         = 0x100
+	O_NOFOLLOW                       = 0x8000
+	O_NONBLOCK                       = 0x800
+	O_PATH                           = 0x200000
+	O_RSYNC                          = 0x101000
+	O_SYNC                           = 0x101000
+	O_TMPFILE                        = 0x404000
+	O_TRUNC                          = 0x200
+	PARENB                           = 0x100
+	PARODD                           = 0x200
+	PENDIN                           = 0x4000
+	PERF_EVENT_IOC_DISABLE           = 0x2401
+	PERF_EVENT_IOC_ENABLE            = 0x2400
+	PERF_EVENT_IOC_ID                = 0x80042407
+	PERF_EVENT_IOC_MODIFY_ATTRIBUTES = 0x4004240b
+	PERF_EVENT_IOC_PAUSE_OUTPUT      = 0x40042409
+	PERF_EVENT_IOC_PERIOD            = 0x40082404
+	PERF_EVENT_IOC_QUERY_BPF         = 0xc004240a
+	PERF_EVENT_IOC_REFRESH           = 0x2402
+	PERF_EVENT_IOC_RESET             = 0x2403
+	PERF_EVENT_IOC_SET_BPF           = 0x40042408
+	PERF_EVENT_IOC_SET_FILTER        = 0x40042406
+	PERF_EVENT_IOC_SET_OUTPUT        = 0x2405
+	PPPIOCATTACH                     = 0x4004743d
+	PPPIOCATTCHAN                    = 0x40047438
+	PPPIOCCONNECT                    = 0x4004743a
+	PPPIOCDETACH                     = 0x4004743c
+	PPPIOCDISCONN                    = 0x7439
+	PPPIOCGASYNCMAP                  = 0x80047458
+	PPPIOCGCHAN                      = 0x80047437
+	PPPIOCGDEBUG                     = 0x80047441
+	PPPIOCGFLAGS                     = 0x8004745a
+	PPPIOCGIDLE                      = 0x8008743f
+	PPPIOCGIDLE32                    = 0x8008743f
+	PPPIOCGIDLE64                    = 0x8010743f
+	PPPIOCGL2TPSTATS                 = 0x80487436
+	PPPIOCGMRU                       = 0x80047453
+	PPPIOCGRASYNCMAP                 = 0x80047455
+	PPPIOCGUNIT                      = 0x80047456
+	PPPIOCGXASYNCMAP                 = 0x80207450
+	PPPIOCSACTIVE                    = 0x40087446
+	PPPIOCSASYNCMAP                  = 0x40047457
+	PPPIOCSCOMPRESS                  = 0x400c744d
+	PPPIOCSDEBUG                     = 0x40047440
+	PPPIOCSFLAGS                     = 0x40047459
+	PPPIOCSMAXCID                    = 0x40047451
+	PPPIOCSMRRU                      = 0x4004743b
+	PPPIOCSMRU                       = 0x40047452
+	PPPIOCSNPMODE                    = 0x4008744b
+	PPPIOCSPASS                      = 0x40087447
+	PPPIOCSRASYNCMAP                 = 0x40047454
+	PPPIOCSXASYNCMAP                 = 0x4020744f
+	PPPIOCXFERUNIT                   = 0x744e
+	PR_SET_PTRACER_ANY               = 0xffffffff
+	PTRACE_GETCRUNCHREGS             = 0x19
+	PTRACE_GETFDPIC                  = 0x1f
+	PTRACE_GETFDPIC_EXEC             = 0x0
+	PTRACE_GETFDPIC_INTERP           = 0x1
+	PTRACE_GETFPREGS                 = 0xe
+	PTRACE_GETHBPREGS                = 0x1d
+	PTRACE_GETVFPREGS                = 0x1b
+	PTRACE_GETWMMXREGS               = 0x12
+	PTRACE_GET_THREAD_AREA           = 0x16
+	PTRACE_OLDSETOPTIONS             = 0x15
+	PTRACE_SETCRUNCHREGS             = 0x1a
+	PTRACE_SETFPREGS                 = 0xf
+	PTRACE_SETHBPREGS                = 0x1e
+	PTRACE_SETVFPREGS                = 0x1c
+	PTRACE_SETWMMXREGS               = 0x13
+	PTRACE_SET_SYSCALL               = 0x17
+	PT_DATA_ADDR                     = 0x10004
+	PT_TEXT_ADDR                     = 0x10000
+	PT_TEXT_END_ADDR                 = 0x10008
+	RLIMIT_AS                        = 0x9
+	RLIMIT_MEMLOCK                   = 0x8
+	RLIMIT_NOFILE                    = 0x7
+	RLIMIT_NPROC                     = 0x6
+	RLIMIT_RSS                       = 0x5
+	RNDADDENTROPY                    = 0x40085203
+	RNDADDTOENTCNT                   = 0x40045201
+	RNDCLEARPOOL                     = 0x5206
+	RNDGETENTCNT                     = 0x80045200
+	RNDGETPOOL                       = 0x80085202
+	RNDRESEEDCRNG                    = 0x5207
+	RNDZAPENTCNT                     = 0x5204
+	RTC_AIE_OFF                      = 0x7002
+	RTC_AIE_ON                       = 0x7001
+	RTC_ALM_READ                     = 0x80247008
+	RTC_ALM_SET                      = 0x40247007
+	RTC_EPOCH_READ                   = 0x8004700d
+	RTC_EPOCH_SET                    = 0x4004700e
+	RTC_IRQP_READ                    = 0x8004700b
+	RTC_IRQP_SET                     = 0x4004700c
+	RTC_PIE_OFF                      = 0x7006
+	RTC_PIE_ON                       = 0x7005
+	RTC_PLL_GET                      = 0x801c7011
+	RTC_PLL_SET                      = 0x401c7012
+	RTC_RD_TIME                      = 0x80247009
+	RTC_SET_TIME                     = 0x4024700a
+	RTC_UIE_OFF                      = 0x7004
+	RTC_UIE_ON                       = 0x7003
+	RTC_VL_CLR                       = 0x7014
+	RTC_VL_READ                      = 0x80047013
+	RTC_WIE_OFF                      = 0x7010
+	RTC_WIE_ON                       = 0x700f
+	RTC_WKALM_RD                     = 0x80287010
+	RTC_WKALM_SET                    = 0x4028700f
+	SCM_TIMESTAMPING                 = 0x25
+	SCM_TIMESTAMPING_OPT_STATS       = 0x36
+	SCM_TIMESTAMPING_PKTINFO         = 0x3a
+	SCM_TIMESTAMPNS                  = 0x23
+	SCM_TXTIME                       = 0x3d
+	SCM_WIFI_STATUS                  = 0x29
+	SFD_CLOEXEC                      = 0x80000
+	SFD_NONBLOCK                     = 0x800
+	SIOCATMARK                       = 0x8905
+	SIOCGPGRP                        = 0x8904
+	SIOCGSTAMPNS_NEW                 = 0x80108907
+	SIOCGSTAMP_NEW                   = 0x80108906
+	SIOCINQ                          = 0x541b
+	SIOCOUTQ                         = 0x5411
+	SIOCSPGRP                        = 0x8902
+	SOCK_CLOEXEC                     = 0x80000
+	SOCK_DGRAM                       = 0x2
+	SOCK_NONBLOCK                    = 0x800
+	SOCK_STREAM                      = 0x1
+	SOL_SOCKET                       = 0x1
+	SO_ACCEPTCONN                    = 0x1e
+	SO_ATTACH_BPF                    = 0x32
+	SO_ATTACH_REUSEPORT_CBPF         = 0x33
+	SO_ATTACH_REUSEPORT_EBPF         = 0x34
+	SO_BINDTODEVICE                  = 0x19
+	SO_BINDTOIFINDEX                 = 0x3e
+	SO_BPF_EXTENSIONS                = 0x30
+	SO_BROADCAST                     = 0x6
+	SO_BSDCOMPAT                     = 0xe
+	SO_BUSY_POLL                     = 0x2e
+	SO_CNX_ADVICE                    = 0x35
+	SO_COOKIE                        = 0x39
+	SO_DETACH_REUSEPORT_BPF          = 0x44
+	SO_DOMAIN                        = 0x27
+	SO_DONTROUTE                     = 0x5
+	SO_ERROR                         = 0x4
+	SO_INCOMING_CPU                  = 0x31
+	SO_INCOMING_NAPI_ID              = 0x38
+	SO_KEEPALIVE                     = 0x9
+	SO_LINGER                        = 0xd
+	SO_LOCK_FILTER                   = 0x2c
+	SO_MARK                          = 0x24
+	SO_MAX_PACING_RATE               = 0x2f
+	SO_MEMINFO                       = 0x37
+	SO_NOFCS                         = 0x2b
+	SO_OOBINLINE                     = 0xa
+	SO_PASSCRED                      = 0x10
+	SO_PASSSEC                       = 0x22
+	SO_PEEK_OFF                      = 0x2a
+	SO_PEERCRED                      = 0x11
+	SO_PEERGROUPS                    = 0x3b
+	SO_PEERSEC                       = 0x1f
+	SO_PROTOCOL                      = 0x26
+	SO_RCVBUF                        = 0x8
+	SO_RCVBUFFORCE                   = 0x21
+	SO_RCVLOWAT                      = 0x12
+	SO_RCVTIMEO                      = 0x14
+	SO_RCVTIMEO_NEW                  = 0x42
+	SO_RCVTIMEO_OLD                  = 0x14
+	SO_REUSEADDR                     = 0x2
+	SO_REUSEPORT                     = 0xf
+	SO_RXQ_OVFL                      = 0x28
+	SO_SECURITY_AUTHENTICATION       = 0x16
+	SO_SECURITY_ENCRYPTION_NETWORK   = 0x18
+	SO_SECURITY_ENCRYPTION_TRANSPORT = 0x17
+	SO_SELECT_ERR_QUEUE              = 0x2d
+	SO_SNDBUF                        = 0x7
+	SO_SNDBUFFORCE                   = 0x20
+	SO_SNDLOWAT                      = 0x13
+	SO_SNDTIMEO                      = 0x15
+	SO_SNDTIMEO_NEW                  = 0x43
+	SO_SNDTIMEO_OLD                  = 0x15
+	SO_TIMESTAMPING                  = 0x25
+	SO_TIMESTAMPING_NEW              = 0x41
+	SO_TIMESTAMPING_OLD              = 0x25
+	SO_TIMESTAMPNS                   = 0x23
+	SO_TIMESTAMPNS_NEW               = 0x40
+	SO_TIMESTAMPNS_OLD               = 0x23
+	SO_TIMESTAMP_NEW                 = 0x3f
+	SO_TXTIME                        = 0x3d
+	SO_TYPE                          = 0x3
+	SO_WIFI_STATUS                   = 0x29
+	SO_ZEROCOPY                      = 0x3c
+	TAB1                             = 0x800
+	TAB2                             = 0x1000
+	TAB3                             = 0x1800
+	TABDLY                           = 0x1800
+	TCFLSH                           = 0x540b
+	TCGETA                           = 0x5405
+	TCGETS                           = 0x5401
+	TCGETS2                          = 0x802c542a
+	TCGETX                           = 0x5432
+	TCSAFLUSH                        = 0x2
+	TCSBRK                           = 0x5409
+	TCSBRKP                          = 0x5425
+	TCSETA                           = 0x5406
+	TCSETAF                          = 0x5408
+	TCSETAW                          = 0x5407
+	TCSETS                           = 0x5402
+	TCSETS2                          = 0x402c542b
+	TCSETSF                          = 0x5404
+	TCSETSF2                         = 0x402c542d
+	TCSETSW                          = 0x5403
+	TCSETSW2                         = 0x402c542c
+	TCSETX                           = 0x5433
+	TCSETXF                          = 0x5434
+	TCSETXW                          = 0x5435
+	TCXONC                           = 0x540a
+	TFD_CLOEXEC                      = 0x80000
+	TFD_NONBLOCK                     = 0x800
+	TIOCCBRK                         = 0x5428
+	TIOCCONS                         = 0x541d
+	TIOCEXCL                         = 0x540c
+	TIOCGDEV                         = 0x80045432
+	TIOCGETD                         = 0x5424
+	TIOCGEXCL                        = 0x80045440
+	TIOCGICOUNT                      = 0x545d
+	TIOCGISO7816                     = 0x80285442
+	TIOCGLCKTRMIOS                   = 0x5456
+	TIOCGPGRP                        = 0x540f
+	TIOCGPKT                         = 0x80045438
+	TIOCGPTLCK                       = 0x80045439
+	TIOCGPTN                         = 0x80045430
+	TIOCGPTPEER                      = 0x5441
+	TIOCGRS485                       = 0x542e
+	TIOCGSERIAL                      = 0x541e
+	TIOCGSID                         = 0x5429
+	TIOCGSOFTCAR                     = 0x5419
+	TIOCGWINSZ                       = 0x5413
+	TIOCINQ                          = 0x541b
+	TIOCLINUX                        = 0x541c
+	TIOCMBIC                         = 0x5417
+	TIOCMBIS                         = 0x5416
+	TIOCMGET                         = 0x5415
+	TIOCMIWAIT                       = 0x545c
+	TIOCMSET                         = 0x5418
+	TIOCM_CAR                        = 0x40
+	TIOCM_CD                         = 0x40
+	TIOCM_CTS                        = 0x20
+	TIOCM_DSR                        = 0x100
+	TIOCM_RI                         = 0x80
+	TIOCM_RNG                        = 0x80
+	TIOCM_SR                         = 0x10
+	TIOCM_ST                         = 0x8
+	TIOCNOTTY                        = 0x5422
+	TIOCNXCL                         = 0x540d
+	TIOCOUTQ                         = 0x5411
+	TIOCPKT                          = 0x5420
+	TIOCSBRK                         = 0x5427
+	TIOCSCTTY                        = 0x540e
+	TIOCSERCONFIG                    = 0x5453
+	TIOCSERGETLSR                    = 0x5459
+	TIOCSERGETMULTI                  = 0x545a
+	TIOCSERGSTRUCT                   = 0x5458
+	TIOCSERGWILD                     = 0x5454
+	TIOCSERSETMULTI                  = 0x545b
+	TIOCSERSWILD                     = 0x5455
+	TIOCSER_TEMT                     = 0x1
+	TIOCSETD                         = 0x5423
+	TIOCSIG                          = 0x40045436
+	TIOCSISO7816                     = 0xc0285443
+	TIOCSLCKTRMIOS                   = 0x5457
+	TIOCSPGRP                        = 0x5410
+	TIOCSPTLCK                       = 0x40045431
+	TIOCSRS485                       = 0x542f
+	TIOCSSERIAL                      = 0x541f
+	TIOCSSOFTCAR                     = 0x541a
+	TIOCSTI                          = 0x5412
+	TIOCSWINSZ                       = 0x5414
+	TIOCVHANGUP                      = 0x5437
+	TOSTOP                           = 0x100
+	TUNATTACHFILTER                  = 0x400854d5
+	TUNDETACHFILTER                  = 0x400854d6
+	TUNGETDEVNETNS                   = 0x54e3
+	TUNGETFEATURES                   = 0x800454cf
+	TUNGETFILTER                     = 0x800854db
+	TUNGETIFF                        = 0x800454d2
+	TUNGETSNDBUF                     = 0x800454d3
+	TUNGETVNETBE                     = 0x800454df
+	TUNGETVNETHDRSZ                  = 0x800454d7
+	TUNGETVNETLE                     = 0x800454dd
+	TUNSETCARRIER                    = 0x400454e2
+	TUNSETDEBUG                      = 0x400454c9
+	TUNSETFILTEREBPF                 = 0x800454e1
+	TUNSETGROUP                      = 0x400454ce
+	TUNSETIFF                        = 0x400454ca
+	TUNSETIFINDEX                    = 0x400454da
+	TUNSETLINK                       = 0x400454cd
+	TUNSETNOCSUM                     = 0x400454c8
+	TUNSETOFFLOAD                    = 0x400454d0
+	TUNSETOWNER                      = 0x400454cc
+	TUNSETPERSIST                    = 0x400454cb
+	TUNSETQUEUE                      = 0x400454d9
+	TUNSETSNDBUF                     = 0x400454d4
+	TUNSETSTEERINGEBPF               = 0x800454e0
+	TUNSETTXFILTER                   = 0x400454d1
+	TUNSETVNETBE                     = 0x400454de
+	TUNSETVNETHDRSZ                  = 0x400454d8
+	TUNSETVNETLE                     = 0x400454dc
+	UBI_IOCATT                       = 0x40186f40
+	UBI_IOCDET                       = 0x40046f41
+	UBI_IOCEBCH                      = 0x40044f02
+	UBI_IOCEBER                      = 0x40044f01
+	UBI_IOCEBISMAP                   = 0x80044f05
+	UBI_IOCEBMAP                     = 0x40084f03
+	UBI_IOCEBUNMAP                   = 0x40044f04
+	UBI_IOCMKVOL                     = 0x40986f00
+	UBI_IOCRMVOL                     = 0x40046f01
+	UBI_IOCRNVOL                     = 0x51106f03
+	UBI_IOCRPEB                      = 0x40046f04
+	UBI_IOCRSVOL                     = 0x400c6f02
+	UBI_IOCSETVOLPROP                = 0x40104f06
+	UBI_IOCSPEB                      = 0x40046f05
+	UBI_IOCVOLCRBLK                  = 0x40804f07
+	UBI_IOCVOLRMBLK                  = 0x4f08
+	UBI_IOCVOLUP                     = 0x40084f00
+	VDISCARD                         = 0xd
+	VEOF                             = 0x4
+	VEOL                             = 0xb
+	VEOL2                            = 0x10
+	VMIN                             = 0x6
+	VREPRINT                         = 0xc
+	VSTART                           = 0x8
+	VSTOP                            = 0x9
+	VSUSP                            = 0xa
+	VSWTC                            = 0x7
+	VT1                              = 0x4000
+	VTDLY                            = 0x4000
+	VTIME                            = 0x5
+	VWERASE                          = 0xe
+	WDIOC_GETBOOTSTATUS              = 0x80045702
+	WDIOC_GETPRETIMEOUT              = 0x80045709
+	WDIOC_GETSTATUS                  = 0x80045701
+	WDIOC_GETSUPPORT                 = 0x80285700
+	WDIOC_GETTEMP                    = 0x80045703
+	WDIOC_GETTIMELEFT                = 0x8004570a
+	WDIOC_GETTIMEOUT                 = 0x80045707
+	WDIOC_KEEPALIVE                  = 0x80045705
+	WDIOC_SETOPTIONS                 = 0x80045704
+	WORDSIZE                         = 0x20
+	XCASE                            = 0x4
+	XTABS                            = 0x1800
+)
+
+// Errors
+const (
+	EADDRINUSE      = syscall.Errno(0x62)
+	EADDRNOTAVAIL   = syscall.Errno(0x63)
+	EADV            = syscall.Errno(0x44)
+	EAFNOSUPPORT    = syscall.Errno(0x61)
+	EALREADY        = syscall.Errno(0x72)
+	EBADE           = syscall.Errno(0x34)
+	EBADFD          = syscall.Errno(0x4d)
+	EBADMSG         = syscall.Errno(0x4a)
+	EBADR           = syscall.Errno(0x35)
+	EBADRQC         = syscall.Errno(0x38)
+	EBADSLT         = syscall.Errno(0x39)
+	EBFONT          = syscall.Errno(0x3b)
+	ECANCELED       = syscall.Errno(0x7d)
+	ECHRNG          = syscall.Errno(0x2c)
+	ECOMM           = syscall.Errno(0x46)
+	ECONNABORTED    = syscall.Errno(0x67)
+	ECONNREFUSED    = syscall.Errno(0x6f)
+	ECONNRESET      = syscall.Errno(0x68)
+	EDEADLK         = syscall.Errno(0x23)
+	EDEADLOCK       = syscall.Errno(0x23)
+	EDESTADDRREQ    = syscall.Errno(0x59)
+	EDOTDOT         = syscall.Errno(0x49)
+	EDQUOT          = syscall.Errno(0x7a)
+	EHOSTDOWN       = syscall.Errno(0x70)
+	EHOSTUNREACH    = syscall.Errno(0x71)
+	EHWPOISON       = syscall.Errno(0x85)
+	EIDRM           = syscall.Errno(0x2b)
+	EILSEQ          = syscall.Errno(0x54)
+	EINPROGRESS     = syscall.Errno(0x73)
+	EISCONN         = syscall.Errno(0x6a)
+	EISNAM          = syscall.Errno(0x78)
+	EKEYEXPIRED     = syscall.Errno(0x7f)
+	EKEYREJECTED    = syscall.Errno(0x81)
+	EKEYREVOKED     = syscall.Errno(0x80)
+	EL2HLT          = syscall.Errno(0x33)
+	EL2NSYNC        = syscall.Errno(0x2d)
+	EL3HLT          = syscall.Errno(0x2e)
+	EL3RST          = syscall.Errno(0x2f)
+	ELIBACC         = syscall.Errno(0x4f)
+	ELIBBAD         = syscall.Errno(0x50)
+	ELIBEXEC        = syscall.Errno(0x53)
+	ELIBMAX         = syscall.Errno(0x52)
+	ELIBSCN         = syscall.Errno(0x51)
+	ELNRNG          = syscall.Errno(0x30)
+	ELOOP           = syscall.Errno(0x28)
+	EMEDIUMTYPE     = syscall.Errno(0x7c)
+	EMSGSIZE        = syscall.Errno(0x5a)
+	EMULTIHOP       = syscall.Errno(0x48)
+	ENAMETOOLONG    = syscall.Errno(0x24)
+	ENAVAIL         = syscall.Errno(0x77)
+	ENETDOWN        = syscall.Errno(0x64)
+	ENETRESET       = syscall.Errno(0x66)
+	ENETUNREACH     = syscall.Errno(0x65)
+	ENOANO          = syscall.Errno(0x37)
+	ENOBUFS         = syscall.Errno(0x69)
+	ENOCSI          = syscall.Errno(0x32)
+	ENODATA         = syscall.Errno(0x3d)
+	ENOKEY          = syscall.Errno(0x7e)
+	ENOLCK          = syscall.Errno(0x25)
+	ENOLINK         = syscall.Errno(0x43)
+	ENOMEDIUM       = syscall.Errno(0x7b)
+	ENOMSG          = syscall.Errno(0x2a)
+	ENONET          = syscall.Errno(0x40)
+	ENOPKG          = syscall.Errno(0x41)
+	ENOPROTOOPT     = syscall.Errno(0x5c)
+	ENOSR           = syscall.Errno(0x3f)
+	ENOSTR          = syscall.Errno(0x3c)
+	ENOSYS          = syscall.Errno(0x26)
+	ENOTCONN        = syscall.Errno(0x6b)
+	ENOTEMPTY       = syscall.Errno(0x27)
+	ENOTNAM         = syscall.Errno(0x76)
+	ENOTRECOVERABLE = syscall.Errno(0x83)
+	ENOTSOCK        = syscall.Errno(0x58)
+	ENOTSUP         = syscall.Errno(0x5f)
+	ENOTUNIQ        = syscall.Errno(0x4c)
+	EOPNOTSUPP      = syscall.Errno(0x5f)
+	EOVERFLOW       = syscall.Errno(0x4b)
+	EOWNERDEAD      = syscall.Errno(0x82)
+	EPFNOSUPPORT    = syscall.Errno(0x60)
+	EPROTO          = syscall.Errno(0x47)
+	EPROTONOSUPPORT = syscall.Errno(0x5d)
+	EPROTOTYPE      = syscall.Errno(0x5b)
+	EREMCHG         = syscall.Errno(0x4e)
+	EREMOTE         = syscall.Errno(0x42)
+	EREMOTEIO       = syscall.Errno(0x79)
+	ERESTART        = syscall.Errno(0x55)
+	ERFKILL         = syscall.Errno(0x84)
+	ESHUTDOWN       = syscall.Errno(0x6c)
+	ESOCKTNOSUPPORT = syscall.Errno(0x5e)
+	ESRMNT          = syscall.Errno(0x45)
+	ESTALE          = syscall.Errno(0x74)
+	ESTRPIPE        = syscall.Errno(0x56)
+	ETIME           = syscall.Errno(0x3e)
+	ETIMEDOUT       = syscall.Errno(0x6e)
+	ETOOMANYREFS    = syscall.Errno(0x6d)
+	EUCLEAN         = syscall.Errno(0x75)
+	EUNATCH         = syscall.Errno(0x31)
+	EUSERS          = syscall.Errno(0x57)
+	EXFULL          = syscall.Errno(0x36)
+)
+
+// Signals
+const (
+	SIGBUS    = syscall.Signal(0x7)
+	SIGCHLD   = syscall.Signal(0x11)
+	SIGCLD    = syscall.Signal(0x11)
+	SIGCONT   = syscall.Signal(0x12)
+	SIGIO     = syscall.Signal(0x1d)
+	SIGPOLL   = syscall.Signal(0x1d)
+	SIGPROF   = syscall.Signal(0x1b)
+	SIGPWR    = syscall.Signal(0x1e)
+	SIGSTKFLT = syscall.Signal(0x10)
+	SIGSTOP   = syscall.Signal(0x13)
+	SIGSYS    = syscall.Signal(0x1f)
+	SIGTSTP   = syscall.Signal(0x14)
+	SIGTTIN   = syscall.Signal(0x15)
+	SIGTTOU   = syscall.Signal(0x16)
+	SIGURG    = syscall.Signal(0x17)
+	SIGUSR1   = syscall.Signal(0xa)
+	SIGUSR2   = syscall.Signal(0xc)
+	SIGVTALRM = syscall.Signal(0x1a)
+	SIGWINCH  = syscall.Signal(0x1c)
+	SIGXCPU   = syscall.Signal(0x18)
+	SIGXFSZ   = syscall.Signal(0x19)
+)
+
+// Error table
+var errorList = [...]struct {
+	num  syscall.Errno
+	name string
+	desc string
+}{
+	{1, "EPERM", "operation not permitted"},
+	{2, "ENOENT", "no such file or directory"},
+	{3, "ESRCH", "no such process"},
+	{4, "EINTR", "interrupted system call"},
+	{5, "EIO", "input/output error"},
+	{6, "ENXIO", "no such device or address"},
+	{7, "E2BIG", "argument list too long"},
+	{8, "ENOEXEC", "exec format error"},
+	{9, "EBADF", "bad file descriptor"},
+	{10, "ECHILD", "no child processes"},
+	{11, "EAGAIN", "resource temporarily unavailable"},
+	{12, "ENOMEM", "cannot allocate memory"},
+	{13, "EACCES", "permission denied"},
+	{14, "EFAULT", "bad address"},
+	{15, "ENOTBLK", "block device required"},
+	{16, "EBUSY", "device or resource busy"},
+	{17, "EEXIST", "file exists"},
+	{18, "EXDEV", "invalid cross-device link"},
+	{19, "ENODEV", "no such device"},
+	{20, "ENOTDIR", "not a directory"},
+	{21, "EISDIR", "is a directory"},
+	{22, "EINVAL", "invalid argument"},
+	{23, "ENFILE", "too many open files in system"},
+	{24, "EMFILE", "too many open files"},
+	{25, "ENOTTY", "inappropriate ioctl for device"},
+	{26, "ETXTBSY", "text file busy"},
+	{27, "EFBIG", "file too large"},
+	{28, "ENOSPC", "no space left on device"},
+	{29, "ESPIPE", "illegal seek"},
+	{30, "EROFS", "read-only file system"},
+	{31, "EMLINK", "too many links"},
+	{32, "EPIPE", "broken pipe"},
+	{33, "EDOM", "numerical argument out of domain"},
+	{34, "ERANGE", "numerical result out of range"},
+	{35, "EDEADLK", "resource deadlock avoided"},
+	{36, "ENAMETOOLONG", "file name too long"},
+	{37, "ENOLCK", "no locks available"},
+	{38, "ENOSYS", "function not implemented"},
+	{39, "ENOTEMPTY", "directory not empty"},
+	{40, "ELOOP", "too many levels of symbolic links"},
+	{42, "ENOMSG", "no message of desired type"},
+	{43, "EIDRM", "identifier removed"},
+	{44, "ECHRNG", "channel number out of range"},
+	{45, "EL2NSYNC", "level 2 not synchronized"},
+	{46, "EL3HLT", "level 3 halted"},
+	{47, "EL3RST", "level 3 reset"},
+	{48, "ELNRNG", "link number out of range"},
+	{49, "EUNATCH", "protocol driver not attached"},
+	{50, "ENOCSI", "no CSI structure available"},
+	{51, "EL2HLT", "level 2 halted"},
+	{52, "EBADE", "invalid exchange"},
+	{53, "EBADR", "invalid request descriptor"},
+	{54, "EXFULL", "exchange full"},
+	{55, "ENOANO", "no anode"},
+	{56, "EBADRQC", "invalid request code"},
+	{57, "EBADSLT", "invalid slot"},
+	{59, "EBFONT", "bad font file format"},
+	{60, "ENOSTR", "device not a stream"},
+	{61, "ENODATA", "no data available"},
+	{62, "ETIME", "timer expired"},
+	{63, "ENOSR", "out of streams resources"},
+	{64, "ENONET", "machine is not on the network"},
+	{65, "ENOPKG", "package not installed"},
+	{66, "EREMOTE", "object is remote"},
+	{67, "ENOLINK", "link has been severed"},
+	{68, "EADV", "advertise error"},
+	{69, "ESRMNT", "srmount error"},
+	{70, "ECOMM", "communication error on send"},
+	{71, "EPROTO", "protocol error"},
+	{72, "EMULTIHOP", "multihop attempted"},
+	{73, "EDOTDOT", "RFS specific error"},
+	{74, "EBADMSG", "bad message"},
+	{75, "EOVERFLOW", "value too large for defined data type"},
+	{76, "ENOTUNIQ", "name not unique on network"},
+	{77, "EBADFD", "file descriptor in bad state"},
+	{78, "EREMCHG", "remote address changed"},
+	{79, "ELIBACC", "can not access a needed shared library"},
+	{80, "ELIBBAD", "accessing a corrupted shared library"},
+	{81, "ELIBSCN", ".lib section in a.out corrupted"},
+	{82, "ELIBMAX", "attempting to link in too many shared libraries"},
+	{83, "ELIBEXEC", "cannot exec a shared library directly"},
+	{84, "EILSEQ", "invalid or incomplete multibyte or wide character"},
+	{85, "ERESTART", "interrupted system call should be restarted"},
+	{86, "ESTRPIPE", "streams pipe error"},
+	{87, "EUSERS", "too many users"},
+	{88, "ENOTSOCK", "socket operation on non-socket"},
+	{89, "EDESTADDRREQ", "destination address required"},
+	{90, "EMSGSIZE", "message too long"},
+	{91, "EPROTOTYPE", "protocol wrong type for socket"},
+	{92, "ENOPROTOOPT", "protocol not available"},
+	{93, "EPROTONOSUPPORT", "protocol not supported"},
+	{94, "ESOCKTNOSUPPORT", "socket type not supported"},
+	{95, "ENOTSUP", "operation not supported"},
+	{96, "EPFNOSUPPORT", "protocol family not supported"},
+	{97, "EAFNOSUPPORT", "address family not supported by protocol"},
+	{98, "EADDRINUSE", "address already in use"},
+	{99, "EADDRNOTAVAIL", "cannot assign requested address"},
+	{100, "ENETDOWN", "network is down"},
+	{101, "ENETUNREACH", "network is unreachable"},
+	{102, "ENETRESET", "network dropped connection on reset"},
+	{103, "ECONNABORTED", "software caused connection abort"},
+	{104, "ECONNRESET", "connection reset by peer"},
+	{105, "ENOBUFS", "no buffer space available"},
+	{106, "EISCONN", "transport endpoint is already connected"},
+	{107, "ENOTCONN", "transport endpoint is not connected"},
+	{108, "ESHUTDOWN", "cannot send after transport endpoint shutdown"},
+	{109, "ETOOMANYREFS", "too many references: cannot splice"},
+	{110, "ETIMEDOUT", "connection timed out"},
+	{111, "ECONNREFUSED", "connection refused"},
+	{112, "EHOSTDOWN", "host is down"},
+	{113, "EHOSTUNREACH", "no route to host"},
+	{114, "EALREADY", "operation already in progress"},
+	{115, "EINPROGRESS", "operation now in progress"},
+	{116, "ESTALE", "stale file handle"},
+	{117, "EUCLEAN", "structure needs cleaning"},
+	{118, "ENOTNAM", "not a XENIX named type file"},
+	{119, "ENAVAIL", "no XENIX semaphores available"},
+	{120, "EISNAM", "is a named type file"},
+	{121, "EREMOTEIO", "remote I/O error"},
+	{122, "EDQUOT", "disk quota exceeded"},
+	{123, "ENOMEDIUM", "no medium found"},
+	{124, "EMEDIUMTYPE", "wrong medium type"},
+	{125, "ECANCELED", "operation canceled"},
+	{126, "ENOKEY", "required key not available"},
+	{127, "EKEYEXPIRED", "key has expired"},
+	{128, "EKEYREVOKED", "key has been revoked"},
+	{129, "EKEYREJECTED", "key was rejected by service"},
+	{130, "EOWNERDEAD", "owner died"},
+	{131, "ENOTRECOVERABLE", "state not recoverable"},
+	{132, "ERFKILL", "operation not possible due to RF-kill"},
+	{133, "EHWPOISON", "memory page has hardware error"},
+}
+
+// Signal table
+var signalList = [...]struct {
+	num  syscall.Signal
+	name string
+	desc string
+}{
+	{1, "SIGHUP", "hangup"},
+	{2, "SIGINT", "interrupt"},
+	{3, "SIGQUIT", "quit"},
+	{4, "SIGILL", "illegal instruction"},
+	{5, "SIGTRAP", "trace/breakpoint trap"},
+	{6, "SIGABRT", "aborted"},
+	{7, "SIGBUS", "bus error"},
+	{8, "SIGFPE", "floating point exception"},
+	{9, "SIGKILL", "killed"},
+	{10, "SIGUSR1", "user defined signal 1"},
+	{11, "SIGSEGV", "segmentation fault"},
+	{12, "SIGUSR2", "user defined signal 2"},
+	{13, "SIGPIPE", "broken pipe"},
+	{14, "SIGALRM", "alarm clock"},
+	{15, "SIGTERM", "terminated"},
+	{16, "SIGSTKFLT", "stack fault"},
+	{17, "SIGCHLD", "child exited"},
+	{18, "SIGCONT", "continued"},
+	{19, "SIGSTOP", "stopped (signal)"},
+	{20, "SIGTSTP", "stopped"},
+	{21, "SIGTTIN", "stopped (tty input)"},
+	{22, "SIGTTOU", "stopped (tty output)"},
+	{23, "SIGURG", "urgent I/O condition"},
+	{24, "SIGXCPU", "CPU time limit exceeded"},
+	{25, "SIGXFSZ", "file size limit exceeded"},
+	{26, "SIGVTALRM", "virtual timer expired"},
+	{27, "SIGPROF", "profiling timer expired"},
+	{28, "SIGWINCH", "window changed"},
+	{29, "SIGIO", "I/O possible"},
+	{30, "SIGPWR", "power failure"},
+	{31, "SIGSYS", "bad system call"},
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
new file mode 100644
index 000000000..3b6cc5880
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
@@ -0,0 +1,784 @@
+// mkerrors.sh -Wall -Werror -static -I/tmp/include -fsigned-char
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build arm64,linux
+
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include -fsigned-char _const.go
+
+package unix
+
+import "syscall"
+
+const (
+	B1000000                         = 0x1008
+	B115200                          = 0x1002
+	B1152000                         = 0x1009
+	B1500000                         = 0x100a
+	B2000000                         = 0x100b
+	B230400                          = 0x1003
+	B2500000                         = 0x100c
+	B3000000                         = 0x100d
+	B3500000                         = 0x100e
+	B4000000                         = 0x100f
+	B460800                          = 0x1004
+	B500000                          = 0x1005
+	B57600                           = 0x1001
+	B576000                          = 0x1006
+	B921600                          = 0x1007
+	BLKBSZGET                        = 0x80081270
+	BLKBSZSET                        = 0x40081271
+	BLKFLSBUF                        = 0x1261
+	BLKFRAGET                        = 0x1265
+	BLKFRASET                        = 0x1264
+	BLKGETSIZE                       = 0x1260
+	BLKGETSIZE64                     = 0x80081272
+	BLKPBSZGET                       = 0x127b
+	BLKRAGET                         = 0x1263
+	BLKRASET                         = 0x1262
+	BLKROGET                         = 0x125e
+	BLKROSET                         = 0x125d
+	BLKRRPART                        = 0x125f
+	BLKSECTGET                       = 0x1267
+	BLKSECTSET                       = 0x1266
+	BLKSSZGET                        = 0x1268
+	BOTHER                           = 0x1000
+	BS1                              = 0x2000
+	BSDLY                            = 0x2000
+	CBAUD                            = 0x100f
+	CBAUDEX                          = 0x1000
+	CIBAUD                           = 0x100f0000
+	CLOCAL                           = 0x800
+	CR1                              = 0x200
+	CR2                              = 0x400
+	CR3                              = 0x600
+	CRDLY                            = 0x600
+	CREAD                            = 0x80
+	CS6                              = 0x10
+	CS7                              = 0x20
+	CS8                              = 0x30
+	CSIZE                            = 0x30
+	CSTOPB                           = 0x40
+	ECHOCTL                          = 0x200
+	ECHOE                            = 0x10
+	ECHOK                            = 0x20
+	ECHOKE                           = 0x800
+	ECHONL                           = 0x40
+	ECHOPRT                          = 0x400
+	EFD_CLOEXEC                      = 0x80000
+	EFD_NONBLOCK                     = 0x800
+	EPOLL_CLOEXEC                    = 0x80000
+	ESR_MAGIC                        = 0x45535201
+	EXTPROC                          = 0x10000
+	EXTRA_MAGIC                      = 0x45585401
+	FF1                              = 0x8000
+	FFDLY                            = 0x8000
+	FICLONE                          = 0x40049409
+	FICLONERANGE                     = 0x4020940d
+	FLUSHO                           = 0x1000
+	FPSIMD_MAGIC                     = 0x46508001
+	FS_IOC_ENABLE_VERITY             = 0x40806685
+	FS_IOC_GETFLAGS                  = 0x80086601
+	FS_IOC_GET_ENCRYPTION_NONCE      = 0x8010661b
+	FS_IOC_GET_ENCRYPTION_POLICY     = 0x400c6615
+	FS_IOC_GET_ENCRYPTION_PWSALT     = 0x40106614
+	FS_IOC_SETFLAGS                  = 0x40086602
+	FS_IOC_SET_ENCRYPTION_POLICY     = 0x800c6613
+	F_GETLK                          = 0x5
+	F_GETLK64                        = 0x5
+	F_GETOWN                         = 0x9
+	F_RDLCK                          = 0x0
+	F_SETLK                          = 0x6
+	F_SETLK64                        = 0x6
+	F_SETLKW                         = 0x7
+	F_SETLKW64                       = 0x7
+	F_SETOWN                         = 0x8
+	F_UNLCK                          = 0x2
+	F_WRLCK                          = 0x1
+	HUPCL                            = 0x400
+	ICANON                           = 0x2
+	IEXTEN                           = 0x8000
+	IN_CLOEXEC                       = 0x80000
+	IN_NONBLOCK                      = 0x800
+	IOCTL_VM_SOCKETS_GET_LOCAL_CID   = 0x7b9
+	ISIG                             = 0x1
+	IUCLC                            = 0x200
+	IXOFF                            = 0x1000
+	IXON                             = 0x400
+	MAP_ANON                         = 0x20
+	MAP_ANONYMOUS                    = 0x20
+	MAP_DENYWRITE                    = 0x800
+	MAP_EXECUTABLE                   = 0x1000
+	MAP_GROWSDOWN                    = 0x100
+	MAP_HUGETLB                      = 0x40000
+	MAP_LOCKED                       = 0x2000
+	MAP_NONBLOCK                     = 0x10000
+	MAP_NORESERVE                    = 0x4000
+	MAP_POPULATE                     = 0x8000
+	MAP_STACK                        = 0x20000
+	MAP_SYNC                         = 0x80000
+	MCL_CURRENT                      = 0x1
+	MCL_FUTURE                       = 0x2
+	MCL_ONFAULT                      = 0x4
+	NFDBITS                          = 0x40
+	NLDLY                            = 0x100
+	NOFLSH                           = 0x80
+	NS_GET_NSTYPE                    = 0xb703
+	NS_GET_OWNER_UID                 = 0xb704
+	NS_GET_PARENT                    = 0xb702
+	NS_GET_USERNS                    = 0xb701
+	OLCUC                            = 0x2
+	ONLCR                            = 0x4
+	O_APPEND                         = 0x400
+	O_ASYNC                          = 0x2000
+	O_CLOEXEC                        = 0x80000
+	O_CREAT                          = 0x40
+	O_DIRECT                         = 0x10000
+	O_DIRECTORY                      = 0x4000
+	O_DSYNC                          = 0x1000
+	O_EXCL                           = 0x80
+	O_FSYNC                          = 0x101000
+	O_LARGEFILE                      = 0x0
+	O_NDELAY                         = 0x800
+	O_NOATIME                        = 0x40000
+	O_NOCTTY                         = 0x100
+	O_NOFOLLOW                       = 0x8000
+	O_NONBLOCK                       = 0x800
+	O_PATH                           = 0x200000
+	O_RSYNC                          = 0x101000
+	O_SYNC                           = 0x101000
+	O_TMPFILE                        = 0x404000
+	O_TRUNC                          = 0x200
+	PARENB                           = 0x100
+	PARODD                           = 0x200
+	PENDIN                           = 0x4000
+	PERF_EVENT_IOC_DISABLE           = 0x2401
+	PERF_EVENT_IOC_ENABLE            = 0x2400
+	PERF_EVENT_IOC_ID                = 0x80082407
+	PERF_EVENT_IOC_MODIFY_ATTRIBUTES = 0x4008240b
+	PERF_EVENT_IOC_PAUSE_OUTPUT      = 0x40042409
+	PERF_EVENT_IOC_PERIOD            = 0x40082404
+	PERF_EVENT_IOC_QUERY_BPF         = 0xc008240a
+	PERF_EVENT_IOC_REFRESH           = 0x2402
+	PERF_EVENT_IOC_RESET             = 0x2403
+	PERF_EVENT_IOC_SET_BPF           = 0x40042408
+	PERF_EVENT_IOC_SET_FILTER        = 0x40082406
+	PERF_EVENT_IOC_SET_OUTPUT        = 0x2405
+	PPPIOCATTACH                     = 0x4004743d
+	PPPIOCATTCHAN                    = 0x40047438
+	PPPIOCCONNECT                    = 0x4004743a
+	PPPIOCDETACH                     = 0x4004743c
+	PPPIOCDISCONN                    = 0x7439
+	PPPIOCGASYNCMAP                  = 0x80047458
+	PPPIOCGCHAN                      = 0x80047437
+	PPPIOCGDEBUG                     = 0x80047441
+	PPPIOCGFLAGS                     = 0x8004745a
+	PPPIOCGIDLE                      = 0x8010743f
+	PPPIOCGIDLE32                    = 0x8008743f
+	PPPIOCGIDLE64                    = 0x8010743f
+	PPPIOCGL2TPSTATS                 = 0x80487436
+	PPPIOCGMRU                       = 0x80047453
+	PPPIOCGRASYNCMAP                 = 0x80047455
+	PPPIOCGUNIT                      = 0x80047456
+	PPPIOCGXASYNCMAP                 = 0x80207450
+	PPPIOCSACTIVE                    = 0x40107446
+	PPPIOCSASYNCMAP                  = 0x40047457
+	PPPIOCSCOMPRESS                  = 0x4010744d
+	PPPIOCSDEBUG                     = 0x40047440
+	PPPIOCSFLAGS                     = 0x40047459
+	PPPIOCSMAXCID                    = 0x40047451
+	PPPIOCSMRRU                      = 0x4004743b
+	PPPIOCSMRU                       = 0x40047452
+	PPPIOCSNPMODE                    = 0x4008744b
+	PPPIOCSPASS                      = 0x40107447
+	PPPIOCSRASYNCMAP                 = 0x40047454
+	PPPIOCSXASYNCMAP                 = 0x4020744f
+	PPPIOCXFERUNIT                   = 0x744e
+	PROT_BTI                         = 0x10
+	PR_SET_PTRACER_ANY               = 0xffffffffffffffff
+	PTRACE_SYSEMU                    = 0x1f
+	PTRACE_SYSEMU_SINGLESTEP         = 0x20
+	RLIMIT_AS                        = 0x9
+	RLIMIT_MEMLOCK                   = 0x8
+	RLIMIT_NOFILE                    = 0x7
+	RLIMIT_NPROC                     = 0x6
+	RLIMIT_RSS                       = 0x5
+	RNDADDENTROPY                    = 0x40085203
+	RNDADDTOENTCNT                   = 0x40045201
+	RNDCLEARPOOL                     = 0x5206
+	RNDGETENTCNT                     = 0x80045200
+	RNDGETPOOL                       = 0x80085202
+	RNDRESEEDCRNG                    = 0x5207
+	RNDZAPENTCNT                     = 0x5204
+	RTC_AIE_OFF                      = 0x7002
+	RTC_AIE_ON                       = 0x7001
+	RTC_ALM_READ                     = 0x80247008
+	RTC_ALM_SET                      = 0x40247007
+	RTC_EPOCH_READ                   = 0x8008700d
+	RTC_EPOCH_SET                    = 0x4008700e
+	RTC_IRQP_READ                    = 0x8008700b
+	RTC_IRQP_SET                     = 0x4008700c
+	RTC_PIE_OFF                      = 0x7006
+	RTC_PIE_ON                       = 0x7005
+	RTC_PLL_GET                      = 0x80207011
+	RTC_PLL_SET                      = 0x40207012
+	RTC_RD_TIME                      = 0x80247009
+	RTC_SET_TIME                     = 0x4024700a
+	RTC_UIE_OFF                      = 0x7004
+	RTC_UIE_ON                       = 0x7003
+	RTC_VL_CLR                       = 0x7014
+	RTC_VL_READ                      = 0x80047013
+	RTC_WIE_OFF                      = 0x7010
+	RTC_WIE_ON                       = 0x700f
+	RTC_WKALM_RD                     = 0x80287010
+	RTC_WKALM_SET                    = 0x4028700f
+	SCM_TIMESTAMPING                 = 0x25
+	SCM_TIMESTAMPING_OPT_STATS       = 0x36
+	SCM_TIMESTAMPING_PKTINFO         = 0x3a
+	SCM_TIMESTAMPNS                  = 0x23
+	SCM_TXTIME                       = 0x3d
+	SCM_WIFI_STATUS                  = 0x29
+	SFD_CLOEXEC                      = 0x80000
+	SFD_NONBLOCK                     = 0x800
+	SIOCATMARK                       = 0x8905
+	SIOCGPGRP                        = 0x8904
+	SIOCGSTAMPNS_NEW                 = 0x80108907
+	SIOCGSTAMP_NEW                   = 0x80108906
+	SIOCINQ                          = 0x541b
+	SIOCOUTQ                         = 0x5411
+	SIOCSPGRP                        = 0x8902
+	SOCK_CLOEXEC                     = 0x80000
+	SOCK_DGRAM                       = 0x2
+	SOCK_NONBLOCK                    = 0x800
+	SOCK_STREAM                      = 0x1
+	SOL_SOCKET                       = 0x1
+	SO_ACCEPTCONN                    = 0x1e
+	SO_ATTACH_BPF                    = 0x32
+	SO_ATTACH_REUSEPORT_CBPF         = 0x33
+	SO_ATTACH_REUSEPORT_EBPF         = 0x34
+	SO_BINDTODEVICE                  = 0x19
+	SO_BINDTOIFINDEX                 = 0x3e
+	SO_BPF_EXTENSIONS                = 0x30
+	SO_BROADCAST                     = 0x6
+	SO_BSDCOMPAT                     = 0xe
+	SO_BUSY_POLL                     = 0x2e
+	SO_CNX_ADVICE                    = 0x35
+	SO_COOKIE                        = 0x39
+	SO_DETACH_REUSEPORT_BPF          = 0x44
+	SO_DOMAIN                        = 0x27
+	SO_DONTROUTE                     = 0x5
+	SO_ERROR                         = 0x4
+	SO_INCOMING_CPU                  = 0x31
+	SO_INCOMING_NAPI_ID              = 0x38
+	SO_KEEPALIVE                     = 0x9
+	SO_LINGER                        = 0xd
+	SO_LOCK_FILTER                   = 0x2c
+	SO_MARK                          = 0x24
+	SO_MAX_PACING_RATE               = 0x2f
+	SO_MEMINFO                       = 0x37
+	SO_NOFCS                         = 0x2b
+	SO_OOBINLINE                     = 0xa
+	SO_PASSCRED                      = 0x10
+	SO_PASSSEC                       = 0x22
+	SO_PEEK_OFF                      = 0x2a
+	SO_PEERCRED                      = 0x11
+	SO_PEERGROUPS                    = 0x3b
+	SO_PEERSEC                       = 0x1f
+	SO_PROTOCOL                      = 0x26
+	SO_RCVBUF                        = 0x8
+	SO_RCVBUFFORCE                   = 0x21
+	SO_RCVLOWAT                      = 0x12
+	SO_RCVTIMEO                      = 0x14
+	SO_RCVTIMEO_NEW                  = 0x42
+	SO_RCVTIMEO_OLD                  = 0x14
+	SO_REUSEADDR                     = 0x2
+	SO_REUSEPORT                     = 0xf
+	SO_RXQ_OVFL                      = 0x28
+	SO_SECURITY_AUTHENTICATION       = 0x16
+	SO_SECURITY_ENCRYPTION_NETWORK   = 0x18
+	SO_SECURITY_ENCRYPTION_TRANSPORT = 0x17
+	SO_SELECT_ERR_QUEUE              = 0x2d
+	SO_SNDBUF                        = 0x7
+	SO_SNDBUFFORCE                   = 0x20
+	SO_SNDLOWAT                      = 0x13
+	SO_SNDTIMEO                      = 0x15
+	SO_SNDTIMEO_NEW                  = 0x43
+	SO_SNDTIMEO_OLD                  = 0x15
+	SO_TIMESTAMPING                  = 0x25
+	SO_TIMESTAMPING_NEW              = 0x41
+	SO_TIMESTAMPING_OLD              = 0x25
+	SO_TIMESTAMPNS                   = 0x23
+	SO_TIMESTAMPNS_NEW               = 0x40
+	SO_TIMESTAMPNS_OLD               = 0x23
+	SO_TIMESTAMP_NEW                 = 0x3f
+	SO_TXTIME                        = 0x3d
+	SO_TYPE                          = 0x3
+	SO_WIFI_STATUS                   = 0x29
+	SO_ZEROCOPY                      = 0x3c
+	SVE_MAGIC                        = 0x53564501
+	TAB1                             = 0x800
+	TAB2                             = 0x1000
+	TAB3                             = 0x1800
+	TABDLY                           = 0x1800
+	TCFLSH                           = 0x540b
+	TCGETA                           = 0x5405
+	TCGETS                           = 0x5401
+	TCGETS2                          = 0x802c542a
+	TCGETX                           = 0x5432
+	TCSAFLUSH                        = 0x2
+	TCSBRK                           = 0x5409
+	TCSBRKP                          = 0x5425
+	TCSETA                           = 0x5406
+	TCSETAF                          = 0x5408
+	TCSETAW                          = 0x5407
+	TCSETS                           = 0x5402
+	TCSETS2                          = 0x402c542b
+	TCSETSF                          = 0x5404
+	TCSETSF2                         = 0x402c542d
+	TCSETSW                          = 0x5403
+	TCSETSW2                         = 0x402c542c
+	TCSETX                           = 0x5433
+	TCSETXF                          = 0x5434
+	TCSETXW                          = 0x5435
+	TCXONC                           = 0x540a
+	TFD_CLOEXEC                      = 0x80000
+	TFD_NONBLOCK                     = 0x800
+	TIOCCBRK                         = 0x5428
+	TIOCCONS                         = 0x541d
+	TIOCEXCL                         = 0x540c
+	TIOCGDEV                         = 0x80045432
+	TIOCGETD                         = 0x5424
+	TIOCGEXCL                        = 0x80045440
+	TIOCGICOUNT                      = 0x545d
+	TIOCGISO7816                     = 0x80285442
+	TIOCGLCKTRMIOS                   = 0x5456
+	TIOCGPGRP                        = 0x540f
+	TIOCGPKT                         = 0x80045438
+	TIOCGPTLCK                       = 0x80045439
+	TIOCGPTN                         = 0x80045430
+	TIOCGPTPEER                      = 0x5441
+	TIOCGRS485                       = 0x542e
+	TIOCGSERIAL                      = 0x541e
+	TIOCGSID                         = 0x5429
+	TIOCGSOFTCAR                     = 0x5419
+	TIOCGWINSZ                       = 0x5413
+	TIOCINQ                          = 0x541b
+	TIOCLINUX                        = 0x541c
+	TIOCMBIC                         = 0x5417
+	TIOCMBIS                         = 0x5416
+	TIOCMGET                         = 0x5415
+	TIOCMIWAIT                       = 0x545c
+	TIOCMSET                         = 0x5418
+	TIOCM_CAR                        = 0x40
+	TIOCM_CD                         = 0x40
+	TIOCM_CTS                        = 0x20
+	TIOCM_DSR                        = 0x100
+	TIOCM_RI                         = 0x80
+	TIOCM_RNG                        = 0x80
+	TIOCM_SR                         = 0x10
+	TIOCM_ST                         = 0x8
+	TIOCNOTTY                        = 0x5422
+	TIOCNXCL                         = 0x540d
+	TIOCOUTQ                         = 0x5411
+	TIOCPKT                          = 0x5420
+	TIOCSBRK                         = 0x5427
+	TIOCSCTTY                        = 0x540e
+	TIOCSERCONFIG                    = 0x5453
+	TIOCSERGETLSR                    = 0x5459
+	TIOCSERGETMULTI                  = 0x545a
+	TIOCSERGSTRUCT                   = 0x5458
+	TIOCSERGWILD                     = 0x5454
+	TIOCSERSETMULTI                  = 0x545b
+	TIOCSERSWILD                     = 0x5455
+	TIOCSER_TEMT                     = 0x1
+	TIOCSETD                         = 0x5423
+	TIOCSIG                          = 0x40045436
+	TIOCSISO7816                     = 0xc0285443
+	TIOCSLCKTRMIOS                   = 0x5457
+	TIOCSPGRP                        = 0x5410
+	TIOCSPTLCK                       = 0x40045431
+	TIOCSRS485                       = 0x542f
+	TIOCSSERIAL                      = 0x541f
+	TIOCSSOFTCAR                     = 0x541a
+	TIOCSTI                          = 0x5412
+	TIOCSWINSZ                       = 0x5414
+	TIOCVHANGUP                      = 0x5437
+	TOSTOP                           = 0x100
+	TUNATTACHFILTER                  = 0x401054d5
+	TUNDETACHFILTER                  = 0x401054d6
+	TUNGETDEVNETNS                   = 0x54e3
+	TUNGETFEATURES                   = 0x800454cf
+	TUNGETFILTER                     = 0x801054db
+	TUNGETIFF                        = 0x800454d2
+	TUNGETSNDBUF                     = 0x800454d3
+	TUNGETVNETBE                     = 0x800454df
+	TUNGETVNETHDRSZ                  = 0x800454d7
+	TUNGETVNETLE                     = 0x800454dd
+	TUNSETCARRIER                    = 0x400454e2
+	TUNSETDEBUG                      = 0x400454c9
+	TUNSETFILTEREBPF                 = 0x800454e1
+	TUNSETGROUP                      = 0x400454ce
+	TUNSETIFF                        = 0x400454ca
+	TUNSETIFINDEX                    = 0x400454da
+	TUNSETLINK                       = 0x400454cd
+	TUNSETNOCSUM                     = 0x400454c8
+	TUNSETOFFLOAD                    = 0x400454d0
+	TUNSETOWNER                      = 0x400454cc
+	TUNSETPERSIST                    = 0x400454cb
+	TUNSETQUEUE                      = 0x400454d9
+	TUNSETSNDBUF                     = 0x400454d4
+	TUNSETSTEERINGEBPF               = 0x800454e0
+	TUNSETTXFILTER                   = 0x400454d1
+	TUNSETVNETBE                     = 0x400454de
+	TUNSETVNETHDRSZ                  = 0x400454d8
+	TUNSETVNETLE                     = 0x400454dc
+	UBI_IOCATT                       = 0x40186f40
+	UBI_IOCDET                       = 0x40046f41
+	UBI_IOCEBCH                      = 0x40044f02
+	UBI_IOCEBER                      = 0x40044f01
+	UBI_IOCEBISMAP                   = 0x80044f05
+	UBI_IOCEBMAP                     = 0x40084f03
+	UBI_IOCEBUNMAP                   = 0x40044f04
+	UBI_IOCMKVOL                     = 0x40986f00
+	UBI_IOCRMVOL                     = 0x40046f01
+	UBI_IOCRNVOL                     = 0x51106f03
+	UBI_IOCRPEB                      = 0x40046f04
+	UBI_IOCRSVOL                     = 0x400c6f02
+	UBI_IOCSETVOLPROP                = 0x40104f06
+	UBI_IOCSPEB                      = 0x40046f05
+	UBI_IOCVOLCRBLK                  = 0x40804f07
+	UBI_IOCVOLRMBLK                  = 0x4f08
+	UBI_IOCVOLUP                     = 0x40084f00
+	VDISCARD                         = 0xd
+	VEOF                             = 0x4
+	VEOL                             = 0xb
+	VEOL2                            = 0x10
+	VMIN                             = 0x6
+	VREPRINT                         = 0xc
+	VSTART                           = 0x8
+	VSTOP                            = 0x9
+	VSUSP                            = 0xa
+	VSWTC                            = 0x7
+	VT1                              = 0x4000
+	VTDLY                            = 0x4000
+	VTIME                            = 0x5
+	VWERASE                          = 0xe
+	WDIOC_GETBOOTSTATUS              = 0x80045702
+	WDIOC_GETPRETIMEOUT              = 0x80045709
+	WDIOC_GETSTATUS                  = 0x80045701
+	WDIOC_GETSUPPORT                 = 0x80285700
+	WDIOC_GETTEMP                    = 0x80045703
+	WDIOC_GETTIMELEFT                = 0x8004570a
+	WDIOC_GETTIMEOUT                 = 0x80045707
+	WDIOC_KEEPALIVE                  = 0x80045705
+	WDIOC_SETOPTIONS                 = 0x80045704
+	WORDSIZE                         = 0x40
+	XCASE                            = 0x4
+	XTABS                            = 0x1800
+)
+
+// Errors
+const (
+	EADDRINUSE      = syscall.Errno(0x62)
+	EADDRNOTAVAIL   = syscall.Errno(0x63)
+	EADV            = syscall.Errno(0x44)
+	EAFNOSUPPORT    = syscall.Errno(0x61)
+	EALREADY        = syscall.Errno(0x72)
+	EBADE           = syscall.Errno(0x34)
+	EBADFD          = syscall.Errno(0x4d)
+	EBADMSG         = syscall.Errno(0x4a)
+	EBADR           = syscall.Errno(0x35)
+	EBADRQC         = syscall.Errno(0x38)
+	EBADSLT         = syscall.Errno(0x39)
+	EBFONT          = syscall.Errno(0x3b)
+	ECANCELED       = syscall.Errno(0x7d)
+	ECHRNG          = syscall.Errno(0x2c)
+	ECOMM           = syscall.Errno(0x46)
+	ECONNABORTED    = syscall.Errno(0x67)
+	ECONNREFUSED    = syscall.Errno(0x6f)
+	ECONNRESET      = syscall.Errno(0x68)
+	EDEADLK         = syscall.Errno(0x23)
+	EDEADLOCK       = syscall.Errno(0x23)
+	EDESTADDRREQ    = syscall.Errno(0x59)
+	EDOTDOT         = syscall.Errno(0x49)
+	EDQUOT          = syscall.Errno(0x7a)
+	EHOSTDOWN       = syscall.Errno(0x70)
+	EHOSTUNREACH    = syscall.Errno(0x71)
+	EHWPOISON       = syscall.Errno(0x85)
+	EIDRM           = syscall.Errno(0x2b)
+	EILSEQ          = syscall.Errno(0x54)
+	EINPROGRESS     = syscall.Errno(0x73)
+	EISCONN         = syscall.Errno(0x6a)
+	EISNAM          = syscall.Errno(0x78)
+	EKEYEXPIRED     = syscall.Errno(0x7f)
+	EKEYREJECTED    = syscall.Errno(0x81)
+	EKEYREVOKED     = syscall.Errno(0x80)
+	EL2HLT          = syscall.Errno(0x33)
+	EL2NSYNC        = syscall.Errno(0x2d)
+	EL3HLT          = syscall.Errno(0x2e)
+	EL3RST          = syscall.Errno(0x2f)
+	ELIBACC         = syscall.Errno(0x4f)
+	ELIBBAD         = syscall.Errno(0x50)
+	ELIBEXEC        = syscall.Errno(0x53)
+	ELIBMAX         = syscall.Errno(0x52)
+	ELIBSCN         = syscall.Errno(0x51)
+	ELNRNG          = syscall.Errno(0x30)
+	ELOOP           = syscall.Errno(0x28)
+	EMEDIUMTYPE     = syscall.Errno(0x7c)
+	EMSGSIZE        = syscall.Errno(0x5a)
+	EMULTIHOP       = syscall.Errno(0x48)
+	ENAMETOOLONG    = syscall.Errno(0x24)
+	ENAVAIL         = syscall.Errno(0x77)
+	ENETDOWN        = syscall.Errno(0x64)
+	ENETRESET       = syscall.Errno(0x66)
+	ENETUNREACH     = syscall.Errno(0x65)
+	ENOANO          = syscall.Errno(0x37)
+	ENOBUFS         = syscall.Errno(0x69)
+	ENOCSI          = syscall.Errno(0x32)
+	ENODATA         = syscall.Errno(0x3d)
+	ENOKEY          = syscall.Errno(0x7e)
+	ENOLCK          = syscall.Errno(0x25)
+	ENOLINK         = syscall.Errno(0x43)
+	ENOMEDIUM       = syscall.Errno(0x7b)
+	ENOMSG          = syscall.Errno(0x2a)
+	ENONET          = syscall.Errno(0x40)
+	ENOPKG          = syscall.Errno(0x41)
+	ENOPROTOOPT     = syscall.Errno(0x5c)
+	ENOSR           = syscall.Errno(0x3f)
+	ENOSTR          = syscall.Errno(0x3c)
+	ENOSYS          = syscall.Errno(0x26)
+	ENOTCONN        = syscall.Errno(0x6b)
+	ENOTEMPTY       = syscall.Errno(0x27)
+	ENOTNAM         = syscall.Errno(0x76)
+	ENOTRECOVERABLE = syscall.Errno(0x83)
+	ENOTSOCK        = syscall.Errno(0x58)
+	ENOTSUP         = syscall.Errno(0x5f)
+	ENOTUNIQ        = syscall.Errno(0x4c)
+	EOPNOTSUPP      = syscall.Errno(0x5f)
+	EOVERFLOW       = syscall.Errno(0x4b)
+	EOWNERDEAD      = syscall.Errno(0x82)
+	EPFNOSUPPORT    = syscall.Errno(0x60)
+	EPROTO          = syscall.Errno(0x47)
+	EPROTONOSUPPORT = syscall.Errno(0x5d)
+	EPROTOTYPE      = syscall.Errno(0x5b)
+	EREMCHG         = syscall.Errno(0x4e)
+	EREMOTE         = syscall.Errno(0x42)
+	EREMOTEIO       = syscall.Errno(0x79)
+	ERESTART        = syscall.Errno(0x55)
+	ERFKILL         = syscall.Errno(0x84)
+	ESHUTDOWN       = syscall.Errno(0x6c)
+	ESOCKTNOSUPPORT = syscall.Errno(0x5e)
+	ESRMNT          = syscall.Errno(0x45)
+	ESTALE          = syscall.Errno(0x74)
+	ESTRPIPE        = syscall.Errno(0x56)
+	ETIME           = syscall.Errno(0x3e)
+	ETIMEDOUT       = syscall.Errno(0x6e)
+	ETOOMANYREFS    = syscall.Errno(0x6d)
+	EUCLEAN         = syscall.Errno(0x75)
+	EUNATCH         = syscall.Errno(0x31)
+	EUSERS          = syscall.Errno(0x57)
+	EXFULL          = syscall.Errno(0x36)
+)
+
+// Signals
+const (
+	SIGBUS    = syscall.Signal(0x7)
+	SIGCHLD   = syscall.Signal(0x11)
+	SIGCLD    = syscall.Signal(0x11)
+	SIGCONT   = syscall.Signal(0x12)
+	SIGIO     = syscall.Signal(0x1d)
+	SIGPOLL   = syscall.Signal(0x1d)
+	SIGPROF   = syscall.Signal(0x1b)
+	SIGPWR    = syscall.Signal(0x1e)
+	SIGSTKFLT = syscall.Signal(0x10)
+	SIGSTOP   = syscall.Signal(0x13)
+	SIGSYS    = syscall.Signal(0x1f)
+	SIGTSTP   = syscall.Signal(0x14)
+	SIGTTIN   = syscall.Signal(0x15)
+	SIGTTOU   = syscall.Signal(0x16)
+	SIGURG    = syscall.Signal(0x17)
+	SIGUSR1   = syscall.Signal(0xa)
+	SIGUSR2   = syscall.Signal(0xc)
+	SIGVTALRM = syscall.Signal(0x1a)
+	SIGWINCH  = syscall.Signal(0x1c)
+	SIGXCPU   = syscall.Signal(0x18)
+	SIGXFSZ   = syscall.Signal(0x19)
+)
+
+// Error table
+var errorList = [...]struct {
+	num  syscall.Errno
+	name string
+	desc string
+}{
+	{1, "EPERM", "operation not permitted"},
+	{2, "ENOENT", "no such file or directory"},
+	{3, "ESRCH", "no such process"},
+	{4, "EINTR", "interrupted system call"},
+	{5, "EIO", "input/output error"},
+	{6, "ENXIO", "no such device or address"},
+	{7, "E2BIG", "argument list too long"},
+	{8, "ENOEXEC", "exec format error"},
+	{9, "EBADF", "bad file descriptor"},
+	{10, "ECHILD", "no child processes"},
+	{11, "EAGAIN", "resource temporarily unavailable"},
+	{12, "ENOMEM", "cannot allocate memory"},
+	{13, "EACCES", "permission denied"},
+	{14, "EFAULT", "bad address"},
+	{15, "ENOTBLK", "block device required"},
+	{16, "EBUSY", "device or resource busy"},
+	{17, "EEXIST", "file exists"},
+	{18, "EXDEV", "invalid cross-device link"},
+	{19, "ENODEV", "no such device"},
+	{20, "ENOTDIR", "not a directory"},
+	{21, "EISDIR", "is a directory"},
+	{22, "EINVAL", "invalid argument"},
+	{23, "ENFILE", "too many open files in system"},
+	{24, "EMFILE", "too many open files"},
+	{25, "ENOTTY", "inappropriate ioctl for device"},
+	{26, "ETXTBSY", "text file busy"},
+	{27, "EFBIG", "file too large"},
+	{28, "ENOSPC", "no space left on device"},
+	{29, "ESPIPE", "illegal seek"},
+	{30, "EROFS", "read-only file system"},
+	{31, "EMLINK", "too many links"},
+	{32, "EPIPE", "broken pipe"},
+	{33, "EDOM", "numerical argument out of domain"},
+	{34, "ERANGE", "numerical result out of range"},
+	{35, "EDEADLK", "resource deadlock avoided"},
+	{36, "ENAMETOOLONG", "file name too long"},
+	{37, "ENOLCK", "no locks available"},
+	{38, "ENOSYS", "function not implemented"},
+	{39, "ENOTEMPTY", "directory not empty"},
+	{40, "ELOOP", "too many levels of symbolic links"},
+	{42, "ENOMSG", "no message of desired type"},
+	{43, "EIDRM", "identifier removed"},
+	{44, "ECHRNG", "channel number out of range"},
+	{45, "EL2NSYNC", "level 2 not synchronized"},
+	{46, "EL3HLT", "level 3 halted"},
+	{47, "EL3RST", "level 3 reset"},
+	{48, "ELNRNG", "link number out of range"},
+	{49, "EUNATCH", "protocol driver not attached"},
+	{50, "ENOCSI", "no CSI structure available"},
+	{51, "EL2HLT", "level 2 halted"},
+	{52, "EBADE", "invalid exchange"},
+	{53, "EBADR", "invalid request descriptor"},
+	{54, "EXFULL", "exchange full"},
+	{55, "ENOANO", "no anode"},
+	{56, "EBADRQC", "invalid request code"},
+	{57, "EBADSLT", "invalid slot"},
+	{59, "EBFONT", "bad font file format"},
+	{60, "ENOSTR", "device not a stream"},
+	{61, "ENODATA", "no data available"},
+	{62, "ETIME", "timer expired"},
+	{63, "ENOSR", "out of streams resources"},
+	{64, "ENONET", "machine is not on the network"},
+	{65, "ENOPKG", "package not installed"},
+	{66, "EREMOTE", "object is remote"},
+	{67, "ENOLINK", "link has been severed"},
+	{68, "EADV", "advertise error"},
+	{69, "ESRMNT", "srmount error"},
+	{70, "ECOMM", "communication error on send"},
+	{71, "EPROTO", "protocol error"},
+	{72, "EMULTIHOP", "multihop attempted"},
+	{73, "EDOTDOT", "RFS specific error"},
+	{74, "EBADMSG", "bad message"},
+	{75, "EOVERFLOW", "value too large for defined data type"},
+	{76, "ENOTUNIQ", "name not unique on network"},
+	{77, "EBADFD", "file descriptor in bad state"},
+	{78, "EREMCHG", "remote address changed"},
+	{79, "ELIBACC", "can not access a needed shared library"},
+	{80, "ELIBBAD", "accessing a corrupted shared library"},
+	{81, "ELIBSCN", ".lib section in a.out corrupted"},
+	{82, "ELIBMAX", "attempting to link in too many shared libraries"},
+	{83, "ELIBEXEC", "cannot exec a shared library directly"},
+	{84, "EILSEQ", "invalid or incomplete multibyte or wide character"},
+	{85, "ERESTART", "interrupted system call should be restarted"},
+	{86, "ESTRPIPE", "streams pipe error"},
+	{87, "EUSERS", "too many users"},
+	{88, "ENOTSOCK", "socket operation on non-socket"},
+	{89, "EDESTADDRREQ", "destination address required"},
+	{90, "EMSGSIZE", "message too long"},
+	{91, "EPROTOTYPE", "protocol wrong type for socket"},
+	{92, "ENOPROTOOPT", "protocol not available"},
+	{93, "EPROTONOSUPPORT", "protocol not supported"},
+	{94, "ESOCKTNOSUPPORT", "socket type not supported"},
+	{95, "ENOTSUP", "operation not supported"},
+	{96, "EPFNOSUPPORT", "protocol family not supported"},
+	{97, "EAFNOSUPPORT", "address family not supported by protocol"},
+	{98, "EADDRINUSE", "address already in use"},
+	{99, "EADDRNOTAVAIL", "cannot assign requested address"},
+	{100, "ENETDOWN", "network is down"},
+	{101, "ENETUNREACH", "network is unreachable"},
+	{102, "ENETRESET", "network dropped connection on reset"},
+	{103, "ECONNABORTED", "software caused connection abort"},
+	{104, "ECONNRESET", "connection reset by peer"},
+	{105, "ENOBUFS", "no buffer space available"},
+	{106, "EISCONN", "transport endpoint is already connected"},
+	{107, "ENOTCONN", "transport endpoint is not connected"},
+	{108, "ESHUTDOWN", "cannot send after transport endpoint shutdown"},
+	{109, "ETOOMANYREFS", "too many references: cannot splice"},
+	{110, "ETIMEDOUT", "connection timed out"},
+	{111, "ECONNREFUSED", "connection refused"},
+	{112, "EHOSTDOWN", "host is down"},
+	{113, "EHOSTUNREACH", "no route to host"},
+	{114, "EALREADY", "operation already in progress"},
+	{115, "EINPROGRESS", "operation now in progress"},
+	{116, "ESTALE", "stale file handle"},
+	{117, "EUCLEAN", "structure needs cleaning"},
+	{118, "ENOTNAM", "not a XENIX named type file"},
+	{119, "ENAVAIL", "no XENIX semaphores available"},
+	{120, "EISNAM", "is a named type file"},
+	{121, "EREMOTEIO", "remote I/O error"},
+	{122, "EDQUOT", "disk quota exceeded"},
+	{123, "ENOMEDIUM", "no medium found"},
+	{124, "EMEDIUMTYPE", "wrong medium type"},
+	{125, "ECANCELED", "operation canceled"},
+	{126, "ENOKEY", "required key not available"},
+	{127, "EKEYEXPIRED", "key has expired"},
+	{128, "EKEYREVOKED", "key has been revoked"},
+	{129, "EKEYREJECTED", "key was rejected by service"},
+	{130, "EOWNERDEAD", "owner died"},
+	{131, "ENOTRECOVERABLE", "state not recoverable"},
+	{132, "ERFKILL", "operation not possible due to RF-kill"},
+	{133, "EHWPOISON", "memory page has hardware error"},
+}
+
+// Signal table
+var signalList = [...]struct {
+	num  syscall.Signal
+	name string
+	desc string
+}{
+	{1, "SIGHUP", "hangup"},
+	{2, "SIGINT", "interrupt"},
+	{3, "SIGQUIT", "quit"},
+	{4, "SIGILL", "illegal instruction"},
+	{5, "SIGTRAP", "trace/breakpoint trap"},
+	{6, "SIGABRT", "aborted"},
+	{7, "SIGBUS", "bus error"},
+	{8, "SIGFPE", "floating point exception"},
+	{9, "SIGKILL", "killed"},
+	{10, "SIGUSR1", "user defined signal 1"},
+	{11, "SIGSEGV", "segmentation fault"},
+	{12, "SIGUSR2", "user defined signal 2"},
+	{13, "SIGPIPE", "broken pipe"},
+	{14, "SIGALRM", "alarm clock"},
+	{15, "SIGTERM", "terminated"},
+	{16, "SIGSTKFLT", "stack fault"},
+	{17, "SIGCHLD", "child exited"},
+	{18, "SIGCONT", "continued"},
+	{19, "SIGSTOP", "stopped (signal)"},
+	{20, "SIGTSTP", "stopped"},
+	{21, "SIGTTIN", "stopped (tty input)"},
+	{22, "SIGTTOU", "stopped (tty output)"},
+	{23, "SIGURG", "urgent I/O condition"},
+	{24, "SIGXCPU", "CPU time limit exceeded"},
+	{25, "SIGXFSZ", "file size limit exceeded"},
+	{26, "SIGVTALRM", "virtual timer expired"},
+	{27, "SIGPROF", "profiling timer expired"},
+	{28, "SIGWINCH", "window changed"},
+	{29, "SIGIO", "I/O possible"},
+	{30, "SIGPWR", "power failure"},
+	{31, "SIGSYS", "bad system call"},
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
new file mode 100644
index 000000000..ce3d9ae15
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
@@ -0,0 +1,797 @@
+// mkerrors.sh -Wall -Werror -static -I/tmp/include
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build mips,linux
+
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include _const.go
+
+package unix
+
+import "syscall"
+
+const (
+	B1000000                         = 0x1008
+	B115200                          = 0x1002
+	B1152000                         = 0x1009
+	B1500000                         = 0x100a
+	B2000000                         = 0x100b
+	B230400                          = 0x1003
+	B2500000                         = 0x100c
+	B3000000                         = 0x100d
+	B3500000                         = 0x100e
+	B4000000                         = 0x100f
+	B460800                          = 0x1004
+	B500000                          = 0x1005
+	B57600                           = 0x1001
+	B576000                          = 0x1006
+	B921600                          = 0x1007
+	BLKBSZGET                        = 0x40041270
+	BLKBSZSET                        = 0x80041271
+	BLKFLSBUF                        = 0x20001261
+	BLKFRAGET                        = 0x20001265
+	BLKFRASET                        = 0x20001264
+	BLKGETSIZE                       = 0x20001260
+	BLKGETSIZE64                     = 0x40041272
+	BLKPBSZGET                       = 0x2000127b
+	BLKRAGET                         = 0x20001263
+	BLKRASET                         = 0x20001262
+	BLKROGET                         = 0x2000125e
+	BLKROSET                         = 0x2000125d
+	BLKRRPART                        = 0x2000125f
+	BLKSECTGET                       = 0x20001267
+	BLKSECTSET                       = 0x20001266
+	BLKSSZGET                        = 0x20001268
+	BOTHER                           = 0x1000
+	BS1                              = 0x2000
+	BSDLY                            = 0x2000
+	CBAUD                            = 0x100f
+	CBAUDEX                          = 0x1000
+	CIBAUD                           = 0x100f0000
+	CLOCAL                           = 0x800
+	CR1                              = 0x200
+	CR2                              = 0x400
+	CR3                              = 0x600
+	CRDLY                            = 0x600
+	CREAD                            = 0x80
+	CS6                              = 0x10
+	CS7                              = 0x20
+	CS8                              = 0x30
+	CSIZE                            = 0x30
+	CSTOPB                           = 0x40
+	ECHOCTL                          = 0x200
+	ECHOE                            = 0x10
+	ECHOK                            = 0x20
+	ECHOKE                           = 0x800
+	ECHONL                           = 0x40
+	ECHOPRT                          = 0x400
+	EFD_CLOEXEC                      = 0x80000
+	EFD_NONBLOCK                     = 0x80
+	EPOLL_CLOEXEC                    = 0x80000
+	EXTPROC                          = 0x10000
+	FF1                              = 0x8000
+	FFDLY                            = 0x8000
+	FICLONE                          = 0x80049409
+	FICLONERANGE                     = 0x8020940d
+	FLUSHO                           = 0x2000
+	FS_IOC_ENABLE_VERITY             = 0x80806685
+	FS_IOC_GETFLAGS                  = 0x40046601
+	FS_IOC_GET_ENCRYPTION_NONCE      = 0x4010661b
+	FS_IOC_GET_ENCRYPTION_POLICY     = 0x800c6615
+	FS_IOC_GET_ENCRYPTION_PWSALT     = 0x80106614
+	FS_IOC_SETFLAGS                  = 0x80046602
+	FS_IOC_SET_ENCRYPTION_POLICY     = 0x400c6613
+	F_GETLK                          = 0x21
+	F_GETLK64                        = 0x21
+	F_GETOWN                         = 0x17
+	F_RDLCK                          = 0x0
+	F_SETLK                          = 0x22
+	F_SETLK64                        = 0x22
+	F_SETLKW                         = 0x23
+	F_SETLKW64                       = 0x23
+	F_SETOWN                         = 0x18
+	F_UNLCK                          = 0x2
+	F_WRLCK                          = 0x1
+	HUPCL                            = 0x400
+	ICANON                           = 0x2
+	IEXTEN                           = 0x100
+	IN_CLOEXEC                       = 0x80000
+	IN_NONBLOCK                      = 0x80
+	IOCTL_VM_SOCKETS_GET_LOCAL_CID   = 0x200007b9
+	ISIG                             = 0x1
+	IUCLC                            = 0x200
+	IXOFF                            = 0x1000
+	IXON                             = 0x400
+	MAP_ANON                         = 0x800
+	MAP_ANONYMOUS                    = 0x800
+	MAP_DENYWRITE                    = 0x2000
+	MAP_EXECUTABLE                   = 0x4000
+	MAP_GROWSDOWN                    = 0x1000
+	MAP_HUGETLB                      = 0x80000
+	MAP_LOCKED                       = 0x8000
+	MAP_NONBLOCK                     = 0x20000
+	MAP_NORESERVE                    = 0x400
+	MAP_POPULATE                     = 0x10000
+	MAP_RENAME                       = 0x800
+	MAP_STACK                        = 0x40000
+	MCL_CURRENT                      = 0x1
+	MCL_FUTURE                       = 0x2
+	MCL_ONFAULT                      = 0x4
+	NFDBITS                          = 0x20
+	NLDLY                            = 0x100
+	NOFLSH                           = 0x80
+	NS_GET_NSTYPE                    = 0x2000b703
+	NS_GET_OWNER_UID                 = 0x2000b704
+	NS_GET_PARENT                    = 0x2000b702
+	NS_GET_USERNS                    = 0x2000b701
+	OLCUC                            = 0x2
+	ONLCR                            = 0x4
+	O_APPEND                         = 0x8
+	O_ASYNC                          = 0x1000
+	O_CLOEXEC                        = 0x80000
+	O_CREAT                          = 0x100
+	O_DIRECT                         = 0x8000
+	O_DIRECTORY                      = 0x10000
+	O_DSYNC                          = 0x10
+	O_EXCL                           = 0x400
+	O_FSYNC                          = 0x4010
+	O_LARGEFILE                      = 0x2000
+	O_NDELAY                         = 0x80
+	O_NOATIME                        = 0x40000
+	O_NOCTTY                         = 0x800
+	O_NOFOLLOW                       = 0x20000
+	O_NONBLOCK                       = 0x80
+	O_PATH                           = 0x200000
+	O_RSYNC                          = 0x4010
+	O_SYNC                           = 0x4010
+	O_TMPFILE                        = 0x410000
+	O_TRUNC                          = 0x200
+	PARENB                           = 0x100
+	PARODD                           = 0x200
+	PENDIN                           = 0x4000
+	PERF_EVENT_IOC_DISABLE           = 0x20002401
+	PERF_EVENT_IOC_ENABLE            = 0x20002400
+	PERF_EVENT_IOC_ID                = 0x40042407
+	PERF_EVENT_IOC_MODIFY_ATTRIBUTES = 0x8004240b
+	PERF_EVENT_IOC_PAUSE_OUTPUT      = 0x80042409
+	PERF_EVENT_IOC_PERIOD            = 0x80082404
+	PERF_EVENT_IOC_QUERY_BPF         = 0xc004240a
+	PERF_EVENT_IOC_REFRESH           = 0x20002402
+	PERF_EVENT_IOC_RESET             = 0x20002403
+	PERF_EVENT_IOC_SET_BPF           = 0x80042408
+	PERF_EVENT_IOC_SET_FILTER        = 0x80042406
+	PERF_EVENT_IOC_SET_OUTPUT        = 0x20002405
+	PPPIOCATTACH                     = 0x8004743d
+	PPPIOCATTCHAN                    = 0x80047438
+	PPPIOCCONNECT                    = 0x8004743a
+	PPPIOCDETACH                     = 0x8004743c
+	PPPIOCDISCONN                    = 0x20007439
+	PPPIOCGASYNCMAP                  = 0x40047458
+	PPPIOCGCHAN                      = 0x40047437
+	PPPIOCGDEBUG                     = 0x40047441
+	PPPIOCGFLAGS                     = 0x4004745a
+	PPPIOCGIDLE                      = 0x4008743f
+	PPPIOCGIDLE32                    = 0x4008743f
+	PPPIOCGIDLE64                    = 0x4010743f
+	PPPIOCGL2TPSTATS                 = 0x40487436
+	PPPIOCGMRU                       = 0x40047453
+	PPPIOCGRASYNCMAP                 = 0x40047455
+	PPPIOCGUNIT                      = 0x40047456
+	PPPIOCGXASYNCMAP                 = 0x40207450
+	PPPIOCSACTIVE                    = 0x80087446
+	PPPIOCSASYNCMAP                  = 0x80047457
+	PPPIOCSCOMPRESS                  = 0x800c744d
+	PPPIOCSDEBUG                     = 0x80047440
+	PPPIOCSFLAGS                     = 0x80047459
+	PPPIOCSMAXCID                    = 0x80047451
+	PPPIOCSMRRU                      = 0x8004743b
+	PPPIOCSMRU                       = 0x80047452
+	PPPIOCSNPMODE                    = 0x8008744b
+	PPPIOCSPASS                      = 0x80087447
+	PPPIOCSRASYNCMAP                 = 0x80047454
+	PPPIOCSXASYNCMAP                 = 0x8020744f
+	PPPIOCXFERUNIT                   = 0x2000744e
+	PR_SET_PTRACER_ANY               = 0xffffffff
+	PTRACE_GETFPREGS                 = 0xe
+	PTRACE_GET_THREAD_AREA           = 0x19
+	PTRACE_GET_THREAD_AREA_3264      = 0xc4
+	PTRACE_GET_WATCH_REGS            = 0xd0
+	PTRACE_OLDSETOPTIONS             = 0x15
+	PTRACE_PEEKDATA_3264             = 0xc1
+	PTRACE_PEEKTEXT_3264             = 0xc0
+	PTRACE_POKEDATA_3264             = 0xc3
+	PTRACE_POKETEXT_3264             = 0xc2
+	PTRACE_SETFPREGS                 = 0xf
+	PTRACE_SET_THREAD_AREA           = 0x1a
+	PTRACE_SET_WATCH_REGS            = 0xd1
+	RLIMIT_AS                        = 0x6
+	RLIMIT_MEMLOCK                   = 0x9
+	RLIMIT_NOFILE                    = 0x5
+	RLIMIT_NPROC                     = 0x8
+	RLIMIT_RSS                       = 0x7
+	RNDADDENTROPY                    = 0x80085203
+	RNDADDTOENTCNT                   = 0x80045201
+	RNDCLEARPOOL                     = 0x20005206
+	RNDGETENTCNT                     = 0x40045200
+	RNDGETPOOL                       = 0x40085202
+	RNDRESEEDCRNG                    = 0x20005207
+	RNDZAPENTCNT                     = 0x20005204
+	RTC_AIE_OFF                      = 0x20007002
+	RTC_AIE_ON                       = 0x20007001
+	RTC_ALM_READ                     = 0x40247008
+	RTC_ALM_SET                      = 0x80247007
+	RTC_EPOCH_READ                   = 0x4004700d
+	RTC_EPOCH_SET                    = 0x8004700e
+	RTC_IRQP_READ                    = 0x4004700b
+	RTC_IRQP_SET                     = 0x8004700c
+	RTC_PIE_OFF                      = 0x20007006
+	RTC_PIE_ON                       = 0x20007005
+	RTC_PLL_GET                      = 0x401c7011
+	RTC_PLL_SET                      = 0x801c7012
+	RTC_RD_TIME                      = 0x40247009
+	RTC_SET_TIME                     = 0x8024700a
+	RTC_UIE_OFF                      = 0x20007004
+	RTC_UIE_ON                       = 0x20007003
+	RTC_VL_CLR                       = 0x20007014
+	RTC_VL_READ                      = 0x40047013
+	RTC_WIE_OFF                      = 0x20007010
+	RTC_WIE_ON                       = 0x2000700f
+	RTC_WKALM_RD                     = 0x40287010
+	RTC_WKALM_SET                    = 0x8028700f
+	SCM_TIMESTAMPING                 = 0x25
+	SCM_TIMESTAMPING_OPT_STATS       = 0x36
+	SCM_TIMESTAMPING_PKTINFO         = 0x3a
+	SCM_TIMESTAMPNS                  = 0x23
+	SCM_TXTIME                       = 0x3d
+	SCM_WIFI_STATUS                  = 0x29
+	SFD_CLOEXEC                      = 0x80000
+	SFD_NONBLOCK                     = 0x80
+	SIOCATMARK                       = 0x40047307
+	SIOCGPGRP                        = 0x40047309
+	SIOCGSTAMPNS_NEW                 = 0x40108907
+	SIOCGSTAMP_NEW                   = 0x40108906
+	SIOCINQ                          = 0x467f
+	SIOCOUTQ                         = 0x7472
+	SIOCSPGRP                        = 0x80047308
+	SOCK_CLOEXEC                     = 0x80000
+	SOCK_DGRAM                       = 0x1
+	SOCK_NONBLOCK                    = 0x80
+	SOCK_STREAM                      = 0x2
+	SOL_SOCKET                       = 0xffff
+	SO_ACCEPTCONN                    = 0x1009
+	SO_ATTACH_BPF                    = 0x32
+	SO_ATTACH_REUSEPORT_CBPF         = 0x33
+	SO_ATTACH_REUSEPORT_EBPF         = 0x34
+	SO_BINDTODEVICE                  = 0x19
+	SO_BINDTOIFINDEX                 = 0x3e
+	SO_BPF_EXTENSIONS                = 0x30
+	SO_BROADCAST                     = 0x20
+	SO_BSDCOMPAT                     = 0xe
+	SO_BUSY_POLL                     = 0x2e
+	SO_CNX_ADVICE                    = 0x35
+	SO_COOKIE                        = 0x39
+	SO_DETACH_REUSEPORT_BPF          = 0x44
+	SO_DOMAIN                        = 0x1029
+	SO_DONTROUTE                     = 0x10
+	SO_ERROR                         = 0x1007
+	SO_INCOMING_CPU                  = 0x31
+	SO_INCOMING_NAPI_ID              = 0x38
+	SO_KEEPALIVE                     = 0x8
+	SO_LINGER                        = 0x80
+	SO_LOCK_FILTER                   = 0x2c
+	SO_MARK                          = 0x24
+	SO_MAX_PACING_RATE               = 0x2f
+	SO_MEMINFO                       = 0x37
+	SO_NOFCS                         = 0x2b
+	SO_OOBINLINE                     = 0x100
+	SO_PASSCRED                      = 0x11
+	SO_PASSSEC                       = 0x22
+	SO_PEEK_OFF                      = 0x2a
+	SO_PEERCRED                      = 0x12
+	SO_PEERGROUPS                    = 0x3b
+	SO_PEERSEC                       = 0x1e
+	SO_PROTOCOL                      = 0x1028
+	SO_RCVBUF                        = 0x1002
+	SO_RCVBUFFORCE                   = 0x21
+	SO_RCVLOWAT                      = 0x1004
+	SO_RCVTIMEO                      = 0x1006
+	SO_RCVTIMEO_NEW                  = 0x42
+	SO_RCVTIMEO_OLD                  = 0x1006
+	SO_REUSEADDR                     = 0x4
+	SO_REUSEPORT                     = 0x200
+	SO_RXQ_OVFL                      = 0x28
+	SO_SECURITY_AUTHENTICATION       = 0x16
+	SO_SECURITY_ENCRYPTION_NETWORK   = 0x18
+	SO_SECURITY_ENCRYPTION_TRANSPORT = 0x17
+	SO_SELECT_ERR_QUEUE              = 0x2d
+	SO_SNDBUF                        = 0x1001
+	SO_SNDBUFFORCE                   = 0x1f
+	SO_SNDLOWAT                      = 0x1003
+	SO_SNDTIMEO                      = 0x1005
+	SO_SNDTIMEO_NEW                  = 0x43
+	SO_SNDTIMEO_OLD                  = 0x1005
+	SO_STYLE                         = 0x1008
+	SO_TIMESTAMPING                  = 0x25
+	SO_TIMESTAMPING_NEW              = 0x41
+	SO_TIMESTAMPING_OLD              = 0x25
+	SO_TIMESTAMPNS                   = 0x23
+	SO_TIMESTAMPNS_NEW               = 0x40
+	SO_TIMESTAMPNS_OLD               = 0x23
+	SO_TIMESTAMP_NEW                 = 0x3f
+	SO_TXTIME                        = 0x3d
+	SO_TYPE                          = 0x1008
+	SO_WIFI_STATUS                   = 0x29
+	SO_ZEROCOPY                      = 0x3c
+	TAB1                             = 0x800
+	TAB2                             = 0x1000
+	TAB3                             = 0x1800
+	TABDLY                           = 0x1800
+	TCFLSH                           = 0x5407
+	TCGETA                           = 0x5401
+	TCGETS                           = 0x540d
+	TCGETS2                          = 0x4030542a
+	TCSAFLUSH                        = 0x5410
+	TCSBRK                           = 0x5405
+	TCSBRKP                          = 0x5486
+	TCSETA                           = 0x5402
+	TCSETAF                          = 0x5404
+	TCSETAW                          = 0x5403
+	TCSETS                           = 0x540e
+	TCSETS2                          = 0x8030542b
+	TCSETSF                          = 0x5410
+	TCSETSF2                         = 0x8030542d
+	TCSETSW                          = 0x540f
+	TCSETSW2                         = 0x8030542c
+	TCXONC                           = 0x5406
+	TFD_CLOEXEC                      = 0x80000
+	TFD_NONBLOCK                     = 0x80
+	TIOCCBRK                         = 0x5428
+	TIOCCONS                         = 0x80047478
+	TIOCEXCL                         = 0x740d
+	TIOCGDEV                         = 0x40045432
+	TIOCGETD                         = 0x7400
+	TIOCGETP                         = 0x7408
+	TIOCGEXCL                        = 0x40045440
+	TIOCGICOUNT                      = 0x5492
+	TIOCGISO7816                     = 0x40285442
+	TIOCGLCKTRMIOS                   = 0x548b
+	TIOCGLTC                         = 0x7474
+	TIOCGPGRP                        = 0x40047477
+	TIOCGPKT                         = 0x40045438
+	TIOCGPTLCK                       = 0x40045439
+	TIOCGPTN                         = 0x40045430
+	TIOCGPTPEER                      = 0x20005441
+	TIOCGRS485                       = 0x4020542e
+	TIOCGSERIAL                      = 0x5484
+	TIOCGSID                         = 0x7416
+	TIOCGSOFTCAR                     = 0x5481
+	TIOCGWINSZ                       = 0x40087468
+	TIOCINQ                          = 0x467f
+	TIOCLINUX                        = 0x5483
+	TIOCMBIC                         = 0x741c
+	TIOCMBIS                         = 0x741b
+	TIOCMGET                         = 0x741d
+	TIOCMIWAIT                       = 0x5491
+	TIOCMSET                         = 0x741a
+	TIOCM_CAR                        = 0x100
+	TIOCM_CD                         = 0x100
+	TIOCM_CTS                        = 0x40
+	TIOCM_DSR                        = 0x400
+	TIOCM_RI                         = 0x200
+	TIOCM_RNG                        = 0x200
+	TIOCM_SR                         = 0x20
+	TIOCM_ST                         = 0x10
+	TIOCNOTTY                        = 0x5471
+	TIOCNXCL                         = 0x740e
+	TIOCOUTQ                         = 0x7472
+	TIOCPKT                          = 0x5470
+	TIOCSBRK                         = 0x5427
+	TIOCSCTTY                        = 0x5480
+	TIOCSERCONFIG                    = 0x5488
+	TIOCSERGETLSR                    = 0x548e
+	TIOCSERGETMULTI                  = 0x548f
+	TIOCSERGSTRUCT                   = 0x548d
+	TIOCSERGWILD                     = 0x5489
+	TIOCSERSETMULTI                  = 0x5490
+	TIOCSERSWILD                     = 0x548a
+	TIOCSER_TEMT                     = 0x1
+	TIOCSETD                         = 0x7401
+	TIOCSETN                         = 0x740a
+	TIOCSETP                         = 0x7409
+	TIOCSIG                          = 0x80045436
+	TIOCSISO7816                     = 0xc0285443
+	TIOCSLCKTRMIOS                   = 0x548c
+	TIOCSLTC                         = 0x7475
+	TIOCSPGRP                        = 0x80047476
+	TIOCSPTLCK                       = 0x80045431
+	TIOCSRS485                       = 0xc020542f
+	TIOCSSERIAL                      = 0x5485
+	TIOCSSOFTCAR                     = 0x5482
+	TIOCSTI                          = 0x5472
+	TIOCSWINSZ                       = 0x80087467
+	TIOCVHANGUP                      = 0x5437
+	TOSTOP                           = 0x8000
+	TUNATTACHFILTER                  = 0x800854d5
+	TUNDETACHFILTER                  = 0x800854d6
+	TUNGETDEVNETNS                   = 0x200054e3
+	TUNGETFEATURES                   = 0x400454cf
+	TUNGETFILTER                     = 0x400854db
+	TUNGETIFF                        = 0x400454d2
+	TUNGETSNDBUF                     = 0x400454d3
+	TUNGETVNETBE                     = 0x400454df
+	TUNGETVNETHDRSZ                  = 0x400454d7
+	TUNGETVNETLE                     = 0x400454dd
+	TUNSETCARRIER                    = 0x800454e2
+	TUNSETDEBUG                      = 0x800454c9
+	TUNSETFILTEREBPF                 = 0x400454e1
+	TUNSETGROUP                      = 0x800454ce
+	TUNSETIFF                        = 0x800454ca
+	TUNSETIFINDEX                    = 0x800454da
+	TUNSETLINK                       = 0x800454cd
+	TUNSETNOCSUM                     = 0x800454c8
+	TUNSETOFFLOAD                    = 0x800454d0
+	TUNSETOWNER                      = 0x800454cc
+	TUNSETPERSIST                    = 0x800454cb
+	TUNSETQUEUE                      = 0x800454d9
+	TUNSETSNDBUF                     = 0x800454d4
+	TUNSETSTEERINGEBPF               = 0x400454e0
+	TUNSETTXFILTER                   = 0x800454d1
+	TUNSETVNETBE                     = 0x800454de
+	TUNSETVNETHDRSZ                  = 0x800454d8
+	TUNSETVNETLE                     = 0x800454dc
+	UBI_IOCATT                       = 0x80186f40
+	UBI_IOCDET                       = 0x80046f41
+	UBI_IOCEBCH                      = 0x80044f02
+	UBI_IOCEBER                      = 0x80044f01
+	UBI_IOCEBISMAP                   = 0x40044f05
+	UBI_IOCEBMAP                     = 0x80084f03
+	UBI_IOCEBUNMAP                   = 0x80044f04
+	UBI_IOCMKVOL                     = 0x80986f00
+	UBI_IOCRMVOL                     = 0x80046f01
+	UBI_IOCRNVOL                     = 0x91106f03
+	UBI_IOCRPEB                      = 0x80046f04
+	UBI_IOCRSVOL                     = 0x800c6f02
+	UBI_IOCSETVOLPROP                = 0x80104f06
+	UBI_IOCSPEB                      = 0x80046f05
+	UBI_IOCVOLCRBLK                  = 0x80804f07
+	UBI_IOCVOLRMBLK                  = 0x20004f08
+	UBI_IOCVOLUP                     = 0x80084f00
+	VDISCARD                         = 0xd
+	VEOF                             = 0x10
+	VEOL                             = 0x11
+	VEOL2                            = 0x6
+	VMIN                             = 0x4
+	VREPRINT                         = 0xc
+	VSTART                           = 0x8
+	VSTOP                            = 0x9
+	VSUSP                            = 0xa
+	VSWTC                            = 0x7
+	VSWTCH                           = 0x7
+	VT1                              = 0x4000
+	VTDLY                            = 0x4000
+	VTIME                            = 0x5
+	VWERASE                          = 0xe
+	WDIOC_GETBOOTSTATUS              = 0x40045702
+	WDIOC_GETPRETIMEOUT              = 0x40045709
+	WDIOC_GETSTATUS                  = 0x40045701
+	WDIOC_GETSUPPORT                 = 0x40285700
+	WDIOC_GETTEMP                    = 0x40045703
+	WDIOC_GETTIMELEFT                = 0x4004570a
+	WDIOC_GETTIMEOUT                 = 0x40045707
+	WDIOC_KEEPALIVE                  = 0x40045705
+	WDIOC_SETOPTIONS                 = 0x40045704
+	WORDSIZE                         = 0x20
+	XCASE                            = 0x4
+	XTABS                            = 0x1800
+)
+
+// Errors
+const (
+	EADDRINUSE      = syscall.Errno(0x7d)
+	EADDRNOTAVAIL   = syscall.Errno(0x7e)
+	EADV            = syscall.Errno(0x44)
+	EAFNOSUPPORT    = syscall.Errno(0x7c)
+	EALREADY        = syscall.Errno(0x95)
+	EBADE           = syscall.Errno(0x32)
+	EBADFD          = syscall.Errno(0x51)
+	EBADMSG         = syscall.Errno(0x4d)
+	EBADR           = syscall.Errno(0x33)
+	EBADRQC         = syscall.Errno(0x36)
+	EBADSLT         = syscall.Errno(0x37)
+	EBFONT          = syscall.Errno(0x3b)
+	ECANCELED       = syscall.Errno(0x9e)
+	ECHRNG          = syscall.Errno(0x25)
+	ECOMM           = syscall.Errno(0x46)
+	ECONNABORTED    = syscall.Errno(0x82)
+	ECONNREFUSED    = syscall.Errno(0x92)
+	ECONNRESET      = syscall.Errno(0x83)
+	EDEADLK         = syscall.Errno(0x2d)
+	EDEADLOCK       = syscall.Errno(0x38)
+	EDESTADDRREQ    = syscall.Errno(0x60)
+	EDOTDOT         = syscall.Errno(0x49)
+	EDQUOT          = syscall.Errno(0x46d)
+	EHOSTDOWN       = syscall.Errno(0x93)
+	EHOSTUNREACH    = syscall.Errno(0x94)
+	EHWPOISON       = syscall.Errno(0xa8)
+	EIDRM           = syscall.Errno(0x24)
+	EILSEQ          = syscall.Errno(0x58)
+	EINIT           = syscall.Errno(0x8d)
+	EINPROGRESS     = syscall.Errno(0x96)
+	EISCONN         = syscall.Errno(0x85)
+	EISNAM          = syscall.Errno(0x8b)
+	EKEYEXPIRED     = syscall.Errno(0xa2)
+	EKEYREJECTED    = syscall.Errno(0xa4)
+	EKEYREVOKED     = syscall.Errno(0xa3)
+	EL2HLT          = syscall.Errno(0x2c)
+	EL2NSYNC        = syscall.Errno(0x26)
+	EL3HLT          = syscall.Errno(0x27)
+	EL3RST          = syscall.Errno(0x28)
+	ELIBACC         = syscall.Errno(0x53)
+	ELIBBAD         = syscall.Errno(0x54)
+	ELIBEXEC        = syscall.Errno(0x57)
+	ELIBMAX         = syscall.Errno(0x56)
+	ELIBSCN         = syscall.Errno(0x55)
+	ELNRNG          = syscall.Errno(0x29)
+	ELOOP           = syscall.Errno(0x5a)
+	EMEDIUMTYPE     = syscall.Errno(0xa0)
+	EMSGSIZE        = syscall.Errno(0x61)
+	EMULTIHOP       = syscall.Errno(0x4a)
+	ENAMETOOLONG    = syscall.Errno(0x4e)
+	ENAVAIL         = syscall.Errno(0x8a)
+	ENETDOWN        = syscall.Errno(0x7f)
+	ENETRESET       = syscall.Errno(0x81)
+	ENETUNREACH     = syscall.Errno(0x80)
+	ENOANO          = syscall.Errno(0x35)
+	ENOBUFS         = syscall.Errno(0x84)
+	ENOCSI          = syscall.Errno(0x2b)
+	ENODATA         = syscall.Errno(0x3d)
+	ENOKEY          = syscall.Errno(0xa1)
+	ENOLCK          = syscall.Errno(0x2e)
+	ENOLINK         = syscall.Errno(0x43)
+	ENOMEDIUM       = syscall.Errno(0x9f)
+	ENOMSG          = syscall.Errno(0x23)
+	ENONET          = syscall.Errno(0x40)
+	ENOPKG          = syscall.Errno(0x41)
+	ENOPROTOOPT     = syscall.Errno(0x63)
+	ENOSR           = syscall.Errno(0x3f)
+	ENOSTR          = syscall.Errno(0x3c)
+	ENOSYS          = syscall.Errno(0x59)
+	ENOTCONN        = syscall.Errno(0x86)
+	ENOTEMPTY       = syscall.Errno(0x5d)
+	ENOTNAM         = syscall.Errno(0x89)
+	ENOTRECOVERABLE = syscall.Errno(0xa6)
+	ENOTSOCK        = syscall.Errno(0x5f)
+	ENOTSUP         = syscall.Errno(0x7a)
+	ENOTUNIQ        = syscall.Errno(0x50)
+	EOPNOTSUPP      = syscall.Errno(0x7a)
+	EOVERFLOW       = syscall.Errno(0x4f)
+	EOWNERDEAD      = syscall.Errno(0xa5)
+	EPFNOSUPPORT    = syscall.Errno(0x7b)
+	EPROTO          = syscall.Errno(0x47)
+	EPROTONOSUPPORT = syscall.Errno(0x78)
+	EPROTOTYPE      = syscall.Errno(0x62)
+	EREMCHG         = syscall.Errno(0x52)
+	EREMDEV         = syscall.Errno(0x8e)
+	EREMOTE         = syscall.Errno(0x42)
+	EREMOTEIO       = syscall.Errno(0x8c)
+	ERESTART        = syscall.Errno(0x5b)
+	ERFKILL         = syscall.Errno(0xa7)
+	ESHUTDOWN       = syscall.Errno(0x8f)
+	ESOCKTNOSUPPORT = syscall.Errno(0x79)
+	ESRMNT          = syscall.Errno(0x45)
+	ESTALE          = syscall.Errno(0x97)
+	ESTRPIPE        = syscall.Errno(0x5c)
+	ETIME           = syscall.Errno(0x3e)
+	ETIMEDOUT       = syscall.Errno(0x91)
+	ETOOMANYREFS    = syscall.Errno(0x90)
+	EUCLEAN         = syscall.Errno(0x87)
+	EUNATCH         = syscall.Errno(0x2a)
+	EUSERS          = syscall.Errno(0x5e)
+	EXFULL          = syscall.Errno(0x34)
+)
+
+// Signals
+const (
+	SIGBUS    = syscall.Signal(0xa)
+	SIGCHLD   = syscall.Signal(0x12)
+	SIGCLD    = syscall.Signal(0x12)
+	SIGCONT   = syscall.Signal(0x19)
+	SIGEMT    = syscall.Signal(0x7)
+	SIGIO     = syscall.Signal(0x16)
+	SIGPOLL   = syscall.Signal(0x16)
+	SIGPROF   = syscall.Signal(0x1d)
+	SIGPWR    = syscall.Signal(0x13)
+	SIGSTOP   = syscall.Signal(0x17)
+	SIGSYS    = syscall.Signal(0xc)
+	SIGTSTP   = syscall.Signal(0x18)
+	SIGTTIN   = syscall.Signal(0x1a)
+	SIGTTOU   = syscall.Signal(0x1b)
+	SIGURG    = syscall.Signal(0x15)
+	SIGUSR1   = syscall.Signal(0x10)
+	SIGUSR2   = syscall.Signal(0x11)
+	SIGVTALRM = syscall.Signal(0x1c)
+	SIGWINCH  = syscall.Signal(0x14)
+	SIGXCPU   = syscall.Signal(0x1e)
+	SIGXFSZ   = syscall.Signal(0x1f)
+)
+
+// Error table
+var errorList = [...]struct {
+	num  syscall.Errno
+	name string
+	desc string
+}{
+	{1, "EPERM", "operation not permitted"},
+	{2, "ENOENT", "no such file or directory"},
+	{3, "ESRCH", "no such process"},
+	{4, "EINTR", "interrupted system call"},
+	{5, "EIO", "input/output error"},
+	{6, "ENXIO", "no such device or address"},
+	{7, "E2BIG", "argument list too long"},
+	{8, "ENOEXEC", "exec format error"},
+	{9, "EBADF", "bad file descriptor"},
+	{10, "ECHILD", "no child processes"},
+	{11, "EAGAIN", "resource temporarily unavailable"},
+	{12, "ENOMEM", "cannot allocate memory"},
+	{13, "EACCES", "permission denied"},
+	{14, "EFAULT", "bad address"},
+	{15, "ENOTBLK", "block device required"},
+	{16, "EBUSY", "device or resource busy"},
+	{17, "EEXIST", "file exists"},
+	{18, "EXDEV", "invalid cross-device link"},
+	{19, "ENODEV", "no such device"},
+	{20, "ENOTDIR", "not a directory"},
+	{21, "EISDIR", "is a directory"},
+	{22, "EINVAL", "invalid argument"},
+	{23, "ENFILE", "too many open files in system"},
+	{24, "EMFILE", "too many open files"},
+	{25, "ENOTTY", "inappropriate ioctl for device"},
+	{26, "ETXTBSY", "text file busy"},
+	{27, "EFBIG", "file too large"},
+	{28, "ENOSPC", "no space left on device"},
+	{29, "ESPIPE", "illegal seek"},
+	{30, "EROFS", "read-only file system"},
+	{31, "EMLINK", "too many links"},
+	{32, "EPIPE", "broken pipe"},
+	{33, "EDOM", "numerical argument out of domain"},
+	{34, "ERANGE", "numerical result out of range"},
+	{35, "ENOMSG", "no message of desired type"},
+	{36, "EIDRM", "identifier removed"},
+	{37, "ECHRNG", "channel number out of range"},
+	{38, "EL2NSYNC", "level 2 not synchronized"},
+	{39, "EL3HLT", "level 3 halted"},
+	{40, "EL3RST", "level 3 reset"},
+	{41, "ELNRNG", "link number out of range"},
+	{42, "EUNATCH", "protocol driver not attached"},
+	{43, "ENOCSI", "no CSI structure available"},
+	{44, "EL2HLT", "level 2 halted"},
+	{45, "EDEADLK", "resource deadlock avoided"},
+	{46, "ENOLCK", "no locks available"},
+	{50, "EBADE", "invalid exchange"},
+	{51, "EBADR", "invalid request descriptor"},
+	{52, "EXFULL", "exchange full"},
+	{53, "ENOANO", "no anode"},
+	{54, "EBADRQC", "invalid request code"},
+	{55, "EBADSLT", "invalid slot"},
+	{56, "EDEADLOCK", "file locking deadlock error"},
+	{59, "EBFONT", "bad font file format"},
+	{60, "ENOSTR", "device not a stream"},
+	{61, "ENODATA", "no data available"},
+	{62, "ETIME", "timer expired"},
+	{63, "ENOSR", "out of streams resources"},
+	{64, "ENONET", "machine is not on the network"},
+	{65, "ENOPKG", "package not installed"},
+	{66, "EREMOTE", "object is remote"},
+	{67, "ENOLINK", "link has been severed"},
+	{68, "EADV", "advertise error"},
+	{69, "ESRMNT", "srmount error"},
+	{70, "ECOMM", "communication error on send"},
+	{71, "EPROTO", "protocol error"},
+	{73, "EDOTDOT", "RFS specific error"},
+	{74, "EMULTIHOP", "multihop attempted"},
+	{77, "EBADMSG", "bad message"},
+	{78, "ENAMETOOLONG", "file name too long"},
+	{79, "EOVERFLOW", "value too large for defined data type"},
+	{80, "ENOTUNIQ", "name not unique on network"},
+	{81, "EBADFD", "file descriptor in bad state"},
+	{82, "EREMCHG", "remote address changed"},
+	{83, "ELIBACC", "can not access a needed shared library"},
+	{84, "ELIBBAD", "accessing a corrupted shared library"},
+	{85, "ELIBSCN", ".lib section in a.out corrupted"},
+	{86, "ELIBMAX", "attempting to link in too many shared libraries"},
+	{87, "ELIBEXEC", "cannot exec a shared library directly"},
+	{88, "EILSEQ", "invalid or incomplete multibyte or wide character"},
+	{89, "ENOSYS", "function not implemented"},
+	{90, "ELOOP", "too many levels of symbolic links"},
+	{91, "ERESTART", "interrupted system call should be restarted"},
+	{92, "ESTRPIPE", "streams pipe error"},
+	{93, "ENOTEMPTY", "directory not empty"},
+	{94, "EUSERS", "too many users"},
+	{95, "ENOTSOCK", "socket operation on non-socket"},
+	{96, "EDESTADDRREQ", "destination address required"},
+	{97, "EMSGSIZE", "message too long"},
+	{98, "EPROTOTYPE", "protocol wrong type for socket"},
+	{99, "ENOPROTOOPT", "protocol not available"},
+	{120, "EPROTONOSUPPORT", "protocol not supported"},
+	{121, "ESOCKTNOSUPPORT", "socket type not supported"},
+	{122, "ENOTSUP", "operation not supported"},
+	{123, "EPFNOSUPPORT", "protocol family not supported"},
+	{124, "EAFNOSUPPORT", "address family not supported by protocol"},
+	{125, "EADDRINUSE", "address already in use"},
+	{126, "EADDRNOTAVAIL", "cannot assign requested address"},
+	{127, "ENETDOWN", "network is down"},
+	{128, "ENETUNREACH", "network is unreachable"},
+	{129, "ENETRESET", "network dropped connection on reset"},
+	{130, "ECONNABORTED", "software caused connection abort"},
+	{131, "ECONNRESET", "connection reset by peer"},
+	{132, "ENOBUFS", "no buffer space available"},
+	{133, "EISCONN", "transport endpoint is already connected"},
+	{134, "ENOTCONN", "transport endpoint is not connected"},
+	{135, "EUCLEAN", "structure needs cleaning"},
+	{137, "ENOTNAM", "not a XENIX named type file"},
+	{138, "ENAVAIL", "no XENIX semaphores available"},
+	{139, "EISNAM", "is a named type file"},
+	{140, "EREMOTEIO", "remote I/O error"},
+	{141, "EINIT", "unknown error 141"},
+	{142, "EREMDEV", "unknown error 142"},
+	{143, "ESHUTDOWN", "cannot send after transport endpoint shutdown"},
+	{144, "ETOOMANYREFS", "too many references: cannot splice"},
+	{145, "ETIMEDOUT", "connection timed out"},
+	{146, "ECONNREFUSED", "connection refused"},
+	{147, "EHOSTDOWN", "host is down"},
+	{148, "EHOSTUNREACH", "no route to host"},
+	{149, "EALREADY", "operation already in progress"},
+	{150, "EINPROGRESS", "operation now in progress"},
+	{151, "ESTALE", "stale file handle"},
+	{158, "ECANCELED", "operation canceled"},
+	{159, "ENOMEDIUM", "no medium found"},
+	{160, "EMEDIUMTYPE", "wrong medium type"},
+	{161, "ENOKEY", "required key not available"},
+	{162, "EKEYEXPIRED", "key has expired"},
+	{163, "EKEYREVOKED", "key has been revoked"},
+	{164, "EKEYREJECTED", "key was rejected by service"},
+	{165, "EOWNERDEAD", "owner died"},
+	{166, "ENOTRECOVERABLE", "state not recoverable"},
+	{167, "ERFKILL", "operation not possible due to RF-kill"},
+	{168, "EHWPOISON", "memory page has hardware error"},
+	{1133, "EDQUOT", "disk quota exceeded"},
+}
+
+// Signal table
+var signalList = [...]struct {
+	num  syscall.Signal
+	name string
+	desc string
+}{
+	{1, "SIGHUP", "hangup"},
+	{2, "SIGINT", "interrupt"},
+	{3, "SIGQUIT", "quit"},
+	{4, "SIGILL", "illegal instruction"},
+	{5, "SIGTRAP", "trace/breakpoint trap"},
+	{6, "SIGABRT", "aborted"},
+	{7, "SIGEMT", "EMT trap"},
+	{8, "SIGFPE", "floating point exception"},
+	{9, "SIGKILL", "killed"},
+	{10, "SIGBUS", "bus error"},
+	{11, "SIGSEGV", "segmentation fault"},
+	{12, "SIGSYS", "bad system call"},
+	{13, "SIGPIPE", "broken pipe"},
+	{14, "SIGALRM", "alarm clock"},
+	{15, "SIGTERM", "terminated"},
+	{16, "SIGUSR1", "user defined signal 1"},
+	{17, "SIGUSR2", "user defined signal 2"},
+	{18, "SIGCHLD", "child exited"},
+	{19, "SIGPWR", "power failure"},
+	{20, "SIGWINCH", "window changed"},
+	{21, "SIGURG", "urgent I/O condition"},
+	{22, "SIGIO", "I/O possible"},
+	{23, "SIGSTOP", "stopped (signal)"},
+	{24, "SIGTSTP", "stopped"},
+	{25, "SIGCONT", "continued"},
+	{26, "SIGTTIN", "stopped (tty input)"},
+	{27, "SIGTTOU", "stopped (tty output)"},
+	{28, "SIGVTALRM", "virtual timer expired"},
+	{29, "SIGPROF", "profiling timer expired"},
+	{30, "SIGXCPU", "CPU time limit exceeded"},
+	{31, "SIGXFSZ", "file size limit exceeded"},
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
new file mode 100644
index 000000000..7a85215ce
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
@@ -0,0 +1,797 @@
+// mkerrors.sh -Wall -Werror -static -I/tmp/include
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build mips64,linux
+
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include _const.go
+
+package unix
+
+import "syscall"
+
+const (
+	B1000000                         = 0x1008
+	B115200                          = 0x1002
+	B1152000                         = 0x1009
+	B1500000                         = 0x100a
+	B2000000                         = 0x100b
+	B230400                          = 0x1003
+	B2500000                         = 0x100c
+	B3000000                         = 0x100d
+	B3500000                         = 0x100e
+	B4000000                         = 0x100f
+	B460800                          = 0x1004
+	B500000                          = 0x1005
+	B57600                           = 0x1001
+	B576000                          = 0x1006
+	B921600                          = 0x1007
+	BLKBSZGET                        = 0x40081270
+	BLKBSZSET                        = 0x80081271
+	BLKFLSBUF                        = 0x20001261
+	BLKFRAGET                        = 0x20001265
+	BLKFRASET                        = 0x20001264
+	BLKGETSIZE                       = 0x20001260
+	BLKGETSIZE64                     = 0x40081272
+	BLKPBSZGET                       = 0x2000127b
+	BLKRAGET                         = 0x20001263
+	BLKRASET                         = 0x20001262
+	BLKROGET                         = 0x2000125e
+	BLKROSET                         = 0x2000125d
+	BLKRRPART                        = 0x2000125f
+	BLKSECTGET                       = 0x20001267
+	BLKSECTSET                       = 0x20001266
+	BLKSSZGET                        = 0x20001268
+	BOTHER                           = 0x1000
+	BS1                              = 0x2000
+	BSDLY                            = 0x2000
+	CBAUD                            = 0x100f
+	CBAUDEX                          = 0x1000
+	CIBAUD                           = 0x100f0000
+	CLOCAL                           = 0x800
+	CR1                              = 0x200
+	CR2                              = 0x400
+	CR3                              = 0x600
+	CRDLY                            = 0x600
+	CREAD                            = 0x80
+	CS6                              = 0x10
+	CS7                              = 0x20
+	CS8                              = 0x30
+	CSIZE                            = 0x30
+	CSTOPB                           = 0x40
+	ECHOCTL                          = 0x200
+	ECHOE                            = 0x10
+	ECHOK                            = 0x20
+	ECHOKE                           = 0x800
+	ECHONL                           = 0x40
+	ECHOPRT                          = 0x400
+	EFD_CLOEXEC                      = 0x80000
+	EFD_NONBLOCK                     = 0x80
+	EPOLL_CLOEXEC                    = 0x80000
+	EXTPROC                          = 0x10000
+	FF1                              = 0x8000
+	FFDLY                            = 0x8000
+	FICLONE                          = 0x80049409
+	FICLONERANGE                     = 0x8020940d
+	FLUSHO                           = 0x2000
+	FS_IOC_ENABLE_VERITY             = 0x80806685
+	FS_IOC_GETFLAGS                  = 0x40086601
+	FS_IOC_GET_ENCRYPTION_NONCE      = 0x4010661b
+	FS_IOC_GET_ENCRYPTION_POLICY     = 0x800c6615
+	FS_IOC_GET_ENCRYPTION_PWSALT     = 0x80106614
+	FS_IOC_SETFLAGS                  = 0x80086602
+	FS_IOC_SET_ENCRYPTION_POLICY     = 0x400c6613
+	F_GETLK                          = 0xe
+	F_GETLK64                        = 0xe
+	F_GETOWN                         = 0x17
+	F_RDLCK                          = 0x0
+	F_SETLK                          = 0x6
+	F_SETLK64                        = 0x6
+	F_SETLKW                         = 0x7
+	F_SETLKW64                       = 0x7
+	F_SETOWN                         = 0x18
+	F_UNLCK                          = 0x2
+	F_WRLCK                          = 0x1
+	HUPCL                            = 0x400
+	ICANON                           = 0x2
+	IEXTEN                           = 0x100
+	IN_CLOEXEC                       = 0x80000
+	IN_NONBLOCK                      = 0x80
+	IOCTL_VM_SOCKETS_GET_LOCAL_CID   = 0x200007b9
+	ISIG                             = 0x1
+	IUCLC                            = 0x200
+	IXOFF                            = 0x1000
+	IXON                             = 0x400
+	MAP_ANON                         = 0x800
+	MAP_ANONYMOUS                    = 0x800
+	MAP_DENYWRITE                    = 0x2000
+	MAP_EXECUTABLE                   = 0x4000
+	MAP_GROWSDOWN                    = 0x1000
+	MAP_HUGETLB                      = 0x80000
+	MAP_LOCKED                       = 0x8000
+	MAP_NONBLOCK                     = 0x20000
+	MAP_NORESERVE                    = 0x400
+	MAP_POPULATE                     = 0x10000
+	MAP_RENAME                       = 0x800
+	MAP_STACK                        = 0x40000
+	MCL_CURRENT                      = 0x1
+	MCL_FUTURE                       = 0x2
+	MCL_ONFAULT                      = 0x4
+	NFDBITS                          = 0x40
+	NLDLY                            = 0x100
+	NOFLSH                           = 0x80
+	NS_GET_NSTYPE                    = 0x2000b703
+	NS_GET_OWNER_UID                 = 0x2000b704
+	NS_GET_PARENT                    = 0x2000b702
+	NS_GET_USERNS                    = 0x2000b701
+	OLCUC                            = 0x2
+	ONLCR                            = 0x4
+	O_APPEND                         = 0x8
+	O_ASYNC                          = 0x1000
+	O_CLOEXEC                        = 0x80000
+	O_CREAT                          = 0x100
+	O_DIRECT                         = 0x8000
+	O_DIRECTORY                      = 0x10000
+	O_DSYNC                          = 0x10
+	O_EXCL                           = 0x400
+	O_FSYNC                          = 0x4010
+	O_LARGEFILE                      = 0x0
+	O_NDELAY                         = 0x80
+	O_NOATIME                        = 0x40000
+	O_NOCTTY                         = 0x800
+	O_NOFOLLOW                       = 0x20000
+	O_NONBLOCK                       = 0x80
+	O_PATH                           = 0x200000
+	O_RSYNC                          = 0x4010
+	O_SYNC                           = 0x4010
+	O_TMPFILE                        = 0x410000
+	O_TRUNC                          = 0x200
+	PARENB                           = 0x100
+	PARODD                           = 0x200
+	PENDIN                           = 0x4000
+	PERF_EVENT_IOC_DISABLE           = 0x20002401
+	PERF_EVENT_IOC_ENABLE            = 0x20002400
+	PERF_EVENT_IOC_ID                = 0x40082407
+	PERF_EVENT_IOC_MODIFY_ATTRIBUTES = 0x8008240b
+	PERF_EVENT_IOC_PAUSE_OUTPUT      = 0x80042409
+	PERF_EVENT_IOC_PERIOD            = 0x80082404
+	PERF_EVENT_IOC_QUERY_BPF         = 0xc008240a
+	PERF_EVENT_IOC_REFRESH           = 0x20002402
+	PERF_EVENT_IOC_RESET             = 0x20002403
+	PERF_EVENT_IOC_SET_BPF           = 0x80042408
+	PERF_EVENT_IOC_SET_FILTER        = 0x80082406
+	PERF_EVENT_IOC_SET_OUTPUT        = 0x20002405
+	PPPIOCATTACH                     = 0x8004743d
+	PPPIOCATTCHAN                    = 0x80047438
+	PPPIOCCONNECT                    = 0x8004743a
+	PPPIOCDETACH                     = 0x8004743c
+	PPPIOCDISCONN                    = 0x20007439
+	PPPIOCGASYNCMAP                  = 0x40047458
+	PPPIOCGCHAN                      = 0x40047437
+	PPPIOCGDEBUG                     = 0x40047441
+	PPPIOCGFLAGS                     = 0x4004745a
+	PPPIOCGIDLE                      = 0x4010743f
+	PPPIOCGIDLE32                    = 0x4008743f
+	PPPIOCGIDLE64                    = 0x4010743f
+	PPPIOCGL2TPSTATS                 = 0x40487436
+	PPPIOCGMRU                       = 0x40047453
+	PPPIOCGRASYNCMAP                 = 0x40047455
+	PPPIOCGUNIT                      = 0x40047456
+	PPPIOCGXASYNCMAP                 = 0x40207450
+	PPPIOCSACTIVE                    = 0x80107446
+	PPPIOCSASYNCMAP                  = 0x80047457
+	PPPIOCSCOMPRESS                  = 0x8010744d
+	PPPIOCSDEBUG                     = 0x80047440
+	PPPIOCSFLAGS                     = 0x80047459
+	PPPIOCSMAXCID                    = 0x80047451
+	PPPIOCSMRRU                      = 0x8004743b
+	PPPIOCSMRU                       = 0x80047452
+	PPPIOCSNPMODE                    = 0x8008744b
+	PPPIOCSPASS                      = 0x80107447
+	PPPIOCSRASYNCMAP                 = 0x80047454
+	PPPIOCSXASYNCMAP                 = 0x8020744f
+	PPPIOCXFERUNIT                   = 0x2000744e
+	PR_SET_PTRACER_ANY               = 0xffffffffffffffff
+	PTRACE_GETFPREGS                 = 0xe
+	PTRACE_GET_THREAD_AREA           = 0x19
+	PTRACE_GET_THREAD_AREA_3264      = 0xc4
+	PTRACE_GET_WATCH_REGS            = 0xd0
+	PTRACE_OLDSETOPTIONS             = 0x15
+	PTRACE_PEEKDATA_3264             = 0xc1
+	PTRACE_PEEKTEXT_3264             = 0xc0
+	PTRACE_POKEDATA_3264             = 0xc3
+	PTRACE_POKETEXT_3264             = 0xc2
+	PTRACE_SETFPREGS                 = 0xf
+	PTRACE_SET_THREAD_AREA           = 0x1a
+	PTRACE_SET_WATCH_REGS            = 0xd1
+	RLIMIT_AS                        = 0x6
+	RLIMIT_MEMLOCK                   = 0x9
+	RLIMIT_NOFILE                    = 0x5
+	RLIMIT_NPROC                     = 0x8
+	RLIMIT_RSS                       = 0x7
+	RNDADDENTROPY                    = 0x80085203
+	RNDADDTOENTCNT                   = 0x80045201
+	RNDCLEARPOOL                     = 0x20005206
+	RNDGETENTCNT                     = 0x40045200
+	RNDGETPOOL                       = 0x40085202
+	RNDRESEEDCRNG                    = 0x20005207
+	RNDZAPENTCNT                     = 0x20005204
+	RTC_AIE_OFF                      = 0x20007002
+	RTC_AIE_ON                       = 0x20007001
+	RTC_ALM_READ                     = 0x40247008
+	RTC_ALM_SET                      = 0x80247007
+	RTC_EPOCH_READ                   = 0x4008700d
+	RTC_EPOCH_SET                    = 0x8008700e
+	RTC_IRQP_READ                    = 0x4008700b
+	RTC_IRQP_SET                     = 0x8008700c
+	RTC_PIE_OFF                      = 0x20007006
+	RTC_PIE_ON                       = 0x20007005
+	RTC_PLL_GET                      = 0x40207011
+	RTC_PLL_SET                      = 0x80207012
+	RTC_RD_TIME                      = 0x40247009
+	RTC_SET_TIME                     = 0x8024700a
+	RTC_UIE_OFF                      = 0x20007004
+	RTC_UIE_ON                       = 0x20007003
+	RTC_VL_CLR                       = 0x20007014
+	RTC_VL_READ                      = 0x40047013
+	RTC_WIE_OFF                      = 0x20007010
+	RTC_WIE_ON                       = 0x2000700f
+	RTC_WKALM_RD                     = 0x40287010
+	RTC_WKALM_SET                    = 0x8028700f
+	SCM_TIMESTAMPING                 = 0x25
+	SCM_TIMESTAMPING_OPT_STATS       = 0x36
+	SCM_TIMESTAMPING_PKTINFO         = 0x3a
+	SCM_TIMESTAMPNS                  = 0x23
+	SCM_TXTIME                       = 0x3d
+	SCM_WIFI_STATUS                  = 0x29
+	SFD_CLOEXEC                      = 0x80000
+	SFD_NONBLOCK                     = 0x80
+	SIOCATMARK                       = 0x40047307
+	SIOCGPGRP                        = 0x40047309
+	SIOCGSTAMPNS_NEW                 = 0x40108907
+	SIOCGSTAMP_NEW                   = 0x40108906
+	SIOCINQ                          = 0x467f
+	SIOCOUTQ                         = 0x7472
+	SIOCSPGRP                        = 0x80047308
+	SOCK_CLOEXEC                     = 0x80000
+	SOCK_DGRAM                       = 0x1
+	SOCK_NONBLOCK                    = 0x80
+	SOCK_STREAM                      = 0x2
+	SOL_SOCKET                       = 0xffff
+	SO_ACCEPTCONN                    = 0x1009
+	SO_ATTACH_BPF                    = 0x32
+	SO_ATTACH_REUSEPORT_CBPF         = 0x33
+	SO_ATTACH_REUSEPORT_EBPF         = 0x34
+	SO_BINDTODEVICE                  = 0x19
+	SO_BINDTOIFINDEX                 = 0x3e
+	SO_BPF_EXTENSIONS                = 0x30
+	SO_BROADCAST                     = 0x20
+	SO_BSDCOMPAT                     = 0xe
+	SO_BUSY_POLL                     = 0x2e
+	SO_CNX_ADVICE                    = 0x35
+	SO_COOKIE                        = 0x39
+	SO_DETACH_REUSEPORT_BPF          = 0x44
+	SO_DOMAIN                        = 0x1029
+	SO_DONTROUTE                     = 0x10
+	SO_ERROR                         = 0x1007
+	SO_INCOMING_CPU                  = 0x31
+	SO_INCOMING_NAPI_ID              = 0x38
+	SO_KEEPALIVE                     = 0x8
+	SO_LINGER                        = 0x80
+	SO_LOCK_FILTER                   = 0x2c
+	SO_MARK                          = 0x24
+	SO_MAX_PACING_RATE               = 0x2f
+	SO_MEMINFO                       = 0x37
+	SO_NOFCS                         = 0x2b
+	SO_OOBINLINE                     = 0x100
+	SO_PASSCRED                      = 0x11
+	SO_PASSSEC                       = 0x22
+	SO_PEEK_OFF                      = 0x2a
+	SO_PEERCRED                      = 0x12
+	SO_PEERGROUPS                    = 0x3b
+	SO_PEERSEC                       = 0x1e
+	SO_PROTOCOL                      = 0x1028
+	SO_RCVBUF                        = 0x1002
+	SO_RCVBUFFORCE                   = 0x21
+	SO_RCVLOWAT                      = 0x1004
+	SO_RCVTIMEO                      = 0x1006
+	SO_RCVTIMEO_NEW                  = 0x42
+	SO_RCVTIMEO_OLD                  = 0x1006
+	SO_REUSEADDR                     = 0x4
+	SO_REUSEPORT                     = 0x200
+	SO_RXQ_OVFL                      = 0x28
+	SO_SECURITY_AUTHENTICATION       = 0x16
+	SO_SECURITY_ENCRYPTION_NETWORK   = 0x18
+	SO_SECURITY_ENCRYPTION_TRANSPORT = 0x17
+	SO_SELECT_ERR_QUEUE              = 0x2d
+	SO_SNDBUF                        = 0x1001
+	SO_SNDBUFFORCE                   = 0x1f
+	SO_SNDLOWAT                      = 0x1003
+	SO_SNDTIMEO                      = 0x1005
+	SO_SNDTIMEO_NEW                  = 0x43
+	SO_SNDTIMEO_OLD                  = 0x1005
+	SO_STYLE                         = 0x1008
+	SO_TIMESTAMPING                  = 0x25
+	SO_TIMESTAMPING_NEW              = 0x41
+	SO_TIMESTAMPING_OLD              = 0x25
+	SO_TIMESTAMPNS                   = 0x23
+	SO_TIMESTAMPNS_NEW               = 0x40
+	SO_TIMESTAMPNS_OLD               = 0x23
+	SO_TIMESTAMP_NEW                 = 0x3f
+	SO_TXTIME                        = 0x3d
+	SO_TYPE                          = 0x1008
+	SO_WIFI_STATUS                   = 0x29
+	SO_ZEROCOPY                      = 0x3c
+	TAB1                             = 0x800
+	TAB2                             = 0x1000
+	TAB3                             = 0x1800
+	TABDLY                           = 0x1800
+	TCFLSH                           = 0x5407
+	TCGETA                           = 0x5401
+	TCGETS                           = 0x540d
+	TCGETS2                          = 0x4030542a
+	TCSAFLUSH                        = 0x5410
+	TCSBRK                           = 0x5405
+	TCSBRKP                          = 0x5486
+	TCSETA                           = 0x5402
+	TCSETAF                          = 0x5404
+	TCSETAW                          = 0x5403
+	TCSETS                           = 0x540e
+	TCSETS2                          = 0x8030542b
+	TCSETSF                          = 0x5410
+	TCSETSF2                         = 0x8030542d
+	TCSETSW                          = 0x540f
+	TCSETSW2                         = 0x8030542c
+	TCXONC                           = 0x5406
+	TFD_CLOEXEC                      = 0x80000
+	TFD_NONBLOCK                     = 0x80
+	TIOCCBRK                         = 0x5428
+	TIOCCONS                         = 0x80047478
+	TIOCEXCL                         = 0x740d
+	TIOCGDEV                         = 0x40045432
+	TIOCGETD                         = 0x7400
+	TIOCGETP                         = 0x7408
+	TIOCGEXCL                        = 0x40045440
+	TIOCGICOUNT                      = 0x5492
+	TIOCGISO7816                     = 0x40285442
+	TIOCGLCKTRMIOS                   = 0x548b
+	TIOCGLTC                         = 0x7474
+	TIOCGPGRP                        = 0x40047477
+	TIOCGPKT                         = 0x40045438
+	TIOCGPTLCK                       = 0x40045439
+	TIOCGPTN                         = 0x40045430
+	TIOCGPTPEER                      = 0x20005441
+	TIOCGRS485                       = 0x4020542e
+	TIOCGSERIAL                      = 0x5484
+	TIOCGSID                         = 0x7416
+	TIOCGSOFTCAR                     = 0x5481
+	TIOCGWINSZ                       = 0x40087468
+	TIOCINQ                          = 0x467f
+	TIOCLINUX                        = 0x5483
+	TIOCMBIC                         = 0x741c
+	TIOCMBIS                         = 0x741b
+	TIOCMGET                         = 0x741d
+	TIOCMIWAIT                       = 0x5491
+	TIOCMSET                         = 0x741a
+	TIOCM_CAR                        = 0x100
+	TIOCM_CD                         = 0x100
+	TIOCM_CTS                        = 0x40
+	TIOCM_DSR                        = 0x400
+	TIOCM_RI                         = 0x200
+	TIOCM_RNG                        = 0x200
+	TIOCM_SR                         = 0x20
+	TIOCM_ST                         = 0x10
+	TIOCNOTTY                        = 0x5471
+	TIOCNXCL                         = 0x740e
+	TIOCOUTQ                         = 0x7472
+	TIOCPKT                          = 0x5470
+	TIOCSBRK                         = 0x5427
+	TIOCSCTTY                        = 0x5480
+	TIOCSERCONFIG                    = 0x5488
+	TIOCSERGETLSR                    = 0x548e
+	TIOCSERGETMULTI                  = 0x548f
+	TIOCSERGSTRUCT                   = 0x548d
+	TIOCSERGWILD                     = 0x5489
+	TIOCSERSETMULTI                  = 0x5490
+	TIOCSERSWILD                     = 0x548a
+	TIOCSER_TEMT                     = 0x1
+	TIOCSETD                         = 0x7401
+	TIOCSETN                         = 0x740a
+	TIOCSETP                         = 0x7409
+	TIOCSIG                          = 0x80045436
+	TIOCSISO7816                     = 0xc0285443
+	TIOCSLCKTRMIOS                   = 0x548c
+	TIOCSLTC                         = 0x7475
+	TIOCSPGRP                        = 0x80047476
+	TIOCSPTLCK                       = 0x80045431
+	TIOCSRS485                       = 0xc020542f
+	TIOCSSERIAL                      = 0x5485
+	TIOCSSOFTCAR                     = 0x5482
+	TIOCSTI                          = 0x5472
+	TIOCSWINSZ                       = 0x80087467
+	TIOCVHANGUP                      = 0x5437
+	TOSTOP                           = 0x8000
+	TUNATTACHFILTER                  = 0x801054d5
+	TUNDETACHFILTER                  = 0x801054d6
+	TUNGETDEVNETNS                   = 0x200054e3
+	TUNGETFEATURES                   = 0x400454cf
+	TUNGETFILTER                     = 0x401054db
+	TUNGETIFF                        = 0x400454d2
+	TUNGETSNDBUF                     = 0x400454d3
+	TUNGETVNETBE                     = 0x400454df
+	TUNGETVNETHDRSZ                  = 0x400454d7
+	TUNGETVNETLE                     = 0x400454dd
+	TUNSETCARRIER                    = 0x800454e2
+	TUNSETDEBUG                      = 0x800454c9
+	TUNSETFILTEREBPF                 = 0x400454e1
+	TUNSETGROUP                      = 0x800454ce
+	TUNSETIFF                        = 0x800454ca
+	TUNSETIFINDEX                    = 0x800454da
+	TUNSETLINK                       = 0x800454cd
+	TUNSETNOCSUM                     = 0x800454c8
+	TUNSETOFFLOAD                    = 0x800454d0
+	TUNSETOWNER                      = 0x800454cc
+	TUNSETPERSIST                    = 0x800454cb
+	TUNSETQUEUE                      = 0x800454d9
+	TUNSETSNDBUF                     = 0x800454d4
+	TUNSETSTEERINGEBPF               = 0x400454e0
+	TUNSETTXFILTER                   = 0x800454d1
+	TUNSETVNETBE                     = 0x800454de
+	TUNSETVNETHDRSZ                  = 0x800454d8
+	TUNSETVNETLE                     = 0x800454dc
+	UBI_IOCATT                       = 0x80186f40
+	UBI_IOCDET                       = 0x80046f41
+	UBI_IOCEBCH                      = 0x80044f02
+	UBI_IOCEBER                      = 0x80044f01
+	UBI_IOCEBISMAP                   = 0x40044f05
+	UBI_IOCEBMAP                     = 0x80084f03
+	UBI_IOCEBUNMAP                   = 0x80044f04
+	UBI_IOCMKVOL                     = 0x80986f00
+	UBI_IOCRMVOL                     = 0x80046f01
+	UBI_IOCRNVOL                     = 0x91106f03
+	UBI_IOCRPEB                      = 0x80046f04
+	UBI_IOCRSVOL                     = 0x800c6f02
+	UBI_IOCSETVOLPROP                = 0x80104f06
+	UBI_IOCSPEB                      = 0x80046f05
+	UBI_IOCVOLCRBLK                  = 0x80804f07
+	UBI_IOCVOLRMBLK                  = 0x20004f08
+	UBI_IOCVOLUP                     = 0x80084f00
+	VDISCARD                         = 0xd
+	VEOF                             = 0x10
+	VEOL                             = 0x11
+	VEOL2                            = 0x6
+	VMIN                             = 0x4
+	VREPRINT                         = 0xc
+	VSTART                           = 0x8
+	VSTOP                            = 0x9
+	VSUSP                            = 0xa
+	VSWTC                            = 0x7
+	VSWTCH                           = 0x7
+	VT1                              = 0x4000
+	VTDLY                            = 0x4000
+	VTIME                            = 0x5
+	VWERASE                          = 0xe
+	WDIOC_GETBOOTSTATUS              = 0x40045702
+	WDIOC_GETPRETIMEOUT              = 0x40045709
+	WDIOC_GETSTATUS                  = 0x40045701
+	WDIOC_GETSUPPORT                 = 0x40285700
+	WDIOC_GETTEMP                    = 0x40045703
+	WDIOC_GETTIMELEFT                = 0x4004570a
+	WDIOC_GETTIMEOUT                 = 0x40045707
+	WDIOC_KEEPALIVE                  = 0x40045705
+	WDIOC_SETOPTIONS                 = 0x40045704
+	WORDSIZE                         = 0x40
+	XCASE                            = 0x4
+	XTABS                            = 0x1800
+)
+
+// Errors
+const (
+	EADDRINUSE      = syscall.Errno(0x7d)
+	EADDRNOTAVAIL   = syscall.Errno(0x7e)
+	EADV            = syscall.Errno(0x44)
+	EAFNOSUPPORT    = syscall.Errno(0x7c)
+	EALREADY        = syscall.Errno(0x95)
+	EBADE           = syscall.Errno(0x32)
+	EBADFD          = syscall.Errno(0x51)
+	EBADMSG         = syscall.Errno(0x4d)
+	EBADR           = syscall.Errno(0x33)
+	EBADRQC         = syscall.Errno(0x36)
+	EBADSLT         = syscall.Errno(0x37)
+	EBFONT          = syscall.Errno(0x3b)
+	ECANCELED       = syscall.Errno(0x9e)
+	ECHRNG          = syscall.Errno(0x25)
+	ECOMM           = syscall.Errno(0x46)
+	ECONNABORTED    = syscall.Errno(0x82)
+	ECONNREFUSED    = syscall.Errno(0x92)
+	ECONNRESET      = syscall.Errno(0x83)
+	EDEADLK         = syscall.Errno(0x2d)
+	EDEADLOCK       = syscall.Errno(0x38)
+	EDESTADDRREQ    = syscall.Errno(0x60)
+	EDOTDOT         = syscall.Errno(0x49)
+	EDQUOT          = syscall.Errno(0x46d)
+	EHOSTDOWN       = syscall.Errno(0x93)
+	EHOSTUNREACH    = syscall.Errno(0x94)
+	EHWPOISON       = syscall.Errno(0xa8)
+	EIDRM           = syscall.Errno(0x24)
+	EILSEQ          = syscall.Errno(0x58)
+	EINIT           = syscall.Errno(0x8d)
+	EINPROGRESS     = syscall.Errno(0x96)
+	EISCONN         = syscall.Errno(0x85)
+	EISNAM          = syscall.Errno(0x8b)
+	EKEYEXPIRED     = syscall.Errno(0xa2)
+	EKEYREJECTED    = syscall.Errno(0xa4)
+	EKEYREVOKED     = syscall.Errno(0xa3)
+	EL2HLT          = syscall.Errno(0x2c)
+	EL2NSYNC        = syscall.Errno(0x26)
+	EL3HLT          = syscall.Errno(0x27)
+	EL3RST          = syscall.Errno(0x28)
+	ELIBACC         = syscall.Errno(0x53)
+	ELIBBAD         = syscall.Errno(0x54)
+	ELIBEXEC        = syscall.Errno(0x57)
+	ELIBMAX         = syscall.Errno(0x56)
+	ELIBSCN         = syscall.Errno(0x55)
+	ELNRNG          = syscall.Errno(0x29)
+	ELOOP           = syscall.Errno(0x5a)
+	EMEDIUMTYPE     = syscall.Errno(0xa0)
+	EMSGSIZE        = syscall.Errno(0x61)
+	EMULTIHOP       = syscall.Errno(0x4a)
+	ENAMETOOLONG    = syscall.Errno(0x4e)
+	ENAVAIL         = syscall.Errno(0x8a)
+	ENETDOWN        = syscall.Errno(0x7f)
+	ENETRESET       = syscall.Errno(0x81)
+	ENETUNREACH     = syscall.Errno(0x80)
+	ENOANO          = syscall.Errno(0x35)
+	ENOBUFS         = syscall.Errno(0x84)
+	ENOCSI          = syscall.Errno(0x2b)
+	ENODATA         = syscall.Errno(0x3d)
+	ENOKEY          = syscall.Errno(0xa1)
+	ENOLCK          = syscall.Errno(0x2e)
+	ENOLINK         = syscall.Errno(0x43)
+	ENOMEDIUM       = syscall.Errno(0x9f)
+	ENOMSG          = syscall.Errno(0x23)
+	ENONET          = syscall.Errno(0x40)
+	ENOPKG          = syscall.Errno(0x41)
+	ENOPROTOOPT     = syscall.Errno(0x63)
+	ENOSR           = syscall.Errno(0x3f)
+	ENOSTR          = syscall.Errno(0x3c)
+	ENOSYS          = syscall.Errno(0x59)
+	ENOTCONN        = syscall.Errno(0x86)
+	ENOTEMPTY       = syscall.Errno(0x5d)
+	ENOTNAM         = syscall.Errno(0x89)
+	ENOTRECOVERABLE = syscall.Errno(0xa6)
+	ENOTSOCK        = syscall.Errno(0x5f)
+	ENOTSUP         = syscall.Errno(0x7a)
+	ENOTUNIQ        = syscall.Errno(0x50)
+	EOPNOTSUPP      = syscall.Errno(0x7a)
+	EOVERFLOW       = syscall.Errno(0x4f)
+	EOWNERDEAD      = syscall.Errno(0xa5)
+	EPFNOSUPPORT    = syscall.Errno(0x7b)
+	EPROTO          = syscall.Errno(0x47)
+	EPROTONOSUPPORT = syscall.Errno(0x78)
+	EPROTOTYPE      = syscall.Errno(0x62)
+	EREMCHG         = syscall.Errno(0x52)
+	EREMDEV         = syscall.Errno(0x8e)
+	EREMOTE         = syscall.Errno(0x42)
+	EREMOTEIO       = syscall.Errno(0x8c)
+	ERESTART        = syscall.Errno(0x5b)
+	ERFKILL         = syscall.Errno(0xa7)
+	ESHUTDOWN       = syscall.Errno(0x8f)
+	ESOCKTNOSUPPORT = syscall.Errno(0x79)
+	ESRMNT          = syscall.Errno(0x45)
+	ESTALE          = syscall.Errno(0x97)
+	ESTRPIPE        = syscall.Errno(0x5c)
+	ETIME           = syscall.Errno(0x3e)
+	ETIMEDOUT       = syscall.Errno(0x91)
+	ETOOMANYREFS    = syscall.Errno(0x90)
+	EUCLEAN         = syscall.Errno(0x87)
+	EUNATCH         = syscall.Errno(0x2a)
+	EUSERS          = syscall.Errno(0x5e)
+	EXFULL          = syscall.Errno(0x34)
+)
+
+// Signals
+const (
+	SIGBUS    = syscall.Signal(0xa)
+	SIGCHLD   = syscall.Signal(0x12)
+	SIGCLD    = syscall.Signal(0x12)
+	SIGCONT   = syscall.Signal(0x19)
+	SIGEMT    = syscall.Signal(0x7)
+	SIGIO     = syscall.Signal(0x16)
+	SIGPOLL   = syscall.Signal(0x16)
+	SIGPROF   = syscall.Signal(0x1d)
+	SIGPWR    = syscall.Signal(0x13)
+	SIGSTOP   = syscall.Signal(0x17)
+	SIGSYS    = syscall.Signal(0xc)
+	SIGTSTP   = syscall.Signal(0x18)
+	SIGTTIN   = syscall.Signal(0x1a)
+	SIGTTOU   = syscall.Signal(0x1b)
+	SIGURG    = syscall.Signal(0x15)
+	SIGUSR1   = syscall.Signal(0x10)
+	SIGUSR2   = syscall.Signal(0x11)
+	SIGVTALRM = syscall.Signal(0x1c)
+	SIGWINCH  = syscall.Signal(0x14)
+	SIGXCPU   = syscall.Signal(0x1e)
+	SIGXFSZ   = syscall.Signal(0x1f)
+)
+
+// Error table
+var errorList = [...]struct {
+	num  syscall.Errno
+	name string
+	desc string
+}{
+	{1, "EPERM", "operation not permitted"},
+	{2, "ENOENT", "no such file or directory"},
+	{3, "ESRCH", "no such process"},
+	{4, "EINTR", "interrupted system call"},
+	{5, "EIO", "input/output error"},
+	{6, "ENXIO", "no such device or address"},
+	{7, "E2BIG", "argument list too long"},
+	{8, "ENOEXEC", "exec format error"},
+	{9, "EBADF", "bad file descriptor"},
+	{10, "ECHILD", "no child processes"},
+	{11, "EAGAIN", "resource temporarily unavailable"},
+	{12, "ENOMEM", "cannot allocate memory"},
+	{13, "EACCES", "permission denied"},
+	{14, "EFAULT", "bad address"},
+	{15, "ENOTBLK", "block device required"},
+	{16, "EBUSY", "device or resource busy"},
+	{17, "EEXIST", "file exists"},
+	{18, "EXDEV", "invalid cross-device link"},
+	{19, "ENODEV", "no such device"},
+	{20, "ENOTDIR", "not a directory"},
+	{21, "EISDIR", "is a directory"},
+	{22, "EINVAL", "invalid argument"},
+	{23, "ENFILE", "too many open files in system"},
+	{24, "EMFILE", "too many open files"},
+	{25, "ENOTTY", "inappropriate ioctl for device"},
+	{26, "ETXTBSY", "text file busy"},
+	{27, "EFBIG", "file too large"},
+	{28, "ENOSPC", "no space left on device"},
+	{29, "ESPIPE", "illegal seek"},
+	{30, "EROFS", "read-only file system"},
+	{31, "EMLINK", "too many links"},
+	{32, "EPIPE", "broken pipe"},
+	{33, "EDOM", "numerical argument out of domain"},
+	{34, "ERANGE", "numerical result out of range"},
+	{35, "ENOMSG", "no message of desired type"},
+	{36, "EIDRM", "identifier removed"},
+	{37, "ECHRNG", "channel number out of range"},
+	{38, "EL2NSYNC", "level 2 not synchronized"},
+	{39, "EL3HLT", "level 3 halted"},
+	{40, "EL3RST", "level 3 reset"},
+	{41, "ELNRNG", "link number out of range"},
+	{42, "EUNATCH", "protocol driver not attached"},
+	{43, "ENOCSI", "no CSI structure available"},
+	{44, "EL2HLT", "level 2 halted"},
+	{45, "EDEADLK", "resource deadlock avoided"},
+	{46, "ENOLCK", "no locks available"},
+	{50, "EBADE", "invalid exchange"},
+	{51, "EBADR", "invalid request descriptor"},
+	{52, "EXFULL", "exchange full"},
+	{53, "ENOANO", "no anode"},
+	{54, "EBADRQC", "invalid request code"},
+	{55, "EBADSLT", "invalid slot"},
+	{56, "EDEADLOCK", "file locking deadlock error"},
+	{59, "EBFONT", "bad font file format"},
+	{60, "ENOSTR", "device not a stream"},
+	{61, "ENODATA", "no data available"},
+	{62, "ETIME", "timer expired"},
+	{63, "ENOSR", "out of streams resources"},
+	{64, "ENONET", "machine is not on the network"},
+	{65, "ENOPKG", "package not installed"},
+	{66, "EREMOTE", "object is remote"},
+	{67, "ENOLINK", "link has been severed"},
+	{68, "EADV", "advertise error"},
+	{69, "ESRMNT", "srmount error"},
+	{70, "ECOMM", "communication error on send"},
+	{71, "EPROTO", "protocol error"},
+	{73, "EDOTDOT", "RFS specific error"},
+	{74, "EMULTIHOP", "multihop attempted"},
+	{77, "EBADMSG", "bad message"},
+	{78, "ENAMETOOLONG", "file name too long"},
+	{79, "EOVERFLOW", "value too large for defined data type"},
+	{80, "ENOTUNIQ", "name not unique on network"},
+	{81, "EBADFD", "file descriptor in bad state"},
+	{82, "EREMCHG", "remote address changed"},
+	{83, "ELIBACC", "can not access a needed shared library"},
+	{84, "ELIBBAD", "accessing a corrupted shared library"},
+	{85, "ELIBSCN", ".lib section in a.out corrupted"},
+	{86, "ELIBMAX", "attempting to link in too many shared libraries"},
+	{87, "ELIBEXEC", "cannot exec a shared library directly"},
+	{88, "EILSEQ", "invalid or incomplete multibyte or wide character"},
+	{89, "ENOSYS", "function not implemented"},
+	{90, "ELOOP", "too many levels of symbolic links"},
+	{91, "ERESTART", "interrupted system call should be restarted"},
+	{92, "ESTRPIPE", "streams pipe error"},
+	{93, "ENOTEMPTY", "directory not empty"},
+	{94, "EUSERS", "too many users"},
+	{95, "ENOTSOCK", "socket operation on non-socket"},
+	{96, "EDESTADDRREQ", "destination address required"},
+	{97, "EMSGSIZE", "message too long"},
+	{98, "EPROTOTYPE", "protocol wrong type for socket"},
+	{99, "ENOPROTOOPT", "protocol not available"},
+	{120, "EPROTONOSUPPORT", "protocol not supported"},
+	{121, "ESOCKTNOSUPPORT", "socket type not supported"},
+	{122, "ENOTSUP", "operation not supported"},
+	{123, "EPFNOSUPPORT", "protocol family not supported"},
+	{124, "EAFNOSUPPORT", "address family not supported by protocol"},
+	{125, "EADDRINUSE", "address already in use"},
+	{126, "EADDRNOTAVAIL", "cannot assign requested address"},
+	{127, "ENETDOWN", "network is down"},
+	{128, "ENETUNREACH", "network is unreachable"},
+	{129, "ENETRESET", "network dropped connection on reset"},
+	{130, "ECONNABORTED", "software caused connection abort"},
+	{131, "ECONNRESET", "connection reset by peer"},
+	{132, "ENOBUFS", "no buffer space available"},
+	{133, "EISCONN", "transport endpoint is already connected"},
+	{134, "ENOTCONN", "transport endpoint is not connected"},
+	{135, "EUCLEAN", "structure needs cleaning"},
+	{137, "ENOTNAM", "not a XENIX named type file"},
+	{138, "ENAVAIL", "no XENIX semaphores available"},
+	{139, "EISNAM", "is a named type file"},
+	{140, "EREMOTEIO", "remote I/O error"},
+	{141, "EINIT", "unknown error 141"},
+	{142, "EREMDEV", "unknown error 142"},
+	{143, "ESHUTDOWN", "cannot send after transport endpoint shutdown"},
+	{144, "ETOOMANYREFS", "too many references: cannot splice"},
+	{145, "ETIMEDOUT", "connection timed out"},
+	{146, "ECONNREFUSED", "connection refused"},
+	{147, "EHOSTDOWN", "host is down"},
+	{148, "EHOSTUNREACH", "no route to host"},
+	{149, "EALREADY", "operation already in progress"},
+	{150, "EINPROGRESS", "operation now in progress"},
+	{151, "ESTALE", "stale file handle"},
+	{158, "ECANCELED", "operation canceled"},
+	{159, "ENOMEDIUM", "no medium found"},
+	{160, "EMEDIUMTYPE", "wrong medium type"},
+	{161, "ENOKEY", "required key not available"},
+	{162, "EKEYEXPIRED", "key has expired"},
+	{163, "EKEYREVOKED", "key has been revoked"},
+	{164, "EKEYREJECTED", "key was rejected by service"},
+	{165, "EOWNERDEAD", "owner died"},
+	{166, "ENOTRECOVERABLE", "state not recoverable"},
+	{167, "ERFKILL", "operation not possible due to RF-kill"},
+	{168, "EHWPOISON", "memory page has hardware error"},
+	{1133, "EDQUOT", "disk quota exceeded"},
+}
+
+// Signal table
+var signalList = [...]struct {
+	num  syscall.Signal
+	name string
+	desc string
+}{
+	{1, "SIGHUP", "hangup"},
+	{2, "SIGINT", "interrupt"},
+	{3, "SIGQUIT", "quit"},
+	{4, "SIGILL", "illegal instruction"},
+	{5, "SIGTRAP", "trace/breakpoint trap"},
+	{6, "SIGABRT", "aborted"},
+	{7, "SIGEMT", "EMT trap"},
+	{8, "SIGFPE", "floating point exception"},
+	{9, "SIGKILL", "killed"},
+	{10, "SIGBUS", "bus error"},
+	{11, "SIGSEGV", "segmentation fault"},
+	{12, "SIGSYS", "bad system call"},
+	{13, "SIGPIPE", "broken pipe"},
+	{14, "SIGALRM", "alarm clock"},
+	{15, "SIGTERM", "terminated"},
+	{16, "SIGUSR1", "user defined signal 1"},
+	{17, "SIGUSR2", "user defined signal 2"},
+	{18, "SIGCHLD", "child exited"},
+	{19, "SIGPWR", "power failure"},
+	{20, "SIGWINCH", "window changed"},
+	{21, "SIGURG", "urgent I/O condition"},
+	{22, "SIGIO", "I/O possible"},
+	{23, "SIGSTOP", "stopped (signal)"},
+	{24, "SIGTSTP", "stopped"},
+	{25, "SIGCONT", "continued"},
+	{26, "SIGTTIN", "stopped (tty input)"},
+	{27, "SIGTTOU", "stopped (tty output)"},
+	{28, "SIGVTALRM", "virtual timer expired"},
+	{29, "SIGPROF", "profiling timer expired"},
+	{30, "SIGXCPU", "CPU time limit exceeded"},
+	{31, "SIGXFSZ", "file size limit exceeded"},
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
new file mode 100644
index 000000000..07d4cc1bd
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
@@ -0,0 +1,797 @@
+// mkerrors.sh -Wall -Werror -static -I/tmp/include
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build mips64le,linux
+
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include _const.go
+
+package unix
+
+import "syscall"
+
+const (
+	B1000000                         = 0x1008
+	B115200                          = 0x1002
+	B1152000                         = 0x1009
+	B1500000                         = 0x100a
+	B2000000                         = 0x100b
+	B230400                          = 0x1003
+	B2500000                         = 0x100c
+	B3000000                         = 0x100d
+	B3500000                         = 0x100e
+	B4000000                         = 0x100f
+	B460800                          = 0x1004
+	B500000                          = 0x1005
+	B57600                           = 0x1001
+	B576000                          = 0x1006
+	B921600                          = 0x1007
+	BLKBSZGET                        = 0x40081270
+	BLKBSZSET                        = 0x80081271
+	BLKFLSBUF                        = 0x20001261
+	BLKFRAGET                        = 0x20001265
+	BLKFRASET                        = 0x20001264
+	BLKGETSIZE                       = 0x20001260
+	BLKGETSIZE64                     = 0x40081272
+	BLKPBSZGET                       = 0x2000127b
+	BLKRAGET                         = 0x20001263
+	BLKRASET                         = 0x20001262
+	BLKROGET                         = 0x2000125e
+	BLKROSET                         = 0x2000125d
+	BLKRRPART                        = 0x2000125f
+	BLKSECTGET                       = 0x20001267
+	BLKSECTSET                       = 0x20001266
+	BLKSSZGET                        = 0x20001268
+	BOTHER                           = 0x1000
+	BS1                              = 0x2000
+	BSDLY                            = 0x2000
+	CBAUD                            = 0x100f
+	CBAUDEX                          = 0x1000
+	CIBAUD                           = 0x100f0000
+	CLOCAL                           = 0x800
+	CR1                              = 0x200
+	CR2                              = 0x400
+	CR3                              = 0x600
+	CRDLY                            = 0x600
+	CREAD                            = 0x80
+	CS6                              = 0x10
+	CS7                              = 0x20
+	CS8                              = 0x30
+	CSIZE                            = 0x30
+	CSTOPB                           = 0x40
+	ECHOCTL                          = 0x200
+	ECHOE                            = 0x10
+	ECHOK                            = 0x20
+	ECHOKE                           = 0x800
+	ECHONL                           = 0x40
+	ECHOPRT                          = 0x400
+	EFD_CLOEXEC                      = 0x80000
+	EFD_NONBLOCK                     = 0x80
+	EPOLL_CLOEXEC                    = 0x80000
+	EXTPROC                          = 0x10000
+	FF1                              = 0x8000
+	FFDLY                            = 0x8000
+	FICLONE                          = 0x80049409
+	FICLONERANGE                     = 0x8020940d
+	FLUSHO                           = 0x2000
+	FS_IOC_ENABLE_VERITY             = 0x80806685
+	FS_IOC_GETFLAGS                  = 0x40086601
+	FS_IOC_GET_ENCRYPTION_NONCE      = 0x4010661b
+	FS_IOC_GET_ENCRYPTION_POLICY     = 0x800c6615
+	FS_IOC_GET_ENCRYPTION_PWSALT     = 0x80106614
+	FS_IOC_SETFLAGS                  = 0x80086602
+	FS_IOC_SET_ENCRYPTION_POLICY     = 0x400c6613
+	F_GETLK                          = 0xe
+	F_GETLK64                        = 0xe
+	F_GETOWN                         = 0x17
+	F_RDLCK                          = 0x0
+	F_SETLK                          = 0x6
+	F_SETLK64                        = 0x6
+	F_SETLKW                         = 0x7
+	F_SETLKW64                       = 0x7
+	F_SETOWN                         = 0x18
+	F_UNLCK                          = 0x2
+	F_WRLCK                          = 0x1
+	HUPCL                            = 0x400
+	ICANON                           = 0x2
+	IEXTEN                           = 0x100
+	IN_CLOEXEC                       = 0x80000
+	IN_NONBLOCK                      = 0x80
+	IOCTL_VM_SOCKETS_GET_LOCAL_CID   = 0x200007b9
+	ISIG                             = 0x1
+	IUCLC                            = 0x200
+	IXOFF                            = 0x1000
+	IXON                             = 0x400
+	MAP_ANON                         = 0x800
+	MAP_ANONYMOUS                    = 0x800
+	MAP_DENYWRITE                    = 0x2000
+	MAP_EXECUTABLE                   = 0x4000
+	MAP_GROWSDOWN                    = 0x1000
+	MAP_HUGETLB                      = 0x80000
+	MAP_LOCKED                       = 0x8000
+	MAP_NONBLOCK                     = 0x20000
+	MAP_NORESERVE                    = 0x400
+	MAP_POPULATE                     = 0x10000
+	MAP_RENAME                       = 0x800
+	MAP_STACK                        = 0x40000
+	MCL_CURRENT                      = 0x1
+	MCL_FUTURE                       = 0x2
+	MCL_ONFAULT                      = 0x4
+	NFDBITS                          = 0x40
+	NLDLY                            = 0x100
+	NOFLSH                           = 0x80
+	NS_GET_NSTYPE                    = 0x2000b703
+	NS_GET_OWNER_UID                 = 0x2000b704
+	NS_GET_PARENT                    = 0x2000b702
+	NS_GET_USERNS                    = 0x2000b701
+	OLCUC                            = 0x2
+	ONLCR                            = 0x4
+	O_APPEND                         = 0x8
+	O_ASYNC                          = 0x1000
+	O_CLOEXEC                        = 0x80000
+	O_CREAT                          = 0x100
+	O_DIRECT                         = 0x8000
+	O_DIRECTORY                      = 0x10000
+	O_DSYNC                          = 0x10
+	O_EXCL                           = 0x400
+	O_FSYNC                          = 0x4010
+	O_LARGEFILE                      = 0x0
+	O_NDELAY                         = 0x80
+	O_NOATIME                        = 0x40000
+	O_NOCTTY                         = 0x800
+	O_NOFOLLOW                       = 0x20000
+	O_NONBLOCK                       = 0x80
+	O_PATH                           = 0x200000
+	O_RSYNC                          = 0x4010
+	O_SYNC                           = 0x4010
+	O_TMPFILE                        = 0x410000
+	O_TRUNC                          = 0x200
+	PARENB                           = 0x100
+	PARODD                           = 0x200
+	PENDIN                           = 0x4000
+	PERF_EVENT_IOC_DISABLE           = 0x20002401
+	PERF_EVENT_IOC_ENABLE            = 0x20002400
+	PERF_EVENT_IOC_ID                = 0x40082407
+	PERF_EVENT_IOC_MODIFY_ATTRIBUTES = 0x8008240b
+	PERF_EVENT_IOC_PAUSE_OUTPUT      = 0x80042409
+	PERF_EVENT_IOC_PERIOD            = 0x80082404
+	PERF_EVENT_IOC_QUERY_BPF         = 0xc008240a
+	PERF_EVENT_IOC_REFRESH           = 0x20002402
+	PERF_EVENT_IOC_RESET             = 0x20002403
+	PERF_EVENT_IOC_SET_BPF           = 0x80042408
+	PERF_EVENT_IOC_SET_FILTER        = 0x80082406
+	PERF_EVENT_IOC_SET_OUTPUT        = 0x20002405
+	PPPIOCATTACH                     = 0x8004743d
+	PPPIOCATTCHAN                    = 0x80047438
+	PPPIOCCONNECT                    = 0x8004743a
+	PPPIOCDETACH                     = 0x8004743c
+	PPPIOCDISCONN                    = 0x20007439
+	PPPIOCGASYNCMAP                  = 0x40047458
+	PPPIOCGCHAN                      = 0x40047437
+	PPPIOCGDEBUG                     = 0x40047441
+	PPPIOCGFLAGS                     = 0x4004745a
+	PPPIOCGIDLE                      = 0x4010743f
+	PPPIOCGIDLE32                    = 0x4008743f
+	PPPIOCGIDLE64                    = 0x4010743f
+	PPPIOCGL2TPSTATS                 = 0x40487436
+	PPPIOCGMRU                       = 0x40047453
+	PPPIOCGRASYNCMAP                 = 0x40047455
+	PPPIOCGUNIT                      = 0x40047456
+	PPPIOCGXASYNCMAP                 = 0x40207450
+	PPPIOCSACTIVE                    = 0x80107446
+	PPPIOCSASYNCMAP                  = 0x80047457
+	PPPIOCSCOMPRESS                  = 0x8010744d
+	PPPIOCSDEBUG                     = 0x80047440
+	PPPIOCSFLAGS                     = 0x80047459
+	PPPIOCSMAXCID                    = 0x80047451
+	PPPIOCSMRRU                      = 0x8004743b
+	PPPIOCSMRU                       = 0x80047452
+	PPPIOCSNPMODE                    = 0x8008744b
+	PPPIOCSPASS                      = 0x80107447
+	PPPIOCSRASYNCMAP                 = 0x80047454
+	PPPIOCSXASYNCMAP                 = 0x8020744f
+	PPPIOCXFERUNIT                   = 0x2000744e
+	PR_SET_PTRACER_ANY               = 0xffffffffffffffff
+	PTRACE_GETFPREGS                 = 0xe
+	PTRACE_GET_THREAD_AREA           = 0x19
+	PTRACE_GET_THREAD_AREA_3264      = 0xc4
+	PTRACE_GET_WATCH_REGS            = 0xd0
+	PTRACE_OLDSETOPTIONS             = 0x15
+	PTRACE_PEEKDATA_3264             = 0xc1
+	PTRACE_PEEKTEXT_3264             = 0xc0
+	PTRACE_POKEDATA_3264             = 0xc3
+	PTRACE_POKETEXT_3264             = 0xc2
+	PTRACE_SETFPREGS                 = 0xf
+	PTRACE_SET_THREAD_AREA           = 0x1a
+	PTRACE_SET_WATCH_REGS            = 0xd1
+	RLIMIT_AS                        = 0x6
+	RLIMIT_MEMLOCK                   = 0x9
+	RLIMIT_NOFILE                    = 0x5
+	RLIMIT_NPROC                     = 0x8
+	RLIMIT_RSS                       = 0x7
+	RNDADDENTROPY                    = 0x80085203
+	RNDADDTOENTCNT                   = 0x80045201
+	RNDCLEARPOOL                     = 0x20005206
+	RNDGETENTCNT                     = 0x40045200
+	RNDGETPOOL                       = 0x40085202
+	RNDRESEEDCRNG                    = 0x20005207
+	RNDZAPENTCNT                     = 0x20005204
+	RTC_AIE_OFF                      = 0x20007002
+	RTC_AIE_ON                       = 0x20007001
+	RTC_ALM_READ                     = 0x40247008
+	RTC_ALM_SET                      = 0x80247007
+	RTC_EPOCH_READ                   = 0x4008700d
+	RTC_EPOCH_SET                    = 0x8008700e
+	RTC_IRQP_READ                    = 0x4008700b
+	RTC_IRQP_SET                     = 0x8008700c
+	RTC_PIE_OFF                      = 0x20007006
+	RTC_PIE_ON                       = 0x20007005
+	RTC_PLL_GET                      = 0x40207011
+	RTC_PLL_SET                      = 0x80207012
+	RTC_RD_TIME                      = 0x40247009
+	RTC_SET_TIME                     = 0x8024700a
+	RTC_UIE_OFF                      = 0x20007004
+	RTC_UIE_ON                       = 0x20007003
+	RTC_VL_CLR                       = 0x20007014
+	RTC_VL_READ                      = 0x40047013
+	RTC_WIE_OFF                      = 0x20007010
+	RTC_WIE_ON                       = 0x2000700f
+	RTC_WKALM_RD                     = 0x40287010
+	RTC_WKALM_SET                    = 0x8028700f
+	SCM_TIMESTAMPING                 = 0x25
+	SCM_TIMESTAMPING_OPT_STATS       = 0x36
+	SCM_TIMESTAMPING_PKTINFO         = 0x3a
+	SCM_TIMESTAMPNS                  = 0x23
+	SCM_TXTIME                       = 0x3d
+	SCM_WIFI_STATUS                  = 0x29
+	SFD_CLOEXEC                      = 0x80000
+	SFD_NONBLOCK                     = 0x80
+	SIOCATMARK                       = 0x40047307
+	SIOCGPGRP                        = 0x40047309
+	SIOCGSTAMPNS_NEW                 = 0x40108907
+	SIOCGSTAMP_NEW                   = 0x40108906
+	SIOCINQ                          = 0x467f
+	SIOCOUTQ                         = 0x7472
+	SIOCSPGRP                        = 0x80047308
+	SOCK_CLOEXEC                     = 0x80000
+	SOCK_DGRAM                       = 0x1
+	SOCK_NONBLOCK                    = 0x80
+	SOCK_STREAM                      = 0x2
+	SOL_SOCKET                       = 0xffff
+	SO_ACCEPTCONN                    = 0x1009
+	SO_ATTACH_BPF                    = 0x32
+	SO_ATTACH_REUSEPORT_CBPF         = 0x33
+	SO_ATTACH_REUSEPORT_EBPF         = 0x34
+	SO_BINDTODEVICE                  = 0x19
+	SO_BINDTOIFINDEX                 = 0x3e
+	SO_BPF_EXTENSIONS                = 0x30
+	SO_BROADCAST                     = 0x20
+	SO_BSDCOMPAT                     = 0xe
+	SO_BUSY_POLL                     = 0x2e
+	SO_CNX_ADVICE                    = 0x35
+	SO_COOKIE                        = 0x39
+	SO_DETACH_REUSEPORT_BPF          = 0x44
+	SO_DOMAIN                        = 0x1029
+	SO_DONTROUTE                     = 0x10
+	SO_ERROR                         = 0x1007
+	SO_INCOMING_CPU                  = 0x31
+	SO_INCOMING_NAPI_ID              = 0x38
+	SO_KEEPALIVE                     = 0x8
+	SO_LINGER                        = 0x80
+	SO_LOCK_FILTER                   = 0x2c
+	SO_MARK                          = 0x24
+	SO_MAX_PACING_RATE               = 0x2f
+	SO_MEMINFO                       = 0x37
+	SO_NOFCS                         = 0x2b
+	SO_OOBINLINE                     = 0x100
+	SO_PASSCRED                      = 0x11
+	SO_PASSSEC                       = 0x22
+	SO_PEEK_OFF                      = 0x2a
+	SO_PEERCRED                      = 0x12
+	SO_PEERGROUPS                    = 0x3b
+	SO_PEERSEC                       = 0x1e
+	SO_PROTOCOL                      = 0x1028
+	SO_RCVBUF                        = 0x1002
+	SO_RCVBUFFORCE                   = 0x21
+	SO_RCVLOWAT                      = 0x1004
+	SO_RCVTIMEO                      = 0x1006
+	SO_RCVTIMEO_NEW                  = 0x42
+	SO_RCVTIMEO_OLD                  = 0x1006
+	SO_REUSEADDR                     = 0x4
+	SO_REUSEPORT                     = 0x200
+	SO_RXQ_OVFL                      = 0x28
+	SO_SECURITY_AUTHENTICATION       = 0x16
+	SO_SECURITY_ENCRYPTION_NETWORK   = 0x18
+	SO_SECURITY_ENCRYPTION_TRANSPORT = 0x17
+	SO_SELECT_ERR_QUEUE              = 0x2d
+	SO_SNDBUF                        = 0x1001
+	SO_SNDBUFFORCE                   = 0x1f
+	SO_SNDLOWAT                      = 0x1003
+	SO_SNDTIMEO                      = 0x1005
+	SO_SNDTIMEO_NEW                  = 0x43
+	SO_SNDTIMEO_OLD                  = 0x1005
+	SO_STYLE                         = 0x1008
+	SO_TIMESTAMPING                  = 0x25
+	SO_TIMESTAMPING_NEW              = 0x41
+	SO_TIMESTAMPING_OLD              = 0x25
+	SO_TIMESTAMPNS                   = 0x23
+	SO_TIMESTAMPNS_NEW               = 0x40
+	SO_TIMESTAMPNS_OLD               = 0x23
+	SO_TIMESTAMP_NEW                 = 0x3f
+	SO_TXTIME                        = 0x3d
+	SO_TYPE                          = 0x1008
+	SO_WIFI_STATUS                   = 0x29
+	SO_ZEROCOPY                      = 0x3c
+	TAB1                             = 0x800
+	TAB2                             = 0x1000
+	TAB3                             = 0x1800
+	TABDLY                           = 0x1800
+	TCFLSH                           = 0x5407
+	TCGETA                           = 0x5401
+	TCGETS                           = 0x540d
+	TCGETS2                          = 0x4030542a
+	TCSAFLUSH                        = 0x5410
+	TCSBRK                           = 0x5405
+	TCSBRKP                          = 0x5486
+	TCSETA                           = 0x5402
+	TCSETAF                          = 0x5404
+	TCSETAW                          = 0x5403
+	TCSETS                           = 0x540e
+	TCSETS2                          = 0x8030542b
+	TCSETSF                          = 0x5410
+	TCSETSF2                         = 0x8030542d
+	TCSETSW                          = 0x540f
+	TCSETSW2                         = 0x8030542c
+	TCXONC                           = 0x5406
+	TFD_CLOEXEC                      = 0x80000
+	TFD_NONBLOCK                     = 0x80
+	TIOCCBRK                         = 0x5428
+	TIOCCONS                         = 0x80047478
+	TIOCEXCL                         = 0x740d
+	TIOCGDEV                         = 0x40045432
+	TIOCGETD                         = 0x7400
+	TIOCGETP                         = 0x7408
+	TIOCGEXCL                        = 0x40045440
+	TIOCGICOUNT                      = 0x5492
+	TIOCGISO7816                     = 0x40285442
+	TIOCGLCKTRMIOS                   = 0x548b
+	TIOCGLTC                         = 0x7474
+	TIOCGPGRP                        = 0x40047477
+	TIOCGPKT                         = 0x40045438
+	TIOCGPTLCK                       = 0x40045439
+	TIOCGPTN                         = 0x40045430
+	TIOCGPTPEER                      = 0x20005441
+	TIOCGRS485                       = 0x4020542e
+	TIOCGSERIAL                      = 0x5484
+	TIOCGSID                         = 0x7416
+	TIOCGSOFTCAR                     = 0x5481
+	TIOCGWINSZ                       = 0x40087468
+	TIOCINQ                          = 0x467f
+	TIOCLINUX                        = 0x5483
+	TIOCMBIC                         = 0x741c
+	TIOCMBIS                         = 0x741b
+	TIOCMGET                         = 0x741d
+	TIOCMIWAIT                       = 0x5491
+	TIOCMSET                         = 0x741a
+	TIOCM_CAR                        = 0x100
+	TIOCM_CD                         = 0x100
+	TIOCM_CTS                        = 0x40
+	TIOCM_DSR                        = 0x400
+	TIOCM_RI                         = 0x200
+	TIOCM_RNG                        = 0x200
+	TIOCM_SR                         = 0x20
+	TIOCM_ST                         = 0x10
+	TIOCNOTTY                        = 0x5471
+	TIOCNXCL                         = 0x740e
+	TIOCOUTQ                         = 0x7472
+	TIOCPKT                          = 0x5470
+	TIOCSBRK                         = 0x5427
+	TIOCSCTTY                        = 0x5480
+	TIOCSERCONFIG                    = 0x5488
+	TIOCSERGETLSR                    = 0x548e
+	TIOCSERGETMULTI                  = 0x548f
+	TIOCSERGSTRUCT                   = 0x548d
+	TIOCSERGWILD                     = 0x5489
+	TIOCSERSETMULTI                  = 0x5490
+	TIOCSERSWILD                     = 0x548a
+	TIOCSER_TEMT                     = 0x1
+	TIOCSETD                         = 0x7401
+	TIOCSETN                         = 0x740a
+	TIOCSETP                         = 0x7409
+	TIOCSIG                          = 0x80045436
+	TIOCSISO7816                     = 0xc0285443
+	TIOCSLCKTRMIOS                   = 0x548c
+	TIOCSLTC                         = 0x7475
+	TIOCSPGRP                        = 0x80047476
+	TIOCSPTLCK                       = 0x80045431
+	TIOCSRS485                       = 0xc020542f
+	TIOCSSERIAL                      = 0x5485
+	TIOCSSOFTCAR                     = 0x5482
+	TIOCSTI                          = 0x5472
+	TIOCSWINSZ                       = 0x80087467
+	TIOCVHANGUP                      = 0x5437
+	TOSTOP                           = 0x8000
+	TUNATTACHFILTER                  = 0x801054d5
+	TUNDETACHFILTER                  = 0x801054d6
+	TUNGETDEVNETNS                   = 0x200054e3
+	TUNGETFEATURES                   = 0x400454cf
+	TUNGETFILTER                     = 0x401054db
+	TUNGETIFF                        = 0x400454d2
+	TUNGETSNDBUF                     = 0x400454d3
+	TUNGETVNETBE                     = 0x400454df
+	TUNGETVNETHDRSZ                  = 0x400454d7
+	TUNGETVNETLE                     = 0x400454dd
+	TUNSETCARRIER                    = 0x800454e2
+	TUNSETDEBUG                      = 0x800454c9
+	TUNSETFILTEREBPF                 = 0x400454e1
+	TUNSETGROUP                      = 0x800454ce
+	TUNSETIFF                        = 0x800454ca
+	TUNSETIFINDEX                    = 0x800454da
+	TUNSETLINK                       = 0x800454cd
+	TUNSETNOCSUM                     = 0x800454c8
+	TUNSETOFFLOAD                    = 0x800454d0
+	TUNSETOWNER                      = 0x800454cc
+	TUNSETPERSIST                    = 0x800454cb
+	TUNSETQUEUE                      = 0x800454d9
+	TUNSETSNDBUF                     = 0x800454d4
+	TUNSETSTEERINGEBPF               = 0x400454e0
+	TUNSETTXFILTER                   = 0x800454d1
+	TUNSETVNETBE                     = 0x800454de
+	TUNSETVNETHDRSZ                  = 0x800454d8
+	TUNSETVNETLE                     = 0x800454dc
+	UBI_IOCATT                       = 0x80186f40
+	UBI_IOCDET                       = 0x80046f41
+	UBI_IOCEBCH                      = 0x80044f02
+	UBI_IOCEBER                      = 0x80044f01
+	UBI_IOCEBISMAP                   = 0x40044f05
+	UBI_IOCEBMAP                     = 0x80084f03
+	UBI_IOCEBUNMAP                   = 0x80044f04
+	UBI_IOCMKVOL                     = 0x80986f00
+	UBI_IOCRMVOL                     = 0x80046f01
+	UBI_IOCRNVOL                     = 0x91106f03
+	UBI_IOCRPEB                      = 0x80046f04
+	UBI_IOCRSVOL                     = 0x800c6f02
+	UBI_IOCSETVOLPROP                = 0x80104f06
+	UBI_IOCSPEB                      = 0x80046f05
+	UBI_IOCVOLCRBLK                  = 0x80804f07
+	UBI_IOCVOLRMBLK                  = 0x20004f08
+	UBI_IOCVOLUP                     = 0x80084f00
+	VDISCARD                         = 0xd
+	VEOF                             = 0x10
+	VEOL                             = 0x11
+	VEOL2                            = 0x6
+	VMIN                             = 0x4
+	VREPRINT                         = 0xc
+	VSTART                           = 0x8
+	VSTOP                            = 0x9
+	VSUSP                            = 0xa
+	VSWTC                            = 0x7
+	VSWTCH                           = 0x7
+	VT1                              = 0x4000
+	VTDLY                            = 0x4000
+	VTIME                            = 0x5
+	VWERASE                          = 0xe
+	WDIOC_GETBOOTSTATUS              = 0x40045702
+	WDIOC_GETPRETIMEOUT              = 0x40045709
+	WDIOC_GETSTATUS                  = 0x40045701
+	WDIOC_GETSUPPORT                 = 0x40285700
+	WDIOC_GETTEMP                    = 0x40045703
+	WDIOC_GETTIMELEFT                = 0x4004570a
+	WDIOC_GETTIMEOUT                 = 0x40045707
+	WDIOC_KEEPALIVE                  = 0x40045705
+	WDIOC_SETOPTIONS                 = 0x40045704
+	WORDSIZE                         = 0x40
+	XCASE                            = 0x4
+	XTABS                            = 0x1800
+)
+
+// Errors
+const (
+	EADDRINUSE      = syscall.Errno(0x7d)
+	EADDRNOTAVAIL   = syscall.Errno(0x7e)
+	EADV            = syscall.Errno(0x44)
+	EAFNOSUPPORT    = syscall.Errno(0x7c)
+	EALREADY        = syscall.Errno(0x95)
+	EBADE           = syscall.Errno(0x32)
+	EBADFD          = syscall.Errno(0x51)
+	EBADMSG         = syscall.Errno(0x4d)
+	EBADR           = syscall.Errno(0x33)
+	EBADRQC         = syscall.Errno(0x36)
+	EBADSLT         = syscall.Errno(0x37)
+	EBFONT          = syscall.Errno(0x3b)
+	ECANCELED       = syscall.Errno(0x9e)
+	ECHRNG          = syscall.Errno(0x25)
+	ECOMM           = syscall.Errno(0x46)
+	ECONNABORTED    = syscall.Errno(0x82)
+	ECONNREFUSED    = syscall.Errno(0x92)
+	ECONNRESET      = syscall.Errno(0x83)
+	EDEADLK         = syscall.Errno(0x2d)
+	EDEADLOCK       = syscall.Errno(0x38)
+	EDESTADDRREQ    = syscall.Errno(0x60)
+	EDOTDOT         = syscall.Errno(0x49)
+	EDQUOT          = syscall.Errno(0x46d)
+	EHOSTDOWN       = syscall.Errno(0x93)
+	EHOSTUNREACH    = syscall.Errno(0x94)
+	EHWPOISON       = syscall.Errno(0xa8)
+	EIDRM           = syscall.Errno(0x24)
+	EILSEQ          = syscall.Errno(0x58)
+	EINIT           = syscall.Errno(0x8d)
+	EINPROGRESS     = syscall.Errno(0x96)
+	EISCONN         = syscall.Errno(0x85)
+	EISNAM          = syscall.Errno(0x8b)
+	EKEYEXPIRED     = syscall.Errno(0xa2)
+	EKEYREJECTED    = syscall.Errno(0xa4)
+	EKEYREVOKED     = syscall.Errno(0xa3)
+	EL2HLT          = syscall.Errno(0x2c)
+	EL2NSYNC        = syscall.Errno(0x26)
+	EL3HLT          = syscall.Errno(0x27)
+	EL3RST          = syscall.Errno(0x28)
+	ELIBACC         = syscall.Errno(0x53)
+	ELIBBAD         = syscall.Errno(0x54)
+	ELIBEXEC        = syscall.Errno(0x57)
+	ELIBMAX         = syscall.Errno(0x56)
+	ELIBSCN         = syscall.Errno(0x55)
+	ELNRNG          = syscall.Errno(0x29)
+	ELOOP           = syscall.Errno(0x5a)
+	EMEDIUMTYPE     = syscall.Errno(0xa0)
+	EMSGSIZE        = syscall.Errno(0x61)
+	EMULTIHOP       = syscall.Errno(0x4a)
+	ENAMETOOLONG    = syscall.Errno(0x4e)
+	ENAVAIL         = syscall.Errno(0x8a)
+	ENETDOWN        = syscall.Errno(0x7f)
+	ENETRESET       = syscall.Errno(0x81)
+	ENETUNREACH     = syscall.Errno(0x80)
+	ENOANO          = syscall.Errno(0x35)
+	ENOBUFS         = syscall.Errno(0x84)
+	ENOCSI          = syscall.Errno(0x2b)
+	ENODATA         = syscall.Errno(0x3d)
+	ENOKEY          = syscall.Errno(0xa1)
+	ENOLCK          = syscall.Errno(0x2e)
+	ENOLINK         = syscall.Errno(0x43)
+	ENOMEDIUM       = syscall.Errno(0x9f)
+	ENOMSG          = syscall.Errno(0x23)
+	ENONET          = syscall.Errno(0x40)
+	ENOPKG          = syscall.Errno(0x41)
+	ENOPROTOOPT     = syscall.Errno(0x63)
+	ENOSR           = syscall.Errno(0x3f)
+	ENOSTR          = syscall.Errno(0x3c)
+	ENOSYS          = syscall.Errno(0x59)
+	ENOTCONN        = syscall.Errno(0x86)
+	ENOTEMPTY       = syscall.Errno(0x5d)
+	ENOTNAM         = syscall.Errno(0x89)
+	ENOTRECOVERABLE = syscall.Errno(0xa6)
+	ENOTSOCK        = syscall.Errno(0x5f)
+	ENOTSUP         = syscall.Errno(0x7a)
+	ENOTUNIQ        = syscall.Errno(0x50)
+	EOPNOTSUPP      = syscall.Errno(0x7a)
+	EOVERFLOW       = syscall.Errno(0x4f)
+	EOWNERDEAD      = syscall.Errno(0xa5)
+	EPFNOSUPPORT    = syscall.Errno(0x7b)
+	EPROTO          = syscall.Errno(0x47)
+	EPROTONOSUPPORT = syscall.Errno(0x78)
+	EPROTOTYPE      = syscall.Errno(0x62)
+	EREMCHG         = syscall.Errno(0x52)
+	EREMDEV         = syscall.Errno(0x8e)
+	EREMOTE         = syscall.Errno(0x42)
+	EREMOTEIO       = syscall.Errno(0x8c)
+	ERESTART        = syscall.Errno(0x5b)
+	ERFKILL         = syscall.Errno(0xa7)
+	ESHUTDOWN       = syscall.Errno(0x8f)
+	ESOCKTNOSUPPORT = syscall.Errno(0x79)
+	ESRMNT          = syscall.Errno(0x45)
+	ESTALE          = syscall.Errno(0x97)
+	ESTRPIPE        = syscall.Errno(0x5c)
+	ETIME           = syscall.Errno(0x3e)
+	ETIMEDOUT       = syscall.Errno(0x91)
+	ETOOMANYREFS    = syscall.Errno(0x90)
+	EUCLEAN         = syscall.Errno(0x87)
+	EUNATCH         = syscall.Errno(0x2a)
+	EUSERS          = syscall.Errno(0x5e)
+	EXFULL          = syscall.Errno(0x34)
+)
+
+// Signals
+const (
+	SIGBUS    = syscall.Signal(0xa)
+	SIGCHLD   = syscall.Signal(0x12)
+	SIGCLD    = syscall.Signal(0x12)
+	SIGCONT   = syscall.Signal(0x19)
+	SIGEMT    = syscall.Signal(0x7)
+	SIGIO     = syscall.Signal(0x16)
+	SIGPOLL   = syscall.Signal(0x16)
+	SIGPROF   = syscall.Signal(0x1d)
+	SIGPWR    = syscall.Signal(0x13)
+	SIGSTOP   = syscall.Signal(0x17)
+	SIGSYS    = syscall.Signal(0xc)
+	SIGTSTP   = syscall.Signal(0x18)
+	SIGTTIN   = syscall.Signal(0x1a)
+	SIGTTOU   = syscall.Signal(0x1b)
+	SIGURG    = syscall.Signal(0x15)
+	SIGUSR1   = syscall.Signal(0x10)
+	SIGUSR2   = syscall.Signal(0x11)
+	SIGVTALRM = syscall.Signal(0x1c)
+	SIGWINCH  = syscall.Signal(0x14)
+	SIGXCPU   = syscall.Signal(0x1e)
+	SIGXFSZ   = syscall.Signal(0x1f)
+)
+
+// Error table
+var errorList = [...]struct {
+	num  syscall.Errno
+	name string
+	desc string
+}{
+	{1, "EPERM", "operation not permitted"},
+	{2, "ENOENT", "no such file or directory"},
+	{3, "ESRCH", "no such process"},
+	{4, "EINTR", "interrupted system call"},
+	{5, "EIO", "input/output error"},
+	{6, "ENXIO", "no such device or address"},
+	{7, "E2BIG", "argument list too long"},
+	{8, "ENOEXEC", "exec format error"},
+	{9, "EBADF", "bad file descriptor"},
+	{10, "ECHILD", "no child processes"},
+	{11, "EAGAIN", "resource temporarily unavailable"},
+	{12, "ENOMEM", "cannot allocate memory"},
+	{13, "EACCES", "permission denied"},
+	{14, "EFAULT", "bad address"},
+	{15, "ENOTBLK", "block device required"},
+	{16, "EBUSY", "device or resource busy"},
+	{17, "EEXIST", "file exists"},
+	{18, "EXDEV", "invalid cross-device link"},
+	{19, "ENODEV", "no such device"},
+	{20, "ENOTDIR", "not a directory"},
+	{21, "EISDIR", "is a directory"},
+	{22, "EINVAL", "invalid argument"},
+	{23, "ENFILE", "too many open files in system"},
+	{24, "EMFILE", "too many open files"},
+	{25, "ENOTTY", "inappropriate ioctl for device"},
+	{26, "ETXTBSY", "text file busy"},
+	{27, "EFBIG", "file too large"},
+	{28, "ENOSPC", "no space left on device"},
+	{29, "ESPIPE", "illegal seek"},
+	{30, "EROFS", "read-only file system"},
+	{31, "EMLINK", "too many links"},
+	{32, "EPIPE", "broken pipe"},
+	{33, "EDOM", "numerical argument out of domain"},
+	{34, "ERANGE", "numerical result out of range"},
+	{35, "ENOMSG", "no message of desired type"},
+	{36, "EIDRM", "identifier removed"},
+	{37, "ECHRNG", "channel number out of range"},
+	{38, "EL2NSYNC", "level 2 not synchronized"},
+	{39, "EL3HLT", "level 3 halted"},
+	{40, "EL3RST", "level 3 reset"},
+	{41, "ELNRNG", "link number out of range"},
+	{42, "EUNATCH", "protocol driver not attached"},
+	{43, "ENOCSI", "no CSI structure available"},
+	{44, "EL2HLT", "level 2 halted"},
+	{45, "EDEADLK", "resource deadlock avoided"},
+	{46, "ENOLCK", "no locks available"},
+	{50, "EBADE", "invalid exchange"},
+	{51, "EBADR", "invalid request descriptor"},
+	{52, "EXFULL", "exchange full"},
+	{53, "ENOANO", "no anode"},
+	{54, "EBADRQC", "invalid request code"},
+	{55, "EBADSLT", "invalid slot"},
+	{56, "EDEADLOCK", "file locking deadlock error"},
+	{59, "EBFONT", "bad font file format"},
+	{60, "ENOSTR", "device not a stream"},
+	{61, "ENODATA", "no data available"},
+	{62, "ETIME", "timer expired"},
+	{63, "ENOSR", "out of streams resources"},
+	{64, "ENONET", "machine is not on the network"},
+	{65, "ENOPKG", "package not installed"},
+	{66, "EREMOTE", "object is remote"},
+	{67, "ENOLINK", "link has been severed"},
+	{68, "EADV", "advertise error"},
+	{69, "ESRMNT", "srmount error"},
+	{70, "ECOMM", "communication error on send"},
+	{71, "EPROTO", "protocol error"},
+	{73, "EDOTDOT", "RFS specific error"},
+	{74, "EMULTIHOP", "multihop attempted"},
+	{77, "EBADMSG", "bad message"},
+	{78, "ENAMETOOLONG", "file name too long"},
+	{79, "EOVERFLOW", "value too large for defined data type"},
+	{80, "ENOTUNIQ", "name not unique on network"},
+	{81, "EBADFD", "file descriptor in bad state"},
+	{82, "EREMCHG", "remote address changed"},
+	{83, "ELIBACC", "can not access a needed shared library"},
+	{84, "ELIBBAD", "accessing a corrupted shared library"},
+	{85, "ELIBSCN", ".lib section in a.out corrupted"},
+	{86, "ELIBMAX", "attempting to link in too many shared libraries"},
+	{87, "ELIBEXEC", "cannot exec a shared library directly"},
+	{88, "EILSEQ", "invalid or incomplete multibyte or wide character"},
+	{89, "ENOSYS", "function not implemented"},
+	{90, "ELOOP", "too many levels of symbolic links"},
+	{91, "ERESTART", "interrupted system call should be restarted"},
+	{92, "ESTRPIPE", "streams pipe error"},
+	{93, "ENOTEMPTY", "directory not empty"},
+	{94, "EUSERS", "too many users"},
+	{95, "ENOTSOCK", "socket operation on non-socket"},
+	{96, "EDESTADDRREQ", "destination address required"},
+	{97, "EMSGSIZE", "message too long"},
+	{98, "EPROTOTYPE", "protocol wrong type for socket"},
+	{99, "ENOPROTOOPT", "protocol not available"},
+	{120, "EPROTONOSUPPORT", "protocol not supported"},
+	{121, "ESOCKTNOSUPPORT", "socket type not supported"},
+	{122, "ENOTSUP", "operation not supported"},
+	{123, "EPFNOSUPPORT", "protocol family not supported"},
+	{124, "EAFNOSUPPORT", "address family not supported by protocol"},
+	{125, "EADDRINUSE", "address already in use"},
+	{126, "EADDRNOTAVAIL", "cannot assign requested address"},
+	{127, "ENETDOWN", "network is down"},
+	{128, "ENETUNREACH", "network is unreachable"},
+	{129, "ENETRESET", "network dropped connection on reset"},
+	{130, "ECONNABORTED", "software caused connection abort"},
+	{131, "ECONNRESET", "connection reset by peer"},
+	{132, "ENOBUFS", "no buffer space available"},
+	{133, "EISCONN", "transport endpoint is already connected"},
+	{134, "ENOTCONN", "transport endpoint is not connected"},
+	{135, "EUCLEAN", "structure needs cleaning"},
+	{137, "ENOTNAM", "not a XENIX named type file"},
+	{138, "ENAVAIL", "no XENIX semaphores available"},
+	{139, "EISNAM", "is a named type file"},
+	{140, "EREMOTEIO", "remote I/O error"},
+	{141, "EINIT", "unknown error 141"},
+	{142, "EREMDEV", "unknown error 142"},
+	{143, "ESHUTDOWN", "cannot send after transport endpoint shutdown"},
+	{144, "ETOOMANYREFS", "too many references: cannot splice"},
+	{145, "ETIMEDOUT", "connection timed out"},
+	{146, "ECONNREFUSED", "connection refused"},
+	{147, "EHOSTDOWN", "host is down"},
+	{148, "EHOSTUNREACH", "no route to host"},
+	{149, "EALREADY", "operation already in progress"},
+	{150, "EINPROGRESS", "operation now in progress"},
+	{151, "ESTALE", "stale file handle"},
+	{158, "ECANCELED", "operation canceled"},
+	{159, "ENOMEDIUM", "no medium found"},
+	{160, "EMEDIUMTYPE", "wrong medium type"},
+	{161, "ENOKEY", "required key not available"},
+	{162, "EKEYEXPIRED", "key has expired"},
+	{163, "EKEYREVOKED", "key has been revoked"},
+	{164, "EKEYREJECTED", "key was rejected by service"},
+	{165, "EOWNERDEAD", "owner died"},
+	{166, "ENOTRECOVERABLE", "state not recoverable"},
+	{167, "ERFKILL", "operation not possible due to RF-kill"},
+	{168, "EHWPOISON", "memory page has hardware error"},
+	{1133, "EDQUOT", "disk quota exceeded"},
+}
+
+// Signal table
+var signalList = [...]struct {
+	num  syscall.Signal
+	name string
+	desc string
+}{
+	{1, "SIGHUP", "hangup"},
+	{2, "SIGINT", "interrupt"},
+	{3, "SIGQUIT", "quit"},
+	{4, "SIGILL", "illegal instruction"},
+	{5, "SIGTRAP", "trace/breakpoint trap"},
+	{6, "SIGABRT", "aborted"},
+	{7, "SIGEMT", "EMT trap"},
+	{8, "SIGFPE", "floating point exception"},
+	{9, "SIGKILL", "killed"},
+	{10, "SIGBUS", "bus error"},
+	{11, "SIGSEGV", "segmentation fault"},
+	{12, "SIGSYS", "bad system call"},
+	{13, "SIGPIPE", "broken pipe"},
+	{14, "SIGALRM", "alarm clock"},
+	{15, "SIGTERM", "terminated"},
+	{16, "SIGUSR1", "user defined signal 1"},
+	{17, "SIGUSR2", "user defined signal 2"},
+	{18, "SIGCHLD", "child exited"},
+	{19, "SIGPWR", "power failure"},
+	{20, "SIGWINCH", "window changed"},
+	{21, "SIGURG", "urgent I/O condition"},
+	{22, "SIGIO", "I/O possible"},
+	{23, "SIGSTOP", "stopped (signal)"},
+	{24, "SIGTSTP", "stopped"},
+	{25, "SIGCONT", "continued"},
+	{26, "SIGTTIN", "stopped (tty input)"},
+	{27, "SIGTTOU", "stopped (tty output)"},
+	{28, "SIGVTALRM", "virtual timer expired"},
+	{29, "SIGPROF", "profiling timer expired"},
+	{30, "SIGXCPU", "CPU time limit exceeded"},
+	{31, "SIGXFSZ", "file size limit exceeded"},
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
new file mode 100644
index 000000000..d4842ba1c
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
@@ -0,0 +1,797 @@
+// mkerrors.sh -Wall -Werror -static -I/tmp/include
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build mipsle,linux
+
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include _const.go
+
+package unix
+
+import "syscall"
+
+const (
+	B1000000                         = 0x1008
+	B115200                          = 0x1002
+	B1152000                         = 0x1009
+	B1500000                         = 0x100a
+	B2000000                         = 0x100b
+	B230400                          = 0x1003
+	B2500000                         = 0x100c
+	B3000000                         = 0x100d
+	B3500000                         = 0x100e
+	B4000000                         = 0x100f
+	B460800                          = 0x1004
+	B500000                          = 0x1005
+	B57600                           = 0x1001
+	B576000                          = 0x1006
+	B921600                          = 0x1007
+	BLKBSZGET                        = 0x40041270
+	BLKBSZSET                        = 0x80041271
+	BLKFLSBUF                        = 0x20001261
+	BLKFRAGET                        = 0x20001265
+	BLKFRASET                        = 0x20001264
+	BLKGETSIZE                       = 0x20001260
+	BLKGETSIZE64                     = 0x40041272
+	BLKPBSZGET                       = 0x2000127b
+	BLKRAGET                         = 0x20001263
+	BLKRASET                         = 0x20001262
+	BLKROGET                         = 0x2000125e
+	BLKROSET                         = 0x2000125d
+	BLKRRPART                        = 0x2000125f
+	BLKSECTGET                       = 0x20001267
+	BLKSECTSET                       = 0x20001266
+	BLKSSZGET                        = 0x20001268
+	BOTHER                           = 0x1000
+	BS1                              = 0x2000
+	BSDLY                            = 0x2000
+	CBAUD                            = 0x100f
+	CBAUDEX                          = 0x1000
+	CIBAUD                           = 0x100f0000
+	CLOCAL                           = 0x800
+	CR1                              = 0x200
+	CR2                              = 0x400
+	CR3                              = 0x600
+	CRDLY                            = 0x600
+	CREAD                            = 0x80
+	CS6                              = 0x10
+	CS7                              = 0x20
+	CS8                              = 0x30
+	CSIZE                            = 0x30
+	CSTOPB                           = 0x40
+	ECHOCTL                          = 0x200
+	ECHOE                            = 0x10
+	ECHOK                            = 0x20
+	ECHOKE                           = 0x800
+	ECHONL                           = 0x40
+	ECHOPRT                          = 0x400
+	EFD_CLOEXEC                      = 0x80000
+	EFD_NONBLOCK                     = 0x80
+	EPOLL_CLOEXEC                    = 0x80000
+	EXTPROC                          = 0x10000
+	FF1                              = 0x8000
+	FFDLY                            = 0x8000
+	FICLONE                          = 0x80049409
+	FICLONERANGE                     = 0x8020940d
+	FLUSHO                           = 0x2000
+	FS_IOC_ENABLE_VERITY             = 0x80806685
+	FS_IOC_GETFLAGS                  = 0x40046601
+	FS_IOC_GET_ENCRYPTION_NONCE      = 0x4010661b
+	FS_IOC_GET_ENCRYPTION_POLICY     = 0x800c6615
+	FS_IOC_GET_ENCRYPTION_PWSALT     = 0x80106614
+	FS_IOC_SETFLAGS                  = 0x80046602
+	FS_IOC_SET_ENCRYPTION_POLICY     = 0x400c6613
+	F_GETLK                          = 0x21
+	F_GETLK64                        = 0x21
+	F_GETOWN                         = 0x17
+	F_RDLCK                          = 0x0
+	F_SETLK                          = 0x22
+	F_SETLK64                        = 0x22
+	F_SETLKW                         = 0x23
+	F_SETLKW64                       = 0x23
+	F_SETOWN                         = 0x18
+	F_UNLCK                          = 0x2
+	F_WRLCK                          = 0x1
+	HUPCL                            = 0x400
+	ICANON                           = 0x2
+	IEXTEN                           = 0x100
+	IN_CLOEXEC                       = 0x80000
+	IN_NONBLOCK                      = 0x80
+	IOCTL_VM_SOCKETS_GET_LOCAL_CID   = 0x200007b9
+	ISIG                             = 0x1
+	IUCLC                            = 0x200
+	IXOFF                            = 0x1000
+	IXON                             = 0x400
+	MAP_ANON                         = 0x800
+	MAP_ANONYMOUS                    = 0x800
+	MAP_DENYWRITE                    = 0x2000
+	MAP_EXECUTABLE                   = 0x4000
+	MAP_GROWSDOWN                    = 0x1000
+	MAP_HUGETLB                      = 0x80000
+	MAP_LOCKED                       = 0x8000
+	MAP_NONBLOCK                     = 0x20000
+	MAP_NORESERVE                    = 0x400
+	MAP_POPULATE                     = 0x10000
+	MAP_RENAME                       = 0x800
+	MAP_STACK                        = 0x40000
+	MCL_CURRENT                      = 0x1
+	MCL_FUTURE                       = 0x2
+	MCL_ONFAULT                      = 0x4
+	NFDBITS                          = 0x20
+	NLDLY                            = 0x100
+	NOFLSH                           = 0x80
+	NS_GET_NSTYPE                    = 0x2000b703
+	NS_GET_OWNER_UID                 = 0x2000b704
+	NS_GET_PARENT                    = 0x2000b702
+	NS_GET_USERNS                    = 0x2000b701
+	OLCUC                            = 0x2
+	ONLCR                            = 0x4
+	O_APPEND                         = 0x8
+	O_ASYNC                          = 0x1000
+	O_CLOEXEC                        = 0x80000
+	O_CREAT                          = 0x100
+	O_DIRECT                         = 0x8000
+	O_DIRECTORY                      = 0x10000
+	O_DSYNC                          = 0x10
+	O_EXCL                           = 0x400
+	O_FSYNC                          = 0x4010
+	O_LARGEFILE                      = 0x2000
+	O_NDELAY                         = 0x80
+	O_NOATIME                        = 0x40000
+	O_NOCTTY                         = 0x800
+	O_NOFOLLOW                       = 0x20000
+	O_NONBLOCK                       = 0x80
+	O_PATH                           = 0x200000
+	O_RSYNC                          = 0x4010
+	O_SYNC                           = 0x4010
+	O_TMPFILE                        = 0x410000
+	O_TRUNC                          = 0x200
+	PARENB                           = 0x100
+	PARODD                           = 0x200
+	PENDIN                           = 0x4000
+	PERF_EVENT_IOC_DISABLE           = 0x20002401
+	PERF_EVENT_IOC_ENABLE            = 0x20002400
+	PERF_EVENT_IOC_ID                = 0x40042407
+	PERF_EVENT_IOC_MODIFY_ATTRIBUTES = 0x8004240b
+	PERF_EVENT_IOC_PAUSE_OUTPUT      = 0x80042409
+	PERF_EVENT_IOC_PERIOD            = 0x80082404
+	PERF_EVENT_IOC_QUERY_BPF         = 0xc004240a
+	PERF_EVENT_IOC_REFRESH           = 0x20002402
+	PERF_EVENT_IOC_RESET             = 0x20002403
+	PERF_EVENT_IOC_SET_BPF           = 0x80042408
+	PERF_EVENT_IOC_SET_FILTER        = 0x80042406
+	PERF_EVENT_IOC_SET_OUTPUT        = 0x20002405
+	PPPIOCATTACH                     = 0x8004743d
+	PPPIOCATTCHAN                    = 0x80047438
+	PPPIOCCONNECT                    = 0x8004743a
+	PPPIOCDETACH                     = 0x8004743c
+	PPPIOCDISCONN                    = 0x20007439
+	PPPIOCGASYNCMAP                  = 0x40047458
+	PPPIOCGCHAN                      = 0x40047437
+	PPPIOCGDEBUG                     = 0x40047441
+	PPPIOCGFLAGS                     = 0x4004745a
+	PPPIOCGIDLE                      = 0x4008743f
+	PPPIOCGIDLE32                    = 0x4008743f
+	PPPIOCGIDLE64                    = 0x4010743f
+	PPPIOCGL2TPSTATS                 = 0x40487436
+	PPPIOCGMRU                       = 0x40047453
+	PPPIOCGRASYNCMAP                 = 0x40047455
+	PPPIOCGUNIT                      = 0x40047456
+	PPPIOCGXASYNCMAP                 = 0x40207450
+	PPPIOCSACTIVE                    = 0x80087446
+	PPPIOCSASYNCMAP                  = 0x80047457
+	PPPIOCSCOMPRESS                  = 0x800c744d
+	PPPIOCSDEBUG                     = 0x80047440
+	PPPIOCSFLAGS                     = 0x80047459
+	PPPIOCSMAXCID                    = 0x80047451
+	PPPIOCSMRRU                      = 0x8004743b
+	PPPIOCSMRU                       = 0x80047452
+	PPPIOCSNPMODE                    = 0x8008744b
+	PPPIOCSPASS                      = 0x80087447
+	PPPIOCSRASYNCMAP                 = 0x80047454
+	PPPIOCSXASYNCMAP                 = 0x8020744f
+	PPPIOCXFERUNIT                   = 0x2000744e
+	PR_SET_PTRACER_ANY               = 0xffffffff
+	PTRACE_GETFPREGS                 = 0xe
+	PTRACE_GET_THREAD_AREA           = 0x19
+	PTRACE_GET_THREAD_AREA_3264      = 0xc4
+	PTRACE_GET_WATCH_REGS            = 0xd0
+	PTRACE_OLDSETOPTIONS             = 0x15
+	PTRACE_PEEKDATA_3264             = 0xc1
+	PTRACE_PEEKTEXT_3264             = 0xc0
+	PTRACE_POKEDATA_3264             = 0xc3
+	PTRACE_POKETEXT_3264             = 0xc2
+	PTRACE_SETFPREGS                 = 0xf
+	PTRACE_SET_THREAD_AREA           = 0x1a
+	PTRACE_SET_WATCH_REGS            = 0xd1
+	RLIMIT_AS                        = 0x6
+	RLIMIT_MEMLOCK                   = 0x9
+	RLIMIT_NOFILE                    = 0x5
+	RLIMIT_NPROC                     = 0x8
+	RLIMIT_RSS                       = 0x7
+	RNDADDENTROPY                    = 0x80085203
+	RNDADDTOENTCNT                   = 0x80045201
+	RNDCLEARPOOL                     = 0x20005206
+	RNDGETENTCNT                     = 0x40045200
+	RNDGETPOOL                       = 0x40085202
+	RNDRESEEDCRNG                    = 0x20005207
+	RNDZAPENTCNT                     = 0x20005204
+	RTC_AIE_OFF                      = 0x20007002
+	RTC_AIE_ON                       = 0x20007001
+	RTC_ALM_READ                     = 0x40247008
+	RTC_ALM_SET                      = 0x80247007
+	RTC_EPOCH_READ                   = 0x4004700d
+	RTC_EPOCH_SET                    = 0x8004700e
+	RTC_IRQP_READ                    = 0x4004700b
+	RTC_IRQP_SET                     = 0x8004700c
+	RTC_PIE_OFF                      = 0x20007006
+	RTC_PIE_ON                       = 0x20007005
+	RTC_PLL_GET                      = 0x401c7011
+	RTC_PLL_SET                      = 0x801c7012
+	RTC_RD_TIME                      = 0x40247009
+	RTC_SET_TIME                     = 0x8024700a
+	RTC_UIE_OFF                      = 0x20007004
+	RTC_UIE_ON                       = 0x20007003
+	RTC_VL_CLR                       = 0x20007014
+	RTC_VL_READ                      = 0x40047013
+	RTC_WIE_OFF                      = 0x20007010
+	RTC_WIE_ON                       = 0x2000700f
+	RTC_WKALM_RD                     = 0x40287010
+	RTC_WKALM_SET                    = 0x8028700f
+	SCM_TIMESTAMPING                 = 0x25
+	SCM_TIMESTAMPING_OPT_STATS       = 0x36
+	SCM_TIMESTAMPING_PKTINFO         = 0x3a
+	SCM_TIMESTAMPNS                  = 0x23
+	SCM_TXTIME                       = 0x3d
+	SCM_WIFI_STATUS                  = 0x29
+	SFD_CLOEXEC                      = 0x80000
+	SFD_NONBLOCK                     = 0x80
+	SIOCATMARK                       = 0x40047307
+	SIOCGPGRP                        = 0x40047309
+	SIOCGSTAMPNS_NEW                 = 0x40108907
+	SIOCGSTAMP_NEW                   = 0x40108906
+	SIOCINQ                          = 0x467f
+	SIOCOUTQ                         = 0x7472
+	SIOCSPGRP                        = 0x80047308
+	SOCK_CLOEXEC                     = 0x80000
+	SOCK_DGRAM                       = 0x1
+	SOCK_NONBLOCK                    = 0x80
+	SOCK_STREAM                      = 0x2
+	SOL_SOCKET                       = 0xffff
+	SO_ACCEPTCONN                    = 0x1009
+	SO_ATTACH_BPF                    = 0x32
+	SO_ATTACH_REUSEPORT_CBPF         = 0x33
+	SO_ATTACH_REUSEPORT_EBPF         = 0x34
+	SO_BINDTODEVICE                  = 0x19
+	SO_BINDTOIFINDEX                 = 0x3e
+	SO_BPF_EXTENSIONS                = 0x30
+	SO_BROADCAST                     = 0x20
+	SO_BSDCOMPAT                     = 0xe
+	SO_BUSY_POLL                     = 0x2e
+	SO_CNX_ADVICE                    = 0x35
+	SO_COOKIE                        = 0x39
+	SO_DETACH_REUSEPORT_BPF          = 0x44
+	SO_DOMAIN                        = 0x1029
+	SO_DONTROUTE                     = 0x10
+	SO_ERROR                         = 0x1007
+	SO_INCOMING_CPU                  = 0x31
+	SO_INCOMING_NAPI_ID              = 0x38
+	SO_KEEPALIVE                     = 0x8
+	SO_LINGER                        = 0x80
+	SO_LOCK_FILTER                   = 0x2c
+	SO_MARK                          = 0x24
+	SO_MAX_PACING_RATE               = 0x2f
+	SO_MEMINFO                       = 0x37
+	SO_NOFCS                         = 0x2b
+	SO_OOBINLINE                     = 0x100
+	SO_PASSCRED                      = 0x11
+	SO_PASSSEC                       = 0x22
+	SO_PEEK_OFF                      = 0x2a
+	SO_PEERCRED                      = 0x12
+	SO_PEERGROUPS                    = 0x3b
+	SO_PEERSEC                       = 0x1e
+	SO_PROTOCOL                      = 0x1028
+	SO_RCVBUF                        = 0x1002
+	SO_RCVBUFFORCE                   = 0x21
+	SO_RCVLOWAT                      = 0x1004
+	SO_RCVTIMEO                      = 0x1006
+	SO_RCVTIMEO_NEW                  = 0x42
+	SO_RCVTIMEO_OLD                  = 0x1006
+	SO_REUSEADDR                     = 0x4
+	SO_REUSEPORT                     = 0x200
+	SO_RXQ_OVFL                      = 0x28
+	SO_SECURITY_AUTHENTICATION       = 0x16
+	SO_SECURITY_ENCRYPTION_NETWORK   = 0x18
+	SO_SECURITY_ENCRYPTION_TRANSPORT = 0x17
+	SO_SELECT_ERR_QUEUE              = 0x2d
+	SO_SNDBUF                        = 0x1001
+	SO_SNDBUFFORCE                   = 0x1f
+	SO_SNDLOWAT                      = 0x1003
+	SO_SNDTIMEO                      = 0x1005
+	SO_SNDTIMEO_NEW                  = 0x43
+	SO_SNDTIMEO_OLD                  = 0x1005
+	SO_STYLE                         = 0x1008
+	SO_TIMESTAMPING                  = 0x25
+	SO_TIMESTAMPING_NEW              = 0x41
+	SO_TIMESTAMPING_OLD              = 0x25
+	SO_TIMESTAMPNS                   = 0x23
+	SO_TIMESTAMPNS_NEW               = 0x40
+	SO_TIMESTAMPNS_OLD               = 0x23
+	SO_TIMESTAMP_NEW                 = 0x3f
+	SO_TXTIME                        = 0x3d
+	SO_TYPE                          = 0x1008
+	SO_WIFI_STATUS                   = 0x29
+	SO_ZEROCOPY                      = 0x3c
+	TAB1                             = 0x800
+	TAB2                             = 0x1000
+	TAB3                             = 0x1800
+	TABDLY                           = 0x1800
+	TCFLSH                           = 0x5407
+	TCGETA                           = 0x5401
+	TCGETS                           = 0x540d
+	TCGETS2                          = 0x4030542a
+	TCSAFLUSH                        = 0x5410
+	TCSBRK                           = 0x5405
+	TCSBRKP                          = 0x5486
+	TCSETA                           = 0x5402
+	TCSETAF                          = 0x5404
+	TCSETAW                          = 0x5403
+	TCSETS                           = 0x540e
+	TCSETS2                          = 0x8030542b
+	TCSETSF                          = 0x5410
+	TCSETSF2                         = 0x8030542d
+	TCSETSW                          = 0x540f
+	TCSETSW2                         = 0x8030542c
+	TCXONC                           = 0x5406
+	TFD_CLOEXEC                      = 0x80000
+	TFD_NONBLOCK                     = 0x80
+	TIOCCBRK                         = 0x5428
+	TIOCCONS                         = 0x80047478
+	TIOCEXCL                         = 0x740d
+	TIOCGDEV                         = 0x40045432
+	TIOCGETD                         = 0x7400
+	TIOCGETP                         = 0x7408
+	TIOCGEXCL                        = 0x40045440
+	TIOCGICOUNT                      = 0x5492
+	TIOCGISO7816                     = 0x40285442
+	TIOCGLCKTRMIOS                   = 0x548b
+	TIOCGLTC                         = 0x7474
+	TIOCGPGRP                        = 0x40047477
+	TIOCGPKT                         = 0x40045438
+	TIOCGPTLCK                       = 0x40045439
+	TIOCGPTN                         = 0x40045430
+	TIOCGPTPEER                      = 0x20005441
+	TIOCGRS485                       = 0x4020542e
+	TIOCGSERIAL                      = 0x5484
+	TIOCGSID                         = 0x7416
+	TIOCGSOFTCAR                     = 0x5481
+	TIOCGWINSZ                       = 0x40087468
+	TIOCINQ                          = 0x467f
+	TIOCLINUX                        = 0x5483
+	TIOCMBIC                         = 0x741c
+	TIOCMBIS                         = 0x741b
+	TIOCMGET                         = 0x741d
+	TIOCMIWAIT                       = 0x5491
+	TIOCMSET                         = 0x741a
+	TIOCM_CAR                        = 0x100
+	TIOCM_CD                         = 0x100
+	TIOCM_CTS                        = 0x40
+	TIOCM_DSR                        = 0x400
+	TIOCM_RI                         = 0x200
+	TIOCM_RNG                        = 0x200
+	TIOCM_SR                         = 0x20
+	TIOCM_ST                         = 0x10
+	TIOCNOTTY                        = 0x5471
+	TIOCNXCL                         = 0x740e
+	TIOCOUTQ                         = 0x7472
+	TIOCPKT                          = 0x5470
+	TIOCSBRK                         = 0x5427
+	TIOCSCTTY                        = 0x5480
+	TIOCSERCONFIG                    = 0x5488
+	TIOCSERGETLSR                    = 0x548e
+	TIOCSERGETMULTI                  = 0x548f
+	TIOCSERGSTRUCT                   = 0x548d
+	TIOCSERGWILD                     = 0x5489
+	TIOCSERSETMULTI                  = 0x5490
+	TIOCSERSWILD                     = 0x548a
+	TIOCSER_TEMT                     = 0x1
+	TIOCSETD                         = 0x7401
+	TIOCSETN                         = 0x740a
+	TIOCSETP                         = 0x7409
+	TIOCSIG                          = 0x80045436
+	TIOCSISO7816                     = 0xc0285443
+	TIOCSLCKTRMIOS                   = 0x548c
+	TIOCSLTC                         = 0x7475
+	TIOCSPGRP                        = 0x80047476
+	TIOCSPTLCK                       = 0x80045431
+	TIOCSRS485                       = 0xc020542f
+	TIOCSSERIAL                      = 0x5485
+	TIOCSSOFTCAR                     = 0x5482
+	TIOCSTI                          = 0x5472
+	TIOCSWINSZ                       = 0x80087467
+	TIOCVHANGUP                      = 0x5437
+	TOSTOP                           = 0x8000
+	TUNATTACHFILTER                  = 0x800854d5
+	TUNDETACHFILTER                  = 0x800854d6
+	TUNGETDEVNETNS                   = 0x200054e3
+	TUNGETFEATURES                   = 0x400454cf
+	TUNGETFILTER                     = 0x400854db
+	TUNGETIFF                        = 0x400454d2
+	TUNGETSNDBUF                     = 0x400454d3
+	TUNGETVNETBE                     = 0x400454df
+	TUNGETVNETHDRSZ                  = 0x400454d7
+	TUNGETVNETLE                     = 0x400454dd
+	TUNSETCARRIER                    = 0x800454e2
+	TUNSETDEBUG                      = 0x800454c9
+	TUNSETFILTEREBPF                 = 0x400454e1
+	TUNSETGROUP                      = 0x800454ce
+	TUNSETIFF                        = 0x800454ca
+	TUNSETIFINDEX                    = 0x800454da
+	TUNSETLINK                       = 0x800454cd
+	TUNSETNOCSUM                     = 0x800454c8
+	TUNSETOFFLOAD                    = 0x800454d0
+	TUNSETOWNER                      = 0x800454cc
+	TUNSETPERSIST                    = 0x800454cb
+	TUNSETQUEUE                      = 0x800454d9
+	TUNSETSNDBUF                     = 0x800454d4
+	TUNSETSTEERINGEBPF               = 0x400454e0
+	TUNSETTXFILTER                   = 0x800454d1
+	TUNSETVNETBE                     = 0x800454de
+	TUNSETVNETHDRSZ                  = 0x800454d8
+	TUNSETVNETLE                     = 0x800454dc
+	UBI_IOCATT                       = 0x80186f40
+	UBI_IOCDET                       = 0x80046f41
+	UBI_IOCEBCH                      = 0x80044f02
+	UBI_IOCEBER                      = 0x80044f01
+	UBI_IOCEBISMAP                   = 0x40044f05
+	UBI_IOCEBMAP                     = 0x80084f03
+	UBI_IOCEBUNMAP                   = 0x80044f04
+	UBI_IOCMKVOL                     = 0x80986f00
+	UBI_IOCRMVOL                     = 0x80046f01
+	UBI_IOCRNVOL                     = 0x91106f03
+	UBI_IOCRPEB                      = 0x80046f04
+	UBI_IOCRSVOL                     = 0x800c6f02
+	UBI_IOCSETVOLPROP                = 0x80104f06
+	UBI_IOCSPEB                      = 0x80046f05
+	UBI_IOCVOLCRBLK                  = 0x80804f07
+	UBI_IOCVOLRMBLK                  = 0x20004f08
+	UBI_IOCVOLUP                     = 0x80084f00
+	VDISCARD                         = 0xd
+	VEOF                             = 0x10
+	VEOL                             = 0x11
+	VEOL2                            = 0x6
+	VMIN                             = 0x4
+	VREPRINT                         = 0xc
+	VSTART                           = 0x8
+	VSTOP                            = 0x9
+	VSUSP                            = 0xa
+	VSWTC                            = 0x7
+	VSWTCH                           = 0x7
+	VT1                              = 0x4000
+	VTDLY                            = 0x4000
+	VTIME                            = 0x5
+	VWERASE                          = 0xe
+	WDIOC_GETBOOTSTATUS              = 0x40045702
+	WDIOC_GETPRETIMEOUT              = 0x40045709
+	WDIOC_GETSTATUS                  = 0x40045701
+	WDIOC_GETSUPPORT                 = 0x40285700
+	WDIOC_GETTEMP                    = 0x40045703
+	WDIOC_GETTIMELEFT                = 0x4004570a
+	WDIOC_GETTIMEOUT                 = 0x40045707
+	WDIOC_KEEPALIVE                  = 0x40045705
+	WDIOC_SETOPTIONS                 = 0x40045704
+	WORDSIZE                         = 0x20
+	XCASE                            = 0x4
+	XTABS                            = 0x1800
+)
+
+// Errors
+const (
+	EADDRINUSE      = syscall.Errno(0x7d)
+	EADDRNOTAVAIL   = syscall.Errno(0x7e)
+	EADV            = syscall.Errno(0x44)
+	EAFNOSUPPORT    = syscall.Errno(0x7c)
+	EALREADY        = syscall.Errno(0x95)
+	EBADE           = syscall.Errno(0x32)
+	EBADFD          = syscall.Errno(0x51)
+	EBADMSG         = syscall.Errno(0x4d)
+	EBADR           = syscall.Errno(0x33)
+	EBADRQC         = syscall.Errno(0x36)
+	EBADSLT         = syscall.Errno(0x37)
+	EBFONT          = syscall.Errno(0x3b)
+	ECANCELED       = syscall.Errno(0x9e)
+	ECHRNG          = syscall.Errno(0x25)
+	ECOMM           = syscall.Errno(0x46)
+	ECONNABORTED    = syscall.Errno(0x82)
+	ECONNREFUSED    = syscall.Errno(0x92)
+	ECONNRESET      = syscall.Errno(0x83)
+	EDEADLK         = syscall.Errno(0x2d)
+	EDEADLOCK       = syscall.Errno(0x38)
+	EDESTADDRREQ    = syscall.Errno(0x60)
+	EDOTDOT         = syscall.Errno(0x49)
+	EDQUOT          = syscall.Errno(0x46d)
+	EHOSTDOWN       = syscall.Errno(0x93)
+	EHOSTUNREACH    = syscall.Errno(0x94)
+	EHWPOISON       = syscall.Errno(0xa8)
+	EIDRM           = syscall.Errno(0x24)
+	EILSEQ          = syscall.Errno(0x58)
+	EINIT           = syscall.Errno(0x8d)
+	EINPROGRESS     = syscall.Errno(0x96)
+	EISCONN         = syscall.Errno(0x85)
+	EISNAM          = syscall.Errno(0x8b)
+	EKEYEXPIRED     = syscall.Errno(0xa2)
+	EKEYREJECTED    = syscall.Errno(0xa4)
+	EKEYREVOKED     = syscall.Errno(0xa3)
+	EL2HLT          = syscall.Errno(0x2c)
+	EL2NSYNC        = syscall.Errno(0x26)
+	EL3HLT          = syscall.Errno(0x27)
+	EL3RST          = syscall.Errno(0x28)
+	ELIBACC         = syscall.Errno(0x53)
+	ELIBBAD         = syscall.Errno(0x54)
+	ELIBEXEC        = syscall.Errno(0x57)
+	ELIBMAX         = syscall.Errno(0x56)
+	ELIBSCN         = syscall.Errno(0x55)
+	ELNRNG          = syscall.Errno(0x29)
+	ELOOP           = syscall.Errno(0x5a)
+	EMEDIUMTYPE     = syscall.Errno(0xa0)
+	EMSGSIZE        = syscall.Errno(0x61)
+	EMULTIHOP       = syscall.Errno(0x4a)
+	ENAMETOOLONG    = syscall.Errno(0x4e)
+	ENAVAIL         = syscall.Errno(0x8a)
+	ENETDOWN        = syscall.Errno(0x7f)
+	ENETRESET       = syscall.Errno(0x81)
+	ENETUNREACH     = syscall.Errno(0x80)
+	ENOANO          = syscall.Errno(0x35)
+	ENOBUFS         = syscall.Errno(0x84)
+	ENOCSI          = syscall.Errno(0x2b)
+	ENODATA         = syscall.Errno(0x3d)
+	ENOKEY          = syscall.Errno(0xa1)
+	ENOLCK          = syscall.Errno(0x2e)
+	ENOLINK         = syscall.Errno(0x43)
+	ENOMEDIUM       = syscall.Errno(0x9f)
+	ENOMSG          = syscall.Errno(0x23)
+	ENONET          = syscall.Errno(0x40)
+	ENOPKG          = syscall.Errno(0x41)
+	ENOPROTOOPT     = syscall.Errno(0x63)
+	ENOSR           = syscall.Errno(0x3f)
+	ENOSTR          = syscall.Errno(0x3c)
+	ENOSYS          = syscall.Errno(0x59)
+	ENOTCONN        = syscall.Errno(0x86)
+	ENOTEMPTY       = syscall.Errno(0x5d)
+	ENOTNAM         = syscall.Errno(0x89)
+	ENOTRECOVERABLE = syscall.Errno(0xa6)
+	ENOTSOCK        = syscall.Errno(0x5f)
+	ENOTSUP         = syscall.Errno(0x7a)
+	ENOTUNIQ        = syscall.Errno(0x50)
+	EOPNOTSUPP      = syscall.Errno(0x7a)
+	EOVERFLOW       = syscall.Errno(0x4f)
+	EOWNERDEAD      = syscall.Errno(0xa5)
+	EPFNOSUPPORT    = syscall.Errno(0x7b)
+	EPROTO          = syscall.Errno(0x47)
+	EPROTONOSUPPORT = syscall.Errno(0x78)
+	EPROTOTYPE      = syscall.Errno(0x62)
+	EREMCHG         = syscall.Errno(0x52)
+	EREMDEV         = syscall.Errno(0x8e)
+	EREMOTE         = syscall.Errno(0x42)
+	EREMOTEIO       = syscall.Errno(0x8c)
+	ERESTART        = syscall.Errno(0x5b)
+	ERFKILL         = syscall.Errno(0xa7)
+	ESHUTDOWN       = syscall.Errno(0x8f)
+	ESOCKTNOSUPPORT = syscall.Errno(0x79)
+	ESRMNT          = syscall.Errno(0x45)
+	ESTALE          = syscall.Errno(0x97)
+	ESTRPIPE        = syscall.Errno(0x5c)
+	ETIME           = syscall.Errno(0x3e)
+	ETIMEDOUT       = syscall.Errno(0x91)
+	ETOOMANYREFS    = syscall.Errno(0x90)
+	EUCLEAN         = syscall.Errno(0x87)
+	EUNATCH         = syscall.Errno(0x2a)
+	EUSERS          = syscall.Errno(0x5e)
+	EXFULL          = syscall.Errno(0x34)
+)
+
+// Signals
+const (
+	SIGBUS    = syscall.Signal(0xa)
+	SIGCHLD   = syscall.Signal(0x12)
+	SIGCLD    = syscall.Signal(0x12)
+	SIGCONT   = syscall.Signal(0x19)
+	SIGEMT    = syscall.Signal(0x7)
+	SIGIO     = syscall.Signal(0x16)
+	SIGPOLL   = syscall.Signal(0x16)
+	SIGPROF   = syscall.Signal(0x1d)
+	SIGPWR    = syscall.Signal(0x13)
+	SIGSTOP   = syscall.Signal(0x17)
+	SIGSYS    = syscall.Signal(0xc)
+	SIGTSTP   = syscall.Signal(0x18)
+	SIGTTIN   = syscall.Signal(0x1a)
+	SIGTTOU   = syscall.Signal(0x1b)
+	SIGURG    = syscall.Signal(0x15)
+	SIGUSR1   = syscall.Signal(0x10)
+	SIGUSR2   = syscall.Signal(0x11)
+	SIGVTALRM = syscall.Signal(0x1c)
+	SIGWINCH  = syscall.Signal(0x14)
+	SIGXCPU   = syscall.Signal(0x1e)
+	SIGXFSZ   = syscall.Signal(0x1f)
+)
+
+// Error table
+var errorList = [...]struct {
+	num  syscall.Errno
+	name string
+	desc string
+}{
+	{1, "EPERM", "operation not permitted"},
+	{2, "ENOENT", "no such file or directory"},
+	{3, "ESRCH", "no such process"},
+	{4, "EINTR", "interrupted system call"},
+	{5, "EIO", "input/output error"},
+	{6, "ENXIO", "no such device or address"},
+	{7, "E2BIG", "argument list too long"},
+	{8, "ENOEXEC", "exec format error"},
+	{9, "EBADF", "bad file descriptor"},
+	{10, "ECHILD", "no child processes"},
+	{11, "EAGAIN", "resource temporarily unavailable"},
+	{12, "ENOMEM", "cannot allocate memory"},
+	{13, "EACCES", "permission denied"},
+	{14, "EFAULT", "bad address"},
+	{15, "ENOTBLK", "block device required"},
+	{16, "EBUSY", "device or resource busy"},
+	{17, "EEXIST", "file exists"},
+	{18, "EXDEV", "invalid cross-device link"},
+	{19, "ENODEV", "no such device"},
+	{20, "ENOTDIR", "not a directory"},
+	{21, "EISDIR", "is a directory"},
+	{22, "EINVAL", "invalid argument"},
+	{23, "ENFILE", "too many open files in system"},
+	{24, "EMFILE", "too many open files"},
+	{25, "ENOTTY", "inappropriate ioctl for device"},
+	{26, "ETXTBSY", "text file busy"},
+	{27, "EFBIG", "file too large"},
+	{28, "ENOSPC", "no space left on device"},
+	{29, "ESPIPE", "illegal seek"},
+	{30, "EROFS", "read-only file system"},
+	{31, "EMLINK", "too many links"},
+	{32, "EPIPE", "broken pipe"},
+	{33, "EDOM", "numerical argument out of domain"},
+	{34, "ERANGE", "numerical result out of range"},
+	{35, "ENOMSG", "no message of desired type"},
+	{36, "EIDRM", "identifier removed"},
+	{37, "ECHRNG", "channel number out of range"},
+	{38, "EL2NSYNC", "level 2 not synchronized"},
+	{39, "EL3HLT", "level 3 halted"},
+	{40, "EL3RST", "level 3 reset"},
+	{41, "ELNRNG", "link number out of range"},
+	{42, "EUNATCH", "protocol driver not attached"},
+	{43, "ENOCSI", "no CSI structure available"},
+	{44, "EL2HLT", "level 2 halted"},
+	{45, "EDEADLK", "resource deadlock avoided"},
+	{46, "ENOLCK", "no locks available"},
+	{50, "EBADE", "invalid exchange"},
+	{51, "EBADR", "invalid request descriptor"},
+	{52, "EXFULL", "exchange full"},
+	{53, "ENOANO", "no anode"},
+	{54, "EBADRQC", "invalid request code"},
+	{55, "EBADSLT", "invalid slot"},
+	{56, "EDEADLOCK", "file locking deadlock error"},
+	{59, "EBFONT", "bad font file format"},
+	{60, "ENOSTR", "device not a stream"},
+	{61, "ENODATA", "no data available"},
+	{62, "ETIME", "timer expired"},
+	{63, "ENOSR", "out of streams resources"},
+	{64, "ENONET", "machine is not on the network"},
+	{65, "ENOPKG", "package not installed"},
+	{66, "EREMOTE", "object is remote"},
+	{67, "ENOLINK", "link has been severed"},
+	{68, "EADV", "advertise error"},
+	{69, "ESRMNT", "srmount error"},
+	{70, "ECOMM", "communication error on send"},
+	{71, "EPROTO", "protocol error"},
+	{73, "EDOTDOT", "RFS specific error"},
+	{74, "EMULTIHOP", "multihop attempted"},
+	{77, "EBADMSG", "bad message"},
+	{78, "ENAMETOOLONG", "file name too long"},
+	{79, "EOVERFLOW", "value too large for defined data type"},
+	{80, "ENOTUNIQ", "name not unique on network"},
+	{81, "EBADFD", "file descriptor in bad state"},
+	{82, "EREMCHG", "remote address changed"},
+	{83, "ELIBACC", "can not access a needed shared library"},
+	{84, "ELIBBAD", "accessing a corrupted shared library"},
+	{85, "ELIBSCN", ".lib section in a.out corrupted"},
+	{86, "ELIBMAX", "attempting to link in too many shared libraries"},
+	{87, "ELIBEXEC", "cannot exec a shared library directly"},
+	{88, "EILSEQ", "invalid or incomplete multibyte or wide character"},
+	{89, "ENOSYS", "function not implemented"},
+	{90, "ELOOP", "too many levels of symbolic links"},
+	{91, "ERESTART", "interrupted system call should be restarted"},
+	{92, "ESTRPIPE", "streams pipe error"},
+	{93, "ENOTEMPTY", "directory not empty"},
+	{94, "EUSERS", "too many users"},
+	{95, "ENOTSOCK", "socket operation on non-socket"},
+	{96, "EDESTADDRREQ", "destination address required"},
+	{97, "EMSGSIZE", "message too long"},
+	{98, "EPROTOTYPE", "protocol wrong type for socket"},
+	{99, "ENOPROTOOPT", "protocol not available"},
+	{120, "EPROTONOSUPPORT", "protocol not supported"},
+	{121, "ESOCKTNOSUPPORT", "socket type not supported"},
+	{122, "ENOTSUP", "operation not supported"},
+	{123, "EPFNOSUPPORT", "protocol family not supported"},
+	{124, "EAFNOSUPPORT", "address family not supported by protocol"},
+	{125, "EADDRINUSE", "address already in use"},
+	{126, "EADDRNOTAVAIL", "cannot assign requested address"},
+	{127, "ENETDOWN", "network is down"},
+	{128, "ENETUNREACH", "network is unreachable"},
+	{129, "ENETRESET", "network dropped connection on reset"},
+	{130, "ECONNABORTED", "software caused connection abort"},
+	{131, "ECONNRESET", "connection reset by peer"},
+	{132, "ENOBUFS", "no buffer space available"},
+	{133, "EISCONN", "transport endpoint is already connected"},
+	{134, "ENOTCONN", "transport endpoint is not connected"},
+	{135, "EUCLEAN", "structure needs cleaning"},
+	{137, "ENOTNAM", "not a XENIX named type file"},
+	{138, "ENAVAIL", "no XENIX semaphores available"},
+	{139, "EISNAM", "is a named type file"},
+	{140, "EREMOTEIO", "remote I/O error"},
+	{141, "EINIT", "unknown error 141"},
+	{142, "EREMDEV", "unknown error 142"},
+	{143, "ESHUTDOWN", "cannot send after transport endpoint shutdown"},
+	{144, "ETOOMANYREFS", "too many references: cannot splice"},
+	{145, "ETIMEDOUT", "connection timed out"},
+	{146, "ECONNREFUSED", "connection refused"},
+	{147, "EHOSTDOWN", "host is down"},
+	{148, "EHOSTUNREACH", "no route to host"},
+	{149, "EALREADY", "operation already in progress"},
+	{150, "EINPROGRESS", "operation now in progress"},
+	{151, "ESTALE", "stale file handle"},
+	{158, "ECANCELED", "operation canceled"},
+	{159, "ENOMEDIUM", "no medium found"},
+	{160, "EMEDIUMTYPE", "wrong medium type"},
+	{161, "ENOKEY", "required key not available"},
+	{162, "EKEYEXPIRED", "key has expired"},
+	{163, "EKEYREVOKED", "key has been revoked"},
+	{164, "EKEYREJECTED", "key was rejected by service"},
+	{165, "EOWNERDEAD", "owner died"},
+	{166, "ENOTRECOVERABLE", "state not recoverable"},
+	{167, "ERFKILL", "operation not possible due to RF-kill"},
+	{168, "EHWPOISON", "memory page has hardware error"},
+	{1133, "EDQUOT", "disk quota exceeded"},
+}
+
+// Signal table
+var signalList = [...]struct {
+	num  syscall.Signal
+	name string
+	desc string
+}{
+	{1, "SIGHUP", "hangup"},
+	{2, "SIGINT", "interrupt"},
+	{3, "SIGQUIT", "quit"},
+	{4, "SIGILL", "illegal instruction"},
+	{5, "SIGTRAP", "trace/breakpoint trap"},
+	{6, "SIGABRT", "aborted"},
+	{7, "SIGEMT", "EMT trap"},
+	{8, "SIGFPE", "floating point exception"},
+	{9, "SIGKILL", "killed"},
+	{10, "SIGBUS", "bus error"},
+	{11, "SIGSEGV", "segmentation fault"},
+	{12, "SIGSYS", "bad system call"},
+	{13, "SIGPIPE", "broken pipe"},
+	{14, "SIGALRM", "alarm clock"},
+	{15, "SIGTERM", "terminated"},
+	{16, "SIGUSR1", "user defined signal 1"},
+	{17, "SIGUSR2", "user defined signal 2"},
+	{18, "SIGCHLD", "child exited"},
+	{19, "SIGPWR", "power failure"},
+	{20, "SIGWINCH", "window changed"},
+	{21, "SIGURG", "urgent I/O condition"},
+	{22, "SIGIO", "I/O possible"},
+	{23, "SIGSTOP", "stopped (signal)"},
+	{24, "SIGTSTP", "stopped"},
+	{25, "SIGCONT", "continued"},
+	{26, "SIGTTIN", "stopped (tty input)"},
+	{27, "SIGTTOU", "stopped (tty output)"},
+	{28, "SIGVTALRM", "virtual timer expired"},
+	{29, "SIGPROF", "profiling timer expired"},
+	{30, "SIGXCPU", "CPU time limit exceeded"},
+	{31, "SIGXFSZ", "file size limit exceeded"},
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
new file mode 100644
index 000000000..941e20dac
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
@@ -0,0 +1,853 @@
+// mkerrors.sh -Wall -Werror -static -I/tmp/include
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build ppc64,linux
+
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include _const.go
+
+package unix
+
+import "syscall"
+
+const (
+	B1000000                         = 0x17
+	B115200                          = 0x11
+	B1152000                         = 0x18
+	B1500000                         = 0x19
+	B2000000                         = 0x1a
+	B230400                          = 0x12
+	B2500000                         = 0x1b
+	B3000000                         = 0x1c
+	B3500000                         = 0x1d
+	B4000000                         = 0x1e
+	B460800                          = 0x13
+	B500000                          = 0x14
+	B57600                           = 0x10
+	B576000                          = 0x15
+	B921600                          = 0x16
+	BLKBSZGET                        = 0x40081270
+	BLKBSZSET                        = 0x80081271
+	BLKFLSBUF                        = 0x20001261
+	BLKFRAGET                        = 0x20001265
+	BLKFRASET                        = 0x20001264
+	BLKGETSIZE                       = 0x20001260
+	BLKGETSIZE64                     = 0x40081272
+	BLKPBSZGET                       = 0x2000127b
+	BLKRAGET                         = 0x20001263
+	BLKRASET                         = 0x20001262
+	BLKROGET                         = 0x2000125e
+	BLKROSET                         = 0x2000125d
+	BLKRRPART                        = 0x2000125f
+	BLKSECTGET                       = 0x20001267
+	BLKSECTSET                       = 0x20001266
+	BLKSSZGET                        = 0x20001268
+	BOTHER                           = 0x1f
+	BS1                              = 0x8000
+	BSDLY                            = 0x8000
+	CBAUD                            = 0xff
+	CBAUDEX                          = 0x0
+	CIBAUD                           = 0xff0000
+	CLOCAL                           = 0x8000
+	CR1                              = 0x1000
+	CR2                              = 0x2000
+	CR3                              = 0x3000
+	CRDLY                            = 0x3000
+	CREAD                            = 0x800
+	CS6                              = 0x100
+	CS7                              = 0x200
+	CS8                              = 0x300
+	CSIZE                            = 0x300
+	CSTOPB                           = 0x400
+	ECHOCTL                          = 0x40
+	ECHOE                            = 0x2
+	ECHOK                            = 0x4
+	ECHOKE                           = 0x1
+	ECHONL                           = 0x10
+	ECHOPRT                          = 0x20
+	EFD_CLOEXEC                      = 0x80000
+	EFD_NONBLOCK                     = 0x800
+	EPOLL_CLOEXEC                    = 0x80000
+	EXTPROC                          = 0x10000000
+	FF1                              = 0x4000
+	FFDLY                            = 0x4000
+	FICLONE                          = 0x80049409
+	FICLONERANGE                     = 0x8020940d
+	FLUSHO                           = 0x800000
+	FS_IOC_ENABLE_VERITY             = 0x80806685
+	FS_IOC_GETFLAGS                  = 0x40086601
+	FS_IOC_GET_ENCRYPTION_NONCE      = 0x4010661b
+	FS_IOC_GET_ENCRYPTION_POLICY     = 0x800c6615
+	FS_IOC_GET_ENCRYPTION_PWSALT     = 0x80106614
+	FS_IOC_SETFLAGS                  = 0x80086602
+	FS_IOC_SET_ENCRYPTION_POLICY     = 0x400c6613
+	F_GETLK                          = 0x5
+	F_GETLK64                        = 0xc
+	F_GETOWN                         = 0x9
+	F_RDLCK                          = 0x0
+	F_SETLK                          = 0x6
+	F_SETLK64                        = 0xd
+	F_SETLKW                         = 0x7
+	F_SETLKW64                       = 0xe
+	F_SETOWN                         = 0x8
+	F_UNLCK                          = 0x2
+	F_WRLCK                          = 0x1
+	HUPCL                            = 0x4000
+	ICANON                           = 0x100
+	IEXTEN                           = 0x400
+	IN_CLOEXEC                       = 0x80000
+	IN_NONBLOCK                      = 0x800
+	IOCTL_VM_SOCKETS_GET_LOCAL_CID   = 0x200007b9
+	ISIG                             = 0x80
+	IUCLC                            = 0x1000
+	IXOFF                            = 0x400
+	IXON                             = 0x200
+	MAP_ANON                         = 0x20
+	MAP_ANONYMOUS                    = 0x20
+	MAP_DENYWRITE                    = 0x800
+	MAP_EXECUTABLE                   = 0x1000
+	MAP_GROWSDOWN                    = 0x100
+	MAP_HUGETLB                      = 0x40000
+	MAP_LOCKED                       = 0x80
+	MAP_NONBLOCK                     = 0x10000
+	MAP_NORESERVE                    = 0x40
+	MAP_POPULATE                     = 0x8000
+	MAP_STACK                        = 0x20000
+	MAP_SYNC                         = 0x80000
+	MCL_CURRENT                      = 0x2000
+	MCL_FUTURE                       = 0x4000
+	MCL_ONFAULT                      = 0x8000
+	NFDBITS                          = 0x40
+	NL2                              = 0x200
+	NL3                              = 0x300
+	NLDLY                            = 0x300
+	NOFLSH                           = 0x80000000
+	NS_GET_NSTYPE                    = 0x2000b703
+	NS_GET_OWNER_UID                 = 0x2000b704
+	NS_GET_PARENT                    = 0x2000b702
+	NS_GET_USERNS                    = 0x2000b701
+	OLCUC                            = 0x4
+	ONLCR                            = 0x2
+	O_APPEND                         = 0x400
+	O_ASYNC                          = 0x2000
+	O_CLOEXEC                        = 0x80000
+	O_CREAT                          = 0x40
+	O_DIRECT                         = 0x20000
+	O_DIRECTORY                      = 0x4000
+	O_DSYNC                          = 0x1000
+	O_EXCL                           = 0x80
+	O_FSYNC                          = 0x101000
+	O_LARGEFILE                      = 0x0
+	O_NDELAY                         = 0x800
+	O_NOATIME                        = 0x40000
+	O_NOCTTY                         = 0x100
+	O_NOFOLLOW                       = 0x8000
+	O_NONBLOCK                       = 0x800
+	O_PATH                           = 0x200000
+	O_RSYNC                          = 0x101000
+	O_SYNC                           = 0x101000
+	O_TMPFILE                        = 0x404000
+	O_TRUNC                          = 0x200
+	PARENB                           = 0x1000
+	PARODD                           = 0x2000
+	PENDIN                           = 0x20000000
+	PERF_EVENT_IOC_DISABLE           = 0x20002401
+	PERF_EVENT_IOC_ENABLE            = 0x20002400
+	PERF_EVENT_IOC_ID                = 0x40082407
+	PERF_EVENT_IOC_MODIFY_ATTRIBUTES = 0x8008240b
+	PERF_EVENT_IOC_PAUSE_OUTPUT      = 0x80042409
+	PERF_EVENT_IOC_PERIOD            = 0x80082404
+	PERF_EVENT_IOC_QUERY_BPF         = 0xc008240a
+	PERF_EVENT_IOC_REFRESH           = 0x20002402
+	PERF_EVENT_IOC_RESET             = 0x20002403
+	PERF_EVENT_IOC_SET_BPF           = 0x80042408
+	PERF_EVENT_IOC_SET_FILTER        = 0x80082406
+	PERF_EVENT_IOC_SET_OUTPUT        = 0x20002405
+	PPPIOCATTACH                     = 0x8004743d
+	PPPIOCATTCHAN                    = 0x80047438
+	PPPIOCCONNECT                    = 0x8004743a
+	PPPIOCDETACH                     = 0x8004743c
+	PPPIOCDISCONN                    = 0x20007439
+	PPPIOCGASYNCMAP                  = 0x40047458
+	PPPIOCGCHAN                      = 0x40047437
+	PPPIOCGDEBUG                     = 0x40047441
+	PPPIOCGFLAGS                     = 0x4004745a
+	PPPIOCGIDLE                      = 0x4010743f
+	PPPIOCGIDLE32                    = 0x4008743f
+	PPPIOCGIDLE64                    = 0x4010743f
+	PPPIOCGL2TPSTATS                 = 0x40487436
+	PPPIOCGMRU                       = 0x40047453
+	PPPIOCGRASYNCMAP                 = 0x40047455
+	PPPIOCGUNIT                      = 0x40047456
+	PPPIOCGXASYNCMAP                 = 0x40207450
+	PPPIOCSACTIVE                    = 0x80107446
+	PPPIOCSASYNCMAP                  = 0x80047457
+	PPPIOCSCOMPRESS                  = 0x8010744d
+	PPPIOCSDEBUG                     = 0x80047440
+	PPPIOCSFLAGS                     = 0x80047459
+	PPPIOCSMAXCID                    = 0x80047451
+	PPPIOCSMRRU                      = 0x8004743b
+	PPPIOCSMRU                       = 0x80047452
+	PPPIOCSNPMODE                    = 0x8008744b
+	PPPIOCSPASS                      = 0x80107447
+	PPPIOCSRASYNCMAP                 = 0x80047454
+	PPPIOCSXASYNCMAP                 = 0x8020744f
+	PPPIOCXFERUNIT                   = 0x2000744e
+	PROT_SAO                         = 0x10
+	PR_SET_PTRACER_ANY               = 0xffffffffffffffff
+	PTRACE_GETEVRREGS                = 0x14
+	PTRACE_GETFPREGS                 = 0xe
+	PTRACE_GETREGS64                 = 0x16
+	PTRACE_GETVRREGS                 = 0x12
+	PTRACE_GETVSRREGS                = 0x1b
+	PTRACE_GET_DEBUGREG              = 0x19
+	PTRACE_SETEVRREGS                = 0x15
+	PTRACE_SETFPREGS                 = 0xf
+	PTRACE_SETREGS64                 = 0x17
+	PTRACE_SETVRREGS                 = 0x13
+	PTRACE_SETVSRREGS                = 0x1c
+	PTRACE_SET_DEBUGREG              = 0x1a
+	PTRACE_SINGLEBLOCK               = 0x100
+	PTRACE_SYSEMU                    = 0x1d
+	PTRACE_SYSEMU_SINGLESTEP         = 0x1e
+	PT_CCR                           = 0x26
+	PT_CTR                           = 0x23
+	PT_DAR                           = 0x29
+	PT_DSCR                          = 0x2c
+	PT_DSISR                         = 0x2a
+	PT_FPR0                          = 0x30
+	PT_FPSCR                         = 0x50
+	PT_LNK                           = 0x24
+	PT_MSR                           = 0x21
+	PT_NIP                           = 0x20
+	PT_ORIG_R3                       = 0x22
+	PT_R0                            = 0x0
+	PT_R1                            = 0x1
+	PT_R10                           = 0xa
+	PT_R11                           = 0xb
+	PT_R12                           = 0xc
+	PT_R13                           = 0xd
+	PT_R14                           = 0xe
+	PT_R15                           = 0xf
+	PT_R16                           = 0x10
+	PT_R17                           = 0x11
+	PT_R18                           = 0x12
+	PT_R19                           = 0x13
+	PT_R2                            = 0x2
+	PT_R20                           = 0x14
+	PT_R21                           = 0x15
+	PT_R22                           = 0x16
+	PT_R23                           = 0x17
+	PT_R24                           = 0x18
+	PT_R25                           = 0x19
+	PT_R26                           = 0x1a
+	PT_R27                           = 0x1b
+	PT_R28                           = 0x1c
+	PT_R29                           = 0x1d
+	PT_R3                            = 0x3
+	PT_R30                           = 0x1e
+	PT_R31                           = 0x1f
+	PT_R4                            = 0x4
+	PT_R5                            = 0x5
+	PT_R6                            = 0x6
+	PT_R7                            = 0x7
+	PT_R8                            = 0x8
+	PT_R9                            = 0x9
+	PT_REGS_COUNT                    = 0x2c
+	PT_RESULT                        = 0x2b
+	PT_SOFTE                         = 0x27
+	PT_TRAP                          = 0x28
+	PT_VR0                           = 0x52
+	PT_VRSAVE                        = 0x94
+	PT_VSCR                          = 0x93
+	PT_VSR0                          = 0x96
+	PT_VSR31                         = 0xd4
+	PT_XER                           = 0x25
+	RLIMIT_AS                        = 0x9
+	RLIMIT_MEMLOCK                   = 0x8
+	RLIMIT_NOFILE                    = 0x7
+	RLIMIT_NPROC                     = 0x6
+	RLIMIT_RSS                       = 0x5
+	RNDADDENTROPY                    = 0x80085203
+	RNDADDTOENTCNT                   = 0x80045201
+	RNDCLEARPOOL                     = 0x20005206
+	RNDGETENTCNT                     = 0x40045200
+	RNDGETPOOL                       = 0x40085202
+	RNDRESEEDCRNG                    = 0x20005207
+	RNDZAPENTCNT                     = 0x20005204
+	RTC_AIE_OFF                      = 0x20007002
+	RTC_AIE_ON                       = 0x20007001
+	RTC_ALM_READ                     = 0x40247008
+	RTC_ALM_SET                      = 0x80247007
+	RTC_EPOCH_READ                   = 0x4008700d
+	RTC_EPOCH_SET                    = 0x8008700e
+	RTC_IRQP_READ                    = 0x4008700b
+	RTC_IRQP_SET                     = 0x8008700c
+	RTC_PIE_OFF                      = 0x20007006
+	RTC_PIE_ON                       = 0x20007005
+	RTC_PLL_GET                      = 0x40207011
+	RTC_PLL_SET                      = 0x80207012
+	RTC_RD_TIME                      = 0x40247009
+	RTC_SET_TIME                     = 0x8024700a
+	RTC_UIE_OFF                      = 0x20007004
+	RTC_UIE_ON                       = 0x20007003
+	RTC_VL_CLR                       = 0x20007014
+	RTC_VL_READ                      = 0x40047013
+	RTC_WIE_OFF                      = 0x20007010
+	RTC_WIE_ON                       = 0x2000700f
+	RTC_WKALM_RD                     = 0x40287010
+	RTC_WKALM_SET                    = 0x8028700f
+	SCM_TIMESTAMPING                 = 0x25
+	SCM_TIMESTAMPING_OPT_STATS       = 0x36
+	SCM_TIMESTAMPING_PKTINFO         = 0x3a
+	SCM_TIMESTAMPNS                  = 0x23
+	SCM_TXTIME                       = 0x3d
+	SCM_WIFI_STATUS                  = 0x29
+	SFD_CLOEXEC                      = 0x80000
+	SFD_NONBLOCK                     = 0x800
+	SIOCATMARK                       = 0x8905
+	SIOCGPGRP                        = 0x8904
+	SIOCGSTAMPNS_NEW                 = 0x40108907
+	SIOCGSTAMP_NEW                   = 0x40108906
+	SIOCINQ                          = 0x4004667f
+	SIOCOUTQ                         = 0x40047473
+	SIOCSPGRP                        = 0x8902
+	SOCK_CLOEXEC                     = 0x80000
+	SOCK_DGRAM                       = 0x2
+	SOCK_NONBLOCK                    = 0x800
+	SOCK_STREAM                      = 0x1
+	SOL_SOCKET                       = 0x1
+	SO_ACCEPTCONN                    = 0x1e
+	SO_ATTACH_BPF                    = 0x32
+	SO_ATTACH_REUSEPORT_CBPF         = 0x33
+	SO_ATTACH_REUSEPORT_EBPF         = 0x34
+	SO_BINDTODEVICE                  = 0x19
+	SO_BINDTOIFINDEX                 = 0x3e
+	SO_BPF_EXTENSIONS                = 0x30
+	SO_BROADCAST                     = 0x6
+	SO_BSDCOMPAT                     = 0xe
+	SO_BUSY_POLL                     = 0x2e
+	SO_CNX_ADVICE                    = 0x35
+	SO_COOKIE                        = 0x39
+	SO_DETACH_REUSEPORT_BPF          = 0x44
+	SO_DOMAIN                        = 0x27
+	SO_DONTROUTE                     = 0x5
+	SO_ERROR                         = 0x4
+	SO_INCOMING_CPU                  = 0x31
+	SO_INCOMING_NAPI_ID              = 0x38
+	SO_KEEPALIVE                     = 0x9
+	SO_LINGER                        = 0xd
+	SO_LOCK_FILTER                   = 0x2c
+	SO_MARK                          = 0x24
+	SO_MAX_PACING_RATE               = 0x2f
+	SO_MEMINFO                       = 0x37
+	SO_NOFCS                         = 0x2b
+	SO_OOBINLINE                     = 0xa
+	SO_PASSCRED                      = 0x14
+	SO_PASSSEC                       = 0x22
+	SO_PEEK_OFF                      = 0x2a
+	SO_PEERCRED                      = 0x15
+	SO_PEERGROUPS                    = 0x3b
+	SO_PEERSEC                       = 0x1f
+	SO_PROTOCOL                      = 0x26
+	SO_RCVBUF                        = 0x8
+	SO_RCVBUFFORCE                   = 0x21
+	SO_RCVLOWAT                      = 0x10
+	SO_RCVTIMEO                      = 0x12
+	SO_RCVTIMEO_NEW                  = 0x42
+	SO_RCVTIMEO_OLD                  = 0x12
+	SO_REUSEADDR                     = 0x2
+	SO_REUSEPORT                     = 0xf
+	SO_RXQ_OVFL                      = 0x28
+	SO_SECURITY_AUTHENTICATION       = 0x16
+	SO_SECURITY_ENCRYPTION_NETWORK   = 0x18
+	SO_SECURITY_ENCRYPTION_TRANSPORT = 0x17
+	SO_SELECT_ERR_QUEUE              = 0x2d
+	SO_SNDBUF                        = 0x7
+	SO_SNDBUFFORCE                   = 0x20
+	SO_SNDLOWAT                      = 0x11
+	SO_SNDTIMEO                      = 0x13
+	SO_SNDTIMEO_NEW                  = 0x43
+	SO_SNDTIMEO_OLD                  = 0x13
+	SO_TIMESTAMPING                  = 0x25
+	SO_TIMESTAMPING_NEW              = 0x41
+	SO_TIMESTAMPING_OLD              = 0x25
+	SO_TIMESTAMPNS                   = 0x23
+	SO_TIMESTAMPNS_NEW               = 0x40
+	SO_TIMESTAMPNS_OLD               = 0x23
+	SO_TIMESTAMP_NEW                 = 0x3f
+	SO_TXTIME                        = 0x3d
+	SO_TYPE                          = 0x3
+	SO_WIFI_STATUS                   = 0x29
+	SO_ZEROCOPY                      = 0x3c
+	TAB1                             = 0x400
+	TAB2                             = 0x800
+	TAB3                             = 0xc00
+	TABDLY                           = 0xc00
+	TCFLSH                           = 0x2000741f
+	TCGETA                           = 0x40147417
+	TCGETS                           = 0x402c7413
+	TCSAFLUSH                        = 0x2
+	TCSBRK                           = 0x2000741d
+	TCSBRKP                          = 0x5425
+	TCSETA                           = 0x80147418
+	TCSETAF                          = 0x8014741c
+	TCSETAW                          = 0x80147419
+	TCSETS                           = 0x802c7414
+	TCSETSF                          = 0x802c7416
+	TCSETSW                          = 0x802c7415
+	TCXONC                           = 0x2000741e
+	TFD_CLOEXEC                      = 0x80000
+	TFD_NONBLOCK                     = 0x800
+	TIOCCBRK                         = 0x5428
+	TIOCCONS                         = 0x541d
+	TIOCEXCL                         = 0x540c
+	TIOCGDEV                         = 0x40045432
+	TIOCGETC                         = 0x40067412
+	TIOCGETD                         = 0x5424
+	TIOCGETP                         = 0x40067408
+	TIOCGEXCL                        = 0x40045440
+	TIOCGICOUNT                      = 0x545d
+	TIOCGISO7816                     = 0x40285442
+	TIOCGLCKTRMIOS                   = 0x5456
+	TIOCGLTC                         = 0x40067474
+	TIOCGPGRP                        = 0x40047477
+	TIOCGPKT                         = 0x40045438
+	TIOCGPTLCK                       = 0x40045439
+	TIOCGPTN                         = 0x40045430
+	TIOCGPTPEER                      = 0x20005441
+	TIOCGRS485                       = 0x542e
+	TIOCGSERIAL                      = 0x541e
+	TIOCGSID                         = 0x5429
+	TIOCGSOFTCAR                     = 0x5419
+	TIOCGWINSZ                       = 0x40087468
+	TIOCINQ                          = 0x4004667f
+	TIOCLINUX                        = 0x541c
+	TIOCMBIC                         = 0x5417
+	TIOCMBIS                         = 0x5416
+	TIOCMGET                         = 0x5415
+	TIOCMIWAIT                       = 0x545c
+	TIOCMSET                         = 0x5418
+	TIOCM_CAR                        = 0x40
+	TIOCM_CD                         = 0x40
+	TIOCM_CTS                        = 0x20
+	TIOCM_DSR                        = 0x100
+	TIOCM_LOOP                       = 0x8000
+	TIOCM_OUT1                       = 0x2000
+	TIOCM_OUT2                       = 0x4000
+	TIOCM_RI                         = 0x80
+	TIOCM_RNG                        = 0x80
+	TIOCM_SR                         = 0x10
+	TIOCM_ST                         = 0x8
+	TIOCNOTTY                        = 0x5422
+	TIOCNXCL                         = 0x540d
+	TIOCOUTQ                         = 0x40047473
+	TIOCPKT                          = 0x5420
+	TIOCSBRK                         = 0x5427
+	TIOCSCTTY                        = 0x540e
+	TIOCSERCONFIG                    = 0x5453
+	TIOCSERGETLSR                    = 0x5459
+	TIOCSERGETMULTI                  = 0x545a
+	TIOCSERGSTRUCT                   = 0x5458
+	TIOCSERGWILD                     = 0x5454
+	TIOCSERSETMULTI                  = 0x545b
+	TIOCSERSWILD                     = 0x5455
+	TIOCSER_TEMT                     = 0x1
+	TIOCSETC                         = 0x80067411
+	TIOCSETD                         = 0x5423
+	TIOCSETN                         = 0x8006740a
+	TIOCSETP                         = 0x80067409
+	TIOCSIG                          = 0x80045436
+	TIOCSISO7816                     = 0xc0285443
+	TIOCSLCKTRMIOS                   = 0x5457
+	TIOCSLTC                         = 0x80067475
+	TIOCSPGRP                        = 0x80047476
+	TIOCSPTLCK                       = 0x80045431
+	TIOCSRS485                       = 0x542f
+	TIOCSSERIAL                      = 0x541f
+	TIOCSSOFTCAR                     = 0x541a
+	TIOCSTART                        = 0x2000746e
+	TIOCSTI                          = 0x5412
+	TIOCSTOP                         = 0x2000746f
+	TIOCSWINSZ                       = 0x80087467
+	TIOCVHANGUP                      = 0x5437
+	TOSTOP                           = 0x400000
+	TUNATTACHFILTER                  = 0x801054d5
+	TUNDETACHFILTER                  = 0x801054d6
+	TUNGETDEVNETNS                   = 0x200054e3
+	TUNGETFEATURES                   = 0x400454cf
+	TUNGETFILTER                     = 0x401054db
+	TUNGETIFF                        = 0x400454d2
+	TUNGETSNDBUF                     = 0x400454d3
+	TUNGETVNETBE                     = 0x400454df
+	TUNGETVNETHDRSZ                  = 0x400454d7
+	TUNGETVNETLE                     = 0x400454dd
+	TUNSETCARRIER                    = 0x800454e2
+	TUNSETDEBUG                      = 0x800454c9
+	TUNSETFILTEREBPF                 = 0x400454e1
+	TUNSETGROUP                      = 0x800454ce
+	TUNSETIFF                        = 0x800454ca
+	TUNSETIFINDEX                    = 0x800454da
+	TUNSETLINK                       = 0x800454cd
+	TUNSETNOCSUM                     = 0x800454c8
+	TUNSETOFFLOAD                    = 0x800454d0
+	TUNSETOWNER                      = 0x800454cc
+	TUNSETPERSIST                    = 0x800454cb
+	TUNSETQUEUE                      = 0x800454d9
+	TUNSETSNDBUF                     = 0x800454d4
+	TUNSETSTEERINGEBPF               = 0x400454e0
+	TUNSETTXFILTER                   = 0x800454d1
+	TUNSETVNETBE                     = 0x800454de
+	TUNSETVNETHDRSZ                  = 0x800454d8
+	TUNSETVNETLE                     = 0x800454dc
+	UBI_IOCATT                       = 0x80186f40
+	UBI_IOCDET                       = 0x80046f41
+	UBI_IOCEBCH                      = 0x80044f02
+	UBI_IOCEBER                      = 0x80044f01
+	UBI_IOCEBISMAP                   = 0x40044f05
+	UBI_IOCEBMAP                     = 0x80084f03
+	UBI_IOCEBUNMAP                   = 0x80044f04
+	UBI_IOCMKVOL                     = 0x80986f00
+	UBI_IOCRMVOL                     = 0x80046f01
+	UBI_IOCRNVOL                     = 0x91106f03
+	UBI_IOCRPEB                      = 0x80046f04
+	UBI_IOCRSVOL                     = 0x800c6f02
+	UBI_IOCSETVOLPROP                = 0x80104f06
+	UBI_IOCSPEB                      = 0x80046f05
+	UBI_IOCVOLCRBLK                  = 0x80804f07
+	UBI_IOCVOLRMBLK                  = 0x20004f08
+	UBI_IOCVOLUP                     = 0x80084f00
+	VDISCARD                         = 0x10
+	VEOF                             = 0x4
+	VEOL                             = 0x6
+	VEOL2                            = 0x8
+	VMIN                             = 0x5
+	VREPRINT                         = 0xb
+	VSTART                           = 0xd
+	VSTOP                            = 0xe
+	VSUSP                            = 0xc
+	VSWTC                            = 0x9
+	VT1                              = 0x10000
+	VTDLY                            = 0x10000
+	VTIME                            = 0x7
+	VWERASE                          = 0xa
+	WDIOC_GETBOOTSTATUS              = 0x40045702
+	WDIOC_GETPRETIMEOUT              = 0x40045709
+	WDIOC_GETSTATUS                  = 0x40045701
+	WDIOC_GETSUPPORT                 = 0x40285700
+	WDIOC_GETTEMP                    = 0x40045703
+	WDIOC_GETTIMELEFT                = 0x4004570a
+	WDIOC_GETTIMEOUT                 = 0x40045707
+	WDIOC_KEEPALIVE                  = 0x40045705
+	WDIOC_SETOPTIONS                 = 0x40045704
+	WORDSIZE                         = 0x40
+	XCASE                            = 0x4000
+	XTABS                            = 0xc00
+)
+
+// Errors
+const (
+	EADDRINUSE      = syscall.Errno(0x62)
+	EADDRNOTAVAIL   = syscall.Errno(0x63)
+	EADV            = syscall.Errno(0x44)
+	EAFNOSUPPORT    = syscall.Errno(0x61)
+	EALREADY        = syscall.Errno(0x72)
+	EBADE           = syscall.Errno(0x34)
+	EBADFD          = syscall.Errno(0x4d)
+	EBADMSG         = syscall.Errno(0x4a)
+	EBADR           = syscall.Errno(0x35)
+	EBADRQC         = syscall.Errno(0x38)
+	EBADSLT         = syscall.Errno(0x39)
+	EBFONT          = syscall.Errno(0x3b)
+	ECANCELED       = syscall.Errno(0x7d)
+	ECHRNG          = syscall.Errno(0x2c)
+	ECOMM           = syscall.Errno(0x46)
+	ECONNABORTED    = syscall.Errno(0x67)
+	ECONNREFUSED    = syscall.Errno(0x6f)
+	ECONNRESET      = syscall.Errno(0x68)
+	EDEADLK         = syscall.Errno(0x23)
+	EDEADLOCK       = syscall.Errno(0x3a)
+	EDESTADDRREQ    = syscall.Errno(0x59)
+	EDOTDOT         = syscall.Errno(0x49)
+	EDQUOT          = syscall.Errno(0x7a)
+	EHOSTDOWN       = syscall.Errno(0x70)
+	EHOSTUNREACH    = syscall.Errno(0x71)
+	EHWPOISON       = syscall.Errno(0x85)
+	EIDRM           = syscall.Errno(0x2b)
+	EILSEQ          = syscall.Errno(0x54)
+	EINPROGRESS     = syscall.Errno(0x73)
+	EISCONN         = syscall.Errno(0x6a)
+	EISNAM          = syscall.Errno(0x78)
+	EKEYEXPIRED     = syscall.Errno(0x7f)
+	EKEYREJECTED    = syscall.Errno(0x81)
+	EKEYREVOKED     = syscall.Errno(0x80)
+	EL2HLT          = syscall.Errno(0x33)
+	EL2NSYNC        = syscall.Errno(0x2d)
+	EL3HLT          = syscall.Errno(0x2e)
+	EL3RST          = syscall.Errno(0x2f)
+	ELIBACC         = syscall.Errno(0x4f)
+	ELIBBAD         = syscall.Errno(0x50)
+	ELIBEXEC        = syscall.Errno(0x53)
+	ELIBMAX         = syscall.Errno(0x52)
+	ELIBSCN         = syscall.Errno(0x51)
+	ELNRNG          = syscall.Errno(0x30)
+	ELOOP           = syscall.Errno(0x28)
+	EMEDIUMTYPE     = syscall.Errno(0x7c)
+	EMSGSIZE        = syscall.Errno(0x5a)
+	EMULTIHOP       = syscall.Errno(0x48)
+	ENAMETOOLONG    = syscall.Errno(0x24)
+	ENAVAIL         = syscall.Errno(0x77)
+	ENETDOWN        = syscall.Errno(0x64)
+	ENETRESET       = syscall.Errno(0x66)
+	ENETUNREACH     = syscall.Errno(0x65)
+	ENOANO          = syscall.Errno(0x37)
+	ENOBUFS         = syscall.Errno(0x69)
+	ENOCSI          = syscall.Errno(0x32)
+	ENODATA         = syscall.Errno(0x3d)
+	ENOKEY          = syscall.Errno(0x7e)
+	ENOLCK          = syscall.Errno(0x25)
+	ENOLINK         = syscall.Errno(0x43)
+	ENOMEDIUM       = syscall.Errno(0x7b)
+	ENOMSG          = syscall.Errno(0x2a)
+	ENONET          = syscall.Errno(0x40)
+	ENOPKG          = syscall.Errno(0x41)
+	ENOPROTOOPT     = syscall.Errno(0x5c)
+	ENOSR           = syscall.Errno(0x3f)
+	ENOSTR          = syscall.Errno(0x3c)
+	ENOSYS          = syscall.Errno(0x26)
+	ENOTCONN        = syscall.Errno(0x6b)
+	ENOTEMPTY       = syscall.Errno(0x27)
+	ENOTNAM         = syscall.Errno(0x76)
+	ENOTRECOVERABLE = syscall.Errno(0x83)
+	ENOTSOCK        = syscall.Errno(0x58)
+	ENOTSUP         = syscall.Errno(0x5f)
+	ENOTUNIQ        = syscall.Errno(0x4c)
+	EOPNOTSUPP      = syscall.Errno(0x5f)
+	EOVERFLOW       = syscall.Errno(0x4b)
+	EOWNERDEAD      = syscall.Errno(0x82)
+	EPFNOSUPPORT    = syscall.Errno(0x60)
+	EPROTO          = syscall.Errno(0x47)
+	EPROTONOSUPPORT = syscall.Errno(0x5d)
+	EPROTOTYPE      = syscall.Errno(0x5b)
+	EREMCHG         = syscall.Errno(0x4e)
+	EREMOTE         = syscall.Errno(0x42)
+	EREMOTEIO       = syscall.Errno(0x79)
+	ERESTART        = syscall.Errno(0x55)
+	ERFKILL         = syscall.Errno(0x84)
+	ESHUTDOWN       = syscall.Errno(0x6c)
+	ESOCKTNOSUPPORT = syscall.Errno(0x5e)
+	ESRMNT          = syscall.Errno(0x45)
+	ESTALE          = syscall.Errno(0x74)
+	ESTRPIPE        = syscall.Errno(0x56)
+	ETIME           = syscall.Errno(0x3e)
+	ETIMEDOUT       = syscall.Errno(0x6e)
+	ETOOMANYREFS    = syscall.Errno(0x6d)
+	EUCLEAN         = syscall.Errno(0x75)
+	EUNATCH         = syscall.Errno(0x31)
+	EUSERS          = syscall.Errno(0x57)
+	EXFULL          = syscall.Errno(0x36)
+)
+
+// Signals
+const (
+	SIGBUS    = syscall.Signal(0x7)
+	SIGCHLD   = syscall.Signal(0x11)
+	SIGCLD    = syscall.Signal(0x11)
+	SIGCONT   = syscall.Signal(0x12)
+	SIGIO     = syscall.Signal(0x1d)
+	SIGPOLL   = syscall.Signal(0x1d)
+	SIGPROF   = syscall.Signal(0x1b)
+	SIGPWR    = syscall.Signal(0x1e)
+	SIGSTKFLT = syscall.Signal(0x10)
+	SIGSTOP   = syscall.Signal(0x13)
+	SIGSYS    = syscall.Signal(0x1f)
+	SIGTSTP   = syscall.Signal(0x14)
+	SIGTTIN   = syscall.Signal(0x15)
+	SIGTTOU   = syscall.Signal(0x16)
+	SIGURG    = syscall.Signal(0x17)
+	SIGUSR1   = syscall.Signal(0xa)
+	SIGUSR2   = syscall.Signal(0xc)
+	SIGVTALRM = syscall.Signal(0x1a)
+	SIGWINCH  = syscall.Signal(0x1c)
+	SIGXCPU   = syscall.Signal(0x18)
+	SIGXFSZ   = syscall.Signal(0x19)
+)
+
+// Error table
+var errorList = [...]struct {
+	num  syscall.Errno
+	name string
+	desc string
+}{
+	{1, "EPERM", "operation not permitted"},
+	{2, "ENOENT", "no such file or directory"},
+	{3, "ESRCH", "no such process"},
+	{4, "EINTR", "interrupted system call"},
+	{5, "EIO", "input/output error"},
+	{6, "ENXIO", "no such device or address"},
+	{7, "E2BIG", "argument list too long"},
+	{8, "ENOEXEC", "exec format error"},
+	{9, "EBADF", "bad file descriptor"},
+	{10, "ECHILD", "no child processes"},
+	{11, "EAGAIN", "resource temporarily unavailable"},
+	{12, "ENOMEM", "cannot allocate memory"},
+	{13, "EACCES", "permission denied"},
+	{14, "EFAULT", "bad address"},
+	{15, "ENOTBLK", "block device required"},
+	{16, "EBUSY", "device or resource busy"},
+	{17, "EEXIST", "file exists"},
+	{18, "EXDEV", "invalid cross-device link"},
+	{19, "ENODEV", "no such device"},
+	{20, "ENOTDIR", "not a directory"},
+	{21, "EISDIR", "is a directory"},
+	{22, "EINVAL", "invalid argument"},
+	{23, "ENFILE", "too many open files in system"},
+	{24, "EMFILE", "too many open files"},
+	{25, "ENOTTY", "inappropriate ioctl for device"},
+	{26, "ETXTBSY", "text file busy"},
+	{27, "EFBIG", "file too large"},
+	{28, "ENOSPC", "no space left on device"},
+	{29, "ESPIPE", "illegal seek"},
+	{30, "EROFS", "read-only file system"},
+	{31, "EMLINK", "too many links"},
+	{32, "EPIPE", "broken pipe"},
+	{33, "EDOM", "numerical argument out of domain"},
+	{34, "ERANGE", "numerical result out of range"},
+	{35, "EDEADLK", "resource deadlock avoided"},
+	{36, "ENAMETOOLONG", "file name too long"},
+	{37, "ENOLCK", "no locks available"},
+	{38, "ENOSYS", "function not implemented"},
+	{39, "ENOTEMPTY", "directory not empty"},
+	{40, "ELOOP", "too many levels of symbolic links"},
+	{42, "ENOMSG", "no message of desired type"},
+	{43, "EIDRM", "identifier removed"},
+	{44, "ECHRNG", "channel number out of range"},
+	{45, "EL2NSYNC", "level 2 not synchronized"},
+	{46, "EL3HLT", "level 3 halted"},
+	{47, "EL3RST", "level 3 reset"},
+	{48, "ELNRNG", "link number out of range"},
+	{49, "EUNATCH", "protocol driver not attached"},
+	{50, "ENOCSI", "no CSI structure available"},
+	{51, "EL2HLT", "level 2 halted"},
+	{52, "EBADE", "invalid exchange"},
+	{53, "EBADR", "invalid request descriptor"},
+	{54, "EXFULL", "exchange full"},
+	{55, "ENOANO", "no anode"},
+	{56, "EBADRQC", "invalid request code"},
+	{57, "EBADSLT", "invalid slot"},
+	{58, "EDEADLOCK", "file locking deadlock error"},
+	{59, "EBFONT", "bad font file format"},
+	{60, "ENOSTR", "device not a stream"},
+	{61, "ENODATA", "no data available"},
+	{62, "ETIME", "timer expired"},
+	{63, "ENOSR", "out of streams resources"},
+	{64, "ENONET", "machine is not on the network"},
+	{65, "ENOPKG", "package not installed"},
+	{66, "EREMOTE", "object is remote"},
+	{67, "ENOLINK", "link has been severed"},
+	{68, "EADV", "advertise error"},
+	{69, "ESRMNT", "srmount error"},
+	{70, "ECOMM", "communication error on send"},
+	{71, "EPROTO", "protocol error"},
+	{72, "EMULTIHOP", "multihop attempted"},
+	{73, "EDOTDOT", "RFS specific error"},
+	{74, "EBADMSG", "bad message"},
+	{75, "EOVERFLOW", "value too large for defined data type"},
+	{76, "ENOTUNIQ", "name not unique on network"},
+	{77, "EBADFD", "file descriptor in bad state"},
+	{78, "EREMCHG", "remote address changed"},
+	{79, "ELIBACC", "can not access a needed shared library"},
+	{80, "ELIBBAD", "accessing a corrupted shared library"},
+	{81, "ELIBSCN", ".lib section in a.out corrupted"},
+	{82, "ELIBMAX", "attempting to link in too many shared libraries"},
+	{83, "ELIBEXEC", "cannot exec a shared library directly"},
+	{84, "EILSEQ", "invalid or incomplete multibyte or wide character"},
+	{85, "ERESTART", "interrupted system call should be restarted"},
+	{86, "ESTRPIPE", "streams pipe error"},
+	{87, "EUSERS", "too many users"},
+	{88, "ENOTSOCK", "socket operation on non-socket"},
+	{89, "EDESTADDRREQ", "destination address required"},
+	{90, "EMSGSIZE", "message too long"},
+	{91, "EPROTOTYPE", "protocol wrong type for socket"},
+	{92, "ENOPROTOOPT", "protocol not available"},
+	{93, "EPROTONOSUPPORT", "protocol not supported"},
+	{94, "ESOCKTNOSUPPORT", "socket type not supported"},
+	{95, "ENOTSUP", "operation not supported"},
+	{96, "EPFNOSUPPORT", "protocol family not supported"},
+	{97, "EAFNOSUPPORT", "address family not supported by protocol"},
+	{98, "EADDRINUSE", "address already in use"},
+	{99, "EADDRNOTAVAIL", "cannot assign requested address"},
+	{100, "ENETDOWN", "network is down"},
+	{101, "ENETUNREACH", "network is unreachable"},
+	{102, "ENETRESET", "network dropped connection on reset"},
+	{103, "ECONNABORTED", "software caused connection abort"},
+	{104, "ECONNRESET", "connection reset by peer"},
+	{105, "ENOBUFS", "no buffer space available"},
+	{106, "EISCONN", "transport endpoint is already connected"},
+	{107, "ENOTCONN", "transport endpoint is not connected"},
+	{108, "ESHUTDOWN", "cannot send after transport endpoint shutdown"},
+	{109, "ETOOMANYREFS", "too many references: cannot splice"},
+	{110, "ETIMEDOUT", "connection timed out"},
+	{111, "ECONNREFUSED", "connection refused"},
+	{112, "EHOSTDOWN", "host is down"},
+	{113, "EHOSTUNREACH", "no route to host"},
+	{114, "EALREADY", "operation already in progress"},
+	{115, "EINPROGRESS", "operation now in progress"},
+	{116, "ESTALE", "stale file handle"},
+	{117, "EUCLEAN", "structure needs cleaning"},
+	{118, "ENOTNAM", "not a XENIX named type file"},
+	{119, "ENAVAIL", "no XENIX semaphores available"},
+	{120, "EISNAM", "is a named type file"},
+	{121, "EREMOTEIO", "remote I/O error"},
+	{122, "EDQUOT", "disk quota exceeded"},
+	{123, "ENOMEDIUM", "no medium found"},
+	{124, "EMEDIUMTYPE", "wrong medium type"},
+	{125, "ECANCELED", "operation canceled"},
+	{126, "ENOKEY", "required key not available"},
+	{127, "EKEYEXPIRED", "key has expired"},
+	{128, "EKEYREVOKED", "key has been revoked"},
+	{129, "EKEYREJECTED", "key was rejected by service"},
+	{130, "EOWNERDEAD", "owner died"},
+	{131, "ENOTRECOVERABLE", "state not recoverable"},
+	{132, "ERFKILL", "operation not possible due to RF-kill"},
+	{133, "EHWPOISON", "memory page has hardware error"},
+}
+
+// Signal table
+var signalList = [...]struct {
+	num  syscall.Signal
+	name string
+	desc string
+}{
+	{1, "SIGHUP", "hangup"},
+	{2, "SIGINT", "interrupt"},
+	{3, "SIGQUIT", "quit"},
+	{4, "SIGILL", "illegal instruction"},
+	{5, "SIGTRAP", "trace/breakpoint trap"},
+	{6, "SIGABRT", "aborted"},
+	{7, "SIGBUS", "bus error"},
+	{8, "SIGFPE", "floating point exception"},
+	{9, "SIGKILL", "killed"},
+	{10, "SIGUSR1", "user defined signal 1"},
+	{11, "SIGSEGV", "segmentation fault"},
+	{12, "SIGUSR2", "user defined signal 2"},
+	{13, "SIGPIPE", "broken pipe"},
+	{14, "SIGALRM", "alarm clock"},
+	{15, "SIGTERM", "terminated"},
+	{16, "SIGSTKFLT", "stack fault"},
+	{17, "SIGCHLD", "child exited"},
+	{18, "SIGCONT", "continued"},
+	{19, "SIGSTOP", "stopped (signal)"},
+	{20, "SIGTSTP", "stopped"},
+	{21, "SIGTTIN", "stopped (tty input)"},
+	{22, "SIGTTOU", "stopped (tty output)"},
+	{23, "SIGURG", "urgent I/O condition"},
+	{24, "SIGXCPU", "CPU time limit exceeded"},
+	{25, "SIGXFSZ", "file size limit exceeded"},
+	{26, "SIGVTALRM", "virtual timer expired"},
+	{27, "SIGPROF", "profiling timer expired"},
+	{28, "SIGWINCH", "window changed"},
+	{29, "SIGIO", "I/O possible"},
+	{30, "SIGPWR", "power failure"},
+	{31, "SIGSYS", "bad system call"},
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
new file mode 100644
index 000000000..63d3bc566
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
@@ -0,0 +1,853 @@
+// mkerrors.sh -Wall -Werror -static -I/tmp/include
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build ppc64le,linux
+
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include _const.go
+
+package unix
+
+import "syscall"
+
+const (
+	B1000000                         = 0x17
+	B115200                          = 0x11
+	B1152000                         = 0x18
+	B1500000                         = 0x19
+	B2000000                         = 0x1a
+	B230400                          = 0x12
+	B2500000                         = 0x1b
+	B3000000                         = 0x1c
+	B3500000                         = 0x1d
+	B4000000                         = 0x1e
+	B460800                          = 0x13
+	B500000                          = 0x14
+	B57600                           = 0x10
+	B576000                          = 0x15
+	B921600                          = 0x16
+	BLKBSZGET                        = 0x40081270
+	BLKBSZSET                        = 0x80081271
+	BLKFLSBUF                        = 0x20001261
+	BLKFRAGET                        = 0x20001265
+	BLKFRASET                        = 0x20001264
+	BLKGETSIZE                       = 0x20001260
+	BLKGETSIZE64                     = 0x40081272
+	BLKPBSZGET                       = 0x2000127b
+	BLKRAGET                         = 0x20001263
+	BLKRASET                         = 0x20001262
+	BLKROGET                         = 0x2000125e
+	BLKROSET                         = 0x2000125d
+	BLKRRPART                        = 0x2000125f
+	BLKSECTGET                       = 0x20001267
+	BLKSECTSET                       = 0x20001266
+	BLKSSZGET                        = 0x20001268
+	BOTHER                           = 0x1f
+	BS1                              = 0x8000
+	BSDLY                            = 0x8000
+	CBAUD                            = 0xff
+	CBAUDEX                          = 0x0
+	CIBAUD                           = 0xff0000
+	CLOCAL                           = 0x8000
+	CR1                              = 0x1000
+	CR2                              = 0x2000
+	CR3                              = 0x3000
+	CRDLY                            = 0x3000
+	CREAD                            = 0x800
+	CS6                              = 0x100
+	CS7                              = 0x200
+	CS8                              = 0x300
+	CSIZE                            = 0x300
+	CSTOPB                           = 0x400
+	ECHOCTL                          = 0x40
+	ECHOE                            = 0x2
+	ECHOK                            = 0x4
+	ECHOKE                           = 0x1
+	ECHONL                           = 0x10
+	ECHOPRT                          = 0x20
+	EFD_CLOEXEC                      = 0x80000
+	EFD_NONBLOCK                     = 0x800
+	EPOLL_CLOEXEC                    = 0x80000
+	EXTPROC                          = 0x10000000
+	FF1                              = 0x4000
+	FFDLY                            = 0x4000
+	FICLONE                          = 0x80049409
+	FICLONERANGE                     = 0x8020940d
+	FLUSHO                           = 0x800000
+	FS_IOC_ENABLE_VERITY             = 0x80806685
+	FS_IOC_GETFLAGS                  = 0x40086601
+	FS_IOC_GET_ENCRYPTION_NONCE      = 0x4010661b
+	FS_IOC_GET_ENCRYPTION_POLICY     = 0x800c6615
+	FS_IOC_GET_ENCRYPTION_PWSALT     = 0x80106614
+	FS_IOC_SETFLAGS                  = 0x80086602
+	FS_IOC_SET_ENCRYPTION_POLICY     = 0x400c6613
+	F_GETLK                          = 0x5
+	F_GETLK64                        = 0xc
+	F_GETOWN                         = 0x9
+	F_RDLCK                          = 0x0
+	F_SETLK                          = 0x6
+	F_SETLK64                        = 0xd
+	F_SETLKW                         = 0x7
+	F_SETLKW64                       = 0xe
+	F_SETOWN                         = 0x8
+	F_UNLCK                          = 0x2
+	F_WRLCK                          = 0x1
+	HUPCL                            = 0x4000
+	ICANON                           = 0x100
+	IEXTEN                           = 0x400
+	IN_CLOEXEC                       = 0x80000
+	IN_NONBLOCK                      = 0x800
+	IOCTL_VM_SOCKETS_GET_LOCAL_CID   = 0x200007b9
+	ISIG                             = 0x80
+	IUCLC                            = 0x1000
+	IXOFF                            = 0x400
+	IXON                             = 0x200
+	MAP_ANON                         = 0x20
+	MAP_ANONYMOUS                    = 0x20
+	MAP_DENYWRITE                    = 0x800
+	MAP_EXECUTABLE                   = 0x1000
+	MAP_GROWSDOWN                    = 0x100
+	MAP_HUGETLB                      = 0x40000
+	MAP_LOCKED                       = 0x80
+	MAP_NONBLOCK                     = 0x10000
+	MAP_NORESERVE                    = 0x40
+	MAP_POPULATE                     = 0x8000
+	MAP_STACK                        = 0x20000
+	MAP_SYNC                         = 0x80000
+	MCL_CURRENT                      = 0x2000
+	MCL_FUTURE                       = 0x4000
+	MCL_ONFAULT                      = 0x8000
+	NFDBITS                          = 0x40
+	NL2                              = 0x200
+	NL3                              = 0x300
+	NLDLY                            = 0x300
+	NOFLSH                           = 0x80000000
+	NS_GET_NSTYPE                    = 0x2000b703
+	NS_GET_OWNER_UID                 = 0x2000b704
+	NS_GET_PARENT                    = 0x2000b702
+	NS_GET_USERNS                    = 0x2000b701
+	OLCUC                            = 0x4
+	ONLCR                            = 0x2
+	O_APPEND                         = 0x400
+	O_ASYNC                          = 0x2000
+	O_CLOEXEC                        = 0x80000
+	O_CREAT                          = 0x40
+	O_DIRECT                         = 0x20000
+	O_DIRECTORY                      = 0x4000
+	O_DSYNC                          = 0x1000
+	O_EXCL                           = 0x80
+	O_FSYNC                          = 0x101000
+	O_LARGEFILE                      = 0x0
+	O_NDELAY                         = 0x800
+	O_NOATIME                        = 0x40000
+	O_NOCTTY                         = 0x100
+	O_NOFOLLOW                       = 0x8000
+	O_NONBLOCK                       = 0x800
+	O_PATH                           = 0x200000
+	O_RSYNC                          = 0x101000
+	O_SYNC                           = 0x101000
+	O_TMPFILE                        = 0x404000
+	O_TRUNC                          = 0x200
+	PARENB                           = 0x1000
+	PARODD                           = 0x2000
+	PENDIN                           = 0x20000000
+	PERF_EVENT_IOC_DISABLE           = 0x20002401
+	PERF_EVENT_IOC_ENABLE            = 0x20002400
+	PERF_EVENT_IOC_ID                = 0x40082407
+	PERF_EVENT_IOC_MODIFY_ATTRIBUTES = 0x8008240b
+	PERF_EVENT_IOC_PAUSE_OUTPUT      = 0x80042409
+	PERF_EVENT_IOC_PERIOD            = 0x80082404
+	PERF_EVENT_IOC_QUERY_BPF         = 0xc008240a
+	PERF_EVENT_IOC_REFRESH           = 0x20002402
+	PERF_EVENT_IOC_RESET             = 0x20002403
+	PERF_EVENT_IOC_SET_BPF           = 0x80042408
+	PERF_EVENT_IOC_SET_FILTER        = 0x80082406
+	PERF_EVENT_IOC_SET_OUTPUT        = 0x20002405
+	PPPIOCATTACH                     = 0x8004743d
+	PPPIOCATTCHAN                    = 0x80047438
+	PPPIOCCONNECT                    = 0x8004743a
+	PPPIOCDETACH                     = 0x8004743c
+	PPPIOCDISCONN                    = 0x20007439
+	PPPIOCGASYNCMAP                  = 0x40047458
+	PPPIOCGCHAN                      = 0x40047437
+	PPPIOCGDEBUG                     = 0x40047441
+	PPPIOCGFLAGS                     = 0x4004745a
+	PPPIOCGIDLE                      = 0x4010743f
+	PPPIOCGIDLE32                    = 0x4008743f
+	PPPIOCGIDLE64                    = 0x4010743f
+	PPPIOCGL2TPSTATS                 = 0x40487436
+	PPPIOCGMRU                       = 0x40047453
+	PPPIOCGRASYNCMAP                 = 0x40047455
+	PPPIOCGUNIT                      = 0x40047456
+	PPPIOCGXASYNCMAP                 = 0x40207450
+	PPPIOCSACTIVE                    = 0x80107446
+	PPPIOCSASYNCMAP                  = 0x80047457
+	PPPIOCSCOMPRESS                  = 0x8010744d
+	PPPIOCSDEBUG                     = 0x80047440
+	PPPIOCSFLAGS                     = 0x80047459
+	PPPIOCSMAXCID                    = 0x80047451
+	PPPIOCSMRRU                      = 0x8004743b
+	PPPIOCSMRU                       = 0x80047452
+	PPPIOCSNPMODE                    = 0x8008744b
+	PPPIOCSPASS                      = 0x80107447
+	PPPIOCSRASYNCMAP                 = 0x80047454
+	PPPIOCSXASYNCMAP                 = 0x8020744f
+	PPPIOCXFERUNIT                   = 0x2000744e
+	PROT_SAO                         = 0x10
+	PR_SET_PTRACER_ANY               = 0xffffffffffffffff
+	PTRACE_GETEVRREGS                = 0x14
+	PTRACE_GETFPREGS                 = 0xe
+	PTRACE_GETREGS64                 = 0x16
+	PTRACE_GETVRREGS                 = 0x12
+	PTRACE_GETVSRREGS                = 0x1b
+	PTRACE_GET_DEBUGREG              = 0x19
+	PTRACE_SETEVRREGS                = 0x15
+	PTRACE_SETFPREGS                 = 0xf
+	PTRACE_SETREGS64                 = 0x17
+	PTRACE_SETVRREGS                 = 0x13
+	PTRACE_SETVSRREGS                = 0x1c
+	PTRACE_SET_DEBUGREG              = 0x1a
+	PTRACE_SINGLEBLOCK               = 0x100
+	PTRACE_SYSEMU                    = 0x1d
+	PTRACE_SYSEMU_SINGLESTEP         = 0x1e
+	PT_CCR                           = 0x26
+	PT_CTR                           = 0x23
+	PT_DAR                           = 0x29
+	PT_DSCR                          = 0x2c
+	PT_DSISR                         = 0x2a
+	PT_FPR0                          = 0x30
+	PT_FPSCR                         = 0x50
+	PT_LNK                           = 0x24
+	PT_MSR                           = 0x21
+	PT_NIP                           = 0x20
+	PT_ORIG_R3                       = 0x22
+	PT_R0                            = 0x0
+	PT_R1                            = 0x1
+	PT_R10                           = 0xa
+	PT_R11                           = 0xb
+	PT_R12                           = 0xc
+	PT_R13                           = 0xd
+	PT_R14                           = 0xe
+	PT_R15                           = 0xf
+	PT_R16                           = 0x10
+	PT_R17                           = 0x11
+	PT_R18                           = 0x12
+	PT_R19                           = 0x13
+	PT_R2                            = 0x2
+	PT_R20                           = 0x14
+	PT_R21                           = 0x15
+	PT_R22                           = 0x16
+	PT_R23                           = 0x17
+	PT_R24                           = 0x18
+	PT_R25                           = 0x19
+	PT_R26                           = 0x1a
+	PT_R27                           = 0x1b
+	PT_R28                           = 0x1c
+	PT_R29                           = 0x1d
+	PT_R3                            = 0x3
+	PT_R30                           = 0x1e
+	PT_R31                           = 0x1f
+	PT_R4                            = 0x4
+	PT_R5                            = 0x5
+	PT_R6                            = 0x6
+	PT_R7                            = 0x7
+	PT_R8                            = 0x8
+	PT_R9                            = 0x9
+	PT_REGS_COUNT                    = 0x2c
+	PT_RESULT                        = 0x2b
+	PT_SOFTE                         = 0x27
+	PT_TRAP                          = 0x28
+	PT_VR0                           = 0x52
+	PT_VRSAVE                        = 0x94
+	PT_VSCR                          = 0x93
+	PT_VSR0                          = 0x96
+	PT_VSR31                         = 0xd4
+	PT_XER                           = 0x25
+	RLIMIT_AS                        = 0x9
+	RLIMIT_MEMLOCK                   = 0x8
+	RLIMIT_NOFILE                    = 0x7
+	RLIMIT_NPROC                     = 0x6
+	RLIMIT_RSS                       = 0x5
+	RNDADDENTROPY                    = 0x80085203
+	RNDADDTOENTCNT                   = 0x80045201
+	RNDCLEARPOOL                     = 0x20005206
+	RNDGETENTCNT                     = 0x40045200
+	RNDGETPOOL                       = 0x40085202
+	RNDRESEEDCRNG                    = 0x20005207
+	RNDZAPENTCNT                     = 0x20005204
+	RTC_AIE_OFF                      = 0x20007002
+	RTC_AIE_ON                       = 0x20007001
+	RTC_ALM_READ                     = 0x40247008
+	RTC_ALM_SET                      = 0x80247007
+	RTC_EPOCH_READ                   = 0x4008700d
+	RTC_EPOCH_SET                    = 0x8008700e
+	RTC_IRQP_READ                    = 0x4008700b
+	RTC_IRQP_SET                     = 0x8008700c
+	RTC_PIE_OFF                      = 0x20007006
+	RTC_PIE_ON                       = 0x20007005
+	RTC_PLL_GET                      = 0x40207011
+	RTC_PLL_SET                      = 0x80207012
+	RTC_RD_TIME                      = 0x40247009
+	RTC_SET_TIME                     = 0x8024700a
+	RTC_UIE_OFF                      = 0x20007004
+	RTC_UIE_ON                       = 0x20007003
+	RTC_VL_CLR                       = 0x20007014
+	RTC_VL_READ                      = 0x40047013
+	RTC_WIE_OFF                      = 0x20007010
+	RTC_WIE_ON                       = 0x2000700f
+	RTC_WKALM_RD                     = 0x40287010
+	RTC_WKALM_SET                    = 0x8028700f
+	SCM_TIMESTAMPING                 = 0x25
+	SCM_TIMESTAMPING_OPT_STATS       = 0x36
+	SCM_TIMESTAMPING_PKTINFO         = 0x3a
+	SCM_TIMESTAMPNS                  = 0x23
+	SCM_TXTIME                       = 0x3d
+	SCM_WIFI_STATUS                  = 0x29
+	SFD_CLOEXEC                      = 0x80000
+	SFD_NONBLOCK                     = 0x800
+	SIOCATMARK                       = 0x8905
+	SIOCGPGRP                        = 0x8904
+	SIOCGSTAMPNS_NEW                 = 0x40108907
+	SIOCGSTAMP_NEW                   = 0x40108906
+	SIOCINQ                          = 0x4004667f
+	SIOCOUTQ                         = 0x40047473
+	SIOCSPGRP                        = 0x8902
+	SOCK_CLOEXEC                     = 0x80000
+	SOCK_DGRAM                       = 0x2
+	SOCK_NONBLOCK                    = 0x800
+	SOCK_STREAM                      = 0x1
+	SOL_SOCKET                       = 0x1
+	SO_ACCEPTCONN                    = 0x1e
+	SO_ATTACH_BPF                    = 0x32
+	SO_ATTACH_REUSEPORT_CBPF         = 0x33
+	SO_ATTACH_REUSEPORT_EBPF         = 0x34
+	SO_BINDTODEVICE                  = 0x19
+	SO_BINDTOIFINDEX                 = 0x3e
+	SO_BPF_EXTENSIONS                = 0x30
+	SO_BROADCAST                     = 0x6
+	SO_BSDCOMPAT                     = 0xe
+	SO_BUSY_POLL                     = 0x2e
+	SO_CNX_ADVICE                    = 0x35
+	SO_COOKIE                        = 0x39
+	SO_DETACH_REUSEPORT_BPF          = 0x44
+	SO_DOMAIN                        = 0x27
+	SO_DONTROUTE                     = 0x5
+	SO_ERROR                         = 0x4
+	SO_INCOMING_CPU                  = 0x31
+	SO_INCOMING_NAPI_ID              = 0x38
+	SO_KEEPALIVE                     = 0x9
+	SO_LINGER                        = 0xd
+	SO_LOCK_FILTER                   = 0x2c
+	SO_MARK                          = 0x24
+	SO_MAX_PACING_RATE               = 0x2f
+	SO_MEMINFO                       = 0x37
+	SO_NOFCS                         = 0x2b
+	SO_OOBINLINE                     = 0xa
+	SO_PASSCRED                      = 0x14
+	SO_PASSSEC                       = 0x22
+	SO_PEEK_OFF                      = 0x2a
+	SO_PEERCRED                      = 0x15
+	SO_PEERGROUPS                    = 0x3b
+	SO_PEERSEC                       = 0x1f
+	SO_PROTOCOL                      = 0x26
+	SO_RCVBUF                        = 0x8
+	SO_RCVBUFFORCE                   = 0x21
+	SO_RCVLOWAT                      = 0x10
+	SO_RCVTIMEO                      = 0x12
+	SO_RCVTIMEO_NEW                  = 0x42
+	SO_RCVTIMEO_OLD                  = 0x12
+	SO_REUSEADDR                     = 0x2
+	SO_REUSEPORT                     = 0xf
+	SO_RXQ_OVFL                      = 0x28
+	SO_SECURITY_AUTHENTICATION       = 0x16
+	SO_SECURITY_ENCRYPTION_NETWORK   = 0x18
+	SO_SECURITY_ENCRYPTION_TRANSPORT = 0x17
+	SO_SELECT_ERR_QUEUE              = 0x2d
+	SO_SNDBUF                        = 0x7
+	SO_SNDBUFFORCE                   = 0x20
+	SO_SNDLOWAT                      = 0x11
+	SO_SNDTIMEO                      = 0x13
+	SO_SNDTIMEO_NEW                  = 0x43
+	SO_SNDTIMEO_OLD                  = 0x13
+	SO_TIMESTAMPING                  = 0x25
+	SO_TIMESTAMPING_NEW              = 0x41
+	SO_TIMESTAMPING_OLD              = 0x25
+	SO_TIMESTAMPNS                   = 0x23
+	SO_TIMESTAMPNS_NEW               = 0x40
+	SO_TIMESTAMPNS_OLD               = 0x23
+	SO_TIMESTAMP_NEW                 = 0x3f
+	SO_TXTIME                        = 0x3d
+	SO_TYPE                          = 0x3
+	SO_WIFI_STATUS                   = 0x29
+	SO_ZEROCOPY                      = 0x3c
+	TAB1                             = 0x400
+	TAB2                             = 0x800
+	TAB3                             = 0xc00
+	TABDLY                           = 0xc00
+	TCFLSH                           = 0x2000741f
+	TCGETA                           = 0x40147417
+	TCGETS                           = 0x402c7413
+	TCSAFLUSH                        = 0x2
+	TCSBRK                           = 0x2000741d
+	TCSBRKP                          = 0x5425
+	TCSETA                           = 0x80147418
+	TCSETAF                          = 0x8014741c
+	TCSETAW                          = 0x80147419
+	TCSETS                           = 0x802c7414
+	TCSETSF                          = 0x802c7416
+	TCSETSW                          = 0x802c7415
+	TCXONC                           = 0x2000741e
+	TFD_CLOEXEC                      = 0x80000
+	TFD_NONBLOCK                     = 0x800
+	TIOCCBRK                         = 0x5428
+	TIOCCONS                         = 0x541d
+	TIOCEXCL                         = 0x540c
+	TIOCGDEV                         = 0x40045432
+	TIOCGETC                         = 0x40067412
+	TIOCGETD                         = 0x5424
+	TIOCGETP                         = 0x40067408
+	TIOCGEXCL                        = 0x40045440
+	TIOCGICOUNT                      = 0x545d
+	TIOCGISO7816                     = 0x40285442
+	TIOCGLCKTRMIOS                   = 0x5456
+	TIOCGLTC                         = 0x40067474
+	TIOCGPGRP                        = 0x40047477
+	TIOCGPKT                         = 0x40045438
+	TIOCGPTLCK                       = 0x40045439
+	TIOCGPTN                         = 0x40045430
+	TIOCGPTPEER                      = 0x20005441
+	TIOCGRS485                       = 0x542e
+	TIOCGSERIAL                      = 0x541e
+	TIOCGSID                         = 0x5429
+	TIOCGSOFTCAR                     = 0x5419
+	TIOCGWINSZ                       = 0x40087468
+	TIOCINQ                          = 0x4004667f
+	TIOCLINUX                        = 0x541c
+	TIOCMBIC                         = 0x5417
+	TIOCMBIS                         = 0x5416
+	TIOCMGET                         = 0x5415
+	TIOCMIWAIT                       = 0x545c
+	TIOCMSET                         = 0x5418
+	TIOCM_CAR                        = 0x40
+	TIOCM_CD                         = 0x40
+	TIOCM_CTS                        = 0x20
+	TIOCM_DSR                        = 0x100
+	TIOCM_LOOP                       = 0x8000
+	TIOCM_OUT1                       = 0x2000
+	TIOCM_OUT2                       = 0x4000
+	TIOCM_RI                         = 0x80
+	TIOCM_RNG                        = 0x80
+	TIOCM_SR                         = 0x10
+	TIOCM_ST                         = 0x8
+	TIOCNOTTY                        = 0x5422
+	TIOCNXCL                         = 0x540d
+	TIOCOUTQ                         = 0x40047473
+	TIOCPKT                          = 0x5420
+	TIOCSBRK                         = 0x5427
+	TIOCSCTTY                        = 0x540e
+	TIOCSERCONFIG                    = 0x5453
+	TIOCSERGETLSR                    = 0x5459
+	TIOCSERGETMULTI                  = 0x545a
+	TIOCSERGSTRUCT                   = 0x5458
+	TIOCSERGWILD                     = 0x5454
+	TIOCSERSETMULTI                  = 0x545b
+	TIOCSERSWILD                     = 0x5455
+	TIOCSER_TEMT                     = 0x1
+	TIOCSETC                         = 0x80067411
+	TIOCSETD                         = 0x5423
+	TIOCSETN                         = 0x8006740a
+	TIOCSETP                         = 0x80067409
+	TIOCSIG                          = 0x80045436
+	TIOCSISO7816                     = 0xc0285443
+	TIOCSLCKTRMIOS                   = 0x5457
+	TIOCSLTC                         = 0x80067475
+	TIOCSPGRP                        = 0x80047476
+	TIOCSPTLCK                       = 0x80045431
+	TIOCSRS485                       = 0x542f
+	TIOCSSERIAL                      = 0x541f
+	TIOCSSOFTCAR                     = 0x541a
+	TIOCSTART                        = 0x2000746e
+	TIOCSTI                          = 0x5412
+	TIOCSTOP                         = 0x2000746f
+	TIOCSWINSZ                       = 0x80087467
+	TIOCVHANGUP                      = 0x5437
+	TOSTOP                           = 0x400000
+	TUNATTACHFILTER                  = 0x801054d5
+	TUNDETACHFILTER                  = 0x801054d6
+	TUNGETDEVNETNS                   = 0x200054e3
+	TUNGETFEATURES                   = 0x400454cf
+	TUNGETFILTER                     = 0x401054db
+	TUNGETIFF                        = 0x400454d2
+	TUNGETSNDBUF                     = 0x400454d3
+	TUNGETVNETBE                     = 0x400454df
+	TUNGETVNETHDRSZ                  = 0x400454d7
+	TUNGETVNETLE                     = 0x400454dd
+	TUNSETCARRIER                    = 0x800454e2
+	TUNSETDEBUG                      = 0x800454c9
+	TUNSETFILTEREBPF                 = 0x400454e1
+	TUNSETGROUP                      = 0x800454ce
+	TUNSETIFF                        = 0x800454ca
+	TUNSETIFINDEX                    = 0x800454da
+	TUNSETLINK                       = 0x800454cd
+	TUNSETNOCSUM                     = 0x800454c8
+	TUNSETOFFLOAD                    = 0x800454d0
+	TUNSETOWNER                      = 0x800454cc
+	TUNSETPERSIST                    = 0x800454cb
+	TUNSETQUEUE                      = 0x800454d9
+	TUNSETSNDBUF                     = 0x800454d4
+	TUNSETSTEERINGEBPF               = 0x400454e0
+	TUNSETTXFILTER                   = 0x800454d1
+	TUNSETVNETBE                     = 0x800454de
+	TUNSETVNETHDRSZ                  = 0x800454d8
+	TUNSETVNETLE                     = 0x800454dc
+	UBI_IOCATT                       = 0x80186f40
+	UBI_IOCDET                       = 0x80046f41
+	UBI_IOCEBCH                      = 0x80044f02
+	UBI_IOCEBER                      = 0x80044f01
+	UBI_IOCEBISMAP                   = 0x40044f05
+	UBI_IOCEBMAP                     = 0x80084f03
+	UBI_IOCEBUNMAP                   = 0x80044f04
+	UBI_IOCMKVOL                     = 0x80986f00
+	UBI_IOCRMVOL                     = 0x80046f01
+	UBI_IOCRNVOL                     = 0x91106f03
+	UBI_IOCRPEB                      = 0x80046f04
+	UBI_IOCRSVOL                     = 0x800c6f02
+	UBI_IOCSETVOLPROP                = 0x80104f06
+	UBI_IOCSPEB                      = 0x80046f05
+	UBI_IOCVOLCRBLK                  = 0x80804f07
+	UBI_IOCVOLRMBLK                  = 0x20004f08
+	UBI_IOCVOLUP                     = 0x80084f00
+	VDISCARD                         = 0x10
+	VEOF                             = 0x4
+	VEOL                             = 0x6
+	VEOL2                            = 0x8
+	VMIN                             = 0x5
+	VREPRINT                         = 0xb
+	VSTART                           = 0xd
+	VSTOP                            = 0xe
+	VSUSP                            = 0xc
+	VSWTC                            = 0x9
+	VT1                              = 0x10000
+	VTDLY                            = 0x10000
+	VTIME                            = 0x7
+	VWERASE                          = 0xa
+	WDIOC_GETBOOTSTATUS              = 0x40045702
+	WDIOC_GETPRETIMEOUT              = 0x40045709
+	WDIOC_GETSTATUS                  = 0x40045701
+	WDIOC_GETSUPPORT                 = 0x40285700
+	WDIOC_GETTEMP                    = 0x40045703
+	WDIOC_GETTIMELEFT                = 0x4004570a
+	WDIOC_GETTIMEOUT                 = 0x40045707
+	WDIOC_KEEPALIVE                  = 0x40045705
+	WDIOC_SETOPTIONS                 = 0x40045704
+	WORDSIZE                         = 0x40
+	XCASE                            = 0x4000
+	XTABS                            = 0xc00
+)
+
+// Errors
+const (
+	EADDRINUSE      = syscall.Errno(0x62)
+	EADDRNOTAVAIL   = syscall.Errno(0x63)
+	EADV            = syscall.Errno(0x44)
+	EAFNOSUPPORT    = syscall.Errno(0x61)
+	EALREADY        = syscall.Errno(0x72)
+	EBADE           = syscall.Errno(0x34)
+	EBADFD          = syscall.Errno(0x4d)
+	EBADMSG         = syscall.Errno(0x4a)
+	EBADR           = syscall.Errno(0x35)
+	EBADRQC         = syscall.Errno(0x38)
+	EBADSLT         = syscall.Errno(0x39)
+	EBFONT          = syscall.Errno(0x3b)
+	ECANCELED       = syscall.Errno(0x7d)
+	ECHRNG          = syscall.Errno(0x2c)
+	ECOMM           = syscall.Errno(0x46)
+	ECONNABORTED    = syscall.Errno(0x67)
+	ECONNREFUSED    = syscall.Errno(0x6f)
+	ECONNRESET      = syscall.Errno(0x68)
+	EDEADLK         = syscall.Errno(0x23)
+	EDEADLOCK       = syscall.Errno(0x3a)
+	EDESTADDRREQ    = syscall.Errno(0x59)
+	EDOTDOT         = syscall.Errno(0x49)
+	EDQUOT          = syscall.Errno(0x7a)
+	EHOSTDOWN       = syscall.Errno(0x70)
+	EHOSTUNREACH    = syscall.Errno(0x71)
+	EHWPOISON       = syscall.Errno(0x85)
+	EIDRM           = syscall.Errno(0x2b)
+	EILSEQ          = syscall.Errno(0x54)
+	EINPROGRESS     = syscall.Errno(0x73)
+	EISCONN         = syscall.Errno(0x6a)
+	EISNAM          = syscall.Errno(0x78)
+	EKEYEXPIRED     = syscall.Errno(0x7f)
+	EKEYREJECTED    = syscall.Errno(0x81)
+	EKEYREVOKED     = syscall.Errno(0x80)
+	EL2HLT          = syscall.Errno(0x33)
+	EL2NSYNC        = syscall.Errno(0x2d)
+	EL3HLT          = syscall.Errno(0x2e)
+	EL3RST          = syscall.Errno(0x2f)
+	ELIBACC         = syscall.Errno(0x4f)
+	ELIBBAD         = syscall.Errno(0x50)
+	ELIBEXEC        = syscall.Errno(0x53)
+	ELIBMAX         = syscall.Errno(0x52)
+	ELIBSCN         = syscall.Errno(0x51)
+	ELNRNG          = syscall.Errno(0x30)
+	ELOOP           = syscall.Errno(0x28)
+	EMEDIUMTYPE     = syscall.Errno(0x7c)
+	EMSGSIZE        = syscall.Errno(0x5a)
+	EMULTIHOP       = syscall.Errno(0x48)
+	ENAMETOOLONG    = syscall.Errno(0x24)
+	ENAVAIL         = syscall.Errno(0x77)
+	ENETDOWN        = syscall.Errno(0x64)
+	ENETRESET       = syscall.Errno(0x66)
+	ENETUNREACH     = syscall.Errno(0x65)
+	ENOANO          = syscall.Errno(0x37)
+	ENOBUFS         = syscall.Errno(0x69)
+	ENOCSI          = syscall.Errno(0x32)
+	ENODATA         = syscall.Errno(0x3d)
+	ENOKEY          = syscall.Errno(0x7e)
+	ENOLCK          = syscall.Errno(0x25)
+	ENOLINK         = syscall.Errno(0x43)
+	ENOMEDIUM       = syscall.Errno(0x7b)
+	ENOMSG          = syscall.Errno(0x2a)
+	ENONET          = syscall.Errno(0x40)
+	ENOPKG          = syscall.Errno(0x41)
+	ENOPROTOOPT     = syscall.Errno(0x5c)
+	ENOSR           = syscall.Errno(0x3f)
+	ENOSTR          = syscall.Errno(0x3c)
+	ENOSYS          = syscall.Errno(0x26)
+	ENOTCONN        = syscall.Errno(0x6b)
+	ENOTEMPTY       = syscall.Errno(0x27)
+	ENOTNAM         = syscall.Errno(0x76)
+	ENOTRECOVERABLE = syscall.Errno(0x83)
+	ENOTSOCK        = syscall.Errno(0x58)
+	ENOTSUP         = syscall.Errno(0x5f)
+	ENOTUNIQ        = syscall.Errno(0x4c)
+	EOPNOTSUPP      = syscall.Errno(0x5f)
+	EOVERFLOW       = syscall.Errno(0x4b)
+	EOWNERDEAD      = syscall.Errno(0x82)
+	EPFNOSUPPORT    = syscall.Errno(0x60)
+	EPROTO          = syscall.Errno(0x47)
+	EPROTONOSUPPORT = syscall.Errno(0x5d)
+	EPROTOTYPE      = syscall.Errno(0x5b)
+	EREMCHG         = syscall.Errno(0x4e)
+	EREMOTE         = syscall.Errno(0x42)
+	EREMOTEIO       = syscall.Errno(0x79)
+	ERESTART        = syscall.Errno(0x55)
+	ERFKILL         = syscall.Errno(0x84)
+	ESHUTDOWN       = syscall.Errno(0x6c)
+	ESOCKTNOSUPPORT = syscall.Errno(0x5e)
+	ESRMNT          = syscall.Errno(0x45)
+	ESTALE          = syscall.Errno(0x74)
+	ESTRPIPE        = syscall.Errno(0x56)
+	ETIME           = syscall.Errno(0x3e)
+	ETIMEDOUT       = syscall.Errno(0x6e)
+	ETOOMANYREFS    = syscall.Errno(0x6d)
+	EUCLEAN         = syscall.Errno(0x75)
+	EUNATCH         = syscall.Errno(0x31)
+	EUSERS          = syscall.Errno(0x57)
+	EXFULL          = syscall.Errno(0x36)
+)
+
+// Signals
+const (
+	SIGBUS    = syscall.Signal(0x7)
+	SIGCHLD   = syscall.Signal(0x11)
+	SIGCLD    = syscall.Signal(0x11)
+	SIGCONT   = syscall.Signal(0x12)
+	SIGIO     = syscall.Signal(0x1d)
+	SIGPOLL   = syscall.Signal(0x1d)
+	SIGPROF   = syscall.Signal(0x1b)
+	SIGPWR    = syscall.Signal(0x1e)
+	SIGSTKFLT = syscall.Signal(0x10)
+	SIGSTOP   = syscall.Signal(0x13)
+	SIGSYS    = syscall.Signal(0x1f)
+	SIGTSTP   = syscall.Signal(0x14)
+	SIGTTIN   = syscall.Signal(0x15)
+	SIGTTOU   = syscall.Signal(0x16)
+	SIGURG    = syscall.Signal(0x17)
+	SIGUSR1   = syscall.Signal(0xa)
+	SIGUSR2   = syscall.Signal(0xc)
+	SIGVTALRM = syscall.Signal(0x1a)
+	SIGWINCH  = syscall.Signal(0x1c)
+	SIGXCPU   = syscall.Signal(0x18)
+	SIGXFSZ   = syscall.Signal(0x19)
+)
+
+// Error table
+var errorList = [...]struct {
+	num  syscall.Errno
+	name string
+	desc string
+}{
+	{1, "EPERM", "operation not permitted"},
+	{2, "ENOENT", "no such file or directory"},
+	{3, "ESRCH", "no such process"},
+	{4, "EINTR", "interrupted system call"},
+	{5, "EIO", "input/output error"},
+	{6, "ENXIO", "no such device or address"},
+	{7, "E2BIG", "argument list too long"},
+	{8, "ENOEXEC", "exec format error"},
+	{9, "EBADF", "bad file descriptor"},
+	{10, "ECHILD", "no child processes"},
+	{11, "EAGAIN", "resource temporarily unavailable"},
+	{12, "ENOMEM", "cannot allocate memory"},
+	{13, "EACCES", "permission denied"},
+	{14, "EFAULT", "bad address"},
+	{15, "ENOTBLK", "block device required"},
+	{16, "EBUSY", "device or resource busy"},
+	{17, "EEXIST", "file exists"},
+	{18, "EXDEV", "invalid cross-device link"},
+	{19, "ENODEV", "no such device"},
+	{20, "ENOTDIR", "not a directory"},
+	{21, "EISDIR", "is a directory"},
+	{22, "EINVAL", "invalid argument"},
+	{23, "ENFILE", "too many open files in system"},
+	{24, "EMFILE", "too many open files"},
+	{25, "ENOTTY", "inappropriate ioctl for device"},
+	{26, "ETXTBSY", "text file busy"},
+	{27, "EFBIG", "file too large"},
+	{28, "ENOSPC", "no space left on device"},
+	{29, "ESPIPE", "illegal seek"},
+	{30, "EROFS", "read-only file system"},
+	{31, "EMLINK", "too many links"},
+	{32, "EPIPE", "broken pipe"},
+	{33, "EDOM", "numerical argument out of domain"},
+	{34, "ERANGE", "numerical result out of range"},
+	{35, "EDEADLK", "resource deadlock avoided"},
+	{36, "ENAMETOOLONG", "file name too long"},
+	{37, "ENOLCK", "no locks available"},
+	{38, "ENOSYS", "function not implemented"},
+	{39, "ENOTEMPTY", "directory not empty"},
+	{40, "ELOOP", "too many levels of symbolic links"},
+	{42, "ENOMSG", "no message of desired type"},
+	{43, "EIDRM", "identifier removed"},
+	{44, "ECHRNG", "channel number out of range"},
+	{45, "EL2NSYNC", "level 2 not synchronized"},
+	{46, "EL3HLT", "level 3 halted"},
+	{47, "EL3RST", "level 3 reset"},
+	{48, "ELNRNG", "link number out of range"},
+	{49, "EUNATCH", "protocol driver not attached"},
+	{50, "ENOCSI", "no CSI structure available"},
+	{51, "EL2HLT", "level 2 halted"},
+	{52, "EBADE", "invalid exchange"},
+	{53, "EBADR", "invalid request descriptor"},
+	{54, "EXFULL", "exchange full"},
+	{55, "ENOANO", "no anode"},
+	{56, "EBADRQC", "invalid request code"},
+	{57, "EBADSLT", "invalid slot"},
+	{58, "EDEADLOCK", "file locking deadlock error"},
+	{59, "EBFONT", "bad font file format"},
+	{60, "ENOSTR", "device not a stream"},
+	{61, "ENODATA", "no data available"},
+	{62, "ETIME", "timer expired"},
+	{63, "ENOSR", "out of streams resources"},
+	{64, "ENONET", "machine is not on the network"},
+	{65, "ENOPKG", "package not installed"},
+	{66, "EREMOTE", "object is remote"},
+	{67, "ENOLINK", "link has been severed"},
+	{68, "EADV", "advertise error"},
+	{69, "ESRMNT", "srmount error"},
+	{70, "ECOMM", "communication error on send"},
+	{71, "EPROTO", "protocol error"},
+	{72, "EMULTIHOP", "multihop attempted"},
+	{73, "EDOTDOT", "RFS specific error"},
+	{74, "EBADMSG", "bad message"},
+	{75, "EOVERFLOW", "value too large for defined data type"},
+	{76, "ENOTUNIQ", "name not unique on network"},
+	{77, "EBADFD", "file descriptor in bad state"},
+	{78, "EREMCHG", "remote address changed"},
+	{79, "ELIBACC", "can not access a needed shared library"},
+	{80, "ELIBBAD", "accessing a corrupted shared library"},
+	{81, "ELIBSCN", ".lib section in a.out corrupted"},
+	{82, "ELIBMAX", "attempting to link in too many shared libraries"},
+	{83, "ELIBEXEC", "cannot exec a shared library directly"},
+	{84, "EILSEQ", "invalid or incomplete multibyte or wide character"},
+	{85, "ERESTART", "interrupted system call should be restarted"},
+	{86, "ESTRPIPE", "streams pipe error"},
+	{87, "EUSERS", "too many users"},
+	{88, "ENOTSOCK", "socket operation on non-socket"},
+	{89, "EDESTADDRREQ", "destination address required"},
+	{90, "EMSGSIZE", "message too long"},
+	{91, "EPROTOTYPE", "protocol wrong type for socket"},
+	{92, "ENOPROTOOPT", "protocol not available"},
+	{93, "EPROTONOSUPPORT", "protocol not supported"},
+	{94, "ESOCKTNOSUPPORT", "socket type not supported"},
+	{95, "ENOTSUP", "operation not supported"},
+	{96, "EPFNOSUPPORT", "protocol family not supported"},
+	{97, "EAFNOSUPPORT", "address family not supported by protocol"},
+	{98, "EADDRINUSE", "address already in use"},
+	{99, "EADDRNOTAVAIL", "cannot assign requested address"},
+	{100, "ENETDOWN", "network is down"},
+	{101, "ENETUNREACH", "network is unreachable"},
+	{102, "ENETRESET", "network dropped connection on reset"},
+	{103, "ECONNABORTED", "software caused connection abort"},
+	{104, "ECONNRESET", "connection reset by peer"},
+	{105, "ENOBUFS", "no buffer space available"},
+	{106, "EISCONN", "transport endpoint is already connected"},
+	{107, "ENOTCONN", "transport endpoint is not connected"},
+	{108, "ESHUTDOWN", "cannot send after transport endpoint shutdown"},
+	{109, "ETOOMANYREFS", "too many references: cannot splice"},
+	{110, "ETIMEDOUT", "connection timed out"},
+	{111, "ECONNREFUSED", "connection refused"},
+	{112, "EHOSTDOWN", "host is down"},
+	{113, "EHOSTUNREACH", "no route to host"},
+	{114, "EALREADY", "operation already in progress"},
+	{115, "EINPROGRESS", "operation now in progress"},
+	{116, "ESTALE", "stale file handle"},
+	{117, "EUCLEAN", "structure needs cleaning"},
+	{118, "ENOTNAM", "not a XENIX named type file"},
+	{119, "ENAVAIL", "no XENIX semaphores available"},
+	{120, "EISNAM", "is a named type file"},
+	{121, "EREMOTEIO", "remote I/O error"},
+	{122, "EDQUOT", "disk quota exceeded"},
+	{123, "ENOMEDIUM", "no medium found"},
+	{124, "EMEDIUMTYPE", "wrong medium type"},
+	{125, "ECANCELED", "operation canceled"},
+	{126, "ENOKEY", "required key not available"},
+	{127, "EKEYEXPIRED", "key has expired"},
+	{128, "EKEYREVOKED", "key has been revoked"},
+	{129, "EKEYREJECTED", "key was rejected by service"},
+	{130, "EOWNERDEAD", "owner died"},
+	{131, "ENOTRECOVERABLE", "state not recoverable"},
+	{132, "ERFKILL", "operation not possible due to RF-kill"},
+	{133, "EHWPOISON", "memory page has hardware error"},
+}
+
+// Signal table
+var signalList = [...]struct {
+	num  syscall.Signal
+	name string
+	desc string
+}{
+	{1, "SIGHUP", "hangup"},
+	{2, "SIGINT", "interrupt"},
+	{3, "SIGQUIT", "quit"},
+	{4, "SIGILL", "illegal instruction"},
+	{5, "SIGTRAP", "trace/breakpoint trap"},
+	{6, "SIGABRT", "aborted"},
+	{7, "SIGBUS", "bus error"},
+	{8, "SIGFPE", "floating point exception"},
+	{9, "SIGKILL", "killed"},
+	{10, "SIGUSR1", "user defined signal 1"},
+	{11, "SIGSEGV", "segmentation fault"},
+	{12, "SIGUSR2", "user defined signal 2"},
+	{13, "SIGPIPE", "broken pipe"},
+	{14, "SIGALRM", "alarm clock"},
+	{15, "SIGTERM", "terminated"},
+	{16, "SIGSTKFLT", "stack fault"},
+	{17, "SIGCHLD", "child exited"},
+	{18, "SIGCONT", "continued"},
+	{19, "SIGSTOP", "stopped (signal)"},
+	{20, "SIGTSTP", "stopped"},
+	{21, "SIGTTIN", "stopped (tty input)"},
+	{22, "SIGTTOU", "stopped (tty output)"},
+	{23, "SIGURG", "urgent I/O condition"},
+	{24, "SIGXCPU", "CPU time limit exceeded"},
+	{25, "SIGXFSZ", "file size limit exceeded"},
+	{26, "SIGVTALRM", "virtual timer expired"},
+	{27, "SIGPROF", "profiling timer expired"},
+	{28, "SIGWINCH", "window changed"},
+	{29, "SIGIO", "I/O possible"},
+	{30, "SIGPWR", "power failure"},
+	{31, "SIGSYS", "bad system call"},
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
new file mode 100644
index 000000000..490bee1ab
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
@@ -0,0 +1,777 @@
+// mkerrors.sh -Wall -Werror -static -I/tmp/include
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build riscv64,linux
+
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include _const.go
+
+package unix
+
+import "syscall"
+
+const (
+	B1000000                         = 0x1008
+	B115200                          = 0x1002
+	B1152000                         = 0x1009
+	B1500000                         = 0x100a
+	B2000000                         = 0x100b
+	B230400                          = 0x1003
+	B2500000                         = 0x100c
+	B3000000                         = 0x100d
+	B3500000                         = 0x100e
+	B4000000                         = 0x100f
+	B460800                          = 0x1004
+	B500000                          = 0x1005
+	B57600                           = 0x1001
+	B576000                          = 0x1006
+	B921600                          = 0x1007
+	BLKBSZGET                        = 0x80081270
+	BLKBSZSET                        = 0x40081271
+	BLKFLSBUF                        = 0x1261
+	BLKFRAGET                        = 0x1265
+	BLKFRASET                        = 0x1264
+	BLKGETSIZE                       = 0x1260
+	BLKGETSIZE64                     = 0x80081272
+	BLKPBSZGET                       = 0x127b
+	BLKRAGET                         = 0x1263
+	BLKRASET                         = 0x1262
+	BLKROGET                         = 0x125e
+	BLKROSET                         = 0x125d
+	BLKRRPART                        = 0x125f
+	BLKSECTGET                       = 0x1267
+	BLKSECTSET                       = 0x1266
+	BLKSSZGET                        = 0x1268
+	BOTHER                           = 0x1000
+	BS1                              = 0x2000
+	BSDLY                            = 0x2000
+	CBAUD                            = 0x100f
+	CBAUDEX                          = 0x1000
+	CIBAUD                           = 0x100f0000
+	CLOCAL                           = 0x800
+	CR1                              = 0x200
+	CR2                              = 0x400
+	CR3                              = 0x600
+	CRDLY                            = 0x600
+	CREAD                            = 0x80
+	CS6                              = 0x10
+	CS7                              = 0x20
+	CS8                              = 0x30
+	CSIZE                            = 0x30
+	CSTOPB                           = 0x40
+	ECHOCTL                          = 0x200
+	ECHOE                            = 0x10
+	ECHOK                            = 0x20
+	ECHOKE                           = 0x800
+	ECHONL                           = 0x40
+	ECHOPRT                          = 0x400
+	EFD_CLOEXEC                      = 0x80000
+	EFD_NONBLOCK                     = 0x800
+	EPOLL_CLOEXEC                    = 0x80000
+	EXTPROC                          = 0x10000
+	FF1                              = 0x8000
+	FFDLY                            = 0x8000
+	FICLONE                          = 0x40049409
+	FICLONERANGE                     = 0x4020940d
+	FLUSHO                           = 0x1000
+	FS_IOC_ENABLE_VERITY             = 0x40806685
+	FS_IOC_GETFLAGS                  = 0x80086601
+	FS_IOC_GET_ENCRYPTION_NONCE      = 0x8010661b
+	FS_IOC_GET_ENCRYPTION_POLICY     = 0x400c6615
+	FS_IOC_GET_ENCRYPTION_PWSALT     = 0x40106614
+	FS_IOC_SETFLAGS                  = 0x40086602
+	FS_IOC_SET_ENCRYPTION_POLICY     = 0x800c6613
+	F_GETLK                          = 0x5
+	F_GETLK64                        = 0x5
+	F_GETOWN                         = 0x9
+	F_RDLCK                          = 0x0
+	F_SETLK                          = 0x6
+	F_SETLK64                        = 0x6
+	F_SETLKW                         = 0x7
+	F_SETLKW64                       = 0x7
+	F_SETOWN                         = 0x8
+	F_UNLCK                          = 0x2
+	F_WRLCK                          = 0x1
+	HUPCL                            = 0x400
+	ICANON                           = 0x2
+	IEXTEN                           = 0x8000
+	IN_CLOEXEC                       = 0x80000
+	IN_NONBLOCK                      = 0x800
+	IOCTL_VM_SOCKETS_GET_LOCAL_CID   = 0x7b9
+	ISIG                             = 0x1
+	IUCLC                            = 0x200
+	IXOFF                            = 0x1000
+	IXON                             = 0x400
+	MAP_ANON                         = 0x20
+	MAP_ANONYMOUS                    = 0x20
+	MAP_DENYWRITE                    = 0x800
+	MAP_EXECUTABLE                   = 0x1000
+	MAP_GROWSDOWN                    = 0x100
+	MAP_HUGETLB                      = 0x40000
+	MAP_LOCKED                       = 0x2000
+	MAP_NONBLOCK                     = 0x10000
+	MAP_NORESERVE                    = 0x4000
+	MAP_POPULATE                     = 0x8000
+	MAP_STACK                        = 0x20000
+	MAP_SYNC                         = 0x80000
+	MCL_CURRENT                      = 0x1
+	MCL_FUTURE                       = 0x2
+	MCL_ONFAULT                      = 0x4
+	NFDBITS                          = 0x40
+	NLDLY                            = 0x100
+	NOFLSH                           = 0x80
+	NS_GET_NSTYPE                    = 0xb703
+	NS_GET_OWNER_UID                 = 0xb704
+	NS_GET_PARENT                    = 0xb702
+	NS_GET_USERNS                    = 0xb701
+	OLCUC                            = 0x2
+	ONLCR                            = 0x4
+	O_APPEND                         = 0x400
+	O_ASYNC                          = 0x2000
+	O_CLOEXEC                        = 0x80000
+	O_CREAT                          = 0x40
+	O_DIRECT                         = 0x4000
+	O_DIRECTORY                      = 0x10000
+	O_DSYNC                          = 0x1000
+	O_EXCL                           = 0x80
+	O_FSYNC                          = 0x101000
+	O_LARGEFILE                      = 0x0
+	O_NDELAY                         = 0x800
+	O_NOATIME                        = 0x40000
+	O_NOCTTY                         = 0x100
+	O_NOFOLLOW                       = 0x20000
+	O_NONBLOCK                       = 0x800
+	O_PATH                           = 0x200000
+	O_RSYNC                          = 0x101000
+	O_SYNC                           = 0x101000
+	O_TMPFILE                        = 0x410000
+	O_TRUNC                          = 0x200
+	PARENB                           = 0x100
+	PARODD                           = 0x200
+	PENDIN                           = 0x4000
+	PERF_EVENT_IOC_DISABLE           = 0x2401
+	PERF_EVENT_IOC_ENABLE            = 0x2400
+	PERF_EVENT_IOC_ID                = 0x80082407
+	PERF_EVENT_IOC_MODIFY_ATTRIBUTES = 0x4008240b
+	PERF_EVENT_IOC_PAUSE_OUTPUT      = 0x40042409
+	PERF_EVENT_IOC_PERIOD            = 0x40082404
+	PERF_EVENT_IOC_QUERY_BPF         = 0xc008240a
+	PERF_EVENT_IOC_REFRESH           = 0x2402
+	PERF_EVENT_IOC_RESET             = 0x2403
+	PERF_EVENT_IOC_SET_BPF           = 0x40042408
+	PERF_EVENT_IOC_SET_FILTER        = 0x40082406
+	PERF_EVENT_IOC_SET_OUTPUT        = 0x2405
+	PPPIOCATTACH                     = 0x4004743d
+	PPPIOCATTCHAN                    = 0x40047438
+	PPPIOCCONNECT                    = 0x4004743a
+	PPPIOCDETACH                     = 0x4004743c
+	PPPIOCDISCONN                    = 0x7439
+	PPPIOCGASYNCMAP                  = 0x80047458
+	PPPIOCGCHAN                      = 0x80047437
+	PPPIOCGDEBUG                     = 0x80047441
+	PPPIOCGFLAGS                     = 0x8004745a
+	PPPIOCGIDLE                      = 0x8010743f
+	PPPIOCGIDLE32                    = 0x8008743f
+	PPPIOCGIDLE64                    = 0x8010743f
+	PPPIOCGL2TPSTATS                 = 0x80487436
+	PPPIOCGMRU                       = 0x80047453
+	PPPIOCGRASYNCMAP                 = 0x80047455
+	PPPIOCGUNIT                      = 0x80047456
+	PPPIOCGXASYNCMAP                 = 0x80207450
+	PPPIOCSACTIVE                    = 0x40107446
+	PPPIOCSASYNCMAP                  = 0x40047457
+	PPPIOCSCOMPRESS                  = 0x4010744d
+	PPPIOCSDEBUG                     = 0x40047440
+	PPPIOCSFLAGS                     = 0x40047459
+	PPPIOCSMAXCID                    = 0x40047451
+	PPPIOCSMRRU                      = 0x4004743b
+	PPPIOCSMRU                       = 0x40047452
+	PPPIOCSNPMODE                    = 0x4008744b
+	PPPIOCSPASS                      = 0x40107447
+	PPPIOCSRASYNCMAP                 = 0x40047454
+	PPPIOCSXASYNCMAP                 = 0x4020744f
+	PPPIOCXFERUNIT                   = 0x744e
+	PR_SET_PTRACER_ANY               = 0xffffffffffffffff
+	RLIMIT_AS                        = 0x9
+	RLIMIT_MEMLOCK                   = 0x8
+	RLIMIT_NOFILE                    = 0x7
+	RLIMIT_NPROC                     = 0x6
+	RLIMIT_RSS                       = 0x5
+	RNDADDENTROPY                    = 0x40085203
+	RNDADDTOENTCNT                   = 0x40045201
+	RNDCLEARPOOL                     = 0x5206
+	RNDGETENTCNT                     = 0x80045200
+	RNDGETPOOL                       = 0x80085202
+	RNDRESEEDCRNG                    = 0x5207
+	RNDZAPENTCNT                     = 0x5204
+	RTC_AIE_OFF                      = 0x7002
+	RTC_AIE_ON                       = 0x7001
+	RTC_ALM_READ                     = 0x80247008
+	RTC_ALM_SET                      = 0x40247007
+	RTC_EPOCH_READ                   = 0x8008700d
+	RTC_EPOCH_SET                    = 0x4008700e
+	RTC_IRQP_READ                    = 0x8008700b
+	RTC_IRQP_SET                     = 0x4008700c
+	RTC_PIE_OFF                      = 0x7006
+	RTC_PIE_ON                       = 0x7005
+	RTC_PLL_GET                      = 0x80207011
+	RTC_PLL_SET                      = 0x40207012
+	RTC_RD_TIME                      = 0x80247009
+	RTC_SET_TIME                     = 0x4024700a
+	RTC_UIE_OFF                      = 0x7004
+	RTC_UIE_ON                       = 0x7003
+	RTC_VL_CLR                       = 0x7014
+	RTC_VL_READ                      = 0x80047013
+	RTC_WIE_OFF                      = 0x7010
+	RTC_WIE_ON                       = 0x700f
+	RTC_WKALM_RD                     = 0x80287010
+	RTC_WKALM_SET                    = 0x4028700f
+	SCM_TIMESTAMPING                 = 0x25
+	SCM_TIMESTAMPING_OPT_STATS       = 0x36
+	SCM_TIMESTAMPING_PKTINFO         = 0x3a
+	SCM_TIMESTAMPNS                  = 0x23
+	SCM_TXTIME                       = 0x3d
+	SCM_WIFI_STATUS                  = 0x29
+	SFD_CLOEXEC                      = 0x80000
+	SFD_NONBLOCK                     = 0x800
+	SIOCATMARK                       = 0x8905
+	SIOCGPGRP                        = 0x8904
+	SIOCGSTAMPNS_NEW                 = 0x80108907
+	SIOCGSTAMP_NEW                   = 0x80108906
+	SIOCINQ                          = 0x541b
+	SIOCOUTQ                         = 0x5411
+	SIOCSPGRP                        = 0x8902
+	SOCK_CLOEXEC                     = 0x80000
+	SOCK_DGRAM                       = 0x2
+	SOCK_NONBLOCK                    = 0x800
+	SOCK_STREAM                      = 0x1
+	SOL_SOCKET                       = 0x1
+	SO_ACCEPTCONN                    = 0x1e
+	SO_ATTACH_BPF                    = 0x32
+	SO_ATTACH_REUSEPORT_CBPF         = 0x33
+	SO_ATTACH_REUSEPORT_EBPF         = 0x34
+	SO_BINDTODEVICE                  = 0x19
+	SO_BINDTOIFINDEX                 = 0x3e
+	SO_BPF_EXTENSIONS                = 0x30
+	SO_BROADCAST                     = 0x6
+	SO_BSDCOMPAT                     = 0xe
+	SO_BUSY_POLL                     = 0x2e
+	SO_CNX_ADVICE                    = 0x35
+	SO_COOKIE                        = 0x39
+	SO_DETACH_REUSEPORT_BPF          = 0x44
+	SO_DOMAIN                        = 0x27
+	SO_DONTROUTE                     = 0x5
+	SO_ERROR                         = 0x4
+	SO_INCOMING_CPU                  = 0x31
+	SO_INCOMING_NAPI_ID              = 0x38
+	SO_KEEPALIVE                     = 0x9
+	SO_LINGER                        = 0xd
+	SO_LOCK_FILTER                   = 0x2c
+	SO_MARK                          = 0x24
+	SO_MAX_PACING_RATE               = 0x2f
+	SO_MEMINFO                       = 0x37
+	SO_NOFCS                         = 0x2b
+	SO_OOBINLINE                     = 0xa
+	SO_PASSCRED                      = 0x10
+	SO_PASSSEC                       = 0x22
+	SO_PEEK_OFF                      = 0x2a
+	SO_PEERCRED                      = 0x11
+	SO_PEERGROUPS                    = 0x3b
+	SO_PEERSEC                       = 0x1f
+	SO_PROTOCOL                      = 0x26
+	SO_RCVBUF                        = 0x8
+	SO_RCVBUFFORCE                   = 0x21
+	SO_RCVLOWAT                      = 0x12
+	SO_RCVTIMEO                      = 0x14
+	SO_RCVTIMEO_NEW                  = 0x42
+	SO_RCVTIMEO_OLD                  = 0x14
+	SO_REUSEADDR                     = 0x2
+	SO_REUSEPORT                     = 0xf
+	SO_RXQ_OVFL                      = 0x28
+	SO_SECURITY_AUTHENTICATION       = 0x16
+	SO_SECURITY_ENCRYPTION_NETWORK   = 0x18
+	SO_SECURITY_ENCRYPTION_TRANSPORT = 0x17
+	SO_SELECT_ERR_QUEUE              = 0x2d
+	SO_SNDBUF                        = 0x7
+	SO_SNDBUFFORCE                   = 0x20
+	SO_SNDLOWAT                      = 0x13
+	SO_SNDTIMEO                      = 0x15
+	SO_SNDTIMEO_NEW                  = 0x43
+	SO_SNDTIMEO_OLD                  = 0x15
+	SO_TIMESTAMPING                  = 0x25
+	SO_TIMESTAMPING_NEW              = 0x41
+	SO_TIMESTAMPING_OLD              = 0x25
+	SO_TIMESTAMPNS                   = 0x23
+	SO_TIMESTAMPNS_NEW               = 0x40
+	SO_TIMESTAMPNS_OLD               = 0x23
+	SO_TIMESTAMP_NEW                 = 0x3f
+	SO_TXTIME                        = 0x3d
+	SO_TYPE                          = 0x3
+	SO_WIFI_STATUS                   = 0x29
+	SO_ZEROCOPY                      = 0x3c
+	TAB1                             = 0x800
+	TAB2                             = 0x1000
+	TAB3                             = 0x1800
+	TABDLY                           = 0x1800
+	TCFLSH                           = 0x540b
+	TCGETA                           = 0x5405
+	TCGETS                           = 0x5401
+	TCGETS2                          = 0x802c542a
+	TCGETX                           = 0x5432
+	TCSAFLUSH                        = 0x2
+	TCSBRK                           = 0x5409
+	TCSBRKP                          = 0x5425
+	TCSETA                           = 0x5406
+	TCSETAF                          = 0x5408
+	TCSETAW                          = 0x5407
+	TCSETS                           = 0x5402
+	TCSETS2                          = 0x402c542b
+	TCSETSF                          = 0x5404
+	TCSETSF2                         = 0x402c542d
+	TCSETSW                          = 0x5403
+	TCSETSW2                         = 0x402c542c
+	TCSETX                           = 0x5433
+	TCSETXF                          = 0x5434
+	TCSETXW                          = 0x5435
+	TCXONC                           = 0x540a
+	TFD_CLOEXEC                      = 0x80000
+	TFD_NONBLOCK                     = 0x800
+	TIOCCBRK                         = 0x5428
+	TIOCCONS                         = 0x541d
+	TIOCEXCL                         = 0x540c
+	TIOCGDEV                         = 0x80045432
+	TIOCGETD                         = 0x5424
+	TIOCGEXCL                        = 0x80045440
+	TIOCGICOUNT                      = 0x545d
+	TIOCGISO7816                     = 0x80285442
+	TIOCGLCKTRMIOS                   = 0x5456
+	TIOCGPGRP                        = 0x540f
+	TIOCGPKT                         = 0x80045438
+	TIOCGPTLCK                       = 0x80045439
+	TIOCGPTN                         = 0x80045430
+	TIOCGPTPEER                      = 0x5441
+	TIOCGRS485                       = 0x542e
+	TIOCGSERIAL                      = 0x541e
+	TIOCGSID                         = 0x5429
+	TIOCGSOFTCAR                     = 0x5419
+	TIOCGWINSZ                       = 0x5413
+	TIOCINQ                          = 0x541b
+	TIOCLINUX                        = 0x541c
+	TIOCMBIC                         = 0x5417
+	TIOCMBIS                         = 0x5416
+	TIOCMGET                         = 0x5415
+	TIOCMIWAIT                       = 0x545c
+	TIOCMSET                         = 0x5418
+	TIOCM_CAR                        = 0x40
+	TIOCM_CD                         = 0x40
+	TIOCM_CTS                        = 0x20
+	TIOCM_DSR                        = 0x100
+	TIOCM_RI                         = 0x80
+	TIOCM_RNG                        = 0x80
+	TIOCM_SR                         = 0x10
+	TIOCM_ST                         = 0x8
+	TIOCNOTTY                        = 0x5422
+	TIOCNXCL                         = 0x540d
+	TIOCOUTQ                         = 0x5411
+	TIOCPKT                          = 0x5420
+	TIOCSBRK                         = 0x5427
+	TIOCSCTTY                        = 0x540e
+	TIOCSERCONFIG                    = 0x5453
+	TIOCSERGETLSR                    = 0x5459
+	TIOCSERGETMULTI                  = 0x545a
+	TIOCSERGSTRUCT                   = 0x5458
+	TIOCSERGWILD                     = 0x5454
+	TIOCSERSETMULTI                  = 0x545b
+	TIOCSERSWILD                     = 0x5455
+	TIOCSER_TEMT                     = 0x1
+	TIOCSETD                         = 0x5423
+	TIOCSIG                          = 0x40045436
+	TIOCSISO7816                     = 0xc0285443
+	TIOCSLCKTRMIOS                   = 0x5457
+	TIOCSPGRP                        = 0x5410
+	TIOCSPTLCK                       = 0x40045431
+	TIOCSRS485                       = 0x542f
+	TIOCSSERIAL                      = 0x541f
+	TIOCSSOFTCAR                     = 0x541a
+	TIOCSTI                          = 0x5412
+	TIOCSWINSZ                       = 0x5414
+	TIOCVHANGUP                      = 0x5437
+	TOSTOP                           = 0x100
+	TUNATTACHFILTER                  = 0x401054d5
+	TUNDETACHFILTER                  = 0x401054d6
+	TUNGETDEVNETNS                   = 0x54e3
+	TUNGETFEATURES                   = 0x800454cf
+	TUNGETFILTER                     = 0x801054db
+	TUNGETIFF                        = 0x800454d2
+	TUNGETSNDBUF                     = 0x800454d3
+	TUNGETVNETBE                     = 0x800454df
+	TUNGETVNETHDRSZ                  = 0x800454d7
+	TUNGETVNETLE                     = 0x800454dd
+	TUNSETCARRIER                    = 0x400454e2
+	TUNSETDEBUG                      = 0x400454c9
+	TUNSETFILTEREBPF                 = 0x800454e1
+	TUNSETGROUP                      = 0x400454ce
+	TUNSETIFF                        = 0x400454ca
+	TUNSETIFINDEX                    = 0x400454da
+	TUNSETLINK                       = 0x400454cd
+	TUNSETNOCSUM                     = 0x400454c8
+	TUNSETOFFLOAD                    = 0x400454d0
+	TUNSETOWNER                      = 0x400454cc
+	TUNSETPERSIST                    = 0x400454cb
+	TUNSETQUEUE                      = 0x400454d9
+	TUNSETSNDBUF                     = 0x400454d4
+	TUNSETSTEERINGEBPF               = 0x800454e0
+	TUNSETTXFILTER                   = 0x400454d1
+	TUNSETVNETBE                     = 0x400454de
+	TUNSETVNETHDRSZ                  = 0x400454d8
+	TUNSETVNETLE                     = 0x400454dc
+	UBI_IOCATT                       = 0x40186f40
+	UBI_IOCDET                       = 0x40046f41
+	UBI_IOCEBCH                      = 0x40044f02
+	UBI_IOCEBER                      = 0x40044f01
+	UBI_IOCEBISMAP                   = 0x80044f05
+	UBI_IOCEBMAP                     = 0x40084f03
+	UBI_IOCEBUNMAP                   = 0x40044f04
+	UBI_IOCMKVOL                     = 0x40986f00
+	UBI_IOCRMVOL                     = 0x40046f01
+	UBI_IOCRNVOL                     = 0x51106f03
+	UBI_IOCRPEB                      = 0x40046f04
+	UBI_IOCRSVOL                     = 0x400c6f02
+	UBI_IOCSETVOLPROP                = 0x40104f06
+	UBI_IOCSPEB                      = 0x40046f05
+	UBI_IOCVOLCRBLK                  = 0x40804f07
+	UBI_IOCVOLRMBLK                  = 0x4f08
+	UBI_IOCVOLUP                     = 0x40084f00
+	VDISCARD                         = 0xd
+	VEOF                             = 0x4
+	VEOL                             = 0xb
+	VEOL2                            = 0x10
+	VMIN                             = 0x6
+	VREPRINT                         = 0xc
+	VSTART                           = 0x8
+	VSTOP                            = 0x9
+	VSUSP                            = 0xa
+	VSWTC                            = 0x7
+	VT1                              = 0x4000
+	VTDLY                            = 0x4000
+	VTIME                            = 0x5
+	VWERASE                          = 0xe
+	WDIOC_GETBOOTSTATUS              = 0x80045702
+	WDIOC_GETPRETIMEOUT              = 0x80045709
+	WDIOC_GETSTATUS                  = 0x80045701
+	WDIOC_GETSUPPORT                 = 0x80285700
+	WDIOC_GETTEMP                    = 0x80045703
+	WDIOC_GETTIMELEFT                = 0x8004570a
+	WDIOC_GETTIMEOUT                 = 0x80045707
+	WDIOC_KEEPALIVE                  = 0x80045705
+	WDIOC_SETOPTIONS                 = 0x80045704
+	WORDSIZE                         = 0x40
+	XCASE                            = 0x4
+	XTABS                            = 0x1800
+)
+
+// Errors
+const (
+	EADDRINUSE      = syscall.Errno(0x62)
+	EADDRNOTAVAIL   = syscall.Errno(0x63)
+	EADV            = syscall.Errno(0x44)
+	EAFNOSUPPORT    = syscall.Errno(0x61)
+	EALREADY        = syscall.Errno(0x72)
+	EBADE           = syscall.Errno(0x34)
+	EBADFD          = syscall.Errno(0x4d)
+	EBADMSG         = syscall.Errno(0x4a)
+	EBADR           = syscall.Errno(0x35)
+	EBADRQC         = syscall.Errno(0x38)
+	EBADSLT         = syscall.Errno(0x39)
+	EBFONT          = syscall.Errno(0x3b)
+	ECANCELED       = syscall.Errno(0x7d)
+	ECHRNG          = syscall.Errno(0x2c)
+	ECOMM           = syscall.Errno(0x46)
+	ECONNABORTED    = syscall.Errno(0x67)
+	ECONNREFUSED    = syscall.Errno(0x6f)
+	ECONNRESET      = syscall.Errno(0x68)
+	EDEADLK         = syscall.Errno(0x23)
+	EDEADLOCK       = syscall.Errno(0x23)
+	EDESTADDRREQ    = syscall.Errno(0x59)
+	EDOTDOT         = syscall.Errno(0x49)
+	EDQUOT          = syscall.Errno(0x7a)
+	EHOSTDOWN       = syscall.Errno(0x70)
+	EHOSTUNREACH    = syscall.Errno(0x71)
+	EHWPOISON       = syscall.Errno(0x85)
+	EIDRM           = syscall.Errno(0x2b)
+	EILSEQ          = syscall.Errno(0x54)
+	EINPROGRESS     = syscall.Errno(0x73)
+	EISCONN         = syscall.Errno(0x6a)
+	EISNAM          = syscall.Errno(0x78)
+	EKEYEXPIRED     = syscall.Errno(0x7f)
+	EKEYREJECTED    = syscall.Errno(0x81)
+	EKEYREVOKED     = syscall.Errno(0x80)
+	EL2HLT          = syscall.Errno(0x33)
+	EL2NSYNC        = syscall.Errno(0x2d)
+	EL3HLT          = syscall.Errno(0x2e)
+	EL3RST          = syscall.Errno(0x2f)
+	ELIBACC         = syscall.Errno(0x4f)
+	ELIBBAD         = syscall.Errno(0x50)
+	ELIBEXEC        = syscall.Errno(0x53)
+	ELIBMAX         = syscall.Errno(0x52)
+	ELIBSCN         = syscall.Errno(0x51)
+	ELNRNG          = syscall.Errno(0x30)
+	ELOOP           = syscall.Errno(0x28)
+	EMEDIUMTYPE     = syscall.Errno(0x7c)
+	EMSGSIZE        = syscall.Errno(0x5a)
+	EMULTIHOP       = syscall.Errno(0x48)
+	ENAMETOOLONG    = syscall.Errno(0x24)
+	ENAVAIL         = syscall.Errno(0x77)
+	ENETDOWN        = syscall.Errno(0x64)
+	ENETRESET       = syscall.Errno(0x66)
+	ENETUNREACH     = syscall.Errno(0x65)
+	ENOANO          = syscall.Errno(0x37)
+	ENOBUFS         = syscall.Errno(0x69)
+	ENOCSI          = syscall.Errno(0x32)
+	ENODATA         = syscall.Errno(0x3d)
+	ENOKEY          = syscall.Errno(0x7e)
+	ENOLCK          = syscall.Errno(0x25)
+	ENOLINK         = syscall.Errno(0x43)
+	ENOMEDIUM       = syscall.Errno(0x7b)
+	ENOMSG          = syscall.Errno(0x2a)
+	ENONET          = syscall.Errno(0x40)
+	ENOPKG          = syscall.Errno(0x41)
+	ENOPROTOOPT     = syscall.Errno(0x5c)
+	ENOSR           = syscall.Errno(0x3f)
+	ENOSTR          = syscall.Errno(0x3c)
+	ENOSYS          = syscall.Errno(0x26)
+	ENOTCONN        = syscall.Errno(0x6b)
+	ENOTEMPTY       = syscall.Errno(0x27)
+	ENOTNAM         = syscall.Errno(0x76)
+	ENOTRECOVERABLE = syscall.Errno(0x83)
+	ENOTSOCK        = syscall.Errno(0x58)
+	ENOTSUP         = syscall.Errno(0x5f)
+	ENOTUNIQ        = syscall.Errno(0x4c)
+	EOPNOTSUPP      = syscall.Errno(0x5f)
+	EOVERFLOW       = syscall.Errno(0x4b)
+	EOWNERDEAD      = syscall.Errno(0x82)
+	EPFNOSUPPORT    = syscall.Errno(0x60)
+	EPROTO          = syscall.Errno(0x47)
+	EPROTONOSUPPORT = syscall.Errno(0x5d)
+	EPROTOTYPE      = syscall.Errno(0x5b)
+	EREMCHG         = syscall.Errno(0x4e)
+	EREMOTE         = syscall.Errno(0x42)
+	EREMOTEIO       = syscall.Errno(0x79)
+	ERESTART        = syscall.Errno(0x55)
+	ERFKILL         = syscall.Errno(0x84)
+	ESHUTDOWN       = syscall.Errno(0x6c)
+	ESOCKTNOSUPPORT = syscall.Errno(0x5e)
+	ESRMNT          = syscall.Errno(0x45)
+	ESTALE          = syscall.Errno(0x74)
+	ESTRPIPE        = syscall.Errno(0x56)
+	ETIME           = syscall.Errno(0x3e)
+	ETIMEDOUT       = syscall.Errno(0x6e)
+	ETOOMANYREFS    = syscall.Errno(0x6d)
+	EUCLEAN         = syscall.Errno(0x75)
+	EUNATCH         = syscall.Errno(0x31)
+	EUSERS          = syscall.Errno(0x57)
+	EXFULL          = syscall.Errno(0x36)
+)
+
+// Signals
+const (
+	SIGBUS    = syscall.Signal(0x7)
+	SIGCHLD   = syscall.Signal(0x11)
+	SIGCLD    = syscall.Signal(0x11)
+	SIGCONT   = syscall.Signal(0x12)
+	SIGIO     = syscall.Signal(0x1d)
+	SIGPOLL   = syscall.Signal(0x1d)
+	SIGPROF   = syscall.Signal(0x1b)
+	SIGPWR    = syscall.Signal(0x1e)
+	SIGSTKFLT = syscall.Signal(0x10)
+	SIGSTOP   = syscall.Signal(0x13)
+	SIGSYS    = syscall.Signal(0x1f)
+	SIGTSTP   = syscall.Signal(0x14)
+	SIGTTIN   = syscall.Signal(0x15)
+	SIGTTOU   = syscall.Signal(0x16)
+	SIGURG    = syscall.Signal(0x17)
+	SIGUSR1   = syscall.Signal(0xa)
+	SIGUSR2   = syscall.Signal(0xc)
+	SIGVTALRM = syscall.Signal(0x1a)
+	SIGWINCH  = syscall.Signal(0x1c)
+	SIGXCPU   = syscall.Signal(0x18)
+	SIGXFSZ   = syscall.Signal(0x19)
+)
+
+// Error table
+var errorList = [...]struct {
+	num  syscall.Errno
+	name string
+	desc string
+}{
+	{1, "EPERM", "operation not permitted"},
+	{2, "ENOENT", "no such file or directory"},
+	{3, "ESRCH", "no such process"},
+	{4, "EINTR", "interrupted system call"},
+	{5, "EIO", "input/output error"},
+	{6, "ENXIO", "no such device or address"},
+	{7, "E2BIG", "argument list too long"},
+	{8, "ENOEXEC", "exec format error"},
+	{9, "EBADF", "bad file descriptor"},
+	{10, "ECHILD", "no child processes"},
+	{11, "EAGAIN", "resource temporarily unavailable"},
+	{12, "ENOMEM", "cannot allocate memory"},
+	{13, "EACCES", "permission denied"},
+	{14, "EFAULT", "bad address"},
+	{15, "ENOTBLK", "block device required"},
+	{16, "EBUSY", "device or resource busy"},
+	{17, "EEXIST", "file exists"},
+	{18, "EXDEV", "invalid cross-device link"},
+	{19, "ENODEV", "no such device"},
+	{20, "ENOTDIR", "not a directory"},
+	{21, "EISDIR", "is a directory"},
+	{22, "EINVAL", "invalid argument"},
+	{23, "ENFILE", "too many open files in system"},
+	{24, "EMFILE", "too many open files"},
+	{25, "ENOTTY", "inappropriate ioctl for device"},
+	{26, "ETXTBSY", "text file busy"},
+	{27, "EFBIG", "file too large"},
+	{28, "ENOSPC", "no space left on device"},
+	{29, "ESPIPE", "illegal seek"},
+	{30, "EROFS", "read-only file system"},
+	{31, "EMLINK", "too many links"},
+	{32, "EPIPE", "broken pipe"},
+	{33, "EDOM", "numerical argument out of domain"},
+	{34, "ERANGE", "numerical result out of range"},
+	{35, "EDEADLK", "resource deadlock avoided"},
+	{36, "ENAMETOOLONG", "file name too long"},
+	{37, "ENOLCK", "no locks available"},
+	{38, "ENOSYS", "function not implemented"},
+	{39, "ENOTEMPTY", "directory not empty"},
+	{40, "ELOOP", "too many levels of symbolic links"},
+	{42, "ENOMSG", "no message of desired type"},
+	{43, "EIDRM", "identifier removed"},
+	{44, "ECHRNG", "channel number out of range"},
+	{45, "EL2NSYNC", "level 2 not synchronized"},
+	{46, "EL3HLT", "level 3 halted"},
+	{47, "EL3RST", "level 3 reset"},
+	{48, "ELNRNG", "link number out of range"},
+	{49, "EUNATCH", "protocol driver not attached"},
+	{50, "ENOCSI", "no CSI structure available"},
+	{51, "EL2HLT", "level 2 halted"},
+	{52, "EBADE", "invalid exchange"},
+	{53, "EBADR", "invalid request descriptor"},
+	{54, "EXFULL", "exchange full"},
+	{55, "ENOANO", "no anode"},
+	{56, "EBADRQC", "invalid request code"},
+	{57, "EBADSLT", "invalid slot"},
+	{59, "EBFONT", "bad font file format"},
+	{60, "ENOSTR", "device not a stream"},
+	{61, "ENODATA", "no data available"},
+	{62, "ETIME", "timer expired"},
+	{63, "ENOSR", "out of streams resources"},
+	{64, "ENONET", "machine is not on the network"},
+	{65, "ENOPKG", "package not installed"},
+	{66, "EREMOTE", "object is remote"},
+	{67, "ENOLINK", "link has been severed"},
+	{68, "EADV", "advertise error"},
+	{69, "ESRMNT", "srmount error"},
+	{70, "ECOMM", "communication error on send"},
+	{71, "EPROTO", "protocol error"},
+	{72, "EMULTIHOP", "multihop attempted"},
+	{73, "EDOTDOT", "RFS specific error"},
+	{74, "EBADMSG", "bad message"},
+	{75, "EOVERFLOW", "value too large for defined data type"},
+	{76, "ENOTUNIQ", "name not unique on network"},
+	{77, "EBADFD", "file descriptor in bad state"},
+	{78, "EREMCHG", "remote address changed"},
+	{79, "ELIBACC", "can not access a needed shared library"},
+	{80, "ELIBBAD", "accessing a corrupted shared library"},
+	{81, "ELIBSCN", ".lib section in a.out corrupted"},
+	{82, "ELIBMAX", "attempting to link in too many shared libraries"},
+	{83, "ELIBEXEC", "cannot exec a shared library directly"},
+	{84, "EILSEQ", "invalid or incomplete multibyte or wide character"},
+	{85, "ERESTART", "interrupted system call should be restarted"},
+	{86, "ESTRPIPE", "streams pipe error"},
+	{87, "EUSERS", "too many users"},
+	{88, "ENOTSOCK", "socket operation on non-socket"},
+	{89, "EDESTADDRREQ", "destination address required"},
+	{90, "EMSGSIZE", "message too long"},
+	{91, "EPROTOTYPE", "protocol wrong type for socket"},
+	{92, "ENOPROTOOPT", "protocol not available"},
+	{93, "EPROTONOSUPPORT", "protocol not supported"},
+	{94, "ESOCKTNOSUPPORT", "socket type not supported"},
+	{95, "ENOTSUP", "operation not supported"},
+	{96, "EPFNOSUPPORT", "protocol family not supported"},
+	{97, "EAFNOSUPPORT", "address family not supported by protocol"},
+	{98, "EADDRINUSE", "address already in use"},
+	{99, "EADDRNOTAVAIL", "cannot assign requested address"},
+	{100, "ENETDOWN", "network is down"},
+	{101, "ENETUNREACH", "network is unreachable"},
+	{102, "ENETRESET", "network dropped connection on reset"},
+	{103, "ECONNABORTED", "software caused connection abort"},
+	{104, "ECONNRESET", "connection reset by peer"},
+	{105, "ENOBUFS", "no buffer space available"},
+	{106, "EISCONN", "transport endpoint is already connected"},
+	{107, "ENOTCONN", "transport endpoint is not connected"},
+	{108, "ESHUTDOWN", "cannot send after transport endpoint shutdown"},
+	{109, "ETOOMANYREFS", "too many references: cannot splice"},
+	{110, "ETIMEDOUT", "connection timed out"},
+	{111, "ECONNREFUSED", "connection refused"},
+	{112, "EHOSTDOWN", "host is down"},
+	{113, "EHOSTUNREACH", "no route to host"},
+	{114, "EALREADY", "operation already in progress"},
+	{115, "EINPROGRESS", "operation now in progress"},
+	{116, "ESTALE", "stale file handle"},
+	{117, "EUCLEAN", "structure needs cleaning"},
+	{118, "ENOTNAM", "not a XENIX named type file"},
+	{119, "ENAVAIL", "no XENIX semaphores available"},
+	{120, "EISNAM", "is a named type file"},
+	{121, "EREMOTEIO", "remote I/O error"},
+	{122, "EDQUOT", "disk quota exceeded"},
+	{123, "ENOMEDIUM", "no medium found"},
+	{124, "EMEDIUMTYPE", "wrong medium type"},
+	{125, "ECANCELED", "operation canceled"},
+	{126, "ENOKEY", "required key not available"},
+	{127, "EKEYEXPIRED", "key has expired"},
+	{128, "EKEYREVOKED", "key has been revoked"},
+	{129, "EKEYREJECTED", "key was rejected by service"},
+	{130, "EOWNERDEAD", "owner died"},
+	{131, "ENOTRECOVERABLE", "state not recoverable"},
+	{132, "ERFKILL", "operation not possible due to RF-kill"},
+	{133, "EHWPOISON", "memory page has hardware error"},
+}
+
+// Signal table
+var signalList = [...]struct {
+	num  syscall.Signal
+	name string
+	desc string
+}{
+	{1, "SIGHUP", "hangup"},
+	{2, "SIGINT", "interrupt"},
+	{3, "SIGQUIT", "quit"},
+	{4, "SIGILL", "illegal instruction"},
+	{5, "SIGTRAP", "trace/breakpoint trap"},
+	{6, "SIGABRT", "aborted"},
+	{7, "SIGBUS", "bus error"},
+	{8, "SIGFPE", "floating point exception"},
+	{9, "SIGKILL", "killed"},
+	{10, "SIGUSR1", "user defined signal 1"},
+	{11, "SIGSEGV", "segmentation fault"},
+	{12, "SIGUSR2", "user defined signal 2"},
+	{13, "SIGPIPE", "broken pipe"},
+	{14, "SIGALRM", "alarm clock"},
+	{15, "SIGTERM", "terminated"},
+	{16, "SIGSTKFLT", "stack fault"},
+	{17, "SIGCHLD", "child exited"},
+	{18, "SIGCONT", "continued"},
+	{19, "SIGSTOP", "stopped (signal)"},
+	{20, "SIGTSTP", "stopped"},
+	{21, "SIGTTIN", "stopped (tty input)"},
+	{22, "SIGTTOU", "stopped (tty output)"},
+	{23, "SIGURG", "urgent I/O condition"},
+	{24, "SIGXCPU", "CPU time limit exceeded"},
+	{25, "SIGXFSZ", "file size limit exceeded"},
+	{26, "SIGVTALRM", "virtual timer expired"},
+	{27, "SIGPROF", "profiling timer expired"},
+	{28, "SIGWINCH", "window changed"},
+	{29, "SIGIO", "I/O possible"},
+	{30, "SIGPWR", "power failure"},
+	{31, "SIGSYS", "bad system call"},
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
new file mode 100644
index 000000000..467b8218e
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
@@ -0,0 +1,850 @@
+// mkerrors.sh -Wall -Werror -static -I/tmp/include -fsigned-char
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build s390x,linux
+
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include -fsigned-char _const.go
+
+package unix
+
+import "syscall"
+
+const (
+	B1000000                         = 0x1008
+	B115200                          = 0x1002
+	B1152000                         = 0x1009
+	B1500000                         = 0x100a
+	B2000000                         = 0x100b
+	B230400                          = 0x1003
+	B2500000                         = 0x100c
+	B3000000                         = 0x100d
+	B3500000                         = 0x100e
+	B4000000                         = 0x100f
+	B460800                          = 0x1004
+	B500000                          = 0x1005
+	B57600                           = 0x1001
+	B576000                          = 0x1006
+	B921600                          = 0x1007
+	BLKBSZGET                        = 0x80081270
+	BLKBSZSET                        = 0x40081271
+	BLKFLSBUF                        = 0x1261
+	BLKFRAGET                        = 0x1265
+	BLKFRASET                        = 0x1264
+	BLKGETSIZE                       = 0x1260
+	BLKGETSIZE64                     = 0x80081272
+	BLKPBSZGET                       = 0x127b
+	BLKRAGET                         = 0x1263
+	BLKRASET                         = 0x1262
+	BLKROGET                         = 0x125e
+	BLKROSET                         = 0x125d
+	BLKRRPART                        = 0x125f
+	BLKSECTGET                       = 0x1267
+	BLKSECTSET                       = 0x1266
+	BLKSSZGET                        = 0x1268
+	BOTHER                           = 0x1000
+	BS1                              = 0x2000
+	BSDLY                            = 0x2000
+	CBAUD                            = 0x100f
+	CBAUDEX                          = 0x1000
+	CIBAUD                           = 0x100f0000
+	CLOCAL                           = 0x800
+	CR1                              = 0x200
+	CR2                              = 0x400
+	CR3                              = 0x600
+	CRDLY                            = 0x600
+	CREAD                            = 0x80
+	CS6                              = 0x10
+	CS7                              = 0x20
+	CS8                              = 0x30
+	CSIZE                            = 0x30
+	CSTOPB                           = 0x40
+	ECHOCTL                          = 0x200
+	ECHOE                            = 0x10
+	ECHOK                            = 0x20
+	ECHOKE                           = 0x800
+	ECHONL                           = 0x40
+	ECHOPRT                          = 0x400
+	EFD_CLOEXEC                      = 0x80000
+	EFD_NONBLOCK                     = 0x800
+	EPOLL_CLOEXEC                    = 0x80000
+	EXTPROC                          = 0x10000
+	FF1                              = 0x8000
+	FFDLY                            = 0x8000
+	FICLONE                          = 0x40049409
+	FICLONERANGE                     = 0x4020940d
+	FLUSHO                           = 0x1000
+	FS_IOC_ENABLE_VERITY             = 0x40806685
+	FS_IOC_GETFLAGS                  = 0x80086601
+	FS_IOC_GET_ENCRYPTION_NONCE      = 0x8010661b
+	FS_IOC_GET_ENCRYPTION_POLICY     = 0x400c6615
+	FS_IOC_GET_ENCRYPTION_PWSALT     = 0x40106614
+	FS_IOC_SETFLAGS                  = 0x40086602
+	FS_IOC_SET_ENCRYPTION_POLICY     = 0x800c6613
+	F_GETLK                          = 0x5
+	F_GETLK64                        = 0x5
+	F_GETOWN                         = 0x9
+	F_RDLCK                          = 0x0
+	F_SETLK                          = 0x6
+	F_SETLK64                        = 0x6
+	F_SETLKW                         = 0x7
+	F_SETLKW64                       = 0x7
+	F_SETOWN                         = 0x8
+	F_UNLCK                          = 0x2
+	F_WRLCK                          = 0x1
+	HUPCL                            = 0x400
+	ICANON                           = 0x2
+	IEXTEN                           = 0x8000
+	IN_CLOEXEC                       = 0x80000
+	IN_NONBLOCK                      = 0x800
+	IOCTL_VM_SOCKETS_GET_LOCAL_CID   = 0x7b9
+	ISIG                             = 0x1
+	IUCLC                            = 0x200
+	IXOFF                            = 0x1000
+	IXON                             = 0x400
+	MAP_ANON                         = 0x20
+	MAP_ANONYMOUS                    = 0x20
+	MAP_DENYWRITE                    = 0x800
+	MAP_EXECUTABLE                   = 0x1000
+	MAP_GROWSDOWN                    = 0x100
+	MAP_HUGETLB                      = 0x40000
+	MAP_LOCKED                       = 0x2000
+	MAP_NONBLOCK                     = 0x10000
+	MAP_NORESERVE                    = 0x4000
+	MAP_POPULATE                     = 0x8000
+	MAP_STACK                        = 0x20000
+	MAP_SYNC                         = 0x80000
+	MCL_CURRENT                      = 0x1
+	MCL_FUTURE                       = 0x2
+	MCL_ONFAULT                      = 0x4
+	NFDBITS                          = 0x40
+	NLDLY                            = 0x100
+	NOFLSH                           = 0x80
+	NS_GET_NSTYPE                    = 0xb703
+	NS_GET_OWNER_UID                 = 0xb704
+	NS_GET_PARENT                    = 0xb702
+	NS_GET_USERNS                    = 0xb701
+	OLCUC                            = 0x2
+	ONLCR                            = 0x4
+	O_APPEND                         = 0x400
+	O_ASYNC                          = 0x2000
+	O_CLOEXEC                        = 0x80000
+	O_CREAT                          = 0x40
+	O_DIRECT                         = 0x4000
+	O_DIRECTORY                      = 0x10000
+	O_DSYNC                          = 0x1000
+	O_EXCL                           = 0x80
+	O_FSYNC                          = 0x101000
+	O_LARGEFILE                      = 0x0
+	O_NDELAY                         = 0x800
+	O_NOATIME                        = 0x40000
+	O_NOCTTY                         = 0x100
+	O_NOFOLLOW                       = 0x20000
+	O_NONBLOCK                       = 0x800
+	O_PATH                           = 0x200000
+	O_RSYNC                          = 0x101000
+	O_SYNC                           = 0x101000
+	O_TMPFILE                        = 0x410000
+	O_TRUNC                          = 0x200
+	PARENB                           = 0x100
+	PARODD                           = 0x200
+	PENDIN                           = 0x4000
+	PERF_EVENT_IOC_DISABLE           = 0x2401
+	PERF_EVENT_IOC_ENABLE            = 0x2400
+	PERF_EVENT_IOC_ID                = 0x80082407
+	PERF_EVENT_IOC_MODIFY_ATTRIBUTES = 0x4008240b
+	PERF_EVENT_IOC_PAUSE_OUTPUT      = 0x40042409
+	PERF_EVENT_IOC_PERIOD            = 0x40082404
+	PERF_EVENT_IOC_QUERY_BPF         = 0xc008240a
+	PERF_EVENT_IOC_REFRESH           = 0x2402
+	PERF_EVENT_IOC_RESET             = 0x2403
+	PERF_EVENT_IOC_SET_BPF           = 0x40042408
+	PERF_EVENT_IOC_SET_FILTER        = 0x40082406
+	PERF_EVENT_IOC_SET_OUTPUT        = 0x2405
+	PPPIOCATTACH                     = 0x4004743d
+	PPPIOCATTCHAN                    = 0x40047438
+	PPPIOCCONNECT                    = 0x4004743a
+	PPPIOCDETACH                     = 0x4004743c
+	PPPIOCDISCONN                    = 0x7439
+	PPPIOCGASYNCMAP                  = 0x80047458
+	PPPIOCGCHAN                      = 0x80047437
+	PPPIOCGDEBUG                     = 0x80047441
+	PPPIOCGFLAGS                     = 0x8004745a
+	PPPIOCGIDLE                      = 0x8010743f
+	PPPIOCGIDLE32                    = 0x8008743f
+	PPPIOCGIDLE64                    = 0x8010743f
+	PPPIOCGL2TPSTATS                 = 0x80487436
+	PPPIOCGMRU                       = 0x80047453
+	PPPIOCGRASYNCMAP                 = 0x80047455
+	PPPIOCGUNIT                      = 0x80047456
+	PPPIOCGXASYNCMAP                 = 0x80207450
+	PPPIOCSACTIVE                    = 0x40107446
+	PPPIOCSASYNCMAP                  = 0x40047457
+	PPPIOCSCOMPRESS                  = 0x4010744d
+	PPPIOCSDEBUG                     = 0x40047440
+	PPPIOCSFLAGS                     = 0x40047459
+	PPPIOCSMAXCID                    = 0x40047451
+	PPPIOCSMRRU                      = 0x4004743b
+	PPPIOCSMRU                       = 0x40047452
+	PPPIOCSNPMODE                    = 0x4008744b
+	PPPIOCSPASS                      = 0x40107447
+	PPPIOCSRASYNCMAP                 = 0x40047454
+	PPPIOCSXASYNCMAP                 = 0x4020744f
+	PPPIOCXFERUNIT                   = 0x744e
+	PR_SET_PTRACER_ANY               = 0xffffffffffffffff
+	PTRACE_DISABLE_TE                = 0x5010
+	PTRACE_ENABLE_TE                 = 0x5009
+	PTRACE_GET_LAST_BREAK            = 0x5006
+	PTRACE_OLDSETOPTIONS             = 0x15
+	PTRACE_PEEKDATA_AREA             = 0x5003
+	PTRACE_PEEKTEXT_AREA             = 0x5002
+	PTRACE_PEEKUSR_AREA              = 0x5000
+	PTRACE_PEEK_SYSTEM_CALL          = 0x5007
+	PTRACE_POKEDATA_AREA             = 0x5005
+	PTRACE_POKETEXT_AREA             = 0x5004
+	PTRACE_POKEUSR_AREA              = 0x5001
+	PTRACE_POKE_SYSTEM_CALL          = 0x5008
+	PTRACE_PROT                      = 0x15
+	PTRACE_SINGLEBLOCK               = 0xc
+	PTRACE_TE_ABORT_RAND             = 0x5011
+	PT_ACR0                          = 0x90
+	PT_ACR1                          = 0x94
+	PT_ACR10                         = 0xb8
+	PT_ACR11                         = 0xbc
+	PT_ACR12                         = 0xc0
+	PT_ACR13                         = 0xc4
+	PT_ACR14                         = 0xc8
+	PT_ACR15                         = 0xcc
+	PT_ACR2                          = 0x98
+	PT_ACR3                          = 0x9c
+	PT_ACR4                          = 0xa0
+	PT_ACR5                          = 0xa4
+	PT_ACR6                          = 0xa8
+	PT_ACR7                          = 0xac
+	PT_ACR8                          = 0xb0
+	PT_ACR9                          = 0xb4
+	PT_CR_10                         = 0x168
+	PT_CR_11                         = 0x170
+	PT_CR_9                          = 0x160
+	PT_ENDREGS                       = 0x1af
+	PT_FPC                           = 0xd8
+	PT_FPR0                          = 0xe0
+	PT_FPR1                          = 0xe8
+	PT_FPR10                         = 0x130
+	PT_FPR11                         = 0x138
+	PT_FPR12                         = 0x140
+	PT_FPR13                         = 0x148
+	PT_FPR14                         = 0x150
+	PT_FPR15                         = 0x158
+	PT_FPR2                          = 0xf0
+	PT_FPR3                          = 0xf8
+	PT_FPR4                          = 0x100
+	PT_FPR5                          = 0x108
+	PT_FPR6                          = 0x110
+	PT_FPR7                          = 0x118
+	PT_FPR8                          = 0x120
+	PT_FPR9                          = 0x128
+	PT_GPR0                          = 0x10
+	PT_GPR1                          = 0x18
+	PT_GPR10                         = 0x60
+	PT_GPR11                         = 0x68
+	PT_GPR12                         = 0x70
+	PT_GPR13                         = 0x78
+	PT_GPR14                         = 0x80
+	PT_GPR15                         = 0x88
+	PT_GPR2                          = 0x20
+	PT_GPR3                          = 0x28
+	PT_GPR4                          = 0x30
+	PT_GPR5                          = 0x38
+	PT_GPR6                          = 0x40
+	PT_GPR7                          = 0x48
+	PT_GPR8                          = 0x50
+	PT_GPR9                          = 0x58
+	PT_IEEE_IP                       = 0x1a8
+	PT_LASTOFF                       = 0x1a8
+	PT_ORIGGPR2                      = 0xd0
+	PT_PSWADDR                       = 0x8
+	PT_PSWMASK                       = 0x0
+	RLIMIT_AS                        = 0x9
+	RLIMIT_MEMLOCK                   = 0x8
+	RLIMIT_NOFILE                    = 0x7
+	RLIMIT_NPROC                     = 0x6
+	RLIMIT_RSS                       = 0x5
+	RNDADDENTROPY                    = 0x40085203
+	RNDADDTOENTCNT                   = 0x40045201
+	RNDCLEARPOOL                     = 0x5206
+	RNDGETENTCNT                     = 0x80045200
+	RNDGETPOOL                       = 0x80085202
+	RNDRESEEDCRNG                    = 0x5207
+	RNDZAPENTCNT                     = 0x5204
+	RTC_AIE_OFF                      = 0x7002
+	RTC_AIE_ON                       = 0x7001
+	RTC_ALM_READ                     = 0x80247008
+	RTC_ALM_SET                      = 0x40247007
+	RTC_EPOCH_READ                   = 0x8008700d
+	RTC_EPOCH_SET                    = 0x4008700e
+	RTC_IRQP_READ                    = 0x8008700b
+	RTC_IRQP_SET                     = 0x4008700c
+	RTC_PIE_OFF                      = 0x7006
+	RTC_PIE_ON                       = 0x7005
+	RTC_PLL_GET                      = 0x80207011
+	RTC_PLL_SET                      = 0x40207012
+	RTC_RD_TIME                      = 0x80247009
+	RTC_SET_TIME                     = 0x4024700a
+	RTC_UIE_OFF                      = 0x7004
+	RTC_UIE_ON                       = 0x7003
+	RTC_VL_CLR                       = 0x7014
+	RTC_VL_READ                      = 0x80047013
+	RTC_WIE_OFF                      = 0x7010
+	RTC_WIE_ON                       = 0x700f
+	RTC_WKALM_RD                     = 0x80287010
+	RTC_WKALM_SET                    = 0x4028700f
+	SCM_TIMESTAMPING                 = 0x25
+	SCM_TIMESTAMPING_OPT_STATS       = 0x36
+	SCM_TIMESTAMPING_PKTINFO         = 0x3a
+	SCM_TIMESTAMPNS                  = 0x23
+	SCM_TXTIME                       = 0x3d
+	SCM_WIFI_STATUS                  = 0x29
+	SFD_CLOEXEC                      = 0x80000
+	SFD_NONBLOCK                     = 0x800
+	SIOCATMARK                       = 0x8905
+	SIOCGPGRP                        = 0x8904
+	SIOCGSTAMPNS_NEW                 = 0x80108907
+	SIOCGSTAMP_NEW                   = 0x80108906
+	SIOCINQ                          = 0x541b
+	SIOCOUTQ                         = 0x5411
+	SIOCSPGRP                        = 0x8902
+	SOCK_CLOEXEC                     = 0x80000
+	SOCK_DGRAM                       = 0x2
+	SOCK_NONBLOCK                    = 0x800
+	SOCK_STREAM                      = 0x1
+	SOL_SOCKET                       = 0x1
+	SO_ACCEPTCONN                    = 0x1e
+	SO_ATTACH_BPF                    = 0x32
+	SO_ATTACH_REUSEPORT_CBPF         = 0x33
+	SO_ATTACH_REUSEPORT_EBPF         = 0x34
+	SO_BINDTODEVICE                  = 0x19
+	SO_BINDTOIFINDEX                 = 0x3e
+	SO_BPF_EXTENSIONS                = 0x30
+	SO_BROADCAST                     = 0x6
+	SO_BSDCOMPAT                     = 0xe
+	SO_BUSY_POLL                     = 0x2e
+	SO_CNX_ADVICE                    = 0x35
+	SO_COOKIE                        = 0x39
+	SO_DETACH_REUSEPORT_BPF          = 0x44
+	SO_DOMAIN                        = 0x27
+	SO_DONTROUTE                     = 0x5
+	SO_ERROR                         = 0x4
+	SO_INCOMING_CPU                  = 0x31
+	SO_INCOMING_NAPI_ID              = 0x38
+	SO_KEEPALIVE                     = 0x9
+	SO_LINGER                        = 0xd
+	SO_LOCK_FILTER                   = 0x2c
+	SO_MARK                          = 0x24
+	SO_MAX_PACING_RATE               = 0x2f
+	SO_MEMINFO                       = 0x37
+	SO_NOFCS                         = 0x2b
+	SO_OOBINLINE                     = 0xa
+	SO_PASSCRED                      = 0x10
+	SO_PASSSEC                       = 0x22
+	SO_PEEK_OFF                      = 0x2a
+	SO_PEERCRED                      = 0x11
+	SO_PEERGROUPS                    = 0x3b
+	SO_PEERSEC                       = 0x1f
+	SO_PROTOCOL                      = 0x26
+	SO_RCVBUF                        = 0x8
+	SO_RCVBUFFORCE                   = 0x21
+	SO_RCVLOWAT                      = 0x12
+	SO_RCVTIMEO                      = 0x14
+	SO_RCVTIMEO_NEW                  = 0x42
+	SO_RCVTIMEO_OLD                  = 0x14
+	SO_REUSEADDR                     = 0x2
+	SO_REUSEPORT                     = 0xf
+	SO_RXQ_OVFL                      = 0x28
+	SO_SECURITY_AUTHENTICATION       = 0x16
+	SO_SECURITY_ENCRYPTION_NETWORK   = 0x18
+	SO_SECURITY_ENCRYPTION_TRANSPORT = 0x17
+	SO_SELECT_ERR_QUEUE              = 0x2d
+	SO_SNDBUF                        = 0x7
+	SO_SNDBUFFORCE                   = 0x20
+	SO_SNDLOWAT                      = 0x13
+	SO_SNDTIMEO                      = 0x15
+	SO_SNDTIMEO_NEW                  = 0x43
+	SO_SNDTIMEO_OLD                  = 0x15
+	SO_TIMESTAMPING                  = 0x25
+	SO_TIMESTAMPING_NEW              = 0x41
+	SO_TIMESTAMPING_OLD              = 0x25
+	SO_TIMESTAMPNS                   = 0x23
+	SO_TIMESTAMPNS_NEW               = 0x40
+	SO_TIMESTAMPNS_OLD               = 0x23
+	SO_TIMESTAMP_NEW                 = 0x3f
+	SO_TXTIME                        = 0x3d
+	SO_TYPE                          = 0x3
+	SO_WIFI_STATUS                   = 0x29
+	SO_ZEROCOPY                      = 0x3c
+	TAB1                             = 0x800
+	TAB2                             = 0x1000
+	TAB3                             = 0x1800
+	TABDLY                           = 0x1800
+	TCFLSH                           = 0x540b
+	TCGETA                           = 0x5405
+	TCGETS                           = 0x5401
+	TCGETS2                          = 0x802c542a
+	TCGETX                           = 0x5432
+	TCSAFLUSH                        = 0x2
+	TCSBRK                           = 0x5409
+	TCSBRKP                          = 0x5425
+	TCSETA                           = 0x5406
+	TCSETAF                          = 0x5408
+	TCSETAW                          = 0x5407
+	TCSETS                           = 0x5402
+	TCSETS2                          = 0x402c542b
+	TCSETSF                          = 0x5404
+	TCSETSF2                         = 0x402c542d
+	TCSETSW                          = 0x5403
+	TCSETSW2                         = 0x402c542c
+	TCSETX                           = 0x5433
+	TCSETXF                          = 0x5434
+	TCSETXW                          = 0x5435
+	TCXONC                           = 0x540a
+	TFD_CLOEXEC                      = 0x80000
+	TFD_NONBLOCK                     = 0x800
+	TIOCCBRK                         = 0x5428
+	TIOCCONS                         = 0x541d
+	TIOCEXCL                         = 0x540c
+	TIOCGDEV                         = 0x80045432
+	TIOCGETD                         = 0x5424
+	TIOCGEXCL                        = 0x80045440
+	TIOCGICOUNT                      = 0x545d
+	TIOCGISO7816                     = 0x80285442
+	TIOCGLCKTRMIOS                   = 0x5456
+	TIOCGPGRP                        = 0x540f
+	TIOCGPKT                         = 0x80045438
+	TIOCGPTLCK                       = 0x80045439
+	TIOCGPTN                         = 0x80045430
+	TIOCGPTPEER                      = 0x5441
+	TIOCGRS485                       = 0x542e
+	TIOCGSERIAL                      = 0x541e
+	TIOCGSID                         = 0x5429
+	TIOCGSOFTCAR                     = 0x5419
+	TIOCGWINSZ                       = 0x5413
+	TIOCINQ                          = 0x541b
+	TIOCLINUX                        = 0x541c
+	TIOCMBIC                         = 0x5417
+	TIOCMBIS                         = 0x5416
+	TIOCMGET                         = 0x5415
+	TIOCMIWAIT                       = 0x545c
+	TIOCMSET                         = 0x5418
+	TIOCM_CAR                        = 0x40
+	TIOCM_CD                         = 0x40
+	TIOCM_CTS                        = 0x20
+	TIOCM_DSR                        = 0x100
+	TIOCM_RI                         = 0x80
+	TIOCM_RNG                        = 0x80
+	TIOCM_SR                         = 0x10
+	TIOCM_ST                         = 0x8
+	TIOCNOTTY                        = 0x5422
+	TIOCNXCL                         = 0x540d
+	TIOCOUTQ                         = 0x5411
+	TIOCPKT                          = 0x5420
+	TIOCSBRK                         = 0x5427
+	TIOCSCTTY                        = 0x540e
+	TIOCSERCONFIG                    = 0x5453
+	TIOCSERGETLSR                    = 0x5459
+	TIOCSERGETMULTI                  = 0x545a
+	TIOCSERGSTRUCT                   = 0x5458
+	TIOCSERGWILD                     = 0x5454
+	TIOCSERSETMULTI                  = 0x545b
+	TIOCSERSWILD                     = 0x5455
+	TIOCSER_TEMT                     = 0x1
+	TIOCSETD                         = 0x5423
+	TIOCSIG                          = 0x40045436
+	TIOCSISO7816                     = 0xc0285443
+	TIOCSLCKTRMIOS                   = 0x5457
+	TIOCSPGRP                        = 0x5410
+	TIOCSPTLCK                       = 0x40045431
+	TIOCSRS485                       = 0x542f
+	TIOCSSERIAL                      = 0x541f
+	TIOCSSOFTCAR                     = 0x541a
+	TIOCSTI                          = 0x5412
+	TIOCSWINSZ                       = 0x5414
+	TIOCVHANGUP                      = 0x5437
+	TOSTOP                           = 0x100
+	TUNATTACHFILTER                  = 0x401054d5
+	TUNDETACHFILTER                  = 0x401054d6
+	TUNGETDEVNETNS                   = 0x54e3
+	TUNGETFEATURES                   = 0x800454cf
+	TUNGETFILTER                     = 0x801054db
+	TUNGETIFF                        = 0x800454d2
+	TUNGETSNDBUF                     = 0x800454d3
+	TUNGETVNETBE                     = 0x800454df
+	TUNGETVNETHDRSZ                  = 0x800454d7
+	TUNGETVNETLE                     = 0x800454dd
+	TUNSETCARRIER                    = 0x400454e2
+	TUNSETDEBUG                      = 0x400454c9
+	TUNSETFILTEREBPF                 = 0x800454e1
+	TUNSETGROUP                      = 0x400454ce
+	TUNSETIFF                        = 0x400454ca
+	TUNSETIFINDEX                    = 0x400454da
+	TUNSETLINK                       = 0x400454cd
+	TUNSETNOCSUM                     = 0x400454c8
+	TUNSETOFFLOAD                    = 0x400454d0
+	TUNSETOWNER                      = 0x400454cc
+	TUNSETPERSIST                    = 0x400454cb
+	TUNSETQUEUE                      = 0x400454d9
+	TUNSETSNDBUF                     = 0x400454d4
+	TUNSETSTEERINGEBPF               = 0x800454e0
+	TUNSETTXFILTER                   = 0x400454d1
+	TUNSETVNETBE                     = 0x400454de
+	TUNSETVNETHDRSZ                  = 0x400454d8
+	TUNSETVNETLE                     = 0x400454dc
+	UBI_IOCATT                       = 0x40186f40
+	UBI_IOCDET                       = 0x40046f41
+	UBI_IOCEBCH                      = 0x40044f02
+	UBI_IOCEBER                      = 0x40044f01
+	UBI_IOCEBISMAP                   = 0x80044f05
+	UBI_IOCEBMAP                     = 0x40084f03
+	UBI_IOCEBUNMAP                   = 0x40044f04
+	UBI_IOCMKVOL                     = 0x40986f00
+	UBI_IOCRMVOL                     = 0x40046f01
+	UBI_IOCRNVOL                     = 0x51106f03
+	UBI_IOCRPEB                      = 0x40046f04
+	UBI_IOCRSVOL                     = 0x400c6f02
+	UBI_IOCSETVOLPROP                = 0x40104f06
+	UBI_IOCSPEB                      = 0x40046f05
+	UBI_IOCVOLCRBLK                  = 0x40804f07
+	UBI_IOCVOLRMBLK                  = 0x4f08
+	UBI_IOCVOLUP                     = 0x40084f00
+	VDISCARD                         = 0xd
+	VEOF                             = 0x4
+	VEOL                             = 0xb
+	VEOL2                            = 0x10
+	VMIN                             = 0x6
+	VREPRINT                         = 0xc
+	VSTART                           = 0x8
+	VSTOP                            = 0x9
+	VSUSP                            = 0xa
+	VSWTC                            = 0x7
+	VT1                              = 0x4000
+	VTDLY                            = 0x4000
+	VTIME                            = 0x5
+	VWERASE                          = 0xe
+	WDIOC_GETBOOTSTATUS              = 0x80045702
+	WDIOC_GETPRETIMEOUT              = 0x80045709
+	WDIOC_GETSTATUS                  = 0x80045701
+	WDIOC_GETSUPPORT                 = 0x80285700
+	WDIOC_GETTEMP                    = 0x80045703
+	WDIOC_GETTIMELEFT                = 0x8004570a
+	WDIOC_GETTIMEOUT                 = 0x80045707
+	WDIOC_KEEPALIVE                  = 0x80045705
+	WDIOC_SETOPTIONS                 = 0x80045704
+	WORDSIZE                         = 0x40
+	XCASE                            = 0x4
+	XTABS                            = 0x1800
+)
+
+// Errors
+const (
+	EADDRINUSE      = syscall.Errno(0x62)
+	EADDRNOTAVAIL   = syscall.Errno(0x63)
+	EADV            = syscall.Errno(0x44)
+	EAFNOSUPPORT    = syscall.Errno(0x61)
+	EALREADY        = syscall.Errno(0x72)
+	EBADE           = syscall.Errno(0x34)
+	EBADFD          = syscall.Errno(0x4d)
+	EBADMSG         = syscall.Errno(0x4a)
+	EBADR           = syscall.Errno(0x35)
+	EBADRQC         = syscall.Errno(0x38)
+	EBADSLT         = syscall.Errno(0x39)
+	EBFONT          = syscall.Errno(0x3b)
+	ECANCELED       = syscall.Errno(0x7d)
+	ECHRNG          = syscall.Errno(0x2c)
+	ECOMM           = syscall.Errno(0x46)
+	ECONNABORTED    = syscall.Errno(0x67)
+	ECONNREFUSED    = syscall.Errno(0x6f)
+	ECONNRESET      = syscall.Errno(0x68)
+	EDEADLK         = syscall.Errno(0x23)
+	EDEADLOCK       = syscall.Errno(0x23)
+	EDESTADDRREQ    = syscall.Errno(0x59)
+	EDOTDOT         = syscall.Errno(0x49)
+	EDQUOT          = syscall.Errno(0x7a)
+	EHOSTDOWN       = syscall.Errno(0x70)
+	EHOSTUNREACH    = syscall.Errno(0x71)
+	EHWPOISON       = syscall.Errno(0x85)
+	EIDRM           = syscall.Errno(0x2b)
+	EILSEQ          = syscall.Errno(0x54)
+	EINPROGRESS     = syscall.Errno(0x73)
+	EISCONN         = syscall.Errno(0x6a)
+	EISNAM          = syscall.Errno(0x78)
+	EKEYEXPIRED     = syscall.Errno(0x7f)
+	EKEYREJECTED    = syscall.Errno(0x81)
+	EKEYREVOKED     = syscall.Errno(0x80)
+	EL2HLT          = syscall.Errno(0x33)
+	EL2NSYNC        = syscall.Errno(0x2d)
+	EL3HLT          = syscall.Errno(0x2e)
+	EL3RST          = syscall.Errno(0x2f)
+	ELIBACC         = syscall.Errno(0x4f)
+	ELIBBAD         = syscall.Errno(0x50)
+	ELIBEXEC        = syscall.Errno(0x53)
+	ELIBMAX         = syscall.Errno(0x52)
+	ELIBSCN         = syscall.Errno(0x51)
+	ELNRNG          = syscall.Errno(0x30)
+	ELOOP           = syscall.Errno(0x28)
+	EMEDIUMTYPE     = syscall.Errno(0x7c)
+	EMSGSIZE        = syscall.Errno(0x5a)
+	EMULTIHOP       = syscall.Errno(0x48)
+	ENAMETOOLONG    = syscall.Errno(0x24)
+	ENAVAIL         = syscall.Errno(0x77)
+	ENETDOWN        = syscall.Errno(0x64)
+	ENETRESET       = syscall.Errno(0x66)
+	ENETUNREACH     = syscall.Errno(0x65)
+	ENOANO          = syscall.Errno(0x37)
+	ENOBUFS         = syscall.Errno(0x69)
+	ENOCSI          = syscall.Errno(0x32)
+	ENODATA         = syscall.Errno(0x3d)
+	ENOKEY          = syscall.Errno(0x7e)
+	ENOLCK          = syscall.Errno(0x25)
+	ENOLINK         = syscall.Errno(0x43)
+	ENOMEDIUM       = syscall.Errno(0x7b)
+	ENOMSG          = syscall.Errno(0x2a)
+	ENONET          = syscall.Errno(0x40)
+	ENOPKG          = syscall.Errno(0x41)
+	ENOPROTOOPT     = syscall.Errno(0x5c)
+	ENOSR           = syscall.Errno(0x3f)
+	ENOSTR          = syscall.Errno(0x3c)
+	ENOSYS          = syscall.Errno(0x26)
+	ENOTCONN        = syscall.Errno(0x6b)
+	ENOTEMPTY       = syscall.Errno(0x27)
+	ENOTNAM         = syscall.Errno(0x76)
+	ENOTRECOVERABLE = syscall.Errno(0x83)
+	ENOTSOCK        = syscall.Errno(0x58)
+	ENOTSUP         = syscall.Errno(0x5f)
+	ENOTUNIQ        = syscall.Errno(0x4c)
+	EOPNOTSUPP      = syscall.Errno(0x5f)
+	EOVERFLOW       = syscall.Errno(0x4b)
+	EOWNERDEAD      = syscall.Errno(0x82)
+	EPFNOSUPPORT    = syscall.Errno(0x60)
+	EPROTO          = syscall.Errno(0x47)
+	EPROTONOSUPPORT = syscall.Errno(0x5d)
+	EPROTOTYPE      = syscall.Errno(0x5b)
+	EREMCHG         = syscall.Errno(0x4e)
+	EREMOTE         = syscall.Errno(0x42)
+	EREMOTEIO       = syscall.Errno(0x79)
+	ERESTART        = syscall.Errno(0x55)
+	ERFKILL         = syscall.Errno(0x84)
+	ESHUTDOWN       = syscall.Errno(0x6c)
+	ESOCKTNOSUPPORT = syscall.Errno(0x5e)
+	ESRMNT          = syscall.Errno(0x45)
+	ESTALE          = syscall.Errno(0x74)
+	ESTRPIPE        = syscall.Errno(0x56)
+	ETIME           = syscall.Errno(0x3e)
+	ETIMEDOUT       = syscall.Errno(0x6e)
+	ETOOMANYREFS    = syscall.Errno(0x6d)
+	EUCLEAN         = syscall.Errno(0x75)
+	EUNATCH         = syscall.Errno(0x31)
+	EUSERS          = syscall.Errno(0x57)
+	EXFULL          = syscall.Errno(0x36)
+)
+
+// Signals
+const (
+	SIGBUS    = syscall.Signal(0x7)
+	SIGCHLD   = syscall.Signal(0x11)
+	SIGCLD    = syscall.Signal(0x11)
+	SIGCONT   = syscall.Signal(0x12)
+	SIGIO     = syscall.Signal(0x1d)
+	SIGPOLL   = syscall.Signal(0x1d)
+	SIGPROF   = syscall.Signal(0x1b)
+	SIGPWR    = syscall.Signal(0x1e)
+	SIGSTKFLT = syscall.Signal(0x10)
+	SIGSTOP   = syscall.Signal(0x13)
+	SIGSYS    = syscall.Signal(0x1f)
+	SIGTSTP   = syscall.Signal(0x14)
+	SIGTTIN   = syscall.Signal(0x15)
+	SIGTTOU   = syscall.Signal(0x16)
+	SIGURG    = syscall.Signal(0x17)
+	SIGUSR1   = syscall.Signal(0xa)
+	SIGUSR2   = syscall.Signal(0xc)
+	SIGVTALRM = syscall.Signal(0x1a)
+	SIGWINCH  = syscall.Signal(0x1c)
+	SIGXCPU   = syscall.Signal(0x18)
+	SIGXFSZ   = syscall.Signal(0x19)
+)
+
+// Error table
+var errorList = [...]struct {
+	num  syscall.Errno
+	name string
+	desc string
+}{
+	{1, "EPERM", "operation not permitted"},
+	{2, "ENOENT", "no such file or directory"},
+	{3, "ESRCH", "no such process"},
+	{4, "EINTR", "interrupted system call"},
+	{5, "EIO", "input/output error"},
+	{6, "ENXIO", "no such device or address"},
+	{7, "E2BIG", "argument list too long"},
+	{8, "ENOEXEC", "exec format error"},
+	{9, "EBADF", "bad file descriptor"},
+	{10, "ECHILD", "no child processes"},
+	{11, "EAGAIN", "resource temporarily unavailable"},
+	{12, "ENOMEM", "cannot allocate memory"},
+	{13, "EACCES", "permission denied"},
+	{14, "EFAULT", "bad address"},
+	{15, "ENOTBLK", "block device required"},
+	{16, "EBUSY", "device or resource busy"},
+	{17, "EEXIST", "file exists"},
+	{18, "EXDEV", "invalid cross-device link"},
+	{19, "ENODEV", "no such device"},
+	{20, "ENOTDIR", "not a directory"},
+	{21, "EISDIR", "is a directory"},
+	{22, "EINVAL", "invalid argument"},
+	{23, "ENFILE", "too many open files in system"},
+	{24, "EMFILE", "too many open files"},
+	{25, "ENOTTY", "inappropriate ioctl for device"},
+	{26, "ETXTBSY", "text file busy"},
+	{27, "EFBIG", "file too large"},
+	{28, "ENOSPC", "no space left on device"},
+	{29, "ESPIPE", "illegal seek"},
+	{30, "EROFS", "read-only file system"},
+	{31, "EMLINK", "too many links"},
+	{32, "EPIPE", "broken pipe"},
+	{33, "EDOM", "numerical argument out of domain"},
+	{34, "ERANGE", "numerical result out of range"},
+	{35, "EDEADLK", "resource deadlock avoided"},
+	{36, "ENAMETOOLONG", "file name too long"},
+	{37, "ENOLCK", "no locks available"},
+	{38, "ENOSYS", "function not implemented"},
+	{39, "ENOTEMPTY", "directory not empty"},
+	{40, "ELOOP", "too many levels of symbolic links"},
+	{42, "ENOMSG", "no message of desired type"},
+	{43, "EIDRM", "identifier removed"},
+	{44, "ECHRNG", "channel number out of range"},
+	{45, "EL2NSYNC", "level 2 not synchronized"},
+	{46, "EL3HLT", "level 3 halted"},
+	{47, "EL3RST", "level 3 reset"},
+	{48, "ELNRNG", "link number out of range"},
+	{49, "EUNATCH", "protocol driver not attached"},
+	{50, "ENOCSI", "no CSI structure available"},
+	{51, "EL2HLT", "level 2 halted"},
+	{52, "EBADE", "invalid exchange"},
+	{53, "EBADR", "invalid request descriptor"},
+	{54, "EXFULL", "exchange full"},
+	{55, "ENOANO", "no anode"},
+	{56, "EBADRQC", "invalid request code"},
+	{57, "EBADSLT", "invalid slot"},
+	{59, "EBFONT", "bad font file format"},
+	{60, "ENOSTR", "device not a stream"},
+	{61, "ENODATA", "no data available"},
+	{62, "ETIME", "timer expired"},
+	{63, "ENOSR", "out of streams resources"},
+	{64, "ENONET", "machine is not on the network"},
+	{65, "ENOPKG", "package not installed"},
+	{66, "EREMOTE", "object is remote"},
+	{67, "ENOLINK", "link has been severed"},
+	{68, "EADV", "advertise error"},
+	{69, "ESRMNT", "srmount error"},
+	{70, "ECOMM", "communication error on send"},
+	{71, "EPROTO", "protocol error"},
+	{72, "EMULTIHOP", "multihop attempted"},
+	{73, "EDOTDOT", "RFS specific error"},
+	{74, "EBADMSG", "bad message"},
+	{75, "EOVERFLOW", "value too large for defined data type"},
+	{76, "ENOTUNIQ", "name not unique on network"},
+	{77, "EBADFD", "file descriptor in bad state"},
+	{78, "EREMCHG", "remote address changed"},
+	{79, "ELIBACC", "can not access a needed shared library"},
+	{80, "ELIBBAD", "accessing a corrupted shared library"},
+	{81, "ELIBSCN", ".lib section in a.out corrupted"},
+	{82, "ELIBMAX", "attempting to link in too many shared libraries"},
+	{83, "ELIBEXEC", "cannot exec a shared library directly"},
+	{84, "EILSEQ", "invalid or incomplete multibyte or wide character"},
+	{85, "ERESTART", "interrupted system call should be restarted"},
+	{86, "ESTRPIPE", "streams pipe error"},
+	{87, "EUSERS", "too many users"},
+	{88, "ENOTSOCK", "socket operation on non-socket"},
+	{89, "EDESTADDRREQ", "destination address required"},
+	{90, "EMSGSIZE", "message too long"},
+	{91, "EPROTOTYPE", "protocol wrong type for socket"},
+	{92, "ENOPROTOOPT", "protocol not available"},
+	{93, "EPROTONOSUPPORT", "protocol not supported"},
+	{94, "ESOCKTNOSUPPORT", "socket type not supported"},
+	{95, "ENOTSUP", "operation not supported"},
+	{96, "EPFNOSUPPORT", "protocol family not supported"},
+	{97, "EAFNOSUPPORT", "address family not supported by protocol"},
+	{98, "EADDRINUSE", "address already in use"},
+	{99, "EADDRNOTAVAIL", "cannot assign requested address"},
+	{100, "ENETDOWN", "network is down"},
+	{101, "ENETUNREACH", "network is unreachable"},
+	{102, "ENETRESET", "network dropped connection on reset"},
+	{103, "ECONNABORTED", "software caused connection abort"},
+	{104, "ECONNRESET", "connection reset by peer"},
+	{105, "ENOBUFS", "no buffer space available"},
+	{106, "EISCONN", "transport endpoint is already connected"},
+	{107, "ENOTCONN", "transport endpoint is not connected"},
+	{108, "ESHUTDOWN", "cannot send after transport endpoint shutdown"},
+	{109, "ETOOMANYREFS", "too many references: cannot splice"},
+	{110, "ETIMEDOUT", "connection timed out"},
+	{111, "ECONNREFUSED", "connection refused"},
+	{112, "EHOSTDOWN", "host is down"},
+	{113, "EHOSTUNREACH", "no route to host"},
+	{114, "EALREADY", "operation already in progress"},
+	{115, "EINPROGRESS", "operation now in progress"},
+	{116, "ESTALE", "stale file handle"},
+	{117, "EUCLEAN", "structure needs cleaning"},
+	{118, "ENOTNAM", "not a XENIX named type file"},
+	{119, "ENAVAIL", "no XENIX semaphores available"},
+	{120, "EISNAM", "is a named type file"},
+	{121, "EREMOTEIO", "remote I/O error"},
+	{122, "EDQUOT", "disk quota exceeded"},
+	{123, "ENOMEDIUM", "no medium found"},
+	{124, "EMEDIUMTYPE", "wrong medium type"},
+	{125, "ECANCELED", "operation canceled"},
+	{126, "ENOKEY", "required key not available"},
+	{127, "EKEYEXPIRED", "key has expired"},
+	{128, "EKEYREVOKED", "key has been revoked"},
+	{129, "EKEYREJECTED", "key was rejected by service"},
+	{130, "EOWNERDEAD", "owner died"},
+	{131, "ENOTRECOVERABLE", "state not recoverable"},
+	{132, "ERFKILL", "operation not possible due to RF-kill"},
+	{133, "EHWPOISON", "memory page has hardware error"},
+}
+
+// Signal table
+var signalList = [...]struct {
+	num  syscall.Signal
+	name string
+	desc string
+}{
+	{1, "SIGHUP", "hangup"},
+	{2, "SIGINT", "interrupt"},
+	{3, "SIGQUIT", "quit"},
+	{4, "SIGILL", "illegal instruction"},
+	{5, "SIGTRAP", "trace/breakpoint trap"},
+	{6, "SIGABRT", "aborted"},
+	{7, "SIGBUS", "bus error"},
+	{8, "SIGFPE", "floating point exception"},
+	{9, "SIGKILL", "killed"},
+	{10, "SIGUSR1", "user defined signal 1"},
+	{11, "SIGSEGV", "segmentation fault"},
+	{12, "SIGUSR2", "user defined signal 2"},
+	{13, "SIGPIPE", "broken pipe"},
+	{14, "SIGALRM", "alarm clock"},
+	{15, "SIGTERM", "terminated"},
+	{16, "SIGSTKFLT", "stack fault"},
+	{17, "SIGCHLD", "child exited"},
+	{18, "SIGCONT", "continued"},
+	{19, "SIGSTOP", "stopped (signal)"},
+	{20, "SIGTSTP", "stopped"},
+	{21, "SIGTTIN", "stopped (tty input)"},
+	{22, "SIGTTOU", "stopped (tty output)"},
+	{23, "SIGURG", "urgent I/O condition"},
+	{24, "SIGXCPU", "CPU time limit exceeded"},
+	{25, "SIGXFSZ", "file size limit exceeded"},
+	{26, "SIGVTALRM", "virtual timer expired"},
+	{27, "SIGPROF", "profiling timer expired"},
+	{28, "SIGWINCH", "window changed"},
+	{29, "SIGIO", "I/O possible"},
+	{30, "SIGPWR", "power failure"},
+	{31, "SIGSYS", "bad system call"},
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
new file mode 100644
index 000000000..79fbafbcf
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
@@ -0,0 +1,847 @@
+// mkerrors.sh -Wall -Werror -static -I/tmp/include
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build sparc64,linux
+
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include _const.go
+
+package unix
+
+import "syscall"
+
+const (
+	ASI_LEON_DFLUSH                  = 0x11
+	ASI_LEON_IFLUSH                  = 0x10
+	ASI_LEON_MMUFLUSH                = 0x18
+	B1000000                         = 0x1008
+	B115200                          = 0x1002
+	B1152000                         = 0x1009
+	B1500000                         = 0x100a
+	B2000000                         = 0x100b
+	B230400                          = 0x1003
+	B2500000                         = 0x100c
+	B3000000                         = 0x100d
+	B3500000                         = 0x100e
+	B4000000                         = 0x100f
+	B460800                          = 0x1004
+	B500000                          = 0x1005
+	B57600                           = 0x1001
+	B576000                          = 0x1006
+	B921600                          = 0x1007
+	BLKBSZGET                        = 0x40081270
+	BLKBSZSET                        = 0x80081271
+	BLKFLSBUF                        = 0x20001261
+	BLKFRAGET                        = 0x20001265
+	BLKFRASET                        = 0x20001264
+	BLKGETSIZE                       = 0x20001260
+	BLKGETSIZE64                     = 0x40081272
+	BLKPBSZGET                       = 0x2000127b
+	BLKRAGET                         = 0x20001263
+	BLKRASET                         = 0x20001262
+	BLKROGET                         = 0x2000125e
+	BLKROSET                         = 0x2000125d
+	BLKRRPART                        = 0x2000125f
+	BLKSECTGET                       = 0x20001267
+	BLKSECTSET                       = 0x20001266
+	BLKSSZGET                        = 0x20001268
+	BOTHER                           = 0x1000
+	BS1                              = 0x2000
+	BSDLY                            = 0x2000
+	CBAUD                            = 0x100f
+	CBAUDEX                          = 0x1000
+	CIBAUD                           = 0x100f0000
+	CLOCAL                           = 0x800
+	CR1                              = 0x200
+	CR2                              = 0x400
+	CR3                              = 0x600
+	CRDLY                            = 0x600
+	CREAD                            = 0x80
+	CS6                              = 0x10
+	CS7                              = 0x20
+	CS8                              = 0x30
+	CSIZE                            = 0x30
+	CSTOPB                           = 0x40
+	ECHOCTL                          = 0x200
+	ECHOE                            = 0x10
+	ECHOK                            = 0x20
+	ECHOKE                           = 0x800
+	ECHONL                           = 0x40
+	ECHOPRT                          = 0x400
+	EFD_CLOEXEC                      = 0x400000
+	EFD_NONBLOCK                     = 0x4000
+	EMT_TAGOVF                       = 0x1
+	EPOLL_CLOEXEC                    = 0x400000
+	EXTPROC                          = 0x10000
+	FF1                              = 0x8000
+	FFDLY                            = 0x8000
+	FICLONE                          = 0x80049409
+	FICLONERANGE                     = 0x8020940d
+	FLUSHO                           = 0x1000
+	FS_IOC_ENABLE_VERITY             = 0x80806685
+	FS_IOC_GETFLAGS                  = 0x40086601
+	FS_IOC_GET_ENCRYPTION_NONCE      = 0x4010661b
+	FS_IOC_GET_ENCRYPTION_POLICY     = 0x800c6615
+	FS_IOC_GET_ENCRYPTION_PWSALT     = 0x80106614
+	FS_IOC_SETFLAGS                  = 0x80086602
+	FS_IOC_SET_ENCRYPTION_POLICY     = 0x400c6613
+	F_GETLK                          = 0x7
+	F_GETLK64                        = 0x7
+	F_GETOWN                         = 0x5
+	F_RDLCK                          = 0x1
+	F_SETLK                          = 0x8
+	F_SETLK64                        = 0x8
+	F_SETLKW                         = 0x9
+	F_SETLKW64                       = 0x9
+	F_SETOWN                         = 0x6
+	F_UNLCK                          = 0x3
+	F_WRLCK                          = 0x2
+	HUPCL                            = 0x400
+	ICANON                           = 0x2
+	IEXTEN                           = 0x8000
+	IN_CLOEXEC                       = 0x400000
+	IN_NONBLOCK                      = 0x4000
+	IOCTL_VM_SOCKETS_GET_LOCAL_CID   = 0x200007b9
+	ISIG                             = 0x1
+	IUCLC                            = 0x200
+	IXOFF                            = 0x1000
+	IXON                             = 0x400
+	MAP_ANON                         = 0x20
+	MAP_ANONYMOUS                    = 0x20
+	MAP_DENYWRITE                    = 0x800
+	MAP_EXECUTABLE                   = 0x1000
+	MAP_GROWSDOWN                    = 0x200
+	MAP_HUGETLB                      = 0x40000
+	MAP_LOCKED                       = 0x100
+	MAP_NONBLOCK                     = 0x10000
+	MAP_NORESERVE                    = 0x40
+	MAP_POPULATE                     = 0x8000
+	MAP_RENAME                       = 0x20
+	MAP_STACK                        = 0x20000
+	MAP_SYNC                         = 0x80000
+	MCL_CURRENT                      = 0x2000
+	MCL_FUTURE                       = 0x4000
+	MCL_ONFAULT                      = 0x8000
+	NFDBITS                          = 0x40
+	NLDLY                            = 0x100
+	NOFLSH                           = 0x80
+	NS_GET_NSTYPE                    = 0x2000b703
+	NS_GET_OWNER_UID                 = 0x2000b704
+	NS_GET_PARENT                    = 0x2000b702
+	NS_GET_USERNS                    = 0x2000b701
+	OLCUC                            = 0x2
+	ONLCR                            = 0x4
+	O_APPEND                         = 0x8
+	O_ASYNC                          = 0x40
+	O_CLOEXEC                        = 0x400000
+	O_CREAT                          = 0x200
+	O_DIRECT                         = 0x100000
+	O_DIRECTORY                      = 0x10000
+	O_DSYNC                          = 0x2000
+	O_EXCL                           = 0x800
+	O_FSYNC                          = 0x802000
+	O_LARGEFILE                      = 0x0
+	O_NDELAY                         = 0x4004
+	O_NOATIME                        = 0x200000
+	O_NOCTTY                         = 0x8000
+	O_NOFOLLOW                       = 0x20000
+	O_NONBLOCK                       = 0x4000
+	O_PATH                           = 0x1000000
+	O_RSYNC                          = 0x802000
+	O_SYNC                           = 0x802000
+	O_TMPFILE                        = 0x2010000
+	O_TRUNC                          = 0x400
+	PARENB                           = 0x100
+	PARODD                           = 0x200
+	PENDIN                           = 0x4000
+	PERF_EVENT_IOC_DISABLE           = 0x20002401
+	PERF_EVENT_IOC_ENABLE            = 0x20002400
+	PERF_EVENT_IOC_ID                = 0x40082407
+	PERF_EVENT_IOC_MODIFY_ATTRIBUTES = 0x8008240b
+	PERF_EVENT_IOC_PAUSE_OUTPUT      = 0x80042409
+	PERF_EVENT_IOC_PERIOD            = 0x80082404
+	PERF_EVENT_IOC_QUERY_BPF         = 0xc008240a
+	PERF_EVENT_IOC_REFRESH           = 0x20002402
+	PERF_EVENT_IOC_RESET             = 0x20002403
+	PERF_EVENT_IOC_SET_BPF           = 0x80042408
+	PERF_EVENT_IOC_SET_FILTER        = 0x80082406
+	PERF_EVENT_IOC_SET_OUTPUT        = 0x20002405
+	PPPIOCATTACH                     = 0x8004743d
+	PPPIOCATTCHAN                    = 0x80047438
+	PPPIOCCONNECT                    = 0x8004743a
+	PPPIOCDETACH                     = 0x8004743c
+	PPPIOCDISCONN                    = 0x20007439
+	PPPIOCGASYNCMAP                  = 0x40047458
+	PPPIOCGCHAN                      = 0x40047437
+	PPPIOCGDEBUG                     = 0x40047441
+	PPPIOCGFLAGS                     = 0x4004745a
+	PPPIOCGIDLE                      = 0x4010743f
+	PPPIOCGIDLE32                    = 0x4008743f
+	PPPIOCGIDLE64                    = 0x4010743f
+	PPPIOCGL2TPSTATS                 = 0x40487436
+	PPPIOCGMRU                       = 0x40047453
+	PPPIOCGRASYNCMAP                 = 0x40047455
+	PPPIOCGUNIT                      = 0x40047456
+	PPPIOCGXASYNCMAP                 = 0x40207450
+	PPPIOCSACTIVE                    = 0x80107446
+	PPPIOCSASYNCMAP                  = 0x80047457
+	PPPIOCSCOMPRESS                  = 0x8010744d
+	PPPIOCSDEBUG                     = 0x80047440
+	PPPIOCSFLAGS                     = 0x80047459
+	PPPIOCSMAXCID                    = 0x80047451
+	PPPIOCSMRRU                      = 0x8004743b
+	PPPIOCSMRU                       = 0x80047452
+	PPPIOCSNPMODE                    = 0x8008744b
+	PPPIOCSPASS                      = 0x80107447
+	PPPIOCSRASYNCMAP                 = 0x80047454
+	PPPIOCSXASYNCMAP                 = 0x8020744f
+	PPPIOCXFERUNIT                   = 0x2000744e
+	PR_SET_PTRACER_ANY               = 0xffffffffffffffff
+	PTRACE_GETFPAREGS                = 0x14
+	PTRACE_GETFPREGS                 = 0xe
+	PTRACE_GETFPREGS64               = 0x19
+	PTRACE_GETREGS64                 = 0x16
+	PTRACE_READDATA                  = 0x10
+	PTRACE_READTEXT                  = 0x12
+	PTRACE_SETFPAREGS                = 0x15
+	PTRACE_SETFPREGS                 = 0xf
+	PTRACE_SETFPREGS64               = 0x1a
+	PTRACE_SETREGS64                 = 0x17
+	PTRACE_SPARC_DETACH              = 0xb
+	PTRACE_WRITEDATA                 = 0x11
+	PTRACE_WRITETEXT                 = 0x13
+	PT_FP                            = 0x48
+	PT_G0                            = 0x10
+	PT_G1                            = 0x14
+	PT_G2                            = 0x18
+	PT_G3                            = 0x1c
+	PT_G4                            = 0x20
+	PT_G5                            = 0x24
+	PT_G6                            = 0x28
+	PT_G7                            = 0x2c
+	PT_I0                            = 0x30
+	PT_I1                            = 0x34
+	PT_I2                            = 0x38
+	PT_I3                            = 0x3c
+	PT_I4                            = 0x40
+	PT_I5                            = 0x44
+	PT_I6                            = 0x48
+	PT_I7                            = 0x4c
+	PT_NPC                           = 0x8
+	PT_PC                            = 0x4
+	PT_PSR                           = 0x0
+	PT_REGS_MAGIC                    = 0x57ac6c00
+	PT_TNPC                          = 0x90
+	PT_TPC                           = 0x88
+	PT_TSTATE                        = 0x80
+	PT_V9_FP                         = 0x70
+	PT_V9_G0                         = 0x0
+	PT_V9_G1                         = 0x8
+	PT_V9_G2                         = 0x10
+	PT_V9_G3                         = 0x18
+	PT_V9_G4                         = 0x20
+	PT_V9_G5                         = 0x28
+	PT_V9_G6                         = 0x30
+	PT_V9_G7                         = 0x38
+	PT_V9_I0                         = 0x40
+	PT_V9_I1                         = 0x48
+	PT_V9_I2                         = 0x50
+	PT_V9_I3                         = 0x58
+	PT_V9_I4                         = 0x60
+	PT_V9_I5                         = 0x68
+	PT_V9_I6                         = 0x70
+	PT_V9_I7                         = 0x78
+	PT_V9_MAGIC                      = 0x9c
+	PT_V9_TNPC                       = 0x90
+	PT_V9_TPC                        = 0x88
+	PT_V9_TSTATE                     = 0x80
+	PT_V9_Y                          = 0x98
+	PT_WIM                           = 0x10
+	PT_Y                             = 0xc
+	RLIMIT_AS                        = 0x9
+	RLIMIT_MEMLOCK                   = 0x8
+	RLIMIT_NOFILE                    = 0x6
+	RLIMIT_NPROC                     = 0x7
+	RLIMIT_RSS                       = 0x5
+	RNDADDENTROPY                    = 0x80085203
+	RNDADDTOENTCNT                   = 0x80045201
+	RNDCLEARPOOL                     = 0x20005206
+	RNDGETENTCNT                     = 0x40045200
+	RNDGETPOOL                       = 0x40085202
+	RNDRESEEDCRNG                    = 0x20005207
+	RNDZAPENTCNT                     = 0x20005204
+	RTC_AIE_OFF                      = 0x20007002
+	RTC_AIE_ON                       = 0x20007001
+	RTC_ALM_READ                     = 0x40247008
+	RTC_ALM_SET                      = 0x80247007
+	RTC_EPOCH_READ                   = 0x4008700d
+	RTC_EPOCH_SET                    = 0x8008700e
+	RTC_IRQP_READ                    = 0x4008700b
+	RTC_IRQP_SET                     = 0x8008700c
+	RTC_PIE_OFF                      = 0x20007006
+	RTC_PIE_ON                       = 0x20007005
+	RTC_PLL_GET                      = 0x40207011
+	RTC_PLL_SET                      = 0x80207012
+	RTC_RD_TIME                      = 0x40247009
+	RTC_SET_TIME                     = 0x8024700a
+	RTC_UIE_OFF                      = 0x20007004
+	RTC_UIE_ON                       = 0x20007003
+	RTC_VL_CLR                       = 0x20007014
+	RTC_VL_READ                      = 0x40047013
+	RTC_WIE_OFF                      = 0x20007010
+	RTC_WIE_ON                       = 0x2000700f
+	RTC_WKALM_RD                     = 0x40287010
+	RTC_WKALM_SET                    = 0x8028700f
+	SCM_TIMESTAMPING                 = 0x23
+	SCM_TIMESTAMPING_OPT_STATS       = 0x38
+	SCM_TIMESTAMPING_PKTINFO         = 0x3c
+	SCM_TIMESTAMPNS                  = 0x21
+	SCM_TXTIME                       = 0x3f
+	SCM_WIFI_STATUS                  = 0x25
+	SFD_CLOEXEC                      = 0x400000
+	SFD_NONBLOCK                     = 0x4000
+	SIOCATMARK                       = 0x8905
+	SIOCGPGRP                        = 0x8904
+	SIOCGSTAMPNS_NEW                 = 0x40108907
+	SIOCGSTAMP_NEW                   = 0x40108906
+	SIOCINQ                          = 0x4004667f
+	SIOCOUTQ                         = 0x40047473
+	SIOCSPGRP                        = 0x8902
+	SOCK_CLOEXEC                     = 0x400000
+	SOCK_DGRAM                       = 0x2
+	SOCK_NONBLOCK                    = 0x4000
+	SOCK_STREAM                      = 0x1
+	SOL_SOCKET                       = 0xffff
+	SO_ACCEPTCONN                    = 0x8000
+	SO_ATTACH_BPF                    = 0x34
+	SO_ATTACH_REUSEPORT_CBPF         = 0x35
+	SO_ATTACH_REUSEPORT_EBPF         = 0x36
+	SO_BINDTODEVICE                  = 0xd
+	SO_BINDTOIFINDEX                 = 0x41
+	SO_BPF_EXTENSIONS                = 0x32
+	SO_BROADCAST                     = 0x20
+	SO_BSDCOMPAT                     = 0x400
+	SO_BUSY_POLL                     = 0x30
+	SO_CNX_ADVICE                    = 0x37
+	SO_COOKIE                        = 0x3b
+	SO_DETACH_REUSEPORT_BPF          = 0x47
+	SO_DOMAIN                        = 0x1029
+	SO_DONTROUTE                     = 0x10
+	SO_ERROR                         = 0x1007
+	SO_INCOMING_CPU                  = 0x33
+	SO_INCOMING_NAPI_ID              = 0x3a
+	SO_KEEPALIVE                     = 0x8
+	SO_LINGER                        = 0x80
+	SO_LOCK_FILTER                   = 0x28
+	SO_MARK                          = 0x22
+	SO_MAX_PACING_RATE               = 0x31
+	SO_MEMINFO                       = 0x39
+	SO_NOFCS                         = 0x27
+	SO_OOBINLINE                     = 0x100
+	SO_PASSCRED                      = 0x2
+	SO_PASSSEC                       = 0x1f
+	SO_PEEK_OFF                      = 0x26
+	SO_PEERCRED                      = 0x40
+	SO_PEERGROUPS                    = 0x3d
+	SO_PEERSEC                       = 0x1e
+	SO_PROTOCOL                      = 0x1028
+	SO_RCVBUF                        = 0x1002
+	SO_RCVBUFFORCE                   = 0x100b
+	SO_RCVLOWAT                      = 0x800
+	SO_RCVTIMEO                      = 0x2000
+	SO_RCVTIMEO_NEW                  = 0x44
+	SO_RCVTIMEO_OLD                  = 0x2000
+	SO_REUSEADDR                     = 0x4
+	SO_REUSEPORT                     = 0x200
+	SO_RXQ_OVFL                      = 0x24
+	SO_SECURITY_AUTHENTICATION       = 0x5001
+	SO_SECURITY_ENCRYPTION_NETWORK   = 0x5004
+	SO_SECURITY_ENCRYPTION_TRANSPORT = 0x5002
+	SO_SELECT_ERR_QUEUE              = 0x29
+	SO_SNDBUF                        = 0x1001
+	SO_SNDBUFFORCE                   = 0x100a
+	SO_SNDLOWAT                      = 0x1000
+	SO_SNDTIMEO                      = 0x4000
+	SO_SNDTIMEO_NEW                  = 0x45
+	SO_SNDTIMEO_OLD                  = 0x4000
+	SO_TIMESTAMPING                  = 0x23
+	SO_TIMESTAMPING_NEW              = 0x43
+	SO_TIMESTAMPING_OLD              = 0x23
+	SO_TIMESTAMPNS                   = 0x21
+	SO_TIMESTAMPNS_NEW               = 0x42
+	SO_TIMESTAMPNS_OLD               = 0x21
+	SO_TIMESTAMP_NEW                 = 0x46
+	SO_TXTIME                        = 0x3f
+	SO_TYPE                          = 0x1008
+	SO_WIFI_STATUS                   = 0x25
+	SO_ZEROCOPY                      = 0x3e
+	TAB1                             = 0x800
+	TAB2                             = 0x1000
+	TAB3                             = 0x1800
+	TABDLY                           = 0x1800
+	TCFLSH                           = 0x20005407
+	TCGETA                           = 0x40125401
+	TCGETS                           = 0x40245408
+	TCGETS2                          = 0x402c540c
+	TCSAFLUSH                        = 0x2
+	TCSBRK                           = 0x20005405
+	TCSBRKP                          = 0x5425
+	TCSETA                           = 0x80125402
+	TCSETAF                          = 0x80125404
+	TCSETAW                          = 0x80125403
+	TCSETS                           = 0x80245409
+	TCSETS2                          = 0x802c540d
+	TCSETSF                          = 0x8024540b
+	TCSETSF2                         = 0x802c540f
+	TCSETSW                          = 0x8024540a
+	TCSETSW2                         = 0x802c540e
+	TCXONC                           = 0x20005406
+	TFD_CLOEXEC                      = 0x400000
+	TFD_NONBLOCK                     = 0x4000
+	TIOCCBRK                         = 0x2000747a
+	TIOCCONS                         = 0x20007424
+	TIOCEXCL                         = 0x2000740d
+	TIOCGDEV                         = 0x40045432
+	TIOCGETD                         = 0x40047400
+	TIOCGEXCL                        = 0x40045440
+	TIOCGICOUNT                      = 0x545d
+	TIOCGISO7816                     = 0x40285443
+	TIOCGLCKTRMIOS                   = 0x5456
+	TIOCGPGRP                        = 0x40047483
+	TIOCGPKT                         = 0x40045438
+	TIOCGPTLCK                       = 0x40045439
+	TIOCGPTN                         = 0x40047486
+	TIOCGPTPEER                      = 0x20007489
+	TIOCGRS485                       = 0x40205441
+	TIOCGSERIAL                      = 0x541e
+	TIOCGSID                         = 0x40047485
+	TIOCGSOFTCAR                     = 0x40047464
+	TIOCGWINSZ                       = 0x40087468
+	TIOCINQ                          = 0x4004667f
+	TIOCLINUX                        = 0x541c
+	TIOCMBIC                         = 0x8004746b
+	TIOCMBIS                         = 0x8004746c
+	TIOCMGET                         = 0x4004746a
+	TIOCMIWAIT                       = 0x545c
+	TIOCMSET                         = 0x8004746d
+	TIOCM_CAR                        = 0x40
+	TIOCM_CD                         = 0x40
+	TIOCM_CTS                        = 0x20
+	TIOCM_DSR                        = 0x100
+	TIOCM_RI                         = 0x80
+	TIOCM_RNG                        = 0x80
+	TIOCM_SR                         = 0x10
+	TIOCM_ST                         = 0x8
+	TIOCNOTTY                        = 0x20007471
+	TIOCNXCL                         = 0x2000740e
+	TIOCOUTQ                         = 0x40047473
+	TIOCPKT                          = 0x80047470
+	TIOCSBRK                         = 0x2000747b
+	TIOCSCTTY                        = 0x20007484
+	TIOCSERCONFIG                    = 0x5453
+	TIOCSERGETLSR                    = 0x5459
+	TIOCSERGETMULTI                  = 0x545a
+	TIOCSERGSTRUCT                   = 0x5458
+	TIOCSERGWILD                     = 0x5454
+	TIOCSERSETMULTI                  = 0x545b
+	TIOCSERSWILD                     = 0x5455
+	TIOCSETD                         = 0x80047401
+	TIOCSIG                          = 0x80047488
+	TIOCSISO7816                     = 0xc0285444
+	TIOCSLCKTRMIOS                   = 0x5457
+	TIOCSPGRP                        = 0x80047482
+	TIOCSPTLCK                       = 0x80047487
+	TIOCSRS485                       = 0xc0205442
+	TIOCSSERIAL                      = 0x541f
+	TIOCSSOFTCAR                     = 0x80047465
+	TIOCSTART                        = 0x2000746e
+	TIOCSTI                          = 0x80017472
+	TIOCSTOP                         = 0x2000746f
+	TIOCSWINSZ                       = 0x80087467
+	TIOCVHANGUP                      = 0x20005437
+	TOSTOP                           = 0x100
+	TUNATTACHFILTER                  = 0x801054d5
+	TUNDETACHFILTER                  = 0x801054d6
+	TUNGETDEVNETNS                   = 0x200054e3
+	TUNGETFEATURES                   = 0x400454cf
+	TUNGETFILTER                     = 0x401054db
+	TUNGETIFF                        = 0x400454d2
+	TUNGETSNDBUF                     = 0x400454d3
+	TUNGETVNETBE                     = 0x400454df
+	TUNGETVNETHDRSZ                  = 0x400454d7
+	TUNGETVNETLE                     = 0x400454dd
+	TUNSETCARRIER                    = 0x800454e2
+	TUNSETDEBUG                      = 0x800454c9
+	TUNSETFILTEREBPF                 = 0x400454e1
+	TUNSETGROUP                      = 0x800454ce
+	TUNSETIFF                        = 0x800454ca
+	TUNSETIFINDEX                    = 0x800454da
+	TUNSETLINK                       = 0x800454cd
+	TUNSETNOCSUM                     = 0x800454c8
+	TUNSETOFFLOAD                    = 0x800454d0
+	TUNSETOWNER                      = 0x800454cc
+	TUNSETPERSIST                    = 0x800454cb
+	TUNSETQUEUE                      = 0x800454d9
+	TUNSETSNDBUF                     = 0x800454d4
+	TUNSETSTEERINGEBPF               = 0x400454e0
+	TUNSETTXFILTER                   = 0x800454d1
+	TUNSETVNETBE                     = 0x800454de
+	TUNSETVNETHDRSZ                  = 0x800454d8
+	TUNSETVNETLE                     = 0x800454dc
+	UBI_IOCATT                       = 0x80186f40
+	UBI_IOCDET                       = 0x80046f41
+	UBI_IOCEBCH                      = 0x80044f02
+	UBI_IOCEBER                      = 0x80044f01
+	UBI_IOCEBISMAP                   = 0x40044f05
+	UBI_IOCEBMAP                     = 0x80084f03
+	UBI_IOCEBUNMAP                   = 0x80044f04
+	UBI_IOCMKVOL                     = 0x80986f00
+	UBI_IOCRMVOL                     = 0x80046f01
+	UBI_IOCRNVOL                     = 0x91106f03
+	UBI_IOCRPEB                      = 0x80046f04
+	UBI_IOCRSVOL                     = 0x800c6f02
+	UBI_IOCSETVOLPROP                = 0x80104f06
+	UBI_IOCSPEB                      = 0x80046f05
+	UBI_IOCVOLCRBLK                  = 0x80804f07
+	UBI_IOCVOLRMBLK                  = 0x20004f08
+	UBI_IOCVOLUP                     = 0x80084f00
+	VDISCARD                         = 0xd
+	VEOF                             = 0x4
+	VEOL                             = 0xb
+	VEOL2                            = 0x10
+	VMIN                             = 0x6
+	VREPRINT                         = 0xc
+	VSTART                           = 0x8
+	VSTOP                            = 0x9
+	VSUSP                            = 0xa
+	VSWTC                            = 0x7
+	VT1                              = 0x4000
+	VTDLY                            = 0x4000
+	VTIME                            = 0x5
+	VWERASE                          = 0xe
+	WDIOC_GETBOOTSTATUS              = 0x40045702
+	WDIOC_GETPRETIMEOUT              = 0x40045709
+	WDIOC_GETSTATUS                  = 0x40045701
+	WDIOC_GETSUPPORT                 = 0x40285700
+	WDIOC_GETTEMP                    = 0x40045703
+	WDIOC_GETTIMELEFT                = 0x4004570a
+	WDIOC_GETTIMEOUT                 = 0x40045707
+	WDIOC_KEEPALIVE                  = 0x40045705
+	WDIOC_SETOPTIONS                 = 0x40045704
+	WORDSIZE                         = 0x40
+	XCASE                            = 0x4
+	XTABS                            = 0x1800
+	__TIOCFLUSH                      = 0x80047410
+)
+
+// Errors
+const (
+	EADDRINUSE      = syscall.Errno(0x30)
+	EADDRNOTAVAIL   = syscall.Errno(0x31)
+	EADV            = syscall.Errno(0x53)
+	EAFNOSUPPORT    = syscall.Errno(0x2f)
+	EALREADY        = syscall.Errno(0x25)
+	EBADE           = syscall.Errno(0x66)
+	EBADFD          = syscall.Errno(0x5d)
+	EBADMSG         = syscall.Errno(0x4c)
+	EBADR           = syscall.Errno(0x67)
+	EBADRQC         = syscall.Errno(0x6a)
+	EBADSLT         = syscall.Errno(0x6b)
+	EBFONT          = syscall.Errno(0x6d)
+	ECANCELED       = syscall.Errno(0x7f)
+	ECHRNG          = syscall.Errno(0x5e)
+	ECOMM           = syscall.Errno(0x55)
+	ECONNABORTED    = syscall.Errno(0x35)
+	ECONNREFUSED    = syscall.Errno(0x3d)
+	ECONNRESET      = syscall.Errno(0x36)
+	EDEADLK         = syscall.Errno(0x4e)
+	EDEADLOCK       = syscall.Errno(0x6c)
+	EDESTADDRREQ    = syscall.Errno(0x27)
+	EDOTDOT         = syscall.Errno(0x58)
+	EDQUOT          = syscall.Errno(0x45)
+	EHOSTDOWN       = syscall.Errno(0x40)
+	EHOSTUNREACH    = syscall.Errno(0x41)
+	EHWPOISON       = syscall.Errno(0x87)
+	EIDRM           = syscall.Errno(0x4d)
+	EILSEQ          = syscall.Errno(0x7a)
+	EINPROGRESS     = syscall.Errno(0x24)
+	EISCONN         = syscall.Errno(0x38)
+	EISNAM          = syscall.Errno(0x78)
+	EKEYEXPIRED     = syscall.Errno(0x81)
+	EKEYREJECTED    = syscall.Errno(0x83)
+	EKEYREVOKED     = syscall.Errno(0x82)
+	EL2HLT          = syscall.Errno(0x65)
+	EL2NSYNC        = syscall.Errno(0x5f)
+	EL3HLT          = syscall.Errno(0x60)
+	EL3RST          = syscall.Errno(0x61)
+	ELIBACC         = syscall.Errno(0x72)
+	ELIBBAD         = syscall.Errno(0x70)
+	ELIBEXEC        = syscall.Errno(0x6e)
+	ELIBMAX         = syscall.Errno(0x7b)
+	ELIBSCN         = syscall.Errno(0x7c)
+	ELNRNG          = syscall.Errno(0x62)
+	ELOOP           = syscall.Errno(0x3e)
+	EMEDIUMTYPE     = syscall.Errno(0x7e)
+	EMSGSIZE        = syscall.Errno(0x28)
+	EMULTIHOP       = syscall.Errno(0x57)
+	ENAMETOOLONG    = syscall.Errno(0x3f)
+	ENAVAIL         = syscall.Errno(0x77)
+	ENETDOWN        = syscall.Errno(0x32)
+	ENETRESET       = syscall.Errno(0x34)
+	ENETUNREACH     = syscall.Errno(0x33)
+	ENOANO          = syscall.Errno(0x69)
+	ENOBUFS         = syscall.Errno(0x37)
+	ENOCSI          = syscall.Errno(0x64)
+	ENODATA         = syscall.Errno(0x6f)
+	ENOKEY          = syscall.Errno(0x80)
+	ENOLCK          = syscall.Errno(0x4f)
+	ENOLINK         = syscall.Errno(0x52)
+	ENOMEDIUM       = syscall.Errno(0x7d)
+	ENOMSG          = syscall.Errno(0x4b)
+	ENONET          = syscall.Errno(0x50)
+	ENOPKG          = syscall.Errno(0x71)
+	ENOPROTOOPT     = syscall.Errno(0x2a)
+	ENOSR           = syscall.Errno(0x4a)
+	ENOSTR          = syscall.Errno(0x48)
+	ENOSYS          = syscall.Errno(0x5a)
+	ENOTCONN        = syscall.Errno(0x39)
+	ENOTEMPTY       = syscall.Errno(0x42)
+	ENOTNAM         = syscall.Errno(0x76)
+	ENOTRECOVERABLE = syscall.Errno(0x85)
+	ENOTSOCK        = syscall.Errno(0x26)
+	ENOTSUP         = syscall.Errno(0x2d)
+	ENOTUNIQ        = syscall.Errno(0x73)
+	EOPNOTSUPP      = syscall.Errno(0x2d)
+	EOVERFLOW       = syscall.Errno(0x5c)
+	EOWNERDEAD      = syscall.Errno(0x84)
+	EPFNOSUPPORT    = syscall.Errno(0x2e)
+	EPROCLIM        = syscall.Errno(0x43)
+	EPROTO          = syscall.Errno(0x56)
+	EPROTONOSUPPORT = syscall.Errno(0x2b)
+	EPROTOTYPE      = syscall.Errno(0x29)
+	EREMCHG         = syscall.Errno(0x59)
+	EREMOTE         = syscall.Errno(0x47)
+	EREMOTEIO       = syscall.Errno(0x79)
+	ERESTART        = syscall.Errno(0x74)
+	ERFKILL         = syscall.Errno(0x86)
+	ERREMOTE        = syscall.Errno(0x51)
+	ESHUTDOWN       = syscall.Errno(0x3a)
+	ESOCKTNOSUPPORT = syscall.Errno(0x2c)
+	ESRMNT          = syscall.Errno(0x54)
+	ESTALE          = syscall.Errno(0x46)
+	ESTRPIPE        = syscall.Errno(0x5b)
+	ETIME           = syscall.Errno(0x49)
+	ETIMEDOUT       = syscall.Errno(0x3c)
+	ETOOMANYREFS    = syscall.Errno(0x3b)
+	EUCLEAN         = syscall.Errno(0x75)
+	EUNATCH         = syscall.Errno(0x63)
+	EUSERS          = syscall.Errno(0x44)
+	EXFULL          = syscall.Errno(0x68)
+)
+
+// Signals
+const (
+	SIGBUS    = syscall.Signal(0xa)
+	SIGCHLD   = syscall.Signal(0x14)
+	SIGCLD    = syscall.Signal(0x14)
+	SIGCONT   = syscall.Signal(0x13)
+	SIGEMT    = syscall.Signal(0x7)
+	SIGIO     = syscall.Signal(0x17)
+	SIGLOST   = syscall.Signal(0x1d)
+	SIGPOLL   = syscall.Signal(0x17)
+	SIGPROF   = syscall.Signal(0x1b)
+	SIGPWR    = syscall.Signal(0x1d)
+	SIGSTOP   = syscall.Signal(0x11)
+	SIGSYS    = syscall.Signal(0xc)
+	SIGTSTP   = syscall.Signal(0x12)
+	SIGTTIN   = syscall.Signal(0x15)
+	SIGTTOU   = syscall.Signal(0x16)
+	SIGURG    = syscall.Signal(0x10)
+	SIGUSR1   = syscall.Signal(0x1e)
+	SIGUSR2   = syscall.Signal(0x1f)
+	SIGVTALRM = syscall.Signal(0x1a)
+	SIGWINCH  = syscall.Signal(0x1c)
+	SIGXCPU   = syscall.Signal(0x18)
+	SIGXFSZ   = syscall.Signal(0x19)
+)
+
+// Error table
+var errorList = [...]struct {
+	num  syscall.Errno
+	name string
+	desc string
+}{
+	{1, "EPERM", "operation not permitted"},
+	{2, "ENOENT", "no such file or directory"},
+	{3, "ESRCH", "no such process"},
+	{4, "EINTR", "interrupted system call"},
+	{5, "EIO", "input/output error"},
+	{6, "ENXIO", "no such device or address"},
+	{7, "E2BIG", "argument list too long"},
+	{8, "ENOEXEC", "exec format error"},
+	{9, "EBADF", "bad file descriptor"},
+	{10, "ECHILD", "no child processes"},
+	{11, "EAGAIN", "resource temporarily unavailable"},
+	{12, "ENOMEM", "cannot allocate memory"},
+	{13, "EACCES", "permission denied"},
+	{14, "EFAULT", "bad address"},
+	{15, "ENOTBLK", "block device required"},
+	{16, "EBUSY", "device or resource busy"},
+	{17, "EEXIST", "file exists"},
+	{18, "EXDEV", "invalid cross-device link"},
+	{19, "ENODEV", "no such device"},
+	{20, "ENOTDIR", "not a directory"},
+	{21, "EISDIR", "is a directory"},
+	{22, "EINVAL", "invalid argument"},
+	{23, "ENFILE", "too many open files in system"},
+	{24, "EMFILE", "too many open files"},
+	{25, "ENOTTY", "inappropriate ioctl for device"},
+	{26, "ETXTBSY", "text file busy"},
+	{27, "EFBIG", "file too large"},
+	{28, "ENOSPC", "no space left on device"},
+	{29, "ESPIPE", "illegal seek"},
+	{30, "EROFS", "read-only file system"},
+	{31, "EMLINK", "too many links"},
+	{32, "EPIPE", "broken pipe"},
+	{33, "EDOM", "numerical argument out of domain"},
+	{34, "ERANGE", "numerical result out of range"},
+	{36, "EINPROGRESS", "operation now in progress"},
+	{37, "EALREADY", "operation already in progress"},
+	{38, "ENOTSOCK", "socket operation on non-socket"},
+	{39, "EDESTADDRREQ", "destination address required"},
+	{40, "EMSGSIZE", "message too long"},
+	{41, "EPROTOTYPE", "protocol wrong type for socket"},
+	{42, "ENOPROTOOPT", "protocol not available"},
+	{43, "EPROTONOSUPPORT", "protocol not supported"},
+	{44, "ESOCKTNOSUPPORT", "socket type not supported"},
+	{45, "ENOTSUP", "operation not supported"},
+	{46, "EPFNOSUPPORT", "protocol family not supported"},
+	{47, "EAFNOSUPPORT", "address family not supported by protocol"},
+	{48, "EADDRINUSE", "address already in use"},
+	{49, "EADDRNOTAVAIL", "cannot assign requested address"},
+	{50, "ENETDOWN", "network is down"},
+	{51, "ENETUNREACH", "network is unreachable"},
+	{52, "ENETRESET", "network dropped connection on reset"},
+	{53, "ECONNABORTED", "software caused connection abort"},
+	{54, "ECONNRESET", "connection reset by peer"},
+	{55, "ENOBUFS", "no buffer space available"},
+	{56, "EISCONN", "transport endpoint is already connected"},
+	{57, "ENOTCONN", "transport endpoint is not connected"},
+	{58, "ESHUTDOWN", "cannot send after transport endpoint shutdown"},
+	{59, "ETOOMANYREFS", "too many references: cannot splice"},
+	{60, "ETIMEDOUT", "connection timed out"},
+	{61, "ECONNREFUSED", "connection refused"},
+	{62, "ELOOP", "too many levels of symbolic links"},
+	{63, "ENAMETOOLONG", "file name too long"},
+	{64, "EHOSTDOWN", "host is down"},
+	{65, "EHOSTUNREACH", "no route to host"},
+	{66, "ENOTEMPTY", "directory not empty"},
+	{67, "EPROCLIM", "too many processes"},
+	{68, "EUSERS", "too many users"},
+	{69, "EDQUOT", "disk quota exceeded"},
+	{70, "ESTALE", "stale file handle"},
+	{71, "EREMOTE", "object is remote"},
+	{72, "ENOSTR", "device not a stream"},
+	{73, "ETIME", "timer expired"},
+	{74, "ENOSR", "out of streams resources"},
+	{75, "ENOMSG", "no message of desired type"},
+	{76, "EBADMSG", "bad message"},
+	{77, "EIDRM", "identifier removed"},
+	{78, "EDEADLK", "resource deadlock avoided"},
+	{79, "ENOLCK", "no locks available"},
+	{80, "ENONET", "machine is not on the network"},
+	{81, "ERREMOTE", "unknown error 81"},
+	{82, "ENOLINK", "link has been severed"},
+	{83, "EADV", "advertise error"},
+	{84, "ESRMNT", "srmount error"},
+	{85, "ECOMM", "communication error on send"},
+	{86, "EPROTO", "protocol error"},
+	{87, "EMULTIHOP", "multihop attempted"},
+	{88, "EDOTDOT", "RFS specific error"},
+	{89, "EREMCHG", "remote address changed"},
+	{90, "ENOSYS", "function not implemented"},
+	{91, "ESTRPIPE", "streams pipe error"},
+	{92, "EOVERFLOW", "value too large for defined data type"},
+	{93, "EBADFD", "file descriptor in bad state"},
+	{94, "ECHRNG", "channel number out of range"},
+	{95, "EL2NSYNC", "level 2 not synchronized"},
+	{96, "EL3HLT", "level 3 halted"},
+	{97, "EL3RST", "level 3 reset"},
+	{98, "ELNRNG", "link number out of range"},
+	{99, "EUNATCH", "protocol driver not attached"},
+	{100, "ENOCSI", "no CSI structure available"},
+	{101, "EL2HLT", "level 2 halted"},
+	{102, "EBADE", "invalid exchange"},
+	{103, "EBADR", "invalid request descriptor"},
+	{104, "EXFULL", "exchange full"},
+	{105, "ENOANO", "no anode"},
+	{106, "EBADRQC", "invalid request code"},
+	{107, "EBADSLT", "invalid slot"},
+	{108, "EDEADLOCK", "file locking deadlock error"},
+	{109, "EBFONT", "bad font file format"},
+	{110, "ELIBEXEC", "cannot exec a shared library directly"},
+	{111, "ENODATA", "no data available"},
+	{112, "ELIBBAD", "accessing a corrupted shared library"},
+	{113, "ENOPKG", "package not installed"},
+	{114, "ELIBACC", "can not access a needed shared library"},
+	{115, "ENOTUNIQ", "name not unique on network"},
+	{116, "ERESTART", "interrupted system call should be restarted"},
+	{117, "EUCLEAN", "structure needs cleaning"},
+	{118, "ENOTNAM", "not a XENIX named type file"},
+	{119, "ENAVAIL", "no XENIX semaphores available"},
+	{120, "EISNAM", "is a named type file"},
+	{121, "EREMOTEIO", "remote I/O error"},
+	{122, "EILSEQ", "invalid or incomplete multibyte or wide character"},
+	{123, "ELIBMAX", "attempting to link in too many shared libraries"},
+	{124, "ELIBSCN", ".lib section in a.out corrupted"},
+	{125, "ENOMEDIUM", "no medium found"},
+	{126, "EMEDIUMTYPE", "wrong medium type"},
+	{127, "ECANCELED", "operation canceled"},
+	{128, "ENOKEY", "required key not available"},
+	{129, "EKEYEXPIRED", "key has expired"},
+	{130, "EKEYREVOKED", "key has been revoked"},
+	{131, "EKEYREJECTED", "key was rejected by service"},
+	{132, "EOWNERDEAD", "owner died"},
+	{133, "ENOTRECOVERABLE", "state not recoverable"},
+	{134, "ERFKILL", "operation not possible due to RF-kill"},
+	{135, "EHWPOISON", "memory page has hardware error"},
+}
+
+// Signal table
+var signalList = [...]struct {
+	num  syscall.Signal
+	name string
+	desc string
+}{
+	{1, "SIGHUP", "hangup"},
+	{2, "SIGINT", "interrupt"},
+	{3, "SIGQUIT", "quit"},
+	{4, "SIGILL", "illegal instruction"},
+	{5, "SIGTRAP", "trace/breakpoint trap"},
+	{6, "SIGABRT", "aborted"},
+	{7, "SIGEMT", "EMT trap"},
+	{8, "SIGFPE", "floating point exception"},
+	{9, "SIGKILL", "killed"},
+	{10, "SIGBUS", "bus error"},
+	{11, "SIGSEGV", "segmentation fault"},
+	{12, "SIGSYS", "bad system call"},
+	{13, "SIGPIPE", "broken pipe"},
+	{14, "SIGALRM", "alarm clock"},
+	{15, "SIGTERM", "terminated"},
+	{16, "SIGURG", "urgent I/O condition"},
+	{17, "SIGSTOP", "stopped (signal)"},
+	{18, "SIGTSTP", "stopped"},
+	{19, "SIGCONT", "continued"},
+	{20, "SIGCHLD", "child exited"},
+	{21, "SIGTTIN", "stopped (tty input)"},
+	{22, "SIGTTOU", "stopped (tty output)"},
+	{23, "SIGIO", "I/O possible"},
+	{24, "SIGXCPU", "CPU time limit exceeded"},
+	{25, "SIGXFSZ", "file size limit exceeded"},
+	{26, "SIGVTALRM", "virtual timer expired"},
+	{27, "SIGPROF", "profiling timer expired"},
+	{28, "SIGWINCH", "window changed"},
+	{29, "SIGLOST", "power failure"},
+	{30, "SIGUSR1", "user defined signal 1"},
+	{31, "SIGUSR2", "user defined signal 2"},
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go
new file mode 100644
index 000000000..20f3a5799
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go
@@ -0,0 +1,1779 @@
+// mkerrors.sh -m32
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build 386,netbsd
+
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs -- -m32 _const.go
+
+package unix
+
+import "syscall"
+
+const (
+	AF_APPLETALK                      = 0x10
+	AF_ARP                            = 0x1c
+	AF_BLUETOOTH                      = 0x1f
+	AF_CCITT                          = 0xa
+	AF_CHAOS                          = 0x5
+	AF_CNT                            = 0x15
+	AF_COIP                           = 0x14
+	AF_DATAKIT                        = 0x9
+	AF_DECnet                         = 0xc
+	AF_DLI                            = 0xd
+	AF_E164                           = 0x1a
+	AF_ECMA                           = 0x8
+	AF_HYLINK                         = 0xf
+	AF_IEEE80211                      = 0x20
+	AF_IMPLINK                        = 0x3
+	AF_INET                           = 0x2
+	AF_INET6                          = 0x18
+	AF_IPX                            = 0x17
+	AF_ISDN                           = 0x1a
+	AF_ISO                            = 0x7
+	AF_LAT                            = 0xe
+	AF_LINK                           = 0x12
+	AF_LOCAL                          = 0x1
+	AF_MAX                            = 0x23
+	AF_MPLS                           = 0x21
+	AF_NATM                           = 0x1b
+	AF_NS                             = 0x6
+	AF_OROUTE                         = 0x11
+	AF_OSI                            = 0x7
+	AF_PUP                            = 0x4
+	AF_ROUTE                          = 0x22
+	AF_SNA                            = 0xb
+	AF_UNIX                           = 0x1
+	AF_UNSPEC                         = 0x0
+	ARPHRD_ARCNET                     = 0x7
+	ARPHRD_ETHER                      = 0x1
+	ARPHRD_FRELAY                     = 0xf
+	ARPHRD_IEEE1394                   = 0x18
+	ARPHRD_IEEE802                    = 0x6
+	ARPHRD_STRIP                      = 0x17
+	B0                                = 0x0
+	B110                              = 0x6e
+	B115200                           = 0x1c200
+	B1200                             = 0x4b0
+	B134                              = 0x86
+	B14400                            = 0x3840
+	B150                              = 0x96
+	B1800                             = 0x708
+	B19200                            = 0x4b00
+	B200                              = 0xc8
+	B230400                           = 0x38400
+	B2400                             = 0x960
+	B28800                            = 0x7080
+	B300                              = 0x12c
+	B38400                            = 0x9600
+	B460800                           = 0x70800
+	B4800                             = 0x12c0
+	B50                               = 0x32
+	B57600                            = 0xe100
+	B600                              = 0x258
+	B7200                             = 0x1c20
+	B75                               = 0x4b
+	B76800                            = 0x12c00
+	B921600                           = 0xe1000
+	B9600                             = 0x2580
+	BIOCFEEDBACK                      = 0x8004427d
+	BIOCFLUSH                         = 0x20004268
+	BIOCGBLEN                         = 0x40044266
+	BIOCGDLT                          = 0x4004426a
+	BIOCGDLTLIST                      = 0xc0084277
+	BIOCGETIF                         = 0x4090426b
+	BIOCGFEEDBACK                     = 0x4004427c
+	BIOCGHDRCMPLT                     = 0x40044274
+	BIOCGRTIMEOUT                     = 0x400c427b
+	BIOCGSEESENT                      = 0x40044278
+	BIOCGSTATS                        = 0x4080426f
+	BIOCGSTATSOLD                     = 0x4008426f
+	BIOCIMMEDIATE                     = 0x80044270
+	BIOCPROMISC                       = 0x20004269
+	BIOCSBLEN                         = 0xc0044266
+	BIOCSDLT                          = 0x80044276
+	BIOCSETF                          = 0x80084267
+	BIOCSETIF                         = 0x8090426c
+	BIOCSFEEDBACK                     = 0x8004427d
+	BIOCSHDRCMPLT                     = 0x80044275
+	BIOCSRTIMEOUT                     = 0x800c427a
+	BIOCSSEESENT                      = 0x80044279
+	BIOCSTCPF                         = 0x80084272
+	BIOCSUDPF                         = 0x80084273
+	BIOCVERSION                       = 0x40044271
+	BPF_A                             = 0x10
+	BPF_ABS                           = 0x20
+	BPF_ADD                           = 0x0
+	BPF_ALIGNMENT                     = 0x4
+	BPF_ALIGNMENT32                   = 0x4
+	BPF_ALU                           = 0x4
+	BPF_AND                           = 0x50
+	BPF_B                             = 0x10
+	BPF_DFLTBUFSIZE                   = 0x100000
+	BPF_DIV                           = 0x30
+	BPF_H                             = 0x8
+	BPF_IMM                           = 0x0
+	BPF_IND                           = 0x40
+	BPF_JA                            = 0x0
+	BPF_JEQ                           = 0x10
+	BPF_JGE                           = 0x30
+	BPF_JGT                           = 0x20
+	BPF_JMP                           = 0x5
+	BPF_JSET                          = 0x40
+	BPF_K                             = 0x0
+	BPF_LD                            = 0x0
+	BPF_LDX                           = 0x1
+	BPF_LEN                           = 0x80
+	BPF_LSH                           = 0x60
+	BPF_MAJOR_VERSION                 = 0x1
+	BPF_MAXBUFSIZE                    = 0x1000000
+	BPF_MAXINSNS                      = 0x200
+	BPF_MEM                           = 0x60
+	BPF_MEMWORDS                      = 0x10
+	BPF_MINBUFSIZE                    = 0x20
+	BPF_MINOR_VERSION                 = 0x1
+	BPF_MISC                          = 0x7
+	BPF_MSH                           = 0xa0
+	BPF_MUL                           = 0x20
+	BPF_NEG                           = 0x80
+	BPF_OR                            = 0x40
+	BPF_RELEASE                       = 0x30bb6
+	BPF_RET                           = 0x6
+	BPF_RSH                           = 0x70
+	BPF_ST                            = 0x2
+	BPF_STX                           = 0x3
+	BPF_SUB                           = 0x10
+	BPF_TAX                           = 0x0
+	BPF_TXA                           = 0x80
+	BPF_W                             = 0x0
+	BPF_X                             = 0x8
+	BRKINT                            = 0x2
+	CFLUSH                            = 0xf
+	CLOCAL                            = 0x8000
+	CLONE_CSIGNAL                     = 0xff
+	CLONE_FILES                       = 0x400
+	CLONE_FS                          = 0x200
+	CLONE_PID                         = 0x1000
+	CLONE_PTRACE                      = 0x2000
+	CLONE_SIGHAND                     = 0x800
+	CLONE_VFORK                       = 0x4000
+	CLONE_VM                          = 0x100
+	CPUSTATES                         = 0x5
+	CP_IDLE                           = 0x4
+	CP_INTR                           = 0x3
+	CP_NICE                           = 0x1
+	CP_SYS                            = 0x2
+	CP_USER                           = 0x0
+	CREAD                             = 0x800
+	CRTSCTS                           = 0x10000
+	CS5                               = 0x0
+	CS6                               = 0x100
+	CS7                               = 0x200
+	CS8                               = 0x300
+	CSIZE                             = 0x300
+	CSTART                            = 0x11
+	CSTATUS                           = 0x14
+	CSTOP                             = 0x13
+	CSTOPB                            = 0x400
+	CSUSP                             = 0x1a
+	CTL_HW                            = 0x6
+	CTL_KERN                          = 0x1
+	CTL_MAXNAME                       = 0xc
+	CTL_NET                           = 0x4
+	CTL_QUERY                         = -0x2
+	DIOCBSFLUSH                       = 0x20006478
+	DLT_A429                          = 0xb8
+	DLT_A653_ICM                      = 0xb9
+	DLT_AIRONET_HEADER                = 0x78
+	DLT_AOS                           = 0xde
+	DLT_APPLE_IP_OVER_IEEE1394        = 0x8a
+	DLT_ARCNET                        = 0x7
+	DLT_ARCNET_LINUX                  = 0x81
+	DLT_ATM_CLIP                      = 0x13
+	DLT_ATM_RFC1483                   = 0xb
+	DLT_AURORA                        = 0x7e
+	DLT_AX25                          = 0x3
+	DLT_AX25_KISS                     = 0xca
+	DLT_BACNET_MS_TP                  = 0xa5
+	DLT_BLUETOOTH_HCI_H4              = 0xbb
+	DLT_BLUETOOTH_HCI_H4_WITH_PHDR    = 0xc9
+	DLT_CAN20B                        = 0xbe
+	DLT_CAN_SOCKETCAN                 = 0xe3
+	DLT_CHAOS                         = 0x5
+	DLT_CISCO_IOS                     = 0x76
+	DLT_C_HDLC                        = 0x68
+	DLT_C_HDLC_WITH_DIR               = 0xcd
+	DLT_DECT                          = 0xdd
+	DLT_DOCSIS                        = 0x8f
+	DLT_ECONET                        = 0x73
+	DLT_EN10MB                        = 0x1
+	DLT_EN3MB                         = 0x2
+	DLT_ENC                           = 0x6d
+	DLT_ERF                           = 0xc5
+	DLT_ERF_ETH                       = 0xaf
+	DLT_ERF_POS                       = 0xb0
+	DLT_FC_2                          = 0xe0
+	DLT_FC_2_WITH_FRAME_DELIMS        = 0xe1
+	DLT_FDDI                          = 0xa
+	DLT_FLEXRAY                       = 0xd2
+	DLT_FRELAY                        = 0x6b
+	DLT_FRELAY_WITH_DIR               = 0xce
+	DLT_GCOM_SERIAL                   = 0xad
+	DLT_GCOM_T1E1                     = 0xac
+	DLT_GPF_F                         = 0xab
+	DLT_GPF_T                         = 0xaa
+	DLT_GPRS_LLC                      = 0xa9
+	DLT_GSMTAP_ABIS                   = 0xda
+	DLT_GSMTAP_UM                     = 0xd9
+	DLT_HDLC                          = 0x10
+	DLT_HHDLC                         = 0x79
+	DLT_HIPPI                         = 0xf
+	DLT_IBM_SN                        = 0x92
+	DLT_IBM_SP                        = 0x91
+	DLT_IEEE802                       = 0x6
+	DLT_IEEE802_11                    = 0x69
+	DLT_IEEE802_11_RADIO              = 0x7f
+	DLT_IEEE802_11_RADIO_AVS          = 0xa3
+	DLT_IEEE802_15_4                  = 0xc3
+	DLT_IEEE802_15_4_LINUX            = 0xbf
+	DLT_IEEE802_15_4_NONASK_PHY       = 0xd7
+	DLT_IEEE802_16_MAC_CPS            = 0xbc
+	DLT_IEEE802_16_MAC_CPS_RADIO      = 0xc1
+	DLT_IPMB                          = 0xc7
+	DLT_IPMB_LINUX                    = 0xd1
+	DLT_IPNET                         = 0xe2
+	DLT_IPV4                          = 0xe4
+	DLT_IPV6                          = 0xe5
+	DLT_IP_OVER_FC                    = 0x7a
+	DLT_JUNIPER_ATM1                  = 0x89
+	DLT_JUNIPER_ATM2                  = 0x87
+	DLT_JUNIPER_CHDLC                 = 0xb5
+	DLT_JUNIPER_ES                    = 0x84
+	DLT_JUNIPER_ETHER                 = 0xb2
+	DLT_JUNIPER_FRELAY                = 0xb4
+	DLT_JUNIPER_GGSN                  = 0x85
+	DLT_JUNIPER_ISM                   = 0xc2
+	DLT_JUNIPER_MFR                   = 0x86
+	DLT_JUNIPER_MLFR                  = 0x83
+	DLT_JUNIPER_MLPPP                 = 0x82
+	DLT_JUNIPER_MONITOR               = 0xa4
+	DLT_JUNIPER_PIC_PEER              = 0xae
+	DLT_JUNIPER_PPP                   = 0xb3
+	DLT_JUNIPER_PPPOE                 = 0xa7
+	DLT_JUNIPER_PPPOE_ATM             = 0xa8
+	DLT_JUNIPER_SERVICES              = 0x88
+	DLT_JUNIPER_ST                    = 0xc8
+	DLT_JUNIPER_VP                    = 0xb7
+	DLT_LAPB_WITH_DIR                 = 0xcf
+	DLT_LAPD                          = 0xcb
+	DLT_LIN                           = 0xd4
+	DLT_LINUX_EVDEV                   = 0xd8
+	DLT_LINUX_IRDA                    = 0x90
+	DLT_LINUX_LAPD                    = 0xb1
+	DLT_LINUX_SLL                     = 0x71
+	DLT_LOOP                          = 0x6c
+	DLT_LTALK                         = 0x72
+	DLT_MFR                           = 0xb6
+	DLT_MOST                          = 0xd3
+	DLT_MPLS                          = 0xdb
+	DLT_MTP2                          = 0x8c
+	DLT_MTP2_WITH_PHDR                = 0x8b
+	DLT_MTP3                          = 0x8d
+	DLT_NULL                          = 0x0
+	DLT_PCI_EXP                       = 0x7d
+	DLT_PFLOG                         = 0x75
+	DLT_PFSYNC                        = 0x12
+	DLT_PPI                           = 0xc0
+	DLT_PPP                           = 0x9
+	DLT_PPP_BSDOS                     = 0xe
+	DLT_PPP_ETHER                     = 0x33
+	DLT_PPP_PPPD                      = 0xa6
+	DLT_PPP_SERIAL                    = 0x32
+	DLT_PPP_WITH_DIR                  = 0xcc
+	DLT_PRISM_HEADER                  = 0x77
+	DLT_PRONET                        = 0x4
+	DLT_RAIF1                         = 0xc6
+	DLT_RAW                           = 0xc
+	DLT_RAWAF_MASK                    = 0x2240000
+	DLT_RIO                           = 0x7c
+	DLT_SCCP                          = 0x8e
+	DLT_SITA                          = 0xc4
+	DLT_SLIP                          = 0x8
+	DLT_SLIP_BSDOS                    = 0xd
+	DLT_SUNATM                        = 0x7b
+	DLT_SYMANTEC_FIREWALL             = 0x63
+	DLT_TZSP                          = 0x80
+	DLT_USB                           = 0xba
+	DLT_USB_LINUX                     = 0xbd
+	DLT_USB_LINUX_MMAPPED             = 0xdc
+	DLT_WIHART                        = 0xdf
+	DLT_X2E_SERIAL                    = 0xd5
+	DLT_X2E_XORAYA                    = 0xd6
+	DT_BLK                            = 0x6
+	DT_CHR                            = 0x2
+	DT_DIR                            = 0x4
+	DT_FIFO                           = 0x1
+	DT_LNK                            = 0xa
+	DT_REG                            = 0x8
+	DT_SOCK                           = 0xc
+	DT_UNKNOWN                        = 0x0
+	DT_WHT                            = 0xe
+	ECHO                              = 0x8
+	ECHOCTL                           = 0x40
+	ECHOE                             = 0x2
+	ECHOK                             = 0x4
+	ECHOKE                            = 0x1
+	ECHONL                            = 0x10
+	ECHOPRT                           = 0x20
+	EMUL_LINUX                        = 0x1
+	EMUL_LINUX32                      = 0x5
+	EMUL_MAXID                        = 0x6
+	EN_SW_CTL_INF                     = 0x1000
+	EN_SW_CTL_PREC                    = 0x300
+	EN_SW_CTL_ROUND                   = 0xc00
+	EN_SW_DATACHAIN                   = 0x80
+	EN_SW_DENORM                      = 0x2
+	EN_SW_INVOP                       = 0x1
+	EN_SW_OVERFLOW                    = 0x8
+	EN_SW_PRECLOSS                    = 0x20
+	EN_SW_UNDERFLOW                   = 0x10
+	EN_SW_ZERODIV                     = 0x4
+	ETHERCAP_JUMBO_MTU                = 0x4
+	ETHERCAP_VLAN_HWTAGGING           = 0x2
+	ETHERCAP_VLAN_MTU                 = 0x1
+	ETHERMIN                          = 0x2e
+	ETHERMTU                          = 0x5dc
+	ETHERMTU_JUMBO                    = 0x2328
+	ETHERTYPE_8023                    = 0x4
+	ETHERTYPE_AARP                    = 0x80f3
+	ETHERTYPE_ACCTON                  = 0x8390
+	ETHERTYPE_AEONIC                  = 0x8036
+	ETHERTYPE_ALPHA                   = 0x814a
+	ETHERTYPE_AMBER                   = 0x6008
+	ETHERTYPE_AMOEBA                  = 0x8145
+	ETHERTYPE_APOLLO                  = 0x80f7
+	ETHERTYPE_APOLLODOMAIN            = 0x8019
+	ETHERTYPE_APPLETALK               = 0x809b
+	ETHERTYPE_APPLITEK                = 0x80c7
+	ETHERTYPE_ARGONAUT                = 0x803a
+	ETHERTYPE_ARP                     = 0x806
+	ETHERTYPE_AT                      = 0x809b
+	ETHERTYPE_ATALK                   = 0x809b
+	ETHERTYPE_ATOMIC                  = 0x86df
+	ETHERTYPE_ATT                     = 0x8069
+	ETHERTYPE_ATTSTANFORD             = 0x8008
+	ETHERTYPE_AUTOPHON                = 0x806a
+	ETHERTYPE_AXIS                    = 0x8856
+	ETHERTYPE_BCLOOP                  = 0x9003
+	ETHERTYPE_BOFL                    = 0x8102
+	ETHERTYPE_CABLETRON               = 0x7034
+	ETHERTYPE_CHAOS                   = 0x804
+	ETHERTYPE_COMDESIGN               = 0x806c
+	ETHERTYPE_COMPUGRAPHIC            = 0x806d
+	ETHERTYPE_COUNTERPOINT            = 0x8062
+	ETHERTYPE_CRONUS                  = 0x8004
+	ETHERTYPE_CRONUSVLN               = 0x8003
+	ETHERTYPE_DCA                     = 0x1234
+	ETHERTYPE_DDE                     = 0x807b
+	ETHERTYPE_DEBNI                   = 0xaaaa
+	ETHERTYPE_DECAM                   = 0x8048
+	ETHERTYPE_DECCUST                 = 0x6006
+	ETHERTYPE_DECDIAG                 = 0x6005
+	ETHERTYPE_DECDNS                  = 0x803c
+	ETHERTYPE_DECDTS                  = 0x803e
+	ETHERTYPE_DECEXPER                = 0x6000
+	ETHERTYPE_DECLAST                 = 0x8041
+	ETHERTYPE_DECLTM                  = 0x803f
+	ETHERTYPE_DECMUMPS                = 0x6009
+	ETHERTYPE_DECNETBIOS              = 0x8040
+	ETHERTYPE_DELTACON                = 0x86de
+	ETHERTYPE_DIDDLE                  = 0x4321
+	ETHERTYPE_DLOG1                   = 0x660
+	ETHERTYPE_DLOG2                   = 0x661
+	ETHERTYPE_DN                      = 0x6003
+	ETHERTYPE_DOGFIGHT                = 0x1989
+	ETHERTYPE_DSMD                    = 0x8039
+	ETHERTYPE_ECMA                    = 0x803
+	ETHERTYPE_ENCRYPT                 = 0x803d
+	ETHERTYPE_ES                      = 0x805d
+	ETHERTYPE_EXCELAN                 = 0x8010
+	ETHERTYPE_EXPERDATA               = 0x8049
+	ETHERTYPE_FLIP                    = 0x8146
+	ETHERTYPE_FLOWCONTROL             = 0x8808
+	ETHERTYPE_FRARP                   = 0x808
+	ETHERTYPE_GENDYN                  = 0x8068
+	ETHERTYPE_HAYES                   = 0x8130
+	ETHERTYPE_HIPPI_FP                = 0x8180
+	ETHERTYPE_HITACHI                 = 0x8820
+	ETHERTYPE_HP                      = 0x8005
+	ETHERTYPE_IEEEPUP                 = 0xa00
+	ETHERTYPE_IEEEPUPAT               = 0xa01
+	ETHERTYPE_IMLBL                   = 0x4c42
+	ETHERTYPE_IMLBLDIAG               = 0x424c
+	ETHERTYPE_IP                      = 0x800
+	ETHERTYPE_IPAS                    = 0x876c
+	ETHERTYPE_IPV6                    = 0x86dd
+	ETHERTYPE_IPX                     = 0x8137
+	ETHERTYPE_IPXNEW                  = 0x8037
+	ETHERTYPE_KALPANA                 = 0x8582
+	ETHERTYPE_LANBRIDGE               = 0x8038
+	ETHERTYPE_LANPROBE                = 0x8888
+	ETHERTYPE_LAT                     = 0x6004
+	ETHERTYPE_LBACK                   = 0x9000
+	ETHERTYPE_LITTLE                  = 0x8060
+	ETHERTYPE_LOGICRAFT               = 0x8148
+	ETHERTYPE_LOOPBACK                = 0x9000
+	ETHERTYPE_MATRA                   = 0x807a
+	ETHERTYPE_MAX                     = 0xffff
+	ETHERTYPE_MERIT                   = 0x807c
+	ETHERTYPE_MICP                    = 0x873a
+	ETHERTYPE_MOPDL                   = 0x6001
+	ETHERTYPE_MOPRC                   = 0x6002
+	ETHERTYPE_MOTOROLA                = 0x818d
+	ETHERTYPE_MPLS                    = 0x8847
+	ETHERTYPE_MPLS_MCAST              = 0x8848
+	ETHERTYPE_MUMPS                   = 0x813f
+	ETHERTYPE_NBPCC                   = 0x3c04
+	ETHERTYPE_NBPCLAIM                = 0x3c09
+	ETHERTYPE_NBPCLREQ                = 0x3c05
+	ETHERTYPE_NBPCLRSP                = 0x3c06
+	ETHERTYPE_NBPCREQ                 = 0x3c02
+	ETHERTYPE_NBPCRSP                 = 0x3c03
+	ETHERTYPE_NBPDG                   = 0x3c07
+	ETHERTYPE_NBPDGB                  = 0x3c08
+	ETHERTYPE_NBPDLTE                 = 0x3c0a
+	ETHERTYPE_NBPRAR                  = 0x3c0c
+	ETHERTYPE_NBPRAS                  = 0x3c0b
+	ETHERTYPE_NBPRST                  = 0x3c0d
+	ETHERTYPE_NBPSCD                  = 0x3c01
+	ETHERTYPE_NBPVCD                  = 0x3c00
+	ETHERTYPE_NBS                     = 0x802
+	ETHERTYPE_NCD                     = 0x8149
+	ETHERTYPE_NESTAR                  = 0x8006
+	ETHERTYPE_NETBEUI                 = 0x8191
+	ETHERTYPE_NOVELL                  = 0x8138
+	ETHERTYPE_NS                      = 0x600
+	ETHERTYPE_NSAT                    = 0x601
+	ETHERTYPE_NSCOMPAT                = 0x807
+	ETHERTYPE_NTRAILER                = 0x10
+	ETHERTYPE_OS9                     = 0x7007
+	ETHERTYPE_OS9NET                  = 0x7009
+	ETHERTYPE_PACER                   = 0x80c6
+	ETHERTYPE_PAE                     = 0x888e
+	ETHERTYPE_PCS                     = 0x4242
+	ETHERTYPE_PLANNING                = 0x8044
+	ETHERTYPE_PPP                     = 0x880b
+	ETHERTYPE_PPPOE                   = 0x8864
+	ETHERTYPE_PPPOEDISC               = 0x8863
+	ETHERTYPE_PRIMENTS                = 0x7031
+	ETHERTYPE_PUP                     = 0x200
+	ETHERTYPE_PUPAT                   = 0x200
+	ETHERTYPE_RACAL                   = 0x7030
+	ETHERTYPE_RATIONAL                = 0x8150
+	ETHERTYPE_RAWFR                   = 0x6559
+	ETHERTYPE_RCL                     = 0x1995
+	ETHERTYPE_RDP                     = 0x8739
+	ETHERTYPE_RETIX                   = 0x80f2
+	ETHERTYPE_REVARP                  = 0x8035
+	ETHERTYPE_SCA                     = 0x6007
+	ETHERTYPE_SECTRA                  = 0x86db
+	ETHERTYPE_SECUREDATA              = 0x876d
+	ETHERTYPE_SGITW                   = 0x817e
+	ETHERTYPE_SG_BOUNCE               = 0x8016
+	ETHERTYPE_SG_DIAG                 = 0x8013
+	ETHERTYPE_SG_NETGAMES             = 0x8014
+	ETHERTYPE_SG_RESV                 = 0x8015
+	ETHERTYPE_SIMNET                  = 0x5208
+	ETHERTYPE_SLOWPROTOCOLS           = 0x8809
+	ETHERTYPE_SNA                     = 0x80d5
+	ETHERTYPE_SNMP                    = 0x814c
+	ETHERTYPE_SONIX                   = 0xfaf5
+	ETHERTYPE_SPIDER                  = 0x809f
+	ETHERTYPE_SPRITE                  = 0x500
+	ETHERTYPE_STP                     = 0x8181
+	ETHERTYPE_TALARIS                 = 0x812b
+	ETHERTYPE_TALARISMC               = 0x852b
+	ETHERTYPE_TCPCOMP                 = 0x876b
+	ETHERTYPE_TCPSM                   = 0x9002
+	ETHERTYPE_TEC                     = 0x814f
+	ETHERTYPE_TIGAN                   = 0x802f
+	ETHERTYPE_TRAIL                   = 0x1000
+	ETHERTYPE_TRANSETHER              = 0x6558
+	ETHERTYPE_TYMSHARE                = 0x802e
+	ETHERTYPE_UBBST                   = 0x7005
+	ETHERTYPE_UBDEBUG                 = 0x900
+	ETHERTYPE_UBDIAGLOOP              = 0x7002
+	ETHERTYPE_UBDL                    = 0x7000
+	ETHERTYPE_UBNIU                   = 0x7001
+	ETHERTYPE_UBNMC                   = 0x7003
+	ETHERTYPE_VALID                   = 0x1600
+	ETHERTYPE_VARIAN                  = 0x80dd
+	ETHERTYPE_VAXELN                  = 0x803b
+	ETHERTYPE_VEECO                   = 0x8067
+	ETHERTYPE_VEXP                    = 0x805b
+	ETHERTYPE_VGLAB                   = 0x8131
+	ETHERTYPE_VINES                   = 0xbad
+	ETHERTYPE_VINESECHO               = 0xbaf
+	ETHERTYPE_VINESLOOP               = 0xbae
+	ETHERTYPE_VITAL                   = 0xff00
+	ETHERTYPE_VLAN                    = 0x8100
+	ETHERTYPE_VLTLMAN                 = 0x8080
+	ETHERTYPE_VPROD                   = 0x805c
+	ETHERTYPE_VURESERVED              = 0x8147
+	ETHERTYPE_WATERLOO                = 0x8130
+	ETHERTYPE_WELLFLEET               = 0x8103
+	ETHERTYPE_X25                     = 0x805
+	ETHERTYPE_X75                     = 0x801
+	ETHERTYPE_XNSSM                   = 0x9001
+	ETHERTYPE_XTP                     = 0x817d
+	ETHER_ADDR_LEN                    = 0x6
+	ETHER_CRC_LEN                     = 0x4
+	ETHER_CRC_POLY_BE                 = 0x4c11db6
+	ETHER_CRC_POLY_LE                 = 0xedb88320
+	ETHER_HDR_LEN                     = 0xe
+	ETHER_MAX_LEN                     = 0x5ee
+	ETHER_MAX_LEN_JUMBO               = 0x233a
+	ETHER_MIN_LEN                     = 0x40
+	ETHER_PPPOE_ENCAP_LEN             = 0x8
+	ETHER_TYPE_LEN                    = 0x2
+	ETHER_VLAN_ENCAP_LEN              = 0x4
+	EVFILT_AIO                        = 0x2
+	EVFILT_PROC                       = 0x4
+	EVFILT_READ                       = 0x0
+	EVFILT_SIGNAL                     = 0x5
+	EVFILT_SYSCOUNT                   = 0x7
+	EVFILT_TIMER                      = 0x6
+	EVFILT_VNODE                      = 0x3
+	EVFILT_WRITE                      = 0x1
+	EV_ADD                            = 0x1
+	EV_CLEAR                          = 0x20
+	EV_DELETE                         = 0x2
+	EV_DISABLE                        = 0x8
+	EV_ENABLE                         = 0x4
+	EV_EOF                            = 0x8000
+	EV_ERROR                          = 0x4000
+	EV_FLAG1                          = 0x2000
+	EV_ONESHOT                        = 0x10
+	EV_SYSFLAGS                       = 0xf000
+	EXTA                              = 0x4b00
+	EXTATTR_CMD_START                 = 0x1
+	EXTATTR_CMD_STOP                  = 0x2
+	EXTATTR_NAMESPACE_SYSTEM          = 0x2
+	EXTATTR_NAMESPACE_USER            = 0x1
+	EXTB                              = 0x9600
+	EXTPROC                           = 0x800
+	FD_CLOEXEC                        = 0x1
+	FD_SETSIZE                        = 0x100
+	FLUSHO                            = 0x800000
+	F_CLOSEM                          = 0xa
+	F_DUPFD                           = 0x0
+	F_DUPFD_CLOEXEC                   = 0xc
+	F_FSCTL                           = -0x80000000
+	F_FSDIRMASK                       = 0x70000000
+	F_FSIN                            = 0x10000000
+	F_FSINOUT                         = 0x30000000
+	F_FSOUT                           = 0x20000000
+	F_FSPRIV                          = 0x8000
+	F_FSVOID                          = 0x40000000
+	F_GETFD                           = 0x1
+	F_GETFL                           = 0x3
+	F_GETLK                           = 0x7
+	F_GETNOSIGPIPE                    = 0xd
+	F_GETOWN                          = 0x5
+	F_MAXFD                           = 0xb
+	F_OK                              = 0x0
+	F_PARAM_MASK                      = 0xfff
+	F_PARAM_MAX                       = 0xfff
+	F_RDLCK                           = 0x1
+	F_SETFD                           = 0x2
+	F_SETFL                           = 0x4
+	F_SETLK                           = 0x8
+	F_SETLKW                          = 0x9
+	F_SETNOSIGPIPE                    = 0xe
+	F_SETOWN                          = 0x6
+	F_UNLCK                           = 0x2
+	F_WRLCK                           = 0x3
+	HUPCL                             = 0x4000
+	HW_MACHINE                        = 0x1
+	ICANON                            = 0x100
+	ICMP6_FILTER                      = 0x12
+	ICRNL                             = 0x100
+	IEXTEN                            = 0x400
+	IFAN_ARRIVAL                      = 0x0
+	IFAN_DEPARTURE                    = 0x1
+	IFA_ROUTE                         = 0x1
+	IFF_ALLMULTI                      = 0x200
+	IFF_BROADCAST                     = 0x2
+	IFF_CANTCHANGE                    = 0x8f52
+	IFF_DEBUG                         = 0x4
+	IFF_LINK0                         = 0x1000
+	IFF_LINK1                         = 0x2000
+	IFF_LINK2                         = 0x4000
+	IFF_LOOPBACK                      = 0x8
+	IFF_MULTICAST                     = 0x8000
+	IFF_NOARP                         = 0x80
+	IFF_NOTRAILERS                    = 0x20
+	IFF_OACTIVE                       = 0x400
+	IFF_POINTOPOINT                   = 0x10
+	IFF_PROMISC                       = 0x100
+	IFF_RUNNING                       = 0x40
+	IFF_SIMPLEX                       = 0x800
+	IFF_UP                            = 0x1
+	IFNAMSIZ                          = 0x10
+	IFT_1822                          = 0x2
+	IFT_A12MPPSWITCH                  = 0x82
+	IFT_AAL2                          = 0xbb
+	IFT_AAL5                          = 0x31
+	IFT_ADSL                          = 0x5e
+	IFT_AFLANE8023                    = 0x3b
+	IFT_AFLANE8025                    = 0x3c
+	IFT_ARAP                          = 0x58
+	IFT_ARCNET                        = 0x23
+	IFT_ARCNETPLUS                    = 0x24
+	IFT_ASYNC                         = 0x54
+	IFT_ATM                           = 0x25
+	IFT_ATMDXI                        = 0x69
+	IFT_ATMFUNI                       = 0x6a
+	IFT_ATMIMA                        = 0x6b
+	IFT_ATMLOGICAL                    = 0x50
+	IFT_ATMRADIO                      = 0xbd
+	IFT_ATMSUBINTERFACE               = 0x86
+	IFT_ATMVCIENDPT                   = 0xc2
+	IFT_ATMVIRTUAL                    = 0x95
+	IFT_BGPPOLICYACCOUNTING           = 0xa2
+	IFT_BRIDGE                        = 0xd1
+	IFT_BSC                           = 0x53
+	IFT_CARP                          = 0xf8
+	IFT_CCTEMUL                       = 0x3d
+	IFT_CEPT                          = 0x13
+	IFT_CES                           = 0x85
+	IFT_CHANNEL                       = 0x46
+	IFT_CNR                           = 0x55
+	IFT_COFFEE                        = 0x84
+	IFT_COMPOSITELINK                 = 0x9b
+	IFT_DCN                           = 0x8d
+	IFT_DIGITALPOWERLINE              = 0x8a
+	IFT_DIGITALWRAPPEROVERHEADCHANNEL = 0xba
+	IFT_DLSW                          = 0x4a
+	IFT_DOCSCABLEDOWNSTREAM           = 0x80
+	IFT_DOCSCABLEMACLAYER             = 0x7f
+	IFT_DOCSCABLEUPSTREAM             = 0x81
+	IFT_DOCSCABLEUPSTREAMCHANNEL      = 0xcd
+	IFT_DS0                           = 0x51
+	IFT_DS0BUNDLE                     = 0x52
+	IFT_DS1FDL                        = 0xaa
+	IFT_DS3                           = 0x1e
+	IFT_DTM                           = 0x8c
+	IFT_DVBASILN                      = 0xac
+	IFT_DVBASIOUT                     = 0xad
+	IFT_DVBRCCDOWNSTREAM              = 0x93
+	IFT_DVBRCCMACLAYER                = 0x92
+	IFT_DVBRCCUPSTREAM                = 0x94
+	IFT_ECONET                        = 0xce
+	IFT_EON                           = 0x19
+	IFT_EPLRS                         = 0x57
+	IFT_ESCON                         = 0x49
+	IFT_ETHER                         = 0x6
+	IFT_FAITH                         = 0xf2
+	IFT_FAST                          = 0x7d
+	IFT_FASTETHER                     = 0x3e
+	IFT_FASTETHERFX                   = 0x45
+	IFT_FDDI                          = 0xf
+	IFT_FIBRECHANNEL                  = 0x38
+	IFT_FRAMERELAYINTERCONNECT        = 0x3a
+	IFT_FRAMERELAYMPI                 = 0x5c
+	IFT_FRDLCIENDPT                   = 0xc1
+	IFT_FRELAY                        = 0x20
+	IFT_FRELAYDCE                     = 0x2c
+	IFT_FRF16MFRBUNDLE                = 0xa3
+	IFT_FRFORWARD                     = 0x9e
+	IFT_G703AT2MB                     = 0x43
+	IFT_G703AT64K                     = 0x42
+	IFT_GIF                           = 0xf0
+	IFT_GIGABITETHERNET               = 0x75
+	IFT_GR303IDT                      = 0xb2
+	IFT_GR303RDT                      = 0xb1
+	IFT_H323GATEKEEPER                = 0xa4
+	IFT_H323PROXY                     = 0xa5
+	IFT_HDH1822                       = 0x3
+	IFT_HDLC                          = 0x76
+	IFT_HDSL2                         = 0xa8
+	IFT_HIPERLAN2                     = 0xb7
+	IFT_HIPPI                         = 0x2f
+	IFT_HIPPIINTERFACE                = 0x39
+	IFT_HOSTPAD                       = 0x5a
+	IFT_HSSI                          = 0x2e
+	IFT_HY                            = 0xe
+	IFT_IBM370PARCHAN                 = 0x48
+	IFT_IDSL                          = 0x9a
+	IFT_IEEE1394                      = 0x90
+	IFT_IEEE80211                     = 0x47
+	IFT_IEEE80212                     = 0x37
+	IFT_IEEE8023ADLAG                 = 0xa1
+	IFT_IFGSN                         = 0x91
+	IFT_IMT                           = 0xbe
+	IFT_INFINIBAND                    = 0xc7
+	IFT_INTERLEAVE                    = 0x7c
+	IFT_IP                            = 0x7e
+	IFT_IPFORWARD                     = 0x8e
+	IFT_IPOVERATM                     = 0x72
+	IFT_IPOVERCDLC                    = 0x6d
+	IFT_IPOVERCLAW                    = 0x6e
+	IFT_IPSWITCH                      = 0x4e
+	IFT_ISDN                          = 0x3f
+	IFT_ISDNBASIC                     = 0x14
+	IFT_ISDNPRIMARY                   = 0x15
+	IFT_ISDNS                         = 0x4b
+	IFT_ISDNU                         = 0x4c
+	IFT_ISO88022LLC                   = 0x29
+	IFT_ISO88023                      = 0x7
+	IFT_ISO88024                      = 0x8
+	IFT_ISO88025                      = 0x9
+	IFT_ISO88025CRFPINT               = 0x62
+	IFT_ISO88025DTR                   = 0x56
+	IFT_ISO88025FIBER                 = 0x73
+	IFT_ISO88026                      = 0xa
+	IFT_ISUP                          = 0xb3
+	IFT_L2VLAN                        = 0x87
+	IFT_L3IPVLAN                      = 0x88
+	IFT_L3IPXVLAN                     = 0x89
+	IFT_LAPB                          = 0x10
+	IFT_LAPD                          = 0x4d
+	IFT_LAPF                          = 0x77
+	IFT_LINEGROUP                     = 0xd2
+	IFT_LOCALTALK                     = 0x2a
+	IFT_LOOP                          = 0x18
+	IFT_MEDIAMAILOVERIP               = 0x8b
+	IFT_MFSIGLINK                     = 0xa7
+	IFT_MIOX25                        = 0x26
+	IFT_MODEM                         = 0x30
+	IFT_MPC                           = 0x71
+	IFT_MPLS                          = 0xa6
+	IFT_MPLSTUNNEL                    = 0x96
+	IFT_MSDSL                         = 0x8f
+	IFT_MVL                           = 0xbf
+	IFT_MYRINET                       = 0x63
+	IFT_NFAS                          = 0xaf
+	IFT_NSIP                          = 0x1b
+	IFT_OPTICALCHANNEL                = 0xc3
+	IFT_OPTICALTRANSPORT              = 0xc4
+	IFT_OTHER                         = 0x1
+	IFT_P10                           = 0xc
+	IFT_P80                           = 0xd
+	IFT_PARA                          = 0x22
+	IFT_PFLOG                         = 0xf5
+	IFT_PFSYNC                        = 0xf6
+	IFT_PLC                           = 0xae
+	IFT_PON155                        = 0xcf
+	IFT_PON622                        = 0xd0
+	IFT_POS                           = 0xab
+	IFT_PPP                           = 0x17
+	IFT_PPPMULTILINKBUNDLE            = 0x6c
+	IFT_PROPATM                       = 0xc5
+	IFT_PROPBWAP2MP                   = 0xb8
+	IFT_PROPCNLS                      = 0x59
+	IFT_PROPDOCSWIRELESSDOWNSTREAM    = 0xb5
+	IFT_PROPDOCSWIRELESSMACLAYER      = 0xb4
+	IFT_PROPDOCSWIRELESSUPSTREAM      = 0xb6
+	IFT_PROPMUX                       = 0x36
+	IFT_PROPVIRTUAL                   = 0x35
+	IFT_PROPWIRELESSP2P               = 0x9d
+	IFT_PTPSERIAL                     = 0x16
+	IFT_PVC                           = 0xf1
+	IFT_Q2931                         = 0xc9
+	IFT_QLLC                          = 0x44
+	IFT_RADIOMAC                      = 0xbc
+	IFT_RADSL                         = 0x5f
+	IFT_REACHDSL                      = 0xc0
+	IFT_RFC1483                       = 0x9f
+	IFT_RS232                         = 0x21
+	IFT_RSRB                          = 0x4f
+	IFT_SDLC                          = 0x11
+	IFT_SDSL                          = 0x60
+	IFT_SHDSL                         = 0xa9
+	IFT_SIP                           = 0x1f
+	IFT_SIPSIG                        = 0xcc
+	IFT_SIPTG                         = 0xcb
+	IFT_SLIP                          = 0x1c
+	IFT_SMDSDXI                       = 0x2b
+	IFT_SMDSICIP                      = 0x34
+	IFT_SONET                         = 0x27
+	IFT_SONETOVERHEADCHANNEL          = 0xb9
+	IFT_SONETPATH                     = 0x32
+	IFT_SONETVT                       = 0x33
+	IFT_SRP                           = 0x97
+	IFT_SS7SIGLINK                    = 0x9c
+	IFT_STACKTOSTACK                  = 0x6f
+	IFT_STARLAN                       = 0xb
+	IFT_STF                           = 0xd7
+	IFT_T1                            = 0x12
+	IFT_TDLC                          = 0x74
+	IFT_TELINK                        = 0xc8
+	IFT_TERMPAD                       = 0x5b
+	IFT_TR008                         = 0xb0
+	IFT_TRANSPHDLC                    = 0x7b
+	IFT_TUNNEL                        = 0x83
+	IFT_ULTRA                         = 0x1d
+	IFT_USB                           = 0xa0
+	IFT_V11                           = 0x40
+	IFT_V35                           = 0x2d
+	IFT_V36                           = 0x41
+	IFT_V37                           = 0x78
+	IFT_VDSL                          = 0x61
+	IFT_VIRTUALIPADDRESS              = 0x70
+	IFT_VIRTUALTG                     = 0xca
+	IFT_VOICEDID                      = 0xd5
+	IFT_VOICEEM                       = 0x64
+	IFT_VOICEEMFGD                    = 0xd3
+	IFT_VOICEENCAP                    = 0x67
+	IFT_VOICEFGDEANA                  = 0xd4
+	IFT_VOICEFXO                      = 0x65
+	IFT_VOICEFXS                      = 0x66
+	IFT_VOICEOVERATM                  = 0x98
+	IFT_VOICEOVERCABLE                = 0xc6
+	IFT_VOICEOVERFRAMERELAY           = 0x99
+	IFT_VOICEOVERIP                   = 0x68
+	IFT_X213                          = 0x5d
+	IFT_X25                           = 0x5
+	IFT_X25DDN                        = 0x4
+	IFT_X25HUNTGROUP                  = 0x7a
+	IFT_X25MLP                        = 0x79
+	IFT_X25PLE                        = 0x28
+	IFT_XETHER                        = 0x1a
+	IGNBRK                            = 0x1
+	IGNCR                             = 0x80
+	IGNPAR                            = 0x4
+	IMAXBEL                           = 0x2000
+	INLCR                             = 0x40
+	INPCK                             = 0x10
+	IN_CLASSA_HOST                    = 0xffffff
+	IN_CLASSA_MAX                     = 0x80
+	IN_CLASSA_NET                     = 0xff000000
+	IN_CLASSA_NSHIFT                  = 0x18
+	IN_CLASSB_HOST                    = 0xffff
+	IN_CLASSB_MAX                     = 0x10000
+	IN_CLASSB_NET                     = 0xffff0000
+	IN_CLASSB_NSHIFT                  = 0x10
+	IN_CLASSC_HOST                    = 0xff
+	IN_CLASSC_NET                     = 0xffffff00
+	IN_CLASSC_NSHIFT                  = 0x8
+	IN_CLASSD_HOST                    = 0xfffffff
+	IN_CLASSD_NET                     = 0xf0000000
+	IN_CLASSD_NSHIFT                  = 0x1c
+	IN_LOOPBACKNET                    = 0x7f
+	IPPROTO_AH                        = 0x33
+	IPPROTO_CARP                      = 0x70
+	IPPROTO_DONE                      = 0x101
+	IPPROTO_DSTOPTS                   = 0x3c
+	IPPROTO_EGP                       = 0x8
+	IPPROTO_ENCAP                     = 0x62
+	IPPROTO_EON                       = 0x50
+	IPPROTO_ESP                       = 0x32
+	IPPROTO_ETHERIP                   = 0x61
+	IPPROTO_FRAGMENT                  = 0x2c
+	IPPROTO_GGP                       = 0x3
+	IPPROTO_GRE                       = 0x2f
+	IPPROTO_HOPOPTS                   = 0x0
+	IPPROTO_ICMP                      = 0x1
+	IPPROTO_ICMPV6                    = 0x3a
+	IPPROTO_IDP                       = 0x16
+	IPPROTO_IGMP                      = 0x2
+	IPPROTO_IP                        = 0x0
+	IPPROTO_IPCOMP                    = 0x6c
+	IPPROTO_IPIP                      = 0x4
+	IPPROTO_IPV4                      = 0x4
+	IPPROTO_IPV6                      = 0x29
+	IPPROTO_IPV6_ICMP                 = 0x3a
+	IPPROTO_MAX                       = 0x100
+	IPPROTO_MAXID                     = 0x34
+	IPPROTO_MOBILE                    = 0x37
+	IPPROTO_NONE                      = 0x3b
+	IPPROTO_PFSYNC                    = 0xf0
+	IPPROTO_PIM                       = 0x67
+	IPPROTO_PUP                       = 0xc
+	IPPROTO_RAW                       = 0xff
+	IPPROTO_ROUTING                   = 0x2b
+	IPPROTO_RSVP                      = 0x2e
+	IPPROTO_TCP                       = 0x6
+	IPPROTO_TP                        = 0x1d
+	IPPROTO_UDP                       = 0x11
+	IPPROTO_VRRP                      = 0x70
+	IPV6_CHECKSUM                     = 0x1a
+	IPV6_DEFAULT_MULTICAST_HOPS       = 0x1
+	IPV6_DEFAULT_MULTICAST_LOOP       = 0x1
+	IPV6_DEFHLIM                      = 0x40
+	IPV6_DONTFRAG                     = 0x3e
+	IPV6_DSTOPTS                      = 0x32
+	IPV6_FAITH                        = 0x1d
+	IPV6_FLOWINFO_MASK                = 0xffffff0f
+	IPV6_FLOWLABEL_MASK               = 0xffff0f00
+	IPV6_FRAGTTL                      = 0x78
+	IPV6_HLIMDEC                      = 0x1
+	IPV6_HOPLIMIT                     = 0x2f
+	IPV6_HOPOPTS                      = 0x31
+	IPV6_IPSEC_POLICY                 = 0x1c
+	IPV6_JOIN_GROUP                   = 0xc
+	IPV6_LEAVE_GROUP                  = 0xd
+	IPV6_MAXHLIM                      = 0xff
+	IPV6_MAXPACKET                    = 0xffff
+	IPV6_MMTU                         = 0x500
+	IPV6_MULTICAST_HOPS               = 0xa
+	IPV6_MULTICAST_IF                 = 0x9
+	IPV6_MULTICAST_LOOP               = 0xb
+	IPV6_NEXTHOP                      = 0x30
+	IPV6_PATHMTU                      = 0x2c
+	IPV6_PKTINFO                      = 0x2e
+	IPV6_PORTRANGE                    = 0xe
+	IPV6_PORTRANGE_DEFAULT            = 0x0
+	IPV6_PORTRANGE_HIGH               = 0x1
+	IPV6_PORTRANGE_LOW                = 0x2
+	IPV6_RECVDSTOPTS                  = 0x28
+	IPV6_RECVHOPLIMIT                 = 0x25
+	IPV6_RECVHOPOPTS                  = 0x27
+	IPV6_RECVPATHMTU                  = 0x2b
+	IPV6_RECVPKTINFO                  = 0x24
+	IPV6_RECVRTHDR                    = 0x26
+	IPV6_RECVTCLASS                   = 0x39
+	IPV6_RTHDR                        = 0x33
+	IPV6_RTHDRDSTOPTS                 = 0x23
+	IPV6_RTHDR_LOOSE                  = 0x0
+	IPV6_RTHDR_STRICT                 = 0x1
+	IPV6_RTHDR_TYPE_0                 = 0x0
+	IPV6_SOCKOPT_RESERVED1            = 0x3
+	IPV6_TCLASS                       = 0x3d
+	IPV6_UNICAST_HOPS                 = 0x4
+	IPV6_USE_MIN_MTU                  = 0x2a
+	IPV6_V6ONLY                       = 0x1b
+	IPV6_VERSION                      = 0x60
+	IPV6_VERSION_MASK                 = 0xf0
+	IP_ADD_MEMBERSHIP                 = 0xc
+	IP_DEFAULT_MULTICAST_LOOP         = 0x1
+	IP_DEFAULT_MULTICAST_TTL          = 0x1
+	IP_DF                             = 0x4000
+	IP_DROP_MEMBERSHIP                = 0xd
+	IP_EF                             = 0x8000
+	IP_ERRORMTU                       = 0x15
+	IP_HDRINCL                        = 0x2
+	IP_IPSEC_POLICY                   = 0x16
+	IP_MAXPACKET                      = 0xffff
+	IP_MAX_MEMBERSHIPS                = 0x14
+	IP_MF                             = 0x2000
+	IP_MINFRAGSIZE                    = 0x45
+	IP_MINTTL                         = 0x18
+	IP_MSS                            = 0x240
+	IP_MULTICAST_IF                   = 0x9
+	IP_MULTICAST_LOOP                 = 0xb
+	IP_MULTICAST_TTL                  = 0xa
+	IP_OFFMASK                        = 0x1fff
+	IP_OPTIONS                        = 0x1
+	IP_PORTRANGE                      = 0x13
+	IP_PORTRANGE_DEFAULT              = 0x0
+	IP_PORTRANGE_HIGH                 = 0x1
+	IP_PORTRANGE_LOW                  = 0x2
+	IP_RECVDSTADDR                    = 0x7
+	IP_RECVIF                         = 0x14
+	IP_RECVOPTS                       = 0x5
+	IP_RECVRETOPTS                    = 0x6
+	IP_RECVTTL                        = 0x17
+	IP_RETOPTS                        = 0x8
+	IP_RF                             = 0x8000
+	IP_TOS                            = 0x3
+	IP_TTL                            = 0x4
+	ISIG                              = 0x80
+	ISTRIP                            = 0x20
+	IXANY                             = 0x800
+	IXOFF                             = 0x400
+	IXON                              = 0x200
+	KERN_HOSTNAME                     = 0xa
+	KERN_OSRELEASE                    = 0x2
+	KERN_OSTYPE                       = 0x1
+	KERN_VERSION                      = 0x4
+	LOCK_EX                           = 0x2
+	LOCK_NB                           = 0x4
+	LOCK_SH                           = 0x1
+	LOCK_UN                           = 0x8
+	MADV_DONTNEED                     = 0x4
+	MADV_FREE                         = 0x6
+	MADV_NORMAL                       = 0x0
+	MADV_RANDOM                       = 0x1
+	MADV_SEQUENTIAL                   = 0x2
+	MADV_SPACEAVAIL                   = 0x5
+	MADV_WILLNEED                     = 0x3
+	MAP_ALIGNMENT_16MB                = 0x18000000
+	MAP_ALIGNMENT_1TB                 = 0x28000000
+	MAP_ALIGNMENT_256TB               = 0x30000000
+	MAP_ALIGNMENT_4GB                 = 0x20000000
+	MAP_ALIGNMENT_64KB                = 0x10000000
+	MAP_ALIGNMENT_64PB                = 0x38000000
+	MAP_ALIGNMENT_MASK                = -0x1000000
+	MAP_ALIGNMENT_SHIFT               = 0x18
+	MAP_ANON                          = 0x1000
+	MAP_FILE                          = 0x0
+	MAP_FIXED                         = 0x10
+	MAP_HASSEMAPHORE                  = 0x200
+	MAP_INHERIT                       = 0x80
+	MAP_INHERIT_COPY                  = 0x1
+	MAP_INHERIT_DEFAULT               = 0x1
+	MAP_INHERIT_DONATE_COPY           = 0x3
+	MAP_INHERIT_NONE                  = 0x2
+	MAP_INHERIT_SHARE                 = 0x0
+	MAP_NORESERVE                     = 0x40
+	MAP_PRIVATE                       = 0x2
+	MAP_RENAME                        = 0x20
+	MAP_SHARED                        = 0x1
+	MAP_STACK                         = 0x2000
+	MAP_TRYFIXED                      = 0x400
+	MAP_WIRED                         = 0x800
+	MCL_CURRENT                       = 0x1
+	MCL_FUTURE                        = 0x2
+	MNT_ASYNC                         = 0x40
+	MNT_BASIC_FLAGS                   = 0xe782807f
+	MNT_DEFEXPORTED                   = 0x200
+	MNT_DISCARD                       = 0x800000
+	MNT_EXKERB                        = 0x800
+	MNT_EXNORESPORT                   = 0x8000000
+	MNT_EXPORTANON                    = 0x400
+	MNT_EXPORTED                      = 0x100
+	MNT_EXPUBLIC                      = 0x10000000
+	MNT_EXRDONLY                      = 0x80
+	MNT_EXTATTR                       = 0x1000000
+	MNT_FORCE                         = 0x80000
+	MNT_GETARGS                       = 0x400000
+	MNT_IGNORE                        = 0x100000
+	MNT_LAZY                          = 0x3
+	MNT_LOCAL                         = 0x1000
+	MNT_LOG                           = 0x2000000
+	MNT_NOATIME                       = 0x4000000
+	MNT_NOCOREDUMP                    = 0x8000
+	MNT_NODEV                         = 0x10
+	MNT_NODEVMTIME                    = 0x40000000
+	MNT_NOEXEC                        = 0x4
+	MNT_NOSUID                        = 0x8
+	MNT_NOWAIT                        = 0x2
+	MNT_OP_FLAGS                      = 0x4d0000
+	MNT_QUOTA                         = 0x2000
+	MNT_RDONLY                        = 0x1
+	MNT_RELATIME                      = 0x20000
+	MNT_RELOAD                        = 0x40000
+	MNT_ROOTFS                        = 0x4000
+	MNT_SOFTDEP                       = 0x80000000
+	MNT_SYMPERM                       = 0x20000000
+	MNT_SYNCHRONOUS                   = 0x2
+	MNT_UNION                         = 0x20
+	MNT_UPDATE                        = 0x10000
+	MNT_VISFLAGMASK                   = 0xff90ffff
+	MNT_WAIT                          = 0x1
+	MSG_BCAST                         = 0x100
+	MSG_CMSG_CLOEXEC                  = 0x800
+	MSG_CONTROLMBUF                   = 0x2000000
+	MSG_CTRUNC                        = 0x20
+	MSG_DONTROUTE                     = 0x4
+	MSG_DONTWAIT                      = 0x80
+	MSG_EOR                           = 0x8
+	MSG_IOVUSRSPACE                   = 0x4000000
+	MSG_LENUSRSPACE                   = 0x8000000
+	MSG_MCAST                         = 0x200
+	MSG_NAMEMBUF                      = 0x1000000
+	MSG_NBIO                          = 0x1000
+	MSG_NOSIGNAL                      = 0x400
+	MSG_OOB                           = 0x1
+	MSG_PEEK                          = 0x2
+	MSG_TRUNC                         = 0x10
+	MSG_USERFLAGS                     = 0xffffff
+	MSG_WAITALL                       = 0x40
+	MS_ASYNC                          = 0x1
+	MS_INVALIDATE                     = 0x2
+	MS_SYNC                           = 0x4
+	NAME_MAX                          = 0x1ff
+	NET_RT_DUMP                       = 0x1
+	NET_RT_FLAGS                      = 0x2
+	NET_RT_IFLIST                     = 0x5
+	NET_RT_MAXID                      = 0x6
+	NET_RT_OIFLIST                    = 0x4
+	NET_RT_OOIFLIST                   = 0x3
+	NFDBITS                           = 0x20
+	NOFLSH                            = 0x80000000
+	NOTE_ATTRIB                       = 0x8
+	NOTE_CHILD                        = 0x4
+	NOTE_DELETE                       = 0x1
+	NOTE_EXEC                         = 0x20000000
+	NOTE_EXIT                         = 0x80000000
+	NOTE_EXTEND                       = 0x4
+	NOTE_FORK                         = 0x40000000
+	NOTE_LINK                         = 0x10
+	NOTE_LOWAT                        = 0x1
+	NOTE_PCTRLMASK                    = 0xf0000000
+	NOTE_PDATAMASK                    = 0xfffff
+	NOTE_RENAME                       = 0x20
+	NOTE_REVOKE                       = 0x40
+	NOTE_TRACK                        = 0x1
+	NOTE_TRACKERR                     = 0x2
+	NOTE_WRITE                        = 0x2
+	OCRNL                             = 0x10
+	OFIOGETBMAP                       = 0xc004667a
+	ONLCR                             = 0x2
+	ONLRET                            = 0x40
+	ONOCR                             = 0x20
+	ONOEOT                            = 0x8
+	OPOST                             = 0x1
+	O_ACCMODE                         = 0x3
+	O_ALT_IO                          = 0x40000
+	O_APPEND                          = 0x8
+	O_ASYNC                           = 0x40
+	O_CLOEXEC                         = 0x400000
+	O_CREAT                           = 0x200
+	O_DIRECT                          = 0x80000
+	O_DIRECTORY                       = 0x200000
+	O_DSYNC                           = 0x10000
+	O_EXCL                            = 0x800
+	O_EXLOCK                          = 0x20
+	O_FSYNC                           = 0x80
+	O_NDELAY                          = 0x4
+	O_NOCTTY                          = 0x8000
+	O_NOFOLLOW                        = 0x100
+	O_NONBLOCK                        = 0x4
+	O_NOSIGPIPE                       = 0x1000000
+	O_RDONLY                          = 0x0
+	O_RDWR                            = 0x2
+	O_RSYNC                           = 0x20000
+	O_SHLOCK                          = 0x10
+	O_SYNC                            = 0x80
+	O_TRUNC                           = 0x400
+	O_WRONLY                          = 0x1
+	PARENB                            = 0x1000
+	PARMRK                            = 0x8
+	PARODD                            = 0x2000
+	PENDIN                            = 0x20000000
+	PRIO_PGRP                         = 0x1
+	PRIO_PROCESS                      = 0x0
+	PRIO_USER                         = 0x2
+	PRI_IOFLUSH                       = 0x7c
+	PROT_EXEC                         = 0x4
+	PROT_NONE                         = 0x0
+	PROT_READ                         = 0x1
+	PROT_WRITE                        = 0x2
+	RLIMIT_AS                         = 0xa
+	RLIMIT_CORE                       = 0x4
+	RLIMIT_CPU                        = 0x0
+	RLIMIT_DATA                       = 0x2
+	RLIMIT_FSIZE                      = 0x1
+	RLIMIT_MEMLOCK                    = 0x6
+	RLIMIT_NOFILE                     = 0x8
+	RLIMIT_NPROC                      = 0x7
+	RLIMIT_RSS                        = 0x5
+	RLIMIT_STACK                      = 0x3
+	RLIM_INFINITY                     = 0x7fffffffffffffff
+	RTAX_AUTHOR                       = 0x6
+	RTAX_BRD                          = 0x7
+	RTAX_DST                          = 0x0
+	RTAX_GATEWAY                      = 0x1
+	RTAX_GENMASK                      = 0x3
+	RTAX_IFA                          = 0x5
+	RTAX_IFP                          = 0x4
+	RTAX_MAX                          = 0x9
+	RTAX_NETMASK                      = 0x2
+	RTAX_TAG                          = 0x8
+	RTA_AUTHOR                        = 0x40
+	RTA_BRD                           = 0x80
+	RTA_DST                           = 0x1
+	RTA_GATEWAY                       = 0x2
+	RTA_GENMASK                       = 0x8
+	RTA_IFA                           = 0x20
+	RTA_IFP                           = 0x10
+	RTA_NETMASK                       = 0x4
+	RTA_TAG                           = 0x100
+	RTF_ANNOUNCE                      = 0x20000
+	RTF_BLACKHOLE                     = 0x1000
+	RTF_CLONED                        = 0x2000
+	RTF_CLONING                       = 0x100
+	RTF_DONE                          = 0x40
+	RTF_DYNAMIC                       = 0x10
+	RTF_GATEWAY                       = 0x2
+	RTF_HOST                          = 0x4
+	RTF_LLINFO                        = 0x400
+	RTF_MASK                          = 0x80
+	RTF_MODIFIED                      = 0x20
+	RTF_PROTO1                        = 0x8000
+	RTF_PROTO2                        = 0x4000
+	RTF_REJECT                        = 0x8
+	RTF_SRC                           = 0x10000
+	RTF_STATIC                        = 0x800
+	RTF_UP                            = 0x1
+	RTF_XRESOLVE                      = 0x200
+	RTM_ADD                           = 0x1
+	RTM_CHANGE                        = 0x3
+	RTM_CHGADDR                       = 0x15
+	RTM_DELADDR                       = 0xd
+	RTM_DELETE                        = 0x2
+	RTM_GET                           = 0x4
+	RTM_IEEE80211                     = 0x11
+	RTM_IFANNOUNCE                    = 0x10
+	RTM_IFINFO                        = 0x14
+	RTM_LLINFO_UPD                    = 0x13
+	RTM_LOCK                          = 0x8
+	RTM_LOSING                        = 0x5
+	RTM_MISS                          = 0x7
+	RTM_NEWADDR                       = 0xc
+	RTM_OIFINFO                       = 0xf
+	RTM_OLDADD                        = 0x9
+	RTM_OLDDEL                        = 0xa
+	RTM_OOIFINFO                      = 0xe
+	RTM_REDIRECT                      = 0x6
+	RTM_RESOLVE                       = 0xb
+	RTM_RTTUNIT                       = 0xf4240
+	RTM_SETGATE                       = 0x12
+	RTM_VERSION                       = 0x4
+	RTV_EXPIRE                        = 0x4
+	RTV_HOPCOUNT                      = 0x2
+	RTV_MTU                           = 0x1
+	RTV_RPIPE                         = 0x8
+	RTV_RTT                           = 0x40
+	RTV_RTTVAR                        = 0x80
+	RTV_SPIPE                         = 0x10
+	RTV_SSTHRESH                      = 0x20
+	RUSAGE_CHILDREN                   = -0x1
+	RUSAGE_SELF                       = 0x0
+	SCM_CREDS                         = 0x4
+	SCM_RIGHTS                        = 0x1
+	SCM_TIMESTAMP                     = 0x8
+	SHUT_RD                           = 0x0
+	SHUT_RDWR                         = 0x2
+	SHUT_WR                           = 0x1
+	SIOCADDMULTI                      = 0x80906931
+	SIOCADDRT                         = 0x8030720a
+	SIOCAIFADDR                       = 0x8040691a
+	SIOCALIFADDR                      = 0x8118691c
+	SIOCATMARK                        = 0x40047307
+	SIOCDELMULTI                      = 0x80906932
+	SIOCDELRT                         = 0x8030720b
+	SIOCDIFADDR                       = 0x80906919
+	SIOCDIFPHYADDR                    = 0x80906949
+	SIOCDLIFADDR                      = 0x8118691e
+	SIOCGDRVSPEC                      = 0xc01c697b
+	SIOCGETPFSYNC                     = 0xc09069f8
+	SIOCGETSGCNT                      = 0xc0147534
+	SIOCGETVIFCNT                     = 0xc0147533
+	SIOCGHIWAT                        = 0x40047301
+	SIOCGIFADDR                       = 0xc0906921
+	SIOCGIFADDRPREF                   = 0xc0946920
+	SIOCGIFALIAS                      = 0xc040691b
+	SIOCGIFBRDADDR                    = 0xc0906923
+	SIOCGIFCAP                        = 0xc0206976
+	SIOCGIFCONF                       = 0xc0086926
+	SIOCGIFDATA                       = 0xc0946985
+	SIOCGIFDLT                        = 0xc0906977
+	SIOCGIFDSTADDR                    = 0xc0906922
+	SIOCGIFFLAGS                      = 0xc0906911
+	SIOCGIFGENERIC                    = 0xc090693a
+	SIOCGIFMEDIA                      = 0xc0286936
+	SIOCGIFMETRIC                     = 0xc0906917
+	SIOCGIFMTU                        = 0xc090697e
+	SIOCGIFNETMASK                    = 0xc0906925
+	SIOCGIFPDSTADDR                   = 0xc0906948
+	SIOCGIFPSRCADDR                   = 0xc0906947
+	SIOCGLIFADDR                      = 0xc118691d
+	SIOCGLIFPHYADDR                   = 0xc118694b
+	SIOCGLINKSTR                      = 0xc01c6987
+	SIOCGLOWAT                        = 0x40047303
+	SIOCGPGRP                         = 0x40047309
+	SIOCGVH                           = 0xc0906983
+	SIOCIFCREATE                      = 0x8090697a
+	SIOCIFDESTROY                     = 0x80906979
+	SIOCIFGCLONERS                    = 0xc00c6978
+	SIOCINITIFADDR                    = 0xc0446984
+	SIOCSDRVSPEC                      = 0x801c697b
+	SIOCSETPFSYNC                     = 0x809069f7
+	SIOCSHIWAT                        = 0x80047300
+	SIOCSIFADDR                       = 0x8090690c
+	SIOCSIFADDRPREF                   = 0x8094691f
+	SIOCSIFBRDADDR                    = 0x80906913
+	SIOCSIFCAP                        = 0x80206975
+	SIOCSIFDSTADDR                    = 0x8090690e
+	SIOCSIFFLAGS                      = 0x80906910
+	SIOCSIFGENERIC                    = 0x80906939
+	SIOCSIFMEDIA                      = 0xc0906935
+	SIOCSIFMETRIC                     = 0x80906918
+	SIOCSIFMTU                        = 0x8090697f
+	SIOCSIFNETMASK                    = 0x80906916
+	SIOCSIFPHYADDR                    = 0x80406946
+	SIOCSLIFPHYADDR                   = 0x8118694a
+	SIOCSLINKSTR                      = 0x801c6988
+	SIOCSLOWAT                        = 0x80047302
+	SIOCSPGRP                         = 0x80047308
+	SIOCSVH                           = 0xc0906982
+	SIOCZIFDATA                       = 0xc0946986
+	SOCK_CLOEXEC                      = 0x10000000
+	SOCK_DGRAM                        = 0x2
+	SOCK_FLAGS_MASK                   = 0xf0000000
+	SOCK_NONBLOCK                     = 0x20000000
+	SOCK_NOSIGPIPE                    = 0x40000000
+	SOCK_RAW                          = 0x3
+	SOCK_RDM                          = 0x4
+	SOCK_SEQPACKET                    = 0x5
+	SOCK_STREAM                       = 0x1
+	SOL_SOCKET                        = 0xffff
+	SOMAXCONN                         = 0x80
+	SO_ACCEPTCONN                     = 0x2
+	SO_ACCEPTFILTER                   = 0x1000
+	SO_BROADCAST                      = 0x20
+	SO_DEBUG                          = 0x1
+	SO_DONTROUTE                      = 0x10
+	SO_ERROR                          = 0x1007
+	SO_KEEPALIVE                      = 0x8
+	SO_LINGER                         = 0x80
+	SO_NOHEADER                       = 0x100a
+	SO_NOSIGPIPE                      = 0x800
+	SO_OOBINLINE                      = 0x100
+	SO_OVERFLOWED                     = 0x1009
+	SO_RCVBUF                         = 0x1002
+	SO_RCVLOWAT                       = 0x1004
+	SO_RCVTIMEO                       = 0x100c
+	SO_REUSEADDR                      = 0x4
+	SO_REUSEPORT                      = 0x200
+	SO_SNDBUF                         = 0x1001
+	SO_SNDLOWAT                       = 0x1003
+	SO_SNDTIMEO                       = 0x100b
+	SO_TIMESTAMP                      = 0x2000
+	SO_TYPE                           = 0x1008
+	SO_USELOOPBACK                    = 0x40
+	SYSCTL_VERSION                    = 0x1000000
+	SYSCTL_VERS_0                     = 0x0
+	SYSCTL_VERS_1                     = 0x1000000
+	SYSCTL_VERS_MASK                  = 0xff000000
+	S_ARCH1                           = 0x10000
+	S_ARCH2                           = 0x20000
+	S_BLKSIZE                         = 0x200
+	S_IEXEC                           = 0x40
+	S_IFBLK                           = 0x6000
+	S_IFCHR                           = 0x2000
+	S_IFDIR                           = 0x4000
+	S_IFIFO                           = 0x1000
+	S_IFLNK                           = 0xa000
+	S_IFMT                            = 0xf000
+	S_IFREG                           = 0x8000
+	S_IFSOCK                          = 0xc000
+	S_IFWHT                           = 0xe000
+	S_IREAD                           = 0x100
+	S_IRGRP                           = 0x20
+	S_IROTH                           = 0x4
+	S_IRUSR                           = 0x100
+	S_IRWXG                           = 0x38
+	S_IRWXO                           = 0x7
+	S_IRWXU                           = 0x1c0
+	S_ISGID                           = 0x400
+	S_ISTXT                           = 0x200
+	S_ISUID                           = 0x800
+	S_ISVTX                           = 0x200
+	S_IWGRP                           = 0x10
+	S_IWOTH                           = 0x2
+	S_IWRITE                          = 0x80
+	S_IWUSR                           = 0x80
+	S_IXGRP                           = 0x8
+	S_IXOTH                           = 0x1
+	S_IXUSR                           = 0x40
+	S_LOGIN_SET                       = 0x1
+	TCIFLUSH                          = 0x1
+	TCIOFLUSH                         = 0x3
+	TCOFLUSH                          = 0x2
+	TCP_CONGCTL                       = 0x20
+	TCP_KEEPCNT                       = 0x6
+	TCP_KEEPIDLE                      = 0x3
+	TCP_KEEPINIT                      = 0x7
+	TCP_KEEPINTVL                     = 0x5
+	TCP_MAXBURST                      = 0x4
+	TCP_MAXSEG                        = 0x2
+	TCP_MAXWIN                        = 0xffff
+	TCP_MAX_WINSHIFT                  = 0xe
+	TCP_MD5SIG                        = 0x10
+	TCP_MINMSS                        = 0xd8
+	TCP_MSS                           = 0x218
+	TCP_NODELAY                       = 0x1
+	TCSAFLUSH                         = 0x2
+	TIOCCBRK                          = 0x2000747a
+	TIOCCDTR                          = 0x20007478
+	TIOCCONS                          = 0x80047462
+	TIOCDCDTIMESTAMP                  = 0x400c7458
+	TIOCDRAIN                         = 0x2000745e
+	TIOCEXCL                          = 0x2000740d
+	TIOCEXT                           = 0x80047460
+	TIOCFLAG_CDTRCTS                  = 0x10
+	TIOCFLAG_CLOCAL                   = 0x2
+	TIOCFLAG_CRTSCTS                  = 0x4
+	TIOCFLAG_MDMBUF                   = 0x8
+	TIOCFLAG_SOFTCAR                  = 0x1
+	TIOCFLUSH                         = 0x80047410
+	TIOCGETA                          = 0x402c7413
+	TIOCGETD                          = 0x4004741a
+	TIOCGFLAGS                        = 0x4004745d
+	TIOCGLINED                        = 0x40207442
+	TIOCGPGRP                         = 0x40047477
+	TIOCGQSIZE                        = 0x40047481
+	TIOCGRANTPT                       = 0x20007447
+	TIOCGSID                          = 0x40047463
+	TIOCGSIZE                         = 0x40087468
+	TIOCGWINSZ                        = 0x40087468
+	TIOCMBIC                          = 0x8004746b
+	TIOCMBIS                          = 0x8004746c
+	TIOCMGET                          = 0x4004746a
+	TIOCMSET                          = 0x8004746d
+	TIOCM_CAR                         = 0x40
+	TIOCM_CD                          = 0x40
+	TIOCM_CTS                         = 0x20
+	TIOCM_DSR                         = 0x100
+	TIOCM_DTR                         = 0x2
+	TIOCM_LE                          = 0x1
+	TIOCM_RI                          = 0x80
+	TIOCM_RNG                         = 0x80
+	TIOCM_RTS                         = 0x4
+	TIOCM_SR                          = 0x10
+	TIOCM_ST                          = 0x8
+	TIOCNOTTY                         = 0x20007471
+	TIOCNXCL                          = 0x2000740e
+	TIOCOUTQ                          = 0x40047473
+	TIOCPKT                           = 0x80047470
+	TIOCPKT_DATA                      = 0x0
+	TIOCPKT_DOSTOP                    = 0x20
+	TIOCPKT_FLUSHREAD                 = 0x1
+	TIOCPKT_FLUSHWRITE                = 0x2
+	TIOCPKT_IOCTL                     = 0x40
+	TIOCPKT_NOSTOP                    = 0x10
+	TIOCPKT_START                     = 0x8
+	TIOCPKT_STOP                      = 0x4
+	TIOCPTMGET                        = 0x40287446
+	TIOCPTSNAME                       = 0x40287448
+	TIOCRCVFRAME                      = 0x80047445
+	TIOCREMOTE                        = 0x80047469
+	TIOCSBRK                          = 0x2000747b
+	TIOCSCTTY                         = 0x20007461
+	TIOCSDTR                          = 0x20007479
+	TIOCSETA                          = 0x802c7414
+	TIOCSETAF                         = 0x802c7416
+	TIOCSETAW                         = 0x802c7415
+	TIOCSETD                          = 0x8004741b
+	TIOCSFLAGS                        = 0x8004745c
+	TIOCSIG                           = 0x2000745f
+	TIOCSLINED                        = 0x80207443
+	TIOCSPGRP                         = 0x80047476
+	TIOCSQSIZE                        = 0x80047480
+	TIOCSSIZE                         = 0x80087467
+	TIOCSTART                         = 0x2000746e
+	TIOCSTAT                          = 0x80047465
+	TIOCSTI                           = 0x80017472
+	TIOCSTOP                          = 0x2000746f
+	TIOCSWINSZ                        = 0x80087467
+	TIOCUCNTL                         = 0x80047466
+	TIOCXMTFRAME                      = 0x80047444
+	TOSTOP                            = 0x400000
+	VDISCARD                          = 0xf
+	VDSUSP                            = 0xb
+	VEOF                              = 0x0
+	VEOL                              = 0x1
+	VEOL2                             = 0x2
+	VERASE                            = 0x3
+	VINTR                             = 0x8
+	VKILL                             = 0x5
+	VLNEXT                            = 0xe
+	VMIN                              = 0x10
+	VQUIT                             = 0x9
+	VREPRINT                          = 0x6
+	VSTART                            = 0xc
+	VSTATUS                           = 0x12
+	VSTOP                             = 0xd
+	VSUSP                             = 0xa
+	VTIME                             = 0x11
+	VWERASE                           = 0x4
+	WALL                              = 0x8
+	WALLSIG                           = 0x8
+	WALTSIG                           = 0x4
+	WCLONE                            = 0x4
+	WCOREFLAG                         = 0x80
+	WNOHANG                           = 0x1
+	WNOWAIT                           = 0x10000
+	WNOZOMBIE                         = 0x20000
+	WOPTSCHECKED                      = 0x40000
+	WSTOPPED                          = 0x7f
+	WUNTRACED                         = 0x2
+)
+
+// Errors
+const (
+	E2BIG           = syscall.Errno(0x7)
+	EACCES          = syscall.Errno(0xd)
+	EADDRINUSE      = syscall.Errno(0x30)
+	EADDRNOTAVAIL   = syscall.Errno(0x31)
+	EAFNOSUPPORT    = syscall.Errno(0x2f)
+	EAGAIN          = syscall.Errno(0x23)
+	EALREADY        = syscall.Errno(0x25)
+	EAUTH           = syscall.Errno(0x50)
+	EBADF           = syscall.Errno(0x9)
+	EBADMSG         = syscall.Errno(0x58)
+	EBADRPC         = syscall.Errno(0x48)
+	EBUSY           = syscall.Errno(0x10)
+	ECANCELED       = syscall.Errno(0x57)
+	ECHILD          = syscall.Errno(0xa)
+	ECONNABORTED    = syscall.Errno(0x35)
+	ECONNREFUSED    = syscall.Errno(0x3d)
+	ECONNRESET      = syscall.Errno(0x36)
+	EDEADLK         = syscall.Errno(0xb)
+	EDESTADDRREQ    = syscall.Errno(0x27)
+	EDOM            = syscall.Errno(0x21)
+	EDQUOT          = syscall.Errno(0x45)
+	EEXIST          = syscall.Errno(0x11)
+	EFAULT          = syscall.Errno(0xe)
+	EFBIG           = syscall.Errno(0x1b)
+	EFTYPE          = syscall.Errno(0x4f)
+	EHOSTDOWN       = syscall.Errno(0x40)
+	EHOSTUNREACH    = syscall.Errno(0x41)
+	EIDRM           = syscall.Errno(0x52)
+	EILSEQ          = syscall.Errno(0x55)
+	EINPROGRESS     = syscall.Errno(0x24)
+	EINTR           = syscall.Errno(0x4)
+	EINVAL          = syscall.Errno(0x16)
+	EIO             = syscall.Errno(0x5)
+	EISCONN         = syscall.Errno(0x38)
+	EISDIR          = syscall.Errno(0x15)
+	ELAST           = syscall.Errno(0x60)
+	ELOOP           = syscall.Errno(0x3e)
+	EMFILE          = syscall.Errno(0x18)
+	EMLINK          = syscall.Errno(0x1f)
+	EMSGSIZE        = syscall.Errno(0x28)
+	EMULTIHOP       = syscall.Errno(0x5e)
+	ENAMETOOLONG    = syscall.Errno(0x3f)
+	ENEEDAUTH       = syscall.Errno(0x51)
+	ENETDOWN        = syscall.Errno(0x32)
+	ENETRESET       = syscall.Errno(0x34)
+	ENETUNREACH     = syscall.Errno(0x33)
+	ENFILE          = syscall.Errno(0x17)
+	ENOATTR         = syscall.Errno(0x5d)
+	ENOBUFS         = syscall.Errno(0x37)
+	ENODATA         = syscall.Errno(0x59)
+	ENODEV          = syscall.Errno(0x13)
+	ENOENT          = syscall.Errno(0x2)
+	ENOEXEC         = syscall.Errno(0x8)
+	ENOLCK          = syscall.Errno(0x4d)
+	ENOLINK         = syscall.Errno(0x5f)
+	ENOMEM          = syscall.Errno(0xc)
+	ENOMSG          = syscall.Errno(0x53)
+	ENOPROTOOPT     = syscall.Errno(0x2a)
+	ENOSPC          = syscall.Errno(0x1c)
+	ENOSR           = syscall.Errno(0x5a)
+	ENOSTR          = syscall.Errno(0x5b)
+	ENOSYS          = syscall.Errno(0x4e)
+	ENOTBLK         = syscall.Errno(0xf)
+	ENOTCONN        = syscall.Errno(0x39)
+	ENOTDIR         = syscall.Errno(0x14)
+	ENOTEMPTY       = syscall.Errno(0x42)
+	ENOTSOCK        = syscall.Errno(0x26)
+	ENOTSUP         = syscall.Errno(0x56)
+	ENOTTY          = syscall.Errno(0x19)
+	ENXIO           = syscall.Errno(0x6)
+	EOPNOTSUPP      = syscall.Errno(0x2d)
+	EOVERFLOW       = syscall.Errno(0x54)
+	EPERM           = syscall.Errno(0x1)
+	EPFNOSUPPORT    = syscall.Errno(0x2e)
+	EPIPE           = syscall.Errno(0x20)
+	EPROCLIM        = syscall.Errno(0x43)
+	EPROCUNAVAIL    = syscall.Errno(0x4c)
+	EPROGMISMATCH   = syscall.Errno(0x4b)
+	EPROGUNAVAIL    = syscall.Errno(0x4a)
+	EPROTO          = syscall.Errno(0x60)
+	EPROTONOSUPPORT = syscall.Errno(0x2b)
+	EPROTOTYPE      = syscall.Errno(0x29)
+	ERANGE          = syscall.Errno(0x22)
+	EREMOTE         = syscall.Errno(0x47)
+	EROFS           = syscall.Errno(0x1e)
+	ERPCMISMATCH    = syscall.Errno(0x49)
+	ESHUTDOWN       = syscall.Errno(0x3a)
+	ESOCKTNOSUPPORT = syscall.Errno(0x2c)
+	ESPIPE          = syscall.Errno(0x1d)
+	ESRCH           = syscall.Errno(0x3)
+	ESTALE          = syscall.Errno(0x46)
+	ETIME           = syscall.Errno(0x5c)
+	ETIMEDOUT       = syscall.Errno(0x3c)
+	ETOOMANYREFS    = syscall.Errno(0x3b)
+	ETXTBSY         = syscall.Errno(0x1a)
+	EUSERS          = syscall.Errno(0x44)
+	EWOULDBLOCK     = syscall.Errno(0x23)
+	EXDEV           = syscall.Errno(0x12)
+)
+
+// Signals
+const (
+	SIGABRT   = syscall.Signal(0x6)
+	SIGALRM   = syscall.Signal(0xe)
+	SIGBUS    = syscall.Signal(0xa)
+	SIGCHLD   = syscall.Signal(0x14)
+	SIGCONT   = syscall.Signal(0x13)
+	SIGEMT    = syscall.Signal(0x7)
+	SIGFPE    = syscall.Signal(0x8)
+	SIGHUP    = syscall.Signal(0x1)
+	SIGILL    = syscall.Signal(0x4)
+	SIGINFO   = syscall.Signal(0x1d)
+	SIGINT    = syscall.Signal(0x2)
+	SIGIO     = syscall.Signal(0x17)
+	SIGIOT    = syscall.Signal(0x6)
+	SIGKILL   = syscall.Signal(0x9)
+	SIGPIPE   = syscall.Signal(0xd)
+	SIGPROF   = syscall.Signal(0x1b)
+	SIGPWR    = syscall.Signal(0x20)
+	SIGQUIT   = syscall.Signal(0x3)
+	SIGSEGV   = syscall.Signal(0xb)
+	SIGSTOP   = syscall.Signal(0x11)
+	SIGSYS    = syscall.Signal(0xc)
+	SIGTERM   = syscall.Signal(0xf)
+	SIGTRAP   = syscall.Signal(0x5)
+	SIGTSTP   = syscall.Signal(0x12)
+	SIGTTIN   = syscall.Signal(0x15)
+	SIGTTOU   = syscall.Signal(0x16)
+	SIGURG    = syscall.Signal(0x10)
+	SIGUSR1   = syscall.Signal(0x1e)
+	SIGUSR2   = syscall.Signal(0x1f)
+	SIGVTALRM = syscall.Signal(0x1a)
+	SIGWINCH  = syscall.Signal(0x1c)
+	SIGXCPU   = syscall.Signal(0x18)
+	SIGXFSZ   = syscall.Signal(0x19)
+)
+
+// Error table
+var errorList = [...]struct {
+	num  syscall.Errno
+	name string
+	desc string
+}{
+	{1, "EPERM", "operation not permitted"},
+	{2, "ENOENT", "no such file or directory"},
+	{3, "ESRCH", "no such process"},
+	{4, "EINTR", "interrupted system call"},
+	{5, "EIO", "input/output error"},
+	{6, "ENXIO", "device not configured"},
+	{7, "E2BIG", "argument list too long"},
+	{8, "ENOEXEC", "exec format error"},
+	{9, "EBADF", "bad file descriptor"},
+	{10, "ECHILD", "no child processes"},
+	{11, "EDEADLK", "resource deadlock avoided"},
+	{12, "ENOMEM", "cannot allocate memory"},
+	{13, "EACCES", "permission denied"},
+	{14, "EFAULT", "bad address"},
+	{15, "ENOTBLK", "block device required"},
+	{16, "EBUSY", "device busy"},
+	{17, "EEXIST", "file exists"},
+	{18, "EXDEV", "cross-device link"},
+	{19, "ENODEV", "operation not supported by device"},
+	{20, "ENOTDIR", "not a directory"},
+	{21, "EISDIR", "is a directory"},
+	{22, "EINVAL", "invalid argument"},
+	{23, "ENFILE", "too many open files in system"},
+	{24, "EMFILE", "too many open files"},
+	{25, "ENOTTY", "inappropriate ioctl for device"},
+	{26, "ETXTBSY", "text file busy"},
+	{27, "EFBIG", "file too large"},
+	{28, "ENOSPC", "no space left on device"},
+	{29, "ESPIPE", "illegal seek"},
+	{30, "EROFS", "read-only file system"},
+	{31, "EMLINK", "too many links"},
+	{32, "EPIPE", "broken pipe"},
+	{33, "EDOM", "numerical argument out of domain"},
+	{34, "ERANGE", "result too large or too small"},
+	{35, "EAGAIN", "resource temporarily unavailable"},
+	{36, "EINPROGRESS", "operation now in progress"},
+	{37, "EALREADY", "operation already in progress"},
+	{38, "ENOTSOCK", "socket operation on non-socket"},
+	{39, "EDESTADDRREQ", "destination address required"},
+	{40, "EMSGSIZE", "message too long"},
+	{41, "EPROTOTYPE", "protocol wrong type for socket"},
+	{42, "ENOPROTOOPT", "protocol option not available"},
+	{43, "EPROTONOSUPPORT", "protocol not supported"},
+	{44, "ESOCKTNOSUPPORT", "socket type not supported"},
+	{45, "EOPNOTSUPP", "operation not supported"},
+	{46, "EPFNOSUPPORT", "protocol family not supported"},
+	{47, "EAFNOSUPPORT", "address family not supported by protocol family"},
+	{48, "EADDRINUSE", "address already in use"},
+	{49, "EADDRNOTAVAIL", "can't assign requested address"},
+	{50, "ENETDOWN", "network is down"},
+	{51, "ENETUNREACH", "network is unreachable"},
+	{52, "ENETRESET", "network dropped connection on reset"},
+	{53, "ECONNABORTED", "software caused connection abort"},
+	{54, "ECONNRESET", "connection reset by peer"},
+	{55, "ENOBUFS", "no buffer space available"},
+	{56, "EISCONN", "socket is already connected"},
+	{57, "ENOTCONN", "socket is not connected"},
+	{58, "ESHUTDOWN", "can't send after socket shutdown"},
+	{59, "ETOOMANYREFS", "too many references: can't splice"},
+	{60, "ETIMEDOUT", "connection timed out"},
+	{61, "ECONNREFUSED", "connection refused"},
+	{62, "ELOOP", "too many levels of symbolic links"},
+	{63, "ENAMETOOLONG", "file name too long"},
+	{64, "EHOSTDOWN", "host is down"},
+	{65, "EHOSTUNREACH", "no route to host"},
+	{66, "ENOTEMPTY", "directory not empty"},
+	{67, "EPROCLIM", "too many processes"},
+	{68, "EUSERS", "too many users"},
+	{69, "EDQUOT", "disc quota exceeded"},
+	{70, "ESTALE", "stale NFS file handle"},
+	{71, "EREMOTE", "too many levels of remote in path"},
+	{72, "EBADRPC", "RPC struct is bad"},
+	{73, "ERPCMISMATCH", "RPC version wrong"},
+	{74, "EPROGUNAVAIL", "RPC prog. not avail"},
+	{75, "EPROGMISMATCH", "program version wrong"},
+	{76, "EPROCUNAVAIL", "bad procedure for program"},
+	{77, "ENOLCK", "no locks available"},
+	{78, "ENOSYS", "function not implemented"},
+	{79, "EFTYPE", "inappropriate file type or format"},
+	{80, "EAUTH", "authentication error"},
+	{81, "ENEEDAUTH", "need authenticator"},
+	{82, "EIDRM", "identifier removed"},
+	{83, "ENOMSG", "no message of desired type"},
+	{84, "EOVERFLOW", "value too large to be stored in data type"},
+	{85, "EILSEQ", "illegal byte sequence"},
+	{86, "ENOTSUP", "not supported"},
+	{87, "ECANCELED", "operation Canceled"},
+	{88, "EBADMSG", "bad or Corrupt message"},
+	{89, "ENODATA", "no message available"},
+	{90, "ENOSR", "no STREAM resources"},
+	{91, "ENOSTR", "not a STREAM"},
+	{92, "ETIME", "STREAM ioctl timeout"},
+	{93, "ENOATTR", "attribute not found"},
+	{94, "EMULTIHOP", "multihop attempted"},
+	{95, "ENOLINK", "link has been severed"},
+	{96, "ELAST", "protocol error"},
+}
+
+// Signal table
+var signalList = [...]struct {
+	num  syscall.Signal
+	name string
+	desc string
+}{
+	{1, "SIGHUP", "hangup"},
+	{2, "SIGINT", "interrupt"},
+	{3, "SIGQUIT", "quit"},
+	{4, "SIGILL", "illegal instruction"},
+	{5, "SIGTRAP", "trace/BPT trap"},
+	{6, "SIGIOT", "abort trap"},
+	{7, "SIGEMT", "EMT trap"},
+	{8, "SIGFPE", "floating point exception"},
+	{9, "SIGKILL", "killed"},
+	{10, "SIGBUS", "bus error"},
+	{11, "SIGSEGV", "segmentation fault"},
+	{12, "SIGSYS", "bad system call"},
+	{13, "SIGPIPE", "broken pipe"},
+	{14, "SIGALRM", "alarm clock"},
+	{15, "SIGTERM", "terminated"},
+	{16, "SIGURG", "urgent I/O condition"},
+	{17, "SIGSTOP", "stopped (signal)"},
+	{18, "SIGTSTP", "stopped"},
+	{19, "SIGCONT", "continued"},
+	{20, "SIGCHLD", "child exited"},
+	{21, "SIGTTIN", "stopped (tty input)"},
+	{22, "SIGTTOU", "stopped (tty output)"},
+	{23, "SIGIO", "I/O possible"},
+	{24, "SIGXCPU", "cputime limit exceeded"},
+	{25, "SIGXFSZ", "filesize limit exceeded"},
+	{26, "SIGVTALRM", "virtual timer expired"},
+	{27, "SIGPROF", "profiling timer expired"},
+	{28, "SIGWINCH", "window size changes"},
+	{29, "SIGINFO", "information request"},
+	{30, "SIGUSR1", "user defined signal 1"},
+	{31, "SIGUSR2", "user defined signal 2"},
+	{32, "SIGPWR", "power fail/restart"},
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go
new file mode 100644
index 000000000..90b8fcd29
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go
@@ -0,0 +1,1769 @@
+// mkerrors.sh -m64
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build amd64,netbsd
+
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs -- -m64 _const.go
+
+package unix
+
+import "syscall"
+
+const (
+	AF_APPLETALK                      = 0x10
+	AF_ARP                            = 0x1c
+	AF_BLUETOOTH                      = 0x1f
+	AF_CCITT                          = 0xa
+	AF_CHAOS                          = 0x5
+	AF_CNT                            = 0x15
+	AF_COIP                           = 0x14
+	AF_DATAKIT                        = 0x9
+	AF_DECnet                         = 0xc
+	AF_DLI                            = 0xd
+	AF_E164                           = 0x1a
+	AF_ECMA                           = 0x8
+	AF_HYLINK                         = 0xf
+	AF_IEEE80211                      = 0x20
+	AF_IMPLINK                        = 0x3
+	AF_INET                           = 0x2
+	AF_INET6                          = 0x18
+	AF_IPX                            = 0x17
+	AF_ISDN                           = 0x1a
+	AF_ISO                            = 0x7
+	AF_LAT                            = 0xe
+	AF_LINK                           = 0x12
+	AF_LOCAL                          = 0x1
+	AF_MAX                            = 0x23
+	AF_MPLS                           = 0x21
+	AF_NATM                           = 0x1b
+	AF_NS                             = 0x6
+	AF_OROUTE                         = 0x11
+	AF_OSI                            = 0x7
+	AF_PUP                            = 0x4
+	AF_ROUTE                          = 0x22
+	AF_SNA                            = 0xb
+	AF_UNIX                           = 0x1
+	AF_UNSPEC                         = 0x0
+	ARPHRD_ARCNET                     = 0x7
+	ARPHRD_ETHER                      = 0x1
+	ARPHRD_FRELAY                     = 0xf
+	ARPHRD_IEEE1394                   = 0x18
+	ARPHRD_IEEE802                    = 0x6
+	ARPHRD_STRIP                      = 0x17
+	B0                                = 0x0
+	B110                              = 0x6e
+	B115200                           = 0x1c200
+	B1200                             = 0x4b0
+	B134                              = 0x86
+	B14400                            = 0x3840
+	B150                              = 0x96
+	B1800                             = 0x708
+	B19200                            = 0x4b00
+	B200                              = 0xc8
+	B230400                           = 0x38400
+	B2400                             = 0x960
+	B28800                            = 0x7080
+	B300                              = 0x12c
+	B38400                            = 0x9600
+	B460800                           = 0x70800
+	B4800                             = 0x12c0
+	B50                               = 0x32
+	B57600                            = 0xe100
+	B600                              = 0x258
+	B7200                             = 0x1c20
+	B75                               = 0x4b
+	B76800                            = 0x12c00
+	B921600                           = 0xe1000
+	B9600                             = 0x2580
+	BIOCFEEDBACK                      = 0x8004427d
+	BIOCFLUSH                         = 0x20004268
+	BIOCGBLEN                         = 0x40044266
+	BIOCGDLT                          = 0x4004426a
+	BIOCGDLTLIST                      = 0xc0104277
+	BIOCGETIF                         = 0x4090426b
+	BIOCGFEEDBACK                     = 0x4004427c
+	BIOCGHDRCMPLT                     = 0x40044274
+	BIOCGRTIMEOUT                     = 0x4010427b
+	BIOCGSEESENT                      = 0x40044278
+	BIOCGSTATS                        = 0x4080426f
+	BIOCGSTATSOLD                     = 0x4008426f
+	BIOCIMMEDIATE                     = 0x80044270
+	BIOCPROMISC                       = 0x20004269
+	BIOCSBLEN                         = 0xc0044266
+	BIOCSDLT                          = 0x80044276
+	BIOCSETF                          = 0x80104267
+	BIOCSETIF                         = 0x8090426c
+	BIOCSFEEDBACK                     = 0x8004427d
+	BIOCSHDRCMPLT                     = 0x80044275
+	BIOCSRTIMEOUT                     = 0x8010427a
+	BIOCSSEESENT                      = 0x80044279
+	BIOCSTCPF                         = 0x80104272
+	BIOCSUDPF                         = 0x80104273
+	BIOCVERSION                       = 0x40044271
+	BPF_A                             = 0x10
+	BPF_ABS                           = 0x20
+	BPF_ADD                           = 0x0
+	BPF_ALIGNMENT                     = 0x8
+	BPF_ALIGNMENT32                   = 0x4
+	BPF_ALU                           = 0x4
+	BPF_AND                           = 0x50
+	BPF_B                             = 0x10
+	BPF_DFLTBUFSIZE                   = 0x100000
+	BPF_DIV                           = 0x30
+	BPF_H                             = 0x8
+	BPF_IMM                           = 0x0
+	BPF_IND                           = 0x40
+	BPF_JA                            = 0x0
+	BPF_JEQ                           = 0x10
+	BPF_JGE                           = 0x30
+	BPF_JGT                           = 0x20
+	BPF_JMP                           = 0x5
+	BPF_JSET                          = 0x40
+	BPF_K                             = 0x0
+	BPF_LD                            = 0x0
+	BPF_LDX                           = 0x1
+	BPF_LEN                           = 0x80
+	BPF_LSH                           = 0x60
+	BPF_MAJOR_VERSION                 = 0x1
+	BPF_MAXBUFSIZE                    = 0x1000000
+	BPF_MAXINSNS                      = 0x200
+	BPF_MEM                           = 0x60
+	BPF_MEMWORDS                      = 0x10
+	BPF_MINBUFSIZE                    = 0x20
+	BPF_MINOR_VERSION                 = 0x1
+	BPF_MISC                          = 0x7
+	BPF_MSH                           = 0xa0
+	BPF_MUL                           = 0x20
+	BPF_NEG                           = 0x80
+	BPF_OR                            = 0x40
+	BPF_RELEASE                       = 0x30bb6
+	BPF_RET                           = 0x6
+	BPF_RSH                           = 0x70
+	BPF_ST                            = 0x2
+	BPF_STX                           = 0x3
+	BPF_SUB                           = 0x10
+	BPF_TAX                           = 0x0
+	BPF_TXA                           = 0x80
+	BPF_W                             = 0x0
+	BPF_X                             = 0x8
+	BRKINT                            = 0x2
+	CFLUSH                            = 0xf
+	CLOCAL                            = 0x8000
+	CLONE_CSIGNAL                     = 0xff
+	CLONE_FILES                       = 0x400
+	CLONE_FS                          = 0x200
+	CLONE_PID                         = 0x1000
+	CLONE_PTRACE                      = 0x2000
+	CLONE_SIGHAND                     = 0x800
+	CLONE_VFORK                       = 0x4000
+	CLONE_VM                          = 0x100
+	CPUSTATES                         = 0x5
+	CP_IDLE                           = 0x4
+	CP_INTR                           = 0x3
+	CP_NICE                           = 0x1
+	CP_SYS                            = 0x2
+	CP_USER                           = 0x0
+	CREAD                             = 0x800
+	CRTSCTS                           = 0x10000
+	CS5                               = 0x0
+	CS6                               = 0x100
+	CS7                               = 0x200
+	CS8                               = 0x300
+	CSIZE                             = 0x300
+	CSTART                            = 0x11
+	CSTATUS                           = 0x14
+	CSTOP                             = 0x13
+	CSTOPB                            = 0x400
+	CSUSP                             = 0x1a
+	CTL_HW                            = 0x6
+	CTL_KERN                          = 0x1
+	CTL_MAXNAME                       = 0xc
+	CTL_NET                           = 0x4
+	CTL_QUERY                         = -0x2
+	DIOCBSFLUSH                       = 0x20006478
+	DLT_A429                          = 0xb8
+	DLT_A653_ICM                      = 0xb9
+	DLT_AIRONET_HEADER                = 0x78
+	DLT_AOS                           = 0xde
+	DLT_APPLE_IP_OVER_IEEE1394        = 0x8a
+	DLT_ARCNET                        = 0x7
+	DLT_ARCNET_LINUX                  = 0x81
+	DLT_ATM_CLIP                      = 0x13
+	DLT_ATM_RFC1483                   = 0xb
+	DLT_AURORA                        = 0x7e
+	DLT_AX25                          = 0x3
+	DLT_AX25_KISS                     = 0xca
+	DLT_BACNET_MS_TP                  = 0xa5
+	DLT_BLUETOOTH_HCI_H4              = 0xbb
+	DLT_BLUETOOTH_HCI_H4_WITH_PHDR    = 0xc9
+	DLT_CAN20B                        = 0xbe
+	DLT_CAN_SOCKETCAN                 = 0xe3
+	DLT_CHAOS                         = 0x5
+	DLT_CISCO_IOS                     = 0x76
+	DLT_C_HDLC                        = 0x68
+	DLT_C_HDLC_WITH_DIR               = 0xcd
+	DLT_DECT                          = 0xdd
+	DLT_DOCSIS                        = 0x8f
+	DLT_ECONET                        = 0x73
+	DLT_EN10MB                        = 0x1
+	DLT_EN3MB                         = 0x2
+	DLT_ENC                           = 0x6d
+	DLT_ERF                           = 0xc5
+	DLT_ERF_ETH                       = 0xaf
+	DLT_ERF_POS                       = 0xb0
+	DLT_FC_2                          = 0xe0
+	DLT_FC_2_WITH_FRAME_DELIMS        = 0xe1
+	DLT_FDDI                          = 0xa
+	DLT_FLEXRAY                       = 0xd2
+	DLT_FRELAY                        = 0x6b
+	DLT_FRELAY_WITH_DIR               = 0xce
+	DLT_GCOM_SERIAL                   = 0xad
+	DLT_GCOM_T1E1                     = 0xac
+	DLT_GPF_F                         = 0xab
+	DLT_GPF_T                         = 0xaa
+	DLT_GPRS_LLC                      = 0xa9
+	DLT_GSMTAP_ABIS                   = 0xda
+	DLT_GSMTAP_UM                     = 0xd9
+	DLT_HDLC                          = 0x10
+	DLT_HHDLC                         = 0x79
+	DLT_HIPPI                         = 0xf
+	DLT_IBM_SN                        = 0x92
+	DLT_IBM_SP                        = 0x91
+	DLT_IEEE802                       = 0x6
+	DLT_IEEE802_11                    = 0x69
+	DLT_IEEE802_11_RADIO              = 0x7f
+	DLT_IEEE802_11_RADIO_AVS          = 0xa3
+	DLT_IEEE802_15_4                  = 0xc3
+	DLT_IEEE802_15_4_LINUX            = 0xbf
+	DLT_IEEE802_15_4_NONASK_PHY       = 0xd7
+	DLT_IEEE802_16_MAC_CPS            = 0xbc
+	DLT_IEEE802_16_MAC_CPS_RADIO      = 0xc1
+	DLT_IPMB                          = 0xc7
+	DLT_IPMB_LINUX                    = 0xd1
+	DLT_IPNET                         = 0xe2
+	DLT_IPV4                          = 0xe4
+	DLT_IPV6                          = 0xe5
+	DLT_IP_OVER_FC                    = 0x7a
+	DLT_JUNIPER_ATM1                  = 0x89
+	DLT_JUNIPER_ATM2                  = 0x87
+	DLT_JUNIPER_CHDLC                 = 0xb5
+	DLT_JUNIPER_ES                    = 0x84
+	DLT_JUNIPER_ETHER                 = 0xb2
+	DLT_JUNIPER_FRELAY                = 0xb4
+	DLT_JUNIPER_GGSN                  = 0x85
+	DLT_JUNIPER_ISM                   = 0xc2
+	DLT_JUNIPER_MFR                   = 0x86
+	DLT_JUNIPER_MLFR                  = 0x83
+	DLT_JUNIPER_MLPPP                 = 0x82
+	DLT_JUNIPER_MONITOR               = 0xa4
+	DLT_JUNIPER_PIC_PEER              = 0xae
+	DLT_JUNIPER_PPP                   = 0xb3
+	DLT_JUNIPER_PPPOE                 = 0xa7
+	DLT_JUNIPER_PPPOE_ATM             = 0xa8
+	DLT_JUNIPER_SERVICES              = 0x88
+	DLT_JUNIPER_ST                    = 0xc8
+	DLT_JUNIPER_VP                    = 0xb7
+	DLT_LAPB_WITH_DIR                 = 0xcf
+	DLT_LAPD                          = 0xcb
+	DLT_LIN                           = 0xd4
+	DLT_LINUX_EVDEV                   = 0xd8
+	DLT_LINUX_IRDA                    = 0x90
+	DLT_LINUX_LAPD                    = 0xb1
+	DLT_LINUX_SLL                     = 0x71
+	DLT_LOOP                          = 0x6c
+	DLT_LTALK                         = 0x72
+	DLT_MFR                           = 0xb6
+	DLT_MOST                          = 0xd3
+	DLT_MPLS                          = 0xdb
+	DLT_MTP2                          = 0x8c
+	DLT_MTP2_WITH_PHDR                = 0x8b
+	DLT_MTP3                          = 0x8d
+	DLT_NULL                          = 0x0
+	DLT_PCI_EXP                       = 0x7d
+	DLT_PFLOG                         = 0x75
+	DLT_PFSYNC                        = 0x12
+	DLT_PPI                           = 0xc0
+	DLT_PPP                           = 0x9
+	DLT_PPP_BSDOS                     = 0xe
+	DLT_PPP_ETHER                     = 0x33
+	DLT_PPP_PPPD                      = 0xa6
+	DLT_PPP_SERIAL                    = 0x32
+	DLT_PPP_WITH_DIR                  = 0xcc
+	DLT_PRISM_HEADER                  = 0x77
+	DLT_PRONET                        = 0x4
+	DLT_RAIF1                         = 0xc6
+	DLT_RAW                           = 0xc
+	DLT_RAWAF_MASK                    = 0x2240000
+	DLT_RIO                           = 0x7c
+	DLT_SCCP                          = 0x8e
+	DLT_SITA                          = 0xc4
+	DLT_SLIP                          = 0x8
+	DLT_SLIP_BSDOS                    = 0xd
+	DLT_SUNATM                        = 0x7b
+	DLT_SYMANTEC_FIREWALL             = 0x63
+	DLT_TZSP                          = 0x80
+	DLT_USB                           = 0xba
+	DLT_USB_LINUX                     = 0xbd
+	DLT_USB_LINUX_MMAPPED             = 0xdc
+	DLT_WIHART                        = 0xdf
+	DLT_X2E_SERIAL                    = 0xd5
+	DLT_X2E_XORAYA                    = 0xd6
+	DT_BLK                            = 0x6
+	DT_CHR                            = 0x2
+	DT_DIR                            = 0x4
+	DT_FIFO                           = 0x1
+	DT_LNK                            = 0xa
+	DT_REG                            = 0x8
+	DT_SOCK                           = 0xc
+	DT_UNKNOWN                        = 0x0
+	DT_WHT                            = 0xe
+	ECHO                              = 0x8
+	ECHOCTL                           = 0x40
+	ECHOE                             = 0x2
+	ECHOK                             = 0x4
+	ECHOKE                            = 0x1
+	ECHONL                            = 0x10
+	ECHOPRT                           = 0x20
+	EMUL_LINUX                        = 0x1
+	EMUL_LINUX32                      = 0x5
+	EMUL_MAXID                        = 0x6
+	ETHERCAP_JUMBO_MTU                = 0x4
+	ETHERCAP_VLAN_HWTAGGING           = 0x2
+	ETHERCAP_VLAN_MTU                 = 0x1
+	ETHERMIN                          = 0x2e
+	ETHERMTU                          = 0x5dc
+	ETHERMTU_JUMBO                    = 0x2328
+	ETHERTYPE_8023                    = 0x4
+	ETHERTYPE_AARP                    = 0x80f3
+	ETHERTYPE_ACCTON                  = 0x8390
+	ETHERTYPE_AEONIC                  = 0x8036
+	ETHERTYPE_ALPHA                   = 0x814a
+	ETHERTYPE_AMBER                   = 0x6008
+	ETHERTYPE_AMOEBA                  = 0x8145
+	ETHERTYPE_APOLLO                  = 0x80f7
+	ETHERTYPE_APOLLODOMAIN            = 0x8019
+	ETHERTYPE_APPLETALK               = 0x809b
+	ETHERTYPE_APPLITEK                = 0x80c7
+	ETHERTYPE_ARGONAUT                = 0x803a
+	ETHERTYPE_ARP                     = 0x806
+	ETHERTYPE_AT                      = 0x809b
+	ETHERTYPE_ATALK                   = 0x809b
+	ETHERTYPE_ATOMIC                  = 0x86df
+	ETHERTYPE_ATT                     = 0x8069
+	ETHERTYPE_ATTSTANFORD             = 0x8008
+	ETHERTYPE_AUTOPHON                = 0x806a
+	ETHERTYPE_AXIS                    = 0x8856
+	ETHERTYPE_BCLOOP                  = 0x9003
+	ETHERTYPE_BOFL                    = 0x8102
+	ETHERTYPE_CABLETRON               = 0x7034
+	ETHERTYPE_CHAOS                   = 0x804
+	ETHERTYPE_COMDESIGN               = 0x806c
+	ETHERTYPE_COMPUGRAPHIC            = 0x806d
+	ETHERTYPE_COUNTERPOINT            = 0x8062
+	ETHERTYPE_CRONUS                  = 0x8004
+	ETHERTYPE_CRONUSVLN               = 0x8003
+	ETHERTYPE_DCA                     = 0x1234
+	ETHERTYPE_DDE                     = 0x807b
+	ETHERTYPE_DEBNI                   = 0xaaaa
+	ETHERTYPE_DECAM                   = 0x8048
+	ETHERTYPE_DECCUST                 = 0x6006
+	ETHERTYPE_DECDIAG                 = 0x6005
+	ETHERTYPE_DECDNS                  = 0x803c
+	ETHERTYPE_DECDTS                  = 0x803e
+	ETHERTYPE_DECEXPER                = 0x6000
+	ETHERTYPE_DECLAST                 = 0x8041
+	ETHERTYPE_DECLTM                  = 0x803f
+	ETHERTYPE_DECMUMPS                = 0x6009
+	ETHERTYPE_DECNETBIOS              = 0x8040
+	ETHERTYPE_DELTACON                = 0x86de
+	ETHERTYPE_DIDDLE                  = 0x4321
+	ETHERTYPE_DLOG1                   = 0x660
+	ETHERTYPE_DLOG2                   = 0x661
+	ETHERTYPE_DN                      = 0x6003
+	ETHERTYPE_DOGFIGHT                = 0x1989
+	ETHERTYPE_DSMD                    = 0x8039
+	ETHERTYPE_ECMA                    = 0x803
+	ETHERTYPE_ENCRYPT                 = 0x803d
+	ETHERTYPE_ES                      = 0x805d
+	ETHERTYPE_EXCELAN                 = 0x8010
+	ETHERTYPE_EXPERDATA               = 0x8049
+	ETHERTYPE_FLIP                    = 0x8146
+	ETHERTYPE_FLOWCONTROL             = 0x8808
+	ETHERTYPE_FRARP                   = 0x808
+	ETHERTYPE_GENDYN                  = 0x8068
+	ETHERTYPE_HAYES                   = 0x8130
+	ETHERTYPE_HIPPI_FP                = 0x8180
+	ETHERTYPE_HITACHI                 = 0x8820
+	ETHERTYPE_HP                      = 0x8005
+	ETHERTYPE_IEEEPUP                 = 0xa00
+	ETHERTYPE_IEEEPUPAT               = 0xa01
+	ETHERTYPE_IMLBL                   = 0x4c42
+	ETHERTYPE_IMLBLDIAG               = 0x424c
+	ETHERTYPE_IP                      = 0x800
+	ETHERTYPE_IPAS                    = 0x876c
+	ETHERTYPE_IPV6                    = 0x86dd
+	ETHERTYPE_IPX                     = 0x8137
+	ETHERTYPE_IPXNEW                  = 0x8037
+	ETHERTYPE_KALPANA                 = 0x8582
+	ETHERTYPE_LANBRIDGE               = 0x8038
+	ETHERTYPE_LANPROBE                = 0x8888
+	ETHERTYPE_LAT                     = 0x6004
+	ETHERTYPE_LBACK                   = 0x9000
+	ETHERTYPE_LITTLE                  = 0x8060
+	ETHERTYPE_LOGICRAFT               = 0x8148
+	ETHERTYPE_LOOPBACK                = 0x9000
+	ETHERTYPE_MATRA                   = 0x807a
+	ETHERTYPE_MAX                     = 0xffff
+	ETHERTYPE_MERIT                   = 0x807c
+	ETHERTYPE_MICP                    = 0x873a
+	ETHERTYPE_MOPDL                   = 0x6001
+	ETHERTYPE_MOPRC                   = 0x6002
+	ETHERTYPE_MOTOROLA                = 0x818d
+	ETHERTYPE_MPLS                    = 0x8847
+	ETHERTYPE_MPLS_MCAST              = 0x8848
+	ETHERTYPE_MUMPS                   = 0x813f
+	ETHERTYPE_NBPCC                   = 0x3c04
+	ETHERTYPE_NBPCLAIM                = 0x3c09
+	ETHERTYPE_NBPCLREQ                = 0x3c05
+	ETHERTYPE_NBPCLRSP                = 0x3c06
+	ETHERTYPE_NBPCREQ                 = 0x3c02
+	ETHERTYPE_NBPCRSP                 = 0x3c03
+	ETHERTYPE_NBPDG                   = 0x3c07
+	ETHERTYPE_NBPDGB                  = 0x3c08
+	ETHERTYPE_NBPDLTE                 = 0x3c0a
+	ETHERTYPE_NBPRAR                  = 0x3c0c
+	ETHERTYPE_NBPRAS                  = 0x3c0b
+	ETHERTYPE_NBPRST                  = 0x3c0d
+	ETHERTYPE_NBPSCD                  = 0x3c01
+	ETHERTYPE_NBPVCD                  = 0x3c00
+	ETHERTYPE_NBS                     = 0x802
+	ETHERTYPE_NCD                     = 0x8149
+	ETHERTYPE_NESTAR                  = 0x8006
+	ETHERTYPE_NETBEUI                 = 0x8191
+	ETHERTYPE_NOVELL                  = 0x8138
+	ETHERTYPE_NS                      = 0x600
+	ETHERTYPE_NSAT                    = 0x601
+	ETHERTYPE_NSCOMPAT                = 0x807
+	ETHERTYPE_NTRAILER                = 0x10
+	ETHERTYPE_OS9                     = 0x7007
+	ETHERTYPE_OS9NET                  = 0x7009
+	ETHERTYPE_PACER                   = 0x80c6
+	ETHERTYPE_PAE                     = 0x888e
+	ETHERTYPE_PCS                     = 0x4242
+	ETHERTYPE_PLANNING                = 0x8044
+	ETHERTYPE_PPP                     = 0x880b
+	ETHERTYPE_PPPOE                   = 0x8864
+	ETHERTYPE_PPPOEDISC               = 0x8863
+	ETHERTYPE_PRIMENTS                = 0x7031
+	ETHERTYPE_PUP                     = 0x200
+	ETHERTYPE_PUPAT                   = 0x200
+	ETHERTYPE_RACAL                   = 0x7030
+	ETHERTYPE_RATIONAL                = 0x8150
+	ETHERTYPE_RAWFR                   = 0x6559
+	ETHERTYPE_RCL                     = 0x1995
+	ETHERTYPE_RDP                     = 0x8739
+	ETHERTYPE_RETIX                   = 0x80f2
+	ETHERTYPE_REVARP                  = 0x8035
+	ETHERTYPE_SCA                     = 0x6007
+	ETHERTYPE_SECTRA                  = 0x86db
+	ETHERTYPE_SECUREDATA              = 0x876d
+	ETHERTYPE_SGITW                   = 0x817e
+	ETHERTYPE_SG_BOUNCE               = 0x8016
+	ETHERTYPE_SG_DIAG                 = 0x8013
+	ETHERTYPE_SG_NETGAMES             = 0x8014
+	ETHERTYPE_SG_RESV                 = 0x8015
+	ETHERTYPE_SIMNET                  = 0x5208
+	ETHERTYPE_SLOWPROTOCOLS           = 0x8809
+	ETHERTYPE_SNA                     = 0x80d5
+	ETHERTYPE_SNMP                    = 0x814c
+	ETHERTYPE_SONIX                   = 0xfaf5
+	ETHERTYPE_SPIDER                  = 0x809f
+	ETHERTYPE_SPRITE                  = 0x500
+	ETHERTYPE_STP                     = 0x8181
+	ETHERTYPE_TALARIS                 = 0x812b
+	ETHERTYPE_TALARISMC               = 0x852b
+	ETHERTYPE_TCPCOMP                 = 0x876b
+	ETHERTYPE_TCPSM                   = 0x9002
+	ETHERTYPE_TEC                     = 0x814f
+	ETHERTYPE_TIGAN                   = 0x802f
+	ETHERTYPE_TRAIL                   = 0x1000
+	ETHERTYPE_TRANSETHER              = 0x6558
+	ETHERTYPE_TYMSHARE                = 0x802e
+	ETHERTYPE_UBBST                   = 0x7005
+	ETHERTYPE_UBDEBUG                 = 0x900
+	ETHERTYPE_UBDIAGLOOP              = 0x7002
+	ETHERTYPE_UBDL                    = 0x7000
+	ETHERTYPE_UBNIU                   = 0x7001
+	ETHERTYPE_UBNMC                   = 0x7003
+	ETHERTYPE_VALID                   = 0x1600
+	ETHERTYPE_VARIAN                  = 0x80dd
+	ETHERTYPE_VAXELN                  = 0x803b
+	ETHERTYPE_VEECO                   = 0x8067
+	ETHERTYPE_VEXP                    = 0x805b
+	ETHERTYPE_VGLAB                   = 0x8131
+	ETHERTYPE_VINES                   = 0xbad
+	ETHERTYPE_VINESECHO               = 0xbaf
+	ETHERTYPE_VINESLOOP               = 0xbae
+	ETHERTYPE_VITAL                   = 0xff00
+	ETHERTYPE_VLAN                    = 0x8100
+	ETHERTYPE_VLTLMAN                 = 0x8080
+	ETHERTYPE_VPROD                   = 0x805c
+	ETHERTYPE_VURESERVED              = 0x8147
+	ETHERTYPE_WATERLOO                = 0x8130
+	ETHERTYPE_WELLFLEET               = 0x8103
+	ETHERTYPE_X25                     = 0x805
+	ETHERTYPE_X75                     = 0x801
+	ETHERTYPE_XNSSM                   = 0x9001
+	ETHERTYPE_XTP                     = 0x817d
+	ETHER_ADDR_LEN                    = 0x6
+	ETHER_CRC_LEN                     = 0x4
+	ETHER_CRC_POLY_BE                 = 0x4c11db6
+	ETHER_CRC_POLY_LE                 = 0xedb88320
+	ETHER_HDR_LEN                     = 0xe
+	ETHER_MAX_LEN                     = 0x5ee
+	ETHER_MAX_LEN_JUMBO               = 0x233a
+	ETHER_MIN_LEN                     = 0x40
+	ETHER_PPPOE_ENCAP_LEN             = 0x8
+	ETHER_TYPE_LEN                    = 0x2
+	ETHER_VLAN_ENCAP_LEN              = 0x4
+	EVFILT_AIO                        = 0x2
+	EVFILT_PROC                       = 0x4
+	EVFILT_READ                       = 0x0
+	EVFILT_SIGNAL                     = 0x5
+	EVFILT_SYSCOUNT                   = 0x7
+	EVFILT_TIMER                      = 0x6
+	EVFILT_VNODE                      = 0x3
+	EVFILT_WRITE                      = 0x1
+	EV_ADD                            = 0x1
+	EV_CLEAR                          = 0x20
+	EV_DELETE                         = 0x2
+	EV_DISABLE                        = 0x8
+	EV_ENABLE                         = 0x4
+	EV_EOF                            = 0x8000
+	EV_ERROR                          = 0x4000
+	EV_FLAG1                          = 0x2000
+	EV_ONESHOT                        = 0x10
+	EV_SYSFLAGS                       = 0xf000
+	EXTA                              = 0x4b00
+	EXTATTR_CMD_START                 = 0x1
+	EXTATTR_CMD_STOP                  = 0x2
+	EXTATTR_NAMESPACE_SYSTEM          = 0x2
+	EXTATTR_NAMESPACE_USER            = 0x1
+	EXTB                              = 0x9600
+	EXTPROC                           = 0x800
+	FD_CLOEXEC                        = 0x1
+	FD_SETSIZE                        = 0x100
+	FLUSHO                            = 0x800000
+	F_CLOSEM                          = 0xa
+	F_DUPFD                           = 0x0
+	F_DUPFD_CLOEXEC                   = 0xc
+	F_FSCTL                           = -0x80000000
+	F_FSDIRMASK                       = 0x70000000
+	F_FSIN                            = 0x10000000
+	F_FSINOUT                         = 0x30000000
+	F_FSOUT                           = 0x20000000
+	F_FSPRIV                          = 0x8000
+	F_FSVOID                          = 0x40000000
+	F_GETFD                           = 0x1
+	F_GETFL                           = 0x3
+	F_GETLK                           = 0x7
+	F_GETNOSIGPIPE                    = 0xd
+	F_GETOWN                          = 0x5
+	F_MAXFD                           = 0xb
+	F_OK                              = 0x0
+	F_PARAM_MASK                      = 0xfff
+	F_PARAM_MAX                       = 0xfff
+	F_RDLCK                           = 0x1
+	F_SETFD                           = 0x2
+	F_SETFL                           = 0x4
+	F_SETLK                           = 0x8
+	F_SETLKW                          = 0x9
+	F_SETNOSIGPIPE                    = 0xe
+	F_SETOWN                          = 0x6
+	F_UNLCK                           = 0x2
+	F_WRLCK                           = 0x3
+	HUPCL                             = 0x4000
+	HW_MACHINE                        = 0x1
+	ICANON                            = 0x100
+	ICMP6_FILTER                      = 0x12
+	ICRNL                             = 0x100
+	IEXTEN                            = 0x400
+	IFAN_ARRIVAL                      = 0x0
+	IFAN_DEPARTURE                    = 0x1
+	IFA_ROUTE                         = 0x1
+	IFF_ALLMULTI                      = 0x200
+	IFF_BROADCAST                     = 0x2
+	IFF_CANTCHANGE                    = 0x8f52
+	IFF_DEBUG                         = 0x4
+	IFF_LINK0                         = 0x1000
+	IFF_LINK1                         = 0x2000
+	IFF_LINK2                         = 0x4000
+	IFF_LOOPBACK                      = 0x8
+	IFF_MULTICAST                     = 0x8000
+	IFF_NOARP                         = 0x80
+	IFF_NOTRAILERS                    = 0x20
+	IFF_OACTIVE                       = 0x400
+	IFF_POINTOPOINT                   = 0x10
+	IFF_PROMISC                       = 0x100
+	IFF_RUNNING                       = 0x40
+	IFF_SIMPLEX                       = 0x800
+	IFF_UP                            = 0x1
+	IFNAMSIZ                          = 0x10
+	IFT_1822                          = 0x2
+	IFT_A12MPPSWITCH                  = 0x82
+	IFT_AAL2                          = 0xbb
+	IFT_AAL5                          = 0x31
+	IFT_ADSL                          = 0x5e
+	IFT_AFLANE8023                    = 0x3b
+	IFT_AFLANE8025                    = 0x3c
+	IFT_ARAP                          = 0x58
+	IFT_ARCNET                        = 0x23
+	IFT_ARCNETPLUS                    = 0x24
+	IFT_ASYNC                         = 0x54
+	IFT_ATM                           = 0x25
+	IFT_ATMDXI                        = 0x69
+	IFT_ATMFUNI                       = 0x6a
+	IFT_ATMIMA                        = 0x6b
+	IFT_ATMLOGICAL                    = 0x50
+	IFT_ATMRADIO                      = 0xbd
+	IFT_ATMSUBINTERFACE               = 0x86
+	IFT_ATMVCIENDPT                   = 0xc2
+	IFT_ATMVIRTUAL                    = 0x95
+	IFT_BGPPOLICYACCOUNTING           = 0xa2
+	IFT_BRIDGE                        = 0xd1
+	IFT_BSC                           = 0x53
+	IFT_CARP                          = 0xf8
+	IFT_CCTEMUL                       = 0x3d
+	IFT_CEPT                          = 0x13
+	IFT_CES                           = 0x85
+	IFT_CHANNEL                       = 0x46
+	IFT_CNR                           = 0x55
+	IFT_COFFEE                        = 0x84
+	IFT_COMPOSITELINK                 = 0x9b
+	IFT_DCN                           = 0x8d
+	IFT_DIGITALPOWERLINE              = 0x8a
+	IFT_DIGITALWRAPPEROVERHEADCHANNEL = 0xba
+	IFT_DLSW                          = 0x4a
+	IFT_DOCSCABLEDOWNSTREAM           = 0x80
+	IFT_DOCSCABLEMACLAYER             = 0x7f
+	IFT_DOCSCABLEUPSTREAM             = 0x81
+	IFT_DOCSCABLEUPSTREAMCHANNEL      = 0xcd
+	IFT_DS0                           = 0x51
+	IFT_DS0BUNDLE                     = 0x52
+	IFT_DS1FDL                        = 0xaa
+	IFT_DS3                           = 0x1e
+	IFT_DTM                           = 0x8c
+	IFT_DVBASILN                      = 0xac
+	IFT_DVBASIOUT                     = 0xad
+	IFT_DVBRCCDOWNSTREAM              = 0x93
+	IFT_DVBRCCMACLAYER                = 0x92
+	IFT_DVBRCCUPSTREAM                = 0x94
+	IFT_ECONET                        = 0xce
+	IFT_EON                           = 0x19
+	IFT_EPLRS                         = 0x57
+	IFT_ESCON                         = 0x49
+	IFT_ETHER                         = 0x6
+	IFT_FAITH                         = 0xf2
+	IFT_FAST                          = 0x7d
+	IFT_FASTETHER                     = 0x3e
+	IFT_FASTETHERFX                   = 0x45
+	IFT_FDDI                          = 0xf
+	IFT_FIBRECHANNEL                  = 0x38
+	IFT_FRAMERELAYINTERCONNECT        = 0x3a
+	IFT_FRAMERELAYMPI                 = 0x5c
+	IFT_FRDLCIENDPT                   = 0xc1
+	IFT_FRELAY                        = 0x20
+	IFT_FRELAYDCE                     = 0x2c
+	IFT_FRF16MFRBUNDLE                = 0xa3
+	IFT_FRFORWARD                     = 0x9e
+	IFT_G703AT2MB                     = 0x43
+	IFT_G703AT64K                     = 0x42
+	IFT_GIF                           = 0xf0
+	IFT_GIGABITETHERNET               = 0x75
+	IFT_GR303IDT                      = 0xb2
+	IFT_GR303RDT                      = 0xb1
+	IFT_H323GATEKEEPER                = 0xa4
+	IFT_H323PROXY                     = 0xa5
+	IFT_HDH1822                       = 0x3
+	IFT_HDLC                          = 0x76
+	IFT_HDSL2                         = 0xa8
+	IFT_HIPERLAN2                     = 0xb7
+	IFT_HIPPI                         = 0x2f
+	IFT_HIPPIINTERFACE                = 0x39
+	IFT_HOSTPAD                       = 0x5a
+	IFT_HSSI                          = 0x2e
+	IFT_HY                            = 0xe
+	IFT_IBM370PARCHAN                 = 0x48
+	IFT_IDSL                          = 0x9a
+	IFT_IEEE1394                      = 0x90
+	IFT_IEEE80211                     = 0x47
+	IFT_IEEE80212                     = 0x37
+	IFT_IEEE8023ADLAG                 = 0xa1
+	IFT_IFGSN                         = 0x91
+	IFT_IMT                           = 0xbe
+	IFT_INFINIBAND                    = 0xc7
+	IFT_INTERLEAVE                    = 0x7c
+	IFT_IP                            = 0x7e
+	IFT_IPFORWARD                     = 0x8e
+	IFT_IPOVERATM                     = 0x72
+	IFT_IPOVERCDLC                    = 0x6d
+	IFT_IPOVERCLAW                    = 0x6e
+	IFT_IPSWITCH                      = 0x4e
+	IFT_ISDN                          = 0x3f
+	IFT_ISDNBASIC                     = 0x14
+	IFT_ISDNPRIMARY                   = 0x15
+	IFT_ISDNS                         = 0x4b
+	IFT_ISDNU                         = 0x4c
+	IFT_ISO88022LLC                   = 0x29
+	IFT_ISO88023                      = 0x7
+	IFT_ISO88024                      = 0x8
+	IFT_ISO88025                      = 0x9
+	IFT_ISO88025CRFPINT               = 0x62
+	IFT_ISO88025DTR                   = 0x56
+	IFT_ISO88025FIBER                 = 0x73
+	IFT_ISO88026                      = 0xa
+	IFT_ISUP                          = 0xb3
+	IFT_L2VLAN                        = 0x87
+	IFT_L3IPVLAN                      = 0x88
+	IFT_L3IPXVLAN                     = 0x89
+	IFT_LAPB                          = 0x10
+	IFT_LAPD                          = 0x4d
+	IFT_LAPF                          = 0x77
+	IFT_LINEGROUP                     = 0xd2
+	IFT_LOCALTALK                     = 0x2a
+	IFT_LOOP                          = 0x18
+	IFT_MEDIAMAILOVERIP               = 0x8b
+	IFT_MFSIGLINK                     = 0xa7
+	IFT_MIOX25                        = 0x26
+	IFT_MODEM                         = 0x30
+	IFT_MPC                           = 0x71
+	IFT_MPLS                          = 0xa6
+	IFT_MPLSTUNNEL                    = 0x96
+	IFT_MSDSL                         = 0x8f
+	IFT_MVL                           = 0xbf
+	IFT_MYRINET                       = 0x63
+	IFT_NFAS                          = 0xaf
+	IFT_NSIP                          = 0x1b
+	IFT_OPTICALCHANNEL                = 0xc3
+	IFT_OPTICALTRANSPORT              = 0xc4
+	IFT_OTHER                         = 0x1
+	IFT_P10                           = 0xc
+	IFT_P80                           = 0xd
+	IFT_PARA                          = 0x22
+	IFT_PFLOG                         = 0xf5
+	IFT_PFSYNC                        = 0xf6
+	IFT_PLC                           = 0xae
+	IFT_PON155                        = 0xcf
+	IFT_PON622                        = 0xd0
+	IFT_POS                           = 0xab
+	IFT_PPP                           = 0x17
+	IFT_PPPMULTILINKBUNDLE            = 0x6c
+	IFT_PROPATM                       = 0xc5
+	IFT_PROPBWAP2MP                   = 0xb8
+	IFT_PROPCNLS                      = 0x59
+	IFT_PROPDOCSWIRELESSDOWNSTREAM    = 0xb5
+	IFT_PROPDOCSWIRELESSMACLAYER      = 0xb4
+	IFT_PROPDOCSWIRELESSUPSTREAM      = 0xb6
+	IFT_PROPMUX                       = 0x36
+	IFT_PROPVIRTUAL                   = 0x35
+	IFT_PROPWIRELESSP2P               = 0x9d
+	IFT_PTPSERIAL                     = 0x16
+	IFT_PVC                           = 0xf1
+	IFT_Q2931                         = 0xc9
+	IFT_QLLC                          = 0x44
+	IFT_RADIOMAC                      = 0xbc
+	IFT_RADSL                         = 0x5f
+	IFT_REACHDSL                      = 0xc0
+	IFT_RFC1483                       = 0x9f
+	IFT_RS232                         = 0x21
+	IFT_RSRB                          = 0x4f
+	IFT_SDLC                          = 0x11
+	IFT_SDSL                          = 0x60
+	IFT_SHDSL                         = 0xa9
+	IFT_SIP                           = 0x1f
+	IFT_SIPSIG                        = 0xcc
+	IFT_SIPTG                         = 0xcb
+	IFT_SLIP                          = 0x1c
+	IFT_SMDSDXI                       = 0x2b
+	IFT_SMDSICIP                      = 0x34
+	IFT_SONET                         = 0x27
+	IFT_SONETOVERHEADCHANNEL          = 0xb9
+	IFT_SONETPATH                     = 0x32
+	IFT_SONETVT                       = 0x33
+	IFT_SRP                           = 0x97
+	IFT_SS7SIGLINK                    = 0x9c
+	IFT_STACKTOSTACK                  = 0x6f
+	IFT_STARLAN                       = 0xb
+	IFT_STF                           = 0xd7
+	IFT_T1                            = 0x12
+	IFT_TDLC                          = 0x74
+	IFT_TELINK                        = 0xc8
+	IFT_TERMPAD                       = 0x5b
+	IFT_TR008                         = 0xb0
+	IFT_TRANSPHDLC                    = 0x7b
+	IFT_TUNNEL                        = 0x83
+	IFT_ULTRA                         = 0x1d
+	IFT_USB                           = 0xa0
+	IFT_V11                           = 0x40
+	IFT_V35                           = 0x2d
+	IFT_V36                           = 0x41
+	IFT_V37                           = 0x78
+	IFT_VDSL                          = 0x61
+	IFT_VIRTUALIPADDRESS              = 0x70
+	IFT_VIRTUALTG                     = 0xca
+	IFT_VOICEDID                      = 0xd5
+	IFT_VOICEEM                       = 0x64
+	IFT_VOICEEMFGD                    = 0xd3
+	IFT_VOICEENCAP                    = 0x67
+	IFT_VOICEFGDEANA                  = 0xd4
+	IFT_VOICEFXO                      = 0x65
+	IFT_VOICEFXS                      = 0x66
+	IFT_VOICEOVERATM                  = 0x98
+	IFT_VOICEOVERCABLE                = 0xc6
+	IFT_VOICEOVERFRAMERELAY           = 0x99
+	IFT_VOICEOVERIP                   = 0x68
+	IFT_X213                          = 0x5d
+	IFT_X25                           = 0x5
+	IFT_X25DDN                        = 0x4
+	IFT_X25HUNTGROUP                  = 0x7a
+	IFT_X25MLP                        = 0x79
+	IFT_X25PLE                        = 0x28
+	IFT_XETHER                        = 0x1a
+	IGNBRK                            = 0x1
+	IGNCR                             = 0x80
+	IGNPAR                            = 0x4
+	IMAXBEL                           = 0x2000
+	INLCR                             = 0x40
+	INPCK                             = 0x10
+	IN_CLASSA_HOST                    = 0xffffff
+	IN_CLASSA_MAX                     = 0x80
+	IN_CLASSA_NET                     = 0xff000000
+	IN_CLASSA_NSHIFT                  = 0x18
+	IN_CLASSB_HOST                    = 0xffff
+	IN_CLASSB_MAX                     = 0x10000
+	IN_CLASSB_NET                     = 0xffff0000
+	IN_CLASSB_NSHIFT                  = 0x10
+	IN_CLASSC_HOST                    = 0xff
+	IN_CLASSC_NET                     = 0xffffff00
+	IN_CLASSC_NSHIFT                  = 0x8
+	IN_CLASSD_HOST                    = 0xfffffff
+	IN_CLASSD_NET                     = 0xf0000000
+	IN_CLASSD_NSHIFT                  = 0x1c
+	IN_LOOPBACKNET                    = 0x7f
+	IPPROTO_AH                        = 0x33
+	IPPROTO_CARP                      = 0x70
+	IPPROTO_DONE                      = 0x101
+	IPPROTO_DSTOPTS                   = 0x3c
+	IPPROTO_EGP                       = 0x8
+	IPPROTO_ENCAP                     = 0x62
+	IPPROTO_EON                       = 0x50
+	IPPROTO_ESP                       = 0x32
+	IPPROTO_ETHERIP                   = 0x61
+	IPPROTO_FRAGMENT                  = 0x2c
+	IPPROTO_GGP                       = 0x3
+	IPPROTO_GRE                       = 0x2f
+	IPPROTO_HOPOPTS                   = 0x0
+	IPPROTO_ICMP                      = 0x1
+	IPPROTO_ICMPV6                    = 0x3a
+	IPPROTO_IDP                       = 0x16
+	IPPROTO_IGMP                      = 0x2
+	IPPROTO_IP                        = 0x0
+	IPPROTO_IPCOMP                    = 0x6c
+	IPPROTO_IPIP                      = 0x4
+	IPPROTO_IPV4                      = 0x4
+	IPPROTO_IPV6                      = 0x29
+	IPPROTO_IPV6_ICMP                 = 0x3a
+	IPPROTO_MAX                       = 0x100
+	IPPROTO_MAXID                     = 0x34
+	IPPROTO_MOBILE                    = 0x37
+	IPPROTO_NONE                      = 0x3b
+	IPPROTO_PFSYNC                    = 0xf0
+	IPPROTO_PIM                       = 0x67
+	IPPROTO_PUP                       = 0xc
+	IPPROTO_RAW                       = 0xff
+	IPPROTO_ROUTING                   = 0x2b
+	IPPROTO_RSVP                      = 0x2e
+	IPPROTO_TCP                       = 0x6
+	IPPROTO_TP                        = 0x1d
+	IPPROTO_UDP                       = 0x11
+	IPPROTO_VRRP                      = 0x70
+	IPV6_CHECKSUM                     = 0x1a
+	IPV6_DEFAULT_MULTICAST_HOPS       = 0x1
+	IPV6_DEFAULT_MULTICAST_LOOP       = 0x1
+	IPV6_DEFHLIM                      = 0x40
+	IPV6_DONTFRAG                     = 0x3e
+	IPV6_DSTOPTS                      = 0x32
+	IPV6_FAITH                        = 0x1d
+	IPV6_FLOWINFO_MASK                = 0xffffff0f
+	IPV6_FLOWLABEL_MASK               = 0xffff0f00
+	IPV6_FRAGTTL                      = 0x78
+	IPV6_HLIMDEC                      = 0x1
+	IPV6_HOPLIMIT                     = 0x2f
+	IPV6_HOPOPTS                      = 0x31
+	IPV6_IPSEC_POLICY                 = 0x1c
+	IPV6_JOIN_GROUP                   = 0xc
+	IPV6_LEAVE_GROUP                  = 0xd
+	IPV6_MAXHLIM                      = 0xff
+	IPV6_MAXPACKET                    = 0xffff
+	IPV6_MMTU                         = 0x500
+	IPV6_MULTICAST_HOPS               = 0xa
+	IPV6_MULTICAST_IF                 = 0x9
+	IPV6_MULTICAST_LOOP               = 0xb
+	IPV6_NEXTHOP                      = 0x30
+	IPV6_PATHMTU                      = 0x2c
+	IPV6_PKTINFO                      = 0x2e
+	IPV6_PORTRANGE                    = 0xe
+	IPV6_PORTRANGE_DEFAULT            = 0x0
+	IPV6_PORTRANGE_HIGH               = 0x1
+	IPV6_PORTRANGE_LOW                = 0x2
+	IPV6_RECVDSTOPTS                  = 0x28
+	IPV6_RECVHOPLIMIT                 = 0x25
+	IPV6_RECVHOPOPTS                  = 0x27
+	IPV6_RECVPATHMTU                  = 0x2b
+	IPV6_RECVPKTINFO                  = 0x24
+	IPV6_RECVRTHDR                    = 0x26
+	IPV6_RECVTCLASS                   = 0x39
+	IPV6_RTHDR                        = 0x33
+	IPV6_RTHDRDSTOPTS                 = 0x23
+	IPV6_RTHDR_LOOSE                  = 0x0
+	IPV6_RTHDR_STRICT                 = 0x1
+	IPV6_RTHDR_TYPE_0                 = 0x0
+	IPV6_SOCKOPT_RESERVED1            = 0x3
+	IPV6_TCLASS                       = 0x3d
+	IPV6_UNICAST_HOPS                 = 0x4
+	IPV6_USE_MIN_MTU                  = 0x2a
+	IPV6_V6ONLY                       = 0x1b
+	IPV6_VERSION                      = 0x60
+	IPV6_VERSION_MASK                 = 0xf0
+	IP_ADD_MEMBERSHIP                 = 0xc
+	IP_DEFAULT_MULTICAST_LOOP         = 0x1
+	IP_DEFAULT_MULTICAST_TTL          = 0x1
+	IP_DF                             = 0x4000
+	IP_DROP_MEMBERSHIP                = 0xd
+	IP_EF                             = 0x8000
+	IP_ERRORMTU                       = 0x15
+	IP_HDRINCL                        = 0x2
+	IP_IPSEC_POLICY                   = 0x16
+	IP_MAXPACKET                      = 0xffff
+	IP_MAX_MEMBERSHIPS                = 0x14
+	IP_MF                             = 0x2000
+	IP_MINFRAGSIZE                    = 0x45
+	IP_MINTTL                         = 0x18
+	IP_MSS                            = 0x240
+	IP_MULTICAST_IF                   = 0x9
+	IP_MULTICAST_LOOP                 = 0xb
+	IP_MULTICAST_TTL                  = 0xa
+	IP_OFFMASK                        = 0x1fff
+	IP_OPTIONS                        = 0x1
+	IP_PORTRANGE                      = 0x13
+	IP_PORTRANGE_DEFAULT              = 0x0
+	IP_PORTRANGE_HIGH                 = 0x1
+	IP_PORTRANGE_LOW                  = 0x2
+	IP_RECVDSTADDR                    = 0x7
+	IP_RECVIF                         = 0x14
+	IP_RECVOPTS                       = 0x5
+	IP_RECVRETOPTS                    = 0x6
+	IP_RECVTTL                        = 0x17
+	IP_RETOPTS                        = 0x8
+	IP_RF                             = 0x8000
+	IP_TOS                            = 0x3
+	IP_TTL                            = 0x4
+	ISIG                              = 0x80
+	ISTRIP                            = 0x20
+	IXANY                             = 0x800
+	IXOFF                             = 0x400
+	IXON                              = 0x200
+	KERN_HOSTNAME                     = 0xa
+	KERN_OSRELEASE                    = 0x2
+	KERN_OSTYPE                       = 0x1
+	KERN_VERSION                      = 0x4
+	LOCK_EX                           = 0x2
+	LOCK_NB                           = 0x4
+	LOCK_SH                           = 0x1
+	LOCK_UN                           = 0x8
+	MADV_DONTNEED                     = 0x4
+	MADV_FREE                         = 0x6
+	MADV_NORMAL                       = 0x0
+	MADV_RANDOM                       = 0x1
+	MADV_SEQUENTIAL                   = 0x2
+	MADV_SPACEAVAIL                   = 0x5
+	MADV_WILLNEED                     = 0x3
+	MAP_ALIGNMENT_16MB                = 0x18000000
+	MAP_ALIGNMENT_1TB                 = 0x28000000
+	MAP_ALIGNMENT_256TB               = 0x30000000
+	MAP_ALIGNMENT_4GB                 = 0x20000000
+	MAP_ALIGNMENT_64KB                = 0x10000000
+	MAP_ALIGNMENT_64PB                = 0x38000000
+	MAP_ALIGNMENT_MASK                = -0x1000000
+	MAP_ALIGNMENT_SHIFT               = 0x18
+	MAP_ANON                          = 0x1000
+	MAP_FILE                          = 0x0
+	MAP_FIXED                         = 0x10
+	MAP_HASSEMAPHORE                  = 0x200
+	MAP_INHERIT                       = 0x80
+	MAP_INHERIT_COPY                  = 0x1
+	MAP_INHERIT_DEFAULT               = 0x1
+	MAP_INHERIT_DONATE_COPY           = 0x3
+	MAP_INHERIT_NONE                  = 0x2
+	MAP_INHERIT_SHARE                 = 0x0
+	MAP_NORESERVE                     = 0x40
+	MAP_PRIVATE                       = 0x2
+	MAP_RENAME                        = 0x20
+	MAP_SHARED                        = 0x1
+	MAP_STACK                         = 0x2000
+	MAP_TRYFIXED                      = 0x400
+	MAP_WIRED                         = 0x800
+	MCL_CURRENT                       = 0x1
+	MCL_FUTURE                        = 0x2
+	MNT_ASYNC                         = 0x40
+	MNT_BASIC_FLAGS                   = 0xe782807f
+	MNT_DEFEXPORTED                   = 0x200
+	MNT_DISCARD                       = 0x800000
+	MNT_EXKERB                        = 0x800
+	MNT_EXNORESPORT                   = 0x8000000
+	MNT_EXPORTANON                    = 0x400
+	MNT_EXPORTED                      = 0x100
+	MNT_EXPUBLIC                      = 0x10000000
+	MNT_EXRDONLY                      = 0x80
+	MNT_EXTATTR                       = 0x1000000
+	MNT_FORCE                         = 0x80000
+	MNT_GETARGS                       = 0x400000
+	MNT_IGNORE                        = 0x100000
+	MNT_LAZY                          = 0x3
+	MNT_LOCAL                         = 0x1000
+	MNT_LOG                           = 0x2000000
+	MNT_NOATIME                       = 0x4000000
+	MNT_NOCOREDUMP                    = 0x8000
+	MNT_NODEV                         = 0x10
+	MNT_NODEVMTIME                    = 0x40000000
+	MNT_NOEXEC                        = 0x4
+	MNT_NOSUID                        = 0x8
+	MNT_NOWAIT                        = 0x2
+	MNT_OP_FLAGS                      = 0x4d0000
+	MNT_QUOTA                         = 0x2000
+	MNT_RDONLY                        = 0x1
+	MNT_RELATIME                      = 0x20000
+	MNT_RELOAD                        = 0x40000
+	MNT_ROOTFS                        = 0x4000
+	MNT_SOFTDEP                       = 0x80000000
+	MNT_SYMPERM                       = 0x20000000
+	MNT_SYNCHRONOUS                   = 0x2
+	MNT_UNION                         = 0x20
+	MNT_UPDATE                        = 0x10000
+	MNT_VISFLAGMASK                   = 0xff90ffff
+	MNT_WAIT                          = 0x1
+	MSG_BCAST                         = 0x100
+	MSG_CMSG_CLOEXEC                  = 0x800
+	MSG_CONTROLMBUF                   = 0x2000000
+	MSG_CTRUNC                        = 0x20
+	MSG_DONTROUTE                     = 0x4
+	MSG_DONTWAIT                      = 0x80
+	MSG_EOR                           = 0x8
+	MSG_IOVUSRSPACE                   = 0x4000000
+	MSG_LENUSRSPACE                   = 0x8000000
+	MSG_MCAST                         = 0x200
+	MSG_NAMEMBUF                      = 0x1000000
+	MSG_NBIO                          = 0x1000
+	MSG_NOSIGNAL                      = 0x400
+	MSG_OOB                           = 0x1
+	MSG_PEEK                          = 0x2
+	MSG_TRUNC                         = 0x10
+	MSG_USERFLAGS                     = 0xffffff
+	MSG_WAITALL                       = 0x40
+	MS_ASYNC                          = 0x1
+	MS_INVALIDATE                     = 0x2
+	MS_SYNC                           = 0x4
+	NAME_MAX                          = 0x1ff
+	NET_RT_DUMP                       = 0x1
+	NET_RT_FLAGS                      = 0x2
+	NET_RT_IFLIST                     = 0x5
+	NET_RT_MAXID                      = 0x6
+	NET_RT_OIFLIST                    = 0x4
+	NET_RT_OOIFLIST                   = 0x3
+	NFDBITS                           = 0x20
+	NOFLSH                            = 0x80000000
+	NOTE_ATTRIB                       = 0x8
+	NOTE_CHILD                        = 0x4
+	NOTE_DELETE                       = 0x1
+	NOTE_EXEC                         = 0x20000000
+	NOTE_EXIT                         = 0x80000000
+	NOTE_EXTEND                       = 0x4
+	NOTE_FORK                         = 0x40000000
+	NOTE_LINK                         = 0x10
+	NOTE_LOWAT                        = 0x1
+	NOTE_PCTRLMASK                    = 0xf0000000
+	NOTE_PDATAMASK                    = 0xfffff
+	NOTE_RENAME                       = 0x20
+	NOTE_REVOKE                       = 0x40
+	NOTE_TRACK                        = 0x1
+	NOTE_TRACKERR                     = 0x2
+	NOTE_WRITE                        = 0x2
+	OCRNL                             = 0x10
+	OFIOGETBMAP                       = 0xc004667a
+	ONLCR                             = 0x2
+	ONLRET                            = 0x40
+	ONOCR                             = 0x20
+	ONOEOT                            = 0x8
+	OPOST                             = 0x1
+	O_ACCMODE                         = 0x3
+	O_ALT_IO                          = 0x40000
+	O_APPEND                          = 0x8
+	O_ASYNC                           = 0x40
+	O_CLOEXEC                         = 0x400000
+	O_CREAT                           = 0x200
+	O_DIRECT                          = 0x80000
+	O_DIRECTORY                       = 0x200000
+	O_DSYNC                           = 0x10000
+	O_EXCL                            = 0x800
+	O_EXLOCK                          = 0x20
+	O_FSYNC                           = 0x80
+	O_NDELAY                          = 0x4
+	O_NOCTTY                          = 0x8000
+	O_NOFOLLOW                        = 0x100
+	O_NONBLOCK                        = 0x4
+	O_NOSIGPIPE                       = 0x1000000
+	O_RDONLY                          = 0x0
+	O_RDWR                            = 0x2
+	O_RSYNC                           = 0x20000
+	O_SHLOCK                          = 0x10
+	O_SYNC                            = 0x80
+	O_TRUNC                           = 0x400
+	O_WRONLY                          = 0x1
+	PARENB                            = 0x1000
+	PARMRK                            = 0x8
+	PARODD                            = 0x2000
+	PENDIN                            = 0x20000000
+	PRIO_PGRP                         = 0x1
+	PRIO_PROCESS                      = 0x0
+	PRIO_USER                         = 0x2
+	PRI_IOFLUSH                       = 0x7c
+	PROT_EXEC                         = 0x4
+	PROT_NONE                         = 0x0
+	PROT_READ                         = 0x1
+	PROT_WRITE                        = 0x2
+	RLIMIT_AS                         = 0xa
+	RLIMIT_CORE                       = 0x4
+	RLIMIT_CPU                        = 0x0
+	RLIMIT_DATA                       = 0x2
+	RLIMIT_FSIZE                      = 0x1
+	RLIMIT_MEMLOCK                    = 0x6
+	RLIMIT_NOFILE                     = 0x8
+	RLIMIT_NPROC                      = 0x7
+	RLIMIT_RSS                        = 0x5
+	RLIMIT_STACK                      = 0x3
+	RLIM_INFINITY                     = 0x7fffffffffffffff
+	RTAX_AUTHOR                       = 0x6
+	RTAX_BRD                          = 0x7
+	RTAX_DST                          = 0x0
+	RTAX_GATEWAY                      = 0x1
+	RTAX_GENMASK                      = 0x3
+	RTAX_IFA                          = 0x5
+	RTAX_IFP                          = 0x4
+	RTAX_MAX                          = 0x9
+	RTAX_NETMASK                      = 0x2
+	RTAX_TAG                          = 0x8
+	RTA_AUTHOR                        = 0x40
+	RTA_BRD                           = 0x80
+	RTA_DST                           = 0x1
+	RTA_GATEWAY                       = 0x2
+	RTA_GENMASK                       = 0x8
+	RTA_IFA                           = 0x20
+	RTA_IFP                           = 0x10
+	RTA_NETMASK                       = 0x4
+	RTA_TAG                           = 0x100
+	RTF_ANNOUNCE                      = 0x20000
+	RTF_BLACKHOLE                     = 0x1000
+	RTF_CLONED                        = 0x2000
+	RTF_CLONING                       = 0x100
+	RTF_DONE                          = 0x40
+	RTF_DYNAMIC                       = 0x10
+	RTF_GATEWAY                       = 0x2
+	RTF_HOST                          = 0x4
+	RTF_LLINFO                        = 0x400
+	RTF_MASK                          = 0x80
+	RTF_MODIFIED                      = 0x20
+	RTF_PROTO1                        = 0x8000
+	RTF_PROTO2                        = 0x4000
+	RTF_REJECT                        = 0x8
+	RTF_SRC                           = 0x10000
+	RTF_STATIC                        = 0x800
+	RTF_UP                            = 0x1
+	RTF_XRESOLVE                      = 0x200
+	RTM_ADD                           = 0x1
+	RTM_CHANGE                        = 0x3
+	RTM_CHGADDR                       = 0x15
+	RTM_DELADDR                       = 0xd
+	RTM_DELETE                        = 0x2
+	RTM_GET                           = 0x4
+	RTM_IEEE80211                     = 0x11
+	RTM_IFANNOUNCE                    = 0x10
+	RTM_IFINFO                        = 0x14
+	RTM_LLINFO_UPD                    = 0x13
+	RTM_LOCK                          = 0x8
+	RTM_LOSING                        = 0x5
+	RTM_MISS                          = 0x7
+	RTM_NEWADDR                       = 0xc
+	RTM_OIFINFO                       = 0xf
+	RTM_OLDADD                        = 0x9
+	RTM_OLDDEL                        = 0xa
+	RTM_OOIFINFO                      = 0xe
+	RTM_REDIRECT                      = 0x6
+	RTM_RESOLVE                       = 0xb
+	RTM_RTTUNIT                       = 0xf4240
+	RTM_SETGATE                       = 0x12
+	RTM_VERSION                       = 0x4
+	RTV_EXPIRE                        = 0x4
+	RTV_HOPCOUNT                      = 0x2
+	RTV_MTU                           = 0x1
+	RTV_RPIPE                         = 0x8
+	RTV_RTT                           = 0x40
+	RTV_RTTVAR                        = 0x80
+	RTV_SPIPE                         = 0x10
+	RTV_SSTHRESH                      = 0x20
+	RUSAGE_CHILDREN                   = -0x1
+	RUSAGE_SELF                       = 0x0
+	SCM_CREDS                         = 0x4
+	SCM_RIGHTS                        = 0x1
+	SCM_TIMESTAMP                     = 0x8
+	SHUT_RD                           = 0x0
+	SHUT_RDWR                         = 0x2
+	SHUT_WR                           = 0x1
+	SIOCADDMULTI                      = 0x80906931
+	SIOCADDRT                         = 0x8038720a
+	SIOCAIFADDR                       = 0x8040691a
+	SIOCALIFADDR                      = 0x8118691c
+	SIOCATMARK                        = 0x40047307
+	SIOCDELMULTI                      = 0x80906932
+	SIOCDELRT                         = 0x8038720b
+	SIOCDIFADDR                       = 0x80906919
+	SIOCDIFPHYADDR                    = 0x80906949
+	SIOCDLIFADDR                      = 0x8118691e
+	SIOCGDRVSPEC                      = 0xc028697b
+	SIOCGETPFSYNC                     = 0xc09069f8
+	SIOCGETSGCNT                      = 0xc0207534
+	SIOCGETVIFCNT                     = 0xc0287533
+	SIOCGHIWAT                        = 0x40047301
+	SIOCGIFADDR                       = 0xc0906921
+	SIOCGIFADDRPREF                   = 0xc0986920
+	SIOCGIFALIAS                      = 0xc040691b
+	SIOCGIFBRDADDR                    = 0xc0906923
+	SIOCGIFCAP                        = 0xc0206976
+	SIOCGIFCONF                       = 0xc0106926
+	SIOCGIFDATA                       = 0xc0986985
+	SIOCGIFDLT                        = 0xc0906977
+	SIOCGIFDSTADDR                    = 0xc0906922
+	SIOCGIFFLAGS                      = 0xc0906911
+	SIOCGIFGENERIC                    = 0xc090693a
+	SIOCGIFMEDIA                      = 0xc0306936
+	SIOCGIFMETRIC                     = 0xc0906917
+	SIOCGIFMTU                        = 0xc090697e
+	SIOCGIFNETMASK                    = 0xc0906925
+	SIOCGIFPDSTADDR                   = 0xc0906948
+	SIOCGIFPSRCADDR                   = 0xc0906947
+	SIOCGLIFADDR                      = 0xc118691d
+	SIOCGLIFPHYADDR                   = 0xc118694b
+	SIOCGLINKSTR                      = 0xc0286987
+	SIOCGLOWAT                        = 0x40047303
+	SIOCGPGRP                         = 0x40047309
+	SIOCGVH                           = 0xc0906983
+	SIOCIFCREATE                      = 0x8090697a
+	SIOCIFDESTROY                     = 0x80906979
+	SIOCIFGCLONERS                    = 0xc0106978
+	SIOCINITIFADDR                    = 0xc0706984
+	SIOCSDRVSPEC                      = 0x8028697b
+	SIOCSETPFSYNC                     = 0x809069f7
+	SIOCSHIWAT                        = 0x80047300
+	SIOCSIFADDR                       = 0x8090690c
+	SIOCSIFADDRPREF                   = 0x8098691f
+	SIOCSIFBRDADDR                    = 0x80906913
+	SIOCSIFCAP                        = 0x80206975
+	SIOCSIFDSTADDR                    = 0x8090690e
+	SIOCSIFFLAGS                      = 0x80906910
+	SIOCSIFGENERIC                    = 0x80906939
+	SIOCSIFMEDIA                      = 0xc0906935
+	SIOCSIFMETRIC                     = 0x80906918
+	SIOCSIFMTU                        = 0x8090697f
+	SIOCSIFNETMASK                    = 0x80906916
+	SIOCSIFPHYADDR                    = 0x80406946
+	SIOCSLIFPHYADDR                   = 0x8118694a
+	SIOCSLINKSTR                      = 0x80286988
+	SIOCSLOWAT                        = 0x80047302
+	SIOCSPGRP                         = 0x80047308
+	SIOCSVH                           = 0xc0906982
+	SIOCZIFDATA                       = 0xc0986986
+	SOCK_CLOEXEC                      = 0x10000000
+	SOCK_DGRAM                        = 0x2
+	SOCK_FLAGS_MASK                   = 0xf0000000
+	SOCK_NONBLOCK                     = 0x20000000
+	SOCK_NOSIGPIPE                    = 0x40000000
+	SOCK_RAW                          = 0x3
+	SOCK_RDM                          = 0x4
+	SOCK_SEQPACKET                    = 0x5
+	SOCK_STREAM                       = 0x1
+	SOL_SOCKET                        = 0xffff
+	SOMAXCONN                         = 0x80
+	SO_ACCEPTCONN                     = 0x2
+	SO_ACCEPTFILTER                   = 0x1000
+	SO_BROADCAST                      = 0x20
+	SO_DEBUG                          = 0x1
+	SO_DONTROUTE                      = 0x10
+	SO_ERROR                          = 0x1007
+	SO_KEEPALIVE                      = 0x8
+	SO_LINGER                         = 0x80
+	SO_NOHEADER                       = 0x100a
+	SO_NOSIGPIPE                      = 0x800
+	SO_OOBINLINE                      = 0x100
+	SO_OVERFLOWED                     = 0x1009
+	SO_RCVBUF                         = 0x1002
+	SO_RCVLOWAT                       = 0x1004
+	SO_RCVTIMEO                       = 0x100c
+	SO_REUSEADDR                      = 0x4
+	SO_REUSEPORT                      = 0x200
+	SO_SNDBUF                         = 0x1001
+	SO_SNDLOWAT                       = 0x1003
+	SO_SNDTIMEO                       = 0x100b
+	SO_TIMESTAMP                      = 0x2000
+	SO_TYPE                           = 0x1008
+	SO_USELOOPBACK                    = 0x40
+	SYSCTL_VERSION                    = 0x1000000
+	SYSCTL_VERS_0                     = 0x0
+	SYSCTL_VERS_1                     = 0x1000000
+	SYSCTL_VERS_MASK                  = 0xff000000
+	S_ARCH1                           = 0x10000
+	S_ARCH2                           = 0x20000
+	S_BLKSIZE                         = 0x200
+	S_IEXEC                           = 0x40
+	S_IFBLK                           = 0x6000
+	S_IFCHR                           = 0x2000
+	S_IFDIR                           = 0x4000
+	S_IFIFO                           = 0x1000
+	S_IFLNK                           = 0xa000
+	S_IFMT                            = 0xf000
+	S_IFREG                           = 0x8000
+	S_IFSOCK                          = 0xc000
+	S_IFWHT                           = 0xe000
+	S_IREAD                           = 0x100
+	S_IRGRP                           = 0x20
+	S_IROTH                           = 0x4
+	S_IRUSR                           = 0x100
+	S_IRWXG                           = 0x38
+	S_IRWXO                           = 0x7
+	S_IRWXU                           = 0x1c0
+	S_ISGID                           = 0x400
+	S_ISTXT                           = 0x200
+	S_ISUID                           = 0x800
+	S_ISVTX                           = 0x200
+	S_IWGRP                           = 0x10
+	S_IWOTH                           = 0x2
+	S_IWRITE                          = 0x80
+	S_IWUSR                           = 0x80
+	S_IXGRP                           = 0x8
+	S_IXOTH                           = 0x1
+	S_IXUSR                           = 0x40
+	S_LOGIN_SET                       = 0x1
+	TCIFLUSH                          = 0x1
+	TCIOFLUSH                         = 0x3
+	TCOFLUSH                          = 0x2
+	TCP_CONGCTL                       = 0x20
+	TCP_KEEPCNT                       = 0x6
+	TCP_KEEPIDLE                      = 0x3
+	TCP_KEEPINIT                      = 0x7
+	TCP_KEEPINTVL                     = 0x5
+	TCP_MAXBURST                      = 0x4
+	TCP_MAXSEG                        = 0x2
+	TCP_MAXWIN                        = 0xffff
+	TCP_MAX_WINSHIFT                  = 0xe
+	TCP_MD5SIG                        = 0x10
+	TCP_MINMSS                        = 0xd8
+	TCP_MSS                           = 0x218
+	TCP_NODELAY                       = 0x1
+	TCSAFLUSH                         = 0x2
+	TIOCCBRK                          = 0x2000747a
+	TIOCCDTR                          = 0x20007478
+	TIOCCONS                          = 0x80047462
+	TIOCDCDTIMESTAMP                  = 0x40107458
+	TIOCDRAIN                         = 0x2000745e
+	TIOCEXCL                          = 0x2000740d
+	TIOCEXT                           = 0x80047460
+	TIOCFLAG_CDTRCTS                  = 0x10
+	TIOCFLAG_CLOCAL                   = 0x2
+	TIOCFLAG_CRTSCTS                  = 0x4
+	TIOCFLAG_MDMBUF                   = 0x8
+	TIOCFLAG_SOFTCAR                  = 0x1
+	TIOCFLUSH                         = 0x80047410
+	TIOCGETA                          = 0x402c7413
+	TIOCGETD                          = 0x4004741a
+	TIOCGFLAGS                        = 0x4004745d
+	TIOCGLINED                        = 0x40207442
+	TIOCGPGRP                         = 0x40047477
+	TIOCGQSIZE                        = 0x40047481
+	TIOCGRANTPT                       = 0x20007447
+	TIOCGSID                          = 0x40047463
+	TIOCGSIZE                         = 0x40087468
+	TIOCGWINSZ                        = 0x40087468
+	TIOCMBIC                          = 0x8004746b
+	TIOCMBIS                          = 0x8004746c
+	TIOCMGET                          = 0x4004746a
+	TIOCMSET                          = 0x8004746d
+	TIOCM_CAR                         = 0x40
+	TIOCM_CD                          = 0x40
+	TIOCM_CTS                         = 0x20
+	TIOCM_DSR                         = 0x100
+	TIOCM_DTR                         = 0x2
+	TIOCM_LE                          = 0x1
+	TIOCM_RI                          = 0x80
+	TIOCM_RNG                         = 0x80
+	TIOCM_RTS                         = 0x4
+	TIOCM_SR                          = 0x10
+	TIOCM_ST                          = 0x8
+	TIOCNOTTY                         = 0x20007471
+	TIOCNXCL                          = 0x2000740e
+	TIOCOUTQ                          = 0x40047473
+	TIOCPKT                           = 0x80047470
+	TIOCPKT_DATA                      = 0x0
+	TIOCPKT_DOSTOP                    = 0x20
+	TIOCPKT_FLUSHREAD                 = 0x1
+	TIOCPKT_FLUSHWRITE                = 0x2
+	TIOCPKT_IOCTL                     = 0x40
+	TIOCPKT_NOSTOP                    = 0x10
+	TIOCPKT_START                     = 0x8
+	TIOCPKT_STOP                      = 0x4
+	TIOCPTMGET                        = 0x40287446
+	TIOCPTSNAME                       = 0x40287448
+	TIOCRCVFRAME                      = 0x80087445
+	TIOCREMOTE                        = 0x80047469
+	TIOCSBRK                          = 0x2000747b
+	TIOCSCTTY                         = 0x20007461
+	TIOCSDTR                          = 0x20007479
+	TIOCSETA                          = 0x802c7414
+	TIOCSETAF                         = 0x802c7416
+	TIOCSETAW                         = 0x802c7415
+	TIOCSETD                          = 0x8004741b
+	TIOCSFLAGS                        = 0x8004745c
+	TIOCSIG                           = 0x2000745f
+	TIOCSLINED                        = 0x80207443
+	TIOCSPGRP                         = 0x80047476
+	TIOCSQSIZE                        = 0x80047480
+	TIOCSSIZE                         = 0x80087467
+	TIOCSTART                         = 0x2000746e
+	TIOCSTAT                          = 0x80047465
+	TIOCSTI                           = 0x80017472
+	TIOCSTOP                          = 0x2000746f
+	TIOCSWINSZ                        = 0x80087467
+	TIOCUCNTL                         = 0x80047466
+	TIOCXMTFRAME                      = 0x80087444
+	TOSTOP                            = 0x400000
+	VDISCARD                          = 0xf
+	VDSUSP                            = 0xb
+	VEOF                              = 0x0
+	VEOL                              = 0x1
+	VEOL2                             = 0x2
+	VERASE                            = 0x3
+	VINTR                             = 0x8
+	VKILL                             = 0x5
+	VLNEXT                            = 0xe
+	VMIN                              = 0x10
+	VQUIT                             = 0x9
+	VREPRINT                          = 0x6
+	VSTART                            = 0xc
+	VSTATUS                           = 0x12
+	VSTOP                             = 0xd
+	VSUSP                             = 0xa
+	VTIME                             = 0x11
+	VWERASE                           = 0x4
+	WALL                              = 0x8
+	WALLSIG                           = 0x8
+	WALTSIG                           = 0x4
+	WCLONE                            = 0x4
+	WCOREFLAG                         = 0x80
+	WNOHANG                           = 0x1
+	WNOWAIT                           = 0x10000
+	WNOZOMBIE                         = 0x20000
+	WOPTSCHECKED                      = 0x40000
+	WSTOPPED                          = 0x7f
+	WUNTRACED                         = 0x2
+)
+
+// Errors
+const (
+	E2BIG           = syscall.Errno(0x7)
+	EACCES          = syscall.Errno(0xd)
+	EADDRINUSE      = syscall.Errno(0x30)
+	EADDRNOTAVAIL   = syscall.Errno(0x31)
+	EAFNOSUPPORT    = syscall.Errno(0x2f)
+	EAGAIN          = syscall.Errno(0x23)
+	EALREADY        = syscall.Errno(0x25)
+	EAUTH           = syscall.Errno(0x50)
+	EBADF           = syscall.Errno(0x9)
+	EBADMSG         = syscall.Errno(0x58)
+	EBADRPC         = syscall.Errno(0x48)
+	EBUSY           = syscall.Errno(0x10)
+	ECANCELED       = syscall.Errno(0x57)
+	ECHILD          = syscall.Errno(0xa)
+	ECONNABORTED    = syscall.Errno(0x35)
+	ECONNREFUSED    = syscall.Errno(0x3d)
+	ECONNRESET      = syscall.Errno(0x36)
+	EDEADLK         = syscall.Errno(0xb)
+	EDESTADDRREQ    = syscall.Errno(0x27)
+	EDOM            = syscall.Errno(0x21)
+	EDQUOT          = syscall.Errno(0x45)
+	EEXIST          = syscall.Errno(0x11)
+	EFAULT          = syscall.Errno(0xe)
+	EFBIG           = syscall.Errno(0x1b)
+	EFTYPE          = syscall.Errno(0x4f)
+	EHOSTDOWN       = syscall.Errno(0x40)
+	EHOSTUNREACH    = syscall.Errno(0x41)
+	EIDRM           = syscall.Errno(0x52)
+	EILSEQ          = syscall.Errno(0x55)
+	EINPROGRESS     = syscall.Errno(0x24)
+	EINTR           = syscall.Errno(0x4)
+	EINVAL          = syscall.Errno(0x16)
+	EIO             = syscall.Errno(0x5)
+	EISCONN         = syscall.Errno(0x38)
+	EISDIR          = syscall.Errno(0x15)
+	ELAST           = syscall.Errno(0x60)
+	ELOOP           = syscall.Errno(0x3e)
+	EMFILE          = syscall.Errno(0x18)
+	EMLINK          = syscall.Errno(0x1f)
+	EMSGSIZE        = syscall.Errno(0x28)
+	EMULTIHOP       = syscall.Errno(0x5e)
+	ENAMETOOLONG    = syscall.Errno(0x3f)
+	ENEEDAUTH       = syscall.Errno(0x51)
+	ENETDOWN        = syscall.Errno(0x32)
+	ENETRESET       = syscall.Errno(0x34)
+	ENETUNREACH     = syscall.Errno(0x33)
+	ENFILE          = syscall.Errno(0x17)
+	ENOATTR         = syscall.Errno(0x5d)
+	ENOBUFS         = syscall.Errno(0x37)
+	ENODATA         = syscall.Errno(0x59)
+	ENODEV          = syscall.Errno(0x13)
+	ENOENT          = syscall.Errno(0x2)
+	ENOEXEC         = syscall.Errno(0x8)
+	ENOLCK          = syscall.Errno(0x4d)
+	ENOLINK         = syscall.Errno(0x5f)
+	ENOMEM          = syscall.Errno(0xc)
+	ENOMSG          = syscall.Errno(0x53)
+	ENOPROTOOPT     = syscall.Errno(0x2a)
+	ENOSPC          = syscall.Errno(0x1c)
+	ENOSR           = syscall.Errno(0x5a)
+	ENOSTR          = syscall.Errno(0x5b)
+	ENOSYS          = syscall.Errno(0x4e)
+	ENOTBLK         = syscall.Errno(0xf)
+	ENOTCONN        = syscall.Errno(0x39)
+	ENOTDIR         = syscall.Errno(0x14)
+	ENOTEMPTY       = syscall.Errno(0x42)
+	ENOTSOCK        = syscall.Errno(0x26)
+	ENOTSUP         = syscall.Errno(0x56)
+	ENOTTY          = syscall.Errno(0x19)
+	ENXIO           = syscall.Errno(0x6)
+	EOPNOTSUPP      = syscall.Errno(0x2d)
+	EOVERFLOW       = syscall.Errno(0x54)
+	EPERM           = syscall.Errno(0x1)
+	EPFNOSUPPORT    = syscall.Errno(0x2e)
+	EPIPE           = syscall.Errno(0x20)
+	EPROCLIM        = syscall.Errno(0x43)
+	EPROCUNAVAIL    = syscall.Errno(0x4c)
+	EPROGMISMATCH   = syscall.Errno(0x4b)
+	EPROGUNAVAIL    = syscall.Errno(0x4a)
+	EPROTO          = syscall.Errno(0x60)
+	EPROTONOSUPPORT = syscall.Errno(0x2b)
+	EPROTOTYPE      = syscall.Errno(0x29)
+	ERANGE          = syscall.Errno(0x22)
+	EREMOTE         = syscall.Errno(0x47)
+	EROFS           = syscall.Errno(0x1e)
+	ERPCMISMATCH    = syscall.Errno(0x49)
+	ESHUTDOWN       = syscall.Errno(0x3a)
+	ESOCKTNOSUPPORT = syscall.Errno(0x2c)
+	ESPIPE          = syscall.Errno(0x1d)
+	ESRCH           = syscall.Errno(0x3)
+	ESTALE          = syscall.Errno(0x46)
+	ETIME           = syscall.Errno(0x5c)
+	ETIMEDOUT       = syscall.Errno(0x3c)
+	ETOOMANYREFS    = syscall.Errno(0x3b)
+	ETXTBSY         = syscall.Errno(0x1a)
+	EUSERS          = syscall.Errno(0x44)
+	EWOULDBLOCK     = syscall.Errno(0x23)
+	EXDEV           = syscall.Errno(0x12)
+)
+
+// Signals
+const (
+	SIGABRT   = syscall.Signal(0x6)
+	SIGALRM   = syscall.Signal(0xe)
+	SIGBUS    = syscall.Signal(0xa)
+	SIGCHLD   = syscall.Signal(0x14)
+	SIGCONT   = syscall.Signal(0x13)
+	SIGEMT    = syscall.Signal(0x7)
+	SIGFPE    = syscall.Signal(0x8)
+	SIGHUP    = syscall.Signal(0x1)
+	SIGILL    = syscall.Signal(0x4)
+	SIGINFO   = syscall.Signal(0x1d)
+	SIGINT    = syscall.Signal(0x2)
+	SIGIO     = syscall.Signal(0x17)
+	SIGIOT    = syscall.Signal(0x6)
+	SIGKILL   = syscall.Signal(0x9)
+	SIGPIPE   = syscall.Signal(0xd)
+	SIGPROF   = syscall.Signal(0x1b)
+	SIGPWR    = syscall.Signal(0x20)
+	SIGQUIT   = syscall.Signal(0x3)
+	SIGSEGV   = syscall.Signal(0xb)
+	SIGSTOP   = syscall.Signal(0x11)
+	SIGSYS    = syscall.Signal(0xc)
+	SIGTERM   = syscall.Signal(0xf)
+	SIGTRAP   = syscall.Signal(0x5)
+	SIGTSTP   = syscall.Signal(0x12)
+	SIGTTIN   = syscall.Signal(0x15)
+	SIGTTOU   = syscall.Signal(0x16)
+	SIGURG    = syscall.Signal(0x10)
+	SIGUSR1   = syscall.Signal(0x1e)
+	SIGUSR2   = syscall.Signal(0x1f)
+	SIGVTALRM = syscall.Signal(0x1a)
+	SIGWINCH  = syscall.Signal(0x1c)
+	SIGXCPU   = syscall.Signal(0x18)
+	SIGXFSZ   = syscall.Signal(0x19)
+)
+
+// Error table
+var errorList = [...]struct {
+	num  syscall.Errno
+	name string
+	desc string
+}{
+	{1, "EPERM", "operation not permitted"},
+	{2, "ENOENT", "no such file or directory"},
+	{3, "ESRCH", "no such process"},
+	{4, "EINTR", "interrupted system call"},
+	{5, "EIO", "input/output error"},
+	{6, "ENXIO", "device not configured"},
+	{7, "E2BIG", "argument list too long"},
+	{8, "ENOEXEC", "exec format error"},
+	{9, "EBADF", "bad file descriptor"},
+	{10, "ECHILD", "no child processes"},
+	{11, "EDEADLK", "resource deadlock avoided"},
+	{12, "ENOMEM", "cannot allocate memory"},
+	{13, "EACCES", "permission denied"},
+	{14, "EFAULT", "bad address"},
+	{15, "ENOTBLK", "block device required"},
+	{16, "EBUSY", "device busy"},
+	{17, "EEXIST", "file exists"},
+	{18, "EXDEV", "cross-device link"},
+	{19, "ENODEV", "operation not supported by device"},
+	{20, "ENOTDIR", "not a directory"},
+	{21, "EISDIR", "is a directory"},
+	{22, "EINVAL", "invalid argument"},
+	{23, "ENFILE", "too many open files in system"},
+	{24, "EMFILE", "too many open files"},
+	{25, "ENOTTY", "inappropriate ioctl for device"},
+	{26, "ETXTBSY", "text file busy"},
+	{27, "EFBIG", "file too large"},
+	{28, "ENOSPC", "no space left on device"},
+	{29, "ESPIPE", "illegal seek"},
+	{30, "EROFS", "read-only file system"},
+	{31, "EMLINK", "too many links"},
+	{32, "EPIPE", "broken pipe"},
+	{33, "EDOM", "numerical argument out of domain"},
+	{34, "ERANGE", "result too large or too small"},
+	{35, "EAGAIN", "resource temporarily unavailable"},
+	{36, "EINPROGRESS", "operation now in progress"},
+	{37, "EALREADY", "operation already in progress"},
+	{38, "ENOTSOCK", "socket operation on non-socket"},
+	{39, "EDESTADDRREQ", "destination address required"},
+	{40, "EMSGSIZE", "message too long"},
+	{41, "EPROTOTYPE", "protocol wrong type for socket"},
+	{42, "ENOPROTOOPT", "protocol option not available"},
+	{43, "EPROTONOSUPPORT", "protocol not supported"},
+	{44, "ESOCKTNOSUPPORT", "socket type not supported"},
+	{45, "EOPNOTSUPP", "operation not supported"},
+	{46, "EPFNOSUPPORT", "protocol family not supported"},
+	{47, "EAFNOSUPPORT", "address family not supported by protocol family"},
+	{48, "EADDRINUSE", "address already in use"},
+	{49, "EADDRNOTAVAIL", "can't assign requested address"},
+	{50, "ENETDOWN", "network is down"},
+	{51, "ENETUNREACH", "network is unreachable"},
+	{52, "ENETRESET", "network dropped connection on reset"},
+	{53, "ECONNABORTED", "software caused connection abort"},
+	{54, "ECONNRESET", "connection reset by peer"},
+	{55, "ENOBUFS", "no buffer space available"},
+	{56, "EISCONN", "socket is already connected"},
+	{57, "ENOTCONN", "socket is not connected"},
+	{58, "ESHUTDOWN", "can't send after socket shutdown"},
+	{59, "ETOOMANYREFS", "too many references: can't splice"},
+	{60, "ETIMEDOUT", "connection timed out"},
+	{61, "ECONNREFUSED", "connection refused"},
+	{62, "ELOOP", "too many levels of symbolic links"},
+	{63, "ENAMETOOLONG", "file name too long"},
+	{64, "EHOSTDOWN", "host is down"},
+	{65, "EHOSTUNREACH", "no route to host"},
+	{66, "ENOTEMPTY", "directory not empty"},
+	{67, "EPROCLIM", "too many processes"},
+	{68, "EUSERS", "too many users"},
+	{69, "EDQUOT", "disc quota exceeded"},
+	{70, "ESTALE", "stale NFS file handle"},
+	{71, "EREMOTE", "too many levels of remote in path"},
+	{72, "EBADRPC", "RPC struct is bad"},
+	{73, "ERPCMISMATCH", "RPC version wrong"},
+	{74, "EPROGUNAVAIL", "RPC prog. not avail"},
+	{75, "EPROGMISMATCH", "program version wrong"},
+	{76, "EPROCUNAVAIL", "bad procedure for program"},
+	{77, "ENOLCK", "no locks available"},
+	{78, "ENOSYS", "function not implemented"},
+	{79, "EFTYPE", "inappropriate file type or format"},
+	{80, "EAUTH", "authentication error"},
+	{81, "ENEEDAUTH", "need authenticator"},
+	{82, "EIDRM", "identifier removed"},
+	{83, "ENOMSG", "no message of desired type"},
+	{84, "EOVERFLOW", "value too large to be stored in data type"},
+	{85, "EILSEQ", "illegal byte sequence"},
+	{86, "ENOTSUP", "not supported"},
+	{87, "ECANCELED", "operation Canceled"},
+	{88, "EBADMSG", "bad or Corrupt message"},
+	{89, "ENODATA", "no message available"},
+	{90, "ENOSR", "no STREAM resources"},
+	{91, "ENOSTR", "not a STREAM"},
+	{92, "ETIME", "STREAM ioctl timeout"},
+	{93, "ENOATTR", "attribute not found"},
+	{94, "EMULTIHOP", "multihop attempted"},
+	{95, "ENOLINK", "link has been severed"},
+	{96, "ELAST", "protocol error"},
+}
+
+// Signal table
+var signalList = [...]struct {
+	num  syscall.Signal
+	name string
+	desc string
+}{
+	{1, "SIGHUP", "hangup"},
+	{2, "SIGINT", "interrupt"},
+	{3, "SIGQUIT", "quit"},
+	{4, "SIGILL", "illegal instruction"},
+	{5, "SIGTRAP", "trace/BPT trap"},
+	{6, "SIGIOT", "abort trap"},
+	{7, "SIGEMT", "EMT trap"},
+	{8, "SIGFPE", "floating point exception"},
+	{9, "SIGKILL", "killed"},
+	{10, "SIGBUS", "bus error"},
+	{11, "SIGSEGV", "segmentation fault"},
+	{12, "SIGSYS", "bad system call"},
+	{13, "SIGPIPE", "broken pipe"},
+	{14, "SIGALRM", "alarm clock"},
+	{15, "SIGTERM", "terminated"},
+	{16, "SIGURG", "urgent I/O condition"},
+	{17, "SIGSTOP", "stopped (signal)"},
+	{18, "SIGTSTP", "stopped"},
+	{19, "SIGCONT", "continued"},
+	{20, "SIGCHLD", "child exited"},
+	{21, "SIGTTIN", "stopped (tty input)"},
+	{22, "SIGTTOU", "stopped (tty output)"},
+	{23, "SIGIO", "I/O possible"},
+	{24, "SIGXCPU", "cputime limit exceeded"},
+	{25, "SIGXFSZ", "filesize limit exceeded"},
+	{26, "SIGVTALRM", "virtual timer expired"},
+	{27, "SIGPROF", "profiling timer expired"},
+	{28, "SIGWINCH", "window size changes"},
+	{29, "SIGINFO", "information request"},
+	{30, "SIGUSR1", "user defined signal 1"},
+	{31, "SIGUSR2", "user defined signal 2"},
+	{32, "SIGPWR", "power fail/restart"},
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go
new file mode 100644
index 000000000..c5c03993b
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go
@@ -0,0 +1,1758 @@
+// mkerrors.sh -marm
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build arm,netbsd
+
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs -- -marm _const.go
+
+package unix
+
+import "syscall"
+
+const (
+	AF_APPLETALK                      = 0x10
+	AF_ARP                            = 0x1c
+	AF_BLUETOOTH                      = 0x1f
+	AF_CCITT                          = 0xa
+	AF_CHAOS                          = 0x5
+	AF_CNT                            = 0x15
+	AF_COIP                           = 0x14
+	AF_DATAKIT                        = 0x9
+	AF_DECnet                         = 0xc
+	AF_DLI                            = 0xd
+	AF_E164                           = 0x1a
+	AF_ECMA                           = 0x8
+	AF_HYLINK                         = 0xf
+	AF_IEEE80211                      = 0x20
+	AF_IMPLINK                        = 0x3
+	AF_INET                           = 0x2
+	AF_INET6                          = 0x18
+	AF_IPX                            = 0x17
+	AF_ISDN                           = 0x1a
+	AF_ISO                            = 0x7
+	AF_LAT                            = 0xe
+	AF_LINK                           = 0x12
+	AF_LOCAL                          = 0x1
+	AF_MAX                            = 0x23
+	AF_MPLS                           = 0x21
+	AF_NATM                           = 0x1b
+	AF_NS                             = 0x6
+	AF_OROUTE                         = 0x11
+	AF_OSI                            = 0x7
+	AF_PUP                            = 0x4
+	AF_ROUTE                          = 0x22
+	AF_SNA                            = 0xb
+	AF_UNIX                           = 0x1
+	AF_UNSPEC                         = 0x0
+	ARPHRD_ARCNET                     = 0x7
+	ARPHRD_ETHER                      = 0x1
+	ARPHRD_FRELAY                     = 0xf
+	ARPHRD_IEEE1394                   = 0x18
+	ARPHRD_IEEE802                    = 0x6
+	ARPHRD_STRIP                      = 0x17
+	B0                                = 0x0
+	B110                              = 0x6e
+	B115200                           = 0x1c200
+	B1200                             = 0x4b0
+	B134                              = 0x86
+	B14400                            = 0x3840
+	B150                              = 0x96
+	B1800                             = 0x708
+	B19200                            = 0x4b00
+	B200                              = 0xc8
+	B230400                           = 0x38400
+	B2400                             = 0x960
+	B28800                            = 0x7080
+	B300                              = 0x12c
+	B38400                            = 0x9600
+	B460800                           = 0x70800
+	B4800                             = 0x12c0
+	B50                               = 0x32
+	B57600                            = 0xe100
+	B600                              = 0x258
+	B7200                             = 0x1c20
+	B75                               = 0x4b
+	B76800                            = 0x12c00
+	B921600                           = 0xe1000
+	B9600                             = 0x2580
+	BIOCFEEDBACK                      = 0x8004427d
+	BIOCFLUSH                         = 0x20004268
+	BIOCGBLEN                         = 0x40044266
+	BIOCGDLT                          = 0x4004426a
+	BIOCGDLTLIST                      = 0xc0084277
+	BIOCGETIF                         = 0x4090426b
+	BIOCGFEEDBACK                     = 0x4004427c
+	BIOCGHDRCMPLT                     = 0x40044274
+	BIOCGRTIMEOUT                     = 0x400c427b
+	BIOCGSEESENT                      = 0x40044278
+	BIOCGSTATS                        = 0x4080426f
+	BIOCGSTATSOLD                     = 0x4008426f
+	BIOCIMMEDIATE                     = 0x80044270
+	BIOCPROMISC                       = 0x20004269
+	BIOCSBLEN                         = 0xc0044266
+	BIOCSDLT                          = 0x80044276
+	BIOCSETF                          = 0x80084267
+	BIOCSETIF                         = 0x8090426c
+	BIOCSFEEDBACK                     = 0x8004427d
+	BIOCSHDRCMPLT                     = 0x80044275
+	BIOCSRTIMEOUT                     = 0x800c427a
+	BIOCSSEESENT                      = 0x80044279
+	BIOCSTCPF                         = 0x80084272
+	BIOCSUDPF                         = 0x80084273
+	BIOCVERSION                       = 0x40044271
+	BPF_A                             = 0x10
+	BPF_ABS                           = 0x20
+	BPF_ADD                           = 0x0
+	BPF_ALIGNMENT                     = 0x4
+	BPF_ALIGNMENT32                   = 0x4
+	BPF_ALU                           = 0x4
+	BPF_AND                           = 0x50
+	BPF_B                             = 0x10
+	BPF_DFLTBUFSIZE                   = 0x100000
+	BPF_DIV                           = 0x30
+	BPF_H                             = 0x8
+	BPF_IMM                           = 0x0
+	BPF_IND                           = 0x40
+	BPF_JA                            = 0x0
+	BPF_JEQ                           = 0x10
+	BPF_JGE                           = 0x30
+	BPF_JGT                           = 0x20
+	BPF_JMP                           = 0x5
+	BPF_JSET                          = 0x40
+	BPF_K                             = 0x0
+	BPF_LD                            = 0x0
+	BPF_LDX                           = 0x1
+	BPF_LEN                           = 0x80
+	BPF_LSH                           = 0x60
+	BPF_MAJOR_VERSION                 = 0x1
+	BPF_MAXBUFSIZE                    = 0x1000000
+	BPF_MAXINSNS                      = 0x200
+	BPF_MEM                           = 0x60
+	BPF_MEMWORDS                      = 0x10
+	BPF_MINBUFSIZE                    = 0x20
+	BPF_MINOR_VERSION                 = 0x1
+	BPF_MISC                          = 0x7
+	BPF_MSH                           = 0xa0
+	BPF_MUL                           = 0x20
+	BPF_NEG                           = 0x80
+	BPF_OR                            = 0x40
+	BPF_RELEASE                       = 0x30bb6
+	BPF_RET                           = 0x6
+	BPF_RSH                           = 0x70
+	BPF_ST                            = 0x2
+	BPF_STX                           = 0x3
+	BPF_SUB                           = 0x10
+	BPF_TAX                           = 0x0
+	BPF_TXA                           = 0x80
+	BPF_W                             = 0x0
+	BPF_X                             = 0x8
+	BRKINT                            = 0x2
+	CFLUSH                            = 0xf
+	CLOCAL                            = 0x8000
+	CPUSTATES                         = 0x5
+	CP_IDLE                           = 0x4
+	CP_INTR                           = 0x3
+	CP_NICE                           = 0x1
+	CP_SYS                            = 0x2
+	CP_USER                           = 0x0
+	CREAD                             = 0x800
+	CRTSCTS                           = 0x10000
+	CS5                               = 0x0
+	CS6                               = 0x100
+	CS7                               = 0x200
+	CS8                               = 0x300
+	CSIZE                             = 0x300
+	CSTART                            = 0x11
+	CSTATUS                           = 0x14
+	CSTOP                             = 0x13
+	CSTOPB                            = 0x400
+	CSUSP                             = 0x1a
+	CTL_HW                            = 0x6
+	CTL_KERN                          = 0x1
+	CTL_MAXNAME                       = 0xc
+	CTL_NET                           = 0x4
+	CTL_QUERY                         = -0x2
+	DIOCBSFLUSH                       = 0x20006478
+	DLT_A429                          = 0xb8
+	DLT_A653_ICM                      = 0xb9
+	DLT_AIRONET_HEADER                = 0x78
+	DLT_AOS                           = 0xde
+	DLT_APPLE_IP_OVER_IEEE1394        = 0x8a
+	DLT_ARCNET                        = 0x7
+	DLT_ARCNET_LINUX                  = 0x81
+	DLT_ATM_CLIP                      = 0x13
+	DLT_ATM_RFC1483                   = 0xb
+	DLT_AURORA                        = 0x7e
+	DLT_AX25                          = 0x3
+	DLT_AX25_KISS                     = 0xca
+	DLT_BACNET_MS_TP                  = 0xa5
+	DLT_BLUETOOTH_HCI_H4              = 0xbb
+	DLT_BLUETOOTH_HCI_H4_WITH_PHDR    = 0xc9
+	DLT_CAN20B                        = 0xbe
+	DLT_CAN_SOCKETCAN                 = 0xe3
+	DLT_CHAOS                         = 0x5
+	DLT_CISCO_IOS                     = 0x76
+	DLT_C_HDLC                        = 0x68
+	DLT_C_HDLC_WITH_DIR               = 0xcd
+	DLT_DECT                          = 0xdd
+	DLT_DOCSIS                        = 0x8f
+	DLT_ECONET                        = 0x73
+	DLT_EN10MB                        = 0x1
+	DLT_EN3MB                         = 0x2
+	DLT_ENC                           = 0x6d
+	DLT_ERF                           = 0xc5
+	DLT_ERF_ETH                       = 0xaf
+	DLT_ERF_POS                       = 0xb0
+	DLT_FC_2                          = 0xe0
+	DLT_FC_2_WITH_FRAME_DELIMS        = 0xe1
+	DLT_FDDI                          = 0xa
+	DLT_FLEXRAY                       = 0xd2
+	DLT_FRELAY                        = 0x6b
+	DLT_FRELAY_WITH_DIR               = 0xce
+	DLT_GCOM_SERIAL                   = 0xad
+	DLT_GCOM_T1E1                     = 0xac
+	DLT_GPF_F                         = 0xab
+	DLT_GPF_T                         = 0xaa
+	DLT_GPRS_LLC                      = 0xa9
+	DLT_GSMTAP_ABIS                   = 0xda
+	DLT_GSMTAP_UM                     = 0xd9
+	DLT_HDLC                          = 0x10
+	DLT_HHDLC                         = 0x79
+	DLT_HIPPI                         = 0xf
+	DLT_IBM_SN                        = 0x92
+	DLT_IBM_SP                        = 0x91
+	DLT_IEEE802                       = 0x6
+	DLT_IEEE802_11                    = 0x69
+	DLT_IEEE802_11_RADIO              = 0x7f
+	DLT_IEEE802_11_RADIO_AVS          = 0xa3
+	DLT_IEEE802_15_4                  = 0xc3
+	DLT_IEEE802_15_4_LINUX            = 0xbf
+	DLT_IEEE802_15_4_NONASK_PHY       = 0xd7
+	DLT_IEEE802_16_MAC_CPS            = 0xbc
+	DLT_IEEE802_16_MAC_CPS_RADIO      = 0xc1
+	DLT_IPMB                          = 0xc7
+	DLT_IPMB_LINUX                    = 0xd1
+	DLT_IPNET                         = 0xe2
+	DLT_IPV4                          = 0xe4
+	DLT_IPV6                          = 0xe5
+	DLT_IP_OVER_FC                    = 0x7a
+	DLT_JUNIPER_ATM1                  = 0x89
+	DLT_JUNIPER_ATM2                  = 0x87
+	DLT_JUNIPER_CHDLC                 = 0xb5
+	DLT_JUNIPER_ES                    = 0x84
+	DLT_JUNIPER_ETHER                 = 0xb2
+	DLT_JUNIPER_FRELAY                = 0xb4
+	DLT_JUNIPER_GGSN                  = 0x85
+	DLT_JUNIPER_ISM                   = 0xc2
+	DLT_JUNIPER_MFR                   = 0x86
+	DLT_JUNIPER_MLFR                  = 0x83
+	DLT_JUNIPER_MLPPP                 = 0x82
+	DLT_JUNIPER_MONITOR               = 0xa4
+	DLT_JUNIPER_PIC_PEER              = 0xae
+	DLT_JUNIPER_PPP                   = 0xb3
+	DLT_JUNIPER_PPPOE                 = 0xa7
+	DLT_JUNIPER_PPPOE_ATM             = 0xa8
+	DLT_JUNIPER_SERVICES              = 0x88
+	DLT_JUNIPER_ST                    = 0xc8
+	DLT_JUNIPER_VP                    = 0xb7
+	DLT_LAPB_WITH_DIR                 = 0xcf
+	DLT_LAPD                          = 0xcb
+	DLT_LIN                           = 0xd4
+	DLT_LINUX_EVDEV                   = 0xd8
+	DLT_LINUX_IRDA                    = 0x90
+	DLT_LINUX_LAPD                    = 0xb1
+	DLT_LINUX_SLL                     = 0x71
+	DLT_LOOP                          = 0x6c
+	DLT_LTALK                         = 0x72
+	DLT_MFR                           = 0xb6
+	DLT_MOST                          = 0xd3
+	DLT_MPLS                          = 0xdb
+	DLT_MTP2                          = 0x8c
+	DLT_MTP2_WITH_PHDR                = 0x8b
+	DLT_MTP3                          = 0x8d
+	DLT_NULL                          = 0x0
+	DLT_PCI_EXP                       = 0x7d
+	DLT_PFLOG                         = 0x75
+	DLT_PFSYNC                        = 0x12
+	DLT_PPI                           = 0xc0
+	DLT_PPP                           = 0x9
+	DLT_PPP_BSDOS                     = 0xe
+	DLT_PPP_ETHER                     = 0x33
+	DLT_PPP_PPPD                      = 0xa6
+	DLT_PPP_SERIAL                    = 0x32
+	DLT_PPP_WITH_DIR                  = 0xcc
+	DLT_PRISM_HEADER                  = 0x77
+	DLT_PRONET                        = 0x4
+	DLT_RAIF1                         = 0xc6
+	DLT_RAW                           = 0xc
+	DLT_RAWAF_MASK                    = 0x2240000
+	DLT_RIO                           = 0x7c
+	DLT_SCCP                          = 0x8e
+	DLT_SITA                          = 0xc4
+	DLT_SLIP                          = 0x8
+	DLT_SLIP_BSDOS                    = 0xd
+	DLT_SUNATM                        = 0x7b
+	DLT_SYMANTEC_FIREWALL             = 0x63
+	DLT_TZSP                          = 0x80
+	DLT_USB                           = 0xba
+	DLT_USB_LINUX                     = 0xbd
+	DLT_USB_LINUX_MMAPPED             = 0xdc
+	DLT_WIHART                        = 0xdf
+	DLT_X2E_SERIAL                    = 0xd5
+	DLT_X2E_XORAYA                    = 0xd6
+	DT_BLK                            = 0x6
+	DT_CHR                            = 0x2
+	DT_DIR                            = 0x4
+	DT_FIFO                           = 0x1
+	DT_LNK                            = 0xa
+	DT_REG                            = 0x8
+	DT_SOCK                           = 0xc
+	DT_UNKNOWN                        = 0x0
+	DT_WHT                            = 0xe
+	ECHO                              = 0x8
+	ECHOCTL                           = 0x40
+	ECHOE                             = 0x2
+	ECHOK                             = 0x4
+	ECHOKE                            = 0x1
+	ECHONL                            = 0x10
+	ECHOPRT                           = 0x20
+	EMUL_LINUX                        = 0x1
+	EMUL_LINUX32                      = 0x5
+	EMUL_MAXID                        = 0x6
+	ETHERCAP_JUMBO_MTU                = 0x4
+	ETHERCAP_VLAN_HWTAGGING           = 0x2
+	ETHERCAP_VLAN_MTU                 = 0x1
+	ETHERMIN                          = 0x2e
+	ETHERMTU                          = 0x5dc
+	ETHERMTU_JUMBO                    = 0x2328
+	ETHERTYPE_8023                    = 0x4
+	ETHERTYPE_AARP                    = 0x80f3
+	ETHERTYPE_ACCTON                  = 0x8390
+	ETHERTYPE_AEONIC                  = 0x8036
+	ETHERTYPE_ALPHA                   = 0x814a
+	ETHERTYPE_AMBER                   = 0x6008
+	ETHERTYPE_AMOEBA                  = 0x8145
+	ETHERTYPE_APOLLO                  = 0x80f7
+	ETHERTYPE_APOLLODOMAIN            = 0x8019
+	ETHERTYPE_APPLETALK               = 0x809b
+	ETHERTYPE_APPLITEK                = 0x80c7
+	ETHERTYPE_ARGONAUT                = 0x803a
+	ETHERTYPE_ARP                     = 0x806
+	ETHERTYPE_AT                      = 0x809b
+	ETHERTYPE_ATALK                   = 0x809b
+	ETHERTYPE_ATOMIC                  = 0x86df
+	ETHERTYPE_ATT                     = 0x8069
+	ETHERTYPE_ATTSTANFORD             = 0x8008
+	ETHERTYPE_AUTOPHON                = 0x806a
+	ETHERTYPE_AXIS                    = 0x8856
+	ETHERTYPE_BCLOOP                  = 0x9003
+	ETHERTYPE_BOFL                    = 0x8102
+	ETHERTYPE_CABLETRON               = 0x7034
+	ETHERTYPE_CHAOS                   = 0x804
+	ETHERTYPE_COMDESIGN               = 0x806c
+	ETHERTYPE_COMPUGRAPHIC            = 0x806d
+	ETHERTYPE_COUNTERPOINT            = 0x8062
+	ETHERTYPE_CRONUS                  = 0x8004
+	ETHERTYPE_CRONUSVLN               = 0x8003
+	ETHERTYPE_DCA                     = 0x1234
+	ETHERTYPE_DDE                     = 0x807b
+	ETHERTYPE_DEBNI                   = 0xaaaa
+	ETHERTYPE_DECAM                   = 0x8048
+	ETHERTYPE_DECCUST                 = 0x6006
+	ETHERTYPE_DECDIAG                 = 0x6005
+	ETHERTYPE_DECDNS                  = 0x803c
+	ETHERTYPE_DECDTS                  = 0x803e
+	ETHERTYPE_DECEXPER                = 0x6000
+	ETHERTYPE_DECLAST                 = 0x8041
+	ETHERTYPE_DECLTM                  = 0x803f
+	ETHERTYPE_DECMUMPS                = 0x6009
+	ETHERTYPE_DECNETBIOS              = 0x8040
+	ETHERTYPE_DELTACON                = 0x86de
+	ETHERTYPE_DIDDLE                  = 0x4321
+	ETHERTYPE_DLOG1                   = 0x660
+	ETHERTYPE_DLOG2                   = 0x661
+	ETHERTYPE_DN                      = 0x6003
+	ETHERTYPE_DOGFIGHT                = 0x1989
+	ETHERTYPE_DSMD                    = 0x8039
+	ETHERTYPE_ECMA                    = 0x803
+	ETHERTYPE_ENCRYPT                 = 0x803d
+	ETHERTYPE_ES                      = 0x805d
+	ETHERTYPE_EXCELAN                 = 0x8010
+	ETHERTYPE_EXPERDATA               = 0x8049
+	ETHERTYPE_FLIP                    = 0x8146
+	ETHERTYPE_FLOWCONTROL             = 0x8808
+	ETHERTYPE_FRARP                   = 0x808
+	ETHERTYPE_GENDYN                  = 0x8068
+	ETHERTYPE_HAYES                   = 0x8130
+	ETHERTYPE_HIPPI_FP                = 0x8180
+	ETHERTYPE_HITACHI                 = 0x8820
+	ETHERTYPE_HP                      = 0x8005
+	ETHERTYPE_IEEEPUP                 = 0xa00
+	ETHERTYPE_IEEEPUPAT               = 0xa01
+	ETHERTYPE_IMLBL                   = 0x4c42
+	ETHERTYPE_IMLBLDIAG               = 0x424c
+	ETHERTYPE_IP                      = 0x800
+	ETHERTYPE_IPAS                    = 0x876c
+	ETHERTYPE_IPV6                    = 0x86dd
+	ETHERTYPE_IPX                     = 0x8137
+	ETHERTYPE_IPXNEW                  = 0x8037
+	ETHERTYPE_KALPANA                 = 0x8582
+	ETHERTYPE_LANBRIDGE               = 0x8038
+	ETHERTYPE_LANPROBE                = 0x8888
+	ETHERTYPE_LAT                     = 0x6004
+	ETHERTYPE_LBACK                   = 0x9000
+	ETHERTYPE_LITTLE                  = 0x8060
+	ETHERTYPE_LOGICRAFT               = 0x8148
+	ETHERTYPE_LOOPBACK                = 0x9000
+	ETHERTYPE_MATRA                   = 0x807a
+	ETHERTYPE_MAX                     = 0xffff
+	ETHERTYPE_MERIT                   = 0x807c
+	ETHERTYPE_MICP                    = 0x873a
+	ETHERTYPE_MOPDL                   = 0x6001
+	ETHERTYPE_MOPRC                   = 0x6002
+	ETHERTYPE_MOTOROLA                = 0x818d
+	ETHERTYPE_MPLS                    = 0x8847
+	ETHERTYPE_MPLS_MCAST              = 0x8848
+	ETHERTYPE_MUMPS                   = 0x813f
+	ETHERTYPE_NBPCC                   = 0x3c04
+	ETHERTYPE_NBPCLAIM                = 0x3c09
+	ETHERTYPE_NBPCLREQ                = 0x3c05
+	ETHERTYPE_NBPCLRSP                = 0x3c06
+	ETHERTYPE_NBPCREQ                 = 0x3c02
+	ETHERTYPE_NBPCRSP                 = 0x3c03
+	ETHERTYPE_NBPDG                   = 0x3c07
+	ETHERTYPE_NBPDGB                  = 0x3c08
+	ETHERTYPE_NBPDLTE                 = 0x3c0a
+	ETHERTYPE_NBPRAR                  = 0x3c0c
+	ETHERTYPE_NBPRAS                  = 0x3c0b
+	ETHERTYPE_NBPRST                  = 0x3c0d
+	ETHERTYPE_NBPSCD                  = 0x3c01
+	ETHERTYPE_NBPVCD                  = 0x3c00
+	ETHERTYPE_NBS                     = 0x802
+	ETHERTYPE_NCD                     = 0x8149
+	ETHERTYPE_NESTAR                  = 0x8006
+	ETHERTYPE_NETBEUI                 = 0x8191
+	ETHERTYPE_NOVELL                  = 0x8138
+	ETHERTYPE_NS                      = 0x600
+	ETHERTYPE_NSAT                    = 0x601
+	ETHERTYPE_NSCOMPAT                = 0x807
+	ETHERTYPE_NTRAILER                = 0x10
+	ETHERTYPE_OS9                     = 0x7007
+	ETHERTYPE_OS9NET                  = 0x7009
+	ETHERTYPE_PACER                   = 0x80c6
+	ETHERTYPE_PAE                     = 0x888e
+	ETHERTYPE_PCS                     = 0x4242
+	ETHERTYPE_PLANNING                = 0x8044
+	ETHERTYPE_PPP                     = 0x880b
+	ETHERTYPE_PPPOE                   = 0x8864
+	ETHERTYPE_PPPOEDISC               = 0x8863
+	ETHERTYPE_PRIMENTS                = 0x7031
+	ETHERTYPE_PUP                     = 0x200
+	ETHERTYPE_PUPAT                   = 0x200
+	ETHERTYPE_RACAL                   = 0x7030
+	ETHERTYPE_RATIONAL                = 0x8150
+	ETHERTYPE_RAWFR                   = 0x6559
+	ETHERTYPE_RCL                     = 0x1995
+	ETHERTYPE_RDP                     = 0x8739
+	ETHERTYPE_RETIX                   = 0x80f2
+	ETHERTYPE_REVARP                  = 0x8035
+	ETHERTYPE_SCA                     = 0x6007
+	ETHERTYPE_SECTRA                  = 0x86db
+	ETHERTYPE_SECUREDATA              = 0x876d
+	ETHERTYPE_SGITW                   = 0x817e
+	ETHERTYPE_SG_BOUNCE               = 0x8016
+	ETHERTYPE_SG_DIAG                 = 0x8013
+	ETHERTYPE_SG_NETGAMES             = 0x8014
+	ETHERTYPE_SG_RESV                 = 0x8015
+	ETHERTYPE_SIMNET                  = 0x5208
+	ETHERTYPE_SLOWPROTOCOLS           = 0x8809
+	ETHERTYPE_SNA                     = 0x80d5
+	ETHERTYPE_SNMP                    = 0x814c
+	ETHERTYPE_SONIX                   = 0xfaf5
+	ETHERTYPE_SPIDER                  = 0x809f
+	ETHERTYPE_SPRITE                  = 0x500
+	ETHERTYPE_STP                     = 0x8181
+	ETHERTYPE_TALARIS                 = 0x812b
+	ETHERTYPE_TALARISMC               = 0x852b
+	ETHERTYPE_TCPCOMP                 = 0x876b
+	ETHERTYPE_TCPSM                   = 0x9002
+	ETHERTYPE_TEC                     = 0x814f
+	ETHERTYPE_TIGAN                   = 0x802f
+	ETHERTYPE_TRAIL                   = 0x1000
+	ETHERTYPE_TRANSETHER              = 0x6558
+	ETHERTYPE_TYMSHARE                = 0x802e
+	ETHERTYPE_UBBST                   = 0x7005
+	ETHERTYPE_UBDEBUG                 = 0x900
+	ETHERTYPE_UBDIAGLOOP              = 0x7002
+	ETHERTYPE_UBDL                    = 0x7000
+	ETHERTYPE_UBNIU                   = 0x7001
+	ETHERTYPE_UBNMC                   = 0x7003
+	ETHERTYPE_VALID                   = 0x1600
+	ETHERTYPE_VARIAN                  = 0x80dd
+	ETHERTYPE_VAXELN                  = 0x803b
+	ETHERTYPE_VEECO                   = 0x8067
+	ETHERTYPE_VEXP                    = 0x805b
+	ETHERTYPE_VGLAB                   = 0x8131
+	ETHERTYPE_VINES                   = 0xbad
+	ETHERTYPE_VINESECHO               = 0xbaf
+	ETHERTYPE_VINESLOOP               = 0xbae
+	ETHERTYPE_VITAL                   = 0xff00
+	ETHERTYPE_VLAN                    = 0x8100
+	ETHERTYPE_VLTLMAN                 = 0x8080
+	ETHERTYPE_VPROD                   = 0x805c
+	ETHERTYPE_VURESERVED              = 0x8147
+	ETHERTYPE_WATERLOO                = 0x8130
+	ETHERTYPE_WELLFLEET               = 0x8103
+	ETHERTYPE_X25                     = 0x805
+	ETHERTYPE_X75                     = 0x801
+	ETHERTYPE_XNSSM                   = 0x9001
+	ETHERTYPE_XTP                     = 0x817d
+	ETHER_ADDR_LEN                    = 0x6
+	ETHER_CRC_LEN                     = 0x4
+	ETHER_CRC_POLY_BE                 = 0x4c11db6
+	ETHER_CRC_POLY_LE                 = 0xedb88320
+	ETHER_HDR_LEN                     = 0xe
+	ETHER_MAX_LEN                     = 0x5ee
+	ETHER_MAX_LEN_JUMBO               = 0x233a
+	ETHER_MIN_LEN                     = 0x40
+	ETHER_PPPOE_ENCAP_LEN             = 0x8
+	ETHER_TYPE_LEN                    = 0x2
+	ETHER_VLAN_ENCAP_LEN              = 0x4
+	EVFILT_AIO                        = 0x2
+	EVFILT_PROC                       = 0x4
+	EVFILT_READ                       = 0x0
+	EVFILT_SIGNAL                     = 0x5
+	EVFILT_SYSCOUNT                   = 0x7
+	EVFILT_TIMER                      = 0x6
+	EVFILT_VNODE                      = 0x3
+	EVFILT_WRITE                      = 0x1
+	EV_ADD                            = 0x1
+	EV_CLEAR                          = 0x20
+	EV_DELETE                         = 0x2
+	EV_DISABLE                        = 0x8
+	EV_ENABLE                         = 0x4
+	EV_EOF                            = 0x8000
+	EV_ERROR                          = 0x4000
+	EV_FLAG1                          = 0x2000
+	EV_ONESHOT                        = 0x10
+	EV_SYSFLAGS                       = 0xf000
+	EXTA                              = 0x4b00
+	EXTATTR_CMD_START                 = 0x1
+	EXTATTR_CMD_STOP                  = 0x2
+	EXTATTR_NAMESPACE_SYSTEM          = 0x2
+	EXTATTR_NAMESPACE_USER            = 0x1
+	EXTB                              = 0x9600
+	EXTPROC                           = 0x800
+	FD_CLOEXEC                        = 0x1
+	FD_SETSIZE                        = 0x100
+	FLUSHO                            = 0x800000
+	F_CLOSEM                          = 0xa
+	F_DUPFD                           = 0x0
+	F_DUPFD_CLOEXEC                   = 0xc
+	F_FSCTL                           = -0x80000000
+	F_FSDIRMASK                       = 0x70000000
+	F_FSIN                            = 0x10000000
+	F_FSINOUT                         = 0x30000000
+	F_FSOUT                           = 0x20000000
+	F_FSPRIV                          = 0x8000
+	F_FSVOID                          = 0x40000000
+	F_GETFD                           = 0x1
+	F_GETFL                           = 0x3
+	F_GETLK                           = 0x7
+	F_GETNOSIGPIPE                    = 0xd
+	F_GETOWN                          = 0x5
+	F_MAXFD                           = 0xb
+	F_OK                              = 0x0
+	F_PARAM_MASK                      = 0xfff
+	F_PARAM_MAX                       = 0xfff
+	F_RDLCK                           = 0x1
+	F_SETFD                           = 0x2
+	F_SETFL                           = 0x4
+	F_SETLK                           = 0x8
+	F_SETLKW                          = 0x9
+	F_SETNOSIGPIPE                    = 0xe
+	F_SETOWN                          = 0x6
+	F_UNLCK                           = 0x2
+	F_WRLCK                           = 0x3
+	HUPCL                             = 0x4000
+	HW_MACHINE                        = 0x1
+	ICANON                            = 0x100
+	ICMP6_FILTER                      = 0x12
+	ICRNL                             = 0x100
+	IEXTEN                            = 0x400
+	IFAN_ARRIVAL                      = 0x0
+	IFAN_DEPARTURE                    = 0x1
+	IFA_ROUTE                         = 0x1
+	IFF_ALLMULTI                      = 0x200
+	IFF_BROADCAST                     = 0x2
+	IFF_CANTCHANGE                    = 0x8f52
+	IFF_DEBUG                         = 0x4
+	IFF_LINK0                         = 0x1000
+	IFF_LINK1                         = 0x2000
+	IFF_LINK2                         = 0x4000
+	IFF_LOOPBACK                      = 0x8
+	IFF_MULTICAST                     = 0x8000
+	IFF_NOARP                         = 0x80
+	IFF_NOTRAILERS                    = 0x20
+	IFF_OACTIVE                       = 0x400
+	IFF_POINTOPOINT                   = 0x10
+	IFF_PROMISC                       = 0x100
+	IFF_RUNNING                       = 0x40
+	IFF_SIMPLEX                       = 0x800
+	IFF_UP                            = 0x1
+	IFNAMSIZ                          = 0x10
+	IFT_1822                          = 0x2
+	IFT_A12MPPSWITCH                  = 0x82
+	IFT_AAL2                          = 0xbb
+	IFT_AAL5                          = 0x31
+	IFT_ADSL                          = 0x5e
+	IFT_AFLANE8023                    = 0x3b
+	IFT_AFLANE8025                    = 0x3c
+	IFT_ARAP                          = 0x58
+	IFT_ARCNET                        = 0x23
+	IFT_ARCNETPLUS                    = 0x24
+	IFT_ASYNC                         = 0x54
+	IFT_ATM                           = 0x25
+	IFT_ATMDXI                        = 0x69
+	IFT_ATMFUNI                       = 0x6a
+	IFT_ATMIMA                        = 0x6b
+	IFT_ATMLOGICAL                    = 0x50
+	IFT_ATMRADIO                      = 0xbd
+	IFT_ATMSUBINTERFACE               = 0x86
+	IFT_ATMVCIENDPT                   = 0xc2
+	IFT_ATMVIRTUAL                    = 0x95
+	IFT_BGPPOLICYACCOUNTING           = 0xa2
+	IFT_BRIDGE                        = 0xd1
+	IFT_BSC                           = 0x53
+	IFT_CARP                          = 0xf8
+	IFT_CCTEMUL                       = 0x3d
+	IFT_CEPT                          = 0x13
+	IFT_CES                           = 0x85
+	IFT_CHANNEL                       = 0x46
+	IFT_CNR                           = 0x55
+	IFT_COFFEE                        = 0x84
+	IFT_COMPOSITELINK                 = 0x9b
+	IFT_DCN                           = 0x8d
+	IFT_DIGITALPOWERLINE              = 0x8a
+	IFT_DIGITALWRAPPEROVERHEADCHANNEL = 0xba
+	IFT_DLSW                          = 0x4a
+	IFT_DOCSCABLEDOWNSTREAM           = 0x80
+	IFT_DOCSCABLEMACLAYER             = 0x7f
+	IFT_DOCSCABLEUPSTREAM             = 0x81
+	IFT_DOCSCABLEUPSTREAMCHANNEL      = 0xcd
+	IFT_DS0                           = 0x51
+	IFT_DS0BUNDLE                     = 0x52
+	IFT_DS1FDL                        = 0xaa
+	IFT_DS3                           = 0x1e
+	IFT_DTM                           = 0x8c
+	IFT_DVBASILN                      = 0xac
+	IFT_DVBASIOUT                     = 0xad
+	IFT_DVBRCCDOWNSTREAM              = 0x93
+	IFT_DVBRCCMACLAYER                = 0x92
+	IFT_DVBRCCUPSTREAM                = 0x94
+	IFT_ECONET                        = 0xce
+	IFT_EON                           = 0x19
+	IFT_EPLRS                         = 0x57
+	IFT_ESCON                         = 0x49
+	IFT_ETHER                         = 0x6
+	IFT_FAITH                         = 0xf2
+	IFT_FAST                          = 0x7d
+	IFT_FASTETHER                     = 0x3e
+	IFT_FASTETHERFX                   = 0x45
+	IFT_FDDI                          = 0xf
+	IFT_FIBRECHANNEL                  = 0x38
+	IFT_FRAMERELAYINTERCONNECT        = 0x3a
+	IFT_FRAMERELAYMPI                 = 0x5c
+	IFT_FRDLCIENDPT                   = 0xc1
+	IFT_FRELAY                        = 0x20
+	IFT_FRELAYDCE                     = 0x2c
+	IFT_FRF16MFRBUNDLE                = 0xa3
+	IFT_FRFORWARD                     = 0x9e
+	IFT_G703AT2MB                     = 0x43
+	IFT_G703AT64K                     = 0x42
+	IFT_GIF                           = 0xf0
+	IFT_GIGABITETHERNET               = 0x75
+	IFT_GR303IDT                      = 0xb2
+	IFT_GR303RDT                      = 0xb1
+	IFT_H323GATEKEEPER                = 0xa4
+	IFT_H323PROXY                     = 0xa5
+	IFT_HDH1822                       = 0x3
+	IFT_HDLC                          = 0x76
+	IFT_HDSL2                         = 0xa8
+	IFT_HIPERLAN2                     = 0xb7
+	IFT_HIPPI                         = 0x2f
+	IFT_HIPPIINTERFACE                = 0x39
+	IFT_HOSTPAD                       = 0x5a
+	IFT_HSSI                          = 0x2e
+	IFT_HY                            = 0xe
+	IFT_IBM370PARCHAN                 = 0x48
+	IFT_IDSL                          = 0x9a
+	IFT_IEEE1394                      = 0x90
+	IFT_IEEE80211                     = 0x47
+	IFT_IEEE80212                     = 0x37
+	IFT_IEEE8023ADLAG                 = 0xa1
+	IFT_IFGSN                         = 0x91
+	IFT_IMT                           = 0xbe
+	IFT_INFINIBAND                    = 0xc7
+	IFT_INTERLEAVE                    = 0x7c
+	IFT_IP                            = 0x7e
+	IFT_IPFORWARD                     = 0x8e
+	IFT_IPOVERATM                     = 0x72
+	IFT_IPOVERCDLC                    = 0x6d
+	IFT_IPOVERCLAW                    = 0x6e
+	IFT_IPSWITCH                      = 0x4e
+	IFT_ISDN                          = 0x3f
+	IFT_ISDNBASIC                     = 0x14
+	IFT_ISDNPRIMARY                   = 0x15
+	IFT_ISDNS                         = 0x4b
+	IFT_ISDNU                         = 0x4c
+	IFT_ISO88022LLC                   = 0x29
+	IFT_ISO88023                      = 0x7
+	IFT_ISO88024                      = 0x8
+	IFT_ISO88025                      = 0x9
+	IFT_ISO88025CRFPINT               = 0x62
+	IFT_ISO88025DTR                   = 0x56
+	IFT_ISO88025FIBER                 = 0x73
+	IFT_ISO88026                      = 0xa
+	IFT_ISUP                          = 0xb3
+	IFT_L2VLAN                        = 0x87
+	IFT_L3IPVLAN                      = 0x88
+	IFT_L3IPXVLAN                     = 0x89
+	IFT_LAPB                          = 0x10
+	IFT_LAPD                          = 0x4d
+	IFT_LAPF                          = 0x77
+	IFT_LINEGROUP                     = 0xd2
+	IFT_LOCALTALK                     = 0x2a
+	IFT_LOOP                          = 0x18
+	IFT_MEDIAMAILOVERIP               = 0x8b
+	IFT_MFSIGLINK                     = 0xa7
+	IFT_MIOX25                        = 0x26
+	IFT_MODEM                         = 0x30
+	IFT_MPC                           = 0x71
+	IFT_MPLS                          = 0xa6
+	IFT_MPLSTUNNEL                    = 0x96
+	IFT_MSDSL                         = 0x8f
+	IFT_MVL                           = 0xbf
+	IFT_MYRINET                       = 0x63
+	IFT_NFAS                          = 0xaf
+	IFT_NSIP                          = 0x1b
+	IFT_OPTICALCHANNEL                = 0xc3
+	IFT_OPTICALTRANSPORT              = 0xc4
+	IFT_OTHER                         = 0x1
+	IFT_P10                           = 0xc
+	IFT_P80                           = 0xd
+	IFT_PARA                          = 0x22
+	IFT_PFLOG                         = 0xf5
+	IFT_PFSYNC                        = 0xf6
+	IFT_PLC                           = 0xae
+	IFT_PON155                        = 0xcf
+	IFT_PON622                        = 0xd0
+	IFT_POS                           = 0xab
+	IFT_PPP                           = 0x17
+	IFT_PPPMULTILINKBUNDLE            = 0x6c
+	IFT_PROPATM                       = 0xc5
+	IFT_PROPBWAP2MP                   = 0xb8
+	IFT_PROPCNLS                      = 0x59
+	IFT_PROPDOCSWIRELESSDOWNSTREAM    = 0xb5
+	IFT_PROPDOCSWIRELESSMACLAYER      = 0xb4
+	IFT_PROPDOCSWIRELESSUPSTREAM      = 0xb6
+	IFT_PROPMUX                       = 0x36
+	IFT_PROPVIRTUAL                   = 0x35
+	IFT_PROPWIRELESSP2P               = 0x9d
+	IFT_PTPSERIAL                     = 0x16
+	IFT_PVC                           = 0xf1
+	IFT_Q2931                         = 0xc9
+	IFT_QLLC                          = 0x44
+	IFT_RADIOMAC                      = 0xbc
+	IFT_RADSL                         = 0x5f
+	IFT_REACHDSL                      = 0xc0
+	IFT_RFC1483                       = 0x9f
+	IFT_RS232                         = 0x21
+	IFT_RSRB                          = 0x4f
+	IFT_SDLC                          = 0x11
+	IFT_SDSL                          = 0x60
+	IFT_SHDSL                         = 0xa9
+	IFT_SIP                           = 0x1f
+	IFT_SIPSIG                        = 0xcc
+	IFT_SIPTG                         = 0xcb
+	IFT_SLIP                          = 0x1c
+	IFT_SMDSDXI                       = 0x2b
+	IFT_SMDSICIP                      = 0x34
+	IFT_SONET                         = 0x27
+	IFT_SONETOVERHEADCHANNEL          = 0xb9
+	IFT_SONETPATH                     = 0x32
+	IFT_SONETVT                       = 0x33
+	IFT_SRP                           = 0x97
+	IFT_SS7SIGLINK                    = 0x9c
+	IFT_STACKTOSTACK                  = 0x6f
+	IFT_STARLAN                       = 0xb
+	IFT_STF                           = 0xd7
+	IFT_T1                            = 0x12
+	IFT_TDLC                          = 0x74
+	IFT_TELINK                        = 0xc8
+	IFT_TERMPAD                       = 0x5b
+	IFT_TR008                         = 0xb0
+	IFT_TRANSPHDLC                    = 0x7b
+	IFT_TUNNEL                        = 0x83
+	IFT_ULTRA                         = 0x1d
+	IFT_USB                           = 0xa0
+	IFT_V11                           = 0x40
+	IFT_V35                           = 0x2d
+	IFT_V36                           = 0x41
+	IFT_V37                           = 0x78
+	IFT_VDSL                          = 0x61
+	IFT_VIRTUALIPADDRESS              = 0x70
+	IFT_VIRTUALTG                     = 0xca
+	IFT_VOICEDID                      = 0xd5
+	IFT_VOICEEM                       = 0x64
+	IFT_VOICEEMFGD                    = 0xd3
+	IFT_VOICEENCAP                    = 0x67
+	IFT_VOICEFGDEANA                  = 0xd4
+	IFT_VOICEFXO                      = 0x65
+	IFT_VOICEFXS                      = 0x66
+	IFT_VOICEOVERATM                  = 0x98
+	IFT_VOICEOVERCABLE                = 0xc6
+	IFT_VOICEOVERFRAMERELAY           = 0x99
+	IFT_VOICEOVERIP                   = 0x68
+	IFT_X213                          = 0x5d
+	IFT_X25                           = 0x5
+	IFT_X25DDN                        = 0x4
+	IFT_X25HUNTGROUP                  = 0x7a
+	IFT_X25MLP                        = 0x79
+	IFT_X25PLE                        = 0x28
+	IFT_XETHER                        = 0x1a
+	IGNBRK                            = 0x1
+	IGNCR                             = 0x80
+	IGNPAR                            = 0x4
+	IMAXBEL                           = 0x2000
+	INLCR                             = 0x40
+	INPCK                             = 0x10
+	IN_CLASSA_HOST                    = 0xffffff
+	IN_CLASSA_MAX                     = 0x80
+	IN_CLASSA_NET                     = 0xff000000
+	IN_CLASSA_NSHIFT                  = 0x18
+	IN_CLASSB_HOST                    = 0xffff
+	IN_CLASSB_MAX                     = 0x10000
+	IN_CLASSB_NET                     = 0xffff0000
+	IN_CLASSB_NSHIFT                  = 0x10
+	IN_CLASSC_HOST                    = 0xff
+	IN_CLASSC_NET                     = 0xffffff00
+	IN_CLASSC_NSHIFT                  = 0x8
+	IN_CLASSD_HOST                    = 0xfffffff
+	IN_CLASSD_NET                     = 0xf0000000
+	IN_CLASSD_NSHIFT                  = 0x1c
+	IN_LOOPBACKNET                    = 0x7f
+	IPPROTO_AH                        = 0x33
+	IPPROTO_CARP                      = 0x70
+	IPPROTO_DONE                      = 0x101
+	IPPROTO_DSTOPTS                   = 0x3c
+	IPPROTO_EGP                       = 0x8
+	IPPROTO_ENCAP                     = 0x62
+	IPPROTO_EON                       = 0x50
+	IPPROTO_ESP                       = 0x32
+	IPPROTO_ETHERIP                   = 0x61
+	IPPROTO_FRAGMENT                  = 0x2c
+	IPPROTO_GGP                       = 0x3
+	IPPROTO_GRE                       = 0x2f
+	IPPROTO_HOPOPTS                   = 0x0
+	IPPROTO_ICMP                      = 0x1
+	IPPROTO_ICMPV6                    = 0x3a
+	IPPROTO_IDP                       = 0x16
+	IPPROTO_IGMP                      = 0x2
+	IPPROTO_IP                        = 0x0
+	IPPROTO_IPCOMP                    = 0x6c
+	IPPROTO_IPIP                      = 0x4
+	IPPROTO_IPV4                      = 0x4
+	IPPROTO_IPV6                      = 0x29
+	IPPROTO_IPV6_ICMP                 = 0x3a
+	IPPROTO_MAX                       = 0x100
+	IPPROTO_MAXID                     = 0x34
+	IPPROTO_MOBILE                    = 0x37
+	IPPROTO_NONE                      = 0x3b
+	IPPROTO_PFSYNC                    = 0xf0
+	IPPROTO_PIM                       = 0x67
+	IPPROTO_PUP                       = 0xc
+	IPPROTO_RAW                       = 0xff
+	IPPROTO_ROUTING                   = 0x2b
+	IPPROTO_RSVP                      = 0x2e
+	IPPROTO_TCP                       = 0x6
+	IPPROTO_TP                        = 0x1d
+	IPPROTO_UDP                       = 0x11
+	IPPROTO_VRRP                      = 0x70
+	IPV6_CHECKSUM                     = 0x1a
+	IPV6_DEFAULT_MULTICAST_HOPS       = 0x1
+	IPV6_DEFAULT_MULTICAST_LOOP       = 0x1
+	IPV6_DEFHLIM                      = 0x40
+	IPV6_DONTFRAG                     = 0x3e
+	IPV6_DSTOPTS                      = 0x32
+	IPV6_FAITH                        = 0x1d
+	IPV6_FLOWINFO_MASK                = 0xffffff0f
+	IPV6_FLOWLABEL_MASK               = 0xffff0f00
+	IPV6_FRAGTTL                      = 0x78
+	IPV6_HLIMDEC                      = 0x1
+	IPV6_HOPLIMIT                     = 0x2f
+	IPV6_HOPOPTS                      = 0x31
+	IPV6_IPSEC_POLICY                 = 0x1c
+	IPV6_JOIN_GROUP                   = 0xc
+	IPV6_LEAVE_GROUP                  = 0xd
+	IPV6_MAXHLIM                      = 0xff
+	IPV6_MAXPACKET                    = 0xffff
+	IPV6_MMTU                         = 0x500
+	IPV6_MULTICAST_HOPS               = 0xa
+	IPV6_MULTICAST_IF                 = 0x9
+	IPV6_MULTICAST_LOOP               = 0xb
+	IPV6_NEXTHOP                      = 0x30
+	IPV6_PATHMTU                      = 0x2c
+	IPV6_PKTINFO                      = 0x2e
+	IPV6_PORTRANGE                    = 0xe
+	IPV6_PORTRANGE_DEFAULT            = 0x0
+	IPV6_PORTRANGE_HIGH               = 0x1
+	IPV6_PORTRANGE_LOW                = 0x2
+	IPV6_RECVDSTOPTS                  = 0x28
+	IPV6_RECVHOPLIMIT                 = 0x25
+	IPV6_RECVHOPOPTS                  = 0x27
+	IPV6_RECVPATHMTU                  = 0x2b
+	IPV6_RECVPKTINFO                  = 0x24
+	IPV6_RECVRTHDR                    = 0x26
+	IPV6_RECVTCLASS                   = 0x39
+	IPV6_RTHDR                        = 0x33
+	IPV6_RTHDRDSTOPTS                 = 0x23
+	IPV6_RTHDR_LOOSE                  = 0x0
+	IPV6_RTHDR_STRICT                 = 0x1
+	IPV6_RTHDR_TYPE_0                 = 0x0
+	IPV6_SOCKOPT_RESERVED1            = 0x3
+	IPV6_TCLASS                       = 0x3d
+	IPV6_UNICAST_HOPS                 = 0x4
+	IPV6_USE_MIN_MTU                  = 0x2a
+	IPV6_V6ONLY                       = 0x1b
+	IPV6_VERSION                      = 0x60
+	IPV6_VERSION_MASK                 = 0xf0
+	IP_ADD_MEMBERSHIP                 = 0xc
+	IP_DEFAULT_MULTICAST_LOOP         = 0x1
+	IP_DEFAULT_MULTICAST_TTL          = 0x1
+	IP_DF                             = 0x4000
+	IP_DROP_MEMBERSHIP                = 0xd
+	IP_EF                             = 0x8000
+	IP_ERRORMTU                       = 0x15
+	IP_HDRINCL                        = 0x2
+	IP_IPSEC_POLICY                   = 0x16
+	IP_MAXPACKET                      = 0xffff
+	IP_MAX_MEMBERSHIPS                = 0x14
+	IP_MF                             = 0x2000
+	IP_MINFRAGSIZE                    = 0x45
+	IP_MINTTL                         = 0x18
+	IP_MSS                            = 0x240
+	IP_MULTICAST_IF                   = 0x9
+	IP_MULTICAST_LOOP                 = 0xb
+	IP_MULTICAST_TTL                  = 0xa
+	IP_OFFMASK                        = 0x1fff
+	IP_OPTIONS                        = 0x1
+	IP_PORTRANGE                      = 0x13
+	IP_PORTRANGE_DEFAULT              = 0x0
+	IP_PORTRANGE_HIGH                 = 0x1
+	IP_PORTRANGE_LOW                  = 0x2
+	IP_RECVDSTADDR                    = 0x7
+	IP_RECVIF                         = 0x14
+	IP_RECVOPTS                       = 0x5
+	IP_RECVRETOPTS                    = 0x6
+	IP_RECVTTL                        = 0x17
+	IP_RETOPTS                        = 0x8
+	IP_RF                             = 0x8000
+	IP_TOS                            = 0x3
+	IP_TTL                            = 0x4
+	ISIG                              = 0x80
+	ISTRIP                            = 0x20
+	IXANY                             = 0x800
+	IXOFF                             = 0x400
+	IXON                              = 0x200
+	KERN_HOSTNAME                     = 0xa
+	KERN_OSRELEASE                    = 0x2
+	KERN_OSTYPE                       = 0x1
+	KERN_VERSION                      = 0x4
+	LOCK_EX                           = 0x2
+	LOCK_NB                           = 0x4
+	LOCK_SH                           = 0x1
+	LOCK_UN                           = 0x8
+	MADV_DONTNEED                     = 0x4
+	MADV_FREE                         = 0x6
+	MADV_NORMAL                       = 0x0
+	MADV_RANDOM                       = 0x1
+	MADV_SEQUENTIAL                   = 0x2
+	MADV_SPACEAVAIL                   = 0x5
+	MADV_WILLNEED                     = 0x3
+	MAP_ALIGNMENT_16MB                = 0x18000000
+	MAP_ALIGNMENT_1TB                 = 0x28000000
+	MAP_ALIGNMENT_256TB               = 0x30000000
+	MAP_ALIGNMENT_4GB                 = 0x20000000
+	MAP_ALIGNMENT_64KB                = 0x10000000
+	MAP_ALIGNMENT_64PB                = 0x38000000
+	MAP_ALIGNMENT_MASK                = -0x1000000
+	MAP_ALIGNMENT_SHIFT               = 0x18
+	MAP_ANON                          = 0x1000
+	MAP_FILE                          = 0x0
+	MAP_FIXED                         = 0x10
+	MAP_HASSEMAPHORE                  = 0x200
+	MAP_INHERIT                       = 0x80
+	MAP_INHERIT_COPY                  = 0x1
+	MAP_INHERIT_DEFAULT               = 0x1
+	MAP_INHERIT_DONATE_COPY           = 0x3
+	MAP_INHERIT_NONE                  = 0x2
+	MAP_INHERIT_SHARE                 = 0x0
+	MAP_NORESERVE                     = 0x40
+	MAP_PRIVATE                       = 0x2
+	MAP_RENAME                        = 0x20
+	MAP_SHARED                        = 0x1
+	MAP_STACK                         = 0x2000
+	MAP_TRYFIXED                      = 0x400
+	MAP_WIRED                         = 0x800
+	MNT_ASYNC                         = 0x40
+	MNT_BASIC_FLAGS                   = 0xe782807f
+	MNT_DEFEXPORTED                   = 0x200
+	MNT_DISCARD                       = 0x800000
+	MNT_EXKERB                        = 0x800
+	MNT_EXNORESPORT                   = 0x8000000
+	MNT_EXPORTANON                    = 0x400
+	MNT_EXPORTED                      = 0x100
+	MNT_EXPUBLIC                      = 0x10000000
+	MNT_EXRDONLY                      = 0x80
+	MNT_EXTATTR                       = 0x1000000
+	MNT_FORCE                         = 0x80000
+	MNT_GETARGS                       = 0x400000
+	MNT_IGNORE                        = 0x100000
+	MNT_LAZY                          = 0x3
+	MNT_LOCAL                         = 0x1000
+	MNT_LOG                           = 0x2000000
+	MNT_NOATIME                       = 0x4000000
+	MNT_NOCOREDUMP                    = 0x8000
+	MNT_NODEV                         = 0x10
+	MNT_NODEVMTIME                    = 0x40000000
+	MNT_NOEXEC                        = 0x4
+	MNT_NOSUID                        = 0x8
+	MNT_NOWAIT                        = 0x2
+	MNT_OP_FLAGS                      = 0x4d0000
+	MNT_QUOTA                         = 0x2000
+	MNT_RDONLY                        = 0x1
+	MNT_RELATIME                      = 0x20000
+	MNT_RELOAD                        = 0x40000
+	MNT_ROOTFS                        = 0x4000
+	MNT_SOFTDEP                       = 0x80000000
+	MNT_SYMPERM                       = 0x20000000
+	MNT_SYNCHRONOUS                   = 0x2
+	MNT_UNION                         = 0x20
+	MNT_UPDATE                        = 0x10000
+	MNT_VISFLAGMASK                   = 0xff90ffff
+	MNT_WAIT                          = 0x1
+	MSG_BCAST                         = 0x100
+	MSG_CMSG_CLOEXEC                  = 0x800
+	MSG_CONTROLMBUF                   = 0x2000000
+	MSG_CTRUNC                        = 0x20
+	MSG_DONTROUTE                     = 0x4
+	MSG_DONTWAIT                      = 0x80
+	MSG_EOR                           = 0x8
+	MSG_IOVUSRSPACE                   = 0x4000000
+	MSG_LENUSRSPACE                   = 0x8000000
+	MSG_MCAST                         = 0x200
+	MSG_NAMEMBUF                      = 0x1000000
+	MSG_NBIO                          = 0x1000
+	MSG_NOSIGNAL                      = 0x400
+	MSG_OOB                           = 0x1
+	MSG_PEEK                          = 0x2
+	MSG_TRUNC                         = 0x10
+	MSG_USERFLAGS                     = 0xffffff
+	MSG_WAITALL                       = 0x40
+	MS_ASYNC                          = 0x1
+	MS_INVALIDATE                     = 0x2
+	MS_SYNC                           = 0x4
+	NAME_MAX                          = 0x1ff
+	NET_RT_DUMP                       = 0x1
+	NET_RT_FLAGS                      = 0x2
+	NET_RT_IFLIST                     = 0x5
+	NET_RT_MAXID                      = 0x6
+	NET_RT_OIFLIST                    = 0x4
+	NET_RT_OOIFLIST                   = 0x3
+	NFDBITS                           = 0x20
+	NOFLSH                            = 0x80000000
+	NOTE_ATTRIB                       = 0x8
+	NOTE_CHILD                        = 0x4
+	NOTE_DELETE                       = 0x1
+	NOTE_EXEC                         = 0x20000000
+	NOTE_EXIT                         = 0x80000000
+	NOTE_EXTEND                       = 0x4
+	NOTE_FORK                         = 0x40000000
+	NOTE_LINK                         = 0x10
+	NOTE_LOWAT                        = 0x1
+	NOTE_PCTRLMASK                    = 0xf0000000
+	NOTE_PDATAMASK                    = 0xfffff
+	NOTE_RENAME                       = 0x20
+	NOTE_REVOKE                       = 0x40
+	NOTE_TRACK                        = 0x1
+	NOTE_TRACKERR                     = 0x2
+	NOTE_WRITE                        = 0x2
+	OCRNL                             = 0x10
+	OFIOGETBMAP                       = 0xc004667a
+	ONLCR                             = 0x2
+	ONLRET                            = 0x40
+	ONOCR                             = 0x20
+	ONOEOT                            = 0x8
+	OPOST                             = 0x1
+	O_ACCMODE                         = 0x3
+	O_ALT_IO                          = 0x40000
+	O_APPEND                          = 0x8
+	O_ASYNC                           = 0x40
+	O_CLOEXEC                         = 0x400000
+	O_CREAT                           = 0x200
+	O_DIRECT                          = 0x80000
+	O_DIRECTORY                       = 0x200000
+	O_DSYNC                           = 0x10000
+	O_EXCL                            = 0x800
+	O_EXLOCK                          = 0x20
+	O_FSYNC                           = 0x80
+	O_NDELAY                          = 0x4
+	O_NOCTTY                          = 0x8000
+	O_NOFOLLOW                        = 0x100
+	O_NONBLOCK                        = 0x4
+	O_NOSIGPIPE                       = 0x1000000
+	O_RDONLY                          = 0x0
+	O_RDWR                            = 0x2
+	O_RSYNC                           = 0x20000
+	O_SHLOCK                          = 0x10
+	O_SYNC                            = 0x80
+	O_TRUNC                           = 0x400
+	O_WRONLY                          = 0x1
+	PARENB                            = 0x1000
+	PARMRK                            = 0x8
+	PARODD                            = 0x2000
+	PENDIN                            = 0x20000000
+	PROT_EXEC                         = 0x4
+	PROT_NONE                         = 0x0
+	PROT_READ                         = 0x1
+	PROT_WRITE                        = 0x2
+	PRI_IOFLUSH                       = 0x7c
+	PRIO_PGRP                         = 0x1
+	PRIO_PROCESS                      = 0x0
+	PRIO_USER                         = 0x2
+	RLIMIT_AS                         = 0xa
+	RLIMIT_CORE                       = 0x4
+	RLIMIT_CPU                        = 0x0
+	RLIMIT_DATA                       = 0x2
+	RLIMIT_FSIZE                      = 0x1
+	RLIMIT_MEMLOCK                    = 0x6
+	RLIMIT_NOFILE                     = 0x8
+	RLIMIT_NPROC                      = 0x7
+	RLIMIT_RSS                        = 0x5
+	RLIMIT_STACK                      = 0x3
+	RLIM_INFINITY                     = 0x7fffffffffffffff
+	RTAX_AUTHOR                       = 0x6
+	RTAX_BRD                          = 0x7
+	RTAX_DST                          = 0x0
+	RTAX_GATEWAY                      = 0x1
+	RTAX_GENMASK                      = 0x3
+	RTAX_IFA                          = 0x5
+	RTAX_IFP                          = 0x4
+	RTAX_MAX                          = 0x9
+	RTAX_NETMASK                      = 0x2
+	RTAX_TAG                          = 0x8
+	RTA_AUTHOR                        = 0x40
+	RTA_BRD                           = 0x80
+	RTA_DST                           = 0x1
+	RTA_GATEWAY                       = 0x2
+	RTA_GENMASK                       = 0x8
+	RTA_IFA                           = 0x20
+	RTA_IFP                           = 0x10
+	RTA_NETMASK                       = 0x4
+	RTA_TAG                           = 0x100
+	RTF_ANNOUNCE                      = 0x20000
+	RTF_BLACKHOLE                     = 0x1000
+	RTF_CLONED                        = 0x2000
+	RTF_CLONING                       = 0x100
+	RTF_DONE                          = 0x40
+	RTF_DYNAMIC                       = 0x10
+	RTF_GATEWAY                       = 0x2
+	RTF_HOST                          = 0x4
+	RTF_LLINFO                        = 0x400
+	RTF_MASK                          = 0x80
+	RTF_MODIFIED                      = 0x20
+	RTF_PROTO1                        = 0x8000
+	RTF_PROTO2                        = 0x4000
+	RTF_REJECT                        = 0x8
+	RTF_SRC                           = 0x10000
+	RTF_STATIC                        = 0x800
+	RTF_UP                            = 0x1
+	RTF_XRESOLVE                      = 0x200
+	RTM_ADD                           = 0x1
+	RTM_CHANGE                        = 0x3
+	RTM_CHGADDR                       = 0x15
+	RTM_DELADDR                       = 0xd
+	RTM_DELETE                        = 0x2
+	RTM_GET                           = 0x4
+	RTM_IEEE80211                     = 0x11
+	RTM_IFANNOUNCE                    = 0x10
+	RTM_IFINFO                        = 0x14
+	RTM_LLINFO_UPD                    = 0x13
+	RTM_LOCK                          = 0x8
+	RTM_LOSING                        = 0x5
+	RTM_MISS                          = 0x7
+	RTM_NEWADDR                       = 0xc
+	RTM_OIFINFO                       = 0xf
+	RTM_OLDADD                        = 0x9
+	RTM_OLDDEL                        = 0xa
+	RTM_OOIFINFO                      = 0xe
+	RTM_REDIRECT                      = 0x6
+	RTM_RESOLVE                       = 0xb
+	RTM_RTTUNIT                       = 0xf4240
+	RTM_SETGATE                       = 0x12
+	RTM_VERSION                       = 0x4
+	RTV_EXPIRE                        = 0x4
+	RTV_HOPCOUNT                      = 0x2
+	RTV_MTU                           = 0x1
+	RTV_RPIPE                         = 0x8
+	RTV_RTT                           = 0x40
+	RTV_RTTVAR                        = 0x80
+	RTV_SPIPE                         = 0x10
+	RTV_SSTHRESH                      = 0x20
+	RUSAGE_CHILDREN                   = -0x1
+	RUSAGE_SELF                       = 0x0
+	SCM_CREDS                         = 0x4
+	SCM_RIGHTS                        = 0x1
+	SCM_TIMESTAMP                     = 0x8
+	SHUT_RD                           = 0x0
+	SHUT_RDWR                         = 0x2
+	SHUT_WR                           = 0x1
+	SIOCADDMULTI                      = 0x80906931
+	SIOCADDRT                         = 0x8030720a
+	SIOCAIFADDR                       = 0x8040691a
+	SIOCALIFADDR                      = 0x8118691c
+	SIOCATMARK                        = 0x40047307
+	SIOCDELMULTI                      = 0x80906932
+	SIOCDELRT                         = 0x8030720b
+	SIOCDIFADDR                       = 0x80906919
+	SIOCDIFPHYADDR                    = 0x80906949
+	SIOCDLIFADDR                      = 0x8118691e
+	SIOCGDRVSPEC                      = 0xc01c697b
+	SIOCGETPFSYNC                     = 0xc09069f8
+	SIOCGETSGCNT                      = 0xc0147534
+	SIOCGETVIFCNT                     = 0xc0147533
+	SIOCGHIWAT                        = 0x40047301
+	SIOCGIFADDR                       = 0xc0906921
+	SIOCGIFADDRPREF                   = 0xc0946920
+	SIOCGIFALIAS                      = 0xc040691b
+	SIOCGIFBRDADDR                    = 0xc0906923
+	SIOCGIFCAP                        = 0xc0206976
+	SIOCGIFCONF                       = 0xc0086926
+	SIOCGIFDATA                       = 0xc0946985
+	SIOCGIFDLT                        = 0xc0906977
+	SIOCGIFDSTADDR                    = 0xc0906922
+	SIOCGIFFLAGS                      = 0xc0906911
+	SIOCGIFGENERIC                    = 0xc090693a
+	SIOCGIFMEDIA                      = 0xc0286936
+	SIOCGIFMETRIC                     = 0xc0906917
+	SIOCGIFMTU                        = 0xc090697e
+	SIOCGIFNETMASK                    = 0xc0906925
+	SIOCGIFPDSTADDR                   = 0xc0906948
+	SIOCGIFPSRCADDR                   = 0xc0906947
+	SIOCGLIFADDR                      = 0xc118691d
+	SIOCGLIFPHYADDR                   = 0xc118694b
+	SIOCGLINKSTR                      = 0xc01c6987
+	SIOCGLOWAT                        = 0x40047303
+	SIOCGPGRP                         = 0x40047309
+	SIOCGVH                           = 0xc0906983
+	SIOCIFCREATE                      = 0x8090697a
+	SIOCIFDESTROY                     = 0x80906979
+	SIOCIFGCLONERS                    = 0xc00c6978
+	SIOCINITIFADDR                    = 0xc0446984
+	SIOCSDRVSPEC                      = 0x801c697b
+	SIOCSETPFSYNC                     = 0x809069f7
+	SIOCSHIWAT                        = 0x80047300
+	SIOCSIFADDR                       = 0x8090690c
+	SIOCSIFADDRPREF                   = 0x8094691f
+	SIOCSIFBRDADDR                    = 0x80906913
+	SIOCSIFCAP                        = 0x80206975
+	SIOCSIFDSTADDR                    = 0x8090690e
+	SIOCSIFFLAGS                      = 0x80906910
+	SIOCSIFGENERIC                    = 0x80906939
+	SIOCSIFMEDIA                      = 0xc0906935
+	SIOCSIFMETRIC                     = 0x80906918
+	SIOCSIFMTU                        = 0x8090697f
+	SIOCSIFNETMASK                    = 0x80906916
+	SIOCSIFPHYADDR                    = 0x80406946
+	SIOCSLIFPHYADDR                   = 0x8118694a
+	SIOCSLINKSTR                      = 0x801c6988
+	SIOCSLOWAT                        = 0x80047302
+	SIOCSPGRP                         = 0x80047308
+	SIOCSVH                           = 0xc0906982
+	SIOCZIFDATA                       = 0xc0946986
+	SOCK_CLOEXEC                      = 0x10000000
+	SOCK_DGRAM                        = 0x2
+	SOCK_FLAGS_MASK                   = 0xf0000000
+	SOCK_NONBLOCK                     = 0x20000000
+	SOCK_NOSIGPIPE                    = 0x40000000
+	SOCK_RAW                          = 0x3
+	SOCK_RDM                          = 0x4
+	SOCK_SEQPACKET                    = 0x5
+	SOCK_STREAM                       = 0x1
+	SOL_SOCKET                        = 0xffff
+	SOMAXCONN                         = 0x80
+	SO_ACCEPTCONN                     = 0x2
+	SO_ACCEPTFILTER                   = 0x1000
+	SO_BROADCAST                      = 0x20
+	SO_DEBUG                          = 0x1
+	SO_DONTROUTE                      = 0x10
+	SO_ERROR                          = 0x1007
+	SO_KEEPALIVE                      = 0x8
+	SO_LINGER                         = 0x80
+	SO_NOHEADER                       = 0x100a
+	SO_NOSIGPIPE                      = 0x800
+	SO_OOBINLINE                      = 0x100
+	SO_OVERFLOWED                     = 0x1009
+	SO_RCVBUF                         = 0x1002
+	SO_RCVLOWAT                       = 0x1004
+	SO_RCVTIMEO                       = 0x100c
+	SO_REUSEADDR                      = 0x4
+	SO_REUSEPORT                      = 0x200
+	SO_SNDBUF                         = 0x1001
+	SO_SNDLOWAT                       = 0x1003
+	SO_SNDTIMEO                       = 0x100b
+	SO_TIMESTAMP                      = 0x2000
+	SO_TYPE                           = 0x1008
+	SO_USELOOPBACK                    = 0x40
+	SYSCTL_VERSION                    = 0x1000000
+	SYSCTL_VERS_0                     = 0x0
+	SYSCTL_VERS_1                     = 0x1000000
+	SYSCTL_VERS_MASK                  = 0xff000000
+	S_ARCH1                           = 0x10000
+	S_ARCH2                           = 0x20000
+	S_BLKSIZE                         = 0x200
+	S_IEXEC                           = 0x40
+	S_IFBLK                           = 0x6000
+	S_IFCHR                           = 0x2000
+	S_IFDIR                           = 0x4000
+	S_IFIFO                           = 0x1000
+	S_IFLNK                           = 0xa000
+	S_IFMT                            = 0xf000
+	S_IFREG                           = 0x8000
+	S_IFSOCK                          = 0xc000
+	S_IFWHT                           = 0xe000
+	S_IREAD                           = 0x100
+	S_IRGRP                           = 0x20
+	S_IROTH                           = 0x4
+	S_IRUSR                           = 0x100
+	S_IRWXG                           = 0x38
+	S_IRWXO                           = 0x7
+	S_IRWXU                           = 0x1c0
+	S_ISGID                           = 0x400
+	S_ISTXT                           = 0x200
+	S_ISUID                           = 0x800
+	S_ISVTX                           = 0x200
+	S_IWGRP                           = 0x10
+	S_IWOTH                           = 0x2
+	S_IWRITE                          = 0x80
+	S_IWUSR                           = 0x80
+	S_IXGRP                           = 0x8
+	S_IXOTH                           = 0x1
+	S_IXUSR                           = 0x40
+	TCIFLUSH                          = 0x1
+	TCIOFLUSH                         = 0x3
+	TCOFLUSH                          = 0x2
+	TCP_CONGCTL                       = 0x20
+	TCP_KEEPCNT                       = 0x6
+	TCP_KEEPIDLE                      = 0x3
+	TCP_KEEPINIT                      = 0x7
+	TCP_KEEPINTVL                     = 0x5
+	TCP_MAXBURST                      = 0x4
+	TCP_MAXSEG                        = 0x2
+	TCP_MAXWIN                        = 0xffff
+	TCP_MAX_WINSHIFT                  = 0xe
+	TCP_MD5SIG                        = 0x10
+	TCP_MINMSS                        = 0xd8
+	TCP_MSS                           = 0x218
+	TCP_NODELAY                       = 0x1
+	TCSAFLUSH                         = 0x2
+	TIOCCBRK                          = 0x2000747a
+	TIOCCDTR                          = 0x20007478
+	TIOCCONS                          = 0x80047462
+	TIOCDCDTIMESTAMP                  = 0x400c7458
+	TIOCDRAIN                         = 0x2000745e
+	TIOCEXCL                          = 0x2000740d
+	TIOCEXT                           = 0x80047460
+	TIOCFLAG_CDTRCTS                  = 0x10
+	TIOCFLAG_CLOCAL                   = 0x2
+	TIOCFLAG_CRTSCTS                  = 0x4
+	TIOCFLAG_MDMBUF                   = 0x8
+	TIOCFLAG_SOFTCAR                  = 0x1
+	TIOCFLUSH                         = 0x80047410
+	TIOCGETA                          = 0x402c7413
+	TIOCGETD                          = 0x4004741a
+	TIOCGFLAGS                        = 0x4004745d
+	TIOCGLINED                        = 0x40207442
+	TIOCGPGRP                         = 0x40047477
+	TIOCGQSIZE                        = 0x40047481
+	TIOCGRANTPT                       = 0x20007447
+	TIOCGSID                          = 0x40047463
+	TIOCGSIZE                         = 0x40087468
+	TIOCGWINSZ                        = 0x40087468
+	TIOCMBIC                          = 0x8004746b
+	TIOCMBIS                          = 0x8004746c
+	TIOCMGET                          = 0x4004746a
+	TIOCMSET                          = 0x8004746d
+	TIOCM_CAR                         = 0x40
+	TIOCM_CD                          = 0x40
+	TIOCM_CTS                         = 0x20
+	TIOCM_DSR                         = 0x100
+	TIOCM_DTR                         = 0x2
+	TIOCM_LE                          = 0x1
+	TIOCM_RI                          = 0x80
+	TIOCM_RNG                         = 0x80
+	TIOCM_RTS                         = 0x4
+	TIOCM_SR                          = 0x10
+	TIOCM_ST                          = 0x8
+	TIOCNOTTY                         = 0x20007471
+	TIOCNXCL                          = 0x2000740e
+	TIOCOUTQ                          = 0x40047473
+	TIOCPKT                           = 0x80047470
+	TIOCPKT_DATA                      = 0x0
+	TIOCPKT_DOSTOP                    = 0x20
+	TIOCPKT_FLUSHREAD                 = 0x1
+	TIOCPKT_FLUSHWRITE                = 0x2
+	TIOCPKT_IOCTL                     = 0x40
+	TIOCPKT_NOSTOP                    = 0x10
+	TIOCPKT_START                     = 0x8
+	TIOCPKT_STOP                      = 0x4
+	TIOCPTMGET                        = 0x48087446
+	TIOCPTSNAME                       = 0x48087448
+	TIOCRCVFRAME                      = 0x80047445
+	TIOCREMOTE                        = 0x80047469
+	TIOCSBRK                          = 0x2000747b
+	TIOCSCTTY                         = 0x20007461
+	TIOCSDTR                          = 0x20007479
+	TIOCSETA                          = 0x802c7414
+	TIOCSETAF                         = 0x802c7416
+	TIOCSETAW                         = 0x802c7415
+	TIOCSETD                          = 0x8004741b
+	TIOCSFLAGS                        = 0x8004745c
+	TIOCSIG                           = 0x2000745f
+	TIOCSLINED                        = 0x80207443
+	TIOCSPGRP                         = 0x80047476
+	TIOCSQSIZE                        = 0x80047480
+	TIOCSSIZE                         = 0x80087467
+	TIOCSTART                         = 0x2000746e
+	TIOCSTAT                          = 0x80047465
+	TIOCSTI                           = 0x80017472
+	TIOCSTOP                          = 0x2000746f
+	TIOCSWINSZ                        = 0x80087467
+	TIOCUCNTL                         = 0x80047466
+	TIOCXMTFRAME                      = 0x80047444
+	TOSTOP                            = 0x400000
+	VDISCARD                          = 0xf
+	VDSUSP                            = 0xb
+	VEOF                              = 0x0
+	VEOL                              = 0x1
+	VEOL2                             = 0x2
+	VERASE                            = 0x3
+	VINTR                             = 0x8
+	VKILL                             = 0x5
+	VLNEXT                            = 0xe
+	VMIN                              = 0x10
+	VQUIT                             = 0x9
+	VREPRINT                          = 0x6
+	VSTART                            = 0xc
+	VSTATUS                           = 0x12
+	VSTOP                             = 0xd
+	VSUSP                             = 0xa
+	VTIME                             = 0x11
+	VWERASE                           = 0x4
+	WALL                              = 0x8
+	WALLSIG                           = 0x8
+	WALTSIG                           = 0x4
+	WCLONE                            = 0x4
+	WCOREFLAG                         = 0x80
+	WNOHANG                           = 0x1
+	WNOWAIT                           = 0x10000
+	WNOZOMBIE                         = 0x20000
+	WOPTSCHECKED                      = 0x40000
+	WSTOPPED                          = 0x7f
+	WUNTRACED                         = 0x2
+)
+
+// Errors
+const (
+	E2BIG           = syscall.Errno(0x7)
+	EACCES          = syscall.Errno(0xd)
+	EADDRINUSE      = syscall.Errno(0x30)
+	EADDRNOTAVAIL   = syscall.Errno(0x31)
+	EAFNOSUPPORT    = syscall.Errno(0x2f)
+	EAGAIN          = syscall.Errno(0x23)
+	EALREADY        = syscall.Errno(0x25)
+	EAUTH           = syscall.Errno(0x50)
+	EBADF           = syscall.Errno(0x9)
+	EBADMSG         = syscall.Errno(0x58)
+	EBADRPC         = syscall.Errno(0x48)
+	EBUSY           = syscall.Errno(0x10)
+	ECANCELED       = syscall.Errno(0x57)
+	ECHILD          = syscall.Errno(0xa)
+	ECONNABORTED    = syscall.Errno(0x35)
+	ECONNREFUSED    = syscall.Errno(0x3d)
+	ECONNRESET      = syscall.Errno(0x36)
+	EDEADLK         = syscall.Errno(0xb)
+	EDESTADDRREQ    = syscall.Errno(0x27)
+	EDOM            = syscall.Errno(0x21)
+	EDQUOT          = syscall.Errno(0x45)
+	EEXIST          = syscall.Errno(0x11)
+	EFAULT          = syscall.Errno(0xe)
+	EFBIG           = syscall.Errno(0x1b)
+	EFTYPE          = syscall.Errno(0x4f)
+	EHOSTDOWN       = syscall.Errno(0x40)
+	EHOSTUNREACH    = syscall.Errno(0x41)
+	EIDRM           = syscall.Errno(0x52)
+	EILSEQ          = syscall.Errno(0x55)
+	EINPROGRESS     = syscall.Errno(0x24)
+	EINTR           = syscall.Errno(0x4)
+	EINVAL          = syscall.Errno(0x16)
+	EIO             = syscall.Errno(0x5)
+	EISCONN         = syscall.Errno(0x38)
+	EISDIR          = syscall.Errno(0x15)
+	ELAST           = syscall.Errno(0x60)
+	ELOOP           = syscall.Errno(0x3e)
+	EMFILE          = syscall.Errno(0x18)
+	EMLINK          = syscall.Errno(0x1f)
+	EMSGSIZE        = syscall.Errno(0x28)
+	EMULTIHOP       = syscall.Errno(0x5e)
+	ENAMETOOLONG    = syscall.Errno(0x3f)
+	ENEEDAUTH       = syscall.Errno(0x51)
+	ENETDOWN        = syscall.Errno(0x32)
+	ENETRESET       = syscall.Errno(0x34)
+	ENETUNREACH     = syscall.Errno(0x33)
+	ENFILE          = syscall.Errno(0x17)
+	ENOATTR         = syscall.Errno(0x5d)
+	ENOBUFS         = syscall.Errno(0x37)
+	ENODATA         = syscall.Errno(0x59)
+	ENODEV          = syscall.Errno(0x13)
+	ENOENT          = syscall.Errno(0x2)
+	ENOEXEC         = syscall.Errno(0x8)
+	ENOLCK          = syscall.Errno(0x4d)
+	ENOLINK         = syscall.Errno(0x5f)
+	ENOMEM          = syscall.Errno(0xc)
+	ENOMSG          = syscall.Errno(0x53)
+	ENOPROTOOPT     = syscall.Errno(0x2a)
+	ENOSPC          = syscall.Errno(0x1c)
+	ENOSR           = syscall.Errno(0x5a)
+	ENOSTR          = syscall.Errno(0x5b)
+	ENOSYS          = syscall.Errno(0x4e)
+	ENOTBLK         = syscall.Errno(0xf)
+	ENOTCONN        = syscall.Errno(0x39)
+	ENOTDIR         = syscall.Errno(0x14)
+	ENOTEMPTY       = syscall.Errno(0x42)
+	ENOTSOCK        = syscall.Errno(0x26)
+	ENOTSUP         = syscall.Errno(0x56)
+	ENOTTY          = syscall.Errno(0x19)
+	ENXIO           = syscall.Errno(0x6)
+	EOPNOTSUPP      = syscall.Errno(0x2d)
+	EOVERFLOW       = syscall.Errno(0x54)
+	EPERM           = syscall.Errno(0x1)
+	EPFNOSUPPORT    = syscall.Errno(0x2e)
+	EPIPE           = syscall.Errno(0x20)
+	EPROCLIM        = syscall.Errno(0x43)
+	EPROCUNAVAIL    = syscall.Errno(0x4c)
+	EPROGMISMATCH   = syscall.Errno(0x4b)
+	EPROGUNAVAIL    = syscall.Errno(0x4a)
+	EPROTO          = syscall.Errno(0x60)
+	EPROTONOSUPPORT = syscall.Errno(0x2b)
+	EPROTOTYPE      = syscall.Errno(0x29)
+	ERANGE          = syscall.Errno(0x22)
+	EREMOTE         = syscall.Errno(0x47)
+	EROFS           = syscall.Errno(0x1e)
+	ERPCMISMATCH    = syscall.Errno(0x49)
+	ESHUTDOWN       = syscall.Errno(0x3a)
+	ESOCKTNOSUPPORT = syscall.Errno(0x2c)
+	ESPIPE          = syscall.Errno(0x1d)
+	ESRCH           = syscall.Errno(0x3)
+	ESTALE          = syscall.Errno(0x46)
+	ETIME           = syscall.Errno(0x5c)
+	ETIMEDOUT       = syscall.Errno(0x3c)
+	ETOOMANYREFS    = syscall.Errno(0x3b)
+	ETXTBSY         = syscall.Errno(0x1a)
+	EUSERS          = syscall.Errno(0x44)
+	EWOULDBLOCK     = syscall.Errno(0x23)
+	EXDEV           = syscall.Errno(0x12)
+)
+
+// Signals
+const (
+	SIGABRT   = syscall.Signal(0x6)
+	SIGALRM   = syscall.Signal(0xe)
+	SIGBUS    = syscall.Signal(0xa)
+	SIGCHLD   = syscall.Signal(0x14)
+	SIGCONT   = syscall.Signal(0x13)
+	SIGEMT    = syscall.Signal(0x7)
+	SIGFPE    = syscall.Signal(0x8)
+	SIGHUP    = syscall.Signal(0x1)
+	SIGILL    = syscall.Signal(0x4)
+	SIGINFO   = syscall.Signal(0x1d)
+	SIGINT    = syscall.Signal(0x2)
+	SIGIO     = syscall.Signal(0x17)
+	SIGIOT    = syscall.Signal(0x6)
+	SIGKILL   = syscall.Signal(0x9)
+	SIGPIPE   = syscall.Signal(0xd)
+	SIGPROF   = syscall.Signal(0x1b)
+	SIGPWR    = syscall.Signal(0x20)
+	SIGQUIT   = syscall.Signal(0x3)
+	SIGSEGV   = syscall.Signal(0xb)
+	SIGSTOP   = syscall.Signal(0x11)
+	SIGSYS    = syscall.Signal(0xc)
+	SIGTERM   = syscall.Signal(0xf)
+	SIGTRAP   = syscall.Signal(0x5)
+	SIGTSTP   = syscall.Signal(0x12)
+	SIGTTIN   = syscall.Signal(0x15)
+	SIGTTOU   = syscall.Signal(0x16)
+	SIGURG    = syscall.Signal(0x10)
+	SIGUSR1   = syscall.Signal(0x1e)
+	SIGUSR2   = syscall.Signal(0x1f)
+	SIGVTALRM = syscall.Signal(0x1a)
+	SIGWINCH  = syscall.Signal(0x1c)
+	SIGXCPU   = syscall.Signal(0x18)
+	SIGXFSZ   = syscall.Signal(0x19)
+)
+
+// Error table
+var errorList = [...]struct {
+	num  syscall.Errno
+	name string
+	desc string
+}{
+	{1, "EPERM", "operation not permitted"},
+	{2, "ENOENT", "no such file or directory"},
+	{3, "ESRCH", "no such process"},
+	{4, "EINTR", "interrupted system call"},
+	{5, "EIO", "input/output error"},
+	{6, "ENXIO", "device not configured"},
+	{7, "E2BIG", "argument list too long"},
+	{8, "ENOEXEC", "exec format error"},
+	{9, "EBADF", "bad file descriptor"},
+	{10, "ECHILD", "no child processes"},
+	{11, "EDEADLK", "resource deadlock avoided"},
+	{12, "ENOMEM", "cannot allocate memory"},
+	{13, "EACCES", "permission denied"},
+	{14, "EFAULT", "bad address"},
+	{15, "ENOTBLK", "block device required"},
+	{16, "EBUSY", "device busy"},
+	{17, "EEXIST", "file exists"},
+	{18, "EXDEV", "cross-device link"},
+	{19, "ENODEV", "operation not supported by device"},
+	{20, "ENOTDIR", "not a directory"},
+	{21, "EISDIR", "is a directory"},
+	{22, "EINVAL", "invalid argument"},
+	{23, "ENFILE", "too many open files in system"},
+	{24, "EMFILE", "too many open files"},
+	{25, "ENOTTY", "inappropriate ioctl for device"},
+	{26, "ETXTBSY", "text file busy"},
+	{27, "EFBIG", "file too large"},
+	{28, "ENOSPC", "no space left on device"},
+	{29, "ESPIPE", "illegal seek"},
+	{30, "EROFS", "read-only file system"},
+	{31, "EMLINK", "too many links"},
+	{32, "EPIPE", "broken pipe"},
+	{33, "EDOM", "numerical argument out of domain"},
+	{34, "ERANGE", "result too large or too small"},
+	{35, "EAGAIN", "resource temporarily unavailable"},
+	{36, "EINPROGRESS", "operation now in progress"},
+	{37, "EALREADY", "operation already in progress"},
+	{38, "ENOTSOCK", "socket operation on non-socket"},
+	{39, "EDESTADDRREQ", "destination address required"},
+	{40, "EMSGSIZE", "message too long"},
+	{41, "EPROTOTYPE", "protocol wrong type for socket"},
+	{42, "ENOPROTOOPT", "protocol option not available"},
+	{43, "EPROTONOSUPPORT", "protocol not supported"},
+	{44, "ESOCKTNOSUPPORT", "socket type not supported"},
+	{45, "EOPNOTSUPP", "operation not supported"},
+	{46, "EPFNOSUPPORT", "protocol family not supported"},
+	{47, "EAFNOSUPPORT", "address family not supported by protocol family"},
+	{48, "EADDRINUSE", "address already in use"},
+	{49, "EADDRNOTAVAIL", "can't assign requested address"},
+	{50, "ENETDOWN", "network is down"},
+	{51, "ENETUNREACH", "network is unreachable"},
+	{52, "ENETRESET", "network dropped connection on reset"},
+	{53, "ECONNABORTED", "software caused connection abort"},
+	{54, "ECONNRESET", "connection reset by peer"},
+	{55, "ENOBUFS", "no buffer space available"},
+	{56, "EISCONN", "socket is already connected"},
+	{57, "ENOTCONN", "socket is not connected"},
+	{58, "ESHUTDOWN", "can't send after socket shutdown"},
+	{59, "ETOOMANYREFS", "too many references: can't splice"},
+	{60, "ETIMEDOUT", "connection timed out"},
+	{61, "ECONNREFUSED", "connection refused"},
+	{62, "ELOOP", "too many levels of symbolic links"},
+	{63, "ENAMETOOLONG", "file name too long"},
+	{64, "EHOSTDOWN", "host is down"},
+	{65, "EHOSTUNREACH", "no route to host"},
+	{66, "ENOTEMPTY", "directory not empty"},
+	{67, "EPROCLIM", "too many processes"},
+	{68, "EUSERS", "too many users"},
+	{69, "EDQUOT", "disc quota exceeded"},
+	{70, "ESTALE", "stale NFS file handle"},
+	{71, "EREMOTE", "too many levels of remote in path"},
+	{72, "EBADRPC", "RPC struct is bad"},
+	{73, "ERPCMISMATCH", "RPC version wrong"},
+	{74, "EPROGUNAVAIL", "RPC prog. not avail"},
+	{75, "EPROGMISMATCH", "program version wrong"},
+	{76, "EPROCUNAVAIL", "bad procedure for program"},
+	{77, "ENOLCK", "no locks available"},
+	{78, "ENOSYS", "function not implemented"},
+	{79, "EFTYPE", "inappropriate file type or format"},
+	{80, "EAUTH", "authentication error"},
+	{81, "ENEEDAUTH", "need authenticator"},
+	{82, "EIDRM", "identifier removed"},
+	{83, "ENOMSG", "no message of desired type"},
+	{84, "EOVERFLOW", "value too large to be stored in data type"},
+	{85, "EILSEQ", "illegal byte sequence"},
+	{86, "ENOTSUP", "not supported"},
+	{87, "ECANCELED", "operation Canceled"},
+	{88, "EBADMSG", "bad or Corrupt message"},
+	{89, "ENODATA", "no message available"},
+	{90, "ENOSR", "no STREAM resources"},
+	{91, "ENOSTR", "not a STREAM"},
+	{92, "ETIME", "STREAM ioctl timeout"},
+	{93, "ENOATTR", "attribute not found"},
+	{94, "EMULTIHOP", "multihop attempted"},
+	{95, "ENOLINK", "link has been severed"},
+	{96, "ELAST", "protocol error"},
+}
+
+// Signal table
+var signalList = [...]struct {
+	num  syscall.Signal
+	name string
+	desc string
+}{
+	{1, "SIGHUP", "hangup"},
+	{2, "SIGINT", "interrupt"},
+	{3, "SIGQUIT", "quit"},
+	{4, "SIGILL", "illegal instruction"},
+	{5, "SIGTRAP", "trace/BPT trap"},
+	{6, "SIGIOT", "abort trap"},
+	{7, "SIGEMT", "EMT trap"},
+	{8, "SIGFPE", "floating point exception"},
+	{9, "SIGKILL", "killed"},
+	{10, "SIGBUS", "bus error"},
+	{11, "SIGSEGV", "segmentation fault"},
+	{12, "SIGSYS", "bad system call"},
+	{13, "SIGPIPE", "broken pipe"},
+	{14, "SIGALRM", "alarm clock"},
+	{15, "SIGTERM", "terminated"},
+	{16, "SIGURG", "urgent I/O condition"},
+	{17, "SIGSTOP", "stopped (signal)"},
+	{18, "SIGTSTP", "stopped"},
+	{19, "SIGCONT", "continued"},
+	{20, "SIGCHLD", "child exited"},
+	{21, "SIGTTIN", "stopped (tty input)"},
+	{22, "SIGTTOU", "stopped (tty output)"},
+	{23, "SIGIO", "I/O possible"},
+	{24, "SIGXCPU", "cputime limit exceeded"},
+	{25, "SIGXFSZ", "filesize limit exceeded"},
+	{26, "SIGVTALRM", "virtual timer expired"},
+	{27, "SIGPROF", "profiling timer expired"},
+	{28, "SIGWINCH", "window size changes"},
+	{29, "SIGINFO", "information request"},
+	{30, "SIGUSR1", "user defined signal 1"},
+	{31, "SIGUSR2", "user defined signal 2"},
+	{32, "SIGPWR", "power fail/restart"},
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go
new file mode 100644
index 000000000..14dd3c1d1
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go
@@ -0,0 +1,1769 @@
+// mkerrors.sh -m64
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build arm64,netbsd
+
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs -- -m64 _const.go
+
+package unix
+
+import "syscall"
+
+const (
+	AF_APPLETALK                      = 0x10
+	AF_ARP                            = 0x1c
+	AF_BLUETOOTH                      = 0x1f
+	AF_CCITT                          = 0xa
+	AF_CHAOS                          = 0x5
+	AF_CNT                            = 0x15
+	AF_COIP                           = 0x14
+	AF_DATAKIT                        = 0x9
+	AF_DECnet                         = 0xc
+	AF_DLI                            = 0xd
+	AF_E164                           = 0x1a
+	AF_ECMA                           = 0x8
+	AF_HYLINK                         = 0xf
+	AF_IEEE80211                      = 0x20
+	AF_IMPLINK                        = 0x3
+	AF_INET                           = 0x2
+	AF_INET6                          = 0x18
+	AF_IPX                            = 0x17
+	AF_ISDN                           = 0x1a
+	AF_ISO                            = 0x7
+	AF_LAT                            = 0xe
+	AF_LINK                           = 0x12
+	AF_LOCAL                          = 0x1
+	AF_MAX                            = 0x23
+	AF_MPLS                           = 0x21
+	AF_NATM                           = 0x1b
+	AF_NS                             = 0x6
+	AF_OROUTE                         = 0x11
+	AF_OSI                            = 0x7
+	AF_PUP                            = 0x4
+	AF_ROUTE                          = 0x22
+	AF_SNA                            = 0xb
+	AF_UNIX                           = 0x1
+	AF_UNSPEC                         = 0x0
+	ARPHRD_ARCNET                     = 0x7
+	ARPHRD_ETHER                      = 0x1
+	ARPHRD_FRELAY                     = 0xf
+	ARPHRD_IEEE1394                   = 0x18
+	ARPHRD_IEEE802                    = 0x6
+	ARPHRD_STRIP                      = 0x17
+	B0                                = 0x0
+	B110                              = 0x6e
+	B115200                           = 0x1c200
+	B1200                             = 0x4b0
+	B134                              = 0x86
+	B14400                            = 0x3840
+	B150                              = 0x96
+	B1800                             = 0x708
+	B19200                            = 0x4b00
+	B200                              = 0xc8
+	B230400                           = 0x38400
+	B2400                             = 0x960
+	B28800                            = 0x7080
+	B300                              = 0x12c
+	B38400                            = 0x9600
+	B460800                           = 0x70800
+	B4800                             = 0x12c0
+	B50                               = 0x32
+	B57600                            = 0xe100
+	B600                              = 0x258
+	B7200                             = 0x1c20
+	B75                               = 0x4b
+	B76800                            = 0x12c00
+	B921600                           = 0xe1000
+	B9600                             = 0x2580
+	BIOCFEEDBACK                      = 0x8004427d
+	BIOCFLUSH                         = 0x20004268
+	BIOCGBLEN                         = 0x40044266
+	BIOCGDLT                          = 0x4004426a
+	BIOCGDLTLIST                      = 0xc0104277
+	BIOCGETIF                         = 0x4090426b
+	BIOCGFEEDBACK                     = 0x4004427c
+	BIOCGHDRCMPLT                     = 0x40044274
+	BIOCGRTIMEOUT                     = 0x4010427b
+	BIOCGSEESENT                      = 0x40044278
+	BIOCGSTATS                        = 0x4080426f
+	BIOCGSTATSOLD                     = 0x4008426f
+	BIOCIMMEDIATE                     = 0x80044270
+	BIOCPROMISC                       = 0x20004269
+	BIOCSBLEN                         = 0xc0044266
+	BIOCSDLT                          = 0x80044276
+	BIOCSETF                          = 0x80104267
+	BIOCSETIF                         = 0x8090426c
+	BIOCSFEEDBACK                     = 0x8004427d
+	BIOCSHDRCMPLT                     = 0x80044275
+	BIOCSRTIMEOUT                     = 0x8010427a
+	BIOCSSEESENT                      = 0x80044279
+	BIOCSTCPF                         = 0x80104272
+	BIOCSUDPF                         = 0x80104273
+	BIOCVERSION                       = 0x40044271
+	BPF_A                             = 0x10
+	BPF_ABS                           = 0x20
+	BPF_ADD                           = 0x0
+	BPF_ALIGNMENT                     = 0x8
+	BPF_ALIGNMENT32                   = 0x4
+	BPF_ALU                           = 0x4
+	BPF_AND                           = 0x50
+	BPF_B                             = 0x10
+	BPF_DFLTBUFSIZE                   = 0x100000
+	BPF_DIV                           = 0x30
+	BPF_H                             = 0x8
+	BPF_IMM                           = 0x0
+	BPF_IND                           = 0x40
+	BPF_JA                            = 0x0
+	BPF_JEQ                           = 0x10
+	BPF_JGE                           = 0x30
+	BPF_JGT                           = 0x20
+	BPF_JMP                           = 0x5
+	BPF_JSET                          = 0x40
+	BPF_K                             = 0x0
+	BPF_LD                            = 0x0
+	BPF_LDX                           = 0x1
+	BPF_LEN                           = 0x80
+	BPF_LSH                           = 0x60
+	BPF_MAJOR_VERSION                 = 0x1
+	BPF_MAXBUFSIZE                    = 0x1000000
+	BPF_MAXINSNS                      = 0x200
+	BPF_MEM                           = 0x60
+	BPF_MEMWORDS                      = 0x10
+	BPF_MINBUFSIZE                    = 0x20
+	BPF_MINOR_VERSION                 = 0x1
+	BPF_MISC                          = 0x7
+	BPF_MSH                           = 0xa0
+	BPF_MUL                           = 0x20
+	BPF_NEG                           = 0x80
+	BPF_OR                            = 0x40
+	BPF_RELEASE                       = 0x30bb6
+	BPF_RET                           = 0x6
+	BPF_RSH                           = 0x70
+	BPF_ST                            = 0x2
+	BPF_STX                           = 0x3
+	BPF_SUB                           = 0x10
+	BPF_TAX                           = 0x0
+	BPF_TXA                           = 0x80
+	BPF_W                             = 0x0
+	BPF_X                             = 0x8
+	BRKINT                            = 0x2
+	CFLUSH                            = 0xf
+	CLOCAL                            = 0x8000
+	CLONE_CSIGNAL                     = 0xff
+	CLONE_FILES                       = 0x400
+	CLONE_FS                          = 0x200
+	CLONE_PID                         = 0x1000
+	CLONE_PTRACE                      = 0x2000
+	CLONE_SIGHAND                     = 0x800
+	CLONE_VFORK                       = 0x4000
+	CLONE_VM                          = 0x100
+	CPUSTATES                         = 0x5
+	CP_IDLE                           = 0x4
+	CP_INTR                           = 0x3
+	CP_NICE                           = 0x1
+	CP_SYS                            = 0x2
+	CP_USER                           = 0x0
+	CREAD                             = 0x800
+	CRTSCTS                           = 0x10000
+	CS5                               = 0x0
+	CS6                               = 0x100
+	CS7                               = 0x200
+	CS8                               = 0x300
+	CSIZE                             = 0x300
+	CSTART                            = 0x11
+	CSTATUS                           = 0x14
+	CSTOP                             = 0x13
+	CSTOPB                            = 0x400
+	CSUSP                             = 0x1a
+	CTL_HW                            = 0x6
+	CTL_KERN                          = 0x1
+	CTL_MAXNAME                       = 0xc
+	CTL_NET                           = 0x4
+	CTL_QUERY                         = -0x2
+	DIOCBSFLUSH                       = 0x20006478
+	DLT_A429                          = 0xb8
+	DLT_A653_ICM                      = 0xb9
+	DLT_AIRONET_HEADER                = 0x78
+	DLT_AOS                           = 0xde
+	DLT_APPLE_IP_OVER_IEEE1394        = 0x8a
+	DLT_ARCNET                        = 0x7
+	DLT_ARCNET_LINUX                  = 0x81
+	DLT_ATM_CLIP                      = 0x13
+	DLT_ATM_RFC1483                   = 0xb
+	DLT_AURORA                        = 0x7e
+	DLT_AX25                          = 0x3
+	DLT_AX25_KISS                     = 0xca
+	DLT_BACNET_MS_TP                  = 0xa5
+	DLT_BLUETOOTH_HCI_H4              = 0xbb
+	DLT_BLUETOOTH_HCI_H4_WITH_PHDR    = 0xc9
+	DLT_CAN20B                        = 0xbe
+	DLT_CAN_SOCKETCAN                 = 0xe3
+	DLT_CHAOS                         = 0x5
+	DLT_CISCO_IOS                     = 0x76
+	DLT_C_HDLC                        = 0x68
+	DLT_C_HDLC_WITH_DIR               = 0xcd
+	DLT_DECT                          = 0xdd
+	DLT_DOCSIS                        = 0x8f
+	DLT_ECONET                        = 0x73
+	DLT_EN10MB                        = 0x1
+	DLT_EN3MB                         = 0x2
+	DLT_ENC                           = 0x6d
+	DLT_ERF                           = 0xc5
+	DLT_ERF_ETH                       = 0xaf
+	DLT_ERF_POS                       = 0xb0
+	DLT_FC_2                          = 0xe0
+	DLT_FC_2_WITH_FRAME_DELIMS        = 0xe1
+	DLT_FDDI                          = 0xa
+	DLT_FLEXRAY                       = 0xd2
+	DLT_FRELAY                        = 0x6b
+	DLT_FRELAY_WITH_DIR               = 0xce
+	DLT_GCOM_SERIAL                   = 0xad
+	DLT_GCOM_T1E1                     = 0xac
+	DLT_GPF_F                         = 0xab
+	DLT_GPF_T                         = 0xaa
+	DLT_GPRS_LLC                      = 0xa9
+	DLT_GSMTAP_ABIS                   = 0xda
+	DLT_GSMTAP_UM                     = 0xd9
+	DLT_HDLC                          = 0x10
+	DLT_HHDLC                         = 0x79
+	DLT_HIPPI                         = 0xf
+	DLT_IBM_SN                        = 0x92
+	DLT_IBM_SP                        = 0x91
+	DLT_IEEE802                       = 0x6
+	DLT_IEEE802_11                    = 0x69
+	DLT_IEEE802_11_RADIO              = 0x7f
+	DLT_IEEE802_11_RADIO_AVS          = 0xa3
+	DLT_IEEE802_15_4                  = 0xc3
+	DLT_IEEE802_15_4_LINUX            = 0xbf
+	DLT_IEEE802_15_4_NONASK_PHY       = 0xd7
+	DLT_IEEE802_16_MAC_CPS            = 0xbc
+	DLT_IEEE802_16_MAC_CPS_RADIO      = 0xc1
+	DLT_IPMB                          = 0xc7
+	DLT_IPMB_LINUX                    = 0xd1
+	DLT_IPNET                         = 0xe2
+	DLT_IPV4                          = 0xe4
+	DLT_IPV6                          = 0xe5
+	DLT_IP_OVER_FC                    = 0x7a
+	DLT_JUNIPER_ATM1                  = 0x89
+	DLT_JUNIPER_ATM2                  = 0x87
+	DLT_JUNIPER_CHDLC                 = 0xb5
+	DLT_JUNIPER_ES                    = 0x84
+	DLT_JUNIPER_ETHER                 = 0xb2
+	DLT_JUNIPER_FRELAY                = 0xb4
+	DLT_JUNIPER_GGSN                  = 0x85
+	DLT_JUNIPER_ISM                   = 0xc2
+	DLT_JUNIPER_MFR                   = 0x86
+	DLT_JUNIPER_MLFR                  = 0x83
+	DLT_JUNIPER_MLPPP                 = 0x82
+	DLT_JUNIPER_MONITOR               = 0xa4
+	DLT_JUNIPER_PIC_PEER              = 0xae
+	DLT_JUNIPER_PPP                   = 0xb3
+	DLT_JUNIPER_PPPOE                 = 0xa7
+	DLT_JUNIPER_PPPOE_ATM             = 0xa8
+	DLT_JUNIPER_SERVICES              = 0x88
+	DLT_JUNIPER_ST                    = 0xc8
+	DLT_JUNIPER_VP                    = 0xb7
+	DLT_LAPB_WITH_DIR                 = 0xcf
+	DLT_LAPD                          = 0xcb
+	DLT_LIN                           = 0xd4
+	DLT_LINUX_EVDEV                   = 0xd8
+	DLT_LINUX_IRDA                    = 0x90
+	DLT_LINUX_LAPD                    = 0xb1
+	DLT_LINUX_SLL                     = 0x71
+	DLT_LOOP                          = 0x6c
+	DLT_LTALK                         = 0x72
+	DLT_MFR                           = 0xb6
+	DLT_MOST                          = 0xd3
+	DLT_MPLS                          = 0xdb
+	DLT_MTP2                          = 0x8c
+	DLT_MTP2_WITH_PHDR                = 0x8b
+	DLT_MTP3                          = 0x8d
+	DLT_NULL                          = 0x0
+	DLT_PCI_EXP                       = 0x7d
+	DLT_PFLOG                         = 0x75
+	DLT_PFSYNC                        = 0x12
+	DLT_PPI                           = 0xc0
+	DLT_PPP                           = 0x9
+	DLT_PPP_BSDOS                     = 0xe
+	DLT_PPP_ETHER                     = 0x33
+	DLT_PPP_PPPD                      = 0xa6
+	DLT_PPP_SERIAL                    = 0x32
+	DLT_PPP_WITH_DIR                  = 0xcc
+	DLT_PRISM_HEADER                  = 0x77
+	DLT_PRONET                        = 0x4
+	DLT_RAIF1                         = 0xc6
+	DLT_RAW                           = 0xc
+	DLT_RAWAF_MASK                    = 0x2240000
+	DLT_RIO                           = 0x7c
+	DLT_SCCP                          = 0x8e
+	DLT_SITA                          = 0xc4
+	DLT_SLIP                          = 0x8
+	DLT_SLIP_BSDOS                    = 0xd
+	DLT_SUNATM                        = 0x7b
+	DLT_SYMANTEC_FIREWALL             = 0x63
+	DLT_TZSP                          = 0x80
+	DLT_USB                           = 0xba
+	DLT_USB_LINUX                     = 0xbd
+	DLT_USB_LINUX_MMAPPED             = 0xdc
+	DLT_WIHART                        = 0xdf
+	DLT_X2E_SERIAL                    = 0xd5
+	DLT_X2E_XORAYA                    = 0xd6
+	DT_BLK                            = 0x6
+	DT_CHR                            = 0x2
+	DT_DIR                            = 0x4
+	DT_FIFO                           = 0x1
+	DT_LNK                            = 0xa
+	DT_REG                            = 0x8
+	DT_SOCK                           = 0xc
+	DT_UNKNOWN                        = 0x0
+	DT_WHT                            = 0xe
+	ECHO                              = 0x8
+	ECHOCTL                           = 0x40
+	ECHOE                             = 0x2
+	ECHOK                             = 0x4
+	ECHOKE                            = 0x1
+	ECHONL                            = 0x10
+	ECHOPRT                           = 0x20
+	EMUL_LINUX                        = 0x1
+	EMUL_LINUX32                      = 0x5
+	EMUL_MAXID                        = 0x6
+	ETHERCAP_JUMBO_MTU                = 0x4
+	ETHERCAP_VLAN_HWTAGGING           = 0x2
+	ETHERCAP_VLAN_MTU                 = 0x1
+	ETHERMIN                          = 0x2e
+	ETHERMTU                          = 0x5dc
+	ETHERMTU_JUMBO                    = 0x2328
+	ETHERTYPE_8023                    = 0x4
+	ETHERTYPE_AARP                    = 0x80f3
+	ETHERTYPE_ACCTON                  = 0x8390
+	ETHERTYPE_AEONIC                  = 0x8036
+	ETHERTYPE_ALPHA                   = 0x814a
+	ETHERTYPE_AMBER                   = 0x6008
+	ETHERTYPE_AMOEBA                  = 0x8145
+	ETHERTYPE_APOLLO                  = 0x80f7
+	ETHERTYPE_APOLLODOMAIN            = 0x8019
+	ETHERTYPE_APPLETALK               = 0x809b
+	ETHERTYPE_APPLITEK                = 0x80c7
+	ETHERTYPE_ARGONAUT                = 0x803a
+	ETHERTYPE_ARP                     = 0x806
+	ETHERTYPE_AT                      = 0x809b
+	ETHERTYPE_ATALK                   = 0x809b
+	ETHERTYPE_ATOMIC                  = 0x86df
+	ETHERTYPE_ATT                     = 0x8069
+	ETHERTYPE_ATTSTANFORD             = 0x8008
+	ETHERTYPE_AUTOPHON                = 0x806a
+	ETHERTYPE_AXIS                    = 0x8856
+	ETHERTYPE_BCLOOP                  = 0x9003
+	ETHERTYPE_BOFL                    = 0x8102
+	ETHERTYPE_CABLETRON               = 0x7034
+	ETHERTYPE_CHAOS                   = 0x804
+	ETHERTYPE_COMDESIGN               = 0x806c
+	ETHERTYPE_COMPUGRAPHIC            = 0x806d
+	ETHERTYPE_COUNTERPOINT            = 0x8062
+	ETHERTYPE_CRONUS                  = 0x8004
+	ETHERTYPE_CRONUSVLN               = 0x8003
+	ETHERTYPE_DCA                     = 0x1234
+	ETHERTYPE_DDE                     = 0x807b
+	ETHERTYPE_DEBNI                   = 0xaaaa
+	ETHERTYPE_DECAM                   = 0x8048
+	ETHERTYPE_DECCUST                 = 0x6006
+	ETHERTYPE_DECDIAG                 = 0x6005
+	ETHERTYPE_DECDNS                  = 0x803c
+	ETHERTYPE_DECDTS                  = 0x803e
+	ETHERTYPE_DECEXPER                = 0x6000
+	ETHERTYPE_DECLAST                 = 0x8041
+	ETHERTYPE_DECLTM                  = 0x803f
+	ETHERTYPE_DECMUMPS                = 0x6009
+	ETHERTYPE_DECNETBIOS              = 0x8040
+	ETHERTYPE_DELTACON                = 0x86de
+	ETHERTYPE_DIDDLE                  = 0x4321
+	ETHERTYPE_DLOG1                   = 0x660
+	ETHERTYPE_DLOG2                   = 0x661
+	ETHERTYPE_DN                      = 0x6003
+	ETHERTYPE_DOGFIGHT                = 0x1989
+	ETHERTYPE_DSMD                    = 0x8039
+	ETHERTYPE_ECMA                    = 0x803
+	ETHERTYPE_ENCRYPT                 = 0x803d
+	ETHERTYPE_ES                      = 0x805d
+	ETHERTYPE_EXCELAN                 = 0x8010
+	ETHERTYPE_EXPERDATA               = 0x8049
+	ETHERTYPE_FLIP                    = 0x8146
+	ETHERTYPE_FLOWCONTROL             = 0x8808
+	ETHERTYPE_FRARP                   = 0x808
+	ETHERTYPE_GENDYN                  = 0x8068
+	ETHERTYPE_HAYES                   = 0x8130
+	ETHERTYPE_HIPPI_FP                = 0x8180
+	ETHERTYPE_HITACHI                 = 0x8820
+	ETHERTYPE_HP                      = 0x8005
+	ETHERTYPE_IEEEPUP                 = 0xa00
+	ETHERTYPE_IEEEPUPAT               = 0xa01
+	ETHERTYPE_IMLBL                   = 0x4c42
+	ETHERTYPE_IMLBLDIAG               = 0x424c
+	ETHERTYPE_IP                      = 0x800
+	ETHERTYPE_IPAS                    = 0x876c
+	ETHERTYPE_IPV6                    = 0x86dd
+	ETHERTYPE_IPX                     = 0x8137
+	ETHERTYPE_IPXNEW                  = 0x8037
+	ETHERTYPE_KALPANA                 = 0x8582
+	ETHERTYPE_LANBRIDGE               = 0x8038
+	ETHERTYPE_LANPROBE                = 0x8888
+	ETHERTYPE_LAT                     = 0x6004
+	ETHERTYPE_LBACK                   = 0x9000
+	ETHERTYPE_LITTLE                  = 0x8060
+	ETHERTYPE_LOGICRAFT               = 0x8148
+	ETHERTYPE_LOOPBACK                = 0x9000
+	ETHERTYPE_MATRA                   = 0x807a
+	ETHERTYPE_MAX                     = 0xffff
+	ETHERTYPE_MERIT                   = 0x807c
+	ETHERTYPE_MICP                    = 0x873a
+	ETHERTYPE_MOPDL                   = 0x6001
+	ETHERTYPE_MOPRC                   = 0x6002
+	ETHERTYPE_MOTOROLA                = 0x818d
+	ETHERTYPE_MPLS                    = 0x8847
+	ETHERTYPE_MPLS_MCAST              = 0x8848
+	ETHERTYPE_MUMPS                   = 0x813f
+	ETHERTYPE_NBPCC                   = 0x3c04
+	ETHERTYPE_NBPCLAIM                = 0x3c09
+	ETHERTYPE_NBPCLREQ                = 0x3c05
+	ETHERTYPE_NBPCLRSP                = 0x3c06
+	ETHERTYPE_NBPCREQ                 = 0x3c02
+	ETHERTYPE_NBPCRSP                 = 0x3c03
+	ETHERTYPE_NBPDG                   = 0x3c07
+	ETHERTYPE_NBPDGB                  = 0x3c08
+	ETHERTYPE_NBPDLTE                 = 0x3c0a
+	ETHERTYPE_NBPRAR                  = 0x3c0c
+	ETHERTYPE_NBPRAS                  = 0x3c0b
+	ETHERTYPE_NBPRST                  = 0x3c0d
+	ETHERTYPE_NBPSCD                  = 0x3c01
+	ETHERTYPE_NBPVCD                  = 0x3c00
+	ETHERTYPE_NBS                     = 0x802
+	ETHERTYPE_NCD                     = 0x8149
+	ETHERTYPE_NESTAR                  = 0x8006
+	ETHERTYPE_NETBEUI                 = 0x8191
+	ETHERTYPE_NOVELL                  = 0x8138
+	ETHERTYPE_NS                      = 0x600
+	ETHERTYPE_NSAT                    = 0x601
+	ETHERTYPE_NSCOMPAT                = 0x807
+	ETHERTYPE_NTRAILER                = 0x10
+	ETHERTYPE_OS9                     = 0x7007
+	ETHERTYPE_OS9NET                  = 0x7009
+	ETHERTYPE_PACER                   = 0x80c6
+	ETHERTYPE_PAE                     = 0x888e
+	ETHERTYPE_PCS                     = 0x4242
+	ETHERTYPE_PLANNING                = 0x8044
+	ETHERTYPE_PPP                     = 0x880b
+	ETHERTYPE_PPPOE                   = 0x8864
+	ETHERTYPE_PPPOEDISC               = 0x8863
+	ETHERTYPE_PRIMENTS                = 0x7031
+	ETHERTYPE_PUP                     = 0x200
+	ETHERTYPE_PUPAT                   = 0x200
+	ETHERTYPE_RACAL                   = 0x7030
+	ETHERTYPE_RATIONAL                = 0x8150
+	ETHERTYPE_RAWFR                   = 0x6559
+	ETHERTYPE_RCL                     = 0x1995
+	ETHERTYPE_RDP                     = 0x8739
+	ETHERTYPE_RETIX                   = 0x80f2
+	ETHERTYPE_REVARP                  = 0x8035
+	ETHERTYPE_SCA                     = 0x6007
+	ETHERTYPE_SECTRA                  = 0x86db
+	ETHERTYPE_SECUREDATA              = 0x876d
+	ETHERTYPE_SGITW                   = 0x817e
+	ETHERTYPE_SG_BOUNCE               = 0x8016
+	ETHERTYPE_SG_DIAG                 = 0x8013
+	ETHERTYPE_SG_NETGAMES             = 0x8014
+	ETHERTYPE_SG_RESV                 = 0x8015
+	ETHERTYPE_SIMNET                  = 0x5208
+	ETHERTYPE_SLOWPROTOCOLS           = 0x8809
+	ETHERTYPE_SNA                     = 0x80d5
+	ETHERTYPE_SNMP                    = 0x814c
+	ETHERTYPE_SONIX                   = 0xfaf5
+	ETHERTYPE_SPIDER                  = 0x809f
+	ETHERTYPE_SPRITE                  = 0x500
+	ETHERTYPE_STP                     = 0x8181
+	ETHERTYPE_TALARIS                 = 0x812b
+	ETHERTYPE_TALARISMC               = 0x852b
+	ETHERTYPE_TCPCOMP                 = 0x876b
+	ETHERTYPE_TCPSM                   = 0x9002
+	ETHERTYPE_TEC                     = 0x814f
+	ETHERTYPE_TIGAN                   = 0x802f
+	ETHERTYPE_TRAIL                   = 0x1000
+	ETHERTYPE_TRANSETHER              = 0x6558
+	ETHERTYPE_TYMSHARE                = 0x802e
+	ETHERTYPE_UBBST                   = 0x7005
+	ETHERTYPE_UBDEBUG                 = 0x900
+	ETHERTYPE_UBDIAGLOOP              = 0x7002
+	ETHERTYPE_UBDL                    = 0x7000
+	ETHERTYPE_UBNIU                   = 0x7001
+	ETHERTYPE_UBNMC                   = 0x7003
+	ETHERTYPE_VALID                   = 0x1600
+	ETHERTYPE_VARIAN                  = 0x80dd
+	ETHERTYPE_VAXELN                  = 0x803b
+	ETHERTYPE_VEECO                   = 0x8067
+	ETHERTYPE_VEXP                    = 0x805b
+	ETHERTYPE_VGLAB                   = 0x8131
+	ETHERTYPE_VINES                   = 0xbad
+	ETHERTYPE_VINESECHO               = 0xbaf
+	ETHERTYPE_VINESLOOP               = 0xbae
+	ETHERTYPE_VITAL                   = 0xff00
+	ETHERTYPE_VLAN                    = 0x8100
+	ETHERTYPE_VLTLMAN                 = 0x8080
+	ETHERTYPE_VPROD                   = 0x805c
+	ETHERTYPE_VURESERVED              = 0x8147
+	ETHERTYPE_WATERLOO                = 0x8130
+	ETHERTYPE_WELLFLEET               = 0x8103
+	ETHERTYPE_X25                     = 0x805
+	ETHERTYPE_X75                     = 0x801
+	ETHERTYPE_XNSSM                   = 0x9001
+	ETHERTYPE_XTP                     = 0x817d
+	ETHER_ADDR_LEN                    = 0x6
+	ETHER_CRC_LEN                     = 0x4
+	ETHER_CRC_POLY_BE                 = 0x4c11db6
+	ETHER_CRC_POLY_LE                 = 0xedb88320
+	ETHER_HDR_LEN                     = 0xe
+	ETHER_MAX_LEN                     = 0x5ee
+	ETHER_MAX_LEN_JUMBO               = 0x233a
+	ETHER_MIN_LEN                     = 0x40
+	ETHER_PPPOE_ENCAP_LEN             = 0x8
+	ETHER_TYPE_LEN                    = 0x2
+	ETHER_VLAN_ENCAP_LEN              = 0x4
+	EVFILT_AIO                        = 0x2
+	EVFILT_PROC                       = 0x4
+	EVFILT_READ                       = 0x0
+	EVFILT_SIGNAL                     = 0x5
+	EVFILT_SYSCOUNT                   = 0x7
+	EVFILT_TIMER                      = 0x6
+	EVFILT_VNODE                      = 0x3
+	EVFILT_WRITE                      = 0x1
+	EV_ADD                            = 0x1
+	EV_CLEAR                          = 0x20
+	EV_DELETE                         = 0x2
+	EV_DISABLE                        = 0x8
+	EV_ENABLE                         = 0x4
+	EV_EOF                            = 0x8000
+	EV_ERROR                          = 0x4000
+	EV_FLAG1                          = 0x2000
+	EV_ONESHOT                        = 0x10
+	EV_SYSFLAGS                       = 0xf000
+	EXTA                              = 0x4b00
+	EXTATTR_CMD_START                 = 0x1
+	EXTATTR_CMD_STOP                  = 0x2
+	EXTATTR_NAMESPACE_SYSTEM          = 0x2
+	EXTATTR_NAMESPACE_USER            = 0x1
+	EXTB                              = 0x9600
+	EXTPROC                           = 0x800
+	FD_CLOEXEC                        = 0x1
+	FD_SETSIZE                        = 0x100
+	FLUSHO                            = 0x800000
+	F_CLOSEM                          = 0xa
+	F_DUPFD                           = 0x0
+	F_DUPFD_CLOEXEC                   = 0xc
+	F_FSCTL                           = -0x80000000
+	F_FSDIRMASK                       = 0x70000000
+	F_FSIN                            = 0x10000000
+	F_FSINOUT                         = 0x30000000
+	F_FSOUT                           = 0x20000000
+	F_FSPRIV                          = 0x8000
+	F_FSVOID                          = 0x40000000
+	F_GETFD                           = 0x1
+	F_GETFL                           = 0x3
+	F_GETLK                           = 0x7
+	F_GETNOSIGPIPE                    = 0xd
+	F_GETOWN                          = 0x5
+	F_MAXFD                           = 0xb
+	F_OK                              = 0x0
+	F_PARAM_MASK                      = 0xfff
+	F_PARAM_MAX                       = 0xfff
+	F_RDLCK                           = 0x1
+	F_SETFD                           = 0x2
+	F_SETFL                           = 0x4
+	F_SETLK                           = 0x8
+	F_SETLKW                          = 0x9
+	F_SETNOSIGPIPE                    = 0xe
+	F_SETOWN                          = 0x6
+	F_UNLCK                           = 0x2
+	F_WRLCK                           = 0x3
+	HUPCL                             = 0x4000
+	HW_MACHINE                        = 0x1
+	ICANON                            = 0x100
+	ICMP6_FILTER                      = 0x12
+	ICRNL                             = 0x100
+	IEXTEN                            = 0x400
+	IFAN_ARRIVAL                      = 0x0
+	IFAN_DEPARTURE                    = 0x1
+	IFA_ROUTE                         = 0x1
+	IFF_ALLMULTI                      = 0x200
+	IFF_BROADCAST                     = 0x2
+	IFF_CANTCHANGE                    = 0x8f52
+	IFF_DEBUG                         = 0x4
+	IFF_LINK0                         = 0x1000
+	IFF_LINK1                         = 0x2000
+	IFF_LINK2                         = 0x4000
+	IFF_LOOPBACK                      = 0x8
+	IFF_MULTICAST                     = 0x8000
+	IFF_NOARP                         = 0x80
+	IFF_NOTRAILERS                    = 0x20
+	IFF_OACTIVE                       = 0x400
+	IFF_POINTOPOINT                   = 0x10
+	IFF_PROMISC                       = 0x100
+	IFF_RUNNING                       = 0x40
+	IFF_SIMPLEX                       = 0x800
+	IFF_UP                            = 0x1
+	IFNAMSIZ                          = 0x10
+	IFT_1822                          = 0x2
+	IFT_A12MPPSWITCH                  = 0x82
+	IFT_AAL2                          = 0xbb
+	IFT_AAL5                          = 0x31
+	IFT_ADSL                          = 0x5e
+	IFT_AFLANE8023                    = 0x3b
+	IFT_AFLANE8025                    = 0x3c
+	IFT_ARAP                          = 0x58
+	IFT_ARCNET                        = 0x23
+	IFT_ARCNETPLUS                    = 0x24
+	IFT_ASYNC                         = 0x54
+	IFT_ATM                           = 0x25
+	IFT_ATMDXI                        = 0x69
+	IFT_ATMFUNI                       = 0x6a
+	IFT_ATMIMA                        = 0x6b
+	IFT_ATMLOGICAL                    = 0x50
+	IFT_ATMRADIO                      = 0xbd
+	IFT_ATMSUBINTERFACE               = 0x86
+	IFT_ATMVCIENDPT                   = 0xc2
+	IFT_ATMVIRTUAL                    = 0x95
+	IFT_BGPPOLICYACCOUNTING           = 0xa2
+	IFT_BRIDGE                        = 0xd1
+	IFT_BSC                           = 0x53
+	IFT_CARP                          = 0xf8
+	IFT_CCTEMUL                       = 0x3d
+	IFT_CEPT                          = 0x13
+	IFT_CES                           = 0x85
+	IFT_CHANNEL                       = 0x46
+	IFT_CNR                           = 0x55
+	IFT_COFFEE                        = 0x84
+	IFT_COMPOSITELINK                 = 0x9b
+	IFT_DCN                           = 0x8d
+	IFT_DIGITALPOWERLINE              = 0x8a
+	IFT_DIGITALWRAPPEROVERHEADCHANNEL = 0xba
+	IFT_DLSW                          = 0x4a
+	IFT_DOCSCABLEDOWNSTREAM           = 0x80
+	IFT_DOCSCABLEMACLAYER             = 0x7f
+	IFT_DOCSCABLEUPSTREAM             = 0x81
+	IFT_DOCSCABLEUPSTREAMCHANNEL      = 0xcd
+	IFT_DS0                           = 0x51
+	IFT_DS0BUNDLE                     = 0x52
+	IFT_DS1FDL                        = 0xaa
+	IFT_DS3                           = 0x1e
+	IFT_DTM                           = 0x8c
+	IFT_DVBASILN                      = 0xac
+	IFT_DVBASIOUT                     = 0xad
+	IFT_DVBRCCDOWNSTREAM              = 0x93
+	IFT_DVBRCCMACLAYER                = 0x92
+	IFT_DVBRCCUPSTREAM                = 0x94
+	IFT_ECONET                        = 0xce
+	IFT_EON                           = 0x19
+	IFT_EPLRS                         = 0x57
+	IFT_ESCON                         = 0x49
+	IFT_ETHER                         = 0x6
+	IFT_FAITH                         = 0xf2
+	IFT_FAST                          = 0x7d
+	IFT_FASTETHER                     = 0x3e
+	IFT_FASTETHERFX                   = 0x45
+	IFT_FDDI                          = 0xf
+	IFT_FIBRECHANNEL                  = 0x38
+	IFT_FRAMERELAYINTERCONNECT        = 0x3a
+	IFT_FRAMERELAYMPI                 = 0x5c
+	IFT_FRDLCIENDPT                   = 0xc1
+	IFT_FRELAY                        = 0x20
+	IFT_FRELAYDCE                     = 0x2c
+	IFT_FRF16MFRBUNDLE                = 0xa3
+	IFT_FRFORWARD                     = 0x9e
+	IFT_G703AT2MB                     = 0x43
+	IFT_G703AT64K                     = 0x42
+	IFT_GIF                           = 0xf0
+	IFT_GIGABITETHERNET               = 0x75
+	IFT_GR303IDT                      = 0xb2
+	IFT_GR303RDT                      = 0xb1
+	IFT_H323GATEKEEPER                = 0xa4
+	IFT_H323PROXY                     = 0xa5
+	IFT_HDH1822                       = 0x3
+	IFT_HDLC                          = 0x76
+	IFT_HDSL2                         = 0xa8
+	IFT_HIPERLAN2                     = 0xb7
+	IFT_HIPPI                         = 0x2f
+	IFT_HIPPIINTERFACE                = 0x39
+	IFT_HOSTPAD                       = 0x5a
+	IFT_HSSI                          = 0x2e
+	IFT_HY                            = 0xe
+	IFT_IBM370PARCHAN                 = 0x48
+	IFT_IDSL                          = 0x9a
+	IFT_IEEE1394                      = 0x90
+	IFT_IEEE80211                     = 0x47
+	IFT_IEEE80212                     = 0x37
+	IFT_IEEE8023ADLAG                 = 0xa1
+	IFT_IFGSN                         = 0x91
+	IFT_IMT                           = 0xbe
+	IFT_INFINIBAND                    = 0xc7
+	IFT_INTERLEAVE                    = 0x7c
+	IFT_IP                            = 0x7e
+	IFT_IPFORWARD                     = 0x8e
+	IFT_IPOVERATM                     = 0x72
+	IFT_IPOVERCDLC                    = 0x6d
+	IFT_IPOVERCLAW                    = 0x6e
+	IFT_IPSWITCH                      = 0x4e
+	IFT_ISDN                          = 0x3f
+	IFT_ISDNBASIC                     = 0x14
+	IFT_ISDNPRIMARY                   = 0x15
+	IFT_ISDNS                         = 0x4b
+	IFT_ISDNU                         = 0x4c
+	IFT_ISO88022LLC                   = 0x29
+	IFT_ISO88023                      = 0x7
+	IFT_ISO88024                      = 0x8
+	IFT_ISO88025                      = 0x9
+	IFT_ISO88025CRFPINT               = 0x62
+	IFT_ISO88025DTR                   = 0x56
+	IFT_ISO88025FIBER                 = 0x73
+	IFT_ISO88026                      = 0xa
+	IFT_ISUP                          = 0xb3
+	IFT_L2VLAN                        = 0x87
+	IFT_L3IPVLAN                      = 0x88
+	IFT_L3IPXVLAN                     = 0x89
+	IFT_LAPB                          = 0x10
+	IFT_LAPD                          = 0x4d
+	IFT_LAPF                          = 0x77
+	IFT_LINEGROUP                     = 0xd2
+	IFT_LOCALTALK                     = 0x2a
+	IFT_LOOP                          = 0x18
+	IFT_MEDIAMAILOVERIP               = 0x8b
+	IFT_MFSIGLINK                     = 0xa7
+	IFT_MIOX25                        = 0x26
+	IFT_MODEM                         = 0x30
+	IFT_MPC                           = 0x71
+	IFT_MPLS                          = 0xa6
+	IFT_MPLSTUNNEL                    = 0x96
+	IFT_MSDSL                         = 0x8f
+	IFT_MVL                           = 0xbf
+	IFT_MYRINET                       = 0x63
+	IFT_NFAS                          = 0xaf
+	IFT_NSIP                          = 0x1b
+	IFT_OPTICALCHANNEL                = 0xc3
+	IFT_OPTICALTRANSPORT              = 0xc4
+	IFT_OTHER                         = 0x1
+	IFT_P10                           = 0xc
+	IFT_P80                           = 0xd
+	IFT_PARA                          = 0x22
+	IFT_PFLOG                         = 0xf5
+	IFT_PFSYNC                        = 0xf6
+	IFT_PLC                           = 0xae
+	IFT_PON155                        = 0xcf
+	IFT_PON622                        = 0xd0
+	IFT_POS                           = 0xab
+	IFT_PPP                           = 0x17
+	IFT_PPPMULTILINKBUNDLE            = 0x6c
+	IFT_PROPATM                       = 0xc5
+	IFT_PROPBWAP2MP                   = 0xb8
+	IFT_PROPCNLS                      = 0x59
+	IFT_PROPDOCSWIRELESSDOWNSTREAM    = 0xb5
+	IFT_PROPDOCSWIRELESSMACLAYER      = 0xb4
+	IFT_PROPDOCSWIRELESSUPSTREAM      = 0xb6
+	IFT_PROPMUX                       = 0x36
+	IFT_PROPVIRTUAL                   = 0x35
+	IFT_PROPWIRELESSP2P               = 0x9d
+	IFT_PTPSERIAL                     = 0x16
+	IFT_PVC                           = 0xf1
+	IFT_Q2931                         = 0xc9
+	IFT_QLLC                          = 0x44
+	IFT_RADIOMAC                      = 0xbc
+	IFT_RADSL                         = 0x5f
+	IFT_REACHDSL                      = 0xc0
+	IFT_RFC1483                       = 0x9f
+	IFT_RS232                         = 0x21
+	IFT_RSRB                          = 0x4f
+	IFT_SDLC                          = 0x11
+	IFT_SDSL                          = 0x60
+	IFT_SHDSL                         = 0xa9
+	IFT_SIP                           = 0x1f
+	IFT_SIPSIG                        = 0xcc
+	IFT_SIPTG                         = 0xcb
+	IFT_SLIP                          = 0x1c
+	IFT_SMDSDXI                       = 0x2b
+	IFT_SMDSICIP                      = 0x34
+	IFT_SONET                         = 0x27
+	IFT_SONETOVERHEADCHANNEL          = 0xb9
+	IFT_SONETPATH                     = 0x32
+	IFT_SONETVT                       = 0x33
+	IFT_SRP                           = 0x97
+	IFT_SS7SIGLINK                    = 0x9c
+	IFT_STACKTOSTACK                  = 0x6f
+	IFT_STARLAN                       = 0xb
+	IFT_STF                           = 0xd7
+	IFT_T1                            = 0x12
+	IFT_TDLC                          = 0x74
+	IFT_TELINK                        = 0xc8
+	IFT_TERMPAD                       = 0x5b
+	IFT_TR008                         = 0xb0
+	IFT_TRANSPHDLC                    = 0x7b
+	IFT_TUNNEL                        = 0x83
+	IFT_ULTRA                         = 0x1d
+	IFT_USB                           = 0xa0
+	IFT_V11                           = 0x40
+	IFT_V35                           = 0x2d
+	IFT_V36                           = 0x41
+	IFT_V37                           = 0x78
+	IFT_VDSL                          = 0x61
+	IFT_VIRTUALIPADDRESS              = 0x70
+	IFT_VIRTUALTG                     = 0xca
+	IFT_VOICEDID                      = 0xd5
+	IFT_VOICEEM                       = 0x64
+	IFT_VOICEEMFGD                    = 0xd3
+	IFT_VOICEENCAP                    = 0x67
+	IFT_VOICEFGDEANA                  = 0xd4
+	IFT_VOICEFXO                      = 0x65
+	IFT_VOICEFXS                      = 0x66
+	IFT_VOICEOVERATM                  = 0x98
+	IFT_VOICEOVERCABLE                = 0xc6
+	IFT_VOICEOVERFRAMERELAY           = 0x99
+	IFT_VOICEOVERIP                   = 0x68
+	IFT_X213                          = 0x5d
+	IFT_X25                           = 0x5
+	IFT_X25DDN                        = 0x4
+	IFT_X25HUNTGROUP                  = 0x7a
+	IFT_X25MLP                        = 0x79
+	IFT_X25PLE                        = 0x28
+	IFT_XETHER                        = 0x1a
+	IGNBRK                            = 0x1
+	IGNCR                             = 0x80
+	IGNPAR                            = 0x4
+	IMAXBEL                           = 0x2000
+	INLCR                             = 0x40
+	INPCK                             = 0x10
+	IN_CLASSA_HOST                    = 0xffffff
+	IN_CLASSA_MAX                     = 0x80
+	IN_CLASSA_NET                     = 0xff000000
+	IN_CLASSA_NSHIFT                  = 0x18
+	IN_CLASSB_HOST                    = 0xffff
+	IN_CLASSB_MAX                     = 0x10000
+	IN_CLASSB_NET                     = 0xffff0000
+	IN_CLASSB_NSHIFT                  = 0x10
+	IN_CLASSC_HOST                    = 0xff
+	IN_CLASSC_NET                     = 0xffffff00
+	IN_CLASSC_NSHIFT                  = 0x8
+	IN_CLASSD_HOST                    = 0xfffffff
+	IN_CLASSD_NET                     = 0xf0000000
+	IN_CLASSD_NSHIFT                  = 0x1c
+	IN_LOOPBACKNET                    = 0x7f
+	IPPROTO_AH                        = 0x33
+	IPPROTO_CARP                      = 0x70
+	IPPROTO_DONE                      = 0x101
+	IPPROTO_DSTOPTS                   = 0x3c
+	IPPROTO_EGP                       = 0x8
+	IPPROTO_ENCAP                     = 0x62
+	IPPROTO_EON                       = 0x50
+	IPPROTO_ESP                       = 0x32
+	IPPROTO_ETHERIP                   = 0x61
+	IPPROTO_FRAGMENT                  = 0x2c
+	IPPROTO_GGP                       = 0x3
+	IPPROTO_GRE                       = 0x2f
+	IPPROTO_HOPOPTS                   = 0x0
+	IPPROTO_ICMP                      = 0x1
+	IPPROTO_ICMPV6                    = 0x3a
+	IPPROTO_IDP                       = 0x16
+	IPPROTO_IGMP                      = 0x2
+	IPPROTO_IP                        = 0x0
+	IPPROTO_IPCOMP                    = 0x6c
+	IPPROTO_IPIP                      = 0x4
+	IPPROTO_IPV4                      = 0x4
+	IPPROTO_IPV6                      = 0x29
+	IPPROTO_IPV6_ICMP                 = 0x3a
+	IPPROTO_MAX                       = 0x100
+	IPPROTO_MAXID                     = 0x34
+	IPPROTO_MOBILE                    = 0x37
+	IPPROTO_NONE                      = 0x3b
+	IPPROTO_PFSYNC                    = 0xf0
+	IPPROTO_PIM                       = 0x67
+	IPPROTO_PUP                       = 0xc
+	IPPROTO_RAW                       = 0xff
+	IPPROTO_ROUTING                   = 0x2b
+	IPPROTO_RSVP                      = 0x2e
+	IPPROTO_TCP                       = 0x6
+	IPPROTO_TP                        = 0x1d
+	IPPROTO_UDP                       = 0x11
+	IPPROTO_VRRP                      = 0x70
+	IPV6_CHECKSUM                     = 0x1a
+	IPV6_DEFAULT_MULTICAST_HOPS       = 0x1
+	IPV6_DEFAULT_MULTICAST_LOOP       = 0x1
+	IPV6_DEFHLIM                      = 0x40
+	IPV6_DONTFRAG                     = 0x3e
+	IPV6_DSTOPTS                      = 0x32
+	IPV6_FAITH                        = 0x1d
+	IPV6_FLOWINFO_MASK                = 0xffffff0f
+	IPV6_FLOWLABEL_MASK               = 0xffff0f00
+	IPV6_FRAGTTL                      = 0x78
+	IPV6_HLIMDEC                      = 0x1
+	IPV6_HOPLIMIT                     = 0x2f
+	IPV6_HOPOPTS                      = 0x31
+	IPV6_IPSEC_POLICY                 = 0x1c
+	IPV6_JOIN_GROUP                   = 0xc
+	IPV6_LEAVE_GROUP                  = 0xd
+	IPV6_MAXHLIM                      = 0xff
+	IPV6_MAXPACKET                    = 0xffff
+	IPV6_MMTU                         = 0x500
+	IPV6_MULTICAST_HOPS               = 0xa
+	IPV6_MULTICAST_IF                 = 0x9
+	IPV6_MULTICAST_LOOP               = 0xb
+	IPV6_NEXTHOP                      = 0x30
+	IPV6_PATHMTU                      = 0x2c
+	IPV6_PKTINFO                      = 0x2e
+	IPV6_PORTRANGE                    = 0xe
+	IPV6_PORTRANGE_DEFAULT            = 0x0
+	IPV6_PORTRANGE_HIGH               = 0x1
+	IPV6_PORTRANGE_LOW                = 0x2
+	IPV6_RECVDSTOPTS                  = 0x28
+	IPV6_RECVHOPLIMIT                 = 0x25
+	IPV6_RECVHOPOPTS                  = 0x27
+	IPV6_RECVPATHMTU                  = 0x2b
+	IPV6_RECVPKTINFO                  = 0x24
+	IPV6_RECVRTHDR                    = 0x26
+	IPV6_RECVTCLASS                   = 0x39
+	IPV6_RTHDR                        = 0x33
+	IPV6_RTHDRDSTOPTS                 = 0x23
+	IPV6_RTHDR_LOOSE                  = 0x0
+	IPV6_RTHDR_STRICT                 = 0x1
+	IPV6_RTHDR_TYPE_0                 = 0x0
+	IPV6_SOCKOPT_RESERVED1            = 0x3
+	IPV6_TCLASS                       = 0x3d
+	IPV6_UNICAST_HOPS                 = 0x4
+	IPV6_USE_MIN_MTU                  = 0x2a
+	IPV6_V6ONLY                       = 0x1b
+	IPV6_VERSION                      = 0x60
+	IPV6_VERSION_MASK                 = 0xf0
+	IP_ADD_MEMBERSHIP                 = 0xc
+	IP_DEFAULT_MULTICAST_LOOP         = 0x1
+	IP_DEFAULT_MULTICAST_TTL          = 0x1
+	IP_DF                             = 0x4000
+	IP_DROP_MEMBERSHIP                = 0xd
+	IP_EF                             = 0x8000
+	IP_ERRORMTU                       = 0x15
+	IP_HDRINCL                        = 0x2
+	IP_IPSEC_POLICY                   = 0x16
+	IP_MAXPACKET                      = 0xffff
+	IP_MAX_MEMBERSHIPS                = 0x14
+	IP_MF                             = 0x2000
+	IP_MINFRAGSIZE                    = 0x45
+	IP_MINTTL                         = 0x18
+	IP_MSS                            = 0x240
+	IP_MULTICAST_IF                   = 0x9
+	IP_MULTICAST_LOOP                 = 0xb
+	IP_MULTICAST_TTL                  = 0xa
+	IP_OFFMASK                        = 0x1fff
+	IP_OPTIONS                        = 0x1
+	IP_PORTRANGE                      = 0x13
+	IP_PORTRANGE_DEFAULT              = 0x0
+	IP_PORTRANGE_HIGH                 = 0x1
+	IP_PORTRANGE_LOW                  = 0x2
+	IP_RECVDSTADDR                    = 0x7
+	IP_RECVIF                         = 0x14
+	IP_RECVOPTS                       = 0x5
+	IP_RECVRETOPTS                    = 0x6
+	IP_RECVTTL                        = 0x17
+	IP_RETOPTS                        = 0x8
+	IP_RF                             = 0x8000
+	IP_TOS                            = 0x3
+	IP_TTL                            = 0x4
+	ISIG                              = 0x80
+	ISTRIP                            = 0x20
+	IXANY                             = 0x800
+	IXOFF                             = 0x400
+	IXON                              = 0x200
+	KERN_HOSTNAME                     = 0xa
+	KERN_OSRELEASE                    = 0x2
+	KERN_OSTYPE                       = 0x1
+	KERN_VERSION                      = 0x4
+	LOCK_EX                           = 0x2
+	LOCK_NB                           = 0x4
+	LOCK_SH                           = 0x1
+	LOCK_UN                           = 0x8
+	MADV_DONTNEED                     = 0x4
+	MADV_FREE                         = 0x6
+	MADV_NORMAL                       = 0x0
+	MADV_RANDOM                       = 0x1
+	MADV_SEQUENTIAL                   = 0x2
+	MADV_SPACEAVAIL                   = 0x5
+	MADV_WILLNEED                     = 0x3
+	MAP_ALIGNMENT_16MB                = 0x18000000
+	MAP_ALIGNMENT_1TB                 = 0x28000000
+	MAP_ALIGNMENT_256TB               = 0x30000000
+	MAP_ALIGNMENT_4GB                 = 0x20000000
+	MAP_ALIGNMENT_64KB                = 0x10000000
+	MAP_ALIGNMENT_64PB                = 0x38000000
+	MAP_ALIGNMENT_MASK                = -0x1000000
+	MAP_ALIGNMENT_SHIFT               = 0x18
+	MAP_ANON                          = 0x1000
+	MAP_FILE                          = 0x0
+	MAP_FIXED                         = 0x10
+	MAP_HASSEMAPHORE                  = 0x200
+	MAP_INHERIT                       = 0x80
+	MAP_INHERIT_COPY                  = 0x1
+	MAP_INHERIT_DEFAULT               = 0x1
+	MAP_INHERIT_DONATE_COPY           = 0x3
+	MAP_INHERIT_NONE                  = 0x2
+	MAP_INHERIT_SHARE                 = 0x0
+	MAP_NORESERVE                     = 0x40
+	MAP_PRIVATE                       = 0x2
+	MAP_RENAME                        = 0x20
+	MAP_SHARED                        = 0x1
+	MAP_STACK                         = 0x2000
+	MAP_TRYFIXED                      = 0x400
+	MAP_WIRED                         = 0x800
+	MCL_CURRENT                       = 0x1
+	MCL_FUTURE                        = 0x2
+	MNT_ASYNC                         = 0x40
+	MNT_BASIC_FLAGS                   = 0xe782807f
+	MNT_DEFEXPORTED                   = 0x200
+	MNT_DISCARD                       = 0x800000
+	MNT_EXKERB                        = 0x800
+	MNT_EXNORESPORT                   = 0x8000000
+	MNT_EXPORTANON                    = 0x400
+	MNT_EXPORTED                      = 0x100
+	MNT_EXPUBLIC                      = 0x10000000
+	MNT_EXRDONLY                      = 0x80
+	MNT_EXTATTR                       = 0x1000000
+	MNT_FORCE                         = 0x80000
+	MNT_GETARGS                       = 0x400000
+	MNT_IGNORE                        = 0x100000
+	MNT_LAZY                          = 0x3
+	MNT_LOCAL                         = 0x1000
+	MNT_LOG                           = 0x2000000
+	MNT_NOATIME                       = 0x4000000
+	MNT_NOCOREDUMP                    = 0x8000
+	MNT_NODEV                         = 0x10
+	MNT_NODEVMTIME                    = 0x40000000
+	MNT_NOEXEC                        = 0x4
+	MNT_NOSUID                        = 0x8
+	MNT_NOWAIT                        = 0x2
+	MNT_OP_FLAGS                      = 0x4d0000
+	MNT_QUOTA                         = 0x2000
+	MNT_RDONLY                        = 0x1
+	MNT_RELATIME                      = 0x20000
+	MNT_RELOAD                        = 0x40000
+	MNT_ROOTFS                        = 0x4000
+	MNT_SOFTDEP                       = 0x80000000
+	MNT_SYMPERM                       = 0x20000000
+	MNT_SYNCHRONOUS                   = 0x2
+	MNT_UNION                         = 0x20
+	MNT_UPDATE                        = 0x10000
+	MNT_VISFLAGMASK                   = 0xff90ffff
+	MNT_WAIT                          = 0x1
+	MSG_BCAST                         = 0x100
+	MSG_CMSG_CLOEXEC                  = 0x800
+	MSG_CONTROLMBUF                   = 0x2000000
+	MSG_CTRUNC                        = 0x20
+	MSG_DONTROUTE                     = 0x4
+	MSG_DONTWAIT                      = 0x80
+	MSG_EOR                           = 0x8
+	MSG_IOVUSRSPACE                   = 0x4000000
+	MSG_LENUSRSPACE                   = 0x8000000
+	MSG_MCAST                         = 0x200
+	MSG_NAMEMBUF                      = 0x1000000
+	MSG_NBIO                          = 0x1000
+	MSG_NOSIGNAL                      = 0x400
+	MSG_OOB                           = 0x1
+	MSG_PEEK                          = 0x2
+	MSG_TRUNC                         = 0x10
+	MSG_USERFLAGS                     = 0xffffff
+	MSG_WAITALL                       = 0x40
+	MS_ASYNC                          = 0x1
+	MS_INVALIDATE                     = 0x2
+	MS_SYNC                           = 0x4
+	NAME_MAX                          = 0x1ff
+	NET_RT_DUMP                       = 0x1
+	NET_RT_FLAGS                      = 0x2
+	NET_RT_IFLIST                     = 0x5
+	NET_RT_MAXID                      = 0x6
+	NET_RT_OIFLIST                    = 0x4
+	NET_RT_OOIFLIST                   = 0x3
+	NFDBITS                           = 0x20
+	NOFLSH                            = 0x80000000
+	NOTE_ATTRIB                       = 0x8
+	NOTE_CHILD                        = 0x4
+	NOTE_DELETE                       = 0x1
+	NOTE_EXEC                         = 0x20000000
+	NOTE_EXIT                         = 0x80000000
+	NOTE_EXTEND                       = 0x4
+	NOTE_FORK                         = 0x40000000
+	NOTE_LINK                         = 0x10
+	NOTE_LOWAT                        = 0x1
+	NOTE_PCTRLMASK                    = 0xf0000000
+	NOTE_PDATAMASK                    = 0xfffff
+	NOTE_RENAME                       = 0x20
+	NOTE_REVOKE                       = 0x40
+	NOTE_TRACK                        = 0x1
+	NOTE_TRACKERR                     = 0x2
+	NOTE_WRITE                        = 0x2
+	OCRNL                             = 0x10
+	OFIOGETBMAP                       = 0xc004667a
+	ONLCR                             = 0x2
+	ONLRET                            = 0x40
+	ONOCR                             = 0x20
+	ONOEOT                            = 0x8
+	OPOST                             = 0x1
+	O_ACCMODE                         = 0x3
+	O_ALT_IO                          = 0x40000
+	O_APPEND                          = 0x8
+	O_ASYNC                           = 0x40
+	O_CLOEXEC                         = 0x400000
+	O_CREAT                           = 0x200
+	O_DIRECT                          = 0x80000
+	O_DIRECTORY                       = 0x200000
+	O_DSYNC                           = 0x10000
+	O_EXCL                            = 0x800
+	O_EXLOCK                          = 0x20
+	O_FSYNC                           = 0x80
+	O_NDELAY                          = 0x4
+	O_NOCTTY                          = 0x8000
+	O_NOFOLLOW                        = 0x100
+	O_NONBLOCK                        = 0x4
+	O_NOSIGPIPE                       = 0x1000000
+	O_RDONLY                          = 0x0
+	O_RDWR                            = 0x2
+	O_RSYNC                           = 0x20000
+	O_SHLOCK                          = 0x10
+	O_SYNC                            = 0x80
+	O_TRUNC                           = 0x400
+	O_WRONLY                          = 0x1
+	PARENB                            = 0x1000
+	PARMRK                            = 0x8
+	PARODD                            = 0x2000
+	PENDIN                            = 0x20000000
+	PRIO_PGRP                         = 0x1
+	PRIO_PROCESS                      = 0x0
+	PRIO_USER                         = 0x2
+	PRI_IOFLUSH                       = 0x7c
+	PROT_EXEC                         = 0x4
+	PROT_NONE                         = 0x0
+	PROT_READ                         = 0x1
+	PROT_WRITE                        = 0x2
+	RLIMIT_AS                         = 0xa
+	RLIMIT_CORE                       = 0x4
+	RLIMIT_CPU                        = 0x0
+	RLIMIT_DATA                       = 0x2
+	RLIMIT_FSIZE                      = 0x1
+	RLIMIT_MEMLOCK                    = 0x6
+	RLIMIT_NOFILE                     = 0x8
+	RLIMIT_NPROC                      = 0x7
+	RLIMIT_RSS                        = 0x5
+	RLIMIT_STACK                      = 0x3
+	RLIM_INFINITY                     = 0x7fffffffffffffff
+	RTAX_AUTHOR                       = 0x6
+	RTAX_BRD                          = 0x7
+	RTAX_DST                          = 0x0
+	RTAX_GATEWAY                      = 0x1
+	RTAX_GENMASK                      = 0x3
+	RTAX_IFA                          = 0x5
+	RTAX_IFP                          = 0x4
+	RTAX_MAX                          = 0x9
+	RTAX_NETMASK                      = 0x2
+	RTAX_TAG                          = 0x8
+	RTA_AUTHOR                        = 0x40
+	RTA_BRD                           = 0x80
+	RTA_DST                           = 0x1
+	RTA_GATEWAY                       = 0x2
+	RTA_GENMASK                       = 0x8
+	RTA_IFA                           = 0x20
+	RTA_IFP                           = 0x10
+	RTA_NETMASK                       = 0x4
+	RTA_TAG                           = 0x100
+	RTF_ANNOUNCE                      = 0x20000
+	RTF_BLACKHOLE                     = 0x1000
+	RTF_CLONED                        = 0x2000
+	RTF_CLONING                       = 0x100
+	RTF_DONE                          = 0x40
+	RTF_DYNAMIC                       = 0x10
+	RTF_GATEWAY                       = 0x2
+	RTF_HOST                          = 0x4
+	RTF_LLINFO                        = 0x400
+	RTF_MASK                          = 0x80
+	RTF_MODIFIED                      = 0x20
+	RTF_PROTO1                        = 0x8000
+	RTF_PROTO2                        = 0x4000
+	RTF_REJECT                        = 0x8
+	RTF_SRC                           = 0x10000
+	RTF_STATIC                        = 0x800
+	RTF_UP                            = 0x1
+	RTF_XRESOLVE                      = 0x200
+	RTM_ADD                           = 0x1
+	RTM_CHANGE                        = 0x3
+	RTM_CHGADDR                       = 0x15
+	RTM_DELADDR                       = 0xd
+	RTM_DELETE                        = 0x2
+	RTM_GET                           = 0x4
+	RTM_IEEE80211                     = 0x11
+	RTM_IFANNOUNCE                    = 0x10
+	RTM_IFINFO                        = 0x14
+	RTM_LLINFO_UPD                    = 0x13
+	RTM_LOCK                          = 0x8
+	RTM_LOSING                        = 0x5
+	RTM_MISS                          = 0x7
+	RTM_NEWADDR                       = 0xc
+	RTM_OIFINFO                       = 0xf
+	RTM_OLDADD                        = 0x9
+	RTM_OLDDEL                        = 0xa
+	RTM_OOIFINFO                      = 0xe
+	RTM_REDIRECT                      = 0x6
+	RTM_RESOLVE                       = 0xb
+	RTM_RTTUNIT                       = 0xf4240
+	RTM_SETGATE                       = 0x12
+	RTM_VERSION                       = 0x4
+	RTV_EXPIRE                        = 0x4
+	RTV_HOPCOUNT                      = 0x2
+	RTV_MTU                           = 0x1
+	RTV_RPIPE                         = 0x8
+	RTV_RTT                           = 0x40
+	RTV_RTTVAR                        = 0x80
+	RTV_SPIPE                         = 0x10
+	RTV_SSTHRESH                      = 0x20
+	RUSAGE_CHILDREN                   = -0x1
+	RUSAGE_SELF                       = 0x0
+	SCM_CREDS                         = 0x4
+	SCM_RIGHTS                        = 0x1
+	SCM_TIMESTAMP                     = 0x8
+	SHUT_RD                           = 0x0
+	SHUT_RDWR                         = 0x2
+	SHUT_WR                           = 0x1
+	SIOCADDMULTI                      = 0x80906931
+	SIOCADDRT                         = 0x8038720a
+	SIOCAIFADDR                       = 0x8040691a
+	SIOCALIFADDR                      = 0x8118691c
+	SIOCATMARK                        = 0x40047307
+	SIOCDELMULTI                      = 0x80906932
+	SIOCDELRT                         = 0x8038720b
+	SIOCDIFADDR                       = 0x80906919
+	SIOCDIFPHYADDR                    = 0x80906949
+	SIOCDLIFADDR                      = 0x8118691e
+	SIOCGDRVSPEC                      = 0xc028697b
+	SIOCGETPFSYNC                     = 0xc09069f8
+	SIOCGETSGCNT                      = 0xc0207534
+	SIOCGETVIFCNT                     = 0xc0287533
+	SIOCGHIWAT                        = 0x40047301
+	SIOCGIFADDR                       = 0xc0906921
+	SIOCGIFADDRPREF                   = 0xc0986920
+	SIOCGIFALIAS                      = 0xc040691b
+	SIOCGIFBRDADDR                    = 0xc0906923
+	SIOCGIFCAP                        = 0xc0206976
+	SIOCGIFCONF                       = 0xc0106926
+	SIOCGIFDATA                       = 0xc0986985
+	SIOCGIFDLT                        = 0xc0906977
+	SIOCGIFDSTADDR                    = 0xc0906922
+	SIOCGIFFLAGS                      = 0xc0906911
+	SIOCGIFGENERIC                    = 0xc090693a
+	SIOCGIFMEDIA                      = 0xc0306936
+	SIOCGIFMETRIC                     = 0xc0906917
+	SIOCGIFMTU                        = 0xc090697e
+	SIOCGIFNETMASK                    = 0xc0906925
+	SIOCGIFPDSTADDR                   = 0xc0906948
+	SIOCGIFPSRCADDR                   = 0xc0906947
+	SIOCGLIFADDR                      = 0xc118691d
+	SIOCGLIFPHYADDR                   = 0xc118694b
+	SIOCGLINKSTR                      = 0xc0286987
+	SIOCGLOWAT                        = 0x40047303
+	SIOCGPGRP                         = 0x40047309
+	SIOCGVH                           = 0xc0906983
+	SIOCIFCREATE                      = 0x8090697a
+	SIOCIFDESTROY                     = 0x80906979
+	SIOCIFGCLONERS                    = 0xc0106978
+	SIOCINITIFADDR                    = 0xc0706984
+	SIOCSDRVSPEC                      = 0x8028697b
+	SIOCSETPFSYNC                     = 0x809069f7
+	SIOCSHIWAT                        = 0x80047300
+	SIOCSIFADDR                       = 0x8090690c
+	SIOCSIFADDRPREF                   = 0x8098691f
+	SIOCSIFBRDADDR                    = 0x80906913
+	SIOCSIFCAP                        = 0x80206975
+	SIOCSIFDSTADDR                    = 0x8090690e
+	SIOCSIFFLAGS                      = 0x80906910
+	SIOCSIFGENERIC                    = 0x80906939
+	SIOCSIFMEDIA                      = 0xc0906935
+	SIOCSIFMETRIC                     = 0x80906918
+	SIOCSIFMTU                        = 0x8090697f
+	SIOCSIFNETMASK                    = 0x80906916
+	SIOCSIFPHYADDR                    = 0x80406946
+	SIOCSLIFPHYADDR                   = 0x8118694a
+	SIOCSLINKSTR                      = 0x80286988
+	SIOCSLOWAT                        = 0x80047302
+	SIOCSPGRP                         = 0x80047308
+	SIOCSVH                           = 0xc0906982
+	SIOCZIFDATA                       = 0xc0986986
+	SOCK_CLOEXEC                      = 0x10000000
+	SOCK_DGRAM                        = 0x2
+	SOCK_FLAGS_MASK                   = 0xf0000000
+	SOCK_NONBLOCK                     = 0x20000000
+	SOCK_NOSIGPIPE                    = 0x40000000
+	SOCK_RAW                          = 0x3
+	SOCK_RDM                          = 0x4
+	SOCK_SEQPACKET                    = 0x5
+	SOCK_STREAM                       = 0x1
+	SOL_SOCKET                        = 0xffff
+	SOMAXCONN                         = 0x80
+	SO_ACCEPTCONN                     = 0x2
+	SO_ACCEPTFILTER                   = 0x1000
+	SO_BROADCAST                      = 0x20
+	SO_DEBUG                          = 0x1
+	SO_DONTROUTE                      = 0x10
+	SO_ERROR                          = 0x1007
+	SO_KEEPALIVE                      = 0x8
+	SO_LINGER                         = 0x80
+	SO_NOHEADER                       = 0x100a
+	SO_NOSIGPIPE                      = 0x800
+	SO_OOBINLINE                      = 0x100
+	SO_OVERFLOWED                     = 0x1009
+	SO_RCVBUF                         = 0x1002
+	SO_RCVLOWAT                       = 0x1004
+	SO_RCVTIMEO                       = 0x100c
+	SO_REUSEADDR                      = 0x4
+	SO_REUSEPORT                      = 0x200
+	SO_SNDBUF                         = 0x1001
+	SO_SNDLOWAT                       = 0x1003
+	SO_SNDTIMEO                       = 0x100b
+	SO_TIMESTAMP                      = 0x2000
+	SO_TYPE                           = 0x1008
+	SO_USELOOPBACK                    = 0x40
+	SYSCTL_VERSION                    = 0x1000000
+	SYSCTL_VERS_0                     = 0x0
+	SYSCTL_VERS_1                     = 0x1000000
+	SYSCTL_VERS_MASK                  = 0xff000000
+	S_ARCH1                           = 0x10000
+	S_ARCH2                           = 0x20000
+	S_BLKSIZE                         = 0x200
+	S_IEXEC                           = 0x40
+	S_IFBLK                           = 0x6000
+	S_IFCHR                           = 0x2000
+	S_IFDIR                           = 0x4000
+	S_IFIFO                           = 0x1000
+	S_IFLNK                           = 0xa000
+	S_IFMT                            = 0xf000
+	S_IFREG                           = 0x8000
+	S_IFSOCK                          = 0xc000
+	S_IFWHT                           = 0xe000
+	S_IREAD                           = 0x100
+	S_IRGRP                           = 0x20
+	S_IROTH                           = 0x4
+	S_IRUSR                           = 0x100
+	S_IRWXG                           = 0x38
+	S_IRWXO                           = 0x7
+	S_IRWXU                           = 0x1c0
+	S_ISGID                           = 0x400
+	S_ISTXT                           = 0x200
+	S_ISUID                           = 0x800
+	S_ISVTX                           = 0x200
+	S_IWGRP                           = 0x10
+	S_IWOTH                           = 0x2
+	S_IWRITE                          = 0x80
+	S_IWUSR                           = 0x80
+	S_IXGRP                           = 0x8
+	S_IXOTH                           = 0x1
+	S_IXUSR                           = 0x40
+	S_LOGIN_SET                       = 0x1
+	TCIFLUSH                          = 0x1
+	TCIOFLUSH                         = 0x3
+	TCOFLUSH                          = 0x2
+	TCP_CONGCTL                       = 0x20
+	TCP_KEEPCNT                       = 0x6
+	TCP_KEEPIDLE                      = 0x3
+	TCP_KEEPINIT                      = 0x7
+	TCP_KEEPINTVL                     = 0x5
+	TCP_MAXBURST                      = 0x4
+	TCP_MAXSEG                        = 0x2
+	TCP_MAXWIN                        = 0xffff
+	TCP_MAX_WINSHIFT                  = 0xe
+	TCP_MD5SIG                        = 0x10
+	TCP_MINMSS                        = 0xd8
+	TCP_MSS                           = 0x218
+	TCP_NODELAY                       = 0x1
+	TCSAFLUSH                         = 0x2
+	TIOCCBRK                          = 0x2000747a
+	TIOCCDTR                          = 0x20007478
+	TIOCCONS                          = 0x80047462
+	TIOCDCDTIMESTAMP                  = 0x40107458
+	TIOCDRAIN                         = 0x2000745e
+	TIOCEXCL                          = 0x2000740d
+	TIOCEXT                           = 0x80047460
+	TIOCFLAG_CDTRCTS                  = 0x10
+	TIOCFLAG_CLOCAL                   = 0x2
+	TIOCFLAG_CRTSCTS                  = 0x4
+	TIOCFLAG_MDMBUF                   = 0x8
+	TIOCFLAG_SOFTCAR                  = 0x1
+	TIOCFLUSH                         = 0x80047410
+	TIOCGETA                          = 0x402c7413
+	TIOCGETD                          = 0x4004741a
+	TIOCGFLAGS                        = 0x4004745d
+	TIOCGLINED                        = 0x40207442
+	TIOCGPGRP                         = 0x40047477
+	TIOCGQSIZE                        = 0x40047481
+	TIOCGRANTPT                       = 0x20007447
+	TIOCGSID                          = 0x40047463
+	TIOCGSIZE                         = 0x40087468
+	TIOCGWINSZ                        = 0x40087468
+	TIOCMBIC                          = 0x8004746b
+	TIOCMBIS                          = 0x8004746c
+	TIOCMGET                          = 0x4004746a
+	TIOCMSET                          = 0x8004746d
+	TIOCM_CAR                         = 0x40
+	TIOCM_CD                          = 0x40
+	TIOCM_CTS                         = 0x20
+	TIOCM_DSR                         = 0x100
+	TIOCM_DTR                         = 0x2
+	TIOCM_LE                          = 0x1
+	TIOCM_RI                          = 0x80
+	TIOCM_RNG                         = 0x80
+	TIOCM_RTS                         = 0x4
+	TIOCM_SR                          = 0x10
+	TIOCM_ST                          = 0x8
+	TIOCNOTTY                         = 0x20007471
+	TIOCNXCL                          = 0x2000740e
+	TIOCOUTQ                          = 0x40047473
+	TIOCPKT                           = 0x80047470
+	TIOCPKT_DATA                      = 0x0
+	TIOCPKT_DOSTOP                    = 0x20
+	TIOCPKT_FLUSHREAD                 = 0x1
+	TIOCPKT_FLUSHWRITE                = 0x2
+	TIOCPKT_IOCTL                     = 0x40
+	TIOCPKT_NOSTOP                    = 0x10
+	TIOCPKT_START                     = 0x8
+	TIOCPKT_STOP                      = 0x4
+	TIOCPTMGET                        = 0x40287446
+	TIOCPTSNAME                       = 0x40287448
+	TIOCRCVFRAME                      = 0x80087445
+	TIOCREMOTE                        = 0x80047469
+	TIOCSBRK                          = 0x2000747b
+	TIOCSCTTY                         = 0x20007461
+	TIOCSDTR                          = 0x20007479
+	TIOCSETA                          = 0x802c7414
+	TIOCSETAF                         = 0x802c7416
+	TIOCSETAW                         = 0x802c7415
+	TIOCSETD                          = 0x8004741b
+	TIOCSFLAGS                        = 0x8004745c
+	TIOCSIG                           = 0x2000745f
+	TIOCSLINED                        = 0x80207443
+	TIOCSPGRP                         = 0x80047476
+	TIOCSQSIZE                        = 0x80047480
+	TIOCSSIZE                         = 0x80087467
+	TIOCSTART                         = 0x2000746e
+	TIOCSTAT                          = 0x80047465
+	TIOCSTI                           = 0x80017472
+	TIOCSTOP                          = 0x2000746f
+	TIOCSWINSZ                        = 0x80087467
+	TIOCUCNTL                         = 0x80047466
+	TIOCXMTFRAME                      = 0x80087444
+	TOSTOP                            = 0x400000
+	VDISCARD                          = 0xf
+	VDSUSP                            = 0xb
+	VEOF                              = 0x0
+	VEOL                              = 0x1
+	VEOL2                             = 0x2
+	VERASE                            = 0x3
+	VINTR                             = 0x8
+	VKILL                             = 0x5
+	VLNEXT                            = 0xe
+	VMIN                              = 0x10
+	VQUIT                             = 0x9
+	VREPRINT                          = 0x6
+	VSTART                            = 0xc
+	VSTATUS                           = 0x12
+	VSTOP                             = 0xd
+	VSUSP                             = 0xa
+	VTIME                             = 0x11
+	VWERASE                           = 0x4
+	WALL                              = 0x8
+	WALLSIG                           = 0x8
+	WALTSIG                           = 0x4
+	WCLONE                            = 0x4
+	WCOREFLAG                         = 0x80
+	WNOHANG                           = 0x1
+	WNOWAIT                           = 0x10000
+	WNOZOMBIE                         = 0x20000
+	WOPTSCHECKED                      = 0x40000
+	WSTOPPED                          = 0x7f
+	WUNTRACED                         = 0x2
+)
+
+// Errors
+const (
+	E2BIG           = syscall.Errno(0x7)
+	EACCES          = syscall.Errno(0xd)
+	EADDRINUSE      = syscall.Errno(0x30)
+	EADDRNOTAVAIL   = syscall.Errno(0x31)
+	EAFNOSUPPORT    = syscall.Errno(0x2f)
+	EAGAIN          = syscall.Errno(0x23)
+	EALREADY        = syscall.Errno(0x25)
+	EAUTH           = syscall.Errno(0x50)
+	EBADF           = syscall.Errno(0x9)
+	EBADMSG         = syscall.Errno(0x58)
+	EBADRPC         = syscall.Errno(0x48)
+	EBUSY           = syscall.Errno(0x10)
+	ECANCELED       = syscall.Errno(0x57)
+	ECHILD          = syscall.Errno(0xa)
+	ECONNABORTED    = syscall.Errno(0x35)
+	ECONNREFUSED    = syscall.Errno(0x3d)
+	ECONNRESET      = syscall.Errno(0x36)
+	EDEADLK         = syscall.Errno(0xb)
+	EDESTADDRREQ    = syscall.Errno(0x27)
+	EDOM            = syscall.Errno(0x21)
+	EDQUOT          = syscall.Errno(0x45)
+	EEXIST          = syscall.Errno(0x11)
+	EFAULT          = syscall.Errno(0xe)
+	EFBIG           = syscall.Errno(0x1b)
+	EFTYPE          = syscall.Errno(0x4f)
+	EHOSTDOWN       = syscall.Errno(0x40)
+	EHOSTUNREACH    = syscall.Errno(0x41)
+	EIDRM           = syscall.Errno(0x52)
+	EILSEQ          = syscall.Errno(0x55)
+	EINPROGRESS     = syscall.Errno(0x24)
+	EINTR           = syscall.Errno(0x4)
+	EINVAL          = syscall.Errno(0x16)
+	EIO             = syscall.Errno(0x5)
+	EISCONN         = syscall.Errno(0x38)
+	EISDIR          = syscall.Errno(0x15)
+	ELAST           = syscall.Errno(0x60)
+	ELOOP           = syscall.Errno(0x3e)
+	EMFILE          = syscall.Errno(0x18)
+	EMLINK          = syscall.Errno(0x1f)
+	EMSGSIZE        = syscall.Errno(0x28)
+	EMULTIHOP       = syscall.Errno(0x5e)
+	ENAMETOOLONG    = syscall.Errno(0x3f)
+	ENEEDAUTH       = syscall.Errno(0x51)
+	ENETDOWN        = syscall.Errno(0x32)
+	ENETRESET       = syscall.Errno(0x34)
+	ENETUNREACH     = syscall.Errno(0x33)
+	ENFILE          = syscall.Errno(0x17)
+	ENOATTR         = syscall.Errno(0x5d)
+	ENOBUFS         = syscall.Errno(0x37)
+	ENODATA         = syscall.Errno(0x59)
+	ENODEV          = syscall.Errno(0x13)
+	ENOENT          = syscall.Errno(0x2)
+	ENOEXEC         = syscall.Errno(0x8)
+	ENOLCK          = syscall.Errno(0x4d)
+	ENOLINK         = syscall.Errno(0x5f)
+	ENOMEM          = syscall.Errno(0xc)
+	ENOMSG          = syscall.Errno(0x53)
+	ENOPROTOOPT     = syscall.Errno(0x2a)
+	ENOSPC          = syscall.Errno(0x1c)
+	ENOSR           = syscall.Errno(0x5a)
+	ENOSTR          = syscall.Errno(0x5b)
+	ENOSYS          = syscall.Errno(0x4e)
+	ENOTBLK         = syscall.Errno(0xf)
+	ENOTCONN        = syscall.Errno(0x39)
+	ENOTDIR         = syscall.Errno(0x14)
+	ENOTEMPTY       = syscall.Errno(0x42)
+	ENOTSOCK        = syscall.Errno(0x26)
+	ENOTSUP         = syscall.Errno(0x56)
+	ENOTTY          = syscall.Errno(0x19)
+	ENXIO           = syscall.Errno(0x6)
+	EOPNOTSUPP      = syscall.Errno(0x2d)
+	EOVERFLOW       = syscall.Errno(0x54)
+	EPERM           = syscall.Errno(0x1)
+	EPFNOSUPPORT    = syscall.Errno(0x2e)
+	EPIPE           = syscall.Errno(0x20)
+	EPROCLIM        = syscall.Errno(0x43)
+	EPROCUNAVAIL    = syscall.Errno(0x4c)
+	EPROGMISMATCH   = syscall.Errno(0x4b)
+	EPROGUNAVAIL    = syscall.Errno(0x4a)
+	EPROTO          = syscall.Errno(0x60)
+	EPROTONOSUPPORT = syscall.Errno(0x2b)
+	EPROTOTYPE      = syscall.Errno(0x29)
+	ERANGE          = syscall.Errno(0x22)
+	EREMOTE         = syscall.Errno(0x47)
+	EROFS           = syscall.Errno(0x1e)
+	ERPCMISMATCH    = syscall.Errno(0x49)
+	ESHUTDOWN       = syscall.Errno(0x3a)
+	ESOCKTNOSUPPORT = syscall.Errno(0x2c)
+	ESPIPE          = syscall.Errno(0x1d)
+	ESRCH           = syscall.Errno(0x3)
+	ESTALE          = syscall.Errno(0x46)
+	ETIME           = syscall.Errno(0x5c)
+	ETIMEDOUT       = syscall.Errno(0x3c)
+	ETOOMANYREFS    = syscall.Errno(0x3b)
+	ETXTBSY         = syscall.Errno(0x1a)
+	EUSERS          = syscall.Errno(0x44)
+	EWOULDBLOCK     = syscall.Errno(0x23)
+	EXDEV           = syscall.Errno(0x12)
+)
+
+// Signals
+const (
+	SIGABRT   = syscall.Signal(0x6)
+	SIGALRM   = syscall.Signal(0xe)
+	SIGBUS    = syscall.Signal(0xa)
+	SIGCHLD   = syscall.Signal(0x14)
+	SIGCONT   = syscall.Signal(0x13)
+	SIGEMT    = syscall.Signal(0x7)
+	SIGFPE    = syscall.Signal(0x8)
+	SIGHUP    = syscall.Signal(0x1)
+	SIGILL    = syscall.Signal(0x4)
+	SIGINFO   = syscall.Signal(0x1d)
+	SIGINT    = syscall.Signal(0x2)
+	SIGIO     = syscall.Signal(0x17)
+	SIGIOT    = syscall.Signal(0x6)
+	SIGKILL   = syscall.Signal(0x9)
+	SIGPIPE   = syscall.Signal(0xd)
+	SIGPROF   = syscall.Signal(0x1b)
+	SIGPWR    = syscall.Signal(0x20)
+	SIGQUIT   = syscall.Signal(0x3)
+	SIGSEGV   = syscall.Signal(0xb)
+	SIGSTOP   = syscall.Signal(0x11)
+	SIGSYS    = syscall.Signal(0xc)
+	SIGTERM   = syscall.Signal(0xf)
+	SIGTRAP   = syscall.Signal(0x5)
+	SIGTSTP   = syscall.Signal(0x12)
+	SIGTTIN   = syscall.Signal(0x15)
+	SIGTTOU   = syscall.Signal(0x16)
+	SIGURG    = syscall.Signal(0x10)
+	SIGUSR1   = syscall.Signal(0x1e)
+	SIGUSR2   = syscall.Signal(0x1f)
+	SIGVTALRM = syscall.Signal(0x1a)
+	SIGWINCH  = syscall.Signal(0x1c)
+	SIGXCPU   = syscall.Signal(0x18)
+	SIGXFSZ   = syscall.Signal(0x19)
+)
+
+// Error table
+var errorList = [...]struct {
+	num  syscall.Errno
+	name string
+	desc string
+}{
+	{1, "EPERM", "operation not permitted"},
+	{2, "ENOENT", "no such file or directory"},
+	{3, "ESRCH", "no such process"},
+	{4, "EINTR", "interrupted system call"},
+	{5, "EIO", "input/output error"},
+	{6, "ENXIO", "device not configured"},
+	{7, "E2BIG", "argument list too long"},
+	{8, "ENOEXEC", "exec format error"},
+	{9, "EBADF", "bad file descriptor"},
+	{10, "ECHILD", "no child processes"},
+	{11, "EDEADLK", "resource deadlock avoided"},
+	{12, "ENOMEM", "cannot allocate memory"},
+	{13, "EACCES", "permission denied"},
+	{14, "EFAULT", "bad address"},
+	{15, "ENOTBLK", "block device required"},
+	{16, "EBUSY", "device busy"},
+	{17, "EEXIST", "file exists"},
+	{18, "EXDEV", "cross-device link"},
+	{19, "ENODEV", "operation not supported by device"},
+	{20, "ENOTDIR", "not a directory"},
+	{21, "EISDIR", "is a directory"},
+	{22, "EINVAL", "invalid argument"},
+	{23, "ENFILE", "too many open files in system"},
+	{24, "EMFILE", "too many open files"},
+	{25, "ENOTTY", "inappropriate ioctl for device"},
+	{26, "ETXTBSY", "text file busy"},
+	{27, "EFBIG", "file too large"},
+	{28, "ENOSPC", "no space left on device"},
+	{29, "ESPIPE", "illegal seek"},
+	{30, "EROFS", "read-only file system"},
+	{31, "EMLINK", "too many links"},
+	{32, "EPIPE", "broken pipe"},
+	{33, "EDOM", "numerical argument out of domain"},
+	{34, "ERANGE", "result too large or too small"},
+	{35, "EAGAIN", "resource temporarily unavailable"},
+	{36, "EINPROGRESS", "operation now in progress"},
+	{37, "EALREADY", "operation already in progress"},
+	{38, "ENOTSOCK", "socket operation on non-socket"},
+	{39, "EDESTADDRREQ", "destination address required"},
+	{40, "EMSGSIZE", "message too long"},
+	{41, "EPROTOTYPE", "protocol wrong type for socket"},
+	{42, "ENOPROTOOPT", "protocol option not available"},
+	{43, "EPROTONOSUPPORT", "protocol not supported"},
+	{44, "ESOCKTNOSUPPORT", "socket type not supported"},
+	{45, "EOPNOTSUPP", "operation not supported"},
+	{46, "EPFNOSUPPORT", "protocol family not supported"},
+	{47, "EAFNOSUPPORT", "address family not supported by protocol family"},
+	{48, "EADDRINUSE", "address already in use"},
+	{49, "EADDRNOTAVAIL", "can't assign requested address"},
+	{50, "ENETDOWN", "network is down"},
+	{51, "ENETUNREACH", "network is unreachable"},
+	{52, "ENETRESET", "network dropped connection on reset"},
+	{53, "ECONNABORTED", "software caused connection abort"},
+	{54, "ECONNRESET", "connection reset by peer"},
+	{55, "ENOBUFS", "no buffer space available"},
+	{56, "EISCONN", "socket is already connected"},
+	{57, "ENOTCONN", "socket is not connected"},
+	{58, "ESHUTDOWN", "can't send after socket shutdown"},
+	{59, "ETOOMANYREFS", "too many references: can't splice"},
+	{60, "ETIMEDOUT", "connection timed out"},
+	{61, "ECONNREFUSED", "connection refused"},
+	{62, "ELOOP", "too many levels of symbolic links"},
+	{63, "ENAMETOOLONG", "file name too long"},
+	{64, "EHOSTDOWN", "host is down"},
+	{65, "EHOSTUNREACH", "no route to host"},
+	{66, "ENOTEMPTY", "directory not empty"},
+	{67, "EPROCLIM", "too many processes"},
+	{68, "EUSERS", "too many users"},
+	{69, "EDQUOT", "disc quota exceeded"},
+	{70, "ESTALE", "stale NFS file handle"},
+	{71, "EREMOTE", "too many levels of remote in path"},
+	{72, "EBADRPC", "RPC struct is bad"},
+	{73, "ERPCMISMATCH", "RPC version wrong"},
+	{74, "EPROGUNAVAIL", "RPC prog. not avail"},
+	{75, "EPROGMISMATCH", "program version wrong"},
+	{76, "EPROCUNAVAIL", "bad procedure for program"},
+	{77, "ENOLCK", "no locks available"},
+	{78, "ENOSYS", "function not implemented"},
+	{79, "EFTYPE", "inappropriate file type or format"},
+	{80, "EAUTH", "authentication error"},
+	{81, "ENEEDAUTH", "need authenticator"},
+	{82, "EIDRM", "identifier removed"},
+	{83, "ENOMSG", "no message of desired type"},
+	{84, "EOVERFLOW", "value too large to be stored in data type"},
+	{85, "EILSEQ", "illegal byte sequence"},
+	{86, "ENOTSUP", "not supported"},
+	{87, "ECANCELED", "operation Canceled"},
+	{88, "EBADMSG", "bad or Corrupt message"},
+	{89, "ENODATA", "no message available"},
+	{90, "ENOSR", "no STREAM resources"},
+	{91, "ENOSTR", "not a STREAM"},
+	{92, "ETIME", "STREAM ioctl timeout"},
+	{93, "ENOATTR", "attribute not found"},
+	{94, "EMULTIHOP", "multihop attempted"},
+	{95, "ENOLINK", "link has been severed"},
+	{96, "ELAST", "protocol error"},
+}
+
+// Signal table
+var signalList = [...]struct {
+	num  syscall.Signal
+	name string
+	desc string
+}{
+	{1, "SIGHUP", "hangup"},
+	{2, "SIGINT", "interrupt"},
+	{3, "SIGQUIT", "quit"},
+	{4, "SIGILL", "illegal instruction"},
+	{5, "SIGTRAP", "trace/BPT trap"},
+	{6, "SIGIOT", "abort trap"},
+	{7, "SIGEMT", "EMT trap"},
+	{8, "SIGFPE", "floating point exception"},
+	{9, "SIGKILL", "killed"},
+	{10, "SIGBUS", "bus error"},
+	{11, "SIGSEGV", "segmentation fault"},
+	{12, "SIGSYS", "bad system call"},
+	{13, "SIGPIPE", "broken pipe"},
+	{14, "SIGALRM", "alarm clock"},
+	{15, "SIGTERM", "terminated"},
+	{16, "SIGURG", "urgent I/O condition"},
+	{17, "SIGSTOP", "stopped (signal)"},
+	{18, "SIGTSTP", "stopped"},
+	{19, "SIGCONT", "continued"},
+	{20, "SIGCHLD", "child exited"},
+	{21, "SIGTTIN", "stopped (tty input)"},
+	{22, "SIGTTOU", "stopped (tty output)"},
+	{23, "SIGIO", "I/O possible"},
+	{24, "SIGXCPU", "cputime limit exceeded"},
+	{25, "SIGXFSZ", "filesize limit exceeded"},
+	{26, "SIGVTALRM", "virtual timer expired"},
+	{27, "SIGPROF", "profiling timer expired"},
+	{28, "SIGWINCH", "window size changes"},
+	{29, "SIGINFO", "information request"},
+	{30, "SIGUSR1", "user defined signal 1"},
+	{31, "SIGUSR2", "user defined signal 2"},
+	{32, "SIGPWR", "power fail/restart"},
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go
new file mode 100644
index 000000000..c865a10df
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go
@@ -0,0 +1,1664 @@
+// mkerrors.sh -m32
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build 386,openbsd
+
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs -- -m32 _const.go
+
+package unix
+
+import "syscall"
+
+const (
+	AF_APPLETALK                      = 0x10
+	AF_BLUETOOTH                      = 0x20
+	AF_CCITT                          = 0xa
+	AF_CHAOS                          = 0x5
+	AF_CNT                            = 0x15
+	AF_COIP                           = 0x14
+	AF_DATAKIT                        = 0x9
+	AF_DECnet                         = 0xc
+	AF_DLI                            = 0xd
+	AF_E164                           = 0x1a
+	AF_ECMA                           = 0x8
+	AF_ENCAP                          = 0x1c
+	AF_HYLINK                         = 0xf
+	AF_IMPLINK                        = 0x3
+	AF_INET                           = 0x2
+	AF_INET6                          = 0x18
+	AF_IPX                            = 0x17
+	AF_ISDN                           = 0x1a
+	AF_ISO                            = 0x7
+	AF_KEY                            = 0x1e
+	AF_LAT                            = 0xe
+	AF_LINK                           = 0x12
+	AF_LOCAL                          = 0x1
+	AF_MAX                            = 0x24
+	AF_MPLS                           = 0x21
+	AF_NATM                           = 0x1b
+	AF_NS                             = 0x6
+	AF_OSI                            = 0x7
+	AF_PUP                            = 0x4
+	AF_ROUTE                          = 0x11
+	AF_SIP                            = 0x1d
+	AF_SNA                            = 0xb
+	AF_UNIX                           = 0x1
+	AF_UNSPEC                         = 0x0
+	ARPHRD_ETHER                      = 0x1
+	ARPHRD_FRELAY                     = 0xf
+	ARPHRD_IEEE1394                   = 0x18
+	ARPHRD_IEEE802                    = 0x6
+	B0                                = 0x0
+	B110                              = 0x6e
+	B115200                           = 0x1c200
+	B1200                             = 0x4b0
+	B134                              = 0x86
+	B14400                            = 0x3840
+	B150                              = 0x96
+	B1800                             = 0x708
+	B19200                            = 0x4b00
+	B200                              = 0xc8
+	B230400                           = 0x38400
+	B2400                             = 0x960
+	B28800                            = 0x7080
+	B300                              = 0x12c
+	B38400                            = 0x9600
+	B4800                             = 0x12c0
+	B50                               = 0x32
+	B57600                            = 0xe100
+	B600                              = 0x258
+	B7200                             = 0x1c20
+	B75                               = 0x4b
+	B76800                            = 0x12c00
+	B9600                             = 0x2580
+	BIOCFLUSH                         = 0x20004268
+	BIOCGBLEN                         = 0x40044266
+	BIOCGDIRFILT                      = 0x4004427c
+	BIOCGDLT                          = 0x4004426a
+	BIOCGDLTLIST                      = 0xc008427b
+	BIOCGETIF                         = 0x4020426b
+	BIOCGFILDROP                      = 0x40044278
+	BIOCGHDRCMPLT                     = 0x40044274
+	BIOCGRSIG                         = 0x40044273
+	BIOCGRTIMEOUT                     = 0x400c426e
+	BIOCGSTATS                        = 0x4008426f
+	BIOCIMMEDIATE                     = 0x80044270
+	BIOCLOCK                          = 0x20004276
+	BIOCPROMISC                       = 0x20004269
+	BIOCSBLEN                         = 0xc0044266
+	BIOCSDIRFILT                      = 0x8004427d
+	BIOCSDLT                          = 0x8004427a
+	BIOCSETF                          = 0x80084267
+	BIOCSETIF                         = 0x8020426c
+	BIOCSETWF                         = 0x80084277
+	BIOCSFILDROP                      = 0x80044279
+	BIOCSHDRCMPLT                     = 0x80044275
+	BIOCSRSIG                         = 0x80044272
+	BIOCSRTIMEOUT                     = 0x800c426d
+	BIOCVERSION                       = 0x40044271
+	BPF_A                             = 0x10
+	BPF_ABS                           = 0x20
+	BPF_ADD                           = 0x0
+	BPF_ALIGNMENT                     = 0x4
+	BPF_ALU                           = 0x4
+	BPF_AND                           = 0x50
+	BPF_B                             = 0x10
+	BPF_DIRECTION_IN                  = 0x1
+	BPF_DIRECTION_OUT                 = 0x2
+	BPF_DIV                           = 0x30
+	BPF_H                             = 0x8
+	BPF_IMM                           = 0x0
+	BPF_IND                           = 0x40
+	BPF_JA                            = 0x0
+	BPF_JEQ                           = 0x10
+	BPF_JGE                           = 0x30
+	BPF_JGT                           = 0x20
+	BPF_JMP                           = 0x5
+	BPF_JSET                          = 0x40
+	BPF_K                             = 0x0
+	BPF_LD                            = 0x0
+	BPF_LDX                           = 0x1
+	BPF_LEN                           = 0x80
+	BPF_LSH                           = 0x60
+	BPF_MAJOR_VERSION                 = 0x1
+	BPF_MAXBUFSIZE                    = 0x200000
+	BPF_MAXINSNS                      = 0x200
+	BPF_MEM                           = 0x60
+	BPF_MEMWORDS                      = 0x10
+	BPF_MINBUFSIZE                    = 0x20
+	BPF_MINOR_VERSION                 = 0x1
+	BPF_MISC                          = 0x7
+	BPF_MSH                           = 0xa0
+	BPF_MUL                           = 0x20
+	BPF_NEG                           = 0x80
+	BPF_OR                            = 0x40
+	BPF_RELEASE                       = 0x30bb6
+	BPF_RET                           = 0x6
+	BPF_RSH                           = 0x70
+	BPF_ST                            = 0x2
+	BPF_STX                           = 0x3
+	BPF_SUB                           = 0x10
+	BPF_TAX                           = 0x0
+	BPF_TXA                           = 0x80
+	BPF_W                             = 0x0
+	BPF_X                             = 0x8
+	BRKINT                            = 0x2
+	CFLUSH                            = 0xf
+	CLOCAL                            = 0x8000
+	CPUSTATES                         = 0x6
+	CP_IDLE                           = 0x5
+	CP_INTR                           = 0x4
+	CP_NICE                           = 0x1
+	CP_SPIN                           = 0x3
+	CP_SYS                            = 0x2
+	CP_USER                           = 0x0
+	CREAD                             = 0x800
+	CRTSCTS                           = 0x10000
+	CS5                               = 0x0
+	CS6                               = 0x100
+	CS7                               = 0x200
+	CS8                               = 0x300
+	CSIZE                             = 0x300
+	CSTART                            = 0x11
+	CSTATUS                           = 0xff
+	CSTOP                             = 0x13
+	CSTOPB                            = 0x400
+	CSUSP                             = 0x1a
+	CTL_HW                            = 0x6
+	CTL_KERN                          = 0x1
+	CTL_MAXNAME                       = 0xc
+	CTL_NET                           = 0x4
+	DIOCOSFPFLUSH                     = 0x2000444e
+	DLT_ARCNET                        = 0x7
+	DLT_ATM_RFC1483                   = 0xb
+	DLT_AX25                          = 0x3
+	DLT_CHAOS                         = 0x5
+	DLT_C_HDLC                        = 0x68
+	DLT_EN10MB                        = 0x1
+	DLT_EN3MB                         = 0x2
+	DLT_ENC                           = 0xd
+	DLT_FDDI                          = 0xa
+	DLT_IEEE802                       = 0x6
+	DLT_IEEE802_11                    = 0x69
+	DLT_IEEE802_11_RADIO              = 0x7f
+	DLT_LOOP                          = 0xc
+	DLT_MPLS                          = 0xdb
+	DLT_NULL                          = 0x0
+	DLT_PFLOG                         = 0x75
+	DLT_PFSYNC                        = 0x12
+	DLT_PPP                           = 0x9
+	DLT_PPP_BSDOS                     = 0x10
+	DLT_PPP_ETHER                     = 0x33
+	DLT_PPP_SERIAL                    = 0x32
+	DLT_PRONET                        = 0x4
+	DLT_RAW                           = 0xe
+	DLT_SLIP                          = 0x8
+	DLT_SLIP_BSDOS                    = 0xf
+	DT_BLK                            = 0x6
+	DT_CHR                            = 0x2
+	DT_DIR                            = 0x4
+	DT_FIFO                           = 0x1
+	DT_LNK                            = 0xa
+	DT_REG                            = 0x8
+	DT_SOCK                           = 0xc
+	DT_UNKNOWN                        = 0x0
+	ECHO                              = 0x8
+	ECHOCTL                           = 0x40
+	ECHOE                             = 0x2
+	ECHOK                             = 0x4
+	ECHOKE                            = 0x1
+	ECHONL                            = 0x10
+	ECHOPRT                           = 0x20
+	EMT_TAGOVF                        = 0x1
+	EMUL_ENABLED                      = 0x1
+	EMUL_NATIVE                       = 0x2
+	ENDRUNDISC                        = 0x9
+	ETHERMIN                          = 0x2e
+	ETHERMTU                          = 0x5dc
+	ETHERTYPE_8023                    = 0x4
+	ETHERTYPE_AARP                    = 0x80f3
+	ETHERTYPE_ACCTON                  = 0x8390
+	ETHERTYPE_AEONIC                  = 0x8036
+	ETHERTYPE_ALPHA                   = 0x814a
+	ETHERTYPE_AMBER                   = 0x6008
+	ETHERTYPE_AMOEBA                  = 0x8145
+	ETHERTYPE_AOE                     = 0x88a2
+	ETHERTYPE_APOLLO                  = 0x80f7
+	ETHERTYPE_APOLLODOMAIN            = 0x8019
+	ETHERTYPE_APPLETALK               = 0x809b
+	ETHERTYPE_APPLITEK                = 0x80c7
+	ETHERTYPE_ARGONAUT                = 0x803a
+	ETHERTYPE_ARP                     = 0x806
+	ETHERTYPE_AT                      = 0x809b
+	ETHERTYPE_ATALK                   = 0x809b
+	ETHERTYPE_ATOMIC                  = 0x86df
+	ETHERTYPE_ATT                     = 0x8069
+	ETHERTYPE_ATTSTANFORD             = 0x8008
+	ETHERTYPE_AUTOPHON                = 0x806a
+	ETHERTYPE_AXIS                    = 0x8856
+	ETHERTYPE_BCLOOP                  = 0x9003
+	ETHERTYPE_BOFL                    = 0x8102
+	ETHERTYPE_CABLETRON               = 0x7034
+	ETHERTYPE_CHAOS                   = 0x804
+	ETHERTYPE_COMDESIGN               = 0x806c
+	ETHERTYPE_COMPUGRAPHIC            = 0x806d
+	ETHERTYPE_COUNTERPOINT            = 0x8062
+	ETHERTYPE_CRONUS                  = 0x8004
+	ETHERTYPE_CRONUSVLN               = 0x8003
+	ETHERTYPE_DCA                     = 0x1234
+	ETHERTYPE_DDE                     = 0x807b
+	ETHERTYPE_DEBNI                   = 0xaaaa
+	ETHERTYPE_DECAM                   = 0x8048
+	ETHERTYPE_DECCUST                 = 0x6006
+	ETHERTYPE_DECDIAG                 = 0x6005
+	ETHERTYPE_DECDNS                  = 0x803c
+	ETHERTYPE_DECDTS                  = 0x803e
+	ETHERTYPE_DECEXPER                = 0x6000
+	ETHERTYPE_DECLAST                 = 0x8041
+	ETHERTYPE_DECLTM                  = 0x803f
+	ETHERTYPE_DECMUMPS                = 0x6009
+	ETHERTYPE_DECNETBIOS              = 0x8040
+	ETHERTYPE_DELTACON                = 0x86de
+	ETHERTYPE_DIDDLE                  = 0x4321
+	ETHERTYPE_DLOG1                   = 0x660
+	ETHERTYPE_DLOG2                   = 0x661
+	ETHERTYPE_DN                      = 0x6003
+	ETHERTYPE_DOGFIGHT                = 0x1989
+	ETHERTYPE_DSMD                    = 0x8039
+	ETHERTYPE_ECMA                    = 0x803
+	ETHERTYPE_ENCRYPT                 = 0x803d
+	ETHERTYPE_ES                      = 0x805d
+	ETHERTYPE_EXCELAN                 = 0x8010
+	ETHERTYPE_EXPERDATA               = 0x8049
+	ETHERTYPE_FLIP                    = 0x8146
+	ETHERTYPE_FLOWCONTROL             = 0x8808
+	ETHERTYPE_FRARP                   = 0x808
+	ETHERTYPE_GENDYN                  = 0x8068
+	ETHERTYPE_HAYES                   = 0x8130
+	ETHERTYPE_HIPPI_FP                = 0x8180
+	ETHERTYPE_HITACHI                 = 0x8820
+	ETHERTYPE_HP                      = 0x8005
+	ETHERTYPE_IEEEPUP                 = 0xa00
+	ETHERTYPE_IEEEPUPAT               = 0xa01
+	ETHERTYPE_IMLBL                   = 0x4c42
+	ETHERTYPE_IMLBLDIAG               = 0x424c
+	ETHERTYPE_IP                      = 0x800
+	ETHERTYPE_IPAS                    = 0x876c
+	ETHERTYPE_IPV6                    = 0x86dd
+	ETHERTYPE_IPX                     = 0x8137
+	ETHERTYPE_IPXNEW                  = 0x8037
+	ETHERTYPE_KALPANA                 = 0x8582
+	ETHERTYPE_LANBRIDGE               = 0x8038
+	ETHERTYPE_LANPROBE                = 0x8888
+	ETHERTYPE_LAT                     = 0x6004
+	ETHERTYPE_LBACK                   = 0x9000
+	ETHERTYPE_LITTLE                  = 0x8060
+	ETHERTYPE_LLDP                    = 0x88cc
+	ETHERTYPE_LOGICRAFT               = 0x8148
+	ETHERTYPE_LOOPBACK                = 0x9000
+	ETHERTYPE_MATRA                   = 0x807a
+	ETHERTYPE_MAX                     = 0xffff
+	ETHERTYPE_MERIT                   = 0x807c
+	ETHERTYPE_MICP                    = 0x873a
+	ETHERTYPE_MOPDL                   = 0x6001
+	ETHERTYPE_MOPRC                   = 0x6002
+	ETHERTYPE_MOTOROLA                = 0x818d
+	ETHERTYPE_MPLS                    = 0x8847
+	ETHERTYPE_MPLS_MCAST              = 0x8848
+	ETHERTYPE_MUMPS                   = 0x813f
+	ETHERTYPE_NBPCC                   = 0x3c04
+	ETHERTYPE_NBPCLAIM                = 0x3c09
+	ETHERTYPE_NBPCLREQ                = 0x3c05
+	ETHERTYPE_NBPCLRSP                = 0x3c06
+	ETHERTYPE_NBPCREQ                 = 0x3c02
+	ETHERTYPE_NBPCRSP                 = 0x3c03
+	ETHERTYPE_NBPDG                   = 0x3c07
+	ETHERTYPE_NBPDGB                  = 0x3c08
+	ETHERTYPE_NBPDLTE                 = 0x3c0a
+	ETHERTYPE_NBPRAR                  = 0x3c0c
+	ETHERTYPE_NBPRAS                  = 0x3c0b
+	ETHERTYPE_NBPRST                  = 0x3c0d
+	ETHERTYPE_NBPSCD                  = 0x3c01
+	ETHERTYPE_NBPVCD                  = 0x3c00
+	ETHERTYPE_NBS                     = 0x802
+	ETHERTYPE_NCD                     = 0x8149
+	ETHERTYPE_NESTAR                  = 0x8006
+	ETHERTYPE_NETBEUI                 = 0x8191
+	ETHERTYPE_NOVELL                  = 0x8138
+	ETHERTYPE_NS                      = 0x600
+	ETHERTYPE_NSAT                    = 0x601
+	ETHERTYPE_NSCOMPAT                = 0x807
+	ETHERTYPE_NTRAILER                = 0x10
+	ETHERTYPE_OS9                     = 0x7007
+	ETHERTYPE_OS9NET                  = 0x7009
+	ETHERTYPE_PACER                   = 0x80c6
+	ETHERTYPE_PAE                     = 0x888e
+	ETHERTYPE_PCS                     = 0x4242
+	ETHERTYPE_PLANNING                = 0x8044
+	ETHERTYPE_PPP                     = 0x880b
+	ETHERTYPE_PPPOE                   = 0x8864
+	ETHERTYPE_PPPOEDISC               = 0x8863
+	ETHERTYPE_PRIMENTS                = 0x7031
+	ETHERTYPE_PUP                     = 0x200
+	ETHERTYPE_PUPAT                   = 0x200
+	ETHERTYPE_QINQ                    = 0x88a8
+	ETHERTYPE_RACAL                   = 0x7030
+	ETHERTYPE_RATIONAL                = 0x8150
+	ETHERTYPE_RAWFR                   = 0x6559
+	ETHERTYPE_RCL                     = 0x1995
+	ETHERTYPE_RDP                     = 0x8739
+	ETHERTYPE_RETIX                   = 0x80f2
+	ETHERTYPE_REVARP                  = 0x8035
+	ETHERTYPE_SCA                     = 0x6007
+	ETHERTYPE_SECTRA                  = 0x86db
+	ETHERTYPE_SECUREDATA              = 0x876d
+	ETHERTYPE_SGITW                   = 0x817e
+	ETHERTYPE_SG_BOUNCE               = 0x8016
+	ETHERTYPE_SG_DIAG                 = 0x8013
+	ETHERTYPE_SG_NETGAMES             = 0x8014
+	ETHERTYPE_SG_RESV                 = 0x8015
+	ETHERTYPE_SIMNET                  = 0x5208
+	ETHERTYPE_SLOW                    = 0x8809
+	ETHERTYPE_SNA                     = 0x80d5
+	ETHERTYPE_SNMP                    = 0x814c
+	ETHERTYPE_SONIX                   = 0xfaf5
+	ETHERTYPE_SPIDER                  = 0x809f
+	ETHERTYPE_SPRITE                  = 0x500
+	ETHERTYPE_STP                     = 0x8181
+	ETHERTYPE_TALARIS                 = 0x812b
+	ETHERTYPE_TALARISMC               = 0x852b
+	ETHERTYPE_TCPCOMP                 = 0x876b
+	ETHERTYPE_TCPSM                   = 0x9002
+	ETHERTYPE_TEC                     = 0x814f
+	ETHERTYPE_TIGAN                   = 0x802f
+	ETHERTYPE_TRAIL                   = 0x1000
+	ETHERTYPE_TRANSETHER              = 0x6558
+	ETHERTYPE_TYMSHARE                = 0x802e
+	ETHERTYPE_UBBST                   = 0x7005
+	ETHERTYPE_UBDEBUG                 = 0x900
+	ETHERTYPE_UBDIAGLOOP              = 0x7002
+	ETHERTYPE_UBDL                    = 0x7000
+	ETHERTYPE_UBNIU                   = 0x7001
+	ETHERTYPE_UBNMC                   = 0x7003
+	ETHERTYPE_VALID                   = 0x1600
+	ETHERTYPE_VARIAN                  = 0x80dd
+	ETHERTYPE_VAXELN                  = 0x803b
+	ETHERTYPE_VEECO                   = 0x8067
+	ETHERTYPE_VEXP                    = 0x805b
+	ETHERTYPE_VGLAB                   = 0x8131
+	ETHERTYPE_VINES                   = 0xbad
+	ETHERTYPE_VINESECHO               = 0xbaf
+	ETHERTYPE_VINESLOOP               = 0xbae
+	ETHERTYPE_VITAL                   = 0xff00
+	ETHERTYPE_VLAN                    = 0x8100
+	ETHERTYPE_VLTLMAN                 = 0x8080
+	ETHERTYPE_VPROD                   = 0x805c
+	ETHERTYPE_VURESERVED              = 0x8147
+	ETHERTYPE_WATERLOO                = 0x8130
+	ETHERTYPE_WELLFLEET               = 0x8103
+	ETHERTYPE_X25                     = 0x805
+	ETHERTYPE_X75                     = 0x801
+	ETHERTYPE_XNSSM                   = 0x9001
+	ETHERTYPE_XTP                     = 0x817d
+	ETHER_ADDR_LEN                    = 0x6
+	ETHER_ALIGN                       = 0x2
+	ETHER_CRC_LEN                     = 0x4
+	ETHER_CRC_POLY_BE                 = 0x4c11db6
+	ETHER_CRC_POLY_LE                 = 0xedb88320
+	ETHER_HDR_LEN                     = 0xe
+	ETHER_MAX_DIX_LEN                 = 0x600
+	ETHER_MAX_LEN                     = 0x5ee
+	ETHER_MIN_LEN                     = 0x40
+	ETHER_TYPE_LEN                    = 0x2
+	ETHER_VLAN_ENCAP_LEN              = 0x4
+	EVFILT_AIO                        = -0x3
+	EVFILT_PROC                       = -0x5
+	EVFILT_READ                       = -0x1
+	EVFILT_SIGNAL                     = -0x6
+	EVFILT_SYSCOUNT                   = 0x7
+	EVFILT_TIMER                      = -0x7
+	EVFILT_VNODE                      = -0x4
+	EVFILT_WRITE                      = -0x2
+	EV_ADD                            = 0x1
+	EV_CLEAR                          = 0x20
+	EV_DELETE                         = 0x2
+	EV_DISABLE                        = 0x8
+	EV_ENABLE                         = 0x4
+	EV_EOF                            = 0x8000
+	EV_ERROR                          = 0x4000
+	EV_FLAG1                          = 0x2000
+	EV_ONESHOT                        = 0x10
+	EV_SYSFLAGS                       = 0xf000
+	EXTA                              = 0x4b00
+	EXTB                              = 0x9600
+	EXTPROC                           = 0x800
+	FD_CLOEXEC                        = 0x1
+	FD_SETSIZE                        = 0x400
+	FLUSHO                            = 0x800000
+	F_DUPFD                           = 0x0
+	F_DUPFD_CLOEXEC                   = 0xa
+	F_GETFD                           = 0x1
+	F_GETFL                           = 0x3
+	F_GETLK                           = 0x7
+	F_GETOWN                          = 0x5
+	F_OK                              = 0x0
+	F_RDLCK                           = 0x1
+	F_SETFD                           = 0x2
+	F_SETFL                           = 0x4
+	F_SETLK                           = 0x8
+	F_SETLKW                          = 0x9
+	F_SETOWN                          = 0x6
+	F_UNLCK                           = 0x2
+	F_WRLCK                           = 0x3
+	HUPCL                             = 0x4000
+	HW_MACHINE                        = 0x1
+	ICANON                            = 0x100
+	ICMP6_FILTER                      = 0x12
+	ICRNL                             = 0x100
+	IEXTEN                            = 0x400
+	IFAN_ARRIVAL                      = 0x0
+	IFAN_DEPARTURE                    = 0x1
+	IFA_ROUTE                         = 0x1
+	IFF_ALLMULTI                      = 0x200
+	IFF_BROADCAST                     = 0x2
+	IFF_CANTCHANGE                    = 0x8e52
+	IFF_DEBUG                         = 0x4
+	IFF_LINK0                         = 0x1000
+	IFF_LINK1                         = 0x2000
+	IFF_LINK2                         = 0x4000
+	IFF_LOOPBACK                      = 0x8
+	IFF_MULTICAST                     = 0x8000
+	IFF_NOARP                         = 0x80
+	IFF_NOTRAILERS                    = 0x20
+	IFF_OACTIVE                       = 0x400
+	IFF_POINTOPOINT                   = 0x10
+	IFF_PROMISC                       = 0x100
+	IFF_RUNNING                       = 0x40
+	IFF_SIMPLEX                       = 0x800
+	IFF_UP                            = 0x1
+	IFNAMSIZ                          = 0x10
+	IFT_1822                          = 0x2
+	IFT_A12MPPSWITCH                  = 0x82
+	IFT_AAL2                          = 0xbb
+	IFT_AAL5                          = 0x31
+	IFT_ADSL                          = 0x5e
+	IFT_AFLANE8023                    = 0x3b
+	IFT_AFLANE8025                    = 0x3c
+	IFT_ARAP                          = 0x58
+	IFT_ARCNET                        = 0x23
+	IFT_ARCNETPLUS                    = 0x24
+	IFT_ASYNC                         = 0x54
+	IFT_ATM                           = 0x25
+	IFT_ATMDXI                        = 0x69
+	IFT_ATMFUNI                       = 0x6a
+	IFT_ATMIMA                        = 0x6b
+	IFT_ATMLOGICAL                    = 0x50
+	IFT_ATMRADIO                      = 0xbd
+	IFT_ATMSUBINTERFACE               = 0x86
+	IFT_ATMVCIENDPT                   = 0xc2
+	IFT_ATMVIRTUAL                    = 0x95
+	IFT_BGPPOLICYACCOUNTING           = 0xa2
+	IFT_BLUETOOTH                     = 0xf8
+	IFT_BRIDGE                        = 0xd1
+	IFT_BSC                           = 0x53
+	IFT_CARP                          = 0xf7
+	IFT_CCTEMUL                       = 0x3d
+	IFT_CEPT                          = 0x13
+	IFT_CES                           = 0x85
+	IFT_CHANNEL                       = 0x46
+	IFT_CNR                           = 0x55
+	IFT_COFFEE                        = 0x84
+	IFT_COMPOSITELINK                 = 0x9b
+	IFT_DCN                           = 0x8d
+	IFT_DIGITALPOWERLINE              = 0x8a
+	IFT_DIGITALWRAPPEROVERHEADCHANNEL = 0xba
+	IFT_DLSW                          = 0x4a
+	IFT_DOCSCABLEDOWNSTREAM           = 0x80
+	IFT_DOCSCABLEMACLAYER             = 0x7f
+	IFT_DOCSCABLEUPSTREAM             = 0x81
+	IFT_DOCSCABLEUPSTREAMCHANNEL      = 0xcd
+	IFT_DS0                           = 0x51
+	IFT_DS0BUNDLE                     = 0x52
+	IFT_DS1FDL                        = 0xaa
+	IFT_DS3                           = 0x1e
+	IFT_DTM                           = 0x8c
+	IFT_DUMMY                         = 0xf1
+	IFT_DVBASILN                      = 0xac
+	IFT_DVBASIOUT                     = 0xad
+	IFT_DVBRCCDOWNSTREAM              = 0x93
+	IFT_DVBRCCMACLAYER                = 0x92
+	IFT_DVBRCCUPSTREAM                = 0x94
+	IFT_ECONET                        = 0xce
+	IFT_ENC                           = 0xf4
+	IFT_EON                           = 0x19
+	IFT_EPLRS                         = 0x57
+	IFT_ESCON                         = 0x49
+	IFT_ETHER                         = 0x6
+	IFT_FAITH                         = 0xf3
+	IFT_FAST                          = 0x7d
+	IFT_FASTETHER                     = 0x3e
+	IFT_FASTETHERFX                   = 0x45
+	IFT_FDDI                          = 0xf
+	IFT_FIBRECHANNEL                  = 0x38
+	IFT_FRAMERELAYINTERCONNECT        = 0x3a
+	IFT_FRAMERELAYMPI                 = 0x5c
+	IFT_FRDLCIENDPT                   = 0xc1
+	IFT_FRELAY                        = 0x20
+	IFT_FRELAYDCE                     = 0x2c
+	IFT_FRF16MFRBUNDLE                = 0xa3
+	IFT_FRFORWARD                     = 0x9e
+	IFT_G703AT2MB                     = 0x43
+	IFT_G703AT64K                     = 0x42
+	IFT_GIF                           = 0xf0
+	IFT_GIGABITETHERNET               = 0x75
+	IFT_GR303IDT                      = 0xb2
+	IFT_GR303RDT                      = 0xb1
+	IFT_H323GATEKEEPER                = 0xa4
+	IFT_H323PROXY                     = 0xa5
+	IFT_HDH1822                       = 0x3
+	IFT_HDLC                          = 0x76
+	IFT_HDSL2                         = 0xa8
+	IFT_HIPERLAN2                     = 0xb7
+	IFT_HIPPI                         = 0x2f
+	IFT_HIPPIINTERFACE                = 0x39
+	IFT_HOSTPAD                       = 0x5a
+	IFT_HSSI                          = 0x2e
+	IFT_HY                            = 0xe
+	IFT_IBM370PARCHAN                 = 0x48
+	IFT_IDSL                          = 0x9a
+	IFT_IEEE1394                      = 0x90
+	IFT_IEEE80211                     = 0x47
+	IFT_IEEE80212                     = 0x37
+	IFT_IEEE8023ADLAG                 = 0xa1
+	IFT_IFGSN                         = 0x91
+	IFT_IMT                           = 0xbe
+	IFT_INFINIBAND                    = 0xc7
+	IFT_INTERLEAVE                    = 0x7c
+	IFT_IP                            = 0x7e
+	IFT_IPFORWARD                     = 0x8e
+	IFT_IPOVERATM                     = 0x72
+	IFT_IPOVERCDLC                    = 0x6d
+	IFT_IPOVERCLAW                    = 0x6e
+	IFT_IPSWITCH                      = 0x4e
+	IFT_ISDN                          = 0x3f
+	IFT_ISDNBASIC                     = 0x14
+	IFT_ISDNPRIMARY                   = 0x15
+	IFT_ISDNS                         = 0x4b
+	IFT_ISDNU                         = 0x4c
+	IFT_ISO88022LLC                   = 0x29
+	IFT_ISO88023                      = 0x7
+	IFT_ISO88024                      = 0x8
+	IFT_ISO88025                      = 0x9
+	IFT_ISO88025CRFPINT               = 0x62
+	IFT_ISO88025DTR                   = 0x56
+	IFT_ISO88025FIBER                 = 0x73
+	IFT_ISO88026                      = 0xa
+	IFT_ISUP                          = 0xb3
+	IFT_L2VLAN                        = 0x87
+	IFT_L3IPVLAN                      = 0x88
+	IFT_L3IPXVLAN                     = 0x89
+	IFT_LAPB                          = 0x10
+	IFT_LAPD                          = 0x4d
+	IFT_LAPF                          = 0x77
+	IFT_LINEGROUP                     = 0xd2
+	IFT_LOCALTALK                     = 0x2a
+	IFT_LOOP                          = 0x18
+	IFT_MEDIAMAILOVERIP               = 0x8b
+	IFT_MFSIGLINK                     = 0xa7
+	IFT_MIOX25                        = 0x26
+	IFT_MODEM                         = 0x30
+	IFT_MPC                           = 0x71
+	IFT_MPLS                          = 0xa6
+	IFT_MPLSTUNNEL                    = 0x96
+	IFT_MSDSL                         = 0x8f
+	IFT_MVL                           = 0xbf
+	IFT_MYRINET                       = 0x63
+	IFT_NFAS                          = 0xaf
+	IFT_NSIP                          = 0x1b
+	IFT_OPTICALCHANNEL                = 0xc3
+	IFT_OPTICALTRANSPORT              = 0xc4
+	IFT_OTHER                         = 0x1
+	IFT_P10                           = 0xc
+	IFT_P80                           = 0xd
+	IFT_PARA                          = 0x22
+	IFT_PFLOG                         = 0xf5
+	IFT_PFLOW                         = 0xf9
+	IFT_PFSYNC                        = 0xf6
+	IFT_PLC                           = 0xae
+	IFT_PON155                        = 0xcf
+	IFT_PON622                        = 0xd0
+	IFT_POS                           = 0xab
+	IFT_PPP                           = 0x17
+	IFT_PPPMULTILINKBUNDLE            = 0x6c
+	IFT_PROPATM                       = 0xc5
+	IFT_PROPBWAP2MP                   = 0xb8
+	IFT_PROPCNLS                      = 0x59
+	IFT_PROPDOCSWIRELESSDOWNSTREAM    = 0xb5
+	IFT_PROPDOCSWIRELESSMACLAYER      = 0xb4
+	IFT_PROPDOCSWIRELESSUPSTREAM      = 0xb6
+	IFT_PROPMUX                       = 0x36
+	IFT_PROPVIRTUAL                   = 0x35
+	IFT_PROPWIRELESSP2P               = 0x9d
+	IFT_PTPSERIAL                     = 0x16
+	IFT_PVC                           = 0xf2
+	IFT_Q2931                         = 0xc9
+	IFT_QLLC                          = 0x44
+	IFT_RADIOMAC                      = 0xbc
+	IFT_RADSL                         = 0x5f
+	IFT_REACHDSL                      = 0xc0
+	IFT_RFC1483                       = 0x9f
+	IFT_RS232                         = 0x21
+	IFT_RSRB                          = 0x4f
+	IFT_SDLC                          = 0x11
+	IFT_SDSL                          = 0x60
+	IFT_SHDSL                         = 0xa9
+	IFT_SIP                           = 0x1f
+	IFT_SIPSIG                        = 0xcc
+	IFT_SIPTG                         = 0xcb
+	IFT_SLIP                          = 0x1c
+	IFT_SMDSDXI                       = 0x2b
+	IFT_SMDSICIP                      = 0x34
+	IFT_SONET                         = 0x27
+	IFT_SONETOVERHEADCHANNEL          = 0xb9
+	IFT_SONETPATH                     = 0x32
+	IFT_SONETVT                       = 0x33
+	IFT_SRP                           = 0x97
+	IFT_SS7SIGLINK                    = 0x9c
+	IFT_STACKTOSTACK                  = 0x6f
+	IFT_STARLAN                       = 0xb
+	IFT_T1                            = 0x12
+	IFT_TDLC                          = 0x74
+	IFT_TELINK                        = 0xc8
+	IFT_TERMPAD                       = 0x5b
+	IFT_TR008                         = 0xb0
+	IFT_TRANSPHDLC                    = 0x7b
+	IFT_TUNNEL                        = 0x83
+	IFT_ULTRA                         = 0x1d
+	IFT_USB                           = 0xa0
+	IFT_V11                           = 0x40
+	IFT_V35                           = 0x2d
+	IFT_V36                           = 0x41
+	IFT_V37                           = 0x78
+	IFT_VDSL                          = 0x61
+	IFT_VIRTUALIPADDRESS              = 0x70
+	IFT_VIRTUALTG                     = 0xca
+	IFT_VOICEDID                      = 0xd5
+	IFT_VOICEEM                       = 0x64
+	IFT_VOICEEMFGD                    = 0xd3
+	IFT_VOICEENCAP                    = 0x67
+	IFT_VOICEFGDEANA                  = 0xd4
+	IFT_VOICEFXO                      = 0x65
+	IFT_VOICEFXS                      = 0x66
+	IFT_VOICEOVERATM                  = 0x98
+	IFT_VOICEOVERCABLE                = 0xc6
+	IFT_VOICEOVERFRAMERELAY           = 0x99
+	IFT_VOICEOVERIP                   = 0x68
+	IFT_X213                          = 0x5d
+	IFT_X25                           = 0x5
+	IFT_X25DDN                        = 0x4
+	IFT_X25HUNTGROUP                  = 0x7a
+	IFT_X25MLP                        = 0x79
+	IFT_X25PLE                        = 0x28
+	IFT_XETHER                        = 0x1a
+	IGNBRK                            = 0x1
+	IGNCR                             = 0x80
+	IGNPAR                            = 0x4
+	IMAXBEL                           = 0x2000
+	INLCR                             = 0x40
+	INPCK                             = 0x10
+	IN_CLASSA_HOST                    = 0xffffff
+	IN_CLASSA_MAX                     = 0x80
+	IN_CLASSA_NET                     = 0xff000000
+	IN_CLASSA_NSHIFT                  = 0x18
+	IN_CLASSB_HOST                    = 0xffff
+	IN_CLASSB_MAX                     = 0x10000
+	IN_CLASSB_NET                     = 0xffff0000
+	IN_CLASSB_NSHIFT                  = 0x10
+	IN_CLASSC_HOST                    = 0xff
+	IN_CLASSC_NET                     = 0xffffff00
+	IN_CLASSC_NSHIFT                  = 0x8
+	IN_CLASSD_HOST                    = 0xfffffff
+	IN_CLASSD_NET                     = 0xf0000000
+	IN_CLASSD_NSHIFT                  = 0x1c
+	IN_LOOPBACKNET                    = 0x7f
+	IN_RFC3021_HOST                   = 0x1
+	IN_RFC3021_NET                    = 0xfffffffe
+	IN_RFC3021_NSHIFT                 = 0x1f
+	IPPROTO_AH                        = 0x33
+	IPPROTO_CARP                      = 0x70
+	IPPROTO_DIVERT                    = 0x102
+	IPPROTO_DIVERT_INIT               = 0x2
+	IPPROTO_DIVERT_RESP               = 0x1
+	IPPROTO_DONE                      = 0x101
+	IPPROTO_DSTOPTS                   = 0x3c
+	IPPROTO_EGP                       = 0x8
+	IPPROTO_ENCAP                     = 0x62
+	IPPROTO_EON                       = 0x50
+	IPPROTO_ESP                       = 0x32
+	IPPROTO_ETHERIP                   = 0x61
+	IPPROTO_FRAGMENT                  = 0x2c
+	IPPROTO_GGP                       = 0x3
+	IPPROTO_GRE                       = 0x2f
+	IPPROTO_HOPOPTS                   = 0x0
+	IPPROTO_ICMP                      = 0x1
+	IPPROTO_ICMPV6                    = 0x3a
+	IPPROTO_IDP                       = 0x16
+	IPPROTO_IGMP                      = 0x2
+	IPPROTO_IP                        = 0x0
+	IPPROTO_IPCOMP                    = 0x6c
+	IPPROTO_IPIP                      = 0x4
+	IPPROTO_IPV4                      = 0x4
+	IPPROTO_IPV6                      = 0x29
+	IPPROTO_MAX                       = 0x100
+	IPPROTO_MAXID                     = 0x103
+	IPPROTO_MOBILE                    = 0x37
+	IPPROTO_MPLS                      = 0x89
+	IPPROTO_NONE                      = 0x3b
+	IPPROTO_PFSYNC                    = 0xf0
+	IPPROTO_PIM                       = 0x67
+	IPPROTO_PUP                       = 0xc
+	IPPROTO_RAW                       = 0xff
+	IPPROTO_ROUTING                   = 0x2b
+	IPPROTO_RSVP                      = 0x2e
+	IPPROTO_TCP                       = 0x6
+	IPPROTO_TP                        = 0x1d
+	IPPROTO_UDP                       = 0x11
+	IPV6_AUTH_LEVEL                   = 0x35
+	IPV6_AUTOFLOWLABEL                = 0x3b
+	IPV6_CHECKSUM                     = 0x1a
+	IPV6_DEFAULT_MULTICAST_HOPS       = 0x1
+	IPV6_DEFAULT_MULTICAST_LOOP       = 0x1
+	IPV6_DEFHLIM                      = 0x40
+	IPV6_DONTFRAG                     = 0x3e
+	IPV6_DSTOPTS                      = 0x32
+	IPV6_ESP_NETWORK_LEVEL            = 0x37
+	IPV6_ESP_TRANS_LEVEL              = 0x36
+	IPV6_FAITH                        = 0x1d
+	IPV6_FLOWINFO_MASK                = 0xffffff0f
+	IPV6_FLOWLABEL_MASK               = 0xffff0f00
+	IPV6_FRAGTTL                      = 0x78
+	IPV6_HLIMDEC                      = 0x1
+	IPV6_HOPLIMIT                     = 0x2f
+	IPV6_HOPOPTS                      = 0x31
+	IPV6_IPCOMP_LEVEL                 = 0x3c
+	IPV6_JOIN_GROUP                   = 0xc
+	IPV6_LEAVE_GROUP                  = 0xd
+	IPV6_MAXHLIM                      = 0xff
+	IPV6_MAXPACKET                    = 0xffff
+	IPV6_MMTU                         = 0x500
+	IPV6_MULTICAST_HOPS               = 0xa
+	IPV6_MULTICAST_IF                 = 0x9
+	IPV6_MULTICAST_LOOP               = 0xb
+	IPV6_NEXTHOP                      = 0x30
+	IPV6_OPTIONS                      = 0x1
+	IPV6_PATHMTU                      = 0x2c
+	IPV6_PIPEX                        = 0x3f
+	IPV6_PKTINFO                      = 0x2e
+	IPV6_PORTRANGE                    = 0xe
+	IPV6_PORTRANGE_DEFAULT            = 0x0
+	IPV6_PORTRANGE_HIGH               = 0x1
+	IPV6_PORTRANGE_LOW                = 0x2
+	IPV6_RECVDSTOPTS                  = 0x28
+	IPV6_RECVDSTPORT                  = 0x40
+	IPV6_RECVHOPLIMIT                 = 0x25
+	IPV6_RECVHOPOPTS                  = 0x27
+	IPV6_RECVPATHMTU                  = 0x2b
+	IPV6_RECVPKTINFO                  = 0x24
+	IPV6_RECVRTHDR                    = 0x26
+	IPV6_RECVTCLASS                   = 0x39
+	IPV6_RTABLE                       = 0x1021
+	IPV6_RTHDR                        = 0x33
+	IPV6_RTHDRDSTOPTS                 = 0x23
+	IPV6_RTHDR_LOOSE                  = 0x0
+	IPV6_RTHDR_STRICT                 = 0x1
+	IPV6_RTHDR_TYPE_0                 = 0x0
+	IPV6_SOCKOPT_RESERVED1            = 0x3
+	IPV6_TCLASS                       = 0x3d
+	IPV6_UNICAST_HOPS                 = 0x4
+	IPV6_USE_MIN_MTU                  = 0x2a
+	IPV6_V6ONLY                       = 0x1b
+	IPV6_VERSION                      = 0x60
+	IPV6_VERSION_MASK                 = 0xf0
+	IP_ADD_MEMBERSHIP                 = 0xc
+	IP_AUTH_LEVEL                     = 0x14
+	IP_DEFAULT_MULTICAST_LOOP         = 0x1
+	IP_DEFAULT_MULTICAST_TTL          = 0x1
+	IP_DF                             = 0x4000
+	IP_DIVERTFL                       = 0x1022
+	IP_DROP_MEMBERSHIP                = 0xd
+	IP_ESP_NETWORK_LEVEL              = 0x16
+	IP_ESP_TRANS_LEVEL                = 0x15
+	IP_HDRINCL                        = 0x2
+	IP_IPCOMP_LEVEL                   = 0x1d
+	IP_IPSECFLOWINFO                  = 0x24
+	IP_IPSEC_LOCAL_AUTH               = 0x1b
+	IP_IPSEC_LOCAL_CRED               = 0x19
+	IP_IPSEC_LOCAL_ID                 = 0x17
+	IP_IPSEC_REMOTE_AUTH              = 0x1c
+	IP_IPSEC_REMOTE_CRED              = 0x1a
+	IP_IPSEC_REMOTE_ID                = 0x18
+	IP_MAXPACKET                      = 0xffff
+	IP_MAX_MEMBERSHIPS                = 0xfff
+	IP_MF                             = 0x2000
+	IP_MINTTL                         = 0x20
+	IP_MIN_MEMBERSHIPS                = 0xf
+	IP_MSS                            = 0x240
+	IP_MULTICAST_IF                   = 0x9
+	IP_MULTICAST_LOOP                 = 0xb
+	IP_MULTICAST_TTL                  = 0xa
+	IP_OFFMASK                        = 0x1fff
+	IP_OPTIONS                        = 0x1
+	IP_PIPEX                          = 0x22
+	IP_PORTRANGE                      = 0x13
+	IP_PORTRANGE_DEFAULT              = 0x0
+	IP_PORTRANGE_HIGH                 = 0x1
+	IP_PORTRANGE_LOW                  = 0x2
+	IP_RECVDSTADDR                    = 0x7
+	IP_RECVDSTPORT                    = 0x21
+	IP_RECVIF                         = 0x1e
+	IP_RECVOPTS                       = 0x5
+	IP_RECVRETOPTS                    = 0x6
+	IP_RECVRTABLE                     = 0x23
+	IP_RECVTTL                        = 0x1f
+	IP_RETOPTS                        = 0x8
+	IP_RF                             = 0x8000
+	IP_RTABLE                         = 0x1021
+	IP_TOS                            = 0x3
+	IP_TTL                            = 0x4
+	ISIG                              = 0x80
+	ISTRIP                            = 0x20
+	IXANY                             = 0x800
+	IXOFF                             = 0x400
+	IXON                              = 0x200
+	KERN_HOSTNAME                     = 0xa
+	KERN_OSRELEASE                    = 0x2
+	KERN_OSTYPE                       = 0x1
+	KERN_VERSION                      = 0x4
+	LCNT_OVERLOAD_FLUSH               = 0x6
+	LOCK_EX                           = 0x2
+	LOCK_NB                           = 0x4
+	LOCK_SH                           = 0x1
+	LOCK_UN                           = 0x8
+	MADV_DONTNEED                     = 0x4
+	MADV_FREE                         = 0x6
+	MADV_NORMAL                       = 0x0
+	MADV_RANDOM                       = 0x1
+	MADV_SEQUENTIAL                   = 0x2
+	MADV_SPACEAVAIL                   = 0x5
+	MADV_WILLNEED                     = 0x3
+	MAP_ANON                          = 0x1000
+	MAP_ANONYMOUS                     = 0x1000
+	MAP_CONCEAL                       = 0x8000
+	MAP_COPY                          = 0x2
+	MAP_FILE                          = 0x0
+	MAP_FIXED                         = 0x10
+	MAP_FLAGMASK                      = 0xfff7
+	MAP_HASSEMAPHORE                  = 0x0
+	MAP_INHERIT                       = 0x0
+	MAP_INHERIT_COPY                  = 0x1
+	MAP_INHERIT_NONE                  = 0x2
+	MAP_INHERIT_SHARE                 = 0x0
+	MAP_NOEXTEND                      = 0x100
+	MAP_NORESERVE                     = 0x40
+	MAP_PRIVATE                       = 0x2
+	MAP_RENAME                        = 0x20
+	MAP_SHARED                        = 0x1
+	MAP_STACK                         = 0x4000
+	MAP_TRYFIXED                      = 0x0
+	MCL_CURRENT                       = 0x1
+	MCL_FUTURE                        = 0x2
+	MNT_ASYNC                         = 0x40
+	MNT_DEFEXPORTED                   = 0x200
+	MNT_DELEXPORT                     = 0x20000
+	MNT_DOOMED                        = 0x8000000
+	MNT_EXPORTANON                    = 0x400
+	MNT_EXPORTED                      = 0x100
+	MNT_EXRDONLY                      = 0x80
+	MNT_FORCE                         = 0x80000
+	MNT_LAZY                          = 0x3
+	MNT_LOCAL                         = 0x1000
+	MNT_NOATIME                       = 0x8000
+	MNT_NODEV                         = 0x10
+	MNT_NOEXEC                        = 0x4
+	MNT_NOSUID                        = 0x8
+	MNT_NOWAIT                        = 0x2
+	MNT_QUOTA                         = 0x2000
+	MNT_RDONLY                        = 0x1
+	MNT_RELOAD                        = 0x40000
+	MNT_ROOTFS                        = 0x4000
+	MNT_SOFTDEP                       = 0x4000000
+	MNT_SYNCHRONOUS                   = 0x2
+	MNT_UPDATE                        = 0x10000
+	MNT_VISFLAGMASK                   = 0x400ffff
+	MNT_WAIT                          = 0x1
+	MNT_WANTRDWR                      = 0x2000000
+	MNT_WXALLOWED                     = 0x800
+	MSG_BCAST                         = 0x100
+	MSG_CTRUNC                        = 0x20
+	MSG_DONTROUTE                     = 0x4
+	MSG_DONTWAIT                      = 0x80
+	MSG_EOR                           = 0x8
+	MSG_MCAST                         = 0x200
+	MSG_NOSIGNAL                      = 0x400
+	MSG_OOB                           = 0x1
+	MSG_PEEK                          = 0x2
+	MSG_TRUNC                         = 0x10
+	MSG_WAITALL                       = 0x40
+	MS_ASYNC                          = 0x1
+	MS_INVALIDATE                     = 0x4
+	MS_SYNC                           = 0x2
+	NAME_MAX                          = 0xff
+	NET_RT_DUMP                       = 0x1
+	NET_RT_FLAGS                      = 0x2
+	NET_RT_IFLIST                     = 0x3
+	NET_RT_MAXID                      = 0x6
+	NET_RT_STATS                      = 0x4
+	NET_RT_TABLE                      = 0x5
+	NFDBITS                           = 0x20
+	NOFLSH                            = 0x80000000
+	NOTE_ATTRIB                       = 0x8
+	NOTE_CHILD                        = 0x4
+	NOTE_DELETE                       = 0x1
+	NOTE_EOF                          = 0x2
+	NOTE_EXEC                         = 0x20000000
+	NOTE_EXIT                         = 0x80000000
+	NOTE_EXTEND                       = 0x4
+	NOTE_FORK                         = 0x40000000
+	NOTE_LINK                         = 0x10
+	NOTE_LOWAT                        = 0x1
+	NOTE_PCTRLMASK                    = 0xf0000000
+	NOTE_PDATAMASK                    = 0xfffff
+	NOTE_RENAME                       = 0x20
+	NOTE_REVOKE                       = 0x40
+	NOTE_TRACK                        = 0x1
+	NOTE_TRACKERR                     = 0x2
+	NOTE_TRUNCATE                     = 0x80
+	NOTE_WRITE                        = 0x2
+	OCRNL                             = 0x10
+	ONLCR                             = 0x2
+	ONLRET                            = 0x80
+	ONOCR                             = 0x40
+	ONOEOT                            = 0x8
+	OPOST                             = 0x1
+	O_ACCMODE                         = 0x3
+	O_APPEND                          = 0x8
+	O_ASYNC                           = 0x40
+	O_CLOEXEC                         = 0x10000
+	O_CREAT                           = 0x200
+	O_DIRECTORY                       = 0x20000
+	O_DSYNC                           = 0x80
+	O_EXCL                            = 0x800
+	O_EXLOCK                          = 0x20
+	O_FSYNC                           = 0x80
+	O_NDELAY                          = 0x4
+	O_NOCTTY                          = 0x8000
+	O_NOFOLLOW                        = 0x100
+	O_NONBLOCK                        = 0x4
+	O_RDONLY                          = 0x0
+	O_RDWR                            = 0x2
+	O_RSYNC                           = 0x80
+	O_SHLOCK                          = 0x10
+	O_SYNC                            = 0x80
+	O_TRUNC                           = 0x400
+	O_WRONLY                          = 0x1
+	PARENB                            = 0x1000
+	PARMRK                            = 0x8
+	PARODD                            = 0x2000
+	PENDIN                            = 0x20000000
+	PF_FLUSH                          = 0x1
+	PRIO_PGRP                         = 0x1
+	PRIO_PROCESS                      = 0x0
+	PRIO_USER                         = 0x2
+	PROT_EXEC                         = 0x4
+	PROT_NONE                         = 0x0
+	PROT_READ                         = 0x1
+	PROT_WRITE                        = 0x2
+	PT_MASK                           = 0x3ff000
+	RLIMIT_CORE                       = 0x4
+	RLIMIT_CPU                        = 0x0
+	RLIMIT_DATA                       = 0x2
+	RLIMIT_FSIZE                      = 0x1
+	RLIMIT_NOFILE                     = 0x8
+	RLIMIT_STACK                      = 0x3
+	RLIM_INFINITY                     = 0x7fffffffffffffff
+	RTAX_AUTHOR                       = 0x6
+	RTAX_BRD                          = 0x7
+	RTAX_DST                          = 0x0
+	RTAX_GATEWAY                      = 0x1
+	RTAX_GENMASK                      = 0x3
+	RTAX_IFA                          = 0x5
+	RTAX_IFP                          = 0x4
+	RTAX_LABEL                        = 0xa
+	RTAX_MAX                          = 0xb
+	RTAX_NETMASK                      = 0x2
+	RTAX_SRC                          = 0x8
+	RTAX_SRCMASK                      = 0x9
+	RTA_AUTHOR                        = 0x40
+	RTA_BRD                           = 0x80
+	RTA_DST                           = 0x1
+	RTA_GATEWAY                       = 0x2
+	RTA_GENMASK                       = 0x8
+	RTA_IFA                           = 0x20
+	RTA_IFP                           = 0x10
+	RTA_LABEL                         = 0x400
+	RTA_NETMASK                       = 0x4
+	RTA_SRC                           = 0x100
+	RTA_SRCMASK                       = 0x200
+	RTF_ANNOUNCE                      = 0x4000
+	RTF_BLACKHOLE                     = 0x1000
+	RTF_CLONED                        = 0x10000
+	RTF_CLONING                       = 0x100
+	RTF_DONE                          = 0x40
+	RTF_DYNAMIC                       = 0x10
+	RTF_FMASK                         = 0x10f808
+	RTF_GATEWAY                       = 0x2
+	RTF_HOST                          = 0x4
+	RTF_LLINFO                        = 0x400
+	RTF_MASK                          = 0x80
+	RTF_MODIFIED                      = 0x20
+	RTF_MPATH                         = 0x40000
+	RTF_MPLS                          = 0x100000
+	RTF_PERMANENT_ARP                 = 0x2000
+	RTF_PROTO1                        = 0x8000
+	RTF_PROTO2                        = 0x4000
+	RTF_PROTO3                        = 0x2000
+	RTF_REJECT                        = 0x8
+	RTF_SOURCE                        = 0x20000
+	RTF_STATIC                        = 0x800
+	RTF_TUNNEL                        = 0x100000
+	RTF_UP                            = 0x1
+	RTF_USETRAILERS                   = 0x8000
+	RTF_XRESOLVE                      = 0x200
+	RTM_ADD                           = 0x1
+	RTM_CHANGE                        = 0x3
+	RTM_DELADDR                       = 0xd
+	RTM_DELETE                        = 0x2
+	RTM_DESYNC                        = 0x10
+	RTM_GET                           = 0x4
+	RTM_IFANNOUNCE                    = 0xf
+	RTM_IFINFO                        = 0xe
+	RTM_LOCK                          = 0x8
+	RTM_LOSING                        = 0x5
+	RTM_MAXSIZE                       = 0x800
+	RTM_MISS                          = 0x7
+	RTM_NEWADDR                       = 0xc
+	RTM_REDIRECT                      = 0x6
+	RTM_RESOLVE                       = 0xb
+	RTM_RTTUNIT                       = 0xf4240
+	RTM_VERSION                       = 0x5
+	RTV_EXPIRE                        = 0x4
+	RTV_HOPCOUNT                      = 0x2
+	RTV_MTU                           = 0x1
+	RTV_RPIPE                         = 0x8
+	RTV_RTT                           = 0x40
+	RTV_RTTVAR                        = 0x80
+	RTV_SPIPE                         = 0x10
+	RTV_SSTHRESH                      = 0x20
+	RT_TABLEID_MAX                    = 0xff
+	RUSAGE_CHILDREN                   = -0x1
+	RUSAGE_SELF                       = 0x0
+	RUSAGE_THREAD                     = 0x1
+	SCM_RIGHTS                        = 0x1
+	SCM_TIMESTAMP                     = 0x4
+	SHUT_RD                           = 0x0
+	SHUT_RDWR                         = 0x2
+	SHUT_WR                           = 0x1
+	SIOCADDMULTI                      = 0x80206931
+	SIOCAIFADDR                       = 0x8040691a
+	SIOCAIFGROUP                      = 0x80246987
+	SIOCALIFADDR                      = 0x8218691c
+	SIOCATMARK                        = 0x40047307
+	SIOCBRDGADD                       = 0x8054693c
+	SIOCBRDGADDS                      = 0x80546941
+	SIOCBRDGARL                       = 0x806e694d
+	SIOCBRDGDADDR                     = 0x81286947
+	SIOCBRDGDEL                       = 0x8054693d
+	SIOCBRDGDELS                      = 0x80546942
+	SIOCBRDGFLUSH                     = 0x80546948
+	SIOCBRDGFRL                       = 0x806e694e
+	SIOCBRDGGCACHE                    = 0xc0146941
+	SIOCBRDGGFD                       = 0xc0146952
+	SIOCBRDGGHT                       = 0xc0146951
+	SIOCBRDGGIFFLGS                   = 0xc054693e
+	SIOCBRDGGMA                       = 0xc0146953
+	SIOCBRDGGPARAM                    = 0xc03c6958
+	SIOCBRDGGPRI                      = 0xc0146950
+	SIOCBRDGGRL                       = 0xc028694f
+	SIOCBRDGGSIFS                     = 0xc054693c
+	SIOCBRDGGTO                       = 0xc0146946
+	SIOCBRDGIFS                       = 0xc0546942
+	SIOCBRDGRTS                       = 0xc0186943
+	SIOCBRDGSADDR                     = 0xc1286944
+	SIOCBRDGSCACHE                    = 0x80146940
+	SIOCBRDGSFD                       = 0x80146952
+	SIOCBRDGSHT                       = 0x80146951
+	SIOCBRDGSIFCOST                   = 0x80546955
+	SIOCBRDGSIFFLGS                   = 0x8054693f
+	SIOCBRDGSIFPRIO                   = 0x80546954
+	SIOCBRDGSMA                       = 0x80146953
+	SIOCBRDGSPRI                      = 0x80146950
+	SIOCBRDGSPROTO                    = 0x8014695a
+	SIOCBRDGSTO                       = 0x80146945
+	SIOCBRDGSTXHC                     = 0x80146959
+	SIOCDELMULTI                      = 0x80206932
+	SIOCDIFADDR                       = 0x80206919
+	SIOCDIFGROUP                      = 0x80246989
+	SIOCDIFPHYADDR                    = 0x80206949
+	SIOCDLIFADDR                      = 0x8218691e
+	SIOCGETKALIVE                     = 0xc01869a4
+	SIOCGETLABEL                      = 0x8020699a
+	SIOCGETPFLOW                      = 0xc02069fe
+	SIOCGETPFSYNC                     = 0xc02069f8
+	SIOCGETSGCNT                      = 0xc0147534
+	SIOCGETVIFCNT                     = 0xc0147533
+	SIOCGETVLAN                       = 0xc0206990
+	SIOCGHIWAT                        = 0x40047301
+	SIOCGIFADDR                       = 0xc0206921
+	SIOCGIFASYNCMAP                   = 0xc020697c
+	SIOCGIFBRDADDR                    = 0xc0206923
+	SIOCGIFCONF                       = 0xc0086924
+	SIOCGIFDATA                       = 0xc020691b
+	SIOCGIFDESCR                      = 0xc0206981
+	SIOCGIFDSTADDR                    = 0xc0206922
+	SIOCGIFFLAGS                      = 0xc0206911
+	SIOCGIFGATTR                      = 0xc024698b
+	SIOCGIFGENERIC                    = 0xc020693a
+	SIOCGIFGMEMB                      = 0xc024698a
+	SIOCGIFGROUP                      = 0xc0246988
+	SIOCGIFHARDMTU                    = 0xc02069a5
+	SIOCGIFMEDIA                      = 0xc0286936
+	SIOCGIFMETRIC                     = 0xc0206917
+	SIOCGIFMTU                        = 0xc020697e
+	SIOCGIFNETMASK                    = 0xc0206925
+	SIOCGIFPDSTADDR                   = 0xc0206948
+	SIOCGIFPRIORITY                   = 0xc020699c
+	SIOCGIFPSRCADDR                   = 0xc0206947
+	SIOCGIFRDOMAIN                    = 0xc02069a0
+	SIOCGIFRTLABEL                    = 0xc0206983
+	SIOCGIFTIMESLOT                   = 0xc0206986
+	SIOCGIFXFLAGS                     = 0xc020699e
+	SIOCGLIFADDR                      = 0xc218691d
+	SIOCGLIFPHYADDR                   = 0xc218694b
+	SIOCGLIFPHYRTABLE                 = 0xc02069a2
+	SIOCGLIFPHYTTL                    = 0xc02069a9
+	SIOCGLOWAT                        = 0x40047303
+	SIOCGPGRP                         = 0x40047309
+	SIOCGSPPPPARAMS                   = 0xc0206994
+	SIOCGVH                           = 0xc02069f6
+	SIOCGVNETID                       = 0xc02069a7
+	SIOCIFCREATE                      = 0x8020697a
+	SIOCIFDESTROY                     = 0x80206979
+	SIOCIFGCLONERS                    = 0xc00c6978
+	SIOCSETKALIVE                     = 0x801869a3
+	SIOCSETLABEL                      = 0x80206999
+	SIOCSETPFLOW                      = 0x802069fd
+	SIOCSETPFSYNC                     = 0x802069f7
+	SIOCSETVLAN                       = 0x8020698f
+	SIOCSHIWAT                        = 0x80047300
+	SIOCSIFADDR                       = 0x8020690c
+	SIOCSIFASYNCMAP                   = 0x8020697d
+	SIOCSIFBRDADDR                    = 0x80206913
+	SIOCSIFDESCR                      = 0x80206980
+	SIOCSIFDSTADDR                    = 0x8020690e
+	SIOCSIFFLAGS                      = 0x80206910
+	SIOCSIFGATTR                      = 0x8024698c
+	SIOCSIFGENERIC                    = 0x80206939
+	SIOCSIFLLADDR                     = 0x8020691f
+	SIOCSIFMEDIA                      = 0xc0206935
+	SIOCSIFMETRIC                     = 0x80206918
+	SIOCSIFMTU                        = 0x8020697f
+	SIOCSIFNETMASK                    = 0x80206916
+	SIOCSIFPHYADDR                    = 0x80406946
+	SIOCSIFPRIORITY                   = 0x8020699b
+	SIOCSIFRDOMAIN                    = 0x8020699f
+	SIOCSIFRTLABEL                    = 0x80206982
+	SIOCSIFTIMESLOT                   = 0x80206985
+	SIOCSIFXFLAGS                     = 0x8020699d
+	SIOCSLIFPHYADDR                   = 0x8218694a
+	SIOCSLIFPHYRTABLE                 = 0x802069a1
+	SIOCSLIFPHYTTL                    = 0x802069a8
+	SIOCSLOWAT                        = 0x80047302
+	SIOCSPGRP                         = 0x80047308
+	SIOCSSPPPPARAMS                   = 0x80206993
+	SIOCSVH                           = 0xc02069f5
+	SIOCSVNETID                       = 0x802069a6
+	SOCK_DGRAM                        = 0x2
+	SOCK_RAW                          = 0x3
+	SOCK_RDM                          = 0x4
+	SOCK_SEQPACKET                    = 0x5
+	SOCK_STREAM                       = 0x1
+	SOL_SOCKET                        = 0xffff
+	SOMAXCONN                         = 0x80
+	SO_ACCEPTCONN                     = 0x2
+	SO_BINDANY                        = 0x1000
+	SO_BROADCAST                      = 0x20
+	SO_DEBUG                          = 0x1
+	SO_DONTROUTE                      = 0x10
+	SO_ERROR                          = 0x1007
+	SO_KEEPALIVE                      = 0x8
+	SO_LINGER                         = 0x80
+	SO_NETPROC                        = 0x1020
+	SO_OOBINLINE                      = 0x100
+	SO_PEERCRED                       = 0x1022
+	SO_RCVBUF                         = 0x1002
+	SO_RCVLOWAT                       = 0x1004
+	SO_RCVTIMEO                       = 0x1006
+	SO_REUSEADDR                      = 0x4
+	SO_REUSEPORT                      = 0x200
+	SO_RTABLE                         = 0x1021
+	SO_SNDBUF                         = 0x1001
+	SO_SNDLOWAT                       = 0x1003
+	SO_SNDTIMEO                       = 0x1005
+	SO_SPLICE                         = 0x1023
+	SO_TIMESTAMP                      = 0x800
+	SO_TYPE                           = 0x1008
+	SO_USELOOPBACK                    = 0x40
+	S_BLKSIZE                         = 0x200
+	S_IEXEC                           = 0x40
+	S_IFBLK                           = 0x6000
+	S_IFCHR                           = 0x2000
+	S_IFDIR                           = 0x4000
+	S_IFIFO                           = 0x1000
+	S_IFLNK                           = 0xa000
+	S_IFMT                            = 0xf000
+	S_IFREG                           = 0x8000
+	S_IFSOCK                          = 0xc000
+	S_IREAD                           = 0x100
+	S_IRGRP                           = 0x20
+	S_IROTH                           = 0x4
+	S_IRUSR                           = 0x100
+	S_IRWXG                           = 0x38
+	S_IRWXO                           = 0x7
+	S_IRWXU                           = 0x1c0
+	S_ISGID                           = 0x400
+	S_ISTXT                           = 0x200
+	S_ISUID                           = 0x800
+	S_ISVTX                           = 0x200
+	S_IWGRP                           = 0x10
+	S_IWOTH                           = 0x2
+	S_IWRITE                          = 0x80
+	S_IWUSR                           = 0x80
+	S_IXGRP                           = 0x8
+	S_IXOTH                           = 0x1
+	S_IXUSR                           = 0x40
+	TCIFLUSH                          = 0x1
+	TCIOFLUSH                         = 0x3
+	TCOFLUSH                          = 0x2
+	TCP_MAXBURST                      = 0x4
+	TCP_MAXSEG                        = 0x2
+	TCP_MAXWIN                        = 0xffff
+	TCP_MAX_SACK                      = 0x3
+	TCP_MAX_WINSHIFT                  = 0xe
+	TCP_MD5SIG                        = 0x4
+	TCP_MSS                           = 0x200
+	TCP_NODELAY                       = 0x1
+	TCP_NOPUSH                        = 0x10
+	TCP_NSTATES                       = 0xb
+	TCP_SACK_ENABLE                   = 0x8
+	TCSAFLUSH                         = 0x2
+	TIOCCBRK                          = 0x2000747a
+	TIOCCDTR                          = 0x20007478
+	TIOCCONS                          = 0x80047462
+	TIOCDRAIN                         = 0x2000745e
+	TIOCEXCL                          = 0x2000740d
+	TIOCEXT                           = 0x80047460
+	TIOCFLAG_CLOCAL                   = 0x2
+	TIOCFLAG_CRTSCTS                  = 0x4
+	TIOCFLAG_MDMBUF                   = 0x8
+	TIOCFLAG_PPS                      = 0x10
+	TIOCFLAG_SOFTCAR                  = 0x1
+	TIOCFLUSH                         = 0x80047410
+	TIOCGETA                          = 0x402c7413
+	TIOCGETD                          = 0x4004741a
+	TIOCGFLAGS                        = 0x4004745d
+	TIOCGPGRP                         = 0x40047477
+	TIOCGSID                          = 0x40047463
+	TIOCGTSTAMP                       = 0x400c745b
+	TIOCGWINSZ                        = 0x40087468
+	TIOCMBIC                          = 0x8004746b
+	TIOCMBIS                          = 0x8004746c
+	TIOCMGET                          = 0x4004746a
+	TIOCMODG                          = 0x4004746a
+	TIOCMODS                          = 0x8004746d
+	TIOCMSET                          = 0x8004746d
+	TIOCM_CAR                         = 0x40
+	TIOCM_CD                          = 0x40
+	TIOCM_CTS                         = 0x20
+	TIOCM_DSR                         = 0x100
+	TIOCM_DTR                         = 0x2
+	TIOCM_LE                          = 0x1
+	TIOCM_RI                          = 0x80
+	TIOCM_RNG                         = 0x80
+	TIOCM_RTS                         = 0x4
+	TIOCM_SR                          = 0x10
+	TIOCM_ST                          = 0x8
+	TIOCNOTTY                         = 0x20007471
+	TIOCNXCL                          = 0x2000740e
+	TIOCOUTQ                          = 0x40047473
+	TIOCPKT                           = 0x80047470
+	TIOCPKT_DATA                      = 0x0
+	TIOCPKT_DOSTOP                    = 0x20
+	TIOCPKT_FLUSHREAD                 = 0x1
+	TIOCPKT_FLUSHWRITE                = 0x2
+	TIOCPKT_IOCTL                     = 0x40
+	TIOCPKT_NOSTOP                    = 0x10
+	TIOCPKT_START                     = 0x8
+	TIOCPKT_STOP                      = 0x4
+	TIOCREMOTE                        = 0x80047469
+	TIOCSBRK                          = 0x2000747b
+	TIOCSCTTY                         = 0x20007461
+	TIOCSDTR                          = 0x20007479
+	TIOCSETA                          = 0x802c7414
+	TIOCSETAF                         = 0x802c7416
+	TIOCSETAW                         = 0x802c7415
+	TIOCSETD                          = 0x8004741b
+	TIOCSFLAGS                        = 0x8004745c
+	TIOCSIG                           = 0x8004745f
+	TIOCSPGRP                         = 0x80047476
+	TIOCSTART                         = 0x2000746e
+	TIOCSTAT                          = 0x80047465
+	TIOCSTI                           = 0x80017472
+	TIOCSTOP                          = 0x2000746f
+	TIOCSTSTAMP                       = 0x8008745a
+	TIOCSWINSZ                        = 0x80087467
+	TIOCUCNTL                         = 0x80047466
+	TOSTOP                            = 0x400000
+	VDISCARD                          = 0xf
+	VDSUSP                            = 0xb
+	VEOF                              = 0x0
+	VEOL                              = 0x1
+	VEOL2                             = 0x2
+	VERASE                            = 0x3
+	VINTR                             = 0x8
+	VKILL                             = 0x5
+	VLNEXT                            = 0xe
+	VMIN                              = 0x10
+	VQUIT                             = 0x9
+	VREPRINT                          = 0x6
+	VSTART                            = 0xc
+	VSTATUS                           = 0x12
+	VSTOP                             = 0xd
+	VSUSP                             = 0xa
+	VTIME                             = 0x11
+	VWERASE                           = 0x4
+	WALTSIG                           = 0x4
+	WCONTINUED                        = 0x8
+	WCOREFLAG                         = 0x80
+	WNOHANG                           = 0x1
+	WSTOPPED                          = 0x7f
+	WUNTRACED                         = 0x2
+)
+
+// Errors
+const (
+	E2BIG           = syscall.Errno(0x7)
+	EACCES          = syscall.Errno(0xd)
+	EADDRINUSE      = syscall.Errno(0x30)
+	EADDRNOTAVAIL   = syscall.Errno(0x31)
+	EAFNOSUPPORT    = syscall.Errno(0x2f)
+	EAGAIN          = syscall.Errno(0x23)
+	EALREADY        = syscall.Errno(0x25)
+	EAUTH           = syscall.Errno(0x50)
+	EBADF           = syscall.Errno(0x9)
+	EBADRPC         = syscall.Errno(0x48)
+	EBUSY           = syscall.Errno(0x10)
+	ECANCELED       = syscall.Errno(0x58)
+	ECHILD          = syscall.Errno(0xa)
+	ECONNABORTED    = syscall.Errno(0x35)
+	ECONNREFUSED    = syscall.Errno(0x3d)
+	ECONNRESET      = syscall.Errno(0x36)
+	EDEADLK         = syscall.Errno(0xb)
+	EDESTADDRREQ    = syscall.Errno(0x27)
+	EDOM            = syscall.Errno(0x21)
+	EDQUOT          = syscall.Errno(0x45)
+	EEXIST          = syscall.Errno(0x11)
+	EFAULT          = syscall.Errno(0xe)
+	EFBIG           = syscall.Errno(0x1b)
+	EFTYPE          = syscall.Errno(0x4f)
+	EHOSTDOWN       = syscall.Errno(0x40)
+	EHOSTUNREACH    = syscall.Errno(0x41)
+	EIDRM           = syscall.Errno(0x59)
+	EILSEQ          = syscall.Errno(0x54)
+	EINPROGRESS     = syscall.Errno(0x24)
+	EINTR           = syscall.Errno(0x4)
+	EINVAL          = syscall.Errno(0x16)
+	EIO             = syscall.Errno(0x5)
+	EIPSEC          = syscall.Errno(0x52)
+	EISCONN         = syscall.Errno(0x38)
+	EISDIR          = syscall.Errno(0x15)
+	ELAST           = syscall.Errno(0x5b)
+	ELOOP           = syscall.Errno(0x3e)
+	EMEDIUMTYPE     = syscall.Errno(0x56)
+	EMFILE          = syscall.Errno(0x18)
+	EMLINK          = syscall.Errno(0x1f)
+	EMSGSIZE        = syscall.Errno(0x28)
+	ENAMETOOLONG    = syscall.Errno(0x3f)
+	ENEEDAUTH       = syscall.Errno(0x51)
+	ENETDOWN        = syscall.Errno(0x32)
+	ENETRESET       = syscall.Errno(0x34)
+	ENETUNREACH     = syscall.Errno(0x33)
+	ENFILE          = syscall.Errno(0x17)
+	ENOATTR         = syscall.Errno(0x53)
+	ENOBUFS         = syscall.Errno(0x37)
+	ENODEV          = syscall.Errno(0x13)
+	ENOENT          = syscall.Errno(0x2)
+	ENOEXEC         = syscall.Errno(0x8)
+	ENOLCK          = syscall.Errno(0x4d)
+	ENOMEDIUM       = syscall.Errno(0x55)
+	ENOMEM          = syscall.Errno(0xc)
+	ENOMSG          = syscall.Errno(0x5a)
+	ENOPROTOOPT     = syscall.Errno(0x2a)
+	ENOSPC          = syscall.Errno(0x1c)
+	ENOSYS          = syscall.Errno(0x4e)
+	ENOTBLK         = syscall.Errno(0xf)
+	ENOTCONN        = syscall.Errno(0x39)
+	ENOTDIR         = syscall.Errno(0x14)
+	ENOTEMPTY       = syscall.Errno(0x42)
+	ENOTSOCK        = syscall.Errno(0x26)
+	ENOTSUP         = syscall.Errno(0x5b)
+	ENOTTY          = syscall.Errno(0x19)
+	ENXIO           = syscall.Errno(0x6)
+	EOPNOTSUPP      = syscall.Errno(0x2d)
+	EOVERFLOW       = syscall.Errno(0x57)
+	EPERM           = syscall.Errno(0x1)
+	EPFNOSUPPORT    = syscall.Errno(0x2e)
+	EPIPE           = syscall.Errno(0x20)
+	EPROCLIM        = syscall.Errno(0x43)
+	EPROCUNAVAIL    = syscall.Errno(0x4c)
+	EPROGMISMATCH   = syscall.Errno(0x4b)
+	EPROGUNAVAIL    = syscall.Errno(0x4a)
+	EPROTONOSUPPORT = syscall.Errno(0x2b)
+	EPROTOTYPE      = syscall.Errno(0x29)
+	ERANGE          = syscall.Errno(0x22)
+	EREMOTE         = syscall.Errno(0x47)
+	EROFS           = syscall.Errno(0x1e)
+	ERPCMISMATCH    = syscall.Errno(0x49)
+	ESHUTDOWN       = syscall.Errno(0x3a)
+	ESOCKTNOSUPPORT = syscall.Errno(0x2c)
+	ESPIPE          = syscall.Errno(0x1d)
+	ESRCH           = syscall.Errno(0x3)
+	ESTALE          = syscall.Errno(0x46)
+	ETIMEDOUT       = syscall.Errno(0x3c)
+	ETOOMANYREFS    = syscall.Errno(0x3b)
+	ETXTBSY         = syscall.Errno(0x1a)
+	EUSERS          = syscall.Errno(0x44)
+	EWOULDBLOCK     = syscall.Errno(0x23)
+	EXDEV           = syscall.Errno(0x12)
+)
+
+// Signals
+const (
+	SIGABRT   = syscall.Signal(0x6)
+	SIGALRM   = syscall.Signal(0xe)
+	SIGBUS    = syscall.Signal(0xa)
+	SIGCHLD   = syscall.Signal(0x14)
+	SIGCONT   = syscall.Signal(0x13)
+	SIGEMT    = syscall.Signal(0x7)
+	SIGFPE    = syscall.Signal(0x8)
+	SIGHUP    = syscall.Signal(0x1)
+	SIGILL    = syscall.Signal(0x4)
+	SIGINFO   = syscall.Signal(0x1d)
+	SIGINT    = syscall.Signal(0x2)
+	SIGIO     = syscall.Signal(0x17)
+	SIGIOT    = syscall.Signal(0x6)
+	SIGKILL   = syscall.Signal(0x9)
+	SIGPIPE   = syscall.Signal(0xd)
+	SIGPROF   = syscall.Signal(0x1b)
+	SIGQUIT   = syscall.Signal(0x3)
+	SIGSEGV   = syscall.Signal(0xb)
+	SIGSTOP   = syscall.Signal(0x11)
+	SIGSYS    = syscall.Signal(0xc)
+	SIGTERM   = syscall.Signal(0xf)
+	SIGTHR    = syscall.Signal(0x20)
+	SIGTRAP   = syscall.Signal(0x5)
+	SIGTSTP   = syscall.Signal(0x12)
+	SIGTTIN   = syscall.Signal(0x15)
+	SIGTTOU   = syscall.Signal(0x16)
+	SIGURG    = syscall.Signal(0x10)
+	SIGUSR1   = syscall.Signal(0x1e)
+	SIGUSR2   = syscall.Signal(0x1f)
+	SIGVTALRM = syscall.Signal(0x1a)
+	SIGWINCH  = syscall.Signal(0x1c)
+	SIGXCPU   = syscall.Signal(0x18)
+	SIGXFSZ   = syscall.Signal(0x19)
+)
+
+// Error table
+var errorList = [...]struct {
+	num  syscall.Errno
+	name string
+	desc string
+}{
+	{1, "EPERM", "operation not permitted"},
+	{2, "ENOENT", "no such file or directory"},
+	{3, "ESRCH", "no such process"},
+	{4, "EINTR", "interrupted system call"},
+	{5, "EIO", "input/output error"},
+	{6, "ENXIO", "device not configured"},
+	{7, "E2BIG", "argument list too long"},
+	{8, "ENOEXEC", "exec format error"},
+	{9, "EBADF", "bad file descriptor"},
+	{10, "ECHILD", "no child processes"},
+	{11, "EDEADLK", "resource deadlock avoided"},
+	{12, "ENOMEM", "cannot allocate memory"},
+	{13, "EACCES", "permission denied"},
+	{14, "EFAULT", "bad address"},
+	{15, "ENOTBLK", "block device required"},
+	{16, "EBUSY", "device busy"},
+	{17, "EEXIST", "file exists"},
+	{18, "EXDEV", "cross-device link"},
+	{19, "ENODEV", "operation not supported by device"},
+	{20, "ENOTDIR", "not a directory"},
+	{21, "EISDIR", "is a directory"},
+	{22, "EINVAL", "invalid argument"},
+	{23, "ENFILE", "too many open files in system"},
+	{24, "EMFILE", "too many open files"},
+	{25, "ENOTTY", "inappropriate ioctl for device"},
+	{26, "ETXTBSY", "text file busy"},
+	{27, "EFBIG", "file too large"},
+	{28, "ENOSPC", "no space left on device"},
+	{29, "ESPIPE", "illegal seek"},
+	{30, "EROFS", "read-only file system"},
+	{31, "EMLINK", "too many links"},
+	{32, "EPIPE", "broken pipe"},
+	{33, "EDOM", "numerical argument out of domain"},
+	{34, "ERANGE", "result too large"},
+	{35, "EWOULDBLOCK", "resource temporarily unavailable"},
+	{36, "EINPROGRESS", "operation now in progress"},
+	{37, "EALREADY", "operation already in progress"},
+	{38, "ENOTSOCK", "socket operation on non-socket"},
+	{39, "EDESTADDRREQ", "destination address required"},
+	{40, "EMSGSIZE", "message too long"},
+	{41, "EPROTOTYPE", "protocol wrong type for socket"},
+	{42, "ENOPROTOOPT", "protocol not available"},
+	{43, "EPROTONOSUPPORT", "protocol not supported"},
+	{44, "ESOCKTNOSUPPORT", "socket type not supported"},
+	{45, "EOPNOTSUPP", "operation not supported"},
+	{46, "EPFNOSUPPORT", "protocol family not supported"},
+	{47, "EAFNOSUPPORT", "address family not supported by protocol family"},
+	{48, "EADDRINUSE", "address already in use"},
+	{49, "EADDRNOTAVAIL", "can't assign requested address"},
+	{50, "ENETDOWN", "network is down"},
+	{51, "ENETUNREACH", "network is unreachable"},
+	{52, "ENETRESET", "network dropped connection on reset"},
+	{53, "ECONNABORTED", "software caused connection abort"},
+	{54, "ECONNRESET", "connection reset by peer"},
+	{55, "ENOBUFS", "no buffer space available"},
+	{56, "EISCONN", "socket is already connected"},
+	{57, "ENOTCONN", "socket is not connected"},
+	{58, "ESHUTDOWN", "can't send after socket shutdown"},
+	{59, "ETOOMANYREFS", "too many references: can't splice"},
+	{60, "ETIMEDOUT", "operation timed out"},
+	{61, "ECONNREFUSED", "connection refused"},
+	{62, "ELOOP", "too many levels of symbolic links"},
+	{63, "ENAMETOOLONG", "file name too long"},
+	{64, "EHOSTDOWN", "host is down"},
+	{65, "EHOSTUNREACH", "no route to host"},
+	{66, "ENOTEMPTY", "directory not empty"},
+	{67, "EPROCLIM", "too many processes"},
+	{68, "EUSERS", "too many users"},
+	{69, "EDQUOT", "disk quota exceeded"},
+	{70, "ESTALE", "stale NFS file handle"},
+	{71, "EREMOTE", "too many levels of remote in path"},
+	{72, "EBADRPC", "RPC struct is bad"},
+	{73, "ERPCMISMATCH", "RPC version wrong"},
+	{74, "EPROGUNAVAIL", "RPC program not available"},
+	{75, "EPROGMISMATCH", "program version wrong"},
+	{76, "EPROCUNAVAIL", "bad procedure for program"},
+	{77, "ENOLCK", "no locks available"},
+	{78, "ENOSYS", "function not implemented"},
+	{79, "EFTYPE", "inappropriate file type or format"},
+	{80, "EAUTH", "authentication error"},
+	{81, "ENEEDAUTH", "need authenticator"},
+	{82, "EIPSEC", "IPsec processing failure"},
+	{83, "ENOATTR", "attribute not found"},
+	{84, "EILSEQ", "illegal byte sequence"},
+	{85, "ENOMEDIUM", "no medium found"},
+	{86, "EMEDIUMTYPE", "wrong medium type"},
+	{87, "EOVERFLOW", "value too large to be stored in data type"},
+	{88, "ECANCELED", "operation canceled"},
+	{89, "EIDRM", "identifier removed"},
+	{90, "ENOMSG", "no message of desired type"},
+	{91, "ELAST", "not supported"},
+}
+
+// Signal table
+var signalList = [...]struct {
+	num  syscall.Signal
+	name string
+	desc string
+}{
+	{1, "SIGHUP", "hangup"},
+	{2, "SIGINT", "interrupt"},
+	{3, "SIGQUIT", "quit"},
+	{4, "SIGILL", "illegal instruction"},
+	{5, "SIGTRAP", "trace/BPT trap"},
+	{6, "SIGABRT", "abort trap"},
+	{7, "SIGEMT", "EMT trap"},
+	{8, "SIGFPE", "floating point exception"},
+	{9, "SIGKILL", "killed"},
+	{10, "SIGBUS", "bus error"},
+	{11, "SIGSEGV", "segmentation fault"},
+	{12, "SIGSYS", "bad system call"},
+	{13, "SIGPIPE", "broken pipe"},
+	{14, "SIGALRM", "alarm clock"},
+	{15, "SIGTERM", "terminated"},
+	{16, "SIGURG", "urgent I/O condition"},
+	{17, "SIGSTOP", "suspended (signal)"},
+	{18, "SIGTSTP", "suspended"},
+	{19, "SIGCONT", "continued"},
+	{20, "SIGCHLD", "child exited"},
+	{21, "SIGTTIN", "stopped (tty input)"},
+	{22, "SIGTTOU", "stopped (tty output)"},
+	{23, "SIGIO", "I/O possible"},
+	{24, "SIGXCPU", "cputime limit exceeded"},
+	{25, "SIGXFSZ", "filesize limit exceeded"},
+	{26, "SIGVTALRM", "virtual timer expired"},
+	{27, "SIGPROF", "profiling timer expired"},
+	{28, "SIGWINCH", "window size changes"},
+	{29, "SIGINFO", "information request"},
+	{30, "SIGUSR1", "user defined signal 1"},
+	{31, "SIGUSR2", "user defined signal 2"},
+	{32, "SIGTHR", "thread AST"},
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go
new file mode 100644
index 000000000..9db6b2fb6
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go
@@ -0,0 +1,1774 @@
+// mkerrors.sh -m64
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build amd64,openbsd
+
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs -- -m64 _const.go
+
+package unix
+
+import "syscall"
+
+const (
+	AF_APPLETALK                      = 0x10
+	AF_BLUETOOTH                      = 0x20
+	AF_CCITT                          = 0xa
+	AF_CHAOS                          = 0x5
+	AF_CNT                            = 0x15
+	AF_COIP                           = 0x14
+	AF_DATAKIT                        = 0x9
+	AF_DECnet                         = 0xc
+	AF_DLI                            = 0xd
+	AF_E164                           = 0x1a
+	AF_ECMA                           = 0x8
+	AF_ENCAP                          = 0x1c
+	AF_HYLINK                         = 0xf
+	AF_IMPLINK                        = 0x3
+	AF_INET                           = 0x2
+	AF_INET6                          = 0x18
+	AF_IPX                            = 0x17
+	AF_ISDN                           = 0x1a
+	AF_ISO                            = 0x7
+	AF_KEY                            = 0x1e
+	AF_LAT                            = 0xe
+	AF_LINK                           = 0x12
+	AF_LOCAL                          = 0x1
+	AF_MAX                            = 0x24
+	AF_MPLS                           = 0x21
+	AF_NATM                           = 0x1b
+	AF_NS                             = 0x6
+	AF_OSI                            = 0x7
+	AF_PUP                            = 0x4
+	AF_ROUTE                          = 0x11
+	AF_SIP                            = 0x1d
+	AF_SNA                            = 0xb
+	AF_UNIX                           = 0x1
+	AF_UNSPEC                         = 0x0
+	ALTWERASE                         = 0x200
+	ARPHRD_ETHER                      = 0x1
+	ARPHRD_FRELAY                     = 0xf
+	ARPHRD_IEEE1394                   = 0x18
+	ARPHRD_IEEE802                    = 0x6
+	B0                                = 0x0
+	B110                              = 0x6e
+	B115200                           = 0x1c200
+	B1200                             = 0x4b0
+	B134                              = 0x86
+	B14400                            = 0x3840
+	B150                              = 0x96
+	B1800                             = 0x708
+	B19200                            = 0x4b00
+	B200                              = 0xc8
+	B230400                           = 0x38400
+	B2400                             = 0x960
+	B28800                            = 0x7080
+	B300                              = 0x12c
+	B38400                            = 0x9600
+	B4800                             = 0x12c0
+	B50                               = 0x32
+	B57600                            = 0xe100
+	B600                              = 0x258
+	B7200                             = 0x1c20
+	B75                               = 0x4b
+	B76800                            = 0x12c00
+	B9600                             = 0x2580
+	BIOCFLUSH                         = 0x20004268
+	BIOCGBLEN                         = 0x40044266
+	BIOCGDIRFILT                      = 0x4004427c
+	BIOCGDLT                          = 0x4004426a
+	BIOCGDLTLIST                      = 0xc010427b
+	BIOCGETIF                         = 0x4020426b
+	BIOCGFILDROP                      = 0x40044278
+	BIOCGHDRCMPLT                     = 0x40044274
+	BIOCGRSIG                         = 0x40044273
+	BIOCGRTIMEOUT                     = 0x4010426e
+	BIOCGSTATS                        = 0x4008426f
+	BIOCIMMEDIATE                     = 0x80044270
+	BIOCLOCK                          = 0x20004276
+	BIOCPROMISC                       = 0x20004269
+	BIOCSBLEN                         = 0xc0044266
+	BIOCSDIRFILT                      = 0x8004427d
+	BIOCSDLT                          = 0x8004427a
+	BIOCSETF                          = 0x80104267
+	BIOCSETIF                         = 0x8020426c
+	BIOCSETWF                         = 0x80104277
+	BIOCSFILDROP                      = 0x80044279
+	BIOCSHDRCMPLT                     = 0x80044275
+	BIOCSRSIG                         = 0x80044272
+	BIOCSRTIMEOUT                     = 0x8010426d
+	BIOCVERSION                       = 0x40044271
+	BPF_A                             = 0x10
+	BPF_ABS                           = 0x20
+	BPF_ADD                           = 0x0
+	BPF_ALIGNMENT                     = 0x4
+	BPF_ALU                           = 0x4
+	BPF_AND                           = 0x50
+	BPF_B                             = 0x10
+	BPF_DIRECTION_IN                  = 0x1
+	BPF_DIRECTION_OUT                 = 0x2
+	BPF_DIV                           = 0x30
+	BPF_H                             = 0x8
+	BPF_IMM                           = 0x0
+	BPF_IND                           = 0x40
+	BPF_JA                            = 0x0
+	BPF_JEQ                           = 0x10
+	BPF_JGE                           = 0x30
+	BPF_JGT                           = 0x20
+	BPF_JMP                           = 0x5
+	BPF_JSET                          = 0x40
+	BPF_K                             = 0x0
+	BPF_LD                            = 0x0
+	BPF_LDX                           = 0x1
+	BPF_LEN                           = 0x80
+	BPF_LSH                           = 0x60
+	BPF_MAJOR_VERSION                 = 0x1
+	BPF_MAXBUFSIZE                    = 0x200000
+	BPF_MAXINSNS                      = 0x200
+	BPF_MEM                           = 0x60
+	BPF_MEMWORDS                      = 0x10
+	BPF_MINBUFSIZE                    = 0x20
+	BPF_MINOR_VERSION                 = 0x1
+	BPF_MISC                          = 0x7
+	BPF_MSH                           = 0xa0
+	BPF_MUL                           = 0x20
+	BPF_NEG                           = 0x80
+	BPF_OR                            = 0x40
+	BPF_RELEASE                       = 0x30bb6
+	BPF_RET                           = 0x6
+	BPF_RSH                           = 0x70
+	BPF_ST                            = 0x2
+	BPF_STX                           = 0x3
+	BPF_SUB                           = 0x10
+	BPF_TAX                           = 0x0
+	BPF_TXA                           = 0x80
+	BPF_W                             = 0x0
+	BPF_X                             = 0x8
+	BRKINT                            = 0x2
+	CFLUSH                            = 0xf
+	CLOCAL                            = 0x8000
+	CLOCK_BOOTTIME                    = 0x6
+	CLOCK_MONOTONIC                   = 0x3
+	CLOCK_PROCESS_CPUTIME_ID          = 0x2
+	CLOCK_REALTIME                    = 0x0
+	CLOCK_THREAD_CPUTIME_ID           = 0x4
+	CLOCK_UPTIME                      = 0x5
+	CPUSTATES                         = 0x6
+	CP_IDLE                           = 0x5
+	CP_INTR                           = 0x4
+	CP_NICE                           = 0x1
+	CP_SPIN                           = 0x3
+	CP_SYS                            = 0x2
+	CP_USER                           = 0x0
+	CREAD                             = 0x800
+	CRTSCTS                           = 0x10000
+	CS5                               = 0x0
+	CS6                               = 0x100
+	CS7                               = 0x200
+	CS8                               = 0x300
+	CSIZE                             = 0x300
+	CSTART                            = 0x11
+	CSTATUS                           = 0xff
+	CSTOP                             = 0x13
+	CSTOPB                            = 0x400
+	CSUSP                             = 0x1a
+	CTL_HW                            = 0x6
+	CTL_KERN                          = 0x1
+	CTL_MAXNAME                       = 0xc
+	CTL_NET                           = 0x4
+	DIOCOSFPFLUSH                     = 0x2000444e
+	DLT_ARCNET                        = 0x7
+	DLT_ATM_RFC1483                   = 0xb
+	DLT_AX25                          = 0x3
+	DLT_CHAOS                         = 0x5
+	DLT_C_HDLC                        = 0x68
+	DLT_EN10MB                        = 0x1
+	DLT_EN3MB                         = 0x2
+	DLT_ENC                           = 0xd
+	DLT_FDDI                          = 0xa
+	DLT_IEEE802                       = 0x6
+	DLT_IEEE802_11                    = 0x69
+	DLT_IEEE802_11_RADIO              = 0x7f
+	DLT_LOOP                          = 0xc
+	DLT_MPLS                          = 0xdb
+	DLT_NULL                          = 0x0
+	DLT_OPENFLOW                      = 0x10b
+	DLT_PFLOG                         = 0x75
+	DLT_PFSYNC                        = 0x12
+	DLT_PPP                           = 0x9
+	DLT_PPP_BSDOS                     = 0x10
+	DLT_PPP_ETHER                     = 0x33
+	DLT_PPP_SERIAL                    = 0x32
+	DLT_PRONET                        = 0x4
+	DLT_RAW                           = 0xe
+	DLT_SLIP                          = 0x8
+	DLT_SLIP_BSDOS                    = 0xf
+	DLT_USBPCAP                       = 0xf9
+	DLT_USER0                         = 0x93
+	DLT_USER1                         = 0x94
+	DLT_USER10                        = 0x9d
+	DLT_USER11                        = 0x9e
+	DLT_USER12                        = 0x9f
+	DLT_USER13                        = 0xa0
+	DLT_USER14                        = 0xa1
+	DLT_USER15                        = 0xa2
+	DLT_USER2                         = 0x95
+	DLT_USER3                         = 0x96
+	DLT_USER4                         = 0x97
+	DLT_USER5                         = 0x98
+	DLT_USER6                         = 0x99
+	DLT_USER7                         = 0x9a
+	DLT_USER8                         = 0x9b
+	DLT_USER9                         = 0x9c
+	DT_BLK                            = 0x6
+	DT_CHR                            = 0x2
+	DT_DIR                            = 0x4
+	DT_FIFO                           = 0x1
+	DT_LNK                            = 0xa
+	DT_REG                            = 0x8
+	DT_SOCK                           = 0xc
+	DT_UNKNOWN                        = 0x0
+	ECHO                              = 0x8
+	ECHOCTL                           = 0x40
+	ECHOE                             = 0x2
+	ECHOK                             = 0x4
+	ECHOKE                            = 0x1
+	ECHONL                            = 0x10
+	ECHOPRT                           = 0x20
+	EMT_TAGOVF                        = 0x1
+	EMUL_ENABLED                      = 0x1
+	EMUL_NATIVE                       = 0x2
+	ENDRUNDISC                        = 0x9
+	ETHERMIN                          = 0x2e
+	ETHERMTU                          = 0x5dc
+	ETHERTYPE_8023                    = 0x4
+	ETHERTYPE_AARP                    = 0x80f3
+	ETHERTYPE_ACCTON                  = 0x8390
+	ETHERTYPE_AEONIC                  = 0x8036
+	ETHERTYPE_ALPHA                   = 0x814a
+	ETHERTYPE_AMBER                   = 0x6008
+	ETHERTYPE_AMOEBA                  = 0x8145
+	ETHERTYPE_AOE                     = 0x88a2
+	ETHERTYPE_APOLLO                  = 0x80f7
+	ETHERTYPE_APOLLODOMAIN            = 0x8019
+	ETHERTYPE_APPLETALK               = 0x809b
+	ETHERTYPE_APPLITEK                = 0x80c7
+	ETHERTYPE_ARGONAUT                = 0x803a
+	ETHERTYPE_ARP                     = 0x806
+	ETHERTYPE_AT                      = 0x809b
+	ETHERTYPE_ATALK                   = 0x809b
+	ETHERTYPE_ATOMIC                  = 0x86df
+	ETHERTYPE_ATT                     = 0x8069
+	ETHERTYPE_ATTSTANFORD             = 0x8008
+	ETHERTYPE_AUTOPHON                = 0x806a
+	ETHERTYPE_AXIS                    = 0x8856
+	ETHERTYPE_BCLOOP                  = 0x9003
+	ETHERTYPE_BOFL                    = 0x8102
+	ETHERTYPE_CABLETRON               = 0x7034
+	ETHERTYPE_CHAOS                   = 0x804
+	ETHERTYPE_COMDESIGN               = 0x806c
+	ETHERTYPE_COMPUGRAPHIC            = 0x806d
+	ETHERTYPE_COUNTERPOINT            = 0x8062
+	ETHERTYPE_CRONUS                  = 0x8004
+	ETHERTYPE_CRONUSVLN               = 0x8003
+	ETHERTYPE_DCA                     = 0x1234
+	ETHERTYPE_DDE                     = 0x807b
+	ETHERTYPE_DEBNI                   = 0xaaaa
+	ETHERTYPE_DECAM                   = 0x8048
+	ETHERTYPE_DECCUST                 = 0x6006
+	ETHERTYPE_DECDIAG                 = 0x6005
+	ETHERTYPE_DECDNS                  = 0x803c
+	ETHERTYPE_DECDTS                  = 0x803e
+	ETHERTYPE_DECEXPER                = 0x6000
+	ETHERTYPE_DECLAST                 = 0x8041
+	ETHERTYPE_DECLTM                  = 0x803f
+	ETHERTYPE_DECMUMPS                = 0x6009
+	ETHERTYPE_DECNETBIOS              = 0x8040
+	ETHERTYPE_DELTACON                = 0x86de
+	ETHERTYPE_DIDDLE                  = 0x4321
+	ETHERTYPE_DLOG1                   = 0x660
+	ETHERTYPE_DLOG2                   = 0x661
+	ETHERTYPE_DN                      = 0x6003
+	ETHERTYPE_DOGFIGHT                = 0x1989
+	ETHERTYPE_DSMD                    = 0x8039
+	ETHERTYPE_ECMA                    = 0x803
+	ETHERTYPE_ENCRYPT                 = 0x803d
+	ETHERTYPE_ES                      = 0x805d
+	ETHERTYPE_EXCELAN                 = 0x8010
+	ETHERTYPE_EXPERDATA               = 0x8049
+	ETHERTYPE_FLIP                    = 0x8146
+	ETHERTYPE_FLOWCONTROL             = 0x8808
+	ETHERTYPE_FRARP                   = 0x808
+	ETHERTYPE_GENDYN                  = 0x8068
+	ETHERTYPE_HAYES                   = 0x8130
+	ETHERTYPE_HIPPI_FP                = 0x8180
+	ETHERTYPE_HITACHI                 = 0x8820
+	ETHERTYPE_HP                      = 0x8005
+	ETHERTYPE_IEEEPUP                 = 0xa00
+	ETHERTYPE_IEEEPUPAT               = 0xa01
+	ETHERTYPE_IMLBL                   = 0x4c42
+	ETHERTYPE_IMLBLDIAG               = 0x424c
+	ETHERTYPE_IP                      = 0x800
+	ETHERTYPE_IPAS                    = 0x876c
+	ETHERTYPE_IPV6                    = 0x86dd
+	ETHERTYPE_IPX                     = 0x8137
+	ETHERTYPE_IPXNEW                  = 0x8037
+	ETHERTYPE_KALPANA                 = 0x8582
+	ETHERTYPE_LANBRIDGE               = 0x8038
+	ETHERTYPE_LANPROBE                = 0x8888
+	ETHERTYPE_LAT                     = 0x6004
+	ETHERTYPE_LBACK                   = 0x9000
+	ETHERTYPE_LITTLE                  = 0x8060
+	ETHERTYPE_LLDP                    = 0x88cc
+	ETHERTYPE_LOGICRAFT               = 0x8148
+	ETHERTYPE_LOOPBACK                = 0x9000
+	ETHERTYPE_MATRA                   = 0x807a
+	ETHERTYPE_MAX                     = 0xffff
+	ETHERTYPE_MERIT                   = 0x807c
+	ETHERTYPE_MICP                    = 0x873a
+	ETHERTYPE_MOPDL                   = 0x6001
+	ETHERTYPE_MOPRC                   = 0x6002
+	ETHERTYPE_MOTOROLA                = 0x818d
+	ETHERTYPE_MPLS                    = 0x8847
+	ETHERTYPE_MPLS_MCAST              = 0x8848
+	ETHERTYPE_MUMPS                   = 0x813f
+	ETHERTYPE_NBPCC                   = 0x3c04
+	ETHERTYPE_NBPCLAIM                = 0x3c09
+	ETHERTYPE_NBPCLREQ                = 0x3c05
+	ETHERTYPE_NBPCLRSP                = 0x3c06
+	ETHERTYPE_NBPCREQ                 = 0x3c02
+	ETHERTYPE_NBPCRSP                 = 0x3c03
+	ETHERTYPE_NBPDG                   = 0x3c07
+	ETHERTYPE_NBPDGB                  = 0x3c08
+	ETHERTYPE_NBPDLTE                 = 0x3c0a
+	ETHERTYPE_NBPRAR                  = 0x3c0c
+	ETHERTYPE_NBPRAS                  = 0x3c0b
+	ETHERTYPE_NBPRST                  = 0x3c0d
+	ETHERTYPE_NBPSCD                  = 0x3c01
+	ETHERTYPE_NBPVCD                  = 0x3c00
+	ETHERTYPE_NBS                     = 0x802
+	ETHERTYPE_NCD                     = 0x8149
+	ETHERTYPE_NESTAR                  = 0x8006
+	ETHERTYPE_NETBEUI                 = 0x8191
+	ETHERTYPE_NOVELL                  = 0x8138
+	ETHERTYPE_NS                      = 0x600
+	ETHERTYPE_NSAT                    = 0x601
+	ETHERTYPE_NSCOMPAT                = 0x807
+	ETHERTYPE_NTRAILER                = 0x10
+	ETHERTYPE_OS9                     = 0x7007
+	ETHERTYPE_OS9NET                  = 0x7009
+	ETHERTYPE_PACER                   = 0x80c6
+	ETHERTYPE_PAE                     = 0x888e
+	ETHERTYPE_PCS                     = 0x4242
+	ETHERTYPE_PLANNING                = 0x8044
+	ETHERTYPE_PPP                     = 0x880b
+	ETHERTYPE_PPPOE                   = 0x8864
+	ETHERTYPE_PPPOEDISC               = 0x8863
+	ETHERTYPE_PRIMENTS                = 0x7031
+	ETHERTYPE_PUP                     = 0x200
+	ETHERTYPE_PUPAT                   = 0x200
+	ETHERTYPE_QINQ                    = 0x88a8
+	ETHERTYPE_RACAL                   = 0x7030
+	ETHERTYPE_RATIONAL                = 0x8150
+	ETHERTYPE_RAWFR                   = 0x6559
+	ETHERTYPE_RCL                     = 0x1995
+	ETHERTYPE_RDP                     = 0x8739
+	ETHERTYPE_RETIX                   = 0x80f2
+	ETHERTYPE_REVARP                  = 0x8035
+	ETHERTYPE_SCA                     = 0x6007
+	ETHERTYPE_SECTRA                  = 0x86db
+	ETHERTYPE_SECUREDATA              = 0x876d
+	ETHERTYPE_SGITW                   = 0x817e
+	ETHERTYPE_SG_BOUNCE               = 0x8016
+	ETHERTYPE_SG_DIAG                 = 0x8013
+	ETHERTYPE_SG_NETGAMES             = 0x8014
+	ETHERTYPE_SG_RESV                 = 0x8015
+	ETHERTYPE_SIMNET                  = 0x5208
+	ETHERTYPE_SLOW                    = 0x8809
+	ETHERTYPE_SNA                     = 0x80d5
+	ETHERTYPE_SNMP                    = 0x814c
+	ETHERTYPE_SONIX                   = 0xfaf5
+	ETHERTYPE_SPIDER                  = 0x809f
+	ETHERTYPE_SPRITE                  = 0x500
+	ETHERTYPE_STP                     = 0x8181
+	ETHERTYPE_TALARIS                 = 0x812b
+	ETHERTYPE_TALARISMC               = 0x852b
+	ETHERTYPE_TCPCOMP                 = 0x876b
+	ETHERTYPE_TCPSM                   = 0x9002
+	ETHERTYPE_TEC                     = 0x814f
+	ETHERTYPE_TIGAN                   = 0x802f
+	ETHERTYPE_TRAIL                   = 0x1000
+	ETHERTYPE_TRANSETHER              = 0x6558
+	ETHERTYPE_TYMSHARE                = 0x802e
+	ETHERTYPE_UBBST                   = 0x7005
+	ETHERTYPE_UBDEBUG                 = 0x900
+	ETHERTYPE_UBDIAGLOOP              = 0x7002
+	ETHERTYPE_UBDL                    = 0x7000
+	ETHERTYPE_UBNIU                   = 0x7001
+	ETHERTYPE_UBNMC                   = 0x7003
+	ETHERTYPE_VALID                   = 0x1600
+	ETHERTYPE_VARIAN                  = 0x80dd
+	ETHERTYPE_VAXELN                  = 0x803b
+	ETHERTYPE_VEECO                   = 0x8067
+	ETHERTYPE_VEXP                    = 0x805b
+	ETHERTYPE_VGLAB                   = 0x8131
+	ETHERTYPE_VINES                   = 0xbad
+	ETHERTYPE_VINESECHO               = 0xbaf
+	ETHERTYPE_VINESLOOP               = 0xbae
+	ETHERTYPE_VITAL                   = 0xff00
+	ETHERTYPE_VLAN                    = 0x8100
+	ETHERTYPE_VLTLMAN                 = 0x8080
+	ETHERTYPE_VPROD                   = 0x805c
+	ETHERTYPE_VURESERVED              = 0x8147
+	ETHERTYPE_WATERLOO                = 0x8130
+	ETHERTYPE_WELLFLEET               = 0x8103
+	ETHERTYPE_X25                     = 0x805
+	ETHERTYPE_X75                     = 0x801
+	ETHERTYPE_XNSSM                   = 0x9001
+	ETHERTYPE_XTP                     = 0x817d
+	ETHER_ADDR_LEN                    = 0x6
+	ETHER_ALIGN                       = 0x2
+	ETHER_CRC_LEN                     = 0x4
+	ETHER_CRC_POLY_BE                 = 0x4c11db6
+	ETHER_CRC_POLY_LE                 = 0xedb88320
+	ETHER_HDR_LEN                     = 0xe
+	ETHER_MAX_DIX_LEN                 = 0x600
+	ETHER_MAX_HARDMTU_LEN             = 0xff9b
+	ETHER_MAX_LEN                     = 0x5ee
+	ETHER_MIN_LEN                     = 0x40
+	ETHER_TYPE_LEN                    = 0x2
+	ETHER_VLAN_ENCAP_LEN              = 0x4
+	EVFILT_AIO                        = -0x3
+	EVFILT_DEVICE                     = -0x8
+	EVFILT_PROC                       = -0x5
+	EVFILT_READ                       = -0x1
+	EVFILT_SIGNAL                     = -0x6
+	EVFILT_SYSCOUNT                   = 0x8
+	EVFILT_TIMER                      = -0x7
+	EVFILT_VNODE                      = -0x4
+	EVFILT_WRITE                      = -0x2
+	EVL_ENCAPLEN                      = 0x4
+	EVL_PRIO_BITS                     = 0xd
+	EVL_PRIO_MAX                      = 0x7
+	EVL_VLID_MASK                     = 0xfff
+	EVL_VLID_MAX                      = 0xffe
+	EVL_VLID_MIN                      = 0x1
+	EVL_VLID_NULL                     = 0x0
+	EV_ADD                            = 0x1
+	EV_CLEAR                          = 0x20
+	EV_DELETE                         = 0x2
+	EV_DISABLE                        = 0x8
+	EV_DISPATCH                       = 0x80
+	EV_ENABLE                         = 0x4
+	EV_EOF                            = 0x8000
+	EV_ERROR                          = 0x4000
+	EV_FLAG1                          = 0x2000
+	EV_ONESHOT                        = 0x10
+	EV_RECEIPT                        = 0x40
+	EV_SYSFLAGS                       = 0xf000
+	EXTA                              = 0x4b00
+	EXTB                              = 0x9600
+	EXTPROC                           = 0x800
+	FD_CLOEXEC                        = 0x1
+	FD_SETSIZE                        = 0x400
+	FLUSHO                            = 0x800000
+	F_DUPFD                           = 0x0
+	F_DUPFD_CLOEXEC                   = 0xa
+	F_GETFD                           = 0x1
+	F_GETFL                           = 0x3
+	F_GETLK                           = 0x7
+	F_GETOWN                          = 0x5
+	F_ISATTY                          = 0xb
+	F_OK                              = 0x0
+	F_RDLCK                           = 0x1
+	F_SETFD                           = 0x2
+	F_SETFL                           = 0x4
+	F_SETLK                           = 0x8
+	F_SETLKW                          = 0x9
+	F_SETOWN                          = 0x6
+	F_UNLCK                           = 0x2
+	F_WRLCK                           = 0x3
+	HUPCL                             = 0x4000
+	HW_MACHINE                        = 0x1
+	ICANON                            = 0x100
+	ICMP6_FILTER                      = 0x12
+	ICRNL                             = 0x100
+	IEXTEN                            = 0x400
+	IFAN_ARRIVAL                      = 0x0
+	IFAN_DEPARTURE                    = 0x1
+	IFF_ALLMULTI                      = 0x200
+	IFF_BROADCAST                     = 0x2
+	IFF_CANTCHANGE                    = 0x8e52
+	IFF_DEBUG                         = 0x4
+	IFF_LINK0                         = 0x1000
+	IFF_LINK1                         = 0x2000
+	IFF_LINK2                         = 0x4000
+	IFF_LOOPBACK                      = 0x8
+	IFF_MULTICAST                     = 0x8000
+	IFF_NOARP                         = 0x80
+	IFF_OACTIVE                       = 0x400
+	IFF_POINTOPOINT                   = 0x10
+	IFF_PROMISC                       = 0x100
+	IFF_RUNNING                       = 0x40
+	IFF_SIMPLEX                       = 0x800
+	IFF_STATICARP                     = 0x20
+	IFF_UP                            = 0x1
+	IFNAMSIZ                          = 0x10
+	IFT_1822                          = 0x2
+	IFT_A12MPPSWITCH                  = 0x82
+	IFT_AAL2                          = 0xbb
+	IFT_AAL5                          = 0x31
+	IFT_ADSL                          = 0x5e
+	IFT_AFLANE8023                    = 0x3b
+	IFT_AFLANE8025                    = 0x3c
+	IFT_ARAP                          = 0x58
+	IFT_ARCNET                        = 0x23
+	IFT_ARCNETPLUS                    = 0x24
+	IFT_ASYNC                         = 0x54
+	IFT_ATM                           = 0x25
+	IFT_ATMDXI                        = 0x69
+	IFT_ATMFUNI                       = 0x6a
+	IFT_ATMIMA                        = 0x6b
+	IFT_ATMLOGICAL                    = 0x50
+	IFT_ATMRADIO                      = 0xbd
+	IFT_ATMSUBINTERFACE               = 0x86
+	IFT_ATMVCIENDPT                   = 0xc2
+	IFT_ATMVIRTUAL                    = 0x95
+	IFT_BGPPOLICYACCOUNTING           = 0xa2
+	IFT_BLUETOOTH                     = 0xf8
+	IFT_BRIDGE                        = 0xd1
+	IFT_BSC                           = 0x53
+	IFT_CARP                          = 0xf7
+	IFT_CCTEMUL                       = 0x3d
+	IFT_CEPT                          = 0x13
+	IFT_CES                           = 0x85
+	IFT_CHANNEL                       = 0x46
+	IFT_CNR                           = 0x55
+	IFT_COFFEE                        = 0x84
+	IFT_COMPOSITELINK                 = 0x9b
+	IFT_DCN                           = 0x8d
+	IFT_DIGITALPOWERLINE              = 0x8a
+	IFT_DIGITALWRAPPEROVERHEADCHANNEL = 0xba
+	IFT_DLSW                          = 0x4a
+	IFT_DOCSCABLEDOWNSTREAM           = 0x80
+	IFT_DOCSCABLEMACLAYER             = 0x7f
+	IFT_DOCSCABLEUPSTREAM             = 0x81
+	IFT_DOCSCABLEUPSTREAMCHANNEL      = 0xcd
+	IFT_DS0                           = 0x51
+	IFT_DS0BUNDLE                     = 0x52
+	IFT_DS1FDL                        = 0xaa
+	IFT_DS3                           = 0x1e
+	IFT_DTM                           = 0x8c
+	IFT_DUMMY                         = 0xf1
+	IFT_DVBASILN                      = 0xac
+	IFT_DVBASIOUT                     = 0xad
+	IFT_DVBRCCDOWNSTREAM              = 0x93
+	IFT_DVBRCCMACLAYER                = 0x92
+	IFT_DVBRCCUPSTREAM                = 0x94
+	IFT_ECONET                        = 0xce
+	IFT_ENC                           = 0xf4
+	IFT_EON                           = 0x19
+	IFT_EPLRS                         = 0x57
+	IFT_ESCON                         = 0x49
+	IFT_ETHER                         = 0x6
+	IFT_FAITH                         = 0xf3
+	IFT_FAST                          = 0x7d
+	IFT_FASTETHER                     = 0x3e
+	IFT_FASTETHERFX                   = 0x45
+	IFT_FDDI                          = 0xf
+	IFT_FIBRECHANNEL                  = 0x38
+	IFT_FRAMERELAYINTERCONNECT        = 0x3a
+	IFT_FRAMERELAYMPI                 = 0x5c
+	IFT_FRDLCIENDPT                   = 0xc1
+	IFT_FRELAY                        = 0x20
+	IFT_FRELAYDCE                     = 0x2c
+	IFT_FRF16MFRBUNDLE                = 0xa3
+	IFT_FRFORWARD                     = 0x9e
+	IFT_G703AT2MB                     = 0x43
+	IFT_G703AT64K                     = 0x42
+	IFT_GIF                           = 0xf0
+	IFT_GIGABITETHERNET               = 0x75
+	IFT_GR303IDT                      = 0xb2
+	IFT_GR303RDT                      = 0xb1
+	IFT_H323GATEKEEPER                = 0xa4
+	IFT_H323PROXY                     = 0xa5
+	IFT_HDH1822                       = 0x3
+	IFT_HDLC                          = 0x76
+	IFT_HDSL2                         = 0xa8
+	IFT_HIPERLAN2                     = 0xb7
+	IFT_HIPPI                         = 0x2f
+	IFT_HIPPIINTERFACE                = 0x39
+	IFT_HOSTPAD                       = 0x5a
+	IFT_HSSI                          = 0x2e
+	IFT_HY                            = 0xe
+	IFT_IBM370PARCHAN                 = 0x48
+	IFT_IDSL                          = 0x9a
+	IFT_IEEE1394                      = 0x90
+	IFT_IEEE80211                     = 0x47
+	IFT_IEEE80212                     = 0x37
+	IFT_IEEE8023ADLAG                 = 0xa1
+	IFT_IFGSN                         = 0x91
+	IFT_IMT                           = 0xbe
+	IFT_INFINIBAND                    = 0xc7
+	IFT_INTERLEAVE                    = 0x7c
+	IFT_IP                            = 0x7e
+	IFT_IPFORWARD                     = 0x8e
+	IFT_IPOVERATM                     = 0x72
+	IFT_IPOVERCDLC                    = 0x6d
+	IFT_IPOVERCLAW                    = 0x6e
+	IFT_IPSWITCH                      = 0x4e
+	IFT_ISDN                          = 0x3f
+	IFT_ISDNBASIC                     = 0x14
+	IFT_ISDNPRIMARY                   = 0x15
+	IFT_ISDNS                         = 0x4b
+	IFT_ISDNU                         = 0x4c
+	IFT_ISO88022LLC                   = 0x29
+	IFT_ISO88023                      = 0x7
+	IFT_ISO88024                      = 0x8
+	IFT_ISO88025                      = 0x9
+	IFT_ISO88025CRFPINT               = 0x62
+	IFT_ISO88025DTR                   = 0x56
+	IFT_ISO88025FIBER                 = 0x73
+	IFT_ISO88026                      = 0xa
+	IFT_ISUP                          = 0xb3
+	IFT_L2VLAN                        = 0x87
+	IFT_L3IPVLAN                      = 0x88
+	IFT_L3IPXVLAN                     = 0x89
+	IFT_LAPB                          = 0x10
+	IFT_LAPD                          = 0x4d
+	IFT_LAPF                          = 0x77
+	IFT_LINEGROUP                     = 0xd2
+	IFT_LOCALTALK                     = 0x2a
+	IFT_LOOP                          = 0x18
+	IFT_MBIM                          = 0xfa
+	IFT_MEDIAMAILOVERIP               = 0x8b
+	IFT_MFSIGLINK                     = 0xa7
+	IFT_MIOX25                        = 0x26
+	IFT_MODEM                         = 0x30
+	IFT_MPC                           = 0x71
+	IFT_MPLS                          = 0xa6
+	IFT_MPLSTUNNEL                    = 0x96
+	IFT_MSDSL                         = 0x8f
+	IFT_MVL                           = 0xbf
+	IFT_MYRINET                       = 0x63
+	IFT_NFAS                          = 0xaf
+	IFT_NSIP                          = 0x1b
+	IFT_OPTICALCHANNEL                = 0xc3
+	IFT_OPTICALTRANSPORT              = 0xc4
+	IFT_OTHER                         = 0x1
+	IFT_P10                           = 0xc
+	IFT_P80                           = 0xd
+	IFT_PARA                          = 0x22
+	IFT_PFLOG                         = 0xf5
+	IFT_PFLOW                         = 0xf9
+	IFT_PFSYNC                        = 0xf6
+	IFT_PLC                           = 0xae
+	IFT_PON155                        = 0xcf
+	IFT_PON622                        = 0xd0
+	IFT_POS                           = 0xab
+	IFT_PPP                           = 0x17
+	IFT_PPPMULTILINKBUNDLE            = 0x6c
+	IFT_PROPATM                       = 0xc5
+	IFT_PROPBWAP2MP                   = 0xb8
+	IFT_PROPCNLS                      = 0x59
+	IFT_PROPDOCSWIRELESSDOWNSTREAM    = 0xb5
+	IFT_PROPDOCSWIRELESSMACLAYER      = 0xb4
+	IFT_PROPDOCSWIRELESSUPSTREAM      = 0xb6
+	IFT_PROPMUX                       = 0x36
+	IFT_PROPVIRTUAL                   = 0x35
+	IFT_PROPWIRELESSP2P               = 0x9d
+	IFT_PTPSERIAL                     = 0x16
+	IFT_PVC                           = 0xf2
+	IFT_Q2931                         = 0xc9
+	IFT_QLLC                          = 0x44
+	IFT_RADIOMAC                      = 0xbc
+	IFT_RADSL                         = 0x5f
+	IFT_REACHDSL                      = 0xc0
+	IFT_RFC1483                       = 0x9f
+	IFT_RS232                         = 0x21
+	IFT_RSRB                          = 0x4f
+	IFT_SDLC                          = 0x11
+	IFT_SDSL                          = 0x60
+	IFT_SHDSL                         = 0xa9
+	IFT_SIP                           = 0x1f
+	IFT_SIPSIG                        = 0xcc
+	IFT_SIPTG                         = 0xcb
+	IFT_SLIP                          = 0x1c
+	IFT_SMDSDXI                       = 0x2b
+	IFT_SMDSICIP                      = 0x34
+	IFT_SONET                         = 0x27
+	IFT_SONETOVERHEADCHANNEL          = 0xb9
+	IFT_SONETPATH                     = 0x32
+	IFT_SONETVT                       = 0x33
+	IFT_SRP                           = 0x97
+	IFT_SS7SIGLINK                    = 0x9c
+	IFT_STACKTOSTACK                  = 0x6f
+	IFT_STARLAN                       = 0xb
+	IFT_T1                            = 0x12
+	IFT_TDLC                          = 0x74
+	IFT_TELINK                        = 0xc8
+	IFT_TERMPAD                       = 0x5b
+	IFT_TR008                         = 0xb0
+	IFT_TRANSPHDLC                    = 0x7b
+	IFT_TUNNEL                        = 0x83
+	IFT_ULTRA                         = 0x1d
+	IFT_USB                           = 0xa0
+	IFT_V11                           = 0x40
+	IFT_V35                           = 0x2d
+	IFT_V36                           = 0x41
+	IFT_V37                           = 0x78
+	IFT_VDSL                          = 0x61
+	IFT_VIRTUALIPADDRESS              = 0x70
+	IFT_VIRTUALTG                     = 0xca
+	IFT_VOICEDID                      = 0xd5
+	IFT_VOICEEM                       = 0x64
+	IFT_VOICEEMFGD                    = 0xd3
+	IFT_VOICEENCAP                    = 0x67
+	IFT_VOICEFGDEANA                  = 0xd4
+	IFT_VOICEFXO                      = 0x65
+	IFT_VOICEFXS                      = 0x66
+	IFT_VOICEOVERATM                  = 0x98
+	IFT_VOICEOVERCABLE                = 0xc6
+	IFT_VOICEOVERFRAMERELAY           = 0x99
+	IFT_VOICEOVERIP                   = 0x68
+	IFT_X213                          = 0x5d
+	IFT_X25                           = 0x5
+	IFT_X25DDN                        = 0x4
+	IFT_X25HUNTGROUP                  = 0x7a
+	IFT_X25MLP                        = 0x79
+	IFT_X25PLE                        = 0x28
+	IFT_XETHER                        = 0x1a
+	IGNBRK                            = 0x1
+	IGNCR                             = 0x80
+	IGNPAR                            = 0x4
+	IMAXBEL                           = 0x2000
+	INLCR                             = 0x40
+	INPCK                             = 0x10
+	IN_CLASSA_HOST                    = 0xffffff
+	IN_CLASSA_MAX                     = 0x80
+	IN_CLASSA_NET                     = 0xff000000
+	IN_CLASSA_NSHIFT                  = 0x18
+	IN_CLASSB_HOST                    = 0xffff
+	IN_CLASSB_MAX                     = 0x10000
+	IN_CLASSB_NET                     = 0xffff0000
+	IN_CLASSB_NSHIFT                  = 0x10
+	IN_CLASSC_HOST                    = 0xff
+	IN_CLASSC_NET                     = 0xffffff00
+	IN_CLASSC_NSHIFT                  = 0x8
+	IN_CLASSD_HOST                    = 0xfffffff
+	IN_CLASSD_NET                     = 0xf0000000
+	IN_CLASSD_NSHIFT                  = 0x1c
+	IN_LOOPBACKNET                    = 0x7f
+	IN_RFC3021_HOST                   = 0x1
+	IN_RFC3021_NET                    = 0xfffffffe
+	IN_RFC3021_NSHIFT                 = 0x1f
+	IPPROTO_AH                        = 0x33
+	IPPROTO_CARP                      = 0x70
+	IPPROTO_DIVERT                    = 0x102
+	IPPROTO_DONE                      = 0x101
+	IPPROTO_DSTOPTS                   = 0x3c
+	IPPROTO_EGP                       = 0x8
+	IPPROTO_ENCAP                     = 0x62
+	IPPROTO_EON                       = 0x50
+	IPPROTO_ESP                       = 0x32
+	IPPROTO_ETHERIP                   = 0x61
+	IPPROTO_FRAGMENT                  = 0x2c
+	IPPROTO_GGP                       = 0x3
+	IPPROTO_GRE                       = 0x2f
+	IPPROTO_HOPOPTS                   = 0x0
+	IPPROTO_ICMP                      = 0x1
+	IPPROTO_ICMPV6                    = 0x3a
+	IPPROTO_IDP                       = 0x16
+	IPPROTO_IGMP                      = 0x2
+	IPPROTO_IP                        = 0x0
+	IPPROTO_IPCOMP                    = 0x6c
+	IPPROTO_IPIP                      = 0x4
+	IPPROTO_IPV4                      = 0x4
+	IPPROTO_IPV6                      = 0x29
+	IPPROTO_MAX                       = 0x100
+	IPPROTO_MAXID                     = 0x103
+	IPPROTO_MOBILE                    = 0x37
+	IPPROTO_MPLS                      = 0x89
+	IPPROTO_NONE                      = 0x3b
+	IPPROTO_PFSYNC                    = 0xf0
+	IPPROTO_PIM                       = 0x67
+	IPPROTO_PUP                       = 0xc
+	IPPROTO_RAW                       = 0xff
+	IPPROTO_ROUTING                   = 0x2b
+	IPPROTO_RSVP                      = 0x2e
+	IPPROTO_TCP                       = 0x6
+	IPPROTO_TP                        = 0x1d
+	IPPROTO_UDP                       = 0x11
+	IPV6_AUTH_LEVEL                   = 0x35
+	IPV6_AUTOFLOWLABEL                = 0x3b
+	IPV6_CHECKSUM                     = 0x1a
+	IPV6_DEFAULT_MULTICAST_HOPS       = 0x1
+	IPV6_DEFAULT_MULTICAST_LOOP       = 0x1
+	IPV6_DEFHLIM                      = 0x40
+	IPV6_DONTFRAG                     = 0x3e
+	IPV6_DSTOPTS                      = 0x32
+	IPV6_ESP_NETWORK_LEVEL            = 0x37
+	IPV6_ESP_TRANS_LEVEL              = 0x36
+	IPV6_FAITH                        = 0x1d
+	IPV6_FLOWINFO_MASK                = 0xffffff0f
+	IPV6_FLOWLABEL_MASK               = 0xffff0f00
+	IPV6_FRAGTTL                      = 0x78
+	IPV6_HLIMDEC                      = 0x1
+	IPV6_HOPLIMIT                     = 0x2f
+	IPV6_HOPOPTS                      = 0x31
+	IPV6_IPCOMP_LEVEL                 = 0x3c
+	IPV6_JOIN_GROUP                   = 0xc
+	IPV6_LEAVE_GROUP                  = 0xd
+	IPV6_MAXHLIM                      = 0xff
+	IPV6_MAXPACKET                    = 0xffff
+	IPV6_MINHOPCOUNT                  = 0x41
+	IPV6_MMTU                         = 0x500
+	IPV6_MULTICAST_HOPS               = 0xa
+	IPV6_MULTICAST_IF                 = 0x9
+	IPV6_MULTICAST_LOOP               = 0xb
+	IPV6_NEXTHOP                      = 0x30
+	IPV6_OPTIONS                      = 0x1
+	IPV6_PATHMTU                      = 0x2c
+	IPV6_PIPEX                        = 0x3f
+	IPV6_PKTINFO                      = 0x2e
+	IPV6_PORTRANGE                    = 0xe
+	IPV6_PORTRANGE_DEFAULT            = 0x0
+	IPV6_PORTRANGE_HIGH               = 0x1
+	IPV6_PORTRANGE_LOW                = 0x2
+	IPV6_RECVDSTOPTS                  = 0x28
+	IPV6_RECVDSTPORT                  = 0x40
+	IPV6_RECVHOPLIMIT                 = 0x25
+	IPV6_RECVHOPOPTS                  = 0x27
+	IPV6_RECVPATHMTU                  = 0x2b
+	IPV6_RECVPKTINFO                  = 0x24
+	IPV6_RECVRTHDR                    = 0x26
+	IPV6_RECVTCLASS                   = 0x39
+	IPV6_RTABLE                       = 0x1021
+	IPV6_RTHDR                        = 0x33
+	IPV6_RTHDRDSTOPTS                 = 0x23
+	IPV6_RTHDR_LOOSE                  = 0x0
+	IPV6_RTHDR_STRICT                 = 0x1
+	IPV6_RTHDR_TYPE_0                 = 0x0
+	IPV6_SOCKOPT_RESERVED1            = 0x3
+	IPV6_TCLASS                       = 0x3d
+	IPV6_UNICAST_HOPS                 = 0x4
+	IPV6_USE_MIN_MTU                  = 0x2a
+	IPV6_V6ONLY                       = 0x1b
+	IPV6_VERSION                      = 0x60
+	IPV6_VERSION_MASK                 = 0xf0
+	IP_ADD_MEMBERSHIP                 = 0xc
+	IP_AUTH_LEVEL                     = 0x14
+	IP_DEFAULT_MULTICAST_LOOP         = 0x1
+	IP_DEFAULT_MULTICAST_TTL          = 0x1
+	IP_DF                             = 0x4000
+	IP_DROP_MEMBERSHIP                = 0xd
+	IP_ESP_NETWORK_LEVEL              = 0x16
+	IP_ESP_TRANS_LEVEL                = 0x15
+	IP_HDRINCL                        = 0x2
+	IP_IPCOMP_LEVEL                   = 0x1d
+	IP_IPDEFTTL                       = 0x25
+	IP_IPSECFLOWINFO                  = 0x24
+	IP_IPSEC_LOCAL_AUTH               = 0x1b
+	IP_IPSEC_LOCAL_CRED               = 0x19
+	IP_IPSEC_LOCAL_ID                 = 0x17
+	IP_IPSEC_REMOTE_AUTH              = 0x1c
+	IP_IPSEC_REMOTE_CRED              = 0x1a
+	IP_IPSEC_REMOTE_ID                = 0x18
+	IP_MAXPACKET                      = 0xffff
+	IP_MAX_MEMBERSHIPS                = 0xfff
+	IP_MF                             = 0x2000
+	IP_MINTTL                         = 0x20
+	IP_MIN_MEMBERSHIPS                = 0xf
+	IP_MSS                            = 0x240
+	IP_MULTICAST_IF                   = 0x9
+	IP_MULTICAST_LOOP                 = 0xb
+	IP_MULTICAST_TTL                  = 0xa
+	IP_OFFMASK                        = 0x1fff
+	IP_OPTIONS                        = 0x1
+	IP_PIPEX                          = 0x22
+	IP_PORTRANGE                      = 0x13
+	IP_PORTRANGE_DEFAULT              = 0x0
+	IP_PORTRANGE_HIGH                 = 0x1
+	IP_PORTRANGE_LOW                  = 0x2
+	IP_RECVDSTADDR                    = 0x7
+	IP_RECVDSTPORT                    = 0x21
+	IP_RECVIF                         = 0x1e
+	IP_RECVOPTS                       = 0x5
+	IP_RECVRETOPTS                    = 0x6
+	IP_RECVRTABLE                     = 0x23
+	IP_RECVTTL                        = 0x1f
+	IP_RETOPTS                        = 0x8
+	IP_RF                             = 0x8000
+	IP_RTABLE                         = 0x1021
+	IP_SENDSRCADDR                    = 0x7
+	IP_TOS                            = 0x3
+	IP_TTL                            = 0x4
+	ISIG                              = 0x80
+	ISTRIP                            = 0x20
+	IUCLC                             = 0x1000
+	IXANY                             = 0x800
+	IXOFF                             = 0x400
+	IXON                              = 0x200
+	KERN_HOSTNAME                     = 0xa
+	KERN_OSRELEASE                    = 0x2
+	KERN_OSTYPE                       = 0x1
+	KERN_VERSION                      = 0x4
+	LCNT_OVERLOAD_FLUSH               = 0x6
+	LOCK_EX                           = 0x2
+	LOCK_NB                           = 0x4
+	LOCK_SH                           = 0x1
+	LOCK_UN                           = 0x8
+	MADV_DONTNEED                     = 0x4
+	MADV_FREE                         = 0x6
+	MADV_NORMAL                       = 0x0
+	MADV_RANDOM                       = 0x1
+	MADV_SEQUENTIAL                   = 0x2
+	MADV_SPACEAVAIL                   = 0x5
+	MADV_WILLNEED                     = 0x3
+	MAP_ANON                          = 0x1000
+	MAP_ANONYMOUS                     = 0x1000
+	MAP_CONCEAL                       = 0x8000
+	MAP_COPY                          = 0x2
+	MAP_FILE                          = 0x0
+	MAP_FIXED                         = 0x10
+	MAP_FLAGMASK                      = 0xfff7
+	MAP_HASSEMAPHORE                  = 0x0
+	MAP_INHERIT                       = 0x0
+	MAP_INHERIT_COPY                  = 0x1
+	MAP_INHERIT_NONE                  = 0x2
+	MAP_INHERIT_SHARE                 = 0x0
+	MAP_INHERIT_ZERO                  = 0x3
+	MAP_NOEXTEND                      = 0x0
+	MAP_NORESERVE                     = 0x0
+	MAP_PRIVATE                       = 0x2
+	MAP_RENAME                        = 0x0
+	MAP_SHARED                        = 0x1
+	MAP_STACK                         = 0x4000
+	MAP_TRYFIXED                      = 0x0
+	MCL_CURRENT                       = 0x1
+	MCL_FUTURE                        = 0x2
+	MNT_ASYNC                         = 0x40
+	MNT_DEFEXPORTED                   = 0x200
+	MNT_DELEXPORT                     = 0x20000
+	MNT_DOOMED                        = 0x8000000
+	MNT_EXPORTANON                    = 0x400
+	MNT_EXPORTED                      = 0x100
+	MNT_EXRDONLY                      = 0x80
+	MNT_FORCE                         = 0x80000
+	MNT_LAZY                          = 0x3
+	MNT_LOCAL                         = 0x1000
+	MNT_NOATIME                       = 0x8000
+	MNT_NODEV                         = 0x10
+	MNT_NOEXEC                        = 0x4
+	MNT_NOPERM                        = 0x20
+	MNT_NOSUID                        = 0x8
+	MNT_NOWAIT                        = 0x2
+	MNT_QUOTA                         = 0x2000
+	MNT_RDONLY                        = 0x1
+	MNT_RELOAD                        = 0x40000
+	MNT_ROOTFS                        = 0x4000
+	MNT_SOFTDEP                       = 0x4000000
+	MNT_STALLED                       = 0x100000
+	MNT_SYNCHRONOUS                   = 0x2
+	MNT_UPDATE                        = 0x10000
+	MNT_VISFLAGMASK                   = 0x400ffff
+	MNT_WAIT                          = 0x1
+	MNT_WANTRDWR                      = 0x2000000
+	MNT_WXALLOWED                     = 0x800
+	MSG_BCAST                         = 0x100
+	MSG_CMSG_CLOEXEC                  = 0x800
+	MSG_CTRUNC                        = 0x20
+	MSG_DONTROUTE                     = 0x4
+	MSG_DONTWAIT                      = 0x80
+	MSG_EOR                           = 0x8
+	MSG_MCAST                         = 0x200
+	MSG_NOSIGNAL                      = 0x400
+	MSG_OOB                           = 0x1
+	MSG_PEEK                          = 0x2
+	MSG_TRUNC                         = 0x10
+	MSG_WAITALL                       = 0x40
+	MS_ASYNC                          = 0x1
+	MS_INVALIDATE                     = 0x4
+	MS_SYNC                           = 0x2
+	NAME_MAX                          = 0xff
+	NET_RT_DUMP                       = 0x1
+	NET_RT_FLAGS                      = 0x2
+	NET_RT_IFLIST                     = 0x3
+	NET_RT_IFNAMES                    = 0x6
+	NET_RT_MAXID                      = 0x7
+	NET_RT_STATS                      = 0x4
+	NET_RT_TABLE                      = 0x5
+	NFDBITS                           = 0x20
+	NOFLSH                            = 0x80000000
+	NOKERNINFO                        = 0x2000000
+	NOTE_ATTRIB                       = 0x8
+	NOTE_CHANGE                       = 0x1
+	NOTE_CHILD                        = 0x4
+	NOTE_DELETE                       = 0x1
+	NOTE_EOF                          = 0x2
+	NOTE_EXEC                         = 0x20000000
+	NOTE_EXIT                         = 0x80000000
+	NOTE_EXTEND                       = 0x4
+	NOTE_FORK                         = 0x40000000
+	NOTE_LINK                         = 0x10
+	NOTE_LOWAT                        = 0x1
+	NOTE_PCTRLMASK                    = 0xf0000000
+	NOTE_PDATAMASK                    = 0xfffff
+	NOTE_RENAME                       = 0x20
+	NOTE_REVOKE                       = 0x40
+	NOTE_TRACK                        = 0x1
+	NOTE_TRACKERR                     = 0x2
+	NOTE_TRUNCATE                     = 0x80
+	NOTE_WRITE                        = 0x2
+	OCRNL                             = 0x10
+	OLCUC                             = 0x20
+	ONLCR                             = 0x2
+	ONLRET                            = 0x80
+	ONOCR                             = 0x40
+	ONOEOT                            = 0x8
+	OPOST                             = 0x1
+	OXTABS                            = 0x4
+	O_ACCMODE                         = 0x3
+	O_APPEND                          = 0x8
+	O_ASYNC                           = 0x40
+	O_CLOEXEC                         = 0x10000
+	O_CREAT                           = 0x200
+	O_DIRECTORY                       = 0x20000
+	O_DSYNC                           = 0x80
+	O_EXCL                            = 0x800
+	O_EXLOCK                          = 0x20
+	O_FSYNC                           = 0x80
+	O_NDELAY                          = 0x4
+	O_NOCTTY                          = 0x8000
+	O_NOFOLLOW                        = 0x100
+	O_NONBLOCK                        = 0x4
+	O_RDONLY                          = 0x0
+	O_RDWR                            = 0x2
+	O_RSYNC                           = 0x80
+	O_SHLOCK                          = 0x10
+	O_SYNC                            = 0x80
+	O_TRUNC                           = 0x400
+	O_WRONLY                          = 0x1
+	PARENB                            = 0x1000
+	PARMRK                            = 0x8
+	PARODD                            = 0x2000
+	PENDIN                            = 0x20000000
+	PF_FLUSH                          = 0x1
+	PRIO_PGRP                         = 0x1
+	PRIO_PROCESS                      = 0x0
+	PRIO_USER                         = 0x2
+	PROT_EXEC                         = 0x4
+	PROT_NONE                         = 0x0
+	PROT_READ                         = 0x1
+	PROT_WRITE                        = 0x2
+	RLIMIT_CORE                       = 0x4
+	RLIMIT_CPU                        = 0x0
+	RLIMIT_DATA                       = 0x2
+	RLIMIT_FSIZE                      = 0x1
+	RLIMIT_MEMLOCK                    = 0x6
+	RLIMIT_NOFILE                     = 0x8
+	RLIMIT_NPROC                      = 0x7
+	RLIMIT_RSS                        = 0x5
+	RLIMIT_STACK                      = 0x3
+	RLIM_INFINITY                     = 0x7fffffffffffffff
+	RTAX_AUTHOR                       = 0x6
+	RTAX_BFD                          = 0xb
+	RTAX_BRD                          = 0x7
+	RTAX_DNS                          = 0xc
+	RTAX_DST                          = 0x0
+	RTAX_GATEWAY                      = 0x1
+	RTAX_GENMASK                      = 0x3
+	RTAX_IFA                          = 0x5
+	RTAX_IFP                          = 0x4
+	RTAX_LABEL                        = 0xa
+	RTAX_MAX                          = 0xf
+	RTAX_NETMASK                      = 0x2
+	RTAX_SEARCH                       = 0xe
+	RTAX_SRC                          = 0x8
+	RTAX_SRCMASK                      = 0x9
+	RTAX_STATIC                       = 0xd
+	RTA_AUTHOR                        = 0x40
+	RTA_BFD                           = 0x800
+	RTA_BRD                           = 0x80
+	RTA_DNS                           = 0x1000
+	RTA_DST                           = 0x1
+	RTA_GATEWAY                       = 0x2
+	RTA_GENMASK                       = 0x8
+	RTA_IFA                           = 0x20
+	RTA_IFP                           = 0x10
+	RTA_LABEL                         = 0x400
+	RTA_NETMASK                       = 0x4
+	RTA_SEARCH                        = 0x4000
+	RTA_SRC                           = 0x100
+	RTA_SRCMASK                       = 0x200
+	RTA_STATIC                        = 0x2000
+	RTF_ANNOUNCE                      = 0x4000
+	RTF_BFD                           = 0x1000000
+	RTF_BLACKHOLE                     = 0x1000
+	RTF_BROADCAST                     = 0x400000
+	RTF_CACHED                        = 0x20000
+	RTF_CLONED                        = 0x10000
+	RTF_CLONING                       = 0x100
+	RTF_CONNECTED                     = 0x800000
+	RTF_DONE                          = 0x40
+	RTF_DYNAMIC                       = 0x10
+	RTF_FMASK                         = 0x110fc08
+	RTF_GATEWAY                       = 0x2
+	RTF_HOST                          = 0x4
+	RTF_LLINFO                        = 0x400
+	RTF_LOCAL                         = 0x200000
+	RTF_MODIFIED                      = 0x20
+	RTF_MPATH                         = 0x40000
+	RTF_MPLS                          = 0x100000
+	RTF_MULTICAST                     = 0x200
+	RTF_PERMANENT_ARP                 = 0x2000
+	RTF_PROTO1                        = 0x8000
+	RTF_PROTO2                        = 0x4000
+	RTF_PROTO3                        = 0x2000
+	RTF_REJECT                        = 0x8
+	RTF_STATIC                        = 0x800
+	RTF_UP                            = 0x1
+	RTF_USETRAILERS                   = 0x8000
+	RTM_ADD                           = 0x1
+	RTM_BFD                           = 0x12
+	RTM_CHANGE                        = 0x3
+	RTM_DELADDR                       = 0xd
+	RTM_DELETE                        = 0x2
+	RTM_DESYNC                        = 0x10
+	RTM_GET                           = 0x4
+	RTM_IFANNOUNCE                    = 0xf
+	RTM_IFINFO                        = 0xe
+	RTM_INVALIDATE                    = 0x11
+	RTM_LOCK                          = 0x8
+	RTM_LOSING                        = 0x5
+	RTM_MAXSIZE                       = 0x800
+	RTM_MISS                          = 0x7
+	RTM_NEWADDR                       = 0xc
+	RTM_PROPOSAL                      = 0x13
+	RTM_REDIRECT                      = 0x6
+	RTM_RESOLVE                       = 0xb
+	RTM_RTTUNIT                       = 0xf4240
+	RTM_VERSION                       = 0x5
+	RTV_EXPIRE                        = 0x4
+	RTV_HOPCOUNT                      = 0x2
+	RTV_MTU                           = 0x1
+	RTV_RPIPE                         = 0x8
+	RTV_RTT                           = 0x40
+	RTV_RTTVAR                        = 0x80
+	RTV_SPIPE                         = 0x10
+	RTV_SSTHRESH                      = 0x20
+	RT_TABLEID_BITS                   = 0x8
+	RT_TABLEID_MASK                   = 0xff
+	RT_TABLEID_MAX                    = 0xff
+	RUSAGE_CHILDREN                   = -0x1
+	RUSAGE_SELF                       = 0x0
+	RUSAGE_THREAD                     = 0x1
+	SCM_RIGHTS                        = 0x1
+	SCM_TIMESTAMP                     = 0x4
+	SHUT_RD                           = 0x0
+	SHUT_RDWR                         = 0x2
+	SHUT_WR                           = 0x1
+	SIOCADDMULTI                      = 0x80206931
+	SIOCAIFADDR                       = 0x8040691a
+	SIOCAIFGROUP                      = 0x80286987
+	SIOCATMARK                        = 0x40047307
+	SIOCBRDGADD                       = 0x8060693c
+	SIOCBRDGADDL                      = 0x80606949
+	SIOCBRDGADDS                      = 0x80606941
+	SIOCBRDGARL                       = 0x808c694d
+	SIOCBRDGDADDR                     = 0x81286947
+	SIOCBRDGDEL                       = 0x8060693d
+	SIOCBRDGDELS                      = 0x80606942
+	SIOCBRDGFLUSH                     = 0x80606948
+	SIOCBRDGFRL                       = 0x808c694e
+	SIOCBRDGGCACHE                    = 0xc0186941
+	SIOCBRDGGFD                       = 0xc0186952
+	SIOCBRDGGHT                       = 0xc0186951
+	SIOCBRDGGIFFLGS                   = 0xc060693e
+	SIOCBRDGGMA                       = 0xc0186953
+	SIOCBRDGGPARAM                    = 0xc0406958
+	SIOCBRDGGPRI                      = 0xc0186950
+	SIOCBRDGGRL                       = 0xc030694f
+	SIOCBRDGGTO                       = 0xc0186946
+	SIOCBRDGIFS                       = 0xc0606942
+	SIOCBRDGRTS                       = 0xc0206943
+	SIOCBRDGSADDR                     = 0xc1286944
+	SIOCBRDGSCACHE                    = 0x80186940
+	SIOCBRDGSFD                       = 0x80186952
+	SIOCBRDGSHT                       = 0x80186951
+	SIOCBRDGSIFCOST                   = 0x80606955
+	SIOCBRDGSIFFLGS                   = 0x8060693f
+	SIOCBRDGSIFPRIO                   = 0x80606954
+	SIOCBRDGSIFPROT                   = 0x8060694a
+	SIOCBRDGSMA                       = 0x80186953
+	SIOCBRDGSPRI                      = 0x80186950
+	SIOCBRDGSPROTO                    = 0x8018695a
+	SIOCBRDGSTO                       = 0x80186945
+	SIOCBRDGSTXHC                     = 0x80186959
+	SIOCDELMULTI                      = 0x80206932
+	SIOCDIFADDR                       = 0x80206919
+	SIOCDIFGROUP                      = 0x80286989
+	SIOCDIFPARENT                     = 0x802069b4
+	SIOCDIFPHYADDR                    = 0x80206949
+	SIOCDVNETID                       = 0x802069af
+	SIOCGETKALIVE                     = 0xc01869a4
+	SIOCGETLABEL                      = 0x8020699a
+	SIOCGETMPWCFG                     = 0xc02069ae
+	SIOCGETPFLOW                      = 0xc02069fe
+	SIOCGETPFSYNC                     = 0xc02069f8
+	SIOCGETSGCNT                      = 0xc0207534
+	SIOCGETVIFCNT                     = 0xc0287533
+	SIOCGETVLAN                       = 0xc0206990
+	SIOCGIFADDR                       = 0xc0206921
+	SIOCGIFBRDADDR                    = 0xc0206923
+	SIOCGIFCONF                       = 0xc0106924
+	SIOCGIFDATA                       = 0xc020691b
+	SIOCGIFDESCR                      = 0xc0206981
+	SIOCGIFDSTADDR                    = 0xc0206922
+	SIOCGIFFLAGS                      = 0xc0206911
+	SIOCGIFGATTR                      = 0xc028698b
+	SIOCGIFGENERIC                    = 0xc020693a
+	SIOCGIFGMEMB                      = 0xc028698a
+	SIOCGIFGROUP                      = 0xc0286988
+	SIOCGIFHARDMTU                    = 0xc02069a5
+	SIOCGIFLLPRIO                     = 0xc02069b6
+	SIOCGIFMEDIA                      = 0xc0406938
+	SIOCGIFMETRIC                     = 0xc0206917
+	SIOCGIFMTU                        = 0xc020697e
+	SIOCGIFNETMASK                    = 0xc0206925
+	SIOCGIFPAIR                       = 0xc02069b1
+	SIOCGIFPARENT                     = 0xc02069b3
+	SIOCGIFPRIORITY                   = 0xc020699c
+	SIOCGIFRDOMAIN                    = 0xc02069a0
+	SIOCGIFRTLABEL                    = 0xc0206983
+	SIOCGIFRXR                        = 0x802069aa
+	SIOCGIFXFLAGS                     = 0xc020699e
+	SIOCGLIFPHYADDR                   = 0xc218694b
+	SIOCGLIFPHYDF                     = 0xc02069c2
+	SIOCGLIFPHYRTABLE                 = 0xc02069a2
+	SIOCGLIFPHYTTL                    = 0xc02069a9
+	SIOCGPGRP                         = 0x40047309
+	SIOCGSPPPPARAMS                   = 0xc0206994
+	SIOCGUMBINFO                      = 0xc02069be
+	SIOCGUMBPARAM                     = 0xc02069c0
+	SIOCGVH                           = 0xc02069f6
+	SIOCGVNETFLOWID                   = 0xc02069c4
+	SIOCGVNETID                       = 0xc02069a7
+	SIOCIFAFATTACH                    = 0x801169ab
+	SIOCIFAFDETACH                    = 0x801169ac
+	SIOCIFCREATE                      = 0x8020697a
+	SIOCIFDESTROY                     = 0x80206979
+	SIOCIFGCLONERS                    = 0xc0106978
+	SIOCSETKALIVE                     = 0x801869a3
+	SIOCSETLABEL                      = 0x80206999
+	SIOCSETMPWCFG                     = 0x802069ad
+	SIOCSETPFLOW                      = 0x802069fd
+	SIOCSETPFSYNC                     = 0x802069f7
+	SIOCSETVLAN                       = 0x8020698f
+	SIOCSIFADDR                       = 0x8020690c
+	SIOCSIFBRDADDR                    = 0x80206913
+	SIOCSIFDESCR                      = 0x80206980
+	SIOCSIFDSTADDR                    = 0x8020690e
+	SIOCSIFFLAGS                      = 0x80206910
+	SIOCSIFGATTR                      = 0x8028698c
+	SIOCSIFGENERIC                    = 0x80206939
+	SIOCSIFLLADDR                     = 0x8020691f
+	SIOCSIFLLPRIO                     = 0x802069b5
+	SIOCSIFMEDIA                      = 0xc0206937
+	SIOCSIFMETRIC                     = 0x80206918
+	SIOCSIFMTU                        = 0x8020697f
+	SIOCSIFNETMASK                    = 0x80206916
+	SIOCSIFPAIR                       = 0x802069b0
+	SIOCSIFPARENT                     = 0x802069b2
+	SIOCSIFPRIORITY                   = 0x8020699b
+	SIOCSIFRDOMAIN                    = 0x8020699f
+	SIOCSIFRTLABEL                    = 0x80206982
+	SIOCSIFXFLAGS                     = 0x8020699d
+	SIOCSLIFPHYADDR                   = 0x8218694a
+	SIOCSLIFPHYDF                     = 0x802069c1
+	SIOCSLIFPHYRTABLE                 = 0x802069a1
+	SIOCSLIFPHYTTL                    = 0x802069a8
+	SIOCSPGRP                         = 0x80047308
+	SIOCSSPPPPARAMS                   = 0x80206993
+	SIOCSUMBPARAM                     = 0x802069bf
+	SIOCSVH                           = 0xc02069f5
+	SIOCSVNETFLOWID                   = 0x802069c3
+	SIOCSVNETID                       = 0x802069a6
+	SIOCSWGDPID                       = 0xc018695b
+	SIOCSWGMAXFLOW                    = 0xc0186960
+	SIOCSWGMAXGROUP                   = 0xc018695d
+	SIOCSWSDPID                       = 0x8018695c
+	SIOCSWSPORTNO                     = 0xc060695f
+	SOCK_CLOEXEC                      = 0x8000
+	SOCK_DGRAM                        = 0x2
+	SOCK_DNS                          = 0x1000
+	SOCK_NONBLOCK                     = 0x4000
+	SOCK_RAW                          = 0x3
+	SOCK_RDM                          = 0x4
+	SOCK_SEQPACKET                    = 0x5
+	SOCK_STREAM                       = 0x1
+	SOL_SOCKET                        = 0xffff
+	SOMAXCONN                         = 0x80
+	SO_ACCEPTCONN                     = 0x2
+	SO_BINDANY                        = 0x1000
+	SO_BROADCAST                      = 0x20
+	SO_DEBUG                          = 0x1
+	SO_DONTROUTE                      = 0x10
+	SO_ERROR                          = 0x1007
+	SO_KEEPALIVE                      = 0x8
+	SO_LINGER                         = 0x80
+	SO_NETPROC                        = 0x1020
+	SO_OOBINLINE                      = 0x100
+	SO_PEERCRED                       = 0x1022
+	SO_RCVBUF                         = 0x1002
+	SO_RCVLOWAT                       = 0x1004
+	SO_RCVTIMEO                       = 0x1006
+	SO_REUSEADDR                      = 0x4
+	SO_REUSEPORT                      = 0x200
+	SO_RTABLE                         = 0x1021
+	SO_SNDBUF                         = 0x1001
+	SO_SNDLOWAT                       = 0x1003
+	SO_SNDTIMEO                       = 0x1005
+	SO_SPLICE                         = 0x1023
+	SO_TIMESTAMP                      = 0x800
+	SO_TYPE                           = 0x1008
+	SO_USELOOPBACK                    = 0x40
+	SO_ZEROIZE                        = 0x2000
+	S_BLKSIZE                         = 0x200
+	S_IEXEC                           = 0x40
+	S_IFBLK                           = 0x6000
+	S_IFCHR                           = 0x2000
+	S_IFDIR                           = 0x4000
+	S_IFIFO                           = 0x1000
+	S_IFLNK                           = 0xa000
+	S_IFMT                            = 0xf000
+	S_IFREG                           = 0x8000
+	S_IFSOCK                          = 0xc000
+	S_IREAD                           = 0x100
+	S_IRGRP                           = 0x20
+	S_IROTH                           = 0x4
+	S_IRUSR                           = 0x100
+	S_IRWXG                           = 0x38
+	S_IRWXO                           = 0x7
+	S_IRWXU                           = 0x1c0
+	S_ISGID                           = 0x400
+	S_ISTXT                           = 0x200
+	S_ISUID                           = 0x800
+	S_ISVTX                           = 0x200
+	S_IWGRP                           = 0x10
+	S_IWOTH                           = 0x2
+	S_IWRITE                          = 0x80
+	S_IWUSR                           = 0x80
+	S_IXGRP                           = 0x8
+	S_IXOTH                           = 0x1
+	S_IXUSR                           = 0x40
+	TCIFLUSH                          = 0x1
+	TCIOFF                            = 0x3
+	TCIOFLUSH                         = 0x3
+	TCION                             = 0x4
+	TCOFLUSH                          = 0x2
+	TCOOFF                            = 0x1
+	TCOON                             = 0x2
+	TCP_MAXBURST                      = 0x4
+	TCP_MAXSEG                        = 0x2
+	TCP_MAXWIN                        = 0xffff
+	TCP_MAX_SACK                      = 0x3
+	TCP_MAX_WINSHIFT                  = 0xe
+	TCP_MD5SIG                        = 0x4
+	TCP_MSS                           = 0x200
+	TCP_NODELAY                       = 0x1
+	TCP_NOPUSH                        = 0x10
+	TCP_SACK_ENABLE                   = 0x8
+	TCSAFLUSH                         = 0x2
+	TIOCCBRK                          = 0x2000747a
+	TIOCCDTR                          = 0x20007478
+	TIOCCHKVERAUTH                    = 0x2000741e
+	TIOCCLRVERAUTH                    = 0x2000741d
+	TIOCCONS                          = 0x80047462
+	TIOCDRAIN                         = 0x2000745e
+	TIOCEXCL                          = 0x2000740d
+	TIOCEXT                           = 0x80047460
+	TIOCFLAG_CLOCAL                   = 0x2
+	TIOCFLAG_CRTSCTS                  = 0x4
+	TIOCFLAG_MDMBUF                   = 0x8
+	TIOCFLAG_PPS                      = 0x10
+	TIOCFLAG_SOFTCAR                  = 0x1
+	TIOCFLUSH                         = 0x80047410
+	TIOCGETA                          = 0x402c7413
+	TIOCGETD                          = 0x4004741a
+	TIOCGFLAGS                        = 0x4004745d
+	TIOCGPGRP                         = 0x40047477
+	TIOCGSID                          = 0x40047463
+	TIOCGTSTAMP                       = 0x4010745b
+	TIOCGWINSZ                        = 0x40087468
+	TIOCMBIC                          = 0x8004746b
+	TIOCMBIS                          = 0x8004746c
+	TIOCMGET                          = 0x4004746a
+	TIOCMODG                          = 0x4004746a
+	TIOCMODS                          = 0x8004746d
+	TIOCMSET                          = 0x8004746d
+	TIOCM_CAR                         = 0x40
+	TIOCM_CD                          = 0x40
+	TIOCM_CTS                         = 0x20
+	TIOCM_DSR                         = 0x100
+	TIOCM_DTR                         = 0x2
+	TIOCM_LE                          = 0x1
+	TIOCM_RI                          = 0x80
+	TIOCM_RNG                         = 0x80
+	TIOCM_RTS                         = 0x4
+	TIOCM_SR                          = 0x10
+	TIOCM_ST                          = 0x8
+	TIOCNOTTY                         = 0x20007471
+	TIOCNXCL                          = 0x2000740e
+	TIOCOUTQ                          = 0x40047473
+	TIOCPKT                           = 0x80047470
+	TIOCPKT_DATA                      = 0x0
+	TIOCPKT_DOSTOP                    = 0x20
+	TIOCPKT_FLUSHREAD                 = 0x1
+	TIOCPKT_FLUSHWRITE                = 0x2
+	TIOCPKT_IOCTL                     = 0x40
+	TIOCPKT_NOSTOP                    = 0x10
+	TIOCPKT_START                     = 0x8
+	TIOCPKT_STOP                      = 0x4
+	TIOCREMOTE                        = 0x80047469
+	TIOCSBRK                          = 0x2000747b
+	TIOCSCTTY                         = 0x20007461
+	TIOCSDTR                          = 0x20007479
+	TIOCSETA                          = 0x802c7414
+	TIOCSETAF                         = 0x802c7416
+	TIOCSETAW                         = 0x802c7415
+	TIOCSETD                          = 0x8004741b
+	TIOCSETVERAUTH                    = 0x8004741c
+	TIOCSFLAGS                        = 0x8004745c
+	TIOCSIG                           = 0x8004745f
+	TIOCSPGRP                         = 0x80047476
+	TIOCSTART                         = 0x2000746e
+	TIOCSTAT                          = 0x20007465
+	TIOCSTI                           = 0x80017472
+	TIOCSTOP                          = 0x2000746f
+	TIOCSTSTAMP                       = 0x8008745a
+	TIOCSWINSZ                        = 0x80087467
+	TIOCUCNTL                         = 0x80047466
+	TIOCUCNTL_CBRK                    = 0x7a
+	TIOCUCNTL_SBRK                    = 0x7b
+	TOSTOP                            = 0x400000
+	UTIME_NOW                         = -0x2
+	UTIME_OMIT                        = -0x1
+	VDISCARD                          = 0xf
+	VDSUSP                            = 0xb
+	VEOF                              = 0x0
+	VEOL                              = 0x1
+	VEOL2                             = 0x2
+	VERASE                            = 0x3
+	VINTR                             = 0x8
+	VKILL                             = 0x5
+	VLNEXT                            = 0xe
+	VMIN                              = 0x10
+	VM_ANONMIN                        = 0x7
+	VM_LOADAVG                        = 0x2
+	VM_MAXID                          = 0xc
+	VM_MAXSLP                         = 0xa
+	VM_METER                          = 0x1
+	VM_NKMEMPAGES                     = 0x6
+	VM_PSSTRINGS                      = 0x3
+	VM_SWAPENCRYPT                    = 0x5
+	VM_USPACE                         = 0xb
+	VM_UVMEXP                         = 0x4
+	VM_VNODEMIN                       = 0x9
+	VM_VTEXTMIN                       = 0x8
+	VQUIT                             = 0x9
+	VREPRINT                          = 0x6
+	VSTART                            = 0xc
+	VSTATUS                           = 0x12
+	VSTOP                             = 0xd
+	VSUSP                             = 0xa
+	VTIME                             = 0x11
+	VWERASE                           = 0x4
+	WALTSIG                           = 0x4
+	WCONTINUED                        = 0x8
+	WCOREFLAG                         = 0x80
+	WNOHANG                           = 0x1
+	WUNTRACED                         = 0x2
+	XCASE                             = 0x1000000
+)
+
+// Errors
+const (
+	E2BIG           = syscall.Errno(0x7)
+	EACCES          = syscall.Errno(0xd)
+	EADDRINUSE      = syscall.Errno(0x30)
+	EADDRNOTAVAIL   = syscall.Errno(0x31)
+	EAFNOSUPPORT    = syscall.Errno(0x2f)
+	EAGAIN          = syscall.Errno(0x23)
+	EALREADY        = syscall.Errno(0x25)
+	EAUTH           = syscall.Errno(0x50)
+	EBADF           = syscall.Errno(0x9)
+	EBADMSG         = syscall.Errno(0x5c)
+	EBADRPC         = syscall.Errno(0x48)
+	EBUSY           = syscall.Errno(0x10)
+	ECANCELED       = syscall.Errno(0x58)
+	ECHILD          = syscall.Errno(0xa)
+	ECONNABORTED    = syscall.Errno(0x35)
+	ECONNREFUSED    = syscall.Errno(0x3d)
+	ECONNRESET      = syscall.Errno(0x36)
+	EDEADLK         = syscall.Errno(0xb)
+	EDESTADDRREQ    = syscall.Errno(0x27)
+	EDOM            = syscall.Errno(0x21)
+	EDQUOT          = syscall.Errno(0x45)
+	EEXIST          = syscall.Errno(0x11)
+	EFAULT          = syscall.Errno(0xe)
+	EFBIG           = syscall.Errno(0x1b)
+	EFTYPE          = syscall.Errno(0x4f)
+	EHOSTDOWN       = syscall.Errno(0x40)
+	EHOSTUNREACH    = syscall.Errno(0x41)
+	EIDRM           = syscall.Errno(0x59)
+	EILSEQ          = syscall.Errno(0x54)
+	EINPROGRESS     = syscall.Errno(0x24)
+	EINTR           = syscall.Errno(0x4)
+	EINVAL          = syscall.Errno(0x16)
+	EIO             = syscall.Errno(0x5)
+	EIPSEC          = syscall.Errno(0x52)
+	EISCONN         = syscall.Errno(0x38)
+	EISDIR          = syscall.Errno(0x15)
+	ELAST           = syscall.Errno(0x5f)
+	ELOOP           = syscall.Errno(0x3e)
+	EMEDIUMTYPE     = syscall.Errno(0x56)
+	EMFILE          = syscall.Errno(0x18)
+	EMLINK          = syscall.Errno(0x1f)
+	EMSGSIZE        = syscall.Errno(0x28)
+	ENAMETOOLONG    = syscall.Errno(0x3f)
+	ENEEDAUTH       = syscall.Errno(0x51)
+	ENETDOWN        = syscall.Errno(0x32)
+	ENETRESET       = syscall.Errno(0x34)
+	ENETUNREACH     = syscall.Errno(0x33)
+	ENFILE          = syscall.Errno(0x17)
+	ENOATTR         = syscall.Errno(0x53)
+	ENOBUFS         = syscall.Errno(0x37)
+	ENODEV          = syscall.Errno(0x13)
+	ENOENT          = syscall.Errno(0x2)
+	ENOEXEC         = syscall.Errno(0x8)
+	ENOLCK          = syscall.Errno(0x4d)
+	ENOMEDIUM       = syscall.Errno(0x55)
+	ENOMEM          = syscall.Errno(0xc)
+	ENOMSG          = syscall.Errno(0x5a)
+	ENOPROTOOPT     = syscall.Errno(0x2a)
+	ENOSPC          = syscall.Errno(0x1c)
+	ENOSYS          = syscall.Errno(0x4e)
+	ENOTBLK         = syscall.Errno(0xf)
+	ENOTCONN        = syscall.Errno(0x39)
+	ENOTDIR         = syscall.Errno(0x14)
+	ENOTEMPTY       = syscall.Errno(0x42)
+	ENOTRECOVERABLE = syscall.Errno(0x5d)
+	ENOTSOCK        = syscall.Errno(0x26)
+	ENOTSUP         = syscall.Errno(0x5b)
+	ENOTTY          = syscall.Errno(0x19)
+	ENXIO           = syscall.Errno(0x6)
+	EOPNOTSUPP      = syscall.Errno(0x2d)
+	EOVERFLOW       = syscall.Errno(0x57)
+	EOWNERDEAD      = syscall.Errno(0x5e)
+	EPERM           = syscall.Errno(0x1)
+	EPFNOSUPPORT    = syscall.Errno(0x2e)
+	EPIPE           = syscall.Errno(0x20)
+	EPROCLIM        = syscall.Errno(0x43)
+	EPROCUNAVAIL    = syscall.Errno(0x4c)
+	EPROGMISMATCH   = syscall.Errno(0x4b)
+	EPROGUNAVAIL    = syscall.Errno(0x4a)
+	EPROTO          = syscall.Errno(0x5f)
+	EPROTONOSUPPORT = syscall.Errno(0x2b)
+	EPROTOTYPE      = syscall.Errno(0x29)
+	ERANGE          = syscall.Errno(0x22)
+	EREMOTE         = syscall.Errno(0x47)
+	EROFS           = syscall.Errno(0x1e)
+	ERPCMISMATCH    = syscall.Errno(0x49)
+	ESHUTDOWN       = syscall.Errno(0x3a)
+	ESOCKTNOSUPPORT = syscall.Errno(0x2c)
+	ESPIPE          = syscall.Errno(0x1d)
+	ESRCH           = syscall.Errno(0x3)
+	ESTALE          = syscall.Errno(0x46)
+	ETIMEDOUT       = syscall.Errno(0x3c)
+	ETOOMANYREFS    = syscall.Errno(0x3b)
+	ETXTBSY         = syscall.Errno(0x1a)
+	EUSERS          = syscall.Errno(0x44)
+	EWOULDBLOCK     = syscall.Errno(0x23)
+	EXDEV           = syscall.Errno(0x12)
+)
+
+// Signals
+const (
+	SIGABRT   = syscall.Signal(0x6)
+	SIGALRM   = syscall.Signal(0xe)
+	SIGBUS    = syscall.Signal(0xa)
+	SIGCHLD   = syscall.Signal(0x14)
+	SIGCONT   = syscall.Signal(0x13)
+	SIGEMT    = syscall.Signal(0x7)
+	SIGFPE    = syscall.Signal(0x8)
+	SIGHUP    = syscall.Signal(0x1)
+	SIGILL    = syscall.Signal(0x4)
+	SIGINFO   = syscall.Signal(0x1d)
+	SIGINT    = syscall.Signal(0x2)
+	SIGIO     = syscall.Signal(0x17)
+	SIGIOT    = syscall.Signal(0x6)
+	SIGKILL   = syscall.Signal(0x9)
+	SIGPIPE   = syscall.Signal(0xd)
+	SIGPROF   = syscall.Signal(0x1b)
+	SIGQUIT   = syscall.Signal(0x3)
+	SIGSEGV   = syscall.Signal(0xb)
+	SIGSTOP   = syscall.Signal(0x11)
+	SIGSYS    = syscall.Signal(0xc)
+	SIGTERM   = syscall.Signal(0xf)
+	SIGTHR    = syscall.Signal(0x20)
+	SIGTRAP   = syscall.Signal(0x5)
+	SIGTSTP   = syscall.Signal(0x12)
+	SIGTTIN   = syscall.Signal(0x15)
+	SIGTTOU   = syscall.Signal(0x16)
+	SIGURG    = syscall.Signal(0x10)
+	SIGUSR1   = syscall.Signal(0x1e)
+	SIGUSR2   = syscall.Signal(0x1f)
+	SIGVTALRM = syscall.Signal(0x1a)
+	SIGWINCH  = syscall.Signal(0x1c)
+	SIGXCPU   = syscall.Signal(0x18)
+	SIGXFSZ   = syscall.Signal(0x19)
+)
+
+// Error table
+var errorList = [...]struct {
+	num  syscall.Errno
+	name string
+	desc string
+}{
+	{1, "EPERM", "operation not permitted"},
+	{2, "ENOENT", "no such file or directory"},
+	{3, "ESRCH", "no such process"},
+	{4, "EINTR", "interrupted system call"},
+	{5, "EIO", "input/output error"},
+	{6, "ENXIO", "device not configured"},
+	{7, "E2BIG", "argument list too long"},
+	{8, "ENOEXEC", "exec format error"},
+	{9, "EBADF", "bad file descriptor"},
+	{10, "ECHILD", "no child processes"},
+	{11, "EDEADLK", "resource deadlock avoided"},
+	{12, "ENOMEM", "cannot allocate memory"},
+	{13, "EACCES", "permission denied"},
+	{14, "EFAULT", "bad address"},
+	{15, "ENOTBLK", "block device required"},
+	{16, "EBUSY", "device busy"},
+	{17, "EEXIST", "file exists"},
+	{18, "EXDEV", "cross-device link"},
+	{19, "ENODEV", "operation not supported by device"},
+	{20, "ENOTDIR", "not a directory"},
+	{21, "EISDIR", "is a directory"},
+	{22, "EINVAL", "invalid argument"},
+	{23, "ENFILE", "too many open files in system"},
+	{24, "EMFILE", "too many open files"},
+	{25, "ENOTTY", "inappropriate ioctl for device"},
+	{26, "ETXTBSY", "text file busy"},
+	{27, "EFBIG", "file too large"},
+	{28, "ENOSPC", "no space left on device"},
+	{29, "ESPIPE", "illegal seek"},
+	{30, "EROFS", "read-only file system"},
+	{31, "EMLINK", "too many links"},
+	{32, "EPIPE", "broken pipe"},
+	{33, "EDOM", "numerical argument out of domain"},
+	{34, "ERANGE", "result too large"},
+	{35, "EAGAIN", "resource temporarily unavailable"},
+	{36, "EINPROGRESS", "operation now in progress"},
+	{37, "EALREADY", "operation already in progress"},
+	{38, "ENOTSOCK", "socket operation on non-socket"},
+	{39, "EDESTADDRREQ", "destination address required"},
+	{40, "EMSGSIZE", "message too long"},
+	{41, "EPROTOTYPE", "protocol wrong type for socket"},
+	{42, "ENOPROTOOPT", "protocol not available"},
+	{43, "EPROTONOSUPPORT", "protocol not supported"},
+	{44, "ESOCKTNOSUPPORT", "socket type not supported"},
+	{45, "EOPNOTSUPP", "operation not supported"},
+	{46, "EPFNOSUPPORT", "protocol family not supported"},
+	{47, "EAFNOSUPPORT", "address family not supported by protocol family"},
+	{48, "EADDRINUSE", "address already in use"},
+	{49, "EADDRNOTAVAIL", "can't assign requested address"},
+	{50, "ENETDOWN", "network is down"},
+	{51, "ENETUNREACH", "network is unreachable"},
+	{52, "ENETRESET", "network dropped connection on reset"},
+	{53, "ECONNABORTED", "software caused connection abort"},
+	{54, "ECONNRESET", "connection reset by peer"},
+	{55, "ENOBUFS", "no buffer space available"},
+	{56, "EISCONN", "socket is already connected"},
+	{57, "ENOTCONN", "socket is not connected"},
+	{58, "ESHUTDOWN", "can't send after socket shutdown"},
+	{59, "ETOOMANYREFS", "too many references: can't splice"},
+	{60, "ETIMEDOUT", "operation timed out"},
+	{61, "ECONNREFUSED", "connection refused"},
+	{62, "ELOOP", "too many levels of symbolic links"},
+	{63, "ENAMETOOLONG", "file name too long"},
+	{64, "EHOSTDOWN", "host is down"},
+	{65, "EHOSTUNREACH", "no route to host"},
+	{66, "ENOTEMPTY", "directory not empty"},
+	{67, "EPROCLIM", "too many processes"},
+	{68, "EUSERS", "too many users"},
+	{69, "EDQUOT", "disk quota exceeded"},
+	{70, "ESTALE", "stale NFS file handle"},
+	{71, "EREMOTE", "too many levels of remote in path"},
+	{72, "EBADRPC", "RPC struct is bad"},
+	{73, "ERPCMISMATCH", "RPC version wrong"},
+	{74, "EPROGUNAVAIL", "RPC program not available"},
+	{75, "EPROGMISMATCH", "program version wrong"},
+	{76, "EPROCUNAVAIL", "bad procedure for program"},
+	{77, "ENOLCK", "no locks available"},
+	{78, "ENOSYS", "function not implemented"},
+	{79, "EFTYPE", "inappropriate file type or format"},
+	{80, "EAUTH", "authentication error"},
+	{81, "ENEEDAUTH", "need authenticator"},
+	{82, "EIPSEC", "IPsec processing failure"},
+	{83, "ENOATTR", "attribute not found"},
+	{84, "EILSEQ", "illegal byte sequence"},
+	{85, "ENOMEDIUM", "no medium found"},
+	{86, "EMEDIUMTYPE", "wrong medium type"},
+	{87, "EOVERFLOW", "value too large to be stored in data type"},
+	{88, "ECANCELED", "operation canceled"},
+	{89, "EIDRM", "identifier removed"},
+	{90, "ENOMSG", "no message of desired type"},
+	{91, "ENOTSUP", "not supported"},
+	{92, "EBADMSG", "bad message"},
+	{93, "ENOTRECOVERABLE", "state not recoverable"},
+	{94, "EOWNERDEAD", "previous owner died"},
+	{95, "ELAST", "protocol error"},
+}
+
+// Signal table
+var signalList = [...]struct {
+	num  syscall.Signal
+	name string
+	desc string
+}{
+	{1, "SIGHUP", "hangup"},
+	{2, "SIGINT", "interrupt"},
+	{3, "SIGQUIT", "quit"},
+	{4, "SIGILL", "illegal instruction"},
+	{5, "SIGTRAP", "trace/BPT trap"},
+	{6, "SIGABRT", "abort trap"},
+	{7, "SIGEMT", "EMT trap"},
+	{8, "SIGFPE", "floating point exception"},
+	{9, "SIGKILL", "killed"},
+	{10, "SIGBUS", "bus error"},
+	{11, "SIGSEGV", "segmentation fault"},
+	{12, "SIGSYS", "bad system call"},
+	{13, "SIGPIPE", "broken pipe"},
+	{14, "SIGALRM", "alarm clock"},
+	{15, "SIGTERM", "terminated"},
+	{16, "SIGURG", "urgent I/O condition"},
+	{17, "SIGSTOP", "suspended (signal)"},
+	{18, "SIGTSTP", "suspended"},
+	{19, "SIGCONT", "continued"},
+	{20, "SIGCHLD", "child exited"},
+	{21, "SIGTTIN", "stopped (tty input)"},
+	{22, "SIGTTOU", "stopped (tty output)"},
+	{23, "SIGIO", "I/O possible"},
+	{24, "SIGXCPU", "cputime limit exceeded"},
+	{25, "SIGXFSZ", "filesize limit exceeded"},
+	{26, "SIGVTALRM", "virtual timer expired"},
+	{27, "SIGPROF", "profiling timer expired"},
+	{28, "SIGWINCH", "window size changes"},
+	{29, "SIGINFO", "information request"},
+	{30, "SIGUSR1", "user defined signal 1"},
+	{31, "SIGUSR2", "user defined signal 2"},
+	{32, "SIGTHR", "thread AST"},
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go
new file mode 100644
index 000000000..7072526a6
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go
@@ -0,0 +1,1666 @@
+// mkerrors.sh
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build arm,openbsd
+
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs -- _const.go
+
+package unix
+
+import "syscall"
+
+const (
+	AF_APPLETALK                      = 0x10
+	AF_BLUETOOTH                      = 0x20
+	AF_CCITT                          = 0xa
+	AF_CHAOS                          = 0x5
+	AF_CNT                            = 0x15
+	AF_COIP                           = 0x14
+	AF_DATAKIT                        = 0x9
+	AF_DECnet                         = 0xc
+	AF_DLI                            = 0xd
+	AF_E164                           = 0x1a
+	AF_ECMA                           = 0x8
+	AF_ENCAP                          = 0x1c
+	AF_HYLINK                         = 0xf
+	AF_IMPLINK                        = 0x3
+	AF_INET                           = 0x2
+	AF_INET6                          = 0x18
+	AF_IPX                            = 0x17
+	AF_ISDN                           = 0x1a
+	AF_ISO                            = 0x7
+	AF_KEY                            = 0x1e
+	AF_LAT                            = 0xe
+	AF_LINK                           = 0x12
+	AF_LOCAL                          = 0x1
+	AF_MAX                            = 0x24
+	AF_MPLS                           = 0x21
+	AF_NATM                           = 0x1b
+	AF_NS                             = 0x6
+	AF_OSI                            = 0x7
+	AF_PUP                            = 0x4
+	AF_ROUTE                          = 0x11
+	AF_SIP                            = 0x1d
+	AF_SNA                            = 0xb
+	AF_UNIX                           = 0x1
+	AF_UNSPEC                         = 0x0
+	ARPHRD_ETHER                      = 0x1
+	ARPHRD_FRELAY                     = 0xf
+	ARPHRD_IEEE1394                   = 0x18
+	ARPHRD_IEEE802                    = 0x6
+	B0                                = 0x0
+	B110                              = 0x6e
+	B115200                           = 0x1c200
+	B1200                             = 0x4b0
+	B134                              = 0x86
+	B14400                            = 0x3840
+	B150                              = 0x96
+	B1800                             = 0x708
+	B19200                            = 0x4b00
+	B200                              = 0xc8
+	B230400                           = 0x38400
+	B2400                             = 0x960
+	B28800                            = 0x7080
+	B300                              = 0x12c
+	B38400                            = 0x9600
+	B4800                             = 0x12c0
+	B50                               = 0x32
+	B57600                            = 0xe100
+	B600                              = 0x258
+	B7200                             = 0x1c20
+	B75                               = 0x4b
+	B76800                            = 0x12c00
+	B9600                             = 0x2580
+	BIOCFLUSH                         = 0x20004268
+	BIOCGBLEN                         = 0x40044266
+	BIOCGDIRFILT                      = 0x4004427c
+	BIOCGDLT                          = 0x4004426a
+	BIOCGDLTLIST                      = 0xc008427b
+	BIOCGETIF                         = 0x4020426b
+	BIOCGFILDROP                      = 0x40044278
+	BIOCGHDRCMPLT                     = 0x40044274
+	BIOCGRSIG                         = 0x40044273
+	BIOCGRTIMEOUT                     = 0x400c426e
+	BIOCGSTATS                        = 0x4008426f
+	BIOCIMMEDIATE                     = 0x80044270
+	BIOCLOCK                          = 0x20004276
+	BIOCPROMISC                       = 0x20004269
+	BIOCSBLEN                         = 0xc0044266
+	BIOCSDIRFILT                      = 0x8004427d
+	BIOCSDLT                          = 0x8004427a
+	BIOCSETF                          = 0x80084267
+	BIOCSETIF                         = 0x8020426c
+	BIOCSETWF                         = 0x80084277
+	BIOCSFILDROP                      = 0x80044279
+	BIOCSHDRCMPLT                     = 0x80044275
+	BIOCSRSIG                         = 0x80044272
+	BIOCSRTIMEOUT                     = 0x800c426d
+	BIOCVERSION                       = 0x40044271
+	BPF_A                             = 0x10
+	BPF_ABS                           = 0x20
+	BPF_ADD                           = 0x0
+	BPF_ALIGNMENT                     = 0x4
+	BPF_ALU                           = 0x4
+	BPF_AND                           = 0x50
+	BPF_B                             = 0x10
+	BPF_DIRECTION_IN                  = 0x1
+	BPF_DIRECTION_OUT                 = 0x2
+	BPF_DIV                           = 0x30
+	BPF_H                             = 0x8
+	BPF_IMM                           = 0x0
+	BPF_IND                           = 0x40
+	BPF_JA                            = 0x0
+	BPF_JEQ                           = 0x10
+	BPF_JGE                           = 0x30
+	BPF_JGT                           = 0x20
+	BPF_JMP                           = 0x5
+	BPF_JSET                          = 0x40
+	BPF_K                             = 0x0
+	BPF_LD                            = 0x0
+	BPF_LDX                           = 0x1
+	BPF_LEN                           = 0x80
+	BPF_LSH                           = 0x60
+	BPF_MAJOR_VERSION                 = 0x1
+	BPF_MAXBUFSIZE                    = 0x200000
+	BPF_MAXINSNS                      = 0x200
+	BPF_MEM                           = 0x60
+	BPF_MEMWORDS                      = 0x10
+	BPF_MINBUFSIZE                    = 0x20
+	BPF_MINOR_VERSION                 = 0x1
+	BPF_MISC                          = 0x7
+	BPF_MSH                           = 0xa0
+	BPF_MUL                           = 0x20
+	BPF_NEG                           = 0x80
+	BPF_OR                            = 0x40
+	BPF_RELEASE                       = 0x30bb6
+	BPF_RET                           = 0x6
+	BPF_RSH                           = 0x70
+	BPF_ST                            = 0x2
+	BPF_STX                           = 0x3
+	BPF_SUB                           = 0x10
+	BPF_TAX                           = 0x0
+	BPF_TXA                           = 0x80
+	BPF_W                             = 0x0
+	BPF_X                             = 0x8
+	BRKINT                            = 0x2
+	CFLUSH                            = 0xf
+	CLOCAL                            = 0x8000
+	CPUSTATES                         = 0x6
+	CP_IDLE                           = 0x5
+	CP_INTR                           = 0x4
+	CP_NICE                           = 0x1
+	CP_SPIN                           = 0x3
+	CP_SYS                            = 0x2
+	CP_USER                           = 0x0
+	CREAD                             = 0x800
+	CRTSCTS                           = 0x10000
+	CS5                               = 0x0
+	CS6                               = 0x100
+	CS7                               = 0x200
+	CS8                               = 0x300
+	CSIZE                             = 0x300
+	CSTART                            = 0x11
+	CSTATUS                           = 0xff
+	CSTOP                             = 0x13
+	CSTOPB                            = 0x400
+	CSUSP                             = 0x1a
+	CTL_HW                            = 0x6
+	CTL_KERN                          = 0x1
+	CTL_MAXNAME                       = 0xc
+	CTL_NET                           = 0x4
+	DIOCOSFPFLUSH                     = 0x2000444e
+	DLT_ARCNET                        = 0x7
+	DLT_ATM_RFC1483                   = 0xb
+	DLT_AX25                          = 0x3
+	DLT_CHAOS                         = 0x5
+	DLT_C_HDLC                        = 0x68
+	DLT_EN10MB                        = 0x1
+	DLT_EN3MB                         = 0x2
+	DLT_ENC                           = 0xd
+	DLT_FDDI                          = 0xa
+	DLT_IEEE802                       = 0x6
+	DLT_IEEE802_11                    = 0x69
+	DLT_IEEE802_11_RADIO              = 0x7f
+	DLT_LOOP                          = 0xc
+	DLT_MPLS                          = 0xdb
+	DLT_NULL                          = 0x0
+	DLT_PFLOG                         = 0x75
+	DLT_PFSYNC                        = 0x12
+	DLT_PPP                           = 0x9
+	DLT_PPP_BSDOS                     = 0x10
+	DLT_PPP_ETHER                     = 0x33
+	DLT_PPP_SERIAL                    = 0x32
+	DLT_PRONET                        = 0x4
+	DLT_RAW                           = 0xe
+	DLT_SLIP                          = 0x8
+	DLT_SLIP_BSDOS                    = 0xf
+	DT_BLK                            = 0x6
+	DT_CHR                            = 0x2
+	DT_DIR                            = 0x4
+	DT_FIFO                           = 0x1
+	DT_LNK                            = 0xa
+	DT_REG                            = 0x8
+	DT_SOCK                           = 0xc
+	DT_UNKNOWN                        = 0x0
+	ECHO                              = 0x8
+	ECHOCTL                           = 0x40
+	ECHOE                             = 0x2
+	ECHOK                             = 0x4
+	ECHOKE                            = 0x1
+	ECHONL                            = 0x10
+	ECHOPRT                           = 0x20
+	EMT_TAGOVF                        = 0x1
+	EMUL_ENABLED                      = 0x1
+	EMUL_NATIVE                       = 0x2
+	ENDRUNDISC                        = 0x9
+	ETHERMIN                          = 0x2e
+	ETHERMTU                          = 0x5dc
+	ETHERTYPE_8023                    = 0x4
+	ETHERTYPE_AARP                    = 0x80f3
+	ETHERTYPE_ACCTON                  = 0x8390
+	ETHERTYPE_AEONIC                  = 0x8036
+	ETHERTYPE_ALPHA                   = 0x814a
+	ETHERTYPE_AMBER                   = 0x6008
+	ETHERTYPE_AMOEBA                  = 0x8145
+	ETHERTYPE_AOE                     = 0x88a2
+	ETHERTYPE_APOLLO                  = 0x80f7
+	ETHERTYPE_APOLLODOMAIN            = 0x8019
+	ETHERTYPE_APPLETALK               = 0x809b
+	ETHERTYPE_APPLITEK                = 0x80c7
+	ETHERTYPE_ARGONAUT                = 0x803a
+	ETHERTYPE_ARP                     = 0x806
+	ETHERTYPE_AT                      = 0x809b
+	ETHERTYPE_ATALK                   = 0x809b
+	ETHERTYPE_ATOMIC                  = 0x86df
+	ETHERTYPE_ATT                     = 0x8069
+	ETHERTYPE_ATTSTANFORD             = 0x8008
+	ETHERTYPE_AUTOPHON                = 0x806a
+	ETHERTYPE_AXIS                    = 0x8856
+	ETHERTYPE_BCLOOP                  = 0x9003
+	ETHERTYPE_BOFL                    = 0x8102
+	ETHERTYPE_CABLETRON               = 0x7034
+	ETHERTYPE_CHAOS                   = 0x804
+	ETHERTYPE_COMDESIGN               = 0x806c
+	ETHERTYPE_COMPUGRAPHIC            = 0x806d
+	ETHERTYPE_COUNTERPOINT            = 0x8062
+	ETHERTYPE_CRONUS                  = 0x8004
+	ETHERTYPE_CRONUSVLN               = 0x8003
+	ETHERTYPE_DCA                     = 0x1234
+	ETHERTYPE_DDE                     = 0x807b
+	ETHERTYPE_DEBNI                   = 0xaaaa
+	ETHERTYPE_DECAM                   = 0x8048
+	ETHERTYPE_DECCUST                 = 0x6006
+	ETHERTYPE_DECDIAG                 = 0x6005
+	ETHERTYPE_DECDNS                  = 0x803c
+	ETHERTYPE_DECDTS                  = 0x803e
+	ETHERTYPE_DECEXPER                = 0x6000
+	ETHERTYPE_DECLAST                 = 0x8041
+	ETHERTYPE_DECLTM                  = 0x803f
+	ETHERTYPE_DECMUMPS                = 0x6009
+	ETHERTYPE_DECNETBIOS              = 0x8040
+	ETHERTYPE_DELTACON                = 0x86de
+	ETHERTYPE_DIDDLE                  = 0x4321
+	ETHERTYPE_DLOG1                   = 0x660
+	ETHERTYPE_DLOG2                   = 0x661
+	ETHERTYPE_DN                      = 0x6003
+	ETHERTYPE_DOGFIGHT                = 0x1989
+	ETHERTYPE_DSMD                    = 0x8039
+	ETHERTYPE_ECMA                    = 0x803
+	ETHERTYPE_ENCRYPT                 = 0x803d
+	ETHERTYPE_ES                      = 0x805d
+	ETHERTYPE_EXCELAN                 = 0x8010
+	ETHERTYPE_EXPERDATA               = 0x8049
+	ETHERTYPE_FLIP                    = 0x8146
+	ETHERTYPE_FLOWCONTROL             = 0x8808
+	ETHERTYPE_FRARP                   = 0x808
+	ETHERTYPE_GENDYN                  = 0x8068
+	ETHERTYPE_HAYES                   = 0x8130
+	ETHERTYPE_HIPPI_FP                = 0x8180
+	ETHERTYPE_HITACHI                 = 0x8820
+	ETHERTYPE_HP                      = 0x8005
+	ETHERTYPE_IEEEPUP                 = 0xa00
+	ETHERTYPE_IEEEPUPAT               = 0xa01
+	ETHERTYPE_IMLBL                   = 0x4c42
+	ETHERTYPE_IMLBLDIAG               = 0x424c
+	ETHERTYPE_IP                      = 0x800
+	ETHERTYPE_IPAS                    = 0x876c
+	ETHERTYPE_IPV6                    = 0x86dd
+	ETHERTYPE_IPX                     = 0x8137
+	ETHERTYPE_IPXNEW                  = 0x8037
+	ETHERTYPE_KALPANA                 = 0x8582
+	ETHERTYPE_LANBRIDGE               = 0x8038
+	ETHERTYPE_LANPROBE                = 0x8888
+	ETHERTYPE_LAT                     = 0x6004
+	ETHERTYPE_LBACK                   = 0x9000
+	ETHERTYPE_LITTLE                  = 0x8060
+	ETHERTYPE_LLDP                    = 0x88cc
+	ETHERTYPE_LOGICRAFT               = 0x8148
+	ETHERTYPE_LOOPBACK                = 0x9000
+	ETHERTYPE_MATRA                   = 0x807a
+	ETHERTYPE_MAX                     = 0xffff
+	ETHERTYPE_MERIT                   = 0x807c
+	ETHERTYPE_MICP                    = 0x873a
+	ETHERTYPE_MOPDL                   = 0x6001
+	ETHERTYPE_MOPRC                   = 0x6002
+	ETHERTYPE_MOTOROLA                = 0x818d
+	ETHERTYPE_MPLS                    = 0x8847
+	ETHERTYPE_MPLS_MCAST              = 0x8848
+	ETHERTYPE_MUMPS                   = 0x813f
+	ETHERTYPE_NBPCC                   = 0x3c04
+	ETHERTYPE_NBPCLAIM                = 0x3c09
+	ETHERTYPE_NBPCLREQ                = 0x3c05
+	ETHERTYPE_NBPCLRSP                = 0x3c06
+	ETHERTYPE_NBPCREQ                 = 0x3c02
+	ETHERTYPE_NBPCRSP                 = 0x3c03
+	ETHERTYPE_NBPDG                   = 0x3c07
+	ETHERTYPE_NBPDGB                  = 0x3c08
+	ETHERTYPE_NBPDLTE                 = 0x3c0a
+	ETHERTYPE_NBPRAR                  = 0x3c0c
+	ETHERTYPE_NBPRAS                  = 0x3c0b
+	ETHERTYPE_NBPRST                  = 0x3c0d
+	ETHERTYPE_NBPSCD                  = 0x3c01
+	ETHERTYPE_NBPVCD                  = 0x3c00
+	ETHERTYPE_NBS                     = 0x802
+	ETHERTYPE_NCD                     = 0x8149
+	ETHERTYPE_NESTAR                  = 0x8006
+	ETHERTYPE_NETBEUI                 = 0x8191
+	ETHERTYPE_NOVELL                  = 0x8138
+	ETHERTYPE_NS                      = 0x600
+	ETHERTYPE_NSAT                    = 0x601
+	ETHERTYPE_NSCOMPAT                = 0x807
+	ETHERTYPE_NTRAILER                = 0x10
+	ETHERTYPE_OS9                     = 0x7007
+	ETHERTYPE_OS9NET                  = 0x7009
+	ETHERTYPE_PACER                   = 0x80c6
+	ETHERTYPE_PAE                     = 0x888e
+	ETHERTYPE_PCS                     = 0x4242
+	ETHERTYPE_PLANNING                = 0x8044
+	ETHERTYPE_PPP                     = 0x880b
+	ETHERTYPE_PPPOE                   = 0x8864
+	ETHERTYPE_PPPOEDISC               = 0x8863
+	ETHERTYPE_PRIMENTS                = 0x7031
+	ETHERTYPE_PUP                     = 0x200
+	ETHERTYPE_PUPAT                   = 0x200
+	ETHERTYPE_QINQ                    = 0x88a8
+	ETHERTYPE_RACAL                   = 0x7030
+	ETHERTYPE_RATIONAL                = 0x8150
+	ETHERTYPE_RAWFR                   = 0x6559
+	ETHERTYPE_RCL                     = 0x1995
+	ETHERTYPE_RDP                     = 0x8739
+	ETHERTYPE_RETIX                   = 0x80f2
+	ETHERTYPE_REVARP                  = 0x8035
+	ETHERTYPE_SCA                     = 0x6007
+	ETHERTYPE_SECTRA                  = 0x86db
+	ETHERTYPE_SECUREDATA              = 0x876d
+	ETHERTYPE_SGITW                   = 0x817e
+	ETHERTYPE_SG_BOUNCE               = 0x8016
+	ETHERTYPE_SG_DIAG                 = 0x8013
+	ETHERTYPE_SG_NETGAMES             = 0x8014
+	ETHERTYPE_SG_RESV                 = 0x8015
+	ETHERTYPE_SIMNET                  = 0x5208
+	ETHERTYPE_SLOW                    = 0x8809
+	ETHERTYPE_SNA                     = 0x80d5
+	ETHERTYPE_SNMP                    = 0x814c
+	ETHERTYPE_SONIX                   = 0xfaf5
+	ETHERTYPE_SPIDER                  = 0x809f
+	ETHERTYPE_SPRITE                  = 0x500
+	ETHERTYPE_STP                     = 0x8181
+	ETHERTYPE_TALARIS                 = 0x812b
+	ETHERTYPE_TALARISMC               = 0x852b
+	ETHERTYPE_TCPCOMP                 = 0x876b
+	ETHERTYPE_TCPSM                   = 0x9002
+	ETHERTYPE_TEC                     = 0x814f
+	ETHERTYPE_TIGAN                   = 0x802f
+	ETHERTYPE_TRAIL                   = 0x1000
+	ETHERTYPE_TRANSETHER              = 0x6558
+	ETHERTYPE_TYMSHARE                = 0x802e
+	ETHERTYPE_UBBST                   = 0x7005
+	ETHERTYPE_UBDEBUG                 = 0x900
+	ETHERTYPE_UBDIAGLOOP              = 0x7002
+	ETHERTYPE_UBDL                    = 0x7000
+	ETHERTYPE_UBNIU                   = 0x7001
+	ETHERTYPE_UBNMC                   = 0x7003
+	ETHERTYPE_VALID                   = 0x1600
+	ETHERTYPE_VARIAN                  = 0x80dd
+	ETHERTYPE_VAXELN                  = 0x803b
+	ETHERTYPE_VEECO                   = 0x8067
+	ETHERTYPE_VEXP                    = 0x805b
+	ETHERTYPE_VGLAB                   = 0x8131
+	ETHERTYPE_VINES                   = 0xbad
+	ETHERTYPE_VINESECHO               = 0xbaf
+	ETHERTYPE_VINESLOOP               = 0xbae
+	ETHERTYPE_VITAL                   = 0xff00
+	ETHERTYPE_VLAN                    = 0x8100
+	ETHERTYPE_VLTLMAN                 = 0x8080
+	ETHERTYPE_VPROD                   = 0x805c
+	ETHERTYPE_VURESERVED              = 0x8147
+	ETHERTYPE_WATERLOO                = 0x8130
+	ETHERTYPE_WELLFLEET               = 0x8103
+	ETHERTYPE_X25                     = 0x805
+	ETHERTYPE_X75                     = 0x801
+	ETHERTYPE_XNSSM                   = 0x9001
+	ETHERTYPE_XTP                     = 0x817d
+	ETHER_ADDR_LEN                    = 0x6
+	ETHER_ALIGN                       = 0x2
+	ETHER_CRC_LEN                     = 0x4
+	ETHER_CRC_POLY_BE                 = 0x4c11db6
+	ETHER_CRC_POLY_LE                 = 0xedb88320
+	ETHER_HDR_LEN                     = 0xe
+	ETHER_MAX_DIX_LEN                 = 0x600
+	ETHER_MAX_LEN                     = 0x5ee
+	ETHER_MIN_LEN                     = 0x40
+	ETHER_TYPE_LEN                    = 0x2
+	ETHER_VLAN_ENCAP_LEN              = 0x4
+	EVFILT_AIO                        = -0x3
+	EVFILT_PROC                       = -0x5
+	EVFILT_READ                       = -0x1
+	EVFILT_SIGNAL                     = -0x6
+	EVFILT_SYSCOUNT                   = 0x7
+	EVFILT_TIMER                      = -0x7
+	EVFILT_VNODE                      = -0x4
+	EVFILT_WRITE                      = -0x2
+	EV_ADD                            = 0x1
+	EV_CLEAR                          = 0x20
+	EV_DELETE                         = 0x2
+	EV_DISABLE                        = 0x8
+	EV_ENABLE                         = 0x4
+	EV_EOF                            = 0x8000
+	EV_ERROR                          = 0x4000
+	EV_FLAG1                          = 0x2000
+	EV_ONESHOT                        = 0x10
+	EV_SYSFLAGS                       = 0xf000
+	EXTA                              = 0x4b00
+	EXTB                              = 0x9600
+	EXTPROC                           = 0x800
+	FD_CLOEXEC                        = 0x1
+	FD_SETSIZE                        = 0x400
+	FLUSHO                            = 0x800000
+	F_DUPFD                           = 0x0
+	F_DUPFD_CLOEXEC                   = 0xa
+	F_GETFD                           = 0x1
+	F_GETFL                           = 0x3
+	F_GETLK                           = 0x7
+	F_GETOWN                          = 0x5
+	F_RDLCK                           = 0x1
+	F_SETFD                           = 0x2
+	F_SETFL                           = 0x4
+	F_SETLK                           = 0x8
+	F_SETLKW                          = 0x9
+	F_SETOWN                          = 0x6
+	F_UNLCK                           = 0x2
+	F_WRLCK                           = 0x3
+	HUPCL                             = 0x4000
+	HW_MACHINE                        = 0x1
+	ICANON                            = 0x100
+	ICMP6_FILTER                      = 0x12
+	ICRNL                             = 0x100
+	IEXTEN                            = 0x400
+	IFAN_ARRIVAL                      = 0x0
+	IFAN_DEPARTURE                    = 0x1
+	IFA_ROUTE                         = 0x1
+	IFF_ALLMULTI                      = 0x200
+	IFF_BROADCAST                     = 0x2
+	IFF_CANTCHANGE                    = 0x8e52
+	IFF_DEBUG                         = 0x4
+	IFF_LINK0                         = 0x1000
+	IFF_LINK1                         = 0x2000
+	IFF_LINK2                         = 0x4000
+	IFF_LOOPBACK                      = 0x8
+	IFF_MULTICAST                     = 0x8000
+	IFF_NOARP                         = 0x80
+	IFF_NOTRAILERS                    = 0x20
+	IFF_OACTIVE                       = 0x400
+	IFF_POINTOPOINT                   = 0x10
+	IFF_PROMISC                       = 0x100
+	IFF_RUNNING                       = 0x40
+	IFF_SIMPLEX                       = 0x800
+	IFF_UP                            = 0x1
+	IFNAMSIZ                          = 0x10
+	IFT_1822                          = 0x2
+	IFT_A12MPPSWITCH                  = 0x82
+	IFT_AAL2                          = 0xbb
+	IFT_AAL5                          = 0x31
+	IFT_ADSL                          = 0x5e
+	IFT_AFLANE8023                    = 0x3b
+	IFT_AFLANE8025                    = 0x3c
+	IFT_ARAP                          = 0x58
+	IFT_ARCNET                        = 0x23
+	IFT_ARCNETPLUS                    = 0x24
+	IFT_ASYNC                         = 0x54
+	IFT_ATM                           = 0x25
+	IFT_ATMDXI                        = 0x69
+	IFT_ATMFUNI                       = 0x6a
+	IFT_ATMIMA                        = 0x6b
+	IFT_ATMLOGICAL                    = 0x50
+	IFT_ATMRADIO                      = 0xbd
+	IFT_ATMSUBINTERFACE               = 0x86
+	IFT_ATMVCIENDPT                   = 0xc2
+	IFT_ATMVIRTUAL                    = 0x95
+	IFT_BGPPOLICYACCOUNTING           = 0xa2
+	IFT_BLUETOOTH                     = 0xf8
+	IFT_BRIDGE                        = 0xd1
+	IFT_BSC                           = 0x53
+	IFT_CARP                          = 0xf7
+	IFT_CCTEMUL                       = 0x3d
+	IFT_CEPT                          = 0x13
+	IFT_CES                           = 0x85
+	IFT_CHANNEL                       = 0x46
+	IFT_CNR                           = 0x55
+	IFT_COFFEE                        = 0x84
+	IFT_COMPOSITELINK                 = 0x9b
+	IFT_DCN                           = 0x8d
+	IFT_DIGITALPOWERLINE              = 0x8a
+	IFT_DIGITALWRAPPEROVERHEADCHANNEL = 0xba
+	IFT_DLSW                          = 0x4a
+	IFT_DOCSCABLEDOWNSTREAM           = 0x80
+	IFT_DOCSCABLEMACLAYER             = 0x7f
+	IFT_DOCSCABLEUPSTREAM             = 0x81
+	IFT_DOCSCABLEUPSTREAMCHANNEL      = 0xcd
+	IFT_DS0                           = 0x51
+	IFT_DS0BUNDLE                     = 0x52
+	IFT_DS1FDL                        = 0xaa
+	IFT_DS3                           = 0x1e
+	IFT_DTM                           = 0x8c
+	IFT_DUMMY                         = 0xf1
+	IFT_DVBASILN                      = 0xac
+	IFT_DVBASIOUT                     = 0xad
+	IFT_DVBRCCDOWNSTREAM              = 0x93
+	IFT_DVBRCCMACLAYER                = 0x92
+	IFT_DVBRCCUPSTREAM                = 0x94
+	IFT_ECONET                        = 0xce
+	IFT_ENC                           = 0xf4
+	IFT_EON                           = 0x19
+	IFT_EPLRS                         = 0x57
+	IFT_ESCON                         = 0x49
+	IFT_ETHER                         = 0x6
+	IFT_FAITH                         = 0xf3
+	IFT_FAST                          = 0x7d
+	IFT_FASTETHER                     = 0x3e
+	IFT_FASTETHERFX                   = 0x45
+	IFT_FDDI                          = 0xf
+	IFT_FIBRECHANNEL                  = 0x38
+	IFT_FRAMERELAYINTERCONNECT        = 0x3a
+	IFT_FRAMERELAYMPI                 = 0x5c
+	IFT_FRDLCIENDPT                   = 0xc1
+	IFT_FRELAY                        = 0x20
+	IFT_FRELAYDCE                     = 0x2c
+	IFT_FRF16MFRBUNDLE                = 0xa3
+	IFT_FRFORWARD                     = 0x9e
+	IFT_G703AT2MB                     = 0x43
+	IFT_G703AT64K                     = 0x42
+	IFT_GIF                           = 0xf0
+	IFT_GIGABITETHERNET               = 0x75
+	IFT_GR303IDT                      = 0xb2
+	IFT_GR303RDT                      = 0xb1
+	IFT_H323GATEKEEPER                = 0xa4
+	IFT_H323PROXY                     = 0xa5
+	IFT_HDH1822                       = 0x3
+	IFT_HDLC                          = 0x76
+	IFT_HDSL2                         = 0xa8
+	IFT_HIPERLAN2                     = 0xb7
+	IFT_HIPPI                         = 0x2f
+	IFT_HIPPIINTERFACE                = 0x39
+	IFT_HOSTPAD                       = 0x5a
+	IFT_HSSI                          = 0x2e
+	IFT_HY                            = 0xe
+	IFT_IBM370PARCHAN                 = 0x48
+	IFT_IDSL                          = 0x9a
+	IFT_IEEE1394                      = 0x90
+	IFT_IEEE80211                     = 0x47
+	IFT_IEEE80212                     = 0x37
+	IFT_IEEE8023ADLAG                 = 0xa1
+	IFT_IFGSN                         = 0x91
+	IFT_IMT                           = 0xbe
+	IFT_INFINIBAND                    = 0xc7
+	IFT_INTERLEAVE                    = 0x7c
+	IFT_IP                            = 0x7e
+	IFT_IPFORWARD                     = 0x8e
+	IFT_IPOVERATM                     = 0x72
+	IFT_IPOVERCDLC                    = 0x6d
+	IFT_IPOVERCLAW                    = 0x6e
+	IFT_IPSWITCH                      = 0x4e
+	IFT_ISDN                          = 0x3f
+	IFT_ISDNBASIC                     = 0x14
+	IFT_ISDNPRIMARY                   = 0x15
+	IFT_ISDNS                         = 0x4b
+	IFT_ISDNU                         = 0x4c
+	IFT_ISO88022LLC                   = 0x29
+	IFT_ISO88023                      = 0x7
+	IFT_ISO88024                      = 0x8
+	IFT_ISO88025                      = 0x9
+	IFT_ISO88025CRFPINT               = 0x62
+	IFT_ISO88025DTR                   = 0x56
+	IFT_ISO88025FIBER                 = 0x73
+	IFT_ISO88026                      = 0xa
+	IFT_ISUP                          = 0xb3
+	IFT_L2VLAN                        = 0x87
+	IFT_L3IPVLAN                      = 0x88
+	IFT_L3IPXVLAN                     = 0x89
+	IFT_LAPB                          = 0x10
+	IFT_LAPD                          = 0x4d
+	IFT_LAPF                          = 0x77
+	IFT_LINEGROUP                     = 0xd2
+	IFT_LOCALTALK                     = 0x2a
+	IFT_LOOP                          = 0x18
+	IFT_MEDIAMAILOVERIP               = 0x8b
+	IFT_MFSIGLINK                     = 0xa7
+	IFT_MIOX25                        = 0x26
+	IFT_MODEM                         = 0x30
+	IFT_MPC                           = 0x71
+	IFT_MPLS                          = 0xa6
+	IFT_MPLSTUNNEL                    = 0x96
+	IFT_MSDSL                         = 0x8f
+	IFT_MVL                           = 0xbf
+	IFT_MYRINET                       = 0x63
+	IFT_NFAS                          = 0xaf
+	IFT_NSIP                          = 0x1b
+	IFT_OPTICALCHANNEL                = 0xc3
+	IFT_OPTICALTRANSPORT              = 0xc4
+	IFT_OTHER                         = 0x1
+	IFT_P10                           = 0xc
+	IFT_P80                           = 0xd
+	IFT_PARA                          = 0x22
+	IFT_PFLOG                         = 0xf5
+	IFT_PFLOW                         = 0xf9
+	IFT_PFSYNC                        = 0xf6
+	IFT_PLC                           = 0xae
+	IFT_PON155                        = 0xcf
+	IFT_PON622                        = 0xd0
+	IFT_POS                           = 0xab
+	IFT_PPP                           = 0x17
+	IFT_PPPMULTILINKBUNDLE            = 0x6c
+	IFT_PROPATM                       = 0xc5
+	IFT_PROPBWAP2MP                   = 0xb8
+	IFT_PROPCNLS                      = 0x59
+	IFT_PROPDOCSWIRELESSDOWNSTREAM    = 0xb5
+	IFT_PROPDOCSWIRELESSMACLAYER      = 0xb4
+	IFT_PROPDOCSWIRELESSUPSTREAM      = 0xb6
+	IFT_PROPMUX                       = 0x36
+	IFT_PROPVIRTUAL                   = 0x35
+	IFT_PROPWIRELESSP2P               = 0x9d
+	IFT_PTPSERIAL                     = 0x16
+	IFT_PVC                           = 0xf2
+	IFT_Q2931                         = 0xc9
+	IFT_QLLC                          = 0x44
+	IFT_RADIOMAC                      = 0xbc
+	IFT_RADSL                         = 0x5f
+	IFT_REACHDSL                      = 0xc0
+	IFT_RFC1483                       = 0x9f
+	IFT_RS232                         = 0x21
+	IFT_RSRB                          = 0x4f
+	IFT_SDLC                          = 0x11
+	IFT_SDSL                          = 0x60
+	IFT_SHDSL                         = 0xa9
+	IFT_SIP                           = 0x1f
+	IFT_SIPSIG                        = 0xcc
+	IFT_SIPTG                         = 0xcb
+	IFT_SLIP                          = 0x1c
+	IFT_SMDSDXI                       = 0x2b
+	IFT_SMDSICIP                      = 0x34
+	IFT_SONET                         = 0x27
+	IFT_SONETOVERHEADCHANNEL          = 0xb9
+	IFT_SONETPATH                     = 0x32
+	IFT_SONETVT                       = 0x33
+	IFT_SRP                           = 0x97
+	IFT_SS7SIGLINK                    = 0x9c
+	IFT_STACKTOSTACK                  = 0x6f
+	IFT_STARLAN                       = 0xb
+	IFT_T1                            = 0x12
+	IFT_TDLC                          = 0x74
+	IFT_TELINK                        = 0xc8
+	IFT_TERMPAD                       = 0x5b
+	IFT_TR008                         = 0xb0
+	IFT_TRANSPHDLC                    = 0x7b
+	IFT_TUNNEL                        = 0x83
+	IFT_ULTRA                         = 0x1d
+	IFT_USB                           = 0xa0
+	IFT_V11                           = 0x40
+	IFT_V35                           = 0x2d
+	IFT_V36                           = 0x41
+	IFT_V37                           = 0x78
+	IFT_VDSL                          = 0x61
+	IFT_VIRTUALIPADDRESS              = 0x70
+	IFT_VIRTUALTG                     = 0xca
+	IFT_VOICEDID                      = 0xd5
+	IFT_VOICEEM                       = 0x64
+	IFT_VOICEEMFGD                    = 0xd3
+	IFT_VOICEENCAP                    = 0x67
+	IFT_VOICEFGDEANA                  = 0xd4
+	IFT_VOICEFXO                      = 0x65
+	IFT_VOICEFXS                      = 0x66
+	IFT_VOICEOVERATM                  = 0x98
+	IFT_VOICEOVERCABLE                = 0xc6
+	IFT_VOICEOVERFRAMERELAY           = 0x99
+	IFT_VOICEOVERIP                   = 0x68
+	IFT_X213                          = 0x5d
+	IFT_X25                           = 0x5
+	IFT_X25DDN                        = 0x4
+	IFT_X25HUNTGROUP                  = 0x7a
+	IFT_X25MLP                        = 0x79
+	IFT_X25PLE                        = 0x28
+	IFT_XETHER                        = 0x1a
+	IGNBRK                            = 0x1
+	IGNCR                             = 0x80
+	IGNPAR                            = 0x4
+	IMAXBEL                           = 0x2000
+	INLCR                             = 0x40
+	INPCK                             = 0x10
+	IN_CLASSA_HOST                    = 0xffffff
+	IN_CLASSA_MAX                     = 0x80
+	IN_CLASSA_NET                     = 0xff000000
+	IN_CLASSA_NSHIFT                  = 0x18
+	IN_CLASSB_HOST                    = 0xffff
+	IN_CLASSB_MAX                     = 0x10000
+	IN_CLASSB_NET                     = 0xffff0000
+	IN_CLASSB_NSHIFT                  = 0x10
+	IN_CLASSC_HOST                    = 0xff
+	IN_CLASSC_NET                     = 0xffffff00
+	IN_CLASSC_NSHIFT                  = 0x8
+	IN_CLASSD_HOST                    = 0xfffffff
+	IN_CLASSD_NET                     = 0xf0000000
+	IN_CLASSD_NSHIFT                  = 0x1c
+	IN_LOOPBACKNET                    = 0x7f
+	IN_RFC3021_HOST                   = 0x1
+	IN_RFC3021_NET                    = 0xfffffffe
+	IN_RFC3021_NSHIFT                 = 0x1f
+	IPPROTO_AH                        = 0x33
+	IPPROTO_CARP                      = 0x70
+	IPPROTO_DIVERT                    = 0x102
+	IPPROTO_DIVERT_INIT               = 0x2
+	IPPROTO_DIVERT_RESP               = 0x1
+	IPPROTO_DONE                      = 0x101
+	IPPROTO_DSTOPTS                   = 0x3c
+	IPPROTO_EGP                       = 0x8
+	IPPROTO_ENCAP                     = 0x62
+	IPPROTO_EON                       = 0x50
+	IPPROTO_ESP                       = 0x32
+	IPPROTO_ETHERIP                   = 0x61
+	IPPROTO_FRAGMENT                  = 0x2c
+	IPPROTO_GGP                       = 0x3
+	IPPROTO_GRE                       = 0x2f
+	IPPROTO_HOPOPTS                   = 0x0
+	IPPROTO_ICMP                      = 0x1
+	IPPROTO_ICMPV6                    = 0x3a
+	IPPROTO_IDP                       = 0x16
+	IPPROTO_IGMP                      = 0x2
+	IPPROTO_IP                        = 0x0
+	IPPROTO_IPCOMP                    = 0x6c
+	IPPROTO_IPIP                      = 0x4
+	IPPROTO_IPV4                      = 0x4
+	IPPROTO_IPV6                      = 0x29
+	IPPROTO_MAX                       = 0x100
+	IPPROTO_MAXID                     = 0x103
+	IPPROTO_MOBILE                    = 0x37
+	IPPROTO_MPLS                      = 0x89
+	IPPROTO_NONE                      = 0x3b
+	IPPROTO_PFSYNC                    = 0xf0
+	IPPROTO_PIM                       = 0x67
+	IPPROTO_PUP                       = 0xc
+	IPPROTO_RAW                       = 0xff
+	IPPROTO_ROUTING                   = 0x2b
+	IPPROTO_RSVP                      = 0x2e
+	IPPROTO_TCP                       = 0x6
+	IPPROTO_TP                        = 0x1d
+	IPPROTO_UDP                       = 0x11
+	IPV6_AUTH_LEVEL                   = 0x35
+	IPV6_AUTOFLOWLABEL                = 0x3b
+	IPV6_CHECKSUM                     = 0x1a
+	IPV6_DEFAULT_MULTICAST_HOPS       = 0x1
+	IPV6_DEFAULT_MULTICAST_LOOP       = 0x1
+	IPV6_DEFHLIM                      = 0x40
+	IPV6_DONTFRAG                     = 0x3e
+	IPV6_DSTOPTS                      = 0x32
+	IPV6_ESP_NETWORK_LEVEL            = 0x37
+	IPV6_ESP_TRANS_LEVEL              = 0x36
+	IPV6_FAITH                        = 0x1d
+	IPV6_FLOWINFO_MASK                = 0xffffff0f
+	IPV6_FLOWLABEL_MASK               = 0xffff0f00
+	IPV6_FRAGTTL                      = 0x78
+	IPV6_HLIMDEC                      = 0x1
+	IPV6_HOPLIMIT                     = 0x2f
+	IPV6_HOPOPTS                      = 0x31
+	IPV6_IPCOMP_LEVEL                 = 0x3c
+	IPV6_JOIN_GROUP                   = 0xc
+	IPV6_LEAVE_GROUP                  = 0xd
+	IPV6_MAXHLIM                      = 0xff
+	IPV6_MAXPACKET                    = 0xffff
+	IPV6_MMTU                         = 0x500
+	IPV6_MULTICAST_HOPS               = 0xa
+	IPV6_MULTICAST_IF                 = 0x9
+	IPV6_MULTICAST_LOOP               = 0xb
+	IPV6_NEXTHOP                      = 0x30
+	IPV6_OPTIONS                      = 0x1
+	IPV6_PATHMTU                      = 0x2c
+	IPV6_PIPEX                        = 0x3f
+	IPV6_PKTINFO                      = 0x2e
+	IPV6_PORTRANGE                    = 0xe
+	IPV6_PORTRANGE_DEFAULT            = 0x0
+	IPV6_PORTRANGE_HIGH               = 0x1
+	IPV6_PORTRANGE_LOW                = 0x2
+	IPV6_RECVDSTOPTS                  = 0x28
+	IPV6_RECVDSTPORT                  = 0x40
+	IPV6_RECVHOPLIMIT                 = 0x25
+	IPV6_RECVHOPOPTS                  = 0x27
+	IPV6_RECVPATHMTU                  = 0x2b
+	IPV6_RECVPKTINFO                  = 0x24
+	IPV6_RECVRTHDR                    = 0x26
+	IPV6_RECVTCLASS                   = 0x39
+	IPV6_RTABLE                       = 0x1021
+	IPV6_RTHDR                        = 0x33
+	IPV6_RTHDRDSTOPTS                 = 0x23
+	IPV6_RTHDR_LOOSE                  = 0x0
+	IPV6_RTHDR_STRICT                 = 0x1
+	IPV6_RTHDR_TYPE_0                 = 0x0
+	IPV6_SOCKOPT_RESERVED1            = 0x3
+	IPV6_TCLASS                       = 0x3d
+	IPV6_UNICAST_HOPS                 = 0x4
+	IPV6_USE_MIN_MTU                  = 0x2a
+	IPV6_V6ONLY                       = 0x1b
+	IPV6_VERSION                      = 0x60
+	IPV6_VERSION_MASK                 = 0xf0
+	IP_ADD_MEMBERSHIP                 = 0xc
+	IP_AUTH_LEVEL                     = 0x14
+	IP_DEFAULT_MULTICAST_LOOP         = 0x1
+	IP_DEFAULT_MULTICAST_TTL          = 0x1
+	IP_DF                             = 0x4000
+	IP_DIVERTFL                       = 0x1022
+	IP_DROP_MEMBERSHIP                = 0xd
+	IP_ESP_NETWORK_LEVEL              = 0x16
+	IP_ESP_TRANS_LEVEL                = 0x15
+	IP_HDRINCL                        = 0x2
+	IP_IPCOMP_LEVEL                   = 0x1d
+	IP_IPSECFLOWINFO                  = 0x24
+	IP_IPSEC_LOCAL_AUTH               = 0x1b
+	IP_IPSEC_LOCAL_CRED               = 0x19
+	IP_IPSEC_LOCAL_ID                 = 0x17
+	IP_IPSEC_REMOTE_AUTH              = 0x1c
+	IP_IPSEC_REMOTE_CRED              = 0x1a
+	IP_IPSEC_REMOTE_ID                = 0x18
+	IP_MAXPACKET                      = 0xffff
+	IP_MAX_MEMBERSHIPS                = 0xfff
+	IP_MF                             = 0x2000
+	IP_MINTTL                         = 0x20
+	IP_MIN_MEMBERSHIPS                = 0xf
+	IP_MSS                            = 0x240
+	IP_MULTICAST_IF                   = 0x9
+	IP_MULTICAST_LOOP                 = 0xb
+	IP_MULTICAST_TTL                  = 0xa
+	IP_OFFMASK                        = 0x1fff
+	IP_OPTIONS                        = 0x1
+	IP_PIPEX                          = 0x22
+	IP_PORTRANGE                      = 0x13
+	IP_PORTRANGE_DEFAULT              = 0x0
+	IP_PORTRANGE_HIGH                 = 0x1
+	IP_PORTRANGE_LOW                  = 0x2
+	IP_RECVDSTADDR                    = 0x7
+	IP_RECVDSTPORT                    = 0x21
+	IP_RECVIF                         = 0x1e
+	IP_RECVOPTS                       = 0x5
+	IP_RECVRETOPTS                    = 0x6
+	IP_RECVRTABLE                     = 0x23
+	IP_RECVTTL                        = 0x1f
+	IP_RETOPTS                        = 0x8
+	IP_RF                             = 0x8000
+	IP_RTABLE                         = 0x1021
+	IP_TOS                            = 0x3
+	IP_TTL                            = 0x4
+	ISIG                              = 0x80
+	ISTRIP                            = 0x20
+	IXANY                             = 0x800
+	IXOFF                             = 0x400
+	IXON                              = 0x200
+	KERN_HOSTNAME                     = 0xa
+	KERN_OSRELEASE                    = 0x2
+	KERN_OSTYPE                       = 0x1
+	KERN_VERSION                      = 0x4
+	LCNT_OVERLOAD_FLUSH               = 0x6
+	LOCK_EX                           = 0x2
+	LOCK_NB                           = 0x4
+	LOCK_SH                           = 0x1
+	LOCK_UN                           = 0x8
+	MADV_DONTNEED                     = 0x4
+	MADV_FREE                         = 0x6
+	MADV_NORMAL                       = 0x0
+	MADV_RANDOM                       = 0x1
+	MADV_SEQUENTIAL                   = 0x2
+	MADV_SPACEAVAIL                   = 0x5
+	MADV_WILLNEED                     = 0x3
+	MAP_ANON                          = 0x1000
+	MAP_ANONYMOUS                     = 0x1000
+	MAP_CONCEAL                       = 0x8000
+	MAP_COPY                          = 0x2
+	MAP_FILE                          = 0x0
+	MAP_FIXED                         = 0x10
+	MAP_FLAGMASK                      = 0xfff7
+	MAP_HASSEMAPHORE                  = 0x0
+	MAP_INHERIT                       = 0x0
+	MAP_INHERIT_COPY                  = 0x1
+	MAP_INHERIT_NONE                  = 0x2
+	MAP_INHERIT_SHARE                 = 0x0
+	MAP_INHERIT_ZERO                  = 0x3
+	MAP_NOEXTEND                      = 0x0
+	MAP_NORESERVE                     = 0x0
+	MAP_PRIVATE                       = 0x2
+	MAP_RENAME                        = 0x0
+	MAP_SHARED                        = 0x1
+	MAP_STACK                         = 0x4000
+	MAP_TRYFIXED                      = 0x0
+	MCL_CURRENT                       = 0x1
+	MCL_FUTURE                        = 0x2
+	MNT_ASYNC                         = 0x40
+	MNT_DEFEXPORTED                   = 0x200
+	MNT_DELEXPORT                     = 0x20000
+	MNT_DOOMED                        = 0x8000000
+	MNT_EXPORTANON                    = 0x400
+	MNT_EXPORTED                      = 0x100
+	MNT_EXRDONLY                      = 0x80
+	MNT_FORCE                         = 0x80000
+	MNT_LAZY                          = 0x3
+	MNT_LOCAL                         = 0x1000
+	MNT_NOATIME                       = 0x8000
+	MNT_NODEV                         = 0x10
+	MNT_NOEXEC                        = 0x4
+	MNT_NOSUID                        = 0x8
+	MNT_NOWAIT                        = 0x2
+	MNT_QUOTA                         = 0x2000
+	MNT_RDONLY                        = 0x1
+	MNT_RELOAD                        = 0x40000
+	MNT_ROOTFS                        = 0x4000
+	MNT_SOFTDEP                       = 0x4000000
+	MNT_SYNCHRONOUS                   = 0x2
+	MNT_UPDATE                        = 0x10000
+	MNT_VISFLAGMASK                   = 0x400ffff
+	MNT_WAIT                          = 0x1
+	MNT_WANTRDWR                      = 0x2000000
+	MNT_WXALLOWED                     = 0x800
+	MSG_BCAST                         = 0x100
+	MSG_CMSG_CLOEXEC                  = 0x800
+	MSG_CTRUNC                        = 0x20
+	MSG_DONTROUTE                     = 0x4
+	MSG_DONTWAIT                      = 0x80
+	MSG_EOR                           = 0x8
+	MSG_MCAST                         = 0x200
+	MSG_NOSIGNAL                      = 0x400
+	MSG_OOB                           = 0x1
+	MSG_PEEK                          = 0x2
+	MSG_TRUNC                         = 0x10
+	MSG_WAITALL                       = 0x40
+	MS_ASYNC                          = 0x1
+	MS_INVALIDATE                     = 0x4
+	MS_SYNC                           = 0x2
+	NAME_MAX                          = 0xff
+	NET_RT_DUMP                       = 0x1
+	NET_RT_FLAGS                      = 0x2
+	NET_RT_IFLIST                     = 0x3
+	NET_RT_MAXID                      = 0x6
+	NET_RT_STATS                      = 0x4
+	NET_RT_TABLE                      = 0x5
+	NFDBITS                           = 0x20
+	NOFLSH                            = 0x80000000
+	NOTE_ATTRIB                       = 0x8
+	NOTE_CHILD                        = 0x4
+	NOTE_DELETE                       = 0x1
+	NOTE_EOF                          = 0x2
+	NOTE_EXEC                         = 0x20000000
+	NOTE_EXIT                         = 0x80000000
+	NOTE_EXTEND                       = 0x4
+	NOTE_FORK                         = 0x40000000
+	NOTE_LINK                         = 0x10
+	NOTE_LOWAT                        = 0x1
+	NOTE_PCTRLMASK                    = 0xf0000000
+	NOTE_PDATAMASK                    = 0xfffff
+	NOTE_RENAME                       = 0x20
+	NOTE_REVOKE                       = 0x40
+	NOTE_TRACK                        = 0x1
+	NOTE_TRACKERR                     = 0x2
+	NOTE_TRUNCATE                     = 0x80
+	NOTE_WRITE                        = 0x2
+	OCRNL                             = 0x10
+	ONLCR                             = 0x2
+	ONLRET                            = 0x80
+	ONOCR                             = 0x40
+	ONOEOT                            = 0x8
+	OPOST                             = 0x1
+	O_ACCMODE                         = 0x3
+	O_APPEND                          = 0x8
+	O_ASYNC                           = 0x40
+	O_CLOEXEC                         = 0x10000
+	O_CREAT                           = 0x200
+	O_DIRECTORY                       = 0x20000
+	O_DSYNC                           = 0x80
+	O_EXCL                            = 0x800
+	O_EXLOCK                          = 0x20
+	O_FSYNC                           = 0x80
+	O_NDELAY                          = 0x4
+	O_NOCTTY                          = 0x8000
+	O_NOFOLLOW                        = 0x100
+	O_NONBLOCK                        = 0x4
+	O_RDONLY                          = 0x0
+	O_RDWR                            = 0x2
+	O_RSYNC                           = 0x80
+	O_SHLOCK                          = 0x10
+	O_SYNC                            = 0x80
+	O_TRUNC                           = 0x400
+	O_WRONLY                          = 0x1
+	PARENB                            = 0x1000
+	PARMRK                            = 0x8
+	PARODD                            = 0x2000
+	PENDIN                            = 0x20000000
+	PF_FLUSH                          = 0x1
+	PRIO_PGRP                         = 0x1
+	PRIO_PROCESS                      = 0x0
+	PRIO_USER                         = 0x2
+	PROT_EXEC                         = 0x4
+	PROT_NONE                         = 0x0
+	PROT_READ                         = 0x1
+	PROT_WRITE                        = 0x2
+	RLIMIT_CORE                       = 0x4
+	RLIMIT_CPU                        = 0x0
+	RLIMIT_DATA                       = 0x2
+	RLIMIT_FSIZE                      = 0x1
+	RLIMIT_NOFILE                     = 0x8
+	RLIMIT_STACK                      = 0x3
+	RLIM_INFINITY                     = 0x7fffffffffffffff
+	RTAX_AUTHOR                       = 0x6
+	RTAX_BRD                          = 0x7
+	RTAX_DST                          = 0x0
+	RTAX_GATEWAY                      = 0x1
+	RTAX_GENMASK                      = 0x3
+	RTAX_IFA                          = 0x5
+	RTAX_IFP                          = 0x4
+	RTAX_LABEL                        = 0xa
+	RTAX_MAX                          = 0xb
+	RTAX_NETMASK                      = 0x2
+	RTAX_SRC                          = 0x8
+	RTAX_SRCMASK                      = 0x9
+	RTA_AUTHOR                        = 0x40
+	RTA_BRD                           = 0x80
+	RTA_DST                           = 0x1
+	RTA_GATEWAY                       = 0x2
+	RTA_GENMASK                       = 0x8
+	RTA_IFA                           = 0x20
+	RTA_IFP                           = 0x10
+	RTA_LABEL                         = 0x400
+	RTA_NETMASK                       = 0x4
+	RTA_SRC                           = 0x100
+	RTA_SRCMASK                       = 0x200
+	RTF_ANNOUNCE                      = 0x4000
+	RTF_BLACKHOLE                     = 0x1000
+	RTF_BROADCAST                     = 0x400000
+	RTF_CLONED                        = 0x10000
+	RTF_CLONING                       = 0x100
+	RTF_DONE                          = 0x40
+	RTF_DYNAMIC                       = 0x10
+	RTF_FMASK                         = 0x70f808
+	RTF_GATEWAY                       = 0x2
+	RTF_HOST                          = 0x4
+	RTF_LLINFO                        = 0x400
+	RTF_LOCAL                         = 0x200000
+	RTF_MASK                          = 0x80
+	RTF_MODIFIED                      = 0x20
+	RTF_MPATH                         = 0x40000
+	RTF_MPLS                          = 0x100000
+	RTF_PERMANENT_ARP                 = 0x2000
+	RTF_PROTO1                        = 0x8000
+	RTF_PROTO2                        = 0x4000
+	RTF_PROTO3                        = 0x2000
+	RTF_REJECT                        = 0x8
+	RTF_STATIC                        = 0x800
+	RTF_UP                            = 0x1
+	RTF_USETRAILERS                   = 0x8000
+	RTF_XRESOLVE                      = 0x200
+	RTM_ADD                           = 0x1
+	RTM_CHANGE                        = 0x3
+	RTM_DELADDR                       = 0xd
+	RTM_DELETE                        = 0x2
+	RTM_DESYNC                        = 0x10
+	RTM_GET                           = 0x4
+	RTM_IFANNOUNCE                    = 0xf
+	RTM_IFINFO                        = 0xe
+	RTM_LOCK                          = 0x8
+	RTM_LOSING                        = 0x5
+	RTM_MAXSIZE                       = 0x800
+	RTM_MISS                          = 0x7
+	RTM_NEWADDR                       = 0xc
+	RTM_REDIRECT                      = 0x6
+	RTM_RESOLVE                       = 0xb
+	RTM_RTTUNIT                       = 0xf4240
+	RTM_VERSION                       = 0x5
+	RTV_EXPIRE                        = 0x4
+	RTV_HOPCOUNT                      = 0x2
+	RTV_MTU                           = 0x1
+	RTV_RPIPE                         = 0x8
+	RTV_RTT                           = 0x40
+	RTV_RTTVAR                        = 0x80
+	RTV_SPIPE                         = 0x10
+	RTV_SSTHRESH                      = 0x20
+	RT_TABLEID_MAX                    = 0xff
+	RUSAGE_CHILDREN                   = -0x1
+	RUSAGE_SELF                       = 0x0
+	RUSAGE_THREAD                     = 0x1
+	SCM_RIGHTS                        = 0x1
+	SCM_TIMESTAMP                     = 0x4
+	SHUT_RD                           = 0x0
+	SHUT_RDWR                         = 0x2
+	SHUT_WR                           = 0x1
+	SIOCADDMULTI                      = 0x80206931
+	SIOCAIFADDR                       = 0x8040691a
+	SIOCAIFGROUP                      = 0x80246987
+	SIOCALIFADDR                      = 0x8218691c
+	SIOCATMARK                        = 0x40047307
+	SIOCBRDGADD                       = 0x8054693c
+	SIOCBRDGADDS                      = 0x80546941
+	SIOCBRDGARL                       = 0x806e694d
+	SIOCBRDGDADDR                     = 0x81286947
+	SIOCBRDGDEL                       = 0x8054693d
+	SIOCBRDGDELS                      = 0x80546942
+	SIOCBRDGFLUSH                     = 0x80546948
+	SIOCBRDGFRL                       = 0x806e694e
+	SIOCBRDGGCACHE                    = 0xc0146941
+	SIOCBRDGGFD                       = 0xc0146952
+	SIOCBRDGGHT                       = 0xc0146951
+	SIOCBRDGGIFFLGS                   = 0xc054693e
+	SIOCBRDGGMA                       = 0xc0146953
+	SIOCBRDGGPARAM                    = 0xc03c6958
+	SIOCBRDGGPRI                      = 0xc0146950
+	SIOCBRDGGRL                       = 0xc028694f
+	SIOCBRDGGSIFS                     = 0xc054693c
+	SIOCBRDGGTO                       = 0xc0146946
+	SIOCBRDGIFS                       = 0xc0546942
+	SIOCBRDGRTS                       = 0xc0186943
+	SIOCBRDGSADDR                     = 0xc1286944
+	SIOCBRDGSCACHE                    = 0x80146940
+	SIOCBRDGSFD                       = 0x80146952
+	SIOCBRDGSHT                       = 0x80146951
+	SIOCBRDGSIFCOST                   = 0x80546955
+	SIOCBRDGSIFFLGS                   = 0x8054693f
+	SIOCBRDGSIFPRIO                   = 0x80546954
+	SIOCBRDGSMA                       = 0x80146953
+	SIOCBRDGSPRI                      = 0x80146950
+	SIOCBRDGSPROTO                    = 0x8014695a
+	SIOCBRDGSTO                       = 0x80146945
+	SIOCBRDGSTXHC                     = 0x80146959
+	SIOCDELMULTI                      = 0x80206932
+	SIOCDIFADDR                       = 0x80206919
+	SIOCDIFGROUP                      = 0x80246989
+	SIOCDIFPHYADDR                    = 0x80206949
+	SIOCDLIFADDR                      = 0x8218691e
+	SIOCGETKALIVE                     = 0xc01869a4
+	SIOCGETLABEL                      = 0x8020699a
+	SIOCGETPFLOW                      = 0xc02069fe
+	SIOCGETPFSYNC                     = 0xc02069f8
+	SIOCGETSGCNT                      = 0xc0147534
+	SIOCGETVIFCNT                     = 0xc0147533
+	SIOCGETVLAN                       = 0xc0206990
+	SIOCGHIWAT                        = 0x40047301
+	SIOCGIFADDR                       = 0xc0206921
+	SIOCGIFASYNCMAP                   = 0xc020697c
+	SIOCGIFBRDADDR                    = 0xc0206923
+	SIOCGIFCONF                       = 0xc0086924
+	SIOCGIFDATA                       = 0xc020691b
+	SIOCGIFDESCR                      = 0xc0206981
+	SIOCGIFDSTADDR                    = 0xc0206922
+	SIOCGIFFLAGS                      = 0xc0206911
+	SIOCGIFGATTR                      = 0xc024698b
+	SIOCGIFGENERIC                    = 0xc020693a
+	SIOCGIFGMEMB                      = 0xc024698a
+	SIOCGIFGROUP                      = 0xc0246988
+	SIOCGIFHARDMTU                    = 0xc02069a5
+	SIOCGIFMEDIA                      = 0xc0286936
+	SIOCGIFMETRIC                     = 0xc0206917
+	SIOCGIFMTU                        = 0xc020697e
+	SIOCGIFNETMASK                    = 0xc0206925
+	SIOCGIFPDSTADDR                   = 0xc0206948
+	SIOCGIFPRIORITY                   = 0xc020699c
+	SIOCGIFPSRCADDR                   = 0xc0206947
+	SIOCGIFRDOMAIN                    = 0xc02069a0
+	SIOCGIFRTLABEL                    = 0xc0206983
+	SIOCGIFRXR                        = 0x802069aa
+	SIOCGIFTIMESLOT                   = 0xc0206986
+	SIOCGIFXFLAGS                     = 0xc020699e
+	SIOCGLIFADDR                      = 0xc218691d
+	SIOCGLIFPHYADDR                   = 0xc218694b
+	SIOCGLIFPHYRTABLE                 = 0xc02069a2
+	SIOCGLIFPHYTTL                    = 0xc02069a9
+	SIOCGLOWAT                        = 0x40047303
+	SIOCGPGRP                         = 0x40047309
+	SIOCGSPPPPARAMS                   = 0xc0206994
+	SIOCGVH                           = 0xc02069f6
+	SIOCGVNETID                       = 0xc02069a7
+	SIOCIFCREATE                      = 0x8020697a
+	SIOCIFDESTROY                     = 0x80206979
+	SIOCIFGCLONERS                    = 0xc00c6978
+	SIOCSETKALIVE                     = 0x801869a3
+	SIOCSETLABEL                      = 0x80206999
+	SIOCSETPFLOW                      = 0x802069fd
+	SIOCSETPFSYNC                     = 0x802069f7
+	SIOCSETVLAN                       = 0x8020698f
+	SIOCSHIWAT                        = 0x80047300
+	SIOCSIFADDR                       = 0x8020690c
+	SIOCSIFASYNCMAP                   = 0x8020697d
+	SIOCSIFBRDADDR                    = 0x80206913
+	SIOCSIFDESCR                      = 0x80206980
+	SIOCSIFDSTADDR                    = 0x8020690e
+	SIOCSIFFLAGS                      = 0x80206910
+	SIOCSIFGATTR                      = 0x8024698c
+	SIOCSIFGENERIC                    = 0x80206939
+	SIOCSIFLLADDR                     = 0x8020691f
+	SIOCSIFMEDIA                      = 0xc0206935
+	SIOCSIFMETRIC                     = 0x80206918
+	SIOCSIFMTU                        = 0x8020697f
+	SIOCSIFNETMASK                    = 0x80206916
+	SIOCSIFPHYADDR                    = 0x80406946
+	SIOCSIFPRIORITY                   = 0x8020699b
+	SIOCSIFRDOMAIN                    = 0x8020699f
+	SIOCSIFRTLABEL                    = 0x80206982
+	SIOCSIFTIMESLOT                   = 0x80206985
+	SIOCSIFXFLAGS                     = 0x8020699d
+	SIOCSLIFPHYADDR                   = 0x8218694a
+	SIOCSLIFPHYRTABLE                 = 0x802069a1
+	SIOCSLIFPHYTTL                    = 0x802069a8
+	SIOCSLOWAT                        = 0x80047302
+	SIOCSPGRP                         = 0x80047308
+	SIOCSSPPPPARAMS                   = 0x80206993
+	SIOCSVH                           = 0xc02069f5
+	SIOCSVNETID                       = 0x802069a6
+	SOCK_CLOEXEC                      = 0x8000
+	SOCK_DGRAM                        = 0x2
+	SOCK_NONBLOCK                     = 0x4000
+	SOCK_RAW                          = 0x3
+	SOCK_RDM                          = 0x4
+	SOCK_SEQPACKET                    = 0x5
+	SOCK_STREAM                       = 0x1
+	SOL_SOCKET                        = 0xffff
+	SOMAXCONN                         = 0x80
+	SO_ACCEPTCONN                     = 0x2
+	SO_BINDANY                        = 0x1000
+	SO_BROADCAST                      = 0x20
+	SO_DEBUG                          = 0x1
+	SO_DONTROUTE                      = 0x10
+	SO_ERROR                          = 0x1007
+	SO_KEEPALIVE                      = 0x8
+	SO_LINGER                         = 0x80
+	SO_NETPROC                        = 0x1020
+	SO_OOBINLINE                      = 0x100
+	SO_PEERCRED                       = 0x1022
+	SO_RCVBUF                         = 0x1002
+	SO_RCVLOWAT                       = 0x1004
+	SO_RCVTIMEO                       = 0x1006
+	SO_REUSEADDR                      = 0x4
+	SO_REUSEPORT                      = 0x200
+	SO_RTABLE                         = 0x1021
+	SO_SNDBUF                         = 0x1001
+	SO_SNDLOWAT                       = 0x1003
+	SO_SNDTIMEO                       = 0x1005
+	SO_SPLICE                         = 0x1023
+	SO_TIMESTAMP                      = 0x800
+	SO_TYPE                           = 0x1008
+	SO_USELOOPBACK                    = 0x40
+	S_BLKSIZE                         = 0x200
+	S_IEXEC                           = 0x40
+	S_IFBLK                           = 0x6000
+	S_IFCHR                           = 0x2000
+	S_IFDIR                           = 0x4000
+	S_IFIFO                           = 0x1000
+	S_IFLNK                           = 0xa000
+	S_IFMT                            = 0xf000
+	S_IFREG                           = 0x8000
+	S_IFSOCK                          = 0xc000
+	S_IREAD                           = 0x100
+	S_IRGRP                           = 0x20
+	S_IROTH                           = 0x4
+	S_IRUSR                           = 0x100
+	S_IRWXG                           = 0x38
+	S_IRWXO                           = 0x7
+	S_IRWXU                           = 0x1c0
+	S_ISGID                           = 0x400
+	S_ISTXT                           = 0x200
+	S_ISUID                           = 0x800
+	S_ISVTX                           = 0x200
+	S_IWGRP                           = 0x10
+	S_IWOTH                           = 0x2
+	S_IWRITE                          = 0x80
+	S_IWUSR                           = 0x80
+	S_IXGRP                           = 0x8
+	S_IXOTH                           = 0x1
+	S_IXUSR                           = 0x40
+	TCIFLUSH                          = 0x1
+	TCIOFLUSH                         = 0x3
+	TCOFLUSH                          = 0x2
+	TCP_MAXBURST                      = 0x4
+	TCP_MAXSEG                        = 0x2
+	TCP_MAXWIN                        = 0xffff
+	TCP_MAX_SACK                      = 0x3
+	TCP_MAX_WINSHIFT                  = 0xe
+	TCP_MD5SIG                        = 0x4
+	TCP_MSS                           = 0x200
+	TCP_NODELAY                       = 0x1
+	TCP_NOPUSH                        = 0x10
+	TCP_NSTATES                       = 0xb
+	TCP_SACK_ENABLE                   = 0x8
+	TCSAFLUSH                         = 0x2
+	TIOCCBRK                          = 0x2000747a
+	TIOCCDTR                          = 0x20007478
+	TIOCCONS                          = 0x80047462
+	TIOCDRAIN                         = 0x2000745e
+	TIOCEXCL                          = 0x2000740d
+	TIOCEXT                           = 0x80047460
+	TIOCFLAG_CLOCAL                   = 0x2
+	TIOCFLAG_CRTSCTS                  = 0x4
+	TIOCFLAG_MDMBUF                   = 0x8
+	TIOCFLAG_PPS                      = 0x10
+	TIOCFLAG_SOFTCAR                  = 0x1
+	TIOCFLUSH                         = 0x80047410
+	TIOCGETA                          = 0x402c7413
+	TIOCGETD                          = 0x4004741a
+	TIOCGFLAGS                        = 0x4004745d
+	TIOCGPGRP                         = 0x40047477
+	TIOCGSID                          = 0x40047463
+	TIOCGTSTAMP                       = 0x400c745b
+	TIOCGWINSZ                        = 0x40087468
+	TIOCMBIC                          = 0x8004746b
+	TIOCMBIS                          = 0x8004746c
+	TIOCMGET                          = 0x4004746a
+	TIOCMODG                          = 0x4004746a
+	TIOCMODS                          = 0x8004746d
+	TIOCMSET                          = 0x8004746d
+	TIOCM_CAR                         = 0x40
+	TIOCM_CD                          = 0x40
+	TIOCM_CTS                         = 0x20
+	TIOCM_DSR                         = 0x100
+	TIOCM_DTR                         = 0x2
+	TIOCM_LE                          = 0x1
+	TIOCM_RI                          = 0x80
+	TIOCM_RNG                         = 0x80
+	TIOCM_RTS                         = 0x4
+	TIOCM_SR                          = 0x10
+	TIOCM_ST                          = 0x8
+	TIOCNOTTY                         = 0x20007471
+	TIOCNXCL                          = 0x2000740e
+	TIOCOUTQ                          = 0x40047473
+	TIOCPKT                           = 0x80047470
+	TIOCPKT_DATA                      = 0x0
+	TIOCPKT_DOSTOP                    = 0x20
+	TIOCPKT_FLUSHREAD                 = 0x1
+	TIOCPKT_FLUSHWRITE                = 0x2
+	TIOCPKT_IOCTL                     = 0x40
+	TIOCPKT_NOSTOP                    = 0x10
+	TIOCPKT_START                     = 0x8
+	TIOCPKT_STOP                      = 0x4
+	TIOCREMOTE                        = 0x80047469
+	TIOCSBRK                          = 0x2000747b
+	TIOCSCTTY                         = 0x20007461
+	TIOCSDTR                          = 0x20007479
+	TIOCSETA                          = 0x802c7414
+	TIOCSETAF                         = 0x802c7416
+	TIOCSETAW                         = 0x802c7415
+	TIOCSETD                          = 0x8004741b
+	TIOCSFLAGS                        = 0x8004745c
+	TIOCSIG                           = 0x8004745f
+	TIOCSPGRP                         = 0x80047476
+	TIOCSTART                         = 0x2000746e
+	TIOCSTAT                          = 0x80047465
+	TIOCSTI                           = 0x80017472
+	TIOCSTOP                          = 0x2000746f
+	TIOCSTSTAMP                       = 0x8008745a
+	TIOCSWINSZ                        = 0x80087467
+	TIOCUCNTL                         = 0x80047466
+	TOSTOP                            = 0x400000
+	VDISCARD                          = 0xf
+	VDSUSP                            = 0xb
+	VEOF                              = 0x0
+	VEOL                              = 0x1
+	VEOL2                             = 0x2
+	VERASE                            = 0x3
+	VINTR                             = 0x8
+	VKILL                             = 0x5
+	VLNEXT                            = 0xe
+	VMIN                              = 0x10
+	VQUIT                             = 0x9
+	VREPRINT                          = 0x6
+	VSTART                            = 0xc
+	VSTATUS                           = 0x12
+	VSTOP                             = 0xd
+	VSUSP                             = 0xa
+	VTIME                             = 0x11
+	VWERASE                           = 0x4
+	WALTSIG                           = 0x4
+	WCONTINUED                        = 0x8
+	WCOREFLAG                         = 0x80
+	WNOHANG                           = 0x1
+	WUNTRACED                         = 0x2
+)
+
+// Errors
+const (
+	E2BIG           = syscall.Errno(0x7)
+	EACCES          = syscall.Errno(0xd)
+	EADDRINUSE      = syscall.Errno(0x30)
+	EADDRNOTAVAIL   = syscall.Errno(0x31)
+	EAFNOSUPPORT    = syscall.Errno(0x2f)
+	EAGAIN          = syscall.Errno(0x23)
+	EALREADY        = syscall.Errno(0x25)
+	EAUTH           = syscall.Errno(0x50)
+	EBADF           = syscall.Errno(0x9)
+	EBADRPC         = syscall.Errno(0x48)
+	EBUSY           = syscall.Errno(0x10)
+	ECANCELED       = syscall.Errno(0x58)
+	ECHILD          = syscall.Errno(0xa)
+	ECONNABORTED    = syscall.Errno(0x35)
+	ECONNREFUSED    = syscall.Errno(0x3d)
+	ECONNRESET      = syscall.Errno(0x36)
+	EDEADLK         = syscall.Errno(0xb)
+	EDESTADDRREQ    = syscall.Errno(0x27)
+	EDOM            = syscall.Errno(0x21)
+	EDQUOT          = syscall.Errno(0x45)
+	EEXIST          = syscall.Errno(0x11)
+	EFAULT          = syscall.Errno(0xe)
+	EFBIG           = syscall.Errno(0x1b)
+	EFTYPE          = syscall.Errno(0x4f)
+	EHOSTDOWN       = syscall.Errno(0x40)
+	EHOSTUNREACH    = syscall.Errno(0x41)
+	EIDRM           = syscall.Errno(0x59)
+	EILSEQ          = syscall.Errno(0x54)
+	EINPROGRESS     = syscall.Errno(0x24)
+	EINTR           = syscall.Errno(0x4)
+	EINVAL          = syscall.Errno(0x16)
+	EIO             = syscall.Errno(0x5)
+	EIPSEC          = syscall.Errno(0x52)
+	EISCONN         = syscall.Errno(0x38)
+	EISDIR          = syscall.Errno(0x15)
+	ELAST           = syscall.Errno(0x5b)
+	ELOOP           = syscall.Errno(0x3e)
+	EMEDIUMTYPE     = syscall.Errno(0x56)
+	EMFILE          = syscall.Errno(0x18)
+	EMLINK          = syscall.Errno(0x1f)
+	EMSGSIZE        = syscall.Errno(0x28)
+	ENAMETOOLONG    = syscall.Errno(0x3f)
+	ENEEDAUTH       = syscall.Errno(0x51)
+	ENETDOWN        = syscall.Errno(0x32)
+	ENETRESET       = syscall.Errno(0x34)
+	ENETUNREACH     = syscall.Errno(0x33)
+	ENFILE          = syscall.Errno(0x17)
+	ENOATTR         = syscall.Errno(0x53)
+	ENOBUFS         = syscall.Errno(0x37)
+	ENODEV          = syscall.Errno(0x13)
+	ENOENT          = syscall.Errno(0x2)
+	ENOEXEC         = syscall.Errno(0x8)
+	ENOLCK          = syscall.Errno(0x4d)
+	ENOMEDIUM       = syscall.Errno(0x55)
+	ENOMEM          = syscall.Errno(0xc)
+	ENOMSG          = syscall.Errno(0x5a)
+	ENOPROTOOPT     = syscall.Errno(0x2a)
+	ENOSPC          = syscall.Errno(0x1c)
+	ENOSYS          = syscall.Errno(0x4e)
+	ENOTBLK         = syscall.Errno(0xf)
+	ENOTCONN        = syscall.Errno(0x39)
+	ENOTDIR         = syscall.Errno(0x14)
+	ENOTEMPTY       = syscall.Errno(0x42)
+	ENOTSOCK        = syscall.Errno(0x26)
+	ENOTSUP         = syscall.Errno(0x5b)
+	ENOTTY          = syscall.Errno(0x19)
+	ENXIO           = syscall.Errno(0x6)
+	EOPNOTSUPP      = syscall.Errno(0x2d)
+	EOVERFLOW       = syscall.Errno(0x57)
+	EPERM           = syscall.Errno(0x1)
+	EPFNOSUPPORT    = syscall.Errno(0x2e)
+	EPIPE           = syscall.Errno(0x20)
+	EPROCLIM        = syscall.Errno(0x43)
+	EPROCUNAVAIL    = syscall.Errno(0x4c)
+	EPROGMISMATCH   = syscall.Errno(0x4b)
+	EPROGUNAVAIL    = syscall.Errno(0x4a)
+	EPROTONOSUPPORT = syscall.Errno(0x2b)
+	EPROTOTYPE      = syscall.Errno(0x29)
+	ERANGE          = syscall.Errno(0x22)
+	EREMOTE         = syscall.Errno(0x47)
+	EROFS           = syscall.Errno(0x1e)
+	ERPCMISMATCH    = syscall.Errno(0x49)
+	ESHUTDOWN       = syscall.Errno(0x3a)
+	ESOCKTNOSUPPORT = syscall.Errno(0x2c)
+	ESPIPE          = syscall.Errno(0x1d)
+	ESRCH           = syscall.Errno(0x3)
+	ESTALE          = syscall.Errno(0x46)
+	ETIMEDOUT       = syscall.Errno(0x3c)
+	ETOOMANYREFS    = syscall.Errno(0x3b)
+	ETXTBSY         = syscall.Errno(0x1a)
+	EUSERS          = syscall.Errno(0x44)
+	EWOULDBLOCK     = syscall.Errno(0x23)
+	EXDEV           = syscall.Errno(0x12)
+)
+
+// Signals
+const (
+	SIGABRT   = syscall.Signal(0x6)
+	SIGALRM   = syscall.Signal(0xe)
+	SIGBUS    = syscall.Signal(0xa)
+	SIGCHLD   = syscall.Signal(0x14)
+	SIGCONT   = syscall.Signal(0x13)
+	SIGEMT    = syscall.Signal(0x7)
+	SIGFPE    = syscall.Signal(0x8)
+	SIGHUP    = syscall.Signal(0x1)
+	SIGILL    = syscall.Signal(0x4)
+	SIGINFO   = syscall.Signal(0x1d)
+	SIGINT    = syscall.Signal(0x2)
+	SIGIO     = syscall.Signal(0x17)
+	SIGIOT    = syscall.Signal(0x6)
+	SIGKILL   = syscall.Signal(0x9)
+	SIGPIPE   = syscall.Signal(0xd)
+	SIGPROF   = syscall.Signal(0x1b)
+	SIGQUIT   = syscall.Signal(0x3)
+	SIGSEGV   = syscall.Signal(0xb)
+	SIGSTOP   = syscall.Signal(0x11)
+	SIGSYS    = syscall.Signal(0xc)
+	SIGTERM   = syscall.Signal(0xf)
+	SIGTHR    = syscall.Signal(0x20)
+	SIGTRAP   = syscall.Signal(0x5)
+	SIGTSTP   = syscall.Signal(0x12)
+	SIGTTIN   = syscall.Signal(0x15)
+	SIGTTOU   = syscall.Signal(0x16)
+	SIGURG    = syscall.Signal(0x10)
+	SIGUSR1   = syscall.Signal(0x1e)
+	SIGUSR2   = syscall.Signal(0x1f)
+	SIGVTALRM = syscall.Signal(0x1a)
+	SIGWINCH  = syscall.Signal(0x1c)
+	SIGXCPU   = syscall.Signal(0x18)
+	SIGXFSZ   = syscall.Signal(0x19)
+)
+
+// Error table
+var errorList = [...]struct {
+	num  syscall.Errno
+	name string
+	desc string
+}{
+	{1, "EPERM", "operation not permitted"},
+	{2, "ENOENT", "no such file or directory"},
+	{3, "ESRCH", "no such process"},
+	{4, "EINTR", "interrupted system call"},
+	{5, "EIO", "input/output error"},
+	{6, "ENXIO", "device not configured"},
+	{7, "E2BIG", "argument list too long"},
+	{8, "ENOEXEC", "exec format error"},
+	{9, "EBADF", "bad file descriptor"},
+	{10, "ECHILD", "no child processes"},
+	{11, "EDEADLK", "resource deadlock avoided"},
+	{12, "ENOMEM", "cannot allocate memory"},
+	{13, "EACCES", "permission denied"},
+	{14, "EFAULT", "bad address"},
+	{15, "ENOTBLK", "block device required"},
+	{16, "EBUSY", "device busy"},
+	{17, "EEXIST", "file exists"},
+	{18, "EXDEV", "cross-device link"},
+	{19, "ENODEV", "operation not supported by device"},
+	{20, "ENOTDIR", "not a directory"},
+	{21, "EISDIR", "is a directory"},
+	{22, "EINVAL", "invalid argument"},
+	{23, "ENFILE", "too many open files in system"},
+	{24, "EMFILE", "too many open files"},
+	{25, "ENOTTY", "inappropriate ioctl for device"},
+	{26, "ETXTBSY", "text file busy"},
+	{27, "EFBIG", "file too large"},
+	{28, "ENOSPC", "no space left on device"},
+	{29, "ESPIPE", "illegal seek"},
+	{30, "EROFS", "read-only file system"},
+	{31, "EMLINK", "too many links"},
+	{32, "EPIPE", "broken pipe"},
+	{33, "EDOM", "numerical argument out of domain"},
+	{34, "ERANGE", "result too large"},
+	{35, "EWOULDBLOCK", "resource temporarily unavailable"},
+	{36, "EINPROGRESS", "operation now in progress"},
+	{37, "EALREADY", "operation already in progress"},
+	{38, "ENOTSOCK", "socket operation on non-socket"},
+	{39, "EDESTADDRREQ", "destination address required"},
+	{40, "EMSGSIZE", "message too long"},
+	{41, "EPROTOTYPE", "protocol wrong type for socket"},
+	{42, "ENOPROTOOPT", "protocol not available"},
+	{43, "EPROTONOSUPPORT", "protocol not supported"},
+	{44, "ESOCKTNOSUPPORT", "socket type not supported"},
+	{45, "EOPNOTSUPP", "operation not supported"},
+	{46, "EPFNOSUPPORT", "protocol family not supported"},
+	{47, "EAFNOSUPPORT", "address family not supported by protocol family"},
+	{48, "EADDRINUSE", "address already in use"},
+	{49, "EADDRNOTAVAIL", "can't assign requested address"},
+	{50, "ENETDOWN", "network is down"},
+	{51, "ENETUNREACH", "network is unreachable"},
+	{52, "ENETRESET", "network dropped connection on reset"},
+	{53, "ECONNABORTED", "software caused connection abort"},
+	{54, "ECONNRESET", "connection reset by peer"},
+	{55, "ENOBUFS", "no buffer space available"},
+	{56, "EISCONN", "socket is already connected"},
+	{57, "ENOTCONN", "socket is not connected"},
+	{58, "ESHUTDOWN", "can't send after socket shutdown"},
+	{59, "ETOOMANYREFS", "too many references: can't splice"},
+	{60, "ETIMEDOUT", "operation timed out"},
+	{61, "ECONNREFUSED", "connection refused"},
+	{62, "ELOOP", "too many levels of symbolic links"},
+	{63, "ENAMETOOLONG", "file name too long"},
+	{64, "EHOSTDOWN", "host is down"},
+	{65, "EHOSTUNREACH", "no route to host"},
+	{66, "ENOTEMPTY", "directory not empty"},
+	{67, "EPROCLIM", "too many processes"},
+	{68, "EUSERS", "too many users"},
+	{69, "EDQUOT", "disk quota exceeded"},
+	{70, "ESTALE", "stale NFS file handle"},
+	{71, "EREMOTE", "too many levels of remote in path"},
+	{72, "EBADRPC", "RPC struct is bad"},
+	{73, "ERPCMISMATCH", "RPC version wrong"},
+	{74, "EPROGUNAVAIL", "RPC program not available"},
+	{75, "EPROGMISMATCH", "program version wrong"},
+	{76, "EPROCUNAVAIL", "bad procedure for program"},
+	{77, "ENOLCK", "no locks available"},
+	{78, "ENOSYS", "function not implemented"},
+	{79, "EFTYPE", "inappropriate file type or format"},
+	{80, "EAUTH", "authentication error"},
+	{81, "ENEEDAUTH", "need authenticator"},
+	{82, "EIPSEC", "IPsec processing failure"},
+	{83, "ENOATTR", "attribute not found"},
+	{84, "EILSEQ", "illegal byte sequence"},
+	{85, "ENOMEDIUM", "no medium found"},
+	{86, "EMEDIUMTYPE", "wrong medium type"},
+	{87, "EOVERFLOW", "value too large to be stored in data type"},
+	{88, "ECANCELED", "operation canceled"},
+	{89, "EIDRM", "identifier removed"},
+	{90, "ENOMSG", "no message of desired type"},
+	{91, "ELAST", "not supported"},
+}
+
+// Signal table
+var signalList = [...]struct {
+	num  syscall.Signal
+	name string
+	desc string
+}{
+	{1, "SIGHUP", "hangup"},
+	{2, "SIGINT", "interrupt"},
+	{3, "SIGQUIT", "quit"},
+	{4, "SIGILL", "illegal instruction"},
+	{5, "SIGTRAP", "trace/BPT trap"},
+	{6, "SIGABRT", "abort trap"},
+	{7, "SIGEMT", "EMT trap"},
+	{8, "SIGFPE", "floating point exception"},
+	{9, "SIGKILL", "killed"},
+	{10, "SIGBUS", "bus error"},
+	{11, "SIGSEGV", "segmentation fault"},
+	{12, "SIGSYS", "bad system call"},
+	{13, "SIGPIPE", "broken pipe"},
+	{14, "SIGALRM", "alarm clock"},
+	{15, "SIGTERM", "terminated"},
+	{16, "SIGURG", "urgent I/O condition"},
+	{17, "SIGSTOP", "suspended (signal)"},
+	{18, "SIGTSTP", "suspended"},
+	{19, "SIGCONT", "continued"},
+	{20, "SIGCHLD", "child exited"},
+	{21, "SIGTTIN", "stopped (tty input)"},
+	{22, "SIGTTOU", "stopped (tty output)"},
+	{23, "SIGIO", "I/O possible"},
+	{24, "SIGXCPU", "cputime limit exceeded"},
+	{25, "SIGXFSZ", "filesize limit exceeded"},
+	{26, "SIGVTALRM", "virtual timer expired"},
+	{27, "SIGPROF", "profiling timer expired"},
+	{28, "SIGWINCH", "window size changes"},
+	{29, "SIGINFO", "information request"},
+	{30, "SIGUSR1", "user defined signal 1"},
+	{31, "SIGUSR2", "user defined signal 2"},
+	{32, "SIGTHR", "thread AST"},
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go
new file mode 100644
index 000000000..ac5efbe5a
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go
@@ -0,0 +1,1797 @@
+// mkerrors.sh -m64
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build arm64,openbsd
+
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs -- -m64 _const.go
+
+package unix
+
+import "syscall"
+
+const (
+	AF_APPLETALK                      = 0x10
+	AF_BLUETOOTH                      = 0x20
+	AF_CCITT                          = 0xa
+	AF_CHAOS                          = 0x5
+	AF_CNT                            = 0x15
+	AF_COIP                           = 0x14
+	AF_DATAKIT                        = 0x9
+	AF_DECnet                         = 0xc
+	AF_DLI                            = 0xd
+	AF_E164                           = 0x1a
+	AF_ECMA                           = 0x8
+	AF_ENCAP                          = 0x1c
+	AF_HYLINK                         = 0xf
+	AF_IMPLINK                        = 0x3
+	AF_INET                           = 0x2
+	AF_INET6                          = 0x18
+	AF_IPX                            = 0x17
+	AF_ISDN                           = 0x1a
+	AF_ISO                            = 0x7
+	AF_KEY                            = 0x1e
+	AF_LAT                            = 0xe
+	AF_LINK                           = 0x12
+	AF_LOCAL                          = 0x1
+	AF_MAX                            = 0x24
+	AF_MPLS                           = 0x21
+	AF_NATM                           = 0x1b
+	AF_NS                             = 0x6
+	AF_OSI                            = 0x7
+	AF_PUP                            = 0x4
+	AF_ROUTE                          = 0x11
+	AF_SIP                            = 0x1d
+	AF_SNA                            = 0xb
+	AF_UNIX                           = 0x1
+	AF_UNSPEC                         = 0x0
+	ALTWERASE                         = 0x200
+	ARPHRD_ETHER                      = 0x1
+	ARPHRD_FRELAY                     = 0xf
+	ARPHRD_IEEE1394                   = 0x18
+	ARPHRD_IEEE802                    = 0x6
+	B0                                = 0x0
+	B110                              = 0x6e
+	B115200                           = 0x1c200
+	B1200                             = 0x4b0
+	B134                              = 0x86
+	B14400                            = 0x3840
+	B150                              = 0x96
+	B1800                             = 0x708
+	B19200                            = 0x4b00
+	B200                              = 0xc8
+	B230400                           = 0x38400
+	B2400                             = 0x960
+	B28800                            = 0x7080
+	B300                              = 0x12c
+	B38400                            = 0x9600
+	B4800                             = 0x12c0
+	B50                               = 0x32
+	B57600                            = 0xe100
+	B600                              = 0x258
+	B7200                             = 0x1c20
+	B75                               = 0x4b
+	B76800                            = 0x12c00
+	B9600                             = 0x2580
+	BIOCFLUSH                         = 0x20004268
+	BIOCGBLEN                         = 0x40044266
+	BIOCGDIRFILT                      = 0x4004427c
+	BIOCGDLT                          = 0x4004426a
+	BIOCGDLTLIST                      = 0xc010427b
+	BIOCGETIF                         = 0x4020426b
+	BIOCGFILDROP                      = 0x40044278
+	BIOCGHDRCMPLT                     = 0x40044274
+	BIOCGRSIG                         = 0x40044273
+	BIOCGRTIMEOUT                     = 0x4010426e
+	BIOCGSTATS                        = 0x4008426f
+	BIOCIMMEDIATE                     = 0x80044270
+	BIOCLOCK                          = 0x20004276
+	BIOCPROMISC                       = 0x20004269
+	BIOCSBLEN                         = 0xc0044266
+	BIOCSDIRFILT                      = 0x8004427d
+	BIOCSDLT                          = 0x8004427a
+	BIOCSETF                          = 0x80104267
+	BIOCSETIF                         = 0x8020426c
+	BIOCSETWF                         = 0x80104277
+	BIOCSFILDROP                      = 0x80044279
+	BIOCSHDRCMPLT                     = 0x80044275
+	BIOCSRSIG                         = 0x80044272
+	BIOCSRTIMEOUT                     = 0x8010426d
+	BIOCVERSION                       = 0x40044271
+	BPF_A                             = 0x10
+	BPF_ABS                           = 0x20
+	BPF_ADD                           = 0x0
+	BPF_ALIGNMENT                     = 0x4
+	BPF_ALU                           = 0x4
+	BPF_AND                           = 0x50
+	BPF_B                             = 0x10
+	BPF_DIRECTION_IN                  = 0x1
+	BPF_DIRECTION_OUT                 = 0x2
+	BPF_DIV                           = 0x30
+	BPF_FILDROP_CAPTURE               = 0x1
+	BPF_FILDROP_DROP                  = 0x2
+	BPF_FILDROP_PASS                  = 0x0
+	BPF_H                             = 0x8
+	BPF_IMM                           = 0x0
+	BPF_IND                           = 0x40
+	BPF_JA                            = 0x0
+	BPF_JEQ                           = 0x10
+	BPF_JGE                           = 0x30
+	BPF_JGT                           = 0x20
+	BPF_JMP                           = 0x5
+	BPF_JSET                          = 0x40
+	BPF_K                             = 0x0
+	BPF_LD                            = 0x0
+	BPF_LDX                           = 0x1
+	BPF_LEN                           = 0x80
+	BPF_LSH                           = 0x60
+	BPF_MAJOR_VERSION                 = 0x1
+	BPF_MAXBUFSIZE                    = 0x200000
+	BPF_MAXINSNS                      = 0x200
+	BPF_MEM                           = 0x60
+	BPF_MEMWORDS                      = 0x10
+	BPF_MINBUFSIZE                    = 0x20
+	BPF_MINOR_VERSION                 = 0x1
+	BPF_MISC                          = 0x7
+	BPF_MSH                           = 0xa0
+	BPF_MUL                           = 0x20
+	BPF_NEG                           = 0x80
+	BPF_OR                            = 0x40
+	BPF_RELEASE                       = 0x30bb6
+	BPF_RET                           = 0x6
+	BPF_RSH                           = 0x70
+	BPF_ST                            = 0x2
+	BPF_STX                           = 0x3
+	BPF_SUB                           = 0x10
+	BPF_TAX                           = 0x0
+	BPF_TXA                           = 0x80
+	BPF_W                             = 0x0
+	BPF_X                             = 0x8
+	BRKINT                            = 0x2
+	CFLUSH                            = 0xf
+	CLOCAL                            = 0x8000
+	CLOCK_BOOTTIME                    = 0x6
+	CLOCK_MONOTONIC                   = 0x3
+	CLOCK_PROCESS_CPUTIME_ID          = 0x2
+	CLOCK_REALTIME                    = 0x0
+	CLOCK_THREAD_CPUTIME_ID           = 0x4
+	CLOCK_UPTIME                      = 0x5
+	CPUSTATES                         = 0x6
+	CP_IDLE                           = 0x5
+	CP_INTR                           = 0x4
+	CP_NICE                           = 0x1
+	CP_SPIN                           = 0x3
+	CP_SYS                            = 0x2
+	CP_USER                           = 0x0
+	CREAD                             = 0x800
+	CRTSCTS                           = 0x10000
+	CS5                               = 0x0
+	CS6                               = 0x100
+	CS7                               = 0x200
+	CS8                               = 0x300
+	CSIZE                             = 0x300
+	CSTART                            = 0x11
+	CSTATUS                           = 0xff
+	CSTOP                             = 0x13
+	CSTOPB                            = 0x400
+	CSUSP                             = 0x1a
+	CTL_HW                            = 0x6
+	CTL_KERN                          = 0x1
+	CTL_MAXNAME                       = 0xc
+	CTL_NET                           = 0x4
+	DIOCOSFPFLUSH                     = 0x2000444e
+	DLT_ARCNET                        = 0x7
+	DLT_ATM_RFC1483                   = 0xb
+	DLT_AX25                          = 0x3
+	DLT_CHAOS                         = 0x5
+	DLT_C_HDLC                        = 0x68
+	DLT_EN10MB                        = 0x1
+	DLT_EN3MB                         = 0x2
+	DLT_ENC                           = 0xd
+	DLT_FDDI                          = 0xa
+	DLT_IEEE802                       = 0x6
+	DLT_IEEE802_11                    = 0x69
+	DLT_IEEE802_11_RADIO              = 0x7f
+	DLT_LOOP                          = 0xc
+	DLT_MPLS                          = 0xdb
+	DLT_NULL                          = 0x0
+	DLT_OPENFLOW                      = 0x10b
+	DLT_PFLOG                         = 0x75
+	DLT_PFSYNC                        = 0x12
+	DLT_PPP                           = 0x9
+	DLT_PPP_BSDOS                     = 0x10
+	DLT_PPP_ETHER                     = 0x33
+	DLT_PPP_SERIAL                    = 0x32
+	DLT_PRONET                        = 0x4
+	DLT_RAW                           = 0xe
+	DLT_SLIP                          = 0x8
+	DLT_SLIP_BSDOS                    = 0xf
+	DLT_USBPCAP                       = 0xf9
+	DLT_USER0                         = 0x93
+	DLT_USER1                         = 0x94
+	DLT_USER10                        = 0x9d
+	DLT_USER11                        = 0x9e
+	DLT_USER12                        = 0x9f
+	DLT_USER13                        = 0xa0
+	DLT_USER14                        = 0xa1
+	DLT_USER15                        = 0xa2
+	DLT_USER2                         = 0x95
+	DLT_USER3                         = 0x96
+	DLT_USER4                         = 0x97
+	DLT_USER5                         = 0x98
+	DLT_USER6                         = 0x99
+	DLT_USER7                         = 0x9a
+	DLT_USER8                         = 0x9b
+	DLT_USER9                         = 0x9c
+	DT_BLK                            = 0x6
+	DT_CHR                            = 0x2
+	DT_DIR                            = 0x4
+	DT_FIFO                           = 0x1
+	DT_LNK                            = 0xa
+	DT_REG                            = 0x8
+	DT_SOCK                           = 0xc
+	DT_UNKNOWN                        = 0x0
+	ECHO                              = 0x8
+	ECHOCTL                           = 0x40
+	ECHOE                             = 0x2
+	ECHOK                             = 0x4
+	ECHOKE                            = 0x1
+	ECHONL                            = 0x10
+	ECHOPRT                           = 0x20
+	EMT_TAGOVF                        = 0x1
+	EMUL_ENABLED                      = 0x1
+	EMUL_NATIVE                       = 0x2
+	ENDRUNDISC                        = 0x9
+	ETHERMIN                          = 0x2e
+	ETHERMTU                          = 0x5dc
+	ETHERTYPE_8023                    = 0x4
+	ETHERTYPE_AARP                    = 0x80f3
+	ETHERTYPE_ACCTON                  = 0x8390
+	ETHERTYPE_AEONIC                  = 0x8036
+	ETHERTYPE_ALPHA                   = 0x814a
+	ETHERTYPE_AMBER                   = 0x6008
+	ETHERTYPE_AMOEBA                  = 0x8145
+	ETHERTYPE_AOE                     = 0x88a2
+	ETHERTYPE_APOLLO                  = 0x80f7
+	ETHERTYPE_APOLLODOMAIN            = 0x8019
+	ETHERTYPE_APPLETALK               = 0x809b
+	ETHERTYPE_APPLITEK                = 0x80c7
+	ETHERTYPE_ARGONAUT                = 0x803a
+	ETHERTYPE_ARP                     = 0x806
+	ETHERTYPE_AT                      = 0x809b
+	ETHERTYPE_ATALK                   = 0x809b
+	ETHERTYPE_ATOMIC                  = 0x86df
+	ETHERTYPE_ATT                     = 0x8069
+	ETHERTYPE_ATTSTANFORD             = 0x8008
+	ETHERTYPE_AUTOPHON                = 0x806a
+	ETHERTYPE_AXIS                    = 0x8856
+	ETHERTYPE_BCLOOP                  = 0x9003
+	ETHERTYPE_BOFL                    = 0x8102
+	ETHERTYPE_CABLETRON               = 0x7034
+	ETHERTYPE_CHAOS                   = 0x804
+	ETHERTYPE_COMDESIGN               = 0x806c
+	ETHERTYPE_COMPUGRAPHIC            = 0x806d
+	ETHERTYPE_COUNTERPOINT            = 0x8062
+	ETHERTYPE_CRONUS                  = 0x8004
+	ETHERTYPE_CRONUSVLN               = 0x8003
+	ETHERTYPE_DCA                     = 0x1234
+	ETHERTYPE_DDE                     = 0x807b
+	ETHERTYPE_DEBNI                   = 0xaaaa
+	ETHERTYPE_DECAM                   = 0x8048
+	ETHERTYPE_DECCUST                 = 0x6006
+	ETHERTYPE_DECDIAG                 = 0x6005
+	ETHERTYPE_DECDNS                  = 0x803c
+	ETHERTYPE_DECDTS                  = 0x803e
+	ETHERTYPE_DECEXPER                = 0x6000
+	ETHERTYPE_DECLAST                 = 0x8041
+	ETHERTYPE_DECLTM                  = 0x803f
+	ETHERTYPE_DECMUMPS                = 0x6009
+	ETHERTYPE_DECNETBIOS              = 0x8040
+	ETHERTYPE_DELTACON                = 0x86de
+	ETHERTYPE_DIDDLE                  = 0x4321
+	ETHERTYPE_DLOG1                   = 0x660
+	ETHERTYPE_DLOG2                   = 0x661
+	ETHERTYPE_DN                      = 0x6003
+	ETHERTYPE_DOGFIGHT                = 0x1989
+	ETHERTYPE_DSMD                    = 0x8039
+	ETHERTYPE_ECMA                    = 0x803
+	ETHERTYPE_ENCRYPT                 = 0x803d
+	ETHERTYPE_ES                      = 0x805d
+	ETHERTYPE_EXCELAN                 = 0x8010
+	ETHERTYPE_EXPERDATA               = 0x8049
+	ETHERTYPE_FLIP                    = 0x8146
+	ETHERTYPE_FLOWCONTROL             = 0x8808
+	ETHERTYPE_FRARP                   = 0x808
+	ETHERTYPE_GENDYN                  = 0x8068
+	ETHERTYPE_HAYES                   = 0x8130
+	ETHERTYPE_HIPPI_FP                = 0x8180
+	ETHERTYPE_HITACHI                 = 0x8820
+	ETHERTYPE_HP                      = 0x8005
+	ETHERTYPE_IEEEPUP                 = 0xa00
+	ETHERTYPE_IEEEPUPAT               = 0xa01
+	ETHERTYPE_IMLBL                   = 0x4c42
+	ETHERTYPE_IMLBLDIAG               = 0x424c
+	ETHERTYPE_IP                      = 0x800
+	ETHERTYPE_IPAS                    = 0x876c
+	ETHERTYPE_IPV6                    = 0x86dd
+	ETHERTYPE_IPX                     = 0x8137
+	ETHERTYPE_IPXNEW                  = 0x8037
+	ETHERTYPE_KALPANA                 = 0x8582
+	ETHERTYPE_LANBRIDGE               = 0x8038
+	ETHERTYPE_LANPROBE                = 0x8888
+	ETHERTYPE_LAT                     = 0x6004
+	ETHERTYPE_LBACK                   = 0x9000
+	ETHERTYPE_LITTLE                  = 0x8060
+	ETHERTYPE_LLDP                    = 0x88cc
+	ETHERTYPE_LOGICRAFT               = 0x8148
+	ETHERTYPE_LOOPBACK                = 0x9000
+	ETHERTYPE_MATRA                   = 0x807a
+	ETHERTYPE_MAX                     = 0xffff
+	ETHERTYPE_MERIT                   = 0x807c
+	ETHERTYPE_MICP                    = 0x873a
+	ETHERTYPE_MOPDL                   = 0x6001
+	ETHERTYPE_MOPRC                   = 0x6002
+	ETHERTYPE_MOTOROLA                = 0x818d
+	ETHERTYPE_MPLS                    = 0x8847
+	ETHERTYPE_MPLS_MCAST              = 0x8848
+	ETHERTYPE_MUMPS                   = 0x813f
+	ETHERTYPE_NBPCC                   = 0x3c04
+	ETHERTYPE_NBPCLAIM                = 0x3c09
+	ETHERTYPE_NBPCLREQ                = 0x3c05
+	ETHERTYPE_NBPCLRSP                = 0x3c06
+	ETHERTYPE_NBPCREQ                 = 0x3c02
+	ETHERTYPE_NBPCRSP                 = 0x3c03
+	ETHERTYPE_NBPDG                   = 0x3c07
+	ETHERTYPE_NBPDGB                  = 0x3c08
+	ETHERTYPE_NBPDLTE                 = 0x3c0a
+	ETHERTYPE_NBPRAR                  = 0x3c0c
+	ETHERTYPE_NBPRAS                  = 0x3c0b
+	ETHERTYPE_NBPRST                  = 0x3c0d
+	ETHERTYPE_NBPSCD                  = 0x3c01
+	ETHERTYPE_NBPVCD                  = 0x3c00
+	ETHERTYPE_NBS                     = 0x802
+	ETHERTYPE_NCD                     = 0x8149
+	ETHERTYPE_NESTAR                  = 0x8006
+	ETHERTYPE_NETBEUI                 = 0x8191
+	ETHERTYPE_NOVELL                  = 0x8138
+	ETHERTYPE_NS                      = 0x600
+	ETHERTYPE_NSAT                    = 0x601
+	ETHERTYPE_NSCOMPAT                = 0x807
+	ETHERTYPE_NTRAILER                = 0x10
+	ETHERTYPE_OS9                     = 0x7007
+	ETHERTYPE_OS9NET                  = 0x7009
+	ETHERTYPE_PACER                   = 0x80c6
+	ETHERTYPE_PAE                     = 0x888e
+	ETHERTYPE_PBB                     = 0x88e7
+	ETHERTYPE_PCS                     = 0x4242
+	ETHERTYPE_PLANNING                = 0x8044
+	ETHERTYPE_PPP                     = 0x880b
+	ETHERTYPE_PPPOE                   = 0x8864
+	ETHERTYPE_PPPOEDISC               = 0x8863
+	ETHERTYPE_PRIMENTS                = 0x7031
+	ETHERTYPE_PUP                     = 0x200
+	ETHERTYPE_PUPAT                   = 0x200
+	ETHERTYPE_QINQ                    = 0x88a8
+	ETHERTYPE_RACAL                   = 0x7030
+	ETHERTYPE_RATIONAL                = 0x8150
+	ETHERTYPE_RAWFR                   = 0x6559
+	ETHERTYPE_RCL                     = 0x1995
+	ETHERTYPE_RDP                     = 0x8739
+	ETHERTYPE_RETIX                   = 0x80f2
+	ETHERTYPE_REVARP                  = 0x8035
+	ETHERTYPE_SCA                     = 0x6007
+	ETHERTYPE_SECTRA                  = 0x86db
+	ETHERTYPE_SECUREDATA              = 0x876d
+	ETHERTYPE_SGITW                   = 0x817e
+	ETHERTYPE_SG_BOUNCE               = 0x8016
+	ETHERTYPE_SG_DIAG                 = 0x8013
+	ETHERTYPE_SG_NETGAMES             = 0x8014
+	ETHERTYPE_SG_RESV                 = 0x8015
+	ETHERTYPE_SIMNET                  = 0x5208
+	ETHERTYPE_SLOW                    = 0x8809
+	ETHERTYPE_SNA                     = 0x80d5
+	ETHERTYPE_SNMP                    = 0x814c
+	ETHERTYPE_SONIX                   = 0xfaf5
+	ETHERTYPE_SPIDER                  = 0x809f
+	ETHERTYPE_SPRITE                  = 0x500
+	ETHERTYPE_STP                     = 0x8181
+	ETHERTYPE_TALARIS                 = 0x812b
+	ETHERTYPE_TALARISMC               = 0x852b
+	ETHERTYPE_TCPCOMP                 = 0x876b
+	ETHERTYPE_TCPSM                   = 0x9002
+	ETHERTYPE_TEC                     = 0x814f
+	ETHERTYPE_TIGAN                   = 0x802f
+	ETHERTYPE_TRAIL                   = 0x1000
+	ETHERTYPE_TRANSETHER              = 0x6558
+	ETHERTYPE_TYMSHARE                = 0x802e
+	ETHERTYPE_UBBST                   = 0x7005
+	ETHERTYPE_UBDEBUG                 = 0x900
+	ETHERTYPE_UBDIAGLOOP              = 0x7002
+	ETHERTYPE_UBDL                    = 0x7000
+	ETHERTYPE_UBNIU                   = 0x7001
+	ETHERTYPE_UBNMC                   = 0x7003
+	ETHERTYPE_VALID                   = 0x1600
+	ETHERTYPE_VARIAN                  = 0x80dd
+	ETHERTYPE_VAXELN                  = 0x803b
+	ETHERTYPE_VEECO                   = 0x8067
+	ETHERTYPE_VEXP                    = 0x805b
+	ETHERTYPE_VGLAB                   = 0x8131
+	ETHERTYPE_VINES                   = 0xbad
+	ETHERTYPE_VINESECHO               = 0xbaf
+	ETHERTYPE_VINESLOOP               = 0xbae
+	ETHERTYPE_VITAL                   = 0xff00
+	ETHERTYPE_VLAN                    = 0x8100
+	ETHERTYPE_VLTLMAN                 = 0x8080
+	ETHERTYPE_VPROD                   = 0x805c
+	ETHERTYPE_VURESERVED              = 0x8147
+	ETHERTYPE_WATERLOO                = 0x8130
+	ETHERTYPE_WELLFLEET               = 0x8103
+	ETHERTYPE_X25                     = 0x805
+	ETHERTYPE_X75                     = 0x801
+	ETHERTYPE_XNSSM                   = 0x9001
+	ETHERTYPE_XTP                     = 0x817d
+	ETHER_ADDR_LEN                    = 0x6
+	ETHER_ALIGN                       = 0x2
+	ETHER_CRC_LEN                     = 0x4
+	ETHER_CRC_POLY_BE                 = 0x4c11db6
+	ETHER_CRC_POLY_LE                 = 0xedb88320
+	ETHER_HDR_LEN                     = 0xe
+	ETHER_MAX_DIX_LEN                 = 0x600
+	ETHER_MAX_HARDMTU_LEN             = 0xff9b
+	ETHER_MAX_LEN                     = 0x5ee
+	ETHER_MIN_LEN                     = 0x40
+	ETHER_TYPE_LEN                    = 0x2
+	ETHER_VLAN_ENCAP_LEN              = 0x4
+	EVFILT_AIO                        = -0x3
+	EVFILT_DEVICE                     = -0x8
+	EVFILT_PROC                       = -0x5
+	EVFILT_READ                       = -0x1
+	EVFILT_SIGNAL                     = -0x6
+	EVFILT_SYSCOUNT                   = 0x8
+	EVFILT_TIMER                      = -0x7
+	EVFILT_VNODE                      = -0x4
+	EVFILT_WRITE                      = -0x2
+	EVL_ENCAPLEN                      = 0x4
+	EVL_PRIO_BITS                     = 0xd
+	EVL_PRIO_MAX                      = 0x7
+	EVL_VLID_MASK                     = 0xfff
+	EVL_VLID_MAX                      = 0xffe
+	EVL_VLID_MIN                      = 0x1
+	EVL_VLID_NULL                     = 0x0
+	EV_ADD                            = 0x1
+	EV_CLEAR                          = 0x20
+	EV_DELETE                         = 0x2
+	EV_DISABLE                        = 0x8
+	EV_DISPATCH                       = 0x80
+	EV_ENABLE                         = 0x4
+	EV_EOF                            = 0x8000
+	EV_ERROR                          = 0x4000
+	EV_FLAG1                          = 0x2000
+	EV_ONESHOT                        = 0x10
+	EV_RECEIPT                        = 0x40
+	EV_SYSFLAGS                       = 0xf000
+	EXTA                              = 0x4b00
+	EXTB                              = 0x9600
+	EXTPROC                           = 0x800
+	FD_CLOEXEC                        = 0x1
+	FD_SETSIZE                        = 0x400
+	FLUSHO                            = 0x800000
+	F_DUPFD                           = 0x0
+	F_DUPFD_CLOEXEC                   = 0xa
+	F_GETFD                           = 0x1
+	F_GETFL                           = 0x3
+	F_GETLK                           = 0x7
+	F_GETOWN                          = 0x5
+	F_ISATTY                          = 0xb
+	F_OK                              = 0x0
+	F_RDLCK                           = 0x1
+	F_SETFD                           = 0x2
+	F_SETFL                           = 0x4
+	F_SETLK                           = 0x8
+	F_SETLKW                          = 0x9
+	F_SETOWN                          = 0x6
+	F_UNLCK                           = 0x2
+	F_WRLCK                           = 0x3
+	HUPCL                             = 0x4000
+	HW_MACHINE                        = 0x1
+	ICANON                            = 0x100
+	ICMP6_FILTER                      = 0x12
+	ICRNL                             = 0x100
+	IEXTEN                            = 0x400
+	IFAN_ARRIVAL                      = 0x0
+	IFAN_DEPARTURE                    = 0x1
+	IFF_ALLMULTI                      = 0x200
+	IFF_BROADCAST                     = 0x2
+	IFF_CANTCHANGE                    = 0x8e52
+	IFF_DEBUG                         = 0x4
+	IFF_LINK0                         = 0x1000
+	IFF_LINK1                         = 0x2000
+	IFF_LINK2                         = 0x4000
+	IFF_LOOPBACK                      = 0x8
+	IFF_MULTICAST                     = 0x8000
+	IFF_NOARP                         = 0x80
+	IFF_OACTIVE                       = 0x400
+	IFF_POINTOPOINT                   = 0x10
+	IFF_PROMISC                       = 0x100
+	IFF_RUNNING                       = 0x40
+	IFF_SIMPLEX                       = 0x800
+	IFF_STATICARP                     = 0x20
+	IFF_UP                            = 0x1
+	IFNAMSIZ                          = 0x10
+	IFT_1822                          = 0x2
+	IFT_A12MPPSWITCH                  = 0x82
+	IFT_AAL2                          = 0xbb
+	IFT_AAL5                          = 0x31
+	IFT_ADSL                          = 0x5e
+	IFT_AFLANE8023                    = 0x3b
+	IFT_AFLANE8025                    = 0x3c
+	IFT_ARAP                          = 0x58
+	IFT_ARCNET                        = 0x23
+	IFT_ARCNETPLUS                    = 0x24
+	IFT_ASYNC                         = 0x54
+	IFT_ATM                           = 0x25
+	IFT_ATMDXI                        = 0x69
+	IFT_ATMFUNI                       = 0x6a
+	IFT_ATMIMA                        = 0x6b
+	IFT_ATMLOGICAL                    = 0x50
+	IFT_ATMRADIO                      = 0xbd
+	IFT_ATMSUBINTERFACE               = 0x86
+	IFT_ATMVCIENDPT                   = 0xc2
+	IFT_ATMVIRTUAL                    = 0x95
+	IFT_BGPPOLICYACCOUNTING           = 0xa2
+	IFT_BLUETOOTH                     = 0xf8
+	IFT_BRIDGE                        = 0xd1
+	IFT_BSC                           = 0x53
+	IFT_CARP                          = 0xf7
+	IFT_CCTEMUL                       = 0x3d
+	IFT_CEPT                          = 0x13
+	IFT_CES                           = 0x85
+	IFT_CHANNEL                       = 0x46
+	IFT_CNR                           = 0x55
+	IFT_COFFEE                        = 0x84
+	IFT_COMPOSITELINK                 = 0x9b
+	IFT_DCN                           = 0x8d
+	IFT_DIGITALPOWERLINE              = 0x8a
+	IFT_DIGITALWRAPPEROVERHEADCHANNEL = 0xba
+	IFT_DLSW                          = 0x4a
+	IFT_DOCSCABLEDOWNSTREAM           = 0x80
+	IFT_DOCSCABLEMACLAYER             = 0x7f
+	IFT_DOCSCABLEUPSTREAM             = 0x81
+	IFT_DOCSCABLEUPSTREAMCHANNEL      = 0xcd
+	IFT_DS0                           = 0x51
+	IFT_DS0BUNDLE                     = 0x52
+	IFT_DS1FDL                        = 0xaa
+	IFT_DS3                           = 0x1e
+	IFT_DTM                           = 0x8c
+	IFT_DUMMY                         = 0xf1
+	IFT_DVBASILN                      = 0xac
+	IFT_DVBASIOUT                     = 0xad
+	IFT_DVBRCCDOWNSTREAM              = 0x93
+	IFT_DVBRCCMACLAYER                = 0x92
+	IFT_DVBRCCUPSTREAM                = 0x94
+	IFT_ECONET                        = 0xce
+	IFT_ENC                           = 0xf4
+	IFT_EON                           = 0x19
+	IFT_EPLRS                         = 0x57
+	IFT_ESCON                         = 0x49
+	IFT_ETHER                         = 0x6
+	IFT_FAITH                         = 0xf3
+	IFT_FAST                          = 0x7d
+	IFT_FASTETHER                     = 0x3e
+	IFT_FASTETHERFX                   = 0x45
+	IFT_FDDI                          = 0xf
+	IFT_FIBRECHANNEL                  = 0x38
+	IFT_FRAMERELAYINTERCONNECT        = 0x3a
+	IFT_FRAMERELAYMPI                 = 0x5c
+	IFT_FRDLCIENDPT                   = 0xc1
+	IFT_FRELAY                        = 0x20
+	IFT_FRELAYDCE                     = 0x2c
+	IFT_FRF16MFRBUNDLE                = 0xa3
+	IFT_FRFORWARD                     = 0x9e
+	IFT_G703AT2MB                     = 0x43
+	IFT_G703AT64K                     = 0x42
+	IFT_GIF                           = 0xf0
+	IFT_GIGABITETHERNET               = 0x75
+	IFT_GR303IDT                      = 0xb2
+	IFT_GR303RDT                      = 0xb1
+	IFT_H323GATEKEEPER                = 0xa4
+	IFT_H323PROXY                     = 0xa5
+	IFT_HDH1822                       = 0x3
+	IFT_HDLC                          = 0x76
+	IFT_HDSL2                         = 0xa8
+	IFT_HIPERLAN2                     = 0xb7
+	IFT_HIPPI                         = 0x2f
+	IFT_HIPPIINTERFACE                = 0x39
+	IFT_HOSTPAD                       = 0x5a
+	IFT_HSSI                          = 0x2e
+	IFT_HY                            = 0xe
+	IFT_IBM370PARCHAN                 = 0x48
+	IFT_IDSL                          = 0x9a
+	IFT_IEEE1394                      = 0x90
+	IFT_IEEE80211                     = 0x47
+	IFT_IEEE80212                     = 0x37
+	IFT_IEEE8023ADLAG                 = 0xa1
+	IFT_IFGSN                         = 0x91
+	IFT_IMT                           = 0xbe
+	IFT_INFINIBAND                    = 0xc7
+	IFT_INTERLEAVE                    = 0x7c
+	IFT_IP                            = 0x7e
+	IFT_IPFORWARD                     = 0x8e
+	IFT_IPOVERATM                     = 0x72
+	IFT_IPOVERCDLC                    = 0x6d
+	IFT_IPOVERCLAW                    = 0x6e
+	IFT_IPSWITCH                      = 0x4e
+	IFT_ISDN                          = 0x3f
+	IFT_ISDNBASIC                     = 0x14
+	IFT_ISDNPRIMARY                   = 0x15
+	IFT_ISDNS                         = 0x4b
+	IFT_ISDNU                         = 0x4c
+	IFT_ISO88022LLC                   = 0x29
+	IFT_ISO88023                      = 0x7
+	IFT_ISO88024                      = 0x8
+	IFT_ISO88025                      = 0x9
+	IFT_ISO88025CRFPINT               = 0x62
+	IFT_ISO88025DTR                   = 0x56
+	IFT_ISO88025FIBER                 = 0x73
+	IFT_ISO88026                      = 0xa
+	IFT_ISUP                          = 0xb3
+	IFT_L2VLAN                        = 0x87
+	IFT_L3IPVLAN                      = 0x88
+	IFT_L3IPXVLAN                     = 0x89
+	IFT_LAPB                          = 0x10
+	IFT_LAPD                          = 0x4d
+	IFT_LAPF                          = 0x77
+	IFT_LINEGROUP                     = 0xd2
+	IFT_LOCALTALK                     = 0x2a
+	IFT_LOOP                          = 0x18
+	IFT_MBIM                          = 0xfa
+	IFT_MEDIAMAILOVERIP               = 0x8b
+	IFT_MFSIGLINK                     = 0xa7
+	IFT_MIOX25                        = 0x26
+	IFT_MODEM                         = 0x30
+	IFT_MPC                           = 0x71
+	IFT_MPLS                          = 0xa6
+	IFT_MPLSTUNNEL                    = 0x96
+	IFT_MSDSL                         = 0x8f
+	IFT_MVL                           = 0xbf
+	IFT_MYRINET                       = 0x63
+	IFT_NFAS                          = 0xaf
+	IFT_NSIP                          = 0x1b
+	IFT_OPTICALCHANNEL                = 0xc3
+	IFT_OPTICALTRANSPORT              = 0xc4
+	IFT_OTHER                         = 0x1
+	IFT_P10                           = 0xc
+	IFT_P80                           = 0xd
+	IFT_PARA                          = 0x22
+	IFT_PFLOG                         = 0xf5
+	IFT_PFLOW                         = 0xf9
+	IFT_PFSYNC                        = 0xf6
+	IFT_PLC                           = 0xae
+	IFT_PON155                        = 0xcf
+	IFT_PON622                        = 0xd0
+	IFT_POS                           = 0xab
+	IFT_PPP                           = 0x17
+	IFT_PPPMULTILINKBUNDLE            = 0x6c
+	IFT_PROPATM                       = 0xc5
+	IFT_PROPBWAP2MP                   = 0xb8
+	IFT_PROPCNLS                      = 0x59
+	IFT_PROPDOCSWIRELESSDOWNSTREAM    = 0xb5
+	IFT_PROPDOCSWIRELESSMACLAYER      = 0xb4
+	IFT_PROPDOCSWIRELESSUPSTREAM      = 0xb6
+	IFT_PROPMUX                       = 0x36
+	IFT_PROPVIRTUAL                   = 0x35
+	IFT_PROPWIRELESSP2P               = 0x9d
+	IFT_PTPSERIAL                     = 0x16
+	IFT_PVC                           = 0xf2
+	IFT_Q2931                         = 0xc9
+	IFT_QLLC                          = 0x44
+	IFT_RADIOMAC                      = 0xbc
+	IFT_RADSL                         = 0x5f
+	IFT_REACHDSL                      = 0xc0
+	IFT_RFC1483                       = 0x9f
+	IFT_RS232                         = 0x21
+	IFT_RSRB                          = 0x4f
+	IFT_SDLC                          = 0x11
+	IFT_SDSL                          = 0x60
+	IFT_SHDSL                         = 0xa9
+	IFT_SIP                           = 0x1f
+	IFT_SIPSIG                        = 0xcc
+	IFT_SIPTG                         = 0xcb
+	IFT_SLIP                          = 0x1c
+	IFT_SMDSDXI                       = 0x2b
+	IFT_SMDSICIP                      = 0x34
+	IFT_SONET                         = 0x27
+	IFT_SONETOVERHEADCHANNEL          = 0xb9
+	IFT_SONETPATH                     = 0x32
+	IFT_SONETVT                       = 0x33
+	IFT_SRP                           = 0x97
+	IFT_SS7SIGLINK                    = 0x9c
+	IFT_STACKTOSTACK                  = 0x6f
+	IFT_STARLAN                       = 0xb
+	IFT_T1                            = 0x12
+	IFT_TDLC                          = 0x74
+	IFT_TELINK                        = 0xc8
+	IFT_TERMPAD                       = 0x5b
+	IFT_TR008                         = 0xb0
+	IFT_TRANSPHDLC                    = 0x7b
+	IFT_TUNNEL                        = 0x83
+	IFT_ULTRA                         = 0x1d
+	IFT_USB                           = 0xa0
+	IFT_V11                           = 0x40
+	IFT_V35                           = 0x2d
+	IFT_V36                           = 0x41
+	IFT_V37                           = 0x78
+	IFT_VDSL                          = 0x61
+	IFT_VIRTUALIPADDRESS              = 0x70
+	IFT_VIRTUALTG                     = 0xca
+	IFT_VOICEDID                      = 0xd5
+	IFT_VOICEEM                       = 0x64
+	IFT_VOICEEMFGD                    = 0xd3
+	IFT_VOICEENCAP                    = 0x67
+	IFT_VOICEFGDEANA                  = 0xd4
+	IFT_VOICEFXO                      = 0x65
+	IFT_VOICEFXS                      = 0x66
+	IFT_VOICEOVERATM                  = 0x98
+	IFT_VOICEOVERCABLE                = 0xc6
+	IFT_VOICEOVERFRAMERELAY           = 0x99
+	IFT_VOICEOVERIP                   = 0x68
+	IFT_X213                          = 0x5d
+	IFT_X25                           = 0x5
+	IFT_X25DDN                        = 0x4
+	IFT_X25HUNTGROUP                  = 0x7a
+	IFT_X25MLP                        = 0x79
+	IFT_X25PLE                        = 0x28
+	IFT_XETHER                        = 0x1a
+	IGNBRK                            = 0x1
+	IGNCR                             = 0x80
+	IGNPAR                            = 0x4
+	IMAXBEL                           = 0x2000
+	INLCR                             = 0x40
+	INPCK                             = 0x10
+	IN_CLASSA_HOST                    = 0xffffff
+	IN_CLASSA_MAX                     = 0x80
+	IN_CLASSA_NET                     = 0xff000000
+	IN_CLASSA_NSHIFT                  = 0x18
+	IN_CLASSB_HOST                    = 0xffff
+	IN_CLASSB_MAX                     = 0x10000
+	IN_CLASSB_NET                     = 0xffff0000
+	IN_CLASSB_NSHIFT                  = 0x10
+	IN_CLASSC_HOST                    = 0xff
+	IN_CLASSC_NET                     = 0xffffff00
+	IN_CLASSC_NSHIFT                  = 0x8
+	IN_CLASSD_HOST                    = 0xfffffff
+	IN_CLASSD_NET                     = 0xf0000000
+	IN_CLASSD_NSHIFT                  = 0x1c
+	IN_LOOPBACKNET                    = 0x7f
+	IN_RFC3021_HOST                   = 0x1
+	IN_RFC3021_NET                    = 0xfffffffe
+	IN_RFC3021_NSHIFT                 = 0x1f
+	IPPROTO_AH                        = 0x33
+	IPPROTO_CARP                      = 0x70
+	IPPROTO_DIVERT                    = 0x102
+	IPPROTO_DONE                      = 0x101
+	IPPROTO_DSTOPTS                   = 0x3c
+	IPPROTO_EGP                       = 0x8
+	IPPROTO_ENCAP                     = 0x62
+	IPPROTO_EON                       = 0x50
+	IPPROTO_ESP                       = 0x32
+	IPPROTO_ETHERIP                   = 0x61
+	IPPROTO_FRAGMENT                  = 0x2c
+	IPPROTO_GGP                       = 0x3
+	IPPROTO_GRE                       = 0x2f
+	IPPROTO_HOPOPTS                   = 0x0
+	IPPROTO_ICMP                      = 0x1
+	IPPROTO_ICMPV6                    = 0x3a
+	IPPROTO_IDP                       = 0x16
+	IPPROTO_IGMP                      = 0x2
+	IPPROTO_IP                        = 0x0
+	IPPROTO_IPCOMP                    = 0x6c
+	IPPROTO_IPIP                      = 0x4
+	IPPROTO_IPV4                      = 0x4
+	IPPROTO_IPV6                      = 0x29
+	IPPROTO_MAX                       = 0x100
+	IPPROTO_MAXID                     = 0x103
+	IPPROTO_MOBILE                    = 0x37
+	IPPROTO_MPLS                      = 0x89
+	IPPROTO_NONE                      = 0x3b
+	IPPROTO_PFSYNC                    = 0xf0
+	IPPROTO_PIM                       = 0x67
+	IPPROTO_PUP                       = 0xc
+	IPPROTO_RAW                       = 0xff
+	IPPROTO_ROUTING                   = 0x2b
+	IPPROTO_RSVP                      = 0x2e
+	IPPROTO_TCP                       = 0x6
+	IPPROTO_TP                        = 0x1d
+	IPPROTO_UDP                       = 0x11
+	IPV6_AUTH_LEVEL                   = 0x35
+	IPV6_AUTOFLOWLABEL                = 0x3b
+	IPV6_CHECKSUM                     = 0x1a
+	IPV6_DEFAULT_MULTICAST_HOPS       = 0x1
+	IPV6_DEFAULT_MULTICAST_LOOP       = 0x1
+	IPV6_DEFHLIM                      = 0x40
+	IPV6_DONTFRAG                     = 0x3e
+	IPV6_DSTOPTS                      = 0x32
+	IPV6_ESP_NETWORK_LEVEL            = 0x37
+	IPV6_ESP_TRANS_LEVEL              = 0x36
+	IPV6_FAITH                        = 0x1d
+	IPV6_FLOWINFO_MASK                = 0xffffff0f
+	IPV6_FLOWLABEL_MASK               = 0xffff0f00
+	IPV6_FRAGTTL                      = 0x78
+	IPV6_HLIMDEC                      = 0x1
+	IPV6_HOPLIMIT                     = 0x2f
+	IPV6_HOPOPTS                      = 0x31
+	IPV6_IPCOMP_LEVEL                 = 0x3c
+	IPV6_JOIN_GROUP                   = 0xc
+	IPV6_LEAVE_GROUP                  = 0xd
+	IPV6_MAXHLIM                      = 0xff
+	IPV6_MAXPACKET                    = 0xffff
+	IPV6_MINHOPCOUNT                  = 0x41
+	IPV6_MMTU                         = 0x500
+	IPV6_MULTICAST_HOPS               = 0xa
+	IPV6_MULTICAST_IF                 = 0x9
+	IPV6_MULTICAST_LOOP               = 0xb
+	IPV6_NEXTHOP                      = 0x30
+	IPV6_OPTIONS                      = 0x1
+	IPV6_PATHMTU                      = 0x2c
+	IPV6_PIPEX                        = 0x3f
+	IPV6_PKTINFO                      = 0x2e
+	IPV6_PORTRANGE                    = 0xe
+	IPV6_PORTRANGE_DEFAULT            = 0x0
+	IPV6_PORTRANGE_HIGH               = 0x1
+	IPV6_PORTRANGE_LOW                = 0x2
+	IPV6_RECVDSTOPTS                  = 0x28
+	IPV6_RECVDSTPORT                  = 0x40
+	IPV6_RECVHOPLIMIT                 = 0x25
+	IPV6_RECVHOPOPTS                  = 0x27
+	IPV6_RECVPATHMTU                  = 0x2b
+	IPV6_RECVPKTINFO                  = 0x24
+	IPV6_RECVRTHDR                    = 0x26
+	IPV6_RECVTCLASS                   = 0x39
+	IPV6_RTABLE                       = 0x1021
+	IPV6_RTHDR                        = 0x33
+	IPV6_RTHDRDSTOPTS                 = 0x23
+	IPV6_RTHDR_LOOSE                  = 0x0
+	IPV6_RTHDR_STRICT                 = 0x1
+	IPV6_RTHDR_TYPE_0                 = 0x0
+	IPV6_SOCKOPT_RESERVED1            = 0x3
+	IPV6_TCLASS                       = 0x3d
+	IPV6_UNICAST_HOPS                 = 0x4
+	IPV6_USE_MIN_MTU                  = 0x2a
+	IPV6_V6ONLY                       = 0x1b
+	IPV6_VERSION                      = 0x60
+	IPV6_VERSION_MASK                 = 0xf0
+	IP_ADD_MEMBERSHIP                 = 0xc
+	IP_AUTH_LEVEL                     = 0x14
+	IP_DEFAULT_MULTICAST_LOOP         = 0x1
+	IP_DEFAULT_MULTICAST_TTL          = 0x1
+	IP_DF                             = 0x4000
+	IP_DROP_MEMBERSHIP                = 0xd
+	IP_ESP_NETWORK_LEVEL              = 0x16
+	IP_ESP_TRANS_LEVEL                = 0x15
+	IP_HDRINCL                        = 0x2
+	IP_IPCOMP_LEVEL                   = 0x1d
+	IP_IPDEFTTL                       = 0x25
+	IP_IPSECFLOWINFO                  = 0x24
+	IP_IPSEC_LOCAL_AUTH               = 0x1b
+	IP_IPSEC_LOCAL_CRED               = 0x19
+	IP_IPSEC_LOCAL_ID                 = 0x17
+	IP_IPSEC_REMOTE_AUTH              = 0x1c
+	IP_IPSEC_REMOTE_CRED              = 0x1a
+	IP_IPSEC_REMOTE_ID                = 0x18
+	IP_MAXPACKET                      = 0xffff
+	IP_MAX_MEMBERSHIPS                = 0xfff
+	IP_MF                             = 0x2000
+	IP_MINTTL                         = 0x20
+	IP_MIN_MEMBERSHIPS                = 0xf
+	IP_MSS                            = 0x240
+	IP_MULTICAST_IF                   = 0x9
+	IP_MULTICAST_LOOP                 = 0xb
+	IP_MULTICAST_TTL                  = 0xa
+	IP_OFFMASK                        = 0x1fff
+	IP_OPTIONS                        = 0x1
+	IP_PIPEX                          = 0x22
+	IP_PORTRANGE                      = 0x13
+	IP_PORTRANGE_DEFAULT              = 0x0
+	IP_PORTRANGE_HIGH                 = 0x1
+	IP_PORTRANGE_LOW                  = 0x2
+	IP_RECVDSTADDR                    = 0x7
+	IP_RECVDSTPORT                    = 0x21
+	IP_RECVIF                         = 0x1e
+	IP_RECVOPTS                       = 0x5
+	IP_RECVRETOPTS                    = 0x6
+	IP_RECVRTABLE                     = 0x23
+	IP_RECVTTL                        = 0x1f
+	IP_RETOPTS                        = 0x8
+	IP_RF                             = 0x8000
+	IP_RTABLE                         = 0x1021
+	IP_SENDSRCADDR                    = 0x7
+	IP_TOS                            = 0x3
+	IP_TTL                            = 0x4
+	ISIG                              = 0x80
+	ISTRIP                            = 0x20
+	IUCLC                             = 0x1000
+	IXANY                             = 0x800
+	IXOFF                             = 0x400
+	IXON                              = 0x200
+	KERN_HOSTNAME                     = 0xa
+	KERN_OSRELEASE                    = 0x2
+	KERN_OSTYPE                       = 0x1
+	KERN_VERSION                      = 0x4
+	LCNT_OVERLOAD_FLUSH               = 0x6
+	LOCK_EX                           = 0x2
+	LOCK_NB                           = 0x4
+	LOCK_SH                           = 0x1
+	LOCK_UN                           = 0x8
+	MADV_DONTNEED                     = 0x4
+	MADV_FREE                         = 0x6
+	MADV_NORMAL                       = 0x0
+	MADV_RANDOM                       = 0x1
+	MADV_SEQUENTIAL                   = 0x2
+	MADV_SPACEAVAIL                   = 0x5
+	MADV_WILLNEED                     = 0x3
+	MAP_ANON                          = 0x1000
+	MAP_ANONYMOUS                     = 0x1000
+	MAP_CONCEAL                       = 0x8000
+	MAP_COPY                          = 0x2
+	MAP_FILE                          = 0x0
+	MAP_FIXED                         = 0x10
+	MAP_FLAGMASK                      = 0xfff7
+	MAP_HASSEMAPHORE                  = 0x0
+	MAP_INHERIT                       = 0x0
+	MAP_INHERIT_COPY                  = 0x1
+	MAP_INHERIT_NONE                  = 0x2
+	MAP_INHERIT_SHARE                 = 0x0
+	MAP_INHERIT_ZERO                  = 0x3
+	MAP_NOEXTEND                      = 0x0
+	MAP_NORESERVE                     = 0x0
+	MAP_PRIVATE                       = 0x2
+	MAP_RENAME                        = 0x0
+	MAP_SHARED                        = 0x1
+	MAP_STACK                         = 0x4000
+	MAP_TRYFIXED                      = 0x0
+	MCL_CURRENT                       = 0x1
+	MCL_FUTURE                        = 0x2
+	MNT_ASYNC                         = 0x40
+	MNT_DEFEXPORTED                   = 0x200
+	MNT_DELEXPORT                     = 0x20000
+	MNT_DOOMED                        = 0x8000000
+	MNT_EXPORTANON                    = 0x400
+	MNT_EXPORTED                      = 0x100
+	MNT_EXRDONLY                      = 0x80
+	MNT_FORCE                         = 0x80000
+	MNT_LAZY                          = 0x3
+	MNT_LOCAL                         = 0x1000
+	MNT_NOATIME                       = 0x8000
+	MNT_NODEV                         = 0x10
+	MNT_NOEXEC                        = 0x4
+	MNT_NOPERM                        = 0x20
+	MNT_NOSUID                        = 0x8
+	MNT_NOWAIT                        = 0x2
+	MNT_QUOTA                         = 0x2000
+	MNT_RDONLY                        = 0x1
+	MNT_RELOAD                        = 0x40000
+	MNT_ROOTFS                        = 0x4000
+	MNT_SOFTDEP                       = 0x4000000
+	MNT_STALLED                       = 0x100000
+	MNT_SWAPPABLE                     = 0x200000
+	MNT_SYNCHRONOUS                   = 0x2
+	MNT_UPDATE                        = 0x10000
+	MNT_VISFLAGMASK                   = 0x400ffff
+	MNT_WAIT                          = 0x1
+	MNT_WANTRDWR                      = 0x2000000
+	MNT_WXALLOWED                     = 0x800
+	MSG_BCAST                         = 0x100
+	MSG_CMSG_CLOEXEC                  = 0x800
+	MSG_CTRUNC                        = 0x20
+	MSG_DONTROUTE                     = 0x4
+	MSG_DONTWAIT                      = 0x80
+	MSG_EOR                           = 0x8
+	MSG_MCAST                         = 0x200
+	MSG_NOSIGNAL                      = 0x400
+	MSG_OOB                           = 0x1
+	MSG_PEEK                          = 0x2
+	MSG_TRUNC                         = 0x10
+	MSG_WAITALL                       = 0x40
+	MS_ASYNC                          = 0x1
+	MS_INVALIDATE                     = 0x4
+	MS_SYNC                           = 0x2
+	NAME_MAX                          = 0xff
+	NET_RT_DUMP                       = 0x1
+	NET_RT_FLAGS                      = 0x2
+	NET_RT_IFLIST                     = 0x3
+	NET_RT_IFNAMES                    = 0x6
+	NET_RT_MAXID                      = 0x7
+	NET_RT_STATS                      = 0x4
+	NET_RT_TABLE                      = 0x5
+	NFDBITS                           = 0x20
+	NOFLSH                            = 0x80000000
+	NOKERNINFO                        = 0x2000000
+	NOTE_ATTRIB                       = 0x8
+	NOTE_CHANGE                       = 0x1
+	NOTE_CHILD                        = 0x4
+	NOTE_DELETE                       = 0x1
+	NOTE_EOF                          = 0x2
+	NOTE_EXEC                         = 0x20000000
+	NOTE_EXIT                         = 0x80000000
+	NOTE_EXTEND                       = 0x4
+	NOTE_FORK                         = 0x40000000
+	NOTE_LINK                         = 0x10
+	NOTE_LOWAT                        = 0x1
+	NOTE_PCTRLMASK                    = 0xf0000000
+	NOTE_PDATAMASK                    = 0xfffff
+	NOTE_RENAME                       = 0x20
+	NOTE_REVOKE                       = 0x40
+	NOTE_TRACK                        = 0x1
+	NOTE_TRACKERR                     = 0x2
+	NOTE_TRUNCATE                     = 0x80
+	NOTE_WRITE                        = 0x2
+	OCRNL                             = 0x10
+	OLCUC                             = 0x20
+	ONLCR                             = 0x2
+	ONLRET                            = 0x80
+	ONOCR                             = 0x40
+	ONOEOT                            = 0x8
+	OPOST                             = 0x1
+	OXTABS                            = 0x4
+	O_ACCMODE                         = 0x3
+	O_APPEND                          = 0x8
+	O_ASYNC                           = 0x40
+	O_CLOEXEC                         = 0x10000
+	O_CREAT                           = 0x200
+	O_DIRECTORY                       = 0x20000
+	O_DSYNC                           = 0x80
+	O_EXCL                            = 0x800
+	O_EXLOCK                          = 0x20
+	O_FSYNC                           = 0x80
+	O_NDELAY                          = 0x4
+	O_NOCTTY                          = 0x8000
+	O_NOFOLLOW                        = 0x100
+	O_NONBLOCK                        = 0x4
+	O_RDONLY                          = 0x0
+	O_RDWR                            = 0x2
+	O_RSYNC                           = 0x80
+	O_SHLOCK                          = 0x10
+	O_SYNC                            = 0x80
+	O_TRUNC                           = 0x400
+	O_WRONLY                          = 0x1
+	PARENB                            = 0x1000
+	PARMRK                            = 0x8
+	PARODD                            = 0x2000
+	PENDIN                            = 0x20000000
+	PF_FLUSH                          = 0x1
+	PRIO_PGRP                         = 0x1
+	PRIO_PROCESS                      = 0x0
+	PRIO_USER                         = 0x2
+	PROT_EXEC                         = 0x4
+	PROT_NONE                         = 0x0
+	PROT_READ                         = 0x1
+	PROT_WRITE                        = 0x2
+	RLIMIT_CORE                       = 0x4
+	RLIMIT_CPU                        = 0x0
+	RLIMIT_DATA                       = 0x2
+	RLIMIT_FSIZE                      = 0x1
+	RLIMIT_MEMLOCK                    = 0x6
+	RLIMIT_NOFILE                     = 0x8
+	RLIMIT_NPROC                      = 0x7
+	RLIMIT_RSS                        = 0x5
+	RLIMIT_STACK                      = 0x3
+	RLIM_INFINITY                     = 0x7fffffffffffffff
+	RTAX_AUTHOR                       = 0x6
+	RTAX_BFD                          = 0xb
+	RTAX_BRD                          = 0x7
+	RTAX_DNS                          = 0xc
+	RTAX_DST                          = 0x0
+	RTAX_GATEWAY                      = 0x1
+	RTAX_GENMASK                      = 0x3
+	RTAX_IFA                          = 0x5
+	RTAX_IFP                          = 0x4
+	RTAX_LABEL                        = 0xa
+	RTAX_MAX                          = 0xf
+	RTAX_NETMASK                      = 0x2
+	RTAX_SEARCH                       = 0xe
+	RTAX_SRC                          = 0x8
+	RTAX_SRCMASK                      = 0x9
+	RTAX_STATIC                       = 0xd
+	RTA_AUTHOR                        = 0x40
+	RTA_BFD                           = 0x800
+	RTA_BRD                           = 0x80
+	RTA_DNS                           = 0x1000
+	RTA_DST                           = 0x1
+	RTA_GATEWAY                       = 0x2
+	RTA_GENMASK                       = 0x8
+	RTA_IFA                           = 0x20
+	RTA_IFP                           = 0x10
+	RTA_LABEL                         = 0x400
+	RTA_NETMASK                       = 0x4
+	RTA_SEARCH                        = 0x4000
+	RTA_SRC                           = 0x100
+	RTA_SRCMASK                       = 0x200
+	RTA_STATIC                        = 0x2000
+	RTF_ANNOUNCE                      = 0x4000
+	RTF_BFD                           = 0x1000000
+	RTF_BLACKHOLE                     = 0x1000
+	RTF_BROADCAST                     = 0x400000
+	RTF_CACHED                        = 0x20000
+	RTF_CLONED                        = 0x10000
+	RTF_CLONING                       = 0x100
+	RTF_CONNECTED                     = 0x800000
+	RTF_DONE                          = 0x40
+	RTF_DYNAMIC                       = 0x10
+	RTF_FMASK                         = 0x110fc08
+	RTF_GATEWAY                       = 0x2
+	RTF_HOST                          = 0x4
+	RTF_LLINFO                        = 0x400
+	RTF_LOCAL                         = 0x200000
+	RTF_MODIFIED                      = 0x20
+	RTF_MPATH                         = 0x40000
+	RTF_MPLS                          = 0x100000
+	RTF_MULTICAST                     = 0x200
+	RTF_PERMANENT_ARP                 = 0x2000
+	RTF_PROTO1                        = 0x8000
+	RTF_PROTO2                        = 0x4000
+	RTF_PROTO3                        = 0x2000
+	RTF_REJECT                        = 0x8
+	RTF_STATIC                        = 0x800
+	RTF_UP                            = 0x1
+	RTF_USETRAILERS                   = 0x8000
+	RTM_80211INFO                     = 0x15
+	RTM_ADD                           = 0x1
+	RTM_BFD                           = 0x12
+	RTM_CHANGE                        = 0x3
+	RTM_CHGADDRATTR                   = 0x14
+	RTM_DELADDR                       = 0xd
+	RTM_DELETE                        = 0x2
+	RTM_DESYNC                        = 0x10
+	RTM_GET                           = 0x4
+	RTM_IFANNOUNCE                    = 0xf
+	RTM_IFINFO                        = 0xe
+	RTM_INVALIDATE                    = 0x11
+	RTM_LOSING                        = 0x5
+	RTM_MAXSIZE                       = 0x800
+	RTM_MISS                          = 0x7
+	RTM_NEWADDR                       = 0xc
+	RTM_PROPOSAL                      = 0x13
+	RTM_REDIRECT                      = 0x6
+	RTM_RESOLVE                       = 0xb
+	RTM_RTTUNIT                       = 0xf4240
+	RTM_VERSION                       = 0x5
+	RTV_EXPIRE                        = 0x4
+	RTV_HOPCOUNT                      = 0x2
+	RTV_MTU                           = 0x1
+	RTV_RPIPE                         = 0x8
+	RTV_RTT                           = 0x40
+	RTV_RTTVAR                        = 0x80
+	RTV_SPIPE                         = 0x10
+	RTV_SSTHRESH                      = 0x20
+	RT_TABLEID_BITS                   = 0x8
+	RT_TABLEID_MASK                   = 0xff
+	RT_TABLEID_MAX                    = 0xff
+	RUSAGE_CHILDREN                   = -0x1
+	RUSAGE_SELF                       = 0x0
+	RUSAGE_THREAD                     = 0x1
+	SCM_RIGHTS                        = 0x1
+	SCM_TIMESTAMP                     = 0x4
+	SHUT_RD                           = 0x0
+	SHUT_RDWR                         = 0x2
+	SHUT_WR                           = 0x1
+	SIOCADDMULTI                      = 0x80206931
+	SIOCAIFADDR                       = 0x8040691a
+	SIOCAIFGROUP                      = 0x80286987
+	SIOCATMARK                        = 0x40047307
+	SIOCBRDGADD                       = 0x8060693c
+	SIOCBRDGADDL                      = 0x80606949
+	SIOCBRDGADDS                      = 0x80606941
+	SIOCBRDGARL                       = 0x808c694d
+	SIOCBRDGDADDR                     = 0x81286947
+	SIOCBRDGDEL                       = 0x8060693d
+	SIOCBRDGDELS                      = 0x80606942
+	SIOCBRDGFLUSH                     = 0x80606948
+	SIOCBRDGFRL                       = 0x808c694e
+	SIOCBRDGGCACHE                    = 0xc0186941
+	SIOCBRDGGFD                       = 0xc0186952
+	SIOCBRDGGHT                       = 0xc0186951
+	SIOCBRDGGIFFLGS                   = 0xc060693e
+	SIOCBRDGGMA                       = 0xc0186953
+	SIOCBRDGGPARAM                    = 0xc0406958
+	SIOCBRDGGPRI                      = 0xc0186950
+	SIOCBRDGGRL                       = 0xc030694f
+	SIOCBRDGGTO                       = 0xc0186946
+	SIOCBRDGIFS                       = 0xc0606942
+	SIOCBRDGRTS                       = 0xc0206943
+	SIOCBRDGSADDR                     = 0xc1286944
+	SIOCBRDGSCACHE                    = 0x80186940
+	SIOCBRDGSFD                       = 0x80186952
+	SIOCBRDGSHT                       = 0x80186951
+	SIOCBRDGSIFCOST                   = 0x80606955
+	SIOCBRDGSIFFLGS                   = 0x8060693f
+	SIOCBRDGSIFPRIO                   = 0x80606954
+	SIOCBRDGSIFPROT                   = 0x8060694a
+	SIOCBRDGSMA                       = 0x80186953
+	SIOCBRDGSPRI                      = 0x80186950
+	SIOCBRDGSPROTO                    = 0x8018695a
+	SIOCBRDGSTO                       = 0x80186945
+	SIOCBRDGSTXHC                     = 0x80186959
+	SIOCDELLABEL                      = 0x80206997
+	SIOCDELMULTI                      = 0x80206932
+	SIOCDIFADDR                       = 0x80206919
+	SIOCDIFGROUP                      = 0x80286989
+	SIOCDIFPARENT                     = 0x802069b4
+	SIOCDIFPHYADDR                    = 0x80206949
+	SIOCDPWE3NEIGHBOR                 = 0x802069de
+	SIOCDVNETID                       = 0x802069af
+	SIOCGETKALIVE                     = 0xc01869a4
+	SIOCGETLABEL                      = 0x8020699a
+	SIOCGETMPWCFG                     = 0xc02069ae
+	SIOCGETPFLOW                      = 0xc02069fe
+	SIOCGETPFSYNC                     = 0xc02069f8
+	SIOCGETSGCNT                      = 0xc0207534
+	SIOCGETVIFCNT                     = 0xc0287533
+	SIOCGETVLAN                       = 0xc0206990
+	SIOCGIFADDR                       = 0xc0206921
+	SIOCGIFBRDADDR                    = 0xc0206923
+	SIOCGIFCONF                       = 0xc0106924
+	SIOCGIFDATA                       = 0xc020691b
+	SIOCGIFDESCR                      = 0xc0206981
+	SIOCGIFDSTADDR                    = 0xc0206922
+	SIOCGIFFLAGS                      = 0xc0206911
+	SIOCGIFGATTR                      = 0xc028698b
+	SIOCGIFGENERIC                    = 0xc020693a
+	SIOCGIFGLIST                      = 0xc028698d
+	SIOCGIFGMEMB                      = 0xc028698a
+	SIOCGIFGROUP                      = 0xc0286988
+	SIOCGIFHARDMTU                    = 0xc02069a5
+	SIOCGIFLLPRIO                     = 0xc02069b6
+	SIOCGIFMEDIA                      = 0xc0406938
+	SIOCGIFMETRIC                     = 0xc0206917
+	SIOCGIFMTU                        = 0xc020697e
+	SIOCGIFNETMASK                    = 0xc0206925
+	SIOCGIFPAIR                       = 0xc02069b1
+	SIOCGIFPARENT                     = 0xc02069b3
+	SIOCGIFPRIORITY                   = 0xc020699c
+	SIOCGIFRDOMAIN                    = 0xc02069a0
+	SIOCGIFRTLABEL                    = 0xc0206983
+	SIOCGIFRXR                        = 0x802069aa
+	SIOCGIFSFFPAGE                    = 0xc1126939
+	SIOCGIFXFLAGS                     = 0xc020699e
+	SIOCGLIFPHYADDR                   = 0xc218694b
+	SIOCGLIFPHYDF                     = 0xc02069c2
+	SIOCGLIFPHYECN                    = 0xc02069c8
+	SIOCGLIFPHYRTABLE                 = 0xc02069a2
+	SIOCGLIFPHYTTL                    = 0xc02069a9
+	SIOCGPGRP                         = 0x40047309
+	SIOCGPWE3                         = 0xc0206998
+	SIOCGPWE3CTRLWORD                 = 0xc02069dc
+	SIOCGPWE3FAT                      = 0xc02069dd
+	SIOCGPWE3NEIGHBOR                 = 0xc21869de
+	SIOCGSPPPPARAMS                   = 0xc0206994
+	SIOCGTXHPRIO                      = 0xc02069c6
+	SIOCGUMBINFO                      = 0xc02069be
+	SIOCGUMBPARAM                     = 0xc02069c0
+	SIOCGVH                           = 0xc02069f6
+	SIOCGVNETFLOWID                   = 0xc02069c4
+	SIOCGVNETID                       = 0xc02069a7
+	SIOCIFAFATTACH                    = 0x801169ab
+	SIOCIFAFDETACH                    = 0x801169ac
+	SIOCIFCREATE                      = 0x8020697a
+	SIOCIFDESTROY                     = 0x80206979
+	SIOCIFGCLONERS                    = 0xc0106978
+	SIOCSETKALIVE                     = 0x801869a3
+	SIOCSETLABEL                      = 0x80206999
+	SIOCSETMPWCFG                     = 0x802069ad
+	SIOCSETPFLOW                      = 0x802069fd
+	SIOCSETPFSYNC                     = 0x802069f7
+	SIOCSETVLAN                       = 0x8020698f
+	SIOCSIFADDR                       = 0x8020690c
+	SIOCSIFBRDADDR                    = 0x80206913
+	SIOCSIFDESCR                      = 0x80206980
+	SIOCSIFDSTADDR                    = 0x8020690e
+	SIOCSIFFLAGS                      = 0x80206910
+	SIOCSIFGATTR                      = 0x8028698c
+	SIOCSIFGENERIC                    = 0x80206939
+	SIOCSIFLLADDR                     = 0x8020691f
+	SIOCSIFLLPRIO                     = 0x802069b5
+	SIOCSIFMEDIA                      = 0xc0206937
+	SIOCSIFMETRIC                     = 0x80206918
+	SIOCSIFMTU                        = 0x8020697f
+	SIOCSIFNETMASK                    = 0x80206916
+	SIOCSIFPAIR                       = 0x802069b0
+	SIOCSIFPARENT                     = 0x802069b2
+	SIOCSIFPRIORITY                   = 0x8020699b
+	SIOCSIFRDOMAIN                    = 0x8020699f
+	SIOCSIFRTLABEL                    = 0x80206982
+	SIOCSIFXFLAGS                     = 0x8020699d
+	SIOCSLIFPHYADDR                   = 0x8218694a
+	SIOCSLIFPHYDF                     = 0x802069c1
+	SIOCSLIFPHYECN                    = 0x802069c7
+	SIOCSLIFPHYRTABLE                 = 0x802069a1
+	SIOCSLIFPHYTTL                    = 0x802069a8
+	SIOCSPGRP                         = 0x80047308
+	SIOCSPWE3CTRLWORD                 = 0x802069dc
+	SIOCSPWE3FAT                      = 0x802069dd
+	SIOCSPWE3NEIGHBOR                 = 0x821869de
+	SIOCSSPPPPARAMS                   = 0x80206993
+	SIOCSTXHPRIO                      = 0x802069c5
+	SIOCSUMBPARAM                     = 0x802069bf
+	SIOCSVH                           = 0xc02069f5
+	SIOCSVNETFLOWID                   = 0x802069c3
+	SIOCSVNETID                       = 0x802069a6
+	SIOCSWGDPID                       = 0xc018695b
+	SIOCSWGMAXFLOW                    = 0xc0186960
+	SIOCSWGMAXGROUP                   = 0xc018695d
+	SIOCSWSDPID                       = 0x8018695c
+	SIOCSWSPORTNO                     = 0xc060695f
+	SOCK_CLOEXEC                      = 0x8000
+	SOCK_DGRAM                        = 0x2
+	SOCK_DNS                          = 0x1000
+	SOCK_NONBLOCK                     = 0x4000
+	SOCK_RAW                          = 0x3
+	SOCK_RDM                          = 0x4
+	SOCK_SEQPACKET                    = 0x5
+	SOCK_STREAM                       = 0x1
+	SOL_SOCKET                        = 0xffff
+	SOMAXCONN                         = 0x80
+	SO_ACCEPTCONN                     = 0x2
+	SO_BINDANY                        = 0x1000
+	SO_BROADCAST                      = 0x20
+	SO_DEBUG                          = 0x1
+	SO_DONTROUTE                      = 0x10
+	SO_ERROR                          = 0x1007
+	SO_KEEPALIVE                      = 0x8
+	SO_LINGER                         = 0x80
+	SO_NETPROC                        = 0x1020
+	SO_OOBINLINE                      = 0x100
+	SO_PEERCRED                       = 0x1022
+	SO_RCVBUF                         = 0x1002
+	SO_RCVLOWAT                       = 0x1004
+	SO_RCVTIMEO                       = 0x1006
+	SO_REUSEADDR                      = 0x4
+	SO_REUSEPORT                      = 0x200
+	SO_RTABLE                         = 0x1021
+	SO_SNDBUF                         = 0x1001
+	SO_SNDLOWAT                       = 0x1003
+	SO_SNDTIMEO                       = 0x1005
+	SO_SPLICE                         = 0x1023
+	SO_TIMESTAMP                      = 0x800
+	SO_TYPE                           = 0x1008
+	SO_USELOOPBACK                    = 0x40
+	SO_ZEROIZE                        = 0x2000
+	S_BLKSIZE                         = 0x200
+	S_IEXEC                           = 0x40
+	S_IFBLK                           = 0x6000
+	S_IFCHR                           = 0x2000
+	S_IFDIR                           = 0x4000
+	S_IFIFO                           = 0x1000
+	S_IFLNK                           = 0xa000
+	S_IFMT                            = 0xf000
+	S_IFREG                           = 0x8000
+	S_IFSOCK                          = 0xc000
+	S_IREAD                           = 0x100
+	S_IRGRP                           = 0x20
+	S_IROTH                           = 0x4
+	S_IRUSR                           = 0x100
+	S_IRWXG                           = 0x38
+	S_IRWXO                           = 0x7
+	S_IRWXU                           = 0x1c0
+	S_ISGID                           = 0x400
+	S_ISTXT                           = 0x200
+	S_ISUID                           = 0x800
+	S_ISVTX                           = 0x200
+	S_IWGRP                           = 0x10
+	S_IWOTH                           = 0x2
+	S_IWRITE                          = 0x80
+	S_IWUSR                           = 0x80
+	S_IXGRP                           = 0x8
+	S_IXOTH                           = 0x1
+	S_IXUSR                           = 0x40
+	TCIFLUSH                          = 0x1
+	TCIOFF                            = 0x3
+	TCIOFLUSH                         = 0x3
+	TCION                             = 0x4
+	TCOFLUSH                          = 0x2
+	TCOOFF                            = 0x1
+	TCOON                             = 0x2
+	TCP_MAXBURST                      = 0x4
+	TCP_MAXSEG                        = 0x2
+	TCP_MAXWIN                        = 0xffff
+	TCP_MAX_SACK                      = 0x3
+	TCP_MAX_WINSHIFT                  = 0xe
+	TCP_MD5SIG                        = 0x4
+	TCP_MSS                           = 0x200
+	TCP_NODELAY                       = 0x1
+	TCP_NOPUSH                        = 0x10
+	TCP_SACK_ENABLE                   = 0x8
+	TCSAFLUSH                         = 0x2
+	TIMER_ABSTIME                     = 0x1
+	TIMER_RELTIME                     = 0x0
+	TIOCCBRK                          = 0x2000747a
+	TIOCCDTR                          = 0x20007478
+	TIOCCHKVERAUTH                    = 0x2000741e
+	TIOCCLRVERAUTH                    = 0x2000741d
+	TIOCCONS                          = 0x80047462
+	TIOCDRAIN                         = 0x2000745e
+	TIOCEXCL                          = 0x2000740d
+	TIOCEXT                           = 0x80047460
+	TIOCFLAG_CLOCAL                   = 0x2
+	TIOCFLAG_CRTSCTS                  = 0x4
+	TIOCFLAG_MDMBUF                   = 0x8
+	TIOCFLAG_PPS                      = 0x10
+	TIOCFLAG_SOFTCAR                  = 0x1
+	TIOCFLUSH                         = 0x80047410
+	TIOCGETA                          = 0x402c7413
+	TIOCGETD                          = 0x4004741a
+	TIOCGFLAGS                        = 0x4004745d
+	TIOCGPGRP                         = 0x40047477
+	TIOCGSID                          = 0x40047463
+	TIOCGTSTAMP                       = 0x4010745b
+	TIOCGWINSZ                        = 0x40087468
+	TIOCMBIC                          = 0x8004746b
+	TIOCMBIS                          = 0x8004746c
+	TIOCMGET                          = 0x4004746a
+	TIOCMODG                          = 0x4004746a
+	TIOCMODS                          = 0x8004746d
+	TIOCMSET                          = 0x8004746d
+	TIOCM_CAR                         = 0x40
+	TIOCM_CD                          = 0x40
+	TIOCM_CTS                         = 0x20
+	TIOCM_DSR                         = 0x100
+	TIOCM_DTR                         = 0x2
+	TIOCM_LE                          = 0x1
+	TIOCM_RI                          = 0x80
+	TIOCM_RNG                         = 0x80
+	TIOCM_RTS                         = 0x4
+	TIOCM_SR                          = 0x10
+	TIOCM_ST                          = 0x8
+	TIOCNOTTY                         = 0x20007471
+	TIOCNXCL                          = 0x2000740e
+	TIOCOUTQ                          = 0x40047473
+	TIOCPKT                           = 0x80047470
+	TIOCPKT_DATA                      = 0x0
+	TIOCPKT_DOSTOP                    = 0x20
+	TIOCPKT_FLUSHREAD                 = 0x1
+	TIOCPKT_FLUSHWRITE                = 0x2
+	TIOCPKT_IOCTL                     = 0x40
+	TIOCPKT_NOSTOP                    = 0x10
+	TIOCPKT_START                     = 0x8
+	TIOCPKT_STOP                      = 0x4
+	TIOCREMOTE                        = 0x80047469
+	TIOCSBRK                          = 0x2000747b
+	TIOCSCTTY                         = 0x20007461
+	TIOCSDTR                          = 0x20007479
+	TIOCSETA                          = 0x802c7414
+	TIOCSETAF                         = 0x802c7416
+	TIOCSETAW                         = 0x802c7415
+	TIOCSETD                          = 0x8004741b
+	TIOCSETVERAUTH                    = 0x8004741c
+	TIOCSFLAGS                        = 0x8004745c
+	TIOCSIG                           = 0x8004745f
+	TIOCSPGRP                         = 0x80047476
+	TIOCSTART                         = 0x2000746e
+	TIOCSTAT                          = 0x20007465
+	TIOCSTOP                          = 0x2000746f
+	TIOCSTSTAMP                       = 0x8008745a
+	TIOCSWINSZ                        = 0x80087467
+	TIOCUCNTL                         = 0x80047466
+	TIOCUCNTL_CBRK                    = 0x7a
+	TIOCUCNTL_SBRK                    = 0x7b
+	TOSTOP                            = 0x400000
+	UTIME_NOW                         = -0x2
+	UTIME_OMIT                        = -0x1
+	VDISCARD                          = 0xf
+	VDSUSP                            = 0xb
+	VEOF                              = 0x0
+	VEOL                              = 0x1
+	VEOL2                             = 0x2
+	VERASE                            = 0x3
+	VINTR                             = 0x8
+	VKILL                             = 0x5
+	VLNEXT                            = 0xe
+	VMIN                              = 0x10
+	VM_ANONMIN                        = 0x7
+	VM_LOADAVG                        = 0x2
+	VM_MALLOC_CONF                    = 0xc
+	VM_MAXID                          = 0xd
+	VM_MAXSLP                         = 0xa
+	VM_METER                          = 0x1
+	VM_NKMEMPAGES                     = 0x6
+	VM_PSSTRINGS                      = 0x3
+	VM_SWAPENCRYPT                    = 0x5
+	VM_USPACE                         = 0xb
+	VM_UVMEXP                         = 0x4
+	VM_VNODEMIN                       = 0x9
+	VM_VTEXTMIN                       = 0x8
+	VQUIT                             = 0x9
+	VREPRINT                          = 0x6
+	VSTART                            = 0xc
+	VSTATUS                           = 0x12
+	VSTOP                             = 0xd
+	VSUSP                             = 0xa
+	VTIME                             = 0x11
+	VWERASE                           = 0x4
+	WALTSIG                           = 0x4
+	WCONTINUED                        = 0x8
+	WCOREFLAG                         = 0x80
+	WNOHANG                           = 0x1
+	WUNTRACED                         = 0x2
+	XCASE                             = 0x1000000
+)
+
+// Errors
+const (
+	E2BIG           = syscall.Errno(0x7)
+	EACCES          = syscall.Errno(0xd)
+	EADDRINUSE      = syscall.Errno(0x30)
+	EADDRNOTAVAIL   = syscall.Errno(0x31)
+	EAFNOSUPPORT    = syscall.Errno(0x2f)
+	EAGAIN          = syscall.Errno(0x23)
+	EALREADY        = syscall.Errno(0x25)
+	EAUTH           = syscall.Errno(0x50)
+	EBADF           = syscall.Errno(0x9)
+	EBADMSG         = syscall.Errno(0x5c)
+	EBADRPC         = syscall.Errno(0x48)
+	EBUSY           = syscall.Errno(0x10)
+	ECANCELED       = syscall.Errno(0x58)
+	ECHILD          = syscall.Errno(0xa)
+	ECONNABORTED    = syscall.Errno(0x35)
+	ECONNREFUSED    = syscall.Errno(0x3d)
+	ECONNRESET      = syscall.Errno(0x36)
+	EDEADLK         = syscall.Errno(0xb)
+	EDESTADDRREQ    = syscall.Errno(0x27)
+	EDOM            = syscall.Errno(0x21)
+	EDQUOT          = syscall.Errno(0x45)
+	EEXIST          = syscall.Errno(0x11)
+	EFAULT          = syscall.Errno(0xe)
+	EFBIG           = syscall.Errno(0x1b)
+	EFTYPE          = syscall.Errno(0x4f)
+	EHOSTDOWN       = syscall.Errno(0x40)
+	EHOSTUNREACH    = syscall.Errno(0x41)
+	EIDRM           = syscall.Errno(0x59)
+	EILSEQ          = syscall.Errno(0x54)
+	EINPROGRESS     = syscall.Errno(0x24)
+	EINTR           = syscall.Errno(0x4)
+	EINVAL          = syscall.Errno(0x16)
+	EIO             = syscall.Errno(0x5)
+	EIPSEC          = syscall.Errno(0x52)
+	EISCONN         = syscall.Errno(0x38)
+	EISDIR          = syscall.Errno(0x15)
+	ELAST           = syscall.Errno(0x5f)
+	ELOOP           = syscall.Errno(0x3e)
+	EMEDIUMTYPE     = syscall.Errno(0x56)
+	EMFILE          = syscall.Errno(0x18)
+	EMLINK          = syscall.Errno(0x1f)
+	EMSGSIZE        = syscall.Errno(0x28)
+	ENAMETOOLONG    = syscall.Errno(0x3f)
+	ENEEDAUTH       = syscall.Errno(0x51)
+	ENETDOWN        = syscall.Errno(0x32)
+	ENETRESET       = syscall.Errno(0x34)
+	ENETUNREACH     = syscall.Errno(0x33)
+	ENFILE          = syscall.Errno(0x17)
+	ENOATTR         = syscall.Errno(0x53)
+	ENOBUFS         = syscall.Errno(0x37)
+	ENODEV          = syscall.Errno(0x13)
+	ENOENT          = syscall.Errno(0x2)
+	ENOEXEC         = syscall.Errno(0x8)
+	ENOLCK          = syscall.Errno(0x4d)
+	ENOMEDIUM       = syscall.Errno(0x55)
+	ENOMEM          = syscall.Errno(0xc)
+	ENOMSG          = syscall.Errno(0x5a)
+	ENOPROTOOPT     = syscall.Errno(0x2a)
+	ENOSPC          = syscall.Errno(0x1c)
+	ENOSYS          = syscall.Errno(0x4e)
+	ENOTBLK         = syscall.Errno(0xf)
+	ENOTCONN        = syscall.Errno(0x39)
+	ENOTDIR         = syscall.Errno(0x14)
+	ENOTEMPTY       = syscall.Errno(0x42)
+	ENOTRECOVERABLE = syscall.Errno(0x5d)
+	ENOTSOCK        = syscall.Errno(0x26)
+	ENOTSUP         = syscall.Errno(0x5b)
+	ENOTTY          = syscall.Errno(0x19)
+	ENXIO           = syscall.Errno(0x6)
+	EOPNOTSUPP      = syscall.Errno(0x2d)
+	EOVERFLOW       = syscall.Errno(0x57)
+	EOWNERDEAD      = syscall.Errno(0x5e)
+	EPERM           = syscall.Errno(0x1)
+	EPFNOSUPPORT    = syscall.Errno(0x2e)
+	EPIPE           = syscall.Errno(0x20)
+	EPROCLIM        = syscall.Errno(0x43)
+	EPROCUNAVAIL    = syscall.Errno(0x4c)
+	EPROGMISMATCH   = syscall.Errno(0x4b)
+	EPROGUNAVAIL    = syscall.Errno(0x4a)
+	EPROTO          = syscall.Errno(0x5f)
+	EPROTONOSUPPORT = syscall.Errno(0x2b)
+	EPROTOTYPE      = syscall.Errno(0x29)
+	ERANGE          = syscall.Errno(0x22)
+	EREMOTE         = syscall.Errno(0x47)
+	EROFS           = syscall.Errno(0x1e)
+	ERPCMISMATCH    = syscall.Errno(0x49)
+	ESHUTDOWN       = syscall.Errno(0x3a)
+	ESOCKTNOSUPPORT = syscall.Errno(0x2c)
+	ESPIPE          = syscall.Errno(0x1d)
+	ESRCH           = syscall.Errno(0x3)
+	ESTALE          = syscall.Errno(0x46)
+	ETIMEDOUT       = syscall.Errno(0x3c)
+	ETOOMANYREFS    = syscall.Errno(0x3b)
+	ETXTBSY         = syscall.Errno(0x1a)
+	EUSERS          = syscall.Errno(0x44)
+	EWOULDBLOCK     = syscall.Errno(0x23)
+	EXDEV           = syscall.Errno(0x12)
+)
+
+// Signals
+const (
+	SIGABRT   = syscall.Signal(0x6)
+	SIGALRM   = syscall.Signal(0xe)
+	SIGBUS    = syscall.Signal(0xa)
+	SIGCHLD   = syscall.Signal(0x14)
+	SIGCONT   = syscall.Signal(0x13)
+	SIGEMT    = syscall.Signal(0x7)
+	SIGFPE    = syscall.Signal(0x8)
+	SIGHUP    = syscall.Signal(0x1)
+	SIGILL    = syscall.Signal(0x4)
+	SIGINFO   = syscall.Signal(0x1d)
+	SIGINT    = syscall.Signal(0x2)
+	SIGIO     = syscall.Signal(0x17)
+	SIGIOT    = syscall.Signal(0x6)
+	SIGKILL   = syscall.Signal(0x9)
+	SIGPIPE   = syscall.Signal(0xd)
+	SIGPROF   = syscall.Signal(0x1b)
+	SIGQUIT   = syscall.Signal(0x3)
+	SIGSEGV   = syscall.Signal(0xb)
+	SIGSTOP   = syscall.Signal(0x11)
+	SIGSYS    = syscall.Signal(0xc)
+	SIGTERM   = syscall.Signal(0xf)
+	SIGTHR    = syscall.Signal(0x20)
+	SIGTRAP   = syscall.Signal(0x5)
+	SIGTSTP   = syscall.Signal(0x12)
+	SIGTTIN   = syscall.Signal(0x15)
+	SIGTTOU   = syscall.Signal(0x16)
+	SIGURG    = syscall.Signal(0x10)
+	SIGUSR1   = syscall.Signal(0x1e)
+	SIGUSR2   = syscall.Signal(0x1f)
+	SIGVTALRM = syscall.Signal(0x1a)
+	SIGWINCH  = syscall.Signal(0x1c)
+	SIGXCPU   = syscall.Signal(0x18)
+	SIGXFSZ   = syscall.Signal(0x19)
+)
+
+// Error table
+var errorList = [...]struct {
+	num  syscall.Errno
+	name string
+	desc string
+}{
+	{1, "EPERM", "operation not permitted"},
+	{2, "ENOENT", "no such file or directory"},
+	{3, "ESRCH", "no such process"},
+	{4, "EINTR", "interrupted system call"},
+	{5, "EIO", "input/output error"},
+	{6, "ENXIO", "device not configured"},
+	{7, "E2BIG", "argument list too long"},
+	{8, "ENOEXEC", "exec format error"},
+	{9, "EBADF", "bad file descriptor"},
+	{10, "ECHILD", "no child processes"},
+	{11, "EDEADLK", "resource deadlock avoided"},
+	{12, "ENOMEM", "cannot allocate memory"},
+	{13, "EACCES", "permission denied"},
+	{14, "EFAULT", "bad address"},
+	{15, "ENOTBLK", "block device required"},
+	{16, "EBUSY", "device busy"},
+	{17, "EEXIST", "file exists"},
+	{18, "EXDEV", "cross-device link"},
+	{19, "ENODEV", "operation not supported by device"},
+	{20, "ENOTDIR", "not a directory"},
+	{21, "EISDIR", "is a directory"},
+	{22, "EINVAL", "invalid argument"},
+	{23, "ENFILE", "too many open files in system"},
+	{24, "EMFILE", "too many open files"},
+	{25, "ENOTTY", "inappropriate ioctl for device"},
+	{26, "ETXTBSY", "text file busy"},
+	{27, "EFBIG", "file too large"},
+	{28, "ENOSPC", "no space left on device"},
+	{29, "ESPIPE", "illegal seek"},
+	{30, "EROFS", "read-only file system"},
+	{31, "EMLINK", "too many links"},
+	{32, "EPIPE", "broken pipe"},
+	{33, "EDOM", "numerical argument out of domain"},
+	{34, "ERANGE", "result too large"},
+	{35, "EAGAIN", "resource temporarily unavailable"},
+	{36, "EINPROGRESS", "operation now in progress"},
+	{37, "EALREADY", "operation already in progress"},
+	{38, "ENOTSOCK", "socket operation on non-socket"},
+	{39, "EDESTADDRREQ", "destination address required"},
+	{40, "EMSGSIZE", "message too long"},
+	{41, "EPROTOTYPE", "protocol wrong type for socket"},
+	{42, "ENOPROTOOPT", "protocol not available"},
+	{43, "EPROTONOSUPPORT", "protocol not supported"},
+	{44, "ESOCKTNOSUPPORT", "socket type not supported"},
+	{45, "EOPNOTSUPP", "operation not supported"},
+	{46, "EPFNOSUPPORT", "protocol family not supported"},
+	{47, "EAFNOSUPPORT", "address family not supported by protocol family"},
+	{48, "EADDRINUSE", "address already in use"},
+	{49, "EADDRNOTAVAIL", "can't assign requested address"},
+	{50, "ENETDOWN", "network is down"},
+	{51, "ENETUNREACH", "network is unreachable"},
+	{52, "ENETRESET", "network dropped connection on reset"},
+	{53, "ECONNABORTED", "software caused connection abort"},
+	{54, "ECONNRESET", "connection reset by peer"},
+	{55, "ENOBUFS", "no buffer space available"},
+	{56, "EISCONN", "socket is already connected"},
+	{57, "ENOTCONN", "socket is not connected"},
+	{58, "ESHUTDOWN", "can't send after socket shutdown"},
+	{59, "ETOOMANYREFS", "too many references: can't splice"},
+	{60, "ETIMEDOUT", "operation timed out"},
+	{61, "ECONNREFUSED", "connection refused"},
+	{62, "ELOOP", "too many levels of symbolic links"},
+	{63, "ENAMETOOLONG", "file name too long"},
+	{64, "EHOSTDOWN", "host is down"},
+	{65, "EHOSTUNREACH", "no route to host"},
+	{66, "ENOTEMPTY", "directory not empty"},
+	{67, "EPROCLIM", "too many processes"},
+	{68, "EUSERS", "too many users"},
+	{69, "EDQUOT", "disk quota exceeded"},
+	{70, "ESTALE", "stale NFS file handle"},
+	{71, "EREMOTE", "too many levels of remote in path"},
+	{72, "EBADRPC", "RPC struct is bad"},
+	{73, "ERPCMISMATCH", "RPC version wrong"},
+	{74, "EPROGUNAVAIL", "RPC program not available"},
+	{75, "EPROGMISMATCH", "program version wrong"},
+	{76, "EPROCUNAVAIL", "bad procedure for program"},
+	{77, "ENOLCK", "no locks available"},
+	{78, "ENOSYS", "function not implemented"},
+	{79, "EFTYPE", "inappropriate file type or format"},
+	{80, "EAUTH", "authentication error"},
+	{81, "ENEEDAUTH", "need authenticator"},
+	{82, "EIPSEC", "IPsec processing failure"},
+	{83, "ENOATTR", "attribute not found"},
+	{84, "EILSEQ", "illegal byte sequence"},
+	{85, "ENOMEDIUM", "no medium found"},
+	{86, "EMEDIUMTYPE", "wrong medium type"},
+	{87, "EOVERFLOW", "value too large to be stored in data type"},
+	{88, "ECANCELED", "operation canceled"},
+	{89, "EIDRM", "identifier removed"},
+	{90, "ENOMSG", "no message of desired type"},
+	{91, "ENOTSUP", "not supported"},
+	{92, "EBADMSG", "bad message"},
+	{93, "ENOTRECOVERABLE", "state not recoverable"},
+	{94, "EOWNERDEAD", "previous owner died"},
+	{95, "ELAST", "protocol error"},
+}
+
+// Signal table
+var signalList = [...]struct {
+	num  syscall.Signal
+	name string
+	desc string
+}{
+	{1, "SIGHUP", "hangup"},
+	{2, "SIGINT", "interrupt"},
+	{3, "SIGQUIT", "quit"},
+	{4, "SIGILL", "illegal instruction"},
+	{5, "SIGTRAP", "trace/BPT trap"},
+	{6, "SIGABRT", "abort trap"},
+	{7, "SIGEMT", "EMT trap"},
+	{8, "SIGFPE", "floating point exception"},
+	{9, "SIGKILL", "killed"},
+	{10, "SIGBUS", "bus error"},
+	{11, "SIGSEGV", "segmentation fault"},
+	{12, "SIGSYS", "bad system call"},
+	{13, "SIGPIPE", "broken pipe"},
+	{14, "SIGALRM", "alarm clock"},
+	{15, "SIGTERM", "terminated"},
+	{16, "SIGURG", "urgent I/O condition"},
+	{17, "SIGSTOP", "suspended (signal)"},
+	{18, "SIGTSTP", "suspended"},
+	{19, "SIGCONT", "continued"},
+	{20, "SIGCHLD", "child exited"},
+	{21, "SIGTTIN", "stopped (tty input)"},
+	{22, "SIGTTOU", "stopped (tty output)"},
+	{23, "SIGIO", "I/O possible"},
+	{24, "SIGXCPU", "cputime limit exceeded"},
+	{25, "SIGXFSZ", "filesize limit exceeded"},
+	{26, "SIGVTALRM", "virtual timer expired"},
+	{27, "SIGPROF", "profiling timer expired"},
+	{28, "SIGWINCH", "window size changes"},
+	{29, "SIGINFO", "information request"},
+	{30, "SIGUSR1", "user defined signal 1"},
+	{31, "SIGUSR2", "user defined signal 2"},
+	{32, "SIGTHR", "thread AST"},
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_openbsd_mips64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_openbsd_mips64.go
new file mode 100644
index 000000000..a74639a46
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_openbsd_mips64.go
@@ -0,0 +1,1862 @@
+// mkerrors.sh -m64
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build mips64,openbsd
+
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs -- -m64 _const.go
+
+package unix
+
+import "syscall"
+
+const (
+	AF_APPLETALK                      = 0x10
+	AF_BLUETOOTH                      = 0x20
+	AF_CCITT                          = 0xa
+	AF_CHAOS                          = 0x5
+	AF_CNT                            = 0x15
+	AF_COIP                           = 0x14
+	AF_DATAKIT                        = 0x9
+	AF_DECnet                         = 0xc
+	AF_DLI                            = 0xd
+	AF_E164                           = 0x1a
+	AF_ECMA                           = 0x8
+	AF_ENCAP                          = 0x1c
+	AF_HYLINK                         = 0xf
+	AF_IMPLINK                        = 0x3
+	AF_INET                           = 0x2
+	AF_INET6                          = 0x18
+	AF_IPX                            = 0x17
+	AF_ISDN                           = 0x1a
+	AF_ISO                            = 0x7
+	AF_KEY                            = 0x1e
+	AF_LAT                            = 0xe
+	AF_LINK                           = 0x12
+	AF_LOCAL                          = 0x1
+	AF_MAX                            = 0x24
+	AF_MPLS                           = 0x21
+	AF_NATM                           = 0x1b
+	AF_NS                             = 0x6
+	AF_OSI                            = 0x7
+	AF_PUP                            = 0x4
+	AF_ROUTE                          = 0x11
+	AF_SIP                            = 0x1d
+	AF_SNA                            = 0xb
+	AF_UNIX                           = 0x1
+	AF_UNSPEC                         = 0x0
+	ALTWERASE                         = 0x200
+	ARPHRD_ETHER                      = 0x1
+	ARPHRD_FRELAY                     = 0xf
+	ARPHRD_IEEE1394                   = 0x18
+	ARPHRD_IEEE802                    = 0x6
+	B0                                = 0x0
+	B110                              = 0x6e
+	B115200                           = 0x1c200
+	B1200                             = 0x4b0
+	B134                              = 0x86
+	B14400                            = 0x3840
+	B150                              = 0x96
+	B1800                             = 0x708
+	B19200                            = 0x4b00
+	B200                              = 0xc8
+	B230400                           = 0x38400
+	B2400                             = 0x960
+	B28800                            = 0x7080
+	B300                              = 0x12c
+	B38400                            = 0x9600
+	B4800                             = 0x12c0
+	B50                               = 0x32
+	B57600                            = 0xe100
+	B600                              = 0x258
+	B7200                             = 0x1c20
+	B75                               = 0x4b
+	B76800                            = 0x12c00
+	B9600                             = 0x2580
+	BIOCFLUSH                         = 0x20004268
+	BIOCGBLEN                         = 0x40044266
+	BIOCGDIRFILT                      = 0x4004427c
+	BIOCGDLT                          = 0x4004426a
+	BIOCGDLTLIST                      = 0xc010427b
+	BIOCGETIF                         = 0x4020426b
+	BIOCGFILDROP                      = 0x40044278
+	BIOCGHDRCMPLT                     = 0x40044274
+	BIOCGRSIG                         = 0x40044273
+	BIOCGRTIMEOUT                     = 0x4010426e
+	BIOCGSTATS                        = 0x4008426f
+	BIOCIMMEDIATE                     = 0x80044270
+	BIOCLOCK                          = 0x20004276
+	BIOCPROMISC                       = 0x20004269
+	BIOCSBLEN                         = 0xc0044266
+	BIOCSDIRFILT                      = 0x8004427d
+	BIOCSDLT                          = 0x8004427a
+	BIOCSETF                          = 0x80104267
+	BIOCSETIF                         = 0x8020426c
+	BIOCSETWF                         = 0x80104277
+	BIOCSFILDROP                      = 0x80044279
+	BIOCSHDRCMPLT                     = 0x80044275
+	BIOCSRSIG                         = 0x80044272
+	BIOCSRTIMEOUT                     = 0x8010426d
+	BIOCVERSION                       = 0x40044271
+	BPF_A                             = 0x10
+	BPF_ABS                           = 0x20
+	BPF_ADD                           = 0x0
+	BPF_ALIGNMENT                     = 0x4
+	BPF_ALU                           = 0x4
+	BPF_AND                           = 0x50
+	BPF_B                             = 0x10
+	BPF_DIRECTION_IN                  = 0x1
+	BPF_DIRECTION_OUT                 = 0x2
+	BPF_DIV                           = 0x30
+	BPF_FILDROP_CAPTURE               = 0x1
+	BPF_FILDROP_DROP                  = 0x2
+	BPF_FILDROP_PASS                  = 0x0
+	BPF_H                             = 0x8
+	BPF_IMM                           = 0x0
+	BPF_IND                           = 0x40
+	BPF_JA                            = 0x0
+	BPF_JEQ                           = 0x10
+	BPF_JGE                           = 0x30
+	BPF_JGT                           = 0x20
+	BPF_JMP                           = 0x5
+	BPF_JSET                          = 0x40
+	BPF_K                             = 0x0
+	BPF_LD                            = 0x0
+	BPF_LDX                           = 0x1
+	BPF_LEN                           = 0x80
+	BPF_LSH                           = 0x60
+	BPF_MAJOR_VERSION                 = 0x1
+	BPF_MAXBUFSIZE                    = 0x200000
+	BPF_MAXINSNS                      = 0x200
+	BPF_MEM                           = 0x60
+	BPF_MEMWORDS                      = 0x10
+	BPF_MINBUFSIZE                    = 0x20
+	BPF_MINOR_VERSION                 = 0x1
+	BPF_MISC                          = 0x7
+	BPF_MSH                           = 0xa0
+	BPF_MUL                           = 0x20
+	BPF_NEG                           = 0x80
+	BPF_OR                            = 0x40
+	BPF_RELEASE                       = 0x30bb6
+	BPF_RET                           = 0x6
+	BPF_RSH                           = 0x70
+	BPF_ST                            = 0x2
+	BPF_STX                           = 0x3
+	BPF_SUB                           = 0x10
+	BPF_TAX                           = 0x0
+	BPF_TXA                           = 0x80
+	BPF_W                             = 0x0
+	BPF_X                             = 0x8
+	BRKINT                            = 0x2
+	CFLUSH                            = 0xf
+	CLOCAL                            = 0x8000
+	CLOCK_BOOTTIME                    = 0x6
+	CLOCK_MONOTONIC                   = 0x3
+	CLOCK_PROCESS_CPUTIME_ID          = 0x2
+	CLOCK_REALTIME                    = 0x0
+	CLOCK_THREAD_CPUTIME_ID           = 0x4
+	CLOCK_UPTIME                      = 0x5
+	CPUSTATES                         = 0x6
+	CP_IDLE                           = 0x5
+	CP_INTR                           = 0x4
+	CP_NICE                           = 0x1
+	CP_SPIN                           = 0x3
+	CP_SYS                            = 0x2
+	CP_USER                           = 0x0
+	CREAD                             = 0x800
+	CRTSCTS                           = 0x10000
+	CS5                               = 0x0
+	CS6                               = 0x100
+	CS7                               = 0x200
+	CS8                               = 0x300
+	CSIZE                             = 0x300
+	CSTART                            = 0x11
+	CSTATUS                           = 0xff
+	CSTOP                             = 0x13
+	CSTOPB                            = 0x400
+	CSUSP                             = 0x1a
+	CTL_HW                            = 0x6
+	CTL_KERN                          = 0x1
+	CTL_MAXNAME                       = 0xc
+	CTL_NET                           = 0x4
+	DIOCADDQUEUE                      = 0xc110445d
+	DIOCADDRULE                       = 0xcd604404
+	DIOCADDSTATE                      = 0xc1084425
+	DIOCCHANGERULE                    = 0xcd60441a
+	DIOCCLRIFFLAG                     = 0xc028445a
+	DIOCCLRSRCNODES                   = 0x20004455
+	DIOCCLRSTATES                     = 0xc0e04412
+	DIOCCLRSTATUS                     = 0xc0284416
+	DIOCGETLIMIT                      = 0xc0084427
+	DIOCGETQSTATS                     = 0xc1204460
+	DIOCGETQUEUE                      = 0xc110445f
+	DIOCGETQUEUES                     = 0xc110445e
+	DIOCGETRULE                       = 0xcd604407
+	DIOCGETRULES                      = 0xcd604406
+	DIOCGETRULESET                    = 0xc444443b
+	DIOCGETRULESETS                   = 0xc444443a
+	DIOCGETSRCNODES                   = 0xc0104454
+	DIOCGETSTATE                      = 0xc1084413
+	DIOCGETSTATES                     = 0xc0104419
+	DIOCGETSTATUS                     = 0xc1e84415
+	DIOCGETSYNFLWATS                  = 0xc0084463
+	DIOCGETTIMEOUT                    = 0xc008441e
+	DIOCIGETIFACES                    = 0xc0284457
+	DIOCKILLSRCNODES                  = 0xc080445b
+	DIOCKILLSTATES                    = 0xc0e04429
+	DIOCNATLOOK                       = 0xc0504417
+	DIOCOSFPADD                       = 0xc088444f
+	DIOCOSFPFLUSH                     = 0x2000444e
+	DIOCOSFPGET                       = 0xc0884450
+	DIOCRADDADDRS                     = 0xc4504443
+	DIOCRADDTABLES                    = 0xc450443d
+	DIOCRCLRADDRS                     = 0xc4504442
+	DIOCRCLRASTATS                    = 0xc4504448
+	DIOCRCLRTABLES                    = 0xc450443c
+	DIOCRCLRTSTATS                    = 0xc4504441
+	DIOCRDELADDRS                     = 0xc4504444
+	DIOCRDELTABLES                    = 0xc450443e
+	DIOCRGETADDRS                     = 0xc4504446
+	DIOCRGETASTATS                    = 0xc4504447
+	DIOCRGETTABLES                    = 0xc450443f
+	DIOCRGETTSTATS                    = 0xc4504440
+	DIOCRINADEFINE                    = 0xc450444d
+	DIOCRSETADDRS                     = 0xc4504445
+	DIOCRSETTFLAGS                    = 0xc450444a
+	DIOCRTSTADDRS                     = 0xc4504449
+	DIOCSETDEBUG                      = 0xc0044418
+	DIOCSETHOSTID                     = 0xc0044456
+	DIOCSETIFFLAG                     = 0xc0284459
+	DIOCSETLIMIT                      = 0xc0084428
+	DIOCSETREASS                      = 0xc004445c
+	DIOCSETSTATUSIF                   = 0xc0284414
+	DIOCSETSYNCOOKIES                 = 0xc0014462
+	DIOCSETSYNFLWATS                  = 0xc0084461
+	DIOCSETTIMEOUT                    = 0xc008441d
+	DIOCSTART                         = 0x20004401
+	DIOCSTOP                          = 0x20004402
+	DIOCXBEGIN                        = 0xc0104451
+	DIOCXCOMMIT                       = 0xc0104452
+	DIOCXROLLBACK                     = 0xc0104453
+	DLT_ARCNET                        = 0x7
+	DLT_ATM_RFC1483                   = 0xb
+	DLT_AX25                          = 0x3
+	DLT_CHAOS                         = 0x5
+	DLT_C_HDLC                        = 0x68
+	DLT_EN10MB                        = 0x1
+	DLT_EN3MB                         = 0x2
+	DLT_ENC                           = 0xd
+	DLT_FDDI                          = 0xa
+	DLT_IEEE802                       = 0x6
+	DLT_IEEE802_11                    = 0x69
+	DLT_IEEE802_11_RADIO              = 0x7f
+	DLT_LOOP                          = 0xc
+	DLT_MPLS                          = 0xdb
+	DLT_NULL                          = 0x0
+	DLT_OPENFLOW                      = 0x10b
+	DLT_PFLOG                         = 0x75
+	DLT_PFSYNC                        = 0x12
+	DLT_PPP                           = 0x9
+	DLT_PPP_BSDOS                     = 0x10
+	DLT_PPP_ETHER                     = 0x33
+	DLT_PPP_SERIAL                    = 0x32
+	DLT_PRONET                        = 0x4
+	DLT_RAW                           = 0xe
+	DLT_SLIP                          = 0x8
+	DLT_SLIP_BSDOS                    = 0xf
+	DLT_USBPCAP                       = 0xf9
+	DLT_USER0                         = 0x93
+	DLT_USER1                         = 0x94
+	DLT_USER10                        = 0x9d
+	DLT_USER11                        = 0x9e
+	DLT_USER12                        = 0x9f
+	DLT_USER13                        = 0xa0
+	DLT_USER14                        = 0xa1
+	DLT_USER15                        = 0xa2
+	DLT_USER2                         = 0x95
+	DLT_USER3                         = 0x96
+	DLT_USER4                         = 0x97
+	DLT_USER5                         = 0x98
+	DLT_USER6                         = 0x99
+	DLT_USER7                         = 0x9a
+	DLT_USER8                         = 0x9b
+	DLT_USER9                         = 0x9c
+	DT_BLK                            = 0x6
+	DT_CHR                            = 0x2
+	DT_DIR                            = 0x4
+	DT_FIFO                           = 0x1
+	DT_LNK                            = 0xa
+	DT_REG                            = 0x8
+	DT_SOCK                           = 0xc
+	DT_UNKNOWN                        = 0x0
+	ECHO                              = 0x8
+	ECHOCTL                           = 0x40
+	ECHOE                             = 0x2
+	ECHOK                             = 0x4
+	ECHOKE                            = 0x1
+	ECHONL                            = 0x10
+	ECHOPRT                           = 0x20
+	EMT_TAGOVF                        = 0x1
+	EMUL_ENABLED                      = 0x1
+	EMUL_NATIVE                       = 0x2
+	ENDRUNDISC                        = 0x9
+	ETHERMIN                          = 0x2e
+	ETHERMTU                          = 0x5dc
+	ETHERTYPE_8023                    = 0x4
+	ETHERTYPE_AARP                    = 0x80f3
+	ETHERTYPE_ACCTON                  = 0x8390
+	ETHERTYPE_AEONIC                  = 0x8036
+	ETHERTYPE_ALPHA                   = 0x814a
+	ETHERTYPE_AMBER                   = 0x6008
+	ETHERTYPE_AMOEBA                  = 0x8145
+	ETHERTYPE_AOE                     = 0x88a2
+	ETHERTYPE_APOLLO                  = 0x80f7
+	ETHERTYPE_APOLLODOMAIN            = 0x8019
+	ETHERTYPE_APPLETALK               = 0x809b
+	ETHERTYPE_APPLITEK                = 0x80c7
+	ETHERTYPE_ARGONAUT                = 0x803a
+	ETHERTYPE_ARP                     = 0x806
+	ETHERTYPE_AT                      = 0x809b
+	ETHERTYPE_ATALK                   = 0x809b
+	ETHERTYPE_ATOMIC                  = 0x86df
+	ETHERTYPE_ATT                     = 0x8069
+	ETHERTYPE_ATTSTANFORD             = 0x8008
+	ETHERTYPE_AUTOPHON                = 0x806a
+	ETHERTYPE_AXIS                    = 0x8856
+	ETHERTYPE_BCLOOP                  = 0x9003
+	ETHERTYPE_BOFL                    = 0x8102
+	ETHERTYPE_CABLETRON               = 0x7034
+	ETHERTYPE_CHAOS                   = 0x804
+	ETHERTYPE_COMDESIGN               = 0x806c
+	ETHERTYPE_COMPUGRAPHIC            = 0x806d
+	ETHERTYPE_COUNTERPOINT            = 0x8062
+	ETHERTYPE_CRONUS                  = 0x8004
+	ETHERTYPE_CRONUSVLN               = 0x8003
+	ETHERTYPE_DCA                     = 0x1234
+	ETHERTYPE_DDE                     = 0x807b
+	ETHERTYPE_DEBNI                   = 0xaaaa
+	ETHERTYPE_DECAM                   = 0x8048
+	ETHERTYPE_DECCUST                 = 0x6006
+	ETHERTYPE_DECDIAG                 = 0x6005
+	ETHERTYPE_DECDNS                  = 0x803c
+	ETHERTYPE_DECDTS                  = 0x803e
+	ETHERTYPE_DECEXPER                = 0x6000
+	ETHERTYPE_DECLAST                 = 0x8041
+	ETHERTYPE_DECLTM                  = 0x803f
+	ETHERTYPE_DECMUMPS                = 0x6009
+	ETHERTYPE_DECNETBIOS              = 0x8040
+	ETHERTYPE_DELTACON                = 0x86de
+	ETHERTYPE_DIDDLE                  = 0x4321
+	ETHERTYPE_DLOG1                   = 0x660
+	ETHERTYPE_DLOG2                   = 0x661
+	ETHERTYPE_DN                      = 0x6003
+	ETHERTYPE_DOGFIGHT                = 0x1989
+	ETHERTYPE_DSMD                    = 0x8039
+	ETHERTYPE_ECMA                    = 0x803
+	ETHERTYPE_ENCRYPT                 = 0x803d
+	ETHERTYPE_ES                      = 0x805d
+	ETHERTYPE_EXCELAN                 = 0x8010
+	ETHERTYPE_EXPERDATA               = 0x8049
+	ETHERTYPE_FLIP                    = 0x8146
+	ETHERTYPE_FLOWCONTROL             = 0x8808
+	ETHERTYPE_FRARP                   = 0x808
+	ETHERTYPE_GENDYN                  = 0x8068
+	ETHERTYPE_HAYES                   = 0x8130
+	ETHERTYPE_HIPPI_FP                = 0x8180
+	ETHERTYPE_HITACHI                 = 0x8820
+	ETHERTYPE_HP                      = 0x8005
+	ETHERTYPE_IEEEPUP                 = 0xa00
+	ETHERTYPE_IEEEPUPAT               = 0xa01
+	ETHERTYPE_IMLBL                   = 0x4c42
+	ETHERTYPE_IMLBLDIAG               = 0x424c
+	ETHERTYPE_IP                      = 0x800
+	ETHERTYPE_IPAS                    = 0x876c
+	ETHERTYPE_IPV6                    = 0x86dd
+	ETHERTYPE_IPX                     = 0x8137
+	ETHERTYPE_IPXNEW                  = 0x8037
+	ETHERTYPE_KALPANA                 = 0x8582
+	ETHERTYPE_LANBRIDGE               = 0x8038
+	ETHERTYPE_LANPROBE                = 0x8888
+	ETHERTYPE_LAT                     = 0x6004
+	ETHERTYPE_LBACK                   = 0x9000
+	ETHERTYPE_LITTLE                  = 0x8060
+	ETHERTYPE_LLDP                    = 0x88cc
+	ETHERTYPE_LOGICRAFT               = 0x8148
+	ETHERTYPE_LOOPBACK                = 0x9000
+	ETHERTYPE_MACSEC                  = 0x88e5
+	ETHERTYPE_MATRA                   = 0x807a
+	ETHERTYPE_MAX                     = 0xffff
+	ETHERTYPE_MERIT                   = 0x807c
+	ETHERTYPE_MICP                    = 0x873a
+	ETHERTYPE_MOPDL                   = 0x6001
+	ETHERTYPE_MOPRC                   = 0x6002
+	ETHERTYPE_MOTOROLA                = 0x818d
+	ETHERTYPE_MPLS                    = 0x8847
+	ETHERTYPE_MPLS_MCAST              = 0x8848
+	ETHERTYPE_MUMPS                   = 0x813f
+	ETHERTYPE_NBPCC                   = 0x3c04
+	ETHERTYPE_NBPCLAIM                = 0x3c09
+	ETHERTYPE_NBPCLREQ                = 0x3c05
+	ETHERTYPE_NBPCLRSP                = 0x3c06
+	ETHERTYPE_NBPCREQ                 = 0x3c02
+	ETHERTYPE_NBPCRSP                 = 0x3c03
+	ETHERTYPE_NBPDG                   = 0x3c07
+	ETHERTYPE_NBPDGB                  = 0x3c08
+	ETHERTYPE_NBPDLTE                 = 0x3c0a
+	ETHERTYPE_NBPRAR                  = 0x3c0c
+	ETHERTYPE_NBPRAS                  = 0x3c0b
+	ETHERTYPE_NBPRST                  = 0x3c0d
+	ETHERTYPE_NBPSCD                  = 0x3c01
+	ETHERTYPE_NBPVCD                  = 0x3c00
+	ETHERTYPE_NBS                     = 0x802
+	ETHERTYPE_NCD                     = 0x8149
+	ETHERTYPE_NESTAR                  = 0x8006
+	ETHERTYPE_NETBEUI                 = 0x8191
+	ETHERTYPE_NOVELL                  = 0x8138
+	ETHERTYPE_NS                      = 0x600
+	ETHERTYPE_NSAT                    = 0x601
+	ETHERTYPE_NSCOMPAT                = 0x807
+	ETHERTYPE_NTRAILER                = 0x10
+	ETHERTYPE_OS9                     = 0x7007
+	ETHERTYPE_OS9NET                  = 0x7009
+	ETHERTYPE_PACER                   = 0x80c6
+	ETHERTYPE_PAE                     = 0x888e
+	ETHERTYPE_PBB                     = 0x88e7
+	ETHERTYPE_PCS                     = 0x4242
+	ETHERTYPE_PLANNING                = 0x8044
+	ETHERTYPE_PPP                     = 0x880b
+	ETHERTYPE_PPPOE                   = 0x8864
+	ETHERTYPE_PPPOEDISC               = 0x8863
+	ETHERTYPE_PRIMENTS                = 0x7031
+	ETHERTYPE_PUP                     = 0x200
+	ETHERTYPE_PUPAT                   = 0x200
+	ETHERTYPE_QINQ                    = 0x88a8
+	ETHERTYPE_RACAL                   = 0x7030
+	ETHERTYPE_RATIONAL                = 0x8150
+	ETHERTYPE_RAWFR                   = 0x6559
+	ETHERTYPE_RCL                     = 0x1995
+	ETHERTYPE_RDP                     = 0x8739
+	ETHERTYPE_RETIX                   = 0x80f2
+	ETHERTYPE_REVARP                  = 0x8035
+	ETHERTYPE_SCA                     = 0x6007
+	ETHERTYPE_SECTRA                  = 0x86db
+	ETHERTYPE_SECUREDATA              = 0x876d
+	ETHERTYPE_SGITW                   = 0x817e
+	ETHERTYPE_SG_BOUNCE               = 0x8016
+	ETHERTYPE_SG_DIAG                 = 0x8013
+	ETHERTYPE_SG_NETGAMES             = 0x8014
+	ETHERTYPE_SG_RESV                 = 0x8015
+	ETHERTYPE_SIMNET                  = 0x5208
+	ETHERTYPE_SLOW                    = 0x8809
+	ETHERTYPE_SNA                     = 0x80d5
+	ETHERTYPE_SNMP                    = 0x814c
+	ETHERTYPE_SONIX                   = 0xfaf5
+	ETHERTYPE_SPIDER                  = 0x809f
+	ETHERTYPE_SPRITE                  = 0x500
+	ETHERTYPE_STP                     = 0x8181
+	ETHERTYPE_TALARIS                 = 0x812b
+	ETHERTYPE_TALARISMC               = 0x852b
+	ETHERTYPE_TCPCOMP                 = 0x876b
+	ETHERTYPE_TCPSM                   = 0x9002
+	ETHERTYPE_TEC                     = 0x814f
+	ETHERTYPE_TIGAN                   = 0x802f
+	ETHERTYPE_TRAIL                   = 0x1000
+	ETHERTYPE_TRANSETHER              = 0x6558
+	ETHERTYPE_TYMSHARE                = 0x802e
+	ETHERTYPE_UBBST                   = 0x7005
+	ETHERTYPE_UBDEBUG                 = 0x900
+	ETHERTYPE_UBDIAGLOOP              = 0x7002
+	ETHERTYPE_UBDL                    = 0x7000
+	ETHERTYPE_UBNIU                   = 0x7001
+	ETHERTYPE_UBNMC                   = 0x7003
+	ETHERTYPE_VALID                   = 0x1600
+	ETHERTYPE_VARIAN                  = 0x80dd
+	ETHERTYPE_VAXELN                  = 0x803b
+	ETHERTYPE_VEECO                   = 0x8067
+	ETHERTYPE_VEXP                    = 0x805b
+	ETHERTYPE_VGLAB                   = 0x8131
+	ETHERTYPE_VINES                   = 0xbad
+	ETHERTYPE_VINESECHO               = 0xbaf
+	ETHERTYPE_VINESLOOP               = 0xbae
+	ETHERTYPE_VITAL                   = 0xff00
+	ETHERTYPE_VLAN                    = 0x8100
+	ETHERTYPE_VLTLMAN                 = 0x8080
+	ETHERTYPE_VPROD                   = 0x805c
+	ETHERTYPE_VURESERVED              = 0x8147
+	ETHERTYPE_WATERLOO                = 0x8130
+	ETHERTYPE_WELLFLEET               = 0x8103
+	ETHERTYPE_X25                     = 0x805
+	ETHERTYPE_X75                     = 0x801
+	ETHERTYPE_XNSSM                   = 0x9001
+	ETHERTYPE_XTP                     = 0x817d
+	ETHER_ADDR_LEN                    = 0x6
+	ETHER_ALIGN                       = 0x2
+	ETHER_CRC_LEN                     = 0x4
+	ETHER_CRC_POLY_BE                 = 0x4c11db6
+	ETHER_CRC_POLY_LE                 = 0xedb88320
+	ETHER_HDR_LEN                     = 0xe
+	ETHER_MAX_DIX_LEN                 = 0x600
+	ETHER_MAX_HARDMTU_LEN             = 0xff9b
+	ETHER_MAX_LEN                     = 0x5ee
+	ETHER_MIN_LEN                     = 0x40
+	ETHER_TYPE_LEN                    = 0x2
+	ETHER_VLAN_ENCAP_LEN              = 0x4
+	EVFILT_AIO                        = -0x3
+	EVFILT_DEVICE                     = -0x8
+	EVFILT_PROC                       = -0x5
+	EVFILT_READ                       = -0x1
+	EVFILT_SIGNAL                     = -0x6
+	EVFILT_SYSCOUNT                   = 0x8
+	EVFILT_TIMER                      = -0x7
+	EVFILT_VNODE                      = -0x4
+	EVFILT_WRITE                      = -0x2
+	EVL_ENCAPLEN                      = 0x4
+	EVL_PRIO_BITS                     = 0xd
+	EVL_PRIO_MAX                      = 0x7
+	EVL_VLID_MASK                     = 0xfff
+	EVL_VLID_MAX                      = 0xffe
+	EVL_VLID_MIN                      = 0x1
+	EVL_VLID_NULL                     = 0x0
+	EV_ADD                            = 0x1
+	EV_CLEAR                          = 0x20
+	EV_DELETE                         = 0x2
+	EV_DISABLE                        = 0x8
+	EV_DISPATCH                       = 0x80
+	EV_ENABLE                         = 0x4
+	EV_EOF                            = 0x8000
+	EV_ERROR                          = 0x4000
+	EV_FLAG1                          = 0x2000
+	EV_ONESHOT                        = 0x10
+	EV_RECEIPT                        = 0x40
+	EV_SYSFLAGS                       = 0xf000
+	EXTA                              = 0x4b00
+	EXTB                              = 0x9600
+	EXTPROC                           = 0x800
+	FD_CLOEXEC                        = 0x1
+	FD_SETSIZE                        = 0x400
+	FLUSHO                            = 0x800000
+	F_DUPFD                           = 0x0
+	F_DUPFD_CLOEXEC                   = 0xa
+	F_GETFD                           = 0x1
+	F_GETFL                           = 0x3
+	F_GETLK                           = 0x7
+	F_GETOWN                          = 0x5
+	F_ISATTY                          = 0xb
+	F_OK                              = 0x0
+	F_RDLCK                           = 0x1
+	F_SETFD                           = 0x2
+	F_SETFL                           = 0x4
+	F_SETLK                           = 0x8
+	F_SETLKW                          = 0x9
+	F_SETOWN                          = 0x6
+	F_UNLCK                           = 0x2
+	F_WRLCK                           = 0x3
+	HUPCL                             = 0x4000
+	HW_MACHINE                        = 0x1
+	ICANON                            = 0x100
+	ICMP6_FILTER                      = 0x12
+	ICRNL                             = 0x100
+	IEXTEN                            = 0x400
+	IFAN_ARRIVAL                      = 0x0
+	IFAN_DEPARTURE                    = 0x1
+	IFF_ALLMULTI                      = 0x200
+	IFF_BROADCAST                     = 0x2
+	IFF_CANTCHANGE                    = 0x8e52
+	IFF_DEBUG                         = 0x4
+	IFF_LINK0                         = 0x1000
+	IFF_LINK1                         = 0x2000
+	IFF_LINK2                         = 0x4000
+	IFF_LOOPBACK                      = 0x8
+	IFF_MULTICAST                     = 0x8000
+	IFF_NOARP                         = 0x80
+	IFF_OACTIVE                       = 0x400
+	IFF_POINTOPOINT                   = 0x10
+	IFF_PROMISC                       = 0x100
+	IFF_RUNNING                       = 0x40
+	IFF_SIMPLEX                       = 0x800
+	IFF_STATICARP                     = 0x20
+	IFF_UP                            = 0x1
+	IFNAMSIZ                          = 0x10
+	IFT_1822                          = 0x2
+	IFT_A12MPPSWITCH                  = 0x82
+	IFT_AAL2                          = 0xbb
+	IFT_AAL5                          = 0x31
+	IFT_ADSL                          = 0x5e
+	IFT_AFLANE8023                    = 0x3b
+	IFT_AFLANE8025                    = 0x3c
+	IFT_ARAP                          = 0x58
+	IFT_ARCNET                        = 0x23
+	IFT_ARCNETPLUS                    = 0x24
+	IFT_ASYNC                         = 0x54
+	IFT_ATM                           = 0x25
+	IFT_ATMDXI                        = 0x69
+	IFT_ATMFUNI                       = 0x6a
+	IFT_ATMIMA                        = 0x6b
+	IFT_ATMLOGICAL                    = 0x50
+	IFT_ATMRADIO                      = 0xbd
+	IFT_ATMSUBINTERFACE               = 0x86
+	IFT_ATMVCIENDPT                   = 0xc2
+	IFT_ATMVIRTUAL                    = 0x95
+	IFT_BGPPOLICYACCOUNTING           = 0xa2
+	IFT_BLUETOOTH                     = 0xf8
+	IFT_BRIDGE                        = 0xd1
+	IFT_BSC                           = 0x53
+	IFT_CARP                          = 0xf7
+	IFT_CCTEMUL                       = 0x3d
+	IFT_CEPT                          = 0x13
+	IFT_CES                           = 0x85
+	IFT_CHANNEL                       = 0x46
+	IFT_CNR                           = 0x55
+	IFT_COFFEE                        = 0x84
+	IFT_COMPOSITELINK                 = 0x9b
+	IFT_DCN                           = 0x8d
+	IFT_DIGITALPOWERLINE              = 0x8a
+	IFT_DIGITALWRAPPEROVERHEADCHANNEL = 0xba
+	IFT_DLSW                          = 0x4a
+	IFT_DOCSCABLEDOWNSTREAM           = 0x80
+	IFT_DOCSCABLEMACLAYER             = 0x7f
+	IFT_DOCSCABLEUPSTREAM             = 0x81
+	IFT_DOCSCABLEUPSTREAMCHANNEL      = 0xcd
+	IFT_DS0                           = 0x51
+	IFT_DS0BUNDLE                     = 0x52
+	IFT_DS1FDL                        = 0xaa
+	IFT_DS3                           = 0x1e
+	IFT_DTM                           = 0x8c
+	IFT_DUMMY                         = 0xf1
+	IFT_DVBASILN                      = 0xac
+	IFT_DVBASIOUT                     = 0xad
+	IFT_DVBRCCDOWNSTREAM              = 0x93
+	IFT_DVBRCCMACLAYER                = 0x92
+	IFT_DVBRCCUPSTREAM                = 0x94
+	IFT_ECONET                        = 0xce
+	IFT_ENC                           = 0xf4
+	IFT_EON                           = 0x19
+	IFT_EPLRS                         = 0x57
+	IFT_ESCON                         = 0x49
+	IFT_ETHER                         = 0x6
+	IFT_FAITH                         = 0xf3
+	IFT_FAST                          = 0x7d
+	IFT_FASTETHER                     = 0x3e
+	IFT_FASTETHERFX                   = 0x45
+	IFT_FDDI                          = 0xf
+	IFT_FIBRECHANNEL                  = 0x38
+	IFT_FRAMERELAYINTERCONNECT        = 0x3a
+	IFT_FRAMERELAYMPI                 = 0x5c
+	IFT_FRDLCIENDPT                   = 0xc1
+	IFT_FRELAY                        = 0x20
+	IFT_FRELAYDCE                     = 0x2c
+	IFT_FRF16MFRBUNDLE                = 0xa3
+	IFT_FRFORWARD                     = 0x9e
+	IFT_G703AT2MB                     = 0x43
+	IFT_G703AT64K                     = 0x42
+	IFT_GIF                           = 0xf0
+	IFT_GIGABITETHERNET               = 0x75
+	IFT_GR303IDT                      = 0xb2
+	IFT_GR303RDT                      = 0xb1
+	IFT_H323GATEKEEPER                = 0xa4
+	IFT_H323PROXY                     = 0xa5
+	IFT_HDH1822                       = 0x3
+	IFT_HDLC                          = 0x76
+	IFT_HDSL2                         = 0xa8
+	IFT_HIPERLAN2                     = 0xb7
+	IFT_HIPPI                         = 0x2f
+	IFT_HIPPIINTERFACE                = 0x39
+	IFT_HOSTPAD                       = 0x5a
+	IFT_HSSI                          = 0x2e
+	IFT_HY                            = 0xe
+	IFT_IBM370PARCHAN                 = 0x48
+	IFT_IDSL                          = 0x9a
+	IFT_IEEE1394                      = 0x90
+	IFT_IEEE80211                     = 0x47
+	IFT_IEEE80212                     = 0x37
+	IFT_IEEE8023ADLAG                 = 0xa1
+	IFT_IFGSN                         = 0x91
+	IFT_IMT                           = 0xbe
+	IFT_INFINIBAND                    = 0xc7
+	IFT_INTERLEAVE                    = 0x7c
+	IFT_IP                            = 0x7e
+	IFT_IPFORWARD                     = 0x8e
+	IFT_IPOVERATM                     = 0x72
+	IFT_IPOVERCDLC                    = 0x6d
+	IFT_IPOVERCLAW                    = 0x6e
+	IFT_IPSWITCH                      = 0x4e
+	IFT_ISDN                          = 0x3f
+	IFT_ISDNBASIC                     = 0x14
+	IFT_ISDNPRIMARY                   = 0x15
+	IFT_ISDNS                         = 0x4b
+	IFT_ISDNU                         = 0x4c
+	IFT_ISO88022LLC                   = 0x29
+	IFT_ISO88023                      = 0x7
+	IFT_ISO88024                      = 0x8
+	IFT_ISO88025                      = 0x9
+	IFT_ISO88025CRFPINT               = 0x62
+	IFT_ISO88025DTR                   = 0x56
+	IFT_ISO88025FIBER                 = 0x73
+	IFT_ISO88026                      = 0xa
+	IFT_ISUP                          = 0xb3
+	IFT_L2VLAN                        = 0x87
+	IFT_L3IPVLAN                      = 0x88
+	IFT_L3IPXVLAN                     = 0x89
+	IFT_LAPB                          = 0x10
+	IFT_LAPD                          = 0x4d
+	IFT_LAPF                          = 0x77
+	IFT_LINEGROUP                     = 0xd2
+	IFT_LOCALTALK                     = 0x2a
+	IFT_LOOP                          = 0x18
+	IFT_MBIM                          = 0xfa
+	IFT_MEDIAMAILOVERIP               = 0x8b
+	IFT_MFSIGLINK                     = 0xa7
+	IFT_MIOX25                        = 0x26
+	IFT_MODEM                         = 0x30
+	IFT_MPC                           = 0x71
+	IFT_MPLS                          = 0xa6
+	IFT_MPLSTUNNEL                    = 0x96
+	IFT_MSDSL                         = 0x8f
+	IFT_MVL                           = 0xbf
+	IFT_MYRINET                       = 0x63
+	IFT_NFAS                          = 0xaf
+	IFT_NSIP                          = 0x1b
+	IFT_OPTICALCHANNEL                = 0xc3
+	IFT_OPTICALTRANSPORT              = 0xc4
+	IFT_OTHER                         = 0x1
+	IFT_P10                           = 0xc
+	IFT_P80                           = 0xd
+	IFT_PARA                          = 0x22
+	IFT_PFLOG                         = 0xf5
+	IFT_PFLOW                         = 0xf9
+	IFT_PFSYNC                        = 0xf6
+	IFT_PLC                           = 0xae
+	IFT_PON155                        = 0xcf
+	IFT_PON622                        = 0xd0
+	IFT_POS                           = 0xab
+	IFT_PPP                           = 0x17
+	IFT_PPPMULTILINKBUNDLE            = 0x6c
+	IFT_PROPATM                       = 0xc5
+	IFT_PROPBWAP2MP                   = 0xb8
+	IFT_PROPCNLS                      = 0x59
+	IFT_PROPDOCSWIRELESSDOWNSTREAM    = 0xb5
+	IFT_PROPDOCSWIRELESSMACLAYER      = 0xb4
+	IFT_PROPDOCSWIRELESSUPSTREAM      = 0xb6
+	IFT_PROPMUX                       = 0x36
+	IFT_PROPVIRTUAL                   = 0x35
+	IFT_PROPWIRELESSP2P               = 0x9d
+	IFT_PTPSERIAL                     = 0x16
+	IFT_PVC                           = 0xf2
+	IFT_Q2931                         = 0xc9
+	IFT_QLLC                          = 0x44
+	IFT_RADIOMAC                      = 0xbc
+	IFT_RADSL                         = 0x5f
+	IFT_REACHDSL                      = 0xc0
+	IFT_RFC1483                       = 0x9f
+	IFT_RS232                         = 0x21
+	IFT_RSRB                          = 0x4f
+	IFT_SDLC                          = 0x11
+	IFT_SDSL                          = 0x60
+	IFT_SHDSL                         = 0xa9
+	IFT_SIP                           = 0x1f
+	IFT_SIPSIG                        = 0xcc
+	IFT_SIPTG                         = 0xcb
+	IFT_SLIP                          = 0x1c
+	IFT_SMDSDXI                       = 0x2b
+	IFT_SMDSICIP                      = 0x34
+	IFT_SONET                         = 0x27
+	IFT_SONETOVERHEADCHANNEL          = 0xb9
+	IFT_SONETPATH                     = 0x32
+	IFT_SONETVT                       = 0x33
+	IFT_SRP                           = 0x97
+	IFT_SS7SIGLINK                    = 0x9c
+	IFT_STACKTOSTACK                  = 0x6f
+	IFT_STARLAN                       = 0xb
+	IFT_T1                            = 0x12
+	IFT_TDLC                          = 0x74
+	IFT_TELINK                        = 0xc8
+	IFT_TERMPAD                       = 0x5b
+	IFT_TR008                         = 0xb0
+	IFT_TRANSPHDLC                    = 0x7b
+	IFT_TUNNEL                        = 0x83
+	IFT_ULTRA                         = 0x1d
+	IFT_USB                           = 0xa0
+	IFT_V11                           = 0x40
+	IFT_V35                           = 0x2d
+	IFT_V36                           = 0x41
+	IFT_V37                           = 0x78
+	IFT_VDSL                          = 0x61
+	IFT_VIRTUALIPADDRESS              = 0x70
+	IFT_VIRTUALTG                     = 0xca
+	IFT_VOICEDID                      = 0xd5
+	IFT_VOICEEM                       = 0x64
+	IFT_VOICEEMFGD                    = 0xd3
+	IFT_VOICEENCAP                    = 0x67
+	IFT_VOICEFGDEANA                  = 0xd4
+	IFT_VOICEFXO                      = 0x65
+	IFT_VOICEFXS                      = 0x66
+	IFT_VOICEOVERATM                  = 0x98
+	IFT_VOICEOVERCABLE                = 0xc6
+	IFT_VOICEOVERFRAMERELAY           = 0x99
+	IFT_VOICEOVERIP                   = 0x68
+	IFT_X213                          = 0x5d
+	IFT_X25                           = 0x5
+	IFT_X25DDN                        = 0x4
+	IFT_X25HUNTGROUP                  = 0x7a
+	IFT_X25MLP                        = 0x79
+	IFT_X25PLE                        = 0x28
+	IFT_XETHER                        = 0x1a
+	IGNBRK                            = 0x1
+	IGNCR                             = 0x80
+	IGNPAR                            = 0x4
+	IMAXBEL                           = 0x2000
+	INLCR                             = 0x40
+	INPCK                             = 0x10
+	IN_CLASSA_HOST                    = 0xffffff
+	IN_CLASSA_MAX                     = 0x80
+	IN_CLASSA_NET                     = 0xff000000
+	IN_CLASSA_NSHIFT                  = 0x18
+	IN_CLASSB_HOST                    = 0xffff
+	IN_CLASSB_MAX                     = 0x10000
+	IN_CLASSB_NET                     = 0xffff0000
+	IN_CLASSB_NSHIFT                  = 0x10
+	IN_CLASSC_HOST                    = 0xff
+	IN_CLASSC_NET                     = 0xffffff00
+	IN_CLASSC_NSHIFT                  = 0x8
+	IN_CLASSD_HOST                    = 0xfffffff
+	IN_CLASSD_NET                     = 0xf0000000
+	IN_CLASSD_NSHIFT                  = 0x1c
+	IN_LOOPBACKNET                    = 0x7f
+	IN_RFC3021_HOST                   = 0x1
+	IN_RFC3021_NET                    = 0xfffffffe
+	IN_RFC3021_NSHIFT                 = 0x1f
+	IPPROTO_AH                        = 0x33
+	IPPROTO_CARP                      = 0x70
+	IPPROTO_DIVERT                    = 0x102
+	IPPROTO_DONE                      = 0x101
+	IPPROTO_DSTOPTS                   = 0x3c
+	IPPROTO_EGP                       = 0x8
+	IPPROTO_ENCAP                     = 0x62
+	IPPROTO_EON                       = 0x50
+	IPPROTO_ESP                       = 0x32
+	IPPROTO_ETHERIP                   = 0x61
+	IPPROTO_FRAGMENT                  = 0x2c
+	IPPROTO_GGP                       = 0x3
+	IPPROTO_GRE                       = 0x2f
+	IPPROTO_HOPOPTS                   = 0x0
+	IPPROTO_ICMP                      = 0x1
+	IPPROTO_ICMPV6                    = 0x3a
+	IPPROTO_IDP                       = 0x16
+	IPPROTO_IGMP                      = 0x2
+	IPPROTO_IP                        = 0x0
+	IPPROTO_IPCOMP                    = 0x6c
+	IPPROTO_IPIP                      = 0x4
+	IPPROTO_IPV4                      = 0x4
+	IPPROTO_IPV6                      = 0x29
+	IPPROTO_MAX                       = 0x100
+	IPPROTO_MAXID                     = 0x103
+	IPPROTO_MOBILE                    = 0x37
+	IPPROTO_MPLS                      = 0x89
+	IPPROTO_NONE                      = 0x3b
+	IPPROTO_PFSYNC                    = 0xf0
+	IPPROTO_PIM                       = 0x67
+	IPPROTO_PUP                       = 0xc
+	IPPROTO_RAW                       = 0xff
+	IPPROTO_ROUTING                   = 0x2b
+	IPPROTO_RSVP                      = 0x2e
+	IPPROTO_TCP                       = 0x6
+	IPPROTO_TP                        = 0x1d
+	IPPROTO_UDP                       = 0x11
+	IPPROTO_UDPLITE                   = 0x88
+	IPV6_AUTH_LEVEL                   = 0x35
+	IPV6_AUTOFLOWLABEL                = 0x3b
+	IPV6_CHECKSUM                     = 0x1a
+	IPV6_DEFAULT_MULTICAST_HOPS       = 0x1
+	IPV6_DEFAULT_MULTICAST_LOOP       = 0x1
+	IPV6_DEFHLIM                      = 0x40
+	IPV6_DONTFRAG                     = 0x3e
+	IPV6_DSTOPTS                      = 0x32
+	IPV6_ESP_NETWORK_LEVEL            = 0x37
+	IPV6_ESP_TRANS_LEVEL              = 0x36
+	IPV6_FAITH                        = 0x1d
+	IPV6_FLOWINFO_MASK                = 0xfffffff
+	IPV6_FLOWLABEL_MASK               = 0xfffff
+	IPV6_FRAGTTL                      = 0x78
+	IPV6_HLIMDEC                      = 0x1
+	IPV6_HOPLIMIT                     = 0x2f
+	IPV6_HOPOPTS                      = 0x31
+	IPV6_IPCOMP_LEVEL                 = 0x3c
+	IPV6_JOIN_GROUP                   = 0xc
+	IPV6_LEAVE_GROUP                  = 0xd
+	IPV6_MAXHLIM                      = 0xff
+	IPV6_MAXPACKET                    = 0xffff
+	IPV6_MINHOPCOUNT                  = 0x41
+	IPV6_MMTU                         = 0x500
+	IPV6_MULTICAST_HOPS               = 0xa
+	IPV6_MULTICAST_IF                 = 0x9
+	IPV6_MULTICAST_LOOP               = 0xb
+	IPV6_NEXTHOP                      = 0x30
+	IPV6_OPTIONS                      = 0x1
+	IPV6_PATHMTU                      = 0x2c
+	IPV6_PIPEX                        = 0x3f
+	IPV6_PKTINFO                      = 0x2e
+	IPV6_PORTRANGE                    = 0xe
+	IPV6_PORTRANGE_DEFAULT            = 0x0
+	IPV6_PORTRANGE_HIGH               = 0x1
+	IPV6_PORTRANGE_LOW                = 0x2
+	IPV6_RECVDSTOPTS                  = 0x28
+	IPV6_RECVDSTPORT                  = 0x40
+	IPV6_RECVHOPLIMIT                 = 0x25
+	IPV6_RECVHOPOPTS                  = 0x27
+	IPV6_RECVPATHMTU                  = 0x2b
+	IPV6_RECVPKTINFO                  = 0x24
+	IPV6_RECVRTHDR                    = 0x26
+	IPV6_RECVTCLASS                   = 0x39
+	IPV6_RTABLE                       = 0x1021
+	IPV6_RTHDR                        = 0x33
+	IPV6_RTHDRDSTOPTS                 = 0x23
+	IPV6_RTHDR_LOOSE                  = 0x0
+	IPV6_RTHDR_STRICT                 = 0x1
+	IPV6_RTHDR_TYPE_0                 = 0x0
+	IPV6_SOCKOPT_RESERVED1            = 0x3
+	IPV6_TCLASS                       = 0x3d
+	IPV6_UNICAST_HOPS                 = 0x4
+	IPV6_USE_MIN_MTU                  = 0x2a
+	IPV6_V6ONLY                       = 0x1b
+	IPV6_VERSION                      = 0x60
+	IPV6_VERSION_MASK                 = 0xf0
+	IP_ADD_MEMBERSHIP                 = 0xc
+	IP_AUTH_LEVEL                     = 0x14
+	IP_DEFAULT_MULTICAST_LOOP         = 0x1
+	IP_DEFAULT_MULTICAST_TTL          = 0x1
+	IP_DF                             = 0x4000
+	IP_DROP_MEMBERSHIP                = 0xd
+	IP_ESP_NETWORK_LEVEL              = 0x16
+	IP_ESP_TRANS_LEVEL                = 0x15
+	IP_HDRINCL                        = 0x2
+	IP_IPCOMP_LEVEL                   = 0x1d
+	IP_IPDEFTTL                       = 0x25
+	IP_IPSECFLOWINFO                  = 0x24
+	IP_IPSEC_LOCAL_AUTH               = 0x1b
+	IP_IPSEC_LOCAL_CRED               = 0x19
+	IP_IPSEC_LOCAL_ID                 = 0x17
+	IP_IPSEC_REMOTE_AUTH              = 0x1c
+	IP_IPSEC_REMOTE_CRED              = 0x1a
+	IP_IPSEC_REMOTE_ID                = 0x18
+	IP_MAXPACKET                      = 0xffff
+	IP_MAX_MEMBERSHIPS                = 0xfff
+	IP_MF                             = 0x2000
+	IP_MINTTL                         = 0x20
+	IP_MIN_MEMBERSHIPS                = 0xf
+	IP_MSS                            = 0x240
+	IP_MULTICAST_IF                   = 0x9
+	IP_MULTICAST_LOOP                 = 0xb
+	IP_MULTICAST_TTL                  = 0xa
+	IP_OFFMASK                        = 0x1fff
+	IP_OPTIONS                        = 0x1
+	IP_PIPEX                          = 0x22
+	IP_PORTRANGE                      = 0x13
+	IP_PORTRANGE_DEFAULT              = 0x0
+	IP_PORTRANGE_HIGH                 = 0x1
+	IP_PORTRANGE_LOW                  = 0x2
+	IP_RECVDSTADDR                    = 0x7
+	IP_RECVDSTPORT                    = 0x21
+	IP_RECVIF                         = 0x1e
+	IP_RECVOPTS                       = 0x5
+	IP_RECVRETOPTS                    = 0x6
+	IP_RECVRTABLE                     = 0x23
+	IP_RECVTTL                        = 0x1f
+	IP_RETOPTS                        = 0x8
+	IP_RF                             = 0x8000
+	IP_RTABLE                         = 0x1021
+	IP_SENDSRCADDR                    = 0x7
+	IP_TOS                            = 0x3
+	IP_TTL                            = 0x4
+	ISIG                              = 0x80
+	ISTRIP                            = 0x20
+	IUCLC                             = 0x1000
+	IXANY                             = 0x800
+	IXOFF                             = 0x400
+	IXON                              = 0x200
+	KERN_HOSTNAME                     = 0xa
+	KERN_OSRELEASE                    = 0x2
+	KERN_OSTYPE                       = 0x1
+	KERN_VERSION                      = 0x4
+	LCNT_OVERLOAD_FLUSH               = 0x6
+	LOCK_EX                           = 0x2
+	LOCK_NB                           = 0x4
+	LOCK_SH                           = 0x1
+	LOCK_UN                           = 0x8
+	MADV_DONTNEED                     = 0x4
+	MADV_FREE                         = 0x6
+	MADV_NORMAL                       = 0x0
+	MADV_RANDOM                       = 0x1
+	MADV_SEQUENTIAL                   = 0x2
+	MADV_SPACEAVAIL                   = 0x5
+	MADV_WILLNEED                     = 0x3
+	MAP_ANON                          = 0x1000
+	MAP_ANONYMOUS                     = 0x1000
+	MAP_CONCEAL                       = 0x8000
+	MAP_COPY                          = 0x2
+	MAP_FILE                          = 0x0
+	MAP_FIXED                         = 0x10
+	MAP_FLAGMASK                      = 0xfff7
+	MAP_HASSEMAPHORE                  = 0x0
+	MAP_INHERIT                       = 0x0
+	MAP_INHERIT_COPY                  = 0x1
+	MAP_INHERIT_NONE                  = 0x2
+	MAP_INHERIT_SHARE                 = 0x0
+	MAP_INHERIT_ZERO                  = 0x3
+	MAP_NOEXTEND                      = 0x0
+	MAP_NORESERVE                     = 0x0
+	MAP_PRIVATE                       = 0x2
+	MAP_RENAME                        = 0x0
+	MAP_SHARED                        = 0x1
+	MAP_STACK                         = 0x4000
+	MAP_TRYFIXED                      = 0x0
+	MCL_CURRENT                       = 0x1
+	MCL_FUTURE                        = 0x2
+	MNT_ASYNC                         = 0x40
+	MNT_DEFEXPORTED                   = 0x200
+	MNT_DELEXPORT                     = 0x20000
+	MNT_DOOMED                        = 0x8000000
+	MNT_EXPORTANON                    = 0x400
+	MNT_EXPORTED                      = 0x100
+	MNT_EXRDONLY                      = 0x80
+	MNT_FORCE                         = 0x80000
+	MNT_LAZY                          = 0x3
+	MNT_LOCAL                         = 0x1000
+	MNT_NOATIME                       = 0x8000
+	MNT_NODEV                         = 0x10
+	MNT_NOEXEC                        = 0x4
+	MNT_NOPERM                        = 0x20
+	MNT_NOSUID                        = 0x8
+	MNT_NOWAIT                        = 0x2
+	MNT_QUOTA                         = 0x2000
+	MNT_RDONLY                        = 0x1
+	MNT_RELOAD                        = 0x40000
+	MNT_ROOTFS                        = 0x4000
+	MNT_SOFTDEP                       = 0x4000000
+	MNT_STALLED                       = 0x100000
+	MNT_SWAPPABLE                     = 0x200000
+	MNT_SYNCHRONOUS                   = 0x2
+	MNT_UPDATE                        = 0x10000
+	MNT_VISFLAGMASK                   = 0x400ffff
+	MNT_WAIT                          = 0x1
+	MNT_WANTRDWR                      = 0x2000000
+	MNT_WXALLOWED                     = 0x800
+	MSG_BCAST                         = 0x100
+	MSG_CMSG_CLOEXEC                  = 0x800
+	MSG_CTRUNC                        = 0x20
+	MSG_DONTROUTE                     = 0x4
+	MSG_DONTWAIT                      = 0x80
+	MSG_EOR                           = 0x8
+	MSG_MCAST                         = 0x200
+	MSG_NOSIGNAL                      = 0x400
+	MSG_OOB                           = 0x1
+	MSG_PEEK                          = 0x2
+	MSG_TRUNC                         = 0x10
+	MSG_WAITALL                       = 0x40
+	MS_ASYNC                          = 0x1
+	MS_INVALIDATE                     = 0x4
+	MS_SYNC                           = 0x2
+	NAME_MAX                          = 0xff
+	NET_RT_DUMP                       = 0x1
+	NET_RT_FLAGS                      = 0x2
+	NET_RT_IFLIST                     = 0x3
+	NET_RT_IFNAMES                    = 0x6
+	NET_RT_MAXID                      = 0x7
+	NET_RT_STATS                      = 0x4
+	NET_RT_TABLE                      = 0x5
+	NFDBITS                           = 0x20
+	NOFLSH                            = 0x80000000
+	NOKERNINFO                        = 0x2000000
+	NOTE_ATTRIB                       = 0x8
+	NOTE_CHANGE                       = 0x1
+	NOTE_CHILD                        = 0x4
+	NOTE_DELETE                       = 0x1
+	NOTE_EOF                          = 0x2
+	NOTE_EXEC                         = 0x20000000
+	NOTE_EXIT                         = 0x80000000
+	NOTE_EXTEND                       = 0x4
+	NOTE_FORK                         = 0x40000000
+	NOTE_LINK                         = 0x10
+	NOTE_LOWAT                        = 0x1
+	NOTE_PCTRLMASK                    = 0xf0000000
+	NOTE_PDATAMASK                    = 0xfffff
+	NOTE_RENAME                       = 0x20
+	NOTE_REVOKE                       = 0x40
+	NOTE_TRACK                        = 0x1
+	NOTE_TRACKERR                     = 0x2
+	NOTE_TRUNCATE                     = 0x80
+	NOTE_WRITE                        = 0x2
+	OCRNL                             = 0x10
+	OLCUC                             = 0x20
+	ONLCR                             = 0x2
+	ONLRET                            = 0x80
+	ONOCR                             = 0x40
+	ONOEOT                            = 0x8
+	OPOST                             = 0x1
+	OXTABS                            = 0x4
+	O_ACCMODE                         = 0x3
+	O_APPEND                          = 0x8
+	O_ASYNC                           = 0x40
+	O_CLOEXEC                         = 0x10000
+	O_CREAT                           = 0x200
+	O_DIRECTORY                       = 0x20000
+	O_DSYNC                           = 0x80
+	O_EXCL                            = 0x800
+	O_EXLOCK                          = 0x20
+	O_FSYNC                           = 0x80
+	O_NDELAY                          = 0x4
+	O_NOCTTY                          = 0x8000
+	O_NOFOLLOW                        = 0x100
+	O_NONBLOCK                        = 0x4
+	O_RDONLY                          = 0x0
+	O_RDWR                            = 0x2
+	O_RSYNC                           = 0x80
+	O_SHLOCK                          = 0x10
+	O_SYNC                            = 0x80
+	O_TRUNC                           = 0x400
+	O_WRONLY                          = 0x1
+	PARENB                            = 0x1000
+	PARMRK                            = 0x8
+	PARODD                            = 0x2000
+	PENDIN                            = 0x20000000
+	PF_FLUSH                          = 0x1
+	PRIO_PGRP                         = 0x1
+	PRIO_PROCESS                      = 0x0
+	PRIO_USER                         = 0x2
+	PROT_EXEC                         = 0x4
+	PROT_NONE                         = 0x0
+	PROT_READ                         = 0x1
+	PROT_WRITE                        = 0x2
+	RLIMIT_CORE                       = 0x4
+	RLIMIT_CPU                        = 0x0
+	RLIMIT_DATA                       = 0x2
+	RLIMIT_FSIZE                      = 0x1
+	RLIMIT_MEMLOCK                    = 0x6
+	RLIMIT_NOFILE                     = 0x8
+	RLIMIT_NPROC                      = 0x7
+	RLIMIT_RSS                        = 0x5
+	RLIMIT_STACK                      = 0x3
+	RLIM_INFINITY                     = 0x7fffffffffffffff
+	RTAX_AUTHOR                       = 0x6
+	RTAX_BFD                          = 0xb
+	RTAX_BRD                          = 0x7
+	RTAX_DNS                          = 0xc
+	RTAX_DST                          = 0x0
+	RTAX_GATEWAY                      = 0x1
+	RTAX_GENMASK                      = 0x3
+	RTAX_IFA                          = 0x5
+	RTAX_IFP                          = 0x4
+	RTAX_LABEL                        = 0xa
+	RTAX_MAX                          = 0xf
+	RTAX_NETMASK                      = 0x2
+	RTAX_SEARCH                       = 0xe
+	RTAX_SRC                          = 0x8
+	RTAX_SRCMASK                      = 0x9
+	RTAX_STATIC                       = 0xd
+	RTA_AUTHOR                        = 0x40
+	RTA_BFD                           = 0x800
+	RTA_BRD                           = 0x80
+	RTA_DNS                           = 0x1000
+	RTA_DST                           = 0x1
+	RTA_GATEWAY                       = 0x2
+	RTA_GENMASK                       = 0x8
+	RTA_IFA                           = 0x20
+	RTA_IFP                           = 0x10
+	RTA_LABEL                         = 0x400
+	RTA_NETMASK                       = 0x4
+	RTA_SEARCH                        = 0x4000
+	RTA_SRC                           = 0x100
+	RTA_SRCMASK                       = 0x200
+	RTA_STATIC                        = 0x2000
+	RTF_ANNOUNCE                      = 0x4000
+	RTF_BFD                           = 0x1000000
+	RTF_BLACKHOLE                     = 0x1000
+	RTF_BROADCAST                     = 0x400000
+	RTF_CACHED                        = 0x20000
+	RTF_CLONED                        = 0x10000
+	RTF_CLONING                       = 0x100
+	RTF_CONNECTED                     = 0x800000
+	RTF_DONE                          = 0x40
+	RTF_DYNAMIC                       = 0x10
+	RTF_FMASK                         = 0x110fc08
+	RTF_GATEWAY                       = 0x2
+	RTF_HOST                          = 0x4
+	RTF_LLINFO                        = 0x400
+	RTF_LOCAL                         = 0x200000
+	RTF_MODIFIED                      = 0x20
+	RTF_MPATH                         = 0x40000
+	RTF_MPLS                          = 0x100000
+	RTF_MULTICAST                     = 0x200
+	RTF_PERMANENT_ARP                 = 0x2000
+	RTF_PROTO1                        = 0x8000
+	RTF_PROTO2                        = 0x4000
+	RTF_PROTO3                        = 0x2000
+	RTF_REJECT                        = 0x8
+	RTF_STATIC                        = 0x800
+	RTF_UP                            = 0x1
+	RTF_USETRAILERS                   = 0x8000
+	RTM_80211INFO                     = 0x15
+	RTM_ADD                           = 0x1
+	RTM_BFD                           = 0x12
+	RTM_CHANGE                        = 0x3
+	RTM_CHGADDRATTR                   = 0x14
+	RTM_DELADDR                       = 0xd
+	RTM_DELETE                        = 0x2
+	RTM_DESYNC                        = 0x10
+	RTM_GET                           = 0x4
+	RTM_IFANNOUNCE                    = 0xf
+	RTM_IFINFO                        = 0xe
+	RTM_INVALIDATE                    = 0x11
+	RTM_LOSING                        = 0x5
+	RTM_MAXSIZE                       = 0x800
+	RTM_MISS                          = 0x7
+	RTM_NEWADDR                       = 0xc
+	RTM_PROPOSAL                      = 0x13
+	RTM_REDIRECT                      = 0x6
+	RTM_RESOLVE                       = 0xb
+	RTM_RTTUNIT                       = 0xf4240
+	RTM_VERSION                       = 0x5
+	RTV_EXPIRE                        = 0x4
+	RTV_HOPCOUNT                      = 0x2
+	RTV_MTU                           = 0x1
+	RTV_RPIPE                         = 0x8
+	RTV_RTT                           = 0x40
+	RTV_RTTVAR                        = 0x80
+	RTV_SPIPE                         = 0x10
+	RTV_SSTHRESH                      = 0x20
+	RT_TABLEID_BITS                   = 0x8
+	RT_TABLEID_MASK                   = 0xff
+	RT_TABLEID_MAX                    = 0xff
+	RUSAGE_CHILDREN                   = -0x1
+	RUSAGE_SELF                       = 0x0
+	RUSAGE_THREAD                     = 0x1
+	SCM_RIGHTS                        = 0x1
+	SCM_TIMESTAMP                     = 0x4
+	SHUT_RD                           = 0x0
+	SHUT_RDWR                         = 0x2
+	SHUT_WR                           = 0x1
+	SIOCADDMULTI                      = 0x80206931
+	SIOCAIFADDR                       = 0x8040691a
+	SIOCAIFGROUP                      = 0x80286987
+	SIOCATMARK                        = 0x40047307
+	SIOCBRDGADD                       = 0x8060693c
+	SIOCBRDGADDL                      = 0x80606949
+	SIOCBRDGADDS                      = 0x80606941
+	SIOCBRDGARL                       = 0x808c694d
+	SIOCBRDGDADDR                     = 0x81286947
+	SIOCBRDGDEL                       = 0x8060693d
+	SIOCBRDGDELS                      = 0x80606942
+	SIOCBRDGFLUSH                     = 0x80606948
+	SIOCBRDGFRL                       = 0x808c694e
+	SIOCBRDGGCACHE                    = 0xc0186941
+	SIOCBRDGGFD                       = 0xc0186952
+	SIOCBRDGGHT                       = 0xc0186951
+	SIOCBRDGGIFFLGS                   = 0xc060693e
+	SIOCBRDGGMA                       = 0xc0186953
+	SIOCBRDGGPARAM                    = 0xc0406958
+	SIOCBRDGGPRI                      = 0xc0186950
+	SIOCBRDGGRL                       = 0xc030694f
+	SIOCBRDGGTO                       = 0xc0186946
+	SIOCBRDGIFS                       = 0xc0606942
+	SIOCBRDGRTS                       = 0xc0206943
+	SIOCBRDGSADDR                     = 0xc1286944
+	SIOCBRDGSCACHE                    = 0x80186940
+	SIOCBRDGSFD                       = 0x80186952
+	SIOCBRDGSHT                       = 0x80186951
+	SIOCBRDGSIFCOST                   = 0x80606955
+	SIOCBRDGSIFFLGS                   = 0x8060693f
+	SIOCBRDGSIFPRIO                   = 0x80606954
+	SIOCBRDGSIFPROT                   = 0x8060694a
+	SIOCBRDGSMA                       = 0x80186953
+	SIOCBRDGSPRI                      = 0x80186950
+	SIOCBRDGSPROTO                    = 0x8018695a
+	SIOCBRDGSTO                       = 0x80186945
+	SIOCBRDGSTXHC                     = 0x80186959
+	SIOCDELLABEL                      = 0x80206997
+	SIOCDELMULTI                      = 0x80206932
+	SIOCDIFADDR                       = 0x80206919
+	SIOCDIFGROUP                      = 0x80286989
+	SIOCDIFPARENT                     = 0x802069b4
+	SIOCDIFPHYADDR                    = 0x80206949
+	SIOCDPWE3NEIGHBOR                 = 0x802069de
+	SIOCDVNETID                       = 0x802069af
+	SIOCGETKALIVE                     = 0xc01869a4
+	SIOCGETLABEL                      = 0x8020699a
+	SIOCGETMPWCFG                     = 0xc02069ae
+	SIOCGETPFLOW                      = 0xc02069fe
+	SIOCGETPFSYNC                     = 0xc02069f8
+	SIOCGETSGCNT                      = 0xc0207534
+	SIOCGETVIFCNT                     = 0xc0287533
+	SIOCGETVLAN                       = 0xc0206990
+	SIOCGIFADDR                       = 0xc0206921
+	SIOCGIFBRDADDR                    = 0xc0206923
+	SIOCGIFCONF                       = 0xc0106924
+	SIOCGIFDATA                       = 0xc020691b
+	SIOCGIFDESCR                      = 0xc0206981
+	SIOCGIFDSTADDR                    = 0xc0206922
+	SIOCGIFFLAGS                      = 0xc0206911
+	SIOCGIFGATTR                      = 0xc028698b
+	SIOCGIFGENERIC                    = 0xc020693a
+	SIOCGIFGLIST                      = 0xc028698d
+	SIOCGIFGMEMB                      = 0xc028698a
+	SIOCGIFGROUP                      = 0xc0286988
+	SIOCGIFHARDMTU                    = 0xc02069a5
+	SIOCGIFLLPRIO                     = 0xc02069b6
+	SIOCGIFMEDIA                      = 0xc0406938
+	SIOCGIFMETRIC                     = 0xc0206917
+	SIOCGIFMTU                        = 0xc020697e
+	SIOCGIFNETMASK                    = 0xc0206925
+	SIOCGIFPAIR                       = 0xc02069b1
+	SIOCGIFPARENT                     = 0xc02069b3
+	SIOCGIFPRIORITY                   = 0xc020699c
+	SIOCGIFRDOMAIN                    = 0xc02069a0
+	SIOCGIFRTLABEL                    = 0xc0206983
+	SIOCGIFRXR                        = 0x802069aa
+	SIOCGIFSFFPAGE                    = 0xc1126939
+	SIOCGIFXFLAGS                     = 0xc020699e
+	SIOCGLIFPHYADDR                   = 0xc218694b
+	SIOCGLIFPHYDF                     = 0xc02069c2
+	SIOCGLIFPHYECN                    = 0xc02069c8
+	SIOCGLIFPHYRTABLE                 = 0xc02069a2
+	SIOCGLIFPHYTTL                    = 0xc02069a9
+	SIOCGPGRP                         = 0x40047309
+	SIOCGPWE3                         = 0xc0206998
+	SIOCGPWE3CTRLWORD                 = 0xc02069dc
+	SIOCGPWE3FAT                      = 0xc02069dd
+	SIOCGPWE3NEIGHBOR                 = 0xc21869de
+	SIOCGRXHPRIO                      = 0xc02069db
+	SIOCGSPPPPARAMS                   = 0xc0206994
+	SIOCGTXHPRIO                      = 0xc02069c6
+	SIOCGUMBINFO                      = 0xc02069be
+	SIOCGUMBPARAM                     = 0xc02069c0
+	SIOCGVH                           = 0xc02069f6
+	SIOCGVNETFLOWID                   = 0xc02069c4
+	SIOCGVNETID                       = 0xc02069a7
+	SIOCIFAFATTACH                    = 0x801169ab
+	SIOCIFAFDETACH                    = 0x801169ac
+	SIOCIFCREATE                      = 0x8020697a
+	SIOCIFDESTROY                     = 0x80206979
+	SIOCIFGCLONERS                    = 0xc0106978
+	SIOCSETKALIVE                     = 0x801869a3
+	SIOCSETLABEL                      = 0x80206999
+	SIOCSETMPWCFG                     = 0x802069ad
+	SIOCSETPFLOW                      = 0x802069fd
+	SIOCSETPFSYNC                     = 0x802069f7
+	SIOCSETVLAN                       = 0x8020698f
+	SIOCSIFADDR                       = 0x8020690c
+	SIOCSIFBRDADDR                    = 0x80206913
+	SIOCSIFDESCR                      = 0x80206980
+	SIOCSIFDSTADDR                    = 0x8020690e
+	SIOCSIFFLAGS                      = 0x80206910
+	SIOCSIFGATTR                      = 0x8028698c
+	SIOCSIFGENERIC                    = 0x80206939
+	SIOCSIFLLADDR                     = 0x8020691f
+	SIOCSIFLLPRIO                     = 0x802069b5
+	SIOCSIFMEDIA                      = 0xc0206937
+	SIOCSIFMETRIC                     = 0x80206918
+	SIOCSIFMTU                        = 0x8020697f
+	SIOCSIFNETMASK                    = 0x80206916
+	SIOCSIFPAIR                       = 0x802069b0
+	SIOCSIFPARENT                     = 0x802069b2
+	SIOCSIFPRIORITY                   = 0x8020699b
+	SIOCSIFRDOMAIN                    = 0x8020699f
+	SIOCSIFRTLABEL                    = 0x80206982
+	SIOCSIFXFLAGS                     = 0x8020699d
+	SIOCSLIFPHYADDR                   = 0x8218694a
+	SIOCSLIFPHYDF                     = 0x802069c1
+	SIOCSLIFPHYECN                    = 0x802069c7
+	SIOCSLIFPHYRTABLE                 = 0x802069a1
+	SIOCSLIFPHYTTL                    = 0x802069a8
+	SIOCSPGRP                         = 0x80047308
+	SIOCSPWE3CTRLWORD                 = 0x802069dc
+	SIOCSPWE3FAT                      = 0x802069dd
+	SIOCSPWE3NEIGHBOR                 = 0x821869de
+	SIOCSRXHPRIO                      = 0x802069db
+	SIOCSSPPPPARAMS                   = 0x80206993
+	SIOCSTXHPRIO                      = 0x802069c5
+	SIOCSUMBPARAM                     = 0x802069bf
+	SIOCSVH                           = 0xc02069f5
+	SIOCSVNETFLOWID                   = 0x802069c3
+	SIOCSVNETID                       = 0x802069a6
+	SIOCSWGDPID                       = 0xc018695b
+	SIOCSWGMAXFLOW                    = 0xc0186960
+	SIOCSWGMAXGROUP                   = 0xc018695d
+	SIOCSWSDPID                       = 0x8018695c
+	SIOCSWSPORTNO                     = 0xc060695f
+	SOCK_CLOEXEC                      = 0x8000
+	SOCK_DGRAM                        = 0x2
+	SOCK_DNS                          = 0x1000
+	SOCK_NONBLOCK                     = 0x4000
+	SOCK_RAW                          = 0x3
+	SOCK_RDM                          = 0x4
+	SOCK_SEQPACKET                    = 0x5
+	SOCK_STREAM                       = 0x1
+	SOL_SOCKET                        = 0xffff
+	SOMAXCONN                         = 0x80
+	SO_ACCEPTCONN                     = 0x2
+	SO_BINDANY                        = 0x1000
+	SO_BROADCAST                      = 0x20
+	SO_DEBUG                          = 0x1
+	SO_DOMAIN                         = 0x1024
+	SO_DONTROUTE                      = 0x10
+	SO_ERROR                          = 0x1007
+	SO_KEEPALIVE                      = 0x8
+	SO_LINGER                         = 0x80
+	SO_NETPROC                        = 0x1020
+	SO_OOBINLINE                      = 0x100
+	SO_PEERCRED                       = 0x1022
+	SO_PROTOCOL                       = 0x1025
+	SO_RCVBUF                         = 0x1002
+	SO_RCVLOWAT                       = 0x1004
+	SO_RCVTIMEO                       = 0x1006
+	SO_REUSEADDR                      = 0x4
+	SO_REUSEPORT                      = 0x200
+	SO_RTABLE                         = 0x1021
+	SO_SNDBUF                         = 0x1001
+	SO_SNDLOWAT                       = 0x1003
+	SO_SNDTIMEO                       = 0x1005
+	SO_SPLICE                         = 0x1023
+	SO_TIMESTAMP                      = 0x800
+	SO_TYPE                           = 0x1008
+	SO_USELOOPBACK                    = 0x40
+	SO_ZEROIZE                        = 0x2000
+	S_BLKSIZE                         = 0x200
+	S_IEXEC                           = 0x40
+	S_IFBLK                           = 0x6000
+	S_IFCHR                           = 0x2000
+	S_IFDIR                           = 0x4000
+	S_IFIFO                           = 0x1000
+	S_IFLNK                           = 0xa000
+	S_IFMT                            = 0xf000
+	S_IFREG                           = 0x8000
+	S_IFSOCK                          = 0xc000
+	S_IREAD                           = 0x100
+	S_IRGRP                           = 0x20
+	S_IROTH                           = 0x4
+	S_IRUSR                           = 0x100
+	S_IRWXG                           = 0x38
+	S_IRWXO                           = 0x7
+	S_IRWXU                           = 0x1c0
+	S_ISGID                           = 0x400
+	S_ISTXT                           = 0x200
+	S_ISUID                           = 0x800
+	S_ISVTX                           = 0x200
+	S_IWGRP                           = 0x10
+	S_IWOTH                           = 0x2
+	S_IWRITE                          = 0x80
+	S_IWUSR                           = 0x80
+	S_IXGRP                           = 0x8
+	S_IXOTH                           = 0x1
+	S_IXUSR                           = 0x40
+	TCIFLUSH                          = 0x1
+	TCIOFF                            = 0x3
+	TCIOFLUSH                         = 0x3
+	TCION                             = 0x4
+	TCOFLUSH                          = 0x2
+	TCOOFF                            = 0x1
+	TCOON                             = 0x2
+	TCP_MAXBURST                      = 0x4
+	TCP_MAXSEG                        = 0x2
+	TCP_MAXWIN                        = 0xffff
+	TCP_MAX_SACK                      = 0x3
+	TCP_MAX_WINSHIFT                  = 0xe
+	TCP_MD5SIG                        = 0x4
+	TCP_MSS                           = 0x200
+	TCP_NODELAY                       = 0x1
+	TCP_NOPUSH                        = 0x10
+	TCP_SACKHOLE_LIMIT                = 0x80
+	TCP_SACK_ENABLE                   = 0x8
+	TCSAFLUSH                         = 0x2
+	TIMER_ABSTIME                     = 0x1
+	TIMER_RELTIME                     = 0x0
+	TIOCCBRK                          = 0x2000747a
+	TIOCCDTR                          = 0x20007478
+	TIOCCHKVERAUTH                    = 0x2000741e
+	TIOCCLRVERAUTH                    = 0x2000741d
+	TIOCCONS                          = 0x80047462
+	TIOCDRAIN                         = 0x2000745e
+	TIOCEXCL                          = 0x2000740d
+	TIOCEXT                           = 0x80047460
+	TIOCFLAG_CLOCAL                   = 0x2
+	TIOCFLAG_CRTSCTS                  = 0x4
+	TIOCFLAG_MDMBUF                   = 0x8
+	TIOCFLAG_PPS                      = 0x10
+	TIOCFLAG_SOFTCAR                  = 0x1
+	TIOCFLUSH                         = 0x80047410
+	TIOCGETA                          = 0x402c7413
+	TIOCGETD                          = 0x4004741a
+	TIOCGFLAGS                        = 0x4004745d
+	TIOCGPGRP                         = 0x40047477
+	TIOCGSID                          = 0x40047463
+	TIOCGTSTAMP                       = 0x4010745b
+	TIOCGWINSZ                        = 0x40087468
+	TIOCMBIC                          = 0x8004746b
+	TIOCMBIS                          = 0x8004746c
+	TIOCMGET                          = 0x4004746a
+	TIOCMODG                          = 0x4004746a
+	TIOCMODS                          = 0x8004746d
+	TIOCMSET                          = 0x8004746d
+	TIOCM_CAR                         = 0x40
+	TIOCM_CD                          = 0x40
+	TIOCM_CTS                         = 0x20
+	TIOCM_DSR                         = 0x100
+	TIOCM_DTR                         = 0x2
+	TIOCM_LE                          = 0x1
+	TIOCM_RI                          = 0x80
+	TIOCM_RNG                         = 0x80
+	TIOCM_RTS                         = 0x4
+	TIOCM_SR                          = 0x10
+	TIOCM_ST                          = 0x8
+	TIOCNOTTY                         = 0x20007471
+	TIOCNXCL                          = 0x2000740e
+	TIOCOUTQ                          = 0x40047473
+	TIOCPKT                           = 0x80047470
+	TIOCPKT_DATA                      = 0x0
+	TIOCPKT_DOSTOP                    = 0x20
+	TIOCPKT_FLUSHREAD                 = 0x1
+	TIOCPKT_FLUSHWRITE                = 0x2
+	TIOCPKT_IOCTL                     = 0x40
+	TIOCPKT_NOSTOP                    = 0x10
+	TIOCPKT_START                     = 0x8
+	TIOCPKT_STOP                      = 0x4
+	TIOCREMOTE                        = 0x80047469
+	TIOCSBRK                          = 0x2000747b
+	TIOCSCTTY                         = 0x20007461
+	TIOCSDTR                          = 0x20007479
+	TIOCSETA                          = 0x802c7414
+	TIOCSETAF                         = 0x802c7416
+	TIOCSETAW                         = 0x802c7415
+	TIOCSETD                          = 0x8004741b
+	TIOCSETVERAUTH                    = 0x8004741c
+	TIOCSFLAGS                        = 0x8004745c
+	TIOCSIG                           = 0x8004745f
+	TIOCSPGRP                         = 0x80047476
+	TIOCSTART                         = 0x2000746e
+	TIOCSTAT                          = 0x20007465
+	TIOCSTOP                          = 0x2000746f
+	TIOCSTSTAMP                       = 0x8008745a
+	TIOCSWINSZ                        = 0x80087467
+	TIOCUCNTL                         = 0x80047466
+	TIOCUCNTL_CBRK                    = 0x7a
+	TIOCUCNTL_SBRK                    = 0x7b
+	TOSTOP                            = 0x400000
+	UTIME_NOW                         = -0x2
+	UTIME_OMIT                        = -0x1
+	VDISCARD                          = 0xf
+	VDSUSP                            = 0xb
+	VEOF                              = 0x0
+	VEOL                              = 0x1
+	VEOL2                             = 0x2
+	VERASE                            = 0x3
+	VINTR                             = 0x8
+	VKILL                             = 0x5
+	VLNEXT                            = 0xe
+	VMIN                              = 0x10
+	VM_ANONMIN                        = 0x7
+	VM_LOADAVG                        = 0x2
+	VM_MALLOC_CONF                    = 0xc
+	VM_MAXID                          = 0xd
+	VM_MAXSLP                         = 0xa
+	VM_METER                          = 0x1
+	VM_NKMEMPAGES                     = 0x6
+	VM_PSSTRINGS                      = 0x3
+	VM_SWAPENCRYPT                    = 0x5
+	VM_USPACE                         = 0xb
+	VM_UVMEXP                         = 0x4
+	VM_VNODEMIN                       = 0x9
+	VM_VTEXTMIN                       = 0x8
+	VQUIT                             = 0x9
+	VREPRINT                          = 0x6
+	VSTART                            = 0xc
+	VSTATUS                           = 0x12
+	VSTOP                             = 0xd
+	VSUSP                             = 0xa
+	VTIME                             = 0x11
+	VWERASE                           = 0x4
+	WALTSIG                           = 0x4
+	WCONTINUED                        = 0x8
+	WCOREFLAG                         = 0x80
+	WNOHANG                           = 0x1
+	WUNTRACED                         = 0x2
+	XCASE                             = 0x1000000
+)
+
+// Errors
+const (
+	E2BIG           = syscall.Errno(0x7)
+	EACCES          = syscall.Errno(0xd)
+	EADDRINUSE      = syscall.Errno(0x30)
+	EADDRNOTAVAIL   = syscall.Errno(0x31)
+	EAFNOSUPPORT    = syscall.Errno(0x2f)
+	EAGAIN          = syscall.Errno(0x23)
+	EALREADY        = syscall.Errno(0x25)
+	EAUTH           = syscall.Errno(0x50)
+	EBADF           = syscall.Errno(0x9)
+	EBADMSG         = syscall.Errno(0x5c)
+	EBADRPC         = syscall.Errno(0x48)
+	EBUSY           = syscall.Errno(0x10)
+	ECANCELED       = syscall.Errno(0x58)
+	ECHILD          = syscall.Errno(0xa)
+	ECONNABORTED    = syscall.Errno(0x35)
+	ECONNREFUSED    = syscall.Errno(0x3d)
+	ECONNRESET      = syscall.Errno(0x36)
+	EDEADLK         = syscall.Errno(0xb)
+	EDESTADDRREQ    = syscall.Errno(0x27)
+	EDOM            = syscall.Errno(0x21)
+	EDQUOT          = syscall.Errno(0x45)
+	EEXIST          = syscall.Errno(0x11)
+	EFAULT          = syscall.Errno(0xe)
+	EFBIG           = syscall.Errno(0x1b)
+	EFTYPE          = syscall.Errno(0x4f)
+	EHOSTDOWN       = syscall.Errno(0x40)
+	EHOSTUNREACH    = syscall.Errno(0x41)
+	EIDRM           = syscall.Errno(0x59)
+	EILSEQ          = syscall.Errno(0x54)
+	EINPROGRESS     = syscall.Errno(0x24)
+	EINTR           = syscall.Errno(0x4)
+	EINVAL          = syscall.Errno(0x16)
+	EIO             = syscall.Errno(0x5)
+	EIPSEC          = syscall.Errno(0x52)
+	EISCONN         = syscall.Errno(0x38)
+	EISDIR          = syscall.Errno(0x15)
+	ELAST           = syscall.Errno(0x5f)
+	ELOOP           = syscall.Errno(0x3e)
+	EMEDIUMTYPE     = syscall.Errno(0x56)
+	EMFILE          = syscall.Errno(0x18)
+	EMLINK          = syscall.Errno(0x1f)
+	EMSGSIZE        = syscall.Errno(0x28)
+	ENAMETOOLONG    = syscall.Errno(0x3f)
+	ENEEDAUTH       = syscall.Errno(0x51)
+	ENETDOWN        = syscall.Errno(0x32)
+	ENETRESET       = syscall.Errno(0x34)
+	ENETUNREACH     = syscall.Errno(0x33)
+	ENFILE          = syscall.Errno(0x17)
+	ENOATTR         = syscall.Errno(0x53)
+	ENOBUFS         = syscall.Errno(0x37)
+	ENODEV          = syscall.Errno(0x13)
+	ENOENT          = syscall.Errno(0x2)
+	ENOEXEC         = syscall.Errno(0x8)
+	ENOLCK          = syscall.Errno(0x4d)
+	ENOMEDIUM       = syscall.Errno(0x55)
+	ENOMEM          = syscall.Errno(0xc)
+	ENOMSG          = syscall.Errno(0x5a)
+	ENOPROTOOPT     = syscall.Errno(0x2a)
+	ENOSPC          = syscall.Errno(0x1c)
+	ENOSYS          = syscall.Errno(0x4e)
+	ENOTBLK         = syscall.Errno(0xf)
+	ENOTCONN        = syscall.Errno(0x39)
+	ENOTDIR         = syscall.Errno(0x14)
+	ENOTEMPTY       = syscall.Errno(0x42)
+	ENOTRECOVERABLE = syscall.Errno(0x5d)
+	ENOTSOCK        = syscall.Errno(0x26)
+	ENOTSUP         = syscall.Errno(0x5b)
+	ENOTTY          = syscall.Errno(0x19)
+	ENXIO           = syscall.Errno(0x6)
+	EOPNOTSUPP      = syscall.Errno(0x2d)
+	EOVERFLOW       = syscall.Errno(0x57)
+	EOWNERDEAD      = syscall.Errno(0x5e)
+	EPERM           = syscall.Errno(0x1)
+	EPFNOSUPPORT    = syscall.Errno(0x2e)
+	EPIPE           = syscall.Errno(0x20)
+	EPROCLIM        = syscall.Errno(0x43)
+	EPROCUNAVAIL    = syscall.Errno(0x4c)
+	EPROGMISMATCH   = syscall.Errno(0x4b)
+	EPROGUNAVAIL    = syscall.Errno(0x4a)
+	EPROTO          = syscall.Errno(0x5f)
+	EPROTONOSUPPORT = syscall.Errno(0x2b)
+	EPROTOTYPE      = syscall.Errno(0x29)
+	ERANGE          = syscall.Errno(0x22)
+	EREMOTE         = syscall.Errno(0x47)
+	EROFS           = syscall.Errno(0x1e)
+	ERPCMISMATCH    = syscall.Errno(0x49)
+	ESHUTDOWN       = syscall.Errno(0x3a)
+	ESOCKTNOSUPPORT = syscall.Errno(0x2c)
+	ESPIPE          = syscall.Errno(0x1d)
+	ESRCH           = syscall.Errno(0x3)
+	ESTALE          = syscall.Errno(0x46)
+	ETIMEDOUT       = syscall.Errno(0x3c)
+	ETOOMANYREFS    = syscall.Errno(0x3b)
+	ETXTBSY         = syscall.Errno(0x1a)
+	EUSERS          = syscall.Errno(0x44)
+	EWOULDBLOCK     = syscall.Errno(0x23)
+	EXDEV           = syscall.Errno(0x12)
+)
+
+// Signals
+const (
+	SIGABRT   = syscall.Signal(0x6)
+	SIGALRM   = syscall.Signal(0xe)
+	SIGBUS    = syscall.Signal(0xa)
+	SIGCHLD   = syscall.Signal(0x14)
+	SIGCONT   = syscall.Signal(0x13)
+	SIGEMT    = syscall.Signal(0x7)
+	SIGFPE    = syscall.Signal(0x8)
+	SIGHUP    = syscall.Signal(0x1)
+	SIGILL    = syscall.Signal(0x4)
+	SIGINFO   = syscall.Signal(0x1d)
+	SIGINT    = syscall.Signal(0x2)
+	SIGIO     = syscall.Signal(0x17)
+	SIGIOT    = syscall.Signal(0x6)
+	SIGKILL   = syscall.Signal(0x9)
+	SIGPIPE   = syscall.Signal(0xd)
+	SIGPROF   = syscall.Signal(0x1b)
+	SIGQUIT   = syscall.Signal(0x3)
+	SIGSEGV   = syscall.Signal(0xb)
+	SIGSTOP   = syscall.Signal(0x11)
+	SIGSYS    = syscall.Signal(0xc)
+	SIGTERM   = syscall.Signal(0xf)
+	SIGTHR    = syscall.Signal(0x20)
+	SIGTRAP   = syscall.Signal(0x5)
+	SIGTSTP   = syscall.Signal(0x12)
+	SIGTTIN   = syscall.Signal(0x15)
+	SIGTTOU   = syscall.Signal(0x16)
+	SIGURG    = syscall.Signal(0x10)
+	SIGUSR1   = syscall.Signal(0x1e)
+	SIGUSR2   = syscall.Signal(0x1f)
+	SIGVTALRM = syscall.Signal(0x1a)
+	SIGWINCH  = syscall.Signal(0x1c)
+	SIGXCPU   = syscall.Signal(0x18)
+	SIGXFSZ   = syscall.Signal(0x19)
+)
+
+// Error table
+var errorList = [...]struct {
+	num  syscall.Errno
+	name string
+	desc string
+}{
+	{1, "EPERM", "operation not permitted"},
+	{2, "ENOENT", "no such file or directory"},
+	{3, "ESRCH", "no such process"},
+	{4, "EINTR", "interrupted system call"},
+	{5, "EIO", "input/output error"},
+	{6, "ENXIO", "device not configured"},
+	{7, "E2BIG", "argument list too long"},
+	{8, "ENOEXEC", "exec format error"},
+	{9, "EBADF", "bad file descriptor"},
+	{10, "ECHILD", "no child processes"},
+	{11, "EDEADLK", "resource deadlock avoided"},
+	{12, "ENOMEM", "cannot allocate memory"},
+	{13, "EACCES", "permission denied"},
+	{14, "EFAULT", "bad address"},
+	{15, "ENOTBLK", "block device required"},
+	{16, "EBUSY", "device busy"},
+	{17, "EEXIST", "file exists"},
+	{18, "EXDEV", "cross-device link"},
+	{19, "ENODEV", "operation not supported by device"},
+	{20, "ENOTDIR", "not a directory"},
+	{21, "EISDIR", "is a directory"},
+	{22, "EINVAL", "invalid argument"},
+	{23, "ENFILE", "too many open files in system"},
+	{24, "EMFILE", "too many open files"},
+	{25, "ENOTTY", "inappropriate ioctl for device"},
+	{26, "ETXTBSY", "text file busy"},
+	{27, "EFBIG", "file too large"},
+	{28, "ENOSPC", "no space left on device"},
+	{29, "ESPIPE", "illegal seek"},
+	{30, "EROFS", "read-only file system"},
+	{31, "EMLINK", "too many links"},
+	{32, "EPIPE", "broken pipe"},
+	{33, "EDOM", "numerical argument out of domain"},
+	{34, "ERANGE", "result too large"},
+	{35, "EAGAIN", "resource temporarily unavailable"},
+	{36, "EINPROGRESS", "operation now in progress"},
+	{37, "EALREADY", "operation already in progress"},
+	{38, "ENOTSOCK", "socket operation on non-socket"},
+	{39, "EDESTADDRREQ", "destination address required"},
+	{40, "EMSGSIZE", "message too long"},
+	{41, "EPROTOTYPE", "protocol wrong type for socket"},
+	{42, "ENOPROTOOPT", "protocol not available"},
+	{43, "EPROTONOSUPPORT", "protocol not supported"},
+	{44, "ESOCKTNOSUPPORT", "socket type not supported"},
+	{45, "EOPNOTSUPP", "operation not supported"},
+	{46, "EPFNOSUPPORT", "protocol family not supported"},
+	{47, "EAFNOSUPPORT", "address family not supported by protocol family"},
+	{48, "EADDRINUSE", "address already in use"},
+	{49, "EADDRNOTAVAIL", "can't assign requested address"},
+	{50, "ENETDOWN", "network is down"},
+	{51, "ENETUNREACH", "network is unreachable"},
+	{52, "ENETRESET", "network dropped connection on reset"},
+	{53, "ECONNABORTED", "software caused connection abort"},
+	{54, "ECONNRESET", "connection reset by peer"},
+	{55, "ENOBUFS", "no buffer space available"},
+	{56, "EISCONN", "socket is already connected"},
+	{57, "ENOTCONN", "socket is not connected"},
+	{58, "ESHUTDOWN", "can't send after socket shutdown"},
+	{59, "ETOOMANYREFS", "too many references: can't splice"},
+	{60, "ETIMEDOUT", "operation timed out"},
+	{61, "ECONNREFUSED", "connection refused"},
+	{62, "ELOOP", "too many levels of symbolic links"},
+	{63, "ENAMETOOLONG", "file name too long"},
+	{64, "EHOSTDOWN", "host is down"},
+	{65, "EHOSTUNREACH", "no route to host"},
+	{66, "ENOTEMPTY", "directory not empty"},
+	{67, "EPROCLIM", "too many processes"},
+	{68, "EUSERS", "too many users"},
+	{69, "EDQUOT", "disk quota exceeded"},
+	{70, "ESTALE", "stale NFS file handle"},
+	{71, "EREMOTE", "too many levels of remote in path"},
+	{72, "EBADRPC", "RPC struct is bad"},
+	{73, "ERPCMISMATCH", "RPC version wrong"},
+	{74, "EPROGUNAVAIL", "RPC program not available"},
+	{75, "EPROGMISMATCH", "program version wrong"},
+	{76, "EPROCUNAVAIL", "bad procedure for program"},
+	{77, "ENOLCK", "no locks available"},
+	{78, "ENOSYS", "function not implemented"},
+	{79, "EFTYPE", "inappropriate file type or format"},
+	{80, "EAUTH", "authentication error"},
+	{81, "ENEEDAUTH", "need authenticator"},
+	{82, "EIPSEC", "IPsec processing failure"},
+	{83, "ENOATTR", "attribute not found"},
+	{84, "EILSEQ", "illegal byte sequence"},
+	{85, "ENOMEDIUM", "no medium found"},
+	{86, "EMEDIUMTYPE", "wrong medium type"},
+	{87, "EOVERFLOW", "value too large to be stored in data type"},
+	{88, "ECANCELED", "operation canceled"},
+	{89, "EIDRM", "identifier removed"},
+	{90, "ENOMSG", "no message of desired type"},
+	{91, "ENOTSUP", "not supported"},
+	{92, "EBADMSG", "bad message"},
+	{93, "ENOTRECOVERABLE", "state not recoverable"},
+	{94, "EOWNERDEAD", "previous owner died"},
+	{95, "ELAST", "protocol error"},
+}
+
+// Signal table
+var signalList = [...]struct {
+	num  syscall.Signal
+	name string
+	desc string
+}{
+	{1, "SIGHUP", "hangup"},
+	{2, "SIGINT", "interrupt"},
+	{3, "SIGQUIT", "quit"},
+	{4, "SIGILL", "illegal instruction"},
+	{5, "SIGTRAP", "trace/BPT trap"},
+	{6, "SIGABRT", "abort trap"},
+	{7, "SIGEMT", "EMT trap"},
+	{8, "SIGFPE", "floating point exception"},
+	{9, "SIGKILL", "killed"},
+	{10, "SIGBUS", "bus error"},
+	{11, "SIGSEGV", "segmentation fault"},
+	{12, "SIGSYS", "bad system call"},
+	{13, "SIGPIPE", "broken pipe"},
+	{14, "SIGALRM", "alarm clock"},
+	{15, "SIGTERM", "terminated"},
+	{16, "SIGURG", "urgent I/O condition"},
+	{17, "SIGSTOP", "suspended (signal)"},
+	{18, "SIGTSTP", "suspended"},
+	{19, "SIGCONT", "continued"},
+	{20, "SIGCHLD", "child exited"},
+	{21, "SIGTTIN", "stopped (tty input)"},
+	{22, "SIGTTOU", "stopped (tty output)"},
+	{23, "SIGIO", "I/O possible"},
+	{24, "SIGXCPU", "cputime limit exceeded"},
+	{25, "SIGXFSZ", "filesize limit exceeded"},
+	{26, "SIGVTALRM", "virtual timer expired"},
+	{27, "SIGPROF", "profiling timer expired"},
+	{28, "SIGWINCH", "window size changes"},
+	{29, "SIGINFO", "information request"},
+	{30, "SIGUSR1", "user defined signal 1"},
+	{31, "SIGUSR2", "user defined signal 2"},
+	{32, "SIGTHR", "thread AST"},
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_solaris_amd64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_solaris_amd64.go
new file mode 100644
index 000000000..46e054ccb
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zerrors_solaris_amd64.go
@@ -0,0 +1,1533 @@
+// mkerrors.sh -m64
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build amd64,solaris
+
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs -- -m64 _const.go
+
+package unix
+
+import "syscall"
+
+const (
+	AF_802                        = 0x12
+	AF_APPLETALK                  = 0x10
+	AF_CCITT                      = 0xa
+	AF_CHAOS                      = 0x5
+	AF_DATAKIT                    = 0x9
+	AF_DECnet                     = 0xc
+	AF_DLI                        = 0xd
+	AF_ECMA                       = 0x8
+	AF_FILE                       = 0x1
+	AF_GOSIP                      = 0x16
+	AF_HYLINK                     = 0xf
+	AF_IMPLINK                    = 0x3
+	AF_INET                       = 0x2
+	AF_INET6                      = 0x1a
+	AF_INET_OFFLOAD               = 0x1e
+	AF_IPX                        = 0x17
+	AF_KEY                        = 0x1b
+	AF_LAT                        = 0xe
+	AF_LINK                       = 0x19
+	AF_LOCAL                      = 0x1
+	AF_MAX                        = 0x20
+	AF_NBS                        = 0x7
+	AF_NCA                        = 0x1c
+	AF_NIT                        = 0x11
+	AF_NS                         = 0x6
+	AF_OSI                        = 0x13
+	AF_OSINET                     = 0x15
+	AF_PACKET                     = 0x20
+	AF_POLICY                     = 0x1d
+	AF_PUP                        = 0x4
+	AF_ROUTE                      = 0x18
+	AF_SNA                        = 0xb
+	AF_TRILL                      = 0x1f
+	AF_UNIX                       = 0x1
+	AF_UNSPEC                     = 0x0
+	AF_X25                        = 0x14
+	ARPHRD_ARCNET                 = 0x7
+	ARPHRD_ATM                    = 0x10
+	ARPHRD_AX25                   = 0x3
+	ARPHRD_CHAOS                  = 0x5
+	ARPHRD_EETHER                 = 0x2
+	ARPHRD_ETHER                  = 0x1
+	ARPHRD_FC                     = 0x12
+	ARPHRD_FRAME                  = 0xf
+	ARPHRD_HDLC                   = 0x11
+	ARPHRD_IB                     = 0x20
+	ARPHRD_IEEE802                = 0x6
+	ARPHRD_IPATM                  = 0x13
+	ARPHRD_METRICOM               = 0x17
+	ARPHRD_TUNNEL                 = 0x1f
+	B0                            = 0x0
+	B110                          = 0x3
+	B115200                       = 0x12
+	B1200                         = 0x9
+	B134                          = 0x4
+	B150                          = 0x5
+	B153600                       = 0x13
+	B1800                         = 0xa
+	B19200                        = 0xe
+	B200                          = 0x6
+	B230400                       = 0x14
+	B2400                         = 0xb
+	B300                          = 0x7
+	B307200                       = 0x15
+	B38400                        = 0xf
+	B460800                       = 0x16
+	B4800                         = 0xc
+	B50                           = 0x1
+	B57600                        = 0x10
+	B600                          = 0x8
+	B75                           = 0x2
+	B76800                        = 0x11
+	B921600                       = 0x17
+	B9600                         = 0xd
+	BIOCFLUSH                     = 0x20004268
+	BIOCGBLEN                     = 0x40044266
+	BIOCGDLT                      = 0x4004426a
+	BIOCGDLTLIST                  = -0x3fefbd89
+	BIOCGDLTLIST32                = -0x3ff7bd89
+	BIOCGETIF                     = 0x4020426b
+	BIOCGETLIF                    = 0x4078426b
+	BIOCGHDRCMPLT                 = 0x40044274
+	BIOCGRTIMEOUT                 = 0x4010427b
+	BIOCGRTIMEOUT32               = 0x4008427b
+	BIOCGSEESENT                  = 0x40044278
+	BIOCGSTATS                    = 0x4080426f
+	BIOCGSTATSOLD                 = 0x4008426f
+	BIOCIMMEDIATE                 = -0x7ffbbd90
+	BIOCPROMISC                   = 0x20004269
+	BIOCSBLEN                     = -0x3ffbbd9a
+	BIOCSDLT                      = -0x7ffbbd8a
+	BIOCSETF                      = -0x7fefbd99
+	BIOCSETF32                    = -0x7ff7bd99
+	BIOCSETIF                     = -0x7fdfbd94
+	BIOCSETLIF                    = -0x7f87bd94
+	BIOCSHDRCMPLT                 = -0x7ffbbd8b
+	BIOCSRTIMEOUT                 = -0x7fefbd86
+	BIOCSRTIMEOUT32               = -0x7ff7bd86
+	BIOCSSEESENT                  = -0x7ffbbd87
+	BIOCSTCPF                     = -0x7fefbd8e
+	BIOCSUDPF                     = -0x7fefbd8d
+	BIOCVERSION                   = 0x40044271
+	BPF_A                         = 0x10
+	BPF_ABS                       = 0x20
+	BPF_ADD                       = 0x0
+	BPF_ALIGNMENT                 = 0x4
+	BPF_ALU                       = 0x4
+	BPF_AND                       = 0x50
+	BPF_B                         = 0x10
+	BPF_DFLTBUFSIZE               = 0x100000
+	BPF_DIV                       = 0x30
+	BPF_H                         = 0x8
+	BPF_IMM                       = 0x0
+	BPF_IND                       = 0x40
+	BPF_JA                        = 0x0
+	BPF_JEQ                       = 0x10
+	BPF_JGE                       = 0x30
+	BPF_JGT                       = 0x20
+	BPF_JMP                       = 0x5
+	BPF_JSET                      = 0x40
+	BPF_K                         = 0x0
+	BPF_LD                        = 0x0
+	BPF_LDX                       = 0x1
+	BPF_LEN                       = 0x80
+	BPF_LSH                       = 0x60
+	BPF_MAJOR_VERSION             = 0x1
+	BPF_MAXBUFSIZE                = 0x1000000
+	BPF_MAXINSNS                  = 0x200
+	BPF_MEM                       = 0x60
+	BPF_MEMWORDS                  = 0x10
+	BPF_MINBUFSIZE                = 0x20
+	BPF_MINOR_VERSION             = 0x1
+	BPF_MISC                      = 0x7
+	BPF_MSH                       = 0xa0
+	BPF_MUL                       = 0x20
+	BPF_NEG                       = 0x80
+	BPF_OR                        = 0x40
+	BPF_RELEASE                   = 0x30bb6
+	BPF_RET                       = 0x6
+	BPF_RSH                       = 0x70
+	BPF_ST                        = 0x2
+	BPF_STX                       = 0x3
+	BPF_SUB                       = 0x10
+	BPF_TAX                       = 0x0
+	BPF_TXA                       = 0x80
+	BPF_W                         = 0x0
+	BPF_X                         = 0x8
+	BRKINT                        = 0x2
+	BS0                           = 0x0
+	BS1                           = 0x2000
+	BSDLY                         = 0x2000
+	CBAUD                         = 0xf
+	CFLUSH                        = 0xf
+	CIBAUD                        = 0xf0000
+	CLOCAL                        = 0x800
+	CLOCK_HIGHRES                 = 0x4
+	CLOCK_LEVEL                   = 0xa
+	CLOCK_MONOTONIC               = 0x4
+	CLOCK_PROCESS_CPUTIME_ID      = 0x5
+	CLOCK_PROF                    = 0x2
+	CLOCK_REALTIME                = 0x3
+	CLOCK_THREAD_CPUTIME_ID       = 0x2
+	CLOCK_VIRTUAL                 = 0x1
+	CR0                           = 0x0
+	CR1                           = 0x200
+	CR2                           = 0x400
+	CR3                           = 0x600
+	CRDLY                         = 0x600
+	CREAD                         = 0x80
+	CRTSCTS                       = 0x80000000
+	CS5                           = 0x0
+	CS6                           = 0x10
+	CS7                           = 0x20
+	CS8                           = 0x30
+	CSIZE                         = 0x30
+	CSTART                        = 0x11
+	CSTATUS                       = 0x14
+	CSTOP                         = 0x13
+	CSTOPB                        = 0x40
+	CSUSP                         = 0x1a
+	CSWTCH                        = 0x1a
+	DLT_AIRONET_HEADER            = 0x78
+	DLT_APPLE_IP_OVER_IEEE1394    = 0x8a
+	DLT_ARCNET                    = 0x7
+	DLT_ARCNET_LINUX              = 0x81
+	DLT_ATM_CLIP                  = 0x13
+	DLT_ATM_RFC1483               = 0xb
+	DLT_AURORA                    = 0x7e
+	DLT_AX25                      = 0x3
+	DLT_BACNET_MS_TP              = 0xa5
+	DLT_CHAOS                     = 0x5
+	DLT_CISCO_IOS                 = 0x76
+	DLT_C_HDLC                    = 0x68
+	DLT_DOCSIS                    = 0x8f
+	DLT_ECONET                    = 0x73
+	DLT_EN10MB                    = 0x1
+	DLT_EN3MB                     = 0x2
+	DLT_ENC                       = 0x6d
+	DLT_ERF_ETH                   = 0xaf
+	DLT_ERF_POS                   = 0xb0
+	DLT_FDDI                      = 0xa
+	DLT_FRELAY                    = 0x6b
+	DLT_GCOM_SERIAL               = 0xad
+	DLT_GCOM_T1E1                 = 0xac
+	DLT_GPF_F                     = 0xab
+	DLT_GPF_T                     = 0xaa
+	DLT_GPRS_LLC                  = 0xa9
+	DLT_HDLC                      = 0x10
+	DLT_HHDLC                     = 0x79
+	DLT_HIPPI                     = 0xf
+	DLT_IBM_SN                    = 0x92
+	DLT_IBM_SP                    = 0x91
+	DLT_IEEE802                   = 0x6
+	DLT_IEEE802_11                = 0x69
+	DLT_IEEE802_11_RADIO          = 0x7f
+	DLT_IEEE802_11_RADIO_AVS      = 0xa3
+	DLT_IPNET                     = 0xe2
+	DLT_IPOIB                     = 0xa2
+	DLT_IP_OVER_FC                = 0x7a
+	DLT_JUNIPER_ATM1              = 0x89
+	DLT_JUNIPER_ATM2              = 0x87
+	DLT_JUNIPER_CHDLC             = 0xb5
+	DLT_JUNIPER_ES                = 0x84
+	DLT_JUNIPER_ETHER             = 0xb2
+	DLT_JUNIPER_FRELAY            = 0xb4
+	DLT_JUNIPER_GGSN              = 0x85
+	DLT_JUNIPER_MFR               = 0x86
+	DLT_JUNIPER_MLFR              = 0x83
+	DLT_JUNIPER_MLPPP             = 0x82
+	DLT_JUNIPER_MONITOR           = 0xa4
+	DLT_JUNIPER_PIC_PEER          = 0xae
+	DLT_JUNIPER_PPP               = 0xb3
+	DLT_JUNIPER_PPPOE             = 0xa7
+	DLT_JUNIPER_PPPOE_ATM         = 0xa8
+	DLT_JUNIPER_SERVICES          = 0x88
+	DLT_LINUX_IRDA                = 0x90
+	DLT_LINUX_LAPD                = 0xb1
+	DLT_LINUX_SLL                 = 0x71
+	DLT_LOOP                      = 0x6c
+	DLT_LTALK                     = 0x72
+	DLT_MTP2                      = 0x8c
+	DLT_MTP2_WITH_PHDR            = 0x8b
+	DLT_MTP3                      = 0x8d
+	DLT_NULL                      = 0x0
+	DLT_PCI_EXP                   = 0x7d
+	DLT_PFLOG                     = 0x75
+	DLT_PFSYNC                    = 0x12
+	DLT_PPP                       = 0x9
+	DLT_PPP_BSDOS                 = 0xe
+	DLT_PPP_PPPD                  = 0xa6
+	DLT_PRISM_HEADER              = 0x77
+	DLT_PRONET                    = 0x4
+	DLT_RAW                       = 0xc
+	DLT_RAWAF_MASK                = 0x2240000
+	DLT_RIO                       = 0x7c
+	DLT_SCCP                      = 0x8e
+	DLT_SLIP                      = 0x8
+	DLT_SLIP_BSDOS                = 0xd
+	DLT_SUNATM                    = 0x7b
+	DLT_SYMANTEC_FIREWALL         = 0x63
+	DLT_TZSP                      = 0x80
+	ECHO                          = 0x8
+	ECHOCTL                       = 0x200
+	ECHOE                         = 0x10
+	ECHOK                         = 0x20
+	ECHOKE                        = 0x800
+	ECHONL                        = 0x40
+	ECHOPRT                       = 0x400
+	EMPTY_SET                     = 0x0
+	EMT_CPCOVF                    = 0x1
+	EQUALITY_CHECK                = 0x0
+	EXTA                          = 0xe
+	EXTB                          = 0xf
+	FD_CLOEXEC                    = 0x1
+	FD_NFDBITS                    = 0x40
+	FD_SETSIZE                    = 0x10000
+	FF0                           = 0x0
+	FF1                           = 0x8000
+	FFDLY                         = 0x8000
+	FLUSHALL                      = 0x1
+	FLUSHDATA                     = 0x0
+	FLUSHO                        = 0x2000
+	F_ALLOCSP                     = 0xa
+	F_ALLOCSP64                   = 0xa
+	F_BADFD                       = 0x2e
+	F_BLKSIZE                     = 0x13
+	F_BLOCKS                      = 0x12
+	F_CHKFL                       = 0x8
+	F_COMPAT                      = 0x8
+	F_DUP2FD                      = 0x9
+	F_DUP2FD_CLOEXEC              = 0x24
+	F_DUPFD                       = 0x0
+	F_DUPFD_CLOEXEC               = 0x25
+	F_FLOCK                       = 0x35
+	F_FLOCK64                     = 0x35
+	F_FLOCKW                      = 0x36
+	F_FLOCKW64                    = 0x36
+	F_FREESP                      = 0xb
+	F_FREESP64                    = 0xb
+	F_GETFD                       = 0x1
+	F_GETFL                       = 0x3
+	F_GETLK                       = 0xe
+	F_GETLK64                     = 0xe
+	F_GETOWN                      = 0x17
+	F_GETXFL                      = 0x2d
+	F_HASREMOTELOCKS              = 0x1a
+	F_ISSTREAM                    = 0xd
+	F_MANDDNY                     = 0x10
+	F_MDACC                       = 0x20
+	F_NODNY                       = 0x0
+	F_NPRIV                       = 0x10
+	F_OFD_GETLK                   = 0x2f
+	F_OFD_GETLK64                 = 0x2f
+	F_OFD_SETLK                   = 0x30
+	F_OFD_SETLK64                 = 0x30
+	F_OFD_SETLKW                  = 0x31
+	F_OFD_SETLKW64                = 0x31
+	F_PRIV                        = 0xf
+	F_QUOTACTL                    = 0x11
+	F_RDACC                       = 0x1
+	F_RDDNY                       = 0x1
+	F_RDLCK                       = 0x1
+	F_REVOKE                      = 0x19
+	F_RMACC                       = 0x4
+	F_RMDNY                       = 0x4
+	F_RWACC                       = 0x3
+	F_RWDNY                       = 0x3
+	F_SETFD                       = 0x2
+	F_SETFL                       = 0x4
+	F_SETLK                       = 0x6
+	F_SETLK64                     = 0x6
+	F_SETLK64_NBMAND              = 0x2a
+	F_SETLKW                      = 0x7
+	F_SETLKW64                    = 0x7
+	F_SETLK_NBMAND                = 0x2a
+	F_SETOWN                      = 0x18
+	F_SHARE                       = 0x28
+	F_SHARE_NBMAND                = 0x2b
+	F_UNLCK                       = 0x3
+	F_UNLKSYS                     = 0x4
+	F_UNSHARE                     = 0x29
+	F_WRACC                       = 0x2
+	F_WRDNY                       = 0x2
+	F_WRLCK                       = 0x2
+	HUPCL                         = 0x400
+	IBSHIFT                       = 0x10
+	ICANON                        = 0x2
+	ICRNL                         = 0x100
+	IEXTEN                        = 0x8000
+	IFF_ADDRCONF                  = 0x80000
+	IFF_ALLMULTI                  = 0x200
+	IFF_ANYCAST                   = 0x400000
+	IFF_BROADCAST                 = 0x2
+	IFF_CANTCHANGE                = 0x7f203003b5a
+	IFF_COS_ENABLED               = 0x200000000
+	IFF_DEBUG                     = 0x4
+	IFF_DEPRECATED                = 0x40000
+	IFF_DHCPRUNNING               = 0x4000
+	IFF_DUPLICATE                 = 0x4000000000
+	IFF_FAILED                    = 0x10000000
+	IFF_FIXEDMTU                  = 0x1000000000
+	IFF_INACTIVE                  = 0x40000000
+	IFF_INTELLIGENT               = 0x400
+	IFF_IPMP                      = 0x8000000000
+	IFF_IPMP_CANTCHANGE           = 0x10000000
+	IFF_IPMP_INVALID              = 0x1ec200080
+	IFF_IPV4                      = 0x1000000
+	IFF_IPV6                      = 0x2000000
+	IFF_L3PROTECT                 = 0x40000000000
+	IFF_LOOPBACK                  = 0x8
+	IFF_MULTICAST                 = 0x800
+	IFF_MULTI_BCAST               = 0x1000
+	IFF_NOACCEPT                  = 0x4000000
+	IFF_NOARP                     = 0x80
+	IFF_NOFAILOVER                = 0x8000000
+	IFF_NOLINKLOCAL               = 0x20000000000
+	IFF_NOLOCAL                   = 0x20000
+	IFF_NONUD                     = 0x200000
+	IFF_NORTEXCH                  = 0x800000
+	IFF_NOTRAILERS                = 0x20
+	IFF_NOXMIT                    = 0x10000
+	IFF_OFFLINE                   = 0x80000000
+	IFF_POINTOPOINT               = 0x10
+	IFF_PREFERRED                 = 0x400000000
+	IFF_PRIVATE                   = 0x8000
+	IFF_PROMISC                   = 0x100
+	IFF_ROUTER                    = 0x100000
+	IFF_RUNNING                   = 0x40
+	IFF_STANDBY                   = 0x20000000
+	IFF_TEMPORARY                 = 0x800000000
+	IFF_UNNUMBERED                = 0x2000
+	IFF_UP                        = 0x1
+	IFF_VIRTUAL                   = 0x2000000000
+	IFF_VRRP                      = 0x10000000000
+	IFF_XRESOLV                   = 0x100000000
+	IFNAMSIZ                      = 0x10
+	IFT_1822                      = 0x2
+	IFT_6TO4                      = 0xca
+	IFT_AAL5                      = 0x31
+	IFT_ARCNET                    = 0x23
+	IFT_ARCNETPLUS                = 0x24
+	IFT_ATM                       = 0x25
+	IFT_CEPT                      = 0x13
+	IFT_DS3                       = 0x1e
+	IFT_EON                       = 0x19
+	IFT_ETHER                     = 0x6
+	IFT_FDDI                      = 0xf
+	IFT_FRELAY                    = 0x20
+	IFT_FRELAYDCE                 = 0x2c
+	IFT_HDH1822                   = 0x3
+	IFT_HIPPI                     = 0x2f
+	IFT_HSSI                      = 0x2e
+	IFT_HY                        = 0xe
+	IFT_IB                        = 0xc7
+	IFT_IPV4                      = 0xc8
+	IFT_IPV6                      = 0xc9
+	IFT_ISDNBASIC                 = 0x14
+	IFT_ISDNPRIMARY               = 0x15
+	IFT_ISO88022LLC               = 0x29
+	IFT_ISO88023                  = 0x7
+	IFT_ISO88024                  = 0x8
+	IFT_ISO88025                  = 0x9
+	IFT_ISO88026                  = 0xa
+	IFT_LAPB                      = 0x10
+	IFT_LOCALTALK                 = 0x2a
+	IFT_LOOP                      = 0x18
+	IFT_MIOX25                    = 0x26
+	IFT_MODEM                     = 0x30
+	IFT_NSIP                      = 0x1b
+	IFT_OTHER                     = 0x1
+	IFT_P10                       = 0xc
+	IFT_P80                       = 0xd
+	IFT_PARA                      = 0x22
+	IFT_PPP                       = 0x17
+	IFT_PROPMUX                   = 0x36
+	IFT_PROPVIRTUAL               = 0x35
+	IFT_PTPSERIAL                 = 0x16
+	IFT_RS232                     = 0x21
+	IFT_SDLC                      = 0x11
+	IFT_SIP                       = 0x1f
+	IFT_SLIP                      = 0x1c
+	IFT_SMDSDXI                   = 0x2b
+	IFT_SMDSICIP                  = 0x34
+	IFT_SONET                     = 0x27
+	IFT_SONETPATH                 = 0x32
+	IFT_SONETVT                   = 0x33
+	IFT_STARLAN                   = 0xb
+	IFT_T1                        = 0x12
+	IFT_ULTRA                     = 0x1d
+	IFT_V35                       = 0x2d
+	IFT_X25                       = 0x5
+	IFT_X25DDN                    = 0x4
+	IFT_X25PLE                    = 0x28
+	IFT_XETHER                    = 0x1a
+	IGNBRK                        = 0x1
+	IGNCR                         = 0x80
+	IGNPAR                        = 0x4
+	IMAXBEL                       = 0x2000
+	INLCR                         = 0x40
+	INPCK                         = 0x10
+	IN_AUTOCONF_MASK              = 0xffff0000
+	IN_AUTOCONF_NET               = 0xa9fe0000
+	IN_CLASSA_HOST                = 0xffffff
+	IN_CLASSA_MAX                 = 0x80
+	IN_CLASSA_NET                 = 0xff000000
+	IN_CLASSA_NSHIFT              = 0x18
+	IN_CLASSB_HOST                = 0xffff
+	IN_CLASSB_MAX                 = 0x10000
+	IN_CLASSB_NET                 = 0xffff0000
+	IN_CLASSB_NSHIFT              = 0x10
+	IN_CLASSC_HOST                = 0xff
+	IN_CLASSC_NET                 = 0xffffff00
+	IN_CLASSC_NSHIFT              = 0x8
+	IN_CLASSD_HOST                = 0xfffffff
+	IN_CLASSD_NET                 = 0xf0000000
+	IN_CLASSD_NSHIFT              = 0x1c
+	IN_CLASSE_NET                 = 0xffffffff
+	IN_LOOPBACKNET                = 0x7f
+	IN_PRIVATE12_MASK             = 0xfff00000
+	IN_PRIVATE12_NET              = 0xac100000
+	IN_PRIVATE16_MASK             = 0xffff0000
+	IN_PRIVATE16_NET              = 0xc0a80000
+	IN_PRIVATE8_MASK              = 0xff000000
+	IN_PRIVATE8_NET               = 0xa000000
+	IPPROTO_AH                    = 0x33
+	IPPROTO_DSTOPTS               = 0x3c
+	IPPROTO_EGP                   = 0x8
+	IPPROTO_ENCAP                 = 0x4
+	IPPROTO_EON                   = 0x50
+	IPPROTO_ESP                   = 0x32
+	IPPROTO_FRAGMENT              = 0x2c
+	IPPROTO_GGP                   = 0x3
+	IPPROTO_HELLO                 = 0x3f
+	IPPROTO_HOPOPTS               = 0x0
+	IPPROTO_ICMP                  = 0x1
+	IPPROTO_ICMPV6                = 0x3a
+	IPPROTO_IDP                   = 0x16
+	IPPROTO_IGMP                  = 0x2
+	IPPROTO_IP                    = 0x0
+	IPPROTO_IPV6                  = 0x29
+	IPPROTO_MAX                   = 0x100
+	IPPROTO_ND                    = 0x4d
+	IPPROTO_NONE                  = 0x3b
+	IPPROTO_OSPF                  = 0x59
+	IPPROTO_PIM                   = 0x67
+	IPPROTO_PUP                   = 0xc
+	IPPROTO_RAW                   = 0xff
+	IPPROTO_ROUTING               = 0x2b
+	IPPROTO_RSVP                  = 0x2e
+	IPPROTO_SCTP                  = 0x84
+	IPPROTO_TCP                   = 0x6
+	IPPROTO_UDP                   = 0x11
+	IPV6_ADD_MEMBERSHIP           = 0x9
+	IPV6_BOUND_IF                 = 0x41
+	IPV6_CHECKSUM                 = 0x18
+	IPV6_DONTFRAG                 = 0x21
+	IPV6_DROP_MEMBERSHIP          = 0xa
+	IPV6_DSTOPTS                  = 0xf
+	IPV6_FLOWINFO_FLOWLABEL       = 0xffff0f00
+	IPV6_FLOWINFO_TCLASS          = 0xf00f
+	IPV6_HOPLIMIT                 = 0xc
+	IPV6_HOPOPTS                  = 0xe
+	IPV6_JOIN_GROUP               = 0x9
+	IPV6_LEAVE_GROUP              = 0xa
+	IPV6_MULTICAST_HOPS           = 0x7
+	IPV6_MULTICAST_IF             = 0x6
+	IPV6_MULTICAST_LOOP           = 0x8
+	IPV6_NEXTHOP                  = 0xd
+	IPV6_PAD1_OPT                 = 0x0
+	IPV6_PATHMTU                  = 0x25
+	IPV6_PKTINFO                  = 0xb
+	IPV6_PREFER_SRC_CGA           = 0x20
+	IPV6_PREFER_SRC_CGADEFAULT    = 0x10
+	IPV6_PREFER_SRC_CGAMASK       = 0x30
+	IPV6_PREFER_SRC_COA           = 0x2
+	IPV6_PREFER_SRC_DEFAULT       = 0x15
+	IPV6_PREFER_SRC_HOME          = 0x1
+	IPV6_PREFER_SRC_MASK          = 0x3f
+	IPV6_PREFER_SRC_MIPDEFAULT    = 0x1
+	IPV6_PREFER_SRC_MIPMASK       = 0x3
+	IPV6_PREFER_SRC_NONCGA        = 0x10
+	IPV6_PREFER_SRC_PUBLIC        = 0x4
+	IPV6_PREFER_SRC_TMP           = 0x8
+	IPV6_PREFER_SRC_TMPDEFAULT    = 0x4
+	IPV6_PREFER_SRC_TMPMASK       = 0xc
+	IPV6_RECVDSTOPTS              = 0x28
+	IPV6_RECVHOPLIMIT             = 0x13
+	IPV6_RECVHOPOPTS              = 0x14
+	IPV6_RECVPATHMTU              = 0x24
+	IPV6_RECVPKTINFO              = 0x12
+	IPV6_RECVRTHDR                = 0x16
+	IPV6_RECVRTHDRDSTOPTS         = 0x17
+	IPV6_RECVTCLASS               = 0x19
+	IPV6_RTHDR                    = 0x10
+	IPV6_RTHDRDSTOPTS             = 0x11
+	IPV6_RTHDR_TYPE_0             = 0x0
+	IPV6_SEC_OPT                  = 0x22
+	IPV6_SRC_PREFERENCES          = 0x23
+	IPV6_TCLASS                   = 0x26
+	IPV6_UNICAST_HOPS             = 0x5
+	IPV6_UNSPEC_SRC               = 0x42
+	IPV6_USE_MIN_MTU              = 0x20
+	IPV6_V6ONLY                   = 0x27
+	IP_ADD_MEMBERSHIP             = 0x13
+	IP_ADD_SOURCE_MEMBERSHIP      = 0x17
+	IP_BLOCK_SOURCE               = 0x15
+	IP_BOUND_IF                   = 0x41
+	IP_BROADCAST                  = 0x106
+	IP_BROADCAST_TTL              = 0x43
+	IP_DEFAULT_MULTICAST_LOOP     = 0x1
+	IP_DEFAULT_MULTICAST_TTL      = 0x1
+	IP_DF                         = 0x4000
+	IP_DHCPINIT_IF                = 0x45
+	IP_DONTFRAG                   = 0x1b
+	IP_DONTROUTE                  = 0x105
+	IP_DROP_MEMBERSHIP            = 0x14
+	IP_DROP_SOURCE_MEMBERSHIP     = 0x18
+	IP_HDRINCL                    = 0x2
+	IP_MAXPACKET                  = 0xffff
+	IP_MF                         = 0x2000
+	IP_MSS                        = 0x240
+	IP_MULTICAST_IF               = 0x10
+	IP_MULTICAST_LOOP             = 0x12
+	IP_MULTICAST_TTL              = 0x11
+	IP_NEXTHOP                    = 0x19
+	IP_OPTIONS                    = 0x1
+	IP_PKTINFO                    = 0x1a
+	IP_RECVDSTADDR                = 0x7
+	IP_RECVIF                     = 0x9
+	IP_RECVOPTS                   = 0x5
+	IP_RECVPKTINFO                = 0x1a
+	IP_RECVRETOPTS                = 0x6
+	IP_RECVSLLA                   = 0xa
+	IP_RECVTTL                    = 0xb
+	IP_RETOPTS                    = 0x8
+	IP_REUSEADDR                  = 0x104
+	IP_SEC_OPT                    = 0x22
+	IP_TOS                        = 0x3
+	IP_TTL                        = 0x4
+	IP_UNBLOCK_SOURCE             = 0x16
+	IP_UNSPEC_SRC                 = 0x42
+	ISIG                          = 0x1
+	ISTRIP                        = 0x20
+	IUCLC                         = 0x200
+	IXANY                         = 0x800
+	IXOFF                         = 0x1000
+	IXON                          = 0x400
+	LOCK_EX                       = 0x2
+	LOCK_NB                       = 0x4
+	LOCK_SH                       = 0x1
+	LOCK_UN                       = 0x8
+	MADV_ACCESS_DEFAULT           = 0x6
+	MADV_ACCESS_LWP               = 0x7
+	MADV_ACCESS_MANY              = 0x8
+	MADV_DONTNEED                 = 0x4
+	MADV_FREE                     = 0x5
+	MADV_NORMAL                   = 0x0
+	MADV_PURGE                    = 0x9
+	MADV_RANDOM                   = 0x1
+	MADV_SEQUENTIAL               = 0x2
+	MADV_WILLNEED                 = 0x3
+	MAP_32BIT                     = 0x80
+	MAP_ALIGN                     = 0x200
+	MAP_ANON                      = 0x100
+	MAP_ANONYMOUS                 = 0x100
+	MAP_FILE                      = 0x0
+	MAP_FIXED                     = 0x10
+	MAP_INITDATA                  = 0x800
+	MAP_NORESERVE                 = 0x40
+	MAP_PRIVATE                   = 0x2
+	MAP_RENAME                    = 0x20
+	MAP_SHARED                    = 0x1
+	MAP_TEXT                      = 0x400
+	MAP_TYPE                      = 0xf
+	MCL_CURRENT                   = 0x1
+	MCL_FUTURE                    = 0x2
+	MSG_CTRUNC                    = 0x10
+	MSG_DONTROUTE                 = 0x4
+	MSG_DONTWAIT                  = 0x80
+	MSG_DUPCTRL                   = 0x800
+	MSG_EOR                       = 0x8
+	MSG_MAXIOVLEN                 = 0x10
+	MSG_NOTIFICATION              = 0x100
+	MSG_OOB                       = 0x1
+	MSG_PEEK                      = 0x2
+	MSG_TRUNC                     = 0x20
+	MSG_WAITALL                   = 0x40
+	MSG_XPG4_2                    = 0x8000
+	MS_ASYNC                      = 0x1
+	MS_INVALIDATE                 = 0x2
+	MS_OLDSYNC                    = 0x0
+	MS_SYNC                       = 0x4
+	M_FLUSH                       = 0x86
+	NAME_MAX                      = 0xff
+	NEWDEV                        = 0x1
+	NFDBITS                       = 0x40
+	NL0                           = 0x0
+	NL1                           = 0x100
+	NLDLY                         = 0x100
+	NOFLSH                        = 0x80
+	OCRNL                         = 0x8
+	OFDEL                         = 0x80
+	OFILL                         = 0x40
+	OLCUC                         = 0x2
+	OLDDEV                        = 0x0
+	ONBITSMAJOR                   = 0x7
+	ONBITSMINOR                   = 0x8
+	ONLCR                         = 0x4
+	ONLRET                        = 0x20
+	ONOCR                         = 0x10
+	OPENFAIL                      = -0x1
+	OPOST                         = 0x1
+	O_ACCMODE                     = 0x600003
+	O_APPEND                      = 0x8
+	O_CLOEXEC                     = 0x800000
+	O_CREAT                       = 0x100
+	O_DSYNC                       = 0x40
+	O_EXCL                        = 0x400
+	O_EXEC                        = 0x400000
+	O_LARGEFILE                   = 0x2000
+	O_NDELAY                      = 0x4
+	O_NOCTTY                      = 0x800
+	O_NOFOLLOW                    = 0x20000
+	O_NOLINKS                     = 0x40000
+	O_NONBLOCK                    = 0x80
+	O_RDONLY                      = 0x0
+	O_RDWR                        = 0x2
+	O_RSYNC                       = 0x8000
+	O_SEARCH                      = 0x200000
+	O_SIOCGIFCONF                 = -0x3ff796ec
+	O_SIOCGLIFCONF                = -0x3fef9688
+	O_SYNC                        = 0x10
+	O_TRUNC                       = 0x200
+	O_WRONLY                      = 0x1
+	O_XATTR                       = 0x4000
+	PARENB                        = 0x100
+	PAREXT                        = 0x100000
+	PARMRK                        = 0x8
+	PARODD                        = 0x200
+	PENDIN                        = 0x4000
+	PRIO_PGRP                     = 0x1
+	PRIO_PROCESS                  = 0x0
+	PRIO_USER                     = 0x2
+	PROT_EXEC                     = 0x4
+	PROT_NONE                     = 0x0
+	PROT_READ                     = 0x1
+	PROT_WRITE                    = 0x2
+	RLIMIT_AS                     = 0x6
+	RLIMIT_CORE                   = 0x4
+	RLIMIT_CPU                    = 0x0
+	RLIMIT_DATA                   = 0x2
+	RLIMIT_FSIZE                  = 0x1
+	RLIMIT_NOFILE                 = 0x5
+	RLIMIT_STACK                  = 0x3
+	RLIM_INFINITY                 = -0x3
+	RTAX_AUTHOR                   = 0x6
+	RTAX_BRD                      = 0x7
+	RTAX_DST                      = 0x0
+	RTAX_GATEWAY                  = 0x1
+	RTAX_GENMASK                  = 0x3
+	RTAX_IFA                      = 0x5
+	RTAX_IFP                      = 0x4
+	RTAX_MAX                      = 0x9
+	RTAX_NETMASK                  = 0x2
+	RTAX_SRC                      = 0x8
+	RTA_AUTHOR                    = 0x40
+	RTA_BRD                       = 0x80
+	RTA_DST                       = 0x1
+	RTA_GATEWAY                   = 0x2
+	RTA_GENMASK                   = 0x8
+	RTA_IFA                       = 0x20
+	RTA_IFP                       = 0x10
+	RTA_NETMASK                   = 0x4
+	RTA_NUMBITS                   = 0x9
+	RTA_SRC                       = 0x100
+	RTF_BLACKHOLE                 = 0x1000
+	RTF_CLONING                   = 0x100
+	RTF_DONE                      = 0x40
+	RTF_DYNAMIC                   = 0x10
+	RTF_GATEWAY                   = 0x2
+	RTF_HOST                      = 0x4
+	RTF_INDIRECT                  = 0x40000
+	RTF_KERNEL                    = 0x80000
+	RTF_LLINFO                    = 0x400
+	RTF_MASK                      = 0x80
+	RTF_MODIFIED                  = 0x20
+	RTF_MULTIRT                   = 0x10000
+	RTF_PRIVATE                   = 0x2000
+	RTF_PROTO1                    = 0x8000
+	RTF_PROTO2                    = 0x4000
+	RTF_REJECT                    = 0x8
+	RTF_SETSRC                    = 0x20000
+	RTF_STATIC                    = 0x800
+	RTF_UP                        = 0x1
+	RTF_XRESOLVE                  = 0x200
+	RTF_ZONE                      = 0x100000
+	RTM_ADD                       = 0x1
+	RTM_CHANGE                    = 0x3
+	RTM_CHGADDR                   = 0xf
+	RTM_DELADDR                   = 0xd
+	RTM_DELETE                    = 0x2
+	RTM_FREEADDR                  = 0x10
+	RTM_GET                       = 0x4
+	RTM_IFINFO                    = 0xe
+	RTM_LOCK                      = 0x8
+	RTM_LOSING                    = 0x5
+	RTM_MISS                      = 0x7
+	RTM_NEWADDR                   = 0xc
+	RTM_OLDADD                    = 0x9
+	RTM_OLDDEL                    = 0xa
+	RTM_REDIRECT                  = 0x6
+	RTM_RESOLVE                   = 0xb
+	RTM_VERSION                   = 0x3
+	RTV_EXPIRE                    = 0x4
+	RTV_HOPCOUNT                  = 0x2
+	RTV_MTU                       = 0x1
+	RTV_RPIPE                     = 0x8
+	RTV_RTT                       = 0x40
+	RTV_RTTVAR                    = 0x80
+	RTV_SPIPE                     = 0x10
+	RTV_SSTHRESH                  = 0x20
+	RT_AWARE                      = 0x1
+	RUSAGE_CHILDREN               = -0x1
+	RUSAGE_SELF                   = 0x0
+	SCM_RIGHTS                    = 0x1010
+	SCM_TIMESTAMP                 = 0x1013
+	SCM_UCRED                     = 0x1012
+	SHUT_RD                       = 0x0
+	SHUT_RDWR                     = 0x2
+	SHUT_WR                       = 0x1
+	SIG2STR_MAX                   = 0x20
+	SIOCADDMULTI                  = -0x7fdf96cf
+	SIOCADDRT                     = -0x7fcf8df6
+	SIOCATMARK                    = 0x40047307
+	SIOCDARP                      = -0x7fdb96e0
+	SIOCDELMULTI                  = -0x7fdf96ce
+	SIOCDELRT                     = -0x7fcf8df5
+	SIOCDXARP                     = -0x7fff9658
+	SIOCGARP                      = -0x3fdb96e1
+	SIOCGDSTINFO                  = -0x3fff965c
+	SIOCGENADDR                   = -0x3fdf96ab
+	SIOCGENPSTATS                 = -0x3fdf96c7
+	SIOCGETLSGCNT                 = -0x3fef8deb
+	SIOCGETNAME                   = 0x40107334
+	SIOCGETPEER                   = 0x40107335
+	SIOCGETPROP                   = -0x3fff8f44
+	SIOCGETSGCNT                  = -0x3feb8deb
+	SIOCGETSYNC                   = -0x3fdf96d3
+	SIOCGETVIFCNT                 = -0x3feb8dec
+	SIOCGHIWAT                    = 0x40047301
+	SIOCGIFADDR                   = -0x3fdf96f3
+	SIOCGIFBRDADDR                = -0x3fdf96e9
+	SIOCGIFCONF                   = -0x3ff796a4
+	SIOCGIFDSTADDR                = -0x3fdf96f1
+	SIOCGIFFLAGS                  = -0x3fdf96ef
+	SIOCGIFHWADDR                 = -0x3fdf9647
+	SIOCGIFINDEX                  = -0x3fdf96a6
+	SIOCGIFMEM                    = -0x3fdf96ed
+	SIOCGIFMETRIC                 = -0x3fdf96e5
+	SIOCGIFMTU                    = -0x3fdf96ea
+	SIOCGIFMUXID                  = -0x3fdf96a8
+	SIOCGIFNETMASK                = -0x3fdf96e7
+	SIOCGIFNUM                    = 0x40046957
+	SIOCGIP6ADDRPOLICY            = -0x3fff965e
+	SIOCGIPMSFILTER               = -0x3ffb964c
+	SIOCGLIFADDR                  = -0x3f87968f
+	SIOCGLIFBINDING               = -0x3f879666
+	SIOCGLIFBRDADDR               = -0x3f879685
+	SIOCGLIFCONF                  = -0x3fef965b
+	SIOCGLIFDADSTATE              = -0x3f879642
+	SIOCGLIFDSTADDR               = -0x3f87968d
+	SIOCGLIFFLAGS                 = -0x3f87968b
+	SIOCGLIFGROUPINFO             = -0x3f4b9663
+	SIOCGLIFGROUPNAME             = -0x3f879664
+	SIOCGLIFHWADDR                = -0x3f879640
+	SIOCGLIFINDEX                 = -0x3f87967b
+	SIOCGLIFLNKINFO               = -0x3f879674
+	SIOCGLIFMETRIC                = -0x3f879681
+	SIOCGLIFMTU                   = -0x3f879686
+	SIOCGLIFMUXID                 = -0x3f87967d
+	SIOCGLIFNETMASK               = -0x3f879683
+	SIOCGLIFNUM                   = -0x3ff3967e
+	SIOCGLIFSRCOF                 = -0x3fef964f
+	SIOCGLIFSUBNET                = -0x3f879676
+	SIOCGLIFTOKEN                 = -0x3f879678
+	SIOCGLIFUSESRC                = -0x3f879651
+	SIOCGLIFZONE                  = -0x3f879656
+	SIOCGLOWAT                    = 0x40047303
+	SIOCGMSFILTER                 = -0x3ffb964e
+	SIOCGPGRP                     = 0x40047309
+	SIOCGSTAMP                    = -0x3fef9646
+	SIOCGXARP                     = -0x3fff9659
+	SIOCIFDETACH                  = -0x7fdf96c8
+	SIOCILB                       = -0x3ffb9645
+	SIOCLIFADDIF                  = -0x3f879691
+	SIOCLIFDELND                  = -0x7f879673
+	SIOCLIFGETND                  = -0x3f879672
+	SIOCLIFREMOVEIF               = -0x7f879692
+	SIOCLIFSETND                  = -0x7f879671
+	SIOCLOWER                     = -0x7fdf96d7
+	SIOCSARP                      = -0x7fdb96e2
+	SIOCSCTPGOPT                  = -0x3fef9653
+	SIOCSCTPPEELOFF               = -0x3ffb9652
+	SIOCSCTPSOPT                  = -0x7fef9654
+	SIOCSENABLESDP                = -0x3ffb9649
+	SIOCSETPROP                   = -0x7ffb8f43
+	SIOCSETSYNC                   = -0x7fdf96d4
+	SIOCSHIWAT                    = -0x7ffb8d00
+	SIOCSIFADDR                   = -0x7fdf96f4
+	SIOCSIFBRDADDR                = -0x7fdf96e8
+	SIOCSIFDSTADDR                = -0x7fdf96f2
+	SIOCSIFFLAGS                  = -0x7fdf96f0
+	SIOCSIFINDEX                  = -0x7fdf96a5
+	SIOCSIFMEM                    = -0x7fdf96ee
+	SIOCSIFMETRIC                 = -0x7fdf96e4
+	SIOCSIFMTU                    = -0x7fdf96eb
+	SIOCSIFMUXID                  = -0x7fdf96a7
+	SIOCSIFNAME                   = -0x7fdf96b7
+	SIOCSIFNETMASK                = -0x7fdf96e6
+	SIOCSIP6ADDRPOLICY            = -0x7fff965d
+	SIOCSIPMSFILTER               = -0x7ffb964b
+	SIOCSLGETREQ                  = -0x3fdf96b9
+	SIOCSLIFADDR                  = -0x7f879690
+	SIOCSLIFBRDADDR               = -0x7f879684
+	SIOCSLIFDSTADDR               = -0x7f87968e
+	SIOCSLIFFLAGS                 = -0x7f87968c
+	SIOCSLIFGROUPNAME             = -0x7f879665
+	SIOCSLIFINDEX                 = -0x7f87967a
+	SIOCSLIFLNKINFO               = -0x7f879675
+	SIOCSLIFMETRIC                = -0x7f879680
+	SIOCSLIFMTU                   = -0x7f879687
+	SIOCSLIFMUXID                 = -0x7f87967c
+	SIOCSLIFNAME                  = -0x3f87967f
+	SIOCSLIFNETMASK               = -0x7f879682
+	SIOCSLIFPREFIX                = -0x3f879641
+	SIOCSLIFSUBNET                = -0x7f879677
+	SIOCSLIFTOKEN                 = -0x7f879679
+	SIOCSLIFUSESRC                = -0x7f879650
+	SIOCSLIFZONE                  = -0x7f879655
+	SIOCSLOWAT                    = -0x7ffb8cfe
+	SIOCSLSTAT                    = -0x7fdf96b8
+	SIOCSMSFILTER                 = -0x7ffb964d
+	SIOCSPGRP                     = -0x7ffb8cf8
+	SIOCSPROMISC                  = -0x7ffb96d0
+	SIOCSQPTR                     = -0x3ffb9648
+	SIOCSSDSTATS                  = -0x3fdf96d2
+	SIOCSSESTATS                  = -0x3fdf96d1
+	SIOCSXARP                     = -0x7fff965a
+	SIOCTMYADDR                   = -0x3ff79670
+	SIOCTMYSITE                   = -0x3ff7966e
+	SIOCTONLINK                   = -0x3ff7966f
+	SIOCUPPER                     = -0x7fdf96d8
+	SIOCX25RCV                    = -0x3fdf96c4
+	SIOCX25TBL                    = -0x3fdf96c3
+	SIOCX25XMT                    = -0x3fdf96c5
+	SIOCXPROTO                    = 0x20007337
+	SOCK_CLOEXEC                  = 0x80000
+	SOCK_DGRAM                    = 0x1
+	SOCK_NDELAY                   = 0x200000
+	SOCK_NONBLOCK                 = 0x100000
+	SOCK_RAW                      = 0x4
+	SOCK_RDM                      = 0x5
+	SOCK_SEQPACKET                = 0x6
+	SOCK_STREAM                   = 0x2
+	SOCK_TYPE_MASK                = 0xffff
+	SOL_FILTER                    = 0xfffc
+	SOL_PACKET                    = 0xfffd
+	SOL_ROUTE                     = 0xfffe
+	SOL_SOCKET                    = 0xffff
+	SOMAXCONN                     = 0x80
+	SO_ACCEPTCONN                 = 0x2
+	SO_ALL                        = 0x3f
+	SO_ALLZONES                   = 0x1014
+	SO_ANON_MLP                   = 0x100a
+	SO_ATTACH_FILTER              = 0x40000001
+	SO_BAND                       = 0x4000
+	SO_BROADCAST                  = 0x20
+	SO_COPYOPT                    = 0x80000
+	SO_DEBUG                      = 0x1
+	SO_DELIM                      = 0x8000
+	SO_DETACH_FILTER              = 0x40000002
+	SO_DGRAM_ERRIND               = 0x200
+	SO_DOMAIN                     = 0x100c
+	SO_DONTLINGER                 = -0x81
+	SO_DONTROUTE                  = 0x10
+	SO_ERROPT                     = 0x40000
+	SO_ERROR                      = 0x1007
+	SO_EXCLBIND                   = 0x1015
+	SO_HIWAT                      = 0x10
+	SO_ISNTTY                     = 0x800
+	SO_ISTTY                      = 0x400
+	SO_KEEPALIVE                  = 0x8
+	SO_LINGER                     = 0x80
+	SO_LOWAT                      = 0x20
+	SO_MAC_EXEMPT                 = 0x100b
+	SO_MAC_IMPLICIT               = 0x1016
+	SO_MAXBLK                     = 0x100000
+	SO_MAXPSZ                     = 0x8
+	SO_MINPSZ                     = 0x4
+	SO_MREADOFF                   = 0x80
+	SO_MREADON                    = 0x40
+	SO_NDELOFF                    = 0x200
+	SO_NDELON                     = 0x100
+	SO_NODELIM                    = 0x10000
+	SO_OOBINLINE                  = 0x100
+	SO_PROTOTYPE                  = 0x1009
+	SO_RCVBUF                     = 0x1002
+	SO_RCVLOWAT                   = 0x1004
+	SO_RCVPSH                     = 0x100d
+	SO_RCVTIMEO                   = 0x1006
+	SO_READOPT                    = 0x1
+	SO_RECVUCRED                  = 0x400
+	SO_REUSEADDR                  = 0x4
+	SO_SECATTR                    = 0x1011
+	SO_SNDBUF                     = 0x1001
+	SO_SNDLOWAT                   = 0x1003
+	SO_SNDTIMEO                   = 0x1005
+	SO_STRHOLD                    = 0x20000
+	SO_TAIL                       = 0x200000
+	SO_TIMESTAMP                  = 0x1013
+	SO_TONSTOP                    = 0x2000
+	SO_TOSTOP                     = 0x1000
+	SO_TYPE                       = 0x1008
+	SO_USELOOPBACK                = 0x40
+	SO_VRRP                       = 0x1017
+	SO_WROFF                      = 0x2
+	S_ENFMT                       = 0x400
+	S_IAMB                        = 0x1ff
+	S_IEXEC                       = 0x40
+	S_IFBLK                       = 0x6000
+	S_IFCHR                       = 0x2000
+	S_IFDIR                       = 0x4000
+	S_IFDOOR                      = 0xd000
+	S_IFIFO                       = 0x1000
+	S_IFLNK                       = 0xa000
+	S_IFMT                        = 0xf000
+	S_IFNAM                       = 0x5000
+	S_IFPORT                      = 0xe000
+	S_IFREG                       = 0x8000
+	S_IFSOCK                      = 0xc000
+	S_INSEM                       = 0x1
+	S_INSHD                       = 0x2
+	S_IREAD                       = 0x100
+	S_IRGRP                       = 0x20
+	S_IROTH                       = 0x4
+	S_IRUSR                       = 0x100
+	S_IRWXG                       = 0x38
+	S_IRWXO                       = 0x7
+	S_IRWXU                       = 0x1c0
+	S_ISGID                       = 0x400
+	S_ISUID                       = 0x800
+	S_ISVTX                       = 0x200
+	S_IWGRP                       = 0x10
+	S_IWOTH                       = 0x2
+	S_IWRITE                      = 0x80
+	S_IWUSR                       = 0x80
+	S_IXGRP                       = 0x8
+	S_IXOTH                       = 0x1
+	S_IXUSR                       = 0x40
+	TAB0                          = 0x0
+	TAB1                          = 0x800
+	TAB2                          = 0x1000
+	TAB3                          = 0x1800
+	TABDLY                        = 0x1800
+	TCFLSH                        = 0x5407
+	TCGETA                        = 0x5401
+	TCGETS                        = 0x540d
+	TCIFLUSH                      = 0x0
+	TCIOFF                        = 0x2
+	TCIOFLUSH                     = 0x2
+	TCION                         = 0x3
+	TCOFLUSH                      = 0x1
+	TCOOFF                        = 0x0
+	TCOON                         = 0x1
+	TCP_ABORT_THRESHOLD           = 0x11
+	TCP_ANONPRIVBIND              = 0x20
+	TCP_CONN_ABORT_THRESHOLD      = 0x13
+	TCP_CONN_NOTIFY_THRESHOLD     = 0x12
+	TCP_CORK                      = 0x18
+	TCP_EXCLBIND                  = 0x21
+	TCP_INIT_CWND                 = 0x15
+	TCP_KEEPALIVE                 = 0x8
+	TCP_KEEPALIVE_ABORT_THRESHOLD = 0x17
+	TCP_KEEPALIVE_THRESHOLD       = 0x16
+	TCP_KEEPCNT                   = 0x23
+	TCP_KEEPIDLE                  = 0x22
+	TCP_KEEPINTVL                 = 0x24
+	TCP_LINGER2                   = 0x1c
+	TCP_MAXSEG                    = 0x2
+	TCP_MSS                       = 0x218
+	TCP_NODELAY                   = 0x1
+	TCP_NOTIFY_THRESHOLD          = 0x10
+	TCP_RECVDSTADDR               = 0x14
+	TCP_RTO_INITIAL               = 0x19
+	TCP_RTO_MAX                   = 0x1b
+	TCP_RTO_MIN                   = 0x1a
+	TCSAFLUSH                     = 0x5410
+	TCSBRK                        = 0x5405
+	TCSETA                        = 0x5402
+	TCSETAF                       = 0x5404
+	TCSETAW                       = 0x5403
+	TCSETS                        = 0x540e
+	TCSETSF                       = 0x5410
+	TCSETSW                       = 0x540f
+	TCXONC                        = 0x5406
+	TIOC                          = 0x5400
+	TIOCCBRK                      = 0x747a
+	TIOCCDTR                      = 0x7478
+	TIOCCILOOP                    = 0x746c
+	TIOCEXCL                      = 0x740d
+	TIOCFLUSH                     = 0x7410
+	TIOCGETC                      = 0x7412
+	TIOCGETD                      = 0x7400
+	TIOCGETP                      = 0x7408
+	TIOCGLTC                      = 0x7474
+	TIOCGPGRP                     = 0x7414
+	TIOCGPPS                      = 0x547d
+	TIOCGPPSEV                    = 0x547f
+	TIOCGSID                      = 0x7416
+	TIOCGSOFTCAR                  = 0x5469
+	TIOCGWINSZ                    = 0x5468
+	TIOCHPCL                      = 0x7402
+	TIOCKBOF                      = 0x5409
+	TIOCKBON                      = 0x5408
+	TIOCLBIC                      = 0x747e
+	TIOCLBIS                      = 0x747f
+	TIOCLGET                      = 0x747c
+	TIOCLSET                      = 0x747d
+	TIOCMBIC                      = 0x741c
+	TIOCMBIS                      = 0x741b
+	TIOCMGET                      = 0x741d
+	TIOCMSET                      = 0x741a
+	TIOCM_CAR                     = 0x40
+	TIOCM_CD                      = 0x40
+	TIOCM_CTS                     = 0x20
+	TIOCM_DSR                     = 0x100
+	TIOCM_DTR                     = 0x2
+	TIOCM_LE                      = 0x1
+	TIOCM_RI                      = 0x80
+	TIOCM_RNG                     = 0x80
+	TIOCM_RTS                     = 0x4
+	TIOCM_SR                      = 0x10
+	TIOCM_ST                      = 0x8
+	TIOCNOTTY                     = 0x7471
+	TIOCNXCL                      = 0x740e
+	TIOCOUTQ                      = 0x7473
+	TIOCREMOTE                    = 0x741e
+	TIOCSBRK                      = 0x747b
+	TIOCSCTTY                     = 0x7484
+	TIOCSDTR                      = 0x7479
+	TIOCSETC                      = 0x7411
+	TIOCSETD                      = 0x7401
+	TIOCSETN                      = 0x740a
+	TIOCSETP                      = 0x7409
+	TIOCSIGNAL                    = 0x741f
+	TIOCSILOOP                    = 0x746d
+	TIOCSLTC                      = 0x7475
+	TIOCSPGRP                     = 0x7415
+	TIOCSPPS                      = 0x547e
+	TIOCSSOFTCAR                  = 0x546a
+	TIOCSTART                     = 0x746e
+	TIOCSTI                       = 0x7417
+	TIOCSTOP                      = 0x746f
+	TIOCSWINSZ                    = 0x5467
+	TOSTOP                        = 0x100
+	UTIME_NOW                     = -0x1
+	UTIME_OMIT                    = -0x2
+	VCEOF                         = 0x8
+	VCEOL                         = 0x9
+	VDISCARD                      = 0xd
+	VDSUSP                        = 0xb
+	VEOF                          = 0x4
+	VEOL                          = 0x5
+	VEOL2                         = 0x6
+	VERASE                        = 0x2
+	VERASE2                       = 0x11
+	VINTR                         = 0x0
+	VKILL                         = 0x3
+	VLNEXT                        = 0xf
+	VMIN                          = 0x4
+	VQUIT                         = 0x1
+	VREPRINT                      = 0xc
+	VSTART                        = 0x8
+	VSTATUS                       = 0x10
+	VSTOP                         = 0x9
+	VSUSP                         = 0xa
+	VSWTCH                        = 0x7
+	VT0                           = 0x0
+	VT1                           = 0x4000
+	VTDLY                         = 0x4000
+	VTIME                         = 0x5
+	VWERASE                       = 0xe
+	WCONTFLG                      = 0xffff
+	WCONTINUED                    = 0x8
+	WCOREFLG                      = 0x80
+	WEXITED                       = 0x1
+	WNOHANG                       = 0x40
+	WNOWAIT                       = 0x80
+	WOPTMASK                      = 0xcf
+	WRAP                          = 0x20000
+	WSIGMASK                      = 0x7f
+	WSTOPFLG                      = 0x7f
+	WSTOPPED                      = 0x4
+	WTRAPPED                      = 0x2
+	WUNTRACED                     = 0x4
+	XCASE                         = 0x4
+	XTABS                         = 0x1800
+)
+
+// Errors
+const (
+	E2BIG           = syscall.Errno(0x7)
+	EACCES          = syscall.Errno(0xd)
+	EADDRINUSE      = syscall.Errno(0x7d)
+	EADDRNOTAVAIL   = syscall.Errno(0x7e)
+	EADV            = syscall.Errno(0x44)
+	EAFNOSUPPORT    = syscall.Errno(0x7c)
+	EAGAIN          = syscall.Errno(0xb)
+	EALREADY        = syscall.Errno(0x95)
+	EBADE           = syscall.Errno(0x32)
+	EBADF           = syscall.Errno(0x9)
+	EBADFD          = syscall.Errno(0x51)
+	EBADMSG         = syscall.Errno(0x4d)
+	EBADR           = syscall.Errno(0x33)
+	EBADRQC         = syscall.Errno(0x36)
+	EBADSLT         = syscall.Errno(0x37)
+	EBFONT          = syscall.Errno(0x39)
+	EBUSY           = syscall.Errno(0x10)
+	ECANCELED       = syscall.Errno(0x2f)
+	ECHILD          = syscall.Errno(0xa)
+	ECHRNG          = syscall.Errno(0x25)
+	ECOMM           = syscall.Errno(0x46)
+	ECONNABORTED    = syscall.Errno(0x82)
+	ECONNREFUSED    = syscall.Errno(0x92)
+	ECONNRESET      = syscall.Errno(0x83)
+	EDEADLK         = syscall.Errno(0x2d)
+	EDEADLOCK       = syscall.Errno(0x38)
+	EDESTADDRREQ    = syscall.Errno(0x60)
+	EDOM            = syscall.Errno(0x21)
+	EDQUOT          = syscall.Errno(0x31)
+	EEXIST          = syscall.Errno(0x11)
+	EFAULT          = syscall.Errno(0xe)
+	EFBIG           = syscall.Errno(0x1b)
+	EHOSTDOWN       = syscall.Errno(0x93)
+	EHOSTUNREACH    = syscall.Errno(0x94)
+	EIDRM           = syscall.Errno(0x24)
+	EILSEQ          = syscall.Errno(0x58)
+	EINPROGRESS     = syscall.Errno(0x96)
+	EINTR           = syscall.Errno(0x4)
+	EINVAL          = syscall.Errno(0x16)
+	EIO             = syscall.Errno(0x5)
+	EISCONN         = syscall.Errno(0x85)
+	EISDIR          = syscall.Errno(0x15)
+	EL2HLT          = syscall.Errno(0x2c)
+	EL2NSYNC        = syscall.Errno(0x26)
+	EL3HLT          = syscall.Errno(0x27)
+	EL3RST          = syscall.Errno(0x28)
+	ELIBACC         = syscall.Errno(0x53)
+	ELIBBAD         = syscall.Errno(0x54)
+	ELIBEXEC        = syscall.Errno(0x57)
+	ELIBMAX         = syscall.Errno(0x56)
+	ELIBSCN         = syscall.Errno(0x55)
+	ELNRNG          = syscall.Errno(0x29)
+	ELOCKUNMAPPED   = syscall.Errno(0x48)
+	ELOOP           = syscall.Errno(0x5a)
+	EMFILE          = syscall.Errno(0x18)
+	EMLINK          = syscall.Errno(0x1f)
+	EMSGSIZE        = syscall.Errno(0x61)
+	EMULTIHOP       = syscall.Errno(0x4a)
+	ENAMETOOLONG    = syscall.Errno(0x4e)
+	ENETDOWN        = syscall.Errno(0x7f)
+	ENETRESET       = syscall.Errno(0x81)
+	ENETUNREACH     = syscall.Errno(0x80)
+	ENFILE          = syscall.Errno(0x17)
+	ENOANO          = syscall.Errno(0x35)
+	ENOBUFS         = syscall.Errno(0x84)
+	ENOCSI          = syscall.Errno(0x2b)
+	ENODATA         = syscall.Errno(0x3d)
+	ENODEV          = syscall.Errno(0x13)
+	ENOENT          = syscall.Errno(0x2)
+	ENOEXEC         = syscall.Errno(0x8)
+	ENOLCK          = syscall.Errno(0x2e)
+	ENOLINK         = syscall.Errno(0x43)
+	ENOMEM          = syscall.Errno(0xc)
+	ENOMSG          = syscall.Errno(0x23)
+	ENONET          = syscall.Errno(0x40)
+	ENOPKG          = syscall.Errno(0x41)
+	ENOPROTOOPT     = syscall.Errno(0x63)
+	ENOSPC          = syscall.Errno(0x1c)
+	ENOSR           = syscall.Errno(0x3f)
+	ENOSTR          = syscall.Errno(0x3c)
+	ENOSYS          = syscall.Errno(0x59)
+	ENOTACTIVE      = syscall.Errno(0x49)
+	ENOTBLK         = syscall.Errno(0xf)
+	ENOTCONN        = syscall.Errno(0x86)
+	ENOTDIR         = syscall.Errno(0x14)
+	ENOTEMPTY       = syscall.Errno(0x5d)
+	ENOTRECOVERABLE = syscall.Errno(0x3b)
+	ENOTSOCK        = syscall.Errno(0x5f)
+	ENOTSUP         = syscall.Errno(0x30)
+	ENOTTY          = syscall.Errno(0x19)
+	ENOTUNIQ        = syscall.Errno(0x50)
+	ENXIO           = syscall.Errno(0x6)
+	EOPNOTSUPP      = syscall.Errno(0x7a)
+	EOVERFLOW       = syscall.Errno(0x4f)
+	EOWNERDEAD      = syscall.Errno(0x3a)
+	EPERM           = syscall.Errno(0x1)
+	EPFNOSUPPORT    = syscall.Errno(0x7b)
+	EPIPE           = syscall.Errno(0x20)
+	EPROTO          = syscall.Errno(0x47)
+	EPROTONOSUPPORT = syscall.Errno(0x78)
+	EPROTOTYPE      = syscall.Errno(0x62)
+	ERANGE          = syscall.Errno(0x22)
+	EREMCHG         = syscall.Errno(0x52)
+	EREMOTE         = syscall.Errno(0x42)
+	ERESTART        = syscall.Errno(0x5b)
+	EROFS           = syscall.Errno(0x1e)
+	ESHUTDOWN       = syscall.Errno(0x8f)
+	ESOCKTNOSUPPORT = syscall.Errno(0x79)
+	ESPIPE          = syscall.Errno(0x1d)
+	ESRCH           = syscall.Errno(0x3)
+	ESRMNT          = syscall.Errno(0x45)
+	ESTALE          = syscall.Errno(0x97)
+	ESTRPIPE        = syscall.Errno(0x5c)
+	ETIME           = syscall.Errno(0x3e)
+	ETIMEDOUT       = syscall.Errno(0x91)
+	ETOOMANYREFS    = syscall.Errno(0x90)
+	ETXTBSY         = syscall.Errno(0x1a)
+	EUNATCH         = syscall.Errno(0x2a)
+	EUSERS          = syscall.Errno(0x5e)
+	EWOULDBLOCK     = syscall.Errno(0xb)
+	EXDEV           = syscall.Errno(0x12)
+	EXFULL          = syscall.Errno(0x34)
+)
+
+// Signals
+const (
+	SIGABRT    = syscall.Signal(0x6)
+	SIGALRM    = syscall.Signal(0xe)
+	SIGBUS     = syscall.Signal(0xa)
+	SIGCANCEL  = syscall.Signal(0x24)
+	SIGCHLD    = syscall.Signal(0x12)
+	SIGCLD     = syscall.Signal(0x12)
+	SIGCONT    = syscall.Signal(0x19)
+	SIGEMT     = syscall.Signal(0x7)
+	SIGFPE     = syscall.Signal(0x8)
+	SIGFREEZE  = syscall.Signal(0x22)
+	SIGHUP     = syscall.Signal(0x1)
+	SIGILL     = syscall.Signal(0x4)
+	SIGINFO    = syscall.Signal(0x29)
+	SIGINT     = syscall.Signal(0x2)
+	SIGIO      = syscall.Signal(0x16)
+	SIGIOT     = syscall.Signal(0x6)
+	SIGJVM1    = syscall.Signal(0x27)
+	SIGJVM2    = syscall.Signal(0x28)
+	SIGKILL    = syscall.Signal(0x9)
+	SIGLOST    = syscall.Signal(0x25)
+	SIGLWP     = syscall.Signal(0x21)
+	SIGPIPE    = syscall.Signal(0xd)
+	SIGPOLL    = syscall.Signal(0x16)
+	SIGPROF    = syscall.Signal(0x1d)
+	SIGPWR     = syscall.Signal(0x13)
+	SIGQUIT    = syscall.Signal(0x3)
+	SIGSEGV    = syscall.Signal(0xb)
+	SIGSTOP    = syscall.Signal(0x17)
+	SIGSYS     = syscall.Signal(0xc)
+	SIGTERM    = syscall.Signal(0xf)
+	SIGTHAW    = syscall.Signal(0x23)
+	SIGTRAP    = syscall.Signal(0x5)
+	SIGTSTP    = syscall.Signal(0x18)
+	SIGTTIN    = syscall.Signal(0x1a)
+	SIGTTOU    = syscall.Signal(0x1b)
+	SIGURG     = syscall.Signal(0x15)
+	SIGUSR1    = syscall.Signal(0x10)
+	SIGUSR2    = syscall.Signal(0x11)
+	SIGVTALRM  = syscall.Signal(0x1c)
+	SIGWAITING = syscall.Signal(0x20)
+	SIGWINCH   = syscall.Signal(0x14)
+	SIGXCPU    = syscall.Signal(0x1e)
+	SIGXFSZ    = syscall.Signal(0x1f)
+	SIGXRES    = syscall.Signal(0x26)
+)
+
+// Error table
+var errorList = [...]struct {
+	num  syscall.Errno
+	name string
+	desc string
+}{
+	{1, "EPERM", "not owner"},
+	{2, "ENOENT", "no such file or directory"},
+	{3, "ESRCH", "no such process"},
+	{4, "EINTR", "interrupted system call"},
+	{5, "EIO", "I/O error"},
+	{6, "ENXIO", "no such device or address"},
+	{7, "E2BIG", "arg list too long"},
+	{8, "ENOEXEC", "exec format error"},
+	{9, "EBADF", "bad file number"},
+	{10, "ECHILD", "no child processes"},
+	{11, "EAGAIN", "resource temporarily unavailable"},
+	{12, "ENOMEM", "not enough space"},
+	{13, "EACCES", "permission denied"},
+	{14, "EFAULT", "bad address"},
+	{15, "ENOTBLK", "block device required"},
+	{16, "EBUSY", "device busy"},
+	{17, "EEXIST", "file exists"},
+	{18, "EXDEV", "cross-device link"},
+	{19, "ENODEV", "no such device"},
+	{20, "ENOTDIR", "not a directory"},
+	{21, "EISDIR", "is a directory"},
+	{22, "EINVAL", "invalid argument"},
+	{23, "ENFILE", "file table overflow"},
+	{24, "EMFILE", "too many open files"},
+	{25, "ENOTTY", "inappropriate ioctl for device"},
+	{26, "ETXTBSY", "text file busy"},
+	{27, "EFBIG", "file too large"},
+	{28, "ENOSPC", "no space left on device"},
+	{29, "ESPIPE", "illegal seek"},
+	{30, "EROFS", "read-only file system"},
+	{31, "EMLINK", "too many links"},
+	{32, "EPIPE", "broken pipe"},
+	{33, "EDOM", "argument out of domain"},
+	{34, "ERANGE", "result too large"},
+	{35, "ENOMSG", "no message of desired type"},
+	{36, "EIDRM", "identifier removed"},
+	{37, "ECHRNG", "channel number out of range"},
+	{38, "EL2NSYNC", "level 2 not synchronized"},
+	{39, "EL3HLT", "level 3 halted"},
+	{40, "EL3RST", "level 3 reset"},
+	{41, "ELNRNG", "link number out of range"},
+	{42, "EUNATCH", "protocol driver not attached"},
+	{43, "ENOCSI", "no CSI structure available"},
+	{44, "EL2HLT", "level 2 halted"},
+	{45, "EDEADLK", "deadlock situation detected/avoided"},
+	{46, "ENOLCK", "no record locks available"},
+	{47, "ECANCELED", "operation canceled"},
+	{48, "ENOTSUP", "operation not supported"},
+	{49, "EDQUOT", "disc quota exceeded"},
+	{50, "EBADE", "bad exchange descriptor"},
+	{51, "EBADR", "bad request descriptor"},
+	{52, "EXFULL", "message tables full"},
+	{53, "ENOANO", "anode table overflow"},
+	{54, "EBADRQC", "bad request code"},
+	{55, "EBADSLT", "invalid slot"},
+	{56, "EDEADLOCK", "file locking deadlock"},
+	{57, "EBFONT", "bad font file format"},
+	{58, "EOWNERDEAD", "owner of the lock died"},
+	{59, "ENOTRECOVERABLE", "lock is not recoverable"},
+	{60, "ENOSTR", "not a stream device"},
+	{61, "ENODATA", "no data available"},
+	{62, "ETIME", "timer expired"},
+	{63, "ENOSR", "out of stream resources"},
+	{64, "ENONET", "machine is not on the network"},
+	{65, "ENOPKG", "package not installed"},
+	{66, "EREMOTE", "object is remote"},
+	{67, "ENOLINK", "link has been severed"},
+	{68, "EADV", "advertise error"},
+	{69, "ESRMNT", "srmount error"},
+	{70, "ECOMM", "communication error on send"},
+	{71, "EPROTO", "protocol error"},
+	{72, "ELOCKUNMAPPED", "locked lock was unmapped "},
+	{73, "ENOTACTIVE", "facility is not active"},
+	{74, "EMULTIHOP", "multihop attempted"},
+	{77, "EBADMSG", "not a data message"},
+	{78, "ENAMETOOLONG", "file name too long"},
+	{79, "EOVERFLOW", "value too large for defined data type"},
+	{80, "ENOTUNIQ", "name not unique on network"},
+	{81, "EBADFD", "file descriptor in bad state"},
+	{82, "EREMCHG", "remote address changed"},
+	{83, "ELIBACC", "can not access a needed shared library"},
+	{84, "ELIBBAD", "accessing a corrupted shared library"},
+	{85, "ELIBSCN", ".lib section in a.out corrupted"},
+	{86, "ELIBMAX", "attempting to link in more shared libraries than system limit"},
+	{87, "ELIBEXEC", "can not exec a shared library directly"},
+	{88, "EILSEQ", "illegal byte sequence"},
+	{89, "ENOSYS", "operation not applicable"},
+	{90, "ELOOP", "number of symbolic links encountered during path name traversal exceeds MAXSYMLINKS"},
+	{91, "ERESTART", "error 91"},
+	{92, "ESTRPIPE", "error 92"},
+	{93, "ENOTEMPTY", "directory not empty"},
+	{94, "EUSERS", "too many users"},
+	{95, "ENOTSOCK", "socket operation on non-socket"},
+	{96, "EDESTADDRREQ", "destination address required"},
+	{97, "EMSGSIZE", "message too long"},
+	{98, "EPROTOTYPE", "protocol wrong type for socket"},
+	{99, "ENOPROTOOPT", "option not supported by protocol"},
+	{120, "EPROTONOSUPPORT", "protocol not supported"},
+	{121, "ESOCKTNOSUPPORT", "socket type not supported"},
+	{122, "EOPNOTSUPP", "operation not supported on transport endpoint"},
+	{123, "EPFNOSUPPORT", "protocol family not supported"},
+	{124, "EAFNOSUPPORT", "address family not supported by protocol family"},
+	{125, "EADDRINUSE", "address already in use"},
+	{126, "EADDRNOTAVAIL", "cannot assign requested address"},
+	{127, "ENETDOWN", "network is down"},
+	{128, "ENETUNREACH", "network is unreachable"},
+	{129, "ENETRESET", "network dropped connection because of reset"},
+	{130, "ECONNABORTED", "software caused connection abort"},
+	{131, "ECONNRESET", "connection reset by peer"},
+	{132, "ENOBUFS", "no buffer space available"},
+	{133, "EISCONN", "transport endpoint is already connected"},
+	{134, "ENOTCONN", "transport endpoint is not connected"},
+	{143, "ESHUTDOWN", "cannot send after socket shutdown"},
+	{144, "ETOOMANYREFS", "too many references: cannot splice"},
+	{145, "ETIMEDOUT", "connection timed out"},
+	{146, "ECONNREFUSED", "connection refused"},
+	{147, "EHOSTDOWN", "host is down"},
+	{148, "EHOSTUNREACH", "no route to host"},
+	{149, "EALREADY", "operation already in progress"},
+	{150, "EINPROGRESS", "operation now in progress"},
+	{151, "ESTALE", "stale NFS file handle"},
+}
+
+// Signal table
+var signalList = [...]struct {
+	num  syscall.Signal
+	name string
+	desc string
+}{
+	{1, "SIGHUP", "hangup"},
+	{2, "SIGINT", "interrupt"},
+	{3, "SIGQUIT", "quit"},
+	{4, "SIGILL", "illegal Instruction"},
+	{5, "SIGTRAP", "trace/Breakpoint Trap"},
+	{6, "SIGABRT", "abort"},
+	{7, "SIGEMT", "emulation Trap"},
+	{8, "SIGFPE", "arithmetic Exception"},
+	{9, "SIGKILL", "killed"},
+	{10, "SIGBUS", "bus Error"},
+	{11, "SIGSEGV", "segmentation Fault"},
+	{12, "SIGSYS", "bad System Call"},
+	{13, "SIGPIPE", "broken Pipe"},
+	{14, "SIGALRM", "alarm Clock"},
+	{15, "SIGTERM", "terminated"},
+	{16, "SIGUSR1", "user Signal 1"},
+	{17, "SIGUSR2", "user Signal 2"},
+	{18, "SIGCHLD", "child Status Changed"},
+	{19, "SIGPWR", "power-Fail/Restart"},
+	{20, "SIGWINCH", "window Size Change"},
+	{21, "SIGURG", "urgent Socket Condition"},
+	{22, "SIGIO", "pollable Event"},
+	{23, "SIGSTOP", "stopped (signal)"},
+	{24, "SIGTSTP", "stopped (user)"},
+	{25, "SIGCONT", "continued"},
+	{26, "SIGTTIN", "stopped (tty input)"},
+	{27, "SIGTTOU", "stopped (tty output)"},
+	{28, "SIGVTALRM", "virtual Timer Expired"},
+	{29, "SIGPROF", "profiling Timer Expired"},
+	{30, "SIGXCPU", "cpu Limit Exceeded"},
+	{31, "SIGXFSZ", "file Size Limit Exceeded"},
+	{32, "SIGWAITING", "no runnable lwp"},
+	{33, "SIGLWP", "inter-lwp signal"},
+	{34, "SIGFREEZE", "checkpoint Freeze"},
+	{35, "SIGTHAW", "checkpoint Thaw"},
+	{36, "SIGCANCEL", "thread Cancellation"},
+	{37, "SIGLOST", "resource Lost"},
+	{38, "SIGXRES", "resource Control Exceeded"},
+	{39, "SIGJVM1", "reserved for JVM 1"},
+	{40, "SIGJVM2", "reserved for JVM 2"},
+	{41, "SIGINFO", "information Request"},
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go
new file mode 100644
index 000000000..89c5920e0
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go
@@ -0,0 +1,41 @@
+// Code generated by linux/mkall.go generatePtracePair("arm", "arm64"). DO NOT EDIT.
+
+// +build linux
+// +build arm arm64
+
+package unix
+
+import "unsafe"
+
+// PtraceRegsArm is the registers used by arm binaries.
+type PtraceRegsArm struct {
+	Uregs [18]uint32
+}
+
+// PtraceGetRegsArm fetches the registers used by arm binaries.
+func PtraceGetRegsArm(pid int, regsout *PtraceRegsArm) error {
+	return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout)))
+}
+
+// PtraceSetRegsArm sets the registers used by arm binaries.
+func PtraceSetRegsArm(pid int, regs *PtraceRegsArm) error {
+	return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs)))
+}
+
+// PtraceRegsArm64 is the registers used by arm64 binaries.
+type PtraceRegsArm64 struct {
+	Regs   [31]uint64
+	Sp     uint64
+	Pc     uint64
+	Pstate uint64
+}
+
+// PtraceGetRegsArm64 fetches the registers used by arm64 binaries.
+func PtraceGetRegsArm64(pid int, regsout *PtraceRegsArm64) error {
+	return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout)))
+}
+
+// PtraceSetRegsArm64 sets the registers used by arm64 binaries.
+func PtraceSetRegsArm64(pid int, regs *PtraceRegsArm64) error {
+	return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs)))
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zptrace_linux_arm64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zptrace_linux_arm64.go
new file mode 100644
index 000000000..6cb6d688a
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zptrace_linux_arm64.go
@@ -0,0 +1,17 @@
+// Code generated by linux/mkall.go generatePtraceRegSet("arm64"). DO NOT EDIT.
+
+package unix
+
+import "unsafe"
+
+// PtraceGetRegSetArm64 fetches the registers used by arm64 binaries.
+func PtraceGetRegSetArm64(pid, addr int, regsout *PtraceRegsArm64) error {
+	iovec := Iovec{(*byte)(unsafe.Pointer(regsout)), uint64(unsafe.Sizeof(*regsout))}
+	return ptrace(PTRACE_GETREGSET, pid, uintptr(addr), uintptr(unsafe.Pointer(&iovec)))
+}
+
+// PtraceSetRegSetArm64 sets the registers used by arm64 binaries.
+func PtraceSetRegSetArm64(pid, addr int, regs *PtraceRegsArm64) error {
+	iovec := Iovec{(*byte)(unsafe.Pointer(regs)), uint64(unsafe.Sizeof(*regs))}
+	return ptrace(PTRACE_SETREGSET, pid, uintptr(addr), uintptr(unsafe.Pointer(&iovec)))
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go
new file mode 100644
index 000000000..24b841eec
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go
@@ -0,0 +1,50 @@
+// Code generated by linux/mkall.go generatePtracePair("mips", "mips64"). DO NOT EDIT.
+
+// +build linux
+// +build mips mips64
+
+package unix
+
+import "unsafe"
+
+// PtraceRegsMips is the registers used by mips binaries.
+type PtraceRegsMips struct {
+	Regs     [32]uint64
+	Lo       uint64
+	Hi       uint64
+	Epc      uint64
+	Badvaddr uint64
+	Status   uint64
+	Cause    uint64
+}
+
+// PtraceGetRegsMips fetches the registers used by mips binaries.
+func PtraceGetRegsMips(pid int, regsout *PtraceRegsMips) error {
+	return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout)))
+}
+
+// PtraceSetRegsMips sets the registers used by mips binaries.
+func PtraceSetRegsMips(pid int, regs *PtraceRegsMips) error {
+	return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs)))
+}
+
+// PtraceRegsMips64 is the registers used by mips64 binaries.
+type PtraceRegsMips64 struct {
+	Regs     [32]uint64
+	Lo       uint64
+	Hi       uint64
+	Epc      uint64
+	Badvaddr uint64
+	Status   uint64
+	Cause    uint64
+}
+
+// PtraceGetRegsMips64 fetches the registers used by mips64 binaries.
+func PtraceGetRegsMips64(pid int, regsout *PtraceRegsMips64) error {
+	return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout)))
+}
+
+// PtraceSetRegsMips64 sets the registers used by mips64 binaries.
+func PtraceSetRegsMips64(pid int, regs *PtraceRegsMips64) error {
+	return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs)))
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go
new file mode 100644
index 000000000..47b048956
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go
@@ -0,0 +1,50 @@
+// Code generated by linux/mkall.go generatePtracePair("mipsle", "mips64le"). DO NOT EDIT.
+
+// +build linux
+// +build mipsle mips64le
+
+package unix
+
+import "unsafe"
+
+// PtraceRegsMipsle is the registers used by mipsle binaries.
+type PtraceRegsMipsle struct {
+	Regs     [32]uint64
+	Lo       uint64
+	Hi       uint64
+	Epc      uint64
+	Badvaddr uint64
+	Status   uint64
+	Cause    uint64
+}
+
+// PtraceGetRegsMipsle fetches the registers used by mipsle binaries.
+func PtraceGetRegsMipsle(pid int, regsout *PtraceRegsMipsle) error {
+	return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout)))
+}
+
+// PtraceSetRegsMipsle sets the registers used by mipsle binaries.
+func PtraceSetRegsMipsle(pid int, regs *PtraceRegsMipsle) error {
+	return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs)))
+}
+
+// PtraceRegsMips64le is the registers used by mips64le binaries.
+type PtraceRegsMips64le struct {
+	Regs     [32]uint64
+	Lo       uint64
+	Hi       uint64
+	Epc      uint64
+	Badvaddr uint64
+	Status   uint64
+	Cause    uint64
+}
+
+// PtraceGetRegsMips64le fetches the registers used by mips64le binaries.
+func PtraceGetRegsMips64le(pid int, regsout *PtraceRegsMips64le) error {
+	return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout)))
+}
+
+// PtraceSetRegsMips64le sets the registers used by mips64le binaries.
+func PtraceSetRegsMips64le(pid int, regs *PtraceRegsMips64le) error {
+	return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs)))
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go
new file mode 100644
index 000000000..ea5d9cb53
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go
@@ -0,0 +1,80 @@
+// Code generated by linux/mkall.go generatePtracePair("386", "amd64"). DO NOT EDIT.
+
+// +build linux
+// +build 386 amd64
+
+package unix
+
+import "unsafe"
+
+// PtraceRegs386 is the registers used by 386 binaries.
+type PtraceRegs386 struct {
+	Ebx      int32
+	Ecx      int32
+	Edx      int32
+	Esi      int32
+	Edi      int32
+	Ebp      int32
+	Eax      int32
+	Xds      int32
+	Xes      int32
+	Xfs      int32
+	Xgs      int32
+	Orig_eax int32
+	Eip      int32
+	Xcs      int32
+	Eflags   int32
+	Esp      int32
+	Xss      int32
+}
+
+// PtraceGetRegs386 fetches the registers used by 386 binaries.
+func PtraceGetRegs386(pid int, regsout *PtraceRegs386) error {
+	return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout)))
+}
+
+// PtraceSetRegs386 sets the registers used by 386 binaries.
+func PtraceSetRegs386(pid int, regs *PtraceRegs386) error {
+	return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs)))
+}
+
+// PtraceRegsAmd64 is the registers used by amd64 binaries.
+type PtraceRegsAmd64 struct {
+	R15      uint64
+	R14      uint64
+	R13      uint64
+	R12      uint64
+	Rbp      uint64
+	Rbx      uint64
+	R11      uint64
+	R10      uint64
+	R9       uint64
+	R8       uint64
+	Rax      uint64
+	Rcx      uint64
+	Rdx      uint64
+	Rsi      uint64
+	Rdi      uint64
+	Orig_rax uint64
+	Rip      uint64
+	Cs       uint64
+	Eflags   uint64
+	Rsp      uint64
+	Ss       uint64
+	Fs_base  uint64
+	Gs_base  uint64
+	Ds       uint64
+	Es       uint64
+	Fs       uint64
+	Gs       uint64
+}
+
+// PtraceGetRegsAmd64 fetches the registers used by amd64 binaries.
+func PtraceGetRegsAmd64(pid int, regsout *PtraceRegsAmd64) error {
+	return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout)))
+}
+
+// PtraceSetRegsAmd64 sets the registers used by amd64 binaries.
+func PtraceSetRegsAmd64(pid int, regs *PtraceRegsAmd64) error {
+	return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs)))
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go
new file mode 100644
index 000000000..ed657ff1b
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go
@@ -0,0 +1,1484 @@
+// go run mksyscall_aix_ppc.go -aix -tags aix,ppc syscall_aix.go syscall_aix_ppc.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build aix,ppc
+
+package unix
+
+/*
+#include <stdint.h>
+#include <stddef.h>
+int utimes(uintptr_t, uintptr_t);
+int utimensat(int, uintptr_t, uintptr_t, int);
+int getcwd(uintptr_t, size_t);
+int accept(int, uintptr_t, uintptr_t);
+int getdirent(int, uintptr_t, size_t);
+int wait4(int, uintptr_t, int, uintptr_t);
+int ioctl(int, int, uintptr_t);
+int fcntl(uintptr_t, int, uintptr_t);
+int acct(uintptr_t);
+int chdir(uintptr_t);
+int chroot(uintptr_t);
+int close(int);
+int dup(int);
+void exit(int);
+int faccessat(int, uintptr_t, unsigned int, int);
+int fchdir(int);
+int fchmod(int, unsigned int);
+int fchmodat(int, uintptr_t, unsigned int, int);
+int fchownat(int, uintptr_t, int, int, int);
+int fdatasync(int);
+int fsync(int);
+int getpgid(int);
+int getpgrp();
+int getpid();
+int getppid();
+int getpriority(int, int);
+int getrusage(int, uintptr_t);
+int getsid(int);
+int kill(int, int);
+int syslog(int, uintptr_t, size_t);
+int mkdir(int, uintptr_t, unsigned int);
+int mkdirat(int, uintptr_t, unsigned int);
+int mkfifo(uintptr_t, unsigned int);
+int mknod(uintptr_t, unsigned int, int);
+int mknodat(int, uintptr_t, unsigned int, int);
+int nanosleep(uintptr_t, uintptr_t);
+int open64(uintptr_t, int, unsigned int);
+int openat(int, uintptr_t, int, unsigned int);
+int read(int, uintptr_t, size_t);
+int readlink(uintptr_t, uintptr_t, size_t);
+int renameat(int, uintptr_t, int, uintptr_t);
+int setdomainname(uintptr_t, size_t);
+int sethostname(uintptr_t, size_t);
+int setpgid(int, int);
+int setsid();
+int settimeofday(uintptr_t);
+int setuid(int);
+int setgid(int);
+int setpriority(int, int, int);
+int statx(int, uintptr_t, int, int, uintptr_t);
+int sync();
+uintptr_t times(uintptr_t);
+int umask(int);
+int uname(uintptr_t);
+int unlink(uintptr_t);
+int unlinkat(int, uintptr_t, int);
+int ustat(int, uintptr_t);
+int write(int, uintptr_t, size_t);
+int dup2(int, int);
+int posix_fadvise64(int, long long, long long, int);
+int fchown(int, int, int);
+int fstat(int, uintptr_t);
+int fstatat(int, uintptr_t, uintptr_t, int);
+int fstatfs(int, uintptr_t);
+int ftruncate(int, long long);
+int getegid();
+int geteuid();
+int getgid();
+int getuid();
+int lchown(uintptr_t, int, int);
+int listen(int, int);
+int lstat(uintptr_t, uintptr_t);
+int pause();
+int pread64(int, uintptr_t, size_t, long long);
+int pwrite64(int, uintptr_t, size_t, long long);
+#define c_select select
+int select(int, uintptr_t, uintptr_t, uintptr_t, uintptr_t);
+int pselect(int, uintptr_t, uintptr_t, uintptr_t, uintptr_t, uintptr_t);
+int setregid(int, int);
+int setreuid(int, int);
+int shutdown(int, int);
+long long splice(int, uintptr_t, int, uintptr_t, int, int);
+int stat(uintptr_t, uintptr_t);
+int statfs(uintptr_t, uintptr_t);
+int truncate(uintptr_t, long long);
+int bind(int, uintptr_t, uintptr_t);
+int connect(int, uintptr_t, uintptr_t);
+int getgroups(int, uintptr_t);
+int setgroups(int, uintptr_t);
+int getsockopt(int, int, int, uintptr_t, uintptr_t);
+int setsockopt(int, int, int, uintptr_t, uintptr_t);
+int socket(int, int, int);
+int socketpair(int, int, int, uintptr_t);
+int getpeername(int, uintptr_t, uintptr_t);
+int getsockname(int, uintptr_t, uintptr_t);
+int recvfrom(int, uintptr_t, size_t, int, uintptr_t, uintptr_t);
+int sendto(int, uintptr_t, size_t, int, uintptr_t, uintptr_t);
+int nrecvmsg(int, uintptr_t, int);
+int nsendmsg(int, uintptr_t, int);
+int munmap(uintptr_t, uintptr_t);
+int madvise(uintptr_t, size_t, int);
+int mprotect(uintptr_t, size_t, int);
+int mlock(uintptr_t, size_t);
+int mlockall(int);
+int msync(uintptr_t, size_t, int);
+int munlock(uintptr_t, size_t);
+int munlockall();
+int pipe(uintptr_t);
+int poll(uintptr_t, int, int);
+int gettimeofday(uintptr_t, uintptr_t);
+int time(uintptr_t);
+int utime(uintptr_t, uintptr_t);
+unsigned long long getsystemcfg(int);
+int umount(uintptr_t);
+int getrlimit64(int, uintptr_t);
+int setrlimit64(int, uintptr_t);
+long long lseek64(int, long long, int);
+uintptr_t mmap(uintptr_t, uintptr_t, int, int, int, long long);
+
+*/
+import "C"
+import (
+	"unsafe"
+)
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimes(path string, times *[2]Timeval) (err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(path)))
+	r0, er := C.utimes(C.uintptr_t(_p0), C.uintptr_t(uintptr(unsafe.Pointer(times))))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimensat(dirfd int, path string, times *[2]Timespec, flag int) (err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(path)))
+	r0, er := C.utimensat(C.int(dirfd), C.uintptr_t(_p0), C.uintptr_t(uintptr(unsafe.Pointer(times))), C.int(flag))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getcwd(buf []byte) (err error) {
+	var _p0 *byte
+	if len(buf) > 0 {
+		_p0 = &buf[0]
+	}
+	var _p1 int
+	_p1 = len(buf)
+	r0, er := C.getcwd(C.uintptr_t(uintptr(unsafe.Pointer(_p0))), C.size_t(_p1))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
+	r0, er := C.accept(C.int(s), C.uintptr_t(uintptr(unsafe.Pointer(rsa))), C.uintptr_t(uintptr(unsafe.Pointer(addrlen))))
+	fd = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getdirent(fd int, buf []byte) (n int, err error) {
+	var _p0 *byte
+	if len(buf) > 0 {
+		_p0 = &buf[0]
+	}
+	var _p1 int
+	_p1 = len(buf)
+	r0, er := C.getdirent(C.int(fd), C.uintptr_t(uintptr(unsafe.Pointer(_p0))), C.size_t(_p1))
+	n = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func wait4(pid Pid_t, status *_C_int, options int, rusage *Rusage) (wpid Pid_t, err error) {
+	r0, er := C.wait4(C.int(pid), C.uintptr_t(uintptr(unsafe.Pointer(status))), C.int(options), C.uintptr_t(uintptr(unsafe.Pointer(rusage))))
+	wpid = Pid_t(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ioctl(fd int, req uint, arg uintptr) (err error) {
+	r0, er := C.ioctl(C.int(fd), C.int(req), C.uintptr_t(arg))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func FcntlInt(fd uintptr, cmd int, arg int) (r int, err error) {
+	r0, er := C.fcntl(C.uintptr_t(fd), C.int(cmd), C.uintptr_t(arg))
+	r = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func FcntlFlock(fd uintptr, cmd int, lk *Flock_t) (err error) {
+	r0, er := C.fcntl(C.uintptr_t(fd), C.int(cmd), C.uintptr_t(uintptr(unsafe.Pointer(lk))))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fcntl(fd int, cmd int, arg int) (val int, err error) {
+	r0, er := C.fcntl(C.uintptr_t(fd), C.int(cmd), C.uintptr_t(arg))
+	val = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Acct(path string) (err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(path)))
+	r0, er := C.acct(C.uintptr_t(_p0))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chdir(path string) (err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(path)))
+	r0, er := C.chdir(C.uintptr_t(_p0))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chroot(path string) (err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(path)))
+	r0, er := C.chroot(C.uintptr_t(_p0))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Close(fd int) (err error) {
+	r0, er := C.close(C.int(fd))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup(oldfd int) (fd int, err error) {
+	r0, er := C.dup(C.int(oldfd))
+	fd = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Exit(code int) {
+	C.exit(C.int(code))
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(path)))
+	r0, er := C.faccessat(C.int(dirfd), C.uintptr_t(_p0), C.uint(mode), C.int(flags))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchdir(fd int) (err error) {
+	r0, er := C.fchdir(C.int(fd))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmod(fd int, mode uint32) (err error) {
+	r0, er := C.fchmod(C.int(fd), C.uint(mode))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(path)))
+	r0, er := C.fchmodat(C.int(dirfd), C.uintptr_t(_p0), C.uint(mode), C.int(flags))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(path)))
+	r0, er := C.fchownat(C.int(dirfd), C.uintptr_t(_p0), C.int(uid), C.int(gid), C.int(flags))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fdatasync(fd int) (err error) {
+	r0, er := C.fdatasync(C.int(fd))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fsync(fd int) (err error) {
+	r0, er := C.fsync(C.int(fd))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgid(pid int) (pgid int, err error) {
+	r0, er := C.getpgid(C.int(pid))
+	pgid = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgrp() (pid int) {
+	r0, _ := C.getpgrp()
+	pid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpid() (pid int) {
+	r0, _ := C.getpid()
+	pid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getppid() (ppid int) {
+	r0, _ := C.getppid()
+	ppid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpriority(which int, who int) (prio int, err error) {
+	r0, er := C.getpriority(C.int(which), C.int(who))
+	prio = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrusage(who int, rusage *Rusage) (err error) {
+	r0, er := C.getrusage(C.int(who), C.uintptr_t(uintptr(unsafe.Pointer(rusage))))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getsid(pid int) (sid int, err error) {
+	r0, er := C.getsid(C.int(pid))
+	sid = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Kill(pid int, sig Signal) (err error) {
+	r0, er := C.kill(C.int(pid), C.int(sig))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Klogctl(typ int, buf []byte) (n int, err error) {
+	var _p0 *byte
+	if len(buf) > 0 {
+		_p0 = &buf[0]
+	}
+	var _p1 int
+	_p1 = len(buf)
+	r0, er := C.syslog(C.int(typ), C.uintptr_t(uintptr(unsafe.Pointer(_p0))), C.size_t(_p1))
+	n = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdir(dirfd int, path string, mode uint32) (err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(path)))
+	r0, er := C.mkdir(C.int(dirfd), C.uintptr_t(_p0), C.uint(mode))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdirat(dirfd int, path string, mode uint32) (err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(path)))
+	r0, er := C.mkdirat(C.int(dirfd), C.uintptr_t(_p0), C.uint(mode))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkfifo(path string, mode uint32) (err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(path)))
+	r0, er := C.mkfifo(C.uintptr_t(_p0), C.uint(mode))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mknod(path string, mode uint32, dev int) (err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(path)))
+	r0, er := C.mknod(C.uintptr_t(_p0), C.uint(mode), C.int(dev))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(path)))
+	r0, er := C.mknodat(C.int(dirfd), C.uintptr_t(_p0), C.uint(mode), C.int(dev))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
+	r0, er := C.nanosleep(C.uintptr_t(uintptr(unsafe.Pointer(time))), C.uintptr_t(uintptr(unsafe.Pointer(leftover))))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Open(path string, mode int, perm uint32) (fd int, err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(path)))
+	r0, er := C.open64(C.uintptr_t(_p0), C.int(mode), C.uint(perm))
+	fd = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(path)))
+	r0, er := C.openat(C.int(dirfd), C.uintptr_t(_p0), C.int(flags), C.uint(mode))
+	fd = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func read(fd int, p []byte) (n int, err error) {
+	var _p0 *byte
+	if len(p) > 0 {
+		_p0 = &p[0]
+	}
+	var _p1 int
+	_p1 = len(p)
+	r0, er := C.read(C.int(fd), C.uintptr_t(uintptr(unsafe.Pointer(_p0))), C.size_t(_p1))
+	n = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Readlink(path string, buf []byte) (n int, err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(path)))
+	var _p1 *byte
+	if len(buf) > 0 {
+		_p1 = &buf[0]
+	}
+	var _p2 int
+	_p2 = len(buf)
+	r0, er := C.readlink(C.uintptr_t(_p0), C.uintptr_t(uintptr(unsafe.Pointer(_p1))), C.size_t(_p2))
+	n = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(oldpath)))
+	_p1 := uintptr(unsafe.Pointer(C.CString(newpath)))
+	r0, er := C.renameat(C.int(olddirfd), C.uintptr_t(_p0), C.int(newdirfd), C.uintptr_t(_p1))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setdomainname(p []byte) (err error) {
+	var _p0 *byte
+	if len(p) > 0 {
+		_p0 = &p[0]
+	}
+	var _p1 int
+	_p1 = len(p)
+	r0, er := C.setdomainname(C.uintptr_t(uintptr(unsafe.Pointer(_p0))), C.size_t(_p1))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Sethostname(p []byte) (err error) {
+	var _p0 *byte
+	if len(p) > 0 {
+		_p0 = &p[0]
+	}
+	var _p1 int
+	_p1 = len(p)
+	r0, er := C.sethostname(C.uintptr_t(uintptr(unsafe.Pointer(_p0))), C.size_t(_p1))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpgid(pid int, pgid int) (err error) {
+	r0, er := C.setpgid(C.int(pid), C.int(pgid))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setsid() (pid int, err error) {
+	r0, er := C.setsid()
+	pid = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Settimeofday(tv *Timeval) (err error) {
+	r0, er := C.settimeofday(C.uintptr_t(uintptr(unsafe.Pointer(tv))))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setuid(uid int) (err error) {
+	r0, er := C.setuid(C.int(uid))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setgid(uid int) (err error) {
+	r0, er := C.setgid(C.int(uid))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpriority(which int, who int, prio int) (err error) {
+	r0, er := C.setpriority(C.int(which), C.int(who), C.int(prio))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Statx(dirfd int, path string, flags int, mask int, stat *Statx_t) (err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(path)))
+	r0, er := C.statx(C.int(dirfd), C.uintptr_t(_p0), C.int(flags), C.int(mask), C.uintptr_t(uintptr(unsafe.Pointer(stat))))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Sync() {
+	C.sync()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Times(tms *Tms) (ticks uintptr, err error) {
+	r0, er := C.times(C.uintptr_t(uintptr(unsafe.Pointer(tms))))
+	ticks = uintptr(r0)
+	if uintptr(r0) == ^uintptr(0) && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Umask(mask int) (oldmask int) {
+	r0, _ := C.umask(C.int(mask))
+	oldmask = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Uname(buf *Utsname) (err error) {
+	r0, er := C.uname(C.uintptr_t(uintptr(unsafe.Pointer(buf))))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlink(path string) (err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(path)))
+	r0, er := C.unlink(C.uintptr_t(_p0))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlinkat(dirfd int, path string, flags int) (err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(path)))
+	r0, er := C.unlinkat(C.int(dirfd), C.uintptr_t(_p0), C.int(flags))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ustat(dev int, ubuf *Ustat_t) (err error) {
+	r0, er := C.ustat(C.int(dev), C.uintptr_t(uintptr(unsafe.Pointer(ubuf))))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func write(fd int, p []byte) (n int, err error) {
+	var _p0 *byte
+	if len(p) > 0 {
+		_p0 = &p[0]
+	}
+	var _p1 int
+	_p1 = len(p)
+	r0, er := C.write(C.int(fd), C.uintptr_t(uintptr(unsafe.Pointer(_p0))), C.size_t(_p1))
+	n = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func readlen(fd int, p *byte, np int) (n int, err error) {
+	r0, er := C.read(C.int(fd), C.uintptr_t(uintptr(unsafe.Pointer(p))), C.size_t(np))
+	n = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func writelen(fd int, p *byte, np int) (n int, err error) {
+	r0, er := C.write(C.int(fd), C.uintptr_t(uintptr(unsafe.Pointer(p))), C.size_t(np))
+	n = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup2(oldfd int, newfd int) (err error) {
+	r0, er := C.dup2(C.int(oldfd), C.int(newfd))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fadvise(fd int, offset int64, length int64, advice int) (err error) {
+	r0, er := C.posix_fadvise64(C.int(fd), C.longlong(offset), C.longlong(length), C.int(advice))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchown(fd int, uid int, gid int) (err error) {
+	r0, er := C.fchown(C.int(fd), C.int(uid), C.int(gid))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fstat(fd int, stat *Stat_t) (err error) {
+	r0, er := C.fstat(C.int(fd), C.uintptr_t(uintptr(unsafe.Pointer(stat))))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fstatat(dirfd int, path string, stat *Stat_t, flags int) (err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(path)))
+	r0, er := C.fstatat(C.int(dirfd), C.uintptr_t(_p0), C.uintptr_t(uintptr(unsafe.Pointer(stat))), C.int(flags))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatfs(fd int, buf *Statfs_t) (err error) {
+	r0, er := C.fstatfs(C.int(fd), C.uintptr_t(uintptr(unsafe.Pointer(buf))))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ftruncate(fd int, length int64) (err error) {
+	r0, er := C.ftruncate(C.int(fd), C.longlong(length))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getegid() (egid int) {
+	r0, _ := C.getegid()
+	egid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Geteuid() (euid int) {
+	r0, _ := C.geteuid()
+	euid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getgid() (gid int) {
+	r0, _ := C.getgid()
+	gid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getuid() (uid int) {
+	r0, _ := C.getuid()
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lchown(path string, uid int, gid int) (err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(path)))
+	r0, er := C.lchown(C.uintptr_t(_p0), C.int(uid), C.int(gid))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Listen(s int, n int) (err error) {
+	r0, er := C.listen(C.int(s), C.int(n))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func lstat(path string, stat *Stat_t) (err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(path)))
+	r0, er := C.lstat(C.uintptr_t(_p0), C.uintptr_t(uintptr(unsafe.Pointer(stat))))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pause() (err error) {
+	r0, er := C.pause()
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pread(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 *byte
+	if len(p) > 0 {
+		_p0 = &p[0]
+	}
+	var _p1 int
+	_p1 = len(p)
+	r0, er := C.pread64(C.int(fd), C.uintptr_t(uintptr(unsafe.Pointer(_p0))), C.size_t(_p1), C.longlong(offset))
+	n = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 *byte
+	if len(p) > 0 {
+		_p0 = &p[0]
+	}
+	var _p1 int
+	_p1 = len(p)
+	r0, er := C.pwrite64(C.int(fd), C.uintptr_t(uintptr(unsafe.Pointer(_p0))), C.size_t(_p1), C.longlong(offset))
+	n = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, er := C.c_select(C.int(nfd), C.uintptr_t(uintptr(unsafe.Pointer(r))), C.uintptr_t(uintptr(unsafe.Pointer(w))), C.uintptr_t(uintptr(unsafe.Pointer(e))), C.uintptr_t(uintptr(unsafe.Pointer(timeout))))
+	n = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pselect(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
+	r0, er := C.pselect(C.int(nfd), C.uintptr_t(uintptr(unsafe.Pointer(r))), C.uintptr_t(uintptr(unsafe.Pointer(w))), C.uintptr_t(uintptr(unsafe.Pointer(e))), C.uintptr_t(uintptr(unsafe.Pointer(timeout))), C.uintptr_t(uintptr(unsafe.Pointer(sigmask))))
+	n = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setregid(rgid int, egid int) (err error) {
+	r0, er := C.setregid(C.int(rgid), C.int(egid))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setreuid(ruid int, euid int) (err error) {
+	r0, er := C.setreuid(C.int(ruid), C.int(euid))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Shutdown(fd int, how int) (err error) {
+	r0, er := C.shutdown(C.int(fd), C.int(how))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error) {
+	r0, er := C.splice(C.int(rfd), C.uintptr_t(uintptr(unsafe.Pointer(roff))), C.int(wfd), C.uintptr_t(uintptr(unsafe.Pointer(woff))), C.int(len), C.int(flags))
+	n = int64(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func stat(path string, statptr *Stat_t) (err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(path)))
+	r0, er := C.stat(C.uintptr_t(_p0), C.uintptr_t(uintptr(unsafe.Pointer(statptr))))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Statfs(path string, buf *Statfs_t) (err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(path)))
+	r0, er := C.statfs(C.uintptr_t(_p0), C.uintptr_t(uintptr(unsafe.Pointer(buf))))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Truncate(path string, length int64) (err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(path)))
+	r0, er := C.truncate(C.uintptr_t(_p0), C.longlong(length))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	r0, er := C.bind(C.int(s), C.uintptr_t(uintptr(addr)), C.uintptr_t(uintptr(addrlen)))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	r0, er := C.connect(C.int(s), C.uintptr_t(uintptr(addr)), C.uintptr_t(uintptr(addrlen)))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getgroups(n int, list *_Gid_t) (nn int, err error) {
+	r0, er := C.getgroups(C.int(n), C.uintptr_t(uintptr(unsafe.Pointer(list))))
+	nn = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setgroups(n int, list *_Gid_t) (err error) {
+	r0, er := C.setgroups(C.int(n), C.uintptr_t(uintptr(unsafe.Pointer(list))))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
+	r0, er := C.getsockopt(C.int(s), C.int(level), C.int(name), C.uintptr_t(uintptr(val)), C.uintptr_t(uintptr(unsafe.Pointer(vallen))))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
+	r0, er := C.setsockopt(C.int(s), C.int(level), C.int(name), C.uintptr_t(uintptr(val)), C.uintptr_t(vallen))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socket(domain int, typ int, proto int) (fd int, err error) {
+	r0, er := C.socket(C.int(domain), C.int(typ), C.int(proto))
+	fd = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
+	r0, er := C.socketpair(C.int(domain), C.int(typ), C.int(proto), C.uintptr_t(uintptr(unsafe.Pointer(fd))))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	r0, er := C.getpeername(C.int(fd), C.uintptr_t(uintptr(unsafe.Pointer(rsa))), C.uintptr_t(uintptr(unsafe.Pointer(addrlen))))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	r0, er := C.getsockname(C.int(fd), C.uintptr_t(uintptr(unsafe.Pointer(rsa))), C.uintptr_t(uintptr(unsafe.Pointer(addrlen))))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
+	var _p0 *byte
+	if len(p) > 0 {
+		_p0 = &p[0]
+	}
+	var _p1 int
+	_p1 = len(p)
+	r0, er := C.recvfrom(C.int(fd), C.uintptr_t(uintptr(unsafe.Pointer(_p0))), C.size_t(_p1), C.int(flags), C.uintptr_t(uintptr(unsafe.Pointer(from))), C.uintptr_t(uintptr(unsafe.Pointer(fromlen))))
+	n = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) {
+	var _p0 *byte
+	if len(buf) > 0 {
+		_p0 = &buf[0]
+	}
+	var _p1 int
+	_p1 = len(buf)
+	r0, er := C.sendto(C.int(s), C.uintptr_t(uintptr(unsafe.Pointer(_p0))), C.size_t(_p1), C.int(flags), C.uintptr_t(uintptr(to)), C.uintptr_t(uintptr(addrlen)))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, er := C.nrecvmsg(C.int(s), C.uintptr_t(uintptr(unsafe.Pointer(msg))), C.int(flags))
+	n = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, er := C.nsendmsg(C.int(s), C.uintptr_t(uintptr(unsafe.Pointer(msg))), C.int(flags))
+	n = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func munmap(addr uintptr, length uintptr) (err error) {
+	r0, er := C.munmap(C.uintptr_t(addr), C.uintptr_t(length))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Madvise(b []byte, advice int) (err error) {
+	var _p0 *byte
+	if len(b) > 0 {
+		_p0 = &b[0]
+	}
+	var _p1 int
+	_p1 = len(b)
+	r0, er := C.madvise(C.uintptr_t(uintptr(unsafe.Pointer(_p0))), C.size_t(_p1), C.int(advice))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mprotect(b []byte, prot int) (err error) {
+	var _p0 *byte
+	if len(b) > 0 {
+		_p0 = &b[0]
+	}
+	var _p1 int
+	_p1 = len(b)
+	r0, er := C.mprotect(C.uintptr_t(uintptr(unsafe.Pointer(_p0))), C.size_t(_p1), C.int(prot))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlock(b []byte) (err error) {
+	var _p0 *byte
+	if len(b) > 0 {
+		_p0 = &b[0]
+	}
+	var _p1 int
+	_p1 = len(b)
+	r0, er := C.mlock(C.uintptr_t(uintptr(unsafe.Pointer(_p0))), C.size_t(_p1))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlockall(flags int) (err error) {
+	r0, er := C.mlockall(C.int(flags))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Msync(b []byte, flags int) (err error) {
+	var _p0 *byte
+	if len(b) > 0 {
+		_p0 = &b[0]
+	}
+	var _p1 int
+	_p1 = len(b)
+	r0, er := C.msync(C.uintptr_t(uintptr(unsafe.Pointer(_p0))), C.size_t(_p1), C.int(flags))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlock(b []byte) (err error) {
+	var _p0 *byte
+	if len(b) > 0 {
+		_p0 = &b[0]
+	}
+	var _p1 int
+	_p1 = len(b)
+	r0, er := C.munlock(C.uintptr_t(uintptr(unsafe.Pointer(_p0))), C.size_t(_p1))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlockall() (err error) {
+	r0, er := C.munlockall()
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pipe(p *[2]_C_int) (err error) {
+	r0, er := C.pipe(C.uintptr_t(uintptr(unsafe.Pointer(p))))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
+	r0, er := C.poll(C.uintptr_t(uintptr(unsafe.Pointer(fds))), C.int(nfds), C.int(timeout))
+	n = int(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func gettimeofday(tv *Timeval, tzp *Timezone) (err error) {
+	r0, er := C.gettimeofday(C.uintptr_t(uintptr(unsafe.Pointer(tv))), C.uintptr_t(uintptr(unsafe.Pointer(tzp))))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Time(t *Time_t) (tt Time_t, err error) {
+	r0, er := C.time(C.uintptr_t(uintptr(unsafe.Pointer(t))))
+	tt = Time_t(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Utime(path string, buf *Utimbuf) (err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(path)))
+	r0, er := C.utime(C.uintptr_t(_p0), C.uintptr_t(uintptr(unsafe.Pointer(buf))))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getsystemcfg(label int) (n uint64) {
+	r0, _ := C.getsystemcfg(C.int(label))
+	n = uint64(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func umount(target string) (err error) {
+	_p0 := uintptr(unsafe.Pointer(C.CString(target)))
+	r0, er := C.umount(C.uintptr_t(_p0))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrlimit(resource int, rlim *Rlimit) (err error) {
+	r0, er := C.getrlimit64(C.int(resource), C.uintptr_t(uintptr(unsafe.Pointer(rlim))))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setrlimit(resource int, rlim *Rlimit) (err error) {
+	r0, er := C.setrlimit64(C.int(resource), C.uintptr_t(uintptr(unsafe.Pointer(rlim))))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seek(fd int, offset int64, whence int) (off int64, err error) {
+	r0, er := C.lseek64(C.int(fd), C.longlong(offset), C.int(whence))
+	off = int64(r0)
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mmap(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (xaddr uintptr, err error) {
+	r0, er := C.mmap(C.uintptr_t(addr), C.uintptr_t(length), C.int(prot), C.int(flags), C.int(fd), C.longlong(offset))
+	xaddr = uintptr(r0)
+	if uintptr(r0) == ^uintptr(0) && er != nil {
+		err = er
+	}
+	return
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go
new file mode 100644
index 000000000..664b293b4
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go
@@ -0,0 +1,1442 @@
+// go run mksyscall_aix_ppc64.go -aix -tags aix,ppc64 syscall_aix.go syscall_aix_ppc64.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build aix,ppc64
+
+package unix
+
+import (
+	"unsafe"
+)
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimes(path string, times *[2]Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, e1 := callutimes(uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimensat(dirfd int, path string, times *[2]Timespec, flag int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, e1 := callutimensat(dirfd, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), flag)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getcwd(buf []byte) (err error) {
+	var _p0 *byte
+	if len(buf) > 0 {
+		_p0 = &buf[0]
+	}
+	_, e1 := callgetcwd(uintptr(unsafe.Pointer(_p0)), len(buf))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
+	r0, e1 := callaccept(s, uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getdirent(fd int, buf []byte) (n int, err error) {
+	var _p0 *byte
+	if len(buf) > 0 {
+		_p0 = &buf[0]
+	}
+	r0, e1 := callgetdirent(fd, uintptr(unsafe.Pointer(_p0)), len(buf))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func wait4(pid Pid_t, status *_C_int, options int, rusage *Rusage) (wpid Pid_t, err error) {
+	r0, e1 := callwait4(int(pid), uintptr(unsafe.Pointer(status)), options, uintptr(unsafe.Pointer(rusage)))
+	wpid = Pid_t(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ioctl(fd int, req uint, arg uintptr) (err error) {
+	_, e1 := callioctl(fd, int(req), arg)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func FcntlInt(fd uintptr, cmd int, arg int) (r int, err error) {
+	r0, e1 := callfcntl(fd, cmd, uintptr(arg))
+	r = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func FcntlFlock(fd uintptr, cmd int, lk *Flock_t) (err error) {
+	_, e1 := callfcntl(fd, cmd, uintptr(unsafe.Pointer(lk)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fcntl(fd int, cmd int, arg int) (val int, err error) {
+	r0, e1 := callfcntl(uintptr(fd), cmd, uintptr(arg))
+	val = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Acct(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, e1 := callacct(uintptr(unsafe.Pointer(_p0)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chdir(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, e1 := callchdir(uintptr(unsafe.Pointer(_p0)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chroot(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, e1 := callchroot(uintptr(unsafe.Pointer(_p0)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Close(fd int) (err error) {
+	_, e1 := callclose(fd)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup(oldfd int) (fd int, err error) {
+	r0, e1 := calldup(oldfd)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Exit(code int) {
+	callexit(code)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, e1 := callfaccessat(dirfd, uintptr(unsafe.Pointer(_p0)), mode, flags)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchdir(fd int) (err error) {
+	_, e1 := callfchdir(fd)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmod(fd int, mode uint32) (err error) {
+	_, e1 := callfchmod(fd, mode)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, e1 := callfchmodat(dirfd, uintptr(unsafe.Pointer(_p0)), mode, flags)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, e1 := callfchownat(dirfd, uintptr(unsafe.Pointer(_p0)), uid, gid, flags)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fdatasync(fd int) (err error) {
+	_, e1 := callfdatasync(fd)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fsync(fd int) (err error) {
+	_, e1 := callfsync(fd)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgid(pid int) (pgid int, err error) {
+	r0, e1 := callgetpgid(pid)
+	pgid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgrp() (pid int) {
+	r0, _ := callgetpgrp()
+	pid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpid() (pid int) {
+	r0, _ := callgetpid()
+	pid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getppid() (ppid int) {
+	r0, _ := callgetppid()
+	ppid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpriority(which int, who int) (prio int, err error) {
+	r0, e1 := callgetpriority(which, who)
+	prio = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrusage(who int, rusage *Rusage) (err error) {
+	_, e1 := callgetrusage(who, uintptr(unsafe.Pointer(rusage)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getsid(pid int) (sid int, err error) {
+	r0, e1 := callgetsid(pid)
+	sid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Kill(pid int, sig Signal) (err error) {
+	_, e1 := callkill(pid, int(sig))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Klogctl(typ int, buf []byte) (n int, err error) {
+	var _p0 *byte
+	if len(buf) > 0 {
+		_p0 = &buf[0]
+	}
+	r0, e1 := callsyslog(typ, uintptr(unsafe.Pointer(_p0)), len(buf))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdir(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, e1 := callmkdir(dirfd, uintptr(unsafe.Pointer(_p0)), mode)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdirat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, e1 := callmkdirat(dirfd, uintptr(unsafe.Pointer(_p0)), mode)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkfifo(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, e1 := callmkfifo(uintptr(unsafe.Pointer(_p0)), mode)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mknod(path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, e1 := callmknod(uintptr(unsafe.Pointer(_p0)), mode, dev)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, e1 := callmknodat(dirfd, uintptr(unsafe.Pointer(_p0)), mode, dev)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
+	_, e1 := callnanosleep(uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Open(path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, e1 := callopen64(uintptr(unsafe.Pointer(_p0)), mode, perm)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, e1 := callopenat(dirfd, uintptr(unsafe.Pointer(_p0)), flags, mode)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func read(fd int, p []byte) (n int, err error) {
+	var _p0 *byte
+	if len(p) > 0 {
+		_p0 = &p[0]
+	}
+	r0, e1 := callread(fd, uintptr(unsafe.Pointer(_p0)), len(p))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Readlink(path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	if len(buf) > 0 {
+		_p1 = &buf[0]
+	}
+	r0, e1 := callreadlink(uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), len(buf))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, e1 := callrenameat(olddirfd, uintptr(unsafe.Pointer(_p0)), newdirfd, uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setdomainname(p []byte) (err error) {
+	var _p0 *byte
+	if len(p) > 0 {
+		_p0 = &p[0]
+	}
+	_, e1 := callsetdomainname(uintptr(unsafe.Pointer(_p0)), len(p))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Sethostname(p []byte) (err error) {
+	var _p0 *byte
+	if len(p) > 0 {
+		_p0 = &p[0]
+	}
+	_, e1 := callsethostname(uintptr(unsafe.Pointer(_p0)), len(p))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpgid(pid int, pgid int) (err error) {
+	_, e1 := callsetpgid(pid, pgid)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setsid() (pid int, err error) {
+	r0, e1 := callsetsid()
+	pid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Settimeofday(tv *Timeval) (err error) {
+	_, e1 := callsettimeofday(uintptr(unsafe.Pointer(tv)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setuid(uid int) (err error) {
+	_, e1 := callsetuid(uid)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setgid(uid int) (err error) {
+	_, e1 := callsetgid(uid)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpriority(which int, who int, prio int) (err error) {
+	_, e1 := callsetpriority(which, who, prio)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Statx(dirfd int, path string, flags int, mask int, stat *Statx_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, e1 := callstatx(dirfd, uintptr(unsafe.Pointer(_p0)), flags, mask, uintptr(unsafe.Pointer(stat)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Sync() {
+	callsync()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Times(tms *Tms) (ticks uintptr, err error) {
+	r0, e1 := calltimes(uintptr(unsafe.Pointer(tms)))
+	ticks = uintptr(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Umask(mask int) (oldmask int) {
+	r0, _ := callumask(mask)
+	oldmask = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Uname(buf *Utsname) (err error) {
+	_, e1 := calluname(uintptr(unsafe.Pointer(buf)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlink(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, e1 := callunlink(uintptr(unsafe.Pointer(_p0)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlinkat(dirfd int, path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, e1 := callunlinkat(dirfd, uintptr(unsafe.Pointer(_p0)), flags)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ustat(dev int, ubuf *Ustat_t) (err error) {
+	_, e1 := callustat(dev, uintptr(unsafe.Pointer(ubuf)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func write(fd int, p []byte) (n int, err error) {
+	var _p0 *byte
+	if len(p) > 0 {
+		_p0 = &p[0]
+	}
+	r0, e1 := callwrite(fd, uintptr(unsafe.Pointer(_p0)), len(p))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func readlen(fd int, p *byte, np int) (n int, err error) {
+	r0, e1 := callread(fd, uintptr(unsafe.Pointer(p)), np)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func writelen(fd int, p *byte, np int) (n int, err error) {
+	r0, e1 := callwrite(fd, uintptr(unsafe.Pointer(p)), np)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup2(oldfd int, newfd int) (err error) {
+	_, e1 := calldup2(oldfd, newfd)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fadvise(fd int, offset int64, length int64, advice int) (err error) {
+	_, e1 := callposix_fadvise64(fd, offset, length, advice)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchown(fd int, uid int, gid int) (err error) {
+	_, e1 := callfchown(fd, uid, gid)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fstat(fd int, stat *Stat_t) (err error) {
+	_, e1 := callfstat(fd, uintptr(unsafe.Pointer(stat)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fstatat(dirfd int, path string, stat *Stat_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, e1 := callfstatat(dirfd, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), flags)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatfs(fd int, buf *Statfs_t) (err error) {
+	_, e1 := callfstatfs(fd, uintptr(unsafe.Pointer(buf)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ftruncate(fd int, length int64) (err error) {
+	_, e1 := callftruncate(fd, length)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getegid() (egid int) {
+	r0, _ := callgetegid()
+	egid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Geteuid() (euid int) {
+	r0, _ := callgeteuid()
+	euid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getgid() (gid int) {
+	r0, _ := callgetgid()
+	gid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getuid() (uid int) {
+	r0, _ := callgetuid()
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lchown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, e1 := calllchown(uintptr(unsafe.Pointer(_p0)), uid, gid)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Listen(s int, n int) (err error) {
+	_, e1 := calllisten(s, n)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func lstat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, e1 := calllstat(uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pause() (err error) {
+	_, e1 := callpause()
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pread(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 *byte
+	if len(p) > 0 {
+		_p0 = &p[0]
+	}
+	r0, e1 := callpread64(fd, uintptr(unsafe.Pointer(_p0)), len(p), offset)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 *byte
+	if len(p) > 0 {
+		_p0 = &p[0]
+	}
+	r0, e1 := callpwrite64(fd, uintptr(unsafe.Pointer(_p0)), len(p), offset)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, e1 := callselect(nfd, uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pselect(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
+	r0, e1 := callpselect(nfd, uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setregid(rgid int, egid int) (err error) {
+	_, e1 := callsetregid(rgid, egid)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setreuid(ruid int, euid int) (err error) {
+	_, e1 := callsetreuid(ruid, euid)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Shutdown(fd int, how int) (err error) {
+	_, e1 := callshutdown(fd, how)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error) {
+	r0, e1 := callsplice(rfd, uintptr(unsafe.Pointer(roff)), wfd, uintptr(unsafe.Pointer(woff)), len, flags)
+	n = int64(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func stat(path string, statptr *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, e1 := callstat(uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(statptr)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Statfs(path string, buf *Statfs_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, e1 := callstatfs(uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(buf)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Truncate(path string, length int64) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, e1 := calltruncate(uintptr(unsafe.Pointer(_p0)), length)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, e1 := callbind(s, uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, e1 := callconnect(s, uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getgroups(n int, list *_Gid_t) (nn int, err error) {
+	r0, e1 := callgetgroups(n, uintptr(unsafe.Pointer(list)))
+	nn = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setgroups(n int, list *_Gid_t) (err error) {
+	_, e1 := callsetgroups(n, uintptr(unsafe.Pointer(list)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
+	_, e1 := callgetsockopt(s, level, name, uintptr(val), uintptr(unsafe.Pointer(vallen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
+	_, e1 := callsetsockopt(s, level, name, uintptr(val), vallen)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socket(domain int, typ int, proto int) (fd int, err error) {
+	r0, e1 := callsocket(domain, typ, proto)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
+	_, e1 := callsocketpair(domain, typ, proto, uintptr(unsafe.Pointer(fd)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, e1 := callgetpeername(fd, uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, e1 := callgetsockname(fd, uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
+	var _p0 *byte
+	if len(p) > 0 {
+		_p0 = &p[0]
+	}
+	r0, e1 := callrecvfrom(fd, uintptr(unsafe.Pointer(_p0)), len(p), flags, uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) {
+	var _p0 *byte
+	if len(buf) > 0 {
+		_p0 = &buf[0]
+	}
+	_, e1 := callsendto(s, uintptr(unsafe.Pointer(_p0)), len(buf), flags, uintptr(to), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, e1 := callnrecvmsg(s, uintptr(unsafe.Pointer(msg)), flags)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, e1 := callnsendmsg(s, uintptr(unsafe.Pointer(msg)), flags)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func munmap(addr uintptr, length uintptr) (err error) {
+	_, e1 := callmunmap(addr, length)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Madvise(b []byte, advice int) (err error) {
+	var _p0 *byte
+	if len(b) > 0 {
+		_p0 = &b[0]
+	}
+	_, e1 := callmadvise(uintptr(unsafe.Pointer(_p0)), len(b), advice)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mprotect(b []byte, prot int) (err error) {
+	var _p0 *byte
+	if len(b) > 0 {
+		_p0 = &b[0]
+	}
+	_, e1 := callmprotect(uintptr(unsafe.Pointer(_p0)), len(b), prot)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlock(b []byte) (err error) {
+	var _p0 *byte
+	if len(b) > 0 {
+		_p0 = &b[0]
+	}
+	_, e1 := callmlock(uintptr(unsafe.Pointer(_p0)), len(b))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlockall(flags int) (err error) {
+	_, e1 := callmlockall(flags)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Msync(b []byte, flags int) (err error) {
+	var _p0 *byte
+	if len(b) > 0 {
+		_p0 = &b[0]
+	}
+	_, e1 := callmsync(uintptr(unsafe.Pointer(_p0)), len(b), flags)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlock(b []byte) (err error) {
+	var _p0 *byte
+	if len(b) > 0 {
+		_p0 = &b[0]
+	}
+	_, e1 := callmunlock(uintptr(unsafe.Pointer(_p0)), len(b))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlockall() (err error) {
+	_, e1 := callmunlockall()
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pipe(p *[2]_C_int) (err error) {
+	_, e1 := callpipe(uintptr(unsafe.Pointer(p)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
+	r0, e1 := callpoll(uintptr(unsafe.Pointer(fds)), nfds, timeout)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func gettimeofday(tv *Timeval, tzp *Timezone) (err error) {
+	_, e1 := callgettimeofday(uintptr(unsafe.Pointer(tv)), uintptr(unsafe.Pointer(tzp)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Time(t *Time_t) (tt Time_t, err error) {
+	r0, e1 := calltime(uintptr(unsafe.Pointer(t)))
+	tt = Time_t(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Utime(path string, buf *Utimbuf) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, e1 := callutime(uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(buf)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getsystemcfg(label int) (n uint64) {
+	r0, _ := callgetsystemcfg(label)
+	n = uint64(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func umount(target string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(target)
+	if err != nil {
+		return
+	}
+	_, e1 := callumount(uintptr(unsafe.Pointer(_p0)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrlimit(resource int, rlim *Rlimit) (err error) {
+	_, e1 := callgetrlimit(resource, uintptr(unsafe.Pointer(rlim)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setrlimit(resource int, rlim *Rlimit) (err error) {
+	_, e1 := callsetrlimit(resource, uintptr(unsafe.Pointer(rlim)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seek(fd int, offset int64, whence int) (off int64, err error) {
+	r0, e1 := calllseek(fd, offset, whence)
+	off = int64(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mmap(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (xaddr uintptr, err error) {
+	r0, e1 := callmmap64(addr, length, prot, flags, fd, offset)
+	xaddr = uintptr(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go
new file mode 100644
index 000000000..4b3a8ad7b
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go
@@ -0,0 +1,1192 @@
+// go run mksyscall_aix_ppc64.go -aix -tags aix,ppc64 syscall_aix.go syscall_aix_ppc64.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build aix,ppc64
+// +build !gccgo
+
+package unix
+
+import (
+	"unsafe"
+)
+
+//go:cgo_import_dynamic libc_utimes utimes "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_utimensat utimensat "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_getcwd getcwd "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_accept accept "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_getdirent getdirent "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_wait4 wait4 "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_ioctl ioctl "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_fcntl fcntl "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_acct acct "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_chdir chdir "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_chroot chroot "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_close close "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_dup dup "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_exit exit "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_faccessat faccessat "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_fchdir fchdir "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_fchmod fchmod "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_fchmodat fchmodat "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_fchownat fchownat "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_fdatasync fdatasync "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_fsync fsync "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_getpgid getpgid "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_getpgrp getpgrp "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_getpid getpid "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_getppid getppid "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_getpriority getpriority "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_getrusage getrusage "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_getsid getsid "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_kill kill "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_syslog syslog "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_mkdir mkdir "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_mkdirat mkdirat "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_mkfifo mkfifo "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_mknod mknod "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_mknodat mknodat "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_nanosleep nanosleep "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_open64 open64 "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_openat openat "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_read read "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_readlink readlink "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_renameat renameat "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_setdomainname setdomainname "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_sethostname sethostname "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_setpgid setpgid "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_setsid setsid "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_settimeofday settimeofday "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_setuid setuid "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_setgid setgid "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_setpriority setpriority "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_statx statx "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_sync sync "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_times times "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_umask umask "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_uname uname "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_unlink unlink "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_unlinkat unlinkat "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_ustat ustat "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_write write "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_dup2 dup2 "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_posix_fadvise64 posix_fadvise64 "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_fchown fchown "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_fstat fstat "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_fstatat fstatat "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_fstatfs fstatfs "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_ftruncate ftruncate "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_getegid getegid "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_geteuid geteuid "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_getgid getgid "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_getuid getuid "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_lchown lchown "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_listen listen "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_lstat lstat "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_pause pause "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_pread64 pread64 "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_pwrite64 pwrite64 "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_select select "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_pselect pselect "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_setregid setregid "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_setreuid setreuid "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_shutdown shutdown "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_splice splice "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_stat stat "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_statfs statfs "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_truncate truncate "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_bind bind "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_connect connect "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_getgroups getgroups "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_setgroups setgroups "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_getsockopt getsockopt "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_setsockopt setsockopt "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_socket socket "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_socketpair socketpair "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_getpeername getpeername "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_getsockname getsockname "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_recvfrom recvfrom "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_sendto sendto "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_nrecvmsg nrecvmsg "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_nsendmsg nsendmsg "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_munmap munmap "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_madvise madvise "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_mprotect mprotect "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_mlock mlock "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_mlockall mlockall "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_msync msync "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_munlock munlock "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_munlockall munlockall "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_pipe pipe "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_poll poll "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_gettimeofday gettimeofday "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_time time "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_utime utime "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_getsystemcfg getsystemcfg "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_umount umount "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_getrlimit getrlimit "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_setrlimit setrlimit "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_lseek lseek "libc.a/shr_64.o"
+//go:cgo_import_dynamic libc_mmap64 mmap64 "libc.a/shr_64.o"
+
+//go:linkname libc_utimes libc_utimes
+//go:linkname libc_utimensat libc_utimensat
+//go:linkname libc_getcwd libc_getcwd
+//go:linkname libc_accept libc_accept
+//go:linkname libc_getdirent libc_getdirent
+//go:linkname libc_wait4 libc_wait4
+//go:linkname libc_ioctl libc_ioctl
+//go:linkname libc_fcntl libc_fcntl
+//go:linkname libc_acct libc_acct
+//go:linkname libc_chdir libc_chdir
+//go:linkname libc_chroot libc_chroot
+//go:linkname libc_close libc_close
+//go:linkname libc_dup libc_dup
+//go:linkname libc_exit libc_exit
+//go:linkname libc_faccessat libc_faccessat
+//go:linkname libc_fchdir libc_fchdir
+//go:linkname libc_fchmod libc_fchmod
+//go:linkname libc_fchmodat libc_fchmodat
+//go:linkname libc_fchownat libc_fchownat
+//go:linkname libc_fdatasync libc_fdatasync
+//go:linkname libc_fsync libc_fsync
+//go:linkname libc_getpgid libc_getpgid
+//go:linkname libc_getpgrp libc_getpgrp
+//go:linkname libc_getpid libc_getpid
+//go:linkname libc_getppid libc_getppid
+//go:linkname libc_getpriority libc_getpriority
+//go:linkname libc_getrusage libc_getrusage
+//go:linkname libc_getsid libc_getsid
+//go:linkname libc_kill libc_kill
+//go:linkname libc_syslog libc_syslog
+//go:linkname libc_mkdir libc_mkdir
+//go:linkname libc_mkdirat libc_mkdirat
+//go:linkname libc_mkfifo libc_mkfifo
+//go:linkname libc_mknod libc_mknod
+//go:linkname libc_mknodat libc_mknodat
+//go:linkname libc_nanosleep libc_nanosleep
+//go:linkname libc_open64 libc_open64
+//go:linkname libc_openat libc_openat
+//go:linkname libc_read libc_read
+//go:linkname libc_readlink libc_readlink
+//go:linkname libc_renameat libc_renameat
+//go:linkname libc_setdomainname libc_setdomainname
+//go:linkname libc_sethostname libc_sethostname
+//go:linkname libc_setpgid libc_setpgid
+//go:linkname libc_setsid libc_setsid
+//go:linkname libc_settimeofday libc_settimeofday
+//go:linkname libc_setuid libc_setuid
+//go:linkname libc_setgid libc_setgid
+//go:linkname libc_setpriority libc_setpriority
+//go:linkname libc_statx libc_statx
+//go:linkname libc_sync libc_sync
+//go:linkname libc_times libc_times
+//go:linkname libc_umask libc_umask
+//go:linkname libc_uname libc_uname
+//go:linkname libc_unlink libc_unlink
+//go:linkname libc_unlinkat libc_unlinkat
+//go:linkname libc_ustat libc_ustat
+//go:linkname libc_write libc_write
+//go:linkname libc_dup2 libc_dup2
+//go:linkname libc_posix_fadvise64 libc_posix_fadvise64
+//go:linkname libc_fchown libc_fchown
+//go:linkname libc_fstat libc_fstat
+//go:linkname libc_fstatat libc_fstatat
+//go:linkname libc_fstatfs libc_fstatfs
+//go:linkname libc_ftruncate libc_ftruncate
+//go:linkname libc_getegid libc_getegid
+//go:linkname libc_geteuid libc_geteuid
+//go:linkname libc_getgid libc_getgid
+//go:linkname libc_getuid libc_getuid
+//go:linkname libc_lchown libc_lchown
+//go:linkname libc_listen libc_listen
+//go:linkname libc_lstat libc_lstat
+//go:linkname libc_pause libc_pause
+//go:linkname libc_pread64 libc_pread64
+//go:linkname libc_pwrite64 libc_pwrite64
+//go:linkname libc_select libc_select
+//go:linkname libc_pselect libc_pselect
+//go:linkname libc_setregid libc_setregid
+//go:linkname libc_setreuid libc_setreuid
+//go:linkname libc_shutdown libc_shutdown
+//go:linkname libc_splice libc_splice
+//go:linkname libc_stat libc_stat
+//go:linkname libc_statfs libc_statfs
+//go:linkname libc_truncate libc_truncate
+//go:linkname libc_bind libc_bind
+//go:linkname libc_connect libc_connect
+//go:linkname libc_getgroups libc_getgroups
+//go:linkname libc_setgroups libc_setgroups
+//go:linkname libc_getsockopt libc_getsockopt
+//go:linkname libc_setsockopt libc_setsockopt
+//go:linkname libc_socket libc_socket
+//go:linkname libc_socketpair libc_socketpair
+//go:linkname libc_getpeername libc_getpeername
+//go:linkname libc_getsockname libc_getsockname
+//go:linkname libc_recvfrom libc_recvfrom
+//go:linkname libc_sendto libc_sendto
+//go:linkname libc_nrecvmsg libc_nrecvmsg
+//go:linkname libc_nsendmsg libc_nsendmsg
+//go:linkname libc_munmap libc_munmap
+//go:linkname libc_madvise libc_madvise
+//go:linkname libc_mprotect libc_mprotect
+//go:linkname libc_mlock libc_mlock
+//go:linkname libc_mlockall libc_mlockall
+//go:linkname libc_msync libc_msync
+//go:linkname libc_munlock libc_munlock
+//go:linkname libc_munlockall libc_munlockall
+//go:linkname libc_pipe libc_pipe
+//go:linkname libc_poll libc_poll
+//go:linkname libc_gettimeofday libc_gettimeofday
+//go:linkname libc_time libc_time
+//go:linkname libc_utime libc_utime
+//go:linkname libc_getsystemcfg libc_getsystemcfg
+//go:linkname libc_umount libc_umount
+//go:linkname libc_getrlimit libc_getrlimit
+//go:linkname libc_setrlimit libc_setrlimit
+//go:linkname libc_lseek libc_lseek
+//go:linkname libc_mmap64 libc_mmap64
+
+type syscallFunc uintptr
+
+var (
+	libc_utimes,
+	libc_utimensat,
+	libc_getcwd,
+	libc_accept,
+	libc_getdirent,
+	libc_wait4,
+	libc_ioctl,
+	libc_fcntl,
+	libc_acct,
+	libc_chdir,
+	libc_chroot,
+	libc_close,
+	libc_dup,
+	libc_exit,
+	libc_faccessat,
+	libc_fchdir,
+	libc_fchmod,
+	libc_fchmodat,
+	libc_fchownat,
+	libc_fdatasync,
+	libc_fsync,
+	libc_getpgid,
+	libc_getpgrp,
+	libc_getpid,
+	libc_getppid,
+	libc_getpriority,
+	libc_getrusage,
+	libc_getsid,
+	libc_kill,
+	libc_syslog,
+	libc_mkdir,
+	libc_mkdirat,
+	libc_mkfifo,
+	libc_mknod,
+	libc_mknodat,
+	libc_nanosleep,
+	libc_open64,
+	libc_openat,
+	libc_read,
+	libc_readlink,
+	libc_renameat,
+	libc_setdomainname,
+	libc_sethostname,
+	libc_setpgid,
+	libc_setsid,
+	libc_settimeofday,
+	libc_setuid,
+	libc_setgid,
+	libc_setpriority,
+	libc_statx,
+	libc_sync,
+	libc_times,
+	libc_umask,
+	libc_uname,
+	libc_unlink,
+	libc_unlinkat,
+	libc_ustat,
+	libc_write,
+	libc_dup2,
+	libc_posix_fadvise64,
+	libc_fchown,
+	libc_fstat,
+	libc_fstatat,
+	libc_fstatfs,
+	libc_ftruncate,
+	libc_getegid,
+	libc_geteuid,
+	libc_getgid,
+	libc_getuid,
+	libc_lchown,
+	libc_listen,
+	libc_lstat,
+	libc_pause,
+	libc_pread64,
+	libc_pwrite64,
+	libc_select,
+	libc_pselect,
+	libc_setregid,
+	libc_setreuid,
+	libc_shutdown,
+	libc_splice,
+	libc_stat,
+	libc_statfs,
+	libc_truncate,
+	libc_bind,
+	libc_connect,
+	libc_getgroups,
+	libc_setgroups,
+	libc_getsockopt,
+	libc_setsockopt,
+	libc_socket,
+	libc_socketpair,
+	libc_getpeername,
+	libc_getsockname,
+	libc_recvfrom,
+	libc_sendto,
+	libc_nrecvmsg,
+	libc_nsendmsg,
+	libc_munmap,
+	libc_madvise,
+	libc_mprotect,
+	libc_mlock,
+	libc_mlockall,
+	libc_msync,
+	libc_munlock,
+	libc_munlockall,
+	libc_pipe,
+	libc_poll,
+	libc_gettimeofday,
+	libc_time,
+	libc_utime,
+	libc_getsystemcfg,
+	libc_umount,
+	libc_getrlimit,
+	libc_setrlimit,
+	libc_lseek,
+	libc_mmap64 syscallFunc
+)
+
+// Implemented in runtime/syscall_aix.go.
+func rawSyscall6(trap, nargs, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err Errno)
+func syscall6(trap, nargs, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err Errno)
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callutimes(_p0 uintptr, times uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_utimes)), 2, _p0, times, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callutimensat(dirfd int, _p0 uintptr, times uintptr, flag int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_utimensat)), 4, uintptr(dirfd), _p0, times, uintptr(flag), 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetcwd(_p0 uintptr, _lenp0 int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_getcwd)), 2, _p0, uintptr(_lenp0), 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callaccept(s int, rsa uintptr, addrlen uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_accept)), 3, uintptr(s), rsa, addrlen, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetdirent(fd int, _p0 uintptr, _lenp0 int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_getdirent)), 3, uintptr(fd), _p0, uintptr(_lenp0), 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callwait4(pid int, status uintptr, options int, rusage uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_wait4)), 4, uintptr(pid), status, uintptr(options), rusage, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callioctl(fd int, req int, arg uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_ioctl)), 3, uintptr(fd), uintptr(req), arg, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callfcntl(fd uintptr, cmd int, arg uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_fcntl)), 3, fd, uintptr(cmd), arg, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callacct(_p0 uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_acct)), 1, _p0, 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callchdir(_p0 uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_chdir)), 1, _p0, 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callchroot(_p0 uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_chroot)), 1, _p0, 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callclose(fd int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_close)), 1, uintptr(fd), 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func calldup(oldfd int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_dup)), 1, uintptr(oldfd), 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callexit(code int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_exit)), 1, uintptr(code), 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callfaccessat(dirfd int, _p0 uintptr, mode uint32, flags int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_faccessat)), 4, uintptr(dirfd), _p0, uintptr(mode), uintptr(flags), 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callfchdir(fd int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_fchdir)), 1, uintptr(fd), 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callfchmod(fd int, mode uint32) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_fchmod)), 2, uintptr(fd), uintptr(mode), 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callfchmodat(dirfd int, _p0 uintptr, mode uint32, flags int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_fchmodat)), 4, uintptr(dirfd), _p0, uintptr(mode), uintptr(flags), 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callfchownat(dirfd int, _p0 uintptr, uid int, gid int, flags int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_fchownat)), 5, uintptr(dirfd), _p0, uintptr(uid), uintptr(gid), uintptr(flags), 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callfdatasync(fd int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_fdatasync)), 1, uintptr(fd), 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callfsync(fd int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_fsync)), 1, uintptr(fd), 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetpgid(pid int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_getpgid)), 1, uintptr(pid), 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetpgrp() (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_getpgrp)), 0, 0, 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetpid() (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_getpid)), 0, 0, 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetppid() (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_getppid)), 0, 0, 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetpriority(which int, who int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_getpriority)), 2, uintptr(which), uintptr(who), 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetrusage(who int, rusage uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_getrusage)), 2, uintptr(who), rusage, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetsid(pid int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_getsid)), 1, uintptr(pid), 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callkill(pid int, sig int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_kill)), 2, uintptr(pid), uintptr(sig), 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsyslog(typ int, _p0 uintptr, _lenp0 int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_syslog)), 3, uintptr(typ), _p0, uintptr(_lenp0), 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmkdir(dirfd int, _p0 uintptr, mode uint32) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_mkdir)), 3, uintptr(dirfd), _p0, uintptr(mode), 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmkdirat(dirfd int, _p0 uintptr, mode uint32) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_mkdirat)), 3, uintptr(dirfd), _p0, uintptr(mode), 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmkfifo(_p0 uintptr, mode uint32) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_mkfifo)), 2, _p0, uintptr(mode), 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmknod(_p0 uintptr, mode uint32, dev int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_mknod)), 3, _p0, uintptr(mode), uintptr(dev), 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmknodat(dirfd int, _p0 uintptr, mode uint32, dev int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_mknodat)), 4, uintptr(dirfd), _p0, uintptr(mode), uintptr(dev), 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callnanosleep(time uintptr, leftover uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_nanosleep)), 2, time, leftover, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callopen64(_p0 uintptr, mode int, perm uint32) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_open64)), 3, _p0, uintptr(mode), uintptr(perm), 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callopenat(dirfd int, _p0 uintptr, flags int, mode uint32) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_openat)), 4, uintptr(dirfd), _p0, uintptr(flags), uintptr(mode), 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callread(fd int, _p0 uintptr, _lenp0 int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_read)), 3, uintptr(fd), _p0, uintptr(_lenp0), 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callreadlink(_p0 uintptr, _p1 uintptr, _lenp1 int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_readlink)), 3, _p0, _p1, uintptr(_lenp1), 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callrenameat(olddirfd int, _p0 uintptr, newdirfd int, _p1 uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_renameat)), 4, uintptr(olddirfd), _p0, uintptr(newdirfd), _p1, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsetdomainname(_p0 uintptr, _lenp0 int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_setdomainname)), 2, _p0, uintptr(_lenp0), 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsethostname(_p0 uintptr, _lenp0 int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_sethostname)), 2, _p0, uintptr(_lenp0), 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsetpgid(pid int, pgid int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_setpgid)), 2, uintptr(pid), uintptr(pgid), 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsetsid() (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_setsid)), 0, 0, 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsettimeofday(tv uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_settimeofday)), 1, tv, 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsetuid(uid int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_setuid)), 1, uintptr(uid), 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsetgid(uid int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_setgid)), 1, uintptr(uid), 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsetpriority(which int, who int, prio int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_setpriority)), 3, uintptr(which), uintptr(who), uintptr(prio), 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callstatx(dirfd int, _p0 uintptr, flags int, mask int, stat uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_statx)), 5, uintptr(dirfd), _p0, uintptr(flags), uintptr(mask), stat, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsync() (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_sync)), 0, 0, 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func calltimes(tms uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_times)), 1, tms, 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callumask(mask int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_umask)), 1, uintptr(mask), 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func calluname(buf uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_uname)), 1, buf, 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callunlink(_p0 uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_unlink)), 1, _p0, 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callunlinkat(dirfd int, _p0 uintptr, flags int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_unlinkat)), 3, uintptr(dirfd), _p0, uintptr(flags), 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callustat(dev int, ubuf uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_ustat)), 2, uintptr(dev), ubuf, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callwrite(fd int, _p0 uintptr, _lenp0 int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_write)), 3, uintptr(fd), _p0, uintptr(_lenp0), 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func calldup2(oldfd int, newfd int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_dup2)), 2, uintptr(oldfd), uintptr(newfd), 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callposix_fadvise64(fd int, offset int64, length int64, advice int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_posix_fadvise64)), 4, uintptr(fd), uintptr(offset), uintptr(length), uintptr(advice), 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callfchown(fd int, uid int, gid int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_fchown)), 3, uintptr(fd), uintptr(uid), uintptr(gid), 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callfstat(fd int, stat uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_fstat)), 2, uintptr(fd), stat, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callfstatat(dirfd int, _p0 uintptr, stat uintptr, flags int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_fstatat)), 4, uintptr(dirfd), _p0, stat, uintptr(flags), 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callfstatfs(fd int, buf uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_fstatfs)), 2, uintptr(fd), buf, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callftruncate(fd int, length int64) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_ftruncate)), 2, uintptr(fd), uintptr(length), 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetegid() (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_getegid)), 0, 0, 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgeteuid() (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_geteuid)), 0, 0, 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetgid() (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_getgid)), 0, 0, 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetuid() (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_getuid)), 0, 0, 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func calllchown(_p0 uintptr, uid int, gid int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_lchown)), 3, _p0, uintptr(uid), uintptr(gid), 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func calllisten(s int, n int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_listen)), 2, uintptr(s), uintptr(n), 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func calllstat(_p0 uintptr, stat uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_lstat)), 2, _p0, stat, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callpause() (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_pause)), 0, 0, 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callpread64(fd int, _p0 uintptr, _lenp0 int, offset int64) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_pread64)), 4, uintptr(fd), _p0, uintptr(_lenp0), uintptr(offset), 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callpwrite64(fd int, _p0 uintptr, _lenp0 int, offset int64) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_pwrite64)), 4, uintptr(fd), _p0, uintptr(_lenp0), uintptr(offset), 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callselect(nfd int, r uintptr, w uintptr, e uintptr, timeout uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_select)), 5, uintptr(nfd), r, w, e, timeout, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callpselect(nfd int, r uintptr, w uintptr, e uintptr, timeout uintptr, sigmask uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_pselect)), 6, uintptr(nfd), r, w, e, timeout, sigmask)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsetregid(rgid int, egid int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_setregid)), 2, uintptr(rgid), uintptr(egid), 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsetreuid(ruid int, euid int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_setreuid)), 2, uintptr(ruid), uintptr(euid), 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callshutdown(fd int, how int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_shutdown)), 2, uintptr(fd), uintptr(how), 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsplice(rfd int, roff uintptr, wfd int, woff uintptr, len int, flags int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_splice)), 6, uintptr(rfd), roff, uintptr(wfd), woff, uintptr(len), uintptr(flags))
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callstat(_p0 uintptr, statptr uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_stat)), 2, _p0, statptr, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callstatfs(_p0 uintptr, buf uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_statfs)), 2, _p0, buf, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func calltruncate(_p0 uintptr, length int64) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_truncate)), 2, _p0, uintptr(length), 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callbind(s int, addr uintptr, addrlen uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_bind)), 3, uintptr(s), addr, addrlen, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callconnect(s int, addr uintptr, addrlen uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_connect)), 3, uintptr(s), addr, addrlen, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetgroups(n int, list uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_getgroups)), 2, uintptr(n), list, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsetgroups(n int, list uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_setgroups)), 2, uintptr(n), list, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetsockopt(s int, level int, name int, val uintptr, vallen uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_getsockopt)), 5, uintptr(s), uintptr(level), uintptr(name), val, vallen, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsetsockopt(s int, level int, name int, val uintptr, vallen uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_setsockopt)), 5, uintptr(s), uintptr(level), uintptr(name), val, vallen, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsocket(domain int, typ int, proto int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_socket)), 3, uintptr(domain), uintptr(typ), uintptr(proto), 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsocketpair(domain int, typ int, proto int, fd uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_socketpair)), 4, uintptr(domain), uintptr(typ), uintptr(proto), fd, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetpeername(fd int, rsa uintptr, addrlen uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_getpeername)), 3, uintptr(fd), rsa, addrlen, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetsockname(fd int, rsa uintptr, addrlen uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_getsockname)), 3, uintptr(fd), rsa, addrlen, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callrecvfrom(fd int, _p0 uintptr, _lenp0 int, flags int, from uintptr, fromlen uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_recvfrom)), 6, uintptr(fd), _p0, uintptr(_lenp0), uintptr(flags), from, fromlen)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsendto(s int, _p0 uintptr, _lenp0 int, flags int, to uintptr, addrlen uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_sendto)), 6, uintptr(s), _p0, uintptr(_lenp0), uintptr(flags), to, addrlen)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callnrecvmsg(s int, msg uintptr, flags int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_nrecvmsg)), 3, uintptr(s), msg, uintptr(flags), 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callnsendmsg(s int, msg uintptr, flags int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_nsendmsg)), 3, uintptr(s), msg, uintptr(flags), 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmunmap(addr uintptr, length uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_munmap)), 2, addr, length, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmadvise(_p0 uintptr, _lenp0 int, advice int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_madvise)), 3, _p0, uintptr(_lenp0), uintptr(advice), 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmprotect(_p0 uintptr, _lenp0 int, prot int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_mprotect)), 3, _p0, uintptr(_lenp0), uintptr(prot), 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmlock(_p0 uintptr, _lenp0 int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_mlock)), 2, _p0, uintptr(_lenp0), 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmlockall(flags int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_mlockall)), 1, uintptr(flags), 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmsync(_p0 uintptr, _lenp0 int, flags int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_msync)), 3, _p0, uintptr(_lenp0), uintptr(flags), 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmunlock(_p0 uintptr, _lenp0 int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_munlock)), 2, _p0, uintptr(_lenp0), 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmunlockall() (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_munlockall)), 0, 0, 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callpipe(p uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_pipe)), 1, p, 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callpoll(fds uintptr, nfds int, timeout int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_poll)), 3, fds, uintptr(nfds), uintptr(timeout), 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgettimeofday(tv uintptr, tzp uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_gettimeofday)), 2, tv, tzp, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func calltime(t uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_time)), 1, t, 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callutime(_p0 uintptr, buf uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_utime)), 2, _p0, buf, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetsystemcfg(label int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_getsystemcfg)), 1, uintptr(label), 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callumount(_p0 uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_umount)), 1, _p0, 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetrlimit(resource int, rlim uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_getrlimit)), 2, uintptr(resource), rlim, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsetrlimit(resource int, rlim uintptr) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_setrlimit)), 2, uintptr(resource), rlim, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func calllseek(fd int, offset int64, whence int) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_lseek)), 3, uintptr(fd), uintptr(offset), uintptr(whence), 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmmap64(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_mmap64)), 6, addr, length, uintptr(prot), uintptr(flags), uintptr(fd), uintptr(offset))
+	return
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go
new file mode 100644
index 000000000..cde4dbc5f
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go
@@ -0,0 +1,1070 @@
+// go run mksyscall_aix_ppc64.go -aix -tags aix,ppc64 syscall_aix.go syscall_aix_ppc64.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build aix,ppc64
+// +build gccgo
+
+package unix
+
+/*
+#include <stdint.h>
+int utimes(uintptr_t, uintptr_t);
+int utimensat(int, uintptr_t, uintptr_t, int);
+int getcwd(uintptr_t, size_t);
+int accept(int, uintptr_t, uintptr_t);
+int getdirent(int, uintptr_t, size_t);
+int wait4(int, uintptr_t, int, uintptr_t);
+int ioctl(int, int, uintptr_t);
+int fcntl(uintptr_t, int, uintptr_t);
+int acct(uintptr_t);
+int chdir(uintptr_t);
+int chroot(uintptr_t);
+int close(int);
+int dup(int);
+void exit(int);
+int faccessat(int, uintptr_t, unsigned int, int);
+int fchdir(int);
+int fchmod(int, unsigned int);
+int fchmodat(int, uintptr_t, unsigned int, int);
+int fchownat(int, uintptr_t, int, int, int);
+int fdatasync(int);
+int fsync(int);
+int getpgid(int);
+int getpgrp();
+int getpid();
+int getppid();
+int getpriority(int, int);
+int getrusage(int, uintptr_t);
+int getsid(int);
+int kill(int, int);
+int syslog(int, uintptr_t, size_t);
+int mkdir(int, uintptr_t, unsigned int);
+int mkdirat(int, uintptr_t, unsigned int);
+int mkfifo(uintptr_t, unsigned int);
+int mknod(uintptr_t, unsigned int, int);
+int mknodat(int, uintptr_t, unsigned int, int);
+int nanosleep(uintptr_t, uintptr_t);
+int open64(uintptr_t, int, unsigned int);
+int openat(int, uintptr_t, int, unsigned int);
+int read(int, uintptr_t, size_t);
+int readlink(uintptr_t, uintptr_t, size_t);
+int renameat(int, uintptr_t, int, uintptr_t);
+int setdomainname(uintptr_t, size_t);
+int sethostname(uintptr_t, size_t);
+int setpgid(int, int);
+int setsid();
+int settimeofday(uintptr_t);
+int setuid(int);
+int setgid(int);
+int setpriority(int, int, int);
+int statx(int, uintptr_t, int, int, uintptr_t);
+int sync();
+uintptr_t times(uintptr_t);
+int umask(int);
+int uname(uintptr_t);
+int unlink(uintptr_t);
+int unlinkat(int, uintptr_t, int);
+int ustat(int, uintptr_t);
+int write(int, uintptr_t, size_t);
+int dup2(int, int);
+int posix_fadvise64(int, long long, long long, int);
+int fchown(int, int, int);
+int fstat(int, uintptr_t);
+int fstatat(int, uintptr_t, uintptr_t, int);
+int fstatfs(int, uintptr_t);
+int ftruncate(int, long long);
+int getegid();
+int geteuid();
+int getgid();
+int getuid();
+int lchown(uintptr_t, int, int);
+int listen(int, int);
+int lstat(uintptr_t, uintptr_t);
+int pause();
+int pread64(int, uintptr_t, size_t, long long);
+int pwrite64(int, uintptr_t, size_t, long long);
+#define c_select select
+int select(int, uintptr_t, uintptr_t, uintptr_t, uintptr_t);
+int pselect(int, uintptr_t, uintptr_t, uintptr_t, uintptr_t, uintptr_t);
+int setregid(int, int);
+int setreuid(int, int);
+int shutdown(int, int);
+long long splice(int, uintptr_t, int, uintptr_t, int, int);
+int stat(uintptr_t, uintptr_t);
+int statfs(uintptr_t, uintptr_t);
+int truncate(uintptr_t, long long);
+int bind(int, uintptr_t, uintptr_t);
+int connect(int, uintptr_t, uintptr_t);
+int getgroups(int, uintptr_t);
+int setgroups(int, uintptr_t);
+int getsockopt(int, int, int, uintptr_t, uintptr_t);
+int setsockopt(int, int, int, uintptr_t, uintptr_t);
+int socket(int, int, int);
+int socketpair(int, int, int, uintptr_t);
+int getpeername(int, uintptr_t, uintptr_t);
+int getsockname(int, uintptr_t, uintptr_t);
+int recvfrom(int, uintptr_t, size_t, int, uintptr_t, uintptr_t);
+int sendto(int, uintptr_t, size_t, int, uintptr_t, uintptr_t);
+int nrecvmsg(int, uintptr_t, int);
+int nsendmsg(int, uintptr_t, int);
+int munmap(uintptr_t, uintptr_t);
+int madvise(uintptr_t, size_t, int);
+int mprotect(uintptr_t, size_t, int);
+int mlock(uintptr_t, size_t);
+int mlockall(int);
+int msync(uintptr_t, size_t, int);
+int munlock(uintptr_t, size_t);
+int munlockall();
+int pipe(uintptr_t);
+int poll(uintptr_t, int, int);
+int gettimeofday(uintptr_t, uintptr_t);
+int time(uintptr_t);
+int utime(uintptr_t, uintptr_t);
+unsigned long long getsystemcfg(int);
+int umount(uintptr_t);
+int getrlimit(int, uintptr_t);
+int setrlimit(int, uintptr_t);
+long long lseek(int, long long, int);
+uintptr_t mmap64(uintptr_t, uintptr_t, int, int, int, long long);
+
+*/
+import "C"
+import (
+	"syscall"
+)
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callutimes(_p0 uintptr, times uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.utimes(C.uintptr_t(_p0), C.uintptr_t(times)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callutimensat(dirfd int, _p0 uintptr, times uintptr, flag int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.utimensat(C.int(dirfd), C.uintptr_t(_p0), C.uintptr_t(times), C.int(flag)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetcwd(_p0 uintptr, _lenp0 int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.getcwd(C.uintptr_t(_p0), C.size_t(_lenp0)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callaccept(s int, rsa uintptr, addrlen uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.accept(C.int(s), C.uintptr_t(rsa), C.uintptr_t(addrlen)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetdirent(fd int, _p0 uintptr, _lenp0 int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.getdirent(C.int(fd), C.uintptr_t(_p0), C.size_t(_lenp0)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callwait4(pid int, status uintptr, options int, rusage uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.wait4(C.int(pid), C.uintptr_t(status), C.int(options), C.uintptr_t(rusage)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callioctl(fd int, req int, arg uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.ioctl(C.int(fd), C.int(req), C.uintptr_t(arg)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callfcntl(fd uintptr, cmd int, arg uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.fcntl(C.uintptr_t(fd), C.int(cmd), C.uintptr_t(arg)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callacct(_p0 uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.acct(C.uintptr_t(_p0)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callchdir(_p0 uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.chdir(C.uintptr_t(_p0)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callchroot(_p0 uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.chroot(C.uintptr_t(_p0)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callclose(fd int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.close(C.int(fd)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func calldup(oldfd int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.dup(C.int(oldfd)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callexit(code int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.exit(C.int(code)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callfaccessat(dirfd int, _p0 uintptr, mode uint32, flags int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.faccessat(C.int(dirfd), C.uintptr_t(_p0), C.uint(mode), C.int(flags)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callfchdir(fd int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.fchdir(C.int(fd)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callfchmod(fd int, mode uint32) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.fchmod(C.int(fd), C.uint(mode)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callfchmodat(dirfd int, _p0 uintptr, mode uint32, flags int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.fchmodat(C.int(dirfd), C.uintptr_t(_p0), C.uint(mode), C.int(flags)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callfchownat(dirfd int, _p0 uintptr, uid int, gid int, flags int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.fchownat(C.int(dirfd), C.uintptr_t(_p0), C.int(uid), C.int(gid), C.int(flags)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callfdatasync(fd int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.fdatasync(C.int(fd)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callfsync(fd int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.fsync(C.int(fd)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetpgid(pid int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.getpgid(C.int(pid)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetpgrp() (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.getpgrp())
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetpid() (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.getpid())
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetppid() (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.getppid())
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetpriority(which int, who int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.getpriority(C.int(which), C.int(who)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetrusage(who int, rusage uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.getrusage(C.int(who), C.uintptr_t(rusage)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetsid(pid int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.getsid(C.int(pid)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callkill(pid int, sig int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.kill(C.int(pid), C.int(sig)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsyslog(typ int, _p0 uintptr, _lenp0 int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.syslog(C.int(typ), C.uintptr_t(_p0), C.size_t(_lenp0)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmkdir(dirfd int, _p0 uintptr, mode uint32) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.mkdir(C.int(dirfd), C.uintptr_t(_p0), C.uint(mode)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmkdirat(dirfd int, _p0 uintptr, mode uint32) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.mkdirat(C.int(dirfd), C.uintptr_t(_p0), C.uint(mode)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmkfifo(_p0 uintptr, mode uint32) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.mkfifo(C.uintptr_t(_p0), C.uint(mode)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmknod(_p0 uintptr, mode uint32, dev int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.mknod(C.uintptr_t(_p0), C.uint(mode), C.int(dev)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmknodat(dirfd int, _p0 uintptr, mode uint32, dev int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.mknodat(C.int(dirfd), C.uintptr_t(_p0), C.uint(mode), C.int(dev)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callnanosleep(time uintptr, leftover uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.nanosleep(C.uintptr_t(time), C.uintptr_t(leftover)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callopen64(_p0 uintptr, mode int, perm uint32) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.open64(C.uintptr_t(_p0), C.int(mode), C.uint(perm)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callopenat(dirfd int, _p0 uintptr, flags int, mode uint32) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.openat(C.int(dirfd), C.uintptr_t(_p0), C.int(flags), C.uint(mode)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callread(fd int, _p0 uintptr, _lenp0 int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.read(C.int(fd), C.uintptr_t(_p0), C.size_t(_lenp0)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callreadlink(_p0 uintptr, _p1 uintptr, _lenp1 int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.readlink(C.uintptr_t(_p0), C.uintptr_t(_p1), C.size_t(_lenp1)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callrenameat(olddirfd int, _p0 uintptr, newdirfd int, _p1 uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.renameat(C.int(olddirfd), C.uintptr_t(_p0), C.int(newdirfd), C.uintptr_t(_p1)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsetdomainname(_p0 uintptr, _lenp0 int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.setdomainname(C.uintptr_t(_p0), C.size_t(_lenp0)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsethostname(_p0 uintptr, _lenp0 int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.sethostname(C.uintptr_t(_p0), C.size_t(_lenp0)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsetpgid(pid int, pgid int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.setpgid(C.int(pid), C.int(pgid)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsetsid() (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.setsid())
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsettimeofday(tv uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.settimeofday(C.uintptr_t(tv)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsetuid(uid int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.setuid(C.int(uid)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsetgid(uid int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.setgid(C.int(uid)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsetpriority(which int, who int, prio int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.setpriority(C.int(which), C.int(who), C.int(prio)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callstatx(dirfd int, _p0 uintptr, flags int, mask int, stat uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.statx(C.int(dirfd), C.uintptr_t(_p0), C.int(flags), C.int(mask), C.uintptr_t(stat)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsync() (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.sync())
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func calltimes(tms uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.times(C.uintptr_t(tms)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callumask(mask int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.umask(C.int(mask)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func calluname(buf uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.uname(C.uintptr_t(buf)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callunlink(_p0 uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.unlink(C.uintptr_t(_p0)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callunlinkat(dirfd int, _p0 uintptr, flags int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.unlinkat(C.int(dirfd), C.uintptr_t(_p0), C.int(flags)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callustat(dev int, ubuf uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.ustat(C.int(dev), C.uintptr_t(ubuf)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callwrite(fd int, _p0 uintptr, _lenp0 int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.write(C.int(fd), C.uintptr_t(_p0), C.size_t(_lenp0)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func calldup2(oldfd int, newfd int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.dup2(C.int(oldfd), C.int(newfd)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callposix_fadvise64(fd int, offset int64, length int64, advice int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.posix_fadvise64(C.int(fd), C.longlong(offset), C.longlong(length), C.int(advice)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callfchown(fd int, uid int, gid int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.fchown(C.int(fd), C.int(uid), C.int(gid)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callfstat(fd int, stat uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.fstat(C.int(fd), C.uintptr_t(stat)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callfstatat(dirfd int, _p0 uintptr, stat uintptr, flags int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.fstatat(C.int(dirfd), C.uintptr_t(_p0), C.uintptr_t(stat), C.int(flags)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callfstatfs(fd int, buf uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.fstatfs(C.int(fd), C.uintptr_t(buf)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callftruncate(fd int, length int64) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.ftruncate(C.int(fd), C.longlong(length)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetegid() (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.getegid())
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgeteuid() (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.geteuid())
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetgid() (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.getgid())
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetuid() (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.getuid())
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func calllchown(_p0 uintptr, uid int, gid int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.lchown(C.uintptr_t(_p0), C.int(uid), C.int(gid)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func calllisten(s int, n int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.listen(C.int(s), C.int(n)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func calllstat(_p0 uintptr, stat uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.lstat(C.uintptr_t(_p0), C.uintptr_t(stat)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callpause() (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.pause())
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callpread64(fd int, _p0 uintptr, _lenp0 int, offset int64) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.pread64(C.int(fd), C.uintptr_t(_p0), C.size_t(_lenp0), C.longlong(offset)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callpwrite64(fd int, _p0 uintptr, _lenp0 int, offset int64) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.pwrite64(C.int(fd), C.uintptr_t(_p0), C.size_t(_lenp0), C.longlong(offset)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callselect(nfd int, r uintptr, w uintptr, e uintptr, timeout uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.c_select(C.int(nfd), C.uintptr_t(r), C.uintptr_t(w), C.uintptr_t(e), C.uintptr_t(timeout)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callpselect(nfd int, r uintptr, w uintptr, e uintptr, timeout uintptr, sigmask uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.pselect(C.int(nfd), C.uintptr_t(r), C.uintptr_t(w), C.uintptr_t(e), C.uintptr_t(timeout), C.uintptr_t(sigmask)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsetregid(rgid int, egid int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.setregid(C.int(rgid), C.int(egid)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsetreuid(ruid int, euid int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.setreuid(C.int(ruid), C.int(euid)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callshutdown(fd int, how int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.shutdown(C.int(fd), C.int(how)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsplice(rfd int, roff uintptr, wfd int, woff uintptr, len int, flags int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.splice(C.int(rfd), C.uintptr_t(roff), C.int(wfd), C.uintptr_t(woff), C.int(len), C.int(flags)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callstat(_p0 uintptr, statptr uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.stat(C.uintptr_t(_p0), C.uintptr_t(statptr)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callstatfs(_p0 uintptr, buf uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.statfs(C.uintptr_t(_p0), C.uintptr_t(buf)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func calltruncate(_p0 uintptr, length int64) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.truncate(C.uintptr_t(_p0), C.longlong(length)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callbind(s int, addr uintptr, addrlen uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.bind(C.int(s), C.uintptr_t(addr), C.uintptr_t(addrlen)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callconnect(s int, addr uintptr, addrlen uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.connect(C.int(s), C.uintptr_t(addr), C.uintptr_t(addrlen)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetgroups(n int, list uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.getgroups(C.int(n), C.uintptr_t(list)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsetgroups(n int, list uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.setgroups(C.int(n), C.uintptr_t(list)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetsockopt(s int, level int, name int, val uintptr, vallen uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.getsockopt(C.int(s), C.int(level), C.int(name), C.uintptr_t(val), C.uintptr_t(vallen)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsetsockopt(s int, level int, name int, val uintptr, vallen uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.setsockopt(C.int(s), C.int(level), C.int(name), C.uintptr_t(val), C.uintptr_t(vallen)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsocket(domain int, typ int, proto int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.socket(C.int(domain), C.int(typ), C.int(proto)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsocketpair(domain int, typ int, proto int, fd uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.socketpair(C.int(domain), C.int(typ), C.int(proto), C.uintptr_t(fd)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetpeername(fd int, rsa uintptr, addrlen uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.getpeername(C.int(fd), C.uintptr_t(rsa), C.uintptr_t(addrlen)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetsockname(fd int, rsa uintptr, addrlen uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.getsockname(C.int(fd), C.uintptr_t(rsa), C.uintptr_t(addrlen)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callrecvfrom(fd int, _p0 uintptr, _lenp0 int, flags int, from uintptr, fromlen uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.recvfrom(C.int(fd), C.uintptr_t(_p0), C.size_t(_lenp0), C.int(flags), C.uintptr_t(from), C.uintptr_t(fromlen)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsendto(s int, _p0 uintptr, _lenp0 int, flags int, to uintptr, addrlen uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.sendto(C.int(s), C.uintptr_t(_p0), C.size_t(_lenp0), C.int(flags), C.uintptr_t(to), C.uintptr_t(addrlen)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callnrecvmsg(s int, msg uintptr, flags int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.nrecvmsg(C.int(s), C.uintptr_t(msg), C.int(flags)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callnsendmsg(s int, msg uintptr, flags int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.nsendmsg(C.int(s), C.uintptr_t(msg), C.int(flags)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmunmap(addr uintptr, length uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.munmap(C.uintptr_t(addr), C.uintptr_t(length)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmadvise(_p0 uintptr, _lenp0 int, advice int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.madvise(C.uintptr_t(_p0), C.size_t(_lenp0), C.int(advice)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmprotect(_p0 uintptr, _lenp0 int, prot int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.mprotect(C.uintptr_t(_p0), C.size_t(_lenp0), C.int(prot)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmlock(_p0 uintptr, _lenp0 int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.mlock(C.uintptr_t(_p0), C.size_t(_lenp0)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmlockall(flags int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.mlockall(C.int(flags)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmsync(_p0 uintptr, _lenp0 int, flags int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.msync(C.uintptr_t(_p0), C.size_t(_lenp0), C.int(flags)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmunlock(_p0 uintptr, _lenp0 int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.munlock(C.uintptr_t(_p0), C.size_t(_lenp0)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmunlockall() (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.munlockall())
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callpipe(p uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.pipe(C.uintptr_t(p)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callpoll(fds uintptr, nfds int, timeout int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.poll(C.uintptr_t(fds), C.int(nfds), C.int(timeout)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgettimeofday(tv uintptr, tzp uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.gettimeofday(C.uintptr_t(tv), C.uintptr_t(tzp)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func calltime(t uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.time(C.uintptr_t(t)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callutime(_p0 uintptr, buf uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.utime(C.uintptr_t(_p0), C.uintptr_t(buf)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetsystemcfg(label int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.getsystemcfg(C.int(label)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callumount(_p0 uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.umount(C.uintptr_t(_p0)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callgetrlimit(resource int, rlim uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.getrlimit(C.int(resource), C.uintptr_t(rlim)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callsetrlimit(resource int, rlim uintptr) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.setrlimit(C.int(resource), C.uintptr_t(rlim)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func calllseek(fd int, offset int64, whence int) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.lseek(C.int(fd), C.longlong(offset), C.int(whence)))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func callmmap64(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.mmap64(C.uintptr_t(addr), C.uintptr_t(length), C.int(prot), C.int(flags), C.int(fd), C.longlong(offset)))
+	e1 = syscall.GetErrno()
+	return
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_darwin_386.1_13.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_darwin_386.1_13.go
new file mode 100644
index 000000000..e263fbdb8
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_darwin_386.1_13.go
@@ -0,0 +1,41 @@
+// go run mksyscall.go -l32 -tags darwin,386,go1.13 syscall_darwin.1_13.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build darwin,386,go1.13
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+var _ syscall.Errno
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func closedir(dir uintptr) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_closedir_trampoline), uintptr(dir), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_closedir_trampoline()
+
+//go:linkname libc_closedir libc_closedir
+//go:cgo_import_dynamic libc_closedir closedir "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func readdir_r(dir uintptr, entry *Dirent, result **Dirent) (res Errno) {
+	r0, _, _ := syscall_syscall(funcPC(libc_readdir_r_trampoline), uintptr(dir), uintptr(unsafe.Pointer(entry)), uintptr(unsafe.Pointer(result)))
+	res = Errno(r0)
+	return
+}
+
+func libc_readdir_r_trampoline()
+
+//go:linkname libc_readdir_r libc_readdir_r
+//go:cgo_import_dynamic libc_readdir_r readdir_r "/usr/lib/libSystem.B.dylib"
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_darwin_386.1_13.s b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_darwin_386.1_13.s
new file mode 100644
index 000000000..00da1ebfc
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_darwin_386.1_13.s
@@ -0,0 +1,12 @@
+// go run mkasm_darwin.go 386
+// Code generated by the command above; DO NOT EDIT.
+
+// +build go1.13
+
+#include "textflag.h"
+TEXT ·libc_fdopendir_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fdopendir(SB)
+TEXT ·libc_closedir_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_closedir(SB)
+TEXT ·libc_readdir_r_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_readdir_r(SB)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_darwin_386.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_darwin_386.go
new file mode 100644
index 000000000..bd13b3856
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_darwin_386.go
@@ -0,0 +1,2574 @@
+// go run mksyscall.go -l32 -tags darwin,386,go1.12 syscall_bsd.go syscall_darwin.go syscall_darwin_386.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build darwin,386,go1.12
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+var _ syscall.Errno
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getgroups(ngid int, gid *_Gid_t) (n int, err error) {
+	r0, _, e1 := syscall_rawSyscall(funcPC(libc_getgroups_trampoline), uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_getgroups_trampoline()
+
+//go:linkname libc_getgroups libc_getgroups
+//go:cgo_import_dynamic libc_getgroups getgroups "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setgroups(ngid int, gid *_Gid_t) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_setgroups_trampoline), uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setgroups_trampoline()
+
+//go:linkname libc_setgroups libc_setgroups
+//go:cgo_import_dynamic libc_setgroups setgroups "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) {
+	r0, _, e1 := syscall_syscall6(funcPC(libc_wait4_trampoline), uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0)
+	wpid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_wait4_trampoline()
+
+//go:linkname libc_wait4 libc_wait4
+//go:cgo_import_dynamic libc_wait4 wait4 "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
+	r0, _, e1 := syscall_syscall(funcPC(libc_accept_trampoline), uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_accept_trampoline()
+
+//go:linkname libc_accept libc_accept
+//go:cgo_import_dynamic libc_accept accept "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_bind_trampoline), uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_bind_trampoline()
+
+//go:linkname libc_bind libc_bind
+//go:cgo_import_dynamic libc_bind bind "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_connect_trampoline), uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_connect_trampoline()
+
+//go:linkname libc_connect libc_connect
+//go:cgo_import_dynamic libc_connect connect "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socket(domain int, typ int, proto int) (fd int, err error) {
+	r0, _, e1 := syscall_rawSyscall(funcPC(libc_socket_trampoline), uintptr(domain), uintptr(typ), uintptr(proto))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_socket_trampoline()
+
+//go:linkname libc_socket libc_socket
+//go:cgo_import_dynamic libc_socket socket "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
+	_, _, e1 := syscall_syscall6(funcPC(libc_getsockopt_trampoline), uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_getsockopt_trampoline()
+
+//go:linkname libc_getsockopt libc_getsockopt
+//go:cgo_import_dynamic libc_getsockopt getsockopt "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
+	_, _, e1 := syscall_syscall6(funcPC(libc_setsockopt_trampoline), uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setsockopt_trampoline()
+
+//go:linkname libc_setsockopt libc_setsockopt
+//go:cgo_import_dynamic libc_setsockopt setsockopt "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_getpeername_trampoline), uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_getpeername_trampoline()
+
+//go:linkname libc_getpeername libc_getpeername
+//go:cgo_import_dynamic libc_getpeername getpeername "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_getsockname_trampoline), uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_getsockname_trampoline()
+
+//go:linkname libc_getsockname libc_getsockname
+//go:cgo_import_dynamic libc_getsockname getsockname "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Shutdown(s int, how int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_shutdown_trampoline), uintptr(s), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_shutdown_trampoline()
+
+//go:linkname libc_shutdown libc_shutdown
+//go:cgo_import_dynamic libc_shutdown shutdown "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
+	_, _, e1 := syscall_rawSyscall6(funcPC(libc_socketpair_trampoline), uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_socketpair_trampoline()
+
+//go:linkname libc_socketpair libc_socketpair
+//go:cgo_import_dynamic libc_socketpair socketpair "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall6(funcPC(libc_recvfrom_trampoline), uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_recvfrom_trampoline()
+
+//go:linkname libc_recvfrom libc_recvfrom
+//go:cgo_import_dynamic libc_recvfrom recvfrom "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := syscall_syscall6(funcPC(libc_sendto_trampoline), uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_sendto_trampoline()
+
+//go:linkname libc_sendto libc_sendto
+//go:cgo_import_dynamic libc_sendto sendto "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(funcPC(libc_recvmsg_trampoline), uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_recvmsg_trampoline()
+
+//go:linkname libc_recvmsg libc_recvmsg
+//go:cgo_import_dynamic libc_recvmsg recvmsg "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(funcPC(libc_sendmsg_trampoline), uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_sendmsg_trampoline()
+
+//go:linkname libc_sendmsg libc_sendmsg
+//go:cgo_import_dynamic libc_sendmsg sendmsg "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, nevent int, timeout *Timespec) (n int, err error) {
+	r0, _, e1 := syscall_syscall6(funcPC(libc_kevent_trampoline), uintptr(kq), uintptr(change), uintptr(nchange), uintptr(event), uintptr(nevent), uintptr(unsafe.Pointer(timeout)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_kevent_trampoline()
+
+//go:linkname libc_kevent libc_kevent
+//go:cgo_import_dynamic libc_kevent kevent "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimes(path string, timeval *[2]Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_utimes_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_utimes_trampoline()
+
+//go:linkname libc_utimes libc_utimes
+//go:cgo_import_dynamic libc_utimes utimes "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func futimes(fd int, timeval *[2]Timeval) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_futimes_trampoline), uintptr(fd), uintptr(unsafe.Pointer(timeval)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_futimes_trampoline()
+
+//go:linkname libc_futimes libc_futimes
+//go:cgo_import_dynamic libc_futimes futimes "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(funcPC(libc_poll_trampoline), uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_poll_trampoline()
+
+//go:linkname libc_poll libc_poll
+//go:cgo_import_dynamic libc_poll poll "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Madvise(b []byte, behav int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_madvise_trampoline), uintptr(_p0), uintptr(len(b)), uintptr(behav))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_madvise_trampoline()
+
+//go:linkname libc_madvise libc_madvise
+//go:cgo_import_dynamic libc_madvise madvise "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlock(b []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_mlock_trampoline), uintptr(_p0), uintptr(len(b)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_mlock_trampoline()
+
+//go:linkname libc_mlock libc_mlock
+//go:cgo_import_dynamic libc_mlock mlock "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlockall(flags int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_mlockall_trampoline), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_mlockall_trampoline()
+
+//go:linkname libc_mlockall libc_mlockall
+//go:cgo_import_dynamic libc_mlockall mlockall "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mprotect(b []byte, prot int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_mprotect_trampoline), uintptr(_p0), uintptr(len(b)), uintptr(prot))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_mprotect_trampoline()
+
+//go:linkname libc_mprotect libc_mprotect
+//go:cgo_import_dynamic libc_mprotect mprotect "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Msync(b []byte, flags int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_msync_trampoline), uintptr(_p0), uintptr(len(b)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_msync_trampoline()
+
+//go:linkname libc_msync libc_msync
+//go:cgo_import_dynamic libc_msync msync "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlock(b []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_munlock_trampoline), uintptr(_p0), uintptr(len(b)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_munlock_trampoline()
+
+//go:linkname libc_munlock libc_munlock
+//go:cgo_import_dynamic libc_munlock munlock "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlockall() (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_munlockall_trampoline), 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_munlockall_trampoline()
+
+//go:linkname libc_munlockall libc_munlockall
+//go:cgo_import_dynamic libc_munlockall munlockall "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pipe() (r int, w int, err error) {
+	r0, r1, e1 := syscall_rawSyscall(funcPC(libc_pipe_trampoline), 0, 0, 0)
+	r = int(r0)
+	w = int(r1)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_pipe_trampoline()
+
+//go:linkname libc_pipe libc_pipe
+//go:cgo_import_dynamic libc_pipe pipe "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getxattr(path string, attr string, dest *byte, size int, position uint32, options int) (sz int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := syscall_syscall6(funcPC(libc_getxattr_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(dest)), uintptr(size), uintptr(position), uintptr(options))
+	sz = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_getxattr_trampoline()
+
+//go:linkname libc_getxattr libc_getxattr
+//go:cgo_import_dynamic libc_getxattr getxattr "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fgetxattr(fd int, attr string, dest *byte, size int, position uint32, options int) (sz int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := syscall_syscall6(funcPC(libc_fgetxattr_trampoline), uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(dest)), uintptr(size), uintptr(position), uintptr(options))
+	sz = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fgetxattr_trampoline()
+
+//go:linkname libc_fgetxattr libc_fgetxattr
+//go:cgo_import_dynamic libc_fgetxattr fgetxattr "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setxattr(path string, attr string, data *byte, size int, position uint32, options int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(funcPC(libc_setxattr_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(data)), uintptr(size), uintptr(position), uintptr(options))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setxattr_trampoline()
+
+//go:linkname libc_setxattr libc_setxattr
+//go:cgo_import_dynamic libc_setxattr setxattr "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fsetxattr(fd int, attr string, data *byte, size int, position uint32, options int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(funcPC(libc_fsetxattr_trampoline), uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(data)), uintptr(size), uintptr(position), uintptr(options))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fsetxattr_trampoline()
+
+//go:linkname libc_fsetxattr libc_fsetxattr
+//go:cgo_import_dynamic libc_fsetxattr fsetxattr "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func removexattr(path string, attr string, options int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_removexattr_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(options))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_removexattr_trampoline()
+
+//go:linkname libc_removexattr libc_removexattr
+//go:cgo_import_dynamic libc_removexattr removexattr "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fremovexattr(fd int, attr string, options int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_fremovexattr_trampoline), uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(options))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fremovexattr_trampoline()
+
+//go:linkname libc_fremovexattr libc_fremovexattr
+//go:cgo_import_dynamic libc_fremovexattr fremovexattr "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func listxattr(path string, dest *byte, size int, options int) (sz int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := syscall_syscall6(funcPC(libc_listxattr_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(dest)), uintptr(size), uintptr(options), 0, 0)
+	sz = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_listxattr_trampoline()
+
+//go:linkname libc_listxattr libc_listxattr
+//go:cgo_import_dynamic libc_listxattr listxattr "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func flistxattr(fd int, dest *byte, size int, options int) (sz int, err error) {
+	r0, _, e1 := syscall_syscall6(funcPC(libc_flistxattr_trampoline), uintptr(fd), uintptr(unsafe.Pointer(dest)), uintptr(size), uintptr(options), 0, 0)
+	sz = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_flistxattr_trampoline()
+
+//go:linkname libc_flistxattr libc_flistxattr
+//go:cgo_import_dynamic libc_flistxattr flistxattr "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setattrlist(path *byte, list unsafe.Pointer, buf unsafe.Pointer, size uintptr, options int) (err error) {
+	_, _, e1 := syscall_syscall6(funcPC(libc_setattrlist_trampoline), uintptr(unsafe.Pointer(path)), uintptr(list), uintptr(buf), uintptr(size), uintptr(options), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setattrlist_trampoline()
+
+//go:linkname libc_setattrlist libc_setattrlist
+//go:cgo_import_dynamic libc_setattrlist setattrlist "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fcntl(fd int, cmd int, arg int) (val int, err error) {
+	r0, _, e1 := syscall_syscall(funcPC(libc_fcntl_trampoline), uintptr(fd), uintptr(cmd), uintptr(arg))
+	val = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fcntl_trampoline()
+
+//go:linkname libc_fcntl libc_fcntl
+//go:cgo_import_dynamic libc_fcntl fcntl "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func kill(pid int, signum int, posix int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_kill_trampoline), uintptr(pid), uintptr(signum), uintptr(posix))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_kill_trampoline()
+
+//go:linkname libc_kill libc_kill
+//go:cgo_import_dynamic libc_kill kill "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ioctl(fd int, req uint, arg uintptr) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_ioctl_trampoline), uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_ioctl_trampoline()
+
+//go:linkname libc_ioctl libc_ioctl
+//go:cgo_import_dynamic libc_ioctl ioctl "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
+	var _p0 unsafe.Pointer
+	if len(mib) > 0 {
+		_p0 = unsafe.Pointer(&mib[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := syscall_syscall6(funcPC(libc_sysctl_trampoline), uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_sysctl_trampoline()
+
+//go:linkname libc_sysctl libc_sysctl
+//go:cgo_import_dynamic libc_sysctl sysctl "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendfile(infd int, outfd int, offset int64, len *int64, hdtr unsafe.Pointer, flags int) (err error) {
+	_, _, e1 := syscall_syscall9(funcPC(libc_sendfile_trampoline), uintptr(infd), uintptr(outfd), uintptr(offset), uintptr(offset>>32), uintptr(unsafe.Pointer(len)), uintptr(hdtr), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_sendfile_trampoline()
+
+//go:linkname libc_sendfile libc_sendfile
+//go:cgo_import_dynamic libc_sendfile sendfile "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Access(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_access_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_access_trampoline()
+
+//go:linkname libc_access libc_access
+//go:cgo_import_dynamic libc_access access "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Adjtime(delta *Timeval, olddelta *Timeval) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_adjtime_trampoline), uintptr(unsafe.Pointer(delta)), uintptr(unsafe.Pointer(olddelta)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_adjtime_trampoline()
+
+//go:linkname libc_adjtime libc_adjtime
+//go:cgo_import_dynamic libc_adjtime adjtime "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chdir(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_chdir_trampoline), uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_chdir_trampoline()
+
+//go:linkname libc_chdir libc_chdir
+//go:cgo_import_dynamic libc_chdir chdir "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chflags(path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_chflags_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_chflags_trampoline()
+
+//go:linkname libc_chflags libc_chflags
+//go:cgo_import_dynamic libc_chflags chflags "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chmod(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_chmod_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_chmod_trampoline()
+
+//go:linkname libc_chmod libc_chmod
+//go:cgo_import_dynamic libc_chmod chmod "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_chown_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_chown_trampoline()
+
+//go:linkname libc_chown libc_chown
+//go:cgo_import_dynamic libc_chown chown "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chroot(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_chroot_trampoline), uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_chroot_trampoline()
+
+//go:linkname libc_chroot libc_chroot
+//go:cgo_import_dynamic libc_chroot chroot "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ClockGettime(clockid int32, time *Timespec) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_clock_gettime_trampoline), uintptr(clockid), uintptr(unsafe.Pointer(time)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_clock_gettime_trampoline()
+
+//go:linkname libc_clock_gettime libc_clock_gettime
+//go:cgo_import_dynamic libc_clock_gettime clock_gettime "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Close(fd int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_close_trampoline), uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_close_trampoline()
+
+//go:linkname libc_close libc_close
+//go:cgo_import_dynamic libc_close close "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Clonefile(src string, dst string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(src)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(dst)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_clonefile_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_clonefile_trampoline()
+
+//go:linkname libc_clonefile libc_clonefile
+//go:cgo_import_dynamic libc_clonefile clonefile "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Clonefileat(srcDirfd int, src string, dstDirfd int, dst string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(src)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(dst)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(funcPC(libc_clonefileat_trampoline), uintptr(srcDirfd), uintptr(unsafe.Pointer(_p0)), uintptr(dstDirfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_clonefileat_trampoline()
+
+//go:linkname libc_clonefileat libc_clonefileat
+//go:cgo_import_dynamic libc_clonefileat clonefileat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup(fd int) (nfd int, err error) {
+	r0, _, e1 := syscall_syscall(funcPC(libc_dup_trampoline), uintptr(fd), 0, 0)
+	nfd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_dup_trampoline()
+
+//go:linkname libc_dup libc_dup
+//go:cgo_import_dynamic libc_dup dup "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup2(from int, to int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_dup2_trampoline), uintptr(from), uintptr(to), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_dup2_trampoline()
+
+//go:linkname libc_dup2 libc_dup2
+//go:cgo_import_dynamic libc_dup2 dup2 "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Exchangedata(path1 string, path2 string, options int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path1)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(path2)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_exchangedata_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(options))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_exchangedata_trampoline()
+
+//go:linkname libc_exchangedata libc_exchangedata
+//go:cgo_import_dynamic libc_exchangedata exchangedata "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Exit(code int) {
+	syscall_syscall(funcPC(libc_exit_trampoline), uintptr(code), 0, 0)
+	return
+}
+
+func libc_exit_trampoline()
+
+//go:linkname libc_exit libc_exit
+//go:cgo_import_dynamic libc_exit exit "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(funcPC(libc_faccessat_trampoline), uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_faccessat_trampoline()
+
+//go:linkname libc_faccessat libc_faccessat
+//go:cgo_import_dynamic libc_faccessat faccessat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchdir(fd int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_fchdir_trampoline), uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fchdir_trampoline()
+
+//go:linkname libc_fchdir libc_fchdir
+//go:cgo_import_dynamic libc_fchdir fchdir "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchflags(fd int, flags int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_fchflags_trampoline), uintptr(fd), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fchflags_trampoline()
+
+//go:linkname libc_fchflags libc_fchflags
+//go:cgo_import_dynamic libc_fchflags fchflags "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmod(fd int, mode uint32) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_fchmod_trampoline), uintptr(fd), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fchmod_trampoline()
+
+//go:linkname libc_fchmod libc_fchmod
+//go:cgo_import_dynamic libc_fchmod fchmod "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(funcPC(libc_fchmodat_trampoline), uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fchmodat_trampoline()
+
+//go:linkname libc_fchmodat libc_fchmodat
+//go:cgo_import_dynamic libc_fchmodat fchmodat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchown(fd int, uid int, gid int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_fchown_trampoline), uintptr(fd), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fchown_trampoline()
+
+//go:linkname libc_fchown libc_fchown
+//go:cgo_import_dynamic libc_fchown fchown "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(funcPC(libc_fchownat_trampoline), uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fchownat_trampoline()
+
+//go:linkname libc_fchownat libc_fchownat
+//go:cgo_import_dynamic libc_fchownat fchownat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fclonefileat(srcDirfd int, dstDirfd int, dst string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(dst)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(funcPC(libc_fclonefileat_trampoline), uintptr(srcDirfd), uintptr(dstDirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fclonefileat_trampoline()
+
+//go:linkname libc_fclonefileat libc_fclonefileat
+//go:cgo_import_dynamic libc_fclonefileat fclonefileat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Flock(fd int, how int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_flock_trampoline), uintptr(fd), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_flock_trampoline()
+
+//go:linkname libc_flock libc_flock
+//go:cgo_import_dynamic libc_flock flock "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fpathconf(fd int, name int) (val int, err error) {
+	r0, _, e1 := syscall_syscall(funcPC(libc_fpathconf_trampoline), uintptr(fd), uintptr(name), 0)
+	val = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fpathconf_trampoline()
+
+//go:linkname libc_fpathconf libc_fpathconf
+//go:cgo_import_dynamic libc_fpathconf fpathconf "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fsync(fd int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_fsync_trampoline), uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fsync_trampoline()
+
+//go:linkname libc_fsync libc_fsync
+//go:cgo_import_dynamic libc_fsync fsync "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ftruncate(fd int, length int64) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_ftruncate_trampoline), uintptr(fd), uintptr(length), uintptr(length>>32))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_ftruncate_trampoline()
+
+//go:linkname libc_ftruncate libc_ftruncate
+//go:cgo_import_dynamic libc_ftruncate ftruncate "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getcwd(buf []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall(funcPC(libc_getcwd_trampoline), uintptr(_p0), uintptr(len(buf)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_getcwd_trampoline()
+
+//go:linkname libc_getcwd libc_getcwd
+//go:cgo_import_dynamic libc_getcwd getcwd "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getdtablesize() (size int) {
+	r0, _, _ := syscall_syscall(funcPC(libc_getdtablesize_trampoline), 0, 0, 0)
+	size = int(r0)
+	return
+}
+
+func libc_getdtablesize_trampoline()
+
+//go:linkname libc_getdtablesize libc_getdtablesize
+//go:cgo_import_dynamic libc_getdtablesize getdtablesize "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getegid() (egid int) {
+	r0, _, _ := syscall_rawSyscall(funcPC(libc_getegid_trampoline), 0, 0, 0)
+	egid = int(r0)
+	return
+}
+
+func libc_getegid_trampoline()
+
+//go:linkname libc_getegid libc_getegid
+//go:cgo_import_dynamic libc_getegid getegid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Geteuid() (uid int) {
+	r0, _, _ := syscall_rawSyscall(funcPC(libc_geteuid_trampoline), 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+func libc_geteuid_trampoline()
+
+//go:linkname libc_geteuid libc_geteuid
+//go:cgo_import_dynamic libc_geteuid geteuid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getgid() (gid int) {
+	r0, _, _ := syscall_rawSyscall(funcPC(libc_getgid_trampoline), 0, 0, 0)
+	gid = int(r0)
+	return
+}
+
+func libc_getgid_trampoline()
+
+//go:linkname libc_getgid libc_getgid
+//go:cgo_import_dynamic libc_getgid getgid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgid(pid int) (pgid int, err error) {
+	r0, _, e1 := syscall_rawSyscall(funcPC(libc_getpgid_trampoline), uintptr(pid), 0, 0)
+	pgid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_getpgid_trampoline()
+
+//go:linkname libc_getpgid libc_getpgid
+//go:cgo_import_dynamic libc_getpgid getpgid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgrp() (pgrp int) {
+	r0, _, _ := syscall_rawSyscall(funcPC(libc_getpgrp_trampoline), 0, 0, 0)
+	pgrp = int(r0)
+	return
+}
+
+func libc_getpgrp_trampoline()
+
+//go:linkname libc_getpgrp libc_getpgrp
+//go:cgo_import_dynamic libc_getpgrp getpgrp "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpid() (pid int) {
+	r0, _, _ := syscall_rawSyscall(funcPC(libc_getpid_trampoline), 0, 0, 0)
+	pid = int(r0)
+	return
+}
+
+func libc_getpid_trampoline()
+
+//go:linkname libc_getpid libc_getpid
+//go:cgo_import_dynamic libc_getpid getpid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getppid() (ppid int) {
+	r0, _, _ := syscall_rawSyscall(funcPC(libc_getppid_trampoline), 0, 0, 0)
+	ppid = int(r0)
+	return
+}
+
+func libc_getppid_trampoline()
+
+//go:linkname libc_getppid libc_getppid
+//go:cgo_import_dynamic libc_getppid getppid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpriority(which int, who int) (prio int, err error) {
+	r0, _, e1 := syscall_syscall(funcPC(libc_getpriority_trampoline), uintptr(which), uintptr(who), 0)
+	prio = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_getpriority_trampoline()
+
+//go:linkname libc_getpriority libc_getpriority
+//go:cgo_import_dynamic libc_getpriority getpriority "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrlimit(which int, lim *Rlimit) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_getrlimit_trampoline), uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_getrlimit_trampoline()
+
+//go:linkname libc_getrlimit libc_getrlimit
+//go:cgo_import_dynamic libc_getrlimit getrlimit "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrusage(who int, rusage *Rusage) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_getrusage_trampoline), uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_getrusage_trampoline()
+
+//go:linkname libc_getrusage libc_getrusage
+//go:cgo_import_dynamic libc_getrusage getrusage "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getsid(pid int) (sid int, err error) {
+	r0, _, e1 := syscall_rawSyscall(funcPC(libc_getsid_trampoline), uintptr(pid), 0, 0)
+	sid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_getsid_trampoline()
+
+//go:linkname libc_getsid libc_getsid
+//go:cgo_import_dynamic libc_getsid getsid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Gettimeofday(tp *Timeval) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_gettimeofday_trampoline), uintptr(unsafe.Pointer(tp)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_gettimeofday_trampoline()
+
+//go:linkname libc_gettimeofday libc_gettimeofday
+//go:cgo_import_dynamic libc_gettimeofday gettimeofday "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getuid() (uid int) {
+	r0, _, _ := syscall_rawSyscall(funcPC(libc_getuid_trampoline), 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+func libc_getuid_trampoline()
+
+//go:linkname libc_getuid libc_getuid
+//go:cgo_import_dynamic libc_getuid getuid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Issetugid() (tainted bool) {
+	r0, _, _ := syscall_rawSyscall(funcPC(libc_issetugid_trampoline), 0, 0, 0)
+	tainted = bool(r0 != 0)
+	return
+}
+
+func libc_issetugid_trampoline()
+
+//go:linkname libc_issetugid libc_issetugid
+//go:cgo_import_dynamic libc_issetugid issetugid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Kqueue() (fd int, err error) {
+	r0, _, e1 := syscall_syscall(funcPC(libc_kqueue_trampoline), 0, 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_kqueue_trampoline()
+
+//go:linkname libc_kqueue libc_kqueue
+//go:cgo_import_dynamic libc_kqueue kqueue "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lchown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_lchown_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_lchown_trampoline()
+
+//go:linkname libc_lchown libc_lchown
+//go:cgo_import_dynamic libc_lchown lchown "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Link(path string, link string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_link_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_link_trampoline()
+
+//go:linkname libc_link libc_link
+//go:cgo_import_dynamic libc_link link "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(funcPC(libc_linkat_trampoline), uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_linkat_trampoline()
+
+//go:linkname libc_linkat libc_linkat
+//go:cgo_import_dynamic libc_linkat linkat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Listen(s int, backlog int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_listen_trampoline), uintptr(s), uintptr(backlog), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_listen_trampoline()
+
+//go:linkname libc_listen libc_listen
+//go:cgo_import_dynamic libc_listen listen "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdir(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_mkdir_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_mkdir_trampoline()
+
+//go:linkname libc_mkdir libc_mkdir
+//go:cgo_import_dynamic libc_mkdir mkdir "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdirat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_mkdirat_trampoline), uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_mkdirat_trampoline()
+
+//go:linkname libc_mkdirat libc_mkdirat
+//go:cgo_import_dynamic libc_mkdirat mkdirat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkfifo(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_mkfifo_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_mkfifo_trampoline()
+
+//go:linkname libc_mkfifo libc_mkfifo
+//go:cgo_import_dynamic libc_mkfifo mkfifo "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mknod(path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_mknod_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_mknod_trampoline()
+
+//go:linkname libc_mknod libc_mknod
+//go:cgo_import_dynamic libc_mknod mknod "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Open(path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := syscall_syscall(funcPC(libc_open_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_open_trampoline()
+
+//go:linkname libc_open libc_open
+//go:cgo_import_dynamic libc_open open "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := syscall_syscall6(funcPC(libc_openat_trampoline), uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_openat_trampoline()
+
+//go:linkname libc_openat libc_openat
+//go:cgo_import_dynamic libc_openat openat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pathconf(path string, name int) (val int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := syscall_syscall(funcPC(libc_pathconf_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(name), 0)
+	val = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_pathconf_trampoline()
+
+//go:linkname libc_pathconf libc_pathconf
+//go:cgo_import_dynamic libc_pathconf pathconf "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pread(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall6(funcPC(libc_pread_trampoline), uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), uintptr(offset>>32), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_pread_trampoline()
+
+//go:linkname libc_pread libc_pread
+//go:cgo_import_dynamic libc_pread pread "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall6(funcPC(libc_pwrite_trampoline), uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), uintptr(offset>>32), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_pwrite_trampoline()
+
+//go:linkname libc_pwrite libc_pwrite
+//go:cgo_import_dynamic libc_pwrite pwrite "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func read(fd int, p []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall(funcPC(libc_read_trampoline), uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_read_trampoline()
+
+//go:linkname libc_read libc_read
+//go:cgo_import_dynamic libc_read read "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Readlink(path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall(funcPC(libc_readlink_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_readlink_trampoline()
+
+//go:linkname libc_readlink libc_readlink
+//go:cgo_import_dynamic libc_readlink readlink "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall6(funcPC(libc_readlinkat_trampoline), uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_readlinkat_trampoline()
+
+//go:linkname libc_readlinkat libc_readlinkat
+//go:cgo_import_dynamic libc_readlinkat readlinkat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Rename(from string, to string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_rename_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_rename_trampoline()
+
+//go:linkname libc_rename libc_rename
+//go:cgo_import_dynamic libc_rename rename "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Renameat(fromfd int, from string, tofd int, to string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(funcPC(libc_renameat_trampoline), uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_renameat_trampoline()
+
+//go:linkname libc_renameat libc_renameat
+//go:cgo_import_dynamic libc_renameat renameat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Revoke(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_revoke_trampoline), uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_revoke_trampoline()
+
+//go:linkname libc_revoke libc_revoke
+//go:cgo_import_dynamic libc_revoke revoke "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Rmdir(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_rmdir_trampoline), uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_rmdir_trampoline()
+
+//go:linkname libc_rmdir libc_rmdir
+//go:cgo_import_dynamic libc_rmdir rmdir "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
+	r0, r1, e1 := syscall_syscall6(funcPC(libc_lseek_trampoline), uintptr(fd), uintptr(offset), uintptr(offset>>32), uintptr(whence), 0, 0)
+	newoffset = int64(int64(r1)<<32 | int64(r0))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_lseek_trampoline()
+
+//go:linkname libc_lseek libc_lseek
+//go:cgo_import_dynamic libc_lseek lseek "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, _, e1 := syscall_syscall6(funcPC(libc_select_trampoline), uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_select_trampoline()
+
+//go:linkname libc_select libc_select
+//go:cgo_import_dynamic libc_select select "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setegid(egid int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_setegid_trampoline), uintptr(egid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setegid_trampoline()
+
+//go:linkname libc_setegid libc_setegid
+//go:cgo_import_dynamic libc_setegid setegid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seteuid(euid int) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_seteuid_trampoline), uintptr(euid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_seteuid_trampoline()
+
+//go:linkname libc_seteuid libc_seteuid
+//go:cgo_import_dynamic libc_seteuid seteuid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setgid(gid int) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_setgid_trampoline), uintptr(gid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setgid_trampoline()
+
+//go:linkname libc_setgid libc_setgid
+//go:cgo_import_dynamic libc_setgid setgid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setlogin(name string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(name)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_setlogin_trampoline), uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setlogin_trampoline()
+
+//go:linkname libc_setlogin libc_setlogin
+//go:cgo_import_dynamic libc_setlogin setlogin "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpgid(pid int, pgid int) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_setpgid_trampoline), uintptr(pid), uintptr(pgid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setpgid_trampoline()
+
+//go:linkname libc_setpgid libc_setpgid
+//go:cgo_import_dynamic libc_setpgid setpgid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpriority(which int, who int, prio int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_setpriority_trampoline), uintptr(which), uintptr(who), uintptr(prio))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setpriority_trampoline()
+
+//go:linkname libc_setpriority libc_setpriority
+//go:cgo_import_dynamic libc_setpriority setpriority "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setprivexec(flag int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_setprivexec_trampoline), uintptr(flag), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setprivexec_trampoline()
+
+//go:linkname libc_setprivexec libc_setprivexec
+//go:cgo_import_dynamic libc_setprivexec setprivexec "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setregid(rgid int, egid int) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_setregid_trampoline), uintptr(rgid), uintptr(egid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setregid_trampoline()
+
+//go:linkname libc_setregid libc_setregid
+//go:cgo_import_dynamic libc_setregid setregid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setreuid(ruid int, euid int) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_setreuid_trampoline), uintptr(ruid), uintptr(euid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setreuid_trampoline()
+
+//go:linkname libc_setreuid libc_setreuid
+//go:cgo_import_dynamic libc_setreuid setreuid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setrlimit(which int, lim *Rlimit) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_setrlimit_trampoline), uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setrlimit_trampoline()
+
+//go:linkname libc_setrlimit libc_setrlimit
+//go:cgo_import_dynamic libc_setrlimit setrlimit "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setsid() (pid int, err error) {
+	r0, _, e1 := syscall_rawSyscall(funcPC(libc_setsid_trampoline), 0, 0, 0)
+	pid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setsid_trampoline()
+
+//go:linkname libc_setsid libc_setsid
+//go:cgo_import_dynamic libc_setsid setsid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Settimeofday(tp *Timeval) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_settimeofday_trampoline), uintptr(unsafe.Pointer(tp)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_settimeofday_trampoline()
+
+//go:linkname libc_settimeofday libc_settimeofday
+//go:cgo_import_dynamic libc_settimeofday settimeofday "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setuid(uid int) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_setuid_trampoline), uintptr(uid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setuid_trampoline()
+
+//go:linkname libc_setuid libc_setuid
+//go:cgo_import_dynamic libc_setuid setuid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Symlink(path string, link string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_symlink_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_symlink_trampoline()
+
+//go:linkname libc_symlink libc_symlink
+//go:cgo_import_dynamic libc_symlink symlink "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_symlinkat_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_symlinkat_trampoline()
+
+//go:linkname libc_symlinkat libc_symlinkat
+//go:cgo_import_dynamic libc_symlinkat symlinkat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Sync() (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_sync_trampoline), 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_sync_trampoline()
+
+//go:linkname libc_sync libc_sync
+//go:cgo_import_dynamic libc_sync sync "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Truncate(path string, length int64) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_truncate_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(length), uintptr(length>>32))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_truncate_trampoline()
+
+//go:linkname libc_truncate libc_truncate
+//go:cgo_import_dynamic libc_truncate truncate "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Umask(newmask int) (oldmask int) {
+	r0, _, _ := syscall_syscall(funcPC(libc_umask_trampoline), uintptr(newmask), 0, 0)
+	oldmask = int(r0)
+	return
+}
+
+func libc_umask_trampoline()
+
+//go:linkname libc_umask libc_umask
+//go:cgo_import_dynamic libc_umask umask "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Undelete(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_undelete_trampoline), uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_undelete_trampoline()
+
+//go:linkname libc_undelete libc_undelete
+//go:cgo_import_dynamic libc_undelete undelete "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlink(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_unlink_trampoline), uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_unlink_trampoline()
+
+//go:linkname libc_unlink libc_unlink
+//go:cgo_import_dynamic libc_unlink unlink "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlinkat(dirfd int, path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_unlinkat_trampoline), uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_unlinkat_trampoline()
+
+//go:linkname libc_unlinkat libc_unlinkat
+//go:cgo_import_dynamic libc_unlinkat unlinkat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unmount(path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_unmount_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_unmount_trampoline()
+
+//go:linkname libc_unmount libc_unmount
+//go:cgo_import_dynamic libc_unmount unmount "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func write(fd int, p []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall(funcPC(libc_write_trampoline), uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_write_trampoline()
+
+//go:linkname libc_write libc_write
+//go:cgo_import_dynamic libc_write write "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) {
+	r0, _, e1 := syscall_syscall9(funcPC(libc_mmap_trampoline), uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), uintptr(pos), uintptr(pos>>32), 0, 0)
+	ret = uintptr(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_mmap_trampoline()
+
+//go:linkname libc_mmap libc_mmap
+//go:cgo_import_dynamic libc_mmap mmap "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func munmap(addr uintptr, length uintptr) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_munmap_trampoline), uintptr(addr), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_munmap_trampoline()
+
+//go:linkname libc_munmap libc_munmap
+//go:cgo_import_dynamic libc_munmap munmap "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func readlen(fd int, buf *byte, nbuf int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(funcPC(libc_read_trampoline), uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func writelen(fd int, buf *byte, nbuf int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(funcPC(libc_write_trampoline), uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ptrace(request int, pid int, addr uintptr, data uintptr) (err error) {
+	_, _, e1 := syscall_syscall6(funcPC(libc_ptrace_trampoline), uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_ptrace_trampoline()
+
+//go:linkname libc_ptrace libc_ptrace
+//go:cgo_import_dynamic libc_ptrace ptrace "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstat(fd int, stat *Stat_t) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_fstat64_trampoline), uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fstat64_trampoline()
+
+//go:linkname libc_fstat64 libc_fstat64
+//go:cgo_import_dynamic libc_fstat64 fstat64 "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(funcPC(libc_fstatat64_trampoline), uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fstatat64_trampoline()
+
+//go:linkname libc_fstatat64 libc_fstatat64
+//go:cgo_import_dynamic libc_fstatat64 fstatat64 "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatfs(fd int, stat *Statfs_t) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_fstatfs64_trampoline), uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fstatfs64_trampoline()
+
+//go:linkname libc_fstatfs64 libc_fstatfs64
+//go:cgo_import_dynamic libc_fstatfs64 fstatfs64 "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getfsstat(buf unsafe.Pointer, size uintptr, flags int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(funcPC(libc_getfsstat64_trampoline), uintptr(buf), uintptr(size), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_getfsstat64_trampoline()
+
+//go:linkname libc_getfsstat64 libc_getfsstat64
+//go:cgo_import_dynamic libc_getfsstat64 getfsstat64 "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lstat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_lstat64_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_lstat64_trampoline()
+
+//go:linkname libc_lstat64 libc_lstat64
+//go:cgo_import_dynamic libc_lstat64 lstat64 "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Stat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_stat64_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_stat64_trampoline()
+
+//go:linkname libc_stat64 libc_stat64
+//go:cgo_import_dynamic libc_stat64 stat64 "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Statfs(path string, stat *Statfs_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_statfs64_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_statfs64_trampoline()
+
+//go:linkname libc_statfs64 libc_statfs64
+//go:cgo_import_dynamic libc_statfs64 statfs64 "/usr/lib/libSystem.B.dylib"
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_darwin_386.s b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_darwin_386.s
new file mode 100644
index 000000000..d5fb53fd1
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_darwin_386.s
@@ -0,0 +1,290 @@
+// go run mkasm_darwin.go 386
+// Code generated by the command above; DO NOT EDIT.
+
+// +build go1.12
+
+#include "textflag.h"
+TEXT ·libc_getgroups_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getgroups(SB)
+TEXT ·libc_setgroups_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setgroups(SB)
+TEXT ·libc_wait4_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_wait4(SB)
+TEXT ·libc_accept_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_accept(SB)
+TEXT ·libc_bind_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_bind(SB)
+TEXT ·libc_connect_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_connect(SB)
+TEXT ·libc_socket_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_socket(SB)
+TEXT ·libc_getsockopt_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getsockopt(SB)
+TEXT ·libc_setsockopt_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setsockopt(SB)
+TEXT ·libc_getpeername_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getpeername(SB)
+TEXT ·libc_getsockname_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getsockname(SB)
+TEXT ·libc_shutdown_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_shutdown(SB)
+TEXT ·libc_socketpair_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_socketpair(SB)
+TEXT ·libc_recvfrom_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_recvfrom(SB)
+TEXT ·libc_sendto_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_sendto(SB)
+TEXT ·libc_recvmsg_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_recvmsg(SB)
+TEXT ·libc_sendmsg_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_sendmsg(SB)
+TEXT ·libc_kevent_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_kevent(SB)
+TEXT ·libc_utimes_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_utimes(SB)
+TEXT ·libc_futimes_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_futimes(SB)
+TEXT ·libc_poll_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_poll(SB)
+TEXT ·libc_madvise_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_madvise(SB)
+TEXT ·libc_mlock_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_mlock(SB)
+TEXT ·libc_mlockall_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_mlockall(SB)
+TEXT ·libc_mprotect_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_mprotect(SB)
+TEXT ·libc_msync_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_msync(SB)
+TEXT ·libc_munlock_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_munlock(SB)
+TEXT ·libc_munlockall_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_munlockall(SB)
+TEXT ·libc_pipe_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_pipe(SB)
+TEXT ·libc_getxattr_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getxattr(SB)
+TEXT ·libc_fgetxattr_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fgetxattr(SB)
+TEXT ·libc_setxattr_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setxattr(SB)
+TEXT ·libc_fsetxattr_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fsetxattr(SB)
+TEXT ·libc_removexattr_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_removexattr(SB)
+TEXT ·libc_fremovexattr_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fremovexattr(SB)
+TEXT ·libc_listxattr_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_listxattr(SB)
+TEXT ·libc_flistxattr_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_flistxattr(SB)
+TEXT ·libc_setattrlist_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setattrlist(SB)
+TEXT ·libc_fcntl_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fcntl(SB)
+TEXT ·libc_kill_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_kill(SB)
+TEXT ·libc_ioctl_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_ioctl(SB)
+TEXT ·libc_sysctl_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_sysctl(SB)
+TEXT ·libc_sendfile_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_sendfile(SB)
+TEXT ·libc_access_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_access(SB)
+TEXT ·libc_adjtime_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_adjtime(SB)
+TEXT ·libc_chdir_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_chdir(SB)
+TEXT ·libc_chflags_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_chflags(SB)
+TEXT ·libc_chmod_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_chmod(SB)
+TEXT ·libc_chown_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_chown(SB)
+TEXT ·libc_chroot_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_chroot(SB)
+TEXT ·libc_clock_gettime_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_clock_gettime(SB)
+TEXT ·libc_close_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_close(SB)
+TEXT ·libc_clonefile_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_clonefile(SB)
+TEXT ·libc_clonefileat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_clonefileat(SB)
+TEXT ·libc_dup_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_dup(SB)
+TEXT ·libc_dup2_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_dup2(SB)
+TEXT ·libc_exchangedata_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_exchangedata(SB)
+TEXT ·libc_exit_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_exit(SB)
+TEXT ·libc_faccessat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_faccessat(SB)
+TEXT ·libc_fchdir_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fchdir(SB)
+TEXT ·libc_fchflags_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fchflags(SB)
+TEXT ·libc_fchmod_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fchmod(SB)
+TEXT ·libc_fchmodat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fchmodat(SB)
+TEXT ·libc_fchown_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fchown(SB)
+TEXT ·libc_fchownat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fchownat(SB)
+TEXT ·libc_fclonefileat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fclonefileat(SB)
+TEXT ·libc_flock_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_flock(SB)
+TEXT ·libc_fpathconf_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fpathconf(SB)
+TEXT ·libc_fsync_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fsync(SB)
+TEXT ·libc_ftruncate_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_ftruncate(SB)
+TEXT ·libc_getcwd_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getcwd(SB)
+TEXT ·libc_getdtablesize_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getdtablesize(SB)
+TEXT ·libc_getegid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getegid(SB)
+TEXT ·libc_geteuid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_geteuid(SB)
+TEXT ·libc_getgid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getgid(SB)
+TEXT ·libc_getpgid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getpgid(SB)
+TEXT ·libc_getpgrp_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getpgrp(SB)
+TEXT ·libc_getpid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getpid(SB)
+TEXT ·libc_getppid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getppid(SB)
+TEXT ·libc_getpriority_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getpriority(SB)
+TEXT ·libc_getrlimit_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getrlimit(SB)
+TEXT ·libc_getrusage_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getrusage(SB)
+TEXT ·libc_getsid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getsid(SB)
+TEXT ·libc_gettimeofday_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_gettimeofday(SB)
+TEXT ·libc_getuid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getuid(SB)
+TEXT ·libc_issetugid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_issetugid(SB)
+TEXT ·libc_kqueue_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_kqueue(SB)
+TEXT ·libc_lchown_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_lchown(SB)
+TEXT ·libc_link_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_link(SB)
+TEXT ·libc_linkat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_linkat(SB)
+TEXT ·libc_listen_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_listen(SB)
+TEXT ·libc_mkdir_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_mkdir(SB)
+TEXT ·libc_mkdirat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_mkdirat(SB)
+TEXT ·libc_mkfifo_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_mkfifo(SB)
+TEXT ·libc_mknod_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_mknod(SB)
+TEXT ·libc_open_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_open(SB)
+TEXT ·libc_openat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_openat(SB)
+TEXT ·libc_pathconf_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_pathconf(SB)
+TEXT ·libc_pread_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_pread(SB)
+TEXT ·libc_pwrite_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_pwrite(SB)
+TEXT ·libc_read_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_read(SB)
+TEXT ·libc_readlink_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_readlink(SB)
+TEXT ·libc_readlinkat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_readlinkat(SB)
+TEXT ·libc_rename_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_rename(SB)
+TEXT ·libc_renameat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_renameat(SB)
+TEXT ·libc_revoke_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_revoke(SB)
+TEXT ·libc_rmdir_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_rmdir(SB)
+TEXT ·libc_lseek_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_lseek(SB)
+TEXT ·libc_select_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_select(SB)
+TEXT ·libc_setegid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setegid(SB)
+TEXT ·libc_seteuid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_seteuid(SB)
+TEXT ·libc_setgid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setgid(SB)
+TEXT ·libc_setlogin_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setlogin(SB)
+TEXT ·libc_setpgid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setpgid(SB)
+TEXT ·libc_setpriority_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setpriority(SB)
+TEXT ·libc_setprivexec_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setprivexec(SB)
+TEXT ·libc_setregid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setregid(SB)
+TEXT ·libc_setreuid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setreuid(SB)
+TEXT ·libc_setrlimit_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setrlimit(SB)
+TEXT ·libc_setsid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setsid(SB)
+TEXT ·libc_settimeofday_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_settimeofday(SB)
+TEXT ·libc_setuid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setuid(SB)
+TEXT ·libc_symlink_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_symlink(SB)
+TEXT ·libc_symlinkat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_symlinkat(SB)
+TEXT ·libc_sync_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_sync(SB)
+TEXT ·libc_truncate_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_truncate(SB)
+TEXT ·libc_umask_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_umask(SB)
+TEXT ·libc_undelete_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_undelete(SB)
+TEXT ·libc_unlink_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_unlink(SB)
+TEXT ·libc_unlinkat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_unlinkat(SB)
+TEXT ·libc_unmount_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_unmount(SB)
+TEXT ·libc_write_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_write(SB)
+TEXT ·libc_mmap_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_mmap(SB)
+TEXT ·libc_munmap_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_munmap(SB)
+TEXT ·libc_ptrace_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_ptrace(SB)
+TEXT ·libc_fstat64_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fstat64(SB)
+TEXT ·libc_fstatat64_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fstatat64(SB)
+TEXT ·libc_fstatfs64_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fstatfs64(SB)
+TEXT ·libc_getfsstat64_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getfsstat64(SB)
+TEXT ·libc_lstat64_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_lstat64(SB)
+TEXT ·libc_stat64_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_stat64(SB)
+TEXT ·libc_statfs64_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_statfs64(SB)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.1_13.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.1_13.go
new file mode 100644
index 000000000..314042a9d
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.1_13.go
@@ -0,0 +1,41 @@
+// go run mksyscall.go -tags darwin,amd64,go1.13 syscall_darwin.1_13.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build darwin,amd64,go1.13
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+var _ syscall.Errno
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func closedir(dir uintptr) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_closedir_trampoline), uintptr(dir), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_closedir_trampoline()
+
+//go:linkname libc_closedir libc_closedir
+//go:cgo_import_dynamic libc_closedir closedir "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func readdir_r(dir uintptr, entry *Dirent, result **Dirent) (res Errno) {
+	r0, _, _ := syscall_syscall(funcPC(libc_readdir_r_trampoline), uintptr(dir), uintptr(unsafe.Pointer(entry)), uintptr(unsafe.Pointer(result)))
+	res = Errno(r0)
+	return
+}
+
+func libc_readdir_r_trampoline()
+
+//go:linkname libc_readdir_r libc_readdir_r
+//go:cgo_import_dynamic libc_readdir_r readdir_r "/usr/lib/libSystem.B.dylib"
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.1_13.s b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.1_13.s
new file mode 100644
index 000000000..d671e8311
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.1_13.s
@@ -0,0 +1,12 @@
+// go run mkasm_darwin.go amd64
+// Code generated by the command above; DO NOT EDIT.
+
+// +build go1.13
+
+#include "textflag.h"
+TEXT ·libc_fdopendir_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fdopendir(SB)
+TEXT ·libc_closedir_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_closedir(SB)
+TEXT ·libc_readdir_r_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_readdir_r(SB)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go
new file mode 100644
index 000000000..d81696f9e
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go
@@ -0,0 +1,2574 @@
+// go run mksyscall.go -tags darwin,amd64,go1.12 syscall_bsd.go syscall_darwin.go syscall_darwin_amd64.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build darwin,amd64,go1.12
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+var _ syscall.Errno
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getgroups(ngid int, gid *_Gid_t) (n int, err error) {
+	r0, _, e1 := syscall_rawSyscall(funcPC(libc_getgroups_trampoline), uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_getgroups_trampoline()
+
+//go:linkname libc_getgroups libc_getgroups
+//go:cgo_import_dynamic libc_getgroups getgroups "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setgroups(ngid int, gid *_Gid_t) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_setgroups_trampoline), uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setgroups_trampoline()
+
+//go:linkname libc_setgroups libc_setgroups
+//go:cgo_import_dynamic libc_setgroups setgroups "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) {
+	r0, _, e1 := syscall_syscall6(funcPC(libc_wait4_trampoline), uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0)
+	wpid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_wait4_trampoline()
+
+//go:linkname libc_wait4 libc_wait4
+//go:cgo_import_dynamic libc_wait4 wait4 "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
+	r0, _, e1 := syscall_syscall(funcPC(libc_accept_trampoline), uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_accept_trampoline()
+
+//go:linkname libc_accept libc_accept
+//go:cgo_import_dynamic libc_accept accept "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_bind_trampoline), uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_bind_trampoline()
+
+//go:linkname libc_bind libc_bind
+//go:cgo_import_dynamic libc_bind bind "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_connect_trampoline), uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_connect_trampoline()
+
+//go:linkname libc_connect libc_connect
+//go:cgo_import_dynamic libc_connect connect "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socket(domain int, typ int, proto int) (fd int, err error) {
+	r0, _, e1 := syscall_rawSyscall(funcPC(libc_socket_trampoline), uintptr(domain), uintptr(typ), uintptr(proto))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_socket_trampoline()
+
+//go:linkname libc_socket libc_socket
+//go:cgo_import_dynamic libc_socket socket "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
+	_, _, e1 := syscall_syscall6(funcPC(libc_getsockopt_trampoline), uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_getsockopt_trampoline()
+
+//go:linkname libc_getsockopt libc_getsockopt
+//go:cgo_import_dynamic libc_getsockopt getsockopt "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
+	_, _, e1 := syscall_syscall6(funcPC(libc_setsockopt_trampoline), uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setsockopt_trampoline()
+
+//go:linkname libc_setsockopt libc_setsockopt
+//go:cgo_import_dynamic libc_setsockopt setsockopt "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_getpeername_trampoline), uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_getpeername_trampoline()
+
+//go:linkname libc_getpeername libc_getpeername
+//go:cgo_import_dynamic libc_getpeername getpeername "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_getsockname_trampoline), uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_getsockname_trampoline()
+
+//go:linkname libc_getsockname libc_getsockname
+//go:cgo_import_dynamic libc_getsockname getsockname "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Shutdown(s int, how int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_shutdown_trampoline), uintptr(s), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_shutdown_trampoline()
+
+//go:linkname libc_shutdown libc_shutdown
+//go:cgo_import_dynamic libc_shutdown shutdown "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
+	_, _, e1 := syscall_rawSyscall6(funcPC(libc_socketpair_trampoline), uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_socketpair_trampoline()
+
+//go:linkname libc_socketpair libc_socketpair
+//go:cgo_import_dynamic libc_socketpair socketpair "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall6(funcPC(libc_recvfrom_trampoline), uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_recvfrom_trampoline()
+
+//go:linkname libc_recvfrom libc_recvfrom
+//go:cgo_import_dynamic libc_recvfrom recvfrom "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := syscall_syscall6(funcPC(libc_sendto_trampoline), uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_sendto_trampoline()
+
+//go:linkname libc_sendto libc_sendto
+//go:cgo_import_dynamic libc_sendto sendto "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(funcPC(libc_recvmsg_trampoline), uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_recvmsg_trampoline()
+
+//go:linkname libc_recvmsg libc_recvmsg
+//go:cgo_import_dynamic libc_recvmsg recvmsg "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(funcPC(libc_sendmsg_trampoline), uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_sendmsg_trampoline()
+
+//go:linkname libc_sendmsg libc_sendmsg
+//go:cgo_import_dynamic libc_sendmsg sendmsg "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, nevent int, timeout *Timespec) (n int, err error) {
+	r0, _, e1 := syscall_syscall6(funcPC(libc_kevent_trampoline), uintptr(kq), uintptr(change), uintptr(nchange), uintptr(event), uintptr(nevent), uintptr(unsafe.Pointer(timeout)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_kevent_trampoline()
+
+//go:linkname libc_kevent libc_kevent
+//go:cgo_import_dynamic libc_kevent kevent "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimes(path string, timeval *[2]Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_utimes_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_utimes_trampoline()
+
+//go:linkname libc_utimes libc_utimes
+//go:cgo_import_dynamic libc_utimes utimes "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func futimes(fd int, timeval *[2]Timeval) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_futimes_trampoline), uintptr(fd), uintptr(unsafe.Pointer(timeval)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_futimes_trampoline()
+
+//go:linkname libc_futimes libc_futimes
+//go:cgo_import_dynamic libc_futimes futimes "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(funcPC(libc_poll_trampoline), uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_poll_trampoline()
+
+//go:linkname libc_poll libc_poll
+//go:cgo_import_dynamic libc_poll poll "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Madvise(b []byte, behav int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_madvise_trampoline), uintptr(_p0), uintptr(len(b)), uintptr(behav))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_madvise_trampoline()
+
+//go:linkname libc_madvise libc_madvise
+//go:cgo_import_dynamic libc_madvise madvise "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlock(b []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_mlock_trampoline), uintptr(_p0), uintptr(len(b)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_mlock_trampoline()
+
+//go:linkname libc_mlock libc_mlock
+//go:cgo_import_dynamic libc_mlock mlock "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlockall(flags int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_mlockall_trampoline), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_mlockall_trampoline()
+
+//go:linkname libc_mlockall libc_mlockall
+//go:cgo_import_dynamic libc_mlockall mlockall "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mprotect(b []byte, prot int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_mprotect_trampoline), uintptr(_p0), uintptr(len(b)), uintptr(prot))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_mprotect_trampoline()
+
+//go:linkname libc_mprotect libc_mprotect
+//go:cgo_import_dynamic libc_mprotect mprotect "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Msync(b []byte, flags int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_msync_trampoline), uintptr(_p0), uintptr(len(b)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_msync_trampoline()
+
+//go:linkname libc_msync libc_msync
+//go:cgo_import_dynamic libc_msync msync "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlock(b []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_munlock_trampoline), uintptr(_p0), uintptr(len(b)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_munlock_trampoline()
+
+//go:linkname libc_munlock libc_munlock
+//go:cgo_import_dynamic libc_munlock munlock "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlockall() (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_munlockall_trampoline), 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_munlockall_trampoline()
+
+//go:linkname libc_munlockall libc_munlockall
+//go:cgo_import_dynamic libc_munlockall munlockall "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pipe() (r int, w int, err error) {
+	r0, r1, e1 := syscall_rawSyscall(funcPC(libc_pipe_trampoline), 0, 0, 0)
+	r = int(r0)
+	w = int(r1)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_pipe_trampoline()
+
+//go:linkname libc_pipe libc_pipe
+//go:cgo_import_dynamic libc_pipe pipe "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getxattr(path string, attr string, dest *byte, size int, position uint32, options int) (sz int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := syscall_syscall6(funcPC(libc_getxattr_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(dest)), uintptr(size), uintptr(position), uintptr(options))
+	sz = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_getxattr_trampoline()
+
+//go:linkname libc_getxattr libc_getxattr
+//go:cgo_import_dynamic libc_getxattr getxattr "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fgetxattr(fd int, attr string, dest *byte, size int, position uint32, options int) (sz int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := syscall_syscall6(funcPC(libc_fgetxattr_trampoline), uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(dest)), uintptr(size), uintptr(position), uintptr(options))
+	sz = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fgetxattr_trampoline()
+
+//go:linkname libc_fgetxattr libc_fgetxattr
+//go:cgo_import_dynamic libc_fgetxattr fgetxattr "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setxattr(path string, attr string, data *byte, size int, position uint32, options int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(funcPC(libc_setxattr_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(data)), uintptr(size), uintptr(position), uintptr(options))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setxattr_trampoline()
+
+//go:linkname libc_setxattr libc_setxattr
+//go:cgo_import_dynamic libc_setxattr setxattr "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fsetxattr(fd int, attr string, data *byte, size int, position uint32, options int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(funcPC(libc_fsetxattr_trampoline), uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(data)), uintptr(size), uintptr(position), uintptr(options))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fsetxattr_trampoline()
+
+//go:linkname libc_fsetxattr libc_fsetxattr
+//go:cgo_import_dynamic libc_fsetxattr fsetxattr "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func removexattr(path string, attr string, options int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_removexattr_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(options))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_removexattr_trampoline()
+
+//go:linkname libc_removexattr libc_removexattr
+//go:cgo_import_dynamic libc_removexattr removexattr "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fremovexattr(fd int, attr string, options int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_fremovexattr_trampoline), uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(options))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fremovexattr_trampoline()
+
+//go:linkname libc_fremovexattr libc_fremovexattr
+//go:cgo_import_dynamic libc_fremovexattr fremovexattr "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func listxattr(path string, dest *byte, size int, options int) (sz int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := syscall_syscall6(funcPC(libc_listxattr_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(dest)), uintptr(size), uintptr(options), 0, 0)
+	sz = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_listxattr_trampoline()
+
+//go:linkname libc_listxattr libc_listxattr
+//go:cgo_import_dynamic libc_listxattr listxattr "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func flistxattr(fd int, dest *byte, size int, options int) (sz int, err error) {
+	r0, _, e1 := syscall_syscall6(funcPC(libc_flistxattr_trampoline), uintptr(fd), uintptr(unsafe.Pointer(dest)), uintptr(size), uintptr(options), 0, 0)
+	sz = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_flistxattr_trampoline()
+
+//go:linkname libc_flistxattr libc_flistxattr
+//go:cgo_import_dynamic libc_flistxattr flistxattr "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setattrlist(path *byte, list unsafe.Pointer, buf unsafe.Pointer, size uintptr, options int) (err error) {
+	_, _, e1 := syscall_syscall6(funcPC(libc_setattrlist_trampoline), uintptr(unsafe.Pointer(path)), uintptr(list), uintptr(buf), uintptr(size), uintptr(options), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setattrlist_trampoline()
+
+//go:linkname libc_setattrlist libc_setattrlist
+//go:cgo_import_dynamic libc_setattrlist setattrlist "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fcntl(fd int, cmd int, arg int) (val int, err error) {
+	r0, _, e1 := syscall_syscall(funcPC(libc_fcntl_trampoline), uintptr(fd), uintptr(cmd), uintptr(arg))
+	val = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fcntl_trampoline()
+
+//go:linkname libc_fcntl libc_fcntl
+//go:cgo_import_dynamic libc_fcntl fcntl "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func kill(pid int, signum int, posix int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_kill_trampoline), uintptr(pid), uintptr(signum), uintptr(posix))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_kill_trampoline()
+
+//go:linkname libc_kill libc_kill
+//go:cgo_import_dynamic libc_kill kill "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ioctl(fd int, req uint, arg uintptr) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_ioctl_trampoline), uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_ioctl_trampoline()
+
+//go:linkname libc_ioctl libc_ioctl
+//go:cgo_import_dynamic libc_ioctl ioctl "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
+	var _p0 unsafe.Pointer
+	if len(mib) > 0 {
+		_p0 = unsafe.Pointer(&mib[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := syscall_syscall6(funcPC(libc_sysctl_trampoline), uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_sysctl_trampoline()
+
+//go:linkname libc_sysctl libc_sysctl
+//go:cgo_import_dynamic libc_sysctl sysctl "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendfile(infd int, outfd int, offset int64, len *int64, hdtr unsafe.Pointer, flags int) (err error) {
+	_, _, e1 := syscall_syscall6(funcPC(libc_sendfile_trampoline), uintptr(infd), uintptr(outfd), uintptr(offset), uintptr(unsafe.Pointer(len)), uintptr(hdtr), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_sendfile_trampoline()
+
+//go:linkname libc_sendfile libc_sendfile
+//go:cgo_import_dynamic libc_sendfile sendfile "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Access(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_access_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_access_trampoline()
+
+//go:linkname libc_access libc_access
+//go:cgo_import_dynamic libc_access access "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Adjtime(delta *Timeval, olddelta *Timeval) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_adjtime_trampoline), uintptr(unsafe.Pointer(delta)), uintptr(unsafe.Pointer(olddelta)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_adjtime_trampoline()
+
+//go:linkname libc_adjtime libc_adjtime
+//go:cgo_import_dynamic libc_adjtime adjtime "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chdir(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_chdir_trampoline), uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_chdir_trampoline()
+
+//go:linkname libc_chdir libc_chdir
+//go:cgo_import_dynamic libc_chdir chdir "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chflags(path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_chflags_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_chflags_trampoline()
+
+//go:linkname libc_chflags libc_chflags
+//go:cgo_import_dynamic libc_chflags chflags "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chmod(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_chmod_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_chmod_trampoline()
+
+//go:linkname libc_chmod libc_chmod
+//go:cgo_import_dynamic libc_chmod chmod "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_chown_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_chown_trampoline()
+
+//go:linkname libc_chown libc_chown
+//go:cgo_import_dynamic libc_chown chown "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chroot(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_chroot_trampoline), uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_chroot_trampoline()
+
+//go:linkname libc_chroot libc_chroot
+//go:cgo_import_dynamic libc_chroot chroot "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ClockGettime(clockid int32, time *Timespec) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_clock_gettime_trampoline), uintptr(clockid), uintptr(unsafe.Pointer(time)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_clock_gettime_trampoline()
+
+//go:linkname libc_clock_gettime libc_clock_gettime
+//go:cgo_import_dynamic libc_clock_gettime clock_gettime "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Close(fd int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_close_trampoline), uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_close_trampoline()
+
+//go:linkname libc_close libc_close
+//go:cgo_import_dynamic libc_close close "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Clonefile(src string, dst string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(src)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(dst)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_clonefile_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_clonefile_trampoline()
+
+//go:linkname libc_clonefile libc_clonefile
+//go:cgo_import_dynamic libc_clonefile clonefile "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Clonefileat(srcDirfd int, src string, dstDirfd int, dst string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(src)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(dst)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(funcPC(libc_clonefileat_trampoline), uintptr(srcDirfd), uintptr(unsafe.Pointer(_p0)), uintptr(dstDirfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_clonefileat_trampoline()
+
+//go:linkname libc_clonefileat libc_clonefileat
+//go:cgo_import_dynamic libc_clonefileat clonefileat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup(fd int) (nfd int, err error) {
+	r0, _, e1 := syscall_syscall(funcPC(libc_dup_trampoline), uintptr(fd), 0, 0)
+	nfd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_dup_trampoline()
+
+//go:linkname libc_dup libc_dup
+//go:cgo_import_dynamic libc_dup dup "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup2(from int, to int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_dup2_trampoline), uintptr(from), uintptr(to), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_dup2_trampoline()
+
+//go:linkname libc_dup2 libc_dup2
+//go:cgo_import_dynamic libc_dup2 dup2 "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Exchangedata(path1 string, path2 string, options int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path1)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(path2)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_exchangedata_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(options))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_exchangedata_trampoline()
+
+//go:linkname libc_exchangedata libc_exchangedata
+//go:cgo_import_dynamic libc_exchangedata exchangedata "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Exit(code int) {
+	syscall_syscall(funcPC(libc_exit_trampoline), uintptr(code), 0, 0)
+	return
+}
+
+func libc_exit_trampoline()
+
+//go:linkname libc_exit libc_exit
+//go:cgo_import_dynamic libc_exit exit "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(funcPC(libc_faccessat_trampoline), uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_faccessat_trampoline()
+
+//go:linkname libc_faccessat libc_faccessat
+//go:cgo_import_dynamic libc_faccessat faccessat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchdir(fd int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_fchdir_trampoline), uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fchdir_trampoline()
+
+//go:linkname libc_fchdir libc_fchdir
+//go:cgo_import_dynamic libc_fchdir fchdir "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchflags(fd int, flags int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_fchflags_trampoline), uintptr(fd), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fchflags_trampoline()
+
+//go:linkname libc_fchflags libc_fchflags
+//go:cgo_import_dynamic libc_fchflags fchflags "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmod(fd int, mode uint32) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_fchmod_trampoline), uintptr(fd), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fchmod_trampoline()
+
+//go:linkname libc_fchmod libc_fchmod
+//go:cgo_import_dynamic libc_fchmod fchmod "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(funcPC(libc_fchmodat_trampoline), uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fchmodat_trampoline()
+
+//go:linkname libc_fchmodat libc_fchmodat
+//go:cgo_import_dynamic libc_fchmodat fchmodat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchown(fd int, uid int, gid int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_fchown_trampoline), uintptr(fd), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fchown_trampoline()
+
+//go:linkname libc_fchown libc_fchown
+//go:cgo_import_dynamic libc_fchown fchown "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(funcPC(libc_fchownat_trampoline), uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fchownat_trampoline()
+
+//go:linkname libc_fchownat libc_fchownat
+//go:cgo_import_dynamic libc_fchownat fchownat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fclonefileat(srcDirfd int, dstDirfd int, dst string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(dst)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(funcPC(libc_fclonefileat_trampoline), uintptr(srcDirfd), uintptr(dstDirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fclonefileat_trampoline()
+
+//go:linkname libc_fclonefileat libc_fclonefileat
+//go:cgo_import_dynamic libc_fclonefileat fclonefileat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Flock(fd int, how int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_flock_trampoline), uintptr(fd), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_flock_trampoline()
+
+//go:linkname libc_flock libc_flock
+//go:cgo_import_dynamic libc_flock flock "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fpathconf(fd int, name int) (val int, err error) {
+	r0, _, e1 := syscall_syscall(funcPC(libc_fpathconf_trampoline), uintptr(fd), uintptr(name), 0)
+	val = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fpathconf_trampoline()
+
+//go:linkname libc_fpathconf libc_fpathconf
+//go:cgo_import_dynamic libc_fpathconf fpathconf "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fsync(fd int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_fsync_trampoline), uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fsync_trampoline()
+
+//go:linkname libc_fsync libc_fsync
+//go:cgo_import_dynamic libc_fsync fsync "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ftruncate(fd int, length int64) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_ftruncate_trampoline), uintptr(fd), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_ftruncate_trampoline()
+
+//go:linkname libc_ftruncate libc_ftruncate
+//go:cgo_import_dynamic libc_ftruncate ftruncate "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getcwd(buf []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall(funcPC(libc_getcwd_trampoline), uintptr(_p0), uintptr(len(buf)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_getcwd_trampoline()
+
+//go:linkname libc_getcwd libc_getcwd
+//go:cgo_import_dynamic libc_getcwd getcwd "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getdtablesize() (size int) {
+	r0, _, _ := syscall_syscall(funcPC(libc_getdtablesize_trampoline), 0, 0, 0)
+	size = int(r0)
+	return
+}
+
+func libc_getdtablesize_trampoline()
+
+//go:linkname libc_getdtablesize libc_getdtablesize
+//go:cgo_import_dynamic libc_getdtablesize getdtablesize "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getegid() (egid int) {
+	r0, _, _ := syscall_rawSyscall(funcPC(libc_getegid_trampoline), 0, 0, 0)
+	egid = int(r0)
+	return
+}
+
+func libc_getegid_trampoline()
+
+//go:linkname libc_getegid libc_getegid
+//go:cgo_import_dynamic libc_getegid getegid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Geteuid() (uid int) {
+	r0, _, _ := syscall_rawSyscall(funcPC(libc_geteuid_trampoline), 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+func libc_geteuid_trampoline()
+
+//go:linkname libc_geteuid libc_geteuid
+//go:cgo_import_dynamic libc_geteuid geteuid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getgid() (gid int) {
+	r0, _, _ := syscall_rawSyscall(funcPC(libc_getgid_trampoline), 0, 0, 0)
+	gid = int(r0)
+	return
+}
+
+func libc_getgid_trampoline()
+
+//go:linkname libc_getgid libc_getgid
+//go:cgo_import_dynamic libc_getgid getgid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgid(pid int) (pgid int, err error) {
+	r0, _, e1 := syscall_rawSyscall(funcPC(libc_getpgid_trampoline), uintptr(pid), 0, 0)
+	pgid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_getpgid_trampoline()
+
+//go:linkname libc_getpgid libc_getpgid
+//go:cgo_import_dynamic libc_getpgid getpgid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgrp() (pgrp int) {
+	r0, _, _ := syscall_rawSyscall(funcPC(libc_getpgrp_trampoline), 0, 0, 0)
+	pgrp = int(r0)
+	return
+}
+
+func libc_getpgrp_trampoline()
+
+//go:linkname libc_getpgrp libc_getpgrp
+//go:cgo_import_dynamic libc_getpgrp getpgrp "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpid() (pid int) {
+	r0, _, _ := syscall_rawSyscall(funcPC(libc_getpid_trampoline), 0, 0, 0)
+	pid = int(r0)
+	return
+}
+
+func libc_getpid_trampoline()
+
+//go:linkname libc_getpid libc_getpid
+//go:cgo_import_dynamic libc_getpid getpid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getppid() (ppid int) {
+	r0, _, _ := syscall_rawSyscall(funcPC(libc_getppid_trampoline), 0, 0, 0)
+	ppid = int(r0)
+	return
+}
+
+func libc_getppid_trampoline()
+
+//go:linkname libc_getppid libc_getppid
+//go:cgo_import_dynamic libc_getppid getppid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpriority(which int, who int) (prio int, err error) {
+	r0, _, e1 := syscall_syscall(funcPC(libc_getpriority_trampoline), uintptr(which), uintptr(who), 0)
+	prio = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_getpriority_trampoline()
+
+//go:linkname libc_getpriority libc_getpriority
+//go:cgo_import_dynamic libc_getpriority getpriority "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrlimit(which int, lim *Rlimit) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_getrlimit_trampoline), uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_getrlimit_trampoline()
+
+//go:linkname libc_getrlimit libc_getrlimit
+//go:cgo_import_dynamic libc_getrlimit getrlimit "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrusage(who int, rusage *Rusage) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_getrusage_trampoline), uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_getrusage_trampoline()
+
+//go:linkname libc_getrusage libc_getrusage
+//go:cgo_import_dynamic libc_getrusage getrusage "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getsid(pid int) (sid int, err error) {
+	r0, _, e1 := syscall_rawSyscall(funcPC(libc_getsid_trampoline), uintptr(pid), 0, 0)
+	sid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_getsid_trampoline()
+
+//go:linkname libc_getsid libc_getsid
+//go:cgo_import_dynamic libc_getsid getsid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Gettimeofday(tp *Timeval) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_gettimeofday_trampoline), uintptr(unsafe.Pointer(tp)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_gettimeofday_trampoline()
+
+//go:linkname libc_gettimeofday libc_gettimeofday
+//go:cgo_import_dynamic libc_gettimeofday gettimeofday "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getuid() (uid int) {
+	r0, _, _ := syscall_rawSyscall(funcPC(libc_getuid_trampoline), 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+func libc_getuid_trampoline()
+
+//go:linkname libc_getuid libc_getuid
+//go:cgo_import_dynamic libc_getuid getuid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Issetugid() (tainted bool) {
+	r0, _, _ := syscall_rawSyscall(funcPC(libc_issetugid_trampoline), 0, 0, 0)
+	tainted = bool(r0 != 0)
+	return
+}
+
+func libc_issetugid_trampoline()
+
+//go:linkname libc_issetugid libc_issetugid
+//go:cgo_import_dynamic libc_issetugid issetugid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Kqueue() (fd int, err error) {
+	r0, _, e1 := syscall_syscall(funcPC(libc_kqueue_trampoline), 0, 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_kqueue_trampoline()
+
+//go:linkname libc_kqueue libc_kqueue
+//go:cgo_import_dynamic libc_kqueue kqueue "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lchown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_lchown_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_lchown_trampoline()
+
+//go:linkname libc_lchown libc_lchown
+//go:cgo_import_dynamic libc_lchown lchown "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Link(path string, link string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_link_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_link_trampoline()
+
+//go:linkname libc_link libc_link
+//go:cgo_import_dynamic libc_link link "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(funcPC(libc_linkat_trampoline), uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_linkat_trampoline()
+
+//go:linkname libc_linkat libc_linkat
+//go:cgo_import_dynamic libc_linkat linkat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Listen(s int, backlog int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_listen_trampoline), uintptr(s), uintptr(backlog), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_listen_trampoline()
+
+//go:linkname libc_listen libc_listen
+//go:cgo_import_dynamic libc_listen listen "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdir(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_mkdir_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_mkdir_trampoline()
+
+//go:linkname libc_mkdir libc_mkdir
+//go:cgo_import_dynamic libc_mkdir mkdir "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdirat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_mkdirat_trampoline), uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_mkdirat_trampoline()
+
+//go:linkname libc_mkdirat libc_mkdirat
+//go:cgo_import_dynamic libc_mkdirat mkdirat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkfifo(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_mkfifo_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_mkfifo_trampoline()
+
+//go:linkname libc_mkfifo libc_mkfifo
+//go:cgo_import_dynamic libc_mkfifo mkfifo "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mknod(path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_mknod_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_mknod_trampoline()
+
+//go:linkname libc_mknod libc_mknod
+//go:cgo_import_dynamic libc_mknod mknod "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Open(path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := syscall_syscall(funcPC(libc_open_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_open_trampoline()
+
+//go:linkname libc_open libc_open
+//go:cgo_import_dynamic libc_open open "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := syscall_syscall6(funcPC(libc_openat_trampoline), uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_openat_trampoline()
+
+//go:linkname libc_openat libc_openat
+//go:cgo_import_dynamic libc_openat openat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pathconf(path string, name int) (val int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := syscall_syscall(funcPC(libc_pathconf_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(name), 0)
+	val = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_pathconf_trampoline()
+
+//go:linkname libc_pathconf libc_pathconf
+//go:cgo_import_dynamic libc_pathconf pathconf "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pread(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall6(funcPC(libc_pread_trampoline), uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_pread_trampoline()
+
+//go:linkname libc_pread libc_pread
+//go:cgo_import_dynamic libc_pread pread "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall6(funcPC(libc_pwrite_trampoline), uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_pwrite_trampoline()
+
+//go:linkname libc_pwrite libc_pwrite
+//go:cgo_import_dynamic libc_pwrite pwrite "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func read(fd int, p []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall(funcPC(libc_read_trampoline), uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_read_trampoline()
+
+//go:linkname libc_read libc_read
+//go:cgo_import_dynamic libc_read read "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Readlink(path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall(funcPC(libc_readlink_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_readlink_trampoline()
+
+//go:linkname libc_readlink libc_readlink
+//go:cgo_import_dynamic libc_readlink readlink "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall6(funcPC(libc_readlinkat_trampoline), uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_readlinkat_trampoline()
+
+//go:linkname libc_readlinkat libc_readlinkat
+//go:cgo_import_dynamic libc_readlinkat readlinkat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Rename(from string, to string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_rename_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_rename_trampoline()
+
+//go:linkname libc_rename libc_rename
+//go:cgo_import_dynamic libc_rename rename "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Renameat(fromfd int, from string, tofd int, to string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(funcPC(libc_renameat_trampoline), uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_renameat_trampoline()
+
+//go:linkname libc_renameat libc_renameat
+//go:cgo_import_dynamic libc_renameat renameat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Revoke(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_revoke_trampoline), uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_revoke_trampoline()
+
+//go:linkname libc_revoke libc_revoke
+//go:cgo_import_dynamic libc_revoke revoke "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Rmdir(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_rmdir_trampoline), uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_rmdir_trampoline()
+
+//go:linkname libc_rmdir libc_rmdir
+//go:cgo_import_dynamic libc_rmdir rmdir "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
+	r0, _, e1 := syscall_syscall(funcPC(libc_lseek_trampoline), uintptr(fd), uintptr(offset), uintptr(whence))
+	newoffset = int64(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_lseek_trampoline()
+
+//go:linkname libc_lseek libc_lseek
+//go:cgo_import_dynamic libc_lseek lseek "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, _, e1 := syscall_syscall6(funcPC(libc_select_trampoline), uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_select_trampoline()
+
+//go:linkname libc_select libc_select
+//go:cgo_import_dynamic libc_select select "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setegid(egid int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_setegid_trampoline), uintptr(egid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setegid_trampoline()
+
+//go:linkname libc_setegid libc_setegid
+//go:cgo_import_dynamic libc_setegid setegid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seteuid(euid int) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_seteuid_trampoline), uintptr(euid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_seteuid_trampoline()
+
+//go:linkname libc_seteuid libc_seteuid
+//go:cgo_import_dynamic libc_seteuid seteuid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setgid(gid int) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_setgid_trampoline), uintptr(gid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setgid_trampoline()
+
+//go:linkname libc_setgid libc_setgid
+//go:cgo_import_dynamic libc_setgid setgid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setlogin(name string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(name)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_setlogin_trampoline), uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setlogin_trampoline()
+
+//go:linkname libc_setlogin libc_setlogin
+//go:cgo_import_dynamic libc_setlogin setlogin "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpgid(pid int, pgid int) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_setpgid_trampoline), uintptr(pid), uintptr(pgid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setpgid_trampoline()
+
+//go:linkname libc_setpgid libc_setpgid
+//go:cgo_import_dynamic libc_setpgid setpgid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpriority(which int, who int, prio int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_setpriority_trampoline), uintptr(which), uintptr(who), uintptr(prio))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setpriority_trampoline()
+
+//go:linkname libc_setpriority libc_setpriority
+//go:cgo_import_dynamic libc_setpriority setpriority "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setprivexec(flag int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_setprivexec_trampoline), uintptr(flag), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setprivexec_trampoline()
+
+//go:linkname libc_setprivexec libc_setprivexec
+//go:cgo_import_dynamic libc_setprivexec setprivexec "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setregid(rgid int, egid int) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_setregid_trampoline), uintptr(rgid), uintptr(egid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setregid_trampoline()
+
+//go:linkname libc_setregid libc_setregid
+//go:cgo_import_dynamic libc_setregid setregid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setreuid(ruid int, euid int) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_setreuid_trampoline), uintptr(ruid), uintptr(euid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setreuid_trampoline()
+
+//go:linkname libc_setreuid libc_setreuid
+//go:cgo_import_dynamic libc_setreuid setreuid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setrlimit(which int, lim *Rlimit) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_setrlimit_trampoline), uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setrlimit_trampoline()
+
+//go:linkname libc_setrlimit libc_setrlimit
+//go:cgo_import_dynamic libc_setrlimit setrlimit "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setsid() (pid int, err error) {
+	r0, _, e1 := syscall_rawSyscall(funcPC(libc_setsid_trampoline), 0, 0, 0)
+	pid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setsid_trampoline()
+
+//go:linkname libc_setsid libc_setsid
+//go:cgo_import_dynamic libc_setsid setsid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Settimeofday(tp *Timeval) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_settimeofday_trampoline), uintptr(unsafe.Pointer(tp)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_settimeofday_trampoline()
+
+//go:linkname libc_settimeofday libc_settimeofday
+//go:cgo_import_dynamic libc_settimeofday settimeofday "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setuid(uid int) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_setuid_trampoline), uintptr(uid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setuid_trampoline()
+
+//go:linkname libc_setuid libc_setuid
+//go:cgo_import_dynamic libc_setuid setuid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Symlink(path string, link string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_symlink_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_symlink_trampoline()
+
+//go:linkname libc_symlink libc_symlink
+//go:cgo_import_dynamic libc_symlink symlink "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_symlinkat_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_symlinkat_trampoline()
+
+//go:linkname libc_symlinkat libc_symlinkat
+//go:cgo_import_dynamic libc_symlinkat symlinkat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Sync() (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_sync_trampoline), 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_sync_trampoline()
+
+//go:linkname libc_sync libc_sync
+//go:cgo_import_dynamic libc_sync sync "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Truncate(path string, length int64) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_truncate_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_truncate_trampoline()
+
+//go:linkname libc_truncate libc_truncate
+//go:cgo_import_dynamic libc_truncate truncate "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Umask(newmask int) (oldmask int) {
+	r0, _, _ := syscall_syscall(funcPC(libc_umask_trampoline), uintptr(newmask), 0, 0)
+	oldmask = int(r0)
+	return
+}
+
+func libc_umask_trampoline()
+
+//go:linkname libc_umask libc_umask
+//go:cgo_import_dynamic libc_umask umask "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Undelete(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_undelete_trampoline), uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_undelete_trampoline()
+
+//go:linkname libc_undelete libc_undelete
+//go:cgo_import_dynamic libc_undelete undelete "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlink(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_unlink_trampoline), uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_unlink_trampoline()
+
+//go:linkname libc_unlink libc_unlink
+//go:cgo_import_dynamic libc_unlink unlink "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlinkat(dirfd int, path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_unlinkat_trampoline), uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_unlinkat_trampoline()
+
+//go:linkname libc_unlinkat libc_unlinkat
+//go:cgo_import_dynamic libc_unlinkat unlinkat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unmount(path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_unmount_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_unmount_trampoline()
+
+//go:linkname libc_unmount libc_unmount
+//go:cgo_import_dynamic libc_unmount unmount "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func write(fd int, p []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall(funcPC(libc_write_trampoline), uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_write_trampoline()
+
+//go:linkname libc_write libc_write
+//go:cgo_import_dynamic libc_write write "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) {
+	r0, _, e1 := syscall_syscall6(funcPC(libc_mmap_trampoline), uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), uintptr(pos))
+	ret = uintptr(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_mmap_trampoline()
+
+//go:linkname libc_mmap libc_mmap
+//go:cgo_import_dynamic libc_mmap mmap "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func munmap(addr uintptr, length uintptr) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_munmap_trampoline), uintptr(addr), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_munmap_trampoline()
+
+//go:linkname libc_munmap libc_munmap
+//go:cgo_import_dynamic libc_munmap munmap "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func readlen(fd int, buf *byte, nbuf int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(funcPC(libc_read_trampoline), uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func writelen(fd int, buf *byte, nbuf int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(funcPC(libc_write_trampoline), uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ptrace(request int, pid int, addr uintptr, data uintptr) (err error) {
+	_, _, e1 := syscall_syscall6(funcPC(libc_ptrace_trampoline), uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_ptrace_trampoline()
+
+//go:linkname libc_ptrace libc_ptrace
+//go:cgo_import_dynamic libc_ptrace ptrace "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstat(fd int, stat *Stat_t) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_fstat64_trampoline), uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fstat64_trampoline()
+
+//go:linkname libc_fstat64 libc_fstat64
+//go:cgo_import_dynamic libc_fstat64 fstat64 "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(funcPC(libc_fstatat64_trampoline), uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fstatat64_trampoline()
+
+//go:linkname libc_fstatat64 libc_fstatat64
+//go:cgo_import_dynamic libc_fstatat64 fstatat64 "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatfs(fd int, stat *Statfs_t) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_fstatfs64_trampoline), uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fstatfs64_trampoline()
+
+//go:linkname libc_fstatfs64 libc_fstatfs64
+//go:cgo_import_dynamic libc_fstatfs64 fstatfs64 "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getfsstat(buf unsafe.Pointer, size uintptr, flags int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(funcPC(libc_getfsstat64_trampoline), uintptr(buf), uintptr(size), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_getfsstat64_trampoline()
+
+//go:linkname libc_getfsstat64 libc_getfsstat64
+//go:cgo_import_dynamic libc_getfsstat64 getfsstat64 "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lstat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_lstat64_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_lstat64_trampoline()
+
+//go:linkname libc_lstat64 libc_lstat64
+//go:cgo_import_dynamic libc_lstat64 lstat64 "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Stat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_stat64_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_stat64_trampoline()
+
+//go:linkname libc_stat64 libc_stat64
+//go:cgo_import_dynamic libc_stat64 stat64 "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Statfs(path string, stat *Statfs_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_statfs64_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_statfs64_trampoline()
+
+//go:linkname libc_statfs64 libc_statfs64
+//go:cgo_import_dynamic libc_statfs64 statfs64 "/usr/lib/libSystem.B.dylib"
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s
new file mode 100644
index 000000000..887fd5f4e
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s
@@ -0,0 +1,290 @@
+// go run mkasm_darwin.go amd64
+// Code generated by the command above; DO NOT EDIT.
+
+// +build go1.12
+
+#include "textflag.h"
+TEXT ·libc_getgroups_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getgroups(SB)
+TEXT ·libc_setgroups_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setgroups(SB)
+TEXT ·libc_wait4_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_wait4(SB)
+TEXT ·libc_accept_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_accept(SB)
+TEXT ·libc_bind_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_bind(SB)
+TEXT ·libc_connect_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_connect(SB)
+TEXT ·libc_socket_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_socket(SB)
+TEXT ·libc_getsockopt_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getsockopt(SB)
+TEXT ·libc_setsockopt_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setsockopt(SB)
+TEXT ·libc_getpeername_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getpeername(SB)
+TEXT ·libc_getsockname_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getsockname(SB)
+TEXT ·libc_shutdown_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_shutdown(SB)
+TEXT ·libc_socketpair_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_socketpair(SB)
+TEXT ·libc_recvfrom_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_recvfrom(SB)
+TEXT ·libc_sendto_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_sendto(SB)
+TEXT ·libc_recvmsg_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_recvmsg(SB)
+TEXT ·libc_sendmsg_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_sendmsg(SB)
+TEXT ·libc_kevent_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_kevent(SB)
+TEXT ·libc_utimes_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_utimes(SB)
+TEXT ·libc_futimes_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_futimes(SB)
+TEXT ·libc_poll_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_poll(SB)
+TEXT ·libc_madvise_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_madvise(SB)
+TEXT ·libc_mlock_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_mlock(SB)
+TEXT ·libc_mlockall_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_mlockall(SB)
+TEXT ·libc_mprotect_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_mprotect(SB)
+TEXT ·libc_msync_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_msync(SB)
+TEXT ·libc_munlock_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_munlock(SB)
+TEXT ·libc_munlockall_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_munlockall(SB)
+TEXT ·libc_pipe_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_pipe(SB)
+TEXT ·libc_getxattr_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getxattr(SB)
+TEXT ·libc_fgetxattr_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fgetxattr(SB)
+TEXT ·libc_setxattr_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setxattr(SB)
+TEXT ·libc_fsetxattr_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fsetxattr(SB)
+TEXT ·libc_removexattr_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_removexattr(SB)
+TEXT ·libc_fremovexattr_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fremovexattr(SB)
+TEXT ·libc_listxattr_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_listxattr(SB)
+TEXT ·libc_flistxattr_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_flistxattr(SB)
+TEXT ·libc_setattrlist_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setattrlist(SB)
+TEXT ·libc_fcntl_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fcntl(SB)
+TEXT ·libc_kill_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_kill(SB)
+TEXT ·libc_ioctl_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_ioctl(SB)
+TEXT ·libc_sysctl_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_sysctl(SB)
+TEXT ·libc_sendfile_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_sendfile(SB)
+TEXT ·libc_access_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_access(SB)
+TEXT ·libc_adjtime_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_adjtime(SB)
+TEXT ·libc_chdir_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_chdir(SB)
+TEXT ·libc_chflags_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_chflags(SB)
+TEXT ·libc_chmod_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_chmod(SB)
+TEXT ·libc_chown_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_chown(SB)
+TEXT ·libc_chroot_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_chroot(SB)
+TEXT ·libc_clock_gettime_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_clock_gettime(SB)
+TEXT ·libc_close_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_close(SB)
+TEXT ·libc_clonefile_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_clonefile(SB)
+TEXT ·libc_clonefileat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_clonefileat(SB)
+TEXT ·libc_dup_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_dup(SB)
+TEXT ·libc_dup2_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_dup2(SB)
+TEXT ·libc_exchangedata_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_exchangedata(SB)
+TEXT ·libc_exit_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_exit(SB)
+TEXT ·libc_faccessat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_faccessat(SB)
+TEXT ·libc_fchdir_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fchdir(SB)
+TEXT ·libc_fchflags_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fchflags(SB)
+TEXT ·libc_fchmod_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fchmod(SB)
+TEXT ·libc_fchmodat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fchmodat(SB)
+TEXT ·libc_fchown_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fchown(SB)
+TEXT ·libc_fchownat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fchownat(SB)
+TEXT ·libc_fclonefileat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fclonefileat(SB)
+TEXT ·libc_flock_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_flock(SB)
+TEXT ·libc_fpathconf_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fpathconf(SB)
+TEXT ·libc_fsync_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fsync(SB)
+TEXT ·libc_ftruncate_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_ftruncate(SB)
+TEXT ·libc_getcwd_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getcwd(SB)
+TEXT ·libc_getdtablesize_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getdtablesize(SB)
+TEXT ·libc_getegid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getegid(SB)
+TEXT ·libc_geteuid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_geteuid(SB)
+TEXT ·libc_getgid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getgid(SB)
+TEXT ·libc_getpgid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getpgid(SB)
+TEXT ·libc_getpgrp_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getpgrp(SB)
+TEXT ·libc_getpid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getpid(SB)
+TEXT ·libc_getppid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getppid(SB)
+TEXT ·libc_getpriority_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getpriority(SB)
+TEXT ·libc_getrlimit_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getrlimit(SB)
+TEXT ·libc_getrusage_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getrusage(SB)
+TEXT ·libc_getsid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getsid(SB)
+TEXT ·libc_gettimeofday_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_gettimeofday(SB)
+TEXT ·libc_getuid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getuid(SB)
+TEXT ·libc_issetugid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_issetugid(SB)
+TEXT ·libc_kqueue_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_kqueue(SB)
+TEXT ·libc_lchown_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_lchown(SB)
+TEXT ·libc_link_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_link(SB)
+TEXT ·libc_linkat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_linkat(SB)
+TEXT ·libc_listen_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_listen(SB)
+TEXT ·libc_mkdir_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_mkdir(SB)
+TEXT ·libc_mkdirat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_mkdirat(SB)
+TEXT ·libc_mkfifo_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_mkfifo(SB)
+TEXT ·libc_mknod_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_mknod(SB)
+TEXT ·libc_open_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_open(SB)
+TEXT ·libc_openat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_openat(SB)
+TEXT ·libc_pathconf_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_pathconf(SB)
+TEXT ·libc_pread_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_pread(SB)
+TEXT ·libc_pwrite_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_pwrite(SB)
+TEXT ·libc_read_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_read(SB)
+TEXT ·libc_readlink_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_readlink(SB)
+TEXT ·libc_readlinkat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_readlinkat(SB)
+TEXT ·libc_rename_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_rename(SB)
+TEXT ·libc_renameat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_renameat(SB)
+TEXT ·libc_revoke_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_revoke(SB)
+TEXT ·libc_rmdir_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_rmdir(SB)
+TEXT ·libc_lseek_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_lseek(SB)
+TEXT ·libc_select_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_select(SB)
+TEXT ·libc_setegid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setegid(SB)
+TEXT ·libc_seteuid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_seteuid(SB)
+TEXT ·libc_setgid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setgid(SB)
+TEXT ·libc_setlogin_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setlogin(SB)
+TEXT ·libc_setpgid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setpgid(SB)
+TEXT ·libc_setpriority_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setpriority(SB)
+TEXT ·libc_setprivexec_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setprivexec(SB)
+TEXT ·libc_setregid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setregid(SB)
+TEXT ·libc_setreuid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setreuid(SB)
+TEXT ·libc_setrlimit_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setrlimit(SB)
+TEXT ·libc_setsid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setsid(SB)
+TEXT ·libc_settimeofday_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_settimeofday(SB)
+TEXT ·libc_setuid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setuid(SB)
+TEXT ·libc_symlink_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_symlink(SB)
+TEXT ·libc_symlinkat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_symlinkat(SB)
+TEXT ·libc_sync_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_sync(SB)
+TEXT ·libc_truncate_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_truncate(SB)
+TEXT ·libc_umask_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_umask(SB)
+TEXT ·libc_undelete_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_undelete(SB)
+TEXT ·libc_unlink_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_unlink(SB)
+TEXT ·libc_unlinkat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_unlinkat(SB)
+TEXT ·libc_unmount_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_unmount(SB)
+TEXT ·libc_write_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_write(SB)
+TEXT ·libc_mmap_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_mmap(SB)
+TEXT ·libc_munmap_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_munmap(SB)
+TEXT ·libc_ptrace_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_ptrace(SB)
+TEXT ·libc_fstat64_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fstat64(SB)
+TEXT ·libc_fstatat64_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fstatat64(SB)
+TEXT ·libc_fstatfs64_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fstatfs64(SB)
+TEXT ·libc_getfsstat64_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getfsstat64(SB)
+TEXT ·libc_lstat64_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_lstat64(SB)
+TEXT ·libc_stat64_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_stat64(SB)
+TEXT ·libc_statfs64_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_statfs64(SB)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm.1_13.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm.1_13.go
new file mode 100644
index 000000000..f519ce9af
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm.1_13.go
@@ -0,0 +1,41 @@
+// go run mksyscall.go -l32 -tags darwin,arm,go1.13 syscall_darwin.1_13.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build darwin,arm,go1.13
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+var _ syscall.Errno
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func closedir(dir uintptr) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_closedir_trampoline), uintptr(dir), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_closedir_trampoline()
+
+//go:linkname libc_closedir libc_closedir
+//go:cgo_import_dynamic libc_closedir closedir "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func readdir_r(dir uintptr, entry *Dirent, result **Dirent) (res Errno) {
+	r0, _, _ := syscall_syscall(funcPC(libc_readdir_r_trampoline), uintptr(dir), uintptr(unsafe.Pointer(entry)), uintptr(unsafe.Pointer(result)))
+	res = Errno(r0)
+	return
+}
+
+func libc_readdir_r_trampoline()
+
+//go:linkname libc_readdir_r libc_readdir_r
+//go:cgo_import_dynamic libc_readdir_r readdir_r "/usr/lib/libSystem.B.dylib"
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm.1_13.s b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm.1_13.s
new file mode 100644
index 000000000..488e55707
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm.1_13.s
@@ -0,0 +1,12 @@
+// go run mkasm_darwin.go arm
+// Code generated by the command above; DO NOT EDIT.
+
+// +build go1.13
+
+#include "textflag.h"
+TEXT ·libc_fdopendir_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fdopendir(SB)
+TEXT ·libc_closedir_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_closedir(SB)
+TEXT ·libc_readdir_r_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_readdir_r(SB)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm.go
new file mode 100644
index 000000000..d6b5249c2
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm.go
@@ -0,0 +1,2559 @@
+// go run mksyscall.go -l32 -tags darwin,arm,go1.12 syscall_bsd.go syscall_darwin.go syscall_darwin_arm.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build darwin,arm,go1.12
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+var _ syscall.Errno
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getgroups(ngid int, gid *_Gid_t) (n int, err error) {
+	r0, _, e1 := syscall_rawSyscall(funcPC(libc_getgroups_trampoline), uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_getgroups_trampoline()
+
+//go:linkname libc_getgroups libc_getgroups
+//go:cgo_import_dynamic libc_getgroups getgroups "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setgroups(ngid int, gid *_Gid_t) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_setgroups_trampoline), uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setgroups_trampoline()
+
+//go:linkname libc_setgroups libc_setgroups
+//go:cgo_import_dynamic libc_setgroups setgroups "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) {
+	r0, _, e1 := syscall_syscall6(funcPC(libc_wait4_trampoline), uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0)
+	wpid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_wait4_trampoline()
+
+//go:linkname libc_wait4 libc_wait4
+//go:cgo_import_dynamic libc_wait4 wait4 "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
+	r0, _, e1 := syscall_syscall(funcPC(libc_accept_trampoline), uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_accept_trampoline()
+
+//go:linkname libc_accept libc_accept
+//go:cgo_import_dynamic libc_accept accept "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_bind_trampoline), uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_bind_trampoline()
+
+//go:linkname libc_bind libc_bind
+//go:cgo_import_dynamic libc_bind bind "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_connect_trampoline), uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_connect_trampoline()
+
+//go:linkname libc_connect libc_connect
+//go:cgo_import_dynamic libc_connect connect "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socket(domain int, typ int, proto int) (fd int, err error) {
+	r0, _, e1 := syscall_rawSyscall(funcPC(libc_socket_trampoline), uintptr(domain), uintptr(typ), uintptr(proto))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_socket_trampoline()
+
+//go:linkname libc_socket libc_socket
+//go:cgo_import_dynamic libc_socket socket "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
+	_, _, e1 := syscall_syscall6(funcPC(libc_getsockopt_trampoline), uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_getsockopt_trampoline()
+
+//go:linkname libc_getsockopt libc_getsockopt
+//go:cgo_import_dynamic libc_getsockopt getsockopt "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
+	_, _, e1 := syscall_syscall6(funcPC(libc_setsockopt_trampoline), uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setsockopt_trampoline()
+
+//go:linkname libc_setsockopt libc_setsockopt
+//go:cgo_import_dynamic libc_setsockopt setsockopt "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_getpeername_trampoline), uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_getpeername_trampoline()
+
+//go:linkname libc_getpeername libc_getpeername
+//go:cgo_import_dynamic libc_getpeername getpeername "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_getsockname_trampoline), uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_getsockname_trampoline()
+
+//go:linkname libc_getsockname libc_getsockname
+//go:cgo_import_dynamic libc_getsockname getsockname "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Shutdown(s int, how int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_shutdown_trampoline), uintptr(s), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_shutdown_trampoline()
+
+//go:linkname libc_shutdown libc_shutdown
+//go:cgo_import_dynamic libc_shutdown shutdown "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
+	_, _, e1 := syscall_rawSyscall6(funcPC(libc_socketpair_trampoline), uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_socketpair_trampoline()
+
+//go:linkname libc_socketpair libc_socketpair
+//go:cgo_import_dynamic libc_socketpair socketpair "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall6(funcPC(libc_recvfrom_trampoline), uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_recvfrom_trampoline()
+
+//go:linkname libc_recvfrom libc_recvfrom
+//go:cgo_import_dynamic libc_recvfrom recvfrom "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := syscall_syscall6(funcPC(libc_sendto_trampoline), uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_sendto_trampoline()
+
+//go:linkname libc_sendto libc_sendto
+//go:cgo_import_dynamic libc_sendto sendto "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(funcPC(libc_recvmsg_trampoline), uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_recvmsg_trampoline()
+
+//go:linkname libc_recvmsg libc_recvmsg
+//go:cgo_import_dynamic libc_recvmsg recvmsg "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(funcPC(libc_sendmsg_trampoline), uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_sendmsg_trampoline()
+
+//go:linkname libc_sendmsg libc_sendmsg
+//go:cgo_import_dynamic libc_sendmsg sendmsg "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, nevent int, timeout *Timespec) (n int, err error) {
+	r0, _, e1 := syscall_syscall6(funcPC(libc_kevent_trampoline), uintptr(kq), uintptr(change), uintptr(nchange), uintptr(event), uintptr(nevent), uintptr(unsafe.Pointer(timeout)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_kevent_trampoline()
+
+//go:linkname libc_kevent libc_kevent
+//go:cgo_import_dynamic libc_kevent kevent "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimes(path string, timeval *[2]Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_utimes_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_utimes_trampoline()
+
+//go:linkname libc_utimes libc_utimes
+//go:cgo_import_dynamic libc_utimes utimes "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func futimes(fd int, timeval *[2]Timeval) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_futimes_trampoline), uintptr(fd), uintptr(unsafe.Pointer(timeval)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_futimes_trampoline()
+
+//go:linkname libc_futimes libc_futimes
+//go:cgo_import_dynamic libc_futimes futimes "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(funcPC(libc_poll_trampoline), uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_poll_trampoline()
+
+//go:linkname libc_poll libc_poll
+//go:cgo_import_dynamic libc_poll poll "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Madvise(b []byte, behav int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_madvise_trampoline), uintptr(_p0), uintptr(len(b)), uintptr(behav))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_madvise_trampoline()
+
+//go:linkname libc_madvise libc_madvise
+//go:cgo_import_dynamic libc_madvise madvise "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlock(b []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_mlock_trampoline), uintptr(_p0), uintptr(len(b)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_mlock_trampoline()
+
+//go:linkname libc_mlock libc_mlock
+//go:cgo_import_dynamic libc_mlock mlock "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlockall(flags int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_mlockall_trampoline), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_mlockall_trampoline()
+
+//go:linkname libc_mlockall libc_mlockall
+//go:cgo_import_dynamic libc_mlockall mlockall "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mprotect(b []byte, prot int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_mprotect_trampoline), uintptr(_p0), uintptr(len(b)), uintptr(prot))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_mprotect_trampoline()
+
+//go:linkname libc_mprotect libc_mprotect
+//go:cgo_import_dynamic libc_mprotect mprotect "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Msync(b []byte, flags int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_msync_trampoline), uintptr(_p0), uintptr(len(b)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_msync_trampoline()
+
+//go:linkname libc_msync libc_msync
+//go:cgo_import_dynamic libc_msync msync "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlock(b []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_munlock_trampoline), uintptr(_p0), uintptr(len(b)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_munlock_trampoline()
+
+//go:linkname libc_munlock libc_munlock
+//go:cgo_import_dynamic libc_munlock munlock "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlockall() (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_munlockall_trampoline), 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_munlockall_trampoline()
+
+//go:linkname libc_munlockall libc_munlockall
+//go:cgo_import_dynamic libc_munlockall munlockall "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pipe() (r int, w int, err error) {
+	r0, r1, e1 := syscall_rawSyscall(funcPC(libc_pipe_trampoline), 0, 0, 0)
+	r = int(r0)
+	w = int(r1)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_pipe_trampoline()
+
+//go:linkname libc_pipe libc_pipe
+//go:cgo_import_dynamic libc_pipe pipe "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getxattr(path string, attr string, dest *byte, size int, position uint32, options int) (sz int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := syscall_syscall6(funcPC(libc_getxattr_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(dest)), uintptr(size), uintptr(position), uintptr(options))
+	sz = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_getxattr_trampoline()
+
+//go:linkname libc_getxattr libc_getxattr
+//go:cgo_import_dynamic libc_getxattr getxattr "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fgetxattr(fd int, attr string, dest *byte, size int, position uint32, options int) (sz int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := syscall_syscall6(funcPC(libc_fgetxattr_trampoline), uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(dest)), uintptr(size), uintptr(position), uintptr(options))
+	sz = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fgetxattr_trampoline()
+
+//go:linkname libc_fgetxattr libc_fgetxattr
+//go:cgo_import_dynamic libc_fgetxattr fgetxattr "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setxattr(path string, attr string, data *byte, size int, position uint32, options int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(funcPC(libc_setxattr_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(data)), uintptr(size), uintptr(position), uintptr(options))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setxattr_trampoline()
+
+//go:linkname libc_setxattr libc_setxattr
+//go:cgo_import_dynamic libc_setxattr setxattr "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fsetxattr(fd int, attr string, data *byte, size int, position uint32, options int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(funcPC(libc_fsetxattr_trampoline), uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(data)), uintptr(size), uintptr(position), uintptr(options))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fsetxattr_trampoline()
+
+//go:linkname libc_fsetxattr libc_fsetxattr
+//go:cgo_import_dynamic libc_fsetxattr fsetxattr "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func removexattr(path string, attr string, options int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_removexattr_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(options))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_removexattr_trampoline()
+
+//go:linkname libc_removexattr libc_removexattr
+//go:cgo_import_dynamic libc_removexattr removexattr "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fremovexattr(fd int, attr string, options int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_fremovexattr_trampoline), uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(options))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fremovexattr_trampoline()
+
+//go:linkname libc_fremovexattr libc_fremovexattr
+//go:cgo_import_dynamic libc_fremovexattr fremovexattr "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func listxattr(path string, dest *byte, size int, options int) (sz int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := syscall_syscall6(funcPC(libc_listxattr_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(dest)), uintptr(size), uintptr(options), 0, 0)
+	sz = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_listxattr_trampoline()
+
+//go:linkname libc_listxattr libc_listxattr
+//go:cgo_import_dynamic libc_listxattr listxattr "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func flistxattr(fd int, dest *byte, size int, options int) (sz int, err error) {
+	r0, _, e1 := syscall_syscall6(funcPC(libc_flistxattr_trampoline), uintptr(fd), uintptr(unsafe.Pointer(dest)), uintptr(size), uintptr(options), 0, 0)
+	sz = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_flistxattr_trampoline()
+
+//go:linkname libc_flistxattr libc_flistxattr
+//go:cgo_import_dynamic libc_flistxattr flistxattr "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setattrlist(path *byte, list unsafe.Pointer, buf unsafe.Pointer, size uintptr, options int) (err error) {
+	_, _, e1 := syscall_syscall6(funcPC(libc_setattrlist_trampoline), uintptr(unsafe.Pointer(path)), uintptr(list), uintptr(buf), uintptr(size), uintptr(options), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setattrlist_trampoline()
+
+//go:linkname libc_setattrlist libc_setattrlist
+//go:cgo_import_dynamic libc_setattrlist setattrlist "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fcntl(fd int, cmd int, arg int) (val int, err error) {
+	r0, _, e1 := syscall_syscall(funcPC(libc_fcntl_trampoline), uintptr(fd), uintptr(cmd), uintptr(arg))
+	val = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fcntl_trampoline()
+
+//go:linkname libc_fcntl libc_fcntl
+//go:cgo_import_dynamic libc_fcntl fcntl "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func kill(pid int, signum int, posix int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_kill_trampoline), uintptr(pid), uintptr(signum), uintptr(posix))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_kill_trampoline()
+
+//go:linkname libc_kill libc_kill
+//go:cgo_import_dynamic libc_kill kill "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ioctl(fd int, req uint, arg uintptr) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_ioctl_trampoline), uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_ioctl_trampoline()
+
+//go:linkname libc_ioctl libc_ioctl
+//go:cgo_import_dynamic libc_ioctl ioctl "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
+	var _p0 unsafe.Pointer
+	if len(mib) > 0 {
+		_p0 = unsafe.Pointer(&mib[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := syscall_syscall6(funcPC(libc_sysctl_trampoline), uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_sysctl_trampoline()
+
+//go:linkname libc_sysctl libc_sysctl
+//go:cgo_import_dynamic libc_sysctl sysctl "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendfile(infd int, outfd int, offset int64, len *int64, hdtr unsafe.Pointer, flags int) (err error) {
+	_, _, e1 := syscall_syscall9(funcPC(libc_sendfile_trampoline), uintptr(infd), uintptr(outfd), uintptr(offset), uintptr(offset>>32), uintptr(unsafe.Pointer(len)), uintptr(hdtr), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_sendfile_trampoline()
+
+//go:linkname libc_sendfile libc_sendfile
+//go:cgo_import_dynamic libc_sendfile sendfile "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Access(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_access_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_access_trampoline()
+
+//go:linkname libc_access libc_access
+//go:cgo_import_dynamic libc_access access "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Adjtime(delta *Timeval, olddelta *Timeval) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_adjtime_trampoline), uintptr(unsafe.Pointer(delta)), uintptr(unsafe.Pointer(olddelta)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_adjtime_trampoline()
+
+//go:linkname libc_adjtime libc_adjtime
+//go:cgo_import_dynamic libc_adjtime adjtime "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chdir(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_chdir_trampoline), uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_chdir_trampoline()
+
+//go:linkname libc_chdir libc_chdir
+//go:cgo_import_dynamic libc_chdir chdir "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chflags(path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_chflags_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_chflags_trampoline()
+
+//go:linkname libc_chflags libc_chflags
+//go:cgo_import_dynamic libc_chflags chflags "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chmod(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_chmod_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_chmod_trampoline()
+
+//go:linkname libc_chmod libc_chmod
+//go:cgo_import_dynamic libc_chmod chmod "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_chown_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_chown_trampoline()
+
+//go:linkname libc_chown libc_chown
+//go:cgo_import_dynamic libc_chown chown "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chroot(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_chroot_trampoline), uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_chroot_trampoline()
+
+//go:linkname libc_chroot libc_chroot
+//go:cgo_import_dynamic libc_chroot chroot "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ClockGettime(clockid int32, time *Timespec) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_clock_gettime_trampoline), uintptr(clockid), uintptr(unsafe.Pointer(time)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_clock_gettime_trampoline()
+
+//go:linkname libc_clock_gettime libc_clock_gettime
+//go:cgo_import_dynamic libc_clock_gettime clock_gettime "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Close(fd int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_close_trampoline), uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_close_trampoline()
+
+//go:linkname libc_close libc_close
+//go:cgo_import_dynamic libc_close close "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Clonefile(src string, dst string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(src)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(dst)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_clonefile_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_clonefile_trampoline()
+
+//go:linkname libc_clonefile libc_clonefile
+//go:cgo_import_dynamic libc_clonefile clonefile "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Clonefileat(srcDirfd int, src string, dstDirfd int, dst string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(src)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(dst)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(funcPC(libc_clonefileat_trampoline), uintptr(srcDirfd), uintptr(unsafe.Pointer(_p0)), uintptr(dstDirfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_clonefileat_trampoline()
+
+//go:linkname libc_clonefileat libc_clonefileat
+//go:cgo_import_dynamic libc_clonefileat clonefileat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup(fd int) (nfd int, err error) {
+	r0, _, e1 := syscall_syscall(funcPC(libc_dup_trampoline), uintptr(fd), 0, 0)
+	nfd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_dup_trampoline()
+
+//go:linkname libc_dup libc_dup
+//go:cgo_import_dynamic libc_dup dup "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup2(from int, to int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_dup2_trampoline), uintptr(from), uintptr(to), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_dup2_trampoline()
+
+//go:linkname libc_dup2 libc_dup2
+//go:cgo_import_dynamic libc_dup2 dup2 "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Exchangedata(path1 string, path2 string, options int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path1)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(path2)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_exchangedata_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(options))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_exchangedata_trampoline()
+
+//go:linkname libc_exchangedata libc_exchangedata
+//go:cgo_import_dynamic libc_exchangedata exchangedata "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Exit(code int) {
+	syscall_syscall(funcPC(libc_exit_trampoline), uintptr(code), 0, 0)
+	return
+}
+
+func libc_exit_trampoline()
+
+//go:linkname libc_exit libc_exit
+//go:cgo_import_dynamic libc_exit exit "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(funcPC(libc_faccessat_trampoline), uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_faccessat_trampoline()
+
+//go:linkname libc_faccessat libc_faccessat
+//go:cgo_import_dynamic libc_faccessat faccessat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchdir(fd int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_fchdir_trampoline), uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fchdir_trampoline()
+
+//go:linkname libc_fchdir libc_fchdir
+//go:cgo_import_dynamic libc_fchdir fchdir "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchflags(fd int, flags int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_fchflags_trampoline), uintptr(fd), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fchflags_trampoline()
+
+//go:linkname libc_fchflags libc_fchflags
+//go:cgo_import_dynamic libc_fchflags fchflags "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmod(fd int, mode uint32) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_fchmod_trampoline), uintptr(fd), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fchmod_trampoline()
+
+//go:linkname libc_fchmod libc_fchmod
+//go:cgo_import_dynamic libc_fchmod fchmod "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(funcPC(libc_fchmodat_trampoline), uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fchmodat_trampoline()
+
+//go:linkname libc_fchmodat libc_fchmodat
+//go:cgo_import_dynamic libc_fchmodat fchmodat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchown(fd int, uid int, gid int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_fchown_trampoline), uintptr(fd), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fchown_trampoline()
+
+//go:linkname libc_fchown libc_fchown
+//go:cgo_import_dynamic libc_fchown fchown "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(funcPC(libc_fchownat_trampoline), uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fchownat_trampoline()
+
+//go:linkname libc_fchownat libc_fchownat
+//go:cgo_import_dynamic libc_fchownat fchownat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fclonefileat(srcDirfd int, dstDirfd int, dst string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(dst)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(funcPC(libc_fclonefileat_trampoline), uintptr(srcDirfd), uintptr(dstDirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fclonefileat_trampoline()
+
+//go:linkname libc_fclonefileat libc_fclonefileat
+//go:cgo_import_dynamic libc_fclonefileat fclonefileat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Flock(fd int, how int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_flock_trampoline), uintptr(fd), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_flock_trampoline()
+
+//go:linkname libc_flock libc_flock
+//go:cgo_import_dynamic libc_flock flock "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fpathconf(fd int, name int) (val int, err error) {
+	r0, _, e1 := syscall_syscall(funcPC(libc_fpathconf_trampoline), uintptr(fd), uintptr(name), 0)
+	val = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fpathconf_trampoline()
+
+//go:linkname libc_fpathconf libc_fpathconf
+//go:cgo_import_dynamic libc_fpathconf fpathconf "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fsync(fd int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_fsync_trampoline), uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fsync_trampoline()
+
+//go:linkname libc_fsync libc_fsync
+//go:cgo_import_dynamic libc_fsync fsync "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ftruncate(fd int, length int64) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_ftruncate_trampoline), uintptr(fd), uintptr(length), uintptr(length>>32))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_ftruncate_trampoline()
+
+//go:linkname libc_ftruncate libc_ftruncate
+//go:cgo_import_dynamic libc_ftruncate ftruncate "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getcwd(buf []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall(funcPC(libc_getcwd_trampoline), uintptr(_p0), uintptr(len(buf)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_getcwd_trampoline()
+
+//go:linkname libc_getcwd libc_getcwd
+//go:cgo_import_dynamic libc_getcwd getcwd "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getdtablesize() (size int) {
+	r0, _, _ := syscall_syscall(funcPC(libc_getdtablesize_trampoline), 0, 0, 0)
+	size = int(r0)
+	return
+}
+
+func libc_getdtablesize_trampoline()
+
+//go:linkname libc_getdtablesize libc_getdtablesize
+//go:cgo_import_dynamic libc_getdtablesize getdtablesize "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getegid() (egid int) {
+	r0, _, _ := syscall_rawSyscall(funcPC(libc_getegid_trampoline), 0, 0, 0)
+	egid = int(r0)
+	return
+}
+
+func libc_getegid_trampoline()
+
+//go:linkname libc_getegid libc_getegid
+//go:cgo_import_dynamic libc_getegid getegid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Geteuid() (uid int) {
+	r0, _, _ := syscall_rawSyscall(funcPC(libc_geteuid_trampoline), 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+func libc_geteuid_trampoline()
+
+//go:linkname libc_geteuid libc_geteuid
+//go:cgo_import_dynamic libc_geteuid geteuid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getgid() (gid int) {
+	r0, _, _ := syscall_rawSyscall(funcPC(libc_getgid_trampoline), 0, 0, 0)
+	gid = int(r0)
+	return
+}
+
+func libc_getgid_trampoline()
+
+//go:linkname libc_getgid libc_getgid
+//go:cgo_import_dynamic libc_getgid getgid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgid(pid int) (pgid int, err error) {
+	r0, _, e1 := syscall_rawSyscall(funcPC(libc_getpgid_trampoline), uintptr(pid), 0, 0)
+	pgid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_getpgid_trampoline()
+
+//go:linkname libc_getpgid libc_getpgid
+//go:cgo_import_dynamic libc_getpgid getpgid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgrp() (pgrp int) {
+	r0, _, _ := syscall_rawSyscall(funcPC(libc_getpgrp_trampoline), 0, 0, 0)
+	pgrp = int(r0)
+	return
+}
+
+func libc_getpgrp_trampoline()
+
+//go:linkname libc_getpgrp libc_getpgrp
+//go:cgo_import_dynamic libc_getpgrp getpgrp "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpid() (pid int) {
+	r0, _, _ := syscall_rawSyscall(funcPC(libc_getpid_trampoline), 0, 0, 0)
+	pid = int(r0)
+	return
+}
+
+func libc_getpid_trampoline()
+
+//go:linkname libc_getpid libc_getpid
+//go:cgo_import_dynamic libc_getpid getpid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getppid() (ppid int) {
+	r0, _, _ := syscall_rawSyscall(funcPC(libc_getppid_trampoline), 0, 0, 0)
+	ppid = int(r0)
+	return
+}
+
+func libc_getppid_trampoline()
+
+//go:linkname libc_getppid libc_getppid
+//go:cgo_import_dynamic libc_getppid getppid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpriority(which int, who int) (prio int, err error) {
+	r0, _, e1 := syscall_syscall(funcPC(libc_getpriority_trampoline), uintptr(which), uintptr(who), 0)
+	prio = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_getpriority_trampoline()
+
+//go:linkname libc_getpriority libc_getpriority
+//go:cgo_import_dynamic libc_getpriority getpriority "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrlimit(which int, lim *Rlimit) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_getrlimit_trampoline), uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_getrlimit_trampoline()
+
+//go:linkname libc_getrlimit libc_getrlimit
+//go:cgo_import_dynamic libc_getrlimit getrlimit "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrusage(who int, rusage *Rusage) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_getrusage_trampoline), uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_getrusage_trampoline()
+
+//go:linkname libc_getrusage libc_getrusage
+//go:cgo_import_dynamic libc_getrusage getrusage "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getsid(pid int) (sid int, err error) {
+	r0, _, e1 := syscall_rawSyscall(funcPC(libc_getsid_trampoline), uintptr(pid), 0, 0)
+	sid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_getsid_trampoline()
+
+//go:linkname libc_getsid libc_getsid
+//go:cgo_import_dynamic libc_getsid getsid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Gettimeofday(tp *Timeval) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_gettimeofday_trampoline), uintptr(unsafe.Pointer(tp)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_gettimeofday_trampoline()
+
+//go:linkname libc_gettimeofday libc_gettimeofday
+//go:cgo_import_dynamic libc_gettimeofday gettimeofday "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getuid() (uid int) {
+	r0, _, _ := syscall_rawSyscall(funcPC(libc_getuid_trampoline), 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+func libc_getuid_trampoline()
+
+//go:linkname libc_getuid libc_getuid
+//go:cgo_import_dynamic libc_getuid getuid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Issetugid() (tainted bool) {
+	r0, _, _ := syscall_rawSyscall(funcPC(libc_issetugid_trampoline), 0, 0, 0)
+	tainted = bool(r0 != 0)
+	return
+}
+
+func libc_issetugid_trampoline()
+
+//go:linkname libc_issetugid libc_issetugid
+//go:cgo_import_dynamic libc_issetugid issetugid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Kqueue() (fd int, err error) {
+	r0, _, e1 := syscall_syscall(funcPC(libc_kqueue_trampoline), 0, 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_kqueue_trampoline()
+
+//go:linkname libc_kqueue libc_kqueue
+//go:cgo_import_dynamic libc_kqueue kqueue "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lchown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_lchown_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_lchown_trampoline()
+
+//go:linkname libc_lchown libc_lchown
+//go:cgo_import_dynamic libc_lchown lchown "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Link(path string, link string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_link_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_link_trampoline()
+
+//go:linkname libc_link libc_link
+//go:cgo_import_dynamic libc_link link "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(funcPC(libc_linkat_trampoline), uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_linkat_trampoline()
+
+//go:linkname libc_linkat libc_linkat
+//go:cgo_import_dynamic libc_linkat linkat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Listen(s int, backlog int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_listen_trampoline), uintptr(s), uintptr(backlog), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_listen_trampoline()
+
+//go:linkname libc_listen libc_listen
+//go:cgo_import_dynamic libc_listen listen "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdir(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_mkdir_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_mkdir_trampoline()
+
+//go:linkname libc_mkdir libc_mkdir
+//go:cgo_import_dynamic libc_mkdir mkdir "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdirat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_mkdirat_trampoline), uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_mkdirat_trampoline()
+
+//go:linkname libc_mkdirat libc_mkdirat
+//go:cgo_import_dynamic libc_mkdirat mkdirat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkfifo(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_mkfifo_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_mkfifo_trampoline()
+
+//go:linkname libc_mkfifo libc_mkfifo
+//go:cgo_import_dynamic libc_mkfifo mkfifo "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mknod(path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_mknod_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_mknod_trampoline()
+
+//go:linkname libc_mknod libc_mknod
+//go:cgo_import_dynamic libc_mknod mknod "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Open(path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := syscall_syscall(funcPC(libc_open_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_open_trampoline()
+
+//go:linkname libc_open libc_open
+//go:cgo_import_dynamic libc_open open "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := syscall_syscall6(funcPC(libc_openat_trampoline), uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_openat_trampoline()
+
+//go:linkname libc_openat libc_openat
+//go:cgo_import_dynamic libc_openat openat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pathconf(path string, name int) (val int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := syscall_syscall(funcPC(libc_pathconf_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(name), 0)
+	val = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_pathconf_trampoline()
+
+//go:linkname libc_pathconf libc_pathconf
+//go:cgo_import_dynamic libc_pathconf pathconf "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pread(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall6(funcPC(libc_pread_trampoline), uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), uintptr(offset>>32), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_pread_trampoline()
+
+//go:linkname libc_pread libc_pread
+//go:cgo_import_dynamic libc_pread pread "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall6(funcPC(libc_pwrite_trampoline), uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), uintptr(offset>>32), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_pwrite_trampoline()
+
+//go:linkname libc_pwrite libc_pwrite
+//go:cgo_import_dynamic libc_pwrite pwrite "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func read(fd int, p []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall(funcPC(libc_read_trampoline), uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_read_trampoline()
+
+//go:linkname libc_read libc_read
+//go:cgo_import_dynamic libc_read read "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Readlink(path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall(funcPC(libc_readlink_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_readlink_trampoline()
+
+//go:linkname libc_readlink libc_readlink
+//go:cgo_import_dynamic libc_readlink readlink "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall6(funcPC(libc_readlinkat_trampoline), uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_readlinkat_trampoline()
+
+//go:linkname libc_readlinkat libc_readlinkat
+//go:cgo_import_dynamic libc_readlinkat readlinkat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Rename(from string, to string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_rename_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_rename_trampoline()
+
+//go:linkname libc_rename libc_rename
+//go:cgo_import_dynamic libc_rename rename "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Renameat(fromfd int, from string, tofd int, to string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(funcPC(libc_renameat_trampoline), uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_renameat_trampoline()
+
+//go:linkname libc_renameat libc_renameat
+//go:cgo_import_dynamic libc_renameat renameat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Revoke(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_revoke_trampoline), uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_revoke_trampoline()
+
+//go:linkname libc_revoke libc_revoke
+//go:cgo_import_dynamic libc_revoke revoke "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Rmdir(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_rmdir_trampoline), uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_rmdir_trampoline()
+
+//go:linkname libc_rmdir libc_rmdir
+//go:cgo_import_dynamic libc_rmdir rmdir "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
+	r0, r1, e1 := syscall_syscall6(funcPC(libc_lseek_trampoline), uintptr(fd), uintptr(offset), uintptr(offset>>32), uintptr(whence), 0, 0)
+	newoffset = int64(int64(r1)<<32 | int64(r0))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_lseek_trampoline()
+
+//go:linkname libc_lseek libc_lseek
+//go:cgo_import_dynamic libc_lseek lseek "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, _, e1 := syscall_syscall6(funcPC(libc_select_trampoline), uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_select_trampoline()
+
+//go:linkname libc_select libc_select
+//go:cgo_import_dynamic libc_select select "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setegid(egid int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_setegid_trampoline), uintptr(egid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setegid_trampoline()
+
+//go:linkname libc_setegid libc_setegid
+//go:cgo_import_dynamic libc_setegid setegid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seteuid(euid int) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_seteuid_trampoline), uintptr(euid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_seteuid_trampoline()
+
+//go:linkname libc_seteuid libc_seteuid
+//go:cgo_import_dynamic libc_seteuid seteuid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setgid(gid int) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_setgid_trampoline), uintptr(gid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setgid_trampoline()
+
+//go:linkname libc_setgid libc_setgid
+//go:cgo_import_dynamic libc_setgid setgid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setlogin(name string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(name)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_setlogin_trampoline), uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setlogin_trampoline()
+
+//go:linkname libc_setlogin libc_setlogin
+//go:cgo_import_dynamic libc_setlogin setlogin "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpgid(pid int, pgid int) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_setpgid_trampoline), uintptr(pid), uintptr(pgid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setpgid_trampoline()
+
+//go:linkname libc_setpgid libc_setpgid
+//go:cgo_import_dynamic libc_setpgid setpgid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpriority(which int, who int, prio int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_setpriority_trampoline), uintptr(which), uintptr(who), uintptr(prio))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setpriority_trampoline()
+
+//go:linkname libc_setpriority libc_setpriority
+//go:cgo_import_dynamic libc_setpriority setpriority "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setprivexec(flag int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_setprivexec_trampoline), uintptr(flag), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setprivexec_trampoline()
+
+//go:linkname libc_setprivexec libc_setprivexec
+//go:cgo_import_dynamic libc_setprivexec setprivexec "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setregid(rgid int, egid int) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_setregid_trampoline), uintptr(rgid), uintptr(egid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setregid_trampoline()
+
+//go:linkname libc_setregid libc_setregid
+//go:cgo_import_dynamic libc_setregid setregid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setreuid(ruid int, euid int) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_setreuid_trampoline), uintptr(ruid), uintptr(euid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setreuid_trampoline()
+
+//go:linkname libc_setreuid libc_setreuid
+//go:cgo_import_dynamic libc_setreuid setreuid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setrlimit(which int, lim *Rlimit) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_setrlimit_trampoline), uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setrlimit_trampoline()
+
+//go:linkname libc_setrlimit libc_setrlimit
+//go:cgo_import_dynamic libc_setrlimit setrlimit "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setsid() (pid int, err error) {
+	r0, _, e1 := syscall_rawSyscall(funcPC(libc_setsid_trampoline), 0, 0, 0)
+	pid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setsid_trampoline()
+
+//go:linkname libc_setsid libc_setsid
+//go:cgo_import_dynamic libc_setsid setsid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Settimeofday(tp *Timeval) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_settimeofday_trampoline), uintptr(unsafe.Pointer(tp)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_settimeofday_trampoline()
+
+//go:linkname libc_settimeofday libc_settimeofday
+//go:cgo_import_dynamic libc_settimeofday settimeofday "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setuid(uid int) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_setuid_trampoline), uintptr(uid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setuid_trampoline()
+
+//go:linkname libc_setuid libc_setuid
+//go:cgo_import_dynamic libc_setuid setuid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Symlink(path string, link string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_symlink_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_symlink_trampoline()
+
+//go:linkname libc_symlink libc_symlink
+//go:cgo_import_dynamic libc_symlink symlink "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_symlinkat_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_symlinkat_trampoline()
+
+//go:linkname libc_symlinkat libc_symlinkat
+//go:cgo_import_dynamic libc_symlinkat symlinkat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Sync() (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_sync_trampoline), 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_sync_trampoline()
+
+//go:linkname libc_sync libc_sync
+//go:cgo_import_dynamic libc_sync sync "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Truncate(path string, length int64) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_truncate_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(length), uintptr(length>>32))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_truncate_trampoline()
+
+//go:linkname libc_truncate libc_truncate
+//go:cgo_import_dynamic libc_truncate truncate "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Umask(newmask int) (oldmask int) {
+	r0, _, _ := syscall_syscall(funcPC(libc_umask_trampoline), uintptr(newmask), 0, 0)
+	oldmask = int(r0)
+	return
+}
+
+func libc_umask_trampoline()
+
+//go:linkname libc_umask libc_umask
+//go:cgo_import_dynamic libc_umask umask "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Undelete(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_undelete_trampoline), uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_undelete_trampoline()
+
+//go:linkname libc_undelete libc_undelete
+//go:cgo_import_dynamic libc_undelete undelete "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlink(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_unlink_trampoline), uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_unlink_trampoline()
+
+//go:linkname libc_unlink libc_unlink
+//go:cgo_import_dynamic libc_unlink unlink "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlinkat(dirfd int, path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_unlinkat_trampoline), uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_unlinkat_trampoline()
+
+//go:linkname libc_unlinkat libc_unlinkat
+//go:cgo_import_dynamic libc_unlinkat unlinkat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unmount(path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_unmount_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_unmount_trampoline()
+
+//go:linkname libc_unmount libc_unmount
+//go:cgo_import_dynamic libc_unmount unmount "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func write(fd int, p []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall(funcPC(libc_write_trampoline), uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_write_trampoline()
+
+//go:linkname libc_write libc_write
+//go:cgo_import_dynamic libc_write write "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) {
+	r0, _, e1 := syscall_syscall9(funcPC(libc_mmap_trampoline), uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), uintptr(pos), uintptr(pos>>32), 0, 0)
+	ret = uintptr(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_mmap_trampoline()
+
+//go:linkname libc_mmap libc_mmap
+//go:cgo_import_dynamic libc_mmap mmap "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func munmap(addr uintptr, length uintptr) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_munmap_trampoline), uintptr(addr), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_munmap_trampoline()
+
+//go:linkname libc_munmap libc_munmap
+//go:cgo_import_dynamic libc_munmap munmap "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func readlen(fd int, buf *byte, nbuf int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(funcPC(libc_read_trampoline), uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func writelen(fd int, buf *byte, nbuf int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(funcPC(libc_write_trampoline), uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstat(fd int, stat *Stat_t) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_fstat_trampoline), uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fstat_trampoline()
+
+//go:linkname libc_fstat libc_fstat
+//go:cgo_import_dynamic libc_fstat fstat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(funcPC(libc_fstatat_trampoline), uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fstatat_trampoline()
+
+//go:linkname libc_fstatat libc_fstatat
+//go:cgo_import_dynamic libc_fstatat fstatat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatfs(fd int, stat *Statfs_t) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_fstatfs_trampoline), uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fstatfs_trampoline()
+
+//go:linkname libc_fstatfs libc_fstatfs
+//go:cgo_import_dynamic libc_fstatfs fstatfs "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getfsstat(buf unsafe.Pointer, size uintptr, flags int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(funcPC(libc_getfsstat_trampoline), uintptr(buf), uintptr(size), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_getfsstat_trampoline()
+
+//go:linkname libc_getfsstat libc_getfsstat
+//go:cgo_import_dynamic libc_getfsstat getfsstat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lstat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_lstat_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_lstat_trampoline()
+
+//go:linkname libc_lstat libc_lstat
+//go:cgo_import_dynamic libc_lstat lstat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Stat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_stat_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_stat_trampoline()
+
+//go:linkname libc_stat libc_stat
+//go:cgo_import_dynamic libc_stat stat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Statfs(path string, stat *Statfs_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_statfs_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_statfs_trampoline()
+
+//go:linkname libc_statfs libc_statfs
+//go:cgo_import_dynamic libc_statfs statfs "/usr/lib/libSystem.B.dylib"
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm.s b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm.s
new file mode 100644
index 000000000..5eec5f1d9
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm.s
@@ -0,0 +1,288 @@
+// go run mkasm_darwin.go arm
+// Code generated by the command above; DO NOT EDIT.
+
+// +build go1.12
+
+#include "textflag.h"
+TEXT ·libc_getgroups_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getgroups(SB)
+TEXT ·libc_setgroups_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setgroups(SB)
+TEXT ·libc_wait4_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_wait4(SB)
+TEXT ·libc_accept_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_accept(SB)
+TEXT ·libc_bind_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_bind(SB)
+TEXT ·libc_connect_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_connect(SB)
+TEXT ·libc_socket_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_socket(SB)
+TEXT ·libc_getsockopt_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getsockopt(SB)
+TEXT ·libc_setsockopt_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setsockopt(SB)
+TEXT ·libc_getpeername_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getpeername(SB)
+TEXT ·libc_getsockname_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getsockname(SB)
+TEXT ·libc_shutdown_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_shutdown(SB)
+TEXT ·libc_socketpair_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_socketpair(SB)
+TEXT ·libc_recvfrom_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_recvfrom(SB)
+TEXT ·libc_sendto_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_sendto(SB)
+TEXT ·libc_recvmsg_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_recvmsg(SB)
+TEXT ·libc_sendmsg_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_sendmsg(SB)
+TEXT ·libc_kevent_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_kevent(SB)
+TEXT ·libc_utimes_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_utimes(SB)
+TEXT ·libc_futimes_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_futimes(SB)
+TEXT ·libc_poll_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_poll(SB)
+TEXT ·libc_madvise_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_madvise(SB)
+TEXT ·libc_mlock_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_mlock(SB)
+TEXT ·libc_mlockall_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_mlockall(SB)
+TEXT ·libc_mprotect_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_mprotect(SB)
+TEXT ·libc_msync_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_msync(SB)
+TEXT ·libc_munlock_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_munlock(SB)
+TEXT ·libc_munlockall_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_munlockall(SB)
+TEXT ·libc_pipe_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_pipe(SB)
+TEXT ·libc_getxattr_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getxattr(SB)
+TEXT ·libc_fgetxattr_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fgetxattr(SB)
+TEXT ·libc_setxattr_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setxattr(SB)
+TEXT ·libc_fsetxattr_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fsetxattr(SB)
+TEXT ·libc_removexattr_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_removexattr(SB)
+TEXT ·libc_fremovexattr_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fremovexattr(SB)
+TEXT ·libc_listxattr_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_listxattr(SB)
+TEXT ·libc_flistxattr_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_flistxattr(SB)
+TEXT ·libc_setattrlist_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setattrlist(SB)
+TEXT ·libc_fcntl_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fcntl(SB)
+TEXT ·libc_kill_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_kill(SB)
+TEXT ·libc_ioctl_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_ioctl(SB)
+TEXT ·libc_sysctl_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_sysctl(SB)
+TEXT ·libc_sendfile_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_sendfile(SB)
+TEXT ·libc_access_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_access(SB)
+TEXT ·libc_adjtime_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_adjtime(SB)
+TEXT ·libc_chdir_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_chdir(SB)
+TEXT ·libc_chflags_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_chflags(SB)
+TEXT ·libc_chmod_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_chmod(SB)
+TEXT ·libc_chown_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_chown(SB)
+TEXT ·libc_chroot_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_chroot(SB)
+TEXT ·libc_clock_gettime_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_clock_gettime(SB)
+TEXT ·libc_close_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_close(SB)
+TEXT ·libc_clonefile_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_clonefile(SB)
+TEXT ·libc_clonefileat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_clonefileat(SB)
+TEXT ·libc_dup_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_dup(SB)
+TEXT ·libc_dup2_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_dup2(SB)
+TEXT ·libc_exchangedata_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_exchangedata(SB)
+TEXT ·libc_exit_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_exit(SB)
+TEXT ·libc_faccessat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_faccessat(SB)
+TEXT ·libc_fchdir_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fchdir(SB)
+TEXT ·libc_fchflags_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fchflags(SB)
+TEXT ·libc_fchmod_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fchmod(SB)
+TEXT ·libc_fchmodat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fchmodat(SB)
+TEXT ·libc_fchown_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fchown(SB)
+TEXT ·libc_fchownat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fchownat(SB)
+TEXT ·libc_fclonefileat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fclonefileat(SB)
+TEXT ·libc_flock_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_flock(SB)
+TEXT ·libc_fpathconf_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fpathconf(SB)
+TEXT ·libc_fsync_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fsync(SB)
+TEXT ·libc_ftruncate_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_ftruncate(SB)
+TEXT ·libc_getcwd_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getcwd(SB)
+TEXT ·libc_getdtablesize_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getdtablesize(SB)
+TEXT ·libc_getegid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getegid(SB)
+TEXT ·libc_geteuid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_geteuid(SB)
+TEXT ·libc_getgid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getgid(SB)
+TEXT ·libc_getpgid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getpgid(SB)
+TEXT ·libc_getpgrp_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getpgrp(SB)
+TEXT ·libc_getpid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getpid(SB)
+TEXT ·libc_getppid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getppid(SB)
+TEXT ·libc_getpriority_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getpriority(SB)
+TEXT ·libc_getrlimit_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getrlimit(SB)
+TEXT ·libc_getrusage_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getrusage(SB)
+TEXT ·libc_getsid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getsid(SB)
+TEXT ·libc_gettimeofday_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_gettimeofday(SB)
+TEXT ·libc_getuid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getuid(SB)
+TEXT ·libc_issetugid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_issetugid(SB)
+TEXT ·libc_kqueue_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_kqueue(SB)
+TEXT ·libc_lchown_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_lchown(SB)
+TEXT ·libc_link_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_link(SB)
+TEXT ·libc_linkat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_linkat(SB)
+TEXT ·libc_listen_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_listen(SB)
+TEXT ·libc_mkdir_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_mkdir(SB)
+TEXT ·libc_mkdirat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_mkdirat(SB)
+TEXT ·libc_mkfifo_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_mkfifo(SB)
+TEXT ·libc_mknod_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_mknod(SB)
+TEXT ·libc_open_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_open(SB)
+TEXT ·libc_openat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_openat(SB)
+TEXT ·libc_pathconf_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_pathconf(SB)
+TEXT ·libc_pread_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_pread(SB)
+TEXT ·libc_pwrite_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_pwrite(SB)
+TEXT ·libc_read_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_read(SB)
+TEXT ·libc_readlink_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_readlink(SB)
+TEXT ·libc_readlinkat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_readlinkat(SB)
+TEXT ·libc_rename_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_rename(SB)
+TEXT ·libc_renameat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_renameat(SB)
+TEXT ·libc_revoke_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_revoke(SB)
+TEXT ·libc_rmdir_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_rmdir(SB)
+TEXT ·libc_lseek_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_lseek(SB)
+TEXT ·libc_select_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_select(SB)
+TEXT ·libc_setegid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setegid(SB)
+TEXT ·libc_seteuid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_seteuid(SB)
+TEXT ·libc_setgid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setgid(SB)
+TEXT ·libc_setlogin_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setlogin(SB)
+TEXT ·libc_setpgid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setpgid(SB)
+TEXT ·libc_setpriority_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setpriority(SB)
+TEXT ·libc_setprivexec_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setprivexec(SB)
+TEXT ·libc_setregid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setregid(SB)
+TEXT ·libc_setreuid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setreuid(SB)
+TEXT ·libc_setrlimit_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setrlimit(SB)
+TEXT ·libc_setsid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setsid(SB)
+TEXT ·libc_settimeofday_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_settimeofday(SB)
+TEXT ·libc_setuid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setuid(SB)
+TEXT ·libc_symlink_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_symlink(SB)
+TEXT ·libc_symlinkat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_symlinkat(SB)
+TEXT ·libc_sync_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_sync(SB)
+TEXT ·libc_truncate_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_truncate(SB)
+TEXT ·libc_umask_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_umask(SB)
+TEXT ·libc_undelete_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_undelete(SB)
+TEXT ·libc_unlink_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_unlink(SB)
+TEXT ·libc_unlinkat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_unlinkat(SB)
+TEXT ·libc_unmount_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_unmount(SB)
+TEXT ·libc_write_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_write(SB)
+TEXT ·libc_mmap_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_mmap(SB)
+TEXT ·libc_munmap_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_munmap(SB)
+TEXT ·libc_fstat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fstat(SB)
+TEXT ·libc_fstatat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fstatat(SB)
+TEXT ·libc_fstatfs_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fstatfs(SB)
+TEXT ·libc_getfsstat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getfsstat(SB)
+TEXT ·libc_lstat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_lstat(SB)
+TEXT ·libc_stat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_stat(SB)
+TEXT ·libc_statfs_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_statfs(SB)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.1_13.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.1_13.go
new file mode 100644
index 000000000..d64e6c806
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.1_13.go
@@ -0,0 +1,41 @@
+// go run mksyscall.go -tags darwin,arm64,go1.13 syscall_darwin.1_13.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build darwin,arm64,go1.13
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+var _ syscall.Errno
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func closedir(dir uintptr) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_closedir_trampoline), uintptr(dir), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_closedir_trampoline()
+
+//go:linkname libc_closedir libc_closedir
+//go:cgo_import_dynamic libc_closedir closedir "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func readdir_r(dir uintptr, entry *Dirent, result **Dirent) (res Errno) {
+	r0, _, _ := syscall_syscall(funcPC(libc_readdir_r_trampoline), uintptr(dir), uintptr(unsafe.Pointer(entry)), uintptr(unsafe.Pointer(result)))
+	res = Errno(r0)
+	return
+}
+
+func libc_readdir_r_trampoline()
+
+//go:linkname libc_readdir_r libc_readdir_r
+//go:cgo_import_dynamic libc_readdir_r readdir_r "/usr/lib/libSystem.B.dylib"
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.1_13.s b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.1_13.s
new file mode 100644
index 000000000..b29dabb0f
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.1_13.s
@@ -0,0 +1,12 @@
+// go run mkasm_darwin.go arm64
+// Code generated by the command above; DO NOT EDIT.
+
+// +build go1.13
+
+#include "textflag.h"
+TEXT ·libc_fdopendir_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fdopendir(SB)
+TEXT ·libc_closedir_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_closedir(SB)
+TEXT ·libc_readdir_r_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_readdir_r(SB)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go
new file mode 100644
index 000000000..08638436c
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go
@@ -0,0 +1,2559 @@
+// go run mksyscall.go -tags darwin,arm64,go1.12 syscall_bsd.go syscall_darwin.go syscall_darwin_arm64.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build darwin,arm64,go1.12
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+var _ syscall.Errno
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getgroups(ngid int, gid *_Gid_t) (n int, err error) {
+	r0, _, e1 := syscall_rawSyscall(funcPC(libc_getgroups_trampoline), uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_getgroups_trampoline()
+
+//go:linkname libc_getgroups libc_getgroups
+//go:cgo_import_dynamic libc_getgroups getgroups "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setgroups(ngid int, gid *_Gid_t) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_setgroups_trampoline), uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setgroups_trampoline()
+
+//go:linkname libc_setgroups libc_setgroups
+//go:cgo_import_dynamic libc_setgroups setgroups "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) {
+	r0, _, e1 := syscall_syscall6(funcPC(libc_wait4_trampoline), uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0)
+	wpid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_wait4_trampoline()
+
+//go:linkname libc_wait4 libc_wait4
+//go:cgo_import_dynamic libc_wait4 wait4 "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
+	r0, _, e1 := syscall_syscall(funcPC(libc_accept_trampoline), uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_accept_trampoline()
+
+//go:linkname libc_accept libc_accept
+//go:cgo_import_dynamic libc_accept accept "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_bind_trampoline), uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_bind_trampoline()
+
+//go:linkname libc_bind libc_bind
+//go:cgo_import_dynamic libc_bind bind "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_connect_trampoline), uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_connect_trampoline()
+
+//go:linkname libc_connect libc_connect
+//go:cgo_import_dynamic libc_connect connect "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socket(domain int, typ int, proto int) (fd int, err error) {
+	r0, _, e1 := syscall_rawSyscall(funcPC(libc_socket_trampoline), uintptr(domain), uintptr(typ), uintptr(proto))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_socket_trampoline()
+
+//go:linkname libc_socket libc_socket
+//go:cgo_import_dynamic libc_socket socket "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
+	_, _, e1 := syscall_syscall6(funcPC(libc_getsockopt_trampoline), uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_getsockopt_trampoline()
+
+//go:linkname libc_getsockopt libc_getsockopt
+//go:cgo_import_dynamic libc_getsockopt getsockopt "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
+	_, _, e1 := syscall_syscall6(funcPC(libc_setsockopt_trampoline), uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setsockopt_trampoline()
+
+//go:linkname libc_setsockopt libc_setsockopt
+//go:cgo_import_dynamic libc_setsockopt setsockopt "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_getpeername_trampoline), uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_getpeername_trampoline()
+
+//go:linkname libc_getpeername libc_getpeername
+//go:cgo_import_dynamic libc_getpeername getpeername "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_getsockname_trampoline), uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_getsockname_trampoline()
+
+//go:linkname libc_getsockname libc_getsockname
+//go:cgo_import_dynamic libc_getsockname getsockname "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Shutdown(s int, how int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_shutdown_trampoline), uintptr(s), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_shutdown_trampoline()
+
+//go:linkname libc_shutdown libc_shutdown
+//go:cgo_import_dynamic libc_shutdown shutdown "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
+	_, _, e1 := syscall_rawSyscall6(funcPC(libc_socketpair_trampoline), uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_socketpair_trampoline()
+
+//go:linkname libc_socketpair libc_socketpair
+//go:cgo_import_dynamic libc_socketpair socketpair "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall6(funcPC(libc_recvfrom_trampoline), uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_recvfrom_trampoline()
+
+//go:linkname libc_recvfrom libc_recvfrom
+//go:cgo_import_dynamic libc_recvfrom recvfrom "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := syscall_syscall6(funcPC(libc_sendto_trampoline), uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_sendto_trampoline()
+
+//go:linkname libc_sendto libc_sendto
+//go:cgo_import_dynamic libc_sendto sendto "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(funcPC(libc_recvmsg_trampoline), uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_recvmsg_trampoline()
+
+//go:linkname libc_recvmsg libc_recvmsg
+//go:cgo_import_dynamic libc_recvmsg recvmsg "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(funcPC(libc_sendmsg_trampoline), uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_sendmsg_trampoline()
+
+//go:linkname libc_sendmsg libc_sendmsg
+//go:cgo_import_dynamic libc_sendmsg sendmsg "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, nevent int, timeout *Timespec) (n int, err error) {
+	r0, _, e1 := syscall_syscall6(funcPC(libc_kevent_trampoline), uintptr(kq), uintptr(change), uintptr(nchange), uintptr(event), uintptr(nevent), uintptr(unsafe.Pointer(timeout)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_kevent_trampoline()
+
+//go:linkname libc_kevent libc_kevent
+//go:cgo_import_dynamic libc_kevent kevent "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimes(path string, timeval *[2]Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_utimes_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_utimes_trampoline()
+
+//go:linkname libc_utimes libc_utimes
+//go:cgo_import_dynamic libc_utimes utimes "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func futimes(fd int, timeval *[2]Timeval) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_futimes_trampoline), uintptr(fd), uintptr(unsafe.Pointer(timeval)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_futimes_trampoline()
+
+//go:linkname libc_futimes libc_futimes
+//go:cgo_import_dynamic libc_futimes futimes "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(funcPC(libc_poll_trampoline), uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_poll_trampoline()
+
+//go:linkname libc_poll libc_poll
+//go:cgo_import_dynamic libc_poll poll "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Madvise(b []byte, behav int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_madvise_trampoline), uintptr(_p0), uintptr(len(b)), uintptr(behav))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_madvise_trampoline()
+
+//go:linkname libc_madvise libc_madvise
+//go:cgo_import_dynamic libc_madvise madvise "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlock(b []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_mlock_trampoline), uintptr(_p0), uintptr(len(b)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_mlock_trampoline()
+
+//go:linkname libc_mlock libc_mlock
+//go:cgo_import_dynamic libc_mlock mlock "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlockall(flags int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_mlockall_trampoline), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_mlockall_trampoline()
+
+//go:linkname libc_mlockall libc_mlockall
+//go:cgo_import_dynamic libc_mlockall mlockall "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mprotect(b []byte, prot int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_mprotect_trampoline), uintptr(_p0), uintptr(len(b)), uintptr(prot))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_mprotect_trampoline()
+
+//go:linkname libc_mprotect libc_mprotect
+//go:cgo_import_dynamic libc_mprotect mprotect "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Msync(b []byte, flags int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_msync_trampoline), uintptr(_p0), uintptr(len(b)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_msync_trampoline()
+
+//go:linkname libc_msync libc_msync
+//go:cgo_import_dynamic libc_msync msync "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlock(b []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_munlock_trampoline), uintptr(_p0), uintptr(len(b)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_munlock_trampoline()
+
+//go:linkname libc_munlock libc_munlock
+//go:cgo_import_dynamic libc_munlock munlock "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlockall() (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_munlockall_trampoline), 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_munlockall_trampoline()
+
+//go:linkname libc_munlockall libc_munlockall
+//go:cgo_import_dynamic libc_munlockall munlockall "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pipe() (r int, w int, err error) {
+	r0, r1, e1 := syscall_rawSyscall(funcPC(libc_pipe_trampoline), 0, 0, 0)
+	r = int(r0)
+	w = int(r1)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_pipe_trampoline()
+
+//go:linkname libc_pipe libc_pipe
+//go:cgo_import_dynamic libc_pipe pipe "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getxattr(path string, attr string, dest *byte, size int, position uint32, options int) (sz int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := syscall_syscall6(funcPC(libc_getxattr_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(dest)), uintptr(size), uintptr(position), uintptr(options))
+	sz = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_getxattr_trampoline()
+
+//go:linkname libc_getxattr libc_getxattr
+//go:cgo_import_dynamic libc_getxattr getxattr "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fgetxattr(fd int, attr string, dest *byte, size int, position uint32, options int) (sz int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := syscall_syscall6(funcPC(libc_fgetxattr_trampoline), uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(dest)), uintptr(size), uintptr(position), uintptr(options))
+	sz = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fgetxattr_trampoline()
+
+//go:linkname libc_fgetxattr libc_fgetxattr
+//go:cgo_import_dynamic libc_fgetxattr fgetxattr "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setxattr(path string, attr string, data *byte, size int, position uint32, options int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(funcPC(libc_setxattr_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(data)), uintptr(size), uintptr(position), uintptr(options))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setxattr_trampoline()
+
+//go:linkname libc_setxattr libc_setxattr
+//go:cgo_import_dynamic libc_setxattr setxattr "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fsetxattr(fd int, attr string, data *byte, size int, position uint32, options int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(funcPC(libc_fsetxattr_trampoline), uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(data)), uintptr(size), uintptr(position), uintptr(options))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fsetxattr_trampoline()
+
+//go:linkname libc_fsetxattr libc_fsetxattr
+//go:cgo_import_dynamic libc_fsetxattr fsetxattr "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func removexattr(path string, attr string, options int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_removexattr_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(options))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_removexattr_trampoline()
+
+//go:linkname libc_removexattr libc_removexattr
+//go:cgo_import_dynamic libc_removexattr removexattr "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fremovexattr(fd int, attr string, options int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_fremovexattr_trampoline), uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(options))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fremovexattr_trampoline()
+
+//go:linkname libc_fremovexattr libc_fremovexattr
+//go:cgo_import_dynamic libc_fremovexattr fremovexattr "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func listxattr(path string, dest *byte, size int, options int) (sz int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := syscall_syscall6(funcPC(libc_listxattr_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(dest)), uintptr(size), uintptr(options), 0, 0)
+	sz = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_listxattr_trampoline()
+
+//go:linkname libc_listxattr libc_listxattr
+//go:cgo_import_dynamic libc_listxattr listxattr "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func flistxattr(fd int, dest *byte, size int, options int) (sz int, err error) {
+	r0, _, e1 := syscall_syscall6(funcPC(libc_flistxattr_trampoline), uintptr(fd), uintptr(unsafe.Pointer(dest)), uintptr(size), uintptr(options), 0, 0)
+	sz = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_flistxattr_trampoline()
+
+//go:linkname libc_flistxattr libc_flistxattr
+//go:cgo_import_dynamic libc_flistxattr flistxattr "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setattrlist(path *byte, list unsafe.Pointer, buf unsafe.Pointer, size uintptr, options int) (err error) {
+	_, _, e1 := syscall_syscall6(funcPC(libc_setattrlist_trampoline), uintptr(unsafe.Pointer(path)), uintptr(list), uintptr(buf), uintptr(size), uintptr(options), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setattrlist_trampoline()
+
+//go:linkname libc_setattrlist libc_setattrlist
+//go:cgo_import_dynamic libc_setattrlist setattrlist "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fcntl(fd int, cmd int, arg int) (val int, err error) {
+	r0, _, e1 := syscall_syscall(funcPC(libc_fcntl_trampoline), uintptr(fd), uintptr(cmd), uintptr(arg))
+	val = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fcntl_trampoline()
+
+//go:linkname libc_fcntl libc_fcntl
+//go:cgo_import_dynamic libc_fcntl fcntl "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func kill(pid int, signum int, posix int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_kill_trampoline), uintptr(pid), uintptr(signum), uintptr(posix))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_kill_trampoline()
+
+//go:linkname libc_kill libc_kill
+//go:cgo_import_dynamic libc_kill kill "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ioctl(fd int, req uint, arg uintptr) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_ioctl_trampoline), uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_ioctl_trampoline()
+
+//go:linkname libc_ioctl libc_ioctl
+//go:cgo_import_dynamic libc_ioctl ioctl "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
+	var _p0 unsafe.Pointer
+	if len(mib) > 0 {
+		_p0 = unsafe.Pointer(&mib[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := syscall_syscall6(funcPC(libc_sysctl_trampoline), uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_sysctl_trampoline()
+
+//go:linkname libc_sysctl libc_sysctl
+//go:cgo_import_dynamic libc_sysctl sysctl "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendfile(infd int, outfd int, offset int64, len *int64, hdtr unsafe.Pointer, flags int) (err error) {
+	_, _, e1 := syscall_syscall6(funcPC(libc_sendfile_trampoline), uintptr(infd), uintptr(outfd), uintptr(offset), uintptr(unsafe.Pointer(len)), uintptr(hdtr), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_sendfile_trampoline()
+
+//go:linkname libc_sendfile libc_sendfile
+//go:cgo_import_dynamic libc_sendfile sendfile "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Access(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_access_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_access_trampoline()
+
+//go:linkname libc_access libc_access
+//go:cgo_import_dynamic libc_access access "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Adjtime(delta *Timeval, olddelta *Timeval) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_adjtime_trampoline), uintptr(unsafe.Pointer(delta)), uintptr(unsafe.Pointer(olddelta)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_adjtime_trampoline()
+
+//go:linkname libc_adjtime libc_adjtime
+//go:cgo_import_dynamic libc_adjtime adjtime "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chdir(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_chdir_trampoline), uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_chdir_trampoline()
+
+//go:linkname libc_chdir libc_chdir
+//go:cgo_import_dynamic libc_chdir chdir "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chflags(path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_chflags_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_chflags_trampoline()
+
+//go:linkname libc_chflags libc_chflags
+//go:cgo_import_dynamic libc_chflags chflags "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chmod(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_chmod_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_chmod_trampoline()
+
+//go:linkname libc_chmod libc_chmod
+//go:cgo_import_dynamic libc_chmod chmod "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_chown_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_chown_trampoline()
+
+//go:linkname libc_chown libc_chown
+//go:cgo_import_dynamic libc_chown chown "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chroot(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_chroot_trampoline), uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_chroot_trampoline()
+
+//go:linkname libc_chroot libc_chroot
+//go:cgo_import_dynamic libc_chroot chroot "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ClockGettime(clockid int32, time *Timespec) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_clock_gettime_trampoline), uintptr(clockid), uintptr(unsafe.Pointer(time)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_clock_gettime_trampoline()
+
+//go:linkname libc_clock_gettime libc_clock_gettime
+//go:cgo_import_dynamic libc_clock_gettime clock_gettime "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Close(fd int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_close_trampoline), uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_close_trampoline()
+
+//go:linkname libc_close libc_close
+//go:cgo_import_dynamic libc_close close "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Clonefile(src string, dst string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(src)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(dst)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_clonefile_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_clonefile_trampoline()
+
+//go:linkname libc_clonefile libc_clonefile
+//go:cgo_import_dynamic libc_clonefile clonefile "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Clonefileat(srcDirfd int, src string, dstDirfd int, dst string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(src)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(dst)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(funcPC(libc_clonefileat_trampoline), uintptr(srcDirfd), uintptr(unsafe.Pointer(_p0)), uintptr(dstDirfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_clonefileat_trampoline()
+
+//go:linkname libc_clonefileat libc_clonefileat
+//go:cgo_import_dynamic libc_clonefileat clonefileat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup(fd int) (nfd int, err error) {
+	r0, _, e1 := syscall_syscall(funcPC(libc_dup_trampoline), uintptr(fd), 0, 0)
+	nfd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_dup_trampoline()
+
+//go:linkname libc_dup libc_dup
+//go:cgo_import_dynamic libc_dup dup "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup2(from int, to int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_dup2_trampoline), uintptr(from), uintptr(to), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_dup2_trampoline()
+
+//go:linkname libc_dup2 libc_dup2
+//go:cgo_import_dynamic libc_dup2 dup2 "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Exchangedata(path1 string, path2 string, options int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path1)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(path2)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_exchangedata_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(options))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_exchangedata_trampoline()
+
+//go:linkname libc_exchangedata libc_exchangedata
+//go:cgo_import_dynamic libc_exchangedata exchangedata "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Exit(code int) {
+	syscall_syscall(funcPC(libc_exit_trampoline), uintptr(code), 0, 0)
+	return
+}
+
+func libc_exit_trampoline()
+
+//go:linkname libc_exit libc_exit
+//go:cgo_import_dynamic libc_exit exit "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(funcPC(libc_faccessat_trampoline), uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_faccessat_trampoline()
+
+//go:linkname libc_faccessat libc_faccessat
+//go:cgo_import_dynamic libc_faccessat faccessat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchdir(fd int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_fchdir_trampoline), uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fchdir_trampoline()
+
+//go:linkname libc_fchdir libc_fchdir
+//go:cgo_import_dynamic libc_fchdir fchdir "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchflags(fd int, flags int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_fchflags_trampoline), uintptr(fd), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fchflags_trampoline()
+
+//go:linkname libc_fchflags libc_fchflags
+//go:cgo_import_dynamic libc_fchflags fchflags "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmod(fd int, mode uint32) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_fchmod_trampoline), uintptr(fd), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fchmod_trampoline()
+
+//go:linkname libc_fchmod libc_fchmod
+//go:cgo_import_dynamic libc_fchmod fchmod "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(funcPC(libc_fchmodat_trampoline), uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fchmodat_trampoline()
+
+//go:linkname libc_fchmodat libc_fchmodat
+//go:cgo_import_dynamic libc_fchmodat fchmodat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchown(fd int, uid int, gid int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_fchown_trampoline), uintptr(fd), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fchown_trampoline()
+
+//go:linkname libc_fchown libc_fchown
+//go:cgo_import_dynamic libc_fchown fchown "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(funcPC(libc_fchownat_trampoline), uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fchownat_trampoline()
+
+//go:linkname libc_fchownat libc_fchownat
+//go:cgo_import_dynamic libc_fchownat fchownat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fclonefileat(srcDirfd int, dstDirfd int, dst string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(dst)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(funcPC(libc_fclonefileat_trampoline), uintptr(srcDirfd), uintptr(dstDirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fclonefileat_trampoline()
+
+//go:linkname libc_fclonefileat libc_fclonefileat
+//go:cgo_import_dynamic libc_fclonefileat fclonefileat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Flock(fd int, how int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_flock_trampoline), uintptr(fd), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_flock_trampoline()
+
+//go:linkname libc_flock libc_flock
+//go:cgo_import_dynamic libc_flock flock "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fpathconf(fd int, name int) (val int, err error) {
+	r0, _, e1 := syscall_syscall(funcPC(libc_fpathconf_trampoline), uintptr(fd), uintptr(name), 0)
+	val = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fpathconf_trampoline()
+
+//go:linkname libc_fpathconf libc_fpathconf
+//go:cgo_import_dynamic libc_fpathconf fpathconf "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fsync(fd int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_fsync_trampoline), uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fsync_trampoline()
+
+//go:linkname libc_fsync libc_fsync
+//go:cgo_import_dynamic libc_fsync fsync "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ftruncate(fd int, length int64) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_ftruncate_trampoline), uintptr(fd), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_ftruncate_trampoline()
+
+//go:linkname libc_ftruncate libc_ftruncate
+//go:cgo_import_dynamic libc_ftruncate ftruncate "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getcwd(buf []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall(funcPC(libc_getcwd_trampoline), uintptr(_p0), uintptr(len(buf)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_getcwd_trampoline()
+
+//go:linkname libc_getcwd libc_getcwd
+//go:cgo_import_dynamic libc_getcwd getcwd "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getdtablesize() (size int) {
+	r0, _, _ := syscall_syscall(funcPC(libc_getdtablesize_trampoline), 0, 0, 0)
+	size = int(r0)
+	return
+}
+
+func libc_getdtablesize_trampoline()
+
+//go:linkname libc_getdtablesize libc_getdtablesize
+//go:cgo_import_dynamic libc_getdtablesize getdtablesize "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getegid() (egid int) {
+	r0, _, _ := syscall_rawSyscall(funcPC(libc_getegid_trampoline), 0, 0, 0)
+	egid = int(r0)
+	return
+}
+
+func libc_getegid_trampoline()
+
+//go:linkname libc_getegid libc_getegid
+//go:cgo_import_dynamic libc_getegid getegid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Geteuid() (uid int) {
+	r0, _, _ := syscall_rawSyscall(funcPC(libc_geteuid_trampoline), 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+func libc_geteuid_trampoline()
+
+//go:linkname libc_geteuid libc_geteuid
+//go:cgo_import_dynamic libc_geteuid geteuid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getgid() (gid int) {
+	r0, _, _ := syscall_rawSyscall(funcPC(libc_getgid_trampoline), 0, 0, 0)
+	gid = int(r0)
+	return
+}
+
+func libc_getgid_trampoline()
+
+//go:linkname libc_getgid libc_getgid
+//go:cgo_import_dynamic libc_getgid getgid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgid(pid int) (pgid int, err error) {
+	r0, _, e1 := syscall_rawSyscall(funcPC(libc_getpgid_trampoline), uintptr(pid), 0, 0)
+	pgid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_getpgid_trampoline()
+
+//go:linkname libc_getpgid libc_getpgid
+//go:cgo_import_dynamic libc_getpgid getpgid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgrp() (pgrp int) {
+	r0, _, _ := syscall_rawSyscall(funcPC(libc_getpgrp_trampoline), 0, 0, 0)
+	pgrp = int(r0)
+	return
+}
+
+func libc_getpgrp_trampoline()
+
+//go:linkname libc_getpgrp libc_getpgrp
+//go:cgo_import_dynamic libc_getpgrp getpgrp "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpid() (pid int) {
+	r0, _, _ := syscall_rawSyscall(funcPC(libc_getpid_trampoline), 0, 0, 0)
+	pid = int(r0)
+	return
+}
+
+func libc_getpid_trampoline()
+
+//go:linkname libc_getpid libc_getpid
+//go:cgo_import_dynamic libc_getpid getpid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getppid() (ppid int) {
+	r0, _, _ := syscall_rawSyscall(funcPC(libc_getppid_trampoline), 0, 0, 0)
+	ppid = int(r0)
+	return
+}
+
+func libc_getppid_trampoline()
+
+//go:linkname libc_getppid libc_getppid
+//go:cgo_import_dynamic libc_getppid getppid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpriority(which int, who int) (prio int, err error) {
+	r0, _, e1 := syscall_syscall(funcPC(libc_getpriority_trampoline), uintptr(which), uintptr(who), 0)
+	prio = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_getpriority_trampoline()
+
+//go:linkname libc_getpriority libc_getpriority
+//go:cgo_import_dynamic libc_getpriority getpriority "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrlimit(which int, lim *Rlimit) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_getrlimit_trampoline), uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_getrlimit_trampoline()
+
+//go:linkname libc_getrlimit libc_getrlimit
+//go:cgo_import_dynamic libc_getrlimit getrlimit "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrusage(who int, rusage *Rusage) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_getrusage_trampoline), uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_getrusage_trampoline()
+
+//go:linkname libc_getrusage libc_getrusage
+//go:cgo_import_dynamic libc_getrusage getrusage "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getsid(pid int) (sid int, err error) {
+	r0, _, e1 := syscall_rawSyscall(funcPC(libc_getsid_trampoline), uintptr(pid), 0, 0)
+	sid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_getsid_trampoline()
+
+//go:linkname libc_getsid libc_getsid
+//go:cgo_import_dynamic libc_getsid getsid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Gettimeofday(tp *Timeval) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_gettimeofday_trampoline), uintptr(unsafe.Pointer(tp)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_gettimeofday_trampoline()
+
+//go:linkname libc_gettimeofday libc_gettimeofday
+//go:cgo_import_dynamic libc_gettimeofday gettimeofday "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getuid() (uid int) {
+	r0, _, _ := syscall_rawSyscall(funcPC(libc_getuid_trampoline), 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+func libc_getuid_trampoline()
+
+//go:linkname libc_getuid libc_getuid
+//go:cgo_import_dynamic libc_getuid getuid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Issetugid() (tainted bool) {
+	r0, _, _ := syscall_rawSyscall(funcPC(libc_issetugid_trampoline), 0, 0, 0)
+	tainted = bool(r0 != 0)
+	return
+}
+
+func libc_issetugid_trampoline()
+
+//go:linkname libc_issetugid libc_issetugid
+//go:cgo_import_dynamic libc_issetugid issetugid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Kqueue() (fd int, err error) {
+	r0, _, e1 := syscall_syscall(funcPC(libc_kqueue_trampoline), 0, 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_kqueue_trampoline()
+
+//go:linkname libc_kqueue libc_kqueue
+//go:cgo_import_dynamic libc_kqueue kqueue "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lchown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_lchown_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_lchown_trampoline()
+
+//go:linkname libc_lchown libc_lchown
+//go:cgo_import_dynamic libc_lchown lchown "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Link(path string, link string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_link_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_link_trampoline()
+
+//go:linkname libc_link libc_link
+//go:cgo_import_dynamic libc_link link "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(funcPC(libc_linkat_trampoline), uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_linkat_trampoline()
+
+//go:linkname libc_linkat libc_linkat
+//go:cgo_import_dynamic libc_linkat linkat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Listen(s int, backlog int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_listen_trampoline), uintptr(s), uintptr(backlog), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_listen_trampoline()
+
+//go:linkname libc_listen libc_listen
+//go:cgo_import_dynamic libc_listen listen "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdir(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_mkdir_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_mkdir_trampoline()
+
+//go:linkname libc_mkdir libc_mkdir
+//go:cgo_import_dynamic libc_mkdir mkdir "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdirat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_mkdirat_trampoline), uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_mkdirat_trampoline()
+
+//go:linkname libc_mkdirat libc_mkdirat
+//go:cgo_import_dynamic libc_mkdirat mkdirat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkfifo(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_mkfifo_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_mkfifo_trampoline()
+
+//go:linkname libc_mkfifo libc_mkfifo
+//go:cgo_import_dynamic libc_mkfifo mkfifo "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mknod(path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_mknod_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_mknod_trampoline()
+
+//go:linkname libc_mknod libc_mknod
+//go:cgo_import_dynamic libc_mknod mknod "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Open(path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := syscall_syscall(funcPC(libc_open_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_open_trampoline()
+
+//go:linkname libc_open libc_open
+//go:cgo_import_dynamic libc_open open "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := syscall_syscall6(funcPC(libc_openat_trampoline), uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_openat_trampoline()
+
+//go:linkname libc_openat libc_openat
+//go:cgo_import_dynamic libc_openat openat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pathconf(path string, name int) (val int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := syscall_syscall(funcPC(libc_pathconf_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(name), 0)
+	val = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_pathconf_trampoline()
+
+//go:linkname libc_pathconf libc_pathconf
+//go:cgo_import_dynamic libc_pathconf pathconf "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pread(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall6(funcPC(libc_pread_trampoline), uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_pread_trampoline()
+
+//go:linkname libc_pread libc_pread
+//go:cgo_import_dynamic libc_pread pread "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall6(funcPC(libc_pwrite_trampoline), uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_pwrite_trampoline()
+
+//go:linkname libc_pwrite libc_pwrite
+//go:cgo_import_dynamic libc_pwrite pwrite "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func read(fd int, p []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall(funcPC(libc_read_trampoline), uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_read_trampoline()
+
+//go:linkname libc_read libc_read
+//go:cgo_import_dynamic libc_read read "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Readlink(path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall(funcPC(libc_readlink_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_readlink_trampoline()
+
+//go:linkname libc_readlink libc_readlink
+//go:cgo_import_dynamic libc_readlink readlink "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall6(funcPC(libc_readlinkat_trampoline), uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_readlinkat_trampoline()
+
+//go:linkname libc_readlinkat libc_readlinkat
+//go:cgo_import_dynamic libc_readlinkat readlinkat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Rename(from string, to string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_rename_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_rename_trampoline()
+
+//go:linkname libc_rename libc_rename
+//go:cgo_import_dynamic libc_rename rename "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Renameat(fromfd int, from string, tofd int, to string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(funcPC(libc_renameat_trampoline), uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_renameat_trampoline()
+
+//go:linkname libc_renameat libc_renameat
+//go:cgo_import_dynamic libc_renameat renameat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Revoke(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_revoke_trampoline), uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_revoke_trampoline()
+
+//go:linkname libc_revoke libc_revoke
+//go:cgo_import_dynamic libc_revoke revoke "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Rmdir(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_rmdir_trampoline), uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_rmdir_trampoline()
+
+//go:linkname libc_rmdir libc_rmdir
+//go:cgo_import_dynamic libc_rmdir rmdir "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
+	r0, _, e1 := syscall_syscall(funcPC(libc_lseek_trampoline), uintptr(fd), uintptr(offset), uintptr(whence))
+	newoffset = int64(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_lseek_trampoline()
+
+//go:linkname libc_lseek libc_lseek
+//go:cgo_import_dynamic libc_lseek lseek "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, _, e1 := syscall_syscall6(funcPC(libc_select_trampoline), uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_select_trampoline()
+
+//go:linkname libc_select libc_select
+//go:cgo_import_dynamic libc_select select "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setegid(egid int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_setegid_trampoline), uintptr(egid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setegid_trampoline()
+
+//go:linkname libc_setegid libc_setegid
+//go:cgo_import_dynamic libc_setegid setegid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seteuid(euid int) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_seteuid_trampoline), uintptr(euid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_seteuid_trampoline()
+
+//go:linkname libc_seteuid libc_seteuid
+//go:cgo_import_dynamic libc_seteuid seteuid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setgid(gid int) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_setgid_trampoline), uintptr(gid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setgid_trampoline()
+
+//go:linkname libc_setgid libc_setgid
+//go:cgo_import_dynamic libc_setgid setgid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setlogin(name string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(name)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_setlogin_trampoline), uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setlogin_trampoline()
+
+//go:linkname libc_setlogin libc_setlogin
+//go:cgo_import_dynamic libc_setlogin setlogin "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpgid(pid int, pgid int) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_setpgid_trampoline), uintptr(pid), uintptr(pgid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setpgid_trampoline()
+
+//go:linkname libc_setpgid libc_setpgid
+//go:cgo_import_dynamic libc_setpgid setpgid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpriority(which int, who int, prio int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_setpriority_trampoline), uintptr(which), uintptr(who), uintptr(prio))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setpriority_trampoline()
+
+//go:linkname libc_setpriority libc_setpriority
+//go:cgo_import_dynamic libc_setpriority setpriority "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setprivexec(flag int) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_setprivexec_trampoline), uintptr(flag), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setprivexec_trampoline()
+
+//go:linkname libc_setprivexec libc_setprivexec
+//go:cgo_import_dynamic libc_setprivexec setprivexec "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setregid(rgid int, egid int) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_setregid_trampoline), uintptr(rgid), uintptr(egid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setregid_trampoline()
+
+//go:linkname libc_setregid libc_setregid
+//go:cgo_import_dynamic libc_setregid setregid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setreuid(ruid int, euid int) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_setreuid_trampoline), uintptr(ruid), uintptr(euid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setreuid_trampoline()
+
+//go:linkname libc_setreuid libc_setreuid
+//go:cgo_import_dynamic libc_setreuid setreuid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setrlimit(which int, lim *Rlimit) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_setrlimit_trampoline), uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setrlimit_trampoline()
+
+//go:linkname libc_setrlimit libc_setrlimit
+//go:cgo_import_dynamic libc_setrlimit setrlimit "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setsid() (pid int, err error) {
+	r0, _, e1 := syscall_rawSyscall(funcPC(libc_setsid_trampoline), 0, 0, 0)
+	pid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setsid_trampoline()
+
+//go:linkname libc_setsid libc_setsid
+//go:cgo_import_dynamic libc_setsid setsid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Settimeofday(tp *Timeval) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_settimeofday_trampoline), uintptr(unsafe.Pointer(tp)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_settimeofday_trampoline()
+
+//go:linkname libc_settimeofday libc_settimeofday
+//go:cgo_import_dynamic libc_settimeofday settimeofday "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setuid(uid int) (err error) {
+	_, _, e1 := syscall_rawSyscall(funcPC(libc_setuid_trampoline), uintptr(uid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_setuid_trampoline()
+
+//go:linkname libc_setuid libc_setuid
+//go:cgo_import_dynamic libc_setuid setuid "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Symlink(path string, link string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_symlink_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_symlink_trampoline()
+
+//go:linkname libc_symlink libc_symlink
+//go:cgo_import_dynamic libc_symlink symlink "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_symlinkat_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_symlinkat_trampoline()
+
+//go:linkname libc_symlinkat libc_symlinkat
+//go:cgo_import_dynamic libc_symlinkat symlinkat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Sync() (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_sync_trampoline), 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_sync_trampoline()
+
+//go:linkname libc_sync libc_sync
+//go:cgo_import_dynamic libc_sync sync "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Truncate(path string, length int64) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_truncate_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_truncate_trampoline()
+
+//go:linkname libc_truncate libc_truncate
+//go:cgo_import_dynamic libc_truncate truncate "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Umask(newmask int) (oldmask int) {
+	r0, _, _ := syscall_syscall(funcPC(libc_umask_trampoline), uintptr(newmask), 0, 0)
+	oldmask = int(r0)
+	return
+}
+
+func libc_umask_trampoline()
+
+//go:linkname libc_umask libc_umask
+//go:cgo_import_dynamic libc_umask umask "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Undelete(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_undelete_trampoline), uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_undelete_trampoline()
+
+//go:linkname libc_undelete libc_undelete
+//go:cgo_import_dynamic libc_undelete undelete "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlink(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_unlink_trampoline), uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_unlink_trampoline()
+
+//go:linkname libc_unlink libc_unlink
+//go:cgo_import_dynamic libc_unlink unlink "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlinkat(dirfd int, path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_unlinkat_trampoline), uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_unlinkat_trampoline()
+
+//go:linkname libc_unlinkat libc_unlinkat
+//go:cgo_import_dynamic libc_unlinkat unlinkat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unmount(path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_unmount_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_unmount_trampoline()
+
+//go:linkname libc_unmount libc_unmount
+//go:cgo_import_dynamic libc_unmount unmount "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func write(fd int, p []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall(funcPC(libc_write_trampoline), uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_write_trampoline()
+
+//go:linkname libc_write libc_write
+//go:cgo_import_dynamic libc_write write "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) {
+	r0, _, e1 := syscall_syscall6(funcPC(libc_mmap_trampoline), uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), uintptr(pos))
+	ret = uintptr(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_mmap_trampoline()
+
+//go:linkname libc_mmap libc_mmap
+//go:cgo_import_dynamic libc_mmap mmap "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func munmap(addr uintptr, length uintptr) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_munmap_trampoline), uintptr(addr), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_munmap_trampoline()
+
+//go:linkname libc_munmap libc_munmap
+//go:cgo_import_dynamic libc_munmap munmap "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func readlen(fd int, buf *byte, nbuf int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(funcPC(libc_read_trampoline), uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func writelen(fd int, buf *byte, nbuf int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(funcPC(libc_write_trampoline), uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstat(fd int, stat *Stat_t) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_fstat_trampoline), uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fstat_trampoline()
+
+//go:linkname libc_fstat libc_fstat
+//go:cgo_import_dynamic libc_fstat fstat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(funcPC(libc_fstatat_trampoline), uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fstatat_trampoline()
+
+//go:linkname libc_fstatat libc_fstatat
+//go:cgo_import_dynamic libc_fstatat fstatat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatfs(fd int, stat *Statfs_t) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_fstatfs_trampoline), uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fstatfs_trampoline()
+
+//go:linkname libc_fstatfs libc_fstatfs
+//go:cgo_import_dynamic libc_fstatfs fstatfs "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getfsstat(buf unsafe.Pointer, size uintptr, flags int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(funcPC(libc_getfsstat_trampoline), uintptr(buf), uintptr(size), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_getfsstat_trampoline()
+
+//go:linkname libc_getfsstat libc_getfsstat
+//go:cgo_import_dynamic libc_getfsstat getfsstat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lstat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_lstat_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_lstat_trampoline()
+
+//go:linkname libc_lstat libc_lstat
+//go:cgo_import_dynamic libc_lstat lstat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Stat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_stat_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_stat_trampoline()
+
+//go:linkname libc_stat libc_stat
+//go:cgo_import_dynamic libc_stat stat "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Statfs(path string, stat *Statfs_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(funcPC(libc_statfs_trampoline), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_statfs_trampoline()
+
+//go:linkname libc_statfs libc_statfs
+//go:cgo_import_dynamic libc_statfs statfs "/usr/lib/libSystem.B.dylib"
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s
new file mode 100644
index 000000000..16aebee23
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s
@@ -0,0 +1,288 @@
+// go run mkasm_darwin.go arm64
+// Code generated by the command above; DO NOT EDIT.
+
+// +build go1.12
+
+#include "textflag.h"
+TEXT ·libc_getgroups_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getgroups(SB)
+TEXT ·libc_setgroups_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setgroups(SB)
+TEXT ·libc_wait4_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_wait4(SB)
+TEXT ·libc_accept_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_accept(SB)
+TEXT ·libc_bind_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_bind(SB)
+TEXT ·libc_connect_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_connect(SB)
+TEXT ·libc_socket_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_socket(SB)
+TEXT ·libc_getsockopt_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getsockopt(SB)
+TEXT ·libc_setsockopt_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setsockopt(SB)
+TEXT ·libc_getpeername_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getpeername(SB)
+TEXT ·libc_getsockname_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getsockname(SB)
+TEXT ·libc_shutdown_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_shutdown(SB)
+TEXT ·libc_socketpair_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_socketpair(SB)
+TEXT ·libc_recvfrom_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_recvfrom(SB)
+TEXT ·libc_sendto_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_sendto(SB)
+TEXT ·libc_recvmsg_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_recvmsg(SB)
+TEXT ·libc_sendmsg_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_sendmsg(SB)
+TEXT ·libc_kevent_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_kevent(SB)
+TEXT ·libc_utimes_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_utimes(SB)
+TEXT ·libc_futimes_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_futimes(SB)
+TEXT ·libc_poll_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_poll(SB)
+TEXT ·libc_madvise_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_madvise(SB)
+TEXT ·libc_mlock_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_mlock(SB)
+TEXT ·libc_mlockall_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_mlockall(SB)
+TEXT ·libc_mprotect_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_mprotect(SB)
+TEXT ·libc_msync_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_msync(SB)
+TEXT ·libc_munlock_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_munlock(SB)
+TEXT ·libc_munlockall_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_munlockall(SB)
+TEXT ·libc_pipe_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_pipe(SB)
+TEXT ·libc_getxattr_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getxattr(SB)
+TEXT ·libc_fgetxattr_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fgetxattr(SB)
+TEXT ·libc_setxattr_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setxattr(SB)
+TEXT ·libc_fsetxattr_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fsetxattr(SB)
+TEXT ·libc_removexattr_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_removexattr(SB)
+TEXT ·libc_fremovexattr_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fremovexattr(SB)
+TEXT ·libc_listxattr_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_listxattr(SB)
+TEXT ·libc_flistxattr_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_flistxattr(SB)
+TEXT ·libc_setattrlist_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setattrlist(SB)
+TEXT ·libc_fcntl_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fcntl(SB)
+TEXT ·libc_kill_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_kill(SB)
+TEXT ·libc_ioctl_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_ioctl(SB)
+TEXT ·libc_sysctl_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_sysctl(SB)
+TEXT ·libc_sendfile_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_sendfile(SB)
+TEXT ·libc_access_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_access(SB)
+TEXT ·libc_adjtime_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_adjtime(SB)
+TEXT ·libc_chdir_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_chdir(SB)
+TEXT ·libc_chflags_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_chflags(SB)
+TEXT ·libc_chmod_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_chmod(SB)
+TEXT ·libc_chown_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_chown(SB)
+TEXT ·libc_chroot_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_chroot(SB)
+TEXT ·libc_clock_gettime_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_clock_gettime(SB)
+TEXT ·libc_close_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_close(SB)
+TEXT ·libc_clonefile_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_clonefile(SB)
+TEXT ·libc_clonefileat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_clonefileat(SB)
+TEXT ·libc_dup_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_dup(SB)
+TEXT ·libc_dup2_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_dup2(SB)
+TEXT ·libc_exchangedata_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_exchangedata(SB)
+TEXT ·libc_exit_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_exit(SB)
+TEXT ·libc_faccessat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_faccessat(SB)
+TEXT ·libc_fchdir_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fchdir(SB)
+TEXT ·libc_fchflags_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fchflags(SB)
+TEXT ·libc_fchmod_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fchmod(SB)
+TEXT ·libc_fchmodat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fchmodat(SB)
+TEXT ·libc_fchown_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fchown(SB)
+TEXT ·libc_fchownat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fchownat(SB)
+TEXT ·libc_fclonefileat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fclonefileat(SB)
+TEXT ·libc_flock_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_flock(SB)
+TEXT ·libc_fpathconf_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fpathconf(SB)
+TEXT ·libc_fsync_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fsync(SB)
+TEXT ·libc_ftruncate_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_ftruncate(SB)
+TEXT ·libc_getcwd_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getcwd(SB)
+TEXT ·libc_getdtablesize_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getdtablesize(SB)
+TEXT ·libc_getegid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getegid(SB)
+TEXT ·libc_geteuid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_geteuid(SB)
+TEXT ·libc_getgid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getgid(SB)
+TEXT ·libc_getpgid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getpgid(SB)
+TEXT ·libc_getpgrp_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getpgrp(SB)
+TEXT ·libc_getpid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getpid(SB)
+TEXT ·libc_getppid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getppid(SB)
+TEXT ·libc_getpriority_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getpriority(SB)
+TEXT ·libc_getrlimit_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getrlimit(SB)
+TEXT ·libc_getrusage_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getrusage(SB)
+TEXT ·libc_getsid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getsid(SB)
+TEXT ·libc_gettimeofday_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_gettimeofday(SB)
+TEXT ·libc_getuid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getuid(SB)
+TEXT ·libc_issetugid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_issetugid(SB)
+TEXT ·libc_kqueue_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_kqueue(SB)
+TEXT ·libc_lchown_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_lchown(SB)
+TEXT ·libc_link_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_link(SB)
+TEXT ·libc_linkat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_linkat(SB)
+TEXT ·libc_listen_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_listen(SB)
+TEXT ·libc_mkdir_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_mkdir(SB)
+TEXT ·libc_mkdirat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_mkdirat(SB)
+TEXT ·libc_mkfifo_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_mkfifo(SB)
+TEXT ·libc_mknod_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_mknod(SB)
+TEXT ·libc_open_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_open(SB)
+TEXT ·libc_openat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_openat(SB)
+TEXT ·libc_pathconf_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_pathconf(SB)
+TEXT ·libc_pread_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_pread(SB)
+TEXT ·libc_pwrite_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_pwrite(SB)
+TEXT ·libc_read_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_read(SB)
+TEXT ·libc_readlink_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_readlink(SB)
+TEXT ·libc_readlinkat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_readlinkat(SB)
+TEXT ·libc_rename_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_rename(SB)
+TEXT ·libc_renameat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_renameat(SB)
+TEXT ·libc_revoke_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_revoke(SB)
+TEXT ·libc_rmdir_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_rmdir(SB)
+TEXT ·libc_lseek_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_lseek(SB)
+TEXT ·libc_select_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_select(SB)
+TEXT ·libc_setegid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setegid(SB)
+TEXT ·libc_seteuid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_seteuid(SB)
+TEXT ·libc_setgid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setgid(SB)
+TEXT ·libc_setlogin_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setlogin(SB)
+TEXT ·libc_setpgid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setpgid(SB)
+TEXT ·libc_setpriority_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setpriority(SB)
+TEXT ·libc_setprivexec_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setprivexec(SB)
+TEXT ·libc_setregid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setregid(SB)
+TEXT ·libc_setreuid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setreuid(SB)
+TEXT ·libc_setrlimit_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setrlimit(SB)
+TEXT ·libc_setsid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setsid(SB)
+TEXT ·libc_settimeofday_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_settimeofday(SB)
+TEXT ·libc_setuid_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_setuid(SB)
+TEXT ·libc_symlink_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_symlink(SB)
+TEXT ·libc_symlinkat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_symlinkat(SB)
+TEXT ·libc_sync_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_sync(SB)
+TEXT ·libc_truncate_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_truncate(SB)
+TEXT ·libc_umask_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_umask(SB)
+TEXT ·libc_undelete_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_undelete(SB)
+TEXT ·libc_unlink_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_unlink(SB)
+TEXT ·libc_unlinkat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_unlinkat(SB)
+TEXT ·libc_unmount_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_unmount(SB)
+TEXT ·libc_write_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_write(SB)
+TEXT ·libc_mmap_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_mmap(SB)
+TEXT ·libc_munmap_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_munmap(SB)
+TEXT ·libc_fstat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fstat(SB)
+TEXT ·libc_fstatat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fstatat(SB)
+TEXT ·libc_fstatfs_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fstatfs(SB)
+TEXT ·libc_getfsstat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_getfsstat(SB)
+TEXT ·libc_lstat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_lstat(SB)
+TEXT ·libc_stat_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_stat(SB)
+TEXT ·libc_statfs_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_statfs(SB)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go
new file mode 100644
index 000000000..fe1fdd78d
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go
@@ -0,0 +1,1666 @@
+// go run mksyscall.go -dragonfly -tags dragonfly,amd64 syscall_bsd.go syscall_dragonfly.go syscall_dragonfly_amd64.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build dragonfly,amd64
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+var _ syscall.Errno
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getgroups(ngid int, gid *_Gid_t) (n int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setgroups(ngid int, gid *_Gid_t) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) {
+	r0, _, e1 := Syscall6(SYS_WAIT4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0)
+	wpid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_BIND, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_CONNECT, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socket(domain int, typ int, proto int) (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
+	_, _, e1 := Syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
+	_, _, e1 := Syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Shutdown(s int, how int) (err error) {
+	_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(s), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
+	_, _, e1 := RawSyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_RECVFROM, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS_SENDTO, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_RECVMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_SENDMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, nevent int, timeout *Timespec) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_KEVENT, uintptr(kq), uintptr(change), uintptr(nchange), uintptr(event), uintptr(nevent), uintptr(unsafe.Pointer(timeout)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
+	var _p0 unsafe.Pointer
+	if len(mib) > 0 {
+		_p0 = unsafe.Pointer(&mib[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimes(path string, timeval *[2]Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UTIMES, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func futimes(fd int, timeval *[2]Timeval) (err error) {
+	_, _, e1 := Syscall(SYS_FUTIMES, uintptr(fd), uintptr(unsafe.Pointer(timeval)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Madvise(b []byte, behav int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MADVISE, uintptr(_p0), uintptr(len(b)), uintptr(behav))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlock(b []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MLOCK, uintptr(_p0), uintptr(len(b)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlockall(flags int) (err error) {
+	_, _, e1 := Syscall(SYS_MLOCKALL, uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mprotect(b []byte, prot int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MPROTECT, uintptr(_p0), uintptr(len(b)), uintptr(prot))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Msync(b []byte, flags int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MSYNC, uintptr(_p0), uintptr(len(b)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlock(b []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MUNLOCK, uintptr(_p0), uintptr(len(b)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlockall() (err error) {
+	_, _, e1 := Syscall(SYS_MUNLOCKALL, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pipe() (r int, w int, err error) {
+	r0, r1, e1 := RawSyscall(SYS_PIPE, 0, 0, 0)
+	r = int(r0)
+	w = int(r1)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func extpread(fd int, p []byte, flags int, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_EXTPREAD, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(offset), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func extpwrite(fd int, p []byte, flags int, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_EXTPWRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(offset), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getcwd(buf []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS___GETCWD, uintptr(_p0), uintptr(len(buf)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ioctl(fd int, req uint, arg uintptr) (err error) {
+	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Access(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_ACCESS, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Adjtime(delta *Timeval, olddelta *Timeval) (err error) {
+	_, _, e1 := Syscall(SYS_ADJTIME, uintptr(unsafe.Pointer(delta)), uintptr(unsafe.Pointer(olddelta)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chdir(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chflags(path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHFLAGS, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chmod(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHMOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chroot(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHROOT, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Close(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup(fd int) (nfd int, err error) {
+	r0, _, e1 := Syscall(SYS_DUP, uintptr(fd), 0, 0)
+	nfd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup2(from int, to int) (err error) {
+	_, _, e1 := Syscall(SYS_DUP2, uintptr(from), uintptr(to), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Exit(code int) {
+	Syscall(SYS_EXIT, uintptr(code), 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FACCESSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchdir(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHDIR, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchflags(fd int, flags int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHFLAGS, uintptr(fd), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmod(fd int, mode uint32) (err error) {
+	_, _, e1 := Syscall(SYS_FCHMOD, uintptr(fd), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FCHMODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchown(fd int, uid int, gid int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Flock(fd int, how int) (err error) {
+	_, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fpathconf(fd int, name int) (val int, err error) {
+	r0, _, e1 := Syscall(SYS_FPATHCONF, uintptr(fd), uintptr(name), 0)
+	val = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstat(fd int, stat *Stat_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FSTATAT, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatfs(fd int, stat *Statfs_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTATFS, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fsync(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ftruncate(fd int, length int64) (err error) {
+	_, _, e1 := Syscall(SYS_FTRUNCATE, uintptr(fd), 0, uintptr(length))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getdents(fd int, buf []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_GETDENTS, uintptr(fd), uintptr(_p0), uintptr(len(buf)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_GETDIRENTRIES, uintptr(fd), uintptr(_p0), uintptr(len(buf)), uintptr(unsafe.Pointer(basep)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getdtablesize() (size int) {
+	r0, _, _ := Syscall(SYS_GETDTABLESIZE, 0, 0, 0)
+	size = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getegid() (egid int) {
+	r0, _, _ := RawSyscall(SYS_GETEGID, 0, 0, 0)
+	egid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Geteuid() (uid int) {
+	r0, _, _ := RawSyscall(SYS_GETEUID, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getgid() (gid int) {
+	r0, _, _ := RawSyscall(SYS_GETGID, 0, 0, 0)
+	gid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgid(pid int) (pgid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETPGID, uintptr(pid), 0, 0)
+	pgid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgrp() (pgrp int) {
+	r0, _, _ := RawSyscall(SYS_GETPGRP, 0, 0, 0)
+	pgrp = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpid() (pid int) {
+	r0, _, _ := RawSyscall(SYS_GETPID, 0, 0, 0)
+	pid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getppid() (ppid int) {
+	r0, _, _ := RawSyscall(SYS_GETPPID, 0, 0, 0)
+	ppid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpriority(which int, who int) (prio int, err error) {
+	r0, _, e1 := Syscall(SYS_GETPRIORITY, uintptr(which), uintptr(who), 0)
+	prio = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrlimit(which int, lim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrusage(who int, rusage *Rusage) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getsid(pid int) (sid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETSID, uintptr(pid), 0, 0)
+	sid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Gettimeofday(tv *Timeval) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getuid() (uid int) {
+	r0, _, _ := RawSyscall(SYS_GETUID, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Issetugid() (tainted bool) {
+	r0, _, _ := Syscall(SYS_ISSETUGID, 0, 0, 0)
+	tainted = bool(r0 != 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Kill(pid int, signum syscall.Signal) (err error) {
+	_, _, e1 := Syscall(SYS_KILL, uintptr(pid), uintptr(signum), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Kqueue() (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_KQUEUE, 0, 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lchown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LCHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Link(path string, link string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_LINKAT, uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Listen(s int, backlog int) (err error) {
+	_, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(backlog), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lstat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LSTAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdir(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKDIR, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdirat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkfifo(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKFIFO, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mknod(path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKNOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mknodat(fd int, path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_MKNODAT, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
+	_, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Open(path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall(SYS_OPEN, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pathconf(path string, name int) (val int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall(SYS_PATHCONF, uintptr(unsafe.Pointer(_p0)), uintptr(name), 0)
+	val = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func read(fd int, p []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Readlink(path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_READLINK, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Rename(from string, to string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_RENAME, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Renameat(fromfd int, from string, tofd int, to string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Revoke(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_REVOKE, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Rmdir(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_RMDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
+	r0, _, e1 := Syscall6(SYS_LSEEK, uintptr(fd), 0, uintptr(offset), uintptr(whence), 0, 0)
+	newoffset = int64(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_SELECT, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setegid(egid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETEGID, uintptr(egid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seteuid(euid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETEUID, uintptr(euid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setgid(gid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETGID, uintptr(gid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setlogin(name string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(name)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SETLOGIN, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpgid(pid int, pgid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETPGID, uintptr(pid), uintptr(pgid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpriority(which int, who int, prio int) (err error) {
+	_, _, e1 := Syscall(SYS_SETPRIORITY, uintptr(which), uintptr(who), uintptr(prio))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setregid(rgid int, egid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setreuid(ruid int, euid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresgid(rgid int, egid int, sgid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresuid(ruid int, euid int, suid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setrlimit(which int, lim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setsid() (pid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0)
+	pid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Settimeofday(tp *Timeval) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETTIMEOFDAY, uintptr(unsafe.Pointer(tp)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setuid(uid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETUID, uintptr(uid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Stat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Statfs(path string, stat *Statfs_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STATFS, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Symlink(path string, link string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SYMLINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Sync() (err error) {
+	_, _, e1 := Syscall(SYS_SYNC, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Truncate(path string, length int64) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_TRUNCATE, uintptr(unsafe.Pointer(_p0)), 0, uintptr(length))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Umask(newmask int) (oldmask int) {
+	r0, _, _ := Syscall(SYS_UMASK, uintptr(newmask), 0, 0)
+	oldmask = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Undelete(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNDELETE, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlink(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNLINK, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlinkat(dirfd int, path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unmount(path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNMOUNT, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func write(fd int, p []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) {
+	r0, _, e1 := Syscall9(SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), 0, uintptr(pos), 0, 0)
+	ret = uintptr(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func munmap(addr uintptr, length uintptr) (err error) {
+	_, _, e1 := Syscall(SYS_MUNMAP, uintptr(addr), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func readlen(fd int, buf *byte, nbuf int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func writelen(fd int, buf *byte, nbuf int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept4(fd int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (nfd int, err error) {
+	r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0)
+	nfd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_UTIMENSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go
new file mode 100644
index 000000000..600f1d26d
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go
@@ -0,0 +1,2015 @@
+// go run mksyscall.go -l32 -tags freebsd,386 syscall_bsd.go syscall_freebsd.go syscall_freebsd_386.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build freebsd,386
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+var _ syscall.Errno
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getgroups(ngid int, gid *_Gid_t) (n int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setgroups(ngid int, gid *_Gid_t) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) {
+	r0, _, e1 := Syscall6(SYS_WAIT4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0)
+	wpid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_BIND, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_CONNECT, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socket(domain int, typ int, proto int) (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
+	_, _, e1 := Syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
+	_, _, e1 := Syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Shutdown(s int, how int) (err error) {
+	_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(s), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
+	_, _, e1 := RawSyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_RECVFROM, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS_SENDTO, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_RECVMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_SENDMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, nevent int, timeout *Timespec) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_KEVENT, uintptr(kq), uintptr(change), uintptr(nchange), uintptr(event), uintptr(nevent), uintptr(unsafe.Pointer(timeout)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimes(path string, timeval *[2]Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UTIMES, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func futimes(fd int, timeval *[2]Timeval) (err error) {
+	_, _, e1 := Syscall(SYS_FUTIMES, uintptr(fd), uintptr(unsafe.Pointer(timeval)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Madvise(b []byte, behav int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MADVISE, uintptr(_p0), uintptr(len(b)), uintptr(behav))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlock(b []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MLOCK, uintptr(_p0), uintptr(len(b)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlockall(flags int) (err error) {
+	_, _, e1 := Syscall(SYS_MLOCKALL, uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mprotect(b []byte, prot int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MPROTECT, uintptr(_p0), uintptr(len(b)), uintptr(prot))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Msync(b []byte, flags int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MSYNC, uintptr(_p0), uintptr(len(b)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlock(b []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MUNLOCK, uintptr(_p0), uintptr(len(b)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlockall() (err error) {
+	_, _, e1 := Syscall(SYS_MUNLOCKALL, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pipe2(p *[2]_C_int, flags int) (err error) {
+	_, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getcwd(buf []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS___GETCWD, uintptr(_p0), uintptr(len(buf)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ioctl(fd int, req uint, arg uintptr) (err error) {
+	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
+	var _p0 unsafe.Pointer
+	if len(mib) > 0 {
+		_p0 = unsafe.Pointer(&mib[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ptrace(request int, pid int, addr uintptr, data int) (err error) {
+	_, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Access(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_ACCESS, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Adjtime(delta *Timeval, olddelta *Timeval) (err error) {
+	_, _, e1 := Syscall(SYS_ADJTIME, uintptr(unsafe.Pointer(delta)), uintptr(unsafe.Pointer(olddelta)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func CapEnter() (err error) {
+	_, _, e1 := Syscall(SYS_CAP_ENTER, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func capRightsGet(version int, fd int, rightsp *CapRights) (err error) {
+	_, _, e1 := Syscall(SYS___CAP_RIGHTS_GET, uintptr(version), uintptr(fd), uintptr(unsafe.Pointer(rightsp)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func capRightsLimit(fd int, rightsp *CapRights) (err error) {
+	_, _, e1 := Syscall(SYS_CAP_RIGHTS_LIMIT, uintptr(fd), uintptr(unsafe.Pointer(rightsp)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chdir(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chflags(path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHFLAGS, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chmod(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHMOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chroot(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHROOT, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Close(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup(fd int) (nfd int, err error) {
+	r0, _, e1 := Syscall(SYS_DUP, uintptr(fd), 0, 0)
+	nfd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup2(from int, to int) (err error) {
+	_, _, e1 := Syscall(SYS_DUP2, uintptr(from), uintptr(to), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Exit(code int) {
+	Syscall(SYS_EXIT, uintptr(code), 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrGetFd(fd int, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_GET_FD, uintptr(fd), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p0)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrSetFd(fd int, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_SET_FD, uintptr(fd), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p0)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrDeleteFd(fd int, attrnamespace int, attrname string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_EXTATTR_DELETE_FD, uintptr(fd), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p0)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrListFd(fd int, attrnamespace int, data uintptr, nbytes int) (ret int, err error) {
+	r0, _, e1 := Syscall6(SYS_EXTATTR_LIST_FD, uintptr(fd), uintptr(attrnamespace), uintptr(data), uintptr(nbytes), 0, 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrGetFile(file string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(file)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_GET_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrSetFile(file string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(file)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_SET_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrDeleteFile(file string, attrnamespace int, attrname string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(file)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_EXTATTR_DELETE_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrListFile(file string, attrnamespace int, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(file)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_LIST_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(data), uintptr(nbytes), 0, 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrGetLink(link string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_GET_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrSetLink(link string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_SET_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrDeleteLink(link string, attrnamespace int, attrname string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_EXTATTR_DELETE_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrListLink(link string, attrnamespace int, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_LIST_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(data), uintptr(nbytes), 0, 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fadvise(fd int, offset int64, length int64, advice int) (err error) {
+	_, _, e1 := Syscall6(SYS_POSIX_FADVISE, uintptr(fd), uintptr(offset), uintptr(offset>>32), uintptr(length), uintptr(length>>32), uintptr(advice))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FACCESSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchdir(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHDIR, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchflags(fd int, flags int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHFLAGS, uintptr(fd), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmod(fd int, mode uint32) (err error) {
+	_, _, e1 := Syscall(SYS_FCHMOD, uintptr(fd), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FCHMODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchown(fd int, uid int, gid int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Flock(fd int, how int) (err error) {
+	_, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fpathconf(fd int, name int) (val int, err error) {
+	r0, _, e1 := Syscall(SYS_FPATHCONF, uintptr(fd), uintptr(name), 0)
+	val = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fstat(fd int, stat *stat_freebsd11_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fstat_freebsd12(fd int, stat *Stat_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTAT_FREEBSD12, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fstatat(fd int, path string, stat *stat_freebsd11_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FSTATAT, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fstatat_freebsd12(fd int, path string, stat *Stat_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FSTATAT_FREEBSD12, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fstatfs(fd int, stat *statfs_freebsd11_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTATFS, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fstatfs_freebsd12(fd int, stat *Statfs_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTATFS_FREEBSD12, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fsync(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ftruncate(fd int, length int64) (err error) {
+	_, _, e1 := Syscall(SYS_FTRUNCATE, uintptr(fd), uintptr(length), uintptr(length>>32))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_GETDIRENTRIES, uintptr(fd), uintptr(_p0), uintptr(len(buf)), uintptr(unsafe.Pointer(basep)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getdirentries_freebsd12(fd int, buf []byte, basep *uint64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_GETDIRENTRIES_FREEBSD12, uintptr(fd), uintptr(_p0), uintptr(len(buf)), uintptr(unsafe.Pointer(basep)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getdtablesize() (size int) {
+	r0, _, _ := Syscall(SYS_GETDTABLESIZE, 0, 0, 0)
+	size = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getegid() (egid int) {
+	r0, _, _ := RawSyscall(SYS_GETEGID, 0, 0, 0)
+	egid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Geteuid() (uid int) {
+	r0, _, _ := RawSyscall(SYS_GETEUID, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getgid() (gid int) {
+	r0, _, _ := RawSyscall(SYS_GETGID, 0, 0, 0)
+	gid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgid(pid int) (pgid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETPGID, uintptr(pid), 0, 0)
+	pgid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgrp() (pgrp int) {
+	r0, _, _ := RawSyscall(SYS_GETPGRP, 0, 0, 0)
+	pgrp = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpid() (pid int) {
+	r0, _, _ := RawSyscall(SYS_GETPID, 0, 0, 0)
+	pid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getppid() (ppid int) {
+	r0, _, _ := RawSyscall(SYS_GETPPID, 0, 0, 0)
+	ppid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpriority(which int, who int) (prio int, err error) {
+	r0, _, e1 := Syscall(SYS_GETPRIORITY, uintptr(which), uintptr(who), 0)
+	prio = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrlimit(which int, lim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrusage(who int, rusage *Rusage) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getsid(pid int) (sid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETSID, uintptr(pid), 0, 0)
+	sid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Gettimeofday(tv *Timeval) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getuid() (uid int) {
+	r0, _, _ := RawSyscall(SYS_GETUID, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Issetugid() (tainted bool) {
+	r0, _, _ := Syscall(SYS_ISSETUGID, 0, 0, 0)
+	tainted = bool(r0 != 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Kill(pid int, signum syscall.Signal) (err error) {
+	_, _, e1 := Syscall(SYS_KILL, uintptr(pid), uintptr(signum), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Kqueue() (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_KQUEUE, 0, 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lchown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LCHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Link(path string, link string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_LINKAT, uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Listen(s int, backlog int) (err error) {
+	_, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(backlog), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func lstat(path string, stat *stat_freebsd11_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LSTAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdir(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKDIR, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdirat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkfifo(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKFIFO, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mknod(path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKNOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mknodat(fd int, path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_MKNODAT, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mknodat_freebsd12(fd int, path string, mode uint32, dev uint64) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_MKNODAT_FREEBSD12, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), uintptr(dev>>32), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
+	_, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Open(path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall(SYS_OPEN, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Openat(fdat int, path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(fdat), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pathconf(path string, name int) (val int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall(SYS_PATHCONF, uintptr(unsafe.Pointer(_p0)), uintptr(name), 0)
+	val = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pread(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PREAD, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), uintptr(offset>>32), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PWRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), uintptr(offset>>32), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func read(fd int, p []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Readlink(path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_READLINK, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_READLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Rename(from string, to string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_RENAME, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Renameat(fromfd int, from string, tofd int, to string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Revoke(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_REVOKE, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Rmdir(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_RMDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
+	r0, r1, e1 := Syscall6(SYS_LSEEK, uintptr(fd), uintptr(offset), uintptr(offset>>32), uintptr(whence), 0, 0)
+	newoffset = int64(int64(r1)<<32 | int64(r0))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_SELECT, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setegid(egid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETEGID, uintptr(egid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seteuid(euid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETEUID, uintptr(euid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setgid(gid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETGID, uintptr(gid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setlogin(name string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(name)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SETLOGIN, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpgid(pid int, pgid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETPGID, uintptr(pid), uintptr(pgid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpriority(which int, who int, prio int) (err error) {
+	_, _, e1 := Syscall(SYS_SETPRIORITY, uintptr(which), uintptr(who), uintptr(prio))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setregid(rgid int, egid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setreuid(ruid int, euid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresgid(rgid int, egid int, sgid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresuid(ruid int, euid int, suid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setrlimit(which int, lim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setsid() (pid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0)
+	pid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Settimeofday(tp *Timeval) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETTIMEOFDAY, uintptr(unsafe.Pointer(tp)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setuid(uid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETUID, uintptr(uid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func stat(path string, stat *stat_freebsd11_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func statfs(path string, stat *statfs_freebsd11_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STATFS, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func statfs_freebsd12(path string, stat *Statfs_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STATFS_FREEBSD12, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Symlink(path string, link string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SYMLINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Sync() (err error) {
+	_, _, e1 := Syscall(SYS_SYNC, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Truncate(path string, length int64) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_TRUNCATE, uintptr(unsafe.Pointer(_p0)), uintptr(length), uintptr(length>>32))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Umask(newmask int) (oldmask int) {
+	r0, _, _ := Syscall(SYS_UMASK, uintptr(newmask), 0, 0)
+	oldmask = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Undelete(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNDELETE, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlink(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNLINK, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlinkat(dirfd int, path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unmount(path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNMOUNT, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func write(fd int, p []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) {
+	r0, _, e1 := Syscall9(SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), uintptr(pos), uintptr(pos>>32), 0, 0)
+	ret = uintptr(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func munmap(addr uintptr, length uintptr) (err error) {
+	_, _, e1 := Syscall(SYS_MUNMAP, uintptr(addr), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func readlen(fd int, buf *byte, nbuf int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func writelen(fd int, buf *byte, nbuf int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept4(fd int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (nfd int, err error) {
+	r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0)
+	nfd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_UTIMENSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go
new file mode 100644
index 000000000..064934b0d
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go
@@ -0,0 +1,2015 @@
+// go run mksyscall.go -tags freebsd,amd64 syscall_bsd.go syscall_freebsd.go syscall_freebsd_amd64.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build freebsd,amd64
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+var _ syscall.Errno
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getgroups(ngid int, gid *_Gid_t) (n int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setgroups(ngid int, gid *_Gid_t) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) {
+	r0, _, e1 := Syscall6(SYS_WAIT4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0)
+	wpid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_BIND, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_CONNECT, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socket(domain int, typ int, proto int) (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
+	_, _, e1 := Syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
+	_, _, e1 := Syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Shutdown(s int, how int) (err error) {
+	_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(s), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
+	_, _, e1 := RawSyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_RECVFROM, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS_SENDTO, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_RECVMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_SENDMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, nevent int, timeout *Timespec) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_KEVENT, uintptr(kq), uintptr(change), uintptr(nchange), uintptr(event), uintptr(nevent), uintptr(unsafe.Pointer(timeout)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimes(path string, timeval *[2]Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UTIMES, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func futimes(fd int, timeval *[2]Timeval) (err error) {
+	_, _, e1 := Syscall(SYS_FUTIMES, uintptr(fd), uintptr(unsafe.Pointer(timeval)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Madvise(b []byte, behav int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MADVISE, uintptr(_p0), uintptr(len(b)), uintptr(behav))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlock(b []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MLOCK, uintptr(_p0), uintptr(len(b)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlockall(flags int) (err error) {
+	_, _, e1 := Syscall(SYS_MLOCKALL, uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mprotect(b []byte, prot int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MPROTECT, uintptr(_p0), uintptr(len(b)), uintptr(prot))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Msync(b []byte, flags int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MSYNC, uintptr(_p0), uintptr(len(b)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlock(b []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MUNLOCK, uintptr(_p0), uintptr(len(b)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlockall() (err error) {
+	_, _, e1 := Syscall(SYS_MUNLOCKALL, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pipe2(p *[2]_C_int, flags int) (err error) {
+	_, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getcwd(buf []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS___GETCWD, uintptr(_p0), uintptr(len(buf)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ioctl(fd int, req uint, arg uintptr) (err error) {
+	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
+	var _p0 unsafe.Pointer
+	if len(mib) > 0 {
+		_p0 = unsafe.Pointer(&mib[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ptrace(request int, pid int, addr uintptr, data int) (err error) {
+	_, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Access(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_ACCESS, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Adjtime(delta *Timeval, olddelta *Timeval) (err error) {
+	_, _, e1 := Syscall(SYS_ADJTIME, uintptr(unsafe.Pointer(delta)), uintptr(unsafe.Pointer(olddelta)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func CapEnter() (err error) {
+	_, _, e1 := Syscall(SYS_CAP_ENTER, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func capRightsGet(version int, fd int, rightsp *CapRights) (err error) {
+	_, _, e1 := Syscall(SYS___CAP_RIGHTS_GET, uintptr(version), uintptr(fd), uintptr(unsafe.Pointer(rightsp)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func capRightsLimit(fd int, rightsp *CapRights) (err error) {
+	_, _, e1 := Syscall(SYS_CAP_RIGHTS_LIMIT, uintptr(fd), uintptr(unsafe.Pointer(rightsp)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chdir(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chflags(path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHFLAGS, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chmod(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHMOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chroot(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHROOT, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Close(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup(fd int) (nfd int, err error) {
+	r0, _, e1 := Syscall(SYS_DUP, uintptr(fd), 0, 0)
+	nfd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup2(from int, to int) (err error) {
+	_, _, e1 := Syscall(SYS_DUP2, uintptr(from), uintptr(to), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Exit(code int) {
+	Syscall(SYS_EXIT, uintptr(code), 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrGetFd(fd int, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_GET_FD, uintptr(fd), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p0)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrSetFd(fd int, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_SET_FD, uintptr(fd), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p0)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrDeleteFd(fd int, attrnamespace int, attrname string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_EXTATTR_DELETE_FD, uintptr(fd), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p0)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrListFd(fd int, attrnamespace int, data uintptr, nbytes int) (ret int, err error) {
+	r0, _, e1 := Syscall6(SYS_EXTATTR_LIST_FD, uintptr(fd), uintptr(attrnamespace), uintptr(data), uintptr(nbytes), 0, 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrGetFile(file string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(file)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_GET_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrSetFile(file string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(file)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_SET_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrDeleteFile(file string, attrnamespace int, attrname string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(file)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_EXTATTR_DELETE_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrListFile(file string, attrnamespace int, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(file)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_LIST_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(data), uintptr(nbytes), 0, 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrGetLink(link string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_GET_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrSetLink(link string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_SET_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrDeleteLink(link string, attrnamespace int, attrname string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_EXTATTR_DELETE_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrListLink(link string, attrnamespace int, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_LIST_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(data), uintptr(nbytes), 0, 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fadvise(fd int, offset int64, length int64, advice int) (err error) {
+	_, _, e1 := Syscall6(SYS_POSIX_FADVISE, uintptr(fd), uintptr(offset), uintptr(length), uintptr(advice), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FACCESSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchdir(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHDIR, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchflags(fd int, flags int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHFLAGS, uintptr(fd), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmod(fd int, mode uint32) (err error) {
+	_, _, e1 := Syscall(SYS_FCHMOD, uintptr(fd), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FCHMODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchown(fd int, uid int, gid int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Flock(fd int, how int) (err error) {
+	_, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fpathconf(fd int, name int) (val int, err error) {
+	r0, _, e1 := Syscall(SYS_FPATHCONF, uintptr(fd), uintptr(name), 0)
+	val = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fstat(fd int, stat *stat_freebsd11_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fstat_freebsd12(fd int, stat *Stat_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTAT_FREEBSD12, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fstatat(fd int, path string, stat *stat_freebsd11_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FSTATAT, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fstatat_freebsd12(fd int, path string, stat *Stat_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FSTATAT_FREEBSD12, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fstatfs(fd int, stat *statfs_freebsd11_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTATFS, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fstatfs_freebsd12(fd int, stat *Statfs_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTATFS_FREEBSD12, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fsync(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ftruncate(fd int, length int64) (err error) {
+	_, _, e1 := Syscall(SYS_FTRUNCATE, uintptr(fd), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_GETDIRENTRIES, uintptr(fd), uintptr(_p0), uintptr(len(buf)), uintptr(unsafe.Pointer(basep)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getdirentries_freebsd12(fd int, buf []byte, basep *uint64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_GETDIRENTRIES_FREEBSD12, uintptr(fd), uintptr(_p0), uintptr(len(buf)), uintptr(unsafe.Pointer(basep)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getdtablesize() (size int) {
+	r0, _, _ := Syscall(SYS_GETDTABLESIZE, 0, 0, 0)
+	size = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getegid() (egid int) {
+	r0, _, _ := RawSyscall(SYS_GETEGID, 0, 0, 0)
+	egid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Geteuid() (uid int) {
+	r0, _, _ := RawSyscall(SYS_GETEUID, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getgid() (gid int) {
+	r0, _, _ := RawSyscall(SYS_GETGID, 0, 0, 0)
+	gid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgid(pid int) (pgid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETPGID, uintptr(pid), 0, 0)
+	pgid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgrp() (pgrp int) {
+	r0, _, _ := RawSyscall(SYS_GETPGRP, 0, 0, 0)
+	pgrp = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpid() (pid int) {
+	r0, _, _ := RawSyscall(SYS_GETPID, 0, 0, 0)
+	pid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getppid() (ppid int) {
+	r0, _, _ := RawSyscall(SYS_GETPPID, 0, 0, 0)
+	ppid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpriority(which int, who int) (prio int, err error) {
+	r0, _, e1 := Syscall(SYS_GETPRIORITY, uintptr(which), uintptr(who), 0)
+	prio = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrlimit(which int, lim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrusage(who int, rusage *Rusage) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getsid(pid int) (sid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETSID, uintptr(pid), 0, 0)
+	sid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Gettimeofday(tv *Timeval) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getuid() (uid int) {
+	r0, _, _ := RawSyscall(SYS_GETUID, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Issetugid() (tainted bool) {
+	r0, _, _ := Syscall(SYS_ISSETUGID, 0, 0, 0)
+	tainted = bool(r0 != 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Kill(pid int, signum syscall.Signal) (err error) {
+	_, _, e1 := Syscall(SYS_KILL, uintptr(pid), uintptr(signum), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Kqueue() (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_KQUEUE, 0, 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lchown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LCHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Link(path string, link string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_LINKAT, uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Listen(s int, backlog int) (err error) {
+	_, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(backlog), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func lstat(path string, stat *stat_freebsd11_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LSTAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdir(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKDIR, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdirat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkfifo(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKFIFO, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mknod(path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKNOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mknodat(fd int, path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_MKNODAT, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mknodat_freebsd12(fd int, path string, mode uint32, dev uint64) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_MKNODAT_FREEBSD12, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
+	_, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Open(path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall(SYS_OPEN, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Openat(fdat int, path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(fdat), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pathconf(path string, name int) (val int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall(SYS_PATHCONF, uintptr(unsafe.Pointer(_p0)), uintptr(name), 0)
+	val = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pread(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PREAD, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PWRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func read(fd int, p []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Readlink(path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_READLINK, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_READLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Rename(from string, to string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_RENAME, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Renameat(fromfd int, from string, tofd int, to string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Revoke(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_REVOKE, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Rmdir(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_RMDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
+	r0, _, e1 := Syscall(SYS_LSEEK, uintptr(fd), uintptr(offset), uintptr(whence))
+	newoffset = int64(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_SELECT, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setegid(egid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETEGID, uintptr(egid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seteuid(euid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETEUID, uintptr(euid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setgid(gid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETGID, uintptr(gid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setlogin(name string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(name)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SETLOGIN, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpgid(pid int, pgid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETPGID, uintptr(pid), uintptr(pgid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpriority(which int, who int, prio int) (err error) {
+	_, _, e1 := Syscall(SYS_SETPRIORITY, uintptr(which), uintptr(who), uintptr(prio))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setregid(rgid int, egid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setreuid(ruid int, euid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresgid(rgid int, egid int, sgid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresuid(ruid int, euid int, suid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setrlimit(which int, lim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setsid() (pid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0)
+	pid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Settimeofday(tp *Timeval) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETTIMEOFDAY, uintptr(unsafe.Pointer(tp)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setuid(uid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETUID, uintptr(uid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func stat(path string, stat *stat_freebsd11_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func statfs(path string, stat *statfs_freebsd11_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STATFS, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func statfs_freebsd12(path string, stat *Statfs_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STATFS_FREEBSD12, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Symlink(path string, link string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SYMLINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Sync() (err error) {
+	_, _, e1 := Syscall(SYS_SYNC, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Truncate(path string, length int64) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_TRUNCATE, uintptr(unsafe.Pointer(_p0)), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Umask(newmask int) (oldmask int) {
+	r0, _, _ := Syscall(SYS_UMASK, uintptr(newmask), 0, 0)
+	oldmask = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Undelete(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNDELETE, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlink(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNLINK, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlinkat(dirfd int, path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unmount(path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNMOUNT, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func write(fd int, p []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) {
+	r0, _, e1 := Syscall6(SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), uintptr(pos))
+	ret = uintptr(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func munmap(addr uintptr, length uintptr) (err error) {
+	_, _, e1 := Syscall(SYS_MUNMAP, uintptr(addr), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func readlen(fd int, buf *byte, nbuf int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func writelen(fd int, buf *byte, nbuf int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept4(fd int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (nfd int, err error) {
+	r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0)
+	nfd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_UTIMENSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go
new file mode 100644
index 000000000..31d2c4616
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go
@@ -0,0 +1,2015 @@
+// go run mksyscall.go -l32 -arm -tags freebsd,arm syscall_bsd.go syscall_freebsd.go syscall_freebsd_arm.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build freebsd,arm
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+var _ syscall.Errno
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getgroups(ngid int, gid *_Gid_t) (n int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setgroups(ngid int, gid *_Gid_t) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) {
+	r0, _, e1 := Syscall6(SYS_WAIT4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0)
+	wpid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_BIND, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_CONNECT, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socket(domain int, typ int, proto int) (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
+	_, _, e1 := Syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
+	_, _, e1 := Syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Shutdown(s int, how int) (err error) {
+	_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(s), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
+	_, _, e1 := RawSyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_RECVFROM, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS_SENDTO, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_RECVMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_SENDMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, nevent int, timeout *Timespec) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_KEVENT, uintptr(kq), uintptr(change), uintptr(nchange), uintptr(event), uintptr(nevent), uintptr(unsafe.Pointer(timeout)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimes(path string, timeval *[2]Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UTIMES, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func futimes(fd int, timeval *[2]Timeval) (err error) {
+	_, _, e1 := Syscall(SYS_FUTIMES, uintptr(fd), uintptr(unsafe.Pointer(timeval)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Madvise(b []byte, behav int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MADVISE, uintptr(_p0), uintptr(len(b)), uintptr(behav))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlock(b []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MLOCK, uintptr(_p0), uintptr(len(b)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlockall(flags int) (err error) {
+	_, _, e1 := Syscall(SYS_MLOCKALL, uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mprotect(b []byte, prot int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MPROTECT, uintptr(_p0), uintptr(len(b)), uintptr(prot))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Msync(b []byte, flags int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MSYNC, uintptr(_p0), uintptr(len(b)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlock(b []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MUNLOCK, uintptr(_p0), uintptr(len(b)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlockall() (err error) {
+	_, _, e1 := Syscall(SYS_MUNLOCKALL, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
+	var _p0 unsafe.Pointer
+	if len(mib) > 0 {
+		_p0 = unsafe.Pointer(&mib[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pipe2(p *[2]_C_int, flags int) (err error) {
+	_, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getcwd(buf []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS___GETCWD, uintptr(_p0), uintptr(len(buf)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ioctl(fd int, req uint, arg uintptr) (err error) {
+	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ptrace(request int, pid int, addr uintptr, data int) (err error) {
+	_, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Access(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_ACCESS, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Adjtime(delta *Timeval, olddelta *Timeval) (err error) {
+	_, _, e1 := Syscall(SYS_ADJTIME, uintptr(unsafe.Pointer(delta)), uintptr(unsafe.Pointer(olddelta)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func CapEnter() (err error) {
+	_, _, e1 := Syscall(SYS_CAP_ENTER, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func capRightsGet(version int, fd int, rightsp *CapRights) (err error) {
+	_, _, e1 := Syscall(SYS___CAP_RIGHTS_GET, uintptr(version), uintptr(fd), uintptr(unsafe.Pointer(rightsp)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func capRightsLimit(fd int, rightsp *CapRights) (err error) {
+	_, _, e1 := Syscall(SYS_CAP_RIGHTS_LIMIT, uintptr(fd), uintptr(unsafe.Pointer(rightsp)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chdir(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chflags(path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHFLAGS, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chmod(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHMOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chroot(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHROOT, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Close(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup(fd int) (nfd int, err error) {
+	r0, _, e1 := Syscall(SYS_DUP, uintptr(fd), 0, 0)
+	nfd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup2(from int, to int) (err error) {
+	_, _, e1 := Syscall(SYS_DUP2, uintptr(from), uintptr(to), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Exit(code int) {
+	Syscall(SYS_EXIT, uintptr(code), 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrGetFd(fd int, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_GET_FD, uintptr(fd), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p0)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrSetFd(fd int, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_SET_FD, uintptr(fd), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p0)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrDeleteFd(fd int, attrnamespace int, attrname string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_EXTATTR_DELETE_FD, uintptr(fd), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p0)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrListFd(fd int, attrnamespace int, data uintptr, nbytes int) (ret int, err error) {
+	r0, _, e1 := Syscall6(SYS_EXTATTR_LIST_FD, uintptr(fd), uintptr(attrnamespace), uintptr(data), uintptr(nbytes), 0, 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrGetFile(file string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(file)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_GET_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrSetFile(file string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(file)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_SET_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrDeleteFile(file string, attrnamespace int, attrname string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(file)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_EXTATTR_DELETE_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrListFile(file string, attrnamespace int, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(file)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_LIST_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(data), uintptr(nbytes), 0, 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrGetLink(link string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_GET_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrSetLink(link string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_SET_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrDeleteLink(link string, attrnamespace int, attrname string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_EXTATTR_DELETE_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrListLink(link string, attrnamespace int, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_LIST_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(data), uintptr(nbytes), 0, 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fadvise(fd int, offset int64, length int64, advice int) (err error) {
+	_, _, e1 := Syscall9(SYS_POSIX_FADVISE, uintptr(fd), 0, uintptr(offset), uintptr(offset>>32), uintptr(length), uintptr(length>>32), uintptr(advice), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FACCESSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchdir(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHDIR, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchflags(fd int, flags int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHFLAGS, uintptr(fd), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmod(fd int, mode uint32) (err error) {
+	_, _, e1 := Syscall(SYS_FCHMOD, uintptr(fd), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FCHMODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchown(fd int, uid int, gid int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Flock(fd int, how int) (err error) {
+	_, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fpathconf(fd int, name int) (val int, err error) {
+	r0, _, e1 := Syscall(SYS_FPATHCONF, uintptr(fd), uintptr(name), 0)
+	val = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fstat(fd int, stat *stat_freebsd11_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fstat_freebsd12(fd int, stat *Stat_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTAT_FREEBSD12, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fstatat(fd int, path string, stat *stat_freebsd11_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FSTATAT, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fstatat_freebsd12(fd int, path string, stat *Stat_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FSTATAT_FREEBSD12, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fstatfs(fd int, stat *statfs_freebsd11_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTATFS, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fstatfs_freebsd12(fd int, stat *Statfs_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTATFS_FREEBSD12, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fsync(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ftruncate(fd int, length int64) (err error) {
+	_, _, e1 := Syscall6(SYS_FTRUNCATE, uintptr(fd), 0, uintptr(length), uintptr(length>>32), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_GETDIRENTRIES, uintptr(fd), uintptr(_p0), uintptr(len(buf)), uintptr(unsafe.Pointer(basep)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getdirentries_freebsd12(fd int, buf []byte, basep *uint64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_GETDIRENTRIES_FREEBSD12, uintptr(fd), uintptr(_p0), uintptr(len(buf)), uintptr(unsafe.Pointer(basep)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getdtablesize() (size int) {
+	r0, _, _ := Syscall(SYS_GETDTABLESIZE, 0, 0, 0)
+	size = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getegid() (egid int) {
+	r0, _, _ := RawSyscall(SYS_GETEGID, 0, 0, 0)
+	egid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Geteuid() (uid int) {
+	r0, _, _ := RawSyscall(SYS_GETEUID, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getgid() (gid int) {
+	r0, _, _ := RawSyscall(SYS_GETGID, 0, 0, 0)
+	gid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgid(pid int) (pgid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETPGID, uintptr(pid), 0, 0)
+	pgid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgrp() (pgrp int) {
+	r0, _, _ := RawSyscall(SYS_GETPGRP, 0, 0, 0)
+	pgrp = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpid() (pid int) {
+	r0, _, _ := RawSyscall(SYS_GETPID, 0, 0, 0)
+	pid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getppid() (ppid int) {
+	r0, _, _ := RawSyscall(SYS_GETPPID, 0, 0, 0)
+	ppid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpriority(which int, who int) (prio int, err error) {
+	r0, _, e1 := Syscall(SYS_GETPRIORITY, uintptr(which), uintptr(who), 0)
+	prio = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrlimit(which int, lim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrusage(who int, rusage *Rusage) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getsid(pid int) (sid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETSID, uintptr(pid), 0, 0)
+	sid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Gettimeofday(tv *Timeval) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getuid() (uid int) {
+	r0, _, _ := RawSyscall(SYS_GETUID, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Issetugid() (tainted bool) {
+	r0, _, _ := Syscall(SYS_ISSETUGID, 0, 0, 0)
+	tainted = bool(r0 != 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Kill(pid int, signum syscall.Signal) (err error) {
+	_, _, e1 := Syscall(SYS_KILL, uintptr(pid), uintptr(signum), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Kqueue() (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_KQUEUE, 0, 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lchown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LCHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Link(path string, link string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_LINKAT, uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Listen(s int, backlog int) (err error) {
+	_, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(backlog), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func lstat(path string, stat *stat_freebsd11_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LSTAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdir(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKDIR, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdirat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkfifo(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKFIFO, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mknod(path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKNOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mknodat(fd int, path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_MKNODAT, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mknodat_freebsd12(fd int, path string, mode uint32, dev uint64) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_MKNODAT_FREEBSD12, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
+	_, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Open(path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall(SYS_OPEN, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Openat(fdat int, path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(fdat), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pathconf(path string, name int) (val int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall(SYS_PATHCONF, uintptr(unsafe.Pointer(_p0)), uintptr(name), 0)
+	val = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pread(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PREAD, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset), uintptr(offset>>32))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PWRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset), uintptr(offset>>32))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func read(fd int, p []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Readlink(path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_READLINK, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_READLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Rename(from string, to string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_RENAME, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Renameat(fromfd int, from string, tofd int, to string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Revoke(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_REVOKE, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Rmdir(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_RMDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
+	r0, r1, e1 := Syscall6(SYS_LSEEK, uintptr(fd), 0, uintptr(offset), uintptr(offset>>32), uintptr(whence), 0)
+	newoffset = int64(int64(r1)<<32 | int64(r0))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_SELECT, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setegid(egid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETEGID, uintptr(egid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seteuid(euid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETEUID, uintptr(euid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setgid(gid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETGID, uintptr(gid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setlogin(name string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(name)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SETLOGIN, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpgid(pid int, pgid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETPGID, uintptr(pid), uintptr(pgid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpriority(which int, who int, prio int) (err error) {
+	_, _, e1 := Syscall(SYS_SETPRIORITY, uintptr(which), uintptr(who), uintptr(prio))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setregid(rgid int, egid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setreuid(ruid int, euid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresgid(rgid int, egid int, sgid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresuid(ruid int, euid int, suid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setrlimit(which int, lim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setsid() (pid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0)
+	pid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Settimeofday(tp *Timeval) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETTIMEOFDAY, uintptr(unsafe.Pointer(tp)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setuid(uid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETUID, uintptr(uid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func stat(path string, stat *stat_freebsd11_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func statfs(path string, stat *statfs_freebsd11_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STATFS, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func statfs_freebsd12(path string, stat *Statfs_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STATFS_FREEBSD12, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Symlink(path string, link string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SYMLINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Sync() (err error) {
+	_, _, e1 := Syscall(SYS_SYNC, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Truncate(path string, length int64) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_TRUNCATE, uintptr(unsafe.Pointer(_p0)), 0, uintptr(length), uintptr(length>>32), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Umask(newmask int) (oldmask int) {
+	r0, _, _ := Syscall(SYS_UMASK, uintptr(newmask), 0, 0)
+	oldmask = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Undelete(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNDELETE, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlink(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNLINK, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlinkat(dirfd int, path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unmount(path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNMOUNT, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func write(fd int, p []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) {
+	r0, _, e1 := Syscall9(SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), 0, uintptr(pos), uintptr(pos>>32), 0)
+	ret = uintptr(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func munmap(addr uintptr, length uintptr) (err error) {
+	_, _, e1 := Syscall(SYS_MUNMAP, uintptr(addr), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func readlen(fd int, buf *byte, nbuf int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func writelen(fd int, buf *byte, nbuf int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept4(fd int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (nfd int, err error) {
+	r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0)
+	nfd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_UTIMENSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go
new file mode 100644
index 000000000..4adaaa561
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go
@@ -0,0 +1,2015 @@
+// go run mksyscall.go -tags freebsd,arm64 syscall_bsd.go syscall_freebsd.go syscall_freebsd_arm64.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build freebsd,arm64
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+var _ syscall.Errno
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getgroups(ngid int, gid *_Gid_t) (n int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setgroups(ngid int, gid *_Gid_t) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) {
+	r0, _, e1 := Syscall6(SYS_WAIT4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0)
+	wpid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_BIND, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_CONNECT, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socket(domain int, typ int, proto int) (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
+	_, _, e1 := Syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
+	_, _, e1 := Syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Shutdown(s int, how int) (err error) {
+	_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(s), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
+	_, _, e1 := RawSyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_RECVFROM, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS_SENDTO, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_RECVMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_SENDMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, nevent int, timeout *Timespec) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_KEVENT, uintptr(kq), uintptr(change), uintptr(nchange), uintptr(event), uintptr(nevent), uintptr(unsafe.Pointer(timeout)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimes(path string, timeval *[2]Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UTIMES, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func futimes(fd int, timeval *[2]Timeval) (err error) {
+	_, _, e1 := Syscall(SYS_FUTIMES, uintptr(fd), uintptr(unsafe.Pointer(timeval)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Madvise(b []byte, behav int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MADVISE, uintptr(_p0), uintptr(len(b)), uintptr(behav))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlock(b []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MLOCK, uintptr(_p0), uintptr(len(b)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlockall(flags int) (err error) {
+	_, _, e1 := Syscall(SYS_MLOCKALL, uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mprotect(b []byte, prot int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MPROTECT, uintptr(_p0), uintptr(len(b)), uintptr(prot))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Msync(b []byte, flags int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MSYNC, uintptr(_p0), uintptr(len(b)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlock(b []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MUNLOCK, uintptr(_p0), uintptr(len(b)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlockall() (err error) {
+	_, _, e1 := Syscall(SYS_MUNLOCKALL, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pipe2(p *[2]_C_int, flags int) (err error) {
+	_, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getcwd(buf []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS___GETCWD, uintptr(_p0), uintptr(len(buf)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ioctl(fd int, req uint, arg uintptr) (err error) {
+	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
+	var _p0 unsafe.Pointer
+	if len(mib) > 0 {
+		_p0 = unsafe.Pointer(&mib[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ptrace(request int, pid int, addr uintptr, data int) (err error) {
+	_, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Access(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_ACCESS, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Adjtime(delta *Timeval, olddelta *Timeval) (err error) {
+	_, _, e1 := Syscall(SYS_ADJTIME, uintptr(unsafe.Pointer(delta)), uintptr(unsafe.Pointer(olddelta)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func CapEnter() (err error) {
+	_, _, e1 := Syscall(SYS_CAP_ENTER, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func capRightsGet(version int, fd int, rightsp *CapRights) (err error) {
+	_, _, e1 := Syscall(SYS___CAP_RIGHTS_GET, uintptr(version), uintptr(fd), uintptr(unsafe.Pointer(rightsp)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func capRightsLimit(fd int, rightsp *CapRights) (err error) {
+	_, _, e1 := Syscall(SYS_CAP_RIGHTS_LIMIT, uintptr(fd), uintptr(unsafe.Pointer(rightsp)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chdir(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chflags(path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHFLAGS, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chmod(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHMOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chroot(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHROOT, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Close(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup(fd int) (nfd int, err error) {
+	r0, _, e1 := Syscall(SYS_DUP, uintptr(fd), 0, 0)
+	nfd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup2(from int, to int) (err error) {
+	_, _, e1 := Syscall(SYS_DUP2, uintptr(from), uintptr(to), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Exit(code int) {
+	Syscall(SYS_EXIT, uintptr(code), 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrGetFd(fd int, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_GET_FD, uintptr(fd), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p0)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrSetFd(fd int, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_SET_FD, uintptr(fd), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p0)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrDeleteFd(fd int, attrnamespace int, attrname string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_EXTATTR_DELETE_FD, uintptr(fd), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p0)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrListFd(fd int, attrnamespace int, data uintptr, nbytes int) (ret int, err error) {
+	r0, _, e1 := Syscall6(SYS_EXTATTR_LIST_FD, uintptr(fd), uintptr(attrnamespace), uintptr(data), uintptr(nbytes), 0, 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrGetFile(file string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(file)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_GET_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrSetFile(file string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(file)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_SET_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrDeleteFile(file string, attrnamespace int, attrname string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(file)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_EXTATTR_DELETE_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrListFile(file string, attrnamespace int, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(file)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_LIST_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(data), uintptr(nbytes), 0, 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrGetLink(link string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_GET_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrSetLink(link string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_SET_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrDeleteLink(link string, attrnamespace int, attrname string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_EXTATTR_DELETE_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrListLink(link string, attrnamespace int, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_LIST_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(data), uintptr(nbytes), 0, 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fadvise(fd int, offset int64, length int64, advice int) (err error) {
+	_, _, e1 := Syscall6(SYS_POSIX_FADVISE, uintptr(fd), uintptr(offset), uintptr(length), uintptr(advice), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FACCESSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchdir(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHDIR, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchflags(fd int, flags int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHFLAGS, uintptr(fd), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmod(fd int, mode uint32) (err error) {
+	_, _, e1 := Syscall(SYS_FCHMOD, uintptr(fd), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FCHMODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchown(fd int, uid int, gid int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Flock(fd int, how int) (err error) {
+	_, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fpathconf(fd int, name int) (val int, err error) {
+	r0, _, e1 := Syscall(SYS_FPATHCONF, uintptr(fd), uintptr(name), 0)
+	val = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fstat(fd int, stat *stat_freebsd11_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fstat_freebsd12(fd int, stat *Stat_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTAT_FREEBSD12, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fstatat(fd int, path string, stat *stat_freebsd11_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FSTATAT, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fstatat_freebsd12(fd int, path string, stat *Stat_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FSTATAT_FREEBSD12, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fstatfs(fd int, stat *statfs_freebsd11_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTATFS, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fstatfs_freebsd12(fd int, stat *Statfs_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTATFS_FREEBSD12, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fsync(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ftruncate(fd int, length int64) (err error) {
+	_, _, e1 := Syscall(SYS_FTRUNCATE, uintptr(fd), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_GETDIRENTRIES, uintptr(fd), uintptr(_p0), uintptr(len(buf)), uintptr(unsafe.Pointer(basep)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getdirentries_freebsd12(fd int, buf []byte, basep *uint64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_GETDIRENTRIES_FREEBSD12, uintptr(fd), uintptr(_p0), uintptr(len(buf)), uintptr(unsafe.Pointer(basep)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getdtablesize() (size int) {
+	r0, _, _ := Syscall(SYS_GETDTABLESIZE, 0, 0, 0)
+	size = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getegid() (egid int) {
+	r0, _, _ := RawSyscall(SYS_GETEGID, 0, 0, 0)
+	egid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Geteuid() (uid int) {
+	r0, _, _ := RawSyscall(SYS_GETEUID, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getgid() (gid int) {
+	r0, _, _ := RawSyscall(SYS_GETGID, 0, 0, 0)
+	gid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgid(pid int) (pgid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETPGID, uintptr(pid), 0, 0)
+	pgid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgrp() (pgrp int) {
+	r0, _, _ := RawSyscall(SYS_GETPGRP, 0, 0, 0)
+	pgrp = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpid() (pid int) {
+	r0, _, _ := RawSyscall(SYS_GETPID, 0, 0, 0)
+	pid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getppid() (ppid int) {
+	r0, _, _ := RawSyscall(SYS_GETPPID, 0, 0, 0)
+	ppid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpriority(which int, who int) (prio int, err error) {
+	r0, _, e1 := Syscall(SYS_GETPRIORITY, uintptr(which), uintptr(who), 0)
+	prio = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrlimit(which int, lim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrusage(who int, rusage *Rusage) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getsid(pid int) (sid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETSID, uintptr(pid), 0, 0)
+	sid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Gettimeofday(tv *Timeval) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getuid() (uid int) {
+	r0, _, _ := RawSyscall(SYS_GETUID, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Issetugid() (tainted bool) {
+	r0, _, _ := Syscall(SYS_ISSETUGID, 0, 0, 0)
+	tainted = bool(r0 != 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Kill(pid int, signum syscall.Signal) (err error) {
+	_, _, e1 := Syscall(SYS_KILL, uintptr(pid), uintptr(signum), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Kqueue() (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_KQUEUE, 0, 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lchown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LCHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Link(path string, link string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_LINKAT, uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Listen(s int, backlog int) (err error) {
+	_, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(backlog), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func lstat(path string, stat *stat_freebsd11_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LSTAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdir(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKDIR, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdirat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkfifo(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKFIFO, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mknod(path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKNOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mknodat(fd int, path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_MKNODAT, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mknodat_freebsd12(fd int, path string, mode uint32, dev uint64) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_MKNODAT_FREEBSD12, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
+	_, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Open(path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall(SYS_OPEN, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Openat(fdat int, path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(fdat), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pathconf(path string, name int) (val int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall(SYS_PATHCONF, uintptr(unsafe.Pointer(_p0)), uintptr(name), 0)
+	val = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pread(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PREAD, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PWRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func read(fd int, p []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Readlink(path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_READLINK, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_READLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Rename(from string, to string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_RENAME, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Renameat(fromfd int, from string, tofd int, to string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Revoke(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_REVOKE, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Rmdir(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_RMDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
+	r0, _, e1 := Syscall(SYS_LSEEK, uintptr(fd), uintptr(offset), uintptr(whence))
+	newoffset = int64(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_SELECT, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setegid(egid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETEGID, uintptr(egid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seteuid(euid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETEUID, uintptr(euid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setgid(gid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETGID, uintptr(gid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setlogin(name string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(name)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SETLOGIN, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpgid(pid int, pgid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETPGID, uintptr(pid), uintptr(pgid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpriority(which int, who int, prio int) (err error) {
+	_, _, e1 := Syscall(SYS_SETPRIORITY, uintptr(which), uintptr(who), uintptr(prio))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setregid(rgid int, egid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setreuid(ruid int, euid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresgid(rgid int, egid int, sgid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresuid(ruid int, euid int, suid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setrlimit(which int, lim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setsid() (pid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0)
+	pid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Settimeofday(tp *Timeval) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETTIMEOFDAY, uintptr(unsafe.Pointer(tp)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setuid(uid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETUID, uintptr(uid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func stat(path string, stat *stat_freebsd11_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func statfs(path string, stat *statfs_freebsd11_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STATFS, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func statfs_freebsd12(path string, stat *Statfs_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STATFS_FREEBSD12, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Symlink(path string, link string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SYMLINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Sync() (err error) {
+	_, _, e1 := Syscall(SYS_SYNC, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Truncate(path string, length int64) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_TRUNCATE, uintptr(unsafe.Pointer(_p0)), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Umask(newmask int) (oldmask int) {
+	r0, _, _ := Syscall(SYS_UMASK, uintptr(newmask), 0, 0)
+	oldmask = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Undelete(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNDELETE, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlink(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNLINK, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlinkat(dirfd int, path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unmount(path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNMOUNT, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func write(fd int, p []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) {
+	r0, _, e1 := Syscall6(SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), uintptr(pos))
+	ret = uintptr(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func munmap(addr uintptr, length uintptr) (err error) {
+	_, _, e1 := Syscall(SYS_MUNMAP, uintptr(addr), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func readlen(fd int, buf *byte, nbuf int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func writelen(fd int, buf *byte, nbuf int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept4(fd int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (nfd int, err error) {
+	r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0)
+	nfd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_UTIMENSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go
new file mode 100644
index 000000000..d3af083f4
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go
@@ -0,0 +1,114 @@
+// go run mksyscall_solaris.go -illumos -tags illumos,amd64 syscall_illumos.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build illumos,amd64
+
+package unix
+
+import (
+	"unsafe"
+)
+
+//go:cgo_import_dynamic libc_readv readv "libc.so"
+//go:cgo_import_dynamic libc_preadv preadv "libc.so"
+//go:cgo_import_dynamic libc_writev writev "libc.so"
+//go:cgo_import_dynamic libc_pwritev pwritev "libc.so"
+//go:cgo_import_dynamic libc_accept4 accept4 "libsocket.so"
+//go:cgo_import_dynamic libc_pipe2 pipe2 "libc.so"
+
+//go:linkname procreadv libc_readv
+//go:linkname procpreadv libc_preadv
+//go:linkname procwritev libc_writev
+//go:linkname procpwritev libc_pwritev
+//go:linkname procaccept4 libc_accept4
+//go:linkname procpipe2 libc_pipe2
+
+var (
+	procreadv,
+	procpreadv,
+	procwritev,
+	procpwritev,
+	procaccept4,
+	procpipe2 syscallFunc
+)
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func readv(fd int, iovs []Iovec) (n int, err error) {
+	var _p0 *Iovec
+	if len(iovs) > 0 {
+		_p0 = &iovs[0]
+	}
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procreadv)), 3, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(len(iovs)), 0, 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func preadv(fd int, iovs []Iovec, off int64) (n int, err error) {
+	var _p0 *Iovec
+	if len(iovs) > 0 {
+		_p0 = &iovs[0]
+	}
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procpreadv)), 4, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(len(iovs)), uintptr(off), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func writev(fd int, iovs []Iovec) (n int, err error) {
+	var _p0 *Iovec
+	if len(iovs) > 0 {
+		_p0 = &iovs[0]
+	}
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procwritev)), 3, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(len(iovs)), 0, 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pwritev(fd int, iovs []Iovec, off int64) (n int, err error) {
+	var _p0 *Iovec
+	if len(iovs) > 0 {
+		_p0 = &iovs[0]
+	}
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procpwritev)), 4, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(len(iovs)), uintptr(off), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) {
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procaccept4)), 4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pipe2(p *[2]_C_int, flags int) (err error) {
+	_, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procpipe2)), 2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_linux.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_linux.go
new file mode 100644
index 000000000..2fbbbe5a8
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_linux.go
@@ -0,0 +1,1933 @@
+// Code generated by mkmerge.go; DO NOT EDIT.
+
+// +build linux
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func FanotifyInit(flags uint, event_f_flags uint) (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_FANOTIFY_INIT, uintptr(flags), uintptr(event_f_flags), 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fchmodat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_FCHMODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ioctl(fd int, req uint, arg uintptr) (err error) {
+	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Linkat(olddirfd int, oldpath string, newdirfd int, newpath string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_LINKAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags), uintptr(mode), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func openat2(dirfd int, path string, open_how *OpenHow, size int) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_OPENAT2, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(open_how)), uintptr(size), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_PPOLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_READLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlinkat(dirfd int, path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_UTIMENSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getcwd(buf []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_GETCWD, uintptr(_p0), uintptr(len(buf)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) {
+	r0, _, e1 := Syscall6(SYS_WAIT4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0)
+	wpid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func KeyctlInt(cmd int, arg2 int, arg3 int, arg4 int, arg5 int) (ret int, err error) {
+	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(arg3), uintptr(arg4), uintptr(arg5), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func KeyctlBuffer(cmd int, arg2 int, buf []byte, arg5 int) (ret int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(_p0), uintptr(len(buf)), uintptr(arg5), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func keyctlJoin(cmd int, arg2 string) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(arg2)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall(SYS_KEYCTL, uintptr(cmd), uintptr(unsafe.Pointer(_p0)), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func keyctlSearch(cmd int, arg2 int, arg3 string, arg4 string, arg5 int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(arg3)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(arg4)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(arg5), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func keyctlIOV(cmd int, arg2 int, payload []Iovec, arg5 int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(payload) > 0 {
+		_p0 = unsafe.Pointer(&payload[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(_p0), uintptr(len(payload)), uintptr(arg5), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func keyctlDH(cmd int, arg2 *KeyctlDHParams, buf []byte) (ret int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(unsafe.Pointer(arg2)), uintptr(_p0), uintptr(len(buf)), 0, 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func keyctlRestrictKeyringByType(cmd int, arg2 int, keyType string, restriction string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(keyType)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(restriction)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func keyctlRestrictKeyring(cmd int, arg2 int) (err error) {
+	_, _, e1 := Syscall(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ptrace(request int, pid int, addr uintptr, data uintptr) (err error) {
+	_, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func reboot(magic1 uint, magic2 uint, cmd int, arg string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(arg)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_REBOOT, uintptr(magic1), uintptr(magic2), uintptr(cmd), uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mount(source string, target string, fstype string, flags uintptr, data *byte) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(source)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(target)
+	if err != nil {
+		return
+	}
+	var _p2 *byte
+	_p2, err = BytePtrFromString(fstype)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_MOUNT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(_p2)), uintptr(flags), uintptr(unsafe.Pointer(data)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Acct(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_ACCT, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func AddKey(keyType string, description string, payload []byte, ringid int) (id int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(keyType)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(description)
+	if err != nil {
+		return
+	}
+	var _p2 unsafe.Pointer
+	if len(payload) > 0 {
+		_p2 = unsafe.Pointer(&payload[0])
+	} else {
+		_p2 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_ADD_KEY, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(payload)), uintptr(ringid), 0)
+	id = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Adjtimex(buf *Timex) (state int, err error) {
+	r0, _, e1 := Syscall(SYS_ADJTIMEX, uintptr(unsafe.Pointer(buf)), 0, 0)
+	state = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Capget(hdr *CapUserHeader, data *CapUserData) (err error) {
+	_, _, e1 := RawSyscall(SYS_CAPGET, uintptr(unsafe.Pointer(hdr)), uintptr(unsafe.Pointer(data)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Capset(hdr *CapUserHeader, data *CapUserData) (err error) {
+	_, _, e1 := RawSyscall(SYS_CAPSET, uintptr(unsafe.Pointer(hdr)), uintptr(unsafe.Pointer(data)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chdir(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chroot(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHROOT, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ClockGetres(clockid int32, res *Timespec) (err error) {
+	_, _, e1 := Syscall(SYS_CLOCK_GETRES, uintptr(clockid), uintptr(unsafe.Pointer(res)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ClockGettime(clockid int32, time *Timespec) (err error) {
+	_, _, e1 := Syscall(SYS_CLOCK_GETTIME, uintptr(clockid), uintptr(unsafe.Pointer(time)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ClockNanosleep(clockid int32, flags int, request *Timespec, remain *Timespec) (err error) {
+	_, _, e1 := Syscall6(SYS_CLOCK_NANOSLEEP, uintptr(clockid), uintptr(flags), uintptr(unsafe.Pointer(request)), uintptr(unsafe.Pointer(remain)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Close(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func CopyFileRange(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_COPY_FILE_RANGE, uintptr(rfd), uintptr(unsafe.Pointer(roff)), uintptr(wfd), uintptr(unsafe.Pointer(woff)), uintptr(len), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func DeleteModule(name string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(name)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_DELETE_MODULE, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup(oldfd int) (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_DUP, uintptr(oldfd), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup3(oldfd int, newfd int, flags int) (err error) {
+	_, _, e1 := Syscall(SYS_DUP3, uintptr(oldfd), uintptr(newfd), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func EpollCreate1(flag int) (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_EPOLL_CREATE1, uintptr(flag), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func EpollCtl(epfd int, op int, fd int, event *EpollEvent) (err error) {
+	_, _, e1 := RawSyscall6(SYS_EPOLL_CTL, uintptr(epfd), uintptr(op), uintptr(fd), uintptr(unsafe.Pointer(event)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Eventfd(initval uint, flags int) (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_EVENTFD2, uintptr(initval), uintptr(flags), 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Exit(code int) {
+	SyscallNoError(SYS_EXIT_GROUP, uintptr(code), 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchdir(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHDIR, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmod(fd int, mode uint32) (err error) {
+	_, _, e1 := Syscall(SYS_FCHMOD, uintptr(fd), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fdatasync(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_FDATASYNC, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fgetxattr(fd int, attr string, dest []byte) (sz int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(dest) > 0 {
+		_p1 = unsafe.Pointer(&dest[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_FGETXATTR, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest)), 0, 0)
+	sz = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func FinitModule(fd int, params string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(params)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_FINIT_MODULE, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Flistxattr(fd int, dest []byte) (sz int, err error) {
+	var _p0 unsafe.Pointer
+	if len(dest) > 0 {
+		_p0 = unsafe.Pointer(&dest[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_FLISTXATTR, uintptr(fd), uintptr(_p0), uintptr(len(dest)))
+	sz = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Flock(fd int, how int) (err error) {
+	_, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fremovexattr(fd int, attr string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_FREMOVEXATTR, uintptr(fd), uintptr(unsafe.Pointer(_p0)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fsetxattr(fd int, attr string, dest []byte, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(dest) > 0 {
+		_p1 = unsafe.Pointer(&dest[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS_FSETXATTR, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fsync(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getdents(fd int, buf []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_GETDENTS64, uintptr(fd), uintptr(_p0), uintptr(len(buf)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgid(pid int) (pgid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETPGID, uintptr(pid), 0, 0)
+	pgid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpid() (pid int) {
+	r0, _ := RawSyscallNoError(SYS_GETPID, 0, 0, 0)
+	pid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getppid() (ppid int) {
+	r0, _ := RawSyscallNoError(SYS_GETPPID, 0, 0, 0)
+	ppid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpriority(which int, who int) (prio int, err error) {
+	r0, _, e1 := Syscall(SYS_GETPRIORITY, uintptr(which), uintptr(who), 0)
+	prio = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrandom(buf []byte, flags int) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_GETRANDOM, uintptr(_p0), uintptr(len(buf)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrusage(who int, rusage *Rusage) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getsid(pid int) (sid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETSID, uintptr(pid), 0, 0)
+	sid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Gettid() (tid int) {
+	r0, _ := RawSyscallNoError(SYS_GETTID, 0, 0, 0)
+	tid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getxattr(path string, attr string, dest []byte) (sz int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	var _p2 unsafe.Pointer
+	if len(dest) > 0 {
+		_p2 = unsafe.Pointer(&dest[0])
+	} else {
+		_p2 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_GETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(dest)), 0, 0)
+	sz = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func InitModule(moduleImage []byte, params string) (err error) {
+	var _p0 unsafe.Pointer
+	if len(moduleImage) > 0 {
+		_p0 = unsafe.Pointer(&moduleImage[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(params)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_INIT_MODULE, uintptr(_p0), uintptr(len(moduleImage)), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func InotifyAddWatch(fd int, pathname string, mask uint32) (watchdesc int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(pathname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall(SYS_INOTIFY_ADD_WATCH, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(mask))
+	watchdesc = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func InotifyInit1(flags int) (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_INOTIFY_INIT1, uintptr(flags), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func InotifyRmWatch(fd int, watchdesc uint32) (success int, err error) {
+	r0, _, e1 := RawSyscall(SYS_INOTIFY_RM_WATCH, uintptr(fd), uintptr(watchdesc), 0)
+	success = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Kill(pid int, sig syscall.Signal) (err error) {
+	_, _, e1 := RawSyscall(SYS_KILL, uintptr(pid), uintptr(sig), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Klogctl(typ int, buf []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_SYSLOG, uintptr(typ), uintptr(_p0), uintptr(len(buf)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lgetxattr(path string, attr string, dest []byte) (sz int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	var _p2 unsafe.Pointer
+	if len(dest) > 0 {
+		_p2 = unsafe.Pointer(&dest[0])
+	} else {
+		_p2 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_LGETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(dest)), 0, 0)
+	sz = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Listxattr(path string, dest []byte) (sz int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(dest) > 0 {
+		_p1 = unsafe.Pointer(&dest[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_LISTXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest)))
+	sz = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Llistxattr(path string, dest []byte) (sz int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(dest) > 0 {
+		_p1 = unsafe.Pointer(&dest[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_LLISTXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest)))
+	sz = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lremovexattr(path string, attr string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LREMOVEXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lsetxattr(path string, attr string, data []byte, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	var _p2 unsafe.Pointer
+	if len(data) > 0 {
+		_p2 = unsafe.Pointer(&data[0])
+	} else {
+		_p2 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS_LSETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(data)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func MemfdCreate(name string, flags int) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(name)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall(SYS_MEMFD_CREATE, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdirat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_MKNODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
+	_, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func PerfEventOpen(attr *PerfEventAttr, pid int, cpu int, groupFd int, flags int) (fd int, err error) {
+	r0, _, e1 := Syscall6(SYS_PERF_EVENT_OPEN, uintptr(unsafe.Pointer(attr)), uintptr(pid), uintptr(cpu), uintptr(groupFd), uintptr(flags), 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func PivotRoot(newroot string, putold string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(newroot)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(putold)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_PIVOT_ROOT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func prlimit(pid int, resource int, newlimit *Rlimit, old *Rlimit) (err error) {
+	_, _, e1 := RawSyscall6(SYS_PRLIMIT64, uintptr(pid), uintptr(resource), uintptr(unsafe.Pointer(newlimit)), uintptr(unsafe.Pointer(old)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Prctl(option int, arg2 uintptr, arg3 uintptr, arg4 uintptr, arg5 uintptr) (err error) {
+	_, _, e1 := Syscall6(SYS_PRCTL, uintptr(option), uintptr(arg2), uintptr(arg3), uintptr(arg4), uintptr(arg5), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pselect(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_PSELECT6, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func read(fd int, p []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Removexattr(path string, attr string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_REMOVEXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Renameat2(olddirfd int, oldpath string, newdirfd int, newpath string, flags uint) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_RENAMEAT2, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func RequestKey(keyType string, description string, callback string, destRingid int) (id int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(keyType)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(description)
+	if err != nil {
+		return
+	}
+	var _p2 *byte
+	_p2, err = BytePtrFromString(callback)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_REQUEST_KEY, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(_p2)), uintptr(destRingid), 0, 0)
+	id = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setdomainname(p []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_SETDOMAINNAME, uintptr(_p0), uintptr(len(p)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Sethostname(p []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_SETHOSTNAME, uintptr(_p0), uintptr(len(p)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpgid(pid int, pgid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETPGID, uintptr(pid), uintptr(pgid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setsid() (pid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0)
+	pid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Settimeofday(tv *Timeval) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setns(fd int, nstype int) (err error) {
+	_, _, e1 := Syscall(SYS_SETNS, uintptr(fd), uintptr(nstype), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpriority(which int, who int, prio int) (err error) {
+	_, _, e1 := Syscall(SYS_SETPRIORITY, uintptr(which), uintptr(who), uintptr(prio))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setxattr(path string, attr string, data []byte, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	var _p2 unsafe.Pointer
+	if len(data) > 0 {
+		_p2 = unsafe.Pointer(&data[0])
+	} else {
+		_p2 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS_SETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(data)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func signalfd(fd int, sigmask *Sigset_t, maskSize uintptr, flags int) (newfd int, err error) {
+	r0, _, e1 := Syscall6(SYS_SIGNALFD4, uintptr(fd), uintptr(unsafe.Pointer(sigmask)), uintptr(maskSize), uintptr(flags), 0, 0)
+	newfd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Statx(dirfd int, path string, flags int, mask int, stat *Statx_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_STATX, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags), uintptr(mask), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Sync() {
+	SyscallNoError(SYS_SYNC, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Syncfs(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_SYNCFS, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Sysinfo(info *Sysinfo_t) (err error) {
+	_, _, e1 := RawSyscall(SYS_SYSINFO, uintptr(unsafe.Pointer(info)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func TimerfdCreate(clockid int, flags int) (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_TIMERFD_CREATE, uintptr(clockid), uintptr(flags), 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func TimerfdGettime(fd int, currValue *ItimerSpec) (err error) {
+	_, _, e1 := RawSyscall(SYS_TIMERFD_GETTIME, uintptr(fd), uintptr(unsafe.Pointer(currValue)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func TimerfdSettime(fd int, flags int, newValue *ItimerSpec, oldValue *ItimerSpec) (err error) {
+	_, _, e1 := RawSyscall6(SYS_TIMERFD_SETTIME, uintptr(fd), uintptr(flags), uintptr(unsafe.Pointer(newValue)), uintptr(unsafe.Pointer(oldValue)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Tgkill(tgid int, tid int, sig syscall.Signal) (err error) {
+	_, _, e1 := RawSyscall(SYS_TGKILL, uintptr(tgid), uintptr(tid), uintptr(sig))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Times(tms *Tms) (ticks uintptr, err error) {
+	r0, _, e1 := RawSyscall(SYS_TIMES, uintptr(unsafe.Pointer(tms)), 0, 0)
+	ticks = uintptr(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Umask(mask int) (oldmask int) {
+	r0, _ := RawSyscallNoError(SYS_UMASK, uintptr(mask), 0, 0)
+	oldmask = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Uname(buf *Utsname) (err error) {
+	_, _, e1 := RawSyscall(SYS_UNAME, uintptr(unsafe.Pointer(buf)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unmount(target string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(target)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UMOUNT2, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unshare(flags int) (err error) {
+	_, _, e1 := Syscall(SYS_UNSHARE, uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func write(fd int, p []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func exitThread(code int) (err error) {
+	_, _, e1 := Syscall(SYS_EXIT, uintptr(code), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func readlen(fd int, p *byte, np int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(p)), uintptr(np))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func writelen(fd int, p *byte, np int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(p)), uintptr(np))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func readv(fd int, iovs []Iovec) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(iovs) > 0 {
+		_p0 = unsafe.Pointer(&iovs[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_READV, uintptr(fd), uintptr(_p0), uintptr(len(iovs)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func writev(fd int, iovs []Iovec) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(iovs) > 0 {
+		_p0 = unsafe.Pointer(&iovs[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_WRITEV, uintptr(fd), uintptr(_p0), uintptr(len(iovs)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func preadv(fd int, iovs []Iovec, offs_l uintptr, offs_h uintptr) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(iovs) > 0 {
+		_p0 = unsafe.Pointer(&iovs[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PREADV, uintptr(fd), uintptr(_p0), uintptr(len(iovs)), uintptr(offs_l), uintptr(offs_h), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pwritev(fd int, iovs []Iovec, offs_l uintptr, offs_h uintptr) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(iovs) > 0 {
+		_p0 = unsafe.Pointer(&iovs[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PWRITEV, uintptr(fd), uintptr(_p0), uintptr(len(iovs)), uintptr(offs_l), uintptr(offs_h), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func preadv2(fd int, iovs []Iovec, offs_l uintptr, offs_h uintptr, flags int) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(iovs) > 0 {
+		_p0 = unsafe.Pointer(&iovs[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PREADV2, uintptr(fd), uintptr(_p0), uintptr(len(iovs)), uintptr(offs_l), uintptr(offs_h), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pwritev2(fd int, iovs []Iovec, offs_l uintptr, offs_h uintptr, flags int) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(iovs) > 0 {
+		_p0 = unsafe.Pointer(&iovs[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PWRITEV2, uintptr(fd), uintptr(_p0), uintptr(len(iovs)), uintptr(offs_l), uintptr(offs_h), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func munmap(addr uintptr, length uintptr) (err error) {
+	_, _, e1 := Syscall(SYS_MUNMAP, uintptr(addr), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Madvise(b []byte, advice int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MADVISE, uintptr(_p0), uintptr(len(b)), uintptr(advice))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mprotect(b []byte, prot int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MPROTECT, uintptr(_p0), uintptr(len(b)), uintptr(prot))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlock(b []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MLOCK, uintptr(_p0), uintptr(len(b)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlockall(flags int) (err error) {
+	_, _, e1 := Syscall(SYS_MLOCKALL, uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Msync(b []byte, flags int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MSYNC, uintptr(_p0), uintptr(len(b)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlock(b []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MUNLOCK, uintptr(_p0), uintptr(len(b)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlockall() (err error) {
+	_, _, e1 := Syscall(SYS_MUNLOCKALL, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func faccessat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_FACCESSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Faccessat2(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FACCESSAT2, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func nameToHandleAt(dirFD int, pathname string, fh *fileHandle, mountID *_C_int, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(pathname)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_NAME_TO_HANDLE_AT, uintptr(dirFD), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(fh)), uintptr(unsafe.Pointer(mountID)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func openByHandleAt(mountFD int, fh *fileHandle, flags int) (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_OPEN_BY_HANDLE_AT, uintptr(mountFD), uintptr(unsafe.Pointer(fh)), uintptr(flags))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ProcessVMReadv(pid int, localIov []Iovec, remoteIov []RemoteIovec, flags uint) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(localIov) > 0 {
+		_p0 = unsafe.Pointer(&localIov[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	var _p1 unsafe.Pointer
+	if len(remoteIov) > 0 {
+		_p1 = unsafe.Pointer(&remoteIov[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PROCESS_VM_READV, uintptr(pid), uintptr(_p0), uintptr(len(localIov)), uintptr(_p1), uintptr(len(remoteIov)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ProcessVMWritev(pid int, localIov []Iovec, remoteIov []RemoteIovec, flags uint) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(localIov) > 0 {
+		_p0 = unsafe.Pointer(&localIov[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	var _p1 unsafe.Pointer
+	if len(remoteIov) > 0 {
+		_p1 = unsafe.Pointer(&remoteIov[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PROCESS_VM_WRITEV, uintptr(pid), uintptr(_p0), uintptr(len(localIov)), uintptr(_p1), uintptr(len(remoteIov)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pipe2(p *[2]_C_int, flags int) (err error) {
+	_, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go
new file mode 100644
index 000000000..19ebd3ff7
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go
@@ -0,0 +1,578 @@
+// go run mksyscall.go -l32 -tags linux,386 syscall_linux.go syscall_linux_386.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build linux,386
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+var _ syscall.Errno
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fanotifyMark(fd int, flags uint, mask uint64, dirFd int, pathname *byte) (err error) {
+	_, _, e1 := Syscall6(SYS_FANOTIFY_MARK, uintptr(fd), uintptr(flags), uintptr(mask), uintptr(mask>>32), uintptr(dirFd), uintptr(unsafe.Pointer(pathname)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fallocate(fd int, mode uint32, off int64, len int64) (err error) {
+	_, _, e1 := Syscall6(SYS_FALLOCATE, uintptr(fd), uintptr(mode), uintptr(off), uintptr(off>>32), uintptr(len), uintptr(len>>32))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Tee(rfd int, wfd int, len int, flags int) (n int64, err error) {
+	r0, r1, e1 := Syscall6(SYS_TEE, uintptr(rfd), uintptr(wfd), uintptr(len), uintptr(flags), 0, 0)
+	n = int64(int64(r1)<<32 | int64(r0))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pipe(p *[2]_C_int) (err error) {
+	_, _, e1 := RawSyscall(SYS_PIPE, uintptr(unsafe.Pointer(p)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func dup2(oldfd int, newfd int) (err error) {
+	_, _, e1 := Syscall(SYS_DUP2, uintptr(oldfd), uintptr(newfd), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func EpollCreate(size int) (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_EPOLL_CREATE, uintptr(size), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(events) > 0 {
+		_p0 = unsafe.Pointer(&events[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_EPOLL_WAIT, uintptr(epfd), uintptr(_p0), uintptr(len(events)), uintptr(msec), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fadvise(fd int, offset int64, length int64, advice int) (err error) {
+	_, _, e1 := Syscall6(SYS_FADVISE64_64, uintptr(fd), uintptr(offset), uintptr(offset>>32), uintptr(length), uintptr(length>>32), uintptr(advice))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchown(fd int, uid int, gid int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHOWN32, uintptr(fd), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstat(fd int, stat *Stat_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTAT64, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatat(dirfd int, path string, stat *Stat_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FSTATAT64, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ftruncate(fd int, length int64) (err error) {
+	_, _, e1 := Syscall(SYS_FTRUNCATE64, uintptr(fd), uintptr(length), uintptr(length>>32))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getegid() (egid int) {
+	r0, _ := RawSyscallNoError(SYS_GETEGID32, 0, 0, 0)
+	egid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Geteuid() (euid int) {
+	r0, _ := RawSyscallNoError(SYS_GETEUID32, 0, 0, 0)
+	euid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getgid() (gid int) {
+	r0, _ := RawSyscallNoError(SYS_GETGID32, 0, 0, 0)
+	gid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getuid() (uid int) {
+	r0, _ := RawSyscallNoError(SYS_GETUID32, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func InotifyInit() (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_INOTIFY_INIT, 0, 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ioperm(from int, num int, on int) (err error) {
+	_, _, e1 := Syscall(SYS_IOPERM, uintptr(from), uintptr(num), uintptr(on))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Iopl(level int) (err error) {
+	_, _, e1 := Syscall(SYS_IOPL, uintptr(level), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lchown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LCHOWN32, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lstat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LSTAT64, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pread(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PREAD64, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), uintptr(offset>>32), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PWRITE64, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), uintptr(offset>>32), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
+	r0, _, e1 := Syscall6(SYS_SENDFILE64, uintptr(outfd), uintptr(infd), uintptr(unsafe.Pointer(offset)), uintptr(count), 0, 0)
+	written = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setfsgid(gid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSGID32, uintptr(gid), 0, 0)
+	prev = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setfsuid(uid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSUID32, uintptr(uid), 0, 0)
+	prev = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setregid(rgid int, egid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREGID32, uintptr(rgid), uintptr(egid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresgid(rgid int, egid int, sgid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESGID32, uintptr(rgid), uintptr(egid), uintptr(sgid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresuid(ruid int, euid int, suid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESUID32, uintptr(ruid), uintptr(euid), uintptr(suid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setreuid(ruid int, euid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREUID32, uintptr(ruid), uintptr(euid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_SPLICE, uintptr(rfd), uintptr(unsafe.Pointer(roff)), uintptr(wfd), uintptr(unsafe.Pointer(woff)), uintptr(len), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Stat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STAT64, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func SyncFileRange(fd int, off int64, n int64, flags int) (err error) {
+	_, _, e1 := Syscall6(SYS_SYNC_FILE_RANGE, uintptr(fd), uintptr(off), uintptr(off>>32), uintptr(n), uintptr(n>>32), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Truncate(path string, length int64) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_TRUNCATE64, uintptr(unsafe.Pointer(_p0)), uintptr(length), uintptr(length>>32))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ustat(dev int, ubuf *Ustat_t) (err error) {
+	_, _, e1 := Syscall(SYS_USTAT, uintptr(dev), uintptr(unsafe.Pointer(ubuf)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getgroups(n int, list *_Gid_t) (nn int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETGROUPS32, uintptr(n), uintptr(unsafe.Pointer(list)), 0)
+	nn = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setgroups(n int, list *_Gid_t) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETGROUPS32, uintptr(n), uintptr(unsafe.Pointer(list)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS__NEWSELECT, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mmap2(addr uintptr, length uintptr, prot int, flags int, fd int, pageOffset uintptr) (xaddr uintptr, err error) {
+	r0, _, e1 := Syscall6(SYS_MMAP2, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flags), uintptr(fd), uintptr(pageOffset))
+	xaddr = uintptr(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pause() (err error) {
+	_, _, e1 := Syscall(SYS_PAUSE, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getrlimit(resource int, rlim *rlimit32) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setrlimit(resource int, rlim *rlimit32) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func futimesat(dirfd int, path string, times *[2]Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_FUTIMESAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Gettimeofday(tv *Timeval) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Time(t *Time_t) (tt Time_t, err error) {
+	r0, _, e1 := RawSyscall(SYS_TIME, uintptr(unsafe.Pointer(t)), 0, 0)
+	tt = Time_t(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Utime(path string, buf *Utimbuf) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UTIME, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(buf)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimes(path string, times *[2]Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UTIMES, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go
new file mode 100644
index 000000000..5c562182a
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go
@@ -0,0 +1,745 @@
+// go run mksyscall.go -tags linux,amd64 syscall_linux.go syscall_linux_amd64.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build linux,amd64
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+var _ syscall.Errno
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fanotifyMark(fd int, flags uint, mask uint64, dirFd int, pathname *byte) (err error) {
+	_, _, e1 := Syscall6(SYS_FANOTIFY_MARK, uintptr(fd), uintptr(flags), uintptr(mask), uintptr(dirFd), uintptr(unsafe.Pointer(pathname)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fallocate(fd int, mode uint32, off int64, len int64) (err error) {
+	_, _, e1 := Syscall6(SYS_FALLOCATE, uintptr(fd), uintptr(mode), uintptr(off), uintptr(len), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Tee(rfd int, wfd int, len int, flags int) (n int64, err error) {
+	r0, _, e1 := Syscall6(SYS_TEE, uintptr(rfd), uintptr(wfd), uintptr(len), uintptr(flags), 0, 0)
+	n = int64(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func dup2(oldfd int, newfd int) (err error) {
+	_, _, e1 := Syscall(SYS_DUP2, uintptr(oldfd), uintptr(newfd), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func EpollCreate(size int) (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_EPOLL_CREATE, uintptr(size), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(events) > 0 {
+		_p0 = unsafe.Pointer(&events[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_EPOLL_WAIT, uintptr(epfd), uintptr(_p0), uintptr(len(events)), uintptr(msec), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fadvise(fd int, offset int64, length int64, advice int) (err error) {
+	_, _, e1 := Syscall6(SYS_FADVISE64, uintptr(fd), uintptr(offset), uintptr(length), uintptr(advice), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchown(fd int, uid int, gid int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstat(fd int, stat *Stat_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatat(dirfd int, path string, stat *Stat_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_NEWFSTATAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatfs(fd int, buf *Statfs_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTATFS, uintptr(fd), uintptr(unsafe.Pointer(buf)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ftruncate(fd int, length int64) (err error) {
+	_, _, e1 := Syscall(SYS_FTRUNCATE, uintptr(fd), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getegid() (egid int) {
+	r0, _ := RawSyscallNoError(SYS_GETEGID, 0, 0, 0)
+	egid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Geteuid() (euid int) {
+	r0, _ := RawSyscallNoError(SYS_GETEUID, 0, 0, 0)
+	euid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getgid() (gid int) {
+	r0, _ := RawSyscallNoError(SYS_GETGID, 0, 0, 0)
+	gid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrlimit(resource int, rlim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getuid() (uid int) {
+	r0, _ := RawSyscallNoError(SYS_GETUID, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func inotifyInit() (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_INOTIFY_INIT, 0, 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ioperm(from int, num int, on int) (err error) {
+	_, _, e1 := Syscall(SYS_IOPERM, uintptr(from), uintptr(num), uintptr(on))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Iopl(level int) (err error) {
+	_, _, e1 := Syscall(SYS_IOPL, uintptr(level), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lchown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LCHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Listen(s int, n int) (err error) {
+	_, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(n), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pause() (err error) {
+	_, _, e1 := Syscall(SYS_PAUSE, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pread(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PREAD64, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PWRITE64, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seek(fd int, offset int64, whence int) (off int64, err error) {
+	r0, _, e1 := Syscall(SYS_LSEEK, uintptr(fd), uintptr(offset), uintptr(whence))
+	off = int64(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
+	r0, _, e1 := Syscall6(SYS_SENDFILE, uintptr(outfd), uintptr(infd), uintptr(unsafe.Pointer(offset)), uintptr(count), 0, 0)
+	written = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setfsgid(gid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSGID, uintptr(gid), 0, 0)
+	prev = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setfsuid(uid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSUID, uintptr(uid), 0, 0)
+	prev = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setregid(rgid int, egid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresgid(rgid int, egid int, sgid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresuid(ruid int, euid int, suid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setrlimit(resource int, rlim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setreuid(ruid int, euid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Shutdown(fd int, how int) (err error) {
+	_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error) {
+	r0, _, e1 := Syscall6(SYS_SPLICE, uintptr(rfd), uintptr(unsafe.Pointer(roff)), uintptr(wfd), uintptr(unsafe.Pointer(woff)), uintptr(len), uintptr(flags))
+	n = int64(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Statfs(path string, buf *Statfs_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STATFS, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(buf)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func SyncFileRange(fd int, off int64, n int64, flags int) (err error) {
+	_, _, e1 := Syscall6(SYS_SYNC_FILE_RANGE, uintptr(fd), uintptr(off), uintptr(n), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Truncate(path string, length int64) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_TRUNCATE, uintptr(unsafe.Pointer(_p0)), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ustat(dev int, ubuf *Ustat_t) (err error) {
+	_, _, e1 := Syscall(SYS_USTAT, uintptr(dev), uintptr(unsafe.Pointer(ubuf)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) {
+	r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_BIND, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_CONNECT, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getgroups(n int, list *_Gid_t) (nn int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETGROUPS, uintptr(n), uintptr(unsafe.Pointer(list)), 0)
+	nn = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setgroups(n int, list *_Gid_t) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETGROUPS, uintptr(n), uintptr(unsafe.Pointer(list)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
+	_, _, e1 := Syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
+	_, _, e1 := Syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socket(domain int, typ int, proto int) (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
+	_, _, e1 := RawSyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_RECVFROM, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS_SENDTO, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_RECVMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_SENDMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mmap(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (xaddr uintptr, err error) {
+	r0, _, e1 := Syscall6(SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flags), uintptr(fd), uintptr(offset))
+	xaddr = uintptr(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func futimesat(dirfd int, path string, times *[2]Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_FUTIMESAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Utime(path string, buf *Utimbuf) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UTIME, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(buf)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimes(path string, times *[2]Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UTIMES, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pipe(p *[2]_C_int) (err error) {
+	_, _, e1 := RawSyscall(SYS_PIPE, uintptr(unsafe.Pointer(p)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func kexecFileLoad(kernelFd int, initrdFd int, cmdlineLen int, cmdline string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(cmdline)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_KEXEC_FILE_LOAD, uintptr(kernelFd), uintptr(initrdFd), uintptr(cmdlineLen), uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go
new file mode 100644
index 000000000..dc69d99c6
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go
@@ -0,0 +1,715 @@
+// go run mksyscall.go -l32 -arm -tags linux,arm syscall_linux.go syscall_linux_arm.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build linux,arm
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+var _ syscall.Errno
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fanotifyMark(fd int, flags uint, mask uint64, dirFd int, pathname *byte) (err error) {
+	_, _, e1 := Syscall6(SYS_FANOTIFY_MARK, uintptr(fd), uintptr(flags), uintptr(mask), uintptr(mask>>32), uintptr(dirFd), uintptr(unsafe.Pointer(pathname)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fallocate(fd int, mode uint32, off int64, len int64) (err error) {
+	_, _, e1 := Syscall6(SYS_FALLOCATE, uintptr(fd), uintptr(mode), uintptr(off), uintptr(off>>32), uintptr(len), uintptr(len>>32))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Tee(rfd int, wfd int, len int, flags int) (n int64, err error) {
+	r0, r1, e1 := Syscall6(SYS_TEE, uintptr(rfd), uintptr(wfd), uintptr(len), uintptr(flags), 0, 0)
+	n = int64(int64(r1)<<32 | int64(r0))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pipe(p *[2]_C_int) (err error) {
+	_, _, e1 := RawSyscall(SYS_PIPE, uintptr(unsafe.Pointer(p)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) {
+	r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_BIND, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_CONNECT, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getgroups(n int, list *_Gid_t) (nn int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETGROUPS32, uintptr(n), uintptr(unsafe.Pointer(list)), 0)
+	nn = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setgroups(n int, list *_Gid_t) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETGROUPS32, uintptr(n), uintptr(unsafe.Pointer(list)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
+	_, _, e1 := Syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
+	_, _, e1 := Syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socket(domain int, typ int, proto int) (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_RECVFROM, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS_SENDTO, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socketpair(domain int, typ int, flags int, fd *[2]int32) (err error) {
+	_, _, e1 := RawSyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(flags), uintptr(unsafe.Pointer(fd)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_RECVMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_SENDMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func dup2(oldfd int, newfd int) (err error) {
+	_, _, e1 := Syscall(SYS_DUP2, uintptr(oldfd), uintptr(newfd), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func EpollCreate(size int) (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_EPOLL_CREATE, uintptr(size), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(events) > 0 {
+		_p0 = unsafe.Pointer(&events[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_EPOLL_WAIT, uintptr(epfd), uintptr(_p0), uintptr(len(events)), uintptr(msec), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchown(fd int, uid int, gid int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHOWN32, uintptr(fd), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstat(fd int, stat *Stat_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTAT64, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatat(dirfd int, path string, stat *Stat_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FSTATAT64, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getegid() (egid int) {
+	r0, _ := RawSyscallNoError(SYS_GETEGID32, 0, 0, 0)
+	egid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Geteuid() (euid int) {
+	r0, _ := RawSyscallNoError(SYS_GETEUID32, 0, 0, 0)
+	euid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getgid() (gid int) {
+	r0, _ := RawSyscallNoError(SYS_GETGID32, 0, 0, 0)
+	gid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getuid() (uid int) {
+	r0, _ := RawSyscallNoError(SYS_GETUID32, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func InotifyInit() (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_INOTIFY_INIT, 0, 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lchown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LCHOWN32, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Listen(s int, n int) (err error) {
+	_, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(n), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lstat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LSTAT64, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pause() (err error) {
+	_, _, e1 := Syscall(SYS_PAUSE, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
+	r0, _, e1 := Syscall6(SYS_SENDFILE64, uintptr(outfd), uintptr(infd), uintptr(unsafe.Pointer(offset)), uintptr(count), 0, 0)
+	written = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS__NEWSELECT, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setfsgid(gid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSGID32, uintptr(gid), 0, 0)
+	prev = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setfsuid(uid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSUID32, uintptr(uid), 0, 0)
+	prev = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setregid(rgid int, egid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREGID32, uintptr(rgid), uintptr(egid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresgid(rgid int, egid int, sgid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESGID32, uintptr(rgid), uintptr(egid), uintptr(sgid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresuid(ruid int, euid int, suid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESUID32, uintptr(ruid), uintptr(euid), uintptr(suid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setreuid(ruid int, euid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREUID32, uintptr(ruid), uintptr(euid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Shutdown(fd int, how int) (err error) {
+	_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_SPLICE, uintptr(rfd), uintptr(unsafe.Pointer(roff)), uintptr(wfd), uintptr(unsafe.Pointer(woff)), uintptr(len), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Stat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STAT64, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ustat(dev int, ubuf *Ustat_t) (err error) {
+	_, _, e1 := Syscall(SYS_USTAT, uintptr(dev), uintptr(unsafe.Pointer(ubuf)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func futimesat(dirfd int, path string, times *[2]Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_FUTIMESAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Gettimeofday(tv *Timeval) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimes(path string, times *[2]Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UTIMES, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pread(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PREAD64, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset), uintptr(offset>>32))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PWRITE64, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset), uintptr(offset>>32))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Truncate(path string, length int64) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_TRUNCATE64, uintptr(unsafe.Pointer(_p0)), 0, uintptr(length), uintptr(length>>32), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ftruncate(fd int, length int64) (err error) {
+	_, _, e1 := Syscall6(SYS_FTRUNCATE64, uintptr(fd), 0, uintptr(length), uintptr(length>>32), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mmap2(addr uintptr, length uintptr, prot int, flags int, fd int, pageOffset uintptr) (xaddr uintptr, err error) {
+	r0, _, e1 := Syscall6(SYS_MMAP2, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flags), uintptr(fd), uintptr(pageOffset))
+	xaddr = uintptr(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getrlimit(resource int, rlim *rlimit32) (err error) {
+	_, _, e1 := RawSyscall(SYS_UGETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setrlimit(resource int, rlim *rlimit32) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func armSyncFileRange(fd int, flags int, off int64, n int64) (err error) {
+	_, _, e1 := Syscall6(SYS_ARM_SYNC_FILE_RANGE, uintptr(fd), uintptr(flags), uintptr(off), uintptr(off>>32), uintptr(n), uintptr(n>>32))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func kexecFileLoad(kernelFd int, initrdFd int, cmdlineLen int, cmdline string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(cmdline)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_KEXEC_FILE_LOAD, uintptr(kernelFd), uintptr(initrdFd), uintptr(cmdlineLen), uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go
new file mode 100644
index 000000000..1b897dee0
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go
@@ -0,0 +1,602 @@
+// go run mksyscall.go -tags linux,arm64 syscall_linux.go syscall_linux_arm64.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build linux,arm64
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+var _ syscall.Errno
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fanotifyMark(fd int, flags uint, mask uint64, dirFd int, pathname *byte) (err error) {
+	_, _, e1 := Syscall6(SYS_FANOTIFY_MARK, uintptr(fd), uintptr(flags), uintptr(mask), uintptr(dirFd), uintptr(unsafe.Pointer(pathname)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fallocate(fd int, mode uint32, off int64, len int64) (err error) {
+	_, _, e1 := Syscall6(SYS_FALLOCATE, uintptr(fd), uintptr(mode), uintptr(off), uintptr(len), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Tee(rfd int, wfd int, len int, flags int) (n int64, err error) {
+	r0, _, e1 := Syscall6(SYS_TEE, uintptr(rfd), uintptr(wfd), uintptr(len), uintptr(flags), 0, 0)
+	n = int64(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(events) > 0 {
+		_p0 = unsafe.Pointer(&events[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_EPOLL_PWAIT, uintptr(epfd), uintptr(_p0), uintptr(len(events)), uintptr(msec), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fadvise(fd int, offset int64, length int64, advice int) (err error) {
+	_, _, e1 := Syscall6(SYS_FADVISE64, uintptr(fd), uintptr(offset), uintptr(length), uintptr(advice), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchown(fd int, uid int, gid int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstat(fd int, stat *Stat_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FSTATAT, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatfs(fd int, buf *Statfs_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTATFS, uintptr(fd), uintptr(unsafe.Pointer(buf)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ftruncate(fd int, length int64) (err error) {
+	_, _, e1 := Syscall(SYS_FTRUNCATE, uintptr(fd), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getegid() (egid int) {
+	r0, _ := RawSyscallNoError(SYS_GETEGID, 0, 0, 0)
+	egid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Geteuid() (euid int) {
+	r0, _ := RawSyscallNoError(SYS_GETEUID, 0, 0, 0)
+	euid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getgid() (gid int) {
+	r0, _ := RawSyscallNoError(SYS_GETGID, 0, 0, 0)
+	gid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getrlimit(resource int, rlim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getuid() (uid int) {
+	r0, _ := RawSyscallNoError(SYS_GETUID, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Listen(s int, n int) (err error) {
+	_, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(n), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pread(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PREAD64, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PWRITE64, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seek(fd int, offset int64, whence int) (off int64, err error) {
+	r0, _, e1 := Syscall(SYS_LSEEK, uintptr(fd), uintptr(offset), uintptr(whence))
+	off = int64(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
+	r0, _, e1 := Syscall6(SYS_SENDFILE, uintptr(outfd), uintptr(infd), uintptr(unsafe.Pointer(offset)), uintptr(count), 0, 0)
+	written = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setfsgid(gid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSGID, uintptr(gid), 0, 0)
+	prev = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setfsuid(uid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSUID, uintptr(uid), 0, 0)
+	prev = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setregid(rgid int, egid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresgid(rgid int, egid int, sgid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresuid(ruid int, euid int, suid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setrlimit(resource int, rlim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setreuid(ruid int, euid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Shutdown(fd int, how int) (err error) {
+	_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error) {
+	r0, _, e1 := Syscall6(SYS_SPLICE, uintptr(rfd), uintptr(unsafe.Pointer(roff)), uintptr(wfd), uintptr(unsafe.Pointer(woff)), uintptr(len), uintptr(flags))
+	n = int64(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Statfs(path string, buf *Statfs_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STATFS, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(buf)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func SyncFileRange(fd int, off int64, n int64, flags int) (err error) {
+	_, _, e1 := Syscall6(SYS_SYNC_FILE_RANGE, uintptr(fd), uintptr(off), uintptr(n), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Truncate(path string, length int64) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_TRUNCATE, uintptr(unsafe.Pointer(_p0)), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) {
+	r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_BIND, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_CONNECT, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getgroups(n int, list *_Gid_t) (nn int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETGROUPS, uintptr(n), uintptr(unsafe.Pointer(list)), 0)
+	nn = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setgroups(n int, list *_Gid_t) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETGROUPS, uintptr(n), uintptr(unsafe.Pointer(list)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
+	_, _, e1 := Syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
+	_, _, e1 := Syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socket(domain int, typ int, proto int) (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
+	_, _, e1 := RawSyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_RECVFROM, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS_SENDTO, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_RECVMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_SENDMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mmap(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (xaddr uintptr, err error) {
+	r0, _, e1 := Syscall6(SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flags), uintptr(fd), uintptr(offset))
+	xaddr = uintptr(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Gettimeofday(tv *Timeval) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func kexecFileLoad(kernelFd int, initrdFd int, cmdlineLen int, cmdline string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(cmdline)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_KEXEC_FILE_LOAD, uintptr(kernelFd), uintptr(initrdFd), uintptr(cmdlineLen), uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go
new file mode 100644
index 000000000..49186843a
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go
@@ -0,0 +1,758 @@
+// go run mksyscall.go -b32 -arm -tags linux,mips syscall_linux.go syscall_linux_mipsx.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build linux,mips
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+var _ syscall.Errno
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fanotifyMark(fd int, flags uint, mask uint64, dirFd int, pathname *byte) (err error) {
+	_, _, e1 := Syscall6(SYS_FANOTIFY_MARK, uintptr(fd), uintptr(flags), uintptr(mask>>32), uintptr(mask), uintptr(dirFd), uintptr(unsafe.Pointer(pathname)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fallocate(fd int, mode uint32, off int64, len int64) (err error) {
+	_, _, e1 := Syscall6(SYS_FALLOCATE, uintptr(fd), uintptr(mode), uintptr(off>>32), uintptr(off), uintptr(len>>32), uintptr(len))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Tee(rfd int, wfd int, len int, flags int) (n int64, err error) {
+	r0, r1, e1 := Syscall6(SYS_TEE, uintptr(rfd), uintptr(wfd), uintptr(len), uintptr(flags), 0, 0)
+	n = int64(int64(r0)<<32 | int64(r1))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func dup2(oldfd int, newfd int) (err error) {
+	_, _, e1 := Syscall(SYS_DUP2, uintptr(oldfd), uintptr(newfd), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func EpollCreate(size int) (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_EPOLL_CREATE, uintptr(size), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(events) > 0 {
+		_p0 = unsafe.Pointer(&events[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_EPOLL_WAIT, uintptr(epfd), uintptr(_p0), uintptr(len(events)), uintptr(msec), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fadvise(fd int, offset int64, length int64, advice int) (err error) {
+	_, _, e1 := Syscall9(SYS_FADVISE64, uintptr(fd), 0, uintptr(offset>>32), uintptr(offset), uintptr(length>>32), uintptr(length), uintptr(advice), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchown(fd int, uid int, gid int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ftruncate(fd int, length int64) (err error) {
+	_, _, e1 := Syscall6(SYS_FTRUNCATE64, uintptr(fd), 0, uintptr(length>>32), uintptr(length), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getegid() (egid int) {
+	r0, _ := RawSyscallNoError(SYS_GETEGID, 0, 0, 0)
+	egid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Geteuid() (euid int) {
+	r0, _ := RawSyscallNoError(SYS_GETEUID, 0, 0, 0)
+	euid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getgid() (gid int) {
+	r0, _ := RawSyscallNoError(SYS_GETGID, 0, 0, 0)
+	gid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getuid() (uid int) {
+	r0, _ := RawSyscallNoError(SYS_GETUID, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lchown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LCHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Listen(s int, n int) (err error) {
+	_, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(n), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pread(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PREAD64, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset>>32), uintptr(offset))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PWRITE64, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset>>32), uintptr(offset))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS__NEWSELECT, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
+	r0, _, e1 := Syscall6(SYS_SENDFILE64, uintptr(outfd), uintptr(infd), uintptr(unsafe.Pointer(offset)), uintptr(count), 0, 0)
+	written = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setfsgid(gid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSGID, uintptr(gid), 0, 0)
+	prev = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setfsuid(uid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSUID, uintptr(uid), 0, 0)
+	prev = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setregid(rgid int, egid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresgid(rgid int, egid int, sgid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresuid(ruid int, euid int, suid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setreuid(ruid int, euid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Shutdown(fd int, how int) (err error) {
+	_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_SPLICE, uintptr(rfd), uintptr(unsafe.Pointer(roff)), uintptr(wfd), uintptr(unsafe.Pointer(woff)), uintptr(len), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func SyncFileRange(fd int, off int64, n int64, flags int) (err error) {
+	_, _, e1 := Syscall9(SYS_SYNC_FILE_RANGE, uintptr(fd), 0, uintptr(off>>32), uintptr(off), uintptr(n>>32), uintptr(n), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Truncate(path string, length int64) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_TRUNCATE64, uintptr(unsafe.Pointer(_p0)), 0, uintptr(length>>32), uintptr(length), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ustat(dev int, ubuf *Ustat_t) (err error) {
+	_, _, e1 := Syscall(SYS_USTAT, uintptr(dev), uintptr(unsafe.Pointer(ubuf)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) {
+	r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_BIND, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_CONNECT, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getgroups(n int, list *_Gid_t) (nn int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETGROUPS, uintptr(n), uintptr(unsafe.Pointer(list)), 0)
+	nn = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setgroups(n int, list *_Gid_t) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETGROUPS, uintptr(n), uintptr(unsafe.Pointer(list)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
+	_, _, e1 := Syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
+	_, _, e1 := Syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socket(domain int, typ int, proto int) (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
+	_, _, e1 := RawSyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_RECVFROM, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS_SENDTO, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_RECVMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_SENDMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func InotifyInit() (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_INOTIFY_INIT, 0, 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ioperm(from int, num int, on int) (err error) {
+	_, _, e1 := Syscall(SYS_IOPERM, uintptr(from), uintptr(num), uintptr(on))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Iopl(level int) (err error) {
+	_, _, e1 := Syscall(SYS_IOPL, uintptr(level), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func futimesat(dirfd int, path string, times *[2]Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_FUTIMESAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Gettimeofday(tv *Timeval) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Time(t *Time_t) (tt Time_t, err error) {
+	r0, _, e1 := RawSyscall(SYS_TIME, uintptr(unsafe.Pointer(t)), 0, 0)
+	tt = Time_t(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Utime(path string, buf *Utimbuf) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UTIME, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(buf)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimes(path string, times *[2]Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UTIMES, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lstat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LSTAT64, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstat(fd int, stat *Stat_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTAT64, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatat(dirfd int, path string, stat *Stat_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FSTATAT64, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Stat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STAT64, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pause() (err error) {
+	_, _, e1 := Syscall(SYS_PAUSE, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pipe() (p1 int, p2 int, err error) {
+	r0, r1, e1 := RawSyscall(SYS_PIPE, 0, 0, 0)
+	p1 = int(r0)
+	p2 = int(r1)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mmap2(addr uintptr, length uintptr, prot int, flags int, fd int, pageOffset uintptr) (xaddr uintptr, err error) {
+	r0, _, e1 := Syscall6(SYS_MMAP2, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flags), uintptr(fd), uintptr(pageOffset))
+	xaddr = uintptr(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getrlimit(resource int, rlim *rlimit32) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setrlimit(resource int, rlim *rlimit32) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go
new file mode 100644
index 000000000..9171d3bd2
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go
@@ -0,0 +1,729 @@
+// go run mksyscall.go -tags linux,mips64 syscall_linux.go syscall_linux_mips64x.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build linux,mips64
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+var _ syscall.Errno
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fanotifyMark(fd int, flags uint, mask uint64, dirFd int, pathname *byte) (err error) {
+	_, _, e1 := Syscall6(SYS_FANOTIFY_MARK, uintptr(fd), uintptr(flags), uintptr(mask), uintptr(dirFd), uintptr(unsafe.Pointer(pathname)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fallocate(fd int, mode uint32, off int64, len int64) (err error) {
+	_, _, e1 := Syscall6(SYS_FALLOCATE, uintptr(fd), uintptr(mode), uintptr(off), uintptr(len), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Tee(rfd int, wfd int, len int, flags int) (n int64, err error) {
+	r0, _, e1 := Syscall6(SYS_TEE, uintptr(rfd), uintptr(wfd), uintptr(len), uintptr(flags), 0, 0)
+	n = int64(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func dup2(oldfd int, newfd int) (err error) {
+	_, _, e1 := Syscall(SYS_DUP2, uintptr(oldfd), uintptr(newfd), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func EpollCreate(size int) (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_EPOLL_CREATE, uintptr(size), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(events) > 0 {
+		_p0 = unsafe.Pointer(&events[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_EPOLL_WAIT, uintptr(epfd), uintptr(_p0), uintptr(len(events)), uintptr(msec), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fadvise(fd int, offset int64, length int64, advice int) (err error) {
+	_, _, e1 := Syscall6(SYS_FADVISE64, uintptr(fd), uintptr(offset), uintptr(length), uintptr(advice), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchown(fd int, uid int, gid int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatfs(fd int, buf *Statfs_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTATFS, uintptr(fd), uintptr(unsafe.Pointer(buf)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ftruncate(fd int, length int64) (err error) {
+	_, _, e1 := Syscall(SYS_FTRUNCATE, uintptr(fd), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getegid() (egid int) {
+	r0, _ := RawSyscallNoError(SYS_GETEGID, 0, 0, 0)
+	egid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Geteuid() (euid int) {
+	r0, _ := RawSyscallNoError(SYS_GETEUID, 0, 0, 0)
+	euid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getgid() (gid int) {
+	r0, _ := RawSyscallNoError(SYS_GETGID, 0, 0, 0)
+	gid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrlimit(resource int, rlim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getuid() (uid int) {
+	r0, _ := RawSyscallNoError(SYS_GETUID, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lchown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LCHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Listen(s int, n int) (err error) {
+	_, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(n), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pause() (err error) {
+	_, _, e1 := Syscall(SYS_PAUSE, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pread(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PREAD64, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PWRITE64, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seek(fd int, offset int64, whence int) (off int64, err error) {
+	r0, _, e1 := Syscall(SYS_LSEEK, uintptr(fd), uintptr(offset), uintptr(whence))
+	off = int64(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
+	r0, _, e1 := Syscall6(SYS_SENDFILE, uintptr(outfd), uintptr(infd), uintptr(unsafe.Pointer(offset)), uintptr(count), 0, 0)
+	written = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setfsgid(gid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSGID, uintptr(gid), 0, 0)
+	prev = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setfsuid(uid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSUID, uintptr(uid), 0, 0)
+	prev = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setregid(rgid int, egid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresgid(rgid int, egid int, sgid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresuid(ruid int, euid int, suid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setrlimit(resource int, rlim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setreuid(ruid int, euid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Shutdown(fd int, how int) (err error) {
+	_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error) {
+	r0, _, e1 := Syscall6(SYS_SPLICE, uintptr(rfd), uintptr(unsafe.Pointer(roff)), uintptr(wfd), uintptr(unsafe.Pointer(woff)), uintptr(len), uintptr(flags))
+	n = int64(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Statfs(path string, buf *Statfs_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STATFS, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(buf)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func SyncFileRange(fd int, off int64, n int64, flags int) (err error) {
+	_, _, e1 := Syscall6(SYS_SYNC_FILE_RANGE, uintptr(fd), uintptr(off), uintptr(n), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Truncate(path string, length int64) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_TRUNCATE, uintptr(unsafe.Pointer(_p0)), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ustat(dev int, ubuf *Ustat_t) (err error) {
+	_, _, e1 := Syscall(SYS_USTAT, uintptr(dev), uintptr(unsafe.Pointer(ubuf)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) {
+	r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_BIND, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_CONNECT, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getgroups(n int, list *_Gid_t) (nn int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETGROUPS, uintptr(n), uintptr(unsafe.Pointer(list)), 0)
+	nn = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setgroups(n int, list *_Gid_t) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETGROUPS, uintptr(n), uintptr(unsafe.Pointer(list)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
+	_, _, e1 := Syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
+	_, _, e1 := Syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socket(domain int, typ int, proto int) (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
+	_, _, e1 := RawSyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_RECVFROM, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS_SENDTO, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_RECVMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_SENDMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mmap(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (xaddr uintptr, err error) {
+	r0, _, e1 := Syscall6(SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flags), uintptr(fd), uintptr(offset))
+	xaddr = uintptr(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func futimesat(dirfd int, path string, times *[2]Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_FUTIMESAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Gettimeofday(tv *Timeval) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Utime(path string, buf *Utimbuf) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UTIME, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(buf)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimes(path string, times *[2]Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UTIMES, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fstat(fd int, st *stat_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(st)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fstatat(dirfd int, path string, st *stat_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_NEWFSTATAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(st)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func lstat(path string, st *stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LSTAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(st)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func stat(path string, st *stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(st)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go
new file mode 100644
index 000000000..82286f04f
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go
@@ -0,0 +1,729 @@
+// go run mksyscall.go -tags linux,mips64le syscall_linux.go syscall_linux_mips64x.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build linux,mips64le
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+var _ syscall.Errno
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fanotifyMark(fd int, flags uint, mask uint64, dirFd int, pathname *byte) (err error) {
+	_, _, e1 := Syscall6(SYS_FANOTIFY_MARK, uintptr(fd), uintptr(flags), uintptr(mask), uintptr(dirFd), uintptr(unsafe.Pointer(pathname)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fallocate(fd int, mode uint32, off int64, len int64) (err error) {
+	_, _, e1 := Syscall6(SYS_FALLOCATE, uintptr(fd), uintptr(mode), uintptr(off), uintptr(len), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Tee(rfd int, wfd int, len int, flags int) (n int64, err error) {
+	r0, _, e1 := Syscall6(SYS_TEE, uintptr(rfd), uintptr(wfd), uintptr(len), uintptr(flags), 0, 0)
+	n = int64(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func dup2(oldfd int, newfd int) (err error) {
+	_, _, e1 := Syscall(SYS_DUP2, uintptr(oldfd), uintptr(newfd), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func EpollCreate(size int) (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_EPOLL_CREATE, uintptr(size), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(events) > 0 {
+		_p0 = unsafe.Pointer(&events[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_EPOLL_WAIT, uintptr(epfd), uintptr(_p0), uintptr(len(events)), uintptr(msec), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fadvise(fd int, offset int64, length int64, advice int) (err error) {
+	_, _, e1 := Syscall6(SYS_FADVISE64, uintptr(fd), uintptr(offset), uintptr(length), uintptr(advice), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchown(fd int, uid int, gid int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatfs(fd int, buf *Statfs_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTATFS, uintptr(fd), uintptr(unsafe.Pointer(buf)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ftruncate(fd int, length int64) (err error) {
+	_, _, e1 := Syscall(SYS_FTRUNCATE, uintptr(fd), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getegid() (egid int) {
+	r0, _ := RawSyscallNoError(SYS_GETEGID, 0, 0, 0)
+	egid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Geteuid() (euid int) {
+	r0, _ := RawSyscallNoError(SYS_GETEUID, 0, 0, 0)
+	euid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getgid() (gid int) {
+	r0, _ := RawSyscallNoError(SYS_GETGID, 0, 0, 0)
+	gid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrlimit(resource int, rlim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getuid() (uid int) {
+	r0, _ := RawSyscallNoError(SYS_GETUID, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lchown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LCHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Listen(s int, n int) (err error) {
+	_, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(n), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pause() (err error) {
+	_, _, e1 := Syscall(SYS_PAUSE, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pread(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PREAD64, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PWRITE64, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seek(fd int, offset int64, whence int) (off int64, err error) {
+	r0, _, e1 := Syscall(SYS_LSEEK, uintptr(fd), uintptr(offset), uintptr(whence))
+	off = int64(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
+	r0, _, e1 := Syscall6(SYS_SENDFILE, uintptr(outfd), uintptr(infd), uintptr(unsafe.Pointer(offset)), uintptr(count), 0, 0)
+	written = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setfsgid(gid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSGID, uintptr(gid), 0, 0)
+	prev = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setfsuid(uid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSUID, uintptr(uid), 0, 0)
+	prev = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setregid(rgid int, egid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresgid(rgid int, egid int, sgid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresuid(ruid int, euid int, suid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setrlimit(resource int, rlim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setreuid(ruid int, euid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Shutdown(fd int, how int) (err error) {
+	_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error) {
+	r0, _, e1 := Syscall6(SYS_SPLICE, uintptr(rfd), uintptr(unsafe.Pointer(roff)), uintptr(wfd), uintptr(unsafe.Pointer(woff)), uintptr(len), uintptr(flags))
+	n = int64(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Statfs(path string, buf *Statfs_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STATFS, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(buf)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func SyncFileRange(fd int, off int64, n int64, flags int) (err error) {
+	_, _, e1 := Syscall6(SYS_SYNC_FILE_RANGE, uintptr(fd), uintptr(off), uintptr(n), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Truncate(path string, length int64) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_TRUNCATE, uintptr(unsafe.Pointer(_p0)), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ustat(dev int, ubuf *Ustat_t) (err error) {
+	_, _, e1 := Syscall(SYS_USTAT, uintptr(dev), uintptr(unsafe.Pointer(ubuf)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) {
+	r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_BIND, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_CONNECT, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getgroups(n int, list *_Gid_t) (nn int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETGROUPS, uintptr(n), uintptr(unsafe.Pointer(list)), 0)
+	nn = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setgroups(n int, list *_Gid_t) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETGROUPS, uintptr(n), uintptr(unsafe.Pointer(list)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
+	_, _, e1 := Syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
+	_, _, e1 := Syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socket(domain int, typ int, proto int) (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
+	_, _, e1 := RawSyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_RECVFROM, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS_SENDTO, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_RECVMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_SENDMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mmap(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (xaddr uintptr, err error) {
+	r0, _, e1 := Syscall6(SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flags), uintptr(fd), uintptr(offset))
+	xaddr = uintptr(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func futimesat(dirfd int, path string, times *[2]Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_FUTIMESAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Gettimeofday(tv *Timeval) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Utime(path string, buf *Utimbuf) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UTIME, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(buf)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimes(path string, times *[2]Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UTIMES, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fstat(fd int, st *stat_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(st)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fstatat(dirfd int, path string, st *stat_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_NEWFSTATAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(st)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func lstat(path string, st *stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LSTAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(st)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func stat(path string, st *stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(st)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go
new file mode 100644
index 000000000..15920621c
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go
@@ -0,0 +1,758 @@
+// go run mksyscall.go -l32 -arm -tags linux,mipsle syscall_linux.go syscall_linux_mipsx.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build linux,mipsle
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+var _ syscall.Errno
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fanotifyMark(fd int, flags uint, mask uint64, dirFd int, pathname *byte) (err error) {
+	_, _, e1 := Syscall6(SYS_FANOTIFY_MARK, uintptr(fd), uintptr(flags), uintptr(mask), uintptr(mask>>32), uintptr(dirFd), uintptr(unsafe.Pointer(pathname)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fallocate(fd int, mode uint32, off int64, len int64) (err error) {
+	_, _, e1 := Syscall6(SYS_FALLOCATE, uintptr(fd), uintptr(mode), uintptr(off), uintptr(off>>32), uintptr(len), uintptr(len>>32))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Tee(rfd int, wfd int, len int, flags int) (n int64, err error) {
+	r0, r1, e1 := Syscall6(SYS_TEE, uintptr(rfd), uintptr(wfd), uintptr(len), uintptr(flags), 0, 0)
+	n = int64(int64(r1)<<32 | int64(r0))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func dup2(oldfd int, newfd int) (err error) {
+	_, _, e1 := Syscall(SYS_DUP2, uintptr(oldfd), uintptr(newfd), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func EpollCreate(size int) (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_EPOLL_CREATE, uintptr(size), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(events) > 0 {
+		_p0 = unsafe.Pointer(&events[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_EPOLL_WAIT, uintptr(epfd), uintptr(_p0), uintptr(len(events)), uintptr(msec), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fadvise(fd int, offset int64, length int64, advice int) (err error) {
+	_, _, e1 := Syscall9(SYS_FADVISE64, uintptr(fd), 0, uintptr(offset), uintptr(offset>>32), uintptr(length), uintptr(length>>32), uintptr(advice), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchown(fd int, uid int, gid int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ftruncate(fd int, length int64) (err error) {
+	_, _, e1 := Syscall6(SYS_FTRUNCATE64, uintptr(fd), 0, uintptr(length), uintptr(length>>32), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getegid() (egid int) {
+	r0, _ := RawSyscallNoError(SYS_GETEGID, 0, 0, 0)
+	egid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Geteuid() (euid int) {
+	r0, _ := RawSyscallNoError(SYS_GETEUID, 0, 0, 0)
+	euid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getgid() (gid int) {
+	r0, _ := RawSyscallNoError(SYS_GETGID, 0, 0, 0)
+	gid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getuid() (uid int) {
+	r0, _ := RawSyscallNoError(SYS_GETUID, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lchown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LCHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Listen(s int, n int) (err error) {
+	_, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(n), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pread(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PREAD64, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset), uintptr(offset>>32))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PWRITE64, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset), uintptr(offset>>32))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS__NEWSELECT, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
+	r0, _, e1 := Syscall6(SYS_SENDFILE64, uintptr(outfd), uintptr(infd), uintptr(unsafe.Pointer(offset)), uintptr(count), 0, 0)
+	written = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setfsgid(gid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSGID, uintptr(gid), 0, 0)
+	prev = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setfsuid(uid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSUID, uintptr(uid), 0, 0)
+	prev = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setregid(rgid int, egid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresgid(rgid int, egid int, sgid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresuid(ruid int, euid int, suid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setreuid(ruid int, euid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Shutdown(fd int, how int) (err error) {
+	_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_SPLICE, uintptr(rfd), uintptr(unsafe.Pointer(roff)), uintptr(wfd), uintptr(unsafe.Pointer(woff)), uintptr(len), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func SyncFileRange(fd int, off int64, n int64, flags int) (err error) {
+	_, _, e1 := Syscall9(SYS_SYNC_FILE_RANGE, uintptr(fd), 0, uintptr(off), uintptr(off>>32), uintptr(n), uintptr(n>>32), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Truncate(path string, length int64) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_TRUNCATE64, uintptr(unsafe.Pointer(_p0)), 0, uintptr(length), uintptr(length>>32), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ustat(dev int, ubuf *Ustat_t) (err error) {
+	_, _, e1 := Syscall(SYS_USTAT, uintptr(dev), uintptr(unsafe.Pointer(ubuf)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) {
+	r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_BIND, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_CONNECT, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getgroups(n int, list *_Gid_t) (nn int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETGROUPS, uintptr(n), uintptr(unsafe.Pointer(list)), 0)
+	nn = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setgroups(n int, list *_Gid_t) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETGROUPS, uintptr(n), uintptr(unsafe.Pointer(list)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
+	_, _, e1 := Syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
+	_, _, e1 := Syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socket(domain int, typ int, proto int) (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
+	_, _, e1 := RawSyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_RECVFROM, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS_SENDTO, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_RECVMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_SENDMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func InotifyInit() (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_INOTIFY_INIT, 0, 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ioperm(from int, num int, on int) (err error) {
+	_, _, e1 := Syscall(SYS_IOPERM, uintptr(from), uintptr(num), uintptr(on))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Iopl(level int) (err error) {
+	_, _, e1 := Syscall(SYS_IOPL, uintptr(level), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func futimesat(dirfd int, path string, times *[2]Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_FUTIMESAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Gettimeofday(tv *Timeval) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Time(t *Time_t) (tt Time_t, err error) {
+	r0, _, e1 := RawSyscall(SYS_TIME, uintptr(unsafe.Pointer(t)), 0, 0)
+	tt = Time_t(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Utime(path string, buf *Utimbuf) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UTIME, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(buf)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimes(path string, times *[2]Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UTIMES, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lstat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LSTAT64, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstat(fd int, stat *Stat_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTAT64, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatat(dirfd int, path string, stat *Stat_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FSTATAT64, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Stat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STAT64, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pause() (err error) {
+	_, _, e1 := Syscall(SYS_PAUSE, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pipe() (p1 int, p2 int, err error) {
+	r0, r1, e1 := RawSyscall(SYS_PIPE, 0, 0, 0)
+	p1 = int(r0)
+	p2 = int(r1)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mmap2(addr uintptr, length uintptr, prot int, flags int, fd int, pageOffset uintptr) (xaddr uintptr, err error) {
+	r0, _, e1 := Syscall6(SYS_MMAP2, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flags), uintptr(fd), uintptr(pageOffset))
+	xaddr = uintptr(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getrlimit(resource int, rlim *rlimit32) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setrlimit(resource int, rlim *rlimit32) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go
new file mode 100644
index 000000000..73a42e2cc
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go
@@ -0,0 +1,807 @@
+// go run mksyscall.go -tags linux,ppc64 syscall_linux.go syscall_linux_ppc64x.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build linux,ppc64
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+var _ syscall.Errno
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fanotifyMark(fd int, flags uint, mask uint64, dirFd int, pathname *byte) (err error) {
+	_, _, e1 := Syscall6(SYS_FANOTIFY_MARK, uintptr(fd), uintptr(flags), uintptr(mask), uintptr(dirFd), uintptr(unsafe.Pointer(pathname)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fallocate(fd int, mode uint32, off int64, len int64) (err error) {
+	_, _, e1 := Syscall6(SYS_FALLOCATE, uintptr(fd), uintptr(mode), uintptr(off), uintptr(len), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Tee(rfd int, wfd int, len int, flags int) (n int64, err error) {
+	r0, _, e1 := Syscall6(SYS_TEE, uintptr(rfd), uintptr(wfd), uintptr(len), uintptr(flags), 0, 0)
+	n = int64(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func dup2(oldfd int, newfd int) (err error) {
+	_, _, e1 := Syscall(SYS_DUP2, uintptr(oldfd), uintptr(newfd), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func EpollCreate(size int) (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_EPOLL_CREATE, uintptr(size), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(events) > 0 {
+		_p0 = unsafe.Pointer(&events[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_EPOLL_WAIT, uintptr(epfd), uintptr(_p0), uintptr(len(events)), uintptr(msec), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fadvise(fd int, offset int64, length int64, advice int) (err error) {
+	_, _, e1 := Syscall6(SYS_FADVISE64, uintptr(fd), uintptr(offset), uintptr(length), uintptr(advice), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchown(fd int, uid int, gid int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstat(fd int, stat *Stat_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatat(dirfd int, path string, stat *Stat_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_NEWFSTATAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatfs(fd int, buf *Statfs_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTATFS, uintptr(fd), uintptr(unsafe.Pointer(buf)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ftruncate(fd int, length int64) (err error) {
+	_, _, e1 := Syscall(SYS_FTRUNCATE, uintptr(fd), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getegid() (egid int) {
+	r0, _ := RawSyscallNoError(SYS_GETEGID, 0, 0, 0)
+	egid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Geteuid() (euid int) {
+	r0, _ := RawSyscallNoError(SYS_GETEUID, 0, 0, 0)
+	euid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getgid() (gid int) {
+	r0, _ := RawSyscallNoError(SYS_GETGID, 0, 0, 0)
+	gid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrlimit(resource int, rlim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_UGETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getuid() (uid int) {
+	r0, _ := RawSyscallNoError(SYS_GETUID, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func InotifyInit() (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_INOTIFY_INIT, 0, 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ioperm(from int, num int, on int) (err error) {
+	_, _, e1 := Syscall(SYS_IOPERM, uintptr(from), uintptr(num), uintptr(on))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Iopl(level int) (err error) {
+	_, _, e1 := Syscall(SYS_IOPL, uintptr(level), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lchown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LCHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Listen(s int, n int) (err error) {
+	_, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(n), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lstat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LSTAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pause() (err error) {
+	_, _, e1 := Syscall(SYS_PAUSE, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pread(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PREAD64, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PWRITE64, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seek(fd int, offset int64, whence int) (off int64, err error) {
+	r0, _, e1 := Syscall(SYS_LSEEK, uintptr(fd), uintptr(offset), uintptr(whence))
+	off = int64(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS__NEWSELECT, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
+	r0, _, e1 := Syscall6(SYS_SENDFILE, uintptr(outfd), uintptr(infd), uintptr(unsafe.Pointer(offset)), uintptr(count), 0, 0)
+	written = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setfsgid(gid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSGID, uintptr(gid), 0, 0)
+	prev = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setfsuid(uid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSUID, uintptr(uid), 0, 0)
+	prev = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setregid(rgid int, egid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresgid(rgid int, egid int, sgid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresuid(ruid int, euid int, suid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setrlimit(resource int, rlim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setreuid(ruid int, euid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Shutdown(fd int, how int) (err error) {
+	_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error) {
+	r0, _, e1 := Syscall6(SYS_SPLICE, uintptr(rfd), uintptr(unsafe.Pointer(roff)), uintptr(wfd), uintptr(unsafe.Pointer(woff)), uintptr(len), uintptr(flags))
+	n = int64(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Stat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Statfs(path string, buf *Statfs_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STATFS, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(buf)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Truncate(path string, length int64) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_TRUNCATE, uintptr(unsafe.Pointer(_p0)), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ustat(dev int, ubuf *Ustat_t) (err error) {
+	_, _, e1 := Syscall(SYS_USTAT, uintptr(dev), uintptr(unsafe.Pointer(ubuf)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) {
+	r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_BIND, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_CONNECT, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getgroups(n int, list *_Gid_t) (nn int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETGROUPS, uintptr(n), uintptr(unsafe.Pointer(list)), 0)
+	nn = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setgroups(n int, list *_Gid_t) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETGROUPS, uintptr(n), uintptr(unsafe.Pointer(list)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
+	_, _, e1 := Syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
+	_, _, e1 := Syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socket(domain int, typ int, proto int) (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
+	_, _, e1 := RawSyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_RECVFROM, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS_SENDTO, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_RECVMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_SENDMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mmap(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (xaddr uintptr, err error) {
+	r0, _, e1 := Syscall6(SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flags), uintptr(fd), uintptr(offset))
+	xaddr = uintptr(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func futimesat(dirfd int, path string, times *[2]Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_FUTIMESAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Gettimeofday(tv *Timeval) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Time(t *Time_t) (tt Time_t, err error) {
+	r0, _, e1 := RawSyscall(SYS_TIME, uintptr(unsafe.Pointer(t)), 0, 0)
+	tt = Time_t(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Utime(path string, buf *Utimbuf) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UTIME, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(buf)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimes(path string, times *[2]Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UTIMES, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pipe(p *[2]_C_int) (err error) {
+	_, _, e1 := RawSyscall(SYS_PIPE, uintptr(unsafe.Pointer(p)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func syncFileRange2(fd int, flags int, off int64, n int64) (err error) {
+	_, _, e1 := Syscall6(SYS_SYNC_FILE_RANGE2, uintptr(fd), uintptr(flags), uintptr(off), uintptr(n), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func kexecFileLoad(kernelFd int, initrdFd int, cmdlineLen int, cmdline string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(cmdline)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_KEXEC_FILE_LOAD, uintptr(kernelFd), uintptr(initrdFd), uintptr(cmdlineLen), uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go
new file mode 100644
index 000000000..6b8559536
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go
@@ -0,0 +1,807 @@
+// go run mksyscall.go -tags linux,ppc64le syscall_linux.go syscall_linux_ppc64x.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build linux,ppc64le
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+var _ syscall.Errno
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fanotifyMark(fd int, flags uint, mask uint64, dirFd int, pathname *byte) (err error) {
+	_, _, e1 := Syscall6(SYS_FANOTIFY_MARK, uintptr(fd), uintptr(flags), uintptr(mask), uintptr(dirFd), uintptr(unsafe.Pointer(pathname)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fallocate(fd int, mode uint32, off int64, len int64) (err error) {
+	_, _, e1 := Syscall6(SYS_FALLOCATE, uintptr(fd), uintptr(mode), uintptr(off), uintptr(len), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Tee(rfd int, wfd int, len int, flags int) (n int64, err error) {
+	r0, _, e1 := Syscall6(SYS_TEE, uintptr(rfd), uintptr(wfd), uintptr(len), uintptr(flags), 0, 0)
+	n = int64(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func dup2(oldfd int, newfd int) (err error) {
+	_, _, e1 := Syscall(SYS_DUP2, uintptr(oldfd), uintptr(newfd), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func EpollCreate(size int) (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_EPOLL_CREATE, uintptr(size), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(events) > 0 {
+		_p0 = unsafe.Pointer(&events[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_EPOLL_WAIT, uintptr(epfd), uintptr(_p0), uintptr(len(events)), uintptr(msec), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fadvise(fd int, offset int64, length int64, advice int) (err error) {
+	_, _, e1 := Syscall6(SYS_FADVISE64, uintptr(fd), uintptr(offset), uintptr(length), uintptr(advice), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchown(fd int, uid int, gid int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstat(fd int, stat *Stat_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatat(dirfd int, path string, stat *Stat_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_NEWFSTATAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatfs(fd int, buf *Statfs_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTATFS, uintptr(fd), uintptr(unsafe.Pointer(buf)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ftruncate(fd int, length int64) (err error) {
+	_, _, e1 := Syscall(SYS_FTRUNCATE, uintptr(fd), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getegid() (egid int) {
+	r0, _ := RawSyscallNoError(SYS_GETEGID, 0, 0, 0)
+	egid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Geteuid() (euid int) {
+	r0, _ := RawSyscallNoError(SYS_GETEUID, 0, 0, 0)
+	euid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getgid() (gid int) {
+	r0, _ := RawSyscallNoError(SYS_GETGID, 0, 0, 0)
+	gid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrlimit(resource int, rlim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_UGETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getuid() (uid int) {
+	r0, _ := RawSyscallNoError(SYS_GETUID, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func InotifyInit() (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_INOTIFY_INIT, 0, 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ioperm(from int, num int, on int) (err error) {
+	_, _, e1 := Syscall(SYS_IOPERM, uintptr(from), uintptr(num), uintptr(on))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Iopl(level int) (err error) {
+	_, _, e1 := Syscall(SYS_IOPL, uintptr(level), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lchown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LCHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Listen(s int, n int) (err error) {
+	_, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(n), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lstat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LSTAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pause() (err error) {
+	_, _, e1 := Syscall(SYS_PAUSE, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pread(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PREAD64, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PWRITE64, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seek(fd int, offset int64, whence int) (off int64, err error) {
+	r0, _, e1 := Syscall(SYS_LSEEK, uintptr(fd), uintptr(offset), uintptr(whence))
+	off = int64(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS__NEWSELECT, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
+	r0, _, e1 := Syscall6(SYS_SENDFILE, uintptr(outfd), uintptr(infd), uintptr(unsafe.Pointer(offset)), uintptr(count), 0, 0)
+	written = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setfsgid(gid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSGID, uintptr(gid), 0, 0)
+	prev = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setfsuid(uid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSUID, uintptr(uid), 0, 0)
+	prev = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setregid(rgid int, egid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresgid(rgid int, egid int, sgid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresuid(ruid int, euid int, suid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setrlimit(resource int, rlim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setreuid(ruid int, euid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Shutdown(fd int, how int) (err error) {
+	_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error) {
+	r0, _, e1 := Syscall6(SYS_SPLICE, uintptr(rfd), uintptr(unsafe.Pointer(roff)), uintptr(wfd), uintptr(unsafe.Pointer(woff)), uintptr(len), uintptr(flags))
+	n = int64(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Stat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Statfs(path string, buf *Statfs_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STATFS, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(buf)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Truncate(path string, length int64) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_TRUNCATE, uintptr(unsafe.Pointer(_p0)), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ustat(dev int, ubuf *Ustat_t) (err error) {
+	_, _, e1 := Syscall(SYS_USTAT, uintptr(dev), uintptr(unsafe.Pointer(ubuf)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) {
+	r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_BIND, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_CONNECT, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getgroups(n int, list *_Gid_t) (nn int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETGROUPS, uintptr(n), uintptr(unsafe.Pointer(list)), 0)
+	nn = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setgroups(n int, list *_Gid_t) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETGROUPS, uintptr(n), uintptr(unsafe.Pointer(list)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
+	_, _, e1 := Syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
+	_, _, e1 := Syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socket(domain int, typ int, proto int) (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
+	_, _, e1 := RawSyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_RECVFROM, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS_SENDTO, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_RECVMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_SENDMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mmap(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (xaddr uintptr, err error) {
+	r0, _, e1 := Syscall6(SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flags), uintptr(fd), uintptr(offset))
+	xaddr = uintptr(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func futimesat(dirfd int, path string, times *[2]Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_FUTIMESAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Gettimeofday(tv *Timeval) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Time(t *Time_t) (tt Time_t, err error) {
+	r0, _, e1 := RawSyscall(SYS_TIME, uintptr(unsafe.Pointer(t)), 0, 0)
+	tt = Time_t(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Utime(path string, buf *Utimbuf) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UTIME, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(buf)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimes(path string, times *[2]Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UTIMES, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pipe(p *[2]_C_int) (err error) {
+	_, _, e1 := RawSyscall(SYS_PIPE, uintptr(unsafe.Pointer(p)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func syncFileRange2(fd int, flags int, off int64, n int64) (err error) {
+	_, _, e1 := Syscall6(SYS_SYNC_FILE_RANGE2, uintptr(fd), uintptr(flags), uintptr(off), uintptr(n), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func kexecFileLoad(kernelFd int, initrdFd int, cmdlineLen int, cmdline string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(cmdline)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_KEXEC_FILE_LOAD, uintptr(kernelFd), uintptr(initrdFd), uintptr(cmdlineLen), uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go
new file mode 100644
index 000000000..b76133447
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go
@@ -0,0 +1,582 @@
+// go run mksyscall.go -tags linux,riscv64 syscall_linux.go syscall_linux_riscv64.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build linux,riscv64
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+var _ syscall.Errno
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fanotifyMark(fd int, flags uint, mask uint64, dirFd int, pathname *byte) (err error) {
+	_, _, e1 := Syscall6(SYS_FANOTIFY_MARK, uintptr(fd), uintptr(flags), uintptr(mask), uintptr(dirFd), uintptr(unsafe.Pointer(pathname)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fallocate(fd int, mode uint32, off int64, len int64) (err error) {
+	_, _, e1 := Syscall6(SYS_FALLOCATE, uintptr(fd), uintptr(mode), uintptr(off), uintptr(len), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Tee(rfd int, wfd int, len int, flags int) (n int64, err error) {
+	r0, _, e1 := Syscall6(SYS_TEE, uintptr(rfd), uintptr(wfd), uintptr(len), uintptr(flags), 0, 0)
+	n = int64(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(events) > 0 {
+		_p0 = unsafe.Pointer(&events[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_EPOLL_PWAIT, uintptr(epfd), uintptr(_p0), uintptr(len(events)), uintptr(msec), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fadvise(fd int, offset int64, length int64, advice int) (err error) {
+	_, _, e1 := Syscall6(SYS_FADVISE64, uintptr(fd), uintptr(offset), uintptr(length), uintptr(advice), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchown(fd int, uid int, gid int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstat(fd int, stat *Stat_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FSTATAT, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatfs(fd int, buf *Statfs_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTATFS, uintptr(fd), uintptr(unsafe.Pointer(buf)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ftruncate(fd int, length int64) (err error) {
+	_, _, e1 := Syscall(SYS_FTRUNCATE, uintptr(fd), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getegid() (egid int) {
+	r0, _ := RawSyscallNoError(SYS_GETEGID, 0, 0, 0)
+	egid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Geteuid() (euid int) {
+	r0, _ := RawSyscallNoError(SYS_GETEUID, 0, 0, 0)
+	euid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getgid() (gid int) {
+	r0, _ := RawSyscallNoError(SYS_GETGID, 0, 0, 0)
+	gid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrlimit(resource int, rlim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getuid() (uid int) {
+	r0, _ := RawSyscallNoError(SYS_GETUID, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Listen(s int, n int) (err error) {
+	_, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(n), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pread(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PREAD64, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PWRITE64, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seek(fd int, offset int64, whence int) (off int64, err error) {
+	r0, _, e1 := Syscall(SYS_LSEEK, uintptr(fd), uintptr(offset), uintptr(whence))
+	off = int64(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
+	r0, _, e1 := Syscall6(SYS_SENDFILE, uintptr(outfd), uintptr(infd), uintptr(unsafe.Pointer(offset)), uintptr(count), 0, 0)
+	written = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setfsgid(gid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSGID, uintptr(gid), 0, 0)
+	prev = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setfsuid(uid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSUID, uintptr(uid), 0, 0)
+	prev = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setregid(rgid int, egid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresgid(rgid int, egid int, sgid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresuid(ruid int, euid int, suid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setrlimit(resource int, rlim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setreuid(ruid int, euid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Shutdown(fd int, how int) (err error) {
+	_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error) {
+	r0, _, e1 := Syscall6(SYS_SPLICE, uintptr(rfd), uintptr(unsafe.Pointer(roff)), uintptr(wfd), uintptr(unsafe.Pointer(woff)), uintptr(len), uintptr(flags))
+	n = int64(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Statfs(path string, buf *Statfs_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STATFS, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(buf)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func SyncFileRange(fd int, off int64, n int64, flags int) (err error) {
+	_, _, e1 := Syscall6(SYS_SYNC_FILE_RANGE, uintptr(fd), uintptr(off), uintptr(n), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Truncate(path string, length int64) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_TRUNCATE, uintptr(unsafe.Pointer(_p0)), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) {
+	r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_BIND, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_CONNECT, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getgroups(n int, list *_Gid_t) (nn int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETGROUPS, uintptr(n), uintptr(unsafe.Pointer(list)), 0)
+	nn = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setgroups(n int, list *_Gid_t) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETGROUPS, uintptr(n), uintptr(unsafe.Pointer(list)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
+	_, _, e1 := Syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
+	_, _, e1 := Syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socket(domain int, typ int, proto int) (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
+	_, _, e1 := RawSyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_RECVFROM, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS_SENDTO, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_RECVMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_SENDMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mmap(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (xaddr uintptr, err error) {
+	r0, _, e1 := Syscall6(SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flags), uintptr(fd), uintptr(offset))
+	xaddr = uintptr(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Gettimeofday(tv *Timeval) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func kexecFileLoad(kernelFd int, initrdFd int, cmdlineLen int, cmdline string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(cmdline)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_KEXEC_FILE_LOAD, uintptr(kernelFd), uintptr(initrdFd), uintptr(cmdlineLen), uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go
new file mode 100644
index 000000000..d7032ab1e
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go
@@ -0,0 +1,577 @@
+// go run mksyscall.go -tags linux,s390x syscall_linux.go syscall_linux_s390x.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build linux,s390x
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+var _ syscall.Errno
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fanotifyMark(fd int, flags uint, mask uint64, dirFd int, pathname *byte) (err error) {
+	_, _, e1 := Syscall6(SYS_FANOTIFY_MARK, uintptr(fd), uintptr(flags), uintptr(mask), uintptr(dirFd), uintptr(unsafe.Pointer(pathname)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fallocate(fd int, mode uint32, off int64, len int64) (err error) {
+	_, _, e1 := Syscall6(SYS_FALLOCATE, uintptr(fd), uintptr(mode), uintptr(off), uintptr(len), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Tee(rfd int, wfd int, len int, flags int) (n int64, err error) {
+	r0, _, e1 := Syscall6(SYS_TEE, uintptr(rfd), uintptr(wfd), uintptr(len), uintptr(flags), 0, 0)
+	n = int64(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func dup2(oldfd int, newfd int) (err error) {
+	_, _, e1 := Syscall(SYS_DUP2, uintptr(oldfd), uintptr(newfd), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func EpollCreate(size int) (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_EPOLL_CREATE, uintptr(size), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(events) > 0 {
+		_p0 = unsafe.Pointer(&events[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_EPOLL_WAIT, uintptr(epfd), uintptr(_p0), uintptr(len(events)), uintptr(msec), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fadvise(fd int, offset int64, length int64, advice int) (err error) {
+	_, _, e1 := Syscall6(SYS_FADVISE64, uintptr(fd), uintptr(offset), uintptr(length), uintptr(advice), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchown(fd int, uid int, gid int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstat(fd int, stat *Stat_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatat(dirfd int, path string, stat *Stat_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_NEWFSTATAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatfs(fd int, buf *Statfs_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTATFS, uintptr(fd), uintptr(unsafe.Pointer(buf)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ftruncate(fd int, length int64) (err error) {
+	_, _, e1 := Syscall(SYS_FTRUNCATE, uintptr(fd), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getegid() (egid int) {
+	r0, _ := RawSyscallNoError(SYS_GETEGID, 0, 0, 0)
+	egid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Geteuid() (euid int) {
+	r0, _ := RawSyscallNoError(SYS_GETEUID, 0, 0, 0)
+	euid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getgid() (gid int) {
+	r0, _ := RawSyscallNoError(SYS_GETGID, 0, 0, 0)
+	gid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrlimit(resource int, rlim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getuid() (uid int) {
+	r0, _ := RawSyscallNoError(SYS_GETUID, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func InotifyInit() (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_INOTIFY_INIT, 0, 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lchown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LCHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lstat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LSTAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pause() (err error) {
+	_, _, e1 := Syscall(SYS_PAUSE, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pread(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PREAD64, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PWRITE64, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seek(fd int, offset int64, whence int) (off int64, err error) {
+	r0, _, e1 := Syscall(SYS_LSEEK, uintptr(fd), uintptr(offset), uintptr(whence))
+	off = int64(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_SELECT, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
+	r0, _, e1 := Syscall6(SYS_SENDFILE, uintptr(outfd), uintptr(infd), uintptr(unsafe.Pointer(offset)), uintptr(count), 0, 0)
+	written = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setfsgid(gid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSGID, uintptr(gid), 0, 0)
+	prev = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setfsuid(uid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSUID, uintptr(uid), 0, 0)
+	prev = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setregid(rgid int, egid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresgid(rgid int, egid int, sgid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresuid(ruid int, euid int, suid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setrlimit(resource int, rlim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setreuid(ruid int, euid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error) {
+	r0, _, e1 := Syscall6(SYS_SPLICE, uintptr(rfd), uintptr(unsafe.Pointer(roff)), uintptr(wfd), uintptr(unsafe.Pointer(woff)), uintptr(len), uintptr(flags))
+	n = int64(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Stat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Statfs(path string, buf *Statfs_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STATFS, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(buf)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func SyncFileRange(fd int, off int64, n int64, flags int) (err error) {
+	_, _, e1 := Syscall6(SYS_SYNC_FILE_RANGE, uintptr(fd), uintptr(off), uintptr(n), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Truncate(path string, length int64) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_TRUNCATE, uintptr(unsafe.Pointer(_p0)), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ustat(dev int, ubuf *Ustat_t) (err error) {
+	_, _, e1 := Syscall(SYS_USTAT, uintptr(dev), uintptr(unsafe.Pointer(ubuf)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getgroups(n int, list *_Gid_t) (nn int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETGROUPS, uintptr(n), uintptr(unsafe.Pointer(list)), 0)
+	nn = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setgroups(n int, list *_Gid_t) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETGROUPS, uintptr(n), uintptr(unsafe.Pointer(list)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func futimesat(dirfd int, path string, times *[2]Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_FUTIMESAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Gettimeofday(tv *Timeval) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Utime(path string, buf *Utimbuf) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UTIME, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(buf)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimes(path string, times *[2]Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UTIMES, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func kexecFileLoad(kernelFd int, initrdFd int, cmdlineLen int, cmdline string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(cmdline)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_KEXEC_FILE_LOAD, uintptr(kernelFd), uintptr(initrdFd), uintptr(cmdlineLen), uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go
new file mode 100644
index 000000000..bcbbdd906
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go
@@ -0,0 +1,740 @@
+// go run mksyscall.go -tags linux,sparc64 syscall_linux.go syscall_linux_sparc64.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build linux,sparc64
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+var _ syscall.Errno
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fanotifyMark(fd int, flags uint, mask uint64, dirFd int, pathname *byte) (err error) {
+	_, _, e1 := Syscall6(SYS_FANOTIFY_MARK, uintptr(fd), uintptr(flags), uintptr(mask), uintptr(dirFd), uintptr(unsafe.Pointer(pathname)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fallocate(fd int, mode uint32, off int64, len int64) (err error) {
+	_, _, e1 := Syscall6(SYS_FALLOCATE, uintptr(fd), uintptr(mode), uintptr(off), uintptr(len), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Tee(rfd int, wfd int, len int, flags int) (n int64, err error) {
+	r0, _, e1 := Syscall6(SYS_TEE, uintptr(rfd), uintptr(wfd), uintptr(len), uintptr(flags), 0, 0)
+	n = int64(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(events) > 0 {
+		_p0 = unsafe.Pointer(&events[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_EPOLL_WAIT, uintptr(epfd), uintptr(_p0), uintptr(len(events)), uintptr(msec), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fadvise(fd int, offset int64, length int64, advice int) (err error) {
+	_, _, e1 := Syscall6(SYS_FADVISE64, uintptr(fd), uintptr(offset), uintptr(length), uintptr(advice), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func dup2(oldfd int, newfd int) (err error) {
+	_, _, e1 := Syscall(SYS_DUP2, uintptr(oldfd), uintptr(newfd), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchown(fd int, uid int, gid int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstat(fd int, stat *Stat_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatat(dirfd int, path string, stat *Stat_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FSTATAT64, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatfs(fd int, buf *Statfs_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTATFS, uintptr(fd), uintptr(unsafe.Pointer(buf)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ftruncate(fd int, length int64) (err error) {
+	_, _, e1 := Syscall(SYS_FTRUNCATE, uintptr(fd), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getegid() (egid int) {
+	r0, _ := RawSyscallNoError(SYS_GETEGID, 0, 0, 0)
+	egid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Geteuid() (euid int) {
+	r0, _ := RawSyscallNoError(SYS_GETEUID, 0, 0, 0)
+	euid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getgid() (gid int) {
+	r0, _ := RawSyscallNoError(SYS_GETGID, 0, 0, 0)
+	gid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrlimit(resource int, rlim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getuid() (uid int) {
+	r0, _ := RawSyscallNoError(SYS_GETUID, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func InotifyInit() (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_INOTIFY_INIT, 0, 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lchown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LCHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Listen(s int, n int) (err error) {
+	_, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(n), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lstat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LSTAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pause() (err error) {
+	_, _, e1 := Syscall(SYS_PAUSE, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pread(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PREAD64, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PWRITE64, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seek(fd int, offset int64, whence int) (off int64, err error) {
+	r0, _, e1 := Syscall(SYS_LSEEK, uintptr(fd), uintptr(offset), uintptr(whence))
+	off = int64(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_SELECT, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
+	r0, _, e1 := Syscall6(SYS_SENDFILE, uintptr(outfd), uintptr(infd), uintptr(unsafe.Pointer(offset)), uintptr(count), 0, 0)
+	written = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setfsgid(gid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSGID, uintptr(gid), 0, 0)
+	prev = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setfsuid(uid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSUID, uintptr(uid), 0, 0)
+	prev = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setregid(rgid int, egid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresgid(rgid int, egid int, sgid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresuid(ruid int, euid int, suid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setrlimit(resource int, rlim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setreuid(ruid int, euid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Shutdown(fd int, how int) (err error) {
+	_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error) {
+	r0, _, e1 := Syscall6(SYS_SPLICE, uintptr(rfd), uintptr(unsafe.Pointer(roff)), uintptr(wfd), uintptr(unsafe.Pointer(woff)), uintptr(len), uintptr(flags))
+	n = int64(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Stat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Statfs(path string, buf *Statfs_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STATFS, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(buf)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func SyncFileRange(fd int, off int64, n int64, flags int) (err error) {
+	_, _, e1 := Syscall6(SYS_SYNC_FILE_RANGE, uintptr(fd), uintptr(off), uintptr(n), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Truncate(path string, length int64) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_TRUNCATE, uintptr(unsafe.Pointer(_p0)), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) {
+	r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_BIND, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_CONNECT, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getgroups(n int, list *_Gid_t) (nn int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETGROUPS, uintptr(n), uintptr(unsafe.Pointer(list)), 0)
+	nn = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setgroups(n int, list *_Gid_t) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETGROUPS, uintptr(n), uintptr(unsafe.Pointer(list)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
+	_, _, e1 := Syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
+	_, _, e1 := Syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socket(domain int, typ int, proto int) (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
+	_, _, e1 := RawSyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_RECVFROM, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS_SENDTO, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_RECVMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_SENDMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mmap(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (xaddr uintptr, err error) {
+	r0, _, e1 := Syscall6(SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flags), uintptr(fd), uintptr(offset))
+	xaddr = uintptr(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func futimesat(dirfd int, path string, times *[2]Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_FUTIMESAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Gettimeofday(tv *Timeval) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Utime(path string, buf *Utimbuf) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UTIME, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(buf)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimes(path string, times *[2]Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UTIMES, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pipe(p *[2]_C_int) (err error) {
+	_, _, e1 := RawSyscall(SYS_PIPE, uintptr(unsafe.Pointer(p)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go
new file mode 100644
index 000000000..3bbd9e39c
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go
@@ -0,0 +1,1851 @@
+// go run mksyscall.go -l32 -netbsd -tags netbsd,386 syscall_bsd.go syscall_netbsd.go syscall_netbsd_386.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build netbsd,386
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+var _ syscall.Errno
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getgroups(ngid int, gid *_Gid_t) (n int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setgroups(ngid int, gid *_Gid_t) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) {
+	r0, _, e1 := Syscall6(SYS_WAIT4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0)
+	wpid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_BIND, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_CONNECT, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socket(domain int, typ int, proto int) (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
+	_, _, e1 := Syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
+	_, _, e1 := Syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Shutdown(s int, how int) (err error) {
+	_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(s), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
+	_, _, e1 := RawSyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_RECVFROM, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS_SENDTO, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_RECVMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_SENDMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, nevent int, timeout *Timespec) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_KEVENT, uintptr(kq), uintptr(change), uintptr(nchange), uintptr(event), uintptr(nevent), uintptr(unsafe.Pointer(timeout)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimes(path string, timeval *[2]Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UTIMES, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func futimes(fd int, timeval *[2]Timeval) (err error) {
+	_, _, e1 := Syscall(SYS_FUTIMES, uintptr(fd), uintptr(unsafe.Pointer(timeval)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Madvise(b []byte, behav int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MADVISE, uintptr(_p0), uintptr(len(b)), uintptr(behav))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlock(b []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MLOCK, uintptr(_p0), uintptr(len(b)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlockall(flags int) (err error) {
+	_, _, e1 := Syscall(SYS_MLOCKALL, uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mprotect(b []byte, prot int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MPROTECT, uintptr(_p0), uintptr(len(b)), uintptr(prot))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Msync(b []byte, flags int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MSYNC, uintptr(_p0), uintptr(len(b)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlock(b []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MUNLOCK, uintptr(_p0), uintptr(len(b)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlockall() (err error) {
+	_, _, e1 := Syscall(SYS_MUNLOCKALL, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pipe() (fd1 int, fd2 int, err error) {
+	r0, r1, e1 := RawSyscall(SYS_PIPE, 0, 0, 0)
+	fd1 = int(r0)
+	fd2 = int(r1)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getdents(fd int, buf []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_GETDENTS, uintptr(fd), uintptr(_p0), uintptr(len(buf)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getcwd(buf []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS___GETCWD, uintptr(_p0), uintptr(len(buf)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ioctl(fd int, req uint, arg uintptr) (err error) {
+	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
+	var _p0 unsafe.Pointer
+	if len(mib) > 0 {
+		_p0 = unsafe.Pointer(&mib[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Access(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_ACCESS, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Adjtime(delta *Timeval, olddelta *Timeval) (err error) {
+	_, _, e1 := Syscall(SYS_ADJTIME, uintptr(unsafe.Pointer(delta)), uintptr(unsafe.Pointer(olddelta)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chdir(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chflags(path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHFLAGS, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chmod(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHMOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chroot(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHROOT, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Close(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup(fd int) (nfd int, err error) {
+	r0, _, e1 := Syscall(SYS_DUP, uintptr(fd), 0, 0)
+	nfd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup2(from int, to int) (err error) {
+	_, _, e1 := Syscall(SYS_DUP2, uintptr(from), uintptr(to), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup3(from int, to int, flags int) (err error) {
+	_, _, e1 := Syscall(SYS_DUP3, uintptr(from), uintptr(to), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Exit(code int) {
+	Syscall(SYS_EXIT, uintptr(code), 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrGetFd(fd int, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_GET_FD, uintptr(fd), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p0)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrSetFd(fd int, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_SET_FD, uintptr(fd), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p0)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrDeleteFd(fd int, attrnamespace int, attrname string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_EXTATTR_DELETE_FD, uintptr(fd), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p0)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrListFd(fd int, attrnamespace int, data uintptr, nbytes int) (ret int, err error) {
+	r0, _, e1 := Syscall6(SYS_EXTATTR_LIST_FD, uintptr(fd), uintptr(attrnamespace), uintptr(data), uintptr(nbytes), 0, 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrGetFile(file string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(file)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_GET_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrSetFile(file string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(file)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_SET_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrDeleteFile(file string, attrnamespace int, attrname string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(file)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_EXTATTR_DELETE_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrListFile(file string, attrnamespace int, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(file)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_LIST_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(data), uintptr(nbytes), 0, 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrGetLink(link string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_GET_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrSetLink(link string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_SET_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrDeleteLink(link string, attrnamespace int, attrname string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_EXTATTR_DELETE_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrListLink(link string, attrnamespace int, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_LIST_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(data), uintptr(nbytes), 0, 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FACCESSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fadvise(fd int, offset int64, length int64, advice int) (err error) {
+	_, _, e1 := Syscall9(SYS_POSIX_FADVISE, uintptr(fd), 0, uintptr(offset), uintptr(offset>>32), 0, uintptr(length), uintptr(length>>32), uintptr(advice), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchdir(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHDIR, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchflags(fd int, flags int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHFLAGS, uintptr(fd), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmod(fd int, mode uint32) (err error) {
+	_, _, e1 := Syscall(SYS_FCHMOD, uintptr(fd), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FCHMODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchown(fd int, uid int, gid int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Flock(fd int, how int) (err error) {
+	_, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fpathconf(fd int, name int) (val int, err error) {
+	r0, _, e1 := Syscall(SYS_FPATHCONF, uintptr(fd), uintptr(name), 0)
+	val = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstat(fd int, stat *Stat_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FSTATAT, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatvfs1(fd int, buf *Statvfs_t, flags int) (err error) {
+	_, _, e1 := Syscall(SYS_FSTATVFS1, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fsync(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ftruncate(fd int, length int64) (err error) {
+	_, _, e1 := Syscall6(SYS_FTRUNCATE, uintptr(fd), 0, uintptr(length), uintptr(length>>32), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getegid() (egid int) {
+	r0, _, _ := RawSyscall(SYS_GETEGID, 0, 0, 0)
+	egid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Geteuid() (uid int) {
+	r0, _, _ := RawSyscall(SYS_GETEUID, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getgid() (gid int) {
+	r0, _, _ := RawSyscall(SYS_GETGID, 0, 0, 0)
+	gid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgid(pid int) (pgid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETPGID, uintptr(pid), 0, 0)
+	pgid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgrp() (pgrp int) {
+	r0, _, _ := RawSyscall(SYS_GETPGRP, 0, 0, 0)
+	pgrp = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpid() (pid int) {
+	r0, _, _ := RawSyscall(SYS_GETPID, 0, 0, 0)
+	pid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getppid() (ppid int) {
+	r0, _, _ := RawSyscall(SYS_GETPPID, 0, 0, 0)
+	ppid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpriority(which int, who int) (prio int, err error) {
+	r0, _, e1 := Syscall(SYS_GETPRIORITY, uintptr(which), uintptr(who), 0)
+	prio = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrlimit(which int, lim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrusage(who int, rusage *Rusage) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getsid(pid int) (sid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETSID, uintptr(pid), 0, 0)
+	sid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Gettimeofday(tv *Timeval) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getuid() (uid int) {
+	r0, _, _ := RawSyscall(SYS_GETUID, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Issetugid() (tainted bool) {
+	r0, _, _ := Syscall(SYS_ISSETUGID, 0, 0, 0)
+	tainted = bool(r0 != 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Kill(pid int, signum syscall.Signal) (err error) {
+	_, _, e1 := Syscall(SYS_KILL, uintptr(pid), uintptr(signum), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Kqueue() (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_KQUEUE, 0, 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lchown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LCHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Link(path string, link string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_LINKAT, uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Listen(s int, backlog int) (err error) {
+	_, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(backlog), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lstat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LSTAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdir(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKDIR, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdirat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkfifo(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKFIFO, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkfifoat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKFIFOAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mknod(path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKNOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_MKNODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
+	_, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Open(path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall(SYS_OPEN, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pathconf(path string, name int) (val int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall(SYS_PATHCONF, uintptr(unsafe.Pointer(_p0)), uintptr(name), 0)
+	val = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pread(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PREAD, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset), uintptr(offset>>32))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PWRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset), uintptr(offset>>32))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func read(fd int, p []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Readlink(path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_READLINK, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_READLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Rename(from string, to string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_RENAME, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Renameat(fromfd int, from string, tofd int, to string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Revoke(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_REVOKE, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Rmdir(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_RMDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
+	r0, r1, e1 := Syscall6(SYS_LSEEK, uintptr(fd), 0, uintptr(offset), uintptr(offset>>32), uintptr(whence), 0)
+	newoffset = int64(int64(r1)<<32 | int64(r0))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_SELECT, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setegid(egid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETEGID, uintptr(egid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seteuid(euid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETEUID, uintptr(euid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setgid(gid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETGID, uintptr(gid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpgid(pid int, pgid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETPGID, uintptr(pid), uintptr(pgid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpriority(which int, who int, prio int) (err error) {
+	_, _, e1 := Syscall(SYS_SETPRIORITY, uintptr(which), uintptr(who), uintptr(prio))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setregid(rgid int, egid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setreuid(ruid int, euid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setrlimit(which int, lim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setsid() (pid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0)
+	pid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Settimeofday(tp *Timeval) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETTIMEOFDAY, uintptr(unsafe.Pointer(tp)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setuid(uid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETUID, uintptr(uid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Stat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Statvfs1(path string, buf *Statvfs_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STATVFS1, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(buf)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Symlink(path string, link string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SYMLINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Sync() (err error) {
+	_, _, e1 := Syscall(SYS_SYNC, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Truncate(path string, length int64) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_TRUNCATE, uintptr(unsafe.Pointer(_p0)), 0, uintptr(length), uintptr(length>>32), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Umask(newmask int) (oldmask int) {
+	r0, _, _ := Syscall(SYS_UMASK, uintptr(newmask), 0, 0)
+	oldmask = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlink(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNLINK, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlinkat(dirfd int, path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unmount(path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNMOUNT, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func write(fd int, p []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) {
+	r0, _, e1 := Syscall9(SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), 0, uintptr(pos), uintptr(pos>>32), 0)
+	ret = uintptr(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func munmap(addr uintptr, length uintptr) (err error) {
+	_, _, e1 := Syscall(SYS_MUNMAP, uintptr(addr), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func readlen(fd int, buf *byte, nbuf int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func writelen(fd int, buf *byte, nbuf int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_UTIMENSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go
new file mode 100644
index 000000000..d8cf5012c
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go
@@ -0,0 +1,1851 @@
+// go run mksyscall.go -netbsd -tags netbsd,amd64 syscall_bsd.go syscall_netbsd.go syscall_netbsd_amd64.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build netbsd,amd64
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+var _ syscall.Errno
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getgroups(ngid int, gid *_Gid_t) (n int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setgroups(ngid int, gid *_Gid_t) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) {
+	r0, _, e1 := Syscall6(SYS_WAIT4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0)
+	wpid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_BIND, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_CONNECT, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socket(domain int, typ int, proto int) (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
+	_, _, e1 := Syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
+	_, _, e1 := Syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Shutdown(s int, how int) (err error) {
+	_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(s), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
+	_, _, e1 := RawSyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_RECVFROM, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS_SENDTO, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_RECVMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_SENDMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, nevent int, timeout *Timespec) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_KEVENT, uintptr(kq), uintptr(change), uintptr(nchange), uintptr(event), uintptr(nevent), uintptr(unsafe.Pointer(timeout)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimes(path string, timeval *[2]Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UTIMES, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func futimes(fd int, timeval *[2]Timeval) (err error) {
+	_, _, e1 := Syscall(SYS_FUTIMES, uintptr(fd), uintptr(unsafe.Pointer(timeval)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Madvise(b []byte, behav int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MADVISE, uintptr(_p0), uintptr(len(b)), uintptr(behav))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlock(b []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MLOCK, uintptr(_p0), uintptr(len(b)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlockall(flags int) (err error) {
+	_, _, e1 := Syscall(SYS_MLOCKALL, uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mprotect(b []byte, prot int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MPROTECT, uintptr(_p0), uintptr(len(b)), uintptr(prot))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Msync(b []byte, flags int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MSYNC, uintptr(_p0), uintptr(len(b)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlock(b []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MUNLOCK, uintptr(_p0), uintptr(len(b)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlockall() (err error) {
+	_, _, e1 := Syscall(SYS_MUNLOCKALL, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pipe() (fd1 int, fd2 int, err error) {
+	r0, r1, e1 := RawSyscall(SYS_PIPE, 0, 0, 0)
+	fd1 = int(r0)
+	fd2 = int(r1)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getdents(fd int, buf []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_GETDENTS, uintptr(fd), uintptr(_p0), uintptr(len(buf)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getcwd(buf []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS___GETCWD, uintptr(_p0), uintptr(len(buf)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ioctl(fd int, req uint, arg uintptr) (err error) {
+	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
+	var _p0 unsafe.Pointer
+	if len(mib) > 0 {
+		_p0 = unsafe.Pointer(&mib[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Access(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_ACCESS, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Adjtime(delta *Timeval, olddelta *Timeval) (err error) {
+	_, _, e1 := Syscall(SYS_ADJTIME, uintptr(unsafe.Pointer(delta)), uintptr(unsafe.Pointer(olddelta)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chdir(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chflags(path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHFLAGS, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chmod(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHMOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chroot(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHROOT, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Close(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup(fd int) (nfd int, err error) {
+	r0, _, e1 := Syscall(SYS_DUP, uintptr(fd), 0, 0)
+	nfd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup2(from int, to int) (err error) {
+	_, _, e1 := Syscall(SYS_DUP2, uintptr(from), uintptr(to), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup3(from int, to int, flags int) (err error) {
+	_, _, e1 := Syscall(SYS_DUP3, uintptr(from), uintptr(to), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Exit(code int) {
+	Syscall(SYS_EXIT, uintptr(code), 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrGetFd(fd int, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_GET_FD, uintptr(fd), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p0)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrSetFd(fd int, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_SET_FD, uintptr(fd), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p0)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrDeleteFd(fd int, attrnamespace int, attrname string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_EXTATTR_DELETE_FD, uintptr(fd), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p0)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrListFd(fd int, attrnamespace int, data uintptr, nbytes int) (ret int, err error) {
+	r0, _, e1 := Syscall6(SYS_EXTATTR_LIST_FD, uintptr(fd), uintptr(attrnamespace), uintptr(data), uintptr(nbytes), 0, 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrGetFile(file string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(file)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_GET_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrSetFile(file string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(file)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_SET_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrDeleteFile(file string, attrnamespace int, attrname string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(file)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_EXTATTR_DELETE_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrListFile(file string, attrnamespace int, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(file)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_LIST_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(data), uintptr(nbytes), 0, 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrGetLink(link string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_GET_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrSetLink(link string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_SET_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrDeleteLink(link string, attrnamespace int, attrname string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_EXTATTR_DELETE_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrListLink(link string, attrnamespace int, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_LIST_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(data), uintptr(nbytes), 0, 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FACCESSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fadvise(fd int, offset int64, length int64, advice int) (err error) {
+	_, _, e1 := Syscall6(SYS_POSIX_FADVISE, uintptr(fd), 0, uintptr(offset), 0, uintptr(length), uintptr(advice))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchdir(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHDIR, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchflags(fd int, flags int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHFLAGS, uintptr(fd), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmod(fd int, mode uint32) (err error) {
+	_, _, e1 := Syscall(SYS_FCHMOD, uintptr(fd), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FCHMODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchown(fd int, uid int, gid int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Flock(fd int, how int) (err error) {
+	_, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fpathconf(fd int, name int) (val int, err error) {
+	r0, _, e1 := Syscall(SYS_FPATHCONF, uintptr(fd), uintptr(name), 0)
+	val = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstat(fd int, stat *Stat_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FSTATAT, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatvfs1(fd int, buf *Statvfs_t, flags int) (err error) {
+	_, _, e1 := Syscall(SYS_FSTATVFS1, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fsync(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ftruncate(fd int, length int64) (err error) {
+	_, _, e1 := Syscall(SYS_FTRUNCATE, uintptr(fd), 0, uintptr(length))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getegid() (egid int) {
+	r0, _, _ := RawSyscall(SYS_GETEGID, 0, 0, 0)
+	egid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Geteuid() (uid int) {
+	r0, _, _ := RawSyscall(SYS_GETEUID, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getgid() (gid int) {
+	r0, _, _ := RawSyscall(SYS_GETGID, 0, 0, 0)
+	gid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgid(pid int) (pgid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETPGID, uintptr(pid), 0, 0)
+	pgid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgrp() (pgrp int) {
+	r0, _, _ := RawSyscall(SYS_GETPGRP, 0, 0, 0)
+	pgrp = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpid() (pid int) {
+	r0, _, _ := RawSyscall(SYS_GETPID, 0, 0, 0)
+	pid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getppid() (ppid int) {
+	r0, _, _ := RawSyscall(SYS_GETPPID, 0, 0, 0)
+	ppid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpriority(which int, who int) (prio int, err error) {
+	r0, _, e1 := Syscall(SYS_GETPRIORITY, uintptr(which), uintptr(who), 0)
+	prio = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrlimit(which int, lim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrusage(who int, rusage *Rusage) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getsid(pid int) (sid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETSID, uintptr(pid), 0, 0)
+	sid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Gettimeofday(tv *Timeval) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getuid() (uid int) {
+	r0, _, _ := RawSyscall(SYS_GETUID, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Issetugid() (tainted bool) {
+	r0, _, _ := Syscall(SYS_ISSETUGID, 0, 0, 0)
+	tainted = bool(r0 != 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Kill(pid int, signum syscall.Signal) (err error) {
+	_, _, e1 := Syscall(SYS_KILL, uintptr(pid), uintptr(signum), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Kqueue() (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_KQUEUE, 0, 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lchown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LCHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Link(path string, link string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_LINKAT, uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Listen(s int, backlog int) (err error) {
+	_, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(backlog), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lstat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LSTAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdir(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKDIR, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdirat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkfifo(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKFIFO, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkfifoat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKFIFOAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mknod(path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKNOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_MKNODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
+	_, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Open(path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall(SYS_OPEN, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pathconf(path string, name int) (val int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall(SYS_PATHCONF, uintptr(unsafe.Pointer(_p0)), uintptr(name), 0)
+	val = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pread(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PREAD, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PWRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func read(fd int, p []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Readlink(path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_READLINK, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_READLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Rename(from string, to string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_RENAME, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Renameat(fromfd int, from string, tofd int, to string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Revoke(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_REVOKE, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Rmdir(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_RMDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
+	r0, _, e1 := Syscall6(SYS_LSEEK, uintptr(fd), 0, uintptr(offset), uintptr(whence), 0, 0)
+	newoffset = int64(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_SELECT, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setegid(egid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETEGID, uintptr(egid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seteuid(euid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETEUID, uintptr(euid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setgid(gid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETGID, uintptr(gid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpgid(pid int, pgid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETPGID, uintptr(pid), uintptr(pgid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpriority(which int, who int, prio int) (err error) {
+	_, _, e1 := Syscall(SYS_SETPRIORITY, uintptr(which), uintptr(who), uintptr(prio))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setregid(rgid int, egid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setreuid(ruid int, euid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setrlimit(which int, lim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setsid() (pid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0)
+	pid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Settimeofday(tp *Timeval) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETTIMEOFDAY, uintptr(unsafe.Pointer(tp)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setuid(uid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETUID, uintptr(uid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Stat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Statvfs1(path string, buf *Statvfs_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STATVFS1, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(buf)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Symlink(path string, link string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SYMLINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Sync() (err error) {
+	_, _, e1 := Syscall(SYS_SYNC, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Truncate(path string, length int64) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_TRUNCATE, uintptr(unsafe.Pointer(_p0)), 0, uintptr(length))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Umask(newmask int) (oldmask int) {
+	r0, _, _ := Syscall(SYS_UMASK, uintptr(newmask), 0, 0)
+	oldmask = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlink(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNLINK, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlinkat(dirfd int, path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unmount(path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNMOUNT, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func write(fd int, p []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) {
+	r0, _, e1 := Syscall9(SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), 0, uintptr(pos), 0, 0)
+	ret = uintptr(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func munmap(addr uintptr, length uintptr) (err error) {
+	_, _, e1 := Syscall(SYS_MUNMAP, uintptr(addr), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func readlen(fd int, buf *byte, nbuf int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func writelen(fd int, buf *byte, nbuf int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_UTIMENSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go
new file mode 100644
index 000000000..1153fe69b
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go
@@ -0,0 +1,1851 @@
+// go run mksyscall.go -l32 -netbsd -arm -tags netbsd,arm syscall_bsd.go syscall_netbsd.go syscall_netbsd_arm.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build netbsd,arm
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+var _ syscall.Errno
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getgroups(ngid int, gid *_Gid_t) (n int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setgroups(ngid int, gid *_Gid_t) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) {
+	r0, _, e1 := Syscall6(SYS_WAIT4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0)
+	wpid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_BIND, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_CONNECT, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socket(domain int, typ int, proto int) (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
+	_, _, e1 := Syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
+	_, _, e1 := Syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Shutdown(s int, how int) (err error) {
+	_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(s), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
+	_, _, e1 := RawSyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_RECVFROM, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS_SENDTO, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_RECVMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_SENDMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, nevent int, timeout *Timespec) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_KEVENT, uintptr(kq), uintptr(change), uintptr(nchange), uintptr(event), uintptr(nevent), uintptr(unsafe.Pointer(timeout)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimes(path string, timeval *[2]Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UTIMES, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func futimes(fd int, timeval *[2]Timeval) (err error) {
+	_, _, e1 := Syscall(SYS_FUTIMES, uintptr(fd), uintptr(unsafe.Pointer(timeval)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Madvise(b []byte, behav int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MADVISE, uintptr(_p0), uintptr(len(b)), uintptr(behav))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlock(b []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MLOCK, uintptr(_p0), uintptr(len(b)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlockall(flags int) (err error) {
+	_, _, e1 := Syscall(SYS_MLOCKALL, uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mprotect(b []byte, prot int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MPROTECT, uintptr(_p0), uintptr(len(b)), uintptr(prot))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Msync(b []byte, flags int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MSYNC, uintptr(_p0), uintptr(len(b)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlock(b []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MUNLOCK, uintptr(_p0), uintptr(len(b)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlockall() (err error) {
+	_, _, e1 := Syscall(SYS_MUNLOCKALL, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pipe() (fd1 int, fd2 int, err error) {
+	r0, r1, e1 := RawSyscall(SYS_PIPE, 0, 0, 0)
+	fd1 = int(r0)
+	fd2 = int(r1)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getdents(fd int, buf []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_GETDENTS, uintptr(fd), uintptr(_p0), uintptr(len(buf)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getcwd(buf []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS___GETCWD, uintptr(_p0), uintptr(len(buf)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ioctl(fd int, req uint, arg uintptr) (err error) {
+	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
+	var _p0 unsafe.Pointer
+	if len(mib) > 0 {
+		_p0 = unsafe.Pointer(&mib[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Access(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_ACCESS, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Adjtime(delta *Timeval, olddelta *Timeval) (err error) {
+	_, _, e1 := Syscall(SYS_ADJTIME, uintptr(unsafe.Pointer(delta)), uintptr(unsafe.Pointer(olddelta)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chdir(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chflags(path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHFLAGS, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chmod(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHMOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chroot(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHROOT, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Close(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup(fd int) (nfd int, err error) {
+	r0, _, e1 := Syscall(SYS_DUP, uintptr(fd), 0, 0)
+	nfd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup2(from int, to int) (err error) {
+	_, _, e1 := Syscall(SYS_DUP2, uintptr(from), uintptr(to), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup3(from int, to int, flags int) (err error) {
+	_, _, e1 := Syscall(SYS_DUP3, uintptr(from), uintptr(to), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Exit(code int) {
+	Syscall(SYS_EXIT, uintptr(code), 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrGetFd(fd int, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_GET_FD, uintptr(fd), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p0)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrSetFd(fd int, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_SET_FD, uintptr(fd), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p0)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrDeleteFd(fd int, attrnamespace int, attrname string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_EXTATTR_DELETE_FD, uintptr(fd), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p0)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrListFd(fd int, attrnamespace int, data uintptr, nbytes int) (ret int, err error) {
+	r0, _, e1 := Syscall6(SYS_EXTATTR_LIST_FD, uintptr(fd), uintptr(attrnamespace), uintptr(data), uintptr(nbytes), 0, 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrGetFile(file string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(file)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_GET_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrSetFile(file string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(file)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_SET_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrDeleteFile(file string, attrnamespace int, attrname string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(file)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_EXTATTR_DELETE_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrListFile(file string, attrnamespace int, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(file)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_LIST_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(data), uintptr(nbytes), 0, 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrGetLink(link string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_GET_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrSetLink(link string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_SET_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrDeleteLink(link string, attrnamespace int, attrname string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_EXTATTR_DELETE_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrListLink(link string, attrnamespace int, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_LIST_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(data), uintptr(nbytes), 0, 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FACCESSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fadvise(fd int, offset int64, length int64, advice int) (err error) {
+	_, _, e1 := Syscall9(SYS_POSIX_FADVISE, uintptr(fd), 0, uintptr(offset), uintptr(offset>>32), 0, uintptr(length), uintptr(length>>32), uintptr(advice), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchdir(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHDIR, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchflags(fd int, flags int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHFLAGS, uintptr(fd), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmod(fd int, mode uint32) (err error) {
+	_, _, e1 := Syscall(SYS_FCHMOD, uintptr(fd), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FCHMODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchown(fd int, uid int, gid int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Flock(fd int, how int) (err error) {
+	_, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fpathconf(fd int, name int) (val int, err error) {
+	r0, _, e1 := Syscall(SYS_FPATHCONF, uintptr(fd), uintptr(name), 0)
+	val = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstat(fd int, stat *Stat_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FSTATAT, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatvfs1(fd int, buf *Statvfs_t, flags int) (err error) {
+	_, _, e1 := Syscall(SYS_FSTATVFS1, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fsync(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ftruncate(fd int, length int64) (err error) {
+	_, _, e1 := Syscall6(SYS_FTRUNCATE, uintptr(fd), 0, uintptr(length), uintptr(length>>32), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getegid() (egid int) {
+	r0, _, _ := RawSyscall(SYS_GETEGID, 0, 0, 0)
+	egid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Geteuid() (uid int) {
+	r0, _, _ := RawSyscall(SYS_GETEUID, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getgid() (gid int) {
+	r0, _, _ := RawSyscall(SYS_GETGID, 0, 0, 0)
+	gid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgid(pid int) (pgid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETPGID, uintptr(pid), 0, 0)
+	pgid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgrp() (pgrp int) {
+	r0, _, _ := RawSyscall(SYS_GETPGRP, 0, 0, 0)
+	pgrp = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpid() (pid int) {
+	r0, _, _ := RawSyscall(SYS_GETPID, 0, 0, 0)
+	pid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getppid() (ppid int) {
+	r0, _, _ := RawSyscall(SYS_GETPPID, 0, 0, 0)
+	ppid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpriority(which int, who int) (prio int, err error) {
+	r0, _, e1 := Syscall(SYS_GETPRIORITY, uintptr(which), uintptr(who), 0)
+	prio = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrlimit(which int, lim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrusage(who int, rusage *Rusage) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getsid(pid int) (sid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETSID, uintptr(pid), 0, 0)
+	sid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Gettimeofday(tv *Timeval) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getuid() (uid int) {
+	r0, _, _ := RawSyscall(SYS_GETUID, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Issetugid() (tainted bool) {
+	r0, _, _ := Syscall(SYS_ISSETUGID, 0, 0, 0)
+	tainted = bool(r0 != 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Kill(pid int, signum syscall.Signal) (err error) {
+	_, _, e1 := Syscall(SYS_KILL, uintptr(pid), uintptr(signum), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Kqueue() (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_KQUEUE, 0, 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lchown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LCHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Link(path string, link string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_LINKAT, uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Listen(s int, backlog int) (err error) {
+	_, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(backlog), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lstat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LSTAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdir(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKDIR, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdirat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkfifo(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKFIFO, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkfifoat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKFIFOAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mknod(path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKNOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_MKNODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
+	_, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Open(path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall(SYS_OPEN, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pathconf(path string, name int) (val int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall(SYS_PATHCONF, uintptr(unsafe.Pointer(_p0)), uintptr(name), 0)
+	val = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pread(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PREAD, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset), uintptr(offset>>32))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PWRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset), uintptr(offset>>32))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func read(fd int, p []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Readlink(path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_READLINK, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_READLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Rename(from string, to string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_RENAME, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Renameat(fromfd int, from string, tofd int, to string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Revoke(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_REVOKE, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Rmdir(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_RMDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
+	r0, r1, e1 := Syscall6(SYS_LSEEK, uintptr(fd), 0, uintptr(offset), uintptr(offset>>32), uintptr(whence), 0)
+	newoffset = int64(int64(r1)<<32 | int64(r0))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_SELECT, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setegid(egid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETEGID, uintptr(egid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seteuid(euid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETEUID, uintptr(euid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setgid(gid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETGID, uintptr(gid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpgid(pid int, pgid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETPGID, uintptr(pid), uintptr(pgid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpriority(which int, who int, prio int) (err error) {
+	_, _, e1 := Syscall(SYS_SETPRIORITY, uintptr(which), uintptr(who), uintptr(prio))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setregid(rgid int, egid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setreuid(ruid int, euid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setrlimit(which int, lim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setsid() (pid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0)
+	pid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Settimeofday(tp *Timeval) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETTIMEOFDAY, uintptr(unsafe.Pointer(tp)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setuid(uid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETUID, uintptr(uid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Stat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Statvfs1(path string, buf *Statvfs_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STATVFS1, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(buf)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Symlink(path string, link string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SYMLINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Sync() (err error) {
+	_, _, e1 := Syscall(SYS_SYNC, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Truncate(path string, length int64) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_TRUNCATE, uintptr(unsafe.Pointer(_p0)), 0, uintptr(length), uintptr(length>>32), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Umask(newmask int) (oldmask int) {
+	r0, _, _ := Syscall(SYS_UMASK, uintptr(newmask), 0, 0)
+	oldmask = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlink(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNLINK, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlinkat(dirfd int, path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unmount(path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNMOUNT, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func write(fd int, p []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) {
+	r0, _, e1 := Syscall9(SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), 0, uintptr(pos), uintptr(pos>>32), 0)
+	ret = uintptr(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func munmap(addr uintptr, length uintptr) (err error) {
+	_, _, e1 := Syscall(SYS_MUNMAP, uintptr(addr), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func readlen(fd int, buf *byte, nbuf int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func writelen(fd int, buf *byte, nbuf int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_UTIMENSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go
new file mode 100644
index 000000000..24b4ebb41
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go
@@ -0,0 +1,1851 @@
+// go run mksyscall.go -netbsd -tags netbsd,arm64 syscall_bsd.go syscall_netbsd.go syscall_netbsd_arm64.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build netbsd,arm64
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+var _ syscall.Errno
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getgroups(ngid int, gid *_Gid_t) (n int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setgroups(ngid int, gid *_Gid_t) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) {
+	r0, _, e1 := Syscall6(SYS_WAIT4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0)
+	wpid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_BIND, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_CONNECT, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socket(domain int, typ int, proto int) (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
+	_, _, e1 := Syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
+	_, _, e1 := Syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Shutdown(s int, how int) (err error) {
+	_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(s), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
+	_, _, e1 := RawSyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_RECVFROM, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS_SENDTO, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_RECVMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_SENDMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, nevent int, timeout *Timespec) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_KEVENT, uintptr(kq), uintptr(change), uintptr(nchange), uintptr(event), uintptr(nevent), uintptr(unsafe.Pointer(timeout)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimes(path string, timeval *[2]Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UTIMES, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func futimes(fd int, timeval *[2]Timeval) (err error) {
+	_, _, e1 := Syscall(SYS_FUTIMES, uintptr(fd), uintptr(unsafe.Pointer(timeval)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Madvise(b []byte, behav int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MADVISE, uintptr(_p0), uintptr(len(b)), uintptr(behav))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlock(b []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MLOCK, uintptr(_p0), uintptr(len(b)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlockall(flags int) (err error) {
+	_, _, e1 := Syscall(SYS_MLOCKALL, uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mprotect(b []byte, prot int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MPROTECT, uintptr(_p0), uintptr(len(b)), uintptr(prot))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Msync(b []byte, flags int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MSYNC, uintptr(_p0), uintptr(len(b)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlock(b []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MUNLOCK, uintptr(_p0), uintptr(len(b)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlockall() (err error) {
+	_, _, e1 := Syscall(SYS_MUNLOCKALL, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pipe() (fd1 int, fd2 int, err error) {
+	r0, r1, e1 := RawSyscall(SYS_PIPE, 0, 0, 0)
+	fd1 = int(r0)
+	fd2 = int(r1)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getdents(fd int, buf []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_GETDENTS, uintptr(fd), uintptr(_p0), uintptr(len(buf)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getcwd(buf []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS___GETCWD, uintptr(_p0), uintptr(len(buf)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ioctl(fd int, req uint, arg uintptr) (err error) {
+	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
+	var _p0 unsafe.Pointer
+	if len(mib) > 0 {
+		_p0 = unsafe.Pointer(&mib[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Access(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_ACCESS, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Adjtime(delta *Timeval, olddelta *Timeval) (err error) {
+	_, _, e1 := Syscall(SYS_ADJTIME, uintptr(unsafe.Pointer(delta)), uintptr(unsafe.Pointer(olddelta)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chdir(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chflags(path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHFLAGS, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chmod(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHMOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chroot(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHROOT, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Close(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup(fd int) (nfd int, err error) {
+	r0, _, e1 := Syscall(SYS_DUP, uintptr(fd), 0, 0)
+	nfd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup2(from int, to int) (err error) {
+	_, _, e1 := Syscall(SYS_DUP2, uintptr(from), uintptr(to), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup3(from int, to int, flags int) (err error) {
+	_, _, e1 := Syscall(SYS_DUP3, uintptr(from), uintptr(to), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Exit(code int) {
+	Syscall(SYS_EXIT, uintptr(code), 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrGetFd(fd int, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_GET_FD, uintptr(fd), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p0)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrSetFd(fd int, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_SET_FD, uintptr(fd), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p0)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrDeleteFd(fd int, attrnamespace int, attrname string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_EXTATTR_DELETE_FD, uintptr(fd), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p0)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrListFd(fd int, attrnamespace int, data uintptr, nbytes int) (ret int, err error) {
+	r0, _, e1 := Syscall6(SYS_EXTATTR_LIST_FD, uintptr(fd), uintptr(attrnamespace), uintptr(data), uintptr(nbytes), 0, 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrGetFile(file string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(file)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_GET_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrSetFile(file string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(file)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_SET_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrDeleteFile(file string, attrnamespace int, attrname string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(file)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_EXTATTR_DELETE_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrListFile(file string, attrnamespace int, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(file)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_LIST_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(data), uintptr(nbytes), 0, 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrGetLink(link string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_GET_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrSetLink(link string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_SET_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrDeleteLink(link string, attrnamespace int, attrname string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attrname)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_EXTATTR_DELETE_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ExtattrListLink(link string, attrnamespace int, data uintptr, nbytes int) (ret int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_EXTATTR_LIST_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(data), uintptr(nbytes), 0, 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FACCESSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fadvise(fd int, offset int64, length int64, advice int) (err error) {
+	_, _, e1 := Syscall6(SYS_POSIX_FADVISE, uintptr(fd), 0, uintptr(offset), 0, uintptr(length), uintptr(advice))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchdir(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHDIR, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchflags(fd int, flags int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHFLAGS, uintptr(fd), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmod(fd int, mode uint32) (err error) {
+	_, _, e1 := Syscall(SYS_FCHMOD, uintptr(fd), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FCHMODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchown(fd int, uid int, gid int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Flock(fd int, how int) (err error) {
+	_, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fpathconf(fd int, name int) (val int, err error) {
+	r0, _, e1 := Syscall(SYS_FPATHCONF, uintptr(fd), uintptr(name), 0)
+	val = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstat(fd int, stat *Stat_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FSTATAT, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatvfs1(fd int, buf *Statvfs_t, flags int) (err error) {
+	_, _, e1 := Syscall(SYS_FSTATVFS1, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fsync(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ftruncate(fd int, length int64) (err error) {
+	_, _, e1 := Syscall(SYS_FTRUNCATE, uintptr(fd), 0, uintptr(length))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getegid() (egid int) {
+	r0, _, _ := RawSyscall(SYS_GETEGID, 0, 0, 0)
+	egid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Geteuid() (uid int) {
+	r0, _, _ := RawSyscall(SYS_GETEUID, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getgid() (gid int) {
+	r0, _, _ := RawSyscall(SYS_GETGID, 0, 0, 0)
+	gid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgid(pid int) (pgid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETPGID, uintptr(pid), 0, 0)
+	pgid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgrp() (pgrp int) {
+	r0, _, _ := RawSyscall(SYS_GETPGRP, 0, 0, 0)
+	pgrp = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpid() (pid int) {
+	r0, _, _ := RawSyscall(SYS_GETPID, 0, 0, 0)
+	pid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getppid() (ppid int) {
+	r0, _, _ := RawSyscall(SYS_GETPPID, 0, 0, 0)
+	ppid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpriority(which int, who int) (prio int, err error) {
+	r0, _, e1 := Syscall(SYS_GETPRIORITY, uintptr(which), uintptr(who), 0)
+	prio = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrlimit(which int, lim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrusage(who int, rusage *Rusage) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getsid(pid int) (sid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETSID, uintptr(pid), 0, 0)
+	sid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Gettimeofday(tv *Timeval) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getuid() (uid int) {
+	r0, _, _ := RawSyscall(SYS_GETUID, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Issetugid() (tainted bool) {
+	r0, _, _ := Syscall(SYS_ISSETUGID, 0, 0, 0)
+	tainted = bool(r0 != 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Kill(pid int, signum syscall.Signal) (err error) {
+	_, _, e1 := Syscall(SYS_KILL, uintptr(pid), uintptr(signum), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Kqueue() (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_KQUEUE, 0, 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lchown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LCHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Link(path string, link string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_LINKAT, uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Listen(s int, backlog int) (err error) {
+	_, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(backlog), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lstat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LSTAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdir(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKDIR, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdirat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkfifo(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKFIFO, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkfifoat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKFIFOAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mknod(path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKNOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_MKNODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
+	_, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Open(path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall(SYS_OPEN, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pathconf(path string, name int) (val int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall(SYS_PATHCONF, uintptr(unsafe.Pointer(_p0)), uintptr(name), 0)
+	val = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pread(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PREAD, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PWRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func read(fd int, p []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Readlink(path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_READLINK, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_READLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Rename(from string, to string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_RENAME, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Renameat(fromfd int, from string, tofd int, to string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Revoke(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_REVOKE, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Rmdir(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_RMDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
+	r0, _, e1 := Syscall6(SYS_LSEEK, uintptr(fd), 0, uintptr(offset), uintptr(whence), 0, 0)
+	newoffset = int64(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_SELECT, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setegid(egid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETEGID, uintptr(egid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seteuid(euid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETEUID, uintptr(euid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setgid(gid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETGID, uintptr(gid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpgid(pid int, pgid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETPGID, uintptr(pid), uintptr(pgid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpriority(which int, who int, prio int) (err error) {
+	_, _, e1 := Syscall(SYS_SETPRIORITY, uintptr(which), uintptr(who), uintptr(prio))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setregid(rgid int, egid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setreuid(ruid int, euid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setrlimit(which int, lim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setsid() (pid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0)
+	pid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Settimeofday(tp *Timeval) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETTIMEOFDAY, uintptr(unsafe.Pointer(tp)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setuid(uid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETUID, uintptr(uid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Stat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Statvfs1(path string, buf *Statvfs_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STATVFS1, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(buf)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Symlink(path string, link string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SYMLINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Sync() (err error) {
+	_, _, e1 := Syscall(SYS_SYNC, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Truncate(path string, length int64) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_TRUNCATE, uintptr(unsafe.Pointer(_p0)), 0, uintptr(length))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Umask(newmask int) (oldmask int) {
+	r0, _, _ := Syscall(SYS_UMASK, uintptr(newmask), 0, 0)
+	oldmask = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlink(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNLINK, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlinkat(dirfd int, path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unmount(path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNMOUNT, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func write(fd int, p []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) {
+	r0, _, e1 := Syscall9(SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), 0, uintptr(pos), 0, 0)
+	ret = uintptr(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func munmap(addr uintptr, length uintptr) (err error) {
+	_, _, e1 := Syscall(SYS_MUNMAP, uintptr(addr), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func readlen(fd int, buf *byte, nbuf int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func writelen(fd int, buf *byte, nbuf int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_UTIMENSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go
new file mode 100644
index 000000000..b44b31aeb
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go
@@ -0,0 +1,1692 @@
+// go run mksyscall.go -l32 -openbsd -tags openbsd,386 syscall_bsd.go syscall_openbsd.go syscall_openbsd_386.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build openbsd,386
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+var _ syscall.Errno
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getgroups(ngid int, gid *_Gid_t) (n int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setgroups(ngid int, gid *_Gid_t) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) {
+	r0, _, e1 := Syscall6(SYS_WAIT4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0)
+	wpid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_BIND, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_CONNECT, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socket(domain int, typ int, proto int) (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
+	_, _, e1 := Syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
+	_, _, e1 := Syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Shutdown(s int, how int) (err error) {
+	_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(s), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
+	_, _, e1 := RawSyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_RECVFROM, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS_SENDTO, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_RECVMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_SENDMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, nevent int, timeout *Timespec) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_KEVENT, uintptr(kq), uintptr(change), uintptr(nchange), uintptr(event), uintptr(nevent), uintptr(unsafe.Pointer(timeout)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimes(path string, timeval *[2]Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UTIMES, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func futimes(fd int, timeval *[2]Timeval) (err error) {
+	_, _, e1 := Syscall(SYS_FUTIMES, uintptr(fd), uintptr(unsafe.Pointer(timeval)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Madvise(b []byte, behav int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MADVISE, uintptr(_p0), uintptr(len(b)), uintptr(behav))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlock(b []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MLOCK, uintptr(_p0), uintptr(len(b)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlockall(flags int) (err error) {
+	_, _, e1 := Syscall(SYS_MLOCKALL, uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mprotect(b []byte, prot int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MPROTECT, uintptr(_p0), uintptr(len(b)), uintptr(prot))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Msync(b []byte, flags int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MSYNC, uintptr(_p0), uintptr(len(b)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlock(b []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MUNLOCK, uintptr(_p0), uintptr(len(b)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlockall() (err error) {
+	_, _, e1 := Syscall(SYS_MUNLOCKALL, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pipe2(p *[2]_C_int, flags int) (err error) {
+	_, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getdents(fd int, buf []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_GETDENTS, uintptr(fd), uintptr(_p0), uintptr(len(buf)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getcwd(buf []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS___GETCWD, uintptr(_p0), uintptr(len(buf)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ioctl(fd int, req uint, arg uintptr) (err error) {
+	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
+	var _p0 unsafe.Pointer
+	if len(mib) > 0 {
+		_p0 = unsafe.Pointer(&mib[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_PPOLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Access(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_ACCESS, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Adjtime(delta *Timeval, olddelta *Timeval) (err error) {
+	_, _, e1 := Syscall(SYS_ADJTIME, uintptr(unsafe.Pointer(delta)), uintptr(unsafe.Pointer(olddelta)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chdir(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chflags(path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHFLAGS, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chmod(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHMOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chroot(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHROOT, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Close(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup(fd int) (nfd int, err error) {
+	r0, _, e1 := Syscall(SYS_DUP, uintptr(fd), 0, 0)
+	nfd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup2(from int, to int) (err error) {
+	_, _, e1 := Syscall(SYS_DUP2, uintptr(from), uintptr(to), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup3(from int, to int, flags int) (err error) {
+	_, _, e1 := Syscall(SYS_DUP3, uintptr(from), uintptr(to), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Exit(code int) {
+	Syscall(SYS_EXIT, uintptr(code), 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FACCESSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchdir(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHDIR, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchflags(fd int, flags int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHFLAGS, uintptr(fd), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmod(fd int, mode uint32) (err error) {
+	_, _, e1 := Syscall(SYS_FCHMOD, uintptr(fd), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FCHMODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchown(fd int, uid int, gid int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Flock(fd int, how int) (err error) {
+	_, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fpathconf(fd int, name int) (val int, err error) {
+	r0, _, e1 := Syscall(SYS_FPATHCONF, uintptr(fd), uintptr(name), 0)
+	val = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstat(fd int, stat *Stat_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FSTATAT, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatfs(fd int, stat *Statfs_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTATFS, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fsync(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ftruncate(fd int, length int64) (err error) {
+	_, _, e1 := Syscall6(SYS_FTRUNCATE, uintptr(fd), 0, uintptr(length), uintptr(length>>32), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getegid() (egid int) {
+	r0, _, _ := RawSyscall(SYS_GETEGID, 0, 0, 0)
+	egid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Geteuid() (uid int) {
+	r0, _, _ := RawSyscall(SYS_GETEUID, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getgid() (gid int) {
+	r0, _, _ := RawSyscall(SYS_GETGID, 0, 0, 0)
+	gid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgid(pid int) (pgid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETPGID, uintptr(pid), 0, 0)
+	pgid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgrp() (pgrp int) {
+	r0, _, _ := RawSyscall(SYS_GETPGRP, 0, 0, 0)
+	pgrp = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpid() (pid int) {
+	r0, _, _ := RawSyscall(SYS_GETPID, 0, 0, 0)
+	pid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getppid() (ppid int) {
+	r0, _, _ := RawSyscall(SYS_GETPPID, 0, 0, 0)
+	ppid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpriority(which int, who int) (prio int, err error) {
+	r0, _, e1 := Syscall(SYS_GETPRIORITY, uintptr(which), uintptr(who), 0)
+	prio = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrlimit(which int, lim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrtable() (rtable int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETRTABLE, 0, 0, 0)
+	rtable = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrusage(who int, rusage *Rusage) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getsid(pid int) (sid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETSID, uintptr(pid), 0, 0)
+	sid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Gettimeofday(tv *Timeval) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getuid() (uid int) {
+	r0, _, _ := RawSyscall(SYS_GETUID, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Issetugid() (tainted bool) {
+	r0, _, _ := Syscall(SYS_ISSETUGID, 0, 0, 0)
+	tainted = bool(r0 != 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Kill(pid int, signum syscall.Signal) (err error) {
+	_, _, e1 := Syscall(SYS_KILL, uintptr(pid), uintptr(signum), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Kqueue() (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_KQUEUE, 0, 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lchown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LCHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Link(path string, link string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_LINKAT, uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Listen(s int, backlog int) (err error) {
+	_, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(backlog), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lstat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LSTAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdir(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKDIR, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdirat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkfifo(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKFIFO, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkfifoat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKFIFOAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mknod(path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKNOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_MKNODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
+	_, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Open(path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall(SYS_OPEN, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pathconf(path string, name int) (val int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall(SYS_PATHCONF, uintptr(unsafe.Pointer(_p0)), uintptr(name), 0)
+	val = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pread(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PREAD, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset), uintptr(offset>>32))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PWRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset), uintptr(offset>>32))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func read(fd int, p []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Readlink(path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_READLINK, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_READLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Rename(from string, to string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_RENAME, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Renameat(fromfd int, from string, tofd int, to string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Revoke(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_REVOKE, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Rmdir(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_RMDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
+	r0, r1, e1 := Syscall6(SYS_LSEEK, uintptr(fd), 0, uintptr(offset), uintptr(offset>>32), uintptr(whence), 0)
+	newoffset = int64(int64(r1)<<32 | int64(r0))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_SELECT, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setegid(egid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETEGID, uintptr(egid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seteuid(euid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETEUID, uintptr(euid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setgid(gid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETGID, uintptr(gid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setlogin(name string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(name)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SETLOGIN, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpgid(pid int, pgid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETPGID, uintptr(pid), uintptr(pgid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpriority(which int, who int, prio int) (err error) {
+	_, _, e1 := Syscall(SYS_SETPRIORITY, uintptr(which), uintptr(who), uintptr(prio))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setregid(rgid int, egid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setreuid(ruid int, euid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresgid(rgid int, egid int, sgid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresuid(ruid int, euid int, suid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setrlimit(which int, lim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setrtable(rtable int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRTABLE, uintptr(rtable), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setsid() (pid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0)
+	pid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Settimeofday(tp *Timeval) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETTIMEOFDAY, uintptr(unsafe.Pointer(tp)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setuid(uid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETUID, uintptr(uid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Stat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Statfs(path string, stat *Statfs_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STATFS, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Symlink(path string, link string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SYMLINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Sync() (err error) {
+	_, _, e1 := Syscall(SYS_SYNC, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Truncate(path string, length int64) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_TRUNCATE, uintptr(unsafe.Pointer(_p0)), 0, uintptr(length), uintptr(length>>32), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Umask(newmask int) (oldmask int) {
+	r0, _, _ := Syscall(SYS_UMASK, uintptr(newmask), 0, 0)
+	oldmask = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlink(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNLINK, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlinkat(dirfd int, path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unmount(path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNMOUNT, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func write(fd int, p []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) {
+	r0, _, e1 := Syscall9(SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), 0, uintptr(pos), uintptr(pos>>32), 0)
+	ret = uintptr(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func munmap(addr uintptr, length uintptr) (err error) {
+	_, _, e1 := Syscall(SYS_MUNMAP, uintptr(addr), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func readlen(fd int, buf *byte, nbuf int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func writelen(fd int, buf *byte, nbuf int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_UTIMENSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go
new file mode 100644
index 000000000..67f93ee76
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go
@@ -0,0 +1,1692 @@
+// go run mksyscall.go -openbsd -tags openbsd,amd64 syscall_bsd.go syscall_openbsd.go syscall_openbsd_amd64.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build openbsd,amd64
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+var _ syscall.Errno
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getgroups(ngid int, gid *_Gid_t) (n int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setgroups(ngid int, gid *_Gid_t) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) {
+	r0, _, e1 := Syscall6(SYS_WAIT4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0)
+	wpid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_BIND, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_CONNECT, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socket(domain int, typ int, proto int) (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
+	_, _, e1 := Syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
+	_, _, e1 := Syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Shutdown(s int, how int) (err error) {
+	_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(s), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
+	_, _, e1 := RawSyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_RECVFROM, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS_SENDTO, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_RECVMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_SENDMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, nevent int, timeout *Timespec) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_KEVENT, uintptr(kq), uintptr(change), uintptr(nchange), uintptr(event), uintptr(nevent), uintptr(unsafe.Pointer(timeout)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimes(path string, timeval *[2]Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UTIMES, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func futimes(fd int, timeval *[2]Timeval) (err error) {
+	_, _, e1 := Syscall(SYS_FUTIMES, uintptr(fd), uintptr(unsafe.Pointer(timeval)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Madvise(b []byte, behav int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MADVISE, uintptr(_p0), uintptr(len(b)), uintptr(behav))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlock(b []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MLOCK, uintptr(_p0), uintptr(len(b)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlockall(flags int) (err error) {
+	_, _, e1 := Syscall(SYS_MLOCKALL, uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mprotect(b []byte, prot int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MPROTECT, uintptr(_p0), uintptr(len(b)), uintptr(prot))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Msync(b []byte, flags int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MSYNC, uintptr(_p0), uintptr(len(b)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlock(b []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MUNLOCK, uintptr(_p0), uintptr(len(b)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlockall() (err error) {
+	_, _, e1 := Syscall(SYS_MUNLOCKALL, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pipe2(p *[2]_C_int, flags int) (err error) {
+	_, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getdents(fd int, buf []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_GETDENTS, uintptr(fd), uintptr(_p0), uintptr(len(buf)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getcwd(buf []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS___GETCWD, uintptr(_p0), uintptr(len(buf)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ioctl(fd int, req uint, arg uintptr) (err error) {
+	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
+	var _p0 unsafe.Pointer
+	if len(mib) > 0 {
+		_p0 = unsafe.Pointer(&mib[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_PPOLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Access(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_ACCESS, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Adjtime(delta *Timeval, olddelta *Timeval) (err error) {
+	_, _, e1 := Syscall(SYS_ADJTIME, uintptr(unsafe.Pointer(delta)), uintptr(unsafe.Pointer(olddelta)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chdir(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chflags(path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHFLAGS, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chmod(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHMOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chroot(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHROOT, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Close(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup(fd int) (nfd int, err error) {
+	r0, _, e1 := Syscall(SYS_DUP, uintptr(fd), 0, 0)
+	nfd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup2(from int, to int) (err error) {
+	_, _, e1 := Syscall(SYS_DUP2, uintptr(from), uintptr(to), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup3(from int, to int, flags int) (err error) {
+	_, _, e1 := Syscall(SYS_DUP3, uintptr(from), uintptr(to), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Exit(code int) {
+	Syscall(SYS_EXIT, uintptr(code), 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FACCESSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchdir(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHDIR, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchflags(fd int, flags int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHFLAGS, uintptr(fd), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmod(fd int, mode uint32) (err error) {
+	_, _, e1 := Syscall(SYS_FCHMOD, uintptr(fd), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FCHMODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchown(fd int, uid int, gid int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Flock(fd int, how int) (err error) {
+	_, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fpathconf(fd int, name int) (val int, err error) {
+	r0, _, e1 := Syscall(SYS_FPATHCONF, uintptr(fd), uintptr(name), 0)
+	val = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstat(fd int, stat *Stat_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FSTATAT, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatfs(fd int, stat *Statfs_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTATFS, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fsync(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ftruncate(fd int, length int64) (err error) {
+	_, _, e1 := Syscall(SYS_FTRUNCATE, uintptr(fd), 0, uintptr(length))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getegid() (egid int) {
+	r0, _, _ := RawSyscall(SYS_GETEGID, 0, 0, 0)
+	egid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Geteuid() (uid int) {
+	r0, _, _ := RawSyscall(SYS_GETEUID, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getgid() (gid int) {
+	r0, _, _ := RawSyscall(SYS_GETGID, 0, 0, 0)
+	gid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgid(pid int) (pgid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETPGID, uintptr(pid), 0, 0)
+	pgid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgrp() (pgrp int) {
+	r0, _, _ := RawSyscall(SYS_GETPGRP, 0, 0, 0)
+	pgrp = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpid() (pid int) {
+	r0, _, _ := RawSyscall(SYS_GETPID, 0, 0, 0)
+	pid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getppid() (ppid int) {
+	r0, _, _ := RawSyscall(SYS_GETPPID, 0, 0, 0)
+	ppid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpriority(which int, who int) (prio int, err error) {
+	r0, _, e1 := Syscall(SYS_GETPRIORITY, uintptr(which), uintptr(who), 0)
+	prio = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrlimit(which int, lim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrtable() (rtable int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETRTABLE, 0, 0, 0)
+	rtable = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrusage(who int, rusage *Rusage) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getsid(pid int) (sid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETSID, uintptr(pid), 0, 0)
+	sid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Gettimeofday(tv *Timeval) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getuid() (uid int) {
+	r0, _, _ := RawSyscall(SYS_GETUID, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Issetugid() (tainted bool) {
+	r0, _, _ := Syscall(SYS_ISSETUGID, 0, 0, 0)
+	tainted = bool(r0 != 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Kill(pid int, signum syscall.Signal) (err error) {
+	_, _, e1 := Syscall(SYS_KILL, uintptr(pid), uintptr(signum), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Kqueue() (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_KQUEUE, 0, 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lchown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LCHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Link(path string, link string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_LINKAT, uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Listen(s int, backlog int) (err error) {
+	_, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(backlog), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lstat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LSTAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdir(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKDIR, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdirat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkfifo(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKFIFO, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkfifoat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKFIFOAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mknod(path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKNOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_MKNODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
+	_, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Open(path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall(SYS_OPEN, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pathconf(path string, name int) (val int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall(SYS_PATHCONF, uintptr(unsafe.Pointer(_p0)), uintptr(name), 0)
+	val = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pread(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PREAD, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PWRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func read(fd int, p []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Readlink(path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_READLINK, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_READLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Rename(from string, to string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_RENAME, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Renameat(fromfd int, from string, tofd int, to string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Revoke(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_REVOKE, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Rmdir(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_RMDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
+	r0, _, e1 := Syscall6(SYS_LSEEK, uintptr(fd), 0, uintptr(offset), uintptr(whence), 0, 0)
+	newoffset = int64(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_SELECT, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setegid(egid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETEGID, uintptr(egid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seteuid(euid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETEUID, uintptr(euid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setgid(gid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETGID, uintptr(gid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setlogin(name string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(name)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SETLOGIN, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpgid(pid int, pgid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETPGID, uintptr(pid), uintptr(pgid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpriority(which int, who int, prio int) (err error) {
+	_, _, e1 := Syscall(SYS_SETPRIORITY, uintptr(which), uintptr(who), uintptr(prio))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setregid(rgid int, egid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setreuid(ruid int, euid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresgid(rgid int, egid int, sgid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresuid(ruid int, euid int, suid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setrlimit(which int, lim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setrtable(rtable int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRTABLE, uintptr(rtable), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setsid() (pid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0)
+	pid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Settimeofday(tp *Timeval) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETTIMEOFDAY, uintptr(unsafe.Pointer(tp)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setuid(uid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETUID, uintptr(uid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Stat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Statfs(path string, stat *Statfs_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STATFS, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Symlink(path string, link string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SYMLINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Sync() (err error) {
+	_, _, e1 := Syscall(SYS_SYNC, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Truncate(path string, length int64) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_TRUNCATE, uintptr(unsafe.Pointer(_p0)), 0, uintptr(length))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Umask(newmask int) (oldmask int) {
+	r0, _, _ := Syscall(SYS_UMASK, uintptr(newmask), 0, 0)
+	oldmask = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlink(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNLINK, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlinkat(dirfd int, path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unmount(path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNMOUNT, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func write(fd int, p []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) {
+	r0, _, e1 := Syscall9(SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), 0, uintptr(pos), 0, 0)
+	ret = uintptr(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func munmap(addr uintptr, length uintptr) (err error) {
+	_, _, e1 := Syscall(SYS_MUNMAP, uintptr(addr), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func readlen(fd int, buf *byte, nbuf int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func writelen(fd int, buf *byte, nbuf int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_UTIMENSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go
new file mode 100644
index 000000000..d7c878b1d
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go
@@ -0,0 +1,1692 @@
+// go run mksyscall.go -l32 -openbsd -arm -tags openbsd,arm syscall_bsd.go syscall_openbsd.go syscall_openbsd_arm.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build openbsd,arm
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+var _ syscall.Errno
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getgroups(ngid int, gid *_Gid_t) (n int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setgroups(ngid int, gid *_Gid_t) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) {
+	r0, _, e1 := Syscall6(SYS_WAIT4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0)
+	wpid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_BIND, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_CONNECT, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socket(domain int, typ int, proto int) (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
+	_, _, e1 := Syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
+	_, _, e1 := Syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Shutdown(s int, how int) (err error) {
+	_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(s), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
+	_, _, e1 := RawSyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_RECVFROM, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS_SENDTO, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_RECVMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_SENDMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, nevent int, timeout *Timespec) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_KEVENT, uintptr(kq), uintptr(change), uintptr(nchange), uintptr(event), uintptr(nevent), uintptr(unsafe.Pointer(timeout)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimes(path string, timeval *[2]Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UTIMES, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func futimes(fd int, timeval *[2]Timeval) (err error) {
+	_, _, e1 := Syscall(SYS_FUTIMES, uintptr(fd), uintptr(unsafe.Pointer(timeval)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Madvise(b []byte, behav int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MADVISE, uintptr(_p0), uintptr(len(b)), uintptr(behav))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlock(b []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MLOCK, uintptr(_p0), uintptr(len(b)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlockall(flags int) (err error) {
+	_, _, e1 := Syscall(SYS_MLOCKALL, uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mprotect(b []byte, prot int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MPROTECT, uintptr(_p0), uintptr(len(b)), uintptr(prot))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Msync(b []byte, flags int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MSYNC, uintptr(_p0), uintptr(len(b)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlock(b []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MUNLOCK, uintptr(_p0), uintptr(len(b)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlockall() (err error) {
+	_, _, e1 := Syscall(SYS_MUNLOCKALL, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pipe2(p *[2]_C_int, flags int) (err error) {
+	_, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getdents(fd int, buf []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_GETDENTS, uintptr(fd), uintptr(_p0), uintptr(len(buf)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getcwd(buf []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS___GETCWD, uintptr(_p0), uintptr(len(buf)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ioctl(fd int, req uint, arg uintptr) (err error) {
+	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
+	var _p0 unsafe.Pointer
+	if len(mib) > 0 {
+		_p0 = unsafe.Pointer(&mib[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_PPOLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Access(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_ACCESS, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Adjtime(delta *Timeval, olddelta *Timeval) (err error) {
+	_, _, e1 := Syscall(SYS_ADJTIME, uintptr(unsafe.Pointer(delta)), uintptr(unsafe.Pointer(olddelta)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chdir(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chflags(path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHFLAGS, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chmod(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHMOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chroot(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHROOT, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Close(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup(fd int) (nfd int, err error) {
+	r0, _, e1 := Syscall(SYS_DUP, uintptr(fd), 0, 0)
+	nfd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup2(from int, to int) (err error) {
+	_, _, e1 := Syscall(SYS_DUP2, uintptr(from), uintptr(to), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup3(from int, to int, flags int) (err error) {
+	_, _, e1 := Syscall(SYS_DUP3, uintptr(from), uintptr(to), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Exit(code int) {
+	Syscall(SYS_EXIT, uintptr(code), 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FACCESSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchdir(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHDIR, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchflags(fd int, flags int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHFLAGS, uintptr(fd), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmod(fd int, mode uint32) (err error) {
+	_, _, e1 := Syscall(SYS_FCHMOD, uintptr(fd), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FCHMODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchown(fd int, uid int, gid int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Flock(fd int, how int) (err error) {
+	_, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fpathconf(fd int, name int) (val int, err error) {
+	r0, _, e1 := Syscall(SYS_FPATHCONF, uintptr(fd), uintptr(name), 0)
+	val = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstat(fd int, stat *Stat_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FSTATAT, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatfs(fd int, stat *Statfs_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTATFS, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fsync(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ftruncate(fd int, length int64) (err error) {
+	_, _, e1 := Syscall6(SYS_FTRUNCATE, uintptr(fd), 0, uintptr(length), uintptr(length>>32), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getegid() (egid int) {
+	r0, _, _ := RawSyscall(SYS_GETEGID, 0, 0, 0)
+	egid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Geteuid() (uid int) {
+	r0, _, _ := RawSyscall(SYS_GETEUID, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getgid() (gid int) {
+	r0, _, _ := RawSyscall(SYS_GETGID, 0, 0, 0)
+	gid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgid(pid int) (pgid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETPGID, uintptr(pid), 0, 0)
+	pgid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgrp() (pgrp int) {
+	r0, _, _ := RawSyscall(SYS_GETPGRP, 0, 0, 0)
+	pgrp = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpid() (pid int) {
+	r0, _, _ := RawSyscall(SYS_GETPID, 0, 0, 0)
+	pid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getppid() (ppid int) {
+	r0, _, _ := RawSyscall(SYS_GETPPID, 0, 0, 0)
+	ppid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpriority(which int, who int) (prio int, err error) {
+	r0, _, e1 := Syscall(SYS_GETPRIORITY, uintptr(which), uintptr(who), 0)
+	prio = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrlimit(which int, lim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrtable() (rtable int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETRTABLE, 0, 0, 0)
+	rtable = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrusage(who int, rusage *Rusage) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getsid(pid int) (sid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETSID, uintptr(pid), 0, 0)
+	sid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Gettimeofday(tv *Timeval) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getuid() (uid int) {
+	r0, _, _ := RawSyscall(SYS_GETUID, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Issetugid() (tainted bool) {
+	r0, _, _ := Syscall(SYS_ISSETUGID, 0, 0, 0)
+	tainted = bool(r0 != 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Kill(pid int, signum syscall.Signal) (err error) {
+	_, _, e1 := Syscall(SYS_KILL, uintptr(pid), uintptr(signum), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Kqueue() (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_KQUEUE, 0, 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lchown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LCHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Link(path string, link string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_LINKAT, uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Listen(s int, backlog int) (err error) {
+	_, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(backlog), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lstat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LSTAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdir(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKDIR, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdirat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkfifo(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKFIFO, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkfifoat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKFIFOAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mknod(path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKNOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_MKNODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
+	_, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Open(path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall(SYS_OPEN, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pathconf(path string, name int) (val int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall(SYS_PATHCONF, uintptr(unsafe.Pointer(_p0)), uintptr(name), 0)
+	val = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pread(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PREAD, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset), uintptr(offset>>32))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PWRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset), uintptr(offset>>32))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func read(fd int, p []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Readlink(path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_READLINK, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_READLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Rename(from string, to string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_RENAME, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Renameat(fromfd int, from string, tofd int, to string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Revoke(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_REVOKE, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Rmdir(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_RMDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
+	r0, r1, e1 := Syscall6(SYS_LSEEK, uintptr(fd), 0, uintptr(offset), uintptr(offset>>32), uintptr(whence), 0)
+	newoffset = int64(int64(r1)<<32 | int64(r0))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_SELECT, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setegid(egid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETEGID, uintptr(egid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seteuid(euid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETEUID, uintptr(euid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setgid(gid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETGID, uintptr(gid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setlogin(name string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(name)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SETLOGIN, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpgid(pid int, pgid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETPGID, uintptr(pid), uintptr(pgid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpriority(which int, who int, prio int) (err error) {
+	_, _, e1 := Syscall(SYS_SETPRIORITY, uintptr(which), uintptr(who), uintptr(prio))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setregid(rgid int, egid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setreuid(ruid int, euid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresgid(rgid int, egid int, sgid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresuid(ruid int, euid int, suid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setrlimit(which int, lim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setrtable(rtable int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRTABLE, uintptr(rtable), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setsid() (pid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0)
+	pid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Settimeofday(tp *Timeval) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETTIMEOFDAY, uintptr(unsafe.Pointer(tp)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setuid(uid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETUID, uintptr(uid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Stat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Statfs(path string, stat *Statfs_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STATFS, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Symlink(path string, link string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SYMLINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Sync() (err error) {
+	_, _, e1 := Syscall(SYS_SYNC, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Truncate(path string, length int64) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_TRUNCATE, uintptr(unsafe.Pointer(_p0)), 0, uintptr(length), uintptr(length>>32), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Umask(newmask int) (oldmask int) {
+	r0, _, _ := Syscall(SYS_UMASK, uintptr(newmask), 0, 0)
+	oldmask = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlink(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNLINK, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlinkat(dirfd int, path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unmount(path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNMOUNT, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func write(fd int, p []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) {
+	r0, _, e1 := Syscall9(SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), 0, uintptr(pos), uintptr(pos>>32), 0)
+	ret = uintptr(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func munmap(addr uintptr, length uintptr) (err error) {
+	_, _, e1 := Syscall(SYS_MUNMAP, uintptr(addr), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func readlen(fd int, buf *byte, nbuf int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func writelen(fd int, buf *byte, nbuf int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_UTIMENSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go
new file mode 100644
index 000000000..8facd695d
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go
@@ -0,0 +1,1692 @@
+// go run mksyscall.go -openbsd -tags openbsd,arm64 syscall_bsd.go syscall_openbsd.go syscall_openbsd_arm64.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build openbsd,arm64
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+var _ syscall.Errno
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getgroups(ngid int, gid *_Gid_t) (n int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setgroups(ngid int, gid *_Gid_t) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) {
+	r0, _, e1 := Syscall6(SYS_WAIT4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0)
+	wpid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_BIND, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_CONNECT, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socket(domain int, typ int, proto int) (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
+	_, _, e1 := Syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
+	_, _, e1 := Syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Shutdown(s int, how int) (err error) {
+	_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(s), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
+	_, _, e1 := RawSyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_RECVFROM, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS_SENDTO, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_RECVMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_SENDMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, nevent int, timeout *Timespec) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_KEVENT, uintptr(kq), uintptr(change), uintptr(nchange), uintptr(event), uintptr(nevent), uintptr(unsafe.Pointer(timeout)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimes(path string, timeval *[2]Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UTIMES, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func futimes(fd int, timeval *[2]Timeval) (err error) {
+	_, _, e1 := Syscall(SYS_FUTIMES, uintptr(fd), uintptr(unsafe.Pointer(timeval)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Madvise(b []byte, behav int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MADVISE, uintptr(_p0), uintptr(len(b)), uintptr(behav))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlock(b []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MLOCK, uintptr(_p0), uintptr(len(b)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlockall(flags int) (err error) {
+	_, _, e1 := Syscall(SYS_MLOCKALL, uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mprotect(b []byte, prot int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MPROTECT, uintptr(_p0), uintptr(len(b)), uintptr(prot))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Msync(b []byte, flags int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MSYNC, uintptr(_p0), uintptr(len(b)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlock(b []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MUNLOCK, uintptr(_p0), uintptr(len(b)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlockall() (err error) {
+	_, _, e1 := Syscall(SYS_MUNLOCKALL, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pipe2(p *[2]_C_int, flags int) (err error) {
+	_, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getdents(fd int, buf []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_GETDENTS, uintptr(fd), uintptr(_p0), uintptr(len(buf)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getcwd(buf []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS___GETCWD, uintptr(_p0), uintptr(len(buf)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ioctl(fd int, req uint, arg uintptr) (err error) {
+	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
+	var _p0 unsafe.Pointer
+	if len(mib) > 0 {
+		_p0 = unsafe.Pointer(&mib[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_PPOLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Access(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_ACCESS, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Adjtime(delta *Timeval, olddelta *Timeval) (err error) {
+	_, _, e1 := Syscall(SYS_ADJTIME, uintptr(unsafe.Pointer(delta)), uintptr(unsafe.Pointer(olddelta)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chdir(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chflags(path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHFLAGS, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chmod(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHMOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chroot(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHROOT, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Close(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup(fd int) (nfd int, err error) {
+	r0, _, e1 := Syscall(SYS_DUP, uintptr(fd), 0, 0)
+	nfd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup2(from int, to int) (err error) {
+	_, _, e1 := Syscall(SYS_DUP2, uintptr(from), uintptr(to), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup3(from int, to int, flags int) (err error) {
+	_, _, e1 := Syscall(SYS_DUP3, uintptr(from), uintptr(to), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Exit(code int) {
+	Syscall(SYS_EXIT, uintptr(code), 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FACCESSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchdir(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHDIR, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchflags(fd int, flags int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHFLAGS, uintptr(fd), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmod(fd int, mode uint32) (err error) {
+	_, _, e1 := Syscall(SYS_FCHMOD, uintptr(fd), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FCHMODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchown(fd int, uid int, gid int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Flock(fd int, how int) (err error) {
+	_, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fpathconf(fd int, name int) (val int, err error) {
+	r0, _, e1 := Syscall(SYS_FPATHCONF, uintptr(fd), uintptr(name), 0)
+	val = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstat(fd int, stat *Stat_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FSTATAT, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatfs(fd int, stat *Statfs_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTATFS, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fsync(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ftruncate(fd int, length int64) (err error) {
+	_, _, e1 := Syscall(SYS_FTRUNCATE, uintptr(fd), 0, uintptr(length))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getegid() (egid int) {
+	r0, _, _ := RawSyscall(SYS_GETEGID, 0, 0, 0)
+	egid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Geteuid() (uid int) {
+	r0, _, _ := RawSyscall(SYS_GETEUID, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getgid() (gid int) {
+	r0, _, _ := RawSyscall(SYS_GETGID, 0, 0, 0)
+	gid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgid(pid int) (pgid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETPGID, uintptr(pid), 0, 0)
+	pgid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgrp() (pgrp int) {
+	r0, _, _ := RawSyscall(SYS_GETPGRP, 0, 0, 0)
+	pgrp = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpid() (pid int) {
+	r0, _, _ := RawSyscall(SYS_GETPID, 0, 0, 0)
+	pid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getppid() (ppid int) {
+	r0, _, _ := RawSyscall(SYS_GETPPID, 0, 0, 0)
+	ppid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpriority(which int, who int) (prio int, err error) {
+	r0, _, e1 := Syscall(SYS_GETPRIORITY, uintptr(which), uintptr(who), 0)
+	prio = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrlimit(which int, lim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrtable() (rtable int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETRTABLE, 0, 0, 0)
+	rtable = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrusage(who int, rusage *Rusage) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getsid(pid int) (sid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETSID, uintptr(pid), 0, 0)
+	sid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Gettimeofday(tv *Timeval) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getuid() (uid int) {
+	r0, _, _ := RawSyscall(SYS_GETUID, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Issetugid() (tainted bool) {
+	r0, _, _ := Syscall(SYS_ISSETUGID, 0, 0, 0)
+	tainted = bool(r0 != 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Kill(pid int, signum syscall.Signal) (err error) {
+	_, _, e1 := Syscall(SYS_KILL, uintptr(pid), uintptr(signum), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Kqueue() (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_KQUEUE, 0, 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lchown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LCHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Link(path string, link string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_LINKAT, uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Listen(s int, backlog int) (err error) {
+	_, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(backlog), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lstat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LSTAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdir(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKDIR, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdirat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkfifo(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKFIFO, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkfifoat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKFIFOAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mknod(path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKNOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_MKNODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
+	_, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Open(path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall(SYS_OPEN, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pathconf(path string, name int) (val int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall(SYS_PATHCONF, uintptr(unsafe.Pointer(_p0)), uintptr(name), 0)
+	val = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pread(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PREAD, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PWRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func read(fd int, p []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Readlink(path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_READLINK, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_READLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Rename(from string, to string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_RENAME, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Renameat(fromfd int, from string, tofd int, to string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Revoke(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_REVOKE, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Rmdir(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_RMDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
+	r0, _, e1 := Syscall6(SYS_LSEEK, uintptr(fd), 0, uintptr(offset), uintptr(whence), 0, 0)
+	newoffset = int64(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_SELECT, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setegid(egid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETEGID, uintptr(egid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seteuid(euid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETEUID, uintptr(euid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setgid(gid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETGID, uintptr(gid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setlogin(name string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(name)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SETLOGIN, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpgid(pid int, pgid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETPGID, uintptr(pid), uintptr(pgid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpriority(which int, who int, prio int) (err error) {
+	_, _, e1 := Syscall(SYS_SETPRIORITY, uintptr(which), uintptr(who), uintptr(prio))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setregid(rgid int, egid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setreuid(ruid int, euid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresgid(rgid int, egid int, sgid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresuid(ruid int, euid int, suid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setrlimit(which int, lim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setrtable(rtable int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRTABLE, uintptr(rtable), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setsid() (pid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0)
+	pid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Settimeofday(tp *Timeval) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETTIMEOFDAY, uintptr(unsafe.Pointer(tp)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setuid(uid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETUID, uintptr(uid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Stat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Statfs(path string, stat *Statfs_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STATFS, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Symlink(path string, link string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SYMLINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Sync() (err error) {
+	_, _, e1 := Syscall(SYS_SYNC, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Truncate(path string, length int64) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_TRUNCATE, uintptr(unsafe.Pointer(_p0)), 0, uintptr(length))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Umask(newmask int) (oldmask int) {
+	r0, _, _ := Syscall(SYS_UMASK, uintptr(newmask), 0, 0)
+	oldmask = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlink(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNLINK, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlinkat(dirfd int, path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unmount(path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNMOUNT, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func write(fd int, p []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) {
+	r0, _, e1 := Syscall9(SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), 0, uintptr(pos), 0, 0)
+	ret = uintptr(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func munmap(addr uintptr, length uintptr) (err error) {
+	_, _, e1 := Syscall(SYS_MUNMAP, uintptr(addr), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func readlen(fd int, buf *byte, nbuf int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func writelen(fd int, buf *byte, nbuf int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_UTIMENSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go
new file mode 100644
index 000000000..ec6bd5bb7
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go
@@ -0,0 +1,1692 @@
+// go run mksyscall.go -openbsd -tags openbsd,mips64 syscall_bsd.go syscall_openbsd.go syscall_openbsd_mips64.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build openbsd,mips64
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+var _ syscall.Errno
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getgroups(ngid int, gid *_Gid_t) (n int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setgroups(ngid int, gid *_Gid_t) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) {
+	r0, _, e1 := Syscall6(SYS_WAIT4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0)
+	wpid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_BIND, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_CONNECT, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socket(domain int, typ int, proto int) (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
+	_, _, e1 := Syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
+	_, _, e1 := Syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Shutdown(s int, how int) (err error) {
+	_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(s), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
+	_, _, e1 := RawSyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_RECVFROM, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS_SENDTO, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_RECVMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_SENDMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, nevent int, timeout *Timespec) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_KEVENT, uintptr(kq), uintptr(change), uintptr(nchange), uintptr(event), uintptr(nevent), uintptr(unsafe.Pointer(timeout)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimes(path string, timeval *[2]Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UTIMES, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func futimes(fd int, timeval *[2]Timeval) (err error) {
+	_, _, e1 := Syscall(SYS_FUTIMES, uintptr(fd), uintptr(unsafe.Pointer(timeval)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Madvise(b []byte, behav int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MADVISE, uintptr(_p0), uintptr(len(b)), uintptr(behav))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlock(b []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MLOCK, uintptr(_p0), uintptr(len(b)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlockall(flags int) (err error) {
+	_, _, e1 := Syscall(SYS_MLOCKALL, uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mprotect(b []byte, prot int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MPROTECT, uintptr(_p0), uintptr(len(b)), uintptr(prot))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Msync(b []byte, flags int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MSYNC, uintptr(_p0), uintptr(len(b)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlock(b []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MUNLOCK, uintptr(_p0), uintptr(len(b)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlockall() (err error) {
+	_, _, e1 := Syscall(SYS_MUNLOCKALL, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pipe2(p *[2]_C_int, flags int) (err error) {
+	_, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getdents(fd int, buf []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_GETDENTS, uintptr(fd), uintptr(_p0), uintptr(len(buf)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getcwd(buf []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS___GETCWD, uintptr(_p0), uintptr(len(buf)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ioctl(fd int, req uint, arg uintptr) (err error) {
+	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
+	var _p0 unsafe.Pointer
+	if len(mib) > 0 {
+		_p0 = unsafe.Pointer(&mib[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_PPOLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Access(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_ACCESS, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Adjtime(delta *Timeval, olddelta *Timeval) (err error) {
+	_, _, e1 := Syscall(SYS_ADJTIME, uintptr(unsafe.Pointer(delta)), uintptr(unsafe.Pointer(olddelta)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chdir(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chflags(path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHFLAGS, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chmod(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHMOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chroot(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_CHROOT, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Close(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup(fd int) (nfd int, err error) {
+	r0, _, e1 := Syscall(SYS_DUP, uintptr(fd), 0, 0)
+	nfd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup2(from int, to int) (err error) {
+	_, _, e1 := Syscall(SYS_DUP2, uintptr(from), uintptr(to), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup3(from int, to int, flags int) (err error) {
+	_, _, e1 := Syscall(SYS_DUP3, uintptr(from), uintptr(to), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Exit(code int) {
+	Syscall(SYS_EXIT, uintptr(code), 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FACCESSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchdir(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHDIR, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchflags(fd int, flags int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHFLAGS, uintptr(fd), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmod(fd int, mode uint32) (err error) {
+	_, _, e1 := Syscall(SYS_FCHMOD, uintptr(fd), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FCHMODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchown(fd int, uid int, gid int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Flock(fd int, how int) (err error) {
+	_, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fpathconf(fd int, name int) (val int, err error) {
+	r0, _, e1 := Syscall(SYS_FPATHCONF, uintptr(fd), uintptr(name), 0)
+	val = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstat(fd int, stat *Stat_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FSTATAT, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatfs(fd int, stat *Statfs_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTATFS, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fsync(fd int) (err error) {
+	_, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ftruncate(fd int, length int64) (err error) {
+	_, _, e1 := Syscall(SYS_FTRUNCATE, uintptr(fd), 0, uintptr(length))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getegid() (egid int) {
+	r0, _, _ := RawSyscall(SYS_GETEGID, 0, 0, 0)
+	egid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Geteuid() (uid int) {
+	r0, _, _ := RawSyscall(SYS_GETEUID, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getgid() (gid int) {
+	r0, _, _ := RawSyscall(SYS_GETGID, 0, 0, 0)
+	gid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgid(pid int) (pgid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETPGID, uintptr(pid), 0, 0)
+	pgid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgrp() (pgrp int) {
+	r0, _, _ := RawSyscall(SYS_GETPGRP, 0, 0, 0)
+	pgrp = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpid() (pid int) {
+	r0, _, _ := RawSyscall(SYS_GETPID, 0, 0, 0)
+	pid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getppid() (ppid int) {
+	r0, _, _ := RawSyscall(SYS_GETPPID, 0, 0, 0)
+	ppid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpriority(which int, who int) (prio int, err error) {
+	r0, _, e1 := Syscall(SYS_GETPRIORITY, uintptr(which), uintptr(who), 0)
+	prio = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrlimit(which int, lim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrtable() (rtable int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETRTABLE, 0, 0, 0)
+	rtable = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrusage(who int, rusage *Rusage) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getsid(pid int) (sid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETSID, uintptr(pid), 0, 0)
+	sid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Gettimeofday(tv *Timeval) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getuid() (uid int) {
+	r0, _, _ := RawSyscall(SYS_GETUID, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Issetugid() (tainted bool) {
+	r0, _, _ := Syscall(SYS_ISSETUGID, 0, 0, 0)
+	tainted = bool(r0 != 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Kill(pid int, signum syscall.Signal) (err error) {
+	_, _, e1 := Syscall(SYS_KILL, uintptr(pid), uintptr(signum), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Kqueue() (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_KQUEUE, 0, 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lchown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LCHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Link(path string, link string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_LINKAT, uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Listen(s int, backlog int) (err error) {
+	_, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(backlog), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lstat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LSTAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdir(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKDIR, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdirat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkfifo(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKFIFO, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkfifoat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKFIFOAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mknod(path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_MKNOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_MKNODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
+	_, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Open(path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall(SYS_OPEN, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pathconf(path string, name int) (val int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := Syscall(SYS_PATHCONF, uintptr(unsafe.Pointer(_p0)), uintptr(name), 0)
+	val = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pread(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PREAD, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PWRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func read(fd int, p []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Readlink(path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_READLINK, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_READLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Rename(from string, to string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_RENAME, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Renameat(fromfd int, from string, tofd int, to string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Revoke(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_REVOKE, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Rmdir(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_RMDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
+	r0, _, e1 := Syscall6(SYS_LSEEK, uintptr(fd), 0, uintptr(offset), uintptr(whence), 0, 0)
+	newoffset = int64(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_SELECT, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setegid(egid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETEGID, uintptr(egid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seteuid(euid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETEUID, uintptr(euid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setgid(gid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETGID, uintptr(gid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setlogin(name string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(name)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SETLOGIN, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpgid(pid int, pgid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETPGID, uintptr(pid), uintptr(pgid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpriority(which int, who int, prio int) (err error) {
+	_, _, e1 := Syscall(SYS_SETPRIORITY, uintptr(which), uintptr(who), uintptr(prio))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setregid(rgid int, egid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setreuid(ruid int, euid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresgid(rgid int, egid int, sgid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresuid(ruid int, euid int, suid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setrlimit(which int, lim *Rlimit) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setrtable(rtable int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRTABLE, uintptr(rtable), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setsid() (pid int, err error) {
+	r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0)
+	pid = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Settimeofday(tp *Timeval) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETTIMEOFDAY, uintptr(unsafe.Pointer(tp)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setuid(uid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETUID, uintptr(uid), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Stat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Statfs(path string, stat *Statfs_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STATFS, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Symlink(path string, link string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SYMLINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Sync() (err error) {
+	_, _, e1 := Syscall(SYS_SYNC, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Truncate(path string, length int64) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_TRUNCATE, uintptr(unsafe.Pointer(_p0)), 0, uintptr(length))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Umask(newmask int) (oldmask int) {
+	r0, _, _ := Syscall(SYS_UMASK, uintptr(newmask), 0, 0)
+	oldmask = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlink(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNLINK, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlinkat(dirfd int, path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unmount(path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UNMOUNT, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func write(fd int, p []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) {
+	r0, _, e1 := Syscall9(SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), 0, uintptr(pos), 0, 0)
+	ret = uintptr(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func munmap(addr uintptr, length uintptr) (err error) {
+	_, _, e1 := Syscall(SYS_MUNMAP, uintptr(addr), uintptr(length), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func readlen(fd int, buf *byte, nbuf int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func writelen(fd int, buf *byte, nbuf int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_UTIMENSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go
new file mode 100644
index 000000000..a96165d4b
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go
@@ -0,0 +1,1954 @@
+// go run mksyscall_solaris.go -tags solaris,amd64 syscall_solaris.go syscall_solaris_amd64.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build solaris,amd64
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+//go:cgo_import_dynamic libc_pipe pipe "libc.so"
+//go:cgo_import_dynamic libc_getsockname getsockname "libsocket.so"
+//go:cgo_import_dynamic libc_getcwd getcwd "libc.so"
+//go:cgo_import_dynamic libc_getgroups getgroups "libc.so"
+//go:cgo_import_dynamic libc_setgroups setgroups "libc.so"
+//go:cgo_import_dynamic libc_wait4 wait4 "libc.so"
+//go:cgo_import_dynamic libc_gethostname gethostname "libc.so"
+//go:cgo_import_dynamic libc_utimes utimes "libc.so"
+//go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
+//go:cgo_import_dynamic libc_fcntl fcntl "libc.so"
+//go:cgo_import_dynamic libc_futimesat futimesat "libc.so"
+//go:cgo_import_dynamic libc_accept accept "libsocket.so"
+//go:cgo_import_dynamic libc___xnet_recvmsg __xnet_recvmsg "libsocket.so"
+//go:cgo_import_dynamic libc___xnet_sendmsg __xnet_sendmsg "libsocket.so"
+//go:cgo_import_dynamic libc_acct acct "libc.so"
+//go:cgo_import_dynamic libc___makedev __makedev "libc.so"
+//go:cgo_import_dynamic libc___major __major "libc.so"
+//go:cgo_import_dynamic libc___minor __minor "libc.so"
+//go:cgo_import_dynamic libc_ioctl ioctl "libc.so"
+//go:cgo_import_dynamic libc_poll poll "libc.so"
+//go:cgo_import_dynamic libc_access access "libc.so"
+//go:cgo_import_dynamic libc_adjtime adjtime "libc.so"
+//go:cgo_import_dynamic libc_chdir chdir "libc.so"
+//go:cgo_import_dynamic libc_chmod chmod "libc.so"
+//go:cgo_import_dynamic libc_chown chown "libc.so"
+//go:cgo_import_dynamic libc_chroot chroot "libc.so"
+//go:cgo_import_dynamic libc_close close "libc.so"
+//go:cgo_import_dynamic libc_creat creat "libc.so"
+//go:cgo_import_dynamic libc_dup dup "libc.so"
+//go:cgo_import_dynamic libc_dup2 dup2 "libc.so"
+//go:cgo_import_dynamic libc_exit exit "libc.so"
+//go:cgo_import_dynamic libc_faccessat faccessat "libc.so"
+//go:cgo_import_dynamic libc_fchdir fchdir "libc.so"
+//go:cgo_import_dynamic libc_fchmod fchmod "libc.so"
+//go:cgo_import_dynamic libc_fchmodat fchmodat "libc.so"
+//go:cgo_import_dynamic libc_fchown fchown "libc.so"
+//go:cgo_import_dynamic libc_fchownat fchownat "libc.so"
+//go:cgo_import_dynamic libc_fdatasync fdatasync "libc.so"
+//go:cgo_import_dynamic libc_flock flock "libc.so"
+//go:cgo_import_dynamic libc_fpathconf fpathconf "libc.so"
+//go:cgo_import_dynamic libc_fstat fstat "libc.so"
+//go:cgo_import_dynamic libc_fstatat fstatat "libc.so"
+//go:cgo_import_dynamic libc_fstatvfs fstatvfs "libc.so"
+//go:cgo_import_dynamic libc_getdents getdents "libc.so"
+//go:cgo_import_dynamic libc_getgid getgid "libc.so"
+//go:cgo_import_dynamic libc_getpid getpid "libc.so"
+//go:cgo_import_dynamic libc_getpgid getpgid "libc.so"
+//go:cgo_import_dynamic libc_getpgrp getpgrp "libc.so"
+//go:cgo_import_dynamic libc_geteuid geteuid "libc.so"
+//go:cgo_import_dynamic libc_getegid getegid "libc.so"
+//go:cgo_import_dynamic libc_getppid getppid "libc.so"
+//go:cgo_import_dynamic libc_getpriority getpriority "libc.so"
+//go:cgo_import_dynamic libc_getrlimit getrlimit "libc.so"
+//go:cgo_import_dynamic libc_getrusage getrusage "libc.so"
+//go:cgo_import_dynamic libc_gettimeofday gettimeofday "libc.so"
+//go:cgo_import_dynamic libc_getuid getuid "libc.so"
+//go:cgo_import_dynamic libc_kill kill "libc.so"
+//go:cgo_import_dynamic libc_lchown lchown "libc.so"
+//go:cgo_import_dynamic libc_link link "libc.so"
+//go:cgo_import_dynamic libc___xnet_llisten __xnet_llisten "libsocket.so"
+//go:cgo_import_dynamic libc_lstat lstat "libc.so"
+//go:cgo_import_dynamic libc_madvise madvise "libc.so"
+//go:cgo_import_dynamic libc_mkdir mkdir "libc.so"
+//go:cgo_import_dynamic libc_mkdirat mkdirat "libc.so"
+//go:cgo_import_dynamic libc_mkfifo mkfifo "libc.so"
+//go:cgo_import_dynamic libc_mkfifoat mkfifoat "libc.so"
+//go:cgo_import_dynamic libc_mknod mknod "libc.so"
+//go:cgo_import_dynamic libc_mknodat mknodat "libc.so"
+//go:cgo_import_dynamic libc_mlock mlock "libc.so"
+//go:cgo_import_dynamic libc_mlockall mlockall "libc.so"
+//go:cgo_import_dynamic libc_mprotect mprotect "libc.so"
+//go:cgo_import_dynamic libc_msync msync "libc.so"
+//go:cgo_import_dynamic libc_munlock munlock "libc.so"
+//go:cgo_import_dynamic libc_munlockall munlockall "libc.so"
+//go:cgo_import_dynamic libc_nanosleep nanosleep "libc.so"
+//go:cgo_import_dynamic libc_open open "libc.so"
+//go:cgo_import_dynamic libc_openat openat "libc.so"
+//go:cgo_import_dynamic libc_pathconf pathconf "libc.so"
+//go:cgo_import_dynamic libc_pause pause "libc.so"
+//go:cgo_import_dynamic libc_pread pread "libc.so"
+//go:cgo_import_dynamic libc_pwrite pwrite "libc.so"
+//go:cgo_import_dynamic libc_read read "libc.so"
+//go:cgo_import_dynamic libc_readlink readlink "libc.so"
+//go:cgo_import_dynamic libc_rename rename "libc.so"
+//go:cgo_import_dynamic libc_renameat renameat "libc.so"
+//go:cgo_import_dynamic libc_rmdir rmdir "libc.so"
+//go:cgo_import_dynamic libc_lseek lseek "libc.so"
+//go:cgo_import_dynamic libc_select select "libc.so"
+//go:cgo_import_dynamic libc_setegid setegid "libc.so"
+//go:cgo_import_dynamic libc_seteuid seteuid "libc.so"
+//go:cgo_import_dynamic libc_setgid setgid "libc.so"
+//go:cgo_import_dynamic libc_sethostname sethostname "libc.so"
+//go:cgo_import_dynamic libc_setpgid setpgid "libc.so"
+//go:cgo_import_dynamic libc_setpriority setpriority "libc.so"
+//go:cgo_import_dynamic libc_setregid setregid "libc.so"
+//go:cgo_import_dynamic libc_setreuid setreuid "libc.so"
+//go:cgo_import_dynamic libc_setrlimit setrlimit "libc.so"
+//go:cgo_import_dynamic libc_setsid setsid "libc.so"
+//go:cgo_import_dynamic libc_setuid setuid "libc.so"
+//go:cgo_import_dynamic libc_shutdown shutdown "libsocket.so"
+//go:cgo_import_dynamic libc_stat stat "libc.so"
+//go:cgo_import_dynamic libc_statvfs statvfs "libc.so"
+//go:cgo_import_dynamic libc_symlink symlink "libc.so"
+//go:cgo_import_dynamic libc_sync sync "libc.so"
+//go:cgo_import_dynamic libc_times times "libc.so"
+//go:cgo_import_dynamic libc_truncate truncate "libc.so"
+//go:cgo_import_dynamic libc_fsync fsync "libc.so"
+//go:cgo_import_dynamic libc_ftruncate ftruncate "libc.so"
+//go:cgo_import_dynamic libc_umask umask "libc.so"
+//go:cgo_import_dynamic libc_uname uname "libc.so"
+//go:cgo_import_dynamic libc_umount umount "libc.so"
+//go:cgo_import_dynamic libc_unlink unlink "libc.so"
+//go:cgo_import_dynamic libc_unlinkat unlinkat "libc.so"
+//go:cgo_import_dynamic libc_ustat ustat "libc.so"
+//go:cgo_import_dynamic libc_utime utime "libc.so"
+//go:cgo_import_dynamic libc___xnet_bind __xnet_bind "libsocket.so"
+//go:cgo_import_dynamic libc___xnet_connect __xnet_connect "libsocket.so"
+//go:cgo_import_dynamic libc_mmap mmap "libc.so"
+//go:cgo_import_dynamic libc_munmap munmap "libc.so"
+//go:cgo_import_dynamic libc_sendfile sendfile "libsendfile.so"
+//go:cgo_import_dynamic libc___xnet_sendto __xnet_sendto "libsocket.so"
+//go:cgo_import_dynamic libc___xnet_socket __xnet_socket "libsocket.so"
+//go:cgo_import_dynamic libc___xnet_socketpair __xnet_socketpair "libsocket.so"
+//go:cgo_import_dynamic libc_write write "libc.so"
+//go:cgo_import_dynamic libc___xnet_getsockopt __xnet_getsockopt "libsocket.so"
+//go:cgo_import_dynamic libc_getpeername getpeername "libsocket.so"
+//go:cgo_import_dynamic libc_setsockopt setsockopt "libsocket.so"
+//go:cgo_import_dynamic libc_recvfrom recvfrom "libsocket.so"
+
+//go:linkname procpipe libc_pipe
+//go:linkname procgetsockname libc_getsockname
+//go:linkname procGetcwd libc_getcwd
+//go:linkname procgetgroups libc_getgroups
+//go:linkname procsetgroups libc_setgroups
+//go:linkname procwait4 libc_wait4
+//go:linkname procgethostname libc_gethostname
+//go:linkname procutimes libc_utimes
+//go:linkname procutimensat libc_utimensat
+//go:linkname procfcntl libc_fcntl
+//go:linkname procfutimesat libc_futimesat
+//go:linkname procaccept libc_accept
+//go:linkname proc__xnet_recvmsg libc___xnet_recvmsg
+//go:linkname proc__xnet_sendmsg libc___xnet_sendmsg
+//go:linkname procacct libc_acct
+//go:linkname proc__makedev libc___makedev
+//go:linkname proc__major libc___major
+//go:linkname proc__minor libc___minor
+//go:linkname procioctl libc_ioctl
+//go:linkname procpoll libc_poll
+//go:linkname procAccess libc_access
+//go:linkname procAdjtime libc_adjtime
+//go:linkname procChdir libc_chdir
+//go:linkname procChmod libc_chmod
+//go:linkname procChown libc_chown
+//go:linkname procChroot libc_chroot
+//go:linkname procClose libc_close
+//go:linkname procCreat libc_creat
+//go:linkname procDup libc_dup
+//go:linkname procDup2 libc_dup2
+//go:linkname procExit libc_exit
+//go:linkname procFaccessat libc_faccessat
+//go:linkname procFchdir libc_fchdir
+//go:linkname procFchmod libc_fchmod
+//go:linkname procFchmodat libc_fchmodat
+//go:linkname procFchown libc_fchown
+//go:linkname procFchownat libc_fchownat
+//go:linkname procFdatasync libc_fdatasync
+//go:linkname procFlock libc_flock
+//go:linkname procFpathconf libc_fpathconf
+//go:linkname procFstat libc_fstat
+//go:linkname procFstatat libc_fstatat
+//go:linkname procFstatvfs libc_fstatvfs
+//go:linkname procGetdents libc_getdents
+//go:linkname procGetgid libc_getgid
+//go:linkname procGetpid libc_getpid
+//go:linkname procGetpgid libc_getpgid
+//go:linkname procGetpgrp libc_getpgrp
+//go:linkname procGeteuid libc_geteuid
+//go:linkname procGetegid libc_getegid
+//go:linkname procGetppid libc_getppid
+//go:linkname procGetpriority libc_getpriority
+//go:linkname procGetrlimit libc_getrlimit
+//go:linkname procGetrusage libc_getrusage
+//go:linkname procGettimeofday libc_gettimeofday
+//go:linkname procGetuid libc_getuid
+//go:linkname procKill libc_kill
+//go:linkname procLchown libc_lchown
+//go:linkname procLink libc_link
+//go:linkname proc__xnet_llisten libc___xnet_llisten
+//go:linkname procLstat libc_lstat
+//go:linkname procMadvise libc_madvise
+//go:linkname procMkdir libc_mkdir
+//go:linkname procMkdirat libc_mkdirat
+//go:linkname procMkfifo libc_mkfifo
+//go:linkname procMkfifoat libc_mkfifoat
+//go:linkname procMknod libc_mknod
+//go:linkname procMknodat libc_mknodat
+//go:linkname procMlock libc_mlock
+//go:linkname procMlockall libc_mlockall
+//go:linkname procMprotect libc_mprotect
+//go:linkname procMsync libc_msync
+//go:linkname procMunlock libc_munlock
+//go:linkname procMunlockall libc_munlockall
+//go:linkname procNanosleep libc_nanosleep
+//go:linkname procOpen libc_open
+//go:linkname procOpenat libc_openat
+//go:linkname procPathconf libc_pathconf
+//go:linkname procPause libc_pause
+//go:linkname procPread libc_pread
+//go:linkname procPwrite libc_pwrite
+//go:linkname procread libc_read
+//go:linkname procReadlink libc_readlink
+//go:linkname procRename libc_rename
+//go:linkname procRenameat libc_renameat
+//go:linkname procRmdir libc_rmdir
+//go:linkname proclseek libc_lseek
+//go:linkname procSelect libc_select
+//go:linkname procSetegid libc_setegid
+//go:linkname procSeteuid libc_seteuid
+//go:linkname procSetgid libc_setgid
+//go:linkname procSethostname libc_sethostname
+//go:linkname procSetpgid libc_setpgid
+//go:linkname procSetpriority libc_setpriority
+//go:linkname procSetregid libc_setregid
+//go:linkname procSetreuid libc_setreuid
+//go:linkname procSetrlimit libc_setrlimit
+//go:linkname procSetsid libc_setsid
+//go:linkname procSetuid libc_setuid
+//go:linkname procshutdown libc_shutdown
+//go:linkname procStat libc_stat
+//go:linkname procStatvfs libc_statvfs
+//go:linkname procSymlink libc_symlink
+//go:linkname procSync libc_sync
+//go:linkname procTimes libc_times
+//go:linkname procTruncate libc_truncate
+//go:linkname procFsync libc_fsync
+//go:linkname procFtruncate libc_ftruncate
+//go:linkname procUmask libc_umask
+//go:linkname procUname libc_uname
+//go:linkname procumount libc_umount
+//go:linkname procUnlink libc_unlink
+//go:linkname procUnlinkat libc_unlinkat
+//go:linkname procUstat libc_ustat
+//go:linkname procUtime libc_utime
+//go:linkname proc__xnet_bind libc___xnet_bind
+//go:linkname proc__xnet_connect libc___xnet_connect
+//go:linkname procmmap libc_mmap
+//go:linkname procmunmap libc_munmap
+//go:linkname procsendfile libc_sendfile
+//go:linkname proc__xnet_sendto libc___xnet_sendto
+//go:linkname proc__xnet_socket libc___xnet_socket
+//go:linkname proc__xnet_socketpair libc___xnet_socketpair
+//go:linkname procwrite libc_write
+//go:linkname proc__xnet_getsockopt libc___xnet_getsockopt
+//go:linkname procgetpeername libc_getpeername
+//go:linkname procsetsockopt libc_setsockopt
+//go:linkname procrecvfrom libc_recvfrom
+
+var (
+	procpipe,
+	procgetsockname,
+	procGetcwd,
+	procgetgroups,
+	procsetgroups,
+	procwait4,
+	procgethostname,
+	procutimes,
+	procutimensat,
+	procfcntl,
+	procfutimesat,
+	procaccept,
+	proc__xnet_recvmsg,
+	proc__xnet_sendmsg,
+	procacct,
+	proc__makedev,
+	proc__major,
+	proc__minor,
+	procioctl,
+	procpoll,
+	procAccess,
+	procAdjtime,
+	procChdir,
+	procChmod,
+	procChown,
+	procChroot,
+	procClose,
+	procCreat,
+	procDup,
+	procDup2,
+	procExit,
+	procFaccessat,
+	procFchdir,
+	procFchmod,
+	procFchmodat,
+	procFchown,
+	procFchownat,
+	procFdatasync,
+	procFlock,
+	procFpathconf,
+	procFstat,
+	procFstatat,
+	procFstatvfs,
+	procGetdents,
+	procGetgid,
+	procGetpid,
+	procGetpgid,
+	procGetpgrp,
+	procGeteuid,
+	procGetegid,
+	procGetppid,
+	procGetpriority,
+	procGetrlimit,
+	procGetrusage,
+	procGettimeofday,
+	procGetuid,
+	procKill,
+	procLchown,
+	procLink,
+	proc__xnet_llisten,
+	procLstat,
+	procMadvise,
+	procMkdir,
+	procMkdirat,
+	procMkfifo,
+	procMkfifoat,
+	procMknod,
+	procMknodat,
+	procMlock,
+	procMlockall,
+	procMprotect,
+	procMsync,
+	procMunlock,
+	procMunlockall,
+	procNanosleep,
+	procOpen,
+	procOpenat,
+	procPathconf,
+	procPause,
+	procPread,
+	procPwrite,
+	procread,
+	procReadlink,
+	procRename,
+	procRenameat,
+	procRmdir,
+	proclseek,
+	procSelect,
+	procSetegid,
+	procSeteuid,
+	procSetgid,
+	procSethostname,
+	procSetpgid,
+	procSetpriority,
+	procSetregid,
+	procSetreuid,
+	procSetrlimit,
+	procSetsid,
+	procSetuid,
+	procshutdown,
+	procStat,
+	procStatvfs,
+	procSymlink,
+	procSync,
+	procTimes,
+	procTruncate,
+	procFsync,
+	procFtruncate,
+	procUmask,
+	procUname,
+	procumount,
+	procUnlink,
+	procUnlinkat,
+	procUstat,
+	procUtime,
+	proc__xnet_bind,
+	proc__xnet_connect,
+	procmmap,
+	procmunmap,
+	procsendfile,
+	proc__xnet_sendto,
+	proc__xnet_socket,
+	proc__xnet_socketpair,
+	procwrite,
+	proc__xnet_getsockopt,
+	procgetpeername,
+	procsetsockopt,
+	procrecvfrom syscallFunc
+)
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pipe(p *[2]_C_int) (n int, err error) {
+	r0, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procpipe)), 1, uintptr(unsafe.Pointer(p)), 0, 0, 0, 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procgetsockname)), 3, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getcwd(buf []byte) (n int, err error) {
+	var _p0 *byte
+	if len(buf) > 0 {
+		_p0 = &buf[0]
+	}
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procGetcwd)), 2, uintptr(unsafe.Pointer(_p0)), uintptr(len(buf)), 0, 0, 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getgroups(ngid int, gid *_Gid_t) (n int, err error) {
+	r0, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procgetgroups)), 2, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0, 0, 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setgroups(ngid int, gid *_Gid_t) (err error) {
+	_, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procsetgroups)), 2, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func wait4(pid int32, statusp *_C_int, options int, rusage *Rusage) (wpid int32, err error) {
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procwait4)), 4, uintptr(pid), uintptr(unsafe.Pointer(statusp)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0)
+	wpid = int32(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func gethostname(buf []byte) (n int, err error) {
+	var _p0 *byte
+	if len(buf) > 0 {
+		_p0 = &buf[0]
+	}
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procgethostname)), 2, uintptr(unsafe.Pointer(_p0)), uintptr(len(buf)), 0, 0, 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimes(path string, times *[2]Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procutimes)), 2, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimensat(fd int, path string, times *[2]Timespec, flag int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procutimensat)), 4, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flag), 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fcntl(fd int, cmd int, arg int) (val int, err error) {
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procfcntl)), 3, uintptr(fd), uintptr(cmd), uintptr(arg), 0, 0, 0)
+	val = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func futimesat(fildes int, path *byte, times *[2]Timeval) (err error) {
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procfutimesat)), 3, uintptr(fildes), uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(times)), 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procaccept)), 3, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), 0, 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&proc__xnet_recvmsg)), 3, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags), 0, 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&proc__xnet_sendmsg)), 3, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags), 0, 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func acct(path *byte) (err error) {
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procacct)), 1, uintptr(unsafe.Pointer(path)), 0, 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func __makedev(version int, major uint, minor uint) (val uint64) {
+	r0, _, _ := sysvicall6(uintptr(unsafe.Pointer(&proc__makedev)), 3, uintptr(version), uintptr(major), uintptr(minor), 0, 0, 0)
+	val = uint64(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func __major(version int, dev uint64) (val uint) {
+	r0, _, _ := sysvicall6(uintptr(unsafe.Pointer(&proc__major)), 2, uintptr(version), uintptr(dev), 0, 0, 0, 0)
+	val = uint(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func __minor(version int, dev uint64) (val uint) {
+	r0, _, _ := sysvicall6(uintptr(unsafe.Pointer(&proc__minor)), 2, uintptr(version), uintptr(dev), 0, 0, 0, 0)
+	val = uint(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ioctl(fd int, req uint, arg uintptr) (err error) {
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procioctl)), 3, uintptr(fd), uintptr(req), uintptr(arg), 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procpoll)), 3, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout), 0, 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Access(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procAccess)), 2, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Adjtime(delta *Timeval, olddelta *Timeval) (err error) {
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procAdjtime)), 2, uintptr(unsafe.Pointer(delta)), uintptr(unsafe.Pointer(olddelta)), 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chdir(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procChdir)), 1, uintptr(unsafe.Pointer(_p0)), 0, 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chmod(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procChmod)), 2, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procChown)), 3, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chroot(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procChroot)), 1, uintptr(unsafe.Pointer(_p0)), 0, 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Close(fd int) (err error) {
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procClose)), 1, uintptr(fd), 0, 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Creat(path string, mode uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procCreat)), 2, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0, 0, 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup(fd int) (nfd int, err error) {
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procDup)), 1, uintptr(fd), 0, 0, 0, 0, 0)
+	nfd = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Dup2(oldfd int, newfd int) (err error) {
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procDup2)), 2, uintptr(oldfd), uintptr(newfd), 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Exit(code int) {
+	sysvicall6(uintptr(unsafe.Pointer(&procExit)), 1, uintptr(code), 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procFaccessat)), 4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchdir(fd int) (err error) {
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procFchdir)), 1, uintptr(fd), 0, 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmod(fd int, mode uint32) (err error) {
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procFchmod)), 2, uintptr(fd), uintptr(mode), 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procFchmodat)), 4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchown(fd int, uid int, gid int) (err error) {
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procFchown)), 3, uintptr(fd), uintptr(uid), uintptr(gid), 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procFchownat)), 5, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fdatasync(fd int) (err error) {
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procFdatasync)), 1, uintptr(fd), 0, 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Flock(fd int, how int) (err error) {
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procFlock)), 2, uintptr(fd), uintptr(how), 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fpathconf(fd int, name int) (val int, err error) {
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procFpathconf)), 2, uintptr(fd), uintptr(name), 0, 0, 0, 0)
+	val = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstat(fd int, stat *Stat_t) (err error) {
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procFstat)), 2, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procFstatat)), 4, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatvfs(fd int, vfsstat *Statvfs_t) (err error) {
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procFstatvfs)), 2, uintptr(fd), uintptr(unsafe.Pointer(vfsstat)), 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getdents(fd int, buf []byte, basep *uintptr) (n int, err error) {
+	var _p0 *byte
+	if len(buf) > 0 {
+		_p0 = &buf[0]
+	}
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procGetdents)), 4, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(len(buf)), uintptr(unsafe.Pointer(basep)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getgid() (gid int) {
+	r0, _, _ := rawSysvicall6(uintptr(unsafe.Pointer(&procGetgid)), 0, 0, 0, 0, 0, 0, 0)
+	gid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpid() (pid int) {
+	r0, _, _ := rawSysvicall6(uintptr(unsafe.Pointer(&procGetpid)), 0, 0, 0, 0, 0, 0, 0)
+	pid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgid(pid int) (pgid int, err error) {
+	r0, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procGetpgid)), 1, uintptr(pid), 0, 0, 0, 0, 0)
+	pgid = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgrp() (pgid int, err error) {
+	r0, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procGetpgrp)), 0, 0, 0, 0, 0, 0, 0)
+	pgid = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Geteuid() (euid int) {
+	r0, _, _ := sysvicall6(uintptr(unsafe.Pointer(&procGeteuid)), 0, 0, 0, 0, 0, 0, 0)
+	euid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getegid() (egid int) {
+	r0, _, _ := sysvicall6(uintptr(unsafe.Pointer(&procGetegid)), 0, 0, 0, 0, 0, 0, 0)
+	egid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getppid() (ppid int) {
+	r0, _, _ := sysvicall6(uintptr(unsafe.Pointer(&procGetppid)), 0, 0, 0, 0, 0, 0, 0)
+	ppid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpriority(which int, who int) (n int, err error) {
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procGetpriority)), 2, uintptr(which), uintptr(who), 0, 0, 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrlimit(which int, lim *Rlimit) (err error) {
+	_, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procGetrlimit)), 2, uintptr(which), uintptr(unsafe.Pointer(lim)), 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrusage(who int, rusage *Rusage) (err error) {
+	_, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procGetrusage)), 2, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Gettimeofday(tv *Timeval) (err error) {
+	_, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procGettimeofday)), 1, uintptr(unsafe.Pointer(tv)), 0, 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getuid() (uid int) {
+	r0, _, _ := rawSysvicall6(uintptr(unsafe.Pointer(&procGetuid)), 0, 0, 0, 0, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Kill(pid int, signum syscall.Signal) (err error) {
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procKill)), 2, uintptr(pid), uintptr(signum), 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lchown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procLchown)), 3, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Link(path string, link string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procLink)), 2, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Listen(s int, backlog int) (err error) {
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&proc__xnet_llisten)), 2, uintptr(s), uintptr(backlog), 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lstat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procLstat)), 2, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Madvise(b []byte, advice int) (err error) {
+	var _p0 *byte
+	if len(b) > 0 {
+		_p0 = &b[0]
+	}
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procMadvise)), 3, uintptr(unsafe.Pointer(_p0)), uintptr(len(b)), uintptr(advice), 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdir(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procMkdir)), 2, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdirat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procMkdirat)), 3, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkfifo(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procMkfifo)), 2, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkfifoat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procMkfifoat)), 3, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mknod(path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procMknod)), 3, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procMknodat)), 4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlock(b []byte) (err error) {
+	var _p0 *byte
+	if len(b) > 0 {
+		_p0 = &b[0]
+	}
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procMlock)), 2, uintptr(unsafe.Pointer(_p0)), uintptr(len(b)), 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mlockall(flags int) (err error) {
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procMlockall)), 1, uintptr(flags), 0, 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mprotect(b []byte, prot int) (err error) {
+	var _p0 *byte
+	if len(b) > 0 {
+		_p0 = &b[0]
+	}
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procMprotect)), 3, uintptr(unsafe.Pointer(_p0)), uintptr(len(b)), uintptr(prot), 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Msync(b []byte, flags int) (err error) {
+	var _p0 *byte
+	if len(b) > 0 {
+		_p0 = &b[0]
+	}
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procMsync)), 3, uintptr(unsafe.Pointer(_p0)), uintptr(len(b)), uintptr(flags), 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlock(b []byte) (err error) {
+	var _p0 *byte
+	if len(b) > 0 {
+		_p0 = &b[0]
+	}
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procMunlock)), 2, uintptr(unsafe.Pointer(_p0)), uintptr(len(b)), 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Munlockall() (err error) {
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procMunlockall)), 0, 0, 0, 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procNanosleep)), 2, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Open(path string, mode int, perm uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procOpen)), 3, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procOpenat)), 4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags), uintptr(mode), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pathconf(path string, name int) (val int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procPathconf)), 2, uintptr(unsafe.Pointer(_p0)), uintptr(name), 0, 0, 0, 0)
+	val = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pause() (err error) {
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procPause)), 0, 0, 0, 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pread(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 *byte
+	if len(p) > 0 {
+		_p0 = &p[0]
+	}
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procPread)), 4, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(len(p)), uintptr(offset), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 *byte
+	if len(p) > 0 {
+		_p0 = &p[0]
+	}
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procPwrite)), 4, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(len(p)), uintptr(offset), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func read(fd int, p []byte) (n int, err error) {
+	var _p0 *byte
+	if len(p) > 0 {
+		_p0 = &p[0]
+	}
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procread)), 3, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(len(p)), 0, 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Readlink(path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	if len(buf) > 0 {
+		_p1 = &buf[0]
+	}
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procReadlink)), 3, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(len(buf)), 0, 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Rename(from string, to string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procRename)), 2, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procRenameat)), 4, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Rmdir(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procRmdir)), 1, uintptr(unsafe.Pointer(_p0)), 0, 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&proclseek)), 3, uintptr(fd), uintptr(offset), uintptr(whence), 0, 0, 0)
+	newoffset = int64(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procSelect)), 5, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setegid(egid int) (err error) {
+	_, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procSetegid)), 1, uintptr(egid), 0, 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seteuid(euid int) (err error) {
+	_, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procSeteuid)), 1, uintptr(euid), 0, 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setgid(gid int) (err error) {
+	_, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procSetgid)), 1, uintptr(gid), 0, 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Sethostname(p []byte) (err error) {
+	var _p0 *byte
+	if len(p) > 0 {
+		_p0 = &p[0]
+	}
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procSethostname)), 2, uintptr(unsafe.Pointer(_p0)), uintptr(len(p)), 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpgid(pid int, pgid int) (err error) {
+	_, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procSetpgid)), 2, uintptr(pid), uintptr(pgid), 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setpriority(which int, who int, prio int) (err error) {
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procSetpriority)), 3, uintptr(which), uintptr(who), uintptr(prio), 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setregid(rgid int, egid int) (err error) {
+	_, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procSetregid)), 2, uintptr(rgid), uintptr(egid), 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setreuid(ruid int, euid int) (err error) {
+	_, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procSetreuid)), 2, uintptr(ruid), uintptr(euid), 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setrlimit(which int, lim *Rlimit) (err error) {
+	_, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procSetrlimit)), 2, uintptr(which), uintptr(unsafe.Pointer(lim)), 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setsid() (pid int, err error) {
+	r0, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procSetsid)), 0, 0, 0, 0, 0, 0, 0)
+	pid = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setuid(uid int) (err error) {
+	_, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procSetuid)), 1, uintptr(uid), 0, 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Shutdown(s int, how int) (err error) {
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procshutdown)), 2, uintptr(s), uintptr(how), 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Stat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procStat)), 2, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Statvfs(path string, vfsstat *Statvfs_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procStatvfs)), 2, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(vfsstat)), 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Symlink(path string, link string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procSymlink)), 2, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Sync() (err error) {
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procSync)), 0, 0, 0, 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Times(tms *Tms) (ticks uintptr, err error) {
+	r0, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procTimes)), 1, uintptr(unsafe.Pointer(tms)), 0, 0, 0, 0, 0)
+	ticks = uintptr(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Truncate(path string, length int64) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procTruncate)), 2, uintptr(unsafe.Pointer(_p0)), uintptr(length), 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fsync(fd int) (err error) {
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procFsync)), 1, uintptr(fd), 0, 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ftruncate(fd int, length int64) (err error) {
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procFtruncate)), 2, uintptr(fd), uintptr(length), 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Umask(mask int) (oldmask int) {
+	r0, _, _ := sysvicall6(uintptr(unsafe.Pointer(&procUmask)), 1, uintptr(mask), 0, 0, 0, 0, 0)
+	oldmask = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Uname(buf *Utsname) (err error) {
+	_, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procUname)), 1, uintptr(unsafe.Pointer(buf)), 0, 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unmount(target string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(target)
+	if err != nil {
+		return
+	}
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procumount)), 2, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlink(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procUnlink)), 1, uintptr(unsafe.Pointer(_p0)), 0, 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlinkat(dirfd int, path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procUnlinkat)), 3, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ustat(dev int, ubuf *Ustat_t) (err error) {
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procUstat)), 2, uintptr(dev), uintptr(unsafe.Pointer(ubuf)), 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Utime(path string, buf *Utimbuf) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procUtime)), 2, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(buf)), 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&proc__xnet_bind)), 3, uintptr(s), uintptr(addr), uintptr(addrlen), 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&proc__xnet_connect)), 3, uintptr(s), uintptr(addr), uintptr(addrlen), 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) {
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procmmap)), 6, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), uintptr(pos))
+	ret = uintptr(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func munmap(addr uintptr, length uintptr) (err error) {
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procmunmap)), 2, uintptr(addr), uintptr(length), 0, 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procsendfile)), 4, uintptr(outfd), uintptr(infd), uintptr(unsafe.Pointer(offset)), uintptr(count), 0, 0)
+	written = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) {
+	var _p0 *byte
+	if len(buf) > 0 {
+		_p0 = &buf[0]
+	}
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&proc__xnet_sendto)), 6, uintptr(s), uintptr(unsafe.Pointer(_p0)), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socket(domain int, typ int, proto int) (fd int, err error) {
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&proc__xnet_socket)), 3, uintptr(domain), uintptr(typ), uintptr(proto), 0, 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
+	_, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&proc__xnet_socketpair)), 4, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func write(fd int, p []byte) (n int, err error) {
+	var _p0 *byte
+	if len(p) > 0 {
+		_p0 = &p[0]
+	}
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procwrite)), 3, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(len(p)), 0, 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&proc__xnet_getsockopt)), 5, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procgetpeername)), 3, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), 0, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procsetsockopt)), 5, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
+	var _p0 *byte
+	if len(p) > 0 {
+		_p0 = &p[0]
+	}
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procrecvfrom)), 6, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+	n = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysctl_openbsd_386.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysctl_openbsd_386.go
new file mode 100644
index 000000000..102f1ab47
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysctl_openbsd_386.go
@@ -0,0 +1,273 @@
+// go run mksysctl_openbsd.go
+// Code generated by the command above; DO NOT EDIT.
+
+// +build 386,openbsd
+
+package unix
+
+type mibentry struct {
+	ctlname string
+	ctloid  []_C_int
+}
+
+var sysctlMib = []mibentry{
+	{"ddb.console", []_C_int{9, 6}},
+	{"ddb.log", []_C_int{9, 7}},
+	{"ddb.max_line", []_C_int{9, 3}},
+	{"ddb.max_width", []_C_int{9, 2}},
+	{"ddb.panic", []_C_int{9, 5}},
+	{"ddb.radix", []_C_int{9, 1}},
+	{"ddb.tab_stop_width", []_C_int{9, 4}},
+	{"ddb.trigger", []_C_int{9, 8}},
+	{"fs.posix.setuid", []_C_int{3, 1, 1}},
+	{"hw.allowpowerdown", []_C_int{6, 22}},
+	{"hw.byteorder", []_C_int{6, 4}},
+	{"hw.cpuspeed", []_C_int{6, 12}},
+	{"hw.diskcount", []_C_int{6, 10}},
+	{"hw.disknames", []_C_int{6, 8}},
+	{"hw.diskstats", []_C_int{6, 9}},
+	{"hw.machine", []_C_int{6, 1}},
+	{"hw.model", []_C_int{6, 2}},
+	{"hw.ncpu", []_C_int{6, 3}},
+	{"hw.ncpufound", []_C_int{6, 21}},
+	{"hw.ncpuonline", []_C_int{6, 25}},
+	{"hw.pagesize", []_C_int{6, 7}},
+	{"hw.physmem", []_C_int{6, 19}},
+	{"hw.product", []_C_int{6, 15}},
+	{"hw.serialno", []_C_int{6, 17}},
+	{"hw.setperf", []_C_int{6, 13}},
+	{"hw.usermem", []_C_int{6, 20}},
+	{"hw.uuid", []_C_int{6, 18}},
+	{"hw.vendor", []_C_int{6, 14}},
+	{"hw.version", []_C_int{6, 16}},
+	{"kern.arandom", []_C_int{1, 37}},
+	{"kern.argmax", []_C_int{1, 8}},
+	{"kern.boottime", []_C_int{1, 21}},
+	{"kern.bufcachepercent", []_C_int{1, 72}},
+	{"kern.ccpu", []_C_int{1, 45}},
+	{"kern.clockrate", []_C_int{1, 12}},
+	{"kern.consdev", []_C_int{1, 75}},
+	{"kern.cp_time", []_C_int{1, 40}},
+	{"kern.cp_time2", []_C_int{1, 71}},
+	{"kern.cryptodevallowsoft", []_C_int{1, 53}},
+	{"kern.domainname", []_C_int{1, 22}},
+	{"kern.file", []_C_int{1, 73}},
+	{"kern.forkstat", []_C_int{1, 42}},
+	{"kern.fscale", []_C_int{1, 46}},
+	{"kern.fsync", []_C_int{1, 33}},
+	{"kern.hostid", []_C_int{1, 11}},
+	{"kern.hostname", []_C_int{1, 10}},
+	{"kern.intrcnt.nintrcnt", []_C_int{1, 63, 1}},
+	{"kern.job_control", []_C_int{1, 19}},
+	{"kern.malloc.buckets", []_C_int{1, 39, 1}},
+	{"kern.malloc.kmemnames", []_C_int{1, 39, 3}},
+	{"kern.maxclusters", []_C_int{1, 67}},
+	{"kern.maxfiles", []_C_int{1, 7}},
+	{"kern.maxlocksperuid", []_C_int{1, 70}},
+	{"kern.maxpartitions", []_C_int{1, 23}},
+	{"kern.maxproc", []_C_int{1, 6}},
+	{"kern.maxthread", []_C_int{1, 25}},
+	{"kern.maxvnodes", []_C_int{1, 5}},
+	{"kern.mbstat", []_C_int{1, 59}},
+	{"kern.msgbuf", []_C_int{1, 48}},
+	{"kern.msgbufsize", []_C_int{1, 38}},
+	{"kern.nchstats", []_C_int{1, 41}},
+	{"kern.netlivelocks", []_C_int{1, 76}},
+	{"kern.nfiles", []_C_int{1, 56}},
+	{"kern.ngroups", []_C_int{1, 18}},
+	{"kern.nosuidcoredump", []_C_int{1, 32}},
+	{"kern.nprocs", []_C_int{1, 47}},
+	{"kern.nselcoll", []_C_int{1, 43}},
+	{"kern.nthreads", []_C_int{1, 26}},
+	{"kern.numvnodes", []_C_int{1, 58}},
+	{"kern.osrelease", []_C_int{1, 2}},
+	{"kern.osrevision", []_C_int{1, 3}},
+	{"kern.ostype", []_C_int{1, 1}},
+	{"kern.osversion", []_C_int{1, 27}},
+	{"kern.pool_debug", []_C_int{1, 77}},
+	{"kern.posix1version", []_C_int{1, 17}},
+	{"kern.proc", []_C_int{1, 66}},
+	{"kern.random", []_C_int{1, 31}},
+	{"kern.rawpartition", []_C_int{1, 24}},
+	{"kern.saved_ids", []_C_int{1, 20}},
+	{"kern.securelevel", []_C_int{1, 9}},
+	{"kern.seminfo", []_C_int{1, 61}},
+	{"kern.shminfo", []_C_int{1, 62}},
+	{"kern.somaxconn", []_C_int{1, 28}},
+	{"kern.sominconn", []_C_int{1, 29}},
+	{"kern.splassert", []_C_int{1, 54}},
+	{"kern.stackgap_random", []_C_int{1, 50}},
+	{"kern.sysvipc_info", []_C_int{1, 51}},
+	{"kern.sysvmsg", []_C_int{1, 34}},
+	{"kern.sysvsem", []_C_int{1, 35}},
+	{"kern.sysvshm", []_C_int{1, 36}},
+	{"kern.timecounter.choice", []_C_int{1, 69, 4}},
+	{"kern.timecounter.hardware", []_C_int{1, 69, 3}},
+	{"kern.timecounter.tick", []_C_int{1, 69, 1}},
+	{"kern.timecounter.timestepwarnings", []_C_int{1, 69, 2}},
+	{"kern.tty.maxptys", []_C_int{1, 44, 6}},
+	{"kern.tty.nptys", []_C_int{1, 44, 7}},
+	{"kern.tty.tk_cancc", []_C_int{1, 44, 4}},
+	{"kern.tty.tk_nin", []_C_int{1, 44, 1}},
+	{"kern.tty.tk_nout", []_C_int{1, 44, 2}},
+	{"kern.tty.tk_rawcc", []_C_int{1, 44, 3}},
+	{"kern.tty.ttyinfo", []_C_int{1, 44, 5}},
+	{"kern.ttycount", []_C_int{1, 57}},
+	{"kern.userasymcrypto", []_C_int{1, 60}},
+	{"kern.usercrypto", []_C_int{1, 52}},
+	{"kern.usermount", []_C_int{1, 30}},
+	{"kern.version", []_C_int{1, 4}},
+	{"kern.vnode", []_C_int{1, 13}},
+	{"kern.watchdog.auto", []_C_int{1, 64, 2}},
+	{"kern.watchdog.period", []_C_int{1, 64, 1}},
+	{"net.bpf.bufsize", []_C_int{4, 31, 1}},
+	{"net.bpf.maxbufsize", []_C_int{4, 31, 2}},
+	{"net.inet.ah.enable", []_C_int{4, 2, 51, 1}},
+	{"net.inet.ah.stats", []_C_int{4, 2, 51, 2}},
+	{"net.inet.carp.allow", []_C_int{4, 2, 112, 1}},
+	{"net.inet.carp.log", []_C_int{4, 2, 112, 3}},
+	{"net.inet.carp.preempt", []_C_int{4, 2, 112, 2}},
+	{"net.inet.carp.stats", []_C_int{4, 2, 112, 4}},
+	{"net.inet.divert.recvspace", []_C_int{4, 2, 258, 1}},
+	{"net.inet.divert.sendspace", []_C_int{4, 2, 258, 2}},
+	{"net.inet.divert.stats", []_C_int{4, 2, 258, 3}},
+	{"net.inet.esp.enable", []_C_int{4, 2, 50, 1}},
+	{"net.inet.esp.stats", []_C_int{4, 2, 50, 4}},
+	{"net.inet.esp.udpencap", []_C_int{4, 2, 50, 2}},
+	{"net.inet.esp.udpencap_port", []_C_int{4, 2, 50, 3}},
+	{"net.inet.etherip.allow", []_C_int{4, 2, 97, 1}},
+	{"net.inet.etherip.stats", []_C_int{4, 2, 97, 2}},
+	{"net.inet.gre.allow", []_C_int{4, 2, 47, 1}},
+	{"net.inet.gre.wccp", []_C_int{4, 2, 47, 2}},
+	{"net.inet.icmp.bmcastecho", []_C_int{4, 2, 1, 2}},
+	{"net.inet.icmp.errppslimit", []_C_int{4, 2, 1, 3}},
+	{"net.inet.icmp.maskrepl", []_C_int{4, 2, 1, 1}},
+	{"net.inet.icmp.rediraccept", []_C_int{4, 2, 1, 4}},
+	{"net.inet.icmp.redirtimeout", []_C_int{4, 2, 1, 5}},
+	{"net.inet.icmp.stats", []_C_int{4, 2, 1, 7}},
+	{"net.inet.icmp.tstamprepl", []_C_int{4, 2, 1, 6}},
+	{"net.inet.igmp.stats", []_C_int{4, 2, 2, 1}},
+	{"net.inet.ip.arpqueued", []_C_int{4, 2, 0, 36}},
+	{"net.inet.ip.encdebug", []_C_int{4, 2, 0, 12}},
+	{"net.inet.ip.forwarding", []_C_int{4, 2, 0, 1}},
+	{"net.inet.ip.ifq.congestion", []_C_int{4, 2, 0, 30, 4}},
+	{"net.inet.ip.ifq.drops", []_C_int{4, 2, 0, 30, 3}},
+	{"net.inet.ip.ifq.len", []_C_int{4, 2, 0, 30, 1}},
+	{"net.inet.ip.ifq.maxlen", []_C_int{4, 2, 0, 30, 2}},
+	{"net.inet.ip.maxqueue", []_C_int{4, 2, 0, 11}},
+	{"net.inet.ip.mforwarding", []_C_int{4, 2, 0, 31}},
+	{"net.inet.ip.mrtproto", []_C_int{4, 2, 0, 34}},
+	{"net.inet.ip.mrtstats", []_C_int{4, 2, 0, 35}},
+	{"net.inet.ip.mtu", []_C_int{4, 2, 0, 4}},
+	{"net.inet.ip.mtudisc", []_C_int{4, 2, 0, 27}},
+	{"net.inet.ip.mtudisctimeout", []_C_int{4, 2, 0, 28}},
+	{"net.inet.ip.multipath", []_C_int{4, 2, 0, 32}},
+	{"net.inet.ip.portfirst", []_C_int{4, 2, 0, 7}},
+	{"net.inet.ip.porthifirst", []_C_int{4, 2, 0, 9}},
+	{"net.inet.ip.porthilast", []_C_int{4, 2, 0, 10}},
+	{"net.inet.ip.portlast", []_C_int{4, 2, 0, 8}},
+	{"net.inet.ip.redirect", []_C_int{4, 2, 0, 2}},
+	{"net.inet.ip.sourceroute", []_C_int{4, 2, 0, 5}},
+	{"net.inet.ip.stats", []_C_int{4, 2, 0, 33}},
+	{"net.inet.ip.ttl", []_C_int{4, 2, 0, 3}},
+	{"net.inet.ipcomp.enable", []_C_int{4, 2, 108, 1}},
+	{"net.inet.ipcomp.stats", []_C_int{4, 2, 108, 2}},
+	{"net.inet.ipip.allow", []_C_int{4, 2, 4, 1}},
+	{"net.inet.ipip.stats", []_C_int{4, 2, 4, 2}},
+	{"net.inet.mobileip.allow", []_C_int{4, 2, 55, 1}},
+	{"net.inet.pfsync.stats", []_C_int{4, 2, 240, 1}},
+	{"net.inet.pim.stats", []_C_int{4, 2, 103, 1}},
+	{"net.inet.tcp.ackonpush", []_C_int{4, 2, 6, 13}},
+	{"net.inet.tcp.always_keepalive", []_C_int{4, 2, 6, 22}},
+	{"net.inet.tcp.baddynamic", []_C_int{4, 2, 6, 6}},
+	{"net.inet.tcp.drop", []_C_int{4, 2, 6, 19}},
+	{"net.inet.tcp.ecn", []_C_int{4, 2, 6, 14}},
+	{"net.inet.tcp.ident", []_C_int{4, 2, 6, 9}},
+	{"net.inet.tcp.keepidle", []_C_int{4, 2, 6, 3}},
+	{"net.inet.tcp.keepinittime", []_C_int{4, 2, 6, 2}},
+	{"net.inet.tcp.keepintvl", []_C_int{4, 2, 6, 4}},
+	{"net.inet.tcp.mssdflt", []_C_int{4, 2, 6, 11}},
+	{"net.inet.tcp.reasslimit", []_C_int{4, 2, 6, 18}},
+	{"net.inet.tcp.rfc1323", []_C_int{4, 2, 6, 1}},
+	{"net.inet.tcp.rfc3390", []_C_int{4, 2, 6, 17}},
+	{"net.inet.tcp.rstppslimit", []_C_int{4, 2, 6, 12}},
+	{"net.inet.tcp.sack", []_C_int{4, 2, 6, 10}},
+	{"net.inet.tcp.sackholelimit", []_C_int{4, 2, 6, 20}},
+	{"net.inet.tcp.slowhz", []_C_int{4, 2, 6, 5}},
+	{"net.inet.tcp.stats", []_C_int{4, 2, 6, 21}},
+	{"net.inet.tcp.synbucketlimit", []_C_int{4, 2, 6, 16}},
+	{"net.inet.tcp.syncachelimit", []_C_int{4, 2, 6, 15}},
+	{"net.inet.udp.baddynamic", []_C_int{4, 2, 17, 2}},
+	{"net.inet.udp.checksum", []_C_int{4, 2, 17, 1}},
+	{"net.inet.udp.recvspace", []_C_int{4, 2, 17, 3}},
+	{"net.inet.udp.sendspace", []_C_int{4, 2, 17, 4}},
+	{"net.inet.udp.stats", []_C_int{4, 2, 17, 5}},
+	{"net.inet6.divert.recvspace", []_C_int{4, 24, 86, 1}},
+	{"net.inet6.divert.sendspace", []_C_int{4, 24, 86, 2}},
+	{"net.inet6.divert.stats", []_C_int{4, 24, 86, 3}},
+	{"net.inet6.icmp6.errppslimit", []_C_int{4, 24, 30, 14}},
+	{"net.inet6.icmp6.mtudisc_hiwat", []_C_int{4, 24, 30, 16}},
+	{"net.inet6.icmp6.mtudisc_lowat", []_C_int{4, 24, 30, 17}},
+	{"net.inet6.icmp6.nd6_debug", []_C_int{4, 24, 30, 18}},
+	{"net.inet6.icmp6.nd6_delay", []_C_int{4, 24, 30, 8}},
+	{"net.inet6.icmp6.nd6_maxnudhint", []_C_int{4, 24, 30, 15}},
+	{"net.inet6.icmp6.nd6_mmaxtries", []_C_int{4, 24, 30, 10}},
+	{"net.inet6.icmp6.nd6_prune", []_C_int{4, 24, 30, 6}},
+	{"net.inet6.icmp6.nd6_umaxtries", []_C_int{4, 24, 30, 9}},
+	{"net.inet6.icmp6.nd6_useloopback", []_C_int{4, 24, 30, 11}},
+	{"net.inet6.icmp6.nodeinfo", []_C_int{4, 24, 30, 13}},
+	{"net.inet6.icmp6.rediraccept", []_C_int{4, 24, 30, 2}},
+	{"net.inet6.icmp6.redirtimeout", []_C_int{4, 24, 30, 3}},
+	{"net.inet6.ip6.accept_rtadv", []_C_int{4, 24, 17, 12}},
+	{"net.inet6.ip6.auto_flowlabel", []_C_int{4, 24, 17, 17}},
+	{"net.inet6.ip6.dad_count", []_C_int{4, 24, 17, 16}},
+	{"net.inet6.ip6.dad_pending", []_C_int{4, 24, 17, 49}},
+	{"net.inet6.ip6.defmcasthlim", []_C_int{4, 24, 17, 18}},
+	{"net.inet6.ip6.forwarding", []_C_int{4, 24, 17, 1}},
+	{"net.inet6.ip6.forwsrcrt", []_C_int{4, 24, 17, 5}},
+	{"net.inet6.ip6.hdrnestlimit", []_C_int{4, 24, 17, 15}},
+	{"net.inet6.ip6.hlim", []_C_int{4, 24, 17, 3}},
+	{"net.inet6.ip6.log_interval", []_C_int{4, 24, 17, 14}},
+	{"net.inet6.ip6.maxdynroutes", []_C_int{4, 24, 17, 48}},
+	{"net.inet6.ip6.maxfragpackets", []_C_int{4, 24, 17, 9}},
+	{"net.inet6.ip6.maxfrags", []_C_int{4, 24, 17, 41}},
+	{"net.inet6.ip6.maxifdefrouters", []_C_int{4, 24, 17, 47}},
+	{"net.inet6.ip6.maxifprefixes", []_C_int{4, 24, 17, 46}},
+	{"net.inet6.ip6.mforwarding", []_C_int{4, 24, 17, 42}},
+	{"net.inet6.ip6.mrtproto", []_C_int{4, 24, 17, 8}},
+	{"net.inet6.ip6.mtudisctimeout", []_C_int{4, 24, 17, 50}},
+	{"net.inet6.ip6.multicast_mtudisc", []_C_int{4, 24, 17, 44}},
+	{"net.inet6.ip6.multipath", []_C_int{4, 24, 17, 43}},
+	{"net.inet6.ip6.neighborgcthresh", []_C_int{4, 24, 17, 45}},
+	{"net.inet6.ip6.redirect", []_C_int{4, 24, 17, 2}},
+	{"net.inet6.ip6.rr_prune", []_C_int{4, 24, 17, 22}},
+	{"net.inet6.ip6.sourcecheck", []_C_int{4, 24, 17, 10}},
+	{"net.inet6.ip6.sourcecheck_logint", []_C_int{4, 24, 17, 11}},
+	{"net.inet6.ip6.use_deprecated", []_C_int{4, 24, 17, 21}},
+	{"net.inet6.ip6.v6only", []_C_int{4, 24, 17, 24}},
+	{"net.key.sadb_dump", []_C_int{4, 30, 1}},
+	{"net.key.spd_dump", []_C_int{4, 30, 2}},
+	{"net.mpls.ifq.congestion", []_C_int{4, 33, 3, 4}},
+	{"net.mpls.ifq.drops", []_C_int{4, 33, 3, 3}},
+	{"net.mpls.ifq.len", []_C_int{4, 33, 3, 1}},
+	{"net.mpls.ifq.maxlen", []_C_int{4, 33, 3, 2}},
+	{"net.mpls.mapttl_ip", []_C_int{4, 33, 5}},
+	{"net.mpls.mapttl_ip6", []_C_int{4, 33, 6}},
+	{"net.mpls.maxloop_inkernel", []_C_int{4, 33, 4}},
+	{"net.mpls.ttl", []_C_int{4, 33, 2}},
+	{"net.pflow.stats", []_C_int{4, 34, 1}},
+	{"net.pipex.enable", []_C_int{4, 35, 1}},
+	{"vm.anonmin", []_C_int{2, 7}},
+	{"vm.loadavg", []_C_int{2, 2}},
+	{"vm.maxslp", []_C_int{2, 10}},
+	{"vm.nkmempages", []_C_int{2, 6}},
+	{"vm.psstrings", []_C_int{2, 3}},
+	{"vm.swapencrypt.enable", []_C_int{2, 5, 0}},
+	{"vm.swapencrypt.keyscreated", []_C_int{2, 5, 1}},
+	{"vm.swapencrypt.keysdeleted", []_C_int{2, 5, 2}},
+	{"vm.uspace", []_C_int{2, 11}},
+	{"vm.uvmexp", []_C_int{2, 4}},
+	{"vm.vmmeter", []_C_int{2, 1}},
+	{"vm.vnodemin", []_C_int{2, 9}},
+	{"vm.vtextmin", []_C_int{2, 8}},
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysctl_openbsd_amd64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysctl_openbsd_amd64.go
new file mode 100644
index 000000000..4866fced8
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysctl_openbsd_amd64.go
@@ -0,0 +1,271 @@
+// go run mksysctl_openbsd.go
+// Code generated by the command above; DO NOT EDIT.
+
+// +build amd64,openbsd
+
+package unix
+
+type mibentry struct {
+	ctlname string
+	ctloid  []_C_int
+}
+
+var sysctlMib = []mibentry{
+	{"ddb.console", []_C_int{9, 6}},
+	{"ddb.log", []_C_int{9, 7}},
+	{"ddb.max_line", []_C_int{9, 3}},
+	{"ddb.max_width", []_C_int{9, 2}},
+	{"ddb.panic", []_C_int{9, 5}},
+	{"ddb.profile", []_C_int{9, 9}},
+	{"ddb.radix", []_C_int{9, 1}},
+	{"ddb.tab_stop_width", []_C_int{9, 4}},
+	{"ddb.trigger", []_C_int{9, 8}},
+	{"fs.posix.setuid", []_C_int{3, 1, 1}},
+	{"hw.allowpowerdown", []_C_int{6, 22}},
+	{"hw.byteorder", []_C_int{6, 4}},
+	{"hw.cpuspeed", []_C_int{6, 12}},
+	{"hw.diskcount", []_C_int{6, 10}},
+	{"hw.disknames", []_C_int{6, 8}},
+	{"hw.diskstats", []_C_int{6, 9}},
+	{"hw.machine", []_C_int{6, 1}},
+	{"hw.model", []_C_int{6, 2}},
+	{"hw.ncpu", []_C_int{6, 3}},
+	{"hw.ncpufound", []_C_int{6, 21}},
+	{"hw.ncpuonline", []_C_int{6, 25}},
+	{"hw.pagesize", []_C_int{6, 7}},
+	{"hw.perfpolicy", []_C_int{6, 23}},
+	{"hw.physmem", []_C_int{6, 19}},
+	{"hw.product", []_C_int{6, 15}},
+	{"hw.serialno", []_C_int{6, 17}},
+	{"hw.setperf", []_C_int{6, 13}},
+	{"hw.usermem", []_C_int{6, 20}},
+	{"hw.uuid", []_C_int{6, 18}},
+	{"hw.vendor", []_C_int{6, 14}},
+	{"hw.version", []_C_int{6, 16}},
+	{"kern.allowkmem", []_C_int{1, 52}},
+	{"kern.argmax", []_C_int{1, 8}},
+	{"kern.boottime", []_C_int{1, 21}},
+	{"kern.bufcachepercent", []_C_int{1, 72}},
+	{"kern.ccpu", []_C_int{1, 45}},
+	{"kern.clockrate", []_C_int{1, 12}},
+	{"kern.consdev", []_C_int{1, 75}},
+	{"kern.cp_time", []_C_int{1, 40}},
+	{"kern.cp_time2", []_C_int{1, 71}},
+	{"kern.dnsjackport", []_C_int{1, 13}},
+	{"kern.domainname", []_C_int{1, 22}},
+	{"kern.file", []_C_int{1, 73}},
+	{"kern.forkstat", []_C_int{1, 42}},
+	{"kern.fscale", []_C_int{1, 46}},
+	{"kern.fsync", []_C_int{1, 33}},
+	{"kern.global_ptrace", []_C_int{1, 81}},
+	{"kern.hostid", []_C_int{1, 11}},
+	{"kern.hostname", []_C_int{1, 10}},
+	{"kern.intrcnt.nintrcnt", []_C_int{1, 63, 1}},
+	{"kern.job_control", []_C_int{1, 19}},
+	{"kern.malloc.buckets", []_C_int{1, 39, 1}},
+	{"kern.malloc.kmemnames", []_C_int{1, 39, 3}},
+	{"kern.maxclusters", []_C_int{1, 67}},
+	{"kern.maxfiles", []_C_int{1, 7}},
+	{"kern.maxlocksperuid", []_C_int{1, 70}},
+	{"kern.maxpartitions", []_C_int{1, 23}},
+	{"kern.maxproc", []_C_int{1, 6}},
+	{"kern.maxthread", []_C_int{1, 25}},
+	{"kern.maxvnodes", []_C_int{1, 5}},
+	{"kern.mbstat", []_C_int{1, 59}},
+	{"kern.msgbuf", []_C_int{1, 48}},
+	{"kern.msgbufsize", []_C_int{1, 38}},
+	{"kern.nchstats", []_C_int{1, 41}},
+	{"kern.netlivelocks", []_C_int{1, 76}},
+	{"kern.nfiles", []_C_int{1, 56}},
+	{"kern.ngroups", []_C_int{1, 18}},
+	{"kern.nosuidcoredump", []_C_int{1, 32}},
+	{"kern.nprocs", []_C_int{1, 47}},
+	{"kern.nselcoll", []_C_int{1, 43}},
+	{"kern.nthreads", []_C_int{1, 26}},
+	{"kern.numvnodes", []_C_int{1, 58}},
+	{"kern.osrelease", []_C_int{1, 2}},
+	{"kern.osrevision", []_C_int{1, 3}},
+	{"kern.ostype", []_C_int{1, 1}},
+	{"kern.osversion", []_C_int{1, 27}},
+	{"kern.pool_debug", []_C_int{1, 77}},
+	{"kern.posix1version", []_C_int{1, 17}},
+	{"kern.proc", []_C_int{1, 66}},
+	{"kern.rawpartition", []_C_int{1, 24}},
+	{"kern.saved_ids", []_C_int{1, 20}},
+	{"kern.securelevel", []_C_int{1, 9}},
+	{"kern.seminfo", []_C_int{1, 61}},
+	{"kern.shminfo", []_C_int{1, 62}},
+	{"kern.somaxconn", []_C_int{1, 28}},
+	{"kern.sominconn", []_C_int{1, 29}},
+	{"kern.splassert", []_C_int{1, 54}},
+	{"kern.stackgap_random", []_C_int{1, 50}},
+	{"kern.sysvipc_info", []_C_int{1, 51}},
+	{"kern.sysvmsg", []_C_int{1, 34}},
+	{"kern.sysvsem", []_C_int{1, 35}},
+	{"kern.sysvshm", []_C_int{1, 36}},
+	{"kern.timecounter.choice", []_C_int{1, 69, 4}},
+	{"kern.timecounter.hardware", []_C_int{1, 69, 3}},
+	{"kern.timecounter.tick", []_C_int{1, 69, 1}},
+	{"kern.timecounter.timestepwarnings", []_C_int{1, 69, 2}},
+	{"kern.tty.tk_cancc", []_C_int{1, 44, 4}},
+	{"kern.tty.tk_nin", []_C_int{1, 44, 1}},
+	{"kern.tty.tk_nout", []_C_int{1, 44, 2}},
+	{"kern.tty.tk_rawcc", []_C_int{1, 44, 3}},
+	{"kern.tty.ttyinfo", []_C_int{1, 44, 5}},
+	{"kern.ttycount", []_C_int{1, 57}},
+	{"kern.version", []_C_int{1, 4}},
+	{"kern.watchdog.auto", []_C_int{1, 64, 2}},
+	{"kern.watchdog.period", []_C_int{1, 64, 1}},
+	{"kern.wxabort", []_C_int{1, 74}},
+	{"net.bpf.bufsize", []_C_int{4, 31, 1}},
+	{"net.bpf.maxbufsize", []_C_int{4, 31, 2}},
+	{"net.inet.ah.enable", []_C_int{4, 2, 51, 1}},
+	{"net.inet.ah.stats", []_C_int{4, 2, 51, 2}},
+	{"net.inet.carp.allow", []_C_int{4, 2, 112, 1}},
+	{"net.inet.carp.log", []_C_int{4, 2, 112, 3}},
+	{"net.inet.carp.preempt", []_C_int{4, 2, 112, 2}},
+	{"net.inet.carp.stats", []_C_int{4, 2, 112, 4}},
+	{"net.inet.divert.recvspace", []_C_int{4, 2, 258, 1}},
+	{"net.inet.divert.sendspace", []_C_int{4, 2, 258, 2}},
+	{"net.inet.divert.stats", []_C_int{4, 2, 258, 3}},
+	{"net.inet.esp.enable", []_C_int{4, 2, 50, 1}},
+	{"net.inet.esp.stats", []_C_int{4, 2, 50, 4}},
+	{"net.inet.esp.udpencap", []_C_int{4, 2, 50, 2}},
+	{"net.inet.esp.udpencap_port", []_C_int{4, 2, 50, 3}},
+	{"net.inet.etherip.allow", []_C_int{4, 2, 97, 1}},
+	{"net.inet.etherip.stats", []_C_int{4, 2, 97, 2}},
+	{"net.inet.gre.allow", []_C_int{4, 2, 47, 1}},
+	{"net.inet.gre.wccp", []_C_int{4, 2, 47, 2}},
+	{"net.inet.icmp.bmcastecho", []_C_int{4, 2, 1, 2}},
+	{"net.inet.icmp.errppslimit", []_C_int{4, 2, 1, 3}},
+	{"net.inet.icmp.maskrepl", []_C_int{4, 2, 1, 1}},
+	{"net.inet.icmp.rediraccept", []_C_int{4, 2, 1, 4}},
+	{"net.inet.icmp.redirtimeout", []_C_int{4, 2, 1, 5}},
+	{"net.inet.icmp.stats", []_C_int{4, 2, 1, 7}},
+	{"net.inet.icmp.tstamprepl", []_C_int{4, 2, 1, 6}},
+	{"net.inet.igmp.stats", []_C_int{4, 2, 2, 1}},
+	{"net.inet.ip.arpdown", []_C_int{4, 2, 0, 40}},
+	{"net.inet.ip.arpqueued", []_C_int{4, 2, 0, 36}},
+	{"net.inet.ip.arptimeout", []_C_int{4, 2, 0, 39}},
+	{"net.inet.ip.encdebug", []_C_int{4, 2, 0, 12}},
+	{"net.inet.ip.forwarding", []_C_int{4, 2, 0, 1}},
+	{"net.inet.ip.ifq.congestion", []_C_int{4, 2, 0, 30, 4}},
+	{"net.inet.ip.ifq.drops", []_C_int{4, 2, 0, 30, 3}},
+	{"net.inet.ip.ifq.len", []_C_int{4, 2, 0, 30, 1}},
+	{"net.inet.ip.ifq.maxlen", []_C_int{4, 2, 0, 30, 2}},
+	{"net.inet.ip.maxqueue", []_C_int{4, 2, 0, 11}},
+	{"net.inet.ip.mforwarding", []_C_int{4, 2, 0, 31}},
+	{"net.inet.ip.mrtmfc", []_C_int{4, 2, 0, 37}},
+	{"net.inet.ip.mrtproto", []_C_int{4, 2, 0, 34}},
+	{"net.inet.ip.mrtstats", []_C_int{4, 2, 0, 35}},
+	{"net.inet.ip.mrtvif", []_C_int{4, 2, 0, 38}},
+	{"net.inet.ip.mtu", []_C_int{4, 2, 0, 4}},
+	{"net.inet.ip.mtudisc", []_C_int{4, 2, 0, 27}},
+	{"net.inet.ip.mtudisctimeout", []_C_int{4, 2, 0, 28}},
+	{"net.inet.ip.multipath", []_C_int{4, 2, 0, 32}},
+	{"net.inet.ip.portfirst", []_C_int{4, 2, 0, 7}},
+	{"net.inet.ip.porthifirst", []_C_int{4, 2, 0, 9}},
+	{"net.inet.ip.porthilast", []_C_int{4, 2, 0, 10}},
+	{"net.inet.ip.portlast", []_C_int{4, 2, 0, 8}},
+	{"net.inet.ip.redirect", []_C_int{4, 2, 0, 2}},
+	{"net.inet.ip.sourceroute", []_C_int{4, 2, 0, 5}},
+	{"net.inet.ip.stats", []_C_int{4, 2, 0, 33}},
+	{"net.inet.ip.ttl", []_C_int{4, 2, 0, 3}},
+	{"net.inet.ipcomp.enable", []_C_int{4, 2, 108, 1}},
+	{"net.inet.ipcomp.stats", []_C_int{4, 2, 108, 2}},
+	{"net.inet.ipip.allow", []_C_int{4, 2, 4, 1}},
+	{"net.inet.ipip.stats", []_C_int{4, 2, 4, 2}},
+	{"net.inet.mobileip.allow", []_C_int{4, 2, 55, 1}},
+	{"net.inet.pfsync.stats", []_C_int{4, 2, 240, 1}},
+	{"net.inet.tcp.ackonpush", []_C_int{4, 2, 6, 13}},
+	{"net.inet.tcp.always_keepalive", []_C_int{4, 2, 6, 22}},
+	{"net.inet.tcp.baddynamic", []_C_int{4, 2, 6, 6}},
+	{"net.inet.tcp.drop", []_C_int{4, 2, 6, 19}},
+	{"net.inet.tcp.ecn", []_C_int{4, 2, 6, 14}},
+	{"net.inet.tcp.ident", []_C_int{4, 2, 6, 9}},
+	{"net.inet.tcp.keepidle", []_C_int{4, 2, 6, 3}},
+	{"net.inet.tcp.keepinittime", []_C_int{4, 2, 6, 2}},
+	{"net.inet.tcp.keepintvl", []_C_int{4, 2, 6, 4}},
+	{"net.inet.tcp.mssdflt", []_C_int{4, 2, 6, 11}},
+	{"net.inet.tcp.reasslimit", []_C_int{4, 2, 6, 18}},
+	{"net.inet.tcp.rfc1323", []_C_int{4, 2, 6, 1}},
+	{"net.inet.tcp.rfc3390", []_C_int{4, 2, 6, 17}},
+	{"net.inet.tcp.rootonly", []_C_int{4, 2, 6, 24}},
+	{"net.inet.tcp.rstppslimit", []_C_int{4, 2, 6, 12}},
+	{"net.inet.tcp.sack", []_C_int{4, 2, 6, 10}},
+	{"net.inet.tcp.sackholelimit", []_C_int{4, 2, 6, 20}},
+	{"net.inet.tcp.slowhz", []_C_int{4, 2, 6, 5}},
+	{"net.inet.tcp.stats", []_C_int{4, 2, 6, 21}},
+	{"net.inet.tcp.synbucketlimit", []_C_int{4, 2, 6, 16}},
+	{"net.inet.tcp.syncachelimit", []_C_int{4, 2, 6, 15}},
+	{"net.inet.tcp.synhashsize", []_C_int{4, 2, 6, 25}},
+	{"net.inet.tcp.synuselimit", []_C_int{4, 2, 6, 23}},
+	{"net.inet.udp.baddynamic", []_C_int{4, 2, 17, 2}},
+	{"net.inet.udp.checksum", []_C_int{4, 2, 17, 1}},
+	{"net.inet.udp.recvspace", []_C_int{4, 2, 17, 3}},
+	{"net.inet.udp.rootonly", []_C_int{4, 2, 17, 6}},
+	{"net.inet.udp.sendspace", []_C_int{4, 2, 17, 4}},
+	{"net.inet.udp.stats", []_C_int{4, 2, 17, 5}},
+	{"net.inet6.divert.recvspace", []_C_int{4, 24, 86, 1}},
+	{"net.inet6.divert.sendspace", []_C_int{4, 24, 86, 2}},
+	{"net.inet6.divert.stats", []_C_int{4, 24, 86, 3}},
+	{"net.inet6.icmp6.errppslimit", []_C_int{4, 24, 30, 14}},
+	{"net.inet6.icmp6.mtudisc_hiwat", []_C_int{4, 24, 30, 16}},
+	{"net.inet6.icmp6.mtudisc_lowat", []_C_int{4, 24, 30, 17}},
+	{"net.inet6.icmp6.nd6_debug", []_C_int{4, 24, 30, 18}},
+	{"net.inet6.icmp6.nd6_delay", []_C_int{4, 24, 30, 8}},
+	{"net.inet6.icmp6.nd6_maxnudhint", []_C_int{4, 24, 30, 15}},
+	{"net.inet6.icmp6.nd6_mmaxtries", []_C_int{4, 24, 30, 10}},
+	{"net.inet6.icmp6.nd6_umaxtries", []_C_int{4, 24, 30, 9}},
+	{"net.inet6.icmp6.redirtimeout", []_C_int{4, 24, 30, 3}},
+	{"net.inet6.ip6.auto_flowlabel", []_C_int{4, 24, 17, 17}},
+	{"net.inet6.ip6.dad_count", []_C_int{4, 24, 17, 16}},
+	{"net.inet6.ip6.dad_pending", []_C_int{4, 24, 17, 49}},
+	{"net.inet6.ip6.defmcasthlim", []_C_int{4, 24, 17, 18}},
+	{"net.inet6.ip6.forwarding", []_C_int{4, 24, 17, 1}},
+	{"net.inet6.ip6.forwsrcrt", []_C_int{4, 24, 17, 5}},
+	{"net.inet6.ip6.hdrnestlimit", []_C_int{4, 24, 17, 15}},
+	{"net.inet6.ip6.hlim", []_C_int{4, 24, 17, 3}},
+	{"net.inet6.ip6.log_interval", []_C_int{4, 24, 17, 14}},
+	{"net.inet6.ip6.maxdynroutes", []_C_int{4, 24, 17, 48}},
+	{"net.inet6.ip6.maxfragpackets", []_C_int{4, 24, 17, 9}},
+	{"net.inet6.ip6.maxfrags", []_C_int{4, 24, 17, 41}},
+	{"net.inet6.ip6.mforwarding", []_C_int{4, 24, 17, 42}},
+	{"net.inet6.ip6.mrtmfc", []_C_int{4, 24, 17, 53}},
+	{"net.inet6.ip6.mrtmif", []_C_int{4, 24, 17, 52}},
+	{"net.inet6.ip6.mrtproto", []_C_int{4, 24, 17, 8}},
+	{"net.inet6.ip6.mtudisctimeout", []_C_int{4, 24, 17, 50}},
+	{"net.inet6.ip6.multicast_mtudisc", []_C_int{4, 24, 17, 44}},
+	{"net.inet6.ip6.multipath", []_C_int{4, 24, 17, 43}},
+	{"net.inet6.ip6.neighborgcthresh", []_C_int{4, 24, 17, 45}},
+	{"net.inet6.ip6.redirect", []_C_int{4, 24, 17, 2}},
+	{"net.inet6.ip6.soiikey", []_C_int{4, 24, 17, 54}},
+	{"net.inet6.ip6.sourcecheck", []_C_int{4, 24, 17, 10}},
+	{"net.inet6.ip6.sourcecheck_logint", []_C_int{4, 24, 17, 11}},
+	{"net.inet6.ip6.use_deprecated", []_C_int{4, 24, 17, 21}},
+	{"net.key.sadb_dump", []_C_int{4, 30, 1}},
+	{"net.key.spd_dump", []_C_int{4, 30, 2}},
+	{"net.mpls.ifq.congestion", []_C_int{4, 33, 3, 4}},
+	{"net.mpls.ifq.drops", []_C_int{4, 33, 3, 3}},
+	{"net.mpls.ifq.len", []_C_int{4, 33, 3, 1}},
+	{"net.mpls.ifq.maxlen", []_C_int{4, 33, 3, 2}},
+	{"net.mpls.mapttl_ip", []_C_int{4, 33, 5}},
+	{"net.mpls.mapttl_ip6", []_C_int{4, 33, 6}},
+	{"net.mpls.maxloop_inkernel", []_C_int{4, 33, 4}},
+	{"net.mpls.ttl", []_C_int{4, 33, 2}},
+	{"net.pflow.stats", []_C_int{4, 34, 1}},
+	{"net.pipex.enable", []_C_int{4, 35, 1}},
+	{"vm.anonmin", []_C_int{2, 7}},
+	{"vm.loadavg", []_C_int{2, 2}},
+	{"vm.maxslp", []_C_int{2, 10}},
+	{"vm.nkmempages", []_C_int{2, 6}},
+	{"vm.psstrings", []_C_int{2, 3}},
+	{"vm.swapencrypt.enable", []_C_int{2, 5, 0}},
+	{"vm.swapencrypt.keyscreated", []_C_int{2, 5, 1}},
+	{"vm.swapencrypt.keysdeleted", []_C_int{2, 5, 2}},
+	{"vm.uspace", []_C_int{2, 11}},
+	{"vm.uvmexp", []_C_int{2, 4}},
+	{"vm.vmmeter", []_C_int{2, 1}},
+	{"vm.vnodemin", []_C_int{2, 9}},
+	{"vm.vtextmin", []_C_int{2, 8}},
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm.go
new file mode 100644
index 000000000..d3801eb24
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm.go
@@ -0,0 +1,273 @@
+// go run mksysctl_openbsd.go
+// Code generated by the command above; DO NOT EDIT.
+
+// +build arm,openbsd
+
+package unix
+
+type mibentry struct {
+	ctlname string
+	ctloid  []_C_int
+}
+
+var sysctlMib = []mibentry{
+	{"ddb.console", []_C_int{9, 6}},
+	{"ddb.log", []_C_int{9, 7}},
+	{"ddb.max_line", []_C_int{9, 3}},
+	{"ddb.max_width", []_C_int{9, 2}},
+	{"ddb.panic", []_C_int{9, 5}},
+	{"ddb.radix", []_C_int{9, 1}},
+	{"ddb.tab_stop_width", []_C_int{9, 4}},
+	{"ddb.trigger", []_C_int{9, 8}},
+	{"fs.posix.setuid", []_C_int{3, 1, 1}},
+	{"hw.allowpowerdown", []_C_int{6, 22}},
+	{"hw.byteorder", []_C_int{6, 4}},
+	{"hw.cpuspeed", []_C_int{6, 12}},
+	{"hw.diskcount", []_C_int{6, 10}},
+	{"hw.disknames", []_C_int{6, 8}},
+	{"hw.diskstats", []_C_int{6, 9}},
+	{"hw.machine", []_C_int{6, 1}},
+	{"hw.model", []_C_int{6, 2}},
+	{"hw.ncpu", []_C_int{6, 3}},
+	{"hw.ncpufound", []_C_int{6, 21}},
+	{"hw.ncpuonline", []_C_int{6, 25}},
+	{"hw.pagesize", []_C_int{6, 7}},
+	{"hw.physmem", []_C_int{6, 19}},
+	{"hw.product", []_C_int{6, 15}},
+	{"hw.serialno", []_C_int{6, 17}},
+	{"hw.setperf", []_C_int{6, 13}},
+	{"hw.usermem", []_C_int{6, 20}},
+	{"hw.uuid", []_C_int{6, 18}},
+	{"hw.vendor", []_C_int{6, 14}},
+	{"hw.version", []_C_int{6, 16}},
+	{"kern.arandom", []_C_int{1, 37}},
+	{"kern.argmax", []_C_int{1, 8}},
+	{"kern.boottime", []_C_int{1, 21}},
+	{"kern.bufcachepercent", []_C_int{1, 72}},
+	{"kern.ccpu", []_C_int{1, 45}},
+	{"kern.clockrate", []_C_int{1, 12}},
+	{"kern.consdev", []_C_int{1, 75}},
+	{"kern.cp_time", []_C_int{1, 40}},
+	{"kern.cp_time2", []_C_int{1, 71}},
+	{"kern.cryptodevallowsoft", []_C_int{1, 53}},
+	{"kern.domainname", []_C_int{1, 22}},
+	{"kern.file", []_C_int{1, 73}},
+	{"kern.forkstat", []_C_int{1, 42}},
+	{"kern.fscale", []_C_int{1, 46}},
+	{"kern.fsync", []_C_int{1, 33}},
+	{"kern.hostid", []_C_int{1, 11}},
+	{"kern.hostname", []_C_int{1, 10}},
+	{"kern.intrcnt.nintrcnt", []_C_int{1, 63, 1}},
+	{"kern.job_control", []_C_int{1, 19}},
+	{"kern.malloc.buckets", []_C_int{1, 39, 1}},
+	{"kern.malloc.kmemnames", []_C_int{1, 39, 3}},
+	{"kern.maxclusters", []_C_int{1, 67}},
+	{"kern.maxfiles", []_C_int{1, 7}},
+	{"kern.maxlocksperuid", []_C_int{1, 70}},
+	{"kern.maxpartitions", []_C_int{1, 23}},
+	{"kern.maxproc", []_C_int{1, 6}},
+	{"kern.maxthread", []_C_int{1, 25}},
+	{"kern.maxvnodes", []_C_int{1, 5}},
+	{"kern.mbstat", []_C_int{1, 59}},
+	{"kern.msgbuf", []_C_int{1, 48}},
+	{"kern.msgbufsize", []_C_int{1, 38}},
+	{"kern.nchstats", []_C_int{1, 41}},
+	{"kern.netlivelocks", []_C_int{1, 76}},
+	{"kern.nfiles", []_C_int{1, 56}},
+	{"kern.ngroups", []_C_int{1, 18}},
+	{"kern.nosuidcoredump", []_C_int{1, 32}},
+	{"kern.nprocs", []_C_int{1, 47}},
+	{"kern.nselcoll", []_C_int{1, 43}},
+	{"kern.nthreads", []_C_int{1, 26}},
+	{"kern.numvnodes", []_C_int{1, 58}},
+	{"kern.osrelease", []_C_int{1, 2}},
+	{"kern.osrevision", []_C_int{1, 3}},
+	{"kern.ostype", []_C_int{1, 1}},
+	{"kern.osversion", []_C_int{1, 27}},
+	{"kern.pool_debug", []_C_int{1, 77}},
+	{"kern.posix1version", []_C_int{1, 17}},
+	{"kern.proc", []_C_int{1, 66}},
+	{"kern.random", []_C_int{1, 31}},
+	{"kern.rawpartition", []_C_int{1, 24}},
+	{"kern.saved_ids", []_C_int{1, 20}},
+	{"kern.securelevel", []_C_int{1, 9}},
+	{"kern.seminfo", []_C_int{1, 61}},
+	{"kern.shminfo", []_C_int{1, 62}},
+	{"kern.somaxconn", []_C_int{1, 28}},
+	{"kern.sominconn", []_C_int{1, 29}},
+	{"kern.splassert", []_C_int{1, 54}},
+	{"kern.stackgap_random", []_C_int{1, 50}},
+	{"kern.sysvipc_info", []_C_int{1, 51}},
+	{"kern.sysvmsg", []_C_int{1, 34}},
+	{"kern.sysvsem", []_C_int{1, 35}},
+	{"kern.sysvshm", []_C_int{1, 36}},
+	{"kern.timecounter.choice", []_C_int{1, 69, 4}},
+	{"kern.timecounter.hardware", []_C_int{1, 69, 3}},
+	{"kern.timecounter.tick", []_C_int{1, 69, 1}},
+	{"kern.timecounter.timestepwarnings", []_C_int{1, 69, 2}},
+	{"kern.tty.maxptys", []_C_int{1, 44, 6}},
+	{"kern.tty.nptys", []_C_int{1, 44, 7}},
+	{"kern.tty.tk_cancc", []_C_int{1, 44, 4}},
+	{"kern.tty.tk_nin", []_C_int{1, 44, 1}},
+	{"kern.tty.tk_nout", []_C_int{1, 44, 2}},
+	{"kern.tty.tk_rawcc", []_C_int{1, 44, 3}},
+	{"kern.tty.ttyinfo", []_C_int{1, 44, 5}},
+	{"kern.ttycount", []_C_int{1, 57}},
+	{"kern.userasymcrypto", []_C_int{1, 60}},
+	{"kern.usercrypto", []_C_int{1, 52}},
+	{"kern.usermount", []_C_int{1, 30}},
+	{"kern.version", []_C_int{1, 4}},
+	{"kern.vnode", []_C_int{1, 13}},
+	{"kern.watchdog.auto", []_C_int{1, 64, 2}},
+	{"kern.watchdog.period", []_C_int{1, 64, 1}},
+	{"net.bpf.bufsize", []_C_int{4, 31, 1}},
+	{"net.bpf.maxbufsize", []_C_int{4, 31, 2}},
+	{"net.inet.ah.enable", []_C_int{4, 2, 51, 1}},
+	{"net.inet.ah.stats", []_C_int{4, 2, 51, 2}},
+	{"net.inet.carp.allow", []_C_int{4, 2, 112, 1}},
+	{"net.inet.carp.log", []_C_int{4, 2, 112, 3}},
+	{"net.inet.carp.preempt", []_C_int{4, 2, 112, 2}},
+	{"net.inet.carp.stats", []_C_int{4, 2, 112, 4}},
+	{"net.inet.divert.recvspace", []_C_int{4, 2, 258, 1}},
+	{"net.inet.divert.sendspace", []_C_int{4, 2, 258, 2}},
+	{"net.inet.divert.stats", []_C_int{4, 2, 258, 3}},
+	{"net.inet.esp.enable", []_C_int{4, 2, 50, 1}},
+	{"net.inet.esp.stats", []_C_int{4, 2, 50, 4}},
+	{"net.inet.esp.udpencap", []_C_int{4, 2, 50, 2}},
+	{"net.inet.esp.udpencap_port", []_C_int{4, 2, 50, 3}},
+	{"net.inet.etherip.allow", []_C_int{4, 2, 97, 1}},
+	{"net.inet.etherip.stats", []_C_int{4, 2, 97, 2}},
+	{"net.inet.gre.allow", []_C_int{4, 2, 47, 1}},
+	{"net.inet.gre.wccp", []_C_int{4, 2, 47, 2}},
+	{"net.inet.icmp.bmcastecho", []_C_int{4, 2, 1, 2}},
+	{"net.inet.icmp.errppslimit", []_C_int{4, 2, 1, 3}},
+	{"net.inet.icmp.maskrepl", []_C_int{4, 2, 1, 1}},
+	{"net.inet.icmp.rediraccept", []_C_int{4, 2, 1, 4}},
+	{"net.inet.icmp.redirtimeout", []_C_int{4, 2, 1, 5}},
+	{"net.inet.icmp.stats", []_C_int{4, 2, 1, 7}},
+	{"net.inet.icmp.tstamprepl", []_C_int{4, 2, 1, 6}},
+	{"net.inet.igmp.stats", []_C_int{4, 2, 2, 1}},
+	{"net.inet.ip.arpqueued", []_C_int{4, 2, 0, 36}},
+	{"net.inet.ip.encdebug", []_C_int{4, 2, 0, 12}},
+	{"net.inet.ip.forwarding", []_C_int{4, 2, 0, 1}},
+	{"net.inet.ip.ifq.congestion", []_C_int{4, 2, 0, 30, 4}},
+	{"net.inet.ip.ifq.drops", []_C_int{4, 2, 0, 30, 3}},
+	{"net.inet.ip.ifq.len", []_C_int{4, 2, 0, 30, 1}},
+	{"net.inet.ip.ifq.maxlen", []_C_int{4, 2, 0, 30, 2}},
+	{"net.inet.ip.maxqueue", []_C_int{4, 2, 0, 11}},
+	{"net.inet.ip.mforwarding", []_C_int{4, 2, 0, 31}},
+	{"net.inet.ip.mrtproto", []_C_int{4, 2, 0, 34}},
+	{"net.inet.ip.mrtstats", []_C_int{4, 2, 0, 35}},
+	{"net.inet.ip.mtu", []_C_int{4, 2, 0, 4}},
+	{"net.inet.ip.mtudisc", []_C_int{4, 2, 0, 27}},
+	{"net.inet.ip.mtudisctimeout", []_C_int{4, 2, 0, 28}},
+	{"net.inet.ip.multipath", []_C_int{4, 2, 0, 32}},
+	{"net.inet.ip.portfirst", []_C_int{4, 2, 0, 7}},
+	{"net.inet.ip.porthifirst", []_C_int{4, 2, 0, 9}},
+	{"net.inet.ip.porthilast", []_C_int{4, 2, 0, 10}},
+	{"net.inet.ip.portlast", []_C_int{4, 2, 0, 8}},
+	{"net.inet.ip.redirect", []_C_int{4, 2, 0, 2}},
+	{"net.inet.ip.sourceroute", []_C_int{4, 2, 0, 5}},
+	{"net.inet.ip.stats", []_C_int{4, 2, 0, 33}},
+	{"net.inet.ip.ttl", []_C_int{4, 2, 0, 3}},
+	{"net.inet.ipcomp.enable", []_C_int{4, 2, 108, 1}},
+	{"net.inet.ipcomp.stats", []_C_int{4, 2, 108, 2}},
+	{"net.inet.ipip.allow", []_C_int{4, 2, 4, 1}},
+	{"net.inet.ipip.stats", []_C_int{4, 2, 4, 2}},
+	{"net.inet.mobileip.allow", []_C_int{4, 2, 55, 1}},
+	{"net.inet.pfsync.stats", []_C_int{4, 2, 240, 1}},
+	{"net.inet.pim.stats", []_C_int{4, 2, 103, 1}},
+	{"net.inet.tcp.ackonpush", []_C_int{4, 2, 6, 13}},
+	{"net.inet.tcp.always_keepalive", []_C_int{4, 2, 6, 22}},
+	{"net.inet.tcp.baddynamic", []_C_int{4, 2, 6, 6}},
+	{"net.inet.tcp.drop", []_C_int{4, 2, 6, 19}},
+	{"net.inet.tcp.ecn", []_C_int{4, 2, 6, 14}},
+	{"net.inet.tcp.ident", []_C_int{4, 2, 6, 9}},
+	{"net.inet.tcp.keepidle", []_C_int{4, 2, 6, 3}},
+	{"net.inet.tcp.keepinittime", []_C_int{4, 2, 6, 2}},
+	{"net.inet.tcp.keepintvl", []_C_int{4, 2, 6, 4}},
+	{"net.inet.tcp.mssdflt", []_C_int{4, 2, 6, 11}},
+	{"net.inet.tcp.reasslimit", []_C_int{4, 2, 6, 18}},
+	{"net.inet.tcp.rfc1323", []_C_int{4, 2, 6, 1}},
+	{"net.inet.tcp.rfc3390", []_C_int{4, 2, 6, 17}},
+	{"net.inet.tcp.rstppslimit", []_C_int{4, 2, 6, 12}},
+	{"net.inet.tcp.sack", []_C_int{4, 2, 6, 10}},
+	{"net.inet.tcp.sackholelimit", []_C_int{4, 2, 6, 20}},
+	{"net.inet.tcp.slowhz", []_C_int{4, 2, 6, 5}},
+	{"net.inet.tcp.stats", []_C_int{4, 2, 6, 21}},
+	{"net.inet.tcp.synbucketlimit", []_C_int{4, 2, 6, 16}},
+	{"net.inet.tcp.syncachelimit", []_C_int{4, 2, 6, 15}},
+	{"net.inet.udp.baddynamic", []_C_int{4, 2, 17, 2}},
+	{"net.inet.udp.checksum", []_C_int{4, 2, 17, 1}},
+	{"net.inet.udp.recvspace", []_C_int{4, 2, 17, 3}},
+	{"net.inet.udp.sendspace", []_C_int{4, 2, 17, 4}},
+	{"net.inet.udp.stats", []_C_int{4, 2, 17, 5}},
+	{"net.inet6.divert.recvspace", []_C_int{4, 24, 86, 1}},
+	{"net.inet6.divert.sendspace", []_C_int{4, 24, 86, 2}},
+	{"net.inet6.divert.stats", []_C_int{4, 24, 86, 3}},
+	{"net.inet6.icmp6.errppslimit", []_C_int{4, 24, 30, 14}},
+	{"net.inet6.icmp6.mtudisc_hiwat", []_C_int{4, 24, 30, 16}},
+	{"net.inet6.icmp6.mtudisc_lowat", []_C_int{4, 24, 30, 17}},
+	{"net.inet6.icmp6.nd6_debug", []_C_int{4, 24, 30, 18}},
+	{"net.inet6.icmp6.nd6_delay", []_C_int{4, 24, 30, 8}},
+	{"net.inet6.icmp6.nd6_maxnudhint", []_C_int{4, 24, 30, 15}},
+	{"net.inet6.icmp6.nd6_mmaxtries", []_C_int{4, 24, 30, 10}},
+	{"net.inet6.icmp6.nd6_prune", []_C_int{4, 24, 30, 6}},
+	{"net.inet6.icmp6.nd6_umaxtries", []_C_int{4, 24, 30, 9}},
+	{"net.inet6.icmp6.nd6_useloopback", []_C_int{4, 24, 30, 11}},
+	{"net.inet6.icmp6.nodeinfo", []_C_int{4, 24, 30, 13}},
+	{"net.inet6.icmp6.rediraccept", []_C_int{4, 24, 30, 2}},
+	{"net.inet6.icmp6.redirtimeout", []_C_int{4, 24, 30, 3}},
+	{"net.inet6.ip6.accept_rtadv", []_C_int{4, 24, 17, 12}},
+	{"net.inet6.ip6.auto_flowlabel", []_C_int{4, 24, 17, 17}},
+	{"net.inet6.ip6.dad_count", []_C_int{4, 24, 17, 16}},
+	{"net.inet6.ip6.dad_pending", []_C_int{4, 24, 17, 49}},
+	{"net.inet6.ip6.defmcasthlim", []_C_int{4, 24, 17, 18}},
+	{"net.inet6.ip6.forwarding", []_C_int{4, 24, 17, 1}},
+	{"net.inet6.ip6.forwsrcrt", []_C_int{4, 24, 17, 5}},
+	{"net.inet6.ip6.hdrnestlimit", []_C_int{4, 24, 17, 15}},
+	{"net.inet6.ip6.hlim", []_C_int{4, 24, 17, 3}},
+	{"net.inet6.ip6.log_interval", []_C_int{4, 24, 17, 14}},
+	{"net.inet6.ip6.maxdynroutes", []_C_int{4, 24, 17, 48}},
+	{"net.inet6.ip6.maxfragpackets", []_C_int{4, 24, 17, 9}},
+	{"net.inet6.ip6.maxfrags", []_C_int{4, 24, 17, 41}},
+	{"net.inet6.ip6.maxifdefrouters", []_C_int{4, 24, 17, 47}},
+	{"net.inet6.ip6.maxifprefixes", []_C_int{4, 24, 17, 46}},
+	{"net.inet6.ip6.mforwarding", []_C_int{4, 24, 17, 42}},
+	{"net.inet6.ip6.mrtproto", []_C_int{4, 24, 17, 8}},
+	{"net.inet6.ip6.mtudisctimeout", []_C_int{4, 24, 17, 50}},
+	{"net.inet6.ip6.multicast_mtudisc", []_C_int{4, 24, 17, 44}},
+	{"net.inet6.ip6.multipath", []_C_int{4, 24, 17, 43}},
+	{"net.inet6.ip6.neighborgcthresh", []_C_int{4, 24, 17, 45}},
+	{"net.inet6.ip6.redirect", []_C_int{4, 24, 17, 2}},
+	{"net.inet6.ip6.rr_prune", []_C_int{4, 24, 17, 22}},
+	{"net.inet6.ip6.sourcecheck", []_C_int{4, 24, 17, 10}},
+	{"net.inet6.ip6.sourcecheck_logint", []_C_int{4, 24, 17, 11}},
+	{"net.inet6.ip6.use_deprecated", []_C_int{4, 24, 17, 21}},
+	{"net.inet6.ip6.v6only", []_C_int{4, 24, 17, 24}},
+	{"net.key.sadb_dump", []_C_int{4, 30, 1}},
+	{"net.key.spd_dump", []_C_int{4, 30, 2}},
+	{"net.mpls.ifq.congestion", []_C_int{4, 33, 3, 4}},
+	{"net.mpls.ifq.drops", []_C_int{4, 33, 3, 3}},
+	{"net.mpls.ifq.len", []_C_int{4, 33, 3, 1}},
+	{"net.mpls.ifq.maxlen", []_C_int{4, 33, 3, 2}},
+	{"net.mpls.mapttl_ip", []_C_int{4, 33, 5}},
+	{"net.mpls.mapttl_ip6", []_C_int{4, 33, 6}},
+	{"net.mpls.maxloop_inkernel", []_C_int{4, 33, 4}},
+	{"net.mpls.ttl", []_C_int{4, 33, 2}},
+	{"net.pflow.stats", []_C_int{4, 34, 1}},
+	{"net.pipex.enable", []_C_int{4, 35, 1}},
+	{"vm.anonmin", []_C_int{2, 7}},
+	{"vm.loadavg", []_C_int{2, 2}},
+	{"vm.maxslp", []_C_int{2, 10}},
+	{"vm.nkmempages", []_C_int{2, 6}},
+	{"vm.psstrings", []_C_int{2, 3}},
+	{"vm.swapencrypt.enable", []_C_int{2, 5, 0}},
+	{"vm.swapencrypt.keyscreated", []_C_int{2, 5, 1}},
+	{"vm.swapencrypt.keysdeleted", []_C_int{2, 5, 2}},
+	{"vm.uspace", []_C_int{2, 11}},
+	{"vm.uvmexp", []_C_int{2, 4}},
+	{"vm.vmmeter", []_C_int{2, 1}},
+	{"vm.vnodemin", []_C_int{2, 9}},
+	{"vm.vtextmin", []_C_int{2, 8}},
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm64.go
new file mode 100644
index 000000000..ba4304fd2
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm64.go
@@ -0,0 +1,275 @@
+// go run mksysctl_openbsd.go
+// Code generated by the command above; DO NOT EDIT.
+
+// +build arm64,openbsd
+
+package unix
+
+type mibentry struct {
+	ctlname string
+	ctloid  []_C_int
+}
+
+var sysctlMib = []mibentry{
+	{"ddb.console", []_C_int{9, 6}},
+	{"ddb.log", []_C_int{9, 7}},
+	{"ddb.max_line", []_C_int{9, 3}},
+	{"ddb.max_width", []_C_int{9, 2}},
+	{"ddb.panic", []_C_int{9, 5}},
+	{"ddb.profile", []_C_int{9, 9}},
+	{"ddb.radix", []_C_int{9, 1}},
+	{"ddb.tab_stop_width", []_C_int{9, 4}},
+	{"ddb.trigger", []_C_int{9, 8}},
+	{"fs.posix.setuid", []_C_int{3, 1, 1}},
+	{"hw.allowpowerdown", []_C_int{6, 22}},
+	{"hw.byteorder", []_C_int{6, 4}},
+	{"hw.cpuspeed", []_C_int{6, 12}},
+	{"hw.diskcount", []_C_int{6, 10}},
+	{"hw.disknames", []_C_int{6, 8}},
+	{"hw.diskstats", []_C_int{6, 9}},
+	{"hw.machine", []_C_int{6, 1}},
+	{"hw.model", []_C_int{6, 2}},
+	{"hw.ncpu", []_C_int{6, 3}},
+	{"hw.ncpufound", []_C_int{6, 21}},
+	{"hw.ncpuonline", []_C_int{6, 25}},
+	{"hw.pagesize", []_C_int{6, 7}},
+	{"hw.perfpolicy", []_C_int{6, 23}},
+	{"hw.physmem", []_C_int{6, 19}},
+	{"hw.product", []_C_int{6, 15}},
+	{"hw.serialno", []_C_int{6, 17}},
+	{"hw.setperf", []_C_int{6, 13}},
+	{"hw.smt", []_C_int{6, 24}},
+	{"hw.usermem", []_C_int{6, 20}},
+	{"hw.uuid", []_C_int{6, 18}},
+	{"hw.vendor", []_C_int{6, 14}},
+	{"hw.version", []_C_int{6, 16}},
+	{"kern.allowkmem", []_C_int{1, 52}},
+	{"kern.argmax", []_C_int{1, 8}},
+	{"kern.audio", []_C_int{1, 84}},
+	{"kern.boottime", []_C_int{1, 21}},
+	{"kern.bufcachepercent", []_C_int{1, 72}},
+	{"kern.ccpu", []_C_int{1, 45}},
+	{"kern.clockrate", []_C_int{1, 12}},
+	{"kern.consdev", []_C_int{1, 75}},
+	{"kern.cp_time", []_C_int{1, 40}},
+	{"kern.cp_time2", []_C_int{1, 71}},
+	{"kern.cpustats", []_C_int{1, 85}},
+	{"kern.domainname", []_C_int{1, 22}},
+	{"kern.file", []_C_int{1, 73}},
+	{"kern.forkstat", []_C_int{1, 42}},
+	{"kern.fscale", []_C_int{1, 46}},
+	{"kern.fsync", []_C_int{1, 33}},
+	{"kern.global_ptrace", []_C_int{1, 81}},
+	{"kern.hostid", []_C_int{1, 11}},
+	{"kern.hostname", []_C_int{1, 10}},
+	{"kern.intrcnt.nintrcnt", []_C_int{1, 63, 1}},
+	{"kern.job_control", []_C_int{1, 19}},
+	{"kern.malloc.buckets", []_C_int{1, 39, 1}},
+	{"kern.malloc.kmemnames", []_C_int{1, 39, 3}},
+	{"kern.maxclusters", []_C_int{1, 67}},
+	{"kern.maxfiles", []_C_int{1, 7}},
+	{"kern.maxlocksperuid", []_C_int{1, 70}},
+	{"kern.maxpartitions", []_C_int{1, 23}},
+	{"kern.maxproc", []_C_int{1, 6}},
+	{"kern.maxthread", []_C_int{1, 25}},
+	{"kern.maxvnodes", []_C_int{1, 5}},
+	{"kern.mbstat", []_C_int{1, 59}},
+	{"kern.msgbuf", []_C_int{1, 48}},
+	{"kern.msgbufsize", []_C_int{1, 38}},
+	{"kern.nchstats", []_C_int{1, 41}},
+	{"kern.netlivelocks", []_C_int{1, 76}},
+	{"kern.nfiles", []_C_int{1, 56}},
+	{"kern.ngroups", []_C_int{1, 18}},
+	{"kern.nosuidcoredump", []_C_int{1, 32}},
+	{"kern.nprocs", []_C_int{1, 47}},
+	{"kern.nselcoll", []_C_int{1, 43}},
+	{"kern.nthreads", []_C_int{1, 26}},
+	{"kern.numvnodes", []_C_int{1, 58}},
+	{"kern.osrelease", []_C_int{1, 2}},
+	{"kern.osrevision", []_C_int{1, 3}},
+	{"kern.ostype", []_C_int{1, 1}},
+	{"kern.osversion", []_C_int{1, 27}},
+	{"kern.pool_debug", []_C_int{1, 77}},
+	{"kern.posix1version", []_C_int{1, 17}},
+	{"kern.proc", []_C_int{1, 66}},
+	{"kern.rawpartition", []_C_int{1, 24}},
+	{"kern.saved_ids", []_C_int{1, 20}},
+	{"kern.securelevel", []_C_int{1, 9}},
+	{"kern.seminfo", []_C_int{1, 61}},
+	{"kern.shminfo", []_C_int{1, 62}},
+	{"kern.somaxconn", []_C_int{1, 28}},
+	{"kern.sominconn", []_C_int{1, 29}},
+	{"kern.splassert", []_C_int{1, 54}},
+	{"kern.stackgap_random", []_C_int{1, 50}},
+	{"kern.sysvipc_info", []_C_int{1, 51}},
+	{"kern.sysvmsg", []_C_int{1, 34}},
+	{"kern.sysvsem", []_C_int{1, 35}},
+	{"kern.sysvshm", []_C_int{1, 36}},
+	{"kern.timecounter.choice", []_C_int{1, 69, 4}},
+	{"kern.timecounter.hardware", []_C_int{1, 69, 3}},
+	{"kern.timecounter.tick", []_C_int{1, 69, 1}},
+	{"kern.timecounter.timestepwarnings", []_C_int{1, 69, 2}},
+	{"kern.tty.tk_cancc", []_C_int{1, 44, 4}},
+	{"kern.tty.tk_nin", []_C_int{1, 44, 1}},
+	{"kern.tty.tk_nout", []_C_int{1, 44, 2}},
+	{"kern.tty.tk_rawcc", []_C_int{1, 44, 3}},
+	{"kern.tty.ttyinfo", []_C_int{1, 44, 5}},
+	{"kern.ttycount", []_C_int{1, 57}},
+	{"kern.version", []_C_int{1, 4}},
+	{"kern.watchdog.auto", []_C_int{1, 64, 2}},
+	{"kern.watchdog.period", []_C_int{1, 64, 1}},
+	{"kern.witnesswatch", []_C_int{1, 53}},
+	{"kern.wxabort", []_C_int{1, 74}},
+	{"net.bpf.bufsize", []_C_int{4, 31, 1}},
+	{"net.bpf.maxbufsize", []_C_int{4, 31, 2}},
+	{"net.inet.ah.enable", []_C_int{4, 2, 51, 1}},
+	{"net.inet.ah.stats", []_C_int{4, 2, 51, 2}},
+	{"net.inet.carp.allow", []_C_int{4, 2, 112, 1}},
+	{"net.inet.carp.log", []_C_int{4, 2, 112, 3}},
+	{"net.inet.carp.preempt", []_C_int{4, 2, 112, 2}},
+	{"net.inet.carp.stats", []_C_int{4, 2, 112, 4}},
+	{"net.inet.divert.recvspace", []_C_int{4, 2, 258, 1}},
+	{"net.inet.divert.sendspace", []_C_int{4, 2, 258, 2}},
+	{"net.inet.divert.stats", []_C_int{4, 2, 258, 3}},
+	{"net.inet.esp.enable", []_C_int{4, 2, 50, 1}},
+	{"net.inet.esp.stats", []_C_int{4, 2, 50, 4}},
+	{"net.inet.esp.udpencap", []_C_int{4, 2, 50, 2}},
+	{"net.inet.esp.udpencap_port", []_C_int{4, 2, 50, 3}},
+	{"net.inet.etherip.allow", []_C_int{4, 2, 97, 1}},
+	{"net.inet.etherip.stats", []_C_int{4, 2, 97, 2}},
+	{"net.inet.gre.allow", []_C_int{4, 2, 47, 1}},
+	{"net.inet.gre.wccp", []_C_int{4, 2, 47, 2}},
+	{"net.inet.icmp.bmcastecho", []_C_int{4, 2, 1, 2}},
+	{"net.inet.icmp.errppslimit", []_C_int{4, 2, 1, 3}},
+	{"net.inet.icmp.maskrepl", []_C_int{4, 2, 1, 1}},
+	{"net.inet.icmp.rediraccept", []_C_int{4, 2, 1, 4}},
+	{"net.inet.icmp.redirtimeout", []_C_int{4, 2, 1, 5}},
+	{"net.inet.icmp.stats", []_C_int{4, 2, 1, 7}},
+	{"net.inet.icmp.tstamprepl", []_C_int{4, 2, 1, 6}},
+	{"net.inet.igmp.stats", []_C_int{4, 2, 2, 1}},
+	{"net.inet.ip.arpdown", []_C_int{4, 2, 0, 40}},
+	{"net.inet.ip.arpqueued", []_C_int{4, 2, 0, 36}},
+	{"net.inet.ip.arptimeout", []_C_int{4, 2, 0, 39}},
+	{"net.inet.ip.encdebug", []_C_int{4, 2, 0, 12}},
+	{"net.inet.ip.forwarding", []_C_int{4, 2, 0, 1}},
+	{"net.inet.ip.ifq.congestion", []_C_int{4, 2, 0, 30, 4}},
+	{"net.inet.ip.ifq.drops", []_C_int{4, 2, 0, 30, 3}},
+	{"net.inet.ip.ifq.len", []_C_int{4, 2, 0, 30, 1}},
+	{"net.inet.ip.ifq.maxlen", []_C_int{4, 2, 0, 30, 2}},
+	{"net.inet.ip.maxqueue", []_C_int{4, 2, 0, 11}},
+	{"net.inet.ip.mforwarding", []_C_int{4, 2, 0, 31}},
+	{"net.inet.ip.mrtmfc", []_C_int{4, 2, 0, 37}},
+	{"net.inet.ip.mrtproto", []_C_int{4, 2, 0, 34}},
+	{"net.inet.ip.mrtstats", []_C_int{4, 2, 0, 35}},
+	{"net.inet.ip.mrtvif", []_C_int{4, 2, 0, 38}},
+	{"net.inet.ip.mtu", []_C_int{4, 2, 0, 4}},
+	{"net.inet.ip.mtudisc", []_C_int{4, 2, 0, 27}},
+	{"net.inet.ip.mtudisctimeout", []_C_int{4, 2, 0, 28}},
+	{"net.inet.ip.multipath", []_C_int{4, 2, 0, 32}},
+	{"net.inet.ip.portfirst", []_C_int{4, 2, 0, 7}},
+	{"net.inet.ip.porthifirst", []_C_int{4, 2, 0, 9}},
+	{"net.inet.ip.porthilast", []_C_int{4, 2, 0, 10}},
+	{"net.inet.ip.portlast", []_C_int{4, 2, 0, 8}},
+	{"net.inet.ip.redirect", []_C_int{4, 2, 0, 2}},
+	{"net.inet.ip.sourceroute", []_C_int{4, 2, 0, 5}},
+	{"net.inet.ip.stats", []_C_int{4, 2, 0, 33}},
+	{"net.inet.ip.ttl", []_C_int{4, 2, 0, 3}},
+	{"net.inet.ipcomp.enable", []_C_int{4, 2, 108, 1}},
+	{"net.inet.ipcomp.stats", []_C_int{4, 2, 108, 2}},
+	{"net.inet.ipip.allow", []_C_int{4, 2, 4, 1}},
+	{"net.inet.ipip.stats", []_C_int{4, 2, 4, 2}},
+	{"net.inet.mobileip.allow", []_C_int{4, 2, 55, 1}},
+	{"net.inet.pfsync.stats", []_C_int{4, 2, 240, 1}},
+	{"net.inet.tcp.ackonpush", []_C_int{4, 2, 6, 13}},
+	{"net.inet.tcp.always_keepalive", []_C_int{4, 2, 6, 22}},
+	{"net.inet.tcp.baddynamic", []_C_int{4, 2, 6, 6}},
+	{"net.inet.tcp.drop", []_C_int{4, 2, 6, 19}},
+	{"net.inet.tcp.ecn", []_C_int{4, 2, 6, 14}},
+	{"net.inet.tcp.ident", []_C_int{4, 2, 6, 9}},
+	{"net.inet.tcp.keepidle", []_C_int{4, 2, 6, 3}},
+	{"net.inet.tcp.keepinittime", []_C_int{4, 2, 6, 2}},
+	{"net.inet.tcp.keepintvl", []_C_int{4, 2, 6, 4}},
+	{"net.inet.tcp.mssdflt", []_C_int{4, 2, 6, 11}},
+	{"net.inet.tcp.reasslimit", []_C_int{4, 2, 6, 18}},
+	{"net.inet.tcp.rfc1323", []_C_int{4, 2, 6, 1}},
+	{"net.inet.tcp.rfc3390", []_C_int{4, 2, 6, 17}},
+	{"net.inet.tcp.rootonly", []_C_int{4, 2, 6, 24}},
+	{"net.inet.tcp.rstppslimit", []_C_int{4, 2, 6, 12}},
+	{"net.inet.tcp.sack", []_C_int{4, 2, 6, 10}},
+	{"net.inet.tcp.sackholelimit", []_C_int{4, 2, 6, 20}},
+	{"net.inet.tcp.slowhz", []_C_int{4, 2, 6, 5}},
+	{"net.inet.tcp.stats", []_C_int{4, 2, 6, 21}},
+	{"net.inet.tcp.synbucketlimit", []_C_int{4, 2, 6, 16}},
+	{"net.inet.tcp.syncachelimit", []_C_int{4, 2, 6, 15}},
+	{"net.inet.tcp.synhashsize", []_C_int{4, 2, 6, 25}},
+	{"net.inet.tcp.synuselimit", []_C_int{4, 2, 6, 23}},
+	{"net.inet.udp.baddynamic", []_C_int{4, 2, 17, 2}},
+	{"net.inet.udp.checksum", []_C_int{4, 2, 17, 1}},
+	{"net.inet.udp.recvspace", []_C_int{4, 2, 17, 3}},
+	{"net.inet.udp.rootonly", []_C_int{4, 2, 17, 6}},
+	{"net.inet.udp.sendspace", []_C_int{4, 2, 17, 4}},
+	{"net.inet.udp.stats", []_C_int{4, 2, 17, 5}},
+	{"net.inet6.divert.recvspace", []_C_int{4, 24, 86, 1}},
+	{"net.inet6.divert.sendspace", []_C_int{4, 24, 86, 2}},
+	{"net.inet6.divert.stats", []_C_int{4, 24, 86, 3}},
+	{"net.inet6.icmp6.errppslimit", []_C_int{4, 24, 30, 14}},
+	{"net.inet6.icmp6.mtudisc_hiwat", []_C_int{4, 24, 30, 16}},
+	{"net.inet6.icmp6.mtudisc_lowat", []_C_int{4, 24, 30, 17}},
+	{"net.inet6.icmp6.nd6_debug", []_C_int{4, 24, 30, 18}},
+	{"net.inet6.icmp6.nd6_delay", []_C_int{4, 24, 30, 8}},
+	{"net.inet6.icmp6.nd6_maxnudhint", []_C_int{4, 24, 30, 15}},
+	{"net.inet6.icmp6.nd6_mmaxtries", []_C_int{4, 24, 30, 10}},
+	{"net.inet6.icmp6.nd6_umaxtries", []_C_int{4, 24, 30, 9}},
+	{"net.inet6.icmp6.redirtimeout", []_C_int{4, 24, 30, 3}},
+	{"net.inet6.ip6.auto_flowlabel", []_C_int{4, 24, 17, 17}},
+	{"net.inet6.ip6.dad_count", []_C_int{4, 24, 17, 16}},
+	{"net.inet6.ip6.dad_pending", []_C_int{4, 24, 17, 49}},
+	{"net.inet6.ip6.defmcasthlim", []_C_int{4, 24, 17, 18}},
+	{"net.inet6.ip6.forwarding", []_C_int{4, 24, 17, 1}},
+	{"net.inet6.ip6.forwsrcrt", []_C_int{4, 24, 17, 5}},
+	{"net.inet6.ip6.hdrnestlimit", []_C_int{4, 24, 17, 15}},
+	{"net.inet6.ip6.hlim", []_C_int{4, 24, 17, 3}},
+	{"net.inet6.ip6.log_interval", []_C_int{4, 24, 17, 14}},
+	{"net.inet6.ip6.maxdynroutes", []_C_int{4, 24, 17, 48}},
+	{"net.inet6.ip6.maxfragpackets", []_C_int{4, 24, 17, 9}},
+	{"net.inet6.ip6.maxfrags", []_C_int{4, 24, 17, 41}},
+	{"net.inet6.ip6.mforwarding", []_C_int{4, 24, 17, 42}},
+	{"net.inet6.ip6.mrtmfc", []_C_int{4, 24, 17, 53}},
+	{"net.inet6.ip6.mrtmif", []_C_int{4, 24, 17, 52}},
+	{"net.inet6.ip6.mrtproto", []_C_int{4, 24, 17, 8}},
+	{"net.inet6.ip6.mtudisctimeout", []_C_int{4, 24, 17, 50}},
+	{"net.inet6.ip6.multicast_mtudisc", []_C_int{4, 24, 17, 44}},
+	{"net.inet6.ip6.multipath", []_C_int{4, 24, 17, 43}},
+	{"net.inet6.ip6.neighborgcthresh", []_C_int{4, 24, 17, 45}},
+	{"net.inet6.ip6.redirect", []_C_int{4, 24, 17, 2}},
+	{"net.inet6.ip6.soiikey", []_C_int{4, 24, 17, 54}},
+	{"net.inet6.ip6.sourcecheck", []_C_int{4, 24, 17, 10}},
+	{"net.inet6.ip6.sourcecheck_logint", []_C_int{4, 24, 17, 11}},
+	{"net.inet6.ip6.use_deprecated", []_C_int{4, 24, 17, 21}},
+	{"net.key.sadb_dump", []_C_int{4, 30, 1}},
+	{"net.key.spd_dump", []_C_int{4, 30, 2}},
+	{"net.mpls.ifq.congestion", []_C_int{4, 33, 3, 4}},
+	{"net.mpls.ifq.drops", []_C_int{4, 33, 3, 3}},
+	{"net.mpls.ifq.len", []_C_int{4, 33, 3, 1}},
+	{"net.mpls.ifq.maxlen", []_C_int{4, 33, 3, 2}},
+	{"net.mpls.mapttl_ip", []_C_int{4, 33, 5}},
+	{"net.mpls.mapttl_ip6", []_C_int{4, 33, 6}},
+	{"net.mpls.maxloop_inkernel", []_C_int{4, 33, 4}},
+	{"net.mpls.ttl", []_C_int{4, 33, 2}},
+	{"net.pflow.stats", []_C_int{4, 34, 1}},
+	{"net.pipex.enable", []_C_int{4, 35, 1}},
+	{"vm.anonmin", []_C_int{2, 7}},
+	{"vm.loadavg", []_C_int{2, 2}},
+	{"vm.malloc_conf", []_C_int{2, 12}},
+	{"vm.maxslp", []_C_int{2, 10}},
+	{"vm.nkmempages", []_C_int{2, 6}},
+	{"vm.psstrings", []_C_int{2, 3}},
+	{"vm.swapencrypt.enable", []_C_int{2, 5, 0}},
+	{"vm.swapencrypt.keyscreated", []_C_int{2, 5, 1}},
+	{"vm.swapencrypt.keysdeleted", []_C_int{2, 5, 2}},
+	{"vm.uspace", []_C_int{2, 11}},
+	{"vm.uvmexp", []_C_int{2, 4}},
+	{"vm.vmmeter", []_C_int{2, 1}},
+	{"vm.vnodemin", []_C_int{2, 9}},
+	{"vm.vtextmin", []_C_int{2, 8}},
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysctl_openbsd_mips64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysctl_openbsd_mips64.go
new file mode 100644
index 000000000..aca34b349
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysctl_openbsd_mips64.go
@@ -0,0 +1,279 @@
+// go run mksysctl_openbsd.go
+// Code generated by the command above; DO NOT EDIT.
+
+// +build mips64,openbsd
+
+package unix
+
+type mibentry struct {
+	ctlname string
+	ctloid  []_C_int
+}
+
+var sysctlMib = []mibentry{
+	{"ddb.console", []_C_int{9, 6}},
+	{"ddb.log", []_C_int{9, 7}},
+	{"ddb.max_line", []_C_int{9, 3}},
+	{"ddb.max_width", []_C_int{9, 2}},
+	{"ddb.panic", []_C_int{9, 5}},
+	{"ddb.profile", []_C_int{9, 9}},
+	{"ddb.radix", []_C_int{9, 1}},
+	{"ddb.tab_stop_width", []_C_int{9, 4}},
+	{"ddb.trigger", []_C_int{9, 8}},
+	{"fs.posix.setuid", []_C_int{3, 1, 1}},
+	{"hw.allowpowerdown", []_C_int{6, 22}},
+	{"hw.byteorder", []_C_int{6, 4}},
+	{"hw.cpuspeed", []_C_int{6, 12}},
+	{"hw.diskcount", []_C_int{6, 10}},
+	{"hw.disknames", []_C_int{6, 8}},
+	{"hw.diskstats", []_C_int{6, 9}},
+	{"hw.machine", []_C_int{6, 1}},
+	{"hw.model", []_C_int{6, 2}},
+	{"hw.ncpu", []_C_int{6, 3}},
+	{"hw.ncpufound", []_C_int{6, 21}},
+	{"hw.ncpuonline", []_C_int{6, 25}},
+	{"hw.pagesize", []_C_int{6, 7}},
+	{"hw.perfpolicy", []_C_int{6, 23}},
+	{"hw.physmem", []_C_int{6, 19}},
+	{"hw.product", []_C_int{6, 15}},
+	{"hw.serialno", []_C_int{6, 17}},
+	{"hw.setperf", []_C_int{6, 13}},
+	{"hw.smt", []_C_int{6, 24}},
+	{"hw.usermem", []_C_int{6, 20}},
+	{"hw.uuid", []_C_int{6, 18}},
+	{"hw.vendor", []_C_int{6, 14}},
+	{"hw.version", []_C_int{6, 16}},
+	{"kern.allowdt", []_C_int{1, 65}},
+	{"kern.allowkmem", []_C_int{1, 52}},
+	{"kern.argmax", []_C_int{1, 8}},
+	{"kern.audio", []_C_int{1, 84}},
+	{"kern.boottime", []_C_int{1, 21}},
+	{"kern.bufcachepercent", []_C_int{1, 72}},
+	{"kern.ccpu", []_C_int{1, 45}},
+	{"kern.clockrate", []_C_int{1, 12}},
+	{"kern.consbuf", []_C_int{1, 83}},
+	{"kern.consbufsize", []_C_int{1, 82}},
+	{"kern.consdev", []_C_int{1, 75}},
+	{"kern.cp_time", []_C_int{1, 40}},
+	{"kern.cp_time2", []_C_int{1, 71}},
+	{"kern.cpustats", []_C_int{1, 85}},
+	{"kern.domainname", []_C_int{1, 22}},
+	{"kern.file", []_C_int{1, 73}},
+	{"kern.forkstat", []_C_int{1, 42}},
+	{"kern.fscale", []_C_int{1, 46}},
+	{"kern.fsync", []_C_int{1, 33}},
+	{"kern.global_ptrace", []_C_int{1, 81}},
+	{"kern.hostid", []_C_int{1, 11}},
+	{"kern.hostname", []_C_int{1, 10}},
+	{"kern.intrcnt.nintrcnt", []_C_int{1, 63, 1}},
+	{"kern.job_control", []_C_int{1, 19}},
+	{"kern.malloc.buckets", []_C_int{1, 39, 1}},
+	{"kern.malloc.kmemnames", []_C_int{1, 39, 3}},
+	{"kern.maxclusters", []_C_int{1, 67}},
+	{"kern.maxfiles", []_C_int{1, 7}},
+	{"kern.maxlocksperuid", []_C_int{1, 70}},
+	{"kern.maxpartitions", []_C_int{1, 23}},
+	{"kern.maxproc", []_C_int{1, 6}},
+	{"kern.maxthread", []_C_int{1, 25}},
+	{"kern.maxvnodes", []_C_int{1, 5}},
+	{"kern.mbstat", []_C_int{1, 59}},
+	{"kern.msgbuf", []_C_int{1, 48}},
+	{"kern.msgbufsize", []_C_int{1, 38}},
+	{"kern.nchstats", []_C_int{1, 41}},
+	{"kern.netlivelocks", []_C_int{1, 76}},
+	{"kern.nfiles", []_C_int{1, 56}},
+	{"kern.ngroups", []_C_int{1, 18}},
+	{"kern.nosuidcoredump", []_C_int{1, 32}},
+	{"kern.nprocs", []_C_int{1, 47}},
+	{"kern.nselcoll", []_C_int{1, 43}},
+	{"kern.nthreads", []_C_int{1, 26}},
+	{"kern.numvnodes", []_C_int{1, 58}},
+	{"kern.osrelease", []_C_int{1, 2}},
+	{"kern.osrevision", []_C_int{1, 3}},
+	{"kern.ostype", []_C_int{1, 1}},
+	{"kern.osversion", []_C_int{1, 27}},
+	{"kern.pfstatus", []_C_int{1, 86}},
+	{"kern.pool_debug", []_C_int{1, 77}},
+	{"kern.posix1version", []_C_int{1, 17}},
+	{"kern.proc", []_C_int{1, 66}},
+	{"kern.rawpartition", []_C_int{1, 24}},
+	{"kern.saved_ids", []_C_int{1, 20}},
+	{"kern.securelevel", []_C_int{1, 9}},
+	{"kern.seminfo", []_C_int{1, 61}},
+	{"kern.shminfo", []_C_int{1, 62}},
+	{"kern.somaxconn", []_C_int{1, 28}},
+	{"kern.sominconn", []_C_int{1, 29}},
+	{"kern.splassert", []_C_int{1, 54}},
+	{"kern.stackgap_random", []_C_int{1, 50}},
+	{"kern.sysvipc_info", []_C_int{1, 51}},
+	{"kern.sysvmsg", []_C_int{1, 34}},
+	{"kern.sysvsem", []_C_int{1, 35}},
+	{"kern.sysvshm", []_C_int{1, 36}},
+	{"kern.timecounter.choice", []_C_int{1, 69, 4}},
+	{"kern.timecounter.hardware", []_C_int{1, 69, 3}},
+	{"kern.timecounter.tick", []_C_int{1, 69, 1}},
+	{"kern.timecounter.timestepwarnings", []_C_int{1, 69, 2}},
+	{"kern.timeout_stats", []_C_int{1, 87}},
+	{"kern.tty.tk_cancc", []_C_int{1, 44, 4}},
+	{"kern.tty.tk_nin", []_C_int{1, 44, 1}},
+	{"kern.tty.tk_nout", []_C_int{1, 44, 2}},
+	{"kern.tty.tk_rawcc", []_C_int{1, 44, 3}},
+	{"kern.tty.ttyinfo", []_C_int{1, 44, 5}},
+	{"kern.ttycount", []_C_int{1, 57}},
+	{"kern.utc_offset", []_C_int{1, 88}},
+	{"kern.version", []_C_int{1, 4}},
+	{"kern.watchdog.auto", []_C_int{1, 64, 2}},
+	{"kern.watchdog.period", []_C_int{1, 64, 1}},
+	{"kern.witnesswatch", []_C_int{1, 53}},
+	{"kern.wxabort", []_C_int{1, 74}},
+	{"net.bpf.bufsize", []_C_int{4, 31, 1}},
+	{"net.bpf.maxbufsize", []_C_int{4, 31, 2}},
+	{"net.inet.ah.enable", []_C_int{4, 2, 51, 1}},
+	{"net.inet.ah.stats", []_C_int{4, 2, 51, 2}},
+	{"net.inet.carp.allow", []_C_int{4, 2, 112, 1}},
+	{"net.inet.carp.log", []_C_int{4, 2, 112, 3}},
+	{"net.inet.carp.preempt", []_C_int{4, 2, 112, 2}},
+	{"net.inet.carp.stats", []_C_int{4, 2, 112, 4}},
+	{"net.inet.divert.recvspace", []_C_int{4, 2, 258, 1}},
+	{"net.inet.divert.sendspace", []_C_int{4, 2, 258, 2}},
+	{"net.inet.divert.stats", []_C_int{4, 2, 258, 3}},
+	{"net.inet.esp.enable", []_C_int{4, 2, 50, 1}},
+	{"net.inet.esp.stats", []_C_int{4, 2, 50, 4}},
+	{"net.inet.esp.udpencap", []_C_int{4, 2, 50, 2}},
+	{"net.inet.esp.udpencap_port", []_C_int{4, 2, 50, 3}},
+	{"net.inet.etherip.allow", []_C_int{4, 2, 97, 1}},
+	{"net.inet.etherip.stats", []_C_int{4, 2, 97, 2}},
+	{"net.inet.gre.allow", []_C_int{4, 2, 47, 1}},
+	{"net.inet.gre.wccp", []_C_int{4, 2, 47, 2}},
+	{"net.inet.icmp.bmcastecho", []_C_int{4, 2, 1, 2}},
+	{"net.inet.icmp.errppslimit", []_C_int{4, 2, 1, 3}},
+	{"net.inet.icmp.maskrepl", []_C_int{4, 2, 1, 1}},
+	{"net.inet.icmp.rediraccept", []_C_int{4, 2, 1, 4}},
+	{"net.inet.icmp.redirtimeout", []_C_int{4, 2, 1, 5}},
+	{"net.inet.icmp.stats", []_C_int{4, 2, 1, 7}},
+	{"net.inet.icmp.tstamprepl", []_C_int{4, 2, 1, 6}},
+	{"net.inet.igmp.stats", []_C_int{4, 2, 2, 1}},
+	{"net.inet.ip.arpdown", []_C_int{4, 2, 0, 40}},
+	{"net.inet.ip.arpqueued", []_C_int{4, 2, 0, 36}},
+	{"net.inet.ip.arptimeout", []_C_int{4, 2, 0, 39}},
+	{"net.inet.ip.encdebug", []_C_int{4, 2, 0, 12}},
+	{"net.inet.ip.forwarding", []_C_int{4, 2, 0, 1}},
+	{"net.inet.ip.ifq.congestion", []_C_int{4, 2, 0, 30, 4}},
+	{"net.inet.ip.ifq.drops", []_C_int{4, 2, 0, 30, 3}},
+	{"net.inet.ip.ifq.len", []_C_int{4, 2, 0, 30, 1}},
+	{"net.inet.ip.ifq.maxlen", []_C_int{4, 2, 0, 30, 2}},
+	{"net.inet.ip.maxqueue", []_C_int{4, 2, 0, 11}},
+	{"net.inet.ip.mforwarding", []_C_int{4, 2, 0, 31}},
+	{"net.inet.ip.mrtmfc", []_C_int{4, 2, 0, 37}},
+	{"net.inet.ip.mrtproto", []_C_int{4, 2, 0, 34}},
+	{"net.inet.ip.mrtstats", []_C_int{4, 2, 0, 35}},
+	{"net.inet.ip.mrtvif", []_C_int{4, 2, 0, 38}},
+	{"net.inet.ip.mtu", []_C_int{4, 2, 0, 4}},
+	{"net.inet.ip.mtudisc", []_C_int{4, 2, 0, 27}},
+	{"net.inet.ip.mtudisctimeout", []_C_int{4, 2, 0, 28}},
+	{"net.inet.ip.multipath", []_C_int{4, 2, 0, 32}},
+	{"net.inet.ip.portfirst", []_C_int{4, 2, 0, 7}},
+	{"net.inet.ip.porthifirst", []_C_int{4, 2, 0, 9}},
+	{"net.inet.ip.porthilast", []_C_int{4, 2, 0, 10}},
+	{"net.inet.ip.portlast", []_C_int{4, 2, 0, 8}},
+	{"net.inet.ip.redirect", []_C_int{4, 2, 0, 2}},
+	{"net.inet.ip.sourceroute", []_C_int{4, 2, 0, 5}},
+	{"net.inet.ip.stats", []_C_int{4, 2, 0, 33}},
+	{"net.inet.ip.ttl", []_C_int{4, 2, 0, 3}},
+	{"net.inet.ipcomp.enable", []_C_int{4, 2, 108, 1}},
+	{"net.inet.ipcomp.stats", []_C_int{4, 2, 108, 2}},
+	{"net.inet.ipip.allow", []_C_int{4, 2, 4, 1}},
+	{"net.inet.ipip.stats", []_C_int{4, 2, 4, 2}},
+	{"net.inet.pfsync.stats", []_C_int{4, 2, 240, 1}},
+	{"net.inet.tcp.ackonpush", []_C_int{4, 2, 6, 13}},
+	{"net.inet.tcp.always_keepalive", []_C_int{4, 2, 6, 22}},
+	{"net.inet.tcp.baddynamic", []_C_int{4, 2, 6, 6}},
+	{"net.inet.tcp.drop", []_C_int{4, 2, 6, 19}},
+	{"net.inet.tcp.ecn", []_C_int{4, 2, 6, 14}},
+	{"net.inet.tcp.ident", []_C_int{4, 2, 6, 9}},
+	{"net.inet.tcp.keepidle", []_C_int{4, 2, 6, 3}},
+	{"net.inet.tcp.keepinittime", []_C_int{4, 2, 6, 2}},
+	{"net.inet.tcp.keepintvl", []_C_int{4, 2, 6, 4}},
+	{"net.inet.tcp.mssdflt", []_C_int{4, 2, 6, 11}},
+	{"net.inet.tcp.reasslimit", []_C_int{4, 2, 6, 18}},
+	{"net.inet.tcp.rfc1323", []_C_int{4, 2, 6, 1}},
+	{"net.inet.tcp.rfc3390", []_C_int{4, 2, 6, 17}},
+	{"net.inet.tcp.rootonly", []_C_int{4, 2, 6, 24}},
+	{"net.inet.tcp.rstppslimit", []_C_int{4, 2, 6, 12}},
+	{"net.inet.tcp.sack", []_C_int{4, 2, 6, 10}},
+	{"net.inet.tcp.sackholelimit", []_C_int{4, 2, 6, 20}},
+	{"net.inet.tcp.slowhz", []_C_int{4, 2, 6, 5}},
+	{"net.inet.tcp.stats", []_C_int{4, 2, 6, 21}},
+	{"net.inet.tcp.synbucketlimit", []_C_int{4, 2, 6, 16}},
+	{"net.inet.tcp.syncachelimit", []_C_int{4, 2, 6, 15}},
+	{"net.inet.tcp.synhashsize", []_C_int{4, 2, 6, 25}},
+	{"net.inet.tcp.synuselimit", []_C_int{4, 2, 6, 23}},
+	{"net.inet.udp.baddynamic", []_C_int{4, 2, 17, 2}},
+	{"net.inet.udp.checksum", []_C_int{4, 2, 17, 1}},
+	{"net.inet.udp.recvspace", []_C_int{4, 2, 17, 3}},
+	{"net.inet.udp.rootonly", []_C_int{4, 2, 17, 6}},
+	{"net.inet.udp.sendspace", []_C_int{4, 2, 17, 4}},
+	{"net.inet.udp.stats", []_C_int{4, 2, 17, 5}},
+	{"net.inet6.divert.recvspace", []_C_int{4, 24, 86, 1}},
+	{"net.inet6.divert.sendspace", []_C_int{4, 24, 86, 2}},
+	{"net.inet6.divert.stats", []_C_int{4, 24, 86, 3}},
+	{"net.inet6.icmp6.errppslimit", []_C_int{4, 24, 30, 14}},
+	{"net.inet6.icmp6.mtudisc_hiwat", []_C_int{4, 24, 30, 16}},
+	{"net.inet6.icmp6.mtudisc_lowat", []_C_int{4, 24, 30, 17}},
+	{"net.inet6.icmp6.nd6_debug", []_C_int{4, 24, 30, 18}},
+	{"net.inet6.icmp6.nd6_delay", []_C_int{4, 24, 30, 8}},
+	{"net.inet6.icmp6.nd6_maxnudhint", []_C_int{4, 24, 30, 15}},
+	{"net.inet6.icmp6.nd6_mmaxtries", []_C_int{4, 24, 30, 10}},
+	{"net.inet6.icmp6.nd6_umaxtries", []_C_int{4, 24, 30, 9}},
+	{"net.inet6.icmp6.redirtimeout", []_C_int{4, 24, 30, 3}},
+	{"net.inet6.ip6.auto_flowlabel", []_C_int{4, 24, 17, 17}},
+	{"net.inet6.ip6.dad_count", []_C_int{4, 24, 17, 16}},
+	{"net.inet6.ip6.dad_pending", []_C_int{4, 24, 17, 49}},
+	{"net.inet6.ip6.defmcasthlim", []_C_int{4, 24, 17, 18}},
+	{"net.inet6.ip6.forwarding", []_C_int{4, 24, 17, 1}},
+	{"net.inet6.ip6.forwsrcrt", []_C_int{4, 24, 17, 5}},
+	{"net.inet6.ip6.hdrnestlimit", []_C_int{4, 24, 17, 15}},
+	{"net.inet6.ip6.hlim", []_C_int{4, 24, 17, 3}},
+	{"net.inet6.ip6.log_interval", []_C_int{4, 24, 17, 14}},
+	{"net.inet6.ip6.maxdynroutes", []_C_int{4, 24, 17, 48}},
+	{"net.inet6.ip6.maxfragpackets", []_C_int{4, 24, 17, 9}},
+	{"net.inet6.ip6.maxfrags", []_C_int{4, 24, 17, 41}},
+	{"net.inet6.ip6.mforwarding", []_C_int{4, 24, 17, 42}},
+	{"net.inet6.ip6.mrtmfc", []_C_int{4, 24, 17, 53}},
+	{"net.inet6.ip6.mrtmif", []_C_int{4, 24, 17, 52}},
+	{"net.inet6.ip6.mrtproto", []_C_int{4, 24, 17, 8}},
+	{"net.inet6.ip6.mtudisctimeout", []_C_int{4, 24, 17, 50}},
+	{"net.inet6.ip6.multicast_mtudisc", []_C_int{4, 24, 17, 44}},
+	{"net.inet6.ip6.multipath", []_C_int{4, 24, 17, 43}},
+	{"net.inet6.ip6.neighborgcthresh", []_C_int{4, 24, 17, 45}},
+	{"net.inet6.ip6.redirect", []_C_int{4, 24, 17, 2}},
+	{"net.inet6.ip6.soiikey", []_C_int{4, 24, 17, 54}},
+	{"net.inet6.ip6.sourcecheck", []_C_int{4, 24, 17, 10}},
+	{"net.inet6.ip6.sourcecheck_logint", []_C_int{4, 24, 17, 11}},
+	{"net.inet6.ip6.use_deprecated", []_C_int{4, 24, 17, 21}},
+	{"net.key.sadb_dump", []_C_int{4, 30, 1}},
+	{"net.key.spd_dump", []_C_int{4, 30, 2}},
+	{"net.mpls.ifq.congestion", []_C_int{4, 33, 3, 4}},
+	{"net.mpls.ifq.drops", []_C_int{4, 33, 3, 3}},
+	{"net.mpls.ifq.len", []_C_int{4, 33, 3, 1}},
+	{"net.mpls.ifq.maxlen", []_C_int{4, 33, 3, 2}},
+	{"net.mpls.mapttl_ip", []_C_int{4, 33, 5}},
+	{"net.mpls.mapttl_ip6", []_C_int{4, 33, 6}},
+	{"net.mpls.ttl", []_C_int{4, 33, 2}},
+	{"net.pflow.stats", []_C_int{4, 34, 1}},
+	{"net.pipex.enable", []_C_int{4, 35, 1}},
+	{"vm.anonmin", []_C_int{2, 7}},
+	{"vm.loadavg", []_C_int{2, 2}},
+	{"vm.malloc_conf", []_C_int{2, 12}},
+	{"vm.maxslp", []_C_int{2, 10}},
+	{"vm.nkmempages", []_C_int{2, 6}},
+	{"vm.psstrings", []_C_int{2, 3}},
+	{"vm.swapencrypt.enable", []_C_int{2, 5, 0}},
+	{"vm.swapencrypt.keyscreated", []_C_int{2, 5, 1}},
+	{"vm.swapencrypt.keysdeleted", []_C_int{2, 5, 2}},
+	{"vm.uspace", []_C_int{2, 11}},
+	{"vm.uvmexp", []_C_int{2, 4}},
+	{"vm.vmmeter", []_C_int{2, 1}},
+	{"vm.vnodemin", []_C_int{2, 9}},
+	{"vm.vtextmin", []_C_int{2, 8}},
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_dragonfly_amd64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_dragonfly_amd64.go
new file mode 100644
index 000000000..464c9a983
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_dragonfly_amd64.go
@@ -0,0 +1,315 @@
+// go run mksysnum.go https://gitweb.dragonflybsd.org/dragonfly.git/blob_plain/HEAD:/sys/kern/syscalls.master
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build amd64,dragonfly
+
+package unix
+
+const (
+	// SYS_NOSYS = 0;  // { int nosys(void); } syscall nosys_args int
+	SYS_EXIT          = 1   // { void exit(int rval); }
+	SYS_FORK          = 2   // { int fork(void); }
+	SYS_READ          = 3   // { ssize_t read(int fd, void *buf, size_t nbyte); }
+	SYS_WRITE         = 4   // { ssize_t write(int fd, const void *buf, size_t nbyte); }
+	SYS_OPEN          = 5   // { int open(char *path, int flags, int mode); }
+	SYS_CLOSE         = 6   // { int close(int fd); }
+	SYS_WAIT4         = 7   // { int wait4(int pid, int *status, int options, struct rusage *rusage); } wait4 wait_args int
+	SYS_LINK          = 9   // { int link(char *path, char *link); }
+	SYS_UNLINK        = 10  // { int unlink(char *path); }
+	SYS_CHDIR         = 12  // { int chdir(char *path); }
+	SYS_FCHDIR        = 13  // { int fchdir(int fd); }
+	SYS_MKNOD         = 14  // { int mknod(char *path, int mode, int dev); }
+	SYS_CHMOD         = 15  // { int chmod(char *path, int mode); }
+	SYS_CHOWN         = 16  // { int chown(char *path, int uid, int gid); }
+	SYS_OBREAK        = 17  // { int obreak(char *nsize); } break obreak_args int
+	SYS_GETFSSTAT     = 18  // { int getfsstat(struct statfs *buf, long bufsize, int flags); }
+	SYS_GETPID        = 20  // { pid_t getpid(void); }
+	SYS_MOUNT         = 21  // { int mount(char *type, char *path, int flags, caddr_t data); }
+	SYS_UNMOUNT       = 22  // { int unmount(char *path, int flags); }
+	SYS_SETUID        = 23  // { int setuid(uid_t uid); }
+	SYS_GETUID        = 24  // { uid_t getuid(void); }
+	SYS_GETEUID       = 25  // { uid_t geteuid(void); }
+	SYS_PTRACE        = 26  // { int ptrace(int req, pid_t pid, caddr_t addr, int data); }
+	SYS_RECVMSG       = 27  // { int recvmsg(int s, struct msghdr *msg, int flags); }
+	SYS_SENDMSG       = 28  // { int sendmsg(int s, caddr_t msg, int flags); }
+	SYS_RECVFROM      = 29  // { int recvfrom(int s, caddr_t buf, size_t len, int flags, caddr_t from, int *fromlenaddr); }
+	SYS_ACCEPT        = 30  // { int accept(int s, caddr_t name, int *anamelen); }
+	SYS_GETPEERNAME   = 31  // { int getpeername(int fdes, caddr_t asa, int *alen); }
+	SYS_GETSOCKNAME   = 32  // { int getsockname(int fdes, caddr_t asa, int *alen); }
+	SYS_ACCESS        = 33  // { int access(char *path, int flags); }
+	SYS_CHFLAGS       = 34  // { int chflags(char *path, int flags); }
+	SYS_FCHFLAGS      = 35  // { int fchflags(int fd, int flags); }
+	SYS_SYNC          = 36  // { int sync(void); }
+	SYS_KILL          = 37  // { int kill(int pid, int signum); }
+	SYS_GETPPID       = 39  // { pid_t getppid(void); }
+	SYS_DUP           = 41  // { int dup(int fd); }
+	SYS_PIPE          = 42  // { int pipe(void); }
+	SYS_GETEGID       = 43  // { gid_t getegid(void); }
+	SYS_PROFIL        = 44  // { int profil(caddr_t samples, size_t size, size_t offset, u_int scale); }
+	SYS_KTRACE        = 45  // { int ktrace(const char *fname, int ops, int facs, int pid); }
+	SYS_GETGID        = 47  // { gid_t getgid(void); }
+	SYS_GETLOGIN      = 49  // { int getlogin(char *namebuf, u_int namelen); }
+	SYS_SETLOGIN      = 50  // { int setlogin(char *namebuf); }
+	SYS_ACCT          = 51  // { int acct(char *path); }
+	SYS_SIGALTSTACK   = 53  // { int sigaltstack(stack_t *ss, stack_t *oss); }
+	SYS_IOCTL         = 54  // { int ioctl(int fd, u_long com, caddr_t data); }
+	SYS_REBOOT        = 55  // { int reboot(int opt); }
+	SYS_REVOKE        = 56  // { int revoke(char *path); }
+	SYS_SYMLINK       = 57  // { int symlink(char *path, char *link); }
+	SYS_READLINK      = 58  // { int readlink(char *path, char *buf, int count); }
+	SYS_EXECVE        = 59  // { int execve(char *fname, char **argv, char **envv); }
+	SYS_UMASK         = 60  // { int umask(int newmask); } umask umask_args int
+	SYS_CHROOT        = 61  // { int chroot(char *path); }
+	SYS_MSYNC         = 65  // { int msync(void *addr, size_t len, int flags); }
+	SYS_VFORK         = 66  // { pid_t vfork(void); }
+	SYS_SBRK          = 69  // { int sbrk(int incr); }
+	SYS_SSTK          = 70  // { int sstk(int incr); }
+	SYS_MUNMAP        = 73  // { int munmap(void *addr, size_t len); }
+	SYS_MPROTECT      = 74  // { int mprotect(void *addr, size_t len, int prot); }
+	SYS_MADVISE       = 75  // { int madvise(void *addr, size_t len, int behav); }
+	SYS_MINCORE       = 78  // { int mincore(const void *addr, size_t len, char *vec); }
+	SYS_GETGROUPS     = 79  // { int getgroups(u_int gidsetsize, gid_t *gidset); }
+	SYS_SETGROUPS     = 80  // { int setgroups(u_int gidsetsize, gid_t *gidset); }
+	SYS_GETPGRP       = 81  // { int getpgrp(void); }
+	SYS_SETPGID       = 82  // { int setpgid(int pid, int pgid); }
+	SYS_SETITIMER     = 83  // { int setitimer(u_int which, struct itimerval *itv, struct itimerval *oitv); }
+	SYS_SWAPON        = 85  // { int swapon(char *name); }
+	SYS_GETITIMER     = 86  // { int getitimer(u_int which, struct itimerval *itv); }
+	SYS_GETDTABLESIZE = 89  // { int getdtablesize(void); }
+	SYS_DUP2          = 90  // { int dup2(int from, int to); }
+	SYS_FCNTL         = 92  // { int fcntl(int fd, int cmd, long arg); }
+	SYS_SELECT        = 93  // { int select(int nd, fd_set *in, fd_set *ou, fd_set *ex, struct timeval *tv); }
+	SYS_FSYNC         = 95  // { int fsync(int fd); }
+	SYS_SETPRIORITY   = 96  // { int setpriority(int which, int who, int prio); }
+	SYS_SOCKET        = 97  // { int socket(int domain, int type, int protocol); }
+	SYS_CONNECT       = 98  // { int connect(int s, caddr_t name, int namelen); }
+	SYS_GETPRIORITY   = 100 // { int getpriority(int which, int who); }
+	SYS_BIND          = 104 // { int bind(int s, caddr_t name, int namelen); }
+	SYS_SETSOCKOPT    = 105 // { int setsockopt(int s, int level, int name, caddr_t val, int valsize); }
+	SYS_LISTEN        = 106 // { int listen(int s, int backlog); }
+	SYS_GETTIMEOFDAY  = 116 // { int gettimeofday(struct timeval *tp, struct timezone *tzp); }
+	SYS_GETRUSAGE     = 117 // { int getrusage(int who, struct rusage *rusage); }
+	SYS_GETSOCKOPT    = 118 // { int getsockopt(int s, int level, int name, caddr_t val, int *avalsize); }
+	SYS_READV         = 120 // { int readv(int fd, struct iovec *iovp, u_int iovcnt); }
+	SYS_WRITEV        = 121 // { int writev(int fd, struct iovec *iovp, u_int iovcnt); }
+	SYS_SETTIMEOFDAY  = 122 // { int settimeofday(struct timeval *tv, struct timezone *tzp); }
+	SYS_FCHOWN        = 123 // { int fchown(int fd, int uid, int gid); }
+	SYS_FCHMOD        = 124 // { int fchmod(int fd, int mode); }
+	SYS_SETREUID      = 126 // { int setreuid(int ruid, int euid); }
+	SYS_SETREGID      = 127 // { int setregid(int rgid, int egid); }
+	SYS_RENAME        = 128 // { int rename(char *from, char *to); }
+	SYS_FLOCK         = 131 // { int flock(int fd, int how); }
+	SYS_MKFIFO        = 132 // { int mkfifo(char *path, int mode); }
+	SYS_SENDTO        = 133 // { int sendto(int s, caddr_t buf, size_t len, int flags, caddr_t to, int tolen); }
+	SYS_SHUTDOWN      = 134 // { int shutdown(int s, int how); }
+	SYS_SOCKETPAIR    = 135 // { int socketpair(int domain, int type, int protocol, int *rsv); }
+	SYS_MKDIR         = 136 // { int mkdir(char *path, int mode); }
+	SYS_RMDIR         = 137 // { int rmdir(char *path); }
+	SYS_UTIMES        = 138 // { int utimes(char *path, struct timeval *tptr); }
+	SYS_ADJTIME       = 140 // { int adjtime(struct timeval *delta, struct timeval *olddelta); }
+	SYS_SETSID        = 147 // { int setsid(void); }
+	SYS_QUOTACTL      = 148 // { int quotactl(char *path, int cmd, int uid, caddr_t arg); }
+	SYS_STATFS        = 157 // { int statfs(char *path, struct statfs *buf); }
+	SYS_FSTATFS       = 158 // { int fstatfs(int fd, struct statfs *buf); }
+	SYS_GETFH         = 161 // { int getfh(char *fname, struct fhandle *fhp); }
+	SYS_GETDOMAINNAME = 162 // { int getdomainname(char *domainname, int len); }
+	SYS_SETDOMAINNAME = 163 // { int setdomainname(char *domainname, int len); }
+	SYS_UNAME         = 164 // { int uname(struct utsname *name); }
+	SYS_SYSARCH       = 165 // { int sysarch(int op, char *parms); }
+	SYS_RTPRIO        = 166 // { int rtprio(int function, pid_t pid, struct rtprio *rtp); }
+	SYS_EXTPREAD      = 173 // { ssize_t extpread(int fd, void *buf, size_t nbyte, int flags, off_t offset); }
+	SYS_EXTPWRITE     = 174 // { ssize_t extpwrite(int fd, const void *buf, size_t nbyte, int flags, off_t offset); }
+	SYS_NTP_ADJTIME   = 176 // { int ntp_adjtime(struct timex *tp); }
+	SYS_SETGID        = 181 // { int setgid(gid_t gid); }
+	SYS_SETEGID       = 182 // { int setegid(gid_t egid); }
+	SYS_SETEUID       = 183 // { int seteuid(uid_t euid); }
+	SYS_PATHCONF      = 191 // { int pathconf(char *path, int name); }
+	SYS_FPATHCONF     = 192 // { int fpathconf(int fd, int name); }
+	SYS_GETRLIMIT     = 194 // { int getrlimit(u_int which, struct rlimit *rlp); } getrlimit __getrlimit_args int
+	SYS_SETRLIMIT     = 195 // { int setrlimit(u_int which, struct rlimit *rlp); } setrlimit __setrlimit_args int
+	SYS_MMAP          = 197 // { caddr_t mmap(caddr_t addr, size_t len, int prot, int flags, int fd, int pad, off_t pos); }
+	// SYS_NOSYS = 198;  // { int nosys(void); } __syscall __syscall_args int
+	SYS_LSEEK                  = 199 // { off_t lseek(int fd, int pad, off_t offset, int whence); }
+	SYS_TRUNCATE               = 200 // { int truncate(char *path, int pad, off_t length); }
+	SYS_FTRUNCATE              = 201 // { int ftruncate(int fd, int pad, off_t length); }
+	SYS___SYSCTL               = 202 // { int __sysctl(int *name, u_int namelen, void *old, size_t *oldlenp, void *new, size_t newlen); } __sysctl sysctl_args int
+	SYS_MLOCK                  = 203 // { int mlock(const void *addr, size_t len); }
+	SYS_MUNLOCK                = 204 // { int munlock(const void *addr, size_t len); }
+	SYS_UNDELETE               = 205 // { int undelete(char *path); }
+	SYS_FUTIMES                = 206 // { int futimes(int fd, struct timeval *tptr); }
+	SYS_GETPGID                = 207 // { int getpgid(pid_t pid); }
+	SYS_POLL                   = 209 // { int poll(struct pollfd *fds, u_int nfds, int timeout); }
+	SYS___SEMCTL               = 220 // { int __semctl(int semid, int semnum, int cmd, union semun *arg); }
+	SYS_SEMGET                 = 221 // { int semget(key_t key, int nsems, int semflg); }
+	SYS_SEMOP                  = 222 // { int semop(int semid, struct sembuf *sops, u_int nsops); }
+	SYS_MSGCTL                 = 224 // { int msgctl(int msqid, int cmd, struct msqid_ds *buf); }
+	SYS_MSGGET                 = 225 // { int msgget(key_t key, int msgflg); }
+	SYS_MSGSND                 = 226 // { int msgsnd(int msqid, const void *msgp, size_t msgsz, int msgflg); }
+	SYS_MSGRCV                 = 227 // { int msgrcv(int msqid, void *msgp, size_t msgsz, long msgtyp, int msgflg); }
+	SYS_SHMAT                  = 228 // { caddr_t shmat(int shmid, const void *shmaddr, int shmflg); }
+	SYS_SHMCTL                 = 229 // { int shmctl(int shmid, int cmd, struct shmid_ds *buf); }
+	SYS_SHMDT                  = 230 // { int shmdt(const void *shmaddr); }
+	SYS_SHMGET                 = 231 // { int shmget(key_t key, size_t size, int shmflg); }
+	SYS_CLOCK_GETTIME          = 232 // { int clock_gettime(clockid_t clock_id, struct timespec *tp); }
+	SYS_CLOCK_SETTIME          = 233 // { int clock_settime(clockid_t clock_id, const struct timespec *tp); }
+	SYS_CLOCK_GETRES           = 234 // { int clock_getres(clockid_t clock_id, struct timespec *tp); }
+	SYS_NANOSLEEP              = 240 // { int nanosleep(const struct timespec *rqtp, struct timespec *rmtp); }
+	SYS_MINHERIT               = 250 // { int minherit(void *addr, size_t len, int inherit); }
+	SYS_RFORK                  = 251 // { int rfork(int flags); }
+	SYS_OPENBSD_POLL           = 252 // { int openbsd_poll(struct pollfd *fds, u_int nfds, int timeout); }
+	SYS_ISSETUGID              = 253 // { int issetugid(void); }
+	SYS_LCHOWN                 = 254 // { int lchown(char *path, int uid, int gid); }
+	SYS_LCHMOD                 = 274 // { int lchmod(char *path, mode_t mode); }
+	SYS_LUTIMES                = 276 // { int lutimes(char *path, struct timeval *tptr); }
+	SYS_EXTPREADV              = 289 // { ssize_t extpreadv(int fd, struct iovec *iovp, u_int iovcnt, int flags, off_t offset); }
+	SYS_EXTPWRITEV             = 290 // { ssize_t extpwritev(int fd, struct iovec *iovp,u_int iovcnt, int flags, off_t offset); }
+	SYS_FHSTATFS               = 297 // { int fhstatfs(const struct fhandle *u_fhp, struct statfs *buf); }
+	SYS_FHOPEN                 = 298 // { int fhopen(const struct fhandle *u_fhp, int flags); }
+	SYS_MODNEXT                = 300 // { int modnext(int modid); }
+	SYS_MODSTAT                = 301 // { int modstat(int modid, struct module_stat* stat); }
+	SYS_MODFNEXT               = 302 // { int modfnext(int modid); }
+	SYS_MODFIND                = 303 // { int modfind(const char *name); }
+	SYS_KLDLOAD                = 304 // { int kldload(const char *file); }
+	SYS_KLDUNLOAD              = 305 // { int kldunload(int fileid); }
+	SYS_KLDFIND                = 306 // { int kldfind(const char *file); }
+	SYS_KLDNEXT                = 307 // { int kldnext(int fileid); }
+	SYS_KLDSTAT                = 308 // { int kldstat(int fileid, struct kld_file_stat* stat); }
+	SYS_KLDFIRSTMOD            = 309 // { int kldfirstmod(int fileid); }
+	SYS_GETSID                 = 310 // { int getsid(pid_t pid); }
+	SYS_SETRESUID              = 311 // { int setresuid(uid_t ruid, uid_t euid, uid_t suid); }
+	SYS_SETRESGID              = 312 // { int setresgid(gid_t rgid, gid_t egid, gid_t sgid); }
+	SYS_AIO_RETURN             = 314 // { int aio_return(struct aiocb *aiocbp); }
+	SYS_AIO_SUSPEND            = 315 // { int aio_suspend(struct aiocb * const * aiocbp, int nent, const struct timespec *timeout); }
+	SYS_AIO_CANCEL             = 316 // { int aio_cancel(int fd, struct aiocb *aiocbp); }
+	SYS_AIO_ERROR              = 317 // { int aio_error(struct aiocb *aiocbp); }
+	SYS_AIO_READ               = 318 // { int aio_read(struct aiocb *aiocbp); }
+	SYS_AIO_WRITE              = 319 // { int aio_write(struct aiocb *aiocbp); }
+	SYS_LIO_LISTIO             = 320 // { int lio_listio(int mode, struct aiocb * const *acb_list, int nent, struct sigevent *sig); }
+	SYS_YIELD                  = 321 // { int yield(void); }
+	SYS_MLOCKALL               = 324 // { int mlockall(int how); }
+	SYS_MUNLOCKALL             = 325 // { int munlockall(void); }
+	SYS___GETCWD               = 326 // { int __getcwd(u_char *buf, u_int buflen); }
+	SYS_SCHED_SETPARAM         = 327 // { int sched_setparam (pid_t pid, const struct sched_param *param); }
+	SYS_SCHED_GETPARAM         = 328 // { int sched_getparam (pid_t pid, struct sched_param *param); }
+	SYS_SCHED_SETSCHEDULER     = 329 // { int sched_setscheduler (pid_t pid, int policy, const struct sched_param *param); }
+	SYS_SCHED_GETSCHEDULER     = 330 // { int sched_getscheduler (pid_t pid); }
+	SYS_SCHED_YIELD            = 331 // { int sched_yield (void); }
+	SYS_SCHED_GET_PRIORITY_MAX = 332 // { int sched_get_priority_max (int policy); }
+	SYS_SCHED_GET_PRIORITY_MIN = 333 // { int sched_get_priority_min (int policy); }
+	SYS_SCHED_RR_GET_INTERVAL  = 334 // { int sched_rr_get_interval (pid_t pid, struct timespec *interval); }
+	SYS_UTRACE                 = 335 // { int utrace(const void *addr, size_t len); }
+	SYS_KLDSYM                 = 337 // { int kldsym(int fileid, int cmd, void *data); }
+	SYS_JAIL                   = 338 // { int jail(struct jail *jail); }
+	SYS_SIGPROCMASK            = 340 // { int sigprocmask(int how, const sigset_t *set, sigset_t *oset); }
+	SYS_SIGSUSPEND             = 341 // { int sigsuspend(const sigset_t *sigmask); }
+	SYS_SIGACTION              = 342 // { int sigaction(int sig, const struct sigaction *act, struct sigaction *oact); }
+	SYS_SIGPENDING             = 343 // { int sigpending(sigset_t *set); }
+	SYS_SIGRETURN              = 344 // { int sigreturn(ucontext_t *sigcntxp); }
+	SYS_SIGTIMEDWAIT           = 345 // { int sigtimedwait(const sigset_t *set,siginfo_t *info, const struct timespec *timeout); }
+	SYS_SIGWAITINFO            = 346 // { int sigwaitinfo(const sigset_t *set,siginfo_t *info); }
+	SYS___ACL_GET_FILE         = 347 // { int __acl_get_file(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_SET_FILE         = 348 // { int __acl_set_file(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_GET_FD           = 349 // { int __acl_get_fd(int filedes, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_SET_FD           = 350 // { int __acl_set_fd(int filedes, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_DELETE_FILE      = 351 // { int __acl_delete_file(const char *path, acl_type_t type); }
+	SYS___ACL_DELETE_FD        = 352 // { int __acl_delete_fd(int filedes, acl_type_t type); }
+	SYS___ACL_ACLCHECK_FILE    = 353 // { int __acl_aclcheck_file(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_ACLCHECK_FD      = 354 // { int __acl_aclcheck_fd(int filedes, acl_type_t type, struct acl *aclp); }
+	SYS_EXTATTRCTL             = 355 // { int extattrctl(const char *path, int cmd, const char *filename, int attrnamespace, const char *attrname); }
+	SYS_EXTATTR_SET_FILE       = 356 // { int extattr_set_file(const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_GET_FILE       = 357 // { int extattr_get_file(const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_DELETE_FILE    = 358 // { int extattr_delete_file(const char *path, int attrnamespace, const char *attrname); }
+	SYS_AIO_WAITCOMPLETE       = 359 // { int aio_waitcomplete(struct aiocb **aiocbp, struct timespec *timeout); }
+	SYS_GETRESUID              = 360 // { int getresuid(uid_t *ruid, uid_t *euid, uid_t *suid); }
+	SYS_GETRESGID              = 361 // { int getresgid(gid_t *rgid, gid_t *egid, gid_t *sgid); }
+	SYS_KQUEUE                 = 362 // { int kqueue(void); }
+	SYS_KEVENT                 = 363 // { int kevent(int fd, const struct kevent *changelist, int nchanges, struct kevent *eventlist, int nevents, const struct timespec *timeout); }
+	SYS_KENV                   = 390 // { int kenv(int what, const char *name, char *value, int len); }
+	SYS_LCHFLAGS               = 391 // { int lchflags(char *path, int flags); }
+	SYS_UUIDGEN                = 392 // { int uuidgen(struct uuid *store, int count); }
+	SYS_SENDFILE               = 393 // { int sendfile(int fd, int s, off_t offset, size_t nbytes, struct sf_hdtr *hdtr, off_t *sbytes, int flags); }
+	SYS_VARSYM_SET             = 450 // { int varsym_set(int level, const char *name, const char *data); }
+	SYS_VARSYM_GET             = 451 // { int varsym_get(int mask, const char *wild, char *buf, int bufsize); }
+	SYS_VARSYM_LIST            = 452 // { int varsym_list(int level, char *buf, int maxsize, int *marker); }
+	SYS_EXEC_SYS_REGISTER      = 465 // { int exec_sys_register(void *entry); }
+	SYS_EXEC_SYS_UNREGISTER    = 466 // { int exec_sys_unregister(int id); }
+	SYS_SYS_CHECKPOINT         = 467 // { int sys_checkpoint(int type, int fd, pid_t pid, int retval); }
+	SYS_MOUNTCTL               = 468 // { int mountctl(const char *path, int op, int fd, const void *ctl, int ctllen, void *buf, int buflen); }
+	SYS_UMTX_SLEEP             = 469 // { int umtx_sleep(volatile const int *ptr, int value, int timeout); }
+	SYS_UMTX_WAKEUP            = 470 // { int umtx_wakeup(volatile const int *ptr, int count); }
+	SYS_JAIL_ATTACH            = 471 // { int jail_attach(int jid); }
+	SYS_SET_TLS_AREA           = 472 // { int set_tls_area(int which, struct tls_info *info, size_t infosize); }
+	SYS_GET_TLS_AREA           = 473 // { int get_tls_area(int which, struct tls_info *info, size_t infosize); }
+	SYS_CLOSEFROM              = 474 // { int closefrom(int fd); }
+	SYS_STAT                   = 475 // { int stat(const char *path, struct stat *ub); }
+	SYS_FSTAT                  = 476 // { int fstat(int fd, struct stat *sb); }
+	SYS_LSTAT                  = 477 // { int lstat(const char *path, struct stat *ub); }
+	SYS_FHSTAT                 = 478 // { int fhstat(const struct fhandle *u_fhp, struct stat *sb); }
+	SYS_GETDIRENTRIES          = 479 // { int getdirentries(int fd, char *buf, u_int count, long *basep); }
+	SYS_GETDENTS               = 480 // { int getdents(int fd, char *buf, size_t count); }
+	SYS_USCHED_SET             = 481 // { int usched_set(pid_t pid, int cmd, void *data, int bytes); }
+	SYS_EXTACCEPT              = 482 // { int extaccept(int s, int flags, caddr_t name, int *anamelen); }
+	SYS_EXTCONNECT             = 483 // { int extconnect(int s, int flags, caddr_t name, int namelen); }
+	SYS_MCONTROL               = 485 // { int mcontrol(void *addr, size_t len, int behav, off_t value); }
+	SYS_VMSPACE_CREATE         = 486 // { int vmspace_create(void *id, int type, void *data); }
+	SYS_VMSPACE_DESTROY        = 487 // { int vmspace_destroy(void *id); }
+	SYS_VMSPACE_CTL            = 488 // { int vmspace_ctl(void *id, int cmd, 		struct trapframe *tframe,	struct vextframe *vframe); }
+	SYS_VMSPACE_MMAP           = 489 // { int vmspace_mmap(void *id, void *addr, size_t len, int prot, int flags, int fd, off_t offset); }
+	SYS_VMSPACE_MUNMAP         = 490 // { int vmspace_munmap(void *id, void *addr,	size_t len); }
+	SYS_VMSPACE_MCONTROL       = 491 // { int vmspace_mcontrol(void *id, void *addr, 	size_t len, int behav, off_t value); }
+	SYS_VMSPACE_PREAD          = 492 // { ssize_t vmspace_pread(void *id, void *buf, size_t nbyte, int flags, off_t offset); }
+	SYS_VMSPACE_PWRITE         = 493 // { ssize_t vmspace_pwrite(void *id, const void *buf, size_t nbyte, int flags, off_t offset); }
+	SYS_EXTEXIT                = 494 // { void extexit(int how, int status, void *addr); }
+	SYS_LWP_CREATE             = 495 // { int lwp_create(struct lwp_params *params); }
+	SYS_LWP_GETTID             = 496 // { lwpid_t lwp_gettid(void); }
+	SYS_LWP_KILL               = 497 // { int lwp_kill(pid_t pid, lwpid_t tid, int signum); }
+	SYS_LWP_RTPRIO             = 498 // { int lwp_rtprio(int function, pid_t pid, lwpid_t tid, struct rtprio *rtp); }
+	SYS_PSELECT                = 499 // { int pselect(int nd, fd_set *in, fd_set *ou, fd_set *ex, const struct timespec *ts,    const sigset_t *sigmask); }
+	SYS_STATVFS                = 500 // { int statvfs(const char *path, struct statvfs *buf); }
+	SYS_FSTATVFS               = 501 // { int fstatvfs(int fd, struct statvfs *buf); }
+	SYS_FHSTATVFS              = 502 // { int fhstatvfs(const struct fhandle *u_fhp, struct statvfs *buf); }
+	SYS_GETVFSSTAT             = 503 // { int getvfsstat(struct statfs *buf,          struct statvfs *vbuf, long vbufsize, int flags); }
+	SYS_OPENAT                 = 504 // { int openat(int fd, char *path, int flags, int mode); }
+	SYS_FSTATAT                = 505 // { int fstatat(int fd, char *path, 	struct stat *sb, int flags); }
+	SYS_FCHMODAT               = 506 // { int fchmodat(int fd, char *path, int mode, int flags); }
+	SYS_FCHOWNAT               = 507 // { int fchownat(int fd, char *path, int uid, int gid, int flags); }
+	SYS_UNLINKAT               = 508 // { int unlinkat(int fd, char *path, int flags); }
+	SYS_FACCESSAT              = 509 // { int faccessat(int fd, char *path, int amode, int flags); }
+	SYS_MQ_OPEN                = 510 // { mqd_t mq_open(const char * name, int oflag, mode_t mode, struct mq_attr *attr); }
+	SYS_MQ_CLOSE               = 511 // { int mq_close(mqd_t mqdes); }
+	SYS_MQ_UNLINK              = 512 // { int mq_unlink(const char *name); }
+	SYS_MQ_GETATTR             = 513 // { int mq_getattr(mqd_t mqdes, struct mq_attr *mqstat); }
+	SYS_MQ_SETATTR             = 514 // { int mq_setattr(mqd_t mqdes, const struct mq_attr *mqstat, struct mq_attr *omqstat); }
+	SYS_MQ_NOTIFY              = 515 // { int mq_notify(mqd_t mqdes, const struct sigevent *notification); }
+	SYS_MQ_SEND                = 516 // { int mq_send(mqd_t mqdes, const char *msg_ptr, size_t msg_len, unsigned msg_prio); }
+	SYS_MQ_RECEIVE             = 517 // { ssize_t mq_receive(mqd_t mqdes, char *msg_ptr, size_t msg_len, unsigned *msg_prio); }
+	SYS_MQ_TIMEDSEND           = 518 // { int mq_timedsend(mqd_t mqdes, const char *msg_ptr, size_t msg_len, unsigned msg_prio, const struct timespec *abs_timeout); }
+	SYS_MQ_TIMEDRECEIVE        = 519 // { ssize_t mq_timedreceive(mqd_t mqdes, char *msg_ptr, size_t msg_len, unsigned *msg_prio, const struct timespec *abs_timeout); }
+	SYS_IOPRIO_SET             = 520 // { int ioprio_set(int which, int who, int prio); }
+	SYS_IOPRIO_GET             = 521 // { int ioprio_get(int which, int who); }
+	SYS_CHROOT_KERNEL          = 522 // { int chroot_kernel(char *path); }
+	SYS_RENAMEAT               = 523 // { int renameat(int oldfd, char *old, int newfd, char *new); }
+	SYS_MKDIRAT                = 524 // { int mkdirat(int fd, char *path, mode_t mode); }
+	SYS_MKFIFOAT               = 525 // { int mkfifoat(int fd, char *path, mode_t mode); }
+	SYS_MKNODAT                = 526 // { int mknodat(int fd, char *path, mode_t mode, dev_t dev); }
+	SYS_READLINKAT             = 527 // { int readlinkat(int fd, char *path, char *buf, size_t bufsize); }
+	SYS_SYMLINKAT              = 528 // { int symlinkat(char *path1, int fd, char *path2); }
+	SYS_SWAPOFF                = 529 // { int swapoff(char *name); }
+	SYS_VQUOTACTL              = 530 // { int vquotactl(const char *path, struct plistref *pref); }
+	SYS_LINKAT                 = 531 // { int linkat(int fd1, char *path1, int fd2, char *path2, int flags); }
+	SYS_EACCESS                = 532 // { int eaccess(char *path, int flags); }
+	SYS_LPATHCONF              = 533 // { int lpathconf(char *path, int name); }
+	SYS_VMM_GUEST_CTL          = 534 // { int vmm_guest_ctl(int op, struct vmm_guest_options *options); }
+	SYS_VMM_GUEST_SYNC_ADDR    = 535 // { int vmm_guest_sync_addr(long *dstaddr, long *srcaddr); }
+	SYS_PROCCTL                = 536 // { int procctl(idtype_t idtype, id_t id, int cmd, void *data); }
+	SYS_CHFLAGSAT              = 537 // { int chflagsat(int fd, const char *path, int flags, int atflags);}
+	SYS_PIPE2                  = 538 // { int pipe2(int *fildes, int flags); }
+	SYS_UTIMENSAT              = 539 // { int utimensat(int fd, const char *path, const struct timespec *ts, int flags); }
+	SYS_FUTIMENS               = 540 // { int futimens(int fd, const struct timespec *ts); }
+	SYS_ACCEPT4                = 541 // { int accept4(int s, caddr_t name, int *anamelen, int flags); }
+	SYS_LWP_SETNAME            = 542 // { int lwp_setname(lwpid_t tid, const char *name); }
+	SYS_PPOLL                  = 543 // { int ppoll(struct pollfd *fds, u_int nfds, const struct timespec *ts, const sigset_t *sigmask); }
+	SYS_LWP_SETAFFINITY        = 544 // { int lwp_setaffinity(pid_t pid, lwpid_t tid, const cpumask_t *mask); }
+	SYS_LWP_GETAFFINITY        = 545 // { int lwp_getaffinity(pid_t pid, lwpid_t tid, cpumask_t *mask); }
+	SYS_LWP_CREATE2            = 546 // { int lwp_create2(struct lwp_params *params, const cpumask_t *mask); }
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_freebsd_386.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_freebsd_386.go
new file mode 100644
index 000000000..9474974b6
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_freebsd_386.go
@@ -0,0 +1,396 @@
+// go run mksysnum.go https://svn.freebsd.org/base/stable/11/sys/kern/syscalls.master
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build 386,freebsd
+
+package unix
+
+const (
+	// SYS_NOSYS = 0;  // { int nosys(void); } syscall nosys_args int
+	SYS_EXIT                     = 1   // { void sys_exit(int rval); } exit sys_exit_args void
+	SYS_FORK                     = 2   // { int fork(void); }
+	SYS_READ                     = 3   // { ssize_t read(int fd, void *buf, size_t nbyte); }
+	SYS_WRITE                    = 4   // { ssize_t write(int fd, const void *buf, size_t nbyte); }
+	SYS_OPEN                     = 5   // { int open(char *path, int flags, int mode); }
+	SYS_CLOSE                    = 6   // { int close(int fd); }
+	SYS_WAIT4                    = 7   // { int wait4(int pid, int *status, int options, struct rusage *rusage); }
+	SYS_LINK                     = 9   // { int link(char *path, char *link); }
+	SYS_UNLINK                   = 10  // { int unlink(char *path); }
+	SYS_CHDIR                    = 12  // { int chdir(char *path); }
+	SYS_FCHDIR                   = 13  // { int fchdir(int fd); }
+	SYS_MKNOD                    = 14  // { int mknod(char *path, int mode, int dev); }
+	SYS_CHMOD                    = 15  // { int chmod(char *path, int mode); }
+	SYS_CHOWN                    = 16  // { int chown(char *path, int uid, int gid); }
+	SYS_OBREAK                   = 17  // { int obreak(char *nsize); } break obreak_args int
+	SYS_GETPID                   = 20  // { pid_t getpid(void); }
+	SYS_MOUNT                    = 21  // { int mount(char *type, char *path, int flags, caddr_t data); }
+	SYS_UNMOUNT                  = 22  // { int unmount(char *path, int flags); }
+	SYS_SETUID                   = 23  // { int setuid(uid_t uid); }
+	SYS_GETUID                   = 24  // { uid_t getuid(void); }
+	SYS_GETEUID                  = 25  // { uid_t geteuid(void); }
+	SYS_PTRACE                   = 26  // { int ptrace(int req, pid_t pid, caddr_t addr, int data); }
+	SYS_RECVMSG                  = 27  // { int recvmsg(int s, struct msghdr *msg, int flags); }
+	SYS_SENDMSG                  = 28  // { int sendmsg(int s, struct msghdr *msg, int flags); }
+	SYS_RECVFROM                 = 29  // { int recvfrom(int s, caddr_t buf, size_t len, int flags, struct sockaddr * __restrict from, __socklen_t * __restrict fromlenaddr); }
+	SYS_ACCEPT                   = 30  // { int accept(int s, struct sockaddr * __restrict name, __socklen_t * __restrict anamelen); }
+	SYS_GETPEERNAME              = 31  // { int getpeername(int fdes, struct sockaddr * __restrict asa, __socklen_t * __restrict alen); }
+	SYS_GETSOCKNAME              = 32  // { int getsockname(int fdes, struct sockaddr * __restrict asa, __socklen_t * __restrict alen); }
+	SYS_ACCESS                   = 33  // { int access(char *path, int amode); }
+	SYS_CHFLAGS                  = 34  // { int chflags(const char *path, u_long flags); }
+	SYS_FCHFLAGS                 = 35  // { int fchflags(int fd, u_long flags); }
+	SYS_SYNC                     = 36  // { int sync(void); }
+	SYS_KILL                     = 37  // { int kill(int pid, int signum); }
+	SYS_GETPPID                  = 39  // { pid_t getppid(void); }
+	SYS_DUP                      = 41  // { int dup(u_int fd); }
+	SYS_PIPE                     = 42  // { int pipe(void); }
+	SYS_GETEGID                  = 43  // { gid_t getegid(void); }
+	SYS_PROFIL                   = 44  // { int profil(caddr_t samples, size_t size, size_t offset, u_int scale); }
+	SYS_KTRACE                   = 45  // { int ktrace(const char *fname, int ops, int facs, int pid); }
+	SYS_GETGID                   = 47  // { gid_t getgid(void); }
+	SYS_GETLOGIN                 = 49  // { int getlogin(char *namebuf, u_int namelen); }
+	SYS_SETLOGIN                 = 50  // { int setlogin(char *namebuf); }
+	SYS_ACCT                     = 51  // { int acct(char *path); }
+	SYS_SIGALTSTACK              = 53  // { int sigaltstack(stack_t *ss, stack_t *oss); }
+	SYS_IOCTL                    = 54  // { int ioctl(int fd, u_long com, caddr_t data); }
+	SYS_REBOOT                   = 55  // { int reboot(int opt); }
+	SYS_REVOKE                   = 56  // { int revoke(char *path); }
+	SYS_SYMLINK                  = 57  // { int symlink(char *path, char *link); }
+	SYS_READLINK                 = 58  // { ssize_t readlink(char *path, char *buf, size_t count); }
+	SYS_EXECVE                   = 59  // { int execve(char *fname, char **argv, char **envv); }
+	SYS_UMASK                    = 60  // { int umask(int newmask); } umask umask_args int
+	SYS_CHROOT                   = 61  // { int chroot(char *path); }
+	SYS_MSYNC                    = 65  // { int msync(void *addr, size_t len, int flags); }
+	SYS_VFORK                    = 66  // { int vfork(void); }
+	SYS_SBRK                     = 69  // { int sbrk(int incr); }
+	SYS_SSTK                     = 70  // { int sstk(int incr); }
+	SYS_OVADVISE                 = 72  // { int ovadvise(int anom); } vadvise ovadvise_args int
+	SYS_MUNMAP                   = 73  // { int munmap(void *addr, size_t len); }
+	SYS_MPROTECT                 = 74  // { int mprotect(const void *addr, size_t len, int prot); }
+	SYS_MADVISE                  = 75  // { int madvise(void *addr, size_t len, int behav); }
+	SYS_MINCORE                  = 78  // { int mincore(const void *addr, size_t len, char *vec); }
+	SYS_GETGROUPS                = 79  // { int getgroups(u_int gidsetsize, gid_t *gidset); }
+	SYS_SETGROUPS                = 80  // { int setgroups(u_int gidsetsize, gid_t *gidset); }
+	SYS_GETPGRP                  = 81  // { int getpgrp(void); }
+	SYS_SETPGID                  = 82  // { int setpgid(int pid, int pgid); }
+	SYS_SETITIMER                = 83  // { int setitimer(u_int which, struct itimerval *itv, struct itimerval *oitv); }
+	SYS_SWAPON                   = 85  // { int swapon(char *name); }
+	SYS_GETITIMER                = 86  // { int getitimer(u_int which, struct itimerval *itv); }
+	SYS_GETDTABLESIZE            = 89  // { int getdtablesize(void); }
+	SYS_DUP2                     = 90  // { int dup2(u_int from, u_int to); }
+	SYS_FCNTL                    = 92  // { int fcntl(int fd, int cmd, long arg); }
+	SYS_SELECT                   = 93  // { int select(int nd, fd_set *in, fd_set *ou, fd_set *ex, struct timeval *tv); }
+	SYS_FSYNC                    = 95  // { int fsync(int fd); }
+	SYS_SETPRIORITY              = 96  // { int setpriority(int which, int who, int prio); }
+	SYS_SOCKET                   = 97  // { int socket(int domain, int type, int protocol); }
+	SYS_CONNECT                  = 98  // { int connect(int s, caddr_t name, int namelen); }
+	SYS_GETPRIORITY              = 100 // { int getpriority(int which, int who); }
+	SYS_BIND                     = 104 // { int bind(int s, caddr_t name, int namelen); }
+	SYS_SETSOCKOPT               = 105 // { int setsockopt(int s, int level, int name, caddr_t val, int valsize); }
+	SYS_LISTEN                   = 106 // { int listen(int s, int backlog); }
+	SYS_GETTIMEOFDAY             = 116 // { int gettimeofday(struct timeval *tp, struct timezone *tzp); }
+	SYS_GETRUSAGE                = 117 // { int getrusage(int who, struct rusage *rusage); }
+	SYS_GETSOCKOPT               = 118 // { int getsockopt(int s, int level, int name, caddr_t val, int *avalsize); }
+	SYS_READV                    = 120 // { int readv(int fd, struct iovec *iovp, u_int iovcnt); }
+	SYS_WRITEV                   = 121 // { int writev(int fd, struct iovec *iovp, u_int iovcnt); }
+	SYS_SETTIMEOFDAY             = 122 // { int settimeofday(struct timeval *tv, struct timezone *tzp); }
+	SYS_FCHOWN                   = 123 // { int fchown(int fd, int uid, int gid); }
+	SYS_FCHMOD                   = 124 // { int fchmod(int fd, int mode); }
+	SYS_SETREUID                 = 126 // { int setreuid(int ruid, int euid); }
+	SYS_SETREGID                 = 127 // { int setregid(int rgid, int egid); }
+	SYS_RENAME                   = 128 // { int rename(char *from, char *to); }
+	SYS_FLOCK                    = 131 // { int flock(int fd, int how); }
+	SYS_MKFIFO                   = 132 // { int mkfifo(char *path, int mode); }
+	SYS_SENDTO                   = 133 // { int sendto(int s, caddr_t buf, size_t len, int flags, caddr_t to, int tolen); }
+	SYS_SHUTDOWN                 = 134 // { int shutdown(int s, int how); }
+	SYS_SOCKETPAIR               = 135 // { int socketpair(int domain, int type, int protocol, int *rsv); }
+	SYS_MKDIR                    = 136 // { int mkdir(char *path, int mode); }
+	SYS_RMDIR                    = 137 // { int rmdir(char *path); }
+	SYS_UTIMES                   = 138 // { int utimes(char *path, struct timeval *tptr); }
+	SYS_ADJTIME                  = 140 // { int adjtime(struct timeval *delta, struct timeval *olddelta); }
+	SYS_SETSID                   = 147 // { int setsid(void); }
+	SYS_QUOTACTL                 = 148 // { int quotactl(char *path, int cmd, int uid, caddr_t arg); }
+	SYS_NLM_SYSCALL              = 154 // { int nlm_syscall(int debug_level, int grace_period, int addr_count, char **addrs); }
+	SYS_NFSSVC                   = 155 // { int nfssvc(int flag, caddr_t argp); }
+	SYS_LGETFH                   = 160 // { int lgetfh(char *fname, struct fhandle *fhp); }
+	SYS_GETFH                    = 161 // { int getfh(char *fname, struct fhandle *fhp); }
+	SYS_SYSARCH                  = 165 // { int sysarch(int op, char *parms); }
+	SYS_RTPRIO                   = 166 // { int rtprio(int function, pid_t pid, struct rtprio *rtp); }
+	SYS_SEMSYS                   = 169 // { int semsys(int which, int a2, int a3, int a4, int a5); }
+	SYS_MSGSYS                   = 170 // { int msgsys(int which, int a2, int a3, int a4, int a5, int a6); }
+	SYS_SHMSYS                   = 171 // { int shmsys(int which, int a2, int a3, int a4); }
+	SYS_SETFIB                   = 175 // { int setfib(int fibnum); }
+	SYS_NTP_ADJTIME              = 176 // { int ntp_adjtime(struct timex *tp); }
+	SYS_SETGID                   = 181 // { int setgid(gid_t gid); }
+	SYS_SETEGID                  = 182 // { int setegid(gid_t egid); }
+	SYS_SETEUID                  = 183 // { int seteuid(uid_t euid); }
+	SYS_STAT                     = 188 // { int stat(char *path, struct stat *ub); }
+	SYS_FSTAT                    = 189 // { int fstat(int fd, struct stat *sb); }
+	SYS_LSTAT                    = 190 // { int lstat(char *path, struct stat *ub); }
+	SYS_PATHCONF                 = 191 // { int pathconf(char *path, int name); }
+	SYS_FPATHCONF                = 192 // { int fpathconf(int fd, int name); }
+	SYS_GETRLIMIT                = 194 // { int getrlimit(u_int which, struct rlimit *rlp); } getrlimit __getrlimit_args int
+	SYS_SETRLIMIT                = 195 // { int setrlimit(u_int which, struct rlimit *rlp); } setrlimit __setrlimit_args int
+	SYS_GETDIRENTRIES            = 196 // { int getdirentries(int fd, char *buf, u_int count, long *basep); }
+	SYS___SYSCTL                 = 202 // { int __sysctl(int *name, u_int namelen, void *old, size_t *oldlenp, void *new, size_t newlen); } __sysctl sysctl_args int
+	SYS_MLOCK                    = 203 // { int mlock(const void *addr, size_t len); }
+	SYS_MUNLOCK                  = 204 // { int munlock(const void *addr, size_t len); }
+	SYS_UNDELETE                 = 205 // { int undelete(char *path); }
+	SYS_FUTIMES                  = 206 // { int futimes(int fd, struct timeval *tptr); }
+	SYS_GETPGID                  = 207 // { int getpgid(pid_t pid); }
+	SYS_POLL                     = 209 // { int poll(struct pollfd *fds, u_int nfds, int timeout); }
+	SYS_SEMGET                   = 221 // { int semget(key_t key, int nsems, int semflg); }
+	SYS_SEMOP                    = 222 // { int semop(int semid, struct sembuf *sops, size_t nsops); }
+	SYS_MSGGET                   = 225 // { int msgget(key_t key, int msgflg); }
+	SYS_MSGSND                   = 226 // { int msgsnd(int msqid, const void *msgp, size_t msgsz, int msgflg); }
+	SYS_MSGRCV                   = 227 // { int msgrcv(int msqid, void *msgp, size_t msgsz, long msgtyp, int msgflg); }
+	SYS_SHMAT                    = 228 // { int shmat(int shmid, const void *shmaddr, int shmflg); }
+	SYS_SHMDT                    = 230 // { int shmdt(const void *shmaddr); }
+	SYS_SHMGET                   = 231 // { int shmget(key_t key, size_t size, int shmflg); }
+	SYS_CLOCK_GETTIME            = 232 // { int clock_gettime(clockid_t clock_id, struct timespec *tp); }
+	SYS_CLOCK_SETTIME            = 233 // { int clock_settime( clockid_t clock_id, const struct timespec *tp); }
+	SYS_CLOCK_GETRES             = 234 // { int clock_getres(clockid_t clock_id, struct timespec *tp); }
+	SYS_KTIMER_CREATE            = 235 // { int ktimer_create(clockid_t clock_id, struct sigevent *evp, int *timerid); }
+	SYS_KTIMER_DELETE            = 236 // { int ktimer_delete(int timerid); }
+	SYS_KTIMER_SETTIME           = 237 // { int ktimer_settime(int timerid, int flags, const struct itimerspec *value, struct itimerspec *ovalue); }
+	SYS_KTIMER_GETTIME           = 238 // { int ktimer_gettime(int timerid, struct itimerspec *value); }
+	SYS_KTIMER_GETOVERRUN        = 239 // { int ktimer_getoverrun(int timerid); }
+	SYS_NANOSLEEP                = 240 // { int nanosleep(const struct timespec *rqtp, struct timespec *rmtp); }
+	SYS_FFCLOCK_GETCOUNTER       = 241 // { int ffclock_getcounter(ffcounter *ffcount); }
+	SYS_FFCLOCK_SETESTIMATE      = 242 // { int ffclock_setestimate( struct ffclock_estimate *cest); }
+	SYS_FFCLOCK_GETESTIMATE      = 243 // { int ffclock_getestimate( struct ffclock_estimate *cest); }
+	SYS_CLOCK_NANOSLEEP          = 244 // { int clock_nanosleep(clockid_t clock_id, int flags, const struct timespec *rqtp, struct timespec *rmtp); }
+	SYS_CLOCK_GETCPUCLOCKID2     = 247 // { int clock_getcpuclockid2(id_t id,int which, clockid_t *clock_id); }
+	SYS_NTP_GETTIME              = 248 // { int ntp_gettime(struct ntptimeval *ntvp); }
+	SYS_MINHERIT                 = 250 // { int minherit(void *addr, size_t len, int inherit); }
+	SYS_RFORK                    = 251 // { int rfork(int flags); }
+	SYS_OPENBSD_POLL             = 252 // { int openbsd_poll(struct pollfd *fds, u_int nfds, int timeout); }
+	SYS_ISSETUGID                = 253 // { int issetugid(void); }
+	SYS_LCHOWN                   = 254 // { int lchown(char *path, int uid, int gid); }
+	SYS_AIO_READ                 = 255 // { int aio_read(struct aiocb *aiocbp); }
+	SYS_AIO_WRITE                = 256 // { int aio_write(struct aiocb *aiocbp); }
+	SYS_LIO_LISTIO               = 257 // { int lio_listio(int mode, struct aiocb * const *acb_list, int nent, struct sigevent *sig); }
+	SYS_GETDENTS                 = 272 // { int getdents(int fd, char *buf, size_t count); }
+	SYS_LCHMOD                   = 274 // { int lchmod(char *path, mode_t mode); }
+	SYS_LUTIMES                  = 276 // { int lutimes(char *path, struct timeval *tptr); }
+	SYS_NSTAT                    = 278 // { int nstat(char *path, struct nstat *ub); }
+	SYS_NFSTAT                   = 279 // { int nfstat(int fd, struct nstat *sb); }
+	SYS_NLSTAT                   = 280 // { int nlstat(char *path, struct nstat *ub); }
+	SYS_PREADV                   = 289 // { ssize_t preadv(int fd, struct iovec *iovp, u_int iovcnt, off_t offset); }
+	SYS_PWRITEV                  = 290 // { ssize_t pwritev(int fd, struct iovec *iovp, u_int iovcnt, off_t offset); }
+	SYS_FHOPEN                   = 298 // { int fhopen(const struct fhandle *u_fhp, int flags); }
+	SYS_FHSTAT                   = 299 // { int fhstat(const struct fhandle *u_fhp, struct stat *sb); }
+	SYS_MODNEXT                  = 300 // { int modnext(int modid); }
+	SYS_MODSTAT                  = 301 // { int modstat(int modid, struct module_stat *stat); }
+	SYS_MODFNEXT                 = 302 // { int modfnext(int modid); }
+	SYS_MODFIND                  = 303 // { int modfind(const char *name); }
+	SYS_KLDLOAD                  = 304 // { int kldload(const char *file); }
+	SYS_KLDUNLOAD                = 305 // { int kldunload(int fileid); }
+	SYS_KLDFIND                  = 306 // { int kldfind(const char *file); }
+	SYS_KLDNEXT                  = 307 // { int kldnext(int fileid); }
+	SYS_KLDSTAT                  = 308 // { int kldstat(int fileid, struct kld_file_stat* stat); }
+	SYS_KLDFIRSTMOD              = 309 // { int kldfirstmod(int fileid); }
+	SYS_GETSID                   = 310 // { int getsid(pid_t pid); }
+	SYS_SETRESUID                = 311 // { int setresuid(uid_t ruid, uid_t euid, uid_t suid); }
+	SYS_SETRESGID                = 312 // { int setresgid(gid_t rgid, gid_t egid, gid_t sgid); }
+	SYS_AIO_RETURN               = 314 // { ssize_t aio_return(struct aiocb *aiocbp); }
+	SYS_AIO_SUSPEND              = 315 // { int aio_suspend( struct aiocb * const * aiocbp, int nent, const struct timespec *timeout); }
+	SYS_AIO_CANCEL               = 316 // { int aio_cancel(int fd, struct aiocb *aiocbp); }
+	SYS_AIO_ERROR                = 317 // { int aio_error(struct aiocb *aiocbp); }
+	SYS_YIELD                    = 321 // { int yield(void); }
+	SYS_MLOCKALL                 = 324 // { int mlockall(int how); }
+	SYS_MUNLOCKALL               = 325 // { int munlockall(void); }
+	SYS___GETCWD                 = 326 // { int __getcwd(char *buf, u_int buflen); }
+	SYS_SCHED_SETPARAM           = 327 // { int sched_setparam (pid_t pid, const struct sched_param *param); }
+	SYS_SCHED_GETPARAM           = 328 // { int sched_getparam (pid_t pid, struct sched_param *param); }
+	SYS_SCHED_SETSCHEDULER       = 329 // { int sched_setscheduler (pid_t pid, int policy, const struct sched_param *param); }
+	SYS_SCHED_GETSCHEDULER       = 330 // { int sched_getscheduler (pid_t pid); }
+	SYS_SCHED_YIELD              = 331 // { int sched_yield (void); }
+	SYS_SCHED_GET_PRIORITY_MAX   = 332 // { int sched_get_priority_max (int policy); }
+	SYS_SCHED_GET_PRIORITY_MIN   = 333 // { int sched_get_priority_min (int policy); }
+	SYS_SCHED_RR_GET_INTERVAL    = 334 // { int sched_rr_get_interval (pid_t pid, struct timespec *interval); }
+	SYS_UTRACE                   = 335 // { int utrace(const void *addr, size_t len); }
+	SYS_KLDSYM                   = 337 // { int kldsym(int fileid, int cmd, void *data); }
+	SYS_JAIL                     = 338 // { int jail(struct jail *jail); }
+	SYS_SIGPROCMASK              = 340 // { int sigprocmask(int how, const sigset_t *set, sigset_t *oset); }
+	SYS_SIGSUSPEND               = 341 // { int sigsuspend(const sigset_t *sigmask); }
+	SYS_SIGPENDING               = 343 // { int sigpending(sigset_t *set); }
+	SYS_SIGTIMEDWAIT             = 345 // { int sigtimedwait(const sigset_t *set, siginfo_t *info, const struct timespec *timeout); }
+	SYS_SIGWAITINFO              = 346 // { int sigwaitinfo(const sigset_t *set, siginfo_t *info); }
+	SYS___ACL_GET_FILE           = 347 // { int __acl_get_file(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_SET_FILE           = 348 // { int __acl_set_file(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_GET_FD             = 349 // { int __acl_get_fd(int filedes, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_SET_FD             = 350 // { int __acl_set_fd(int filedes, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_DELETE_FILE        = 351 // { int __acl_delete_file(const char *path, acl_type_t type); }
+	SYS___ACL_DELETE_FD          = 352 // { int __acl_delete_fd(int filedes, acl_type_t type); }
+	SYS___ACL_ACLCHECK_FILE      = 353 // { int __acl_aclcheck_file(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_ACLCHECK_FD        = 354 // { int __acl_aclcheck_fd(int filedes, acl_type_t type, struct acl *aclp); }
+	SYS_EXTATTRCTL               = 355 // { int extattrctl(const char *path, int cmd, const char *filename, int attrnamespace, const char *attrname); }
+	SYS_EXTATTR_SET_FILE         = 356 // { ssize_t extattr_set_file( const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_GET_FILE         = 357 // { ssize_t extattr_get_file( const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_DELETE_FILE      = 358 // { int extattr_delete_file(const char *path, int attrnamespace, const char *attrname); }
+	SYS_AIO_WAITCOMPLETE         = 359 // { ssize_t aio_waitcomplete( struct aiocb **aiocbp, struct timespec *timeout); }
+	SYS_GETRESUID                = 360 // { int getresuid(uid_t *ruid, uid_t *euid, uid_t *suid); }
+	SYS_GETRESGID                = 361 // { int getresgid(gid_t *rgid, gid_t *egid, gid_t *sgid); }
+	SYS_KQUEUE                   = 362 // { int kqueue(void); }
+	SYS_KEVENT                   = 363 // { int kevent(int fd, struct kevent *changelist, int nchanges, struct kevent *eventlist, int nevents, const struct timespec *timeout); }
+	SYS_EXTATTR_SET_FD           = 371 // { ssize_t extattr_set_fd(int fd, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_GET_FD           = 372 // { ssize_t extattr_get_fd(int fd, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_DELETE_FD        = 373 // { int extattr_delete_fd(int fd, int attrnamespace, const char *attrname); }
+	SYS___SETUGID                = 374 // { int __setugid(int flag); }
+	SYS_EACCESS                  = 376 // { int eaccess(char *path, int amode); }
+	SYS_NMOUNT                   = 378 // { int nmount(struct iovec *iovp, unsigned int iovcnt, int flags); }
+	SYS___MAC_GET_PROC           = 384 // { int __mac_get_proc(struct mac *mac_p); }
+	SYS___MAC_SET_PROC           = 385 // { int __mac_set_proc(struct mac *mac_p); }
+	SYS___MAC_GET_FD             = 386 // { int __mac_get_fd(int fd, struct mac *mac_p); }
+	SYS___MAC_GET_FILE           = 387 // { int __mac_get_file(const char *path_p, struct mac *mac_p); }
+	SYS___MAC_SET_FD             = 388 // { int __mac_set_fd(int fd, struct mac *mac_p); }
+	SYS___MAC_SET_FILE           = 389 // { int __mac_set_file(const char *path_p, struct mac *mac_p); }
+	SYS_KENV                     = 390 // { int kenv(int what, const char *name, char *value, int len); }
+	SYS_LCHFLAGS                 = 391 // { int lchflags(const char *path, u_long flags); }
+	SYS_UUIDGEN                  = 392 // { int uuidgen(struct uuid *store, int count); }
+	SYS_SENDFILE                 = 393 // { int sendfile(int fd, int s, off_t offset, size_t nbytes, struct sf_hdtr *hdtr, off_t *sbytes, int flags); }
+	SYS_MAC_SYSCALL              = 394 // { int mac_syscall(const char *policy, int call, void *arg); }
+	SYS_GETFSSTAT                = 395 // { int getfsstat(struct statfs *buf, long bufsize, int mode); }
+	SYS_STATFS                   = 396 // { int statfs(char *path, struct statfs *buf); }
+	SYS_FSTATFS                  = 397 // { int fstatfs(int fd, struct statfs *buf); }
+	SYS_FHSTATFS                 = 398 // { int fhstatfs(const struct fhandle *u_fhp, struct statfs *buf); }
+	SYS_KSEM_CLOSE               = 400 // { int ksem_close(semid_t id); }
+	SYS_KSEM_POST                = 401 // { int ksem_post(semid_t id); }
+	SYS_KSEM_WAIT                = 402 // { int ksem_wait(semid_t id); }
+	SYS_KSEM_TRYWAIT             = 403 // { int ksem_trywait(semid_t id); }
+	SYS_KSEM_INIT                = 404 // { int ksem_init(semid_t *idp, unsigned int value); }
+	SYS_KSEM_OPEN                = 405 // { int ksem_open(semid_t *idp, const char *name, int oflag, mode_t mode, unsigned int value); }
+	SYS_KSEM_UNLINK              = 406 // { int ksem_unlink(const char *name); }
+	SYS_KSEM_GETVALUE            = 407 // { int ksem_getvalue(semid_t id, int *val); }
+	SYS_KSEM_DESTROY             = 408 // { int ksem_destroy(semid_t id); }
+	SYS___MAC_GET_PID            = 409 // { int __mac_get_pid(pid_t pid, struct mac *mac_p); }
+	SYS___MAC_GET_LINK           = 410 // { int __mac_get_link(const char *path_p, struct mac *mac_p); }
+	SYS___MAC_SET_LINK           = 411 // { int __mac_set_link(const char *path_p, struct mac *mac_p); }
+	SYS_EXTATTR_SET_LINK         = 412 // { ssize_t extattr_set_link( const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_GET_LINK         = 413 // { ssize_t extattr_get_link( const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_DELETE_LINK      = 414 // { int extattr_delete_link( const char *path, int attrnamespace, const char *attrname); }
+	SYS___MAC_EXECVE             = 415 // { int __mac_execve(char *fname, char **argv, char **envv, struct mac *mac_p); }
+	SYS_SIGACTION                = 416 // { int sigaction(int sig, const struct sigaction *act, struct sigaction *oact); }
+	SYS_SIGRETURN                = 417 // { int sigreturn( const struct __ucontext *sigcntxp); }
+	SYS_GETCONTEXT               = 421 // { int getcontext(struct __ucontext *ucp); }
+	SYS_SETCONTEXT               = 422 // { int setcontext( const struct __ucontext *ucp); }
+	SYS_SWAPCONTEXT              = 423 // { int swapcontext(struct __ucontext *oucp, const struct __ucontext *ucp); }
+	SYS_SWAPOFF                  = 424 // { int swapoff(const char *name); }
+	SYS___ACL_GET_LINK           = 425 // { int __acl_get_link(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_SET_LINK           = 426 // { int __acl_set_link(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_DELETE_LINK        = 427 // { int __acl_delete_link(const char *path, acl_type_t type); }
+	SYS___ACL_ACLCHECK_LINK      = 428 // { int __acl_aclcheck_link(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS_SIGWAIT                  = 429 // { int sigwait(const sigset_t *set, int *sig); }
+	SYS_THR_CREATE               = 430 // { int thr_create(ucontext_t *ctx, long *id, int flags); }
+	SYS_THR_EXIT                 = 431 // { void thr_exit(long *state); }
+	SYS_THR_SELF                 = 432 // { int thr_self(long *id); }
+	SYS_THR_KILL                 = 433 // { int thr_kill(long id, int sig); }
+	SYS_JAIL_ATTACH              = 436 // { int jail_attach(int jid); }
+	SYS_EXTATTR_LIST_FD          = 437 // { ssize_t extattr_list_fd(int fd, int attrnamespace, void *data, size_t nbytes); }
+	SYS_EXTATTR_LIST_FILE        = 438 // { ssize_t extattr_list_file( const char *path, int attrnamespace, void *data, size_t nbytes); }
+	SYS_EXTATTR_LIST_LINK        = 439 // { ssize_t extattr_list_link( const char *path, int attrnamespace, void *data, size_t nbytes); }
+	SYS_KSEM_TIMEDWAIT           = 441 // { int ksem_timedwait(semid_t id, const struct timespec *abstime); }
+	SYS_THR_SUSPEND              = 442 // { int thr_suspend( const struct timespec *timeout); }
+	SYS_THR_WAKE                 = 443 // { int thr_wake(long id); }
+	SYS_KLDUNLOADF               = 444 // { int kldunloadf(int fileid, int flags); }
+	SYS_AUDIT                    = 445 // { int audit(const void *record, u_int length); }
+	SYS_AUDITON                  = 446 // { int auditon(int cmd, void *data, u_int length); }
+	SYS_GETAUID                  = 447 // { int getauid(uid_t *auid); }
+	SYS_SETAUID                  = 448 // { int setauid(uid_t *auid); }
+	SYS_GETAUDIT                 = 449 // { int getaudit(struct auditinfo *auditinfo); }
+	SYS_SETAUDIT                 = 450 // { int setaudit(struct auditinfo *auditinfo); }
+	SYS_GETAUDIT_ADDR            = 451 // { int getaudit_addr( struct auditinfo_addr *auditinfo_addr, u_int length); }
+	SYS_SETAUDIT_ADDR            = 452 // { int setaudit_addr( struct auditinfo_addr *auditinfo_addr, u_int length); }
+	SYS_AUDITCTL                 = 453 // { int auditctl(char *path); }
+	SYS__UMTX_OP                 = 454 // { int _umtx_op(void *obj, int op, u_long val, void *uaddr1, void *uaddr2); }
+	SYS_THR_NEW                  = 455 // { int thr_new(struct thr_param *param, int param_size); }
+	SYS_SIGQUEUE                 = 456 // { int sigqueue(pid_t pid, int signum, void *value); }
+	SYS_KMQ_OPEN                 = 457 // { int kmq_open(const char *path, int flags, mode_t mode, const struct mq_attr *attr); }
+	SYS_KMQ_SETATTR              = 458 // { int kmq_setattr(int mqd,		const struct mq_attr *attr,		struct mq_attr *oattr); }
+	SYS_KMQ_TIMEDRECEIVE         = 459 // { int kmq_timedreceive(int mqd,	char *msg_ptr, size_t msg_len,	unsigned *msg_prio,			const struct timespec *abs_timeout); }
+	SYS_KMQ_TIMEDSEND            = 460 // { int kmq_timedsend(int mqd,		const char *msg_ptr, size_t msg_len,unsigned msg_prio,			const struct timespec *abs_timeout);}
+	SYS_KMQ_NOTIFY               = 461 // { int kmq_notify(int mqd,		const struct sigevent *sigev); }
+	SYS_KMQ_UNLINK               = 462 // { int kmq_unlink(const char *path); }
+	SYS_ABORT2                   = 463 // { int abort2(const char *why, int nargs, void **args); }
+	SYS_THR_SET_NAME             = 464 // { int thr_set_name(long id, const char *name); }
+	SYS_AIO_FSYNC                = 465 // { int aio_fsync(int op, struct aiocb *aiocbp); }
+	SYS_RTPRIO_THREAD            = 466 // { int rtprio_thread(int function, lwpid_t lwpid, struct rtprio *rtp); }
+	SYS_SCTP_PEELOFF             = 471 // { int sctp_peeloff(int sd, uint32_t name); }
+	SYS_SCTP_GENERIC_SENDMSG     = 472 // { int sctp_generic_sendmsg(int sd, caddr_t msg, int mlen, caddr_t to, __socklen_t tolen, struct sctp_sndrcvinfo *sinfo, int flags); }
+	SYS_SCTP_GENERIC_SENDMSG_IOV = 473 // { int sctp_generic_sendmsg_iov(int sd, struct iovec *iov, int iovlen, caddr_t to, __socklen_t tolen, struct sctp_sndrcvinfo *sinfo, int flags); }
+	SYS_SCTP_GENERIC_RECVMSG     = 474 // { int sctp_generic_recvmsg(int sd, struct iovec *iov, int iovlen, struct sockaddr * from, __socklen_t *fromlenaddr, struct sctp_sndrcvinfo *sinfo, int *msg_flags); }
+	SYS_PREAD                    = 475 // { ssize_t pread(int fd, void *buf, size_t nbyte, off_t offset); }
+	SYS_PWRITE                   = 476 // { ssize_t pwrite(int fd, const void *buf, size_t nbyte, off_t offset); }
+	SYS_MMAP                     = 477 // { caddr_t mmap(caddr_t addr, size_t len, int prot, int flags, int fd, off_t pos); }
+	SYS_LSEEK                    = 478 // { off_t lseek(int fd, off_t offset, int whence); }
+	SYS_TRUNCATE                 = 479 // { int truncate(char *path, off_t length); }
+	SYS_FTRUNCATE                = 480 // { int ftruncate(int fd, off_t length); }
+	SYS_THR_KILL2                = 481 // { int thr_kill2(pid_t pid, long id, int sig); }
+	SYS_SHM_OPEN                 = 482 // { int shm_open(const char *path, int flags, mode_t mode); }
+	SYS_SHM_UNLINK               = 483 // { int shm_unlink(const char *path); }
+	SYS_CPUSET                   = 484 // { int cpuset(cpusetid_t *setid); }
+	SYS_CPUSET_SETID             = 485 // { int cpuset_setid(cpuwhich_t which, id_t id, cpusetid_t setid); }
+	SYS_CPUSET_GETID             = 486 // { int cpuset_getid(cpulevel_t level, cpuwhich_t which, id_t id, cpusetid_t *setid); }
+	SYS_CPUSET_GETAFFINITY       = 487 // { int cpuset_getaffinity(cpulevel_t level, cpuwhich_t which, id_t id, size_t cpusetsize, cpuset_t *mask); }
+	SYS_CPUSET_SETAFFINITY       = 488 // { int cpuset_setaffinity(cpulevel_t level, cpuwhich_t which, id_t id, size_t cpusetsize, const cpuset_t *mask); }
+	SYS_FACCESSAT                = 489 // { int faccessat(int fd, char *path, int amode, int flag); }
+	SYS_FCHMODAT                 = 490 // { int fchmodat(int fd, char *path, mode_t mode, int flag); }
+	SYS_FCHOWNAT                 = 491 // { int fchownat(int fd, char *path, uid_t uid, gid_t gid, int flag); }
+	SYS_FEXECVE                  = 492 // { int fexecve(int fd, char **argv, char **envv); }
+	SYS_FSTATAT                  = 493 // { int fstatat(int fd, char *path, struct stat *buf, int flag); }
+	SYS_FUTIMESAT                = 494 // { int futimesat(int fd, char *path, struct timeval *times); }
+	SYS_LINKAT                   = 495 // { int linkat(int fd1, char *path1, int fd2, char *path2, int flag); }
+	SYS_MKDIRAT                  = 496 // { int mkdirat(int fd, char *path, mode_t mode); }
+	SYS_MKFIFOAT                 = 497 // { int mkfifoat(int fd, char *path, mode_t mode); }
+	SYS_MKNODAT                  = 498 // { int mknodat(int fd, char *path, mode_t mode, dev_t dev); }
+	SYS_OPENAT                   = 499 // { int openat(int fd, char *path, int flag, mode_t mode); }
+	SYS_READLINKAT               = 500 // { int readlinkat(int fd, char *path, char *buf, size_t bufsize); }
+	SYS_RENAMEAT                 = 501 // { int renameat(int oldfd, char *old, int newfd, char *new); }
+	SYS_SYMLINKAT                = 502 // { int symlinkat(char *path1, int fd, char *path2); }
+	SYS_UNLINKAT                 = 503 // { int unlinkat(int fd, char *path, int flag); }
+	SYS_POSIX_OPENPT             = 504 // { int posix_openpt(int flags); }
+	SYS_GSSD_SYSCALL             = 505 // { int gssd_syscall(char *path); }
+	SYS_JAIL_GET                 = 506 // { int jail_get(struct iovec *iovp, unsigned int iovcnt, int flags); }
+	SYS_JAIL_SET                 = 507 // { int jail_set(struct iovec *iovp, unsigned int iovcnt, int flags); }
+	SYS_JAIL_REMOVE              = 508 // { int jail_remove(int jid); }
+	SYS_CLOSEFROM                = 509 // { int closefrom(int lowfd); }
+	SYS___SEMCTL                 = 510 // { int __semctl(int semid, int semnum, int cmd, union semun *arg); }
+	SYS_MSGCTL                   = 511 // { int msgctl(int msqid, int cmd, struct msqid_ds *buf); }
+	SYS_SHMCTL                   = 512 // { int shmctl(int shmid, int cmd, struct shmid_ds *buf); }
+	SYS_LPATHCONF                = 513 // { int lpathconf(char *path, int name); }
+	SYS___CAP_RIGHTS_GET         = 515 // { int __cap_rights_get(int version, int fd, cap_rights_t *rightsp); }
+	SYS_CAP_ENTER                = 516 // { int cap_enter(void); }
+	SYS_CAP_GETMODE              = 517 // { int cap_getmode(u_int *modep); }
+	SYS_PDFORK                   = 518 // { int pdfork(int *fdp, int flags); }
+	SYS_PDKILL                   = 519 // { int pdkill(int fd, int signum); }
+	SYS_PDGETPID                 = 520 // { int pdgetpid(int fd, pid_t *pidp); }
+	SYS_PSELECT                  = 522 // { int pselect(int nd, fd_set *in, fd_set *ou, fd_set *ex, const struct timespec *ts, const sigset_t *sm); }
+	SYS_GETLOGINCLASS            = 523 // { int getloginclass(char *namebuf, size_t namelen); }
+	SYS_SETLOGINCLASS            = 524 // { int setloginclass(const char *namebuf); }
+	SYS_RCTL_GET_RACCT           = 525 // { int rctl_get_racct(const void *inbufp, size_t inbuflen, void *outbufp, size_t outbuflen); }
+	SYS_RCTL_GET_RULES           = 526 // { int rctl_get_rules(const void *inbufp, size_t inbuflen, void *outbufp, size_t outbuflen); }
+	SYS_RCTL_GET_LIMITS          = 527 // { int rctl_get_limits(const void *inbufp, size_t inbuflen, void *outbufp, size_t outbuflen); }
+	SYS_RCTL_ADD_RULE            = 528 // { int rctl_add_rule(const void *inbufp, size_t inbuflen, void *outbufp, size_t outbuflen); }
+	SYS_RCTL_REMOVE_RULE         = 529 // { int rctl_remove_rule(const void *inbufp, size_t inbuflen, void *outbufp, size_t outbuflen); }
+	SYS_POSIX_FALLOCATE          = 530 // { int posix_fallocate(int fd, off_t offset, off_t len); }
+	SYS_POSIX_FADVISE            = 531 // { int posix_fadvise(int fd, off_t offset, off_t len, int advice); }
+	SYS_WAIT6                    = 532 // { int wait6(idtype_t idtype, id_t id, int *status, int options, struct __wrusage *wrusage, siginfo_t *info); }
+	SYS_CAP_RIGHTS_LIMIT         = 533 // { int cap_rights_limit(int fd, cap_rights_t *rightsp); }
+	SYS_CAP_IOCTLS_LIMIT         = 534 // { int cap_ioctls_limit(int fd, const u_long *cmds, size_t ncmds); }
+	SYS_CAP_IOCTLS_GET           = 535 // { ssize_t cap_ioctls_get(int fd, u_long *cmds, size_t maxcmds); }
+	SYS_CAP_FCNTLS_LIMIT         = 536 // { int cap_fcntls_limit(int fd, uint32_t fcntlrights); }
+	SYS_CAP_FCNTLS_GET           = 537 // { int cap_fcntls_get(int fd, uint32_t *fcntlrightsp); }
+	SYS_BINDAT                   = 538 // { int bindat(int fd, int s, caddr_t name, int namelen); }
+	SYS_CONNECTAT                = 539 // { int connectat(int fd, int s, caddr_t name, int namelen); }
+	SYS_CHFLAGSAT                = 540 // { int chflagsat(int fd, const char *path, u_long flags, int atflag); }
+	SYS_ACCEPT4                  = 541 // { int accept4(int s, struct sockaddr * __restrict name, __socklen_t * __restrict anamelen, int flags); }
+	SYS_PIPE2                    = 542 // { int pipe2(int *fildes, int flags); }
+	SYS_AIO_MLOCK                = 543 // { int aio_mlock(struct aiocb *aiocbp); }
+	SYS_PROCCTL                  = 544 // { int procctl(idtype_t idtype, id_t id, int com, void *data); }
+	SYS_PPOLL                    = 545 // { int ppoll(struct pollfd *fds, u_int nfds, const struct timespec *ts, const sigset_t *set); }
+	SYS_FUTIMENS                 = 546 // { int futimens(int fd, struct timespec *times); }
+	SYS_UTIMENSAT                = 547 // { int utimensat(int fd, char *path, struct timespec *times, int flag); }
+	SYS_NUMA_GETAFFINITY         = 548 // { int numa_getaffinity(cpuwhich_t which, id_t id, struct vm_domain_policy_entry *policy); }
+	SYS_NUMA_SETAFFINITY         = 549 // { int numa_setaffinity(cpuwhich_t which, id_t id, const struct vm_domain_policy_entry *policy); }
+	SYS_FDATASYNC                = 550 // { int fdatasync(int fd); }
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_freebsd_amd64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_freebsd_amd64.go
new file mode 100644
index 000000000..48a7beae7
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_freebsd_amd64.go
@@ -0,0 +1,396 @@
+// go run mksysnum.go https://svn.freebsd.org/base/stable/11/sys/kern/syscalls.master
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build amd64,freebsd
+
+package unix
+
+const (
+	// SYS_NOSYS = 0;  // { int nosys(void); } syscall nosys_args int
+	SYS_EXIT                     = 1   // { void sys_exit(int rval); } exit sys_exit_args void
+	SYS_FORK                     = 2   // { int fork(void); }
+	SYS_READ                     = 3   // { ssize_t read(int fd, void *buf, size_t nbyte); }
+	SYS_WRITE                    = 4   // { ssize_t write(int fd, const void *buf, size_t nbyte); }
+	SYS_OPEN                     = 5   // { int open(char *path, int flags, int mode); }
+	SYS_CLOSE                    = 6   // { int close(int fd); }
+	SYS_WAIT4                    = 7   // { int wait4(int pid, int *status, int options, struct rusage *rusage); }
+	SYS_LINK                     = 9   // { int link(char *path, char *link); }
+	SYS_UNLINK                   = 10  // { int unlink(char *path); }
+	SYS_CHDIR                    = 12  // { int chdir(char *path); }
+	SYS_FCHDIR                   = 13  // { int fchdir(int fd); }
+	SYS_MKNOD                    = 14  // { int mknod(char *path, int mode, int dev); }
+	SYS_CHMOD                    = 15  // { int chmod(char *path, int mode); }
+	SYS_CHOWN                    = 16  // { int chown(char *path, int uid, int gid); }
+	SYS_OBREAK                   = 17  // { int obreak(char *nsize); } break obreak_args int
+	SYS_GETPID                   = 20  // { pid_t getpid(void); }
+	SYS_MOUNT                    = 21  // { int mount(char *type, char *path, int flags, caddr_t data); }
+	SYS_UNMOUNT                  = 22  // { int unmount(char *path, int flags); }
+	SYS_SETUID                   = 23  // { int setuid(uid_t uid); }
+	SYS_GETUID                   = 24  // { uid_t getuid(void); }
+	SYS_GETEUID                  = 25  // { uid_t geteuid(void); }
+	SYS_PTRACE                   = 26  // { int ptrace(int req, pid_t pid, caddr_t addr, int data); }
+	SYS_RECVMSG                  = 27  // { int recvmsg(int s, struct msghdr *msg, int flags); }
+	SYS_SENDMSG                  = 28  // { int sendmsg(int s, struct msghdr *msg, int flags); }
+	SYS_RECVFROM                 = 29  // { int recvfrom(int s, caddr_t buf, size_t len, int flags, struct sockaddr * __restrict from, __socklen_t * __restrict fromlenaddr); }
+	SYS_ACCEPT                   = 30  // { int accept(int s, struct sockaddr * __restrict name, __socklen_t * __restrict anamelen); }
+	SYS_GETPEERNAME              = 31  // { int getpeername(int fdes, struct sockaddr * __restrict asa, __socklen_t * __restrict alen); }
+	SYS_GETSOCKNAME              = 32  // { int getsockname(int fdes, struct sockaddr * __restrict asa, __socklen_t * __restrict alen); }
+	SYS_ACCESS                   = 33  // { int access(char *path, int amode); }
+	SYS_CHFLAGS                  = 34  // { int chflags(const char *path, u_long flags); }
+	SYS_FCHFLAGS                 = 35  // { int fchflags(int fd, u_long flags); }
+	SYS_SYNC                     = 36  // { int sync(void); }
+	SYS_KILL                     = 37  // { int kill(int pid, int signum); }
+	SYS_GETPPID                  = 39  // { pid_t getppid(void); }
+	SYS_DUP                      = 41  // { int dup(u_int fd); }
+	SYS_PIPE                     = 42  // { int pipe(void); }
+	SYS_GETEGID                  = 43  // { gid_t getegid(void); }
+	SYS_PROFIL                   = 44  // { int profil(caddr_t samples, size_t size, size_t offset, u_int scale); }
+	SYS_KTRACE                   = 45  // { int ktrace(const char *fname, int ops, int facs, int pid); }
+	SYS_GETGID                   = 47  // { gid_t getgid(void); }
+	SYS_GETLOGIN                 = 49  // { int getlogin(char *namebuf, u_int namelen); }
+	SYS_SETLOGIN                 = 50  // { int setlogin(char *namebuf); }
+	SYS_ACCT                     = 51  // { int acct(char *path); }
+	SYS_SIGALTSTACK              = 53  // { int sigaltstack(stack_t *ss, stack_t *oss); }
+	SYS_IOCTL                    = 54  // { int ioctl(int fd, u_long com, caddr_t data); }
+	SYS_REBOOT                   = 55  // { int reboot(int opt); }
+	SYS_REVOKE                   = 56  // { int revoke(char *path); }
+	SYS_SYMLINK                  = 57  // { int symlink(char *path, char *link); }
+	SYS_READLINK                 = 58  // { ssize_t readlink(char *path, char *buf, size_t count); }
+	SYS_EXECVE                   = 59  // { int execve(char *fname, char **argv, char **envv); }
+	SYS_UMASK                    = 60  // { int umask(int newmask); } umask umask_args int
+	SYS_CHROOT                   = 61  // { int chroot(char *path); }
+	SYS_MSYNC                    = 65  // { int msync(void *addr, size_t len, int flags); }
+	SYS_VFORK                    = 66  // { int vfork(void); }
+	SYS_SBRK                     = 69  // { int sbrk(int incr); }
+	SYS_SSTK                     = 70  // { int sstk(int incr); }
+	SYS_OVADVISE                 = 72  // { int ovadvise(int anom); } vadvise ovadvise_args int
+	SYS_MUNMAP                   = 73  // { int munmap(void *addr, size_t len); }
+	SYS_MPROTECT                 = 74  // { int mprotect(const void *addr, size_t len, int prot); }
+	SYS_MADVISE                  = 75  // { int madvise(void *addr, size_t len, int behav); }
+	SYS_MINCORE                  = 78  // { int mincore(const void *addr, size_t len, char *vec); }
+	SYS_GETGROUPS                = 79  // { int getgroups(u_int gidsetsize, gid_t *gidset); }
+	SYS_SETGROUPS                = 80  // { int setgroups(u_int gidsetsize, gid_t *gidset); }
+	SYS_GETPGRP                  = 81  // { int getpgrp(void); }
+	SYS_SETPGID                  = 82  // { int setpgid(int pid, int pgid); }
+	SYS_SETITIMER                = 83  // { int setitimer(u_int which, struct itimerval *itv, struct itimerval *oitv); }
+	SYS_SWAPON                   = 85  // { int swapon(char *name); }
+	SYS_GETITIMER                = 86  // { int getitimer(u_int which, struct itimerval *itv); }
+	SYS_GETDTABLESIZE            = 89  // { int getdtablesize(void); }
+	SYS_DUP2                     = 90  // { int dup2(u_int from, u_int to); }
+	SYS_FCNTL                    = 92  // { int fcntl(int fd, int cmd, long arg); }
+	SYS_SELECT                   = 93  // { int select(int nd, fd_set *in, fd_set *ou, fd_set *ex, struct timeval *tv); }
+	SYS_FSYNC                    = 95  // { int fsync(int fd); }
+	SYS_SETPRIORITY              = 96  // { int setpriority(int which, int who, int prio); }
+	SYS_SOCKET                   = 97  // { int socket(int domain, int type, int protocol); }
+	SYS_CONNECT                  = 98  // { int connect(int s, caddr_t name, int namelen); }
+	SYS_GETPRIORITY              = 100 // { int getpriority(int which, int who); }
+	SYS_BIND                     = 104 // { int bind(int s, caddr_t name, int namelen); }
+	SYS_SETSOCKOPT               = 105 // { int setsockopt(int s, int level, int name, caddr_t val, int valsize); }
+	SYS_LISTEN                   = 106 // { int listen(int s, int backlog); }
+	SYS_GETTIMEOFDAY             = 116 // { int gettimeofday(struct timeval *tp, struct timezone *tzp); }
+	SYS_GETRUSAGE                = 117 // { int getrusage(int who, struct rusage *rusage); }
+	SYS_GETSOCKOPT               = 118 // { int getsockopt(int s, int level, int name, caddr_t val, int *avalsize); }
+	SYS_READV                    = 120 // { int readv(int fd, struct iovec *iovp, u_int iovcnt); }
+	SYS_WRITEV                   = 121 // { int writev(int fd, struct iovec *iovp, u_int iovcnt); }
+	SYS_SETTIMEOFDAY             = 122 // { int settimeofday(struct timeval *tv, struct timezone *tzp); }
+	SYS_FCHOWN                   = 123 // { int fchown(int fd, int uid, int gid); }
+	SYS_FCHMOD                   = 124 // { int fchmod(int fd, int mode); }
+	SYS_SETREUID                 = 126 // { int setreuid(int ruid, int euid); }
+	SYS_SETREGID                 = 127 // { int setregid(int rgid, int egid); }
+	SYS_RENAME                   = 128 // { int rename(char *from, char *to); }
+	SYS_FLOCK                    = 131 // { int flock(int fd, int how); }
+	SYS_MKFIFO                   = 132 // { int mkfifo(char *path, int mode); }
+	SYS_SENDTO                   = 133 // { int sendto(int s, caddr_t buf, size_t len, int flags, caddr_t to, int tolen); }
+	SYS_SHUTDOWN                 = 134 // { int shutdown(int s, int how); }
+	SYS_SOCKETPAIR               = 135 // { int socketpair(int domain, int type, int protocol, int *rsv); }
+	SYS_MKDIR                    = 136 // { int mkdir(char *path, int mode); }
+	SYS_RMDIR                    = 137 // { int rmdir(char *path); }
+	SYS_UTIMES                   = 138 // { int utimes(char *path, struct timeval *tptr); }
+	SYS_ADJTIME                  = 140 // { int adjtime(struct timeval *delta, struct timeval *olddelta); }
+	SYS_SETSID                   = 147 // { int setsid(void); }
+	SYS_QUOTACTL                 = 148 // { int quotactl(char *path, int cmd, int uid, caddr_t arg); }
+	SYS_NLM_SYSCALL              = 154 // { int nlm_syscall(int debug_level, int grace_period, int addr_count, char **addrs); }
+	SYS_NFSSVC                   = 155 // { int nfssvc(int flag, caddr_t argp); }
+	SYS_LGETFH                   = 160 // { int lgetfh(char *fname, struct fhandle *fhp); }
+	SYS_GETFH                    = 161 // { int getfh(char *fname, struct fhandle *fhp); }
+	SYS_SYSARCH                  = 165 // { int sysarch(int op, char *parms); }
+	SYS_RTPRIO                   = 166 // { int rtprio(int function, pid_t pid, struct rtprio *rtp); }
+	SYS_SEMSYS                   = 169 // { int semsys(int which, int a2, int a3, int a4, int a5); }
+	SYS_MSGSYS                   = 170 // { int msgsys(int which, int a2, int a3, int a4, int a5, int a6); }
+	SYS_SHMSYS                   = 171 // { int shmsys(int which, int a2, int a3, int a4); }
+	SYS_SETFIB                   = 175 // { int setfib(int fibnum); }
+	SYS_NTP_ADJTIME              = 176 // { int ntp_adjtime(struct timex *tp); }
+	SYS_SETGID                   = 181 // { int setgid(gid_t gid); }
+	SYS_SETEGID                  = 182 // { int setegid(gid_t egid); }
+	SYS_SETEUID                  = 183 // { int seteuid(uid_t euid); }
+	SYS_STAT                     = 188 // { int stat(char *path, struct stat *ub); }
+	SYS_FSTAT                    = 189 // { int fstat(int fd, struct stat *sb); }
+	SYS_LSTAT                    = 190 // { int lstat(char *path, struct stat *ub); }
+	SYS_PATHCONF                 = 191 // { int pathconf(char *path, int name); }
+	SYS_FPATHCONF                = 192 // { int fpathconf(int fd, int name); }
+	SYS_GETRLIMIT                = 194 // { int getrlimit(u_int which, struct rlimit *rlp); } getrlimit __getrlimit_args int
+	SYS_SETRLIMIT                = 195 // { int setrlimit(u_int which, struct rlimit *rlp); } setrlimit __setrlimit_args int
+	SYS_GETDIRENTRIES            = 196 // { int getdirentries(int fd, char *buf, u_int count, long *basep); }
+	SYS___SYSCTL                 = 202 // { int __sysctl(int *name, u_int namelen, void *old, size_t *oldlenp, void *new, size_t newlen); } __sysctl sysctl_args int
+	SYS_MLOCK                    = 203 // { int mlock(const void *addr, size_t len); }
+	SYS_MUNLOCK                  = 204 // { int munlock(const void *addr, size_t len); }
+	SYS_UNDELETE                 = 205 // { int undelete(char *path); }
+	SYS_FUTIMES                  = 206 // { int futimes(int fd, struct timeval *tptr); }
+	SYS_GETPGID                  = 207 // { int getpgid(pid_t pid); }
+	SYS_POLL                     = 209 // { int poll(struct pollfd *fds, u_int nfds, int timeout); }
+	SYS_SEMGET                   = 221 // { int semget(key_t key, int nsems, int semflg); }
+	SYS_SEMOP                    = 222 // { int semop(int semid, struct sembuf *sops, size_t nsops); }
+	SYS_MSGGET                   = 225 // { int msgget(key_t key, int msgflg); }
+	SYS_MSGSND                   = 226 // { int msgsnd(int msqid, const void *msgp, size_t msgsz, int msgflg); }
+	SYS_MSGRCV                   = 227 // { int msgrcv(int msqid, void *msgp, size_t msgsz, long msgtyp, int msgflg); }
+	SYS_SHMAT                    = 228 // { int shmat(int shmid, const void *shmaddr, int shmflg); }
+	SYS_SHMDT                    = 230 // { int shmdt(const void *shmaddr); }
+	SYS_SHMGET                   = 231 // { int shmget(key_t key, size_t size, int shmflg); }
+	SYS_CLOCK_GETTIME            = 232 // { int clock_gettime(clockid_t clock_id, struct timespec *tp); }
+	SYS_CLOCK_SETTIME            = 233 // { int clock_settime( clockid_t clock_id, const struct timespec *tp); }
+	SYS_CLOCK_GETRES             = 234 // { int clock_getres(clockid_t clock_id, struct timespec *tp); }
+	SYS_KTIMER_CREATE            = 235 // { int ktimer_create(clockid_t clock_id, struct sigevent *evp, int *timerid); }
+	SYS_KTIMER_DELETE            = 236 // { int ktimer_delete(int timerid); }
+	SYS_KTIMER_SETTIME           = 237 // { int ktimer_settime(int timerid, int flags, const struct itimerspec *value, struct itimerspec *ovalue); }
+	SYS_KTIMER_GETTIME           = 238 // { int ktimer_gettime(int timerid, struct itimerspec *value); }
+	SYS_KTIMER_GETOVERRUN        = 239 // { int ktimer_getoverrun(int timerid); }
+	SYS_NANOSLEEP                = 240 // { int nanosleep(const struct timespec *rqtp, struct timespec *rmtp); }
+	SYS_FFCLOCK_GETCOUNTER       = 241 // { int ffclock_getcounter(ffcounter *ffcount); }
+	SYS_FFCLOCK_SETESTIMATE      = 242 // { int ffclock_setestimate( struct ffclock_estimate *cest); }
+	SYS_FFCLOCK_GETESTIMATE      = 243 // { int ffclock_getestimate( struct ffclock_estimate *cest); }
+	SYS_CLOCK_NANOSLEEP          = 244 // { int clock_nanosleep(clockid_t clock_id, int flags, const struct timespec *rqtp, struct timespec *rmtp); }
+	SYS_CLOCK_GETCPUCLOCKID2     = 247 // { int clock_getcpuclockid2(id_t id,int which, clockid_t *clock_id); }
+	SYS_NTP_GETTIME              = 248 // { int ntp_gettime(struct ntptimeval *ntvp); }
+	SYS_MINHERIT                 = 250 // { int minherit(void *addr, size_t len, int inherit); }
+	SYS_RFORK                    = 251 // { int rfork(int flags); }
+	SYS_OPENBSD_POLL             = 252 // { int openbsd_poll(struct pollfd *fds, u_int nfds, int timeout); }
+	SYS_ISSETUGID                = 253 // { int issetugid(void); }
+	SYS_LCHOWN                   = 254 // { int lchown(char *path, int uid, int gid); }
+	SYS_AIO_READ                 = 255 // { int aio_read(struct aiocb *aiocbp); }
+	SYS_AIO_WRITE                = 256 // { int aio_write(struct aiocb *aiocbp); }
+	SYS_LIO_LISTIO               = 257 // { int lio_listio(int mode, struct aiocb * const *acb_list, int nent, struct sigevent *sig); }
+	SYS_GETDENTS                 = 272 // { int getdents(int fd, char *buf, size_t count); }
+	SYS_LCHMOD                   = 274 // { int lchmod(char *path, mode_t mode); }
+	SYS_LUTIMES                  = 276 // { int lutimes(char *path, struct timeval *tptr); }
+	SYS_NSTAT                    = 278 // { int nstat(char *path, struct nstat *ub); }
+	SYS_NFSTAT                   = 279 // { int nfstat(int fd, struct nstat *sb); }
+	SYS_NLSTAT                   = 280 // { int nlstat(char *path, struct nstat *ub); }
+	SYS_PREADV                   = 289 // { ssize_t preadv(int fd, struct iovec *iovp, u_int iovcnt, off_t offset); }
+	SYS_PWRITEV                  = 290 // { ssize_t pwritev(int fd, struct iovec *iovp, u_int iovcnt, off_t offset); }
+	SYS_FHOPEN                   = 298 // { int fhopen(const struct fhandle *u_fhp, int flags); }
+	SYS_FHSTAT                   = 299 // { int fhstat(const struct fhandle *u_fhp, struct stat *sb); }
+	SYS_MODNEXT                  = 300 // { int modnext(int modid); }
+	SYS_MODSTAT                  = 301 // { int modstat(int modid, struct module_stat *stat); }
+	SYS_MODFNEXT                 = 302 // { int modfnext(int modid); }
+	SYS_MODFIND                  = 303 // { int modfind(const char *name); }
+	SYS_KLDLOAD                  = 304 // { int kldload(const char *file); }
+	SYS_KLDUNLOAD                = 305 // { int kldunload(int fileid); }
+	SYS_KLDFIND                  = 306 // { int kldfind(const char *file); }
+	SYS_KLDNEXT                  = 307 // { int kldnext(int fileid); }
+	SYS_KLDSTAT                  = 308 // { int kldstat(int fileid, struct kld_file_stat* stat); }
+	SYS_KLDFIRSTMOD              = 309 // { int kldfirstmod(int fileid); }
+	SYS_GETSID                   = 310 // { int getsid(pid_t pid); }
+	SYS_SETRESUID                = 311 // { int setresuid(uid_t ruid, uid_t euid, uid_t suid); }
+	SYS_SETRESGID                = 312 // { int setresgid(gid_t rgid, gid_t egid, gid_t sgid); }
+	SYS_AIO_RETURN               = 314 // { ssize_t aio_return(struct aiocb *aiocbp); }
+	SYS_AIO_SUSPEND              = 315 // { int aio_suspend( struct aiocb * const * aiocbp, int nent, const struct timespec *timeout); }
+	SYS_AIO_CANCEL               = 316 // { int aio_cancel(int fd, struct aiocb *aiocbp); }
+	SYS_AIO_ERROR                = 317 // { int aio_error(struct aiocb *aiocbp); }
+	SYS_YIELD                    = 321 // { int yield(void); }
+	SYS_MLOCKALL                 = 324 // { int mlockall(int how); }
+	SYS_MUNLOCKALL               = 325 // { int munlockall(void); }
+	SYS___GETCWD                 = 326 // { int __getcwd(char *buf, u_int buflen); }
+	SYS_SCHED_SETPARAM           = 327 // { int sched_setparam (pid_t pid, const struct sched_param *param); }
+	SYS_SCHED_GETPARAM           = 328 // { int sched_getparam (pid_t pid, struct sched_param *param); }
+	SYS_SCHED_SETSCHEDULER       = 329 // { int sched_setscheduler (pid_t pid, int policy, const struct sched_param *param); }
+	SYS_SCHED_GETSCHEDULER       = 330 // { int sched_getscheduler (pid_t pid); }
+	SYS_SCHED_YIELD              = 331 // { int sched_yield (void); }
+	SYS_SCHED_GET_PRIORITY_MAX   = 332 // { int sched_get_priority_max (int policy); }
+	SYS_SCHED_GET_PRIORITY_MIN   = 333 // { int sched_get_priority_min (int policy); }
+	SYS_SCHED_RR_GET_INTERVAL    = 334 // { int sched_rr_get_interval (pid_t pid, struct timespec *interval); }
+	SYS_UTRACE                   = 335 // { int utrace(const void *addr, size_t len); }
+	SYS_KLDSYM                   = 337 // { int kldsym(int fileid, int cmd, void *data); }
+	SYS_JAIL                     = 338 // { int jail(struct jail *jail); }
+	SYS_SIGPROCMASK              = 340 // { int sigprocmask(int how, const sigset_t *set, sigset_t *oset); }
+	SYS_SIGSUSPEND               = 341 // { int sigsuspend(const sigset_t *sigmask); }
+	SYS_SIGPENDING               = 343 // { int sigpending(sigset_t *set); }
+	SYS_SIGTIMEDWAIT             = 345 // { int sigtimedwait(const sigset_t *set, siginfo_t *info, const struct timespec *timeout); }
+	SYS_SIGWAITINFO              = 346 // { int sigwaitinfo(const sigset_t *set, siginfo_t *info); }
+	SYS___ACL_GET_FILE           = 347 // { int __acl_get_file(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_SET_FILE           = 348 // { int __acl_set_file(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_GET_FD             = 349 // { int __acl_get_fd(int filedes, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_SET_FD             = 350 // { int __acl_set_fd(int filedes, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_DELETE_FILE        = 351 // { int __acl_delete_file(const char *path, acl_type_t type); }
+	SYS___ACL_DELETE_FD          = 352 // { int __acl_delete_fd(int filedes, acl_type_t type); }
+	SYS___ACL_ACLCHECK_FILE      = 353 // { int __acl_aclcheck_file(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_ACLCHECK_FD        = 354 // { int __acl_aclcheck_fd(int filedes, acl_type_t type, struct acl *aclp); }
+	SYS_EXTATTRCTL               = 355 // { int extattrctl(const char *path, int cmd, const char *filename, int attrnamespace, const char *attrname); }
+	SYS_EXTATTR_SET_FILE         = 356 // { ssize_t extattr_set_file( const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_GET_FILE         = 357 // { ssize_t extattr_get_file( const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_DELETE_FILE      = 358 // { int extattr_delete_file(const char *path, int attrnamespace, const char *attrname); }
+	SYS_AIO_WAITCOMPLETE         = 359 // { ssize_t aio_waitcomplete( struct aiocb **aiocbp, struct timespec *timeout); }
+	SYS_GETRESUID                = 360 // { int getresuid(uid_t *ruid, uid_t *euid, uid_t *suid); }
+	SYS_GETRESGID                = 361 // { int getresgid(gid_t *rgid, gid_t *egid, gid_t *sgid); }
+	SYS_KQUEUE                   = 362 // { int kqueue(void); }
+	SYS_KEVENT                   = 363 // { int kevent(int fd, struct kevent *changelist, int nchanges, struct kevent *eventlist, int nevents, const struct timespec *timeout); }
+	SYS_EXTATTR_SET_FD           = 371 // { ssize_t extattr_set_fd(int fd, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_GET_FD           = 372 // { ssize_t extattr_get_fd(int fd, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_DELETE_FD        = 373 // { int extattr_delete_fd(int fd, int attrnamespace, const char *attrname); }
+	SYS___SETUGID                = 374 // { int __setugid(int flag); }
+	SYS_EACCESS                  = 376 // { int eaccess(char *path, int amode); }
+	SYS_NMOUNT                   = 378 // { int nmount(struct iovec *iovp, unsigned int iovcnt, int flags); }
+	SYS___MAC_GET_PROC           = 384 // { int __mac_get_proc(struct mac *mac_p); }
+	SYS___MAC_SET_PROC           = 385 // { int __mac_set_proc(struct mac *mac_p); }
+	SYS___MAC_GET_FD             = 386 // { int __mac_get_fd(int fd, struct mac *mac_p); }
+	SYS___MAC_GET_FILE           = 387 // { int __mac_get_file(const char *path_p, struct mac *mac_p); }
+	SYS___MAC_SET_FD             = 388 // { int __mac_set_fd(int fd, struct mac *mac_p); }
+	SYS___MAC_SET_FILE           = 389 // { int __mac_set_file(const char *path_p, struct mac *mac_p); }
+	SYS_KENV                     = 390 // { int kenv(int what, const char *name, char *value, int len); }
+	SYS_LCHFLAGS                 = 391 // { int lchflags(const char *path, u_long flags); }
+	SYS_UUIDGEN                  = 392 // { int uuidgen(struct uuid *store, int count); }
+	SYS_SENDFILE                 = 393 // { int sendfile(int fd, int s, off_t offset, size_t nbytes, struct sf_hdtr *hdtr, off_t *sbytes, int flags); }
+	SYS_MAC_SYSCALL              = 394 // { int mac_syscall(const char *policy, int call, void *arg); }
+	SYS_GETFSSTAT                = 395 // { int getfsstat(struct statfs *buf, long bufsize, int mode); }
+	SYS_STATFS                   = 396 // { int statfs(char *path, struct statfs *buf); }
+	SYS_FSTATFS                  = 397 // { int fstatfs(int fd, struct statfs *buf); }
+	SYS_FHSTATFS                 = 398 // { int fhstatfs(const struct fhandle *u_fhp, struct statfs *buf); }
+	SYS_KSEM_CLOSE               = 400 // { int ksem_close(semid_t id); }
+	SYS_KSEM_POST                = 401 // { int ksem_post(semid_t id); }
+	SYS_KSEM_WAIT                = 402 // { int ksem_wait(semid_t id); }
+	SYS_KSEM_TRYWAIT             = 403 // { int ksem_trywait(semid_t id); }
+	SYS_KSEM_INIT                = 404 // { int ksem_init(semid_t *idp, unsigned int value); }
+	SYS_KSEM_OPEN                = 405 // { int ksem_open(semid_t *idp, const char *name, int oflag, mode_t mode, unsigned int value); }
+	SYS_KSEM_UNLINK              = 406 // { int ksem_unlink(const char *name); }
+	SYS_KSEM_GETVALUE            = 407 // { int ksem_getvalue(semid_t id, int *val); }
+	SYS_KSEM_DESTROY             = 408 // { int ksem_destroy(semid_t id); }
+	SYS___MAC_GET_PID            = 409 // { int __mac_get_pid(pid_t pid, struct mac *mac_p); }
+	SYS___MAC_GET_LINK           = 410 // { int __mac_get_link(const char *path_p, struct mac *mac_p); }
+	SYS___MAC_SET_LINK           = 411 // { int __mac_set_link(const char *path_p, struct mac *mac_p); }
+	SYS_EXTATTR_SET_LINK         = 412 // { ssize_t extattr_set_link( const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_GET_LINK         = 413 // { ssize_t extattr_get_link( const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_DELETE_LINK      = 414 // { int extattr_delete_link( const char *path, int attrnamespace, const char *attrname); }
+	SYS___MAC_EXECVE             = 415 // { int __mac_execve(char *fname, char **argv, char **envv, struct mac *mac_p); }
+	SYS_SIGACTION                = 416 // { int sigaction(int sig, const struct sigaction *act, struct sigaction *oact); }
+	SYS_SIGRETURN                = 417 // { int sigreturn( const struct __ucontext *sigcntxp); }
+	SYS_GETCONTEXT               = 421 // { int getcontext(struct __ucontext *ucp); }
+	SYS_SETCONTEXT               = 422 // { int setcontext( const struct __ucontext *ucp); }
+	SYS_SWAPCONTEXT              = 423 // { int swapcontext(struct __ucontext *oucp, const struct __ucontext *ucp); }
+	SYS_SWAPOFF                  = 424 // { int swapoff(const char *name); }
+	SYS___ACL_GET_LINK           = 425 // { int __acl_get_link(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_SET_LINK           = 426 // { int __acl_set_link(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_DELETE_LINK        = 427 // { int __acl_delete_link(const char *path, acl_type_t type); }
+	SYS___ACL_ACLCHECK_LINK      = 428 // { int __acl_aclcheck_link(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS_SIGWAIT                  = 429 // { int sigwait(const sigset_t *set, int *sig); }
+	SYS_THR_CREATE               = 430 // { int thr_create(ucontext_t *ctx, long *id, int flags); }
+	SYS_THR_EXIT                 = 431 // { void thr_exit(long *state); }
+	SYS_THR_SELF                 = 432 // { int thr_self(long *id); }
+	SYS_THR_KILL                 = 433 // { int thr_kill(long id, int sig); }
+	SYS_JAIL_ATTACH              = 436 // { int jail_attach(int jid); }
+	SYS_EXTATTR_LIST_FD          = 437 // { ssize_t extattr_list_fd(int fd, int attrnamespace, void *data, size_t nbytes); }
+	SYS_EXTATTR_LIST_FILE        = 438 // { ssize_t extattr_list_file( const char *path, int attrnamespace, void *data, size_t nbytes); }
+	SYS_EXTATTR_LIST_LINK        = 439 // { ssize_t extattr_list_link( const char *path, int attrnamespace, void *data, size_t nbytes); }
+	SYS_KSEM_TIMEDWAIT           = 441 // { int ksem_timedwait(semid_t id, const struct timespec *abstime); }
+	SYS_THR_SUSPEND              = 442 // { int thr_suspend( const struct timespec *timeout); }
+	SYS_THR_WAKE                 = 443 // { int thr_wake(long id); }
+	SYS_KLDUNLOADF               = 444 // { int kldunloadf(int fileid, int flags); }
+	SYS_AUDIT                    = 445 // { int audit(const void *record, u_int length); }
+	SYS_AUDITON                  = 446 // { int auditon(int cmd, void *data, u_int length); }
+	SYS_GETAUID                  = 447 // { int getauid(uid_t *auid); }
+	SYS_SETAUID                  = 448 // { int setauid(uid_t *auid); }
+	SYS_GETAUDIT                 = 449 // { int getaudit(struct auditinfo *auditinfo); }
+	SYS_SETAUDIT                 = 450 // { int setaudit(struct auditinfo *auditinfo); }
+	SYS_GETAUDIT_ADDR            = 451 // { int getaudit_addr( struct auditinfo_addr *auditinfo_addr, u_int length); }
+	SYS_SETAUDIT_ADDR            = 452 // { int setaudit_addr( struct auditinfo_addr *auditinfo_addr, u_int length); }
+	SYS_AUDITCTL                 = 453 // { int auditctl(char *path); }
+	SYS__UMTX_OP                 = 454 // { int _umtx_op(void *obj, int op, u_long val, void *uaddr1, void *uaddr2); }
+	SYS_THR_NEW                  = 455 // { int thr_new(struct thr_param *param, int param_size); }
+	SYS_SIGQUEUE                 = 456 // { int sigqueue(pid_t pid, int signum, void *value); }
+	SYS_KMQ_OPEN                 = 457 // { int kmq_open(const char *path, int flags, mode_t mode, const struct mq_attr *attr); }
+	SYS_KMQ_SETATTR              = 458 // { int kmq_setattr(int mqd,		const struct mq_attr *attr,		struct mq_attr *oattr); }
+	SYS_KMQ_TIMEDRECEIVE         = 459 // { int kmq_timedreceive(int mqd,	char *msg_ptr, size_t msg_len,	unsigned *msg_prio,			const struct timespec *abs_timeout); }
+	SYS_KMQ_TIMEDSEND            = 460 // { int kmq_timedsend(int mqd,		const char *msg_ptr, size_t msg_len,unsigned msg_prio,			const struct timespec *abs_timeout);}
+	SYS_KMQ_NOTIFY               = 461 // { int kmq_notify(int mqd,		const struct sigevent *sigev); }
+	SYS_KMQ_UNLINK               = 462 // { int kmq_unlink(const char *path); }
+	SYS_ABORT2                   = 463 // { int abort2(const char *why, int nargs, void **args); }
+	SYS_THR_SET_NAME             = 464 // { int thr_set_name(long id, const char *name); }
+	SYS_AIO_FSYNC                = 465 // { int aio_fsync(int op, struct aiocb *aiocbp); }
+	SYS_RTPRIO_THREAD            = 466 // { int rtprio_thread(int function, lwpid_t lwpid, struct rtprio *rtp); }
+	SYS_SCTP_PEELOFF             = 471 // { int sctp_peeloff(int sd, uint32_t name); }
+	SYS_SCTP_GENERIC_SENDMSG     = 472 // { int sctp_generic_sendmsg(int sd, caddr_t msg, int mlen, caddr_t to, __socklen_t tolen, struct sctp_sndrcvinfo *sinfo, int flags); }
+	SYS_SCTP_GENERIC_SENDMSG_IOV = 473 // { int sctp_generic_sendmsg_iov(int sd, struct iovec *iov, int iovlen, caddr_t to, __socklen_t tolen, struct sctp_sndrcvinfo *sinfo, int flags); }
+	SYS_SCTP_GENERIC_RECVMSG     = 474 // { int sctp_generic_recvmsg(int sd, struct iovec *iov, int iovlen, struct sockaddr * from, __socklen_t *fromlenaddr, struct sctp_sndrcvinfo *sinfo, int *msg_flags); }
+	SYS_PREAD                    = 475 // { ssize_t pread(int fd, void *buf, size_t nbyte, off_t offset); }
+	SYS_PWRITE                   = 476 // { ssize_t pwrite(int fd, const void *buf, size_t nbyte, off_t offset); }
+	SYS_MMAP                     = 477 // { caddr_t mmap(caddr_t addr, size_t len, int prot, int flags, int fd, off_t pos); }
+	SYS_LSEEK                    = 478 // { off_t lseek(int fd, off_t offset, int whence); }
+	SYS_TRUNCATE                 = 479 // { int truncate(char *path, off_t length); }
+	SYS_FTRUNCATE                = 480 // { int ftruncate(int fd, off_t length); }
+	SYS_THR_KILL2                = 481 // { int thr_kill2(pid_t pid, long id, int sig); }
+	SYS_SHM_OPEN                 = 482 // { int shm_open(const char *path, int flags, mode_t mode); }
+	SYS_SHM_UNLINK               = 483 // { int shm_unlink(const char *path); }
+	SYS_CPUSET                   = 484 // { int cpuset(cpusetid_t *setid); }
+	SYS_CPUSET_SETID             = 485 // { int cpuset_setid(cpuwhich_t which, id_t id, cpusetid_t setid); }
+	SYS_CPUSET_GETID             = 486 // { int cpuset_getid(cpulevel_t level, cpuwhich_t which, id_t id, cpusetid_t *setid); }
+	SYS_CPUSET_GETAFFINITY       = 487 // { int cpuset_getaffinity(cpulevel_t level, cpuwhich_t which, id_t id, size_t cpusetsize, cpuset_t *mask); }
+	SYS_CPUSET_SETAFFINITY       = 488 // { int cpuset_setaffinity(cpulevel_t level, cpuwhich_t which, id_t id, size_t cpusetsize, const cpuset_t *mask); }
+	SYS_FACCESSAT                = 489 // { int faccessat(int fd, char *path, int amode, int flag); }
+	SYS_FCHMODAT                 = 490 // { int fchmodat(int fd, char *path, mode_t mode, int flag); }
+	SYS_FCHOWNAT                 = 491 // { int fchownat(int fd, char *path, uid_t uid, gid_t gid, int flag); }
+	SYS_FEXECVE                  = 492 // { int fexecve(int fd, char **argv, char **envv); }
+	SYS_FSTATAT                  = 493 // { int fstatat(int fd, char *path, struct stat *buf, int flag); }
+	SYS_FUTIMESAT                = 494 // { int futimesat(int fd, char *path, struct timeval *times); }
+	SYS_LINKAT                   = 495 // { int linkat(int fd1, char *path1, int fd2, char *path2, int flag); }
+	SYS_MKDIRAT                  = 496 // { int mkdirat(int fd, char *path, mode_t mode); }
+	SYS_MKFIFOAT                 = 497 // { int mkfifoat(int fd, char *path, mode_t mode); }
+	SYS_MKNODAT                  = 498 // { int mknodat(int fd, char *path, mode_t mode, dev_t dev); }
+	SYS_OPENAT                   = 499 // { int openat(int fd, char *path, int flag, mode_t mode); }
+	SYS_READLINKAT               = 500 // { int readlinkat(int fd, char *path, char *buf, size_t bufsize); }
+	SYS_RENAMEAT                 = 501 // { int renameat(int oldfd, char *old, int newfd, char *new); }
+	SYS_SYMLINKAT                = 502 // { int symlinkat(char *path1, int fd, char *path2); }
+	SYS_UNLINKAT                 = 503 // { int unlinkat(int fd, char *path, int flag); }
+	SYS_POSIX_OPENPT             = 504 // { int posix_openpt(int flags); }
+	SYS_GSSD_SYSCALL             = 505 // { int gssd_syscall(char *path); }
+	SYS_JAIL_GET                 = 506 // { int jail_get(struct iovec *iovp, unsigned int iovcnt, int flags); }
+	SYS_JAIL_SET                 = 507 // { int jail_set(struct iovec *iovp, unsigned int iovcnt, int flags); }
+	SYS_JAIL_REMOVE              = 508 // { int jail_remove(int jid); }
+	SYS_CLOSEFROM                = 509 // { int closefrom(int lowfd); }
+	SYS___SEMCTL                 = 510 // { int __semctl(int semid, int semnum, int cmd, union semun *arg); }
+	SYS_MSGCTL                   = 511 // { int msgctl(int msqid, int cmd, struct msqid_ds *buf); }
+	SYS_SHMCTL                   = 512 // { int shmctl(int shmid, int cmd, struct shmid_ds *buf); }
+	SYS_LPATHCONF                = 513 // { int lpathconf(char *path, int name); }
+	SYS___CAP_RIGHTS_GET         = 515 // { int __cap_rights_get(int version, int fd, cap_rights_t *rightsp); }
+	SYS_CAP_ENTER                = 516 // { int cap_enter(void); }
+	SYS_CAP_GETMODE              = 517 // { int cap_getmode(u_int *modep); }
+	SYS_PDFORK                   = 518 // { int pdfork(int *fdp, int flags); }
+	SYS_PDKILL                   = 519 // { int pdkill(int fd, int signum); }
+	SYS_PDGETPID                 = 520 // { int pdgetpid(int fd, pid_t *pidp); }
+	SYS_PSELECT                  = 522 // { int pselect(int nd, fd_set *in, fd_set *ou, fd_set *ex, const struct timespec *ts, const sigset_t *sm); }
+	SYS_GETLOGINCLASS            = 523 // { int getloginclass(char *namebuf, size_t namelen); }
+	SYS_SETLOGINCLASS            = 524 // { int setloginclass(const char *namebuf); }
+	SYS_RCTL_GET_RACCT           = 525 // { int rctl_get_racct(const void *inbufp, size_t inbuflen, void *outbufp, size_t outbuflen); }
+	SYS_RCTL_GET_RULES           = 526 // { int rctl_get_rules(const void *inbufp, size_t inbuflen, void *outbufp, size_t outbuflen); }
+	SYS_RCTL_GET_LIMITS          = 527 // { int rctl_get_limits(const void *inbufp, size_t inbuflen, void *outbufp, size_t outbuflen); }
+	SYS_RCTL_ADD_RULE            = 528 // { int rctl_add_rule(const void *inbufp, size_t inbuflen, void *outbufp, size_t outbuflen); }
+	SYS_RCTL_REMOVE_RULE         = 529 // { int rctl_remove_rule(const void *inbufp, size_t inbuflen, void *outbufp, size_t outbuflen); }
+	SYS_POSIX_FALLOCATE          = 530 // { int posix_fallocate(int fd, off_t offset, off_t len); }
+	SYS_POSIX_FADVISE            = 531 // { int posix_fadvise(int fd, off_t offset, off_t len, int advice); }
+	SYS_WAIT6                    = 532 // { int wait6(idtype_t idtype, id_t id, int *status, int options, struct __wrusage *wrusage, siginfo_t *info); }
+	SYS_CAP_RIGHTS_LIMIT         = 533 // { int cap_rights_limit(int fd, cap_rights_t *rightsp); }
+	SYS_CAP_IOCTLS_LIMIT         = 534 // { int cap_ioctls_limit(int fd, const u_long *cmds, size_t ncmds); }
+	SYS_CAP_IOCTLS_GET           = 535 // { ssize_t cap_ioctls_get(int fd, u_long *cmds, size_t maxcmds); }
+	SYS_CAP_FCNTLS_LIMIT         = 536 // { int cap_fcntls_limit(int fd, uint32_t fcntlrights); }
+	SYS_CAP_FCNTLS_GET           = 537 // { int cap_fcntls_get(int fd, uint32_t *fcntlrightsp); }
+	SYS_BINDAT                   = 538 // { int bindat(int fd, int s, caddr_t name, int namelen); }
+	SYS_CONNECTAT                = 539 // { int connectat(int fd, int s, caddr_t name, int namelen); }
+	SYS_CHFLAGSAT                = 540 // { int chflagsat(int fd, const char *path, u_long flags, int atflag); }
+	SYS_ACCEPT4                  = 541 // { int accept4(int s, struct sockaddr * __restrict name, __socklen_t * __restrict anamelen, int flags); }
+	SYS_PIPE2                    = 542 // { int pipe2(int *fildes, int flags); }
+	SYS_AIO_MLOCK                = 543 // { int aio_mlock(struct aiocb *aiocbp); }
+	SYS_PROCCTL                  = 544 // { int procctl(idtype_t idtype, id_t id, int com, void *data); }
+	SYS_PPOLL                    = 545 // { int ppoll(struct pollfd *fds, u_int nfds, const struct timespec *ts, const sigset_t *set); }
+	SYS_FUTIMENS                 = 546 // { int futimens(int fd, struct timespec *times); }
+	SYS_UTIMENSAT                = 547 // { int utimensat(int fd, char *path, struct timespec *times, int flag); }
+	SYS_NUMA_GETAFFINITY         = 548 // { int numa_getaffinity(cpuwhich_t which, id_t id, struct vm_domain_policy_entry *policy); }
+	SYS_NUMA_SETAFFINITY         = 549 // { int numa_setaffinity(cpuwhich_t which, id_t id, const struct vm_domain_policy_entry *policy); }
+	SYS_FDATASYNC                = 550 // { int fdatasync(int fd); }
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm.go
new file mode 100644
index 000000000..4a6dfd4a7
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm.go
@@ -0,0 +1,396 @@
+// go run mksysnum.go https://svn.freebsd.org/base/stable/11/sys/kern/syscalls.master
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build arm,freebsd
+
+package unix
+
+const (
+	// SYS_NOSYS = 0;  // { int nosys(void); } syscall nosys_args int
+	SYS_EXIT                     = 1   // { void sys_exit(int rval); } exit sys_exit_args void
+	SYS_FORK                     = 2   // { int fork(void); }
+	SYS_READ                     = 3   // { ssize_t read(int fd, void *buf, size_t nbyte); }
+	SYS_WRITE                    = 4   // { ssize_t write(int fd, const void *buf, size_t nbyte); }
+	SYS_OPEN                     = 5   // { int open(char *path, int flags, int mode); }
+	SYS_CLOSE                    = 6   // { int close(int fd); }
+	SYS_WAIT4                    = 7   // { int wait4(int pid, int *status, int options, struct rusage *rusage); }
+	SYS_LINK                     = 9   // { int link(char *path, char *link); }
+	SYS_UNLINK                   = 10  // { int unlink(char *path); }
+	SYS_CHDIR                    = 12  // { int chdir(char *path); }
+	SYS_FCHDIR                   = 13  // { int fchdir(int fd); }
+	SYS_MKNOD                    = 14  // { int mknod(char *path, int mode, int dev); }
+	SYS_CHMOD                    = 15  // { int chmod(char *path, int mode); }
+	SYS_CHOWN                    = 16  // { int chown(char *path, int uid, int gid); }
+	SYS_OBREAK                   = 17  // { int obreak(char *nsize); } break obreak_args int
+	SYS_GETPID                   = 20  // { pid_t getpid(void); }
+	SYS_MOUNT                    = 21  // { int mount(char *type, char *path, int flags, caddr_t data); }
+	SYS_UNMOUNT                  = 22  // { int unmount(char *path, int flags); }
+	SYS_SETUID                   = 23  // { int setuid(uid_t uid); }
+	SYS_GETUID                   = 24  // { uid_t getuid(void); }
+	SYS_GETEUID                  = 25  // { uid_t geteuid(void); }
+	SYS_PTRACE                   = 26  // { int ptrace(int req, pid_t pid, caddr_t addr, int data); }
+	SYS_RECVMSG                  = 27  // { int recvmsg(int s, struct msghdr *msg, int flags); }
+	SYS_SENDMSG                  = 28  // { int sendmsg(int s, struct msghdr *msg, int flags); }
+	SYS_RECVFROM                 = 29  // { int recvfrom(int s, caddr_t buf, size_t len, int flags, struct sockaddr * __restrict from, __socklen_t * __restrict fromlenaddr); }
+	SYS_ACCEPT                   = 30  // { int accept(int s, struct sockaddr * __restrict name, __socklen_t * __restrict anamelen); }
+	SYS_GETPEERNAME              = 31  // { int getpeername(int fdes, struct sockaddr * __restrict asa, __socklen_t * __restrict alen); }
+	SYS_GETSOCKNAME              = 32  // { int getsockname(int fdes, struct sockaddr * __restrict asa, __socklen_t * __restrict alen); }
+	SYS_ACCESS                   = 33  // { int access(char *path, int amode); }
+	SYS_CHFLAGS                  = 34  // { int chflags(const char *path, u_long flags); }
+	SYS_FCHFLAGS                 = 35  // { int fchflags(int fd, u_long flags); }
+	SYS_SYNC                     = 36  // { int sync(void); }
+	SYS_KILL                     = 37  // { int kill(int pid, int signum); }
+	SYS_GETPPID                  = 39  // { pid_t getppid(void); }
+	SYS_DUP                      = 41  // { int dup(u_int fd); }
+	SYS_PIPE                     = 42  // { int pipe(void); }
+	SYS_GETEGID                  = 43  // { gid_t getegid(void); }
+	SYS_PROFIL                   = 44  // { int profil(caddr_t samples, size_t size, size_t offset, u_int scale); }
+	SYS_KTRACE                   = 45  // { int ktrace(const char *fname, int ops, int facs, int pid); }
+	SYS_GETGID                   = 47  // { gid_t getgid(void); }
+	SYS_GETLOGIN                 = 49  // { int getlogin(char *namebuf, u_int namelen); }
+	SYS_SETLOGIN                 = 50  // { int setlogin(char *namebuf); }
+	SYS_ACCT                     = 51  // { int acct(char *path); }
+	SYS_SIGALTSTACK              = 53  // { int sigaltstack(stack_t *ss, stack_t *oss); }
+	SYS_IOCTL                    = 54  // { int ioctl(int fd, u_long com, caddr_t data); }
+	SYS_REBOOT                   = 55  // { int reboot(int opt); }
+	SYS_REVOKE                   = 56  // { int revoke(char *path); }
+	SYS_SYMLINK                  = 57  // { int symlink(char *path, char *link); }
+	SYS_READLINK                 = 58  // { ssize_t readlink(char *path, char *buf, size_t count); }
+	SYS_EXECVE                   = 59  // { int execve(char *fname, char **argv, char **envv); }
+	SYS_UMASK                    = 60  // { int umask(int newmask); } umask umask_args int
+	SYS_CHROOT                   = 61  // { int chroot(char *path); }
+	SYS_MSYNC                    = 65  // { int msync(void *addr, size_t len, int flags); }
+	SYS_VFORK                    = 66  // { int vfork(void); }
+	SYS_SBRK                     = 69  // { int sbrk(int incr); }
+	SYS_SSTK                     = 70  // { int sstk(int incr); }
+	SYS_OVADVISE                 = 72  // { int ovadvise(int anom); } vadvise ovadvise_args int
+	SYS_MUNMAP                   = 73  // { int munmap(void *addr, size_t len); }
+	SYS_MPROTECT                 = 74  // { int mprotect(const void *addr, size_t len, int prot); }
+	SYS_MADVISE                  = 75  // { int madvise(void *addr, size_t len, int behav); }
+	SYS_MINCORE                  = 78  // { int mincore(const void *addr, size_t len, char *vec); }
+	SYS_GETGROUPS                = 79  // { int getgroups(u_int gidsetsize, gid_t *gidset); }
+	SYS_SETGROUPS                = 80  // { int setgroups(u_int gidsetsize, gid_t *gidset); }
+	SYS_GETPGRP                  = 81  // { int getpgrp(void); }
+	SYS_SETPGID                  = 82  // { int setpgid(int pid, int pgid); }
+	SYS_SETITIMER                = 83  // { int setitimer(u_int which, struct itimerval *itv, struct itimerval *oitv); }
+	SYS_SWAPON                   = 85  // { int swapon(char *name); }
+	SYS_GETITIMER                = 86  // { int getitimer(u_int which, struct itimerval *itv); }
+	SYS_GETDTABLESIZE            = 89  // { int getdtablesize(void); }
+	SYS_DUP2                     = 90  // { int dup2(u_int from, u_int to); }
+	SYS_FCNTL                    = 92  // { int fcntl(int fd, int cmd, long arg); }
+	SYS_SELECT                   = 93  // { int select(int nd, fd_set *in, fd_set *ou, fd_set *ex, struct timeval *tv); }
+	SYS_FSYNC                    = 95  // { int fsync(int fd); }
+	SYS_SETPRIORITY              = 96  // { int setpriority(int which, int who, int prio); }
+	SYS_SOCKET                   = 97  // { int socket(int domain, int type, int protocol); }
+	SYS_CONNECT                  = 98  // { int connect(int s, caddr_t name, int namelen); }
+	SYS_GETPRIORITY              = 100 // { int getpriority(int which, int who); }
+	SYS_BIND                     = 104 // { int bind(int s, caddr_t name, int namelen); }
+	SYS_SETSOCKOPT               = 105 // { int setsockopt(int s, int level, int name, caddr_t val, int valsize); }
+	SYS_LISTEN                   = 106 // { int listen(int s, int backlog); }
+	SYS_GETTIMEOFDAY             = 116 // { int gettimeofday(struct timeval *tp, struct timezone *tzp); }
+	SYS_GETRUSAGE                = 117 // { int getrusage(int who, struct rusage *rusage); }
+	SYS_GETSOCKOPT               = 118 // { int getsockopt(int s, int level, int name, caddr_t val, int *avalsize); }
+	SYS_READV                    = 120 // { int readv(int fd, struct iovec *iovp, u_int iovcnt); }
+	SYS_WRITEV                   = 121 // { int writev(int fd, struct iovec *iovp, u_int iovcnt); }
+	SYS_SETTIMEOFDAY             = 122 // { int settimeofday(struct timeval *tv, struct timezone *tzp); }
+	SYS_FCHOWN                   = 123 // { int fchown(int fd, int uid, int gid); }
+	SYS_FCHMOD                   = 124 // { int fchmod(int fd, int mode); }
+	SYS_SETREUID                 = 126 // { int setreuid(int ruid, int euid); }
+	SYS_SETREGID                 = 127 // { int setregid(int rgid, int egid); }
+	SYS_RENAME                   = 128 // { int rename(char *from, char *to); }
+	SYS_FLOCK                    = 131 // { int flock(int fd, int how); }
+	SYS_MKFIFO                   = 132 // { int mkfifo(char *path, int mode); }
+	SYS_SENDTO                   = 133 // { int sendto(int s, caddr_t buf, size_t len, int flags, caddr_t to, int tolen); }
+	SYS_SHUTDOWN                 = 134 // { int shutdown(int s, int how); }
+	SYS_SOCKETPAIR               = 135 // { int socketpair(int domain, int type, int protocol, int *rsv); }
+	SYS_MKDIR                    = 136 // { int mkdir(char *path, int mode); }
+	SYS_RMDIR                    = 137 // { int rmdir(char *path); }
+	SYS_UTIMES                   = 138 // { int utimes(char *path, struct timeval *tptr); }
+	SYS_ADJTIME                  = 140 // { int adjtime(struct timeval *delta, struct timeval *olddelta); }
+	SYS_SETSID                   = 147 // { int setsid(void); }
+	SYS_QUOTACTL                 = 148 // { int quotactl(char *path, int cmd, int uid, caddr_t arg); }
+	SYS_NLM_SYSCALL              = 154 // { int nlm_syscall(int debug_level, int grace_period, int addr_count, char **addrs); }
+	SYS_NFSSVC                   = 155 // { int nfssvc(int flag, caddr_t argp); }
+	SYS_LGETFH                   = 160 // { int lgetfh(char *fname, struct fhandle *fhp); }
+	SYS_GETFH                    = 161 // { int getfh(char *fname, struct fhandle *fhp); }
+	SYS_SYSARCH                  = 165 // { int sysarch(int op, char *parms); }
+	SYS_RTPRIO                   = 166 // { int rtprio(int function, pid_t pid, struct rtprio *rtp); }
+	SYS_SEMSYS                   = 169 // { int semsys(int which, int a2, int a3, int a4, int a5); }
+	SYS_MSGSYS                   = 170 // { int msgsys(int which, int a2, int a3, int a4, int a5, int a6); }
+	SYS_SHMSYS                   = 171 // { int shmsys(int which, int a2, int a3, int a4); }
+	SYS_SETFIB                   = 175 // { int setfib(int fibnum); }
+	SYS_NTP_ADJTIME              = 176 // { int ntp_adjtime(struct timex *tp); }
+	SYS_SETGID                   = 181 // { int setgid(gid_t gid); }
+	SYS_SETEGID                  = 182 // { int setegid(gid_t egid); }
+	SYS_SETEUID                  = 183 // { int seteuid(uid_t euid); }
+	SYS_STAT                     = 188 // { int stat(char *path, struct stat *ub); }
+	SYS_FSTAT                    = 189 // { int fstat(int fd, struct stat *sb); }
+	SYS_LSTAT                    = 190 // { int lstat(char *path, struct stat *ub); }
+	SYS_PATHCONF                 = 191 // { int pathconf(char *path, int name); }
+	SYS_FPATHCONF                = 192 // { int fpathconf(int fd, int name); }
+	SYS_GETRLIMIT                = 194 // { int getrlimit(u_int which, struct rlimit *rlp); } getrlimit __getrlimit_args int
+	SYS_SETRLIMIT                = 195 // { int setrlimit(u_int which, struct rlimit *rlp); } setrlimit __setrlimit_args int
+	SYS_GETDIRENTRIES            = 196 // { int getdirentries(int fd, char *buf, u_int count, long *basep); }
+	SYS___SYSCTL                 = 202 // { int __sysctl(int *name, u_int namelen, void *old, size_t *oldlenp, void *new, size_t newlen); } __sysctl sysctl_args int
+	SYS_MLOCK                    = 203 // { int mlock(const void *addr, size_t len); }
+	SYS_MUNLOCK                  = 204 // { int munlock(const void *addr, size_t len); }
+	SYS_UNDELETE                 = 205 // { int undelete(char *path); }
+	SYS_FUTIMES                  = 206 // { int futimes(int fd, struct timeval *tptr); }
+	SYS_GETPGID                  = 207 // { int getpgid(pid_t pid); }
+	SYS_POLL                     = 209 // { int poll(struct pollfd *fds, u_int nfds, int timeout); }
+	SYS_SEMGET                   = 221 // { int semget(key_t key, int nsems, int semflg); }
+	SYS_SEMOP                    = 222 // { int semop(int semid, struct sembuf *sops, size_t nsops); }
+	SYS_MSGGET                   = 225 // { int msgget(key_t key, int msgflg); }
+	SYS_MSGSND                   = 226 // { int msgsnd(int msqid, const void *msgp, size_t msgsz, int msgflg); }
+	SYS_MSGRCV                   = 227 // { int msgrcv(int msqid, void *msgp, size_t msgsz, long msgtyp, int msgflg); }
+	SYS_SHMAT                    = 228 // { int shmat(int shmid, const void *shmaddr, int shmflg); }
+	SYS_SHMDT                    = 230 // { int shmdt(const void *shmaddr); }
+	SYS_SHMGET                   = 231 // { int shmget(key_t key, size_t size, int shmflg); }
+	SYS_CLOCK_GETTIME            = 232 // { int clock_gettime(clockid_t clock_id, struct timespec *tp); }
+	SYS_CLOCK_SETTIME            = 233 // { int clock_settime( clockid_t clock_id, const struct timespec *tp); }
+	SYS_CLOCK_GETRES             = 234 // { int clock_getres(clockid_t clock_id, struct timespec *tp); }
+	SYS_KTIMER_CREATE            = 235 // { int ktimer_create(clockid_t clock_id, struct sigevent *evp, int *timerid); }
+	SYS_KTIMER_DELETE            = 236 // { int ktimer_delete(int timerid); }
+	SYS_KTIMER_SETTIME           = 237 // { int ktimer_settime(int timerid, int flags, const struct itimerspec *value, struct itimerspec *ovalue); }
+	SYS_KTIMER_GETTIME           = 238 // { int ktimer_gettime(int timerid, struct itimerspec *value); }
+	SYS_KTIMER_GETOVERRUN        = 239 // { int ktimer_getoverrun(int timerid); }
+	SYS_NANOSLEEP                = 240 // { int nanosleep(const struct timespec *rqtp, struct timespec *rmtp); }
+	SYS_FFCLOCK_GETCOUNTER       = 241 // { int ffclock_getcounter(ffcounter *ffcount); }
+	SYS_FFCLOCK_SETESTIMATE      = 242 // { int ffclock_setestimate( struct ffclock_estimate *cest); }
+	SYS_FFCLOCK_GETESTIMATE      = 243 // { int ffclock_getestimate( struct ffclock_estimate *cest); }
+	SYS_CLOCK_NANOSLEEP          = 244 // { int clock_nanosleep(clockid_t clock_id, int flags, const struct timespec *rqtp, struct timespec *rmtp); }
+	SYS_CLOCK_GETCPUCLOCKID2     = 247 // { int clock_getcpuclockid2(id_t id,int which, clockid_t *clock_id); }
+	SYS_NTP_GETTIME              = 248 // { int ntp_gettime(struct ntptimeval *ntvp); }
+	SYS_MINHERIT                 = 250 // { int minherit(void *addr, size_t len, int inherit); }
+	SYS_RFORK                    = 251 // { int rfork(int flags); }
+	SYS_OPENBSD_POLL             = 252 // { int openbsd_poll(struct pollfd *fds, u_int nfds, int timeout); }
+	SYS_ISSETUGID                = 253 // { int issetugid(void); }
+	SYS_LCHOWN                   = 254 // { int lchown(char *path, int uid, int gid); }
+	SYS_AIO_READ                 = 255 // { int aio_read(struct aiocb *aiocbp); }
+	SYS_AIO_WRITE                = 256 // { int aio_write(struct aiocb *aiocbp); }
+	SYS_LIO_LISTIO               = 257 // { int lio_listio(int mode, struct aiocb * const *acb_list, int nent, struct sigevent *sig); }
+	SYS_GETDENTS                 = 272 // { int getdents(int fd, char *buf, size_t count); }
+	SYS_LCHMOD                   = 274 // { int lchmod(char *path, mode_t mode); }
+	SYS_LUTIMES                  = 276 // { int lutimes(char *path, struct timeval *tptr); }
+	SYS_NSTAT                    = 278 // { int nstat(char *path, struct nstat *ub); }
+	SYS_NFSTAT                   = 279 // { int nfstat(int fd, struct nstat *sb); }
+	SYS_NLSTAT                   = 280 // { int nlstat(char *path, struct nstat *ub); }
+	SYS_PREADV                   = 289 // { ssize_t preadv(int fd, struct iovec *iovp, u_int iovcnt, off_t offset); }
+	SYS_PWRITEV                  = 290 // { ssize_t pwritev(int fd, struct iovec *iovp, u_int iovcnt, off_t offset); }
+	SYS_FHOPEN                   = 298 // { int fhopen(const struct fhandle *u_fhp, int flags); }
+	SYS_FHSTAT                   = 299 // { int fhstat(const struct fhandle *u_fhp, struct stat *sb); }
+	SYS_MODNEXT                  = 300 // { int modnext(int modid); }
+	SYS_MODSTAT                  = 301 // { int modstat(int modid, struct module_stat *stat); }
+	SYS_MODFNEXT                 = 302 // { int modfnext(int modid); }
+	SYS_MODFIND                  = 303 // { int modfind(const char *name); }
+	SYS_KLDLOAD                  = 304 // { int kldload(const char *file); }
+	SYS_KLDUNLOAD                = 305 // { int kldunload(int fileid); }
+	SYS_KLDFIND                  = 306 // { int kldfind(const char *file); }
+	SYS_KLDNEXT                  = 307 // { int kldnext(int fileid); }
+	SYS_KLDSTAT                  = 308 // { int kldstat(int fileid, struct kld_file_stat* stat); }
+	SYS_KLDFIRSTMOD              = 309 // { int kldfirstmod(int fileid); }
+	SYS_GETSID                   = 310 // { int getsid(pid_t pid); }
+	SYS_SETRESUID                = 311 // { int setresuid(uid_t ruid, uid_t euid, uid_t suid); }
+	SYS_SETRESGID                = 312 // { int setresgid(gid_t rgid, gid_t egid, gid_t sgid); }
+	SYS_AIO_RETURN               = 314 // { ssize_t aio_return(struct aiocb *aiocbp); }
+	SYS_AIO_SUSPEND              = 315 // { int aio_suspend( struct aiocb * const * aiocbp, int nent, const struct timespec *timeout); }
+	SYS_AIO_CANCEL               = 316 // { int aio_cancel(int fd, struct aiocb *aiocbp); }
+	SYS_AIO_ERROR                = 317 // { int aio_error(struct aiocb *aiocbp); }
+	SYS_YIELD                    = 321 // { int yield(void); }
+	SYS_MLOCKALL                 = 324 // { int mlockall(int how); }
+	SYS_MUNLOCKALL               = 325 // { int munlockall(void); }
+	SYS___GETCWD                 = 326 // { int __getcwd(char *buf, u_int buflen); }
+	SYS_SCHED_SETPARAM           = 327 // { int sched_setparam (pid_t pid, const struct sched_param *param); }
+	SYS_SCHED_GETPARAM           = 328 // { int sched_getparam (pid_t pid, struct sched_param *param); }
+	SYS_SCHED_SETSCHEDULER       = 329 // { int sched_setscheduler (pid_t pid, int policy, const struct sched_param *param); }
+	SYS_SCHED_GETSCHEDULER       = 330 // { int sched_getscheduler (pid_t pid); }
+	SYS_SCHED_YIELD              = 331 // { int sched_yield (void); }
+	SYS_SCHED_GET_PRIORITY_MAX   = 332 // { int sched_get_priority_max (int policy); }
+	SYS_SCHED_GET_PRIORITY_MIN   = 333 // { int sched_get_priority_min (int policy); }
+	SYS_SCHED_RR_GET_INTERVAL    = 334 // { int sched_rr_get_interval (pid_t pid, struct timespec *interval); }
+	SYS_UTRACE                   = 335 // { int utrace(const void *addr, size_t len); }
+	SYS_KLDSYM                   = 337 // { int kldsym(int fileid, int cmd, void *data); }
+	SYS_JAIL                     = 338 // { int jail(struct jail *jail); }
+	SYS_SIGPROCMASK              = 340 // { int sigprocmask(int how, const sigset_t *set, sigset_t *oset); }
+	SYS_SIGSUSPEND               = 341 // { int sigsuspend(const sigset_t *sigmask); }
+	SYS_SIGPENDING               = 343 // { int sigpending(sigset_t *set); }
+	SYS_SIGTIMEDWAIT             = 345 // { int sigtimedwait(const sigset_t *set, siginfo_t *info, const struct timespec *timeout); }
+	SYS_SIGWAITINFO              = 346 // { int sigwaitinfo(const sigset_t *set, siginfo_t *info); }
+	SYS___ACL_GET_FILE           = 347 // { int __acl_get_file(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_SET_FILE           = 348 // { int __acl_set_file(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_GET_FD             = 349 // { int __acl_get_fd(int filedes, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_SET_FD             = 350 // { int __acl_set_fd(int filedes, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_DELETE_FILE        = 351 // { int __acl_delete_file(const char *path, acl_type_t type); }
+	SYS___ACL_DELETE_FD          = 352 // { int __acl_delete_fd(int filedes, acl_type_t type); }
+	SYS___ACL_ACLCHECK_FILE      = 353 // { int __acl_aclcheck_file(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_ACLCHECK_FD        = 354 // { int __acl_aclcheck_fd(int filedes, acl_type_t type, struct acl *aclp); }
+	SYS_EXTATTRCTL               = 355 // { int extattrctl(const char *path, int cmd, const char *filename, int attrnamespace, const char *attrname); }
+	SYS_EXTATTR_SET_FILE         = 356 // { ssize_t extattr_set_file( const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_GET_FILE         = 357 // { ssize_t extattr_get_file( const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_DELETE_FILE      = 358 // { int extattr_delete_file(const char *path, int attrnamespace, const char *attrname); }
+	SYS_AIO_WAITCOMPLETE         = 359 // { ssize_t aio_waitcomplete( struct aiocb **aiocbp, struct timespec *timeout); }
+	SYS_GETRESUID                = 360 // { int getresuid(uid_t *ruid, uid_t *euid, uid_t *suid); }
+	SYS_GETRESGID                = 361 // { int getresgid(gid_t *rgid, gid_t *egid, gid_t *sgid); }
+	SYS_KQUEUE                   = 362 // { int kqueue(void); }
+	SYS_KEVENT                   = 363 // { int kevent(int fd, struct kevent *changelist, int nchanges, struct kevent *eventlist, int nevents, const struct timespec *timeout); }
+	SYS_EXTATTR_SET_FD           = 371 // { ssize_t extattr_set_fd(int fd, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_GET_FD           = 372 // { ssize_t extattr_get_fd(int fd, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_DELETE_FD        = 373 // { int extattr_delete_fd(int fd, int attrnamespace, const char *attrname); }
+	SYS___SETUGID                = 374 // { int __setugid(int flag); }
+	SYS_EACCESS                  = 376 // { int eaccess(char *path, int amode); }
+	SYS_NMOUNT                   = 378 // { int nmount(struct iovec *iovp, unsigned int iovcnt, int flags); }
+	SYS___MAC_GET_PROC           = 384 // { int __mac_get_proc(struct mac *mac_p); }
+	SYS___MAC_SET_PROC           = 385 // { int __mac_set_proc(struct mac *mac_p); }
+	SYS___MAC_GET_FD             = 386 // { int __mac_get_fd(int fd, struct mac *mac_p); }
+	SYS___MAC_GET_FILE           = 387 // { int __mac_get_file(const char *path_p, struct mac *mac_p); }
+	SYS___MAC_SET_FD             = 388 // { int __mac_set_fd(int fd, struct mac *mac_p); }
+	SYS___MAC_SET_FILE           = 389 // { int __mac_set_file(const char *path_p, struct mac *mac_p); }
+	SYS_KENV                     = 390 // { int kenv(int what, const char *name, char *value, int len); }
+	SYS_LCHFLAGS                 = 391 // { int lchflags(const char *path, u_long flags); }
+	SYS_UUIDGEN                  = 392 // { int uuidgen(struct uuid *store, int count); }
+	SYS_SENDFILE                 = 393 // { int sendfile(int fd, int s, off_t offset, size_t nbytes, struct sf_hdtr *hdtr, off_t *sbytes, int flags); }
+	SYS_MAC_SYSCALL              = 394 // { int mac_syscall(const char *policy, int call, void *arg); }
+	SYS_GETFSSTAT                = 395 // { int getfsstat(struct statfs *buf, long bufsize, int mode); }
+	SYS_STATFS                   = 396 // { int statfs(char *path, struct statfs *buf); }
+	SYS_FSTATFS                  = 397 // { int fstatfs(int fd, struct statfs *buf); }
+	SYS_FHSTATFS                 = 398 // { int fhstatfs(const struct fhandle *u_fhp, struct statfs *buf); }
+	SYS_KSEM_CLOSE               = 400 // { int ksem_close(semid_t id); }
+	SYS_KSEM_POST                = 401 // { int ksem_post(semid_t id); }
+	SYS_KSEM_WAIT                = 402 // { int ksem_wait(semid_t id); }
+	SYS_KSEM_TRYWAIT             = 403 // { int ksem_trywait(semid_t id); }
+	SYS_KSEM_INIT                = 404 // { int ksem_init(semid_t *idp, unsigned int value); }
+	SYS_KSEM_OPEN                = 405 // { int ksem_open(semid_t *idp, const char *name, int oflag, mode_t mode, unsigned int value); }
+	SYS_KSEM_UNLINK              = 406 // { int ksem_unlink(const char *name); }
+	SYS_KSEM_GETVALUE            = 407 // { int ksem_getvalue(semid_t id, int *val); }
+	SYS_KSEM_DESTROY             = 408 // { int ksem_destroy(semid_t id); }
+	SYS___MAC_GET_PID            = 409 // { int __mac_get_pid(pid_t pid, struct mac *mac_p); }
+	SYS___MAC_GET_LINK           = 410 // { int __mac_get_link(const char *path_p, struct mac *mac_p); }
+	SYS___MAC_SET_LINK           = 411 // { int __mac_set_link(const char *path_p, struct mac *mac_p); }
+	SYS_EXTATTR_SET_LINK         = 412 // { ssize_t extattr_set_link( const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_GET_LINK         = 413 // { ssize_t extattr_get_link( const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_DELETE_LINK      = 414 // { int extattr_delete_link( const char *path, int attrnamespace, const char *attrname); }
+	SYS___MAC_EXECVE             = 415 // { int __mac_execve(char *fname, char **argv, char **envv, struct mac *mac_p); }
+	SYS_SIGACTION                = 416 // { int sigaction(int sig, const struct sigaction *act, struct sigaction *oact); }
+	SYS_SIGRETURN                = 417 // { int sigreturn( const struct __ucontext *sigcntxp); }
+	SYS_GETCONTEXT               = 421 // { int getcontext(struct __ucontext *ucp); }
+	SYS_SETCONTEXT               = 422 // { int setcontext( const struct __ucontext *ucp); }
+	SYS_SWAPCONTEXT              = 423 // { int swapcontext(struct __ucontext *oucp, const struct __ucontext *ucp); }
+	SYS_SWAPOFF                  = 424 // { int swapoff(const char *name); }
+	SYS___ACL_GET_LINK           = 425 // { int __acl_get_link(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_SET_LINK           = 426 // { int __acl_set_link(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_DELETE_LINK        = 427 // { int __acl_delete_link(const char *path, acl_type_t type); }
+	SYS___ACL_ACLCHECK_LINK      = 428 // { int __acl_aclcheck_link(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS_SIGWAIT                  = 429 // { int sigwait(const sigset_t *set, int *sig); }
+	SYS_THR_CREATE               = 430 // { int thr_create(ucontext_t *ctx, long *id, int flags); }
+	SYS_THR_EXIT                 = 431 // { void thr_exit(long *state); }
+	SYS_THR_SELF                 = 432 // { int thr_self(long *id); }
+	SYS_THR_KILL                 = 433 // { int thr_kill(long id, int sig); }
+	SYS_JAIL_ATTACH              = 436 // { int jail_attach(int jid); }
+	SYS_EXTATTR_LIST_FD          = 437 // { ssize_t extattr_list_fd(int fd, int attrnamespace, void *data, size_t nbytes); }
+	SYS_EXTATTR_LIST_FILE        = 438 // { ssize_t extattr_list_file( const char *path, int attrnamespace, void *data, size_t nbytes); }
+	SYS_EXTATTR_LIST_LINK        = 439 // { ssize_t extattr_list_link( const char *path, int attrnamespace, void *data, size_t nbytes); }
+	SYS_KSEM_TIMEDWAIT           = 441 // { int ksem_timedwait(semid_t id, const struct timespec *abstime); }
+	SYS_THR_SUSPEND              = 442 // { int thr_suspend( const struct timespec *timeout); }
+	SYS_THR_WAKE                 = 443 // { int thr_wake(long id); }
+	SYS_KLDUNLOADF               = 444 // { int kldunloadf(int fileid, int flags); }
+	SYS_AUDIT                    = 445 // { int audit(const void *record, u_int length); }
+	SYS_AUDITON                  = 446 // { int auditon(int cmd, void *data, u_int length); }
+	SYS_GETAUID                  = 447 // { int getauid(uid_t *auid); }
+	SYS_SETAUID                  = 448 // { int setauid(uid_t *auid); }
+	SYS_GETAUDIT                 = 449 // { int getaudit(struct auditinfo *auditinfo); }
+	SYS_SETAUDIT                 = 450 // { int setaudit(struct auditinfo *auditinfo); }
+	SYS_GETAUDIT_ADDR            = 451 // { int getaudit_addr( struct auditinfo_addr *auditinfo_addr, u_int length); }
+	SYS_SETAUDIT_ADDR            = 452 // { int setaudit_addr( struct auditinfo_addr *auditinfo_addr, u_int length); }
+	SYS_AUDITCTL                 = 453 // { int auditctl(char *path); }
+	SYS__UMTX_OP                 = 454 // { int _umtx_op(void *obj, int op, u_long val, void *uaddr1, void *uaddr2); }
+	SYS_THR_NEW                  = 455 // { int thr_new(struct thr_param *param, int param_size); }
+	SYS_SIGQUEUE                 = 456 // { int sigqueue(pid_t pid, int signum, void *value); }
+	SYS_KMQ_OPEN                 = 457 // { int kmq_open(const char *path, int flags, mode_t mode, const struct mq_attr *attr); }
+	SYS_KMQ_SETATTR              = 458 // { int kmq_setattr(int mqd,		const struct mq_attr *attr,		struct mq_attr *oattr); }
+	SYS_KMQ_TIMEDRECEIVE         = 459 // { int kmq_timedreceive(int mqd,	char *msg_ptr, size_t msg_len,	unsigned *msg_prio,			const struct timespec *abs_timeout); }
+	SYS_KMQ_TIMEDSEND            = 460 // { int kmq_timedsend(int mqd,		const char *msg_ptr, size_t msg_len,unsigned msg_prio,			const struct timespec *abs_timeout);}
+	SYS_KMQ_NOTIFY               = 461 // { int kmq_notify(int mqd,		const struct sigevent *sigev); }
+	SYS_KMQ_UNLINK               = 462 // { int kmq_unlink(const char *path); }
+	SYS_ABORT2                   = 463 // { int abort2(const char *why, int nargs, void **args); }
+	SYS_THR_SET_NAME             = 464 // { int thr_set_name(long id, const char *name); }
+	SYS_AIO_FSYNC                = 465 // { int aio_fsync(int op, struct aiocb *aiocbp); }
+	SYS_RTPRIO_THREAD            = 466 // { int rtprio_thread(int function, lwpid_t lwpid, struct rtprio *rtp); }
+	SYS_SCTP_PEELOFF             = 471 // { int sctp_peeloff(int sd, uint32_t name); }
+	SYS_SCTP_GENERIC_SENDMSG     = 472 // { int sctp_generic_sendmsg(int sd, caddr_t msg, int mlen, caddr_t to, __socklen_t tolen, struct sctp_sndrcvinfo *sinfo, int flags); }
+	SYS_SCTP_GENERIC_SENDMSG_IOV = 473 // { int sctp_generic_sendmsg_iov(int sd, struct iovec *iov, int iovlen, caddr_t to, __socklen_t tolen, struct sctp_sndrcvinfo *sinfo, int flags); }
+	SYS_SCTP_GENERIC_RECVMSG     = 474 // { int sctp_generic_recvmsg(int sd, struct iovec *iov, int iovlen, struct sockaddr * from, __socklen_t *fromlenaddr, struct sctp_sndrcvinfo *sinfo, int *msg_flags); }
+	SYS_PREAD                    = 475 // { ssize_t pread(int fd, void *buf, size_t nbyte, off_t offset); }
+	SYS_PWRITE                   = 476 // { ssize_t pwrite(int fd, const void *buf, size_t nbyte, off_t offset); }
+	SYS_MMAP                     = 477 // { caddr_t mmap(caddr_t addr, size_t len, int prot, int flags, int fd, off_t pos); }
+	SYS_LSEEK                    = 478 // { off_t lseek(int fd, off_t offset, int whence); }
+	SYS_TRUNCATE                 = 479 // { int truncate(char *path, off_t length); }
+	SYS_FTRUNCATE                = 480 // { int ftruncate(int fd, off_t length); }
+	SYS_THR_KILL2                = 481 // { int thr_kill2(pid_t pid, long id, int sig); }
+	SYS_SHM_OPEN                 = 482 // { int shm_open(const char *path, int flags, mode_t mode); }
+	SYS_SHM_UNLINK               = 483 // { int shm_unlink(const char *path); }
+	SYS_CPUSET                   = 484 // { int cpuset(cpusetid_t *setid); }
+	SYS_CPUSET_SETID             = 485 // { int cpuset_setid(cpuwhich_t which, id_t id, cpusetid_t setid); }
+	SYS_CPUSET_GETID             = 486 // { int cpuset_getid(cpulevel_t level, cpuwhich_t which, id_t id, cpusetid_t *setid); }
+	SYS_CPUSET_GETAFFINITY       = 487 // { int cpuset_getaffinity(cpulevel_t level, cpuwhich_t which, id_t id, size_t cpusetsize, cpuset_t *mask); }
+	SYS_CPUSET_SETAFFINITY       = 488 // { int cpuset_setaffinity(cpulevel_t level, cpuwhich_t which, id_t id, size_t cpusetsize, const cpuset_t *mask); }
+	SYS_FACCESSAT                = 489 // { int faccessat(int fd, char *path, int amode, int flag); }
+	SYS_FCHMODAT                 = 490 // { int fchmodat(int fd, char *path, mode_t mode, int flag); }
+	SYS_FCHOWNAT                 = 491 // { int fchownat(int fd, char *path, uid_t uid, gid_t gid, int flag); }
+	SYS_FEXECVE                  = 492 // { int fexecve(int fd, char **argv, char **envv); }
+	SYS_FSTATAT                  = 493 // { int fstatat(int fd, char *path, struct stat *buf, int flag); }
+	SYS_FUTIMESAT                = 494 // { int futimesat(int fd, char *path, struct timeval *times); }
+	SYS_LINKAT                   = 495 // { int linkat(int fd1, char *path1, int fd2, char *path2, int flag); }
+	SYS_MKDIRAT                  = 496 // { int mkdirat(int fd, char *path, mode_t mode); }
+	SYS_MKFIFOAT                 = 497 // { int mkfifoat(int fd, char *path, mode_t mode); }
+	SYS_MKNODAT                  = 498 // { int mknodat(int fd, char *path, mode_t mode, dev_t dev); }
+	SYS_OPENAT                   = 499 // { int openat(int fd, char *path, int flag, mode_t mode); }
+	SYS_READLINKAT               = 500 // { int readlinkat(int fd, char *path, char *buf, size_t bufsize); }
+	SYS_RENAMEAT                 = 501 // { int renameat(int oldfd, char *old, int newfd, char *new); }
+	SYS_SYMLINKAT                = 502 // { int symlinkat(char *path1, int fd, char *path2); }
+	SYS_UNLINKAT                 = 503 // { int unlinkat(int fd, char *path, int flag); }
+	SYS_POSIX_OPENPT             = 504 // { int posix_openpt(int flags); }
+	SYS_GSSD_SYSCALL             = 505 // { int gssd_syscall(char *path); }
+	SYS_JAIL_GET                 = 506 // { int jail_get(struct iovec *iovp, unsigned int iovcnt, int flags); }
+	SYS_JAIL_SET                 = 507 // { int jail_set(struct iovec *iovp, unsigned int iovcnt, int flags); }
+	SYS_JAIL_REMOVE              = 508 // { int jail_remove(int jid); }
+	SYS_CLOSEFROM                = 509 // { int closefrom(int lowfd); }
+	SYS___SEMCTL                 = 510 // { int __semctl(int semid, int semnum, int cmd, union semun *arg); }
+	SYS_MSGCTL                   = 511 // { int msgctl(int msqid, int cmd, struct msqid_ds *buf); }
+	SYS_SHMCTL                   = 512 // { int shmctl(int shmid, int cmd, struct shmid_ds *buf); }
+	SYS_LPATHCONF                = 513 // { int lpathconf(char *path, int name); }
+	SYS___CAP_RIGHTS_GET         = 515 // { int __cap_rights_get(int version, int fd, cap_rights_t *rightsp); }
+	SYS_CAP_ENTER                = 516 // { int cap_enter(void); }
+	SYS_CAP_GETMODE              = 517 // { int cap_getmode(u_int *modep); }
+	SYS_PDFORK                   = 518 // { int pdfork(int *fdp, int flags); }
+	SYS_PDKILL                   = 519 // { int pdkill(int fd, int signum); }
+	SYS_PDGETPID                 = 520 // { int pdgetpid(int fd, pid_t *pidp); }
+	SYS_PSELECT                  = 522 // { int pselect(int nd, fd_set *in, fd_set *ou, fd_set *ex, const struct timespec *ts, const sigset_t *sm); }
+	SYS_GETLOGINCLASS            = 523 // { int getloginclass(char *namebuf, size_t namelen); }
+	SYS_SETLOGINCLASS            = 524 // { int setloginclass(const char *namebuf); }
+	SYS_RCTL_GET_RACCT           = 525 // { int rctl_get_racct(const void *inbufp, size_t inbuflen, void *outbufp, size_t outbuflen); }
+	SYS_RCTL_GET_RULES           = 526 // { int rctl_get_rules(const void *inbufp, size_t inbuflen, void *outbufp, size_t outbuflen); }
+	SYS_RCTL_GET_LIMITS          = 527 // { int rctl_get_limits(const void *inbufp, size_t inbuflen, void *outbufp, size_t outbuflen); }
+	SYS_RCTL_ADD_RULE            = 528 // { int rctl_add_rule(const void *inbufp, size_t inbuflen, void *outbufp, size_t outbuflen); }
+	SYS_RCTL_REMOVE_RULE         = 529 // { int rctl_remove_rule(const void *inbufp, size_t inbuflen, void *outbufp, size_t outbuflen); }
+	SYS_POSIX_FALLOCATE          = 530 // { int posix_fallocate(int fd, off_t offset, off_t len); }
+	SYS_POSIX_FADVISE            = 531 // { int posix_fadvise(int fd, off_t offset, off_t len, int advice); }
+	SYS_WAIT6                    = 532 // { int wait6(idtype_t idtype, id_t id, int *status, int options, struct __wrusage *wrusage, siginfo_t *info); }
+	SYS_CAP_RIGHTS_LIMIT         = 533 // { int cap_rights_limit(int fd, cap_rights_t *rightsp); }
+	SYS_CAP_IOCTLS_LIMIT         = 534 // { int cap_ioctls_limit(int fd, const u_long *cmds, size_t ncmds); }
+	SYS_CAP_IOCTLS_GET           = 535 // { ssize_t cap_ioctls_get(int fd, u_long *cmds, size_t maxcmds); }
+	SYS_CAP_FCNTLS_LIMIT         = 536 // { int cap_fcntls_limit(int fd, uint32_t fcntlrights); }
+	SYS_CAP_FCNTLS_GET           = 537 // { int cap_fcntls_get(int fd, uint32_t *fcntlrightsp); }
+	SYS_BINDAT                   = 538 // { int bindat(int fd, int s, caddr_t name, int namelen); }
+	SYS_CONNECTAT                = 539 // { int connectat(int fd, int s, caddr_t name, int namelen); }
+	SYS_CHFLAGSAT                = 540 // { int chflagsat(int fd, const char *path, u_long flags, int atflag); }
+	SYS_ACCEPT4                  = 541 // { int accept4(int s, struct sockaddr * __restrict name, __socklen_t * __restrict anamelen, int flags); }
+	SYS_PIPE2                    = 542 // { int pipe2(int *fildes, int flags); }
+	SYS_AIO_MLOCK                = 543 // { int aio_mlock(struct aiocb *aiocbp); }
+	SYS_PROCCTL                  = 544 // { int procctl(idtype_t idtype, id_t id, int com, void *data); }
+	SYS_PPOLL                    = 545 // { int ppoll(struct pollfd *fds, u_int nfds, const struct timespec *ts, const sigset_t *set); }
+	SYS_FUTIMENS                 = 546 // { int futimens(int fd, struct timespec *times); }
+	SYS_UTIMENSAT                = 547 // { int utimensat(int fd, char *path, struct timespec *times, int flag); }
+	SYS_NUMA_GETAFFINITY         = 548 // { int numa_getaffinity(cpuwhich_t which, id_t id, struct vm_domain_policy_entry *policy); }
+	SYS_NUMA_SETAFFINITY         = 549 // { int numa_setaffinity(cpuwhich_t which, id_t id, const struct vm_domain_policy_entry *policy); }
+	SYS_FDATASYNC                = 550 // { int fdatasync(int fd); }
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm64.go
new file mode 100644
index 000000000..3e51af8ed
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm64.go
@@ -0,0 +1,396 @@
+// go run mksysnum.go https://svn.freebsd.org/base/stable/11/sys/kern/syscalls.master
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build arm64,freebsd
+
+package unix
+
+const (
+	// SYS_NOSYS = 0;  // { int nosys(void); } syscall nosys_args int
+	SYS_EXIT                     = 1   // { void sys_exit(int rval); } exit sys_exit_args void
+	SYS_FORK                     = 2   // { int fork(void); }
+	SYS_READ                     = 3   // { ssize_t read(int fd, void *buf, size_t nbyte); }
+	SYS_WRITE                    = 4   // { ssize_t write(int fd, const void *buf, size_t nbyte); }
+	SYS_OPEN                     = 5   // { int open(char *path, int flags, int mode); }
+	SYS_CLOSE                    = 6   // { int close(int fd); }
+	SYS_WAIT4                    = 7   // { int wait4(int pid, int *status, int options, struct rusage *rusage); }
+	SYS_LINK                     = 9   // { int link(char *path, char *link); }
+	SYS_UNLINK                   = 10  // { int unlink(char *path); }
+	SYS_CHDIR                    = 12  // { int chdir(char *path); }
+	SYS_FCHDIR                   = 13  // { int fchdir(int fd); }
+	SYS_MKNOD                    = 14  // { int mknod(char *path, int mode, int dev); }
+	SYS_CHMOD                    = 15  // { int chmod(char *path, int mode); }
+	SYS_CHOWN                    = 16  // { int chown(char *path, int uid, int gid); }
+	SYS_OBREAK                   = 17  // { int obreak(char *nsize); } break obreak_args int
+	SYS_GETPID                   = 20  // { pid_t getpid(void); }
+	SYS_MOUNT                    = 21  // { int mount(char *type, char *path, int flags, caddr_t data); }
+	SYS_UNMOUNT                  = 22  // { int unmount(char *path, int flags); }
+	SYS_SETUID                   = 23  // { int setuid(uid_t uid); }
+	SYS_GETUID                   = 24  // { uid_t getuid(void); }
+	SYS_GETEUID                  = 25  // { uid_t geteuid(void); }
+	SYS_PTRACE                   = 26  // { int ptrace(int req, pid_t pid, caddr_t addr, int data); }
+	SYS_RECVMSG                  = 27  // { int recvmsg(int s, struct msghdr *msg, int flags); }
+	SYS_SENDMSG                  = 28  // { int sendmsg(int s, struct msghdr *msg, int flags); }
+	SYS_RECVFROM                 = 29  // { int recvfrom(int s, caddr_t buf, size_t len, int flags, struct sockaddr * __restrict from, __socklen_t * __restrict fromlenaddr); }
+	SYS_ACCEPT                   = 30  // { int accept(int s, struct sockaddr * __restrict name, __socklen_t * __restrict anamelen); }
+	SYS_GETPEERNAME              = 31  // { int getpeername(int fdes, struct sockaddr * __restrict asa, __socklen_t * __restrict alen); }
+	SYS_GETSOCKNAME              = 32  // { int getsockname(int fdes, struct sockaddr * __restrict asa, __socklen_t * __restrict alen); }
+	SYS_ACCESS                   = 33  // { int access(char *path, int amode); }
+	SYS_CHFLAGS                  = 34  // { int chflags(const char *path, u_long flags); }
+	SYS_FCHFLAGS                 = 35  // { int fchflags(int fd, u_long flags); }
+	SYS_SYNC                     = 36  // { int sync(void); }
+	SYS_KILL                     = 37  // { int kill(int pid, int signum); }
+	SYS_GETPPID                  = 39  // { pid_t getppid(void); }
+	SYS_DUP                      = 41  // { int dup(u_int fd); }
+	SYS_PIPE                     = 42  // { int pipe(void); }
+	SYS_GETEGID                  = 43  // { gid_t getegid(void); }
+	SYS_PROFIL                   = 44  // { int profil(caddr_t samples, size_t size, size_t offset, u_int scale); }
+	SYS_KTRACE                   = 45  // { int ktrace(const char *fname, int ops, int facs, int pid); }
+	SYS_GETGID                   = 47  // { gid_t getgid(void); }
+	SYS_GETLOGIN                 = 49  // { int getlogin(char *namebuf, u_int namelen); }
+	SYS_SETLOGIN                 = 50  // { int setlogin(char *namebuf); }
+	SYS_ACCT                     = 51  // { int acct(char *path); }
+	SYS_SIGALTSTACK              = 53  // { int sigaltstack(stack_t *ss, stack_t *oss); }
+	SYS_IOCTL                    = 54  // { int ioctl(int fd, u_long com, caddr_t data); }
+	SYS_REBOOT                   = 55  // { int reboot(int opt); }
+	SYS_REVOKE                   = 56  // { int revoke(char *path); }
+	SYS_SYMLINK                  = 57  // { int symlink(char *path, char *link); }
+	SYS_READLINK                 = 58  // { ssize_t readlink(char *path, char *buf, size_t count); }
+	SYS_EXECVE                   = 59  // { int execve(char *fname, char **argv, char **envv); }
+	SYS_UMASK                    = 60  // { int umask(int newmask); } umask umask_args int
+	SYS_CHROOT                   = 61  // { int chroot(char *path); }
+	SYS_MSYNC                    = 65  // { int msync(void *addr, size_t len, int flags); }
+	SYS_VFORK                    = 66  // { int vfork(void); }
+	SYS_SBRK                     = 69  // { int sbrk(int incr); }
+	SYS_SSTK                     = 70  // { int sstk(int incr); }
+	SYS_OVADVISE                 = 72  // { int ovadvise(int anom); } vadvise ovadvise_args int
+	SYS_MUNMAP                   = 73  // { int munmap(void *addr, size_t len); }
+	SYS_MPROTECT                 = 74  // { int mprotect(const void *addr, size_t len, int prot); }
+	SYS_MADVISE                  = 75  // { int madvise(void *addr, size_t len, int behav); }
+	SYS_MINCORE                  = 78  // { int mincore(const void *addr, size_t len, char *vec); }
+	SYS_GETGROUPS                = 79  // { int getgroups(u_int gidsetsize, gid_t *gidset); }
+	SYS_SETGROUPS                = 80  // { int setgroups(u_int gidsetsize, gid_t *gidset); }
+	SYS_GETPGRP                  = 81  // { int getpgrp(void); }
+	SYS_SETPGID                  = 82  // { int setpgid(int pid, int pgid); }
+	SYS_SETITIMER                = 83  // { int setitimer(u_int which, struct itimerval *itv, struct itimerval *oitv); }
+	SYS_SWAPON                   = 85  // { int swapon(char *name); }
+	SYS_GETITIMER                = 86  // { int getitimer(u_int which, struct itimerval *itv); }
+	SYS_GETDTABLESIZE            = 89  // { int getdtablesize(void); }
+	SYS_DUP2                     = 90  // { int dup2(u_int from, u_int to); }
+	SYS_FCNTL                    = 92  // { int fcntl(int fd, int cmd, long arg); }
+	SYS_SELECT                   = 93  // { int select(int nd, fd_set *in, fd_set *ou, fd_set *ex, struct timeval *tv); }
+	SYS_FSYNC                    = 95  // { int fsync(int fd); }
+	SYS_SETPRIORITY              = 96  // { int setpriority(int which, int who, int prio); }
+	SYS_SOCKET                   = 97  // { int socket(int domain, int type, int protocol); }
+	SYS_CONNECT                  = 98  // { int connect(int s, caddr_t name, int namelen); }
+	SYS_GETPRIORITY              = 100 // { int getpriority(int which, int who); }
+	SYS_BIND                     = 104 // { int bind(int s, caddr_t name, int namelen); }
+	SYS_SETSOCKOPT               = 105 // { int setsockopt(int s, int level, int name, caddr_t val, int valsize); }
+	SYS_LISTEN                   = 106 // { int listen(int s, int backlog); }
+	SYS_GETTIMEOFDAY             = 116 // { int gettimeofday(struct timeval *tp, struct timezone *tzp); }
+	SYS_GETRUSAGE                = 117 // { int getrusage(int who, struct rusage *rusage); }
+	SYS_GETSOCKOPT               = 118 // { int getsockopt(int s, int level, int name, caddr_t val, int *avalsize); }
+	SYS_READV                    = 120 // { int readv(int fd, struct iovec *iovp, u_int iovcnt); }
+	SYS_WRITEV                   = 121 // { int writev(int fd, struct iovec *iovp, u_int iovcnt); }
+	SYS_SETTIMEOFDAY             = 122 // { int settimeofday(struct timeval *tv, struct timezone *tzp); }
+	SYS_FCHOWN                   = 123 // { int fchown(int fd, int uid, int gid); }
+	SYS_FCHMOD                   = 124 // { int fchmod(int fd, int mode); }
+	SYS_SETREUID                 = 126 // { int setreuid(int ruid, int euid); }
+	SYS_SETREGID                 = 127 // { int setregid(int rgid, int egid); }
+	SYS_RENAME                   = 128 // { int rename(char *from, char *to); }
+	SYS_FLOCK                    = 131 // { int flock(int fd, int how); }
+	SYS_MKFIFO                   = 132 // { int mkfifo(char *path, int mode); }
+	SYS_SENDTO                   = 133 // { int sendto(int s, caddr_t buf, size_t len, int flags, caddr_t to, int tolen); }
+	SYS_SHUTDOWN                 = 134 // { int shutdown(int s, int how); }
+	SYS_SOCKETPAIR               = 135 // { int socketpair(int domain, int type, int protocol, int *rsv); }
+	SYS_MKDIR                    = 136 // { int mkdir(char *path, int mode); }
+	SYS_RMDIR                    = 137 // { int rmdir(char *path); }
+	SYS_UTIMES                   = 138 // { int utimes(char *path, struct timeval *tptr); }
+	SYS_ADJTIME                  = 140 // { int adjtime(struct timeval *delta, struct timeval *olddelta); }
+	SYS_SETSID                   = 147 // { int setsid(void); }
+	SYS_QUOTACTL                 = 148 // { int quotactl(char *path, int cmd, int uid, caddr_t arg); }
+	SYS_NLM_SYSCALL              = 154 // { int nlm_syscall(int debug_level, int grace_period, int addr_count, char **addrs); }
+	SYS_NFSSVC                   = 155 // { int nfssvc(int flag, caddr_t argp); }
+	SYS_LGETFH                   = 160 // { int lgetfh(char *fname, struct fhandle *fhp); }
+	SYS_GETFH                    = 161 // { int getfh(char *fname, struct fhandle *fhp); }
+	SYS_SYSARCH                  = 165 // { int sysarch(int op, char *parms); }
+	SYS_RTPRIO                   = 166 // { int rtprio(int function, pid_t pid, struct rtprio *rtp); }
+	SYS_SEMSYS                   = 169 // { int semsys(int which, int a2, int a3, int a4, int a5); }
+	SYS_MSGSYS                   = 170 // { int msgsys(int which, int a2, int a3, int a4, int a5, int a6); }
+	SYS_SHMSYS                   = 171 // { int shmsys(int which, int a2, int a3, int a4); }
+	SYS_SETFIB                   = 175 // { int setfib(int fibnum); }
+	SYS_NTP_ADJTIME              = 176 // { int ntp_adjtime(struct timex *tp); }
+	SYS_SETGID                   = 181 // { int setgid(gid_t gid); }
+	SYS_SETEGID                  = 182 // { int setegid(gid_t egid); }
+	SYS_SETEUID                  = 183 // { int seteuid(uid_t euid); }
+	SYS_STAT                     = 188 // { int stat(char *path, struct stat *ub); }
+	SYS_FSTAT                    = 189 // { int fstat(int fd, struct stat *sb); }
+	SYS_LSTAT                    = 190 // { int lstat(char *path, struct stat *ub); }
+	SYS_PATHCONF                 = 191 // { int pathconf(char *path, int name); }
+	SYS_FPATHCONF                = 192 // { int fpathconf(int fd, int name); }
+	SYS_GETRLIMIT                = 194 // { int getrlimit(u_int which, struct rlimit *rlp); } getrlimit __getrlimit_args int
+	SYS_SETRLIMIT                = 195 // { int setrlimit(u_int which, struct rlimit *rlp); } setrlimit __setrlimit_args int
+	SYS_GETDIRENTRIES            = 196 // { int getdirentries(int fd, char *buf, u_int count, long *basep); }
+	SYS___SYSCTL                 = 202 // { int __sysctl(int *name, u_int namelen, void *old, size_t *oldlenp, void *new, size_t newlen); } __sysctl sysctl_args int
+	SYS_MLOCK                    = 203 // { int mlock(const void *addr, size_t len); }
+	SYS_MUNLOCK                  = 204 // { int munlock(const void *addr, size_t len); }
+	SYS_UNDELETE                 = 205 // { int undelete(char *path); }
+	SYS_FUTIMES                  = 206 // { int futimes(int fd, struct timeval *tptr); }
+	SYS_GETPGID                  = 207 // { int getpgid(pid_t pid); }
+	SYS_POLL                     = 209 // { int poll(struct pollfd *fds, u_int nfds, int timeout); }
+	SYS_SEMGET                   = 221 // { int semget(key_t key, int nsems, int semflg); }
+	SYS_SEMOP                    = 222 // { int semop(int semid, struct sembuf *sops, size_t nsops); }
+	SYS_MSGGET                   = 225 // { int msgget(key_t key, int msgflg); }
+	SYS_MSGSND                   = 226 // { int msgsnd(int msqid, const void *msgp, size_t msgsz, int msgflg); }
+	SYS_MSGRCV                   = 227 // { int msgrcv(int msqid, void *msgp, size_t msgsz, long msgtyp, int msgflg); }
+	SYS_SHMAT                    = 228 // { int shmat(int shmid, const void *shmaddr, int shmflg); }
+	SYS_SHMDT                    = 230 // { int shmdt(const void *shmaddr); }
+	SYS_SHMGET                   = 231 // { int shmget(key_t key, size_t size, int shmflg); }
+	SYS_CLOCK_GETTIME            = 232 // { int clock_gettime(clockid_t clock_id, struct timespec *tp); }
+	SYS_CLOCK_SETTIME            = 233 // { int clock_settime( clockid_t clock_id, const struct timespec *tp); }
+	SYS_CLOCK_GETRES             = 234 // { int clock_getres(clockid_t clock_id, struct timespec *tp); }
+	SYS_KTIMER_CREATE            = 235 // { int ktimer_create(clockid_t clock_id, struct sigevent *evp, int *timerid); }
+	SYS_KTIMER_DELETE            = 236 // { int ktimer_delete(int timerid); }
+	SYS_KTIMER_SETTIME           = 237 // { int ktimer_settime(int timerid, int flags, const struct itimerspec *value, struct itimerspec *ovalue); }
+	SYS_KTIMER_GETTIME           = 238 // { int ktimer_gettime(int timerid, struct itimerspec *value); }
+	SYS_KTIMER_GETOVERRUN        = 239 // { int ktimer_getoverrun(int timerid); }
+	SYS_NANOSLEEP                = 240 // { int nanosleep(const struct timespec *rqtp, struct timespec *rmtp); }
+	SYS_FFCLOCK_GETCOUNTER       = 241 // { int ffclock_getcounter(ffcounter *ffcount); }
+	SYS_FFCLOCK_SETESTIMATE      = 242 // { int ffclock_setestimate( struct ffclock_estimate *cest); }
+	SYS_FFCLOCK_GETESTIMATE      = 243 // { int ffclock_getestimate( struct ffclock_estimate *cest); }
+	SYS_CLOCK_NANOSLEEP          = 244 // { int clock_nanosleep(clockid_t clock_id, int flags, const struct timespec *rqtp, struct timespec *rmtp); }
+	SYS_CLOCK_GETCPUCLOCKID2     = 247 // { int clock_getcpuclockid2(id_t id,int which, clockid_t *clock_id); }
+	SYS_NTP_GETTIME              = 248 // { int ntp_gettime(struct ntptimeval *ntvp); }
+	SYS_MINHERIT                 = 250 // { int minherit(void *addr, size_t len, int inherit); }
+	SYS_RFORK                    = 251 // { int rfork(int flags); }
+	SYS_OPENBSD_POLL             = 252 // { int openbsd_poll(struct pollfd *fds, u_int nfds, int timeout); }
+	SYS_ISSETUGID                = 253 // { int issetugid(void); }
+	SYS_LCHOWN                   = 254 // { int lchown(char *path, int uid, int gid); }
+	SYS_AIO_READ                 = 255 // { int aio_read(struct aiocb *aiocbp); }
+	SYS_AIO_WRITE                = 256 // { int aio_write(struct aiocb *aiocbp); }
+	SYS_LIO_LISTIO               = 257 // { int lio_listio(int mode, struct aiocb * const *acb_list, int nent, struct sigevent *sig); }
+	SYS_GETDENTS                 = 272 // { int getdents(int fd, char *buf, size_t count); }
+	SYS_LCHMOD                   = 274 // { int lchmod(char *path, mode_t mode); }
+	SYS_LUTIMES                  = 276 // { int lutimes(char *path, struct timeval *tptr); }
+	SYS_NSTAT                    = 278 // { int nstat(char *path, struct nstat *ub); }
+	SYS_NFSTAT                   = 279 // { int nfstat(int fd, struct nstat *sb); }
+	SYS_NLSTAT                   = 280 // { int nlstat(char *path, struct nstat *ub); }
+	SYS_PREADV                   = 289 // { ssize_t preadv(int fd, struct iovec *iovp, u_int iovcnt, off_t offset); }
+	SYS_PWRITEV                  = 290 // { ssize_t pwritev(int fd, struct iovec *iovp, u_int iovcnt, off_t offset); }
+	SYS_FHOPEN                   = 298 // { int fhopen(const struct fhandle *u_fhp, int flags); }
+	SYS_FHSTAT                   = 299 // { int fhstat(const struct fhandle *u_fhp, struct stat *sb); }
+	SYS_MODNEXT                  = 300 // { int modnext(int modid); }
+	SYS_MODSTAT                  = 301 // { int modstat(int modid, struct module_stat *stat); }
+	SYS_MODFNEXT                 = 302 // { int modfnext(int modid); }
+	SYS_MODFIND                  = 303 // { int modfind(const char *name); }
+	SYS_KLDLOAD                  = 304 // { int kldload(const char *file); }
+	SYS_KLDUNLOAD                = 305 // { int kldunload(int fileid); }
+	SYS_KLDFIND                  = 306 // { int kldfind(const char *file); }
+	SYS_KLDNEXT                  = 307 // { int kldnext(int fileid); }
+	SYS_KLDSTAT                  = 308 // { int kldstat(int fileid, struct kld_file_stat* stat); }
+	SYS_KLDFIRSTMOD              = 309 // { int kldfirstmod(int fileid); }
+	SYS_GETSID                   = 310 // { int getsid(pid_t pid); }
+	SYS_SETRESUID                = 311 // { int setresuid(uid_t ruid, uid_t euid, uid_t suid); }
+	SYS_SETRESGID                = 312 // { int setresgid(gid_t rgid, gid_t egid, gid_t sgid); }
+	SYS_AIO_RETURN               = 314 // { ssize_t aio_return(struct aiocb *aiocbp); }
+	SYS_AIO_SUSPEND              = 315 // { int aio_suspend( struct aiocb * const * aiocbp, int nent, const struct timespec *timeout); }
+	SYS_AIO_CANCEL               = 316 // { int aio_cancel(int fd, struct aiocb *aiocbp); }
+	SYS_AIO_ERROR                = 317 // { int aio_error(struct aiocb *aiocbp); }
+	SYS_YIELD                    = 321 // { int yield(void); }
+	SYS_MLOCKALL                 = 324 // { int mlockall(int how); }
+	SYS_MUNLOCKALL               = 325 // { int munlockall(void); }
+	SYS___GETCWD                 = 326 // { int __getcwd(char *buf, u_int buflen); }
+	SYS_SCHED_SETPARAM           = 327 // { int sched_setparam (pid_t pid, const struct sched_param *param); }
+	SYS_SCHED_GETPARAM           = 328 // { int sched_getparam (pid_t pid, struct sched_param *param); }
+	SYS_SCHED_SETSCHEDULER       = 329 // { int sched_setscheduler (pid_t pid, int policy, const struct sched_param *param); }
+	SYS_SCHED_GETSCHEDULER       = 330 // { int sched_getscheduler (pid_t pid); }
+	SYS_SCHED_YIELD              = 331 // { int sched_yield (void); }
+	SYS_SCHED_GET_PRIORITY_MAX   = 332 // { int sched_get_priority_max (int policy); }
+	SYS_SCHED_GET_PRIORITY_MIN   = 333 // { int sched_get_priority_min (int policy); }
+	SYS_SCHED_RR_GET_INTERVAL    = 334 // { int sched_rr_get_interval (pid_t pid, struct timespec *interval); }
+	SYS_UTRACE                   = 335 // { int utrace(const void *addr, size_t len); }
+	SYS_KLDSYM                   = 337 // { int kldsym(int fileid, int cmd, void *data); }
+	SYS_JAIL                     = 338 // { int jail(struct jail *jail); }
+	SYS_SIGPROCMASK              = 340 // { int sigprocmask(int how, const sigset_t *set, sigset_t *oset); }
+	SYS_SIGSUSPEND               = 341 // { int sigsuspend(const sigset_t *sigmask); }
+	SYS_SIGPENDING               = 343 // { int sigpending(sigset_t *set); }
+	SYS_SIGTIMEDWAIT             = 345 // { int sigtimedwait(const sigset_t *set, siginfo_t *info, const struct timespec *timeout); }
+	SYS_SIGWAITINFO              = 346 // { int sigwaitinfo(const sigset_t *set, siginfo_t *info); }
+	SYS___ACL_GET_FILE           = 347 // { int __acl_get_file(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_SET_FILE           = 348 // { int __acl_set_file(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_GET_FD             = 349 // { int __acl_get_fd(int filedes, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_SET_FD             = 350 // { int __acl_set_fd(int filedes, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_DELETE_FILE        = 351 // { int __acl_delete_file(const char *path, acl_type_t type); }
+	SYS___ACL_DELETE_FD          = 352 // { int __acl_delete_fd(int filedes, acl_type_t type); }
+	SYS___ACL_ACLCHECK_FILE      = 353 // { int __acl_aclcheck_file(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_ACLCHECK_FD        = 354 // { int __acl_aclcheck_fd(int filedes, acl_type_t type, struct acl *aclp); }
+	SYS_EXTATTRCTL               = 355 // { int extattrctl(const char *path, int cmd, const char *filename, int attrnamespace, const char *attrname); }
+	SYS_EXTATTR_SET_FILE         = 356 // { ssize_t extattr_set_file( const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_GET_FILE         = 357 // { ssize_t extattr_get_file( const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_DELETE_FILE      = 358 // { int extattr_delete_file(const char *path, int attrnamespace, const char *attrname); }
+	SYS_AIO_WAITCOMPLETE         = 359 // { ssize_t aio_waitcomplete( struct aiocb **aiocbp, struct timespec *timeout); }
+	SYS_GETRESUID                = 360 // { int getresuid(uid_t *ruid, uid_t *euid, uid_t *suid); }
+	SYS_GETRESGID                = 361 // { int getresgid(gid_t *rgid, gid_t *egid, gid_t *sgid); }
+	SYS_KQUEUE                   = 362 // { int kqueue(void); }
+	SYS_KEVENT                   = 363 // { int kevent(int fd, struct kevent *changelist, int nchanges, struct kevent *eventlist, int nevents, const struct timespec *timeout); }
+	SYS_EXTATTR_SET_FD           = 371 // { ssize_t extattr_set_fd(int fd, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_GET_FD           = 372 // { ssize_t extattr_get_fd(int fd, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_DELETE_FD        = 373 // { int extattr_delete_fd(int fd, int attrnamespace, const char *attrname); }
+	SYS___SETUGID                = 374 // { int __setugid(int flag); }
+	SYS_EACCESS                  = 376 // { int eaccess(char *path, int amode); }
+	SYS_NMOUNT                   = 378 // { int nmount(struct iovec *iovp, unsigned int iovcnt, int flags); }
+	SYS___MAC_GET_PROC           = 384 // { int __mac_get_proc(struct mac *mac_p); }
+	SYS___MAC_SET_PROC           = 385 // { int __mac_set_proc(struct mac *mac_p); }
+	SYS___MAC_GET_FD             = 386 // { int __mac_get_fd(int fd, struct mac *mac_p); }
+	SYS___MAC_GET_FILE           = 387 // { int __mac_get_file(const char *path_p, struct mac *mac_p); }
+	SYS___MAC_SET_FD             = 388 // { int __mac_set_fd(int fd, struct mac *mac_p); }
+	SYS___MAC_SET_FILE           = 389 // { int __mac_set_file(const char *path_p, struct mac *mac_p); }
+	SYS_KENV                     = 390 // { int kenv(int what, const char *name, char *value, int len); }
+	SYS_LCHFLAGS                 = 391 // { int lchflags(const char *path, u_long flags); }
+	SYS_UUIDGEN                  = 392 // { int uuidgen(struct uuid *store, int count); }
+	SYS_SENDFILE                 = 393 // { int sendfile(int fd, int s, off_t offset, size_t nbytes, struct sf_hdtr *hdtr, off_t *sbytes, int flags); }
+	SYS_MAC_SYSCALL              = 394 // { int mac_syscall(const char *policy, int call, void *arg); }
+	SYS_GETFSSTAT                = 395 // { int getfsstat(struct statfs *buf, long bufsize, int mode); }
+	SYS_STATFS                   = 396 // { int statfs(char *path, struct statfs *buf); }
+	SYS_FSTATFS                  = 397 // { int fstatfs(int fd, struct statfs *buf); }
+	SYS_FHSTATFS                 = 398 // { int fhstatfs(const struct fhandle *u_fhp, struct statfs *buf); }
+	SYS_KSEM_CLOSE               = 400 // { int ksem_close(semid_t id); }
+	SYS_KSEM_POST                = 401 // { int ksem_post(semid_t id); }
+	SYS_KSEM_WAIT                = 402 // { int ksem_wait(semid_t id); }
+	SYS_KSEM_TRYWAIT             = 403 // { int ksem_trywait(semid_t id); }
+	SYS_KSEM_INIT                = 404 // { int ksem_init(semid_t *idp, unsigned int value); }
+	SYS_KSEM_OPEN                = 405 // { int ksem_open(semid_t *idp, const char *name, int oflag, mode_t mode, unsigned int value); }
+	SYS_KSEM_UNLINK              = 406 // { int ksem_unlink(const char *name); }
+	SYS_KSEM_GETVALUE            = 407 // { int ksem_getvalue(semid_t id, int *val); }
+	SYS_KSEM_DESTROY             = 408 // { int ksem_destroy(semid_t id); }
+	SYS___MAC_GET_PID            = 409 // { int __mac_get_pid(pid_t pid, struct mac *mac_p); }
+	SYS___MAC_GET_LINK           = 410 // { int __mac_get_link(const char *path_p, struct mac *mac_p); }
+	SYS___MAC_SET_LINK           = 411 // { int __mac_set_link(const char *path_p, struct mac *mac_p); }
+	SYS_EXTATTR_SET_LINK         = 412 // { ssize_t extattr_set_link( const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_GET_LINK         = 413 // { ssize_t extattr_get_link( const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_DELETE_LINK      = 414 // { int extattr_delete_link( const char *path, int attrnamespace, const char *attrname); }
+	SYS___MAC_EXECVE             = 415 // { int __mac_execve(char *fname, char **argv, char **envv, struct mac *mac_p); }
+	SYS_SIGACTION                = 416 // { int sigaction(int sig, const struct sigaction *act, struct sigaction *oact); }
+	SYS_SIGRETURN                = 417 // { int sigreturn( const struct __ucontext *sigcntxp); }
+	SYS_GETCONTEXT               = 421 // { int getcontext(struct __ucontext *ucp); }
+	SYS_SETCONTEXT               = 422 // { int setcontext( const struct __ucontext *ucp); }
+	SYS_SWAPCONTEXT              = 423 // { int swapcontext(struct __ucontext *oucp, const struct __ucontext *ucp); }
+	SYS_SWAPOFF                  = 424 // { int swapoff(const char *name); }
+	SYS___ACL_GET_LINK           = 425 // { int __acl_get_link(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_SET_LINK           = 426 // { int __acl_set_link(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS___ACL_DELETE_LINK        = 427 // { int __acl_delete_link(const char *path, acl_type_t type); }
+	SYS___ACL_ACLCHECK_LINK      = 428 // { int __acl_aclcheck_link(const char *path, acl_type_t type, struct acl *aclp); }
+	SYS_SIGWAIT                  = 429 // { int sigwait(const sigset_t *set, int *sig); }
+	SYS_THR_CREATE               = 430 // { int thr_create(ucontext_t *ctx, long *id, int flags); }
+	SYS_THR_EXIT                 = 431 // { void thr_exit(long *state); }
+	SYS_THR_SELF                 = 432 // { int thr_self(long *id); }
+	SYS_THR_KILL                 = 433 // { int thr_kill(long id, int sig); }
+	SYS_JAIL_ATTACH              = 436 // { int jail_attach(int jid); }
+	SYS_EXTATTR_LIST_FD          = 437 // { ssize_t extattr_list_fd(int fd, int attrnamespace, void *data, size_t nbytes); }
+	SYS_EXTATTR_LIST_FILE        = 438 // { ssize_t extattr_list_file( const char *path, int attrnamespace, void *data, size_t nbytes); }
+	SYS_EXTATTR_LIST_LINK        = 439 // { ssize_t extattr_list_link( const char *path, int attrnamespace, void *data, size_t nbytes); }
+	SYS_KSEM_TIMEDWAIT           = 441 // { int ksem_timedwait(semid_t id, const struct timespec *abstime); }
+	SYS_THR_SUSPEND              = 442 // { int thr_suspend( const struct timespec *timeout); }
+	SYS_THR_WAKE                 = 443 // { int thr_wake(long id); }
+	SYS_KLDUNLOADF               = 444 // { int kldunloadf(int fileid, int flags); }
+	SYS_AUDIT                    = 445 // { int audit(const void *record, u_int length); }
+	SYS_AUDITON                  = 446 // { int auditon(int cmd, void *data, u_int length); }
+	SYS_GETAUID                  = 447 // { int getauid(uid_t *auid); }
+	SYS_SETAUID                  = 448 // { int setauid(uid_t *auid); }
+	SYS_GETAUDIT                 = 449 // { int getaudit(struct auditinfo *auditinfo); }
+	SYS_SETAUDIT                 = 450 // { int setaudit(struct auditinfo *auditinfo); }
+	SYS_GETAUDIT_ADDR            = 451 // { int getaudit_addr( struct auditinfo_addr *auditinfo_addr, u_int length); }
+	SYS_SETAUDIT_ADDR            = 452 // { int setaudit_addr( struct auditinfo_addr *auditinfo_addr, u_int length); }
+	SYS_AUDITCTL                 = 453 // { int auditctl(char *path); }
+	SYS__UMTX_OP                 = 454 // { int _umtx_op(void *obj, int op, u_long val, void *uaddr1, void *uaddr2); }
+	SYS_THR_NEW                  = 455 // { int thr_new(struct thr_param *param, int param_size); }
+	SYS_SIGQUEUE                 = 456 // { int sigqueue(pid_t pid, int signum, void *value); }
+	SYS_KMQ_OPEN                 = 457 // { int kmq_open(const char *path, int flags, mode_t mode, const struct mq_attr *attr); }
+	SYS_KMQ_SETATTR              = 458 // { int kmq_setattr(int mqd,		const struct mq_attr *attr,		struct mq_attr *oattr); }
+	SYS_KMQ_TIMEDRECEIVE         = 459 // { int kmq_timedreceive(int mqd,	char *msg_ptr, size_t msg_len,	unsigned *msg_prio,			const struct timespec *abs_timeout); }
+	SYS_KMQ_TIMEDSEND            = 460 // { int kmq_timedsend(int mqd,		const char *msg_ptr, size_t msg_len,unsigned msg_prio,			const struct timespec *abs_timeout);}
+	SYS_KMQ_NOTIFY               = 461 // { int kmq_notify(int mqd,		const struct sigevent *sigev); }
+	SYS_KMQ_UNLINK               = 462 // { int kmq_unlink(const char *path); }
+	SYS_ABORT2                   = 463 // { int abort2(const char *why, int nargs, void **args); }
+	SYS_THR_SET_NAME             = 464 // { int thr_set_name(long id, const char *name); }
+	SYS_AIO_FSYNC                = 465 // { int aio_fsync(int op, struct aiocb *aiocbp); }
+	SYS_RTPRIO_THREAD            = 466 // { int rtprio_thread(int function, lwpid_t lwpid, struct rtprio *rtp); }
+	SYS_SCTP_PEELOFF             = 471 // { int sctp_peeloff(int sd, uint32_t name); }
+	SYS_SCTP_GENERIC_SENDMSG     = 472 // { int sctp_generic_sendmsg(int sd, caddr_t msg, int mlen, caddr_t to, __socklen_t tolen, struct sctp_sndrcvinfo *sinfo, int flags); }
+	SYS_SCTP_GENERIC_SENDMSG_IOV = 473 // { int sctp_generic_sendmsg_iov(int sd, struct iovec *iov, int iovlen, caddr_t to, __socklen_t tolen, struct sctp_sndrcvinfo *sinfo, int flags); }
+	SYS_SCTP_GENERIC_RECVMSG     = 474 // { int sctp_generic_recvmsg(int sd, struct iovec *iov, int iovlen, struct sockaddr * from, __socklen_t *fromlenaddr, struct sctp_sndrcvinfo *sinfo, int *msg_flags); }
+	SYS_PREAD                    = 475 // { ssize_t pread(int fd, void *buf, size_t nbyte, off_t offset); }
+	SYS_PWRITE                   = 476 // { ssize_t pwrite(int fd, const void *buf, size_t nbyte, off_t offset); }
+	SYS_MMAP                     = 477 // { caddr_t mmap(caddr_t addr, size_t len, int prot, int flags, int fd, off_t pos); }
+	SYS_LSEEK                    = 478 // { off_t lseek(int fd, off_t offset, int whence); }
+	SYS_TRUNCATE                 = 479 // { int truncate(char *path, off_t length); }
+	SYS_FTRUNCATE                = 480 // { int ftruncate(int fd, off_t length); }
+	SYS_THR_KILL2                = 481 // { int thr_kill2(pid_t pid, long id, int sig); }
+	SYS_SHM_OPEN                 = 482 // { int shm_open(const char *path, int flags, mode_t mode); }
+	SYS_SHM_UNLINK               = 483 // { int shm_unlink(const char *path); }
+	SYS_CPUSET                   = 484 // { int cpuset(cpusetid_t *setid); }
+	SYS_CPUSET_SETID             = 485 // { int cpuset_setid(cpuwhich_t which, id_t id, cpusetid_t setid); }
+	SYS_CPUSET_GETID             = 486 // { int cpuset_getid(cpulevel_t level, cpuwhich_t which, id_t id, cpusetid_t *setid); }
+	SYS_CPUSET_GETAFFINITY       = 487 // { int cpuset_getaffinity(cpulevel_t level, cpuwhich_t which, id_t id, size_t cpusetsize, cpuset_t *mask); }
+	SYS_CPUSET_SETAFFINITY       = 488 // { int cpuset_setaffinity(cpulevel_t level, cpuwhich_t which, id_t id, size_t cpusetsize, const cpuset_t *mask); }
+	SYS_FACCESSAT                = 489 // { int faccessat(int fd, char *path, int amode, int flag); }
+	SYS_FCHMODAT                 = 490 // { int fchmodat(int fd, char *path, mode_t mode, int flag); }
+	SYS_FCHOWNAT                 = 491 // { int fchownat(int fd, char *path, uid_t uid, gid_t gid, int flag); }
+	SYS_FEXECVE                  = 492 // { int fexecve(int fd, char **argv, char **envv); }
+	SYS_FSTATAT                  = 493 // { int fstatat(int fd, char *path, struct stat *buf, int flag); }
+	SYS_FUTIMESAT                = 494 // { int futimesat(int fd, char *path, struct timeval *times); }
+	SYS_LINKAT                   = 495 // { int linkat(int fd1, char *path1, int fd2, char *path2, int flag); }
+	SYS_MKDIRAT                  = 496 // { int mkdirat(int fd, char *path, mode_t mode); }
+	SYS_MKFIFOAT                 = 497 // { int mkfifoat(int fd, char *path, mode_t mode); }
+	SYS_MKNODAT                  = 498 // { int mknodat(int fd, char *path, mode_t mode, dev_t dev); }
+	SYS_OPENAT                   = 499 // { int openat(int fd, char *path, int flag, mode_t mode); }
+	SYS_READLINKAT               = 500 // { int readlinkat(int fd, char *path, char *buf, size_t bufsize); }
+	SYS_RENAMEAT                 = 501 // { int renameat(int oldfd, char *old, int newfd, char *new); }
+	SYS_SYMLINKAT                = 502 // { int symlinkat(char *path1, int fd, char *path2); }
+	SYS_UNLINKAT                 = 503 // { int unlinkat(int fd, char *path, int flag); }
+	SYS_POSIX_OPENPT             = 504 // { int posix_openpt(int flags); }
+	SYS_GSSD_SYSCALL             = 505 // { int gssd_syscall(char *path); }
+	SYS_JAIL_GET                 = 506 // { int jail_get(struct iovec *iovp, unsigned int iovcnt, int flags); }
+	SYS_JAIL_SET                 = 507 // { int jail_set(struct iovec *iovp, unsigned int iovcnt, int flags); }
+	SYS_JAIL_REMOVE              = 508 // { int jail_remove(int jid); }
+	SYS_CLOSEFROM                = 509 // { int closefrom(int lowfd); }
+	SYS___SEMCTL                 = 510 // { int __semctl(int semid, int semnum, int cmd, union semun *arg); }
+	SYS_MSGCTL                   = 511 // { int msgctl(int msqid, int cmd, struct msqid_ds *buf); }
+	SYS_SHMCTL                   = 512 // { int shmctl(int shmid, int cmd, struct shmid_ds *buf); }
+	SYS_LPATHCONF                = 513 // { int lpathconf(char *path, int name); }
+	SYS___CAP_RIGHTS_GET         = 515 // { int __cap_rights_get(int version, int fd, cap_rights_t *rightsp); }
+	SYS_CAP_ENTER                = 516 // { int cap_enter(void); }
+	SYS_CAP_GETMODE              = 517 // { int cap_getmode(u_int *modep); }
+	SYS_PDFORK                   = 518 // { int pdfork(int *fdp, int flags); }
+	SYS_PDKILL                   = 519 // { int pdkill(int fd, int signum); }
+	SYS_PDGETPID                 = 520 // { int pdgetpid(int fd, pid_t *pidp); }
+	SYS_PSELECT                  = 522 // { int pselect(int nd, fd_set *in, fd_set *ou, fd_set *ex, const struct timespec *ts, const sigset_t *sm); }
+	SYS_GETLOGINCLASS            = 523 // { int getloginclass(char *namebuf, size_t namelen); }
+	SYS_SETLOGINCLASS            = 524 // { int setloginclass(const char *namebuf); }
+	SYS_RCTL_GET_RACCT           = 525 // { int rctl_get_racct(const void *inbufp, size_t inbuflen, void *outbufp, size_t outbuflen); }
+	SYS_RCTL_GET_RULES           = 526 // { int rctl_get_rules(const void *inbufp, size_t inbuflen, void *outbufp, size_t outbuflen); }
+	SYS_RCTL_GET_LIMITS          = 527 // { int rctl_get_limits(const void *inbufp, size_t inbuflen, void *outbufp, size_t outbuflen); }
+	SYS_RCTL_ADD_RULE            = 528 // { int rctl_add_rule(const void *inbufp, size_t inbuflen, void *outbufp, size_t outbuflen); }
+	SYS_RCTL_REMOVE_RULE         = 529 // { int rctl_remove_rule(const void *inbufp, size_t inbuflen, void *outbufp, size_t outbuflen); }
+	SYS_POSIX_FALLOCATE          = 530 // { int posix_fallocate(int fd, off_t offset, off_t len); }
+	SYS_POSIX_FADVISE            = 531 // { int posix_fadvise(int fd, off_t offset, off_t len, int advice); }
+	SYS_WAIT6                    = 532 // { int wait6(idtype_t idtype, id_t id, int *status, int options, struct __wrusage *wrusage, siginfo_t *info); }
+	SYS_CAP_RIGHTS_LIMIT         = 533 // { int cap_rights_limit(int fd, cap_rights_t *rightsp); }
+	SYS_CAP_IOCTLS_LIMIT         = 534 // { int cap_ioctls_limit(int fd, const u_long *cmds, size_t ncmds); }
+	SYS_CAP_IOCTLS_GET           = 535 // { ssize_t cap_ioctls_get(int fd, u_long *cmds, size_t maxcmds); }
+	SYS_CAP_FCNTLS_LIMIT         = 536 // { int cap_fcntls_limit(int fd, uint32_t fcntlrights); }
+	SYS_CAP_FCNTLS_GET           = 537 // { int cap_fcntls_get(int fd, uint32_t *fcntlrightsp); }
+	SYS_BINDAT                   = 538 // { int bindat(int fd, int s, caddr_t name, int namelen); }
+	SYS_CONNECTAT                = 539 // { int connectat(int fd, int s, caddr_t name, int namelen); }
+	SYS_CHFLAGSAT                = 540 // { int chflagsat(int fd, const char *path, u_long flags, int atflag); }
+	SYS_ACCEPT4                  = 541 // { int accept4(int s, struct sockaddr * __restrict name, __socklen_t * __restrict anamelen, int flags); }
+	SYS_PIPE2                    = 542 // { int pipe2(int *fildes, int flags); }
+	SYS_AIO_MLOCK                = 543 // { int aio_mlock(struct aiocb *aiocbp); }
+	SYS_PROCCTL                  = 544 // { int procctl(idtype_t idtype, id_t id, int com, void *data); }
+	SYS_PPOLL                    = 545 // { int ppoll(struct pollfd *fds, u_int nfds, const struct timespec *ts, const sigset_t *set); }
+	SYS_FUTIMENS                 = 546 // { int futimens(int fd, struct timespec *times); }
+	SYS_UTIMENSAT                = 547 // { int utimensat(int fd, char *path, struct timespec *times, int flag); }
+	SYS_NUMA_GETAFFINITY         = 548 // { int numa_getaffinity(cpuwhich_t which, id_t id, struct vm_domain_policy_entry *policy); }
+	SYS_NUMA_SETAFFINITY         = 549 // { int numa_setaffinity(cpuwhich_t which, id_t id, const struct vm_domain_policy_entry *policy); }
+	SYS_FDATASYNC                = 550 // { int fdatasync(int fd); }
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go
new file mode 100644
index 000000000..a597e061c
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go
@@ -0,0 +1,437 @@
+// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include -m32 /tmp/include/asm/unistd.h
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build 386,linux
+
+package unix
+
+const (
+	SYS_RESTART_SYSCALL              = 0
+	SYS_EXIT                         = 1
+	SYS_FORK                         = 2
+	SYS_READ                         = 3
+	SYS_WRITE                        = 4
+	SYS_OPEN                         = 5
+	SYS_CLOSE                        = 6
+	SYS_WAITPID                      = 7
+	SYS_CREAT                        = 8
+	SYS_LINK                         = 9
+	SYS_UNLINK                       = 10
+	SYS_EXECVE                       = 11
+	SYS_CHDIR                        = 12
+	SYS_TIME                         = 13
+	SYS_MKNOD                        = 14
+	SYS_CHMOD                        = 15
+	SYS_LCHOWN                       = 16
+	SYS_BREAK                        = 17
+	SYS_OLDSTAT                      = 18
+	SYS_LSEEK                        = 19
+	SYS_GETPID                       = 20
+	SYS_MOUNT                        = 21
+	SYS_UMOUNT                       = 22
+	SYS_SETUID                       = 23
+	SYS_GETUID                       = 24
+	SYS_STIME                        = 25
+	SYS_PTRACE                       = 26
+	SYS_ALARM                        = 27
+	SYS_OLDFSTAT                     = 28
+	SYS_PAUSE                        = 29
+	SYS_UTIME                        = 30
+	SYS_STTY                         = 31
+	SYS_GTTY                         = 32
+	SYS_ACCESS                       = 33
+	SYS_NICE                         = 34
+	SYS_FTIME                        = 35
+	SYS_SYNC                         = 36
+	SYS_KILL                         = 37
+	SYS_RENAME                       = 38
+	SYS_MKDIR                        = 39
+	SYS_RMDIR                        = 40
+	SYS_DUP                          = 41
+	SYS_PIPE                         = 42
+	SYS_TIMES                        = 43
+	SYS_PROF                         = 44
+	SYS_BRK                          = 45
+	SYS_SETGID                       = 46
+	SYS_GETGID                       = 47
+	SYS_SIGNAL                       = 48
+	SYS_GETEUID                      = 49
+	SYS_GETEGID                      = 50
+	SYS_ACCT                         = 51
+	SYS_UMOUNT2                      = 52
+	SYS_LOCK                         = 53
+	SYS_IOCTL                        = 54
+	SYS_FCNTL                        = 55
+	SYS_MPX                          = 56
+	SYS_SETPGID                      = 57
+	SYS_ULIMIT                       = 58
+	SYS_OLDOLDUNAME                  = 59
+	SYS_UMASK                        = 60
+	SYS_CHROOT                       = 61
+	SYS_USTAT                        = 62
+	SYS_DUP2                         = 63
+	SYS_GETPPID                      = 64
+	SYS_GETPGRP                      = 65
+	SYS_SETSID                       = 66
+	SYS_SIGACTION                    = 67
+	SYS_SGETMASK                     = 68
+	SYS_SSETMASK                     = 69
+	SYS_SETREUID                     = 70
+	SYS_SETREGID                     = 71
+	SYS_SIGSUSPEND                   = 72
+	SYS_SIGPENDING                   = 73
+	SYS_SETHOSTNAME                  = 74
+	SYS_SETRLIMIT                    = 75
+	SYS_GETRLIMIT                    = 76
+	SYS_GETRUSAGE                    = 77
+	SYS_GETTIMEOFDAY                 = 78
+	SYS_SETTIMEOFDAY                 = 79
+	SYS_GETGROUPS                    = 80
+	SYS_SETGROUPS                    = 81
+	SYS_SELECT                       = 82
+	SYS_SYMLINK                      = 83
+	SYS_OLDLSTAT                     = 84
+	SYS_READLINK                     = 85
+	SYS_USELIB                       = 86
+	SYS_SWAPON                       = 87
+	SYS_REBOOT                       = 88
+	SYS_READDIR                      = 89
+	SYS_MMAP                         = 90
+	SYS_MUNMAP                       = 91
+	SYS_TRUNCATE                     = 92
+	SYS_FTRUNCATE                    = 93
+	SYS_FCHMOD                       = 94
+	SYS_FCHOWN                       = 95
+	SYS_GETPRIORITY                  = 96
+	SYS_SETPRIORITY                  = 97
+	SYS_PROFIL                       = 98
+	SYS_STATFS                       = 99
+	SYS_FSTATFS                      = 100
+	SYS_IOPERM                       = 101
+	SYS_SOCKETCALL                   = 102
+	SYS_SYSLOG                       = 103
+	SYS_SETITIMER                    = 104
+	SYS_GETITIMER                    = 105
+	SYS_STAT                         = 106
+	SYS_LSTAT                        = 107
+	SYS_FSTAT                        = 108
+	SYS_OLDUNAME                     = 109
+	SYS_IOPL                         = 110
+	SYS_VHANGUP                      = 111
+	SYS_IDLE                         = 112
+	SYS_VM86OLD                      = 113
+	SYS_WAIT4                        = 114
+	SYS_SWAPOFF                      = 115
+	SYS_SYSINFO                      = 116
+	SYS_IPC                          = 117
+	SYS_FSYNC                        = 118
+	SYS_SIGRETURN                    = 119
+	SYS_CLONE                        = 120
+	SYS_SETDOMAINNAME                = 121
+	SYS_UNAME                        = 122
+	SYS_MODIFY_LDT                   = 123
+	SYS_ADJTIMEX                     = 124
+	SYS_MPROTECT                     = 125
+	SYS_SIGPROCMASK                  = 126
+	SYS_CREATE_MODULE                = 127
+	SYS_INIT_MODULE                  = 128
+	SYS_DELETE_MODULE                = 129
+	SYS_GET_KERNEL_SYMS              = 130
+	SYS_QUOTACTL                     = 131
+	SYS_GETPGID                      = 132
+	SYS_FCHDIR                       = 133
+	SYS_BDFLUSH                      = 134
+	SYS_SYSFS                        = 135
+	SYS_PERSONALITY                  = 136
+	SYS_AFS_SYSCALL                  = 137
+	SYS_SETFSUID                     = 138
+	SYS_SETFSGID                     = 139
+	SYS__LLSEEK                      = 140
+	SYS_GETDENTS                     = 141
+	SYS__NEWSELECT                   = 142
+	SYS_FLOCK                        = 143
+	SYS_MSYNC                        = 144
+	SYS_READV                        = 145
+	SYS_WRITEV                       = 146
+	SYS_GETSID                       = 147
+	SYS_FDATASYNC                    = 148
+	SYS__SYSCTL                      = 149
+	SYS_MLOCK                        = 150
+	SYS_MUNLOCK                      = 151
+	SYS_MLOCKALL                     = 152
+	SYS_MUNLOCKALL                   = 153
+	SYS_SCHED_SETPARAM               = 154
+	SYS_SCHED_GETPARAM               = 155
+	SYS_SCHED_SETSCHEDULER           = 156
+	SYS_SCHED_GETSCHEDULER           = 157
+	SYS_SCHED_YIELD                  = 158
+	SYS_SCHED_GET_PRIORITY_MAX       = 159
+	SYS_SCHED_GET_PRIORITY_MIN       = 160
+	SYS_SCHED_RR_GET_INTERVAL        = 161
+	SYS_NANOSLEEP                    = 162
+	SYS_MREMAP                       = 163
+	SYS_SETRESUID                    = 164
+	SYS_GETRESUID                    = 165
+	SYS_VM86                         = 166
+	SYS_QUERY_MODULE                 = 167
+	SYS_POLL                         = 168
+	SYS_NFSSERVCTL                   = 169
+	SYS_SETRESGID                    = 170
+	SYS_GETRESGID                    = 171
+	SYS_PRCTL                        = 172
+	SYS_RT_SIGRETURN                 = 173
+	SYS_RT_SIGACTION                 = 174
+	SYS_RT_SIGPROCMASK               = 175
+	SYS_RT_SIGPENDING                = 176
+	SYS_RT_SIGTIMEDWAIT              = 177
+	SYS_RT_SIGQUEUEINFO              = 178
+	SYS_RT_SIGSUSPEND                = 179
+	SYS_PREAD64                      = 180
+	SYS_PWRITE64                     = 181
+	SYS_CHOWN                        = 182
+	SYS_GETCWD                       = 183
+	SYS_CAPGET                       = 184
+	SYS_CAPSET                       = 185
+	SYS_SIGALTSTACK                  = 186
+	SYS_SENDFILE                     = 187
+	SYS_GETPMSG                      = 188
+	SYS_PUTPMSG                      = 189
+	SYS_VFORK                        = 190
+	SYS_UGETRLIMIT                   = 191
+	SYS_MMAP2                        = 192
+	SYS_TRUNCATE64                   = 193
+	SYS_FTRUNCATE64                  = 194
+	SYS_STAT64                       = 195
+	SYS_LSTAT64                      = 196
+	SYS_FSTAT64                      = 197
+	SYS_LCHOWN32                     = 198
+	SYS_GETUID32                     = 199
+	SYS_GETGID32                     = 200
+	SYS_GETEUID32                    = 201
+	SYS_GETEGID32                    = 202
+	SYS_SETREUID32                   = 203
+	SYS_SETREGID32                   = 204
+	SYS_GETGROUPS32                  = 205
+	SYS_SETGROUPS32                  = 206
+	SYS_FCHOWN32                     = 207
+	SYS_SETRESUID32                  = 208
+	SYS_GETRESUID32                  = 209
+	SYS_SETRESGID32                  = 210
+	SYS_GETRESGID32                  = 211
+	SYS_CHOWN32                      = 212
+	SYS_SETUID32                     = 213
+	SYS_SETGID32                     = 214
+	SYS_SETFSUID32                   = 215
+	SYS_SETFSGID32                   = 216
+	SYS_PIVOT_ROOT                   = 217
+	SYS_MINCORE                      = 218
+	SYS_MADVISE                      = 219
+	SYS_GETDENTS64                   = 220
+	SYS_FCNTL64                      = 221
+	SYS_GETTID                       = 224
+	SYS_READAHEAD                    = 225
+	SYS_SETXATTR                     = 226
+	SYS_LSETXATTR                    = 227
+	SYS_FSETXATTR                    = 228
+	SYS_GETXATTR                     = 229
+	SYS_LGETXATTR                    = 230
+	SYS_FGETXATTR                    = 231
+	SYS_LISTXATTR                    = 232
+	SYS_LLISTXATTR                   = 233
+	SYS_FLISTXATTR                   = 234
+	SYS_REMOVEXATTR                  = 235
+	SYS_LREMOVEXATTR                 = 236
+	SYS_FREMOVEXATTR                 = 237
+	SYS_TKILL                        = 238
+	SYS_SENDFILE64                   = 239
+	SYS_FUTEX                        = 240
+	SYS_SCHED_SETAFFINITY            = 241
+	SYS_SCHED_GETAFFINITY            = 242
+	SYS_SET_THREAD_AREA              = 243
+	SYS_GET_THREAD_AREA              = 244
+	SYS_IO_SETUP                     = 245
+	SYS_IO_DESTROY                   = 246
+	SYS_IO_GETEVENTS                 = 247
+	SYS_IO_SUBMIT                    = 248
+	SYS_IO_CANCEL                    = 249
+	SYS_FADVISE64                    = 250
+	SYS_EXIT_GROUP                   = 252
+	SYS_LOOKUP_DCOOKIE               = 253
+	SYS_EPOLL_CREATE                 = 254
+	SYS_EPOLL_CTL                    = 255
+	SYS_EPOLL_WAIT                   = 256
+	SYS_REMAP_FILE_PAGES             = 257
+	SYS_SET_TID_ADDRESS              = 258
+	SYS_TIMER_CREATE                 = 259
+	SYS_TIMER_SETTIME                = 260
+	SYS_TIMER_GETTIME                = 261
+	SYS_TIMER_GETOVERRUN             = 262
+	SYS_TIMER_DELETE                 = 263
+	SYS_CLOCK_SETTIME                = 264
+	SYS_CLOCK_GETTIME                = 265
+	SYS_CLOCK_GETRES                 = 266
+	SYS_CLOCK_NANOSLEEP              = 267
+	SYS_STATFS64                     = 268
+	SYS_FSTATFS64                    = 269
+	SYS_TGKILL                       = 270
+	SYS_UTIMES                       = 271
+	SYS_FADVISE64_64                 = 272
+	SYS_VSERVER                      = 273
+	SYS_MBIND                        = 274
+	SYS_GET_MEMPOLICY                = 275
+	SYS_SET_MEMPOLICY                = 276
+	SYS_MQ_OPEN                      = 277
+	SYS_MQ_UNLINK                    = 278
+	SYS_MQ_TIMEDSEND                 = 279
+	SYS_MQ_TIMEDRECEIVE              = 280
+	SYS_MQ_NOTIFY                    = 281
+	SYS_MQ_GETSETATTR                = 282
+	SYS_KEXEC_LOAD                   = 283
+	SYS_WAITID                       = 284
+	SYS_ADD_KEY                      = 286
+	SYS_REQUEST_KEY                  = 287
+	SYS_KEYCTL                       = 288
+	SYS_IOPRIO_SET                   = 289
+	SYS_IOPRIO_GET                   = 290
+	SYS_INOTIFY_INIT                 = 291
+	SYS_INOTIFY_ADD_WATCH            = 292
+	SYS_INOTIFY_RM_WATCH             = 293
+	SYS_MIGRATE_PAGES                = 294
+	SYS_OPENAT                       = 295
+	SYS_MKDIRAT                      = 296
+	SYS_MKNODAT                      = 297
+	SYS_FCHOWNAT                     = 298
+	SYS_FUTIMESAT                    = 299
+	SYS_FSTATAT64                    = 300
+	SYS_UNLINKAT                     = 301
+	SYS_RENAMEAT                     = 302
+	SYS_LINKAT                       = 303
+	SYS_SYMLINKAT                    = 304
+	SYS_READLINKAT                   = 305
+	SYS_FCHMODAT                     = 306
+	SYS_FACCESSAT                    = 307
+	SYS_PSELECT6                     = 308
+	SYS_PPOLL                        = 309
+	SYS_UNSHARE                      = 310
+	SYS_SET_ROBUST_LIST              = 311
+	SYS_GET_ROBUST_LIST              = 312
+	SYS_SPLICE                       = 313
+	SYS_SYNC_FILE_RANGE              = 314
+	SYS_TEE                          = 315
+	SYS_VMSPLICE                     = 316
+	SYS_MOVE_PAGES                   = 317
+	SYS_GETCPU                       = 318
+	SYS_EPOLL_PWAIT                  = 319
+	SYS_UTIMENSAT                    = 320
+	SYS_SIGNALFD                     = 321
+	SYS_TIMERFD_CREATE               = 322
+	SYS_EVENTFD                      = 323
+	SYS_FALLOCATE                    = 324
+	SYS_TIMERFD_SETTIME              = 325
+	SYS_TIMERFD_GETTIME              = 326
+	SYS_SIGNALFD4                    = 327
+	SYS_EVENTFD2                     = 328
+	SYS_EPOLL_CREATE1                = 329
+	SYS_DUP3                         = 330
+	SYS_PIPE2                        = 331
+	SYS_INOTIFY_INIT1                = 332
+	SYS_PREADV                       = 333
+	SYS_PWRITEV                      = 334
+	SYS_RT_TGSIGQUEUEINFO            = 335
+	SYS_PERF_EVENT_OPEN              = 336
+	SYS_RECVMMSG                     = 337
+	SYS_FANOTIFY_INIT                = 338
+	SYS_FANOTIFY_MARK                = 339
+	SYS_PRLIMIT64                    = 340
+	SYS_NAME_TO_HANDLE_AT            = 341
+	SYS_OPEN_BY_HANDLE_AT            = 342
+	SYS_CLOCK_ADJTIME                = 343
+	SYS_SYNCFS                       = 344
+	SYS_SENDMMSG                     = 345
+	SYS_SETNS                        = 346
+	SYS_PROCESS_VM_READV             = 347
+	SYS_PROCESS_VM_WRITEV            = 348
+	SYS_KCMP                         = 349
+	SYS_FINIT_MODULE                 = 350
+	SYS_SCHED_SETATTR                = 351
+	SYS_SCHED_GETATTR                = 352
+	SYS_RENAMEAT2                    = 353
+	SYS_SECCOMP                      = 354
+	SYS_GETRANDOM                    = 355
+	SYS_MEMFD_CREATE                 = 356
+	SYS_BPF                          = 357
+	SYS_EXECVEAT                     = 358
+	SYS_SOCKET                       = 359
+	SYS_SOCKETPAIR                   = 360
+	SYS_BIND                         = 361
+	SYS_CONNECT                      = 362
+	SYS_LISTEN                       = 363
+	SYS_ACCEPT4                      = 364
+	SYS_GETSOCKOPT                   = 365
+	SYS_SETSOCKOPT                   = 366
+	SYS_GETSOCKNAME                  = 367
+	SYS_GETPEERNAME                  = 368
+	SYS_SENDTO                       = 369
+	SYS_SENDMSG                      = 370
+	SYS_RECVFROM                     = 371
+	SYS_RECVMSG                      = 372
+	SYS_SHUTDOWN                     = 373
+	SYS_USERFAULTFD                  = 374
+	SYS_MEMBARRIER                   = 375
+	SYS_MLOCK2                       = 376
+	SYS_COPY_FILE_RANGE              = 377
+	SYS_PREADV2                      = 378
+	SYS_PWRITEV2                     = 379
+	SYS_PKEY_MPROTECT                = 380
+	SYS_PKEY_ALLOC                   = 381
+	SYS_PKEY_FREE                    = 382
+	SYS_STATX                        = 383
+	SYS_ARCH_PRCTL                   = 384
+	SYS_IO_PGETEVENTS                = 385
+	SYS_RSEQ                         = 386
+	SYS_SEMGET                       = 393
+	SYS_SEMCTL                       = 394
+	SYS_SHMGET                       = 395
+	SYS_SHMCTL                       = 396
+	SYS_SHMAT                        = 397
+	SYS_SHMDT                        = 398
+	SYS_MSGGET                       = 399
+	SYS_MSGSND                       = 400
+	SYS_MSGRCV                       = 401
+	SYS_MSGCTL                       = 402
+	SYS_CLOCK_GETTIME64              = 403
+	SYS_CLOCK_SETTIME64              = 404
+	SYS_CLOCK_ADJTIME64              = 405
+	SYS_CLOCK_GETRES_TIME64          = 406
+	SYS_CLOCK_NANOSLEEP_TIME64       = 407
+	SYS_TIMER_GETTIME64              = 408
+	SYS_TIMER_SETTIME64              = 409
+	SYS_TIMERFD_GETTIME64            = 410
+	SYS_TIMERFD_SETTIME64            = 411
+	SYS_UTIMENSAT_TIME64             = 412
+	SYS_PSELECT6_TIME64              = 413
+	SYS_PPOLL_TIME64                 = 414
+	SYS_IO_PGETEVENTS_TIME64         = 416
+	SYS_RECVMMSG_TIME64              = 417
+	SYS_MQ_TIMEDSEND_TIME64          = 418
+	SYS_MQ_TIMEDRECEIVE_TIME64       = 419
+	SYS_SEMTIMEDOP_TIME64            = 420
+	SYS_RT_SIGTIMEDWAIT_TIME64       = 421
+	SYS_FUTEX_TIME64                 = 422
+	SYS_SCHED_RR_GET_INTERVAL_TIME64 = 423
+	SYS_PIDFD_SEND_SIGNAL            = 424
+	SYS_IO_URING_SETUP               = 425
+	SYS_IO_URING_ENTER               = 426
+	SYS_IO_URING_REGISTER            = 427
+	SYS_OPEN_TREE                    = 428
+	SYS_MOVE_MOUNT                   = 429
+	SYS_FSOPEN                       = 430
+	SYS_FSCONFIG                     = 431
+	SYS_FSMOUNT                      = 432
+	SYS_FSPICK                       = 433
+	SYS_PIDFD_OPEN                   = 434
+	SYS_CLONE3                       = 435
+	SYS_OPENAT2                      = 437
+	SYS_PIDFD_GETFD                  = 438
+	SYS_FACCESSAT2                   = 439
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
new file mode 100644
index 000000000..8c102e55a
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
@@ -0,0 +1,359 @@
+// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include -m64 /tmp/include/asm/unistd.h
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build amd64,linux
+
+package unix
+
+const (
+	SYS_READ                   = 0
+	SYS_WRITE                  = 1
+	SYS_OPEN                   = 2
+	SYS_CLOSE                  = 3
+	SYS_STAT                   = 4
+	SYS_FSTAT                  = 5
+	SYS_LSTAT                  = 6
+	SYS_POLL                   = 7
+	SYS_LSEEK                  = 8
+	SYS_MMAP                   = 9
+	SYS_MPROTECT               = 10
+	SYS_MUNMAP                 = 11
+	SYS_BRK                    = 12
+	SYS_RT_SIGACTION           = 13
+	SYS_RT_SIGPROCMASK         = 14
+	SYS_RT_SIGRETURN           = 15
+	SYS_IOCTL                  = 16
+	SYS_PREAD64                = 17
+	SYS_PWRITE64               = 18
+	SYS_READV                  = 19
+	SYS_WRITEV                 = 20
+	SYS_ACCESS                 = 21
+	SYS_PIPE                   = 22
+	SYS_SELECT                 = 23
+	SYS_SCHED_YIELD            = 24
+	SYS_MREMAP                 = 25
+	SYS_MSYNC                  = 26
+	SYS_MINCORE                = 27
+	SYS_MADVISE                = 28
+	SYS_SHMGET                 = 29
+	SYS_SHMAT                  = 30
+	SYS_SHMCTL                 = 31
+	SYS_DUP                    = 32
+	SYS_DUP2                   = 33
+	SYS_PAUSE                  = 34
+	SYS_NANOSLEEP              = 35
+	SYS_GETITIMER              = 36
+	SYS_ALARM                  = 37
+	SYS_SETITIMER              = 38
+	SYS_GETPID                 = 39
+	SYS_SENDFILE               = 40
+	SYS_SOCKET                 = 41
+	SYS_CONNECT                = 42
+	SYS_ACCEPT                 = 43
+	SYS_SENDTO                 = 44
+	SYS_RECVFROM               = 45
+	SYS_SENDMSG                = 46
+	SYS_RECVMSG                = 47
+	SYS_SHUTDOWN               = 48
+	SYS_BIND                   = 49
+	SYS_LISTEN                 = 50
+	SYS_GETSOCKNAME            = 51
+	SYS_GETPEERNAME            = 52
+	SYS_SOCKETPAIR             = 53
+	SYS_SETSOCKOPT             = 54
+	SYS_GETSOCKOPT             = 55
+	SYS_CLONE                  = 56
+	SYS_FORK                   = 57
+	SYS_VFORK                  = 58
+	SYS_EXECVE                 = 59
+	SYS_EXIT                   = 60
+	SYS_WAIT4                  = 61
+	SYS_KILL                   = 62
+	SYS_UNAME                  = 63
+	SYS_SEMGET                 = 64
+	SYS_SEMOP                  = 65
+	SYS_SEMCTL                 = 66
+	SYS_SHMDT                  = 67
+	SYS_MSGGET                 = 68
+	SYS_MSGSND                 = 69
+	SYS_MSGRCV                 = 70
+	SYS_MSGCTL                 = 71
+	SYS_FCNTL                  = 72
+	SYS_FLOCK                  = 73
+	SYS_FSYNC                  = 74
+	SYS_FDATASYNC              = 75
+	SYS_TRUNCATE               = 76
+	SYS_FTRUNCATE              = 77
+	SYS_GETDENTS               = 78
+	SYS_GETCWD                 = 79
+	SYS_CHDIR                  = 80
+	SYS_FCHDIR                 = 81
+	SYS_RENAME                 = 82
+	SYS_MKDIR                  = 83
+	SYS_RMDIR                  = 84
+	SYS_CREAT                  = 85
+	SYS_LINK                   = 86
+	SYS_UNLINK                 = 87
+	SYS_SYMLINK                = 88
+	SYS_READLINK               = 89
+	SYS_CHMOD                  = 90
+	SYS_FCHMOD                 = 91
+	SYS_CHOWN                  = 92
+	SYS_FCHOWN                 = 93
+	SYS_LCHOWN                 = 94
+	SYS_UMASK                  = 95
+	SYS_GETTIMEOFDAY           = 96
+	SYS_GETRLIMIT              = 97
+	SYS_GETRUSAGE              = 98
+	SYS_SYSINFO                = 99
+	SYS_TIMES                  = 100
+	SYS_PTRACE                 = 101
+	SYS_GETUID                 = 102
+	SYS_SYSLOG                 = 103
+	SYS_GETGID                 = 104
+	SYS_SETUID                 = 105
+	SYS_SETGID                 = 106
+	SYS_GETEUID                = 107
+	SYS_GETEGID                = 108
+	SYS_SETPGID                = 109
+	SYS_GETPPID                = 110
+	SYS_GETPGRP                = 111
+	SYS_SETSID                 = 112
+	SYS_SETREUID               = 113
+	SYS_SETREGID               = 114
+	SYS_GETGROUPS              = 115
+	SYS_SETGROUPS              = 116
+	SYS_SETRESUID              = 117
+	SYS_GETRESUID              = 118
+	SYS_SETRESGID              = 119
+	SYS_GETRESGID              = 120
+	SYS_GETPGID                = 121
+	SYS_SETFSUID               = 122
+	SYS_SETFSGID               = 123
+	SYS_GETSID                 = 124
+	SYS_CAPGET                 = 125
+	SYS_CAPSET                 = 126
+	SYS_RT_SIGPENDING          = 127
+	SYS_RT_SIGTIMEDWAIT        = 128
+	SYS_RT_SIGQUEUEINFO        = 129
+	SYS_RT_SIGSUSPEND          = 130
+	SYS_SIGALTSTACK            = 131
+	SYS_UTIME                  = 132
+	SYS_MKNOD                  = 133
+	SYS_USELIB                 = 134
+	SYS_PERSONALITY            = 135
+	SYS_USTAT                  = 136
+	SYS_STATFS                 = 137
+	SYS_FSTATFS                = 138
+	SYS_SYSFS                  = 139
+	SYS_GETPRIORITY            = 140
+	SYS_SETPRIORITY            = 141
+	SYS_SCHED_SETPARAM         = 142
+	SYS_SCHED_GETPARAM         = 143
+	SYS_SCHED_SETSCHEDULER     = 144
+	SYS_SCHED_GETSCHEDULER     = 145
+	SYS_SCHED_GET_PRIORITY_MAX = 146
+	SYS_SCHED_GET_PRIORITY_MIN = 147
+	SYS_SCHED_RR_GET_INTERVAL  = 148
+	SYS_MLOCK                  = 149
+	SYS_MUNLOCK                = 150
+	SYS_MLOCKALL               = 151
+	SYS_MUNLOCKALL             = 152
+	SYS_VHANGUP                = 153
+	SYS_MODIFY_LDT             = 154
+	SYS_PIVOT_ROOT             = 155
+	SYS__SYSCTL                = 156
+	SYS_PRCTL                  = 157
+	SYS_ARCH_PRCTL             = 158
+	SYS_ADJTIMEX               = 159
+	SYS_SETRLIMIT              = 160
+	SYS_CHROOT                 = 161
+	SYS_SYNC                   = 162
+	SYS_ACCT                   = 163
+	SYS_SETTIMEOFDAY           = 164
+	SYS_MOUNT                  = 165
+	SYS_UMOUNT2                = 166
+	SYS_SWAPON                 = 167
+	SYS_SWAPOFF                = 168
+	SYS_REBOOT                 = 169
+	SYS_SETHOSTNAME            = 170
+	SYS_SETDOMAINNAME          = 171
+	SYS_IOPL                   = 172
+	SYS_IOPERM                 = 173
+	SYS_CREATE_MODULE          = 174
+	SYS_INIT_MODULE            = 175
+	SYS_DELETE_MODULE          = 176
+	SYS_GET_KERNEL_SYMS        = 177
+	SYS_QUERY_MODULE           = 178
+	SYS_QUOTACTL               = 179
+	SYS_NFSSERVCTL             = 180
+	SYS_GETPMSG                = 181
+	SYS_PUTPMSG                = 182
+	SYS_AFS_SYSCALL            = 183
+	SYS_TUXCALL                = 184
+	SYS_SECURITY               = 185
+	SYS_GETTID                 = 186
+	SYS_READAHEAD              = 187
+	SYS_SETXATTR               = 188
+	SYS_LSETXATTR              = 189
+	SYS_FSETXATTR              = 190
+	SYS_GETXATTR               = 191
+	SYS_LGETXATTR              = 192
+	SYS_FGETXATTR              = 193
+	SYS_LISTXATTR              = 194
+	SYS_LLISTXATTR             = 195
+	SYS_FLISTXATTR             = 196
+	SYS_REMOVEXATTR            = 197
+	SYS_LREMOVEXATTR           = 198
+	SYS_FREMOVEXATTR           = 199
+	SYS_TKILL                  = 200
+	SYS_TIME                   = 201
+	SYS_FUTEX                  = 202
+	SYS_SCHED_SETAFFINITY      = 203
+	SYS_SCHED_GETAFFINITY      = 204
+	SYS_SET_THREAD_AREA        = 205
+	SYS_IO_SETUP               = 206
+	SYS_IO_DESTROY             = 207
+	SYS_IO_GETEVENTS           = 208
+	SYS_IO_SUBMIT              = 209
+	SYS_IO_CANCEL              = 210
+	SYS_GET_THREAD_AREA        = 211
+	SYS_LOOKUP_DCOOKIE         = 212
+	SYS_EPOLL_CREATE           = 213
+	SYS_EPOLL_CTL_OLD          = 214
+	SYS_EPOLL_WAIT_OLD         = 215
+	SYS_REMAP_FILE_PAGES       = 216
+	SYS_GETDENTS64             = 217
+	SYS_SET_TID_ADDRESS        = 218
+	SYS_RESTART_SYSCALL        = 219
+	SYS_SEMTIMEDOP             = 220
+	SYS_FADVISE64              = 221
+	SYS_TIMER_CREATE           = 222
+	SYS_TIMER_SETTIME          = 223
+	SYS_TIMER_GETTIME          = 224
+	SYS_TIMER_GETOVERRUN       = 225
+	SYS_TIMER_DELETE           = 226
+	SYS_CLOCK_SETTIME          = 227
+	SYS_CLOCK_GETTIME          = 228
+	SYS_CLOCK_GETRES           = 229
+	SYS_CLOCK_NANOSLEEP        = 230
+	SYS_EXIT_GROUP             = 231
+	SYS_EPOLL_WAIT             = 232
+	SYS_EPOLL_CTL              = 233
+	SYS_TGKILL                 = 234
+	SYS_UTIMES                 = 235
+	SYS_VSERVER                = 236
+	SYS_MBIND                  = 237
+	SYS_SET_MEMPOLICY          = 238
+	SYS_GET_MEMPOLICY          = 239
+	SYS_MQ_OPEN                = 240
+	SYS_MQ_UNLINK              = 241
+	SYS_MQ_TIMEDSEND           = 242
+	SYS_MQ_TIMEDRECEIVE        = 243
+	SYS_MQ_NOTIFY              = 244
+	SYS_MQ_GETSETATTR          = 245
+	SYS_KEXEC_LOAD             = 246
+	SYS_WAITID                 = 247
+	SYS_ADD_KEY                = 248
+	SYS_REQUEST_KEY            = 249
+	SYS_KEYCTL                 = 250
+	SYS_IOPRIO_SET             = 251
+	SYS_IOPRIO_GET             = 252
+	SYS_INOTIFY_INIT           = 253
+	SYS_INOTIFY_ADD_WATCH      = 254
+	SYS_INOTIFY_RM_WATCH       = 255
+	SYS_MIGRATE_PAGES          = 256
+	SYS_OPENAT                 = 257
+	SYS_MKDIRAT                = 258
+	SYS_MKNODAT                = 259
+	SYS_FCHOWNAT               = 260
+	SYS_FUTIMESAT              = 261
+	SYS_NEWFSTATAT             = 262
+	SYS_UNLINKAT               = 263
+	SYS_RENAMEAT               = 264
+	SYS_LINKAT                 = 265
+	SYS_SYMLINKAT              = 266
+	SYS_READLINKAT             = 267
+	SYS_FCHMODAT               = 268
+	SYS_FACCESSAT              = 269
+	SYS_PSELECT6               = 270
+	SYS_PPOLL                  = 271
+	SYS_UNSHARE                = 272
+	SYS_SET_ROBUST_LIST        = 273
+	SYS_GET_ROBUST_LIST        = 274
+	SYS_SPLICE                 = 275
+	SYS_TEE                    = 276
+	SYS_SYNC_FILE_RANGE        = 277
+	SYS_VMSPLICE               = 278
+	SYS_MOVE_PAGES             = 279
+	SYS_UTIMENSAT              = 280
+	SYS_EPOLL_PWAIT            = 281
+	SYS_SIGNALFD               = 282
+	SYS_TIMERFD_CREATE         = 283
+	SYS_EVENTFD                = 284
+	SYS_FALLOCATE              = 285
+	SYS_TIMERFD_SETTIME        = 286
+	SYS_TIMERFD_GETTIME        = 287
+	SYS_ACCEPT4                = 288
+	SYS_SIGNALFD4              = 289
+	SYS_EVENTFD2               = 290
+	SYS_EPOLL_CREATE1          = 291
+	SYS_DUP3                   = 292
+	SYS_PIPE2                  = 293
+	SYS_INOTIFY_INIT1          = 294
+	SYS_PREADV                 = 295
+	SYS_PWRITEV                = 296
+	SYS_RT_TGSIGQUEUEINFO      = 297
+	SYS_PERF_EVENT_OPEN        = 298
+	SYS_RECVMMSG               = 299
+	SYS_FANOTIFY_INIT          = 300
+	SYS_FANOTIFY_MARK          = 301
+	SYS_PRLIMIT64              = 302
+	SYS_NAME_TO_HANDLE_AT      = 303
+	SYS_OPEN_BY_HANDLE_AT      = 304
+	SYS_CLOCK_ADJTIME          = 305
+	SYS_SYNCFS                 = 306
+	SYS_SENDMMSG               = 307
+	SYS_SETNS                  = 308
+	SYS_GETCPU                 = 309
+	SYS_PROCESS_VM_READV       = 310
+	SYS_PROCESS_VM_WRITEV      = 311
+	SYS_KCMP                   = 312
+	SYS_FINIT_MODULE           = 313
+	SYS_SCHED_SETATTR          = 314
+	SYS_SCHED_GETATTR          = 315
+	SYS_RENAMEAT2              = 316
+	SYS_SECCOMP                = 317
+	SYS_GETRANDOM              = 318
+	SYS_MEMFD_CREATE           = 319
+	SYS_KEXEC_FILE_LOAD        = 320
+	SYS_BPF                    = 321
+	SYS_EXECVEAT               = 322
+	SYS_USERFAULTFD            = 323
+	SYS_MEMBARRIER             = 324
+	SYS_MLOCK2                 = 325
+	SYS_COPY_FILE_RANGE        = 326
+	SYS_PREADV2                = 327
+	SYS_PWRITEV2               = 328
+	SYS_PKEY_MPROTECT          = 329
+	SYS_PKEY_ALLOC             = 330
+	SYS_PKEY_FREE              = 331
+	SYS_STATX                  = 332
+	SYS_IO_PGETEVENTS          = 333
+	SYS_RSEQ                   = 334
+	SYS_PIDFD_SEND_SIGNAL      = 424
+	SYS_IO_URING_SETUP         = 425
+	SYS_IO_URING_ENTER         = 426
+	SYS_IO_URING_REGISTER      = 427
+	SYS_OPEN_TREE              = 428
+	SYS_MOVE_MOUNT             = 429
+	SYS_FSOPEN                 = 430
+	SYS_FSCONFIG               = 431
+	SYS_FSMOUNT                = 432
+	SYS_FSPICK                 = 433
+	SYS_PIDFD_OPEN             = 434
+	SYS_CLONE3                 = 435
+	SYS_OPENAT2                = 437
+	SYS_PIDFD_GETFD            = 438
+	SYS_FACCESSAT2             = 439
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go
new file mode 100644
index 000000000..98f9b68fb
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go
@@ -0,0 +1,401 @@
+// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include /tmp/include/asm/unistd.h
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build arm,linux
+
+package unix
+
+const (
+	SYS_RESTART_SYSCALL              = 0
+	SYS_EXIT                         = 1
+	SYS_FORK                         = 2
+	SYS_READ                         = 3
+	SYS_WRITE                        = 4
+	SYS_OPEN                         = 5
+	SYS_CLOSE                        = 6
+	SYS_CREAT                        = 8
+	SYS_LINK                         = 9
+	SYS_UNLINK                       = 10
+	SYS_EXECVE                       = 11
+	SYS_CHDIR                        = 12
+	SYS_MKNOD                        = 14
+	SYS_CHMOD                        = 15
+	SYS_LCHOWN                       = 16
+	SYS_LSEEK                        = 19
+	SYS_GETPID                       = 20
+	SYS_MOUNT                        = 21
+	SYS_SETUID                       = 23
+	SYS_GETUID                       = 24
+	SYS_PTRACE                       = 26
+	SYS_PAUSE                        = 29
+	SYS_ACCESS                       = 33
+	SYS_NICE                         = 34
+	SYS_SYNC                         = 36
+	SYS_KILL                         = 37
+	SYS_RENAME                       = 38
+	SYS_MKDIR                        = 39
+	SYS_RMDIR                        = 40
+	SYS_DUP                          = 41
+	SYS_PIPE                         = 42
+	SYS_TIMES                        = 43
+	SYS_BRK                          = 45
+	SYS_SETGID                       = 46
+	SYS_GETGID                       = 47
+	SYS_GETEUID                      = 49
+	SYS_GETEGID                      = 50
+	SYS_ACCT                         = 51
+	SYS_UMOUNT2                      = 52
+	SYS_IOCTL                        = 54
+	SYS_FCNTL                        = 55
+	SYS_SETPGID                      = 57
+	SYS_UMASK                        = 60
+	SYS_CHROOT                       = 61
+	SYS_USTAT                        = 62
+	SYS_DUP2                         = 63
+	SYS_GETPPID                      = 64
+	SYS_GETPGRP                      = 65
+	SYS_SETSID                       = 66
+	SYS_SIGACTION                    = 67
+	SYS_SETREUID                     = 70
+	SYS_SETREGID                     = 71
+	SYS_SIGSUSPEND                   = 72
+	SYS_SIGPENDING                   = 73
+	SYS_SETHOSTNAME                  = 74
+	SYS_SETRLIMIT                    = 75
+	SYS_GETRUSAGE                    = 77
+	SYS_GETTIMEOFDAY                 = 78
+	SYS_SETTIMEOFDAY                 = 79
+	SYS_GETGROUPS                    = 80
+	SYS_SETGROUPS                    = 81
+	SYS_SYMLINK                      = 83
+	SYS_READLINK                     = 85
+	SYS_USELIB                       = 86
+	SYS_SWAPON                       = 87
+	SYS_REBOOT                       = 88
+	SYS_MUNMAP                       = 91
+	SYS_TRUNCATE                     = 92
+	SYS_FTRUNCATE                    = 93
+	SYS_FCHMOD                       = 94
+	SYS_FCHOWN                       = 95
+	SYS_GETPRIORITY                  = 96
+	SYS_SETPRIORITY                  = 97
+	SYS_STATFS                       = 99
+	SYS_FSTATFS                      = 100
+	SYS_SYSLOG                       = 103
+	SYS_SETITIMER                    = 104
+	SYS_GETITIMER                    = 105
+	SYS_STAT                         = 106
+	SYS_LSTAT                        = 107
+	SYS_FSTAT                        = 108
+	SYS_VHANGUP                      = 111
+	SYS_WAIT4                        = 114
+	SYS_SWAPOFF                      = 115
+	SYS_SYSINFO                      = 116
+	SYS_FSYNC                        = 118
+	SYS_SIGRETURN                    = 119
+	SYS_CLONE                        = 120
+	SYS_SETDOMAINNAME                = 121
+	SYS_UNAME                        = 122
+	SYS_ADJTIMEX                     = 124
+	SYS_MPROTECT                     = 125
+	SYS_SIGPROCMASK                  = 126
+	SYS_INIT_MODULE                  = 128
+	SYS_DELETE_MODULE                = 129
+	SYS_QUOTACTL                     = 131
+	SYS_GETPGID                      = 132
+	SYS_FCHDIR                       = 133
+	SYS_BDFLUSH                      = 134
+	SYS_SYSFS                        = 135
+	SYS_PERSONALITY                  = 136
+	SYS_SETFSUID                     = 138
+	SYS_SETFSGID                     = 139
+	SYS__LLSEEK                      = 140
+	SYS_GETDENTS                     = 141
+	SYS__NEWSELECT                   = 142
+	SYS_FLOCK                        = 143
+	SYS_MSYNC                        = 144
+	SYS_READV                        = 145
+	SYS_WRITEV                       = 146
+	SYS_GETSID                       = 147
+	SYS_FDATASYNC                    = 148
+	SYS__SYSCTL                      = 149
+	SYS_MLOCK                        = 150
+	SYS_MUNLOCK                      = 151
+	SYS_MLOCKALL                     = 152
+	SYS_MUNLOCKALL                   = 153
+	SYS_SCHED_SETPARAM               = 154
+	SYS_SCHED_GETPARAM               = 155
+	SYS_SCHED_SETSCHEDULER           = 156
+	SYS_SCHED_GETSCHEDULER           = 157
+	SYS_SCHED_YIELD                  = 158
+	SYS_SCHED_GET_PRIORITY_MAX       = 159
+	SYS_SCHED_GET_PRIORITY_MIN       = 160
+	SYS_SCHED_RR_GET_INTERVAL        = 161
+	SYS_NANOSLEEP                    = 162
+	SYS_MREMAP                       = 163
+	SYS_SETRESUID                    = 164
+	SYS_GETRESUID                    = 165
+	SYS_POLL                         = 168
+	SYS_NFSSERVCTL                   = 169
+	SYS_SETRESGID                    = 170
+	SYS_GETRESGID                    = 171
+	SYS_PRCTL                        = 172
+	SYS_RT_SIGRETURN                 = 173
+	SYS_RT_SIGACTION                 = 174
+	SYS_RT_SIGPROCMASK               = 175
+	SYS_RT_SIGPENDING                = 176
+	SYS_RT_SIGTIMEDWAIT              = 177
+	SYS_RT_SIGQUEUEINFO              = 178
+	SYS_RT_SIGSUSPEND                = 179
+	SYS_PREAD64                      = 180
+	SYS_PWRITE64                     = 181
+	SYS_CHOWN                        = 182
+	SYS_GETCWD                       = 183
+	SYS_CAPGET                       = 184
+	SYS_CAPSET                       = 185
+	SYS_SIGALTSTACK                  = 186
+	SYS_SENDFILE                     = 187
+	SYS_VFORK                        = 190
+	SYS_UGETRLIMIT                   = 191
+	SYS_MMAP2                        = 192
+	SYS_TRUNCATE64                   = 193
+	SYS_FTRUNCATE64                  = 194
+	SYS_STAT64                       = 195
+	SYS_LSTAT64                      = 196
+	SYS_FSTAT64                      = 197
+	SYS_LCHOWN32                     = 198
+	SYS_GETUID32                     = 199
+	SYS_GETGID32                     = 200
+	SYS_GETEUID32                    = 201
+	SYS_GETEGID32                    = 202
+	SYS_SETREUID32                   = 203
+	SYS_SETREGID32                   = 204
+	SYS_GETGROUPS32                  = 205
+	SYS_SETGROUPS32                  = 206
+	SYS_FCHOWN32                     = 207
+	SYS_SETRESUID32                  = 208
+	SYS_GETRESUID32                  = 209
+	SYS_SETRESGID32                  = 210
+	SYS_GETRESGID32                  = 211
+	SYS_CHOWN32                      = 212
+	SYS_SETUID32                     = 213
+	SYS_SETGID32                     = 214
+	SYS_SETFSUID32                   = 215
+	SYS_SETFSGID32                   = 216
+	SYS_GETDENTS64                   = 217
+	SYS_PIVOT_ROOT                   = 218
+	SYS_MINCORE                      = 219
+	SYS_MADVISE                      = 220
+	SYS_FCNTL64                      = 221
+	SYS_GETTID                       = 224
+	SYS_READAHEAD                    = 225
+	SYS_SETXATTR                     = 226
+	SYS_LSETXATTR                    = 227
+	SYS_FSETXATTR                    = 228
+	SYS_GETXATTR                     = 229
+	SYS_LGETXATTR                    = 230
+	SYS_FGETXATTR                    = 231
+	SYS_LISTXATTR                    = 232
+	SYS_LLISTXATTR                   = 233
+	SYS_FLISTXATTR                   = 234
+	SYS_REMOVEXATTR                  = 235
+	SYS_LREMOVEXATTR                 = 236
+	SYS_FREMOVEXATTR                 = 237
+	SYS_TKILL                        = 238
+	SYS_SENDFILE64                   = 239
+	SYS_FUTEX                        = 240
+	SYS_SCHED_SETAFFINITY            = 241
+	SYS_SCHED_GETAFFINITY            = 242
+	SYS_IO_SETUP                     = 243
+	SYS_IO_DESTROY                   = 244
+	SYS_IO_GETEVENTS                 = 245
+	SYS_IO_SUBMIT                    = 246
+	SYS_IO_CANCEL                    = 247
+	SYS_EXIT_GROUP                   = 248
+	SYS_LOOKUP_DCOOKIE               = 249
+	SYS_EPOLL_CREATE                 = 250
+	SYS_EPOLL_CTL                    = 251
+	SYS_EPOLL_WAIT                   = 252
+	SYS_REMAP_FILE_PAGES             = 253
+	SYS_SET_TID_ADDRESS              = 256
+	SYS_TIMER_CREATE                 = 257
+	SYS_TIMER_SETTIME                = 258
+	SYS_TIMER_GETTIME                = 259
+	SYS_TIMER_GETOVERRUN             = 260
+	SYS_TIMER_DELETE                 = 261
+	SYS_CLOCK_SETTIME                = 262
+	SYS_CLOCK_GETTIME                = 263
+	SYS_CLOCK_GETRES                 = 264
+	SYS_CLOCK_NANOSLEEP              = 265
+	SYS_STATFS64                     = 266
+	SYS_FSTATFS64                    = 267
+	SYS_TGKILL                       = 268
+	SYS_UTIMES                       = 269
+	SYS_ARM_FADVISE64_64             = 270
+	SYS_PCICONFIG_IOBASE             = 271
+	SYS_PCICONFIG_READ               = 272
+	SYS_PCICONFIG_WRITE              = 273
+	SYS_MQ_OPEN                      = 274
+	SYS_MQ_UNLINK                    = 275
+	SYS_MQ_TIMEDSEND                 = 276
+	SYS_MQ_TIMEDRECEIVE              = 277
+	SYS_MQ_NOTIFY                    = 278
+	SYS_MQ_GETSETATTR                = 279
+	SYS_WAITID                       = 280
+	SYS_SOCKET                       = 281
+	SYS_BIND                         = 282
+	SYS_CONNECT                      = 283
+	SYS_LISTEN                       = 284
+	SYS_ACCEPT                       = 285
+	SYS_GETSOCKNAME                  = 286
+	SYS_GETPEERNAME                  = 287
+	SYS_SOCKETPAIR                   = 288
+	SYS_SEND                         = 289
+	SYS_SENDTO                       = 290
+	SYS_RECV                         = 291
+	SYS_RECVFROM                     = 292
+	SYS_SHUTDOWN                     = 293
+	SYS_SETSOCKOPT                   = 294
+	SYS_GETSOCKOPT                   = 295
+	SYS_SENDMSG                      = 296
+	SYS_RECVMSG                      = 297
+	SYS_SEMOP                        = 298
+	SYS_SEMGET                       = 299
+	SYS_SEMCTL                       = 300
+	SYS_MSGSND                       = 301
+	SYS_MSGRCV                       = 302
+	SYS_MSGGET                       = 303
+	SYS_MSGCTL                       = 304
+	SYS_SHMAT                        = 305
+	SYS_SHMDT                        = 306
+	SYS_SHMGET                       = 307
+	SYS_SHMCTL                       = 308
+	SYS_ADD_KEY                      = 309
+	SYS_REQUEST_KEY                  = 310
+	SYS_KEYCTL                       = 311
+	SYS_SEMTIMEDOP                   = 312
+	SYS_VSERVER                      = 313
+	SYS_IOPRIO_SET                   = 314
+	SYS_IOPRIO_GET                   = 315
+	SYS_INOTIFY_INIT                 = 316
+	SYS_INOTIFY_ADD_WATCH            = 317
+	SYS_INOTIFY_RM_WATCH             = 318
+	SYS_MBIND                        = 319
+	SYS_GET_MEMPOLICY                = 320
+	SYS_SET_MEMPOLICY                = 321
+	SYS_OPENAT                       = 322
+	SYS_MKDIRAT                      = 323
+	SYS_MKNODAT                      = 324
+	SYS_FCHOWNAT                     = 325
+	SYS_FUTIMESAT                    = 326
+	SYS_FSTATAT64                    = 327
+	SYS_UNLINKAT                     = 328
+	SYS_RENAMEAT                     = 329
+	SYS_LINKAT                       = 330
+	SYS_SYMLINKAT                    = 331
+	SYS_READLINKAT                   = 332
+	SYS_FCHMODAT                     = 333
+	SYS_FACCESSAT                    = 334
+	SYS_PSELECT6                     = 335
+	SYS_PPOLL                        = 336
+	SYS_UNSHARE                      = 337
+	SYS_SET_ROBUST_LIST              = 338
+	SYS_GET_ROBUST_LIST              = 339
+	SYS_SPLICE                       = 340
+	SYS_ARM_SYNC_FILE_RANGE          = 341
+	SYS_TEE                          = 342
+	SYS_VMSPLICE                     = 343
+	SYS_MOVE_PAGES                   = 344
+	SYS_GETCPU                       = 345
+	SYS_EPOLL_PWAIT                  = 346
+	SYS_KEXEC_LOAD                   = 347
+	SYS_UTIMENSAT                    = 348
+	SYS_SIGNALFD                     = 349
+	SYS_TIMERFD_CREATE               = 350
+	SYS_EVENTFD                      = 351
+	SYS_FALLOCATE                    = 352
+	SYS_TIMERFD_SETTIME              = 353
+	SYS_TIMERFD_GETTIME              = 354
+	SYS_SIGNALFD4                    = 355
+	SYS_EVENTFD2                     = 356
+	SYS_EPOLL_CREATE1                = 357
+	SYS_DUP3                         = 358
+	SYS_PIPE2                        = 359
+	SYS_INOTIFY_INIT1                = 360
+	SYS_PREADV                       = 361
+	SYS_PWRITEV                      = 362
+	SYS_RT_TGSIGQUEUEINFO            = 363
+	SYS_PERF_EVENT_OPEN              = 364
+	SYS_RECVMMSG                     = 365
+	SYS_ACCEPT4                      = 366
+	SYS_FANOTIFY_INIT                = 367
+	SYS_FANOTIFY_MARK                = 368
+	SYS_PRLIMIT64                    = 369
+	SYS_NAME_TO_HANDLE_AT            = 370
+	SYS_OPEN_BY_HANDLE_AT            = 371
+	SYS_CLOCK_ADJTIME                = 372
+	SYS_SYNCFS                       = 373
+	SYS_SENDMMSG                     = 374
+	SYS_SETNS                        = 375
+	SYS_PROCESS_VM_READV             = 376
+	SYS_PROCESS_VM_WRITEV            = 377
+	SYS_KCMP                         = 378
+	SYS_FINIT_MODULE                 = 379
+	SYS_SCHED_SETATTR                = 380
+	SYS_SCHED_GETATTR                = 381
+	SYS_RENAMEAT2                    = 382
+	SYS_SECCOMP                      = 383
+	SYS_GETRANDOM                    = 384
+	SYS_MEMFD_CREATE                 = 385
+	SYS_BPF                          = 386
+	SYS_EXECVEAT                     = 387
+	SYS_USERFAULTFD                  = 388
+	SYS_MEMBARRIER                   = 389
+	SYS_MLOCK2                       = 390
+	SYS_COPY_FILE_RANGE              = 391
+	SYS_PREADV2                      = 392
+	SYS_PWRITEV2                     = 393
+	SYS_PKEY_MPROTECT                = 394
+	SYS_PKEY_ALLOC                   = 395
+	SYS_PKEY_FREE                    = 396
+	SYS_STATX                        = 397
+	SYS_RSEQ                         = 398
+	SYS_IO_PGETEVENTS                = 399
+	SYS_MIGRATE_PAGES                = 400
+	SYS_KEXEC_FILE_LOAD              = 401
+	SYS_CLOCK_GETTIME64              = 403
+	SYS_CLOCK_SETTIME64              = 404
+	SYS_CLOCK_ADJTIME64              = 405
+	SYS_CLOCK_GETRES_TIME64          = 406
+	SYS_CLOCK_NANOSLEEP_TIME64       = 407
+	SYS_TIMER_GETTIME64              = 408
+	SYS_TIMER_SETTIME64              = 409
+	SYS_TIMERFD_GETTIME64            = 410
+	SYS_TIMERFD_SETTIME64            = 411
+	SYS_UTIMENSAT_TIME64             = 412
+	SYS_PSELECT6_TIME64              = 413
+	SYS_PPOLL_TIME64                 = 414
+	SYS_IO_PGETEVENTS_TIME64         = 416
+	SYS_RECVMMSG_TIME64              = 417
+	SYS_MQ_TIMEDSEND_TIME64          = 418
+	SYS_MQ_TIMEDRECEIVE_TIME64       = 419
+	SYS_SEMTIMEDOP_TIME64            = 420
+	SYS_RT_SIGTIMEDWAIT_TIME64       = 421
+	SYS_FUTEX_TIME64                 = 422
+	SYS_SCHED_RR_GET_INTERVAL_TIME64 = 423
+	SYS_PIDFD_SEND_SIGNAL            = 424
+	SYS_IO_URING_SETUP               = 425
+	SYS_IO_URING_ENTER               = 426
+	SYS_IO_URING_REGISTER            = 427
+	SYS_OPEN_TREE                    = 428
+	SYS_MOVE_MOUNT                   = 429
+	SYS_FSOPEN                       = 430
+	SYS_FSCONFIG                     = 431
+	SYS_FSMOUNT                      = 432
+	SYS_FSPICK                       = 433
+	SYS_PIDFD_OPEN                   = 434
+	SYS_CLONE3                       = 435
+	SYS_OPENAT2                      = 437
+	SYS_PIDFD_GETFD                  = 438
+	SYS_FACCESSAT2                   = 439
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
new file mode 100644
index 000000000..4dabc33fb
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
@@ -0,0 +1,304 @@
+// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include -fsigned-char /tmp/include/asm/unistd.h
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build arm64,linux
+
+package unix
+
+const (
+	SYS_IO_SETUP               = 0
+	SYS_IO_DESTROY             = 1
+	SYS_IO_SUBMIT              = 2
+	SYS_IO_CANCEL              = 3
+	SYS_IO_GETEVENTS           = 4
+	SYS_SETXATTR               = 5
+	SYS_LSETXATTR              = 6
+	SYS_FSETXATTR              = 7
+	SYS_GETXATTR               = 8
+	SYS_LGETXATTR              = 9
+	SYS_FGETXATTR              = 10
+	SYS_LISTXATTR              = 11
+	SYS_LLISTXATTR             = 12
+	SYS_FLISTXATTR             = 13
+	SYS_REMOVEXATTR            = 14
+	SYS_LREMOVEXATTR           = 15
+	SYS_FREMOVEXATTR           = 16
+	SYS_GETCWD                 = 17
+	SYS_LOOKUP_DCOOKIE         = 18
+	SYS_EVENTFD2               = 19
+	SYS_EPOLL_CREATE1          = 20
+	SYS_EPOLL_CTL              = 21
+	SYS_EPOLL_PWAIT            = 22
+	SYS_DUP                    = 23
+	SYS_DUP3                   = 24
+	SYS_FCNTL                  = 25
+	SYS_INOTIFY_INIT1          = 26
+	SYS_INOTIFY_ADD_WATCH      = 27
+	SYS_INOTIFY_RM_WATCH       = 28
+	SYS_IOCTL                  = 29
+	SYS_IOPRIO_SET             = 30
+	SYS_IOPRIO_GET             = 31
+	SYS_FLOCK                  = 32
+	SYS_MKNODAT                = 33
+	SYS_MKDIRAT                = 34
+	SYS_UNLINKAT               = 35
+	SYS_SYMLINKAT              = 36
+	SYS_LINKAT                 = 37
+	SYS_RENAMEAT               = 38
+	SYS_UMOUNT2                = 39
+	SYS_MOUNT                  = 40
+	SYS_PIVOT_ROOT             = 41
+	SYS_NFSSERVCTL             = 42
+	SYS_STATFS                 = 43
+	SYS_FSTATFS                = 44
+	SYS_TRUNCATE               = 45
+	SYS_FTRUNCATE              = 46
+	SYS_FALLOCATE              = 47
+	SYS_FACCESSAT              = 48
+	SYS_CHDIR                  = 49
+	SYS_FCHDIR                 = 50
+	SYS_CHROOT                 = 51
+	SYS_FCHMOD                 = 52
+	SYS_FCHMODAT               = 53
+	SYS_FCHOWNAT               = 54
+	SYS_FCHOWN                 = 55
+	SYS_OPENAT                 = 56
+	SYS_CLOSE                  = 57
+	SYS_VHANGUP                = 58
+	SYS_PIPE2                  = 59
+	SYS_QUOTACTL               = 60
+	SYS_GETDENTS64             = 61
+	SYS_LSEEK                  = 62
+	SYS_READ                   = 63
+	SYS_WRITE                  = 64
+	SYS_READV                  = 65
+	SYS_WRITEV                 = 66
+	SYS_PREAD64                = 67
+	SYS_PWRITE64               = 68
+	SYS_PREADV                 = 69
+	SYS_PWRITEV                = 70
+	SYS_SENDFILE               = 71
+	SYS_PSELECT6               = 72
+	SYS_PPOLL                  = 73
+	SYS_SIGNALFD4              = 74
+	SYS_VMSPLICE               = 75
+	SYS_SPLICE                 = 76
+	SYS_TEE                    = 77
+	SYS_READLINKAT             = 78
+	SYS_FSTATAT                = 79
+	SYS_FSTAT                  = 80
+	SYS_SYNC                   = 81
+	SYS_FSYNC                  = 82
+	SYS_FDATASYNC              = 83
+	SYS_SYNC_FILE_RANGE        = 84
+	SYS_TIMERFD_CREATE         = 85
+	SYS_TIMERFD_SETTIME        = 86
+	SYS_TIMERFD_GETTIME        = 87
+	SYS_UTIMENSAT              = 88
+	SYS_ACCT                   = 89
+	SYS_CAPGET                 = 90
+	SYS_CAPSET                 = 91
+	SYS_PERSONALITY            = 92
+	SYS_EXIT                   = 93
+	SYS_EXIT_GROUP             = 94
+	SYS_WAITID                 = 95
+	SYS_SET_TID_ADDRESS        = 96
+	SYS_UNSHARE                = 97
+	SYS_FUTEX                  = 98
+	SYS_SET_ROBUST_LIST        = 99
+	SYS_GET_ROBUST_LIST        = 100
+	SYS_NANOSLEEP              = 101
+	SYS_GETITIMER              = 102
+	SYS_SETITIMER              = 103
+	SYS_KEXEC_LOAD             = 104
+	SYS_INIT_MODULE            = 105
+	SYS_DELETE_MODULE          = 106
+	SYS_TIMER_CREATE           = 107
+	SYS_TIMER_GETTIME          = 108
+	SYS_TIMER_GETOVERRUN       = 109
+	SYS_TIMER_SETTIME          = 110
+	SYS_TIMER_DELETE           = 111
+	SYS_CLOCK_SETTIME          = 112
+	SYS_CLOCK_GETTIME          = 113
+	SYS_CLOCK_GETRES           = 114
+	SYS_CLOCK_NANOSLEEP        = 115
+	SYS_SYSLOG                 = 116
+	SYS_PTRACE                 = 117
+	SYS_SCHED_SETPARAM         = 118
+	SYS_SCHED_SETSCHEDULER     = 119
+	SYS_SCHED_GETSCHEDULER     = 120
+	SYS_SCHED_GETPARAM         = 121
+	SYS_SCHED_SETAFFINITY      = 122
+	SYS_SCHED_GETAFFINITY      = 123
+	SYS_SCHED_YIELD            = 124
+	SYS_SCHED_GET_PRIORITY_MAX = 125
+	SYS_SCHED_GET_PRIORITY_MIN = 126
+	SYS_SCHED_RR_GET_INTERVAL  = 127
+	SYS_RESTART_SYSCALL        = 128
+	SYS_KILL                   = 129
+	SYS_TKILL                  = 130
+	SYS_TGKILL                 = 131
+	SYS_SIGALTSTACK            = 132
+	SYS_RT_SIGSUSPEND          = 133
+	SYS_RT_SIGACTION           = 134
+	SYS_RT_SIGPROCMASK         = 135
+	SYS_RT_SIGPENDING          = 136
+	SYS_RT_SIGTIMEDWAIT        = 137
+	SYS_RT_SIGQUEUEINFO        = 138
+	SYS_RT_SIGRETURN           = 139
+	SYS_SETPRIORITY            = 140
+	SYS_GETPRIORITY            = 141
+	SYS_REBOOT                 = 142
+	SYS_SETREGID               = 143
+	SYS_SETGID                 = 144
+	SYS_SETREUID               = 145
+	SYS_SETUID                 = 146
+	SYS_SETRESUID              = 147
+	SYS_GETRESUID              = 148
+	SYS_SETRESGID              = 149
+	SYS_GETRESGID              = 150
+	SYS_SETFSUID               = 151
+	SYS_SETFSGID               = 152
+	SYS_TIMES                  = 153
+	SYS_SETPGID                = 154
+	SYS_GETPGID                = 155
+	SYS_GETSID                 = 156
+	SYS_SETSID                 = 157
+	SYS_GETGROUPS              = 158
+	SYS_SETGROUPS              = 159
+	SYS_UNAME                  = 160
+	SYS_SETHOSTNAME            = 161
+	SYS_SETDOMAINNAME          = 162
+	SYS_GETRLIMIT              = 163
+	SYS_SETRLIMIT              = 164
+	SYS_GETRUSAGE              = 165
+	SYS_UMASK                  = 166
+	SYS_PRCTL                  = 167
+	SYS_GETCPU                 = 168
+	SYS_GETTIMEOFDAY           = 169
+	SYS_SETTIMEOFDAY           = 170
+	SYS_ADJTIMEX               = 171
+	SYS_GETPID                 = 172
+	SYS_GETPPID                = 173
+	SYS_GETUID                 = 174
+	SYS_GETEUID                = 175
+	SYS_GETGID                 = 176
+	SYS_GETEGID                = 177
+	SYS_GETTID                 = 178
+	SYS_SYSINFO                = 179
+	SYS_MQ_OPEN                = 180
+	SYS_MQ_UNLINK              = 181
+	SYS_MQ_TIMEDSEND           = 182
+	SYS_MQ_TIMEDRECEIVE        = 183
+	SYS_MQ_NOTIFY              = 184
+	SYS_MQ_GETSETATTR          = 185
+	SYS_MSGGET                 = 186
+	SYS_MSGCTL                 = 187
+	SYS_MSGRCV                 = 188
+	SYS_MSGSND                 = 189
+	SYS_SEMGET                 = 190
+	SYS_SEMCTL                 = 191
+	SYS_SEMTIMEDOP             = 192
+	SYS_SEMOP                  = 193
+	SYS_SHMGET                 = 194
+	SYS_SHMCTL                 = 195
+	SYS_SHMAT                  = 196
+	SYS_SHMDT                  = 197
+	SYS_SOCKET                 = 198
+	SYS_SOCKETPAIR             = 199
+	SYS_BIND                   = 200
+	SYS_LISTEN                 = 201
+	SYS_ACCEPT                 = 202
+	SYS_CONNECT                = 203
+	SYS_GETSOCKNAME            = 204
+	SYS_GETPEERNAME            = 205
+	SYS_SENDTO                 = 206
+	SYS_RECVFROM               = 207
+	SYS_SETSOCKOPT             = 208
+	SYS_GETSOCKOPT             = 209
+	SYS_SHUTDOWN               = 210
+	SYS_SENDMSG                = 211
+	SYS_RECVMSG                = 212
+	SYS_READAHEAD              = 213
+	SYS_BRK                    = 214
+	SYS_MUNMAP                 = 215
+	SYS_MREMAP                 = 216
+	SYS_ADD_KEY                = 217
+	SYS_REQUEST_KEY            = 218
+	SYS_KEYCTL                 = 219
+	SYS_CLONE                  = 220
+	SYS_EXECVE                 = 221
+	SYS_MMAP                   = 222
+	SYS_FADVISE64              = 223
+	SYS_SWAPON                 = 224
+	SYS_SWAPOFF                = 225
+	SYS_MPROTECT               = 226
+	SYS_MSYNC                  = 227
+	SYS_MLOCK                  = 228
+	SYS_MUNLOCK                = 229
+	SYS_MLOCKALL               = 230
+	SYS_MUNLOCKALL             = 231
+	SYS_MINCORE                = 232
+	SYS_MADVISE                = 233
+	SYS_REMAP_FILE_PAGES       = 234
+	SYS_MBIND                  = 235
+	SYS_GET_MEMPOLICY          = 236
+	SYS_SET_MEMPOLICY          = 237
+	SYS_MIGRATE_PAGES          = 238
+	SYS_MOVE_PAGES             = 239
+	SYS_RT_TGSIGQUEUEINFO      = 240
+	SYS_PERF_EVENT_OPEN        = 241
+	SYS_ACCEPT4                = 242
+	SYS_RECVMMSG               = 243
+	SYS_ARCH_SPECIFIC_SYSCALL  = 244
+	SYS_WAIT4                  = 260
+	SYS_PRLIMIT64              = 261
+	SYS_FANOTIFY_INIT          = 262
+	SYS_FANOTIFY_MARK          = 263
+	SYS_NAME_TO_HANDLE_AT      = 264
+	SYS_OPEN_BY_HANDLE_AT      = 265
+	SYS_CLOCK_ADJTIME          = 266
+	SYS_SYNCFS                 = 267
+	SYS_SETNS                  = 268
+	SYS_SENDMMSG               = 269
+	SYS_PROCESS_VM_READV       = 270
+	SYS_PROCESS_VM_WRITEV      = 271
+	SYS_KCMP                   = 272
+	SYS_FINIT_MODULE           = 273
+	SYS_SCHED_SETATTR          = 274
+	SYS_SCHED_GETATTR          = 275
+	SYS_RENAMEAT2              = 276
+	SYS_SECCOMP                = 277
+	SYS_GETRANDOM              = 278
+	SYS_MEMFD_CREATE           = 279
+	SYS_BPF                    = 280
+	SYS_EXECVEAT               = 281
+	SYS_USERFAULTFD            = 282
+	SYS_MEMBARRIER             = 283
+	SYS_MLOCK2                 = 284
+	SYS_COPY_FILE_RANGE        = 285
+	SYS_PREADV2                = 286
+	SYS_PWRITEV2               = 287
+	SYS_PKEY_MPROTECT          = 288
+	SYS_PKEY_ALLOC             = 289
+	SYS_PKEY_FREE              = 290
+	SYS_STATX                  = 291
+	SYS_IO_PGETEVENTS          = 292
+	SYS_RSEQ                   = 293
+	SYS_KEXEC_FILE_LOAD        = 294
+	SYS_PIDFD_SEND_SIGNAL      = 424
+	SYS_IO_URING_SETUP         = 425
+	SYS_IO_URING_ENTER         = 426
+	SYS_IO_URING_REGISTER      = 427
+	SYS_OPEN_TREE              = 428
+	SYS_MOVE_MOUNT             = 429
+	SYS_FSOPEN                 = 430
+	SYS_FSCONFIG               = 431
+	SYS_FSMOUNT                = 432
+	SYS_FSPICK                 = 433
+	SYS_PIDFD_OPEN             = 434
+	SYS_CLONE3                 = 435
+	SYS_OPENAT2                = 437
+	SYS_PIDFD_GETFD            = 438
+	SYS_FACCESSAT2             = 439
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go
new file mode 100644
index 000000000..d5724e596
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go
@@ -0,0 +1,422 @@
+// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include /tmp/include/asm/unistd.h
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build mips,linux
+
+package unix
+
+const (
+	SYS_SYSCALL                      = 4000
+	SYS_EXIT                         = 4001
+	SYS_FORK                         = 4002
+	SYS_READ                         = 4003
+	SYS_WRITE                        = 4004
+	SYS_OPEN                         = 4005
+	SYS_CLOSE                        = 4006
+	SYS_WAITPID                      = 4007
+	SYS_CREAT                        = 4008
+	SYS_LINK                         = 4009
+	SYS_UNLINK                       = 4010
+	SYS_EXECVE                       = 4011
+	SYS_CHDIR                        = 4012
+	SYS_TIME                         = 4013
+	SYS_MKNOD                        = 4014
+	SYS_CHMOD                        = 4015
+	SYS_LCHOWN                       = 4016
+	SYS_BREAK                        = 4017
+	SYS_UNUSED18                     = 4018
+	SYS_LSEEK                        = 4019
+	SYS_GETPID                       = 4020
+	SYS_MOUNT                        = 4021
+	SYS_UMOUNT                       = 4022
+	SYS_SETUID                       = 4023
+	SYS_GETUID                       = 4024
+	SYS_STIME                        = 4025
+	SYS_PTRACE                       = 4026
+	SYS_ALARM                        = 4027
+	SYS_UNUSED28                     = 4028
+	SYS_PAUSE                        = 4029
+	SYS_UTIME                        = 4030
+	SYS_STTY                         = 4031
+	SYS_GTTY                         = 4032
+	SYS_ACCESS                       = 4033
+	SYS_NICE                         = 4034
+	SYS_FTIME                        = 4035
+	SYS_SYNC                         = 4036
+	SYS_KILL                         = 4037
+	SYS_RENAME                       = 4038
+	SYS_MKDIR                        = 4039
+	SYS_RMDIR                        = 4040
+	SYS_DUP                          = 4041
+	SYS_PIPE                         = 4042
+	SYS_TIMES                        = 4043
+	SYS_PROF                         = 4044
+	SYS_BRK                          = 4045
+	SYS_SETGID                       = 4046
+	SYS_GETGID                       = 4047
+	SYS_SIGNAL                       = 4048
+	SYS_GETEUID                      = 4049
+	SYS_GETEGID                      = 4050
+	SYS_ACCT                         = 4051
+	SYS_UMOUNT2                      = 4052
+	SYS_LOCK                         = 4053
+	SYS_IOCTL                        = 4054
+	SYS_FCNTL                        = 4055
+	SYS_MPX                          = 4056
+	SYS_SETPGID                      = 4057
+	SYS_ULIMIT                       = 4058
+	SYS_UNUSED59                     = 4059
+	SYS_UMASK                        = 4060
+	SYS_CHROOT                       = 4061
+	SYS_USTAT                        = 4062
+	SYS_DUP2                         = 4063
+	SYS_GETPPID                      = 4064
+	SYS_GETPGRP                      = 4065
+	SYS_SETSID                       = 4066
+	SYS_SIGACTION                    = 4067
+	SYS_SGETMASK                     = 4068
+	SYS_SSETMASK                     = 4069
+	SYS_SETREUID                     = 4070
+	SYS_SETREGID                     = 4071
+	SYS_SIGSUSPEND                   = 4072
+	SYS_SIGPENDING                   = 4073
+	SYS_SETHOSTNAME                  = 4074
+	SYS_SETRLIMIT                    = 4075
+	SYS_GETRLIMIT                    = 4076
+	SYS_GETRUSAGE                    = 4077
+	SYS_GETTIMEOFDAY                 = 4078
+	SYS_SETTIMEOFDAY                 = 4079
+	SYS_GETGROUPS                    = 4080
+	SYS_SETGROUPS                    = 4081
+	SYS_RESERVED82                   = 4082
+	SYS_SYMLINK                      = 4083
+	SYS_UNUSED84                     = 4084
+	SYS_READLINK                     = 4085
+	SYS_USELIB                       = 4086
+	SYS_SWAPON                       = 4087
+	SYS_REBOOT                       = 4088
+	SYS_READDIR                      = 4089
+	SYS_MMAP                         = 4090
+	SYS_MUNMAP                       = 4091
+	SYS_TRUNCATE                     = 4092
+	SYS_FTRUNCATE                    = 4093
+	SYS_FCHMOD                       = 4094
+	SYS_FCHOWN                       = 4095
+	SYS_GETPRIORITY                  = 4096
+	SYS_SETPRIORITY                  = 4097
+	SYS_PROFIL                       = 4098
+	SYS_STATFS                       = 4099
+	SYS_FSTATFS                      = 4100
+	SYS_IOPERM                       = 4101
+	SYS_SOCKETCALL                   = 4102
+	SYS_SYSLOG                       = 4103
+	SYS_SETITIMER                    = 4104
+	SYS_GETITIMER                    = 4105
+	SYS_STAT                         = 4106
+	SYS_LSTAT                        = 4107
+	SYS_FSTAT                        = 4108
+	SYS_UNUSED109                    = 4109
+	SYS_IOPL                         = 4110
+	SYS_VHANGUP                      = 4111
+	SYS_IDLE                         = 4112
+	SYS_VM86                         = 4113
+	SYS_WAIT4                        = 4114
+	SYS_SWAPOFF                      = 4115
+	SYS_SYSINFO                      = 4116
+	SYS_IPC                          = 4117
+	SYS_FSYNC                        = 4118
+	SYS_SIGRETURN                    = 4119
+	SYS_CLONE                        = 4120
+	SYS_SETDOMAINNAME                = 4121
+	SYS_UNAME                        = 4122
+	SYS_MODIFY_LDT                   = 4123
+	SYS_ADJTIMEX                     = 4124
+	SYS_MPROTECT                     = 4125
+	SYS_SIGPROCMASK                  = 4126
+	SYS_CREATE_MODULE                = 4127
+	SYS_INIT_MODULE                  = 4128
+	SYS_DELETE_MODULE                = 4129
+	SYS_GET_KERNEL_SYMS              = 4130
+	SYS_QUOTACTL                     = 4131
+	SYS_GETPGID                      = 4132
+	SYS_FCHDIR                       = 4133
+	SYS_BDFLUSH                      = 4134
+	SYS_SYSFS                        = 4135
+	SYS_PERSONALITY                  = 4136
+	SYS_AFS_SYSCALL                  = 4137
+	SYS_SETFSUID                     = 4138
+	SYS_SETFSGID                     = 4139
+	SYS__LLSEEK                      = 4140
+	SYS_GETDENTS                     = 4141
+	SYS__NEWSELECT                   = 4142
+	SYS_FLOCK                        = 4143
+	SYS_MSYNC                        = 4144
+	SYS_READV                        = 4145
+	SYS_WRITEV                       = 4146
+	SYS_CACHEFLUSH                   = 4147
+	SYS_CACHECTL                     = 4148
+	SYS_SYSMIPS                      = 4149
+	SYS_UNUSED150                    = 4150
+	SYS_GETSID                       = 4151
+	SYS_FDATASYNC                    = 4152
+	SYS__SYSCTL                      = 4153
+	SYS_MLOCK                        = 4154
+	SYS_MUNLOCK                      = 4155
+	SYS_MLOCKALL                     = 4156
+	SYS_MUNLOCKALL                   = 4157
+	SYS_SCHED_SETPARAM               = 4158
+	SYS_SCHED_GETPARAM               = 4159
+	SYS_SCHED_SETSCHEDULER           = 4160
+	SYS_SCHED_GETSCHEDULER           = 4161
+	SYS_SCHED_YIELD                  = 4162
+	SYS_SCHED_GET_PRIORITY_MAX       = 4163
+	SYS_SCHED_GET_PRIORITY_MIN       = 4164
+	SYS_SCHED_RR_GET_INTERVAL        = 4165
+	SYS_NANOSLEEP                    = 4166
+	SYS_MREMAP                       = 4167
+	SYS_ACCEPT                       = 4168
+	SYS_BIND                         = 4169
+	SYS_CONNECT                      = 4170
+	SYS_GETPEERNAME                  = 4171
+	SYS_GETSOCKNAME                  = 4172
+	SYS_GETSOCKOPT                   = 4173
+	SYS_LISTEN                       = 4174
+	SYS_RECV                         = 4175
+	SYS_RECVFROM                     = 4176
+	SYS_RECVMSG                      = 4177
+	SYS_SEND                         = 4178
+	SYS_SENDMSG                      = 4179
+	SYS_SENDTO                       = 4180
+	SYS_SETSOCKOPT                   = 4181
+	SYS_SHUTDOWN                     = 4182
+	SYS_SOCKET                       = 4183
+	SYS_SOCKETPAIR                   = 4184
+	SYS_SETRESUID                    = 4185
+	SYS_GETRESUID                    = 4186
+	SYS_QUERY_MODULE                 = 4187
+	SYS_POLL                         = 4188
+	SYS_NFSSERVCTL                   = 4189
+	SYS_SETRESGID                    = 4190
+	SYS_GETRESGID                    = 4191
+	SYS_PRCTL                        = 4192
+	SYS_RT_SIGRETURN                 = 4193
+	SYS_RT_SIGACTION                 = 4194
+	SYS_RT_SIGPROCMASK               = 4195
+	SYS_RT_SIGPENDING                = 4196
+	SYS_RT_SIGTIMEDWAIT              = 4197
+	SYS_RT_SIGQUEUEINFO              = 4198
+	SYS_RT_SIGSUSPEND                = 4199
+	SYS_PREAD64                      = 4200
+	SYS_PWRITE64                     = 4201
+	SYS_CHOWN                        = 4202
+	SYS_GETCWD                       = 4203
+	SYS_CAPGET                       = 4204
+	SYS_CAPSET                       = 4205
+	SYS_SIGALTSTACK                  = 4206
+	SYS_SENDFILE                     = 4207
+	SYS_GETPMSG                      = 4208
+	SYS_PUTPMSG                      = 4209
+	SYS_MMAP2                        = 4210
+	SYS_TRUNCATE64                   = 4211
+	SYS_FTRUNCATE64                  = 4212
+	SYS_STAT64                       = 4213
+	SYS_LSTAT64                      = 4214
+	SYS_FSTAT64                      = 4215
+	SYS_PIVOT_ROOT                   = 4216
+	SYS_MINCORE                      = 4217
+	SYS_MADVISE                      = 4218
+	SYS_GETDENTS64                   = 4219
+	SYS_FCNTL64                      = 4220
+	SYS_RESERVED221                  = 4221
+	SYS_GETTID                       = 4222
+	SYS_READAHEAD                    = 4223
+	SYS_SETXATTR                     = 4224
+	SYS_LSETXATTR                    = 4225
+	SYS_FSETXATTR                    = 4226
+	SYS_GETXATTR                     = 4227
+	SYS_LGETXATTR                    = 4228
+	SYS_FGETXATTR                    = 4229
+	SYS_LISTXATTR                    = 4230
+	SYS_LLISTXATTR                   = 4231
+	SYS_FLISTXATTR                   = 4232
+	SYS_REMOVEXATTR                  = 4233
+	SYS_LREMOVEXATTR                 = 4234
+	SYS_FREMOVEXATTR                 = 4235
+	SYS_TKILL                        = 4236
+	SYS_SENDFILE64                   = 4237
+	SYS_FUTEX                        = 4238
+	SYS_SCHED_SETAFFINITY            = 4239
+	SYS_SCHED_GETAFFINITY            = 4240
+	SYS_IO_SETUP                     = 4241
+	SYS_IO_DESTROY                   = 4242
+	SYS_IO_GETEVENTS                 = 4243
+	SYS_IO_SUBMIT                    = 4244
+	SYS_IO_CANCEL                    = 4245
+	SYS_EXIT_GROUP                   = 4246
+	SYS_LOOKUP_DCOOKIE               = 4247
+	SYS_EPOLL_CREATE                 = 4248
+	SYS_EPOLL_CTL                    = 4249
+	SYS_EPOLL_WAIT                   = 4250
+	SYS_REMAP_FILE_PAGES             = 4251
+	SYS_SET_TID_ADDRESS              = 4252
+	SYS_RESTART_SYSCALL              = 4253
+	SYS_FADVISE64                    = 4254
+	SYS_STATFS64                     = 4255
+	SYS_FSTATFS64                    = 4256
+	SYS_TIMER_CREATE                 = 4257
+	SYS_TIMER_SETTIME                = 4258
+	SYS_TIMER_GETTIME                = 4259
+	SYS_TIMER_GETOVERRUN             = 4260
+	SYS_TIMER_DELETE                 = 4261
+	SYS_CLOCK_SETTIME                = 4262
+	SYS_CLOCK_GETTIME                = 4263
+	SYS_CLOCK_GETRES                 = 4264
+	SYS_CLOCK_NANOSLEEP              = 4265
+	SYS_TGKILL                       = 4266
+	SYS_UTIMES                       = 4267
+	SYS_MBIND                        = 4268
+	SYS_GET_MEMPOLICY                = 4269
+	SYS_SET_MEMPOLICY                = 4270
+	SYS_MQ_OPEN                      = 4271
+	SYS_MQ_UNLINK                    = 4272
+	SYS_MQ_TIMEDSEND                 = 4273
+	SYS_MQ_TIMEDRECEIVE              = 4274
+	SYS_MQ_NOTIFY                    = 4275
+	SYS_MQ_GETSETATTR                = 4276
+	SYS_VSERVER                      = 4277
+	SYS_WAITID                       = 4278
+	SYS_ADD_KEY                      = 4280
+	SYS_REQUEST_KEY                  = 4281
+	SYS_KEYCTL                       = 4282
+	SYS_SET_THREAD_AREA              = 4283
+	SYS_INOTIFY_INIT                 = 4284
+	SYS_INOTIFY_ADD_WATCH            = 4285
+	SYS_INOTIFY_RM_WATCH             = 4286
+	SYS_MIGRATE_PAGES                = 4287
+	SYS_OPENAT                       = 4288
+	SYS_MKDIRAT                      = 4289
+	SYS_MKNODAT                      = 4290
+	SYS_FCHOWNAT                     = 4291
+	SYS_FUTIMESAT                    = 4292
+	SYS_FSTATAT64                    = 4293
+	SYS_UNLINKAT                     = 4294
+	SYS_RENAMEAT                     = 4295
+	SYS_LINKAT                       = 4296
+	SYS_SYMLINKAT                    = 4297
+	SYS_READLINKAT                   = 4298
+	SYS_FCHMODAT                     = 4299
+	SYS_FACCESSAT                    = 4300
+	SYS_PSELECT6                     = 4301
+	SYS_PPOLL                        = 4302
+	SYS_UNSHARE                      = 4303
+	SYS_SPLICE                       = 4304
+	SYS_SYNC_FILE_RANGE              = 4305
+	SYS_TEE                          = 4306
+	SYS_VMSPLICE                     = 4307
+	SYS_MOVE_PAGES                   = 4308
+	SYS_SET_ROBUST_LIST              = 4309
+	SYS_GET_ROBUST_LIST              = 4310
+	SYS_KEXEC_LOAD                   = 4311
+	SYS_GETCPU                       = 4312
+	SYS_EPOLL_PWAIT                  = 4313
+	SYS_IOPRIO_SET                   = 4314
+	SYS_IOPRIO_GET                   = 4315
+	SYS_UTIMENSAT                    = 4316
+	SYS_SIGNALFD                     = 4317
+	SYS_TIMERFD                      = 4318
+	SYS_EVENTFD                      = 4319
+	SYS_FALLOCATE                    = 4320
+	SYS_TIMERFD_CREATE               = 4321
+	SYS_TIMERFD_GETTIME              = 4322
+	SYS_TIMERFD_SETTIME              = 4323
+	SYS_SIGNALFD4                    = 4324
+	SYS_EVENTFD2                     = 4325
+	SYS_EPOLL_CREATE1                = 4326
+	SYS_DUP3                         = 4327
+	SYS_PIPE2                        = 4328
+	SYS_INOTIFY_INIT1                = 4329
+	SYS_PREADV                       = 4330
+	SYS_PWRITEV                      = 4331
+	SYS_RT_TGSIGQUEUEINFO            = 4332
+	SYS_PERF_EVENT_OPEN              = 4333
+	SYS_ACCEPT4                      = 4334
+	SYS_RECVMMSG                     = 4335
+	SYS_FANOTIFY_INIT                = 4336
+	SYS_FANOTIFY_MARK                = 4337
+	SYS_PRLIMIT64                    = 4338
+	SYS_NAME_TO_HANDLE_AT            = 4339
+	SYS_OPEN_BY_HANDLE_AT            = 4340
+	SYS_CLOCK_ADJTIME                = 4341
+	SYS_SYNCFS                       = 4342
+	SYS_SENDMMSG                     = 4343
+	SYS_SETNS                        = 4344
+	SYS_PROCESS_VM_READV             = 4345
+	SYS_PROCESS_VM_WRITEV            = 4346
+	SYS_KCMP                         = 4347
+	SYS_FINIT_MODULE                 = 4348
+	SYS_SCHED_SETATTR                = 4349
+	SYS_SCHED_GETATTR                = 4350
+	SYS_RENAMEAT2                    = 4351
+	SYS_SECCOMP                      = 4352
+	SYS_GETRANDOM                    = 4353
+	SYS_MEMFD_CREATE                 = 4354
+	SYS_BPF                          = 4355
+	SYS_EXECVEAT                     = 4356
+	SYS_USERFAULTFD                  = 4357
+	SYS_MEMBARRIER                   = 4358
+	SYS_MLOCK2                       = 4359
+	SYS_COPY_FILE_RANGE              = 4360
+	SYS_PREADV2                      = 4361
+	SYS_PWRITEV2                     = 4362
+	SYS_PKEY_MPROTECT                = 4363
+	SYS_PKEY_ALLOC                   = 4364
+	SYS_PKEY_FREE                    = 4365
+	SYS_STATX                        = 4366
+	SYS_RSEQ                         = 4367
+	SYS_IO_PGETEVENTS                = 4368
+	SYS_SEMGET                       = 4393
+	SYS_SEMCTL                       = 4394
+	SYS_SHMGET                       = 4395
+	SYS_SHMCTL                       = 4396
+	SYS_SHMAT                        = 4397
+	SYS_SHMDT                        = 4398
+	SYS_MSGGET                       = 4399
+	SYS_MSGSND                       = 4400
+	SYS_MSGRCV                       = 4401
+	SYS_MSGCTL                       = 4402
+	SYS_CLOCK_GETTIME64              = 4403
+	SYS_CLOCK_SETTIME64              = 4404
+	SYS_CLOCK_ADJTIME64              = 4405
+	SYS_CLOCK_GETRES_TIME64          = 4406
+	SYS_CLOCK_NANOSLEEP_TIME64       = 4407
+	SYS_TIMER_GETTIME64              = 4408
+	SYS_TIMER_SETTIME64              = 4409
+	SYS_TIMERFD_GETTIME64            = 4410
+	SYS_TIMERFD_SETTIME64            = 4411
+	SYS_UTIMENSAT_TIME64             = 4412
+	SYS_PSELECT6_TIME64              = 4413
+	SYS_PPOLL_TIME64                 = 4414
+	SYS_IO_PGETEVENTS_TIME64         = 4416
+	SYS_RECVMMSG_TIME64              = 4417
+	SYS_MQ_TIMEDSEND_TIME64          = 4418
+	SYS_MQ_TIMEDRECEIVE_TIME64       = 4419
+	SYS_SEMTIMEDOP_TIME64            = 4420
+	SYS_RT_SIGTIMEDWAIT_TIME64       = 4421
+	SYS_FUTEX_TIME64                 = 4422
+	SYS_SCHED_RR_GET_INTERVAL_TIME64 = 4423
+	SYS_PIDFD_SEND_SIGNAL            = 4424
+	SYS_IO_URING_SETUP               = 4425
+	SYS_IO_URING_ENTER               = 4426
+	SYS_IO_URING_REGISTER            = 4427
+	SYS_OPEN_TREE                    = 4428
+	SYS_MOVE_MOUNT                   = 4429
+	SYS_FSOPEN                       = 4430
+	SYS_FSCONFIG                     = 4431
+	SYS_FSMOUNT                      = 4432
+	SYS_FSPICK                       = 4433
+	SYS_PIDFD_OPEN                   = 4434
+	SYS_CLONE3                       = 4435
+	SYS_OPENAT2                      = 4437
+	SYS_PIDFD_GETFD                  = 4438
+	SYS_FACCESSAT2                   = 4439
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go
new file mode 100644
index 000000000..c1d824a4f
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go
@@ -0,0 +1,352 @@
+// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include /tmp/include/asm/unistd.h
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build mips64,linux
+
+package unix
+
+const (
+	SYS_READ                   = 5000
+	SYS_WRITE                  = 5001
+	SYS_OPEN                   = 5002
+	SYS_CLOSE                  = 5003
+	SYS_STAT                   = 5004
+	SYS_FSTAT                  = 5005
+	SYS_LSTAT                  = 5006
+	SYS_POLL                   = 5007
+	SYS_LSEEK                  = 5008
+	SYS_MMAP                   = 5009
+	SYS_MPROTECT               = 5010
+	SYS_MUNMAP                 = 5011
+	SYS_BRK                    = 5012
+	SYS_RT_SIGACTION           = 5013
+	SYS_RT_SIGPROCMASK         = 5014
+	SYS_IOCTL                  = 5015
+	SYS_PREAD64                = 5016
+	SYS_PWRITE64               = 5017
+	SYS_READV                  = 5018
+	SYS_WRITEV                 = 5019
+	SYS_ACCESS                 = 5020
+	SYS_PIPE                   = 5021
+	SYS__NEWSELECT             = 5022
+	SYS_SCHED_YIELD            = 5023
+	SYS_MREMAP                 = 5024
+	SYS_MSYNC                  = 5025
+	SYS_MINCORE                = 5026
+	SYS_MADVISE                = 5027
+	SYS_SHMGET                 = 5028
+	SYS_SHMAT                  = 5029
+	SYS_SHMCTL                 = 5030
+	SYS_DUP                    = 5031
+	SYS_DUP2                   = 5032
+	SYS_PAUSE                  = 5033
+	SYS_NANOSLEEP              = 5034
+	SYS_GETITIMER              = 5035
+	SYS_SETITIMER              = 5036
+	SYS_ALARM                  = 5037
+	SYS_GETPID                 = 5038
+	SYS_SENDFILE               = 5039
+	SYS_SOCKET                 = 5040
+	SYS_CONNECT                = 5041
+	SYS_ACCEPT                 = 5042
+	SYS_SENDTO                 = 5043
+	SYS_RECVFROM               = 5044
+	SYS_SENDMSG                = 5045
+	SYS_RECVMSG                = 5046
+	SYS_SHUTDOWN               = 5047
+	SYS_BIND                   = 5048
+	SYS_LISTEN                 = 5049
+	SYS_GETSOCKNAME            = 5050
+	SYS_GETPEERNAME            = 5051
+	SYS_SOCKETPAIR             = 5052
+	SYS_SETSOCKOPT             = 5053
+	SYS_GETSOCKOPT             = 5054
+	SYS_CLONE                  = 5055
+	SYS_FORK                   = 5056
+	SYS_EXECVE                 = 5057
+	SYS_EXIT                   = 5058
+	SYS_WAIT4                  = 5059
+	SYS_KILL                   = 5060
+	SYS_UNAME                  = 5061
+	SYS_SEMGET                 = 5062
+	SYS_SEMOP                  = 5063
+	SYS_SEMCTL                 = 5064
+	SYS_SHMDT                  = 5065
+	SYS_MSGGET                 = 5066
+	SYS_MSGSND                 = 5067
+	SYS_MSGRCV                 = 5068
+	SYS_MSGCTL                 = 5069
+	SYS_FCNTL                  = 5070
+	SYS_FLOCK                  = 5071
+	SYS_FSYNC                  = 5072
+	SYS_FDATASYNC              = 5073
+	SYS_TRUNCATE               = 5074
+	SYS_FTRUNCATE              = 5075
+	SYS_GETDENTS               = 5076
+	SYS_GETCWD                 = 5077
+	SYS_CHDIR                  = 5078
+	SYS_FCHDIR                 = 5079
+	SYS_RENAME                 = 5080
+	SYS_MKDIR                  = 5081
+	SYS_RMDIR                  = 5082
+	SYS_CREAT                  = 5083
+	SYS_LINK                   = 5084
+	SYS_UNLINK                 = 5085
+	SYS_SYMLINK                = 5086
+	SYS_READLINK               = 5087
+	SYS_CHMOD                  = 5088
+	SYS_FCHMOD                 = 5089
+	SYS_CHOWN                  = 5090
+	SYS_FCHOWN                 = 5091
+	SYS_LCHOWN                 = 5092
+	SYS_UMASK                  = 5093
+	SYS_GETTIMEOFDAY           = 5094
+	SYS_GETRLIMIT              = 5095
+	SYS_GETRUSAGE              = 5096
+	SYS_SYSINFO                = 5097
+	SYS_TIMES                  = 5098
+	SYS_PTRACE                 = 5099
+	SYS_GETUID                 = 5100
+	SYS_SYSLOG                 = 5101
+	SYS_GETGID                 = 5102
+	SYS_SETUID                 = 5103
+	SYS_SETGID                 = 5104
+	SYS_GETEUID                = 5105
+	SYS_GETEGID                = 5106
+	SYS_SETPGID                = 5107
+	SYS_GETPPID                = 5108
+	SYS_GETPGRP                = 5109
+	SYS_SETSID                 = 5110
+	SYS_SETREUID               = 5111
+	SYS_SETREGID               = 5112
+	SYS_GETGROUPS              = 5113
+	SYS_SETGROUPS              = 5114
+	SYS_SETRESUID              = 5115
+	SYS_GETRESUID              = 5116
+	SYS_SETRESGID              = 5117
+	SYS_GETRESGID              = 5118
+	SYS_GETPGID                = 5119
+	SYS_SETFSUID               = 5120
+	SYS_SETFSGID               = 5121
+	SYS_GETSID                 = 5122
+	SYS_CAPGET                 = 5123
+	SYS_CAPSET                 = 5124
+	SYS_RT_SIGPENDING          = 5125
+	SYS_RT_SIGTIMEDWAIT        = 5126
+	SYS_RT_SIGQUEUEINFO        = 5127
+	SYS_RT_SIGSUSPEND          = 5128
+	SYS_SIGALTSTACK            = 5129
+	SYS_UTIME                  = 5130
+	SYS_MKNOD                  = 5131
+	SYS_PERSONALITY            = 5132
+	SYS_USTAT                  = 5133
+	SYS_STATFS                 = 5134
+	SYS_FSTATFS                = 5135
+	SYS_SYSFS                  = 5136
+	SYS_GETPRIORITY            = 5137
+	SYS_SETPRIORITY            = 5138
+	SYS_SCHED_SETPARAM         = 5139
+	SYS_SCHED_GETPARAM         = 5140
+	SYS_SCHED_SETSCHEDULER     = 5141
+	SYS_SCHED_GETSCHEDULER     = 5142
+	SYS_SCHED_GET_PRIORITY_MAX = 5143
+	SYS_SCHED_GET_PRIORITY_MIN = 5144
+	SYS_SCHED_RR_GET_INTERVAL  = 5145
+	SYS_MLOCK                  = 5146
+	SYS_MUNLOCK                = 5147
+	SYS_MLOCKALL               = 5148
+	SYS_MUNLOCKALL             = 5149
+	SYS_VHANGUP                = 5150
+	SYS_PIVOT_ROOT             = 5151
+	SYS__SYSCTL                = 5152
+	SYS_PRCTL                  = 5153
+	SYS_ADJTIMEX               = 5154
+	SYS_SETRLIMIT              = 5155
+	SYS_CHROOT                 = 5156
+	SYS_SYNC                   = 5157
+	SYS_ACCT                   = 5158
+	SYS_SETTIMEOFDAY           = 5159
+	SYS_MOUNT                  = 5160
+	SYS_UMOUNT2                = 5161
+	SYS_SWAPON                 = 5162
+	SYS_SWAPOFF                = 5163
+	SYS_REBOOT                 = 5164
+	SYS_SETHOSTNAME            = 5165
+	SYS_SETDOMAINNAME          = 5166
+	SYS_CREATE_MODULE          = 5167
+	SYS_INIT_MODULE            = 5168
+	SYS_DELETE_MODULE          = 5169
+	SYS_GET_KERNEL_SYMS        = 5170
+	SYS_QUERY_MODULE           = 5171
+	SYS_QUOTACTL               = 5172
+	SYS_NFSSERVCTL             = 5173
+	SYS_GETPMSG                = 5174
+	SYS_PUTPMSG                = 5175
+	SYS_AFS_SYSCALL            = 5176
+	SYS_RESERVED177            = 5177
+	SYS_GETTID                 = 5178
+	SYS_READAHEAD              = 5179
+	SYS_SETXATTR               = 5180
+	SYS_LSETXATTR              = 5181
+	SYS_FSETXATTR              = 5182
+	SYS_GETXATTR               = 5183
+	SYS_LGETXATTR              = 5184
+	SYS_FGETXATTR              = 5185
+	SYS_LISTXATTR              = 5186
+	SYS_LLISTXATTR             = 5187
+	SYS_FLISTXATTR             = 5188
+	SYS_REMOVEXATTR            = 5189
+	SYS_LREMOVEXATTR           = 5190
+	SYS_FREMOVEXATTR           = 5191
+	SYS_TKILL                  = 5192
+	SYS_RESERVED193            = 5193
+	SYS_FUTEX                  = 5194
+	SYS_SCHED_SETAFFINITY      = 5195
+	SYS_SCHED_GETAFFINITY      = 5196
+	SYS_CACHEFLUSH             = 5197
+	SYS_CACHECTL               = 5198
+	SYS_SYSMIPS                = 5199
+	SYS_IO_SETUP               = 5200
+	SYS_IO_DESTROY             = 5201
+	SYS_IO_GETEVENTS           = 5202
+	SYS_IO_SUBMIT              = 5203
+	SYS_IO_CANCEL              = 5204
+	SYS_EXIT_GROUP             = 5205
+	SYS_LOOKUP_DCOOKIE         = 5206
+	SYS_EPOLL_CREATE           = 5207
+	SYS_EPOLL_CTL              = 5208
+	SYS_EPOLL_WAIT             = 5209
+	SYS_REMAP_FILE_PAGES       = 5210
+	SYS_RT_SIGRETURN           = 5211
+	SYS_SET_TID_ADDRESS        = 5212
+	SYS_RESTART_SYSCALL        = 5213
+	SYS_SEMTIMEDOP             = 5214
+	SYS_FADVISE64              = 5215
+	SYS_TIMER_CREATE           = 5216
+	SYS_TIMER_SETTIME          = 5217
+	SYS_TIMER_GETTIME          = 5218
+	SYS_TIMER_GETOVERRUN       = 5219
+	SYS_TIMER_DELETE           = 5220
+	SYS_CLOCK_SETTIME          = 5221
+	SYS_CLOCK_GETTIME          = 5222
+	SYS_CLOCK_GETRES           = 5223
+	SYS_CLOCK_NANOSLEEP        = 5224
+	SYS_TGKILL                 = 5225
+	SYS_UTIMES                 = 5226
+	SYS_MBIND                  = 5227
+	SYS_GET_MEMPOLICY          = 5228
+	SYS_SET_MEMPOLICY          = 5229
+	SYS_MQ_OPEN                = 5230
+	SYS_MQ_UNLINK              = 5231
+	SYS_MQ_TIMEDSEND           = 5232
+	SYS_MQ_TIMEDRECEIVE        = 5233
+	SYS_MQ_NOTIFY              = 5234
+	SYS_MQ_GETSETATTR          = 5235
+	SYS_VSERVER                = 5236
+	SYS_WAITID                 = 5237
+	SYS_ADD_KEY                = 5239
+	SYS_REQUEST_KEY            = 5240
+	SYS_KEYCTL                 = 5241
+	SYS_SET_THREAD_AREA        = 5242
+	SYS_INOTIFY_INIT           = 5243
+	SYS_INOTIFY_ADD_WATCH      = 5244
+	SYS_INOTIFY_RM_WATCH       = 5245
+	SYS_MIGRATE_PAGES          = 5246
+	SYS_OPENAT                 = 5247
+	SYS_MKDIRAT                = 5248
+	SYS_MKNODAT                = 5249
+	SYS_FCHOWNAT               = 5250
+	SYS_FUTIMESAT              = 5251
+	SYS_NEWFSTATAT             = 5252
+	SYS_UNLINKAT               = 5253
+	SYS_RENAMEAT               = 5254
+	SYS_LINKAT                 = 5255
+	SYS_SYMLINKAT              = 5256
+	SYS_READLINKAT             = 5257
+	SYS_FCHMODAT               = 5258
+	SYS_FACCESSAT              = 5259
+	SYS_PSELECT6               = 5260
+	SYS_PPOLL                  = 5261
+	SYS_UNSHARE                = 5262
+	SYS_SPLICE                 = 5263
+	SYS_SYNC_FILE_RANGE        = 5264
+	SYS_TEE                    = 5265
+	SYS_VMSPLICE               = 5266
+	SYS_MOVE_PAGES             = 5267
+	SYS_SET_ROBUST_LIST        = 5268
+	SYS_GET_ROBUST_LIST        = 5269
+	SYS_KEXEC_LOAD             = 5270
+	SYS_GETCPU                 = 5271
+	SYS_EPOLL_PWAIT            = 5272
+	SYS_IOPRIO_SET             = 5273
+	SYS_IOPRIO_GET             = 5274
+	SYS_UTIMENSAT              = 5275
+	SYS_SIGNALFD               = 5276
+	SYS_TIMERFD                = 5277
+	SYS_EVENTFD                = 5278
+	SYS_FALLOCATE              = 5279
+	SYS_TIMERFD_CREATE         = 5280
+	SYS_TIMERFD_GETTIME        = 5281
+	SYS_TIMERFD_SETTIME        = 5282
+	SYS_SIGNALFD4              = 5283
+	SYS_EVENTFD2               = 5284
+	SYS_EPOLL_CREATE1          = 5285
+	SYS_DUP3                   = 5286
+	SYS_PIPE2                  = 5287
+	SYS_INOTIFY_INIT1          = 5288
+	SYS_PREADV                 = 5289
+	SYS_PWRITEV                = 5290
+	SYS_RT_TGSIGQUEUEINFO      = 5291
+	SYS_PERF_EVENT_OPEN        = 5292
+	SYS_ACCEPT4                = 5293
+	SYS_RECVMMSG               = 5294
+	SYS_FANOTIFY_INIT          = 5295
+	SYS_FANOTIFY_MARK          = 5296
+	SYS_PRLIMIT64              = 5297
+	SYS_NAME_TO_HANDLE_AT      = 5298
+	SYS_OPEN_BY_HANDLE_AT      = 5299
+	SYS_CLOCK_ADJTIME          = 5300
+	SYS_SYNCFS                 = 5301
+	SYS_SENDMMSG               = 5302
+	SYS_SETNS                  = 5303
+	SYS_PROCESS_VM_READV       = 5304
+	SYS_PROCESS_VM_WRITEV      = 5305
+	SYS_KCMP                   = 5306
+	SYS_FINIT_MODULE           = 5307
+	SYS_GETDENTS64             = 5308
+	SYS_SCHED_SETATTR          = 5309
+	SYS_SCHED_GETATTR          = 5310
+	SYS_RENAMEAT2              = 5311
+	SYS_SECCOMP                = 5312
+	SYS_GETRANDOM              = 5313
+	SYS_MEMFD_CREATE           = 5314
+	SYS_BPF                    = 5315
+	SYS_EXECVEAT               = 5316
+	SYS_USERFAULTFD            = 5317
+	SYS_MEMBARRIER             = 5318
+	SYS_MLOCK2                 = 5319
+	SYS_COPY_FILE_RANGE        = 5320
+	SYS_PREADV2                = 5321
+	SYS_PWRITEV2               = 5322
+	SYS_PKEY_MPROTECT          = 5323
+	SYS_PKEY_ALLOC             = 5324
+	SYS_PKEY_FREE              = 5325
+	SYS_STATX                  = 5326
+	SYS_RSEQ                   = 5327
+	SYS_IO_PGETEVENTS          = 5328
+	SYS_PIDFD_SEND_SIGNAL      = 5424
+	SYS_IO_URING_SETUP         = 5425
+	SYS_IO_URING_ENTER         = 5426
+	SYS_IO_URING_REGISTER      = 5427
+	SYS_OPEN_TREE              = 5428
+	SYS_MOVE_MOUNT             = 5429
+	SYS_FSOPEN                 = 5430
+	SYS_FSCONFIG               = 5431
+	SYS_FSMOUNT                = 5432
+	SYS_FSPICK                 = 5433
+	SYS_PIDFD_OPEN             = 5434
+	SYS_CLONE3                 = 5435
+	SYS_OPENAT2                = 5437
+	SYS_PIDFD_GETFD            = 5438
+	SYS_FACCESSAT2             = 5439
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go
new file mode 100644
index 000000000..598dd5d63
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go
@@ -0,0 +1,352 @@
+// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include /tmp/include/asm/unistd.h
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build mips64le,linux
+
+package unix
+
+const (
+	SYS_READ                   = 5000
+	SYS_WRITE                  = 5001
+	SYS_OPEN                   = 5002
+	SYS_CLOSE                  = 5003
+	SYS_STAT                   = 5004
+	SYS_FSTAT                  = 5005
+	SYS_LSTAT                  = 5006
+	SYS_POLL                   = 5007
+	SYS_LSEEK                  = 5008
+	SYS_MMAP                   = 5009
+	SYS_MPROTECT               = 5010
+	SYS_MUNMAP                 = 5011
+	SYS_BRK                    = 5012
+	SYS_RT_SIGACTION           = 5013
+	SYS_RT_SIGPROCMASK         = 5014
+	SYS_IOCTL                  = 5015
+	SYS_PREAD64                = 5016
+	SYS_PWRITE64               = 5017
+	SYS_READV                  = 5018
+	SYS_WRITEV                 = 5019
+	SYS_ACCESS                 = 5020
+	SYS_PIPE                   = 5021
+	SYS__NEWSELECT             = 5022
+	SYS_SCHED_YIELD            = 5023
+	SYS_MREMAP                 = 5024
+	SYS_MSYNC                  = 5025
+	SYS_MINCORE                = 5026
+	SYS_MADVISE                = 5027
+	SYS_SHMGET                 = 5028
+	SYS_SHMAT                  = 5029
+	SYS_SHMCTL                 = 5030
+	SYS_DUP                    = 5031
+	SYS_DUP2                   = 5032
+	SYS_PAUSE                  = 5033
+	SYS_NANOSLEEP              = 5034
+	SYS_GETITIMER              = 5035
+	SYS_SETITIMER              = 5036
+	SYS_ALARM                  = 5037
+	SYS_GETPID                 = 5038
+	SYS_SENDFILE               = 5039
+	SYS_SOCKET                 = 5040
+	SYS_CONNECT                = 5041
+	SYS_ACCEPT                 = 5042
+	SYS_SENDTO                 = 5043
+	SYS_RECVFROM               = 5044
+	SYS_SENDMSG                = 5045
+	SYS_RECVMSG                = 5046
+	SYS_SHUTDOWN               = 5047
+	SYS_BIND                   = 5048
+	SYS_LISTEN                 = 5049
+	SYS_GETSOCKNAME            = 5050
+	SYS_GETPEERNAME            = 5051
+	SYS_SOCKETPAIR             = 5052
+	SYS_SETSOCKOPT             = 5053
+	SYS_GETSOCKOPT             = 5054
+	SYS_CLONE                  = 5055
+	SYS_FORK                   = 5056
+	SYS_EXECVE                 = 5057
+	SYS_EXIT                   = 5058
+	SYS_WAIT4                  = 5059
+	SYS_KILL                   = 5060
+	SYS_UNAME                  = 5061
+	SYS_SEMGET                 = 5062
+	SYS_SEMOP                  = 5063
+	SYS_SEMCTL                 = 5064
+	SYS_SHMDT                  = 5065
+	SYS_MSGGET                 = 5066
+	SYS_MSGSND                 = 5067
+	SYS_MSGRCV                 = 5068
+	SYS_MSGCTL                 = 5069
+	SYS_FCNTL                  = 5070
+	SYS_FLOCK                  = 5071
+	SYS_FSYNC                  = 5072
+	SYS_FDATASYNC              = 5073
+	SYS_TRUNCATE               = 5074
+	SYS_FTRUNCATE              = 5075
+	SYS_GETDENTS               = 5076
+	SYS_GETCWD                 = 5077
+	SYS_CHDIR                  = 5078
+	SYS_FCHDIR                 = 5079
+	SYS_RENAME                 = 5080
+	SYS_MKDIR                  = 5081
+	SYS_RMDIR                  = 5082
+	SYS_CREAT                  = 5083
+	SYS_LINK                   = 5084
+	SYS_UNLINK                 = 5085
+	SYS_SYMLINK                = 5086
+	SYS_READLINK               = 5087
+	SYS_CHMOD                  = 5088
+	SYS_FCHMOD                 = 5089
+	SYS_CHOWN                  = 5090
+	SYS_FCHOWN                 = 5091
+	SYS_LCHOWN                 = 5092
+	SYS_UMASK                  = 5093
+	SYS_GETTIMEOFDAY           = 5094
+	SYS_GETRLIMIT              = 5095
+	SYS_GETRUSAGE              = 5096
+	SYS_SYSINFO                = 5097
+	SYS_TIMES                  = 5098
+	SYS_PTRACE                 = 5099
+	SYS_GETUID                 = 5100
+	SYS_SYSLOG                 = 5101
+	SYS_GETGID                 = 5102
+	SYS_SETUID                 = 5103
+	SYS_SETGID                 = 5104
+	SYS_GETEUID                = 5105
+	SYS_GETEGID                = 5106
+	SYS_SETPGID                = 5107
+	SYS_GETPPID                = 5108
+	SYS_GETPGRP                = 5109
+	SYS_SETSID                 = 5110
+	SYS_SETREUID               = 5111
+	SYS_SETREGID               = 5112
+	SYS_GETGROUPS              = 5113
+	SYS_SETGROUPS              = 5114
+	SYS_SETRESUID              = 5115
+	SYS_GETRESUID              = 5116
+	SYS_SETRESGID              = 5117
+	SYS_GETRESGID              = 5118
+	SYS_GETPGID                = 5119
+	SYS_SETFSUID               = 5120
+	SYS_SETFSGID               = 5121
+	SYS_GETSID                 = 5122
+	SYS_CAPGET                 = 5123
+	SYS_CAPSET                 = 5124
+	SYS_RT_SIGPENDING          = 5125
+	SYS_RT_SIGTIMEDWAIT        = 5126
+	SYS_RT_SIGQUEUEINFO        = 5127
+	SYS_RT_SIGSUSPEND          = 5128
+	SYS_SIGALTSTACK            = 5129
+	SYS_UTIME                  = 5130
+	SYS_MKNOD                  = 5131
+	SYS_PERSONALITY            = 5132
+	SYS_USTAT                  = 5133
+	SYS_STATFS                 = 5134
+	SYS_FSTATFS                = 5135
+	SYS_SYSFS                  = 5136
+	SYS_GETPRIORITY            = 5137
+	SYS_SETPRIORITY            = 5138
+	SYS_SCHED_SETPARAM         = 5139
+	SYS_SCHED_GETPARAM         = 5140
+	SYS_SCHED_SETSCHEDULER     = 5141
+	SYS_SCHED_GETSCHEDULER     = 5142
+	SYS_SCHED_GET_PRIORITY_MAX = 5143
+	SYS_SCHED_GET_PRIORITY_MIN = 5144
+	SYS_SCHED_RR_GET_INTERVAL  = 5145
+	SYS_MLOCK                  = 5146
+	SYS_MUNLOCK                = 5147
+	SYS_MLOCKALL               = 5148
+	SYS_MUNLOCKALL             = 5149
+	SYS_VHANGUP                = 5150
+	SYS_PIVOT_ROOT             = 5151
+	SYS__SYSCTL                = 5152
+	SYS_PRCTL                  = 5153
+	SYS_ADJTIMEX               = 5154
+	SYS_SETRLIMIT              = 5155
+	SYS_CHROOT                 = 5156
+	SYS_SYNC                   = 5157
+	SYS_ACCT                   = 5158
+	SYS_SETTIMEOFDAY           = 5159
+	SYS_MOUNT                  = 5160
+	SYS_UMOUNT2                = 5161
+	SYS_SWAPON                 = 5162
+	SYS_SWAPOFF                = 5163
+	SYS_REBOOT                 = 5164
+	SYS_SETHOSTNAME            = 5165
+	SYS_SETDOMAINNAME          = 5166
+	SYS_CREATE_MODULE          = 5167
+	SYS_INIT_MODULE            = 5168
+	SYS_DELETE_MODULE          = 5169
+	SYS_GET_KERNEL_SYMS        = 5170
+	SYS_QUERY_MODULE           = 5171
+	SYS_QUOTACTL               = 5172
+	SYS_NFSSERVCTL             = 5173
+	SYS_GETPMSG                = 5174
+	SYS_PUTPMSG                = 5175
+	SYS_AFS_SYSCALL            = 5176
+	SYS_RESERVED177            = 5177
+	SYS_GETTID                 = 5178
+	SYS_READAHEAD              = 5179
+	SYS_SETXATTR               = 5180
+	SYS_LSETXATTR              = 5181
+	SYS_FSETXATTR              = 5182
+	SYS_GETXATTR               = 5183
+	SYS_LGETXATTR              = 5184
+	SYS_FGETXATTR              = 5185
+	SYS_LISTXATTR              = 5186
+	SYS_LLISTXATTR             = 5187
+	SYS_FLISTXATTR             = 5188
+	SYS_REMOVEXATTR            = 5189
+	SYS_LREMOVEXATTR           = 5190
+	SYS_FREMOVEXATTR           = 5191
+	SYS_TKILL                  = 5192
+	SYS_RESERVED193            = 5193
+	SYS_FUTEX                  = 5194
+	SYS_SCHED_SETAFFINITY      = 5195
+	SYS_SCHED_GETAFFINITY      = 5196
+	SYS_CACHEFLUSH             = 5197
+	SYS_CACHECTL               = 5198
+	SYS_SYSMIPS                = 5199
+	SYS_IO_SETUP               = 5200
+	SYS_IO_DESTROY             = 5201
+	SYS_IO_GETEVENTS           = 5202
+	SYS_IO_SUBMIT              = 5203
+	SYS_IO_CANCEL              = 5204
+	SYS_EXIT_GROUP             = 5205
+	SYS_LOOKUP_DCOOKIE         = 5206
+	SYS_EPOLL_CREATE           = 5207
+	SYS_EPOLL_CTL              = 5208
+	SYS_EPOLL_WAIT             = 5209
+	SYS_REMAP_FILE_PAGES       = 5210
+	SYS_RT_SIGRETURN           = 5211
+	SYS_SET_TID_ADDRESS        = 5212
+	SYS_RESTART_SYSCALL        = 5213
+	SYS_SEMTIMEDOP             = 5214
+	SYS_FADVISE64              = 5215
+	SYS_TIMER_CREATE           = 5216
+	SYS_TIMER_SETTIME          = 5217
+	SYS_TIMER_GETTIME          = 5218
+	SYS_TIMER_GETOVERRUN       = 5219
+	SYS_TIMER_DELETE           = 5220
+	SYS_CLOCK_SETTIME          = 5221
+	SYS_CLOCK_GETTIME          = 5222
+	SYS_CLOCK_GETRES           = 5223
+	SYS_CLOCK_NANOSLEEP        = 5224
+	SYS_TGKILL                 = 5225
+	SYS_UTIMES                 = 5226
+	SYS_MBIND                  = 5227
+	SYS_GET_MEMPOLICY          = 5228
+	SYS_SET_MEMPOLICY          = 5229
+	SYS_MQ_OPEN                = 5230
+	SYS_MQ_UNLINK              = 5231
+	SYS_MQ_TIMEDSEND           = 5232
+	SYS_MQ_TIMEDRECEIVE        = 5233
+	SYS_MQ_NOTIFY              = 5234
+	SYS_MQ_GETSETATTR          = 5235
+	SYS_VSERVER                = 5236
+	SYS_WAITID                 = 5237
+	SYS_ADD_KEY                = 5239
+	SYS_REQUEST_KEY            = 5240
+	SYS_KEYCTL                 = 5241
+	SYS_SET_THREAD_AREA        = 5242
+	SYS_INOTIFY_INIT           = 5243
+	SYS_INOTIFY_ADD_WATCH      = 5244
+	SYS_INOTIFY_RM_WATCH       = 5245
+	SYS_MIGRATE_PAGES          = 5246
+	SYS_OPENAT                 = 5247
+	SYS_MKDIRAT                = 5248
+	SYS_MKNODAT                = 5249
+	SYS_FCHOWNAT               = 5250
+	SYS_FUTIMESAT              = 5251
+	SYS_NEWFSTATAT             = 5252
+	SYS_UNLINKAT               = 5253
+	SYS_RENAMEAT               = 5254
+	SYS_LINKAT                 = 5255
+	SYS_SYMLINKAT              = 5256
+	SYS_READLINKAT             = 5257
+	SYS_FCHMODAT               = 5258
+	SYS_FACCESSAT              = 5259
+	SYS_PSELECT6               = 5260
+	SYS_PPOLL                  = 5261
+	SYS_UNSHARE                = 5262
+	SYS_SPLICE                 = 5263
+	SYS_SYNC_FILE_RANGE        = 5264
+	SYS_TEE                    = 5265
+	SYS_VMSPLICE               = 5266
+	SYS_MOVE_PAGES             = 5267
+	SYS_SET_ROBUST_LIST        = 5268
+	SYS_GET_ROBUST_LIST        = 5269
+	SYS_KEXEC_LOAD             = 5270
+	SYS_GETCPU                 = 5271
+	SYS_EPOLL_PWAIT            = 5272
+	SYS_IOPRIO_SET             = 5273
+	SYS_IOPRIO_GET             = 5274
+	SYS_UTIMENSAT              = 5275
+	SYS_SIGNALFD               = 5276
+	SYS_TIMERFD                = 5277
+	SYS_EVENTFD                = 5278
+	SYS_FALLOCATE              = 5279
+	SYS_TIMERFD_CREATE         = 5280
+	SYS_TIMERFD_GETTIME        = 5281
+	SYS_TIMERFD_SETTIME        = 5282
+	SYS_SIGNALFD4              = 5283
+	SYS_EVENTFD2               = 5284
+	SYS_EPOLL_CREATE1          = 5285
+	SYS_DUP3                   = 5286
+	SYS_PIPE2                  = 5287
+	SYS_INOTIFY_INIT1          = 5288
+	SYS_PREADV                 = 5289
+	SYS_PWRITEV                = 5290
+	SYS_RT_TGSIGQUEUEINFO      = 5291
+	SYS_PERF_EVENT_OPEN        = 5292
+	SYS_ACCEPT4                = 5293
+	SYS_RECVMMSG               = 5294
+	SYS_FANOTIFY_INIT          = 5295
+	SYS_FANOTIFY_MARK          = 5296
+	SYS_PRLIMIT64              = 5297
+	SYS_NAME_TO_HANDLE_AT      = 5298
+	SYS_OPEN_BY_HANDLE_AT      = 5299
+	SYS_CLOCK_ADJTIME          = 5300
+	SYS_SYNCFS                 = 5301
+	SYS_SENDMMSG               = 5302
+	SYS_SETNS                  = 5303
+	SYS_PROCESS_VM_READV       = 5304
+	SYS_PROCESS_VM_WRITEV      = 5305
+	SYS_KCMP                   = 5306
+	SYS_FINIT_MODULE           = 5307
+	SYS_GETDENTS64             = 5308
+	SYS_SCHED_SETATTR          = 5309
+	SYS_SCHED_GETATTR          = 5310
+	SYS_RENAMEAT2              = 5311
+	SYS_SECCOMP                = 5312
+	SYS_GETRANDOM              = 5313
+	SYS_MEMFD_CREATE           = 5314
+	SYS_BPF                    = 5315
+	SYS_EXECVEAT               = 5316
+	SYS_USERFAULTFD            = 5317
+	SYS_MEMBARRIER             = 5318
+	SYS_MLOCK2                 = 5319
+	SYS_COPY_FILE_RANGE        = 5320
+	SYS_PREADV2                = 5321
+	SYS_PWRITEV2               = 5322
+	SYS_PKEY_MPROTECT          = 5323
+	SYS_PKEY_ALLOC             = 5324
+	SYS_PKEY_FREE              = 5325
+	SYS_STATX                  = 5326
+	SYS_RSEQ                   = 5327
+	SYS_IO_PGETEVENTS          = 5328
+	SYS_PIDFD_SEND_SIGNAL      = 5424
+	SYS_IO_URING_SETUP         = 5425
+	SYS_IO_URING_ENTER         = 5426
+	SYS_IO_URING_REGISTER      = 5427
+	SYS_OPEN_TREE              = 5428
+	SYS_MOVE_MOUNT             = 5429
+	SYS_FSOPEN                 = 5430
+	SYS_FSCONFIG               = 5431
+	SYS_FSMOUNT                = 5432
+	SYS_FSPICK                 = 5433
+	SYS_PIDFD_OPEN             = 5434
+	SYS_CLONE3                 = 5435
+	SYS_OPENAT2                = 5437
+	SYS_PIDFD_GETFD            = 5438
+	SYS_FACCESSAT2             = 5439
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go
new file mode 100644
index 000000000..c36782d08
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go
@@ -0,0 +1,422 @@
+// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include /tmp/include/asm/unistd.h
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build mipsle,linux
+
+package unix
+
+const (
+	SYS_SYSCALL                      = 4000
+	SYS_EXIT                         = 4001
+	SYS_FORK                         = 4002
+	SYS_READ                         = 4003
+	SYS_WRITE                        = 4004
+	SYS_OPEN                         = 4005
+	SYS_CLOSE                        = 4006
+	SYS_WAITPID                      = 4007
+	SYS_CREAT                        = 4008
+	SYS_LINK                         = 4009
+	SYS_UNLINK                       = 4010
+	SYS_EXECVE                       = 4011
+	SYS_CHDIR                        = 4012
+	SYS_TIME                         = 4013
+	SYS_MKNOD                        = 4014
+	SYS_CHMOD                        = 4015
+	SYS_LCHOWN                       = 4016
+	SYS_BREAK                        = 4017
+	SYS_UNUSED18                     = 4018
+	SYS_LSEEK                        = 4019
+	SYS_GETPID                       = 4020
+	SYS_MOUNT                        = 4021
+	SYS_UMOUNT                       = 4022
+	SYS_SETUID                       = 4023
+	SYS_GETUID                       = 4024
+	SYS_STIME                        = 4025
+	SYS_PTRACE                       = 4026
+	SYS_ALARM                        = 4027
+	SYS_UNUSED28                     = 4028
+	SYS_PAUSE                        = 4029
+	SYS_UTIME                        = 4030
+	SYS_STTY                         = 4031
+	SYS_GTTY                         = 4032
+	SYS_ACCESS                       = 4033
+	SYS_NICE                         = 4034
+	SYS_FTIME                        = 4035
+	SYS_SYNC                         = 4036
+	SYS_KILL                         = 4037
+	SYS_RENAME                       = 4038
+	SYS_MKDIR                        = 4039
+	SYS_RMDIR                        = 4040
+	SYS_DUP                          = 4041
+	SYS_PIPE                         = 4042
+	SYS_TIMES                        = 4043
+	SYS_PROF                         = 4044
+	SYS_BRK                          = 4045
+	SYS_SETGID                       = 4046
+	SYS_GETGID                       = 4047
+	SYS_SIGNAL                       = 4048
+	SYS_GETEUID                      = 4049
+	SYS_GETEGID                      = 4050
+	SYS_ACCT                         = 4051
+	SYS_UMOUNT2                      = 4052
+	SYS_LOCK                         = 4053
+	SYS_IOCTL                        = 4054
+	SYS_FCNTL                        = 4055
+	SYS_MPX                          = 4056
+	SYS_SETPGID                      = 4057
+	SYS_ULIMIT                       = 4058
+	SYS_UNUSED59                     = 4059
+	SYS_UMASK                        = 4060
+	SYS_CHROOT                       = 4061
+	SYS_USTAT                        = 4062
+	SYS_DUP2                         = 4063
+	SYS_GETPPID                      = 4064
+	SYS_GETPGRP                      = 4065
+	SYS_SETSID                       = 4066
+	SYS_SIGACTION                    = 4067
+	SYS_SGETMASK                     = 4068
+	SYS_SSETMASK                     = 4069
+	SYS_SETREUID                     = 4070
+	SYS_SETREGID                     = 4071
+	SYS_SIGSUSPEND                   = 4072
+	SYS_SIGPENDING                   = 4073
+	SYS_SETHOSTNAME                  = 4074
+	SYS_SETRLIMIT                    = 4075
+	SYS_GETRLIMIT                    = 4076
+	SYS_GETRUSAGE                    = 4077
+	SYS_GETTIMEOFDAY                 = 4078
+	SYS_SETTIMEOFDAY                 = 4079
+	SYS_GETGROUPS                    = 4080
+	SYS_SETGROUPS                    = 4081
+	SYS_RESERVED82                   = 4082
+	SYS_SYMLINK                      = 4083
+	SYS_UNUSED84                     = 4084
+	SYS_READLINK                     = 4085
+	SYS_USELIB                       = 4086
+	SYS_SWAPON                       = 4087
+	SYS_REBOOT                       = 4088
+	SYS_READDIR                      = 4089
+	SYS_MMAP                         = 4090
+	SYS_MUNMAP                       = 4091
+	SYS_TRUNCATE                     = 4092
+	SYS_FTRUNCATE                    = 4093
+	SYS_FCHMOD                       = 4094
+	SYS_FCHOWN                       = 4095
+	SYS_GETPRIORITY                  = 4096
+	SYS_SETPRIORITY                  = 4097
+	SYS_PROFIL                       = 4098
+	SYS_STATFS                       = 4099
+	SYS_FSTATFS                      = 4100
+	SYS_IOPERM                       = 4101
+	SYS_SOCKETCALL                   = 4102
+	SYS_SYSLOG                       = 4103
+	SYS_SETITIMER                    = 4104
+	SYS_GETITIMER                    = 4105
+	SYS_STAT                         = 4106
+	SYS_LSTAT                        = 4107
+	SYS_FSTAT                        = 4108
+	SYS_UNUSED109                    = 4109
+	SYS_IOPL                         = 4110
+	SYS_VHANGUP                      = 4111
+	SYS_IDLE                         = 4112
+	SYS_VM86                         = 4113
+	SYS_WAIT4                        = 4114
+	SYS_SWAPOFF                      = 4115
+	SYS_SYSINFO                      = 4116
+	SYS_IPC                          = 4117
+	SYS_FSYNC                        = 4118
+	SYS_SIGRETURN                    = 4119
+	SYS_CLONE                        = 4120
+	SYS_SETDOMAINNAME                = 4121
+	SYS_UNAME                        = 4122
+	SYS_MODIFY_LDT                   = 4123
+	SYS_ADJTIMEX                     = 4124
+	SYS_MPROTECT                     = 4125
+	SYS_SIGPROCMASK                  = 4126
+	SYS_CREATE_MODULE                = 4127
+	SYS_INIT_MODULE                  = 4128
+	SYS_DELETE_MODULE                = 4129
+	SYS_GET_KERNEL_SYMS              = 4130
+	SYS_QUOTACTL                     = 4131
+	SYS_GETPGID                      = 4132
+	SYS_FCHDIR                       = 4133
+	SYS_BDFLUSH                      = 4134
+	SYS_SYSFS                        = 4135
+	SYS_PERSONALITY                  = 4136
+	SYS_AFS_SYSCALL                  = 4137
+	SYS_SETFSUID                     = 4138
+	SYS_SETFSGID                     = 4139
+	SYS__LLSEEK                      = 4140
+	SYS_GETDENTS                     = 4141
+	SYS__NEWSELECT                   = 4142
+	SYS_FLOCK                        = 4143
+	SYS_MSYNC                        = 4144
+	SYS_READV                        = 4145
+	SYS_WRITEV                       = 4146
+	SYS_CACHEFLUSH                   = 4147
+	SYS_CACHECTL                     = 4148
+	SYS_SYSMIPS                      = 4149
+	SYS_UNUSED150                    = 4150
+	SYS_GETSID                       = 4151
+	SYS_FDATASYNC                    = 4152
+	SYS__SYSCTL                      = 4153
+	SYS_MLOCK                        = 4154
+	SYS_MUNLOCK                      = 4155
+	SYS_MLOCKALL                     = 4156
+	SYS_MUNLOCKALL                   = 4157
+	SYS_SCHED_SETPARAM               = 4158
+	SYS_SCHED_GETPARAM               = 4159
+	SYS_SCHED_SETSCHEDULER           = 4160
+	SYS_SCHED_GETSCHEDULER           = 4161
+	SYS_SCHED_YIELD                  = 4162
+	SYS_SCHED_GET_PRIORITY_MAX       = 4163
+	SYS_SCHED_GET_PRIORITY_MIN       = 4164
+	SYS_SCHED_RR_GET_INTERVAL        = 4165
+	SYS_NANOSLEEP                    = 4166
+	SYS_MREMAP                       = 4167
+	SYS_ACCEPT                       = 4168
+	SYS_BIND                         = 4169
+	SYS_CONNECT                      = 4170
+	SYS_GETPEERNAME                  = 4171
+	SYS_GETSOCKNAME                  = 4172
+	SYS_GETSOCKOPT                   = 4173
+	SYS_LISTEN                       = 4174
+	SYS_RECV                         = 4175
+	SYS_RECVFROM                     = 4176
+	SYS_RECVMSG                      = 4177
+	SYS_SEND                         = 4178
+	SYS_SENDMSG                      = 4179
+	SYS_SENDTO                       = 4180
+	SYS_SETSOCKOPT                   = 4181
+	SYS_SHUTDOWN                     = 4182
+	SYS_SOCKET                       = 4183
+	SYS_SOCKETPAIR                   = 4184
+	SYS_SETRESUID                    = 4185
+	SYS_GETRESUID                    = 4186
+	SYS_QUERY_MODULE                 = 4187
+	SYS_POLL                         = 4188
+	SYS_NFSSERVCTL                   = 4189
+	SYS_SETRESGID                    = 4190
+	SYS_GETRESGID                    = 4191
+	SYS_PRCTL                        = 4192
+	SYS_RT_SIGRETURN                 = 4193
+	SYS_RT_SIGACTION                 = 4194
+	SYS_RT_SIGPROCMASK               = 4195
+	SYS_RT_SIGPENDING                = 4196
+	SYS_RT_SIGTIMEDWAIT              = 4197
+	SYS_RT_SIGQUEUEINFO              = 4198
+	SYS_RT_SIGSUSPEND                = 4199
+	SYS_PREAD64                      = 4200
+	SYS_PWRITE64                     = 4201
+	SYS_CHOWN                        = 4202
+	SYS_GETCWD                       = 4203
+	SYS_CAPGET                       = 4204
+	SYS_CAPSET                       = 4205
+	SYS_SIGALTSTACK                  = 4206
+	SYS_SENDFILE                     = 4207
+	SYS_GETPMSG                      = 4208
+	SYS_PUTPMSG                      = 4209
+	SYS_MMAP2                        = 4210
+	SYS_TRUNCATE64                   = 4211
+	SYS_FTRUNCATE64                  = 4212
+	SYS_STAT64                       = 4213
+	SYS_LSTAT64                      = 4214
+	SYS_FSTAT64                      = 4215
+	SYS_PIVOT_ROOT                   = 4216
+	SYS_MINCORE                      = 4217
+	SYS_MADVISE                      = 4218
+	SYS_GETDENTS64                   = 4219
+	SYS_FCNTL64                      = 4220
+	SYS_RESERVED221                  = 4221
+	SYS_GETTID                       = 4222
+	SYS_READAHEAD                    = 4223
+	SYS_SETXATTR                     = 4224
+	SYS_LSETXATTR                    = 4225
+	SYS_FSETXATTR                    = 4226
+	SYS_GETXATTR                     = 4227
+	SYS_LGETXATTR                    = 4228
+	SYS_FGETXATTR                    = 4229
+	SYS_LISTXATTR                    = 4230
+	SYS_LLISTXATTR                   = 4231
+	SYS_FLISTXATTR                   = 4232
+	SYS_REMOVEXATTR                  = 4233
+	SYS_LREMOVEXATTR                 = 4234
+	SYS_FREMOVEXATTR                 = 4235
+	SYS_TKILL                        = 4236
+	SYS_SENDFILE64                   = 4237
+	SYS_FUTEX                        = 4238
+	SYS_SCHED_SETAFFINITY            = 4239
+	SYS_SCHED_GETAFFINITY            = 4240
+	SYS_IO_SETUP                     = 4241
+	SYS_IO_DESTROY                   = 4242
+	SYS_IO_GETEVENTS                 = 4243
+	SYS_IO_SUBMIT                    = 4244
+	SYS_IO_CANCEL                    = 4245
+	SYS_EXIT_GROUP                   = 4246
+	SYS_LOOKUP_DCOOKIE               = 4247
+	SYS_EPOLL_CREATE                 = 4248
+	SYS_EPOLL_CTL                    = 4249
+	SYS_EPOLL_WAIT                   = 4250
+	SYS_REMAP_FILE_PAGES             = 4251
+	SYS_SET_TID_ADDRESS              = 4252
+	SYS_RESTART_SYSCALL              = 4253
+	SYS_FADVISE64                    = 4254
+	SYS_STATFS64                     = 4255
+	SYS_FSTATFS64                    = 4256
+	SYS_TIMER_CREATE                 = 4257
+	SYS_TIMER_SETTIME                = 4258
+	SYS_TIMER_GETTIME                = 4259
+	SYS_TIMER_GETOVERRUN             = 4260
+	SYS_TIMER_DELETE                 = 4261
+	SYS_CLOCK_SETTIME                = 4262
+	SYS_CLOCK_GETTIME                = 4263
+	SYS_CLOCK_GETRES                 = 4264
+	SYS_CLOCK_NANOSLEEP              = 4265
+	SYS_TGKILL                       = 4266
+	SYS_UTIMES                       = 4267
+	SYS_MBIND                        = 4268
+	SYS_GET_MEMPOLICY                = 4269
+	SYS_SET_MEMPOLICY                = 4270
+	SYS_MQ_OPEN                      = 4271
+	SYS_MQ_UNLINK                    = 4272
+	SYS_MQ_TIMEDSEND                 = 4273
+	SYS_MQ_TIMEDRECEIVE              = 4274
+	SYS_MQ_NOTIFY                    = 4275
+	SYS_MQ_GETSETATTR                = 4276
+	SYS_VSERVER                      = 4277
+	SYS_WAITID                       = 4278
+	SYS_ADD_KEY                      = 4280
+	SYS_REQUEST_KEY                  = 4281
+	SYS_KEYCTL                       = 4282
+	SYS_SET_THREAD_AREA              = 4283
+	SYS_INOTIFY_INIT                 = 4284
+	SYS_INOTIFY_ADD_WATCH            = 4285
+	SYS_INOTIFY_RM_WATCH             = 4286
+	SYS_MIGRATE_PAGES                = 4287
+	SYS_OPENAT                       = 4288
+	SYS_MKDIRAT                      = 4289
+	SYS_MKNODAT                      = 4290
+	SYS_FCHOWNAT                     = 4291
+	SYS_FUTIMESAT                    = 4292
+	SYS_FSTATAT64                    = 4293
+	SYS_UNLINKAT                     = 4294
+	SYS_RENAMEAT                     = 4295
+	SYS_LINKAT                       = 4296
+	SYS_SYMLINKAT                    = 4297
+	SYS_READLINKAT                   = 4298
+	SYS_FCHMODAT                     = 4299
+	SYS_FACCESSAT                    = 4300
+	SYS_PSELECT6                     = 4301
+	SYS_PPOLL                        = 4302
+	SYS_UNSHARE                      = 4303
+	SYS_SPLICE                       = 4304
+	SYS_SYNC_FILE_RANGE              = 4305
+	SYS_TEE                          = 4306
+	SYS_VMSPLICE                     = 4307
+	SYS_MOVE_PAGES                   = 4308
+	SYS_SET_ROBUST_LIST              = 4309
+	SYS_GET_ROBUST_LIST              = 4310
+	SYS_KEXEC_LOAD                   = 4311
+	SYS_GETCPU                       = 4312
+	SYS_EPOLL_PWAIT                  = 4313
+	SYS_IOPRIO_SET                   = 4314
+	SYS_IOPRIO_GET                   = 4315
+	SYS_UTIMENSAT                    = 4316
+	SYS_SIGNALFD                     = 4317
+	SYS_TIMERFD                      = 4318
+	SYS_EVENTFD                      = 4319
+	SYS_FALLOCATE                    = 4320
+	SYS_TIMERFD_CREATE               = 4321
+	SYS_TIMERFD_GETTIME              = 4322
+	SYS_TIMERFD_SETTIME              = 4323
+	SYS_SIGNALFD4                    = 4324
+	SYS_EVENTFD2                     = 4325
+	SYS_EPOLL_CREATE1                = 4326
+	SYS_DUP3                         = 4327
+	SYS_PIPE2                        = 4328
+	SYS_INOTIFY_INIT1                = 4329
+	SYS_PREADV                       = 4330
+	SYS_PWRITEV                      = 4331
+	SYS_RT_TGSIGQUEUEINFO            = 4332
+	SYS_PERF_EVENT_OPEN              = 4333
+	SYS_ACCEPT4                      = 4334
+	SYS_RECVMMSG                     = 4335
+	SYS_FANOTIFY_INIT                = 4336
+	SYS_FANOTIFY_MARK                = 4337
+	SYS_PRLIMIT64                    = 4338
+	SYS_NAME_TO_HANDLE_AT            = 4339
+	SYS_OPEN_BY_HANDLE_AT            = 4340
+	SYS_CLOCK_ADJTIME                = 4341
+	SYS_SYNCFS                       = 4342
+	SYS_SENDMMSG                     = 4343
+	SYS_SETNS                        = 4344
+	SYS_PROCESS_VM_READV             = 4345
+	SYS_PROCESS_VM_WRITEV            = 4346
+	SYS_KCMP                         = 4347
+	SYS_FINIT_MODULE                 = 4348
+	SYS_SCHED_SETATTR                = 4349
+	SYS_SCHED_GETATTR                = 4350
+	SYS_RENAMEAT2                    = 4351
+	SYS_SECCOMP                      = 4352
+	SYS_GETRANDOM                    = 4353
+	SYS_MEMFD_CREATE                 = 4354
+	SYS_BPF                          = 4355
+	SYS_EXECVEAT                     = 4356
+	SYS_USERFAULTFD                  = 4357
+	SYS_MEMBARRIER                   = 4358
+	SYS_MLOCK2                       = 4359
+	SYS_COPY_FILE_RANGE              = 4360
+	SYS_PREADV2                      = 4361
+	SYS_PWRITEV2                     = 4362
+	SYS_PKEY_MPROTECT                = 4363
+	SYS_PKEY_ALLOC                   = 4364
+	SYS_PKEY_FREE                    = 4365
+	SYS_STATX                        = 4366
+	SYS_RSEQ                         = 4367
+	SYS_IO_PGETEVENTS                = 4368
+	SYS_SEMGET                       = 4393
+	SYS_SEMCTL                       = 4394
+	SYS_SHMGET                       = 4395
+	SYS_SHMCTL                       = 4396
+	SYS_SHMAT                        = 4397
+	SYS_SHMDT                        = 4398
+	SYS_MSGGET                       = 4399
+	SYS_MSGSND                       = 4400
+	SYS_MSGRCV                       = 4401
+	SYS_MSGCTL                       = 4402
+	SYS_CLOCK_GETTIME64              = 4403
+	SYS_CLOCK_SETTIME64              = 4404
+	SYS_CLOCK_ADJTIME64              = 4405
+	SYS_CLOCK_GETRES_TIME64          = 4406
+	SYS_CLOCK_NANOSLEEP_TIME64       = 4407
+	SYS_TIMER_GETTIME64              = 4408
+	SYS_TIMER_SETTIME64              = 4409
+	SYS_TIMERFD_GETTIME64            = 4410
+	SYS_TIMERFD_SETTIME64            = 4411
+	SYS_UTIMENSAT_TIME64             = 4412
+	SYS_PSELECT6_TIME64              = 4413
+	SYS_PPOLL_TIME64                 = 4414
+	SYS_IO_PGETEVENTS_TIME64         = 4416
+	SYS_RECVMMSG_TIME64              = 4417
+	SYS_MQ_TIMEDSEND_TIME64          = 4418
+	SYS_MQ_TIMEDRECEIVE_TIME64       = 4419
+	SYS_SEMTIMEDOP_TIME64            = 4420
+	SYS_RT_SIGTIMEDWAIT_TIME64       = 4421
+	SYS_FUTEX_TIME64                 = 4422
+	SYS_SCHED_RR_GET_INTERVAL_TIME64 = 4423
+	SYS_PIDFD_SEND_SIGNAL            = 4424
+	SYS_IO_URING_SETUP               = 4425
+	SYS_IO_URING_ENTER               = 4426
+	SYS_IO_URING_REGISTER            = 4427
+	SYS_OPEN_TREE                    = 4428
+	SYS_MOVE_MOUNT                   = 4429
+	SYS_FSOPEN                       = 4430
+	SYS_FSCONFIG                     = 4431
+	SYS_FSMOUNT                      = 4432
+	SYS_FSPICK                       = 4433
+	SYS_PIDFD_OPEN                   = 4434
+	SYS_CLONE3                       = 4435
+	SYS_OPENAT2                      = 4437
+	SYS_PIDFD_GETFD                  = 4438
+	SYS_FACCESSAT2                   = 4439
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go
new file mode 100644
index 000000000..9287538d3
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go
@@ -0,0 +1,401 @@
+// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include /tmp/include/asm/unistd.h
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build ppc64,linux
+
+package unix
+
+const (
+	SYS_RESTART_SYSCALL        = 0
+	SYS_EXIT                   = 1
+	SYS_FORK                   = 2
+	SYS_READ                   = 3
+	SYS_WRITE                  = 4
+	SYS_OPEN                   = 5
+	SYS_CLOSE                  = 6
+	SYS_WAITPID                = 7
+	SYS_CREAT                  = 8
+	SYS_LINK                   = 9
+	SYS_UNLINK                 = 10
+	SYS_EXECVE                 = 11
+	SYS_CHDIR                  = 12
+	SYS_TIME                   = 13
+	SYS_MKNOD                  = 14
+	SYS_CHMOD                  = 15
+	SYS_LCHOWN                 = 16
+	SYS_BREAK                  = 17
+	SYS_OLDSTAT                = 18
+	SYS_LSEEK                  = 19
+	SYS_GETPID                 = 20
+	SYS_MOUNT                  = 21
+	SYS_UMOUNT                 = 22
+	SYS_SETUID                 = 23
+	SYS_GETUID                 = 24
+	SYS_STIME                  = 25
+	SYS_PTRACE                 = 26
+	SYS_ALARM                  = 27
+	SYS_OLDFSTAT               = 28
+	SYS_PAUSE                  = 29
+	SYS_UTIME                  = 30
+	SYS_STTY                   = 31
+	SYS_GTTY                   = 32
+	SYS_ACCESS                 = 33
+	SYS_NICE                   = 34
+	SYS_FTIME                  = 35
+	SYS_SYNC                   = 36
+	SYS_KILL                   = 37
+	SYS_RENAME                 = 38
+	SYS_MKDIR                  = 39
+	SYS_RMDIR                  = 40
+	SYS_DUP                    = 41
+	SYS_PIPE                   = 42
+	SYS_TIMES                  = 43
+	SYS_PROF                   = 44
+	SYS_BRK                    = 45
+	SYS_SETGID                 = 46
+	SYS_GETGID                 = 47
+	SYS_SIGNAL                 = 48
+	SYS_GETEUID                = 49
+	SYS_GETEGID                = 50
+	SYS_ACCT                   = 51
+	SYS_UMOUNT2                = 52
+	SYS_LOCK                   = 53
+	SYS_IOCTL                  = 54
+	SYS_FCNTL                  = 55
+	SYS_MPX                    = 56
+	SYS_SETPGID                = 57
+	SYS_ULIMIT                 = 58
+	SYS_OLDOLDUNAME            = 59
+	SYS_UMASK                  = 60
+	SYS_CHROOT                 = 61
+	SYS_USTAT                  = 62
+	SYS_DUP2                   = 63
+	SYS_GETPPID                = 64
+	SYS_GETPGRP                = 65
+	SYS_SETSID                 = 66
+	SYS_SIGACTION              = 67
+	SYS_SGETMASK               = 68
+	SYS_SSETMASK               = 69
+	SYS_SETREUID               = 70
+	SYS_SETREGID               = 71
+	SYS_SIGSUSPEND             = 72
+	SYS_SIGPENDING             = 73
+	SYS_SETHOSTNAME            = 74
+	SYS_SETRLIMIT              = 75
+	SYS_GETRLIMIT              = 76
+	SYS_GETRUSAGE              = 77
+	SYS_GETTIMEOFDAY           = 78
+	SYS_SETTIMEOFDAY           = 79
+	SYS_GETGROUPS              = 80
+	SYS_SETGROUPS              = 81
+	SYS_SELECT                 = 82
+	SYS_SYMLINK                = 83
+	SYS_OLDLSTAT               = 84
+	SYS_READLINK               = 85
+	SYS_USELIB                 = 86
+	SYS_SWAPON                 = 87
+	SYS_REBOOT                 = 88
+	SYS_READDIR                = 89
+	SYS_MMAP                   = 90
+	SYS_MUNMAP                 = 91
+	SYS_TRUNCATE               = 92
+	SYS_FTRUNCATE              = 93
+	SYS_FCHMOD                 = 94
+	SYS_FCHOWN                 = 95
+	SYS_GETPRIORITY            = 96
+	SYS_SETPRIORITY            = 97
+	SYS_PROFIL                 = 98
+	SYS_STATFS                 = 99
+	SYS_FSTATFS                = 100
+	SYS_IOPERM                 = 101
+	SYS_SOCKETCALL             = 102
+	SYS_SYSLOG                 = 103
+	SYS_SETITIMER              = 104
+	SYS_GETITIMER              = 105
+	SYS_STAT                   = 106
+	SYS_LSTAT                  = 107
+	SYS_FSTAT                  = 108
+	SYS_OLDUNAME               = 109
+	SYS_IOPL                   = 110
+	SYS_VHANGUP                = 111
+	SYS_IDLE                   = 112
+	SYS_VM86                   = 113
+	SYS_WAIT4                  = 114
+	SYS_SWAPOFF                = 115
+	SYS_SYSINFO                = 116
+	SYS_IPC                    = 117
+	SYS_FSYNC                  = 118
+	SYS_SIGRETURN              = 119
+	SYS_CLONE                  = 120
+	SYS_SETDOMAINNAME          = 121
+	SYS_UNAME                  = 122
+	SYS_MODIFY_LDT             = 123
+	SYS_ADJTIMEX               = 124
+	SYS_MPROTECT               = 125
+	SYS_SIGPROCMASK            = 126
+	SYS_CREATE_MODULE          = 127
+	SYS_INIT_MODULE            = 128
+	SYS_DELETE_MODULE          = 129
+	SYS_GET_KERNEL_SYMS        = 130
+	SYS_QUOTACTL               = 131
+	SYS_GETPGID                = 132
+	SYS_FCHDIR                 = 133
+	SYS_BDFLUSH                = 134
+	SYS_SYSFS                  = 135
+	SYS_PERSONALITY            = 136
+	SYS_AFS_SYSCALL            = 137
+	SYS_SETFSUID               = 138
+	SYS_SETFSGID               = 139
+	SYS__LLSEEK                = 140
+	SYS_GETDENTS               = 141
+	SYS__NEWSELECT             = 142
+	SYS_FLOCK                  = 143
+	SYS_MSYNC                  = 144
+	SYS_READV                  = 145
+	SYS_WRITEV                 = 146
+	SYS_GETSID                 = 147
+	SYS_FDATASYNC              = 148
+	SYS__SYSCTL                = 149
+	SYS_MLOCK                  = 150
+	SYS_MUNLOCK                = 151
+	SYS_MLOCKALL               = 152
+	SYS_MUNLOCKALL             = 153
+	SYS_SCHED_SETPARAM         = 154
+	SYS_SCHED_GETPARAM         = 155
+	SYS_SCHED_SETSCHEDULER     = 156
+	SYS_SCHED_GETSCHEDULER     = 157
+	SYS_SCHED_YIELD            = 158
+	SYS_SCHED_GET_PRIORITY_MAX = 159
+	SYS_SCHED_GET_PRIORITY_MIN = 160
+	SYS_SCHED_RR_GET_INTERVAL  = 161
+	SYS_NANOSLEEP              = 162
+	SYS_MREMAP                 = 163
+	SYS_SETRESUID              = 164
+	SYS_GETRESUID              = 165
+	SYS_QUERY_MODULE           = 166
+	SYS_POLL                   = 167
+	SYS_NFSSERVCTL             = 168
+	SYS_SETRESGID              = 169
+	SYS_GETRESGID              = 170
+	SYS_PRCTL                  = 171
+	SYS_RT_SIGRETURN           = 172
+	SYS_RT_SIGACTION           = 173
+	SYS_RT_SIGPROCMASK         = 174
+	SYS_RT_SIGPENDING          = 175
+	SYS_RT_SIGTIMEDWAIT        = 176
+	SYS_RT_SIGQUEUEINFO        = 177
+	SYS_RT_SIGSUSPEND          = 178
+	SYS_PREAD64                = 179
+	SYS_PWRITE64               = 180
+	SYS_CHOWN                  = 181
+	SYS_GETCWD                 = 182
+	SYS_CAPGET                 = 183
+	SYS_CAPSET                 = 184
+	SYS_SIGALTSTACK            = 185
+	SYS_SENDFILE               = 186
+	SYS_GETPMSG                = 187
+	SYS_PUTPMSG                = 188
+	SYS_VFORK                  = 189
+	SYS_UGETRLIMIT             = 190
+	SYS_READAHEAD              = 191
+	SYS_PCICONFIG_READ         = 198
+	SYS_PCICONFIG_WRITE        = 199
+	SYS_PCICONFIG_IOBASE       = 200
+	SYS_MULTIPLEXER            = 201
+	SYS_GETDENTS64             = 202
+	SYS_PIVOT_ROOT             = 203
+	SYS_MADVISE                = 205
+	SYS_MINCORE                = 206
+	SYS_GETTID                 = 207
+	SYS_TKILL                  = 208
+	SYS_SETXATTR               = 209
+	SYS_LSETXATTR              = 210
+	SYS_FSETXATTR              = 211
+	SYS_GETXATTR               = 212
+	SYS_LGETXATTR              = 213
+	SYS_FGETXATTR              = 214
+	SYS_LISTXATTR              = 215
+	SYS_LLISTXATTR             = 216
+	SYS_FLISTXATTR             = 217
+	SYS_REMOVEXATTR            = 218
+	SYS_LREMOVEXATTR           = 219
+	SYS_FREMOVEXATTR           = 220
+	SYS_FUTEX                  = 221
+	SYS_SCHED_SETAFFINITY      = 222
+	SYS_SCHED_GETAFFINITY      = 223
+	SYS_TUXCALL                = 225
+	SYS_IO_SETUP               = 227
+	SYS_IO_DESTROY             = 228
+	SYS_IO_GETEVENTS           = 229
+	SYS_IO_SUBMIT              = 230
+	SYS_IO_CANCEL              = 231
+	SYS_SET_TID_ADDRESS        = 232
+	SYS_FADVISE64              = 233
+	SYS_EXIT_GROUP             = 234
+	SYS_LOOKUP_DCOOKIE         = 235
+	SYS_EPOLL_CREATE           = 236
+	SYS_EPOLL_CTL              = 237
+	SYS_EPOLL_WAIT             = 238
+	SYS_REMAP_FILE_PAGES       = 239
+	SYS_TIMER_CREATE           = 240
+	SYS_TIMER_SETTIME          = 241
+	SYS_TIMER_GETTIME          = 242
+	SYS_TIMER_GETOVERRUN       = 243
+	SYS_TIMER_DELETE           = 244
+	SYS_CLOCK_SETTIME          = 245
+	SYS_CLOCK_GETTIME          = 246
+	SYS_CLOCK_GETRES           = 247
+	SYS_CLOCK_NANOSLEEP        = 248
+	SYS_SWAPCONTEXT            = 249
+	SYS_TGKILL                 = 250
+	SYS_UTIMES                 = 251
+	SYS_STATFS64               = 252
+	SYS_FSTATFS64              = 253
+	SYS_RTAS                   = 255
+	SYS_SYS_DEBUG_SETCONTEXT   = 256
+	SYS_MIGRATE_PAGES          = 258
+	SYS_MBIND                  = 259
+	SYS_GET_MEMPOLICY          = 260
+	SYS_SET_MEMPOLICY          = 261
+	SYS_MQ_OPEN                = 262
+	SYS_MQ_UNLINK              = 263
+	SYS_MQ_TIMEDSEND           = 264
+	SYS_MQ_TIMEDRECEIVE        = 265
+	SYS_MQ_NOTIFY              = 266
+	SYS_MQ_GETSETATTR          = 267
+	SYS_KEXEC_LOAD             = 268
+	SYS_ADD_KEY                = 269
+	SYS_REQUEST_KEY            = 270
+	SYS_KEYCTL                 = 271
+	SYS_WAITID                 = 272
+	SYS_IOPRIO_SET             = 273
+	SYS_IOPRIO_GET             = 274
+	SYS_INOTIFY_INIT           = 275
+	SYS_INOTIFY_ADD_WATCH      = 276
+	SYS_INOTIFY_RM_WATCH       = 277
+	SYS_SPU_RUN                = 278
+	SYS_SPU_CREATE             = 279
+	SYS_PSELECT6               = 280
+	SYS_PPOLL                  = 281
+	SYS_UNSHARE                = 282
+	SYS_SPLICE                 = 283
+	SYS_TEE                    = 284
+	SYS_VMSPLICE               = 285
+	SYS_OPENAT                 = 286
+	SYS_MKDIRAT                = 287
+	SYS_MKNODAT                = 288
+	SYS_FCHOWNAT               = 289
+	SYS_FUTIMESAT              = 290
+	SYS_NEWFSTATAT             = 291
+	SYS_UNLINKAT               = 292
+	SYS_RENAMEAT               = 293
+	SYS_LINKAT                 = 294
+	SYS_SYMLINKAT              = 295
+	SYS_READLINKAT             = 296
+	SYS_FCHMODAT               = 297
+	SYS_FACCESSAT              = 298
+	SYS_GET_ROBUST_LIST        = 299
+	SYS_SET_ROBUST_LIST        = 300
+	SYS_MOVE_PAGES             = 301
+	SYS_GETCPU                 = 302
+	SYS_EPOLL_PWAIT            = 303
+	SYS_UTIMENSAT              = 304
+	SYS_SIGNALFD               = 305
+	SYS_TIMERFD_CREATE         = 306
+	SYS_EVENTFD                = 307
+	SYS_SYNC_FILE_RANGE2       = 308
+	SYS_FALLOCATE              = 309
+	SYS_SUBPAGE_PROT           = 310
+	SYS_TIMERFD_SETTIME        = 311
+	SYS_TIMERFD_GETTIME        = 312
+	SYS_SIGNALFD4              = 313
+	SYS_EVENTFD2               = 314
+	SYS_EPOLL_CREATE1          = 315
+	SYS_DUP3                   = 316
+	SYS_PIPE2                  = 317
+	SYS_INOTIFY_INIT1          = 318
+	SYS_PERF_EVENT_OPEN        = 319
+	SYS_PREADV                 = 320
+	SYS_PWRITEV                = 321
+	SYS_RT_TGSIGQUEUEINFO      = 322
+	SYS_FANOTIFY_INIT          = 323
+	SYS_FANOTIFY_MARK          = 324
+	SYS_PRLIMIT64              = 325
+	SYS_SOCKET                 = 326
+	SYS_BIND                   = 327
+	SYS_CONNECT                = 328
+	SYS_LISTEN                 = 329
+	SYS_ACCEPT                 = 330
+	SYS_GETSOCKNAME            = 331
+	SYS_GETPEERNAME            = 332
+	SYS_SOCKETPAIR             = 333
+	SYS_SEND                   = 334
+	SYS_SENDTO                 = 335
+	SYS_RECV                   = 336
+	SYS_RECVFROM               = 337
+	SYS_SHUTDOWN               = 338
+	SYS_SETSOCKOPT             = 339
+	SYS_GETSOCKOPT             = 340
+	SYS_SENDMSG                = 341
+	SYS_RECVMSG                = 342
+	SYS_RECVMMSG               = 343
+	SYS_ACCEPT4                = 344
+	SYS_NAME_TO_HANDLE_AT      = 345
+	SYS_OPEN_BY_HANDLE_AT      = 346
+	SYS_CLOCK_ADJTIME          = 347
+	SYS_SYNCFS                 = 348
+	SYS_SENDMMSG               = 349
+	SYS_SETNS                  = 350
+	SYS_PROCESS_VM_READV       = 351
+	SYS_PROCESS_VM_WRITEV      = 352
+	SYS_FINIT_MODULE           = 353
+	SYS_KCMP                   = 354
+	SYS_SCHED_SETATTR          = 355
+	SYS_SCHED_GETATTR          = 356
+	SYS_RENAMEAT2              = 357
+	SYS_SECCOMP                = 358
+	SYS_GETRANDOM              = 359
+	SYS_MEMFD_CREATE           = 360
+	SYS_BPF                    = 361
+	SYS_EXECVEAT               = 362
+	SYS_SWITCH_ENDIAN          = 363
+	SYS_USERFAULTFD            = 364
+	SYS_MEMBARRIER             = 365
+	SYS_MLOCK2                 = 378
+	SYS_COPY_FILE_RANGE        = 379
+	SYS_PREADV2                = 380
+	SYS_PWRITEV2               = 381
+	SYS_KEXEC_FILE_LOAD        = 382
+	SYS_STATX                  = 383
+	SYS_PKEY_ALLOC             = 384
+	SYS_PKEY_FREE              = 385
+	SYS_PKEY_MPROTECT          = 386
+	SYS_RSEQ                   = 387
+	SYS_IO_PGETEVENTS          = 388
+	SYS_SEMTIMEDOP             = 392
+	SYS_SEMGET                 = 393
+	SYS_SEMCTL                 = 394
+	SYS_SHMGET                 = 395
+	SYS_SHMCTL                 = 396
+	SYS_SHMAT                  = 397
+	SYS_SHMDT                  = 398
+	SYS_MSGGET                 = 399
+	SYS_MSGSND                 = 400
+	SYS_MSGRCV                 = 401
+	SYS_MSGCTL                 = 402
+	SYS_PIDFD_SEND_SIGNAL      = 424
+	SYS_IO_URING_SETUP         = 425
+	SYS_IO_URING_ENTER         = 426
+	SYS_IO_URING_REGISTER      = 427
+	SYS_OPEN_TREE              = 428
+	SYS_MOVE_MOUNT             = 429
+	SYS_FSOPEN                 = 430
+	SYS_FSCONFIG               = 431
+	SYS_FSMOUNT                = 432
+	SYS_FSPICK                 = 433
+	SYS_PIDFD_OPEN             = 434
+	SYS_CLONE3                 = 435
+	SYS_OPENAT2                = 437
+	SYS_PIDFD_GETFD            = 438
+	SYS_FACCESSAT2             = 439
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go
new file mode 100644
index 000000000..4dafad835
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go
@@ -0,0 +1,401 @@
+// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include /tmp/include/asm/unistd.h
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build ppc64le,linux
+
+package unix
+
+const (
+	SYS_RESTART_SYSCALL        = 0
+	SYS_EXIT                   = 1
+	SYS_FORK                   = 2
+	SYS_READ                   = 3
+	SYS_WRITE                  = 4
+	SYS_OPEN                   = 5
+	SYS_CLOSE                  = 6
+	SYS_WAITPID                = 7
+	SYS_CREAT                  = 8
+	SYS_LINK                   = 9
+	SYS_UNLINK                 = 10
+	SYS_EXECVE                 = 11
+	SYS_CHDIR                  = 12
+	SYS_TIME                   = 13
+	SYS_MKNOD                  = 14
+	SYS_CHMOD                  = 15
+	SYS_LCHOWN                 = 16
+	SYS_BREAK                  = 17
+	SYS_OLDSTAT                = 18
+	SYS_LSEEK                  = 19
+	SYS_GETPID                 = 20
+	SYS_MOUNT                  = 21
+	SYS_UMOUNT                 = 22
+	SYS_SETUID                 = 23
+	SYS_GETUID                 = 24
+	SYS_STIME                  = 25
+	SYS_PTRACE                 = 26
+	SYS_ALARM                  = 27
+	SYS_OLDFSTAT               = 28
+	SYS_PAUSE                  = 29
+	SYS_UTIME                  = 30
+	SYS_STTY                   = 31
+	SYS_GTTY                   = 32
+	SYS_ACCESS                 = 33
+	SYS_NICE                   = 34
+	SYS_FTIME                  = 35
+	SYS_SYNC                   = 36
+	SYS_KILL                   = 37
+	SYS_RENAME                 = 38
+	SYS_MKDIR                  = 39
+	SYS_RMDIR                  = 40
+	SYS_DUP                    = 41
+	SYS_PIPE                   = 42
+	SYS_TIMES                  = 43
+	SYS_PROF                   = 44
+	SYS_BRK                    = 45
+	SYS_SETGID                 = 46
+	SYS_GETGID                 = 47
+	SYS_SIGNAL                 = 48
+	SYS_GETEUID                = 49
+	SYS_GETEGID                = 50
+	SYS_ACCT                   = 51
+	SYS_UMOUNT2                = 52
+	SYS_LOCK                   = 53
+	SYS_IOCTL                  = 54
+	SYS_FCNTL                  = 55
+	SYS_MPX                    = 56
+	SYS_SETPGID                = 57
+	SYS_ULIMIT                 = 58
+	SYS_OLDOLDUNAME            = 59
+	SYS_UMASK                  = 60
+	SYS_CHROOT                 = 61
+	SYS_USTAT                  = 62
+	SYS_DUP2                   = 63
+	SYS_GETPPID                = 64
+	SYS_GETPGRP                = 65
+	SYS_SETSID                 = 66
+	SYS_SIGACTION              = 67
+	SYS_SGETMASK               = 68
+	SYS_SSETMASK               = 69
+	SYS_SETREUID               = 70
+	SYS_SETREGID               = 71
+	SYS_SIGSUSPEND             = 72
+	SYS_SIGPENDING             = 73
+	SYS_SETHOSTNAME            = 74
+	SYS_SETRLIMIT              = 75
+	SYS_GETRLIMIT              = 76
+	SYS_GETRUSAGE              = 77
+	SYS_GETTIMEOFDAY           = 78
+	SYS_SETTIMEOFDAY           = 79
+	SYS_GETGROUPS              = 80
+	SYS_SETGROUPS              = 81
+	SYS_SELECT                 = 82
+	SYS_SYMLINK                = 83
+	SYS_OLDLSTAT               = 84
+	SYS_READLINK               = 85
+	SYS_USELIB                 = 86
+	SYS_SWAPON                 = 87
+	SYS_REBOOT                 = 88
+	SYS_READDIR                = 89
+	SYS_MMAP                   = 90
+	SYS_MUNMAP                 = 91
+	SYS_TRUNCATE               = 92
+	SYS_FTRUNCATE              = 93
+	SYS_FCHMOD                 = 94
+	SYS_FCHOWN                 = 95
+	SYS_GETPRIORITY            = 96
+	SYS_SETPRIORITY            = 97
+	SYS_PROFIL                 = 98
+	SYS_STATFS                 = 99
+	SYS_FSTATFS                = 100
+	SYS_IOPERM                 = 101
+	SYS_SOCKETCALL             = 102
+	SYS_SYSLOG                 = 103
+	SYS_SETITIMER              = 104
+	SYS_GETITIMER              = 105
+	SYS_STAT                   = 106
+	SYS_LSTAT                  = 107
+	SYS_FSTAT                  = 108
+	SYS_OLDUNAME               = 109
+	SYS_IOPL                   = 110
+	SYS_VHANGUP                = 111
+	SYS_IDLE                   = 112
+	SYS_VM86                   = 113
+	SYS_WAIT4                  = 114
+	SYS_SWAPOFF                = 115
+	SYS_SYSINFO                = 116
+	SYS_IPC                    = 117
+	SYS_FSYNC                  = 118
+	SYS_SIGRETURN              = 119
+	SYS_CLONE                  = 120
+	SYS_SETDOMAINNAME          = 121
+	SYS_UNAME                  = 122
+	SYS_MODIFY_LDT             = 123
+	SYS_ADJTIMEX               = 124
+	SYS_MPROTECT               = 125
+	SYS_SIGPROCMASK            = 126
+	SYS_CREATE_MODULE          = 127
+	SYS_INIT_MODULE            = 128
+	SYS_DELETE_MODULE          = 129
+	SYS_GET_KERNEL_SYMS        = 130
+	SYS_QUOTACTL               = 131
+	SYS_GETPGID                = 132
+	SYS_FCHDIR                 = 133
+	SYS_BDFLUSH                = 134
+	SYS_SYSFS                  = 135
+	SYS_PERSONALITY            = 136
+	SYS_AFS_SYSCALL            = 137
+	SYS_SETFSUID               = 138
+	SYS_SETFSGID               = 139
+	SYS__LLSEEK                = 140
+	SYS_GETDENTS               = 141
+	SYS__NEWSELECT             = 142
+	SYS_FLOCK                  = 143
+	SYS_MSYNC                  = 144
+	SYS_READV                  = 145
+	SYS_WRITEV                 = 146
+	SYS_GETSID                 = 147
+	SYS_FDATASYNC              = 148
+	SYS__SYSCTL                = 149
+	SYS_MLOCK                  = 150
+	SYS_MUNLOCK                = 151
+	SYS_MLOCKALL               = 152
+	SYS_MUNLOCKALL             = 153
+	SYS_SCHED_SETPARAM         = 154
+	SYS_SCHED_GETPARAM         = 155
+	SYS_SCHED_SETSCHEDULER     = 156
+	SYS_SCHED_GETSCHEDULER     = 157
+	SYS_SCHED_YIELD            = 158
+	SYS_SCHED_GET_PRIORITY_MAX = 159
+	SYS_SCHED_GET_PRIORITY_MIN = 160
+	SYS_SCHED_RR_GET_INTERVAL  = 161
+	SYS_NANOSLEEP              = 162
+	SYS_MREMAP                 = 163
+	SYS_SETRESUID              = 164
+	SYS_GETRESUID              = 165
+	SYS_QUERY_MODULE           = 166
+	SYS_POLL                   = 167
+	SYS_NFSSERVCTL             = 168
+	SYS_SETRESGID              = 169
+	SYS_GETRESGID              = 170
+	SYS_PRCTL                  = 171
+	SYS_RT_SIGRETURN           = 172
+	SYS_RT_SIGACTION           = 173
+	SYS_RT_SIGPROCMASK         = 174
+	SYS_RT_SIGPENDING          = 175
+	SYS_RT_SIGTIMEDWAIT        = 176
+	SYS_RT_SIGQUEUEINFO        = 177
+	SYS_RT_SIGSUSPEND          = 178
+	SYS_PREAD64                = 179
+	SYS_PWRITE64               = 180
+	SYS_CHOWN                  = 181
+	SYS_GETCWD                 = 182
+	SYS_CAPGET                 = 183
+	SYS_CAPSET                 = 184
+	SYS_SIGALTSTACK            = 185
+	SYS_SENDFILE               = 186
+	SYS_GETPMSG                = 187
+	SYS_PUTPMSG                = 188
+	SYS_VFORK                  = 189
+	SYS_UGETRLIMIT             = 190
+	SYS_READAHEAD              = 191
+	SYS_PCICONFIG_READ         = 198
+	SYS_PCICONFIG_WRITE        = 199
+	SYS_PCICONFIG_IOBASE       = 200
+	SYS_MULTIPLEXER            = 201
+	SYS_GETDENTS64             = 202
+	SYS_PIVOT_ROOT             = 203
+	SYS_MADVISE                = 205
+	SYS_MINCORE                = 206
+	SYS_GETTID                 = 207
+	SYS_TKILL                  = 208
+	SYS_SETXATTR               = 209
+	SYS_LSETXATTR              = 210
+	SYS_FSETXATTR              = 211
+	SYS_GETXATTR               = 212
+	SYS_LGETXATTR              = 213
+	SYS_FGETXATTR              = 214
+	SYS_LISTXATTR              = 215
+	SYS_LLISTXATTR             = 216
+	SYS_FLISTXATTR             = 217
+	SYS_REMOVEXATTR            = 218
+	SYS_LREMOVEXATTR           = 219
+	SYS_FREMOVEXATTR           = 220
+	SYS_FUTEX                  = 221
+	SYS_SCHED_SETAFFINITY      = 222
+	SYS_SCHED_GETAFFINITY      = 223
+	SYS_TUXCALL                = 225
+	SYS_IO_SETUP               = 227
+	SYS_IO_DESTROY             = 228
+	SYS_IO_GETEVENTS           = 229
+	SYS_IO_SUBMIT              = 230
+	SYS_IO_CANCEL              = 231
+	SYS_SET_TID_ADDRESS        = 232
+	SYS_FADVISE64              = 233
+	SYS_EXIT_GROUP             = 234
+	SYS_LOOKUP_DCOOKIE         = 235
+	SYS_EPOLL_CREATE           = 236
+	SYS_EPOLL_CTL              = 237
+	SYS_EPOLL_WAIT             = 238
+	SYS_REMAP_FILE_PAGES       = 239
+	SYS_TIMER_CREATE           = 240
+	SYS_TIMER_SETTIME          = 241
+	SYS_TIMER_GETTIME          = 242
+	SYS_TIMER_GETOVERRUN       = 243
+	SYS_TIMER_DELETE           = 244
+	SYS_CLOCK_SETTIME          = 245
+	SYS_CLOCK_GETTIME          = 246
+	SYS_CLOCK_GETRES           = 247
+	SYS_CLOCK_NANOSLEEP        = 248
+	SYS_SWAPCONTEXT            = 249
+	SYS_TGKILL                 = 250
+	SYS_UTIMES                 = 251
+	SYS_STATFS64               = 252
+	SYS_FSTATFS64              = 253
+	SYS_RTAS                   = 255
+	SYS_SYS_DEBUG_SETCONTEXT   = 256
+	SYS_MIGRATE_PAGES          = 258
+	SYS_MBIND                  = 259
+	SYS_GET_MEMPOLICY          = 260
+	SYS_SET_MEMPOLICY          = 261
+	SYS_MQ_OPEN                = 262
+	SYS_MQ_UNLINK              = 263
+	SYS_MQ_TIMEDSEND           = 264
+	SYS_MQ_TIMEDRECEIVE        = 265
+	SYS_MQ_NOTIFY              = 266
+	SYS_MQ_GETSETATTR          = 267
+	SYS_KEXEC_LOAD             = 268
+	SYS_ADD_KEY                = 269
+	SYS_REQUEST_KEY            = 270
+	SYS_KEYCTL                 = 271
+	SYS_WAITID                 = 272
+	SYS_IOPRIO_SET             = 273
+	SYS_IOPRIO_GET             = 274
+	SYS_INOTIFY_INIT           = 275
+	SYS_INOTIFY_ADD_WATCH      = 276
+	SYS_INOTIFY_RM_WATCH       = 277
+	SYS_SPU_RUN                = 278
+	SYS_SPU_CREATE             = 279
+	SYS_PSELECT6               = 280
+	SYS_PPOLL                  = 281
+	SYS_UNSHARE                = 282
+	SYS_SPLICE                 = 283
+	SYS_TEE                    = 284
+	SYS_VMSPLICE               = 285
+	SYS_OPENAT                 = 286
+	SYS_MKDIRAT                = 287
+	SYS_MKNODAT                = 288
+	SYS_FCHOWNAT               = 289
+	SYS_FUTIMESAT              = 290
+	SYS_NEWFSTATAT             = 291
+	SYS_UNLINKAT               = 292
+	SYS_RENAMEAT               = 293
+	SYS_LINKAT                 = 294
+	SYS_SYMLINKAT              = 295
+	SYS_READLINKAT             = 296
+	SYS_FCHMODAT               = 297
+	SYS_FACCESSAT              = 298
+	SYS_GET_ROBUST_LIST        = 299
+	SYS_SET_ROBUST_LIST        = 300
+	SYS_MOVE_PAGES             = 301
+	SYS_GETCPU                 = 302
+	SYS_EPOLL_PWAIT            = 303
+	SYS_UTIMENSAT              = 304
+	SYS_SIGNALFD               = 305
+	SYS_TIMERFD_CREATE         = 306
+	SYS_EVENTFD                = 307
+	SYS_SYNC_FILE_RANGE2       = 308
+	SYS_FALLOCATE              = 309
+	SYS_SUBPAGE_PROT           = 310
+	SYS_TIMERFD_SETTIME        = 311
+	SYS_TIMERFD_GETTIME        = 312
+	SYS_SIGNALFD4              = 313
+	SYS_EVENTFD2               = 314
+	SYS_EPOLL_CREATE1          = 315
+	SYS_DUP3                   = 316
+	SYS_PIPE2                  = 317
+	SYS_INOTIFY_INIT1          = 318
+	SYS_PERF_EVENT_OPEN        = 319
+	SYS_PREADV                 = 320
+	SYS_PWRITEV                = 321
+	SYS_RT_TGSIGQUEUEINFO      = 322
+	SYS_FANOTIFY_INIT          = 323
+	SYS_FANOTIFY_MARK          = 324
+	SYS_PRLIMIT64              = 325
+	SYS_SOCKET                 = 326
+	SYS_BIND                   = 327
+	SYS_CONNECT                = 328
+	SYS_LISTEN                 = 329
+	SYS_ACCEPT                 = 330
+	SYS_GETSOCKNAME            = 331
+	SYS_GETPEERNAME            = 332
+	SYS_SOCKETPAIR             = 333
+	SYS_SEND                   = 334
+	SYS_SENDTO                 = 335
+	SYS_RECV                   = 336
+	SYS_RECVFROM               = 337
+	SYS_SHUTDOWN               = 338
+	SYS_SETSOCKOPT             = 339
+	SYS_GETSOCKOPT             = 340
+	SYS_SENDMSG                = 341
+	SYS_RECVMSG                = 342
+	SYS_RECVMMSG               = 343
+	SYS_ACCEPT4                = 344
+	SYS_NAME_TO_HANDLE_AT      = 345
+	SYS_OPEN_BY_HANDLE_AT      = 346
+	SYS_CLOCK_ADJTIME          = 347
+	SYS_SYNCFS                 = 348
+	SYS_SENDMMSG               = 349
+	SYS_SETNS                  = 350
+	SYS_PROCESS_VM_READV       = 351
+	SYS_PROCESS_VM_WRITEV      = 352
+	SYS_FINIT_MODULE           = 353
+	SYS_KCMP                   = 354
+	SYS_SCHED_SETATTR          = 355
+	SYS_SCHED_GETATTR          = 356
+	SYS_RENAMEAT2              = 357
+	SYS_SECCOMP                = 358
+	SYS_GETRANDOM              = 359
+	SYS_MEMFD_CREATE           = 360
+	SYS_BPF                    = 361
+	SYS_EXECVEAT               = 362
+	SYS_SWITCH_ENDIAN          = 363
+	SYS_USERFAULTFD            = 364
+	SYS_MEMBARRIER             = 365
+	SYS_MLOCK2                 = 378
+	SYS_COPY_FILE_RANGE        = 379
+	SYS_PREADV2                = 380
+	SYS_PWRITEV2               = 381
+	SYS_KEXEC_FILE_LOAD        = 382
+	SYS_STATX                  = 383
+	SYS_PKEY_ALLOC             = 384
+	SYS_PKEY_FREE              = 385
+	SYS_PKEY_MPROTECT          = 386
+	SYS_RSEQ                   = 387
+	SYS_IO_PGETEVENTS          = 388
+	SYS_SEMTIMEDOP             = 392
+	SYS_SEMGET                 = 393
+	SYS_SEMCTL                 = 394
+	SYS_SHMGET                 = 395
+	SYS_SHMCTL                 = 396
+	SYS_SHMAT                  = 397
+	SYS_SHMDT                  = 398
+	SYS_MSGGET                 = 399
+	SYS_MSGSND                 = 400
+	SYS_MSGRCV                 = 401
+	SYS_MSGCTL                 = 402
+	SYS_PIDFD_SEND_SIGNAL      = 424
+	SYS_IO_URING_SETUP         = 425
+	SYS_IO_URING_ENTER         = 426
+	SYS_IO_URING_REGISTER      = 427
+	SYS_OPEN_TREE              = 428
+	SYS_MOVE_MOUNT             = 429
+	SYS_FSOPEN                 = 430
+	SYS_FSCONFIG               = 431
+	SYS_FSMOUNT                = 432
+	SYS_FSPICK                 = 433
+	SYS_PIDFD_OPEN             = 434
+	SYS_CLONE3                 = 435
+	SYS_OPENAT2                = 437
+	SYS_PIDFD_GETFD            = 438
+	SYS_FACCESSAT2             = 439
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
new file mode 100644
index 000000000..6642cfccd
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
@@ -0,0 +1,303 @@
+// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include /tmp/include/asm/unistd.h
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build riscv64,linux
+
+package unix
+
+const (
+	SYS_IO_SETUP               = 0
+	SYS_IO_DESTROY             = 1
+	SYS_IO_SUBMIT              = 2
+	SYS_IO_CANCEL              = 3
+	SYS_IO_GETEVENTS           = 4
+	SYS_SETXATTR               = 5
+	SYS_LSETXATTR              = 6
+	SYS_FSETXATTR              = 7
+	SYS_GETXATTR               = 8
+	SYS_LGETXATTR              = 9
+	SYS_FGETXATTR              = 10
+	SYS_LISTXATTR              = 11
+	SYS_LLISTXATTR             = 12
+	SYS_FLISTXATTR             = 13
+	SYS_REMOVEXATTR            = 14
+	SYS_LREMOVEXATTR           = 15
+	SYS_FREMOVEXATTR           = 16
+	SYS_GETCWD                 = 17
+	SYS_LOOKUP_DCOOKIE         = 18
+	SYS_EVENTFD2               = 19
+	SYS_EPOLL_CREATE1          = 20
+	SYS_EPOLL_CTL              = 21
+	SYS_EPOLL_PWAIT            = 22
+	SYS_DUP                    = 23
+	SYS_DUP3                   = 24
+	SYS_FCNTL                  = 25
+	SYS_INOTIFY_INIT1          = 26
+	SYS_INOTIFY_ADD_WATCH      = 27
+	SYS_INOTIFY_RM_WATCH       = 28
+	SYS_IOCTL                  = 29
+	SYS_IOPRIO_SET             = 30
+	SYS_IOPRIO_GET             = 31
+	SYS_FLOCK                  = 32
+	SYS_MKNODAT                = 33
+	SYS_MKDIRAT                = 34
+	SYS_UNLINKAT               = 35
+	SYS_SYMLINKAT              = 36
+	SYS_LINKAT                 = 37
+	SYS_UMOUNT2                = 39
+	SYS_MOUNT                  = 40
+	SYS_PIVOT_ROOT             = 41
+	SYS_NFSSERVCTL             = 42
+	SYS_STATFS                 = 43
+	SYS_FSTATFS                = 44
+	SYS_TRUNCATE               = 45
+	SYS_FTRUNCATE              = 46
+	SYS_FALLOCATE              = 47
+	SYS_FACCESSAT              = 48
+	SYS_CHDIR                  = 49
+	SYS_FCHDIR                 = 50
+	SYS_CHROOT                 = 51
+	SYS_FCHMOD                 = 52
+	SYS_FCHMODAT               = 53
+	SYS_FCHOWNAT               = 54
+	SYS_FCHOWN                 = 55
+	SYS_OPENAT                 = 56
+	SYS_CLOSE                  = 57
+	SYS_VHANGUP                = 58
+	SYS_PIPE2                  = 59
+	SYS_QUOTACTL               = 60
+	SYS_GETDENTS64             = 61
+	SYS_LSEEK                  = 62
+	SYS_READ                   = 63
+	SYS_WRITE                  = 64
+	SYS_READV                  = 65
+	SYS_WRITEV                 = 66
+	SYS_PREAD64                = 67
+	SYS_PWRITE64               = 68
+	SYS_PREADV                 = 69
+	SYS_PWRITEV                = 70
+	SYS_SENDFILE               = 71
+	SYS_PSELECT6               = 72
+	SYS_PPOLL                  = 73
+	SYS_SIGNALFD4              = 74
+	SYS_VMSPLICE               = 75
+	SYS_SPLICE                 = 76
+	SYS_TEE                    = 77
+	SYS_READLINKAT             = 78
+	SYS_FSTATAT                = 79
+	SYS_FSTAT                  = 80
+	SYS_SYNC                   = 81
+	SYS_FSYNC                  = 82
+	SYS_FDATASYNC              = 83
+	SYS_SYNC_FILE_RANGE        = 84
+	SYS_TIMERFD_CREATE         = 85
+	SYS_TIMERFD_SETTIME        = 86
+	SYS_TIMERFD_GETTIME        = 87
+	SYS_UTIMENSAT              = 88
+	SYS_ACCT                   = 89
+	SYS_CAPGET                 = 90
+	SYS_CAPSET                 = 91
+	SYS_PERSONALITY            = 92
+	SYS_EXIT                   = 93
+	SYS_EXIT_GROUP             = 94
+	SYS_WAITID                 = 95
+	SYS_SET_TID_ADDRESS        = 96
+	SYS_UNSHARE                = 97
+	SYS_FUTEX                  = 98
+	SYS_SET_ROBUST_LIST        = 99
+	SYS_GET_ROBUST_LIST        = 100
+	SYS_NANOSLEEP              = 101
+	SYS_GETITIMER              = 102
+	SYS_SETITIMER              = 103
+	SYS_KEXEC_LOAD             = 104
+	SYS_INIT_MODULE            = 105
+	SYS_DELETE_MODULE          = 106
+	SYS_TIMER_CREATE           = 107
+	SYS_TIMER_GETTIME          = 108
+	SYS_TIMER_GETOVERRUN       = 109
+	SYS_TIMER_SETTIME          = 110
+	SYS_TIMER_DELETE           = 111
+	SYS_CLOCK_SETTIME          = 112
+	SYS_CLOCK_GETTIME          = 113
+	SYS_CLOCK_GETRES           = 114
+	SYS_CLOCK_NANOSLEEP        = 115
+	SYS_SYSLOG                 = 116
+	SYS_PTRACE                 = 117
+	SYS_SCHED_SETPARAM         = 118
+	SYS_SCHED_SETSCHEDULER     = 119
+	SYS_SCHED_GETSCHEDULER     = 120
+	SYS_SCHED_GETPARAM         = 121
+	SYS_SCHED_SETAFFINITY      = 122
+	SYS_SCHED_GETAFFINITY      = 123
+	SYS_SCHED_YIELD            = 124
+	SYS_SCHED_GET_PRIORITY_MAX = 125
+	SYS_SCHED_GET_PRIORITY_MIN = 126
+	SYS_SCHED_RR_GET_INTERVAL  = 127
+	SYS_RESTART_SYSCALL        = 128
+	SYS_KILL                   = 129
+	SYS_TKILL                  = 130
+	SYS_TGKILL                 = 131
+	SYS_SIGALTSTACK            = 132
+	SYS_RT_SIGSUSPEND          = 133
+	SYS_RT_SIGACTION           = 134
+	SYS_RT_SIGPROCMASK         = 135
+	SYS_RT_SIGPENDING          = 136
+	SYS_RT_SIGTIMEDWAIT        = 137
+	SYS_RT_SIGQUEUEINFO        = 138
+	SYS_RT_SIGRETURN           = 139
+	SYS_SETPRIORITY            = 140
+	SYS_GETPRIORITY            = 141
+	SYS_REBOOT                 = 142
+	SYS_SETREGID               = 143
+	SYS_SETGID                 = 144
+	SYS_SETREUID               = 145
+	SYS_SETUID                 = 146
+	SYS_SETRESUID              = 147
+	SYS_GETRESUID              = 148
+	SYS_SETRESGID              = 149
+	SYS_GETRESGID              = 150
+	SYS_SETFSUID               = 151
+	SYS_SETFSGID               = 152
+	SYS_TIMES                  = 153
+	SYS_SETPGID                = 154
+	SYS_GETPGID                = 155
+	SYS_GETSID                 = 156
+	SYS_SETSID                 = 157
+	SYS_GETGROUPS              = 158
+	SYS_SETGROUPS              = 159
+	SYS_UNAME                  = 160
+	SYS_SETHOSTNAME            = 161
+	SYS_SETDOMAINNAME          = 162
+	SYS_GETRLIMIT              = 163
+	SYS_SETRLIMIT              = 164
+	SYS_GETRUSAGE              = 165
+	SYS_UMASK                  = 166
+	SYS_PRCTL                  = 167
+	SYS_GETCPU                 = 168
+	SYS_GETTIMEOFDAY           = 169
+	SYS_SETTIMEOFDAY           = 170
+	SYS_ADJTIMEX               = 171
+	SYS_GETPID                 = 172
+	SYS_GETPPID                = 173
+	SYS_GETUID                 = 174
+	SYS_GETEUID                = 175
+	SYS_GETGID                 = 176
+	SYS_GETEGID                = 177
+	SYS_GETTID                 = 178
+	SYS_SYSINFO                = 179
+	SYS_MQ_OPEN                = 180
+	SYS_MQ_UNLINK              = 181
+	SYS_MQ_TIMEDSEND           = 182
+	SYS_MQ_TIMEDRECEIVE        = 183
+	SYS_MQ_NOTIFY              = 184
+	SYS_MQ_GETSETATTR          = 185
+	SYS_MSGGET                 = 186
+	SYS_MSGCTL                 = 187
+	SYS_MSGRCV                 = 188
+	SYS_MSGSND                 = 189
+	SYS_SEMGET                 = 190
+	SYS_SEMCTL                 = 191
+	SYS_SEMTIMEDOP             = 192
+	SYS_SEMOP                  = 193
+	SYS_SHMGET                 = 194
+	SYS_SHMCTL                 = 195
+	SYS_SHMAT                  = 196
+	SYS_SHMDT                  = 197
+	SYS_SOCKET                 = 198
+	SYS_SOCKETPAIR             = 199
+	SYS_BIND                   = 200
+	SYS_LISTEN                 = 201
+	SYS_ACCEPT                 = 202
+	SYS_CONNECT                = 203
+	SYS_GETSOCKNAME            = 204
+	SYS_GETPEERNAME            = 205
+	SYS_SENDTO                 = 206
+	SYS_RECVFROM               = 207
+	SYS_SETSOCKOPT             = 208
+	SYS_GETSOCKOPT             = 209
+	SYS_SHUTDOWN               = 210
+	SYS_SENDMSG                = 211
+	SYS_RECVMSG                = 212
+	SYS_READAHEAD              = 213
+	SYS_BRK                    = 214
+	SYS_MUNMAP                 = 215
+	SYS_MREMAP                 = 216
+	SYS_ADD_KEY                = 217
+	SYS_REQUEST_KEY            = 218
+	SYS_KEYCTL                 = 219
+	SYS_CLONE                  = 220
+	SYS_EXECVE                 = 221
+	SYS_MMAP                   = 222
+	SYS_FADVISE64              = 223
+	SYS_SWAPON                 = 224
+	SYS_SWAPOFF                = 225
+	SYS_MPROTECT               = 226
+	SYS_MSYNC                  = 227
+	SYS_MLOCK                  = 228
+	SYS_MUNLOCK                = 229
+	SYS_MLOCKALL               = 230
+	SYS_MUNLOCKALL             = 231
+	SYS_MINCORE                = 232
+	SYS_MADVISE                = 233
+	SYS_REMAP_FILE_PAGES       = 234
+	SYS_MBIND                  = 235
+	SYS_GET_MEMPOLICY          = 236
+	SYS_SET_MEMPOLICY          = 237
+	SYS_MIGRATE_PAGES          = 238
+	SYS_MOVE_PAGES             = 239
+	SYS_RT_TGSIGQUEUEINFO      = 240
+	SYS_PERF_EVENT_OPEN        = 241
+	SYS_ACCEPT4                = 242
+	SYS_RECVMMSG               = 243
+	SYS_ARCH_SPECIFIC_SYSCALL  = 244
+	SYS_WAIT4                  = 260
+	SYS_PRLIMIT64              = 261
+	SYS_FANOTIFY_INIT          = 262
+	SYS_FANOTIFY_MARK          = 263
+	SYS_NAME_TO_HANDLE_AT      = 264
+	SYS_OPEN_BY_HANDLE_AT      = 265
+	SYS_CLOCK_ADJTIME          = 266
+	SYS_SYNCFS                 = 267
+	SYS_SETNS                  = 268
+	SYS_SENDMMSG               = 269
+	SYS_PROCESS_VM_READV       = 270
+	SYS_PROCESS_VM_WRITEV      = 271
+	SYS_KCMP                   = 272
+	SYS_FINIT_MODULE           = 273
+	SYS_SCHED_SETATTR          = 274
+	SYS_SCHED_GETATTR          = 275
+	SYS_RENAMEAT2              = 276
+	SYS_SECCOMP                = 277
+	SYS_GETRANDOM              = 278
+	SYS_MEMFD_CREATE           = 279
+	SYS_BPF                    = 280
+	SYS_EXECVEAT               = 281
+	SYS_USERFAULTFD            = 282
+	SYS_MEMBARRIER             = 283
+	SYS_MLOCK2                 = 284
+	SYS_COPY_FILE_RANGE        = 285
+	SYS_PREADV2                = 286
+	SYS_PWRITEV2               = 287
+	SYS_PKEY_MPROTECT          = 288
+	SYS_PKEY_ALLOC             = 289
+	SYS_PKEY_FREE              = 290
+	SYS_STATX                  = 291
+	SYS_IO_PGETEVENTS          = 292
+	SYS_RSEQ                   = 293
+	SYS_KEXEC_FILE_LOAD        = 294
+	SYS_PIDFD_SEND_SIGNAL      = 424
+	SYS_IO_URING_SETUP         = 425
+	SYS_IO_URING_ENTER         = 426
+	SYS_IO_URING_REGISTER      = 427
+	SYS_OPEN_TREE              = 428
+	SYS_MOVE_MOUNT             = 429
+	SYS_FSOPEN                 = 430
+	SYS_FSCONFIG               = 431
+	SYS_FSMOUNT                = 432
+	SYS_FSPICK                 = 433
+	SYS_PIDFD_OPEN             = 434
+	SYS_CLONE3                 = 435
+	SYS_OPENAT2                = 437
+	SYS_PIDFD_GETFD            = 438
+	SYS_FACCESSAT2             = 439
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go
new file mode 100644
index 000000000..23367b946
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go
@@ -0,0 +1,366 @@
+// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include -fsigned-char /tmp/include/asm/unistd.h
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build s390x,linux
+
+package unix
+
+const (
+	SYS_EXIT                   = 1
+	SYS_FORK                   = 2
+	SYS_READ                   = 3
+	SYS_WRITE                  = 4
+	SYS_OPEN                   = 5
+	SYS_CLOSE                  = 6
+	SYS_RESTART_SYSCALL        = 7
+	SYS_CREAT                  = 8
+	SYS_LINK                   = 9
+	SYS_UNLINK                 = 10
+	SYS_EXECVE                 = 11
+	SYS_CHDIR                  = 12
+	SYS_MKNOD                  = 14
+	SYS_CHMOD                  = 15
+	SYS_LSEEK                  = 19
+	SYS_GETPID                 = 20
+	SYS_MOUNT                  = 21
+	SYS_UMOUNT                 = 22
+	SYS_PTRACE                 = 26
+	SYS_ALARM                  = 27
+	SYS_PAUSE                  = 29
+	SYS_UTIME                  = 30
+	SYS_ACCESS                 = 33
+	SYS_NICE                   = 34
+	SYS_SYNC                   = 36
+	SYS_KILL                   = 37
+	SYS_RENAME                 = 38
+	SYS_MKDIR                  = 39
+	SYS_RMDIR                  = 40
+	SYS_DUP                    = 41
+	SYS_PIPE                   = 42
+	SYS_TIMES                  = 43
+	SYS_BRK                    = 45
+	SYS_SIGNAL                 = 48
+	SYS_ACCT                   = 51
+	SYS_UMOUNT2                = 52
+	SYS_IOCTL                  = 54
+	SYS_FCNTL                  = 55
+	SYS_SETPGID                = 57
+	SYS_UMASK                  = 60
+	SYS_CHROOT                 = 61
+	SYS_USTAT                  = 62
+	SYS_DUP2                   = 63
+	SYS_GETPPID                = 64
+	SYS_GETPGRP                = 65
+	SYS_SETSID                 = 66
+	SYS_SIGACTION              = 67
+	SYS_SIGSUSPEND             = 72
+	SYS_SIGPENDING             = 73
+	SYS_SETHOSTNAME            = 74
+	SYS_SETRLIMIT              = 75
+	SYS_GETRUSAGE              = 77
+	SYS_GETTIMEOFDAY           = 78
+	SYS_SETTIMEOFDAY           = 79
+	SYS_SYMLINK                = 83
+	SYS_READLINK               = 85
+	SYS_USELIB                 = 86
+	SYS_SWAPON                 = 87
+	SYS_REBOOT                 = 88
+	SYS_READDIR                = 89
+	SYS_MMAP                   = 90
+	SYS_MUNMAP                 = 91
+	SYS_TRUNCATE               = 92
+	SYS_FTRUNCATE              = 93
+	SYS_FCHMOD                 = 94
+	SYS_GETPRIORITY            = 96
+	SYS_SETPRIORITY            = 97
+	SYS_STATFS                 = 99
+	SYS_FSTATFS                = 100
+	SYS_SOCKETCALL             = 102
+	SYS_SYSLOG                 = 103
+	SYS_SETITIMER              = 104
+	SYS_GETITIMER              = 105
+	SYS_STAT                   = 106
+	SYS_LSTAT                  = 107
+	SYS_FSTAT                  = 108
+	SYS_LOOKUP_DCOOKIE         = 110
+	SYS_VHANGUP                = 111
+	SYS_IDLE                   = 112
+	SYS_WAIT4                  = 114
+	SYS_SWAPOFF                = 115
+	SYS_SYSINFO                = 116
+	SYS_IPC                    = 117
+	SYS_FSYNC                  = 118
+	SYS_SIGRETURN              = 119
+	SYS_CLONE                  = 120
+	SYS_SETDOMAINNAME          = 121
+	SYS_UNAME                  = 122
+	SYS_ADJTIMEX               = 124
+	SYS_MPROTECT               = 125
+	SYS_SIGPROCMASK            = 126
+	SYS_CREATE_MODULE          = 127
+	SYS_INIT_MODULE            = 128
+	SYS_DELETE_MODULE          = 129
+	SYS_GET_KERNEL_SYMS        = 130
+	SYS_QUOTACTL               = 131
+	SYS_GETPGID                = 132
+	SYS_FCHDIR                 = 133
+	SYS_BDFLUSH                = 134
+	SYS_SYSFS                  = 135
+	SYS_PERSONALITY            = 136
+	SYS_AFS_SYSCALL            = 137
+	SYS_GETDENTS               = 141
+	SYS_SELECT                 = 142
+	SYS_FLOCK                  = 143
+	SYS_MSYNC                  = 144
+	SYS_READV                  = 145
+	SYS_WRITEV                 = 146
+	SYS_GETSID                 = 147
+	SYS_FDATASYNC              = 148
+	SYS__SYSCTL                = 149
+	SYS_MLOCK                  = 150
+	SYS_MUNLOCK                = 151
+	SYS_MLOCKALL               = 152
+	SYS_MUNLOCKALL             = 153
+	SYS_SCHED_SETPARAM         = 154
+	SYS_SCHED_GETPARAM         = 155
+	SYS_SCHED_SETSCHEDULER     = 156
+	SYS_SCHED_GETSCHEDULER     = 157
+	SYS_SCHED_YIELD            = 158
+	SYS_SCHED_GET_PRIORITY_MAX = 159
+	SYS_SCHED_GET_PRIORITY_MIN = 160
+	SYS_SCHED_RR_GET_INTERVAL  = 161
+	SYS_NANOSLEEP              = 162
+	SYS_MREMAP                 = 163
+	SYS_QUERY_MODULE           = 167
+	SYS_POLL                   = 168
+	SYS_NFSSERVCTL             = 169
+	SYS_PRCTL                  = 172
+	SYS_RT_SIGRETURN           = 173
+	SYS_RT_SIGACTION           = 174
+	SYS_RT_SIGPROCMASK         = 175
+	SYS_RT_SIGPENDING          = 176
+	SYS_RT_SIGTIMEDWAIT        = 177
+	SYS_RT_SIGQUEUEINFO        = 178
+	SYS_RT_SIGSUSPEND          = 179
+	SYS_PREAD64                = 180
+	SYS_PWRITE64               = 181
+	SYS_GETCWD                 = 183
+	SYS_CAPGET                 = 184
+	SYS_CAPSET                 = 185
+	SYS_SIGALTSTACK            = 186
+	SYS_SENDFILE               = 187
+	SYS_GETPMSG                = 188
+	SYS_PUTPMSG                = 189
+	SYS_VFORK                  = 190
+	SYS_GETRLIMIT              = 191
+	SYS_LCHOWN                 = 198
+	SYS_GETUID                 = 199
+	SYS_GETGID                 = 200
+	SYS_GETEUID                = 201
+	SYS_GETEGID                = 202
+	SYS_SETREUID               = 203
+	SYS_SETREGID               = 204
+	SYS_GETGROUPS              = 205
+	SYS_SETGROUPS              = 206
+	SYS_FCHOWN                 = 207
+	SYS_SETRESUID              = 208
+	SYS_GETRESUID              = 209
+	SYS_SETRESGID              = 210
+	SYS_GETRESGID              = 211
+	SYS_CHOWN                  = 212
+	SYS_SETUID                 = 213
+	SYS_SETGID                 = 214
+	SYS_SETFSUID               = 215
+	SYS_SETFSGID               = 216
+	SYS_PIVOT_ROOT             = 217
+	SYS_MINCORE                = 218
+	SYS_MADVISE                = 219
+	SYS_GETDENTS64             = 220
+	SYS_READAHEAD              = 222
+	SYS_SETXATTR               = 224
+	SYS_LSETXATTR              = 225
+	SYS_FSETXATTR              = 226
+	SYS_GETXATTR               = 227
+	SYS_LGETXATTR              = 228
+	SYS_FGETXATTR              = 229
+	SYS_LISTXATTR              = 230
+	SYS_LLISTXATTR             = 231
+	SYS_FLISTXATTR             = 232
+	SYS_REMOVEXATTR            = 233
+	SYS_LREMOVEXATTR           = 234
+	SYS_FREMOVEXATTR           = 235
+	SYS_GETTID                 = 236
+	SYS_TKILL                  = 237
+	SYS_FUTEX                  = 238
+	SYS_SCHED_SETAFFINITY      = 239
+	SYS_SCHED_GETAFFINITY      = 240
+	SYS_TGKILL                 = 241
+	SYS_IO_SETUP               = 243
+	SYS_IO_DESTROY             = 244
+	SYS_IO_GETEVENTS           = 245
+	SYS_IO_SUBMIT              = 246
+	SYS_IO_CANCEL              = 247
+	SYS_EXIT_GROUP             = 248
+	SYS_EPOLL_CREATE           = 249
+	SYS_EPOLL_CTL              = 250
+	SYS_EPOLL_WAIT             = 251
+	SYS_SET_TID_ADDRESS        = 252
+	SYS_FADVISE64              = 253
+	SYS_TIMER_CREATE           = 254
+	SYS_TIMER_SETTIME          = 255
+	SYS_TIMER_GETTIME          = 256
+	SYS_TIMER_GETOVERRUN       = 257
+	SYS_TIMER_DELETE           = 258
+	SYS_CLOCK_SETTIME          = 259
+	SYS_CLOCK_GETTIME          = 260
+	SYS_CLOCK_GETRES           = 261
+	SYS_CLOCK_NANOSLEEP        = 262
+	SYS_STATFS64               = 265
+	SYS_FSTATFS64              = 266
+	SYS_REMAP_FILE_PAGES       = 267
+	SYS_MBIND                  = 268
+	SYS_GET_MEMPOLICY          = 269
+	SYS_SET_MEMPOLICY          = 270
+	SYS_MQ_OPEN                = 271
+	SYS_MQ_UNLINK              = 272
+	SYS_MQ_TIMEDSEND           = 273
+	SYS_MQ_TIMEDRECEIVE        = 274
+	SYS_MQ_NOTIFY              = 275
+	SYS_MQ_GETSETATTR          = 276
+	SYS_KEXEC_LOAD             = 277
+	SYS_ADD_KEY                = 278
+	SYS_REQUEST_KEY            = 279
+	SYS_KEYCTL                 = 280
+	SYS_WAITID                 = 281
+	SYS_IOPRIO_SET             = 282
+	SYS_IOPRIO_GET             = 283
+	SYS_INOTIFY_INIT           = 284
+	SYS_INOTIFY_ADD_WATCH      = 285
+	SYS_INOTIFY_RM_WATCH       = 286
+	SYS_MIGRATE_PAGES          = 287
+	SYS_OPENAT                 = 288
+	SYS_MKDIRAT                = 289
+	SYS_MKNODAT                = 290
+	SYS_FCHOWNAT               = 291
+	SYS_FUTIMESAT              = 292
+	SYS_NEWFSTATAT             = 293
+	SYS_UNLINKAT               = 294
+	SYS_RENAMEAT               = 295
+	SYS_LINKAT                 = 296
+	SYS_SYMLINKAT              = 297
+	SYS_READLINKAT             = 298
+	SYS_FCHMODAT               = 299
+	SYS_FACCESSAT              = 300
+	SYS_PSELECT6               = 301
+	SYS_PPOLL                  = 302
+	SYS_UNSHARE                = 303
+	SYS_SET_ROBUST_LIST        = 304
+	SYS_GET_ROBUST_LIST        = 305
+	SYS_SPLICE                 = 306
+	SYS_SYNC_FILE_RANGE        = 307
+	SYS_TEE                    = 308
+	SYS_VMSPLICE               = 309
+	SYS_MOVE_PAGES             = 310
+	SYS_GETCPU                 = 311
+	SYS_EPOLL_PWAIT            = 312
+	SYS_UTIMES                 = 313
+	SYS_FALLOCATE              = 314
+	SYS_UTIMENSAT              = 315
+	SYS_SIGNALFD               = 316
+	SYS_TIMERFD                = 317
+	SYS_EVENTFD                = 318
+	SYS_TIMERFD_CREATE         = 319
+	SYS_TIMERFD_SETTIME        = 320
+	SYS_TIMERFD_GETTIME        = 321
+	SYS_SIGNALFD4              = 322
+	SYS_EVENTFD2               = 323
+	SYS_INOTIFY_INIT1          = 324
+	SYS_PIPE2                  = 325
+	SYS_DUP3                   = 326
+	SYS_EPOLL_CREATE1          = 327
+	SYS_PREADV                 = 328
+	SYS_PWRITEV                = 329
+	SYS_RT_TGSIGQUEUEINFO      = 330
+	SYS_PERF_EVENT_OPEN        = 331
+	SYS_FANOTIFY_INIT          = 332
+	SYS_FANOTIFY_MARK          = 333
+	SYS_PRLIMIT64              = 334
+	SYS_NAME_TO_HANDLE_AT      = 335
+	SYS_OPEN_BY_HANDLE_AT      = 336
+	SYS_CLOCK_ADJTIME          = 337
+	SYS_SYNCFS                 = 338
+	SYS_SETNS                  = 339
+	SYS_PROCESS_VM_READV       = 340
+	SYS_PROCESS_VM_WRITEV      = 341
+	SYS_S390_RUNTIME_INSTR     = 342
+	SYS_KCMP                   = 343
+	SYS_FINIT_MODULE           = 344
+	SYS_SCHED_SETATTR          = 345
+	SYS_SCHED_GETATTR          = 346
+	SYS_RENAMEAT2              = 347
+	SYS_SECCOMP                = 348
+	SYS_GETRANDOM              = 349
+	SYS_MEMFD_CREATE           = 350
+	SYS_BPF                    = 351
+	SYS_S390_PCI_MMIO_WRITE    = 352
+	SYS_S390_PCI_MMIO_READ     = 353
+	SYS_EXECVEAT               = 354
+	SYS_USERFAULTFD            = 355
+	SYS_MEMBARRIER             = 356
+	SYS_RECVMMSG               = 357
+	SYS_SENDMMSG               = 358
+	SYS_SOCKET                 = 359
+	SYS_SOCKETPAIR             = 360
+	SYS_BIND                   = 361
+	SYS_CONNECT                = 362
+	SYS_LISTEN                 = 363
+	SYS_ACCEPT4                = 364
+	SYS_GETSOCKOPT             = 365
+	SYS_SETSOCKOPT             = 366
+	SYS_GETSOCKNAME            = 367
+	SYS_GETPEERNAME            = 368
+	SYS_SENDTO                 = 369
+	SYS_SENDMSG                = 370
+	SYS_RECVFROM               = 371
+	SYS_RECVMSG                = 372
+	SYS_SHUTDOWN               = 373
+	SYS_MLOCK2                 = 374
+	SYS_COPY_FILE_RANGE        = 375
+	SYS_PREADV2                = 376
+	SYS_PWRITEV2               = 377
+	SYS_S390_GUARDED_STORAGE   = 378
+	SYS_STATX                  = 379
+	SYS_S390_STHYI             = 380
+	SYS_KEXEC_FILE_LOAD        = 381
+	SYS_IO_PGETEVENTS          = 382
+	SYS_RSEQ                   = 383
+	SYS_PKEY_MPROTECT          = 384
+	SYS_PKEY_ALLOC             = 385
+	SYS_PKEY_FREE              = 386
+	SYS_SEMTIMEDOP             = 392
+	SYS_SEMGET                 = 393
+	SYS_SEMCTL                 = 394
+	SYS_SHMGET                 = 395
+	SYS_SHMCTL                 = 396
+	SYS_SHMAT                  = 397
+	SYS_SHMDT                  = 398
+	SYS_MSGGET                 = 399
+	SYS_MSGSND                 = 400
+	SYS_MSGRCV                 = 401
+	SYS_MSGCTL                 = 402
+	SYS_PIDFD_SEND_SIGNAL      = 424
+	SYS_IO_URING_SETUP         = 425
+	SYS_IO_URING_ENTER         = 426
+	SYS_IO_URING_REGISTER      = 427
+	SYS_OPEN_TREE              = 428
+	SYS_MOVE_MOUNT             = 429
+	SYS_FSOPEN                 = 430
+	SYS_FSCONFIG               = 431
+	SYS_FSMOUNT                = 432
+	SYS_FSPICK                 = 433
+	SYS_PIDFD_OPEN             = 434
+	SYS_CLONE3                 = 435
+	SYS_OPENAT2                = 437
+	SYS_PIDFD_GETFD            = 438
+	SYS_FACCESSAT2             = 439
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go
new file mode 100644
index 000000000..083aa0204
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go
@@ -0,0 +1,380 @@
+// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include /tmp/include/asm/unistd.h
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build sparc64,linux
+
+package unix
+
+const (
+	SYS_RESTART_SYSCALL        = 0
+	SYS_EXIT                   = 1
+	SYS_FORK                   = 2
+	SYS_READ                   = 3
+	SYS_WRITE                  = 4
+	SYS_OPEN                   = 5
+	SYS_CLOSE                  = 6
+	SYS_WAIT4                  = 7
+	SYS_CREAT                  = 8
+	SYS_LINK                   = 9
+	SYS_UNLINK                 = 10
+	SYS_EXECV                  = 11
+	SYS_CHDIR                  = 12
+	SYS_CHOWN                  = 13
+	SYS_MKNOD                  = 14
+	SYS_CHMOD                  = 15
+	SYS_LCHOWN                 = 16
+	SYS_BRK                    = 17
+	SYS_PERFCTR                = 18
+	SYS_LSEEK                  = 19
+	SYS_GETPID                 = 20
+	SYS_CAPGET                 = 21
+	SYS_CAPSET                 = 22
+	SYS_SETUID                 = 23
+	SYS_GETUID                 = 24
+	SYS_VMSPLICE               = 25
+	SYS_PTRACE                 = 26
+	SYS_ALARM                  = 27
+	SYS_SIGALTSTACK            = 28
+	SYS_PAUSE                  = 29
+	SYS_UTIME                  = 30
+	SYS_ACCESS                 = 33
+	SYS_NICE                   = 34
+	SYS_SYNC                   = 36
+	SYS_KILL                   = 37
+	SYS_STAT                   = 38
+	SYS_SENDFILE               = 39
+	SYS_LSTAT                  = 40
+	SYS_DUP                    = 41
+	SYS_PIPE                   = 42
+	SYS_TIMES                  = 43
+	SYS_UMOUNT2                = 45
+	SYS_SETGID                 = 46
+	SYS_GETGID                 = 47
+	SYS_SIGNAL                 = 48
+	SYS_GETEUID                = 49
+	SYS_GETEGID                = 50
+	SYS_ACCT                   = 51
+	SYS_MEMORY_ORDERING        = 52
+	SYS_IOCTL                  = 54
+	SYS_REBOOT                 = 55
+	SYS_SYMLINK                = 57
+	SYS_READLINK               = 58
+	SYS_EXECVE                 = 59
+	SYS_UMASK                  = 60
+	SYS_CHROOT                 = 61
+	SYS_FSTAT                  = 62
+	SYS_FSTAT64                = 63
+	SYS_GETPAGESIZE            = 64
+	SYS_MSYNC                  = 65
+	SYS_VFORK                  = 66
+	SYS_PREAD64                = 67
+	SYS_PWRITE64               = 68
+	SYS_MMAP                   = 71
+	SYS_MUNMAP                 = 73
+	SYS_MPROTECT               = 74
+	SYS_MADVISE                = 75
+	SYS_VHANGUP                = 76
+	SYS_MINCORE                = 78
+	SYS_GETGROUPS              = 79
+	SYS_SETGROUPS              = 80
+	SYS_GETPGRP                = 81
+	SYS_SETITIMER              = 83
+	SYS_SWAPON                 = 85
+	SYS_GETITIMER              = 86
+	SYS_SETHOSTNAME            = 88
+	SYS_DUP2                   = 90
+	SYS_FCNTL                  = 92
+	SYS_SELECT                 = 93
+	SYS_FSYNC                  = 95
+	SYS_SETPRIORITY            = 96
+	SYS_SOCKET                 = 97
+	SYS_CONNECT                = 98
+	SYS_ACCEPT                 = 99
+	SYS_GETPRIORITY            = 100
+	SYS_RT_SIGRETURN           = 101
+	SYS_RT_SIGACTION           = 102
+	SYS_RT_SIGPROCMASK         = 103
+	SYS_RT_SIGPENDING          = 104
+	SYS_RT_SIGTIMEDWAIT        = 105
+	SYS_RT_SIGQUEUEINFO        = 106
+	SYS_RT_SIGSUSPEND          = 107
+	SYS_SETRESUID              = 108
+	SYS_GETRESUID              = 109
+	SYS_SETRESGID              = 110
+	SYS_GETRESGID              = 111
+	SYS_RECVMSG                = 113
+	SYS_SENDMSG                = 114
+	SYS_GETTIMEOFDAY           = 116
+	SYS_GETRUSAGE              = 117
+	SYS_GETSOCKOPT             = 118
+	SYS_GETCWD                 = 119
+	SYS_READV                  = 120
+	SYS_WRITEV                 = 121
+	SYS_SETTIMEOFDAY           = 122
+	SYS_FCHOWN                 = 123
+	SYS_FCHMOD                 = 124
+	SYS_RECVFROM               = 125
+	SYS_SETREUID               = 126
+	SYS_SETREGID               = 127
+	SYS_RENAME                 = 128
+	SYS_TRUNCATE               = 129
+	SYS_FTRUNCATE              = 130
+	SYS_FLOCK                  = 131
+	SYS_LSTAT64                = 132
+	SYS_SENDTO                 = 133
+	SYS_SHUTDOWN               = 134
+	SYS_SOCKETPAIR             = 135
+	SYS_MKDIR                  = 136
+	SYS_RMDIR                  = 137
+	SYS_UTIMES                 = 138
+	SYS_STAT64                 = 139
+	SYS_SENDFILE64             = 140
+	SYS_GETPEERNAME            = 141
+	SYS_FUTEX                  = 142
+	SYS_GETTID                 = 143
+	SYS_GETRLIMIT              = 144
+	SYS_SETRLIMIT              = 145
+	SYS_PIVOT_ROOT             = 146
+	SYS_PRCTL                  = 147
+	SYS_PCICONFIG_READ         = 148
+	SYS_PCICONFIG_WRITE        = 149
+	SYS_GETSOCKNAME            = 150
+	SYS_INOTIFY_INIT           = 151
+	SYS_INOTIFY_ADD_WATCH      = 152
+	SYS_POLL                   = 153
+	SYS_GETDENTS64             = 154
+	SYS_INOTIFY_RM_WATCH       = 156
+	SYS_STATFS                 = 157
+	SYS_FSTATFS                = 158
+	SYS_UMOUNT                 = 159
+	SYS_SCHED_SET_AFFINITY     = 160
+	SYS_SCHED_GET_AFFINITY     = 161
+	SYS_GETDOMAINNAME          = 162
+	SYS_SETDOMAINNAME          = 163
+	SYS_UTRAP_INSTALL          = 164
+	SYS_QUOTACTL               = 165
+	SYS_SET_TID_ADDRESS        = 166
+	SYS_MOUNT                  = 167
+	SYS_USTAT                  = 168
+	SYS_SETXATTR               = 169
+	SYS_LSETXATTR              = 170
+	SYS_FSETXATTR              = 171
+	SYS_GETXATTR               = 172
+	SYS_LGETXATTR              = 173
+	SYS_GETDENTS               = 174
+	SYS_SETSID                 = 175
+	SYS_FCHDIR                 = 176
+	SYS_FGETXATTR              = 177
+	SYS_LISTXATTR              = 178
+	SYS_LLISTXATTR             = 179
+	SYS_FLISTXATTR             = 180
+	SYS_REMOVEXATTR            = 181
+	SYS_LREMOVEXATTR           = 182
+	SYS_SIGPENDING             = 183
+	SYS_QUERY_MODULE           = 184
+	SYS_SETPGID                = 185
+	SYS_FREMOVEXATTR           = 186
+	SYS_TKILL                  = 187
+	SYS_EXIT_GROUP             = 188
+	SYS_UNAME                  = 189
+	SYS_INIT_MODULE            = 190
+	SYS_PERSONALITY            = 191
+	SYS_REMAP_FILE_PAGES       = 192
+	SYS_EPOLL_CREATE           = 193
+	SYS_EPOLL_CTL              = 194
+	SYS_EPOLL_WAIT             = 195
+	SYS_IOPRIO_SET             = 196
+	SYS_GETPPID                = 197
+	SYS_SIGACTION              = 198
+	SYS_SGETMASK               = 199
+	SYS_SSETMASK               = 200
+	SYS_SIGSUSPEND             = 201
+	SYS_OLDLSTAT               = 202
+	SYS_USELIB                 = 203
+	SYS_READDIR                = 204
+	SYS_READAHEAD              = 205
+	SYS_SOCKETCALL             = 206
+	SYS_SYSLOG                 = 207
+	SYS_LOOKUP_DCOOKIE         = 208
+	SYS_FADVISE64              = 209
+	SYS_FADVISE64_64           = 210
+	SYS_TGKILL                 = 211
+	SYS_WAITPID                = 212
+	SYS_SWAPOFF                = 213
+	SYS_SYSINFO                = 214
+	SYS_IPC                    = 215
+	SYS_SIGRETURN              = 216
+	SYS_CLONE                  = 217
+	SYS_IOPRIO_GET             = 218
+	SYS_ADJTIMEX               = 219
+	SYS_SIGPROCMASK            = 220
+	SYS_CREATE_MODULE          = 221
+	SYS_DELETE_MODULE          = 222
+	SYS_GET_KERNEL_SYMS        = 223
+	SYS_GETPGID                = 224
+	SYS_BDFLUSH                = 225
+	SYS_SYSFS                  = 226
+	SYS_AFS_SYSCALL            = 227
+	SYS_SETFSUID               = 228
+	SYS_SETFSGID               = 229
+	SYS__NEWSELECT             = 230
+	SYS_SPLICE                 = 232
+	SYS_STIME                  = 233
+	SYS_STATFS64               = 234
+	SYS_FSTATFS64              = 235
+	SYS__LLSEEK                = 236
+	SYS_MLOCK                  = 237
+	SYS_MUNLOCK                = 238
+	SYS_MLOCKALL               = 239
+	SYS_MUNLOCKALL             = 240
+	SYS_SCHED_SETPARAM         = 241
+	SYS_SCHED_GETPARAM         = 242
+	SYS_SCHED_SETSCHEDULER     = 243
+	SYS_SCHED_GETSCHEDULER     = 244
+	SYS_SCHED_YIELD            = 245
+	SYS_SCHED_GET_PRIORITY_MAX = 246
+	SYS_SCHED_GET_PRIORITY_MIN = 247
+	SYS_SCHED_RR_GET_INTERVAL  = 248
+	SYS_NANOSLEEP              = 249
+	SYS_MREMAP                 = 250
+	SYS__SYSCTL                = 251
+	SYS_GETSID                 = 252
+	SYS_FDATASYNC              = 253
+	SYS_NFSSERVCTL             = 254
+	SYS_SYNC_FILE_RANGE        = 255
+	SYS_CLOCK_SETTIME          = 256
+	SYS_CLOCK_GETTIME          = 257
+	SYS_CLOCK_GETRES           = 258
+	SYS_CLOCK_NANOSLEEP        = 259
+	SYS_SCHED_GETAFFINITY      = 260
+	SYS_SCHED_SETAFFINITY      = 261
+	SYS_TIMER_SETTIME          = 262
+	SYS_TIMER_GETTIME          = 263
+	SYS_TIMER_GETOVERRUN       = 264
+	SYS_TIMER_DELETE           = 265
+	SYS_TIMER_CREATE           = 266
+	SYS_VSERVER                = 267
+	SYS_IO_SETUP               = 268
+	SYS_IO_DESTROY             = 269
+	SYS_IO_SUBMIT              = 270
+	SYS_IO_CANCEL              = 271
+	SYS_IO_GETEVENTS           = 272
+	SYS_MQ_OPEN                = 273
+	SYS_MQ_UNLINK              = 274
+	SYS_MQ_TIMEDSEND           = 275
+	SYS_MQ_TIMEDRECEIVE        = 276
+	SYS_MQ_NOTIFY              = 277
+	SYS_MQ_GETSETATTR          = 278
+	SYS_WAITID                 = 279
+	SYS_TEE                    = 280
+	SYS_ADD_KEY                = 281
+	SYS_REQUEST_KEY            = 282
+	SYS_KEYCTL                 = 283
+	SYS_OPENAT                 = 284
+	SYS_MKDIRAT                = 285
+	SYS_MKNODAT                = 286
+	SYS_FCHOWNAT               = 287
+	SYS_FUTIMESAT              = 288
+	SYS_FSTATAT64              = 289
+	SYS_UNLINKAT               = 290
+	SYS_RENAMEAT               = 291
+	SYS_LINKAT                 = 292
+	SYS_SYMLINKAT              = 293
+	SYS_READLINKAT             = 294
+	SYS_FCHMODAT               = 295
+	SYS_FACCESSAT              = 296
+	SYS_PSELECT6               = 297
+	SYS_PPOLL                  = 298
+	SYS_UNSHARE                = 299
+	SYS_SET_ROBUST_LIST        = 300
+	SYS_GET_ROBUST_LIST        = 301
+	SYS_MIGRATE_PAGES          = 302
+	SYS_MBIND                  = 303
+	SYS_GET_MEMPOLICY          = 304
+	SYS_SET_MEMPOLICY          = 305
+	SYS_KEXEC_LOAD             = 306
+	SYS_MOVE_PAGES             = 307
+	SYS_GETCPU                 = 308
+	SYS_EPOLL_PWAIT            = 309
+	SYS_UTIMENSAT              = 310
+	SYS_SIGNALFD               = 311
+	SYS_TIMERFD_CREATE         = 312
+	SYS_EVENTFD                = 313
+	SYS_FALLOCATE              = 314
+	SYS_TIMERFD_SETTIME        = 315
+	SYS_TIMERFD_GETTIME        = 316
+	SYS_SIGNALFD4              = 317
+	SYS_EVENTFD2               = 318
+	SYS_EPOLL_CREATE1          = 319
+	SYS_DUP3                   = 320
+	SYS_PIPE2                  = 321
+	SYS_INOTIFY_INIT1          = 322
+	SYS_ACCEPT4                = 323
+	SYS_PREADV                 = 324
+	SYS_PWRITEV                = 325
+	SYS_RT_TGSIGQUEUEINFO      = 326
+	SYS_PERF_EVENT_OPEN        = 327
+	SYS_RECVMMSG               = 328
+	SYS_FANOTIFY_INIT          = 329
+	SYS_FANOTIFY_MARK          = 330
+	SYS_PRLIMIT64              = 331
+	SYS_NAME_TO_HANDLE_AT      = 332
+	SYS_OPEN_BY_HANDLE_AT      = 333
+	SYS_CLOCK_ADJTIME          = 334
+	SYS_SYNCFS                 = 335
+	SYS_SENDMMSG               = 336
+	SYS_SETNS                  = 337
+	SYS_PROCESS_VM_READV       = 338
+	SYS_PROCESS_VM_WRITEV      = 339
+	SYS_KERN_FEATURES          = 340
+	SYS_KCMP                   = 341
+	SYS_FINIT_MODULE           = 342
+	SYS_SCHED_SETATTR          = 343
+	SYS_SCHED_GETATTR          = 344
+	SYS_RENAMEAT2              = 345
+	SYS_SECCOMP                = 346
+	SYS_GETRANDOM              = 347
+	SYS_MEMFD_CREATE           = 348
+	SYS_BPF                    = 349
+	SYS_EXECVEAT               = 350
+	SYS_MEMBARRIER             = 351
+	SYS_USERFAULTFD            = 352
+	SYS_BIND                   = 353
+	SYS_LISTEN                 = 354
+	SYS_SETSOCKOPT             = 355
+	SYS_MLOCK2                 = 356
+	SYS_COPY_FILE_RANGE        = 357
+	SYS_PREADV2                = 358
+	SYS_PWRITEV2               = 359
+	SYS_STATX                  = 360
+	SYS_IO_PGETEVENTS          = 361
+	SYS_PKEY_MPROTECT          = 362
+	SYS_PKEY_ALLOC             = 363
+	SYS_PKEY_FREE              = 364
+	SYS_RSEQ                   = 365
+	SYS_SEMTIMEDOP             = 392
+	SYS_SEMGET                 = 393
+	SYS_SEMCTL                 = 394
+	SYS_SHMGET                 = 395
+	SYS_SHMCTL                 = 396
+	SYS_SHMAT                  = 397
+	SYS_SHMDT                  = 398
+	SYS_MSGGET                 = 399
+	SYS_MSGSND                 = 400
+	SYS_MSGRCV                 = 401
+	SYS_MSGCTL                 = 402
+	SYS_PIDFD_SEND_SIGNAL      = 424
+	SYS_IO_URING_SETUP         = 425
+	SYS_IO_URING_ENTER         = 426
+	SYS_IO_URING_REGISTER      = 427
+	SYS_OPEN_TREE              = 428
+	SYS_MOVE_MOUNT             = 429
+	SYS_FSOPEN                 = 430
+	SYS_FSCONFIG               = 431
+	SYS_FSMOUNT                = 432
+	SYS_FSPICK                 = 433
+	SYS_PIDFD_OPEN             = 434
+	SYS_OPENAT2                = 437
+	SYS_PIDFD_GETFD            = 438
+	SYS_FACCESSAT2             = 439
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_netbsd_386.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_netbsd_386.go
new file mode 100644
index 000000000..e66a8c9d3
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_netbsd_386.go
@@ -0,0 +1,274 @@
+// go run mksysnum.go http://cvsweb.netbsd.org/bsdweb.cgi/~checkout~/src/sys/kern/syscalls.master
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build 386,netbsd
+
+package unix
+
+const (
+	SYS_EXIT                 = 1   // { void|sys||exit(int rval); }
+	SYS_FORK                 = 2   // { int|sys||fork(void); }
+	SYS_READ                 = 3   // { ssize_t|sys||read(int fd, void *buf, size_t nbyte); }
+	SYS_WRITE                = 4   // { ssize_t|sys||write(int fd, const void *buf, size_t nbyte); }
+	SYS_OPEN                 = 5   // { int|sys||open(const char *path, int flags, ... mode_t mode); }
+	SYS_CLOSE                = 6   // { int|sys||close(int fd); }
+	SYS_LINK                 = 9   // { int|sys||link(const char *path, const char *link); }
+	SYS_UNLINK               = 10  // { int|sys||unlink(const char *path); }
+	SYS_CHDIR                = 12  // { int|sys||chdir(const char *path); }
+	SYS_FCHDIR               = 13  // { int|sys||fchdir(int fd); }
+	SYS_CHMOD                = 15  // { int|sys||chmod(const char *path, mode_t mode); }
+	SYS_CHOWN                = 16  // { int|sys||chown(const char *path, uid_t uid, gid_t gid); }
+	SYS_BREAK                = 17  // { int|sys||obreak(char *nsize); }
+	SYS_GETPID               = 20  // { pid_t|sys||getpid_with_ppid(void); }
+	SYS_UNMOUNT              = 22  // { int|sys||unmount(const char *path, int flags); }
+	SYS_SETUID               = 23  // { int|sys||setuid(uid_t uid); }
+	SYS_GETUID               = 24  // { uid_t|sys||getuid_with_euid(void); }
+	SYS_GETEUID              = 25  // { uid_t|sys||geteuid(void); }
+	SYS_PTRACE               = 26  // { int|sys||ptrace(int req, pid_t pid, void *addr, int data); }
+	SYS_RECVMSG              = 27  // { ssize_t|sys||recvmsg(int s, struct msghdr *msg, int flags); }
+	SYS_SENDMSG              = 28  // { ssize_t|sys||sendmsg(int s, const struct msghdr *msg, int flags); }
+	SYS_RECVFROM             = 29  // { ssize_t|sys||recvfrom(int s, void *buf, size_t len, int flags, struct sockaddr *from, socklen_t *fromlenaddr); }
+	SYS_ACCEPT               = 30  // { int|sys||accept(int s, struct sockaddr *name, socklen_t *anamelen); }
+	SYS_GETPEERNAME          = 31  // { int|sys||getpeername(int fdes, struct sockaddr *asa, socklen_t *alen); }
+	SYS_GETSOCKNAME          = 32  // { int|sys||getsockname(int fdes, struct sockaddr *asa, socklen_t *alen); }
+	SYS_ACCESS               = 33  // { int|sys||access(const char *path, int flags); }
+	SYS_CHFLAGS              = 34  // { int|sys||chflags(const char *path, u_long flags); }
+	SYS_FCHFLAGS             = 35  // { int|sys||fchflags(int fd, u_long flags); }
+	SYS_SYNC                 = 36  // { void|sys||sync(void); }
+	SYS_KILL                 = 37  // { int|sys||kill(pid_t pid, int signum); }
+	SYS_GETPPID              = 39  // { pid_t|sys||getppid(void); }
+	SYS_DUP                  = 41  // { int|sys||dup(int fd); }
+	SYS_PIPE                 = 42  // { int|sys||pipe(void); }
+	SYS_GETEGID              = 43  // { gid_t|sys||getegid(void); }
+	SYS_PROFIL               = 44  // { int|sys||profil(char *samples, size_t size, u_long offset, u_int scale); }
+	SYS_KTRACE               = 45  // { int|sys||ktrace(const char *fname, int ops, int facs, pid_t pid); }
+	SYS_GETGID               = 47  // { gid_t|sys||getgid_with_egid(void); }
+	SYS___GETLOGIN           = 49  // { int|sys||__getlogin(char *namebuf, size_t namelen); }
+	SYS___SETLOGIN           = 50  // { int|sys||__setlogin(const char *namebuf); }
+	SYS_ACCT                 = 51  // { int|sys||acct(const char *path); }
+	SYS_IOCTL                = 54  // { int|sys||ioctl(int fd, u_long com, ... void *data); }
+	SYS_REVOKE               = 56  // { int|sys||revoke(const char *path); }
+	SYS_SYMLINK              = 57  // { int|sys||symlink(const char *path, const char *link); }
+	SYS_READLINK             = 58  // { ssize_t|sys||readlink(const char *path, char *buf, size_t count); }
+	SYS_EXECVE               = 59  // { int|sys||execve(const char *path, char * const *argp, char * const *envp); }
+	SYS_UMASK                = 60  // { mode_t|sys||umask(mode_t newmask); }
+	SYS_CHROOT               = 61  // { int|sys||chroot(const char *path); }
+	SYS_VFORK                = 66  // { int|sys||vfork(void); }
+	SYS_SBRK                 = 69  // { int|sys||sbrk(intptr_t incr); }
+	SYS_SSTK                 = 70  // { int|sys||sstk(int incr); }
+	SYS_VADVISE              = 72  // { int|sys||ovadvise(int anom); }
+	SYS_MUNMAP               = 73  // { int|sys||munmap(void *addr, size_t len); }
+	SYS_MPROTECT             = 74  // { int|sys||mprotect(void *addr, size_t len, int prot); }
+	SYS_MADVISE              = 75  // { int|sys||madvise(void *addr, size_t len, int behav); }
+	SYS_MINCORE              = 78  // { int|sys||mincore(void *addr, size_t len, char *vec); }
+	SYS_GETGROUPS            = 79  // { int|sys||getgroups(int gidsetsize, gid_t *gidset); }
+	SYS_SETGROUPS            = 80  // { int|sys||setgroups(int gidsetsize, const gid_t *gidset); }
+	SYS_GETPGRP              = 81  // { int|sys||getpgrp(void); }
+	SYS_SETPGID              = 82  // { int|sys||setpgid(pid_t pid, pid_t pgid); }
+	SYS_DUP2                 = 90  // { int|sys||dup2(int from, int to); }
+	SYS_FCNTL                = 92  // { int|sys||fcntl(int fd, int cmd, ... void *arg); }
+	SYS_FSYNC                = 95  // { int|sys||fsync(int fd); }
+	SYS_SETPRIORITY          = 96  // { int|sys||setpriority(int which, id_t who, int prio); }
+	SYS_CONNECT              = 98  // { int|sys||connect(int s, const struct sockaddr *name, socklen_t namelen); }
+	SYS_GETPRIORITY          = 100 // { int|sys||getpriority(int which, id_t who); }
+	SYS_BIND                 = 104 // { int|sys||bind(int s, const struct sockaddr *name, socklen_t namelen); }
+	SYS_SETSOCKOPT           = 105 // { int|sys||setsockopt(int s, int level, int name, const void *val, socklen_t valsize); }
+	SYS_LISTEN               = 106 // { int|sys||listen(int s, int backlog); }
+	SYS_GETSOCKOPT           = 118 // { int|sys||getsockopt(int s, int level, int name, void *val, socklen_t *avalsize); }
+	SYS_READV                = 120 // { ssize_t|sys||readv(int fd, const struct iovec *iovp, int iovcnt); }
+	SYS_WRITEV               = 121 // { ssize_t|sys||writev(int fd, const struct iovec *iovp, int iovcnt); }
+	SYS_FCHOWN               = 123 // { int|sys||fchown(int fd, uid_t uid, gid_t gid); }
+	SYS_FCHMOD               = 124 // { int|sys||fchmod(int fd, mode_t mode); }
+	SYS_SETREUID             = 126 // { int|sys||setreuid(uid_t ruid, uid_t euid); }
+	SYS_SETREGID             = 127 // { int|sys||setregid(gid_t rgid, gid_t egid); }
+	SYS_RENAME               = 128 // { int|sys||rename(const char *from, const char *to); }
+	SYS_FLOCK                = 131 // { int|sys||flock(int fd, int how); }
+	SYS_MKFIFO               = 132 // { int|sys||mkfifo(const char *path, mode_t mode); }
+	SYS_SENDTO               = 133 // { ssize_t|sys||sendto(int s, const void *buf, size_t len, int flags, const struct sockaddr *to, socklen_t tolen); }
+	SYS_SHUTDOWN             = 134 // { int|sys||shutdown(int s, int how); }
+	SYS_SOCKETPAIR           = 135 // { int|sys||socketpair(int domain, int type, int protocol, int *rsv); }
+	SYS_MKDIR                = 136 // { int|sys||mkdir(const char *path, mode_t mode); }
+	SYS_RMDIR                = 137 // { int|sys||rmdir(const char *path); }
+	SYS_SETSID               = 147 // { int|sys||setsid(void); }
+	SYS_SYSARCH              = 165 // { int|sys||sysarch(int op, void *parms); }
+	SYS_PREAD                = 173 // { ssize_t|sys||pread(int fd, void *buf, size_t nbyte, int PAD, off_t offset); }
+	SYS_PWRITE               = 174 // { ssize_t|sys||pwrite(int fd, const void *buf, size_t nbyte, int PAD, off_t offset); }
+	SYS_NTP_ADJTIME          = 176 // { int|sys||ntp_adjtime(struct timex *tp); }
+	SYS_SETGID               = 181 // { int|sys||setgid(gid_t gid); }
+	SYS_SETEGID              = 182 // { int|sys||setegid(gid_t egid); }
+	SYS_SETEUID              = 183 // { int|sys||seteuid(uid_t euid); }
+	SYS_PATHCONF             = 191 // { long|sys||pathconf(const char *path, int name); }
+	SYS_FPATHCONF            = 192 // { long|sys||fpathconf(int fd, int name); }
+	SYS_GETRLIMIT            = 194 // { int|sys||getrlimit(int which, struct rlimit *rlp); }
+	SYS_SETRLIMIT            = 195 // { int|sys||setrlimit(int which, const struct rlimit *rlp); }
+	SYS_MMAP                 = 197 // { void *|sys||mmap(void *addr, size_t len, int prot, int flags, int fd, long PAD, off_t pos); }
+	SYS_LSEEK                = 199 // { off_t|sys||lseek(int fd, int PAD, off_t offset, int whence); }
+	SYS_TRUNCATE             = 200 // { int|sys||truncate(const char *path, int PAD, off_t length); }
+	SYS_FTRUNCATE            = 201 // { int|sys||ftruncate(int fd, int PAD, off_t length); }
+	SYS___SYSCTL             = 202 // { int|sys||__sysctl(const int *name, u_int namelen, void *old, size_t *oldlenp, const void *new, size_t newlen); }
+	SYS_MLOCK                = 203 // { int|sys||mlock(const void *addr, size_t len); }
+	SYS_MUNLOCK              = 204 // { int|sys||munlock(const void *addr, size_t len); }
+	SYS_UNDELETE             = 205 // { int|sys||undelete(const char *path); }
+	SYS_GETPGID              = 207 // { pid_t|sys||getpgid(pid_t pid); }
+	SYS_REBOOT               = 208 // { int|sys||reboot(int opt, char *bootstr); }
+	SYS_POLL                 = 209 // { int|sys||poll(struct pollfd *fds, u_int nfds, int timeout); }
+	SYS_SEMGET               = 221 // { int|sys||semget(key_t key, int nsems, int semflg); }
+	SYS_SEMOP                = 222 // { int|sys||semop(int semid, struct sembuf *sops, size_t nsops); }
+	SYS_SEMCONFIG            = 223 // { int|sys||semconfig(int flag); }
+	SYS_MSGGET               = 225 // { int|sys||msgget(key_t key, int msgflg); }
+	SYS_MSGSND               = 226 // { int|sys||msgsnd(int msqid, const void *msgp, size_t msgsz, int msgflg); }
+	SYS_MSGRCV               = 227 // { ssize_t|sys||msgrcv(int msqid, void *msgp, size_t msgsz, long msgtyp, int msgflg); }
+	SYS_SHMAT                = 228 // { void *|sys||shmat(int shmid, const void *shmaddr, int shmflg); }
+	SYS_SHMDT                = 230 // { int|sys||shmdt(const void *shmaddr); }
+	SYS_SHMGET               = 231 // { int|sys||shmget(key_t key, size_t size, int shmflg); }
+	SYS_TIMER_CREATE         = 235 // { int|sys||timer_create(clockid_t clock_id, struct sigevent *evp, timer_t *timerid); }
+	SYS_TIMER_DELETE         = 236 // { int|sys||timer_delete(timer_t timerid); }
+	SYS_TIMER_GETOVERRUN     = 239 // { int|sys||timer_getoverrun(timer_t timerid); }
+	SYS_FDATASYNC            = 241 // { int|sys||fdatasync(int fd); }
+	SYS_MLOCKALL             = 242 // { int|sys||mlockall(int flags); }
+	SYS_MUNLOCKALL           = 243 // { int|sys||munlockall(void); }
+	SYS_SIGQUEUEINFO         = 245 // { int|sys||sigqueueinfo(pid_t pid, const siginfo_t *info); }
+	SYS_MODCTL               = 246 // { int|sys||modctl(int cmd, void *arg); }
+	SYS___POSIX_RENAME       = 270 // { int|sys||__posix_rename(const char *from, const char *to); }
+	SYS_SWAPCTL              = 271 // { int|sys||swapctl(int cmd, void *arg, int misc); }
+	SYS_MINHERIT             = 273 // { int|sys||minherit(void *addr, size_t len, int inherit); }
+	SYS_LCHMOD               = 274 // { int|sys||lchmod(const char *path, mode_t mode); }
+	SYS_LCHOWN               = 275 // { int|sys||lchown(const char *path, uid_t uid, gid_t gid); }
+	SYS_MSYNC                = 277 // { int|sys|13|msync(void *addr, size_t len, int flags); }
+	SYS___POSIX_CHOWN        = 283 // { int|sys||__posix_chown(const char *path, uid_t uid, gid_t gid); }
+	SYS___POSIX_FCHOWN       = 284 // { int|sys||__posix_fchown(int fd, uid_t uid, gid_t gid); }
+	SYS___POSIX_LCHOWN       = 285 // { int|sys||__posix_lchown(const char *path, uid_t uid, gid_t gid); }
+	SYS_GETSID               = 286 // { pid_t|sys||getsid(pid_t pid); }
+	SYS___CLONE              = 287 // { pid_t|sys||__clone(int flags, void *stack); }
+	SYS_FKTRACE              = 288 // { int|sys||fktrace(int fd, int ops, int facs, pid_t pid); }
+	SYS_PREADV               = 289 // { ssize_t|sys||preadv(int fd, const struct iovec *iovp, int iovcnt, int PAD, off_t offset); }
+	SYS_PWRITEV              = 290 // { ssize_t|sys||pwritev(int fd, const struct iovec *iovp, int iovcnt, int PAD, off_t offset); }
+	SYS___GETCWD             = 296 // { int|sys||__getcwd(char *bufp, size_t length); }
+	SYS_FCHROOT              = 297 // { int|sys||fchroot(int fd); }
+	SYS_LCHFLAGS             = 304 // { int|sys||lchflags(const char *path, u_long flags); }
+	SYS_ISSETUGID            = 305 // { int|sys||issetugid(void); }
+	SYS_UTRACE               = 306 // { int|sys||utrace(const char *label, void *addr, size_t len); }
+	SYS_GETCONTEXT           = 307 // { int|sys||getcontext(struct __ucontext *ucp); }
+	SYS_SETCONTEXT           = 308 // { int|sys||setcontext(const struct __ucontext *ucp); }
+	SYS__LWP_CREATE          = 309 // { int|sys||_lwp_create(const struct __ucontext *ucp, u_long flags, lwpid_t *new_lwp); }
+	SYS__LWP_EXIT            = 310 // { int|sys||_lwp_exit(void); }
+	SYS__LWP_SELF            = 311 // { lwpid_t|sys||_lwp_self(void); }
+	SYS__LWP_WAIT            = 312 // { int|sys||_lwp_wait(lwpid_t wait_for, lwpid_t *departed); }
+	SYS__LWP_SUSPEND         = 313 // { int|sys||_lwp_suspend(lwpid_t target); }
+	SYS__LWP_CONTINUE        = 314 // { int|sys||_lwp_continue(lwpid_t target); }
+	SYS__LWP_WAKEUP          = 315 // { int|sys||_lwp_wakeup(lwpid_t target); }
+	SYS__LWP_GETPRIVATE      = 316 // { void *|sys||_lwp_getprivate(void); }
+	SYS__LWP_SETPRIVATE      = 317 // { void|sys||_lwp_setprivate(void *ptr); }
+	SYS__LWP_KILL            = 318 // { int|sys||_lwp_kill(lwpid_t target, int signo); }
+	SYS__LWP_DETACH          = 319 // { int|sys||_lwp_detach(lwpid_t target); }
+	SYS__LWP_UNPARK          = 321 // { int|sys||_lwp_unpark(lwpid_t target, const void *hint); }
+	SYS__LWP_UNPARK_ALL      = 322 // { ssize_t|sys||_lwp_unpark_all(const lwpid_t *targets, size_t ntargets, const void *hint); }
+	SYS__LWP_SETNAME         = 323 // { int|sys||_lwp_setname(lwpid_t target, const char *name); }
+	SYS__LWP_GETNAME         = 324 // { int|sys||_lwp_getname(lwpid_t target, char *name, size_t len); }
+	SYS__LWP_CTL             = 325 // { int|sys||_lwp_ctl(int features, struct lwpctl **address); }
+	SYS___SIGACTION_SIGTRAMP = 340 // { int|sys||__sigaction_sigtramp(int signum, const struct sigaction *nsa, struct sigaction *osa, const void *tramp, int vers); }
+	SYS_PMC_GET_INFO         = 341 // { int|sys||pmc_get_info(int ctr, int op, void *args); }
+	SYS_PMC_CONTROL          = 342 // { int|sys||pmc_control(int ctr, int op, void *args); }
+	SYS_RASCTL               = 343 // { int|sys||rasctl(void *addr, size_t len, int op); }
+	SYS_KQUEUE               = 344 // { int|sys||kqueue(void); }
+	SYS__SCHED_SETPARAM      = 346 // { int|sys||_sched_setparam(pid_t pid, lwpid_t lid, int policy, const struct sched_param *params); }
+	SYS__SCHED_GETPARAM      = 347 // { int|sys||_sched_getparam(pid_t pid, lwpid_t lid, int *policy, struct sched_param *params); }
+	SYS__SCHED_SETAFFINITY   = 348 // { int|sys||_sched_setaffinity(pid_t pid, lwpid_t lid, size_t size, const cpuset_t *cpuset); }
+	SYS__SCHED_GETAFFINITY   = 349 // { int|sys||_sched_getaffinity(pid_t pid, lwpid_t lid, size_t size, cpuset_t *cpuset); }
+	SYS_SCHED_YIELD          = 350 // { int|sys||sched_yield(void); }
+	SYS_FSYNC_RANGE          = 354 // { int|sys||fsync_range(int fd, int flags, off_t start, off_t length); }
+	SYS_UUIDGEN              = 355 // { int|sys||uuidgen(struct uuid *store, int count); }
+	SYS_GETVFSSTAT           = 356 // { int|sys||getvfsstat(struct statvfs *buf, size_t bufsize, int flags); }
+	SYS_STATVFS1             = 357 // { int|sys||statvfs1(const char *path, struct statvfs *buf, int flags); }
+	SYS_FSTATVFS1            = 358 // { int|sys||fstatvfs1(int fd, struct statvfs *buf, int flags); }
+	SYS_EXTATTRCTL           = 360 // { int|sys||extattrctl(const char *path, int cmd, const char *filename, int attrnamespace, const char *attrname); }
+	SYS_EXTATTR_SET_FILE     = 361 // { int|sys||extattr_set_file(const char *path, int attrnamespace, const char *attrname, const void *data, size_t nbytes); }
+	SYS_EXTATTR_GET_FILE     = 362 // { ssize_t|sys||extattr_get_file(const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_DELETE_FILE  = 363 // { int|sys||extattr_delete_file(const char *path, int attrnamespace, const char *attrname); }
+	SYS_EXTATTR_SET_FD       = 364 // { int|sys||extattr_set_fd(int fd, int attrnamespace, const char *attrname, const void *data, size_t nbytes); }
+	SYS_EXTATTR_GET_FD       = 365 // { ssize_t|sys||extattr_get_fd(int fd, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_DELETE_FD    = 366 // { int|sys||extattr_delete_fd(int fd, int attrnamespace, const char *attrname); }
+	SYS_EXTATTR_SET_LINK     = 367 // { int|sys||extattr_set_link(const char *path, int attrnamespace, const char *attrname, const void *data, size_t nbytes); }
+	SYS_EXTATTR_GET_LINK     = 368 // { ssize_t|sys||extattr_get_link(const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_DELETE_LINK  = 369 // { int|sys||extattr_delete_link(const char *path, int attrnamespace, const char *attrname); }
+	SYS_EXTATTR_LIST_FD      = 370 // { ssize_t|sys||extattr_list_fd(int fd, int attrnamespace, void *data, size_t nbytes); }
+	SYS_EXTATTR_LIST_FILE    = 371 // { ssize_t|sys||extattr_list_file(const char *path, int attrnamespace, void *data, size_t nbytes); }
+	SYS_EXTATTR_LIST_LINK    = 372 // { ssize_t|sys||extattr_list_link(const char *path, int attrnamespace, void *data, size_t nbytes); }
+	SYS_SETXATTR             = 375 // { int|sys||setxattr(const char *path, const char *name, const void *value, size_t size, int flags); }
+	SYS_LSETXATTR            = 376 // { int|sys||lsetxattr(const char *path, const char *name, const void *value, size_t size, int flags); }
+	SYS_FSETXATTR            = 377 // { int|sys||fsetxattr(int fd, const char *name, const void *value, size_t size, int flags); }
+	SYS_GETXATTR             = 378 // { int|sys||getxattr(const char *path, const char *name, void *value, size_t size); }
+	SYS_LGETXATTR            = 379 // { int|sys||lgetxattr(const char *path, const char *name, void *value, size_t size); }
+	SYS_FGETXATTR            = 380 // { int|sys||fgetxattr(int fd, const char *name, void *value, size_t size); }
+	SYS_LISTXATTR            = 381 // { int|sys||listxattr(const char *path, char *list, size_t size); }
+	SYS_LLISTXATTR           = 382 // { int|sys||llistxattr(const char *path, char *list, size_t size); }
+	SYS_FLISTXATTR           = 383 // { int|sys||flistxattr(int fd, char *list, size_t size); }
+	SYS_REMOVEXATTR          = 384 // { int|sys||removexattr(const char *path, const char *name); }
+	SYS_LREMOVEXATTR         = 385 // { int|sys||lremovexattr(const char *path, const char *name); }
+	SYS_FREMOVEXATTR         = 386 // { int|sys||fremovexattr(int fd, const char *name); }
+	SYS_GETDENTS             = 390 // { int|sys|30|getdents(int fd, char *buf, size_t count); }
+	SYS_SOCKET               = 394 // { int|sys|30|socket(int domain, int type, int protocol); }
+	SYS_GETFH                = 395 // { int|sys|30|getfh(const char *fname, void *fhp, size_t *fh_size); }
+	SYS_MOUNT                = 410 // { int|sys|50|mount(const char *type, const char *path, int flags, void *data, size_t data_len); }
+	SYS_MREMAP               = 411 // { void *|sys||mremap(void *old_address, size_t old_size, void *new_address, size_t new_size, int flags); }
+	SYS_PSET_CREATE          = 412 // { int|sys||pset_create(psetid_t *psid); }
+	SYS_PSET_DESTROY         = 413 // { int|sys||pset_destroy(psetid_t psid); }
+	SYS_PSET_ASSIGN          = 414 // { int|sys||pset_assign(psetid_t psid, cpuid_t cpuid, psetid_t *opsid); }
+	SYS__PSET_BIND           = 415 // { int|sys||_pset_bind(idtype_t idtype, id_t first_id, id_t second_id, psetid_t psid, psetid_t *opsid); }
+	SYS_POSIX_FADVISE        = 416 // { int|sys|50|posix_fadvise(int fd, int PAD, off_t offset, off_t len, int advice); }
+	SYS_SELECT               = 417 // { int|sys|50|select(int nd, fd_set *in, fd_set *ou, fd_set *ex, struct timeval *tv); }
+	SYS_GETTIMEOFDAY         = 418 // { int|sys|50|gettimeofday(struct timeval *tp, void *tzp); }
+	SYS_SETTIMEOFDAY         = 419 // { int|sys|50|settimeofday(const struct timeval *tv, const void *tzp); }
+	SYS_UTIMES               = 420 // { int|sys|50|utimes(const char *path, const struct timeval *tptr); }
+	SYS_ADJTIME              = 421 // { int|sys|50|adjtime(const struct timeval *delta, struct timeval *olddelta); }
+	SYS_FUTIMES              = 423 // { int|sys|50|futimes(int fd, const struct timeval *tptr); }
+	SYS_LUTIMES              = 424 // { int|sys|50|lutimes(const char *path, const struct timeval *tptr); }
+	SYS_SETITIMER            = 425 // { int|sys|50|setitimer(int which, const struct itimerval *itv, struct itimerval *oitv); }
+	SYS_GETITIMER            = 426 // { int|sys|50|getitimer(int which, struct itimerval *itv); }
+	SYS_CLOCK_GETTIME        = 427 // { int|sys|50|clock_gettime(clockid_t clock_id, struct timespec *tp); }
+	SYS_CLOCK_SETTIME        = 428 // { int|sys|50|clock_settime(clockid_t clock_id, const struct timespec *tp); }
+	SYS_CLOCK_GETRES         = 429 // { int|sys|50|clock_getres(clockid_t clock_id, struct timespec *tp); }
+	SYS_NANOSLEEP            = 430 // { int|sys|50|nanosleep(const struct timespec *rqtp, struct timespec *rmtp); }
+	SYS___SIGTIMEDWAIT       = 431 // { int|sys|50|__sigtimedwait(const sigset_t *set, siginfo_t *info, struct timespec *timeout); }
+	SYS__LWP_PARK            = 434 // { int|sys|50|_lwp_park(const struct timespec *ts, lwpid_t unpark, const void *hint, const void *unparkhint); }
+	SYS_KEVENT               = 435 // { int|sys|50|kevent(int fd, const struct kevent *changelist, size_t nchanges, struct kevent *eventlist, size_t nevents, const struct timespec *timeout); }
+	SYS_PSELECT              = 436 // { int|sys|50|pselect(int nd, fd_set *in, fd_set *ou, fd_set *ex, const struct timespec *ts, const sigset_t *mask); }
+	SYS_POLLTS               = 437 // { int|sys|50|pollts(struct pollfd *fds, u_int nfds, const struct timespec *ts, const sigset_t *mask); }
+	SYS_STAT                 = 439 // { int|sys|50|stat(const char *path, struct stat *ub); }
+	SYS_FSTAT                = 440 // { int|sys|50|fstat(int fd, struct stat *sb); }
+	SYS_LSTAT                = 441 // { int|sys|50|lstat(const char *path, struct stat *ub); }
+	SYS___SEMCTL             = 442 // { int|sys|50|__semctl(int semid, int semnum, int cmd, ... union __semun *arg); }
+	SYS_SHMCTL               = 443 // { int|sys|50|shmctl(int shmid, int cmd, struct shmid_ds *buf); }
+	SYS_MSGCTL               = 444 // { int|sys|50|msgctl(int msqid, int cmd, struct msqid_ds *buf); }
+	SYS_GETRUSAGE            = 445 // { int|sys|50|getrusage(int who, struct rusage *rusage); }
+	SYS_TIMER_SETTIME        = 446 // { int|sys|50|timer_settime(timer_t timerid, int flags, const struct itimerspec *value, struct itimerspec *ovalue); }
+	SYS_TIMER_GETTIME        = 447 // { int|sys|50|timer_gettime(timer_t timerid, struct itimerspec *value); }
+	SYS_NTP_GETTIME          = 448 // { int|sys|50|ntp_gettime(struct ntptimeval *ntvp); }
+	SYS_WAIT4                = 449 // { int|sys|50|wait4(pid_t pid, int *status, int options, struct rusage *rusage); }
+	SYS_MKNOD                = 450 // { int|sys|50|mknod(const char *path, mode_t mode, dev_t dev); }
+	SYS_FHSTAT               = 451 // { int|sys|50|fhstat(const void *fhp, size_t fh_size, struct stat *sb); }
+	SYS_PIPE2                = 453 // { int|sys||pipe2(int *fildes, int flags); }
+	SYS_DUP3                 = 454 // { int|sys||dup3(int from, int to, int flags); }
+	SYS_KQUEUE1              = 455 // { int|sys||kqueue1(int flags); }
+	SYS_PACCEPT              = 456 // { int|sys||paccept(int s, struct sockaddr *name, socklen_t *anamelen, const sigset_t *mask, int flags); }
+	SYS_LINKAT               = 457 // { int|sys||linkat(int fd1, const char *name1, int fd2, const char *name2, int flags); }
+	SYS_RENAMEAT             = 458 // { int|sys||renameat(int fromfd, const char *from, int tofd, const char *to); }
+	SYS_MKFIFOAT             = 459 // { int|sys||mkfifoat(int fd, const char *path, mode_t mode); }
+	SYS_MKNODAT              = 460 // { int|sys||mknodat(int fd, const char *path, mode_t mode, uint32_t dev); }
+	SYS_MKDIRAT              = 461 // { int|sys||mkdirat(int fd, const char *path, mode_t mode); }
+	SYS_FACCESSAT            = 462 // { int|sys||faccessat(int fd, const char *path, int amode, int flag); }
+	SYS_FCHMODAT             = 463 // { int|sys||fchmodat(int fd, const char *path, mode_t mode, int flag); }
+	SYS_FCHOWNAT             = 464 // { int|sys||fchownat(int fd, const char *path, uid_t owner, gid_t group, int flag); }
+	SYS_FEXECVE              = 465 // { int|sys||fexecve(int fd, char * const *argp, char * const *envp); }
+	SYS_FSTATAT              = 466 // { int|sys||fstatat(int fd, const char *path, struct stat *buf, int flag); }
+	SYS_UTIMENSAT            = 467 // { int|sys||utimensat(int fd, const char *path, const struct timespec *tptr, int flag); }
+	SYS_OPENAT               = 468 // { int|sys||openat(int fd, const char *path, int oflags, ... mode_t mode); }
+	SYS_READLINKAT           = 469 // { int|sys||readlinkat(int fd, const char *path, char *buf, size_t bufsize); }
+	SYS_SYMLINKAT            = 470 // { int|sys||symlinkat(const char *path1, int fd, const char *path2); }
+	SYS_UNLINKAT             = 471 // { int|sys||unlinkat(int fd, const char *path, int flag); }
+	SYS_FUTIMENS             = 472 // { int|sys||futimens(int fd, const struct timespec *tptr); }
+	SYS___QUOTACTL           = 473 // { int|sys||__quotactl(const char *path, struct quotactl_args *args); }
+	SYS_POSIX_SPAWN          = 474 // { int|sys||posix_spawn(pid_t *pid, const char *path, const struct posix_spawn_file_actions *file_actions, const struct posix_spawnattr *attrp, char *const *argv, char *const *envp); }
+	SYS_RECVMMSG             = 475 // { int|sys||recvmmsg(int s, struct mmsghdr *mmsg, unsigned int vlen, unsigned int flags, struct timespec *timeout); }
+	SYS_SENDMMSG             = 476 // { int|sys||sendmmsg(int s, struct mmsghdr *mmsg, unsigned int vlen, unsigned int flags); }
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_netbsd_amd64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_netbsd_amd64.go
new file mode 100644
index 000000000..42c788f24
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_netbsd_amd64.go
@@ -0,0 +1,274 @@
+// go run mksysnum.go http://cvsweb.netbsd.org/bsdweb.cgi/~checkout~/src/sys/kern/syscalls.master
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build amd64,netbsd
+
+package unix
+
+const (
+	SYS_EXIT                 = 1   // { void|sys||exit(int rval); }
+	SYS_FORK                 = 2   // { int|sys||fork(void); }
+	SYS_READ                 = 3   // { ssize_t|sys||read(int fd, void *buf, size_t nbyte); }
+	SYS_WRITE                = 4   // { ssize_t|sys||write(int fd, const void *buf, size_t nbyte); }
+	SYS_OPEN                 = 5   // { int|sys||open(const char *path, int flags, ... mode_t mode); }
+	SYS_CLOSE                = 6   // { int|sys||close(int fd); }
+	SYS_LINK                 = 9   // { int|sys||link(const char *path, const char *link); }
+	SYS_UNLINK               = 10  // { int|sys||unlink(const char *path); }
+	SYS_CHDIR                = 12  // { int|sys||chdir(const char *path); }
+	SYS_FCHDIR               = 13  // { int|sys||fchdir(int fd); }
+	SYS_CHMOD                = 15  // { int|sys||chmod(const char *path, mode_t mode); }
+	SYS_CHOWN                = 16  // { int|sys||chown(const char *path, uid_t uid, gid_t gid); }
+	SYS_BREAK                = 17  // { int|sys||obreak(char *nsize); }
+	SYS_GETPID               = 20  // { pid_t|sys||getpid_with_ppid(void); }
+	SYS_UNMOUNT              = 22  // { int|sys||unmount(const char *path, int flags); }
+	SYS_SETUID               = 23  // { int|sys||setuid(uid_t uid); }
+	SYS_GETUID               = 24  // { uid_t|sys||getuid_with_euid(void); }
+	SYS_GETEUID              = 25  // { uid_t|sys||geteuid(void); }
+	SYS_PTRACE               = 26  // { int|sys||ptrace(int req, pid_t pid, void *addr, int data); }
+	SYS_RECVMSG              = 27  // { ssize_t|sys||recvmsg(int s, struct msghdr *msg, int flags); }
+	SYS_SENDMSG              = 28  // { ssize_t|sys||sendmsg(int s, const struct msghdr *msg, int flags); }
+	SYS_RECVFROM             = 29  // { ssize_t|sys||recvfrom(int s, void *buf, size_t len, int flags, struct sockaddr *from, socklen_t *fromlenaddr); }
+	SYS_ACCEPT               = 30  // { int|sys||accept(int s, struct sockaddr *name, socklen_t *anamelen); }
+	SYS_GETPEERNAME          = 31  // { int|sys||getpeername(int fdes, struct sockaddr *asa, socklen_t *alen); }
+	SYS_GETSOCKNAME          = 32  // { int|sys||getsockname(int fdes, struct sockaddr *asa, socklen_t *alen); }
+	SYS_ACCESS               = 33  // { int|sys||access(const char *path, int flags); }
+	SYS_CHFLAGS              = 34  // { int|sys||chflags(const char *path, u_long flags); }
+	SYS_FCHFLAGS             = 35  // { int|sys||fchflags(int fd, u_long flags); }
+	SYS_SYNC                 = 36  // { void|sys||sync(void); }
+	SYS_KILL                 = 37  // { int|sys||kill(pid_t pid, int signum); }
+	SYS_GETPPID              = 39  // { pid_t|sys||getppid(void); }
+	SYS_DUP                  = 41  // { int|sys||dup(int fd); }
+	SYS_PIPE                 = 42  // { int|sys||pipe(void); }
+	SYS_GETEGID              = 43  // { gid_t|sys||getegid(void); }
+	SYS_PROFIL               = 44  // { int|sys||profil(char *samples, size_t size, u_long offset, u_int scale); }
+	SYS_KTRACE               = 45  // { int|sys||ktrace(const char *fname, int ops, int facs, pid_t pid); }
+	SYS_GETGID               = 47  // { gid_t|sys||getgid_with_egid(void); }
+	SYS___GETLOGIN           = 49  // { int|sys||__getlogin(char *namebuf, size_t namelen); }
+	SYS___SETLOGIN           = 50  // { int|sys||__setlogin(const char *namebuf); }
+	SYS_ACCT                 = 51  // { int|sys||acct(const char *path); }
+	SYS_IOCTL                = 54  // { int|sys||ioctl(int fd, u_long com, ... void *data); }
+	SYS_REVOKE               = 56  // { int|sys||revoke(const char *path); }
+	SYS_SYMLINK              = 57  // { int|sys||symlink(const char *path, const char *link); }
+	SYS_READLINK             = 58  // { ssize_t|sys||readlink(const char *path, char *buf, size_t count); }
+	SYS_EXECVE               = 59  // { int|sys||execve(const char *path, char * const *argp, char * const *envp); }
+	SYS_UMASK                = 60  // { mode_t|sys||umask(mode_t newmask); }
+	SYS_CHROOT               = 61  // { int|sys||chroot(const char *path); }
+	SYS_VFORK                = 66  // { int|sys||vfork(void); }
+	SYS_SBRK                 = 69  // { int|sys||sbrk(intptr_t incr); }
+	SYS_SSTK                 = 70  // { int|sys||sstk(int incr); }
+	SYS_VADVISE              = 72  // { int|sys||ovadvise(int anom); }
+	SYS_MUNMAP               = 73  // { int|sys||munmap(void *addr, size_t len); }
+	SYS_MPROTECT             = 74  // { int|sys||mprotect(void *addr, size_t len, int prot); }
+	SYS_MADVISE              = 75  // { int|sys||madvise(void *addr, size_t len, int behav); }
+	SYS_MINCORE              = 78  // { int|sys||mincore(void *addr, size_t len, char *vec); }
+	SYS_GETGROUPS            = 79  // { int|sys||getgroups(int gidsetsize, gid_t *gidset); }
+	SYS_SETGROUPS            = 80  // { int|sys||setgroups(int gidsetsize, const gid_t *gidset); }
+	SYS_GETPGRP              = 81  // { int|sys||getpgrp(void); }
+	SYS_SETPGID              = 82  // { int|sys||setpgid(pid_t pid, pid_t pgid); }
+	SYS_DUP2                 = 90  // { int|sys||dup2(int from, int to); }
+	SYS_FCNTL                = 92  // { int|sys||fcntl(int fd, int cmd, ... void *arg); }
+	SYS_FSYNC                = 95  // { int|sys||fsync(int fd); }
+	SYS_SETPRIORITY          = 96  // { int|sys||setpriority(int which, id_t who, int prio); }
+	SYS_CONNECT              = 98  // { int|sys||connect(int s, const struct sockaddr *name, socklen_t namelen); }
+	SYS_GETPRIORITY          = 100 // { int|sys||getpriority(int which, id_t who); }
+	SYS_BIND                 = 104 // { int|sys||bind(int s, const struct sockaddr *name, socklen_t namelen); }
+	SYS_SETSOCKOPT           = 105 // { int|sys||setsockopt(int s, int level, int name, const void *val, socklen_t valsize); }
+	SYS_LISTEN               = 106 // { int|sys||listen(int s, int backlog); }
+	SYS_GETSOCKOPT           = 118 // { int|sys||getsockopt(int s, int level, int name, void *val, socklen_t *avalsize); }
+	SYS_READV                = 120 // { ssize_t|sys||readv(int fd, const struct iovec *iovp, int iovcnt); }
+	SYS_WRITEV               = 121 // { ssize_t|sys||writev(int fd, const struct iovec *iovp, int iovcnt); }
+	SYS_FCHOWN               = 123 // { int|sys||fchown(int fd, uid_t uid, gid_t gid); }
+	SYS_FCHMOD               = 124 // { int|sys||fchmod(int fd, mode_t mode); }
+	SYS_SETREUID             = 126 // { int|sys||setreuid(uid_t ruid, uid_t euid); }
+	SYS_SETREGID             = 127 // { int|sys||setregid(gid_t rgid, gid_t egid); }
+	SYS_RENAME               = 128 // { int|sys||rename(const char *from, const char *to); }
+	SYS_FLOCK                = 131 // { int|sys||flock(int fd, int how); }
+	SYS_MKFIFO               = 132 // { int|sys||mkfifo(const char *path, mode_t mode); }
+	SYS_SENDTO               = 133 // { ssize_t|sys||sendto(int s, const void *buf, size_t len, int flags, const struct sockaddr *to, socklen_t tolen); }
+	SYS_SHUTDOWN             = 134 // { int|sys||shutdown(int s, int how); }
+	SYS_SOCKETPAIR           = 135 // { int|sys||socketpair(int domain, int type, int protocol, int *rsv); }
+	SYS_MKDIR                = 136 // { int|sys||mkdir(const char *path, mode_t mode); }
+	SYS_RMDIR                = 137 // { int|sys||rmdir(const char *path); }
+	SYS_SETSID               = 147 // { int|sys||setsid(void); }
+	SYS_SYSARCH              = 165 // { int|sys||sysarch(int op, void *parms); }
+	SYS_PREAD                = 173 // { ssize_t|sys||pread(int fd, void *buf, size_t nbyte, int PAD, off_t offset); }
+	SYS_PWRITE               = 174 // { ssize_t|sys||pwrite(int fd, const void *buf, size_t nbyte, int PAD, off_t offset); }
+	SYS_NTP_ADJTIME          = 176 // { int|sys||ntp_adjtime(struct timex *tp); }
+	SYS_SETGID               = 181 // { int|sys||setgid(gid_t gid); }
+	SYS_SETEGID              = 182 // { int|sys||setegid(gid_t egid); }
+	SYS_SETEUID              = 183 // { int|sys||seteuid(uid_t euid); }
+	SYS_PATHCONF             = 191 // { long|sys||pathconf(const char *path, int name); }
+	SYS_FPATHCONF            = 192 // { long|sys||fpathconf(int fd, int name); }
+	SYS_GETRLIMIT            = 194 // { int|sys||getrlimit(int which, struct rlimit *rlp); }
+	SYS_SETRLIMIT            = 195 // { int|sys||setrlimit(int which, const struct rlimit *rlp); }
+	SYS_MMAP                 = 197 // { void *|sys||mmap(void *addr, size_t len, int prot, int flags, int fd, long PAD, off_t pos); }
+	SYS_LSEEK                = 199 // { off_t|sys||lseek(int fd, int PAD, off_t offset, int whence); }
+	SYS_TRUNCATE             = 200 // { int|sys||truncate(const char *path, int PAD, off_t length); }
+	SYS_FTRUNCATE            = 201 // { int|sys||ftruncate(int fd, int PAD, off_t length); }
+	SYS___SYSCTL             = 202 // { int|sys||__sysctl(const int *name, u_int namelen, void *old, size_t *oldlenp, const void *new, size_t newlen); }
+	SYS_MLOCK                = 203 // { int|sys||mlock(const void *addr, size_t len); }
+	SYS_MUNLOCK              = 204 // { int|sys||munlock(const void *addr, size_t len); }
+	SYS_UNDELETE             = 205 // { int|sys||undelete(const char *path); }
+	SYS_GETPGID              = 207 // { pid_t|sys||getpgid(pid_t pid); }
+	SYS_REBOOT               = 208 // { int|sys||reboot(int opt, char *bootstr); }
+	SYS_POLL                 = 209 // { int|sys||poll(struct pollfd *fds, u_int nfds, int timeout); }
+	SYS_SEMGET               = 221 // { int|sys||semget(key_t key, int nsems, int semflg); }
+	SYS_SEMOP                = 222 // { int|sys||semop(int semid, struct sembuf *sops, size_t nsops); }
+	SYS_SEMCONFIG            = 223 // { int|sys||semconfig(int flag); }
+	SYS_MSGGET               = 225 // { int|sys||msgget(key_t key, int msgflg); }
+	SYS_MSGSND               = 226 // { int|sys||msgsnd(int msqid, const void *msgp, size_t msgsz, int msgflg); }
+	SYS_MSGRCV               = 227 // { ssize_t|sys||msgrcv(int msqid, void *msgp, size_t msgsz, long msgtyp, int msgflg); }
+	SYS_SHMAT                = 228 // { void *|sys||shmat(int shmid, const void *shmaddr, int shmflg); }
+	SYS_SHMDT                = 230 // { int|sys||shmdt(const void *shmaddr); }
+	SYS_SHMGET               = 231 // { int|sys||shmget(key_t key, size_t size, int shmflg); }
+	SYS_TIMER_CREATE         = 235 // { int|sys||timer_create(clockid_t clock_id, struct sigevent *evp, timer_t *timerid); }
+	SYS_TIMER_DELETE         = 236 // { int|sys||timer_delete(timer_t timerid); }
+	SYS_TIMER_GETOVERRUN     = 239 // { int|sys||timer_getoverrun(timer_t timerid); }
+	SYS_FDATASYNC            = 241 // { int|sys||fdatasync(int fd); }
+	SYS_MLOCKALL             = 242 // { int|sys||mlockall(int flags); }
+	SYS_MUNLOCKALL           = 243 // { int|sys||munlockall(void); }
+	SYS_SIGQUEUEINFO         = 245 // { int|sys||sigqueueinfo(pid_t pid, const siginfo_t *info); }
+	SYS_MODCTL               = 246 // { int|sys||modctl(int cmd, void *arg); }
+	SYS___POSIX_RENAME       = 270 // { int|sys||__posix_rename(const char *from, const char *to); }
+	SYS_SWAPCTL              = 271 // { int|sys||swapctl(int cmd, void *arg, int misc); }
+	SYS_MINHERIT             = 273 // { int|sys||minherit(void *addr, size_t len, int inherit); }
+	SYS_LCHMOD               = 274 // { int|sys||lchmod(const char *path, mode_t mode); }
+	SYS_LCHOWN               = 275 // { int|sys||lchown(const char *path, uid_t uid, gid_t gid); }
+	SYS_MSYNC                = 277 // { int|sys|13|msync(void *addr, size_t len, int flags); }
+	SYS___POSIX_CHOWN        = 283 // { int|sys||__posix_chown(const char *path, uid_t uid, gid_t gid); }
+	SYS___POSIX_FCHOWN       = 284 // { int|sys||__posix_fchown(int fd, uid_t uid, gid_t gid); }
+	SYS___POSIX_LCHOWN       = 285 // { int|sys||__posix_lchown(const char *path, uid_t uid, gid_t gid); }
+	SYS_GETSID               = 286 // { pid_t|sys||getsid(pid_t pid); }
+	SYS___CLONE              = 287 // { pid_t|sys||__clone(int flags, void *stack); }
+	SYS_FKTRACE              = 288 // { int|sys||fktrace(int fd, int ops, int facs, pid_t pid); }
+	SYS_PREADV               = 289 // { ssize_t|sys||preadv(int fd, const struct iovec *iovp, int iovcnt, int PAD, off_t offset); }
+	SYS_PWRITEV              = 290 // { ssize_t|sys||pwritev(int fd, const struct iovec *iovp, int iovcnt, int PAD, off_t offset); }
+	SYS___GETCWD             = 296 // { int|sys||__getcwd(char *bufp, size_t length); }
+	SYS_FCHROOT              = 297 // { int|sys||fchroot(int fd); }
+	SYS_LCHFLAGS             = 304 // { int|sys||lchflags(const char *path, u_long flags); }
+	SYS_ISSETUGID            = 305 // { int|sys||issetugid(void); }
+	SYS_UTRACE               = 306 // { int|sys||utrace(const char *label, void *addr, size_t len); }
+	SYS_GETCONTEXT           = 307 // { int|sys||getcontext(struct __ucontext *ucp); }
+	SYS_SETCONTEXT           = 308 // { int|sys||setcontext(const struct __ucontext *ucp); }
+	SYS__LWP_CREATE          = 309 // { int|sys||_lwp_create(const struct __ucontext *ucp, u_long flags, lwpid_t *new_lwp); }
+	SYS__LWP_EXIT            = 310 // { int|sys||_lwp_exit(void); }
+	SYS__LWP_SELF            = 311 // { lwpid_t|sys||_lwp_self(void); }
+	SYS__LWP_WAIT            = 312 // { int|sys||_lwp_wait(lwpid_t wait_for, lwpid_t *departed); }
+	SYS__LWP_SUSPEND         = 313 // { int|sys||_lwp_suspend(lwpid_t target); }
+	SYS__LWP_CONTINUE        = 314 // { int|sys||_lwp_continue(lwpid_t target); }
+	SYS__LWP_WAKEUP          = 315 // { int|sys||_lwp_wakeup(lwpid_t target); }
+	SYS__LWP_GETPRIVATE      = 316 // { void *|sys||_lwp_getprivate(void); }
+	SYS__LWP_SETPRIVATE      = 317 // { void|sys||_lwp_setprivate(void *ptr); }
+	SYS__LWP_KILL            = 318 // { int|sys||_lwp_kill(lwpid_t target, int signo); }
+	SYS__LWP_DETACH          = 319 // { int|sys||_lwp_detach(lwpid_t target); }
+	SYS__LWP_UNPARK          = 321 // { int|sys||_lwp_unpark(lwpid_t target, const void *hint); }
+	SYS__LWP_UNPARK_ALL      = 322 // { ssize_t|sys||_lwp_unpark_all(const lwpid_t *targets, size_t ntargets, const void *hint); }
+	SYS__LWP_SETNAME         = 323 // { int|sys||_lwp_setname(lwpid_t target, const char *name); }
+	SYS__LWP_GETNAME         = 324 // { int|sys||_lwp_getname(lwpid_t target, char *name, size_t len); }
+	SYS__LWP_CTL             = 325 // { int|sys||_lwp_ctl(int features, struct lwpctl **address); }
+	SYS___SIGACTION_SIGTRAMP = 340 // { int|sys||__sigaction_sigtramp(int signum, const struct sigaction *nsa, struct sigaction *osa, const void *tramp, int vers); }
+	SYS_PMC_GET_INFO         = 341 // { int|sys||pmc_get_info(int ctr, int op, void *args); }
+	SYS_PMC_CONTROL          = 342 // { int|sys||pmc_control(int ctr, int op, void *args); }
+	SYS_RASCTL               = 343 // { int|sys||rasctl(void *addr, size_t len, int op); }
+	SYS_KQUEUE               = 344 // { int|sys||kqueue(void); }
+	SYS__SCHED_SETPARAM      = 346 // { int|sys||_sched_setparam(pid_t pid, lwpid_t lid, int policy, const struct sched_param *params); }
+	SYS__SCHED_GETPARAM      = 347 // { int|sys||_sched_getparam(pid_t pid, lwpid_t lid, int *policy, struct sched_param *params); }
+	SYS__SCHED_SETAFFINITY   = 348 // { int|sys||_sched_setaffinity(pid_t pid, lwpid_t lid, size_t size, const cpuset_t *cpuset); }
+	SYS__SCHED_GETAFFINITY   = 349 // { int|sys||_sched_getaffinity(pid_t pid, lwpid_t lid, size_t size, cpuset_t *cpuset); }
+	SYS_SCHED_YIELD          = 350 // { int|sys||sched_yield(void); }
+	SYS_FSYNC_RANGE          = 354 // { int|sys||fsync_range(int fd, int flags, off_t start, off_t length); }
+	SYS_UUIDGEN              = 355 // { int|sys||uuidgen(struct uuid *store, int count); }
+	SYS_GETVFSSTAT           = 356 // { int|sys||getvfsstat(struct statvfs *buf, size_t bufsize, int flags); }
+	SYS_STATVFS1             = 357 // { int|sys||statvfs1(const char *path, struct statvfs *buf, int flags); }
+	SYS_FSTATVFS1            = 358 // { int|sys||fstatvfs1(int fd, struct statvfs *buf, int flags); }
+	SYS_EXTATTRCTL           = 360 // { int|sys||extattrctl(const char *path, int cmd, const char *filename, int attrnamespace, const char *attrname); }
+	SYS_EXTATTR_SET_FILE     = 361 // { int|sys||extattr_set_file(const char *path, int attrnamespace, const char *attrname, const void *data, size_t nbytes); }
+	SYS_EXTATTR_GET_FILE     = 362 // { ssize_t|sys||extattr_get_file(const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_DELETE_FILE  = 363 // { int|sys||extattr_delete_file(const char *path, int attrnamespace, const char *attrname); }
+	SYS_EXTATTR_SET_FD       = 364 // { int|sys||extattr_set_fd(int fd, int attrnamespace, const char *attrname, const void *data, size_t nbytes); }
+	SYS_EXTATTR_GET_FD       = 365 // { ssize_t|sys||extattr_get_fd(int fd, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_DELETE_FD    = 366 // { int|sys||extattr_delete_fd(int fd, int attrnamespace, const char *attrname); }
+	SYS_EXTATTR_SET_LINK     = 367 // { int|sys||extattr_set_link(const char *path, int attrnamespace, const char *attrname, const void *data, size_t nbytes); }
+	SYS_EXTATTR_GET_LINK     = 368 // { ssize_t|sys||extattr_get_link(const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_DELETE_LINK  = 369 // { int|sys||extattr_delete_link(const char *path, int attrnamespace, const char *attrname); }
+	SYS_EXTATTR_LIST_FD      = 370 // { ssize_t|sys||extattr_list_fd(int fd, int attrnamespace, void *data, size_t nbytes); }
+	SYS_EXTATTR_LIST_FILE    = 371 // { ssize_t|sys||extattr_list_file(const char *path, int attrnamespace, void *data, size_t nbytes); }
+	SYS_EXTATTR_LIST_LINK    = 372 // { ssize_t|sys||extattr_list_link(const char *path, int attrnamespace, void *data, size_t nbytes); }
+	SYS_SETXATTR             = 375 // { int|sys||setxattr(const char *path, const char *name, const void *value, size_t size, int flags); }
+	SYS_LSETXATTR            = 376 // { int|sys||lsetxattr(const char *path, const char *name, const void *value, size_t size, int flags); }
+	SYS_FSETXATTR            = 377 // { int|sys||fsetxattr(int fd, const char *name, const void *value, size_t size, int flags); }
+	SYS_GETXATTR             = 378 // { int|sys||getxattr(const char *path, const char *name, void *value, size_t size); }
+	SYS_LGETXATTR            = 379 // { int|sys||lgetxattr(const char *path, const char *name, void *value, size_t size); }
+	SYS_FGETXATTR            = 380 // { int|sys||fgetxattr(int fd, const char *name, void *value, size_t size); }
+	SYS_LISTXATTR            = 381 // { int|sys||listxattr(const char *path, char *list, size_t size); }
+	SYS_LLISTXATTR           = 382 // { int|sys||llistxattr(const char *path, char *list, size_t size); }
+	SYS_FLISTXATTR           = 383 // { int|sys||flistxattr(int fd, char *list, size_t size); }
+	SYS_REMOVEXATTR          = 384 // { int|sys||removexattr(const char *path, const char *name); }
+	SYS_LREMOVEXATTR         = 385 // { int|sys||lremovexattr(const char *path, const char *name); }
+	SYS_FREMOVEXATTR         = 386 // { int|sys||fremovexattr(int fd, const char *name); }
+	SYS_GETDENTS             = 390 // { int|sys|30|getdents(int fd, char *buf, size_t count); }
+	SYS_SOCKET               = 394 // { int|sys|30|socket(int domain, int type, int protocol); }
+	SYS_GETFH                = 395 // { int|sys|30|getfh(const char *fname, void *fhp, size_t *fh_size); }
+	SYS_MOUNT                = 410 // { int|sys|50|mount(const char *type, const char *path, int flags, void *data, size_t data_len); }
+	SYS_MREMAP               = 411 // { void *|sys||mremap(void *old_address, size_t old_size, void *new_address, size_t new_size, int flags); }
+	SYS_PSET_CREATE          = 412 // { int|sys||pset_create(psetid_t *psid); }
+	SYS_PSET_DESTROY         = 413 // { int|sys||pset_destroy(psetid_t psid); }
+	SYS_PSET_ASSIGN          = 414 // { int|sys||pset_assign(psetid_t psid, cpuid_t cpuid, psetid_t *opsid); }
+	SYS__PSET_BIND           = 415 // { int|sys||_pset_bind(idtype_t idtype, id_t first_id, id_t second_id, psetid_t psid, psetid_t *opsid); }
+	SYS_POSIX_FADVISE        = 416 // { int|sys|50|posix_fadvise(int fd, int PAD, off_t offset, off_t len, int advice); }
+	SYS_SELECT               = 417 // { int|sys|50|select(int nd, fd_set *in, fd_set *ou, fd_set *ex, struct timeval *tv); }
+	SYS_GETTIMEOFDAY         = 418 // { int|sys|50|gettimeofday(struct timeval *tp, void *tzp); }
+	SYS_SETTIMEOFDAY         = 419 // { int|sys|50|settimeofday(const struct timeval *tv, const void *tzp); }
+	SYS_UTIMES               = 420 // { int|sys|50|utimes(const char *path, const struct timeval *tptr); }
+	SYS_ADJTIME              = 421 // { int|sys|50|adjtime(const struct timeval *delta, struct timeval *olddelta); }
+	SYS_FUTIMES              = 423 // { int|sys|50|futimes(int fd, const struct timeval *tptr); }
+	SYS_LUTIMES              = 424 // { int|sys|50|lutimes(const char *path, const struct timeval *tptr); }
+	SYS_SETITIMER            = 425 // { int|sys|50|setitimer(int which, const struct itimerval *itv, struct itimerval *oitv); }
+	SYS_GETITIMER            = 426 // { int|sys|50|getitimer(int which, struct itimerval *itv); }
+	SYS_CLOCK_GETTIME        = 427 // { int|sys|50|clock_gettime(clockid_t clock_id, struct timespec *tp); }
+	SYS_CLOCK_SETTIME        = 428 // { int|sys|50|clock_settime(clockid_t clock_id, const struct timespec *tp); }
+	SYS_CLOCK_GETRES         = 429 // { int|sys|50|clock_getres(clockid_t clock_id, struct timespec *tp); }
+	SYS_NANOSLEEP            = 430 // { int|sys|50|nanosleep(const struct timespec *rqtp, struct timespec *rmtp); }
+	SYS___SIGTIMEDWAIT       = 431 // { int|sys|50|__sigtimedwait(const sigset_t *set, siginfo_t *info, struct timespec *timeout); }
+	SYS__LWP_PARK            = 434 // { int|sys|50|_lwp_park(const struct timespec *ts, lwpid_t unpark, const void *hint, const void *unparkhint); }
+	SYS_KEVENT               = 435 // { int|sys|50|kevent(int fd, const struct kevent *changelist, size_t nchanges, struct kevent *eventlist, size_t nevents, const struct timespec *timeout); }
+	SYS_PSELECT              = 436 // { int|sys|50|pselect(int nd, fd_set *in, fd_set *ou, fd_set *ex, const struct timespec *ts, const sigset_t *mask); }
+	SYS_POLLTS               = 437 // { int|sys|50|pollts(struct pollfd *fds, u_int nfds, const struct timespec *ts, const sigset_t *mask); }
+	SYS_STAT                 = 439 // { int|sys|50|stat(const char *path, struct stat *ub); }
+	SYS_FSTAT                = 440 // { int|sys|50|fstat(int fd, struct stat *sb); }
+	SYS_LSTAT                = 441 // { int|sys|50|lstat(const char *path, struct stat *ub); }
+	SYS___SEMCTL             = 442 // { int|sys|50|__semctl(int semid, int semnum, int cmd, ... union __semun *arg); }
+	SYS_SHMCTL               = 443 // { int|sys|50|shmctl(int shmid, int cmd, struct shmid_ds *buf); }
+	SYS_MSGCTL               = 444 // { int|sys|50|msgctl(int msqid, int cmd, struct msqid_ds *buf); }
+	SYS_GETRUSAGE            = 445 // { int|sys|50|getrusage(int who, struct rusage *rusage); }
+	SYS_TIMER_SETTIME        = 446 // { int|sys|50|timer_settime(timer_t timerid, int flags, const struct itimerspec *value, struct itimerspec *ovalue); }
+	SYS_TIMER_GETTIME        = 447 // { int|sys|50|timer_gettime(timer_t timerid, struct itimerspec *value); }
+	SYS_NTP_GETTIME          = 448 // { int|sys|50|ntp_gettime(struct ntptimeval *ntvp); }
+	SYS_WAIT4                = 449 // { int|sys|50|wait4(pid_t pid, int *status, int options, struct rusage *rusage); }
+	SYS_MKNOD                = 450 // { int|sys|50|mknod(const char *path, mode_t mode, dev_t dev); }
+	SYS_FHSTAT               = 451 // { int|sys|50|fhstat(const void *fhp, size_t fh_size, struct stat *sb); }
+	SYS_PIPE2                = 453 // { int|sys||pipe2(int *fildes, int flags); }
+	SYS_DUP3                 = 454 // { int|sys||dup3(int from, int to, int flags); }
+	SYS_KQUEUE1              = 455 // { int|sys||kqueue1(int flags); }
+	SYS_PACCEPT              = 456 // { int|sys||paccept(int s, struct sockaddr *name, socklen_t *anamelen, const sigset_t *mask, int flags); }
+	SYS_LINKAT               = 457 // { int|sys||linkat(int fd1, const char *name1, int fd2, const char *name2, int flags); }
+	SYS_RENAMEAT             = 458 // { int|sys||renameat(int fromfd, const char *from, int tofd, const char *to); }
+	SYS_MKFIFOAT             = 459 // { int|sys||mkfifoat(int fd, const char *path, mode_t mode); }
+	SYS_MKNODAT              = 460 // { int|sys||mknodat(int fd, const char *path, mode_t mode, uint32_t dev); }
+	SYS_MKDIRAT              = 461 // { int|sys||mkdirat(int fd, const char *path, mode_t mode); }
+	SYS_FACCESSAT            = 462 // { int|sys||faccessat(int fd, const char *path, int amode, int flag); }
+	SYS_FCHMODAT             = 463 // { int|sys||fchmodat(int fd, const char *path, mode_t mode, int flag); }
+	SYS_FCHOWNAT             = 464 // { int|sys||fchownat(int fd, const char *path, uid_t owner, gid_t group, int flag); }
+	SYS_FEXECVE              = 465 // { int|sys||fexecve(int fd, char * const *argp, char * const *envp); }
+	SYS_FSTATAT              = 466 // { int|sys||fstatat(int fd, const char *path, struct stat *buf, int flag); }
+	SYS_UTIMENSAT            = 467 // { int|sys||utimensat(int fd, const char *path, const struct timespec *tptr, int flag); }
+	SYS_OPENAT               = 468 // { int|sys||openat(int fd, const char *path, int oflags, ... mode_t mode); }
+	SYS_READLINKAT           = 469 // { int|sys||readlinkat(int fd, const char *path, char *buf, size_t bufsize); }
+	SYS_SYMLINKAT            = 470 // { int|sys||symlinkat(const char *path1, int fd, const char *path2); }
+	SYS_UNLINKAT             = 471 // { int|sys||unlinkat(int fd, const char *path, int flag); }
+	SYS_FUTIMENS             = 472 // { int|sys||futimens(int fd, const struct timespec *tptr); }
+	SYS___QUOTACTL           = 473 // { int|sys||__quotactl(const char *path, struct quotactl_args *args); }
+	SYS_POSIX_SPAWN          = 474 // { int|sys||posix_spawn(pid_t *pid, const char *path, const struct posix_spawn_file_actions *file_actions, const struct posix_spawnattr *attrp, char *const *argv, char *const *envp); }
+	SYS_RECVMMSG             = 475 // { int|sys||recvmmsg(int s, struct mmsghdr *mmsg, unsigned int vlen, unsigned int flags, struct timespec *timeout); }
+	SYS_SENDMMSG             = 476 // { int|sys||sendmmsg(int s, struct mmsghdr *mmsg, unsigned int vlen, unsigned int flags); }
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm.go
new file mode 100644
index 000000000..0a0757179
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm.go
@@ -0,0 +1,274 @@
+// go run mksysnum.go http://cvsweb.netbsd.org/bsdweb.cgi/~checkout~/src/sys/kern/syscalls.master
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build arm,netbsd
+
+package unix
+
+const (
+	SYS_EXIT                 = 1   // { void|sys||exit(int rval); }
+	SYS_FORK                 = 2   // { int|sys||fork(void); }
+	SYS_READ                 = 3   // { ssize_t|sys||read(int fd, void *buf, size_t nbyte); }
+	SYS_WRITE                = 4   // { ssize_t|sys||write(int fd, const void *buf, size_t nbyte); }
+	SYS_OPEN                 = 5   // { int|sys||open(const char *path, int flags, ... mode_t mode); }
+	SYS_CLOSE                = 6   // { int|sys||close(int fd); }
+	SYS_LINK                 = 9   // { int|sys||link(const char *path, const char *link); }
+	SYS_UNLINK               = 10  // { int|sys||unlink(const char *path); }
+	SYS_CHDIR                = 12  // { int|sys||chdir(const char *path); }
+	SYS_FCHDIR               = 13  // { int|sys||fchdir(int fd); }
+	SYS_CHMOD                = 15  // { int|sys||chmod(const char *path, mode_t mode); }
+	SYS_CHOWN                = 16  // { int|sys||chown(const char *path, uid_t uid, gid_t gid); }
+	SYS_BREAK                = 17  // { int|sys||obreak(char *nsize); }
+	SYS_GETPID               = 20  // { pid_t|sys||getpid_with_ppid(void); }
+	SYS_UNMOUNT              = 22  // { int|sys||unmount(const char *path, int flags); }
+	SYS_SETUID               = 23  // { int|sys||setuid(uid_t uid); }
+	SYS_GETUID               = 24  // { uid_t|sys||getuid_with_euid(void); }
+	SYS_GETEUID              = 25  // { uid_t|sys||geteuid(void); }
+	SYS_PTRACE               = 26  // { int|sys||ptrace(int req, pid_t pid, void *addr, int data); }
+	SYS_RECVMSG              = 27  // { ssize_t|sys||recvmsg(int s, struct msghdr *msg, int flags); }
+	SYS_SENDMSG              = 28  // { ssize_t|sys||sendmsg(int s, const struct msghdr *msg, int flags); }
+	SYS_RECVFROM             = 29  // { ssize_t|sys||recvfrom(int s, void *buf, size_t len, int flags, struct sockaddr *from, socklen_t *fromlenaddr); }
+	SYS_ACCEPT               = 30  // { int|sys||accept(int s, struct sockaddr *name, socklen_t *anamelen); }
+	SYS_GETPEERNAME          = 31  // { int|sys||getpeername(int fdes, struct sockaddr *asa, socklen_t *alen); }
+	SYS_GETSOCKNAME          = 32  // { int|sys||getsockname(int fdes, struct sockaddr *asa, socklen_t *alen); }
+	SYS_ACCESS               = 33  // { int|sys||access(const char *path, int flags); }
+	SYS_CHFLAGS              = 34  // { int|sys||chflags(const char *path, u_long flags); }
+	SYS_FCHFLAGS             = 35  // { int|sys||fchflags(int fd, u_long flags); }
+	SYS_SYNC                 = 36  // { void|sys||sync(void); }
+	SYS_KILL                 = 37  // { int|sys||kill(pid_t pid, int signum); }
+	SYS_GETPPID              = 39  // { pid_t|sys||getppid(void); }
+	SYS_DUP                  = 41  // { int|sys||dup(int fd); }
+	SYS_PIPE                 = 42  // { int|sys||pipe(void); }
+	SYS_GETEGID              = 43  // { gid_t|sys||getegid(void); }
+	SYS_PROFIL               = 44  // { int|sys||profil(char *samples, size_t size, u_long offset, u_int scale); }
+	SYS_KTRACE               = 45  // { int|sys||ktrace(const char *fname, int ops, int facs, pid_t pid); }
+	SYS_GETGID               = 47  // { gid_t|sys||getgid_with_egid(void); }
+	SYS___GETLOGIN           = 49  // { int|sys||__getlogin(char *namebuf, size_t namelen); }
+	SYS___SETLOGIN           = 50  // { int|sys||__setlogin(const char *namebuf); }
+	SYS_ACCT                 = 51  // { int|sys||acct(const char *path); }
+	SYS_IOCTL                = 54  // { int|sys||ioctl(int fd, u_long com, ... void *data); }
+	SYS_REVOKE               = 56  // { int|sys||revoke(const char *path); }
+	SYS_SYMLINK              = 57  // { int|sys||symlink(const char *path, const char *link); }
+	SYS_READLINK             = 58  // { ssize_t|sys||readlink(const char *path, char *buf, size_t count); }
+	SYS_EXECVE               = 59  // { int|sys||execve(const char *path, char * const *argp, char * const *envp); }
+	SYS_UMASK                = 60  // { mode_t|sys||umask(mode_t newmask); }
+	SYS_CHROOT               = 61  // { int|sys||chroot(const char *path); }
+	SYS_VFORK                = 66  // { int|sys||vfork(void); }
+	SYS_SBRK                 = 69  // { int|sys||sbrk(intptr_t incr); }
+	SYS_SSTK                 = 70  // { int|sys||sstk(int incr); }
+	SYS_VADVISE              = 72  // { int|sys||ovadvise(int anom); }
+	SYS_MUNMAP               = 73  // { int|sys||munmap(void *addr, size_t len); }
+	SYS_MPROTECT             = 74  // { int|sys||mprotect(void *addr, size_t len, int prot); }
+	SYS_MADVISE              = 75  // { int|sys||madvise(void *addr, size_t len, int behav); }
+	SYS_MINCORE              = 78  // { int|sys||mincore(void *addr, size_t len, char *vec); }
+	SYS_GETGROUPS            = 79  // { int|sys||getgroups(int gidsetsize, gid_t *gidset); }
+	SYS_SETGROUPS            = 80  // { int|sys||setgroups(int gidsetsize, const gid_t *gidset); }
+	SYS_GETPGRP              = 81  // { int|sys||getpgrp(void); }
+	SYS_SETPGID              = 82  // { int|sys||setpgid(pid_t pid, pid_t pgid); }
+	SYS_DUP2                 = 90  // { int|sys||dup2(int from, int to); }
+	SYS_FCNTL                = 92  // { int|sys||fcntl(int fd, int cmd, ... void *arg); }
+	SYS_FSYNC                = 95  // { int|sys||fsync(int fd); }
+	SYS_SETPRIORITY          = 96  // { int|sys||setpriority(int which, id_t who, int prio); }
+	SYS_CONNECT              = 98  // { int|sys||connect(int s, const struct sockaddr *name, socklen_t namelen); }
+	SYS_GETPRIORITY          = 100 // { int|sys||getpriority(int which, id_t who); }
+	SYS_BIND                 = 104 // { int|sys||bind(int s, const struct sockaddr *name, socklen_t namelen); }
+	SYS_SETSOCKOPT           = 105 // { int|sys||setsockopt(int s, int level, int name, const void *val, socklen_t valsize); }
+	SYS_LISTEN               = 106 // { int|sys||listen(int s, int backlog); }
+	SYS_GETSOCKOPT           = 118 // { int|sys||getsockopt(int s, int level, int name, void *val, socklen_t *avalsize); }
+	SYS_READV                = 120 // { ssize_t|sys||readv(int fd, const struct iovec *iovp, int iovcnt); }
+	SYS_WRITEV               = 121 // { ssize_t|sys||writev(int fd, const struct iovec *iovp, int iovcnt); }
+	SYS_FCHOWN               = 123 // { int|sys||fchown(int fd, uid_t uid, gid_t gid); }
+	SYS_FCHMOD               = 124 // { int|sys||fchmod(int fd, mode_t mode); }
+	SYS_SETREUID             = 126 // { int|sys||setreuid(uid_t ruid, uid_t euid); }
+	SYS_SETREGID             = 127 // { int|sys||setregid(gid_t rgid, gid_t egid); }
+	SYS_RENAME               = 128 // { int|sys||rename(const char *from, const char *to); }
+	SYS_FLOCK                = 131 // { int|sys||flock(int fd, int how); }
+	SYS_MKFIFO               = 132 // { int|sys||mkfifo(const char *path, mode_t mode); }
+	SYS_SENDTO               = 133 // { ssize_t|sys||sendto(int s, const void *buf, size_t len, int flags, const struct sockaddr *to, socklen_t tolen); }
+	SYS_SHUTDOWN             = 134 // { int|sys||shutdown(int s, int how); }
+	SYS_SOCKETPAIR           = 135 // { int|sys||socketpair(int domain, int type, int protocol, int *rsv); }
+	SYS_MKDIR                = 136 // { int|sys||mkdir(const char *path, mode_t mode); }
+	SYS_RMDIR                = 137 // { int|sys||rmdir(const char *path); }
+	SYS_SETSID               = 147 // { int|sys||setsid(void); }
+	SYS_SYSARCH              = 165 // { int|sys||sysarch(int op, void *parms); }
+	SYS_PREAD                = 173 // { ssize_t|sys||pread(int fd, void *buf, size_t nbyte, int PAD, off_t offset); }
+	SYS_PWRITE               = 174 // { ssize_t|sys||pwrite(int fd, const void *buf, size_t nbyte, int PAD, off_t offset); }
+	SYS_NTP_ADJTIME          = 176 // { int|sys||ntp_adjtime(struct timex *tp); }
+	SYS_SETGID               = 181 // { int|sys||setgid(gid_t gid); }
+	SYS_SETEGID              = 182 // { int|sys||setegid(gid_t egid); }
+	SYS_SETEUID              = 183 // { int|sys||seteuid(uid_t euid); }
+	SYS_PATHCONF             = 191 // { long|sys||pathconf(const char *path, int name); }
+	SYS_FPATHCONF            = 192 // { long|sys||fpathconf(int fd, int name); }
+	SYS_GETRLIMIT            = 194 // { int|sys||getrlimit(int which, struct rlimit *rlp); }
+	SYS_SETRLIMIT            = 195 // { int|sys||setrlimit(int which, const struct rlimit *rlp); }
+	SYS_MMAP                 = 197 // { void *|sys||mmap(void *addr, size_t len, int prot, int flags, int fd, long PAD, off_t pos); }
+	SYS_LSEEK                = 199 // { off_t|sys||lseek(int fd, int PAD, off_t offset, int whence); }
+	SYS_TRUNCATE             = 200 // { int|sys||truncate(const char *path, int PAD, off_t length); }
+	SYS_FTRUNCATE            = 201 // { int|sys||ftruncate(int fd, int PAD, off_t length); }
+	SYS___SYSCTL             = 202 // { int|sys||__sysctl(const int *name, u_int namelen, void *old, size_t *oldlenp, const void *new, size_t newlen); }
+	SYS_MLOCK                = 203 // { int|sys||mlock(const void *addr, size_t len); }
+	SYS_MUNLOCK              = 204 // { int|sys||munlock(const void *addr, size_t len); }
+	SYS_UNDELETE             = 205 // { int|sys||undelete(const char *path); }
+	SYS_GETPGID              = 207 // { pid_t|sys||getpgid(pid_t pid); }
+	SYS_REBOOT               = 208 // { int|sys||reboot(int opt, char *bootstr); }
+	SYS_POLL                 = 209 // { int|sys||poll(struct pollfd *fds, u_int nfds, int timeout); }
+	SYS_SEMGET               = 221 // { int|sys||semget(key_t key, int nsems, int semflg); }
+	SYS_SEMOP                = 222 // { int|sys||semop(int semid, struct sembuf *sops, size_t nsops); }
+	SYS_SEMCONFIG            = 223 // { int|sys||semconfig(int flag); }
+	SYS_MSGGET               = 225 // { int|sys||msgget(key_t key, int msgflg); }
+	SYS_MSGSND               = 226 // { int|sys||msgsnd(int msqid, const void *msgp, size_t msgsz, int msgflg); }
+	SYS_MSGRCV               = 227 // { ssize_t|sys||msgrcv(int msqid, void *msgp, size_t msgsz, long msgtyp, int msgflg); }
+	SYS_SHMAT                = 228 // { void *|sys||shmat(int shmid, const void *shmaddr, int shmflg); }
+	SYS_SHMDT                = 230 // { int|sys||shmdt(const void *shmaddr); }
+	SYS_SHMGET               = 231 // { int|sys||shmget(key_t key, size_t size, int shmflg); }
+	SYS_TIMER_CREATE         = 235 // { int|sys||timer_create(clockid_t clock_id, struct sigevent *evp, timer_t *timerid); }
+	SYS_TIMER_DELETE         = 236 // { int|sys||timer_delete(timer_t timerid); }
+	SYS_TIMER_GETOVERRUN     = 239 // { int|sys||timer_getoverrun(timer_t timerid); }
+	SYS_FDATASYNC            = 241 // { int|sys||fdatasync(int fd); }
+	SYS_MLOCKALL             = 242 // { int|sys||mlockall(int flags); }
+	SYS_MUNLOCKALL           = 243 // { int|sys||munlockall(void); }
+	SYS_SIGQUEUEINFO         = 245 // { int|sys||sigqueueinfo(pid_t pid, const siginfo_t *info); }
+	SYS_MODCTL               = 246 // { int|sys||modctl(int cmd, void *arg); }
+	SYS___POSIX_RENAME       = 270 // { int|sys||__posix_rename(const char *from, const char *to); }
+	SYS_SWAPCTL              = 271 // { int|sys||swapctl(int cmd, void *arg, int misc); }
+	SYS_MINHERIT             = 273 // { int|sys||minherit(void *addr, size_t len, int inherit); }
+	SYS_LCHMOD               = 274 // { int|sys||lchmod(const char *path, mode_t mode); }
+	SYS_LCHOWN               = 275 // { int|sys||lchown(const char *path, uid_t uid, gid_t gid); }
+	SYS_MSYNC                = 277 // { int|sys|13|msync(void *addr, size_t len, int flags); }
+	SYS___POSIX_CHOWN        = 283 // { int|sys||__posix_chown(const char *path, uid_t uid, gid_t gid); }
+	SYS___POSIX_FCHOWN       = 284 // { int|sys||__posix_fchown(int fd, uid_t uid, gid_t gid); }
+	SYS___POSIX_LCHOWN       = 285 // { int|sys||__posix_lchown(const char *path, uid_t uid, gid_t gid); }
+	SYS_GETSID               = 286 // { pid_t|sys||getsid(pid_t pid); }
+	SYS___CLONE              = 287 // { pid_t|sys||__clone(int flags, void *stack); }
+	SYS_FKTRACE              = 288 // { int|sys||fktrace(int fd, int ops, int facs, pid_t pid); }
+	SYS_PREADV               = 289 // { ssize_t|sys||preadv(int fd, const struct iovec *iovp, int iovcnt, int PAD, off_t offset); }
+	SYS_PWRITEV              = 290 // { ssize_t|sys||pwritev(int fd, const struct iovec *iovp, int iovcnt, int PAD, off_t offset); }
+	SYS___GETCWD             = 296 // { int|sys||__getcwd(char *bufp, size_t length); }
+	SYS_FCHROOT              = 297 // { int|sys||fchroot(int fd); }
+	SYS_LCHFLAGS             = 304 // { int|sys||lchflags(const char *path, u_long flags); }
+	SYS_ISSETUGID            = 305 // { int|sys||issetugid(void); }
+	SYS_UTRACE               = 306 // { int|sys||utrace(const char *label, void *addr, size_t len); }
+	SYS_GETCONTEXT           = 307 // { int|sys||getcontext(struct __ucontext *ucp); }
+	SYS_SETCONTEXT           = 308 // { int|sys||setcontext(const struct __ucontext *ucp); }
+	SYS__LWP_CREATE          = 309 // { int|sys||_lwp_create(const struct __ucontext *ucp, u_long flags, lwpid_t *new_lwp); }
+	SYS__LWP_EXIT            = 310 // { int|sys||_lwp_exit(void); }
+	SYS__LWP_SELF            = 311 // { lwpid_t|sys||_lwp_self(void); }
+	SYS__LWP_WAIT            = 312 // { int|sys||_lwp_wait(lwpid_t wait_for, lwpid_t *departed); }
+	SYS__LWP_SUSPEND         = 313 // { int|sys||_lwp_suspend(lwpid_t target); }
+	SYS__LWP_CONTINUE        = 314 // { int|sys||_lwp_continue(lwpid_t target); }
+	SYS__LWP_WAKEUP          = 315 // { int|sys||_lwp_wakeup(lwpid_t target); }
+	SYS__LWP_GETPRIVATE      = 316 // { void *|sys||_lwp_getprivate(void); }
+	SYS__LWP_SETPRIVATE      = 317 // { void|sys||_lwp_setprivate(void *ptr); }
+	SYS__LWP_KILL            = 318 // { int|sys||_lwp_kill(lwpid_t target, int signo); }
+	SYS__LWP_DETACH          = 319 // { int|sys||_lwp_detach(lwpid_t target); }
+	SYS__LWP_UNPARK          = 321 // { int|sys||_lwp_unpark(lwpid_t target, const void *hint); }
+	SYS__LWP_UNPARK_ALL      = 322 // { ssize_t|sys||_lwp_unpark_all(const lwpid_t *targets, size_t ntargets, const void *hint); }
+	SYS__LWP_SETNAME         = 323 // { int|sys||_lwp_setname(lwpid_t target, const char *name); }
+	SYS__LWP_GETNAME         = 324 // { int|sys||_lwp_getname(lwpid_t target, char *name, size_t len); }
+	SYS__LWP_CTL             = 325 // { int|sys||_lwp_ctl(int features, struct lwpctl **address); }
+	SYS___SIGACTION_SIGTRAMP = 340 // { int|sys||__sigaction_sigtramp(int signum, const struct sigaction *nsa, struct sigaction *osa, const void *tramp, int vers); }
+	SYS_PMC_GET_INFO         = 341 // { int|sys||pmc_get_info(int ctr, int op, void *args); }
+	SYS_PMC_CONTROL          = 342 // { int|sys||pmc_control(int ctr, int op, void *args); }
+	SYS_RASCTL               = 343 // { int|sys||rasctl(void *addr, size_t len, int op); }
+	SYS_KQUEUE               = 344 // { int|sys||kqueue(void); }
+	SYS__SCHED_SETPARAM      = 346 // { int|sys||_sched_setparam(pid_t pid, lwpid_t lid, int policy, const struct sched_param *params); }
+	SYS__SCHED_GETPARAM      = 347 // { int|sys||_sched_getparam(pid_t pid, lwpid_t lid, int *policy, struct sched_param *params); }
+	SYS__SCHED_SETAFFINITY   = 348 // { int|sys||_sched_setaffinity(pid_t pid, lwpid_t lid, size_t size, const cpuset_t *cpuset); }
+	SYS__SCHED_GETAFFINITY   = 349 // { int|sys||_sched_getaffinity(pid_t pid, lwpid_t lid, size_t size, cpuset_t *cpuset); }
+	SYS_SCHED_YIELD          = 350 // { int|sys||sched_yield(void); }
+	SYS_FSYNC_RANGE          = 354 // { int|sys||fsync_range(int fd, int flags, off_t start, off_t length); }
+	SYS_UUIDGEN              = 355 // { int|sys||uuidgen(struct uuid *store, int count); }
+	SYS_GETVFSSTAT           = 356 // { int|sys||getvfsstat(struct statvfs *buf, size_t bufsize, int flags); }
+	SYS_STATVFS1             = 357 // { int|sys||statvfs1(const char *path, struct statvfs *buf, int flags); }
+	SYS_FSTATVFS1            = 358 // { int|sys||fstatvfs1(int fd, struct statvfs *buf, int flags); }
+	SYS_EXTATTRCTL           = 360 // { int|sys||extattrctl(const char *path, int cmd, const char *filename, int attrnamespace, const char *attrname); }
+	SYS_EXTATTR_SET_FILE     = 361 // { int|sys||extattr_set_file(const char *path, int attrnamespace, const char *attrname, const void *data, size_t nbytes); }
+	SYS_EXTATTR_GET_FILE     = 362 // { ssize_t|sys||extattr_get_file(const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_DELETE_FILE  = 363 // { int|sys||extattr_delete_file(const char *path, int attrnamespace, const char *attrname); }
+	SYS_EXTATTR_SET_FD       = 364 // { int|sys||extattr_set_fd(int fd, int attrnamespace, const char *attrname, const void *data, size_t nbytes); }
+	SYS_EXTATTR_GET_FD       = 365 // { ssize_t|sys||extattr_get_fd(int fd, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_DELETE_FD    = 366 // { int|sys||extattr_delete_fd(int fd, int attrnamespace, const char *attrname); }
+	SYS_EXTATTR_SET_LINK     = 367 // { int|sys||extattr_set_link(const char *path, int attrnamespace, const char *attrname, const void *data, size_t nbytes); }
+	SYS_EXTATTR_GET_LINK     = 368 // { ssize_t|sys||extattr_get_link(const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_DELETE_LINK  = 369 // { int|sys||extattr_delete_link(const char *path, int attrnamespace, const char *attrname); }
+	SYS_EXTATTR_LIST_FD      = 370 // { ssize_t|sys||extattr_list_fd(int fd, int attrnamespace, void *data, size_t nbytes); }
+	SYS_EXTATTR_LIST_FILE    = 371 // { ssize_t|sys||extattr_list_file(const char *path, int attrnamespace, void *data, size_t nbytes); }
+	SYS_EXTATTR_LIST_LINK    = 372 // { ssize_t|sys||extattr_list_link(const char *path, int attrnamespace, void *data, size_t nbytes); }
+	SYS_SETXATTR             = 375 // { int|sys||setxattr(const char *path, const char *name, const void *value, size_t size, int flags); }
+	SYS_LSETXATTR            = 376 // { int|sys||lsetxattr(const char *path, const char *name, const void *value, size_t size, int flags); }
+	SYS_FSETXATTR            = 377 // { int|sys||fsetxattr(int fd, const char *name, const void *value, size_t size, int flags); }
+	SYS_GETXATTR             = 378 // { int|sys||getxattr(const char *path, const char *name, void *value, size_t size); }
+	SYS_LGETXATTR            = 379 // { int|sys||lgetxattr(const char *path, const char *name, void *value, size_t size); }
+	SYS_FGETXATTR            = 380 // { int|sys||fgetxattr(int fd, const char *name, void *value, size_t size); }
+	SYS_LISTXATTR            = 381 // { int|sys||listxattr(const char *path, char *list, size_t size); }
+	SYS_LLISTXATTR           = 382 // { int|sys||llistxattr(const char *path, char *list, size_t size); }
+	SYS_FLISTXATTR           = 383 // { int|sys||flistxattr(int fd, char *list, size_t size); }
+	SYS_REMOVEXATTR          = 384 // { int|sys||removexattr(const char *path, const char *name); }
+	SYS_LREMOVEXATTR         = 385 // { int|sys||lremovexattr(const char *path, const char *name); }
+	SYS_FREMOVEXATTR         = 386 // { int|sys||fremovexattr(int fd, const char *name); }
+	SYS_GETDENTS             = 390 // { int|sys|30|getdents(int fd, char *buf, size_t count); }
+	SYS_SOCKET               = 394 // { int|sys|30|socket(int domain, int type, int protocol); }
+	SYS_GETFH                = 395 // { int|sys|30|getfh(const char *fname, void *fhp, size_t *fh_size); }
+	SYS_MOUNT                = 410 // { int|sys|50|mount(const char *type, const char *path, int flags, void *data, size_t data_len); }
+	SYS_MREMAP               = 411 // { void *|sys||mremap(void *old_address, size_t old_size, void *new_address, size_t new_size, int flags); }
+	SYS_PSET_CREATE          = 412 // { int|sys||pset_create(psetid_t *psid); }
+	SYS_PSET_DESTROY         = 413 // { int|sys||pset_destroy(psetid_t psid); }
+	SYS_PSET_ASSIGN          = 414 // { int|sys||pset_assign(psetid_t psid, cpuid_t cpuid, psetid_t *opsid); }
+	SYS__PSET_BIND           = 415 // { int|sys||_pset_bind(idtype_t idtype, id_t first_id, id_t second_id, psetid_t psid, psetid_t *opsid); }
+	SYS_POSIX_FADVISE        = 416 // { int|sys|50|posix_fadvise(int fd, int PAD, off_t offset, off_t len, int advice); }
+	SYS_SELECT               = 417 // { int|sys|50|select(int nd, fd_set *in, fd_set *ou, fd_set *ex, struct timeval *tv); }
+	SYS_GETTIMEOFDAY         = 418 // { int|sys|50|gettimeofday(struct timeval *tp, void *tzp); }
+	SYS_SETTIMEOFDAY         = 419 // { int|sys|50|settimeofday(const struct timeval *tv, const void *tzp); }
+	SYS_UTIMES               = 420 // { int|sys|50|utimes(const char *path, const struct timeval *tptr); }
+	SYS_ADJTIME              = 421 // { int|sys|50|adjtime(const struct timeval *delta, struct timeval *olddelta); }
+	SYS_FUTIMES              = 423 // { int|sys|50|futimes(int fd, const struct timeval *tptr); }
+	SYS_LUTIMES              = 424 // { int|sys|50|lutimes(const char *path, const struct timeval *tptr); }
+	SYS_SETITIMER            = 425 // { int|sys|50|setitimer(int which, const struct itimerval *itv, struct itimerval *oitv); }
+	SYS_GETITIMER            = 426 // { int|sys|50|getitimer(int which, struct itimerval *itv); }
+	SYS_CLOCK_GETTIME        = 427 // { int|sys|50|clock_gettime(clockid_t clock_id, struct timespec *tp); }
+	SYS_CLOCK_SETTIME        = 428 // { int|sys|50|clock_settime(clockid_t clock_id, const struct timespec *tp); }
+	SYS_CLOCK_GETRES         = 429 // { int|sys|50|clock_getres(clockid_t clock_id, struct timespec *tp); }
+	SYS_NANOSLEEP            = 430 // { int|sys|50|nanosleep(const struct timespec *rqtp, struct timespec *rmtp); }
+	SYS___SIGTIMEDWAIT       = 431 // { int|sys|50|__sigtimedwait(const sigset_t *set, siginfo_t *info, struct timespec *timeout); }
+	SYS__LWP_PARK            = 434 // { int|sys|50|_lwp_park(const struct timespec *ts, lwpid_t unpark, const void *hint, const void *unparkhint); }
+	SYS_KEVENT               = 435 // { int|sys|50|kevent(int fd, const struct kevent *changelist, size_t nchanges, struct kevent *eventlist, size_t nevents, const struct timespec *timeout); }
+	SYS_PSELECT              = 436 // { int|sys|50|pselect(int nd, fd_set *in, fd_set *ou, fd_set *ex, const struct timespec *ts, const sigset_t *mask); }
+	SYS_POLLTS               = 437 // { int|sys|50|pollts(struct pollfd *fds, u_int nfds, const struct timespec *ts, const sigset_t *mask); }
+	SYS_STAT                 = 439 // { int|sys|50|stat(const char *path, struct stat *ub); }
+	SYS_FSTAT                = 440 // { int|sys|50|fstat(int fd, struct stat *sb); }
+	SYS_LSTAT                = 441 // { int|sys|50|lstat(const char *path, struct stat *ub); }
+	SYS___SEMCTL             = 442 // { int|sys|50|__semctl(int semid, int semnum, int cmd, ... union __semun *arg); }
+	SYS_SHMCTL               = 443 // { int|sys|50|shmctl(int shmid, int cmd, struct shmid_ds *buf); }
+	SYS_MSGCTL               = 444 // { int|sys|50|msgctl(int msqid, int cmd, struct msqid_ds *buf); }
+	SYS_GETRUSAGE            = 445 // { int|sys|50|getrusage(int who, struct rusage *rusage); }
+	SYS_TIMER_SETTIME        = 446 // { int|sys|50|timer_settime(timer_t timerid, int flags, const struct itimerspec *value, struct itimerspec *ovalue); }
+	SYS_TIMER_GETTIME        = 447 // { int|sys|50|timer_gettime(timer_t timerid, struct itimerspec *value); }
+	SYS_NTP_GETTIME          = 448 // { int|sys|50|ntp_gettime(struct ntptimeval *ntvp); }
+	SYS_WAIT4                = 449 // { int|sys|50|wait4(pid_t pid, int *status, int options, struct rusage *rusage); }
+	SYS_MKNOD                = 450 // { int|sys|50|mknod(const char *path, mode_t mode, dev_t dev); }
+	SYS_FHSTAT               = 451 // { int|sys|50|fhstat(const void *fhp, size_t fh_size, struct stat *sb); }
+	SYS_PIPE2                = 453 // { int|sys||pipe2(int *fildes, int flags); }
+	SYS_DUP3                 = 454 // { int|sys||dup3(int from, int to, int flags); }
+	SYS_KQUEUE1              = 455 // { int|sys||kqueue1(int flags); }
+	SYS_PACCEPT              = 456 // { int|sys||paccept(int s, struct sockaddr *name, socklen_t *anamelen, const sigset_t *mask, int flags); }
+	SYS_LINKAT               = 457 // { int|sys||linkat(int fd1, const char *name1, int fd2, const char *name2, int flags); }
+	SYS_RENAMEAT             = 458 // { int|sys||renameat(int fromfd, const char *from, int tofd, const char *to); }
+	SYS_MKFIFOAT             = 459 // { int|sys||mkfifoat(int fd, const char *path, mode_t mode); }
+	SYS_MKNODAT              = 460 // { int|sys||mknodat(int fd, const char *path, mode_t mode, uint32_t dev); }
+	SYS_MKDIRAT              = 461 // { int|sys||mkdirat(int fd, const char *path, mode_t mode); }
+	SYS_FACCESSAT            = 462 // { int|sys||faccessat(int fd, const char *path, int amode, int flag); }
+	SYS_FCHMODAT             = 463 // { int|sys||fchmodat(int fd, const char *path, mode_t mode, int flag); }
+	SYS_FCHOWNAT             = 464 // { int|sys||fchownat(int fd, const char *path, uid_t owner, gid_t group, int flag); }
+	SYS_FEXECVE              = 465 // { int|sys||fexecve(int fd, char * const *argp, char * const *envp); }
+	SYS_FSTATAT              = 466 // { int|sys||fstatat(int fd, const char *path, struct stat *buf, int flag); }
+	SYS_UTIMENSAT            = 467 // { int|sys||utimensat(int fd, const char *path, const struct timespec *tptr, int flag); }
+	SYS_OPENAT               = 468 // { int|sys||openat(int fd, const char *path, int oflags, ... mode_t mode); }
+	SYS_READLINKAT           = 469 // { int|sys||readlinkat(int fd, const char *path, char *buf, size_t bufsize); }
+	SYS_SYMLINKAT            = 470 // { int|sys||symlinkat(const char *path1, int fd, const char *path2); }
+	SYS_UNLINKAT             = 471 // { int|sys||unlinkat(int fd, const char *path, int flag); }
+	SYS_FUTIMENS             = 472 // { int|sys||futimens(int fd, const struct timespec *tptr); }
+	SYS___QUOTACTL           = 473 // { int|sys||__quotactl(const char *path, struct quotactl_args *args); }
+	SYS_POSIX_SPAWN          = 474 // { int|sys||posix_spawn(pid_t *pid, const char *path, const struct posix_spawn_file_actions *file_actions, const struct posix_spawnattr *attrp, char *const *argv, char *const *envp); }
+	SYS_RECVMMSG             = 475 // { int|sys||recvmmsg(int s, struct mmsghdr *mmsg, unsigned int vlen, unsigned int flags, struct timespec *timeout); }
+	SYS_SENDMMSG             = 476 // { int|sys||sendmmsg(int s, struct mmsghdr *mmsg, unsigned int vlen, unsigned int flags); }
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm64.go
new file mode 100644
index 000000000..0291c0931
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm64.go
@@ -0,0 +1,274 @@
+// go run mksysnum.go http://cvsweb.netbsd.org/bsdweb.cgi/~checkout~/src/sys/kern/syscalls.master
+// Code generated by the command above; DO NOT EDIT.
+
+// +build arm64,netbsd
+
+package unix
+
+const (
+	SYS_EXIT                 = 1   // { void|sys||exit(int rval); }
+	SYS_FORK                 = 2   // { int|sys||fork(void); }
+	SYS_READ                 = 3   // { ssize_t|sys||read(int fd, void *buf, size_t nbyte); }
+	SYS_WRITE                = 4   // { ssize_t|sys||write(int fd, const void *buf, size_t nbyte); }
+	SYS_OPEN                 = 5   // { int|sys||open(const char *path, int flags, ... mode_t mode); }
+	SYS_CLOSE                = 6   // { int|sys||close(int fd); }
+	SYS_LINK                 = 9   // { int|sys||link(const char *path, const char *link); }
+	SYS_UNLINK               = 10  // { int|sys||unlink(const char *path); }
+	SYS_CHDIR                = 12  // { int|sys||chdir(const char *path); }
+	SYS_FCHDIR               = 13  // { int|sys||fchdir(int fd); }
+	SYS_CHMOD                = 15  // { int|sys||chmod(const char *path, mode_t mode); }
+	SYS_CHOWN                = 16  // { int|sys||chown(const char *path, uid_t uid, gid_t gid); }
+	SYS_BREAK                = 17  // { int|sys||obreak(char *nsize); }
+	SYS_GETPID               = 20  // { pid_t|sys||getpid_with_ppid(void); }
+	SYS_UNMOUNT              = 22  // { int|sys||unmount(const char *path, int flags); }
+	SYS_SETUID               = 23  // { int|sys||setuid(uid_t uid); }
+	SYS_GETUID               = 24  // { uid_t|sys||getuid_with_euid(void); }
+	SYS_GETEUID              = 25  // { uid_t|sys||geteuid(void); }
+	SYS_PTRACE               = 26  // { int|sys||ptrace(int req, pid_t pid, void *addr, int data); }
+	SYS_RECVMSG              = 27  // { ssize_t|sys||recvmsg(int s, struct msghdr *msg, int flags); }
+	SYS_SENDMSG              = 28  // { ssize_t|sys||sendmsg(int s, const struct msghdr *msg, int flags); }
+	SYS_RECVFROM             = 29  // { ssize_t|sys||recvfrom(int s, void *buf, size_t len, int flags, struct sockaddr *from, socklen_t *fromlenaddr); }
+	SYS_ACCEPT               = 30  // { int|sys||accept(int s, struct sockaddr *name, socklen_t *anamelen); }
+	SYS_GETPEERNAME          = 31  // { int|sys||getpeername(int fdes, struct sockaddr *asa, socklen_t *alen); }
+	SYS_GETSOCKNAME          = 32  // { int|sys||getsockname(int fdes, struct sockaddr *asa, socklen_t *alen); }
+	SYS_ACCESS               = 33  // { int|sys||access(const char *path, int flags); }
+	SYS_CHFLAGS              = 34  // { int|sys||chflags(const char *path, u_long flags); }
+	SYS_FCHFLAGS             = 35  // { int|sys||fchflags(int fd, u_long flags); }
+	SYS_SYNC                 = 36  // { void|sys||sync(void); }
+	SYS_KILL                 = 37  // { int|sys||kill(pid_t pid, int signum); }
+	SYS_GETPPID              = 39  // { pid_t|sys||getppid(void); }
+	SYS_DUP                  = 41  // { int|sys||dup(int fd); }
+	SYS_PIPE                 = 42  // { int|sys||pipe(void); }
+	SYS_GETEGID              = 43  // { gid_t|sys||getegid(void); }
+	SYS_PROFIL               = 44  // { int|sys||profil(char *samples, size_t size, u_long offset, u_int scale); }
+	SYS_KTRACE               = 45  // { int|sys||ktrace(const char *fname, int ops, int facs, pid_t pid); }
+	SYS_GETGID               = 47  // { gid_t|sys||getgid_with_egid(void); }
+	SYS___GETLOGIN           = 49  // { int|sys||__getlogin(char *namebuf, size_t namelen); }
+	SYS___SETLOGIN           = 50  // { int|sys||__setlogin(const char *namebuf); }
+	SYS_ACCT                 = 51  // { int|sys||acct(const char *path); }
+	SYS_IOCTL                = 54  // { int|sys||ioctl(int fd, u_long com, ... void *data); }
+	SYS_REVOKE               = 56  // { int|sys||revoke(const char *path); }
+	SYS_SYMLINK              = 57  // { int|sys||symlink(const char *path, const char *link); }
+	SYS_READLINK             = 58  // { ssize_t|sys||readlink(const char *path, char *buf, size_t count); }
+	SYS_EXECVE               = 59  // { int|sys||execve(const char *path, char * const *argp, char * const *envp); }
+	SYS_UMASK                = 60  // { mode_t|sys||umask(mode_t newmask); }
+	SYS_CHROOT               = 61  // { int|sys||chroot(const char *path); }
+	SYS_VFORK                = 66  // { int|sys||vfork(void); }
+	SYS_SBRK                 = 69  // { int|sys||sbrk(intptr_t incr); }
+	SYS_SSTK                 = 70  // { int|sys||sstk(int incr); }
+	SYS_VADVISE              = 72  // { int|sys||ovadvise(int anom); }
+	SYS_MUNMAP               = 73  // { int|sys||munmap(void *addr, size_t len); }
+	SYS_MPROTECT             = 74  // { int|sys||mprotect(void *addr, size_t len, int prot); }
+	SYS_MADVISE              = 75  // { int|sys||madvise(void *addr, size_t len, int behav); }
+	SYS_MINCORE              = 78  // { int|sys||mincore(void *addr, size_t len, char *vec); }
+	SYS_GETGROUPS            = 79  // { int|sys||getgroups(int gidsetsize, gid_t *gidset); }
+	SYS_SETGROUPS            = 80  // { int|sys||setgroups(int gidsetsize, const gid_t *gidset); }
+	SYS_GETPGRP              = 81  // { int|sys||getpgrp(void); }
+	SYS_SETPGID              = 82  // { int|sys||setpgid(pid_t pid, pid_t pgid); }
+	SYS_DUP2                 = 90  // { int|sys||dup2(int from, int to); }
+	SYS_FCNTL                = 92  // { int|sys||fcntl(int fd, int cmd, ... void *arg); }
+	SYS_FSYNC                = 95  // { int|sys||fsync(int fd); }
+	SYS_SETPRIORITY          = 96  // { int|sys||setpriority(int which, id_t who, int prio); }
+	SYS_CONNECT              = 98  // { int|sys||connect(int s, const struct sockaddr *name, socklen_t namelen); }
+	SYS_GETPRIORITY          = 100 // { int|sys||getpriority(int which, id_t who); }
+	SYS_BIND                 = 104 // { int|sys||bind(int s, const struct sockaddr *name, socklen_t namelen); }
+	SYS_SETSOCKOPT           = 105 // { int|sys||setsockopt(int s, int level, int name, const void *val, socklen_t valsize); }
+	SYS_LISTEN               = 106 // { int|sys||listen(int s, int backlog); }
+	SYS_GETSOCKOPT           = 118 // { int|sys||getsockopt(int s, int level, int name, void *val, socklen_t *avalsize); }
+	SYS_READV                = 120 // { ssize_t|sys||readv(int fd, const struct iovec *iovp, int iovcnt); }
+	SYS_WRITEV               = 121 // { ssize_t|sys||writev(int fd, const struct iovec *iovp, int iovcnt); }
+	SYS_FCHOWN               = 123 // { int|sys||fchown(int fd, uid_t uid, gid_t gid); }
+	SYS_FCHMOD               = 124 // { int|sys||fchmod(int fd, mode_t mode); }
+	SYS_SETREUID             = 126 // { int|sys||setreuid(uid_t ruid, uid_t euid); }
+	SYS_SETREGID             = 127 // { int|sys||setregid(gid_t rgid, gid_t egid); }
+	SYS_RENAME               = 128 // { int|sys||rename(const char *from, const char *to); }
+	SYS_FLOCK                = 131 // { int|sys||flock(int fd, int how); }
+	SYS_MKFIFO               = 132 // { int|sys||mkfifo(const char *path, mode_t mode); }
+	SYS_SENDTO               = 133 // { ssize_t|sys||sendto(int s, const void *buf, size_t len, int flags, const struct sockaddr *to, socklen_t tolen); }
+	SYS_SHUTDOWN             = 134 // { int|sys||shutdown(int s, int how); }
+	SYS_SOCKETPAIR           = 135 // { int|sys||socketpair(int domain, int type, int protocol, int *rsv); }
+	SYS_MKDIR                = 136 // { int|sys||mkdir(const char *path, mode_t mode); }
+	SYS_RMDIR                = 137 // { int|sys||rmdir(const char *path); }
+	SYS_SETSID               = 147 // { int|sys||setsid(void); }
+	SYS_SYSARCH              = 165 // { int|sys||sysarch(int op, void *parms); }
+	SYS_PREAD                = 173 // { ssize_t|sys||pread(int fd, void *buf, size_t nbyte, int PAD, off_t offset); }
+	SYS_PWRITE               = 174 // { ssize_t|sys||pwrite(int fd, const void *buf, size_t nbyte, int PAD, off_t offset); }
+	SYS_NTP_ADJTIME          = 176 // { int|sys||ntp_adjtime(struct timex *tp); }
+	SYS_SETGID               = 181 // { int|sys||setgid(gid_t gid); }
+	SYS_SETEGID              = 182 // { int|sys||setegid(gid_t egid); }
+	SYS_SETEUID              = 183 // { int|sys||seteuid(uid_t euid); }
+	SYS_PATHCONF             = 191 // { long|sys||pathconf(const char *path, int name); }
+	SYS_FPATHCONF            = 192 // { long|sys||fpathconf(int fd, int name); }
+	SYS_GETRLIMIT            = 194 // { int|sys||getrlimit(int which, struct rlimit *rlp); }
+	SYS_SETRLIMIT            = 195 // { int|sys||setrlimit(int which, const struct rlimit *rlp); }
+	SYS_MMAP                 = 197 // { void *|sys||mmap(void *addr, size_t len, int prot, int flags, int fd, long PAD, off_t pos); }
+	SYS_LSEEK                = 199 // { off_t|sys||lseek(int fd, int PAD, off_t offset, int whence); }
+	SYS_TRUNCATE             = 200 // { int|sys||truncate(const char *path, int PAD, off_t length); }
+	SYS_FTRUNCATE            = 201 // { int|sys||ftruncate(int fd, int PAD, off_t length); }
+	SYS___SYSCTL             = 202 // { int|sys||__sysctl(const int *name, u_int namelen, void *old, size_t *oldlenp, const void *new, size_t newlen); }
+	SYS_MLOCK                = 203 // { int|sys||mlock(const void *addr, size_t len); }
+	SYS_MUNLOCK              = 204 // { int|sys||munlock(const void *addr, size_t len); }
+	SYS_UNDELETE             = 205 // { int|sys||undelete(const char *path); }
+	SYS_GETPGID              = 207 // { pid_t|sys||getpgid(pid_t pid); }
+	SYS_REBOOT               = 208 // { int|sys||reboot(int opt, char *bootstr); }
+	SYS_POLL                 = 209 // { int|sys||poll(struct pollfd *fds, u_int nfds, int timeout); }
+	SYS_SEMGET               = 221 // { int|sys||semget(key_t key, int nsems, int semflg); }
+	SYS_SEMOP                = 222 // { int|sys||semop(int semid, struct sembuf *sops, size_t nsops); }
+	SYS_SEMCONFIG            = 223 // { int|sys||semconfig(int flag); }
+	SYS_MSGGET               = 225 // { int|sys||msgget(key_t key, int msgflg); }
+	SYS_MSGSND               = 226 // { int|sys||msgsnd(int msqid, const void *msgp, size_t msgsz, int msgflg); }
+	SYS_MSGRCV               = 227 // { ssize_t|sys||msgrcv(int msqid, void *msgp, size_t msgsz, long msgtyp, int msgflg); }
+	SYS_SHMAT                = 228 // { void *|sys||shmat(int shmid, const void *shmaddr, int shmflg); }
+	SYS_SHMDT                = 230 // { int|sys||shmdt(const void *shmaddr); }
+	SYS_SHMGET               = 231 // { int|sys||shmget(key_t key, size_t size, int shmflg); }
+	SYS_TIMER_CREATE         = 235 // { int|sys||timer_create(clockid_t clock_id, struct sigevent *evp, timer_t *timerid); }
+	SYS_TIMER_DELETE         = 236 // { int|sys||timer_delete(timer_t timerid); }
+	SYS_TIMER_GETOVERRUN     = 239 // { int|sys||timer_getoverrun(timer_t timerid); }
+	SYS_FDATASYNC            = 241 // { int|sys||fdatasync(int fd); }
+	SYS_MLOCKALL             = 242 // { int|sys||mlockall(int flags); }
+	SYS_MUNLOCKALL           = 243 // { int|sys||munlockall(void); }
+	SYS_SIGQUEUEINFO         = 245 // { int|sys||sigqueueinfo(pid_t pid, const siginfo_t *info); }
+	SYS_MODCTL               = 246 // { int|sys||modctl(int cmd, void *arg); }
+	SYS___POSIX_RENAME       = 270 // { int|sys||__posix_rename(const char *from, const char *to); }
+	SYS_SWAPCTL              = 271 // { int|sys||swapctl(int cmd, void *arg, int misc); }
+	SYS_MINHERIT             = 273 // { int|sys||minherit(void *addr, size_t len, int inherit); }
+	SYS_LCHMOD               = 274 // { int|sys||lchmod(const char *path, mode_t mode); }
+	SYS_LCHOWN               = 275 // { int|sys||lchown(const char *path, uid_t uid, gid_t gid); }
+	SYS_MSYNC                = 277 // { int|sys|13|msync(void *addr, size_t len, int flags); }
+	SYS___POSIX_CHOWN        = 283 // { int|sys||__posix_chown(const char *path, uid_t uid, gid_t gid); }
+	SYS___POSIX_FCHOWN       = 284 // { int|sys||__posix_fchown(int fd, uid_t uid, gid_t gid); }
+	SYS___POSIX_LCHOWN       = 285 // { int|sys||__posix_lchown(const char *path, uid_t uid, gid_t gid); }
+	SYS_GETSID               = 286 // { pid_t|sys||getsid(pid_t pid); }
+	SYS___CLONE              = 287 // { pid_t|sys||__clone(int flags, void *stack); }
+	SYS_FKTRACE              = 288 // { int|sys||fktrace(int fd, int ops, int facs, pid_t pid); }
+	SYS_PREADV               = 289 // { ssize_t|sys||preadv(int fd, const struct iovec *iovp, int iovcnt, int PAD, off_t offset); }
+	SYS_PWRITEV              = 290 // { ssize_t|sys||pwritev(int fd, const struct iovec *iovp, int iovcnt, int PAD, off_t offset); }
+	SYS___GETCWD             = 296 // { int|sys||__getcwd(char *bufp, size_t length); }
+	SYS_FCHROOT              = 297 // { int|sys||fchroot(int fd); }
+	SYS_LCHFLAGS             = 304 // { int|sys||lchflags(const char *path, u_long flags); }
+	SYS_ISSETUGID            = 305 // { int|sys||issetugid(void); }
+	SYS_UTRACE               = 306 // { int|sys||utrace(const char *label, void *addr, size_t len); }
+	SYS_GETCONTEXT           = 307 // { int|sys||getcontext(struct __ucontext *ucp); }
+	SYS_SETCONTEXT           = 308 // { int|sys||setcontext(const struct __ucontext *ucp); }
+	SYS__LWP_CREATE          = 309 // { int|sys||_lwp_create(const struct __ucontext *ucp, u_long flags, lwpid_t *new_lwp); }
+	SYS__LWP_EXIT            = 310 // { int|sys||_lwp_exit(void); }
+	SYS__LWP_SELF            = 311 // { lwpid_t|sys||_lwp_self(void); }
+	SYS__LWP_WAIT            = 312 // { int|sys||_lwp_wait(lwpid_t wait_for, lwpid_t *departed); }
+	SYS__LWP_SUSPEND         = 313 // { int|sys||_lwp_suspend(lwpid_t target); }
+	SYS__LWP_CONTINUE        = 314 // { int|sys||_lwp_continue(lwpid_t target); }
+	SYS__LWP_WAKEUP          = 315 // { int|sys||_lwp_wakeup(lwpid_t target); }
+	SYS__LWP_GETPRIVATE      = 316 // { void *|sys||_lwp_getprivate(void); }
+	SYS__LWP_SETPRIVATE      = 317 // { void|sys||_lwp_setprivate(void *ptr); }
+	SYS__LWP_KILL            = 318 // { int|sys||_lwp_kill(lwpid_t target, int signo); }
+	SYS__LWP_DETACH          = 319 // { int|sys||_lwp_detach(lwpid_t target); }
+	SYS__LWP_UNPARK          = 321 // { int|sys||_lwp_unpark(lwpid_t target, const void *hint); }
+	SYS__LWP_UNPARK_ALL      = 322 // { ssize_t|sys||_lwp_unpark_all(const lwpid_t *targets, size_t ntargets, const void *hint); }
+	SYS__LWP_SETNAME         = 323 // { int|sys||_lwp_setname(lwpid_t target, const char *name); }
+	SYS__LWP_GETNAME         = 324 // { int|sys||_lwp_getname(lwpid_t target, char *name, size_t len); }
+	SYS__LWP_CTL             = 325 // { int|sys||_lwp_ctl(int features, struct lwpctl **address); }
+	SYS___SIGACTION_SIGTRAMP = 340 // { int|sys||__sigaction_sigtramp(int signum, const struct sigaction *nsa, struct sigaction *osa, const void *tramp, int vers); }
+	SYS_PMC_GET_INFO         = 341 // { int|sys||pmc_get_info(int ctr, int op, void *args); }
+	SYS_PMC_CONTROL          = 342 // { int|sys||pmc_control(int ctr, int op, void *args); }
+	SYS_RASCTL               = 343 // { int|sys||rasctl(void *addr, size_t len, int op); }
+	SYS_KQUEUE               = 344 // { int|sys||kqueue(void); }
+	SYS__SCHED_SETPARAM      = 346 // { int|sys||_sched_setparam(pid_t pid, lwpid_t lid, int policy, const struct sched_param *params); }
+	SYS__SCHED_GETPARAM      = 347 // { int|sys||_sched_getparam(pid_t pid, lwpid_t lid, int *policy, struct sched_param *params); }
+	SYS__SCHED_SETAFFINITY   = 348 // { int|sys||_sched_setaffinity(pid_t pid, lwpid_t lid, size_t size, const cpuset_t *cpuset); }
+	SYS__SCHED_GETAFFINITY   = 349 // { int|sys||_sched_getaffinity(pid_t pid, lwpid_t lid, size_t size, cpuset_t *cpuset); }
+	SYS_SCHED_YIELD          = 350 // { int|sys||sched_yield(void); }
+	SYS_FSYNC_RANGE          = 354 // { int|sys||fsync_range(int fd, int flags, off_t start, off_t length); }
+	SYS_UUIDGEN              = 355 // { int|sys||uuidgen(struct uuid *store, int count); }
+	SYS_GETVFSSTAT           = 356 // { int|sys||getvfsstat(struct statvfs *buf, size_t bufsize, int flags); }
+	SYS_STATVFS1             = 357 // { int|sys||statvfs1(const char *path, struct statvfs *buf, int flags); }
+	SYS_FSTATVFS1            = 358 // { int|sys||fstatvfs1(int fd, struct statvfs *buf, int flags); }
+	SYS_EXTATTRCTL           = 360 // { int|sys||extattrctl(const char *path, int cmd, const char *filename, int attrnamespace, const char *attrname); }
+	SYS_EXTATTR_SET_FILE     = 361 // { int|sys||extattr_set_file(const char *path, int attrnamespace, const char *attrname, const void *data, size_t nbytes); }
+	SYS_EXTATTR_GET_FILE     = 362 // { ssize_t|sys||extattr_get_file(const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_DELETE_FILE  = 363 // { int|sys||extattr_delete_file(const char *path, int attrnamespace, const char *attrname); }
+	SYS_EXTATTR_SET_FD       = 364 // { int|sys||extattr_set_fd(int fd, int attrnamespace, const char *attrname, const void *data, size_t nbytes); }
+	SYS_EXTATTR_GET_FD       = 365 // { ssize_t|sys||extattr_get_fd(int fd, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_DELETE_FD    = 366 // { int|sys||extattr_delete_fd(int fd, int attrnamespace, const char *attrname); }
+	SYS_EXTATTR_SET_LINK     = 367 // { int|sys||extattr_set_link(const char *path, int attrnamespace, const char *attrname, const void *data, size_t nbytes); }
+	SYS_EXTATTR_GET_LINK     = 368 // { ssize_t|sys||extattr_get_link(const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); }
+	SYS_EXTATTR_DELETE_LINK  = 369 // { int|sys||extattr_delete_link(const char *path, int attrnamespace, const char *attrname); }
+	SYS_EXTATTR_LIST_FD      = 370 // { ssize_t|sys||extattr_list_fd(int fd, int attrnamespace, void *data, size_t nbytes); }
+	SYS_EXTATTR_LIST_FILE    = 371 // { ssize_t|sys||extattr_list_file(const char *path, int attrnamespace, void *data, size_t nbytes); }
+	SYS_EXTATTR_LIST_LINK    = 372 // { ssize_t|sys||extattr_list_link(const char *path, int attrnamespace, void *data, size_t nbytes); }
+	SYS_SETXATTR             = 375 // { int|sys||setxattr(const char *path, const char *name, const void *value, size_t size, int flags); }
+	SYS_LSETXATTR            = 376 // { int|sys||lsetxattr(const char *path, const char *name, const void *value, size_t size, int flags); }
+	SYS_FSETXATTR            = 377 // { int|sys||fsetxattr(int fd, const char *name, const void *value, size_t size, int flags); }
+	SYS_GETXATTR             = 378 // { int|sys||getxattr(const char *path, const char *name, void *value, size_t size); }
+	SYS_LGETXATTR            = 379 // { int|sys||lgetxattr(const char *path, const char *name, void *value, size_t size); }
+	SYS_FGETXATTR            = 380 // { int|sys||fgetxattr(int fd, const char *name, void *value, size_t size); }
+	SYS_LISTXATTR            = 381 // { int|sys||listxattr(const char *path, char *list, size_t size); }
+	SYS_LLISTXATTR           = 382 // { int|sys||llistxattr(const char *path, char *list, size_t size); }
+	SYS_FLISTXATTR           = 383 // { int|sys||flistxattr(int fd, char *list, size_t size); }
+	SYS_REMOVEXATTR          = 384 // { int|sys||removexattr(const char *path, const char *name); }
+	SYS_LREMOVEXATTR         = 385 // { int|sys||lremovexattr(const char *path, const char *name); }
+	SYS_FREMOVEXATTR         = 386 // { int|sys||fremovexattr(int fd, const char *name); }
+	SYS_GETDENTS             = 390 // { int|sys|30|getdents(int fd, char *buf, size_t count); }
+	SYS_SOCKET               = 394 // { int|sys|30|socket(int domain, int type, int protocol); }
+	SYS_GETFH                = 395 // { int|sys|30|getfh(const char *fname, void *fhp, size_t *fh_size); }
+	SYS_MOUNT                = 410 // { int|sys|50|mount(const char *type, const char *path, int flags, void *data, size_t data_len); }
+	SYS_MREMAP               = 411 // { void *|sys||mremap(void *old_address, size_t old_size, void *new_address, size_t new_size, int flags); }
+	SYS_PSET_CREATE          = 412 // { int|sys||pset_create(psetid_t *psid); }
+	SYS_PSET_DESTROY         = 413 // { int|sys||pset_destroy(psetid_t psid); }
+	SYS_PSET_ASSIGN          = 414 // { int|sys||pset_assign(psetid_t psid, cpuid_t cpuid, psetid_t *opsid); }
+	SYS__PSET_BIND           = 415 // { int|sys||_pset_bind(idtype_t idtype, id_t first_id, id_t second_id, psetid_t psid, psetid_t *opsid); }
+	SYS_POSIX_FADVISE        = 416 // { int|sys|50|posix_fadvise(int fd, int PAD, off_t offset, off_t len, int advice); }
+	SYS_SELECT               = 417 // { int|sys|50|select(int nd, fd_set *in, fd_set *ou, fd_set *ex, struct timeval *tv); }
+	SYS_GETTIMEOFDAY         = 418 // { int|sys|50|gettimeofday(struct timeval *tp, void *tzp); }
+	SYS_SETTIMEOFDAY         = 419 // { int|sys|50|settimeofday(const struct timeval *tv, const void *tzp); }
+	SYS_UTIMES               = 420 // { int|sys|50|utimes(const char *path, const struct timeval *tptr); }
+	SYS_ADJTIME              = 421 // { int|sys|50|adjtime(const struct timeval *delta, struct timeval *olddelta); }
+	SYS_FUTIMES              = 423 // { int|sys|50|futimes(int fd, const struct timeval *tptr); }
+	SYS_LUTIMES              = 424 // { int|sys|50|lutimes(const char *path, const struct timeval *tptr); }
+	SYS_SETITIMER            = 425 // { int|sys|50|setitimer(int which, const struct itimerval *itv, struct itimerval *oitv); }
+	SYS_GETITIMER            = 426 // { int|sys|50|getitimer(int which, struct itimerval *itv); }
+	SYS_CLOCK_GETTIME        = 427 // { int|sys|50|clock_gettime(clockid_t clock_id, struct timespec *tp); }
+	SYS_CLOCK_SETTIME        = 428 // { int|sys|50|clock_settime(clockid_t clock_id, const struct timespec *tp); }
+	SYS_CLOCK_GETRES         = 429 // { int|sys|50|clock_getres(clockid_t clock_id, struct timespec *tp); }
+	SYS_NANOSLEEP            = 430 // { int|sys|50|nanosleep(const struct timespec *rqtp, struct timespec *rmtp); }
+	SYS___SIGTIMEDWAIT       = 431 // { int|sys|50|__sigtimedwait(const sigset_t *set, siginfo_t *info, struct timespec *timeout); }
+	SYS__LWP_PARK            = 434 // { int|sys|50|_lwp_park(const struct timespec *ts, lwpid_t unpark, const void *hint, const void *unparkhint); }
+	SYS_KEVENT               = 435 // { int|sys|50|kevent(int fd, const struct kevent *changelist, size_t nchanges, struct kevent *eventlist, size_t nevents, const struct timespec *timeout); }
+	SYS_PSELECT              = 436 // { int|sys|50|pselect(int nd, fd_set *in, fd_set *ou, fd_set *ex, const struct timespec *ts, const sigset_t *mask); }
+	SYS_POLLTS               = 437 // { int|sys|50|pollts(struct pollfd *fds, u_int nfds, const struct timespec *ts, const sigset_t *mask); }
+	SYS_STAT                 = 439 // { int|sys|50|stat(const char *path, struct stat *ub); }
+	SYS_FSTAT                = 440 // { int|sys|50|fstat(int fd, struct stat *sb); }
+	SYS_LSTAT                = 441 // { int|sys|50|lstat(const char *path, struct stat *ub); }
+	SYS___SEMCTL             = 442 // { int|sys|50|__semctl(int semid, int semnum, int cmd, ... union __semun *arg); }
+	SYS_SHMCTL               = 443 // { int|sys|50|shmctl(int shmid, int cmd, struct shmid_ds *buf); }
+	SYS_MSGCTL               = 444 // { int|sys|50|msgctl(int msqid, int cmd, struct msqid_ds *buf); }
+	SYS_GETRUSAGE            = 445 // { int|sys|50|getrusage(int who, struct rusage *rusage); }
+	SYS_TIMER_SETTIME        = 446 // { int|sys|50|timer_settime(timer_t timerid, int flags, const struct itimerspec *value, struct itimerspec *ovalue); }
+	SYS_TIMER_GETTIME        = 447 // { int|sys|50|timer_gettime(timer_t timerid, struct itimerspec *value); }
+	SYS_NTP_GETTIME          = 448 // { int|sys|50|ntp_gettime(struct ntptimeval *ntvp); }
+	SYS_WAIT4                = 449 // { int|sys|50|wait4(pid_t pid, int *status, int options, struct rusage *rusage); }
+	SYS_MKNOD                = 450 // { int|sys|50|mknod(const char *path, mode_t mode, dev_t dev); }
+	SYS_FHSTAT               = 451 // { int|sys|50|fhstat(const void *fhp, size_t fh_size, struct stat *sb); }
+	SYS_PIPE2                = 453 // { int|sys||pipe2(int *fildes, int flags); }
+	SYS_DUP3                 = 454 // { int|sys||dup3(int from, int to, int flags); }
+	SYS_KQUEUE1              = 455 // { int|sys||kqueue1(int flags); }
+	SYS_PACCEPT              = 456 // { int|sys||paccept(int s, struct sockaddr *name, socklen_t *anamelen, const sigset_t *mask, int flags); }
+	SYS_LINKAT               = 457 // { int|sys||linkat(int fd1, const char *name1, int fd2, const char *name2, int flags); }
+	SYS_RENAMEAT             = 458 // { int|sys||renameat(int fromfd, const char *from, int tofd, const char *to); }
+	SYS_MKFIFOAT             = 459 // { int|sys||mkfifoat(int fd, const char *path, mode_t mode); }
+	SYS_MKNODAT              = 460 // { int|sys||mknodat(int fd, const char *path, mode_t mode, uint32_t dev); }
+	SYS_MKDIRAT              = 461 // { int|sys||mkdirat(int fd, const char *path, mode_t mode); }
+	SYS_FACCESSAT            = 462 // { int|sys||faccessat(int fd, const char *path, int amode, int flag); }
+	SYS_FCHMODAT             = 463 // { int|sys||fchmodat(int fd, const char *path, mode_t mode, int flag); }
+	SYS_FCHOWNAT             = 464 // { int|sys||fchownat(int fd, const char *path, uid_t owner, gid_t group, int flag); }
+	SYS_FEXECVE              = 465 // { int|sys||fexecve(int fd, char * const *argp, char * const *envp); }
+	SYS_FSTATAT              = 466 // { int|sys||fstatat(int fd, const char *path, struct stat *buf, int flag); }
+	SYS_UTIMENSAT            = 467 // { int|sys||utimensat(int fd, const char *path, const struct timespec *tptr, int flag); }
+	SYS_OPENAT               = 468 // { int|sys||openat(int fd, const char *path, int oflags, ... mode_t mode); }
+	SYS_READLINKAT           = 469 // { int|sys||readlinkat(int fd, const char *path, char *buf, size_t bufsize); }
+	SYS_SYMLINKAT            = 470 // { int|sys||symlinkat(const char *path1, int fd, const char *path2); }
+	SYS_UNLINKAT             = 471 // { int|sys||unlinkat(int fd, const char *path, int flag); }
+	SYS_FUTIMENS             = 472 // { int|sys||futimens(int fd, const struct timespec *tptr); }
+	SYS___QUOTACTL           = 473 // { int|sys||__quotactl(const char *path, struct quotactl_args *args); }
+	SYS_POSIX_SPAWN          = 474 // { int|sys||posix_spawn(pid_t *pid, const char *path, const struct posix_spawn_file_actions *file_actions, const struct posix_spawnattr *attrp, char *const *argv, char *const *envp); }
+	SYS_RECVMMSG             = 475 // { int|sys||recvmmsg(int s, struct mmsghdr *mmsg, unsigned int vlen, unsigned int flags, struct timespec *timeout); }
+	SYS_SENDMMSG             = 476 // { int|sys||sendmmsg(int s, struct mmsghdr *mmsg, unsigned int vlen, unsigned int flags); }
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go
new file mode 100644
index 000000000..b0207d1c9
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go
@@ -0,0 +1,218 @@
+// go run mksysnum.go https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/sys/kern/syscalls.master
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build 386,openbsd
+
+package unix
+
+const (
+	SYS_EXIT           = 1   // { void sys_exit(int rval); }
+	SYS_FORK           = 2   // { int sys_fork(void); }
+	SYS_READ           = 3   // { ssize_t sys_read(int fd, void *buf, size_t nbyte); }
+	SYS_WRITE          = 4   // { ssize_t sys_write(int fd, const void *buf, size_t nbyte); }
+	SYS_OPEN           = 5   // { int sys_open(const char *path, int flags, ... mode_t mode); }
+	SYS_CLOSE          = 6   // { int sys_close(int fd); }
+	SYS_GETENTROPY     = 7   // { int sys_getentropy(void *buf, size_t nbyte); }
+	SYS___TFORK        = 8   // { int sys___tfork(const struct __tfork *param, size_t psize); }
+	SYS_LINK           = 9   // { int sys_link(const char *path, const char *link); }
+	SYS_UNLINK         = 10  // { int sys_unlink(const char *path); }
+	SYS_WAIT4          = 11  // { pid_t sys_wait4(pid_t pid, int *status, int options, struct rusage *rusage); }
+	SYS_CHDIR          = 12  // { int sys_chdir(const char *path); }
+	SYS_FCHDIR         = 13  // { int sys_fchdir(int fd); }
+	SYS_MKNOD          = 14  // { int sys_mknod(const char *path, mode_t mode, dev_t dev); }
+	SYS_CHMOD          = 15  // { int sys_chmod(const char *path, mode_t mode); }
+	SYS_CHOWN          = 16  // { int sys_chown(const char *path, uid_t uid, gid_t gid); }
+	SYS_OBREAK         = 17  // { int sys_obreak(char *nsize); } break
+	SYS_GETDTABLECOUNT = 18  // { int sys_getdtablecount(void); }
+	SYS_GETRUSAGE      = 19  // { int sys_getrusage(int who, struct rusage *rusage); }
+	SYS_GETPID         = 20  // { pid_t sys_getpid(void); }
+	SYS_MOUNT          = 21  // { int sys_mount(const char *type, const char *path, int flags, void *data); }
+	SYS_UNMOUNT        = 22  // { int sys_unmount(const char *path, int flags); }
+	SYS_SETUID         = 23  // { int sys_setuid(uid_t uid); }
+	SYS_GETUID         = 24  // { uid_t sys_getuid(void); }
+	SYS_GETEUID        = 25  // { uid_t sys_geteuid(void); }
+	SYS_PTRACE         = 26  // { int sys_ptrace(int req, pid_t pid, caddr_t addr, int data); }
+	SYS_RECVMSG        = 27  // { ssize_t sys_recvmsg(int s, struct msghdr *msg, int flags); }
+	SYS_SENDMSG        = 28  // { ssize_t sys_sendmsg(int s, const struct msghdr *msg, int flags); }
+	SYS_RECVFROM       = 29  // { ssize_t sys_recvfrom(int s, void *buf, size_t len, int flags, struct sockaddr *from, socklen_t *fromlenaddr); }
+	SYS_ACCEPT         = 30  // { int sys_accept(int s, struct sockaddr *name, socklen_t *anamelen); }
+	SYS_GETPEERNAME    = 31  // { int sys_getpeername(int fdes, struct sockaddr *asa, socklen_t *alen); }
+	SYS_GETSOCKNAME    = 32  // { int sys_getsockname(int fdes, struct sockaddr *asa, socklen_t *alen); }
+	SYS_ACCESS         = 33  // { int sys_access(const char *path, int amode); }
+	SYS_CHFLAGS        = 34  // { int sys_chflags(const char *path, u_int flags); }
+	SYS_FCHFLAGS       = 35  // { int sys_fchflags(int fd, u_int flags); }
+	SYS_SYNC           = 36  // { void sys_sync(void); }
+	SYS_STAT           = 38  // { int sys_stat(const char *path, struct stat *ub); }
+	SYS_GETPPID        = 39  // { pid_t sys_getppid(void); }
+	SYS_LSTAT          = 40  // { int sys_lstat(const char *path, struct stat *ub); }
+	SYS_DUP            = 41  // { int sys_dup(int fd); }
+	SYS_FSTATAT        = 42  // { int sys_fstatat(int fd, const char *path, struct stat *buf, int flag); }
+	SYS_GETEGID        = 43  // { gid_t sys_getegid(void); }
+	SYS_PROFIL         = 44  // { int sys_profil(caddr_t samples, size_t size, u_long offset, u_int scale); }
+	SYS_KTRACE         = 45  // { int sys_ktrace(const char *fname, int ops, int facs, pid_t pid); }
+	SYS_SIGACTION      = 46  // { int sys_sigaction(int signum, const struct sigaction *nsa, struct sigaction *osa); }
+	SYS_GETGID         = 47  // { gid_t sys_getgid(void); }
+	SYS_SIGPROCMASK    = 48  // { int sys_sigprocmask(int how, sigset_t mask); }
+	SYS_SETLOGIN       = 50  // { int sys_setlogin(const char *namebuf); }
+	SYS_ACCT           = 51  // { int sys_acct(const char *path); }
+	SYS_SIGPENDING     = 52  // { int sys_sigpending(void); }
+	SYS_FSTAT          = 53  // { int sys_fstat(int fd, struct stat *sb); }
+	SYS_IOCTL          = 54  // { int sys_ioctl(int fd, u_long com, ... void *data); }
+	SYS_REBOOT         = 55  // { int sys_reboot(int opt); }
+	SYS_REVOKE         = 56  // { int sys_revoke(const char *path); }
+	SYS_SYMLINK        = 57  // { int sys_symlink(const char *path, const char *link); }
+	SYS_READLINK       = 58  // { ssize_t sys_readlink(const char *path, char *buf, size_t count); }
+	SYS_EXECVE         = 59  // { int sys_execve(const char *path, char * const *argp, char * const *envp); }
+	SYS_UMASK          = 60  // { mode_t sys_umask(mode_t newmask); }
+	SYS_CHROOT         = 61  // { int sys_chroot(const char *path); }
+	SYS_GETFSSTAT      = 62  // { int sys_getfsstat(struct statfs *buf, size_t bufsize, int flags); }
+	SYS_STATFS         = 63  // { int sys_statfs(const char *path, struct statfs *buf); }
+	SYS_FSTATFS        = 64  // { int sys_fstatfs(int fd, struct statfs *buf); }
+	SYS_FHSTATFS       = 65  // { int sys_fhstatfs(const fhandle_t *fhp, struct statfs *buf); }
+	SYS_VFORK          = 66  // { int sys_vfork(void); }
+	SYS_GETTIMEOFDAY   = 67  // { int sys_gettimeofday(struct timeval *tp, struct timezone *tzp); }
+	SYS_SETTIMEOFDAY   = 68  // { int sys_settimeofday(const struct timeval *tv, const struct timezone *tzp); }
+	SYS_SETITIMER      = 69  // { int sys_setitimer(int which, const struct itimerval *itv, struct itimerval *oitv); }
+	SYS_GETITIMER      = 70  // { int sys_getitimer(int which, struct itimerval *itv); }
+	SYS_SELECT         = 71  // { int sys_select(int nd, fd_set *in, fd_set *ou, fd_set *ex, struct timeval *tv); }
+	SYS_KEVENT         = 72  // { int sys_kevent(int fd, const struct kevent *changelist, int nchanges, struct kevent *eventlist, int nevents, const struct timespec *timeout); }
+	SYS_MUNMAP         = 73  // { int sys_munmap(void *addr, size_t len); }
+	SYS_MPROTECT       = 74  // { int sys_mprotect(void *addr, size_t len, int prot); }
+	SYS_MADVISE        = 75  // { int sys_madvise(void *addr, size_t len, int behav); }
+	SYS_UTIMES         = 76  // { int sys_utimes(const char *path, const struct timeval *tptr); }
+	SYS_FUTIMES        = 77  // { int sys_futimes(int fd, const struct timeval *tptr); }
+	SYS_MINCORE        = 78  // { int sys_mincore(void *addr, size_t len, char *vec); }
+	SYS_GETGROUPS      = 79  // { int sys_getgroups(int gidsetsize, gid_t *gidset); }
+	SYS_SETGROUPS      = 80  // { int sys_setgroups(int gidsetsize, const gid_t *gidset); }
+	SYS_GETPGRP        = 81  // { int sys_getpgrp(void); }
+	SYS_SETPGID        = 82  // { int sys_setpgid(pid_t pid, pid_t pgid); }
+	SYS_FUTEX          = 83  // { int sys_futex(uint32_t *f, int op, int val, const struct timespec *timeout, uint32_t *g); }
+	SYS_UTIMENSAT      = 84  // { int sys_utimensat(int fd, const char *path, const struct timespec *times, int flag); }
+	SYS_FUTIMENS       = 85  // { int sys_futimens(int fd, const struct timespec *times); }
+	SYS_KBIND          = 86  // { int sys_kbind(const struct __kbind *param, size_t psize, int64_t proc_cookie); }
+	SYS_CLOCK_GETTIME  = 87  // { int sys_clock_gettime(clockid_t clock_id, struct timespec *tp); }
+	SYS_CLOCK_SETTIME  = 88  // { int sys_clock_settime(clockid_t clock_id, const struct timespec *tp); }
+	SYS_CLOCK_GETRES   = 89  // { int sys_clock_getres(clockid_t clock_id, struct timespec *tp); }
+	SYS_DUP2           = 90  // { int sys_dup2(int from, int to); }
+	SYS_NANOSLEEP      = 91  // { int sys_nanosleep(const struct timespec *rqtp, struct timespec *rmtp); }
+	SYS_FCNTL          = 92  // { int sys_fcntl(int fd, int cmd, ... void *arg); }
+	SYS_ACCEPT4        = 93  // { int sys_accept4(int s, struct sockaddr *name, socklen_t *anamelen, int flags); }
+	SYS___THRSLEEP     = 94  // { int sys___thrsleep(const volatile void *ident, clockid_t clock_id, const struct timespec *tp, void *lock, const int *abort); }
+	SYS_FSYNC          = 95  // { int sys_fsync(int fd); }
+	SYS_SETPRIORITY    = 96  // { int sys_setpriority(int which, id_t who, int prio); }
+	SYS_SOCKET         = 97  // { int sys_socket(int domain, int type, int protocol); }
+	SYS_CONNECT        = 98  // { int sys_connect(int s, const struct sockaddr *name, socklen_t namelen); }
+	SYS_GETDENTS       = 99  // { int sys_getdents(int fd, void *buf, size_t buflen); }
+	SYS_GETPRIORITY    = 100 // { int sys_getpriority(int which, id_t who); }
+	SYS_PIPE2          = 101 // { int sys_pipe2(int *fdp, int flags); }
+	SYS_DUP3           = 102 // { int sys_dup3(int from, int to, int flags); }
+	SYS_SIGRETURN      = 103 // { int sys_sigreturn(struct sigcontext *sigcntxp); }
+	SYS_BIND           = 104 // { int sys_bind(int s, const struct sockaddr *name, socklen_t namelen); }
+	SYS_SETSOCKOPT     = 105 // { int sys_setsockopt(int s, int level, int name, const void *val, socklen_t valsize); }
+	SYS_LISTEN         = 106 // { int sys_listen(int s, int backlog); }
+	SYS_CHFLAGSAT      = 107 // { int sys_chflagsat(int fd, const char *path, u_int flags, int atflags); }
+	SYS_PLEDGE         = 108 // { int sys_pledge(const char *promises, const char *execpromises); }
+	SYS_PPOLL          = 109 // { int sys_ppoll(struct pollfd *fds, u_int nfds, const struct timespec *ts, const sigset_t *mask); }
+	SYS_PSELECT        = 110 // { int sys_pselect(int nd, fd_set *in, fd_set *ou, fd_set *ex, const struct timespec *ts, const sigset_t *mask); }
+	SYS_SIGSUSPEND     = 111 // { int sys_sigsuspend(int mask); }
+	SYS_SENDSYSLOG     = 112 // { int sys_sendsyslog(const char *buf, size_t nbyte, int flags); }
+	SYS_UNVEIL         = 114 // { int sys_unveil(const char *path, const char *permissions); }
+	SYS_GETSOCKOPT     = 118 // { int sys_getsockopt(int s, int level, int name, void *val, socklen_t *avalsize); }
+	SYS_THRKILL        = 119 // { int sys_thrkill(pid_t tid, int signum, void *tcb); }
+	SYS_READV          = 120 // { ssize_t sys_readv(int fd, const struct iovec *iovp, int iovcnt); }
+	SYS_WRITEV         = 121 // { ssize_t sys_writev(int fd, const struct iovec *iovp, int iovcnt); }
+	SYS_KILL           = 122 // { int sys_kill(int pid, int signum); }
+	SYS_FCHOWN         = 123 // { int sys_fchown(int fd, uid_t uid, gid_t gid); }
+	SYS_FCHMOD         = 124 // { int sys_fchmod(int fd, mode_t mode); }
+	SYS_SETREUID       = 126 // { int sys_setreuid(uid_t ruid, uid_t euid); }
+	SYS_SETREGID       = 127 // { int sys_setregid(gid_t rgid, gid_t egid); }
+	SYS_RENAME         = 128 // { int sys_rename(const char *from, const char *to); }
+	SYS_FLOCK          = 131 // { int sys_flock(int fd, int how); }
+	SYS_MKFIFO         = 132 // { int sys_mkfifo(const char *path, mode_t mode); }
+	SYS_SENDTO         = 133 // { ssize_t sys_sendto(int s, const void *buf, size_t len, int flags, const struct sockaddr *to, socklen_t tolen); }
+	SYS_SHUTDOWN       = 134 // { int sys_shutdown(int s, int how); }
+	SYS_SOCKETPAIR     = 135 // { int sys_socketpair(int domain, int type, int protocol, int *rsv); }
+	SYS_MKDIR          = 136 // { int sys_mkdir(const char *path, mode_t mode); }
+	SYS_RMDIR          = 137 // { int sys_rmdir(const char *path); }
+	SYS_ADJTIME        = 140 // { int sys_adjtime(const struct timeval *delta, struct timeval *olddelta); }
+	SYS_GETLOGIN_R     = 141 // { int sys_getlogin_r(char *namebuf, u_int namelen); }
+	SYS_SETSID         = 147 // { int sys_setsid(void); }
+	SYS_QUOTACTL       = 148 // { int sys_quotactl(const char *path, int cmd, int uid, char *arg); }
+	SYS_NFSSVC         = 155 // { int sys_nfssvc(int flag, void *argp); }
+	SYS_GETFH          = 161 // { int sys_getfh(const char *fname, fhandle_t *fhp); }
+	SYS_SYSARCH        = 165 // { int sys_sysarch(int op, void *parms); }
+	SYS_PREAD          = 173 // { ssize_t sys_pread(int fd, void *buf, size_t nbyte, int pad, off_t offset); }
+	SYS_PWRITE         = 174 // { ssize_t sys_pwrite(int fd, const void *buf, size_t nbyte, int pad, off_t offset); }
+	SYS_SETGID         = 181 // { int sys_setgid(gid_t gid); }
+	SYS_SETEGID        = 182 // { int sys_setegid(gid_t egid); }
+	SYS_SETEUID        = 183 // { int sys_seteuid(uid_t euid); }
+	SYS_PATHCONF       = 191 // { long sys_pathconf(const char *path, int name); }
+	SYS_FPATHCONF      = 192 // { long sys_fpathconf(int fd, int name); }
+	SYS_SWAPCTL        = 193 // { int sys_swapctl(int cmd, const void *arg, int misc); }
+	SYS_GETRLIMIT      = 194 // { int sys_getrlimit(int which, struct rlimit *rlp); }
+	SYS_SETRLIMIT      = 195 // { int sys_setrlimit(int which, const struct rlimit *rlp); }
+	SYS_MMAP           = 197 // { void *sys_mmap(void *addr, size_t len, int prot, int flags, int fd, long pad, off_t pos); }
+	SYS_LSEEK          = 199 // { off_t sys_lseek(int fd, int pad, off_t offset, int whence); }
+	SYS_TRUNCATE       = 200 // { int sys_truncate(const char *path, int pad, off_t length); }
+	SYS_FTRUNCATE      = 201 // { int sys_ftruncate(int fd, int pad, off_t length); }
+	SYS_SYSCTL         = 202 // { int sys_sysctl(const int *name, u_int namelen, void *old, size_t *oldlenp, void *new, size_t newlen); }
+	SYS_MLOCK          = 203 // { int sys_mlock(const void *addr, size_t len); }
+	SYS_MUNLOCK        = 204 // { int sys_munlock(const void *addr, size_t len); }
+	SYS_GETPGID        = 207 // { pid_t sys_getpgid(pid_t pid); }
+	SYS_UTRACE         = 209 // { int sys_utrace(const char *label, const void *addr, size_t len); }
+	SYS_SEMGET         = 221 // { int sys_semget(key_t key, int nsems, int semflg); }
+	SYS_MSGGET         = 225 // { int sys_msgget(key_t key, int msgflg); }
+	SYS_MSGSND         = 226 // { int sys_msgsnd(int msqid, const void *msgp, size_t msgsz, int msgflg); }
+	SYS_MSGRCV         = 227 // { int sys_msgrcv(int msqid, void *msgp, size_t msgsz, long msgtyp, int msgflg); }
+	SYS_SHMAT          = 228 // { void *sys_shmat(int shmid, const void *shmaddr, int shmflg); }
+	SYS_SHMDT          = 230 // { int sys_shmdt(const void *shmaddr); }
+	SYS_MINHERIT       = 250 // { int sys_minherit(void *addr, size_t len, int inherit); }
+	SYS_POLL           = 252 // { int sys_poll(struct pollfd *fds, u_int nfds, int timeout); }
+	SYS_ISSETUGID      = 253 // { int sys_issetugid(void); }
+	SYS_LCHOWN         = 254 // { int sys_lchown(const char *path, uid_t uid, gid_t gid); }
+	SYS_GETSID         = 255 // { pid_t sys_getsid(pid_t pid); }
+	SYS_MSYNC          = 256 // { int sys_msync(void *addr, size_t len, int flags); }
+	SYS_PIPE           = 263 // { int sys_pipe(int *fdp); }
+	SYS_FHOPEN         = 264 // { int sys_fhopen(const fhandle_t *fhp, int flags); }
+	SYS_PREADV         = 267 // { ssize_t sys_preadv(int fd, const struct iovec *iovp, int iovcnt, int pad, off_t offset); }
+	SYS_PWRITEV        = 268 // { ssize_t sys_pwritev(int fd, const struct iovec *iovp, int iovcnt, int pad, off_t offset); }
+	SYS_KQUEUE         = 269 // { int sys_kqueue(void); }
+	SYS_MLOCKALL       = 271 // { int sys_mlockall(int flags); }
+	SYS_MUNLOCKALL     = 272 // { int sys_munlockall(void); }
+	SYS_GETRESUID      = 281 // { int sys_getresuid(uid_t *ruid, uid_t *euid, uid_t *suid); }
+	SYS_SETRESUID      = 282 // { int sys_setresuid(uid_t ruid, uid_t euid, uid_t suid); }
+	SYS_GETRESGID      = 283 // { int sys_getresgid(gid_t *rgid, gid_t *egid, gid_t *sgid); }
+	SYS_SETRESGID      = 284 // { int sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid); }
+	SYS_MQUERY         = 286 // { void *sys_mquery(void *addr, size_t len, int prot, int flags, int fd, long pad, off_t pos); }
+	SYS_CLOSEFROM      = 287 // { int sys_closefrom(int fd); }
+	SYS_SIGALTSTACK    = 288 // { int sys_sigaltstack(const struct sigaltstack *nss, struct sigaltstack *oss); }
+	SYS_SHMGET         = 289 // { int sys_shmget(key_t key, size_t size, int shmflg); }
+	SYS_SEMOP          = 290 // { int sys_semop(int semid, struct sembuf *sops, size_t nsops); }
+	SYS_FHSTAT         = 294 // { int sys_fhstat(const fhandle_t *fhp, struct stat *sb); }
+	SYS___SEMCTL       = 295 // { int sys___semctl(int semid, int semnum, int cmd, union semun *arg); }
+	SYS_SHMCTL         = 296 // { int sys_shmctl(int shmid, int cmd, struct shmid_ds *buf); }
+	SYS_MSGCTL         = 297 // { int sys_msgctl(int msqid, int cmd, struct msqid_ds *buf); }
+	SYS_SCHED_YIELD    = 298 // { int sys_sched_yield(void); }
+	SYS_GETTHRID       = 299 // { pid_t sys_getthrid(void); }
+	SYS___THRWAKEUP    = 301 // { int sys___thrwakeup(const volatile void *ident, int n); }
+	SYS___THREXIT      = 302 // { void sys___threxit(pid_t *notdead); }
+	SYS___THRSIGDIVERT = 303 // { int sys___thrsigdivert(sigset_t sigmask, siginfo_t *info, const struct timespec *timeout); }
+	SYS___GETCWD       = 304 // { int sys___getcwd(char *buf, size_t len); }
+	SYS_ADJFREQ        = 305 // { int sys_adjfreq(const int64_t *freq, int64_t *oldfreq); }
+	SYS_SETRTABLE      = 310 // { int sys_setrtable(int rtableid); }
+	SYS_GETRTABLE      = 311 // { int sys_getrtable(void); }
+	SYS_FACCESSAT      = 313 // { int sys_faccessat(int fd, const char *path, int amode, int flag); }
+	SYS_FCHMODAT       = 314 // { int sys_fchmodat(int fd, const char *path, mode_t mode, int flag); }
+	SYS_FCHOWNAT       = 315 // { int sys_fchownat(int fd, const char *path, uid_t uid, gid_t gid, int flag); }
+	SYS_LINKAT         = 317 // { int sys_linkat(int fd1, const char *path1, int fd2, const char *path2, int flag); }
+	SYS_MKDIRAT        = 318 // { int sys_mkdirat(int fd, const char *path, mode_t mode); }
+	SYS_MKFIFOAT       = 319 // { int sys_mkfifoat(int fd, const char *path, mode_t mode); }
+	SYS_MKNODAT        = 320 // { int sys_mknodat(int fd, const char *path, mode_t mode, dev_t dev); }
+	SYS_OPENAT         = 321 // { int sys_openat(int fd, const char *path, int flags, ... mode_t mode); }
+	SYS_READLINKAT     = 322 // { ssize_t sys_readlinkat(int fd, const char *path, char *buf, size_t count); }
+	SYS_RENAMEAT       = 323 // { int sys_renameat(int fromfd, const char *from, int tofd, const char *to); }
+	SYS_SYMLINKAT      = 324 // { int sys_symlinkat(const char *path, int fd, const char *link); }
+	SYS_UNLINKAT       = 325 // { int sys_unlinkat(int fd, const char *path, int flag); }
+	SYS___SET_TCB      = 329 // { void sys___set_tcb(void *tcb); }
+	SYS___GET_TCB      = 330 // { void *sys___get_tcb(void); }
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go
new file mode 100644
index 000000000..f0dec6f0b
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go
@@ -0,0 +1,218 @@
+// go run mksysnum.go https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/sys/kern/syscalls.master
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build amd64,openbsd
+
+package unix
+
+const (
+	SYS_EXIT           = 1   // { void sys_exit(int rval); }
+	SYS_FORK           = 2   // { int sys_fork(void); }
+	SYS_READ           = 3   // { ssize_t sys_read(int fd, void *buf, size_t nbyte); }
+	SYS_WRITE          = 4   // { ssize_t sys_write(int fd, const void *buf, size_t nbyte); }
+	SYS_OPEN           = 5   // { int sys_open(const char *path, int flags, ... mode_t mode); }
+	SYS_CLOSE          = 6   // { int sys_close(int fd); }
+	SYS_GETENTROPY     = 7   // { int sys_getentropy(void *buf, size_t nbyte); }
+	SYS___TFORK        = 8   // { int sys___tfork(const struct __tfork *param, size_t psize); }
+	SYS_LINK           = 9   // { int sys_link(const char *path, const char *link); }
+	SYS_UNLINK         = 10  // { int sys_unlink(const char *path); }
+	SYS_WAIT4          = 11  // { pid_t sys_wait4(pid_t pid, int *status, int options, struct rusage *rusage); }
+	SYS_CHDIR          = 12  // { int sys_chdir(const char *path); }
+	SYS_FCHDIR         = 13  // { int sys_fchdir(int fd); }
+	SYS_MKNOD          = 14  // { int sys_mknod(const char *path, mode_t mode, dev_t dev); }
+	SYS_CHMOD          = 15  // { int sys_chmod(const char *path, mode_t mode); }
+	SYS_CHOWN          = 16  // { int sys_chown(const char *path, uid_t uid, gid_t gid); }
+	SYS_OBREAK         = 17  // { int sys_obreak(char *nsize); } break
+	SYS_GETDTABLECOUNT = 18  // { int sys_getdtablecount(void); }
+	SYS_GETRUSAGE      = 19  // { int sys_getrusage(int who, struct rusage *rusage); }
+	SYS_GETPID         = 20  // { pid_t sys_getpid(void); }
+	SYS_MOUNT          = 21  // { int sys_mount(const char *type, const char *path, int flags, void *data); }
+	SYS_UNMOUNT        = 22  // { int sys_unmount(const char *path, int flags); }
+	SYS_SETUID         = 23  // { int sys_setuid(uid_t uid); }
+	SYS_GETUID         = 24  // { uid_t sys_getuid(void); }
+	SYS_GETEUID        = 25  // { uid_t sys_geteuid(void); }
+	SYS_PTRACE         = 26  // { int sys_ptrace(int req, pid_t pid, caddr_t addr, int data); }
+	SYS_RECVMSG        = 27  // { ssize_t sys_recvmsg(int s, struct msghdr *msg, int flags); }
+	SYS_SENDMSG        = 28  // { ssize_t sys_sendmsg(int s, const struct msghdr *msg, int flags); }
+	SYS_RECVFROM       = 29  // { ssize_t sys_recvfrom(int s, void *buf, size_t len, int flags, struct sockaddr *from, socklen_t *fromlenaddr); }
+	SYS_ACCEPT         = 30  // { int sys_accept(int s, struct sockaddr *name, socklen_t *anamelen); }
+	SYS_GETPEERNAME    = 31  // { int sys_getpeername(int fdes, struct sockaddr *asa, socklen_t *alen); }
+	SYS_GETSOCKNAME    = 32  // { int sys_getsockname(int fdes, struct sockaddr *asa, socklen_t *alen); }
+	SYS_ACCESS         = 33  // { int sys_access(const char *path, int amode); }
+	SYS_CHFLAGS        = 34  // { int sys_chflags(const char *path, u_int flags); }
+	SYS_FCHFLAGS       = 35  // { int sys_fchflags(int fd, u_int flags); }
+	SYS_SYNC           = 36  // { void sys_sync(void); }
+	SYS_STAT           = 38  // { int sys_stat(const char *path, struct stat *ub); }
+	SYS_GETPPID        = 39  // { pid_t sys_getppid(void); }
+	SYS_LSTAT          = 40  // { int sys_lstat(const char *path, struct stat *ub); }
+	SYS_DUP            = 41  // { int sys_dup(int fd); }
+	SYS_FSTATAT        = 42  // { int sys_fstatat(int fd, const char *path, struct stat *buf, int flag); }
+	SYS_GETEGID        = 43  // { gid_t sys_getegid(void); }
+	SYS_PROFIL         = 44  // { int sys_profil(caddr_t samples, size_t size, u_long offset, u_int scale); }
+	SYS_KTRACE         = 45  // { int sys_ktrace(const char *fname, int ops, int facs, pid_t pid); }
+	SYS_SIGACTION      = 46  // { int sys_sigaction(int signum, const struct sigaction *nsa, struct sigaction *osa); }
+	SYS_GETGID         = 47  // { gid_t sys_getgid(void); }
+	SYS_SIGPROCMASK    = 48  // { int sys_sigprocmask(int how, sigset_t mask); }
+	SYS_SETLOGIN       = 50  // { int sys_setlogin(const char *namebuf); }
+	SYS_ACCT           = 51  // { int sys_acct(const char *path); }
+	SYS_SIGPENDING     = 52  // { int sys_sigpending(void); }
+	SYS_FSTAT          = 53  // { int sys_fstat(int fd, struct stat *sb); }
+	SYS_IOCTL          = 54  // { int sys_ioctl(int fd, u_long com, ... void *data); }
+	SYS_REBOOT         = 55  // { int sys_reboot(int opt); }
+	SYS_REVOKE         = 56  // { int sys_revoke(const char *path); }
+	SYS_SYMLINK        = 57  // { int sys_symlink(const char *path, const char *link); }
+	SYS_READLINK       = 58  // { ssize_t sys_readlink(const char *path, char *buf, size_t count); }
+	SYS_EXECVE         = 59  // { int sys_execve(const char *path, char * const *argp, char * const *envp); }
+	SYS_UMASK          = 60  // { mode_t sys_umask(mode_t newmask); }
+	SYS_CHROOT         = 61  // { int sys_chroot(const char *path); }
+	SYS_GETFSSTAT      = 62  // { int sys_getfsstat(struct statfs *buf, size_t bufsize, int flags); }
+	SYS_STATFS         = 63  // { int sys_statfs(const char *path, struct statfs *buf); }
+	SYS_FSTATFS        = 64  // { int sys_fstatfs(int fd, struct statfs *buf); }
+	SYS_FHSTATFS       = 65  // { int sys_fhstatfs(const fhandle_t *fhp, struct statfs *buf); }
+	SYS_VFORK          = 66  // { int sys_vfork(void); }
+	SYS_GETTIMEOFDAY   = 67  // { int sys_gettimeofday(struct timeval *tp, struct timezone *tzp); }
+	SYS_SETTIMEOFDAY   = 68  // { int sys_settimeofday(const struct timeval *tv, const struct timezone *tzp); }
+	SYS_SETITIMER      = 69  // { int sys_setitimer(int which, const struct itimerval *itv, struct itimerval *oitv); }
+	SYS_GETITIMER      = 70  // { int sys_getitimer(int which, struct itimerval *itv); }
+	SYS_SELECT         = 71  // { int sys_select(int nd, fd_set *in, fd_set *ou, fd_set *ex, struct timeval *tv); }
+	SYS_KEVENT         = 72  // { int sys_kevent(int fd, const struct kevent *changelist, int nchanges, struct kevent *eventlist, int nevents, const struct timespec *timeout); }
+	SYS_MUNMAP         = 73  // { int sys_munmap(void *addr, size_t len); }
+	SYS_MPROTECT       = 74  // { int sys_mprotect(void *addr, size_t len, int prot); }
+	SYS_MADVISE        = 75  // { int sys_madvise(void *addr, size_t len, int behav); }
+	SYS_UTIMES         = 76  // { int sys_utimes(const char *path, const struct timeval *tptr); }
+	SYS_FUTIMES        = 77  // { int sys_futimes(int fd, const struct timeval *tptr); }
+	SYS_MINCORE        = 78  // { int sys_mincore(void *addr, size_t len, char *vec); }
+	SYS_GETGROUPS      = 79  // { int sys_getgroups(int gidsetsize, gid_t *gidset); }
+	SYS_SETGROUPS      = 80  // { int sys_setgroups(int gidsetsize, const gid_t *gidset); }
+	SYS_GETPGRP        = 81  // { int sys_getpgrp(void); }
+	SYS_SETPGID        = 82  // { int sys_setpgid(pid_t pid, pid_t pgid); }
+	SYS_FUTEX          = 83  // { int sys_futex(uint32_t *f, int op, int val, const struct timespec *timeout, uint32_t *g); }
+	SYS_UTIMENSAT      = 84  // { int sys_utimensat(int fd, const char *path, const struct timespec *times, int flag); }
+	SYS_FUTIMENS       = 85  // { int sys_futimens(int fd, const struct timespec *times); }
+	SYS_KBIND          = 86  // { int sys_kbind(const struct __kbind *param, size_t psize, int64_t proc_cookie); }
+	SYS_CLOCK_GETTIME  = 87  // { int sys_clock_gettime(clockid_t clock_id, struct timespec *tp); }
+	SYS_CLOCK_SETTIME  = 88  // { int sys_clock_settime(clockid_t clock_id, const struct timespec *tp); }
+	SYS_CLOCK_GETRES   = 89  // { int sys_clock_getres(clockid_t clock_id, struct timespec *tp); }
+	SYS_DUP2           = 90  // { int sys_dup2(int from, int to); }
+	SYS_NANOSLEEP      = 91  // { int sys_nanosleep(const struct timespec *rqtp, struct timespec *rmtp); }
+	SYS_FCNTL          = 92  // { int sys_fcntl(int fd, int cmd, ... void *arg); }
+	SYS_ACCEPT4        = 93  // { int sys_accept4(int s, struct sockaddr *name, socklen_t *anamelen, int flags); }
+	SYS___THRSLEEP     = 94  // { int sys___thrsleep(const volatile void *ident, clockid_t clock_id, const struct timespec *tp, void *lock, const int *abort); }
+	SYS_FSYNC          = 95  // { int sys_fsync(int fd); }
+	SYS_SETPRIORITY    = 96  // { int sys_setpriority(int which, id_t who, int prio); }
+	SYS_SOCKET         = 97  // { int sys_socket(int domain, int type, int protocol); }
+	SYS_CONNECT        = 98  // { int sys_connect(int s, const struct sockaddr *name, socklen_t namelen); }
+	SYS_GETDENTS       = 99  // { int sys_getdents(int fd, void *buf, size_t buflen); }
+	SYS_GETPRIORITY    = 100 // { int sys_getpriority(int which, id_t who); }
+	SYS_PIPE2          = 101 // { int sys_pipe2(int *fdp, int flags); }
+	SYS_DUP3           = 102 // { int sys_dup3(int from, int to, int flags); }
+	SYS_SIGRETURN      = 103 // { int sys_sigreturn(struct sigcontext *sigcntxp); }
+	SYS_BIND           = 104 // { int sys_bind(int s, const struct sockaddr *name, socklen_t namelen); }
+	SYS_SETSOCKOPT     = 105 // { int sys_setsockopt(int s, int level, int name, const void *val, socklen_t valsize); }
+	SYS_LISTEN         = 106 // { int sys_listen(int s, int backlog); }
+	SYS_CHFLAGSAT      = 107 // { int sys_chflagsat(int fd, const char *path, u_int flags, int atflags); }
+	SYS_PLEDGE         = 108 // { int sys_pledge(const char *promises, const char *execpromises); }
+	SYS_PPOLL          = 109 // { int sys_ppoll(struct pollfd *fds, u_int nfds, const struct timespec *ts, const sigset_t *mask); }
+	SYS_PSELECT        = 110 // { int sys_pselect(int nd, fd_set *in, fd_set *ou, fd_set *ex, const struct timespec *ts, const sigset_t *mask); }
+	SYS_SIGSUSPEND     = 111 // { int sys_sigsuspend(int mask); }
+	SYS_SENDSYSLOG     = 112 // { int sys_sendsyslog(const char *buf, size_t nbyte, int flags); }
+	SYS_UNVEIL         = 114 // { int sys_unveil(const char *path, const char *permissions); }
+	SYS_GETSOCKOPT     = 118 // { int sys_getsockopt(int s, int level, int name, void *val, socklen_t *avalsize); }
+	SYS_THRKILL        = 119 // { int sys_thrkill(pid_t tid, int signum, void *tcb); }
+	SYS_READV          = 120 // { ssize_t sys_readv(int fd, const struct iovec *iovp, int iovcnt); }
+	SYS_WRITEV         = 121 // { ssize_t sys_writev(int fd, const struct iovec *iovp, int iovcnt); }
+	SYS_KILL           = 122 // { int sys_kill(int pid, int signum); }
+	SYS_FCHOWN         = 123 // { int sys_fchown(int fd, uid_t uid, gid_t gid); }
+	SYS_FCHMOD         = 124 // { int sys_fchmod(int fd, mode_t mode); }
+	SYS_SETREUID       = 126 // { int sys_setreuid(uid_t ruid, uid_t euid); }
+	SYS_SETREGID       = 127 // { int sys_setregid(gid_t rgid, gid_t egid); }
+	SYS_RENAME         = 128 // { int sys_rename(const char *from, const char *to); }
+	SYS_FLOCK          = 131 // { int sys_flock(int fd, int how); }
+	SYS_MKFIFO         = 132 // { int sys_mkfifo(const char *path, mode_t mode); }
+	SYS_SENDTO         = 133 // { ssize_t sys_sendto(int s, const void *buf, size_t len, int flags, const struct sockaddr *to, socklen_t tolen); }
+	SYS_SHUTDOWN       = 134 // { int sys_shutdown(int s, int how); }
+	SYS_SOCKETPAIR     = 135 // { int sys_socketpair(int domain, int type, int protocol, int *rsv); }
+	SYS_MKDIR          = 136 // { int sys_mkdir(const char *path, mode_t mode); }
+	SYS_RMDIR          = 137 // { int sys_rmdir(const char *path); }
+	SYS_ADJTIME        = 140 // { int sys_adjtime(const struct timeval *delta, struct timeval *olddelta); }
+	SYS_GETLOGIN_R     = 141 // { int sys_getlogin_r(char *namebuf, u_int namelen); }
+	SYS_SETSID         = 147 // { int sys_setsid(void); }
+	SYS_QUOTACTL       = 148 // { int sys_quotactl(const char *path, int cmd, int uid, char *arg); }
+	SYS_NFSSVC         = 155 // { int sys_nfssvc(int flag, void *argp); }
+	SYS_GETFH          = 161 // { int sys_getfh(const char *fname, fhandle_t *fhp); }
+	SYS_SYSARCH        = 165 // { int sys_sysarch(int op, void *parms); }
+	SYS_PREAD          = 173 // { ssize_t sys_pread(int fd, void *buf, size_t nbyte, int pad, off_t offset); }
+	SYS_PWRITE         = 174 // { ssize_t sys_pwrite(int fd, const void *buf, size_t nbyte, int pad, off_t offset); }
+	SYS_SETGID         = 181 // { int sys_setgid(gid_t gid); }
+	SYS_SETEGID        = 182 // { int sys_setegid(gid_t egid); }
+	SYS_SETEUID        = 183 // { int sys_seteuid(uid_t euid); }
+	SYS_PATHCONF       = 191 // { long sys_pathconf(const char *path, int name); }
+	SYS_FPATHCONF      = 192 // { long sys_fpathconf(int fd, int name); }
+	SYS_SWAPCTL        = 193 // { int sys_swapctl(int cmd, const void *arg, int misc); }
+	SYS_GETRLIMIT      = 194 // { int sys_getrlimit(int which, struct rlimit *rlp); }
+	SYS_SETRLIMIT      = 195 // { int sys_setrlimit(int which, const struct rlimit *rlp); }
+	SYS_MMAP           = 197 // { void *sys_mmap(void *addr, size_t len, int prot, int flags, int fd, long pad, off_t pos); }
+	SYS_LSEEK          = 199 // { off_t sys_lseek(int fd, int pad, off_t offset, int whence); }
+	SYS_TRUNCATE       = 200 // { int sys_truncate(const char *path, int pad, off_t length); }
+	SYS_FTRUNCATE      = 201 // { int sys_ftruncate(int fd, int pad, off_t length); }
+	SYS_SYSCTL         = 202 // { int sys_sysctl(const int *name, u_int namelen, void *old, size_t *oldlenp, void *new, size_t newlen); }
+	SYS_MLOCK          = 203 // { int sys_mlock(const void *addr, size_t len); }
+	SYS_MUNLOCK        = 204 // { int sys_munlock(const void *addr, size_t len); }
+	SYS_GETPGID        = 207 // { pid_t sys_getpgid(pid_t pid); }
+	SYS_UTRACE         = 209 // { int sys_utrace(const char *label, const void *addr, size_t len); }
+	SYS_SEMGET         = 221 // { int sys_semget(key_t key, int nsems, int semflg); }
+	SYS_MSGGET         = 225 // { int sys_msgget(key_t key, int msgflg); }
+	SYS_MSGSND         = 226 // { int sys_msgsnd(int msqid, const void *msgp, size_t msgsz, int msgflg); }
+	SYS_MSGRCV         = 227 // { int sys_msgrcv(int msqid, void *msgp, size_t msgsz, long msgtyp, int msgflg); }
+	SYS_SHMAT          = 228 // { void *sys_shmat(int shmid, const void *shmaddr, int shmflg); }
+	SYS_SHMDT          = 230 // { int sys_shmdt(const void *shmaddr); }
+	SYS_MINHERIT       = 250 // { int sys_minherit(void *addr, size_t len, int inherit); }
+	SYS_POLL           = 252 // { int sys_poll(struct pollfd *fds, u_int nfds, int timeout); }
+	SYS_ISSETUGID      = 253 // { int sys_issetugid(void); }
+	SYS_LCHOWN         = 254 // { int sys_lchown(const char *path, uid_t uid, gid_t gid); }
+	SYS_GETSID         = 255 // { pid_t sys_getsid(pid_t pid); }
+	SYS_MSYNC          = 256 // { int sys_msync(void *addr, size_t len, int flags); }
+	SYS_PIPE           = 263 // { int sys_pipe(int *fdp); }
+	SYS_FHOPEN         = 264 // { int sys_fhopen(const fhandle_t *fhp, int flags); }
+	SYS_PREADV         = 267 // { ssize_t sys_preadv(int fd, const struct iovec *iovp, int iovcnt, int pad, off_t offset); }
+	SYS_PWRITEV        = 268 // { ssize_t sys_pwritev(int fd, const struct iovec *iovp, int iovcnt, int pad, off_t offset); }
+	SYS_KQUEUE         = 269 // { int sys_kqueue(void); }
+	SYS_MLOCKALL       = 271 // { int sys_mlockall(int flags); }
+	SYS_MUNLOCKALL     = 272 // { int sys_munlockall(void); }
+	SYS_GETRESUID      = 281 // { int sys_getresuid(uid_t *ruid, uid_t *euid, uid_t *suid); }
+	SYS_SETRESUID      = 282 // { int sys_setresuid(uid_t ruid, uid_t euid, uid_t suid); }
+	SYS_GETRESGID      = 283 // { int sys_getresgid(gid_t *rgid, gid_t *egid, gid_t *sgid); }
+	SYS_SETRESGID      = 284 // { int sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid); }
+	SYS_MQUERY         = 286 // { void *sys_mquery(void *addr, size_t len, int prot, int flags, int fd, long pad, off_t pos); }
+	SYS_CLOSEFROM      = 287 // { int sys_closefrom(int fd); }
+	SYS_SIGALTSTACK    = 288 // { int sys_sigaltstack(const struct sigaltstack *nss, struct sigaltstack *oss); }
+	SYS_SHMGET         = 289 // { int sys_shmget(key_t key, size_t size, int shmflg); }
+	SYS_SEMOP          = 290 // { int sys_semop(int semid, struct sembuf *sops, size_t nsops); }
+	SYS_FHSTAT         = 294 // { int sys_fhstat(const fhandle_t *fhp, struct stat *sb); }
+	SYS___SEMCTL       = 295 // { int sys___semctl(int semid, int semnum, int cmd, union semun *arg); }
+	SYS_SHMCTL         = 296 // { int sys_shmctl(int shmid, int cmd, struct shmid_ds *buf); }
+	SYS_MSGCTL         = 297 // { int sys_msgctl(int msqid, int cmd, struct msqid_ds *buf); }
+	SYS_SCHED_YIELD    = 298 // { int sys_sched_yield(void); }
+	SYS_GETTHRID       = 299 // { pid_t sys_getthrid(void); }
+	SYS___THRWAKEUP    = 301 // { int sys___thrwakeup(const volatile void *ident, int n); }
+	SYS___THREXIT      = 302 // { void sys___threxit(pid_t *notdead); }
+	SYS___THRSIGDIVERT = 303 // { int sys___thrsigdivert(sigset_t sigmask, siginfo_t *info, const struct timespec *timeout); }
+	SYS___GETCWD       = 304 // { int sys___getcwd(char *buf, size_t len); }
+	SYS_ADJFREQ        = 305 // { int sys_adjfreq(const int64_t *freq, int64_t *oldfreq); }
+	SYS_SETRTABLE      = 310 // { int sys_setrtable(int rtableid); }
+	SYS_GETRTABLE      = 311 // { int sys_getrtable(void); }
+	SYS_FACCESSAT      = 313 // { int sys_faccessat(int fd, const char *path, int amode, int flag); }
+	SYS_FCHMODAT       = 314 // { int sys_fchmodat(int fd, const char *path, mode_t mode, int flag); }
+	SYS_FCHOWNAT       = 315 // { int sys_fchownat(int fd, const char *path, uid_t uid, gid_t gid, int flag); }
+	SYS_LINKAT         = 317 // { int sys_linkat(int fd1, const char *path1, int fd2, const char *path2, int flag); }
+	SYS_MKDIRAT        = 318 // { int sys_mkdirat(int fd, const char *path, mode_t mode); }
+	SYS_MKFIFOAT       = 319 // { int sys_mkfifoat(int fd, const char *path, mode_t mode); }
+	SYS_MKNODAT        = 320 // { int sys_mknodat(int fd, const char *path, mode_t mode, dev_t dev); }
+	SYS_OPENAT         = 321 // { int sys_openat(int fd, const char *path, int flags, ... mode_t mode); }
+	SYS_READLINKAT     = 322 // { ssize_t sys_readlinkat(int fd, const char *path, char *buf, size_t count); }
+	SYS_RENAMEAT       = 323 // { int sys_renameat(int fromfd, const char *from, int tofd, const char *to); }
+	SYS_SYMLINKAT      = 324 // { int sys_symlinkat(const char *path, int fd, const char *link); }
+	SYS_UNLINKAT       = 325 // { int sys_unlinkat(int fd, const char *path, int flag); }
+	SYS___SET_TCB      = 329 // { void sys___set_tcb(void *tcb); }
+	SYS___GET_TCB      = 330 // { void *sys___get_tcb(void); }
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go
new file mode 100644
index 000000000..33d1dc540
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go
@@ -0,0 +1,218 @@
+// go run mksysnum.go https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/sys/kern/syscalls.master
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build arm,openbsd
+
+package unix
+
+const (
+	SYS_EXIT           = 1   // { void sys_exit(int rval); }
+	SYS_FORK           = 2   // { int sys_fork(void); }
+	SYS_READ           = 3   // { ssize_t sys_read(int fd, void *buf, size_t nbyte); }
+	SYS_WRITE          = 4   // { ssize_t sys_write(int fd, const void *buf, size_t nbyte); }
+	SYS_OPEN           = 5   // { int sys_open(const char *path, int flags, ... mode_t mode); }
+	SYS_CLOSE          = 6   // { int sys_close(int fd); }
+	SYS_GETENTROPY     = 7   // { int sys_getentropy(void *buf, size_t nbyte); }
+	SYS___TFORK        = 8   // { int sys___tfork(const struct __tfork *param, size_t psize); }
+	SYS_LINK           = 9   // { int sys_link(const char *path, const char *link); }
+	SYS_UNLINK         = 10  // { int sys_unlink(const char *path); }
+	SYS_WAIT4          = 11  // { pid_t sys_wait4(pid_t pid, int *status, int options, struct rusage *rusage); }
+	SYS_CHDIR          = 12  // { int sys_chdir(const char *path); }
+	SYS_FCHDIR         = 13  // { int sys_fchdir(int fd); }
+	SYS_MKNOD          = 14  // { int sys_mknod(const char *path, mode_t mode, dev_t dev); }
+	SYS_CHMOD          = 15  // { int sys_chmod(const char *path, mode_t mode); }
+	SYS_CHOWN          = 16  // { int sys_chown(const char *path, uid_t uid, gid_t gid); }
+	SYS_OBREAK         = 17  // { int sys_obreak(char *nsize); } break
+	SYS_GETDTABLECOUNT = 18  // { int sys_getdtablecount(void); }
+	SYS_GETRUSAGE      = 19  // { int sys_getrusage(int who, struct rusage *rusage); }
+	SYS_GETPID         = 20  // { pid_t sys_getpid(void); }
+	SYS_MOUNT          = 21  // { int sys_mount(const char *type, const char *path, int flags, void *data); }
+	SYS_UNMOUNT        = 22  // { int sys_unmount(const char *path, int flags); }
+	SYS_SETUID         = 23  // { int sys_setuid(uid_t uid); }
+	SYS_GETUID         = 24  // { uid_t sys_getuid(void); }
+	SYS_GETEUID        = 25  // { uid_t sys_geteuid(void); }
+	SYS_PTRACE         = 26  // { int sys_ptrace(int req, pid_t pid, caddr_t addr, int data); }
+	SYS_RECVMSG        = 27  // { ssize_t sys_recvmsg(int s, struct msghdr *msg, int flags); }
+	SYS_SENDMSG        = 28  // { ssize_t sys_sendmsg(int s, const struct msghdr *msg, int flags); }
+	SYS_RECVFROM       = 29  // { ssize_t sys_recvfrom(int s, void *buf, size_t len, int flags, struct sockaddr *from, socklen_t *fromlenaddr); }
+	SYS_ACCEPT         = 30  // { int sys_accept(int s, struct sockaddr *name, socklen_t *anamelen); }
+	SYS_GETPEERNAME    = 31  // { int sys_getpeername(int fdes, struct sockaddr *asa, socklen_t *alen); }
+	SYS_GETSOCKNAME    = 32  // { int sys_getsockname(int fdes, struct sockaddr *asa, socklen_t *alen); }
+	SYS_ACCESS         = 33  // { int sys_access(const char *path, int amode); }
+	SYS_CHFLAGS        = 34  // { int sys_chflags(const char *path, u_int flags); }
+	SYS_FCHFLAGS       = 35  // { int sys_fchflags(int fd, u_int flags); }
+	SYS_SYNC           = 36  // { void sys_sync(void); }
+	SYS_STAT           = 38  // { int sys_stat(const char *path, struct stat *ub); }
+	SYS_GETPPID        = 39  // { pid_t sys_getppid(void); }
+	SYS_LSTAT          = 40  // { int sys_lstat(const char *path, struct stat *ub); }
+	SYS_DUP            = 41  // { int sys_dup(int fd); }
+	SYS_FSTATAT        = 42  // { int sys_fstatat(int fd, const char *path, struct stat *buf, int flag); }
+	SYS_GETEGID        = 43  // { gid_t sys_getegid(void); }
+	SYS_PROFIL         = 44  // { int sys_profil(caddr_t samples, size_t size, u_long offset, u_int scale); }
+	SYS_KTRACE         = 45  // { int sys_ktrace(const char *fname, int ops, int facs, pid_t pid); }
+	SYS_SIGACTION      = 46  // { int sys_sigaction(int signum, const struct sigaction *nsa, struct sigaction *osa); }
+	SYS_GETGID         = 47  // { gid_t sys_getgid(void); }
+	SYS_SIGPROCMASK    = 48  // { int sys_sigprocmask(int how, sigset_t mask); }
+	SYS_SETLOGIN       = 50  // { int sys_setlogin(const char *namebuf); }
+	SYS_ACCT           = 51  // { int sys_acct(const char *path); }
+	SYS_SIGPENDING     = 52  // { int sys_sigpending(void); }
+	SYS_FSTAT          = 53  // { int sys_fstat(int fd, struct stat *sb); }
+	SYS_IOCTL          = 54  // { int sys_ioctl(int fd, u_long com, ... void *data); }
+	SYS_REBOOT         = 55  // { int sys_reboot(int opt); }
+	SYS_REVOKE         = 56  // { int sys_revoke(const char *path); }
+	SYS_SYMLINK        = 57  // { int sys_symlink(const char *path, const char *link); }
+	SYS_READLINK       = 58  // { ssize_t sys_readlink(const char *path, char *buf, size_t count); }
+	SYS_EXECVE         = 59  // { int sys_execve(const char *path, char * const *argp, char * const *envp); }
+	SYS_UMASK          = 60  // { mode_t sys_umask(mode_t newmask); }
+	SYS_CHROOT         = 61  // { int sys_chroot(const char *path); }
+	SYS_GETFSSTAT      = 62  // { int sys_getfsstat(struct statfs *buf, size_t bufsize, int flags); }
+	SYS_STATFS         = 63  // { int sys_statfs(const char *path, struct statfs *buf); }
+	SYS_FSTATFS        = 64  // { int sys_fstatfs(int fd, struct statfs *buf); }
+	SYS_FHSTATFS       = 65  // { int sys_fhstatfs(const fhandle_t *fhp, struct statfs *buf); }
+	SYS_VFORK          = 66  // { int sys_vfork(void); }
+	SYS_GETTIMEOFDAY   = 67  // { int sys_gettimeofday(struct timeval *tp, struct timezone *tzp); }
+	SYS_SETTIMEOFDAY   = 68  // { int sys_settimeofday(const struct timeval *tv, const struct timezone *tzp); }
+	SYS_SETITIMER      = 69  // { int sys_setitimer(int which, const struct itimerval *itv, struct itimerval *oitv); }
+	SYS_GETITIMER      = 70  // { int sys_getitimer(int which, struct itimerval *itv); }
+	SYS_SELECT         = 71  // { int sys_select(int nd, fd_set *in, fd_set *ou, fd_set *ex, struct timeval *tv); }
+	SYS_KEVENT         = 72  // { int sys_kevent(int fd, const struct kevent *changelist, int nchanges, struct kevent *eventlist, int nevents, const struct timespec *timeout); }
+	SYS_MUNMAP         = 73  // { int sys_munmap(void *addr, size_t len); }
+	SYS_MPROTECT       = 74  // { int sys_mprotect(void *addr, size_t len, int prot); }
+	SYS_MADVISE        = 75  // { int sys_madvise(void *addr, size_t len, int behav); }
+	SYS_UTIMES         = 76  // { int sys_utimes(const char *path, const struct timeval *tptr); }
+	SYS_FUTIMES        = 77  // { int sys_futimes(int fd, const struct timeval *tptr); }
+	SYS_MINCORE        = 78  // { int sys_mincore(void *addr, size_t len, char *vec); }
+	SYS_GETGROUPS      = 79  // { int sys_getgroups(int gidsetsize, gid_t *gidset); }
+	SYS_SETGROUPS      = 80  // { int sys_setgroups(int gidsetsize, const gid_t *gidset); }
+	SYS_GETPGRP        = 81  // { int sys_getpgrp(void); }
+	SYS_SETPGID        = 82  // { int sys_setpgid(pid_t pid, pid_t pgid); }
+	SYS_FUTEX          = 83  // { int sys_futex(uint32_t *f, int op, int val, const struct timespec *timeout, uint32_t *g); }
+	SYS_UTIMENSAT      = 84  // { int sys_utimensat(int fd, const char *path, const struct timespec *times, int flag); }
+	SYS_FUTIMENS       = 85  // { int sys_futimens(int fd, const struct timespec *times); }
+	SYS_KBIND          = 86  // { int sys_kbind(const struct __kbind *param, size_t psize, int64_t proc_cookie); }
+	SYS_CLOCK_GETTIME  = 87  // { int sys_clock_gettime(clockid_t clock_id, struct timespec *tp); }
+	SYS_CLOCK_SETTIME  = 88  // { int sys_clock_settime(clockid_t clock_id, const struct timespec *tp); }
+	SYS_CLOCK_GETRES   = 89  // { int sys_clock_getres(clockid_t clock_id, struct timespec *tp); }
+	SYS_DUP2           = 90  // { int sys_dup2(int from, int to); }
+	SYS_NANOSLEEP      = 91  // { int sys_nanosleep(const struct timespec *rqtp, struct timespec *rmtp); }
+	SYS_FCNTL          = 92  // { int sys_fcntl(int fd, int cmd, ... void *arg); }
+	SYS_ACCEPT4        = 93  // { int sys_accept4(int s, struct sockaddr *name, socklen_t *anamelen, int flags); }
+	SYS___THRSLEEP     = 94  // { int sys___thrsleep(const volatile void *ident, clockid_t clock_id, const struct timespec *tp, void *lock, const int *abort); }
+	SYS_FSYNC          = 95  // { int sys_fsync(int fd); }
+	SYS_SETPRIORITY    = 96  // { int sys_setpriority(int which, id_t who, int prio); }
+	SYS_SOCKET         = 97  // { int sys_socket(int domain, int type, int protocol); }
+	SYS_CONNECT        = 98  // { int sys_connect(int s, const struct sockaddr *name, socklen_t namelen); }
+	SYS_GETDENTS       = 99  // { int sys_getdents(int fd, void *buf, size_t buflen); }
+	SYS_GETPRIORITY    = 100 // { int sys_getpriority(int which, id_t who); }
+	SYS_PIPE2          = 101 // { int sys_pipe2(int *fdp, int flags); }
+	SYS_DUP3           = 102 // { int sys_dup3(int from, int to, int flags); }
+	SYS_SIGRETURN      = 103 // { int sys_sigreturn(struct sigcontext *sigcntxp); }
+	SYS_BIND           = 104 // { int sys_bind(int s, const struct sockaddr *name, socklen_t namelen); }
+	SYS_SETSOCKOPT     = 105 // { int sys_setsockopt(int s, int level, int name, const void *val, socklen_t valsize); }
+	SYS_LISTEN         = 106 // { int sys_listen(int s, int backlog); }
+	SYS_CHFLAGSAT      = 107 // { int sys_chflagsat(int fd, const char *path, u_int flags, int atflags); }
+	SYS_PLEDGE         = 108 // { int sys_pledge(const char *promises, const char *execpromises); }
+	SYS_PPOLL          = 109 // { int sys_ppoll(struct pollfd *fds, u_int nfds, const struct timespec *ts, const sigset_t *mask); }
+	SYS_PSELECT        = 110 // { int sys_pselect(int nd, fd_set *in, fd_set *ou, fd_set *ex, const struct timespec *ts, const sigset_t *mask); }
+	SYS_SIGSUSPEND     = 111 // { int sys_sigsuspend(int mask); }
+	SYS_SENDSYSLOG     = 112 // { int sys_sendsyslog(const char *buf, size_t nbyte, int flags); }
+	SYS_UNVEIL         = 114 // { int sys_unveil(const char *path, const char *permissions); }
+	SYS_GETSOCKOPT     = 118 // { int sys_getsockopt(int s, int level, int name, void *val, socklen_t *avalsize); }
+	SYS_THRKILL        = 119 // { int sys_thrkill(pid_t tid, int signum, void *tcb); }
+	SYS_READV          = 120 // { ssize_t sys_readv(int fd, const struct iovec *iovp, int iovcnt); }
+	SYS_WRITEV         = 121 // { ssize_t sys_writev(int fd, const struct iovec *iovp, int iovcnt); }
+	SYS_KILL           = 122 // { int sys_kill(int pid, int signum); }
+	SYS_FCHOWN         = 123 // { int sys_fchown(int fd, uid_t uid, gid_t gid); }
+	SYS_FCHMOD         = 124 // { int sys_fchmod(int fd, mode_t mode); }
+	SYS_SETREUID       = 126 // { int sys_setreuid(uid_t ruid, uid_t euid); }
+	SYS_SETREGID       = 127 // { int sys_setregid(gid_t rgid, gid_t egid); }
+	SYS_RENAME         = 128 // { int sys_rename(const char *from, const char *to); }
+	SYS_FLOCK          = 131 // { int sys_flock(int fd, int how); }
+	SYS_MKFIFO         = 132 // { int sys_mkfifo(const char *path, mode_t mode); }
+	SYS_SENDTO         = 133 // { ssize_t sys_sendto(int s, const void *buf, size_t len, int flags, const struct sockaddr *to, socklen_t tolen); }
+	SYS_SHUTDOWN       = 134 // { int sys_shutdown(int s, int how); }
+	SYS_SOCKETPAIR     = 135 // { int sys_socketpair(int domain, int type, int protocol, int *rsv); }
+	SYS_MKDIR          = 136 // { int sys_mkdir(const char *path, mode_t mode); }
+	SYS_RMDIR          = 137 // { int sys_rmdir(const char *path); }
+	SYS_ADJTIME        = 140 // { int sys_adjtime(const struct timeval *delta, struct timeval *olddelta); }
+	SYS_GETLOGIN_R     = 141 // { int sys_getlogin_r(char *namebuf, u_int namelen); }
+	SYS_SETSID         = 147 // { int sys_setsid(void); }
+	SYS_QUOTACTL       = 148 // { int sys_quotactl(const char *path, int cmd, int uid, char *arg); }
+	SYS_NFSSVC         = 155 // { int sys_nfssvc(int flag, void *argp); }
+	SYS_GETFH          = 161 // { int sys_getfh(const char *fname, fhandle_t *fhp); }
+	SYS_SYSARCH        = 165 // { int sys_sysarch(int op, void *parms); }
+	SYS_PREAD          = 173 // { ssize_t sys_pread(int fd, void *buf, size_t nbyte, int pad, off_t offset); }
+	SYS_PWRITE         = 174 // { ssize_t sys_pwrite(int fd, const void *buf, size_t nbyte, int pad, off_t offset); }
+	SYS_SETGID         = 181 // { int sys_setgid(gid_t gid); }
+	SYS_SETEGID        = 182 // { int sys_setegid(gid_t egid); }
+	SYS_SETEUID        = 183 // { int sys_seteuid(uid_t euid); }
+	SYS_PATHCONF       = 191 // { long sys_pathconf(const char *path, int name); }
+	SYS_FPATHCONF      = 192 // { long sys_fpathconf(int fd, int name); }
+	SYS_SWAPCTL        = 193 // { int sys_swapctl(int cmd, const void *arg, int misc); }
+	SYS_GETRLIMIT      = 194 // { int sys_getrlimit(int which, struct rlimit *rlp); }
+	SYS_SETRLIMIT      = 195 // { int sys_setrlimit(int which, const struct rlimit *rlp); }
+	SYS_MMAP           = 197 // { void *sys_mmap(void *addr, size_t len, int prot, int flags, int fd, long pad, off_t pos); }
+	SYS_LSEEK          = 199 // { off_t sys_lseek(int fd, int pad, off_t offset, int whence); }
+	SYS_TRUNCATE       = 200 // { int sys_truncate(const char *path, int pad, off_t length); }
+	SYS_FTRUNCATE      = 201 // { int sys_ftruncate(int fd, int pad, off_t length); }
+	SYS_SYSCTL         = 202 // { int sys_sysctl(const int *name, u_int namelen, void *old, size_t *oldlenp, void *new, size_t newlen); }
+	SYS_MLOCK          = 203 // { int sys_mlock(const void *addr, size_t len); }
+	SYS_MUNLOCK        = 204 // { int sys_munlock(const void *addr, size_t len); }
+	SYS_GETPGID        = 207 // { pid_t sys_getpgid(pid_t pid); }
+	SYS_UTRACE         = 209 // { int sys_utrace(const char *label, const void *addr, size_t len); }
+	SYS_SEMGET         = 221 // { int sys_semget(key_t key, int nsems, int semflg); }
+	SYS_MSGGET         = 225 // { int sys_msgget(key_t key, int msgflg); }
+	SYS_MSGSND         = 226 // { int sys_msgsnd(int msqid, const void *msgp, size_t msgsz, int msgflg); }
+	SYS_MSGRCV         = 227 // { int sys_msgrcv(int msqid, void *msgp, size_t msgsz, long msgtyp, int msgflg); }
+	SYS_SHMAT          = 228 // { void *sys_shmat(int shmid, const void *shmaddr, int shmflg); }
+	SYS_SHMDT          = 230 // { int sys_shmdt(const void *shmaddr); }
+	SYS_MINHERIT       = 250 // { int sys_minherit(void *addr, size_t len, int inherit); }
+	SYS_POLL           = 252 // { int sys_poll(struct pollfd *fds, u_int nfds, int timeout); }
+	SYS_ISSETUGID      = 253 // { int sys_issetugid(void); }
+	SYS_LCHOWN         = 254 // { int sys_lchown(const char *path, uid_t uid, gid_t gid); }
+	SYS_GETSID         = 255 // { pid_t sys_getsid(pid_t pid); }
+	SYS_MSYNC          = 256 // { int sys_msync(void *addr, size_t len, int flags); }
+	SYS_PIPE           = 263 // { int sys_pipe(int *fdp); }
+	SYS_FHOPEN         = 264 // { int sys_fhopen(const fhandle_t *fhp, int flags); }
+	SYS_PREADV         = 267 // { ssize_t sys_preadv(int fd, const struct iovec *iovp, int iovcnt, int pad, off_t offset); }
+	SYS_PWRITEV        = 268 // { ssize_t sys_pwritev(int fd, const struct iovec *iovp, int iovcnt, int pad, off_t offset); }
+	SYS_KQUEUE         = 269 // { int sys_kqueue(void); }
+	SYS_MLOCKALL       = 271 // { int sys_mlockall(int flags); }
+	SYS_MUNLOCKALL     = 272 // { int sys_munlockall(void); }
+	SYS_GETRESUID      = 281 // { int sys_getresuid(uid_t *ruid, uid_t *euid, uid_t *suid); }
+	SYS_SETRESUID      = 282 // { int sys_setresuid(uid_t ruid, uid_t euid, uid_t suid); }
+	SYS_GETRESGID      = 283 // { int sys_getresgid(gid_t *rgid, gid_t *egid, gid_t *sgid); }
+	SYS_SETRESGID      = 284 // { int sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid); }
+	SYS_MQUERY         = 286 // { void *sys_mquery(void *addr, size_t len, int prot, int flags, int fd, long pad, off_t pos); }
+	SYS_CLOSEFROM      = 287 // { int sys_closefrom(int fd); }
+	SYS_SIGALTSTACK    = 288 // { int sys_sigaltstack(const struct sigaltstack *nss, struct sigaltstack *oss); }
+	SYS_SHMGET         = 289 // { int sys_shmget(key_t key, size_t size, int shmflg); }
+	SYS_SEMOP          = 290 // { int sys_semop(int semid, struct sembuf *sops, size_t nsops); }
+	SYS_FHSTAT         = 294 // { int sys_fhstat(const fhandle_t *fhp, struct stat *sb); }
+	SYS___SEMCTL       = 295 // { int sys___semctl(int semid, int semnum, int cmd, union semun *arg); }
+	SYS_SHMCTL         = 296 // { int sys_shmctl(int shmid, int cmd, struct shmid_ds *buf); }
+	SYS_MSGCTL         = 297 // { int sys_msgctl(int msqid, int cmd, struct msqid_ds *buf); }
+	SYS_SCHED_YIELD    = 298 // { int sys_sched_yield(void); }
+	SYS_GETTHRID       = 299 // { pid_t sys_getthrid(void); }
+	SYS___THRWAKEUP    = 301 // { int sys___thrwakeup(const volatile void *ident, int n); }
+	SYS___THREXIT      = 302 // { void sys___threxit(pid_t *notdead); }
+	SYS___THRSIGDIVERT = 303 // { int sys___thrsigdivert(sigset_t sigmask, siginfo_t *info, const struct timespec *timeout); }
+	SYS___GETCWD       = 304 // { int sys___getcwd(char *buf, size_t len); }
+	SYS_ADJFREQ        = 305 // { int sys_adjfreq(const int64_t *freq, int64_t *oldfreq); }
+	SYS_SETRTABLE      = 310 // { int sys_setrtable(int rtableid); }
+	SYS_GETRTABLE      = 311 // { int sys_getrtable(void); }
+	SYS_FACCESSAT      = 313 // { int sys_faccessat(int fd, const char *path, int amode, int flag); }
+	SYS_FCHMODAT       = 314 // { int sys_fchmodat(int fd, const char *path, mode_t mode, int flag); }
+	SYS_FCHOWNAT       = 315 // { int sys_fchownat(int fd, const char *path, uid_t uid, gid_t gid, int flag); }
+	SYS_LINKAT         = 317 // { int sys_linkat(int fd1, const char *path1, int fd2, const char *path2, int flag); }
+	SYS_MKDIRAT        = 318 // { int sys_mkdirat(int fd, const char *path, mode_t mode); }
+	SYS_MKFIFOAT       = 319 // { int sys_mkfifoat(int fd, const char *path, mode_t mode); }
+	SYS_MKNODAT        = 320 // { int sys_mknodat(int fd, const char *path, mode_t mode, dev_t dev); }
+	SYS_OPENAT         = 321 // { int sys_openat(int fd, const char *path, int flags, ... mode_t mode); }
+	SYS_READLINKAT     = 322 // { ssize_t sys_readlinkat(int fd, const char *path, char *buf, size_t count); }
+	SYS_RENAMEAT       = 323 // { int sys_renameat(int fromfd, const char *from, int tofd, const char *to); }
+	SYS_SYMLINKAT      = 324 // { int sys_symlinkat(const char *path, int fd, const char *link); }
+	SYS_UNLINKAT       = 325 // { int sys_unlinkat(int fd, const char *path, int flag); }
+	SYS___SET_TCB      = 329 // { void sys___set_tcb(void *tcb); }
+	SYS___GET_TCB      = 330 // { void *sys___get_tcb(void); }
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm64.go
new file mode 100644
index 000000000..fe2b689b6
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm64.go
@@ -0,0 +1,217 @@
+// go run mksysnum.go https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/sys/kern/syscalls.master
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build arm64,openbsd
+
+package unix
+
+const (
+	SYS_EXIT           = 1   // { void sys_exit(int rval); }
+	SYS_FORK           = 2   // { int sys_fork(void); }
+	SYS_READ           = 3   // { ssize_t sys_read(int fd, void *buf, size_t nbyte); }
+	SYS_WRITE          = 4   // { ssize_t sys_write(int fd, const void *buf, size_t nbyte); }
+	SYS_OPEN           = 5   // { int sys_open(const char *path, int flags, ... mode_t mode); }
+	SYS_CLOSE          = 6   // { int sys_close(int fd); }
+	SYS_GETENTROPY     = 7   // { int sys_getentropy(void *buf, size_t nbyte); }
+	SYS___TFORK        = 8   // { int sys___tfork(const struct __tfork *param, size_t psize); }
+	SYS_LINK           = 9   // { int sys_link(const char *path, const char *link); }
+	SYS_UNLINK         = 10  // { int sys_unlink(const char *path); }
+	SYS_WAIT4          = 11  // { pid_t sys_wait4(pid_t pid, int *status, int options, struct rusage *rusage); }
+	SYS_CHDIR          = 12  // { int sys_chdir(const char *path); }
+	SYS_FCHDIR         = 13  // { int sys_fchdir(int fd); }
+	SYS_MKNOD          = 14  // { int sys_mknod(const char *path, mode_t mode, dev_t dev); }
+	SYS_CHMOD          = 15  // { int sys_chmod(const char *path, mode_t mode); }
+	SYS_CHOWN          = 16  // { int sys_chown(const char *path, uid_t uid, gid_t gid); }
+	SYS_OBREAK         = 17  // { int sys_obreak(char *nsize); } break
+	SYS_GETDTABLECOUNT = 18  // { int sys_getdtablecount(void); }
+	SYS_GETRUSAGE      = 19  // { int sys_getrusage(int who, struct rusage *rusage); }
+	SYS_GETPID         = 20  // { pid_t sys_getpid(void); }
+	SYS_MOUNT          = 21  // { int sys_mount(const char *type, const char *path, int flags, void *data); }
+	SYS_UNMOUNT        = 22  // { int sys_unmount(const char *path, int flags); }
+	SYS_SETUID         = 23  // { int sys_setuid(uid_t uid); }
+	SYS_GETUID         = 24  // { uid_t sys_getuid(void); }
+	SYS_GETEUID        = 25  // { uid_t sys_geteuid(void); }
+	SYS_PTRACE         = 26  // { int sys_ptrace(int req, pid_t pid, caddr_t addr, int data); }
+	SYS_RECVMSG        = 27  // { ssize_t sys_recvmsg(int s, struct msghdr *msg, int flags); }
+	SYS_SENDMSG        = 28  // { ssize_t sys_sendmsg(int s, const struct msghdr *msg, int flags); }
+	SYS_RECVFROM       = 29  // { ssize_t sys_recvfrom(int s, void *buf, size_t len, int flags, struct sockaddr *from, socklen_t *fromlenaddr); }
+	SYS_ACCEPT         = 30  // { int sys_accept(int s, struct sockaddr *name, socklen_t *anamelen); }
+	SYS_GETPEERNAME    = 31  // { int sys_getpeername(int fdes, struct sockaddr *asa, socklen_t *alen); }
+	SYS_GETSOCKNAME    = 32  // { int sys_getsockname(int fdes, struct sockaddr *asa, socklen_t *alen); }
+	SYS_ACCESS         = 33  // { int sys_access(const char *path, int amode); }
+	SYS_CHFLAGS        = 34  // { int sys_chflags(const char *path, u_int flags); }
+	SYS_FCHFLAGS       = 35  // { int sys_fchflags(int fd, u_int flags); }
+	SYS_SYNC           = 36  // { void sys_sync(void); }
+	SYS_STAT           = 38  // { int sys_stat(const char *path, struct stat *ub); }
+	SYS_GETPPID        = 39  // { pid_t sys_getppid(void); }
+	SYS_LSTAT          = 40  // { int sys_lstat(const char *path, struct stat *ub); }
+	SYS_DUP            = 41  // { int sys_dup(int fd); }
+	SYS_FSTATAT        = 42  // { int sys_fstatat(int fd, const char *path, struct stat *buf, int flag); }
+	SYS_GETEGID        = 43  // { gid_t sys_getegid(void); }
+	SYS_PROFIL         = 44  // { int sys_profil(caddr_t samples, size_t size, u_long offset, u_int scale); }
+	SYS_KTRACE         = 45  // { int sys_ktrace(const char *fname, int ops, int facs, pid_t pid); }
+	SYS_SIGACTION      = 46  // { int sys_sigaction(int signum, const struct sigaction *nsa, struct sigaction *osa); }
+	SYS_GETGID         = 47  // { gid_t sys_getgid(void); }
+	SYS_SIGPROCMASK    = 48  // { int sys_sigprocmask(int how, sigset_t mask); }
+	SYS_SETLOGIN       = 50  // { int sys_setlogin(const char *namebuf); }
+	SYS_ACCT           = 51  // { int sys_acct(const char *path); }
+	SYS_SIGPENDING     = 52  // { int sys_sigpending(void); }
+	SYS_FSTAT          = 53  // { int sys_fstat(int fd, struct stat *sb); }
+	SYS_IOCTL          = 54  // { int sys_ioctl(int fd, u_long com, ... void *data); }
+	SYS_REBOOT         = 55  // { int sys_reboot(int opt); }
+	SYS_REVOKE         = 56  // { int sys_revoke(const char *path); }
+	SYS_SYMLINK        = 57  // { int sys_symlink(const char *path, const char *link); }
+	SYS_READLINK       = 58  // { ssize_t sys_readlink(const char *path, char *buf, size_t count); }
+	SYS_EXECVE         = 59  // { int sys_execve(const char *path, char * const *argp, char * const *envp); }
+	SYS_UMASK          = 60  // { mode_t sys_umask(mode_t newmask); }
+	SYS_CHROOT         = 61  // { int sys_chroot(const char *path); }
+	SYS_GETFSSTAT      = 62  // { int sys_getfsstat(struct statfs *buf, size_t bufsize, int flags); }
+	SYS_STATFS         = 63  // { int sys_statfs(const char *path, struct statfs *buf); }
+	SYS_FSTATFS        = 64  // { int sys_fstatfs(int fd, struct statfs *buf); }
+	SYS_FHSTATFS       = 65  // { int sys_fhstatfs(const fhandle_t *fhp, struct statfs *buf); }
+	SYS_VFORK          = 66  // { int sys_vfork(void); }
+	SYS_GETTIMEOFDAY   = 67  // { int sys_gettimeofday(struct timeval *tp, struct timezone *tzp); }
+	SYS_SETTIMEOFDAY   = 68  // { int sys_settimeofday(const struct timeval *tv, const struct timezone *tzp); }
+	SYS_SETITIMER      = 69  // { int sys_setitimer(int which, const struct itimerval *itv, struct itimerval *oitv); }
+	SYS_GETITIMER      = 70  // { int sys_getitimer(int which, struct itimerval *itv); }
+	SYS_SELECT         = 71  // { int sys_select(int nd, fd_set *in, fd_set *ou, fd_set *ex, struct timeval *tv); }
+	SYS_KEVENT         = 72  // { int sys_kevent(int fd, const struct kevent *changelist, int nchanges, struct kevent *eventlist, int nevents, const struct timespec *timeout); }
+	SYS_MUNMAP         = 73  // { int sys_munmap(void *addr, size_t len); }
+	SYS_MPROTECT       = 74  // { int sys_mprotect(void *addr, size_t len, int prot); }
+	SYS_MADVISE        = 75  // { int sys_madvise(void *addr, size_t len, int behav); }
+	SYS_UTIMES         = 76  // { int sys_utimes(const char *path, const struct timeval *tptr); }
+	SYS_FUTIMES        = 77  // { int sys_futimes(int fd, const struct timeval *tptr); }
+	SYS_GETGROUPS      = 79  // { int sys_getgroups(int gidsetsize, gid_t *gidset); }
+	SYS_SETGROUPS      = 80  // { int sys_setgroups(int gidsetsize, const gid_t *gidset); }
+	SYS_GETPGRP        = 81  // { int sys_getpgrp(void); }
+	SYS_SETPGID        = 82  // { int sys_setpgid(pid_t pid, pid_t pgid); }
+	SYS_FUTEX          = 83  // { int sys_futex(uint32_t *f, int op, int val, const struct timespec *timeout, uint32_t *g); }
+	SYS_UTIMENSAT      = 84  // { int sys_utimensat(int fd, const char *path, const struct timespec *times, int flag); }
+	SYS_FUTIMENS       = 85  // { int sys_futimens(int fd, const struct timespec *times); }
+	SYS_KBIND          = 86  // { int sys_kbind(const struct __kbind *param, size_t psize, int64_t proc_cookie); }
+	SYS_CLOCK_GETTIME  = 87  // { int sys_clock_gettime(clockid_t clock_id, struct timespec *tp); }
+	SYS_CLOCK_SETTIME  = 88  // { int sys_clock_settime(clockid_t clock_id, const struct timespec *tp); }
+	SYS_CLOCK_GETRES   = 89  // { int sys_clock_getres(clockid_t clock_id, struct timespec *tp); }
+	SYS_DUP2           = 90  // { int sys_dup2(int from, int to); }
+	SYS_NANOSLEEP      = 91  // { int sys_nanosleep(const struct timespec *rqtp, struct timespec *rmtp); }
+	SYS_FCNTL          = 92  // { int sys_fcntl(int fd, int cmd, ... void *arg); }
+	SYS_ACCEPT4        = 93  // { int sys_accept4(int s, struct sockaddr *name, socklen_t *anamelen, int flags); }
+	SYS___THRSLEEP     = 94  // { int sys___thrsleep(const volatile void *ident, clockid_t clock_id, const struct timespec *tp, void *lock, const int *abort); }
+	SYS_FSYNC          = 95  // { int sys_fsync(int fd); }
+	SYS_SETPRIORITY    = 96  // { int sys_setpriority(int which, id_t who, int prio); }
+	SYS_SOCKET         = 97  // { int sys_socket(int domain, int type, int protocol); }
+	SYS_CONNECT        = 98  // { int sys_connect(int s, const struct sockaddr *name, socklen_t namelen); }
+	SYS_GETDENTS       = 99  // { int sys_getdents(int fd, void *buf, size_t buflen); }
+	SYS_GETPRIORITY    = 100 // { int sys_getpriority(int which, id_t who); }
+	SYS_PIPE2          = 101 // { int sys_pipe2(int *fdp, int flags); }
+	SYS_DUP3           = 102 // { int sys_dup3(int from, int to, int flags); }
+	SYS_SIGRETURN      = 103 // { int sys_sigreturn(struct sigcontext *sigcntxp); }
+	SYS_BIND           = 104 // { int sys_bind(int s, const struct sockaddr *name, socklen_t namelen); }
+	SYS_SETSOCKOPT     = 105 // { int sys_setsockopt(int s, int level, int name, const void *val, socklen_t valsize); }
+	SYS_LISTEN         = 106 // { int sys_listen(int s, int backlog); }
+	SYS_CHFLAGSAT      = 107 // { int sys_chflagsat(int fd, const char *path, u_int flags, int atflags); }
+	SYS_PLEDGE         = 108 // { int sys_pledge(const char *promises, const char *execpromises); }
+	SYS_PPOLL          = 109 // { int sys_ppoll(struct pollfd *fds, u_int nfds, const struct timespec *ts, const sigset_t *mask); }
+	SYS_PSELECT        = 110 // { int sys_pselect(int nd, fd_set *in, fd_set *ou, fd_set *ex, const struct timespec *ts, const sigset_t *mask); }
+	SYS_SIGSUSPEND     = 111 // { int sys_sigsuspend(int mask); }
+	SYS_SENDSYSLOG     = 112 // { int sys_sendsyslog(const char *buf, size_t nbyte, int flags); }
+	SYS_UNVEIL         = 114 // { int sys_unveil(const char *path, const char *permissions); }
+	SYS_GETSOCKOPT     = 118 // { int sys_getsockopt(int s, int level, int name, void *val, socklen_t *avalsize); }
+	SYS_THRKILL        = 119 // { int sys_thrkill(pid_t tid, int signum, void *tcb); }
+	SYS_READV          = 120 // { ssize_t sys_readv(int fd, const struct iovec *iovp, int iovcnt); }
+	SYS_WRITEV         = 121 // { ssize_t sys_writev(int fd, const struct iovec *iovp, int iovcnt); }
+	SYS_KILL           = 122 // { int sys_kill(int pid, int signum); }
+	SYS_FCHOWN         = 123 // { int sys_fchown(int fd, uid_t uid, gid_t gid); }
+	SYS_FCHMOD         = 124 // { int sys_fchmod(int fd, mode_t mode); }
+	SYS_SETREUID       = 126 // { int sys_setreuid(uid_t ruid, uid_t euid); }
+	SYS_SETREGID       = 127 // { int sys_setregid(gid_t rgid, gid_t egid); }
+	SYS_RENAME         = 128 // { int sys_rename(const char *from, const char *to); }
+	SYS_FLOCK          = 131 // { int sys_flock(int fd, int how); }
+	SYS_MKFIFO         = 132 // { int sys_mkfifo(const char *path, mode_t mode); }
+	SYS_SENDTO         = 133 // { ssize_t sys_sendto(int s, const void *buf, size_t len, int flags, const struct sockaddr *to, socklen_t tolen); }
+	SYS_SHUTDOWN       = 134 // { int sys_shutdown(int s, int how); }
+	SYS_SOCKETPAIR     = 135 // { int sys_socketpair(int domain, int type, int protocol, int *rsv); }
+	SYS_MKDIR          = 136 // { int sys_mkdir(const char *path, mode_t mode); }
+	SYS_RMDIR          = 137 // { int sys_rmdir(const char *path); }
+	SYS_ADJTIME        = 140 // { int sys_adjtime(const struct timeval *delta, struct timeval *olddelta); }
+	SYS_GETLOGIN_R     = 141 // { int sys_getlogin_r(char *namebuf, u_int namelen); }
+	SYS_SETSID         = 147 // { int sys_setsid(void); }
+	SYS_QUOTACTL       = 148 // { int sys_quotactl(const char *path, int cmd, int uid, char *arg); }
+	SYS_NFSSVC         = 155 // { int sys_nfssvc(int flag, void *argp); }
+	SYS_GETFH          = 161 // { int sys_getfh(const char *fname, fhandle_t *fhp); }
+	SYS_SYSARCH        = 165 // { int sys_sysarch(int op, void *parms); }
+	SYS_PREAD          = 173 // { ssize_t sys_pread(int fd, void *buf, size_t nbyte, int pad, off_t offset); }
+	SYS_PWRITE         = 174 // { ssize_t sys_pwrite(int fd, const void *buf, size_t nbyte, int pad, off_t offset); }
+	SYS_SETGID         = 181 // { int sys_setgid(gid_t gid); }
+	SYS_SETEGID        = 182 // { int sys_setegid(gid_t egid); }
+	SYS_SETEUID        = 183 // { int sys_seteuid(uid_t euid); }
+	SYS_PATHCONF       = 191 // { long sys_pathconf(const char *path, int name); }
+	SYS_FPATHCONF      = 192 // { long sys_fpathconf(int fd, int name); }
+	SYS_SWAPCTL        = 193 // { int sys_swapctl(int cmd, const void *arg, int misc); }
+	SYS_GETRLIMIT      = 194 // { int sys_getrlimit(int which, struct rlimit *rlp); }
+	SYS_SETRLIMIT      = 195 // { int sys_setrlimit(int which, const struct rlimit *rlp); }
+	SYS_MMAP           = 197 // { void *sys_mmap(void *addr, size_t len, int prot, int flags, int fd, long pad, off_t pos); }
+	SYS_LSEEK          = 199 // { off_t sys_lseek(int fd, int pad, off_t offset, int whence); }
+	SYS_TRUNCATE       = 200 // { int sys_truncate(const char *path, int pad, off_t length); }
+	SYS_FTRUNCATE      = 201 // { int sys_ftruncate(int fd, int pad, off_t length); }
+	SYS_SYSCTL         = 202 // { int sys_sysctl(const int *name, u_int namelen, void *old, size_t *oldlenp, void *new, size_t newlen); }
+	SYS_MLOCK          = 203 // { int sys_mlock(const void *addr, size_t len); }
+	SYS_MUNLOCK        = 204 // { int sys_munlock(const void *addr, size_t len); }
+	SYS_GETPGID        = 207 // { pid_t sys_getpgid(pid_t pid); }
+	SYS_UTRACE         = 209 // { int sys_utrace(const char *label, const void *addr, size_t len); }
+	SYS_SEMGET         = 221 // { int sys_semget(key_t key, int nsems, int semflg); }
+	SYS_MSGGET         = 225 // { int sys_msgget(key_t key, int msgflg); }
+	SYS_MSGSND         = 226 // { int sys_msgsnd(int msqid, const void *msgp, size_t msgsz, int msgflg); }
+	SYS_MSGRCV         = 227 // { int sys_msgrcv(int msqid, void *msgp, size_t msgsz, long msgtyp, int msgflg); }
+	SYS_SHMAT          = 228 // { void *sys_shmat(int shmid, const void *shmaddr, int shmflg); }
+	SYS_SHMDT          = 230 // { int sys_shmdt(const void *shmaddr); }
+	SYS_MINHERIT       = 250 // { int sys_minherit(void *addr, size_t len, int inherit); }
+	SYS_POLL           = 252 // { int sys_poll(struct pollfd *fds, u_int nfds, int timeout); }
+	SYS_ISSETUGID      = 253 // { int sys_issetugid(void); }
+	SYS_LCHOWN         = 254 // { int sys_lchown(const char *path, uid_t uid, gid_t gid); }
+	SYS_GETSID         = 255 // { pid_t sys_getsid(pid_t pid); }
+	SYS_MSYNC          = 256 // { int sys_msync(void *addr, size_t len, int flags); }
+	SYS_PIPE           = 263 // { int sys_pipe(int *fdp); }
+	SYS_FHOPEN         = 264 // { int sys_fhopen(const fhandle_t *fhp, int flags); }
+	SYS_PREADV         = 267 // { ssize_t sys_preadv(int fd, const struct iovec *iovp, int iovcnt, int pad, off_t offset); }
+	SYS_PWRITEV        = 268 // { ssize_t sys_pwritev(int fd, const struct iovec *iovp, int iovcnt, int pad, off_t offset); }
+	SYS_KQUEUE         = 269 // { int sys_kqueue(void); }
+	SYS_MLOCKALL       = 271 // { int sys_mlockall(int flags); }
+	SYS_MUNLOCKALL     = 272 // { int sys_munlockall(void); }
+	SYS_GETRESUID      = 281 // { int sys_getresuid(uid_t *ruid, uid_t *euid, uid_t *suid); }
+	SYS_SETRESUID      = 282 // { int sys_setresuid(uid_t ruid, uid_t euid, uid_t suid); }
+	SYS_GETRESGID      = 283 // { int sys_getresgid(gid_t *rgid, gid_t *egid, gid_t *sgid); }
+	SYS_SETRESGID      = 284 // { int sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid); }
+	SYS_MQUERY         = 286 // { void *sys_mquery(void *addr, size_t len, int prot, int flags, int fd, long pad, off_t pos); }
+	SYS_CLOSEFROM      = 287 // { int sys_closefrom(int fd); }
+	SYS_SIGALTSTACK    = 288 // { int sys_sigaltstack(const struct sigaltstack *nss, struct sigaltstack *oss); }
+	SYS_SHMGET         = 289 // { int sys_shmget(key_t key, size_t size, int shmflg); }
+	SYS_SEMOP          = 290 // { int sys_semop(int semid, struct sembuf *sops, size_t nsops); }
+	SYS_FHSTAT         = 294 // { int sys_fhstat(const fhandle_t *fhp, struct stat *sb); }
+	SYS___SEMCTL       = 295 // { int sys___semctl(int semid, int semnum, int cmd, union semun *arg); }
+	SYS_SHMCTL         = 296 // { int sys_shmctl(int shmid, int cmd, struct shmid_ds *buf); }
+	SYS_MSGCTL         = 297 // { int sys_msgctl(int msqid, int cmd, struct msqid_ds *buf); }
+	SYS_SCHED_YIELD    = 298 // { int sys_sched_yield(void); }
+	SYS_GETTHRID       = 299 // { pid_t sys_getthrid(void); }
+	SYS___THRWAKEUP    = 301 // { int sys___thrwakeup(const volatile void *ident, int n); }
+	SYS___THREXIT      = 302 // { void sys___threxit(pid_t *notdead); }
+	SYS___THRSIGDIVERT = 303 // { int sys___thrsigdivert(sigset_t sigmask, siginfo_t *info, const struct timespec *timeout); }
+	SYS___GETCWD       = 304 // { int sys___getcwd(char *buf, size_t len); }
+	SYS_ADJFREQ        = 305 // { int sys_adjfreq(const int64_t *freq, int64_t *oldfreq); }
+	SYS_SETRTABLE      = 310 // { int sys_setrtable(int rtableid); }
+	SYS_GETRTABLE      = 311 // { int sys_getrtable(void); }
+	SYS_FACCESSAT      = 313 // { int sys_faccessat(int fd, const char *path, int amode, int flag); }
+	SYS_FCHMODAT       = 314 // { int sys_fchmodat(int fd, const char *path, mode_t mode, int flag); }
+	SYS_FCHOWNAT       = 315 // { int sys_fchownat(int fd, const char *path, uid_t uid, gid_t gid, int flag); }
+	SYS_LINKAT         = 317 // { int sys_linkat(int fd1, const char *path1, int fd2, const char *path2, int flag); }
+	SYS_MKDIRAT        = 318 // { int sys_mkdirat(int fd, const char *path, mode_t mode); }
+	SYS_MKFIFOAT       = 319 // { int sys_mkfifoat(int fd, const char *path, mode_t mode); }
+	SYS_MKNODAT        = 320 // { int sys_mknodat(int fd, const char *path, mode_t mode, dev_t dev); }
+	SYS_OPENAT         = 321 // { int sys_openat(int fd, const char *path, int flags, ... mode_t mode); }
+	SYS_READLINKAT     = 322 // { ssize_t sys_readlinkat(int fd, const char *path, char *buf, size_t count); }
+	SYS_RENAMEAT       = 323 // { int sys_renameat(int fromfd, const char *from, int tofd, const char *to); }
+	SYS_SYMLINKAT      = 324 // { int sys_symlinkat(const char *path, int fd, const char *link); }
+	SYS_UNLINKAT       = 325 // { int sys_unlinkat(int fd, const char *path, int flag); }
+	SYS___SET_TCB      = 329 // { void sys___set_tcb(void *tcb); }
+	SYS___GET_TCB      = 330 // { void *sys___get_tcb(void); }
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_openbsd_mips64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_openbsd_mips64.go
new file mode 100644
index 000000000..5c08d573b
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/zsysnum_openbsd_mips64.go
@@ -0,0 +1,220 @@
+// go run mksysnum.go https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/sys/kern/syscalls.master
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build mips64,openbsd
+
+package unix
+
+const (
+	SYS_EXIT           = 1   // { void sys_exit(int rval); }
+	SYS_FORK           = 2   // { int sys_fork(void); }
+	SYS_READ           = 3   // { ssize_t sys_read(int fd, void *buf, size_t nbyte); }
+	SYS_WRITE          = 4   // { ssize_t sys_write(int fd, const void *buf, size_t nbyte); }
+	SYS_OPEN           = 5   // { int sys_open(const char *path, int flags, ... mode_t mode); }
+	SYS_CLOSE          = 6   // { int sys_close(int fd); }
+	SYS_GETENTROPY     = 7   // { int sys_getentropy(void *buf, size_t nbyte); }
+	SYS___TFORK        = 8   // { int sys___tfork(const struct __tfork *param, size_t psize); }
+	SYS_LINK           = 9   // { int sys_link(const char *path, const char *link); }
+	SYS_UNLINK         = 10  // { int sys_unlink(const char *path); }
+	SYS_WAIT4          = 11  // { pid_t sys_wait4(pid_t pid, int *status, int options, struct rusage *rusage); }
+	SYS_CHDIR          = 12  // { int sys_chdir(const char *path); }
+	SYS_FCHDIR         = 13  // { int sys_fchdir(int fd); }
+	SYS_MKNOD          = 14  // { int sys_mknod(const char *path, mode_t mode, dev_t dev); }
+	SYS_CHMOD          = 15  // { int sys_chmod(const char *path, mode_t mode); }
+	SYS_CHOWN          = 16  // { int sys_chown(const char *path, uid_t uid, gid_t gid); }
+	SYS_OBREAK         = 17  // { int sys_obreak(char *nsize); } break
+	SYS_GETDTABLECOUNT = 18  // { int sys_getdtablecount(void); }
+	SYS_GETRUSAGE      = 19  // { int sys_getrusage(int who, struct rusage *rusage); }
+	SYS_GETPID         = 20  // { pid_t sys_getpid(void); }
+	SYS_MOUNT          = 21  // { int sys_mount(const char *type, const char *path, int flags, void *data); }
+	SYS_UNMOUNT        = 22  // { int sys_unmount(const char *path, int flags); }
+	SYS_SETUID         = 23  // { int sys_setuid(uid_t uid); }
+	SYS_GETUID         = 24  // { uid_t sys_getuid(void); }
+	SYS_GETEUID        = 25  // { uid_t sys_geteuid(void); }
+	SYS_PTRACE         = 26  // { int sys_ptrace(int req, pid_t pid, caddr_t addr, int data); }
+	SYS_RECVMSG        = 27  // { ssize_t sys_recvmsg(int s, struct msghdr *msg, int flags); }
+	SYS_SENDMSG        = 28  // { ssize_t sys_sendmsg(int s, const struct msghdr *msg, int flags); }
+	SYS_RECVFROM       = 29  // { ssize_t sys_recvfrom(int s, void *buf, size_t len, int flags, struct sockaddr *from, socklen_t *fromlenaddr); }
+	SYS_ACCEPT         = 30  // { int sys_accept(int s, struct sockaddr *name, socklen_t *anamelen); }
+	SYS_GETPEERNAME    = 31  // { int sys_getpeername(int fdes, struct sockaddr *asa, socklen_t *alen); }
+	SYS_GETSOCKNAME    = 32  // { int sys_getsockname(int fdes, struct sockaddr *asa, socklen_t *alen); }
+	SYS_ACCESS         = 33  // { int sys_access(const char *path, int amode); }
+	SYS_CHFLAGS        = 34  // { int sys_chflags(const char *path, u_int flags); }
+	SYS_FCHFLAGS       = 35  // { int sys_fchflags(int fd, u_int flags); }
+	SYS_SYNC           = 36  // { void sys_sync(void); }
+	SYS_MSYSCALL       = 37  // { int sys_msyscall(void *addr, size_t len); }
+	SYS_STAT           = 38  // { int sys_stat(const char *path, struct stat *ub); }
+	SYS_GETPPID        = 39  // { pid_t sys_getppid(void); }
+	SYS_LSTAT          = 40  // { int sys_lstat(const char *path, struct stat *ub); }
+	SYS_DUP            = 41  // { int sys_dup(int fd); }
+	SYS_FSTATAT        = 42  // { int sys_fstatat(int fd, const char *path, struct stat *buf, int flag); }
+	SYS_GETEGID        = 43  // { gid_t sys_getegid(void); }
+	SYS_PROFIL         = 44  // { int sys_profil(caddr_t samples, size_t size, u_long offset, u_int scale); }
+	SYS_KTRACE         = 45  // { int sys_ktrace(const char *fname, int ops, int facs, pid_t pid); }
+	SYS_SIGACTION      = 46  // { int sys_sigaction(int signum, const struct sigaction *nsa, struct sigaction *osa); }
+	SYS_GETGID         = 47  // { gid_t sys_getgid(void); }
+	SYS_SIGPROCMASK    = 48  // { int sys_sigprocmask(int how, sigset_t mask); }
+	SYS_SETLOGIN       = 50  // { int sys_setlogin(const char *namebuf); }
+	SYS_ACCT           = 51  // { int sys_acct(const char *path); }
+	SYS_SIGPENDING     = 52  // { int sys_sigpending(void); }
+	SYS_FSTAT          = 53  // { int sys_fstat(int fd, struct stat *sb); }
+	SYS_IOCTL          = 54  // { int sys_ioctl(int fd, u_long com, ... void *data); }
+	SYS_REBOOT         = 55  // { int sys_reboot(int opt); }
+	SYS_REVOKE         = 56  // { int sys_revoke(const char *path); }
+	SYS_SYMLINK        = 57  // { int sys_symlink(const char *path, const char *link); }
+	SYS_READLINK       = 58  // { ssize_t sys_readlink(const char *path, char *buf, size_t count); }
+	SYS_EXECVE         = 59  // { int sys_execve(const char *path, char * const *argp, char * const *envp); }
+	SYS_UMASK          = 60  // { mode_t sys_umask(mode_t newmask); }
+	SYS_CHROOT         = 61  // { int sys_chroot(const char *path); }
+	SYS_GETFSSTAT      = 62  // { int sys_getfsstat(struct statfs *buf, size_t bufsize, int flags); }
+	SYS_STATFS         = 63  // { int sys_statfs(const char *path, struct statfs *buf); }
+	SYS_FSTATFS        = 64  // { int sys_fstatfs(int fd, struct statfs *buf); }
+	SYS_FHSTATFS       = 65  // { int sys_fhstatfs(const fhandle_t *fhp, struct statfs *buf); }
+	SYS_VFORK          = 66  // { int sys_vfork(void); }
+	SYS_GETTIMEOFDAY   = 67  // { int sys_gettimeofday(struct timeval *tp, struct timezone *tzp); }
+	SYS_SETTIMEOFDAY   = 68  // { int sys_settimeofday(const struct timeval *tv, const struct timezone *tzp); }
+	SYS_SETITIMER      = 69  // { int sys_setitimer(int which, const struct itimerval *itv, struct itimerval *oitv); }
+	SYS_GETITIMER      = 70  // { int sys_getitimer(int which, struct itimerval *itv); }
+	SYS_SELECT         = 71  // { int sys_select(int nd, fd_set *in, fd_set *ou, fd_set *ex, struct timeval *tv); }
+	SYS_KEVENT         = 72  // { int sys_kevent(int fd, const struct kevent *changelist, int nchanges, struct kevent *eventlist, int nevents, const struct timespec *timeout); }
+	SYS_MUNMAP         = 73  // { int sys_munmap(void *addr, size_t len); }
+	SYS_MPROTECT       = 74  // { int sys_mprotect(void *addr, size_t len, int prot); }
+	SYS_MADVISE        = 75  // { int sys_madvise(void *addr, size_t len, int behav); }
+	SYS_UTIMES         = 76  // { int sys_utimes(const char *path, const struct timeval *tptr); }
+	SYS_FUTIMES        = 77  // { int sys_futimes(int fd, const struct timeval *tptr); }
+	SYS_GETGROUPS      = 79  // { int sys_getgroups(int gidsetsize, gid_t *gidset); }
+	SYS_SETGROUPS      = 80  // { int sys_setgroups(int gidsetsize, const gid_t *gidset); }
+	SYS_GETPGRP        = 81  // { int sys_getpgrp(void); }
+	SYS_SETPGID        = 82  // { int sys_setpgid(pid_t pid, pid_t pgid); }
+	SYS_FUTEX          = 83  // { int sys_futex(uint32_t *f, int op, int val, const struct timespec *timeout, uint32_t *g); }
+	SYS_UTIMENSAT      = 84  // { int sys_utimensat(int fd, const char *path, const struct timespec *times, int flag); }
+	SYS_FUTIMENS       = 85  // { int sys_futimens(int fd, const struct timespec *times); }
+	SYS_KBIND          = 86  // { int sys_kbind(const struct __kbind *param, size_t psize, int64_t proc_cookie); }
+	SYS_CLOCK_GETTIME  = 87  // { int sys_clock_gettime(clockid_t clock_id, struct timespec *tp); }
+	SYS_CLOCK_SETTIME  = 88  // { int sys_clock_settime(clockid_t clock_id, const struct timespec *tp); }
+	SYS_CLOCK_GETRES   = 89  // { int sys_clock_getres(clockid_t clock_id, struct timespec *tp); }
+	SYS_DUP2           = 90  // { int sys_dup2(int from, int to); }
+	SYS_NANOSLEEP      = 91  // { int sys_nanosleep(const struct timespec *rqtp, struct timespec *rmtp); }
+	SYS_FCNTL          = 92  // { int sys_fcntl(int fd, int cmd, ... void *arg); }
+	SYS_ACCEPT4        = 93  // { int sys_accept4(int s, struct sockaddr *name, socklen_t *anamelen, int flags); }
+	SYS___THRSLEEP     = 94  // { int sys___thrsleep(const volatile void *ident, clockid_t clock_id, const struct timespec *tp, void *lock, const int *abort); }
+	SYS_FSYNC          = 95  // { int sys_fsync(int fd); }
+	SYS_SETPRIORITY    = 96  // { int sys_setpriority(int which, id_t who, int prio); }
+	SYS_SOCKET         = 97  // { int sys_socket(int domain, int type, int protocol); }
+	SYS_CONNECT        = 98  // { int sys_connect(int s, const struct sockaddr *name, socklen_t namelen); }
+	SYS_GETDENTS       = 99  // { int sys_getdents(int fd, void *buf, size_t buflen); }
+	SYS_GETPRIORITY    = 100 // { int sys_getpriority(int which, id_t who); }
+	SYS_PIPE2          = 101 // { int sys_pipe2(int *fdp, int flags); }
+	SYS_DUP3           = 102 // { int sys_dup3(int from, int to, int flags); }
+	SYS_SIGRETURN      = 103 // { int sys_sigreturn(struct sigcontext *sigcntxp); }
+	SYS_BIND           = 104 // { int sys_bind(int s, const struct sockaddr *name, socklen_t namelen); }
+	SYS_SETSOCKOPT     = 105 // { int sys_setsockopt(int s, int level, int name, const void *val, socklen_t valsize); }
+	SYS_LISTEN         = 106 // { int sys_listen(int s, int backlog); }
+	SYS_CHFLAGSAT      = 107 // { int sys_chflagsat(int fd, const char *path, u_int flags, int atflags); }
+	SYS_PLEDGE         = 108 // { int sys_pledge(const char *promises, const char *execpromises); }
+	SYS_PPOLL          = 109 // { int sys_ppoll(struct pollfd *fds, u_int nfds, const struct timespec *ts, const sigset_t *mask); }
+	SYS_PSELECT        = 110 // { int sys_pselect(int nd, fd_set *in, fd_set *ou, fd_set *ex, const struct timespec *ts, const sigset_t *mask); }
+	SYS_SIGSUSPEND     = 111 // { int sys_sigsuspend(int mask); }
+	SYS_SENDSYSLOG     = 112 // { int sys_sendsyslog(const char *buf, size_t nbyte, int flags); }
+	SYS_UNVEIL         = 114 // { int sys_unveil(const char *path, const char *permissions); }
+	SYS___REALPATH     = 115 // { int sys___realpath(const char *pathname, char *resolved); }
+	SYS_GETSOCKOPT     = 118 // { int sys_getsockopt(int s, int level, int name, void *val, socklen_t *avalsize); }
+	SYS_THRKILL        = 119 // { int sys_thrkill(pid_t tid, int signum, void *tcb); }
+	SYS_READV          = 120 // { ssize_t sys_readv(int fd, const struct iovec *iovp, int iovcnt); }
+	SYS_WRITEV         = 121 // { ssize_t sys_writev(int fd, const struct iovec *iovp, int iovcnt); }
+	SYS_KILL           = 122 // { int sys_kill(int pid, int signum); }
+	SYS_FCHOWN         = 123 // { int sys_fchown(int fd, uid_t uid, gid_t gid); }
+	SYS_FCHMOD         = 124 // { int sys_fchmod(int fd, mode_t mode); }
+	SYS_SETREUID       = 126 // { int sys_setreuid(uid_t ruid, uid_t euid); }
+	SYS_SETREGID       = 127 // { int sys_setregid(gid_t rgid, gid_t egid); }
+	SYS_RENAME         = 128 // { int sys_rename(const char *from, const char *to); }
+	SYS_FLOCK          = 131 // { int sys_flock(int fd, int how); }
+	SYS_MKFIFO         = 132 // { int sys_mkfifo(const char *path, mode_t mode); }
+	SYS_SENDTO         = 133 // { ssize_t sys_sendto(int s, const void *buf, size_t len, int flags, const struct sockaddr *to, socklen_t tolen); }
+	SYS_SHUTDOWN       = 134 // { int sys_shutdown(int s, int how); }
+	SYS_SOCKETPAIR     = 135 // { int sys_socketpair(int domain, int type, int protocol, int *rsv); }
+	SYS_MKDIR          = 136 // { int sys_mkdir(const char *path, mode_t mode); }
+	SYS_RMDIR          = 137 // { int sys_rmdir(const char *path); }
+	SYS_ADJTIME        = 140 // { int sys_adjtime(const struct timeval *delta, struct timeval *olddelta); }
+	SYS_GETLOGIN_R     = 141 // { int sys_getlogin_r(char *namebuf, u_int namelen); }
+	SYS_SETSID         = 147 // { int sys_setsid(void); }
+	SYS_QUOTACTL       = 148 // { int sys_quotactl(const char *path, int cmd, int uid, char *arg); }
+	SYS_NFSSVC         = 155 // { int sys_nfssvc(int flag, void *argp); }
+	SYS_GETFH          = 161 // { int sys_getfh(const char *fname, fhandle_t *fhp); }
+	SYS___TMPFD        = 164 // { int sys___tmpfd(int flags); }
+	SYS_SYSARCH        = 165 // { int sys_sysarch(int op, void *parms); }
+	SYS_PREAD          = 173 // { ssize_t sys_pread(int fd, void *buf, size_t nbyte, int pad, off_t offset); }
+	SYS_PWRITE         = 174 // { ssize_t sys_pwrite(int fd, const void *buf, size_t nbyte, int pad, off_t offset); }
+	SYS_SETGID         = 181 // { int sys_setgid(gid_t gid); }
+	SYS_SETEGID        = 182 // { int sys_setegid(gid_t egid); }
+	SYS_SETEUID        = 183 // { int sys_seteuid(uid_t euid); }
+	SYS_PATHCONF       = 191 // { long sys_pathconf(const char *path, int name); }
+	SYS_FPATHCONF      = 192 // { long sys_fpathconf(int fd, int name); }
+	SYS_SWAPCTL        = 193 // { int sys_swapctl(int cmd, const void *arg, int misc); }
+	SYS_GETRLIMIT      = 194 // { int sys_getrlimit(int which, struct rlimit *rlp); }
+	SYS_SETRLIMIT      = 195 // { int sys_setrlimit(int which, const struct rlimit *rlp); }
+	SYS_MMAP           = 197 // { void *sys_mmap(void *addr, size_t len, int prot, int flags, int fd, long pad, off_t pos); }
+	SYS_LSEEK          = 199 // { off_t sys_lseek(int fd, int pad, off_t offset, int whence); }
+	SYS_TRUNCATE       = 200 // { int sys_truncate(const char *path, int pad, off_t length); }
+	SYS_FTRUNCATE      = 201 // { int sys_ftruncate(int fd, int pad, off_t length); }
+	SYS_SYSCTL         = 202 // { int sys_sysctl(const int *name, u_int namelen, void *old, size_t *oldlenp, void *new, size_t newlen); }
+	SYS_MLOCK          = 203 // { int sys_mlock(const void *addr, size_t len); }
+	SYS_MUNLOCK        = 204 // { int sys_munlock(const void *addr, size_t len); }
+	SYS_GETPGID        = 207 // { pid_t sys_getpgid(pid_t pid); }
+	SYS_UTRACE         = 209 // { int sys_utrace(const char *label, const void *addr, size_t len); }
+	SYS_SEMGET         = 221 // { int sys_semget(key_t key, int nsems, int semflg); }
+	SYS_MSGGET         = 225 // { int sys_msgget(key_t key, int msgflg); }
+	SYS_MSGSND         = 226 // { int sys_msgsnd(int msqid, const void *msgp, size_t msgsz, int msgflg); }
+	SYS_MSGRCV         = 227 // { int sys_msgrcv(int msqid, void *msgp, size_t msgsz, long msgtyp, int msgflg); }
+	SYS_SHMAT          = 228 // { void *sys_shmat(int shmid, const void *shmaddr, int shmflg); }
+	SYS_SHMDT          = 230 // { int sys_shmdt(const void *shmaddr); }
+	SYS_MINHERIT       = 250 // { int sys_minherit(void *addr, size_t len, int inherit); }
+	SYS_POLL           = 252 // { int sys_poll(struct pollfd *fds, u_int nfds, int timeout); }
+	SYS_ISSETUGID      = 253 // { int sys_issetugid(void); }
+	SYS_LCHOWN         = 254 // { int sys_lchown(const char *path, uid_t uid, gid_t gid); }
+	SYS_GETSID         = 255 // { pid_t sys_getsid(pid_t pid); }
+	SYS_MSYNC          = 256 // { int sys_msync(void *addr, size_t len, int flags); }
+	SYS_PIPE           = 263 // { int sys_pipe(int *fdp); }
+	SYS_FHOPEN         = 264 // { int sys_fhopen(const fhandle_t *fhp, int flags); }
+	SYS_PREADV         = 267 // { ssize_t sys_preadv(int fd, const struct iovec *iovp, int iovcnt, int pad, off_t offset); }
+	SYS_PWRITEV        = 268 // { ssize_t sys_pwritev(int fd, const struct iovec *iovp, int iovcnt, int pad, off_t offset); }
+	SYS_KQUEUE         = 269 // { int sys_kqueue(void); }
+	SYS_MLOCKALL       = 271 // { int sys_mlockall(int flags); }
+	SYS_MUNLOCKALL     = 272 // { int sys_munlockall(void); }
+	SYS_GETRESUID      = 281 // { int sys_getresuid(uid_t *ruid, uid_t *euid, uid_t *suid); }
+	SYS_SETRESUID      = 282 // { int sys_setresuid(uid_t ruid, uid_t euid, uid_t suid); }
+	SYS_GETRESGID      = 283 // { int sys_getresgid(gid_t *rgid, gid_t *egid, gid_t *sgid); }
+	SYS_SETRESGID      = 284 // { int sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid); }
+	SYS_MQUERY         = 286 // { void *sys_mquery(void *addr, size_t len, int prot, int flags, int fd, long pad, off_t pos); }
+	SYS_CLOSEFROM      = 287 // { int sys_closefrom(int fd); }
+	SYS_SIGALTSTACK    = 288 // { int sys_sigaltstack(const struct sigaltstack *nss, struct sigaltstack *oss); }
+	SYS_SHMGET         = 289 // { int sys_shmget(key_t key, size_t size, int shmflg); }
+	SYS_SEMOP          = 290 // { int sys_semop(int semid, struct sembuf *sops, size_t nsops); }
+	SYS_FHSTAT         = 294 // { int sys_fhstat(const fhandle_t *fhp, struct stat *sb); }
+	SYS___SEMCTL       = 295 // { int sys___semctl(int semid, int semnum, int cmd, union semun *arg); }
+	SYS_SHMCTL         = 296 // { int sys_shmctl(int shmid, int cmd, struct shmid_ds *buf); }
+	SYS_MSGCTL         = 297 // { int sys_msgctl(int msqid, int cmd, struct msqid_ds *buf); }
+	SYS_SCHED_YIELD    = 298 // { int sys_sched_yield(void); }
+	SYS_GETTHRID       = 299 // { pid_t sys_getthrid(void); }
+	SYS___THRWAKEUP    = 301 // { int sys___thrwakeup(const volatile void *ident, int n); }
+	SYS___THREXIT      = 302 // { void sys___threxit(pid_t *notdead); }
+	SYS___THRSIGDIVERT = 303 // { int sys___thrsigdivert(sigset_t sigmask, siginfo_t *info, const struct timespec *timeout); }
+	SYS___GETCWD       = 304 // { int sys___getcwd(char *buf, size_t len); }
+	SYS_ADJFREQ        = 305 // { int sys_adjfreq(const int64_t *freq, int64_t *oldfreq); }
+	SYS_SETRTABLE      = 310 // { int sys_setrtable(int rtableid); }
+	SYS_GETRTABLE      = 311 // { int sys_getrtable(void); }
+	SYS_FACCESSAT      = 313 // { int sys_faccessat(int fd, const char *path, int amode, int flag); }
+	SYS_FCHMODAT       = 314 // { int sys_fchmodat(int fd, const char *path, mode_t mode, int flag); }
+	SYS_FCHOWNAT       = 315 // { int sys_fchownat(int fd, const char *path, uid_t uid, gid_t gid, int flag); }
+	SYS_LINKAT         = 317 // { int sys_linkat(int fd1, const char *path1, int fd2, const char *path2, int flag); }
+	SYS_MKDIRAT        = 318 // { int sys_mkdirat(int fd, const char *path, mode_t mode); }
+	SYS_MKFIFOAT       = 319 // { int sys_mkfifoat(int fd, const char *path, mode_t mode); }
+	SYS_MKNODAT        = 320 // { int sys_mknodat(int fd, const char *path, mode_t mode, dev_t dev); }
+	SYS_OPENAT         = 321 // { int sys_openat(int fd, const char *path, int flags, ... mode_t mode); }
+	SYS_READLINKAT     = 322 // { ssize_t sys_readlinkat(int fd, const char *path, char *buf, size_t count); }
+	SYS_RENAMEAT       = 323 // { int sys_renameat(int fromfd, const char *from, int tofd, const char *to); }
+	SYS_SYMLINKAT      = 324 // { int sys_symlinkat(const char *path, int fd, const char *link); }
+	SYS_UNLINKAT       = 325 // { int sys_unlinkat(int fd, const char *path, int flag); }
+	SYS___SET_TCB      = 329 // { void sys___set_tcb(void *tcb); }
+	SYS___GET_TCB      = 330 // { void *sys___get_tcb(void); }
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_aix_ppc.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_aix_ppc.go
new file mode 100644
index 000000000..2c1f815e6
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_aix_ppc.go
@@ -0,0 +1,352 @@
+// cgo -godefs types_aix.go | go run mkpost.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build ppc,aix
+
+package unix
+
+const (
+	SizeofPtr      = 0x4
+	SizeofShort    = 0x2
+	SizeofInt      = 0x4
+	SizeofLong     = 0x4
+	SizeofLongLong = 0x8
+	PathMax        = 0x3ff
+)
+
+type (
+	_C_short     int16
+	_C_int       int32
+	_C_long      int32
+	_C_long_long int64
+)
+
+type off64 int64
+type off int32
+type Mode_t uint32
+
+type Timespec struct {
+	Sec  int32
+	Nsec int32
+}
+
+type Timeval struct {
+	Sec  int32
+	Usec int32
+}
+
+type Timeval32 struct {
+	Sec  int32
+	Usec int32
+}
+
+type Timex struct{}
+
+type Time_t int32
+
+type Tms struct{}
+
+type Utimbuf struct {
+	Actime  int32
+	Modtime int32
+}
+
+type Timezone struct {
+	Minuteswest int32
+	Dsttime     int32
+}
+
+type Rusage struct {
+	Utime    Timeval
+	Stime    Timeval
+	Maxrss   int32
+	Ixrss    int32
+	Idrss    int32
+	Isrss    int32
+	Minflt   int32
+	Majflt   int32
+	Nswap    int32
+	Inblock  int32
+	Oublock  int32
+	Msgsnd   int32
+	Msgrcv   int32
+	Nsignals int32
+	Nvcsw    int32
+	Nivcsw   int32
+}
+
+type Rlimit struct {
+	Cur uint64
+	Max uint64
+}
+
+type Pid_t int32
+
+type _Gid_t uint32
+
+type dev_t uint32
+
+type Stat_t struct {
+	Dev      uint32
+	Ino      uint32
+	Mode     uint32
+	Nlink    int16
+	Flag     uint16
+	Uid      uint32
+	Gid      uint32
+	Rdev     uint32
+	Size     int32
+	Atim     Timespec
+	Mtim     Timespec
+	Ctim     Timespec
+	Blksize  int32
+	Blocks   int32
+	Vfstype  int32
+	Vfs      uint32
+	Type     uint32
+	Gen      uint32
+	Reserved [9]uint32
+}
+
+type StatxTimestamp struct{}
+
+type Statx_t struct{}
+
+type Dirent struct {
+	Offset uint32
+	Ino    uint32
+	Reclen uint16
+	Namlen uint16
+	Name   [256]uint8
+}
+
+type RawSockaddrInet4 struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]uint8
+}
+
+type RawSockaddrInet6 struct {
+	Len      uint8
+	Family   uint8
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+type RawSockaddrUnix struct {
+	Len    uint8
+	Family uint8
+	Path   [1023]uint8
+}
+
+type RawSockaddrDatalink struct {
+	Len    uint8
+	Family uint8
+	Index  uint16
+	Type   uint8
+	Nlen   uint8
+	Alen   uint8
+	Slen   uint8
+	Data   [120]uint8
+}
+
+type RawSockaddr struct {
+	Len    uint8
+	Family uint8
+	Data   [14]uint8
+}
+
+type RawSockaddrAny struct {
+	Addr RawSockaddr
+	Pad  [1012]uint8
+}
+
+type _Socklen uint32
+
+type Cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type ICMPv6Filter struct {
+	Filt [8]uint32
+}
+
+type Iovec struct {
+	Base *byte
+	Len  uint32
+}
+
+type IPMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
+
+type IPv6Mreq struct {
+	Multiaddr [16]byte /* in6_addr */
+	Interface uint32
+}
+
+type IPv6MTUInfo struct {
+	Addr RawSockaddrInet6
+	Mtu  uint32
+}
+
+type Linger struct {
+	Onoff  int32
+	Linger int32
+}
+
+type Msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Iov        *Iovec
+	Iovlen     int32
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+const (
+	SizeofSockaddrInet4    = 0x10
+	SizeofSockaddrInet6    = 0x1c
+	SizeofSockaddrAny      = 0x404
+	SizeofSockaddrUnix     = 0x401
+	SizeofSockaddrDatalink = 0x80
+	SizeofLinger           = 0x8
+	SizeofIPMreq           = 0x8
+	SizeofIPv6Mreq         = 0x14
+	SizeofIPv6MTUInfo      = 0x20
+	SizeofMsghdr           = 0x1c
+	SizeofCmsghdr          = 0xc
+	SizeofICMPv6Filter     = 0x20
+)
+
+const (
+	SizeofIfMsghdr = 0x10
+)
+
+type IfMsgHdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Addrs   int32
+	Flags   int32
+	Index   uint16
+	Addrlen uint8
+	_       [1]byte
+}
+
+type FdSet struct {
+	Bits [2048]int32
+}
+
+type Utsname struct {
+	Sysname  [32]byte
+	Nodename [32]byte
+	Release  [32]byte
+	Version  [32]byte
+	Machine  [32]byte
+}
+
+type Ustat_t struct{}
+
+type Sigset_t struct {
+	Losigs uint32
+	Hisigs uint32
+}
+
+const (
+	AT_FDCWD            = -0x2
+	AT_REMOVEDIR        = 0x1
+	AT_SYMLINK_NOFOLLOW = 0x1
+)
+
+type Termios struct {
+	Iflag uint32
+	Oflag uint32
+	Cflag uint32
+	Lflag uint32
+	Cc    [16]uint8
+}
+
+type Termio struct {
+	Iflag uint16
+	Oflag uint16
+	Cflag uint16
+	Lflag uint16
+	Line  uint8
+	Cc    [8]uint8
+	_     [1]byte
+}
+
+type Winsize struct {
+	Row    uint16
+	Col    uint16
+	Xpixel uint16
+	Ypixel uint16
+}
+
+type PollFd struct {
+	Fd      int32
+	Events  uint16
+	Revents uint16
+}
+
+const (
+	POLLERR    = 0x4000
+	POLLHUP    = 0x2000
+	POLLIN     = 0x1
+	POLLNVAL   = 0x8000
+	POLLOUT    = 0x2
+	POLLPRI    = 0x4
+	POLLRDBAND = 0x20
+	POLLRDNORM = 0x10
+	POLLWRBAND = 0x40
+	POLLWRNORM = 0x2
+)
+
+type Flock_t struct {
+	Type   int16
+	Whence int16
+	Sysid  uint32
+	Pid    int32
+	Vfs    int32
+	Start  int64
+	Len    int64
+}
+
+type Fsid_t struct {
+	Val [2]uint32
+}
+type Fsid64_t struct {
+	Val [2]uint64
+}
+
+type Statfs_t struct {
+	Version   int32
+	Type      int32
+	Bsize     uint32
+	Blocks    uint32
+	Bfree     uint32
+	Bavail    uint32
+	Files     uint32
+	Ffree     uint32
+	Fsid      Fsid_t
+	Vfstype   int32
+	Fsize     uint32
+	Vfsnumber int32
+	Vfsoff    int32
+	Vfslen    int32
+	Vfsvers   int32
+	Fname     [32]uint8
+	Fpack     [32]uint8
+	Name_max  int32
+}
+
+const RNDGETENTCNT = 0x80045200
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_aix_ppc64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_aix_ppc64.go
new file mode 100644
index 000000000..b4a069ecb
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_aix_ppc64.go
@@ -0,0 +1,356 @@
+// cgo -godefs types_aix.go | go run mkpost.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build ppc64,aix
+
+package unix
+
+const (
+	SizeofPtr      = 0x8
+	SizeofShort    = 0x2
+	SizeofInt      = 0x4
+	SizeofLong     = 0x8
+	SizeofLongLong = 0x8
+	PathMax        = 0x3ff
+)
+
+type (
+	_C_short     int16
+	_C_int       int32
+	_C_long      int64
+	_C_long_long int64
+)
+
+type off64 int64
+type off int64
+type Mode_t uint32
+
+type Timespec struct {
+	Sec  int64
+	Nsec int64
+}
+
+type Timeval struct {
+	Sec  int64
+	Usec int32
+	_    [4]byte
+}
+
+type Timeval32 struct {
+	Sec  int32
+	Usec int32
+}
+
+type Timex struct{}
+
+type Time_t int64
+
+type Tms struct{}
+
+type Utimbuf struct {
+	Actime  int64
+	Modtime int64
+}
+
+type Timezone struct {
+	Minuteswest int32
+	Dsttime     int32
+}
+
+type Rusage struct {
+	Utime    Timeval
+	Stime    Timeval
+	Maxrss   int64
+	Ixrss    int64
+	Idrss    int64
+	Isrss    int64
+	Minflt   int64
+	Majflt   int64
+	Nswap    int64
+	Inblock  int64
+	Oublock  int64
+	Msgsnd   int64
+	Msgrcv   int64
+	Nsignals int64
+	Nvcsw    int64
+	Nivcsw   int64
+}
+
+type Rlimit struct {
+	Cur uint64
+	Max uint64
+}
+
+type Pid_t int32
+
+type _Gid_t uint32
+
+type dev_t uint64
+
+type Stat_t struct {
+	Dev      uint64
+	Ino      uint64
+	Mode     uint32
+	Nlink    int16
+	Flag     uint16
+	Uid      uint32
+	Gid      uint32
+	Rdev     uint64
+	Ssize    int32
+	Atim     Timespec
+	Mtim     Timespec
+	Ctim     Timespec
+	Blksize  int64
+	Blocks   int64
+	Vfstype  int32
+	Vfs      uint32
+	Type     uint32
+	Gen      uint32
+	Reserved [9]uint32
+	Padto_ll uint32
+	Size     int64
+}
+
+type StatxTimestamp struct{}
+
+type Statx_t struct{}
+
+type Dirent struct {
+	Offset uint64
+	Ino    uint64
+	Reclen uint16
+	Namlen uint16
+	Name   [256]uint8
+	_      [4]byte
+}
+
+type RawSockaddrInet4 struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]uint8
+}
+
+type RawSockaddrInet6 struct {
+	Len      uint8
+	Family   uint8
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+type RawSockaddrUnix struct {
+	Len    uint8
+	Family uint8
+	Path   [1023]uint8
+}
+
+type RawSockaddrDatalink struct {
+	Len    uint8
+	Family uint8
+	Index  uint16
+	Type   uint8
+	Nlen   uint8
+	Alen   uint8
+	Slen   uint8
+	Data   [120]uint8
+}
+
+type RawSockaddr struct {
+	Len    uint8
+	Family uint8
+	Data   [14]uint8
+}
+
+type RawSockaddrAny struct {
+	Addr RawSockaddr
+	Pad  [1012]uint8
+}
+
+type _Socklen uint32
+
+type Cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type ICMPv6Filter struct {
+	Filt [8]uint32
+}
+
+type Iovec struct {
+	Base *byte
+	Len  uint64
+}
+
+type IPMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
+
+type IPv6Mreq struct {
+	Multiaddr [16]byte /* in6_addr */
+	Interface uint32
+}
+
+type IPv6MTUInfo struct {
+	Addr RawSockaddrInet6
+	Mtu  uint32
+}
+
+type Linger struct {
+	Onoff  int32
+	Linger int32
+}
+
+type Msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Iov        *Iovec
+	Iovlen     int32
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+const (
+	SizeofSockaddrInet4    = 0x10
+	SizeofSockaddrInet6    = 0x1c
+	SizeofSockaddrAny      = 0x404
+	SizeofSockaddrUnix     = 0x401
+	SizeofSockaddrDatalink = 0x80
+	SizeofLinger           = 0x8
+	SizeofIPMreq           = 0x8
+	SizeofIPv6Mreq         = 0x14
+	SizeofIPv6MTUInfo      = 0x20
+	SizeofMsghdr           = 0x30
+	SizeofCmsghdr          = 0xc
+	SizeofICMPv6Filter     = 0x20
+)
+
+const (
+	SizeofIfMsghdr = 0x10
+)
+
+type IfMsgHdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Addrs   int32
+	Flags   int32
+	Index   uint16
+	Addrlen uint8
+	_       [1]byte
+}
+
+type FdSet struct {
+	Bits [1024]int64
+}
+
+type Utsname struct {
+	Sysname  [32]byte
+	Nodename [32]byte
+	Release  [32]byte
+	Version  [32]byte
+	Machine  [32]byte
+}
+
+type Ustat_t struct{}
+
+type Sigset_t struct {
+	Set [4]uint64
+}
+
+const (
+	AT_FDCWD            = -0x2
+	AT_REMOVEDIR        = 0x1
+	AT_SYMLINK_NOFOLLOW = 0x1
+)
+
+type Termios struct {
+	Iflag uint32
+	Oflag uint32
+	Cflag uint32
+	Lflag uint32
+	Cc    [16]uint8
+}
+
+type Termio struct {
+	Iflag uint16
+	Oflag uint16
+	Cflag uint16
+	Lflag uint16
+	Line  uint8
+	Cc    [8]uint8
+	_     [1]byte
+}
+
+type Winsize struct {
+	Row    uint16
+	Col    uint16
+	Xpixel uint16
+	Ypixel uint16
+}
+
+type PollFd struct {
+	Fd      int32
+	Events  uint16
+	Revents uint16
+}
+
+const (
+	POLLERR    = 0x4000
+	POLLHUP    = 0x2000
+	POLLIN     = 0x1
+	POLLNVAL   = 0x8000
+	POLLOUT    = 0x2
+	POLLPRI    = 0x4
+	POLLRDBAND = 0x20
+	POLLRDNORM = 0x10
+	POLLWRBAND = 0x40
+	POLLWRNORM = 0x2
+)
+
+type Flock_t struct {
+	Type   int16
+	Whence int16
+	Sysid  uint32
+	Pid    int32
+	Vfs    int32
+	Start  int64
+	Len    int64
+}
+
+type Fsid_t struct {
+	Val [2]uint32
+}
+type Fsid64_t struct {
+	Val [2]uint64
+}
+
+type Statfs_t struct {
+	Version   int32
+	Type      int32
+	Bsize     uint64
+	Blocks    uint64
+	Bfree     uint64
+	Bavail    uint64
+	Files     uint64
+	Ffree     uint64
+	Fsid      Fsid64_t
+	Vfstype   int32
+	Fsize     uint64
+	Vfsnumber int32
+	Vfsoff    int32
+	Vfslen    int32
+	Vfsvers   int32
+	Fname     [32]uint8
+	Fpack     [32]uint8
+	Name_max  int32
+	_         [4]byte
+}
+
+const RNDGETENTCNT = 0x80045200
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_darwin_386.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_darwin_386.go
new file mode 100644
index 000000000..6103f2150
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_darwin_386.go
@@ -0,0 +1,503 @@
+// cgo -godefs types_darwin.go | go run mkpost.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build 386,darwin
+
+package unix
+
+const (
+	SizeofPtr      = 0x4
+	SizeofShort    = 0x2
+	SizeofInt      = 0x4
+	SizeofLong     = 0x4
+	SizeofLongLong = 0x8
+)
+
+type (
+	_C_short     int16
+	_C_int       int32
+	_C_long      int32
+	_C_long_long int64
+)
+
+type Timespec struct {
+	Sec  int32
+	Nsec int32
+}
+
+type Timeval struct {
+	Sec  int32
+	Usec int32
+}
+
+type Timeval32 struct{}
+
+type Rusage struct {
+	Utime    Timeval
+	Stime    Timeval
+	Maxrss   int32
+	Ixrss    int32
+	Idrss    int32
+	Isrss    int32
+	Minflt   int32
+	Majflt   int32
+	Nswap    int32
+	Inblock  int32
+	Oublock  int32
+	Msgsnd   int32
+	Msgrcv   int32
+	Nsignals int32
+	Nvcsw    int32
+	Nivcsw   int32
+}
+
+type Rlimit struct {
+	Cur uint64
+	Max uint64
+}
+
+type _Gid_t uint32
+
+type Stat_t struct {
+	Dev     int32
+	Mode    uint16
+	Nlink   uint16
+	Ino     uint64
+	Uid     uint32
+	Gid     uint32
+	Rdev    int32
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	Btim    Timespec
+	Size    int64
+	Blocks  int64
+	Blksize int32
+	Flags   uint32
+	Gen     uint32
+	Lspare  int32
+	Qspare  [2]int64
+}
+
+type Statfs_t struct {
+	Bsize       uint32
+	Iosize      int32
+	Blocks      uint64
+	Bfree       uint64
+	Bavail      uint64
+	Files       uint64
+	Ffree       uint64
+	Fsid        Fsid
+	Owner       uint32
+	Type        uint32
+	Flags       uint32
+	Fssubtype   uint32
+	Fstypename  [16]int8
+	Mntonname   [1024]int8
+	Mntfromname [1024]int8
+	Reserved    [8]uint32
+}
+
+type Flock_t struct {
+	Start  int64
+	Len    int64
+	Pid    int32
+	Type   int16
+	Whence int16
+}
+
+type Fstore_t struct {
+	Flags      uint32
+	Posmode    int32
+	Offset     int64
+	Length     int64
+	Bytesalloc int64
+}
+
+type Radvisory_t struct {
+	Offset int64
+	Count  int32
+}
+
+type Fbootstraptransfer_t struct {
+	Offset int64
+	Length uint32
+	Buffer *byte
+}
+
+type Log2phys_t struct {
+	Flags       uint32
+	Contigbytes int64
+	Devoffset   int64
+}
+
+type Fsid struct {
+	Val [2]int32
+}
+
+type Dirent struct {
+	Ino     uint64
+	Seekoff uint64
+	Reclen  uint16
+	Namlen  uint16
+	Type    uint8
+	Name    [1024]int8
+	_       [3]byte
+}
+
+const (
+	PathMax = 0x400
+)
+
+type RawSockaddrInet4 struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]int8
+}
+
+type RawSockaddrInet6 struct {
+	Len      uint8
+	Family   uint8
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+type RawSockaddrUnix struct {
+	Len    uint8
+	Family uint8
+	Path   [104]int8
+}
+
+type RawSockaddrDatalink struct {
+	Len    uint8
+	Family uint8
+	Index  uint16
+	Type   uint8
+	Nlen   uint8
+	Alen   uint8
+	Slen   uint8
+	Data   [12]int8
+}
+
+type RawSockaddr struct {
+	Len    uint8
+	Family uint8
+	Data   [14]int8
+}
+
+type RawSockaddrAny struct {
+	Addr RawSockaddr
+	Pad  [92]int8
+}
+
+type _Socklen uint32
+
+type Linger struct {
+	Onoff  int32
+	Linger int32
+}
+
+type Iovec struct {
+	Base *byte
+	Len  uint32
+}
+
+type IPMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
+
+type IPv6Mreq struct {
+	Multiaddr [16]byte /* in6_addr */
+	Interface uint32
+}
+
+type Msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Iov        *Iovec
+	Iovlen     int32
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type Cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type Inet4Pktinfo struct {
+	Ifindex  uint32
+	Spec_dst [4]byte /* in_addr */
+	Addr     [4]byte /* in_addr */
+}
+
+type Inet6Pktinfo struct {
+	Addr    [16]byte /* in6_addr */
+	Ifindex uint32
+}
+
+type IPv6MTUInfo struct {
+	Addr RawSockaddrInet6
+	Mtu  uint32
+}
+
+type ICMPv6Filter struct {
+	Filt [8]uint32
+}
+
+const (
+	SizeofSockaddrInet4    = 0x10
+	SizeofSockaddrInet6    = 0x1c
+	SizeofSockaddrAny      = 0x6c
+	SizeofSockaddrUnix     = 0x6a
+	SizeofSockaddrDatalink = 0x14
+	SizeofLinger           = 0x8
+	SizeofIPMreq           = 0x8
+	SizeofIPv6Mreq         = 0x14
+	SizeofMsghdr           = 0x1c
+	SizeofCmsghdr          = 0xc
+	SizeofInet4Pktinfo     = 0xc
+	SizeofInet6Pktinfo     = 0x14
+	SizeofIPv6MTUInfo      = 0x20
+	SizeofICMPv6Filter     = 0x20
+)
+
+const (
+	PTRACE_TRACEME = 0x0
+	PTRACE_CONT    = 0x7
+	PTRACE_KILL    = 0x8
+)
+
+type Kevent_t struct {
+	Ident  uint32
+	Filter int16
+	Flags  uint16
+	Fflags uint32
+	Data   int32
+	Udata  *byte
+}
+
+type FdSet struct {
+	Bits [32]int32
+}
+
+const (
+	SizeofIfMsghdr    = 0x70
+	SizeofIfData      = 0x60
+	SizeofIfaMsghdr   = 0x14
+	SizeofIfmaMsghdr  = 0x10
+	SizeofIfmaMsghdr2 = 0x14
+	SizeofRtMsghdr    = 0x5c
+	SizeofRtMetrics   = 0x38
+)
+
+type IfMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Addrs   int32
+	Flags   int32
+	Index   uint16
+	_       [2]byte
+	Data    IfData
+}
+
+type IfData struct {
+	Type       uint8
+	Typelen    uint8
+	Physical   uint8
+	Addrlen    uint8
+	Hdrlen     uint8
+	Recvquota  uint8
+	Xmitquota  uint8
+	Unused1    uint8
+	Mtu        uint32
+	Metric     uint32
+	Baudrate   uint32
+	Ipackets   uint32
+	Ierrors    uint32
+	Opackets   uint32
+	Oerrors    uint32
+	Collisions uint32
+	Ibytes     uint32
+	Obytes     uint32
+	Imcasts    uint32
+	Omcasts    uint32
+	Iqdrops    uint32
+	Noproto    uint32
+	Recvtiming uint32
+	Xmittiming uint32
+	Lastchange Timeval
+	Unused2    uint32
+	Hwassist   uint32
+	Reserved1  uint32
+	Reserved2  uint32
+}
+
+type IfaMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Addrs   int32
+	Flags   int32
+	Index   uint16
+	_       [2]byte
+	Metric  int32
+}
+
+type IfmaMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Addrs   int32
+	Flags   int32
+	Index   uint16
+	_       [2]byte
+}
+
+type IfmaMsghdr2 struct {
+	Msglen   uint16
+	Version  uint8
+	Type     uint8
+	Addrs    int32
+	Flags    int32
+	Index    uint16
+	_        [2]byte
+	Refcount int32
+}
+
+type RtMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Index   uint16
+	_       [2]byte
+	Flags   int32
+	Addrs   int32
+	Pid     int32
+	Seq     int32
+	Errno   int32
+	Use     int32
+	Inits   uint32
+	Rmx     RtMetrics
+}
+
+type RtMetrics struct {
+	Locks    uint32
+	Mtu      uint32
+	Hopcount uint32
+	Expire   int32
+	Recvpipe uint32
+	Sendpipe uint32
+	Ssthresh uint32
+	Rtt      uint32
+	Rttvar   uint32
+	Pksent   uint32
+	Filler   [4]uint32
+}
+
+const (
+	SizeofBpfVersion = 0x4
+	SizeofBpfStat    = 0x8
+	SizeofBpfProgram = 0x8
+	SizeofBpfInsn    = 0x8
+	SizeofBpfHdr     = 0x14
+)
+
+type BpfVersion struct {
+	Major uint16
+	Minor uint16
+}
+
+type BpfStat struct {
+	Recv uint32
+	Drop uint32
+}
+
+type BpfProgram struct {
+	Len   uint32
+	Insns *BpfInsn
+}
+
+type BpfInsn struct {
+	Code uint16
+	Jt   uint8
+	Jf   uint8
+	K    uint32
+}
+
+type BpfHdr struct {
+	Tstamp  Timeval
+	Caplen  uint32
+	Datalen uint32
+	Hdrlen  uint16
+	_       [2]byte
+}
+
+type Termios struct {
+	Iflag  uint32
+	Oflag  uint32
+	Cflag  uint32
+	Lflag  uint32
+	Cc     [20]uint8
+	Ispeed uint32
+	Ospeed uint32
+}
+
+type Winsize struct {
+	Row    uint16
+	Col    uint16
+	Xpixel uint16
+	Ypixel uint16
+}
+
+const (
+	AT_FDCWD            = -0x2
+	AT_REMOVEDIR        = 0x80
+	AT_SYMLINK_FOLLOW   = 0x40
+	AT_SYMLINK_NOFOLLOW = 0x20
+)
+
+type PollFd struct {
+	Fd      int32
+	Events  int16
+	Revents int16
+}
+
+const (
+	POLLERR    = 0x8
+	POLLHUP    = 0x10
+	POLLIN     = 0x1
+	POLLNVAL   = 0x20
+	POLLOUT    = 0x4
+	POLLPRI    = 0x2
+	POLLRDBAND = 0x80
+	POLLRDNORM = 0x40
+	POLLWRBAND = 0x100
+	POLLWRNORM = 0x4
+)
+
+type Utsname struct {
+	Sysname  [256]byte
+	Nodename [256]byte
+	Release  [256]byte
+	Version  [256]byte
+	Machine  [256]byte
+}
+
+const SizeofClockinfo = 0x14
+
+type Clockinfo struct {
+	Hz      int32
+	Tick    int32
+	Tickadj int32
+	Stathz  int32
+	Profhz  int32
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go
new file mode 100644
index 000000000..e6576d1c4
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go
@@ -0,0 +1,513 @@
+// cgo -godefs types_darwin.go | go run mkpost.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build amd64,darwin
+
+package unix
+
+const (
+	SizeofPtr      = 0x8
+	SizeofShort    = 0x2
+	SizeofInt      = 0x4
+	SizeofLong     = 0x8
+	SizeofLongLong = 0x8
+)
+
+type (
+	_C_short     int16
+	_C_int       int32
+	_C_long      int64
+	_C_long_long int64
+)
+
+type Timespec struct {
+	Sec  int64
+	Nsec int64
+}
+
+type Timeval struct {
+	Sec  int64
+	Usec int32
+	_    [4]byte
+}
+
+type Timeval32 struct {
+	Sec  int32
+	Usec int32
+}
+
+type Rusage struct {
+	Utime    Timeval
+	Stime    Timeval
+	Maxrss   int64
+	Ixrss    int64
+	Idrss    int64
+	Isrss    int64
+	Minflt   int64
+	Majflt   int64
+	Nswap    int64
+	Inblock  int64
+	Oublock  int64
+	Msgsnd   int64
+	Msgrcv   int64
+	Nsignals int64
+	Nvcsw    int64
+	Nivcsw   int64
+}
+
+type Rlimit struct {
+	Cur uint64
+	Max uint64
+}
+
+type _Gid_t uint32
+
+type Stat_t struct {
+	Dev     int32
+	Mode    uint16
+	Nlink   uint16
+	Ino     uint64
+	Uid     uint32
+	Gid     uint32
+	Rdev    int32
+	_       [4]byte
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	Btim    Timespec
+	Size    int64
+	Blocks  int64
+	Blksize int32
+	Flags   uint32
+	Gen     uint32
+	Lspare  int32
+	Qspare  [2]int64
+}
+
+type Statfs_t struct {
+	Bsize       uint32
+	Iosize      int32
+	Blocks      uint64
+	Bfree       uint64
+	Bavail      uint64
+	Files       uint64
+	Ffree       uint64
+	Fsid        Fsid
+	Owner       uint32
+	Type        uint32
+	Flags       uint32
+	Fssubtype   uint32
+	Fstypename  [16]int8
+	Mntonname   [1024]int8
+	Mntfromname [1024]int8
+	Reserved    [8]uint32
+}
+
+type Flock_t struct {
+	Start  int64
+	Len    int64
+	Pid    int32
+	Type   int16
+	Whence int16
+}
+
+type Fstore_t struct {
+	Flags      uint32
+	Posmode    int32
+	Offset     int64
+	Length     int64
+	Bytesalloc int64
+}
+
+type Radvisory_t struct {
+	Offset int64
+	Count  int32
+	_      [4]byte
+}
+
+type Fbootstraptransfer_t struct {
+	Offset int64
+	Length uint64
+	Buffer *byte
+}
+
+type Log2phys_t struct {
+	Flags uint32
+	_     [8]byte
+	_     [8]byte
+}
+
+type Fsid struct {
+	Val [2]int32
+}
+
+type Dirent struct {
+	Ino     uint64
+	Seekoff uint64
+	Reclen  uint16
+	Namlen  uint16
+	Type    uint8
+	Name    [1024]int8
+	_       [3]byte
+}
+
+const (
+	PathMax = 0x400
+)
+
+type RawSockaddrInet4 struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]int8
+}
+
+type RawSockaddrInet6 struct {
+	Len      uint8
+	Family   uint8
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+type RawSockaddrUnix struct {
+	Len    uint8
+	Family uint8
+	Path   [104]int8
+}
+
+type RawSockaddrDatalink struct {
+	Len    uint8
+	Family uint8
+	Index  uint16
+	Type   uint8
+	Nlen   uint8
+	Alen   uint8
+	Slen   uint8
+	Data   [12]int8
+}
+
+type RawSockaddr struct {
+	Len    uint8
+	Family uint8
+	Data   [14]int8
+}
+
+type RawSockaddrAny struct {
+	Addr RawSockaddr
+	Pad  [92]int8
+}
+
+type _Socklen uint32
+
+type Linger struct {
+	Onoff  int32
+	Linger int32
+}
+
+type Iovec struct {
+	Base *byte
+	Len  uint64
+}
+
+type IPMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
+
+type IPv6Mreq struct {
+	Multiaddr [16]byte /* in6_addr */
+	Interface uint32
+}
+
+type Msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	_          [4]byte
+	Iov        *Iovec
+	Iovlen     int32
+	_          [4]byte
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type Cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type Inet4Pktinfo struct {
+	Ifindex  uint32
+	Spec_dst [4]byte /* in_addr */
+	Addr     [4]byte /* in_addr */
+}
+
+type Inet6Pktinfo struct {
+	Addr    [16]byte /* in6_addr */
+	Ifindex uint32
+}
+
+type IPv6MTUInfo struct {
+	Addr RawSockaddrInet6
+	Mtu  uint32
+}
+
+type ICMPv6Filter struct {
+	Filt [8]uint32
+}
+
+const (
+	SizeofSockaddrInet4    = 0x10
+	SizeofSockaddrInet6    = 0x1c
+	SizeofSockaddrAny      = 0x6c
+	SizeofSockaddrUnix     = 0x6a
+	SizeofSockaddrDatalink = 0x14
+	SizeofLinger           = 0x8
+	SizeofIPMreq           = 0x8
+	SizeofIPv6Mreq         = 0x14
+	SizeofMsghdr           = 0x30
+	SizeofCmsghdr          = 0xc
+	SizeofInet4Pktinfo     = 0xc
+	SizeofInet6Pktinfo     = 0x14
+	SizeofIPv6MTUInfo      = 0x20
+	SizeofICMPv6Filter     = 0x20
+)
+
+const (
+	PTRACE_TRACEME = 0x0
+	PTRACE_CONT    = 0x7
+	PTRACE_KILL    = 0x8
+)
+
+type Kevent_t struct {
+	Ident  uint64
+	Filter int16
+	Flags  uint16
+	Fflags uint32
+	Data   int64
+	Udata  *byte
+}
+
+type FdSet struct {
+	Bits [32]int32
+}
+
+const (
+	SizeofIfMsghdr    = 0x70
+	SizeofIfData      = 0x60
+	SizeofIfaMsghdr   = 0x14
+	SizeofIfmaMsghdr  = 0x10
+	SizeofIfmaMsghdr2 = 0x14
+	SizeofRtMsghdr    = 0x5c
+	SizeofRtMetrics   = 0x38
+)
+
+type IfMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Addrs   int32
+	Flags   int32
+	Index   uint16
+	_       [2]byte
+	Data    IfData
+}
+
+type IfData struct {
+	Type       uint8
+	Typelen    uint8
+	Physical   uint8
+	Addrlen    uint8
+	Hdrlen     uint8
+	Recvquota  uint8
+	Xmitquota  uint8
+	Unused1    uint8
+	Mtu        uint32
+	Metric     uint32
+	Baudrate   uint32
+	Ipackets   uint32
+	Ierrors    uint32
+	Opackets   uint32
+	Oerrors    uint32
+	Collisions uint32
+	Ibytes     uint32
+	Obytes     uint32
+	Imcasts    uint32
+	Omcasts    uint32
+	Iqdrops    uint32
+	Noproto    uint32
+	Recvtiming uint32
+	Xmittiming uint32
+	Lastchange Timeval32
+	Unused2    uint32
+	Hwassist   uint32
+	Reserved1  uint32
+	Reserved2  uint32
+}
+
+type IfaMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Addrs   int32
+	Flags   int32
+	Index   uint16
+	_       [2]byte
+	Metric  int32
+}
+
+type IfmaMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Addrs   int32
+	Flags   int32
+	Index   uint16
+	_       [2]byte
+}
+
+type IfmaMsghdr2 struct {
+	Msglen   uint16
+	Version  uint8
+	Type     uint8
+	Addrs    int32
+	Flags    int32
+	Index    uint16
+	_        [2]byte
+	Refcount int32
+}
+
+type RtMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Index   uint16
+	_       [2]byte
+	Flags   int32
+	Addrs   int32
+	Pid     int32
+	Seq     int32
+	Errno   int32
+	Use     int32
+	Inits   uint32
+	Rmx     RtMetrics
+}
+
+type RtMetrics struct {
+	Locks    uint32
+	Mtu      uint32
+	Hopcount uint32
+	Expire   int32
+	Recvpipe uint32
+	Sendpipe uint32
+	Ssthresh uint32
+	Rtt      uint32
+	Rttvar   uint32
+	Pksent   uint32
+	Filler   [4]uint32
+}
+
+const (
+	SizeofBpfVersion = 0x4
+	SizeofBpfStat    = 0x8
+	SizeofBpfProgram = 0x10
+	SizeofBpfInsn    = 0x8
+	SizeofBpfHdr     = 0x14
+)
+
+type BpfVersion struct {
+	Major uint16
+	Minor uint16
+}
+
+type BpfStat struct {
+	Recv uint32
+	Drop uint32
+}
+
+type BpfProgram struct {
+	Len   uint32
+	_     [4]byte
+	Insns *BpfInsn
+}
+
+type BpfInsn struct {
+	Code uint16
+	Jt   uint8
+	Jf   uint8
+	K    uint32
+}
+
+type BpfHdr struct {
+	Tstamp  Timeval32
+	Caplen  uint32
+	Datalen uint32
+	Hdrlen  uint16
+	_       [2]byte
+}
+
+type Termios struct {
+	Iflag  uint64
+	Oflag  uint64
+	Cflag  uint64
+	Lflag  uint64
+	Cc     [20]uint8
+	_      [4]byte
+	Ispeed uint64
+	Ospeed uint64
+}
+
+type Winsize struct {
+	Row    uint16
+	Col    uint16
+	Xpixel uint16
+	Ypixel uint16
+}
+
+const (
+	AT_FDCWD            = -0x2
+	AT_REMOVEDIR        = 0x80
+	AT_SYMLINK_FOLLOW   = 0x40
+	AT_SYMLINK_NOFOLLOW = 0x20
+)
+
+type PollFd struct {
+	Fd      int32
+	Events  int16
+	Revents int16
+}
+
+const (
+	POLLERR    = 0x8
+	POLLHUP    = 0x10
+	POLLIN     = 0x1
+	POLLNVAL   = 0x20
+	POLLOUT    = 0x4
+	POLLPRI    = 0x2
+	POLLRDBAND = 0x80
+	POLLRDNORM = 0x40
+	POLLWRBAND = 0x100
+	POLLWRNORM = 0x4
+)
+
+type Utsname struct {
+	Sysname  [256]byte
+	Nodename [256]byte
+	Release  [256]byte
+	Version  [256]byte
+	Machine  [256]byte
+}
+
+const SizeofClockinfo = 0x14
+
+type Clockinfo struct {
+	Hz      int32
+	Tick    int32
+	Tickadj int32
+	Stathz  int32
+	Profhz  int32
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_darwin_arm.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_darwin_arm.go
new file mode 100644
index 000000000..af9560fa1
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_darwin_arm.go
@@ -0,0 +1,504 @@
+// NOTE: cgo can't generate struct Stat_t and struct Statfs_t yet
+// Created by cgo -godefs - DO NOT EDIT
+// cgo -godefs types_darwin.go
+
+// +build arm,darwin
+
+package unix
+
+const (
+	SizeofPtr      = 0x4
+	SizeofShort    = 0x2
+	SizeofInt      = 0x4
+	SizeofLong     = 0x4
+	SizeofLongLong = 0x8
+)
+
+type (
+	_C_short     int16
+	_C_int       int32
+	_C_long      int32
+	_C_long_long int64
+)
+
+type Timespec struct {
+	Sec  int32
+	Nsec int32
+}
+
+type Timeval struct {
+	Sec  int32
+	Usec int32
+}
+
+type Timeval32 [0]byte
+
+type Rusage struct {
+	Utime    Timeval
+	Stime    Timeval
+	Maxrss   int32
+	Ixrss    int32
+	Idrss    int32
+	Isrss    int32
+	Minflt   int32
+	Majflt   int32
+	Nswap    int32
+	Inblock  int32
+	Oublock  int32
+	Msgsnd   int32
+	Msgrcv   int32
+	Nsignals int32
+	Nvcsw    int32
+	Nivcsw   int32
+}
+
+type Rlimit struct {
+	Cur uint64
+	Max uint64
+}
+
+type _Gid_t uint32
+
+type Stat_t struct {
+	Dev     int32
+	Mode    uint16
+	Nlink   uint16
+	Ino     uint64
+	Uid     uint32
+	Gid     uint32
+	Rdev    int32
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	Btim    Timespec
+	Size    int64
+	Blocks  int64
+	Blksize int32
+	Flags   uint32
+	Gen     uint32
+	Lspare  int32
+	Qspare  [2]int64
+}
+
+type Statfs_t struct {
+	Bsize       uint32
+	Iosize      int32
+	Blocks      uint64
+	Bfree       uint64
+	Bavail      uint64
+	Files       uint64
+	Ffree       uint64
+	Fsid        Fsid
+	Owner       uint32
+	Type        uint32
+	Flags       uint32
+	Fssubtype   uint32
+	Fstypename  [16]int8
+	Mntonname   [1024]int8
+	Mntfromname [1024]int8
+	Reserved    [8]uint32
+}
+
+type Flock_t struct {
+	Start  int64
+	Len    int64
+	Pid    int32
+	Type   int16
+	Whence int16
+}
+
+type Fstore_t struct {
+	Flags      uint32
+	Posmode    int32
+	Offset     int64
+	Length     int64
+	Bytesalloc int64
+}
+
+type Radvisory_t struct {
+	Offset int64
+	Count  int32
+}
+
+type Fbootstraptransfer_t struct {
+	Offset int64
+	Length uint32
+	Buffer *byte
+}
+
+type Log2phys_t struct {
+	Flags       uint32
+	Contigbytes int64
+	Devoffset   int64
+}
+
+type Fsid struct {
+	Val [2]int32
+}
+
+type Dirent struct {
+	Ino     uint64
+	Seekoff uint64
+	Reclen  uint16
+	Namlen  uint16
+	Type    uint8
+	Name    [1024]int8
+	_       [3]byte
+}
+
+const (
+	PathMax = 0x400
+)
+
+type RawSockaddrInet4 struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]int8
+}
+
+type RawSockaddrInet6 struct {
+	Len      uint8
+	Family   uint8
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+type RawSockaddrUnix struct {
+	Len    uint8
+	Family uint8
+	Path   [104]int8
+}
+
+type RawSockaddrDatalink struct {
+	Len    uint8
+	Family uint8
+	Index  uint16
+	Type   uint8
+	Nlen   uint8
+	Alen   uint8
+	Slen   uint8
+	Data   [12]int8
+}
+
+type RawSockaddr struct {
+	Len    uint8
+	Family uint8
+	Data   [14]int8
+}
+
+type RawSockaddrAny struct {
+	Addr RawSockaddr
+	Pad  [92]int8
+}
+
+type _Socklen uint32
+
+type Linger struct {
+	Onoff  int32
+	Linger int32
+}
+
+type Iovec struct {
+	Base *byte
+	Len  uint32
+}
+
+type IPMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
+
+type IPv6Mreq struct {
+	Multiaddr [16]byte /* in6_addr */
+	Interface uint32
+}
+
+type Msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Iov        *Iovec
+	Iovlen     int32
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type Cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type Inet4Pktinfo struct {
+	Ifindex  uint32
+	Spec_dst [4]byte /* in_addr */
+	Addr     [4]byte /* in_addr */
+}
+
+type Inet6Pktinfo struct {
+	Addr    [16]byte /* in6_addr */
+	Ifindex uint32
+}
+
+type IPv6MTUInfo struct {
+	Addr RawSockaddrInet6
+	Mtu  uint32
+}
+
+type ICMPv6Filter struct {
+	Filt [8]uint32
+}
+
+const (
+	SizeofSockaddrInet4    = 0x10
+	SizeofSockaddrInet6    = 0x1c
+	SizeofSockaddrAny      = 0x6c
+	SizeofSockaddrUnix     = 0x6a
+	SizeofSockaddrDatalink = 0x14
+	SizeofLinger           = 0x8
+	SizeofIPMreq           = 0x8
+	SizeofIPv6Mreq         = 0x14
+	SizeofMsghdr           = 0x1c
+	SizeofCmsghdr          = 0xc
+	SizeofInet4Pktinfo     = 0xc
+	SizeofInet6Pktinfo     = 0x14
+	SizeofIPv6MTUInfo      = 0x20
+	SizeofICMPv6Filter     = 0x20
+)
+
+const (
+	PTRACE_TRACEME = 0x0
+	PTRACE_CONT    = 0x7
+	PTRACE_KILL    = 0x8
+)
+
+type Kevent_t struct {
+	Ident  uint32
+	Filter int16
+	Flags  uint16
+	Fflags uint32
+	Data   int32
+	Udata  *byte
+}
+
+type FdSet struct {
+	Bits [32]int32
+}
+
+const (
+	SizeofIfMsghdr    = 0x70
+	SizeofIfData      = 0x60
+	SizeofIfaMsghdr   = 0x14
+	SizeofIfmaMsghdr  = 0x10
+	SizeofIfmaMsghdr2 = 0x14
+	SizeofRtMsghdr    = 0x5c
+	SizeofRtMetrics   = 0x38
+)
+
+type IfMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Addrs   int32
+	Flags   int32
+	Index   uint16
+	_       [2]byte
+	Data    IfData
+}
+
+type IfData struct {
+	Type       uint8
+	Typelen    uint8
+	Physical   uint8
+	Addrlen    uint8
+	Hdrlen     uint8
+	Recvquota  uint8
+	Xmitquota  uint8
+	Unused1    uint8
+	Mtu        uint32
+	Metric     uint32
+	Baudrate   uint32
+	Ipackets   uint32
+	Ierrors    uint32
+	Opackets   uint32
+	Oerrors    uint32
+	Collisions uint32
+	Ibytes     uint32
+	Obytes     uint32
+	Imcasts    uint32
+	Omcasts    uint32
+	Iqdrops    uint32
+	Noproto    uint32
+	Recvtiming uint32
+	Xmittiming uint32
+	Lastchange Timeval
+	Unused2    uint32
+	Hwassist   uint32
+	Reserved1  uint32
+	Reserved2  uint32
+}
+
+type IfaMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Addrs   int32
+	Flags   int32
+	Index   uint16
+	_       [2]byte
+	Metric  int32
+}
+
+type IfmaMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Addrs   int32
+	Flags   int32
+	Index   uint16
+	_       [2]byte
+}
+
+type IfmaMsghdr2 struct {
+	Msglen   uint16
+	Version  uint8
+	Type     uint8
+	Addrs    int32
+	Flags    int32
+	Index    uint16
+	_        [2]byte
+	Refcount int32
+}
+
+type RtMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Index   uint16
+	_       [2]byte
+	Flags   int32
+	Addrs   int32
+	Pid     int32
+	Seq     int32
+	Errno   int32
+	Use     int32
+	Inits   uint32
+	Rmx     RtMetrics
+}
+
+type RtMetrics struct {
+	Locks    uint32
+	Mtu      uint32
+	Hopcount uint32
+	Expire   int32
+	Recvpipe uint32
+	Sendpipe uint32
+	Ssthresh uint32
+	Rtt      uint32
+	Rttvar   uint32
+	Pksent   uint32
+	Filler   [4]uint32
+}
+
+const (
+	SizeofBpfVersion = 0x4
+	SizeofBpfStat    = 0x8
+	SizeofBpfProgram = 0x8
+	SizeofBpfInsn    = 0x8
+	SizeofBpfHdr     = 0x14
+)
+
+type BpfVersion struct {
+	Major uint16
+	Minor uint16
+}
+
+type BpfStat struct {
+	Recv uint32
+	Drop uint32
+}
+
+type BpfProgram struct {
+	Len   uint32
+	Insns *BpfInsn
+}
+
+type BpfInsn struct {
+	Code uint16
+	Jt   uint8
+	Jf   uint8
+	K    uint32
+}
+
+type BpfHdr struct {
+	Tstamp  Timeval
+	Caplen  uint32
+	Datalen uint32
+	Hdrlen  uint16
+	_       [2]byte
+}
+
+type Termios struct {
+	Iflag  uint32
+	Oflag  uint32
+	Cflag  uint32
+	Lflag  uint32
+	Cc     [20]uint8
+	Ispeed uint32
+	Ospeed uint32
+}
+
+type Winsize struct {
+	Row    uint16
+	Col    uint16
+	Xpixel uint16
+	Ypixel uint16
+}
+
+const (
+	AT_FDCWD            = -0x2
+	AT_REMOVEDIR        = 0x80
+	AT_SYMLINK_FOLLOW   = 0x40
+	AT_SYMLINK_NOFOLLOW = 0x20
+)
+
+type PollFd struct {
+	Fd      int32
+	Events  int16
+	Revents int16
+}
+
+const (
+	POLLERR    = 0x8
+	POLLHUP    = 0x10
+	POLLIN     = 0x1
+	POLLNVAL   = 0x20
+	POLLOUT    = 0x4
+	POLLPRI    = 0x2
+	POLLRDBAND = 0x80
+	POLLRDNORM = 0x40
+	POLLWRBAND = 0x100
+	POLLWRNORM = 0x4
+)
+
+type Utsname struct {
+	Sysname  [256]byte
+	Nodename [256]byte
+	Release  [256]byte
+	Version  [256]byte
+	Machine  [256]byte
+}
+
+const SizeofClockinfo = 0x14
+
+type Clockinfo struct {
+	Hz      int32
+	Tick    int32
+	Tickadj int32
+	Stathz  int32
+	Profhz  int32
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go
new file mode 100644
index 000000000..a09c0f942
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go
@@ -0,0 +1,513 @@
+// cgo -godefs types_darwin.go | go run mkpost.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build arm64,darwin
+
+package unix
+
+const (
+	SizeofPtr      = 0x8
+	SizeofShort    = 0x2
+	SizeofInt      = 0x4
+	SizeofLong     = 0x8
+	SizeofLongLong = 0x8
+)
+
+type (
+	_C_short     int16
+	_C_int       int32
+	_C_long      int64
+	_C_long_long int64
+)
+
+type Timespec struct {
+	Sec  int64
+	Nsec int64
+}
+
+type Timeval struct {
+	Sec  int64
+	Usec int32
+	_    [4]byte
+}
+
+type Timeval32 struct {
+	Sec  int32
+	Usec int32
+}
+
+type Rusage struct {
+	Utime    Timeval
+	Stime    Timeval
+	Maxrss   int64
+	Ixrss    int64
+	Idrss    int64
+	Isrss    int64
+	Minflt   int64
+	Majflt   int64
+	Nswap    int64
+	Inblock  int64
+	Oublock  int64
+	Msgsnd   int64
+	Msgrcv   int64
+	Nsignals int64
+	Nvcsw    int64
+	Nivcsw   int64
+}
+
+type Rlimit struct {
+	Cur uint64
+	Max uint64
+}
+
+type _Gid_t uint32
+
+type Stat_t struct {
+	Dev     int32
+	Mode    uint16
+	Nlink   uint16
+	Ino     uint64
+	Uid     uint32
+	Gid     uint32
+	Rdev    int32
+	_       [4]byte
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	Btim    Timespec
+	Size    int64
+	Blocks  int64
+	Blksize int32
+	Flags   uint32
+	Gen     uint32
+	Lspare  int32
+	Qspare  [2]int64
+}
+
+type Statfs_t struct {
+	Bsize       uint32
+	Iosize      int32
+	Blocks      uint64
+	Bfree       uint64
+	Bavail      uint64
+	Files       uint64
+	Ffree       uint64
+	Fsid        Fsid
+	Owner       uint32
+	Type        uint32
+	Flags       uint32
+	Fssubtype   uint32
+	Fstypename  [16]int8
+	Mntonname   [1024]int8
+	Mntfromname [1024]int8
+	Reserved    [8]uint32
+}
+
+type Flock_t struct {
+	Start  int64
+	Len    int64
+	Pid    int32
+	Type   int16
+	Whence int16
+}
+
+type Fstore_t struct {
+	Flags      uint32
+	Posmode    int32
+	Offset     int64
+	Length     int64
+	Bytesalloc int64
+}
+
+type Radvisory_t struct {
+	Offset int64
+	Count  int32
+	_      [4]byte
+}
+
+type Fbootstraptransfer_t struct {
+	Offset int64
+	Length uint64
+	Buffer *byte
+}
+
+type Log2phys_t struct {
+	Flags uint32
+	_     [8]byte
+	_     [8]byte
+}
+
+type Fsid struct {
+	Val [2]int32
+}
+
+type Dirent struct {
+	Ino     uint64
+	Seekoff uint64
+	Reclen  uint16
+	Namlen  uint16
+	Type    uint8
+	Name    [1024]int8
+	_       [3]byte
+}
+
+const (
+	PathMax = 0x400
+)
+
+type RawSockaddrInet4 struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]int8
+}
+
+type RawSockaddrInet6 struct {
+	Len      uint8
+	Family   uint8
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+type RawSockaddrUnix struct {
+	Len    uint8
+	Family uint8
+	Path   [104]int8
+}
+
+type RawSockaddrDatalink struct {
+	Len    uint8
+	Family uint8
+	Index  uint16
+	Type   uint8
+	Nlen   uint8
+	Alen   uint8
+	Slen   uint8
+	Data   [12]int8
+}
+
+type RawSockaddr struct {
+	Len    uint8
+	Family uint8
+	Data   [14]int8
+}
+
+type RawSockaddrAny struct {
+	Addr RawSockaddr
+	Pad  [92]int8
+}
+
+type _Socklen uint32
+
+type Linger struct {
+	Onoff  int32
+	Linger int32
+}
+
+type Iovec struct {
+	Base *byte
+	Len  uint64
+}
+
+type IPMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
+
+type IPv6Mreq struct {
+	Multiaddr [16]byte /* in6_addr */
+	Interface uint32
+}
+
+type Msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	_          [4]byte
+	Iov        *Iovec
+	Iovlen     int32
+	_          [4]byte
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type Cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type Inet4Pktinfo struct {
+	Ifindex  uint32
+	Spec_dst [4]byte /* in_addr */
+	Addr     [4]byte /* in_addr */
+}
+
+type Inet6Pktinfo struct {
+	Addr    [16]byte /* in6_addr */
+	Ifindex uint32
+}
+
+type IPv6MTUInfo struct {
+	Addr RawSockaddrInet6
+	Mtu  uint32
+}
+
+type ICMPv6Filter struct {
+	Filt [8]uint32
+}
+
+const (
+	SizeofSockaddrInet4    = 0x10
+	SizeofSockaddrInet6    = 0x1c
+	SizeofSockaddrAny      = 0x6c
+	SizeofSockaddrUnix     = 0x6a
+	SizeofSockaddrDatalink = 0x14
+	SizeofLinger           = 0x8
+	SizeofIPMreq           = 0x8
+	SizeofIPv6Mreq         = 0x14
+	SizeofMsghdr           = 0x30
+	SizeofCmsghdr          = 0xc
+	SizeofInet4Pktinfo     = 0xc
+	SizeofInet6Pktinfo     = 0x14
+	SizeofIPv6MTUInfo      = 0x20
+	SizeofICMPv6Filter     = 0x20
+)
+
+const (
+	PTRACE_TRACEME = 0x0
+	PTRACE_CONT    = 0x7
+	PTRACE_KILL    = 0x8
+)
+
+type Kevent_t struct {
+	Ident  uint64
+	Filter int16
+	Flags  uint16
+	Fflags uint32
+	Data   int64
+	Udata  *byte
+}
+
+type FdSet struct {
+	Bits [32]int32
+}
+
+const (
+	SizeofIfMsghdr    = 0x70
+	SizeofIfData      = 0x60
+	SizeofIfaMsghdr   = 0x14
+	SizeofIfmaMsghdr  = 0x10
+	SizeofIfmaMsghdr2 = 0x14
+	SizeofRtMsghdr    = 0x5c
+	SizeofRtMetrics   = 0x38
+)
+
+type IfMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Addrs   int32
+	Flags   int32
+	Index   uint16
+	_       [2]byte
+	Data    IfData
+}
+
+type IfData struct {
+	Type       uint8
+	Typelen    uint8
+	Physical   uint8
+	Addrlen    uint8
+	Hdrlen     uint8
+	Recvquota  uint8
+	Xmitquota  uint8
+	Unused1    uint8
+	Mtu        uint32
+	Metric     uint32
+	Baudrate   uint32
+	Ipackets   uint32
+	Ierrors    uint32
+	Opackets   uint32
+	Oerrors    uint32
+	Collisions uint32
+	Ibytes     uint32
+	Obytes     uint32
+	Imcasts    uint32
+	Omcasts    uint32
+	Iqdrops    uint32
+	Noproto    uint32
+	Recvtiming uint32
+	Xmittiming uint32
+	Lastchange Timeval32
+	Unused2    uint32
+	Hwassist   uint32
+	Reserved1  uint32
+	Reserved2  uint32
+}
+
+type IfaMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Addrs   int32
+	Flags   int32
+	Index   uint16
+	_       [2]byte
+	Metric  int32
+}
+
+type IfmaMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Addrs   int32
+	Flags   int32
+	Index   uint16
+	_       [2]byte
+}
+
+type IfmaMsghdr2 struct {
+	Msglen   uint16
+	Version  uint8
+	Type     uint8
+	Addrs    int32
+	Flags    int32
+	Index    uint16
+	_        [2]byte
+	Refcount int32
+}
+
+type RtMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Index   uint16
+	_       [2]byte
+	Flags   int32
+	Addrs   int32
+	Pid     int32
+	Seq     int32
+	Errno   int32
+	Use     int32
+	Inits   uint32
+	Rmx     RtMetrics
+}
+
+type RtMetrics struct {
+	Locks    uint32
+	Mtu      uint32
+	Hopcount uint32
+	Expire   int32
+	Recvpipe uint32
+	Sendpipe uint32
+	Ssthresh uint32
+	Rtt      uint32
+	Rttvar   uint32
+	Pksent   uint32
+	Filler   [4]uint32
+}
+
+const (
+	SizeofBpfVersion = 0x4
+	SizeofBpfStat    = 0x8
+	SizeofBpfProgram = 0x10
+	SizeofBpfInsn    = 0x8
+	SizeofBpfHdr     = 0x14
+)
+
+type BpfVersion struct {
+	Major uint16
+	Minor uint16
+}
+
+type BpfStat struct {
+	Recv uint32
+	Drop uint32
+}
+
+type BpfProgram struct {
+	Len   uint32
+	_     [4]byte
+	Insns *BpfInsn
+}
+
+type BpfInsn struct {
+	Code uint16
+	Jt   uint8
+	Jf   uint8
+	K    uint32
+}
+
+type BpfHdr struct {
+	Tstamp  Timeval32
+	Caplen  uint32
+	Datalen uint32
+	Hdrlen  uint16
+	_       [2]byte
+}
+
+type Termios struct {
+	Iflag  uint64
+	Oflag  uint64
+	Cflag  uint64
+	Lflag  uint64
+	Cc     [20]uint8
+	_      [4]byte
+	Ispeed uint64
+	Ospeed uint64
+}
+
+type Winsize struct {
+	Row    uint16
+	Col    uint16
+	Xpixel uint16
+	Ypixel uint16
+}
+
+const (
+	AT_FDCWD            = -0x2
+	AT_REMOVEDIR        = 0x80
+	AT_SYMLINK_FOLLOW   = 0x40
+	AT_SYMLINK_NOFOLLOW = 0x20
+)
+
+type PollFd struct {
+	Fd      int32
+	Events  int16
+	Revents int16
+}
+
+const (
+	POLLERR    = 0x8
+	POLLHUP    = 0x10
+	POLLIN     = 0x1
+	POLLNVAL   = 0x20
+	POLLOUT    = 0x4
+	POLLPRI    = 0x2
+	POLLRDBAND = 0x80
+	POLLRDNORM = 0x40
+	POLLWRBAND = 0x100
+	POLLWRNORM = 0x4
+)
+
+type Utsname struct {
+	Sysname  [256]byte
+	Nodename [256]byte
+	Release  [256]byte
+	Version  [256]byte
+	Machine  [256]byte
+}
+
+const SizeofClockinfo = 0x14
+
+type Clockinfo struct {
+	Hz      int32
+	Tick    int32
+	Tickadj int32
+	Stathz  int32
+	Profhz  int32
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_dragonfly_amd64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_dragonfly_amd64.go
new file mode 100644
index 000000000..71ea1d6d2
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_dragonfly_amd64.go
@@ -0,0 +1,479 @@
+// cgo -godefs types_dragonfly.go | go run mkpost.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build amd64,dragonfly
+
+package unix
+
+const (
+	SizeofPtr      = 0x8
+	SizeofShort    = 0x2
+	SizeofInt      = 0x4
+	SizeofLong     = 0x8
+	SizeofLongLong = 0x8
+)
+
+type (
+	_C_short     int16
+	_C_int       int32
+	_C_long      int64
+	_C_long_long int64
+)
+
+type Timespec struct {
+	Sec  int64
+	Nsec int64
+}
+
+type Timeval struct {
+	Sec  int64
+	Usec int64
+}
+
+type Rusage struct {
+	Utime    Timeval
+	Stime    Timeval
+	Maxrss   int64
+	Ixrss    int64
+	Idrss    int64
+	Isrss    int64
+	Minflt   int64
+	Majflt   int64
+	Nswap    int64
+	Inblock  int64
+	Oublock  int64
+	Msgsnd   int64
+	Msgrcv   int64
+	Nsignals int64
+	Nvcsw    int64
+	Nivcsw   int64
+}
+
+type Rlimit struct {
+	Cur int64
+	Max int64
+}
+
+type _Gid_t uint32
+
+type Stat_t struct {
+	Ino     uint64
+	Nlink   uint32
+	Dev     uint32
+	Mode    uint16
+	_1      uint16
+	Uid     uint32
+	Gid     uint32
+	Rdev    uint32
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	Size    int64
+	Blocks  int64
+	Blksize uint32
+	Flags   uint32
+	Gen     uint32
+	Lspare  int32
+	Qspare1 int64
+	Qspare2 int64
+}
+
+type Statfs_t struct {
+	Spare2      int64
+	Bsize       int64
+	Iosize      int64
+	Blocks      int64
+	Bfree       int64
+	Bavail      int64
+	Files       int64
+	Ffree       int64
+	Fsid        Fsid
+	Owner       uint32
+	Type        int32
+	Flags       int32
+	_           [4]byte
+	Syncwrites  int64
+	Asyncwrites int64
+	Fstypename  [16]int8
+	Mntonname   [80]int8
+	Syncreads   int64
+	Asyncreads  int64
+	Spares1     int16
+	Mntfromname [80]int8
+	Spares2     int16
+	_           [4]byte
+	Spare       [2]int64
+}
+
+type Flock_t struct {
+	Start  int64
+	Len    int64
+	Pid    int32
+	Type   int16
+	Whence int16
+}
+
+type Dirent struct {
+	Fileno  uint64
+	Namlen  uint16
+	Type    uint8
+	Unused1 uint8
+	Unused2 uint32
+	Name    [256]int8
+}
+
+type Fsid struct {
+	Val [2]int32
+}
+
+const (
+	PathMax = 0x400
+)
+
+type RawSockaddrInet4 struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]int8
+}
+
+type RawSockaddrInet6 struct {
+	Len      uint8
+	Family   uint8
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+type RawSockaddrUnix struct {
+	Len    uint8
+	Family uint8
+	Path   [104]int8
+}
+
+type RawSockaddrDatalink struct {
+	Len    uint8
+	Family uint8
+	Index  uint16
+	Type   uint8
+	Nlen   uint8
+	Alen   uint8
+	Slen   uint8
+	Data   [12]int8
+	Rcf    uint16
+	Route  [16]uint16
+}
+
+type RawSockaddr struct {
+	Len    uint8
+	Family uint8
+	Data   [14]int8
+}
+
+type RawSockaddrAny struct {
+	Addr RawSockaddr
+	Pad  [92]int8
+}
+
+type _Socklen uint32
+
+type Linger struct {
+	Onoff  int32
+	Linger int32
+}
+
+type Iovec struct {
+	Base *byte
+	Len  uint64
+}
+
+type IPMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
+
+type IPv6Mreq struct {
+	Multiaddr [16]byte /* in6_addr */
+	Interface uint32
+}
+
+type Msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	_          [4]byte
+	Iov        *Iovec
+	Iovlen     int32
+	_          [4]byte
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type Cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type Inet6Pktinfo struct {
+	Addr    [16]byte /* in6_addr */
+	Ifindex uint32
+}
+
+type IPv6MTUInfo struct {
+	Addr RawSockaddrInet6
+	Mtu  uint32
+}
+
+type ICMPv6Filter struct {
+	Filt [8]uint32
+}
+
+const (
+	SizeofSockaddrInet4    = 0x10
+	SizeofSockaddrInet6    = 0x1c
+	SizeofSockaddrAny      = 0x6c
+	SizeofSockaddrUnix     = 0x6a
+	SizeofSockaddrDatalink = 0x36
+	SizeofLinger           = 0x8
+	SizeofIPMreq           = 0x8
+	SizeofIPv6Mreq         = 0x14
+	SizeofMsghdr           = 0x30
+	SizeofCmsghdr          = 0xc
+	SizeofInet6Pktinfo     = 0x14
+	SizeofIPv6MTUInfo      = 0x20
+	SizeofICMPv6Filter     = 0x20
+)
+
+const (
+	PTRACE_TRACEME = 0x0
+	PTRACE_CONT    = 0x7
+	PTRACE_KILL    = 0x8
+)
+
+type Kevent_t struct {
+	Ident  uint64
+	Filter int16
+	Flags  uint16
+	Fflags uint32
+	Data   int64
+	Udata  *byte
+}
+
+type FdSet struct {
+	Bits [16]uint64
+}
+
+const (
+	SizeofIfMsghdr         = 0xb0
+	SizeofIfData           = 0xa0
+	SizeofIfaMsghdr        = 0x14
+	SizeofIfmaMsghdr       = 0x10
+	SizeofIfAnnounceMsghdr = 0x18
+	SizeofRtMsghdr         = 0x98
+	SizeofRtMetrics        = 0x70
+)
+
+type IfMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Addrs   int32
+	Flags   int32
+	Index   uint16
+	_       [2]byte
+	Data    IfData
+}
+
+type IfData struct {
+	Type       uint8
+	Physical   uint8
+	Addrlen    uint8
+	Hdrlen     uint8
+	Recvquota  uint8
+	Xmitquota  uint8
+	_          [2]byte
+	Mtu        uint64
+	Metric     uint64
+	Link_state uint64
+	Baudrate   uint64
+	Ipackets   uint64
+	Ierrors    uint64
+	Opackets   uint64
+	Oerrors    uint64
+	Collisions uint64
+	Ibytes     uint64
+	Obytes     uint64
+	Imcasts    uint64
+	Omcasts    uint64
+	Iqdrops    uint64
+	Noproto    uint64
+	Hwassist   uint64
+	Oqdrops    uint64
+	Lastchange Timeval
+}
+
+type IfaMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Addrs   int32
+	Flags   int32
+	Index   uint16
+	_       [2]byte
+	Metric  int32
+}
+
+type IfmaMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Addrs   int32
+	Flags   int32
+	Index   uint16
+	_       [2]byte
+}
+
+type IfAnnounceMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Index   uint16
+	Name    [16]int8
+	What    uint16
+}
+
+type RtMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Index   uint16
+	_       [2]byte
+	Flags   int32
+	Addrs   int32
+	Pid     int32
+	Seq     int32
+	Errno   int32
+	Use     int32
+	Inits   uint64
+	Rmx     RtMetrics
+}
+
+type RtMetrics struct {
+	Locks     uint64
+	Mtu       uint64
+	Pksent    uint64
+	Expire    uint64
+	Sendpipe  uint64
+	Ssthresh  uint64
+	Rtt       uint64
+	Rttvar    uint64
+	Recvpipe  uint64
+	Hopcount  uint64
+	Mssopt    uint16
+	Pad       uint16
+	_         [4]byte
+	Msl       uint64
+	Iwmaxsegs uint64
+	Iwcapsegs uint64
+}
+
+const (
+	SizeofBpfVersion = 0x4
+	SizeofBpfStat    = 0x8
+	SizeofBpfProgram = 0x10
+	SizeofBpfInsn    = 0x8
+	SizeofBpfHdr     = 0x20
+)
+
+type BpfVersion struct {
+	Major uint16
+	Minor uint16
+}
+
+type BpfStat struct {
+	Recv uint32
+	Drop uint32
+}
+
+type BpfProgram struct {
+	Len   uint32
+	_     [4]byte
+	Insns *BpfInsn
+}
+
+type BpfInsn struct {
+	Code uint16
+	Jt   uint8
+	Jf   uint8
+	K    uint32
+}
+
+type BpfHdr struct {
+	Tstamp  Timeval
+	Caplen  uint32
+	Datalen uint32
+	Hdrlen  uint16
+	_       [6]byte
+}
+
+type Termios struct {
+	Iflag  uint32
+	Oflag  uint32
+	Cflag  uint32
+	Lflag  uint32
+	Cc     [20]uint8
+	Ispeed uint32
+	Ospeed uint32
+}
+
+type Winsize struct {
+	Row    uint16
+	Col    uint16
+	Xpixel uint16
+	Ypixel uint16
+}
+
+const (
+	AT_FDCWD            = 0xfffafdcd
+	AT_SYMLINK_NOFOLLOW = 0x1
+)
+
+type PollFd struct {
+	Fd      int32
+	Events  int16
+	Revents int16
+}
+
+const (
+	POLLERR    = 0x8
+	POLLHUP    = 0x10
+	POLLIN     = 0x1
+	POLLNVAL   = 0x20
+	POLLOUT    = 0x4
+	POLLPRI    = 0x2
+	POLLRDBAND = 0x80
+	POLLRDNORM = 0x40
+	POLLWRBAND = 0x100
+	POLLWRNORM = 0x4
+)
+
+type Utsname struct {
+	Sysname  [32]byte
+	Nodename [32]byte
+	Release  [32]byte
+	Version  [32]byte
+	Machine  [32]byte
+}
+
+const SizeofClockinfo = 0x14
+
+type Clockinfo struct {
+	Hz      int32
+	Tick    int32
+	Tickadj int32
+	Stathz  int32
+	Profhz  int32
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go
new file mode 100644
index 000000000..2a3ec615f
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go
@@ -0,0 +1,709 @@
+// cgo -godefs types_freebsd.go | go run mkpost.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build 386,freebsd
+
+package unix
+
+const (
+	SizeofPtr      = 0x4
+	SizeofShort    = 0x2
+	SizeofInt      = 0x4
+	SizeofLong     = 0x4
+	SizeofLongLong = 0x8
+)
+
+type (
+	_C_short     int16
+	_C_int       int32
+	_C_long      int32
+	_C_long_long int64
+)
+
+type Timespec struct {
+	Sec  int32
+	Nsec int32
+}
+
+type Timeval struct {
+	Sec  int32
+	Usec int32
+}
+
+type Rusage struct {
+	Utime    Timeval
+	Stime    Timeval
+	Maxrss   int32
+	Ixrss    int32
+	Idrss    int32
+	Isrss    int32
+	Minflt   int32
+	Majflt   int32
+	Nswap    int32
+	Inblock  int32
+	Oublock  int32
+	Msgsnd   int32
+	Msgrcv   int32
+	Nsignals int32
+	Nvcsw    int32
+	Nivcsw   int32
+}
+
+type Rlimit struct {
+	Cur int64
+	Max int64
+}
+
+type _Gid_t uint32
+
+const (
+	_statfsVersion = 0x20140518
+	_dirblksiz     = 0x400
+)
+
+type Stat_t struct {
+	Dev     uint64
+	Ino     uint64
+	Nlink   uint64
+	Mode    uint16
+	_0      int16
+	Uid     uint32
+	Gid     uint32
+	_1      int32
+	Rdev    uint64
+	_       int32
+	Atim    Timespec
+	_       int32
+	Mtim    Timespec
+	_       int32
+	Ctim    Timespec
+	_       int32
+	Btim    Timespec
+	Size    int64
+	Blocks  int64
+	Blksize int32
+	Flags   uint32
+	Gen     uint64
+	Spare   [10]uint64
+}
+
+type stat_freebsd11_t struct {
+	Dev     uint32
+	Ino     uint32
+	Mode    uint16
+	Nlink   uint16
+	Uid     uint32
+	Gid     uint32
+	Rdev    uint32
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	Size    int64
+	Blocks  int64
+	Blksize int32
+	Flags   uint32
+	Gen     uint32
+	Lspare  int32
+	Btim    Timespec
+	_       [8]byte
+}
+
+type Statfs_t struct {
+	Version     uint32
+	Type        uint32
+	Flags       uint64
+	Bsize       uint64
+	Iosize      uint64
+	Blocks      uint64
+	Bfree       uint64
+	Bavail      int64
+	Files       uint64
+	Ffree       int64
+	Syncwrites  uint64
+	Asyncwrites uint64
+	Syncreads   uint64
+	Asyncreads  uint64
+	Spare       [10]uint64
+	Namemax     uint32
+	Owner       uint32
+	Fsid        Fsid
+	Charspare   [80]int8
+	Fstypename  [16]byte
+	Mntfromname [1024]byte
+	Mntonname   [1024]byte
+}
+
+type statfs_freebsd11_t struct {
+	Version     uint32
+	Type        uint32
+	Flags       uint64
+	Bsize       uint64
+	Iosize      uint64
+	Blocks      uint64
+	Bfree       uint64
+	Bavail      int64
+	Files       uint64
+	Ffree       int64
+	Syncwrites  uint64
+	Asyncwrites uint64
+	Syncreads   uint64
+	Asyncreads  uint64
+	Spare       [10]uint64
+	Namemax     uint32
+	Owner       uint32
+	Fsid        Fsid
+	Charspare   [80]int8
+	Fstypename  [16]byte
+	Mntfromname [88]byte
+	Mntonname   [88]byte
+}
+
+type Flock_t struct {
+	Start  int64
+	Len    int64
+	Pid    int32
+	Type   int16
+	Whence int16
+	Sysid  int32
+}
+
+type Dirent struct {
+	Fileno uint64
+	Off    int64
+	Reclen uint16
+	Type   uint8
+	Pad0   uint8
+	Namlen uint16
+	Pad1   uint16
+	Name   [256]int8
+}
+
+type dirent_freebsd11 struct {
+	Fileno uint32
+	Reclen uint16
+	Type   uint8
+	Namlen uint8
+	Name   [256]int8
+}
+
+type Fsid struct {
+	Val [2]int32
+}
+
+const (
+	PathMax = 0x400
+)
+
+const (
+	FADV_NORMAL     = 0x0
+	FADV_RANDOM     = 0x1
+	FADV_SEQUENTIAL = 0x2
+	FADV_WILLNEED   = 0x3
+	FADV_DONTNEED   = 0x4
+	FADV_NOREUSE    = 0x5
+)
+
+type RawSockaddrInet4 struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]int8
+}
+
+type RawSockaddrInet6 struct {
+	Len      uint8
+	Family   uint8
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+type RawSockaddrUnix struct {
+	Len    uint8
+	Family uint8
+	Path   [104]int8
+}
+
+type RawSockaddrDatalink struct {
+	Len    uint8
+	Family uint8
+	Index  uint16
+	Type   uint8
+	Nlen   uint8
+	Alen   uint8
+	Slen   uint8
+	Data   [46]int8
+}
+
+type RawSockaddr struct {
+	Len    uint8
+	Family uint8
+	Data   [14]int8
+}
+
+type RawSockaddrAny struct {
+	Addr RawSockaddr
+	Pad  [92]int8
+}
+
+type _Socklen uint32
+
+type Linger struct {
+	Onoff  int32
+	Linger int32
+}
+
+type Iovec struct {
+	Base *byte
+	Len  uint32
+}
+
+type IPMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
+
+type IPMreqn struct {
+	Multiaddr [4]byte /* in_addr */
+	Address   [4]byte /* in_addr */
+	Ifindex   int32
+}
+
+type IPv6Mreq struct {
+	Multiaddr [16]byte /* in6_addr */
+	Interface uint32
+}
+
+type Msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Iov        *Iovec
+	Iovlen     int32
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type Cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type Inet6Pktinfo struct {
+	Addr    [16]byte /* in6_addr */
+	Ifindex uint32
+}
+
+type IPv6MTUInfo struct {
+	Addr RawSockaddrInet6
+	Mtu  uint32
+}
+
+type ICMPv6Filter struct {
+	Filt [8]uint32
+}
+
+const (
+	SizeofSockaddrInet4    = 0x10
+	SizeofSockaddrInet6    = 0x1c
+	SizeofSockaddrAny      = 0x6c
+	SizeofSockaddrUnix     = 0x6a
+	SizeofSockaddrDatalink = 0x36
+	SizeofLinger           = 0x8
+	SizeofIPMreq           = 0x8
+	SizeofIPMreqn          = 0xc
+	SizeofIPv6Mreq         = 0x14
+	SizeofMsghdr           = 0x1c
+	SizeofCmsghdr          = 0xc
+	SizeofInet6Pktinfo     = 0x14
+	SizeofIPv6MTUInfo      = 0x20
+	SizeofICMPv6Filter     = 0x20
+)
+
+const (
+	PTRACE_ATTACH     = 0xa
+	PTRACE_CONT       = 0x7
+	PTRACE_DETACH     = 0xb
+	PTRACE_GETFPREGS  = 0x23
+	PTRACE_GETFSBASE  = 0x47
+	PTRACE_GETLWPLIST = 0xf
+	PTRACE_GETNUMLWPS = 0xe
+	PTRACE_GETREGS    = 0x21
+	PTRACE_GETXSTATE  = 0x45
+	PTRACE_IO         = 0xc
+	PTRACE_KILL       = 0x8
+	PTRACE_LWPEVENTS  = 0x18
+	PTRACE_LWPINFO    = 0xd
+	PTRACE_SETFPREGS  = 0x24
+	PTRACE_SETREGS    = 0x22
+	PTRACE_SINGLESTEP = 0x9
+	PTRACE_TRACEME    = 0x0
+)
+
+const (
+	PIOD_READ_D  = 0x1
+	PIOD_WRITE_D = 0x2
+	PIOD_READ_I  = 0x3
+	PIOD_WRITE_I = 0x4
+)
+
+const (
+	PL_FLAG_BORN   = 0x100
+	PL_FLAG_EXITED = 0x200
+	PL_FLAG_SI     = 0x20
+)
+
+const (
+	TRAP_BRKPT = 0x1
+	TRAP_TRACE = 0x2
+)
+
+type PtraceLwpInfoStruct struct {
+	Lwpid        int32
+	Event        int32
+	Flags        int32
+	Sigmask      Sigset_t
+	Siglist      Sigset_t
+	Siginfo      __Siginfo
+	Tdname       [20]int8
+	Child_pid    int32
+	Syscall_code uint32
+	Syscall_narg uint32
+}
+
+type __Siginfo struct {
+	Signo  int32
+	Errno  int32
+	Code   int32
+	Pid    int32
+	Uid    uint32
+	Status int32
+	Addr   *byte
+	Value  [4]byte
+	_      [32]byte
+}
+
+type Sigset_t struct {
+	Val [4]uint32
+}
+
+type Reg struct {
+	Fs     uint32
+	Es     uint32
+	Ds     uint32
+	Edi    uint32
+	Esi    uint32
+	Ebp    uint32
+	Isp    uint32
+	Ebx    uint32
+	Edx    uint32
+	Ecx    uint32
+	Eax    uint32
+	Trapno uint32
+	Err    uint32
+	Eip    uint32
+	Cs     uint32
+	Eflags uint32
+	Esp    uint32
+	Ss     uint32
+	Gs     uint32
+}
+
+type FpReg struct {
+	Env   [7]uint32
+	Acc   [8][10]uint8
+	Ex_sw uint32
+	Pad   [64]uint8
+}
+
+type PtraceIoDesc struct {
+	Op   int32
+	Offs *byte
+	Addr *byte
+	Len  uint32
+}
+
+type Kevent_t struct {
+	Ident  uint32
+	Filter int16
+	Flags  uint16
+	Fflags uint32
+	Data   int32
+	Udata  *byte
+}
+
+type FdSet struct {
+	Bits [32]uint32
+}
+
+const (
+	sizeofIfMsghdr         = 0xa8
+	SizeofIfMsghdr         = 0x60
+	sizeofIfData           = 0x98
+	SizeofIfData           = 0x50
+	SizeofIfaMsghdr        = 0x14
+	SizeofIfmaMsghdr       = 0x10
+	SizeofIfAnnounceMsghdr = 0x18
+	SizeofRtMsghdr         = 0x5c
+	SizeofRtMetrics        = 0x38
+)
+
+type ifMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Addrs   int32
+	Flags   int32
+	Index   uint16
+	_       uint16
+	Data    ifData
+}
+
+type IfMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Addrs   int32
+	Flags   int32
+	Index   uint16
+	Data    IfData
+}
+
+type ifData struct {
+	Type       uint8
+	Physical   uint8
+	Addrlen    uint8
+	Hdrlen     uint8
+	Link_state uint8
+	Vhid       uint8
+	Datalen    uint16
+	Mtu        uint32
+	Metric     uint32
+	Baudrate   uint64
+	Ipackets   uint64
+	Ierrors    uint64
+	Opackets   uint64
+	Oerrors    uint64
+	Collisions uint64
+	Ibytes     uint64
+	Obytes     uint64
+	Imcasts    uint64
+	Omcasts    uint64
+	Iqdrops    uint64
+	Oqdrops    uint64
+	Noproto    uint64
+	Hwassist   uint64
+	_          [8]byte
+	_          [16]byte
+}
+
+type IfData struct {
+	Type        uint8
+	Physical    uint8
+	Addrlen     uint8
+	Hdrlen      uint8
+	Link_state  uint8
+	Spare_char1 uint8
+	Spare_char2 uint8
+	Datalen     uint8
+	Mtu         uint32
+	Metric      uint32
+	Baudrate    uint32
+	Ipackets    uint32
+	Ierrors     uint32
+	Opackets    uint32
+	Oerrors     uint32
+	Collisions  uint32
+	Ibytes      uint32
+	Obytes      uint32
+	Imcasts     uint32
+	Omcasts     uint32
+	Iqdrops     uint32
+	Noproto     uint32
+	Hwassist    uint32
+	Epoch       int32
+	Lastchange  Timeval
+}
+
+type IfaMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Addrs   int32
+	Flags   int32
+	Index   uint16
+	_       uint16
+	Metric  int32
+}
+
+type IfmaMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Addrs   int32
+	Flags   int32
+	Index   uint16
+	_       uint16
+}
+
+type IfAnnounceMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Index   uint16
+	Name    [16]int8
+	What    uint16
+}
+
+type RtMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Index   uint16
+	_       uint16
+	Flags   int32
+	Addrs   int32
+	Pid     int32
+	Seq     int32
+	Errno   int32
+	Fmask   int32
+	Inits   uint32
+	Rmx     RtMetrics
+}
+
+type RtMetrics struct {
+	Locks    uint32
+	Mtu      uint32
+	Hopcount uint32
+	Expire   uint32
+	Recvpipe uint32
+	Sendpipe uint32
+	Ssthresh uint32
+	Rtt      uint32
+	Rttvar   uint32
+	Pksent   uint32
+	Weight   uint32
+	Filler   [3]uint32
+}
+
+const (
+	SizeofBpfVersion    = 0x4
+	SizeofBpfStat       = 0x8
+	SizeofBpfZbuf       = 0xc
+	SizeofBpfProgram    = 0x8
+	SizeofBpfInsn       = 0x8
+	SizeofBpfHdr        = 0x14
+	SizeofBpfZbufHeader = 0x20
+)
+
+type BpfVersion struct {
+	Major uint16
+	Minor uint16
+}
+
+type BpfStat struct {
+	Recv uint32
+	Drop uint32
+}
+
+type BpfZbuf struct {
+	Bufa   *byte
+	Bufb   *byte
+	Buflen uint32
+}
+
+type BpfProgram struct {
+	Len   uint32
+	Insns *BpfInsn
+}
+
+type BpfInsn struct {
+	Code uint16
+	Jt   uint8
+	Jf   uint8
+	K    uint32
+}
+
+type BpfHdr struct {
+	Tstamp  Timeval
+	Caplen  uint32
+	Datalen uint32
+	Hdrlen  uint16
+	_       [2]byte
+}
+
+type BpfZbufHeader struct {
+	Kernel_gen uint32
+	Kernel_len uint32
+	User_gen   uint32
+	_          [5]uint32
+}
+
+type Termios struct {
+	Iflag  uint32
+	Oflag  uint32
+	Cflag  uint32
+	Lflag  uint32
+	Cc     [20]uint8
+	Ispeed uint32
+	Ospeed uint32
+}
+
+type Winsize struct {
+	Row    uint16
+	Col    uint16
+	Xpixel uint16
+	Ypixel uint16
+}
+
+const (
+	AT_FDCWD            = -0x64
+	AT_REMOVEDIR        = 0x800
+	AT_SYMLINK_FOLLOW   = 0x400
+	AT_SYMLINK_NOFOLLOW = 0x200
+)
+
+type PollFd struct {
+	Fd      int32
+	Events  int16
+	Revents int16
+}
+
+const (
+	POLLERR      = 0x8
+	POLLHUP      = 0x10
+	POLLIN       = 0x1
+	POLLINIGNEOF = 0x2000
+	POLLNVAL     = 0x20
+	POLLOUT      = 0x4
+	POLLPRI      = 0x2
+	POLLRDBAND   = 0x80
+	POLLRDNORM   = 0x40
+	POLLWRBAND   = 0x100
+	POLLWRNORM   = 0x4
+)
+
+type CapRights struct {
+	Rights [2]uint64
+}
+
+type Utsname struct {
+	Sysname  [256]byte
+	Nodename [256]byte
+	Release  [256]byte
+	Version  [256]byte
+	Machine  [256]byte
+}
+
+const SizeofClockinfo = 0x14
+
+type Clockinfo struct {
+	Hz     int32
+	Tick   int32
+	Spare  int32
+	Stathz int32
+	Profhz int32
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go
new file mode 100644
index 000000000..e11e95499
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go
@@ -0,0 +1,712 @@
+// cgo -godefs types_freebsd.go | go run mkpost.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build amd64,freebsd
+
+package unix
+
+const (
+	SizeofPtr      = 0x8
+	SizeofShort    = 0x2
+	SizeofInt      = 0x4
+	SizeofLong     = 0x8
+	SizeofLongLong = 0x8
+)
+
+type (
+	_C_short     int16
+	_C_int       int32
+	_C_long      int64
+	_C_long_long int64
+)
+
+type Timespec struct {
+	Sec  int64
+	Nsec int64
+}
+
+type Timeval struct {
+	Sec  int64
+	Usec int64
+}
+
+type Rusage struct {
+	Utime    Timeval
+	Stime    Timeval
+	Maxrss   int64
+	Ixrss    int64
+	Idrss    int64
+	Isrss    int64
+	Minflt   int64
+	Majflt   int64
+	Nswap    int64
+	Inblock  int64
+	Oublock  int64
+	Msgsnd   int64
+	Msgrcv   int64
+	Nsignals int64
+	Nvcsw    int64
+	Nivcsw   int64
+}
+
+type Rlimit struct {
+	Cur int64
+	Max int64
+}
+
+type _Gid_t uint32
+
+const (
+	_statfsVersion = 0x20140518
+	_dirblksiz     = 0x400
+)
+
+type Stat_t struct {
+	Dev     uint64
+	Ino     uint64
+	Nlink   uint64
+	Mode    uint16
+	_0      int16
+	Uid     uint32
+	Gid     uint32
+	_1      int32
+	Rdev    uint64
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	Btim    Timespec
+	Size    int64
+	Blocks  int64
+	Blksize int32
+	Flags   uint32
+	Gen     uint64
+	Spare   [10]uint64
+}
+
+type stat_freebsd11_t struct {
+	Dev     uint32
+	Ino     uint32
+	Mode    uint16
+	Nlink   uint16
+	Uid     uint32
+	Gid     uint32
+	Rdev    uint32
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	Size    int64
+	Blocks  int64
+	Blksize int32
+	Flags   uint32
+	Gen     uint32
+	Lspare  int32
+	Btim    Timespec
+}
+
+type Statfs_t struct {
+	Version     uint32
+	Type        uint32
+	Flags       uint64
+	Bsize       uint64
+	Iosize      uint64
+	Blocks      uint64
+	Bfree       uint64
+	Bavail      int64
+	Files       uint64
+	Ffree       int64
+	Syncwrites  uint64
+	Asyncwrites uint64
+	Syncreads   uint64
+	Asyncreads  uint64
+	Spare       [10]uint64
+	Namemax     uint32
+	Owner       uint32
+	Fsid        Fsid
+	Charspare   [80]int8
+	Fstypename  [16]byte
+	Mntfromname [1024]byte
+	Mntonname   [1024]byte
+}
+
+type statfs_freebsd11_t struct {
+	Version     uint32
+	Type        uint32
+	Flags       uint64
+	Bsize       uint64
+	Iosize      uint64
+	Blocks      uint64
+	Bfree       uint64
+	Bavail      int64
+	Files       uint64
+	Ffree       int64
+	Syncwrites  uint64
+	Asyncwrites uint64
+	Syncreads   uint64
+	Asyncreads  uint64
+	Spare       [10]uint64
+	Namemax     uint32
+	Owner       uint32
+	Fsid        Fsid
+	Charspare   [80]int8
+	Fstypename  [16]byte
+	Mntfromname [88]byte
+	Mntonname   [88]byte
+}
+
+type Flock_t struct {
+	Start  int64
+	Len    int64
+	Pid    int32
+	Type   int16
+	Whence int16
+	Sysid  int32
+	_      [4]byte
+}
+
+type Dirent struct {
+	Fileno uint64
+	Off    int64
+	Reclen uint16
+	Type   uint8
+	Pad0   uint8
+	Namlen uint16
+	Pad1   uint16
+	Name   [256]int8
+}
+
+type dirent_freebsd11 struct {
+	Fileno uint32
+	Reclen uint16
+	Type   uint8
+	Namlen uint8
+	Name   [256]int8
+}
+
+type Fsid struct {
+	Val [2]int32
+}
+
+const (
+	PathMax = 0x400
+)
+
+const (
+	FADV_NORMAL     = 0x0
+	FADV_RANDOM     = 0x1
+	FADV_SEQUENTIAL = 0x2
+	FADV_WILLNEED   = 0x3
+	FADV_DONTNEED   = 0x4
+	FADV_NOREUSE    = 0x5
+)
+
+type RawSockaddrInet4 struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]int8
+}
+
+type RawSockaddrInet6 struct {
+	Len      uint8
+	Family   uint8
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+type RawSockaddrUnix struct {
+	Len    uint8
+	Family uint8
+	Path   [104]int8
+}
+
+type RawSockaddrDatalink struct {
+	Len    uint8
+	Family uint8
+	Index  uint16
+	Type   uint8
+	Nlen   uint8
+	Alen   uint8
+	Slen   uint8
+	Data   [46]int8
+}
+
+type RawSockaddr struct {
+	Len    uint8
+	Family uint8
+	Data   [14]int8
+}
+
+type RawSockaddrAny struct {
+	Addr RawSockaddr
+	Pad  [92]int8
+}
+
+type _Socklen uint32
+
+type Linger struct {
+	Onoff  int32
+	Linger int32
+}
+
+type Iovec struct {
+	Base *byte
+	Len  uint64
+}
+
+type IPMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
+
+type IPMreqn struct {
+	Multiaddr [4]byte /* in_addr */
+	Address   [4]byte /* in_addr */
+	Ifindex   int32
+}
+
+type IPv6Mreq struct {
+	Multiaddr [16]byte /* in6_addr */
+	Interface uint32
+}
+
+type Msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Iov        *Iovec
+	Iovlen     int32
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type Cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type Inet6Pktinfo struct {
+	Addr    [16]byte /* in6_addr */
+	Ifindex uint32
+}
+
+type IPv6MTUInfo struct {
+	Addr RawSockaddrInet6
+	Mtu  uint32
+}
+
+type ICMPv6Filter struct {
+	Filt [8]uint32
+}
+
+const (
+	SizeofSockaddrInet4    = 0x10
+	SizeofSockaddrInet6    = 0x1c
+	SizeofSockaddrAny      = 0x6c
+	SizeofSockaddrUnix     = 0x6a
+	SizeofSockaddrDatalink = 0x36
+	SizeofLinger           = 0x8
+	SizeofIPMreq           = 0x8
+	SizeofIPMreqn          = 0xc
+	SizeofIPv6Mreq         = 0x14
+	SizeofMsghdr           = 0x30
+	SizeofCmsghdr          = 0xc
+	SizeofInet6Pktinfo     = 0x14
+	SizeofIPv6MTUInfo      = 0x20
+	SizeofICMPv6Filter     = 0x20
+)
+
+const (
+	PTRACE_ATTACH     = 0xa
+	PTRACE_CONT       = 0x7
+	PTRACE_DETACH     = 0xb
+	PTRACE_GETFPREGS  = 0x23
+	PTRACE_GETFSBASE  = 0x47
+	PTRACE_GETLWPLIST = 0xf
+	PTRACE_GETNUMLWPS = 0xe
+	PTRACE_GETREGS    = 0x21
+	PTRACE_GETXSTATE  = 0x45
+	PTRACE_IO         = 0xc
+	PTRACE_KILL       = 0x8
+	PTRACE_LWPEVENTS  = 0x18
+	PTRACE_LWPINFO    = 0xd
+	PTRACE_SETFPREGS  = 0x24
+	PTRACE_SETREGS    = 0x22
+	PTRACE_SINGLESTEP = 0x9
+	PTRACE_TRACEME    = 0x0
+)
+
+const (
+	PIOD_READ_D  = 0x1
+	PIOD_WRITE_D = 0x2
+	PIOD_READ_I  = 0x3
+	PIOD_WRITE_I = 0x4
+)
+
+const (
+	PL_FLAG_BORN   = 0x100
+	PL_FLAG_EXITED = 0x200
+	PL_FLAG_SI     = 0x20
+)
+
+const (
+	TRAP_BRKPT = 0x1
+	TRAP_TRACE = 0x2
+)
+
+type PtraceLwpInfoStruct struct {
+	Lwpid        int32
+	Event        int32
+	Flags        int32
+	Sigmask      Sigset_t
+	Siglist      Sigset_t
+	Siginfo      __Siginfo
+	Tdname       [20]int8
+	Child_pid    int32
+	Syscall_code uint32
+	Syscall_narg uint32
+}
+
+type __Siginfo struct {
+	Signo  int32
+	Errno  int32
+	Code   int32
+	Pid    int32
+	Uid    uint32
+	Status int32
+	Addr   *byte
+	Value  [8]byte
+	_      [40]byte
+}
+
+type Sigset_t struct {
+	Val [4]uint32
+}
+
+type Reg struct {
+	R15    int64
+	R14    int64
+	R13    int64
+	R12    int64
+	R11    int64
+	R10    int64
+	R9     int64
+	R8     int64
+	Rdi    int64
+	Rsi    int64
+	Rbp    int64
+	Rbx    int64
+	Rdx    int64
+	Rcx    int64
+	Rax    int64
+	Trapno uint32
+	Fs     uint16
+	Gs     uint16
+	Err    uint32
+	Es     uint16
+	Ds     uint16
+	Rip    int64
+	Cs     int64
+	Rflags int64
+	Rsp    int64
+	Ss     int64
+}
+
+type FpReg struct {
+	Env   [4]uint64
+	Acc   [8][16]uint8
+	Xacc  [16][16]uint8
+	Spare [12]uint64
+}
+
+type PtraceIoDesc struct {
+	Op   int32
+	Offs *byte
+	Addr *byte
+	Len  uint64
+}
+
+type Kevent_t struct {
+	Ident  uint64
+	Filter int16
+	Flags  uint16
+	Fflags uint32
+	Data   int64
+	Udata  *byte
+}
+
+type FdSet struct {
+	Bits [16]uint64
+}
+
+const (
+	sizeofIfMsghdr         = 0xa8
+	SizeofIfMsghdr         = 0xa8
+	sizeofIfData           = 0x98
+	SizeofIfData           = 0x98
+	SizeofIfaMsghdr        = 0x14
+	SizeofIfmaMsghdr       = 0x10
+	SizeofIfAnnounceMsghdr = 0x18
+	SizeofRtMsghdr         = 0x98
+	SizeofRtMetrics        = 0x70
+)
+
+type ifMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Addrs   int32
+	Flags   int32
+	Index   uint16
+	_       uint16
+	Data    ifData
+}
+
+type IfMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Addrs   int32
+	Flags   int32
+	Index   uint16
+	Data    IfData
+}
+
+type ifData struct {
+	Type       uint8
+	Physical   uint8
+	Addrlen    uint8
+	Hdrlen     uint8
+	Link_state uint8
+	Vhid       uint8
+	Datalen    uint16
+	Mtu        uint32
+	Metric     uint32
+	Baudrate   uint64
+	Ipackets   uint64
+	Ierrors    uint64
+	Opackets   uint64
+	Oerrors    uint64
+	Collisions uint64
+	Ibytes     uint64
+	Obytes     uint64
+	Imcasts    uint64
+	Omcasts    uint64
+	Iqdrops    uint64
+	Oqdrops    uint64
+	Noproto    uint64
+	Hwassist   uint64
+	_          [8]byte
+	_          [16]byte
+}
+
+type IfData struct {
+	Type        uint8
+	Physical    uint8
+	Addrlen     uint8
+	Hdrlen      uint8
+	Link_state  uint8
+	Spare_char1 uint8
+	Spare_char2 uint8
+	Datalen     uint8
+	Mtu         uint64
+	Metric      uint64
+	Baudrate    uint64
+	Ipackets    uint64
+	Ierrors     uint64
+	Opackets    uint64
+	Oerrors     uint64
+	Collisions  uint64
+	Ibytes      uint64
+	Obytes      uint64
+	Imcasts     uint64
+	Omcasts     uint64
+	Iqdrops     uint64
+	Noproto     uint64
+	Hwassist    uint64
+	Epoch       int64
+	Lastchange  Timeval
+}
+
+type IfaMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Addrs   int32
+	Flags   int32
+	Index   uint16
+	_       uint16
+	Metric  int32
+}
+
+type IfmaMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Addrs   int32
+	Flags   int32
+	Index   uint16
+	_       uint16
+}
+
+type IfAnnounceMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Index   uint16
+	Name    [16]int8
+	What    uint16
+}
+
+type RtMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Index   uint16
+	_       uint16
+	Flags   int32
+	Addrs   int32
+	Pid     int32
+	Seq     int32
+	Errno   int32
+	Fmask   int32
+	Inits   uint64
+	Rmx     RtMetrics
+}
+
+type RtMetrics struct {
+	Locks    uint64
+	Mtu      uint64
+	Hopcount uint64
+	Expire   uint64
+	Recvpipe uint64
+	Sendpipe uint64
+	Ssthresh uint64
+	Rtt      uint64
+	Rttvar   uint64
+	Pksent   uint64
+	Weight   uint64
+	Filler   [3]uint64
+}
+
+const (
+	SizeofBpfVersion    = 0x4
+	SizeofBpfStat       = 0x8
+	SizeofBpfZbuf       = 0x18
+	SizeofBpfProgram    = 0x10
+	SizeofBpfInsn       = 0x8
+	SizeofBpfHdr        = 0x20
+	SizeofBpfZbufHeader = 0x20
+)
+
+type BpfVersion struct {
+	Major uint16
+	Minor uint16
+}
+
+type BpfStat struct {
+	Recv uint32
+	Drop uint32
+}
+
+type BpfZbuf struct {
+	Bufa   *byte
+	Bufb   *byte
+	Buflen uint64
+}
+
+type BpfProgram struct {
+	Len   uint32
+	Insns *BpfInsn
+}
+
+type BpfInsn struct {
+	Code uint16
+	Jt   uint8
+	Jf   uint8
+	K    uint32
+}
+
+type BpfHdr struct {
+	Tstamp  Timeval
+	Caplen  uint32
+	Datalen uint32
+	Hdrlen  uint16
+	_       [6]byte
+}
+
+type BpfZbufHeader struct {
+	Kernel_gen uint32
+	Kernel_len uint32
+	User_gen   uint32
+	_          [5]uint32
+}
+
+type Termios struct {
+	Iflag  uint32
+	Oflag  uint32
+	Cflag  uint32
+	Lflag  uint32
+	Cc     [20]uint8
+	Ispeed uint32
+	Ospeed uint32
+}
+
+type Winsize struct {
+	Row    uint16
+	Col    uint16
+	Xpixel uint16
+	Ypixel uint16
+}
+
+const (
+	AT_FDCWD            = -0x64
+	AT_REMOVEDIR        = 0x800
+	AT_SYMLINK_FOLLOW   = 0x400
+	AT_SYMLINK_NOFOLLOW = 0x200
+)
+
+type PollFd struct {
+	Fd      int32
+	Events  int16
+	Revents int16
+}
+
+const (
+	POLLERR      = 0x8
+	POLLHUP      = 0x10
+	POLLIN       = 0x1
+	POLLINIGNEOF = 0x2000
+	POLLNVAL     = 0x20
+	POLLOUT      = 0x4
+	POLLPRI      = 0x2
+	POLLRDBAND   = 0x80
+	POLLRDNORM   = 0x40
+	POLLWRBAND   = 0x100
+	POLLWRNORM   = 0x4
+)
+
+type CapRights struct {
+	Rights [2]uint64
+}
+
+type Utsname struct {
+	Sysname  [256]byte
+	Nodename [256]byte
+	Release  [256]byte
+	Version  [256]byte
+	Machine  [256]byte
+}
+
+const SizeofClockinfo = 0x14
+
+type Clockinfo struct {
+	Hz     int32
+	Tick   int32
+	Spare  int32
+	Stathz int32
+	Profhz int32
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
new file mode 100644
index 000000000..b91c2ae0f
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
@@ -0,0 +1,693 @@
+// cgo -godefs -- -fsigned-char types_freebsd.go | go run mkpost.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build arm,freebsd
+
+package unix
+
+const (
+	SizeofPtr      = 0x4
+	SizeofShort    = 0x2
+	SizeofInt      = 0x4
+	SizeofLong     = 0x4
+	SizeofLongLong = 0x8
+)
+
+type (
+	_C_short     int16
+	_C_int       int32
+	_C_long      int32
+	_C_long_long int64
+)
+
+type Timespec struct {
+	Sec  int64
+	Nsec int32
+	_    [4]byte
+}
+
+type Timeval struct {
+	Sec  int64
+	Usec int32
+	_    [4]byte
+}
+
+type Rusage struct {
+	Utime    Timeval
+	Stime    Timeval
+	Maxrss   int32
+	Ixrss    int32
+	Idrss    int32
+	Isrss    int32
+	Minflt   int32
+	Majflt   int32
+	Nswap    int32
+	Inblock  int32
+	Oublock  int32
+	Msgsnd   int32
+	Msgrcv   int32
+	Nsignals int32
+	Nvcsw    int32
+	Nivcsw   int32
+}
+
+type Rlimit struct {
+	Cur int64
+	Max int64
+}
+
+type _Gid_t uint32
+
+const (
+	_statfsVersion = 0x20140518
+	_dirblksiz     = 0x400
+)
+
+type Stat_t struct {
+	Dev     uint64
+	Ino     uint64
+	Nlink   uint64
+	Mode    uint16
+	_0      int16
+	Uid     uint32
+	Gid     uint32
+	_1      int32
+	Rdev    uint64
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	Btim    Timespec
+	Size    int64
+	Blocks  int64
+	Blksize int32
+	Flags   uint32
+	Gen     uint64
+	Spare   [10]uint64
+}
+
+type stat_freebsd11_t struct {
+	Dev     uint32
+	Ino     uint32
+	Mode    uint16
+	Nlink   uint16
+	Uid     uint32
+	Gid     uint32
+	Rdev    uint32
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	Size    int64
+	Blocks  int64
+	Blksize int32
+	Flags   uint32
+	Gen     uint32
+	Lspare  int32
+	Btim    Timespec
+}
+
+type Statfs_t struct {
+	Version     uint32
+	Type        uint32
+	Flags       uint64
+	Bsize       uint64
+	Iosize      uint64
+	Blocks      uint64
+	Bfree       uint64
+	Bavail      int64
+	Files       uint64
+	Ffree       int64
+	Syncwrites  uint64
+	Asyncwrites uint64
+	Syncreads   uint64
+	Asyncreads  uint64
+	Spare       [10]uint64
+	Namemax     uint32
+	Owner       uint32
+	Fsid        Fsid
+	Charspare   [80]int8
+	Fstypename  [16]byte
+	Mntfromname [1024]byte
+	Mntonname   [1024]byte
+}
+
+type statfs_freebsd11_t struct {
+	Version     uint32
+	Type        uint32
+	Flags       uint64
+	Bsize       uint64
+	Iosize      uint64
+	Blocks      uint64
+	Bfree       uint64
+	Bavail      int64
+	Files       uint64
+	Ffree       int64
+	Syncwrites  uint64
+	Asyncwrites uint64
+	Syncreads   uint64
+	Asyncreads  uint64
+	Spare       [10]uint64
+	Namemax     uint32
+	Owner       uint32
+	Fsid        Fsid
+	Charspare   [80]int8
+	Fstypename  [16]byte
+	Mntfromname [88]byte
+	Mntonname   [88]byte
+}
+
+type Flock_t struct {
+	Start  int64
+	Len    int64
+	Pid    int32
+	Type   int16
+	Whence int16
+	Sysid  int32
+	_      [4]byte
+}
+
+type Dirent struct {
+	Fileno uint64
+	Off    int64
+	Reclen uint16
+	Type   uint8
+	Pad0   uint8
+	Namlen uint16
+	Pad1   uint16
+	Name   [256]int8
+}
+
+type dirent_freebsd11 struct {
+	Fileno uint32
+	Reclen uint16
+	Type   uint8
+	Namlen uint8
+	Name   [256]int8
+}
+
+type Fsid struct {
+	Val [2]int32
+}
+
+const (
+	PathMax = 0x400
+)
+
+const (
+	FADV_NORMAL     = 0x0
+	FADV_RANDOM     = 0x1
+	FADV_SEQUENTIAL = 0x2
+	FADV_WILLNEED   = 0x3
+	FADV_DONTNEED   = 0x4
+	FADV_NOREUSE    = 0x5
+)
+
+type RawSockaddrInet4 struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]int8
+}
+
+type RawSockaddrInet6 struct {
+	Len      uint8
+	Family   uint8
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+type RawSockaddrUnix struct {
+	Len    uint8
+	Family uint8
+	Path   [104]int8
+}
+
+type RawSockaddrDatalink struct {
+	Len    uint8
+	Family uint8
+	Index  uint16
+	Type   uint8
+	Nlen   uint8
+	Alen   uint8
+	Slen   uint8
+	Data   [46]int8
+}
+
+type RawSockaddr struct {
+	Len    uint8
+	Family uint8
+	Data   [14]int8
+}
+
+type RawSockaddrAny struct {
+	Addr RawSockaddr
+	Pad  [92]int8
+}
+
+type _Socklen uint32
+
+type Linger struct {
+	Onoff  int32
+	Linger int32
+}
+
+type Iovec struct {
+	Base *byte
+	Len  uint32
+}
+
+type IPMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
+
+type IPMreqn struct {
+	Multiaddr [4]byte /* in_addr */
+	Address   [4]byte /* in_addr */
+	Ifindex   int32
+}
+
+type IPv6Mreq struct {
+	Multiaddr [16]byte /* in6_addr */
+	Interface uint32
+}
+
+type Msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Iov        *Iovec
+	Iovlen     int32
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type Cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type Inet6Pktinfo struct {
+	Addr    [16]byte /* in6_addr */
+	Ifindex uint32
+}
+
+type IPv6MTUInfo struct {
+	Addr RawSockaddrInet6
+	Mtu  uint32
+}
+
+type ICMPv6Filter struct {
+	Filt [8]uint32
+}
+
+const (
+	SizeofSockaddrInet4    = 0x10
+	SizeofSockaddrInet6    = 0x1c
+	SizeofSockaddrAny      = 0x6c
+	SizeofSockaddrUnix     = 0x6a
+	SizeofSockaddrDatalink = 0x36
+	SizeofLinger           = 0x8
+	SizeofIPMreq           = 0x8
+	SizeofIPMreqn          = 0xc
+	SizeofIPv6Mreq         = 0x14
+	SizeofMsghdr           = 0x1c
+	SizeofCmsghdr          = 0xc
+	SizeofInet6Pktinfo     = 0x14
+	SizeofIPv6MTUInfo      = 0x20
+	SizeofICMPv6Filter     = 0x20
+)
+
+const (
+	PTRACE_ATTACH     = 0xa
+	PTRACE_CONT       = 0x7
+	PTRACE_DETACH     = 0xb
+	PTRACE_GETFPREGS  = 0x23
+	PTRACE_GETFSBASE  = 0x47
+	PTRACE_GETLWPLIST = 0xf
+	PTRACE_GETNUMLWPS = 0xe
+	PTRACE_GETREGS    = 0x21
+	PTRACE_GETXSTATE  = 0x45
+	PTRACE_IO         = 0xc
+	PTRACE_KILL       = 0x8
+	PTRACE_LWPEVENTS  = 0x18
+	PTRACE_LWPINFO    = 0xd
+	PTRACE_SETFPREGS  = 0x24
+	PTRACE_SETREGS    = 0x22
+	PTRACE_SINGLESTEP = 0x9
+	PTRACE_TRACEME    = 0x0
+)
+
+const (
+	PIOD_READ_D  = 0x1
+	PIOD_WRITE_D = 0x2
+	PIOD_READ_I  = 0x3
+	PIOD_WRITE_I = 0x4
+)
+
+const (
+	PL_FLAG_BORN   = 0x100
+	PL_FLAG_EXITED = 0x200
+	PL_FLAG_SI     = 0x20
+)
+
+const (
+	TRAP_BRKPT = 0x1
+	TRAP_TRACE = 0x2
+)
+
+type PtraceLwpInfoStruct struct {
+	Lwpid        int32
+	Event        int32
+	Flags        int32
+	Sigmask      Sigset_t
+	Siglist      Sigset_t
+	Siginfo      __Siginfo
+	Tdname       [20]int8
+	Child_pid    int32
+	Syscall_code uint32
+	Syscall_narg uint32
+}
+
+type __Siginfo struct {
+	Signo    int32
+	Errno    int32
+	Code     int32
+	Pid      int32
+	Uid      uint32
+	Status   int32
+	Addr     *byte
+	Value    [4]byte
+	X_reason [32]byte
+}
+
+type Sigset_t struct {
+	Val [4]uint32
+}
+
+type Reg struct {
+	R      [13]uint32
+	R_sp   uint32
+	R_lr   uint32
+	R_pc   uint32
+	R_cpsr uint32
+}
+
+type FpReg struct {
+	Fpr_fpsr uint32
+	Fpr      [8][3]uint32
+}
+
+type PtraceIoDesc struct {
+	Op   int32
+	Offs *byte
+	Addr *byte
+	Len  uint32
+}
+
+type Kevent_t struct {
+	Ident  uint32
+	Filter int16
+	Flags  uint16
+	Fflags uint32
+	Data   int32
+	Udata  *byte
+}
+
+type FdSet struct {
+	Bits [32]uint32
+}
+
+const (
+	sizeofIfMsghdr         = 0xa8
+	SizeofIfMsghdr         = 0x70
+	sizeofIfData           = 0x98
+	SizeofIfData           = 0x60
+	SizeofIfaMsghdr        = 0x14
+	SizeofIfmaMsghdr       = 0x10
+	SizeofIfAnnounceMsghdr = 0x18
+	SizeofRtMsghdr         = 0x5c
+	SizeofRtMetrics        = 0x38
+)
+
+type ifMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Addrs   int32
+	Flags   int32
+	Index   uint16
+	_       [2]byte
+	Data    ifData
+}
+
+type IfMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Addrs   int32
+	Flags   int32
+	Index   uint16
+	_       [2]byte
+	Data    IfData
+}
+
+type ifData struct {
+	Type       uint8
+	Physical   uint8
+	Addrlen    uint8
+	Hdrlen     uint8
+	Link_state uint8
+	Vhid       uint8
+	Datalen    uint16
+	Mtu        uint32
+	Metric     uint32
+	Baudrate   uint64
+	Ipackets   uint64
+	Ierrors    uint64
+	Opackets   uint64
+	Oerrors    uint64
+	Collisions uint64
+	Ibytes     uint64
+	Obytes     uint64
+	Imcasts    uint64
+	Omcasts    uint64
+	Iqdrops    uint64
+	Oqdrops    uint64
+	Noproto    uint64
+	Hwassist   uint64
+	_          [8]byte
+	_          [16]byte
+}
+
+type IfData struct {
+	Type        uint8
+	Physical    uint8
+	Addrlen     uint8
+	Hdrlen      uint8
+	Link_state  uint8
+	Spare_char1 uint8
+	Spare_char2 uint8
+	Datalen     uint8
+	Mtu         uint32
+	Metric      uint32
+	Baudrate    uint32
+	Ipackets    uint32
+	Ierrors     uint32
+	Opackets    uint32
+	Oerrors     uint32
+	Collisions  uint32
+	Ibytes      uint32
+	Obytes      uint32
+	Imcasts     uint32
+	Omcasts     uint32
+	Iqdrops     uint32
+	Noproto     uint32
+	Hwassist    uint32
+	_           [4]byte
+	Epoch       int64
+	Lastchange  Timeval
+}
+
+type IfaMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Addrs   int32
+	Flags   int32
+	Index   uint16
+	_       [2]byte
+	Metric  int32
+}
+
+type IfmaMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Addrs   int32
+	Flags   int32
+	Index   uint16
+	_       [2]byte
+}
+
+type IfAnnounceMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Index   uint16
+	Name    [16]int8
+	What    uint16
+}
+
+type RtMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Index   uint16
+	_       [2]byte
+	Flags   int32
+	Addrs   int32
+	Pid     int32
+	Seq     int32
+	Errno   int32
+	Fmask   int32
+	Inits   uint32
+	Rmx     RtMetrics
+}
+
+type RtMetrics struct {
+	Locks    uint32
+	Mtu      uint32
+	Hopcount uint32
+	Expire   uint32
+	Recvpipe uint32
+	Sendpipe uint32
+	Ssthresh uint32
+	Rtt      uint32
+	Rttvar   uint32
+	Pksent   uint32
+	Weight   uint32
+	Filler   [3]uint32
+}
+
+const (
+	SizeofBpfVersion    = 0x4
+	SizeofBpfStat       = 0x8
+	SizeofBpfZbuf       = 0xc
+	SizeofBpfProgram    = 0x8
+	SizeofBpfInsn       = 0x8
+	SizeofBpfHdr        = 0x20
+	SizeofBpfZbufHeader = 0x20
+)
+
+type BpfVersion struct {
+	Major uint16
+	Minor uint16
+}
+
+type BpfStat struct {
+	Recv uint32
+	Drop uint32
+}
+
+type BpfZbuf struct {
+	Bufa   *byte
+	Bufb   *byte
+	Buflen uint32
+}
+
+type BpfProgram struct {
+	Len   uint32
+	Insns *BpfInsn
+}
+
+type BpfInsn struct {
+	Code uint16
+	Jt   uint8
+	Jf   uint8
+	K    uint32
+}
+
+type BpfHdr struct {
+	Tstamp  Timeval
+	Caplen  uint32
+	Datalen uint32
+	Hdrlen  uint16
+	_       [6]byte
+}
+
+type BpfZbufHeader struct {
+	Kernel_gen uint32
+	Kernel_len uint32
+	User_gen   uint32
+	_          [5]uint32
+}
+
+type Termios struct {
+	Iflag  uint32
+	Oflag  uint32
+	Cflag  uint32
+	Lflag  uint32
+	Cc     [20]uint8
+	Ispeed uint32
+	Ospeed uint32
+}
+
+type Winsize struct {
+	Row    uint16
+	Col    uint16
+	Xpixel uint16
+	Ypixel uint16
+}
+
+const (
+	AT_FDCWD            = -0x64
+	AT_REMOVEDIR        = 0x800
+	AT_SYMLINK_FOLLOW   = 0x400
+	AT_SYMLINK_NOFOLLOW = 0x200
+)
+
+type PollFd struct {
+	Fd      int32
+	Events  int16
+	Revents int16
+}
+
+const (
+	POLLERR      = 0x8
+	POLLHUP      = 0x10
+	POLLIN       = 0x1
+	POLLINIGNEOF = 0x2000
+	POLLNVAL     = 0x20
+	POLLOUT      = 0x4
+	POLLPRI      = 0x2
+	POLLRDBAND   = 0x80
+	POLLRDNORM   = 0x40
+	POLLWRBAND   = 0x100
+	POLLWRNORM   = 0x4
+)
+
+type CapRights struct {
+	Rights [2]uint64
+}
+
+type Utsname struct {
+	Sysname  [256]byte
+	Nodename [256]byte
+	Release  [256]byte
+	Version  [256]byte
+	Machine  [256]byte
+}
+
+const SizeofClockinfo = 0x14
+
+type Clockinfo struct {
+	Hz     int32
+	Tick   int32
+	Spare  int32
+	Stathz int32
+	Profhz int32
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go
new file mode 100644
index 000000000..c6fe1d097
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go
@@ -0,0 +1,690 @@
+// cgo -godefs -- -fsigned-char types_freebsd.go | go run mkpost.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build arm64,freebsd
+
+package unix
+
+const (
+	SizeofPtr      = 0x8
+	SizeofShort    = 0x2
+	SizeofInt      = 0x4
+	SizeofLong     = 0x8
+	SizeofLongLong = 0x8
+)
+
+type (
+	_C_short     int16
+	_C_int       int32
+	_C_long      int64
+	_C_long_long int64
+)
+
+type Timespec struct {
+	Sec  int64
+	Nsec int64
+}
+
+type Timeval struct {
+	Sec  int64
+	Usec int64
+}
+
+type Rusage struct {
+	Utime    Timeval
+	Stime    Timeval
+	Maxrss   int64
+	Ixrss    int64
+	Idrss    int64
+	Isrss    int64
+	Minflt   int64
+	Majflt   int64
+	Nswap    int64
+	Inblock  int64
+	Oublock  int64
+	Msgsnd   int64
+	Msgrcv   int64
+	Nsignals int64
+	Nvcsw    int64
+	Nivcsw   int64
+}
+
+type Rlimit struct {
+	Cur int64
+	Max int64
+}
+
+type _Gid_t uint32
+
+const (
+	_statfsVersion = 0x20140518
+	_dirblksiz     = 0x400
+)
+
+type Stat_t struct {
+	Dev     uint64
+	Ino     uint64
+	Nlink   uint64
+	Mode    uint16
+	_0      int16
+	Uid     uint32
+	Gid     uint32
+	_1      int32
+	Rdev    uint64
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	Btim    Timespec
+	Size    int64
+	Blocks  int64
+	Blksize int32
+	Flags   uint32
+	Gen     uint64
+	Spare   [10]uint64
+}
+
+type stat_freebsd11_t struct {
+	Dev     uint32
+	Ino     uint32
+	Mode    uint16
+	Nlink   uint16
+	Uid     uint32
+	Gid     uint32
+	Rdev    uint32
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	Size    int64
+	Blocks  int64
+	Blksize int32
+	Flags   uint32
+	Gen     uint32
+	Lspare  int32
+	Btim    Timespec
+}
+
+type Statfs_t struct {
+	Version     uint32
+	Type        uint32
+	Flags       uint64
+	Bsize       uint64
+	Iosize      uint64
+	Blocks      uint64
+	Bfree       uint64
+	Bavail      int64
+	Files       uint64
+	Ffree       int64
+	Syncwrites  uint64
+	Asyncwrites uint64
+	Syncreads   uint64
+	Asyncreads  uint64
+	Spare       [10]uint64
+	Namemax     uint32
+	Owner       uint32
+	Fsid        Fsid
+	Charspare   [80]int8
+	Fstypename  [16]byte
+	Mntfromname [1024]byte
+	Mntonname   [1024]byte
+}
+
+type statfs_freebsd11_t struct {
+	Version     uint32
+	Type        uint32
+	Flags       uint64
+	Bsize       uint64
+	Iosize      uint64
+	Blocks      uint64
+	Bfree       uint64
+	Bavail      int64
+	Files       uint64
+	Ffree       int64
+	Syncwrites  uint64
+	Asyncwrites uint64
+	Syncreads   uint64
+	Asyncreads  uint64
+	Spare       [10]uint64
+	Namemax     uint32
+	Owner       uint32
+	Fsid        Fsid
+	Charspare   [80]int8
+	Fstypename  [16]byte
+	Mntfromname [88]byte
+	Mntonname   [88]byte
+}
+
+type Flock_t struct {
+	Start  int64
+	Len    int64
+	Pid    int32
+	Type   int16
+	Whence int16
+	Sysid  int32
+	_      [4]byte
+}
+
+type Dirent struct {
+	Fileno uint64
+	Off    int64
+	Reclen uint16
+	Type   uint8
+	Pad0   uint8
+	Namlen uint16
+	Pad1   uint16
+	Name   [256]int8
+}
+
+type dirent_freebsd11 struct {
+	Fileno uint32
+	Reclen uint16
+	Type   uint8
+	Namlen uint8
+	Name   [256]int8
+}
+
+type Fsid struct {
+	Val [2]int32
+}
+
+const (
+	PathMax = 0x400
+)
+
+const (
+	FADV_NORMAL     = 0x0
+	FADV_RANDOM     = 0x1
+	FADV_SEQUENTIAL = 0x2
+	FADV_WILLNEED   = 0x3
+	FADV_DONTNEED   = 0x4
+	FADV_NOREUSE    = 0x5
+)
+
+type RawSockaddrInet4 struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]int8
+}
+
+type RawSockaddrInet6 struct {
+	Len      uint8
+	Family   uint8
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+type RawSockaddrUnix struct {
+	Len    uint8
+	Family uint8
+	Path   [104]int8
+}
+
+type RawSockaddrDatalink struct {
+	Len    uint8
+	Family uint8
+	Index  uint16
+	Type   uint8
+	Nlen   uint8
+	Alen   uint8
+	Slen   uint8
+	Data   [46]int8
+}
+
+type RawSockaddr struct {
+	Len    uint8
+	Family uint8
+	Data   [14]int8
+}
+
+type RawSockaddrAny struct {
+	Addr RawSockaddr
+	Pad  [92]int8
+}
+
+type _Socklen uint32
+
+type Linger struct {
+	Onoff  int32
+	Linger int32
+}
+
+type Iovec struct {
+	Base *byte
+	Len  uint64
+}
+
+type IPMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
+
+type IPMreqn struct {
+	Multiaddr [4]byte /* in_addr */
+	Address   [4]byte /* in_addr */
+	Ifindex   int32
+}
+
+type IPv6Mreq struct {
+	Multiaddr [16]byte /* in6_addr */
+	Interface uint32
+}
+
+type Msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Iov        *Iovec
+	Iovlen     int32
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type Cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type Inet6Pktinfo struct {
+	Addr    [16]byte /* in6_addr */
+	Ifindex uint32
+}
+
+type IPv6MTUInfo struct {
+	Addr RawSockaddrInet6
+	Mtu  uint32
+}
+
+type ICMPv6Filter struct {
+	Filt [8]uint32
+}
+
+const (
+	SizeofSockaddrInet4    = 0x10
+	SizeofSockaddrInet6    = 0x1c
+	SizeofSockaddrAny      = 0x6c
+	SizeofSockaddrUnix     = 0x6a
+	SizeofSockaddrDatalink = 0x36
+	SizeofLinger           = 0x8
+	SizeofIPMreq           = 0x8
+	SizeofIPMreqn          = 0xc
+	SizeofIPv6Mreq         = 0x14
+	SizeofMsghdr           = 0x30
+	SizeofCmsghdr          = 0xc
+	SizeofInet6Pktinfo     = 0x14
+	SizeofIPv6MTUInfo      = 0x20
+	SizeofICMPv6Filter     = 0x20
+)
+
+const (
+	PTRACE_ATTACH     = 0xa
+	PTRACE_CONT       = 0x7
+	PTRACE_DETACH     = 0xb
+	PTRACE_GETFPREGS  = 0x23
+	PTRACE_GETLWPLIST = 0xf
+	PTRACE_GETNUMLWPS = 0xe
+	PTRACE_GETREGS    = 0x21
+	PTRACE_IO         = 0xc
+	PTRACE_KILL       = 0x8
+	PTRACE_LWPEVENTS  = 0x18
+	PTRACE_LWPINFO    = 0xd
+	PTRACE_SETFPREGS  = 0x24
+	PTRACE_SETREGS    = 0x22
+	PTRACE_SINGLESTEP = 0x9
+	PTRACE_TRACEME    = 0x0
+)
+
+const (
+	PIOD_READ_D  = 0x1
+	PIOD_WRITE_D = 0x2
+	PIOD_READ_I  = 0x3
+	PIOD_WRITE_I = 0x4
+)
+
+const (
+	PL_FLAG_BORN   = 0x100
+	PL_FLAG_EXITED = 0x200
+	PL_FLAG_SI     = 0x20
+)
+
+const (
+	TRAP_BRKPT = 0x1
+	TRAP_TRACE = 0x2
+)
+
+type PtraceLwpInfoStruct struct {
+	Lwpid        int32
+	Event        int32
+	Flags        int32
+	Sigmask      Sigset_t
+	Siglist      Sigset_t
+	Siginfo      __Siginfo
+	Tdname       [20]int8
+	Child_pid    int32
+	Syscall_code uint32
+	Syscall_narg uint32
+}
+
+type __Siginfo struct {
+	Signo  int32
+	Errno  int32
+	Code   int32
+	Pid    int32
+	Uid    uint32
+	Status int32
+	Addr   *byte
+	Value  [8]byte
+	_      [40]byte
+}
+
+type Sigset_t struct {
+	Val [4]uint32
+}
+
+type Reg struct {
+	X    [30]uint64
+	Lr   uint64
+	Sp   uint64
+	Elr  uint64
+	Spsr uint32
+	_    [4]byte
+}
+
+type FpReg struct {
+	Q  [32][16]uint8
+	Sr uint32
+	Cr uint32
+	_  [8]byte
+}
+
+type PtraceIoDesc struct {
+	Op   int32
+	Offs *byte
+	Addr *byte
+	Len  uint64
+}
+
+type Kevent_t struct {
+	Ident  uint64
+	Filter int16
+	Flags  uint16
+	Fflags uint32
+	Data   int64
+	Udata  *byte
+}
+
+type FdSet struct {
+	Bits [16]uint64
+}
+
+const (
+	sizeofIfMsghdr         = 0xa8
+	SizeofIfMsghdr         = 0xa8
+	sizeofIfData           = 0x98
+	SizeofIfData           = 0x98
+	SizeofIfaMsghdr        = 0x14
+	SizeofIfmaMsghdr       = 0x10
+	SizeofIfAnnounceMsghdr = 0x18
+	SizeofRtMsghdr         = 0x98
+	SizeofRtMetrics        = 0x70
+)
+
+type ifMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Addrs   int32
+	Flags   int32
+	Index   uint16
+	_       uint16
+	Data    ifData
+}
+
+type IfMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Addrs   int32
+	Flags   int32
+	Index   uint16
+	Data    IfData
+}
+
+type ifData struct {
+	Type       uint8
+	Physical   uint8
+	Addrlen    uint8
+	Hdrlen     uint8
+	Link_state uint8
+	Vhid       uint8
+	Datalen    uint16
+	Mtu        uint32
+	Metric     uint32
+	Baudrate   uint64
+	Ipackets   uint64
+	Ierrors    uint64
+	Opackets   uint64
+	Oerrors    uint64
+	Collisions uint64
+	Ibytes     uint64
+	Obytes     uint64
+	Imcasts    uint64
+	Omcasts    uint64
+	Iqdrops    uint64
+	Oqdrops    uint64
+	Noproto    uint64
+	Hwassist   uint64
+	_          [8]byte
+	_          [16]byte
+}
+
+type IfData struct {
+	Type        uint8
+	Physical    uint8
+	Addrlen     uint8
+	Hdrlen      uint8
+	Link_state  uint8
+	Spare_char1 uint8
+	Spare_char2 uint8
+	Datalen     uint8
+	Mtu         uint64
+	Metric      uint64
+	Baudrate    uint64
+	Ipackets    uint64
+	Ierrors     uint64
+	Opackets    uint64
+	Oerrors     uint64
+	Collisions  uint64
+	Ibytes      uint64
+	Obytes      uint64
+	Imcasts     uint64
+	Omcasts     uint64
+	Iqdrops     uint64
+	Noproto     uint64
+	Hwassist    uint64
+	Epoch       int64
+	Lastchange  Timeval
+}
+
+type IfaMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Addrs   int32
+	Flags   int32
+	Index   uint16
+	_       uint16
+	Metric  int32
+}
+
+type IfmaMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Addrs   int32
+	Flags   int32
+	Index   uint16
+	_       uint16
+}
+
+type IfAnnounceMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Index   uint16
+	Name    [16]int8
+	What    uint16
+}
+
+type RtMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Index   uint16
+	_       uint16
+	Flags   int32
+	Addrs   int32
+	Pid     int32
+	Seq     int32
+	Errno   int32
+	Fmask   int32
+	Inits   uint64
+	Rmx     RtMetrics
+}
+
+type RtMetrics struct {
+	Locks    uint64
+	Mtu      uint64
+	Hopcount uint64
+	Expire   uint64
+	Recvpipe uint64
+	Sendpipe uint64
+	Ssthresh uint64
+	Rtt      uint64
+	Rttvar   uint64
+	Pksent   uint64
+	Weight   uint64
+	Filler   [3]uint64
+}
+
+const (
+	SizeofBpfVersion    = 0x4
+	SizeofBpfStat       = 0x8
+	SizeofBpfZbuf       = 0x18
+	SizeofBpfProgram    = 0x10
+	SizeofBpfInsn       = 0x8
+	SizeofBpfHdr        = 0x20
+	SizeofBpfZbufHeader = 0x20
+)
+
+type BpfVersion struct {
+	Major uint16
+	Minor uint16
+}
+
+type BpfStat struct {
+	Recv uint32
+	Drop uint32
+}
+
+type BpfZbuf struct {
+	Bufa   *byte
+	Bufb   *byte
+	Buflen uint64
+}
+
+type BpfProgram struct {
+	Len   uint32
+	Insns *BpfInsn
+}
+
+type BpfInsn struct {
+	Code uint16
+	Jt   uint8
+	Jf   uint8
+	K    uint32
+}
+
+type BpfHdr struct {
+	Tstamp  Timeval
+	Caplen  uint32
+	Datalen uint32
+	Hdrlen  uint16
+	_       [6]byte
+}
+
+type BpfZbufHeader struct {
+	Kernel_gen uint32
+	Kernel_len uint32
+	User_gen   uint32
+	_          [5]uint32
+}
+
+type Termios struct {
+	Iflag  uint32
+	Oflag  uint32
+	Cflag  uint32
+	Lflag  uint32
+	Cc     [20]uint8
+	Ispeed uint32
+	Ospeed uint32
+}
+
+type Winsize struct {
+	Row    uint16
+	Col    uint16
+	Xpixel uint16
+	Ypixel uint16
+}
+
+const (
+	AT_FDCWD            = -0x64
+	AT_REMOVEDIR        = 0x800
+	AT_SYMLINK_FOLLOW   = 0x400
+	AT_SYMLINK_NOFOLLOW = 0x200
+)
+
+type PollFd struct {
+	Fd      int32
+	Events  int16
+	Revents int16
+}
+
+const (
+	POLLERR      = 0x8
+	POLLHUP      = 0x10
+	POLLIN       = 0x1
+	POLLINIGNEOF = 0x2000
+	POLLNVAL     = 0x20
+	POLLOUT      = 0x4
+	POLLPRI      = 0x2
+	POLLRDBAND   = 0x80
+	POLLRDNORM   = 0x40
+	POLLWRBAND   = 0x100
+	POLLWRNORM   = 0x4
+)
+
+type CapRights struct {
+	Rights [2]uint64
+}
+
+type Utsname struct {
+	Sysname  [256]byte
+	Nodename [256]byte
+	Release  [256]byte
+	Version  [256]byte
+	Machine  [256]byte
+}
+
+const SizeofClockinfo = 0x14
+
+type Clockinfo struct {
+	Hz     int32
+	Tick   int32
+	Spare  int32
+	Stathz int32
+	Profhz int32
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_linux.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_linux.go
new file mode 100644
index 000000000..a92a5019a
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_linux.go
@@ -0,0 +1,2569 @@
+// Code generated by mkmerge.go; DO NOT EDIT.
+
+// +build linux
+
+package unix
+
+const (
+	SizeofShort    = 0x2
+	SizeofInt      = 0x4
+	SizeofLongLong = 0x8
+	PathMax        = 0x1000
+)
+
+type (
+	_C_short int16
+	_C_int   int32
+
+	_C_long_long int64
+)
+
+type ItimerSpec struct {
+	Interval Timespec
+	Value    Timespec
+}
+
+const (
+	TIME_OK    = 0x0
+	TIME_INS   = 0x1
+	TIME_DEL   = 0x2
+	TIME_OOP   = 0x3
+	TIME_WAIT  = 0x4
+	TIME_ERROR = 0x5
+	TIME_BAD   = 0x5
+)
+
+type Rlimit struct {
+	Cur uint64
+	Max uint64
+}
+
+type _Gid_t uint32
+
+type StatxTimestamp struct {
+	Sec  int64
+	Nsec uint32
+	_    int32
+}
+
+type Statx_t struct {
+	Mask            uint32
+	Blksize         uint32
+	Attributes      uint64
+	Nlink           uint32
+	Uid             uint32
+	Gid             uint32
+	Mode            uint16
+	_               [1]uint16
+	Ino             uint64
+	Size            uint64
+	Blocks          uint64
+	Attributes_mask uint64
+	Atime           StatxTimestamp
+	Btime           StatxTimestamp
+	Ctime           StatxTimestamp
+	Mtime           StatxTimestamp
+	Rdev_major      uint32
+	Rdev_minor      uint32
+	Dev_major       uint32
+	Dev_minor       uint32
+	Mnt_id          uint64
+	_               uint64
+	_               [12]uint64
+}
+
+type Fsid struct {
+	Val [2]int32
+}
+
+type FileCloneRange struct {
+	Src_fd      int64
+	Src_offset  uint64
+	Src_length  uint64
+	Dest_offset uint64
+}
+
+type FileDedupeRange struct {
+	Src_offset uint64
+	Src_length uint64
+	Dest_count uint16
+	Reserved1  uint16
+	Reserved2  uint32
+}
+
+type FscryptPolicy struct {
+	Version                   uint8
+	Contents_encryption_mode  uint8
+	Filenames_encryption_mode uint8
+	Flags                     uint8
+	Master_key_descriptor     [8]uint8
+}
+
+type FscryptKey struct {
+	Mode uint32
+	Raw  [64]uint8
+	Size uint32
+}
+
+type FscryptPolicyV1 struct {
+	Version                   uint8
+	Contents_encryption_mode  uint8
+	Filenames_encryption_mode uint8
+	Flags                     uint8
+	Master_key_descriptor     [8]uint8
+}
+
+type FscryptPolicyV2 struct {
+	Version                   uint8
+	Contents_encryption_mode  uint8
+	Filenames_encryption_mode uint8
+	Flags                     uint8
+	_                         [4]uint8
+	Master_key_identifier     [16]uint8
+}
+
+type FscryptGetPolicyExArg struct {
+	Size   uint64
+	Policy [24]byte
+}
+
+type FscryptKeySpecifier struct {
+	Type uint32
+	_    uint32
+	U    [32]byte
+}
+
+type FscryptAddKeyArg struct {
+	Key_spec FscryptKeySpecifier
+	Raw_size uint32
+	Key_id   uint32
+	_        [8]uint32
+}
+
+type FscryptRemoveKeyArg struct {
+	Key_spec             FscryptKeySpecifier
+	Removal_status_flags uint32
+	_                    [5]uint32
+}
+
+type FscryptGetKeyStatusArg struct {
+	Key_spec     FscryptKeySpecifier
+	_            [6]uint32
+	Status       uint32
+	Status_flags uint32
+	User_count   uint32
+	_            [13]uint32
+}
+
+type DmIoctl struct {
+	Version      [3]uint32
+	Data_size    uint32
+	Data_start   uint32
+	Target_count uint32
+	Open_count   int32
+	Flags        uint32
+	Event_nr     uint32
+	_            uint32
+	Dev          uint64
+	Name         [128]byte
+	Uuid         [129]byte
+	Data         [7]byte
+}
+
+type DmTargetSpec struct {
+	Sector_start uint64
+	Length       uint64
+	Status       int32
+	Next         uint32
+	Target_type  [16]byte
+}
+
+type DmTargetDeps struct {
+	Count uint32
+	_     uint32
+}
+
+type DmTargetVersions struct {
+	Next    uint32
+	Version [3]uint32
+}
+
+type DmTargetMsg struct {
+	Sector uint64
+}
+
+const (
+	SizeofDmIoctl      = 0x138
+	SizeofDmTargetSpec = 0x28
+)
+
+type KeyctlDHParams struct {
+	Private int32
+	Prime   int32
+	Base    int32
+}
+
+const (
+	FADV_NORMAL     = 0x0
+	FADV_RANDOM     = 0x1
+	FADV_SEQUENTIAL = 0x2
+	FADV_WILLNEED   = 0x3
+)
+
+type RawSockaddrInet4 struct {
+	Family uint16
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]uint8
+}
+
+type RawSockaddrInet6 struct {
+	Family   uint16
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+type RawSockaddrUnix struct {
+	Family uint16
+	Path   [108]int8
+}
+
+type RawSockaddrLinklayer struct {
+	Family   uint16
+	Protocol uint16
+	Ifindex  int32
+	Hatype   uint16
+	Pkttype  uint8
+	Halen    uint8
+	Addr     [8]uint8
+}
+
+type RawSockaddrNetlink struct {
+	Family uint16
+	Pad    uint16
+	Pid    uint32
+	Groups uint32
+}
+
+type RawSockaddrHCI struct {
+	Family  uint16
+	Dev     uint16
+	Channel uint16
+}
+
+type RawSockaddrL2 struct {
+	Family      uint16
+	Psm         uint16
+	Bdaddr      [6]uint8
+	Cid         uint16
+	Bdaddr_type uint8
+	_           [1]byte
+}
+
+type RawSockaddrRFCOMM struct {
+	Family  uint16
+	Bdaddr  [6]uint8
+	Channel uint8
+	_       [1]byte
+}
+
+type RawSockaddrCAN struct {
+	Family  uint16
+	Ifindex int32
+	Addr    [16]byte
+}
+
+type RawSockaddrALG struct {
+	Family uint16
+	Type   [14]uint8
+	Feat   uint32
+	Mask   uint32
+	Name   [64]uint8
+}
+
+type RawSockaddrVM struct {
+	Family    uint16
+	Reserved1 uint16
+	Port      uint32
+	Cid       uint32
+	Zero      [4]uint8
+}
+
+type RawSockaddrXDP struct {
+	Family         uint16
+	Flags          uint16
+	Ifindex        uint32
+	Queue_id       uint32
+	Shared_umem_fd uint32
+}
+
+type RawSockaddrPPPoX [0x1e]byte
+
+type RawSockaddrTIPC struct {
+	Family   uint16
+	Addrtype uint8
+	Scope    int8
+	Addr     [12]byte
+}
+
+type RawSockaddrL2TPIP struct {
+	Family  uint16
+	Unused  uint16
+	Addr    [4]byte /* in_addr */
+	Conn_id uint32
+	_       [4]uint8
+}
+
+type RawSockaddrL2TPIP6 struct {
+	Family   uint16
+	Unused   uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+	Conn_id  uint32
+}
+
+type RawSockaddrIUCV struct {
+	Family  uint16
+	Port    uint16
+	Addr    uint32
+	Nodeid  [8]int8
+	User_id [8]int8
+	Name    [8]int8
+}
+
+type _Socklen uint32
+
+type Linger struct {
+	Onoff  int32
+	Linger int32
+}
+
+type IPMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
+
+type IPMreqn struct {
+	Multiaddr [4]byte /* in_addr */
+	Address   [4]byte /* in_addr */
+	Ifindex   int32
+}
+
+type IPv6Mreq struct {
+	Multiaddr [16]byte /* in6_addr */
+	Interface uint32
+}
+
+type PacketMreq struct {
+	Ifindex int32
+	Type    uint16
+	Alen    uint16
+	Address [8]uint8
+}
+
+type Inet4Pktinfo struct {
+	Ifindex  int32
+	Spec_dst [4]byte /* in_addr */
+	Addr     [4]byte /* in_addr */
+}
+
+type Inet6Pktinfo struct {
+	Addr    [16]byte /* in6_addr */
+	Ifindex uint32
+}
+
+type IPv6MTUInfo struct {
+	Addr RawSockaddrInet6
+	Mtu  uint32
+}
+
+type ICMPv6Filter struct {
+	Data [8]uint32
+}
+
+type Ucred struct {
+	Pid int32
+	Uid uint32
+	Gid uint32
+}
+
+type TCPInfo struct {
+	State          uint8
+	Ca_state       uint8
+	Retransmits    uint8
+	Probes         uint8
+	Backoff        uint8
+	Options        uint8
+	Rto            uint32
+	Ato            uint32
+	Snd_mss        uint32
+	Rcv_mss        uint32
+	Unacked        uint32
+	Sacked         uint32
+	Lost           uint32
+	Retrans        uint32
+	Fackets        uint32
+	Last_data_sent uint32
+	Last_ack_sent  uint32
+	Last_data_recv uint32
+	Last_ack_recv  uint32
+	Pmtu           uint32
+	Rcv_ssthresh   uint32
+	Rtt            uint32
+	Rttvar         uint32
+	Snd_ssthresh   uint32
+	Snd_cwnd       uint32
+	Advmss         uint32
+	Reordering     uint32
+	Rcv_rtt        uint32
+	Rcv_space      uint32
+	Total_retrans  uint32
+}
+
+type CanFilter struct {
+	Id   uint32
+	Mask uint32
+}
+
+const (
+	SizeofSockaddrInet4     = 0x10
+	SizeofSockaddrInet6     = 0x1c
+	SizeofSockaddrAny       = 0x70
+	SizeofSockaddrUnix      = 0x6e
+	SizeofSockaddrLinklayer = 0x14
+	SizeofSockaddrNetlink   = 0xc
+	SizeofSockaddrHCI       = 0x6
+	SizeofSockaddrL2        = 0xe
+	SizeofSockaddrRFCOMM    = 0xa
+	SizeofSockaddrCAN       = 0x18
+	SizeofSockaddrALG       = 0x58
+	SizeofSockaddrVM        = 0x10
+	SizeofSockaddrXDP       = 0x10
+	SizeofSockaddrPPPoX     = 0x1e
+	SizeofSockaddrTIPC      = 0x10
+	SizeofSockaddrL2TPIP    = 0x10
+	SizeofSockaddrL2TPIP6   = 0x20
+	SizeofSockaddrIUCV      = 0x20
+	SizeofLinger            = 0x8
+	SizeofIPMreq            = 0x8
+	SizeofIPMreqn           = 0xc
+	SizeofIPv6Mreq          = 0x14
+	SizeofPacketMreq        = 0x10
+	SizeofInet4Pktinfo      = 0xc
+	SizeofInet6Pktinfo      = 0x14
+	SizeofIPv6MTUInfo       = 0x20
+	SizeofICMPv6Filter      = 0x20
+	SizeofUcred             = 0xc
+	SizeofTCPInfo           = 0x68
+	SizeofCanFilter         = 0x8
+)
+
+const (
+	NDA_UNSPEC              = 0x0
+	NDA_DST                 = 0x1
+	NDA_LLADDR              = 0x2
+	NDA_CACHEINFO           = 0x3
+	NDA_PROBES              = 0x4
+	NDA_VLAN                = 0x5
+	NDA_PORT                = 0x6
+	NDA_VNI                 = 0x7
+	NDA_IFINDEX             = 0x8
+	NDA_MASTER              = 0x9
+	NDA_LINK_NETNSID        = 0xa
+	NDA_SRC_VNI             = 0xb
+	NTF_USE                 = 0x1
+	NTF_SELF                = 0x2
+	NTF_MASTER              = 0x4
+	NTF_PROXY               = 0x8
+	NTF_EXT_LEARNED         = 0x10
+	NTF_OFFLOADED           = 0x20
+	NTF_ROUTER              = 0x80
+	NUD_INCOMPLETE          = 0x1
+	NUD_REACHABLE           = 0x2
+	NUD_STALE               = 0x4
+	NUD_DELAY               = 0x8
+	NUD_PROBE               = 0x10
+	NUD_FAILED              = 0x20
+	NUD_NOARP               = 0x40
+	NUD_PERMANENT           = 0x80
+	NUD_NONE                = 0x0
+	IFA_UNSPEC              = 0x0
+	IFA_ADDRESS             = 0x1
+	IFA_LOCAL               = 0x2
+	IFA_LABEL               = 0x3
+	IFA_BROADCAST           = 0x4
+	IFA_ANYCAST             = 0x5
+	IFA_CACHEINFO           = 0x6
+	IFA_MULTICAST           = 0x7
+	IFA_FLAGS               = 0x8
+	IFA_RT_PRIORITY         = 0x9
+	IFA_TARGET_NETNSID      = 0xa
+	IFLA_UNSPEC             = 0x0
+	IFLA_ADDRESS            = 0x1
+	IFLA_BROADCAST          = 0x2
+	IFLA_IFNAME             = 0x3
+	IFLA_MTU                = 0x4
+	IFLA_LINK               = 0x5
+	IFLA_QDISC              = 0x6
+	IFLA_STATS              = 0x7
+	IFLA_COST               = 0x8
+	IFLA_PRIORITY           = 0x9
+	IFLA_MASTER             = 0xa
+	IFLA_WIRELESS           = 0xb
+	IFLA_PROTINFO           = 0xc
+	IFLA_TXQLEN             = 0xd
+	IFLA_MAP                = 0xe
+	IFLA_WEIGHT             = 0xf
+	IFLA_OPERSTATE          = 0x10
+	IFLA_LINKMODE           = 0x11
+	IFLA_LINKINFO           = 0x12
+	IFLA_NET_NS_PID         = 0x13
+	IFLA_IFALIAS            = 0x14
+	IFLA_NUM_VF             = 0x15
+	IFLA_VFINFO_LIST        = 0x16
+	IFLA_STATS64            = 0x17
+	IFLA_VF_PORTS           = 0x18
+	IFLA_PORT_SELF          = 0x19
+	IFLA_AF_SPEC            = 0x1a
+	IFLA_GROUP              = 0x1b
+	IFLA_NET_NS_FD          = 0x1c
+	IFLA_EXT_MASK           = 0x1d
+	IFLA_PROMISCUITY        = 0x1e
+	IFLA_NUM_TX_QUEUES      = 0x1f
+	IFLA_NUM_RX_QUEUES      = 0x20
+	IFLA_CARRIER            = 0x21
+	IFLA_PHYS_PORT_ID       = 0x22
+	IFLA_CARRIER_CHANGES    = 0x23
+	IFLA_PHYS_SWITCH_ID     = 0x24
+	IFLA_LINK_NETNSID       = 0x25
+	IFLA_PHYS_PORT_NAME     = 0x26
+	IFLA_PROTO_DOWN         = 0x27
+	IFLA_GSO_MAX_SEGS       = 0x28
+	IFLA_GSO_MAX_SIZE       = 0x29
+	IFLA_PAD                = 0x2a
+	IFLA_XDP                = 0x2b
+	IFLA_EVENT              = 0x2c
+	IFLA_NEW_NETNSID        = 0x2d
+	IFLA_IF_NETNSID         = 0x2e
+	IFLA_TARGET_NETNSID     = 0x2e
+	IFLA_CARRIER_UP_COUNT   = 0x2f
+	IFLA_CARRIER_DOWN_COUNT = 0x30
+	IFLA_NEW_IFINDEX        = 0x31
+	IFLA_MIN_MTU            = 0x32
+	IFLA_MAX_MTU            = 0x33
+	IFLA_MAX                = 0x36
+	IFLA_INFO_KIND          = 0x1
+	IFLA_INFO_DATA          = 0x2
+	IFLA_INFO_XSTATS        = 0x3
+	IFLA_INFO_SLAVE_KIND    = 0x4
+	IFLA_INFO_SLAVE_DATA    = 0x5
+	RT_SCOPE_UNIVERSE       = 0x0
+	RT_SCOPE_SITE           = 0xc8
+	RT_SCOPE_LINK           = 0xfd
+	RT_SCOPE_HOST           = 0xfe
+	RT_SCOPE_NOWHERE        = 0xff
+	RT_TABLE_UNSPEC         = 0x0
+	RT_TABLE_COMPAT         = 0xfc
+	RT_TABLE_DEFAULT        = 0xfd
+	RT_TABLE_MAIN           = 0xfe
+	RT_TABLE_LOCAL          = 0xff
+	RT_TABLE_MAX            = 0xffffffff
+	RTA_UNSPEC              = 0x0
+	RTA_DST                 = 0x1
+	RTA_SRC                 = 0x2
+	RTA_IIF                 = 0x3
+	RTA_OIF                 = 0x4
+	RTA_GATEWAY             = 0x5
+	RTA_PRIORITY            = 0x6
+	RTA_PREFSRC             = 0x7
+	RTA_METRICS             = 0x8
+	RTA_MULTIPATH           = 0x9
+	RTA_FLOW                = 0xb
+	RTA_CACHEINFO           = 0xc
+	RTA_TABLE               = 0xf
+	RTA_MARK                = 0x10
+	RTA_MFC_STATS           = 0x11
+	RTA_VIA                 = 0x12
+	RTA_NEWDST              = 0x13
+	RTA_PREF                = 0x14
+	RTA_ENCAP_TYPE          = 0x15
+	RTA_ENCAP               = 0x16
+	RTA_EXPIRES             = 0x17
+	RTA_PAD                 = 0x18
+	RTA_UID                 = 0x19
+	RTA_TTL_PROPAGATE       = 0x1a
+	RTA_IP_PROTO            = 0x1b
+	RTA_SPORT               = 0x1c
+	RTA_DPORT               = 0x1d
+	RTN_UNSPEC              = 0x0
+	RTN_UNICAST             = 0x1
+	RTN_LOCAL               = 0x2
+	RTN_BROADCAST           = 0x3
+	RTN_ANYCAST             = 0x4
+	RTN_MULTICAST           = 0x5
+	RTN_BLACKHOLE           = 0x6
+	RTN_UNREACHABLE         = 0x7
+	RTN_PROHIBIT            = 0x8
+	RTN_THROW               = 0x9
+	RTN_NAT                 = 0xa
+	RTN_XRESOLVE            = 0xb
+	SizeofNlMsghdr          = 0x10
+	SizeofNlMsgerr          = 0x14
+	SizeofRtGenmsg          = 0x1
+	SizeofNlAttr            = 0x4
+	SizeofRtAttr            = 0x4
+	SizeofIfInfomsg         = 0x10
+	SizeofIfAddrmsg         = 0x8
+	SizeofIfaCacheinfo      = 0x10
+	SizeofRtMsg             = 0xc
+	SizeofRtNexthop         = 0x8
+	SizeofNdUseroptmsg      = 0x10
+	SizeofNdMsg             = 0xc
+)
+
+type NlMsghdr struct {
+	Len   uint32
+	Type  uint16
+	Flags uint16
+	Seq   uint32
+	Pid   uint32
+}
+
+type NlMsgerr struct {
+	Error int32
+	Msg   NlMsghdr
+}
+
+type RtGenmsg struct {
+	Family uint8
+}
+
+type NlAttr struct {
+	Len  uint16
+	Type uint16
+}
+
+type RtAttr struct {
+	Len  uint16
+	Type uint16
+}
+
+type IfInfomsg struct {
+	Family uint8
+	_      uint8
+	Type   uint16
+	Index  int32
+	Flags  uint32
+	Change uint32
+}
+
+type IfAddrmsg struct {
+	Family    uint8
+	Prefixlen uint8
+	Flags     uint8
+	Scope     uint8
+	Index     uint32
+}
+
+type IfaCacheinfo struct {
+	Prefered uint32
+	Valid    uint32
+	Cstamp   uint32
+	Tstamp   uint32
+}
+
+type RtMsg struct {
+	Family   uint8
+	Dst_len  uint8
+	Src_len  uint8
+	Tos      uint8
+	Table    uint8
+	Protocol uint8
+	Scope    uint8
+	Type     uint8
+	Flags    uint32
+}
+
+type RtNexthop struct {
+	Len     uint16
+	Flags   uint8
+	Hops    uint8
+	Ifindex int32
+}
+
+type NdUseroptmsg struct {
+	Family    uint8
+	Pad1      uint8
+	Opts_len  uint16
+	Ifindex   int32
+	Icmp_type uint8
+	Icmp_code uint8
+	Pad2      uint16
+	Pad3      uint32
+}
+
+type NdMsg struct {
+	Family  uint8
+	Pad1    uint8
+	Pad2    uint16
+	Ifindex int32
+	State   uint16
+	Flags   uint8
+	Type    uint8
+}
+
+const (
+	SizeofSockFilter = 0x8
+)
+
+type SockFilter struct {
+	Code uint16
+	Jt   uint8
+	Jf   uint8
+	K    uint32
+}
+
+type SockFprog struct {
+	Len    uint16
+	Filter *SockFilter
+}
+
+type InotifyEvent struct {
+	Wd     int32
+	Mask   uint32
+	Cookie uint32
+	Len    uint32
+}
+
+const SizeofInotifyEvent = 0x10
+
+const SI_LOAD_SHIFT = 0x10
+
+type Utsname struct {
+	Sysname    [65]byte
+	Nodename   [65]byte
+	Release    [65]byte
+	Version    [65]byte
+	Machine    [65]byte
+	Domainname [65]byte
+}
+
+const (
+	AT_EMPTY_PATH   = 0x1000
+	AT_FDCWD        = -0x64
+	AT_NO_AUTOMOUNT = 0x800
+	AT_REMOVEDIR    = 0x200
+
+	AT_STATX_SYNC_AS_STAT = 0x0
+	AT_STATX_FORCE_SYNC   = 0x2000
+	AT_STATX_DONT_SYNC    = 0x4000
+
+	AT_SYMLINK_FOLLOW   = 0x400
+	AT_SYMLINK_NOFOLLOW = 0x100
+
+	AT_EACCESS = 0x200
+)
+
+type OpenHow struct {
+	Flags   uint64
+	Mode    uint64
+	Resolve uint64
+}
+
+const SizeofOpenHow = 0x18
+
+const (
+	RESOLVE_BENEATH       = 0x8
+	RESOLVE_IN_ROOT       = 0x10
+	RESOLVE_NO_MAGICLINKS = 0x2
+	RESOLVE_NO_SYMLINKS   = 0x4
+	RESOLVE_NO_XDEV       = 0x1
+)
+
+type PollFd struct {
+	Fd      int32
+	Events  int16
+	Revents int16
+}
+
+const (
+	POLLIN   = 0x1
+	POLLPRI  = 0x2
+	POLLOUT  = 0x4
+	POLLERR  = 0x8
+	POLLHUP  = 0x10
+	POLLNVAL = 0x20
+)
+
+type SignalfdSiginfo struct {
+	Signo     uint32
+	Errno     int32
+	Code      int32
+	Pid       uint32
+	Uid       uint32
+	Fd        int32
+	Tid       uint32
+	Band      uint32
+	Overrun   uint32
+	Trapno    uint32
+	Status    int32
+	Int       int32
+	Ptr       uint64
+	Utime     uint64
+	Stime     uint64
+	Addr      uint64
+	Addr_lsb  uint16
+	_         uint16
+	Syscall   int32
+	Call_addr uint64
+	Arch      uint32
+	_         [28]uint8
+}
+
+const PERF_IOC_FLAG_GROUP = 0x1
+
+type Winsize struct {
+	Row    uint16
+	Col    uint16
+	Xpixel uint16
+	Ypixel uint16
+}
+
+const (
+	TASKSTATS_CMD_UNSPEC                  = 0x0
+	TASKSTATS_CMD_GET                     = 0x1
+	TASKSTATS_CMD_NEW                     = 0x2
+	TASKSTATS_TYPE_UNSPEC                 = 0x0
+	TASKSTATS_TYPE_PID                    = 0x1
+	TASKSTATS_TYPE_TGID                   = 0x2
+	TASKSTATS_TYPE_STATS                  = 0x3
+	TASKSTATS_TYPE_AGGR_PID               = 0x4
+	TASKSTATS_TYPE_AGGR_TGID              = 0x5
+	TASKSTATS_TYPE_NULL                   = 0x6
+	TASKSTATS_CMD_ATTR_UNSPEC             = 0x0
+	TASKSTATS_CMD_ATTR_PID                = 0x1
+	TASKSTATS_CMD_ATTR_TGID               = 0x2
+	TASKSTATS_CMD_ATTR_REGISTER_CPUMASK   = 0x3
+	TASKSTATS_CMD_ATTR_DEREGISTER_CPUMASK = 0x4
+)
+
+type CGroupStats struct {
+	Sleeping        uint64
+	Running         uint64
+	Stopped         uint64
+	Uninterruptible uint64
+	Io_wait         uint64
+}
+
+const (
+	CGROUPSTATS_CMD_UNSPEC        = 0x3
+	CGROUPSTATS_CMD_GET           = 0x4
+	CGROUPSTATS_CMD_NEW           = 0x5
+	CGROUPSTATS_TYPE_UNSPEC       = 0x0
+	CGROUPSTATS_TYPE_CGROUP_STATS = 0x1
+	CGROUPSTATS_CMD_ATTR_UNSPEC   = 0x0
+	CGROUPSTATS_CMD_ATTR_FD       = 0x1
+)
+
+type Genlmsghdr struct {
+	Cmd      uint8
+	Version  uint8
+	Reserved uint16
+}
+
+const (
+	CTRL_CMD_UNSPEC            = 0x0
+	CTRL_CMD_NEWFAMILY         = 0x1
+	CTRL_CMD_DELFAMILY         = 0x2
+	CTRL_CMD_GETFAMILY         = 0x3
+	CTRL_CMD_NEWOPS            = 0x4
+	CTRL_CMD_DELOPS            = 0x5
+	CTRL_CMD_GETOPS            = 0x6
+	CTRL_CMD_NEWMCAST_GRP      = 0x7
+	CTRL_CMD_DELMCAST_GRP      = 0x8
+	CTRL_CMD_GETMCAST_GRP      = 0x9
+	CTRL_ATTR_UNSPEC           = 0x0
+	CTRL_ATTR_FAMILY_ID        = 0x1
+	CTRL_ATTR_FAMILY_NAME      = 0x2
+	CTRL_ATTR_VERSION          = 0x3
+	CTRL_ATTR_HDRSIZE          = 0x4
+	CTRL_ATTR_MAXATTR          = 0x5
+	CTRL_ATTR_OPS              = 0x6
+	CTRL_ATTR_MCAST_GROUPS     = 0x7
+	CTRL_ATTR_OP_UNSPEC        = 0x0
+	CTRL_ATTR_OP_ID            = 0x1
+	CTRL_ATTR_OP_FLAGS         = 0x2
+	CTRL_ATTR_MCAST_GRP_UNSPEC = 0x0
+	CTRL_ATTR_MCAST_GRP_NAME   = 0x1
+	CTRL_ATTR_MCAST_GRP_ID     = 0x2
+)
+
+const (
+	_CPU_SETSIZE = 0x400
+)
+
+const (
+	BDADDR_BREDR     = 0x0
+	BDADDR_LE_PUBLIC = 0x1
+	BDADDR_LE_RANDOM = 0x2
+)
+
+type PerfEventAttr struct {
+	Type               uint32
+	Size               uint32
+	Config             uint64
+	Sample             uint64
+	Sample_type        uint64
+	Read_format        uint64
+	Bits               uint64
+	Wakeup             uint32
+	Bp_type            uint32
+	Ext1               uint64
+	Ext2               uint64
+	Branch_sample_type uint64
+	Sample_regs_user   uint64
+	Sample_stack_user  uint32
+	Clockid            int32
+	Sample_regs_intr   uint64
+	Aux_watermark      uint32
+	Sample_max_stack   uint16
+	_                  uint16
+}
+
+type PerfEventMmapPage struct {
+	Version        uint32
+	Compat_version uint32
+	Lock           uint32
+	Index          uint32
+	Offset         int64
+	Time_enabled   uint64
+	Time_running   uint64
+	Capabilities   uint64
+	Pmc_width      uint16
+	Time_shift     uint16
+	Time_mult      uint32
+	Time_offset    uint64
+	Time_zero      uint64
+	Size           uint32
+	_              [948]uint8
+	Data_head      uint64
+	Data_tail      uint64
+	Data_offset    uint64
+	Data_size      uint64
+	Aux_head       uint64
+	Aux_tail       uint64
+	Aux_offset     uint64
+	Aux_size       uint64
+}
+
+const (
+	PerfBitDisabled               uint64 = CBitFieldMaskBit0
+	PerfBitInherit                       = CBitFieldMaskBit1
+	PerfBitPinned                        = CBitFieldMaskBit2
+	PerfBitExclusive                     = CBitFieldMaskBit3
+	PerfBitExcludeUser                   = CBitFieldMaskBit4
+	PerfBitExcludeKernel                 = CBitFieldMaskBit5
+	PerfBitExcludeHv                     = CBitFieldMaskBit6
+	PerfBitExcludeIdle                   = CBitFieldMaskBit7
+	PerfBitMmap                          = CBitFieldMaskBit8
+	PerfBitComm                          = CBitFieldMaskBit9
+	PerfBitFreq                          = CBitFieldMaskBit10
+	PerfBitInheritStat                   = CBitFieldMaskBit11
+	PerfBitEnableOnExec                  = CBitFieldMaskBit12
+	PerfBitTask                          = CBitFieldMaskBit13
+	PerfBitWatermark                     = CBitFieldMaskBit14
+	PerfBitPreciseIPBit1                 = CBitFieldMaskBit15
+	PerfBitPreciseIPBit2                 = CBitFieldMaskBit16
+	PerfBitMmapData                      = CBitFieldMaskBit17
+	PerfBitSampleIDAll                   = CBitFieldMaskBit18
+	PerfBitExcludeHost                   = CBitFieldMaskBit19
+	PerfBitExcludeGuest                  = CBitFieldMaskBit20
+	PerfBitExcludeCallchainKernel        = CBitFieldMaskBit21
+	PerfBitExcludeCallchainUser          = CBitFieldMaskBit22
+	PerfBitMmap2                         = CBitFieldMaskBit23
+	PerfBitCommExec                      = CBitFieldMaskBit24
+	PerfBitUseClockID                    = CBitFieldMaskBit25
+	PerfBitContextSwitch                 = CBitFieldMaskBit26
+)
+
+const (
+	PERF_TYPE_HARDWARE   = 0x0
+	PERF_TYPE_SOFTWARE   = 0x1
+	PERF_TYPE_TRACEPOINT = 0x2
+	PERF_TYPE_HW_CACHE   = 0x3
+	PERF_TYPE_RAW        = 0x4
+	PERF_TYPE_BREAKPOINT = 0x5
+
+	PERF_COUNT_HW_CPU_CYCLES              = 0x0
+	PERF_COUNT_HW_INSTRUCTIONS            = 0x1
+	PERF_COUNT_HW_CACHE_REFERENCES        = 0x2
+	PERF_COUNT_HW_CACHE_MISSES            = 0x3
+	PERF_COUNT_HW_BRANCH_INSTRUCTIONS     = 0x4
+	PERF_COUNT_HW_BRANCH_MISSES           = 0x5
+	PERF_COUNT_HW_BUS_CYCLES              = 0x6
+	PERF_COUNT_HW_STALLED_CYCLES_FRONTEND = 0x7
+	PERF_COUNT_HW_STALLED_CYCLES_BACKEND  = 0x8
+	PERF_COUNT_HW_REF_CPU_CYCLES          = 0x9
+
+	PERF_COUNT_HW_CACHE_L1D  = 0x0
+	PERF_COUNT_HW_CACHE_L1I  = 0x1
+	PERF_COUNT_HW_CACHE_LL   = 0x2
+	PERF_COUNT_HW_CACHE_DTLB = 0x3
+	PERF_COUNT_HW_CACHE_ITLB = 0x4
+	PERF_COUNT_HW_CACHE_BPU  = 0x5
+	PERF_COUNT_HW_CACHE_NODE = 0x6
+
+	PERF_COUNT_HW_CACHE_OP_READ     = 0x0
+	PERF_COUNT_HW_CACHE_OP_WRITE    = 0x1
+	PERF_COUNT_HW_CACHE_OP_PREFETCH = 0x2
+
+	PERF_COUNT_HW_CACHE_RESULT_ACCESS = 0x0
+	PERF_COUNT_HW_CACHE_RESULT_MISS   = 0x1
+
+	PERF_COUNT_SW_CPU_CLOCK        = 0x0
+	PERF_COUNT_SW_TASK_CLOCK       = 0x1
+	PERF_COUNT_SW_PAGE_FAULTS      = 0x2
+	PERF_COUNT_SW_CONTEXT_SWITCHES = 0x3
+	PERF_COUNT_SW_CPU_MIGRATIONS   = 0x4
+	PERF_COUNT_SW_PAGE_FAULTS_MIN  = 0x5
+	PERF_COUNT_SW_PAGE_FAULTS_MAJ  = 0x6
+	PERF_COUNT_SW_ALIGNMENT_FAULTS = 0x7
+	PERF_COUNT_SW_EMULATION_FAULTS = 0x8
+	PERF_COUNT_SW_DUMMY            = 0x9
+	PERF_COUNT_SW_BPF_OUTPUT       = 0xa
+
+	PERF_SAMPLE_IP           = 0x1
+	PERF_SAMPLE_TID          = 0x2
+	PERF_SAMPLE_TIME         = 0x4
+	PERF_SAMPLE_ADDR         = 0x8
+	PERF_SAMPLE_READ         = 0x10
+	PERF_SAMPLE_CALLCHAIN    = 0x20
+	PERF_SAMPLE_ID           = 0x40
+	PERF_SAMPLE_CPU          = 0x80
+	PERF_SAMPLE_PERIOD       = 0x100
+	PERF_SAMPLE_STREAM_ID    = 0x200
+	PERF_SAMPLE_RAW          = 0x400
+	PERF_SAMPLE_BRANCH_STACK = 0x800
+	PERF_SAMPLE_REGS_USER    = 0x1000
+	PERF_SAMPLE_STACK_USER   = 0x2000
+	PERF_SAMPLE_WEIGHT       = 0x4000
+	PERF_SAMPLE_DATA_SRC     = 0x8000
+	PERF_SAMPLE_IDENTIFIER   = 0x10000
+	PERF_SAMPLE_TRANSACTION  = 0x20000
+	PERF_SAMPLE_REGS_INTR    = 0x40000
+
+	PERF_SAMPLE_BRANCH_USER       = 0x1
+	PERF_SAMPLE_BRANCH_KERNEL     = 0x2
+	PERF_SAMPLE_BRANCH_HV         = 0x4
+	PERF_SAMPLE_BRANCH_ANY        = 0x8
+	PERF_SAMPLE_BRANCH_ANY_CALL   = 0x10
+	PERF_SAMPLE_BRANCH_ANY_RETURN = 0x20
+	PERF_SAMPLE_BRANCH_IND_CALL   = 0x40
+	PERF_SAMPLE_BRANCH_ABORT_TX   = 0x80
+	PERF_SAMPLE_BRANCH_IN_TX      = 0x100
+	PERF_SAMPLE_BRANCH_NO_TX      = 0x200
+	PERF_SAMPLE_BRANCH_COND       = 0x400
+	PERF_SAMPLE_BRANCH_CALL_STACK = 0x800
+	PERF_SAMPLE_BRANCH_IND_JUMP   = 0x1000
+	PERF_SAMPLE_BRANCH_CALL       = 0x2000
+	PERF_SAMPLE_BRANCH_NO_FLAGS   = 0x4000
+	PERF_SAMPLE_BRANCH_NO_CYCLES  = 0x8000
+	PERF_SAMPLE_BRANCH_TYPE_SAVE  = 0x10000
+
+	PERF_FORMAT_TOTAL_TIME_ENABLED = 0x1
+	PERF_FORMAT_TOTAL_TIME_RUNNING = 0x2
+	PERF_FORMAT_ID                 = 0x4
+	PERF_FORMAT_GROUP              = 0x8
+
+	PERF_RECORD_MMAP            = 0x1
+	PERF_RECORD_LOST            = 0x2
+	PERF_RECORD_COMM            = 0x3
+	PERF_RECORD_EXIT            = 0x4
+	PERF_RECORD_THROTTLE        = 0x5
+	PERF_RECORD_UNTHROTTLE      = 0x6
+	PERF_RECORD_FORK            = 0x7
+	PERF_RECORD_READ            = 0x8
+	PERF_RECORD_SAMPLE          = 0x9
+	PERF_RECORD_MMAP2           = 0xa
+	PERF_RECORD_AUX             = 0xb
+	PERF_RECORD_ITRACE_START    = 0xc
+	PERF_RECORD_LOST_SAMPLES    = 0xd
+	PERF_RECORD_SWITCH          = 0xe
+	PERF_RECORD_SWITCH_CPU_WIDE = 0xf
+	PERF_RECORD_NAMESPACES      = 0x10
+
+	PERF_CONTEXT_HV     = -0x20
+	PERF_CONTEXT_KERNEL = -0x80
+	PERF_CONTEXT_USER   = -0x200
+
+	PERF_CONTEXT_GUEST        = -0x800
+	PERF_CONTEXT_GUEST_KERNEL = -0x880
+	PERF_CONTEXT_GUEST_USER   = -0xa00
+
+	PERF_FLAG_FD_NO_GROUP = 0x1
+	PERF_FLAG_FD_OUTPUT   = 0x2
+	PERF_FLAG_PID_CGROUP  = 0x4
+	PERF_FLAG_FD_CLOEXEC  = 0x8
+)
+
+type TCPMD5Sig struct {
+	Addr      SockaddrStorage
+	Flags     uint8
+	Prefixlen uint8
+	Keylen    uint16
+	_         uint32
+	Key       [80]uint8
+}
+
+type HDDriveCmdHdr struct {
+	Command uint8
+	Number  uint8
+	Feature uint8
+	Count   uint8
+}
+
+type HDDriveID struct {
+	Config         uint16
+	Cyls           uint16
+	Reserved2      uint16
+	Heads          uint16
+	Track_bytes    uint16
+	Sector_bytes   uint16
+	Sectors        uint16
+	Vendor0        uint16
+	Vendor1        uint16
+	Vendor2        uint16
+	Serial_no      [20]uint8
+	Buf_type       uint16
+	Buf_size       uint16
+	Ecc_bytes      uint16
+	Fw_rev         [8]uint8
+	Model          [40]uint8
+	Max_multsect   uint8
+	Vendor3        uint8
+	Dword_io       uint16
+	Vendor4        uint8
+	Capability     uint8
+	Reserved50     uint16
+	Vendor5        uint8
+	TPIO           uint8
+	Vendor6        uint8
+	TDMA           uint8
+	Field_valid    uint16
+	Cur_cyls       uint16
+	Cur_heads      uint16
+	Cur_sectors    uint16
+	Cur_capacity0  uint16
+	Cur_capacity1  uint16
+	Multsect       uint8
+	Multsect_valid uint8
+	Lba_capacity   uint32
+	Dma_1word      uint16
+	Dma_mword      uint16
+	Eide_pio_modes uint16
+	Eide_dma_min   uint16
+	Eide_dma_time  uint16
+	Eide_pio       uint16
+	Eide_pio_iordy uint16
+	Words69_70     [2]uint16
+	Words71_74     [4]uint16
+	Queue_depth    uint16
+	Words76_79     [4]uint16
+	Major_rev_num  uint16
+	Minor_rev_num  uint16
+	Command_set_1  uint16
+	Command_set_2  uint16
+	Cfsse          uint16
+	Cfs_enable_1   uint16
+	Cfs_enable_2   uint16
+	Csf_default    uint16
+	Dma_ultra      uint16
+	Trseuc         uint16
+	TrsEuc         uint16
+	CurAPMvalues   uint16
+	Mprc           uint16
+	Hw_config      uint16
+	Acoustic       uint16
+	Msrqs          uint16
+	Sxfert         uint16
+	Sal            uint16
+	Spg            uint32
+	Lba_capacity_2 uint64
+	Words104_125   [22]uint16
+	Last_lun       uint16
+	Word127        uint16
+	Dlf            uint16
+	Csfo           uint16
+	Words130_155   [26]uint16
+	Word156        uint16
+	Words157_159   [3]uint16
+	Cfa_power      uint16
+	Words161_175   [15]uint16
+	Words176_205   [30]uint16
+	Words206_254   [49]uint16
+	Integrity_word uint16
+}
+
+const (
+	ST_MANDLOCK    = 0x40
+	ST_NOATIME     = 0x400
+	ST_NODEV       = 0x4
+	ST_NODIRATIME  = 0x800
+	ST_NOEXEC      = 0x8
+	ST_NOSUID      = 0x2
+	ST_RDONLY      = 0x1
+	ST_RELATIME    = 0x1000
+	ST_SYNCHRONOUS = 0x10
+)
+
+type Tpacket2Hdr struct {
+	Status    uint32
+	Len       uint32
+	Snaplen   uint32
+	Mac       uint16
+	Net       uint16
+	Sec       uint32
+	Nsec      uint32
+	Vlan_tci  uint16
+	Vlan_tpid uint16
+	_         [4]uint8
+}
+
+type Tpacket3Hdr struct {
+	Next_offset uint32
+	Sec         uint32
+	Nsec        uint32
+	Snaplen     uint32
+	Len         uint32
+	Status      uint32
+	Mac         uint16
+	Net         uint16
+	Hv1         TpacketHdrVariant1
+	_           [8]uint8
+}
+
+type TpacketHdrVariant1 struct {
+	Rxhash    uint32
+	Vlan_tci  uint32
+	Vlan_tpid uint16
+	_         uint16
+}
+
+type TpacketBlockDesc struct {
+	Version uint32
+	To_priv uint32
+	Hdr     [40]byte
+}
+
+type TpacketBDTS struct {
+	Sec  uint32
+	Usec uint32
+}
+
+type TpacketHdrV1 struct {
+	Block_status        uint32
+	Num_pkts            uint32
+	Offset_to_first_pkt uint32
+	Blk_len             uint32
+	Seq_num             uint64
+	Ts_first_pkt        TpacketBDTS
+	Ts_last_pkt         TpacketBDTS
+}
+
+type TpacketReq struct {
+	Block_size uint32
+	Block_nr   uint32
+	Frame_size uint32
+	Frame_nr   uint32
+}
+
+type TpacketReq3 struct {
+	Block_size       uint32
+	Block_nr         uint32
+	Frame_size       uint32
+	Frame_nr         uint32
+	Retire_blk_tov   uint32
+	Sizeof_priv      uint32
+	Feature_req_word uint32
+}
+
+type TpacketStats struct {
+	Packets uint32
+	Drops   uint32
+}
+
+type TpacketStatsV3 struct {
+	Packets      uint32
+	Drops        uint32
+	Freeze_q_cnt uint32
+}
+
+type TpacketAuxdata struct {
+	Status    uint32
+	Len       uint32
+	Snaplen   uint32
+	Mac       uint16
+	Net       uint16
+	Vlan_tci  uint16
+	Vlan_tpid uint16
+}
+
+const (
+	TPACKET_V1 = 0x0
+	TPACKET_V2 = 0x1
+	TPACKET_V3 = 0x2
+)
+
+const (
+	SizeofTpacket2Hdr = 0x20
+	SizeofTpacket3Hdr = 0x30
+
+	SizeofTpacketStats   = 0x8
+	SizeofTpacketStatsV3 = 0xc
+)
+
+const (
+	NF_INET_PRE_ROUTING  = 0x0
+	NF_INET_LOCAL_IN     = 0x1
+	NF_INET_FORWARD      = 0x2
+	NF_INET_LOCAL_OUT    = 0x3
+	NF_INET_POST_ROUTING = 0x4
+	NF_INET_NUMHOOKS     = 0x5
+)
+
+const (
+	NF_NETDEV_INGRESS  = 0x0
+	NF_NETDEV_NUMHOOKS = 0x1
+)
+
+const (
+	NFPROTO_UNSPEC   = 0x0
+	NFPROTO_INET     = 0x1
+	NFPROTO_IPV4     = 0x2
+	NFPROTO_ARP      = 0x3
+	NFPROTO_NETDEV   = 0x5
+	NFPROTO_BRIDGE   = 0x7
+	NFPROTO_IPV6     = 0xa
+	NFPROTO_DECNET   = 0xc
+	NFPROTO_NUMPROTO = 0xd
+)
+
+type Nfgenmsg struct {
+	Nfgen_family uint8
+	Version      uint8
+	Res_id       uint16
+}
+
+const (
+	NFNL_BATCH_UNSPEC = 0x0
+	NFNL_BATCH_GENID  = 0x1
+)
+
+const (
+	NFT_REG_VERDICT                   = 0x0
+	NFT_REG_1                         = 0x1
+	NFT_REG_2                         = 0x2
+	NFT_REG_3                         = 0x3
+	NFT_REG_4                         = 0x4
+	NFT_REG32_00                      = 0x8
+	NFT_REG32_01                      = 0x9
+	NFT_REG32_02                      = 0xa
+	NFT_REG32_03                      = 0xb
+	NFT_REG32_04                      = 0xc
+	NFT_REG32_05                      = 0xd
+	NFT_REG32_06                      = 0xe
+	NFT_REG32_07                      = 0xf
+	NFT_REG32_08                      = 0x10
+	NFT_REG32_09                      = 0x11
+	NFT_REG32_10                      = 0x12
+	NFT_REG32_11                      = 0x13
+	NFT_REG32_12                      = 0x14
+	NFT_REG32_13                      = 0x15
+	NFT_REG32_14                      = 0x16
+	NFT_REG32_15                      = 0x17
+	NFT_CONTINUE                      = -0x1
+	NFT_BREAK                         = -0x2
+	NFT_JUMP                          = -0x3
+	NFT_GOTO                          = -0x4
+	NFT_RETURN                        = -0x5
+	NFT_MSG_NEWTABLE                  = 0x0
+	NFT_MSG_GETTABLE                  = 0x1
+	NFT_MSG_DELTABLE                  = 0x2
+	NFT_MSG_NEWCHAIN                  = 0x3
+	NFT_MSG_GETCHAIN                  = 0x4
+	NFT_MSG_DELCHAIN                  = 0x5
+	NFT_MSG_NEWRULE                   = 0x6
+	NFT_MSG_GETRULE                   = 0x7
+	NFT_MSG_DELRULE                   = 0x8
+	NFT_MSG_NEWSET                    = 0x9
+	NFT_MSG_GETSET                    = 0xa
+	NFT_MSG_DELSET                    = 0xb
+	NFT_MSG_NEWSETELEM                = 0xc
+	NFT_MSG_GETSETELEM                = 0xd
+	NFT_MSG_DELSETELEM                = 0xe
+	NFT_MSG_NEWGEN                    = 0xf
+	NFT_MSG_GETGEN                    = 0x10
+	NFT_MSG_TRACE                     = 0x11
+	NFT_MSG_NEWOBJ                    = 0x12
+	NFT_MSG_GETOBJ                    = 0x13
+	NFT_MSG_DELOBJ                    = 0x14
+	NFT_MSG_GETOBJ_RESET              = 0x15
+	NFT_MSG_MAX                       = 0x19
+	NFTA_LIST_UNPEC                   = 0x0
+	NFTA_LIST_ELEM                    = 0x1
+	NFTA_HOOK_UNSPEC                  = 0x0
+	NFTA_HOOK_HOOKNUM                 = 0x1
+	NFTA_HOOK_PRIORITY                = 0x2
+	NFTA_HOOK_DEV                     = 0x3
+	NFT_TABLE_F_DORMANT               = 0x1
+	NFTA_TABLE_UNSPEC                 = 0x0
+	NFTA_TABLE_NAME                   = 0x1
+	NFTA_TABLE_FLAGS                  = 0x2
+	NFTA_TABLE_USE                    = 0x3
+	NFTA_CHAIN_UNSPEC                 = 0x0
+	NFTA_CHAIN_TABLE                  = 0x1
+	NFTA_CHAIN_HANDLE                 = 0x2
+	NFTA_CHAIN_NAME                   = 0x3
+	NFTA_CHAIN_HOOK                   = 0x4
+	NFTA_CHAIN_POLICY                 = 0x5
+	NFTA_CHAIN_USE                    = 0x6
+	NFTA_CHAIN_TYPE                   = 0x7
+	NFTA_CHAIN_COUNTERS               = 0x8
+	NFTA_CHAIN_PAD                    = 0x9
+	NFTA_RULE_UNSPEC                  = 0x0
+	NFTA_RULE_TABLE                   = 0x1
+	NFTA_RULE_CHAIN                   = 0x2
+	NFTA_RULE_HANDLE                  = 0x3
+	NFTA_RULE_EXPRESSIONS             = 0x4
+	NFTA_RULE_COMPAT                  = 0x5
+	NFTA_RULE_POSITION                = 0x6
+	NFTA_RULE_USERDATA                = 0x7
+	NFTA_RULE_PAD                     = 0x8
+	NFTA_RULE_ID                      = 0x9
+	NFT_RULE_COMPAT_F_INV             = 0x2
+	NFT_RULE_COMPAT_F_MASK            = 0x2
+	NFTA_RULE_COMPAT_UNSPEC           = 0x0
+	NFTA_RULE_COMPAT_PROTO            = 0x1
+	NFTA_RULE_COMPAT_FLAGS            = 0x2
+	NFT_SET_ANONYMOUS                 = 0x1
+	NFT_SET_CONSTANT                  = 0x2
+	NFT_SET_INTERVAL                  = 0x4
+	NFT_SET_MAP                       = 0x8
+	NFT_SET_TIMEOUT                   = 0x10
+	NFT_SET_EVAL                      = 0x20
+	NFT_SET_OBJECT                    = 0x40
+	NFT_SET_POL_PERFORMANCE           = 0x0
+	NFT_SET_POL_MEMORY                = 0x1
+	NFTA_SET_DESC_UNSPEC              = 0x0
+	NFTA_SET_DESC_SIZE                = 0x1
+	NFTA_SET_UNSPEC                   = 0x0
+	NFTA_SET_TABLE                    = 0x1
+	NFTA_SET_NAME                     = 0x2
+	NFTA_SET_FLAGS                    = 0x3
+	NFTA_SET_KEY_TYPE                 = 0x4
+	NFTA_SET_KEY_LEN                  = 0x5
+	NFTA_SET_DATA_TYPE                = 0x6
+	NFTA_SET_DATA_LEN                 = 0x7
+	NFTA_SET_POLICY                   = 0x8
+	NFTA_SET_DESC                     = 0x9
+	NFTA_SET_ID                       = 0xa
+	NFTA_SET_TIMEOUT                  = 0xb
+	NFTA_SET_GC_INTERVAL              = 0xc
+	NFTA_SET_USERDATA                 = 0xd
+	NFTA_SET_PAD                      = 0xe
+	NFTA_SET_OBJ_TYPE                 = 0xf
+	NFT_SET_ELEM_INTERVAL_END         = 0x1
+	NFTA_SET_ELEM_UNSPEC              = 0x0
+	NFTA_SET_ELEM_KEY                 = 0x1
+	NFTA_SET_ELEM_DATA                = 0x2
+	NFTA_SET_ELEM_FLAGS               = 0x3
+	NFTA_SET_ELEM_TIMEOUT             = 0x4
+	NFTA_SET_ELEM_EXPIRATION          = 0x5
+	NFTA_SET_ELEM_USERDATA            = 0x6
+	NFTA_SET_ELEM_EXPR                = 0x7
+	NFTA_SET_ELEM_PAD                 = 0x8
+	NFTA_SET_ELEM_OBJREF              = 0x9
+	NFTA_SET_ELEM_LIST_UNSPEC         = 0x0
+	NFTA_SET_ELEM_LIST_TABLE          = 0x1
+	NFTA_SET_ELEM_LIST_SET            = 0x2
+	NFTA_SET_ELEM_LIST_ELEMENTS       = 0x3
+	NFTA_SET_ELEM_LIST_SET_ID         = 0x4
+	NFT_DATA_VALUE                    = 0x0
+	NFT_DATA_VERDICT                  = 0xffffff00
+	NFTA_DATA_UNSPEC                  = 0x0
+	NFTA_DATA_VALUE                   = 0x1
+	NFTA_DATA_VERDICT                 = 0x2
+	NFTA_VERDICT_UNSPEC               = 0x0
+	NFTA_VERDICT_CODE                 = 0x1
+	NFTA_VERDICT_CHAIN                = 0x2
+	NFTA_EXPR_UNSPEC                  = 0x0
+	NFTA_EXPR_NAME                    = 0x1
+	NFTA_EXPR_DATA                    = 0x2
+	NFTA_IMMEDIATE_UNSPEC             = 0x0
+	NFTA_IMMEDIATE_DREG               = 0x1
+	NFTA_IMMEDIATE_DATA               = 0x2
+	NFTA_BITWISE_UNSPEC               = 0x0
+	NFTA_BITWISE_SREG                 = 0x1
+	NFTA_BITWISE_DREG                 = 0x2
+	NFTA_BITWISE_LEN                  = 0x3
+	NFTA_BITWISE_MASK                 = 0x4
+	NFTA_BITWISE_XOR                  = 0x5
+	NFT_BYTEORDER_NTOH                = 0x0
+	NFT_BYTEORDER_HTON                = 0x1
+	NFTA_BYTEORDER_UNSPEC             = 0x0
+	NFTA_BYTEORDER_SREG               = 0x1
+	NFTA_BYTEORDER_DREG               = 0x2
+	NFTA_BYTEORDER_OP                 = 0x3
+	NFTA_BYTEORDER_LEN                = 0x4
+	NFTA_BYTEORDER_SIZE               = 0x5
+	NFT_CMP_EQ                        = 0x0
+	NFT_CMP_NEQ                       = 0x1
+	NFT_CMP_LT                        = 0x2
+	NFT_CMP_LTE                       = 0x3
+	NFT_CMP_GT                        = 0x4
+	NFT_CMP_GTE                       = 0x5
+	NFTA_CMP_UNSPEC                   = 0x0
+	NFTA_CMP_SREG                     = 0x1
+	NFTA_CMP_OP                       = 0x2
+	NFTA_CMP_DATA                     = 0x3
+	NFT_RANGE_EQ                      = 0x0
+	NFT_RANGE_NEQ                     = 0x1
+	NFTA_RANGE_UNSPEC                 = 0x0
+	NFTA_RANGE_SREG                   = 0x1
+	NFTA_RANGE_OP                     = 0x2
+	NFTA_RANGE_FROM_DATA              = 0x3
+	NFTA_RANGE_TO_DATA                = 0x4
+	NFT_LOOKUP_F_INV                  = 0x1
+	NFTA_LOOKUP_UNSPEC                = 0x0
+	NFTA_LOOKUP_SET                   = 0x1
+	NFTA_LOOKUP_SREG                  = 0x2
+	NFTA_LOOKUP_DREG                  = 0x3
+	NFTA_LOOKUP_SET_ID                = 0x4
+	NFTA_LOOKUP_FLAGS                 = 0x5
+	NFT_DYNSET_OP_ADD                 = 0x0
+	NFT_DYNSET_OP_UPDATE              = 0x1
+	NFT_DYNSET_F_INV                  = 0x1
+	NFTA_DYNSET_UNSPEC                = 0x0
+	NFTA_DYNSET_SET_NAME              = 0x1
+	NFTA_DYNSET_SET_ID                = 0x2
+	NFTA_DYNSET_OP                    = 0x3
+	NFTA_DYNSET_SREG_KEY              = 0x4
+	NFTA_DYNSET_SREG_DATA             = 0x5
+	NFTA_DYNSET_TIMEOUT               = 0x6
+	NFTA_DYNSET_EXPR                  = 0x7
+	NFTA_DYNSET_PAD                   = 0x8
+	NFTA_DYNSET_FLAGS                 = 0x9
+	NFT_PAYLOAD_LL_HEADER             = 0x0
+	NFT_PAYLOAD_NETWORK_HEADER        = 0x1
+	NFT_PAYLOAD_TRANSPORT_HEADER      = 0x2
+	NFT_PAYLOAD_CSUM_NONE             = 0x0
+	NFT_PAYLOAD_CSUM_INET             = 0x1
+	NFT_PAYLOAD_L4CSUM_PSEUDOHDR      = 0x1
+	NFTA_PAYLOAD_UNSPEC               = 0x0
+	NFTA_PAYLOAD_DREG                 = 0x1
+	NFTA_PAYLOAD_BASE                 = 0x2
+	NFTA_PAYLOAD_OFFSET               = 0x3
+	NFTA_PAYLOAD_LEN                  = 0x4
+	NFTA_PAYLOAD_SREG                 = 0x5
+	NFTA_PAYLOAD_CSUM_TYPE            = 0x6
+	NFTA_PAYLOAD_CSUM_OFFSET          = 0x7
+	NFTA_PAYLOAD_CSUM_FLAGS           = 0x8
+	NFT_EXTHDR_F_PRESENT              = 0x1
+	NFT_EXTHDR_OP_IPV6                = 0x0
+	NFT_EXTHDR_OP_TCPOPT              = 0x1
+	NFTA_EXTHDR_UNSPEC                = 0x0
+	NFTA_EXTHDR_DREG                  = 0x1
+	NFTA_EXTHDR_TYPE                  = 0x2
+	NFTA_EXTHDR_OFFSET                = 0x3
+	NFTA_EXTHDR_LEN                   = 0x4
+	NFTA_EXTHDR_FLAGS                 = 0x5
+	NFTA_EXTHDR_OP                    = 0x6
+	NFTA_EXTHDR_SREG                  = 0x7
+	NFT_META_LEN                      = 0x0
+	NFT_META_PROTOCOL                 = 0x1
+	NFT_META_PRIORITY                 = 0x2
+	NFT_META_MARK                     = 0x3
+	NFT_META_IIF                      = 0x4
+	NFT_META_OIF                      = 0x5
+	NFT_META_IIFNAME                  = 0x6
+	NFT_META_OIFNAME                  = 0x7
+	NFT_META_IIFTYPE                  = 0x8
+	NFT_META_OIFTYPE                  = 0x9
+	NFT_META_SKUID                    = 0xa
+	NFT_META_SKGID                    = 0xb
+	NFT_META_NFTRACE                  = 0xc
+	NFT_META_RTCLASSID                = 0xd
+	NFT_META_SECMARK                  = 0xe
+	NFT_META_NFPROTO                  = 0xf
+	NFT_META_L4PROTO                  = 0x10
+	NFT_META_BRI_IIFNAME              = 0x11
+	NFT_META_BRI_OIFNAME              = 0x12
+	NFT_META_PKTTYPE                  = 0x13
+	NFT_META_CPU                      = 0x14
+	NFT_META_IIFGROUP                 = 0x15
+	NFT_META_OIFGROUP                 = 0x16
+	NFT_META_CGROUP                   = 0x17
+	NFT_META_PRANDOM                  = 0x18
+	NFT_RT_CLASSID                    = 0x0
+	NFT_RT_NEXTHOP4                   = 0x1
+	NFT_RT_NEXTHOP6                   = 0x2
+	NFT_RT_TCPMSS                     = 0x3
+	NFT_HASH_JENKINS                  = 0x0
+	NFT_HASH_SYM                      = 0x1
+	NFTA_HASH_UNSPEC                  = 0x0
+	NFTA_HASH_SREG                    = 0x1
+	NFTA_HASH_DREG                    = 0x2
+	NFTA_HASH_LEN                     = 0x3
+	NFTA_HASH_MODULUS                 = 0x4
+	NFTA_HASH_SEED                    = 0x5
+	NFTA_HASH_OFFSET                  = 0x6
+	NFTA_HASH_TYPE                    = 0x7
+	NFTA_META_UNSPEC                  = 0x0
+	NFTA_META_DREG                    = 0x1
+	NFTA_META_KEY                     = 0x2
+	NFTA_META_SREG                    = 0x3
+	NFTA_RT_UNSPEC                    = 0x0
+	NFTA_RT_DREG                      = 0x1
+	NFTA_RT_KEY                       = 0x2
+	NFT_CT_STATE                      = 0x0
+	NFT_CT_DIRECTION                  = 0x1
+	NFT_CT_STATUS                     = 0x2
+	NFT_CT_MARK                       = 0x3
+	NFT_CT_SECMARK                    = 0x4
+	NFT_CT_EXPIRATION                 = 0x5
+	NFT_CT_HELPER                     = 0x6
+	NFT_CT_L3PROTOCOL                 = 0x7
+	NFT_CT_SRC                        = 0x8
+	NFT_CT_DST                        = 0x9
+	NFT_CT_PROTOCOL                   = 0xa
+	NFT_CT_PROTO_SRC                  = 0xb
+	NFT_CT_PROTO_DST                  = 0xc
+	NFT_CT_LABELS                     = 0xd
+	NFT_CT_PKTS                       = 0xe
+	NFT_CT_BYTES                      = 0xf
+	NFT_CT_AVGPKT                     = 0x10
+	NFT_CT_ZONE                       = 0x11
+	NFT_CT_EVENTMASK                  = 0x12
+	NFTA_CT_UNSPEC                    = 0x0
+	NFTA_CT_DREG                      = 0x1
+	NFTA_CT_KEY                       = 0x2
+	NFTA_CT_DIRECTION                 = 0x3
+	NFTA_CT_SREG                      = 0x4
+	NFT_LIMIT_PKTS                    = 0x0
+	NFT_LIMIT_PKT_BYTES               = 0x1
+	NFT_LIMIT_F_INV                   = 0x1
+	NFTA_LIMIT_UNSPEC                 = 0x0
+	NFTA_LIMIT_RATE                   = 0x1
+	NFTA_LIMIT_UNIT                   = 0x2
+	NFTA_LIMIT_BURST                  = 0x3
+	NFTA_LIMIT_TYPE                   = 0x4
+	NFTA_LIMIT_FLAGS                  = 0x5
+	NFTA_LIMIT_PAD                    = 0x6
+	NFTA_COUNTER_UNSPEC               = 0x0
+	NFTA_COUNTER_BYTES                = 0x1
+	NFTA_COUNTER_PACKETS              = 0x2
+	NFTA_COUNTER_PAD                  = 0x3
+	NFTA_LOG_UNSPEC                   = 0x0
+	NFTA_LOG_GROUP                    = 0x1
+	NFTA_LOG_PREFIX                   = 0x2
+	NFTA_LOG_SNAPLEN                  = 0x3
+	NFTA_LOG_QTHRESHOLD               = 0x4
+	NFTA_LOG_LEVEL                    = 0x5
+	NFTA_LOG_FLAGS                    = 0x6
+	NFTA_QUEUE_UNSPEC                 = 0x0
+	NFTA_QUEUE_NUM                    = 0x1
+	NFTA_QUEUE_TOTAL                  = 0x2
+	NFTA_QUEUE_FLAGS                  = 0x3
+	NFTA_QUEUE_SREG_QNUM              = 0x4
+	NFT_QUOTA_F_INV                   = 0x1
+	NFT_QUOTA_F_DEPLETED              = 0x2
+	NFTA_QUOTA_UNSPEC                 = 0x0
+	NFTA_QUOTA_BYTES                  = 0x1
+	NFTA_QUOTA_FLAGS                  = 0x2
+	NFTA_QUOTA_PAD                    = 0x3
+	NFTA_QUOTA_CONSUMED               = 0x4
+	NFT_REJECT_ICMP_UNREACH           = 0x0
+	NFT_REJECT_TCP_RST                = 0x1
+	NFT_REJECT_ICMPX_UNREACH          = 0x2
+	NFT_REJECT_ICMPX_NO_ROUTE         = 0x0
+	NFT_REJECT_ICMPX_PORT_UNREACH     = 0x1
+	NFT_REJECT_ICMPX_HOST_UNREACH     = 0x2
+	NFT_REJECT_ICMPX_ADMIN_PROHIBITED = 0x3
+	NFTA_REJECT_UNSPEC                = 0x0
+	NFTA_REJECT_TYPE                  = 0x1
+	NFTA_REJECT_ICMP_CODE             = 0x2
+	NFT_NAT_SNAT                      = 0x0
+	NFT_NAT_DNAT                      = 0x1
+	NFTA_NAT_UNSPEC                   = 0x0
+	NFTA_NAT_TYPE                     = 0x1
+	NFTA_NAT_FAMILY                   = 0x2
+	NFTA_NAT_REG_ADDR_MIN             = 0x3
+	NFTA_NAT_REG_ADDR_MAX             = 0x4
+	NFTA_NAT_REG_PROTO_MIN            = 0x5
+	NFTA_NAT_REG_PROTO_MAX            = 0x6
+	NFTA_NAT_FLAGS                    = 0x7
+	NFTA_MASQ_UNSPEC                  = 0x0
+	NFTA_MASQ_FLAGS                   = 0x1
+	NFTA_MASQ_REG_PROTO_MIN           = 0x2
+	NFTA_MASQ_REG_PROTO_MAX           = 0x3
+	NFTA_REDIR_UNSPEC                 = 0x0
+	NFTA_REDIR_REG_PROTO_MIN          = 0x1
+	NFTA_REDIR_REG_PROTO_MAX          = 0x2
+	NFTA_REDIR_FLAGS                  = 0x3
+	NFTA_DUP_UNSPEC                   = 0x0
+	NFTA_DUP_SREG_ADDR                = 0x1
+	NFTA_DUP_SREG_DEV                 = 0x2
+	NFTA_FWD_UNSPEC                   = 0x0
+	NFTA_FWD_SREG_DEV                 = 0x1
+	NFTA_OBJREF_UNSPEC                = 0x0
+	NFTA_OBJREF_IMM_TYPE              = 0x1
+	NFTA_OBJREF_IMM_NAME              = 0x2
+	NFTA_OBJREF_SET_SREG              = 0x3
+	NFTA_OBJREF_SET_NAME              = 0x4
+	NFTA_OBJREF_SET_ID                = 0x5
+	NFTA_GEN_UNSPEC                   = 0x0
+	NFTA_GEN_ID                       = 0x1
+	NFTA_GEN_PROC_PID                 = 0x2
+	NFTA_GEN_PROC_NAME                = 0x3
+	NFTA_FIB_UNSPEC                   = 0x0
+	NFTA_FIB_DREG                     = 0x1
+	NFTA_FIB_RESULT                   = 0x2
+	NFTA_FIB_FLAGS                    = 0x3
+	NFT_FIB_RESULT_UNSPEC             = 0x0
+	NFT_FIB_RESULT_OIF                = 0x1
+	NFT_FIB_RESULT_OIFNAME            = 0x2
+	NFT_FIB_RESULT_ADDRTYPE           = 0x3
+	NFTA_FIB_F_SADDR                  = 0x1
+	NFTA_FIB_F_DADDR                  = 0x2
+	NFTA_FIB_F_MARK                   = 0x4
+	NFTA_FIB_F_IIF                    = 0x8
+	NFTA_FIB_F_OIF                    = 0x10
+	NFTA_FIB_F_PRESENT                = 0x20
+	NFTA_CT_HELPER_UNSPEC             = 0x0
+	NFTA_CT_HELPER_NAME               = 0x1
+	NFTA_CT_HELPER_L3PROTO            = 0x2
+	NFTA_CT_HELPER_L4PROTO            = 0x3
+	NFTA_OBJ_UNSPEC                   = 0x0
+	NFTA_OBJ_TABLE                    = 0x1
+	NFTA_OBJ_NAME                     = 0x2
+	NFTA_OBJ_TYPE                     = 0x3
+	NFTA_OBJ_DATA                     = 0x4
+	NFTA_OBJ_USE                      = 0x5
+	NFTA_TRACE_UNSPEC                 = 0x0
+	NFTA_TRACE_TABLE                  = 0x1
+	NFTA_TRACE_CHAIN                  = 0x2
+	NFTA_TRACE_RULE_HANDLE            = 0x3
+	NFTA_TRACE_TYPE                   = 0x4
+	NFTA_TRACE_VERDICT                = 0x5
+	NFTA_TRACE_ID                     = 0x6
+	NFTA_TRACE_LL_HEADER              = 0x7
+	NFTA_TRACE_NETWORK_HEADER         = 0x8
+	NFTA_TRACE_TRANSPORT_HEADER       = 0x9
+	NFTA_TRACE_IIF                    = 0xa
+	NFTA_TRACE_IIFTYPE                = 0xb
+	NFTA_TRACE_OIF                    = 0xc
+	NFTA_TRACE_OIFTYPE                = 0xd
+	NFTA_TRACE_MARK                   = 0xe
+	NFTA_TRACE_NFPROTO                = 0xf
+	NFTA_TRACE_POLICY                 = 0x10
+	NFTA_TRACE_PAD                    = 0x11
+	NFT_TRACETYPE_UNSPEC              = 0x0
+	NFT_TRACETYPE_POLICY              = 0x1
+	NFT_TRACETYPE_RETURN              = 0x2
+	NFT_TRACETYPE_RULE                = 0x3
+	NFTA_NG_UNSPEC                    = 0x0
+	NFTA_NG_DREG                      = 0x1
+	NFTA_NG_MODULUS                   = 0x2
+	NFTA_NG_TYPE                      = 0x3
+	NFTA_NG_OFFSET                    = 0x4
+	NFT_NG_INCREMENTAL                = 0x0
+	NFT_NG_RANDOM                     = 0x1
+)
+
+const (
+	NFTA_TARGET_UNSPEC = 0x0
+	NFTA_TARGET_NAME   = 0x1
+	NFTA_TARGET_REV    = 0x2
+	NFTA_TARGET_INFO   = 0x3
+	NFTA_MATCH_UNSPEC  = 0x0
+	NFTA_MATCH_NAME    = 0x1
+	NFTA_MATCH_REV     = 0x2
+	NFTA_MATCH_INFO    = 0x3
+	NFTA_COMPAT_UNSPEC = 0x0
+	NFTA_COMPAT_NAME   = 0x1
+	NFTA_COMPAT_REV    = 0x2
+	NFTA_COMPAT_TYPE   = 0x3
+)
+
+type RTCTime struct {
+	Sec   int32
+	Min   int32
+	Hour  int32
+	Mday  int32
+	Mon   int32
+	Year  int32
+	Wday  int32
+	Yday  int32
+	Isdst int32
+}
+
+type RTCWkAlrm struct {
+	Enabled uint8
+	Pending uint8
+	Time    RTCTime
+}
+
+type BlkpgIoctlArg struct {
+	Op      int32
+	Flags   int32
+	Datalen int32
+	Data    *byte
+}
+
+const (
+	BLKPG_ADD_PARTITION    = 0x1
+	BLKPG_DEL_PARTITION    = 0x2
+	BLKPG_RESIZE_PARTITION = 0x3
+)
+
+const (
+	NETNSA_NONE = 0x0
+	NETNSA_NSID = 0x1
+	NETNSA_PID  = 0x2
+	NETNSA_FD   = 0x3
+)
+
+type XDPRingOffset struct {
+	Producer uint64
+	Consumer uint64
+	Desc     uint64
+	Flags    uint64
+}
+
+type XDPMmapOffsets struct {
+	Rx XDPRingOffset
+	Tx XDPRingOffset
+	Fr XDPRingOffset
+	Cr XDPRingOffset
+}
+
+type XDPStatistics struct {
+	Rx_dropped       uint64
+	Rx_invalid_descs uint64
+	Tx_invalid_descs uint64
+}
+
+type XDPDesc struct {
+	Addr    uint64
+	Len     uint32
+	Options uint32
+}
+
+const (
+	NCSI_CMD_UNSPEC                 = 0x0
+	NCSI_CMD_PKG_INFO               = 0x1
+	NCSI_CMD_SET_INTERFACE          = 0x2
+	NCSI_CMD_CLEAR_INTERFACE        = 0x3
+	NCSI_ATTR_UNSPEC                = 0x0
+	NCSI_ATTR_IFINDEX               = 0x1
+	NCSI_ATTR_PACKAGE_LIST          = 0x2
+	NCSI_ATTR_PACKAGE_ID            = 0x3
+	NCSI_ATTR_CHANNEL_ID            = 0x4
+	NCSI_PKG_ATTR_UNSPEC            = 0x0
+	NCSI_PKG_ATTR                   = 0x1
+	NCSI_PKG_ATTR_ID                = 0x2
+	NCSI_PKG_ATTR_FORCED            = 0x3
+	NCSI_PKG_ATTR_CHANNEL_LIST      = 0x4
+	NCSI_CHANNEL_ATTR_UNSPEC        = 0x0
+	NCSI_CHANNEL_ATTR               = 0x1
+	NCSI_CHANNEL_ATTR_ID            = 0x2
+	NCSI_CHANNEL_ATTR_VERSION_MAJOR = 0x3
+	NCSI_CHANNEL_ATTR_VERSION_MINOR = 0x4
+	NCSI_CHANNEL_ATTR_VERSION_STR   = 0x5
+	NCSI_CHANNEL_ATTR_LINK_STATE    = 0x6
+	NCSI_CHANNEL_ATTR_ACTIVE        = 0x7
+	NCSI_CHANNEL_ATTR_FORCED        = 0x8
+	NCSI_CHANNEL_ATTR_VLAN_LIST     = 0x9
+	NCSI_CHANNEL_ATTR_VLAN_ID       = 0xa
+)
+
+type ScmTimestamping struct {
+	Ts [3]Timespec
+}
+
+const (
+	SOF_TIMESTAMPING_TX_HARDWARE  = 0x1
+	SOF_TIMESTAMPING_TX_SOFTWARE  = 0x2
+	SOF_TIMESTAMPING_RX_HARDWARE  = 0x4
+	SOF_TIMESTAMPING_RX_SOFTWARE  = 0x8
+	SOF_TIMESTAMPING_SOFTWARE     = 0x10
+	SOF_TIMESTAMPING_SYS_HARDWARE = 0x20
+	SOF_TIMESTAMPING_RAW_HARDWARE = 0x40
+	SOF_TIMESTAMPING_OPT_ID       = 0x80
+	SOF_TIMESTAMPING_TX_SCHED     = 0x100
+	SOF_TIMESTAMPING_TX_ACK       = 0x200
+	SOF_TIMESTAMPING_OPT_CMSG     = 0x400
+	SOF_TIMESTAMPING_OPT_TSONLY   = 0x800
+	SOF_TIMESTAMPING_OPT_STATS    = 0x1000
+	SOF_TIMESTAMPING_OPT_PKTINFO  = 0x2000
+	SOF_TIMESTAMPING_OPT_TX_SWHW  = 0x4000
+
+	SOF_TIMESTAMPING_LAST = 0x4000
+	SOF_TIMESTAMPING_MASK = 0x7fff
+
+	SCM_TSTAMP_SND   = 0x0
+	SCM_TSTAMP_SCHED = 0x1
+	SCM_TSTAMP_ACK   = 0x2
+)
+
+type SockExtendedErr struct {
+	Errno  uint32
+	Origin uint8
+	Type   uint8
+	Code   uint8
+	Pad    uint8
+	Info   uint32
+	Data   uint32
+}
+
+type FanotifyEventMetadata struct {
+	Event_len    uint32
+	Vers         uint8
+	Reserved     uint8
+	Metadata_len uint16
+	Mask         uint64
+	Fd           int32
+	Pid          int32
+}
+
+type FanotifyResponse struct {
+	Fd       int32
+	Response uint32
+}
+
+const (
+	CRYPTO_MSG_BASE      = 0x10
+	CRYPTO_MSG_NEWALG    = 0x10
+	CRYPTO_MSG_DELALG    = 0x11
+	CRYPTO_MSG_UPDATEALG = 0x12
+	CRYPTO_MSG_GETALG    = 0x13
+	CRYPTO_MSG_DELRNG    = 0x14
+	CRYPTO_MSG_GETSTAT   = 0x15
+)
+
+const (
+	CRYPTOCFGA_UNSPEC           = 0x0
+	CRYPTOCFGA_PRIORITY_VAL     = 0x1
+	CRYPTOCFGA_REPORT_LARVAL    = 0x2
+	CRYPTOCFGA_REPORT_HASH      = 0x3
+	CRYPTOCFGA_REPORT_BLKCIPHER = 0x4
+	CRYPTOCFGA_REPORT_AEAD      = 0x5
+	CRYPTOCFGA_REPORT_COMPRESS  = 0x6
+	CRYPTOCFGA_REPORT_RNG       = 0x7
+	CRYPTOCFGA_REPORT_CIPHER    = 0x8
+	CRYPTOCFGA_REPORT_AKCIPHER  = 0x9
+	CRYPTOCFGA_REPORT_KPP       = 0xa
+	CRYPTOCFGA_REPORT_ACOMP     = 0xb
+	CRYPTOCFGA_STAT_LARVAL      = 0xc
+	CRYPTOCFGA_STAT_HASH        = 0xd
+	CRYPTOCFGA_STAT_BLKCIPHER   = 0xe
+	CRYPTOCFGA_STAT_AEAD        = 0xf
+	CRYPTOCFGA_STAT_COMPRESS    = 0x10
+	CRYPTOCFGA_STAT_RNG         = 0x11
+	CRYPTOCFGA_STAT_CIPHER      = 0x12
+	CRYPTOCFGA_STAT_AKCIPHER    = 0x13
+	CRYPTOCFGA_STAT_KPP         = 0x14
+	CRYPTOCFGA_STAT_ACOMP       = 0x15
+)
+
+const (
+	BPF_REG_0                               = 0x0
+	BPF_REG_1                               = 0x1
+	BPF_REG_2                               = 0x2
+	BPF_REG_3                               = 0x3
+	BPF_REG_4                               = 0x4
+	BPF_REG_5                               = 0x5
+	BPF_REG_6                               = 0x6
+	BPF_REG_7                               = 0x7
+	BPF_REG_8                               = 0x8
+	BPF_REG_9                               = 0x9
+	BPF_REG_10                              = 0xa
+	BPF_MAP_CREATE                          = 0x0
+	BPF_MAP_LOOKUP_ELEM                     = 0x1
+	BPF_MAP_UPDATE_ELEM                     = 0x2
+	BPF_MAP_DELETE_ELEM                     = 0x3
+	BPF_MAP_GET_NEXT_KEY                    = 0x4
+	BPF_PROG_LOAD                           = 0x5
+	BPF_OBJ_PIN                             = 0x6
+	BPF_OBJ_GET                             = 0x7
+	BPF_PROG_ATTACH                         = 0x8
+	BPF_PROG_DETACH                         = 0x9
+	BPF_PROG_TEST_RUN                       = 0xa
+	BPF_PROG_GET_NEXT_ID                    = 0xb
+	BPF_MAP_GET_NEXT_ID                     = 0xc
+	BPF_PROG_GET_FD_BY_ID                   = 0xd
+	BPF_MAP_GET_FD_BY_ID                    = 0xe
+	BPF_OBJ_GET_INFO_BY_FD                  = 0xf
+	BPF_PROG_QUERY                          = 0x10
+	BPF_RAW_TRACEPOINT_OPEN                 = 0x11
+	BPF_BTF_LOAD                            = 0x12
+	BPF_BTF_GET_FD_BY_ID                    = 0x13
+	BPF_TASK_FD_QUERY                       = 0x14
+	BPF_MAP_LOOKUP_AND_DELETE_ELEM          = 0x15
+	BPF_MAP_FREEZE                          = 0x16
+	BPF_BTF_GET_NEXT_ID                     = 0x17
+	BPF_MAP_LOOKUP_BATCH                    = 0x18
+	BPF_MAP_LOOKUP_AND_DELETE_BATCH         = 0x19
+	BPF_MAP_UPDATE_BATCH                    = 0x1a
+	BPF_MAP_DELETE_BATCH                    = 0x1b
+	BPF_LINK_CREATE                         = 0x1c
+	BPF_LINK_UPDATE                         = 0x1d
+	BPF_LINK_GET_FD_BY_ID                   = 0x1e
+	BPF_LINK_GET_NEXT_ID                    = 0x1f
+	BPF_ENABLE_STATS                        = 0x20
+	BPF_ITER_CREATE                         = 0x21
+	BPF_MAP_TYPE_UNSPEC                     = 0x0
+	BPF_MAP_TYPE_HASH                       = 0x1
+	BPF_MAP_TYPE_ARRAY                      = 0x2
+	BPF_MAP_TYPE_PROG_ARRAY                 = 0x3
+	BPF_MAP_TYPE_PERF_EVENT_ARRAY           = 0x4
+	BPF_MAP_TYPE_PERCPU_HASH                = 0x5
+	BPF_MAP_TYPE_PERCPU_ARRAY               = 0x6
+	BPF_MAP_TYPE_STACK_TRACE                = 0x7
+	BPF_MAP_TYPE_CGROUP_ARRAY               = 0x8
+	BPF_MAP_TYPE_LRU_HASH                   = 0x9
+	BPF_MAP_TYPE_LRU_PERCPU_HASH            = 0xa
+	BPF_MAP_TYPE_LPM_TRIE                   = 0xb
+	BPF_MAP_TYPE_ARRAY_OF_MAPS              = 0xc
+	BPF_MAP_TYPE_HASH_OF_MAPS               = 0xd
+	BPF_MAP_TYPE_DEVMAP                     = 0xe
+	BPF_MAP_TYPE_SOCKMAP                    = 0xf
+	BPF_MAP_TYPE_CPUMAP                     = 0x10
+	BPF_MAP_TYPE_XSKMAP                     = 0x11
+	BPF_MAP_TYPE_SOCKHASH                   = 0x12
+	BPF_MAP_TYPE_CGROUP_STORAGE             = 0x13
+	BPF_MAP_TYPE_REUSEPORT_SOCKARRAY        = 0x14
+	BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE      = 0x15
+	BPF_MAP_TYPE_QUEUE                      = 0x16
+	BPF_MAP_TYPE_STACK                      = 0x17
+	BPF_MAP_TYPE_SK_STORAGE                 = 0x18
+	BPF_MAP_TYPE_DEVMAP_HASH                = 0x19
+	BPF_MAP_TYPE_STRUCT_OPS                 = 0x1a
+	BPF_MAP_TYPE_RINGBUF                    = 0x1b
+	BPF_PROG_TYPE_UNSPEC                    = 0x0
+	BPF_PROG_TYPE_SOCKET_FILTER             = 0x1
+	BPF_PROG_TYPE_KPROBE                    = 0x2
+	BPF_PROG_TYPE_SCHED_CLS                 = 0x3
+	BPF_PROG_TYPE_SCHED_ACT                 = 0x4
+	BPF_PROG_TYPE_TRACEPOINT                = 0x5
+	BPF_PROG_TYPE_XDP                       = 0x6
+	BPF_PROG_TYPE_PERF_EVENT                = 0x7
+	BPF_PROG_TYPE_CGROUP_SKB                = 0x8
+	BPF_PROG_TYPE_CGROUP_SOCK               = 0x9
+	BPF_PROG_TYPE_LWT_IN                    = 0xa
+	BPF_PROG_TYPE_LWT_OUT                   = 0xb
+	BPF_PROG_TYPE_LWT_XMIT                  = 0xc
+	BPF_PROG_TYPE_SOCK_OPS                  = 0xd
+	BPF_PROG_TYPE_SK_SKB                    = 0xe
+	BPF_PROG_TYPE_CGROUP_DEVICE             = 0xf
+	BPF_PROG_TYPE_SK_MSG                    = 0x10
+	BPF_PROG_TYPE_RAW_TRACEPOINT            = 0x11
+	BPF_PROG_TYPE_CGROUP_SOCK_ADDR          = 0x12
+	BPF_PROG_TYPE_LWT_SEG6LOCAL             = 0x13
+	BPF_PROG_TYPE_LIRC_MODE2                = 0x14
+	BPF_PROG_TYPE_SK_REUSEPORT              = 0x15
+	BPF_PROG_TYPE_FLOW_DISSECTOR            = 0x16
+	BPF_PROG_TYPE_CGROUP_SYSCTL             = 0x17
+	BPF_PROG_TYPE_RAW_TRACEPOINT_WRITABLE   = 0x18
+	BPF_PROG_TYPE_CGROUP_SOCKOPT            = 0x19
+	BPF_PROG_TYPE_TRACING                   = 0x1a
+	BPF_PROG_TYPE_STRUCT_OPS                = 0x1b
+	BPF_PROG_TYPE_EXT                       = 0x1c
+	BPF_PROG_TYPE_LSM                       = 0x1d
+	BPF_CGROUP_INET_INGRESS                 = 0x0
+	BPF_CGROUP_INET_EGRESS                  = 0x1
+	BPF_CGROUP_INET_SOCK_CREATE             = 0x2
+	BPF_CGROUP_SOCK_OPS                     = 0x3
+	BPF_SK_SKB_STREAM_PARSER                = 0x4
+	BPF_SK_SKB_STREAM_VERDICT               = 0x5
+	BPF_CGROUP_DEVICE                       = 0x6
+	BPF_SK_MSG_VERDICT                      = 0x7
+	BPF_CGROUP_INET4_BIND                   = 0x8
+	BPF_CGROUP_INET6_BIND                   = 0x9
+	BPF_CGROUP_INET4_CONNECT                = 0xa
+	BPF_CGROUP_INET6_CONNECT                = 0xb
+	BPF_CGROUP_INET4_POST_BIND              = 0xc
+	BPF_CGROUP_INET6_POST_BIND              = 0xd
+	BPF_CGROUP_UDP4_SENDMSG                 = 0xe
+	BPF_CGROUP_UDP6_SENDMSG                 = 0xf
+	BPF_LIRC_MODE2                          = 0x10
+	BPF_FLOW_DISSECTOR                      = 0x11
+	BPF_CGROUP_SYSCTL                       = 0x12
+	BPF_CGROUP_UDP4_RECVMSG                 = 0x13
+	BPF_CGROUP_UDP6_RECVMSG                 = 0x14
+	BPF_CGROUP_GETSOCKOPT                   = 0x15
+	BPF_CGROUP_SETSOCKOPT                   = 0x16
+	BPF_TRACE_RAW_TP                        = 0x17
+	BPF_TRACE_FENTRY                        = 0x18
+	BPF_TRACE_FEXIT                         = 0x19
+	BPF_MODIFY_RETURN                       = 0x1a
+	BPF_LSM_MAC                             = 0x1b
+	BPF_TRACE_ITER                          = 0x1c
+	BPF_CGROUP_INET4_GETPEERNAME            = 0x1d
+	BPF_CGROUP_INET6_GETPEERNAME            = 0x1e
+	BPF_CGROUP_INET4_GETSOCKNAME            = 0x1f
+	BPF_CGROUP_INET6_GETSOCKNAME            = 0x20
+	BPF_XDP_DEVMAP                          = 0x21
+	BPF_LINK_TYPE_UNSPEC                    = 0x0
+	BPF_LINK_TYPE_RAW_TRACEPOINT            = 0x1
+	BPF_LINK_TYPE_TRACING                   = 0x2
+	BPF_LINK_TYPE_CGROUP                    = 0x3
+	BPF_LINK_TYPE_ITER                      = 0x4
+	BPF_LINK_TYPE_NETNS                     = 0x5
+	BPF_ANY                                 = 0x0
+	BPF_NOEXIST                             = 0x1
+	BPF_EXIST                               = 0x2
+	BPF_F_LOCK                              = 0x4
+	BPF_F_NO_PREALLOC                       = 0x1
+	BPF_F_NO_COMMON_LRU                     = 0x2
+	BPF_F_NUMA_NODE                         = 0x4
+	BPF_F_RDONLY                            = 0x8
+	BPF_F_WRONLY                            = 0x10
+	BPF_F_STACK_BUILD_ID                    = 0x20
+	BPF_F_ZERO_SEED                         = 0x40
+	BPF_F_RDONLY_PROG                       = 0x80
+	BPF_F_WRONLY_PROG                       = 0x100
+	BPF_F_CLONE                             = 0x200
+	BPF_F_MMAPABLE                          = 0x400
+	BPF_STATS_RUN_TIME                      = 0x0
+	BPF_STACK_BUILD_ID_EMPTY                = 0x0
+	BPF_STACK_BUILD_ID_VALID                = 0x1
+	BPF_STACK_BUILD_ID_IP                   = 0x2
+	BPF_F_RECOMPUTE_CSUM                    = 0x1
+	BPF_F_INVALIDATE_HASH                   = 0x2
+	BPF_F_HDR_FIELD_MASK                    = 0xf
+	BPF_F_PSEUDO_HDR                        = 0x10
+	BPF_F_MARK_MANGLED_0                    = 0x20
+	BPF_F_MARK_ENFORCE                      = 0x40
+	BPF_F_INGRESS                           = 0x1
+	BPF_F_TUNINFO_IPV6                      = 0x1
+	BPF_F_SKIP_FIELD_MASK                   = 0xff
+	BPF_F_USER_STACK                        = 0x100
+	BPF_F_FAST_STACK_CMP                    = 0x200
+	BPF_F_REUSE_STACKID                     = 0x400
+	BPF_F_USER_BUILD_ID                     = 0x800
+	BPF_F_ZERO_CSUM_TX                      = 0x2
+	BPF_F_DONT_FRAGMENT                     = 0x4
+	BPF_F_SEQ_NUMBER                        = 0x8
+	BPF_F_INDEX_MASK                        = 0xffffffff
+	BPF_F_CURRENT_CPU                       = 0xffffffff
+	BPF_F_CTXLEN_MASK                       = 0xfffff00000000
+	BPF_F_CURRENT_NETNS                     = -0x1
+	BPF_CSUM_LEVEL_QUERY                    = 0x0
+	BPF_CSUM_LEVEL_INC                      = 0x1
+	BPF_CSUM_LEVEL_DEC                      = 0x2
+	BPF_CSUM_LEVEL_RESET                    = 0x3
+	BPF_F_ADJ_ROOM_FIXED_GSO                = 0x1
+	BPF_F_ADJ_ROOM_ENCAP_L3_IPV4            = 0x2
+	BPF_F_ADJ_ROOM_ENCAP_L3_IPV6            = 0x4
+	BPF_F_ADJ_ROOM_ENCAP_L4_GRE             = 0x8
+	BPF_F_ADJ_ROOM_ENCAP_L4_UDP             = 0x10
+	BPF_F_ADJ_ROOM_NO_CSUM_RESET            = 0x20
+	BPF_ADJ_ROOM_ENCAP_L2_MASK              = 0xff
+	BPF_ADJ_ROOM_ENCAP_L2_SHIFT             = 0x38
+	BPF_F_SYSCTL_BASE_NAME                  = 0x1
+	BPF_SK_STORAGE_GET_F_CREATE             = 0x1
+	BPF_F_GET_BRANCH_RECORDS_SIZE           = 0x1
+	BPF_RB_NO_WAKEUP                        = 0x1
+	BPF_RB_FORCE_WAKEUP                     = 0x2
+	BPF_RB_AVAIL_DATA                       = 0x0
+	BPF_RB_RING_SIZE                        = 0x1
+	BPF_RB_CONS_POS                         = 0x2
+	BPF_RB_PROD_POS                         = 0x3
+	BPF_RINGBUF_BUSY_BIT                    = 0x80000000
+	BPF_RINGBUF_DISCARD_BIT                 = 0x40000000
+	BPF_RINGBUF_HDR_SZ                      = 0x8
+	BPF_ADJ_ROOM_NET                        = 0x0
+	BPF_ADJ_ROOM_MAC                        = 0x1
+	BPF_HDR_START_MAC                       = 0x0
+	BPF_HDR_START_NET                       = 0x1
+	BPF_LWT_ENCAP_SEG6                      = 0x0
+	BPF_LWT_ENCAP_SEG6_INLINE               = 0x1
+	BPF_LWT_ENCAP_IP                        = 0x2
+	BPF_OK                                  = 0x0
+	BPF_DROP                                = 0x2
+	BPF_REDIRECT                            = 0x7
+	BPF_LWT_REROUTE                         = 0x80
+	BPF_SOCK_OPS_RTO_CB_FLAG                = 0x1
+	BPF_SOCK_OPS_RETRANS_CB_FLAG            = 0x2
+	BPF_SOCK_OPS_STATE_CB_FLAG              = 0x4
+	BPF_SOCK_OPS_RTT_CB_FLAG                = 0x8
+	BPF_SOCK_OPS_ALL_CB_FLAGS               = 0xf
+	BPF_SOCK_OPS_VOID                       = 0x0
+	BPF_SOCK_OPS_TIMEOUT_INIT               = 0x1
+	BPF_SOCK_OPS_RWND_INIT                  = 0x2
+	BPF_SOCK_OPS_TCP_CONNECT_CB             = 0x3
+	BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB      = 0x4
+	BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB     = 0x5
+	BPF_SOCK_OPS_NEEDS_ECN                  = 0x6
+	BPF_SOCK_OPS_BASE_RTT                   = 0x7
+	BPF_SOCK_OPS_RTO_CB                     = 0x8
+	BPF_SOCK_OPS_RETRANS_CB                 = 0x9
+	BPF_SOCK_OPS_STATE_CB                   = 0xa
+	BPF_SOCK_OPS_TCP_LISTEN_CB              = 0xb
+	BPF_SOCK_OPS_RTT_CB                     = 0xc
+	BPF_TCP_ESTABLISHED                     = 0x1
+	BPF_TCP_SYN_SENT                        = 0x2
+	BPF_TCP_SYN_RECV                        = 0x3
+	BPF_TCP_FIN_WAIT1                       = 0x4
+	BPF_TCP_FIN_WAIT2                       = 0x5
+	BPF_TCP_TIME_WAIT                       = 0x6
+	BPF_TCP_CLOSE                           = 0x7
+	BPF_TCP_CLOSE_WAIT                      = 0x8
+	BPF_TCP_LAST_ACK                        = 0x9
+	BPF_TCP_LISTEN                          = 0xa
+	BPF_TCP_CLOSING                         = 0xb
+	BPF_TCP_NEW_SYN_RECV                    = 0xc
+	BPF_TCP_MAX_STATES                      = 0xd
+	TCP_BPF_IW                              = 0x3e9
+	TCP_BPF_SNDCWND_CLAMP                   = 0x3ea
+	BPF_DEVCG_ACC_MKNOD                     = 0x1
+	BPF_DEVCG_ACC_READ                      = 0x2
+	BPF_DEVCG_ACC_WRITE                     = 0x4
+	BPF_DEVCG_DEV_BLOCK                     = 0x1
+	BPF_DEVCG_DEV_CHAR                      = 0x2
+	BPF_FIB_LOOKUP_DIRECT                   = 0x1
+	BPF_FIB_LOOKUP_OUTPUT                   = 0x2
+	BPF_FIB_LKUP_RET_SUCCESS                = 0x0
+	BPF_FIB_LKUP_RET_BLACKHOLE              = 0x1
+	BPF_FIB_LKUP_RET_UNREACHABLE            = 0x2
+	BPF_FIB_LKUP_RET_PROHIBIT               = 0x3
+	BPF_FIB_LKUP_RET_NOT_FWDED              = 0x4
+	BPF_FIB_LKUP_RET_FWD_DISABLED           = 0x5
+	BPF_FIB_LKUP_RET_UNSUPP_LWT             = 0x6
+	BPF_FIB_LKUP_RET_NO_NEIGH               = 0x7
+	BPF_FIB_LKUP_RET_FRAG_NEEDED            = 0x8
+	BPF_FD_TYPE_RAW_TRACEPOINT              = 0x0
+	BPF_FD_TYPE_TRACEPOINT                  = 0x1
+	BPF_FD_TYPE_KPROBE                      = 0x2
+	BPF_FD_TYPE_KRETPROBE                   = 0x3
+	BPF_FD_TYPE_UPROBE                      = 0x4
+	BPF_FD_TYPE_URETPROBE                   = 0x5
+	BPF_FLOW_DISSECTOR_F_PARSE_1ST_FRAG     = 0x1
+	BPF_FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL = 0x2
+	BPF_FLOW_DISSECTOR_F_STOP_AT_ENCAP      = 0x4
+)
+
+const (
+	RTNLGRP_NONE          = 0x0
+	RTNLGRP_LINK          = 0x1
+	RTNLGRP_NOTIFY        = 0x2
+	RTNLGRP_NEIGH         = 0x3
+	RTNLGRP_TC            = 0x4
+	RTNLGRP_IPV4_IFADDR   = 0x5
+	RTNLGRP_IPV4_MROUTE   = 0x6
+	RTNLGRP_IPV4_ROUTE    = 0x7
+	RTNLGRP_IPV4_RULE     = 0x8
+	RTNLGRP_IPV6_IFADDR   = 0x9
+	RTNLGRP_IPV6_MROUTE   = 0xa
+	RTNLGRP_IPV6_ROUTE    = 0xb
+	RTNLGRP_IPV6_IFINFO   = 0xc
+	RTNLGRP_DECnet_IFADDR = 0xd
+	RTNLGRP_NOP2          = 0xe
+	RTNLGRP_DECnet_ROUTE  = 0xf
+	RTNLGRP_DECnet_RULE   = 0x10
+	RTNLGRP_NOP4          = 0x11
+	RTNLGRP_IPV6_PREFIX   = 0x12
+	RTNLGRP_IPV6_RULE     = 0x13
+	RTNLGRP_ND_USEROPT    = 0x14
+	RTNLGRP_PHONET_IFADDR = 0x15
+	RTNLGRP_PHONET_ROUTE  = 0x16
+	RTNLGRP_DCB           = 0x17
+	RTNLGRP_IPV4_NETCONF  = 0x18
+	RTNLGRP_IPV6_NETCONF  = 0x19
+	RTNLGRP_MDB           = 0x1a
+	RTNLGRP_MPLS_ROUTE    = 0x1b
+	RTNLGRP_NSID          = 0x1c
+	RTNLGRP_MPLS_NETCONF  = 0x1d
+	RTNLGRP_IPV4_MROUTE_R = 0x1e
+	RTNLGRP_IPV6_MROUTE_R = 0x1f
+	RTNLGRP_NEXTHOP       = 0x20
+)
+
+type CapUserHeader struct {
+	Version uint32
+	Pid     int32
+}
+
+type CapUserData struct {
+	Effective   uint32
+	Permitted   uint32
+	Inheritable uint32
+}
+
+const (
+	LINUX_CAPABILITY_VERSION_1 = 0x19980330
+	LINUX_CAPABILITY_VERSION_2 = 0x20071026
+	LINUX_CAPABILITY_VERSION_3 = 0x20080522
+)
+
+const (
+	LO_FLAGS_READ_ONLY = 0x1
+	LO_FLAGS_AUTOCLEAR = 0x4
+	LO_FLAGS_PARTSCAN  = 0x8
+	LO_FLAGS_DIRECT_IO = 0x10
+)
+
+type LoopInfo64 struct {
+	Device           uint64
+	Inode            uint64
+	Rdevice          uint64
+	Offset           uint64
+	Sizelimit        uint64
+	Number           uint32
+	Encrypt_type     uint32
+	Encrypt_key_size uint32
+	Flags            uint32
+	File_name        [64]uint8
+	Crypt_name       [64]uint8
+	Encrypt_key      [32]uint8
+	Init             [2]uint64
+}
+
+type TIPCSocketAddr struct {
+	Ref  uint32
+	Node uint32
+}
+
+type TIPCServiceRange struct {
+	Type  uint32
+	Lower uint32
+	Upper uint32
+}
+
+type TIPCServiceName struct {
+	Type     uint32
+	Instance uint32
+	Domain   uint32
+}
+
+type TIPCEvent struct {
+	Event uint32
+	Lower uint32
+	Upper uint32
+	Port  TIPCSocketAddr
+	S     TIPCSubscr
+}
+
+type TIPCGroupReq struct {
+	Type     uint32
+	Instance uint32
+	Scope    uint32
+	Flags    uint32
+}
+
+const (
+	TIPC_CLUSTER_SCOPE = 0x2
+	TIPC_NODE_SCOPE    = 0x3
+)
+
+const (
+	SYSLOG_ACTION_CLOSE         = 0
+	SYSLOG_ACTION_OPEN          = 1
+	SYSLOG_ACTION_READ          = 2
+	SYSLOG_ACTION_READ_ALL      = 3
+	SYSLOG_ACTION_READ_CLEAR    = 4
+	SYSLOG_ACTION_CLEAR         = 5
+	SYSLOG_ACTION_CONSOLE_OFF   = 6
+	SYSLOG_ACTION_CONSOLE_ON    = 7
+	SYSLOG_ACTION_CONSOLE_LEVEL = 8
+	SYSLOG_ACTION_SIZE_UNREAD   = 9
+	SYSLOG_ACTION_SIZE_BUFFER   = 10
+)
+
+const (
+	DEVLINK_CMD_UNSPEC                        = 0x0
+	DEVLINK_CMD_GET                           = 0x1
+	DEVLINK_CMD_SET                           = 0x2
+	DEVLINK_CMD_NEW                           = 0x3
+	DEVLINK_CMD_DEL                           = 0x4
+	DEVLINK_CMD_PORT_GET                      = 0x5
+	DEVLINK_CMD_PORT_SET                      = 0x6
+	DEVLINK_CMD_PORT_NEW                      = 0x7
+	DEVLINK_CMD_PORT_DEL                      = 0x8
+	DEVLINK_CMD_PORT_SPLIT                    = 0x9
+	DEVLINK_CMD_PORT_UNSPLIT                  = 0xa
+	DEVLINK_CMD_SB_GET                        = 0xb
+	DEVLINK_CMD_SB_SET                        = 0xc
+	DEVLINK_CMD_SB_NEW                        = 0xd
+	DEVLINK_CMD_SB_DEL                        = 0xe
+	DEVLINK_CMD_SB_POOL_GET                   = 0xf
+	DEVLINK_CMD_SB_POOL_SET                   = 0x10
+	DEVLINK_CMD_SB_POOL_NEW                   = 0x11
+	DEVLINK_CMD_SB_POOL_DEL                   = 0x12
+	DEVLINK_CMD_SB_PORT_POOL_GET              = 0x13
+	DEVLINK_CMD_SB_PORT_POOL_SET              = 0x14
+	DEVLINK_CMD_SB_PORT_POOL_NEW              = 0x15
+	DEVLINK_CMD_SB_PORT_POOL_DEL              = 0x16
+	DEVLINK_CMD_SB_TC_POOL_BIND_GET           = 0x17
+	DEVLINK_CMD_SB_TC_POOL_BIND_SET           = 0x18
+	DEVLINK_CMD_SB_TC_POOL_BIND_NEW           = 0x19
+	DEVLINK_CMD_SB_TC_POOL_BIND_DEL           = 0x1a
+	DEVLINK_CMD_SB_OCC_SNAPSHOT               = 0x1b
+	DEVLINK_CMD_SB_OCC_MAX_CLEAR              = 0x1c
+	DEVLINK_CMD_ESWITCH_GET                   = 0x1d
+	DEVLINK_CMD_ESWITCH_SET                   = 0x1e
+	DEVLINK_CMD_DPIPE_TABLE_GET               = 0x1f
+	DEVLINK_CMD_DPIPE_ENTRIES_GET             = 0x20
+	DEVLINK_CMD_DPIPE_HEADERS_GET             = 0x21
+	DEVLINK_CMD_DPIPE_TABLE_COUNTERS_SET      = 0x22
+	DEVLINK_CMD_MAX                           = 0x48
+	DEVLINK_PORT_TYPE_NOTSET                  = 0x0
+	DEVLINK_PORT_TYPE_AUTO                    = 0x1
+	DEVLINK_PORT_TYPE_ETH                     = 0x2
+	DEVLINK_PORT_TYPE_IB                      = 0x3
+	DEVLINK_SB_POOL_TYPE_INGRESS              = 0x0
+	DEVLINK_SB_POOL_TYPE_EGRESS               = 0x1
+	DEVLINK_SB_THRESHOLD_TYPE_STATIC          = 0x0
+	DEVLINK_SB_THRESHOLD_TYPE_DYNAMIC         = 0x1
+	DEVLINK_ESWITCH_MODE_LEGACY               = 0x0
+	DEVLINK_ESWITCH_MODE_SWITCHDEV            = 0x1
+	DEVLINK_ESWITCH_INLINE_MODE_NONE          = 0x0
+	DEVLINK_ESWITCH_INLINE_MODE_LINK          = 0x1
+	DEVLINK_ESWITCH_INLINE_MODE_NETWORK       = 0x2
+	DEVLINK_ESWITCH_INLINE_MODE_TRANSPORT     = 0x3
+	DEVLINK_ESWITCH_ENCAP_MODE_NONE           = 0x0
+	DEVLINK_ESWITCH_ENCAP_MODE_BASIC          = 0x1
+	DEVLINK_ATTR_UNSPEC                       = 0x0
+	DEVLINK_ATTR_BUS_NAME                     = 0x1
+	DEVLINK_ATTR_DEV_NAME                     = 0x2
+	DEVLINK_ATTR_PORT_INDEX                   = 0x3
+	DEVLINK_ATTR_PORT_TYPE                    = 0x4
+	DEVLINK_ATTR_PORT_DESIRED_TYPE            = 0x5
+	DEVLINK_ATTR_PORT_NETDEV_IFINDEX          = 0x6
+	DEVLINK_ATTR_PORT_NETDEV_NAME             = 0x7
+	DEVLINK_ATTR_PORT_IBDEV_NAME              = 0x8
+	DEVLINK_ATTR_PORT_SPLIT_COUNT             = 0x9
+	DEVLINK_ATTR_PORT_SPLIT_GROUP             = 0xa
+	DEVLINK_ATTR_SB_INDEX                     = 0xb
+	DEVLINK_ATTR_SB_SIZE                      = 0xc
+	DEVLINK_ATTR_SB_INGRESS_POOL_COUNT        = 0xd
+	DEVLINK_ATTR_SB_EGRESS_POOL_COUNT         = 0xe
+	DEVLINK_ATTR_SB_INGRESS_TC_COUNT          = 0xf
+	DEVLINK_ATTR_SB_EGRESS_TC_COUNT           = 0x10
+	DEVLINK_ATTR_SB_POOL_INDEX                = 0x11
+	DEVLINK_ATTR_SB_POOL_TYPE                 = 0x12
+	DEVLINK_ATTR_SB_POOL_SIZE                 = 0x13
+	DEVLINK_ATTR_SB_POOL_THRESHOLD_TYPE       = 0x14
+	DEVLINK_ATTR_SB_THRESHOLD                 = 0x15
+	DEVLINK_ATTR_SB_TC_INDEX                  = 0x16
+	DEVLINK_ATTR_SB_OCC_CUR                   = 0x17
+	DEVLINK_ATTR_SB_OCC_MAX                   = 0x18
+	DEVLINK_ATTR_ESWITCH_MODE                 = 0x19
+	DEVLINK_ATTR_ESWITCH_INLINE_MODE          = 0x1a
+	DEVLINK_ATTR_DPIPE_TABLES                 = 0x1b
+	DEVLINK_ATTR_DPIPE_TABLE                  = 0x1c
+	DEVLINK_ATTR_DPIPE_TABLE_NAME             = 0x1d
+	DEVLINK_ATTR_DPIPE_TABLE_SIZE             = 0x1e
+	DEVLINK_ATTR_DPIPE_TABLE_MATCHES          = 0x1f
+	DEVLINK_ATTR_DPIPE_TABLE_ACTIONS          = 0x20
+	DEVLINK_ATTR_DPIPE_TABLE_COUNTERS_ENABLED = 0x21
+	DEVLINK_ATTR_DPIPE_ENTRIES                = 0x22
+	DEVLINK_ATTR_DPIPE_ENTRY                  = 0x23
+	DEVLINK_ATTR_DPIPE_ENTRY_INDEX            = 0x24
+	DEVLINK_ATTR_DPIPE_ENTRY_MATCH_VALUES     = 0x25
+	DEVLINK_ATTR_DPIPE_ENTRY_ACTION_VALUES    = 0x26
+	DEVLINK_ATTR_DPIPE_ENTRY_COUNTER          = 0x27
+	DEVLINK_ATTR_DPIPE_MATCH                  = 0x28
+	DEVLINK_ATTR_DPIPE_MATCH_VALUE            = 0x29
+	DEVLINK_ATTR_DPIPE_MATCH_TYPE             = 0x2a
+	DEVLINK_ATTR_DPIPE_ACTION                 = 0x2b
+	DEVLINK_ATTR_DPIPE_ACTION_VALUE           = 0x2c
+	DEVLINK_ATTR_DPIPE_ACTION_TYPE            = 0x2d
+	DEVLINK_ATTR_DPIPE_VALUE                  = 0x2e
+	DEVLINK_ATTR_DPIPE_VALUE_MASK             = 0x2f
+	DEVLINK_ATTR_DPIPE_VALUE_MAPPING          = 0x30
+	DEVLINK_ATTR_DPIPE_HEADERS                = 0x31
+	DEVLINK_ATTR_DPIPE_HEADER                 = 0x32
+	DEVLINK_ATTR_DPIPE_HEADER_NAME            = 0x33
+	DEVLINK_ATTR_DPIPE_HEADER_ID              = 0x34
+	DEVLINK_ATTR_DPIPE_HEADER_FIELDS          = 0x35
+	DEVLINK_ATTR_DPIPE_HEADER_GLOBAL          = 0x36
+	DEVLINK_ATTR_DPIPE_HEADER_INDEX           = 0x37
+	DEVLINK_ATTR_DPIPE_FIELD                  = 0x38
+	DEVLINK_ATTR_DPIPE_FIELD_NAME             = 0x39
+	DEVLINK_ATTR_DPIPE_FIELD_ID               = 0x3a
+	DEVLINK_ATTR_DPIPE_FIELD_BITWIDTH         = 0x3b
+	DEVLINK_ATTR_DPIPE_FIELD_MAPPING_TYPE     = 0x3c
+	DEVLINK_ATTR_PAD                          = 0x3d
+	DEVLINK_ATTR_ESWITCH_ENCAP_MODE           = 0x3e
+	DEVLINK_ATTR_MAX                          = 0x90
+	DEVLINK_DPIPE_FIELD_MAPPING_TYPE_NONE     = 0x0
+	DEVLINK_DPIPE_FIELD_MAPPING_TYPE_IFINDEX  = 0x1
+	DEVLINK_DPIPE_MATCH_TYPE_FIELD_EXACT      = 0x0
+	DEVLINK_DPIPE_ACTION_TYPE_FIELD_MODIFY    = 0x0
+	DEVLINK_DPIPE_FIELD_ETHERNET_DST_MAC      = 0x0
+	DEVLINK_DPIPE_FIELD_IPV4_DST_IP           = 0x0
+	DEVLINK_DPIPE_FIELD_IPV6_DST_IP           = 0x0
+	DEVLINK_DPIPE_HEADER_ETHERNET             = 0x0
+	DEVLINK_DPIPE_HEADER_IPV4                 = 0x1
+	DEVLINK_DPIPE_HEADER_IPV6                 = 0x2
+)
+
+type FsverityDigest struct {
+	Algorithm uint16
+	Size      uint16
+}
+
+type FsverityEnableArg struct {
+	Version        uint32
+	Hash_algorithm uint32
+	Block_size     uint32
+	Salt_size      uint32
+	Salt_ptr       uint64
+	Sig_size       uint32
+	_              uint32
+	Sig_ptr        uint64
+	_              [11]uint64
+}
+
+type Nhmsg struct {
+	Family   uint8
+	Scope    uint8
+	Protocol uint8
+	Resvd    uint8
+	Flags    uint32
+}
+
+type NexthopGrp struct {
+	Id     uint32
+	Weight uint8
+	Resvd1 uint8
+	Resvd2 uint16
+}
+
+const (
+	NHA_UNSPEC     = 0x0
+	NHA_ID         = 0x1
+	NHA_GROUP      = 0x2
+	NHA_GROUP_TYPE = 0x3
+	NHA_BLACKHOLE  = 0x4
+	NHA_OIF        = 0x5
+	NHA_GATEWAY    = 0x6
+	NHA_ENCAP_TYPE = 0x7
+	NHA_ENCAP      = 0x8
+	NHA_GROUPS     = 0x9
+	NHA_MASTER     = 0xa
+)
+
+const (
+	CAN_RAW_FILTER        = 0x1
+	CAN_RAW_ERR_FILTER    = 0x2
+	CAN_RAW_LOOPBACK      = 0x3
+	CAN_RAW_RECV_OWN_MSGS = 0x4
+	CAN_RAW_FD_FRAMES     = 0x5
+	CAN_RAW_JOIN_FILTERS  = 0x6
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_linux_386.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
new file mode 100644
index 000000000..73509d896
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
@@ -0,0 +1,604 @@
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include -m32 linux/types.go | go run mkpost.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build 386,linux
+
+package unix
+
+const (
+	SizeofPtr  = 0x4
+	SizeofLong = 0x4
+)
+
+type (
+	_C_long int32
+)
+
+type Timespec struct {
+	Sec  int32
+	Nsec int32
+}
+
+type Timeval struct {
+	Sec  int32
+	Usec int32
+}
+
+type Timex struct {
+	Modes     uint32
+	Offset    int32
+	Freq      int32
+	Maxerror  int32
+	Esterror  int32
+	Status    int32
+	Constant  int32
+	Precision int32
+	Tolerance int32
+	Time      Timeval
+	Tick      int32
+	Ppsfreq   int32
+	Jitter    int32
+	Shift     int32
+	Stabil    int32
+	Jitcnt    int32
+	Calcnt    int32
+	Errcnt    int32
+	Stbcnt    int32
+	Tai       int32
+	_         [44]byte
+}
+
+type Time_t int32
+
+type Tms struct {
+	Utime  int32
+	Stime  int32
+	Cutime int32
+	Cstime int32
+}
+
+type Utimbuf struct {
+	Actime  int32
+	Modtime int32
+}
+
+type Rusage struct {
+	Utime    Timeval
+	Stime    Timeval
+	Maxrss   int32
+	Ixrss    int32
+	Idrss    int32
+	Isrss    int32
+	Minflt   int32
+	Majflt   int32
+	Nswap    int32
+	Inblock  int32
+	Oublock  int32
+	Msgsnd   int32
+	Msgrcv   int32
+	Nsignals int32
+	Nvcsw    int32
+	Nivcsw   int32
+}
+
+type Stat_t struct {
+	Dev     uint64
+	_       uint16
+	_       uint32
+	Mode    uint32
+	Nlink   uint32
+	Uid     uint32
+	Gid     uint32
+	Rdev    uint64
+	_       uint16
+	Size    int64
+	Blksize int32
+	Blocks  int64
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	Ino     uint64
+}
+
+type Dirent struct {
+	Ino    uint64
+	Off    int64
+	Reclen uint16
+	Type   uint8
+	Name   [256]int8
+	_      [1]byte
+}
+
+type Flock_t struct {
+	Type   int16
+	Whence int16
+	Start  int64
+	Len    int64
+	Pid    int32
+}
+
+type DmNameList struct {
+	Dev  uint64
+	Next uint32
+}
+
+const (
+	FADV_DONTNEED = 0x4
+	FADV_NOREUSE  = 0x5
+)
+
+type RawSockaddr struct {
+	Family uint16
+	Data   [14]int8
+}
+
+type RawSockaddrAny struct {
+	Addr RawSockaddr
+	Pad  [96]int8
+}
+
+type Iovec struct {
+	Base *byte
+	Len  uint32
+}
+
+type Msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Iov        *Iovec
+	Iovlen     uint32
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type Cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+const (
+	SizeofIovec   = 0x8
+	SizeofMsghdr  = 0x1c
+	SizeofCmsghdr = 0xc
+)
+
+const (
+	SizeofSockFprog = 0x8
+)
+
+type PtraceRegs struct {
+	Ebx      int32
+	Ecx      int32
+	Edx      int32
+	Esi      int32
+	Edi      int32
+	Ebp      int32
+	Eax      int32
+	Xds      int32
+	Xes      int32
+	Xfs      int32
+	Xgs      int32
+	Orig_eax int32
+	Eip      int32
+	Xcs      int32
+	Eflags   int32
+	Esp      int32
+	Xss      int32
+}
+
+type FdSet struct {
+	Bits [32]int32
+}
+
+type Sysinfo_t struct {
+	Uptime    int32
+	Loads     [3]uint32
+	Totalram  uint32
+	Freeram   uint32
+	Sharedram uint32
+	Bufferram uint32
+	Totalswap uint32
+	Freeswap  uint32
+	Procs     uint16
+	Pad       uint16
+	Totalhigh uint32
+	Freehigh  uint32
+	Unit      uint32
+	_         [8]int8
+}
+
+type Ustat_t struct {
+	Tfree  int32
+	Tinode uint32
+	Fname  [6]int8
+	Fpack  [6]int8
+}
+
+type EpollEvent struct {
+	Events uint32
+	Fd     int32
+	Pad    int32
+}
+
+const (
+	POLLRDHUP = 0x2000
+)
+
+type Sigset_t struct {
+	Val [32]uint32
+}
+
+const _C__NSIG = 0x41
+
+type Termios struct {
+	Iflag  uint32
+	Oflag  uint32
+	Cflag  uint32
+	Lflag  uint32
+	Line   uint8
+	Cc     [19]uint8
+	Ispeed uint32
+	Ospeed uint32
+}
+
+type Taskstats struct {
+	Version                   uint16
+	Ac_exitcode               uint32
+	Ac_flag                   uint8
+	Ac_nice                   uint8
+	_                         [4]byte
+	Cpu_count                 uint64
+	Cpu_delay_total           uint64
+	Blkio_count               uint64
+	Blkio_delay_total         uint64
+	Swapin_count              uint64
+	Swapin_delay_total        uint64
+	Cpu_run_real_total        uint64
+	Cpu_run_virtual_total     uint64
+	Ac_comm                   [32]int8
+	Ac_sched                  uint8
+	Ac_pad                    [3]uint8
+	_                         [4]byte
+	Ac_uid                    uint32
+	Ac_gid                    uint32
+	Ac_pid                    uint32
+	Ac_ppid                   uint32
+	Ac_btime                  uint32
+	_                         [4]byte
+	Ac_etime                  uint64
+	Ac_utime                  uint64
+	Ac_stime                  uint64
+	Ac_minflt                 uint64
+	Ac_majflt                 uint64
+	Coremem                   uint64
+	Virtmem                   uint64
+	Hiwater_rss               uint64
+	Hiwater_vm                uint64
+	Read_char                 uint64
+	Write_char                uint64
+	Read_syscalls             uint64
+	Write_syscalls            uint64
+	Read_bytes                uint64
+	Write_bytes               uint64
+	Cancelled_write_bytes     uint64
+	Nvcsw                     uint64
+	Nivcsw                    uint64
+	Ac_utimescaled            uint64
+	Ac_stimescaled            uint64
+	Cpu_scaled_run_real_total uint64
+	Freepages_count           uint64
+	Freepages_delay_total     uint64
+	Thrashing_count           uint64
+	Thrashing_delay_total     uint64
+	Ac_btime64                uint64
+}
+
+type cpuMask uint32
+
+const (
+	_NCPUBITS = 0x20
+)
+
+const (
+	CBitFieldMaskBit0  = 0x1
+	CBitFieldMaskBit1  = 0x2
+	CBitFieldMaskBit2  = 0x4
+	CBitFieldMaskBit3  = 0x8
+	CBitFieldMaskBit4  = 0x10
+	CBitFieldMaskBit5  = 0x20
+	CBitFieldMaskBit6  = 0x40
+	CBitFieldMaskBit7  = 0x80
+	CBitFieldMaskBit8  = 0x100
+	CBitFieldMaskBit9  = 0x200
+	CBitFieldMaskBit10 = 0x400
+	CBitFieldMaskBit11 = 0x800
+	CBitFieldMaskBit12 = 0x1000
+	CBitFieldMaskBit13 = 0x2000
+	CBitFieldMaskBit14 = 0x4000
+	CBitFieldMaskBit15 = 0x8000
+	CBitFieldMaskBit16 = 0x10000
+	CBitFieldMaskBit17 = 0x20000
+	CBitFieldMaskBit18 = 0x40000
+	CBitFieldMaskBit19 = 0x80000
+	CBitFieldMaskBit20 = 0x100000
+	CBitFieldMaskBit21 = 0x200000
+	CBitFieldMaskBit22 = 0x400000
+	CBitFieldMaskBit23 = 0x800000
+	CBitFieldMaskBit24 = 0x1000000
+	CBitFieldMaskBit25 = 0x2000000
+	CBitFieldMaskBit26 = 0x4000000
+	CBitFieldMaskBit27 = 0x8000000
+	CBitFieldMaskBit28 = 0x10000000
+	CBitFieldMaskBit29 = 0x20000000
+	CBitFieldMaskBit30 = 0x40000000
+	CBitFieldMaskBit31 = 0x80000000
+	CBitFieldMaskBit32 = 0x100000000
+	CBitFieldMaskBit33 = 0x200000000
+	CBitFieldMaskBit34 = 0x400000000
+	CBitFieldMaskBit35 = 0x800000000
+	CBitFieldMaskBit36 = 0x1000000000
+	CBitFieldMaskBit37 = 0x2000000000
+	CBitFieldMaskBit38 = 0x4000000000
+	CBitFieldMaskBit39 = 0x8000000000
+	CBitFieldMaskBit40 = 0x10000000000
+	CBitFieldMaskBit41 = 0x20000000000
+	CBitFieldMaskBit42 = 0x40000000000
+	CBitFieldMaskBit43 = 0x80000000000
+	CBitFieldMaskBit44 = 0x100000000000
+	CBitFieldMaskBit45 = 0x200000000000
+	CBitFieldMaskBit46 = 0x400000000000
+	CBitFieldMaskBit47 = 0x800000000000
+	CBitFieldMaskBit48 = 0x1000000000000
+	CBitFieldMaskBit49 = 0x2000000000000
+	CBitFieldMaskBit50 = 0x4000000000000
+	CBitFieldMaskBit51 = 0x8000000000000
+	CBitFieldMaskBit52 = 0x10000000000000
+	CBitFieldMaskBit53 = 0x20000000000000
+	CBitFieldMaskBit54 = 0x40000000000000
+	CBitFieldMaskBit55 = 0x80000000000000
+	CBitFieldMaskBit56 = 0x100000000000000
+	CBitFieldMaskBit57 = 0x200000000000000
+	CBitFieldMaskBit58 = 0x400000000000000
+	CBitFieldMaskBit59 = 0x800000000000000
+	CBitFieldMaskBit60 = 0x1000000000000000
+	CBitFieldMaskBit61 = 0x2000000000000000
+	CBitFieldMaskBit62 = 0x4000000000000000
+	CBitFieldMaskBit63 = 0x8000000000000000
+)
+
+type SockaddrStorage struct {
+	Family uint16
+	_      [122]int8
+	_      uint32
+}
+
+type HDGeometry struct {
+	Heads     uint8
+	Sectors   uint8
+	Cylinders uint16
+	Start     uint32
+}
+
+type Statfs_t struct {
+	Type    int32
+	Bsize   int32
+	Blocks  uint64
+	Bfree   uint64
+	Bavail  uint64
+	Files   uint64
+	Ffree   uint64
+	Fsid    Fsid
+	Namelen int32
+	Frsize  int32
+	Flags   int32
+	Spare   [4]int32
+}
+
+type TpacketHdr struct {
+	Status  uint32
+	Len     uint32
+	Snaplen uint32
+	Mac     uint16
+	Net     uint16
+	Sec     uint32
+	Usec    uint32
+}
+
+const (
+	SizeofTpacketHdr = 0x18
+)
+
+type RTCPLLInfo struct {
+	Ctrl    int32
+	Value   int32
+	Max     int32
+	Min     int32
+	Posmult int32
+	Negmult int32
+	Clock   int32
+}
+
+type BlkpgPartition struct {
+	Start   int64
+	Length  int64
+	Pno     int32
+	Devname [64]uint8
+	Volname [64]uint8
+}
+
+const (
+	BLKPG = 0x1269
+)
+
+type XDPUmemReg struct {
+	Addr     uint64
+	Len      uint64
+	Size     uint32
+	Headroom uint32
+	Flags    uint32
+}
+
+type CryptoUserAlg struct {
+	Name        [64]int8
+	Driver_name [64]int8
+	Module_name [64]int8
+	Type        uint32
+	Mask        uint32
+	Refcnt      uint32
+	Flags       uint32
+}
+
+type CryptoStatAEAD struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
+}
+
+type CryptoStatAKCipher struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Verify_cnt   uint64
+	Sign_cnt     uint64
+	Err_cnt      uint64
+}
+
+type CryptoStatCipher struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
+}
+
+type CryptoStatCompress struct {
+	Type            [64]int8
+	Compress_cnt    uint64
+	Compress_tlen   uint64
+	Decompress_cnt  uint64
+	Decompress_tlen uint64
+	Err_cnt         uint64
+}
+
+type CryptoStatHash struct {
+	Type      [64]int8
+	Hash_cnt  uint64
+	Hash_tlen uint64
+	Err_cnt   uint64
+}
+
+type CryptoStatKPP struct {
+	Type                      [64]int8
+	Setsecret_cnt             uint64
+	Generate_public_key_cnt   uint64
+	Compute_shared_secret_cnt uint64
+	Err_cnt                   uint64
+}
+
+type CryptoStatRNG struct {
+	Type          [64]int8
+	Generate_cnt  uint64
+	Generate_tlen uint64
+	Seed_cnt      uint64
+	Err_cnt       uint64
+}
+
+type CryptoStatLarval struct {
+	Type [64]int8
+}
+
+type CryptoReportLarval struct {
+	Type [64]int8
+}
+
+type CryptoReportHash struct {
+	Type       [64]int8
+	Blocksize  uint32
+	Digestsize uint32
+}
+
+type CryptoReportCipher struct {
+	Type        [64]int8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
+}
+
+type CryptoReportBlkCipher struct {
+	Type        [64]int8
+	Geniv       [64]int8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
+	Ivsize      uint32
+}
+
+type CryptoReportAEAD struct {
+	Type        [64]int8
+	Geniv       [64]int8
+	Blocksize   uint32
+	Maxauthsize uint32
+	Ivsize      uint32
+}
+
+type CryptoReportComp struct {
+	Type [64]int8
+}
+
+type CryptoReportRNG struct {
+	Type     [64]int8
+	Seedsize uint32
+}
+
+type CryptoReportAKCipher struct {
+	Type [64]int8
+}
+
+type CryptoReportKPP struct {
+	Type [64]int8
+}
+
+type CryptoReportAcomp struct {
+	Type [64]int8
+}
+
+type LoopInfo struct {
+	Number           int32
+	Device           uint16
+	Inode            uint32
+	Rdevice          uint16
+	Offset           int32
+	Encrypt_type     int32
+	Encrypt_key_size int32
+	Flags            int32
+	Name             [64]int8
+	Encrypt_key      [32]uint8
+	Init             [2]uint32
+	Reserved         [4]int8
+}
+
+type TIPCSubscr struct {
+	Seq     TIPCServiceRange
+	Timeout uint32
+	Filter  uint32
+	Handle  [8]int8
+}
+
+type TIPCSIOCLNReq struct {
+	Peer     uint32
+	Id       uint32
+	Linkname [68]int8
+}
+
+type TIPCSIOCNodeIDReq struct {
+	Peer uint32
+	Id   [16]int8
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
new file mode 100644
index 000000000..45eb8738b
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
@@ -0,0 +1,621 @@
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include -m64 linux/types.go | go run mkpost.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build amd64,linux
+
+package unix
+
+const (
+	SizeofPtr  = 0x8
+	SizeofLong = 0x8
+)
+
+type (
+	_C_long int64
+)
+
+type Timespec struct {
+	Sec  int64
+	Nsec int64
+}
+
+type Timeval struct {
+	Sec  int64
+	Usec int64
+}
+
+type Timex struct {
+	Modes     uint32
+	Offset    int64
+	Freq      int64
+	Maxerror  int64
+	Esterror  int64
+	Status    int32
+	Constant  int64
+	Precision int64
+	Tolerance int64
+	Time      Timeval
+	Tick      int64
+	Ppsfreq   int64
+	Jitter    int64
+	Shift     int32
+	Stabil    int64
+	Jitcnt    int64
+	Calcnt    int64
+	Errcnt    int64
+	Stbcnt    int64
+	Tai       int32
+	_         [44]byte
+}
+
+type Time_t int64
+
+type Tms struct {
+	Utime  int64
+	Stime  int64
+	Cutime int64
+	Cstime int64
+}
+
+type Utimbuf struct {
+	Actime  int64
+	Modtime int64
+}
+
+type Rusage struct {
+	Utime    Timeval
+	Stime    Timeval
+	Maxrss   int64
+	Ixrss    int64
+	Idrss    int64
+	Isrss    int64
+	Minflt   int64
+	Majflt   int64
+	Nswap    int64
+	Inblock  int64
+	Oublock  int64
+	Msgsnd   int64
+	Msgrcv   int64
+	Nsignals int64
+	Nvcsw    int64
+	Nivcsw   int64
+}
+
+type Stat_t struct {
+	Dev     uint64
+	Ino     uint64
+	Nlink   uint64
+	Mode    uint32
+	Uid     uint32
+	Gid     uint32
+	_       int32
+	Rdev    uint64
+	Size    int64
+	Blksize int64
+	Blocks  int64
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	_       [3]int64
+}
+
+type Dirent struct {
+	Ino    uint64
+	Off    int64
+	Reclen uint16
+	Type   uint8
+	Name   [256]int8
+	_      [5]byte
+}
+
+type Flock_t struct {
+	Type   int16
+	Whence int16
+	Start  int64
+	Len    int64
+	Pid    int32
+	_      [4]byte
+}
+
+type DmNameList struct {
+	Dev  uint64
+	Next uint32
+	Name [0]byte
+	_    [4]byte
+}
+
+const (
+	FADV_DONTNEED = 0x4
+	FADV_NOREUSE  = 0x5
+)
+
+type RawSockaddr struct {
+	Family uint16
+	Data   [14]int8
+}
+
+type RawSockaddrAny struct {
+	Addr RawSockaddr
+	Pad  [96]int8
+}
+
+type Iovec struct {
+	Base *byte
+	Len  uint64
+}
+
+type Msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Iov        *Iovec
+	Iovlen     uint64
+	Control    *byte
+	Controllen uint64
+	Flags      int32
+	_          [4]byte
+}
+
+type Cmsghdr struct {
+	Len   uint64
+	Level int32
+	Type  int32
+}
+
+const (
+	SizeofIovec   = 0x10
+	SizeofMsghdr  = 0x38
+	SizeofCmsghdr = 0x10
+)
+
+const (
+	SizeofSockFprog = 0x10
+)
+
+type PtraceRegs struct {
+	R15      uint64
+	R14      uint64
+	R13      uint64
+	R12      uint64
+	Rbp      uint64
+	Rbx      uint64
+	R11      uint64
+	R10      uint64
+	R9       uint64
+	R8       uint64
+	Rax      uint64
+	Rcx      uint64
+	Rdx      uint64
+	Rsi      uint64
+	Rdi      uint64
+	Orig_rax uint64
+	Rip      uint64
+	Cs       uint64
+	Eflags   uint64
+	Rsp      uint64
+	Ss       uint64
+	Fs_base  uint64
+	Gs_base  uint64
+	Ds       uint64
+	Es       uint64
+	Fs       uint64
+	Gs       uint64
+}
+
+type FdSet struct {
+	Bits [16]int64
+}
+
+type Sysinfo_t struct {
+	Uptime    int64
+	Loads     [3]uint64
+	Totalram  uint64
+	Freeram   uint64
+	Sharedram uint64
+	Bufferram uint64
+	Totalswap uint64
+	Freeswap  uint64
+	Procs     uint16
+	Pad       uint16
+	Totalhigh uint64
+	Freehigh  uint64
+	Unit      uint32
+	_         [0]int8
+	_         [4]byte
+}
+
+type Ustat_t struct {
+	Tfree  int32
+	Tinode uint64
+	Fname  [6]int8
+	Fpack  [6]int8
+	_      [4]byte
+}
+
+type EpollEvent struct {
+	Events uint32
+	Fd     int32
+	Pad    int32
+}
+
+const (
+	POLLRDHUP = 0x2000
+)
+
+type Sigset_t struct {
+	Val [16]uint64
+}
+
+const _C__NSIG = 0x41
+
+type Termios struct {
+	Iflag  uint32
+	Oflag  uint32
+	Cflag  uint32
+	Lflag  uint32
+	Line   uint8
+	Cc     [19]uint8
+	Ispeed uint32
+	Ospeed uint32
+}
+
+type Taskstats struct {
+	Version                   uint16
+	Ac_exitcode               uint32
+	Ac_flag                   uint8
+	Ac_nice                   uint8
+	Cpu_count                 uint64
+	Cpu_delay_total           uint64
+	Blkio_count               uint64
+	Blkio_delay_total         uint64
+	Swapin_count              uint64
+	Swapin_delay_total        uint64
+	Cpu_run_real_total        uint64
+	Cpu_run_virtual_total     uint64
+	Ac_comm                   [32]int8
+	Ac_sched                  uint8
+	Ac_pad                    [3]uint8
+	_                         [4]byte
+	Ac_uid                    uint32
+	Ac_gid                    uint32
+	Ac_pid                    uint32
+	Ac_ppid                   uint32
+	Ac_btime                  uint32
+	Ac_etime                  uint64
+	Ac_utime                  uint64
+	Ac_stime                  uint64
+	Ac_minflt                 uint64
+	Ac_majflt                 uint64
+	Coremem                   uint64
+	Virtmem                   uint64
+	Hiwater_rss               uint64
+	Hiwater_vm                uint64
+	Read_char                 uint64
+	Write_char                uint64
+	Read_syscalls             uint64
+	Write_syscalls            uint64
+	Read_bytes                uint64
+	Write_bytes               uint64
+	Cancelled_write_bytes     uint64
+	Nvcsw                     uint64
+	Nivcsw                    uint64
+	Ac_utimescaled            uint64
+	Ac_stimescaled            uint64
+	Cpu_scaled_run_real_total uint64
+	Freepages_count           uint64
+	Freepages_delay_total     uint64
+	Thrashing_count           uint64
+	Thrashing_delay_total     uint64
+	Ac_btime64                uint64
+}
+
+type cpuMask uint64
+
+const (
+	_NCPUBITS = 0x40
+)
+
+const (
+	CBitFieldMaskBit0  = 0x1
+	CBitFieldMaskBit1  = 0x2
+	CBitFieldMaskBit2  = 0x4
+	CBitFieldMaskBit3  = 0x8
+	CBitFieldMaskBit4  = 0x10
+	CBitFieldMaskBit5  = 0x20
+	CBitFieldMaskBit6  = 0x40
+	CBitFieldMaskBit7  = 0x80
+	CBitFieldMaskBit8  = 0x100
+	CBitFieldMaskBit9  = 0x200
+	CBitFieldMaskBit10 = 0x400
+	CBitFieldMaskBit11 = 0x800
+	CBitFieldMaskBit12 = 0x1000
+	CBitFieldMaskBit13 = 0x2000
+	CBitFieldMaskBit14 = 0x4000
+	CBitFieldMaskBit15 = 0x8000
+	CBitFieldMaskBit16 = 0x10000
+	CBitFieldMaskBit17 = 0x20000
+	CBitFieldMaskBit18 = 0x40000
+	CBitFieldMaskBit19 = 0x80000
+	CBitFieldMaskBit20 = 0x100000
+	CBitFieldMaskBit21 = 0x200000
+	CBitFieldMaskBit22 = 0x400000
+	CBitFieldMaskBit23 = 0x800000
+	CBitFieldMaskBit24 = 0x1000000
+	CBitFieldMaskBit25 = 0x2000000
+	CBitFieldMaskBit26 = 0x4000000
+	CBitFieldMaskBit27 = 0x8000000
+	CBitFieldMaskBit28 = 0x10000000
+	CBitFieldMaskBit29 = 0x20000000
+	CBitFieldMaskBit30 = 0x40000000
+	CBitFieldMaskBit31 = 0x80000000
+	CBitFieldMaskBit32 = 0x100000000
+	CBitFieldMaskBit33 = 0x200000000
+	CBitFieldMaskBit34 = 0x400000000
+	CBitFieldMaskBit35 = 0x800000000
+	CBitFieldMaskBit36 = 0x1000000000
+	CBitFieldMaskBit37 = 0x2000000000
+	CBitFieldMaskBit38 = 0x4000000000
+	CBitFieldMaskBit39 = 0x8000000000
+	CBitFieldMaskBit40 = 0x10000000000
+	CBitFieldMaskBit41 = 0x20000000000
+	CBitFieldMaskBit42 = 0x40000000000
+	CBitFieldMaskBit43 = 0x80000000000
+	CBitFieldMaskBit44 = 0x100000000000
+	CBitFieldMaskBit45 = 0x200000000000
+	CBitFieldMaskBit46 = 0x400000000000
+	CBitFieldMaskBit47 = 0x800000000000
+	CBitFieldMaskBit48 = 0x1000000000000
+	CBitFieldMaskBit49 = 0x2000000000000
+	CBitFieldMaskBit50 = 0x4000000000000
+	CBitFieldMaskBit51 = 0x8000000000000
+	CBitFieldMaskBit52 = 0x10000000000000
+	CBitFieldMaskBit53 = 0x20000000000000
+	CBitFieldMaskBit54 = 0x40000000000000
+	CBitFieldMaskBit55 = 0x80000000000000
+	CBitFieldMaskBit56 = 0x100000000000000
+	CBitFieldMaskBit57 = 0x200000000000000
+	CBitFieldMaskBit58 = 0x400000000000000
+	CBitFieldMaskBit59 = 0x800000000000000
+	CBitFieldMaskBit60 = 0x1000000000000000
+	CBitFieldMaskBit61 = 0x2000000000000000
+	CBitFieldMaskBit62 = 0x4000000000000000
+	CBitFieldMaskBit63 = 0x8000000000000000
+)
+
+type SockaddrStorage struct {
+	Family uint16
+	_      [118]int8
+	_      uint64
+}
+
+type HDGeometry struct {
+	Heads     uint8
+	Sectors   uint8
+	Cylinders uint16
+	Start     uint64
+}
+
+type Statfs_t struct {
+	Type    int64
+	Bsize   int64
+	Blocks  uint64
+	Bfree   uint64
+	Bavail  uint64
+	Files   uint64
+	Ffree   uint64
+	Fsid    Fsid
+	Namelen int64
+	Frsize  int64
+	Flags   int64
+	Spare   [4]int64
+}
+
+type TpacketHdr struct {
+	Status  uint64
+	Len     uint32
+	Snaplen uint32
+	Mac     uint16
+	Net     uint16
+	Sec     uint32
+	Usec    uint32
+	_       [4]byte
+}
+
+const (
+	SizeofTpacketHdr = 0x20
+)
+
+type RTCPLLInfo struct {
+	Ctrl    int32
+	Value   int32
+	Max     int32
+	Min     int32
+	Posmult int32
+	Negmult int32
+	Clock   int64
+}
+
+type BlkpgPartition struct {
+	Start   int64
+	Length  int64
+	Pno     int32
+	Devname [64]uint8
+	Volname [64]uint8
+	_       [4]byte
+}
+
+const (
+	BLKPG = 0x1269
+)
+
+type XDPUmemReg struct {
+	Addr     uint64
+	Len      uint64
+	Size     uint32
+	Headroom uint32
+	Flags    uint32
+	_        [4]byte
+}
+
+type CryptoUserAlg struct {
+	Name        [64]int8
+	Driver_name [64]int8
+	Module_name [64]int8
+	Type        uint32
+	Mask        uint32
+	Refcnt      uint32
+	Flags       uint32
+}
+
+type CryptoStatAEAD struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
+}
+
+type CryptoStatAKCipher struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Verify_cnt   uint64
+	Sign_cnt     uint64
+	Err_cnt      uint64
+}
+
+type CryptoStatCipher struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
+}
+
+type CryptoStatCompress struct {
+	Type            [64]int8
+	Compress_cnt    uint64
+	Compress_tlen   uint64
+	Decompress_cnt  uint64
+	Decompress_tlen uint64
+	Err_cnt         uint64
+}
+
+type CryptoStatHash struct {
+	Type      [64]int8
+	Hash_cnt  uint64
+	Hash_tlen uint64
+	Err_cnt   uint64
+}
+
+type CryptoStatKPP struct {
+	Type                      [64]int8
+	Setsecret_cnt             uint64
+	Generate_public_key_cnt   uint64
+	Compute_shared_secret_cnt uint64
+	Err_cnt                   uint64
+}
+
+type CryptoStatRNG struct {
+	Type          [64]int8
+	Generate_cnt  uint64
+	Generate_tlen uint64
+	Seed_cnt      uint64
+	Err_cnt       uint64
+}
+
+type CryptoStatLarval struct {
+	Type [64]int8
+}
+
+type CryptoReportLarval struct {
+	Type [64]int8
+}
+
+type CryptoReportHash struct {
+	Type       [64]int8
+	Blocksize  uint32
+	Digestsize uint32
+}
+
+type CryptoReportCipher struct {
+	Type        [64]int8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
+}
+
+type CryptoReportBlkCipher struct {
+	Type        [64]int8
+	Geniv       [64]int8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
+	Ivsize      uint32
+}
+
+type CryptoReportAEAD struct {
+	Type        [64]int8
+	Geniv       [64]int8
+	Blocksize   uint32
+	Maxauthsize uint32
+	Ivsize      uint32
+}
+
+type CryptoReportComp struct {
+	Type [64]int8
+}
+
+type CryptoReportRNG struct {
+	Type     [64]int8
+	Seedsize uint32
+}
+
+type CryptoReportAKCipher struct {
+	Type [64]int8
+}
+
+type CryptoReportKPP struct {
+	Type [64]int8
+}
+
+type CryptoReportAcomp struct {
+	Type [64]int8
+}
+
+type LoopInfo struct {
+	Number           int32
+	Device           uint64
+	Inode            uint64
+	Rdevice          uint64
+	Offset           int32
+	Encrypt_type     int32
+	Encrypt_key_size int32
+	Flags            int32
+	Name             [64]int8
+	Encrypt_key      [32]uint8
+	Init             [2]uint64
+	Reserved         [4]int8
+	_                [4]byte
+}
+
+type TIPCSubscr struct {
+	Seq     TIPCServiceRange
+	Timeout uint32
+	Filter  uint32
+	Handle  [8]int8
+}
+
+type TIPCSIOCLNReq struct {
+	Peer     uint32
+	Id       uint32
+	Linkname [68]int8
+}
+
+type TIPCSIOCNodeIDReq struct {
+	Peer uint32
+	Id   [16]int8
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
new file mode 100644
index 000000000..8f6b453ab
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
@@ -0,0 +1,598 @@
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include linux/types.go | go run mkpost.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build arm,linux
+
+package unix
+
+const (
+	SizeofPtr  = 0x4
+	SizeofLong = 0x4
+)
+
+type (
+	_C_long int32
+)
+
+type Timespec struct {
+	Sec  int32
+	Nsec int32
+}
+
+type Timeval struct {
+	Sec  int32
+	Usec int32
+}
+
+type Timex struct {
+	Modes     uint32
+	Offset    int32
+	Freq      int32
+	Maxerror  int32
+	Esterror  int32
+	Status    int32
+	Constant  int32
+	Precision int32
+	Tolerance int32
+	Time      Timeval
+	Tick      int32
+	Ppsfreq   int32
+	Jitter    int32
+	Shift     int32
+	Stabil    int32
+	Jitcnt    int32
+	Calcnt    int32
+	Errcnt    int32
+	Stbcnt    int32
+	Tai       int32
+	_         [44]byte
+}
+
+type Time_t int32
+
+type Tms struct {
+	Utime  int32
+	Stime  int32
+	Cutime int32
+	Cstime int32
+}
+
+type Utimbuf struct {
+	Actime  int32
+	Modtime int32
+}
+
+type Rusage struct {
+	Utime    Timeval
+	Stime    Timeval
+	Maxrss   int32
+	Ixrss    int32
+	Idrss    int32
+	Isrss    int32
+	Minflt   int32
+	Majflt   int32
+	Nswap    int32
+	Inblock  int32
+	Oublock  int32
+	Msgsnd   int32
+	Msgrcv   int32
+	Nsignals int32
+	Nvcsw    int32
+	Nivcsw   int32
+}
+
+type Stat_t struct {
+	Dev     uint64
+	_       uint16
+	_       uint32
+	Mode    uint32
+	Nlink   uint32
+	Uid     uint32
+	Gid     uint32
+	Rdev    uint64
+	_       uint16
+	_       [4]byte
+	Size    int64
+	Blksize int32
+	_       [4]byte
+	Blocks  int64
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	Ino     uint64
+}
+
+type Dirent struct {
+	Ino    uint64
+	Off    int64
+	Reclen uint16
+	Type   uint8
+	Name   [256]uint8
+	_      [5]byte
+}
+
+type Flock_t struct {
+	Type   int16
+	Whence int16
+	_      [4]byte
+	Start  int64
+	Len    int64
+	Pid    int32
+	_      [4]byte
+}
+
+type DmNameList struct {
+	Dev  uint64
+	Next uint32
+	Name [0]byte
+	_    [4]byte
+}
+
+const (
+	FADV_DONTNEED = 0x4
+	FADV_NOREUSE  = 0x5
+)
+
+type RawSockaddr struct {
+	Family uint16
+	Data   [14]uint8
+}
+
+type RawSockaddrAny struct {
+	Addr RawSockaddr
+	Pad  [96]uint8
+}
+
+type Iovec struct {
+	Base *byte
+	Len  uint32
+}
+
+type Msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Iov        *Iovec
+	Iovlen     uint32
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type Cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+const (
+	SizeofIovec   = 0x8
+	SizeofMsghdr  = 0x1c
+	SizeofCmsghdr = 0xc
+)
+
+const (
+	SizeofSockFprog = 0x8
+)
+
+type PtraceRegs struct {
+	Uregs [18]uint32
+}
+
+type FdSet struct {
+	Bits [32]int32
+}
+
+type Sysinfo_t struct {
+	Uptime    int32
+	Loads     [3]uint32
+	Totalram  uint32
+	Freeram   uint32
+	Sharedram uint32
+	Bufferram uint32
+	Totalswap uint32
+	Freeswap  uint32
+	Procs     uint16
+	Pad       uint16
+	Totalhigh uint32
+	Freehigh  uint32
+	Unit      uint32
+	_         [8]uint8
+}
+
+type Ustat_t struct {
+	Tfree  int32
+	Tinode uint32
+	Fname  [6]uint8
+	Fpack  [6]uint8
+}
+
+type EpollEvent struct {
+	Events uint32
+	PadFd  int32
+	Fd     int32
+	Pad    int32
+}
+
+const (
+	POLLRDHUP = 0x2000
+)
+
+type Sigset_t struct {
+	Val [32]uint32
+}
+
+const _C__NSIG = 0x41
+
+type Termios struct {
+	Iflag  uint32
+	Oflag  uint32
+	Cflag  uint32
+	Lflag  uint32
+	Line   uint8
+	Cc     [19]uint8
+	Ispeed uint32
+	Ospeed uint32
+}
+
+type Taskstats struct {
+	Version                   uint16
+	Ac_exitcode               uint32
+	Ac_flag                   uint8
+	Ac_nice                   uint8
+	_                         [4]byte
+	Cpu_count                 uint64
+	Cpu_delay_total           uint64
+	Blkio_count               uint64
+	Blkio_delay_total         uint64
+	Swapin_count              uint64
+	Swapin_delay_total        uint64
+	Cpu_run_real_total        uint64
+	Cpu_run_virtual_total     uint64
+	Ac_comm                   [32]uint8
+	Ac_sched                  uint8
+	Ac_pad                    [3]uint8
+	_                         [4]byte
+	Ac_uid                    uint32
+	Ac_gid                    uint32
+	Ac_pid                    uint32
+	Ac_ppid                   uint32
+	Ac_btime                  uint32
+	_                         [4]byte
+	Ac_etime                  uint64
+	Ac_utime                  uint64
+	Ac_stime                  uint64
+	Ac_minflt                 uint64
+	Ac_majflt                 uint64
+	Coremem                   uint64
+	Virtmem                   uint64
+	Hiwater_rss               uint64
+	Hiwater_vm                uint64
+	Read_char                 uint64
+	Write_char                uint64
+	Read_syscalls             uint64
+	Write_syscalls            uint64
+	Read_bytes                uint64
+	Write_bytes               uint64
+	Cancelled_write_bytes     uint64
+	Nvcsw                     uint64
+	Nivcsw                    uint64
+	Ac_utimescaled            uint64
+	Ac_stimescaled            uint64
+	Cpu_scaled_run_real_total uint64
+	Freepages_count           uint64
+	Freepages_delay_total     uint64
+	Thrashing_count           uint64
+	Thrashing_delay_total     uint64
+	Ac_btime64                uint64
+}
+
+type cpuMask uint32
+
+const (
+	_NCPUBITS = 0x20
+)
+
+const (
+	CBitFieldMaskBit0  = 0x1
+	CBitFieldMaskBit1  = 0x2
+	CBitFieldMaskBit2  = 0x4
+	CBitFieldMaskBit3  = 0x8
+	CBitFieldMaskBit4  = 0x10
+	CBitFieldMaskBit5  = 0x20
+	CBitFieldMaskBit6  = 0x40
+	CBitFieldMaskBit7  = 0x80
+	CBitFieldMaskBit8  = 0x100
+	CBitFieldMaskBit9  = 0x200
+	CBitFieldMaskBit10 = 0x400
+	CBitFieldMaskBit11 = 0x800
+	CBitFieldMaskBit12 = 0x1000
+	CBitFieldMaskBit13 = 0x2000
+	CBitFieldMaskBit14 = 0x4000
+	CBitFieldMaskBit15 = 0x8000
+	CBitFieldMaskBit16 = 0x10000
+	CBitFieldMaskBit17 = 0x20000
+	CBitFieldMaskBit18 = 0x40000
+	CBitFieldMaskBit19 = 0x80000
+	CBitFieldMaskBit20 = 0x100000
+	CBitFieldMaskBit21 = 0x200000
+	CBitFieldMaskBit22 = 0x400000
+	CBitFieldMaskBit23 = 0x800000
+	CBitFieldMaskBit24 = 0x1000000
+	CBitFieldMaskBit25 = 0x2000000
+	CBitFieldMaskBit26 = 0x4000000
+	CBitFieldMaskBit27 = 0x8000000
+	CBitFieldMaskBit28 = 0x10000000
+	CBitFieldMaskBit29 = 0x20000000
+	CBitFieldMaskBit30 = 0x40000000
+	CBitFieldMaskBit31 = 0x80000000
+	CBitFieldMaskBit32 = 0x100000000
+	CBitFieldMaskBit33 = 0x200000000
+	CBitFieldMaskBit34 = 0x400000000
+	CBitFieldMaskBit35 = 0x800000000
+	CBitFieldMaskBit36 = 0x1000000000
+	CBitFieldMaskBit37 = 0x2000000000
+	CBitFieldMaskBit38 = 0x4000000000
+	CBitFieldMaskBit39 = 0x8000000000
+	CBitFieldMaskBit40 = 0x10000000000
+	CBitFieldMaskBit41 = 0x20000000000
+	CBitFieldMaskBit42 = 0x40000000000
+	CBitFieldMaskBit43 = 0x80000000000
+	CBitFieldMaskBit44 = 0x100000000000
+	CBitFieldMaskBit45 = 0x200000000000
+	CBitFieldMaskBit46 = 0x400000000000
+	CBitFieldMaskBit47 = 0x800000000000
+	CBitFieldMaskBit48 = 0x1000000000000
+	CBitFieldMaskBit49 = 0x2000000000000
+	CBitFieldMaskBit50 = 0x4000000000000
+	CBitFieldMaskBit51 = 0x8000000000000
+	CBitFieldMaskBit52 = 0x10000000000000
+	CBitFieldMaskBit53 = 0x20000000000000
+	CBitFieldMaskBit54 = 0x40000000000000
+	CBitFieldMaskBit55 = 0x80000000000000
+	CBitFieldMaskBit56 = 0x100000000000000
+	CBitFieldMaskBit57 = 0x200000000000000
+	CBitFieldMaskBit58 = 0x400000000000000
+	CBitFieldMaskBit59 = 0x800000000000000
+	CBitFieldMaskBit60 = 0x1000000000000000
+	CBitFieldMaskBit61 = 0x2000000000000000
+	CBitFieldMaskBit62 = 0x4000000000000000
+	CBitFieldMaskBit63 = 0x8000000000000000
+)
+
+type SockaddrStorage struct {
+	Family uint16
+	_      [122]uint8
+	_      uint32
+}
+
+type HDGeometry struct {
+	Heads     uint8
+	Sectors   uint8
+	Cylinders uint16
+	Start     uint32
+}
+
+type Statfs_t struct {
+	Type    int32
+	Bsize   int32
+	Blocks  uint64
+	Bfree   uint64
+	Bavail  uint64
+	Files   uint64
+	Ffree   uint64
+	Fsid    Fsid
+	Namelen int32
+	Frsize  int32
+	Flags   int32
+	Spare   [4]int32
+	_       [4]byte
+}
+
+type TpacketHdr struct {
+	Status  uint32
+	Len     uint32
+	Snaplen uint32
+	Mac     uint16
+	Net     uint16
+	Sec     uint32
+	Usec    uint32
+}
+
+const (
+	SizeofTpacketHdr = 0x18
+)
+
+type RTCPLLInfo struct {
+	Ctrl    int32
+	Value   int32
+	Max     int32
+	Min     int32
+	Posmult int32
+	Negmult int32
+	Clock   int32
+}
+
+type BlkpgPartition struct {
+	Start   int64
+	Length  int64
+	Pno     int32
+	Devname [64]uint8
+	Volname [64]uint8
+	_       [4]byte
+}
+
+const (
+	BLKPG = 0x1269
+)
+
+type XDPUmemReg struct {
+	Addr     uint64
+	Len      uint64
+	Size     uint32
+	Headroom uint32
+	Flags    uint32
+	_        [4]byte
+}
+
+type CryptoUserAlg struct {
+	Name        [64]uint8
+	Driver_name [64]uint8
+	Module_name [64]uint8
+	Type        uint32
+	Mask        uint32
+	Refcnt      uint32
+	Flags       uint32
+}
+
+type CryptoStatAEAD struct {
+	Type         [64]uint8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
+}
+
+type CryptoStatAKCipher struct {
+	Type         [64]uint8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Verify_cnt   uint64
+	Sign_cnt     uint64
+	Err_cnt      uint64
+}
+
+type CryptoStatCipher struct {
+	Type         [64]uint8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
+}
+
+type CryptoStatCompress struct {
+	Type            [64]uint8
+	Compress_cnt    uint64
+	Compress_tlen   uint64
+	Decompress_cnt  uint64
+	Decompress_tlen uint64
+	Err_cnt         uint64
+}
+
+type CryptoStatHash struct {
+	Type      [64]uint8
+	Hash_cnt  uint64
+	Hash_tlen uint64
+	Err_cnt   uint64
+}
+
+type CryptoStatKPP struct {
+	Type                      [64]uint8
+	Setsecret_cnt             uint64
+	Generate_public_key_cnt   uint64
+	Compute_shared_secret_cnt uint64
+	Err_cnt                   uint64
+}
+
+type CryptoStatRNG struct {
+	Type          [64]uint8
+	Generate_cnt  uint64
+	Generate_tlen uint64
+	Seed_cnt      uint64
+	Err_cnt       uint64
+}
+
+type CryptoStatLarval struct {
+	Type [64]uint8
+}
+
+type CryptoReportLarval struct {
+	Type [64]uint8
+}
+
+type CryptoReportHash struct {
+	Type       [64]uint8
+	Blocksize  uint32
+	Digestsize uint32
+}
+
+type CryptoReportCipher struct {
+	Type        [64]uint8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
+}
+
+type CryptoReportBlkCipher struct {
+	Type        [64]uint8
+	Geniv       [64]uint8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
+	Ivsize      uint32
+}
+
+type CryptoReportAEAD struct {
+	Type        [64]uint8
+	Geniv       [64]uint8
+	Blocksize   uint32
+	Maxauthsize uint32
+	Ivsize      uint32
+}
+
+type CryptoReportComp struct {
+	Type [64]uint8
+}
+
+type CryptoReportRNG struct {
+	Type     [64]uint8
+	Seedsize uint32
+}
+
+type CryptoReportAKCipher struct {
+	Type [64]uint8
+}
+
+type CryptoReportKPP struct {
+	Type [64]uint8
+}
+
+type CryptoReportAcomp struct {
+	Type [64]uint8
+}
+
+type LoopInfo struct {
+	Number           int32
+	Device           uint16
+	Inode            uint32
+	Rdevice          uint16
+	Offset           int32
+	Encrypt_type     int32
+	Encrypt_key_size int32
+	Flags            int32
+	Name             [64]uint8
+	Encrypt_key      [32]uint8
+	Init             [2]uint32
+	Reserved         [4]uint8
+}
+
+type TIPCSubscr struct {
+	Seq     TIPCServiceRange
+	Timeout uint32
+	Filter  uint32
+	Handle  [8]uint8
+}
+
+type TIPCSIOCLNReq struct {
+	Peer     uint32
+	Id       uint32
+	Linkname [68]uint8
+}
+
+type TIPCSIOCNodeIDReq struct {
+	Peer uint32
+	Id   [16]uint8
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
new file mode 100644
index 000000000..b1e0c24f1
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
@@ -0,0 +1,600 @@
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include -fsigned-char linux/types.go | go run mkpost.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build arm64,linux
+
+package unix
+
+const (
+	SizeofPtr  = 0x8
+	SizeofLong = 0x8
+)
+
+type (
+	_C_long int64
+)
+
+type Timespec struct {
+	Sec  int64
+	Nsec int64
+}
+
+type Timeval struct {
+	Sec  int64
+	Usec int64
+}
+
+type Timex struct {
+	Modes     uint32
+	Offset    int64
+	Freq      int64
+	Maxerror  int64
+	Esterror  int64
+	Status    int32
+	Constant  int64
+	Precision int64
+	Tolerance int64
+	Time      Timeval
+	Tick      int64
+	Ppsfreq   int64
+	Jitter    int64
+	Shift     int32
+	Stabil    int64
+	Jitcnt    int64
+	Calcnt    int64
+	Errcnt    int64
+	Stbcnt    int64
+	Tai       int32
+	_         [44]byte
+}
+
+type Time_t int64
+
+type Tms struct {
+	Utime  int64
+	Stime  int64
+	Cutime int64
+	Cstime int64
+}
+
+type Utimbuf struct {
+	Actime  int64
+	Modtime int64
+}
+
+type Rusage struct {
+	Utime    Timeval
+	Stime    Timeval
+	Maxrss   int64
+	Ixrss    int64
+	Idrss    int64
+	Isrss    int64
+	Minflt   int64
+	Majflt   int64
+	Nswap    int64
+	Inblock  int64
+	Oublock  int64
+	Msgsnd   int64
+	Msgrcv   int64
+	Nsignals int64
+	Nvcsw    int64
+	Nivcsw   int64
+}
+
+type Stat_t struct {
+	Dev     uint64
+	Ino     uint64
+	Mode    uint32
+	Nlink   uint32
+	Uid     uint32
+	Gid     uint32
+	Rdev    uint64
+	_       uint64
+	Size    int64
+	Blksize int32
+	_       int32
+	Blocks  int64
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	_       [2]int32
+}
+
+type Dirent struct {
+	Ino    uint64
+	Off    int64
+	Reclen uint16
+	Type   uint8
+	Name   [256]int8
+	_      [5]byte
+}
+
+type Flock_t struct {
+	Type   int16
+	Whence int16
+	Start  int64
+	Len    int64
+	Pid    int32
+	_      [4]byte
+}
+
+type DmNameList struct {
+	Dev  uint64
+	Next uint32
+	Name [0]byte
+	_    [4]byte
+}
+
+const (
+	FADV_DONTNEED = 0x4
+	FADV_NOREUSE  = 0x5
+)
+
+type RawSockaddr struct {
+	Family uint16
+	Data   [14]int8
+}
+
+type RawSockaddrAny struct {
+	Addr RawSockaddr
+	Pad  [96]int8
+}
+
+type Iovec struct {
+	Base *byte
+	Len  uint64
+}
+
+type Msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Iov        *Iovec
+	Iovlen     uint64
+	Control    *byte
+	Controllen uint64
+	Flags      int32
+	_          [4]byte
+}
+
+type Cmsghdr struct {
+	Len   uint64
+	Level int32
+	Type  int32
+}
+
+const (
+	SizeofIovec   = 0x10
+	SizeofMsghdr  = 0x38
+	SizeofCmsghdr = 0x10
+)
+
+const (
+	SizeofSockFprog = 0x10
+)
+
+type PtraceRegs struct {
+	Regs   [31]uint64
+	Sp     uint64
+	Pc     uint64
+	Pstate uint64
+}
+
+type FdSet struct {
+	Bits [16]int64
+}
+
+type Sysinfo_t struct {
+	Uptime    int64
+	Loads     [3]uint64
+	Totalram  uint64
+	Freeram   uint64
+	Sharedram uint64
+	Bufferram uint64
+	Totalswap uint64
+	Freeswap  uint64
+	Procs     uint16
+	Pad       uint16
+	Totalhigh uint64
+	Freehigh  uint64
+	Unit      uint32
+	_         [0]int8
+	_         [4]byte
+}
+
+type Ustat_t struct {
+	Tfree  int32
+	Tinode uint64
+	Fname  [6]int8
+	Fpack  [6]int8
+	_      [4]byte
+}
+
+type EpollEvent struct {
+	Events uint32
+	PadFd  int32
+	Fd     int32
+	Pad    int32
+}
+
+const (
+	POLLRDHUP = 0x2000
+)
+
+type Sigset_t struct {
+	Val [16]uint64
+}
+
+const _C__NSIG = 0x41
+
+type Termios struct {
+	Iflag  uint32
+	Oflag  uint32
+	Cflag  uint32
+	Lflag  uint32
+	Line   uint8
+	Cc     [19]uint8
+	Ispeed uint32
+	Ospeed uint32
+}
+
+type Taskstats struct {
+	Version                   uint16
+	Ac_exitcode               uint32
+	Ac_flag                   uint8
+	Ac_nice                   uint8
+	Cpu_count                 uint64
+	Cpu_delay_total           uint64
+	Blkio_count               uint64
+	Blkio_delay_total         uint64
+	Swapin_count              uint64
+	Swapin_delay_total        uint64
+	Cpu_run_real_total        uint64
+	Cpu_run_virtual_total     uint64
+	Ac_comm                   [32]int8
+	Ac_sched                  uint8
+	Ac_pad                    [3]uint8
+	_                         [4]byte
+	Ac_uid                    uint32
+	Ac_gid                    uint32
+	Ac_pid                    uint32
+	Ac_ppid                   uint32
+	Ac_btime                  uint32
+	Ac_etime                  uint64
+	Ac_utime                  uint64
+	Ac_stime                  uint64
+	Ac_minflt                 uint64
+	Ac_majflt                 uint64
+	Coremem                   uint64
+	Virtmem                   uint64
+	Hiwater_rss               uint64
+	Hiwater_vm                uint64
+	Read_char                 uint64
+	Write_char                uint64
+	Read_syscalls             uint64
+	Write_syscalls            uint64
+	Read_bytes                uint64
+	Write_bytes               uint64
+	Cancelled_write_bytes     uint64
+	Nvcsw                     uint64
+	Nivcsw                    uint64
+	Ac_utimescaled            uint64
+	Ac_stimescaled            uint64
+	Cpu_scaled_run_real_total uint64
+	Freepages_count           uint64
+	Freepages_delay_total     uint64
+	Thrashing_count           uint64
+	Thrashing_delay_total     uint64
+	Ac_btime64                uint64
+}
+
+type cpuMask uint64
+
+const (
+	_NCPUBITS = 0x40
+)
+
+const (
+	CBitFieldMaskBit0  = 0x1
+	CBitFieldMaskBit1  = 0x2
+	CBitFieldMaskBit2  = 0x4
+	CBitFieldMaskBit3  = 0x8
+	CBitFieldMaskBit4  = 0x10
+	CBitFieldMaskBit5  = 0x20
+	CBitFieldMaskBit6  = 0x40
+	CBitFieldMaskBit7  = 0x80
+	CBitFieldMaskBit8  = 0x100
+	CBitFieldMaskBit9  = 0x200
+	CBitFieldMaskBit10 = 0x400
+	CBitFieldMaskBit11 = 0x800
+	CBitFieldMaskBit12 = 0x1000
+	CBitFieldMaskBit13 = 0x2000
+	CBitFieldMaskBit14 = 0x4000
+	CBitFieldMaskBit15 = 0x8000
+	CBitFieldMaskBit16 = 0x10000
+	CBitFieldMaskBit17 = 0x20000
+	CBitFieldMaskBit18 = 0x40000
+	CBitFieldMaskBit19 = 0x80000
+	CBitFieldMaskBit20 = 0x100000
+	CBitFieldMaskBit21 = 0x200000
+	CBitFieldMaskBit22 = 0x400000
+	CBitFieldMaskBit23 = 0x800000
+	CBitFieldMaskBit24 = 0x1000000
+	CBitFieldMaskBit25 = 0x2000000
+	CBitFieldMaskBit26 = 0x4000000
+	CBitFieldMaskBit27 = 0x8000000
+	CBitFieldMaskBit28 = 0x10000000
+	CBitFieldMaskBit29 = 0x20000000
+	CBitFieldMaskBit30 = 0x40000000
+	CBitFieldMaskBit31 = 0x80000000
+	CBitFieldMaskBit32 = 0x100000000
+	CBitFieldMaskBit33 = 0x200000000
+	CBitFieldMaskBit34 = 0x400000000
+	CBitFieldMaskBit35 = 0x800000000
+	CBitFieldMaskBit36 = 0x1000000000
+	CBitFieldMaskBit37 = 0x2000000000
+	CBitFieldMaskBit38 = 0x4000000000
+	CBitFieldMaskBit39 = 0x8000000000
+	CBitFieldMaskBit40 = 0x10000000000
+	CBitFieldMaskBit41 = 0x20000000000
+	CBitFieldMaskBit42 = 0x40000000000
+	CBitFieldMaskBit43 = 0x80000000000
+	CBitFieldMaskBit44 = 0x100000000000
+	CBitFieldMaskBit45 = 0x200000000000
+	CBitFieldMaskBit46 = 0x400000000000
+	CBitFieldMaskBit47 = 0x800000000000
+	CBitFieldMaskBit48 = 0x1000000000000
+	CBitFieldMaskBit49 = 0x2000000000000
+	CBitFieldMaskBit50 = 0x4000000000000
+	CBitFieldMaskBit51 = 0x8000000000000
+	CBitFieldMaskBit52 = 0x10000000000000
+	CBitFieldMaskBit53 = 0x20000000000000
+	CBitFieldMaskBit54 = 0x40000000000000
+	CBitFieldMaskBit55 = 0x80000000000000
+	CBitFieldMaskBit56 = 0x100000000000000
+	CBitFieldMaskBit57 = 0x200000000000000
+	CBitFieldMaskBit58 = 0x400000000000000
+	CBitFieldMaskBit59 = 0x800000000000000
+	CBitFieldMaskBit60 = 0x1000000000000000
+	CBitFieldMaskBit61 = 0x2000000000000000
+	CBitFieldMaskBit62 = 0x4000000000000000
+	CBitFieldMaskBit63 = 0x8000000000000000
+)
+
+type SockaddrStorage struct {
+	Family uint16
+	_      [118]int8
+	_      uint64
+}
+
+type HDGeometry struct {
+	Heads     uint8
+	Sectors   uint8
+	Cylinders uint16
+	Start     uint64
+}
+
+type Statfs_t struct {
+	Type    int64
+	Bsize   int64
+	Blocks  uint64
+	Bfree   uint64
+	Bavail  uint64
+	Files   uint64
+	Ffree   uint64
+	Fsid    Fsid
+	Namelen int64
+	Frsize  int64
+	Flags   int64
+	Spare   [4]int64
+}
+
+type TpacketHdr struct {
+	Status  uint64
+	Len     uint32
+	Snaplen uint32
+	Mac     uint16
+	Net     uint16
+	Sec     uint32
+	Usec    uint32
+	_       [4]byte
+}
+
+const (
+	SizeofTpacketHdr = 0x20
+)
+
+type RTCPLLInfo struct {
+	Ctrl    int32
+	Value   int32
+	Max     int32
+	Min     int32
+	Posmult int32
+	Negmult int32
+	Clock   int64
+}
+
+type BlkpgPartition struct {
+	Start   int64
+	Length  int64
+	Pno     int32
+	Devname [64]uint8
+	Volname [64]uint8
+	_       [4]byte
+}
+
+const (
+	BLKPG = 0x1269
+)
+
+type XDPUmemReg struct {
+	Addr     uint64
+	Len      uint64
+	Size     uint32
+	Headroom uint32
+	Flags    uint32
+	_        [4]byte
+}
+
+type CryptoUserAlg struct {
+	Name        [64]int8
+	Driver_name [64]int8
+	Module_name [64]int8
+	Type        uint32
+	Mask        uint32
+	Refcnt      uint32
+	Flags       uint32
+}
+
+type CryptoStatAEAD struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
+}
+
+type CryptoStatAKCipher struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Verify_cnt   uint64
+	Sign_cnt     uint64
+	Err_cnt      uint64
+}
+
+type CryptoStatCipher struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
+}
+
+type CryptoStatCompress struct {
+	Type            [64]int8
+	Compress_cnt    uint64
+	Compress_tlen   uint64
+	Decompress_cnt  uint64
+	Decompress_tlen uint64
+	Err_cnt         uint64
+}
+
+type CryptoStatHash struct {
+	Type      [64]int8
+	Hash_cnt  uint64
+	Hash_tlen uint64
+	Err_cnt   uint64
+}
+
+type CryptoStatKPP struct {
+	Type                      [64]int8
+	Setsecret_cnt             uint64
+	Generate_public_key_cnt   uint64
+	Compute_shared_secret_cnt uint64
+	Err_cnt                   uint64
+}
+
+type CryptoStatRNG struct {
+	Type          [64]int8
+	Generate_cnt  uint64
+	Generate_tlen uint64
+	Seed_cnt      uint64
+	Err_cnt       uint64
+}
+
+type CryptoStatLarval struct {
+	Type [64]int8
+}
+
+type CryptoReportLarval struct {
+	Type [64]int8
+}
+
+type CryptoReportHash struct {
+	Type       [64]int8
+	Blocksize  uint32
+	Digestsize uint32
+}
+
+type CryptoReportCipher struct {
+	Type        [64]int8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
+}
+
+type CryptoReportBlkCipher struct {
+	Type        [64]int8
+	Geniv       [64]int8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
+	Ivsize      uint32
+}
+
+type CryptoReportAEAD struct {
+	Type        [64]int8
+	Geniv       [64]int8
+	Blocksize   uint32
+	Maxauthsize uint32
+	Ivsize      uint32
+}
+
+type CryptoReportComp struct {
+	Type [64]int8
+}
+
+type CryptoReportRNG struct {
+	Type     [64]int8
+	Seedsize uint32
+}
+
+type CryptoReportAKCipher struct {
+	Type [64]int8
+}
+
+type CryptoReportKPP struct {
+	Type [64]int8
+}
+
+type CryptoReportAcomp struct {
+	Type [64]int8
+}
+
+type LoopInfo struct {
+	Number           int32
+	Device           uint32
+	Inode            uint64
+	Rdevice          uint32
+	Offset           int32
+	Encrypt_type     int32
+	Encrypt_key_size int32
+	Flags            int32
+	Name             [64]int8
+	Encrypt_key      [32]uint8
+	Init             [2]uint64
+	Reserved         [4]int8
+	_                [4]byte
+}
+
+type TIPCSubscr struct {
+	Seq     TIPCServiceRange
+	Timeout uint32
+	Filter  uint32
+	Handle  [8]int8
+}
+
+type TIPCSIOCLNReq struct {
+	Peer     uint32
+	Id       uint32
+	Linkname [68]int8
+}
+
+type TIPCSIOCNodeIDReq struct {
+	Peer uint32
+	Id   [16]int8
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
new file mode 100644
index 000000000..fb802c3ec
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
@@ -0,0 +1,604 @@
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include linux/types.go | go run mkpost.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build mips,linux
+
+package unix
+
+const (
+	SizeofPtr  = 0x4
+	SizeofLong = 0x4
+)
+
+type (
+	_C_long int32
+)
+
+type Timespec struct {
+	Sec  int32
+	Nsec int32
+}
+
+type Timeval struct {
+	Sec  int32
+	Usec int32
+}
+
+type Timex struct {
+	Modes     uint32
+	Offset    int32
+	Freq      int32
+	Maxerror  int32
+	Esterror  int32
+	Status    int32
+	Constant  int32
+	Precision int32
+	Tolerance int32
+	Time      Timeval
+	Tick      int32
+	Ppsfreq   int32
+	Jitter    int32
+	Shift     int32
+	Stabil    int32
+	Jitcnt    int32
+	Calcnt    int32
+	Errcnt    int32
+	Stbcnt    int32
+	Tai       int32
+	_         [44]byte
+}
+
+type Time_t int32
+
+type Tms struct {
+	Utime  int32
+	Stime  int32
+	Cutime int32
+	Cstime int32
+}
+
+type Utimbuf struct {
+	Actime  int32
+	Modtime int32
+}
+
+type Rusage struct {
+	Utime    Timeval
+	Stime    Timeval
+	Maxrss   int32
+	Ixrss    int32
+	Idrss    int32
+	Isrss    int32
+	Minflt   int32
+	Majflt   int32
+	Nswap    int32
+	Inblock  int32
+	Oublock  int32
+	Msgsnd   int32
+	Msgrcv   int32
+	Nsignals int32
+	Nvcsw    int32
+	Nivcsw   int32
+}
+
+type Stat_t struct {
+	Dev     uint32
+	Pad1    [3]int32
+	Ino     uint64
+	Mode    uint32
+	Nlink   uint32
+	Uid     uint32
+	Gid     uint32
+	Rdev    uint32
+	Pad2    [3]int32
+	Size    int64
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	Blksize int32
+	Pad4    int32
+	Blocks  int64
+	Pad5    [14]int32
+}
+
+type Dirent struct {
+	Ino    uint64
+	Off    int64
+	Reclen uint16
+	Type   uint8
+	Name   [256]int8
+	_      [5]byte
+}
+
+type Flock_t struct {
+	Type   int16
+	Whence int16
+	_      [4]byte
+	Start  int64
+	Len    int64
+	Pid    int32
+	_      [4]byte
+}
+
+type DmNameList struct {
+	Dev  uint64
+	Next uint32
+	Name [0]byte
+	_    [4]byte
+}
+
+const (
+	FADV_DONTNEED = 0x4
+	FADV_NOREUSE  = 0x5
+)
+
+type RawSockaddr struct {
+	Family uint16
+	Data   [14]int8
+}
+
+type RawSockaddrAny struct {
+	Addr RawSockaddr
+	Pad  [96]int8
+}
+
+type Iovec struct {
+	Base *byte
+	Len  uint32
+}
+
+type Msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Iov        *Iovec
+	Iovlen     uint32
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type Cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+const (
+	SizeofIovec   = 0x8
+	SizeofMsghdr  = 0x1c
+	SizeofCmsghdr = 0xc
+)
+
+const (
+	SizeofSockFprog = 0x8
+)
+
+type PtraceRegs struct {
+	Regs     [32]uint64
+	Lo       uint64
+	Hi       uint64
+	Epc      uint64
+	Badvaddr uint64
+	Status   uint64
+	Cause    uint64
+}
+
+type FdSet struct {
+	Bits [32]int32
+}
+
+type Sysinfo_t struct {
+	Uptime    int32
+	Loads     [3]uint32
+	Totalram  uint32
+	Freeram   uint32
+	Sharedram uint32
+	Bufferram uint32
+	Totalswap uint32
+	Freeswap  uint32
+	Procs     uint16
+	Pad       uint16
+	Totalhigh uint32
+	Freehigh  uint32
+	Unit      uint32
+	_         [8]int8
+}
+
+type Ustat_t struct {
+	Tfree  int32
+	Tinode uint32
+	Fname  [6]int8
+	Fpack  [6]int8
+}
+
+type EpollEvent struct {
+	Events uint32
+	PadFd  int32
+	Fd     int32
+	Pad    int32
+}
+
+const (
+	POLLRDHUP = 0x2000
+)
+
+type Sigset_t struct {
+	Val [32]uint32
+}
+
+const _C__NSIG = 0x80
+
+type Termios struct {
+	Iflag  uint32
+	Oflag  uint32
+	Cflag  uint32
+	Lflag  uint32
+	Line   uint8
+	Cc     [23]uint8
+	Ispeed uint32
+	Ospeed uint32
+}
+
+type Taskstats struct {
+	Version                   uint16
+	Ac_exitcode               uint32
+	Ac_flag                   uint8
+	Ac_nice                   uint8
+	_                         [4]byte
+	Cpu_count                 uint64
+	Cpu_delay_total           uint64
+	Blkio_count               uint64
+	Blkio_delay_total         uint64
+	Swapin_count              uint64
+	Swapin_delay_total        uint64
+	Cpu_run_real_total        uint64
+	Cpu_run_virtual_total     uint64
+	Ac_comm                   [32]int8
+	Ac_sched                  uint8
+	Ac_pad                    [3]uint8
+	_                         [4]byte
+	Ac_uid                    uint32
+	Ac_gid                    uint32
+	Ac_pid                    uint32
+	Ac_ppid                   uint32
+	Ac_btime                  uint32
+	_                         [4]byte
+	Ac_etime                  uint64
+	Ac_utime                  uint64
+	Ac_stime                  uint64
+	Ac_minflt                 uint64
+	Ac_majflt                 uint64
+	Coremem                   uint64
+	Virtmem                   uint64
+	Hiwater_rss               uint64
+	Hiwater_vm                uint64
+	Read_char                 uint64
+	Write_char                uint64
+	Read_syscalls             uint64
+	Write_syscalls            uint64
+	Read_bytes                uint64
+	Write_bytes               uint64
+	Cancelled_write_bytes     uint64
+	Nvcsw                     uint64
+	Nivcsw                    uint64
+	Ac_utimescaled            uint64
+	Ac_stimescaled            uint64
+	Cpu_scaled_run_real_total uint64
+	Freepages_count           uint64
+	Freepages_delay_total     uint64
+	Thrashing_count           uint64
+	Thrashing_delay_total     uint64
+	Ac_btime64                uint64
+}
+
+type cpuMask uint32
+
+const (
+	_NCPUBITS = 0x20
+)
+
+const (
+	CBitFieldMaskBit0  = 0x8000000000000000
+	CBitFieldMaskBit1  = 0x4000000000000000
+	CBitFieldMaskBit2  = 0x2000000000000000
+	CBitFieldMaskBit3  = 0x1000000000000000
+	CBitFieldMaskBit4  = 0x800000000000000
+	CBitFieldMaskBit5  = 0x400000000000000
+	CBitFieldMaskBit6  = 0x200000000000000
+	CBitFieldMaskBit7  = 0x100000000000000
+	CBitFieldMaskBit8  = 0x80000000000000
+	CBitFieldMaskBit9  = 0x40000000000000
+	CBitFieldMaskBit10 = 0x20000000000000
+	CBitFieldMaskBit11 = 0x10000000000000
+	CBitFieldMaskBit12 = 0x8000000000000
+	CBitFieldMaskBit13 = 0x4000000000000
+	CBitFieldMaskBit14 = 0x2000000000000
+	CBitFieldMaskBit15 = 0x1000000000000
+	CBitFieldMaskBit16 = 0x800000000000
+	CBitFieldMaskBit17 = 0x400000000000
+	CBitFieldMaskBit18 = 0x200000000000
+	CBitFieldMaskBit19 = 0x100000000000
+	CBitFieldMaskBit20 = 0x80000000000
+	CBitFieldMaskBit21 = 0x40000000000
+	CBitFieldMaskBit22 = 0x20000000000
+	CBitFieldMaskBit23 = 0x10000000000
+	CBitFieldMaskBit24 = 0x8000000000
+	CBitFieldMaskBit25 = 0x4000000000
+	CBitFieldMaskBit26 = 0x2000000000
+	CBitFieldMaskBit27 = 0x1000000000
+	CBitFieldMaskBit28 = 0x800000000
+	CBitFieldMaskBit29 = 0x400000000
+	CBitFieldMaskBit30 = 0x200000000
+	CBitFieldMaskBit31 = 0x100000000
+	CBitFieldMaskBit32 = 0x80000000
+	CBitFieldMaskBit33 = 0x40000000
+	CBitFieldMaskBit34 = 0x20000000
+	CBitFieldMaskBit35 = 0x10000000
+	CBitFieldMaskBit36 = 0x8000000
+	CBitFieldMaskBit37 = 0x4000000
+	CBitFieldMaskBit38 = 0x2000000
+	CBitFieldMaskBit39 = 0x1000000
+	CBitFieldMaskBit40 = 0x800000
+	CBitFieldMaskBit41 = 0x400000
+	CBitFieldMaskBit42 = 0x200000
+	CBitFieldMaskBit43 = 0x100000
+	CBitFieldMaskBit44 = 0x80000
+	CBitFieldMaskBit45 = 0x40000
+	CBitFieldMaskBit46 = 0x20000
+	CBitFieldMaskBit47 = 0x10000
+	CBitFieldMaskBit48 = 0x8000
+	CBitFieldMaskBit49 = 0x4000
+	CBitFieldMaskBit50 = 0x2000
+	CBitFieldMaskBit51 = 0x1000
+	CBitFieldMaskBit52 = 0x800
+	CBitFieldMaskBit53 = 0x400
+	CBitFieldMaskBit54 = 0x200
+	CBitFieldMaskBit55 = 0x100
+	CBitFieldMaskBit56 = 0x80
+	CBitFieldMaskBit57 = 0x40
+	CBitFieldMaskBit58 = 0x20
+	CBitFieldMaskBit59 = 0x10
+	CBitFieldMaskBit60 = 0x8
+	CBitFieldMaskBit61 = 0x4
+	CBitFieldMaskBit62 = 0x2
+	CBitFieldMaskBit63 = 0x1
+)
+
+type SockaddrStorage struct {
+	Family uint16
+	_      [122]int8
+	_      uint32
+}
+
+type HDGeometry struct {
+	Heads     uint8
+	Sectors   uint8
+	Cylinders uint16
+	Start     uint32
+}
+
+type Statfs_t struct {
+	Type    int32
+	Bsize   int32
+	Frsize  int32
+	_       [4]byte
+	Blocks  uint64
+	Bfree   uint64
+	Files   uint64
+	Ffree   uint64
+	Bavail  uint64
+	Fsid    Fsid
+	Namelen int32
+	Flags   int32
+	Spare   [5]int32
+	_       [4]byte
+}
+
+type TpacketHdr struct {
+	Status  uint32
+	Len     uint32
+	Snaplen uint32
+	Mac     uint16
+	Net     uint16
+	Sec     uint32
+	Usec    uint32
+}
+
+const (
+	SizeofTpacketHdr = 0x18
+)
+
+type RTCPLLInfo struct {
+	Ctrl    int32
+	Value   int32
+	Max     int32
+	Min     int32
+	Posmult int32
+	Negmult int32
+	Clock   int32
+}
+
+type BlkpgPartition struct {
+	Start   int64
+	Length  int64
+	Pno     int32
+	Devname [64]uint8
+	Volname [64]uint8
+	_       [4]byte
+}
+
+const (
+	BLKPG = 0x20001269
+)
+
+type XDPUmemReg struct {
+	Addr     uint64
+	Len      uint64
+	Size     uint32
+	Headroom uint32
+	Flags    uint32
+	_        [4]byte
+}
+
+type CryptoUserAlg struct {
+	Name        [64]int8
+	Driver_name [64]int8
+	Module_name [64]int8
+	Type        uint32
+	Mask        uint32
+	Refcnt      uint32
+	Flags       uint32
+}
+
+type CryptoStatAEAD struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
+}
+
+type CryptoStatAKCipher struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Verify_cnt   uint64
+	Sign_cnt     uint64
+	Err_cnt      uint64
+}
+
+type CryptoStatCipher struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
+}
+
+type CryptoStatCompress struct {
+	Type            [64]int8
+	Compress_cnt    uint64
+	Compress_tlen   uint64
+	Decompress_cnt  uint64
+	Decompress_tlen uint64
+	Err_cnt         uint64
+}
+
+type CryptoStatHash struct {
+	Type      [64]int8
+	Hash_cnt  uint64
+	Hash_tlen uint64
+	Err_cnt   uint64
+}
+
+type CryptoStatKPP struct {
+	Type                      [64]int8
+	Setsecret_cnt             uint64
+	Generate_public_key_cnt   uint64
+	Compute_shared_secret_cnt uint64
+	Err_cnt                   uint64
+}
+
+type CryptoStatRNG struct {
+	Type          [64]int8
+	Generate_cnt  uint64
+	Generate_tlen uint64
+	Seed_cnt      uint64
+	Err_cnt       uint64
+}
+
+type CryptoStatLarval struct {
+	Type [64]int8
+}
+
+type CryptoReportLarval struct {
+	Type [64]int8
+}
+
+type CryptoReportHash struct {
+	Type       [64]int8
+	Blocksize  uint32
+	Digestsize uint32
+}
+
+type CryptoReportCipher struct {
+	Type        [64]int8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
+}
+
+type CryptoReportBlkCipher struct {
+	Type        [64]int8
+	Geniv       [64]int8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
+	Ivsize      uint32
+}
+
+type CryptoReportAEAD struct {
+	Type        [64]int8
+	Geniv       [64]int8
+	Blocksize   uint32
+	Maxauthsize uint32
+	Ivsize      uint32
+}
+
+type CryptoReportComp struct {
+	Type [64]int8
+}
+
+type CryptoReportRNG struct {
+	Type     [64]int8
+	Seedsize uint32
+}
+
+type CryptoReportAKCipher struct {
+	Type [64]int8
+}
+
+type CryptoReportKPP struct {
+	Type [64]int8
+}
+
+type CryptoReportAcomp struct {
+	Type [64]int8
+}
+
+type LoopInfo struct {
+	Number           int32
+	Device           uint32
+	Inode            uint32
+	Rdevice          uint32
+	Offset           int32
+	Encrypt_type     int32
+	Encrypt_key_size int32
+	Flags            int32
+	Name             [64]int8
+	Encrypt_key      [32]uint8
+	Init             [2]uint32
+	Reserved         [4]int8
+}
+
+type TIPCSubscr struct {
+	Seq     TIPCServiceRange
+	Timeout uint32
+	Filter  uint32
+	Handle  [8]int8
+}
+
+type TIPCSIOCLNReq struct {
+	Peer     uint32
+	Id       uint32
+	Linkname [68]int8
+}
+
+type TIPCSIOCNodeIDReq struct {
+	Peer uint32
+	Id   [16]int8
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
new file mode 100644
index 000000000..30abcf3bb
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
@@ -0,0 +1,603 @@
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include linux/types.go | go run mkpost.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build mips64,linux
+
+package unix
+
+const (
+	SizeofPtr  = 0x8
+	SizeofLong = 0x8
+)
+
+type (
+	_C_long int64
+)
+
+type Timespec struct {
+	Sec  int64
+	Nsec int64
+}
+
+type Timeval struct {
+	Sec  int64
+	Usec int64
+}
+
+type Timex struct {
+	Modes     uint32
+	Offset    int64
+	Freq      int64
+	Maxerror  int64
+	Esterror  int64
+	Status    int32
+	Constant  int64
+	Precision int64
+	Tolerance int64
+	Time      Timeval
+	Tick      int64
+	Ppsfreq   int64
+	Jitter    int64
+	Shift     int32
+	Stabil    int64
+	Jitcnt    int64
+	Calcnt    int64
+	Errcnt    int64
+	Stbcnt    int64
+	Tai       int32
+	_         [44]byte
+}
+
+type Time_t int64
+
+type Tms struct {
+	Utime  int64
+	Stime  int64
+	Cutime int64
+	Cstime int64
+}
+
+type Utimbuf struct {
+	Actime  int64
+	Modtime int64
+}
+
+type Rusage struct {
+	Utime    Timeval
+	Stime    Timeval
+	Maxrss   int64
+	Ixrss    int64
+	Idrss    int64
+	Isrss    int64
+	Minflt   int64
+	Majflt   int64
+	Nswap    int64
+	Inblock  int64
+	Oublock  int64
+	Msgsnd   int64
+	Msgrcv   int64
+	Nsignals int64
+	Nvcsw    int64
+	Nivcsw   int64
+}
+
+type Stat_t struct {
+	Dev     uint32
+	Pad1    [3]uint32
+	Ino     uint64
+	Mode    uint32
+	Nlink   uint32
+	Uid     uint32
+	Gid     uint32
+	Rdev    uint32
+	Pad2    [3]uint32
+	Size    int64
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	Blksize uint32
+	Pad4    uint32
+	Blocks  int64
+}
+
+type Dirent struct {
+	Ino    uint64
+	Off    int64
+	Reclen uint16
+	Type   uint8
+	Name   [256]int8
+	_      [5]byte
+}
+
+type Flock_t struct {
+	Type   int16
+	Whence int16
+	Start  int64
+	Len    int64
+	Pid    int32
+	_      [4]byte
+}
+
+type DmNameList struct {
+	Dev  uint64
+	Next uint32
+	Name [0]byte
+	_    [4]byte
+}
+
+const (
+	FADV_DONTNEED = 0x4
+	FADV_NOREUSE  = 0x5
+)
+
+type RawSockaddr struct {
+	Family uint16
+	Data   [14]int8
+}
+
+type RawSockaddrAny struct {
+	Addr RawSockaddr
+	Pad  [96]int8
+}
+
+type Iovec struct {
+	Base *byte
+	Len  uint64
+}
+
+type Msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Iov        *Iovec
+	Iovlen     uint64
+	Control    *byte
+	Controllen uint64
+	Flags      int32
+	_          [4]byte
+}
+
+type Cmsghdr struct {
+	Len   uint64
+	Level int32
+	Type  int32
+}
+
+const (
+	SizeofIovec   = 0x10
+	SizeofMsghdr  = 0x38
+	SizeofCmsghdr = 0x10
+)
+
+const (
+	SizeofSockFprog = 0x10
+)
+
+type PtraceRegs struct {
+	Regs     [32]uint64
+	Lo       uint64
+	Hi       uint64
+	Epc      uint64
+	Badvaddr uint64
+	Status   uint64
+	Cause    uint64
+}
+
+type FdSet struct {
+	Bits [16]int64
+}
+
+type Sysinfo_t struct {
+	Uptime    int64
+	Loads     [3]uint64
+	Totalram  uint64
+	Freeram   uint64
+	Sharedram uint64
+	Bufferram uint64
+	Totalswap uint64
+	Freeswap  uint64
+	Procs     uint16
+	Pad       uint16
+	Totalhigh uint64
+	Freehigh  uint64
+	Unit      uint32
+	_         [0]int8
+	_         [4]byte
+}
+
+type Ustat_t struct {
+	Tfree  int32
+	Tinode uint64
+	Fname  [6]int8
+	Fpack  [6]int8
+	_      [4]byte
+}
+
+type EpollEvent struct {
+	Events uint32
+	_      int32
+	Fd     int32
+	Pad    int32
+}
+
+const (
+	POLLRDHUP = 0x2000
+)
+
+type Sigset_t struct {
+	Val [16]uint64
+}
+
+const _C__NSIG = 0x80
+
+type Termios struct {
+	Iflag  uint32
+	Oflag  uint32
+	Cflag  uint32
+	Lflag  uint32
+	Line   uint8
+	Cc     [23]uint8
+	Ispeed uint32
+	Ospeed uint32
+}
+
+type Taskstats struct {
+	Version                   uint16
+	Ac_exitcode               uint32
+	Ac_flag                   uint8
+	Ac_nice                   uint8
+	Cpu_count                 uint64
+	Cpu_delay_total           uint64
+	Blkio_count               uint64
+	Blkio_delay_total         uint64
+	Swapin_count              uint64
+	Swapin_delay_total        uint64
+	Cpu_run_real_total        uint64
+	Cpu_run_virtual_total     uint64
+	Ac_comm                   [32]int8
+	Ac_sched                  uint8
+	Ac_pad                    [3]uint8
+	_                         [4]byte
+	Ac_uid                    uint32
+	Ac_gid                    uint32
+	Ac_pid                    uint32
+	Ac_ppid                   uint32
+	Ac_btime                  uint32
+	Ac_etime                  uint64
+	Ac_utime                  uint64
+	Ac_stime                  uint64
+	Ac_minflt                 uint64
+	Ac_majflt                 uint64
+	Coremem                   uint64
+	Virtmem                   uint64
+	Hiwater_rss               uint64
+	Hiwater_vm                uint64
+	Read_char                 uint64
+	Write_char                uint64
+	Read_syscalls             uint64
+	Write_syscalls            uint64
+	Read_bytes                uint64
+	Write_bytes               uint64
+	Cancelled_write_bytes     uint64
+	Nvcsw                     uint64
+	Nivcsw                    uint64
+	Ac_utimescaled            uint64
+	Ac_stimescaled            uint64
+	Cpu_scaled_run_real_total uint64
+	Freepages_count           uint64
+	Freepages_delay_total     uint64
+	Thrashing_count           uint64
+	Thrashing_delay_total     uint64
+	Ac_btime64                uint64
+}
+
+type cpuMask uint64
+
+const (
+	_NCPUBITS = 0x40
+)
+
+const (
+	CBitFieldMaskBit0  = 0x8000000000000000
+	CBitFieldMaskBit1  = 0x4000000000000000
+	CBitFieldMaskBit2  = 0x2000000000000000
+	CBitFieldMaskBit3  = 0x1000000000000000
+	CBitFieldMaskBit4  = 0x800000000000000
+	CBitFieldMaskBit5  = 0x400000000000000
+	CBitFieldMaskBit6  = 0x200000000000000
+	CBitFieldMaskBit7  = 0x100000000000000
+	CBitFieldMaskBit8  = 0x80000000000000
+	CBitFieldMaskBit9  = 0x40000000000000
+	CBitFieldMaskBit10 = 0x20000000000000
+	CBitFieldMaskBit11 = 0x10000000000000
+	CBitFieldMaskBit12 = 0x8000000000000
+	CBitFieldMaskBit13 = 0x4000000000000
+	CBitFieldMaskBit14 = 0x2000000000000
+	CBitFieldMaskBit15 = 0x1000000000000
+	CBitFieldMaskBit16 = 0x800000000000
+	CBitFieldMaskBit17 = 0x400000000000
+	CBitFieldMaskBit18 = 0x200000000000
+	CBitFieldMaskBit19 = 0x100000000000
+	CBitFieldMaskBit20 = 0x80000000000
+	CBitFieldMaskBit21 = 0x40000000000
+	CBitFieldMaskBit22 = 0x20000000000
+	CBitFieldMaskBit23 = 0x10000000000
+	CBitFieldMaskBit24 = 0x8000000000
+	CBitFieldMaskBit25 = 0x4000000000
+	CBitFieldMaskBit26 = 0x2000000000
+	CBitFieldMaskBit27 = 0x1000000000
+	CBitFieldMaskBit28 = 0x800000000
+	CBitFieldMaskBit29 = 0x400000000
+	CBitFieldMaskBit30 = 0x200000000
+	CBitFieldMaskBit31 = 0x100000000
+	CBitFieldMaskBit32 = 0x80000000
+	CBitFieldMaskBit33 = 0x40000000
+	CBitFieldMaskBit34 = 0x20000000
+	CBitFieldMaskBit35 = 0x10000000
+	CBitFieldMaskBit36 = 0x8000000
+	CBitFieldMaskBit37 = 0x4000000
+	CBitFieldMaskBit38 = 0x2000000
+	CBitFieldMaskBit39 = 0x1000000
+	CBitFieldMaskBit40 = 0x800000
+	CBitFieldMaskBit41 = 0x400000
+	CBitFieldMaskBit42 = 0x200000
+	CBitFieldMaskBit43 = 0x100000
+	CBitFieldMaskBit44 = 0x80000
+	CBitFieldMaskBit45 = 0x40000
+	CBitFieldMaskBit46 = 0x20000
+	CBitFieldMaskBit47 = 0x10000
+	CBitFieldMaskBit48 = 0x8000
+	CBitFieldMaskBit49 = 0x4000
+	CBitFieldMaskBit50 = 0x2000
+	CBitFieldMaskBit51 = 0x1000
+	CBitFieldMaskBit52 = 0x800
+	CBitFieldMaskBit53 = 0x400
+	CBitFieldMaskBit54 = 0x200
+	CBitFieldMaskBit55 = 0x100
+	CBitFieldMaskBit56 = 0x80
+	CBitFieldMaskBit57 = 0x40
+	CBitFieldMaskBit58 = 0x20
+	CBitFieldMaskBit59 = 0x10
+	CBitFieldMaskBit60 = 0x8
+	CBitFieldMaskBit61 = 0x4
+	CBitFieldMaskBit62 = 0x2
+	CBitFieldMaskBit63 = 0x1
+)
+
+type SockaddrStorage struct {
+	Family uint16
+	_      [118]int8
+	_      uint64
+}
+
+type HDGeometry struct {
+	Heads     uint8
+	Sectors   uint8
+	Cylinders uint16
+	Start     uint64
+}
+
+type Statfs_t struct {
+	Type    int64
+	Bsize   int64
+	Frsize  int64
+	Blocks  uint64
+	Bfree   uint64
+	Files   uint64
+	Ffree   uint64
+	Bavail  uint64
+	Fsid    Fsid
+	Namelen int64
+	Flags   int64
+	Spare   [5]int64
+}
+
+type TpacketHdr struct {
+	Status  uint64
+	Len     uint32
+	Snaplen uint32
+	Mac     uint16
+	Net     uint16
+	Sec     uint32
+	Usec    uint32
+	_       [4]byte
+}
+
+const (
+	SizeofTpacketHdr = 0x20
+)
+
+type RTCPLLInfo struct {
+	Ctrl    int32
+	Value   int32
+	Max     int32
+	Min     int32
+	Posmult int32
+	Negmult int32
+	Clock   int64
+}
+
+type BlkpgPartition struct {
+	Start   int64
+	Length  int64
+	Pno     int32
+	Devname [64]uint8
+	Volname [64]uint8
+	_       [4]byte
+}
+
+const (
+	BLKPG = 0x20001269
+)
+
+type XDPUmemReg struct {
+	Addr     uint64
+	Len      uint64
+	Size     uint32
+	Headroom uint32
+	Flags    uint32
+	_        [4]byte
+}
+
+type CryptoUserAlg struct {
+	Name        [64]int8
+	Driver_name [64]int8
+	Module_name [64]int8
+	Type        uint32
+	Mask        uint32
+	Refcnt      uint32
+	Flags       uint32
+}
+
+type CryptoStatAEAD struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
+}
+
+type CryptoStatAKCipher struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Verify_cnt   uint64
+	Sign_cnt     uint64
+	Err_cnt      uint64
+}
+
+type CryptoStatCipher struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
+}
+
+type CryptoStatCompress struct {
+	Type            [64]int8
+	Compress_cnt    uint64
+	Compress_tlen   uint64
+	Decompress_cnt  uint64
+	Decompress_tlen uint64
+	Err_cnt         uint64
+}
+
+type CryptoStatHash struct {
+	Type      [64]int8
+	Hash_cnt  uint64
+	Hash_tlen uint64
+	Err_cnt   uint64
+}
+
+type CryptoStatKPP struct {
+	Type                      [64]int8
+	Setsecret_cnt             uint64
+	Generate_public_key_cnt   uint64
+	Compute_shared_secret_cnt uint64
+	Err_cnt                   uint64
+}
+
+type CryptoStatRNG struct {
+	Type          [64]int8
+	Generate_cnt  uint64
+	Generate_tlen uint64
+	Seed_cnt      uint64
+	Err_cnt       uint64
+}
+
+type CryptoStatLarval struct {
+	Type [64]int8
+}
+
+type CryptoReportLarval struct {
+	Type [64]int8
+}
+
+type CryptoReportHash struct {
+	Type       [64]int8
+	Blocksize  uint32
+	Digestsize uint32
+}
+
+type CryptoReportCipher struct {
+	Type        [64]int8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
+}
+
+type CryptoReportBlkCipher struct {
+	Type        [64]int8
+	Geniv       [64]int8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
+	Ivsize      uint32
+}
+
+type CryptoReportAEAD struct {
+	Type        [64]int8
+	Geniv       [64]int8
+	Blocksize   uint32
+	Maxauthsize uint32
+	Ivsize      uint32
+}
+
+type CryptoReportComp struct {
+	Type [64]int8
+}
+
+type CryptoReportRNG struct {
+	Type     [64]int8
+	Seedsize uint32
+}
+
+type CryptoReportAKCipher struct {
+	Type [64]int8
+}
+
+type CryptoReportKPP struct {
+	Type [64]int8
+}
+
+type CryptoReportAcomp struct {
+	Type [64]int8
+}
+
+type LoopInfo struct {
+	Number           int32
+	Device           uint32
+	Inode            uint64
+	Rdevice          uint32
+	Offset           int32
+	Encrypt_type     int32
+	Encrypt_key_size int32
+	Flags            int32
+	Name             [64]int8
+	Encrypt_key      [32]uint8
+	Init             [2]uint64
+	Reserved         [4]int8
+	_                [4]byte
+}
+
+type TIPCSubscr struct {
+	Seq     TIPCServiceRange
+	Timeout uint32
+	Filter  uint32
+	Handle  [8]int8
+}
+
+type TIPCSIOCLNReq struct {
+	Peer     uint32
+	Id       uint32
+	Linkname [68]int8
+}
+
+type TIPCSIOCNodeIDReq struct {
+	Peer uint32
+	Id   [16]int8
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
new file mode 100644
index 000000000..99761aa9a
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
@@ -0,0 +1,603 @@
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include linux/types.go | go run mkpost.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build mips64le,linux
+
+package unix
+
+const (
+	SizeofPtr  = 0x8
+	SizeofLong = 0x8
+)
+
+type (
+	_C_long int64
+)
+
+type Timespec struct {
+	Sec  int64
+	Nsec int64
+}
+
+type Timeval struct {
+	Sec  int64
+	Usec int64
+}
+
+type Timex struct {
+	Modes     uint32
+	Offset    int64
+	Freq      int64
+	Maxerror  int64
+	Esterror  int64
+	Status    int32
+	Constant  int64
+	Precision int64
+	Tolerance int64
+	Time      Timeval
+	Tick      int64
+	Ppsfreq   int64
+	Jitter    int64
+	Shift     int32
+	Stabil    int64
+	Jitcnt    int64
+	Calcnt    int64
+	Errcnt    int64
+	Stbcnt    int64
+	Tai       int32
+	_         [44]byte
+}
+
+type Time_t int64
+
+type Tms struct {
+	Utime  int64
+	Stime  int64
+	Cutime int64
+	Cstime int64
+}
+
+type Utimbuf struct {
+	Actime  int64
+	Modtime int64
+}
+
+type Rusage struct {
+	Utime    Timeval
+	Stime    Timeval
+	Maxrss   int64
+	Ixrss    int64
+	Idrss    int64
+	Isrss    int64
+	Minflt   int64
+	Majflt   int64
+	Nswap    int64
+	Inblock  int64
+	Oublock  int64
+	Msgsnd   int64
+	Msgrcv   int64
+	Nsignals int64
+	Nvcsw    int64
+	Nivcsw   int64
+}
+
+type Stat_t struct {
+	Dev     uint32
+	Pad1    [3]uint32
+	Ino     uint64
+	Mode    uint32
+	Nlink   uint32
+	Uid     uint32
+	Gid     uint32
+	Rdev    uint32
+	Pad2    [3]uint32
+	Size    int64
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	Blksize uint32
+	Pad4    uint32
+	Blocks  int64
+}
+
+type Dirent struct {
+	Ino    uint64
+	Off    int64
+	Reclen uint16
+	Type   uint8
+	Name   [256]int8
+	_      [5]byte
+}
+
+type Flock_t struct {
+	Type   int16
+	Whence int16
+	Start  int64
+	Len    int64
+	Pid    int32
+	_      [4]byte
+}
+
+type DmNameList struct {
+	Dev  uint64
+	Next uint32
+	Name [0]byte
+	_    [4]byte
+}
+
+const (
+	FADV_DONTNEED = 0x4
+	FADV_NOREUSE  = 0x5
+)
+
+type RawSockaddr struct {
+	Family uint16
+	Data   [14]int8
+}
+
+type RawSockaddrAny struct {
+	Addr RawSockaddr
+	Pad  [96]int8
+}
+
+type Iovec struct {
+	Base *byte
+	Len  uint64
+}
+
+type Msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Iov        *Iovec
+	Iovlen     uint64
+	Control    *byte
+	Controllen uint64
+	Flags      int32
+	_          [4]byte
+}
+
+type Cmsghdr struct {
+	Len   uint64
+	Level int32
+	Type  int32
+}
+
+const (
+	SizeofIovec   = 0x10
+	SizeofMsghdr  = 0x38
+	SizeofCmsghdr = 0x10
+)
+
+const (
+	SizeofSockFprog = 0x10
+)
+
+type PtraceRegs struct {
+	Regs     [32]uint64
+	Lo       uint64
+	Hi       uint64
+	Epc      uint64
+	Badvaddr uint64
+	Status   uint64
+	Cause    uint64
+}
+
+type FdSet struct {
+	Bits [16]int64
+}
+
+type Sysinfo_t struct {
+	Uptime    int64
+	Loads     [3]uint64
+	Totalram  uint64
+	Freeram   uint64
+	Sharedram uint64
+	Bufferram uint64
+	Totalswap uint64
+	Freeswap  uint64
+	Procs     uint16
+	Pad       uint16
+	Totalhigh uint64
+	Freehigh  uint64
+	Unit      uint32
+	_         [0]int8
+	_         [4]byte
+}
+
+type Ustat_t struct {
+	Tfree  int32
+	Tinode uint64
+	Fname  [6]int8
+	Fpack  [6]int8
+	_      [4]byte
+}
+
+type EpollEvent struct {
+	Events uint32
+	_      int32
+	Fd     int32
+	Pad    int32
+}
+
+const (
+	POLLRDHUP = 0x2000
+)
+
+type Sigset_t struct {
+	Val [16]uint64
+}
+
+const _C__NSIG = 0x80
+
+type Termios struct {
+	Iflag  uint32
+	Oflag  uint32
+	Cflag  uint32
+	Lflag  uint32
+	Line   uint8
+	Cc     [23]uint8
+	Ispeed uint32
+	Ospeed uint32
+}
+
+type Taskstats struct {
+	Version                   uint16
+	Ac_exitcode               uint32
+	Ac_flag                   uint8
+	Ac_nice                   uint8
+	Cpu_count                 uint64
+	Cpu_delay_total           uint64
+	Blkio_count               uint64
+	Blkio_delay_total         uint64
+	Swapin_count              uint64
+	Swapin_delay_total        uint64
+	Cpu_run_real_total        uint64
+	Cpu_run_virtual_total     uint64
+	Ac_comm                   [32]int8
+	Ac_sched                  uint8
+	Ac_pad                    [3]uint8
+	_                         [4]byte
+	Ac_uid                    uint32
+	Ac_gid                    uint32
+	Ac_pid                    uint32
+	Ac_ppid                   uint32
+	Ac_btime                  uint32
+	Ac_etime                  uint64
+	Ac_utime                  uint64
+	Ac_stime                  uint64
+	Ac_minflt                 uint64
+	Ac_majflt                 uint64
+	Coremem                   uint64
+	Virtmem                   uint64
+	Hiwater_rss               uint64
+	Hiwater_vm                uint64
+	Read_char                 uint64
+	Write_char                uint64
+	Read_syscalls             uint64
+	Write_syscalls            uint64
+	Read_bytes                uint64
+	Write_bytes               uint64
+	Cancelled_write_bytes     uint64
+	Nvcsw                     uint64
+	Nivcsw                    uint64
+	Ac_utimescaled            uint64
+	Ac_stimescaled            uint64
+	Cpu_scaled_run_real_total uint64
+	Freepages_count           uint64
+	Freepages_delay_total     uint64
+	Thrashing_count           uint64
+	Thrashing_delay_total     uint64
+	Ac_btime64                uint64
+}
+
+type cpuMask uint64
+
+const (
+	_NCPUBITS = 0x40
+)
+
+const (
+	CBitFieldMaskBit0  = 0x1
+	CBitFieldMaskBit1  = 0x2
+	CBitFieldMaskBit2  = 0x4
+	CBitFieldMaskBit3  = 0x8
+	CBitFieldMaskBit4  = 0x10
+	CBitFieldMaskBit5  = 0x20
+	CBitFieldMaskBit6  = 0x40
+	CBitFieldMaskBit7  = 0x80
+	CBitFieldMaskBit8  = 0x100
+	CBitFieldMaskBit9  = 0x200
+	CBitFieldMaskBit10 = 0x400
+	CBitFieldMaskBit11 = 0x800
+	CBitFieldMaskBit12 = 0x1000
+	CBitFieldMaskBit13 = 0x2000
+	CBitFieldMaskBit14 = 0x4000
+	CBitFieldMaskBit15 = 0x8000
+	CBitFieldMaskBit16 = 0x10000
+	CBitFieldMaskBit17 = 0x20000
+	CBitFieldMaskBit18 = 0x40000
+	CBitFieldMaskBit19 = 0x80000
+	CBitFieldMaskBit20 = 0x100000
+	CBitFieldMaskBit21 = 0x200000
+	CBitFieldMaskBit22 = 0x400000
+	CBitFieldMaskBit23 = 0x800000
+	CBitFieldMaskBit24 = 0x1000000
+	CBitFieldMaskBit25 = 0x2000000
+	CBitFieldMaskBit26 = 0x4000000
+	CBitFieldMaskBit27 = 0x8000000
+	CBitFieldMaskBit28 = 0x10000000
+	CBitFieldMaskBit29 = 0x20000000
+	CBitFieldMaskBit30 = 0x40000000
+	CBitFieldMaskBit31 = 0x80000000
+	CBitFieldMaskBit32 = 0x100000000
+	CBitFieldMaskBit33 = 0x200000000
+	CBitFieldMaskBit34 = 0x400000000
+	CBitFieldMaskBit35 = 0x800000000
+	CBitFieldMaskBit36 = 0x1000000000
+	CBitFieldMaskBit37 = 0x2000000000
+	CBitFieldMaskBit38 = 0x4000000000
+	CBitFieldMaskBit39 = 0x8000000000
+	CBitFieldMaskBit40 = 0x10000000000
+	CBitFieldMaskBit41 = 0x20000000000
+	CBitFieldMaskBit42 = 0x40000000000
+	CBitFieldMaskBit43 = 0x80000000000
+	CBitFieldMaskBit44 = 0x100000000000
+	CBitFieldMaskBit45 = 0x200000000000
+	CBitFieldMaskBit46 = 0x400000000000
+	CBitFieldMaskBit47 = 0x800000000000
+	CBitFieldMaskBit48 = 0x1000000000000
+	CBitFieldMaskBit49 = 0x2000000000000
+	CBitFieldMaskBit50 = 0x4000000000000
+	CBitFieldMaskBit51 = 0x8000000000000
+	CBitFieldMaskBit52 = 0x10000000000000
+	CBitFieldMaskBit53 = 0x20000000000000
+	CBitFieldMaskBit54 = 0x40000000000000
+	CBitFieldMaskBit55 = 0x80000000000000
+	CBitFieldMaskBit56 = 0x100000000000000
+	CBitFieldMaskBit57 = 0x200000000000000
+	CBitFieldMaskBit58 = 0x400000000000000
+	CBitFieldMaskBit59 = 0x800000000000000
+	CBitFieldMaskBit60 = 0x1000000000000000
+	CBitFieldMaskBit61 = 0x2000000000000000
+	CBitFieldMaskBit62 = 0x4000000000000000
+	CBitFieldMaskBit63 = 0x8000000000000000
+)
+
+type SockaddrStorage struct {
+	Family uint16
+	_      [118]int8
+	_      uint64
+}
+
+type HDGeometry struct {
+	Heads     uint8
+	Sectors   uint8
+	Cylinders uint16
+	Start     uint64
+}
+
+type Statfs_t struct {
+	Type    int64
+	Bsize   int64
+	Frsize  int64
+	Blocks  uint64
+	Bfree   uint64
+	Files   uint64
+	Ffree   uint64
+	Bavail  uint64
+	Fsid    Fsid
+	Namelen int64
+	Flags   int64
+	Spare   [5]int64
+}
+
+type TpacketHdr struct {
+	Status  uint64
+	Len     uint32
+	Snaplen uint32
+	Mac     uint16
+	Net     uint16
+	Sec     uint32
+	Usec    uint32
+	_       [4]byte
+}
+
+const (
+	SizeofTpacketHdr = 0x20
+)
+
+type RTCPLLInfo struct {
+	Ctrl    int32
+	Value   int32
+	Max     int32
+	Min     int32
+	Posmult int32
+	Negmult int32
+	Clock   int64
+}
+
+type BlkpgPartition struct {
+	Start   int64
+	Length  int64
+	Pno     int32
+	Devname [64]uint8
+	Volname [64]uint8
+	_       [4]byte
+}
+
+const (
+	BLKPG = 0x20001269
+)
+
+type XDPUmemReg struct {
+	Addr     uint64
+	Len      uint64
+	Size     uint32
+	Headroom uint32
+	Flags    uint32
+	_        [4]byte
+}
+
+type CryptoUserAlg struct {
+	Name        [64]int8
+	Driver_name [64]int8
+	Module_name [64]int8
+	Type        uint32
+	Mask        uint32
+	Refcnt      uint32
+	Flags       uint32
+}
+
+type CryptoStatAEAD struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
+}
+
+type CryptoStatAKCipher struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Verify_cnt   uint64
+	Sign_cnt     uint64
+	Err_cnt      uint64
+}
+
+type CryptoStatCipher struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
+}
+
+type CryptoStatCompress struct {
+	Type            [64]int8
+	Compress_cnt    uint64
+	Compress_tlen   uint64
+	Decompress_cnt  uint64
+	Decompress_tlen uint64
+	Err_cnt         uint64
+}
+
+type CryptoStatHash struct {
+	Type      [64]int8
+	Hash_cnt  uint64
+	Hash_tlen uint64
+	Err_cnt   uint64
+}
+
+type CryptoStatKPP struct {
+	Type                      [64]int8
+	Setsecret_cnt             uint64
+	Generate_public_key_cnt   uint64
+	Compute_shared_secret_cnt uint64
+	Err_cnt                   uint64
+}
+
+type CryptoStatRNG struct {
+	Type          [64]int8
+	Generate_cnt  uint64
+	Generate_tlen uint64
+	Seed_cnt      uint64
+	Err_cnt       uint64
+}
+
+type CryptoStatLarval struct {
+	Type [64]int8
+}
+
+type CryptoReportLarval struct {
+	Type [64]int8
+}
+
+type CryptoReportHash struct {
+	Type       [64]int8
+	Blocksize  uint32
+	Digestsize uint32
+}
+
+type CryptoReportCipher struct {
+	Type        [64]int8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
+}
+
+type CryptoReportBlkCipher struct {
+	Type        [64]int8
+	Geniv       [64]int8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
+	Ivsize      uint32
+}
+
+type CryptoReportAEAD struct {
+	Type        [64]int8
+	Geniv       [64]int8
+	Blocksize   uint32
+	Maxauthsize uint32
+	Ivsize      uint32
+}
+
+type CryptoReportComp struct {
+	Type [64]int8
+}
+
+type CryptoReportRNG struct {
+	Type     [64]int8
+	Seedsize uint32
+}
+
+type CryptoReportAKCipher struct {
+	Type [64]int8
+}
+
+type CryptoReportKPP struct {
+	Type [64]int8
+}
+
+type CryptoReportAcomp struct {
+	Type [64]int8
+}
+
+type LoopInfo struct {
+	Number           int32
+	Device           uint32
+	Inode            uint64
+	Rdevice          uint32
+	Offset           int32
+	Encrypt_type     int32
+	Encrypt_key_size int32
+	Flags            int32
+	Name             [64]int8
+	Encrypt_key      [32]uint8
+	Init             [2]uint64
+	Reserved         [4]int8
+	_                [4]byte
+}
+
+type TIPCSubscr struct {
+	Seq     TIPCServiceRange
+	Timeout uint32
+	Filter  uint32
+	Handle  [8]int8
+}
+
+type TIPCSIOCLNReq struct {
+	Peer     uint32
+	Id       uint32
+	Linkname [68]int8
+}
+
+type TIPCSIOCNodeIDReq struct {
+	Peer uint32
+	Id   [16]int8
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
new file mode 100644
index 000000000..293690348
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
@@ -0,0 +1,604 @@
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include linux/types.go | go run mkpost.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build mipsle,linux
+
+package unix
+
+const (
+	SizeofPtr  = 0x4
+	SizeofLong = 0x4
+)
+
+type (
+	_C_long int32
+)
+
+type Timespec struct {
+	Sec  int32
+	Nsec int32
+}
+
+type Timeval struct {
+	Sec  int32
+	Usec int32
+}
+
+type Timex struct {
+	Modes     uint32
+	Offset    int32
+	Freq      int32
+	Maxerror  int32
+	Esterror  int32
+	Status    int32
+	Constant  int32
+	Precision int32
+	Tolerance int32
+	Time      Timeval
+	Tick      int32
+	Ppsfreq   int32
+	Jitter    int32
+	Shift     int32
+	Stabil    int32
+	Jitcnt    int32
+	Calcnt    int32
+	Errcnt    int32
+	Stbcnt    int32
+	Tai       int32
+	_         [44]byte
+}
+
+type Time_t int32
+
+type Tms struct {
+	Utime  int32
+	Stime  int32
+	Cutime int32
+	Cstime int32
+}
+
+type Utimbuf struct {
+	Actime  int32
+	Modtime int32
+}
+
+type Rusage struct {
+	Utime    Timeval
+	Stime    Timeval
+	Maxrss   int32
+	Ixrss    int32
+	Idrss    int32
+	Isrss    int32
+	Minflt   int32
+	Majflt   int32
+	Nswap    int32
+	Inblock  int32
+	Oublock  int32
+	Msgsnd   int32
+	Msgrcv   int32
+	Nsignals int32
+	Nvcsw    int32
+	Nivcsw   int32
+}
+
+type Stat_t struct {
+	Dev     uint32
+	Pad1    [3]int32
+	Ino     uint64
+	Mode    uint32
+	Nlink   uint32
+	Uid     uint32
+	Gid     uint32
+	Rdev    uint32
+	Pad2    [3]int32
+	Size    int64
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	Blksize int32
+	Pad4    int32
+	Blocks  int64
+	Pad5    [14]int32
+}
+
+type Dirent struct {
+	Ino    uint64
+	Off    int64
+	Reclen uint16
+	Type   uint8
+	Name   [256]int8
+	_      [5]byte
+}
+
+type Flock_t struct {
+	Type   int16
+	Whence int16
+	_      [4]byte
+	Start  int64
+	Len    int64
+	Pid    int32
+	_      [4]byte
+}
+
+type DmNameList struct {
+	Dev  uint64
+	Next uint32
+	Name [0]byte
+	_    [4]byte
+}
+
+const (
+	FADV_DONTNEED = 0x4
+	FADV_NOREUSE  = 0x5
+)
+
+type RawSockaddr struct {
+	Family uint16
+	Data   [14]int8
+}
+
+type RawSockaddrAny struct {
+	Addr RawSockaddr
+	Pad  [96]int8
+}
+
+type Iovec struct {
+	Base *byte
+	Len  uint32
+}
+
+type Msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Iov        *Iovec
+	Iovlen     uint32
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type Cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+const (
+	SizeofIovec   = 0x8
+	SizeofMsghdr  = 0x1c
+	SizeofCmsghdr = 0xc
+)
+
+const (
+	SizeofSockFprog = 0x8
+)
+
+type PtraceRegs struct {
+	Regs     [32]uint64
+	Lo       uint64
+	Hi       uint64
+	Epc      uint64
+	Badvaddr uint64
+	Status   uint64
+	Cause    uint64
+}
+
+type FdSet struct {
+	Bits [32]int32
+}
+
+type Sysinfo_t struct {
+	Uptime    int32
+	Loads     [3]uint32
+	Totalram  uint32
+	Freeram   uint32
+	Sharedram uint32
+	Bufferram uint32
+	Totalswap uint32
+	Freeswap  uint32
+	Procs     uint16
+	Pad       uint16
+	Totalhigh uint32
+	Freehigh  uint32
+	Unit      uint32
+	_         [8]int8
+}
+
+type Ustat_t struct {
+	Tfree  int32
+	Tinode uint32
+	Fname  [6]int8
+	Fpack  [6]int8
+}
+
+type EpollEvent struct {
+	Events uint32
+	PadFd  int32
+	Fd     int32
+	Pad    int32
+}
+
+const (
+	POLLRDHUP = 0x2000
+)
+
+type Sigset_t struct {
+	Val [32]uint32
+}
+
+const _C__NSIG = 0x80
+
+type Termios struct {
+	Iflag  uint32
+	Oflag  uint32
+	Cflag  uint32
+	Lflag  uint32
+	Line   uint8
+	Cc     [23]uint8
+	Ispeed uint32
+	Ospeed uint32
+}
+
+type Taskstats struct {
+	Version                   uint16
+	Ac_exitcode               uint32
+	Ac_flag                   uint8
+	Ac_nice                   uint8
+	_                         [4]byte
+	Cpu_count                 uint64
+	Cpu_delay_total           uint64
+	Blkio_count               uint64
+	Blkio_delay_total         uint64
+	Swapin_count              uint64
+	Swapin_delay_total        uint64
+	Cpu_run_real_total        uint64
+	Cpu_run_virtual_total     uint64
+	Ac_comm                   [32]int8
+	Ac_sched                  uint8
+	Ac_pad                    [3]uint8
+	_                         [4]byte
+	Ac_uid                    uint32
+	Ac_gid                    uint32
+	Ac_pid                    uint32
+	Ac_ppid                   uint32
+	Ac_btime                  uint32
+	_                         [4]byte
+	Ac_etime                  uint64
+	Ac_utime                  uint64
+	Ac_stime                  uint64
+	Ac_minflt                 uint64
+	Ac_majflt                 uint64
+	Coremem                   uint64
+	Virtmem                   uint64
+	Hiwater_rss               uint64
+	Hiwater_vm                uint64
+	Read_char                 uint64
+	Write_char                uint64
+	Read_syscalls             uint64
+	Write_syscalls            uint64
+	Read_bytes                uint64
+	Write_bytes               uint64
+	Cancelled_write_bytes     uint64
+	Nvcsw                     uint64
+	Nivcsw                    uint64
+	Ac_utimescaled            uint64
+	Ac_stimescaled            uint64
+	Cpu_scaled_run_real_total uint64
+	Freepages_count           uint64
+	Freepages_delay_total     uint64
+	Thrashing_count           uint64
+	Thrashing_delay_total     uint64
+	Ac_btime64                uint64
+}
+
+type cpuMask uint32
+
+const (
+	_NCPUBITS = 0x20
+)
+
+const (
+	CBitFieldMaskBit0  = 0x1
+	CBitFieldMaskBit1  = 0x2
+	CBitFieldMaskBit2  = 0x4
+	CBitFieldMaskBit3  = 0x8
+	CBitFieldMaskBit4  = 0x10
+	CBitFieldMaskBit5  = 0x20
+	CBitFieldMaskBit6  = 0x40
+	CBitFieldMaskBit7  = 0x80
+	CBitFieldMaskBit8  = 0x100
+	CBitFieldMaskBit9  = 0x200
+	CBitFieldMaskBit10 = 0x400
+	CBitFieldMaskBit11 = 0x800
+	CBitFieldMaskBit12 = 0x1000
+	CBitFieldMaskBit13 = 0x2000
+	CBitFieldMaskBit14 = 0x4000
+	CBitFieldMaskBit15 = 0x8000
+	CBitFieldMaskBit16 = 0x10000
+	CBitFieldMaskBit17 = 0x20000
+	CBitFieldMaskBit18 = 0x40000
+	CBitFieldMaskBit19 = 0x80000
+	CBitFieldMaskBit20 = 0x100000
+	CBitFieldMaskBit21 = 0x200000
+	CBitFieldMaskBit22 = 0x400000
+	CBitFieldMaskBit23 = 0x800000
+	CBitFieldMaskBit24 = 0x1000000
+	CBitFieldMaskBit25 = 0x2000000
+	CBitFieldMaskBit26 = 0x4000000
+	CBitFieldMaskBit27 = 0x8000000
+	CBitFieldMaskBit28 = 0x10000000
+	CBitFieldMaskBit29 = 0x20000000
+	CBitFieldMaskBit30 = 0x40000000
+	CBitFieldMaskBit31 = 0x80000000
+	CBitFieldMaskBit32 = 0x100000000
+	CBitFieldMaskBit33 = 0x200000000
+	CBitFieldMaskBit34 = 0x400000000
+	CBitFieldMaskBit35 = 0x800000000
+	CBitFieldMaskBit36 = 0x1000000000
+	CBitFieldMaskBit37 = 0x2000000000
+	CBitFieldMaskBit38 = 0x4000000000
+	CBitFieldMaskBit39 = 0x8000000000
+	CBitFieldMaskBit40 = 0x10000000000
+	CBitFieldMaskBit41 = 0x20000000000
+	CBitFieldMaskBit42 = 0x40000000000
+	CBitFieldMaskBit43 = 0x80000000000
+	CBitFieldMaskBit44 = 0x100000000000
+	CBitFieldMaskBit45 = 0x200000000000
+	CBitFieldMaskBit46 = 0x400000000000
+	CBitFieldMaskBit47 = 0x800000000000
+	CBitFieldMaskBit48 = 0x1000000000000
+	CBitFieldMaskBit49 = 0x2000000000000
+	CBitFieldMaskBit50 = 0x4000000000000
+	CBitFieldMaskBit51 = 0x8000000000000
+	CBitFieldMaskBit52 = 0x10000000000000
+	CBitFieldMaskBit53 = 0x20000000000000
+	CBitFieldMaskBit54 = 0x40000000000000
+	CBitFieldMaskBit55 = 0x80000000000000
+	CBitFieldMaskBit56 = 0x100000000000000
+	CBitFieldMaskBit57 = 0x200000000000000
+	CBitFieldMaskBit58 = 0x400000000000000
+	CBitFieldMaskBit59 = 0x800000000000000
+	CBitFieldMaskBit60 = 0x1000000000000000
+	CBitFieldMaskBit61 = 0x2000000000000000
+	CBitFieldMaskBit62 = 0x4000000000000000
+	CBitFieldMaskBit63 = 0x8000000000000000
+)
+
+type SockaddrStorage struct {
+	Family uint16
+	_      [122]int8
+	_      uint32
+}
+
+type HDGeometry struct {
+	Heads     uint8
+	Sectors   uint8
+	Cylinders uint16
+	Start     uint32
+}
+
+type Statfs_t struct {
+	Type    int32
+	Bsize   int32
+	Frsize  int32
+	_       [4]byte
+	Blocks  uint64
+	Bfree   uint64
+	Files   uint64
+	Ffree   uint64
+	Bavail  uint64
+	Fsid    Fsid
+	Namelen int32
+	Flags   int32
+	Spare   [5]int32
+	_       [4]byte
+}
+
+type TpacketHdr struct {
+	Status  uint32
+	Len     uint32
+	Snaplen uint32
+	Mac     uint16
+	Net     uint16
+	Sec     uint32
+	Usec    uint32
+}
+
+const (
+	SizeofTpacketHdr = 0x18
+)
+
+type RTCPLLInfo struct {
+	Ctrl    int32
+	Value   int32
+	Max     int32
+	Min     int32
+	Posmult int32
+	Negmult int32
+	Clock   int32
+}
+
+type BlkpgPartition struct {
+	Start   int64
+	Length  int64
+	Pno     int32
+	Devname [64]uint8
+	Volname [64]uint8
+	_       [4]byte
+}
+
+const (
+	BLKPG = 0x20001269
+)
+
+type XDPUmemReg struct {
+	Addr     uint64
+	Len      uint64
+	Size     uint32
+	Headroom uint32
+	Flags    uint32
+	_        [4]byte
+}
+
+type CryptoUserAlg struct {
+	Name        [64]int8
+	Driver_name [64]int8
+	Module_name [64]int8
+	Type        uint32
+	Mask        uint32
+	Refcnt      uint32
+	Flags       uint32
+}
+
+type CryptoStatAEAD struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
+}
+
+type CryptoStatAKCipher struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Verify_cnt   uint64
+	Sign_cnt     uint64
+	Err_cnt      uint64
+}
+
+type CryptoStatCipher struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
+}
+
+type CryptoStatCompress struct {
+	Type            [64]int8
+	Compress_cnt    uint64
+	Compress_tlen   uint64
+	Decompress_cnt  uint64
+	Decompress_tlen uint64
+	Err_cnt         uint64
+}
+
+type CryptoStatHash struct {
+	Type      [64]int8
+	Hash_cnt  uint64
+	Hash_tlen uint64
+	Err_cnt   uint64
+}
+
+type CryptoStatKPP struct {
+	Type                      [64]int8
+	Setsecret_cnt             uint64
+	Generate_public_key_cnt   uint64
+	Compute_shared_secret_cnt uint64
+	Err_cnt                   uint64
+}
+
+type CryptoStatRNG struct {
+	Type          [64]int8
+	Generate_cnt  uint64
+	Generate_tlen uint64
+	Seed_cnt      uint64
+	Err_cnt       uint64
+}
+
+type CryptoStatLarval struct {
+	Type [64]int8
+}
+
+type CryptoReportLarval struct {
+	Type [64]int8
+}
+
+type CryptoReportHash struct {
+	Type       [64]int8
+	Blocksize  uint32
+	Digestsize uint32
+}
+
+type CryptoReportCipher struct {
+	Type        [64]int8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
+}
+
+type CryptoReportBlkCipher struct {
+	Type        [64]int8
+	Geniv       [64]int8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
+	Ivsize      uint32
+}
+
+type CryptoReportAEAD struct {
+	Type        [64]int8
+	Geniv       [64]int8
+	Blocksize   uint32
+	Maxauthsize uint32
+	Ivsize      uint32
+}
+
+type CryptoReportComp struct {
+	Type [64]int8
+}
+
+type CryptoReportRNG struct {
+	Type     [64]int8
+	Seedsize uint32
+}
+
+type CryptoReportAKCipher struct {
+	Type [64]int8
+}
+
+type CryptoReportKPP struct {
+	Type [64]int8
+}
+
+type CryptoReportAcomp struct {
+	Type [64]int8
+}
+
+type LoopInfo struct {
+	Number           int32
+	Device           uint32
+	Inode            uint32
+	Rdevice          uint32
+	Offset           int32
+	Encrypt_type     int32
+	Encrypt_key_size int32
+	Flags            int32
+	Name             [64]int8
+	Encrypt_key      [32]uint8
+	Init             [2]uint32
+	Reserved         [4]int8
+}
+
+type TIPCSubscr struct {
+	Seq     TIPCServiceRange
+	Timeout uint32
+	Filter  uint32
+	Handle  [8]int8
+}
+
+type TIPCSIOCLNReq struct {
+	Peer     uint32
+	Id       uint32
+	Linkname [68]int8
+}
+
+type TIPCSIOCNodeIDReq struct {
+	Peer uint32
+	Id   [16]int8
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
new file mode 100644
index 000000000..0ca856e55
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
@@ -0,0 +1,610 @@
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include linux/types.go | go run mkpost.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build ppc64,linux
+
+package unix
+
+const (
+	SizeofPtr  = 0x8
+	SizeofLong = 0x8
+)
+
+type (
+	_C_long int64
+)
+
+type Timespec struct {
+	Sec  int64
+	Nsec int64
+}
+
+type Timeval struct {
+	Sec  int64
+	Usec int64
+}
+
+type Timex struct {
+	Modes     uint32
+	Offset    int64
+	Freq      int64
+	Maxerror  int64
+	Esterror  int64
+	Status    int32
+	Constant  int64
+	Precision int64
+	Tolerance int64
+	Time      Timeval
+	Tick      int64
+	Ppsfreq   int64
+	Jitter    int64
+	Shift     int32
+	Stabil    int64
+	Jitcnt    int64
+	Calcnt    int64
+	Errcnt    int64
+	Stbcnt    int64
+	Tai       int32
+	_         [44]byte
+}
+
+type Time_t int64
+
+type Tms struct {
+	Utime  int64
+	Stime  int64
+	Cutime int64
+	Cstime int64
+}
+
+type Utimbuf struct {
+	Actime  int64
+	Modtime int64
+}
+
+type Rusage struct {
+	Utime    Timeval
+	Stime    Timeval
+	Maxrss   int64
+	Ixrss    int64
+	Idrss    int64
+	Isrss    int64
+	Minflt   int64
+	Majflt   int64
+	Nswap    int64
+	Inblock  int64
+	Oublock  int64
+	Msgsnd   int64
+	Msgrcv   int64
+	Nsignals int64
+	Nvcsw    int64
+	Nivcsw   int64
+}
+
+type Stat_t struct {
+	Dev     uint64
+	Ino     uint64
+	Nlink   uint64
+	Mode    uint32
+	Uid     uint32
+	Gid     uint32
+	_       int32
+	Rdev    uint64
+	Size    int64
+	Blksize int64
+	Blocks  int64
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	_       uint64
+	_       uint64
+	_       uint64
+}
+
+type Dirent struct {
+	Ino    uint64
+	Off    int64
+	Reclen uint16
+	Type   uint8
+	Name   [256]uint8
+	_      [5]byte
+}
+
+type Flock_t struct {
+	Type   int16
+	Whence int16
+	Start  int64
+	Len    int64
+	Pid    int32
+	_      [4]byte
+}
+
+type DmNameList struct {
+	Dev  uint64
+	Next uint32
+	Name [0]byte
+	_    [4]byte
+}
+
+const (
+	FADV_DONTNEED = 0x4
+	FADV_NOREUSE  = 0x5
+)
+
+type RawSockaddr struct {
+	Family uint16
+	Data   [14]uint8
+}
+
+type RawSockaddrAny struct {
+	Addr RawSockaddr
+	Pad  [96]uint8
+}
+
+type Iovec struct {
+	Base *byte
+	Len  uint64
+}
+
+type Msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Iov        *Iovec
+	Iovlen     uint64
+	Control    *byte
+	Controllen uint64
+	Flags      int32
+	_          [4]byte
+}
+
+type Cmsghdr struct {
+	Len   uint64
+	Level int32
+	Type  int32
+}
+
+const (
+	SizeofIovec   = 0x10
+	SizeofMsghdr  = 0x38
+	SizeofCmsghdr = 0x10
+)
+
+const (
+	SizeofSockFprog = 0x10
+)
+
+type PtraceRegs struct {
+	Gpr       [32]uint64
+	Nip       uint64
+	Msr       uint64
+	Orig_gpr3 uint64
+	Ctr       uint64
+	Link      uint64
+	Xer       uint64
+	Ccr       uint64
+	Softe     uint64
+	Trap      uint64
+	Dar       uint64
+	Dsisr     uint64
+	Result    uint64
+}
+
+type FdSet struct {
+	Bits [16]int64
+}
+
+type Sysinfo_t struct {
+	Uptime    int64
+	Loads     [3]uint64
+	Totalram  uint64
+	Freeram   uint64
+	Sharedram uint64
+	Bufferram uint64
+	Totalswap uint64
+	Freeswap  uint64
+	Procs     uint16
+	Pad       uint16
+	Totalhigh uint64
+	Freehigh  uint64
+	Unit      uint32
+	_         [0]uint8
+	_         [4]byte
+}
+
+type Ustat_t struct {
+	Tfree  int32
+	Tinode uint64
+	Fname  [6]uint8
+	Fpack  [6]uint8
+	_      [4]byte
+}
+
+type EpollEvent struct {
+	Events uint32
+	_      int32
+	Fd     int32
+	Pad    int32
+}
+
+const (
+	POLLRDHUP = 0x2000
+)
+
+type Sigset_t struct {
+	Val [16]uint64
+}
+
+const _C__NSIG = 0x41
+
+type Termios struct {
+	Iflag  uint32
+	Oflag  uint32
+	Cflag  uint32
+	Lflag  uint32
+	Cc     [19]uint8
+	Line   uint8
+	Ispeed uint32
+	Ospeed uint32
+}
+
+type Taskstats struct {
+	Version                   uint16
+	Ac_exitcode               uint32
+	Ac_flag                   uint8
+	Ac_nice                   uint8
+	Cpu_count                 uint64
+	Cpu_delay_total           uint64
+	Blkio_count               uint64
+	Blkio_delay_total         uint64
+	Swapin_count              uint64
+	Swapin_delay_total        uint64
+	Cpu_run_real_total        uint64
+	Cpu_run_virtual_total     uint64
+	Ac_comm                   [32]uint8
+	Ac_sched                  uint8
+	Ac_pad                    [3]uint8
+	_                         [4]byte
+	Ac_uid                    uint32
+	Ac_gid                    uint32
+	Ac_pid                    uint32
+	Ac_ppid                   uint32
+	Ac_btime                  uint32
+	Ac_etime                  uint64
+	Ac_utime                  uint64
+	Ac_stime                  uint64
+	Ac_minflt                 uint64
+	Ac_majflt                 uint64
+	Coremem                   uint64
+	Virtmem                   uint64
+	Hiwater_rss               uint64
+	Hiwater_vm                uint64
+	Read_char                 uint64
+	Write_char                uint64
+	Read_syscalls             uint64
+	Write_syscalls            uint64
+	Read_bytes                uint64
+	Write_bytes               uint64
+	Cancelled_write_bytes     uint64
+	Nvcsw                     uint64
+	Nivcsw                    uint64
+	Ac_utimescaled            uint64
+	Ac_stimescaled            uint64
+	Cpu_scaled_run_real_total uint64
+	Freepages_count           uint64
+	Freepages_delay_total     uint64
+	Thrashing_count           uint64
+	Thrashing_delay_total     uint64
+	Ac_btime64                uint64
+}
+
+type cpuMask uint64
+
+const (
+	_NCPUBITS = 0x40
+)
+
+const (
+	CBitFieldMaskBit0  = 0x8000000000000000
+	CBitFieldMaskBit1  = 0x4000000000000000
+	CBitFieldMaskBit2  = 0x2000000000000000
+	CBitFieldMaskBit3  = 0x1000000000000000
+	CBitFieldMaskBit4  = 0x800000000000000
+	CBitFieldMaskBit5  = 0x400000000000000
+	CBitFieldMaskBit6  = 0x200000000000000
+	CBitFieldMaskBit7  = 0x100000000000000
+	CBitFieldMaskBit8  = 0x80000000000000
+	CBitFieldMaskBit9  = 0x40000000000000
+	CBitFieldMaskBit10 = 0x20000000000000
+	CBitFieldMaskBit11 = 0x10000000000000
+	CBitFieldMaskBit12 = 0x8000000000000
+	CBitFieldMaskBit13 = 0x4000000000000
+	CBitFieldMaskBit14 = 0x2000000000000
+	CBitFieldMaskBit15 = 0x1000000000000
+	CBitFieldMaskBit16 = 0x800000000000
+	CBitFieldMaskBit17 = 0x400000000000
+	CBitFieldMaskBit18 = 0x200000000000
+	CBitFieldMaskBit19 = 0x100000000000
+	CBitFieldMaskBit20 = 0x80000000000
+	CBitFieldMaskBit21 = 0x40000000000
+	CBitFieldMaskBit22 = 0x20000000000
+	CBitFieldMaskBit23 = 0x10000000000
+	CBitFieldMaskBit24 = 0x8000000000
+	CBitFieldMaskBit25 = 0x4000000000
+	CBitFieldMaskBit26 = 0x2000000000
+	CBitFieldMaskBit27 = 0x1000000000
+	CBitFieldMaskBit28 = 0x800000000
+	CBitFieldMaskBit29 = 0x400000000
+	CBitFieldMaskBit30 = 0x200000000
+	CBitFieldMaskBit31 = 0x100000000
+	CBitFieldMaskBit32 = 0x80000000
+	CBitFieldMaskBit33 = 0x40000000
+	CBitFieldMaskBit34 = 0x20000000
+	CBitFieldMaskBit35 = 0x10000000
+	CBitFieldMaskBit36 = 0x8000000
+	CBitFieldMaskBit37 = 0x4000000
+	CBitFieldMaskBit38 = 0x2000000
+	CBitFieldMaskBit39 = 0x1000000
+	CBitFieldMaskBit40 = 0x800000
+	CBitFieldMaskBit41 = 0x400000
+	CBitFieldMaskBit42 = 0x200000
+	CBitFieldMaskBit43 = 0x100000
+	CBitFieldMaskBit44 = 0x80000
+	CBitFieldMaskBit45 = 0x40000
+	CBitFieldMaskBit46 = 0x20000
+	CBitFieldMaskBit47 = 0x10000
+	CBitFieldMaskBit48 = 0x8000
+	CBitFieldMaskBit49 = 0x4000
+	CBitFieldMaskBit50 = 0x2000
+	CBitFieldMaskBit51 = 0x1000
+	CBitFieldMaskBit52 = 0x800
+	CBitFieldMaskBit53 = 0x400
+	CBitFieldMaskBit54 = 0x200
+	CBitFieldMaskBit55 = 0x100
+	CBitFieldMaskBit56 = 0x80
+	CBitFieldMaskBit57 = 0x40
+	CBitFieldMaskBit58 = 0x20
+	CBitFieldMaskBit59 = 0x10
+	CBitFieldMaskBit60 = 0x8
+	CBitFieldMaskBit61 = 0x4
+	CBitFieldMaskBit62 = 0x2
+	CBitFieldMaskBit63 = 0x1
+)
+
+type SockaddrStorage struct {
+	Family uint16
+	_      [118]uint8
+	_      uint64
+}
+
+type HDGeometry struct {
+	Heads     uint8
+	Sectors   uint8
+	Cylinders uint16
+	Start     uint64
+}
+
+type Statfs_t struct {
+	Type    int64
+	Bsize   int64
+	Blocks  uint64
+	Bfree   uint64
+	Bavail  uint64
+	Files   uint64
+	Ffree   uint64
+	Fsid    Fsid
+	Namelen int64
+	Frsize  int64
+	Flags   int64
+	Spare   [4]int64
+}
+
+type TpacketHdr struct {
+	Status  uint64
+	Len     uint32
+	Snaplen uint32
+	Mac     uint16
+	Net     uint16
+	Sec     uint32
+	Usec    uint32
+	_       [4]byte
+}
+
+const (
+	SizeofTpacketHdr = 0x20
+)
+
+type RTCPLLInfo struct {
+	Ctrl    int32
+	Value   int32
+	Max     int32
+	Min     int32
+	Posmult int32
+	Negmult int32
+	Clock   int64
+}
+
+type BlkpgPartition struct {
+	Start   int64
+	Length  int64
+	Pno     int32
+	Devname [64]uint8
+	Volname [64]uint8
+	_       [4]byte
+}
+
+const (
+	BLKPG = 0x20001269
+)
+
+type XDPUmemReg struct {
+	Addr     uint64
+	Len      uint64
+	Size     uint32
+	Headroom uint32
+	Flags    uint32
+	_        [4]byte
+}
+
+type CryptoUserAlg struct {
+	Name        [64]uint8
+	Driver_name [64]uint8
+	Module_name [64]uint8
+	Type        uint32
+	Mask        uint32
+	Refcnt      uint32
+	Flags       uint32
+}
+
+type CryptoStatAEAD struct {
+	Type         [64]uint8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
+}
+
+type CryptoStatAKCipher struct {
+	Type         [64]uint8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Verify_cnt   uint64
+	Sign_cnt     uint64
+	Err_cnt      uint64
+}
+
+type CryptoStatCipher struct {
+	Type         [64]uint8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
+}
+
+type CryptoStatCompress struct {
+	Type            [64]uint8
+	Compress_cnt    uint64
+	Compress_tlen   uint64
+	Decompress_cnt  uint64
+	Decompress_tlen uint64
+	Err_cnt         uint64
+}
+
+type CryptoStatHash struct {
+	Type      [64]uint8
+	Hash_cnt  uint64
+	Hash_tlen uint64
+	Err_cnt   uint64
+}
+
+type CryptoStatKPP struct {
+	Type                      [64]uint8
+	Setsecret_cnt             uint64
+	Generate_public_key_cnt   uint64
+	Compute_shared_secret_cnt uint64
+	Err_cnt                   uint64
+}
+
+type CryptoStatRNG struct {
+	Type          [64]uint8
+	Generate_cnt  uint64
+	Generate_tlen uint64
+	Seed_cnt      uint64
+	Err_cnt       uint64
+}
+
+type CryptoStatLarval struct {
+	Type [64]uint8
+}
+
+type CryptoReportLarval struct {
+	Type [64]uint8
+}
+
+type CryptoReportHash struct {
+	Type       [64]uint8
+	Blocksize  uint32
+	Digestsize uint32
+}
+
+type CryptoReportCipher struct {
+	Type        [64]uint8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
+}
+
+type CryptoReportBlkCipher struct {
+	Type        [64]uint8
+	Geniv       [64]uint8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
+	Ivsize      uint32
+}
+
+type CryptoReportAEAD struct {
+	Type        [64]uint8
+	Geniv       [64]uint8
+	Blocksize   uint32
+	Maxauthsize uint32
+	Ivsize      uint32
+}
+
+type CryptoReportComp struct {
+	Type [64]uint8
+}
+
+type CryptoReportRNG struct {
+	Type     [64]uint8
+	Seedsize uint32
+}
+
+type CryptoReportAKCipher struct {
+	Type [64]uint8
+}
+
+type CryptoReportKPP struct {
+	Type [64]uint8
+}
+
+type CryptoReportAcomp struct {
+	Type [64]uint8
+}
+
+type LoopInfo struct {
+	Number           int32
+	Device           uint64
+	Inode            uint64
+	Rdevice          uint64
+	Offset           int32
+	Encrypt_type     int32
+	Encrypt_key_size int32
+	Flags            int32
+	Name             [64]uint8
+	Encrypt_key      [32]uint8
+	Init             [2]uint64
+	Reserved         [4]uint8
+	_                [4]byte
+}
+
+type TIPCSubscr struct {
+	Seq     TIPCServiceRange
+	Timeout uint32
+	Filter  uint32
+	Handle  [8]uint8
+}
+
+type TIPCSIOCLNReq struct {
+	Peer     uint32
+	Id       uint32
+	Linkname [68]uint8
+}
+
+type TIPCSIOCNodeIDReq struct {
+	Peer uint32
+	Id   [16]uint8
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
new file mode 100644
index 000000000..f50f6482e
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
@@ -0,0 +1,610 @@
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include linux/types.go | go run mkpost.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build ppc64le,linux
+
+package unix
+
+const (
+	SizeofPtr  = 0x8
+	SizeofLong = 0x8
+)
+
+type (
+	_C_long int64
+)
+
+type Timespec struct {
+	Sec  int64
+	Nsec int64
+}
+
+type Timeval struct {
+	Sec  int64
+	Usec int64
+}
+
+type Timex struct {
+	Modes     uint32
+	Offset    int64
+	Freq      int64
+	Maxerror  int64
+	Esterror  int64
+	Status    int32
+	Constant  int64
+	Precision int64
+	Tolerance int64
+	Time      Timeval
+	Tick      int64
+	Ppsfreq   int64
+	Jitter    int64
+	Shift     int32
+	Stabil    int64
+	Jitcnt    int64
+	Calcnt    int64
+	Errcnt    int64
+	Stbcnt    int64
+	Tai       int32
+	_         [44]byte
+}
+
+type Time_t int64
+
+type Tms struct {
+	Utime  int64
+	Stime  int64
+	Cutime int64
+	Cstime int64
+}
+
+type Utimbuf struct {
+	Actime  int64
+	Modtime int64
+}
+
+type Rusage struct {
+	Utime    Timeval
+	Stime    Timeval
+	Maxrss   int64
+	Ixrss    int64
+	Idrss    int64
+	Isrss    int64
+	Minflt   int64
+	Majflt   int64
+	Nswap    int64
+	Inblock  int64
+	Oublock  int64
+	Msgsnd   int64
+	Msgrcv   int64
+	Nsignals int64
+	Nvcsw    int64
+	Nivcsw   int64
+}
+
+type Stat_t struct {
+	Dev     uint64
+	Ino     uint64
+	Nlink   uint64
+	Mode    uint32
+	Uid     uint32
+	Gid     uint32
+	_       int32
+	Rdev    uint64
+	Size    int64
+	Blksize int64
+	Blocks  int64
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	_       uint64
+	_       uint64
+	_       uint64
+}
+
+type Dirent struct {
+	Ino    uint64
+	Off    int64
+	Reclen uint16
+	Type   uint8
+	Name   [256]uint8
+	_      [5]byte
+}
+
+type Flock_t struct {
+	Type   int16
+	Whence int16
+	Start  int64
+	Len    int64
+	Pid    int32
+	_      [4]byte
+}
+
+type DmNameList struct {
+	Dev  uint64
+	Next uint32
+	Name [0]byte
+	_    [4]byte
+}
+
+const (
+	FADV_DONTNEED = 0x4
+	FADV_NOREUSE  = 0x5
+)
+
+type RawSockaddr struct {
+	Family uint16
+	Data   [14]uint8
+}
+
+type RawSockaddrAny struct {
+	Addr RawSockaddr
+	Pad  [96]uint8
+}
+
+type Iovec struct {
+	Base *byte
+	Len  uint64
+}
+
+type Msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Iov        *Iovec
+	Iovlen     uint64
+	Control    *byte
+	Controllen uint64
+	Flags      int32
+	_          [4]byte
+}
+
+type Cmsghdr struct {
+	Len   uint64
+	Level int32
+	Type  int32
+}
+
+const (
+	SizeofIovec   = 0x10
+	SizeofMsghdr  = 0x38
+	SizeofCmsghdr = 0x10
+)
+
+const (
+	SizeofSockFprog = 0x10
+)
+
+type PtraceRegs struct {
+	Gpr       [32]uint64
+	Nip       uint64
+	Msr       uint64
+	Orig_gpr3 uint64
+	Ctr       uint64
+	Link      uint64
+	Xer       uint64
+	Ccr       uint64
+	Softe     uint64
+	Trap      uint64
+	Dar       uint64
+	Dsisr     uint64
+	Result    uint64
+}
+
+type FdSet struct {
+	Bits [16]int64
+}
+
+type Sysinfo_t struct {
+	Uptime    int64
+	Loads     [3]uint64
+	Totalram  uint64
+	Freeram   uint64
+	Sharedram uint64
+	Bufferram uint64
+	Totalswap uint64
+	Freeswap  uint64
+	Procs     uint16
+	Pad       uint16
+	Totalhigh uint64
+	Freehigh  uint64
+	Unit      uint32
+	_         [0]uint8
+	_         [4]byte
+}
+
+type Ustat_t struct {
+	Tfree  int32
+	Tinode uint64
+	Fname  [6]uint8
+	Fpack  [6]uint8
+	_      [4]byte
+}
+
+type EpollEvent struct {
+	Events uint32
+	_      int32
+	Fd     int32
+	Pad    int32
+}
+
+const (
+	POLLRDHUP = 0x2000
+)
+
+type Sigset_t struct {
+	Val [16]uint64
+}
+
+const _C__NSIG = 0x41
+
+type Termios struct {
+	Iflag  uint32
+	Oflag  uint32
+	Cflag  uint32
+	Lflag  uint32
+	Cc     [19]uint8
+	Line   uint8
+	Ispeed uint32
+	Ospeed uint32
+}
+
+type Taskstats struct {
+	Version                   uint16
+	Ac_exitcode               uint32
+	Ac_flag                   uint8
+	Ac_nice                   uint8
+	Cpu_count                 uint64
+	Cpu_delay_total           uint64
+	Blkio_count               uint64
+	Blkio_delay_total         uint64
+	Swapin_count              uint64
+	Swapin_delay_total        uint64
+	Cpu_run_real_total        uint64
+	Cpu_run_virtual_total     uint64
+	Ac_comm                   [32]uint8
+	Ac_sched                  uint8
+	Ac_pad                    [3]uint8
+	_                         [4]byte
+	Ac_uid                    uint32
+	Ac_gid                    uint32
+	Ac_pid                    uint32
+	Ac_ppid                   uint32
+	Ac_btime                  uint32
+	Ac_etime                  uint64
+	Ac_utime                  uint64
+	Ac_stime                  uint64
+	Ac_minflt                 uint64
+	Ac_majflt                 uint64
+	Coremem                   uint64
+	Virtmem                   uint64
+	Hiwater_rss               uint64
+	Hiwater_vm                uint64
+	Read_char                 uint64
+	Write_char                uint64
+	Read_syscalls             uint64
+	Write_syscalls            uint64
+	Read_bytes                uint64
+	Write_bytes               uint64
+	Cancelled_write_bytes     uint64
+	Nvcsw                     uint64
+	Nivcsw                    uint64
+	Ac_utimescaled            uint64
+	Ac_stimescaled            uint64
+	Cpu_scaled_run_real_total uint64
+	Freepages_count           uint64
+	Freepages_delay_total     uint64
+	Thrashing_count           uint64
+	Thrashing_delay_total     uint64
+	Ac_btime64                uint64
+}
+
+type cpuMask uint64
+
+const (
+	_NCPUBITS = 0x40
+)
+
+const (
+	CBitFieldMaskBit0  = 0x1
+	CBitFieldMaskBit1  = 0x2
+	CBitFieldMaskBit2  = 0x4
+	CBitFieldMaskBit3  = 0x8
+	CBitFieldMaskBit4  = 0x10
+	CBitFieldMaskBit5  = 0x20
+	CBitFieldMaskBit6  = 0x40
+	CBitFieldMaskBit7  = 0x80
+	CBitFieldMaskBit8  = 0x100
+	CBitFieldMaskBit9  = 0x200
+	CBitFieldMaskBit10 = 0x400
+	CBitFieldMaskBit11 = 0x800
+	CBitFieldMaskBit12 = 0x1000
+	CBitFieldMaskBit13 = 0x2000
+	CBitFieldMaskBit14 = 0x4000
+	CBitFieldMaskBit15 = 0x8000
+	CBitFieldMaskBit16 = 0x10000
+	CBitFieldMaskBit17 = 0x20000
+	CBitFieldMaskBit18 = 0x40000
+	CBitFieldMaskBit19 = 0x80000
+	CBitFieldMaskBit20 = 0x100000
+	CBitFieldMaskBit21 = 0x200000
+	CBitFieldMaskBit22 = 0x400000
+	CBitFieldMaskBit23 = 0x800000
+	CBitFieldMaskBit24 = 0x1000000
+	CBitFieldMaskBit25 = 0x2000000
+	CBitFieldMaskBit26 = 0x4000000
+	CBitFieldMaskBit27 = 0x8000000
+	CBitFieldMaskBit28 = 0x10000000
+	CBitFieldMaskBit29 = 0x20000000
+	CBitFieldMaskBit30 = 0x40000000
+	CBitFieldMaskBit31 = 0x80000000
+	CBitFieldMaskBit32 = 0x100000000
+	CBitFieldMaskBit33 = 0x200000000
+	CBitFieldMaskBit34 = 0x400000000
+	CBitFieldMaskBit35 = 0x800000000
+	CBitFieldMaskBit36 = 0x1000000000
+	CBitFieldMaskBit37 = 0x2000000000
+	CBitFieldMaskBit38 = 0x4000000000
+	CBitFieldMaskBit39 = 0x8000000000
+	CBitFieldMaskBit40 = 0x10000000000
+	CBitFieldMaskBit41 = 0x20000000000
+	CBitFieldMaskBit42 = 0x40000000000
+	CBitFieldMaskBit43 = 0x80000000000
+	CBitFieldMaskBit44 = 0x100000000000
+	CBitFieldMaskBit45 = 0x200000000000
+	CBitFieldMaskBit46 = 0x400000000000
+	CBitFieldMaskBit47 = 0x800000000000
+	CBitFieldMaskBit48 = 0x1000000000000
+	CBitFieldMaskBit49 = 0x2000000000000
+	CBitFieldMaskBit50 = 0x4000000000000
+	CBitFieldMaskBit51 = 0x8000000000000
+	CBitFieldMaskBit52 = 0x10000000000000
+	CBitFieldMaskBit53 = 0x20000000000000
+	CBitFieldMaskBit54 = 0x40000000000000
+	CBitFieldMaskBit55 = 0x80000000000000
+	CBitFieldMaskBit56 = 0x100000000000000
+	CBitFieldMaskBit57 = 0x200000000000000
+	CBitFieldMaskBit58 = 0x400000000000000
+	CBitFieldMaskBit59 = 0x800000000000000
+	CBitFieldMaskBit60 = 0x1000000000000000
+	CBitFieldMaskBit61 = 0x2000000000000000
+	CBitFieldMaskBit62 = 0x4000000000000000
+	CBitFieldMaskBit63 = 0x8000000000000000
+)
+
+type SockaddrStorage struct {
+	Family uint16
+	_      [118]uint8
+	_      uint64
+}
+
+type HDGeometry struct {
+	Heads     uint8
+	Sectors   uint8
+	Cylinders uint16
+	Start     uint64
+}
+
+type Statfs_t struct {
+	Type    int64
+	Bsize   int64
+	Blocks  uint64
+	Bfree   uint64
+	Bavail  uint64
+	Files   uint64
+	Ffree   uint64
+	Fsid    Fsid
+	Namelen int64
+	Frsize  int64
+	Flags   int64
+	Spare   [4]int64
+}
+
+type TpacketHdr struct {
+	Status  uint64
+	Len     uint32
+	Snaplen uint32
+	Mac     uint16
+	Net     uint16
+	Sec     uint32
+	Usec    uint32
+	_       [4]byte
+}
+
+const (
+	SizeofTpacketHdr = 0x20
+)
+
+type RTCPLLInfo struct {
+	Ctrl    int32
+	Value   int32
+	Max     int32
+	Min     int32
+	Posmult int32
+	Negmult int32
+	Clock   int64
+}
+
+type BlkpgPartition struct {
+	Start   int64
+	Length  int64
+	Pno     int32
+	Devname [64]uint8
+	Volname [64]uint8
+	_       [4]byte
+}
+
+const (
+	BLKPG = 0x20001269
+)
+
+type XDPUmemReg struct {
+	Addr     uint64
+	Len      uint64
+	Size     uint32
+	Headroom uint32
+	Flags    uint32
+	_        [4]byte
+}
+
+type CryptoUserAlg struct {
+	Name        [64]uint8
+	Driver_name [64]uint8
+	Module_name [64]uint8
+	Type        uint32
+	Mask        uint32
+	Refcnt      uint32
+	Flags       uint32
+}
+
+type CryptoStatAEAD struct {
+	Type         [64]uint8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
+}
+
+type CryptoStatAKCipher struct {
+	Type         [64]uint8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Verify_cnt   uint64
+	Sign_cnt     uint64
+	Err_cnt      uint64
+}
+
+type CryptoStatCipher struct {
+	Type         [64]uint8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
+}
+
+type CryptoStatCompress struct {
+	Type            [64]uint8
+	Compress_cnt    uint64
+	Compress_tlen   uint64
+	Decompress_cnt  uint64
+	Decompress_tlen uint64
+	Err_cnt         uint64
+}
+
+type CryptoStatHash struct {
+	Type      [64]uint8
+	Hash_cnt  uint64
+	Hash_tlen uint64
+	Err_cnt   uint64
+}
+
+type CryptoStatKPP struct {
+	Type                      [64]uint8
+	Setsecret_cnt             uint64
+	Generate_public_key_cnt   uint64
+	Compute_shared_secret_cnt uint64
+	Err_cnt                   uint64
+}
+
+type CryptoStatRNG struct {
+	Type          [64]uint8
+	Generate_cnt  uint64
+	Generate_tlen uint64
+	Seed_cnt      uint64
+	Err_cnt       uint64
+}
+
+type CryptoStatLarval struct {
+	Type [64]uint8
+}
+
+type CryptoReportLarval struct {
+	Type [64]uint8
+}
+
+type CryptoReportHash struct {
+	Type       [64]uint8
+	Blocksize  uint32
+	Digestsize uint32
+}
+
+type CryptoReportCipher struct {
+	Type        [64]uint8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
+}
+
+type CryptoReportBlkCipher struct {
+	Type        [64]uint8
+	Geniv       [64]uint8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
+	Ivsize      uint32
+}
+
+type CryptoReportAEAD struct {
+	Type        [64]uint8
+	Geniv       [64]uint8
+	Blocksize   uint32
+	Maxauthsize uint32
+	Ivsize      uint32
+}
+
+type CryptoReportComp struct {
+	Type [64]uint8
+}
+
+type CryptoReportRNG struct {
+	Type     [64]uint8
+	Seedsize uint32
+}
+
+type CryptoReportAKCipher struct {
+	Type [64]uint8
+}
+
+type CryptoReportKPP struct {
+	Type [64]uint8
+}
+
+type CryptoReportAcomp struct {
+	Type [64]uint8
+}
+
+type LoopInfo struct {
+	Number           int32
+	Device           uint64
+	Inode            uint64
+	Rdevice          uint64
+	Offset           int32
+	Encrypt_type     int32
+	Encrypt_key_size int32
+	Flags            int32
+	Name             [64]uint8
+	Encrypt_key      [32]uint8
+	Init             [2]uint64
+	Reserved         [4]uint8
+	_                [4]byte
+}
+
+type TIPCSubscr struct {
+	Seq     TIPCServiceRange
+	Timeout uint32
+	Filter  uint32
+	Handle  [8]uint8
+}
+
+type TIPCSIOCLNReq struct {
+	Peer     uint32
+	Id       uint32
+	Linkname [68]uint8
+}
+
+type TIPCSIOCNodeIDReq struct {
+	Peer uint32
+	Id   [16]uint8
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
new file mode 100644
index 000000000..4d3ac8d7b
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
@@ -0,0 +1,628 @@
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include linux/types.go | go run mkpost.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build riscv64,linux
+
+package unix
+
+const (
+	SizeofPtr  = 0x8
+	SizeofLong = 0x8
+)
+
+type (
+	_C_long int64
+)
+
+type Timespec struct {
+	Sec  int64
+	Nsec int64
+}
+
+type Timeval struct {
+	Sec  int64
+	Usec int64
+}
+
+type Timex struct {
+	Modes     uint32
+	Offset    int64
+	Freq      int64
+	Maxerror  int64
+	Esterror  int64
+	Status    int32
+	Constant  int64
+	Precision int64
+	Tolerance int64
+	Time      Timeval
+	Tick      int64
+	Ppsfreq   int64
+	Jitter    int64
+	Shift     int32
+	Stabil    int64
+	Jitcnt    int64
+	Calcnt    int64
+	Errcnt    int64
+	Stbcnt    int64
+	Tai       int32
+	_         [44]byte
+}
+
+type Time_t int64
+
+type Tms struct {
+	Utime  int64
+	Stime  int64
+	Cutime int64
+	Cstime int64
+}
+
+type Utimbuf struct {
+	Actime  int64
+	Modtime int64
+}
+
+type Rusage struct {
+	Utime    Timeval
+	Stime    Timeval
+	Maxrss   int64
+	Ixrss    int64
+	Idrss    int64
+	Isrss    int64
+	Minflt   int64
+	Majflt   int64
+	Nswap    int64
+	Inblock  int64
+	Oublock  int64
+	Msgsnd   int64
+	Msgrcv   int64
+	Nsignals int64
+	Nvcsw    int64
+	Nivcsw   int64
+}
+
+type Stat_t struct {
+	Dev     uint64
+	Ino     uint64
+	Mode    uint32
+	Nlink   uint32
+	Uid     uint32
+	Gid     uint32
+	Rdev    uint64
+	_       uint64
+	Size    int64
+	Blksize int32
+	_       int32
+	Blocks  int64
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	_       [2]int32
+}
+
+type Dirent struct {
+	Ino    uint64
+	Off    int64
+	Reclen uint16
+	Type   uint8
+	Name   [256]uint8
+	_      [5]byte
+}
+
+type Flock_t struct {
+	Type   int16
+	Whence int16
+	Start  int64
+	Len    int64
+	Pid    int32
+	_      [4]byte
+}
+
+type DmNameList struct {
+	Dev  uint64
+	Next uint32
+	Name [0]byte
+	_    [4]byte
+}
+
+const (
+	FADV_DONTNEED = 0x4
+	FADV_NOREUSE  = 0x5
+)
+
+type RawSockaddr struct {
+	Family uint16
+	Data   [14]uint8
+}
+
+type RawSockaddrAny struct {
+	Addr RawSockaddr
+	Pad  [96]uint8
+}
+
+type Iovec struct {
+	Base *byte
+	Len  uint64
+}
+
+type Msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Iov        *Iovec
+	Iovlen     uint64
+	Control    *byte
+	Controllen uint64
+	Flags      int32
+	_          [4]byte
+}
+
+type Cmsghdr struct {
+	Len   uint64
+	Level int32
+	Type  int32
+}
+
+const (
+	SizeofIovec   = 0x10
+	SizeofMsghdr  = 0x38
+	SizeofCmsghdr = 0x10
+)
+
+const (
+	SizeofSockFprog = 0x10
+)
+
+type PtraceRegs struct {
+	Pc  uint64
+	Ra  uint64
+	Sp  uint64
+	Gp  uint64
+	Tp  uint64
+	T0  uint64
+	T1  uint64
+	T2  uint64
+	S0  uint64
+	S1  uint64
+	A0  uint64
+	A1  uint64
+	A2  uint64
+	A3  uint64
+	A4  uint64
+	A5  uint64
+	A6  uint64
+	A7  uint64
+	S2  uint64
+	S3  uint64
+	S4  uint64
+	S5  uint64
+	S6  uint64
+	S7  uint64
+	S8  uint64
+	S9  uint64
+	S10 uint64
+	S11 uint64
+	T3  uint64
+	T4  uint64
+	T5  uint64
+	T6  uint64
+}
+
+type FdSet struct {
+	Bits [16]int64
+}
+
+type Sysinfo_t struct {
+	Uptime    int64
+	Loads     [3]uint64
+	Totalram  uint64
+	Freeram   uint64
+	Sharedram uint64
+	Bufferram uint64
+	Totalswap uint64
+	Freeswap  uint64
+	Procs     uint16
+	Pad       uint16
+	Totalhigh uint64
+	Freehigh  uint64
+	Unit      uint32
+	_         [0]uint8
+	_         [4]byte
+}
+
+type Ustat_t struct {
+	Tfree  int32
+	Tinode uint64
+	Fname  [6]uint8
+	Fpack  [6]uint8
+	_      [4]byte
+}
+
+type EpollEvent struct {
+	Events uint32
+	_      int32
+	Fd     int32
+	Pad    int32
+}
+
+const (
+	POLLRDHUP = 0x2000
+)
+
+type Sigset_t struct {
+	Val [16]uint64
+}
+
+const _C__NSIG = 0x41
+
+type Termios struct {
+	Iflag  uint32
+	Oflag  uint32
+	Cflag  uint32
+	Lflag  uint32
+	Line   uint8
+	Cc     [19]uint8
+	Ispeed uint32
+	Ospeed uint32
+}
+
+type Taskstats struct {
+	Version                   uint16
+	Ac_exitcode               uint32
+	Ac_flag                   uint8
+	Ac_nice                   uint8
+	Cpu_count                 uint64
+	Cpu_delay_total           uint64
+	Blkio_count               uint64
+	Blkio_delay_total         uint64
+	Swapin_count              uint64
+	Swapin_delay_total        uint64
+	Cpu_run_real_total        uint64
+	Cpu_run_virtual_total     uint64
+	Ac_comm                   [32]uint8
+	Ac_sched                  uint8
+	Ac_pad                    [3]uint8
+	_                         [4]byte
+	Ac_uid                    uint32
+	Ac_gid                    uint32
+	Ac_pid                    uint32
+	Ac_ppid                   uint32
+	Ac_btime                  uint32
+	Ac_etime                  uint64
+	Ac_utime                  uint64
+	Ac_stime                  uint64
+	Ac_minflt                 uint64
+	Ac_majflt                 uint64
+	Coremem                   uint64
+	Virtmem                   uint64
+	Hiwater_rss               uint64
+	Hiwater_vm                uint64
+	Read_char                 uint64
+	Write_char                uint64
+	Read_syscalls             uint64
+	Write_syscalls            uint64
+	Read_bytes                uint64
+	Write_bytes               uint64
+	Cancelled_write_bytes     uint64
+	Nvcsw                     uint64
+	Nivcsw                    uint64
+	Ac_utimescaled            uint64
+	Ac_stimescaled            uint64
+	Cpu_scaled_run_real_total uint64
+	Freepages_count           uint64
+	Freepages_delay_total     uint64
+	Thrashing_count           uint64
+	Thrashing_delay_total     uint64
+	Ac_btime64                uint64
+}
+
+type cpuMask uint64
+
+const (
+	_NCPUBITS = 0x40
+)
+
+const (
+	CBitFieldMaskBit0  = 0x1
+	CBitFieldMaskBit1  = 0x2
+	CBitFieldMaskBit2  = 0x4
+	CBitFieldMaskBit3  = 0x8
+	CBitFieldMaskBit4  = 0x10
+	CBitFieldMaskBit5  = 0x20
+	CBitFieldMaskBit6  = 0x40
+	CBitFieldMaskBit7  = 0x80
+	CBitFieldMaskBit8  = 0x100
+	CBitFieldMaskBit9  = 0x200
+	CBitFieldMaskBit10 = 0x400
+	CBitFieldMaskBit11 = 0x800
+	CBitFieldMaskBit12 = 0x1000
+	CBitFieldMaskBit13 = 0x2000
+	CBitFieldMaskBit14 = 0x4000
+	CBitFieldMaskBit15 = 0x8000
+	CBitFieldMaskBit16 = 0x10000
+	CBitFieldMaskBit17 = 0x20000
+	CBitFieldMaskBit18 = 0x40000
+	CBitFieldMaskBit19 = 0x80000
+	CBitFieldMaskBit20 = 0x100000
+	CBitFieldMaskBit21 = 0x200000
+	CBitFieldMaskBit22 = 0x400000
+	CBitFieldMaskBit23 = 0x800000
+	CBitFieldMaskBit24 = 0x1000000
+	CBitFieldMaskBit25 = 0x2000000
+	CBitFieldMaskBit26 = 0x4000000
+	CBitFieldMaskBit27 = 0x8000000
+	CBitFieldMaskBit28 = 0x10000000
+	CBitFieldMaskBit29 = 0x20000000
+	CBitFieldMaskBit30 = 0x40000000
+	CBitFieldMaskBit31 = 0x80000000
+	CBitFieldMaskBit32 = 0x100000000
+	CBitFieldMaskBit33 = 0x200000000
+	CBitFieldMaskBit34 = 0x400000000
+	CBitFieldMaskBit35 = 0x800000000
+	CBitFieldMaskBit36 = 0x1000000000
+	CBitFieldMaskBit37 = 0x2000000000
+	CBitFieldMaskBit38 = 0x4000000000
+	CBitFieldMaskBit39 = 0x8000000000
+	CBitFieldMaskBit40 = 0x10000000000
+	CBitFieldMaskBit41 = 0x20000000000
+	CBitFieldMaskBit42 = 0x40000000000
+	CBitFieldMaskBit43 = 0x80000000000
+	CBitFieldMaskBit44 = 0x100000000000
+	CBitFieldMaskBit45 = 0x200000000000
+	CBitFieldMaskBit46 = 0x400000000000
+	CBitFieldMaskBit47 = 0x800000000000
+	CBitFieldMaskBit48 = 0x1000000000000
+	CBitFieldMaskBit49 = 0x2000000000000
+	CBitFieldMaskBit50 = 0x4000000000000
+	CBitFieldMaskBit51 = 0x8000000000000
+	CBitFieldMaskBit52 = 0x10000000000000
+	CBitFieldMaskBit53 = 0x20000000000000
+	CBitFieldMaskBit54 = 0x40000000000000
+	CBitFieldMaskBit55 = 0x80000000000000
+	CBitFieldMaskBit56 = 0x100000000000000
+	CBitFieldMaskBit57 = 0x200000000000000
+	CBitFieldMaskBit58 = 0x400000000000000
+	CBitFieldMaskBit59 = 0x800000000000000
+	CBitFieldMaskBit60 = 0x1000000000000000
+	CBitFieldMaskBit61 = 0x2000000000000000
+	CBitFieldMaskBit62 = 0x4000000000000000
+	CBitFieldMaskBit63 = 0x8000000000000000
+)
+
+type SockaddrStorage struct {
+	Family uint16
+	_      [118]uint8
+	_      uint64
+}
+
+type HDGeometry struct {
+	Heads     uint8
+	Sectors   uint8
+	Cylinders uint16
+	Start     uint64
+}
+
+type Statfs_t struct {
+	Type    int64
+	Bsize   int64
+	Blocks  uint64
+	Bfree   uint64
+	Bavail  uint64
+	Files   uint64
+	Ffree   uint64
+	Fsid    Fsid
+	Namelen int64
+	Frsize  int64
+	Flags   int64
+	Spare   [4]int64
+}
+
+type TpacketHdr struct {
+	Status  uint64
+	Len     uint32
+	Snaplen uint32
+	Mac     uint16
+	Net     uint16
+	Sec     uint32
+	Usec    uint32
+	_       [4]byte
+}
+
+const (
+	SizeofTpacketHdr = 0x20
+)
+
+type RTCPLLInfo struct {
+	Ctrl    int32
+	Value   int32
+	Max     int32
+	Min     int32
+	Posmult int32
+	Negmult int32
+	Clock   int64
+}
+
+type BlkpgPartition struct {
+	Start   int64
+	Length  int64
+	Pno     int32
+	Devname [64]uint8
+	Volname [64]uint8
+	_       [4]byte
+}
+
+const (
+	BLKPG = 0x1269
+)
+
+type XDPUmemReg struct {
+	Addr     uint64
+	Len      uint64
+	Size     uint32
+	Headroom uint32
+	Flags    uint32
+	_        [4]byte
+}
+
+type CryptoUserAlg struct {
+	Name        [64]uint8
+	Driver_name [64]uint8
+	Module_name [64]uint8
+	Type        uint32
+	Mask        uint32
+	Refcnt      uint32
+	Flags       uint32
+}
+
+type CryptoStatAEAD struct {
+	Type         [64]uint8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
+}
+
+type CryptoStatAKCipher struct {
+	Type         [64]uint8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Verify_cnt   uint64
+	Sign_cnt     uint64
+	Err_cnt      uint64
+}
+
+type CryptoStatCipher struct {
+	Type         [64]uint8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
+}
+
+type CryptoStatCompress struct {
+	Type            [64]uint8
+	Compress_cnt    uint64
+	Compress_tlen   uint64
+	Decompress_cnt  uint64
+	Decompress_tlen uint64
+	Err_cnt         uint64
+}
+
+type CryptoStatHash struct {
+	Type      [64]uint8
+	Hash_cnt  uint64
+	Hash_tlen uint64
+	Err_cnt   uint64
+}
+
+type CryptoStatKPP struct {
+	Type                      [64]uint8
+	Setsecret_cnt             uint64
+	Generate_public_key_cnt   uint64
+	Compute_shared_secret_cnt uint64
+	Err_cnt                   uint64
+}
+
+type CryptoStatRNG struct {
+	Type          [64]uint8
+	Generate_cnt  uint64
+	Generate_tlen uint64
+	Seed_cnt      uint64
+	Err_cnt       uint64
+}
+
+type CryptoStatLarval struct {
+	Type [64]uint8
+}
+
+type CryptoReportLarval struct {
+	Type [64]uint8
+}
+
+type CryptoReportHash struct {
+	Type       [64]uint8
+	Blocksize  uint32
+	Digestsize uint32
+}
+
+type CryptoReportCipher struct {
+	Type        [64]uint8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
+}
+
+type CryptoReportBlkCipher struct {
+	Type        [64]uint8
+	Geniv       [64]uint8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
+	Ivsize      uint32
+}
+
+type CryptoReportAEAD struct {
+	Type        [64]uint8
+	Geniv       [64]uint8
+	Blocksize   uint32
+	Maxauthsize uint32
+	Ivsize      uint32
+}
+
+type CryptoReportComp struct {
+	Type [64]uint8
+}
+
+type CryptoReportRNG struct {
+	Type     [64]uint8
+	Seedsize uint32
+}
+
+type CryptoReportAKCipher struct {
+	Type [64]uint8
+}
+
+type CryptoReportKPP struct {
+	Type [64]uint8
+}
+
+type CryptoReportAcomp struct {
+	Type [64]uint8
+}
+
+type LoopInfo struct {
+	Number           int32
+	Device           uint32
+	Inode            uint64
+	Rdevice          uint32
+	Offset           int32
+	Encrypt_type     int32
+	Encrypt_key_size int32
+	Flags            int32
+	Name             [64]uint8
+	Encrypt_key      [32]uint8
+	Init             [2]uint64
+	Reserved         [4]uint8
+	_                [4]byte
+}
+
+type TIPCSubscr struct {
+	Seq     TIPCServiceRange
+	Timeout uint32
+	Filter  uint32
+	Handle  [8]uint8
+}
+
+type TIPCSIOCLNReq struct {
+	Peer     uint32
+	Id       uint32
+	Linkname [68]uint8
+}
+
+type TIPCSIOCNodeIDReq struct {
+	Peer uint32
+	Id   [16]uint8
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
new file mode 100644
index 000000000..349f483a8
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
@@ -0,0 +1,624 @@
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include -fsigned-char linux/types.go | go run mkpost.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build s390x,linux
+
+package unix
+
+const (
+	SizeofPtr  = 0x8
+	SizeofLong = 0x8
+)
+
+type (
+	_C_long int64
+)
+
+type Timespec struct {
+	Sec  int64
+	Nsec int64
+}
+
+type Timeval struct {
+	Sec  int64
+	Usec int64
+}
+
+type Timex struct {
+	Modes     uint32
+	Offset    int64
+	Freq      int64
+	Maxerror  int64
+	Esterror  int64
+	Status    int32
+	Constant  int64
+	Precision int64
+	Tolerance int64
+	Time      Timeval
+	Tick      int64
+	Ppsfreq   int64
+	Jitter    int64
+	Shift     int32
+	Stabil    int64
+	Jitcnt    int64
+	Calcnt    int64
+	Errcnt    int64
+	Stbcnt    int64
+	Tai       int32
+	_         [44]byte
+}
+
+type Time_t int64
+
+type Tms struct {
+	Utime  int64
+	Stime  int64
+	Cutime int64
+	Cstime int64
+}
+
+type Utimbuf struct {
+	Actime  int64
+	Modtime int64
+}
+
+type Rusage struct {
+	Utime    Timeval
+	Stime    Timeval
+	Maxrss   int64
+	Ixrss    int64
+	Idrss    int64
+	Isrss    int64
+	Minflt   int64
+	Majflt   int64
+	Nswap    int64
+	Inblock  int64
+	Oublock  int64
+	Msgsnd   int64
+	Msgrcv   int64
+	Nsignals int64
+	Nvcsw    int64
+	Nivcsw   int64
+}
+
+type Stat_t struct {
+	Dev     uint64
+	Ino     uint64
+	Nlink   uint64
+	Mode    uint32
+	Uid     uint32
+	Gid     uint32
+	_       int32
+	Rdev    uint64
+	Size    int64
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	Blksize int64
+	Blocks  int64
+	_       [3]int64
+}
+
+type Dirent struct {
+	Ino    uint64
+	Off    int64
+	Reclen uint16
+	Type   uint8
+	Name   [256]int8
+	_      [5]byte
+}
+
+type Flock_t struct {
+	Type   int16
+	Whence int16
+	Start  int64
+	Len    int64
+	Pid    int32
+	_      [4]byte
+}
+
+type DmNameList struct {
+	Dev  uint64
+	Next uint32
+	Name [0]byte
+	_    [4]byte
+}
+
+const (
+	FADV_DONTNEED = 0x6
+	FADV_NOREUSE  = 0x7
+)
+
+type RawSockaddr struct {
+	Family uint16
+	Data   [14]int8
+}
+
+type RawSockaddrAny struct {
+	Addr RawSockaddr
+	Pad  [96]int8
+}
+
+type Iovec struct {
+	Base *byte
+	Len  uint64
+}
+
+type Msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Iov        *Iovec
+	Iovlen     uint64
+	Control    *byte
+	Controllen uint64
+	Flags      int32
+	_          [4]byte
+}
+
+type Cmsghdr struct {
+	Len   uint64
+	Level int32
+	Type  int32
+}
+
+const (
+	SizeofIovec   = 0x10
+	SizeofMsghdr  = 0x38
+	SizeofCmsghdr = 0x10
+)
+
+const (
+	SizeofSockFprog = 0x10
+)
+
+type PtraceRegs struct {
+	Psw                      PtracePsw
+	Gprs                     [16]uint64
+	Acrs                     [16]uint32
+	Orig_gpr2                uint64
+	Fp_regs                  PtraceFpregs
+	Per_info                 PtracePer
+	Ieee_instruction_pointer uint64
+}
+
+type PtracePsw struct {
+	Mask uint64
+	Addr uint64
+}
+
+type PtraceFpregs struct {
+	Fpc  uint32
+	Fprs [16]float64
+}
+
+type PtracePer struct {
+	_             [0]uint64
+	_             [32]byte
+	Starting_addr uint64
+	Ending_addr   uint64
+	Perc_atmid    uint16
+	Address       uint64
+	Access_id     uint8
+	_             [7]byte
+}
+
+type FdSet struct {
+	Bits [16]int64
+}
+
+type Sysinfo_t struct {
+	Uptime    int64
+	Loads     [3]uint64
+	Totalram  uint64
+	Freeram   uint64
+	Sharedram uint64
+	Bufferram uint64
+	Totalswap uint64
+	Freeswap  uint64
+	Procs     uint16
+	Pad       uint16
+	Totalhigh uint64
+	Freehigh  uint64
+	Unit      uint32
+	_         [0]int8
+	_         [4]byte
+}
+
+type Ustat_t struct {
+	Tfree  int32
+	Tinode uint64
+	Fname  [6]int8
+	Fpack  [6]int8
+	_      [4]byte
+}
+
+type EpollEvent struct {
+	Events uint32
+	_      int32
+	Fd     int32
+	Pad    int32
+}
+
+const (
+	POLLRDHUP = 0x2000
+)
+
+type Sigset_t struct {
+	Val [16]uint64
+}
+
+const _C__NSIG = 0x41
+
+type Termios struct {
+	Iflag  uint32
+	Oflag  uint32
+	Cflag  uint32
+	Lflag  uint32
+	Line   uint8
+	Cc     [19]uint8
+	Ispeed uint32
+	Ospeed uint32
+}
+
+type Taskstats struct {
+	Version                   uint16
+	Ac_exitcode               uint32
+	Ac_flag                   uint8
+	Ac_nice                   uint8
+	Cpu_count                 uint64
+	Cpu_delay_total           uint64
+	Blkio_count               uint64
+	Blkio_delay_total         uint64
+	Swapin_count              uint64
+	Swapin_delay_total        uint64
+	Cpu_run_real_total        uint64
+	Cpu_run_virtual_total     uint64
+	Ac_comm                   [32]int8
+	Ac_sched                  uint8
+	Ac_pad                    [3]uint8
+	_                         [4]byte
+	Ac_uid                    uint32
+	Ac_gid                    uint32
+	Ac_pid                    uint32
+	Ac_ppid                   uint32
+	Ac_btime                  uint32
+	Ac_etime                  uint64
+	Ac_utime                  uint64
+	Ac_stime                  uint64
+	Ac_minflt                 uint64
+	Ac_majflt                 uint64
+	Coremem                   uint64
+	Virtmem                   uint64
+	Hiwater_rss               uint64
+	Hiwater_vm                uint64
+	Read_char                 uint64
+	Write_char                uint64
+	Read_syscalls             uint64
+	Write_syscalls            uint64
+	Read_bytes                uint64
+	Write_bytes               uint64
+	Cancelled_write_bytes     uint64
+	Nvcsw                     uint64
+	Nivcsw                    uint64
+	Ac_utimescaled            uint64
+	Ac_stimescaled            uint64
+	Cpu_scaled_run_real_total uint64
+	Freepages_count           uint64
+	Freepages_delay_total     uint64
+	Thrashing_count           uint64
+	Thrashing_delay_total     uint64
+	Ac_btime64                uint64
+}
+
+type cpuMask uint64
+
+const (
+	_NCPUBITS = 0x40
+)
+
+const (
+	CBitFieldMaskBit0  = 0x8000000000000000
+	CBitFieldMaskBit1  = 0x4000000000000000
+	CBitFieldMaskBit2  = 0x2000000000000000
+	CBitFieldMaskBit3  = 0x1000000000000000
+	CBitFieldMaskBit4  = 0x800000000000000
+	CBitFieldMaskBit5  = 0x400000000000000
+	CBitFieldMaskBit6  = 0x200000000000000
+	CBitFieldMaskBit7  = 0x100000000000000
+	CBitFieldMaskBit8  = 0x80000000000000
+	CBitFieldMaskBit9  = 0x40000000000000
+	CBitFieldMaskBit10 = 0x20000000000000
+	CBitFieldMaskBit11 = 0x10000000000000
+	CBitFieldMaskBit12 = 0x8000000000000
+	CBitFieldMaskBit13 = 0x4000000000000
+	CBitFieldMaskBit14 = 0x2000000000000
+	CBitFieldMaskBit15 = 0x1000000000000
+	CBitFieldMaskBit16 = 0x800000000000
+	CBitFieldMaskBit17 = 0x400000000000
+	CBitFieldMaskBit18 = 0x200000000000
+	CBitFieldMaskBit19 = 0x100000000000
+	CBitFieldMaskBit20 = 0x80000000000
+	CBitFieldMaskBit21 = 0x40000000000
+	CBitFieldMaskBit22 = 0x20000000000
+	CBitFieldMaskBit23 = 0x10000000000
+	CBitFieldMaskBit24 = 0x8000000000
+	CBitFieldMaskBit25 = 0x4000000000
+	CBitFieldMaskBit26 = 0x2000000000
+	CBitFieldMaskBit27 = 0x1000000000
+	CBitFieldMaskBit28 = 0x800000000
+	CBitFieldMaskBit29 = 0x400000000
+	CBitFieldMaskBit30 = 0x200000000
+	CBitFieldMaskBit31 = 0x100000000
+	CBitFieldMaskBit32 = 0x80000000
+	CBitFieldMaskBit33 = 0x40000000
+	CBitFieldMaskBit34 = 0x20000000
+	CBitFieldMaskBit35 = 0x10000000
+	CBitFieldMaskBit36 = 0x8000000
+	CBitFieldMaskBit37 = 0x4000000
+	CBitFieldMaskBit38 = 0x2000000
+	CBitFieldMaskBit39 = 0x1000000
+	CBitFieldMaskBit40 = 0x800000
+	CBitFieldMaskBit41 = 0x400000
+	CBitFieldMaskBit42 = 0x200000
+	CBitFieldMaskBit43 = 0x100000
+	CBitFieldMaskBit44 = 0x80000
+	CBitFieldMaskBit45 = 0x40000
+	CBitFieldMaskBit46 = 0x20000
+	CBitFieldMaskBit47 = 0x10000
+	CBitFieldMaskBit48 = 0x8000
+	CBitFieldMaskBit49 = 0x4000
+	CBitFieldMaskBit50 = 0x2000
+	CBitFieldMaskBit51 = 0x1000
+	CBitFieldMaskBit52 = 0x800
+	CBitFieldMaskBit53 = 0x400
+	CBitFieldMaskBit54 = 0x200
+	CBitFieldMaskBit55 = 0x100
+	CBitFieldMaskBit56 = 0x80
+	CBitFieldMaskBit57 = 0x40
+	CBitFieldMaskBit58 = 0x20
+	CBitFieldMaskBit59 = 0x10
+	CBitFieldMaskBit60 = 0x8
+	CBitFieldMaskBit61 = 0x4
+	CBitFieldMaskBit62 = 0x2
+	CBitFieldMaskBit63 = 0x1
+)
+
+type SockaddrStorage struct {
+	Family uint16
+	_      [118]int8
+	_      uint64
+}
+
+type HDGeometry struct {
+	Heads     uint8
+	Sectors   uint8
+	Cylinders uint16
+	Start     uint64
+}
+
+type Statfs_t struct {
+	Type    uint32
+	Bsize   uint32
+	Blocks  uint64
+	Bfree   uint64
+	Bavail  uint64
+	Files   uint64
+	Ffree   uint64
+	Fsid    Fsid
+	Namelen uint32
+	Frsize  uint32
+	Flags   uint32
+	Spare   [4]uint32
+	_       [4]byte
+}
+
+type TpacketHdr struct {
+	Status  uint64
+	Len     uint32
+	Snaplen uint32
+	Mac     uint16
+	Net     uint16
+	Sec     uint32
+	Usec    uint32
+	_       [4]byte
+}
+
+const (
+	SizeofTpacketHdr = 0x20
+)
+
+type RTCPLLInfo struct {
+	Ctrl    int32
+	Value   int32
+	Max     int32
+	Min     int32
+	Posmult int32
+	Negmult int32
+	Clock   int64
+}
+
+type BlkpgPartition struct {
+	Start   int64
+	Length  int64
+	Pno     int32
+	Devname [64]uint8
+	Volname [64]uint8
+	_       [4]byte
+}
+
+const (
+	BLKPG = 0x1269
+)
+
+type XDPUmemReg struct {
+	Addr     uint64
+	Len      uint64
+	Size     uint32
+	Headroom uint32
+	Flags    uint32
+	_        [4]byte
+}
+
+type CryptoUserAlg struct {
+	Name        [64]int8
+	Driver_name [64]int8
+	Module_name [64]int8
+	Type        uint32
+	Mask        uint32
+	Refcnt      uint32
+	Flags       uint32
+}
+
+type CryptoStatAEAD struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
+}
+
+type CryptoStatAKCipher struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Verify_cnt   uint64
+	Sign_cnt     uint64
+	Err_cnt      uint64
+}
+
+type CryptoStatCipher struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
+}
+
+type CryptoStatCompress struct {
+	Type            [64]int8
+	Compress_cnt    uint64
+	Compress_tlen   uint64
+	Decompress_cnt  uint64
+	Decompress_tlen uint64
+	Err_cnt         uint64
+}
+
+type CryptoStatHash struct {
+	Type      [64]int8
+	Hash_cnt  uint64
+	Hash_tlen uint64
+	Err_cnt   uint64
+}
+
+type CryptoStatKPP struct {
+	Type                      [64]int8
+	Setsecret_cnt             uint64
+	Generate_public_key_cnt   uint64
+	Compute_shared_secret_cnt uint64
+	Err_cnt                   uint64
+}
+
+type CryptoStatRNG struct {
+	Type          [64]int8
+	Generate_cnt  uint64
+	Generate_tlen uint64
+	Seed_cnt      uint64
+	Err_cnt       uint64
+}
+
+type CryptoStatLarval struct {
+	Type [64]int8
+}
+
+type CryptoReportLarval struct {
+	Type [64]int8
+}
+
+type CryptoReportHash struct {
+	Type       [64]int8
+	Blocksize  uint32
+	Digestsize uint32
+}
+
+type CryptoReportCipher struct {
+	Type        [64]int8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
+}
+
+type CryptoReportBlkCipher struct {
+	Type        [64]int8
+	Geniv       [64]int8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
+	Ivsize      uint32
+}
+
+type CryptoReportAEAD struct {
+	Type        [64]int8
+	Geniv       [64]int8
+	Blocksize   uint32
+	Maxauthsize uint32
+	Ivsize      uint32
+}
+
+type CryptoReportComp struct {
+	Type [64]int8
+}
+
+type CryptoReportRNG struct {
+	Type     [64]int8
+	Seedsize uint32
+}
+
+type CryptoReportAKCipher struct {
+	Type [64]int8
+}
+
+type CryptoReportKPP struct {
+	Type [64]int8
+}
+
+type CryptoReportAcomp struct {
+	Type [64]int8
+}
+
+type LoopInfo struct {
+	Number           int32
+	Device           uint16
+	Inode            uint64
+	Rdevice          uint16
+	Offset           int32
+	Encrypt_type     int32
+	Encrypt_key_size int32
+	Flags            int32
+	Name             [64]int8
+	Encrypt_key      [32]uint8
+	Init             [2]uint64
+	Reserved         [4]int8
+	_                [4]byte
+}
+
+type TIPCSubscr struct {
+	Seq     TIPCServiceRange
+	Timeout uint32
+	Filter  uint32
+	Handle  [8]int8
+}
+
+type TIPCSIOCLNReq struct {
+	Peer     uint32
+	Id       uint32
+	Linkname [68]int8
+}
+
+type TIPCSIOCNodeIDReq struct {
+	Peer uint32
+	Id   [16]int8
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
new file mode 100644
index 000000000..80c73beaa
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
@@ -0,0 +1,605 @@
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include linux/types.go | go run mkpost.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build sparc64,linux
+
+package unix
+
+const (
+	SizeofPtr  = 0x8
+	SizeofLong = 0x8
+)
+
+type (
+	_C_long int64
+)
+
+type Timespec struct {
+	Sec  int64
+	Nsec int64
+}
+
+type Timeval struct {
+	Sec  int64
+	Usec int32
+	_    [4]byte
+}
+
+type Timex struct {
+	Modes     uint32
+	Offset    int64
+	Freq      int64
+	Maxerror  int64
+	Esterror  int64
+	Status    int32
+	Constant  int64
+	Precision int64
+	Tolerance int64
+	Time      Timeval
+	Tick      int64
+	Ppsfreq   int64
+	Jitter    int64
+	Shift     int32
+	Stabil    int64
+	Jitcnt    int64
+	Calcnt    int64
+	Errcnt    int64
+	Stbcnt    int64
+	Tai       int32
+	_         [44]byte
+}
+
+type Time_t int64
+
+type Tms struct {
+	Utime  int64
+	Stime  int64
+	Cutime int64
+	Cstime int64
+}
+
+type Utimbuf struct {
+	Actime  int64
+	Modtime int64
+}
+
+type Rusage struct {
+	Utime    Timeval
+	Stime    Timeval
+	Maxrss   int64
+	Ixrss    int64
+	Idrss    int64
+	Isrss    int64
+	Minflt   int64
+	Majflt   int64
+	Nswap    int64
+	Inblock  int64
+	Oublock  int64
+	Msgsnd   int64
+	Msgrcv   int64
+	Nsignals int64
+	Nvcsw    int64
+	Nivcsw   int64
+}
+
+type Stat_t struct {
+	Dev     uint64
+	_       uint16
+	Ino     uint64
+	Mode    uint32
+	Nlink   uint32
+	Uid     uint32
+	Gid     uint32
+	Rdev    uint64
+	_       uint16
+	Size    int64
+	Blksize int64
+	Blocks  int64
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	_       uint64
+	_       uint64
+}
+
+type Dirent struct {
+	Ino    uint64
+	Off    int64
+	Reclen uint16
+	Type   uint8
+	Name   [256]int8
+	_      [5]byte
+}
+
+type Flock_t struct {
+	Type   int16
+	Whence int16
+	Start  int64
+	Len    int64
+	Pid    int32
+	_      int16
+	_      [2]byte
+}
+
+type DmNameList struct {
+	Dev  uint64
+	Next uint32
+	Name [0]byte
+	_    [4]byte
+}
+
+const (
+	FADV_DONTNEED = 0x4
+	FADV_NOREUSE  = 0x5
+)
+
+type RawSockaddr struct {
+	Family uint16
+	Data   [14]int8
+}
+
+type RawSockaddrAny struct {
+	Addr RawSockaddr
+	Pad  [96]int8
+}
+
+type Iovec struct {
+	Base *byte
+	Len  uint64
+}
+
+type Msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Iov        *Iovec
+	Iovlen     uint64
+	Control    *byte
+	Controllen uint64
+	Flags      int32
+	_          [4]byte
+}
+
+type Cmsghdr struct {
+	Len   uint64
+	Level int32
+	Type  int32
+}
+
+const (
+	SizeofIovec   = 0x10
+	SizeofMsghdr  = 0x38
+	SizeofCmsghdr = 0x10
+)
+
+const (
+	SizeofSockFprog = 0x10
+)
+
+type PtraceRegs struct {
+	Regs   [16]uint64
+	Tstate uint64
+	Tpc    uint64
+	Tnpc   uint64
+	Y      uint32
+	Magic  uint32
+}
+
+type FdSet struct {
+	Bits [16]int64
+}
+
+type Sysinfo_t struct {
+	Uptime    int64
+	Loads     [3]uint64
+	Totalram  uint64
+	Freeram   uint64
+	Sharedram uint64
+	Bufferram uint64
+	Totalswap uint64
+	Freeswap  uint64
+	Procs     uint16
+	Pad       uint16
+	Totalhigh uint64
+	Freehigh  uint64
+	Unit      uint32
+	_         [0]int8
+	_         [4]byte
+}
+
+type Ustat_t struct {
+	Tfree  int32
+	Tinode uint64
+	Fname  [6]int8
+	Fpack  [6]int8
+	_      [4]byte
+}
+
+type EpollEvent struct {
+	Events uint32
+	_      int32
+	Fd     int32
+	Pad    int32
+}
+
+const (
+	POLLRDHUP = 0x800
+)
+
+type Sigset_t struct {
+	Val [16]uint64
+}
+
+const _C__NSIG = 0x41
+
+type Termios struct {
+	Iflag  uint32
+	Oflag  uint32
+	Cflag  uint32
+	Lflag  uint32
+	Line   uint8
+	Cc     [19]uint8
+	Ispeed uint32
+	Ospeed uint32
+}
+
+type Taskstats struct {
+	Version                   uint16
+	Ac_exitcode               uint32
+	Ac_flag                   uint8
+	Ac_nice                   uint8
+	Cpu_count                 uint64
+	Cpu_delay_total           uint64
+	Blkio_count               uint64
+	Blkio_delay_total         uint64
+	Swapin_count              uint64
+	Swapin_delay_total        uint64
+	Cpu_run_real_total        uint64
+	Cpu_run_virtual_total     uint64
+	Ac_comm                   [32]int8
+	Ac_sched                  uint8
+	Ac_pad                    [3]uint8
+	_                         [4]byte
+	Ac_uid                    uint32
+	Ac_gid                    uint32
+	Ac_pid                    uint32
+	Ac_ppid                   uint32
+	Ac_btime                  uint32
+	Ac_etime                  uint64
+	Ac_utime                  uint64
+	Ac_stime                  uint64
+	Ac_minflt                 uint64
+	Ac_majflt                 uint64
+	Coremem                   uint64
+	Virtmem                   uint64
+	Hiwater_rss               uint64
+	Hiwater_vm                uint64
+	Read_char                 uint64
+	Write_char                uint64
+	Read_syscalls             uint64
+	Write_syscalls            uint64
+	Read_bytes                uint64
+	Write_bytes               uint64
+	Cancelled_write_bytes     uint64
+	Nvcsw                     uint64
+	Nivcsw                    uint64
+	Ac_utimescaled            uint64
+	Ac_stimescaled            uint64
+	Cpu_scaled_run_real_total uint64
+	Freepages_count           uint64
+	Freepages_delay_total     uint64
+	Thrashing_count           uint64
+	Thrashing_delay_total     uint64
+	Ac_btime64                uint64
+}
+
+type cpuMask uint64
+
+const (
+	_NCPUBITS = 0x40
+)
+
+const (
+	CBitFieldMaskBit0  = 0x8000000000000000
+	CBitFieldMaskBit1  = 0x4000000000000000
+	CBitFieldMaskBit2  = 0x2000000000000000
+	CBitFieldMaskBit3  = 0x1000000000000000
+	CBitFieldMaskBit4  = 0x800000000000000
+	CBitFieldMaskBit5  = 0x400000000000000
+	CBitFieldMaskBit6  = 0x200000000000000
+	CBitFieldMaskBit7  = 0x100000000000000
+	CBitFieldMaskBit8  = 0x80000000000000
+	CBitFieldMaskBit9  = 0x40000000000000
+	CBitFieldMaskBit10 = 0x20000000000000
+	CBitFieldMaskBit11 = 0x10000000000000
+	CBitFieldMaskBit12 = 0x8000000000000
+	CBitFieldMaskBit13 = 0x4000000000000
+	CBitFieldMaskBit14 = 0x2000000000000
+	CBitFieldMaskBit15 = 0x1000000000000
+	CBitFieldMaskBit16 = 0x800000000000
+	CBitFieldMaskBit17 = 0x400000000000
+	CBitFieldMaskBit18 = 0x200000000000
+	CBitFieldMaskBit19 = 0x100000000000
+	CBitFieldMaskBit20 = 0x80000000000
+	CBitFieldMaskBit21 = 0x40000000000
+	CBitFieldMaskBit22 = 0x20000000000
+	CBitFieldMaskBit23 = 0x10000000000
+	CBitFieldMaskBit24 = 0x8000000000
+	CBitFieldMaskBit25 = 0x4000000000
+	CBitFieldMaskBit26 = 0x2000000000
+	CBitFieldMaskBit27 = 0x1000000000
+	CBitFieldMaskBit28 = 0x800000000
+	CBitFieldMaskBit29 = 0x400000000
+	CBitFieldMaskBit30 = 0x200000000
+	CBitFieldMaskBit31 = 0x100000000
+	CBitFieldMaskBit32 = 0x80000000
+	CBitFieldMaskBit33 = 0x40000000
+	CBitFieldMaskBit34 = 0x20000000
+	CBitFieldMaskBit35 = 0x10000000
+	CBitFieldMaskBit36 = 0x8000000
+	CBitFieldMaskBit37 = 0x4000000
+	CBitFieldMaskBit38 = 0x2000000
+	CBitFieldMaskBit39 = 0x1000000
+	CBitFieldMaskBit40 = 0x800000
+	CBitFieldMaskBit41 = 0x400000
+	CBitFieldMaskBit42 = 0x200000
+	CBitFieldMaskBit43 = 0x100000
+	CBitFieldMaskBit44 = 0x80000
+	CBitFieldMaskBit45 = 0x40000
+	CBitFieldMaskBit46 = 0x20000
+	CBitFieldMaskBit47 = 0x10000
+	CBitFieldMaskBit48 = 0x8000
+	CBitFieldMaskBit49 = 0x4000
+	CBitFieldMaskBit50 = 0x2000
+	CBitFieldMaskBit51 = 0x1000
+	CBitFieldMaskBit52 = 0x800
+	CBitFieldMaskBit53 = 0x400
+	CBitFieldMaskBit54 = 0x200
+	CBitFieldMaskBit55 = 0x100
+	CBitFieldMaskBit56 = 0x80
+	CBitFieldMaskBit57 = 0x40
+	CBitFieldMaskBit58 = 0x20
+	CBitFieldMaskBit59 = 0x10
+	CBitFieldMaskBit60 = 0x8
+	CBitFieldMaskBit61 = 0x4
+	CBitFieldMaskBit62 = 0x2
+	CBitFieldMaskBit63 = 0x1
+)
+
+type SockaddrStorage struct {
+	Family uint16
+	_      [118]int8
+	_      uint64
+}
+
+type HDGeometry struct {
+	Heads     uint8
+	Sectors   uint8
+	Cylinders uint16
+	Start     uint64
+}
+
+type Statfs_t struct {
+	Type    int64
+	Bsize   int64
+	Blocks  uint64
+	Bfree   uint64
+	Bavail  uint64
+	Files   uint64
+	Ffree   uint64
+	Fsid    Fsid
+	Namelen int64
+	Frsize  int64
+	Flags   int64
+	Spare   [4]int64
+}
+
+type TpacketHdr struct {
+	Status  uint64
+	Len     uint32
+	Snaplen uint32
+	Mac     uint16
+	Net     uint16
+	Sec     uint32
+	Usec    uint32
+	_       [4]byte
+}
+
+const (
+	SizeofTpacketHdr = 0x20
+)
+
+type RTCPLLInfo struct {
+	Ctrl    int32
+	Value   int32
+	Max     int32
+	Min     int32
+	Posmult int32
+	Negmult int32
+	Clock   int64
+}
+
+type BlkpgPartition struct {
+	Start   int64
+	Length  int64
+	Pno     int32
+	Devname [64]uint8
+	Volname [64]uint8
+	_       [4]byte
+}
+
+const (
+	BLKPG = 0x20001269
+)
+
+type XDPUmemReg struct {
+	Addr     uint64
+	Len      uint64
+	Size     uint32
+	Headroom uint32
+	Flags    uint32
+	_        [4]byte
+}
+
+type CryptoUserAlg struct {
+	Name        [64]int8
+	Driver_name [64]int8
+	Module_name [64]int8
+	Type        uint32
+	Mask        uint32
+	Refcnt      uint32
+	Flags       uint32
+}
+
+type CryptoStatAEAD struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
+}
+
+type CryptoStatAKCipher struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Verify_cnt   uint64
+	Sign_cnt     uint64
+	Err_cnt      uint64
+}
+
+type CryptoStatCipher struct {
+	Type         [64]int8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
+}
+
+type CryptoStatCompress struct {
+	Type            [64]int8
+	Compress_cnt    uint64
+	Compress_tlen   uint64
+	Decompress_cnt  uint64
+	Decompress_tlen uint64
+	Err_cnt         uint64
+}
+
+type CryptoStatHash struct {
+	Type      [64]int8
+	Hash_cnt  uint64
+	Hash_tlen uint64
+	Err_cnt   uint64
+}
+
+type CryptoStatKPP struct {
+	Type                      [64]int8
+	Setsecret_cnt             uint64
+	Generate_public_key_cnt   uint64
+	Compute_shared_secret_cnt uint64
+	Err_cnt                   uint64
+}
+
+type CryptoStatRNG struct {
+	Type          [64]int8
+	Generate_cnt  uint64
+	Generate_tlen uint64
+	Seed_cnt      uint64
+	Err_cnt       uint64
+}
+
+type CryptoStatLarval struct {
+	Type [64]int8
+}
+
+type CryptoReportLarval struct {
+	Type [64]int8
+}
+
+type CryptoReportHash struct {
+	Type       [64]int8
+	Blocksize  uint32
+	Digestsize uint32
+}
+
+type CryptoReportCipher struct {
+	Type        [64]int8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
+}
+
+type CryptoReportBlkCipher struct {
+	Type        [64]int8
+	Geniv       [64]int8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
+	Ivsize      uint32
+}
+
+type CryptoReportAEAD struct {
+	Type        [64]int8
+	Geniv       [64]int8
+	Blocksize   uint32
+	Maxauthsize uint32
+	Ivsize      uint32
+}
+
+type CryptoReportComp struct {
+	Type [64]int8
+}
+
+type CryptoReportRNG struct {
+	Type     [64]int8
+	Seedsize uint32
+}
+
+type CryptoReportAKCipher struct {
+	Type [64]int8
+}
+
+type CryptoReportKPP struct {
+	Type [64]int8
+}
+
+type CryptoReportAcomp struct {
+	Type [64]int8
+}
+
+type LoopInfo struct {
+	Number           int32
+	Device           uint32
+	Inode            uint64
+	Rdevice          uint32
+	Offset           int32
+	Encrypt_type     int32
+	Encrypt_key_size int32
+	Flags            int32
+	Name             [64]int8
+	Encrypt_key      [32]uint8
+	Init             [2]uint64
+	Reserved         [4]int8
+	_                [4]byte
+}
+
+type TIPCSubscr struct {
+	Seq     TIPCServiceRange
+	Timeout uint32
+	Filter  uint32
+	Handle  [8]int8
+}
+
+type TIPCSIOCLNReq struct {
+	Peer     uint32
+	Id       uint32
+	Linkname [68]int8
+}
+
+type TIPCSIOCNodeIDReq struct {
+	Peer uint32
+	Id   [16]int8
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_netbsd_386.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_netbsd_386.go
new file mode 100644
index 000000000..a89100c08
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_netbsd_386.go
@@ -0,0 +1,498 @@
+// cgo -godefs types_netbsd.go | go run mkpost.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build 386,netbsd
+
+package unix
+
+const (
+	SizeofPtr      = 0x4
+	SizeofShort    = 0x2
+	SizeofInt      = 0x4
+	SizeofLong     = 0x4
+	SizeofLongLong = 0x8
+)
+
+type (
+	_C_short     int16
+	_C_int       int32
+	_C_long      int32
+	_C_long_long int64
+)
+
+type Timespec struct {
+	Sec  int64
+	Nsec int32
+}
+
+type Timeval struct {
+	Sec  int64
+	Usec int32
+}
+
+type Rusage struct {
+	Utime    Timeval
+	Stime    Timeval
+	Maxrss   int32
+	Ixrss    int32
+	Idrss    int32
+	Isrss    int32
+	Minflt   int32
+	Majflt   int32
+	Nswap    int32
+	Inblock  int32
+	Oublock  int32
+	Msgsnd   int32
+	Msgrcv   int32
+	Nsignals int32
+	Nvcsw    int32
+	Nivcsw   int32
+}
+
+type Rlimit struct {
+	Cur uint64
+	Max uint64
+}
+
+type _Gid_t uint32
+
+type Stat_t struct {
+	Dev     uint64
+	Mode    uint32
+	Ino     uint64
+	Nlink   uint32
+	Uid     uint32
+	Gid     uint32
+	Rdev    uint64
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	Btim    Timespec
+	Size    int64
+	Blocks  int64
+	Blksize uint32
+	Flags   uint32
+	Gen     uint32
+	Spare   [2]uint32
+}
+
+type Statfs_t [0]byte
+
+type Statvfs_t struct {
+	Flag        uint32
+	Bsize       uint32
+	Frsize      uint32
+	Iosize      uint32
+	Blocks      uint64
+	Bfree       uint64
+	Bavail      uint64
+	Bresvd      uint64
+	Files       uint64
+	Ffree       uint64
+	Favail      uint64
+	Fresvd      uint64
+	Syncreads   uint64
+	Syncwrites  uint64
+	Asyncreads  uint64
+	Asyncwrites uint64
+	Fsidx       Fsid
+	Fsid        uint32
+	Namemax     uint32
+	Owner       uint32
+	Spare       [4]uint32
+	Fstypename  [32]byte
+	Mntonname   [1024]byte
+	Mntfromname [1024]byte
+}
+
+type Flock_t struct {
+	Start  int64
+	Len    int64
+	Pid    int32
+	Type   int16
+	Whence int16
+}
+
+type Dirent struct {
+	Fileno    uint64
+	Reclen    uint16
+	Namlen    uint16
+	Type      uint8
+	Name      [512]int8
+	Pad_cgo_0 [3]byte
+}
+
+type Fsid struct {
+	X__fsid_val [2]int32
+}
+
+const (
+	PathMax = 0x400
+)
+
+const (
+	ST_WAIT   = 0x1
+	ST_NOWAIT = 0x2
+)
+
+const (
+	FADV_NORMAL     = 0x0
+	FADV_RANDOM     = 0x1
+	FADV_SEQUENTIAL = 0x2
+	FADV_WILLNEED   = 0x3
+	FADV_DONTNEED   = 0x4
+	FADV_NOREUSE    = 0x5
+)
+
+type RawSockaddrInet4 struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]int8
+}
+
+type RawSockaddrInet6 struct {
+	Len      uint8
+	Family   uint8
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+type RawSockaddrUnix struct {
+	Len    uint8
+	Family uint8
+	Path   [104]int8
+}
+
+type RawSockaddrDatalink struct {
+	Len    uint8
+	Family uint8
+	Index  uint16
+	Type   uint8
+	Nlen   uint8
+	Alen   uint8
+	Slen   uint8
+	Data   [12]int8
+}
+
+type RawSockaddr struct {
+	Len    uint8
+	Family uint8
+	Data   [14]int8
+}
+
+type RawSockaddrAny struct {
+	Addr RawSockaddr
+	Pad  [92]int8
+}
+
+type _Socklen uint32
+
+type Linger struct {
+	Onoff  int32
+	Linger int32
+}
+
+type Iovec struct {
+	Base *byte
+	Len  uint32
+}
+
+type IPMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
+
+type IPv6Mreq struct {
+	Multiaddr [16]byte /* in6_addr */
+	Interface uint32
+}
+
+type Msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Iov        *Iovec
+	Iovlen     int32
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type Cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type Inet6Pktinfo struct {
+	Addr    [16]byte /* in6_addr */
+	Ifindex uint32
+}
+
+type IPv6MTUInfo struct {
+	Addr RawSockaddrInet6
+	Mtu  uint32
+}
+
+type ICMPv6Filter struct {
+	Filt [8]uint32
+}
+
+const (
+	SizeofSockaddrInet4    = 0x10
+	SizeofSockaddrInet6    = 0x1c
+	SizeofSockaddrAny      = 0x6c
+	SizeofSockaddrUnix     = 0x6a
+	SizeofSockaddrDatalink = 0x14
+	SizeofLinger           = 0x8
+	SizeofIPMreq           = 0x8
+	SizeofIPv6Mreq         = 0x14
+	SizeofMsghdr           = 0x1c
+	SizeofCmsghdr          = 0xc
+	SizeofInet6Pktinfo     = 0x14
+	SizeofIPv6MTUInfo      = 0x20
+	SizeofICMPv6Filter     = 0x20
+)
+
+const (
+	PTRACE_TRACEME = 0x0
+	PTRACE_CONT    = 0x7
+	PTRACE_KILL    = 0x8
+)
+
+type Kevent_t struct {
+	Ident  uint32
+	Filter uint32
+	Flags  uint32
+	Fflags uint32
+	Data   int64
+	Udata  int32
+}
+
+type FdSet struct {
+	Bits [8]uint32
+}
+
+const (
+	SizeofIfMsghdr         = 0x98
+	SizeofIfData           = 0x84
+	SizeofIfaMsghdr        = 0x18
+	SizeofIfAnnounceMsghdr = 0x18
+	SizeofRtMsghdr         = 0x78
+	SizeofRtMetrics        = 0x50
+)
+
+type IfMsghdr struct {
+	Msglen    uint16
+	Version   uint8
+	Type      uint8
+	Addrs     int32
+	Flags     int32
+	Index     uint16
+	Pad_cgo_0 [2]byte
+	Data      IfData
+	Pad_cgo_1 [4]byte
+}
+
+type IfData struct {
+	Type       uint8
+	Addrlen    uint8
+	Hdrlen     uint8
+	Pad_cgo_0  [1]byte
+	Link_state int32
+	Mtu        uint64
+	Metric     uint64
+	Baudrate   uint64
+	Ipackets   uint64
+	Ierrors    uint64
+	Opackets   uint64
+	Oerrors    uint64
+	Collisions uint64
+	Ibytes     uint64
+	Obytes     uint64
+	Imcasts    uint64
+	Omcasts    uint64
+	Iqdrops    uint64
+	Noproto    uint64
+	Lastchange Timespec
+}
+
+type IfaMsghdr struct {
+	Msglen    uint16
+	Version   uint8
+	Type      uint8
+	Addrs     int32
+	Flags     int32
+	Metric    int32
+	Index     uint16
+	Pad_cgo_0 [6]byte
+}
+
+type IfAnnounceMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Index   uint16
+	Name    [16]int8
+	What    uint16
+}
+
+type RtMsghdr struct {
+	Msglen    uint16
+	Version   uint8
+	Type      uint8
+	Index     uint16
+	Pad_cgo_0 [2]byte
+	Flags     int32
+	Addrs     int32
+	Pid       int32
+	Seq       int32
+	Errno     int32
+	Use       int32
+	Inits     int32
+	Pad_cgo_1 [4]byte
+	Rmx       RtMetrics
+}
+
+type RtMetrics struct {
+	Locks    uint64
+	Mtu      uint64
+	Hopcount uint64
+	Recvpipe uint64
+	Sendpipe uint64
+	Ssthresh uint64
+	Rtt      uint64
+	Rttvar   uint64
+	Expire   int64
+	Pksent   int64
+}
+
+type Mclpool [0]byte
+
+const (
+	SizeofBpfVersion = 0x4
+	SizeofBpfStat    = 0x80
+	SizeofBpfProgram = 0x8
+	SizeofBpfInsn    = 0x8
+	SizeofBpfHdr     = 0x14
+)
+
+type BpfVersion struct {
+	Major uint16
+	Minor uint16
+}
+
+type BpfStat struct {
+	Recv    uint64
+	Drop    uint64
+	Capt    uint64
+	Padding [13]uint64
+}
+
+type BpfProgram struct {
+	Len   uint32
+	Insns *BpfInsn
+}
+
+type BpfInsn struct {
+	Code uint16
+	Jt   uint8
+	Jf   uint8
+	K    uint32
+}
+
+type BpfHdr struct {
+	Tstamp    BpfTimeval
+	Caplen    uint32
+	Datalen   uint32
+	Hdrlen    uint16
+	Pad_cgo_0 [2]byte
+}
+
+type BpfTimeval struct {
+	Sec  int32
+	Usec int32
+}
+
+type Termios struct {
+	Iflag  uint32
+	Oflag  uint32
+	Cflag  uint32
+	Lflag  uint32
+	Cc     [20]uint8
+	Ispeed int32
+	Ospeed int32
+}
+
+type Winsize struct {
+	Row    uint16
+	Col    uint16
+	Xpixel uint16
+	Ypixel uint16
+}
+
+type Ptmget struct {
+	Cfd int32
+	Sfd int32
+	Cn  [1024]byte
+	Sn  [1024]byte
+}
+
+const (
+	AT_FDCWD            = -0x64
+	AT_SYMLINK_FOLLOW   = 0x400
+	AT_SYMLINK_NOFOLLOW = 0x200
+)
+
+type PollFd struct {
+	Fd      int32
+	Events  int16
+	Revents int16
+}
+
+const (
+	POLLERR    = 0x8
+	POLLHUP    = 0x10
+	POLLIN     = 0x1
+	POLLNVAL   = 0x20
+	POLLOUT    = 0x4
+	POLLPRI    = 0x2
+	POLLRDBAND = 0x80
+	POLLRDNORM = 0x40
+	POLLWRBAND = 0x100
+	POLLWRNORM = 0x4
+)
+
+type Sysctlnode struct {
+	Flags           uint32
+	Num             int32
+	Name            [32]int8
+	Ver             uint32
+	X__rsvd         uint32
+	Un              [16]byte
+	X_sysctl_size   [8]byte
+	X_sysctl_func   [8]byte
+	X_sysctl_parent [8]byte
+	X_sysctl_desc   [8]byte
+}
+
+type Utsname struct {
+	Sysname  [256]byte
+	Nodename [256]byte
+	Release  [256]byte
+	Version  [256]byte
+	Machine  [256]byte
+}
+
+const SizeofClockinfo = 0x14
+
+type Clockinfo struct {
+	Hz      int32
+	Tick    int32
+	Tickadj int32
+	Stathz  int32
+	Profhz  int32
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_netbsd_amd64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_netbsd_amd64.go
new file mode 100644
index 000000000..289184e0b
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_netbsd_amd64.go
@@ -0,0 +1,506 @@
+// cgo -godefs types_netbsd.go | go run mkpost.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build amd64,netbsd
+
+package unix
+
+const (
+	SizeofPtr      = 0x8
+	SizeofShort    = 0x2
+	SizeofInt      = 0x4
+	SizeofLong     = 0x8
+	SizeofLongLong = 0x8
+)
+
+type (
+	_C_short     int16
+	_C_int       int32
+	_C_long      int64
+	_C_long_long int64
+)
+
+type Timespec struct {
+	Sec  int64
+	Nsec int64
+}
+
+type Timeval struct {
+	Sec       int64
+	Usec      int32
+	Pad_cgo_0 [4]byte
+}
+
+type Rusage struct {
+	Utime    Timeval
+	Stime    Timeval
+	Maxrss   int64
+	Ixrss    int64
+	Idrss    int64
+	Isrss    int64
+	Minflt   int64
+	Majflt   int64
+	Nswap    int64
+	Inblock  int64
+	Oublock  int64
+	Msgsnd   int64
+	Msgrcv   int64
+	Nsignals int64
+	Nvcsw    int64
+	Nivcsw   int64
+}
+
+type Rlimit struct {
+	Cur uint64
+	Max uint64
+}
+
+type _Gid_t uint32
+
+type Stat_t struct {
+	Dev     uint64
+	Mode    uint32
+	_       [4]byte
+	Ino     uint64
+	Nlink   uint32
+	Uid     uint32
+	Gid     uint32
+	_       [4]byte
+	Rdev    uint64
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	Btim    Timespec
+	Size    int64
+	Blocks  int64
+	Blksize uint32
+	Flags   uint32
+	Gen     uint32
+	Spare   [2]uint32
+	_       [4]byte
+}
+
+type Statfs_t [0]byte
+
+type Statvfs_t struct {
+	Flag        uint64
+	Bsize       uint64
+	Frsize      uint64
+	Iosize      uint64
+	Blocks      uint64
+	Bfree       uint64
+	Bavail      uint64
+	Bresvd      uint64
+	Files       uint64
+	Ffree       uint64
+	Favail      uint64
+	Fresvd      uint64
+	Syncreads   uint64
+	Syncwrites  uint64
+	Asyncreads  uint64
+	Asyncwrites uint64
+	Fsidx       Fsid
+	Fsid        uint64
+	Namemax     uint64
+	Owner       uint32
+	Spare       [4]uint32
+	Fstypename  [32]byte
+	Mntonname   [1024]byte
+	Mntfromname [1024]byte
+	_           [4]byte
+}
+
+type Flock_t struct {
+	Start  int64
+	Len    int64
+	Pid    int32
+	Type   int16
+	Whence int16
+}
+
+type Dirent struct {
+	Fileno    uint64
+	Reclen    uint16
+	Namlen    uint16
+	Type      uint8
+	Name      [512]int8
+	Pad_cgo_0 [3]byte
+}
+
+type Fsid struct {
+	X__fsid_val [2]int32
+}
+
+const (
+	PathMax = 0x400
+)
+
+const (
+	ST_WAIT   = 0x1
+	ST_NOWAIT = 0x2
+)
+
+const (
+	FADV_NORMAL     = 0x0
+	FADV_RANDOM     = 0x1
+	FADV_SEQUENTIAL = 0x2
+	FADV_WILLNEED   = 0x3
+	FADV_DONTNEED   = 0x4
+	FADV_NOREUSE    = 0x5
+)
+
+type RawSockaddrInet4 struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]int8
+}
+
+type RawSockaddrInet6 struct {
+	Len      uint8
+	Family   uint8
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+type RawSockaddrUnix struct {
+	Len    uint8
+	Family uint8
+	Path   [104]int8
+}
+
+type RawSockaddrDatalink struct {
+	Len    uint8
+	Family uint8
+	Index  uint16
+	Type   uint8
+	Nlen   uint8
+	Alen   uint8
+	Slen   uint8
+	Data   [12]int8
+}
+
+type RawSockaddr struct {
+	Len    uint8
+	Family uint8
+	Data   [14]int8
+}
+
+type RawSockaddrAny struct {
+	Addr RawSockaddr
+	Pad  [92]int8
+}
+
+type _Socklen uint32
+
+type Linger struct {
+	Onoff  int32
+	Linger int32
+}
+
+type Iovec struct {
+	Base *byte
+	Len  uint64
+}
+
+type IPMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
+
+type IPv6Mreq struct {
+	Multiaddr [16]byte /* in6_addr */
+	Interface uint32
+}
+
+type Msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Pad_cgo_0  [4]byte
+	Iov        *Iovec
+	Iovlen     int32
+	Pad_cgo_1  [4]byte
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type Cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type Inet6Pktinfo struct {
+	Addr    [16]byte /* in6_addr */
+	Ifindex uint32
+}
+
+type IPv6MTUInfo struct {
+	Addr RawSockaddrInet6
+	Mtu  uint32
+}
+
+type ICMPv6Filter struct {
+	Filt [8]uint32
+}
+
+const (
+	SizeofSockaddrInet4    = 0x10
+	SizeofSockaddrInet6    = 0x1c
+	SizeofSockaddrAny      = 0x6c
+	SizeofSockaddrUnix     = 0x6a
+	SizeofSockaddrDatalink = 0x14
+	SizeofLinger           = 0x8
+	SizeofIPMreq           = 0x8
+	SizeofIPv6Mreq         = 0x14
+	SizeofMsghdr           = 0x30
+	SizeofCmsghdr          = 0xc
+	SizeofInet6Pktinfo     = 0x14
+	SizeofIPv6MTUInfo      = 0x20
+	SizeofICMPv6Filter     = 0x20
+)
+
+const (
+	PTRACE_TRACEME = 0x0
+	PTRACE_CONT    = 0x7
+	PTRACE_KILL    = 0x8
+)
+
+type Kevent_t struct {
+	Ident     uint64
+	Filter    uint32
+	Flags     uint32
+	Fflags    uint32
+	Pad_cgo_0 [4]byte
+	Data      int64
+	Udata     int64
+}
+
+type FdSet struct {
+	Bits [8]uint32
+}
+
+const (
+	SizeofIfMsghdr         = 0x98
+	SizeofIfData           = 0x88
+	SizeofIfaMsghdr        = 0x18
+	SizeofIfAnnounceMsghdr = 0x18
+	SizeofRtMsghdr         = 0x78
+	SizeofRtMetrics        = 0x50
+)
+
+type IfMsghdr struct {
+	Msglen    uint16
+	Version   uint8
+	Type      uint8
+	Addrs     int32
+	Flags     int32
+	Index     uint16
+	Pad_cgo_0 [2]byte
+	Data      IfData
+}
+
+type IfData struct {
+	Type       uint8
+	Addrlen    uint8
+	Hdrlen     uint8
+	Pad_cgo_0  [1]byte
+	Link_state int32
+	Mtu        uint64
+	Metric     uint64
+	Baudrate   uint64
+	Ipackets   uint64
+	Ierrors    uint64
+	Opackets   uint64
+	Oerrors    uint64
+	Collisions uint64
+	Ibytes     uint64
+	Obytes     uint64
+	Imcasts    uint64
+	Omcasts    uint64
+	Iqdrops    uint64
+	Noproto    uint64
+	Lastchange Timespec
+}
+
+type IfaMsghdr struct {
+	Msglen    uint16
+	Version   uint8
+	Type      uint8
+	Addrs     int32
+	Flags     int32
+	Metric    int32
+	Index     uint16
+	Pad_cgo_0 [6]byte
+}
+
+type IfAnnounceMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Index   uint16
+	Name    [16]int8
+	What    uint16
+}
+
+type RtMsghdr struct {
+	Msglen    uint16
+	Version   uint8
+	Type      uint8
+	Index     uint16
+	Pad_cgo_0 [2]byte
+	Flags     int32
+	Addrs     int32
+	Pid       int32
+	Seq       int32
+	Errno     int32
+	Use       int32
+	Inits     int32
+	Pad_cgo_1 [4]byte
+	Rmx       RtMetrics
+}
+
+type RtMetrics struct {
+	Locks    uint64
+	Mtu      uint64
+	Hopcount uint64
+	Recvpipe uint64
+	Sendpipe uint64
+	Ssthresh uint64
+	Rtt      uint64
+	Rttvar   uint64
+	Expire   int64
+	Pksent   int64
+}
+
+type Mclpool [0]byte
+
+const (
+	SizeofBpfVersion = 0x4
+	SizeofBpfStat    = 0x80
+	SizeofBpfProgram = 0x10
+	SizeofBpfInsn    = 0x8
+	SizeofBpfHdr     = 0x20
+)
+
+type BpfVersion struct {
+	Major uint16
+	Minor uint16
+}
+
+type BpfStat struct {
+	Recv    uint64
+	Drop    uint64
+	Capt    uint64
+	Padding [13]uint64
+}
+
+type BpfProgram struct {
+	Len       uint32
+	Pad_cgo_0 [4]byte
+	Insns     *BpfInsn
+}
+
+type BpfInsn struct {
+	Code uint16
+	Jt   uint8
+	Jf   uint8
+	K    uint32
+}
+
+type BpfHdr struct {
+	Tstamp    BpfTimeval
+	Caplen    uint32
+	Datalen   uint32
+	Hdrlen    uint16
+	Pad_cgo_0 [6]byte
+}
+
+type BpfTimeval struct {
+	Sec  int64
+	Usec int64
+}
+
+type Termios struct {
+	Iflag  uint32
+	Oflag  uint32
+	Cflag  uint32
+	Lflag  uint32
+	Cc     [20]uint8
+	Ispeed int32
+	Ospeed int32
+}
+
+type Winsize struct {
+	Row    uint16
+	Col    uint16
+	Xpixel uint16
+	Ypixel uint16
+}
+
+type Ptmget struct {
+	Cfd int32
+	Sfd int32
+	Cn  [1024]byte
+	Sn  [1024]byte
+}
+
+const (
+	AT_FDCWD            = -0x64
+	AT_SYMLINK_FOLLOW   = 0x400
+	AT_SYMLINK_NOFOLLOW = 0x200
+)
+
+type PollFd struct {
+	Fd      int32
+	Events  int16
+	Revents int16
+}
+
+const (
+	POLLERR    = 0x8
+	POLLHUP    = 0x10
+	POLLIN     = 0x1
+	POLLNVAL   = 0x20
+	POLLOUT    = 0x4
+	POLLPRI    = 0x2
+	POLLRDBAND = 0x80
+	POLLRDNORM = 0x40
+	POLLWRBAND = 0x100
+	POLLWRNORM = 0x4
+)
+
+type Sysctlnode struct {
+	Flags           uint32
+	Num             int32
+	Name            [32]int8
+	Ver             uint32
+	X__rsvd         uint32
+	Un              [16]byte
+	X_sysctl_size   [8]byte
+	X_sysctl_func   [8]byte
+	X_sysctl_parent [8]byte
+	X_sysctl_desc   [8]byte
+}
+
+type Utsname struct {
+	Sysname  [256]byte
+	Nodename [256]byte
+	Release  [256]byte
+	Version  [256]byte
+	Machine  [256]byte
+}
+
+const SizeofClockinfo = 0x14
+
+type Clockinfo struct {
+	Hz      int32
+	Tick    int32
+	Tickadj int32
+	Stathz  int32
+	Profhz  int32
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go
new file mode 100644
index 000000000..428c450e4
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go
@@ -0,0 +1,503 @@
+// cgo -godefs types_netbsd.go | go run mkpost.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build arm,netbsd
+
+package unix
+
+const (
+	SizeofPtr      = 0x4
+	SizeofShort    = 0x2
+	SizeofInt      = 0x4
+	SizeofLong     = 0x4
+	SizeofLongLong = 0x8
+)
+
+type (
+	_C_short     int16
+	_C_int       int32
+	_C_long      int32
+	_C_long_long int64
+)
+
+type Timespec struct {
+	Sec       int64
+	Nsec      int32
+	Pad_cgo_0 [4]byte
+}
+
+type Timeval struct {
+	Sec       int64
+	Usec      int32
+	Pad_cgo_0 [4]byte
+}
+
+type Rusage struct {
+	Utime    Timeval
+	Stime    Timeval
+	Maxrss   int32
+	Ixrss    int32
+	Idrss    int32
+	Isrss    int32
+	Minflt   int32
+	Majflt   int32
+	Nswap    int32
+	Inblock  int32
+	Oublock  int32
+	Msgsnd   int32
+	Msgrcv   int32
+	Nsignals int32
+	Nvcsw    int32
+	Nivcsw   int32
+}
+
+type Rlimit struct {
+	Cur uint64
+	Max uint64
+}
+
+type _Gid_t uint32
+
+type Stat_t struct {
+	Dev     uint64
+	Mode    uint32
+	_       [4]byte
+	Ino     uint64
+	Nlink   uint32
+	Uid     uint32
+	Gid     uint32
+	_       [4]byte
+	Rdev    uint64
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	Btim    Timespec
+	Size    int64
+	Blocks  int64
+	Blksize uint32
+	Flags   uint32
+	Gen     uint32
+	Spare   [2]uint32
+	_       [4]byte
+}
+
+type Statfs_t [0]byte
+
+type Statvfs_t struct {
+	Flag        uint32
+	Bsize       uint32
+	Frsize      uint32
+	Iosize      uint32
+	Blocks      uint64
+	Bfree       uint64
+	Bavail      uint64
+	Bresvd      uint64
+	Files       uint64
+	Ffree       uint64
+	Favail      uint64
+	Fresvd      uint64
+	Syncreads   uint64
+	Syncwrites  uint64
+	Asyncreads  uint64
+	Asyncwrites uint64
+	Fsidx       Fsid
+	Fsid        uint32
+	Namemax     uint32
+	Owner       uint32
+	Spare       [4]uint32
+	Fstypename  [32]byte
+	Mntonname   [1024]byte
+	Mntfromname [1024]byte
+}
+
+type Flock_t struct {
+	Start  int64
+	Len    int64
+	Pid    int32
+	Type   int16
+	Whence int16
+}
+
+type Dirent struct {
+	Fileno    uint64
+	Reclen    uint16
+	Namlen    uint16
+	Type      uint8
+	Name      [512]int8
+	Pad_cgo_0 [3]byte
+}
+
+type Fsid struct {
+	X__fsid_val [2]int32
+}
+
+const (
+	PathMax = 0x400
+)
+
+const (
+	ST_WAIT   = 0x1
+	ST_NOWAIT = 0x2
+)
+
+const (
+	FADV_NORMAL     = 0x0
+	FADV_RANDOM     = 0x1
+	FADV_SEQUENTIAL = 0x2
+	FADV_WILLNEED   = 0x3
+	FADV_DONTNEED   = 0x4
+	FADV_NOREUSE    = 0x5
+)
+
+type RawSockaddrInet4 struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]int8
+}
+
+type RawSockaddrInet6 struct {
+	Len      uint8
+	Family   uint8
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+type RawSockaddrUnix struct {
+	Len    uint8
+	Family uint8
+	Path   [104]int8
+}
+
+type RawSockaddrDatalink struct {
+	Len    uint8
+	Family uint8
+	Index  uint16
+	Type   uint8
+	Nlen   uint8
+	Alen   uint8
+	Slen   uint8
+	Data   [12]int8
+}
+
+type RawSockaddr struct {
+	Len    uint8
+	Family uint8
+	Data   [14]int8
+}
+
+type RawSockaddrAny struct {
+	Addr RawSockaddr
+	Pad  [92]int8
+}
+
+type _Socklen uint32
+
+type Linger struct {
+	Onoff  int32
+	Linger int32
+}
+
+type Iovec struct {
+	Base *byte
+	Len  uint32
+}
+
+type IPMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
+
+type IPv6Mreq struct {
+	Multiaddr [16]byte /* in6_addr */
+	Interface uint32
+}
+
+type Msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Iov        *Iovec
+	Iovlen     int32
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type Cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type Inet6Pktinfo struct {
+	Addr    [16]byte /* in6_addr */
+	Ifindex uint32
+}
+
+type IPv6MTUInfo struct {
+	Addr RawSockaddrInet6
+	Mtu  uint32
+}
+
+type ICMPv6Filter struct {
+	Filt [8]uint32
+}
+
+const (
+	SizeofSockaddrInet4    = 0x10
+	SizeofSockaddrInet6    = 0x1c
+	SizeofSockaddrAny      = 0x6c
+	SizeofSockaddrUnix     = 0x6a
+	SizeofSockaddrDatalink = 0x14
+	SizeofLinger           = 0x8
+	SizeofIPMreq           = 0x8
+	SizeofIPv6Mreq         = 0x14
+	SizeofMsghdr           = 0x1c
+	SizeofCmsghdr          = 0xc
+	SizeofInet6Pktinfo     = 0x14
+	SizeofIPv6MTUInfo      = 0x20
+	SizeofICMPv6Filter     = 0x20
+)
+
+const (
+	PTRACE_TRACEME = 0x0
+	PTRACE_CONT    = 0x7
+	PTRACE_KILL    = 0x8
+)
+
+type Kevent_t struct {
+	Ident     uint32
+	Filter    uint32
+	Flags     uint32
+	Fflags    uint32
+	Data      int64
+	Udata     int32
+	Pad_cgo_0 [4]byte
+}
+
+type FdSet struct {
+	Bits [8]uint32
+}
+
+const (
+	SizeofIfMsghdr         = 0x98
+	SizeofIfData           = 0x88
+	SizeofIfaMsghdr        = 0x18
+	SizeofIfAnnounceMsghdr = 0x18
+	SizeofRtMsghdr         = 0x78
+	SizeofRtMetrics        = 0x50
+)
+
+type IfMsghdr struct {
+	Msglen    uint16
+	Version   uint8
+	Type      uint8
+	Addrs     int32
+	Flags     int32
+	Index     uint16
+	Pad_cgo_0 [2]byte
+	Data      IfData
+}
+
+type IfData struct {
+	Type       uint8
+	Addrlen    uint8
+	Hdrlen     uint8
+	Pad_cgo_0  [1]byte
+	Link_state int32
+	Mtu        uint64
+	Metric     uint64
+	Baudrate   uint64
+	Ipackets   uint64
+	Ierrors    uint64
+	Opackets   uint64
+	Oerrors    uint64
+	Collisions uint64
+	Ibytes     uint64
+	Obytes     uint64
+	Imcasts    uint64
+	Omcasts    uint64
+	Iqdrops    uint64
+	Noproto    uint64
+	Lastchange Timespec
+}
+
+type IfaMsghdr struct {
+	Msglen    uint16
+	Version   uint8
+	Type      uint8
+	Addrs     int32
+	Flags     int32
+	Metric    int32
+	Index     uint16
+	Pad_cgo_0 [6]byte
+}
+
+type IfAnnounceMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Index   uint16
+	Name    [16]int8
+	What    uint16
+}
+
+type RtMsghdr struct {
+	Msglen    uint16
+	Version   uint8
+	Type      uint8
+	Index     uint16
+	Pad_cgo_0 [2]byte
+	Flags     int32
+	Addrs     int32
+	Pid       int32
+	Seq       int32
+	Errno     int32
+	Use       int32
+	Inits     int32
+	Pad_cgo_1 [4]byte
+	Rmx       RtMetrics
+}
+
+type RtMetrics struct {
+	Locks    uint64
+	Mtu      uint64
+	Hopcount uint64
+	Recvpipe uint64
+	Sendpipe uint64
+	Ssthresh uint64
+	Rtt      uint64
+	Rttvar   uint64
+	Expire   int64
+	Pksent   int64
+}
+
+type Mclpool [0]byte
+
+const (
+	SizeofBpfVersion = 0x4
+	SizeofBpfStat    = 0x80
+	SizeofBpfProgram = 0x8
+	SizeofBpfInsn    = 0x8
+	SizeofBpfHdr     = 0x14
+)
+
+type BpfVersion struct {
+	Major uint16
+	Minor uint16
+}
+
+type BpfStat struct {
+	Recv    uint64
+	Drop    uint64
+	Capt    uint64
+	Padding [13]uint64
+}
+
+type BpfProgram struct {
+	Len   uint32
+	Insns *BpfInsn
+}
+
+type BpfInsn struct {
+	Code uint16
+	Jt   uint8
+	Jf   uint8
+	K    uint32
+}
+
+type BpfHdr struct {
+	Tstamp    BpfTimeval
+	Caplen    uint32
+	Datalen   uint32
+	Hdrlen    uint16
+	Pad_cgo_0 [2]byte
+}
+
+type BpfTimeval struct {
+	Sec  int32
+	Usec int32
+}
+
+type Termios struct {
+	Iflag  uint32
+	Oflag  uint32
+	Cflag  uint32
+	Lflag  uint32
+	Cc     [20]uint8
+	Ispeed int32
+	Ospeed int32
+}
+
+type Winsize struct {
+	Row    uint16
+	Col    uint16
+	Xpixel uint16
+	Ypixel uint16
+}
+
+type Ptmget struct {
+	Cfd int32
+	Sfd int32
+	Cn  [1024]byte
+	Sn  [1024]byte
+}
+
+const (
+	AT_FDCWD            = -0x64
+	AT_SYMLINK_FOLLOW   = 0x400
+	AT_SYMLINK_NOFOLLOW = 0x200
+)
+
+type PollFd struct {
+	Fd      int32
+	Events  int16
+	Revents int16
+}
+
+const (
+	POLLERR    = 0x8
+	POLLHUP    = 0x10
+	POLLIN     = 0x1
+	POLLNVAL   = 0x20
+	POLLOUT    = 0x4
+	POLLPRI    = 0x2
+	POLLRDBAND = 0x80
+	POLLRDNORM = 0x40
+	POLLWRBAND = 0x100
+	POLLWRNORM = 0x4
+)
+
+type Sysctlnode struct {
+	Flags           uint32
+	Num             int32
+	Name            [32]int8
+	Ver             uint32
+	X__rsvd         uint32
+	Un              [16]byte
+	X_sysctl_size   [8]byte
+	X_sysctl_func   [8]byte
+	X_sysctl_parent [8]byte
+	X_sysctl_desc   [8]byte
+}
+
+type Utsname struct {
+	Sysname  [256]byte
+	Nodename [256]byte
+	Release  [256]byte
+	Version  [256]byte
+	Machine  [256]byte
+}
+
+const SizeofClockinfo = 0x14
+
+type Clockinfo struct {
+	Hz      int32
+	Tick    int32
+	Tickadj int32
+	Stathz  int32
+	Profhz  int32
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm64.go
new file mode 100644
index 000000000..6f1f2842c
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm64.go
@@ -0,0 +1,506 @@
+// cgo -godefs types_netbsd.go | go run mkpost.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build arm64,netbsd
+
+package unix
+
+const (
+	SizeofPtr      = 0x8
+	SizeofShort    = 0x2
+	SizeofInt      = 0x4
+	SizeofLong     = 0x8
+	SizeofLongLong = 0x8
+)
+
+type (
+	_C_short     int16
+	_C_int       int32
+	_C_long      int64
+	_C_long_long int64
+)
+
+type Timespec struct {
+	Sec  int64
+	Nsec int64
+}
+
+type Timeval struct {
+	Sec       int64
+	Usec      int32
+	Pad_cgo_0 [4]byte
+}
+
+type Rusage struct {
+	Utime    Timeval
+	Stime    Timeval
+	Maxrss   int64
+	Ixrss    int64
+	Idrss    int64
+	Isrss    int64
+	Minflt   int64
+	Majflt   int64
+	Nswap    int64
+	Inblock  int64
+	Oublock  int64
+	Msgsnd   int64
+	Msgrcv   int64
+	Nsignals int64
+	Nvcsw    int64
+	Nivcsw   int64
+}
+
+type Rlimit struct {
+	Cur uint64
+	Max uint64
+}
+
+type _Gid_t uint32
+
+type Stat_t struct {
+	Dev     uint64
+	Mode    uint32
+	_       [4]byte
+	Ino     uint64
+	Nlink   uint32
+	Uid     uint32
+	Gid     uint32
+	_       [4]byte
+	Rdev    uint64
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	Btim    Timespec
+	Size    int64
+	Blocks  int64
+	Blksize uint32
+	Flags   uint32
+	Gen     uint32
+	Spare   [2]uint32
+	_       [4]byte
+}
+
+type Statfs_t [0]byte
+
+type Statvfs_t struct {
+	Flag        uint64
+	Bsize       uint64
+	Frsize      uint64
+	Iosize      uint64
+	Blocks      uint64
+	Bfree       uint64
+	Bavail      uint64
+	Bresvd      uint64
+	Files       uint64
+	Ffree       uint64
+	Favail      uint64
+	Fresvd      uint64
+	Syncreads   uint64
+	Syncwrites  uint64
+	Asyncreads  uint64
+	Asyncwrites uint64
+	Fsidx       Fsid
+	Fsid        uint64
+	Namemax     uint64
+	Owner       uint32
+	Spare       [4]uint32
+	Fstypename  [32]byte
+	Mntonname   [1024]byte
+	Mntfromname [1024]byte
+	_           [4]byte
+}
+
+type Flock_t struct {
+	Start  int64
+	Len    int64
+	Pid    int32
+	Type   int16
+	Whence int16
+}
+
+type Dirent struct {
+	Fileno    uint64
+	Reclen    uint16
+	Namlen    uint16
+	Type      uint8
+	Name      [512]int8
+	Pad_cgo_0 [3]byte
+}
+
+type Fsid struct {
+	X__fsid_val [2]int32
+}
+
+const (
+	PathMax = 0x400
+)
+
+const (
+	ST_WAIT   = 0x1
+	ST_NOWAIT = 0x2
+)
+
+const (
+	FADV_NORMAL     = 0x0
+	FADV_RANDOM     = 0x1
+	FADV_SEQUENTIAL = 0x2
+	FADV_WILLNEED   = 0x3
+	FADV_DONTNEED   = 0x4
+	FADV_NOREUSE    = 0x5
+)
+
+type RawSockaddrInet4 struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]int8
+}
+
+type RawSockaddrInet6 struct {
+	Len      uint8
+	Family   uint8
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+type RawSockaddrUnix struct {
+	Len    uint8
+	Family uint8
+	Path   [104]int8
+}
+
+type RawSockaddrDatalink struct {
+	Len    uint8
+	Family uint8
+	Index  uint16
+	Type   uint8
+	Nlen   uint8
+	Alen   uint8
+	Slen   uint8
+	Data   [12]int8
+}
+
+type RawSockaddr struct {
+	Len    uint8
+	Family uint8
+	Data   [14]int8
+}
+
+type RawSockaddrAny struct {
+	Addr RawSockaddr
+	Pad  [92]int8
+}
+
+type _Socklen uint32
+
+type Linger struct {
+	Onoff  int32
+	Linger int32
+}
+
+type Iovec struct {
+	Base *byte
+	Len  uint64
+}
+
+type IPMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
+
+type IPv6Mreq struct {
+	Multiaddr [16]byte /* in6_addr */
+	Interface uint32
+}
+
+type Msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Pad_cgo_0  [4]byte
+	Iov        *Iovec
+	Iovlen     int32
+	Pad_cgo_1  [4]byte
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type Cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type Inet6Pktinfo struct {
+	Addr    [16]byte /* in6_addr */
+	Ifindex uint32
+}
+
+type IPv6MTUInfo struct {
+	Addr RawSockaddrInet6
+	Mtu  uint32
+}
+
+type ICMPv6Filter struct {
+	Filt [8]uint32
+}
+
+const (
+	SizeofSockaddrInet4    = 0x10
+	SizeofSockaddrInet6    = 0x1c
+	SizeofSockaddrAny      = 0x6c
+	SizeofSockaddrUnix     = 0x6a
+	SizeofSockaddrDatalink = 0x14
+	SizeofLinger           = 0x8
+	SizeofIPMreq           = 0x8
+	SizeofIPv6Mreq         = 0x14
+	SizeofMsghdr           = 0x30
+	SizeofCmsghdr          = 0xc
+	SizeofInet6Pktinfo     = 0x14
+	SizeofIPv6MTUInfo      = 0x20
+	SizeofICMPv6Filter     = 0x20
+)
+
+const (
+	PTRACE_TRACEME = 0x0
+	PTRACE_CONT    = 0x7
+	PTRACE_KILL    = 0x8
+)
+
+type Kevent_t struct {
+	Ident     uint64
+	Filter    uint32
+	Flags     uint32
+	Fflags    uint32
+	Pad_cgo_0 [4]byte
+	Data      int64
+	Udata     int64
+}
+
+type FdSet struct {
+	Bits [8]uint32
+}
+
+const (
+	SizeofIfMsghdr         = 0x98
+	SizeofIfData           = 0x88
+	SizeofIfaMsghdr        = 0x18
+	SizeofIfAnnounceMsghdr = 0x18
+	SizeofRtMsghdr         = 0x78
+	SizeofRtMetrics        = 0x50
+)
+
+type IfMsghdr struct {
+	Msglen    uint16
+	Version   uint8
+	Type      uint8
+	Addrs     int32
+	Flags     int32
+	Index     uint16
+	Pad_cgo_0 [2]byte
+	Data      IfData
+}
+
+type IfData struct {
+	Type       uint8
+	Addrlen    uint8
+	Hdrlen     uint8
+	Pad_cgo_0  [1]byte
+	Link_state int32
+	Mtu        uint64
+	Metric     uint64
+	Baudrate   uint64
+	Ipackets   uint64
+	Ierrors    uint64
+	Opackets   uint64
+	Oerrors    uint64
+	Collisions uint64
+	Ibytes     uint64
+	Obytes     uint64
+	Imcasts    uint64
+	Omcasts    uint64
+	Iqdrops    uint64
+	Noproto    uint64
+	Lastchange Timespec
+}
+
+type IfaMsghdr struct {
+	Msglen    uint16
+	Version   uint8
+	Type      uint8
+	Addrs     int32
+	Flags     int32
+	Metric    int32
+	Index     uint16
+	Pad_cgo_0 [6]byte
+}
+
+type IfAnnounceMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Index   uint16
+	Name    [16]int8
+	What    uint16
+}
+
+type RtMsghdr struct {
+	Msglen    uint16
+	Version   uint8
+	Type      uint8
+	Index     uint16
+	Pad_cgo_0 [2]byte
+	Flags     int32
+	Addrs     int32
+	Pid       int32
+	Seq       int32
+	Errno     int32
+	Use       int32
+	Inits     int32
+	Pad_cgo_1 [4]byte
+	Rmx       RtMetrics
+}
+
+type RtMetrics struct {
+	Locks    uint64
+	Mtu      uint64
+	Hopcount uint64
+	Recvpipe uint64
+	Sendpipe uint64
+	Ssthresh uint64
+	Rtt      uint64
+	Rttvar   uint64
+	Expire   int64
+	Pksent   int64
+}
+
+type Mclpool [0]byte
+
+const (
+	SizeofBpfVersion = 0x4
+	SizeofBpfStat    = 0x80
+	SizeofBpfProgram = 0x10
+	SizeofBpfInsn    = 0x8
+	SizeofBpfHdr     = 0x20
+)
+
+type BpfVersion struct {
+	Major uint16
+	Minor uint16
+}
+
+type BpfStat struct {
+	Recv    uint64
+	Drop    uint64
+	Capt    uint64
+	Padding [13]uint64
+}
+
+type BpfProgram struct {
+	Len       uint32
+	Pad_cgo_0 [4]byte
+	Insns     *BpfInsn
+}
+
+type BpfInsn struct {
+	Code uint16
+	Jt   uint8
+	Jf   uint8
+	K    uint32
+}
+
+type BpfHdr struct {
+	Tstamp    BpfTimeval
+	Caplen    uint32
+	Datalen   uint32
+	Hdrlen    uint16
+	Pad_cgo_0 [6]byte
+}
+
+type BpfTimeval struct {
+	Sec  int64
+	Usec int64
+}
+
+type Termios struct {
+	Iflag  uint32
+	Oflag  uint32
+	Cflag  uint32
+	Lflag  uint32
+	Cc     [20]uint8
+	Ispeed int32
+	Ospeed int32
+}
+
+type Winsize struct {
+	Row    uint16
+	Col    uint16
+	Xpixel uint16
+	Ypixel uint16
+}
+
+type Ptmget struct {
+	Cfd int32
+	Sfd int32
+	Cn  [1024]byte
+	Sn  [1024]byte
+}
+
+const (
+	AT_FDCWD            = -0x64
+	AT_SYMLINK_FOLLOW   = 0x400
+	AT_SYMLINK_NOFOLLOW = 0x200
+)
+
+type PollFd struct {
+	Fd      int32
+	Events  int16
+	Revents int16
+}
+
+const (
+	POLLERR    = 0x8
+	POLLHUP    = 0x10
+	POLLIN     = 0x1
+	POLLNVAL   = 0x20
+	POLLOUT    = 0x4
+	POLLPRI    = 0x2
+	POLLRDBAND = 0x80
+	POLLRDNORM = 0x40
+	POLLWRBAND = 0x100
+	POLLWRNORM = 0x4
+)
+
+type Sysctlnode struct {
+	Flags           uint32
+	Num             int32
+	Name            [32]int8
+	Ver             uint32
+	X__rsvd         uint32
+	Un              [16]byte
+	X_sysctl_size   [8]byte
+	X_sysctl_func   [8]byte
+	X_sysctl_parent [8]byte
+	X_sysctl_desc   [8]byte
+}
+
+type Utsname struct {
+	Sysname  [256]byte
+	Nodename [256]byte
+	Release  [256]byte
+	Version  [256]byte
+	Machine  [256]byte
+}
+
+const SizeofClockinfo = 0x14
+
+type Clockinfo struct {
+	Hz      int32
+	Tick    int32
+	Tickadj int32
+	Stathz  int32
+	Profhz  int32
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_openbsd_386.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_openbsd_386.go
new file mode 100644
index 000000000..61ea0019a
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_openbsd_386.go
@@ -0,0 +1,571 @@
+// cgo -godefs types_openbsd.go | go run mkpost.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build 386,openbsd
+
+package unix
+
+const (
+	SizeofPtr      = 0x4
+	SizeofShort    = 0x2
+	SizeofInt      = 0x4
+	SizeofLong     = 0x4
+	SizeofLongLong = 0x8
+)
+
+type (
+	_C_short     int16
+	_C_int       int32
+	_C_long      int32
+	_C_long_long int64
+)
+
+type Timespec struct {
+	Sec  int64
+	Nsec int32
+}
+
+type Timeval struct {
+	Sec  int64
+	Usec int32
+}
+
+type Rusage struct {
+	Utime    Timeval
+	Stime    Timeval
+	Maxrss   int32
+	Ixrss    int32
+	Idrss    int32
+	Isrss    int32
+	Minflt   int32
+	Majflt   int32
+	Nswap    int32
+	Inblock  int32
+	Oublock  int32
+	Msgsnd   int32
+	Msgrcv   int32
+	Nsignals int32
+	Nvcsw    int32
+	Nivcsw   int32
+}
+
+type Rlimit struct {
+	Cur uint64
+	Max uint64
+}
+
+type _Gid_t uint32
+
+type Stat_t struct {
+	Mode           uint32
+	Dev            int32
+	Ino            uint64
+	Nlink          uint32
+	Uid            uint32
+	Gid            uint32
+	Rdev           int32
+	Atim           Timespec
+	Mtim           Timespec
+	Ctim           Timespec
+	Size           int64
+	Blocks         int64
+	Blksize        uint32
+	Flags          uint32
+	Gen            uint32
+	X__st_birthtim Timespec
+}
+
+type Statfs_t struct {
+	F_flags       uint32
+	F_bsize       uint32
+	F_iosize      uint32
+	F_blocks      uint64
+	F_bfree       uint64
+	F_bavail      int64
+	F_files       uint64
+	F_ffree       uint64
+	F_favail      int64
+	F_syncwrites  uint64
+	F_syncreads   uint64
+	F_asyncwrites uint64
+	F_asyncreads  uint64
+	F_fsid        Fsid
+	F_namemax     uint32
+	F_owner       uint32
+	F_ctime       uint64
+	F_fstypename  [16]int8
+	F_mntonname   [90]int8
+	F_mntfromname [90]int8
+	F_mntfromspec [90]int8
+	Pad_cgo_0     [2]byte
+	Mount_info    [160]byte
+}
+
+type Flock_t struct {
+	Start  int64
+	Len    int64
+	Pid    int32
+	Type   int16
+	Whence int16
+}
+
+type Dirent struct {
+	Fileno       uint64
+	Off          int64
+	Reclen       uint16
+	Type         uint8
+	Namlen       uint8
+	X__d_padding [4]uint8
+	Name         [256]int8
+}
+
+type Fsid struct {
+	Val [2]int32
+}
+
+const (
+	PathMax = 0x400
+)
+
+type RawSockaddrInet4 struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]int8
+}
+
+type RawSockaddrInet6 struct {
+	Len      uint8
+	Family   uint8
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+type RawSockaddrUnix struct {
+	Len    uint8
+	Family uint8
+	Path   [104]int8
+}
+
+type RawSockaddrDatalink struct {
+	Len    uint8
+	Family uint8
+	Index  uint16
+	Type   uint8
+	Nlen   uint8
+	Alen   uint8
+	Slen   uint8
+	Data   [24]int8
+}
+
+type RawSockaddr struct {
+	Len    uint8
+	Family uint8
+	Data   [14]int8
+}
+
+type RawSockaddrAny struct {
+	Addr RawSockaddr
+	Pad  [92]int8
+}
+
+type _Socklen uint32
+
+type Linger struct {
+	Onoff  int32
+	Linger int32
+}
+
+type Iovec struct {
+	Base *byte
+	Len  uint32
+}
+
+type IPMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
+
+type IPv6Mreq struct {
+	Multiaddr [16]byte /* in6_addr */
+	Interface uint32
+}
+
+type Msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Iov        *Iovec
+	Iovlen     uint32
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type Cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type Inet6Pktinfo struct {
+	Addr    [16]byte /* in6_addr */
+	Ifindex uint32
+}
+
+type IPv6MTUInfo struct {
+	Addr RawSockaddrInet6
+	Mtu  uint32
+}
+
+type ICMPv6Filter struct {
+	Filt [8]uint32
+}
+
+const (
+	SizeofSockaddrInet4    = 0x10
+	SizeofSockaddrInet6    = 0x1c
+	SizeofSockaddrAny      = 0x6c
+	SizeofSockaddrUnix     = 0x6a
+	SizeofSockaddrDatalink = 0x20
+	SizeofLinger           = 0x8
+	SizeofIPMreq           = 0x8
+	SizeofIPv6Mreq         = 0x14
+	SizeofMsghdr           = 0x1c
+	SizeofCmsghdr          = 0xc
+	SizeofInet6Pktinfo     = 0x14
+	SizeofIPv6MTUInfo      = 0x20
+	SizeofICMPv6Filter     = 0x20
+)
+
+const (
+	PTRACE_TRACEME = 0x0
+	PTRACE_CONT    = 0x7
+	PTRACE_KILL    = 0x8
+)
+
+type Kevent_t struct {
+	Ident  uint32
+	Filter int16
+	Flags  uint16
+	Fflags uint32
+	Data   int64
+	Udata  *byte
+}
+
+type FdSet struct {
+	Bits [32]uint32
+}
+
+const (
+	SizeofIfMsghdr         = 0xec
+	SizeofIfData           = 0xd4
+	SizeofIfaMsghdr        = 0x18
+	SizeofIfAnnounceMsghdr = 0x1a
+	SizeofRtMsghdr         = 0x60
+	SizeofRtMetrics        = 0x38
+)
+
+type IfMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Hdrlen  uint16
+	Index   uint16
+	Tableid uint16
+	Pad1    uint8
+	Pad2    uint8
+	Addrs   int32
+	Flags   int32
+	Xflags  int32
+	Data    IfData
+}
+
+type IfData struct {
+	Type         uint8
+	Addrlen      uint8
+	Hdrlen       uint8
+	Link_state   uint8
+	Mtu          uint32
+	Metric       uint32
+	Pad          uint32
+	Baudrate     uint64
+	Ipackets     uint64
+	Ierrors      uint64
+	Opackets     uint64
+	Oerrors      uint64
+	Collisions   uint64
+	Ibytes       uint64
+	Obytes       uint64
+	Imcasts      uint64
+	Omcasts      uint64
+	Iqdrops      uint64
+	Noproto      uint64
+	Capabilities uint32
+	Lastchange   Timeval
+	Mclpool      [7]Mclpool
+}
+
+type IfaMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Hdrlen  uint16
+	Index   uint16
+	Tableid uint16
+	Pad1    uint8
+	Pad2    uint8
+	Addrs   int32
+	Flags   int32
+	Metric  int32
+}
+
+type IfAnnounceMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Hdrlen  uint16
+	Index   uint16
+	What    uint16
+	Name    [16]int8
+}
+
+type RtMsghdr struct {
+	Msglen   uint16
+	Version  uint8
+	Type     uint8
+	Hdrlen   uint16
+	Index    uint16
+	Tableid  uint16
+	Priority uint8
+	Mpls     uint8
+	Addrs    int32
+	Flags    int32
+	Fmask    int32
+	Pid      int32
+	Seq      int32
+	Errno    int32
+	Inits    uint32
+	Rmx      RtMetrics
+}
+
+type RtMetrics struct {
+	Pksent   uint64
+	Expire   int64
+	Locks    uint32
+	Mtu      uint32
+	Refcnt   uint32
+	Hopcount uint32
+	Recvpipe uint32
+	Sendpipe uint32
+	Ssthresh uint32
+	Rtt      uint32
+	Rttvar   uint32
+	Pad      uint32
+}
+
+type Mclpool struct {
+	Grown int32
+	Alive uint16
+	Hwm   uint16
+	Cwm   uint16
+	Lwm   uint16
+}
+
+const (
+	SizeofBpfVersion = 0x4
+	SizeofBpfStat    = 0x8
+	SizeofBpfProgram = 0x8
+	SizeofBpfInsn    = 0x8
+	SizeofBpfHdr     = 0x14
+)
+
+type BpfVersion struct {
+	Major uint16
+	Minor uint16
+}
+
+type BpfStat struct {
+	Recv uint32
+	Drop uint32
+}
+
+type BpfProgram struct {
+	Len   uint32
+	Insns *BpfInsn
+}
+
+type BpfInsn struct {
+	Code uint16
+	Jt   uint8
+	Jf   uint8
+	K    uint32
+}
+
+type BpfHdr struct {
+	Tstamp    BpfTimeval
+	Caplen    uint32
+	Datalen   uint32
+	Hdrlen    uint16
+	Pad_cgo_0 [2]byte
+}
+
+type BpfTimeval struct {
+	Sec  uint32
+	Usec uint32
+}
+
+type Termios struct {
+	Iflag  uint32
+	Oflag  uint32
+	Cflag  uint32
+	Lflag  uint32
+	Cc     [20]uint8
+	Ispeed int32
+	Ospeed int32
+}
+
+type Winsize struct {
+	Row    uint16
+	Col    uint16
+	Xpixel uint16
+	Ypixel uint16
+}
+
+const (
+	AT_FDCWD            = -0x64
+	AT_SYMLINK_FOLLOW   = 0x4
+	AT_SYMLINK_NOFOLLOW = 0x2
+)
+
+type PollFd struct {
+	Fd      int32
+	Events  int16
+	Revents int16
+}
+
+const (
+	POLLERR    = 0x8
+	POLLHUP    = 0x10
+	POLLIN     = 0x1
+	POLLNVAL   = 0x20
+	POLLOUT    = 0x4
+	POLLPRI    = 0x2
+	POLLRDBAND = 0x80
+	POLLRDNORM = 0x40
+	POLLWRBAND = 0x100
+	POLLWRNORM = 0x4
+)
+
+type Sigset_t uint32
+
+type Utsname struct {
+	Sysname  [256]byte
+	Nodename [256]byte
+	Release  [256]byte
+	Version  [256]byte
+	Machine  [256]byte
+}
+
+const SizeofUvmexp = 0x158
+
+type Uvmexp struct {
+	Pagesize           int32
+	Pagemask           int32
+	Pageshift          int32
+	Npages             int32
+	Free               int32
+	Active             int32
+	Inactive           int32
+	Paging             int32
+	Wired              int32
+	Zeropages          int32
+	Reserve_pagedaemon int32
+	Reserve_kernel     int32
+	Anonpages          int32
+	Vnodepages         int32
+	Vtextpages         int32
+	Freemin            int32
+	Freetarg           int32
+	Inactarg           int32
+	Wiredmax           int32
+	Anonmin            int32
+	Vtextmin           int32
+	Vnodemin           int32
+	Anonminpct         int32
+	Vtextminpct        int32
+	Vnodeminpct        int32
+	Nswapdev           int32
+	Swpages            int32
+	Swpginuse          int32
+	Swpgonly           int32
+	Nswget             int32
+	Nanon              int32
+	Nanonneeded        int32
+	Nfreeanon          int32
+	Faults             int32
+	Traps              int32
+	Intrs              int32
+	Swtch              int32
+	Softs              int32
+	Syscalls           int32
+	Pageins            int32
+	Obsolete_swapins   int32
+	Obsolete_swapouts  int32
+	Pgswapin           int32
+	Pgswapout          int32
+	Forks              int32
+	Forks_ppwait       int32
+	Forks_sharevm      int32
+	Pga_zerohit        int32
+	Pga_zeromiss       int32
+	Zeroaborts         int32
+	Fltnoram           int32
+	Fltnoanon          int32
+	Fltnoamap          int32
+	Fltpgwait          int32
+	Fltpgrele          int32
+	Fltrelck           int32
+	Fltrelckok         int32
+	Fltanget           int32
+	Fltanretry         int32
+	Fltamcopy          int32
+	Fltnamap           int32
+	Fltnomap           int32
+	Fltlget            int32
+	Fltget             int32
+	Flt_anon           int32
+	Flt_acow           int32
+	Flt_obj            int32
+	Flt_prcopy         int32
+	Flt_przero         int32
+	Pdwoke             int32
+	Pdrevs             int32
+	Pdswout            int32
+	Pdfreed            int32
+	Pdscans            int32
+	Pdanscan           int32
+	Pdobscan           int32
+	Pdreact            int32
+	Pdbusy             int32
+	Pdpageouts         int32
+	Pdpending          int32
+	Pddeact            int32
+	Pdreanon           int32
+	Pdrevnode          int32
+	Pdrevtext          int32
+	Fpswtch            int32
+	Kmapent            int32
+}
+
+const SizeofClockinfo = 0x14
+
+type Clockinfo struct {
+	Hz      int32
+	Tick    int32
+	Tickadj int32
+	Stathz  int32
+	Profhz  int32
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_openbsd_amd64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_openbsd_amd64.go
new file mode 100644
index 000000000..87a493f68
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_openbsd_amd64.go
@@ -0,0 +1,571 @@
+// cgo -godefs types_openbsd.go | go run mkpost.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build amd64,openbsd
+
+package unix
+
+const (
+	SizeofPtr      = 0x8
+	SizeofShort    = 0x2
+	SizeofInt      = 0x4
+	SizeofLong     = 0x8
+	SizeofLongLong = 0x8
+)
+
+type (
+	_C_short     int16
+	_C_int       int32
+	_C_long      int64
+	_C_long_long int64
+)
+
+type Timespec struct {
+	Sec  int64
+	Nsec int64
+}
+
+type Timeval struct {
+	Sec  int64
+	Usec int64
+}
+
+type Rusage struct {
+	Utime    Timeval
+	Stime    Timeval
+	Maxrss   int64
+	Ixrss    int64
+	Idrss    int64
+	Isrss    int64
+	Minflt   int64
+	Majflt   int64
+	Nswap    int64
+	Inblock  int64
+	Oublock  int64
+	Msgsnd   int64
+	Msgrcv   int64
+	Nsignals int64
+	Nvcsw    int64
+	Nivcsw   int64
+}
+
+type Rlimit struct {
+	Cur uint64
+	Max uint64
+}
+
+type _Gid_t uint32
+
+type Stat_t struct {
+	Mode    uint32
+	Dev     int32
+	Ino     uint64
+	Nlink   uint32
+	Uid     uint32
+	Gid     uint32
+	Rdev    int32
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	Size    int64
+	Blocks  int64
+	Blksize int32
+	Flags   uint32
+	Gen     uint32
+	_       [4]byte
+	_       Timespec
+}
+
+type Statfs_t struct {
+	F_flags       uint32
+	F_bsize       uint32
+	F_iosize      uint32
+	_             [4]byte
+	F_blocks      uint64
+	F_bfree       uint64
+	F_bavail      int64
+	F_files       uint64
+	F_ffree       uint64
+	F_favail      int64
+	F_syncwrites  uint64
+	F_syncreads   uint64
+	F_asyncwrites uint64
+	F_asyncreads  uint64
+	F_fsid        Fsid
+	F_namemax     uint32
+	F_owner       uint32
+	F_ctime       uint64
+	F_fstypename  [16]int8
+	F_mntonname   [90]int8
+	F_mntfromname [90]int8
+	F_mntfromspec [90]int8
+	_             [2]byte
+	Mount_info    [160]byte
+}
+
+type Flock_t struct {
+	Start  int64
+	Len    int64
+	Pid    int32
+	Type   int16
+	Whence int16
+}
+
+type Dirent struct {
+	Fileno uint64
+	Off    int64
+	Reclen uint16
+	Type   uint8
+	Namlen uint8
+	_      [4]uint8
+	Name   [256]int8
+}
+
+type Fsid struct {
+	Val [2]int32
+}
+
+const (
+	PathMax = 0x400
+)
+
+type RawSockaddrInet4 struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]int8
+}
+
+type RawSockaddrInet6 struct {
+	Len      uint8
+	Family   uint8
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+type RawSockaddrUnix struct {
+	Len    uint8
+	Family uint8
+	Path   [104]int8
+}
+
+type RawSockaddrDatalink struct {
+	Len    uint8
+	Family uint8
+	Index  uint16
+	Type   uint8
+	Nlen   uint8
+	Alen   uint8
+	Slen   uint8
+	Data   [24]int8
+}
+
+type RawSockaddr struct {
+	Len    uint8
+	Family uint8
+	Data   [14]int8
+}
+
+type RawSockaddrAny struct {
+	Addr RawSockaddr
+	Pad  [92]int8
+}
+
+type _Socklen uint32
+
+type Linger struct {
+	Onoff  int32
+	Linger int32
+}
+
+type Iovec struct {
+	Base *byte
+	Len  uint64
+}
+
+type IPMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
+
+type IPv6Mreq struct {
+	Multiaddr [16]byte /* in6_addr */
+	Interface uint32
+}
+
+type Msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	_          [4]byte
+	Iov        *Iovec
+	Iovlen     uint32
+	_          [4]byte
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type Cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type Inet6Pktinfo struct {
+	Addr    [16]byte /* in6_addr */
+	Ifindex uint32
+}
+
+type IPv6MTUInfo struct {
+	Addr RawSockaddrInet6
+	Mtu  uint32
+}
+
+type ICMPv6Filter struct {
+	Filt [8]uint32
+}
+
+const (
+	SizeofSockaddrInet4    = 0x10
+	SizeofSockaddrInet6    = 0x1c
+	SizeofSockaddrAny      = 0x6c
+	SizeofSockaddrUnix     = 0x6a
+	SizeofSockaddrDatalink = 0x20
+	SizeofLinger           = 0x8
+	SizeofIPMreq           = 0x8
+	SizeofIPv6Mreq         = 0x14
+	SizeofMsghdr           = 0x30
+	SizeofCmsghdr          = 0xc
+	SizeofInet6Pktinfo     = 0x14
+	SizeofIPv6MTUInfo      = 0x20
+	SizeofICMPv6Filter     = 0x20
+)
+
+const (
+	PTRACE_TRACEME = 0x0
+	PTRACE_CONT    = 0x7
+	PTRACE_KILL    = 0x8
+)
+
+type Kevent_t struct {
+	Ident  uint64
+	Filter int16
+	Flags  uint16
+	Fflags uint32
+	Data   int64
+	Udata  *byte
+}
+
+type FdSet struct {
+	Bits [32]uint32
+}
+
+const (
+	SizeofIfMsghdr         = 0xa8
+	SizeofIfData           = 0x90
+	SizeofIfaMsghdr        = 0x18
+	SizeofIfAnnounceMsghdr = 0x1a
+	SizeofRtMsghdr         = 0x60
+	SizeofRtMetrics        = 0x38
+)
+
+type IfMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Hdrlen  uint16
+	Index   uint16
+	Tableid uint16
+	Pad1    uint8
+	Pad2    uint8
+	Addrs   int32
+	Flags   int32
+	Xflags  int32
+	Data    IfData
+}
+
+type IfData struct {
+	Type         uint8
+	Addrlen      uint8
+	Hdrlen       uint8
+	Link_state   uint8
+	Mtu          uint32
+	Metric       uint32
+	Rdomain      uint32
+	Baudrate     uint64
+	Ipackets     uint64
+	Ierrors      uint64
+	Opackets     uint64
+	Oerrors      uint64
+	Collisions   uint64
+	Ibytes       uint64
+	Obytes       uint64
+	Imcasts      uint64
+	Omcasts      uint64
+	Iqdrops      uint64
+	Oqdrops      uint64
+	Noproto      uint64
+	Capabilities uint32
+	_            [4]byte
+	Lastchange   Timeval
+}
+
+type IfaMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Hdrlen  uint16
+	Index   uint16
+	Tableid uint16
+	Pad1    uint8
+	Pad2    uint8
+	Addrs   int32
+	Flags   int32
+	Metric  int32
+}
+
+type IfAnnounceMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Hdrlen  uint16
+	Index   uint16
+	What    uint16
+	Name    [16]int8
+}
+
+type RtMsghdr struct {
+	Msglen   uint16
+	Version  uint8
+	Type     uint8
+	Hdrlen   uint16
+	Index    uint16
+	Tableid  uint16
+	Priority uint8
+	Mpls     uint8
+	Addrs    int32
+	Flags    int32
+	Fmask    int32
+	Pid      int32
+	Seq      int32
+	Errno    int32
+	Inits    uint32
+	Rmx      RtMetrics
+}
+
+type RtMetrics struct {
+	Pksent   uint64
+	Expire   int64
+	Locks    uint32
+	Mtu      uint32
+	Refcnt   uint32
+	Hopcount uint32
+	Recvpipe uint32
+	Sendpipe uint32
+	Ssthresh uint32
+	Rtt      uint32
+	Rttvar   uint32
+	Pad      uint32
+}
+
+type Mclpool struct{}
+
+const (
+	SizeofBpfVersion = 0x4
+	SizeofBpfStat    = 0x8
+	SizeofBpfProgram = 0x10
+	SizeofBpfInsn    = 0x8
+	SizeofBpfHdr     = 0x14
+)
+
+type BpfVersion struct {
+	Major uint16
+	Minor uint16
+}
+
+type BpfStat struct {
+	Recv uint32
+	Drop uint32
+}
+
+type BpfProgram struct {
+	Len   uint32
+	_     [4]byte
+	Insns *BpfInsn
+}
+
+type BpfInsn struct {
+	Code uint16
+	Jt   uint8
+	Jf   uint8
+	K    uint32
+}
+
+type BpfHdr struct {
+	Tstamp  BpfTimeval
+	Caplen  uint32
+	Datalen uint32
+	Hdrlen  uint16
+	_       [2]byte
+}
+
+type BpfTimeval struct {
+	Sec  uint32
+	Usec uint32
+}
+
+type Termios struct {
+	Iflag  uint32
+	Oflag  uint32
+	Cflag  uint32
+	Lflag  uint32
+	Cc     [20]uint8
+	Ispeed int32
+	Ospeed int32
+}
+
+type Winsize struct {
+	Row    uint16
+	Col    uint16
+	Xpixel uint16
+	Ypixel uint16
+}
+
+const (
+	AT_FDCWD            = -0x64
+	AT_SYMLINK_FOLLOW   = 0x4
+	AT_SYMLINK_NOFOLLOW = 0x2
+)
+
+type PollFd struct {
+	Fd      int32
+	Events  int16
+	Revents int16
+}
+
+const (
+	POLLERR    = 0x8
+	POLLHUP    = 0x10
+	POLLIN     = 0x1
+	POLLNVAL   = 0x20
+	POLLOUT    = 0x4
+	POLLPRI    = 0x2
+	POLLRDBAND = 0x80
+	POLLRDNORM = 0x40
+	POLLWRBAND = 0x100
+	POLLWRNORM = 0x4
+)
+
+type Sigset_t uint32
+
+type Utsname struct {
+	Sysname  [256]byte
+	Nodename [256]byte
+	Release  [256]byte
+	Version  [256]byte
+	Machine  [256]byte
+}
+
+const SizeofUvmexp = 0x158
+
+type Uvmexp struct {
+	Pagesize           int32
+	Pagemask           int32
+	Pageshift          int32
+	Npages             int32
+	Free               int32
+	Active             int32
+	Inactive           int32
+	Paging             int32
+	Wired              int32
+	Zeropages          int32
+	Reserve_pagedaemon int32
+	Reserve_kernel     int32
+	Anonpages          int32
+	Vnodepages         int32
+	Vtextpages         int32
+	Freemin            int32
+	Freetarg           int32
+	Inactarg           int32
+	Wiredmax           int32
+	Anonmin            int32
+	Vtextmin           int32
+	Vnodemin           int32
+	Anonminpct         int32
+	Vtextminpct        int32
+	Vnodeminpct        int32
+	Nswapdev           int32
+	Swpages            int32
+	Swpginuse          int32
+	Swpgonly           int32
+	Nswget             int32
+	Nanon              int32
+	Nanonneeded        int32
+	Nfreeanon          int32
+	Faults             int32
+	Traps              int32
+	Intrs              int32
+	Swtch              int32
+	Softs              int32
+	Syscalls           int32
+	Pageins            int32
+	Obsolete_swapins   int32
+	Obsolete_swapouts  int32
+	Pgswapin           int32
+	Pgswapout          int32
+	Forks              int32
+	Forks_ppwait       int32
+	Forks_sharevm      int32
+	Pga_zerohit        int32
+	Pga_zeromiss       int32
+	Zeroaborts         int32
+	Fltnoram           int32
+	Fltnoanon          int32
+	Fltnoamap          int32
+	Fltpgwait          int32
+	Fltpgrele          int32
+	Fltrelck           int32
+	Fltrelckok         int32
+	Fltanget           int32
+	Fltanretry         int32
+	Fltamcopy          int32
+	Fltnamap           int32
+	Fltnomap           int32
+	Fltlget            int32
+	Fltget             int32
+	Flt_anon           int32
+	Flt_acow           int32
+	Flt_obj            int32
+	Flt_prcopy         int32
+	Flt_przero         int32
+	Pdwoke             int32
+	Pdrevs             int32
+	Pdswout            int32
+	Pdfreed            int32
+	Pdscans            int32
+	Pdanscan           int32
+	Pdobscan           int32
+	Pdreact            int32
+	Pdbusy             int32
+	Pdpageouts         int32
+	Pdpending          int32
+	Pddeact            int32
+	Pdreanon           int32
+	Pdrevnode          int32
+	Pdrevtext          int32
+	Fpswtch            int32
+	Kmapent            int32
+}
+
+const SizeofClockinfo = 0x14
+
+type Clockinfo struct {
+	Hz      int32
+	Tick    int32
+	Tickadj int32
+	Stathz  int32
+	Profhz  int32
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm.go
new file mode 100644
index 000000000..d80836efa
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm.go
@@ -0,0 +1,572 @@
+// cgo -godefs -- -fsigned-char types_openbsd.go | go run mkpost.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build arm,openbsd
+
+package unix
+
+const (
+	SizeofPtr      = 0x4
+	SizeofShort    = 0x2
+	SizeofInt      = 0x4
+	SizeofLong     = 0x4
+	SizeofLongLong = 0x8
+)
+
+type (
+	_C_short     int16
+	_C_int       int32
+	_C_long      int32
+	_C_long_long int64
+)
+
+type Timespec struct {
+	Sec  int64
+	Nsec int32
+	_    [4]byte
+}
+
+type Timeval struct {
+	Sec  int64
+	Usec int32
+	_    [4]byte
+}
+
+type Rusage struct {
+	Utime    Timeval
+	Stime    Timeval
+	Maxrss   int32
+	Ixrss    int32
+	Idrss    int32
+	Isrss    int32
+	Minflt   int32
+	Majflt   int32
+	Nswap    int32
+	Inblock  int32
+	Oublock  int32
+	Msgsnd   int32
+	Msgrcv   int32
+	Nsignals int32
+	Nvcsw    int32
+	Nivcsw   int32
+}
+
+type Rlimit struct {
+	Cur uint64
+	Max uint64
+}
+
+type _Gid_t uint32
+
+type Stat_t struct {
+	Mode    uint32
+	Dev     int32
+	Ino     uint64
+	Nlink   uint32
+	Uid     uint32
+	Gid     uint32
+	Rdev    int32
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	Size    int64
+	Blocks  int64
+	Blksize int32
+	Flags   uint32
+	Gen     uint32
+	_       [4]byte
+	_       Timespec
+}
+
+type Statfs_t struct {
+	F_flags       uint32
+	F_bsize       uint32
+	F_iosize      uint32
+	_             [4]byte
+	F_blocks      uint64
+	F_bfree       uint64
+	F_bavail      int64
+	F_files       uint64
+	F_ffree       uint64
+	F_favail      int64
+	F_syncwrites  uint64
+	F_syncreads   uint64
+	F_asyncwrites uint64
+	F_asyncreads  uint64
+	F_fsid        Fsid
+	F_namemax     uint32
+	F_owner       uint32
+	F_ctime       uint64
+	F_fstypename  [16]int8
+	F_mntonname   [90]int8
+	F_mntfromname [90]int8
+	F_mntfromspec [90]int8
+	_             [2]byte
+	Mount_info    [160]byte
+}
+
+type Flock_t struct {
+	Start  int64
+	Len    int64
+	Pid    int32
+	Type   int16
+	Whence int16
+}
+
+type Dirent struct {
+	Fileno uint64
+	Off    int64
+	Reclen uint16
+	Type   uint8
+	Namlen uint8
+	_      [4]uint8
+	Name   [256]int8
+}
+
+type Fsid struct {
+	Val [2]int32
+}
+
+const (
+	PathMax = 0x400
+)
+
+type RawSockaddrInet4 struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]int8
+}
+
+type RawSockaddrInet6 struct {
+	Len      uint8
+	Family   uint8
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+type RawSockaddrUnix struct {
+	Len    uint8
+	Family uint8
+	Path   [104]int8
+}
+
+type RawSockaddrDatalink struct {
+	Len    uint8
+	Family uint8
+	Index  uint16
+	Type   uint8
+	Nlen   uint8
+	Alen   uint8
+	Slen   uint8
+	Data   [24]int8
+}
+
+type RawSockaddr struct {
+	Len    uint8
+	Family uint8
+	Data   [14]int8
+}
+
+type RawSockaddrAny struct {
+	Addr RawSockaddr
+	Pad  [92]int8
+}
+
+type _Socklen uint32
+
+type Linger struct {
+	Onoff  int32
+	Linger int32
+}
+
+type Iovec struct {
+	Base *byte
+	Len  uint32
+}
+
+type IPMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
+
+type IPv6Mreq struct {
+	Multiaddr [16]byte /* in6_addr */
+	Interface uint32
+}
+
+type Msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Iov        *Iovec
+	Iovlen     uint32
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type Cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type Inet6Pktinfo struct {
+	Addr    [16]byte /* in6_addr */
+	Ifindex uint32
+}
+
+type IPv6MTUInfo struct {
+	Addr RawSockaddrInet6
+	Mtu  uint32
+}
+
+type ICMPv6Filter struct {
+	Filt [8]uint32
+}
+
+const (
+	SizeofSockaddrInet4    = 0x10
+	SizeofSockaddrInet6    = 0x1c
+	SizeofSockaddrAny      = 0x6c
+	SizeofSockaddrUnix     = 0x6a
+	SizeofSockaddrDatalink = 0x20
+	SizeofLinger           = 0x8
+	SizeofIPMreq           = 0x8
+	SizeofIPv6Mreq         = 0x14
+	SizeofMsghdr           = 0x1c
+	SizeofCmsghdr          = 0xc
+	SizeofInet6Pktinfo     = 0x14
+	SizeofIPv6MTUInfo      = 0x20
+	SizeofICMPv6Filter     = 0x20
+)
+
+const (
+	PTRACE_TRACEME = 0x0
+	PTRACE_CONT    = 0x7
+	PTRACE_KILL    = 0x8
+)
+
+type Kevent_t struct {
+	Ident  uint32
+	Filter int16
+	Flags  uint16
+	Fflags uint32
+	_      [4]byte
+	Data   int64
+	Udata  *byte
+	_      [4]byte
+}
+
+type FdSet struct {
+	Bits [32]uint32
+}
+
+const (
+	SizeofIfMsghdr         = 0xa8
+	SizeofIfData           = 0x90
+	SizeofIfaMsghdr        = 0x18
+	SizeofIfAnnounceMsghdr = 0x1a
+	SizeofRtMsghdr         = 0x60
+	SizeofRtMetrics        = 0x38
+)
+
+type IfMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Hdrlen  uint16
+	Index   uint16
+	Tableid uint16
+	Pad1    uint8
+	Pad2    uint8
+	Addrs   int32
+	Flags   int32
+	Xflags  int32
+	Data    IfData
+}
+
+type IfData struct {
+	Type         uint8
+	Addrlen      uint8
+	Hdrlen       uint8
+	Link_state   uint8
+	Mtu          uint32
+	Metric       uint32
+	Rdomain      uint32
+	Baudrate     uint64
+	Ipackets     uint64
+	Ierrors      uint64
+	Opackets     uint64
+	Oerrors      uint64
+	Collisions   uint64
+	Ibytes       uint64
+	Obytes       uint64
+	Imcasts      uint64
+	Omcasts      uint64
+	Iqdrops      uint64
+	Oqdrops      uint64
+	Noproto      uint64
+	Capabilities uint32
+	_            [4]byte
+	Lastchange   Timeval
+}
+
+type IfaMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Hdrlen  uint16
+	Index   uint16
+	Tableid uint16
+	Pad1    uint8
+	Pad2    uint8
+	Addrs   int32
+	Flags   int32
+	Metric  int32
+}
+
+type IfAnnounceMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Hdrlen  uint16
+	Index   uint16
+	What    uint16
+	Name    [16]int8
+}
+
+type RtMsghdr struct {
+	Msglen   uint16
+	Version  uint8
+	Type     uint8
+	Hdrlen   uint16
+	Index    uint16
+	Tableid  uint16
+	Priority uint8
+	Mpls     uint8
+	Addrs    int32
+	Flags    int32
+	Fmask    int32
+	Pid      int32
+	Seq      int32
+	Errno    int32
+	Inits    uint32
+	Rmx      RtMetrics
+}
+
+type RtMetrics struct {
+	Pksent   uint64
+	Expire   int64
+	Locks    uint32
+	Mtu      uint32
+	Refcnt   uint32
+	Hopcount uint32
+	Recvpipe uint32
+	Sendpipe uint32
+	Ssthresh uint32
+	Rtt      uint32
+	Rttvar   uint32
+	Pad      uint32
+}
+
+type Mclpool struct{}
+
+const (
+	SizeofBpfVersion = 0x4
+	SizeofBpfStat    = 0x8
+	SizeofBpfProgram = 0x8
+	SizeofBpfInsn    = 0x8
+	SizeofBpfHdr     = 0x14
+)
+
+type BpfVersion struct {
+	Major uint16
+	Minor uint16
+}
+
+type BpfStat struct {
+	Recv uint32
+	Drop uint32
+}
+
+type BpfProgram struct {
+	Len   uint32
+	Insns *BpfInsn
+}
+
+type BpfInsn struct {
+	Code uint16
+	Jt   uint8
+	Jf   uint8
+	K    uint32
+}
+
+type BpfHdr struct {
+	Tstamp  BpfTimeval
+	Caplen  uint32
+	Datalen uint32
+	Hdrlen  uint16
+	_       [2]byte
+}
+
+type BpfTimeval struct {
+	Sec  uint32
+	Usec uint32
+}
+
+type Termios struct {
+	Iflag  uint32
+	Oflag  uint32
+	Cflag  uint32
+	Lflag  uint32
+	Cc     [20]uint8
+	Ispeed int32
+	Ospeed int32
+}
+
+type Winsize struct {
+	Row    uint16
+	Col    uint16
+	Xpixel uint16
+	Ypixel uint16
+}
+
+const (
+	AT_FDCWD            = -0x64
+	AT_SYMLINK_FOLLOW   = 0x4
+	AT_SYMLINK_NOFOLLOW = 0x2
+)
+
+type PollFd struct {
+	Fd      int32
+	Events  int16
+	Revents int16
+}
+
+const (
+	POLLERR    = 0x8
+	POLLHUP    = 0x10
+	POLLIN     = 0x1
+	POLLNVAL   = 0x20
+	POLLOUT    = 0x4
+	POLLPRI    = 0x2
+	POLLRDBAND = 0x80
+	POLLRDNORM = 0x40
+	POLLWRBAND = 0x100
+	POLLWRNORM = 0x4
+)
+
+type Sigset_t uint32
+
+type Utsname struct {
+	Sysname  [256]byte
+	Nodename [256]byte
+	Release  [256]byte
+	Version  [256]byte
+	Machine  [256]byte
+}
+
+const SizeofUvmexp = 0x158
+
+type Uvmexp struct {
+	Pagesize           int32
+	Pagemask           int32
+	Pageshift          int32
+	Npages             int32
+	Free               int32
+	Active             int32
+	Inactive           int32
+	Paging             int32
+	Wired              int32
+	Zeropages          int32
+	Reserve_pagedaemon int32
+	Reserve_kernel     int32
+	Unused01           int32
+	Vnodepages         int32
+	Vtextpages         int32
+	Freemin            int32
+	Freetarg           int32
+	Inactarg           int32
+	Wiredmax           int32
+	Anonmin            int32
+	Vtextmin           int32
+	Vnodemin           int32
+	Anonminpct         int32
+	Vtextminpct        int32
+	Vnodeminpct        int32
+	Nswapdev           int32
+	Swpages            int32
+	Swpginuse          int32
+	Swpgonly           int32
+	Nswget             int32
+	Nanon              int32
+	Unused05           int32
+	Unused06           int32
+	Faults             int32
+	Traps              int32
+	Intrs              int32
+	Swtch              int32
+	Softs              int32
+	Syscalls           int32
+	Pageins            int32
+	Unused07           int32
+	Unused08           int32
+	Pgswapin           int32
+	Pgswapout          int32
+	Forks              int32
+	Forks_ppwait       int32
+	Forks_sharevm      int32
+	Pga_zerohit        int32
+	Pga_zeromiss       int32
+	Unused09           int32
+	Fltnoram           int32
+	Fltnoanon          int32
+	Fltnoamap          int32
+	Fltpgwait          int32
+	Fltpgrele          int32
+	Fltrelck           int32
+	Fltrelckok         int32
+	Fltanget           int32
+	Fltanretry         int32
+	Fltamcopy          int32
+	Fltnamap           int32
+	Fltnomap           int32
+	Fltlget            int32
+	Fltget             int32
+	Flt_anon           int32
+	Flt_acow           int32
+	Flt_obj            int32
+	Flt_prcopy         int32
+	Flt_przero         int32
+	Pdwoke             int32
+	Pdrevs             int32
+	Pdswout            int32
+	Pdfreed            int32
+	Pdscans            int32
+	Pdanscan           int32
+	Pdobscan           int32
+	Pdreact            int32
+	Pdbusy             int32
+	Pdpageouts         int32
+	Pdpending          int32
+	Pddeact            int32
+	Unused11           int32
+	Unused12           int32
+	Unused13           int32
+	Fpswtch            int32
+	Kmapent            int32
+}
+
+const SizeofClockinfo = 0x14
+
+type Clockinfo struct {
+	Hz      int32
+	Tick    int32
+	Tickadj int32
+	Stathz  int32
+	Profhz  int32
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm64.go
new file mode 100644
index 000000000..4e158746f
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm64.go
@@ -0,0 +1,565 @@
+// cgo -godefs -- -fsigned-char types_openbsd.go | go run mkpost.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build arm64,openbsd
+
+package unix
+
+const (
+	SizeofPtr      = 0x8
+	SizeofShort    = 0x2
+	SizeofInt      = 0x4
+	SizeofLong     = 0x8
+	SizeofLongLong = 0x8
+)
+
+type (
+	_C_short     int16
+	_C_int       int32
+	_C_long      int64
+	_C_long_long int64
+)
+
+type Timespec struct {
+	Sec  int64
+	Nsec int64
+}
+
+type Timeval struct {
+	Sec  int64
+	Usec int64
+}
+
+type Rusage struct {
+	Utime    Timeval
+	Stime    Timeval
+	Maxrss   int64
+	Ixrss    int64
+	Idrss    int64
+	Isrss    int64
+	Minflt   int64
+	Majflt   int64
+	Nswap    int64
+	Inblock  int64
+	Oublock  int64
+	Msgsnd   int64
+	Msgrcv   int64
+	Nsignals int64
+	Nvcsw    int64
+	Nivcsw   int64
+}
+
+type Rlimit struct {
+	Cur uint64
+	Max uint64
+}
+
+type _Gid_t uint32
+
+type Stat_t struct {
+	Mode    uint32
+	Dev     int32
+	Ino     uint64
+	Nlink   uint32
+	Uid     uint32
+	Gid     uint32
+	Rdev    int32
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	Size    int64
+	Blocks  int64
+	Blksize int32
+	Flags   uint32
+	Gen     uint32
+	_       Timespec
+}
+
+type Statfs_t struct {
+	F_flags       uint32
+	F_bsize       uint32
+	F_iosize      uint32
+	F_blocks      uint64
+	F_bfree       uint64
+	F_bavail      int64
+	F_files       uint64
+	F_ffree       uint64
+	F_favail      int64
+	F_syncwrites  uint64
+	F_syncreads   uint64
+	F_asyncwrites uint64
+	F_asyncreads  uint64
+	F_fsid        Fsid
+	F_namemax     uint32
+	F_owner       uint32
+	F_ctime       uint64
+	F_fstypename  [16]int8
+	F_mntonname   [90]int8
+	F_mntfromname [90]int8
+	F_mntfromspec [90]int8
+	_             [2]byte
+	Mount_info    [160]byte
+}
+
+type Flock_t struct {
+	Start  int64
+	Len    int64
+	Pid    int32
+	Type   int16
+	Whence int16
+}
+
+type Dirent struct {
+	Fileno uint64
+	Off    int64
+	Reclen uint16
+	Type   uint8
+	Namlen uint8
+	_      [4]uint8
+	Name   [256]int8
+}
+
+type Fsid struct {
+	Val [2]int32
+}
+
+const (
+	PathMax = 0x400
+)
+
+type RawSockaddrInet4 struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]int8
+}
+
+type RawSockaddrInet6 struct {
+	Len      uint8
+	Family   uint8
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+type RawSockaddrUnix struct {
+	Len    uint8
+	Family uint8
+	Path   [104]int8
+}
+
+type RawSockaddrDatalink struct {
+	Len    uint8
+	Family uint8
+	Index  uint16
+	Type   uint8
+	Nlen   uint8
+	Alen   uint8
+	Slen   uint8
+	Data   [24]int8
+}
+
+type RawSockaddr struct {
+	Len    uint8
+	Family uint8
+	Data   [14]int8
+}
+
+type RawSockaddrAny struct {
+	Addr RawSockaddr
+	Pad  [92]int8
+}
+
+type _Socklen uint32
+
+type Linger struct {
+	Onoff  int32
+	Linger int32
+}
+
+type Iovec struct {
+	Base *byte
+	Len  uint64
+}
+
+type IPMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
+
+type IPv6Mreq struct {
+	Multiaddr [16]byte /* in6_addr */
+	Interface uint32
+}
+
+type Msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Iov        *Iovec
+	Iovlen     uint32
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type Cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type Inet6Pktinfo struct {
+	Addr    [16]byte /* in6_addr */
+	Ifindex uint32
+}
+
+type IPv6MTUInfo struct {
+	Addr RawSockaddrInet6
+	Mtu  uint32
+}
+
+type ICMPv6Filter struct {
+	Filt [8]uint32
+}
+
+const (
+	SizeofSockaddrInet4    = 0x10
+	SizeofSockaddrInet6    = 0x1c
+	SizeofSockaddrAny      = 0x6c
+	SizeofSockaddrUnix     = 0x6a
+	SizeofSockaddrDatalink = 0x20
+	SizeofLinger           = 0x8
+	SizeofIPMreq           = 0x8
+	SizeofIPv6Mreq         = 0x14
+	SizeofMsghdr           = 0x30
+	SizeofCmsghdr          = 0xc
+	SizeofInet6Pktinfo     = 0x14
+	SizeofIPv6MTUInfo      = 0x20
+	SizeofICMPv6Filter     = 0x20
+)
+
+const (
+	PTRACE_TRACEME = 0x0
+	PTRACE_CONT    = 0x7
+	PTRACE_KILL    = 0x8
+)
+
+type Kevent_t struct {
+	Ident  uint64
+	Filter int16
+	Flags  uint16
+	Fflags uint32
+	Data   int64
+	Udata  *byte
+}
+
+type FdSet struct {
+	Bits [32]uint32
+}
+
+const (
+	SizeofIfMsghdr         = 0xa8
+	SizeofIfData           = 0x90
+	SizeofIfaMsghdr        = 0x18
+	SizeofIfAnnounceMsghdr = 0x1a
+	SizeofRtMsghdr         = 0x60
+	SizeofRtMetrics        = 0x38
+)
+
+type IfMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Hdrlen  uint16
+	Index   uint16
+	Tableid uint16
+	Pad1    uint8
+	Pad2    uint8
+	Addrs   int32
+	Flags   int32
+	Xflags  int32
+	Data    IfData
+}
+
+type IfData struct {
+	Type         uint8
+	Addrlen      uint8
+	Hdrlen       uint8
+	Link_state   uint8
+	Mtu          uint32
+	Metric       uint32
+	Rdomain      uint32
+	Baudrate     uint64
+	Ipackets     uint64
+	Ierrors      uint64
+	Opackets     uint64
+	Oerrors      uint64
+	Collisions   uint64
+	Ibytes       uint64
+	Obytes       uint64
+	Imcasts      uint64
+	Omcasts      uint64
+	Iqdrops      uint64
+	Oqdrops      uint64
+	Noproto      uint64
+	Capabilities uint32
+	Lastchange   Timeval
+}
+
+type IfaMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Hdrlen  uint16
+	Index   uint16
+	Tableid uint16
+	Pad1    uint8
+	Pad2    uint8
+	Addrs   int32
+	Flags   int32
+	Metric  int32
+}
+
+type IfAnnounceMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Hdrlen  uint16
+	Index   uint16
+	What    uint16
+	Name    [16]int8
+}
+
+type RtMsghdr struct {
+	Msglen   uint16
+	Version  uint8
+	Type     uint8
+	Hdrlen   uint16
+	Index    uint16
+	Tableid  uint16
+	Priority uint8
+	Mpls     uint8
+	Addrs    int32
+	Flags    int32
+	Fmask    int32
+	Pid      int32
+	Seq      int32
+	Errno    int32
+	Inits    uint32
+	Rmx      RtMetrics
+}
+
+type RtMetrics struct {
+	Pksent   uint64
+	Expire   int64
+	Locks    uint32
+	Mtu      uint32
+	Refcnt   uint32
+	Hopcount uint32
+	Recvpipe uint32
+	Sendpipe uint32
+	Ssthresh uint32
+	Rtt      uint32
+	Rttvar   uint32
+	Pad      uint32
+}
+
+type Mclpool struct{}
+
+const (
+	SizeofBpfVersion = 0x4
+	SizeofBpfStat    = 0x8
+	SizeofBpfProgram = 0x10
+	SizeofBpfInsn    = 0x8
+	SizeofBpfHdr     = 0x14
+)
+
+type BpfVersion struct {
+	Major uint16
+	Minor uint16
+}
+
+type BpfStat struct {
+	Recv uint32
+	Drop uint32
+}
+
+type BpfProgram struct {
+	Len   uint32
+	Insns *BpfInsn
+}
+
+type BpfInsn struct {
+	Code uint16
+	Jt   uint8
+	Jf   uint8
+	K    uint32
+}
+
+type BpfHdr struct {
+	Tstamp  BpfTimeval
+	Caplen  uint32
+	Datalen uint32
+	Hdrlen  uint16
+	_       [2]byte
+}
+
+type BpfTimeval struct {
+	Sec  uint32
+	Usec uint32
+}
+
+type Termios struct {
+	Iflag  uint32
+	Oflag  uint32
+	Cflag  uint32
+	Lflag  uint32
+	Cc     [20]uint8
+	Ispeed int32
+	Ospeed int32
+}
+
+type Winsize struct {
+	Row    uint16
+	Col    uint16
+	Xpixel uint16
+	Ypixel uint16
+}
+
+const (
+	AT_FDCWD            = -0x64
+	AT_SYMLINK_FOLLOW   = 0x4
+	AT_SYMLINK_NOFOLLOW = 0x2
+)
+
+type PollFd struct {
+	Fd      int32
+	Events  int16
+	Revents int16
+}
+
+const (
+	POLLERR    = 0x8
+	POLLHUP    = 0x10
+	POLLIN     = 0x1
+	POLLNVAL   = 0x20
+	POLLOUT    = 0x4
+	POLLPRI    = 0x2
+	POLLRDBAND = 0x80
+	POLLRDNORM = 0x40
+	POLLWRBAND = 0x100
+	POLLWRNORM = 0x4
+)
+
+type Sigset_t uint32
+
+type Utsname struct {
+	Sysname  [256]byte
+	Nodename [256]byte
+	Release  [256]byte
+	Version  [256]byte
+	Machine  [256]byte
+}
+
+const SizeofUvmexp = 0x158
+
+type Uvmexp struct {
+	Pagesize           int32
+	Pagemask           int32
+	Pageshift          int32
+	Npages             int32
+	Free               int32
+	Active             int32
+	Inactive           int32
+	Paging             int32
+	Wired              int32
+	Zeropages          int32
+	Reserve_pagedaemon int32
+	Reserve_kernel     int32
+	Unused01           int32
+	Vnodepages         int32
+	Vtextpages         int32
+	Freemin            int32
+	Freetarg           int32
+	Inactarg           int32
+	Wiredmax           int32
+	Anonmin            int32
+	Vtextmin           int32
+	Vnodemin           int32
+	Anonminpct         int32
+	Vtextminpct        int32
+	Vnodeminpct        int32
+	Nswapdev           int32
+	Swpages            int32
+	Swpginuse          int32
+	Swpgonly           int32
+	Nswget             int32
+	Nanon              int32
+	Unused05           int32
+	Unused06           int32
+	Faults             int32
+	Traps              int32
+	Intrs              int32
+	Swtch              int32
+	Softs              int32
+	Syscalls           int32
+	Pageins            int32
+	Unused07           int32
+	Unused08           int32
+	Pgswapin           int32
+	Pgswapout          int32
+	Forks              int32
+	Forks_ppwait       int32
+	Forks_sharevm      int32
+	Pga_zerohit        int32
+	Pga_zeromiss       int32
+	Unused09           int32
+	Fltnoram           int32
+	Fltnoanon          int32
+	Fltnoamap          int32
+	Fltpgwait          int32
+	Fltpgrele          int32
+	Fltrelck           int32
+	Fltrelckok         int32
+	Fltanget           int32
+	Fltanretry         int32
+	Fltamcopy          int32
+	Fltnamap           int32
+	Fltnomap           int32
+	Fltlget            int32
+	Fltget             int32
+	Flt_anon           int32
+	Flt_acow           int32
+	Flt_obj            int32
+	Flt_prcopy         int32
+	Flt_przero         int32
+	Pdwoke             int32
+	Pdrevs             int32
+	Pdswout            int32
+	Pdfreed            int32
+	Pdscans            int32
+	Pdanscan           int32
+	Pdobscan           int32
+	Pdreact            int32
+	Pdbusy             int32
+	Pdpageouts         int32
+	Pdpending          int32
+	Pddeact            int32
+	Unused11           int32
+	Unused12           int32
+	Unused13           int32
+	Fpswtch            int32
+	Kmapent            int32
+}
+
+const SizeofClockinfo = 0x14
+
+type Clockinfo struct {
+	Hz      int32
+	Tick    int32
+	Tickadj int32
+	Stathz  int32
+	Profhz  int32
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_openbsd_mips64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_openbsd_mips64.go
new file mode 100644
index 000000000..992a1f8c0
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_openbsd_mips64.go
@@ -0,0 +1,565 @@
+// cgo -godefs -- -fsigned-char types_openbsd.go | go run mkpost.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build mips64,openbsd
+
+package unix
+
+const (
+	SizeofPtr      = 0x8
+	SizeofShort    = 0x2
+	SizeofInt      = 0x4
+	SizeofLong     = 0x8
+	SizeofLongLong = 0x8
+)
+
+type (
+	_C_short     int16
+	_C_int       int32
+	_C_long      int64
+	_C_long_long int64
+)
+
+type Timespec struct {
+	Sec  int64
+	Nsec int64
+}
+
+type Timeval struct {
+	Sec  int64
+	Usec int64
+}
+
+type Rusage struct {
+	Utime    Timeval
+	Stime    Timeval
+	Maxrss   int64
+	Ixrss    int64
+	Idrss    int64
+	Isrss    int64
+	Minflt   int64
+	Majflt   int64
+	Nswap    int64
+	Inblock  int64
+	Oublock  int64
+	Msgsnd   int64
+	Msgrcv   int64
+	Nsignals int64
+	Nvcsw    int64
+	Nivcsw   int64
+}
+
+type Rlimit struct {
+	Cur uint64
+	Max uint64
+}
+
+type _Gid_t uint32
+
+type Stat_t struct {
+	Mode    uint32
+	Dev     int32
+	Ino     uint64
+	Nlink   uint32
+	Uid     uint32
+	Gid     uint32
+	Rdev    int32
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	Size    int64
+	Blocks  int64
+	Blksize int32
+	Flags   uint32
+	Gen     uint32
+	_       Timespec
+}
+
+type Statfs_t struct {
+	F_flags       uint32
+	F_bsize       uint32
+	F_iosize      uint32
+	F_blocks      uint64
+	F_bfree       uint64
+	F_bavail      int64
+	F_files       uint64
+	F_ffree       uint64
+	F_favail      int64
+	F_syncwrites  uint64
+	F_syncreads   uint64
+	F_asyncwrites uint64
+	F_asyncreads  uint64
+	F_fsid        Fsid
+	F_namemax     uint32
+	F_owner       uint32
+	F_ctime       uint64
+	F_fstypename  [16]int8
+	F_mntonname   [90]int8
+	F_mntfromname [90]int8
+	F_mntfromspec [90]int8
+	_             [2]byte
+	Mount_info    [160]byte
+}
+
+type Flock_t struct {
+	Start  int64
+	Len    int64
+	Pid    int32
+	Type   int16
+	Whence int16
+}
+
+type Dirent struct {
+	Fileno uint64
+	Off    int64
+	Reclen uint16
+	Type   uint8
+	Namlen uint8
+	_      [4]uint8
+	Name   [256]int8
+}
+
+type Fsid struct {
+	Val [2]int32
+}
+
+const (
+	PathMax = 0x400
+)
+
+type RawSockaddrInet4 struct {
+	Len    uint8
+	Family uint8
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]int8
+}
+
+type RawSockaddrInet6 struct {
+	Len      uint8
+	Family   uint8
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+type RawSockaddrUnix struct {
+	Len    uint8
+	Family uint8
+	Path   [104]int8
+}
+
+type RawSockaddrDatalink struct {
+	Len    uint8
+	Family uint8
+	Index  uint16
+	Type   uint8
+	Nlen   uint8
+	Alen   uint8
+	Slen   uint8
+	Data   [24]int8
+}
+
+type RawSockaddr struct {
+	Len    uint8
+	Family uint8
+	Data   [14]int8
+}
+
+type RawSockaddrAny struct {
+	Addr RawSockaddr
+	Pad  [92]int8
+}
+
+type _Socklen uint32
+
+type Linger struct {
+	Onoff  int32
+	Linger int32
+}
+
+type Iovec struct {
+	Base *byte
+	Len  uint64
+}
+
+type IPMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
+
+type IPv6Mreq struct {
+	Multiaddr [16]byte /* in6_addr */
+	Interface uint32
+}
+
+type Msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Iov        *Iovec
+	Iovlen     uint32
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type Cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type Inet6Pktinfo struct {
+	Addr    [16]byte /* in6_addr */
+	Ifindex uint32
+}
+
+type IPv6MTUInfo struct {
+	Addr RawSockaddrInet6
+	Mtu  uint32
+}
+
+type ICMPv6Filter struct {
+	Filt [8]uint32
+}
+
+const (
+	SizeofSockaddrInet4    = 0x10
+	SizeofSockaddrInet6    = 0x1c
+	SizeofSockaddrAny      = 0x6c
+	SizeofSockaddrUnix     = 0x6a
+	SizeofSockaddrDatalink = 0x20
+	SizeofLinger           = 0x8
+	SizeofIPMreq           = 0x8
+	SizeofIPv6Mreq         = 0x14
+	SizeofMsghdr           = 0x30
+	SizeofCmsghdr          = 0xc
+	SizeofInet6Pktinfo     = 0x14
+	SizeofIPv6MTUInfo      = 0x20
+	SizeofICMPv6Filter     = 0x20
+)
+
+const (
+	PTRACE_TRACEME = 0x0
+	PTRACE_CONT    = 0x7
+	PTRACE_KILL    = 0x8
+)
+
+type Kevent_t struct {
+	Ident  uint64
+	Filter int16
+	Flags  uint16
+	Fflags uint32
+	Data   int64
+	Udata  *byte
+}
+
+type FdSet struct {
+	Bits [32]uint32
+}
+
+const (
+	SizeofIfMsghdr         = 0xa8
+	SizeofIfData           = 0x90
+	SizeofIfaMsghdr        = 0x18
+	SizeofIfAnnounceMsghdr = 0x1a
+	SizeofRtMsghdr         = 0x60
+	SizeofRtMetrics        = 0x38
+)
+
+type IfMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Hdrlen  uint16
+	Index   uint16
+	Tableid uint16
+	Pad1    uint8
+	Pad2    uint8
+	Addrs   int32
+	Flags   int32
+	Xflags  int32
+	Data    IfData
+}
+
+type IfData struct {
+	Type         uint8
+	Addrlen      uint8
+	Hdrlen       uint8
+	Link_state   uint8
+	Mtu          uint32
+	Metric       uint32
+	Rdomain      uint32
+	Baudrate     uint64
+	Ipackets     uint64
+	Ierrors      uint64
+	Opackets     uint64
+	Oerrors      uint64
+	Collisions   uint64
+	Ibytes       uint64
+	Obytes       uint64
+	Imcasts      uint64
+	Omcasts      uint64
+	Iqdrops      uint64
+	Oqdrops      uint64
+	Noproto      uint64
+	Capabilities uint32
+	Lastchange   Timeval
+}
+
+type IfaMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Hdrlen  uint16
+	Index   uint16
+	Tableid uint16
+	Pad1    uint8
+	Pad2    uint8
+	Addrs   int32
+	Flags   int32
+	Metric  int32
+}
+
+type IfAnnounceMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Hdrlen  uint16
+	Index   uint16
+	What    uint16
+	Name    [16]int8
+}
+
+type RtMsghdr struct {
+	Msglen   uint16
+	Version  uint8
+	Type     uint8
+	Hdrlen   uint16
+	Index    uint16
+	Tableid  uint16
+	Priority uint8
+	Mpls     uint8
+	Addrs    int32
+	Flags    int32
+	Fmask    int32
+	Pid      int32
+	Seq      int32
+	Errno    int32
+	Inits    uint32
+	Rmx      RtMetrics
+}
+
+type RtMetrics struct {
+	Pksent   uint64
+	Expire   int64
+	Locks    uint32
+	Mtu      uint32
+	Refcnt   uint32
+	Hopcount uint32
+	Recvpipe uint32
+	Sendpipe uint32
+	Ssthresh uint32
+	Rtt      uint32
+	Rttvar   uint32
+	Pad      uint32
+}
+
+type Mclpool struct{}
+
+const (
+	SizeofBpfVersion = 0x4
+	SizeofBpfStat    = 0x8
+	SizeofBpfProgram = 0x10
+	SizeofBpfInsn    = 0x8
+	SizeofBpfHdr     = 0x14
+)
+
+type BpfVersion struct {
+	Major uint16
+	Minor uint16
+}
+
+type BpfStat struct {
+	Recv uint32
+	Drop uint32
+}
+
+type BpfProgram struct {
+	Len   uint32
+	Insns *BpfInsn
+}
+
+type BpfInsn struct {
+	Code uint16
+	Jt   uint8
+	Jf   uint8
+	K    uint32
+}
+
+type BpfHdr struct {
+	Tstamp  BpfTimeval
+	Caplen  uint32
+	Datalen uint32
+	Hdrlen  uint16
+	_       [2]byte
+}
+
+type BpfTimeval struct {
+	Sec  uint32
+	Usec uint32
+}
+
+type Termios struct {
+	Iflag  uint32
+	Oflag  uint32
+	Cflag  uint32
+	Lflag  uint32
+	Cc     [20]uint8
+	Ispeed int32
+	Ospeed int32
+}
+
+type Winsize struct {
+	Row    uint16
+	Col    uint16
+	Xpixel uint16
+	Ypixel uint16
+}
+
+const (
+	AT_FDCWD            = -0x64
+	AT_SYMLINK_FOLLOW   = 0x4
+	AT_SYMLINK_NOFOLLOW = 0x2
+)
+
+type PollFd struct {
+	Fd      int32
+	Events  int16
+	Revents int16
+}
+
+const (
+	POLLERR    = 0x8
+	POLLHUP    = 0x10
+	POLLIN     = 0x1
+	POLLNVAL   = 0x20
+	POLLOUT    = 0x4
+	POLLPRI    = 0x2
+	POLLRDBAND = 0x80
+	POLLRDNORM = 0x40
+	POLLWRBAND = 0x100
+	POLLWRNORM = 0x4
+)
+
+type Sigset_t uint32
+
+type Utsname struct {
+	Sysname  [256]byte
+	Nodename [256]byte
+	Release  [256]byte
+	Version  [256]byte
+	Machine  [256]byte
+}
+
+const SizeofUvmexp = 0x158
+
+type Uvmexp struct {
+	Pagesize           int32
+	Pagemask           int32
+	Pageshift          int32
+	Npages             int32
+	Free               int32
+	Active             int32
+	Inactive           int32
+	Paging             int32
+	Wired              int32
+	Zeropages          int32
+	Reserve_pagedaemon int32
+	Reserve_kernel     int32
+	Unused01           int32
+	Vnodepages         int32
+	Vtextpages         int32
+	Freemin            int32
+	Freetarg           int32
+	Inactarg           int32
+	Wiredmax           int32
+	Anonmin            int32
+	Vtextmin           int32
+	Vnodemin           int32
+	Anonminpct         int32
+	Vtextminpct        int32
+	Vnodeminpct        int32
+	Nswapdev           int32
+	Swpages            int32
+	Swpginuse          int32
+	Swpgonly           int32
+	Nswget             int32
+	Nanon              int32
+	Unused05           int32
+	Unused06           int32
+	Faults             int32
+	Traps              int32
+	Intrs              int32
+	Swtch              int32
+	Softs              int32
+	Syscalls           int32
+	Pageins            int32
+	Unused07           int32
+	Unused08           int32
+	Pgswapin           int32
+	Pgswapout          int32
+	Forks              int32
+	Forks_ppwait       int32
+	Forks_sharevm      int32
+	Pga_zerohit        int32
+	Pga_zeromiss       int32
+	Unused09           int32
+	Fltnoram           int32
+	Fltnoanon          int32
+	Fltnoamap          int32
+	Fltpgwait          int32
+	Fltpgrele          int32
+	Fltrelck           int32
+	Fltrelckok         int32
+	Fltanget           int32
+	Fltanretry         int32
+	Fltamcopy          int32
+	Fltnamap           int32
+	Fltnomap           int32
+	Fltlget            int32
+	Fltget             int32
+	Flt_anon           int32
+	Flt_acow           int32
+	Flt_obj            int32
+	Flt_prcopy         int32
+	Flt_przero         int32
+	Pdwoke             int32
+	Pdrevs             int32
+	Pdswout            int32
+	Pdfreed            int32
+	Pdscans            int32
+	Pdanscan           int32
+	Pdobscan           int32
+	Pdreact            int32
+	Pdbusy             int32
+	Pdpageouts         int32
+	Pdpending          int32
+	Pddeact            int32
+	Unused11           int32
+	Unused12           int32
+	Unused13           int32
+	Fpswtch            int32
+	Kmapent            int32
+}
+
+const SizeofClockinfo = 0x14
+
+type Clockinfo struct {
+	Hz      int32
+	Tick    int32
+	Tickadj int32
+	Stathz  int32
+	Profhz  int32
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go
new file mode 100644
index 000000000..23ed9fe51
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go
@@ -0,0 +1,449 @@
+// cgo -godefs types_solaris.go | go run mkpost.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build amd64,solaris
+
+package unix
+
+const (
+	SizeofPtr      = 0x8
+	SizeofShort    = 0x2
+	SizeofInt      = 0x4
+	SizeofLong     = 0x8
+	SizeofLongLong = 0x8
+	PathMax        = 0x400
+	MaxHostNameLen = 0x100
+)
+
+type (
+	_C_short     int16
+	_C_int       int32
+	_C_long      int64
+	_C_long_long int64
+)
+
+type Timespec struct {
+	Sec  int64
+	Nsec int64
+}
+
+type Timeval struct {
+	Sec  int64
+	Usec int64
+}
+
+type Timeval32 struct {
+	Sec  int32
+	Usec int32
+}
+
+type Tms struct {
+	Utime  int64
+	Stime  int64
+	Cutime int64
+	Cstime int64
+}
+
+type Utimbuf struct {
+	Actime  int64
+	Modtime int64
+}
+
+type Rusage struct {
+	Utime    Timeval
+	Stime    Timeval
+	Maxrss   int64
+	Ixrss    int64
+	Idrss    int64
+	Isrss    int64
+	Minflt   int64
+	Majflt   int64
+	Nswap    int64
+	Inblock  int64
+	Oublock  int64
+	Msgsnd   int64
+	Msgrcv   int64
+	Nsignals int64
+	Nvcsw    int64
+	Nivcsw   int64
+}
+
+type Rlimit struct {
+	Cur uint64
+	Max uint64
+}
+
+type _Gid_t uint32
+
+type Stat_t struct {
+	Dev     uint64
+	Ino     uint64
+	Mode    uint32
+	Nlink   uint32
+	Uid     uint32
+	Gid     uint32
+	Rdev    uint64
+	Size    int64
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	Blksize int32
+	_       [4]byte
+	Blocks  int64
+	Fstype  [16]int8
+}
+
+type Flock_t struct {
+	Type   int16
+	Whence int16
+	_      [4]byte
+	Start  int64
+	Len    int64
+	Sysid  int32
+	Pid    int32
+	Pad    [4]int64
+}
+
+type Dirent struct {
+	Ino    uint64
+	Off    int64
+	Reclen uint16
+	Name   [1]int8
+	_      [5]byte
+}
+
+type _Fsblkcnt_t uint64
+
+type Statvfs_t struct {
+	Bsize    uint64
+	Frsize   uint64
+	Blocks   uint64
+	Bfree    uint64
+	Bavail   uint64
+	Files    uint64
+	Ffree    uint64
+	Favail   uint64
+	Fsid     uint64
+	Basetype [16]int8
+	Flag     uint64
+	Namemax  uint64
+	Fstr     [32]int8
+}
+
+type RawSockaddrInet4 struct {
+	Family uint16
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]int8
+}
+
+type RawSockaddrInet6 struct {
+	Family         uint16
+	Port           uint16
+	Flowinfo       uint32
+	Addr           [16]byte /* in6_addr */
+	Scope_id       uint32
+	X__sin6_src_id uint32
+}
+
+type RawSockaddrUnix struct {
+	Family uint16
+	Path   [108]int8
+}
+
+type RawSockaddrDatalink struct {
+	Family uint16
+	Index  uint16
+	Type   uint8
+	Nlen   uint8
+	Alen   uint8
+	Slen   uint8
+	Data   [244]int8
+}
+
+type RawSockaddr struct {
+	Family uint16
+	Data   [14]int8
+}
+
+type RawSockaddrAny struct {
+	Addr RawSockaddr
+	Pad  [236]int8
+}
+
+type _Socklen uint32
+
+type Linger struct {
+	Onoff  int32
+	Linger int32
+}
+
+type Iovec struct {
+	Base *int8
+	Len  uint64
+}
+
+type IPMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
+
+type IPv6Mreq struct {
+	Multiaddr [16]byte /* in6_addr */
+	Interface uint32
+}
+
+type Msghdr struct {
+	Name         *byte
+	Namelen      uint32
+	_            [4]byte
+	Iov          *Iovec
+	Iovlen       int32
+	_            [4]byte
+	Accrights    *int8
+	Accrightslen int32
+	_            [4]byte
+}
+
+type Cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+type Inet4Pktinfo struct {
+	Ifindex  uint32
+	Spec_dst [4]byte /* in_addr */
+	Addr     [4]byte /* in_addr */
+}
+
+type Inet6Pktinfo struct {
+	Addr    [16]byte /* in6_addr */
+	Ifindex uint32
+}
+
+type IPv6MTUInfo struct {
+	Addr RawSockaddrInet6
+	Mtu  uint32
+}
+
+type ICMPv6Filter struct {
+	X__icmp6_filt [8]uint32
+}
+
+const (
+	SizeofSockaddrInet4    = 0x10
+	SizeofSockaddrInet6    = 0x20
+	SizeofSockaddrAny      = 0xfc
+	SizeofSockaddrUnix     = 0x6e
+	SizeofSockaddrDatalink = 0xfc
+	SizeofLinger           = 0x8
+	SizeofIPMreq           = 0x8
+	SizeofIPv6Mreq         = 0x14
+	SizeofMsghdr           = 0x30
+	SizeofCmsghdr          = 0xc
+	SizeofInet4Pktinfo     = 0xc
+	SizeofInet6Pktinfo     = 0x14
+	SizeofIPv6MTUInfo      = 0x24
+	SizeofICMPv6Filter     = 0x20
+)
+
+type FdSet struct {
+	Bits [1024]int64
+}
+
+type Utsname struct {
+	Sysname  [257]byte
+	Nodename [257]byte
+	Release  [257]byte
+	Version  [257]byte
+	Machine  [257]byte
+}
+
+type Ustat_t struct {
+	Tfree  int64
+	Tinode uint64
+	Fname  [6]int8
+	Fpack  [6]int8
+	_      [4]byte
+}
+
+const (
+	AT_FDCWD            = 0xffd19553
+	AT_SYMLINK_NOFOLLOW = 0x1000
+	AT_SYMLINK_FOLLOW   = 0x2000
+	AT_REMOVEDIR        = 0x1
+	AT_EACCESS          = 0x4
+)
+
+const (
+	SizeofIfMsghdr  = 0x54
+	SizeofIfData    = 0x44
+	SizeofIfaMsghdr = 0x14
+	SizeofRtMsghdr  = 0x4c
+	SizeofRtMetrics = 0x28
+)
+
+type IfMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Addrs   int32
+	Flags   int32
+	Index   uint16
+	_       [2]byte
+	Data    IfData
+}
+
+type IfData struct {
+	Type       uint8
+	Addrlen    uint8
+	Hdrlen     uint8
+	_          [1]byte
+	Mtu        uint32
+	Metric     uint32
+	Baudrate   uint32
+	Ipackets   uint32
+	Ierrors    uint32
+	Opackets   uint32
+	Oerrors    uint32
+	Collisions uint32
+	Ibytes     uint32
+	Obytes     uint32
+	Imcasts    uint32
+	Omcasts    uint32
+	Iqdrops    uint32
+	Noproto    uint32
+	Lastchange Timeval32
+}
+
+type IfaMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Addrs   int32
+	Flags   int32
+	Index   uint16
+	_       [2]byte
+	Metric  int32
+}
+
+type RtMsghdr struct {
+	Msglen  uint16
+	Version uint8
+	Type    uint8
+	Index   uint16
+	_       [2]byte
+	Flags   int32
+	Addrs   int32
+	Pid     int32
+	Seq     int32
+	Errno   int32
+	Use     int32
+	Inits   uint32
+	Rmx     RtMetrics
+}
+
+type RtMetrics struct {
+	Locks    uint32
+	Mtu      uint32
+	Hopcount uint32
+	Expire   uint32
+	Recvpipe uint32
+	Sendpipe uint32
+	Ssthresh uint32
+	Rtt      uint32
+	Rttvar   uint32
+	Pksent   uint32
+}
+
+const (
+	SizeofBpfVersion = 0x4
+	SizeofBpfStat    = 0x80
+	SizeofBpfProgram = 0x10
+	SizeofBpfInsn    = 0x8
+	SizeofBpfHdr     = 0x14
+)
+
+type BpfVersion struct {
+	Major uint16
+	Minor uint16
+}
+
+type BpfStat struct {
+	Recv    uint64
+	Drop    uint64
+	Capt    uint64
+	Padding [13]uint64
+}
+
+type BpfProgram struct {
+	Len   uint32
+	_     [4]byte
+	Insns *BpfInsn
+}
+
+type BpfInsn struct {
+	Code uint16
+	Jt   uint8
+	Jf   uint8
+	K    uint32
+}
+
+type BpfTimeval struct {
+	Sec  int32
+	Usec int32
+}
+
+type BpfHdr struct {
+	Tstamp  BpfTimeval
+	Caplen  uint32
+	Datalen uint32
+	Hdrlen  uint16
+	_       [2]byte
+}
+
+type Termios struct {
+	Iflag uint32
+	Oflag uint32
+	Cflag uint32
+	Lflag uint32
+	Cc    [19]uint8
+	_     [1]byte
+}
+
+type Termio struct {
+	Iflag uint16
+	Oflag uint16
+	Cflag uint16
+	Lflag uint16
+	Line  int8
+	Cc    [8]uint8
+	_     [1]byte
+}
+
+type Winsize struct {
+	Row    uint16
+	Col    uint16
+	Xpixel uint16
+	Ypixel uint16
+}
+
+type PollFd struct {
+	Fd      int32
+	Events  int16
+	Revents int16
+}
+
+const (
+	POLLERR    = 0x8
+	POLLHUP    = 0x10
+	POLLIN     = 0x1
+	POLLNVAL   = 0x20
+	POLLOUT    = 0x4
+	POLLPRI    = 0x2
+	POLLRDBAND = 0x80
+	POLLRDNORM = 0x40
+	POLLWRBAND = 0x100
+	POLLWRNORM = 0x4
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/aliases.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/aliases.go
new file mode 100644
index 000000000..af3af60db
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/aliases.go
@@ -0,0 +1,13 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build windows
+// +build go1.9
+
+package windows
+
+import "syscall"
+
+type Errno = syscall.Errno
+type SysProcAttr = syscall.SysProcAttr
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/dll_windows.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/dll_windows.go
new file mode 100644
index 000000000..82076fb74
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/dll_windows.go
@@ -0,0 +1,415 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package windows
+
+import (
+	"sync"
+	"sync/atomic"
+	"syscall"
+	"unsafe"
+)
+
+// We need to use LoadLibrary and GetProcAddress from the Go runtime, because
+// the these symbols are loaded by the system linker and are required to
+// dynamically load additional symbols. Note that in the Go runtime, these
+// return syscall.Handle and syscall.Errno, but these are the same, in fact,
+// as windows.Handle and windows.Errno, and we intend to keep these the same.
+
+//go:linkname syscall_loadlibrary syscall.loadlibrary
+func syscall_loadlibrary(filename *uint16) (handle Handle, err Errno)
+
+//go:linkname syscall_getprocaddress syscall.getprocaddress
+func syscall_getprocaddress(handle Handle, procname *uint8) (proc uintptr, err Errno)
+
+// DLLError describes reasons for DLL load failures.
+type DLLError struct {
+	Err     error
+	ObjName string
+	Msg     string
+}
+
+func (e *DLLError) Error() string { return e.Msg }
+
+// A DLL implements access to a single DLL.
+type DLL struct {
+	Name   string
+	Handle Handle
+}
+
+// LoadDLL loads DLL file into memory.
+//
+// Warning: using LoadDLL without an absolute path name is subject to
+// DLL preloading attacks. To safely load a system DLL, use LazyDLL
+// with System set to true, or use LoadLibraryEx directly.
+func LoadDLL(name string) (dll *DLL, err error) {
+	namep, err := UTF16PtrFromString(name)
+	if err != nil {
+		return nil, err
+	}
+	h, e := syscall_loadlibrary(namep)
+	if e != 0 {
+		return nil, &DLLError{
+			Err:     e,
+			ObjName: name,
+			Msg:     "Failed to load " + name + ": " + e.Error(),
+		}
+	}
+	d := &DLL{
+		Name:   name,
+		Handle: h,
+	}
+	return d, nil
+}
+
+// MustLoadDLL is like LoadDLL but panics if load operation failes.
+func MustLoadDLL(name string) *DLL {
+	d, e := LoadDLL(name)
+	if e != nil {
+		panic(e)
+	}
+	return d
+}
+
+// FindProc searches DLL d for procedure named name and returns *Proc
+// if found. It returns an error if search fails.
+func (d *DLL) FindProc(name string) (proc *Proc, err error) {
+	namep, err := BytePtrFromString(name)
+	if err != nil {
+		return nil, err
+	}
+	a, e := syscall_getprocaddress(d.Handle, namep)
+	if e != 0 {
+		return nil, &DLLError{
+			Err:     e,
+			ObjName: name,
+			Msg:     "Failed to find " + name + " procedure in " + d.Name + ": " + e.Error(),
+		}
+	}
+	p := &Proc{
+		Dll:  d,
+		Name: name,
+		addr: a,
+	}
+	return p, nil
+}
+
+// MustFindProc is like FindProc but panics if search fails.
+func (d *DLL) MustFindProc(name string) *Proc {
+	p, e := d.FindProc(name)
+	if e != nil {
+		panic(e)
+	}
+	return p
+}
+
+// FindProcByOrdinal searches DLL d for procedure by ordinal and returns *Proc
+// if found. It returns an error if search fails.
+func (d *DLL) FindProcByOrdinal(ordinal uintptr) (proc *Proc, err error) {
+	a, e := GetProcAddressByOrdinal(d.Handle, ordinal)
+	name := "#" + itoa(int(ordinal))
+	if e != nil {
+		return nil, &DLLError{
+			Err:     e,
+			ObjName: name,
+			Msg:     "Failed to find " + name + " procedure in " + d.Name + ": " + e.Error(),
+		}
+	}
+	p := &Proc{
+		Dll:  d,
+		Name: name,
+		addr: a,
+	}
+	return p, nil
+}
+
+// MustFindProcByOrdinal is like FindProcByOrdinal but panics if search fails.
+func (d *DLL) MustFindProcByOrdinal(ordinal uintptr) *Proc {
+	p, e := d.FindProcByOrdinal(ordinal)
+	if e != nil {
+		panic(e)
+	}
+	return p
+}
+
+// Release unloads DLL d from memory.
+func (d *DLL) Release() (err error) {
+	return FreeLibrary(d.Handle)
+}
+
+// A Proc implements access to a procedure inside a DLL.
+type Proc struct {
+	Dll  *DLL
+	Name string
+	addr uintptr
+}
+
+// Addr returns the address of the procedure represented by p.
+// The return value can be passed to Syscall to run the procedure.
+func (p *Proc) Addr() uintptr {
+	return p.addr
+}
+
+//go:uintptrescapes
+
+// Call executes procedure p with arguments a. It will panic, if more than 15 arguments
+// are supplied.
+//
+// The returned error is always non-nil, constructed from the result of GetLastError.
+// Callers must inspect the primary return value to decide whether an error occurred
+// (according to the semantics of the specific function being called) before consulting
+// the error. The error will be guaranteed to contain windows.Errno.
+func (p *Proc) Call(a ...uintptr) (r1, r2 uintptr, lastErr error) {
+	switch len(a) {
+	case 0:
+		return syscall.Syscall(p.Addr(), uintptr(len(a)), 0, 0, 0)
+	case 1:
+		return syscall.Syscall(p.Addr(), uintptr(len(a)), a[0], 0, 0)
+	case 2:
+		return syscall.Syscall(p.Addr(), uintptr(len(a)), a[0], a[1], 0)
+	case 3:
+		return syscall.Syscall(p.Addr(), uintptr(len(a)), a[0], a[1], a[2])
+	case 4:
+		return syscall.Syscall6(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], 0, 0)
+	case 5:
+		return syscall.Syscall6(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], 0)
+	case 6:
+		return syscall.Syscall6(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], a[5])
+	case 7:
+		return syscall.Syscall9(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], a[5], a[6], 0, 0)
+	case 8:
+		return syscall.Syscall9(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], 0)
+	case 9:
+		return syscall.Syscall9(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], a[8])
+	case 10:
+		return syscall.Syscall12(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], a[8], a[9], 0, 0)
+	case 11:
+		return syscall.Syscall12(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], a[8], a[9], a[10], 0)
+	case 12:
+		return syscall.Syscall12(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], a[8], a[9], a[10], a[11])
+	case 13:
+		return syscall.Syscall15(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], a[8], a[9], a[10], a[11], a[12], 0, 0)
+	case 14:
+		return syscall.Syscall15(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], a[8], a[9], a[10], a[11], a[12], a[13], 0)
+	case 15:
+		return syscall.Syscall15(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], a[8], a[9], a[10], a[11], a[12], a[13], a[14])
+	default:
+		panic("Call " + p.Name + " with too many arguments " + itoa(len(a)) + ".")
+	}
+}
+
+// A LazyDLL implements access to a single DLL.
+// It will delay the load of the DLL until the first
+// call to its Handle method or to one of its
+// LazyProc's Addr method.
+type LazyDLL struct {
+	Name string
+
+	// System determines whether the DLL must be loaded from the
+	// Windows System directory, bypassing the normal DLL search
+	// path.
+	System bool
+
+	mu  sync.Mutex
+	dll *DLL // non nil once DLL is loaded
+}
+
+// Load loads DLL file d.Name into memory. It returns an error if fails.
+// Load will not try to load DLL, if it is already loaded into memory.
+func (d *LazyDLL) Load() error {
+	// Non-racy version of:
+	// if d.dll != nil {
+	if atomic.LoadPointer((*unsafe.Pointer)(unsafe.Pointer(&d.dll))) != nil {
+		return nil
+	}
+	d.mu.Lock()
+	defer d.mu.Unlock()
+	if d.dll != nil {
+		return nil
+	}
+
+	// kernel32.dll is special, since it's where LoadLibraryEx comes from.
+	// The kernel already special-cases its name, so it's always
+	// loaded from system32.
+	var dll *DLL
+	var err error
+	if d.Name == "kernel32.dll" {
+		dll, err = LoadDLL(d.Name)
+	} else {
+		dll, err = loadLibraryEx(d.Name, d.System)
+	}
+	if err != nil {
+		return err
+	}
+
+	// Non-racy version of:
+	// d.dll = dll
+	atomic.StorePointer((*unsafe.Pointer)(unsafe.Pointer(&d.dll)), unsafe.Pointer(dll))
+	return nil
+}
+
+// mustLoad is like Load but panics if search fails.
+func (d *LazyDLL) mustLoad() {
+	e := d.Load()
+	if e != nil {
+		panic(e)
+	}
+}
+
+// Handle returns d's module handle.
+func (d *LazyDLL) Handle() uintptr {
+	d.mustLoad()
+	return uintptr(d.dll.Handle)
+}
+
+// NewProc returns a LazyProc for accessing the named procedure in the DLL d.
+func (d *LazyDLL) NewProc(name string) *LazyProc {
+	return &LazyProc{l: d, Name: name}
+}
+
+// NewLazyDLL creates new LazyDLL associated with DLL file.
+func NewLazyDLL(name string) *LazyDLL {
+	return &LazyDLL{Name: name}
+}
+
+// NewLazySystemDLL is like NewLazyDLL, but will only
+// search Windows System directory for the DLL if name is
+// a base name (like "advapi32.dll").
+func NewLazySystemDLL(name string) *LazyDLL {
+	return &LazyDLL{Name: name, System: true}
+}
+
+// A LazyProc implements access to a procedure inside a LazyDLL.
+// It delays the lookup until the Addr method is called.
+type LazyProc struct {
+	Name string
+
+	mu   sync.Mutex
+	l    *LazyDLL
+	proc *Proc
+}
+
+// Find searches DLL for procedure named p.Name. It returns
+// an error if search fails. Find will not search procedure,
+// if it is already found and loaded into memory.
+func (p *LazyProc) Find() error {
+	// Non-racy version of:
+	// if p.proc == nil {
+	if atomic.LoadPointer((*unsafe.Pointer)(unsafe.Pointer(&p.proc))) == nil {
+		p.mu.Lock()
+		defer p.mu.Unlock()
+		if p.proc == nil {
+			e := p.l.Load()
+			if e != nil {
+				return e
+			}
+			proc, e := p.l.dll.FindProc(p.Name)
+			if e != nil {
+				return e
+			}
+			// Non-racy version of:
+			// p.proc = proc
+			atomic.StorePointer((*unsafe.Pointer)(unsafe.Pointer(&p.proc)), unsafe.Pointer(proc))
+		}
+	}
+	return nil
+}
+
+// mustFind is like Find but panics if search fails.
+func (p *LazyProc) mustFind() {
+	e := p.Find()
+	if e != nil {
+		panic(e)
+	}
+}
+
+// Addr returns the address of the procedure represented by p.
+// The return value can be passed to Syscall to run the procedure.
+// It will panic if the procedure cannot be found.
+func (p *LazyProc) Addr() uintptr {
+	p.mustFind()
+	return p.proc.Addr()
+}
+
+//go:uintptrescapes
+
+// Call executes procedure p with arguments a. It will panic, if more than 15 arguments
+// are supplied. It will also panic if the procedure cannot be found.
+//
+// The returned error is always non-nil, constructed from the result of GetLastError.
+// Callers must inspect the primary return value to decide whether an error occurred
+// (according to the semantics of the specific function being called) before consulting
+// the error. The error will be guaranteed to contain windows.Errno.
+func (p *LazyProc) Call(a ...uintptr) (r1, r2 uintptr, lastErr error) {
+	p.mustFind()
+	return p.proc.Call(a...)
+}
+
+var canDoSearchSystem32Once struct {
+	sync.Once
+	v bool
+}
+
+func initCanDoSearchSystem32() {
+	// https://msdn.microsoft.com/en-us/library/ms684179(v=vs.85).aspx says:
+	// "Windows 7, Windows Server 2008 R2, Windows Vista, and Windows
+	// Server 2008: The LOAD_LIBRARY_SEARCH_* flags are available on
+	// systems that have KB2533623 installed. To determine whether the
+	// flags are available, use GetProcAddress to get the address of the
+	// AddDllDirectory, RemoveDllDirectory, or SetDefaultDllDirectories
+	// function. If GetProcAddress succeeds, the LOAD_LIBRARY_SEARCH_*
+	// flags can be used with LoadLibraryEx."
+	canDoSearchSystem32Once.v = (modkernel32.NewProc("AddDllDirectory").Find() == nil)
+}
+
+func canDoSearchSystem32() bool {
+	canDoSearchSystem32Once.Do(initCanDoSearchSystem32)
+	return canDoSearchSystem32Once.v
+}
+
+func isBaseName(name string) bool {
+	for _, c := range name {
+		if c == ':' || c == '/' || c == '\\' {
+			return false
+		}
+	}
+	return true
+}
+
+// loadLibraryEx wraps the Windows LoadLibraryEx function.
+//
+// See https://msdn.microsoft.com/en-us/library/windows/desktop/ms684179(v=vs.85).aspx
+//
+// If name is not an absolute path, LoadLibraryEx searches for the DLL
+// in a variety of automatic locations unless constrained by flags.
+// See: https://msdn.microsoft.com/en-us/library/ff919712%28VS.85%29.aspx
+func loadLibraryEx(name string, system bool) (*DLL, error) {
+	loadDLL := name
+	var flags uintptr
+	if system {
+		if canDoSearchSystem32() {
+			const LOAD_LIBRARY_SEARCH_SYSTEM32 = 0x00000800
+			flags = LOAD_LIBRARY_SEARCH_SYSTEM32
+		} else if isBaseName(name) {
+			// WindowsXP or unpatched Windows machine
+			// trying to load "foo.dll" out of the system
+			// folder, but LoadLibraryEx doesn't support
+			// that yet on their system, so emulate it.
+			systemdir, err := GetSystemDirectory()
+			if err != nil {
+				return nil, err
+			}
+			loadDLL = systemdir + "\\" + name
+		}
+	}
+	h, err := LoadLibraryEx(loadDLL, 0, flags)
+	if err != nil {
+		return nil, err
+	}
+	return &DLL{Name: name, Handle: h}, nil
+}
+
+type errString string
+
+func (s errString) Error() string { return string(s) }
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/empty.s b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/empty.s
new file mode 100644
index 000000000..69309e4da
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/empty.s
@@ -0,0 +1,8 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !go1.12
+
+// This file is here to allow bodyless functions with go:linkname for Go 1.11
+// and earlier (see https://golang.org/issue/23311).
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/env_windows.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/env_windows.go
new file mode 100644
index 000000000..92ac05ff4
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/env_windows.go
@@ -0,0 +1,54 @@
+// Copyright 2010 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Windows environment variables.
+
+package windows
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+func Getenv(key string) (value string, found bool) {
+	return syscall.Getenv(key)
+}
+
+func Setenv(key, value string) error {
+	return syscall.Setenv(key, value)
+}
+
+func Clearenv() {
+	syscall.Clearenv()
+}
+
+func Environ() []string {
+	return syscall.Environ()
+}
+
+// Returns a default environment associated with the token, rather than the current
+// process. If inheritExisting is true, then this environment also inherits the
+// environment of the current process.
+func (token Token) Environ(inheritExisting bool) (env []string, err error) {
+	var block *uint16
+	err = CreateEnvironmentBlock(&block, token, inheritExisting)
+	if err != nil {
+		return nil, err
+	}
+	defer DestroyEnvironmentBlock(block)
+	blockp := uintptr(unsafe.Pointer(block))
+	for {
+		entry := UTF16PtrToString((*uint16)(unsafe.Pointer(blockp)))
+		if len(entry) == 0 {
+			break
+		}
+		env = append(env, entry)
+		blockp += 2 * (uintptr(len(entry)) + 1)
+	}
+	return env, nil
+}
+
+func Unsetenv(key string) error {
+	return syscall.Unsetenv(key)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/eventlog.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/eventlog.go
new file mode 100644
index 000000000..40af946e1
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/eventlog.go
@@ -0,0 +1,20 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build windows
+
+package windows
+
+const (
+	EVENTLOG_SUCCESS          = 0
+	EVENTLOG_ERROR_TYPE       = 1
+	EVENTLOG_WARNING_TYPE     = 2
+	EVENTLOG_INFORMATION_TYPE = 4
+	EVENTLOG_AUDIT_SUCCESS    = 8
+	EVENTLOG_AUDIT_FAILURE    = 16
+)
+
+//sys	RegisterEventSource(uncServerName *uint16, sourceName *uint16) (handle Handle, err error) [failretval==0] = advapi32.RegisterEventSourceW
+//sys	DeregisterEventSource(handle Handle) (err error) = advapi32.DeregisterEventSource
+//sys	ReportEvent(log Handle, etype uint16, category uint16, eventId uint32, usrSId uintptr, numStrings uint16, dataSize uint32, strings **uint16, rawData *byte) (err error) = advapi32.ReportEventW
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/exec_windows.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/exec_windows.go
new file mode 100644
index 000000000..3606c3a8b
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/exec_windows.go
@@ -0,0 +1,97 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Fork, exec, wait, etc.
+
+package windows
+
+// EscapeArg rewrites command line argument s as prescribed
+// in http://msdn.microsoft.com/en-us/library/ms880421.
+// This function returns "" (2 double quotes) if s is empty.
+// Alternatively, these transformations are done:
+// - every back slash (\) is doubled, but only if immediately
+//   followed by double quote (");
+// - every double quote (") is escaped by back slash (\);
+// - finally, s is wrapped with double quotes (arg -> "arg"),
+//   but only if there is space or tab inside s.
+func EscapeArg(s string) string {
+	if len(s) == 0 {
+		return "\"\""
+	}
+	n := len(s)
+	hasSpace := false
+	for i := 0; i < len(s); i++ {
+		switch s[i] {
+		case '"', '\\':
+			n++
+		case ' ', '\t':
+			hasSpace = true
+		}
+	}
+	if hasSpace {
+		n += 2
+	}
+	if n == len(s) {
+		return s
+	}
+
+	qs := make([]byte, n)
+	j := 0
+	if hasSpace {
+		qs[j] = '"'
+		j++
+	}
+	slashes := 0
+	for i := 0; i < len(s); i++ {
+		switch s[i] {
+		default:
+			slashes = 0
+			qs[j] = s[i]
+		case '\\':
+			slashes++
+			qs[j] = s[i]
+		case '"':
+			for ; slashes > 0; slashes-- {
+				qs[j] = '\\'
+				j++
+			}
+			qs[j] = '\\'
+			j++
+			qs[j] = s[i]
+		}
+		j++
+	}
+	if hasSpace {
+		for ; slashes > 0; slashes-- {
+			qs[j] = '\\'
+			j++
+		}
+		qs[j] = '"'
+		j++
+	}
+	return string(qs[:j])
+}
+
+func CloseOnExec(fd Handle) {
+	SetHandleInformation(Handle(fd), HANDLE_FLAG_INHERIT, 0)
+}
+
+// FullPath retrieves the full path of the specified file.
+func FullPath(name string) (path string, err error) {
+	p, err := UTF16PtrFromString(name)
+	if err != nil {
+		return "", err
+	}
+	n := uint32(100)
+	for {
+		buf := make([]uint16, n)
+		n, err = GetFullPathName(p, uint32(len(buf)), &buf[0], nil)
+		if err != nil {
+			return "", err
+		}
+		if n <= uint32(len(buf)) {
+			return UTF16ToString(buf[:n]), nil
+		}
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/memory_windows.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/memory_windows.go
new file mode 100644
index 000000000..e409d76f0
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/memory_windows.go
@@ -0,0 +1,31 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package windows
+
+const (
+	MEM_COMMIT      = 0x00001000
+	MEM_RESERVE     = 0x00002000
+	MEM_DECOMMIT    = 0x00004000
+	MEM_RELEASE     = 0x00008000
+	MEM_RESET       = 0x00080000
+	MEM_TOP_DOWN    = 0x00100000
+	MEM_WRITE_WATCH = 0x00200000
+	MEM_PHYSICAL    = 0x00400000
+	MEM_RESET_UNDO  = 0x01000000
+	MEM_LARGE_PAGES = 0x20000000
+
+	PAGE_NOACCESS          = 0x01
+	PAGE_READONLY          = 0x02
+	PAGE_READWRITE         = 0x04
+	PAGE_WRITECOPY         = 0x08
+	PAGE_EXECUTE_READ      = 0x20
+	PAGE_EXECUTE_READWRITE = 0x40
+	PAGE_EXECUTE_WRITECOPY = 0x80
+
+	QUOTA_LIMITS_HARDWS_MIN_DISABLE = 0x00000002
+	QUOTA_LIMITS_HARDWS_MIN_ENABLE  = 0x00000001
+	QUOTA_LIMITS_HARDWS_MAX_DISABLE = 0x00000008
+	QUOTA_LIMITS_HARDWS_MAX_ENABLE  = 0x00000004
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/mkerrors.bash b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/mkerrors.bash
new file mode 100644
index 000000000..2163843a1
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/mkerrors.bash
@@ -0,0 +1,63 @@
+#!/bin/bash
+
+# Copyright 2019 The Go Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style
+# license that can be found in the LICENSE file.
+
+set -e
+shopt -s nullglob
+
+winerror="$(printf '%s\n' "/mnt/c/Program Files (x86)/Windows Kits/"/*/Include/*/shared/winerror.h | sort -Vr | head -n 1)"
+[[ -n $winerror ]] || { echo "Unable to find winerror.h" >&2; exit 1; }
+
+declare -A errors
+
+{
+	echo "// Code generated by 'mkerrors.bash'; DO NOT EDIT."
+	echo
+	echo "package windows"
+	echo "import \"syscall\""
+	echo "const ("
+
+	while read -r line; do
+		unset vtype
+		if [[ $line =~ ^#define\ +([A-Z0-9_]+k?)\ +([A-Z0-9_]+\()?([A-Z][A-Z0-9_]+k?)\)? ]]; then
+			key="${BASH_REMATCH[1]}"
+			value="${BASH_REMATCH[3]}"
+		elif [[ $line =~ ^#define\ +([A-Z0-9_]+k?)\ +([A-Z0-9_]+\()?((0x)?[0-9A-Fa-f]+)L?\)? ]]; then
+			key="${BASH_REMATCH[1]}"
+			value="${BASH_REMATCH[3]}"
+			vtype="${BASH_REMATCH[2]}"
+		elif [[ $line =~ ^#define\ +([A-Z0-9_]+k?)\ +\(\(([A-Z]+)\)((0x)?[0-9A-Fa-f]+)L?\) ]]; then
+			key="${BASH_REMATCH[1]}"
+			value="${BASH_REMATCH[3]}"
+			vtype="${BASH_REMATCH[2]}"
+		else
+			continue
+		fi
+		[[ -n $key && -n $value ]] || continue
+		[[ -z ${errors["$key"]} ]] || continue
+		errors["$key"]="$value"
+		if [[ -v vtype ]]; then
+			if [[ $key == FACILITY_* || $key == NO_ERROR ]]; then
+				vtype=""
+			elif [[ $vtype == *HANDLE* || $vtype == *HRESULT* ]]; then
+				vtype="Handle"
+			else
+				vtype="syscall.Errno"
+			fi
+			last_vtype="$vtype"
+		else
+			vtype=""
+			if [[ $last_vtype == Handle && $value == NO_ERROR ]]; then
+				value="S_OK"
+			elif [[ $last_vtype == syscall.Errno && $value == NO_ERROR ]]; then
+				value="ERROR_SUCCESS"
+			fi
+		fi
+
+		echo "$key $vtype = $value"
+	done < "$winerror"
+
+	echo ")"
+} | gofmt > "zerrors_windows.go"
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/mkknownfolderids.bash b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/mkknownfolderids.bash
new file mode 100644
index 000000000..ab8924e93
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/mkknownfolderids.bash
@@ -0,0 +1,27 @@
+#!/bin/bash
+
+# Copyright 2019 The Go Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style
+# license that can be found in the LICENSE file.
+
+set -e
+shopt -s nullglob
+
+knownfolders="$(printf '%s\n' "/mnt/c/Program Files (x86)/Windows Kits/"/*/Include/*/um/KnownFolders.h | sort -Vr | head -n 1)"
+[[ -n $knownfolders ]] || { echo "Unable to find KnownFolders.h" >&2; exit 1; }
+
+{
+	echo "// Code generated by 'mkknownfolderids.bash'; DO NOT EDIT."
+	echo
+	echo "package windows"
+	echo "type KNOWNFOLDERID GUID"
+	echo "var ("
+	while read -r line; do
+		[[ $line =~ DEFINE_KNOWN_FOLDER\((FOLDERID_[^,]+),[\t\ ]*(0x[^,]+),[\t\ ]*(0x[^,]+),[\t\ ]*(0x[^,]+),[\t\ ]*(0x[^,]+),[\t\ ]*(0x[^,]+),[\t\ ]*(0x[^,]+),[\t\ ]*(0x[^,]+),[\t\ ]*(0x[^,]+),[\t\ ]*(0x[^,]+),[\t\ ]*(0x[^,]+),[\t\ ]*(0x[^,]+)\) ]] || continue
+		printf "%s = &KNOWNFOLDERID{0x%08x, 0x%04x, 0x%04x, [8]byte{0x%02x, 0x%02x, 0x%02x, 0x%02x, 0x%02x, 0x%02x, 0x%02x, 0x%02x}}\n" \
+			"${BASH_REMATCH[1]}" $(( "${BASH_REMATCH[2]}" )) $(( "${BASH_REMATCH[3]}" )) $(( "${BASH_REMATCH[4]}" )) \
+			$(( "${BASH_REMATCH[5]}" )) $(( "${BASH_REMATCH[6]}" )) $(( "${BASH_REMATCH[7]}" )) $(( "${BASH_REMATCH[8]}" )) \
+			$(( "${BASH_REMATCH[9]}" )) $(( "${BASH_REMATCH[10]}" )) $(( "${BASH_REMATCH[11]}" )) $(( "${BASH_REMATCH[12]}" ))
+	done < "$knownfolders"
+	echo ")"
+} | gofmt > "zknownfolderids_windows.go"
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/mksyscall.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/mksyscall.go
new file mode 100644
index 000000000..328e3b2ac
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/mksyscall.go
@@ -0,0 +1,9 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build generate
+
+package windows
+
+//go:generate go run golang.org/x/sys/windows/mkwinsyscall -output zsyscall_windows.go eventlog.go service.go syscall_windows.go security_windows.go
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/race.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/race.go
new file mode 100644
index 000000000..a74e3e24b
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/race.go
@@ -0,0 +1,30 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build windows,race
+
+package windows
+
+import (
+	"runtime"
+	"unsafe"
+)
+
+const raceenabled = true
+
+func raceAcquire(addr unsafe.Pointer) {
+	runtime.RaceAcquire(addr)
+}
+
+func raceReleaseMerge(addr unsafe.Pointer) {
+	runtime.RaceReleaseMerge(addr)
+}
+
+func raceReadRange(addr unsafe.Pointer, len int) {
+	runtime.RaceReadRange(addr, len)
+}
+
+func raceWriteRange(addr unsafe.Pointer, len int) {
+	runtime.RaceWriteRange(addr, len)
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/race0.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/race0.go
new file mode 100644
index 000000000..e44a3cbf6
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/race0.go
@@ -0,0 +1,25 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build windows,!race
+
+package windows
+
+import (
+	"unsafe"
+)
+
+const raceenabled = false
+
+func raceAcquire(addr unsafe.Pointer) {
+}
+
+func raceReleaseMerge(addr unsafe.Pointer) {
+}
+
+func raceReadRange(addr unsafe.Pointer, len int) {
+}
+
+func raceWriteRange(addr unsafe.Pointer, len int) {
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/security_windows.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/security_windows.go
new file mode 100644
index 000000000..9e3c44a85
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/security_windows.go
@@ -0,0 +1,1406 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package windows
+
+import (
+	"syscall"
+	"unsafe"
+
+	"golang.org/x/sys/internal/unsafeheader"
+)
+
+const (
+	NameUnknown          = 0
+	NameFullyQualifiedDN = 1
+	NameSamCompatible    = 2
+	NameDisplay          = 3
+	NameUniqueId         = 6
+	NameCanonical        = 7
+	NameUserPrincipal    = 8
+	NameCanonicalEx      = 9
+	NameServicePrincipal = 10
+	NameDnsDomain        = 12
+)
+
+// This function returns 1 byte BOOLEAN rather than the 4 byte BOOL.
+// http://blogs.msdn.com/b/drnick/archive/2007/12/19/windows-and-upn-format-credentials.aspx
+//sys	TranslateName(accName *uint16, accNameFormat uint32, desiredNameFormat uint32, translatedName *uint16, nSize *uint32) (err error) [failretval&0xff==0] = secur32.TranslateNameW
+//sys	GetUserNameEx(nameFormat uint32, nameBuffre *uint16, nSize *uint32) (err error) [failretval&0xff==0] = secur32.GetUserNameExW
+
+// TranslateAccountName converts a directory service
+// object name from one format to another.
+func TranslateAccountName(username string, from, to uint32, initSize int) (string, error) {
+	u, e := UTF16PtrFromString(username)
+	if e != nil {
+		return "", e
+	}
+	n := uint32(50)
+	for {
+		b := make([]uint16, n)
+		e = TranslateName(u, from, to, &b[0], &n)
+		if e == nil {
+			return UTF16ToString(b[:n]), nil
+		}
+		if e != ERROR_INSUFFICIENT_BUFFER {
+			return "", e
+		}
+		if n <= uint32(len(b)) {
+			return "", e
+		}
+	}
+}
+
+const (
+	// do not reorder
+	NetSetupUnknownStatus = iota
+	NetSetupUnjoined
+	NetSetupWorkgroupName
+	NetSetupDomainName
+)
+
+type UserInfo10 struct {
+	Name       *uint16
+	Comment    *uint16
+	UsrComment *uint16
+	FullName   *uint16
+}
+
+//sys	NetUserGetInfo(serverName *uint16, userName *uint16, level uint32, buf **byte) (neterr error) = netapi32.NetUserGetInfo
+//sys	NetGetJoinInformation(server *uint16, name **uint16, bufType *uint32) (neterr error) = netapi32.NetGetJoinInformation
+//sys	NetApiBufferFree(buf *byte) (neterr error) = netapi32.NetApiBufferFree
+
+const (
+	// do not reorder
+	SidTypeUser = 1 + iota
+	SidTypeGroup
+	SidTypeDomain
+	SidTypeAlias
+	SidTypeWellKnownGroup
+	SidTypeDeletedAccount
+	SidTypeInvalid
+	SidTypeUnknown
+	SidTypeComputer
+	SidTypeLabel
+)
+
+type SidIdentifierAuthority struct {
+	Value [6]byte
+}
+
+var (
+	SECURITY_NULL_SID_AUTHORITY        = SidIdentifierAuthority{[6]byte{0, 0, 0, 0, 0, 0}}
+	SECURITY_WORLD_SID_AUTHORITY       = SidIdentifierAuthority{[6]byte{0, 0, 0, 0, 0, 1}}
+	SECURITY_LOCAL_SID_AUTHORITY       = SidIdentifierAuthority{[6]byte{0, 0, 0, 0, 0, 2}}
+	SECURITY_CREATOR_SID_AUTHORITY     = SidIdentifierAuthority{[6]byte{0, 0, 0, 0, 0, 3}}
+	SECURITY_NON_UNIQUE_AUTHORITY      = SidIdentifierAuthority{[6]byte{0, 0, 0, 0, 0, 4}}
+	SECURITY_NT_AUTHORITY              = SidIdentifierAuthority{[6]byte{0, 0, 0, 0, 0, 5}}
+	SECURITY_MANDATORY_LABEL_AUTHORITY = SidIdentifierAuthority{[6]byte{0, 0, 0, 0, 0, 16}}
+)
+
+const (
+	SECURITY_NULL_RID                   = 0
+	SECURITY_WORLD_RID                  = 0
+	SECURITY_LOCAL_RID                  = 0
+	SECURITY_CREATOR_OWNER_RID          = 0
+	SECURITY_CREATOR_GROUP_RID          = 1
+	SECURITY_DIALUP_RID                 = 1
+	SECURITY_NETWORK_RID                = 2
+	SECURITY_BATCH_RID                  = 3
+	SECURITY_INTERACTIVE_RID            = 4
+	SECURITY_LOGON_IDS_RID              = 5
+	SECURITY_SERVICE_RID                = 6
+	SECURITY_LOCAL_SYSTEM_RID           = 18
+	SECURITY_BUILTIN_DOMAIN_RID         = 32
+	SECURITY_PRINCIPAL_SELF_RID         = 10
+	SECURITY_CREATOR_OWNER_SERVER_RID   = 0x2
+	SECURITY_CREATOR_GROUP_SERVER_RID   = 0x3
+	SECURITY_LOGON_IDS_RID_COUNT        = 0x3
+	SECURITY_ANONYMOUS_LOGON_RID        = 0x7
+	SECURITY_PROXY_RID                  = 0x8
+	SECURITY_ENTERPRISE_CONTROLLERS_RID = 0x9
+	SECURITY_SERVER_LOGON_RID           = SECURITY_ENTERPRISE_CONTROLLERS_RID
+	SECURITY_AUTHENTICATED_USER_RID     = 0xb
+	SECURITY_RESTRICTED_CODE_RID        = 0xc
+	SECURITY_NT_NON_UNIQUE_RID          = 0x15
+)
+
+// Predefined domain-relative RIDs for local groups.
+// See https://msdn.microsoft.com/en-us/library/windows/desktop/aa379649(v=vs.85).aspx
+const (
+	DOMAIN_ALIAS_RID_ADMINS                         = 0x220
+	DOMAIN_ALIAS_RID_USERS                          = 0x221
+	DOMAIN_ALIAS_RID_GUESTS                         = 0x222
+	DOMAIN_ALIAS_RID_POWER_USERS                    = 0x223
+	DOMAIN_ALIAS_RID_ACCOUNT_OPS                    = 0x224
+	DOMAIN_ALIAS_RID_SYSTEM_OPS                     = 0x225
+	DOMAIN_ALIAS_RID_PRINT_OPS                      = 0x226
+	DOMAIN_ALIAS_RID_BACKUP_OPS                     = 0x227
+	DOMAIN_ALIAS_RID_REPLICATOR                     = 0x228
+	DOMAIN_ALIAS_RID_RAS_SERVERS                    = 0x229
+	DOMAIN_ALIAS_RID_PREW2KCOMPACCESS               = 0x22a
+	DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS           = 0x22b
+	DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS      = 0x22c
+	DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS = 0x22d
+	DOMAIN_ALIAS_RID_MONITORING_USERS               = 0x22e
+	DOMAIN_ALIAS_RID_LOGGING_USERS                  = 0x22f
+	DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS            = 0x230
+	DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS             = 0x231
+	DOMAIN_ALIAS_RID_DCOM_USERS                     = 0x232
+	DOMAIN_ALIAS_RID_IUSERS                         = 0x238
+	DOMAIN_ALIAS_RID_CRYPTO_OPERATORS               = 0x239
+	DOMAIN_ALIAS_RID_CACHEABLE_PRINCIPALS_GROUP     = 0x23b
+	DOMAIN_ALIAS_RID_NON_CACHEABLE_PRINCIPALS_GROUP = 0x23c
+	DOMAIN_ALIAS_RID_EVENT_LOG_READERS_GROUP        = 0x23d
+	DOMAIN_ALIAS_RID_CERTSVC_DCOM_ACCESS_GROUP      = 0x23e
+)
+
+//sys	LookupAccountSid(systemName *uint16, sid *SID, name *uint16, nameLen *uint32, refdDomainName *uint16, refdDomainNameLen *uint32, use *uint32) (err error) = advapi32.LookupAccountSidW
+//sys	LookupAccountName(systemName *uint16, accountName *uint16, sid *SID, sidLen *uint32, refdDomainName *uint16, refdDomainNameLen *uint32, use *uint32) (err error) = advapi32.LookupAccountNameW
+//sys	ConvertSidToStringSid(sid *SID, stringSid **uint16) (err error) = advapi32.ConvertSidToStringSidW
+//sys	ConvertStringSidToSid(stringSid *uint16, sid **SID) (err error) = advapi32.ConvertStringSidToSidW
+//sys	GetLengthSid(sid *SID) (len uint32) = advapi32.GetLengthSid
+//sys	CopySid(destSidLen uint32, destSid *SID, srcSid *SID) (err error) = advapi32.CopySid
+//sys	AllocateAndInitializeSid(identAuth *SidIdentifierAuthority, subAuth byte, subAuth0 uint32, subAuth1 uint32, subAuth2 uint32, subAuth3 uint32, subAuth4 uint32, subAuth5 uint32, subAuth6 uint32, subAuth7 uint32, sid **SID) (err error) = advapi32.AllocateAndInitializeSid
+//sys	createWellKnownSid(sidType WELL_KNOWN_SID_TYPE, domainSid *SID, sid *SID, sizeSid *uint32) (err error) = advapi32.CreateWellKnownSid
+//sys	isWellKnownSid(sid *SID, sidType WELL_KNOWN_SID_TYPE) (isWellKnown bool) = advapi32.IsWellKnownSid
+//sys	FreeSid(sid *SID) (err error) [failretval!=0] = advapi32.FreeSid
+//sys	EqualSid(sid1 *SID, sid2 *SID) (isEqual bool) = advapi32.EqualSid
+//sys	getSidIdentifierAuthority(sid *SID) (authority *SidIdentifierAuthority) = advapi32.GetSidIdentifierAuthority
+//sys	getSidSubAuthorityCount(sid *SID) (count *uint8) = advapi32.GetSidSubAuthorityCount
+//sys	getSidSubAuthority(sid *SID, index uint32) (subAuthority *uint32) = advapi32.GetSidSubAuthority
+//sys	isValidSid(sid *SID) (isValid bool) = advapi32.IsValidSid
+
+// The security identifier (SID) structure is a variable-length
+// structure used to uniquely identify users or groups.
+type SID struct{}
+
+// StringToSid converts a string-format security identifier
+// SID into a valid, functional SID.
+func StringToSid(s string) (*SID, error) {
+	var sid *SID
+	p, e := UTF16PtrFromString(s)
+	if e != nil {
+		return nil, e
+	}
+	e = ConvertStringSidToSid(p, &sid)
+	if e != nil {
+		return nil, e
+	}
+	defer LocalFree((Handle)(unsafe.Pointer(sid)))
+	return sid.Copy()
+}
+
+// LookupSID retrieves a security identifier SID for the account
+// and the name of the domain on which the account was found.
+// System specify target computer to search.
+func LookupSID(system, account string) (sid *SID, domain string, accType uint32, err error) {
+	if len(account) == 0 {
+		return nil, "", 0, syscall.EINVAL
+	}
+	acc, e := UTF16PtrFromString(account)
+	if e != nil {
+		return nil, "", 0, e
+	}
+	var sys *uint16
+	if len(system) > 0 {
+		sys, e = UTF16PtrFromString(system)
+		if e != nil {
+			return nil, "", 0, e
+		}
+	}
+	n := uint32(50)
+	dn := uint32(50)
+	for {
+		b := make([]byte, n)
+		db := make([]uint16, dn)
+		sid = (*SID)(unsafe.Pointer(&b[0]))
+		e = LookupAccountName(sys, acc, sid, &n, &db[0], &dn, &accType)
+		if e == nil {
+			return sid, UTF16ToString(db), accType, nil
+		}
+		if e != ERROR_INSUFFICIENT_BUFFER {
+			return nil, "", 0, e
+		}
+		if n <= uint32(len(b)) {
+			return nil, "", 0, e
+		}
+	}
+}
+
+// String converts SID to a string format suitable for display, storage, or transmission.
+func (sid *SID) String() string {
+	var s *uint16
+	e := ConvertSidToStringSid(sid, &s)
+	if e != nil {
+		return ""
+	}
+	defer LocalFree((Handle)(unsafe.Pointer(s)))
+	return UTF16ToString((*[256]uint16)(unsafe.Pointer(s))[:])
+}
+
+// Len returns the length, in bytes, of a valid security identifier SID.
+func (sid *SID) Len() int {
+	return int(GetLengthSid(sid))
+}
+
+// Copy creates a duplicate of security identifier SID.
+func (sid *SID) Copy() (*SID, error) {
+	b := make([]byte, sid.Len())
+	sid2 := (*SID)(unsafe.Pointer(&b[0]))
+	e := CopySid(uint32(len(b)), sid2, sid)
+	if e != nil {
+		return nil, e
+	}
+	return sid2, nil
+}
+
+// IdentifierAuthority returns the identifier authority of the SID.
+func (sid *SID) IdentifierAuthority() SidIdentifierAuthority {
+	return *getSidIdentifierAuthority(sid)
+}
+
+// SubAuthorityCount returns the number of sub-authorities in the SID.
+func (sid *SID) SubAuthorityCount() uint8 {
+	return *getSidSubAuthorityCount(sid)
+}
+
+// SubAuthority returns the sub-authority of the SID as specified by
+// the index, which must be less than sid.SubAuthorityCount().
+func (sid *SID) SubAuthority(idx uint32) uint32 {
+	if idx >= uint32(sid.SubAuthorityCount()) {
+		panic("sub-authority index out of range")
+	}
+	return *getSidSubAuthority(sid, idx)
+}
+
+// IsValid returns whether the SID has a valid revision and length.
+func (sid *SID) IsValid() bool {
+	return isValidSid(sid)
+}
+
+// Equals compares two SIDs for equality.
+func (sid *SID) Equals(sid2 *SID) bool {
+	return EqualSid(sid, sid2)
+}
+
+// IsWellKnown determines whether the SID matches the well-known sidType.
+func (sid *SID) IsWellKnown(sidType WELL_KNOWN_SID_TYPE) bool {
+	return isWellKnownSid(sid, sidType)
+}
+
+// LookupAccount retrieves the name of the account for this SID
+// and the name of the first domain on which this SID is found.
+// System specify target computer to search for.
+func (sid *SID) LookupAccount(system string) (account, domain string, accType uint32, err error) {
+	var sys *uint16
+	if len(system) > 0 {
+		sys, err = UTF16PtrFromString(system)
+		if err != nil {
+			return "", "", 0, err
+		}
+	}
+	n := uint32(50)
+	dn := uint32(50)
+	for {
+		b := make([]uint16, n)
+		db := make([]uint16, dn)
+		e := LookupAccountSid(sys, sid, &b[0], &n, &db[0], &dn, &accType)
+		if e == nil {
+			return UTF16ToString(b), UTF16ToString(db), accType, nil
+		}
+		if e != ERROR_INSUFFICIENT_BUFFER {
+			return "", "", 0, e
+		}
+		if n <= uint32(len(b)) {
+			return "", "", 0, e
+		}
+	}
+}
+
+// Various types of pre-specified SIDs that can be synthesized and compared at runtime.
+type WELL_KNOWN_SID_TYPE uint32
+
+const (
+	WinNullSid                                    = 0
+	WinWorldSid                                   = 1
+	WinLocalSid                                   = 2
+	WinCreatorOwnerSid                            = 3
+	WinCreatorGroupSid                            = 4
+	WinCreatorOwnerServerSid                      = 5
+	WinCreatorGroupServerSid                      = 6
+	WinNtAuthoritySid                             = 7
+	WinDialupSid                                  = 8
+	WinNetworkSid                                 = 9
+	WinBatchSid                                   = 10
+	WinInteractiveSid                             = 11
+	WinServiceSid                                 = 12
+	WinAnonymousSid                               = 13
+	WinProxySid                                   = 14
+	WinEnterpriseControllersSid                   = 15
+	WinSelfSid                                    = 16
+	WinAuthenticatedUserSid                       = 17
+	WinRestrictedCodeSid                          = 18
+	WinTerminalServerSid                          = 19
+	WinRemoteLogonIdSid                           = 20
+	WinLogonIdsSid                                = 21
+	WinLocalSystemSid                             = 22
+	WinLocalServiceSid                            = 23
+	WinNetworkServiceSid                          = 24
+	WinBuiltinDomainSid                           = 25
+	WinBuiltinAdministratorsSid                   = 26
+	WinBuiltinUsersSid                            = 27
+	WinBuiltinGuestsSid                           = 28
+	WinBuiltinPowerUsersSid                       = 29
+	WinBuiltinAccountOperatorsSid                 = 30
+	WinBuiltinSystemOperatorsSid                  = 31
+	WinBuiltinPrintOperatorsSid                   = 32
+	WinBuiltinBackupOperatorsSid                  = 33
+	WinBuiltinReplicatorSid                       = 34
+	WinBuiltinPreWindows2000CompatibleAccessSid   = 35
+	WinBuiltinRemoteDesktopUsersSid               = 36
+	WinBuiltinNetworkConfigurationOperatorsSid    = 37
+	WinAccountAdministratorSid                    = 38
+	WinAccountGuestSid                            = 39
+	WinAccountKrbtgtSid                           = 40
+	WinAccountDomainAdminsSid                     = 41
+	WinAccountDomainUsersSid                      = 42
+	WinAccountDomainGuestsSid                     = 43
+	WinAccountComputersSid                        = 44
+	WinAccountControllersSid                      = 45
+	WinAccountCertAdminsSid                       = 46
+	WinAccountSchemaAdminsSid                     = 47
+	WinAccountEnterpriseAdminsSid                 = 48
+	WinAccountPolicyAdminsSid                     = 49
+	WinAccountRasAndIasServersSid                 = 50
+	WinNTLMAuthenticationSid                      = 51
+	WinDigestAuthenticationSid                    = 52
+	WinSChannelAuthenticationSid                  = 53
+	WinThisOrganizationSid                        = 54
+	WinOtherOrganizationSid                       = 55
+	WinBuiltinIncomingForestTrustBuildersSid      = 56
+	WinBuiltinPerfMonitoringUsersSid              = 57
+	WinBuiltinPerfLoggingUsersSid                 = 58
+	WinBuiltinAuthorizationAccessSid              = 59
+	WinBuiltinTerminalServerLicenseServersSid     = 60
+	WinBuiltinDCOMUsersSid                        = 61
+	WinBuiltinIUsersSid                           = 62
+	WinIUserSid                                   = 63
+	WinBuiltinCryptoOperatorsSid                  = 64
+	WinUntrustedLabelSid                          = 65
+	WinLowLabelSid                                = 66
+	WinMediumLabelSid                             = 67
+	WinHighLabelSid                               = 68
+	WinSystemLabelSid                             = 69
+	WinWriteRestrictedCodeSid                     = 70
+	WinCreatorOwnerRightsSid                      = 71
+	WinCacheablePrincipalsGroupSid                = 72
+	WinNonCacheablePrincipalsGroupSid             = 73
+	WinEnterpriseReadonlyControllersSid           = 74
+	WinAccountReadonlyControllersSid              = 75
+	WinBuiltinEventLogReadersGroup                = 76
+	WinNewEnterpriseReadonlyControllersSid        = 77
+	WinBuiltinCertSvcDComAccessGroup              = 78
+	WinMediumPlusLabelSid                         = 79
+	WinLocalLogonSid                              = 80
+	WinConsoleLogonSid                            = 81
+	WinThisOrganizationCertificateSid             = 82
+	WinApplicationPackageAuthoritySid             = 83
+	WinBuiltinAnyPackageSid                       = 84
+	WinCapabilityInternetClientSid                = 85
+	WinCapabilityInternetClientServerSid          = 86
+	WinCapabilityPrivateNetworkClientServerSid    = 87
+	WinCapabilityPicturesLibrarySid               = 88
+	WinCapabilityVideosLibrarySid                 = 89
+	WinCapabilityMusicLibrarySid                  = 90
+	WinCapabilityDocumentsLibrarySid              = 91
+	WinCapabilitySharedUserCertificatesSid        = 92
+	WinCapabilityEnterpriseAuthenticationSid      = 93
+	WinCapabilityRemovableStorageSid              = 94
+	WinBuiltinRDSRemoteAccessServersSid           = 95
+	WinBuiltinRDSEndpointServersSid               = 96
+	WinBuiltinRDSManagementServersSid             = 97
+	WinUserModeDriversSid                         = 98
+	WinBuiltinHyperVAdminsSid                     = 99
+	WinAccountCloneableControllersSid             = 100
+	WinBuiltinAccessControlAssistanceOperatorsSid = 101
+	WinBuiltinRemoteManagementUsersSid            = 102
+	WinAuthenticationAuthorityAssertedSid         = 103
+	WinAuthenticationServiceAssertedSid           = 104
+	WinLocalAccountSid                            = 105
+	WinLocalAccountAndAdministratorSid            = 106
+	WinAccountProtectedUsersSid                   = 107
+	WinCapabilityAppointmentsSid                  = 108
+	WinCapabilityContactsSid                      = 109
+	WinAccountDefaultSystemManagedSid             = 110
+	WinBuiltinDefaultSystemManagedGroupSid        = 111
+	WinBuiltinStorageReplicaAdminsSid             = 112
+	WinAccountKeyAdminsSid                        = 113
+	WinAccountEnterpriseKeyAdminsSid              = 114
+	WinAuthenticationKeyTrustSid                  = 115
+	WinAuthenticationKeyPropertyMFASid            = 116
+	WinAuthenticationKeyPropertyAttestationSid    = 117
+	WinAuthenticationFreshKeyAuthSid              = 118
+	WinBuiltinDeviceOwnersSid                     = 119
+)
+
+// Creates a SID for a well-known predefined alias, generally using the constants of the form
+// Win*Sid, for the local machine.
+func CreateWellKnownSid(sidType WELL_KNOWN_SID_TYPE) (*SID, error) {
+	return CreateWellKnownDomainSid(sidType, nil)
+}
+
+// Creates a SID for a well-known predefined alias, generally using the constants of the form
+// Win*Sid, for the domain specified by the domainSid parameter.
+func CreateWellKnownDomainSid(sidType WELL_KNOWN_SID_TYPE, domainSid *SID) (*SID, error) {
+	n := uint32(50)
+	for {
+		b := make([]byte, n)
+		sid := (*SID)(unsafe.Pointer(&b[0]))
+		err := createWellKnownSid(sidType, domainSid, sid, &n)
+		if err == nil {
+			return sid, nil
+		}
+		if err != ERROR_INSUFFICIENT_BUFFER {
+			return nil, err
+		}
+		if n <= uint32(len(b)) {
+			return nil, err
+		}
+	}
+}
+
+const (
+	// do not reorder
+	TOKEN_ASSIGN_PRIMARY = 1 << iota
+	TOKEN_DUPLICATE
+	TOKEN_IMPERSONATE
+	TOKEN_QUERY
+	TOKEN_QUERY_SOURCE
+	TOKEN_ADJUST_PRIVILEGES
+	TOKEN_ADJUST_GROUPS
+	TOKEN_ADJUST_DEFAULT
+	TOKEN_ADJUST_SESSIONID
+
+	TOKEN_ALL_ACCESS = STANDARD_RIGHTS_REQUIRED |
+		TOKEN_ASSIGN_PRIMARY |
+		TOKEN_DUPLICATE |
+		TOKEN_IMPERSONATE |
+		TOKEN_QUERY |
+		TOKEN_QUERY_SOURCE |
+		TOKEN_ADJUST_PRIVILEGES |
+		TOKEN_ADJUST_GROUPS |
+		TOKEN_ADJUST_DEFAULT |
+		TOKEN_ADJUST_SESSIONID
+	TOKEN_READ  = STANDARD_RIGHTS_READ | TOKEN_QUERY
+	TOKEN_WRITE = STANDARD_RIGHTS_WRITE |
+		TOKEN_ADJUST_PRIVILEGES |
+		TOKEN_ADJUST_GROUPS |
+		TOKEN_ADJUST_DEFAULT
+	TOKEN_EXECUTE = STANDARD_RIGHTS_EXECUTE
+)
+
+const (
+	// do not reorder
+	TokenUser = 1 + iota
+	TokenGroups
+	TokenPrivileges
+	TokenOwner
+	TokenPrimaryGroup
+	TokenDefaultDacl
+	TokenSource
+	TokenType
+	TokenImpersonationLevel
+	TokenStatistics
+	TokenRestrictedSids
+	TokenSessionId
+	TokenGroupsAndPrivileges
+	TokenSessionReference
+	TokenSandBoxInert
+	TokenAuditPolicy
+	TokenOrigin
+	TokenElevationType
+	TokenLinkedToken
+	TokenElevation
+	TokenHasRestrictions
+	TokenAccessInformation
+	TokenVirtualizationAllowed
+	TokenVirtualizationEnabled
+	TokenIntegrityLevel
+	TokenUIAccess
+	TokenMandatoryPolicy
+	TokenLogonSid
+	MaxTokenInfoClass
+)
+
+// Group attributes inside of Tokengroups.Groups[i].Attributes
+const (
+	SE_GROUP_MANDATORY          = 0x00000001
+	SE_GROUP_ENABLED_BY_DEFAULT = 0x00000002
+	SE_GROUP_ENABLED            = 0x00000004
+	SE_GROUP_OWNER              = 0x00000008
+	SE_GROUP_USE_FOR_DENY_ONLY  = 0x00000010
+	SE_GROUP_INTEGRITY          = 0x00000020
+	SE_GROUP_INTEGRITY_ENABLED  = 0x00000040
+	SE_GROUP_LOGON_ID           = 0xC0000000
+	SE_GROUP_RESOURCE           = 0x20000000
+	SE_GROUP_VALID_ATTRIBUTES   = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED | SE_GROUP_OWNER | SE_GROUP_USE_FOR_DENY_ONLY | SE_GROUP_LOGON_ID | SE_GROUP_RESOURCE | SE_GROUP_INTEGRITY | SE_GROUP_INTEGRITY_ENABLED
+)
+
+// Privilege attributes
+const (
+	SE_PRIVILEGE_ENABLED_BY_DEFAULT = 0x00000001
+	SE_PRIVILEGE_ENABLED            = 0x00000002
+	SE_PRIVILEGE_REMOVED            = 0x00000004
+	SE_PRIVILEGE_USED_FOR_ACCESS    = 0x80000000
+	SE_PRIVILEGE_VALID_ATTRIBUTES   = SE_PRIVILEGE_ENABLED_BY_DEFAULT | SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_REMOVED | SE_PRIVILEGE_USED_FOR_ACCESS
+)
+
+// Token types
+const (
+	TokenPrimary       = 1
+	TokenImpersonation = 2
+)
+
+// Impersonation levels
+const (
+	SecurityAnonymous      = 0
+	SecurityIdentification = 1
+	SecurityImpersonation  = 2
+	SecurityDelegation     = 3
+)
+
+type LUID struct {
+	LowPart  uint32
+	HighPart int32
+}
+
+type LUIDAndAttributes struct {
+	Luid       LUID
+	Attributes uint32
+}
+
+type SIDAndAttributes struct {
+	Sid        *SID
+	Attributes uint32
+}
+
+type Tokenuser struct {
+	User SIDAndAttributes
+}
+
+type Tokenprimarygroup struct {
+	PrimaryGroup *SID
+}
+
+type Tokengroups struct {
+	GroupCount uint32
+	Groups     [1]SIDAndAttributes // Use AllGroups() for iterating.
+}
+
+// AllGroups returns a slice that can be used to iterate over the groups in g.
+func (g *Tokengroups) AllGroups() []SIDAndAttributes {
+	return (*[(1 << 28) - 1]SIDAndAttributes)(unsafe.Pointer(&g.Groups[0]))[:g.GroupCount:g.GroupCount]
+}
+
+type Tokenprivileges struct {
+	PrivilegeCount uint32
+	Privileges     [1]LUIDAndAttributes // Use AllPrivileges() for iterating.
+}
+
+// AllPrivileges returns a slice that can be used to iterate over the privileges in p.
+func (p *Tokenprivileges) AllPrivileges() []LUIDAndAttributes {
+	return (*[(1 << 27) - 1]LUIDAndAttributes)(unsafe.Pointer(&p.Privileges[0]))[:p.PrivilegeCount:p.PrivilegeCount]
+}
+
+type Tokenmandatorylabel struct {
+	Label SIDAndAttributes
+}
+
+func (tml *Tokenmandatorylabel) Size() uint32 {
+	return uint32(unsafe.Sizeof(Tokenmandatorylabel{})) + GetLengthSid(tml.Label.Sid)
+}
+
+// Authorization Functions
+//sys	checkTokenMembership(tokenHandle Token, sidToCheck *SID, isMember *int32) (err error) = advapi32.CheckTokenMembership
+//sys	OpenProcessToken(process Handle, access uint32, token *Token) (err error) = advapi32.OpenProcessToken
+//sys	OpenThreadToken(thread Handle, access uint32, openAsSelf bool, token *Token) (err error) = advapi32.OpenThreadToken
+//sys	ImpersonateSelf(impersonationlevel uint32) (err error) = advapi32.ImpersonateSelf
+//sys	RevertToSelf() (err error) = advapi32.RevertToSelf
+//sys	SetThreadToken(thread *Handle, token Token) (err error) = advapi32.SetThreadToken
+//sys	LookupPrivilegeValue(systemname *uint16, name *uint16, luid *LUID) (err error) = advapi32.LookupPrivilegeValueW
+//sys	AdjustTokenPrivileges(token Token, disableAllPrivileges bool, newstate *Tokenprivileges, buflen uint32, prevstate *Tokenprivileges, returnlen *uint32) (err error) = advapi32.AdjustTokenPrivileges
+//sys	AdjustTokenGroups(token Token, resetToDefault bool, newstate *Tokengroups, buflen uint32, prevstate *Tokengroups, returnlen *uint32) (err error) = advapi32.AdjustTokenGroups
+//sys	GetTokenInformation(token Token, infoClass uint32, info *byte, infoLen uint32, returnedLen *uint32) (err error) = advapi32.GetTokenInformation
+//sys	SetTokenInformation(token Token, infoClass uint32, info *byte, infoLen uint32) (err error) = advapi32.SetTokenInformation
+//sys	DuplicateTokenEx(existingToken Token, desiredAccess uint32, tokenAttributes *SecurityAttributes, impersonationLevel uint32, tokenType uint32, newToken *Token) (err error) = advapi32.DuplicateTokenEx
+//sys	GetUserProfileDirectory(t Token, dir *uint16, dirLen *uint32) (err error) = userenv.GetUserProfileDirectoryW
+//sys	getSystemDirectory(dir *uint16, dirLen uint32) (len uint32, err error) = kernel32.GetSystemDirectoryW
+//sys	getWindowsDirectory(dir *uint16, dirLen uint32) (len uint32, err error) = kernel32.GetWindowsDirectoryW
+//sys	getSystemWindowsDirectory(dir *uint16, dirLen uint32) (len uint32, err error) = kernel32.GetSystemWindowsDirectoryW
+
+// An access token contains the security information for a logon session.
+// The system creates an access token when a user logs on, and every
+// process executed on behalf of the user has a copy of the token.
+// The token identifies the user, the user's groups, and the user's
+// privileges. The system uses the token to control access to securable
+// objects and to control the ability of the user to perform various
+// system-related operations on the local computer.
+type Token Handle
+
+// OpenCurrentProcessToken opens an access token associated with current
+// process with TOKEN_QUERY access. It is a real token that needs to be closed.
+//
+// Deprecated: Explicitly call OpenProcessToken(CurrentProcess(), ...)
+// with the desired access instead, or use GetCurrentProcessToken for a
+// TOKEN_QUERY token.
+func OpenCurrentProcessToken() (Token, error) {
+	var token Token
+	err := OpenProcessToken(CurrentProcess(), TOKEN_QUERY, &token)
+	return token, err
+}
+
+// GetCurrentProcessToken returns the access token associated with
+// the current process. It is a pseudo token that does not need
+// to be closed.
+func GetCurrentProcessToken() Token {
+	return Token(^uintptr(4 - 1))
+}
+
+// GetCurrentThreadToken return the access token associated with
+// the current thread. It is a pseudo token that does not need
+// to be closed.
+func GetCurrentThreadToken() Token {
+	return Token(^uintptr(5 - 1))
+}
+
+// GetCurrentThreadEffectiveToken returns the effective access token
+// associated with the current thread. It is a pseudo token that does
+// not need to be closed.
+func GetCurrentThreadEffectiveToken() Token {
+	return Token(^uintptr(6 - 1))
+}
+
+// Close releases access to access token.
+func (t Token) Close() error {
+	return CloseHandle(Handle(t))
+}
+
+// getInfo retrieves a specified type of information about an access token.
+func (t Token) getInfo(class uint32, initSize int) (unsafe.Pointer, error) {
+	n := uint32(initSize)
+	for {
+		b := make([]byte, n)
+		e := GetTokenInformation(t, class, &b[0], uint32(len(b)), &n)
+		if e == nil {
+			return unsafe.Pointer(&b[0]), nil
+		}
+		if e != ERROR_INSUFFICIENT_BUFFER {
+			return nil, e
+		}
+		if n <= uint32(len(b)) {
+			return nil, e
+		}
+	}
+}
+
+// GetTokenUser retrieves access token t user account information.
+func (t Token) GetTokenUser() (*Tokenuser, error) {
+	i, e := t.getInfo(TokenUser, 50)
+	if e != nil {
+		return nil, e
+	}
+	return (*Tokenuser)(i), nil
+}
+
+// GetTokenGroups retrieves group accounts associated with access token t.
+func (t Token) GetTokenGroups() (*Tokengroups, error) {
+	i, e := t.getInfo(TokenGroups, 50)
+	if e != nil {
+		return nil, e
+	}
+	return (*Tokengroups)(i), nil
+}
+
+// GetTokenPrimaryGroup retrieves access token t primary group information.
+// A pointer to a SID structure representing a group that will become
+// the primary group of any objects created by a process using this access token.
+func (t Token) GetTokenPrimaryGroup() (*Tokenprimarygroup, error) {
+	i, e := t.getInfo(TokenPrimaryGroup, 50)
+	if e != nil {
+		return nil, e
+	}
+	return (*Tokenprimarygroup)(i), nil
+}
+
+// GetUserProfileDirectory retrieves path to the
+// root directory of the access token t user's profile.
+func (t Token) GetUserProfileDirectory() (string, error) {
+	n := uint32(100)
+	for {
+		b := make([]uint16, n)
+		e := GetUserProfileDirectory(t, &b[0], &n)
+		if e == nil {
+			return UTF16ToString(b), nil
+		}
+		if e != ERROR_INSUFFICIENT_BUFFER {
+			return "", e
+		}
+		if n <= uint32(len(b)) {
+			return "", e
+		}
+	}
+}
+
+// IsElevated returns whether the current token is elevated from a UAC perspective.
+func (token Token) IsElevated() bool {
+	var isElevated uint32
+	var outLen uint32
+	err := GetTokenInformation(token, TokenElevation, (*byte)(unsafe.Pointer(&isElevated)), uint32(unsafe.Sizeof(isElevated)), &outLen)
+	if err != nil {
+		return false
+	}
+	return outLen == uint32(unsafe.Sizeof(isElevated)) && isElevated != 0
+}
+
+// GetLinkedToken returns the linked token, which may be an elevated UAC token.
+func (token Token) GetLinkedToken() (Token, error) {
+	var linkedToken Token
+	var outLen uint32
+	err := GetTokenInformation(token, TokenLinkedToken, (*byte)(unsafe.Pointer(&linkedToken)), uint32(unsafe.Sizeof(linkedToken)), &outLen)
+	if err != nil {
+		return Token(0), err
+	}
+	return linkedToken, nil
+}
+
+// GetSystemDirectory retrieves the path to current location of the system
+// directory, which is typically, though not always, `C:\Windows\System32`.
+func GetSystemDirectory() (string, error) {
+	n := uint32(MAX_PATH)
+	for {
+		b := make([]uint16, n)
+		l, e := getSystemDirectory(&b[0], n)
+		if e != nil {
+			return "", e
+		}
+		if l <= n {
+			return UTF16ToString(b[:l]), nil
+		}
+		n = l
+	}
+}
+
+// GetWindowsDirectory retrieves the path to current location of the Windows
+// directory, which is typically, though not always, `C:\Windows`. This may
+// be a private user directory in the case that the application is running
+// under a terminal server.
+func GetWindowsDirectory() (string, error) {
+	n := uint32(MAX_PATH)
+	for {
+		b := make([]uint16, n)
+		l, e := getWindowsDirectory(&b[0], n)
+		if e != nil {
+			return "", e
+		}
+		if l <= n {
+			return UTF16ToString(b[:l]), nil
+		}
+		n = l
+	}
+}
+
+// GetSystemWindowsDirectory retrieves the path to current location of the
+// Windows directory, which is typically, though not always, `C:\Windows`.
+func GetSystemWindowsDirectory() (string, error) {
+	n := uint32(MAX_PATH)
+	for {
+		b := make([]uint16, n)
+		l, e := getSystemWindowsDirectory(&b[0], n)
+		if e != nil {
+			return "", e
+		}
+		if l <= n {
+			return UTF16ToString(b[:l]), nil
+		}
+		n = l
+	}
+}
+
+// IsMember reports whether the access token t is a member of the provided SID.
+func (t Token) IsMember(sid *SID) (bool, error) {
+	var b int32
+	if e := checkTokenMembership(t, sid, &b); e != nil {
+		return false, e
+	}
+	return b != 0, nil
+}
+
+const (
+	WTS_CONSOLE_CONNECT        = 0x1
+	WTS_CONSOLE_DISCONNECT     = 0x2
+	WTS_REMOTE_CONNECT         = 0x3
+	WTS_REMOTE_DISCONNECT      = 0x4
+	WTS_SESSION_LOGON          = 0x5
+	WTS_SESSION_LOGOFF         = 0x6
+	WTS_SESSION_LOCK           = 0x7
+	WTS_SESSION_UNLOCK         = 0x8
+	WTS_SESSION_REMOTE_CONTROL = 0x9
+	WTS_SESSION_CREATE         = 0xa
+	WTS_SESSION_TERMINATE      = 0xb
+)
+
+const (
+	WTSActive       = 0
+	WTSConnected    = 1
+	WTSConnectQuery = 2
+	WTSShadow       = 3
+	WTSDisconnected = 4
+	WTSIdle         = 5
+	WTSListen       = 6
+	WTSReset        = 7
+	WTSDown         = 8
+	WTSInit         = 9
+)
+
+type WTSSESSION_NOTIFICATION struct {
+	Size      uint32
+	SessionID uint32
+}
+
+type WTS_SESSION_INFO struct {
+	SessionID         uint32
+	WindowStationName *uint16
+	State             uint32
+}
+
+//sys WTSQueryUserToken(session uint32, token *Token) (err error) = wtsapi32.WTSQueryUserToken
+//sys WTSEnumerateSessions(handle Handle, reserved uint32, version uint32, sessions **WTS_SESSION_INFO, count *uint32) (err error) = wtsapi32.WTSEnumerateSessionsW
+//sys WTSFreeMemory(ptr uintptr) = wtsapi32.WTSFreeMemory
+
+type ACL struct {
+	aclRevision byte
+	sbz1        byte
+	aclSize     uint16
+	aceCount    uint16
+	sbz2        uint16
+}
+
+type SECURITY_DESCRIPTOR struct {
+	revision byte
+	sbz1     byte
+	control  SECURITY_DESCRIPTOR_CONTROL
+	owner    *SID
+	group    *SID
+	sacl     *ACL
+	dacl     *ACL
+}
+
+type SecurityAttributes struct {
+	Length             uint32
+	SecurityDescriptor *SECURITY_DESCRIPTOR
+	InheritHandle      uint32
+}
+
+type SE_OBJECT_TYPE uint32
+
+// Constants for type SE_OBJECT_TYPE
+const (
+	SE_UNKNOWN_OBJECT_TYPE     = 0
+	SE_FILE_OBJECT             = 1
+	SE_SERVICE                 = 2
+	SE_PRINTER                 = 3
+	SE_REGISTRY_KEY            = 4
+	SE_LMSHARE                 = 5
+	SE_KERNEL_OBJECT           = 6
+	SE_WINDOW_OBJECT           = 7
+	SE_DS_OBJECT               = 8
+	SE_DS_OBJECT_ALL           = 9
+	SE_PROVIDER_DEFINED_OBJECT = 10
+	SE_WMIGUID_OBJECT          = 11
+	SE_REGISTRY_WOW64_32KEY    = 12
+	SE_REGISTRY_WOW64_64KEY    = 13
+)
+
+type SECURITY_INFORMATION uint32
+
+// Constants for type SECURITY_INFORMATION
+const (
+	OWNER_SECURITY_INFORMATION            = 0x00000001
+	GROUP_SECURITY_INFORMATION            = 0x00000002
+	DACL_SECURITY_INFORMATION             = 0x00000004
+	SACL_SECURITY_INFORMATION             = 0x00000008
+	LABEL_SECURITY_INFORMATION            = 0x00000010
+	ATTRIBUTE_SECURITY_INFORMATION        = 0x00000020
+	SCOPE_SECURITY_INFORMATION            = 0x00000040
+	BACKUP_SECURITY_INFORMATION           = 0x00010000
+	PROTECTED_DACL_SECURITY_INFORMATION   = 0x80000000
+	PROTECTED_SACL_SECURITY_INFORMATION   = 0x40000000
+	UNPROTECTED_DACL_SECURITY_INFORMATION = 0x20000000
+	UNPROTECTED_SACL_SECURITY_INFORMATION = 0x10000000
+)
+
+type SECURITY_DESCRIPTOR_CONTROL uint16
+
+// Constants for type SECURITY_DESCRIPTOR_CONTROL
+const (
+	SE_OWNER_DEFAULTED       = 0x0001
+	SE_GROUP_DEFAULTED       = 0x0002
+	SE_DACL_PRESENT          = 0x0004
+	SE_DACL_DEFAULTED        = 0x0008
+	SE_SACL_PRESENT          = 0x0010
+	SE_SACL_DEFAULTED        = 0x0020
+	SE_DACL_AUTO_INHERIT_REQ = 0x0100
+	SE_SACL_AUTO_INHERIT_REQ = 0x0200
+	SE_DACL_AUTO_INHERITED   = 0x0400
+	SE_SACL_AUTO_INHERITED   = 0x0800
+	SE_DACL_PROTECTED        = 0x1000
+	SE_SACL_PROTECTED        = 0x2000
+	SE_RM_CONTROL_VALID      = 0x4000
+	SE_SELF_RELATIVE         = 0x8000
+)
+
+type ACCESS_MASK uint32
+
+// Constants for type ACCESS_MASK
+const (
+	DELETE                   = 0x00010000
+	READ_CONTROL             = 0x00020000
+	WRITE_DAC                = 0x00040000
+	WRITE_OWNER              = 0x00080000
+	SYNCHRONIZE              = 0x00100000
+	STANDARD_RIGHTS_REQUIRED = 0x000F0000
+	STANDARD_RIGHTS_READ     = READ_CONTROL
+	STANDARD_RIGHTS_WRITE    = READ_CONTROL
+	STANDARD_RIGHTS_EXECUTE  = READ_CONTROL
+	STANDARD_RIGHTS_ALL      = 0x001F0000
+	SPECIFIC_RIGHTS_ALL      = 0x0000FFFF
+	ACCESS_SYSTEM_SECURITY   = 0x01000000
+	MAXIMUM_ALLOWED          = 0x02000000
+	GENERIC_READ             = 0x80000000
+	GENERIC_WRITE            = 0x40000000
+	GENERIC_EXECUTE          = 0x20000000
+	GENERIC_ALL              = 0x10000000
+)
+
+type ACCESS_MODE uint32
+
+// Constants for type ACCESS_MODE
+const (
+	NOT_USED_ACCESS   = 0
+	GRANT_ACCESS      = 1
+	SET_ACCESS        = 2
+	DENY_ACCESS       = 3
+	REVOKE_ACCESS     = 4
+	SET_AUDIT_SUCCESS = 5
+	SET_AUDIT_FAILURE = 6
+)
+
+// Constants for AceFlags and Inheritance fields
+const (
+	NO_INHERITANCE                     = 0x0
+	SUB_OBJECTS_ONLY_INHERIT           = 0x1
+	SUB_CONTAINERS_ONLY_INHERIT        = 0x2
+	SUB_CONTAINERS_AND_OBJECTS_INHERIT = 0x3
+	INHERIT_NO_PROPAGATE               = 0x4
+	INHERIT_ONLY                       = 0x8
+	INHERITED_ACCESS_ENTRY             = 0x10
+	INHERITED_PARENT                   = 0x10000000
+	INHERITED_GRANDPARENT              = 0x20000000
+	OBJECT_INHERIT_ACE                 = 0x1
+	CONTAINER_INHERIT_ACE              = 0x2
+	NO_PROPAGATE_INHERIT_ACE           = 0x4
+	INHERIT_ONLY_ACE                   = 0x8
+	INHERITED_ACE                      = 0x10
+	VALID_INHERIT_FLAGS                = 0x1F
+)
+
+type MULTIPLE_TRUSTEE_OPERATION uint32
+
+// Constants for MULTIPLE_TRUSTEE_OPERATION
+const (
+	NO_MULTIPLE_TRUSTEE    = 0
+	TRUSTEE_IS_IMPERSONATE = 1
+)
+
+type TRUSTEE_FORM uint32
+
+// Constants for TRUSTEE_FORM
+const (
+	TRUSTEE_IS_SID              = 0
+	TRUSTEE_IS_NAME             = 1
+	TRUSTEE_BAD_FORM            = 2
+	TRUSTEE_IS_OBJECTS_AND_SID  = 3
+	TRUSTEE_IS_OBJECTS_AND_NAME = 4
+)
+
+type TRUSTEE_TYPE uint32
+
+// Constants for TRUSTEE_TYPE
+const (
+	TRUSTEE_IS_UNKNOWN          = 0
+	TRUSTEE_IS_USER             = 1
+	TRUSTEE_IS_GROUP            = 2
+	TRUSTEE_IS_DOMAIN           = 3
+	TRUSTEE_IS_ALIAS            = 4
+	TRUSTEE_IS_WELL_KNOWN_GROUP = 5
+	TRUSTEE_IS_DELETED          = 6
+	TRUSTEE_IS_INVALID          = 7
+	TRUSTEE_IS_COMPUTER         = 8
+)
+
+// Constants for ObjectsPresent field
+const (
+	ACE_OBJECT_TYPE_PRESENT           = 0x1
+	ACE_INHERITED_OBJECT_TYPE_PRESENT = 0x2
+)
+
+type EXPLICIT_ACCESS struct {
+	AccessPermissions ACCESS_MASK
+	AccessMode        ACCESS_MODE
+	Inheritance       uint32
+	Trustee           TRUSTEE
+}
+
+// This type is the union inside of TRUSTEE and must be created using one of the TrusteeValueFrom* functions.
+type TrusteeValue uintptr
+
+func TrusteeValueFromString(str string) TrusteeValue {
+	return TrusteeValue(unsafe.Pointer(StringToUTF16Ptr(str)))
+}
+func TrusteeValueFromSID(sid *SID) TrusteeValue {
+	return TrusteeValue(unsafe.Pointer(sid))
+}
+func TrusteeValueFromObjectsAndSid(objectsAndSid *OBJECTS_AND_SID) TrusteeValue {
+	return TrusteeValue(unsafe.Pointer(objectsAndSid))
+}
+func TrusteeValueFromObjectsAndName(objectsAndName *OBJECTS_AND_NAME) TrusteeValue {
+	return TrusteeValue(unsafe.Pointer(objectsAndName))
+}
+
+type TRUSTEE struct {
+	MultipleTrustee          *TRUSTEE
+	MultipleTrusteeOperation MULTIPLE_TRUSTEE_OPERATION
+	TrusteeForm              TRUSTEE_FORM
+	TrusteeType              TRUSTEE_TYPE
+	TrusteeValue             TrusteeValue
+}
+
+type OBJECTS_AND_SID struct {
+	ObjectsPresent          uint32
+	ObjectTypeGuid          GUID
+	InheritedObjectTypeGuid GUID
+	Sid                     *SID
+}
+
+type OBJECTS_AND_NAME struct {
+	ObjectsPresent          uint32
+	ObjectType              SE_OBJECT_TYPE
+	ObjectTypeName          *uint16
+	InheritedObjectTypeName *uint16
+	Name                    *uint16
+}
+
+//sys	getSecurityInfo(handle Handle, objectType SE_OBJECT_TYPE, securityInformation SECURITY_INFORMATION, owner **SID, group **SID, dacl **ACL, sacl **ACL, sd **SECURITY_DESCRIPTOR) (ret error) = advapi32.GetSecurityInfo
+//sys	SetSecurityInfo(handle Handle, objectType SE_OBJECT_TYPE, securityInformation SECURITY_INFORMATION, owner *SID, group *SID, dacl *ACL, sacl *ACL) = advapi32.SetSecurityInfo
+//sys	getNamedSecurityInfo(objectName string, objectType SE_OBJECT_TYPE, securityInformation SECURITY_INFORMATION, owner **SID, group **SID, dacl **ACL, sacl **ACL, sd **SECURITY_DESCRIPTOR) (ret error) = advapi32.GetNamedSecurityInfoW
+//sys	SetNamedSecurityInfo(objectName string, objectType SE_OBJECT_TYPE, securityInformation SECURITY_INFORMATION, owner *SID, group *SID, dacl *ACL, sacl *ACL) (ret error) = advapi32.SetNamedSecurityInfoW
+
+//sys	buildSecurityDescriptor(owner *TRUSTEE, group *TRUSTEE, countAccessEntries uint32, accessEntries *EXPLICIT_ACCESS, countAuditEntries uint32, auditEntries *EXPLICIT_ACCESS, oldSecurityDescriptor *SECURITY_DESCRIPTOR, sizeNewSecurityDescriptor *uint32, newSecurityDescriptor **SECURITY_DESCRIPTOR) (ret error) = advapi32.BuildSecurityDescriptorW
+//sys	initializeSecurityDescriptor(absoluteSD *SECURITY_DESCRIPTOR, revision uint32) (err error) = advapi32.InitializeSecurityDescriptor
+
+//sys	getSecurityDescriptorControl(sd *SECURITY_DESCRIPTOR, control *SECURITY_DESCRIPTOR_CONTROL, revision *uint32) (err error) = advapi32.GetSecurityDescriptorControl
+//sys	getSecurityDescriptorDacl(sd *SECURITY_DESCRIPTOR, daclPresent *bool, dacl **ACL, daclDefaulted *bool) (err error) = advapi32.GetSecurityDescriptorDacl
+//sys	getSecurityDescriptorSacl(sd *SECURITY_DESCRIPTOR, saclPresent *bool, sacl **ACL, saclDefaulted *bool) (err error) = advapi32.GetSecurityDescriptorSacl
+//sys	getSecurityDescriptorOwner(sd *SECURITY_DESCRIPTOR, owner **SID, ownerDefaulted *bool) (err error) = advapi32.GetSecurityDescriptorOwner
+//sys	getSecurityDescriptorGroup(sd *SECURITY_DESCRIPTOR, group **SID, groupDefaulted *bool) (err error) = advapi32.GetSecurityDescriptorGroup
+//sys	getSecurityDescriptorLength(sd *SECURITY_DESCRIPTOR) (len uint32) = advapi32.GetSecurityDescriptorLength
+//sys	getSecurityDescriptorRMControl(sd *SECURITY_DESCRIPTOR, rmControl *uint8) (ret error) [failretval!=0] = advapi32.GetSecurityDescriptorRMControl
+//sys	isValidSecurityDescriptor(sd *SECURITY_DESCRIPTOR) (isValid bool) = advapi32.IsValidSecurityDescriptor
+
+//sys	setSecurityDescriptorControl(sd *SECURITY_DESCRIPTOR, controlBitsOfInterest SECURITY_DESCRIPTOR_CONTROL, controlBitsToSet SECURITY_DESCRIPTOR_CONTROL) (err error) = advapi32.SetSecurityDescriptorControl
+//sys	setSecurityDescriptorDacl(sd *SECURITY_DESCRIPTOR, daclPresent bool, dacl *ACL, daclDefaulted bool) (err error) = advapi32.SetSecurityDescriptorDacl
+//sys	setSecurityDescriptorSacl(sd *SECURITY_DESCRIPTOR, saclPresent bool, sacl *ACL, saclDefaulted bool) (err error) = advapi32.SetSecurityDescriptorSacl
+//sys	setSecurityDescriptorOwner(sd *SECURITY_DESCRIPTOR, owner *SID, ownerDefaulted bool) (err error) = advapi32.SetSecurityDescriptorOwner
+//sys	setSecurityDescriptorGroup(sd *SECURITY_DESCRIPTOR, group *SID, groupDefaulted bool) (err error) = advapi32.SetSecurityDescriptorGroup
+//sys	setSecurityDescriptorRMControl(sd *SECURITY_DESCRIPTOR, rmControl *uint8) = advapi32.SetSecurityDescriptorRMControl
+
+//sys	convertStringSecurityDescriptorToSecurityDescriptor(str string, revision uint32, sd **SECURITY_DESCRIPTOR, size *uint32) (err error) = advapi32.ConvertStringSecurityDescriptorToSecurityDescriptorW
+//sys	convertSecurityDescriptorToStringSecurityDescriptor(sd *SECURITY_DESCRIPTOR, revision uint32, securityInformation SECURITY_INFORMATION, str **uint16, strLen *uint32) (err error) = advapi32.ConvertSecurityDescriptorToStringSecurityDescriptorW
+
+//sys	makeAbsoluteSD(selfRelativeSD *SECURITY_DESCRIPTOR, absoluteSD *SECURITY_DESCRIPTOR, absoluteSDSize *uint32, dacl *ACL, daclSize *uint32, sacl *ACL, saclSize *uint32, owner *SID, ownerSize *uint32, group *SID, groupSize *uint32) (err error) = advapi32.MakeAbsoluteSD
+//sys	makeSelfRelativeSD(absoluteSD *SECURITY_DESCRIPTOR, selfRelativeSD *SECURITY_DESCRIPTOR, selfRelativeSDSize *uint32) (err error) = advapi32.MakeSelfRelativeSD
+
+//sys	setEntriesInAcl(countExplicitEntries uint32, explicitEntries *EXPLICIT_ACCESS, oldACL *ACL, newACL **ACL) (ret error) = advapi32.SetEntriesInAclW
+
+// Control returns the security descriptor control bits.
+func (sd *SECURITY_DESCRIPTOR) Control() (control SECURITY_DESCRIPTOR_CONTROL, revision uint32, err error) {
+	err = getSecurityDescriptorControl(sd, &control, &revision)
+	return
+}
+
+// SetControl sets the security descriptor control bits.
+func (sd *SECURITY_DESCRIPTOR) SetControl(controlBitsOfInterest SECURITY_DESCRIPTOR_CONTROL, controlBitsToSet SECURITY_DESCRIPTOR_CONTROL) error {
+	return setSecurityDescriptorControl(sd, controlBitsOfInterest, controlBitsToSet)
+}
+
+// RMControl returns the security descriptor resource manager control bits.
+func (sd *SECURITY_DESCRIPTOR) RMControl() (control uint8, err error) {
+	err = getSecurityDescriptorRMControl(sd, &control)
+	return
+}
+
+// SetRMControl sets the security descriptor resource manager control bits.
+func (sd *SECURITY_DESCRIPTOR) SetRMControl(rmControl uint8) {
+	setSecurityDescriptorRMControl(sd, &rmControl)
+}
+
+// DACL returns the security descriptor DACL and whether it was defaulted. The dacl return value may be nil
+// if a DACL exists but is an "empty DACL", meaning fully permissive. If the DACL does not exist, err returns
+// ERROR_OBJECT_NOT_FOUND.
+func (sd *SECURITY_DESCRIPTOR) DACL() (dacl *ACL, defaulted bool, err error) {
+	var present bool
+	err = getSecurityDescriptorDacl(sd, &present, &dacl, &defaulted)
+	if !present {
+		err = ERROR_OBJECT_NOT_FOUND
+	}
+	return
+}
+
+// SetDACL sets the absolute security descriptor DACL.
+func (absoluteSD *SECURITY_DESCRIPTOR) SetDACL(dacl *ACL, present, defaulted bool) error {
+	return setSecurityDescriptorDacl(absoluteSD, present, dacl, defaulted)
+}
+
+// SACL returns the security descriptor SACL and whether it was defaulted. The sacl return value may be nil
+// if a SACL exists but is an "empty SACL", meaning fully permissive. If the SACL does not exist, err returns
+// ERROR_OBJECT_NOT_FOUND.
+func (sd *SECURITY_DESCRIPTOR) SACL() (sacl *ACL, defaulted bool, err error) {
+	var present bool
+	err = getSecurityDescriptorSacl(sd, &present, &sacl, &defaulted)
+	if !present {
+		err = ERROR_OBJECT_NOT_FOUND
+	}
+	return
+}
+
+// SetSACL sets the absolute security descriptor SACL.
+func (absoluteSD *SECURITY_DESCRIPTOR) SetSACL(sacl *ACL, present, defaulted bool) error {
+	return setSecurityDescriptorSacl(absoluteSD, present, sacl, defaulted)
+}
+
+// Owner returns the security descriptor owner and whether it was defaulted.
+func (sd *SECURITY_DESCRIPTOR) Owner() (owner *SID, defaulted bool, err error) {
+	err = getSecurityDescriptorOwner(sd, &owner, &defaulted)
+	return
+}
+
+// SetOwner sets the absolute security descriptor owner.
+func (absoluteSD *SECURITY_DESCRIPTOR) SetOwner(owner *SID, defaulted bool) error {
+	return setSecurityDescriptorOwner(absoluteSD, owner, defaulted)
+}
+
+// Group returns the security descriptor group and whether it was defaulted.
+func (sd *SECURITY_DESCRIPTOR) Group() (group *SID, defaulted bool, err error) {
+	err = getSecurityDescriptorGroup(sd, &group, &defaulted)
+	return
+}
+
+// SetGroup sets the absolute security descriptor owner.
+func (absoluteSD *SECURITY_DESCRIPTOR) SetGroup(group *SID, defaulted bool) error {
+	return setSecurityDescriptorGroup(absoluteSD, group, defaulted)
+}
+
+// Length returns the length of the security descriptor.
+func (sd *SECURITY_DESCRIPTOR) Length() uint32 {
+	return getSecurityDescriptorLength(sd)
+}
+
+// IsValid returns whether the security descriptor is valid.
+func (sd *SECURITY_DESCRIPTOR) IsValid() bool {
+	return isValidSecurityDescriptor(sd)
+}
+
+// String returns the SDDL form of the security descriptor, with a function signature that can be
+// used with %v formatting directives.
+func (sd *SECURITY_DESCRIPTOR) String() string {
+	var sddl *uint16
+	err := convertSecurityDescriptorToStringSecurityDescriptor(sd, 1, 0xff, &sddl, nil)
+	if err != nil {
+		return ""
+	}
+	defer LocalFree(Handle(unsafe.Pointer(sddl)))
+	return UTF16PtrToString(sddl)
+}
+
+// ToAbsolute converts a self-relative security descriptor into an absolute one.
+func (selfRelativeSD *SECURITY_DESCRIPTOR) ToAbsolute() (absoluteSD *SECURITY_DESCRIPTOR, err error) {
+	control, _, err := selfRelativeSD.Control()
+	if err != nil {
+		return
+	}
+	if control&SE_SELF_RELATIVE == 0 {
+		err = ERROR_INVALID_PARAMETER
+		return
+	}
+	var absoluteSDSize, daclSize, saclSize, ownerSize, groupSize uint32
+	err = makeAbsoluteSD(selfRelativeSD, nil, &absoluteSDSize,
+		nil, &daclSize, nil, &saclSize, nil, &ownerSize, nil, &groupSize)
+	switch err {
+	case ERROR_INSUFFICIENT_BUFFER:
+	case nil:
+		// makeAbsoluteSD is expected to fail, but it succeeds.
+		return nil, ERROR_INTERNAL_ERROR
+	default:
+		return nil, err
+	}
+	if absoluteSDSize > 0 {
+		absoluteSD = (*SECURITY_DESCRIPTOR)(unsafe.Pointer(&make([]byte, absoluteSDSize)[0]))
+	}
+	var (
+		dacl  *ACL
+		sacl  *ACL
+		owner *SID
+		group *SID
+	)
+	if daclSize > 0 {
+		dacl = (*ACL)(unsafe.Pointer(&make([]byte, daclSize)[0]))
+	}
+	if saclSize > 0 {
+		sacl = (*ACL)(unsafe.Pointer(&make([]byte, saclSize)[0]))
+	}
+	if ownerSize > 0 {
+		owner = (*SID)(unsafe.Pointer(&make([]byte, ownerSize)[0]))
+	}
+	if groupSize > 0 {
+		group = (*SID)(unsafe.Pointer(&make([]byte, groupSize)[0]))
+	}
+	err = makeAbsoluteSD(selfRelativeSD, absoluteSD, &absoluteSDSize,
+		dacl, &daclSize, sacl, &saclSize, owner, &ownerSize, group, &groupSize)
+	return
+}
+
+// ToSelfRelative converts an absolute security descriptor into a self-relative one.
+func (absoluteSD *SECURITY_DESCRIPTOR) ToSelfRelative() (selfRelativeSD *SECURITY_DESCRIPTOR, err error) {
+	control, _, err := absoluteSD.Control()
+	if err != nil {
+		return
+	}
+	if control&SE_SELF_RELATIVE != 0 {
+		err = ERROR_INVALID_PARAMETER
+		return
+	}
+	var selfRelativeSDSize uint32
+	err = makeSelfRelativeSD(absoluteSD, nil, &selfRelativeSDSize)
+	switch err {
+	case ERROR_INSUFFICIENT_BUFFER:
+	case nil:
+		// makeSelfRelativeSD is expected to fail, but it succeeds.
+		return nil, ERROR_INTERNAL_ERROR
+	default:
+		return nil, err
+	}
+	if selfRelativeSDSize > 0 {
+		selfRelativeSD = (*SECURITY_DESCRIPTOR)(unsafe.Pointer(&make([]byte, selfRelativeSDSize)[0]))
+	}
+	err = makeSelfRelativeSD(absoluteSD, selfRelativeSD, &selfRelativeSDSize)
+	return
+}
+
+func (selfRelativeSD *SECURITY_DESCRIPTOR) copySelfRelativeSecurityDescriptor() *SECURITY_DESCRIPTOR {
+	sdLen := (int)(selfRelativeSD.Length())
+
+	var src []byte
+	h := (*unsafeheader.Slice)(unsafe.Pointer(&src))
+	h.Data = unsafe.Pointer(selfRelativeSD)
+	h.Len = sdLen
+	h.Cap = sdLen
+
+	dst := make([]byte, sdLen)
+	copy(dst, src)
+	return (*SECURITY_DESCRIPTOR)(unsafe.Pointer(&dst[0]))
+}
+
+// SecurityDescriptorFromString converts an SDDL string describing a security descriptor into a
+// self-relative security descriptor object allocated on the Go heap.
+func SecurityDescriptorFromString(sddl string) (sd *SECURITY_DESCRIPTOR, err error) {
+	var winHeapSD *SECURITY_DESCRIPTOR
+	err = convertStringSecurityDescriptorToSecurityDescriptor(sddl, 1, &winHeapSD, nil)
+	if err != nil {
+		return
+	}
+	defer LocalFree(Handle(unsafe.Pointer(winHeapSD)))
+	return winHeapSD.copySelfRelativeSecurityDescriptor(), nil
+}
+
+// GetSecurityInfo queries the security information for a given handle and returns the self-relative security
+// descriptor result on the Go heap.
+func GetSecurityInfo(handle Handle, objectType SE_OBJECT_TYPE, securityInformation SECURITY_INFORMATION) (sd *SECURITY_DESCRIPTOR, err error) {
+	var winHeapSD *SECURITY_DESCRIPTOR
+	err = getSecurityInfo(handle, objectType, securityInformation, nil, nil, nil, nil, &winHeapSD)
+	if err != nil {
+		return
+	}
+	defer LocalFree(Handle(unsafe.Pointer(winHeapSD)))
+	return winHeapSD.copySelfRelativeSecurityDescriptor(), nil
+}
+
+// GetNamedSecurityInfo queries the security information for a given named object and returns the self-relative security
+// descriptor result on the Go heap.
+func GetNamedSecurityInfo(objectName string, objectType SE_OBJECT_TYPE, securityInformation SECURITY_INFORMATION) (sd *SECURITY_DESCRIPTOR, err error) {
+	var winHeapSD *SECURITY_DESCRIPTOR
+	err = getNamedSecurityInfo(objectName, objectType, securityInformation, nil, nil, nil, nil, &winHeapSD)
+	if err != nil {
+		return
+	}
+	defer LocalFree(Handle(unsafe.Pointer(winHeapSD)))
+	return winHeapSD.copySelfRelativeSecurityDescriptor(), nil
+}
+
+// BuildSecurityDescriptor makes a new security descriptor using the input trustees, explicit access lists, and
+// prior security descriptor to be merged, any of which can be nil, returning the self-relative security descriptor
+// result on the Go heap.
+func BuildSecurityDescriptor(owner *TRUSTEE, group *TRUSTEE, accessEntries []EXPLICIT_ACCESS, auditEntries []EXPLICIT_ACCESS, mergedSecurityDescriptor *SECURITY_DESCRIPTOR) (sd *SECURITY_DESCRIPTOR, err error) {
+	var winHeapSD *SECURITY_DESCRIPTOR
+	var winHeapSDSize uint32
+	var firstAccessEntry *EXPLICIT_ACCESS
+	if len(accessEntries) > 0 {
+		firstAccessEntry = &accessEntries[0]
+	}
+	var firstAuditEntry *EXPLICIT_ACCESS
+	if len(auditEntries) > 0 {
+		firstAuditEntry = &auditEntries[0]
+	}
+	err = buildSecurityDescriptor(owner, group, uint32(len(accessEntries)), firstAccessEntry, uint32(len(auditEntries)), firstAuditEntry, mergedSecurityDescriptor, &winHeapSDSize, &winHeapSD)
+	if err != nil {
+		return
+	}
+	defer LocalFree(Handle(unsafe.Pointer(winHeapSD)))
+	return winHeapSD.copySelfRelativeSecurityDescriptor(), nil
+}
+
+// NewSecurityDescriptor creates and initializes a new absolute security descriptor.
+func NewSecurityDescriptor() (absoluteSD *SECURITY_DESCRIPTOR, err error) {
+	absoluteSD = &SECURITY_DESCRIPTOR{}
+	err = initializeSecurityDescriptor(absoluteSD, 1)
+	return
+}
+
+// ACLFromEntries returns a new ACL on the Go heap containing a list of explicit entries as well as those of another ACL.
+// Both explicitEntries and mergedACL are optional and can be nil.
+func ACLFromEntries(explicitEntries []EXPLICIT_ACCESS, mergedACL *ACL) (acl *ACL, err error) {
+	var firstExplicitEntry *EXPLICIT_ACCESS
+	if len(explicitEntries) > 0 {
+		firstExplicitEntry = &explicitEntries[0]
+	}
+	var winHeapACL *ACL
+	err = setEntriesInAcl(uint32(len(explicitEntries)), firstExplicitEntry, mergedACL, &winHeapACL)
+	if err != nil {
+		return
+	}
+	defer LocalFree(Handle(unsafe.Pointer(winHeapACL)))
+	aclBytes := make([]byte, winHeapACL.aclSize)
+	copy(aclBytes, (*[(1 << 31) - 1]byte)(unsafe.Pointer(winHeapACL))[:len(aclBytes):len(aclBytes)])
+	return (*ACL)(unsafe.Pointer(&aclBytes[0])), nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/service.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/service.go
new file mode 100644
index 000000000..f54ff90aa
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/service.go
@@ -0,0 +1,231 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build windows
+
+package windows
+
+const (
+	SC_MANAGER_CONNECT            = 1
+	SC_MANAGER_CREATE_SERVICE     = 2
+	SC_MANAGER_ENUMERATE_SERVICE  = 4
+	SC_MANAGER_LOCK               = 8
+	SC_MANAGER_QUERY_LOCK_STATUS  = 16
+	SC_MANAGER_MODIFY_BOOT_CONFIG = 32
+	SC_MANAGER_ALL_ACCESS         = 0xf003f
+)
+
+//sys	OpenSCManager(machineName *uint16, databaseName *uint16, access uint32) (handle Handle, err error) [failretval==0] = advapi32.OpenSCManagerW
+
+const (
+	SERVICE_KERNEL_DRIVER       = 1
+	SERVICE_FILE_SYSTEM_DRIVER  = 2
+	SERVICE_ADAPTER             = 4
+	SERVICE_RECOGNIZER_DRIVER   = 8
+	SERVICE_WIN32_OWN_PROCESS   = 16
+	SERVICE_WIN32_SHARE_PROCESS = 32
+	SERVICE_WIN32               = SERVICE_WIN32_OWN_PROCESS | SERVICE_WIN32_SHARE_PROCESS
+	SERVICE_INTERACTIVE_PROCESS = 256
+	SERVICE_DRIVER              = SERVICE_KERNEL_DRIVER | SERVICE_FILE_SYSTEM_DRIVER | SERVICE_RECOGNIZER_DRIVER
+	SERVICE_TYPE_ALL            = SERVICE_WIN32 | SERVICE_ADAPTER | SERVICE_DRIVER | SERVICE_INTERACTIVE_PROCESS
+
+	SERVICE_BOOT_START   = 0
+	SERVICE_SYSTEM_START = 1
+	SERVICE_AUTO_START   = 2
+	SERVICE_DEMAND_START = 3
+	SERVICE_DISABLED     = 4
+
+	SERVICE_ERROR_IGNORE   = 0
+	SERVICE_ERROR_NORMAL   = 1
+	SERVICE_ERROR_SEVERE   = 2
+	SERVICE_ERROR_CRITICAL = 3
+
+	SC_STATUS_PROCESS_INFO = 0
+
+	SC_ACTION_NONE        = 0
+	SC_ACTION_RESTART     = 1
+	SC_ACTION_REBOOT      = 2
+	SC_ACTION_RUN_COMMAND = 3
+
+	SERVICE_STOPPED          = 1
+	SERVICE_START_PENDING    = 2
+	SERVICE_STOP_PENDING     = 3
+	SERVICE_RUNNING          = 4
+	SERVICE_CONTINUE_PENDING = 5
+	SERVICE_PAUSE_PENDING    = 6
+	SERVICE_PAUSED           = 7
+	SERVICE_NO_CHANGE        = 0xffffffff
+
+	SERVICE_ACCEPT_STOP                  = 1
+	SERVICE_ACCEPT_PAUSE_CONTINUE        = 2
+	SERVICE_ACCEPT_SHUTDOWN              = 4
+	SERVICE_ACCEPT_PARAMCHANGE           = 8
+	SERVICE_ACCEPT_NETBINDCHANGE         = 16
+	SERVICE_ACCEPT_HARDWAREPROFILECHANGE = 32
+	SERVICE_ACCEPT_POWEREVENT            = 64
+	SERVICE_ACCEPT_SESSIONCHANGE         = 128
+	SERVICE_ACCEPT_PRESHUTDOWN           = 256
+
+	SERVICE_CONTROL_STOP                  = 1
+	SERVICE_CONTROL_PAUSE                 = 2
+	SERVICE_CONTROL_CONTINUE              = 3
+	SERVICE_CONTROL_INTERROGATE           = 4
+	SERVICE_CONTROL_SHUTDOWN              = 5
+	SERVICE_CONTROL_PARAMCHANGE           = 6
+	SERVICE_CONTROL_NETBINDADD            = 7
+	SERVICE_CONTROL_NETBINDREMOVE         = 8
+	SERVICE_CONTROL_NETBINDENABLE         = 9
+	SERVICE_CONTROL_NETBINDDISABLE        = 10
+	SERVICE_CONTROL_DEVICEEVENT           = 11
+	SERVICE_CONTROL_HARDWAREPROFILECHANGE = 12
+	SERVICE_CONTROL_POWEREVENT            = 13
+	SERVICE_CONTROL_SESSIONCHANGE         = 14
+	SERVICE_CONTROL_PRESHUTDOWN           = 15
+
+	SERVICE_ACTIVE    = 1
+	SERVICE_INACTIVE  = 2
+	SERVICE_STATE_ALL = 3
+
+	SERVICE_QUERY_CONFIG         = 1
+	SERVICE_CHANGE_CONFIG        = 2
+	SERVICE_QUERY_STATUS         = 4
+	SERVICE_ENUMERATE_DEPENDENTS = 8
+	SERVICE_START                = 16
+	SERVICE_STOP                 = 32
+	SERVICE_PAUSE_CONTINUE       = 64
+	SERVICE_INTERROGATE          = 128
+	SERVICE_USER_DEFINED_CONTROL = 256
+	SERVICE_ALL_ACCESS           = STANDARD_RIGHTS_REQUIRED | SERVICE_QUERY_CONFIG | SERVICE_CHANGE_CONFIG | SERVICE_QUERY_STATUS | SERVICE_ENUMERATE_DEPENDENTS | SERVICE_START | SERVICE_STOP | SERVICE_PAUSE_CONTINUE | SERVICE_INTERROGATE | SERVICE_USER_DEFINED_CONTROL
+
+	SERVICE_RUNS_IN_SYSTEM_PROCESS = 1
+
+	SERVICE_CONFIG_DESCRIPTION              = 1
+	SERVICE_CONFIG_FAILURE_ACTIONS          = 2
+	SERVICE_CONFIG_DELAYED_AUTO_START_INFO  = 3
+	SERVICE_CONFIG_FAILURE_ACTIONS_FLAG     = 4
+	SERVICE_CONFIG_SERVICE_SID_INFO         = 5
+	SERVICE_CONFIG_REQUIRED_PRIVILEGES_INFO = 6
+	SERVICE_CONFIG_PRESHUTDOWN_INFO         = 7
+	SERVICE_CONFIG_TRIGGER_INFO             = 8
+	SERVICE_CONFIG_PREFERRED_NODE           = 9
+	SERVICE_CONFIG_LAUNCH_PROTECTED         = 12
+
+	SERVICE_SID_TYPE_NONE         = 0
+	SERVICE_SID_TYPE_UNRESTRICTED = 1
+	SERVICE_SID_TYPE_RESTRICTED   = 2 | SERVICE_SID_TYPE_UNRESTRICTED
+
+	SC_ENUM_PROCESS_INFO = 0
+
+	SERVICE_NOTIFY_STATUS_CHANGE    = 2
+	SERVICE_NOTIFY_STOPPED          = 0x00000001
+	SERVICE_NOTIFY_START_PENDING    = 0x00000002
+	SERVICE_NOTIFY_STOP_PENDING     = 0x00000004
+	SERVICE_NOTIFY_RUNNING          = 0x00000008
+	SERVICE_NOTIFY_CONTINUE_PENDING = 0x00000010
+	SERVICE_NOTIFY_PAUSE_PENDING    = 0x00000020
+	SERVICE_NOTIFY_PAUSED           = 0x00000040
+	SERVICE_NOTIFY_CREATED          = 0x00000080
+	SERVICE_NOTIFY_DELETED          = 0x00000100
+	SERVICE_NOTIFY_DELETE_PENDING   = 0x00000200
+)
+
+type SERVICE_STATUS struct {
+	ServiceType             uint32
+	CurrentState            uint32
+	ControlsAccepted        uint32
+	Win32ExitCode           uint32
+	ServiceSpecificExitCode uint32
+	CheckPoint              uint32
+	WaitHint                uint32
+}
+
+type SERVICE_TABLE_ENTRY struct {
+	ServiceName *uint16
+	ServiceProc uintptr
+}
+
+type QUERY_SERVICE_CONFIG struct {
+	ServiceType      uint32
+	StartType        uint32
+	ErrorControl     uint32
+	BinaryPathName   *uint16
+	LoadOrderGroup   *uint16
+	TagId            uint32
+	Dependencies     *uint16
+	ServiceStartName *uint16
+	DisplayName      *uint16
+}
+
+type SERVICE_DESCRIPTION struct {
+	Description *uint16
+}
+
+type SERVICE_DELAYED_AUTO_START_INFO struct {
+	IsDelayedAutoStartUp uint32
+}
+
+type SERVICE_STATUS_PROCESS struct {
+	ServiceType             uint32
+	CurrentState            uint32
+	ControlsAccepted        uint32
+	Win32ExitCode           uint32
+	ServiceSpecificExitCode uint32
+	CheckPoint              uint32
+	WaitHint                uint32
+	ProcessId               uint32
+	ServiceFlags            uint32
+}
+
+type ENUM_SERVICE_STATUS_PROCESS struct {
+	ServiceName          *uint16
+	DisplayName          *uint16
+	ServiceStatusProcess SERVICE_STATUS_PROCESS
+}
+
+type SERVICE_NOTIFY struct {
+	Version               uint32
+	NotifyCallback        uintptr
+	Context               uintptr
+	NotificationStatus    uint32
+	ServiceStatus         SERVICE_STATUS_PROCESS
+	NotificationTriggered uint32
+	ServiceNames          *uint16
+}
+
+type SERVICE_FAILURE_ACTIONS struct {
+	ResetPeriod  uint32
+	RebootMsg    *uint16
+	Command      *uint16
+	ActionsCount uint32
+	Actions      *SC_ACTION
+}
+
+type SC_ACTION struct {
+	Type  uint32
+	Delay uint32
+}
+
+type QUERY_SERVICE_LOCK_STATUS struct {
+	IsLocked     uint32
+	LockOwner    *uint16
+	LockDuration uint32
+}
+
+//sys	CloseServiceHandle(handle Handle) (err error) = advapi32.CloseServiceHandle
+//sys	CreateService(mgr Handle, serviceName *uint16, displayName *uint16, access uint32, srvType uint32, startType uint32, errCtl uint32, pathName *uint16, loadOrderGroup *uint16, tagId *uint32, dependencies *uint16, serviceStartName *uint16, password *uint16) (handle Handle, err error) [failretval==0] = advapi32.CreateServiceW
+//sys	OpenService(mgr Handle, serviceName *uint16, access uint32) (handle Handle, err error) [failretval==0] = advapi32.OpenServiceW
+//sys	DeleteService(service Handle) (err error) = advapi32.DeleteService
+//sys	StartService(service Handle, numArgs uint32, argVectors **uint16) (err error) = advapi32.StartServiceW
+//sys	QueryServiceStatus(service Handle, status *SERVICE_STATUS) (err error) = advapi32.QueryServiceStatus
+//sys	QueryServiceLockStatus(mgr Handle, lockStatus *QUERY_SERVICE_LOCK_STATUS, bufSize uint32, bytesNeeded *uint32) (err error) = advapi32.QueryServiceLockStatusW
+//sys	ControlService(service Handle, control uint32, status *SERVICE_STATUS) (err error) = advapi32.ControlService
+//sys	StartServiceCtrlDispatcher(serviceTable *SERVICE_TABLE_ENTRY) (err error) = advapi32.StartServiceCtrlDispatcherW
+//sys	SetServiceStatus(service Handle, serviceStatus *SERVICE_STATUS) (err error) = advapi32.SetServiceStatus
+//sys	ChangeServiceConfig(service Handle, serviceType uint32, startType uint32, errorControl uint32, binaryPathName *uint16, loadOrderGroup *uint16, tagId *uint32, dependencies *uint16, serviceStartName *uint16, password *uint16, displayName *uint16) (err error) = advapi32.ChangeServiceConfigW
+//sys	QueryServiceConfig(service Handle, serviceConfig *QUERY_SERVICE_CONFIG, bufSize uint32, bytesNeeded *uint32) (err error) = advapi32.QueryServiceConfigW
+//sys	ChangeServiceConfig2(service Handle, infoLevel uint32, info *byte) (err error) = advapi32.ChangeServiceConfig2W
+//sys	QueryServiceConfig2(service Handle, infoLevel uint32, buff *byte, buffSize uint32, bytesNeeded *uint32) (err error) = advapi32.QueryServiceConfig2W
+//sys	EnumServicesStatusEx(mgr Handle, infoLevel uint32, serviceType uint32, serviceState uint32, services *byte, bufSize uint32, bytesNeeded *uint32, servicesReturned *uint32, resumeHandle *uint32, groupName *uint16) (err error) = advapi32.EnumServicesStatusExW
+//sys	QueryServiceStatusEx(service Handle, infoLevel uint32, buff *byte, buffSize uint32, bytesNeeded *uint32) (err error) = advapi32.QueryServiceStatusEx
+//sys	NotifyServiceStatusChange(service Handle, notifyMask uint32, notifier *SERVICE_NOTIFY) (ret error) = advapi32.NotifyServiceStatusChangeW
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/str.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/str.go
new file mode 100644
index 000000000..917cc2aae
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/str.go
@@ -0,0 +1,22 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build windows
+
+package windows
+
+func itoa(val int) string { // do it here rather than with fmt to avoid dependency
+	if val < 0 {
+		return "-" + itoa(-val)
+	}
+	var buf [32]byte // big enough for int64
+	i := len(buf) - 1
+	for val >= 10 {
+		buf[i] = byte(val%10 + '0')
+		i--
+		val /= 10
+	}
+	buf[i] = byte(val + '0')
+	return string(buf[i:])
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/syscall.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/syscall.go
new file mode 100644
index 000000000..af828a91b
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/syscall.go
@@ -0,0 +1,74 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build windows
+
+// Package windows contains an interface to the low-level operating system
+// primitives. OS details vary depending on the underlying system, and
+// by default, godoc will display the OS-specific documentation for the current
+// system. If you want godoc to display syscall documentation for another
+// system, set $GOOS and $GOARCH to the desired system. For example, if
+// you want to view documentation for freebsd/arm on linux/amd64, set $GOOS
+// to freebsd and $GOARCH to arm.
+//
+// The primary use of this package is inside other packages that provide a more
+// portable interface to the system, such as "os", "time" and "net".  Use
+// those packages rather than this one if you can.
+//
+// For details of the functions and data types in this package consult
+// the manuals for the appropriate operating system.
+//
+// These calls return err == nil to indicate success; otherwise
+// err represents an operating system error describing the failure and
+// holds a value of type syscall.Errno.
+package windows // import "golang.org/x/sys/windows"
+
+import (
+	"syscall"
+)
+
+// ByteSliceFromString returns a NUL-terminated slice of bytes
+// containing the text of s. If s contains a NUL byte at any
+// location, it returns (nil, syscall.EINVAL).
+func ByteSliceFromString(s string) ([]byte, error) {
+	for i := 0; i < len(s); i++ {
+		if s[i] == 0 {
+			return nil, syscall.EINVAL
+		}
+	}
+	a := make([]byte, len(s)+1)
+	copy(a, s)
+	return a, nil
+}
+
+// BytePtrFromString returns a pointer to a NUL-terminated array of
+// bytes containing the text of s. If s contains a NUL byte at any
+// location, it returns (nil, syscall.EINVAL).
+func BytePtrFromString(s string) (*byte, error) {
+	a, err := ByteSliceFromString(s)
+	if err != nil {
+		return nil, err
+	}
+	return &a[0], nil
+}
+
+// Single-word zero for use when we need a valid pointer to 0 bytes.
+// See mksyscall.pl.
+var _zero uintptr
+
+func (ts *Timespec) Unix() (sec int64, nsec int64) {
+	return int64(ts.Sec), int64(ts.Nsec)
+}
+
+func (tv *Timeval) Unix() (sec int64, nsec int64) {
+	return int64(tv.Sec), int64(tv.Usec) * 1000
+}
+
+func (ts *Timespec) Nano() int64 {
+	return int64(ts.Sec)*1e9 + int64(ts.Nsec)
+}
+
+func (tv *Timeval) Nano() int64 {
+	return int64(tv.Sec)*1e9 + int64(tv.Usec)*1000
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/syscall_windows.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/syscall_windows.go
new file mode 100644
index 000000000..2aa29e839
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/syscall_windows.go
@@ -0,0 +1,1490 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Windows system calls.
+
+package windows
+
+import (
+	errorspkg "errors"
+	"sync"
+	"syscall"
+	"time"
+	"unicode/utf16"
+	"unsafe"
+
+	"golang.org/x/sys/internal/unsafeheader"
+)
+
+type Handle uintptr
+
+const (
+	InvalidHandle = ^Handle(0)
+
+	// Flags for DefineDosDevice.
+	DDD_EXACT_MATCH_ON_REMOVE = 0x00000004
+	DDD_NO_BROADCAST_SYSTEM   = 0x00000008
+	DDD_RAW_TARGET_PATH       = 0x00000001
+	DDD_REMOVE_DEFINITION     = 0x00000002
+
+	// Return values for GetDriveType.
+	DRIVE_UNKNOWN     = 0
+	DRIVE_NO_ROOT_DIR = 1
+	DRIVE_REMOVABLE   = 2
+	DRIVE_FIXED       = 3
+	DRIVE_REMOTE      = 4
+	DRIVE_CDROM       = 5
+	DRIVE_RAMDISK     = 6
+
+	// File system flags from GetVolumeInformation and GetVolumeInformationByHandle.
+	FILE_CASE_SENSITIVE_SEARCH        = 0x00000001
+	FILE_CASE_PRESERVED_NAMES         = 0x00000002
+	FILE_FILE_COMPRESSION             = 0x00000010
+	FILE_DAX_VOLUME                   = 0x20000000
+	FILE_NAMED_STREAMS                = 0x00040000
+	FILE_PERSISTENT_ACLS              = 0x00000008
+	FILE_READ_ONLY_VOLUME             = 0x00080000
+	FILE_SEQUENTIAL_WRITE_ONCE        = 0x00100000
+	FILE_SUPPORTS_ENCRYPTION          = 0x00020000
+	FILE_SUPPORTS_EXTENDED_ATTRIBUTES = 0x00800000
+	FILE_SUPPORTS_HARD_LINKS          = 0x00400000
+	FILE_SUPPORTS_OBJECT_IDS          = 0x00010000
+	FILE_SUPPORTS_OPEN_BY_FILE_ID     = 0x01000000
+	FILE_SUPPORTS_REPARSE_POINTS      = 0x00000080
+	FILE_SUPPORTS_SPARSE_FILES        = 0x00000040
+	FILE_SUPPORTS_TRANSACTIONS        = 0x00200000
+	FILE_SUPPORTS_USN_JOURNAL         = 0x02000000
+	FILE_UNICODE_ON_DISK              = 0x00000004
+	FILE_VOLUME_IS_COMPRESSED         = 0x00008000
+	FILE_VOLUME_QUOTAS                = 0x00000020
+
+	// Flags for LockFileEx.
+	LOCKFILE_FAIL_IMMEDIATELY = 0x00000001
+	LOCKFILE_EXCLUSIVE_LOCK   = 0x00000002
+
+	// Return values of SleepEx and other APC functions
+	STATUS_USER_APC    = 0x000000C0
+	WAIT_IO_COMPLETION = STATUS_USER_APC
+)
+
+// StringToUTF16 is deprecated. Use UTF16FromString instead.
+// If s contains a NUL byte this function panics instead of
+// returning an error.
+func StringToUTF16(s string) []uint16 {
+	a, err := UTF16FromString(s)
+	if err != nil {
+		panic("windows: string with NUL passed to StringToUTF16")
+	}
+	return a
+}
+
+// UTF16FromString returns the UTF-16 encoding of the UTF-8 string
+// s, with a terminating NUL added. If s contains a NUL byte at any
+// location, it returns (nil, syscall.EINVAL).
+func UTF16FromString(s string) ([]uint16, error) {
+	for i := 0; i < len(s); i++ {
+		if s[i] == 0 {
+			return nil, syscall.EINVAL
+		}
+	}
+	return utf16.Encode([]rune(s + "\x00")), nil
+}
+
+// UTF16ToString returns the UTF-8 encoding of the UTF-16 sequence s,
+// with a terminating NUL removed.
+func UTF16ToString(s []uint16) string {
+	for i, v := range s {
+		if v == 0 {
+			s = s[0:i]
+			break
+		}
+	}
+	return string(utf16.Decode(s))
+}
+
+// StringToUTF16Ptr is deprecated. Use UTF16PtrFromString instead.
+// If s contains a NUL byte this function panics instead of
+// returning an error.
+func StringToUTF16Ptr(s string) *uint16 { return &StringToUTF16(s)[0] }
+
+// UTF16PtrFromString returns pointer to the UTF-16 encoding of
+// the UTF-8 string s, with a terminating NUL added. If s
+// contains a NUL byte at any location, it returns (nil, syscall.EINVAL).
+func UTF16PtrFromString(s string) (*uint16, error) {
+	a, err := UTF16FromString(s)
+	if err != nil {
+		return nil, err
+	}
+	return &a[0], nil
+}
+
+// UTF16PtrToString takes a pointer to a UTF-16 sequence and returns the corresponding UTF-8 encoded string.
+// If the pointer is nil, this returns the empty string. This assumes that the UTF-16 sequence is terminated
+// at a zero word; if the zero word is not present, the program may crash.
+func UTF16PtrToString(p *uint16) string {
+	if p == nil {
+		return ""
+	}
+	if *p == 0 {
+		return ""
+	}
+
+	// Find NUL terminator.
+	n := 0
+	for ptr := unsafe.Pointer(p); *(*uint16)(ptr) != 0; n++ {
+		ptr = unsafe.Pointer(uintptr(ptr) + unsafe.Sizeof(*p))
+	}
+
+	var s []uint16
+	h := (*unsafeheader.Slice)(unsafe.Pointer(&s))
+	h.Data = unsafe.Pointer(p)
+	h.Len = n
+	h.Cap = n
+
+	return string(utf16.Decode(s))
+}
+
+func Getpagesize() int { return 4096 }
+
+// NewCallback converts a Go function to a function pointer conforming to the stdcall calling convention.
+// This is useful when interoperating with Windows code requiring callbacks.
+// The argument is expected to be a function with with one uintptr-sized result. The function must not have arguments with size larger than the size of uintptr.
+func NewCallback(fn interface{}) uintptr {
+	return syscall.NewCallback(fn)
+}
+
+// NewCallbackCDecl converts a Go function to a function pointer conforming to the cdecl calling convention.
+// This is useful when interoperating with Windows code requiring callbacks.
+// The argument is expected to be a function with with one uintptr-sized result. The function must not have arguments with size larger than the size of uintptr.
+func NewCallbackCDecl(fn interface{}) uintptr {
+	return syscall.NewCallbackCDecl(fn)
+}
+
+// windows api calls
+
+//sys	GetLastError() (lasterr error)
+//sys	LoadLibrary(libname string) (handle Handle, err error) = LoadLibraryW
+//sys	LoadLibraryEx(libname string, zero Handle, flags uintptr) (handle Handle, err error) = LoadLibraryExW
+//sys	FreeLibrary(handle Handle) (err error)
+//sys	GetProcAddress(module Handle, procname string) (proc uintptr, err error)
+//sys	GetModuleFileName(module Handle, filename *uint16, size uint32) (n uint32, err error) = kernel32.GetModuleFileNameW
+//sys	GetModuleHandleEx(flags uint32, moduleName *uint16, module *Handle) (err error) = kernel32.GetModuleHandleExW
+//sys	GetVersion() (ver uint32, err error)
+//sys	FormatMessage(flags uint32, msgsrc uintptr, msgid uint32, langid uint32, buf []uint16, args *byte) (n uint32, err error) = FormatMessageW
+//sys	ExitProcess(exitcode uint32)
+//sys	IsWow64Process(handle Handle, isWow64 *bool) (err error) = IsWow64Process
+//sys	CreateFile(name *uint16, access uint32, mode uint32, sa *SecurityAttributes, createmode uint32, attrs uint32, templatefile Handle) (handle Handle, err error) [failretval==InvalidHandle] = CreateFileW
+//sys	ReadFile(handle Handle, buf []byte, done *uint32, overlapped *Overlapped) (err error)
+//sys	WriteFile(handle Handle, buf []byte, done *uint32, overlapped *Overlapped) (err error)
+//sys	GetOverlappedResult(handle Handle, overlapped *Overlapped, done *uint32, wait bool) (err error)
+//sys	SetFilePointer(handle Handle, lowoffset int32, highoffsetptr *int32, whence uint32) (newlowoffset uint32, err error) [failretval==0xffffffff]
+//sys	CloseHandle(handle Handle) (err error)
+//sys	GetStdHandle(stdhandle uint32) (handle Handle, err error) [failretval==InvalidHandle]
+//sys	SetStdHandle(stdhandle uint32, handle Handle) (err error)
+//sys	findFirstFile1(name *uint16, data *win32finddata1) (handle Handle, err error) [failretval==InvalidHandle] = FindFirstFileW
+//sys	findNextFile1(handle Handle, data *win32finddata1) (err error) = FindNextFileW
+//sys	FindClose(handle Handle) (err error)
+//sys	GetFileInformationByHandle(handle Handle, data *ByHandleFileInformation) (err error)
+//sys	GetFileInformationByHandleEx(handle Handle, class uint32, outBuffer *byte, outBufferLen uint32) (err error)
+//sys	GetCurrentDirectory(buflen uint32, buf *uint16) (n uint32, err error) = GetCurrentDirectoryW
+//sys	SetCurrentDirectory(path *uint16) (err error) = SetCurrentDirectoryW
+//sys	CreateDirectory(path *uint16, sa *SecurityAttributes) (err error) = CreateDirectoryW
+//sys	RemoveDirectory(path *uint16) (err error) = RemoveDirectoryW
+//sys	DeleteFile(path *uint16) (err error) = DeleteFileW
+//sys	MoveFile(from *uint16, to *uint16) (err error) = MoveFileW
+//sys	MoveFileEx(from *uint16, to *uint16, flags uint32) (err error) = MoveFileExW
+//sys	LockFileEx(file Handle, flags uint32, reserved uint32, bytesLow uint32, bytesHigh uint32, overlapped *Overlapped) (err error)
+//sys	UnlockFileEx(file Handle, reserved uint32, bytesLow uint32, bytesHigh uint32, overlapped *Overlapped) (err error)
+//sys	GetComputerName(buf *uint16, n *uint32) (err error) = GetComputerNameW
+//sys	GetComputerNameEx(nametype uint32, buf *uint16, n *uint32) (err error) = GetComputerNameExW
+//sys	SetEndOfFile(handle Handle) (err error)
+//sys	GetSystemTimeAsFileTime(time *Filetime)
+//sys	GetSystemTimePreciseAsFileTime(time *Filetime)
+//sys	GetTimeZoneInformation(tzi *Timezoneinformation) (rc uint32, err error) [failretval==0xffffffff]
+//sys	CreateIoCompletionPort(filehandle Handle, cphandle Handle, key uint32, threadcnt uint32) (handle Handle, err error)
+//sys	GetQueuedCompletionStatus(cphandle Handle, qty *uint32, key *uint32, overlapped **Overlapped, timeout uint32) (err error)
+//sys	PostQueuedCompletionStatus(cphandle Handle, qty uint32, key uint32, overlapped *Overlapped) (err error)
+//sys	CancelIo(s Handle) (err error)
+//sys	CancelIoEx(s Handle, o *Overlapped) (err error)
+//sys	CreateProcess(appName *uint16, commandLine *uint16, procSecurity *SecurityAttributes, threadSecurity *SecurityAttributes, inheritHandles bool, creationFlags uint32, env *uint16, currentDir *uint16, startupInfo *StartupInfo, outProcInfo *ProcessInformation) (err error) = CreateProcessW
+//sys	OpenProcess(desiredAccess uint32, inheritHandle bool, processId uint32) (handle Handle, err error)
+//sys	ShellExecute(hwnd Handle, verb *uint16, file *uint16, args *uint16, cwd *uint16, showCmd int32) (err error) [failretval<=32] = shell32.ShellExecuteW
+//sys	shGetKnownFolderPath(id *KNOWNFOLDERID, flags uint32, token Token, path **uint16) (ret error) = shell32.SHGetKnownFolderPath
+//sys	TerminateProcess(handle Handle, exitcode uint32) (err error)
+//sys	GetExitCodeProcess(handle Handle, exitcode *uint32) (err error)
+//sys	GetStartupInfo(startupInfo *StartupInfo) (err error) = GetStartupInfoW
+//sys	GetProcessTimes(handle Handle, creationTime *Filetime, exitTime *Filetime, kernelTime *Filetime, userTime *Filetime) (err error)
+//sys	DuplicateHandle(hSourceProcessHandle Handle, hSourceHandle Handle, hTargetProcessHandle Handle, lpTargetHandle *Handle, dwDesiredAccess uint32, bInheritHandle bool, dwOptions uint32) (err error)
+//sys	WaitForSingleObject(handle Handle, waitMilliseconds uint32) (event uint32, err error) [failretval==0xffffffff]
+//sys	waitForMultipleObjects(count uint32, handles uintptr, waitAll bool, waitMilliseconds uint32) (event uint32, err error) [failretval==0xffffffff] = WaitForMultipleObjects
+//sys	GetTempPath(buflen uint32, buf *uint16) (n uint32, err error) = GetTempPathW
+//sys	CreatePipe(readhandle *Handle, writehandle *Handle, sa *SecurityAttributes, size uint32) (err error)
+//sys	GetFileType(filehandle Handle) (n uint32, err error)
+//sys	CryptAcquireContext(provhandle *Handle, container *uint16, provider *uint16, provtype uint32, flags uint32) (err error) = advapi32.CryptAcquireContextW
+//sys	CryptReleaseContext(provhandle Handle, flags uint32) (err error) = advapi32.CryptReleaseContext
+//sys	CryptGenRandom(provhandle Handle, buflen uint32, buf *byte) (err error) = advapi32.CryptGenRandom
+//sys	GetEnvironmentStrings() (envs *uint16, err error) [failretval==nil] = kernel32.GetEnvironmentStringsW
+//sys	FreeEnvironmentStrings(envs *uint16) (err error) = kernel32.FreeEnvironmentStringsW
+//sys	GetEnvironmentVariable(name *uint16, buffer *uint16, size uint32) (n uint32, err error) = kernel32.GetEnvironmentVariableW
+//sys	SetEnvironmentVariable(name *uint16, value *uint16) (err error) = kernel32.SetEnvironmentVariableW
+//sys	CreateEnvironmentBlock(block **uint16, token Token, inheritExisting bool) (err error) = userenv.CreateEnvironmentBlock
+//sys	DestroyEnvironmentBlock(block *uint16) (err error) = userenv.DestroyEnvironmentBlock
+//sys	getTickCount64() (ms uint64) = kernel32.GetTickCount64
+//sys	SetFileTime(handle Handle, ctime *Filetime, atime *Filetime, wtime *Filetime) (err error)
+//sys	GetFileAttributes(name *uint16) (attrs uint32, err error) [failretval==INVALID_FILE_ATTRIBUTES] = kernel32.GetFileAttributesW
+//sys	SetFileAttributes(name *uint16, attrs uint32) (err error) = kernel32.SetFileAttributesW
+//sys	GetFileAttributesEx(name *uint16, level uint32, info *byte) (err error) = kernel32.GetFileAttributesExW
+//sys	GetCommandLine() (cmd *uint16) = kernel32.GetCommandLineW
+//sys	CommandLineToArgv(cmd *uint16, argc *int32) (argv *[8192]*[8192]uint16, err error) [failretval==nil] = shell32.CommandLineToArgvW
+//sys	LocalFree(hmem Handle) (handle Handle, err error) [failretval!=0]
+//sys	SetHandleInformation(handle Handle, mask uint32, flags uint32) (err error)
+//sys	FlushFileBuffers(handle Handle) (err error)
+//sys	GetFullPathName(path *uint16, buflen uint32, buf *uint16, fname **uint16) (n uint32, err error) = kernel32.GetFullPathNameW
+//sys	GetLongPathName(path *uint16, buf *uint16, buflen uint32) (n uint32, err error) = kernel32.GetLongPathNameW
+//sys	GetShortPathName(longpath *uint16, shortpath *uint16, buflen uint32) (n uint32, err error) = kernel32.GetShortPathNameW
+//sys	CreateFileMapping(fhandle Handle, sa *SecurityAttributes, prot uint32, maxSizeHigh uint32, maxSizeLow uint32, name *uint16) (handle Handle, err error) = kernel32.CreateFileMappingW
+//sys	MapViewOfFile(handle Handle, access uint32, offsetHigh uint32, offsetLow uint32, length uintptr) (addr uintptr, err error)
+//sys	UnmapViewOfFile(addr uintptr) (err error)
+//sys	FlushViewOfFile(addr uintptr, length uintptr) (err error)
+//sys	VirtualLock(addr uintptr, length uintptr) (err error)
+//sys	VirtualUnlock(addr uintptr, length uintptr) (err error)
+//sys	VirtualAlloc(address uintptr, size uintptr, alloctype uint32, protect uint32) (value uintptr, err error) = kernel32.VirtualAlloc
+//sys	VirtualFree(address uintptr, size uintptr, freetype uint32) (err error) = kernel32.VirtualFree
+//sys	VirtualProtect(address uintptr, size uintptr, newprotect uint32, oldprotect *uint32) (err error) = kernel32.VirtualProtect
+//sys	TransmitFile(s Handle, handle Handle, bytesToWrite uint32, bytsPerSend uint32, overlapped *Overlapped, transmitFileBuf *TransmitFileBuffers, flags uint32) (err error) = mswsock.TransmitFile
+//sys	ReadDirectoryChanges(handle Handle, buf *byte, buflen uint32, watchSubTree bool, mask uint32, retlen *uint32, overlapped *Overlapped, completionRoutine uintptr) (err error) = kernel32.ReadDirectoryChangesW
+//sys	CertOpenSystemStore(hprov Handle, name *uint16) (store Handle, err error) = crypt32.CertOpenSystemStoreW
+//sys   CertOpenStore(storeProvider uintptr, msgAndCertEncodingType uint32, cryptProv uintptr, flags uint32, para uintptr) (handle Handle, err error) [failretval==InvalidHandle] = crypt32.CertOpenStore
+//sys	CertEnumCertificatesInStore(store Handle, prevContext *CertContext) (context *CertContext, err error) [failretval==nil] = crypt32.CertEnumCertificatesInStore
+//sys   CertAddCertificateContextToStore(store Handle, certContext *CertContext, addDisposition uint32, storeContext **CertContext) (err error) = crypt32.CertAddCertificateContextToStore
+//sys	CertCloseStore(store Handle, flags uint32) (err error) = crypt32.CertCloseStore
+//sys   CertGetCertificateChain(engine Handle, leaf *CertContext, time *Filetime, additionalStore Handle, para *CertChainPara, flags uint32, reserved uintptr, chainCtx **CertChainContext) (err error) = crypt32.CertGetCertificateChain
+//sys   CertFreeCertificateChain(ctx *CertChainContext) = crypt32.CertFreeCertificateChain
+//sys   CertCreateCertificateContext(certEncodingType uint32, certEncoded *byte, encodedLen uint32) (context *CertContext, err error) [failretval==nil] = crypt32.CertCreateCertificateContext
+//sys   CertFreeCertificateContext(ctx *CertContext) (err error) = crypt32.CertFreeCertificateContext
+//sys   CertVerifyCertificateChainPolicy(policyOID uintptr, chain *CertChainContext, para *CertChainPolicyPara, status *CertChainPolicyStatus) (err error) = crypt32.CertVerifyCertificateChainPolicy
+//sys	RegOpenKeyEx(key Handle, subkey *uint16, options uint32, desiredAccess uint32, result *Handle) (regerrno error) = advapi32.RegOpenKeyExW
+//sys	RegCloseKey(key Handle) (regerrno error) = advapi32.RegCloseKey
+//sys	RegQueryInfoKey(key Handle, class *uint16, classLen *uint32, reserved *uint32, subkeysLen *uint32, maxSubkeyLen *uint32, maxClassLen *uint32, valuesLen *uint32, maxValueNameLen *uint32, maxValueLen *uint32, saLen *uint32, lastWriteTime *Filetime) (regerrno error) = advapi32.RegQueryInfoKeyW
+//sys	RegEnumKeyEx(key Handle, index uint32, name *uint16, nameLen *uint32, reserved *uint32, class *uint16, classLen *uint32, lastWriteTime *Filetime) (regerrno error) = advapi32.RegEnumKeyExW
+//sys	RegQueryValueEx(key Handle, name *uint16, reserved *uint32, valtype *uint32, buf *byte, buflen *uint32) (regerrno error) = advapi32.RegQueryValueExW
+//sys	GetCurrentProcessId() (pid uint32) = kernel32.GetCurrentProcessId
+//sys	GetConsoleMode(console Handle, mode *uint32) (err error) = kernel32.GetConsoleMode
+//sys	SetConsoleMode(console Handle, mode uint32) (err error) = kernel32.SetConsoleMode
+//sys	GetConsoleScreenBufferInfo(console Handle, info *ConsoleScreenBufferInfo) (err error) = kernel32.GetConsoleScreenBufferInfo
+//sys	WriteConsole(console Handle, buf *uint16, towrite uint32, written *uint32, reserved *byte) (err error) = kernel32.WriteConsoleW
+//sys	ReadConsole(console Handle, buf *uint16, toread uint32, read *uint32, inputControl *byte) (err error) = kernel32.ReadConsoleW
+//sys	CreateToolhelp32Snapshot(flags uint32, processId uint32) (handle Handle, err error) [failretval==InvalidHandle] = kernel32.CreateToolhelp32Snapshot
+//sys	Process32First(snapshot Handle, procEntry *ProcessEntry32) (err error) = kernel32.Process32FirstW
+//sys	Process32Next(snapshot Handle, procEntry *ProcessEntry32) (err error) = kernel32.Process32NextW
+//sys	Thread32First(snapshot Handle, threadEntry *ThreadEntry32) (err error)
+//sys	Thread32Next(snapshot Handle, threadEntry *ThreadEntry32) (err error)
+//sys	DeviceIoControl(handle Handle, ioControlCode uint32, inBuffer *byte, inBufferSize uint32, outBuffer *byte, outBufferSize uint32, bytesReturned *uint32, overlapped *Overlapped) (err error)
+// This function returns 1 byte BOOLEAN rather than the 4 byte BOOL.
+//sys	CreateSymbolicLink(symlinkfilename *uint16, targetfilename *uint16, flags uint32) (err error) [failretval&0xff==0] = CreateSymbolicLinkW
+//sys	CreateHardLink(filename *uint16, existingfilename *uint16, reserved uintptr) (err error) [failretval&0xff==0] = CreateHardLinkW
+//sys	GetCurrentThreadId() (id uint32)
+//sys	CreateEvent(eventAttrs *SecurityAttributes, manualReset uint32, initialState uint32, name *uint16) (handle Handle, err error) = kernel32.CreateEventW
+//sys	CreateEventEx(eventAttrs *SecurityAttributes, name *uint16, flags uint32, desiredAccess uint32) (handle Handle, err error) = kernel32.CreateEventExW
+//sys	OpenEvent(desiredAccess uint32, inheritHandle bool, name *uint16) (handle Handle, err error) = kernel32.OpenEventW
+//sys	SetEvent(event Handle) (err error) = kernel32.SetEvent
+//sys	ResetEvent(event Handle) (err error) = kernel32.ResetEvent
+//sys	PulseEvent(event Handle) (err error) = kernel32.PulseEvent
+//sys	CreateMutex(mutexAttrs *SecurityAttributes, initialOwner bool, name *uint16) (handle Handle, err error) = kernel32.CreateMutexW
+//sys	CreateMutexEx(mutexAttrs *SecurityAttributes, name *uint16, flags uint32, desiredAccess uint32) (handle Handle, err error) = kernel32.CreateMutexExW
+//sys	OpenMutex(desiredAccess uint32, inheritHandle bool, name *uint16) (handle Handle, err error) = kernel32.OpenMutexW
+//sys	ReleaseMutex(mutex Handle) (err error) = kernel32.ReleaseMutex
+//sys	SleepEx(milliseconds uint32, alertable bool) (ret uint32) = kernel32.SleepEx
+//sys	CreateJobObject(jobAttr *SecurityAttributes, name *uint16) (handle Handle, err error) = kernel32.CreateJobObjectW
+//sys	AssignProcessToJobObject(job Handle, process Handle) (err error) = kernel32.AssignProcessToJobObject
+//sys	TerminateJobObject(job Handle, exitCode uint32) (err error) = kernel32.TerminateJobObject
+//sys	SetErrorMode(mode uint32) (ret uint32) = kernel32.SetErrorMode
+//sys	ResumeThread(thread Handle) (ret uint32, err error) [failretval==0xffffffff] = kernel32.ResumeThread
+//sys	SetPriorityClass(process Handle, priorityClass uint32) (err error) = kernel32.SetPriorityClass
+//sys	GetPriorityClass(process Handle) (ret uint32, err error) = kernel32.GetPriorityClass
+//sys	QueryInformationJobObject(job Handle, JobObjectInformationClass int32, JobObjectInformation uintptr, JobObjectInformationLength uint32, retlen *uint32) (err error) = kernel32.QueryInformationJobObject
+//sys	SetInformationJobObject(job Handle, JobObjectInformationClass uint32, JobObjectInformation uintptr, JobObjectInformationLength uint32) (ret int, err error)
+//sys	GenerateConsoleCtrlEvent(ctrlEvent uint32, processGroupID uint32) (err error)
+//sys	GetProcessId(process Handle) (id uint32, err error)
+//sys	OpenThread(desiredAccess uint32, inheritHandle bool, threadId uint32) (handle Handle, err error)
+//sys	SetProcessPriorityBoost(process Handle, disable bool) (err error) = kernel32.SetProcessPriorityBoost
+//sys	GetProcessWorkingSetSizeEx(hProcess Handle, lpMinimumWorkingSetSize *uintptr, lpMaximumWorkingSetSize *uintptr, flags *uint32)
+//sys	SetProcessWorkingSetSizeEx(hProcess Handle, dwMinimumWorkingSetSize uintptr, dwMaximumWorkingSetSize uintptr, flags uint32) (err error)
+
+// Volume Management Functions
+//sys	DefineDosDevice(flags uint32, deviceName *uint16, targetPath *uint16) (err error) = DefineDosDeviceW
+//sys	DeleteVolumeMountPoint(volumeMountPoint *uint16) (err error) = DeleteVolumeMountPointW
+//sys	FindFirstVolume(volumeName *uint16, bufferLength uint32) (handle Handle, err error) [failretval==InvalidHandle] = FindFirstVolumeW
+//sys	FindFirstVolumeMountPoint(rootPathName *uint16, volumeMountPoint *uint16, bufferLength uint32) (handle Handle, err error) [failretval==InvalidHandle] = FindFirstVolumeMountPointW
+//sys	FindNextVolume(findVolume Handle, volumeName *uint16, bufferLength uint32) (err error) = FindNextVolumeW
+//sys	FindNextVolumeMountPoint(findVolumeMountPoint Handle, volumeMountPoint *uint16, bufferLength uint32) (err error) = FindNextVolumeMountPointW
+//sys	FindVolumeClose(findVolume Handle) (err error)
+//sys	FindVolumeMountPointClose(findVolumeMountPoint Handle) (err error)
+//sys	GetDiskFreeSpaceEx(directoryName *uint16, freeBytesAvailableToCaller *uint64, totalNumberOfBytes *uint64, totalNumberOfFreeBytes *uint64) (err error) = GetDiskFreeSpaceExW
+//sys	GetDriveType(rootPathName *uint16) (driveType uint32) = GetDriveTypeW
+//sys	GetLogicalDrives() (drivesBitMask uint32, err error) [failretval==0]
+//sys	GetLogicalDriveStrings(bufferLength uint32, buffer *uint16) (n uint32, err error) [failretval==0] = GetLogicalDriveStringsW
+//sys	GetVolumeInformation(rootPathName *uint16, volumeNameBuffer *uint16, volumeNameSize uint32, volumeNameSerialNumber *uint32, maximumComponentLength *uint32, fileSystemFlags *uint32, fileSystemNameBuffer *uint16, fileSystemNameSize uint32) (err error) = GetVolumeInformationW
+//sys	GetVolumeInformationByHandle(file Handle, volumeNameBuffer *uint16, volumeNameSize uint32, volumeNameSerialNumber *uint32, maximumComponentLength *uint32, fileSystemFlags *uint32, fileSystemNameBuffer *uint16, fileSystemNameSize uint32) (err error) = GetVolumeInformationByHandleW
+//sys	GetVolumeNameForVolumeMountPoint(volumeMountPoint *uint16, volumeName *uint16, bufferlength uint32) (err error) = GetVolumeNameForVolumeMountPointW
+//sys	GetVolumePathName(fileName *uint16, volumePathName *uint16, bufferLength uint32) (err error) = GetVolumePathNameW
+//sys	GetVolumePathNamesForVolumeName(volumeName *uint16, volumePathNames *uint16, bufferLength uint32, returnLength *uint32) (err error) = GetVolumePathNamesForVolumeNameW
+//sys	QueryDosDevice(deviceName *uint16, targetPath *uint16, max uint32) (n uint32, err error) [failretval==0] = QueryDosDeviceW
+//sys	SetVolumeLabel(rootPathName *uint16, volumeName *uint16) (err error) = SetVolumeLabelW
+//sys	SetVolumeMountPoint(volumeMountPoint *uint16, volumeName *uint16) (err error) = SetVolumeMountPointW
+//sys	MessageBox(hwnd Handle, text *uint16, caption *uint16, boxtype uint32) (ret int32, err error) [failretval==0] = user32.MessageBoxW
+//sys	ExitWindowsEx(flags uint32, reason uint32) (err error) = user32.ExitWindowsEx
+//sys	InitiateSystemShutdownEx(machineName *uint16, message *uint16, timeout uint32, forceAppsClosed bool, rebootAfterShutdown bool, reason uint32) (err error) = advapi32.InitiateSystemShutdownExW
+//sys	SetProcessShutdownParameters(level uint32, flags uint32) (err error) = kernel32.SetProcessShutdownParameters
+//sys	GetProcessShutdownParameters(level *uint32, flags *uint32) (err error) = kernel32.GetProcessShutdownParameters
+//sys	clsidFromString(lpsz *uint16, pclsid *GUID) (ret error) = ole32.CLSIDFromString
+//sys	stringFromGUID2(rguid *GUID, lpsz *uint16, cchMax int32) (chars int32) = ole32.StringFromGUID2
+//sys	coCreateGuid(pguid *GUID) (ret error) = ole32.CoCreateGuid
+//sys	CoTaskMemFree(address unsafe.Pointer) = ole32.CoTaskMemFree
+//sys	rtlGetVersion(info *OsVersionInfoEx) (ret error) = ntdll.RtlGetVersion
+//sys	rtlGetNtVersionNumbers(majorVersion *uint32, minorVersion *uint32, buildNumber *uint32) = ntdll.RtlGetNtVersionNumbers
+//sys	getProcessPreferredUILanguages(flags uint32, numLanguages *uint32, buf *uint16, bufSize *uint32) (err error) = kernel32.GetProcessPreferredUILanguages
+//sys	getThreadPreferredUILanguages(flags uint32, numLanguages *uint32, buf *uint16, bufSize *uint32) (err error) = kernel32.GetThreadPreferredUILanguages
+//sys	getUserPreferredUILanguages(flags uint32, numLanguages *uint32, buf *uint16, bufSize *uint32) (err error) = kernel32.GetUserPreferredUILanguages
+//sys	getSystemPreferredUILanguages(flags uint32, numLanguages *uint32, buf *uint16, bufSize *uint32) (err error) = kernel32.GetSystemPreferredUILanguages
+
+// Process Status API (PSAPI)
+//sys	EnumProcesses(processIds []uint32, bytesReturned *uint32) (err error) = psapi.EnumProcesses
+
+// syscall interface implementation for other packages
+
+// GetCurrentProcess returns the handle for the current process.
+// It is a pseudo handle that does not need to be closed.
+// The returned error is always nil.
+//
+// Deprecated: use CurrentProcess for the same Handle without the nil
+// error.
+func GetCurrentProcess() (Handle, error) {
+	return CurrentProcess(), nil
+}
+
+// CurrentProcess returns the handle for the current process.
+// It is a pseudo handle that does not need to be closed.
+func CurrentProcess() Handle { return Handle(^uintptr(1 - 1)) }
+
+// GetCurrentThread returns the handle for the current thread.
+// It is a pseudo handle that does not need to be closed.
+// The returned error is always nil.
+//
+// Deprecated: use CurrentThread for the same Handle without the nil
+// error.
+func GetCurrentThread() (Handle, error) {
+	return CurrentThread(), nil
+}
+
+// CurrentThread returns the handle for the current thread.
+// It is a pseudo handle that does not need to be closed.
+func CurrentThread() Handle { return Handle(^uintptr(2 - 1)) }
+
+// GetProcAddressByOrdinal retrieves the address of the exported
+// function from module by ordinal.
+func GetProcAddressByOrdinal(module Handle, ordinal uintptr) (proc uintptr, err error) {
+	r0, _, e1 := syscall.Syscall(procGetProcAddress.Addr(), 2, uintptr(module), ordinal, 0)
+	proc = uintptr(r0)
+	if proc == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func Exit(code int) { ExitProcess(uint32(code)) }
+
+func makeInheritSa() *SecurityAttributes {
+	var sa SecurityAttributes
+	sa.Length = uint32(unsafe.Sizeof(sa))
+	sa.InheritHandle = 1
+	return &sa
+}
+
+func Open(path string, mode int, perm uint32) (fd Handle, err error) {
+	if len(path) == 0 {
+		return InvalidHandle, ERROR_FILE_NOT_FOUND
+	}
+	pathp, err := UTF16PtrFromString(path)
+	if err != nil {
+		return InvalidHandle, err
+	}
+	var access uint32
+	switch mode & (O_RDONLY | O_WRONLY | O_RDWR) {
+	case O_RDONLY:
+		access = GENERIC_READ
+	case O_WRONLY:
+		access = GENERIC_WRITE
+	case O_RDWR:
+		access = GENERIC_READ | GENERIC_WRITE
+	}
+	if mode&O_CREAT != 0 {
+		access |= GENERIC_WRITE
+	}
+	if mode&O_APPEND != 0 {
+		access &^= GENERIC_WRITE
+		access |= FILE_APPEND_DATA
+	}
+	sharemode := uint32(FILE_SHARE_READ | FILE_SHARE_WRITE)
+	var sa *SecurityAttributes
+	if mode&O_CLOEXEC == 0 {
+		sa = makeInheritSa()
+	}
+	var createmode uint32
+	switch {
+	case mode&(O_CREAT|O_EXCL) == (O_CREAT | O_EXCL):
+		createmode = CREATE_NEW
+	case mode&(O_CREAT|O_TRUNC) == (O_CREAT | O_TRUNC):
+		createmode = CREATE_ALWAYS
+	case mode&O_CREAT == O_CREAT:
+		createmode = OPEN_ALWAYS
+	case mode&O_TRUNC == O_TRUNC:
+		createmode = TRUNCATE_EXISTING
+	default:
+		createmode = OPEN_EXISTING
+	}
+	var attrs uint32 = FILE_ATTRIBUTE_NORMAL
+	if perm&S_IWRITE == 0 {
+		attrs = FILE_ATTRIBUTE_READONLY
+	}
+	h, e := CreateFile(pathp, access, sharemode, sa, createmode, attrs, 0)
+	return h, e
+}
+
+func Read(fd Handle, p []byte) (n int, err error) {
+	var done uint32
+	e := ReadFile(fd, p, &done, nil)
+	if e != nil {
+		if e == ERROR_BROKEN_PIPE {
+			// NOTE(brainman): work around ERROR_BROKEN_PIPE is returned on reading EOF from stdin
+			return 0, nil
+		}
+		return 0, e
+	}
+	if raceenabled {
+		if done > 0 {
+			raceWriteRange(unsafe.Pointer(&p[0]), int(done))
+		}
+		raceAcquire(unsafe.Pointer(&ioSync))
+	}
+	return int(done), nil
+}
+
+func Write(fd Handle, p []byte) (n int, err error) {
+	if raceenabled {
+		raceReleaseMerge(unsafe.Pointer(&ioSync))
+	}
+	var done uint32
+	e := WriteFile(fd, p, &done, nil)
+	if e != nil {
+		return 0, e
+	}
+	if raceenabled && done > 0 {
+		raceReadRange(unsafe.Pointer(&p[0]), int(done))
+	}
+	return int(done), nil
+}
+
+var ioSync int64
+
+func Seek(fd Handle, offset int64, whence int) (newoffset int64, err error) {
+	var w uint32
+	switch whence {
+	case 0:
+		w = FILE_BEGIN
+	case 1:
+		w = FILE_CURRENT
+	case 2:
+		w = FILE_END
+	}
+	hi := int32(offset >> 32)
+	lo := int32(offset)
+	// use GetFileType to check pipe, pipe can't do seek
+	ft, _ := GetFileType(fd)
+	if ft == FILE_TYPE_PIPE {
+		return 0, syscall.EPIPE
+	}
+	rlo, e := SetFilePointer(fd, lo, &hi, w)
+	if e != nil {
+		return 0, e
+	}
+	return int64(hi)<<32 + int64(rlo), nil
+}
+
+func Close(fd Handle) (err error) {
+	return CloseHandle(fd)
+}
+
+var (
+	Stdin  = getStdHandle(STD_INPUT_HANDLE)
+	Stdout = getStdHandle(STD_OUTPUT_HANDLE)
+	Stderr = getStdHandle(STD_ERROR_HANDLE)
+)
+
+func getStdHandle(stdhandle uint32) (fd Handle) {
+	r, _ := GetStdHandle(stdhandle)
+	CloseOnExec(r)
+	return r
+}
+
+const ImplementsGetwd = true
+
+func Getwd() (wd string, err error) {
+	b := make([]uint16, 300)
+	n, e := GetCurrentDirectory(uint32(len(b)), &b[0])
+	if e != nil {
+		return "", e
+	}
+	return string(utf16.Decode(b[0:n])), nil
+}
+
+func Chdir(path string) (err error) {
+	pathp, err := UTF16PtrFromString(path)
+	if err != nil {
+		return err
+	}
+	return SetCurrentDirectory(pathp)
+}
+
+func Mkdir(path string, mode uint32) (err error) {
+	pathp, err := UTF16PtrFromString(path)
+	if err != nil {
+		return err
+	}
+	return CreateDirectory(pathp, nil)
+}
+
+func Rmdir(path string) (err error) {
+	pathp, err := UTF16PtrFromString(path)
+	if err != nil {
+		return err
+	}
+	return RemoveDirectory(pathp)
+}
+
+func Unlink(path string) (err error) {
+	pathp, err := UTF16PtrFromString(path)
+	if err != nil {
+		return err
+	}
+	return DeleteFile(pathp)
+}
+
+func Rename(oldpath, newpath string) (err error) {
+	from, err := UTF16PtrFromString(oldpath)
+	if err != nil {
+		return err
+	}
+	to, err := UTF16PtrFromString(newpath)
+	if err != nil {
+		return err
+	}
+	return MoveFileEx(from, to, MOVEFILE_REPLACE_EXISTING)
+}
+
+func ComputerName() (name string, err error) {
+	var n uint32 = MAX_COMPUTERNAME_LENGTH + 1
+	b := make([]uint16, n)
+	e := GetComputerName(&b[0], &n)
+	if e != nil {
+		return "", e
+	}
+	return string(utf16.Decode(b[0:n])), nil
+}
+
+func DurationSinceBoot() time.Duration {
+	return time.Duration(getTickCount64()) * time.Millisecond
+}
+
+func Ftruncate(fd Handle, length int64) (err error) {
+	curoffset, e := Seek(fd, 0, 1)
+	if e != nil {
+		return e
+	}
+	defer Seek(fd, curoffset, 0)
+	_, e = Seek(fd, length, 0)
+	if e != nil {
+		return e
+	}
+	e = SetEndOfFile(fd)
+	if e != nil {
+		return e
+	}
+	return nil
+}
+
+func Gettimeofday(tv *Timeval) (err error) {
+	var ft Filetime
+	GetSystemTimeAsFileTime(&ft)
+	*tv = NsecToTimeval(ft.Nanoseconds())
+	return nil
+}
+
+func Pipe(p []Handle) (err error) {
+	if len(p) != 2 {
+		return syscall.EINVAL
+	}
+	var r, w Handle
+	e := CreatePipe(&r, &w, makeInheritSa(), 0)
+	if e != nil {
+		return e
+	}
+	p[0] = r
+	p[1] = w
+	return nil
+}
+
+func Utimes(path string, tv []Timeval) (err error) {
+	if len(tv) != 2 {
+		return syscall.EINVAL
+	}
+	pathp, e := UTF16PtrFromString(path)
+	if e != nil {
+		return e
+	}
+	h, e := CreateFile(pathp,
+		FILE_WRITE_ATTRIBUTES, FILE_SHARE_WRITE, nil,
+		OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, 0)
+	if e != nil {
+		return e
+	}
+	defer Close(h)
+	a := NsecToFiletime(tv[0].Nanoseconds())
+	w := NsecToFiletime(tv[1].Nanoseconds())
+	return SetFileTime(h, nil, &a, &w)
+}
+
+func UtimesNano(path string, ts []Timespec) (err error) {
+	if len(ts) != 2 {
+		return syscall.EINVAL
+	}
+	pathp, e := UTF16PtrFromString(path)
+	if e != nil {
+		return e
+	}
+	h, e := CreateFile(pathp,
+		FILE_WRITE_ATTRIBUTES, FILE_SHARE_WRITE, nil,
+		OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, 0)
+	if e != nil {
+		return e
+	}
+	defer Close(h)
+	a := NsecToFiletime(TimespecToNsec(ts[0]))
+	w := NsecToFiletime(TimespecToNsec(ts[1]))
+	return SetFileTime(h, nil, &a, &w)
+}
+
+func Fsync(fd Handle) (err error) {
+	return FlushFileBuffers(fd)
+}
+
+func Chmod(path string, mode uint32) (err error) {
+	p, e := UTF16PtrFromString(path)
+	if e != nil {
+		return e
+	}
+	attrs, e := GetFileAttributes(p)
+	if e != nil {
+		return e
+	}
+	if mode&S_IWRITE != 0 {
+		attrs &^= FILE_ATTRIBUTE_READONLY
+	} else {
+		attrs |= FILE_ATTRIBUTE_READONLY
+	}
+	return SetFileAttributes(p, attrs)
+}
+
+func LoadGetSystemTimePreciseAsFileTime() error {
+	return procGetSystemTimePreciseAsFileTime.Find()
+}
+
+func LoadCancelIoEx() error {
+	return procCancelIoEx.Find()
+}
+
+func LoadSetFileCompletionNotificationModes() error {
+	return procSetFileCompletionNotificationModes.Find()
+}
+
+func WaitForMultipleObjects(handles []Handle, waitAll bool, waitMilliseconds uint32) (event uint32, err error) {
+	// Every other win32 array API takes arguments as "pointer, count", except for this function. So we
+	// can't declare it as a usual [] type, because mksyscall will use the opposite order. We therefore
+	// trivially stub this ourselves.
+
+	var handlePtr *Handle
+	if len(handles) > 0 {
+		handlePtr = &handles[0]
+	}
+	return waitForMultipleObjects(uint32(len(handles)), uintptr(unsafe.Pointer(handlePtr)), waitAll, waitMilliseconds)
+}
+
+// net api calls
+
+const socket_error = uintptr(^uint32(0))
+
+//sys	WSAStartup(verreq uint32, data *WSAData) (sockerr error) = ws2_32.WSAStartup
+//sys	WSACleanup() (err error) [failretval==socket_error] = ws2_32.WSACleanup
+//sys	WSAIoctl(s Handle, iocc uint32, inbuf *byte, cbif uint32, outbuf *byte, cbob uint32, cbbr *uint32, overlapped *Overlapped, completionRoutine uintptr) (err error) [failretval==socket_error] = ws2_32.WSAIoctl
+//sys	socket(af int32, typ int32, protocol int32) (handle Handle, err error) [failretval==InvalidHandle] = ws2_32.socket
+//sys	sendto(s Handle, buf []byte, flags int32, to unsafe.Pointer, tolen int32) (err error) [failretval==socket_error] = ws2_32.sendto
+//sys	recvfrom(s Handle, buf []byte, flags int32, from *RawSockaddrAny, fromlen *int32) (n int32, err error) [failretval==-1] = ws2_32.recvfrom
+//sys	Setsockopt(s Handle, level int32, optname int32, optval *byte, optlen int32) (err error) [failretval==socket_error] = ws2_32.setsockopt
+//sys	Getsockopt(s Handle, level int32, optname int32, optval *byte, optlen *int32) (err error) [failretval==socket_error] = ws2_32.getsockopt
+//sys	bind(s Handle, name unsafe.Pointer, namelen int32) (err error) [failretval==socket_error] = ws2_32.bind
+//sys	connect(s Handle, name unsafe.Pointer, namelen int32) (err error) [failretval==socket_error] = ws2_32.connect
+//sys	getsockname(s Handle, rsa *RawSockaddrAny, addrlen *int32) (err error) [failretval==socket_error] = ws2_32.getsockname
+//sys	getpeername(s Handle, rsa *RawSockaddrAny, addrlen *int32) (err error) [failretval==socket_error] = ws2_32.getpeername
+//sys	listen(s Handle, backlog int32) (err error) [failretval==socket_error] = ws2_32.listen
+//sys	shutdown(s Handle, how int32) (err error) [failretval==socket_error] = ws2_32.shutdown
+//sys	Closesocket(s Handle) (err error) [failretval==socket_error] = ws2_32.closesocket
+//sys	AcceptEx(ls Handle, as Handle, buf *byte, rxdatalen uint32, laddrlen uint32, raddrlen uint32, recvd *uint32, overlapped *Overlapped) (err error) = mswsock.AcceptEx
+//sys	GetAcceptExSockaddrs(buf *byte, rxdatalen uint32, laddrlen uint32, raddrlen uint32, lrsa **RawSockaddrAny, lrsalen *int32, rrsa **RawSockaddrAny, rrsalen *int32) = mswsock.GetAcceptExSockaddrs
+//sys	WSARecv(s Handle, bufs *WSABuf, bufcnt uint32, recvd *uint32, flags *uint32, overlapped *Overlapped, croutine *byte) (err error) [failretval==socket_error] = ws2_32.WSARecv
+//sys	WSASend(s Handle, bufs *WSABuf, bufcnt uint32, sent *uint32, flags uint32, overlapped *Overlapped, croutine *byte) (err error) [failretval==socket_error] = ws2_32.WSASend
+//sys	WSARecvFrom(s Handle, bufs *WSABuf, bufcnt uint32, recvd *uint32, flags *uint32,  from *RawSockaddrAny, fromlen *int32, overlapped *Overlapped, croutine *byte) (err error) [failretval==socket_error] = ws2_32.WSARecvFrom
+//sys	WSASendTo(s Handle, bufs *WSABuf, bufcnt uint32, sent *uint32, flags uint32, to *RawSockaddrAny, tolen int32,  overlapped *Overlapped, croutine *byte) (err error) [failretval==socket_error] = ws2_32.WSASendTo
+//sys	GetHostByName(name string) (h *Hostent, err error) [failretval==nil] = ws2_32.gethostbyname
+//sys	GetServByName(name string, proto string) (s *Servent, err error) [failretval==nil] = ws2_32.getservbyname
+//sys	Ntohs(netshort uint16) (u uint16) = ws2_32.ntohs
+//sys	GetProtoByName(name string) (p *Protoent, err error) [failretval==nil] = ws2_32.getprotobyname
+//sys	DnsQuery(name string, qtype uint16, options uint32, extra *byte, qrs **DNSRecord, pr *byte) (status error) = dnsapi.DnsQuery_W
+//sys	DnsRecordListFree(rl *DNSRecord, freetype uint32) = dnsapi.DnsRecordListFree
+//sys	DnsNameCompare(name1 *uint16, name2 *uint16) (same bool) = dnsapi.DnsNameCompare_W
+//sys	GetAddrInfoW(nodename *uint16, servicename *uint16, hints *AddrinfoW, result **AddrinfoW) (sockerr error) = ws2_32.GetAddrInfoW
+//sys	FreeAddrInfoW(addrinfo *AddrinfoW) = ws2_32.FreeAddrInfoW
+//sys	GetIfEntry(pIfRow *MibIfRow) (errcode error) = iphlpapi.GetIfEntry
+//sys	GetAdaptersInfo(ai *IpAdapterInfo, ol *uint32) (errcode error) = iphlpapi.GetAdaptersInfo
+//sys	SetFileCompletionNotificationModes(handle Handle, flags uint8) (err error) = kernel32.SetFileCompletionNotificationModes
+//sys	WSAEnumProtocols(protocols *int32, protocolBuffer *WSAProtocolInfo, bufferLength *uint32) (n int32, err error) [failretval==-1] = ws2_32.WSAEnumProtocolsW
+//sys	GetAdaptersAddresses(family uint32, flags uint32, reserved uintptr, adapterAddresses *IpAdapterAddresses, sizePointer *uint32) (errcode error) = iphlpapi.GetAdaptersAddresses
+//sys	GetACP() (acp uint32) = kernel32.GetACP
+//sys	MultiByteToWideChar(codePage uint32, dwFlags uint32, str *byte, nstr int32, wchar *uint16, nwchar int32) (nwrite int32, err error) = kernel32.MultiByteToWideChar
+
+// For testing: clients can set this flag to force
+// creation of IPv6 sockets to return EAFNOSUPPORT.
+var SocketDisableIPv6 bool
+
+type RawSockaddrInet4 struct {
+	Family uint16
+	Port   uint16
+	Addr   [4]byte /* in_addr */
+	Zero   [8]uint8
+}
+
+type RawSockaddrInet6 struct {
+	Family   uint16
+	Port     uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+}
+
+type RawSockaddr struct {
+	Family uint16
+	Data   [14]int8
+}
+
+type RawSockaddrAny struct {
+	Addr RawSockaddr
+	Pad  [100]int8
+}
+
+type Sockaddr interface {
+	sockaddr() (ptr unsafe.Pointer, len int32, err error) // lowercase; only we can define Sockaddrs
+}
+
+type SockaddrInet4 struct {
+	Port int
+	Addr [4]byte
+	raw  RawSockaddrInet4
+}
+
+func (sa *SockaddrInet4) sockaddr() (unsafe.Pointer, int32, error) {
+	if sa.Port < 0 || sa.Port > 0xFFFF {
+		return nil, 0, syscall.EINVAL
+	}
+	sa.raw.Family = AF_INET
+	p := (*[2]byte)(unsafe.Pointer(&sa.raw.Port))
+	p[0] = byte(sa.Port >> 8)
+	p[1] = byte(sa.Port)
+	for i := 0; i < len(sa.Addr); i++ {
+		sa.raw.Addr[i] = sa.Addr[i]
+	}
+	return unsafe.Pointer(&sa.raw), int32(unsafe.Sizeof(sa.raw)), nil
+}
+
+type SockaddrInet6 struct {
+	Port   int
+	ZoneId uint32
+	Addr   [16]byte
+	raw    RawSockaddrInet6
+}
+
+func (sa *SockaddrInet6) sockaddr() (unsafe.Pointer, int32, error) {
+	if sa.Port < 0 || sa.Port > 0xFFFF {
+		return nil, 0, syscall.EINVAL
+	}
+	sa.raw.Family = AF_INET6
+	p := (*[2]byte)(unsafe.Pointer(&sa.raw.Port))
+	p[0] = byte(sa.Port >> 8)
+	p[1] = byte(sa.Port)
+	sa.raw.Scope_id = sa.ZoneId
+	for i := 0; i < len(sa.Addr); i++ {
+		sa.raw.Addr[i] = sa.Addr[i]
+	}
+	return unsafe.Pointer(&sa.raw), int32(unsafe.Sizeof(sa.raw)), nil
+}
+
+type RawSockaddrUnix struct {
+	Family uint16
+	Path   [UNIX_PATH_MAX]int8
+}
+
+type SockaddrUnix struct {
+	Name string
+	raw  RawSockaddrUnix
+}
+
+func (sa *SockaddrUnix) sockaddr() (unsafe.Pointer, int32, error) {
+	name := sa.Name
+	n := len(name)
+	if n > len(sa.raw.Path) {
+		return nil, 0, syscall.EINVAL
+	}
+	if n == len(sa.raw.Path) && name[0] != '@' {
+		return nil, 0, syscall.EINVAL
+	}
+	sa.raw.Family = AF_UNIX
+	for i := 0; i < n; i++ {
+		sa.raw.Path[i] = int8(name[i])
+	}
+	// length is family (uint16), name, NUL.
+	sl := int32(2)
+	if n > 0 {
+		sl += int32(n) + 1
+	}
+	if sa.raw.Path[0] == '@' {
+		sa.raw.Path[0] = 0
+		// Don't count trailing NUL for abstract address.
+		sl--
+	}
+
+	return unsafe.Pointer(&sa.raw), sl, nil
+}
+
+func (rsa *RawSockaddrAny) Sockaddr() (Sockaddr, error) {
+	switch rsa.Addr.Family {
+	case AF_UNIX:
+		pp := (*RawSockaddrUnix)(unsafe.Pointer(rsa))
+		sa := new(SockaddrUnix)
+		if pp.Path[0] == 0 {
+			// "Abstract" Unix domain socket.
+			// Rewrite leading NUL as @ for textual display.
+			// (This is the standard convention.)
+			// Not friendly to overwrite in place,
+			// but the callers below don't care.
+			pp.Path[0] = '@'
+		}
+
+		// Assume path ends at NUL.
+		// This is not technically the Linux semantics for
+		// abstract Unix domain sockets--they are supposed
+		// to be uninterpreted fixed-size binary blobs--but
+		// everyone uses this convention.
+		n := 0
+		for n < len(pp.Path) && pp.Path[n] != 0 {
+			n++
+		}
+		bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n]
+		sa.Name = string(bytes)
+		return sa, nil
+
+	case AF_INET:
+		pp := (*RawSockaddrInet4)(unsafe.Pointer(rsa))
+		sa := new(SockaddrInet4)
+		p := (*[2]byte)(unsafe.Pointer(&pp.Port))
+		sa.Port = int(p[0])<<8 + int(p[1])
+		for i := 0; i < len(sa.Addr); i++ {
+			sa.Addr[i] = pp.Addr[i]
+		}
+		return sa, nil
+
+	case AF_INET6:
+		pp := (*RawSockaddrInet6)(unsafe.Pointer(rsa))
+		sa := new(SockaddrInet6)
+		p := (*[2]byte)(unsafe.Pointer(&pp.Port))
+		sa.Port = int(p[0])<<8 + int(p[1])
+		sa.ZoneId = pp.Scope_id
+		for i := 0; i < len(sa.Addr); i++ {
+			sa.Addr[i] = pp.Addr[i]
+		}
+		return sa, nil
+	}
+	return nil, syscall.EAFNOSUPPORT
+}
+
+func Socket(domain, typ, proto int) (fd Handle, err error) {
+	if domain == AF_INET6 && SocketDisableIPv6 {
+		return InvalidHandle, syscall.EAFNOSUPPORT
+	}
+	return socket(int32(domain), int32(typ), int32(proto))
+}
+
+func SetsockoptInt(fd Handle, level, opt int, value int) (err error) {
+	v := int32(value)
+	return Setsockopt(fd, int32(level), int32(opt), (*byte)(unsafe.Pointer(&v)), int32(unsafe.Sizeof(v)))
+}
+
+func Bind(fd Handle, sa Sockaddr) (err error) {
+	ptr, n, err := sa.sockaddr()
+	if err != nil {
+		return err
+	}
+	return bind(fd, ptr, n)
+}
+
+func Connect(fd Handle, sa Sockaddr) (err error) {
+	ptr, n, err := sa.sockaddr()
+	if err != nil {
+		return err
+	}
+	return connect(fd, ptr, n)
+}
+
+func Getsockname(fd Handle) (sa Sockaddr, err error) {
+	var rsa RawSockaddrAny
+	l := int32(unsafe.Sizeof(rsa))
+	if err = getsockname(fd, &rsa, &l); err != nil {
+		return
+	}
+	return rsa.Sockaddr()
+}
+
+func Getpeername(fd Handle) (sa Sockaddr, err error) {
+	var rsa RawSockaddrAny
+	l := int32(unsafe.Sizeof(rsa))
+	if err = getpeername(fd, &rsa, &l); err != nil {
+		return
+	}
+	return rsa.Sockaddr()
+}
+
+func Listen(s Handle, n int) (err error) {
+	return listen(s, int32(n))
+}
+
+func Shutdown(fd Handle, how int) (err error) {
+	return shutdown(fd, int32(how))
+}
+
+func WSASendto(s Handle, bufs *WSABuf, bufcnt uint32, sent *uint32, flags uint32, to Sockaddr, overlapped *Overlapped, croutine *byte) (err error) {
+	rsa, l, err := to.sockaddr()
+	if err != nil {
+		return err
+	}
+	return WSASendTo(s, bufs, bufcnt, sent, flags, (*RawSockaddrAny)(unsafe.Pointer(rsa)), l, overlapped, croutine)
+}
+
+func LoadGetAddrInfo() error {
+	return procGetAddrInfoW.Find()
+}
+
+var connectExFunc struct {
+	once sync.Once
+	addr uintptr
+	err  error
+}
+
+func LoadConnectEx() error {
+	connectExFunc.once.Do(func() {
+		var s Handle
+		s, connectExFunc.err = Socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)
+		if connectExFunc.err != nil {
+			return
+		}
+		defer CloseHandle(s)
+		var n uint32
+		connectExFunc.err = WSAIoctl(s,
+			SIO_GET_EXTENSION_FUNCTION_POINTER,
+			(*byte)(unsafe.Pointer(&WSAID_CONNECTEX)),
+			uint32(unsafe.Sizeof(WSAID_CONNECTEX)),
+			(*byte)(unsafe.Pointer(&connectExFunc.addr)),
+			uint32(unsafe.Sizeof(connectExFunc.addr)),
+			&n, nil, 0)
+	})
+	return connectExFunc.err
+}
+
+func connectEx(s Handle, name unsafe.Pointer, namelen int32, sendBuf *byte, sendDataLen uint32, bytesSent *uint32, overlapped *Overlapped) (err error) {
+	r1, _, e1 := syscall.Syscall9(connectExFunc.addr, 7, uintptr(s), uintptr(name), uintptr(namelen), uintptr(unsafe.Pointer(sendBuf)), uintptr(sendDataLen), uintptr(unsafe.Pointer(bytesSent)), uintptr(unsafe.Pointer(overlapped)), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = error(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func ConnectEx(fd Handle, sa Sockaddr, sendBuf *byte, sendDataLen uint32, bytesSent *uint32, overlapped *Overlapped) error {
+	err := LoadConnectEx()
+	if err != nil {
+		return errorspkg.New("failed to find ConnectEx: " + err.Error())
+	}
+	ptr, n, err := sa.sockaddr()
+	if err != nil {
+		return err
+	}
+	return connectEx(fd, ptr, n, sendBuf, sendDataLen, bytesSent, overlapped)
+}
+
+var sendRecvMsgFunc struct {
+	once     sync.Once
+	sendAddr uintptr
+	recvAddr uintptr
+	err      error
+}
+
+func loadWSASendRecvMsg() error {
+	sendRecvMsgFunc.once.Do(func() {
+		var s Handle
+		s, sendRecvMsgFunc.err = Socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)
+		if sendRecvMsgFunc.err != nil {
+			return
+		}
+		defer CloseHandle(s)
+		var n uint32
+		sendRecvMsgFunc.err = WSAIoctl(s,
+			SIO_GET_EXTENSION_FUNCTION_POINTER,
+			(*byte)(unsafe.Pointer(&WSAID_WSARECVMSG)),
+			uint32(unsafe.Sizeof(WSAID_WSARECVMSG)),
+			(*byte)(unsafe.Pointer(&sendRecvMsgFunc.recvAddr)),
+			uint32(unsafe.Sizeof(sendRecvMsgFunc.recvAddr)),
+			&n, nil, 0)
+		if sendRecvMsgFunc.err != nil {
+			return
+		}
+		sendRecvMsgFunc.err = WSAIoctl(s,
+			SIO_GET_EXTENSION_FUNCTION_POINTER,
+			(*byte)(unsafe.Pointer(&WSAID_WSASENDMSG)),
+			uint32(unsafe.Sizeof(WSAID_WSASENDMSG)),
+			(*byte)(unsafe.Pointer(&sendRecvMsgFunc.sendAddr)),
+			uint32(unsafe.Sizeof(sendRecvMsgFunc.sendAddr)),
+			&n, nil, 0)
+	})
+	return sendRecvMsgFunc.err
+}
+
+func WSASendMsg(fd Handle, msg *WSAMsg, flags uint32, bytesSent *uint32, overlapped *Overlapped, croutine *byte) error {
+	err := loadWSASendRecvMsg()
+	if err != nil {
+		return err
+	}
+	r1, _, e1 := syscall.Syscall6(sendRecvMsgFunc.sendAddr, 6, uintptr(fd), uintptr(unsafe.Pointer(msg)), uintptr(flags), uintptr(unsafe.Pointer(bytesSent)), uintptr(unsafe.Pointer(overlapped)), uintptr(unsafe.Pointer(croutine)))
+	if r1 == socket_error {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return err
+}
+
+func WSARecvMsg(fd Handle, msg *WSAMsg, bytesReceived *uint32, overlapped *Overlapped, croutine *byte) error {
+	err := loadWSASendRecvMsg()
+	if err != nil {
+		return err
+	}
+	r1, _, e1 := syscall.Syscall6(sendRecvMsgFunc.recvAddr, 5, uintptr(fd), uintptr(unsafe.Pointer(msg)), uintptr(unsafe.Pointer(bytesReceived)), uintptr(unsafe.Pointer(overlapped)), uintptr(unsafe.Pointer(croutine)), 0)
+	if r1 == socket_error {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return err
+}
+
+// Invented structures to support what package os expects.
+type Rusage struct {
+	CreationTime Filetime
+	ExitTime     Filetime
+	KernelTime   Filetime
+	UserTime     Filetime
+}
+
+type WaitStatus struct {
+	ExitCode uint32
+}
+
+func (w WaitStatus) Exited() bool { return true }
+
+func (w WaitStatus) ExitStatus() int { return int(w.ExitCode) }
+
+func (w WaitStatus) Signal() Signal { return -1 }
+
+func (w WaitStatus) CoreDump() bool { return false }
+
+func (w WaitStatus) Stopped() bool { return false }
+
+func (w WaitStatus) Continued() bool { return false }
+
+func (w WaitStatus) StopSignal() Signal { return -1 }
+
+func (w WaitStatus) Signaled() bool { return false }
+
+func (w WaitStatus) TrapCause() int { return -1 }
+
+// Timespec is an invented structure on Windows, but here for
+// consistency with the corresponding package for other operating systems.
+type Timespec struct {
+	Sec  int64
+	Nsec int64
+}
+
+func TimespecToNsec(ts Timespec) int64 { return int64(ts.Sec)*1e9 + int64(ts.Nsec) }
+
+func NsecToTimespec(nsec int64) (ts Timespec) {
+	ts.Sec = nsec / 1e9
+	ts.Nsec = nsec % 1e9
+	return
+}
+
+// TODO(brainman): fix all needed for net
+
+func Accept(fd Handle) (nfd Handle, sa Sockaddr, err error) { return 0, nil, syscall.EWINDOWS }
+
+func Recvfrom(fd Handle, p []byte, flags int) (n int, from Sockaddr, err error) {
+	var rsa RawSockaddrAny
+	l := int32(unsafe.Sizeof(rsa))
+	n32, err := recvfrom(fd, p, int32(flags), &rsa, &l)
+	n = int(n32)
+	if err != nil {
+		return
+	}
+	from, err = rsa.Sockaddr()
+	return
+}
+
+func Sendto(fd Handle, p []byte, flags int, to Sockaddr) (err error) {
+	ptr, l, err := to.sockaddr()
+	if err != nil {
+		return err
+	}
+	return sendto(fd, p, int32(flags), ptr, l)
+}
+
+func SetsockoptTimeval(fd Handle, level, opt int, tv *Timeval) (err error) { return syscall.EWINDOWS }
+
+// The Linger struct is wrong but we only noticed after Go 1.
+// sysLinger is the real system call structure.
+
+// BUG(brainman): The definition of Linger is not appropriate for direct use
+// with Setsockopt and Getsockopt.
+// Use SetsockoptLinger instead.
+
+type Linger struct {
+	Onoff  int32
+	Linger int32
+}
+
+type sysLinger struct {
+	Onoff  uint16
+	Linger uint16
+}
+
+type IPMreq struct {
+	Multiaddr [4]byte /* in_addr */
+	Interface [4]byte /* in_addr */
+}
+
+type IPv6Mreq struct {
+	Multiaddr [16]byte /* in6_addr */
+	Interface uint32
+}
+
+func GetsockoptInt(fd Handle, level, opt int) (int, error) {
+	v := int32(0)
+	l := int32(unsafe.Sizeof(v))
+	err := Getsockopt(fd, int32(level), int32(opt), (*byte)(unsafe.Pointer(&v)), &l)
+	return int(v), err
+}
+
+func SetsockoptLinger(fd Handle, level, opt int, l *Linger) (err error) {
+	sys := sysLinger{Onoff: uint16(l.Onoff), Linger: uint16(l.Linger)}
+	return Setsockopt(fd, int32(level), int32(opt), (*byte)(unsafe.Pointer(&sys)), int32(unsafe.Sizeof(sys)))
+}
+
+func SetsockoptInet4Addr(fd Handle, level, opt int, value [4]byte) (err error) {
+	return Setsockopt(fd, int32(level), int32(opt), (*byte)(unsafe.Pointer(&value[0])), 4)
+}
+func SetsockoptIPMreq(fd Handle, level, opt int, mreq *IPMreq) (err error) {
+	return Setsockopt(fd, int32(level), int32(opt), (*byte)(unsafe.Pointer(mreq)), int32(unsafe.Sizeof(*mreq)))
+}
+func SetsockoptIPv6Mreq(fd Handle, level, opt int, mreq *IPv6Mreq) (err error) {
+	return syscall.EWINDOWS
+}
+
+func Getpid() (pid int) { return int(GetCurrentProcessId()) }
+
+func FindFirstFile(name *uint16, data *Win32finddata) (handle Handle, err error) {
+	// NOTE(rsc): The Win32finddata struct is wrong for the system call:
+	// the two paths are each one uint16 short. Use the correct struct,
+	// a win32finddata1, and then copy the results out.
+	// There is no loss of expressivity here, because the final
+	// uint16, if it is used, is supposed to be a NUL, and Go doesn't need that.
+	// For Go 1.1, we might avoid the allocation of win32finddata1 here
+	// by adding a final Bug [2]uint16 field to the struct and then
+	// adjusting the fields in the result directly.
+	var data1 win32finddata1
+	handle, err = findFirstFile1(name, &data1)
+	if err == nil {
+		copyFindData(data, &data1)
+	}
+	return
+}
+
+func FindNextFile(handle Handle, data *Win32finddata) (err error) {
+	var data1 win32finddata1
+	err = findNextFile1(handle, &data1)
+	if err == nil {
+		copyFindData(data, &data1)
+	}
+	return
+}
+
+func getProcessEntry(pid int) (*ProcessEntry32, error) {
+	snapshot, err := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0)
+	if err != nil {
+		return nil, err
+	}
+	defer CloseHandle(snapshot)
+	var procEntry ProcessEntry32
+	procEntry.Size = uint32(unsafe.Sizeof(procEntry))
+	if err = Process32First(snapshot, &procEntry); err != nil {
+		return nil, err
+	}
+	for {
+		if procEntry.ProcessID == uint32(pid) {
+			return &procEntry, nil
+		}
+		err = Process32Next(snapshot, &procEntry)
+		if err != nil {
+			return nil, err
+		}
+	}
+}
+
+func Getppid() (ppid int) {
+	pe, err := getProcessEntry(Getpid())
+	if err != nil {
+		return -1
+	}
+	return int(pe.ParentProcessID)
+}
+
+// TODO(brainman): fix all needed for os
+func Fchdir(fd Handle) (err error)             { return syscall.EWINDOWS }
+func Link(oldpath, newpath string) (err error) { return syscall.EWINDOWS }
+func Symlink(path, link string) (err error)    { return syscall.EWINDOWS }
+
+func Fchmod(fd Handle, mode uint32) (err error)        { return syscall.EWINDOWS }
+func Chown(path string, uid int, gid int) (err error)  { return syscall.EWINDOWS }
+func Lchown(path string, uid int, gid int) (err error) { return syscall.EWINDOWS }
+func Fchown(fd Handle, uid int, gid int) (err error)   { return syscall.EWINDOWS }
+
+func Getuid() (uid int)                  { return -1 }
+func Geteuid() (euid int)                { return -1 }
+func Getgid() (gid int)                  { return -1 }
+func Getegid() (egid int)                { return -1 }
+func Getgroups() (gids []int, err error) { return nil, syscall.EWINDOWS }
+
+type Signal int
+
+func (s Signal) Signal() {}
+
+func (s Signal) String() string {
+	if 0 <= s && int(s) < len(signals) {
+		str := signals[s]
+		if str != "" {
+			return str
+		}
+	}
+	return "signal " + itoa(int(s))
+}
+
+func LoadCreateSymbolicLink() error {
+	return procCreateSymbolicLinkW.Find()
+}
+
+// Readlink returns the destination of the named symbolic link.
+func Readlink(path string, buf []byte) (n int, err error) {
+	fd, err := CreateFile(StringToUTF16Ptr(path), GENERIC_READ, 0, nil, OPEN_EXISTING,
+		FILE_FLAG_OPEN_REPARSE_POINT|FILE_FLAG_BACKUP_SEMANTICS, 0)
+	if err != nil {
+		return -1, err
+	}
+	defer CloseHandle(fd)
+
+	rdbbuf := make([]byte, MAXIMUM_REPARSE_DATA_BUFFER_SIZE)
+	var bytesReturned uint32
+	err = DeviceIoControl(fd, FSCTL_GET_REPARSE_POINT, nil, 0, &rdbbuf[0], uint32(len(rdbbuf)), &bytesReturned, nil)
+	if err != nil {
+		return -1, err
+	}
+
+	rdb := (*reparseDataBuffer)(unsafe.Pointer(&rdbbuf[0]))
+	var s string
+	switch rdb.ReparseTag {
+	case IO_REPARSE_TAG_SYMLINK:
+		data := (*symbolicLinkReparseBuffer)(unsafe.Pointer(&rdb.reparseBuffer))
+		p := (*[0xffff]uint16)(unsafe.Pointer(&data.PathBuffer[0]))
+		s = UTF16ToString(p[data.PrintNameOffset/2 : (data.PrintNameLength-data.PrintNameOffset)/2])
+	case IO_REPARSE_TAG_MOUNT_POINT:
+		data := (*mountPointReparseBuffer)(unsafe.Pointer(&rdb.reparseBuffer))
+		p := (*[0xffff]uint16)(unsafe.Pointer(&data.PathBuffer[0]))
+		s = UTF16ToString(p[data.PrintNameOffset/2 : (data.PrintNameLength-data.PrintNameOffset)/2])
+	default:
+		// the path is not a symlink or junction but another type of reparse
+		// point
+		return -1, syscall.ENOENT
+	}
+	n = copy(buf, []byte(s))
+
+	return n, nil
+}
+
+// GUIDFromString parses a string in the form of
+// "{XXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}" into a GUID.
+func GUIDFromString(str string) (GUID, error) {
+	guid := GUID{}
+	str16, err := syscall.UTF16PtrFromString(str)
+	if err != nil {
+		return guid, err
+	}
+	err = clsidFromString(str16, &guid)
+	if err != nil {
+		return guid, err
+	}
+	return guid, nil
+}
+
+// GenerateGUID creates a new random GUID.
+func GenerateGUID() (GUID, error) {
+	guid := GUID{}
+	err := coCreateGuid(&guid)
+	if err != nil {
+		return guid, err
+	}
+	return guid, nil
+}
+
+// String returns the canonical string form of the GUID,
+// in the form of "{XXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}".
+func (guid GUID) String() string {
+	var str [100]uint16
+	chars := stringFromGUID2(&guid, &str[0], int32(len(str)))
+	if chars <= 1 {
+		return ""
+	}
+	return string(utf16.Decode(str[:chars-1]))
+}
+
+// KnownFolderPath returns a well-known folder path for the current user, specified by one of
+// the FOLDERID_ constants, and chosen and optionally created based on a KF_ flag.
+func KnownFolderPath(folderID *KNOWNFOLDERID, flags uint32) (string, error) {
+	return Token(0).KnownFolderPath(folderID, flags)
+}
+
+// KnownFolderPath returns a well-known folder path for the user token, specified by one of
+// the FOLDERID_ constants, and chosen and optionally created based on a KF_ flag.
+func (t Token) KnownFolderPath(folderID *KNOWNFOLDERID, flags uint32) (string, error) {
+	var p *uint16
+	err := shGetKnownFolderPath(folderID, flags, t, &p)
+	if err != nil {
+		return "", err
+	}
+	defer CoTaskMemFree(unsafe.Pointer(p))
+	return UTF16PtrToString(p), nil
+}
+
+// RtlGetVersion returns the version of the underlying operating system, ignoring
+// manifest semantics but is affected by the application compatibility layer.
+func RtlGetVersion() *OsVersionInfoEx {
+	info := &OsVersionInfoEx{}
+	info.osVersionInfoSize = uint32(unsafe.Sizeof(*info))
+	// According to documentation, this function always succeeds.
+	// The function doesn't even check the validity of the
+	// osVersionInfoSize member. Disassembling ntdll.dll indicates
+	// that the documentation is indeed correct about that.
+	_ = rtlGetVersion(info)
+	return info
+}
+
+// RtlGetNtVersionNumbers returns the version of the underlying operating system,
+// ignoring manifest semantics and the application compatibility layer.
+func RtlGetNtVersionNumbers() (majorVersion, minorVersion, buildNumber uint32) {
+	rtlGetNtVersionNumbers(&majorVersion, &minorVersion, &buildNumber)
+	buildNumber &= 0xffff
+	return
+}
+
+// GetProcessPreferredUILanguages retrieves the process preferred UI languages.
+func GetProcessPreferredUILanguages(flags uint32) ([]string, error) {
+	return getUILanguages(flags, getProcessPreferredUILanguages)
+}
+
+// GetThreadPreferredUILanguages retrieves the thread preferred UI languages for the current thread.
+func GetThreadPreferredUILanguages(flags uint32) ([]string, error) {
+	return getUILanguages(flags, getThreadPreferredUILanguages)
+}
+
+// GetUserPreferredUILanguages retrieves information about the user preferred UI languages.
+func GetUserPreferredUILanguages(flags uint32) ([]string, error) {
+	return getUILanguages(flags, getUserPreferredUILanguages)
+}
+
+// GetSystemPreferredUILanguages retrieves the system preferred UI languages.
+func GetSystemPreferredUILanguages(flags uint32) ([]string, error) {
+	return getUILanguages(flags, getSystemPreferredUILanguages)
+}
+
+func getUILanguages(flags uint32, f func(flags uint32, numLanguages *uint32, buf *uint16, bufSize *uint32) error) ([]string, error) {
+	size := uint32(128)
+	for {
+		var numLanguages uint32
+		buf := make([]uint16, size)
+		err := f(flags, &numLanguages, &buf[0], &size)
+		if err == ERROR_INSUFFICIENT_BUFFER {
+			continue
+		}
+		if err != nil {
+			return nil, err
+		}
+		buf = buf[:size]
+		if numLanguages == 0 || len(buf) == 0 { // GetProcessPreferredUILanguages may return numLanguages==0 with "\0\0"
+			return []string{}, nil
+		}
+		if buf[len(buf)-1] == 0 {
+			buf = buf[:len(buf)-1] // remove terminating null
+		}
+		languages := make([]string, 0, numLanguages)
+		from := 0
+		for i, c := range buf {
+			if c == 0 {
+				languages = append(languages, string(utf16.Decode(buf[from:i])))
+				from = i + 1
+			}
+		}
+		return languages, nil
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/types_windows.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/types_windows.go
new file mode 100644
index 000000000..da1652e74
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/types_windows.go
@@ -0,0 +1,1774 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package windows
+
+import (
+	"net"
+	"syscall"
+	"unsafe"
+)
+
+const (
+	// Invented values to support what package os expects.
+	O_RDONLY   = 0x00000
+	O_WRONLY   = 0x00001
+	O_RDWR     = 0x00002
+	O_CREAT    = 0x00040
+	O_EXCL     = 0x00080
+	O_NOCTTY   = 0x00100
+	O_TRUNC    = 0x00200
+	O_NONBLOCK = 0x00800
+	O_APPEND   = 0x00400
+	O_SYNC     = 0x01000
+	O_ASYNC    = 0x02000
+	O_CLOEXEC  = 0x80000
+)
+
+const (
+	// More invented values for signals
+	SIGHUP  = Signal(0x1)
+	SIGINT  = Signal(0x2)
+	SIGQUIT = Signal(0x3)
+	SIGILL  = Signal(0x4)
+	SIGTRAP = Signal(0x5)
+	SIGABRT = Signal(0x6)
+	SIGBUS  = Signal(0x7)
+	SIGFPE  = Signal(0x8)
+	SIGKILL = Signal(0x9)
+	SIGSEGV = Signal(0xb)
+	SIGPIPE = Signal(0xd)
+	SIGALRM = Signal(0xe)
+	SIGTERM = Signal(0xf)
+)
+
+var signals = [...]string{
+	1:  "hangup",
+	2:  "interrupt",
+	3:  "quit",
+	4:  "illegal instruction",
+	5:  "trace/breakpoint trap",
+	6:  "aborted",
+	7:  "bus error",
+	8:  "floating point exception",
+	9:  "killed",
+	10: "user defined signal 1",
+	11: "segmentation fault",
+	12: "user defined signal 2",
+	13: "broken pipe",
+	14: "alarm clock",
+	15: "terminated",
+}
+
+const (
+	FILE_LIST_DIRECTORY   = 0x00000001
+	FILE_APPEND_DATA      = 0x00000004
+	FILE_WRITE_ATTRIBUTES = 0x00000100
+
+	FILE_SHARE_READ   = 0x00000001
+	FILE_SHARE_WRITE  = 0x00000002
+	FILE_SHARE_DELETE = 0x00000004
+
+	FILE_ATTRIBUTE_READONLY              = 0x00000001
+	FILE_ATTRIBUTE_HIDDEN                = 0x00000002
+	FILE_ATTRIBUTE_SYSTEM                = 0x00000004
+	FILE_ATTRIBUTE_DIRECTORY             = 0x00000010
+	FILE_ATTRIBUTE_ARCHIVE               = 0x00000020
+	FILE_ATTRIBUTE_DEVICE                = 0x00000040
+	FILE_ATTRIBUTE_NORMAL                = 0x00000080
+	FILE_ATTRIBUTE_TEMPORARY             = 0x00000100
+	FILE_ATTRIBUTE_SPARSE_FILE           = 0x00000200
+	FILE_ATTRIBUTE_REPARSE_POINT         = 0x00000400
+	FILE_ATTRIBUTE_COMPRESSED            = 0x00000800
+	FILE_ATTRIBUTE_OFFLINE               = 0x00001000
+	FILE_ATTRIBUTE_NOT_CONTENT_INDEXED   = 0x00002000
+	FILE_ATTRIBUTE_ENCRYPTED             = 0x00004000
+	FILE_ATTRIBUTE_INTEGRITY_STREAM      = 0x00008000
+	FILE_ATTRIBUTE_VIRTUAL               = 0x00010000
+	FILE_ATTRIBUTE_NO_SCRUB_DATA         = 0x00020000
+	FILE_ATTRIBUTE_RECALL_ON_OPEN        = 0x00040000
+	FILE_ATTRIBUTE_RECALL_ON_DATA_ACCESS = 0x00400000
+
+	INVALID_FILE_ATTRIBUTES = 0xffffffff
+
+	CREATE_NEW        = 1
+	CREATE_ALWAYS     = 2
+	OPEN_EXISTING     = 3
+	OPEN_ALWAYS       = 4
+	TRUNCATE_EXISTING = 5
+
+	FILE_FLAG_OPEN_REQUIRING_OPLOCK = 0x00040000
+	FILE_FLAG_FIRST_PIPE_INSTANCE   = 0x00080000
+	FILE_FLAG_OPEN_NO_RECALL        = 0x00100000
+	FILE_FLAG_OPEN_REPARSE_POINT    = 0x00200000
+	FILE_FLAG_SESSION_AWARE         = 0x00800000
+	FILE_FLAG_POSIX_SEMANTICS       = 0x01000000
+	FILE_FLAG_BACKUP_SEMANTICS      = 0x02000000
+	FILE_FLAG_DELETE_ON_CLOSE       = 0x04000000
+	FILE_FLAG_SEQUENTIAL_SCAN       = 0x08000000
+	FILE_FLAG_RANDOM_ACCESS         = 0x10000000
+	FILE_FLAG_NO_BUFFERING          = 0x20000000
+	FILE_FLAG_OVERLAPPED            = 0x40000000
+	FILE_FLAG_WRITE_THROUGH         = 0x80000000
+
+	HANDLE_FLAG_INHERIT    = 0x00000001
+	STARTF_USESTDHANDLES   = 0x00000100
+	STARTF_USESHOWWINDOW   = 0x00000001
+	DUPLICATE_CLOSE_SOURCE = 0x00000001
+	DUPLICATE_SAME_ACCESS  = 0x00000002
+
+	STD_INPUT_HANDLE  = -10 & (1<<32 - 1)
+	STD_OUTPUT_HANDLE = -11 & (1<<32 - 1)
+	STD_ERROR_HANDLE  = -12 & (1<<32 - 1)
+
+	FILE_BEGIN   = 0
+	FILE_CURRENT = 1
+	FILE_END     = 2
+
+	LANG_ENGLISH       = 0x09
+	SUBLANG_ENGLISH_US = 0x01
+
+	FORMAT_MESSAGE_ALLOCATE_BUFFER = 256
+	FORMAT_MESSAGE_IGNORE_INSERTS  = 512
+	FORMAT_MESSAGE_FROM_STRING     = 1024
+	FORMAT_MESSAGE_FROM_HMODULE    = 2048
+	FORMAT_MESSAGE_FROM_SYSTEM     = 4096
+	FORMAT_MESSAGE_ARGUMENT_ARRAY  = 8192
+	FORMAT_MESSAGE_MAX_WIDTH_MASK  = 255
+
+	MAX_PATH      = 260
+	MAX_LONG_PATH = 32768
+
+	MAX_COMPUTERNAME_LENGTH = 15
+
+	TIME_ZONE_ID_UNKNOWN  = 0
+	TIME_ZONE_ID_STANDARD = 1
+
+	TIME_ZONE_ID_DAYLIGHT = 2
+	IGNORE                = 0
+	INFINITE              = 0xffffffff
+
+	WAIT_ABANDONED = 0x00000080
+	WAIT_OBJECT_0  = 0x00000000
+	WAIT_FAILED    = 0xFFFFFFFF
+
+	// Access rights for process.
+	PROCESS_CREATE_PROCESS            = 0x0080
+	PROCESS_CREATE_THREAD             = 0x0002
+	PROCESS_DUP_HANDLE                = 0x0040
+	PROCESS_QUERY_INFORMATION         = 0x0400
+	PROCESS_QUERY_LIMITED_INFORMATION = 0x1000
+	PROCESS_SET_INFORMATION           = 0x0200
+	PROCESS_SET_QUOTA                 = 0x0100
+	PROCESS_SUSPEND_RESUME            = 0x0800
+	PROCESS_TERMINATE                 = 0x0001
+	PROCESS_VM_OPERATION              = 0x0008
+	PROCESS_VM_READ                   = 0x0010
+	PROCESS_VM_WRITE                  = 0x0020
+
+	// Access rights for thread.
+	THREAD_DIRECT_IMPERSONATION      = 0x0200
+	THREAD_GET_CONTEXT               = 0x0008
+	THREAD_IMPERSONATE               = 0x0100
+	THREAD_QUERY_INFORMATION         = 0x0040
+	THREAD_QUERY_LIMITED_INFORMATION = 0x0800
+	THREAD_SET_CONTEXT               = 0x0010
+	THREAD_SET_INFORMATION           = 0x0020
+	THREAD_SET_LIMITED_INFORMATION   = 0x0400
+	THREAD_SET_THREAD_TOKEN          = 0x0080
+	THREAD_SUSPEND_RESUME            = 0x0002
+	THREAD_TERMINATE                 = 0x0001
+
+	FILE_MAP_COPY    = 0x01
+	FILE_MAP_WRITE   = 0x02
+	FILE_MAP_READ    = 0x04
+	FILE_MAP_EXECUTE = 0x20
+
+	CTRL_C_EVENT        = 0
+	CTRL_BREAK_EVENT    = 1
+	CTRL_CLOSE_EVENT    = 2
+	CTRL_LOGOFF_EVENT   = 5
+	CTRL_SHUTDOWN_EVENT = 6
+
+	// Windows reserves errors >= 1<<29 for application use.
+	APPLICATION_ERROR = 1 << 29
+)
+
+const (
+	// Process creation flags.
+	CREATE_BREAKAWAY_FROM_JOB        = 0x01000000
+	CREATE_DEFAULT_ERROR_MODE        = 0x04000000
+	CREATE_NEW_CONSOLE               = 0x00000010
+	CREATE_NEW_PROCESS_GROUP         = 0x00000200
+	CREATE_NO_WINDOW                 = 0x08000000
+	CREATE_PROTECTED_PROCESS         = 0x00040000
+	CREATE_PRESERVE_CODE_AUTHZ_LEVEL = 0x02000000
+	CREATE_SEPARATE_WOW_VDM          = 0x00000800
+	CREATE_SHARED_WOW_VDM            = 0x00001000
+	CREATE_SUSPENDED                 = 0x00000004
+	CREATE_UNICODE_ENVIRONMENT       = 0x00000400
+	DEBUG_ONLY_THIS_PROCESS          = 0x00000002
+	DEBUG_PROCESS                    = 0x00000001
+	DETACHED_PROCESS                 = 0x00000008
+	EXTENDED_STARTUPINFO_PRESENT     = 0x00080000
+	INHERIT_PARENT_AFFINITY          = 0x00010000
+)
+
+const (
+	// flags for CreateToolhelp32Snapshot
+	TH32CS_SNAPHEAPLIST = 0x01
+	TH32CS_SNAPPROCESS  = 0x02
+	TH32CS_SNAPTHREAD   = 0x04
+	TH32CS_SNAPMODULE   = 0x08
+	TH32CS_SNAPMODULE32 = 0x10
+	TH32CS_SNAPALL      = TH32CS_SNAPHEAPLIST | TH32CS_SNAPMODULE | TH32CS_SNAPPROCESS | TH32CS_SNAPTHREAD
+	TH32CS_INHERIT      = 0x80000000
+)
+
+const (
+	// filters for ReadDirectoryChangesW
+	FILE_NOTIFY_CHANGE_FILE_NAME   = 0x001
+	FILE_NOTIFY_CHANGE_DIR_NAME    = 0x002
+	FILE_NOTIFY_CHANGE_ATTRIBUTES  = 0x004
+	FILE_NOTIFY_CHANGE_SIZE        = 0x008
+	FILE_NOTIFY_CHANGE_LAST_WRITE  = 0x010
+	FILE_NOTIFY_CHANGE_LAST_ACCESS = 0x020
+	FILE_NOTIFY_CHANGE_CREATION    = 0x040
+	FILE_NOTIFY_CHANGE_SECURITY    = 0x100
+)
+
+const (
+	// do not reorder
+	FILE_ACTION_ADDED = iota + 1
+	FILE_ACTION_REMOVED
+	FILE_ACTION_MODIFIED
+	FILE_ACTION_RENAMED_OLD_NAME
+	FILE_ACTION_RENAMED_NEW_NAME
+)
+
+const (
+	// wincrypt.h
+	PROV_RSA_FULL                    = 1
+	PROV_RSA_SIG                     = 2
+	PROV_DSS                         = 3
+	PROV_FORTEZZA                    = 4
+	PROV_MS_EXCHANGE                 = 5
+	PROV_SSL                         = 6
+	PROV_RSA_SCHANNEL                = 12
+	PROV_DSS_DH                      = 13
+	PROV_EC_ECDSA_SIG                = 14
+	PROV_EC_ECNRA_SIG                = 15
+	PROV_EC_ECDSA_FULL               = 16
+	PROV_EC_ECNRA_FULL               = 17
+	PROV_DH_SCHANNEL                 = 18
+	PROV_SPYRUS_LYNKS                = 20
+	PROV_RNG                         = 21
+	PROV_INTEL_SEC                   = 22
+	PROV_REPLACE_OWF                 = 23
+	PROV_RSA_AES                     = 24
+	CRYPT_VERIFYCONTEXT              = 0xF0000000
+	CRYPT_NEWKEYSET                  = 0x00000008
+	CRYPT_DELETEKEYSET               = 0x00000010
+	CRYPT_MACHINE_KEYSET             = 0x00000020
+	CRYPT_SILENT                     = 0x00000040
+	CRYPT_DEFAULT_CONTAINER_OPTIONAL = 0x00000080
+
+	USAGE_MATCH_TYPE_AND = 0
+	USAGE_MATCH_TYPE_OR  = 1
+
+	/* msgAndCertEncodingType values for CertOpenStore function */
+	X509_ASN_ENCODING   = 0x00000001
+	PKCS_7_ASN_ENCODING = 0x00010000
+
+	/* storeProvider values for CertOpenStore function */
+	CERT_STORE_PROV_MSG               = 1
+	CERT_STORE_PROV_MEMORY            = 2
+	CERT_STORE_PROV_FILE              = 3
+	CERT_STORE_PROV_REG               = 4
+	CERT_STORE_PROV_PKCS7             = 5
+	CERT_STORE_PROV_SERIALIZED        = 6
+	CERT_STORE_PROV_FILENAME_A        = 7
+	CERT_STORE_PROV_FILENAME_W        = 8
+	CERT_STORE_PROV_FILENAME          = CERT_STORE_PROV_FILENAME_W
+	CERT_STORE_PROV_SYSTEM_A          = 9
+	CERT_STORE_PROV_SYSTEM_W          = 10
+	CERT_STORE_PROV_SYSTEM            = CERT_STORE_PROV_SYSTEM_W
+	CERT_STORE_PROV_COLLECTION        = 11
+	CERT_STORE_PROV_SYSTEM_REGISTRY_A = 12
+	CERT_STORE_PROV_SYSTEM_REGISTRY_W = 13
+	CERT_STORE_PROV_SYSTEM_REGISTRY   = CERT_STORE_PROV_SYSTEM_REGISTRY_W
+	CERT_STORE_PROV_PHYSICAL_W        = 14
+	CERT_STORE_PROV_PHYSICAL          = CERT_STORE_PROV_PHYSICAL_W
+	CERT_STORE_PROV_SMART_CARD_W      = 15
+	CERT_STORE_PROV_SMART_CARD        = CERT_STORE_PROV_SMART_CARD_W
+	CERT_STORE_PROV_LDAP_W            = 16
+	CERT_STORE_PROV_LDAP              = CERT_STORE_PROV_LDAP_W
+	CERT_STORE_PROV_PKCS12            = 17
+
+	/* store characteristics (low WORD of flag) for CertOpenStore function */
+	CERT_STORE_NO_CRYPT_RELEASE_FLAG            = 0x00000001
+	CERT_STORE_SET_LOCALIZED_NAME_FLAG          = 0x00000002
+	CERT_STORE_DEFER_CLOSE_UNTIL_LAST_FREE_FLAG = 0x00000004
+	CERT_STORE_DELETE_FLAG                      = 0x00000010
+	CERT_STORE_UNSAFE_PHYSICAL_FLAG             = 0x00000020
+	CERT_STORE_SHARE_STORE_FLAG                 = 0x00000040
+	CERT_STORE_SHARE_CONTEXT_FLAG               = 0x00000080
+	CERT_STORE_MANIFOLD_FLAG                    = 0x00000100
+	CERT_STORE_ENUM_ARCHIVED_FLAG               = 0x00000200
+	CERT_STORE_UPDATE_KEYID_FLAG                = 0x00000400
+	CERT_STORE_BACKUP_RESTORE_FLAG              = 0x00000800
+	CERT_STORE_MAXIMUM_ALLOWED_FLAG             = 0x00001000
+	CERT_STORE_CREATE_NEW_FLAG                  = 0x00002000
+	CERT_STORE_OPEN_EXISTING_FLAG               = 0x00004000
+	CERT_STORE_READONLY_FLAG                    = 0x00008000
+
+	/* store locations (high WORD of flag) for CertOpenStore function */
+	CERT_SYSTEM_STORE_CURRENT_USER               = 0x00010000
+	CERT_SYSTEM_STORE_LOCAL_MACHINE              = 0x00020000
+	CERT_SYSTEM_STORE_CURRENT_SERVICE            = 0x00040000
+	CERT_SYSTEM_STORE_SERVICES                   = 0x00050000
+	CERT_SYSTEM_STORE_USERS                      = 0x00060000
+	CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY  = 0x00070000
+	CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY = 0x00080000
+	CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE   = 0x00090000
+	CERT_SYSTEM_STORE_UNPROTECTED_FLAG           = 0x40000000
+	CERT_SYSTEM_STORE_RELOCATE_FLAG              = 0x80000000
+
+	/* Miscellaneous high-WORD flags for CertOpenStore function */
+	CERT_REGISTRY_STORE_REMOTE_FLAG      = 0x00010000
+	CERT_REGISTRY_STORE_SERIALIZED_FLAG  = 0x00020000
+	CERT_REGISTRY_STORE_ROAMING_FLAG     = 0x00040000
+	CERT_REGISTRY_STORE_MY_IE_DIRTY_FLAG = 0x00080000
+	CERT_REGISTRY_STORE_LM_GPT_FLAG      = 0x01000000
+	CERT_REGISTRY_STORE_CLIENT_GPT_FLAG  = 0x80000000
+	CERT_FILE_STORE_COMMIT_ENABLE_FLAG   = 0x00010000
+	CERT_LDAP_STORE_SIGN_FLAG            = 0x00010000
+	CERT_LDAP_STORE_AREC_EXCLUSIVE_FLAG  = 0x00020000
+	CERT_LDAP_STORE_OPENED_FLAG          = 0x00040000
+	CERT_LDAP_STORE_UNBIND_FLAG          = 0x00080000
+
+	/* addDisposition values for CertAddCertificateContextToStore function */
+	CERT_STORE_ADD_NEW                                 = 1
+	CERT_STORE_ADD_USE_EXISTING                        = 2
+	CERT_STORE_ADD_REPLACE_EXISTING                    = 3
+	CERT_STORE_ADD_ALWAYS                              = 4
+	CERT_STORE_ADD_REPLACE_EXISTING_INHERIT_PROPERTIES = 5
+	CERT_STORE_ADD_NEWER                               = 6
+	CERT_STORE_ADD_NEWER_INHERIT_PROPERTIES            = 7
+
+	/* ErrorStatus values for CertTrustStatus struct */
+	CERT_TRUST_NO_ERROR                          = 0x00000000
+	CERT_TRUST_IS_NOT_TIME_VALID                 = 0x00000001
+	CERT_TRUST_IS_REVOKED                        = 0x00000004
+	CERT_TRUST_IS_NOT_SIGNATURE_VALID            = 0x00000008
+	CERT_TRUST_IS_NOT_VALID_FOR_USAGE            = 0x00000010
+	CERT_TRUST_IS_UNTRUSTED_ROOT                 = 0x00000020
+	CERT_TRUST_REVOCATION_STATUS_UNKNOWN         = 0x00000040
+	CERT_TRUST_IS_CYCLIC                         = 0x00000080
+	CERT_TRUST_INVALID_EXTENSION                 = 0x00000100
+	CERT_TRUST_INVALID_POLICY_CONSTRAINTS        = 0x00000200
+	CERT_TRUST_INVALID_BASIC_CONSTRAINTS         = 0x00000400
+	CERT_TRUST_INVALID_NAME_CONSTRAINTS          = 0x00000800
+	CERT_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT = 0x00001000
+	CERT_TRUST_HAS_NOT_DEFINED_NAME_CONSTRAINT   = 0x00002000
+	CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT = 0x00004000
+	CERT_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT      = 0x00008000
+	CERT_TRUST_IS_PARTIAL_CHAIN                  = 0x00010000
+	CERT_TRUST_CTL_IS_NOT_TIME_VALID             = 0x00020000
+	CERT_TRUST_CTL_IS_NOT_SIGNATURE_VALID        = 0x00040000
+	CERT_TRUST_CTL_IS_NOT_VALID_FOR_USAGE        = 0x00080000
+	CERT_TRUST_HAS_WEAK_SIGNATURE                = 0x00100000
+	CERT_TRUST_IS_OFFLINE_REVOCATION             = 0x01000000
+	CERT_TRUST_NO_ISSUANCE_CHAIN_POLICY          = 0x02000000
+	CERT_TRUST_IS_EXPLICIT_DISTRUST              = 0x04000000
+	CERT_TRUST_HAS_NOT_SUPPORTED_CRITICAL_EXT    = 0x08000000
+
+	/* InfoStatus values for CertTrustStatus struct */
+	CERT_TRUST_HAS_EXACT_MATCH_ISSUER        = 0x00000001
+	CERT_TRUST_HAS_KEY_MATCH_ISSUER          = 0x00000002
+	CERT_TRUST_HAS_NAME_MATCH_ISSUER         = 0x00000004
+	CERT_TRUST_IS_SELF_SIGNED                = 0x00000008
+	CERT_TRUST_HAS_PREFERRED_ISSUER          = 0x00000100
+	CERT_TRUST_HAS_ISSUANCE_CHAIN_POLICY     = 0x00000400
+	CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS    = 0x00000400
+	CERT_TRUST_IS_PEER_TRUSTED               = 0x00000800
+	CERT_TRUST_HAS_CRL_VALIDITY_EXTENDED     = 0x00001000
+	CERT_TRUST_IS_FROM_EXCLUSIVE_TRUST_STORE = 0x00002000
+	CERT_TRUST_IS_CA_TRUSTED                 = 0x00004000
+	CERT_TRUST_IS_COMPLEX_CHAIN              = 0x00010000
+
+	/* policyOID values for CertVerifyCertificateChainPolicy function */
+	CERT_CHAIN_POLICY_BASE              = 1
+	CERT_CHAIN_POLICY_AUTHENTICODE      = 2
+	CERT_CHAIN_POLICY_AUTHENTICODE_TS   = 3
+	CERT_CHAIN_POLICY_SSL               = 4
+	CERT_CHAIN_POLICY_BASIC_CONSTRAINTS = 5
+	CERT_CHAIN_POLICY_NT_AUTH           = 6
+	CERT_CHAIN_POLICY_MICROSOFT_ROOT    = 7
+	CERT_CHAIN_POLICY_EV                = 8
+	CERT_CHAIN_POLICY_SSL_F12           = 9
+
+	/* AuthType values for SSLExtraCertChainPolicyPara struct */
+	AUTHTYPE_CLIENT = 1
+	AUTHTYPE_SERVER = 2
+
+	/* Checks values for SSLExtraCertChainPolicyPara struct */
+	SECURITY_FLAG_IGNORE_REVOCATION        = 0x00000080
+	SECURITY_FLAG_IGNORE_UNKNOWN_CA        = 0x00000100
+	SECURITY_FLAG_IGNORE_WRONG_USAGE       = 0x00000200
+	SECURITY_FLAG_IGNORE_CERT_CN_INVALID   = 0x00001000
+	SECURITY_FLAG_IGNORE_CERT_DATE_INVALID = 0x00002000
+)
+
+const (
+	// flags for SetErrorMode
+	SEM_FAILCRITICALERRORS     = 0x0001
+	SEM_NOALIGNMENTFAULTEXCEPT = 0x0004
+	SEM_NOGPFAULTERRORBOX      = 0x0002
+	SEM_NOOPENFILEERRORBOX     = 0x8000
+)
+
+const (
+	// Priority class.
+	ABOVE_NORMAL_PRIORITY_CLASS   = 0x00008000
+	BELOW_NORMAL_PRIORITY_CLASS   = 0x00004000
+	HIGH_PRIORITY_CLASS           = 0x00000080
+	IDLE_PRIORITY_CLASS           = 0x00000040
+	NORMAL_PRIORITY_CLASS         = 0x00000020
+	PROCESS_MODE_BACKGROUND_BEGIN = 0x00100000
+	PROCESS_MODE_BACKGROUND_END   = 0x00200000
+	REALTIME_PRIORITY_CLASS       = 0x00000100
+)
+
+var (
+	OID_PKIX_KP_SERVER_AUTH = []byte("1.3.6.1.5.5.7.3.1\x00")
+	OID_SERVER_GATED_CRYPTO = []byte("1.3.6.1.4.1.311.10.3.3\x00")
+	OID_SGC_NETSCAPE        = []byte("2.16.840.1.113730.4.1\x00")
+)
+
+// Pointer represents a pointer to an arbitrary Windows type.
+//
+// Pointer-typed fields may point to one of many different types. It's
+// up to the caller to provide a pointer to the appropriate type, cast
+// to Pointer. The caller must obey the unsafe.Pointer rules while
+// doing so.
+type Pointer *struct{}
+
+// Invented values to support what package os expects.
+type Timeval struct {
+	Sec  int32
+	Usec int32
+}
+
+func (tv *Timeval) Nanoseconds() int64 {
+	return (int64(tv.Sec)*1e6 + int64(tv.Usec)) * 1e3
+}
+
+func NsecToTimeval(nsec int64) (tv Timeval) {
+	tv.Sec = int32(nsec / 1e9)
+	tv.Usec = int32(nsec % 1e9 / 1e3)
+	return
+}
+
+type Overlapped struct {
+	Internal     uintptr
+	InternalHigh uintptr
+	Offset       uint32
+	OffsetHigh   uint32
+	HEvent       Handle
+}
+
+type FileNotifyInformation struct {
+	NextEntryOffset uint32
+	Action          uint32
+	FileNameLength  uint32
+	FileName        uint16
+}
+
+type Filetime struct {
+	LowDateTime  uint32
+	HighDateTime uint32
+}
+
+// Nanoseconds returns Filetime ft in nanoseconds
+// since Epoch (00:00:00 UTC, January 1, 1970).
+func (ft *Filetime) Nanoseconds() int64 {
+	// 100-nanosecond intervals since January 1, 1601
+	nsec := int64(ft.HighDateTime)<<32 + int64(ft.LowDateTime)
+	// change starting time to the Epoch (00:00:00 UTC, January 1, 1970)
+	nsec -= 116444736000000000
+	// convert into nanoseconds
+	nsec *= 100
+	return nsec
+}
+
+func NsecToFiletime(nsec int64) (ft Filetime) {
+	// convert into 100-nanosecond
+	nsec /= 100
+	// change starting time to January 1, 1601
+	nsec += 116444736000000000
+	// split into high / low
+	ft.LowDateTime = uint32(nsec & 0xffffffff)
+	ft.HighDateTime = uint32(nsec >> 32 & 0xffffffff)
+	return ft
+}
+
+type Win32finddata struct {
+	FileAttributes    uint32
+	CreationTime      Filetime
+	LastAccessTime    Filetime
+	LastWriteTime     Filetime
+	FileSizeHigh      uint32
+	FileSizeLow       uint32
+	Reserved0         uint32
+	Reserved1         uint32
+	FileName          [MAX_PATH - 1]uint16
+	AlternateFileName [13]uint16
+}
+
+// This is the actual system call structure.
+// Win32finddata is what we committed to in Go 1.
+type win32finddata1 struct {
+	FileAttributes    uint32
+	CreationTime      Filetime
+	LastAccessTime    Filetime
+	LastWriteTime     Filetime
+	FileSizeHigh      uint32
+	FileSizeLow       uint32
+	Reserved0         uint32
+	Reserved1         uint32
+	FileName          [MAX_PATH]uint16
+	AlternateFileName [14]uint16
+}
+
+func copyFindData(dst *Win32finddata, src *win32finddata1) {
+	dst.FileAttributes = src.FileAttributes
+	dst.CreationTime = src.CreationTime
+	dst.LastAccessTime = src.LastAccessTime
+	dst.LastWriteTime = src.LastWriteTime
+	dst.FileSizeHigh = src.FileSizeHigh
+	dst.FileSizeLow = src.FileSizeLow
+	dst.Reserved0 = src.Reserved0
+	dst.Reserved1 = src.Reserved1
+
+	// The src is 1 element bigger than dst, but it must be NUL.
+	copy(dst.FileName[:], src.FileName[:])
+	copy(dst.AlternateFileName[:], src.AlternateFileName[:])
+}
+
+type ByHandleFileInformation struct {
+	FileAttributes     uint32
+	CreationTime       Filetime
+	LastAccessTime     Filetime
+	LastWriteTime      Filetime
+	VolumeSerialNumber uint32
+	FileSizeHigh       uint32
+	FileSizeLow        uint32
+	NumberOfLinks      uint32
+	FileIndexHigh      uint32
+	FileIndexLow       uint32
+}
+
+const (
+	GetFileExInfoStandard = 0
+	GetFileExMaxInfoLevel = 1
+)
+
+type Win32FileAttributeData struct {
+	FileAttributes uint32
+	CreationTime   Filetime
+	LastAccessTime Filetime
+	LastWriteTime  Filetime
+	FileSizeHigh   uint32
+	FileSizeLow    uint32
+}
+
+// ShowWindow constants
+const (
+	// winuser.h
+	SW_HIDE            = 0
+	SW_NORMAL          = 1
+	SW_SHOWNORMAL      = 1
+	SW_SHOWMINIMIZED   = 2
+	SW_SHOWMAXIMIZED   = 3
+	SW_MAXIMIZE        = 3
+	SW_SHOWNOACTIVATE  = 4
+	SW_SHOW            = 5
+	SW_MINIMIZE        = 6
+	SW_SHOWMINNOACTIVE = 7
+	SW_SHOWNA          = 8
+	SW_RESTORE         = 9
+	SW_SHOWDEFAULT     = 10
+	SW_FORCEMINIMIZE   = 11
+)
+
+type StartupInfo struct {
+	Cb            uint32
+	_             *uint16
+	Desktop       *uint16
+	Title         *uint16
+	X             uint32
+	Y             uint32
+	XSize         uint32
+	YSize         uint32
+	XCountChars   uint32
+	YCountChars   uint32
+	FillAttribute uint32
+	Flags         uint32
+	ShowWindow    uint16
+	_             uint16
+	_             *byte
+	StdInput      Handle
+	StdOutput     Handle
+	StdErr        Handle
+}
+
+type ProcessInformation struct {
+	Process   Handle
+	Thread    Handle
+	ProcessId uint32
+	ThreadId  uint32
+}
+
+type ProcessEntry32 struct {
+	Size            uint32
+	Usage           uint32
+	ProcessID       uint32
+	DefaultHeapID   uintptr
+	ModuleID        uint32
+	Threads         uint32
+	ParentProcessID uint32
+	PriClassBase    int32
+	Flags           uint32
+	ExeFile         [MAX_PATH]uint16
+}
+
+type ThreadEntry32 struct {
+	Size           uint32
+	Usage          uint32
+	ThreadID       uint32
+	OwnerProcessID uint32
+	BasePri        int32
+	DeltaPri       int32
+	Flags          uint32
+}
+
+type Systemtime struct {
+	Year         uint16
+	Month        uint16
+	DayOfWeek    uint16
+	Day          uint16
+	Hour         uint16
+	Minute       uint16
+	Second       uint16
+	Milliseconds uint16
+}
+
+type Timezoneinformation struct {
+	Bias         int32
+	StandardName [32]uint16
+	StandardDate Systemtime
+	StandardBias int32
+	DaylightName [32]uint16
+	DaylightDate Systemtime
+	DaylightBias int32
+}
+
+// Socket related.
+
+const (
+	AF_UNSPEC  = 0
+	AF_UNIX    = 1
+	AF_INET    = 2
+	AF_NETBIOS = 17
+	AF_INET6   = 23
+	AF_IRDA    = 26
+	AF_BTH     = 32
+
+	SOCK_STREAM    = 1
+	SOCK_DGRAM     = 2
+	SOCK_RAW       = 3
+	SOCK_RDM       = 4
+	SOCK_SEQPACKET = 5
+
+	IPPROTO_IP      = 0
+	IPPROTO_ICMP    = 1
+	IPPROTO_IGMP    = 2
+	BTHPROTO_RFCOMM = 3
+	IPPROTO_TCP     = 6
+	IPPROTO_UDP     = 17
+	IPPROTO_IPV6    = 41
+	IPPROTO_ICMPV6  = 58
+	IPPROTO_RM      = 113
+
+	SOL_SOCKET                = 0xffff
+	SO_REUSEADDR              = 4
+	SO_KEEPALIVE              = 8
+	SO_DONTROUTE              = 16
+	SO_BROADCAST              = 32
+	SO_LINGER                 = 128
+	SO_RCVBUF                 = 0x1002
+	SO_RCVTIMEO               = 0x1006
+	SO_SNDBUF                 = 0x1001
+	SO_UPDATE_ACCEPT_CONTEXT  = 0x700b
+	SO_UPDATE_CONNECT_CONTEXT = 0x7010
+
+	IOC_OUT                            = 0x40000000
+	IOC_IN                             = 0x80000000
+	IOC_VENDOR                         = 0x18000000
+	IOC_INOUT                          = IOC_IN | IOC_OUT
+	IOC_WS2                            = 0x08000000
+	SIO_GET_EXTENSION_FUNCTION_POINTER = IOC_INOUT | IOC_WS2 | 6
+	SIO_KEEPALIVE_VALS                 = IOC_IN | IOC_VENDOR | 4
+	SIO_UDP_CONNRESET                  = IOC_IN | IOC_VENDOR | 12
+
+	// cf. http://support.microsoft.com/default.aspx?scid=kb;en-us;257460
+
+	IP_TOS             = 0x3
+	IP_TTL             = 0x4
+	IP_MULTICAST_IF    = 0x9
+	IP_MULTICAST_TTL   = 0xa
+	IP_MULTICAST_LOOP  = 0xb
+	IP_ADD_MEMBERSHIP  = 0xc
+	IP_DROP_MEMBERSHIP = 0xd
+
+	IPV6_V6ONLY         = 0x1b
+	IPV6_UNICAST_HOPS   = 0x4
+	IPV6_MULTICAST_IF   = 0x9
+	IPV6_MULTICAST_HOPS = 0xa
+	IPV6_MULTICAST_LOOP = 0xb
+	IPV6_JOIN_GROUP     = 0xc
+	IPV6_LEAVE_GROUP    = 0xd
+
+	MSG_OOB       = 0x1
+	MSG_PEEK      = 0x2
+	MSG_DONTROUTE = 0x4
+	MSG_WAITALL   = 0x8
+
+	MSG_TRUNC  = 0x0100
+	MSG_CTRUNC = 0x0200
+	MSG_BCAST  = 0x0400
+	MSG_MCAST  = 0x0800
+
+	SOMAXCONN = 0x7fffffff
+
+	TCP_NODELAY = 1
+
+	SHUT_RD   = 0
+	SHUT_WR   = 1
+	SHUT_RDWR = 2
+
+	WSADESCRIPTION_LEN = 256
+	WSASYS_STATUS_LEN  = 128
+)
+
+type WSABuf struct {
+	Len uint32
+	Buf *byte
+}
+
+type WSAMsg struct {
+	Name        *syscall.RawSockaddrAny
+	Namelen     int32
+	Buffers     *WSABuf
+	BufferCount uint32
+	Control     WSABuf
+	Flags       uint32
+}
+
+// Invented values to support what package os expects.
+const (
+	S_IFMT   = 0x1f000
+	S_IFIFO  = 0x1000
+	S_IFCHR  = 0x2000
+	S_IFDIR  = 0x4000
+	S_IFBLK  = 0x6000
+	S_IFREG  = 0x8000
+	S_IFLNK  = 0xa000
+	S_IFSOCK = 0xc000
+	S_ISUID  = 0x800
+	S_ISGID  = 0x400
+	S_ISVTX  = 0x200
+	S_IRUSR  = 0x100
+	S_IWRITE = 0x80
+	S_IWUSR  = 0x80
+	S_IXUSR  = 0x40
+)
+
+const (
+	FILE_TYPE_CHAR    = 0x0002
+	FILE_TYPE_DISK    = 0x0001
+	FILE_TYPE_PIPE    = 0x0003
+	FILE_TYPE_REMOTE  = 0x8000
+	FILE_TYPE_UNKNOWN = 0x0000
+)
+
+type Hostent struct {
+	Name     *byte
+	Aliases  **byte
+	AddrType uint16
+	Length   uint16
+	AddrList **byte
+}
+
+type Protoent struct {
+	Name    *byte
+	Aliases **byte
+	Proto   uint16
+}
+
+const (
+	DNS_TYPE_A       = 0x0001
+	DNS_TYPE_NS      = 0x0002
+	DNS_TYPE_MD      = 0x0003
+	DNS_TYPE_MF      = 0x0004
+	DNS_TYPE_CNAME   = 0x0005
+	DNS_TYPE_SOA     = 0x0006
+	DNS_TYPE_MB      = 0x0007
+	DNS_TYPE_MG      = 0x0008
+	DNS_TYPE_MR      = 0x0009
+	DNS_TYPE_NULL    = 0x000a
+	DNS_TYPE_WKS     = 0x000b
+	DNS_TYPE_PTR     = 0x000c
+	DNS_TYPE_HINFO   = 0x000d
+	DNS_TYPE_MINFO   = 0x000e
+	DNS_TYPE_MX      = 0x000f
+	DNS_TYPE_TEXT    = 0x0010
+	DNS_TYPE_RP      = 0x0011
+	DNS_TYPE_AFSDB   = 0x0012
+	DNS_TYPE_X25     = 0x0013
+	DNS_TYPE_ISDN    = 0x0014
+	DNS_TYPE_RT      = 0x0015
+	DNS_TYPE_NSAP    = 0x0016
+	DNS_TYPE_NSAPPTR = 0x0017
+	DNS_TYPE_SIG     = 0x0018
+	DNS_TYPE_KEY     = 0x0019
+	DNS_TYPE_PX      = 0x001a
+	DNS_TYPE_GPOS    = 0x001b
+	DNS_TYPE_AAAA    = 0x001c
+	DNS_TYPE_LOC     = 0x001d
+	DNS_TYPE_NXT     = 0x001e
+	DNS_TYPE_EID     = 0x001f
+	DNS_TYPE_NIMLOC  = 0x0020
+	DNS_TYPE_SRV     = 0x0021
+	DNS_TYPE_ATMA    = 0x0022
+	DNS_TYPE_NAPTR   = 0x0023
+	DNS_TYPE_KX      = 0x0024
+	DNS_TYPE_CERT    = 0x0025
+	DNS_TYPE_A6      = 0x0026
+	DNS_TYPE_DNAME   = 0x0027
+	DNS_TYPE_SINK    = 0x0028
+	DNS_TYPE_OPT     = 0x0029
+	DNS_TYPE_DS      = 0x002B
+	DNS_TYPE_RRSIG   = 0x002E
+	DNS_TYPE_NSEC    = 0x002F
+	DNS_TYPE_DNSKEY  = 0x0030
+	DNS_TYPE_DHCID   = 0x0031
+	DNS_TYPE_UINFO   = 0x0064
+	DNS_TYPE_UID     = 0x0065
+	DNS_TYPE_GID     = 0x0066
+	DNS_TYPE_UNSPEC  = 0x0067
+	DNS_TYPE_ADDRS   = 0x00f8
+	DNS_TYPE_TKEY    = 0x00f9
+	DNS_TYPE_TSIG    = 0x00fa
+	DNS_TYPE_IXFR    = 0x00fb
+	DNS_TYPE_AXFR    = 0x00fc
+	DNS_TYPE_MAILB   = 0x00fd
+	DNS_TYPE_MAILA   = 0x00fe
+	DNS_TYPE_ALL     = 0x00ff
+	DNS_TYPE_ANY     = 0x00ff
+	DNS_TYPE_WINS    = 0xff01
+	DNS_TYPE_WINSR   = 0xff02
+	DNS_TYPE_NBSTAT  = 0xff01
+)
+
+const (
+	// flags inside DNSRecord.Dw
+	DnsSectionQuestion   = 0x0000
+	DnsSectionAnswer     = 0x0001
+	DnsSectionAuthority  = 0x0002
+	DnsSectionAdditional = 0x0003
+)
+
+type DNSSRVData struct {
+	Target   *uint16
+	Priority uint16
+	Weight   uint16
+	Port     uint16
+	Pad      uint16
+}
+
+type DNSPTRData struct {
+	Host *uint16
+}
+
+type DNSMXData struct {
+	NameExchange *uint16
+	Preference   uint16
+	Pad          uint16
+}
+
+type DNSTXTData struct {
+	StringCount uint16
+	StringArray [1]*uint16
+}
+
+type DNSRecord struct {
+	Next     *DNSRecord
+	Name     *uint16
+	Type     uint16
+	Length   uint16
+	Dw       uint32
+	Ttl      uint32
+	Reserved uint32
+	Data     [40]byte
+}
+
+const (
+	TF_DISCONNECT         = 1
+	TF_REUSE_SOCKET       = 2
+	TF_WRITE_BEHIND       = 4
+	TF_USE_DEFAULT_WORKER = 0
+	TF_USE_SYSTEM_THREAD  = 16
+	TF_USE_KERNEL_APC     = 32
+)
+
+type TransmitFileBuffers struct {
+	Head       uintptr
+	HeadLength uint32
+	Tail       uintptr
+	TailLength uint32
+}
+
+const (
+	IFF_UP           = 1
+	IFF_BROADCAST    = 2
+	IFF_LOOPBACK     = 4
+	IFF_POINTTOPOINT = 8
+	IFF_MULTICAST    = 16
+)
+
+const SIO_GET_INTERFACE_LIST = 0x4004747F
+
+// TODO(mattn): SockaddrGen is union of sockaddr/sockaddr_in/sockaddr_in6_old.
+// will be fixed to change variable type as suitable.
+
+type SockaddrGen [24]byte
+
+type InterfaceInfo struct {
+	Flags            uint32
+	Address          SockaddrGen
+	BroadcastAddress SockaddrGen
+	Netmask          SockaddrGen
+}
+
+type IpAddressString struct {
+	String [16]byte
+}
+
+type IpMaskString IpAddressString
+
+type IpAddrString struct {
+	Next      *IpAddrString
+	IpAddress IpAddressString
+	IpMask    IpMaskString
+	Context   uint32
+}
+
+const MAX_ADAPTER_NAME_LENGTH = 256
+const MAX_ADAPTER_DESCRIPTION_LENGTH = 128
+const MAX_ADAPTER_ADDRESS_LENGTH = 8
+
+type IpAdapterInfo struct {
+	Next                *IpAdapterInfo
+	ComboIndex          uint32
+	AdapterName         [MAX_ADAPTER_NAME_LENGTH + 4]byte
+	Description         [MAX_ADAPTER_DESCRIPTION_LENGTH + 4]byte
+	AddressLength       uint32
+	Address             [MAX_ADAPTER_ADDRESS_LENGTH]byte
+	Index               uint32
+	Type                uint32
+	DhcpEnabled         uint32
+	CurrentIpAddress    *IpAddrString
+	IpAddressList       IpAddrString
+	GatewayList         IpAddrString
+	DhcpServer          IpAddrString
+	HaveWins            bool
+	PrimaryWinsServer   IpAddrString
+	SecondaryWinsServer IpAddrString
+	LeaseObtained       int64
+	LeaseExpires        int64
+}
+
+const MAXLEN_PHYSADDR = 8
+const MAX_INTERFACE_NAME_LEN = 256
+const MAXLEN_IFDESCR = 256
+
+type MibIfRow struct {
+	Name            [MAX_INTERFACE_NAME_LEN]uint16
+	Index           uint32
+	Type            uint32
+	Mtu             uint32
+	Speed           uint32
+	PhysAddrLen     uint32
+	PhysAddr        [MAXLEN_PHYSADDR]byte
+	AdminStatus     uint32
+	OperStatus      uint32
+	LastChange      uint32
+	InOctets        uint32
+	InUcastPkts     uint32
+	InNUcastPkts    uint32
+	InDiscards      uint32
+	InErrors        uint32
+	InUnknownProtos uint32
+	OutOctets       uint32
+	OutUcastPkts    uint32
+	OutNUcastPkts   uint32
+	OutDiscards     uint32
+	OutErrors       uint32
+	OutQLen         uint32
+	DescrLen        uint32
+	Descr           [MAXLEN_IFDESCR]byte
+}
+
+type CertInfo struct {
+	// Not implemented
+}
+
+type CertContext struct {
+	EncodingType uint32
+	EncodedCert  *byte
+	Length       uint32
+	CertInfo     *CertInfo
+	Store        Handle
+}
+
+type CertChainContext struct {
+	Size                       uint32
+	TrustStatus                CertTrustStatus
+	ChainCount                 uint32
+	Chains                     **CertSimpleChain
+	LowerQualityChainCount     uint32
+	LowerQualityChains         **CertChainContext
+	HasRevocationFreshnessTime uint32
+	RevocationFreshnessTime    uint32
+}
+
+type CertTrustListInfo struct {
+	// Not implemented
+}
+
+type CertSimpleChain struct {
+	Size                       uint32
+	TrustStatus                CertTrustStatus
+	NumElements                uint32
+	Elements                   **CertChainElement
+	TrustListInfo              *CertTrustListInfo
+	HasRevocationFreshnessTime uint32
+	RevocationFreshnessTime    uint32
+}
+
+type CertChainElement struct {
+	Size              uint32
+	CertContext       *CertContext
+	TrustStatus       CertTrustStatus
+	RevocationInfo    *CertRevocationInfo
+	IssuanceUsage     *CertEnhKeyUsage
+	ApplicationUsage  *CertEnhKeyUsage
+	ExtendedErrorInfo *uint16
+}
+
+type CertRevocationCrlInfo struct {
+	// Not implemented
+}
+
+type CertRevocationInfo struct {
+	Size             uint32
+	RevocationResult uint32
+	RevocationOid    *byte
+	OidSpecificInfo  Pointer
+	HasFreshnessTime uint32
+	FreshnessTime    uint32
+	CrlInfo          *CertRevocationCrlInfo
+}
+
+type CertTrustStatus struct {
+	ErrorStatus uint32
+	InfoStatus  uint32
+}
+
+type CertUsageMatch struct {
+	Type  uint32
+	Usage CertEnhKeyUsage
+}
+
+type CertEnhKeyUsage struct {
+	Length           uint32
+	UsageIdentifiers **byte
+}
+
+type CertChainPara struct {
+	Size                         uint32
+	RequestedUsage               CertUsageMatch
+	RequstedIssuancePolicy       CertUsageMatch
+	URLRetrievalTimeout          uint32
+	CheckRevocationFreshnessTime uint32
+	RevocationFreshnessTime      uint32
+	CacheResync                  *Filetime
+}
+
+type CertChainPolicyPara struct {
+	Size            uint32
+	Flags           uint32
+	ExtraPolicyPara Pointer
+}
+
+type SSLExtraCertChainPolicyPara struct {
+	Size       uint32
+	AuthType   uint32
+	Checks     uint32
+	ServerName *uint16
+}
+
+type CertChainPolicyStatus struct {
+	Size              uint32
+	Error             uint32
+	ChainIndex        uint32
+	ElementIndex      uint32
+	ExtraPolicyStatus Pointer
+}
+
+const (
+	// do not reorder
+	HKEY_CLASSES_ROOT = 0x80000000 + iota
+	HKEY_CURRENT_USER
+	HKEY_LOCAL_MACHINE
+	HKEY_USERS
+	HKEY_PERFORMANCE_DATA
+	HKEY_CURRENT_CONFIG
+	HKEY_DYN_DATA
+
+	KEY_QUERY_VALUE        = 1
+	KEY_SET_VALUE          = 2
+	KEY_CREATE_SUB_KEY     = 4
+	KEY_ENUMERATE_SUB_KEYS = 8
+	KEY_NOTIFY             = 16
+	KEY_CREATE_LINK        = 32
+	KEY_WRITE              = 0x20006
+	KEY_EXECUTE            = 0x20019
+	KEY_READ               = 0x20019
+	KEY_WOW64_64KEY        = 0x0100
+	KEY_WOW64_32KEY        = 0x0200
+	KEY_ALL_ACCESS         = 0xf003f
+)
+
+const (
+	// do not reorder
+	REG_NONE = iota
+	REG_SZ
+	REG_EXPAND_SZ
+	REG_BINARY
+	REG_DWORD_LITTLE_ENDIAN
+	REG_DWORD_BIG_ENDIAN
+	REG_LINK
+	REG_MULTI_SZ
+	REG_RESOURCE_LIST
+	REG_FULL_RESOURCE_DESCRIPTOR
+	REG_RESOURCE_REQUIREMENTS_LIST
+	REG_QWORD_LITTLE_ENDIAN
+	REG_DWORD = REG_DWORD_LITTLE_ENDIAN
+	REG_QWORD = REG_QWORD_LITTLE_ENDIAN
+)
+
+const (
+	EVENT_MODIFY_STATE = 0x0002
+	EVENT_ALL_ACCESS   = STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x3
+
+	MUTANT_QUERY_STATE = 0x0001
+	MUTANT_ALL_ACCESS  = STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | MUTANT_QUERY_STATE
+
+	SEMAPHORE_MODIFY_STATE = 0x0002
+	SEMAPHORE_ALL_ACCESS   = STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x3
+
+	TIMER_QUERY_STATE  = 0x0001
+	TIMER_MODIFY_STATE = 0x0002
+	TIMER_ALL_ACCESS   = STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | TIMER_QUERY_STATE | TIMER_MODIFY_STATE
+
+	MUTEX_MODIFY_STATE = MUTANT_QUERY_STATE
+	MUTEX_ALL_ACCESS   = MUTANT_ALL_ACCESS
+
+	CREATE_EVENT_MANUAL_RESET  = 0x1
+	CREATE_EVENT_INITIAL_SET   = 0x2
+	CREATE_MUTEX_INITIAL_OWNER = 0x1
+)
+
+type AddrinfoW struct {
+	Flags     int32
+	Family    int32
+	Socktype  int32
+	Protocol  int32
+	Addrlen   uintptr
+	Canonname *uint16
+	Addr      uintptr
+	Next      *AddrinfoW
+}
+
+const (
+	AI_PASSIVE     = 1
+	AI_CANONNAME   = 2
+	AI_NUMERICHOST = 4
+)
+
+type GUID struct {
+	Data1 uint32
+	Data2 uint16
+	Data3 uint16
+	Data4 [8]byte
+}
+
+var WSAID_CONNECTEX = GUID{
+	0x25a207b9,
+	0xddf3,
+	0x4660,
+	[8]byte{0x8e, 0xe9, 0x76, 0xe5, 0x8c, 0x74, 0x06, 0x3e},
+}
+
+var WSAID_WSASENDMSG = GUID{
+	0xa441e712,
+	0x754f,
+	0x43ca,
+	[8]byte{0x84, 0xa7, 0x0d, 0xee, 0x44, 0xcf, 0x60, 0x6d},
+}
+
+var WSAID_WSARECVMSG = GUID{
+	0xf689d7c8,
+	0x6f1f,
+	0x436b,
+	[8]byte{0x8a, 0x53, 0xe5, 0x4f, 0xe3, 0x51, 0xc3, 0x22},
+}
+
+const (
+	FILE_SKIP_COMPLETION_PORT_ON_SUCCESS = 1
+	FILE_SKIP_SET_EVENT_ON_HANDLE        = 2
+)
+
+const (
+	WSAPROTOCOL_LEN    = 255
+	MAX_PROTOCOL_CHAIN = 7
+	BASE_PROTOCOL      = 1
+	LAYERED_PROTOCOL   = 0
+
+	XP1_CONNECTIONLESS           = 0x00000001
+	XP1_GUARANTEED_DELIVERY      = 0x00000002
+	XP1_GUARANTEED_ORDER         = 0x00000004
+	XP1_MESSAGE_ORIENTED         = 0x00000008
+	XP1_PSEUDO_STREAM            = 0x00000010
+	XP1_GRACEFUL_CLOSE           = 0x00000020
+	XP1_EXPEDITED_DATA           = 0x00000040
+	XP1_CONNECT_DATA             = 0x00000080
+	XP1_DISCONNECT_DATA          = 0x00000100
+	XP1_SUPPORT_BROADCAST        = 0x00000200
+	XP1_SUPPORT_MULTIPOINT       = 0x00000400
+	XP1_MULTIPOINT_CONTROL_PLANE = 0x00000800
+	XP1_MULTIPOINT_DATA_PLANE    = 0x00001000
+	XP1_QOS_SUPPORTED            = 0x00002000
+	XP1_UNI_SEND                 = 0x00008000
+	XP1_UNI_RECV                 = 0x00010000
+	XP1_IFS_HANDLES              = 0x00020000
+	XP1_PARTIAL_MESSAGE          = 0x00040000
+	XP1_SAN_SUPPORT_SDP          = 0x00080000
+
+	PFL_MULTIPLE_PROTO_ENTRIES  = 0x00000001
+	PFL_RECOMMENDED_PROTO_ENTRY = 0x00000002
+	PFL_HIDDEN                  = 0x00000004
+	PFL_MATCHES_PROTOCOL_ZERO   = 0x00000008
+	PFL_NETWORKDIRECT_PROVIDER  = 0x00000010
+)
+
+type WSAProtocolInfo struct {
+	ServiceFlags1     uint32
+	ServiceFlags2     uint32
+	ServiceFlags3     uint32
+	ServiceFlags4     uint32
+	ProviderFlags     uint32
+	ProviderId        GUID
+	CatalogEntryId    uint32
+	ProtocolChain     WSAProtocolChain
+	Version           int32
+	AddressFamily     int32
+	MaxSockAddr       int32
+	MinSockAddr       int32
+	SocketType        int32
+	Protocol          int32
+	ProtocolMaxOffset int32
+	NetworkByteOrder  int32
+	SecurityScheme    int32
+	MessageSize       uint32
+	ProviderReserved  uint32
+	ProtocolName      [WSAPROTOCOL_LEN + 1]uint16
+}
+
+type WSAProtocolChain struct {
+	ChainLen     int32
+	ChainEntries [MAX_PROTOCOL_CHAIN]uint32
+}
+
+type TCPKeepalive struct {
+	OnOff    uint32
+	Time     uint32
+	Interval uint32
+}
+
+type symbolicLinkReparseBuffer struct {
+	SubstituteNameOffset uint16
+	SubstituteNameLength uint16
+	PrintNameOffset      uint16
+	PrintNameLength      uint16
+	Flags                uint32
+	PathBuffer           [1]uint16
+}
+
+type mountPointReparseBuffer struct {
+	SubstituteNameOffset uint16
+	SubstituteNameLength uint16
+	PrintNameOffset      uint16
+	PrintNameLength      uint16
+	PathBuffer           [1]uint16
+}
+
+type reparseDataBuffer struct {
+	ReparseTag        uint32
+	ReparseDataLength uint16
+	Reserved          uint16
+
+	// GenericReparseBuffer
+	reparseBuffer byte
+}
+
+const (
+	FSCTL_GET_REPARSE_POINT          = 0x900A8
+	MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 16 * 1024
+	IO_REPARSE_TAG_MOUNT_POINT       = 0xA0000003
+	IO_REPARSE_TAG_SYMLINK           = 0xA000000C
+	SYMBOLIC_LINK_FLAG_DIRECTORY     = 0x1
+)
+
+const (
+	ComputerNameNetBIOS                   = 0
+	ComputerNameDnsHostname               = 1
+	ComputerNameDnsDomain                 = 2
+	ComputerNameDnsFullyQualified         = 3
+	ComputerNamePhysicalNetBIOS           = 4
+	ComputerNamePhysicalDnsHostname       = 5
+	ComputerNamePhysicalDnsDomain         = 6
+	ComputerNamePhysicalDnsFullyQualified = 7
+	ComputerNameMax                       = 8
+)
+
+// For MessageBox()
+const (
+	MB_OK                   = 0x00000000
+	MB_OKCANCEL             = 0x00000001
+	MB_ABORTRETRYIGNORE     = 0x00000002
+	MB_YESNOCANCEL          = 0x00000003
+	MB_YESNO                = 0x00000004
+	MB_RETRYCANCEL          = 0x00000005
+	MB_CANCELTRYCONTINUE    = 0x00000006
+	MB_ICONHAND             = 0x00000010
+	MB_ICONQUESTION         = 0x00000020
+	MB_ICONEXCLAMATION      = 0x00000030
+	MB_ICONASTERISK         = 0x00000040
+	MB_USERICON             = 0x00000080
+	MB_ICONWARNING          = MB_ICONEXCLAMATION
+	MB_ICONERROR            = MB_ICONHAND
+	MB_ICONINFORMATION      = MB_ICONASTERISK
+	MB_ICONSTOP             = MB_ICONHAND
+	MB_DEFBUTTON1           = 0x00000000
+	MB_DEFBUTTON2           = 0x00000100
+	MB_DEFBUTTON3           = 0x00000200
+	MB_DEFBUTTON4           = 0x00000300
+	MB_APPLMODAL            = 0x00000000
+	MB_SYSTEMMODAL          = 0x00001000
+	MB_TASKMODAL            = 0x00002000
+	MB_HELP                 = 0x00004000
+	MB_NOFOCUS              = 0x00008000
+	MB_SETFOREGROUND        = 0x00010000
+	MB_DEFAULT_DESKTOP_ONLY = 0x00020000
+	MB_TOPMOST              = 0x00040000
+	MB_RIGHT                = 0x00080000
+	MB_RTLREADING           = 0x00100000
+	MB_SERVICE_NOTIFICATION = 0x00200000
+)
+
+const (
+	MOVEFILE_REPLACE_EXISTING      = 0x1
+	MOVEFILE_COPY_ALLOWED          = 0x2
+	MOVEFILE_DELAY_UNTIL_REBOOT    = 0x4
+	MOVEFILE_WRITE_THROUGH         = 0x8
+	MOVEFILE_CREATE_HARDLINK       = 0x10
+	MOVEFILE_FAIL_IF_NOT_TRACKABLE = 0x20
+)
+
+const GAA_FLAG_INCLUDE_PREFIX = 0x00000010
+
+const (
+	IF_TYPE_OTHER              = 1
+	IF_TYPE_ETHERNET_CSMACD    = 6
+	IF_TYPE_ISO88025_TOKENRING = 9
+	IF_TYPE_PPP                = 23
+	IF_TYPE_SOFTWARE_LOOPBACK  = 24
+	IF_TYPE_ATM                = 37
+	IF_TYPE_IEEE80211          = 71
+	IF_TYPE_TUNNEL             = 131
+	IF_TYPE_IEEE1394           = 144
+)
+
+type SocketAddress struct {
+	Sockaddr       *syscall.RawSockaddrAny
+	SockaddrLength int32
+}
+
+// IP returns an IPv4 or IPv6 address, or nil if the underlying SocketAddress is neither.
+func (addr *SocketAddress) IP() net.IP {
+	if uintptr(addr.SockaddrLength) >= unsafe.Sizeof(RawSockaddrInet4{}) && addr.Sockaddr.Addr.Family == AF_INET {
+		return (*RawSockaddrInet4)(unsafe.Pointer(addr.Sockaddr)).Addr[:]
+	} else if uintptr(addr.SockaddrLength) >= unsafe.Sizeof(RawSockaddrInet6{}) && addr.Sockaddr.Addr.Family == AF_INET6 {
+		return (*RawSockaddrInet6)(unsafe.Pointer(addr.Sockaddr)).Addr[:]
+	}
+	return nil
+}
+
+type IpAdapterUnicastAddress struct {
+	Length             uint32
+	Flags              uint32
+	Next               *IpAdapterUnicastAddress
+	Address            SocketAddress
+	PrefixOrigin       int32
+	SuffixOrigin       int32
+	DadState           int32
+	ValidLifetime      uint32
+	PreferredLifetime  uint32
+	LeaseLifetime      uint32
+	OnLinkPrefixLength uint8
+}
+
+type IpAdapterAnycastAddress struct {
+	Length  uint32
+	Flags   uint32
+	Next    *IpAdapterAnycastAddress
+	Address SocketAddress
+}
+
+type IpAdapterMulticastAddress struct {
+	Length  uint32
+	Flags   uint32
+	Next    *IpAdapterMulticastAddress
+	Address SocketAddress
+}
+
+type IpAdapterDnsServerAdapter struct {
+	Length   uint32
+	Reserved uint32
+	Next     *IpAdapterDnsServerAdapter
+	Address  SocketAddress
+}
+
+type IpAdapterPrefix struct {
+	Length       uint32
+	Flags        uint32
+	Next         *IpAdapterPrefix
+	Address      SocketAddress
+	PrefixLength uint32
+}
+
+type IpAdapterAddresses struct {
+	Length                uint32
+	IfIndex               uint32
+	Next                  *IpAdapterAddresses
+	AdapterName           *byte
+	FirstUnicastAddress   *IpAdapterUnicastAddress
+	FirstAnycastAddress   *IpAdapterAnycastAddress
+	FirstMulticastAddress *IpAdapterMulticastAddress
+	FirstDnsServerAddress *IpAdapterDnsServerAdapter
+	DnsSuffix             *uint16
+	Description           *uint16
+	FriendlyName          *uint16
+	PhysicalAddress       [syscall.MAX_ADAPTER_ADDRESS_LENGTH]byte
+	PhysicalAddressLength uint32
+	Flags                 uint32
+	Mtu                   uint32
+	IfType                uint32
+	OperStatus            uint32
+	Ipv6IfIndex           uint32
+	ZoneIndices           [16]uint32
+	FirstPrefix           *IpAdapterPrefix
+	/* more fields might be present here. */
+}
+
+const (
+	IfOperStatusUp             = 1
+	IfOperStatusDown           = 2
+	IfOperStatusTesting        = 3
+	IfOperStatusUnknown        = 4
+	IfOperStatusDormant        = 5
+	IfOperStatusNotPresent     = 6
+	IfOperStatusLowerLayerDown = 7
+)
+
+// Console related constants used for the mode parameter to SetConsoleMode. See
+// https://docs.microsoft.com/en-us/windows/console/setconsolemode for details.
+
+const (
+	ENABLE_PROCESSED_INPUT        = 0x1
+	ENABLE_LINE_INPUT             = 0x2
+	ENABLE_ECHO_INPUT             = 0x4
+	ENABLE_WINDOW_INPUT           = 0x8
+	ENABLE_MOUSE_INPUT            = 0x10
+	ENABLE_INSERT_MODE            = 0x20
+	ENABLE_QUICK_EDIT_MODE        = 0x40
+	ENABLE_EXTENDED_FLAGS         = 0x80
+	ENABLE_AUTO_POSITION          = 0x100
+	ENABLE_VIRTUAL_TERMINAL_INPUT = 0x200
+
+	ENABLE_PROCESSED_OUTPUT            = 0x1
+	ENABLE_WRAP_AT_EOL_OUTPUT          = 0x2
+	ENABLE_VIRTUAL_TERMINAL_PROCESSING = 0x4
+	DISABLE_NEWLINE_AUTO_RETURN        = 0x8
+	ENABLE_LVB_GRID_WORLDWIDE          = 0x10
+)
+
+type Coord struct {
+	X int16
+	Y int16
+}
+
+type SmallRect struct {
+	Left   int16
+	Top    int16
+	Right  int16
+	Bottom int16
+}
+
+// Used with GetConsoleScreenBuffer to retrieve information about a console
+// screen buffer. See
+// https://docs.microsoft.com/en-us/windows/console/console-screen-buffer-info-str
+// for details.
+
+type ConsoleScreenBufferInfo struct {
+	Size              Coord
+	CursorPosition    Coord
+	Attributes        uint16
+	Window            SmallRect
+	MaximumWindowSize Coord
+}
+
+const UNIX_PATH_MAX = 108 // defined in afunix.h
+
+const (
+	// flags for JOBOBJECT_BASIC_LIMIT_INFORMATION.LimitFlags
+	JOB_OBJECT_LIMIT_ACTIVE_PROCESS             = 0x00000008
+	JOB_OBJECT_LIMIT_AFFINITY                   = 0x00000010
+	JOB_OBJECT_LIMIT_BREAKAWAY_OK               = 0x00000800
+	JOB_OBJECT_LIMIT_DIE_ON_UNHANDLED_EXCEPTION = 0x00000400
+	JOB_OBJECT_LIMIT_JOB_MEMORY                 = 0x00000200
+	JOB_OBJECT_LIMIT_JOB_TIME                   = 0x00000004
+	JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE          = 0x00002000
+	JOB_OBJECT_LIMIT_PRESERVE_JOB_TIME          = 0x00000040
+	JOB_OBJECT_LIMIT_PRIORITY_CLASS             = 0x00000020
+	JOB_OBJECT_LIMIT_PROCESS_MEMORY             = 0x00000100
+	JOB_OBJECT_LIMIT_PROCESS_TIME               = 0x00000002
+	JOB_OBJECT_LIMIT_SCHEDULING_CLASS           = 0x00000080
+	JOB_OBJECT_LIMIT_SILENT_BREAKAWAY_OK        = 0x00001000
+	JOB_OBJECT_LIMIT_SUBSET_AFFINITY            = 0x00004000
+	JOB_OBJECT_LIMIT_WORKINGSET                 = 0x00000001
+)
+
+type IO_COUNTERS struct {
+	ReadOperationCount  uint64
+	WriteOperationCount uint64
+	OtherOperationCount uint64
+	ReadTransferCount   uint64
+	WriteTransferCount  uint64
+	OtherTransferCount  uint64
+}
+
+type JOBOBJECT_EXTENDED_LIMIT_INFORMATION struct {
+	BasicLimitInformation JOBOBJECT_BASIC_LIMIT_INFORMATION
+	IoInfo                IO_COUNTERS
+	ProcessMemoryLimit    uintptr
+	JobMemoryLimit        uintptr
+	PeakProcessMemoryUsed uintptr
+	PeakJobMemoryUsed     uintptr
+}
+
+const (
+	// UIRestrictionsClass
+	JOB_OBJECT_UILIMIT_DESKTOP          = 0x00000040
+	JOB_OBJECT_UILIMIT_DISPLAYSETTINGS  = 0x00000010
+	JOB_OBJECT_UILIMIT_EXITWINDOWS      = 0x00000080
+	JOB_OBJECT_UILIMIT_GLOBALATOMS      = 0x00000020
+	JOB_OBJECT_UILIMIT_HANDLES          = 0x00000001
+	JOB_OBJECT_UILIMIT_READCLIPBOARD    = 0x00000002
+	JOB_OBJECT_UILIMIT_SYSTEMPARAMETERS = 0x00000008
+	JOB_OBJECT_UILIMIT_WRITECLIPBOARD   = 0x00000004
+)
+
+type JOBOBJECT_BASIC_UI_RESTRICTIONS struct {
+	UIRestrictionsClass uint32
+}
+
+const (
+	// JobObjectInformationClass
+	JobObjectAssociateCompletionPortInformation = 7
+	JobObjectBasicLimitInformation              = 2
+	JobObjectBasicUIRestrictions                = 4
+	JobObjectCpuRateControlInformation          = 15
+	JobObjectEndOfJobTimeInformation            = 6
+	JobObjectExtendedLimitInformation           = 9
+	JobObjectGroupInformation                   = 11
+	JobObjectGroupInformationEx                 = 14
+	JobObjectLimitViolationInformation2         = 35
+	JobObjectNetRateControlInformation          = 32
+	JobObjectNotificationLimitInformation       = 12
+	JobObjectNotificationLimitInformation2      = 34
+	JobObjectSecurityLimitInformation           = 5
+)
+
+const (
+	KF_FLAG_DEFAULT                          = 0x00000000
+	KF_FLAG_FORCE_APP_DATA_REDIRECTION       = 0x00080000
+	KF_FLAG_RETURN_FILTER_REDIRECTION_TARGET = 0x00040000
+	KF_FLAG_FORCE_PACKAGE_REDIRECTION        = 0x00020000
+	KF_FLAG_NO_PACKAGE_REDIRECTION           = 0x00010000
+	KF_FLAG_FORCE_APPCONTAINER_REDIRECTION   = 0x00020000
+	KF_FLAG_NO_APPCONTAINER_REDIRECTION      = 0x00010000
+	KF_FLAG_CREATE                           = 0x00008000
+	KF_FLAG_DONT_VERIFY                      = 0x00004000
+	KF_FLAG_DONT_UNEXPAND                    = 0x00002000
+	KF_FLAG_NO_ALIAS                         = 0x00001000
+	KF_FLAG_INIT                             = 0x00000800
+	KF_FLAG_DEFAULT_PATH                     = 0x00000400
+	KF_FLAG_NOT_PARENT_RELATIVE              = 0x00000200
+	KF_FLAG_SIMPLE_IDLIST                    = 0x00000100
+	KF_FLAG_ALIAS_ONLY                       = 0x80000000
+)
+
+type OsVersionInfoEx struct {
+	osVersionInfoSize uint32
+	MajorVersion      uint32
+	MinorVersion      uint32
+	BuildNumber       uint32
+	PlatformId        uint32
+	CsdVersion        [128]uint16
+	ServicePackMajor  uint16
+	ServicePackMinor  uint16
+	SuiteMask         uint16
+	ProductType       byte
+	_                 byte
+}
+
+const (
+	EWX_LOGOFF          = 0x00000000
+	EWX_SHUTDOWN        = 0x00000001
+	EWX_REBOOT          = 0x00000002
+	EWX_FORCE           = 0x00000004
+	EWX_POWEROFF        = 0x00000008
+	EWX_FORCEIFHUNG     = 0x00000010
+	EWX_QUICKRESOLVE    = 0x00000020
+	EWX_RESTARTAPPS     = 0x00000040
+	EWX_HYBRID_SHUTDOWN = 0x00400000
+	EWX_BOOTOPTIONS     = 0x01000000
+
+	SHTDN_REASON_FLAG_COMMENT_REQUIRED          = 0x01000000
+	SHTDN_REASON_FLAG_DIRTY_PROBLEM_ID_REQUIRED = 0x02000000
+	SHTDN_REASON_FLAG_CLEAN_UI                  = 0x04000000
+	SHTDN_REASON_FLAG_DIRTY_UI                  = 0x08000000
+	SHTDN_REASON_FLAG_USER_DEFINED              = 0x40000000
+	SHTDN_REASON_FLAG_PLANNED                   = 0x80000000
+	SHTDN_REASON_MAJOR_OTHER                    = 0x00000000
+	SHTDN_REASON_MAJOR_NONE                     = 0x00000000
+	SHTDN_REASON_MAJOR_HARDWARE                 = 0x00010000
+	SHTDN_REASON_MAJOR_OPERATINGSYSTEM          = 0x00020000
+	SHTDN_REASON_MAJOR_SOFTWARE                 = 0x00030000
+	SHTDN_REASON_MAJOR_APPLICATION              = 0x00040000
+	SHTDN_REASON_MAJOR_SYSTEM                   = 0x00050000
+	SHTDN_REASON_MAJOR_POWER                    = 0x00060000
+	SHTDN_REASON_MAJOR_LEGACY_API               = 0x00070000
+	SHTDN_REASON_MINOR_OTHER                    = 0x00000000
+	SHTDN_REASON_MINOR_NONE                     = 0x000000ff
+	SHTDN_REASON_MINOR_MAINTENANCE              = 0x00000001
+	SHTDN_REASON_MINOR_INSTALLATION             = 0x00000002
+	SHTDN_REASON_MINOR_UPGRADE                  = 0x00000003
+	SHTDN_REASON_MINOR_RECONFIG                 = 0x00000004
+	SHTDN_REASON_MINOR_HUNG                     = 0x00000005
+	SHTDN_REASON_MINOR_UNSTABLE                 = 0x00000006
+	SHTDN_REASON_MINOR_DISK                     = 0x00000007
+	SHTDN_REASON_MINOR_PROCESSOR                = 0x00000008
+	SHTDN_REASON_MINOR_NETWORKCARD              = 0x00000009
+	SHTDN_REASON_MINOR_POWER_SUPPLY             = 0x0000000a
+	SHTDN_REASON_MINOR_CORDUNPLUGGED            = 0x0000000b
+	SHTDN_REASON_MINOR_ENVIRONMENT              = 0x0000000c
+	SHTDN_REASON_MINOR_HARDWARE_DRIVER          = 0x0000000d
+	SHTDN_REASON_MINOR_OTHERDRIVER              = 0x0000000e
+	SHTDN_REASON_MINOR_BLUESCREEN               = 0x0000000F
+	SHTDN_REASON_MINOR_SERVICEPACK              = 0x00000010
+	SHTDN_REASON_MINOR_HOTFIX                   = 0x00000011
+	SHTDN_REASON_MINOR_SECURITYFIX              = 0x00000012
+	SHTDN_REASON_MINOR_SECURITY                 = 0x00000013
+	SHTDN_REASON_MINOR_NETWORK_CONNECTIVITY     = 0x00000014
+	SHTDN_REASON_MINOR_WMI                      = 0x00000015
+	SHTDN_REASON_MINOR_SERVICEPACK_UNINSTALL    = 0x00000016
+	SHTDN_REASON_MINOR_HOTFIX_UNINSTALL         = 0x00000017
+	SHTDN_REASON_MINOR_SECURITYFIX_UNINSTALL    = 0x00000018
+	SHTDN_REASON_MINOR_MMC                      = 0x00000019
+	SHTDN_REASON_MINOR_SYSTEMRESTORE            = 0x0000001a
+	SHTDN_REASON_MINOR_TERMSRV                  = 0x00000020
+	SHTDN_REASON_MINOR_DC_PROMOTION             = 0x00000021
+	SHTDN_REASON_MINOR_DC_DEMOTION              = 0x00000022
+	SHTDN_REASON_UNKNOWN                        = SHTDN_REASON_MINOR_NONE
+	SHTDN_REASON_LEGACY_API                     = SHTDN_REASON_MAJOR_LEGACY_API | SHTDN_REASON_FLAG_PLANNED
+	SHTDN_REASON_VALID_BIT_MASK                 = 0xc0ffffff
+
+	SHUTDOWN_NORETRY = 0x1
+)
+
+// Flags used for GetModuleHandleEx
+const (
+	GET_MODULE_HANDLE_EX_FLAG_PIN                = 1
+	GET_MODULE_HANDLE_EX_FLAG_UNCHANGED_REFCOUNT = 2
+	GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS       = 4
+)
+
+// MUI function flag values
+const (
+	MUI_LANGUAGE_ID                    = 0x4
+	MUI_LANGUAGE_NAME                  = 0x8
+	MUI_MERGE_SYSTEM_FALLBACK          = 0x10
+	MUI_MERGE_USER_FALLBACK            = 0x20
+	MUI_UI_FALLBACK                    = MUI_MERGE_SYSTEM_FALLBACK | MUI_MERGE_USER_FALLBACK
+	MUI_THREAD_LANGUAGES               = 0x40
+	MUI_CONSOLE_FILTER                 = 0x100
+	MUI_COMPLEX_SCRIPT_FILTER          = 0x200
+	MUI_RESET_FILTERS                  = 0x001
+	MUI_USER_PREFERRED_UI_LANGUAGES    = 0x10
+	MUI_USE_INSTALLED_LANGUAGES        = 0x20
+	MUI_USE_SEARCH_ALL_LANGUAGES       = 0x40
+	MUI_LANG_NEUTRAL_PE_FILE           = 0x100
+	MUI_NON_LANG_NEUTRAL_FILE          = 0x200
+	MUI_MACHINE_LANGUAGE_SETTINGS      = 0x400
+	MUI_FILETYPE_NOT_LANGUAGE_NEUTRAL  = 0x001
+	MUI_FILETYPE_LANGUAGE_NEUTRAL_MAIN = 0x002
+	MUI_FILETYPE_LANGUAGE_NEUTRAL_MUI  = 0x004
+	MUI_QUERY_TYPE                     = 0x001
+	MUI_QUERY_CHECKSUM                 = 0x002
+	MUI_QUERY_LANGUAGE_NAME            = 0x004
+	MUI_QUERY_RESOURCE_TYPES           = 0x008
+	MUI_FILEINFO_VERSION               = 0x001
+
+	MUI_FULL_LANGUAGE      = 0x01
+	MUI_PARTIAL_LANGUAGE   = 0x02
+	MUI_LIP_LANGUAGE       = 0x04
+	MUI_LANGUAGE_INSTALLED = 0x20
+	MUI_LANGUAGE_LICENSED  = 0x40
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/types_windows_386.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/types_windows_386.go
new file mode 100644
index 000000000..8bce3e2fc
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/types_windows_386.go
@@ -0,0 +1,35 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package windows
+
+type WSAData struct {
+	Version      uint16
+	HighVersion  uint16
+	Description  [WSADESCRIPTION_LEN + 1]byte
+	SystemStatus [WSASYS_STATUS_LEN + 1]byte
+	MaxSockets   uint16
+	MaxUdpDg     uint16
+	VendorInfo   *byte
+}
+
+type Servent struct {
+	Name    *byte
+	Aliases **byte
+	Port    uint16
+	Proto   *byte
+}
+
+type JOBOBJECT_BASIC_LIMIT_INFORMATION struct {
+	PerProcessUserTimeLimit int64
+	PerJobUserTimeLimit     int64
+	LimitFlags              uint32
+	MinimumWorkingSetSize   uintptr
+	MaximumWorkingSetSize   uintptr
+	ActiveProcessLimit      uint32
+	Affinity                uintptr
+	PriorityClass           uint32
+	SchedulingClass         uint32
+	_                       uint32 // pad to 8 byte boundary
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/types_windows_amd64.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/types_windows_amd64.go
new file mode 100644
index 000000000..fdddc0c70
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/types_windows_amd64.go
@@ -0,0 +1,34 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package windows
+
+type WSAData struct {
+	Version      uint16
+	HighVersion  uint16
+	MaxSockets   uint16
+	MaxUdpDg     uint16
+	VendorInfo   *byte
+	Description  [WSADESCRIPTION_LEN + 1]byte
+	SystemStatus [WSASYS_STATUS_LEN + 1]byte
+}
+
+type Servent struct {
+	Name    *byte
+	Aliases **byte
+	Proto   *byte
+	Port    uint16
+}
+
+type JOBOBJECT_BASIC_LIMIT_INFORMATION struct {
+	PerProcessUserTimeLimit int64
+	PerJobUserTimeLimit     int64
+	LimitFlags              uint32
+	MinimumWorkingSetSize   uintptr
+	MaximumWorkingSetSize   uintptr
+	ActiveProcessLimit      uint32
+	Affinity                uintptr
+	PriorityClass           uint32
+	SchedulingClass         uint32
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/types_windows_arm.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/types_windows_arm.go
new file mode 100644
index 000000000..321872c3e
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/types_windows_arm.go
@@ -0,0 +1,35 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package windows
+
+type WSAData struct {
+	Version      uint16
+	HighVersion  uint16
+	Description  [WSADESCRIPTION_LEN + 1]byte
+	SystemStatus [WSASYS_STATUS_LEN + 1]byte
+	MaxSockets   uint16
+	MaxUdpDg     uint16
+	VendorInfo   *byte
+}
+
+type Servent struct {
+	Name    *byte
+	Aliases **byte
+	Port    uint16
+	Proto   *byte
+}
+
+type JOBOBJECT_BASIC_LIMIT_INFORMATION struct {
+	PerProcessUserTimeLimit int64
+	PerJobUserTimeLimit     int64
+	LimitFlags              uint32
+	MinimumWorkingSetSize   uintptr
+	MaximumWorkingSetSize   uintptr
+	ActiveProcessLimit      uint32
+	Affinity                uintptr
+	PriorityClass           uint32
+	SchedulingClass         uint32
+	_                       uint32 // pad to 8 byte boundary
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/zerrors_windows.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/zerrors_windows.go
new file mode 100644
index 000000000..f02120035
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/zerrors_windows.go
@@ -0,0 +1,6853 @@
+// Code generated by 'mkerrors.bash'; DO NOT EDIT.
+
+package windows
+
+import "syscall"
+
+const (
+	FACILITY_NULL                                                                           = 0
+	FACILITY_RPC                                                                            = 1
+	FACILITY_DISPATCH                                                                       = 2
+	FACILITY_STORAGE                                                                        = 3
+	FACILITY_ITF                                                                            = 4
+	FACILITY_WIN32                                                                          = 7
+	FACILITY_WINDOWS                                                                        = 8
+	FACILITY_SSPI                                                                           = 9
+	FACILITY_SECURITY                                                                       = 9
+	FACILITY_CONTROL                                                                        = 10
+	FACILITY_CERT                                                                           = 11
+	FACILITY_INTERNET                                                                       = 12
+	FACILITY_MEDIASERVER                                                                    = 13
+	FACILITY_MSMQ                                                                           = 14
+	FACILITY_SETUPAPI                                                                       = 15
+	FACILITY_SCARD                                                                          = 16
+	FACILITY_COMPLUS                                                                        = 17
+	FACILITY_AAF                                                                            = 18
+	FACILITY_URT                                                                            = 19
+	FACILITY_ACS                                                                            = 20
+	FACILITY_DPLAY                                                                          = 21
+	FACILITY_UMI                                                                            = 22
+	FACILITY_SXS                                                                            = 23
+	FACILITY_WINDOWS_CE                                                                     = 24
+	FACILITY_HTTP                                                                           = 25
+	FACILITY_USERMODE_COMMONLOG                                                             = 26
+	FACILITY_WER                                                                            = 27
+	FACILITY_USERMODE_FILTER_MANAGER                                                        = 31
+	FACILITY_BACKGROUNDCOPY                                                                 = 32
+	FACILITY_CONFIGURATION                                                                  = 33
+	FACILITY_WIA                                                                            = 33
+	FACILITY_STATE_MANAGEMENT                                                               = 34
+	FACILITY_METADIRECTORY                                                                  = 35
+	FACILITY_WINDOWSUPDATE                                                                  = 36
+	FACILITY_DIRECTORYSERVICE                                                               = 37
+	FACILITY_GRAPHICS                                                                       = 38
+	FACILITY_SHELL                                                                          = 39
+	FACILITY_NAP                                                                            = 39
+	FACILITY_TPM_SERVICES                                                                   = 40
+	FACILITY_TPM_SOFTWARE                                                                   = 41
+	FACILITY_UI                                                                             = 42
+	FACILITY_XAML                                                                           = 43
+	FACILITY_ACTION_QUEUE                                                                   = 44
+	FACILITY_PLA                                                                            = 48
+	FACILITY_WINDOWS_SETUP                                                                  = 48
+	FACILITY_FVE                                                                            = 49
+	FACILITY_FWP                                                                            = 50
+	FACILITY_WINRM                                                                          = 51
+	FACILITY_NDIS                                                                           = 52
+	FACILITY_USERMODE_HYPERVISOR                                                            = 53
+	FACILITY_CMI                                                                            = 54
+	FACILITY_USERMODE_VIRTUALIZATION                                                        = 55
+	FACILITY_USERMODE_VOLMGR                                                                = 56
+	FACILITY_BCD                                                                            = 57
+	FACILITY_USERMODE_VHD                                                                   = 58
+	FACILITY_USERMODE_HNS                                                                   = 59
+	FACILITY_SDIAG                                                                          = 60
+	FACILITY_WEBSERVICES                                                                    = 61
+	FACILITY_WINPE                                                                          = 61
+	FACILITY_WPN                                                                            = 62
+	FACILITY_WINDOWS_STORE                                                                  = 63
+	FACILITY_INPUT                                                                          = 64
+	FACILITY_EAP                                                                            = 66
+	FACILITY_WINDOWS_DEFENDER                                                               = 80
+	FACILITY_OPC                                                                            = 81
+	FACILITY_XPS                                                                            = 82
+	FACILITY_MBN                                                                            = 84
+	FACILITY_POWERSHELL                                                                     = 84
+	FACILITY_RAS                                                                            = 83
+	FACILITY_P2P_INT                                                                        = 98
+	FACILITY_P2P                                                                            = 99
+	FACILITY_DAF                                                                            = 100
+	FACILITY_BLUETOOTH_ATT                                                                  = 101
+	FACILITY_AUDIO                                                                          = 102
+	FACILITY_STATEREPOSITORY                                                                = 103
+	FACILITY_VISUALCPP                                                                      = 109
+	FACILITY_SCRIPT                                                                         = 112
+	FACILITY_PARSE                                                                          = 113
+	FACILITY_BLB                                                                            = 120
+	FACILITY_BLB_CLI                                                                        = 121
+	FACILITY_WSBAPP                                                                         = 122
+	FACILITY_BLBUI                                                                          = 128
+	FACILITY_USN                                                                            = 129
+	FACILITY_USERMODE_VOLSNAP                                                               = 130
+	FACILITY_TIERING                                                                        = 131
+	FACILITY_WSB_ONLINE                                                                     = 133
+	FACILITY_ONLINE_ID                                                                      = 134
+	FACILITY_DEVICE_UPDATE_AGENT                                                            = 135
+	FACILITY_DRVSERVICING                                                                   = 136
+	FACILITY_DLS                                                                            = 153
+	FACILITY_DELIVERY_OPTIMIZATION                                                          = 208
+	FACILITY_USERMODE_SPACES                                                                = 231
+	FACILITY_USER_MODE_SECURITY_CORE                                                        = 232
+	FACILITY_USERMODE_LICENSING                                                             = 234
+	FACILITY_SOS                                                                            = 160
+	FACILITY_DEBUGGERS                                                                      = 176
+	FACILITY_SPP                                                                            = 256
+	FACILITY_RESTORE                                                                        = 256
+	FACILITY_DMSERVER                                                                       = 256
+	FACILITY_DEPLOYMENT_SERVICES_SERVER                                                     = 257
+	FACILITY_DEPLOYMENT_SERVICES_IMAGING                                                    = 258
+	FACILITY_DEPLOYMENT_SERVICES_MANAGEMENT                                                 = 259
+	FACILITY_DEPLOYMENT_SERVICES_UTIL                                                       = 260
+	FACILITY_DEPLOYMENT_SERVICES_BINLSVC                                                    = 261
+	FACILITY_DEPLOYMENT_SERVICES_PXE                                                        = 263
+	FACILITY_DEPLOYMENT_SERVICES_TFTP                                                       = 264
+	FACILITY_DEPLOYMENT_SERVICES_TRANSPORT_MANAGEMENT                                       = 272
+	FACILITY_DEPLOYMENT_SERVICES_DRIVER_PROVISIONING                                        = 278
+	FACILITY_DEPLOYMENT_SERVICES_MULTICAST_SERVER                                           = 289
+	FACILITY_DEPLOYMENT_SERVICES_MULTICAST_CLIENT                                           = 290
+	FACILITY_DEPLOYMENT_SERVICES_CONTENT_PROVIDER                                           = 293
+	FACILITY_LINGUISTIC_SERVICES                                                            = 305
+	FACILITY_AUDIOSTREAMING                                                                 = 1094
+	FACILITY_ACCELERATOR                                                                    = 1536
+	FACILITY_WMAAECMA                                                                       = 1996
+	FACILITY_DIRECTMUSIC                                                                    = 2168
+	FACILITY_DIRECT3D10                                                                     = 2169
+	FACILITY_DXGI                                                                           = 2170
+	FACILITY_DXGI_DDI                                                                       = 2171
+	FACILITY_DIRECT3D11                                                                     = 2172
+	FACILITY_DIRECT3D11_DEBUG                                                               = 2173
+	FACILITY_DIRECT3D12                                                                     = 2174
+	FACILITY_DIRECT3D12_DEBUG                                                               = 2175
+	FACILITY_LEAP                                                                           = 2184
+	FACILITY_AUDCLNT                                                                        = 2185
+	FACILITY_WINCODEC_DWRITE_DWM                                                            = 2200
+	FACILITY_WINML                                                                          = 2192
+	FACILITY_DIRECT2D                                                                       = 2201
+	FACILITY_DEFRAG                                                                         = 2304
+	FACILITY_USERMODE_SDBUS                                                                 = 2305
+	FACILITY_JSCRIPT                                                                        = 2306
+	FACILITY_PIDGENX                                                                        = 2561
+	FACILITY_EAS                                                                            = 85
+	FACILITY_WEB                                                                            = 885
+	FACILITY_WEB_SOCKET                                                                     = 886
+	FACILITY_MOBILE                                                                         = 1793
+	FACILITY_SQLITE                                                                         = 1967
+	FACILITY_UTC                                                                            = 1989
+	FACILITY_WEP                                                                            = 2049
+	FACILITY_SYNCENGINE                                                                     = 2050
+	FACILITY_XBOX                                                                           = 2339
+	FACILITY_PIX                                                                            = 2748
+	ERROR_SUCCESS                                                             syscall.Errno = 0
+	NO_ERROR                                                                                = 0
+	SEC_E_OK                                                                  Handle        = 0x00000000
+	ERROR_INVALID_FUNCTION                                                    syscall.Errno = 1
+	ERROR_FILE_NOT_FOUND                                                      syscall.Errno = 2
+	ERROR_PATH_NOT_FOUND                                                      syscall.Errno = 3
+	ERROR_TOO_MANY_OPEN_FILES                                                 syscall.Errno = 4
+	ERROR_ACCESS_DENIED                                                       syscall.Errno = 5
+	ERROR_INVALID_HANDLE                                                      syscall.Errno = 6
+	ERROR_ARENA_TRASHED                                                       syscall.Errno = 7
+	ERROR_NOT_ENOUGH_MEMORY                                                   syscall.Errno = 8
+	ERROR_INVALID_BLOCK                                                       syscall.Errno = 9
+	ERROR_BAD_ENVIRONMENT                                                     syscall.Errno = 10
+	ERROR_BAD_FORMAT                                                          syscall.Errno = 11
+	ERROR_INVALID_ACCESS                                                      syscall.Errno = 12
+	ERROR_INVALID_DATA                                                        syscall.Errno = 13
+	ERROR_OUTOFMEMORY                                                         syscall.Errno = 14
+	ERROR_INVALID_DRIVE                                                       syscall.Errno = 15
+	ERROR_CURRENT_DIRECTORY                                                   syscall.Errno = 16
+	ERROR_NOT_SAME_DEVICE                                                     syscall.Errno = 17
+	ERROR_NO_MORE_FILES                                                       syscall.Errno = 18
+	ERROR_WRITE_PROTECT                                                       syscall.Errno = 19
+	ERROR_BAD_UNIT                                                            syscall.Errno = 20
+	ERROR_NOT_READY                                                           syscall.Errno = 21
+	ERROR_BAD_COMMAND                                                         syscall.Errno = 22
+	ERROR_CRC                                                                 syscall.Errno = 23
+	ERROR_BAD_LENGTH                                                          syscall.Errno = 24
+	ERROR_SEEK                                                                syscall.Errno = 25
+	ERROR_NOT_DOS_DISK                                                        syscall.Errno = 26
+	ERROR_SECTOR_NOT_FOUND                                                    syscall.Errno = 27
+	ERROR_OUT_OF_PAPER                                                        syscall.Errno = 28
+	ERROR_WRITE_FAULT                                                         syscall.Errno = 29
+	ERROR_READ_FAULT                                                          syscall.Errno = 30
+	ERROR_GEN_FAILURE                                                         syscall.Errno = 31
+	ERROR_SHARING_VIOLATION                                                   syscall.Errno = 32
+	ERROR_LOCK_VIOLATION                                                      syscall.Errno = 33
+	ERROR_WRONG_DISK                                                          syscall.Errno = 34
+	ERROR_SHARING_BUFFER_EXCEEDED                                             syscall.Errno = 36
+	ERROR_HANDLE_EOF                                                          syscall.Errno = 38
+	ERROR_HANDLE_DISK_FULL                                                    syscall.Errno = 39
+	ERROR_NOT_SUPPORTED                                                       syscall.Errno = 50
+	ERROR_REM_NOT_LIST                                                        syscall.Errno = 51
+	ERROR_DUP_NAME                                                            syscall.Errno = 52
+	ERROR_BAD_NETPATH                                                         syscall.Errno = 53
+	ERROR_NETWORK_BUSY                                                        syscall.Errno = 54
+	ERROR_DEV_NOT_EXIST                                                       syscall.Errno = 55
+	ERROR_TOO_MANY_CMDS                                                       syscall.Errno = 56
+	ERROR_ADAP_HDW_ERR                                                        syscall.Errno = 57
+	ERROR_BAD_NET_RESP                                                        syscall.Errno = 58
+	ERROR_UNEXP_NET_ERR                                                       syscall.Errno = 59
+	ERROR_BAD_REM_ADAP                                                        syscall.Errno = 60
+	ERROR_PRINTQ_FULL                                                         syscall.Errno = 61
+	ERROR_NO_SPOOL_SPACE                                                      syscall.Errno = 62
+	ERROR_PRINT_CANCELLED                                                     syscall.Errno = 63
+	ERROR_NETNAME_DELETED                                                     syscall.Errno = 64
+	ERROR_NETWORK_ACCESS_DENIED                                               syscall.Errno = 65
+	ERROR_BAD_DEV_TYPE                                                        syscall.Errno = 66
+	ERROR_BAD_NET_NAME                                                        syscall.Errno = 67
+	ERROR_TOO_MANY_NAMES                                                      syscall.Errno = 68
+	ERROR_TOO_MANY_SESS                                                       syscall.Errno = 69
+	ERROR_SHARING_PAUSED                                                      syscall.Errno = 70
+	ERROR_REQ_NOT_ACCEP                                                       syscall.Errno = 71
+	ERROR_REDIR_PAUSED                                                        syscall.Errno = 72
+	ERROR_FILE_EXISTS                                                         syscall.Errno = 80
+	ERROR_CANNOT_MAKE                                                         syscall.Errno = 82
+	ERROR_FAIL_I24                                                            syscall.Errno = 83
+	ERROR_OUT_OF_STRUCTURES                                                   syscall.Errno = 84
+	ERROR_ALREADY_ASSIGNED                                                    syscall.Errno = 85
+	ERROR_INVALID_PASSWORD                                                    syscall.Errno = 86
+	ERROR_INVALID_PARAMETER                                                   syscall.Errno = 87
+	ERROR_NET_WRITE_FAULT                                                     syscall.Errno = 88
+	ERROR_NO_PROC_SLOTS                                                       syscall.Errno = 89
+	ERROR_TOO_MANY_SEMAPHORES                                                 syscall.Errno = 100
+	ERROR_EXCL_SEM_ALREADY_OWNED                                              syscall.Errno = 101
+	ERROR_SEM_IS_SET                                                          syscall.Errno = 102
+	ERROR_TOO_MANY_SEM_REQUESTS                                               syscall.Errno = 103
+	ERROR_INVALID_AT_INTERRUPT_TIME                                           syscall.Errno = 104
+	ERROR_SEM_OWNER_DIED                                                      syscall.Errno = 105
+	ERROR_SEM_USER_LIMIT                                                      syscall.Errno = 106
+	ERROR_DISK_CHANGE                                                         syscall.Errno = 107
+	ERROR_DRIVE_LOCKED                                                        syscall.Errno = 108
+	ERROR_BROKEN_PIPE                                                         syscall.Errno = 109
+	ERROR_OPEN_FAILED                                                         syscall.Errno = 110
+	ERROR_BUFFER_OVERFLOW                                                     syscall.Errno = 111
+	ERROR_DISK_FULL                                                           syscall.Errno = 112
+	ERROR_NO_MORE_SEARCH_HANDLES                                              syscall.Errno = 113
+	ERROR_INVALID_TARGET_HANDLE                                               syscall.Errno = 114
+	ERROR_INVALID_CATEGORY                                                    syscall.Errno = 117
+	ERROR_INVALID_VERIFY_SWITCH                                               syscall.Errno = 118
+	ERROR_BAD_DRIVER_LEVEL                                                    syscall.Errno = 119
+	ERROR_CALL_NOT_IMPLEMENTED                                                syscall.Errno = 120
+	ERROR_SEM_TIMEOUT                                                         syscall.Errno = 121
+	ERROR_INSUFFICIENT_BUFFER                                                 syscall.Errno = 122
+	ERROR_INVALID_NAME                                                        syscall.Errno = 123
+	ERROR_INVALID_LEVEL                                                       syscall.Errno = 124
+	ERROR_NO_VOLUME_LABEL                                                     syscall.Errno = 125
+	ERROR_MOD_NOT_FOUND                                                       syscall.Errno = 126
+	ERROR_PROC_NOT_FOUND                                                      syscall.Errno = 127
+	ERROR_WAIT_NO_CHILDREN                                                    syscall.Errno = 128
+	ERROR_CHILD_NOT_COMPLETE                                                  syscall.Errno = 129
+	ERROR_DIRECT_ACCESS_HANDLE                                                syscall.Errno = 130
+	ERROR_NEGATIVE_SEEK                                                       syscall.Errno = 131
+	ERROR_SEEK_ON_DEVICE                                                      syscall.Errno = 132
+	ERROR_IS_JOIN_TARGET                                                      syscall.Errno = 133
+	ERROR_IS_JOINED                                                           syscall.Errno = 134
+	ERROR_IS_SUBSTED                                                          syscall.Errno = 135
+	ERROR_NOT_JOINED                                                          syscall.Errno = 136
+	ERROR_NOT_SUBSTED                                                         syscall.Errno = 137
+	ERROR_JOIN_TO_JOIN                                                        syscall.Errno = 138
+	ERROR_SUBST_TO_SUBST                                                      syscall.Errno = 139
+	ERROR_JOIN_TO_SUBST                                                       syscall.Errno = 140
+	ERROR_SUBST_TO_JOIN                                                       syscall.Errno = 141
+	ERROR_BUSY_DRIVE                                                          syscall.Errno = 142
+	ERROR_SAME_DRIVE                                                          syscall.Errno = 143
+	ERROR_DIR_NOT_ROOT                                                        syscall.Errno = 144
+	ERROR_DIR_NOT_EMPTY                                                       syscall.Errno = 145
+	ERROR_IS_SUBST_PATH                                                       syscall.Errno = 146
+	ERROR_IS_JOIN_PATH                                                        syscall.Errno = 147
+	ERROR_PATH_BUSY                                                           syscall.Errno = 148
+	ERROR_IS_SUBST_TARGET                                                     syscall.Errno = 149
+	ERROR_SYSTEM_TRACE                                                        syscall.Errno = 150
+	ERROR_INVALID_EVENT_COUNT                                                 syscall.Errno = 151
+	ERROR_TOO_MANY_MUXWAITERS                                                 syscall.Errno = 152
+	ERROR_INVALID_LIST_FORMAT                                                 syscall.Errno = 153
+	ERROR_LABEL_TOO_LONG                                                      syscall.Errno = 154
+	ERROR_TOO_MANY_TCBS                                                       syscall.Errno = 155
+	ERROR_SIGNAL_REFUSED                                                      syscall.Errno = 156
+	ERROR_DISCARDED                                                           syscall.Errno = 157
+	ERROR_NOT_LOCKED                                                          syscall.Errno = 158
+	ERROR_BAD_THREADID_ADDR                                                   syscall.Errno = 159
+	ERROR_BAD_ARGUMENTS                                                       syscall.Errno = 160
+	ERROR_BAD_PATHNAME                                                        syscall.Errno = 161
+	ERROR_SIGNAL_PENDING                                                      syscall.Errno = 162
+	ERROR_MAX_THRDS_REACHED                                                   syscall.Errno = 164
+	ERROR_LOCK_FAILED                                                         syscall.Errno = 167
+	ERROR_BUSY                                                                syscall.Errno = 170
+	ERROR_DEVICE_SUPPORT_IN_PROGRESS                                          syscall.Errno = 171
+	ERROR_CANCEL_VIOLATION                                                    syscall.Errno = 173
+	ERROR_ATOMIC_LOCKS_NOT_SUPPORTED                                          syscall.Errno = 174
+	ERROR_INVALID_SEGMENT_NUMBER                                              syscall.Errno = 180
+	ERROR_INVALID_ORDINAL                                                     syscall.Errno = 182
+	ERROR_ALREADY_EXISTS                                                      syscall.Errno = 183
+	ERROR_INVALID_FLAG_NUMBER                                                 syscall.Errno = 186
+	ERROR_SEM_NOT_FOUND                                                       syscall.Errno = 187
+	ERROR_INVALID_STARTING_CODESEG                                            syscall.Errno = 188
+	ERROR_INVALID_STACKSEG                                                    syscall.Errno = 189
+	ERROR_INVALID_MODULETYPE                                                  syscall.Errno = 190
+	ERROR_INVALID_EXE_SIGNATURE                                               syscall.Errno = 191
+	ERROR_EXE_MARKED_INVALID                                                  syscall.Errno = 192
+	ERROR_BAD_EXE_FORMAT                                                      syscall.Errno = 193
+	ERROR_ITERATED_DATA_EXCEEDS_64k                                           syscall.Errno = 194
+	ERROR_INVALID_MINALLOCSIZE                                                syscall.Errno = 195
+	ERROR_DYNLINK_FROM_INVALID_RING                                           syscall.Errno = 196
+	ERROR_IOPL_NOT_ENABLED                                                    syscall.Errno = 197
+	ERROR_INVALID_SEGDPL                                                      syscall.Errno = 198
+	ERROR_AUTODATASEG_EXCEEDS_64k                                             syscall.Errno = 199
+	ERROR_RING2SEG_MUST_BE_MOVABLE                                            syscall.Errno = 200
+	ERROR_RELOC_CHAIN_XEEDS_SEGLIM                                            syscall.Errno = 201
+	ERROR_INFLOOP_IN_RELOC_CHAIN                                              syscall.Errno = 202
+	ERROR_ENVVAR_NOT_FOUND                                                    syscall.Errno = 203
+	ERROR_NO_SIGNAL_SENT                                                      syscall.Errno = 205
+	ERROR_FILENAME_EXCED_RANGE                                                syscall.Errno = 206
+	ERROR_RING2_STACK_IN_USE                                                  syscall.Errno = 207
+	ERROR_META_EXPANSION_TOO_LONG                                             syscall.Errno = 208
+	ERROR_INVALID_SIGNAL_NUMBER                                               syscall.Errno = 209
+	ERROR_THREAD_1_INACTIVE                                                   syscall.Errno = 210
+	ERROR_LOCKED                                                              syscall.Errno = 212
+	ERROR_TOO_MANY_MODULES                                                    syscall.Errno = 214
+	ERROR_NESTING_NOT_ALLOWED                                                 syscall.Errno = 215
+	ERROR_EXE_MACHINE_TYPE_MISMATCH                                           syscall.Errno = 216
+	ERROR_EXE_CANNOT_MODIFY_SIGNED_BINARY                                     syscall.Errno = 217
+	ERROR_EXE_CANNOT_MODIFY_STRONG_SIGNED_BINARY                              syscall.Errno = 218
+	ERROR_FILE_CHECKED_OUT                                                    syscall.Errno = 220
+	ERROR_CHECKOUT_REQUIRED                                                   syscall.Errno = 221
+	ERROR_BAD_FILE_TYPE                                                       syscall.Errno = 222
+	ERROR_FILE_TOO_LARGE                                                      syscall.Errno = 223
+	ERROR_FORMS_AUTH_REQUIRED                                                 syscall.Errno = 224
+	ERROR_VIRUS_INFECTED                                                      syscall.Errno = 225
+	ERROR_VIRUS_DELETED                                                       syscall.Errno = 226
+	ERROR_PIPE_LOCAL                                                          syscall.Errno = 229
+	ERROR_BAD_PIPE                                                            syscall.Errno = 230
+	ERROR_PIPE_BUSY                                                           syscall.Errno = 231
+	ERROR_NO_DATA                                                             syscall.Errno = 232
+	ERROR_PIPE_NOT_CONNECTED                                                  syscall.Errno = 233
+	ERROR_MORE_DATA                                                           syscall.Errno = 234
+	ERROR_NO_WORK_DONE                                                        syscall.Errno = 235
+	ERROR_VC_DISCONNECTED                                                     syscall.Errno = 240
+	ERROR_INVALID_EA_NAME                                                     syscall.Errno = 254
+	ERROR_EA_LIST_INCONSISTENT                                                syscall.Errno = 255
+	WAIT_TIMEOUT                                                              syscall.Errno = 258
+	ERROR_NO_MORE_ITEMS                                                       syscall.Errno = 259
+	ERROR_CANNOT_COPY                                                         syscall.Errno = 266
+	ERROR_DIRECTORY                                                           syscall.Errno = 267
+	ERROR_EAS_DIDNT_FIT                                                       syscall.Errno = 275
+	ERROR_EA_FILE_CORRUPT                                                     syscall.Errno = 276
+	ERROR_EA_TABLE_FULL                                                       syscall.Errno = 277
+	ERROR_INVALID_EA_HANDLE                                                   syscall.Errno = 278
+	ERROR_EAS_NOT_SUPPORTED                                                   syscall.Errno = 282
+	ERROR_NOT_OWNER                                                           syscall.Errno = 288
+	ERROR_TOO_MANY_POSTS                                                      syscall.Errno = 298
+	ERROR_PARTIAL_COPY                                                        syscall.Errno = 299
+	ERROR_OPLOCK_NOT_GRANTED                                                  syscall.Errno = 300
+	ERROR_INVALID_OPLOCK_PROTOCOL                                             syscall.Errno = 301
+	ERROR_DISK_TOO_FRAGMENTED                                                 syscall.Errno = 302
+	ERROR_DELETE_PENDING                                                      syscall.Errno = 303
+	ERROR_INCOMPATIBLE_WITH_GLOBAL_SHORT_NAME_REGISTRY_SETTING                syscall.Errno = 304
+	ERROR_SHORT_NAMES_NOT_ENABLED_ON_VOLUME                                   syscall.Errno = 305
+	ERROR_SECURITY_STREAM_IS_INCONSISTENT                                     syscall.Errno = 306
+	ERROR_INVALID_LOCK_RANGE                                                  syscall.Errno = 307
+	ERROR_IMAGE_SUBSYSTEM_NOT_PRESENT                                         syscall.Errno = 308
+	ERROR_NOTIFICATION_GUID_ALREADY_DEFINED                                   syscall.Errno = 309
+	ERROR_INVALID_EXCEPTION_HANDLER                                           syscall.Errno = 310
+	ERROR_DUPLICATE_PRIVILEGES                                                syscall.Errno = 311
+	ERROR_NO_RANGES_PROCESSED                                                 syscall.Errno = 312
+	ERROR_NOT_ALLOWED_ON_SYSTEM_FILE                                          syscall.Errno = 313
+	ERROR_DISK_RESOURCES_EXHAUSTED                                            syscall.Errno = 314
+	ERROR_INVALID_TOKEN                                                       syscall.Errno = 315
+	ERROR_DEVICE_FEATURE_NOT_SUPPORTED                                        syscall.Errno = 316
+	ERROR_MR_MID_NOT_FOUND                                                    syscall.Errno = 317
+	ERROR_SCOPE_NOT_FOUND                                                     syscall.Errno = 318
+	ERROR_UNDEFINED_SCOPE                                                     syscall.Errno = 319
+	ERROR_INVALID_CAP                                                         syscall.Errno = 320
+	ERROR_DEVICE_UNREACHABLE                                                  syscall.Errno = 321
+	ERROR_DEVICE_NO_RESOURCES                                                 syscall.Errno = 322
+	ERROR_DATA_CHECKSUM_ERROR                                                 syscall.Errno = 323
+	ERROR_INTERMIXED_KERNEL_EA_OPERATION                                      syscall.Errno = 324
+	ERROR_FILE_LEVEL_TRIM_NOT_SUPPORTED                                       syscall.Errno = 326
+	ERROR_OFFSET_ALIGNMENT_VIOLATION                                          syscall.Errno = 327
+	ERROR_INVALID_FIELD_IN_PARAMETER_LIST                                     syscall.Errno = 328
+	ERROR_OPERATION_IN_PROGRESS                                               syscall.Errno = 329
+	ERROR_BAD_DEVICE_PATH                                                     syscall.Errno = 330
+	ERROR_TOO_MANY_DESCRIPTORS                                                syscall.Errno = 331
+	ERROR_SCRUB_DATA_DISABLED                                                 syscall.Errno = 332
+	ERROR_NOT_REDUNDANT_STORAGE                                               syscall.Errno = 333
+	ERROR_RESIDENT_FILE_NOT_SUPPORTED                                         syscall.Errno = 334
+	ERROR_COMPRESSED_FILE_NOT_SUPPORTED                                       syscall.Errno = 335
+	ERROR_DIRECTORY_NOT_SUPPORTED                                             syscall.Errno = 336
+	ERROR_NOT_READ_FROM_COPY                                                  syscall.Errno = 337
+	ERROR_FT_WRITE_FAILURE                                                    syscall.Errno = 338
+	ERROR_FT_DI_SCAN_REQUIRED                                                 syscall.Errno = 339
+	ERROR_INVALID_KERNEL_INFO_VERSION                                         syscall.Errno = 340
+	ERROR_INVALID_PEP_INFO_VERSION                                            syscall.Errno = 341
+	ERROR_OBJECT_NOT_EXTERNALLY_BACKED                                        syscall.Errno = 342
+	ERROR_EXTERNAL_BACKING_PROVIDER_UNKNOWN                                   syscall.Errno = 343
+	ERROR_COMPRESSION_NOT_BENEFICIAL                                          syscall.Errno = 344
+	ERROR_STORAGE_TOPOLOGY_ID_MISMATCH                                        syscall.Errno = 345
+	ERROR_BLOCKED_BY_PARENTAL_CONTROLS                                        syscall.Errno = 346
+	ERROR_BLOCK_TOO_MANY_REFERENCES                                           syscall.Errno = 347
+	ERROR_MARKED_TO_DISALLOW_WRITES                                           syscall.Errno = 348
+	ERROR_ENCLAVE_FAILURE                                                     syscall.Errno = 349
+	ERROR_FAIL_NOACTION_REBOOT                                                syscall.Errno = 350
+	ERROR_FAIL_SHUTDOWN                                                       syscall.Errno = 351
+	ERROR_FAIL_RESTART                                                        syscall.Errno = 352
+	ERROR_MAX_SESSIONS_REACHED                                                syscall.Errno = 353
+	ERROR_NETWORK_ACCESS_DENIED_EDP                                           syscall.Errno = 354
+	ERROR_DEVICE_HINT_NAME_BUFFER_TOO_SMALL                                   syscall.Errno = 355
+	ERROR_EDP_POLICY_DENIES_OPERATION                                         syscall.Errno = 356
+	ERROR_EDP_DPL_POLICY_CANT_BE_SATISFIED                                    syscall.Errno = 357
+	ERROR_CLOUD_FILE_SYNC_ROOT_METADATA_CORRUPT                               syscall.Errno = 358
+	ERROR_DEVICE_IN_MAINTENANCE                                               syscall.Errno = 359
+	ERROR_NOT_SUPPORTED_ON_DAX                                                syscall.Errno = 360
+	ERROR_DAX_MAPPING_EXISTS                                                  syscall.Errno = 361
+	ERROR_CLOUD_FILE_PROVIDER_NOT_RUNNING                                     syscall.Errno = 362
+	ERROR_CLOUD_FILE_METADATA_CORRUPT                                         syscall.Errno = 363
+	ERROR_CLOUD_FILE_METADATA_TOO_LARGE                                       syscall.Errno = 364
+	ERROR_CLOUD_FILE_PROPERTY_BLOB_TOO_LARGE                                  syscall.Errno = 365
+	ERROR_CLOUD_FILE_PROPERTY_BLOB_CHECKSUM_MISMATCH                          syscall.Errno = 366
+	ERROR_CHILD_PROCESS_BLOCKED                                               syscall.Errno = 367
+	ERROR_STORAGE_LOST_DATA_PERSISTENCE                                       syscall.Errno = 368
+	ERROR_FILE_SYSTEM_VIRTUALIZATION_UNAVAILABLE                              syscall.Errno = 369
+	ERROR_FILE_SYSTEM_VIRTUALIZATION_METADATA_CORRUPT                         syscall.Errno = 370
+	ERROR_FILE_SYSTEM_VIRTUALIZATION_BUSY                                     syscall.Errno = 371
+	ERROR_FILE_SYSTEM_VIRTUALIZATION_PROVIDER_UNKNOWN                         syscall.Errno = 372
+	ERROR_GDI_HANDLE_LEAK                                                     syscall.Errno = 373
+	ERROR_CLOUD_FILE_TOO_MANY_PROPERTY_BLOBS                                  syscall.Errno = 374
+	ERROR_CLOUD_FILE_PROPERTY_VERSION_NOT_SUPPORTED                           syscall.Errno = 375
+	ERROR_NOT_A_CLOUD_FILE                                                    syscall.Errno = 376
+	ERROR_CLOUD_FILE_NOT_IN_SYNC                                              syscall.Errno = 377
+	ERROR_CLOUD_FILE_ALREADY_CONNECTED                                        syscall.Errno = 378
+	ERROR_CLOUD_FILE_NOT_SUPPORTED                                            syscall.Errno = 379
+	ERROR_CLOUD_FILE_INVALID_REQUEST                                          syscall.Errno = 380
+	ERROR_CLOUD_FILE_READ_ONLY_VOLUME                                         syscall.Errno = 381
+	ERROR_CLOUD_FILE_CONNECTED_PROVIDER_ONLY                                  syscall.Errno = 382
+	ERROR_CLOUD_FILE_VALIDATION_FAILED                                        syscall.Errno = 383
+	ERROR_SMB1_NOT_AVAILABLE                                                  syscall.Errno = 384
+	ERROR_FILE_SYSTEM_VIRTUALIZATION_INVALID_OPERATION                        syscall.Errno = 385
+	ERROR_CLOUD_FILE_AUTHENTICATION_FAILED                                    syscall.Errno = 386
+	ERROR_CLOUD_FILE_INSUFFICIENT_RESOURCES                                   syscall.Errno = 387
+	ERROR_CLOUD_FILE_NETWORK_UNAVAILABLE                                      syscall.Errno = 388
+	ERROR_CLOUD_FILE_UNSUCCESSFUL                                             syscall.Errno = 389
+	ERROR_CLOUD_FILE_NOT_UNDER_SYNC_ROOT                                      syscall.Errno = 390
+	ERROR_CLOUD_FILE_IN_USE                                                   syscall.Errno = 391
+	ERROR_CLOUD_FILE_PINNED                                                   syscall.Errno = 392
+	ERROR_CLOUD_FILE_REQUEST_ABORTED                                          syscall.Errno = 393
+	ERROR_CLOUD_FILE_PROPERTY_CORRUPT                                         syscall.Errno = 394
+	ERROR_CLOUD_FILE_ACCESS_DENIED                                            syscall.Errno = 395
+	ERROR_CLOUD_FILE_INCOMPATIBLE_HARDLINKS                                   syscall.Errno = 396
+	ERROR_CLOUD_FILE_PROPERTY_LOCK_CONFLICT                                   syscall.Errno = 397
+	ERROR_CLOUD_FILE_REQUEST_CANCELED                                         syscall.Errno = 398
+	ERROR_EXTERNAL_SYSKEY_NOT_SUPPORTED                                       syscall.Errno = 399
+	ERROR_THREAD_MODE_ALREADY_BACKGROUND                                      syscall.Errno = 400
+	ERROR_THREAD_MODE_NOT_BACKGROUND                                          syscall.Errno = 401
+	ERROR_PROCESS_MODE_ALREADY_BACKGROUND                                     syscall.Errno = 402
+	ERROR_PROCESS_MODE_NOT_BACKGROUND                                         syscall.Errno = 403
+	ERROR_CLOUD_FILE_PROVIDER_TERMINATED                                      syscall.Errno = 404
+	ERROR_NOT_A_CLOUD_SYNC_ROOT                                               syscall.Errno = 405
+	ERROR_FILE_PROTECTED_UNDER_DPL                                            syscall.Errno = 406
+	ERROR_VOLUME_NOT_CLUSTER_ALIGNED                                          syscall.Errno = 407
+	ERROR_NO_PHYSICALLY_ALIGNED_FREE_SPACE_FOUND                              syscall.Errno = 408
+	ERROR_APPX_FILE_NOT_ENCRYPTED                                             syscall.Errno = 409
+	ERROR_RWRAW_ENCRYPTED_FILE_NOT_ENCRYPTED                                  syscall.Errno = 410
+	ERROR_RWRAW_ENCRYPTED_INVALID_EDATAINFO_FILEOFFSET                        syscall.Errno = 411
+	ERROR_RWRAW_ENCRYPTED_INVALID_EDATAINFO_FILERANGE                         syscall.Errno = 412
+	ERROR_RWRAW_ENCRYPTED_INVALID_EDATAINFO_PARAMETER                         syscall.Errno = 413
+	ERROR_LINUX_SUBSYSTEM_NOT_PRESENT                                         syscall.Errno = 414
+	ERROR_FT_READ_FAILURE                                                     syscall.Errno = 415
+	ERROR_STORAGE_RESERVE_ID_INVALID                                          syscall.Errno = 416
+	ERROR_STORAGE_RESERVE_DOES_NOT_EXIST                                      syscall.Errno = 417
+	ERROR_STORAGE_RESERVE_ALREADY_EXISTS                                      syscall.Errno = 418
+	ERROR_STORAGE_RESERVE_NOT_EMPTY                                           syscall.Errno = 419
+	ERROR_NOT_A_DAX_VOLUME                                                    syscall.Errno = 420
+	ERROR_NOT_DAX_MAPPABLE                                                    syscall.Errno = 421
+	ERROR_TIME_CRITICAL_THREAD                                                syscall.Errno = 422
+	ERROR_DPL_NOT_SUPPORTED_FOR_USER                                          syscall.Errno = 423
+	ERROR_CASE_DIFFERING_NAMES_IN_DIR                                         syscall.Errno = 424
+	ERROR_CAPAUTHZ_NOT_DEVUNLOCKED                                            syscall.Errno = 450
+	ERROR_CAPAUTHZ_CHANGE_TYPE                                                syscall.Errno = 451
+	ERROR_CAPAUTHZ_NOT_PROVISIONED                                            syscall.Errno = 452
+	ERROR_CAPAUTHZ_NOT_AUTHORIZED                                             syscall.Errno = 453
+	ERROR_CAPAUTHZ_NO_POLICY                                                  syscall.Errno = 454
+	ERROR_CAPAUTHZ_DB_CORRUPTED                                               syscall.Errno = 455
+	ERROR_CAPAUTHZ_SCCD_INVALID_CATALOG                                       syscall.Errno = 456
+	ERROR_CAPAUTHZ_SCCD_NO_AUTH_ENTITY                                        syscall.Errno = 457
+	ERROR_CAPAUTHZ_SCCD_PARSE_ERROR                                           syscall.Errno = 458
+	ERROR_CAPAUTHZ_SCCD_DEV_MODE_REQUIRED                                     syscall.Errno = 459
+	ERROR_CAPAUTHZ_SCCD_NO_CAPABILITY_MATCH                                   syscall.Errno = 460
+	ERROR_PNP_QUERY_REMOVE_DEVICE_TIMEOUT                                     syscall.Errno = 480
+	ERROR_PNP_QUERY_REMOVE_RELATED_DEVICE_TIMEOUT                             syscall.Errno = 481
+	ERROR_PNP_QUERY_REMOVE_UNRELATED_DEVICE_TIMEOUT                           syscall.Errno = 482
+	ERROR_DEVICE_HARDWARE_ERROR                                               syscall.Errno = 483
+	ERROR_INVALID_ADDRESS                                                     syscall.Errno = 487
+	ERROR_VRF_CFG_ENABLED                                                     syscall.Errno = 1183
+	ERROR_PARTITION_TERMINATING                                               syscall.Errno = 1184
+	ERROR_USER_PROFILE_LOAD                                                   syscall.Errno = 500
+	ERROR_ARITHMETIC_OVERFLOW                                                 syscall.Errno = 534
+	ERROR_PIPE_CONNECTED                                                      syscall.Errno = 535
+	ERROR_PIPE_LISTENING                                                      syscall.Errno = 536
+	ERROR_VERIFIER_STOP                                                       syscall.Errno = 537
+	ERROR_ABIOS_ERROR                                                         syscall.Errno = 538
+	ERROR_WX86_WARNING                                                        syscall.Errno = 539
+	ERROR_WX86_ERROR                                                          syscall.Errno = 540
+	ERROR_TIMER_NOT_CANCELED                                                  syscall.Errno = 541
+	ERROR_UNWIND                                                              syscall.Errno = 542
+	ERROR_BAD_STACK                                                           syscall.Errno = 543
+	ERROR_INVALID_UNWIND_TARGET                                               syscall.Errno = 544
+	ERROR_INVALID_PORT_ATTRIBUTES                                             syscall.Errno = 545
+	ERROR_PORT_MESSAGE_TOO_LONG                                               syscall.Errno = 546
+	ERROR_INVALID_QUOTA_LOWER                                                 syscall.Errno = 547
+	ERROR_DEVICE_ALREADY_ATTACHED                                             syscall.Errno = 548
+	ERROR_INSTRUCTION_MISALIGNMENT                                            syscall.Errno = 549
+	ERROR_PROFILING_NOT_STARTED                                               syscall.Errno = 550
+	ERROR_PROFILING_NOT_STOPPED                                               syscall.Errno = 551
+	ERROR_COULD_NOT_INTERPRET                                                 syscall.Errno = 552
+	ERROR_PROFILING_AT_LIMIT                                                  syscall.Errno = 553
+	ERROR_CANT_WAIT                                                           syscall.Errno = 554
+	ERROR_CANT_TERMINATE_SELF                                                 syscall.Errno = 555
+	ERROR_UNEXPECTED_MM_CREATE_ERR                                            syscall.Errno = 556
+	ERROR_UNEXPECTED_MM_MAP_ERROR                                             syscall.Errno = 557
+	ERROR_UNEXPECTED_MM_EXTEND_ERR                                            syscall.Errno = 558
+	ERROR_BAD_FUNCTION_TABLE                                                  syscall.Errno = 559
+	ERROR_NO_GUID_TRANSLATION                                                 syscall.Errno = 560
+	ERROR_INVALID_LDT_SIZE                                                    syscall.Errno = 561
+	ERROR_INVALID_LDT_OFFSET                                                  syscall.Errno = 563
+	ERROR_INVALID_LDT_DESCRIPTOR                                              syscall.Errno = 564
+	ERROR_TOO_MANY_THREADS                                                    syscall.Errno = 565
+	ERROR_THREAD_NOT_IN_PROCESS                                               syscall.Errno = 566
+	ERROR_PAGEFILE_QUOTA_EXCEEDED                                             syscall.Errno = 567
+	ERROR_LOGON_SERVER_CONFLICT                                               syscall.Errno = 568
+	ERROR_SYNCHRONIZATION_REQUIRED                                            syscall.Errno = 569
+	ERROR_NET_OPEN_FAILED                                                     syscall.Errno = 570
+	ERROR_IO_PRIVILEGE_FAILED                                                 syscall.Errno = 571
+	ERROR_CONTROL_C_EXIT                                                      syscall.Errno = 572
+	ERROR_MISSING_SYSTEMFILE                                                  syscall.Errno = 573
+	ERROR_UNHANDLED_EXCEPTION                                                 syscall.Errno = 574
+	ERROR_APP_INIT_FAILURE                                                    syscall.Errno = 575
+	ERROR_PAGEFILE_CREATE_FAILED                                              syscall.Errno = 576
+	ERROR_INVALID_IMAGE_HASH                                                  syscall.Errno = 577
+	ERROR_NO_PAGEFILE                                                         syscall.Errno = 578
+	ERROR_ILLEGAL_FLOAT_CONTEXT                                               syscall.Errno = 579
+	ERROR_NO_EVENT_PAIR                                                       syscall.Errno = 580
+	ERROR_DOMAIN_CTRLR_CONFIG_ERROR                                           syscall.Errno = 581
+	ERROR_ILLEGAL_CHARACTER                                                   syscall.Errno = 582
+	ERROR_UNDEFINED_CHARACTER                                                 syscall.Errno = 583
+	ERROR_FLOPPY_VOLUME                                                       syscall.Errno = 584
+	ERROR_BIOS_FAILED_TO_CONNECT_INTERRUPT                                    syscall.Errno = 585
+	ERROR_BACKUP_CONTROLLER                                                   syscall.Errno = 586
+	ERROR_MUTANT_LIMIT_EXCEEDED                                               syscall.Errno = 587
+	ERROR_FS_DRIVER_REQUIRED                                                  syscall.Errno = 588
+	ERROR_CANNOT_LOAD_REGISTRY_FILE                                           syscall.Errno = 589
+	ERROR_DEBUG_ATTACH_FAILED                                                 syscall.Errno = 590
+	ERROR_SYSTEM_PROCESS_TERMINATED                                           syscall.Errno = 591
+	ERROR_DATA_NOT_ACCEPTED                                                   syscall.Errno = 592
+	ERROR_VDM_HARD_ERROR                                                      syscall.Errno = 593
+	ERROR_DRIVER_CANCEL_TIMEOUT                                               syscall.Errno = 594
+	ERROR_REPLY_MESSAGE_MISMATCH                                              syscall.Errno = 595
+	ERROR_LOST_WRITEBEHIND_DATA                                               syscall.Errno = 596
+	ERROR_CLIENT_SERVER_PARAMETERS_INVALID                                    syscall.Errno = 597
+	ERROR_NOT_TINY_STREAM                                                     syscall.Errno = 598
+	ERROR_STACK_OVERFLOW_READ                                                 syscall.Errno = 599
+	ERROR_CONVERT_TO_LARGE                                                    syscall.Errno = 600
+	ERROR_FOUND_OUT_OF_SCOPE                                                  syscall.Errno = 601
+	ERROR_ALLOCATE_BUCKET                                                     syscall.Errno = 602
+	ERROR_MARSHALL_OVERFLOW                                                   syscall.Errno = 603
+	ERROR_INVALID_VARIANT                                                     syscall.Errno = 604
+	ERROR_BAD_COMPRESSION_BUFFER                                              syscall.Errno = 605
+	ERROR_AUDIT_FAILED                                                        syscall.Errno = 606
+	ERROR_TIMER_RESOLUTION_NOT_SET                                            syscall.Errno = 607
+	ERROR_INSUFFICIENT_LOGON_INFO                                             syscall.Errno = 608
+	ERROR_BAD_DLL_ENTRYPOINT                                                  syscall.Errno = 609
+	ERROR_BAD_SERVICE_ENTRYPOINT                                              syscall.Errno = 610
+	ERROR_IP_ADDRESS_CONFLICT1                                                syscall.Errno = 611
+	ERROR_IP_ADDRESS_CONFLICT2                                                syscall.Errno = 612
+	ERROR_REGISTRY_QUOTA_LIMIT                                                syscall.Errno = 613
+	ERROR_NO_CALLBACK_ACTIVE                                                  syscall.Errno = 614
+	ERROR_PWD_TOO_SHORT                                                       syscall.Errno = 615
+	ERROR_PWD_TOO_RECENT                                                      syscall.Errno = 616
+	ERROR_PWD_HISTORY_CONFLICT                                                syscall.Errno = 617
+	ERROR_UNSUPPORTED_COMPRESSION                                             syscall.Errno = 618
+	ERROR_INVALID_HW_PROFILE                                                  syscall.Errno = 619
+	ERROR_INVALID_PLUGPLAY_DEVICE_PATH                                        syscall.Errno = 620
+	ERROR_QUOTA_LIST_INCONSISTENT                                             syscall.Errno = 621
+	ERROR_EVALUATION_EXPIRATION                                               syscall.Errno = 622
+	ERROR_ILLEGAL_DLL_RELOCATION                                              syscall.Errno = 623
+	ERROR_DLL_INIT_FAILED_LOGOFF                                              syscall.Errno = 624
+	ERROR_VALIDATE_CONTINUE                                                   syscall.Errno = 625
+	ERROR_NO_MORE_MATCHES                                                     syscall.Errno = 626
+	ERROR_RANGE_LIST_CONFLICT                                                 syscall.Errno = 627
+	ERROR_SERVER_SID_MISMATCH                                                 syscall.Errno = 628
+	ERROR_CANT_ENABLE_DENY_ONLY                                               syscall.Errno = 629
+	ERROR_FLOAT_MULTIPLE_FAULTS                                               syscall.Errno = 630
+	ERROR_FLOAT_MULTIPLE_TRAPS                                                syscall.Errno = 631
+	ERROR_NOINTERFACE                                                         syscall.Errno = 632
+	ERROR_DRIVER_FAILED_SLEEP                                                 syscall.Errno = 633
+	ERROR_CORRUPT_SYSTEM_FILE                                                 syscall.Errno = 634
+	ERROR_COMMITMENT_MINIMUM                                                  syscall.Errno = 635
+	ERROR_PNP_RESTART_ENUMERATION                                             syscall.Errno = 636
+	ERROR_SYSTEM_IMAGE_BAD_SIGNATURE                                          syscall.Errno = 637
+	ERROR_PNP_REBOOT_REQUIRED                                                 syscall.Errno = 638
+	ERROR_INSUFFICIENT_POWER                                                  syscall.Errno = 639
+	ERROR_MULTIPLE_FAULT_VIOLATION                                            syscall.Errno = 640
+	ERROR_SYSTEM_SHUTDOWN                                                     syscall.Errno = 641
+	ERROR_PORT_NOT_SET                                                        syscall.Errno = 642
+	ERROR_DS_VERSION_CHECK_FAILURE                                            syscall.Errno = 643
+	ERROR_RANGE_NOT_FOUND                                                     syscall.Errno = 644
+	ERROR_NOT_SAFE_MODE_DRIVER                                                syscall.Errno = 646
+	ERROR_FAILED_DRIVER_ENTRY                                                 syscall.Errno = 647
+	ERROR_DEVICE_ENUMERATION_ERROR                                            syscall.Errno = 648
+	ERROR_MOUNT_POINT_NOT_RESOLVED                                            syscall.Errno = 649
+	ERROR_INVALID_DEVICE_OBJECT_PARAMETER                                     syscall.Errno = 650
+	ERROR_MCA_OCCURED                                                         syscall.Errno = 651
+	ERROR_DRIVER_DATABASE_ERROR                                               syscall.Errno = 652
+	ERROR_SYSTEM_HIVE_TOO_LARGE                                               syscall.Errno = 653
+	ERROR_DRIVER_FAILED_PRIOR_UNLOAD                                          syscall.Errno = 654
+	ERROR_VOLSNAP_PREPARE_HIBERNATE                                           syscall.Errno = 655
+	ERROR_HIBERNATION_FAILURE                                                 syscall.Errno = 656
+	ERROR_PWD_TOO_LONG                                                        syscall.Errno = 657
+	ERROR_FILE_SYSTEM_LIMITATION                                              syscall.Errno = 665
+	ERROR_ASSERTION_FAILURE                                                   syscall.Errno = 668
+	ERROR_ACPI_ERROR                                                          syscall.Errno = 669
+	ERROR_WOW_ASSERTION                                                       syscall.Errno = 670
+	ERROR_PNP_BAD_MPS_TABLE                                                   syscall.Errno = 671
+	ERROR_PNP_TRANSLATION_FAILED                                              syscall.Errno = 672
+	ERROR_PNP_IRQ_TRANSLATION_FAILED                                          syscall.Errno = 673
+	ERROR_PNP_INVALID_ID                                                      syscall.Errno = 674
+	ERROR_WAKE_SYSTEM_DEBUGGER                                                syscall.Errno = 675
+	ERROR_HANDLES_CLOSED                                                      syscall.Errno = 676
+	ERROR_EXTRANEOUS_INFORMATION                                              syscall.Errno = 677
+	ERROR_RXACT_COMMIT_NECESSARY                                              syscall.Errno = 678
+	ERROR_MEDIA_CHECK                                                         syscall.Errno = 679
+	ERROR_GUID_SUBSTITUTION_MADE                                              syscall.Errno = 680
+	ERROR_STOPPED_ON_SYMLINK                                                  syscall.Errno = 681
+	ERROR_LONGJUMP                                                            syscall.Errno = 682
+	ERROR_PLUGPLAY_QUERY_VETOED                                               syscall.Errno = 683
+	ERROR_UNWIND_CONSOLIDATE                                                  syscall.Errno = 684
+	ERROR_REGISTRY_HIVE_RECOVERED                                             syscall.Errno = 685
+	ERROR_DLL_MIGHT_BE_INSECURE                                               syscall.Errno = 686
+	ERROR_DLL_MIGHT_BE_INCOMPATIBLE                                           syscall.Errno = 687
+	ERROR_DBG_EXCEPTION_NOT_HANDLED                                           syscall.Errno = 688
+	ERROR_DBG_REPLY_LATER                                                     syscall.Errno = 689
+	ERROR_DBG_UNABLE_TO_PROVIDE_HANDLE                                        syscall.Errno = 690
+	ERROR_DBG_TERMINATE_THREAD                                                syscall.Errno = 691
+	ERROR_DBG_TERMINATE_PROCESS                                               syscall.Errno = 692
+	ERROR_DBG_CONTROL_C                                                       syscall.Errno = 693
+	ERROR_DBG_PRINTEXCEPTION_C                                                syscall.Errno = 694
+	ERROR_DBG_RIPEXCEPTION                                                    syscall.Errno = 695
+	ERROR_DBG_CONTROL_BREAK                                                   syscall.Errno = 696
+	ERROR_DBG_COMMAND_EXCEPTION                                               syscall.Errno = 697
+	ERROR_OBJECT_NAME_EXISTS                                                  syscall.Errno = 698
+	ERROR_THREAD_WAS_SUSPENDED                                                syscall.Errno = 699
+	ERROR_IMAGE_NOT_AT_BASE                                                   syscall.Errno = 700
+	ERROR_RXACT_STATE_CREATED                                                 syscall.Errno = 701
+	ERROR_SEGMENT_NOTIFICATION                                                syscall.Errno = 702
+	ERROR_BAD_CURRENT_DIRECTORY                                               syscall.Errno = 703
+	ERROR_FT_READ_RECOVERY_FROM_BACKUP                                        syscall.Errno = 704
+	ERROR_FT_WRITE_RECOVERY                                                   syscall.Errno = 705
+	ERROR_IMAGE_MACHINE_TYPE_MISMATCH                                         syscall.Errno = 706
+	ERROR_RECEIVE_PARTIAL                                                     syscall.Errno = 707
+	ERROR_RECEIVE_EXPEDITED                                                   syscall.Errno = 708
+	ERROR_RECEIVE_PARTIAL_EXPEDITED                                           syscall.Errno = 709
+	ERROR_EVENT_DONE                                                          syscall.Errno = 710
+	ERROR_EVENT_PENDING                                                       syscall.Errno = 711
+	ERROR_CHECKING_FILE_SYSTEM                                                syscall.Errno = 712
+	ERROR_FATAL_APP_EXIT                                                      syscall.Errno = 713
+	ERROR_PREDEFINED_HANDLE                                                   syscall.Errno = 714
+	ERROR_WAS_UNLOCKED                                                        syscall.Errno = 715
+	ERROR_SERVICE_NOTIFICATION                                                syscall.Errno = 716
+	ERROR_WAS_LOCKED                                                          syscall.Errno = 717
+	ERROR_LOG_HARD_ERROR                                                      syscall.Errno = 718
+	ERROR_ALREADY_WIN32                                                       syscall.Errno = 719
+	ERROR_IMAGE_MACHINE_TYPE_MISMATCH_EXE                                     syscall.Errno = 720
+	ERROR_NO_YIELD_PERFORMED                                                  syscall.Errno = 721
+	ERROR_TIMER_RESUME_IGNORED                                                syscall.Errno = 722
+	ERROR_ARBITRATION_UNHANDLED                                               syscall.Errno = 723
+	ERROR_CARDBUS_NOT_SUPPORTED                                               syscall.Errno = 724
+	ERROR_MP_PROCESSOR_MISMATCH                                               syscall.Errno = 725
+	ERROR_HIBERNATED                                                          syscall.Errno = 726
+	ERROR_RESUME_HIBERNATION                                                  syscall.Errno = 727
+	ERROR_FIRMWARE_UPDATED                                                    syscall.Errno = 728
+	ERROR_DRIVERS_LEAKING_LOCKED_PAGES                                        syscall.Errno = 729
+	ERROR_WAKE_SYSTEM                                                         syscall.Errno = 730
+	ERROR_WAIT_1                                                              syscall.Errno = 731
+	ERROR_WAIT_2                                                              syscall.Errno = 732
+	ERROR_WAIT_3                                                              syscall.Errno = 733
+	ERROR_WAIT_63                                                             syscall.Errno = 734
+	ERROR_ABANDONED_WAIT_0                                                    syscall.Errno = 735
+	ERROR_ABANDONED_WAIT_63                                                   syscall.Errno = 736
+	ERROR_USER_APC                                                            syscall.Errno = 737
+	ERROR_KERNEL_APC                                                          syscall.Errno = 738
+	ERROR_ALERTED                                                             syscall.Errno = 739
+	ERROR_ELEVATION_REQUIRED                                                  syscall.Errno = 740
+	ERROR_REPARSE                                                             syscall.Errno = 741
+	ERROR_OPLOCK_BREAK_IN_PROGRESS                                            syscall.Errno = 742
+	ERROR_VOLUME_MOUNTED                                                      syscall.Errno = 743
+	ERROR_RXACT_COMMITTED                                                     syscall.Errno = 744
+	ERROR_NOTIFY_CLEANUP                                                      syscall.Errno = 745
+	ERROR_PRIMARY_TRANSPORT_CONNECT_FAILED                                    syscall.Errno = 746
+	ERROR_PAGE_FAULT_TRANSITION                                               syscall.Errno = 747
+	ERROR_PAGE_FAULT_DEMAND_ZERO                                              syscall.Errno = 748
+	ERROR_PAGE_FAULT_COPY_ON_WRITE                                            syscall.Errno = 749
+	ERROR_PAGE_FAULT_GUARD_PAGE                                               syscall.Errno = 750
+	ERROR_PAGE_FAULT_PAGING_FILE                                              syscall.Errno = 751
+	ERROR_CACHE_PAGE_LOCKED                                                   syscall.Errno = 752
+	ERROR_CRASH_DUMP                                                          syscall.Errno = 753
+	ERROR_BUFFER_ALL_ZEROS                                                    syscall.Errno = 754
+	ERROR_REPARSE_OBJECT                                                      syscall.Errno = 755
+	ERROR_RESOURCE_REQUIREMENTS_CHANGED                                       syscall.Errno = 756
+	ERROR_TRANSLATION_COMPLETE                                                syscall.Errno = 757
+	ERROR_NOTHING_TO_TERMINATE                                                syscall.Errno = 758
+	ERROR_PROCESS_NOT_IN_JOB                                                  syscall.Errno = 759
+	ERROR_PROCESS_IN_JOB                                                      syscall.Errno = 760
+	ERROR_VOLSNAP_HIBERNATE_READY                                             syscall.Errno = 761
+	ERROR_FSFILTER_OP_COMPLETED_SUCCESSFULLY                                  syscall.Errno = 762
+	ERROR_INTERRUPT_VECTOR_ALREADY_CONNECTED                                  syscall.Errno = 763
+	ERROR_INTERRUPT_STILL_CONNECTED                                           syscall.Errno = 764
+	ERROR_WAIT_FOR_OPLOCK                                                     syscall.Errno = 765
+	ERROR_DBG_EXCEPTION_HANDLED                                               syscall.Errno = 766
+	ERROR_DBG_CONTINUE                                                        syscall.Errno = 767
+	ERROR_CALLBACK_POP_STACK                                                  syscall.Errno = 768
+	ERROR_COMPRESSION_DISABLED                                                syscall.Errno = 769
+	ERROR_CANTFETCHBACKWARDS                                                  syscall.Errno = 770
+	ERROR_CANTSCROLLBACKWARDS                                                 syscall.Errno = 771
+	ERROR_ROWSNOTRELEASED                                                     syscall.Errno = 772
+	ERROR_BAD_ACCESSOR_FLAGS                                                  syscall.Errno = 773
+	ERROR_ERRORS_ENCOUNTERED                                                  syscall.Errno = 774
+	ERROR_NOT_CAPABLE                                                         syscall.Errno = 775
+	ERROR_REQUEST_OUT_OF_SEQUENCE                                             syscall.Errno = 776
+	ERROR_VERSION_PARSE_ERROR                                                 syscall.Errno = 777
+	ERROR_BADSTARTPOSITION                                                    syscall.Errno = 778
+	ERROR_MEMORY_HARDWARE                                                     syscall.Errno = 779
+	ERROR_DISK_REPAIR_DISABLED                                                syscall.Errno = 780
+	ERROR_INSUFFICIENT_RESOURCE_FOR_SPECIFIED_SHARED_SECTION_SIZE             syscall.Errno = 781
+	ERROR_SYSTEM_POWERSTATE_TRANSITION                                        syscall.Errno = 782
+	ERROR_SYSTEM_POWERSTATE_COMPLEX_TRANSITION                                syscall.Errno = 783
+	ERROR_MCA_EXCEPTION                                                       syscall.Errno = 784
+	ERROR_ACCESS_AUDIT_BY_POLICY                                              syscall.Errno = 785
+	ERROR_ACCESS_DISABLED_NO_SAFER_UI_BY_POLICY                               syscall.Errno = 786
+	ERROR_ABANDON_HIBERFILE                                                   syscall.Errno = 787
+	ERROR_LOST_WRITEBEHIND_DATA_NETWORK_DISCONNECTED                          syscall.Errno = 788
+	ERROR_LOST_WRITEBEHIND_DATA_NETWORK_SERVER_ERROR                          syscall.Errno = 789
+	ERROR_LOST_WRITEBEHIND_DATA_LOCAL_DISK_ERROR                              syscall.Errno = 790
+	ERROR_BAD_MCFG_TABLE                                                      syscall.Errno = 791
+	ERROR_DISK_REPAIR_REDIRECTED                                              syscall.Errno = 792
+	ERROR_DISK_REPAIR_UNSUCCESSFUL                                            syscall.Errno = 793
+	ERROR_CORRUPT_LOG_OVERFULL                                                syscall.Errno = 794
+	ERROR_CORRUPT_LOG_CORRUPTED                                               syscall.Errno = 795
+	ERROR_CORRUPT_LOG_UNAVAILABLE                                             syscall.Errno = 796
+	ERROR_CORRUPT_LOG_DELETED_FULL                                            syscall.Errno = 797
+	ERROR_CORRUPT_LOG_CLEARED                                                 syscall.Errno = 798
+	ERROR_ORPHAN_NAME_EXHAUSTED                                               syscall.Errno = 799
+	ERROR_OPLOCK_SWITCHED_TO_NEW_HANDLE                                       syscall.Errno = 800
+	ERROR_CANNOT_GRANT_REQUESTED_OPLOCK                                       syscall.Errno = 801
+	ERROR_CANNOT_BREAK_OPLOCK                                                 syscall.Errno = 802
+	ERROR_OPLOCK_HANDLE_CLOSED                                                syscall.Errno = 803
+	ERROR_NO_ACE_CONDITION                                                    syscall.Errno = 804
+	ERROR_INVALID_ACE_CONDITION                                               syscall.Errno = 805
+	ERROR_FILE_HANDLE_REVOKED                                                 syscall.Errno = 806
+	ERROR_IMAGE_AT_DIFFERENT_BASE                                             syscall.Errno = 807
+	ERROR_ENCRYPTED_IO_NOT_POSSIBLE                                           syscall.Errno = 808
+	ERROR_FILE_METADATA_OPTIMIZATION_IN_PROGRESS                              syscall.Errno = 809
+	ERROR_QUOTA_ACTIVITY                                                      syscall.Errno = 810
+	ERROR_HANDLE_REVOKED                                                      syscall.Errno = 811
+	ERROR_CALLBACK_INVOKE_INLINE                                              syscall.Errno = 812
+	ERROR_CPU_SET_INVALID                                                     syscall.Errno = 813
+	ERROR_ENCLAVE_NOT_TERMINATED                                              syscall.Errno = 814
+	ERROR_ENCLAVE_VIOLATION                                                   syscall.Errno = 815
+	ERROR_EA_ACCESS_DENIED                                                    syscall.Errno = 994
+	ERROR_OPERATION_ABORTED                                                   syscall.Errno = 995
+	ERROR_IO_INCOMPLETE                                                       syscall.Errno = 996
+	ERROR_IO_PENDING                                                          syscall.Errno = 997
+	ERROR_NOACCESS                                                            syscall.Errno = 998
+	ERROR_SWAPERROR                                                           syscall.Errno = 999
+	ERROR_STACK_OVERFLOW                                                      syscall.Errno = 1001
+	ERROR_INVALID_MESSAGE                                                     syscall.Errno = 1002
+	ERROR_CAN_NOT_COMPLETE                                                    syscall.Errno = 1003
+	ERROR_INVALID_FLAGS                                                       syscall.Errno = 1004
+	ERROR_UNRECOGNIZED_VOLUME                                                 syscall.Errno = 1005
+	ERROR_FILE_INVALID                                                        syscall.Errno = 1006
+	ERROR_FULLSCREEN_MODE                                                     syscall.Errno = 1007
+	ERROR_NO_TOKEN                                                            syscall.Errno = 1008
+	ERROR_BADDB                                                               syscall.Errno = 1009
+	ERROR_BADKEY                                                              syscall.Errno = 1010
+	ERROR_CANTOPEN                                                            syscall.Errno = 1011
+	ERROR_CANTREAD                                                            syscall.Errno = 1012
+	ERROR_CANTWRITE                                                           syscall.Errno = 1013
+	ERROR_REGISTRY_RECOVERED                                                  syscall.Errno = 1014
+	ERROR_REGISTRY_CORRUPT                                                    syscall.Errno = 1015
+	ERROR_REGISTRY_IO_FAILED                                                  syscall.Errno = 1016
+	ERROR_NOT_REGISTRY_FILE                                                   syscall.Errno = 1017
+	ERROR_KEY_DELETED                                                         syscall.Errno = 1018
+	ERROR_NO_LOG_SPACE                                                        syscall.Errno = 1019
+	ERROR_KEY_HAS_CHILDREN                                                    syscall.Errno = 1020
+	ERROR_CHILD_MUST_BE_VOLATILE                                              syscall.Errno = 1021
+	ERROR_NOTIFY_ENUM_DIR                                                     syscall.Errno = 1022
+	ERROR_DEPENDENT_SERVICES_RUNNING                                          syscall.Errno = 1051
+	ERROR_INVALID_SERVICE_CONTROL                                             syscall.Errno = 1052
+	ERROR_SERVICE_REQUEST_TIMEOUT                                             syscall.Errno = 1053
+	ERROR_SERVICE_NO_THREAD                                                   syscall.Errno = 1054
+	ERROR_SERVICE_DATABASE_LOCKED                                             syscall.Errno = 1055
+	ERROR_SERVICE_ALREADY_RUNNING                                             syscall.Errno = 1056
+	ERROR_INVALID_SERVICE_ACCOUNT                                             syscall.Errno = 1057
+	ERROR_SERVICE_DISABLED                                                    syscall.Errno = 1058
+	ERROR_CIRCULAR_DEPENDENCY                                                 syscall.Errno = 1059
+	ERROR_SERVICE_DOES_NOT_EXIST                                              syscall.Errno = 1060
+	ERROR_SERVICE_CANNOT_ACCEPT_CTRL                                          syscall.Errno = 1061
+	ERROR_SERVICE_NOT_ACTIVE                                                  syscall.Errno = 1062
+	ERROR_FAILED_SERVICE_CONTROLLER_CONNECT                                   syscall.Errno = 1063
+	ERROR_EXCEPTION_IN_SERVICE                                                syscall.Errno = 1064
+	ERROR_DATABASE_DOES_NOT_EXIST                                             syscall.Errno = 1065
+	ERROR_SERVICE_SPECIFIC_ERROR                                              syscall.Errno = 1066
+	ERROR_PROCESS_ABORTED                                                     syscall.Errno = 1067
+	ERROR_SERVICE_DEPENDENCY_FAIL                                             syscall.Errno = 1068
+	ERROR_SERVICE_LOGON_FAILED                                                syscall.Errno = 1069
+	ERROR_SERVICE_START_HANG                                                  syscall.Errno = 1070
+	ERROR_INVALID_SERVICE_LOCK                                                syscall.Errno = 1071
+	ERROR_SERVICE_MARKED_FOR_DELETE                                           syscall.Errno = 1072
+	ERROR_SERVICE_EXISTS                                                      syscall.Errno = 1073
+	ERROR_ALREADY_RUNNING_LKG                                                 syscall.Errno = 1074
+	ERROR_SERVICE_DEPENDENCY_DELETED                                          syscall.Errno = 1075
+	ERROR_BOOT_ALREADY_ACCEPTED                                               syscall.Errno = 1076
+	ERROR_SERVICE_NEVER_STARTED                                               syscall.Errno = 1077
+	ERROR_DUPLICATE_SERVICE_NAME                                              syscall.Errno = 1078
+	ERROR_DIFFERENT_SERVICE_ACCOUNT                                           syscall.Errno = 1079
+	ERROR_CANNOT_DETECT_DRIVER_FAILURE                                        syscall.Errno = 1080
+	ERROR_CANNOT_DETECT_PROCESS_ABORT                                         syscall.Errno = 1081
+	ERROR_NO_RECOVERY_PROGRAM                                                 syscall.Errno = 1082
+	ERROR_SERVICE_NOT_IN_EXE                                                  syscall.Errno = 1083
+	ERROR_NOT_SAFEBOOT_SERVICE                                                syscall.Errno = 1084
+	ERROR_END_OF_MEDIA                                                        syscall.Errno = 1100
+	ERROR_FILEMARK_DETECTED                                                   syscall.Errno = 1101
+	ERROR_BEGINNING_OF_MEDIA                                                  syscall.Errno = 1102
+	ERROR_SETMARK_DETECTED                                                    syscall.Errno = 1103
+	ERROR_NO_DATA_DETECTED                                                    syscall.Errno = 1104
+	ERROR_PARTITION_FAILURE                                                   syscall.Errno = 1105
+	ERROR_INVALID_BLOCK_LENGTH                                                syscall.Errno = 1106
+	ERROR_DEVICE_NOT_PARTITIONED                                              syscall.Errno = 1107
+	ERROR_UNABLE_TO_LOCK_MEDIA                                                syscall.Errno = 1108
+	ERROR_UNABLE_TO_UNLOAD_MEDIA                                              syscall.Errno = 1109
+	ERROR_MEDIA_CHANGED                                                       syscall.Errno = 1110
+	ERROR_BUS_RESET                                                           syscall.Errno = 1111
+	ERROR_NO_MEDIA_IN_DRIVE                                                   syscall.Errno = 1112
+	ERROR_NO_UNICODE_TRANSLATION                                              syscall.Errno = 1113
+	ERROR_DLL_INIT_FAILED                                                     syscall.Errno = 1114
+	ERROR_SHUTDOWN_IN_PROGRESS                                                syscall.Errno = 1115
+	ERROR_NO_SHUTDOWN_IN_PROGRESS                                             syscall.Errno = 1116
+	ERROR_IO_DEVICE                                                           syscall.Errno = 1117
+	ERROR_SERIAL_NO_DEVICE                                                    syscall.Errno = 1118
+	ERROR_IRQ_BUSY                                                            syscall.Errno = 1119
+	ERROR_MORE_WRITES                                                         syscall.Errno = 1120
+	ERROR_COUNTER_TIMEOUT                                                     syscall.Errno = 1121
+	ERROR_FLOPPY_ID_MARK_NOT_FOUND                                            syscall.Errno = 1122
+	ERROR_FLOPPY_WRONG_CYLINDER                                               syscall.Errno = 1123
+	ERROR_FLOPPY_UNKNOWN_ERROR                                                syscall.Errno = 1124
+	ERROR_FLOPPY_BAD_REGISTERS                                                syscall.Errno = 1125
+	ERROR_DISK_RECALIBRATE_FAILED                                             syscall.Errno = 1126
+	ERROR_DISK_OPERATION_FAILED                                               syscall.Errno = 1127
+	ERROR_DISK_RESET_FAILED                                                   syscall.Errno = 1128
+	ERROR_EOM_OVERFLOW                                                        syscall.Errno = 1129
+	ERROR_NOT_ENOUGH_SERVER_MEMORY                                            syscall.Errno = 1130
+	ERROR_POSSIBLE_DEADLOCK                                                   syscall.Errno = 1131
+	ERROR_MAPPED_ALIGNMENT                                                    syscall.Errno = 1132
+	ERROR_SET_POWER_STATE_VETOED                                              syscall.Errno = 1140
+	ERROR_SET_POWER_STATE_FAILED                                              syscall.Errno = 1141
+	ERROR_TOO_MANY_LINKS                                                      syscall.Errno = 1142
+	ERROR_OLD_WIN_VERSION                                                     syscall.Errno = 1150
+	ERROR_APP_WRONG_OS                                                        syscall.Errno = 1151
+	ERROR_SINGLE_INSTANCE_APP                                                 syscall.Errno = 1152
+	ERROR_RMODE_APP                                                           syscall.Errno = 1153
+	ERROR_INVALID_DLL                                                         syscall.Errno = 1154
+	ERROR_NO_ASSOCIATION                                                      syscall.Errno = 1155
+	ERROR_DDE_FAIL                                                            syscall.Errno = 1156
+	ERROR_DLL_NOT_FOUND                                                       syscall.Errno = 1157
+	ERROR_NO_MORE_USER_HANDLES                                                syscall.Errno = 1158
+	ERROR_MESSAGE_SYNC_ONLY                                                   syscall.Errno = 1159
+	ERROR_SOURCE_ELEMENT_EMPTY                                                syscall.Errno = 1160
+	ERROR_DESTINATION_ELEMENT_FULL                                            syscall.Errno = 1161
+	ERROR_ILLEGAL_ELEMENT_ADDRESS                                             syscall.Errno = 1162
+	ERROR_MAGAZINE_NOT_PRESENT                                                syscall.Errno = 1163
+	ERROR_DEVICE_REINITIALIZATION_NEEDED                                      syscall.Errno = 1164
+	ERROR_DEVICE_REQUIRES_CLEANING                                            syscall.Errno = 1165
+	ERROR_DEVICE_DOOR_OPEN                                                    syscall.Errno = 1166
+	ERROR_DEVICE_NOT_CONNECTED                                                syscall.Errno = 1167
+	ERROR_NOT_FOUND                                                           syscall.Errno = 1168
+	ERROR_NO_MATCH                                                            syscall.Errno = 1169
+	ERROR_SET_NOT_FOUND                                                       syscall.Errno = 1170
+	ERROR_POINT_NOT_FOUND                                                     syscall.Errno = 1171
+	ERROR_NO_TRACKING_SERVICE                                                 syscall.Errno = 1172
+	ERROR_NO_VOLUME_ID                                                        syscall.Errno = 1173
+	ERROR_UNABLE_TO_REMOVE_REPLACED                                           syscall.Errno = 1175
+	ERROR_UNABLE_TO_MOVE_REPLACEMENT                                          syscall.Errno = 1176
+	ERROR_UNABLE_TO_MOVE_REPLACEMENT_2                                        syscall.Errno = 1177
+	ERROR_JOURNAL_DELETE_IN_PROGRESS                                          syscall.Errno = 1178
+	ERROR_JOURNAL_NOT_ACTIVE                                                  syscall.Errno = 1179
+	ERROR_POTENTIAL_FILE_FOUND                                                syscall.Errno = 1180
+	ERROR_JOURNAL_ENTRY_DELETED                                               syscall.Errno = 1181
+	ERROR_SHUTDOWN_IS_SCHEDULED                                               syscall.Errno = 1190
+	ERROR_SHUTDOWN_USERS_LOGGED_ON                                            syscall.Errno = 1191
+	ERROR_BAD_DEVICE                                                          syscall.Errno = 1200
+	ERROR_CONNECTION_UNAVAIL                                                  syscall.Errno = 1201
+	ERROR_DEVICE_ALREADY_REMEMBERED                                           syscall.Errno = 1202
+	ERROR_NO_NET_OR_BAD_PATH                                                  syscall.Errno = 1203
+	ERROR_BAD_PROVIDER                                                        syscall.Errno = 1204
+	ERROR_CANNOT_OPEN_PROFILE                                                 syscall.Errno = 1205
+	ERROR_BAD_PROFILE                                                         syscall.Errno = 1206
+	ERROR_NOT_CONTAINER                                                       syscall.Errno = 1207
+	ERROR_EXTENDED_ERROR                                                      syscall.Errno = 1208
+	ERROR_INVALID_GROUPNAME                                                   syscall.Errno = 1209
+	ERROR_INVALID_COMPUTERNAME                                                syscall.Errno = 1210
+	ERROR_INVALID_EVENTNAME                                                   syscall.Errno = 1211
+	ERROR_INVALID_DOMAINNAME                                                  syscall.Errno = 1212
+	ERROR_INVALID_SERVICENAME                                                 syscall.Errno = 1213
+	ERROR_INVALID_NETNAME                                                     syscall.Errno = 1214
+	ERROR_INVALID_SHARENAME                                                   syscall.Errno = 1215
+	ERROR_INVALID_PASSWORDNAME                                                syscall.Errno = 1216
+	ERROR_INVALID_MESSAGENAME                                                 syscall.Errno = 1217
+	ERROR_INVALID_MESSAGEDEST                                                 syscall.Errno = 1218
+	ERROR_SESSION_CREDENTIAL_CONFLICT                                         syscall.Errno = 1219
+	ERROR_REMOTE_SESSION_LIMIT_EXCEEDED                                       syscall.Errno = 1220
+	ERROR_DUP_DOMAINNAME                                                      syscall.Errno = 1221
+	ERROR_NO_NETWORK                                                          syscall.Errno = 1222
+	ERROR_CANCELLED                                                           syscall.Errno = 1223
+	ERROR_USER_MAPPED_FILE                                                    syscall.Errno = 1224
+	ERROR_CONNECTION_REFUSED                                                  syscall.Errno = 1225
+	ERROR_GRACEFUL_DISCONNECT                                                 syscall.Errno = 1226
+	ERROR_ADDRESS_ALREADY_ASSOCIATED                                          syscall.Errno = 1227
+	ERROR_ADDRESS_NOT_ASSOCIATED                                              syscall.Errno = 1228
+	ERROR_CONNECTION_INVALID                                                  syscall.Errno = 1229
+	ERROR_CONNECTION_ACTIVE                                                   syscall.Errno = 1230
+	ERROR_NETWORK_UNREACHABLE                                                 syscall.Errno = 1231
+	ERROR_HOST_UNREACHABLE                                                    syscall.Errno = 1232
+	ERROR_PROTOCOL_UNREACHABLE                                                syscall.Errno = 1233
+	ERROR_PORT_UNREACHABLE                                                    syscall.Errno = 1234
+	ERROR_REQUEST_ABORTED                                                     syscall.Errno = 1235
+	ERROR_CONNECTION_ABORTED                                                  syscall.Errno = 1236
+	ERROR_RETRY                                                               syscall.Errno = 1237
+	ERROR_CONNECTION_COUNT_LIMIT                                              syscall.Errno = 1238
+	ERROR_LOGIN_TIME_RESTRICTION                                              syscall.Errno = 1239
+	ERROR_LOGIN_WKSTA_RESTRICTION                                             syscall.Errno = 1240
+	ERROR_INCORRECT_ADDRESS                                                   syscall.Errno = 1241
+	ERROR_ALREADY_REGISTERED                                                  syscall.Errno = 1242
+	ERROR_SERVICE_NOT_FOUND                                                   syscall.Errno = 1243
+	ERROR_NOT_AUTHENTICATED                                                   syscall.Errno = 1244
+	ERROR_NOT_LOGGED_ON                                                       syscall.Errno = 1245
+	ERROR_CONTINUE                                                            syscall.Errno = 1246
+	ERROR_ALREADY_INITIALIZED                                                 syscall.Errno = 1247
+	ERROR_NO_MORE_DEVICES                                                     syscall.Errno = 1248
+	ERROR_NO_SUCH_SITE                                                        syscall.Errno = 1249
+	ERROR_DOMAIN_CONTROLLER_EXISTS                                            syscall.Errno = 1250
+	ERROR_ONLY_IF_CONNECTED                                                   syscall.Errno = 1251
+	ERROR_OVERRIDE_NOCHANGES                                                  syscall.Errno = 1252
+	ERROR_BAD_USER_PROFILE                                                    syscall.Errno = 1253
+	ERROR_NOT_SUPPORTED_ON_SBS                                                syscall.Errno = 1254
+	ERROR_SERVER_SHUTDOWN_IN_PROGRESS                                         syscall.Errno = 1255
+	ERROR_HOST_DOWN                                                           syscall.Errno = 1256
+	ERROR_NON_ACCOUNT_SID                                                     syscall.Errno = 1257
+	ERROR_NON_DOMAIN_SID                                                      syscall.Errno = 1258
+	ERROR_APPHELP_BLOCK                                                       syscall.Errno = 1259
+	ERROR_ACCESS_DISABLED_BY_POLICY                                           syscall.Errno = 1260
+	ERROR_REG_NAT_CONSUMPTION                                                 syscall.Errno = 1261
+	ERROR_CSCSHARE_OFFLINE                                                    syscall.Errno = 1262
+	ERROR_PKINIT_FAILURE                                                      syscall.Errno = 1263
+	ERROR_SMARTCARD_SUBSYSTEM_FAILURE                                         syscall.Errno = 1264
+	ERROR_DOWNGRADE_DETECTED                                                  syscall.Errno = 1265
+	ERROR_MACHINE_LOCKED                                                      syscall.Errno = 1271
+	ERROR_SMB_GUEST_LOGON_BLOCKED                                             syscall.Errno = 1272
+	ERROR_CALLBACK_SUPPLIED_INVALID_DATA                                      syscall.Errno = 1273
+	ERROR_SYNC_FOREGROUND_REFRESH_REQUIRED                                    syscall.Errno = 1274
+	ERROR_DRIVER_BLOCKED                                                      syscall.Errno = 1275
+	ERROR_INVALID_IMPORT_OF_NON_DLL                                           syscall.Errno = 1276
+	ERROR_ACCESS_DISABLED_WEBBLADE                                            syscall.Errno = 1277
+	ERROR_ACCESS_DISABLED_WEBBLADE_TAMPER                                     syscall.Errno = 1278
+	ERROR_RECOVERY_FAILURE                                                    syscall.Errno = 1279
+	ERROR_ALREADY_FIBER                                                       syscall.Errno = 1280
+	ERROR_ALREADY_THREAD                                                      syscall.Errno = 1281
+	ERROR_STACK_BUFFER_OVERRUN                                                syscall.Errno = 1282
+	ERROR_PARAMETER_QUOTA_EXCEEDED                                            syscall.Errno = 1283
+	ERROR_DEBUGGER_INACTIVE                                                   syscall.Errno = 1284
+	ERROR_DELAY_LOAD_FAILED                                                   syscall.Errno = 1285
+	ERROR_VDM_DISALLOWED                                                      syscall.Errno = 1286
+	ERROR_UNIDENTIFIED_ERROR                                                  syscall.Errno = 1287
+	ERROR_INVALID_CRUNTIME_PARAMETER                                          syscall.Errno = 1288
+	ERROR_BEYOND_VDL                                                          syscall.Errno = 1289
+	ERROR_INCOMPATIBLE_SERVICE_SID_TYPE                                       syscall.Errno = 1290
+	ERROR_DRIVER_PROCESS_TERMINATED                                           syscall.Errno = 1291
+	ERROR_IMPLEMENTATION_LIMIT                                                syscall.Errno = 1292
+	ERROR_PROCESS_IS_PROTECTED                                                syscall.Errno = 1293
+	ERROR_SERVICE_NOTIFY_CLIENT_LAGGING                                       syscall.Errno = 1294
+	ERROR_DISK_QUOTA_EXCEEDED                                                 syscall.Errno = 1295
+	ERROR_CONTENT_BLOCKED                                                     syscall.Errno = 1296
+	ERROR_INCOMPATIBLE_SERVICE_PRIVILEGE                                      syscall.Errno = 1297
+	ERROR_APP_HANG                                                            syscall.Errno = 1298
+	ERROR_INVALID_LABEL                                                       syscall.Errno = 1299
+	ERROR_NOT_ALL_ASSIGNED                                                    syscall.Errno = 1300
+	ERROR_SOME_NOT_MAPPED                                                     syscall.Errno = 1301
+	ERROR_NO_QUOTAS_FOR_ACCOUNT                                               syscall.Errno = 1302
+	ERROR_LOCAL_USER_SESSION_KEY                                              syscall.Errno = 1303
+	ERROR_NULL_LM_PASSWORD                                                    syscall.Errno = 1304
+	ERROR_UNKNOWN_REVISION                                                    syscall.Errno = 1305
+	ERROR_REVISION_MISMATCH                                                   syscall.Errno = 1306
+	ERROR_INVALID_OWNER                                                       syscall.Errno = 1307
+	ERROR_INVALID_PRIMARY_GROUP                                               syscall.Errno = 1308
+	ERROR_NO_IMPERSONATION_TOKEN                                              syscall.Errno = 1309
+	ERROR_CANT_DISABLE_MANDATORY                                              syscall.Errno = 1310
+	ERROR_NO_LOGON_SERVERS                                                    syscall.Errno = 1311
+	ERROR_NO_SUCH_LOGON_SESSION                                               syscall.Errno = 1312
+	ERROR_NO_SUCH_PRIVILEGE                                                   syscall.Errno = 1313
+	ERROR_PRIVILEGE_NOT_HELD                                                  syscall.Errno = 1314
+	ERROR_INVALID_ACCOUNT_NAME                                                syscall.Errno = 1315
+	ERROR_USER_EXISTS                                                         syscall.Errno = 1316
+	ERROR_NO_SUCH_USER                                                        syscall.Errno = 1317
+	ERROR_GROUP_EXISTS                                                        syscall.Errno = 1318
+	ERROR_NO_SUCH_GROUP                                                       syscall.Errno = 1319
+	ERROR_MEMBER_IN_GROUP                                                     syscall.Errno = 1320
+	ERROR_MEMBER_NOT_IN_GROUP                                                 syscall.Errno = 1321
+	ERROR_LAST_ADMIN                                                          syscall.Errno = 1322
+	ERROR_WRONG_PASSWORD                                                      syscall.Errno = 1323
+	ERROR_ILL_FORMED_PASSWORD                                                 syscall.Errno = 1324
+	ERROR_PASSWORD_RESTRICTION                                                syscall.Errno = 1325
+	ERROR_LOGON_FAILURE                                                       syscall.Errno = 1326
+	ERROR_ACCOUNT_RESTRICTION                                                 syscall.Errno = 1327
+	ERROR_INVALID_LOGON_HOURS                                                 syscall.Errno = 1328
+	ERROR_INVALID_WORKSTATION                                                 syscall.Errno = 1329
+	ERROR_PASSWORD_EXPIRED                                                    syscall.Errno = 1330
+	ERROR_ACCOUNT_DISABLED                                                    syscall.Errno = 1331
+	ERROR_NONE_MAPPED                                                         syscall.Errno = 1332
+	ERROR_TOO_MANY_LUIDS_REQUESTED                                            syscall.Errno = 1333
+	ERROR_LUIDS_EXHAUSTED                                                     syscall.Errno = 1334
+	ERROR_INVALID_SUB_AUTHORITY                                               syscall.Errno = 1335
+	ERROR_INVALID_ACL                                                         syscall.Errno = 1336
+	ERROR_INVALID_SID                                                         syscall.Errno = 1337
+	ERROR_INVALID_SECURITY_DESCR                                              syscall.Errno = 1338
+	ERROR_BAD_INHERITANCE_ACL                                                 syscall.Errno = 1340
+	ERROR_SERVER_DISABLED                                                     syscall.Errno = 1341
+	ERROR_SERVER_NOT_DISABLED                                                 syscall.Errno = 1342
+	ERROR_INVALID_ID_AUTHORITY                                                syscall.Errno = 1343
+	ERROR_ALLOTTED_SPACE_EXCEEDED                                             syscall.Errno = 1344
+	ERROR_INVALID_GROUP_ATTRIBUTES                                            syscall.Errno = 1345
+	ERROR_BAD_IMPERSONATION_LEVEL                                             syscall.Errno = 1346
+	ERROR_CANT_OPEN_ANONYMOUS                                                 syscall.Errno = 1347
+	ERROR_BAD_VALIDATION_CLASS                                                syscall.Errno = 1348
+	ERROR_BAD_TOKEN_TYPE                                                      syscall.Errno = 1349
+	ERROR_NO_SECURITY_ON_OBJECT                                               syscall.Errno = 1350
+	ERROR_CANT_ACCESS_DOMAIN_INFO                                             syscall.Errno = 1351
+	ERROR_INVALID_SERVER_STATE                                                syscall.Errno = 1352
+	ERROR_INVALID_DOMAIN_STATE                                                syscall.Errno = 1353
+	ERROR_INVALID_DOMAIN_ROLE                                                 syscall.Errno = 1354
+	ERROR_NO_SUCH_DOMAIN                                                      syscall.Errno = 1355
+	ERROR_DOMAIN_EXISTS                                                       syscall.Errno = 1356
+	ERROR_DOMAIN_LIMIT_EXCEEDED                                               syscall.Errno = 1357
+	ERROR_INTERNAL_DB_CORRUPTION                                              syscall.Errno = 1358
+	ERROR_INTERNAL_ERROR                                                      syscall.Errno = 1359
+	ERROR_GENERIC_NOT_MAPPED                                                  syscall.Errno = 1360
+	ERROR_BAD_DESCRIPTOR_FORMAT                                               syscall.Errno = 1361
+	ERROR_NOT_LOGON_PROCESS                                                   syscall.Errno = 1362
+	ERROR_LOGON_SESSION_EXISTS                                                syscall.Errno = 1363
+	ERROR_NO_SUCH_PACKAGE                                                     syscall.Errno = 1364
+	ERROR_BAD_LOGON_SESSION_STATE                                             syscall.Errno = 1365
+	ERROR_LOGON_SESSION_COLLISION                                             syscall.Errno = 1366
+	ERROR_INVALID_LOGON_TYPE                                                  syscall.Errno = 1367
+	ERROR_CANNOT_IMPERSONATE                                                  syscall.Errno = 1368
+	ERROR_RXACT_INVALID_STATE                                                 syscall.Errno = 1369
+	ERROR_RXACT_COMMIT_FAILURE                                                syscall.Errno = 1370
+	ERROR_SPECIAL_ACCOUNT                                                     syscall.Errno = 1371
+	ERROR_SPECIAL_GROUP                                                       syscall.Errno = 1372
+	ERROR_SPECIAL_USER                                                        syscall.Errno = 1373
+	ERROR_MEMBERS_PRIMARY_GROUP                                               syscall.Errno = 1374
+	ERROR_TOKEN_ALREADY_IN_USE                                                syscall.Errno = 1375
+	ERROR_NO_SUCH_ALIAS                                                       syscall.Errno = 1376
+	ERROR_MEMBER_NOT_IN_ALIAS                                                 syscall.Errno = 1377
+	ERROR_MEMBER_IN_ALIAS                                                     syscall.Errno = 1378
+	ERROR_ALIAS_EXISTS                                                        syscall.Errno = 1379
+	ERROR_LOGON_NOT_GRANTED                                                   syscall.Errno = 1380
+	ERROR_TOO_MANY_SECRETS                                                    syscall.Errno = 1381
+	ERROR_SECRET_TOO_LONG                                                     syscall.Errno = 1382
+	ERROR_INTERNAL_DB_ERROR                                                   syscall.Errno = 1383
+	ERROR_TOO_MANY_CONTEXT_IDS                                                syscall.Errno = 1384
+	ERROR_LOGON_TYPE_NOT_GRANTED                                              syscall.Errno = 1385
+	ERROR_NT_CROSS_ENCRYPTION_REQUIRED                                        syscall.Errno = 1386
+	ERROR_NO_SUCH_MEMBER                                                      syscall.Errno = 1387
+	ERROR_INVALID_MEMBER                                                      syscall.Errno = 1388
+	ERROR_TOO_MANY_SIDS                                                       syscall.Errno = 1389
+	ERROR_LM_CROSS_ENCRYPTION_REQUIRED                                        syscall.Errno = 1390
+	ERROR_NO_INHERITANCE                                                      syscall.Errno = 1391
+	ERROR_FILE_CORRUPT                                                        syscall.Errno = 1392
+	ERROR_DISK_CORRUPT                                                        syscall.Errno = 1393
+	ERROR_NO_USER_SESSION_KEY                                                 syscall.Errno = 1394
+	ERROR_LICENSE_QUOTA_EXCEEDED                                              syscall.Errno = 1395
+	ERROR_WRONG_TARGET_NAME                                                   syscall.Errno = 1396
+	ERROR_MUTUAL_AUTH_FAILED                                                  syscall.Errno = 1397
+	ERROR_TIME_SKEW                                                           syscall.Errno = 1398
+	ERROR_CURRENT_DOMAIN_NOT_ALLOWED                                          syscall.Errno = 1399
+	ERROR_INVALID_WINDOW_HANDLE                                               syscall.Errno = 1400
+	ERROR_INVALID_MENU_HANDLE                                                 syscall.Errno = 1401
+	ERROR_INVALID_CURSOR_HANDLE                                               syscall.Errno = 1402
+	ERROR_INVALID_ACCEL_HANDLE                                                syscall.Errno = 1403
+	ERROR_INVALID_HOOK_HANDLE                                                 syscall.Errno = 1404
+	ERROR_INVALID_DWP_HANDLE                                                  syscall.Errno = 1405
+	ERROR_TLW_WITH_WSCHILD                                                    syscall.Errno = 1406
+	ERROR_CANNOT_FIND_WND_CLASS                                               syscall.Errno = 1407
+	ERROR_WINDOW_OF_OTHER_THREAD                                              syscall.Errno = 1408
+	ERROR_HOTKEY_ALREADY_REGISTERED                                           syscall.Errno = 1409
+	ERROR_CLASS_ALREADY_EXISTS                                                syscall.Errno = 1410
+	ERROR_CLASS_DOES_NOT_EXIST                                                syscall.Errno = 1411
+	ERROR_CLASS_HAS_WINDOWS                                                   syscall.Errno = 1412
+	ERROR_INVALID_INDEX                                                       syscall.Errno = 1413
+	ERROR_INVALID_ICON_HANDLE                                                 syscall.Errno = 1414
+	ERROR_PRIVATE_DIALOG_INDEX                                                syscall.Errno = 1415
+	ERROR_LISTBOX_ID_NOT_FOUND                                                syscall.Errno = 1416
+	ERROR_NO_WILDCARD_CHARACTERS                                              syscall.Errno = 1417
+	ERROR_CLIPBOARD_NOT_OPEN                                                  syscall.Errno = 1418
+	ERROR_HOTKEY_NOT_REGISTERED                                               syscall.Errno = 1419
+	ERROR_WINDOW_NOT_DIALOG                                                   syscall.Errno = 1420
+	ERROR_CONTROL_ID_NOT_FOUND                                                syscall.Errno = 1421
+	ERROR_INVALID_COMBOBOX_MESSAGE                                            syscall.Errno = 1422
+	ERROR_WINDOW_NOT_COMBOBOX                                                 syscall.Errno = 1423
+	ERROR_INVALID_EDIT_HEIGHT                                                 syscall.Errno = 1424
+	ERROR_DC_NOT_FOUND                                                        syscall.Errno = 1425
+	ERROR_INVALID_HOOK_FILTER                                                 syscall.Errno = 1426
+	ERROR_INVALID_FILTER_PROC                                                 syscall.Errno = 1427
+	ERROR_HOOK_NEEDS_HMOD                                                     syscall.Errno = 1428
+	ERROR_GLOBAL_ONLY_HOOK                                                    syscall.Errno = 1429
+	ERROR_JOURNAL_HOOK_SET                                                    syscall.Errno = 1430
+	ERROR_HOOK_NOT_INSTALLED                                                  syscall.Errno = 1431
+	ERROR_INVALID_LB_MESSAGE                                                  syscall.Errno = 1432
+	ERROR_SETCOUNT_ON_BAD_LB                                                  syscall.Errno = 1433
+	ERROR_LB_WITHOUT_TABSTOPS                                                 syscall.Errno = 1434
+	ERROR_DESTROY_OBJECT_OF_OTHER_THREAD                                      syscall.Errno = 1435
+	ERROR_CHILD_WINDOW_MENU                                                   syscall.Errno = 1436
+	ERROR_NO_SYSTEM_MENU                                                      syscall.Errno = 1437
+	ERROR_INVALID_MSGBOX_STYLE                                                syscall.Errno = 1438
+	ERROR_INVALID_SPI_VALUE                                                   syscall.Errno = 1439
+	ERROR_SCREEN_ALREADY_LOCKED                                               syscall.Errno = 1440
+	ERROR_HWNDS_HAVE_DIFF_PARENT                                              syscall.Errno = 1441
+	ERROR_NOT_CHILD_WINDOW                                                    syscall.Errno = 1442
+	ERROR_INVALID_GW_COMMAND                                                  syscall.Errno = 1443
+	ERROR_INVALID_THREAD_ID                                                   syscall.Errno = 1444
+	ERROR_NON_MDICHILD_WINDOW                                                 syscall.Errno = 1445
+	ERROR_POPUP_ALREADY_ACTIVE                                                syscall.Errno = 1446
+	ERROR_NO_SCROLLBARS                                                       syscall.Errno = 1447
+	ERROR_INVALID_SCROLLBAR_RANGE                                             syscall.Errno = 1448
+	ERROR_INVALID_SHOWWIN_COMMAND                                             syscall.Errno = 1449
+	ERROR_NO_SYSTEM_RESOURCES                                                 syscall.Errno = 1450
+	ERROR_NONPAGED_SYSTEM_RESOURCES                                           syscall.Errno = 1451
+	ERROR_PAGED_SYSTEM_RESOURCES                                              syscall.Errno = 1452
+	ERROR_WORKING_SET_QUOTA                                                   syscall.Errno = 1453
+	ERROR_PAGEFILE_QUOTA                                                      syscall.Errno = 1454
+	ERROR_COMMITMENT_LIMIT                                                    syscall.Errno = 1455
+	ERROR_MENU_ITEM_NOT_FOUND                                                 syscall.Errno = 1456
+	ERROR_INVALID_KEYBOARD_HANDLE                                             syscall.Errno = 1457
+	ERROR_HOOK_TYPE_NOT_ALLOWED                                               syscall.Errno = 1458
+	ERROR_REQUIRES_INTERACTIVE_WINDOWSTATION                                  syscall.Errno = 1459
+	ERROR_TIMEOUT                                                             syscall.Errno = 1460
+	ERROR_INVALID_MONITOR_HANDLE                                              syscall.Errno = 1461
+	ERROR_INCORRECT_SIZE                                                      syscall.Errno = 1462
+	ERROR_SYMLINK_CLASS_DISABLED                                              syscall.Errno = 1463
+	ERROR_SYMLINK_NOT_SUPPORTED                                               syscall.Errno = 1464
+	ERROR_XML_PARSE_ERROR                                                     syscall.Errno = 1465
+	ERROR_XMLDSIG_ERROR                                                       syscall.Errno = 1466
+	ERROR_RESTART_APPLICATION                                                 syscall.Errno = 1467
+	ERROR_WRONG_COMPARTMENT                                                   syscall.Errno = 1468
+	ERROR_AUTHIP_FAILURE                                                      syscall.Errno = 1469
+	ERROR_NO_NVRAM_RESOURCES                                                  syscall.Errno = 1470
+	ERROR_NOT_GUI_PROCESS                                                     syscall.Errno = 1471
+	ERROR_EVENTLOG_FILE_CORRUPT                                               syscall.Errno = 1500
+	ERROR_EVENTLOG_CANT_START                                                 syscall.Errno = 1501
+	ERROR_LOG_FILE_FULL                                                       syscall.Errno = 1502
+	ERROR_EVENTLOG_FILE_CHANGED                                               syscall.Errno = 1503
+	ERROR_CONTAINER_ASSIGNED                                                  syscall.Errno = 1504
+	ERROR_JOB_NO_CONTAINER                                                    syscall.Errno = 1505
+	ERROR_INVALID_TASK_NAME                                                   syscall.Errno = 1550
+	ERROR_INVALID_TASK_INDEX                                                  syscall.Errno = 1551
+	ERROR_THREAD_ALREADY_IN_TASK                                              syscall.Errno = 1552
+	ERROR_INSTALL_SERVICE_FAILURE                                             syscall.Errno = 1601
+	ERROR_INSTALL_USEREXIT                                                    syscall.Errno = 1602
+	ERROR_INSTALL_FAILURE                                                     syscall.Errno = 1603
+	ERROR_INSTALL_SUSPEND                                                     syscall.Errno = 1604
+	ERROR_UNKNOWN_PRODUCT                                                     syscall.Errno = 1605
+	ERROR_UNKNOWN_FEATURE                                                     syscall.Errno = 1606
+	ERROR_UNKNOWN_COMPONENT                                                   syscall.Errno = 1607
+	ERROR_UNKNOWN_PROPERTY                                                    syscall.Errno = 1608
+	ERROR_INVALID_HANDLE_STATE                                                syscall.Errno = 1609
+	ERROR_BAD_CONFIGURATION                                                   syscall.Errno = 1610
+	ERROR_INDEX_ABSENT                                                        syscall.Errno = 1611
+	ERROR_INSTALL_SOURCE_ABSENT                                               syscall.Errno = 1612
+	ERROR_INSTALL_PACKAGE_VERSION                                             syscall.Errno = 1613
+	ERROR_PRODUCT_UNINSTALLED                                                 syscall.Errno = 1614
+	ERROR_BAD_QUERY_SYNTAX                                                    syscall.Errno = 1615
+	ERROR_INVALID_FIELD                                                       syscall.Errno = 1616
+	ERROR_DEVICE_REMOVED                                                      syscall.Errno = 1617
+	ERROR_INSTALL_ALREADY_RUNNING                                             syscall.Errno = 1618
+	ERROR_INSTALL_PACKAGE_OPEN_FAILED                                         syscall.Errno = 1619
+	ERROR_INSTALL_PACKAGE_INVALID                                             syscall.Errno = 1620
+	ERROR_INSTALL_UI_FAILURE                                                  syscall.Errno = 1621
+	ERROR_INSTALL_LOG_FAILURE                                                 syscall.Errno = 1622
+	ERROR_INSTALL_LANGUAGE_UNSUPPORTED                                        syscall.Errno = 1623
+	ERROR_INSTALL_TRANSFORM_FAILURE                                           syscall.Errno = 1624
+	ERROR_INSTALL_PACKAGE_REJECTED                                            syscall.Errno = 1625
+	ERROR_FUNCTION_NOT_CALLED                                                 syscall.Errno = 1626
+	ERROR_FUNCTION_FAILED                                                     syscall.Errno = 1627
+	ERROR_INVALID_TABLE                                                       syscall.Errno = 1628
+	ERROR_DATATYPE_MISMATCH                                                   syscall.Errno = 1629
+	ERROR_UNSUPPORTED_TYPE                                                    syscall.Errno = 1630
+	ERROR_CREATE_FAILED                                                       syscall.Errno = 1631
+	ERROR_INSTALL_TEMP_UNWRITABLE                                             syscall.Errno = 1632
+	ERROR_INSTALL_PLATFORM_UNSUPPORTED                                        syscall.Errno = 1633
+	ERROR_INSTALL_NOTUSED                                                     syscall.Errno = 1634
+	ERROR_PATCH_PACKAGE_OPEN_FAILED                                           syscall.Errno = 1635
+	ERROR_PATCH_PACKAGE_INVALID                                               syscall.Errno = 1636
+	ERROR_PATCH_PACKAGE_UNSUPPORTED                                           syscall.Errno = 1637
+	ERROR_PRODUCT_VERSION                                                     syscall.Errno = 1638
+	ERROR_INVALID_COMMAND_LINE                                                syscall.Errno = 1639
+	ERROR_INSTALL_REMOTE_DISALLOWED                                           syscall.Errno = 1640
+	ERROR_SUCCESS_REBOOT_INITIATED                                            syscall.Errno = 1641
+	ERROR_PATCH_TARGET_NOT_FOUND                                              syscall.Errno = 1642
+	ERROR_PATCH_PACKAGE_REJECTED                                              syscall.Errno = 1643
+	ERROR_INSTALL_TRANSFORM_REJECTED                                          syscall.Errno = 1644
+	ERROR_INSTALL_REMOTE_PROHIBITED                                           syscall.Errno = 1645
+	ERROR_PATCH_REMOVAL_UNSUPPORTED                                           syscall.Errno = 1646
+	ERROR_UNKNOWN_PATCH                                                       syscall.Errno = 1647
+	ERROR_PATCH_NO_SEQUENCE                                                   syscall.Errno = 1648
+	ERROR_PATCH_REMOVAL_DISALLOWED                                            syscall.Errno = 1649
+	ERROR_INVALID_PATCH_XML                                                   syscall.Errno = 1650
+	ERROR_PATCH_MANAGED_ADVERTISED_PRODUCT                                    syscall.Errno = 1651
+	ERROR_INSTALL_SERVICE_SAFEBOOT                                            syscall.Errno = 1652
+	ERROR_FAIL_FAST_EXCEPTION                                                 syscall.Errno = 1653
+	ERROR_INSTALL_REJECTED                                                    syscall.Errno = 1654
+	ERROR_DYNAMIC_CODE_BLOCKED                                                syscall.Errno = 1655
+	ERROR_NOT_SAME_OBJECT                                                     syscall.Errno = 1656
+	ERROR_STRICT_CFG_VIOLATION                                                syscall.Errno = 1657
+	ERROR_SET_CONTEXT_DENIED                                                  syscall.Errno = 1660
+	ERROR_CROSS_PARTITION_VIOLATION                                           syscall.Errno = 1661
+	RPC_S_INVALID_STRING_BINDING                                              syscall.Errno = 1700
+	RPC_S_WRONG_KIND_OF_BINDING                                               syscall.Errno = 1701
+	RPC_S_INVALID_BINDING                                                     syscall.Errno = 1702
+	RPC_S_PROTSEQ_NOT_SUPPORTED                                               syscall.Errno = 1703
+	RPC_S_INVALID_RPC_PROTSEQ                                                 syscall.Errno = 1704
+	RPC_S_INVALID_STRING_UUID                                                 syscall.Errno = 1705
+	RPC_S_INVALID_ENDPOINT_FORMAT                                             syscall.Errno = 1706
+	RPC_S_INVALID_NET_ADDR                                                    syscall.Errno = 1707
+	RPC_S_NO_ENDPOINT_FOUND                                                   syscall.Errno = 1708
+	RPC_S_INVALID_TIMEOUT                                                     syscall.Errno = 1709
+	RPC_S_OBJECT_NOT_FOUND                                                    syscall.Errno = 1710
+	RPC_S_ALREADY_REGISTERED                                                  syscall.Errno = 1711
+	RPC_S_TYPE_ALREADY_REGISTERED                                             syscall.Errno = 1712
+	RPC_S_ALREADY_LISTENING                                                   syscall.Errno = 1713
+	RPC_S_NO_PROTSEQS_REGISTERED                                              syscall.Errno = 1714
+	RPC_S_NOT_LISTENING                                                       syscall.Errno = 1715
+	RPC_S_UNKNOWN_MGR_TYPE                                                    syscall.Errno = 1716
+	RPC_S_UNKNOWN_IF                                                          syscall.Errno = 1717
+	RPC_S_NO_BINDINGS                                                         syscall.Errno = 1718
+	RPC_S_NO_PROTSEQS                                                         syscall.Errno = 1719
+	RPC_S_CANT_CREATE_ENDPOINT                                                syscall.Errno = 1720
+	RPC_S_OUT_OF_RESOURCES                                                    syscall.Errno = 1721
+	RPC_S_SERVER_UNAVAILABLE                                                  syscall.Errno = 1722
+	RPC_S_SERVER_TOO_BUSY                                                     syscall.Errno = 1723
+	RPC_S_INVALID_NETWORK_OPTIONS                                             syscall.Errno = 1724
+	RPC_S_NO_CALL_ACTIVE                                                      syscall.Errno = 1725
+	RPC_S_CALL_FAILED                                                         syscall.Errno = 1726
+	RPC_S_CALL_FAILED_DNE                                                     syscall.Errno = 1727
+	RPC_S_PROTOCOL_ERROR                                                      syscall.Errno = 1728
+	RPC_S_PROXY_ACCESS_DENIED                                                 syscall.Errno = 1729
+	RPC_S_UNSUPPORTED_TRANS_SYN                                               syscall.Errno = 1730
+	RPC_S_UNSUPPORTED_TYPE                                                    syscall.Errno = 1732
+	RPC_S_INVALID_TAG                                                         syscall.Errno = 1733
+	RPC_S_INVALID_BOUND                                                       syscall.Errno = 1734
+	RPC_S_NO_ENTRY_NAME                                                       syscall.Errno = 1735
+	RPC_S_INVALID_NAME_SYNTAX                                                 syscall.Errno = 1736
+	RPC_S_UNSUPPORTED_NAME_SYNTAX                                             syscall.Errno = 1737
+	RPC_S_UUID_NO_ADDRESS                                                     syscall.Errno = 1739
+	RPC_S_DUPLICATE_ENDPOINT                                                  syscall.Errno = 1740
+	RPC_S_UNKNOWN_AUTHN_TYPE                                                  syscall.Errno = 1741
+	RPC_S_MAX_CALLS_TOO_SMALL                                                 syscall.Errno = 1742
+	RPC_S_STRING_TOO_LONG                                                     syscall.Errno = 1743
+	RPC_S_PROTSEQ_NOT_FOUND                                                   syscall.Errno = 1744
+	RPC_S_PROCNUM_OUT_OF_RANGE                                                syscall.Errno = 1745
+	RPC_S_BINDING_HAS_NO_AUTH                                                 syscall.Errno = 1746
+	RPC_S_UNKNOWN_AUTHN_SERVICE                                               syscall.Errno = 1747
+	RPC_S_UNKNOWN_AUTHN_LEVEL                                                 syscall.Errno = 1748
+	RPC_S_INVALID_AUTH_IDENTITY                                               syscall.Errno = 1749
+	RPC_S_UNKNOWN_AUTHZ_SERVICE                                               syscall.Errno = 1750
+	EPT_S_INVALID_ENTRY                                                       syscall.Errno = 1751
+	EPT_S_CANT_PERFORM_OP                                                     syscall.Errno = 1752
+	EPT_S_NOT_REGISTERED                                                      syscall.Errno = 1753
+	RPC_S_NOTHING_TO_EXPORT                                                   syscall.Errno = 1754
+	RPC_S_INCOMPLETE_NAME                                                     syscall.Errno = 1755
+	RPC_S_INVALID_VERS_OPTION                                                 syscall.Errno = 1756
+	RPC_S_NO_MORE_MEMBERS                                                     syscall.Errno = 1757
+	RPC_S_NOT_ALL_OBJS_UNEXPORTED                                             syscall.Errno = 1758
+	RPC_S_INTERFACE_NOT_FOUND                                                 syscall.Errno = 1759
+	RPC_S_ENTRY_ALREADY_EXISTS                                                syscall.Errno = 1760
+	RPC_S_ENTRY_NOT_FOUND                                                     syscall.Errno = 1761
+	RPC_S_NAME_SERVICE_UNAVAILABLE                                            syscall.Errno = 1762
+	RPC_S_INVALID_NAF_ID                                                      syscall.Errno = 1763
+	RPC_S_CANNOT_SUPPORT                                                      syscall.Errno = 1764
+	RPC_S_NO_CONTEXT_AVAILABLE                                                syscall.Errno = 1765
+	RPC_S_INTERNAL_ERROR                                                      syscall.Errno = 1766
+	RPC_S_ZERO_DIVIDE                                                         syscall.Errno = 1767
+	RPC_S_ADDRESS_ERROR                                                       syscall.Errno = 1768
+	RPC_S_FP_DIV_ZERO                                                         syscall.Errno = 1769
+	RPC_S_FP_UNDERFLOW                                                        syscall.Errno = 1770
+	RPC_S_FP_OVERFLOW                                                         syscall.Errno = 1771
+	RPC_X_NO_MORE_ENTRIES                                                     syscall.Errno = 1772
+	RPC_X_SS_CHAR_TRANS_OPEN_FAIL                                             syscall.Errno = 1773
+	RPC_X_SS_CHAR_TRANS_SHORT_FILE                                            syscall.Errno = 1774
+	RPC_X_SS_IN_NULL_CONTEXT                                                  syscall.Errno = 1775
+	RPC_X_SS_CONTEXT_DAMAGED                                                  syscall.Errno = 1777
+	RPC_X_SS_HANDLES_MISMATCH                                                 syscall.Errno = 1778
+	RPC_X_SS_CANNOT_GET_CALL_HANDLE                                           syscall.Errno = 1779
+	RPC_X_NULL_REF_POINTER                                                    syscall.Errno = 1780
+	RPC_X_ENUM_VALUE_OUT_OF_RANGE                                             syscall.Errno = 1781
+	RPC_X_BYTE_COUNT_TOO_SMALL                                                syscall.Errno = 1782
+	RPC_X_BAD_STUB_DATA                                                       syscall.Errno = 1783
+	ERROR_INVALID_USER_BUFFER                                                 syscall.Errno = 1784
+	ERROR_UNRECOGNIZED_MEDIA                                                  syscall.Errno = 1785
+	ERROR_NO_TRUST_LSA_SECRET                                                 syscall.Errno = 1786
+	ERROR_NO_TRUST_SAM_ACCOUNT                                                syscall.Errno = 1787
+	ERROR_TRUSTED_DOMAIN_FAILURE                                              syscall.Errno = 1788
+	ERROR_TRUSTED_RELATIONSHIP_FAILURE                                        syscall.Errno = 1789
+	ERROR_TRUST_FAILURE                                                       syscall.Errno = 1790
+	RPC_S_CALL_IN_PROGRESS                                                    syscall.Errno = 1791
+	ERROR_NETLOGON_NOT_STARTED                                                syscall.Errno = 1792
+	ERROR_ACCOUNT_EXPIRED                                                     syscall.Errno = 1793
+	ERROR_REDIRECTOR_HAS_OPEN_HANDLES                                         syscall.Errno = 1794
+	ERROR_PRINTER_DRIVER_ALREADY_INSTALLED                                    syscall.Errno = 1795
+	ERROR_UNKNOWN_PORT                                                        syscall.Errno = 1796
+	ERROR_UNKNOWN_PRINTER_DRIVER                                              syscall.Errno = 1797
+	ERROR_UNKNOWN_PRINTPROCESSOR                                              syscall.Errno = 1798
+	ERROR_INVALID_SEPARATOR_FILE                                              syscall.Errno = 1799
+	ERROR_INVALID_PRIORITY                                                    syscall.Errno = 1800
+	ERROR_INVALID_PRINTER_NAME                                                syscall.Errno = 1801
+	ERROR_PRINTER_ALREADY_EXISTS                                              syscall.Errno = 1802
+	ERROR_INVALID_PRINTER_COMMAND                                             syscall.Errno = 1803
+	ERROR_INVALID_DATATYPE                                                    syscall.Errno = 1804
+	ERROR_INVALID_ENVIRONMENT                                                 syscall.Errno = 1805
+	RPC_S_NO_MORE_BINDINGS                                                    syscall.Errno = 1806
+	ERROR_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT                                   syscall.Errno = 1807
+	ERROR_NOLOGON_WORKSTATION_TRUST_ACCOUNT                                   syscall.Errno = 1808
+	ERROR_NOLOGON_SERVER_TRUST_ACCOUNT                                        syscall.Errno = 1809
+	ERROR_DOMAIN_TRUST_INCONSISTENT                                           syscall.Errno = 1810
+	ERROR_SERVER_HAS_OPEN_HANDLES                                             syscall.Errno = 1811
+	ERROR_RESOURCE_DATA_NOT_FOUND                                             syscall.Errno = 1812
+	ERROR_RESOURCE_TYPE_NOT_FOUND                                             syscall.Errno = 1813
+	ERROR_RESOURCE_NAME_NOT_FOUND                                             syscall.Errno = 1814
+	ERROR_RESOURCE_LANG_NOT_FOUND                                             syscall.Errno = 1815
+	ERROR_NOT_ENOUGH_QUOTA                                                    syscall.Errno = 1816
+	RPC_S_NO_INTERFACES                                                       syscall.Errno = 1817
+	RPC_S_CALL_CANCELLED                                                      syscall.Errno = 1818
+	RPC_S_BINDING_INCOMPLETE                                                  syscall.Errno = 1819
+	RPC_S_COMM_FAILURE                                                        syscall.Errno = 1820
+	RPC_S_UNSUPPORTED_AUTHN_LEVEL                                             syscall.Errno = 1821
+	RPC_S_NO_PRINC_NAME                                                       syscall.Errno = 1822
+	RPC_S_NOT_RPC_ERROR                                                       syscall.Errno = 1823
+	RPC_S_UUID_LOCAL_ONLY                                                     syscall.Errno = 1824
+	RPC_S_SEC_PKG_ERROR                                                       syscall.Errno = 1825
+	RPC_S_NOT_CANCELLED                                                       syscall.Errno = 1826
+	RPC_X_INVALID_ES_ACTION                                                   syscall.Errno = 1827
+	RPC_X_WRONG_ES_VERSION                                                    syscall.Errno = 1828
+	RPC_X_WRONG_STUB_VERSION                                                  syscall.Errno = 1829
+	RPC_X_INVALID_PIPE_OBJECT                                                 syscall.Errno = 1830
+	RPC_X_WRONG_PIPE_ORDER                                                    syscall.Errno = 1831
+	RPC_X_WRONG_PIPE_VERSION                                                  syscall.Errno = 1832
+	RPC_S_COOKIE_AUTH_FAILED                                                  syscall.Errno = 1833
+	RPC_S_DO_NOT_DISTURB                                                      syscall.Errno = 1834
+	RPC_S_SYSTEM_HANDLE_COUNT_EXCEEDED                                        syscall.Errno = 1835
+	RPC_S_SYSTEM_HANDLE_TYPE_MISMATCH                                         syscall.Errno = 1836
+	RPC_S_GROUP_MEMBER_NOT_FOUND                                              syscall.Errno = 1898
+	EPT_S_CANT_CREATE                                                         syscall.Errno = 1899
+	RPC_S_INVALID_OBJECT                                                      syscall.Errno = 1900
+	ERROR_INVALID_TIME                                                        syscall.Errno = 1901
+	ERROR_INVALID_FORM_NAME                                                   syscall.Errno = 1902
+	ERROR_INVALID_FORM_SIZE                                                   syscall.Errno = 1903
+	ERROR_ALREADY_WAITING                                                     syscall.Errno = 1904
+	ERROR_PRINTER_DELETED                                                     syscall.Errno = 1905
+	ERROR_INVALID_PRINTER_STATE                                               syscall.Errno = 1906
+	ERROR_PASSWORD_MUST_CHANGE                                                syscall.Errno = 1907
+	ERROR_DOMAIN_CONTROLLER_NOT_FOUND                                         syscall.Errno = 1908
+	ERROR_ACCOUNT_LOCKED_OUT                                                  syscall.Errno = 1909
+	OR_INVALID_OXID                                                           syscall.Errno = 1910
+	OR_INVALID_OID                                                            syscall.Errno = 1911
+	OR_INVALID_SET                                                            syscall.Errno = 1912
+	RPC_S_SEND_INCOMPLETE                                                     syscall.Errno = 1913
+	RPC_S_INVALID_ASYNC_HANDLE                                                syscall.Errno = 1914
+	RPC_S_INVALID_ASYNC_CALL                                                  syscall.Errno = 1915
+	RPC_X_PIPE_CLOSED                                                         syscall.Errno = 1916
+	RPC_X_PIPE_DISCIPLINE_ERROR                                               syscall.Errno = 1917
+	RPC_X_PIPE_EMPTY                                                          syscall.Errno = 1918
+	ERROR_NO_SITENAME                                                         syscall.Errno = 1919
+	ERROR_CANT_ACCESS_FILE                                                    syscall.Errno = 1920
+	ERROR_CANT_RESOLVE_FILENAME                                               syscall.Errno = 1921
+	RPC_S_ENTRY_TYPE_MISMATCH                                                 syscall.Errno = 1922
+	RPC_S_NOT_ALL_OBJS_EXPORTED                                               syscall.Errno = 1923
+	RPC_S_INTERFACE_NOT_EXPORTED                                              syscall.Errno = 1924
+	RPC_S_PROFILE_NOT_ADDED                                                   syscall.Errno = 1925
+	RPC_S_PRF_ELT_NOT_ADDED                                                   syscall.Errno = 1926
+	RPC_S_PRF_ELT_NOT_REMOVED                                                 syscall.Errno = 1927
+	RPC_S_GRP_ELT_NOT_ADDED                                                   syscall.Errno = 1928
+	RPC_S_GRP_ELT_NOT_REMOVED                                                 syscall.Errno = 1929
+	ERROR_KM_DRIVER_BLOCKED                                                   syscall.Errno = 1930
+	ERROR_CONTEXT_EXPIRED                                                     syscall.Errno = 1931
+	ERROR_PER_USER_TRUST_QUOTA_EXCEEDED                                       syscall.Errno = 1932
+	ERROR_ALL_USER_TRUST_QUOTA_EXCEEDED                                       syscall.Errno = 1933
+	ERROR_USER_DELETE_TRUST_QUOTA_EXCEEDED                                    syscall.Errno = 1934
+	ERROR_AUTHENTICATION_FIREWALL_FAILED                                      syscall.Errno = 1935
+	ERROR_REMOTE_PRINT_CONNECTIONS_BLOCKED                                    syscall.Errno = 1936
+	ERROR_NTLM_BLOCKED                                                        syscall.Errno = 1937
+	ERROR_PASSWORD_CHANGE_REQUIRED                                            syscall.Errno = 1938
+	ERROR_LOST_MODE_LOGON_RESTRICTION                                         syscall.Errno = 1939
+	ERROR_INVALID_PIXEL_FORMAT                                                syscall.Errno = 2000
+	ERROR_BAD_DRIVER                                                          syscall.Errno = 2001
+	ERROR_INVALID_WINDOW_STYLE                                                syscall.Errno = 2002
+	ERROR_METAFILE_NOT_SUPPORTED                                              syscall.Errno = 2003
+	ERROR_TRANSFORM_NOT_SUPPORTED                                             syscall.Errno = 2004
+	ERROR_CLIPPING_NOT_SUPPORTED                                              syscall.Errno = 2005
+	ERROR_INVALID_CMM                                                         syscall.Errno = 2010
+	ERROR_INVALID_PROFILE                                                     syscall.Errno = 2011
+	ERROR_TAG_NOT_FOUND                                                       syscall.Errno = 2012
+	ERROR_TAG_NOT_PRESENT                                                     syscall.Errno = 2013
+	ERROR_DUPLICATE_TAG                                                       syscall.Errno = 2014
+	ERROR_PROFILE_NOT_ASSOCIATED_WITH_DEVICE                                  syscall.Errno = 2015
+	ERROR_PROFILE_NOT_FOUND                                                   syscall.Errno = 2016
+	ERROR_INVALID_COLORSPACE                                                  syscall.Errno = 2017
+	ERROR_ICM_NOT_ENABLED                                                     syscall.Errno = 2018
+	ERROR_DELETING_ICM_XFORM                                                  syscall.Errno = 2019
+	ERROR_INVALID_TRANSFORM                                                   syscall.Errno = 2020
+	ERROR_COLORSPACE_MISMATCH                                                 syscall.Errno = 2021
+	ERROR_INVALID_COLORINDEX                                                  syscall.Errno = 2022
+	ERROR_PROFILE_DOES_NOT_MATCH_DEVICE                                       syscall.Errno = 2023
+	ERROR_CONNECTED_OTHER_PASSWORD                                            syscall.Errno = 2108
+	ERROR_CONNECTED_OTHER_PASSWORD_DEFAULT                                    syscall.Errno = 2109
+	ERROR_BAD_USERNAME                                                        syscall.Errno = 2202
+	ERROR_NOT_CONNECTED                                                       syscall.Errno = 2250
+	ERROR_OPEN_FILES                                                          syscall.Errno = 2401
+	ERROR_ACTIVE_CONNECTIONS                                                  syscall.Errno = 2402
+	ERROR_DEVICE_IN_USE                                                       syscall.Errno = 2404
+	ERROR_UNKNOWN_PRINT_MONITOR                                               syscall.Errno = 3000
+	ERROR_PRINTER_DRIVER_IN_USE                                               syscall.Errno = 3001
+	ERROR_SPOOL_FILE_NOT_FOUND                                                syscall.Errno = 3002
+	ERROR_SPL_NO_STARTDOC                                                     syscall.Errno = 3003
+	ERROR_SPL_NO_ADDJOB                                                       syscall.Errno = 3004
+	ERROR_PRINT_PROCESSOR_ALREADY_INSTALLED                                   syscall.Errno = 3005
+	ERROR_PRINT_MONITOR_ALREADY_INSTALLED                                     syscall.Errno = 3006
+	ERROR_INVALID_PRINT_MONITOR                                               syscall.Errno = 3007
+	ERROR_PRINT_MONITOR_IN_USE                                                syscall.Errno = 3008
+	ERROR_PRINTER_HAS_JOBS_QUEUED                                             syscall.Errno = 3009
+	ERROR_SUCCESS_REBOOT_REQUIRED                                             syscall.Errno = 3010
+	ERROR_SUCCESS_RESTART_REQUIRED                                            syscall.Errno = 3011
+	ERROR_PRINTER_NOT_FOUND                                                   syscall.Errno = 3012
+	ERROR_PRINTER_DRIVER_WARNED                                               syscall.Errno = 3013
+	ERROR_PRINTER_DRIVER_BLOCKED                                              syscall.Errno = 3014
+	ERROR_PRINTER_DRIVER_PACKAGE_IN_USE                                       syscall.Errno = 3015
+	ERROR_CORE_DRIVER_PACKAGE_NOT_FOUND                                       syscall.Errno = 3016
+	ERROR_FAIL_REBOOT_REQUIRED                                                syscall.Errno = 3017
+	ERROR_FAIL_REBOOT_INITIATED                                               syscall.Errno = 3018
+	ERROR_PRINTER_DRIVER_DOWNLOAD_NEEDED                                      syscall.Errno = 3019
+	ERROR_PRINT_JOB_RESTART_REQUIRED                                          syscall.Errno = 3020
+	ERROR_INVALID_PRINTER_DRIVER_MANIFEST                                     syscall.Errno = 3021
+	ERROR_PRINTER_NOT_SHAREABLE                                               syscall.Errno = 3022
+	ERROR_REQUEST_PAUSED                                                      syscall.Errno = 3050
+	ERROR_APPEXEC_CONDITION_NOT_SATISFIED                                     syscall.Errno = 3060
+	ERROR_APPEXEC_HANDLE_INVALIDATED                                          syscall.Errno = 3061
+	ERROR_APPEXEC_INVALID_HOST_GENERATION                                     syscall.Errno = 3062
+	ERROR_APPEXEC_UNEXPECTED_PROCESS_REGISTRATION                             syscall.Errno = 3063
+	ERROR_APPEXEC_INVALID_HOST_STATE                                          syscall.Errno = 3064
+	ERROR_APPEXEC_NO_DONOR                                                    syscall.Errno = 3065
+	ERROR_APPEXEC_HOST_ID_MISMATCH                                            syscall.Errno = 3066
+	ERROR_APPEXEC_UNKNOWN_USER                                                syscall.Errno = 3067
+	ERROR_IO_REISSUE_AS_CACHED                                                syscall.Errno = 3950
+	ERROR_WINS_INTERNAL                                                       syscall.Errno = 4000
+	ERROR_CAN_NOT_DEL_LOCAL_WINS                                              syscall.Errno = 4001
+	ERROR_STATIC_INIT                                                         syscall.Errno = 4002
+	ERROR_INC_BACKUP                                                          syscall.Errno = 4003
+	ERROR_FULL_BACKUP                                                         syscall.Errno = 4004
+	ERROR_REC_NON_EXISTENT                                                    syscall.Errno = 4005
+	ERROR_RPL_NOT_ALLOWED                                                     syscall.Errno = 4006
+	PEERDIST_ERROR_CONTENTINFO_VERSION_UNSUPPORTED                            syscall.Errno = 4050
+	PEERDIST_ERROR_CANNOT_PARSE_CONTENTINFO                                   syscall.Errno = 4051
+	PEERDIST_ERROR_MISSING_DATA                                               syscall.Errno = 4052
+	PEERDIST_ERROR_NO_MORE                                                    syscall.Errno = 4053
+	PEERDIST_ERROR_NOT_INITIALIZED                                            syscall.Errno = 4054
+	PEERDIST_ERROR_ALREADY_INITIALIZED                                        syscall.Errno = 4055
+	PEERDIST_ERROR_SHUTDOWN_IN_PROGRESS                                       syscall.Errno = 4056
+	PEERDIST_ERROR_INVALIDATED                                                syscall.Errno = 4057
+	PEERDIST_ERROR_ALREADY_EXISTS                                             syscall.Errno = 4058
+	PEERDIST_ERROR_OPERATION_NOTFOUND                                         syscall.Errno = 4059
+	PEERDIST_ERROR_ALREADY_COMPLETED                                          syscall.Errno = 4060
+	PEERDIST_ERROR_OUT_OF_BOUNDS                                              syscall.Errno = 4061
+	PEERDIST_ERROR_VERSION_UNSUPPORTED                                        syscall.Errno = 4062
+	PEERDIST_ERROR_INVALID_CONFIGURATION                                      syscall.Errno = 4063
+	PEERDIST_ERROR_NOT_LICENSED                                               syscall.Errno = 4064
+	PEERDIST_ERROR_SERVICE_UNAVAILABLE                                        syscall.Errno = 4065
+	PEERDIST_ERROR_TRUST_FAILURE                                              syscall.Errno = 4066
+	ERROR_DHCP_ADDRESS_CONFLICT                                               syscall.Errno = 4100
+	ERROR_WMI_GUID_NOT_FOUND                                                  syscall.Errno = 4200
+	ERROR_WMI_INSTANCE_NOT_FOUND                                              syscall.Errno = 4201
+	ERROR_WMI_ITEMID_NOT_FOUND                                                syscall.Errno = 4202
+	ERROR_WMI_TRY_AGAIN                                                       syscall.Errno = 4203
+	ERROR_WMI_DP_NOT_FOUND                                                    syscall.Errno = 4204
+	ERROR_WMI_UNRESOLVED_INSTANCE_REF                                         syscall.Errno = 4205
+	ERROR_WMI_ALREADY_ENABLED                                                 syscall.Errno = 4206
+	ERROR_WMI_GUID_DISCONNECTED                                               syscall.Errno = 4207
+	ERROR_WMI_SERVER_UNAVAILABLE                                              syscall.Errno = 4208
+	ERROR_WMI_DP_FAILED                                                       syscall.Errno = 4209
+	ERROR_WMI_INVALID_MOF                                                     syscall.Errno = 4210
+	ERROR_WMI_INVALID_REGINFO                                                 syscall.Errno = 4211
+	ERROR_WMI_ALREADY_DISABLED                                                syscall.Errno = 4212
+	ERROR_WMI_READ_ONLY                                                       syscall.Errno = 4213
+	ERROR_WMI_SET_FAILURE                                                     syscall.Errno = 4214
+	ERROR_NOT_APPCONTAINER                                                    syscall.Errno = 4250
+	ERROR_APPCONTAINER_REQUIRED                                               syscall.Errno = 4251
+	ERROR_NOT_SUPPORTED_IN_APPCONTAINER                                       syscall.Errno = 4252
+	ERROR_INVALID_PACKAGE_SID_LENGTH                                          syscall.Errno = 4253
+	ERROR_INVALID_MEDIA                                                       syscall.Errno = 4300
+	ERROR_INVALID_LIBRARY                                                     syscall.Errno = 4301
+	ERROR_INVALID_MEDIA_POOL                                                  syscall.Errno = 4302
+	ERROR_DRIVE_MEDIA_MISMATCH                                                syscall.Errno = 4303
+	ERROR_MEDIA_OFFLINE                                                       syscall.Errno = 4304
+	ERROR_LIBRARY_OFFLINE                                                     syscall.Errno = 4305
+	ERROR_EMPTY                                                               syscall.Errno = 4306
+	ERROR_NOT_EMPTY                                                           syscall.Errno = 4307
+	ERROR_MEDIA_UNAVAILABLE                                                   syscall.Errno = 4308
+	ERROR_RESOURCE_DISABLED                                                   syscall.Errno = 4309
+	ERROR_INVALID_CLEANER                                                     syscall.Errno = 4310
+	ERROR_UNABLE_TO_CLEAN                                                     syscall.Errno = 4311
+	ERROR_OBJECT_NOT_FOUND                                                    syscall.Errno = 4312
+	ERROR_DATABASE_FAILURE                                                    syscall.Errno = 4313
+	ERROR_DATABASE_FULL                                                       syscall.Errno = 4314
+	ERROR_MEDIA_INCOMPATIBLE                                                  syscall.Errno = 4315
+	ERROR_RESOURCE_NOT_PRESENT                                                syscall.Errno = 4316
+	ERROR_INVALID_OPERATION                                                   syscall.Errno = 4317
+	ERROR_MEDIA_NOT_AVAILABLE                                                 syscall.Errno = 4318
+	ERROR_DEVICE_NOT_AVAILABLE                                                syscall.Errno = 4319
+	ERROR_REQUEST_REFUSED                                                     syscall.Errno = 4320
+	ERROR_INVALID_DRIVE_OBJECT                                                syscall.Errno = 4321
+	ERROR_LIBRARY_FULL                                                        syscall.Errno = 4322
+	ERROR_MEDIUM_NOT_ACCESSIBLE                                               syscall.Errno = 4323
+	ERROR_UNABLE_TO_LOAD_MEDIUM                                               syscall.Errno = 4324
+	ERROR_UNABLE_TO_INVENTORY_DRIVE                                           syscall.Errno = 4325
+	ERROR_UNABLE_TO_INVENTORY_SLOT                                            syscall.Errno = 4326
+	ERROR_UNABLE_TO_INVENTORY_TRANSPORT                                       syscall.Errno = 4327
+	ERROR_TRANSPORT_FULL                                                      syscall.Errno = 4328
+	ERROR_CONTROLLING_IEPORT                                                  syscall.Errno = 4329
+	ERROR_UNABLE_TO_EJECT_MOUNTED_MEDIA                                       syscall.Errno = 4330
+	ERROR_CLEANER_SLOT_SET                                                    syscall.Errno = 4331
+	ERROR_CLEANER_SLOT_NOT_SET                                                syscall.Errno = 4332
+	ERROR_CLEANER_CARTRIDGE_SPENT                                             syscall.Errno = 4333
+	ERROR_UNEXPECTED_OMID                                                     syscall.Errno = 4334
+	ERROR_CANT_DELETE_LAST_ITEM                                               syscall.Errno = 4335
+	ERROR_MESSAGE_EXCEEDS_MAX_SIZE                                            syscall.Errno = 4336
+	ERROR_VOLUME_CONTAINS_SYS_FILES                                           syscall.Errno = 4337
+	ERROR_INDIGENOUS_TYPE                                                     syscall.Errno = 4338
+	ERROR_NO_SUPPORTING_DRIVES                                                syscall.Errno = 4339
+	ERROR_CLEANER_CARTRIDGE_INSTALLED                                         syscall.Errno = 4340
+	ERROR_IEPORT_FULL                                                         syscall.Errno = 4341
+	ERROR_FILE_OFFLINE                                                        syscall.Errno = 4350
+	ERROR_REMOTE_STORAGE_NOT_ACTIVE                                           syscall.Errno = 4351
+	ERROR_REMOTE_STORAGE_MEDIA_ERROR                                          syscall.Errno = 4352
+	ERROR_NOT_A_REPARSE_POINT                                                 syscall.Errno = 4390
+	ERROR_REPARSE_ATTRIBUTE_CONFLICT                                          syscall.Errno = 4391
+	ERROR_INVALID_REPARSE_DATA                                                syscall.Errno = 4392
+	ERROR_REPARSE_TAG_INVALID                                                 syscall.Errno = 4393
+	ERROR_REPARSE_TAG_MISMATCH                                                syscall.Errno = 4394
+	ERROR_REPARSE_POINT_ENCOUNTERED                                           syscall.Errno = 4395
+	ERROR_APP_DATA_NOT_FOUND                                                  syscall.Errno = 4400
+	ERROR_APP_DATA_EXPIRED                                                    syscall.Errno = 4401
+	ERROR_APP_DATA_CORRUPT                                                    syscall.Errno = 4402
+	ERROR_APP_DATA_LIMIT_EXCEEDED                                             syscall.Errno = 4403
+	ERROR_APP_DATA_REBOOT_REQUIRED                                            syscall.Errno = 4404
+	ERROR_SECUREBOOT_ROLLBACK_DETECTED                                        syscall.Errno = 4420
+	ERROR_SECUREBOOT_POLICY_VIOLATION                                         syscall.Errno = 4421
+	ERROR_SECUREBOOT_INVALID_POLICY                                           syscall.Errno = 4422
+	ERROR_SECUREBOOT_POLICY_PUBLISHER_NOT_FOUND                               syscall.Errno = 4423
+	ERROR_SECUREBOOT_POLICY_NOT_SIGNED                                        syscall.Errno = 4424
+	ERROR_SECUREBOOT_NOT_ENABLED                                              syscall.Errno = 4425
+	ERROR_SECUREBOOT_FILE_REPLACED                                            syscall.Errno = 4426
+	ERROR_SECUREBOOT_POLICY_NOT_AUTHORIZED                                    syscall.Errno = 4427
+	ERROR_SECUREBOOT_POLICY_UNKNOWN                                           syscall.Errno = 4428
+	ERROR_SECUREBOOT_POLICY_MISSING_ANTIROLLBACKVERSION                       syscall.Errno = 4429
+	ERROR_SECUREBOOT_PLATFORM_ID_MISMATCH                                     syscall.Errno = 4430
+	ERROR_SECUREBOOT_POLICY_ROLLBACK_DETECTED                                 syscall.Errno = 4431
+	ERROR_SECUREBOOT_POLICY_UPGRADE_MISMATCH                                  syscall.Errno = 4432
+	ERROR_SECUREBOOT_REQUIRED_POLICY_FILE_MISSING                             syscall.Errno = 4433
+	ERROR_SECUREBOOT_NOT_BASE_POLICY                                          syscall.Errno = 4434
+	ERROR_SECUREBOOT_NOT_SUPPLEMENTAL_POLICY                                  syscall.Errno = 4435
+	ERROR_OFFLOAD_READ_FLT_NOT_SUPPORTED                                      syscall.Errno = 4440
+	ERROR_OFFLOAD_WRITE_FLT_NOT_SUPPORTED                                     syscall.Errno = 4441
+	ERROR_OFFLOAD_READ_FILE_NOT_SUPPORTED                                     syscall.Errno = 4442
+	ERROR_OFFLOAD_WRITE_FILE_NOT_SUPPORTED                                    syscall.Errno = 4443
+	ERROR_ALREADY_HAS_STREAM_ID                                               syscall.Errno = 4444
+	ERROR_SMR_GARBAGE_COLLECTION_REQUIRED                                     syscall.Errno = 4445
+	ERROR_WOF_WIM_HEADER_CORRUPT                                              syscall.Errno = 4446
+	ERROR_WOF_WIM_RESOURCE_TABLE_CORRUPT                                      syscall.Errno = 4447
+	ERROR_WOF_FILE_RESOURCE_TABLE_CORRUPT                                     syscall.Errno = 4448
+	ERROR_VOLUME_NOT_SIS_ENABLED                                              syscall.Errno = 4500
+	ERROR_SYSTEM_INTEGRITY_ROLLBACK_DETECTED                                  syscall.Errno = 4550
+	ERROR_SYSTEM_INTEGRITY_POLICY_VIOLATION                                   syscall.Errno = 4551
+	ERROR_SYSTEM_INTEGRITY_INVALID_POLICY                                     syscall.Errno = 4552
+	ERROR_SYSTEM_INTEGRITY_POLICY_NOT_SIGNED                                  syscall.Errno = 4553
+	ERROR_VSM_NOT_INITIALIZED                                                 syscall.Errno = 4560
+	ERROR_VSM_DMA_PROTECTION_NOT_IN_USE                                       syscall.Errno = 4561
+	ERROR_PLATFORM_MANIFEST_NOT_AUTHORIZED                                    syscall.Errno = 4570
+	ERROR_PLATFORM_MANIFEST_INVALID                                           syscall.Errno = 4571
+	ERROR_PLATFORM_MANIFEST_FILE_NOT_AUTHORIZED                               syscall.Errno = 4572
+	ERROR_PLATFORM_MANIFEST_CATALOG_NOT_AUTHORIZED                            syscall.Errno = 4573
+	ERROR_PLATFORM_MANIFEST_BINARY_ID_NOT_FOUND                               syscall.Errno = 4574
+	ERROR_PLATFORM_MANIFEST_NOT_ACTIVE                                        syscall.Errno = 4575
+	ERROR_PLATFORM_MANIFEST_NOT_SIGNED                                        syscall.Errno = 4576
+	ERROR_DEPENDENT_RESOURCE_EXISTS                                           syscall.Errno = 5001
+	ERROR_DEPENDENCY_NOT_FOUND                                                syscall.Errno = 5002
+	ERROR_DEPENDENCY_ALREADY_EXISTS                                           syscall.Errno = 5003
+	ERROR_RESOURCE_NOT_ONLINE                                                 syscall.Errno = 5004
+	ERROR_HOST_NODE_NOT_AVAILABLE                                             syscall.Errno = 5005
+	ERROR_RESOURCE_NOT_AVAILABLE                                              syscall.Errno = 5006
+	ERROR_RESOURCE_NOT_FOUND                                                  syscall.Errno = 5007
+	ERROR_SHUTDOWN_CLUSTER                                                    syscall.Errno = 5008
+	ERROR_CANT_EVICT_ACTIVE_NODE                                              syscall.Errno = 5009
+	ERROR_OBJECT_ALREADY_EXISTS                                               syscall.Errno = 5010
+	ERROR_OBJECT_IN_LIST                                                      syscall.Errno = 5011
+	ERROR_GROUP_NOT_AVAILABLE                                                 syscall.Errno = 5012
+	ERROR_GROUP_NOT_FOUND                                                     syscall.Errno = 5013
+	ERROR_GROUP_NOT_ONLINE                                                    syscall.Errno = 5014
+	ERROR_HOST_NODE_NOT_RESOURCE_OWNER                                        syscall.Errno = 5015
+	ERROR_HOST_NODE_NOT_GROUP_OWNER                                           syscall.Errno = 5016
+	ERROR_RESMON_CREATE_FAILED                                                syscall.Errno = 5017
+	ERROR_RESMON_ONLINE_FAILED                                                syscall.Errno = 5018
+	ERROR_RESOURCE_ONLINE                                                     syscall.Errno = 5019
+	ERROR_QUORUM_RESOURCE                                                     syscall.Errno = 5020
+	ERROR_NOT_QUORUM_CAPABLE                                                  syscall.Errno = 5021
+	ERROR_CLUSTER_SHUTTING_DOWN                                               syscall.Errno = 5022
+	ERROR_INVALID_STATE                                                       syscall.Errno = 5023
+	ERROR_RESOURCE_PROPERTIES_STORED                                          syscall.Errno = 5024
+	ERROR_NOT_QUORUM_CLASS                                                    syscall.Errno = 5025
+	ERROR_CORE_RESOURCE                                                       syscall.Errno = 5026
+	ERROR_QUORUM_RESOURCE_ONLINE_FAILED                                       syscall.Errno = 5027
+	ERROR_QUORUMLOG_OPEN_FAILED                                               syscall.Errno = 5028
+	ERROR_CLUSTERLOG_CORRUPT                                                  syscall.Errno = 5029
+	ERROR_CLUSTERLOG_RECORD_EXCEEDS_MAXSIZE                                   syscall.Errno = 5030
+	ERROR_CLUSTERLOG_EXCEEDS_MAXSIZE                                          syscall.Errno = 5031
+	ERROR_CLUSTERLOG_CHKPOINT_NOT_FOUND                                       syscall.Errno = 5032
+	ERROR_CLUSTERLOG_NOT_ENOUGH_SPACE                                         syscall.Errno = 5033
+	ERROR_QUORUM_OWNER_ALIVE                                                  syscall.Errno = 5034
+	ERROR_NETWORK_NOT_AVAILABLE                                               syscall.Errno = 5035
+	ERROR_NODE_NOT_AVAILABLE                                                  syscall.Errno = 5036
+	ERROR_ALL_NODES_NOT_AVAILABLE                                             syscall.Errno = 5037
+	ERROR_RESOURCE_FAILED                                                     syscall.Errno = 5038
+	ERROR_CLUSTER_INVALID_NODE                                                syscall.Errno = 5039
+	ERROR_CLUSTER_NODE_EXISTS                                                 syscall.Errno = 5040
+	ERROR_CLUSTER_JOIN_IN_PROGRESS                                            syscall.Errno = 5041
+	ERROR_CLUSTER_NODE_NOT_FOUND                                              syscall.Errno = 5042
+	ERROR_CLUSTER_LOCAL_NODE_NOT_FOUND                                        syscall.Errno = 5043
+	ERROR_CLUSTER_NETWORK_EXISTS                                              syscall.Errno = 5044
+	ERROR_CLUSTER_NETWORK_NOT_FOUND                                           syscall.Errno = 5045
+	ERROR_CLUSTER_NETINTERFACE_EXISTS                                         syscall.Errno = 5046
+	ERROR_CLUSTER_NETINTERFACE_NOT_FOUND                                      syscall.Errno = 5047
+	ERROR_CLUSTER_INVALID_REQUEST                                             syscall.Errno = 5048
+	ERROR_CLUSTER_INVALID_NETWORK_PROVIDER                                    syscall.Errno = 5049
+	ERROR_CLUSTER_NODE_DOWN                                                   syscall.Errno = 5050
+	ERROR_CLUSTER_NODE_UNREACHABLE                                            syscall.Errno = 5051
+	ERROR_CLUSTER_NODE_NOT_MEMBER                                             syscall.Errno = 5052
+	ERROR_CLUSTER_JOIN_NOT_IN_PROGRESS                                        syscall.Errno = 5053
+	ERROR_CLUSTER_INVALID_NETWORK                                             syscall.Errno = 5054
+	ERROR_CLUSTER_NODE_UP                                                     syscall.Errno = 5056
+	ERROR_CLUSTER_IPADDR_IN_USE                                               syscall.Errno = 5057
+	ERROR_CLUSTER_NODE_NOT_PAUSED                                             syscall.Errno = 5058
+	ERROR_CLUSTER_NO_SECURITY_CONTEXT                                         syscall.Errno = 5059
+	ERROR_CLUSTER_NETWORK_NOT_INTERNAL                                        syscall.Errno = 5060
+	ERROR_CLUSTER_NODE_ALREADY_UP                                             syscall.Errno = 5061
+	ERROR_CLUSTER_NODE_ALREADY_DOWN                                           syscall.Errno = 5062
+	ERROR_CLUSTER_NETWORK_ALREADY_ONLINE                                      syscall.Errno = 5063
+	ERROR_CLUSTER_NETWORK_ALREADY_OFFLINE                                     syscall.Errno = 5064
+	ERROR_CLUSTER_NODE_ALREADY_MEMBER                                         syscall.Errno = 5065
+	ERROR_CLUSTER_LAST_INTERNAL_NETWORK                                       syscall.Errno = 5066
+	ERROR_CLUSTER_NETWORK_HAS_DEPENDENTS                                      syscall.Errno = 5067
+	ERROR_INVALID_OPERATION_ON_QUORUM                                         syscall.Errno = 5068
+	ERROR_DEPENDENCY_NOT_ALLOWED                                              syscall.Errno = 5069
+	ERROR_CLUSTER_NODE_PAUSED                                                 syscall.Errno = 5070
+	ERROR_NODE_CANT_HOST_RESOURCE                                             syscall.Errno = 5071
+	ERROR_CLUSTER_NODE_NOT_READY                                              syscall.Errno = 5072
+	ERROR_CLUSTER_NODE_SHUTTING_DOWN                                          syscall.Errno = 5073
+	ERROR_CLUSTER_JOIN_ABORTED                                                syscall.Errno = 5074
+	ERROR_CLUSTER_INCOMPATIBLE_VERSIONS                                       syscall.Errno = 5075
+	ERROR_CLUSTER_MAXNUM_OF_RESOURCES_EXCEEDED                                syscall.Errno = 5076
+	ERROR_CLUSTER_SYSTEM_CONFIG_CHANGED                                       syscall.Errno = 5077
+	ERROR_CLUSTER_RESOURCE_TYPE_NOT_FOUND                                     syscall.Errno = 5078
+	ERROR_CLUSTER_RESTYPE_NOT_SUPPORTED                                       syscall.Errno = 5079
+	ERROR_CLUSTER_RESNAME_NOT_FOUND                                           syscall.Errno = 5080
+	ERROR_CLUSTER_NO_RPC_PACKAGES_REGISTERED                                  syscall.Errno = 5081
+	ERROR_CLUSTER_OWNER_NOT_IN_PREFLIST                                       syscall.Errno = 5082
+	ERROR_CLUSTER_DATABASE_SEQMISMATCH                                        syscall.Errno = 5083
+	ERROR_RESMON_INVALID_STATE                                                syscall.Errno = 5084
+	ERROR_CLUSTER_GUM_NOT_LOCKER                                              syscall.Errno = 5085
+	ERROR_QUORUM_DISK_NOT_FOUND                                               syscall.Errno = 5086
+	ERROR_DATABASE_BACKUP_CORRUPT                                             syscall.Errno = 5087
+	ERROR_CLUSTER_NODE_ALREADY_HAS_DFS_ROOT                                   syscall.Errno = 5088
+	ERROR_RESOURCE_PROPERTY_UNCHANGEABLE                                      syscall.Errno = 5089
+	ERROR_NO_ADMIN_ACCESS_POINT                                               syscall.Errno = 5090
+	ERROR_CLUSTER_MEMBERSHIP_INVALID_STATE                                    syscall.Errno = 5890
+	ERROR_CLUSTER_QUORUMLOG_NOT_FOUND                                         syscall.Errno = 5891
+	ERROR_CLUSTER_MEMBERSHIP_HALT                                             syscall.Errno = 5892
+	ERROR_CLUSTER_INSTANCE_ID_MISMATCH                                        syscall.Errno = 5893
+	ERROR_CLUSTER_NETWORK_NOT_FOUND_FOR_IP                                    syscall.Errno = 5894
+	ERROR_CLUSTER_PROPERTY_DATA_TYPE_MISMATCH                                 syscall.Errno = 5895
+	ERROR_CLUSTER_EVICT_WITHOUT_CLEANUP                                       syscall.Errno = 5896
+	ERROR_CLUSTER_PARAMETER_MISMATCH                                          syscall.Errno = 5897
+	ERROR_NODE_CANNOT_BE_CLUSTERED                                            syscall.Errno = 5898
+	ERROR_CLUSTER_WRONG_OS_VERSION                                            syscall.Errno = 5899
+	ERROR_CLUSTER_CANT_CREATE_DUP_CLUSTER_NAME                                syscall.Errno = 5900
+	ERROR_CLUSCFG_ALREADY_COMMITTED                                           syscall.Errno = 5901
+	ERROR_CLUSCFG_ROLLBACK_FAILED                                             syscall.Errno = 5902
+	ERROR_CLUSCFG_SYSTEM_DISK_DRIVE_LETTER_CONFLICT                           syscall.Errno = 5903
+	ERROR_CLUSTER_OLD_VERSION                                                 syscall.Errno = 5904
+	ERROR_CLUSTER_MISMATCHED_COMPUTER_ACCT_NAME                               syscall.Errno = 5905
+	ERROR_CLUSTER_NO_NET_ADAPTERS                                             syscall.Errno = 5906
+	ERROR_CLUSTER_POISONED                                                    syscall.Errno = 5907
+	ERROR_CLUSTER_GROUP_MOVING                                                syscall.Errno = 5908
+	ERROR_CLUSTER_RESOURCE_TYPE_BUSY                                          syscall.Errno = 5909
+	ERROR_RESOURCE_CALL_TIMED_OUT                                             syscall.Errno = 5910
+	ERROR_INVALID_CLUSTER_IPV6_ADDRESS                                        syscall.Errno = 5911
+	ERROR_CLUSTER_INTERNAL_INVALID_FUNCTION                                   syscall.Errno = 5912
+	ERROR_CLUSTER_PARAMETER_OUT_OF_BOUNDS                                     syscall.Errno = 5913
+	ERROR_CLUSTER_PARTIAL_SEND                                                syscall.Errno = 5914
+	ERROR_CLUSTER_REGISTRY_INVALID_FUNCTION                                   syscall.Errno = 5915
+	ERROR_CLUSTER_INVALID_STRING_TERMINATION                                  syscall.Errno = 5916
+	ERROR_CLUSTER_INVALID_STRING_FORMAT                                       syscall.Errno = 5917
+	ERROR_CLUSTER_DATABASE_TRANSACTION_IN_PROGRESS                            syscall.Errno = 5918
+	ERROR_CLUSTER_DATABASE_TRANSACTION_NOT_IN_PROGRESS                        syscall.Errno = 5919
+	ERROR_CLUSTER_NULL_DATA                                                   syscall.Errno = 5920
+	ERROR_CLUSTER_PARTIAL_READ                                                syscall.Errno = 5921
+	ERROR_CLUSTER_PARTIAL_WRITE                                               syscall.Errno = 5922
+	ERROR_CLUSTER_CANT_DESERIALIZE_DATA                                       syscall.Errno = 5923
+	ERROR_DEPENDENT_RESOURCE_PROPERTY_CONFLICT                                syscall.Errno = 5924
+	ERROR_CLUSTER_NO_QUORUM                                                   syscall.Errno = 5925
+	ERROR_CLUSTER_INVALID_IPV6_NETWORK                                        syscall.Errno = 5926
+	ERROR_CLUSTER_INVALID_IPV6_TUNNEL_NETWORK                                 syscall.Errno = 5927
+	ERROR_QUORUM_NOT_ALLOWED_IN_THIS_GROUP                                    syscall.Errno = 5928
+	ERROR_DEPENDENCY_TREE_TOO_COMPLEX                                         syscall.Errno = 5929
+	ERROR_EXCEPTION_IN_RESOURCE_CALL                                          syscall.Errno = 5930
+	ERROR_CLUSTER_RHS_FAILED_INITIALIZATION                                   syscall.Errno = 5931
+	ERROR_CLUSTER_NOT_INSTALLED                                               syscall.Errno = 5932
+	ERROR_CLUSTER_RESOURCES_MUST_BE_ONLINE_ON_THE_SAME_NODE                   syscall.Errno = 5933
+	ERROR_CLUSTER_MAX_NODES_IN_CLUSTER                                        syscall.Errno = 5934
+	ERROR_CLUSTER_TOO_MANY_NODES                                              syscall.Errno = 5935
+	ERROR_CLUSTER_OBJECT_ALREADY_USED                                         syscall.Errno = 5936
+	ERROR_NONCORE_GROUPS_FOUND                                                syscall.Errno = 5937
+	ERROR_FILE_SHARE_RESOURCE_CONFLICT                                        syscall.Errno = 5938
+	ERROR_CLUSTER_EVICT_INVALID_REQUEST                                       syscall.Errno = 5939
+	ERROR_CLUSTER_SINGLETON_RESOURCE                                          syscall.Errno = 5940
+	ERROR_CLUSTER_GROUP_SINGLETON_RESOURCE                                    syscall.Errno = 5941
+	ERROR_CLUSTER_RESOURCE_PROVIDER_FAILED                                    syscall.Errno = 5942
+	ERROR_CLUSTER_RESOURCE_CONFIGURATION_ERROR                                syscall.Errno = 5943
+	ERROR_CLUSTER_GROUP_BUSY                                                  syscall.Errno = 5944
+	ERROR_CLUSTER_NOT_SHARED_VOLUME                                           syscall.Errno = 5945
+	ERROR_CLUSTER_INVALID_SECURITY_DESCRIPTOR                                 syscall.Errno = 5946
+	ERROR_CLUSTER_SHARED_VOLUMES_IN_USE                                       syscall.Errno = 5947
+	ERROR_CLUSTER_USE_SHARED_VOLUMES_API                                      syscall.Errno = 5948
+	ERROR_CLUSTER_BACKUP_IN_PROGRESS                                          syscall.Errno = 5949
+	ERROR_NON_CSV_PATH                                                        syscall.Errno = 5950
+	ERROR_CSV_VOLUME_NOT_LOCAL                                                syscall.Errno = 5951
+	ERROR_CLUSTER_WATCHDOG_TERMINATING                                        syscall.Errno = 5952
+	ERROR_CLUSTER_RESOURCE_VETOED_MOVE_INCOMPATIBLE_NODES                     syscall.Errno = 5953
+	ERROR_CLUSTER_INVALID_NODE_WEIGHT                                         syscall.Errno = 5954
+	ERROR_CLUSTER_RESOURCE_VETOED_CALL                                        syscall.Errno = 5955
+	ERROR_RESMON_SYSTEM_RESOURCES_LACKING                                     syscall.Errno = 5956
+	ERROR_CLUSTER_RESOURCE_VETOED_MOVE_NOT_ENOUGH_RESOURCES_ON_DESTINATION    syscall.Errno = 5957
+	ERROR_CLUSTER_RESOURCE_VETOED_MOVE_NOT_ENOUGH_RESOURCES_ON_SOURCE         syscall.Errno = 5958
+	ERROR_CLUSTER_GROUP_QUEUED                                                syscall.Errno = 5959
+	ERROR_CLUSTER_RESOURCE_LOCKED_STATUS                                      syscall.Errno = 5960
+	ERROR_CLUSTER_SHARED_VOLUME_FAILOVER_NOT_ALLOWED                          syscall.Errno = 5961
+	ERROR_CLUSTER_NODE_DRAIN_IN_PROGRESS                                      syscall.Errno = 5962
+	ERROR_CLUSTER_DISK_NOT_CONNECTED                                          syscall.Errno = 5963
+	ERROR_DISK_NOT_CSV_CAPABLE                                                syscall.Errno = 5964
+	ERROR_RESOURCE_NOT_IN_AVAILABLE_STORAGE                                   syscall.Errno = 5965
+	ERROR_CLUSTER_SHARED_VOLUME_REDIRECTED                                    syscall.Errno = 5966
+	ERROR_CLUSTER_SHARED_VOLUME_NOT_REDIRECTED                                syscall.Errno = 5967
+	ERROR_CLUSTER_CANNOT_RETURN_PROPERTIES                                    syscall.Errno = 5968
+	ERROR_CLUSTER_RESOURCE_CONTAINS_UNSUPPORTED_DIFF_AREA_FOR_SHARED_VOLUMES  syscall.Errno = 5969
+	ERROR_CLUSTER_RESOURCE_IS_IN_MAINTENANCE_MODE                             syscall.Errno = 5970
+	ERROR_CLUSTER_AFFINITY_CONFLICT                                           syscall.Errno = 5971
+	ERROR_CLUSTER_RESOURCE_IS_REPLICA_VIRTUAL_MACHINE                         syscall.Errno = 5972
+	ERROR_CLUSTER_UPGRADE_INCOMPATIBLE_VERSIONS                               syscall.Errno = 5973
+	ERROR_CLUSTER_UPGRADE_FIX_QUORUM_NOT_SUPPORTED                            syscall.Errno = 5974
+	ERROR_CLUSTER_UPGRADE_RESTART_REQUIRED                                    syscall.Errno = 5975
+	ERROR_CLUSTER_UPGRADE_IN_PROGRESS                                         syscall.Errno = 5976
+	ERROR_CLUSTER_UPGRADE_INCOMPLETE                                          syscall.Errno = 5977
+	ERROR_CLUSTER_NODE_IN_GRACE_PERIOD                                        syscall.Errno = 5978
+	ERROR_CLUSTER_CSV_IO_PAUSE_TIMEOUT                                        syscall.Errno = 5979
+	ERROR_NODE_NOT_ACTIVE_CLUSTER_MEMBER                                      syscall.Errno = 5980
+	ERROR_CLUSTER_RESOURCE_NOT_MONITORED                                      syscall.Errno = 5981
+	ERROR_CLUSTER_RESOURCE_DOES_NOT_SUPPORT_UNMONITORED                       syscall.Errno = 5982
+	ERROR_CLUSTER_RESOURCE_IS_REPLICATED                                      syscall.Errno = 5983
+	ERROR_CLUSTER_NODE_ISOLATED                                               syscall.Errno = 5984
+	ERROR_CLUSTER_NODE_QUARANTINED                                            syscall.Errno = 5985
+	ERROR_CLUSTER_DATABASE_UPDATE_CONDITION_FAILED                            syscall.Errno = 5986
+	ERROR_CLUSTER_SPACE_DEGRADED                                              syscall.Errno = 5987
+	ERROR_CLUSTER_TOKEN_DELEGATION_NOT_SUPPORTED                              syscall.Errno = 5988
+	ERROR_CLUSTER_CSV_INVALID_HANDLE                                          syscall.Errno = 5989
+	ERROR_CLUSTER_CSV_SUPPORTED_ONLY_ON_COORDINATOR                           syscall.Errno = 5990
+	ERROR_GROUPSET_NOT_AVAILABLE                                              syscall.Errno = 5991
+	ERROR_GROUPSET_NOT_FOUND                                                  syscall.Errno = 5992
+	ERROR_GROUPSET_CANT_PROVIDE                                               syscall.Errno = 5993
+	ERROR_CLUSTER_FAULT_DOMAIN_PARENT_NOT_FOUND                               syscall.Errno = 5994
+	ERROR_CLUSTER_FAULT_DOMAIN_INVALID_HIERARCHY                              syscall.Errno = 5995
+	ERROR_CLUSTER_FAULT_DOMAIN_FAILED_S2D_VALIDATION                          syscall.Errno = 5996
+	ERROR_CLUSTER_FAULT_DOMAIN_S2D_CONNECTIVITY_LOSS                          syscall.Errno = 5997
+	ERROR_CLUSTER_INVALID_INFRASTRUCTURE_FILESERVER_NAME                      syscall.Errno = 5998
+	ERROR_CLUSTERSET_MANAGEMENT_CLUSTER_UNREACHABLE                           syscall.Errno = 5999
+	ERROR_ENCRYPTION_FAILED                                                   syscall.Errno = 6000
+	ERROR_DECRYPTION_FAILED                                                   syscall.Errno = 6001
+	ERROR_FILE_ENCRYPTED                                                      syscall.Errno = 6002
+	ERROR_NO_RECOVERY_POLICY                                                  syscall.Errno = 6003
+	ERROR_NO_EFS                                                              syscall.Errno = 6004
+	ERROR_WRONG_EFS                                                           syscall.Errno = 6005
+	ERROR_NO_USER_KEYS                                                        syscall.Errno = 6006
+	ERROR_FILE_NOT_ENCRYPTED                                                  syscall.Errno = 6007
+	ERROR_NOT_EXPORT_FORMAT                                                   syscall.Errno = 6008
+	ERROR_FILE_READ_ONLY                                                      syscall.Errno = 6009
+	ERROR_DIR_EFS_DISALLOWED                                                  syscall.Errno = 6010
+	ERROR_EFS_SERVER_NOT_TRUSTED                                              syscall.Errno = 6011
+	ERROR_BAD_RECOVERY_POLICY                                                 syscall.Errno = 6012
+	ERROR_EFS_ALG_BLOB_TOO_BIG                                                syscall.Errno = 6013
+	ERROR_VOLUME_NOT_SUPPORT_EFS                                              syscall.Errno = 6014
+	ERROR_EFS_DISABLED                                                        syscall.Errno = 6015
+	ERROR_EFS_VERSION_NOT_SUPPORT                                             syscall.Errno = 6016
+	ERROR_CS_ENCRYPTION_INVALID_SERVER_RESPONSE                               syscall.Errno = 6017
+	ERROR_CS_ENCRYPTION_UNSUPPORTED_SERVER                                    syscall.Errno = 6018
+	ERROR_CS_ENCRYPTION_EXISTING_ENCRYPTED_FILE                               syscall.Errno = 6019
+	ERROR_CS_ENCRYPTION_NEW_ENCRYPTED_FILE                                    syscall.Errno = 6020
+	ERROR_CS_ENCRYPTION_FILE_NOT_CSE                                          syscall.Errno = 6021
+	ERROR_ENCRYPTION_POLICY_DENIES_OPERATION                                  syscall.Errno = 6022
+	ERROR_NO_BROWSER_SERVERS_FOUND                                            syscall.Errno = 6118
+	SCHED_E_SERVICE_NOT_LOCALSYSTEM                                           syscall.Errno = 6200
+	ERROR_LOG_SECTOR_INVALID                                                  syscall.Errno = 6600
+	ERROR_LOG_SECTOR_PARITY_INVALID                                           syscall.Errno = 6601
+	ERROR_LOG_SECTOR_REMAPPED                                                 syscall.Errno = 6602
+	ERROR_LOG_BLOCK_INCOMPLETE                                                syscall.Errno = 6603
+	ERROR_LOG_INVALID_RANGE                                                   syscall.Errno = 6604
+	ERROR_LOG_BLOCKS_EXHAUSTED                                                syscall.Errno = 6605
+	ERROR_LOG_READ_CONTEXT_INVALID                                            syscall.Errno = 6606
+	ERROR_LOG_RESTART_INVALID                                                 syscall.Errno = 6607
+	ERROR_LOG_BLOCK_VERSION                                                   syscall.Errno = 6608
+	ERROR_LOG_BLOCK_INVALID                                                   syscall.Errno = 6609
+	ERROR_LOG_READ_MODE_INVALID                                               syscall.Errno = 6610
+	ERROR_LOG_NO_RESTART                                                      syscall.Errno = 6611
+	ERROR_LOG_METADATA_CORRUPT                                                syscall.Errno = 6612
+	ERROR_LOG_METADATA_INVALID                                                syscall.Errno = 6613
+	ERROR_LOG_METADATA_INCONSISTENT                                           syscall.Errno = 6614
+	ERROR_LOG_RESERVATION_INVALID                                             syscall.Errno = 6615
+	ERROR_LOG_CANT_DELETE                                                     syscall.Errno = 6616
+	ERROR_LOG_CONTAINER_LIMIT_EXCEEDED                                        syscall.Errno = 6617
+	ERROR_LOG_START_OF_LOG                                                    syscall.Errno = 6618
+	ERROR_LOG_POLICY_ALREADY_INSTALLED                                        syscall.Errno = 6619
+	ERROR_LOG_POLICY_NOT_INSTALLED                                            syscall.Errno = 6620
+	ERROR_LOG_POLICY_INVALID                                                  syscall.Errno = 6621
+	ERROR_LOG_POLICY_CONFLICT                                                 syscall.Errno = 6622
+	ERROR_LOG_PINNED_ARCHIVE_TAIL                                             syscall.Errno = 6623
+	ERROR_LOG_RECORD_NONEXISTENT                                              syscall.Errno = 6624
+	ERROR_LOG_RECORDS_RESERVED_INVALID                                        syscall.Errno = 6625
+	ERROR_LOG_SPACE_RESERVED_INVALID                                          syscall.Errno = 6626
+	ERROR_LOG_TAIL_INVALID                                                    syscall.Errno = 6627
+	ERROR_LOG_FULL                                                            syscall.Errno = 6628
+	ERROR_COULD_NOT_RESIZE_LOG                                                syscall.Errno = 6629
+	ERROR_LOG_MULTIPLEXED                                                     syscall.Errno = 6630
+	ERROR_LOG_DEDICATED                                                       syscall.Errno = 6631
+	ERROR_LOG_ARCHIVE_NOT_IN_PROGRESS                                         syscall.Errno = 6632
+	ERROR_LOG_ARCHIVE_IN_PROGRESS                                             syscall.Errno = 6633
+	ERROR_LOG_EPHEMERAL                                                       syscall.Errno = 6634
+	ERROR_LOG_NOT_ENOUGH_CONTAINERS                                           syscall.Errno = 6635
+	ERROR_LOG_CLIENT_ALREADY_REGISTERED                                       syscall.Errno = 6636
+	ERROR_LOG_CLIENT_NOT_REGISTERED                                           syscall.Errno = 6637
+	ERROR_LOG_FULL_HANDLER_IN_PROGRESS                                        syscall.Errno = 6638
+	ERROR_LOG_CONTAINER_READ_FAILED                                           syscall.Errno = 6639
+	ERROR_LOG_CONTAINER_WRITE_FAILED                                          syscall.Errno = 6640
+	ERROR_LOG_CONTAINER_OPEN_FAILED                                           syscall.Errno = 6641
+	ERROR_LOG_CONTAINER_STATE_INVALID                                         syscall.Errno = 6642
+	ERROR_LOG_STATE_INVALID                                                   syscall.Errno = 6643
+	ERROR_LOG_PINNED                                                          syscall.Errno = 6644
+	ERROR_LOG_METADATA_FLUSH_FAILED                                           syscall.Errno = 6645
+	ERROR_LOG_INCONSISTENT_SECURITY                                           syscall.Errno = 6646
+	ERROR_LOG_APPENDED_FLUSH_FAILED                                           syscall.Errno = 6647
+	ERROR_LOG_PINNED_RESERVATION                                              syscall.Errno = 6648
+	ERROR_INVALID_TRANSACTION                                                 syscall.Errno = 6700
+	ERROR_TRANSACTION_NOT_ACTIVE                                              syscall.Errno = 6701
+	ERROR_TRANSACTION_REQUEST_NOT_VALID                                       syscall.Errno = 6702
+	ERROR_TRANSACTION_NOT_REQUESTED                                           syscall.Errno = 6703
+	ERROR_TRANSACTION_ALREADY_ABORTED                                         syscall.Errno = 6704
+	ERROR_TRANSACTION_ALREADY_COMMITTED                                       syscall.Errno = 6705
+	ERROR_TM_INITIALIZATION_FAILED                                            syscall.Errno = 6706
+	ERROR_RESOURCEMANAGER_READ_ONLY                                           syscall.Errno = 6707
+	ERROR_TRANSACTION_NOT_JOINED                                              syscall.Errno = 6708
+	ERROR_TRANSACTION_SUPERIOR_EXISTS                                         syscall.Errno = 6709
+	ERROR_CRM_PROTOCOL_ALREADY_EXISTS                                         syscall.Errno = 6710
+	ERROR_TRANSACTION_PROPAGATION_FAILED                                      syscall.Errno = 6711
+	ERROR_CRM_PROTOCOL_NOT_FOUND                                              syscall.Errno = 6712
+	ERROR_TRANSACTION_INVALID_MARSHALL_BUFFER                                 syscall.Errno = 6713
+	ERROR_CURRENT_TRANSACTION_NOT_VALID                                       syscall.Errno = 6714
+	ERROR_TRANSACTION_NOT_FOUND                                               syscall.Errno = 6715
+	ERROR_RESOURCEMANAGER_NOT_FOUND                                           syscall.Errno = 6716
+	ERROR_ENLISTMENT_NOT_FOUND                                                syscall.Errno = 6717
+	ERROR_TRANSACTIONMANAGER_NOT_FOUND                                        syscall.Errno = 6718
+	ERROR_TRANSACTIONMANAGER_NOT_ONLINE                                       syscall.Errno = 6719
+	ERROR_TRANSACTIONMANAGER_RECOVERY_NAME_COLLISION                          syscall.Errno = 6720
+	ERROR_TRANSACTION_NOT_ROOT                                                syscall.Errno = 6721
+	ERROR_TRANSACTION_OBJECT_EXPIRED                                          syscall.Errno = 6722
+	ERROR_TRANSACTION_RESPONSE_NOT_ENLISTED                                   syscall.Errno = 6723
+	ERROR_TRANSACTION_RECORD_TOO_LONG                                         syscall.Errno = 6724
+	ERROR_IMPLICIT_TRANSACTION_NOT_SUPPORTED                                  syscall.Errno = 6725
+	ERROR_TRANSACTION_INTEGRITY_VIOLATED                                      syscall.Errno = 6726
+	ERROR_TRANSACTIONMANAGER_IDENTITY_MISMATCH                                syscall.Errno = 6727
+	ERROR_RM_CANNOT_BE_FROZEN_FOR_SNAPSHOT                                    syscall.Errno = 6728
+	ERROR_TRANSACTION_MUST_WRITETHROUGH                                       syscall.Errno = 6729
+	ERROR_TRANSACTION_NO_SUPERIOR                                             syscall.Errno = 6730
+	ERROR_HEURISTIC_DAMAGE_POSSIBLE                                           syscall.Errno = 6731
+	ERROR_TRANSACTIONAL_CONFLICT                                              syscall.Errno = 6800
+	ERROR_RM_NOT_ACTIVE                                                       syscall.Errno = 6801
+	ERROR_RM_METADATA_CORRUPT                                                 syscall.Errno = 6802
+	ERROR_DIRECTORY_NOT_RM                                                    syscall.Errno = 6803
+	ERROR_TRANSACTIONS_UNSUPPORTED_REMOTE                                     syscall.Errno = 6805
+	ERROR_LOG_RESIZE_INVALID_SIZE                                             syscall.Errno = 6806
+	ERROR_OBJECT_NO_LONGER_EXISTS                                             syscall.Errno = 6807
+	ERROR_STREAM_MINIVERSION_NOT_FOUND                                        syscall.Errno = 6808
+	ERROR_STREAM_MINIVERSION_NOT_VALID                                        syscall.Errno = 6809
+	ERROR_MINIVERSION_INACCESSIBLE_FROM_SPECIFIED_TRANSACTION                 syscall.Errno = 6810
+	ERROR_CANT_OPEN_MINIVERSION_WITH_MODIFY_INTENT                            syscall.Errno = 6811
+	ERROR_CANT_CREATE_MORE_STREAM_MINIVERSIONS                                syscall.Errno = 6812
+	ERROR_REMOTE_FILE_VERSION_MISMATCH                                        syscall.Errno = 6814
+	ERROR_HANDLE_NO_LONGER_VALID                                              syscall.Errno = 6815
+	ERROR_NO_TXF_METADATA                                                     syscall.Errno = 6816
+	ERROR_LOG_CORRUPTION_DETECTED                                             syscall.Errno = 6817
+	ERROR_CANT_RECOVER_WITH_HANDLE_OPEN                                       syscall.Errno = 6818
+	ERROR_RM_DISCONNECTED                                                     syscall.Errno = 6819
+	ERROR_ENLISTMENT_NOT_SUPERIOR                                             syscall.Errno = 6820
+	ERROR_RECOVERY_NOT_NEEDED                                                 syscall.Errno = 6821
+	ERROR_RM_ALREADY_STARTED                                                  syscall.Errno = 6822
+	ERROR_FILE_IDENTITY_NOT_PERSISTENT                                        syscall.Errno = 6823
+	ERROR_CANT_BREAK_TRANSACTIONAL_DEPENDENCY                                 syscall.Errno = 6824
+	ERROR_CANT_CROSS_RM_BOUNDARY                                              syscall.Errno = 6825
+	ERROR_TXF_DIR_NOT_EMPTY                                                   syscall.Errno = 6826
+	ERROR_INDOUBT_TRANSACTIONS_EXIST                                          syscall.Errno = 6827
+	ERROR_TM_VOLATILE                                                         syscall.Errno = 6828
+	ERROR_ROLLBACK_TIMER_EXPIRED                                              syscall.Errno = 6829
+	ERROR_TXF_ATTRIBUTE_CORRUPT                                               syscall.Errno = 6830
+	ERROR_EFS_NOT_ALLOWED_IN_TRANSACTION                                      syscall.Errno = 6831
+	ERROR_TRANSACTIONAL_OPEN_NOT_ALLOWED                                      syscall.Errno = 6832
+	ERROR_LOG_GROWTH_FAILED                                                   syscall.Errno = 6833
+	ERROR_TRANSACTED_MAPPING_UNSUPPORTED_REMOTE                               syscall.Errno = 6834
+	ERROR_TXF_METADATA_ALREADY_PRESENT                                        syscall.Errno = 6835
+	ERROR_TRANSACTION_SCOPE_CALLBACKS_NOT_SET                                 syscall.Errno = 6836
+	ERROR_TRANSACTION_REQUIRED_PROMOTION                                      syscall.Errno = 6837
+	ERROR_CANNOT_EXECUTE_FILE_IN_TRANSACTION                                  syscall.Errno = 6838
+	ERROR_TRANSACTIONS_NOT_FROZEN                                             syscall.Errno = 6839
+	ERROR_TRANSACTION_FREEZE_IN_PROGRESS                                      syscall.Errno = 6840
+	ERROR_NOT_SNAPSHOT_VOLUME                                                 syscall.Errno = 6841
+	ERROR_NO_SAVEPOINT_WITH_OPEN_FILES                                        syscall.Errno = 6842
+	ERROR_DATA_LOST_REPAIR                                                    syscall.Errno = 6843
+	ERROR_SPARSE_NOT_ALLOWED_IN_TRANSACTION                                   syscall.Errno = 6844
+	ERROR_TM_IDENTITY_MISMATCH                                                syscall.Errno = 6845
+	ERROR_FLOATED_SECTION                                                     syscall.Errno = 6846
+	ERROR_CANNOT_ACCEPT_TRANSACTED_WORK                                       syscall.Errno = 6847
+	ERROR_CANNOT_ABORT_TRANSACTIONS                                           syscall.Errno = 6848
+	ERROR_BAD_CLUSTERS                                                        syscall.Errno = 6849
+	ERROR_COMPRESSION_NOT_ALLOWED_IN_TRANSACTION                              syscall.Errno = 6850
+	ERROR_VOLUME_DIRTY                                                        syscall.Errno = 6851
+	ERROR_NO_LINK_TRACKING_IN_TRANSACTION                                     syscall.Errno = 6852
+	ERROR_OPERATION_NOT_SUPPORTED_IN_TRANSACTION                              syscall.Errno = 6853
+	ERROR_EXPIRED_HANDLE                                                      syscall.Errno = 6854
+	ERROR_TRANSACTION_NOT_ENLISTED                                            syscall.Errno = 6855
+	ERROR_CTX_WINSTATION_NAME_INVALID                                         syscall.Errno = 7001
+	ERROR_CTX_INVALID_PD                                                      syscall.Errno = 7002
+	ERROR_CTX_PD_NOT_FOUND                                                    syscall.Errno = 7003
+	ERROR_CTX_WD_NOT_FOUND                                                    syscall.Errno = 7004
+	ERROR_CTX_CANNOT_MAKE_EVENTLOG_ENTRY                                      syscall.Errno = 7005
+	ERROR_CTX_SERVICE_NAME_COLLISION                                          syscall.Errno = 7006
+	ERROR_CTX_CLOSE_PENDING                                                   syscall.Errno = 7007
+	ERROR_CTX_NO_OUTBUF                                                       syscall.Errno = 7008
+	ERROR_CTX_MODEM_INF_NOT_FOUND                                             syscall.Errno = 7009
+	ERROR_CTX_INVALID_MODEMNAME                                               syscall.Errno = 7010
+	ERROR_CTX_MODEM_RESPONSE_ERROR                                            syscall.Errno = 7011
+	ERROR_CTX_MODEM_RESPONSE_TIMEOUT                                          syscall.Errno = 7012
+	ERROR_CTX_MODEM_RESPONSE_NO_CARRIER                                       syscall.Errno = 7013
+	ERROR_CTX_MODEM_RESPONSE_NO_DIALTONE                                      syscall.Errno = 7014
+	ERROR_CTX_MODEM_RESPONSE_BUSY                                             syscall.Errno = 7015
+	ERROR_CTX_MODEM_RESPONSE_VOICE                                            syscall.Errno = 7016
+	ERROR_CTX_TD_ERROR                                                        syscall.Errno = 7017
+	ERROR_CTX_WINSTATION_NOT_FOUND                                            syscall.Errno = 7022
+	ERROR_CTX_WINSTATION_ALREADY_EXISTS                                       syscall.Errno = 7023
+	ERROR_CTX_WINSTATION_BUSY                                                 syscall.Errno = 7024
+	ERROR_CTX_BAD_VIDEO_MODE                                                  syscall.Errno = 7025
+	ERROR_CTX_GRAPHICS_INVALID                                                syscall.Errno = 7035
+	ERROR_CTX_LOGON_DISABLED                                                  syscall.Errno = 7037
+	ERROR_CTX_NOT_CONSOLE                                                     syscall.Errno = 7038
+	ERROR_CTX_CLIENT_QUERY_TIMEOUT                                            syscall.Errno = 7040
+	ERROR_CTX_CONSOLE_DISCONNECT                                              syscall.Errno = 7041
+	ERROR_CTX_CONSOLE_CONNECT                                                 syscall.Errno = 7042
+	ERROR_CTX_SHADOW_DENIED                                                   syscall.Errno = 7044
+	ERROR_CTX_WINSTATION_ACCESS_DENIED                                        syscall.Errno = 7045
+	ERROR_CTX_INVALID_WD                                                      syscall.Errno = 7049
+	ERROR_CTX_SHADOW_INVALID                                                  syscall.Errno = 7050
+	ERROR_CTX_SHADOW_DISABLED                                                 syscall.Errno = 7051
+	ERROR_CTX_CLIENT_LICENSE_IN_USE                                           syscall.Errno = 7052
+	ERROR_CTX_CLIENT_LICENSE_NOT_SET                                          syscall.Errno = 7053
+	ERROR_CTX_LICENSE_NOT_AVAILABLE                                           syscall.Errno = 7054
+	ERROR_CTX_LICENSE_CLIENT_INVALID                                          syscall.Errno = 7055
+	ERROR_CTX_LICENSE_EXPIRED                                                 syscall.Errno = 7056
+	ERROR_CTX_SHADOW_NOT_RUNNING                                              syscall.Errno = 7057
+	ERROR_CTX_SHADOW_ENDED_BY_MODE_CHANGE                                     syscall.Errno = 7058
+	ERROR_ACTIVATION_COUNT_EXCEEDED                                           syscall.Errno = 7059
+	ERROR_CTX_WINSTATIONS_DISABLED                                            syscall.Errno = 7060
+	ERROR_CTX_ENCRYPTION_LEVEL_REQUIRED                                       syscall.Errno = 7061
+	ERROR_CTX_SESSION_IN_USE                                                  syscall.Errno = 7062
+	ERROR_CTX_NO_FORCE_LOGOFF                                                 syscall.Errno = 7063
+	ERROR_CTX_ACCOUNT_RESTRICTION                                             syscall.Errno = 7064
+	ERROR_RDP_PROTOCOL_ERROR                                                  syscall.Errno = 7065
+	ERROR_CTX_CDM_CONNECT                                                     syscall.Errno = 7066
+	ERROR_CTX_CDM_DISCONNECT                                                  syscall.Errno = 7067
+	ERROR_CTX_SECURITY_LAYER_ERROR                                            syscall.Errno = 7068
+	ERROR_TS_INCOMPATIBLE_SESSIONS                                            syscall.Errno = 7069
+	ERROR_TS_VIDEO_SUBSYSTEM_ERROR                                            syscall.Errno = 7070
+	FRS_ERR_INVALID_API_SEQUENCE                                              syscall.Errno = 8001
+	FRS_ERR_STARTING_SERVICE                                                  syscall.Errno = 8002
+	FRS_ERR_STOPPING_SERVICE                                                  syscall.Errno = 8003
+	FRS_ERR_INTERNAL_API                                                      syscall.Errno = 8004
+	FRS_ERR_INTERNAL                                                          syscall.Errno = 8005
+	FRS_ERR_SERVICE_COMM                                                      syscall.Errno = 8006
+	FRS_ERR_INSUFFICIENT_PRIV                                                 syscall.Errno = 8007
+	FRS_ERR_AUTHENTICATION                                                    syscall.Errno = 8008
+	FRS_ERR_PARENT_INSUFFICIENT_PRIV                                          syscall.Errno = 8009
+	FRS_ERR_PARENT_AUTHENTICATION                                             syscall.Errno = 8010
+	FRS_ERR_CHILD_TO_PARENT_COMM                                              syscall.Errno = 8011
+	FRS_ERR_PARENT_TO_CHILD_COMM                                              syscall.Errno = 8012
+	FRS_ERR_SYSVOL_POPULATE                                                   syscall.Errno = 8013
+	FRS_ERR_SYSVOL_POPULATE_TIMEOUT                                           syscall.Errno = 8014
+	FRS_ERR_SYSVOL_IS_BUSY                                                    syscall.Errno = 8015
+	FRS_ERR_SYSVOL_DEMOTE                                                     syscall.Errno = 8016
+	FRS_ERR_INVALID_SERVICE_PARAMETER                                         syscall.Errno = 8017
+	DS_S_SUCCESS                                                                            = ERROR_SUCCESS
+	ERROR_DS_NOT_INSTALLED                                                    syscall.Errno = 8200
+	ERROR_DS_MEMBERSHIP_EVALUATED_LOCALLY                                     syscall.Errno = 8201
+	ERROR_DS_NO_ATTRIBUTE_OR_VALUE                                            syscall.Errno = 8202
+	ERROR_DS_INVALID_ATTRIBUTE_SYNTAX                                         syscall.Errno = 8203
+	ERROR_DS_ATTRIBUTE_TYPE_UNDEFINED                                         syscall.Errno = 8204
+	ERROR_DS_ATTRIBUTE_OR_VALUE_EXISTS                                        syscall.Errno = 8205
+	ERROR_DS_BUSY                                                             syscall.Errno = 8206
+	ERROR_DS_UNAVAILABLE                                                      syscall.Errno = 8207
+	ERROR_DS_NO_RIDS_ALLOCATED                                                syscall.Errno = 8208
+	ERROR_DS_NO_MORE_RIDS                                                     syscall.Errno = 8209
+	ERROR_DS_INCORRECT_ROLE_OWNER                                             syscall.Errno = 8210
+	ERROR_DS_RIDMGR_INIT_ERROR                                                syscall.Errno = 8211
+	ERROR_DS_OBJ_CLASS_VIOLATION                                              syscall.Errno = 8212
+	ERROR_DS_CANT_ON_NON_LEAF                                                 syscall.Errno = 8213
+	ERROR_DS_CANT_ON_RDN                                                      syscall.Errno = 8214
+	ERROR_DS_CANT_MOD_OBJ_CLASS                                               syscall.Errno = 8215
+	ERROR_DS_CROSS_DOM_MOVE_ERROR                                             syscall.Errno = 8216
+	ERROR_DS_GC_NOT_AVAILABLE                                                 syscall.Errno = 8217
+	ERROR_SHARED_POLICY                                                       syscall.Errno = 8218
+	ERROR_POLICY_OBJECT_NOT_FOUND                                             syscall.Errno = 8219
+	ERROR_POLICY_ONLY_IN_DS                                                   syscall.Errno = 8220
+	ERROR_PROMOTION_ACTIVE                                                    syscall.Errno = 8221
+	ERROR_NO_PROMOTION_ACTIVE                                                 syscall.Errno = 8222
+	ERROR_DS_OPERATIONS_ERROR                                                 syscall.Errno = 8224
+	ERROR_DS_PROTOCOL_ERROR                                                   syscall.Errno = 8225
+	ERROR_DS_TIMELIMIT_EXCEEDED                                               syscall.Errno = 8226
+	ERROR_DS_SIZELIMIT_EXCEEDED                                               syscall.Errno = 8227
+	ERROR_DS_ADMIN_LIMIT_EXCEEDED                                             syscall.Errno = 8228
+	ERROR_DS_COMPARE_FALSE                                                    syscall.Errno = 8229
+	ERROR_DS_COMPARE_TRUE                                                     syscall.Errno = 8230
+	ERROR_DS_AUTH_METHOD_NOT_SUPPORTED                                        syscall.Errno = 8231
+	ERROR_DS_STRONG_AUTH_REQUIRED                                             syscall.Errno = 8232
+	ERROR_DS_INAPPROPRIATE_AUTH                                               syscall.Errno = 8233
+	ERROR_DS_AUTH_UNKNOWN                                                     syscall.Errno = 8234
+	ERROR_DS_REFERRAL                                                         syscall.Errno = 8235
+	ERROR_DS_UNAVAILABLE_CRIT_EXTENSION                                       syscall.Errno = 8236
+	ERROR_DS_CONFIDENTIALITY_REQUIRED                                         syscall.Errno = 8237
+	ERROR_DS_INAPPROPRIATE_MATCHING                                           syscall.Errno = 8238
+	ERROR_DS_CONSTRAINT_VIOLATION                                             syscall.Errno = 8239
+	ERROR_DS_NO_SUCH_OBJECT                                                   syscall.Errno = 8240
+	ERROR_DS_ALIAS_PROBLEM                                                    syscall.Errno = 8241
+	ERROR_DS_INVALID_DN_SYNTAX                                                syscall.Errno = 8242
+	ERROR_DS_IS_LEAF                                                          syscall.Errno = 8243
+	ERROR_DS_ALIAS_DEREF_PROBLEM                                              syscall.Errno = 8244
+	ERROR_DS_UNWILLING_TO_PERFORM                                             syscall.Errno = 8245
+	ERROR_DS_LOOP_DETECT                                                      syscall.Errno = 8246
+	ERROR_DS_NAMING_VIOLATION                                                 syscall.Errno = 8247
+	ERROR_DS_OBJECT_RESULTS_TOO_LARGE                                         syscall.Errno = 8248
+	ERROR_DS_AFFECTS_MULTIPLE_DSAS                                            syscall.Errno = 8249
+	ERROR_DS_SERVER_DOWN                                                      syscall.Errno = 8250
+	ERROR_DS_LOCAL_ERROR                                                      syscall.Errno = 8251
+	ERROR_DS_ENCODING_ERROR                                                   syscall.Errno = 8252
+	ERROR_DS_DECODING_ERROR                                                   syscall.Errno = 8253
+	ERROR_DS_FILTER_UNKNOWN                                                   syscall.Errno = 8254
+	ERROR_DS_PARAM_ERROR                                                      syscall.Errno = 8255
+	ERROR_DS_NOT_SUPPORTED                                                    syscall.Errno = 8256
+	ERROR_DS_NO_RESULTS_RETURNED                                              syscall.Errno = 8257
+	ERROR_DS_CONTROL_NOT_FOUND                                                syscall.Errno = 8258
+	ERROR_DS_CLIENT_LOOP                                                      syscall.Errno = 8259
+	ERROR_DS_REFERRAL_LIMIT_EXCEEDED                                          syscall.Errno = 8260
+	ERROR_DS_SORT_CONTROL_MISSING                                             syscall.Errno = 8261
+	ERROR_DS_OFFSET_RANGE_ERROR                                               syscall.Errno = 8262
+	ERROR_DS_RIDMGR_DISABLED                                                  syscall.Errno = 8263
+	ERROR_DS_ROOT_MUST_BE_NC                                                  syscall.Errno = 8301
+	ERROR_DS_ADD_REPLICA_INHIBITED                                            syscall.Errno = 8302
+	ERROR_DS_ATT_NOT_DEF_IN_SCHEMA                                            syscall.Errno = 8303
+	ERROR_DS_MAX_OBJ_SIZE_EXCEEDED                                            syscall.Errno = 8304
+	ERROR_DS_OBJ_STRING_NAME_EXISTS                                           syscall.Errno = 8305
+	ERROR_DS_NO_RDN_DEFINED_IN_SCHEMA                                         syscall.Errno = 8306
+	ERROR_DS_RDN_DOESNT_MATCH_SCHEMA                                          syscall.Errno = 8307
+	ERROR_DS_NO_REQUESTED_ATTS_FOUND                                          syscall.Errno = 8308
+	ERROR_DS_USER_BUFFER_TO_SMALL                                             syscall.Errno = 8309
+	ERROR_DS_ATT_IS_NOT_ON_OBJ                                                syscall.Errno = 8310
+	ERROR_DS_ILLEGAL_MOD_OPERATION                                            syscall.Errno = 8311
+	ERROR_DS_OBJ_TOO_LARGE                                                    syscall.Errno = 8312
+	ERROR_DS_BAD_INSTANCE_TYPE                                                syscall.Errno = 8313
+	ERROR_DS_MASTERDSA_REQUIRED                                               syscall.Errno = 8314
+	ERROR_DS_OBJECT_CLASS_REQUIRED                                            syscall.Errno = 8315
+	ERROR_DS_MISSING_REQUIRED_ATT                                             syscall.Errno = 8316
+	ERROR_DS_ATT_NOT_DEF_FOR_CLASS                                            syscall.Errno = 8317
+	ERROR_DS_ATT_ALREADY_EXISTS                                               syscall.Errno = 8318
+	ERROR_DS_CANT_ADD_ATT_VALUES                                              syscall.Errno = 8320
+	ERROR_DS_SINGLE_VALUE_CONSTRAINT                                          syscall.Errno = 8321
+	ERROR_DS_RANGE_CONSTRAINT                                                 syscall.Errno = 8322
+	ERROR_DS_ATT_VAL_ALREADY_EXISTS                                           syscall.Errno = 8323
+	ERROR_DS_CANT_REM_MISSING_ATT                                             syscall.Errno = 8324
+	ERROR_DS_CANT_REM_MISSING_ATT_VAL                                         syscall.Errno = 8325
+	ERROR_DS_ROOT_CANT_BE_SUBREF                                              syscall.Errno = 8326
+	ERROR_DS_NO_CHAINING                                                      syscall.Errno = 8327
+	ERROR_DS_NO_CHAINED_EVAL                                                  syscall.Errno = 8328
+	ERROR_DS_NO_PARENT_OBJECT                                                 syscall.Errno = 8329
+	ERROR_DS_PARENT_IS_AN_ALIAS                                               syscall.Errno = 8330
+	ERROR_DS_CANT_MIX_MASTER_AND_REPS                                         syscall.Errno = 8331
+	ERROR_DS_CHILDREN_EXIST                                                   syscall.Errno = 8332
+	ERROR_DS_OBJ_NOT_FOUND                                                    syscall.Errno = 8333
+	ERROR_DS_ALIASED_OBJ_MISSING                                              syscall.Errno = 8334
+	ERROR_DS_BAD_NAME_SYNTAX                                                  syscall.Errno = 8335
+	ERROR_DS_ALIAS_POINTS_TO_ALIAS                                            syscall.Errno = 8336
+	ERROR_DS_CANT_DEREF_ALIAS                                                 syscall.Errno = 8337
+	ERROR_DS_OUT_OF_SCOPE                                                     syscall.Errno = 8338
+	ERROR_DS_OBJECT_BEING_REMOVED                                             syscall.Errno = 8339
+	ERROR_DS_CANT_DELETE_DSA_OBJ                                              syscall.Errno = 8340
+	ERROR_DS_GENERIC_ERROR                                                    syscall.Errno = 8341
+	ERROR_DS_DSA_MUST_BE_INT_MASTER                                           syscall.Errno = 8342
+	ERROR_DS_CLASS_NOT_DSA                                                    syscall.Errno = 8343
+	ERROR_DS_INSUFF_ACCESS_RIGHTS                                             syscall.Errno = 8344
+	ERROR_DS_ILLEGAL_SUPERIOR                                                 syscall.Errno = 8345
+	ERROR_DS_ATTRIBUTE_OWNED_BY_SAM                                           syscall.Errno = 8346
+	ERROR_DS_NAME_TOO_MANY_PARTS                                              syscall.Errno = 8347
+	ERROR_DS_NAME_TOO_LONG                                                    syscall.Errno = 8348
+	ERROR_DS_NAME_VALUE_TOO_LONG                                              syscall.Errno = 8349
+	ERROR_DS_NAME_UNPARSEABLE                                                 syscall.Errno = 8350
+	ERROR_DS_NAME_TYPE_UNKNOWN                                                syscall.Errno = 8351
+	ERROR_DS_NOT_AN_OBJECT                                                    syscall.Errno = 8352
+	ERROR_DS_SEC_DESC_TOO_SHORT                                               syscall.Errno = 8353
+	ERROR_DS_SEC_DESC_INVALID                                                 syscall.Errno = 8354
+	ERROR_DS_NO_DELETED_NAME                                                  syscall.Errno = 8355
+	ERROR_DS_SUBREF_MUST_HAVE_PARENT                                          syscall.Errno = 8356
+	ERROR_DS_NCNAME_MUST_BE_NC                                                syscall.Errno = 8357
+	ERROR_DS_CANT_ADD_SYSTEM_ONLY                                             syscall.Errno = 8358
+	ERROR_DS_CLASS_MUST_BE_CONCRETE                                           syscall.Errno = 8359
+	ERROR_DS_INVALID_DMD                                                      syscall.Errno = 8360
+	ERROR_DS_OBJ_GUID_EXISTS                                                  syscall.Errno = 8361
+	ERROR_DS_NOT_ON_BACKLINK                                                  syscall.Errno = 8362
+	ERROR_DS_NO_CROSSREF_FOR_NC                                               syscall.Errno = 8363
+	ERROR_DS_SHUTTING_DOWN                                                    syscall.Errno = 8364
+	ERROR_DS_UNKNOWN_OPERATION                                                syscall.Errno = 8365
+	ERROR_DS_INVALID_ROLE_OWNER                                               syscall.Errno = 8366
+	ERROR_DS_COULDNT_CONTACT_FSMO                                             syscall.Errno = 8367
+	ERROR_DS_CROSS_NC_DN_RENAME                                               syscall.Errno = 8368
+	ERROR_DS_CANT_MOD_SYSTEM_ONLY                                             syscall.Errno = 8369
+	ERROR_DS_REPLICATOR_ONLY                                                  syscall.Errno = 8370
+	ERROR_DS_OBJ_CLASS_NOT_DEFINED                                            syscall.Errno = 8371
+	ERROR_DS_OBJ_CLASS_NOT_SUBCLASS                                           syscall.Errno = 8372
+	ERROR_DS_NAME_REFERENCE_INVALID                                           syscall.Errno = 8373
+	ERROR_DS_CROSS_REF_EXISTS                                                 syscall.Errno = 8374
+	ERROR_DS_CANT_DEL_MASTER_CROSSREF                                         syscall.Errno = 8375
+	ERROR_DS_SUBTREE_NOTIFY_NOT_NC_HEAD                                       syscall.Errno = 8376
+	ERROR_DS_NOTIFY_FILTER_TOO_COMPLEX                                        syscall.Errno = 8377
+	ERROR_DS_DUP_RDN                                                          syscall.Errno = 8378
+	ERROR_DS_DUP_OID                                                          syscall.Errno = 8379
+	ERROR_DS_DUP_MAPI_ID                                                      syscall.Errno = 8380
+	ERROR_DS_DUP_SCHEMA_ID_GUID                                               syscall.Errno = 8381
+	ERROR_DS_DUP_LDAP_DISPLAY_NAME                                            syscall.Errno = 8382
+	ERROR_DS_SEMANTIC_ATT_TEST                                                syscall.Errno = 8383
+	ERROR_DS_SYNTAX_MISMATCH                                                  syscall.Errno = 8384
+	ERROR_DS_EXISTS_IN_MUST_HAVE                                              syscall.Errno = 8385
+	ERROR_DS_EXISTS_IN_MAY_HAVE                                               syscall.Errno = 8386
+	ERROR_DS_NONEXISTENT_MAY_HAVE                                             syscall.Errno = 8387
+	ERROR_DS_NONEXISTENT_MUST_HAVE                                            syscall.Errno = 8388
+	ERROR_DS_AUX_CLS_TEST_FAIL                                                syscall.Errno = 8389
+	ERROR_DS_NONEXISTENT_POSS_SUP                                             syscall.Errno = 8390
+	ERROR_DS_SUB_CLS_TEST_FAIL                                                syscall.Errno = 8391
+	ERROR_DS_BAD_RDN_ATT_ID_SYNTAX                                            syscall.Errno = 8392
+	ERROR_DS_EXISTS_IN_AUX_CLS                                                syscall.Errno = 8393
+	ERROR_DS_EXISTS_IN_SUB_CLS                                                syscall.Errno = 8394
+	ERROR_DS_EXISTS_IN_POSS_SUP                                               syscall.Errno = 8395
+	ERROR_DS_RECALCSCHEMA_FAILED                                              syscall.Errno = 8396
+	ERROR_DS_TREE_DELETE_NOT_FINISHED                                         syscall.Errno = 8397
+	ERROR_DS_CANT_DELETE                                                      syscall.Errno = 8398
+	ERROR_DS_ATT_SCHEMA_REQ_ID                                                syscall.Errno = 8399
+	ERROR_DS_BAD_ATT_SCHEMA_SYNTAX                                            syscall.Errno = 8400
+	ERROR_DS_CANT_CACHE_ATT                                                   syscall.Errno = 8401
+	ERROR_DS_CANT_CACHE_CLASS                                                 syscall.Errno = 8402
+	ERROR_DS_CANT_REMOVE_ATT_CACHE                                            syscall.Errno = 8403
+	ERROR_DS_CANT_REMOVE_CLASS_CACHE                                          syscall.Errno = 8404
+	ERROR_DS_CANT_RETRIEVE_DN                                                 syscall.Errno = 8405
+	ERROR_DS_MISSING_SUPREF                                                   syscall.Errno = 8406
+	ERROR_DS_CANT_RETRIEVE_INSTANCE                                           syscall.Errno = 8407
+	ERROR_DS_CODE_INCONSISTENCY                                               syscall.Errno = 8408
+	ERROR_DS_DATABASE_ERROR                                                   syscall.Errno = 8409
+	ERROR_DS_GOVERNSID_MISSING                                                syscall.Errno = 8410
+	ERROR_DS_MISSING_EXPECTED_ATT                                             syscall.Errno = 8411
+	ERROR_DS_NCNAME_MISSING_CR_REF                                            syscall.Errno = 8412
+	ERROR_DS_SECURITY_CHECKING_ERROR                                          syscall.Errno = 8413
+	ERROR_DS_SCHEMA_NOT_LOADED                                                syscall.Errno = 8414
+	ERROR_DS_SCHEMA_ALLOC_FAILED                                              syscall.Errno = 8415
+	ERROR_DS_ATT_SCHEMA_REQ_SYNTAX                                            syscall.Errno = 8416
+	ERROR_DS_GCVERIFY_ERROR                                                   syscall.Errno = 8417
+	ERROR_DS_DRA_SCHEMA_MISMATCH                                              syscall.Errno = 8418
+	ERROR_DS_CANT_FIND_DSA_OBJ                                                syscall.Errno = 8419
+	ERROR_DS_CANT_FIND_EXPECTED_NC                                            syscall.Errno = 8420
+	ERROR_DS_CANT_FIND_NC_IN_CACHE                                            syscall.Errno = 8421
+	ERROR_DS_CANT_RETRIEVE_CHILD                                              syscall.Errno = 8422
+	ERROR_DS_SECURITY_ILLEGAL_MODIFY                                          syscall.Errno = 8423
+	ERROR_DS_CANT_REPLACE_HIDDEN_REC                                          syscall.Errno = 8424
+	ERROR_DS_BAD_HIERARCHY_FILE                                               syscall.Errno = 8425
+	ERROR_DS_BUILD_HIERARCHY_TABLE_FAILED                                     syscall.Errno = 8426
+	ERROR_DS_CONFIG_PARAM_MISSING                                             syscall.Errno = 8427
+	ERROR_DS_COUNTING_AB_INDICES_FAILED                                       syscall.Errno = 8428
+	ERROR_DS_HIERARCHY_TABLE_MALLOC_FAILED                                    syscall.Errno = 8429
+	ERROR_DS_INTERNAL_FAILURE                                                 syscall.Errno = 8430
+	ERROR_DS_UNKNOWN_ERROR                                                    syscall.Errno = 8431
+	ERROR_DS_ROOT_REQUIRES_CLASS_TOP                                          syscall.Errno = 8432
+	ERROR_DS_REFUSING_FSMO_ROLES                                              syscall.Errno = 8433
+	ERROR_DS_MISSING_FSMO_SETTINGS                                            syscall.Errno = 8434
+	ERROR_DS_UNABLE_TO_SURRENDER_ROLES                                        syscall.Errno = 8435
+	ERROR_DS_DRA_GENERIC                                                      syscall.Errno = 8436
+	ERROR_DS_DRA_INVALID_PARAMETER                                            syscall.Errno = 8437
+	ERROR_DS_DRA_BUSY                                                         syscall.Errno = 8438
+	ERROR_DS_DRA_BAD_DN                                                       syscall.Errno = 8439
+	ERROR_DS_DRA_BAD_NC                                                       syscall.Errno = 8440
+	ERROR_DS_DRA_DN_EXISTS                                                    syscall.Errno = 8441
+	ERROR_DS_DRA_INTERNAL_ERROR                                               syscall.Errno = 8442
+	ERROR_DS_DRA_INCONSISTENT_DIT                                             syscall.Errno = 8443
+	ERROR_DS_DRA_CONNECTION_FAILED                                            syscall.Errno = 8444
+	ERROR_DS_DRA_BAD_INSTANCE_TYPE                                            syscall.Errno = 8445
+	ERROR_DS_DRA_OUT_OF_MEM                                                   syscall.Errno = 8446
+	ERROR_DS_DRA_MAIL_PROBLEM                                                 syscall.Errno = 8447
+	ERROR_DS_DRA_REF_ALREADY_EXISTS                                           syscall.Errno = 8448
+	ERROR_DS_DRA_REF_NOT_FOUND                                                syscall.Errno = 8449
+	ERROR_DS_DRA_OBJ_IS_REP_SOURCE                                            syscall.Errno = 8450
+	ERROR_DS_DRA_DB_ERROR                                                     syscall.Errno = 8451
+	ERROR_DS_DRA_NO_REPLICA                                                   syscall.Errno = 8452
+	ERROR_DS_DRA_ACCESS_DENIED                                                syscall.Errno = 8453
+	ERROR_DS_DRA_NOT_SUPPORTED                                                syscall.Errno = 8454
+	ERROR_DS_DRA_RPC_CANCELLED                                                syscall.Errno = 8455
+	ERROR_DS_DRA_SOURCE_DISABLED                                              syscall.Errno = 8456
+	ERROR_DS_DRA_SINK_DISABLED                                                syscall.Errno = 8457
+	ERROR_DS_DRA_NAME_COLLISION                                               syscall.Errno = 8458
+	ERROR_DS_DRA_SOURCE_REINSTALLED                                           syscall.Errno = 8459
+	ERROR_DS_DRA_MISSING_PARENT                                               syscall.Errno = 8460
+	ERROR_DS_DRA_PREEMPTED                                                    syscall.Errno = 8461
+	ERROR_DS_DRA_ABANDON_SYNC                                                 syscall.Errno = 8462
+	ERROR_DS_DRA_SHUTDOWN                                                     syscall.Errno = 8463
+	ERROR_DS_DRA_INCOMPATIBLE_PARTIAL_SET                                     syscall.Errno = 8464
+	ERROR_DS_DRA_SOURCE_IS_PARTIAL_REPLICA                                    syscall.Errno = 8465
+	ERROR_DS_DRA_EXTN_CONNECTION_FAILED                                       syscall.Errno = 8466
+	ERROR_DS_INSTALL_SCHEMA_MISMATCH                                          syscall.Errno = 8467
+	ERROR_DS_DUP_LINK_ID                                                      syscall.Errno = 8468
+	ERROR_DS_NAME_ERROR_RESOLVING                                             syscall.Errno = 8469
+	ERROR_DS_NAME_ERROR_NOT_FOUND                                             syscall.Errno = 8470
+	ERROR_DS_NAME_ERROR_NOT_UNIQUE                                            syscall.Errno = 8471
+	ERROR_DS_NAME_ERROR_NO_MAPPING                                            syscall.Errno = 8472
+	ERROR_DS_NAME_ERROR_DOMAIN_ONLY                                           syscall.Errno = 8473
+	ERROR_DS_NAME_ERROR_NO_SYNTACTICAL_MAPPING                                syscall.Errno = 8474
+	ERROR_DS_CONSTRUCTED_ATT_MOD                                              syscall.Errno = 8475
+	ERROR_DS_WRONG_OM_OBJ_CLASS                                               syscall.Errno = 8476
+	ERROR_DS_DRA_REPL_PENDING                                                 syscall.Errno = 8477
+	ERROR_DS_DS_REQUIRED                                                      syscall.Errno = 8478
+	ERROR_DS_INVALID_LDAP_DISPLAY_NAME                                        syscall.Errno = 8479
+	ERROR_DS_NON_BASE_SEARCH                                                  syscall.Errno = 8480
+	ERROR_DS_CANT_RETRIEVE_ATTS                                               syscall.Errno = 8481
+	ERROR_DS_BACKLINK_WITHOUT_LINK                                            syscall.Errno = 8482
+	ERROR_DS_EPOCH_MISMATCH                                                   syscall.Errno = 8483
+	ERROR_DS_SRC_NAME_MISMATCH                                                syscall.Errno = 8484
+	ERROR_DS_SRC_AND_DST_NC_IDENTICAL                                         syscall.Errno = 8485
+	ERROR_DS_DST_NC_MISMATCH                                                  syscall.Errno = 8486
+	ERROR_DS_NOT_AUTHORITIVE_FOR_DST_NC                                       syscall.Errno = 8487
+	ERROR_DS_SRC_GUID_MISMATCH                                                syscall.Errno = 8488
+	ERROR_DS_CANT_MOVE_DELETED_OBJECT                                         syscall.Errno = 8489
+	ERROR_DS_PDC_OPERATION_IN_PROGRESS                                        syscall.Errno = 8490
+	ERROR_DS_CROSS_DOMAIN_CLEANUP_REQD                                        syscall.Errno = 8491
+	ERROR_DS_ILLEGAL_XDOM_MOVE_OPERATION                                      syscall.Errno = 8492
+	ERROR_DS_CANT_WITH_ACCT_GROUP_MEMBERSHPS                                  syscall.Errno = 8493
+	ERROR_DS_NC_MUST_HAVE_NC_PARENT                                           syscall.Errno = 8494
+	ERROR_DS_CR_IMPOSSIBLE_TO_VALIDATE                                        syscall.Errno = 8495
+	ERROR_DS_DST_DOMAIN_NOT_NATIVE                                            syscall.Errno = 8496
+	ERROR_DS_MISSING_INFRASTRUCTURE_CONTAINER                                 syscall.Errno = 8497
+	ERROR_DS_CANT_MOVE_ACCOUNT_GROUP                                          syscall.Errno = 8498
+	ERROR_DS_CANT_MOVE_RESOURCE_GROUP                                         syscall.Errno = 8499
+	ERROR_DS_INVALID_SEARCH_FLAG                                              syscall.Errno = 8500
+	ERROR_DS_NO_TREE_DELETE_ABOVE_NC                                          syscall.Errno = 8501
+	ERROR_DS_COULDNT_LOCK_TREE_FOR_DELETE                                     syscall.Errno = 8502
+	ERROR_DS_COULDNT_IDENTIFY_OBJECTS_FOR_TREE_DELETE                         syscall.Errno = 8503
+	ERROR_DS_SAM_INIT_FAILURE                                                 syscall.Errno = 8504
+	ERROR_DS_SENSITIVE_GROUP_VIOLATION                                        syscall.Errno = 8505
+	ERROR_DS_CANT_MOD_PRIMARYGROUPID                                          syscall.Errno = 8506
+	ERROR_DS_ILLEGAL_BASE_SCHEMA_MOD                                          syscall.Errno = 8507
+	ERROR_DS_NONSAFE_SCHEMA_CHANGE                                            syscall.Errno = 8508
+	ERROR_DS_SCHEMA_UPDATE_DISALLOWED                                         syscall.Errno = 8509
+	ERROR_DS_CANT_CREATE_UNDER_SCHEMA                                         syscall.Errno = 8510
+	ERROR_DS_INSTALL_NO_SRC_SCH_VERSION                                       syscall.Errno = 8511
+	ERROR_DS_INSTALL_NO_SCH_VERSION_IN_INIFILE                                syscall.Errno = 8512
+	ERROR_DS_INVALID_GROUP_TYPE                                               syscall.Errno = 8513
+	ERROR_DS_NO_NEST_GLOBALGROUP_IN_MIXEDDOMAIN                               syscall.Errno = 8514
+	ERROR_DS_NO_NEST_LOCALGROUP_IN_MIXEDDOMAIN                                syscall.Errno = 8515
+	ERROR_DS_GLOBAL_CANT_HAVE_LOCAL_MEMBER                                    syscall.Errno = 8516
+	ERROR_DS_GLOBAL_CANT_HAVE_UNIVERSAL_MEMBER                                syscall.Errno = 8517
+	ERROR_DS_UNIVERSAL_CANT_HAVE_LOCAL_MEMBER                                 syscall.Errno = 8518
+	ERROR_DS_GLOBAL_CANT_HAVE_CROSSDOMAIN_MEMBER                              syscall.Errno = 8519
+	ERROR_DS_LOCAL_CANT_HAVE_CROSSDOMAIN_LOCAL_MEMBER                         syscall.Errno = 8520
+	ERROR_DS_HAVE_PRIMARY_MEMBERS                                             syscall.Errno = 8521
+	ERROR_DS_STRING_SD_CONVERSION_FAILED                                      syscall.Errno = 8522
+	ERROR_DS_NAMING_MASTER_GC                                                 syscall.Errno = 8523
+	ERROR_DS_DNS_LOOKUP_FAILURE                                               syscall.Errno = 8524
+	ERROR_DS_COULDNT_UPDATE_SPNS                                              syscall.Errno = 8525
+	ERROR_DS_CANT_RETRIEVE_SD                                                 syscall.Errno = 8526
+	ERROR_DS_KEY_NOT_UNIQUE                                                   syscall.Errno = 8527
+	ERROR_DS_WRONG_LINKED_ATT_SYNTAX                                          syscall.Errno = 8528
+	ERROR_DS_SAM_NEED_BOOTKEY_PASSWORD                                        syscall.Errno = 8529
+	ERROR_DS_SAM_NEED_BOOTKEY_FLOPPY                                          syscall.Errno = 8530
+	ERROR_DS_CANT_START                                                       syscall.Errno = 8531
+	ERROR_DS_INIT_FAILURE                                                     syscall.Errno = 8532
+	ERROR_DS_NO_PKT_PRIVACY_ON_CONNECTION                                     syscall.Errno = 8533
+	ERROR_DS_SOURCE_DOMAIN_IN_FOREST                                          syscall.Errno = 8534
+	ERROR_DS_DESTINATION_DOMAIN_NOT_IN_FOREST                                 syscall.Errno = 8535
+	ERROR_DS_DESTINATION_AUDITING_NOT_ENABLED                                 syscall.Errno = 8536
+	ERROR_DS_CANT_FIND_DC_FOR_SRC_DOMAIN                                      syscall.Errno = 8537
+	ERROR_DS_SRC_OBJ_NOT_GROUP_OR_USER                                        syscall.Errno = 8538
+	ERROR_DS_SRC_SID_EXISTS_IN_FOREST                                         syscall.Errno = 8539
+	ERROR_DS_SRC_AND_DST_OBJECT_CLASS_MISMATCH                                syscall.Errno = 8540
+	ERROR_SAM_INIT_FAILURE                                                    syscall.Errno = 8541
+	ERROR_DS_DRA_SCHEMA_INFO_SHIP                                             syscall.Errno = 8542
+	ERROR_DS_DRA_SCHEMA_CONFLICT                                              syscall.Errno = 8543
+	ERROR_DS_DRA_EARLIER_SCHEMA_CONFLICT                                      syscall.Errno = 8544
+	ERROR_DS_DRA_OBJ_NC_MISMATCH                                              syscall.Errno = 8545
+	ERROR_DS_NC_STILL_HAS_DSAS                                                syscall.Errno = 8546
+	ERROR_DS_GC_REQUIRED                                                      syscall.Errno = 8547
+	ERROR_DS_LOCAL_MEMBER_OF_LOCAL_ONLY                                       syscall.Errno = 8548
+	ERROR_DS_NO_FPO_IN_UNIVERSAL_GROUPS                                       syscall.Errno = 8549
+	ERROR_DS_CANT_ADD_TO_GC                                                   syscall.Errno = 8550
+	ERROR_DS_NO_CHECKPOINT_WITH_PDC                                           syscall.Errno = 8551
+	ERROR_DS_SOURCE_AUDITING_NOT_ENABLED                                      syscall.Errno = 8552
+	ERROR_DS_CANT_CREATE_IN_NONDOMAIN_NC                                      syscall.Errno = 8553
+	ERROR_DS_INVALID_NAME_FOR_SPN                                             syscall.Errno = 8554
+	ERROR_DS_FILTER_USES_CONTRUCTED_ATTRS                                     syscall.Errno = 8555
+	ERROR_DS_UNICODEPWD_NOT_IN_QUOTES                                         syscall.Errno = 8556
+	ERROR_DS_MACHINE_ACCOUNT_QUOTA_EXCEEDED                                   syscall.Errno = 8557
+	ERROR_DS_MUST_BE_RUN_ON_DST_DC                                            syscall.Errno = 8558
+	ERROR_DS_SRC_DC_MUST_BE_SP4_OR_GREATER                                    syscall.Errno = 8559
+	ERROR_DS_CANT_TREE_DELETE_CRITICAL_OBJ                                    syscall.Errno = 8560
+	ERROR_DS_INIT_FAILURE_CONSOLE                                             syscall.Errno = 8561
+	ERROR_DS_SAM_INIT_FAILURE_CONSOLE                                         syscall.Errno = 8562
+	ERROR_DS_FOREST_VERSION_TOO_HIGH                                          syscall.Errno = 8563
+	ERROR_DS_DOMAIN_VERSION_TOO_HIGH                                          syscall.Errno = 8564
+	ERROR_DS_FOREST_VERSION_TOO_LOW                                           syscall.Errno = 8565
+	ERROR_DS_DOMAIN_VERSION_TOO_LOW                                           syscall.Errno = 8566
+	ERROR_DS_INCOMPATIBLE_VERSION                                             syscall.Errno = 8567
+	ERROR_DS_LOW_DSA_VERSION                                                  syscall.Errno = 8568
+	ERROR_DS_NO_BEHAVIOR_VERSION_IN_MIXEDDOMAIN                               syscall.Errno = 8569
+	ERROR_DS_NOT_SUPPORTED_SORT_ORDER                                         syscall.Errno = 8570
+	ERROR_DS_NAME_NOT_UNIQUE                                                  syscall.Errno = 8571
+	ERROR_DS_MACHINE_ACCOUNT_CREATED_PRENT4                                   syscall.Errno = 8572
+	ERROR_DS_OUT_OF_VERSION_STORE                                             syscall.Errno = 8573
+	ERROR_DS_INCOMPATIBLE_CONTROLS_USED                                       syscall.Errno = 8574
+	ERROR_DS_NO_REF_DOMAIN                                                    syscall.Errno = 8575
+	ERROR_DS_RESERVED_LINK_ID                                                 syscall.Errno = 8576
+	ERROR_DS_LINK_ID_NOT_AVAILABLE                                            syscall.Errno = 8577
+	ERROR_DS_AG_CANT_HAVE_UNIVERSAL_MEMBER                                    syscall.Errno = 8578
+	ERROR_DS_MODIFYDN_DISALLOWED_BY_INSTANCE_TYPE                             syscall.Errno = 8579
+	ERROR_DS_NO_OBJECT_MOVE_IN_SCHEMA_NC                                      syscall.Errno = 8580
+	ERROR_DS_MODIFYDN_DISALLOWED_BY_FLAG                                      syscall.Errno = 8581
+	ERROR_DS_MODIFYDN_WRONG_GRANDPARENT                                       syscall.Errno = 8582
+	ERROR_DS_NAME_ERROR_TRUST_REFERRAL                                        syscall.Errno = 8583
+	ERROR_NOT_SUPPORTED_ON_STANDARD_SERVER                                    syscall.Errno = 8584
+	ERROR_DS_CANT_ACCESS_REMOTE_PART_OF_AD                                    syscall.Errno = 8585
+	ERROR_DS_CR_IMPOSSIBLE_TO_VALIDATE_V2                                     syscall.Errno = 8586
+	ERROR_DS_THREAD_LIMIT_EXCEEDED                                            syscall.Errno = 8587
+	ERROR_DS_NOT_CLOSEST                                                      syscall.Errno = 8588
+	ERROR_DS_CANT_DERIVE_SPN_WITHOUT_SERVER_REF                               syscall.Errno = 8589
+	ERROR_DS_SINGLE_USER_MODE_FAILED                                          syscall.Errno = 8590
+	ERROR_DS_NTDSCRIPT_SYNTAX_ERROR                                           syscall.Errno = 8591
+	ERROR_DS_NTDSCRIPT_PROCESS_ERROR                                          syscall.Errno = 8592
+	ERROR_DS_DIFFERENT_REPL_EPOCHS                                            syscall.Errno = 8593
+	ERROR_DS_DRS_EXTENSIONS_CHANGED                                           syscall.Errno = 8594
+	ERROR_DS_REPLICA_SET_CHANGE_NOT_ALLOWED_ON_DISABLED_CR                    syscall.Errno = 8595
+	ERROR_DS_NO_MSDS_INTID                                                    syscall.Errno = 8596
+	ERROR_DS_DUP_MSDS_INTID                                                   syscall.Errno = 8597
+	ERROR_DS_EXISTS_IN_RDNATTID                                               syscall.Errno = 8598
+	ERROR_DS_AUTHORIZATION_FAILED                                             syscall.Errno = 8599
+	ERROR_DS_INVALID_SCRIPT                                                   syscall.Errno = 8600
+	ERROR_DS_REMOTE_CROSSREF_OP_FAILED                                        syscall.Errno = 8601
+	ERROR_DS_CROSS_REF_BUSY                                                   syscall.Errno = 8602
+	ERROR_DS_CANT_DERIVE_SPN_FOR_DELETED_DOMAIN                               syscall.Errno = 8603
+	ERROR_DS_CANT_DEMOTE_WITH_WRITEABLE_NC                                    syscall.Errno = 8604
+	ERROR_DS_DUPLICATE_ID_FOUND                                               syscall.Errno = 8605
+	ERROR_DS_INSUFFICIENT_ATTR_TO_CREATE_OBJECT                               syscall.Errno = 8606
+	ERROR_DS_GROUP_CONVERSION_ERROR                                           syscall.Errno = 8607
+	ERROR_DS_CANT_MOVE_APP_BASIC_GROUP                                        syscall.Errno = 8608
+	ERROR_DS_CANT_MOVE_APP_QUERY_GROUP                                        syscall.Errno = 8609
+	ERROR_DS_ROLE_NOT_VERIFIED                                                syscall.Errno = 8610
+	ERROR_DS_WKO_CONTAINER_CANNOT_BE_SPECIAL                                  syscall.Errno = 8611
+	ERROR_DS_DOMAIN_RENAME_IN_PROGRESS                                        syscall.Errno = 8612
+	ERROR_DS_EXISTING_AD_CHILD_NC                                             syscall.Errno = 8613
+	ERROR_DS_REPL_LIFETIME_EXCEEDED                                           syscall.Errno = 8614
+	ERROR_DS_DISALLOWED_IN_SYSTEM_CONTAINER                                   syscall.Errno = 8615
+	ERROR_DS_LDAP_SEND_QUEUE_FULL                                             syscall.Errno = 8616
+	ERROR_DS_DRA_OUT_SCHEDULE_WINDOW                                          syscall.Errno = 8617
+	ERROR_DS_POLICY_NOT_KNOWN                                                 syscall.Errno = 8618
+	ERROR_NO_SITE_SETTINGS_OBJECT                                             syscall.Errno = 8619
+	ERROR_NO_SECRETS                                                          syscall.Errno = 8620
+	ERROR_NO_WRITABLE_DC_FOUND                                                syscall.Errno = 8621
+	ERROR_DS_NO_SERVER_OBJECT                                                 syscall.Errno = 8622
+	ERROR_DS_NO_NTDSA_OBJECT                                                  syscall.Errno = 8623
+	ERROR_DS_NON_ASQ_SEARCH                                                   syscall.Errno = 8624
+	ERROR_DS_AUDIT_FAILURE                                                    syscall.Errno = 8625
+	ERROR_DS_INVALID_SEARCH_FLAG_SUBTREE                                      syscall.Errno = 8626
+	ERROR_DS_INVALID_SEARCH_FLAG_TUPLE                                        syscall.Errno = 8627
+	ERROR_DS_HIERARCHY_TABLE_TOO_DEEP                                         syscall.Errno = 8628
+	ERROR_DS_DRA_CORRUPT_UTD_VECTOR                                           syscall.Errno = 8629
+	ERROR_DS_DRA_SECRETS_DENIED                                               syscall.Errno = 8630
+	ERROR_DS_RESERVED_MAPI_ID                                                 syscall.Errno = 8631
+	ERROR_DS_MAPI_ID_NOT_AVAILABLE                                            syscall.Errno = 8632
+	ERROR_DS_DRA_MISSING_KRBTGT_SECRET                                        syscall.Errno = 8633
+	ERROR_DS_DOMAIN_NAME_EXISTS_IN_FOREST                                     syscall.Errno = 8634
+	ERROR_DS_FLAT_NAME_EXISTS_IN_FOREST                                       syscall.Errno = 8635
+	ERROR_INVALID_USER_PRINCIPAL_NAME                                         syscall.Errno = 8636
+	ERROR_DS_OID_MAPPED_GROUP_CANT_HAVE_MEMBERS                               syscall.Errno = 8637
+	ERROR_DS_OID_NOT_FOUND                                                    syscall.Errno = 8638
+	ERROR_DS_DRA_RECYCLED_TARGET                                              syscall.Errno = 8639
+	ERROR_DS_DISALLOWED_NC_REDIRECT                                           syscall.Errno = 8640
+	ERROR_DS_HIGH_ADLDS_FFL                                                   syscall.Errno = 8641
+	ERROR_DS_HIGH_DSA_VERSION                                                 syscall.Errno = 8642
+	ERROR_DS_LOW_ADLDS_FFL                                                    syscall.Errno = 8643
+	ERROR_DOMAIN_SID_SAME_AS_LOCAL_WORKSTATION                                syscall.Errno = 8644
+	ERROR_DS_UNDELETE_SAM_VALIDATION_FAILED                                   syscall.Errno = 8645
+	ERROR_INCORRECT_ACCOUNT_TYPE                                              syscall.Errno = 8646
+	ERROR_DS_SPN_VALUE_NOT_UNIQUE_IN_FOREST                                   syscall.Errno = 8647
+	ERROR_DS_UPN_VALUE_NOT_UNIQUE_IN_FOREST                                   syscall.Errno = 8648
+	ERROR_DS_MISSING_FOREST_TRUST                                             syscall.Errno = 8649
+	ERROR_DS_VALUE_KEY_NOT_UNIQUE                                             syscall.Errno = 8650
+	DNS_ERROR_RESPONSE_CODES_BASE                                             syscall.Errno = 9000
+	DNS_ERROR_RCODE_NO_ERROR                                                                = ERROR_SUCCESS
+	DNS_ERROR_MASK                                                            syscall.Errno = 0x00002328
+	DNS_ERROR_RCODE_FORMAT_ERROR                                              syscall.Errno = 9001
+	DNS_ERROR_RCODE_SERVER_FAILURE                                            syscall.Errno = 9002
+	DNS_ERROR_RCODE_NAME_ERROR                                                syscall.Errno = 9003
+	DNS_ERROR_RCODE_NOT_IMPLEMENTED                                           syscall.Errno = 9004
+	DNS_ERROR_RCODE_REFUSED                                                   syscall.Errno = 9005
+	DNS_ERROR_RCODE_YXDOMAIN                                                  syscall.Errno = 9006
+	DNS_ERROR_RCODE_YXRRSET                                                   syscall.Errno = 9007
+	DNS_ERROR_RCODE_NXRRSET                                                   syscall.Errno = 9008
+	DNS_ERROR_RCODE_NOTAUTH                                                   syscall.Errno = 9009
+	DNS_ERROR_RCODE_NOTZONE                                                   syscall.Errno = 9010
+	DNS_ERROR_RCODE_BADSIG                                                    syscall.Errno = 9016
+	DNS_ERROR_RCODE_BADKEY                                                    syscall.Errno = 9017
+	DNS_ERROR_RCODE_BADTIME                                                   syscall.Errno = 9018
+	DNS_ERROR_RCODE_LAST                                                                    = DNS_ERROR_RCODE_BADTIME
+	DNS_ERROR_DNSSEC_BASE                                                     syscall.Errno = 9100
+	DNS_ERROR_KEYMASTER_REQUIRED                                              syscall.Errno = 9101
+	DNS_ERROR_NOT_ALLOWED_ON_SIGNED_ZONE                                      syscall.Errno = 9102
+	DNS_ERROR_NSEC3_INCOMPATIBLE_WITH_RSA_SHA1                                syscall.Errno = 9103
+	DNS_ERROR_NOT_ENOUGH_SIGNING_KEY_DESCRIPTORS                              syscall.Errno = 9104
+	DNS_ERROR_UNSUPPORTED_ALGORITHM                                           syscall.Errno = 9105
+	DNS_ERROR_INVALID_KEY_SIZE                                                syscall.Errno = 9106
+	DNS_ERROR_SIGNING_KEY_NOT_ACCESSIBLE                                      syscall.Errno = 9107
+	DNS_ERROR_KSP_DOES_NOT_SUPPORT_PROTECTION                                 syscall.Errno = 9108
+	DNS_ERROR_UNEXPECTED_DATA_PROTECTION_ERROR                                syscall.Errno = 9109
+	DNS_ERROR_UNEXPECTED_CNG_ERROR                                            syscall.Errno = 9110
+	DNS_ERROR_UNKNOWN_SIGNING_PARAMETER_VERSION                               syscall.Errno = 9111
+	DNS_ERROR_KSP_NOT_ACCESSIBLE                                              syscall.Errno = 9112
+	DNS_ERROR_TOO_MANY_SKDS                                                   syscall.Errno = 9113
+	DNS_ERROR_INVALID_ROLLOVER_PERIOD                                         syscall.Errno = 9114
+	DNS_ERROR_INVALID_INITIAL_ROLLOVER_OFFSET                                 syscall.Errno = 9115
+	DNS_ERROR_ROLLOVER_IN_PROGRESS                                            syscall.Errno = 9116
+	DNS_ERROR_STANDBY_KEY_NOT_PRESENT                                         syscall.Errno = 9117
+	DNS_ERROR_NOT_ALLOWED_ON_ZSK                                              syscall.Errno = 9118
+	DNS_ERROR_NOT_ALLOWED_ON_ACTIVE_SKD                                       syscall.Errno = 9119
+	DNS_ERROR_ROLLOVER_ALREADY_QUEUED                                         syscall.Errno = 9120
+	DNS_ERROR_NOT_ALLOWED_ON_UNSIGNED_ZONE                                    syscall.Errno = 9121
+	DNS_ERROR_BAD_KEYMASTER                                                   syscall.Errno = 9122
+	DNS_ERROR_INVALID_SIGNATURE_VALIDITY_PERIOD                               syscall.Errno = 9123
+	DNS_ERROR_INVALID_NSEC3_ITERATION_COUNT                                   syscall.Errno = 9124
+	DNS_ERROR_DNSSEC_IS_DISABLED                                              syscall.Errno = 9125
+	DNS_ERROR_INVALID_XML                                                     syscall.Errno = 9126
+	DNS_ERROR_NO_VALID_TRUST_ANCHORS                                          syscall.Errno = 9127
+	DNS_ERROR_ROLLOVER_NOT_POKEABLE                                           syscall.Errno = 9128
+	DNS_ERROR_NSEC3_NAME_COLLISION                                            syscall.Errno = 9129
+	DNS_ERROR_NSEC_INCOMPATIBLE_WITH_NSEC3_RSA_SHA1                           syscall.Errno = 9130
+	DNS_ERROR_PACKET_FMT_BASE                                                 syscall.Errno = 9500
+	DNS_INFO_NO_RECORDS                                                       syscall.Errno = 9501
+	DNS_ERROR_BAD_PACKET                                                      syscall.Errno = 9502
+	DNS_ERROR_NO_PACKET                                                       syscall.Errno = 9503
+	DNS_ERROR_RCODE                                                           syscall.Errno = 9504
+	DNS_ERROR_UNSECURE_PACKET                                                 syscall.Errno = 9505
+	DNS_STATUS_PACKET_UNSECURE                                                              = DNS_ERROR_UNSECURE_PACKET
+	DNS_REQUEST_PENDING                                                       syscall.Errno = 9506
+	DNS_ERROR_NO_MEMORY                                                                     = ERROR_OUTOFMEMORY
+	DNS_ERROR_INVALID_NAME                                                                  = ERROR_INVALID_NAME
+	DNS_ERROR_INVALID_DATA                                                                  = ERROR_INVALID_DATA
+	DNS_ERROR_GENERAL_API_BASE                                                syscall.Errno = 9550
+	DNS_ERROR_INVALID_TYPE                                                    syscall.Errno = 9551
+	DNS_ERROR_INVALID_IP_ADDRESS                                              syscall.Errno = 9552
+	DNS_ERROR_INVALID_PROPERTY                                                syscall.Errno = 9553
+	DNS_ERROR_TRY_AGAIN_LATER                                                 syscall.Errno = 9554
+	DNS_ERROR_NOT_UNIQUE                                                      syscall.Errno = 9555
+	DNS_ERROR_NON_RFC_NAME                                                    syscall.Errno = 9556
+	DNS_STATUS_FQDN                                                           syscall.Errno = 9557
+	DNS_STATUS_DOTTED_NAME                                                    syscall.Errno = 9558
+	DNS_STATUS_SINGLE_PART_NAME                                               syscall.Errno = 9559
+	DNS_ERROR_INVALID_NAME_CHAR                                               syscall.Errno = 9560
+	DNS_ERROR_NUMERIC_NAME                                                    syscall.Errno = 9561
+	DNS_ERROR_NOT_ALLOWED_ON_ROOT_SERVER                                      syscall.Errno = 9562
+	DNS_ERROR_NOT_ALLOWED_UNDER_DELEGATION                                    syscall.Errno = 9563
+	DNS_ERROR_CANNOT_FIND_ROOT_HINTS                                          syscall.Errno = 9564
+	DNS_ERROR_INCONSISTENT_ROOT_HINTS                                         syscall.Errno = 9565
+	DNS_ERROR_DWORD_VALUE_TOO_SMALL                                           syscall.Errno = 9566
+	DNS_ERROR_DWORD_VALUE_TOO_LARGE                                           syscall.Errno = 9567
+	DNS_ERROR_BACKGROUND_LOADING                                              syscall.Errno = 9568
+	DNS_ERROR_NOT_ALLOWED_ON_RODC                                             syscall.Errno = 9569
+	DNS_ERROR_NOT_ALLOWED_UNDER_DNAME                                         syscall.Errno = 9570
+	DNS_ERROR_DELEGATION_REQUIRED                                             syscall.Errno = 9571
+	DNS_ERROR_INVALID_POLICY_TABLE                                            syscall.Errno = 9572
+	DNS_ERROR_ADDRESS_REQUIRED                                                syscall.Errno = 9573
+	DNS_ERROR_ZONE_BASE                                                       syscall.Errno = 9600
+	DNS_ERROR_ZONE_DOES_NOT_EXIST                                             syscall.Errno = 9601
+	DNS_ERROR_NO_ZONE_INFO                                                    syscall.Errno = 9602
+	DNS_ERROR_INVALID_ZONE_OPERATION                                          syscall.Errno = 9603
+	DNS_ERROR_ZONE_CONFIGURATION_ERROR                                        syscall.Errno = 9604
+	DNS_ERROR_ZONE_HAS_NO_SOA_RECORD                                          syscall.Errno = 9605
+	DNS_ERROR_ZONE_HAS_NO_NS_RECORDS                                          syscall.Errno = 9606
+	DNS_ERROR_ZONE_LOCKED                                                     syscall.Errno = 9607
+	DNS_ERROR_ZONE_CREATION_FAILED                                            syscall.Errno = 9608
+	DNS_ERROR_ZONE_ALREADY_EXISTS                                             syscall.Errno = 9609
+	DNS_ERROR_AUTOZONE_ALREADY_EXISTS                                         syscall.Errno = 9610
+	DNS_ERROR_INVALID_ZONE_TYPE                                               syscall.Errno = 9611
+	DNS_ERROR_SECONDARY_REQUIRES_MASTER_IP                                    syscall.Errno = 9612
+	DNS_ERROR_ZONE_NOT_SECONDARY                                              syscall.Errno = 9613
+	DNS_ERROR_NEED_SECONDARY_ADDRESSES                                        syscall.Errno = 9614
+	DNS_ERROR_WINS_INIT_FAILED                                                syscall.Errno = 9615
+	DNS_ERROR_NEED_WINS_SERVERS                                               syscall.Errno = 9616
+	DNS_ERROR_NBSTAT_INIT_FAILED                                              syscall.Errno = 9617
+	DNS_ERROR_SOA_DELETE_INVALID                                              syscall.Errno = 9618
+	DNS_ERROR_FORWARDER_ALREADY_EXISTS                                        syscall.Errno = 9619
+	DNS_ERROR_ZONE_REQUIRES_MASTER_IP                                         syscall.Errno = 9620
+	DNS_ERROR_ZONE_IS_SHUTDOWN                                                syscall.Errno = 9621
+	DNS_ERROR_ZONE_LOCKED_FOR_SIGNING                                         syscall.Errno = 9622
+	DNS_ERROR_DATAFILE_BASE                                                   syscall.Errno = 9650
+	DNS_ERROR_PRIMARY_REQUIRES_DATAFILE                                       syscall.Errno = 9651
+	DNS_ERROR_INVALID_DATAFILE_NAME                                           syscall.Errno = 9652
+	DNS_ERROR_DATAFILE_OPEN_FAILURE                                           syscall.Errno = 9653
+	DNS_ERROR_FILE_WRITEBACK_FAILED                                           syscall.Errno = 9654
+	DNS_ERROR_DATAFILE_PARSING                                                syscall.Errno = 9655
+	DNS_ERROR_DATABASE_BASE                                                   syscall.Errno = 9700
+	DNS_ERROR_RECORD_DOES_NOT_EXIST                                           syscall.Errno = 9701
+	DNS_ERROR_RECORD_FORMAT                                                   syscall.Errno = 9702
+	DNS_ERROR_NODE_CREATION_FAILED                                            syscall.Errno = 9703
+	DNS_ERROR_UNKNOWN_RECORD_TYPE                                             syscall.Errno = 9704
+	DNS_ERROR_RECORD_TIMED_OUT                                                syscall.Errno = 9705
+	DNS_ERROR_NAME_NOT_IN_ZONE                                                syscall.Errno = 9706
+	DNS_ERROR_CNAME_LOOP                                                      syscall.Errno = 9707
+	DNS_ERROR_NODE_IS_CNAME                                                   syscall.Errno = 9708
+	DNS_ERROR_CNAME_COLLISION                                                 syscall.Errno = 9709
+	DNS_ERROR_RECORD_ONLY_AT_ZONE_ROOT                                        syscall.Errno = 9710
+	DNS_ERROR_RECORD_ALREADY_EXISTS                                           syscall.Errno = 9711
+	DNS_ERROR_SECONDARY_DATA                                                  syscall.Errno = 9712
+	DNS_ERROR_NO_CREATE_CACHE_DATA                                            syscall.Errno = 9713
+	DNS_ERROR_NAME_DOES_NOT_EXIST                                             syscall.Errno = 9714
+	DNS_WARNING_PTR_CREATE_FAILED                                             syscall.Errno = 9715
+	DNS_WARNING_DOMAIN_UNDELETED                                              syscall.Errno = 9716
+	DNS_ERROR_DS_UNAVAILABLE                                                  syscall.Errno = 9717
+	DNS_ERROR_DS_ZONE_ALREADY_EXISTS                                          syscall.Errno = 9718
+	DNS_ERROR_NO_BOOTFILE_IF_DS_ZONE                                          syscall.Errno = 9719
+	DNS_ERROR_NODE_IS_DNAME                                                   syscall.Errno = 9720
+	DNS_ERROR_DNAME_COLLISION                                                 syscall.Errno = 9721
+	DNS_ERROR_ALIAS_LOOP                                                      syscall.Errno = 9722
+	DNS_ERROR_OPERATION_BASE                                                  syscall.Errno = 9750
+	DNS_INFO_AXFR_COMPLETE                                                    syscall.Errno = 9751
+	DNS_ERROR_AXFR                                                            syscall.Errno = 9752
+	DNS_INFO_ADDED_LOCAL_WINS                                                 syscall.Errno = 9753
+	DNS_ERROR_SECURE_BASE                                                     syscall.Errno = 9800
+	DNS_STATUS_CONTINUE_NEEDED                                                syscall.Errno = 9801
+	DNS_ERROR_SETUP_BASE                                                      syscall.Errno = 9850
+	DNS_ERROR_NO_TCPIP                                                        syscall.Errno = 9851
+	DNS_ERROR_NO_DNS_SERVERS                                                  syscall.Errno = 9852
+	DNS_ERROR_DP_BASE                                                         syscall.Errno = 9900
+	DNS_ERROR_DP_DOES_NOT_EXIST                                               syscall.Errno = 9901
+	DNS_ERROR_DP_ALREADY_EXISTS                                               syscall.Errno = 9902
+	DNS_ERROR_DP_NOT_ENLISTED                                                 syscall.Errno = 9903
+	DNS_ERROR_DP_ALREADY_ENLISTED                                             syscall.Errno = 9904
+	DNS_ERROR_DP_NOT_AVAILABLE                                                syscall.Errno = 9905
+	DNS_ERROR_DP_FSMO_ERROR                                                   syscall.Errno = 9906
+	DNS_ERROR_RRL_NOT_ENABLED                                                 syscall.Errno = 9911
+	DNS_ERROR_RRL_INVALID_WINDOW_SIZE                                         syscall.Errno = 9912
+	DNS_ERROR_RRL_INVALID_IPV4_PREFIX                                         syscall.Errno = 9913
+	DNS_ERROR_RRL_INVALID_IPV6_PREFIX                                         syscall.Errno = 9914
+	DNS_ERROR_RRL_INVALID_TC_RATE                                             syscall.Errno = 9915
+	DNS_ERROR_RRL_INVALID_LEAK_RATE                                           syscall.Errno = 9916
+	DNS_ERROR_RRL_LEAK_RATE_LESSTHAN_TC_RATE                                  syscall.Errno = 9917
+	DNS_ERROR_VIRTUALIZATION_INSTANCE_ALREADY_EXISTS                          syscall.Errno = 9921
+	DNS_ERROR_VIRTUALIZATION_INSTANCE_DOES_NOT_EXIST                          syscall.Errno = 9922
+	DNS_ERROR_VIRTUALIZATION_TREE_LOCKED                                      syscall.Errno = 9923
+	DNS_ERROR_INVAILD_VIRTUALIZATION_INSTANCE_NAME                            syscall.Errno = 9924
+	DNS_ERROR_DEFAULT_VIRTUALIZATION_INSTANCE                                 syscall.Errno = 9925
+	DNS_ERROR_ZONESCOPE_ALREADY_EXISTS                                        syscall.Errno = 9951
+	DNS_ERROR_ZONESCOPE_DOES_NOT_EXIST                                        syscall.Errno = 9952
+	DNS_ERROR_DEFAULT_ZONESCOPE                                               syscall.Errno = 9953
+	DNS_ERROR_INVALID_ZONESCOPE_NAME                                          syscall.Errno = 9954
+	DNS_ERROR_NOT_ALLOWED_WITH_ZONESCOPES                                     syscall.Errno = 9955
+	DNS_ERROR_LOAD_ZONESCOPE_FAILED                                           syscall.Errno = 9956
+	DNS_ERROR_ZONESCOPE_FILE_WRITEBACK_FAILED                                 syscall.Errno = 9957
+	DNS_ERROR_INVALID_SCOPE_NAME                                              syscall.Errno = 9958
+	DNS_ERROR_SCOPE_DOES_NOT_EXIST                                            syscall.Errno = 9959
+	DNS_ERROR_DEFAULT_SCOPE                                                   syscall.Errno = 9960
+	DNS_ERROR_INVALID_SCOPE_OPERATION                                         syscall.Errno = 9961
+	DNS_ERROR_SCOPE_LOCKED                                                    syscall.Errno = 9962
+	DNS_ERROR_SCOPE_ALREADY_EXISTS                                            syscall.Errno = 9963
+	DNS_ERROR_POLICY_ALREADY_EXISTS                                           syscall.Errno = 9971
+	DNS_ERROR_POLICY_DOES_NOT_EXIST                                           syscall.Errno = 9972
+	DNS_ERROR_POLICY_INVALID_CRITERIA                                         syscall.Errno = 9973
+	DNS_ERROR_POLICY_INVALID_SETTINGS                                         syscall.Errno = 9974
+	DNS_ERROR_CLIENT_SUBNET_IS_ACCESSED                                       syscall.Errno = 9975
+	DNS_ERROR_CLIENT_SUBNET_DOES_NOT_EXIST                                    syscall.Errno = 9976
+	DNS_ERROR_CLIENT_SUBNET_ALREADY_EXISTS                                    syscall.Errno = 9977
+	DNS_ERROR_SUBNET_DOES_NOT_EXIST                                           syscall.Errno = 9978
+	DNS_ERROR_SUBNET_ALREADY_EXISTS                                           syscall.Errno = 9979
+	DNS_ERROR_POLICY_LOCKED                                                   syscall.Errno = 9980
+	DNS_ERROR_POLICY_INVALID_WEIGHT                                           syscall.Errno = 9981
+	DNS_ERROR_POLICY_INVALID_NAME                                             syscall.Errno = 9982
+	DNS_ERROR_POLICY_MISSING_CRITERIA                                         syscall.Errno = 9983
+	DNS_ERROR_INVALID_CLIENT_SUBNET_NAME                                      syscall.Errno = 9984
+	DNS_ERROR_POLICY_PROCESSING_ORDER_INVALID                                 syscall.Errno = 9985
+	DNS_ERROR_POLICY_SCOPE_MISSING                                            syscall.Errno = 9986
+	DNS_ERROR_POLICY_SCOPE_NOT_ALLOWED                                        syscall.Errno = 9987
+	DNS_ERROR_SERVERSCOPE_IS_REFERENCED                                       syscall.Errno = 9988
+	DNS_ERROR_ZONESCOPE_IS_REFERENCED                                         syscall.Errno = 9989
+	DNS_ERROR_POLICY_INVALID_CRITERIA_CLIENT_SUBNET                           syscall.Errno = 9990
+	DNS_ERROR_POLICY_INVALID_CRITERIA_TRANSPORT_PROTOCOL                      syscall.Errno = 9991
+	DNS_ERROR_POLICY_INVALID_CRITERIA_NETWORK_PROTOCOL                        syscall.Errno = 9992
+	DNS_ERROR_POLICY_INVALID_CRITERIA_INTERFACE                               syscall.Errno = 9993
+	DNS_ERROR_POLICY_INVALID_CRITERIA_FQDN                                    syscall.Errno = 9994
+	DNS_ERROR_POLICY_INVALID_CRITERIA_QUERY_TYPE                              syscall.Errno = 9995
+	DNS_ERROR_POLICY_INVALID_CRITERIA_TIME_OF_DAY                             syscall.Errno = 9996
+	WSABASEERR                                                                syscall.Errno = 10000
+	WSAEINTR                                                                  syscall.Errno = 10004
+	WSAEBADF                                                                  syscall.Errno = 10009
+	WSAEACCES                                                                 syscall.Errno = 10013
+	WSAEFAULT                                                                 syscall.Errno = 10014
+	WSAEINVAL                                                                 syscall.Errno = 10022
+	WSAEMFILE                                                                 syscall.Errno = 10024
+	WSAEWOULDBLOCK                                                            syscall.Errno = 10035
+	WSAEINPROGRESS                                                            syscall.Errno = 10036
+	WSAEALREADY                                                               syscall.Errno = 10037
+	WSAENOTSOCK                                                               syscall.Errno = 10038
+	WSAEDESTADDRREQ                                                           syscall.Errno = 10039
+	WSAEMSGSIZE                                                               syscall.Errno = 10040
+	WSAEPROTOTYPE                                                             syscall.Errno = 10041
+	WSAENOPROTOOPT                                                            syscall.Errno = 10042
+	WSAEPROTONOSUPPORT                                                        syscall.Errno = 10043
+	WSAESOCKTNOSUPPORT                                                        syscall.Errno = 10044
+	WSAEOPNOTSUPP                                                             syscall.Errno = 10045
+	WSAEPFNOSUPPORT                                                           syscall.Errno = 10046
+	WSAEAFNOSUPPORT                                                           syscall.Errno = 10047
+	WSAEADDRINUSE                                                             syscall.Errno = 10048
+	WSAEADDRNOTAVAIL                                                          syscall.Errno = 10049
+	WSAENETDOWN                                                               syscall.Errno = 10050
+	WSAENETUNREACH                                                            syscall.Errno = 10051
+	WSAENETRESET                                                              syscall.Errno = 10052
+	WSAECONNABORTED                                                           syscall.Errno = 10053
+	WSAECONNRESET                                                             syscall.Errno = 10054
+	WSAENOBUFS                                                                syscall.Errno = 10055
+	WSAEISCONN                                                                syscall.Errno = 10056
+	WSAENOTCONN                                                               syscall.Errno = 10057
+	WSAESHUTDOWN                                                              syscall.Errno = 10058
+	WSAETOOMANYREFS                                                           syscall.Errno = 10059
+	WSAETIMEDOUT                                                              syscall.Errno = 10060
+	WSAECONNREFUSED                                                           syscall.Errno = 10061
+	WSAELOOP                                                                  syscall.Errno = 10062
+	WSAENAMETOOLONG                                                           syscall.Errno = 10063
+	WSAEHOSTDOWN                                                              syscall.Errno = 10064
+	WSAEHOSTUNREACH                                                           syscall.Errno = 10065
+	WSAENOTEMPTY                                                              syscall.Errno = 10066
+	WSAEPROCLIM                                                               syscall.Errno = 10067
+	WSAEUSERS                                                                 syscall.Errno = 10068
+	WSAEDQUOT                                                                 syscall.Errno = 10069
+	WSAESTALE                                                                 syscall.Errno = 10070
+	WSAEREMOTE                                                                syscall.Errno = 10071
+	WSASYSNOTREADY                                                            syscall.Errno = 10091
+	WSAVERNOTSUPPORTED                                                        syscall.Errno = 10092
+	WSANOTINITIALISED                                                         syscall.Errno = 10093
+	WSAEDISCON                                                                syscall.Errno = 10101
+	WSAENOMORE                                                                syscall.Errno = 10102
+	WSAECANCELLED                                                             syscall.Errno = 10103
+	WSAEINVALIDPROCTABLE                                                      syscall.Errno = 10104
+	WSAEINVALIDPROVIDER                                                       syscall.Errno = 10105
+	WSAEPROVIDERFAILEDINIT                                                    syscall.Errno = 10106
+	WSASYSCALLFAILURE                                                         syscall.Errno = 10107
+	WSASERVICE_NOT_FOUND                                                      syscall.Errno = 10108
+	WSATYPE_NOT_FOUND                                                         syscall.Errno = 10109
+	WSA_E_NO_MORE                                                             syscall.Errno = 10110
+	WSA_E_CANCELLED                                                           syscall.Errno = 10111
+	WSAEREFUSED                                                               syscall.Errno = 10112
+	WSAHOST_NOT_FOUND                                                         syscall.Errno = 11001
+	WSATRY_AGAIN                                                              syscall.Errno = 11002
+	WSANO_RECOVERY                                                            syscall.Errno = 11003
+	WSANO_DATA                                                                syscall.Errno = 11004
+	WSA_QOS_RECEIVERS                                                         syscall.Errno = 11005
+	WSA_QOS_SENDERS                                                           syscall.Errno = 11006
+	WSA_QOS_NO_SENDERS                                                        syscall.Errno = 11007
+	WSA_QOS_NO_RECEIVERS                                                      syscall.Errno = 11008
+	WSA_QOS_REQUEST_CONFIRMED                                                 syscall.Errno = 11009
+	WSA_QOS_ADMISSION_FAILURE                                                 syscall.Errno = 11010
+	WSA_QOS_POLICY_FAILURE                                                    syscall.Errno = 11011
+	WSA_QOS_BAD_STYLE                                                         syscall.Errno = 11012
+	WSA_QOS_BAD_OBJECT                                                        syscall.Errno = 11013
+	WSA_QOS_TRAFFIC_CTRL_ERROR                                                syscall.Errno = 11014
+	WSA_QOS_GENERIC_ERROR                                                     syscall.Errno = 11015
+	WSA_QOS_ESERVICETYPE                                                      syscall.Errno = 11016
+	WSA_QOS_EFLOWSPEC                                                         syscall.Errno = 11017
+	WSA_QOS_EPROVSPECBUF                                                      syscall.Errno = 11018
+	WSA_QOS_EFILTERSTYLE                                                      syscall.Errno = 11019
+	WSA_QOS_EFILTERTYPE                                                       syscall.Errno = 11020
+	WSA_QOS_EFILTERCOUNT                                                      syscall.Errno = 11021
+	WSA_QOS_EOBJLENGTH                                                        syscall.Errno = 11022
+	WSA_QOS_EFLOWCOUNT                                                        syscall.Errno = 11023
+	WSA_QOS_EUNKOWNPSOBJ                                                      syscall.Errno = 11024
+	WSA_QOS_EPOLICYOBJ                                                        syscall.Errno = 11025
+	WSA_QOS_EFLOWDESC                                                         syscall.Errno = 11026
+	WSA_QOS_EPSFLOWSPEC                                                       syscall.Errno = 11027
+	WSA_QOS_EPSFILTERSPEC                                                     syscall.Errno = 11028
+	WSA_QOS_ESDMODEOBJ                                                        syscall.Errno = 11029
+	WSA_QOS_ESHAPERATEOBJ                                                     syscall.Errno = 11030
+	WSA_QOS_RESERVED_PETYPE                                                   syscall.Errno = 11031
+	WSA_SECURE_HOST_NOT_FOUND                                                 syscall.Errno = 11032
+	WSA_IPSEC_NAME_POLICY_ERROR                                               syscall.Errno = 11033
+	ERROR_IPSEC_QM_POLICY_EXISTS                                              syscall.Errno = 13000
+	ERROR_IPSEC_QM_POLICY_NOT_FOUND                                           syscall.Errno = 13001
+	ERROR_IPSEC_QM_POLICY_IN_USE                                              syscall.Errno = 13002
+	ERROR_IPSEC_MM_POLICY_EXISTS                                              syscall.Errno = 13003
+	ERROR_IPSEC_MM_POLICY_NOT_FOUND                                           syscall.Errno = 13004
+	ERROR_IPSEC_MM_POLICY_IN_USE                                              syscall.Errno = 13005
+	ERROR_IPSEC_MM_FILTER_EXISTS                                              syscall.Errno = 13006
+	ERROR_IPSEC_MM_FILTER_NOT_FOUND                                           syscall.Errno = 13007
+	ERROR_IPSEC_TRANSPORT_FILTER_EXISTS                                       syscall.Errno = 13008
+	ERROR_IPSEC_TRANSPORT_FILTER_NOT_FOUND                                    syscall.Errno = 13009
+	ERROR_IPSEC_MM_AUTH_EXISTS                                                syscall.Errno = 13010
+	ERROR_IPSEC_MM_AUTH_NOT_FOUND                                             syscall.Errno = 13011
+	ERROR_IPSEC_MM_AUTH_IN_USE                                                syscall.Errno = 13012
+	ERROR_IPSEC_DEFAULT_MM_POLICY_NOT_FOUND                                   syscall.Errno = 13013
+	ERROR_IPSEC_DEFAULT_MM_AUTH_NOT_FOUND                                     syscall.Errno = 13014
+	ERROR_IPSEC_DEFAULT_QM_POLICY_NOT_FOUND                                   syscall.Errno = 13015
+	ERROR_IPSEC_TUNNEL_FILTER_EXISTS                                          syscall.Errno = 13016
+	ERROR_IPSEC_TUNNEL_FILTER_NOT_FOUND                                       syscall.Errno = 13017
+	ERROR_IPSEC_MM_FILTER_PENDING_DELETION                                    syscall.Errno = 13018
+	ERROR_IPSEC_TRANSPORT_FILTER_PENDING_DELETION                             syscall.Errno = 13019
+	ERROR_IPSEC_TUNNEL_FILTER_PENDING_DELETION                                syscall.Errno = 13020
+	ERROR_IPSEC_MM_POLICY_PENDING_DELETION                                    syscall.Errno = 13021
+	ERROR_IPSEC_MM_AUTH_PENDING_DELETION                                      syscall.Errno = 13022
+	ERROR_IPSEC_QM_POLICY_PENDING_DELETION                                    syscall.Errno = 13023
+	WARNING_IPSEC_MM_POLICY_PRUNED                                            syscall.Errno = 13024
+	WARNING_IPSEC_QM_POLICY_PRUNED                                            syscall.Errno = 13025
+	ERROR_IPSEC_IKE_NEG_STATUS_BEGIN                                          syscall.Errno = 13800
+	ERROR_IPSEC_IKE_AUTH_FAIL                                                 syscall.Errno = 13801
+	ERROR_IPSEC_IKE_ATTRIB_FAIL                                               syscall.Errno = 13802
+	ERROR_IPSEC_IKE_NEGOTIATION_PENDING                                       syscall.Errno = 13803
+	ERROR_IPSEC_IKE_GENERAL_PROCESSING_ERROR                                  syscall.Errno = 13804
+	ERROR_IPSEC_IKE_TIMED_OUT                                                 syscall.Errno = 13805
+	ERROR_IPSEC_IKE_NO_CERT                                                   syscall.Errno = 13806
+	ERROR_IPSEC_IKE_SA_DELETED                                                syscall.Errno = 13807
+	ERROR_IPSEC_IKE_SA_REAPED                                                 syscall.Errno = 13808
+	ERROR_IPSEC_IKE_MM_ACQUIRE_DROP                                           syscall.Errno = 13809
+	ERROR_IPSEC_IKE_QM_ACQUIRE_DROP                                           syscall.Errno = 13810
+	ERROR_IPSEC_IKE_QUEUE_DROP_MM                                             syscall.Errno = 13811
+	ERROR_IPSEC_IKE_QUEUE_DROP_NO_MM                                          syscall.Errno = 13812
+	ERROR_IPSEC_IKE_DROP_NO_RESPONSE                                          syscall.Errno = 13813
+	ERROR_IPSEC_IKE_MM_DELAY_DROP                                             syscall.Errno = 13814
+	ERROR_IPSEC_IKE_QM_DELAY_DROP                                             syscall.Errno = 13815
+	ERROR_IPSEC_IKE_ERROR                                                     syscall.Errno = 13816
+	ERROR_IPSEC_IKE_CRL_FAILED                                                syscall.Errno = 13817
+	ERROR_IPSEC_IKE_INVALID_KEY_USAGE                                         syscall.Errno = 13818
+	ERROR_IPSEC_IKE_INVALID_CERT_TYPE                                         syscall.Errno = 13819
+	ERROR_IPSEC_IKE_NO_PRIVATE_KEY                                            syscall.Errno = 13820
+	ERROR_IPSEC_IKE_SIMULTANEOUS_REKEY                                        syscall.Errno = 13821
+	ERROR_IPSEC_IKE_DH_FAIL                                                   syscall.Errno = 13822
+	ERROR_IPSEC_IKE_CRITICAL_PAYLOAD_NOT_RECOGNIZED                           syscall.Errno = 13823
+	ERROR_IPSEC_IKE_INVALID_HEADER                                            syscall.Errno = 13824
+	ERROR_IPSEC_IKE_NO_POLICY                                                 syscall.Errno = 13825
+	ERROR_IPSEC_IKE_INVALID_SIGNATURE                                         syscall.Errno = 13826
+	ERROR_IPSEC_IKE_KERBEROS_ERROR                                            syscall.Errno = 13827
+	ERROR_IPSEC_IKE_NO_PUBLIC_KEY                                             syscall.Errno = 13828
+	ERROR_IPSEC_IKE_PROCESS_ERR                                               syscall.Errno = 13829
+	ERROR_IPSEC_IKE_PROCESS_ERR_SA                                            syscall.Errno = 13830
+	ERROR_IPSEC_IKE_PROCESS_ERR_PROP                                          syscall.Errno = 13831
+	ERROR_IPSEC_IKE_PROCESS_ERR_TRANS                                         syscall.Errno = 13832
+	ERROR_IPSEC_IKE_PROCESS_ERR_KE                                            syscall.Errno = 13833
+	ERROR_IPSEC_IKE_PROCESS_ERR_ID                                            syscall.Errno = 13834
+	ERROR_IPSEC_IKE_PROCESS_ERR_CERT                                          syscall.Errno = 13835
+	ERROR_IPSEC_IKE_PROCESS_ERR_CERT_REQ                                      syscall.Errno = 13836
+	ERROR_IPSEC_IKE_PROCESS_ERR_HASH                                          syscall.Errno = 13837
+	ERROR_IPSEC_IKE_PROCESS_ERR_SIG                                           syscall.Errno = 13838
+	ERROR_IPSEC_IKE_PROCESS_ERR_NONCE                                         syscall.Errno = 13839
+	ERROR_IPSEC_IKE_PROCESS_ERR_NOTIFY                                        syscall.Errno = 13840
+	ERROR_IPSEC_IKE_PROCESS_ERR_DELETE                                        syscall.Errno = 13841
+	ERROR_IPSEC_IKE_PROCESS_ERR_VENDOR                                        syscall.Errno = 13842
+	ERROR_IPSEC_IKE_INVALID_PAYLOAD                                           syscall.Errno = 13843
+	ERROR_IPSEC_IKE_LOAD_SOFT_SA                                              syscall.Errno = 13844
+	ERROR_IPSEC_IKE_SOFT_SA_TORN_DOWN                                         syscall.Errno = 13845
+	ERROR_IPSEC_IKE_INVALID_COOKIE                                            syscall.Errno = 13846
+	ERROR_IPSEC_IKE_NO_PEER_CERT                                              syscall.Errno = 13847
+	ERROR_IPSEC_IKE_PEER_CRL_FAILED                                           syscall.Errno = 13848
+	ERROR_IPSEC_IKE_POLICY_CHANGE                                             syscall.Errno = 13849
+	ERROR_IPSEC_IKE_NO_MM_POLICY                                              syscall.Errno = 13850
+	ERROR_IPSEC_IKE_NOTCBPRIV                                                 syscall.Errno = 13851
+	ERROR_IPSEC_IKE_SECLOADFAIL                                               syscall.Errno = 13852
+	ERROR_IPSEC_IKE_FAILSSPINIT                                               syscall.Errno = 13853
+	ERROR_IPSEC_IKE_FAILQUERYSSP                                              syscall.Errno = 13854
+	ERROR_IPSEC_IKE_SRVACQFAIL                                                syscall.Errno = 13855
+	ERROR_IPSEC_IKE_SRVQUERYCRED                                              syscall.Errno = 13856
+	ERROR_IPSEC_IKE_GETSPIFAIL                                                syscall.Errno = 13857
+	ERROR_IPSEC_IKE_INVALID_FILTER                                            syscall.Errno = 13858
+	ERROR_IPSEC_IKE_OUT_OF_MEMORY                                             syscall.Errno = 13859
+	ERROR_IPSEC_IKE_ADD_UPDATE_KEY_FAILED                                     syscall.Errno = 13860
+	ERROR_IPSEC_IKE_INVALID_POLICY                                            syscall.Errno = 13861
+	ERROR_IPSEC_IKE_UNKNOWN_DOI                                               syscall.Errno = 13862
+	ERROR_IPSEC_IKE_INVALID_SITUATION                                         syscall.Errno = 13863
+	ERROR_IPSEC_IKE_DH_FAILURE                                                syscall.Errno = 13864
+	ERROR_IPSEC_IKE_INVALID_GROUP                                             syscall.Errno = 13865
+	ERROR_IPSEC_IKE_ENCRYPT                                                   syscall.Errno = 13866
+	ERROR_IPSEC_IKE_DECRYPT                                                   syscall.Errno = 13867
+	ERROR_IPSEC_IKE_POLICY_MATCH                                              syscall.Errno = 13868
+	ERROR_IPSEC_IKE_UNSUPPORTED_ID                                            syscall.Errno = 13869
+	ERROR_IPSEC_IKE_INVALID_HASH                                              syscall.Errno = 13870
+	ERROR_IPSEC_IKE_INVALID_HASH_ALG                                          syscall.Errno = 13871
+	ERROR_IPSEC_IKE_INVALID_HASH_SIZE                                         syscall.Errno = 13872
+	ERROR_IPSEC_IKE_INVALID_ENCRYPT_ALG                                       syscall.Errno = 13873
+	ERROR_IPSEC_IKE_INVALID_AUTH_ALG                                          syscall.Errno = 13874
+	ERROR_IPSEC_IKE_INVALID_SIG                                               syscall.Errno = 13875
+	ERROR_IPSEC_IKE_LOAD_FAILED                                               syscall.Errno = 13876
+	ERROR_IPSEC_IKE_RPC_DELETE                                                syscall.Errno = 13877
+	ERROR_IPSEC_IKE_BENIGN_REINIT                                             syscall.Errno = 13878
+	ERROR_IPSEC_IKE_INVALID_RESPONDER_LIFETIME_NOTIFY                         syscall.Errno = 13879
+	ERROR_IPSEC_IKE_INVALID_MAJOR_VERSION                                     syscall.Errno = 13880
+	ERROR_IPSEC_IKE_INVALID_CERT_KEYLEN                                       syscall.Errno = 13881
+	ERROR_IPSEC_IKE_MM_LIMIT                                                  syscall.Errno = 13882
+	ERROR_IPSEC_IKE_NEGOTIATION_DISABLED                                      syscall.Errno = 13883
+	ERROR_IPSEC_IKE_QM_LIMIT                                                  syscall.Errno = 13884
+	ERROR_IPSEC_IKE_MM_EXPIRED                                                syscall.Errno = 13885
+	ERROR_IPSEC_IKE_PEER_MM_ASSUMED_INVALID                                   syscall.Errno = 13886
+	ERROR_IPSEC_IKE_CERT_CHAIN_POLICY_MISMATCH                                syscall.Errno = 13887
+	ERROR_IPSEC_IKE_UNEXPECTED_MESSAGE_ID                                     syscall.Errno = 13888
+	ERROR_IPSEC_IKE_INVALID_AUTH_PAYLOAD                                      syscall.Errno = 13889
+	ERROR_IPSEC_IKE_DOS_COOKIE_SENT                                           syscall.Errno = 13890
+	ERROR_IPSEC_IKE_SHUTTING_DOWN                                             syscall.Errno = 13891
+	ERROR_IPSEC_IKE_CGA_AUTH_FAILED                                           syscall.Errno = 13892
+	ERROR_IPSEC_IKE_PROCESS_ERR_NATOA                                         syscall.Errno = 13893
+	ERROR_IPSEC_IKE_INVALID_MM_FOR_QM                                         syscall.Errno = 13894
+	ERROR_IPSEC_IKE_QM_EXPIRED                                                syscall.Errno = 13895
+	ERROR_IPSEC_IKE_TOO_MANY_FILTERS                                          syscall.Errno = 13896
+	ERROR_IPSEC_IKE_NEG_STATUS_END                                            syscall.Errno = 13897
+	ERROR_IPSEC_IKE_KILL_DUMMY_NAP_TUNNEL                                     syscall.Errno = 13898
+	ERROR_IPSEC_IKE_INNER_IP_ASSIGNMENT_FAILURE                               syscall.Errno = 13899
+	ERROR_IPSEC_IKE_REQUIRE_CP_PAYLOAD_MISSING                                syscall.Errno = 13900
+	ERROR_IPSEC_KEY_MODULE_IMPERSONATION_NEGOTIATION_PENDING                  syscall.Errno = 13901
+	ERROR_IPSEC_IKE_COEXISTENCE_SUPPRESS                                      syscall.Errno = 13902
+	ERROR_IPSEC_IKE_RATELIMIT_DROP                                            syscall.Errno = 13903
+	ERROR_IPSEC_IKE_PEER_DOESNT_SUPPORT_MOBIKE                                syscall.Errno = 13904
+	ERROR_IPSEC_IKE_AUTHORIZATION_FAILURE                                     syscall.Errno = 13905
+	ERROR_IPSEC_IKE_STRONG_CRED_AUTHORIZATION_FAILURE                         syscall.Errno = 13906
+	ERROR_IPSEC_IKE_AUTHORIZATION_FAILURE_WITH_OPTIONAL_RETRY                 syscall.Errno = 13907
+	ERROR_IPSEC_IKE_STRONG_CRED_AUTHORIZATION_AND_CERTMAP_FAILURE             syscall.Errno = 13908
+	ERROR_IPSEC_IKE_NEG_STATUS_EXTENDED_END                                   syscall.Errno = 13909
+	ERROR_IPSEC_BAD_SPI                                                       syscall.Errno = 13910
+	ERROR_IPSEC_SA_LIFETIME_EXPIRED                                           syscall.Errno = 13911
+	ERROR_IPSEC_WRONG_SA                                                      syscall.Errno = 13912
+	ERROR_IPSEC_REPLAY_CHECK_FAILED                                           syscall.Errno = 13913
+	ERROR_IPSEC_INVALID_PACKET                                                syscall.Errno = 13914
+	ERROR_IPSEC_INTEGRITY_CHECK_FAILED                                        syscall.Errno = 13915
+	ERROR_IPSEC_CLEAR_TEXT_DROP                                               syscall.Errno = 13916
+	ERROR_IPSEC_AUTH_FIREWALL_DROP                                            syscall.Errno = 13917
+	ERROR_IPSEC_THROTTLE_DROP                                                 syscall.Errno = 13918
+	ERROR_IPSEC_DOSP_BLOCK                                                    syscall.Errno = 13925
+	ERROR_IPSEC_DOSP_RECEIVED_MULTICAST                                       syscall.Errno = 13926
+	ERROR_IPSEC_DOSP_INVALID_PACKET                                           syscall.Errno = 13927
+	ERROR_IPSEC_DOSP_STATE_LOOKUP_FAILED                                      syscall.Errno = 13928
+	ERROR_IPSEC_DOSP_MAX_ENTRIES                                              syscall.Errno = 13929
+	ERROR_IPSEC_DOSP_KEYMOD_NOT_ALLOWED                                       syscall.Errno = 13930
+	ERROR_IPSEC_DOSP_NOT_INSTALLED                                            syscall.Errno = 13931
+	ERROR_IPSEC_DOSP_MAX_PER_IP_RATELIMIT_QUEUES                              syscall.Errno = 13932
+	ERROR_SXS_SECTION_NOT_FOUND                                               syscall.Errno = 14000
+	ERROR_SXS_CANT_GEN_ACTCTX                                                 syscall.Errno = 14001
+	ERROR_SXS_INVALID_ACTCTXDATA_FORMAT                                       syscall.Errno = 14002
+	ERROR_SXS_ASSEMBLY_NOT_FOUND                                              syscall.Errno = 14003
+	ERROR_SXS_MANIFEST_FORMAT_ERROR                                           syscall.Errno = 14004
+	ERROR_SXS_MANIFEST_PARSE_ERROR                                            syscall.Errno = 14005
+	ERROR_SXS_ACTIVATION_CONTEXT_DISABLED                                     syscall.Errno = 14006
+	ERROR_SXS_KEY_NOT_FOUND                                                   syscall.Errno = 14007
+	ERROR_SXS_VERSION_CONFLICT                                                syscall.Errno = 14008
+	ERROR_SXS_WRONG_SECTION_TYPE                                              syscall.Errno = 14009
+	ERROR_SXS_THREAD_QUERIES_DISABLED                                         syscall.Errno = 14010
+	ERROR_SXS_PROCESS_DEFAULT_ALREADY_SET                                     syscall.Errno = 14011
+	ERROR_SXS_UNKNOWN_ENCODING_GROUP                                          syscall.Errno = 14012
+	ERROR_SXS_UNKNOWN_ENCODING                                                syscall.Errno = 14013
+	ERROR_SXS_INVALID_XML_NAMESPACE_URI                                       syscall.Errno = 14014
+	ERROR_SXS_ROOT_MANIFEST_DEPENDENCY_NOT_INSTALLED                          syscall.Errno = 14015
+	ERROR_SXS_LEAF_MANIFEST_DEPENDENCY_NOT_INSTALLED                          syscall.Errno = 14016
+	ERROR_SXS_INVALID_ASSEMBLY_IDENTITY_ATTRIBUTE                             syscall.Errno = 14017
+	ERROR_SXS_MANIFEST_MISSING_REQUIRED_DEFAULT_NAMESPACE                     syscall.Errno = 14018
+	ERROR_SXS_MANIFEST_INVALID_REQUIRED_DEFAULT_NAMESPACE                     syscall.Errno = 14019
+	ERROR_SXS_PRIVATE_MANIFEST_CROSS_PATH_WITH_REPARSE_POINT                  syscall.Errno = 14020
+	ERROR_SXS_DUPLICATE_DLL_NAME                                              syscall.Errno = 14021
+	ERROR_SXS_DUPLICATE_WINDOWCLASS_NAME                                      syscall.Errno = 14022
+	ERROR_SXS_DUPLICATE_CLSID                                                 syscall.Errno = 14023
+	ERROR_SXS_DUPLICATE_IID                                                   syscall.Errno = 14024
+	ERROR_SXS_DUPLICATE_TLBID                                                 syscall.Errno = 14025
+	ERROR_SXS_DUPLICATE_PROGID                                                syscall.Errno = 14026
+	ERROR_SXS_DUPLICATE_ASSEMBLY_NAME                                         syscall.Errno = 14027
+	ERROR_SXS_FILE_HASH_MISMATCH                                              syscall.Errno = 14028
+	ERROR_SXS_POLICY_PARSE_ERROR                                              syscall.Errno = 14029
+	ERROR_SXS_XML_E_MISSINGQUOTE                                              syscall.Errno = 14030
+	ERROR_SXS_XML_E_COMMENTSYNTAX                                             syscall.Errno = 14031
+	ERROR_SXS_XML_E_BADSTARTNAMECHAR                                          syscall.Errno = 14032
+	ERROR_SXS_XML_E_BADNAMECHAR                                               syscall.Errno = 14033
+	ERROR_SXS_XML_E_BADCHARINSTRING                                           syscall.Errno = 14034
+	ERROR_SXS_XML_E_XMLDECLSYNTAX                                             syscall.Errno = 14035
+	ERROR_SXS_XML_E_BADCHARDATA                                               syscall.Errno = 14036
+	ERROR_SXS_XML_E_MISSINGWHITESPACE                                         syscall.Errno = 14037
+	ERROR_SXS_XML_E_EXPECTINGTAGEND                                           syscall.Errno = 14038
+	ERROR_SXS_XML_E_MISSINGSEMICOLON                                          syscall.Errno = 14039
+	ERROR_SXS_XML_E_UNBALANCEDPAREN                                           syscall.Errno = 14040
+	ERROR_SXS_XML_E_INTERNALERROR                                             syscall.Errno = 14041
+	ERROR_SXS_XML_E_UNEXPECTED_WHITESPACE                                     syscall.Errno = 14042
+	ERROR_SXS_XML_E_INCOMPLETE_ENCODING                                       syscall.Errno = 14043
+	ERROR_SXS_XML_E_MISSING_PAREN                                             syscall.Errno = 14044
+	ERROR_SXS_XML_E_EXPECTINGCLOSEQUOTE                                       syscall.Errno = 14045
+	ERROR_SXS_XML_E_MULTIPLE_COLONS                                           syscall.Errno = 14046
+	ERROR_SXS_XML_E_INVALID_DECIMAL                                           syscall.Errno = 14047
+	ERROR_SXS_XML_E_INVALID_HEXIDECIMAL                                       syscall.Errno = 14048
+	ERROR_SXS_XML_E_INVALID_UNICODE                                           syscall.Errno = 14049
+	ERROR_SXS_XML_E_WHITESPACEORQUESTIONMARK                                  syscall.Errno = 14050
+	ERROR_SXS_XML_E_UNEXPECTEDENDTAG                                          syscall.Errno = 14051
+	ERROR_SXS_XML_E_UNCLOSEDTAG                                               syscall.Errno = 14052
+	ERROR_SXS_XML_E_DUPLICATEATTRIBUTE                                        syscall.Errno = 14053
+	ERROR_SXS_XML_E_MULTIPLEROOTS                                             syscall.Errno = 14054
+	ERROR_SXS_XML_E_INVALIDATROOTLEVEL                                        syscall.Errno = 14055
+	ERROR_SXS_XML_E_BADXMLDECL                                                syscall.Errno = 14056
+	ERROR_SXS_XML_E_MISSINGROOT                                               syscall.Errno = 14057
+	ERROR_SXS_XML_E_UNEXPECTEDEOF                                             syscall.Errno = 14058
+	ERROR_SXS_XML_E_BADPEREFINSUBSET                                          syscall.Errno = 14059
+	ERROR_SXS_XML_E_UNCLOSEDSTARTTAG                                          syscall.Errno = 14060
+	ERROR_SXS_XML_E_UNCLOSEDENDTAG                                            syscall.Errno = 14061
+	ERROR_SXS_XML_E_UNCLOSEDSTRING                                            syscall.Errno = 14062
+	ERROR_SXS_XML_E_UNCLOSEDCOMMENT                                           syscall.Errno = 14063
+	ERROR_SXS_XML_E_UNCLOSEDDECL                                              syscall.Errno = 14064
+	ERROR_SXS_XML_E_UNCLOSEDCDATA                                             syscall.Errno = 14065
+	ERROR_SXS_XML_E_RESERVEDNAMESPACE                                         syscall.Errno = 14066
+	ERROR_SXS_XML_E_INVALIDENCODING                                           syscall.Errno = 14067
+	ERROR_SXS_XML_E_INVALIDSWITCH                                             syscall.Errno = 14068
+	ERROR_SXS_XML_E_BADXMLCASE                                                syscall.Errno = 14069
+	ERROR_SXS_XML_E_INVALID_STANDALONE                                        syscall.Errno = 14070
+	ERROR_SXS_XML_E_UNEXPECTED_STANDALONE                                     syscall.Errno = 14071
+	ERROR_SXS_XML_E_INVALID_VERSION                                           syscall.Errno = 14072
+	ERROR_SXS_XML_E_MISSINGEQUALS                                             syscall.Errno = 14073
+	ERROR_SXS_PROTECTION_RECOVERY_FAILED                                      syscall.Errno = 14074
+	ERROR_SXS_PROTECTION_PUBLIC_KEY_TOO_SHORT                                 syscall.Errno = 14075
+	ERROR_SXS_PROTECTION_CATALOG_NOT_VALID                                    syscall.Errno = 14076
+	ERROR_SXS_UNTRANSLATABLE_HRESULT                                          syscall.Errno = 14077
+	ERROR_SXS_PROTECTION_CATALOG_FILE_MISSING                                 syscall.Errno = 14078
+	ERROR_SXS_MISSING_ASSEMBLY_IDENTITY_ATTRIBUTE                             syscall.Errno = 14079
+	ERROR_SXS_INVALID_ASSEMBLY_IDENTITY_ATTRIBUTE_NAME                        syscall.Errno = 14080
+	ERROR_SXS_ASSEMBLY_MISSING                                                syscall.Errno = 14081
+	ERROR_SXS_CORRUPT_ACTIVATION_STACK                                        syscall.Errno = 14082
+	ERROR_SXS_CORRUPTION                                                      syscall.Errno = 14083
+	ERROR_SXS_EARLY_DEACTIVATION                                              syscall.Errno = 14084
+	ERROR_SXS_INVALID_DEACTIVATION                                            syscall.Errno = 14085
+	ERROR_SXS_MULTIPLE_DEACTIVATION                                           syscall.Errno = 14086
+	ERROR_SXS_PROCESS_TERMINATION_REQUESTED                                   syscall.Errno = 14087
+	ERROR_SXS_RELEASE_ACTIVATION_CONTEXT                                      syscall.Errno = 14088
+	ERROR_SXS_SYSTEM_DEFAULT_ACTIVATION_CONTEXT_EMPTY                         syscall.Errno = 14089
+	ERROR_SXS_INVALID_IDENTITY_ATTRIBUTE_VALUE                                syscall.Errno = 14090
+	ERROR_SXS_INVALID_IDENTITY_ATTRIBUTE_NAME                                 syscall.Errno = 14091
+	ERROR_SXS_IDENTITY_DUPLICATE_ATTRIBUTE                                    syscall.Errno = 14092
+	ERROR_SXS_IDENTITY_PARSE_ERROR                                            syscall.Errno = 14093
+	ERROR_MALFORMED_SUBSTITUTION_STRING                                       syscall.Errno = 14094
+	ERROR_SXS_INCORRECT_PUBLIC_KEY_TOKEN                                      syscall.Errno = 14095
+	ERROR_UNMAPPED_SUBSTITUTION_STRING                                        syscall.Errno = 14096
+	ERROR_SXS_ASSEMBLY_NOT_LOCKED                                             syscall.Errno = 14097
+	ERROR_SXS_COMPONENT_STORE_CORRUPT                                         syscall.Errno = 14098
+	ERROR_ADVANCED_INSTALLER_FAILED                                           syscall.Errno = 14099
+	ERROR_XML_ENCODING_MISMATCH                                               syscall.Errno = 14100
+	ERROR_SXS_MANIFEST_IDENTITY_SAME_BUT_CONTENTS_DIFFERENT                   syscall.Errno = 14101
+	ERROR_SXS_IDENTITIES_DIFFERENT                                            syscall.Errno = 14102
+	ERROR_SXS_ASSEMBLY_IS_NOT_A_DEPLOYMENT                                    syscall.Errno = 14103
+	ERROR_SXS_FILE_NOT_PART_OF_ASSEMBLY                                       syscall.Errno = 14104
+	ERROR_SXS_MANIFEST_TOO_BIG                                                syscall.Errno = 14105
+	ERROR_SXS_SETTING_NOT_REGISTERED                                          syscall.Errno = 14106
+	ERROR_SXS_TRANSACTION_CLOSURE_INCOMPLETE                                  syscall.Errno = 14107
+	ERROR_SMI_PRIMITIVE_INSTALLER_FAILED                                      syscall.Errno = 14108
+	ERROR_GENERIC_COMMAND_FAILED                                              syscall.Errno = 14109
+	ERROR_SXS_FILE_HASH_MISSING                                               syscall.Errno = 14110
+	ERROR_EVT_INVALID_CHANNEL_PATH                                            syscall.Errno = 15000
+	ERROR_EVT_INVALID_QUERY                                                   syscall.Errno = 15001
+	ERROR_EVT_PUBLISHER_METADATA_NOT_FOUND                                    syscall.Errno = 15002
+	ERROR_EVT_EVENT_TEMPLATE_NOT_FOUND                                        syscall.Errno = 15003
+	ERROR_EVT_INVALID_PUBLISHER_NAME                                          syscall.Errno = 15004
+	ERROR_EVT_INVALID_EVENT_DATA                                              syscall.Errno = 15005
+	ERROR_EVT_CHANNEL_NOT_FOUND                                               syscall.Errno = 15007
+	ERROR_EVT_MALFORMED_XML_TEXT                                              syscall.Errno = 15008
+	ERROR_EVT_SUBSCRIPTION_TO_DIRECT_CHANNEL                                  syscall.Errno = 15009
+	ERROR_EVT_CONFIGURATION_ERROR                                             syscall.Errno = 15010
+	ERROR_EVT_QUERY_RESULT_STALE                                              syscall.Errno = 15011
+	ERROR_EVT_QUERY_RESULT_INVALID_POSITION                                   syscall.Errno = 15012
+	ERROR_EVT_NON_VALIDATING_MSXML                                            syscall.Errno = 15013
+	ERROR_EVT_FILTER_ALREADYSCOPED                                            syscall.Errno = 15014
+	ERROR_EVT_FILTER_NOTELTSET                                                syscall.Errno = 15015
+	ERROR_EVT_FILTER_INVARG                                                   syscall.Errno = 15016
+	ERROR_EVT_FILTER_INVTEST                                                  syscall.Errno = 15017
+	ERROR_EVT_FILTER_INVTYPE                                                  syscall.Errno = 15018
+	ERROR_EVT_FILTER_PARSEERR                                                 syscall.Errno = 15019
+	ERROR_EVT_FILTER_UNSUPPORTEDOP                                            syscall.Errno = 15020
+	ERROR_EVT_FILTER_UNEXPECTEDTOKEN                                          syscall.Errno = 15021
+	ERROR_EVT_INVALID_OPERATION_OVER_ENABLED_DIRECT_CHANNEL                   syscall.Errno = 15022
+	ERROR_EVT_INVALID_CHANNEL_PROPERTY_VALUE                                  syscall.Errno = 15023
+	ERROR_EVT_INVALID_PUBLISHER_PROPERTY_VALUE                                syscall.Errno = 15024
+	ERROR_EVT_CHANNEL_CANNOT_ACTIVATE                                         syscall.Errno = 15025
+	ERROR_EVT_FILTER_TOO_COMPLEX                                              syscall.Errno = 15026
+	ERROR_EVT_MESSAGE_NOT_FOUND                                               syscall.Errno = 15027
+	ERROR_EVT_MESSAGE_ID_NOT_FOUND                                            syscall.Errno = 15028
+	ERROR_EVT_UNRESOLVED_VALUE_INSERT                                         syscall.Errno = 15029
+	ERROR_EVT_UNRESOLVED_PARAMETER_INSERT                                     syscall.Errno = 15030
+	ERROR_EVT_MAX_INSERTS_REACHED                                             syscall.Errno = 15031
+	ERROR_EVT_EVENT_DEFINITION_NOT_FOUND                                      syscall.Errno = 15032
+	ERROR_EVT_MESSAGE_LOCALE_NOT_FOUND                                        syscall.Errno = 15033
+	ERROR_EVT_VERSION_TOO_OLD                                                 syscall.Errno = 15034
+	ERROR_EVT_VERSION_TOO_NEW                                                 syscall.Errno = 15035
+	ERROR_EVT_CANNOT_OPEN_CHANNEL_OF_QUERY                                    syscall.Errno = 15036
+	ERROR_EVT_PUBLISHER_DISABLED                                              syscall.Errno = 15037
+	ERROR_EVT_FILTER_OUT_OF_RANGE                                             syscall.Errno = 15038
+	ERROR_EC_SUBSCRIPTION_CANNOT_ACTIVATE                                     syscall.Errno = 15080
+	ERROR_EC_LOG_DISABLED                                                     syscall.Errno = 15081
+	ERROR_EC_CIRCULAR_FORWARDING                                              syscall.Errno = 15082
+	ERROR_EC_CREDSTORE_FULL                                                   syscall.Errno = 15083
+	ERROR_EC_CRED_NOT_FOUND                                                   syscall.Errno = 15084
+	ERROR_EC_NO_ACTIVE_CHANNEL                                                syscall.Errno = 15085
+	ERROR_MUI_FILE_NOT_FOUND                                                  syscall.Errno = 15100
+	ERROR_MUI_INVALID_FILE                                                    syscall.Errno = 15101
+	ERROR_MUI_INVALID_RC_CONFIG                                               syscall.Errno = 15102
+	ERROR_MUI_INVALID_LOCALE_NAME                                             syscall.Errno = 15103
+	ERROR_MUI_INVALID_ULTIMATEFALLBACK_NAME                                   syscall.Errno = 15104
+	ERROR_MUI_FILE_NOT_LOADED                                                 syscall.Errno = 15105
+	ERROR_RESOURCE_ENUM_USER_STOP                                             syscall.Errno = 15106
+	ERROR_MUI_INTLSETTINGS_UILANG_NOT_INSTALLED                               syscall.Errno = 15107
+	ERROR_MUI_INTLSETTINGS_INVALID_LOCALE_NAME                                syscall.Errno = 15108
+	ERROR_MRM_RUNTIME_NO_DEFAULT_OR_NEUTRAL_RESOURCE                          syscall.Errno = 15110
+	ERROR_MRM_INVALID_PRICONFIG                                               syscall.Errno = 15111
+	ERROR_MRM_INVALID_FILE_TYPE                                               syscall.Errno = 15112
+	ERROR_MRM_UNKNOWN_QUALIFIER                                               syscall.Errno = 15113
+	ERROR_MRM_INVALID_QUALIFIER_VALUE                                         syscall.Errno = 15114
+	ERROR_MRM_NO_CANDIDATE                                                    syscall.Errno = 15115
+	ERROR_MRM_NO_MATCH_OR_DEFAULT_CANDIDATE                                   syscall.Errno = 15116
+	ERROR_MRM_RESOURCE_TYPE_MISMATCH                                          syscall.Errno = 15117
+	ERROR_MRM_DUPLICATE_MAP_NAME                                              syscall.Errno = 15118
+	ERROR_MRM_DUPLICATE_ENTRY                                                 syscall.Errno = 15119
+	ERROR_MRM_INVALID_RESOURCE_IDENTIFIER                                     syscall.Errno = 15120
+	ERROR_MRM_FILEPATH_TOO_LONG                                               syscall.Errno = 15121
+	ERROR_MRM_UNSUPPORTED_DIRECTORY_TYPE                                      syscall.Errno = 15122
+	ERROR_MRM_INVALID_PRI_FILE                                                syscall.Errno = 15126
+	ERROR_MRM_NAMED_RESOURCE_NOT_FOUND                                        syscall.Errno = 15127
+	ERROR_MRM_MAP_NOT_FOUND                                                   syscall.Errno = 15135
+	ERROR_MRM_UNSUPPORTED_PROFILE_TYPE                                        syscall.Errno = 15136
+	ERROR_MRM_INVALID_QUALIFIER_OPERATOR                                      syscall.Errno = 15137
+	ERROR_MRM_INDETERMINATE_QUALIFIER_VALUE                                   syscall.Errno = 15138
+	ERROR_MRM_AUTOMERGE_ENABLED                                               syscall.Errno = 15139
+	ERROR_MRM_TOO_MANY_RESOURCES                                              syscall.Errno = 15140
+	ERROR_MRM_UNSUPPORTED_FILE_TYPE_FOR_MERGE                                 syscall.Errno = 15141
+	ERROR_MRM_UNSUPPORTED_FILE_TYPE_FOR_LOAD_UNLOAD_PRI_FILE                  syscall.Errno = 15142
+	ERROR_MRM_NO_CURRENT_VIEW_ON_THREAD                                       syscall.Errno = 15143
+	ERROR_DIFFERENT_PROFILE_RESOURCE_MANAGER_EXIST                            syscall.Errno = 15144
+	ERROR_OPERATION_NOT_ALLOWED_FROM_SYSTEM_COMPONENT                         syscall.Errno = 15145
+	ERROR_MRM_DIRECT_REF_TO_NON_DEFAULT_RESOURCE                              syscall.Errno = 15146
+	ERROR_MRM_GENERATION_COUNT_MISMATCH                                       syscall.Errno = 15147
+	ERROR_PRI_MERGE_VERSION_MISMATCH                                          syscall.Errno = 15148
+	ERROR_PRI_MERGE_MISSING_SCHEMA                                            syscall.Errno = 15149
+	ERROR_PRI_MERGE_LOAD_FILE_FAILED                                          syscall.Errno = 15150
+	ERROR_PRI_MERGE_ADD_FILE_FAILED                                           syscall.Errno = 15151
+	ERROR_PRI_MERGE_WRITE_FILE_FAILED                                         syscall.Errno = 15152
+	ERROR_PRI_MERGE_MULTIPLE_PACKAGE_FAMILIES_NOT_ALLOWED                     syscall.Errno = 15153
+	ERROR_PRI_MERGE_MULTIPLE_MAIN_PACKAGES_NOT_ALLOWED                        syscall.Errno = 15154
+	ERROR_PRI_MERGE_BUNDLE_PACKAGES_NOT_ALLOWED                               syscall.Errno = 15155
+	ERROR_PRI_MERGE_MAIN_PACKAGE_REQUIRED                                     syscall.Errno = 15156
+	ERROR_PRI_MERGE_RESOURCE_PACKAGE_REQUIRED                                 syscall.Errno = 15157
+	ERROR_PRI_MERGE_INVALID_FILE_NAME                                         syscall.Errno = 15158
+	ERROR_MRM_PACKAGE_NOT_FOUND                                               syscall.Errno = 15159
+	ERROR_MCA_INVALID_CAPABILITIES_STRING                                     syscall.Errno = 15200
+	ERROR_MCA_INVALID_VCP_VERSION                                             syscall.Errno = 15201
+	ERROR_MCA_MONITOR_VIOLATES_MCCS_SPECIFICATION                             syscall.Errno = 15202
+	ERROR_MCA_MCCS_VERSION_MISMATCH                                           syscall.Errno = 15203
+	ERROR_MCA_UNSUPPORTED_MCCS_VERSION                                        syscall.Errno = 15204
+	ERROR_MCA_INTERNAL_ERROR                                                  syscall.Errno = 15205
+	ERROR_MCA_INVALID_TECHNOLOGY_TYPE_RETURNED                                syscall.Errno = 15206
+	ERROR_MCA_UNSUPPORTED_COLOR_TEMPERATURE                                   syscall.Errno = 15207
+	ERROR_AMBIGUOUS_SYSTEM_DEVICE                                             syscall.Errno = 15250
+	ERROR_SYSTEM_DEVICE_NOT_FOUND                                             syscall.Errno = 15299
+	ERROR_HASH_NOT_SUPPORTED                                                  syscall.Errno = 15300
+	ERROR_HASH_NOT_PRESENT                                                    syscall.Errno = 15301
+	ERROR_SECONDARY_IC_PROVIDER_NOT_REGISTERED                                syscall.Errno = 15321
+	ERROR_GPIO_CLIENT_INFORMATION_INVALID                                     syscall.Errno = 15322
+	ERROR_GPIO_VERSION_NOT_SUPPORTED                                          syscall.Errno = 15323
+	ERROR_GPIO_INVALID_REGISTRATION_PACKET                                    syscall.Errno = 15324
+	ERROR_GPIO_OPERATION_DENIED                                               syscall.Errno = 15325
+	ERROR_GPIO_INCOMPATIBLE_CONNECT_MODE                                      syscall.Errno = 15326
+	ERROR_GPIO_INTERRUPT_ALREADY_UNMASKED                                     syscall.Errno = 15327
+	ERROR_CANNOT_SWITCH_RUNLEVEL                                              syscall.Errno = 15400
+	ERROR_INVALID_RUNLEVEL_SETTING                                            syscall.Errno = 15401
+	ERROR_RUNLEVEL_SWITCH_TIMEOUT                                             syscall.Errno = 15402
+	ERROR_RUNLEVEL_SWITCH_AGENT_TIMEOUT                                       syscall.Errno = 15403
+	ERROR_RUNLEVEL_SWITCH_IN_PROGRESS                                         syscall.Errno = 15404
+	ERROR_SERVICES_FAILED_AUTOSTART                                           syscall.Errno = 15405
+	ERROR_COM_TASK_STOP_PENDING                                               syscall.Errno = 15501
+	ERROR_INSTALL_OPEN_PACKAGE_FAILED                                         syscall.Errno = 15600
+	ERROR_INSTALL_PACKAGE_NOT_FOUND                                           syscall.Errno = 15601
+	ERROR_INSTALL_INVALID_PACKAGE                                             syscall.Errno = 15602
+	ERROR_INSTALL_RESOLVE_DEPENDENCY_FAILED                                   syscall.Errno = 15603
+	ERROR_INSTALL_OUT_OF_DISK_SPACE                                           syscall.Errno = 15604
+	ERROR_INSTALL_NETWORK_FAILURE                                             syscall.Errno = 15605
+	ERROR_INSTALL_REGISTRATION_FAILURE                                        syscall.Errno = 15606
+	ERROR_INSTALL_DEREGISTRATION_FAILURE                                      syscall.Errno = 15607
+	ERROR_INSTALL_CANCEL                                                      syscall.Errno = 15608
+	ERROR_INSTALL_FAILED                                                      syscall.Errno = 15609
+	ERROR_REMOVE_FAILED                                                       syscall.Errno = 15610
+	ERROR_PACKAGE_ALREADY_EXISTS                                              syscall.Errno = 15611
+	ERROR_NEEDS_REMEDIATION                                                   syscall.Errno = 15612
+	ERROR_INSTALL_PREREQUISITE_FAILED                                         syscall.Errno = 15613
+	ERROR_PACKAGE_REPOSITORY_CORRUPTED                                        syscall.Errno = 15614
+	ERROR_INSTALL_POLICY_FAILURE                                              syscall.Errno = 15615
+	ERROR_PACKAGE_UPDATING                                                    syscall.Errno = 15616
+	ERROR_DEPLOYMENT_BLOCKED_BY_POLICY                                        syscall.Errno = 15617
+	ERROR_PACKAGES_IN_USE                                                     syscall.Errno = 15618
+	ERROR_RECOVERY_FILE_CORRUPT                                               syscall.Errno = 15619
+	ERROR_INVALID_STAGED_SIGNATURE                                            syscall.Errno = 15620
+	ERROR_DELETING_EXISTING_APPLICATIONDATA_STORE_FAILED                      syscall.Errno = 15621
+	ERROR_INSTALL_PACKAGE_DOWNGRADE                                           syscall.Errno = 15622
+	ERROR_SYSTEM_NEEDS_REMEDIATION                                            syscall.Errno = 15623
+	ERROR_APPX_INTEGRITY_FAILURE_CLR_NGEN                                     syscall.Errno = 15624
+	ERROR_RESILIENCY_FILE_CORRUPT                                             syscall.Errno = 15625
+	ERROR_INSTALL_FIREWALL_SERVICE_NOT_RUNNING                                syscall.Errno = 15626
+	ERROR_PACKAGE_MOVE_FAILED                                                 syscall.Errno = 15627
+	ERROR_INSTALL_VOLUME_NOT_EMPTY                                            syscall.Errno = 15628
+	ERROR_INSTALL_VOLUME_OFFLINE                                              syscall.Errno = 15629
+	ERROR_INSTALL_VOLUME_CORRUPT                                              syscall.Errno = 15630
+	ERROR_NEEDS_REGISTRATION                                                  syscall.Errno = 15631
+	ERROR_INSTALL_WRONG_PROCESSOR_ARCHITECTURE                                syscall.Errno = 15632
+	ERROR_DEV_SIDELOAD_LIMIT_EXCEEDED                                         syscall.Errno = 15633
+	ERROR_INSTALL_OPTIONAL_PACKAGE_REQUIRES_MAIN_PACKAGE                      syscall.Errno = 15634
+	ERROR_PACKAGE_NOT_SUPPORTED_ON_FILESYSTEM                                 syscall.Errno = 15635
+	ERROR_PACKAGE_MOVE_BLOCKED_BY_STREAMING                                   syscall.Errno = 15636
+	ERROR_INSTALL_OPTIONAL_PACKAGE_APPLICATIONID_NOT_UNIQUE                   syscall.Errno = 15637
+	ERROR_PACKAGE_STAGING_ONHOLD                                              syscall.Errno = 15638
+	ERROR_INSTALL_INVALID_RELATED_SET_UPDATE                                  syscall.Errno = 15639
+	ERROR_INSTALL_OPTIONAL_PACKAGE_REQUIRES_MAIN_PACKAGE_FULLTRUST_CAPABILITY syscall.Errno = 15640
+	ERROR_DEPLOYMENT_BLOCKED_BY_USER_LOG_OFF                                  syscall.Errno = 15641
+	ERROR_PROVISION_OPTIONAL_PACKAGE_REQUIRES_MAIN_PACKAGE_PROVISIONED        syscall.Errno = 15642
+	ERROR_PACKAGES_REPUTATION_CHECK_FAILED                                    syscall.Errno = 15643
+	ERROR_PACKAGES_REPUTATION_CHECK_TIMEDOUT                                  syscall.Errno = 15644
+	ERROR_DEPLOYMENT_OPTION_NOT_SUPPORTED                                     syscall.Errno = 15645
+	ERROR_APPINSTALLER_ACTIVATION_BLOCKED                                     syscall.Errno = 15646
+	ERROR_REGISTRATION_FROM_REMOTE_DRIVE_NOT_SUPPORTED                        syscall.Errno = 15647
+	APPMODEL_ERROR_NO_PACKAGE                                                 syscall.Errno = 15700
+	APPMODEL_ERROR_PACKAGE_RUNTIME_CORRUPT                                    syscall.Errno = 15701
+	APPMODEL_ERROR_PACKAGE_IDENTITY_CORRUPT                                   syscall.Errno = 15702
+	APPMODEL_ERROR_NO_APPLICATION                                             syscall.Errno = 15703
+	APPMODEL_ERROR_DYNAMIC_PROPERTY_READ_FAILED                               syscall.Errno = 15704
+	APPMODEL_ERROR_DYNAMIC_PROPERTY_INVALID                                   syscall.Errno = 15705
+	APPMODEL_ERROR_PACKAGE_NOT_AVAILABLE                                      syscall.Errno = 15706
+	ERROR_STATE_LOAD_STORE_FAILED                                             syscall.Errno = 15800
+	ERROR_STATE_GET_VERSION_FAILED                                            syscall.Errno = 15801
+	ERROR_STATE_SET_VERSION_FAILED                                            syscall.Errno = 15802
+	ERROR_STATE_STRUCTURED_RESET_FAILED                                       syscall.Errno = 15803
+	ERROR_STATE_OPEN_CONTAINER_FAILED                                         syscall.Errno = 15804
+	ERROR_STATE_CREATE_CONTAINER_FAILED                                       syscall.Errno = 15805
+	ERROR_STATE_DELETE_CONTAINER_FAILED                                       syscall.Errno = 15806
+	ERROR_STATE_READ_SETTING_FAILED                                           syscall.Errno = 15807
+	ERROR_STATE_WRITE_SETTING_FAILED                                          syscall.Errno = 15808
+	ERROR_STATE_DELETE_SETTING_FAILED                                         syscall.Errno = 15809
+	ERROR_STATE_QUERY_SETTING_FAILED                                          syscall.Errno = 15810
+	ERROR_STATE_READ_COMPOSITE_SETTING_FAILED                                 syscall.Errno = 15811
+	ERROR_STATE_WRITE_COMPOSITE_SETTING_FAILED                                syscall.Errno = 15812
+	ERROR_STATE_ENUMERATE_CONTAINER_FAILED                                    syscall.Errno = 15813
+	ERROR_STATE_ENUMERATE_SETTINGS_FAILED                                     syscall.Errno = 15814
+	ERROR_STATE_COMPOSITE_SETTING_VALUE_SIZE_LIMIT_EXCEEDED                   syscall.Errno = 15815
+	ERROR_STATE_SETTING_VALUE_SIZE_LIMIT_EXCEEDED                             syscall.Errno = 15816
+	ERROR_STATE_SETTING_NAME_SIZE_LIMIT_EXCEEDED                              syscall.Errno = 15817
+	ERROR_STATE_CONTAINER_NAME_SIZE_LIMIT_EXCEEDED                            syscall.Errno = 15818
+	ERROR_API_UNAVAILABLE                                                     syscall.Errno = 15841
+	STORE_ERROR_UNLICENSED                                                    syscall.Errno = 15861
+	STORE_ERROR_UNLICENSED_USER                                               syscall.Errno = 15862
+	STORE_ERROR_PENDING_COM_TRANSACTION                                       syscall.Errno = 15863
+	STORE_ERROR_LICENSE_REVOKED                                               syscall.Errno = 15864
+	SEVERITY_SUCCESS                                                          syscall.Errno = 0
+	SEVERITY_ERROR                                                            syscall.Errno = 1
+	FACILITY_NT_BIT                                                                         = 0x10000000
+	E_NOT_SET                                                                               = ERROR_NOT_FOUND
+	E_NOT_VALID_STATE                                                                       = ERROR_INVALID_STATE
+	E_NOT_SUFFICIENT_BUFFER                                                                 = ERROR_INSUFFICIENT_BUFFER
+	E_TIME_CRITICAL_THREAD                                                                  = ERROR_TIME_CRITICAL_THREAD
+	NOERROR                                                                   syscall.Errno = 0
+	E_UNEXPECTED                                                              Handle        = 0x8000FFFF
+	E_NOTIMPL                                                                 Handle        = 0x80004001
+	E_OUTOFMEMORY                                                             Handle        = 0x8007000E
+	E_INVALIDARG                                                              Handle        = 0x80070057
+	E_NOINTERFACE                                                             Handle        = 0x80004002
+	E_POINTER                                                                 Handle        = 0x80004003
+	E_HANDLE                                                                  Handle        = 0x80070006
+	E_ABORT                                                                   Handle        = 0x80004004
+	E_FAIL                                                                    Handle        = 0x80004005
+	E_ACCESSDENIED                                                            Handle        = 0x80070005
+	E_PENDING                                                                 Handle        = 0x8000000A
+	E_BOUNDS                                                                  Handle        = 0x8000000B
+	E_CHANGED_STATE                                                           Handle        = 0x8000000C
+	E_ILLEGAL_STATE_CHANGE                                                    Handle        = 0x8000000D
+	E_ILLEGAL_METHOD_CALL                                                     Handle        = 0x8000000E
+	RO_E_METADATA_NAME_NOT_FOUND                                              Handle        = 0x8000000F
+	RO_E_METADATA_NAME_IS_NAMESPACE                                           Handle        = 0x80000010
+	RO_E_METADATA_INVALID_TYPE_FORMAT                                         Handle        = 0x80000011
+	RO_E_INVALID_METADATA_FILE                                                Handle        = 0x80000012
+	RO_E_CLOSED                                                               Handle        = 0x80000013
+	RO_E_EXCLUSIVE_WRITE                                                      Handle        = 0x80000014
+	RO_E_CHANGE_NOTIFICATION_IN_PROGRESS                                      Handle        = 0x80000015
+	RO_E_ERROR_STRING_NOT_FOUND                                               Handle        = 0x80000016
+	E_STRING_NOT_NULL_TERMINATED                                              Handle        = 0x80000017
+	E_ILLEGAL_DELEGATE_ASSIGNMENT                                             Handle        = 0x80000018
+	E_ASYNC_OPERATION_NOT_STARTED                                             Handle        = 0x80000019
+	E_APPLICATION_EXITING                                                     Handle        = 0x8000001A
+	E_APPLICATION_VIEW_EXITING                                                Handle        = 0x8000001B
+	RO_E_MUST_BE_AGILE                                                        Handle        = 0x8000001C
+	RO_E_UNSUPPORTED_FROM_MTA                                                 Handle        = 0x8000001D
+	RO_E_COMMITTED                                                            Handle        = 0x8000001E
+	RO_E_BLOCKED_CROSS_ASTA_CALL                                              Handle        = 0x8000001F
+	RO_E_CANNOT_ACTIVATE_FULL_TRUST_SERVER                                    Handle        = 0x80000020
+	RO_E_CANNOT_ACTIVATE_UNIVERSAL_APPLICATION_SERVER                         Handle        = 0x80000021
+	CO_E_INIT_TLS                                                             Handle        = 0x80004006
+	CO_E_INIT_SHARED_ALLOCATOR                                                Handle        = 0x80004007
+	CO_E_INIT_MEMORY_ALLOCATOR                                                Handle        = 0x80004008
+	CO_E_INIT_CLASS_CACHE                                                     Handle        = 0x80004009
+	CO_E_INIT_RPC_CHANNEL                                                     Handle        = 0x8000400A
+	CO_E_INIT_TLS_SET_CHANNEL_CONTROL                                         Handle        = 0x8000400B
+	CO_E_INIT_TLS_CHANNEL_CONTROL                                             Handle        = 0x8000400C
+	CO_E_INIT_UNACCEPTED_USER_ALLOCATOR                                       Handle        = 0x8000400D
+	CO_E_INIT_SCM_MUTEX_EXISTS                                                Handle        = 0x8000400E
+	CO_E_INIT_SCM_FILE_MAPPING_EXISTS                                         Handle        = 0x8000400F
+	CO_E_INIT_SCM_MAP_VIEW_OF_FILE                                            Handle        = 0x80004010
+	CO_E_INIT_SCM_EXEC_FAILURE                                                Handle        = 0x80004011
+	CO_E_INIT_ONLY_SINGLE_THREADED                                            Handle        = 0x80004012
+	CO_E_CANT_REMOTE                                                          Handle        = 0x80004013
+	CO_E_BAD_SERVER_NAME                                                      Handle        = 0x80004014
+	CO_E_WRONG_SERVER_IDENTITY                                                Handle        = 0x80004015
+	CO_E_OLE1DDE_DISABLED                                                     Handle        = 0x80004016
+	CO_E_RUNAS_SYNTAX                                                         Handle        = 0x80004017
+	CO_E_CREATEPROCESS_FAILURE                                                Handle        = 0x80004018
+	CO_E_RUNAS_CREATEPROCESS_FAILURE                                          Handle        = 0x80004019
+	CO_E_RUNAS_LOGON_FAILURE                                                  Handle        = 0x8000401A
+	CO_E_LAUNCH_PERMSSION_DENIED                                              Handle        = 0x8000401B
+	CO_E_START_SERVICE_FAILURE                                                Handle        = 0x8000401C
+	CO_E_REMOTE_COMMUNICATION_FAILURE                                         Handle        = 0x8000401D
+	CO_E_SERVER_START_TIMEOUT                                                 Handle        = 0x8000401E
+	CO_E_CLSREG_INCONSISTENT                                                  Handle        = 0x8000401F
+	CO_E_IIDREG_INCONSISTENT                                                  Handle        = 0x80004020
+	CO_E_NOT_SUPPORTED                                                        Handle        = 0x80004021
+	CO_E_RELOAD_DLL                                                           Handle        = 0x80004022
+	CO_E_MSI_ERROR                                                            Handle        = 0x80004023
+	CO_E_ATTEMPT_TO_CREATE_OUTSIDE_CLIENT_CONTEXT                             Handle        = 0x80004024
+	CO_E_SERVER_PAUSED                                                        Handle        = 0x80004025
+	CO_E_SERVER_NOT_PAUSED                                                    Handle        = 0x80004026
+	CO_E_CLASS_DISABLED                                                       Handle        = 0x80004027
+	CO_E_CLRNOTAVAILABLE                                                      Handle        = 0x80004028
+	CO_E_ASYNC_WORK_REJECTED                                                  Handle        = 0x80004029
+	CO_E_SERVER_INIT_TIMEOUT                                                  Handle        = 0x8000402A
+	CO_E_NO_SECCTX_IN_ACTIVATE                                                Handle        = 0x8000402B
+	CO_E_TRACKER_CONFIG                                                       Handle        = 0x80004030
+	CO_E_THREADPOOL_CONFIG                                                    Handle        = 0x80004031
+	CO_E_SXS_CONFIG                                                           Handle        = 0x80004032
+	CO_E_MALFORMED_SPN                                                        Handle        = 0x80004033
+	CO_E_UNREVOKED_REGISTRATION_ON_APARTMENT_SHUTDOWN                         Handle        = 0x80004034
+	CO_E_PREMATURE_STUB_RUNDOWN                                               Handle        = 0x80004035
+	S_OK                                                                      Handle        = 0
+	S_FALSE                                                                   Handle        = 1
+	OLE_E_FIRST                                                               Handle        = 0x80040000
+	OLE_E_LAST                                                                Handle        = 0x800400FF
+	OLE_S_FIRST                                                               Handle        = 0x00040000
+	OLE_S_LAST                                                                Handle        = 0x000400FF
+	OLE_E_OLEVERB                                                             Handle        = 0x80040000
+	OLE_E_ADVF                                                                Handle        = 0x80040001
+	OLE_E_ENUM_NOMORE                                                         Handle        = 0x80040002
+	OLE_E_ADVISENOTSUPPORTED                                                  Handle        = 0x80040003
+	OLE_E_NOCONNECTION                                                        Handle        = 0x80040004
+	OLE_E_NOTRUNNING                                                          Handle        = 0x80040005
+	OLE_E_NOCACHE                                                             Handle        = 0x80040006
+	OLE_E_BLANK                                                               Handle        = 0x80040007
+	OLE_E_CLASSDIFF                                                           Handle        = 0x80040008
+	OLE_E_CANT_GETMONIKER                                                     Handle        = 0x80040009
+	OLE_E_CANT_BINDTOSOURCE                                                   Handle        = 0x8004000A
+	OLE_E_STATIC                                                              Handle        = 0x8004000B
+	OLE_E_PROMPTSAVECANCELLED                                                 Handle        = 0x8004000C
+	OLE_E_INVALIDRECT                                                         Handle        = 0x8004000D
+	OLE_E_WRONGCOMPOBJ                                                        Handle        = 0x8004000E
+	OLE_E_INVALIDHWND                                                         Handle        = 0x8004000F
+	OLE_E_NOT_INPLACEACTIVE                                                   Handle        = 0x80040010
+	OLE_E_CANTCONVERT                                                         Handle        = 0x80040011
+	OLE_E_NOSTORAGE                                                           Handle        = 0x80040012
+	DV_E_FORMATETC                                                            Handle        = 0x80040064
+	DV_E_DVTARGETDEVICE                                                       Handle        = 0x80040065
+	DV_E_STGMEDIUM                                                            Handle        = 0x80040066
+	DV_E_STATDATA                                                             Handle        = 0x80040067
+	DV_E_LINDEX                                                               Handle        = 0x80040068
+	DV_E_TYMED                                                                Handle        = 0x80040069
+	DV_E_CLIPFORMAT                                                           Handle        = 0x8004006A
+	DV_E_DVASPECT                                                             Handle        = 0x8004006B
+	DV_E_DVTARGETDEVICE_SIZE                                                  Handle        = 0x8004006C
+	DV_E_NOIVIEWOBJECT                                                        Handle        = 0x8004006D
+	DRAGDROP_E_FIRST                                                          syscall.Errno = 0x80040100
+	DRAGDROP_E_LAST                                                           syscall.Errno = 0x8004010F
+	DRAGDROP_S_FIRST                                                          syscall.Errno = 0x00040100
+	DRAGDROP_S_LAST                                                           syscall.Errno = 0x0004010F
+	DRAGDROP_E_NOTREGISTERED                                                  Handle        = 0x80040100
+	DRAGDROP_E_ALREADYREGISTERED                                              Handle        = 0x80040101
+	DRAGDROP_E_INVALIDHWND                                                    Handle        = 0x80040102
+	DRAGDROP_E_CONCURRENT_DRAG_ATTEMPTED                                      Handle        = 0x80040103
+	CLASSFACTORY_E_FIRST                                                      syscall.Errno = 0x80040110
+	CLASSFACTORY_E_LAST                                                       syscall.Errno = 0x8004011F
+	CLASSFACTORY_S_FIRST                                                      syscall.Errno = 0x00040110
+	CLASSFACTORY_S_LAST                                                       syscall.Errno = 0x0004011F
+	CLASS_E_NOAGGREGATION                                                     Handle        = 0x80040110
+	CLASS_E_CLASSNOTAVAILABLE                                                 Handle        = 0x80040111
+	CLASS_E_NOTLICENSED                                                       Handle        = 0x80040112
+	MARSHAL_E_FIRST                                                           syscall.Errno = 0x80040120
+	MARSHAL_E_LAST                                                            syscall.Errno = 0x8004012F
+	MARSHAL_S_FIRST                                                           syscall.Errno = 0x00040120
+	MARSHAL_S_LAST                                                            syscall.Errno = 0x0004012F
+	DATA_E_FIRST                                                              syscall.Errno = 0x80040130
+	DATA_E_LAST                                                               syscall.Errno = 0x8004013F
+	DATA_S_FIRST                                                              syscall.Errno = 0x00040130
+	DATA_S_LAST                                                               syscall.Errno = 0x0004013F
+	VIEW_E_FIRST                                                              syscall.Errno = 0x80040140
+	VIEW_E_LAST                                                               syscall.Errno = 0x8004014F
+	VIEW_S_FIRST                                                              syscall.Errno = 0x00040140
+	VIEW_S_LAST                                                               syscall.Errno = 0x0004014F
+	VIEW_E_DRAW                                                               Handle        = 0x80040140
+	REGDB_E_FIRST                                                             syscall.Errno = 0x80040150
+	REGDB_E_LAST                                                              syscall.Errno = 0x8004015F
+	REGDB_S_FIRST                                                             syscall.Errno = 0x00040150
+	REGDB_S_LAST                                                              syscall.Errno = 0x0004015F
+	REGDB_E_READREGDB                                                         Handle        = 0x80040150
+	REGDB_E_WRITEREGDB                                                        Handle        = 0x80040151
+	REGDB_E_KEYMISSING                                                        Handle        = 0x80040152
+	REGDB_E_INVALIDVALUE                                                      Handle        = 0x80040153
+	REGDB_E_CLASSNOTREG                                                       Handle        = 0x80040154
+	REGDB_E_IIDNOTREG                                                         Handle        = 0x80040155
+	REGDB_E_BADTHREADINGMODEL                                                 Handle        = 0x80040156
+	REGDB_E_PACKAGEPOLICYVIOLATION                                            Handle        = 0x80040157
+	CAT_E_FIRST                                                               syscall.Errno = 0x80040160
+	CAT_E_LAST                                                                syscall.Errno = 0x80040161
+	CAT_E_CATIDNOEXIST                                                        Handle        = 0x80040160
+	CAT_E_NODESCRIPTION                                                       Handle        = 0x80040161
+	CS_E_FIRST                                                                syscall.Errno = 0x80040164
+	CS_E_LAST                                                                 syscall.Errno = 0x8004016F
+	CS_E_PACKAGE_NOTFOUND                                                     Handle        = 0x80040164
+	CS_E_NOT_DELETABLE                                                        Handle        = 0x80040165
+	CS_E_CLASS_NOTFOUND                                                       Handle        = 0x80040166
+	CS_E_INVALID_VERSION                                                      Handle        = 0x80040167
+	CS_E_NO_CLASSSTORE                                                        Handle        = 0x80040168
+	CS_E_OBJECT_NOTFOUND                                                      Handle        = 0x80040169
+	CS_E_OBJECT_ALREADY_EXISTS                                                Handle        = 0x8004016A
+	CS_E_INVALID_PATH                                                         Handle        = 0x8004016B
+	CS_E_NETWORK_ERROR                                                        Handle        = 0x8004016C
+	CS_E_ADMIN_LIMIT_EXCEEDED                                                 Handle        = 0x8004016D
+	CS_E_SCHEMA_MISMATCH                                                      Handle        = 0x8004016E
+	CS_E_INTERNAL_ERROR                                                       Handle        = 0x8004016F
+	CACHE_E_FIRST                                                             syscall.Errno = 0x80040170
+	CACHE_E_LAST                                                              syscall.Errno = 0x8004017F
+	CACHE_S_FIRST                                                             syscall.Errno = 0x00040170
+	CACHE_S_LAST                                                              syscall.Errno = 0x0004017F
+	CACHE_E_NOCACHE_UPDATED                                                   Handle        = 0x80040170
+	OLEOBJ_E_FIRST                                                            syscall.Errno = 0x80040180
+	OLEOBJ_E_LAST                                                             syscall.Errno = 0x8004018F
+	OLEOBJ_S_FIRST                                                            syscall.Errno = 0x00040180
+	OLEOBJ_S_LAST                                                             syscall.Errno = 0x0004018F
+	OLEOBJ_E_NOVERBS                                                          Handle        = 0x80040180
+	OLEOBJ_E_INVALIDVERB                                                      Handle        = 0x80040181
+	CLIENTSITE_E_FIRST                                                        syscall.Errno = 0x80040190
+	CLIENTSITE_E_LAST                                                         syscall.Errno = 0x8004019F
+	CLIENTSITE_S_FIRST                                                        syscall.Errno = 0x00040190
+	CLIENTSITE_S_LAST                                                         syscall.Errno = 0x0004019F
+	INPLACE_E_NOTUNDOABLE                                                     Handle        = 0x800401A0
+	INPLACE_E_NOTOOLSPACE                                                     Handle        = 0x800401A1
+	INPLACE_E_FIRST                                                           syscall.Errno = 0x800401A0
+	INPLACE_E_LAST                                                            syscall.Errno = 0x800401AF
+	INPLACE_S_FIRST                                                           syscall.Errno = 0x000401A0
+	INPLACE_S_LAST                                                            syscall.Errno = 0x000401AF
+	ENUM_E_FIRST                                                              syscall.Errno = 0x800401B0
+	ENUM_E_LAST                                                               syscall.Errno = 0x800401BF
+	ENUM_S_FIRST                                                              syscall.Errno = 0x000401B0
+	ENUM_S_LAST                                                               syscall.Errno = 0x000401BF
+	CONVERT10_E_FIRST                                                         syscall.Errno = 0x800401C0
+	CONVERT10_E_LAST                                                          syscall.Errno = 0x800401CF
+	CONVERT10_S_FIRST                                                         syscall.Errno = 0x000401C0
+	CONVERT10_S_LAST                                                          syscall.Errno = 0x000401CF
+	CONVERT10_E_OLESTREAM_GET                                                 Handle        = 0x800401C0
+	CONVERT10_E_OLESTREAM_PUT                                                 Handle        = 0x800401C1
+	CONVERT10_E_OLESTREAM_FMT                                                 Handle        = 0x800401C2
+	CONVERT10_E_OLESTREAM_BITMAP_TO_DIB                                       Handle        = 0x800401C3
+	CONVERT10_E_STG_FMT                                                       Handle        = 0x800401C4
+	CONVERT10_E_STG_NO_STD_STREAM                                             Handle        = 0x800401C5
+	CONVERT10_E_STG_DIB_TO_BITMAP                                             Handle        = 0x800401C6
+	CLIPBRD_E_FIRST                                                           syscall.Errno = 0x800401D0
+	CLIPBRD_E_LAST                                                            syscall.Errno = 0x800401DF
+	CLIPBRD_S_FIRST                                                           syscall.Errno = 0x000401D0
+	CLIPBRD_S_LAST                                                            syscall.Errno = 0x000401DF
+	CLIPBRD_E_CANT_OPEN                                                       Handle        = 0x800401D0
+	CLIPBRD_E_CANT_EMPTY                                                      Handle        = 0x800401D1
+	CLIPBRD_E_CANT_SET                                                        Handle        = 0x800401D2
+	CLIPBRD_E_BAD_DATA                                                        Handle        = 0x800401D3
+	CLIPBRD_E_CANT_CLOSE                                                      Handle        = 0x800401D4
+	MK_E_FIRST                                                                syscall.Errno = 0x800401E0
+	MK_E_LAST                                                                 syscall.Errno = 0x800401EF
+	MK_S_FIRST                                                                syscall.Errno = 0x000401E0
+	MK_S_LAST                                                                 syscall.Errno = 0x000401EF
+	MK_E_CONNECTMANUALLY                                                      Handle        = 0x800401E0
+	MK_E_EXCEEDEDDEADLINE                                                     Handle        = 0x800401E1
+	MK_E_NEEDGENERIC                                                          Handle        = 0x800401E2
+	MK_E_UNAVAILABLE                                                          Handle        = 0x800401E3
+	MK_E_SYNTAX                                                               Handle        = 0x800401E4
+	MK_E_NOOBJECT                                                             Handle        = 0x800401E5
+	MK_E_INVALIDEXTENSION                                                     Handle        = 0x800401E6
+	MK_E_INTERMEDIATEINTERFACENOTSUPPORTED                                    Handle        = 0x800401E7
+	MK_E_NOTBINDABLE                                                          Handle        = 0x800401E8
+	MK_E_NOTBOUND                                                             Handle        = 0x800401E9
+	MK_E_CANTOPENFILE                                                         Handle        = 0x800401EA
+	MK_E_MUSTBOTHERUSER                                                       Handle        = 0x800401EB
+	MK_E_NOINVERSE                                                            Handle        = 0x800401EC
+	MK_E_NOSTORAGE                                                            Handle        = 0x800401ED
+	MK_E_NOPREFIX                                                             Handle        = 0x800401EE
+	MK_E_ENUMERATION_FAILED                                                   Handle        = 0x800401EF
+	CO_E_FIRST                                                                syscall.Errno = 0x800401F0
+	CO_E_LAST                                                                 syscall.Errno = 0x800401FF
+	CO_S_FIRST                                                                syscall.Errno = 0x000401F0
+	CO_S_LAST                                                                 syscall.Errno = 0x000401FF
+	CO_E_NOTINITIALIZED                                                       Handle        = 0x800401F0
+	CO_E_ALREADYINITIALIZED                                                   Handle        = 0x800401F1
+	CO_E_CANTDETERMINECLASS                                                   Handle        = 0x800401F2
+	CO_E_CLASSSTRING                                                          Handle        = 0x800401F3
+	CO_E_IIDSTRING                                                            Handle        = 0x800401F4
+	CO_E_APPNOTFOUND                                                          Handle        = 0x800401F5
+	CO_E_APPSINGLEUSE                                                         Handle        = 0x800401F6
+	CO_E_ERRORINAPP                                                           Handle        = 0x800401F7
+	CO_E_DLLNOTFOUND                                                          Handle        = 0x800401F8
+	CO_E_ERRORINDLL                                                           Handle        = 0x800401F9
+	CO_E_WRONGOSFORAPP                                                        Handle        = 0x800401FA
+	CO_E_OBJNOTREG                                                            Handle        = 0x800401FB
+	CO_E_OBJISREG                                                             Handle        = 0x800401FC
+	CO_E_OBJNOTCONNECTED                                                      Handle        = 0x800401FD
+	CO_E_APPDIDNTREG                                                          Handle        = 0x800401FE
+	CO_E_RELEASED                                                             Handle        = 0x800401FF
+	EVENT_E_FIRST                                                             syscall.Errno = 0x80040200
+	EVENT_E_LAST                                                              syscall.Errno = 0x8004021F
+	EVENT_S_FIRST                                                             syscall.Errno = 0x00040200
+	EVENT_S_LAST                                                              syscall.Errno = 0x0004021F
+	EVENT_S_SOME_SUBSCRIBERS_FAILED                                           Handle        = 0x00040200
+	EVENT_E_ALL_SUBSCRIBERS_FAILED                                            Handle        = 0x80040201
+	EVENT_S_NOSUBSCRIBERS                                                     Handle        = 0x00040202
+	EVENT_E_QUERYSYNTAX                                                       Handle        = 0x80040203
+	EVENT_E_QUERYFIELD                                                        Handle        = 0x80040204
+	EVENT_E_INTERNALEXCEPTION                                                 Handle        = 0x80040205
+	EVENT_E_INTERNALERROR                                                     Handle        = 0x80040206
+	EVENT_E_INVALID_PER_USER_SID                                              Handle        = 0x80040207
+	EVENT_E_USER_EXCEPTION                                                    Handle        = 0x80040208
+	EVENT_E_TOO_MANY_METHODS                                                  Handle        = 0x80040209
+	EVENT_E_MISSING_EVENTCLASS                                                Handle        = 0x8004020A
+	EVENT_E_NOT_ALL_REMOVED                                                   Handle        = 0x8004020B
+	EVENT_E_COMPLUS_NOT_INSTALLED                                             Handle        = 0x8004020C
+	EVENT_E_CANT_MODIFY_OR_DELETE_UNCONFIGURED_OBJECT                         Handle        = 0x8004020D
+	EVENT_E_CANT_MODIFY_OR_DELETE_CONFIGURED_OBJECT                           Handle        = 0x8004020E
+	EVENT_E_INVALID_EVENT_CLASS_PARTITION                                     Handle        = 0x8004020F
+	EVENT_E_PER_USER_SID_NOT_LOGGED_ON                                        Handle        = 0x80040210
+	TPC_E_INVALID_PROPERTY                                                    Handle        = 0x80040241
+	TPC_E_NO_DEFAULT_TABLET                                                   Handle        = 0x80040212
+	TPC_E_UNKNOWN_PROPERTY                                                    Handle        = 0x8004021B
+	TPC_E_INVALID_INPUT_RECT                                                  Handle        = 0x80040219
+	TPC_E_INVALID_STROKE                                                      Handle        = 0x80040222
+	TPC_E_INITIALIZE_FAIL                                                     Handle        = 0x80040223
+	TPC_E_NOT_RELEVANT                                                        Handle        = 0x80040232
+	TPC_E_INVALID_PACKET_DESCRIPTION                                          Handle        = 0x80040233
+	TPC_E_RECOGNIZER_NOT_REGISTERED                                           Handle        = 0x80040235
+	TPC_E_INVALID_RIGHTS                                                      Handle        = 0x80040236
+	TPC_E_OUT_OF_ORDER_CALL                                                   Handle        = 0x80040237
+	TPC_E_QUEUE_FULL                                                          Handle        = 0x80040238
+	TPC_E_INVALID_CONFIGURATION                                               Handle        = 0x80040239
+	TPC_E_INVALID_DATA_FROM_RECOGNIZER                                        Handle        = 0x8004023A
+	TPC_S_TRUNCATED                                                           Handle        = 0x00040252
+	TPC_S_INTERRUPTED                                                         Handle        = 0x00040253
+	TPC_S_NO_DATA_TO_PROCESS                                                  Handle        = 0x00040254
+	XACT_E_FIRST                                                              syscall.Errno = 0x8004D000
+	XACT_E_LAST                                                               syscall.Errno = 0x8004D02B
+	XACT_S_FIRST                                                              syscall.Errno = 0x0004D000
+	XACT_S_LAST                                                               syscall.Errno = 0x0004D010
+	XACT_E_ALREADYOTHERSINGLEPHASE                                            Handle        = 0x8004D000
+	XACT_E_CANTRETAIN                                                         Handle        = 0x8004D001
+	XACT_E_COMMITFAILED                                                       Handle        = 0x8004D002
+	XACT_E_COMMITPREVENTED                                                    Handle        = 0x8004D003
+	XACT_E_HEURISTICABORT                                                     Handle        = 0x8004D004
+	XACT_E_HEURISTICCOMMIT                                                    Handle        = 0x8004D005
+	XACT_E_HEURISTICDAMAGE                                                    Handle        = 0x8004D006
+	XACT_E_HEURISTICDANGER                                                    Handle        = 0x8004D007
+	XACT_E_ISOLATIONLEVEL                                                     Handle        = 0x8004D008
+	XACT_E_NOASYNC                                                            Handle        = 0x8004D009
+	XACT_E_NOENLIST                                                           Handle        = 0x8004D00A
+	XACT_E_NOISORETAIN                                                        Handle        = 0x8004D00B
+	XACT_E_NORESOURCE                                                         Handle        = 0x8004D00C
+	XACT_E_NOTCURRENT                                                         Handle        = 0x8004D00D
+	XACT_E_NOTRANSACTION                                                      Handle        = 0x8004D00E
+	XACT_E_NOTSUPPORTED                                                       Handle        = 0x8004D00F
+	XACT_E_UNKNOWNRMGRID                                                      Handle        = 0x8004D010
+	XACT_E_WRONGSTATE                                                         Handle        = 0x8004D011
+	XACT_E_WRONGUOW                                                           Handle        = 0x8004D012
+	XACT_E_XTIONEXISTS                                                        Handle        = 0x8004D013
+	XACT_E_NOIMPORTOBJECT                                                     Handle        = 0x8004D014
+	XACT_E_INVALIDCOOKIE                                                      Handle        = 0x8004D015
+	XACT_E_INDOUBT                                                            Handle        = 0x8004D016
+	XACT_E_NOTIMEOUT                                                          Handle        = 0x8004D017
+	XACT_E_ALREADYINPROGRESS                                                  Handle        = 0x8004D018
+	XACT_E_ABORTED                                                            Handle        = 0x8004D019
+	XACT_E_LOGFULL                                                            Handle        = 0x8004D01A
+	XACT_E_TMNOTAVAILABLE                                                     Handle        = 0x8004D01B
+	XACT_E_CONNECTION_DOWN                                                    Handle        = 0x8004D01C
+	XACT_E_CONNECTION_DENIED                                                  Handle        = 0x8004D01D
+	XACT_E_REENLISTTIMEOUT                                                    Handle        = 0x8004D01E
+	XACT_E_TIP_CONNECT_FAILED                                                 Handle        = 0x8004D01F
+	XACT_E_TIP_PROTOCOL_ERROR                                                 Handle        = 0x8004D020
+	XACT_E_TIP_PULL_FAILED                                                    Handle        = 0x8004D021
+	XACT_E_DEST_TMNOTAVAILABLE                                                Handle        = 0x8004D022
+	XACT_E_TIP_DISABLED                                                       Handle        = 0x8004D023
+	XACT_E_NETWORK_TX_DISABLED                                                Handle        = 0x8004D024
+	XACT_E_PARTNER_NETWORK_TX_DISABLED                                        Handle        = 0x8004D025
+	XACT_E_XA_TX_DISABLED                                                     Handle        = 0x8004D026
+	XACT_E_UNABLE_TO_READ_DTC_CONFIG                                          Handle        = 0x8004D027
+	XACT_E_UNABLE_TO_LOAD_DTC_PROXY                                           Handle        = 0x8004D028
+	XACT_E_ABORTING                                                           Handle        = 0x8004D029
+	XACT_E_PUSH_COMM_FAILURE                                                  Handle        = 0x8004D02A
+	XACT_E_PULL_COMM_FAILURE                                                  Handle        = 0x8004D02B
+	XACT_E_LU_TX_DISABLED                                                     Handle        = 0x8004D02C
+	XACT_E_CLERKNOTFOUND                                                      Handle        = 0x8004D080
+	XACT_E_CLERKEXISTS                                                        Handle        = 0x8004D081
+	XACT_E_RECOVERYINPROGRESS                                                 Handle        = 0x8004D082
+	XACT_E_TRANSACTIONCLOSED                                                  Handle        = 0x8004D083
+	XACT_E_INVALIDLSN                                                         Handle        = 0x8004D084
+	XACT_E_REPLAYREQUEST                                                      Handle        = 0x8004D085
+	XACT_S_ASYNC                                                              Handle        = 0x0004D000
+	XACT_S_DEFECT                                                             Handle        = 0x0004D001
+	XACT_S_READONLY                                                           Handle        = 0x0004D002
+	XACT_S_SOMENORETAIN                                                       Handle        = 0x0004D003
+	XACT_S_OKINFORM                                                           Handle        = 0x0004D004
+	XACT_S_MADECHANGESCONTENT                                                 Handle        = 0x0004D005
+	XACT_S_MADECHANGESINFORM                                                  Handle        = 0x0004D006
+	XACT_S_ALLNORETAIN                                                        Handle        = 0x0004D007
+	XACT_S_ABORTING                                                           Handle        = 0x0004D008
+	XACT_S_SINGLEPHASE                                                        Handle        = 0x0004D009
+	XACT_S_LOCALLY_OK                                                         Handle        = 0x0004D00A
+	XACT_S_LASTRESOURCEMANAGER                                                Handle        = 0x0004D010
+	CONTEXT_E_FIRST                                                           syscall.Errno = 0x8004E000
+	CONTEXT_E_LAST                                                            syscall.Errno = 0x8004E02F
+	CONTEXT_S_FIRST                                                           syscall.Errno = 0x0004E000
+	CONTEXT_S_LAST                                                            syscall.Errno = 0x0004E02F
+	CONTEXT_E_ABORTED                                                         Handle        = 0x8004E002
+	CONTEXT_E_ABORTING                                                        Handle        = 0x8004E003
+	CONTEXT_E_NOCONTEXT                                                       Handle        = 0x8004E004
+	CONTEXT_E_WOULD_DEADLOCK                                                  Handle        = 0x8004E005
+	CONTEXT_E_SYNCH_TIMEOUT                                                   Handle        = 0x8004E006
+	CONTEXT_E_OLDREF                                                          Handle        = 0x8004E007
+	CONTEXT_E_ROLENOTFOUND                                                    Handle        = 0x8004E00C
+	CONTEXT_E_TMNOTAVAILABLE                                                  Handle        = 0x8004E00F
+	CO_E_ACTIVATIONFAILED                                                     Handle        = 0x8004E021
+	CO_E_ACTIVATIONFAILED_EVENTLOGGED                                         Handle        = 0x8004E022
+	CO_E_ACTIVATIONFAILED_CATALOGERROR                                        Handle        = 0x8004E023
+	CO_E_ACTIVATIONFAILED_TIMEOUT                                             Handle        = 0x8004E024
+	CO_E_INITIALIZATIONFAILED                                                 Handle        = 0x8004E025
+	CONTEXT_E_NOJIT                                                           Handle        = 0x8004E026
+	CONTEXT_E_NOTRANSACTION                                                   Handle        = 0x8004E027
+	CO_E_THREADINGMODEL_CHANGED                                               Handle        = 0x8004E028
+	CO_E_NOIISINTRINSICS                                                      Handle        = 0x8004E029
+	CO_E_NOCOOKIES                                                            Handle        = 0x8004E02A
+	CO_E_DBERROR                                                              Handle        = 0x8004E02B
+	CO_E_NOTPOOLED                                                            Handle        = 0x8004E02C
+	CO_E_NOTCONSTRUCTED                                                       Handle        = 0x8004E02D
+	CO_E_NOSYNCHRONIZATION                                                    Handle        = 0x8004E02E
+	CO_E_ISOLEVELMISMATCH                                                     Handle        = 0x8004E02F
+	CO_E_CALL_OUT_OF_TX_SCOPE_NOT_ALLOWED                                     Handle        = 0x8004E030
+	CO_E_EXIT_TRANSACTION_SCOPE_NOT_CALLED                                    Handle        = 0x8004E031
+	OLE_S_USEREG                                                              Handle        = 0x00040000
+	OLE_S_STATIC                                                              Handle        = 0x00040001
+	OLE_S_MAC_CLIPFORMAT                                                      Handle        = 0x00040002
+	DRAGDROP_S_DROP                                                           Handle        = 0x00040100
+	DRAGDROP_S_CANCEL                                                         Handle        = 0x00040101
+	DRAGDROP_S_USEDEFAULTCURSORS                                              Handle        = 0x00040102
+	DATA_S_SAMEFORMATETC                                                      Handle        = 0x00040130
+	VIEW_S_ALREADY_FROZEN                                                     Handle        = 0x00040140
+	CACHE_S_FORMATETC_NOTSUPPORTED                                            Handle        = 0x00040170
+	CACHE_S_SAMECACHE                                                         Handle        = 0x00040171
+	CACHE_S_SOMECACHES_NOTUPDATED                                             Handle        = 0x00040172
+	OLEOBJ_S_INVALIDVERB                                                      Handle        = 0x00040180
+	OLEOBJ_S_CANNOT_DOVERB_NOW                                                Handle        = 0x00040181
+	OLEOBJ_S_INVALIDHWND                                                      Handle        = 0x00040182
+	INPLACE_S_TRUNCATED                                                       Handle        = 0x000401A0
+	CONVERT10_S_NO_PRESENTATION                                               Handle        = 0x000401C0
+	MK_S_REDUCED_TO_SELF                                                      Handle        = 0x000401E2
+	MK_S_ME                                                                   Handle        = 0x000401E4
+	MK_S_HIM                                                                  Handle        = 0x000401E5
+	MK_S_US                                                                   Handle        = 0x000401E6
+	MK_S_MONIKERALREADYREGISTERED                                             Handle        = 0x000401E7
+	SCHED_S_TASK_READY                                                        Handle        = 0x00041300
+	SCHED_S_TASK_RUNNING                                                      Handle        = 0x00041301
+	SCHED_S_TASK_DISABLED                                                     Handle        = 0x00041302
+	SCHED_S_TASK_HAS_NOT_RUN                                                  Handle        = 0x00041303
+	SCHED_S_TASK_NO_MORE_RUNS                                                 Handle        = 0x00041304
+	SCHED_S_TASK_NOT_SCHEDULED                                                Handle        = 0x00041305
+	SCHED_S_TASK_TERMINATED                                                   Handle        = 0x00041306
+	SCHED_S_TASK_NO_VALID_TRIGGERS                                            Handle        = 0x00041307
+	SCHED_S_EVENT_TRIGGER                                                     Handle        = 0x00041308
+	SCHED_E_TRIGGER_NOT_FOUND                                                 Handle        = 0x80041309
+	SCHED_E_TASK_NOT_READY                                                    Handle        = 0x8004130A
+	SCHED_E_TASK_NOT_RUNNING                                                  Handle        = 0x8004130B
+	SCHED_E_SERVICE_NOT_INSTALLED                                             Handle        = 0x8004130C
+	SCHED_E_CANNOT_OPEN_TASK                                                  Handle        = 0x8004130D
+	SCHED_E_INVALID_TASK                                                      Handle        = 0x8004130E
+	SCHED_E_ACCOUNT_INFORMATION_NOT_SET                                       Handle        = 0x8004130F
+	SCHED_E_ACCOUNT_NAME_NOT_FOUND                                            Handle        = 0x80041310
+	SCHED_E_ACCOUNT_DBASE_CORRUPT                                             Handle        = 0x80041311
+	SCHED_E_NO_SECURITY_SERVICES                                              Handle        = 0x80041312
+	SCHED_E_UNKNOWN_OBJECT_VERSION                                            Handle        = 0x80041313
+	SCHED_E_UNSUPPORTED_ACCOUNT_OPTION                                        Handle        = 0x80041314
+	SCHED_E_SERVICE_NOT_RUNNING                                               Handle        = 0x80041315
+	SCHED_E_UNEXPECTEDNODE                                                    Handle        = 0x80041316
+	SCHED_E_NAMESPACE                                                         Handle        = 0x80041317
+	SCHED_E_INVALIDVALUE                                                      Handle        = 0x80041318
+	SCHED_E_MISSINGNODE                                                       Handle        = 0x80041319
+	SCHED_E_MALFORMEDXML                                                      Handle        = 0x8004131A
+	SCHED_S_SOME_TRIGGERS_FAILED                                              Handle        = 0x0004131B
+	SCHED_S_BATCH_LOGON_PROBLEM                                               Handle        = 0x0004131C
+	SCHED_E_TOO_MANY_NODES                                                    Handle        = 0x8004131D
+	SCHED_E_PAST_END_BOUNDARY                                                 Handle        = 0x8004131E
+	SCHED_E_ALREADY_RUNNING                                                   Handle        = 0x8004131F
+	SCHED_E_USER_NOT_LOGGED_ON                                                Handle        = 0x80041320
+	SCHED_E_INVALID_TASK_HASH                                                 Handle        = 0x80041321
+	SCHED_E_SERVICE_NOT_AVAILABLE                                             Handle        = 0x80041322
+	SCHED_E_SERVICE_TOO_BUSY                                                  Handle        = 0x80041323
+	SCHED_E_TASK_ATTEMPTED                                                    Handle        = 0x80041324
+	SCHED_S_TASK_QUEUED                                                       Handle        = 0x00041325
+	SCHED_E_TASK_DISABLED                                                     Handle        = 0x80041326
+	SCHED_E_TASK_NOT_V1_COMPAT                                                Handle        = 0x80041327
+	SCHED_E_START_ON_DEMAND                                                   Handle        = 0x80041328
+	SCHED_E_TASK_NOT_UBPM_COMPAT                                              Handle        = 0x80041329
+	SCHED_E_DEPRECATED_FEATURE_USED                                           Handle        = 0x80041330
+	CO_E_CLASS_CREATE_FAILED                                                  Handle        = 0x80080001
+	CO_E_SCM_ERROR                                                            Handle        = 0x80080002
+	CO_E_SCM_RPC_FAILURE                                                      Handle        = 0x80080003
+	CO_E_BAD_PATH                                                             Handle        = 0x80080004
+	CO_E_SERVER_EXEC_FAILURE                                                  Handle        = 0x80080005
+	CO_E_OBJSRV_RPC_FAILURE                                                   Handle        = 0x80080006
+	MK_E_NO_NORMALIZED                                                        Handle        = 0x80080007
+	CO_E_SERVER_STOPPING                                                      Handle        = 0x80080008
+	MEM_E_INVALID_ROOT                                                        Handle        = 0x80080009
+	MEM_E_INVALID_LINK                                                        Handle        = 0x80080010
+	MEM_E_INVALID_SIZE                                                        Handle        = 0x80080011
+	CO_S_NOTALLINTERFACES                                                     Handle        = 0x00080012
+	CO_S_MACHINENAMENOTFOUND                                                  Handle        = 0x00080013
+	CO_E_MISSING_DISPLAYNAME                                                  Handle        = 0x80080015
+	CO_E_RUNAS_VALUE_MUST_BE_AAA                                              Handle        = 0x80080016
+	CO_E_ELEVATION_DISABLED                                                   Handle        = 0x80080017
+	APPX_E_PACKAGING_INTERNAL                                                 Handle        = 0x80080200
+	APPX_E_INTERLEAVING_NOT_ALLOWED                                           Handle        = 0x80080201
+	APPX_E_RELATIONSHIPS_NOT_ALLOWED                                          Handle        = 0x80080202
+	APPX_E_MISSING_REQUIRED_FILE                                              Handle        = 0x80080203
+	APPX_E_INVALID_MANIFEST                                                   Handle        = 0x80080204
+	APPX_E_INVALID_BLOCKMAP                                                   Handle        = 0x80080205
+	APPX_E_CORRUPT_CONTENT                                                    Handle        = 0x80080206
+	APPX_E_BLOCK_HASH_INVALID                                                 Handle        = 0x80080207
+	APPX_E_REQUESTED_RANGE_TOO_LARGE                                          Handle        = 0x80080208
+	APPX_E_INVALID_SIP_CLIENT_DATA                                            Handle        = 0x80080209
+	APPX_E_INVALID_KEY_INFO                                                   Handle        = 0x8008020A
+	APPX_E_INVALID_CONTENTGROUPMAP                                            Handle        = 0x8008020B
+	APPX_E_INVALID_APPINSTALLER                                               Handle        = 0x8008020C
+	APPX_E_DELTA_BASELINE_VERSION_MISMATCH                                    Handle        = 0x8008020D
+	APPX_E_DELTA_PACKAGE_MISSING_FILE                                         Handle        = 0x8008020E
+	APPX_E_INVALID_DELTA_PACKAGE                                              Handle        = 0x8008020F
+	APPX_E_DELTA_APPENDED_PACKAGE_NOT_ALLOWED                                 Handle        = 0x80080210
+	APPX_E_INVALID_PACKAGING_LAYOUT                                           Handle        = 0x80080211
+	APPX_E_INVALID_PACKAGESIGNCONFIG                                          Handle        = 0x80080212
+	APPX_E_RESOURCESPRI_NOT_ALLOWED                                           Handle        = 0x80080213
+	APPX_E_FILE_COMPRESSION_MISMATCH                                          Handle        = 0x80080214
+	APPX_E_INVALID_PAYLOAD_PACKAGE_EXTENSION                                  Handle        = 0x80080215
+	APPX_E_INVALID_ENCRYPTION_EXCLUSION_FILE_LIST                             Handle        = 0x80080216
+	BT_E_SPURIOUS_ACTIVATION                                                  Handle        = 0x80080300
+	DISP_E_UNKNOWNINTERFACE                                                   Handle        = 0x80020001
+	DISP_E_MEMBERNOTFOUND                                                     Handle        = 0x80020003
+	DISP_E_PARAMNOTFOUND                                                      Handle        = 0x80020004
+	DISP_E_TYPEMISMATCH                                                       Handle        = 0x80020005
+	DISP_E_UNKNOWNNAME                                                        Handle        = 0x80020006
+	DISP_E_NONAMEDARGS                                                        Handle        = 0x80020007
+	DISP_E_BADVARTYPE                                                         Handle        = 0x80020008
+	DISP_E_EXCEPTION                                                          Handle        = 0x80020009
+	DISP_E_OVERFLOW                                                           Handle        = 0x8002000A
+	DISP_E_BADINDEX                                                           Handle        = 0x8002000B
+	DISP_E_UNKNOWNLCID                                                        Handle        = 0x8002000C
+	DISP_E_ARRAYISLOCKED                                                      Handle        = 0x8002000D
+	DISP_E_BADPARAMCOUNT                                                      Handle        = 0x8002000E
+	DISP_E_PARAMNOTOPTIONAL                                                   Handle        = 0x8002000F
+	DISP_E_BADCALLEE                                                          Handle        = 0x80020010
+	DISP_E_NOTACOLLECTION                                                     Handle        = 0x80020011
+	DISP_E_DIVBYZERO                                                          Handle        = 0x80020012
+	DISP_E_BUFFERTOOSMALL                                                     Handle        = 0x80020013
+	TYPE_E_BUFFERTOOSMALL                                                     Handle        = 0x80028016
+	TYPE_E_FIELDNOTFOUND                                                      Handle        = 0x80028017
+	TYPE_E_INVDATAREAD                                                        Handle        = 0x80028018
+	TYPE_E_UNSUPFORMAT                                                        Handle        = 0x80028019
+	TYPE_E_REGISTRYACCESS                                                     Handle        = 0x8002801C
+	TYPE_E_LIBNOTREGISTERED                                                   Handle        = 0x8002801D
+	TYPE_E_UNDEFINEDTYPE                                                      Handle        = 0x80028027
+	TYPE_E_QUALIFIEDNAMEDISALLOWED                                            Handle        = 0x80028028
+	TYPE_E_INVALIDSTATE                                                       Handle        = 0x80028029
+	TYPE_E_WRONGTYPEKIND                                                      Handle        = 0x8002802A
+	TYPE_E_ELEMENTNOTFOUND                                                    Handle        = 0x8002802B
+	TYPE_E_AMBIGUOUSNAME                                                      Handle        = 0x8002802C
+	TYPE_E_NAMECONFLICT                                                       Handle        = 0x8002802D
+	TYPE_E_UNKNOWNLCID                                                        Handle        = 0x8002802E
+	TYPE_E_DLLFUNCTIONNOTFOUND                                                Handle        = 0x8002802F
+	TYPE_E_BADMODULEKIND                                                      Handle        = 0x800288BD
+	TYPE_E_SIZETOOBIG                                                         Handle        = 0x800288C5
+	TYPE_E_DUPLICATEID                                                        Handle        = 0x800288C6
+	TYPE_E_INVALIDID                                                          Handle        = 0x800288CF
+	TYPE_E_TYPEMISMATCH                                                       Handle        = 0x80028CA0
+	TYPE_E_OUTOFBOUNDS                                                        Handle        = 0x80028CA1
+	TYPE_E_IOERROR                                                            Handle        = 0x80028CA2
+	TYPE_E_CANTCREATETMPFILE                                                  Handle        = 0x80028CA3
+	TYPE_E_CANTLOADLIBRARY                                                    Handle        = 0x80029C4A
+	TYPE_E_INCONSISTENTPROPFUNCS                                              Handle        = 0x80029C83
+	TYPE_E_CIRCULARTYPE                                                       Handle        = 0x80029C84
+	STG_E_INVALIDFUNCTION                                                     Handle        = 0x80030001
+	STG_E_FILENOTFOUND                                                        Handle        = 0x80030002
+	STG_E_PATHNOTFOUND                                                        Handle        = 0x80030003
+	STG_E_TOOMANYOPENFILES                                                    Handle        = 0x80030004
+	STG_E_ACCESSDENIED                                                        Handle        = 0x80030005
+	STG_E_INVALIDHANDLE                                                       Handle        = 0x80030006
+	STG_E_INSUFFICIENTMEMORY                                                  Handle        = 0x80030008
+	STG_E_INVALIDPOINTER                                                      Handle        = 0x80030009
+	STG_E_NOMOREFILES                                                         Handle        = 0x80030012
+	STG_E_DISKISWRITEPROTECTED                                                Handle        = 0x80030013
+	STG_E_SEEKERROR                                                           Handle        = 0x80030019
+	STG_E_WRITEFAULT                                                          Handle        = 0x8003001D
+	STG_E_READFAULT                                                           Handle        = 0x8003001E
+	STG_E_SHAREVIOLATION                                                      Handle        = 0x80030020
+	STG_E_LOCKVIOLATION                                                       Handle        = 0x80030021
+	STG_E_FILEALREADYEXISTS                                                   Handle        = 0x80030050
+	STG_E_INVALIDPARAMETER                                                    Handle        = 0x80030057
+	STG_E_MEDIUMFULL                                                          Handle        = 0x80030070
+	STG_E_PROPSETMISMATCHED                                                   Handle        = 0x800300F0
+	STG_E_ABNORMALAPIEXIT                                                     Handle        = 0x800300FA
+	STG_E_INVALIDHEADER                                                       Handle        = 0x800300FB
+	STG_E_INVALIDNAME                                                         Handle        = 0x800300FC
+	STG_E_UNKNOWN                                                             Handle        = 0x800300FD
+	STG_E_UNIMPLEMENTEDFUNCTION                                               Handle        = 0x800300FE
+	STG_E_INVALIDFLAG                                                         Handle        = 0x800300FF
+	STG_E_INUSE                                                               Handle        = 0x80030100
+	STG_E_NOTCURRENT                                                          Handle        = 0x80030101
+	STG_E_REVERTED                                                            Handle        = 0x80030102
+	STG_E_CANTSAVE                                                            Handle        = 0x80030103
+	STG_E_OLDFORMAT                                                           Handle        = 0x80030104
+	STG_E_OLDDLL                                                              Handle        = 0x80030105
+	STG_E_SHAREREQUIRED                                                       Handle        = 0x80030106
+	STG_E_NOTFILEBASEDSTORAGE                                                 Handle        = 0x80030107
+	STG_E_EXTANTMARSHALLINGS                                                  Handle        = 0x80030108
+	STG_E_DOCFILECORRUPT                                                      Handle        = 0x80030109
+	STG_E_BADBASEADDRESS                                                      Handle        = 0x80030110
+	STG_E_DOCFILETOOLARGE                                                     Handle        = 0x80030111
+	STG_E_NOTSIMPLEFORMAT                                                     Handle        = 0x80030112
+	STG_E_INCOMPLETE                                                          Handle        = 0x80030201
+	STG_E_TERMINATED                                                          Handle        = 0x80030202
+	STG_S_CONVERTED                                                           Handle        = 0x00030200
+	STG_S_BLOCK                                                               Handle        = 0x00030201
+	STG_S_RETRYNOW                                                            Handle        = 0x00030202
+	STG_S_MONITORING                                                          Handle        = 0x00030203
+	STG_S_MULTIPLEOPENS                                                       Handle        = 0x00030204
+	STG_S_CONSOLIDATIONFAILED                                                 Handle        = 0x00030205
+	STG_S_CANNOTCONSOLIDATE                                                   Handle        = 0x00030206
+	STG_S_POWER_CYCLE_REQUIRED                                                Handle        = 0x00030207
+	STG_E_FIRMWARE_SLOT_INVALID                                               Handle        = 0x80030208
+	STG_E_FIRMWARE_IMAGE_INVALID                                              Handle        = 0x80030209
+	STG_E_DEVICE_UNRESPONSIVE                                                 Handle        = 0x8003020A
+	STG_E_STATUS_COPY_PROTECTION_FAILURE                                      Handle        = 0x80030305
+	STG_E_CSS_AUTHENTICATION_FAILURE                                          Handle        = 0x80030306
+	STG_E_CSS_KEY_NOT_PRESENT                                                 Handle        = 0x80030307
+	STG_E_CSS_KEY_NOT_ESTABLISHED                                             Handle        = 0x80030308
+	STG_E_CSS_SCRAMBLED_SECTOR                                                Handle        = 0x80030309
+	STG_E_CSS_REGION_MISMATCH                                                 Handle        = 0x8003030A
+	STG_E_RESETS_EXHAUSTED                                                    Handle        = 0x8003030B
+	RPC_E_CALL_REJECTED                                                       Handle        = 0x80010001
+	RPC_E_CALL_CANCELED                                                       Handle        = 0x80010002
+	RPC_E_CANTPOST_INSENDCALL                                                 Handle        = 0x80010003
+	RPC_E_CANTCALLOUT_INASYNCCALL                                             Handle        = 0x80010004
+	RPC_E_CANTCALLOUT_INEXTERNALCALL                                          Handle        = 0x80010005
+	RPC_E_CONNECTION_TERMINATED                                               Handle        = 0x80010006
+	RPC_E_SERVER_DIED                                                         Handle        = 0x80010007
+	RPC_E_CLIENT_DIED                                                         Handle        = 0x80010008
+	RPC_E_INVALID_DATAPACKET                                                  Handle        = 0x80010009
+	RPC_E_CANTTRANSMIT_CALL                                                   Handle        = 0x8001000A
+	RPC_E_CLIENT_CANTMARSHAL_DATA                                             Handle        = 0x8001000B
+	RPC_E_CLIENT_CANTUNMARSHAL_DATA                                           Handle        = 0x8001000C
+	RPC_E_SERVER_CANTMARSHAL_DATA                                             Handle        = 0x8001000D
+	RPC_E_SERVER_CANTUNMARSHAL_DATA                                           Handle        = 0x8001000E
+	RPC_E_INVALID_DATA                                                        Handle        = 0x8001000F
+	RPC_E_INVALID_PARAMETER                                                   Handle        = 0x80010010
+	RPC_E_CANTCALLOUT_AGAIN                                                   Handle        = 0x80010011
+	RPC_E_SERVER_DIED_DNE                                                     Handle        = 0x80010012
+	RPC_E_SYS_CALL_FAILED                                                     Handle        = 0x80010100
+	RPC_E_OUT_OF_RESOURCES                                                    Handle        = 0x80010101
+	RPC_E_ATTEMPTED_MULTITHREAD                                               Handle        = 0x80010102
+	RPC_E_NOT_REGISTERED                                                      Handle        = 0x80010103
+	RPC_E_FAULT                                                               Handle        = 0x80010104
+	RPC_E_SERVERFAULT                                                         Handle        = 0x80010105
+	RPC_E_CHANGED_MODE                                                        Handle        = 0x80010106
+	RPC_E_INVALIDMETHOD                                                       Handle        = 0x80010107
+	RPC_E_DISCONNECTED                                                        Handle        = 0x80010108
+	RPC_E_RETRY                                                               Handle        = 0x80010109
+	RPC_E_SERVERCALL_RETRYLATER                                               Handle        = 0x8001010A
+	RPC_E_SERVERCALL_REJECTED                                                 Handle        = 0x8001010B
+	RPC_E_INVALID_CALLDATA                                                    Handle        = 0x8001010C
+	RPC_E_CANTCALLOUT_ININPUTSYNCCALL                                         Handle        = 0x8001010D
+	RPC_E_WRONG_THREAD                                                        Handle        = 0x8001010E
+	RPC_E_THREAD_NOT_INIT                                                     Handle        = 0x8001010F
+	RPC_E_VERSION_MISMATCH                                                    Handle        = 0x80010110
+	RPC_E_INVALID_HEADER                                                      Handle        = 0x80010111
+	RPC_E_INVALID_EXTENSION                                                   Handle        = 0x80010112
+	RPC_E_INVALID_IPID                                                        Handle        = 0x80010113
+	RPC_E_INVALID_OBJECT                                                      Handle        = 0x80010114
+	RPC_S_CALLPENDING                                                         Handle        = 0x80010115
+	RPC_S_WAITONTIMER                                                         Handle        = 0x80010116
+	RPC_E_CALL_COMPLETE                                                       Handle        = 0x80010117
+	RPC_E_UNSECURE_CALL                                                       Handle        = 0x80010118
+	RPC_E_TOO_LATE                                                            Handle        = 0x80010119
+	RPC_E_NO_GOOD_SECURITY_PACKAGES                                           Handle        = 0x8001011A
+	RPC_E_ACCESS_DENIED                                                       Handle        = 0x8001011B
+	RPC_E_REMOTE_DISABLED                                                     Handle        = 0x8001011C
+	RPC_E_INVALID_OBJREF                                                      Handle        = 0x8001011D
+	RPC_E_NO_CONTEXT                                                          Handle        = 0x8001011E
+	RPC_E_TIMEOUT                                                             Handle        = 0x8001011F
+	RPC_E_NO_SYNC                                                             Handle        = 0x80010120
+	RPC_E_FULLSIC_REQUIRED                                                    Handle        = 0x80010121
+	RPC_E_INVALID_STD_NAME                                                    Handle        = 0x80010122
+	CO_E_FAILEDTOIMPERSONATE                                                  Handle        = 0x80010123
+	CO_E_FAILEDTOGETSECCTX                                                    Handle        = 0x80010124
+	CO_E_FAILEDTOOPENTHREADTOKEN                                              Handle        = 0x80010125
+	CO_E_FAILEDTOGETTOKENINFO                                                 Handle        = 0x80010126
+	CO_E_TRUSTEEDOESNTMATCHCLIENT                                             Handle        = 0x80010127
+	CO_E_FAILEDTOQUERYCLIENTBLANKET                                           Handle        = 0x80010128
+	CO_E_FAILEDTOSETDACL                                                      Handle        = 0x80010129
+	CO_E_ACCESSCHECKFAILED                                                    Handle        = 0x8001012A
+	CO_E_NETACCESSAPIFAILED                                                   Handle        = 0x8001012B
+	CO_E_WRONGTRUSTEENAMESYNTAX                                               Handle        = 0x8001012C
+	CO_E_INVALIDSID                                                           Handle        = 0x8001012D
+	CO_E_CONVERSIONFAILED                                                     Handle        = 0x8001012E
+	CO_E_NOMATCHINGSIDFOUND                                                   Handle        = 0x8001012F
+	CO_E_LOOKUPACCSIDFAILED                                                   Handle        = 0x80010130
+	CO_E_NOMATCHINGNAMEFOUND                                                  Handle        = 0x80010131
+	CO_E_LOOKUPACCNAMEFAILED                                                  Handle        = 0x80010132
+	CO_E_SETSERLHNDLFAILED                                                    Handle        = 0x80010133
+	CO_E_FAILEDTOGETWINDIR                                                    Handle        = 0x80010134
+	CO_E_PATHTOOLONG                                                          Handle        = 0x80010135
+	CO_E_FAILEDTOGENUUID                                                      Handle        = 0x80010136
+	CO_E_FAILEDTOCREATEFILE                                                   Handle        = 0x80010137
+	CO_E_FAILEDTOCLOSEHANDLE                                                  Handle        = 0x80010138
+	CO_E_EXCEEDSYSACLLIMIT                                                    Handle        = 0x80010139
+	CO_E_ACESINWRONGORDER                                                     Handle        = 0x8001013A
+	CO_E_INCOMPATIBLESTREAMVERSION                                            Handle        = 0x8001013B
+	CO_E_FAILEDTOOPENPROCESSTOKEN                                             Handle        = 0x8001013C
+	CO_E_DECODEFAILED                                                         Handle        = 0x8001013D
+	CO_E_ACNOTINITIALIZED                                                     Handle        = 0x8001013F
+	CO_E_CANCEL_DISABLED                                                      Handle        = 0x80010140
+	RPC_E_UNEXPECTED                                                          Handle        = 0x8001FFFF
+	ERROR_AUDITING_DISABLED                                                   Handle        = 0xC0090001
+	ERROR_ALL_SIDS_FILTERED                                                   Handle        = 0xC0090002
+	ERROR_BIZRULES_NOT_ENABLED                                                Handle        = 0xC0090003
+	NTE_BAD_UID                                                               Handle        = 0x80090001
+	NTE_BAD_HASH                                                              Handle        = 0x80090002
+	NTE_BAD_KEY                                                               Handle        = 0x80090003
+	NTE_BAD_LEN                                                               Handle        = 0x80090004
+	NTE_BAD_DATA                                                              Handle        = 0x80090005
+	NTE_BAD_SIGNATURE                                                         Handle        = 0x80090006
+	NTE_BAD_VER                                                               Handle        = 0x80090007
+	NTE_BAD_ALGID                                                             Handle        = 0x80090008
+	NTE_BAD_FLAGS                                                             Handle        = 0x80090009
+	NTE_BAD_TYPE                                                              Handle        = 0x8009000A
+	NTE_BAD_KEY_STATE                                                         Handle        = 0x8009000B
+	NTE_BAD_HASH_STATE                                                        Handle        = 0x8009000C
+	NTE_NO_KEY                                                                Handle        = 0x8009000D
+	NTE_NO_MEMORY                                                             Handle        = 0x8009000E
+	NTE_EXISTS                                                                Handle        = 0x8009000F
+	NTE_PERM                                                                  Handle        = 0x80090010
+	NTE_NOT_FOUND                                                             Handle        = 0x80090011
+	NTE_DOUBLE_ENCRYPT                                                        Handle        = 0x80090012
+	NTE_BAD_PROVIDER                                                          Handle        = 0x80090013
+	NTE_BAD_PROV_TYPE                                                         Handle        = 0x80090014
+	NTE_BAD_PUBLIC_KEY                                                        Handle        = 0x80090015
+	NTE_BAD_KEYSET                                                            Handle        = 0x80090016
+	NTE_PROV_TYPE_NOT_DEF                                                     Handle        = 0x80090017
+	NTE_PROV_TYPE_ENTRY_BAD                                                   Handle        = 0x80090018
+	NTE_KEYSET_NOT_DEF                                                        Handle        = 0x80090019
+	NTE_KEYSET_ENTRY_BAD                                                      Handle        = 0x8009001A
+	NTE_PROV_TYPE_NO_MATCH                                                    Handle        = 0x8009001B
+	NTE_SIGNATURE_FILE_BAD                                                    Handle        = 0x8009001C
+	NTE_PROVIDER_DLL_FAIL                                                     Handle        = 0x8009001D
+	NTE_PROV_DLL_NOT_FOUND                                                    Handle        = 0x8009001E
+	NTE_BAD_KEYSET_PARAM                                                      Handle        = 0x8009001F
+	NTE_FAIL                                                                  Handle        = 0x80090020
+	NTE_SYS_ERR                                                               Handle        = 0x80090021
+	NTE_SILENT_CONTEXT                                                        Handle        = 0x80090022
+	NTE_TOKEN_KEYSET_STORAGE_FULL                                             Handle        = 0x80090023
+	NTE_TEMPORARY_PROFILE                                                     Handle        = 0x80090024
+	NTE_FIXEDPARAMETER                                                        Handle        = 0x80090025
+	NTE_INVALID_HANDLE                                                        Handle        = 0x80090026
+	NTE_INVALID_PARAMETER                                                     Handle        = 0x80090027
+	NTE_BUFFER_TOO_SMALL                                                      Handle        = 0x80090028
+	NTE_NOT_SUPPORTED                                                         Handle        = 0x80090029
+	NTE_NO_MORE_ITEMS                                                         Handle        = 0x8009002A
+	NTE_BUFFERS_OVERLAP                                                       Handle        = 0x8009002B
+	NTE_DECRYPTION_FAILURE                                                    Handle        = 0x8009002C
+	NTE_INTERNAL_ERROR                                                        Handle        = 0x8009002D
+	NTE_UI_REQUIRED                                                           Handle        = 0x8009002E
+	NTE_HMAC_NOT_SUPPORTED                                                    Handle        = 0x8009002F
+	NTE_DEVICE_NOT_READY                                                      Handle        = 0x80090030
+	NTE_AUTHENTICATION_IGNORED                                                Handle        = 0x80090031
+	NTE_VALIDATION_FAILED                                                     Handle        = 0x80090032
+	NTE_INCORRECT_PASSWORD                                                    Handle        = 0x80090033
+	NTE_ENCRYPTION_FAILURE                                                    Handle        = 0x80090034
+	NTE_DEVICE_NOT_FOUND                                                      Handle        = 0x80090035
+	NTE_USER_CANCELLED                                                        Handle        = 0x80090036
+	NTE_PASSWORD_CHANGE_REQUIRED                                              Handle        = 0x80090037
+	NTE_NOT_ACTIVE_CONSOLE                                                    Handle        = 0x80090038
+	SEC_E_INSUFFICIENT_MEMORY                                                 Handle        = 0x80090300
+	SEC_E_INVALID_HANDLE                                                      Handle        = 0x80090301
+	SEC_E_UNSUPPORTED_FUNCTION                                                Handle        = 0x80090302
+	SEC_E_TARGET_UNKNOWN                                                      Handle        = 0x80090303
+	SEC_E_INTERNAL_ERROR                                                      Handle        = 0x80090304
+	SEC_E_SECPKG_NOT_FOUND                                                    Handle        = 0x80090305
+	SEC_E_NOT_OWNER                                                           Handle        = 0x80090306
+	SEC_E_CANNOT_INSTALL                                                      Handle        = 0x80090307
+	SEC_E_INVALID_TOKEN                                                       Handle        = 0x80090308
+	SEC_E_CANNOT_PACK                                                         Handle        = 0x80090309
+	SEC_E_QOP_NOT_SUPPORTED                                                   Handle        = 0x8009030A
+	SEC_E_NO_IMPERSONATION                                                    Handle        = 0x8009030B
+	SEC_E_LOGON_DENIED                                                        Handle        = 0x8009030C
+	SEC_E_UNKNOWN_CREDENTIALS                                                 Handle        = 0x8009030D
+	SEC_E_NO_CREDENTIALS                                                      Handle        = 0x8009030E
+	SEC_E_MESSAGE_ALTERED                                                     Handle        = 0x8009030F
+	SEC_E_OUT_OF_SEQUENCE                                                     Handle        = 0x80090310
+	SEC_E_NO_AUTHENTICATING_AUTHORITY                                         Handle        = 0x80090311
+	SEC_I_CONTINUE_NEEDED                                                     Handle        = 0x00090312
+	SEC_I_COMPLETE_NEEDED                                                     Handle        = 0x00090313
+	SEC_I_COMPLETE_AND_CONTINUE                                               Handle        = 0x00090314
+	SEC_I_LOCAL_LOGON                                                         Handle        = 0x00090315
+	SEC_E_BAD_PKGID                                                           Handle        = 0x80090316
+	SEC_E_CONTEXT_EXPIRED                                                     Handle        = 0x80090317
+	SEC_I_CONTEXT_EXPIRED                                                     Handle        = 0x00090317
+	SEC_E_INCOMPLETE_MESSAGE                                                  Handle        = 0x80090318
+	SEC_E_INCOMPLETE_CREDENTIALS                                              Handle        = 0x80090320
+	SEC_E_BUFFER_TOO_SMALL                                                    Handle        = 0x80090321
+	SEC_I_INCOMPLETE_CREDENTIALS                                              Handle        = 0x00090320
+	SEC_I_RENEGOTIATE                                                         Handle        = 0x00090321
+	SEC_E_WRONG_PRINCIPAL                                                     Handle        = 0x80090322
+	SEC_I_NO_LSA_CONTEXT                                                      Handle        = 0x00090323
+	SEC_E_TIME_SKEW                                                           Handle        = 0x80090324
+	SEC_E_UNTRUSTED_ROOT                                                      Handle        = 0x80090325
+	SEC_E_ILLEGAL_MESSAGE                                                     Handle        = 0x80090326
+	SEC_E_CERT_UNKNOWN                                                        Handle        = 0x80090327
+	SEC_E_CERT_EXPIRED                                                        Handle        = 0x80090328
+	SEC_E_ENCRYPT_FAILURE                                                     Handle        = 0x80090329
+	SEC_E_DECRYPT_FAILURE                                                     Handle        = 0x80090330
+	SEC_E_ALGORITHM_MISMATCH                                                  Handle        = 0x80090331
+	SEC_E_SECURITY_QOS_FAILED                                                 Handle        = 0x80090332
+	SEC_E_UNFINISHED_CONTEXT_DELETED                                          Handle        = 0x80090333
+	SEC_E_NO_TGT_REPLY                                                        Handle        = 0x80090334
+	SEC_E_NO_IP_ADDRESSES                                                     Handle        = 0x80090335
+	SEC_E_WRONG_CREDENTIAL_HANDLE                                             Handle        = 0x80090336
+	SEC_E_CRYPTO_SYSTEM_INVALID                                               Handle        = 0x80090337
+	SEC_E_MAX_REFERRALS_EXCEEDED                                              Handle        = 0x80090338
+	SEC_E_MUST_BE_KDC                                                         Handle        = 0x80090339
+	SEC_E_STRONG_CRYPTO_NOT_SUPPORTED                                         Handle        = 0x8009033A
+	SEC_E_TOO_MANY_PRINCIPALS                                                 Handle        = 0x8009033B
+	SEC_E_NO_PA_DATA                                                          Handle        = 0x8009033C
+	SEC_E_PKINIT_NAME_MISMATCH                                                Handle        = 0x8009033D
+	SEC_E_SMARTCARD_LOGON_REQUIRED                                            Handle        = 0x8009033E
+	SEC_E_SHUTDOWN_IN_PROGRESS                                                Handle        = 0x8009033F
+	SEC_E_KDC_INVALID_REQUEST                                                 Handle        = 0x80090340
+	SEC_E_KDC_UNABLE_TO_REFER                                                 Handle        = 0x80090341
+	SEC_E_KDC_UNKNOWN_ETYPE                                                   Handle        = 0x80090342
+	SEC_E_UNSUPPORTED_PREAUTH                                                 Handle        = 0x80090343
+	SEC_E_DELEGATION_REQUIRED                                                 Handle        = 0x80090345
+	SEC_E_BAD_BINDINGS                                                        Handle        = 0x80090346
+	SEC_E_MULTIPLE_ACCOUNTS                                                   Handle        = 0x80090347
+	SEC_E_NO_KERB_KEY                                                         Handle        = 0x80090348
+	SEC_E_CERT_WRONG_USAGE                                                    Handle        = 0x80090349
+	SEC_E_DOWNGRADE_DETECTED                                                  Handle        = 0x80090350
+	SEC_E_SMARTCARD_CERT_REVOKED                                              Handle        = 0x80090351
+	SEC_E_ISSUING_CA_UNTRUSTED                                                Handle        = 0x80090352
+	SEC_E_REVOCATION_OFFLINE_C                                                Handle        = 0x80090353
+	SEC_E_PKINIT_CLIENT_FAILURE                                               Handle        = 0x80090354
+	SEC_E_SMARTCARD_CERT_EXPIRED                                              Handle        = 0x80090355
+	SEC_E_NO_S4U_PROT_SUPPORT                                                 Handle        = 0x80090356
+	SEC_E_CROSSREALM_DELEGATION_FAILURE                                       Handle        = 0x80090357
+	SEC_E_REVOCATION_OFFLINE_KDC                                              Handle        = 0x80090358
+	SEC_E_ISSUING_CA_UNTRUSTED_KDC                                            Handle        = 0x80090359
+	SEC_E_KDC_CERT_EXPIRED                                                    Handle        = 0x8009035A
+	SEC_E_KDC_CERT_REVOKED                                                    Handle        = 0x8009035B
+	SEC_I_SIGNATURE_NEEDED                                                    Handle        = 0x0009035C
+	SEC_E_INVALID_PARAMETER                                                   Handle        = 0x8009035D
+	SEC_E_DELEGATION_POLICY                                                   Handle        = 0x8009035E
+	SEC_E_POLICY_NLTM_ONLY                                                    Handle        = 0x8009035F
+	SEC_I_NO_RENEGOTIATION                                                    Handle        = 0x00090360
+	SEC_E_NO_CONTEXT                                                          Handle        = 0x80090361
+	SEC_E_PKU2U_CERT_FAILURE                                                  Handle        = 0x80090362
+	SEC_E_MUTUAL_AUTH_FAILED                                                  Handle        = 0x80090363
+	SEC_I_MESSAGE_FRAGMENT                                                    Handle        = 0x00090364
+	SEC_E_ONLY_HTTPS_ALLOWED                                                  Handle        = 0x80090365
+	SEC_I_CONTINUE_NEEDED_MESSAGE_OK                                          Handle        = 0x00090366
+	SEC_E_APPLICATION_PROTOCOL_MISMATCH                                       Handle        = 0x80090367
+	SEC_I_ASYNC_CALL_PENDING                                                  Handle        = 0x00090368
+	SEC_E_INVALID_UPN_NAME                                                    Handle        = 0x80090369
+	SEC_E_NO_SPM                                                                            = SEC_E_INTERNAL_ERROR
+	SEC_E_NOT_SUPPORTED                                                                     = SEC_E_UNSUPPORTED_FUNCTION
+	CRYPT_E_MSG_ERROR                                                         Handle        = 0x80091001
+	CRYPT_E_UNKNOWN_ALGO                                                      Handle        = 0x80091002
+	CRYPT_E_OID_FORMAT                                                        Handle        = 0x80091003
+	CRYPT_E_INVALID_MSG_TYPE                                                  Handle        = 0x80091004
+	CRYPT_E_UNEXPECTED_ENCODING                                               Handle        = 0x80091005
+	CRYPT_E_AUTH_ATTR_MISSING                                                 Handle        = 0x80091006
+	CRYPT_E_HASH_VALUE                                                        Handle        = 0x80091007
+	CRYPT_E_INVALID_INDEX                                                     Handle        = 0x80091008
+	CRYPT_E_ALREADY_DECRYPTED                                                 Handle        = 0x80091009
+	CRYPT_E_NOT_DECRYPTED                                                     Handle        = 0x8009100A
+	CRYPT_E_RECIPIENT_NOT_FOUND                                               Handle        = 0x8009100B
+	CRYPT_E_CONTROL_TYPE                                                      Handle        = 0x8009100C
+	CRYPT_E_ISSUER_SERIALNUMBER                                               Handle        = 0x8009100D
+	CRYPT_E_SIGNER_NOT_FOUND                                                  Handle        = 0x8009100E
+	CRYPT_E_ATTRIBUTES_MISSING                                                Handle        = 0x8009100F
+	CRYPT_E_STREAM_MSG_NOT_READY                                              Handle        = 0x80091010
+	CRYPT_E_STREAM_INSUFFICIENT_DATA                                          Handle        = 0x80091011
+	CRYPT_I_NEW_PROTECTION_REQUIRED                                           Handle        = 0x00091012
+	CRYPT_E_BAD_LEN                                                           Handle        = 0x80092001
+	CRYPT_E_BAD_ENCODE                                                        Handle        = 0x80092002
+	CRYPT_E_FILE_ERROR                                                        Handle        = 0x80092003
+	CRYPT_E_NOT_FOUND                                                         Handle        = 0x80092004
+	CRYPT_E_EXISTS                                                            Handle        = 0x80092005
+	CRYPT_E_NO_PROVIDER                                                       Handle        = 0x80092006
+	CRYPT_E_SELF_SIGNED                                                       Handle        = 0x80092007
+	CRYPT_E_DELETED_PREV                                                      Handle        = 0x80092008
+	CRYPT_E_NO_MATCH                                                          Handle        = 0x80092009
+	CRYPT_E_UNEXPECTED_MSG_TYPE                                               Handle        = 0x8009200A
+	CRYPT_E_NO_KEY_PROPERTY                                                   Handle        = 0x8009200B
+	CRYPT_E_NO_DECRYPT_CERT                                                   Handle        = 0x8009200C
+	CRYPT_E_BAD_MSG                                                           Handle        = 0x8009200D
+	CRYPT_E_NO_SIGNER                                                         Handle        = 0x8009200E
+	CRYPT_E_PENDING_CLOSE                                                     Handle        = 0x8009200F
+	CRYPT_E_REVOKED                                                           Handle        = 0x80092010
+	CRYPT_E_NO_REVOCATION_DLL                                                 Handle        = 0x80092011
+	CRYPT_E_NO_REVOCATION_CHECK                                               Handle        = 0x80092012
+	CRYPT_E_REVOCATION_OFFLINE                                                Handle        = 0x80092013
+	CRYPT_E_NOT_IN_REVOCATION_DATABASE                                        Handle        = 0x80092014
+	CRYPT_E_INVALID_NUMERIC_STRING                                            Handle        = 0x80092020
+	CRYPT_E_INVALID_PRINTABLE_STRING                                          Handle        = 0x80092021
+	CRYPT_E_INVALID_IA5_STRING                                                Handle        = 0x80092022
+	CRYPT_E_INVALID_X500_STRING                                               Handle        = 0x80092023
+	CRYPT_E_NOT_CHAR_STRING                                                   Handle        = 0x80092024
+	CRYPT_E_FILERESIZED                                                       Handle        = 0x80092025
+	CRYPT_E_SECURITY_SETTINGS                                                 Handle        = 0x80092026
+	CRYPT_E_NO_VERIFY_USAGE_DLL                                               Handle        = 0x80092027
+	CRYPT_E_NO_VERIFY_USAGE_CHECK                                             Handle        = 0x80092028
+	CRYPT_E_VERIFY_USAGE_OFFLINE                                              Handle        = 0x80092029
+	CRYPT_E_NOT_IN_CTL                                                        Handle        = 0x8009202A
+	CRYPT_E_NO_TRUSTED_SIGNER                                                 Handle        = 0x8009202B
+	CRYPT_E_MISSING_PUBKEY_PARA                                               Handle        = 0x8009202C
+	CRYPT_E_OBJECT_LOCATOR_OBJECT_NOT_FOUND                                   Handle        = 0x8009202D
+	CRYPT_E_OSS_ERROR                                                         Handle        = 0x80093000
+	OSS_MORE_BUF                                                              Handle        = 0x80093001
+	OSS_NEGATIVE_UINTEGER                                                     Handle        = 0x80093002
+	OSS_PDU_RANGE                                                             Handle        = 0x80093003
+	OSS_MORE_INPUT                                                            Handle        = 0x80093004
+	OSS_DATA_ERROR                                                            Handle        = 0x80093005
+	OSS_BAD_ARG                                                               Handle        = 0x80093006
+	OSS_BAD_VERSION                                                           Handle        = 0x80093007
+	OSS_OUT_MEMORY                                                            Handle        = 0x80093008
+	OSS_PDU_MISMATCH                                                          Handle        = 0x80093009
+	OSS_LIMITED                                                               Handle        = 0x8009300A
+	OSS_BAD_PTR                                                               Handle        = 0x8009300B
+	OSS_BAD_TIME                                                              Handle        = 0x8009300C
+	OSS_INDEFINITE_NOT_SUPPORTED                                              Handle        = 0x8009300D
+	OSS_MEM_ERROR                                                             Handle        = 0x8009300E
+	OSS_BAD_TABLE                                                             Handle        = 0x8009300F
+	OSS_TOO_LONG                                                              Handle        = 0x80093010
+	OSS_CONSTRAINT_VIOLATED                                                   Handle        = 0x80093011
+	OSS_FATAL_ERROR                                                           Handle        = 0x80093012
+	OSS_ACCESS_SERIALIZATION_ERROR                                            Handle        = 0x80093013
+	OSS_NULL_TBL                                                              Handle        = 0x80093014
+	OSS_NULL_FCN                                                              Handle        = 0x80093015
+	OSS_BAD_ENCRULES                                                          Handle        = 0x80093016
+	OSS_UNAVAIL_ENCRULES                                                      Handle        = 0x80093017
+	OSS_CANT_OPEN_TRACE_WINDOW                                                Handle        = 0x80093018
+	OSS_UNIMPLEMENTED                                                         Handle        = 0x80093019
+	OSS_OID_DLL_NOT_LINKED                                                    Handle        = 0x8009301A
+	OSS_CANT_OPEN_TRACE_FILE                                                  Handle        = 0x8009301B
+	OSS_TRACE_FILE_ALREADY_OPEN                                               Handle        = 0x8009301C
+	OSS_TABLE_MISMATCH                                                        Handle        = 0x8009301D
+	OSS_TYPE_NOT_SUPPORTED                                                    Handle        = 0x8009301E
+	OSS_REAL_DLL_NOT_LINKED                                                   Handle        = 0x8009301F
+	OSS_REAL_CODE_NOT_LINKED                                                  Handle        = 0x80093020
+	OSS_OUT_OF_RANGE                                                          Handle        = 0x80093021
+	OSS_COPIER_DLL_NOT_LINKED                                                 Handle        = 0x80093022
+	OSS_CONSTRAINT_DLL_NOT_LINKED                                             Handle        = 0x80093023
+	OSS_COMPARATOR_DLL_NOT_LINKED                                             Handle        = 0x80093024
+	OSS_COMPARATOR_CODE_NOT_LINKED                                            Handle        = 0x80093025
+	OSS_MEM_MGR_DLL_NOT_LINKED                                                Handle        = 0x80093026
+	OSS_PDV_DLL_NOT_LINKED                                                    Handle        = 0x80093027
+	OSS_PDV_CODE_NOT_LINKED                                                   Handle        = 0x80093028
+	OSS_API_DLL_NOT_LINKED                                                    Handle        = 0x80093029
+	OSS_BERDER_DLL_NOT_LINKED                                                 Handle        = 0x8009302A
+	OSS_PER_DLL_NOT_LINKED                                                    Handle        = 0x8009302B
+	OSS_OPEN_TYPE_ERROR                                                       Handle        = 0x8009302C
+	OSS_MUTEX_NOT_CREATED                                                     Handle        = 0x8009302D
+	OSS_CANT_CLOSE_TRACE_FILE                                                 Handle        = 0x8009302E
+	CRYPT_E_ASN1_ERROR                                                        Handle        = 0x80093100
+	CRYPT_E_ASN1_INTERNAL                                                     Handle        = 0x80093101
+	CRYPT_E_ASN1_EOD                                                          Handle        = 0x80093102
+	CRYPT_E_ASN1_CORRUPT                                                      Handle        = 0x80093103
+	CRYPT_E_ASN1_LARGE                                                        Handle        = 0x80093104
+	CRYPT_E_ASN1_CONSTRAINT                                                   Handle        = 0x80093105
+	CRYPT_E_ASN1_MEMORY                                                       Handle        = 0x80093106
+	CRYPT_E_ASN1_OVERFLOW                                                     Handle        = 0x80093107
+	CRYPT_E_ASN1_BADPDU                                                       Handle        = 0x80093108
+	CRYPT_E_ASN1_BADARGS                                                      Handle        = 0x80093109
+	CRYPT_E_ASN1_BADREAL                                                      Handle        = 0x8009310A
+	CRYPT_E_ASN1_BADTAG                                                       Handle        = 0x8009310B
+	CRYPT_E_ASN1_CHOICE                                                       Handle        = 0x8009310C
+	CRYPT_E_ASN1_RULE                                                         Handle        = 0x8009310D
+	CRYPT_E_ASN1_UTF8                                                         Handle        = 0x8009310E
+	CRYPT_E_ASN1_PDU_TYPE                                                     Handle        = 0x80093133
+	CRYPT_E_ASN1_NYI                                                          Handle        = 0x80093134
+	CRYPT_E_ASN1_EXTENDED                                                     Handle        = 0x80093201
+	CRYPT_E_ASN1_NOEOD                                                        Handle        = 0x80093202
+	CERTSRV_E_BAD_REQUESTSUBJECT                                              Handle        = 0x80094001
+	CERTSRV_E_NO_REQUEST                                                      Handle        = 0x80094002
+	CERTSRV_E_BAD_REQUESTSTATUS                                               Handle        = 0x80094003
+	CERTSRV_E_PROPERTY_EMPTY                                                  Handle        = 0x80094004
+	CERTSRV_E_INVALID_CA_CERTIFICATE                                          Handle        = 0x80094005
+	CERTSRV_E_SERVER_SUSPENDED                                                Handle        = 0x80094006
+	CERTSRV_E_ENCODING_LENGTH                                                 Handle        = 0x80094007
+	CERTSRV_E_ROLECONFLICT                                                    Handle        = 0x80094008
+	CERTSRV_E_RESTRICTEDOFFICER                                               Handle        = 0x80094009
+	CERTSRV_E_KEY_ARCHIVAL_NOT_CONFIGURED                                     Handle        = 0x8009400A
+	CERTSRV_E_NO_VALID_KRA                                                    Handle        = 0x8009400B
+	CERTSRV_E_BAD_REQUEST_KEY_ARCHIVAL                                        Handle        = 0x8009400C
+	CERTSRV_E_NO_CAADMIN_DEFINED                                              Handle        = 0x8009400D
+	CERTSRV_E_BAD_RENEWAL_CERT_ATTRIBUTE                                      Handle        = 0x8009400E
+	CERTSRV_E_NO_DB_SESSIONS                                                  Handle        = 0x8009400F
+	CERTSRV_E_ALIGNMENT_FAULT                                                 Handle        = 0x80094010
+	CERTSRV_E_ENROLL_DENIED                                                   Handle        = 0x80094011
+	CERTSRV_E_TEMPLATE_DENIED                                                 Handle        = 0x80094012
+	CERTSRV_E_DOWNLEVEL_DC_SSL_OR_UPGRADE                                     Handle        = 0x80094013
+	CERTSRV_E_ADMIN_DENIED_REQUEST                                            Handle        = 0x80094014
+	CERTSRV_E_NO_POLICY_SERVER                                                Handle        = 0x80094015
+	CERTSRV_E_WEAK_SIGNATURE_OR_KEY                                           Handle        = 0x80094016
+	CERTSRV_E_KEY_ATTESTATION_NOT_SUPPORTED                                   Handle        = 0x80094017
+	CERTSRV_E_ENCRYPTION_CERT_REQUIRED                                        Handle        = 0x80094018
+	CERTSRV_E_UNSUPPORTED_CERT_TYPE                                           Handle        = 0x80094800
+	CERTSRV_E_NO_CERT_TYPE                                                    Handle        = 0x80094801
+	CERTSRV_E_TEMPLATE_CONFLICT                                               Handle        = 0x80094802
+	CERTSRV_E_SUBJECT_ALT_NAME_REQUIRED                                       Handle        = 0x80094803
+	CERTSRV_E_ARCHIVED_KEY_REQUIRED                                           Handle        = 0x80094804
+	CERTSRV_E_SMIME_REQUIRED                                                  Handle        = 0x80094805
+	CERTSRV_E_BAD_RENEWAL_SUBJECT                                             Handle        = 0x80094806
+	CERTSRV_E_BAD_TEMPLATE_VERSION                                            Handle        = 0x80094807
+	CERTSRV_E_TEMPLATE_POLICY_REQUIRED                                        Handle        = 0x80094808
+	CERTSRV_E_SIGNATURE_POLICY_REQUIRED                                       Handle        = 0x80094809
+	CERTSRV_E_SIGNATURE_COUNT                                                 Handle        = 0x8009480A
+	CERTSRV_E_SIGNATURE_REJECTED                                              Handle        = 0x8009480B
+	CERTSRV_E_ISSUANCE_POLICY_REQUIRED                                        Handle        = 0x8009480C
+	CERTSRV_E_SUBJECT_UPN_REQUIRED                                            Handle        = 0x8009480D
+	CERTSRV_E_SUBJECT_DIRECTORY_GUID_REQUIRED                                 Handle        = 0x8009480E
+	CERTSRV_E_SUBJECT_DNS_REQUIRED                                            Handle        = 0x8009480F
+	CERTSRV_E_ARCHIVED_KEY_UNEXPECTED                                         Handle        = 0x80094810
+	CERTSRV_E_KEY_LENGTH                                                      Handle        = 0x80094811
+	CERTSRV_E_SUBJECT_EMAIL_REQUIRED                                          Handle        = 0x80094812
+	CERTSRV_E_UNKNOWN_CERT_TYPE                                               Handle        = 0x80094813
+	CERTSRV_E_CERT_TYPE_OVERLAP                                               Handle        = 0x80094814
+	CERTSRV_E_TOO_MANY_SIGNATURES                                             Handle        = 0x80094815
+	CERTSRV_E_RENEWAL_BAD_PUBLIC_KEY                                          Handle        = 0x80094816
+	CERTSRV_E_INVALID_EK                                                      Handle        = 0x80094817
+	CERTSRV_E_INVALID_IDBINDING                                               Handle        = 0x80094818
+	CERTSRV_E_INVALID_ATTESTATION                                             Handle        = 0x80094819
+	CERTSRV_E_KEY_ATTESTATION                                                 Handle        = 0x8009481A
+	CERTSRV_E_CORRUPT_KEY_ATTESTATION                                         Handle        = 0x8009481B
+	CERTSRV_E_EXPIRED_CHALLENGE                                               Handle        = 0x8009481C
+	CERTSRV_E_INVALID_RESPONSE                                                Handle        = 0x8009481D
+	CERTSRV_E_INVALID_REQUESTID                                               Handle        = 0x8009481E
+	CERTSRV_E_REQUEST_PRECERTIFICATE_MISMATCH                                 Handle        = 0x8009481F
+	CERTSRV_E_PENDING_CLIENT_RESPONSE                                         Handle        = 0x80094820
+	XENROLL_E_KEY_NOT_EXPORTABLE                                              Handle        = 0x80095000
+	XENROLL_E_CANNOT_ADD_ROOT_CERT                                            Handle        = 0x80095001
+	XENROLL_E_RESPONSE_KA_HASH_NOT_FOUND                                      Handle        = 0x80095002
+	XENROLL_E_RESPONSE_UNEXPECTED_KA_HASH                                     Handle        = 0x80095003
+	XENROLL_E_RESPONSE_KA_HASH_MISMATCH                                       Handle        = 0x80095004
+	XENROLL_E_KEYSPEC_SMIME_MISMATCH                                          Handle        = 0x80095005
+	TRUST_E_SYSTEM_ERROR                                                      Handle        = 0x80096001
+	TRUST_E_NO_SIGNER_CERT                                                    Handle        = 0x80096002
+	TRUST_E_COUNTER_SIGNER                                                    Handle        = 0x80096003
+	TRUST_E_CERT_SIGNATURE                                                    Handle        = 0x80096004
+	TRUST_E_TIME_STAMP                                                        Handle        = 0x80096005
+	TRUST_E_BAD_DIGEST                                                        Handle        = 0x80096010
+	TRUST_E_MALFORMED_SIGNATURE                                               Handle        = 0x80096011
+	TRUST_E_BASIC_CONSTRAINTS                                                 Handle        = 0x80096019
+	TRUST_E_FINANCIAL_CRITERIA                                                Handle        = 0x8009601E
+	MSSIPOTF_E_OUTOFMEMRANGE                                                  Handle        = 0x80097001
+	MSSIPOTF_E_CANTGETOBJECT                                                  Handle        = 0x80097002
+	MSSIPOTF_E_NOHEADTABLE                                                    Handle        = 0x80097003
+	MSSIPOTF_E_BAD_MAGICNUMBER                                                Handle        = 0x80097004
+	MSSIPOTF_E_BAD_OFFSET_TABLE                                               Handle        = 0x80097005
+	MSSIPOTF_E_TABLE_TAGORDER                                                 Handle        = 0x80097006
+	MSSIPOTF_E_TABLE_LONGWORD                                                 Handle        = 0x80097007
+	MSSIPOTF_E_BAD_FIRST_TABLE_PLACEMENT                                      Handle        = 0x80097008
+	MSSIPOTF_E_TABLES_OVERLAP                                                 Handle        = 0x80097009
+	MSSIPOTF_E_TABLE_PADBYTES                                                 Handle        = 0x8009700A
+	MSSIPOTF_E_FILETOOSMALL                                                   Handle        = 0x8009700B
+	MSSIPOTF_E_TABLE_CHECKSUM                                                 Handle        = 0x8009700C
+	MSSIPOTF_E_FILE_CHECKSUM                                                  Handle        = 0x8009700D
+	MSSIPOTF_E_FAILED_POLICY                                                  Handle        = 0x80097010
+	MSSIPOTF_E_FAILED_HINTS_CHECK                                             Handle        = 0x80097011
+	MSSIPOTF_E_NOT_OPENTYPE                                                   Handle        = 0x80097012
+	MSSIPOTF_E_FILE                                                           Handle        = 0x80097013
+	MSSIPOTF_E_CRYPT                                                          Handle        = 0x80097014
+	MSSIPOTF_E_BADVERSION                                                     Handle        = 0x80097015
+	MSSIPOTF_E_DSIG_STRUCTURE                                                 Handle        = 0x80097016
+	MSSIPOTF_E_PCONST_CHECK                                                   Handle        = 0x80097017
+	MSSIPOTF_E_STRUCTURE                                                      Handle        = 0x80097018
+	ERROR_CRED_REQUIRES_CONFIRMATION                                          Handle        = 0x80097019
+	NTE_OP_OK                                                                 syscall.Errno = 0
+	TRUST_E_PROVIDER_UNKNOWN                                                  Handle        = 0x800B0001
+	TRUST_E_ACTION_UNKNOWN                                                    Handle        = 0x800B0002
+	TRUST_E_SUBJECT_FORM_UNKNOWN                                              Handle        = 0x800B0003
+	TRUST_E_SUBJECT_NOT_TRUSTED                                               Handle        = 0x800B0004
+	DIGSIG_E_ENCODE                                                           Handle        = 0x800B0005
+	DIGSIG_E_DECODE                                                           Handle        = 0x800B0006
+	DIGSIG_E_EXTENSIBILITY                                                    Handle        = 0x800B0007
+	DIGSIG_E_CRYPTO                                                           Handle        = 0x800B0008
+	PERSIST_E_SIZEDEFINITE                                                    Handle        = 0x800B0009
+	PERSIST_E_SIZEINDEFINITE                                                  Handle        = 0x800B000A
+	PERSIST_E_NOTSELFSIZING                                                   Handle        = 0x800B000B
+	TRUST_E_NOSIGNATURE                                                       Handle        = 0x800B0100
+	CERT_E_EXPIRED                                                            Handle        = 0x800B0101
+	CERT_E_VALIDITYPERIODNESTING                                              Handle        = 0x800B0102
+	CERT_E_ROLE                                                               Handle        = 0x800B0103
+	CERT_E_PATHLENCONST                                                       Handle        = 0x800B0104
+	CERT_E_CRITICAL                                                           Handle        = 0x800B0105
+	CERT_E_PURPOSE                                                            Handle        = 0x800B0106
+	CERT_E_ISSUERCHAINING                                                     Handle        = 0x800B0107
+	CERT_E_MALFORMED                                                          Handle        = 0x800B0108
+	CERT_E_UNTRUSTEDROOT                                                      Handle        = 0x800B0109
+	CERT_E_CHAINING                                                           Handle        = 0x800B010A
+	TRUST_E_FAIL                                                              Handle        = 0x800B010B
+	CERT_E_REVOKED                                                            Handle        = 0x800B010C
+	CERT_E_UNTRUSTEDTESTROOT                                                  Handle        = 0x800B010D
+	CERT_E_REVOCATION_FAILURE                                                 Handle        = 0x800B010E
+	CERT_E_CN_NO_MATCH                                                        Handle        = 0x800B010F
+	CERT_E_WRONG_USAGE                                                        Handle        = 0x800B0110
+	TRUST_E_EXPLICIT_DISTRUST                                                 Handle        = 0x800B0111
+	CERT_E_UNTRUSTEDCA                                                        Handle        = 0x800B0112
+	CERT_E_INVALID_POLICY                                                     Handle        = 0x800B0113
+	CERT_E_INVALID_NAME                                                       Handle        = 0x800B0114
+	SPAPI_E_EXPECTED_SECTION_NAME                                             Handle        = 0x800F0000
+	SPAPI_E_BAD_SECTION_NAME_LINE                                             Handle        = 0x800F0001
+	SPAPI_E_SECTION_NAME_TOO_LONG                                             Handle        = 0x800F0002
+	SPAPI_E_GENERAL_SYNTAX                                                    Handle        = 0x800F0003
+	SPAPI_E_WRONG_INF_STYLE                                                   Handle        = 0x800F0100
+	SPAPI_E_SECTION_NOT_FOUND                                                 Handle        = 0x800F0101
+	SPAPI_E_LINE_NOT_FOUND                                                    Handle        = 0x800F0102
+	SPAPI_E_NO_BACKUP                                                         Handle        = 0x800F0103
+	SPAPI_E_NO_ASSOCIATED_CLASS                                               Handle        = 0x800F0200
+	SPAPI_E_CLASS_MISMATCH                                                    Handle        = 0x800F0201
+	SPAPI_E_DUPLICATE_FOUND                                                   Handle        = 0x800F0202
+	SPAPI_E_NO_DRIVER_SELECTED                                                Handle        = 0x800F0203
+	SPAPI_E_KEY_DOES_NOT_EXIST                                                Handle        = 0x800F0204
+	SPAPI_E_INVALID_DEVINST_NAME                                              Handle        = 0x800F0205
+	SPAPI_E_INVALID_CLASS                                                     Handle        = 0x800F0206
+	SPAPI_E_DEVINST_ALREADY_EXISTS                                            Handle        = 0x800F0207
+	SPAPI_E_DEVINFO_NOT_REGISTERED                                            Handle        = 0x800F0208
+	SPAPI_E_INVALID_REG_PROPERTY                                              Handle        = 0x800F0209
+	SPAPI_E_NO_INF                                                            Handle        = 0x800F020A
+	SPAPI_E_NO_SUCH_DEVINST                                                   Handle        = 0x800F020B
+	SPAPI_E_CANT_LOAD_CLASS_ICON                                              Handle        = 0x800F020C
+	SPAPI_E_INVALID_CLASS_INSTALLER                                           Handle        = 0x800F020D
+	SPAPI_E_DI_DO_DEFAULT                                                     Handle        = 0x800F020E
+	SPAPI_E_DI_NOFILECOPY                                                     Handle        = 0x800F020F
+	SPAPI_E_INVALID_HWPROFILE                                                 Handle        = 0x800F0210
+	SPAPI_E_NO_DEVICE_SELECTED                                                Handle        = 0x800F0211
+	SPAPI_E_DEVINFO_LIST_LOCKED                                               Handle        = 0x800F0212
+	SPAPI_E_DEVINFO_DATA_LOCKED                                               Handle        = 0x800F0213
+	SPAPI_E_DI_BAD_PATH                                                       Handle        = 0x800F0214
+	SPAPI_E_NO_CLASSINSTALL_PARAMS                                            Handle        = 0x800F0215
+	SPAPI_E_FILEQUEUE_LOCKED                                                  Handle        = 0x800F0216
+	SPAPI_E_BAD_SERVICE_INSTALLSECT                                           Handle        = 0x800F0217
+	SPAPI_E_NO_CLASS_DRIVER_LIST                                              Handle        = 0x800F0218
+	SPAPI_E_NO_ASSOCIATED_SERVICE                                             Handle        = 0x800F0219
+	SPAPI_E_NO_DEFAULT_DEVICE_INTERFACE                                       Handle        = 0x800F021A
+	SPAPI_E_DEVICE_INTERFACE_ACTIVE                                           Handle        = 0x800F021B
+	SPAPI_E_DEVICE_INTERFACE_REMOVED                                          Handle        = 0x800F021C
+	SPAPI_E_BAD_INTERFACE_INSTALLSECT                                         Handle        = 0x800F021D
+	SPAPI_E_NO_SUCH_INTERFACE_CLASS                                           Handle        = 0x800F021E
+	SPAPI_E_INVALID_REFERENCE_STRING                                          Handle        = 0x800F021F
+	SPAPI_E_INVALID_MACHINENAME                                               Handle        = 0x800F0220
+	SPAPI_E_REMOTE_COMM_FAILURE                                               Handle        = 0x800F0221
+	SPAPI_E_MACHINE_UNAVAILABLE                                               Handle        = 0x800F0222
+	SPAPI_E_NO_CONFIGMGR_SERVICES                                             Handle        = 0x800F0223
+	SPAPI_E_INVALID_PROPPAGE_PROVIDER                                         Handle        = 0x800F0224
+	SPAPI_E_NO_SUCH_DEVICE_INTERFACE                                          Handle        = 0x800F0225
+	SPAPI_E_DI_POSTPROCESSING_REQUIRED                                        Handle        = 0x800F0226
+	SPAPI_E_INVALID_COINSTALLER                                               Handle        = 0x800F0227
+	SPAPI_E_NO_COMPAT_DRIVERS                                                 Handle        = 0x800F0228
+	SPAPI_E_NO_DEVICE_ICON                                                    Handle        = 0x800F0229
+	SPAPI_E_INVALID_INF_LOGCONFIG                                             Handle        = 0x800F022A
+	SPAPI_E_DI_DONT_INSTALL                                                   Handle        = 0x800F022B
+	SPAPI_E_INVALID_FILTER_DRIVER                                             Handle        = 0x800F022C
+	SPAPI_E_NON_WINDOWS_NT_DRIVER                                             Handle        = 0x800F022D
+	SPAPI_E_NON_WINDOWS_DRIVER                                                Handle        = 0x800F022E
+	SPAPI_E_NO_CATALOG_FOR_OEM_INF                                            Handle        = 0x800F022F
+	SPAPI_E_DEVINSTALL_QUEUE_NONNATIVE                                        Handle        = 0x800F0230
+	SPAPI_E_NOT_DISABLEABLE                                                   Handle        = 0x800F0231
+	SPAPI_E_CANT_REMOVE_DEVINST                                               Handle        = 0x800F0232
+	SPAPI_E_INVALID_TARGET                                                    Handle        = 0x800F0233
+	SPAPI_E_DRIVER_NONNATIVE                                                  Handle        = 0x800F0234
+	SPAPI_E_IN_WOW64                                                          Handle        = 0x800F0235
+	SPAPI_E_SET_SYSTEM_RESTORE_POINT                                          Handle        = 0x800F0236
+	SPAPI_E_INCORRECTLY_COPIED_INF                                            Handle        = 0x800F0237
+	SPAPI_E_SCE_DISABLED                                                      Handle        = 0x800F0238
+	SPAPI_E_UNKNOWN_EXCEPTION                                                 Handle        = 0x800F0239
+	SPAPI_E_PNP_REGISTRY_ERROR                                                Handle        = 0x800F023A
+	SPAPI_E_REMOTE_REQUEST_UNSUPPORTED                                        Handle        = 0x800F023B
+	SPAPI_E_NOT_AN_INSTALLED_OEM_INF                                          Handle        = 0x800F023C
+	SPAPI_E_INF_IN_USE_BY_DEVICES                                             Handle        = 0x800F023D
+	SPAPI_E_DI_FUNCTION_OBSOLETE                                              Handle        = 0x800F023E
+	SPAPI_E_NO_AUTHENTICODE_CATALOG                                           Handle        = 0x800F023F
+	SPAPI_E_AUTHENTICODE_DISALLOWED                                           Handle        = 0x800F0240
+	SPAPI_E_AUTHENTICODE_TRUSTED_PUBLISHER                                    Handle        = 0x800F0241
+	SPAPI_E_AUTHENTICODE_TRUST_NOT_ESTABLISHED                                Handle        = 0x800F0242
+	SPAPI_E_AUTHENTICODE_PUBLISHER_NOT_TRUSTED                                Handle        = 0x800F0243
+	SPAPI_E_SIGNATURE_OSATTRIBUTE_MISMATCH                                    Handle        = 0x800F0244
+	SPAPI_E_ONLY_VALIDATE_VIA_AUTHENTICODE                                    Handle        = 0x800F0245
+	SPAPI_E_DEVICE_INSTALLER_NOT_READY                                        Handle        = 0x800F0246
+	SPAPI_E_DRIVER_STORE_ADD_FAILED                                           Handle        = 0x800F0247
+	SPAPI_E_DEVICE_INSTALL_BLOCKED                                            Handle        = 0x800F0248
+	SPAPI_E_DRIVER_INSTALL_BLOCKED                                            Handle        = 0x800F0249
+	SPAPI_E_WRONG_INF_TYPE                                                    Handle        = 0x800F024A
+	SPAPI_E_FILE_HASH_NOT_IN_CATALOG                                          Handle        = 0x800F024B
+	SPAPI_E_DRIVER_STORE_DELETE_FAILED                                        Handle        = 0x800F024C
+	SPAPI_E_UNRECOVERABLE_STACK_OVERFLOW                                      Handle        = 0x800F0300
+	SPAPI_E_ERROR_NOT_INSTALLED                                               Handle        = 0x800F1000
+	SCARD_S_SUCCESS                                                                         = S_OK
+	SCARD_F_INTERNAL_ERROR                                                    Handle        = 0x80100001
+	SCARD_E_CANCELLED                                                         Handle        = 0x80100002
+	SCARD_E_INVALID_HANDLE                                                    Handle        = 0x80100003
+	SCARD_E_INVALID_PARAMETER                                                 Handle        = 0x80100004
+	SCARD_E_INVALID_TARGET                                                    Handle        = 0x80100005
+	SCARD_E_NO_MEMORY                                                         Handle        = 0x80100006
+	SCARD_F_WAITED_TOO_LONG                                                   Handle        = 0x80100007
+	SCARD_E_INSUFFICIENT_BUFFER                                               Handle        = 0x80100008
+	SCARD_E_UNKNOWN_READER                                                    Handle        = 0x80100009
+	SCARD_E_TIMEOUT                                                           Handle        = 0x8010000A
+	SCARD_E_SHARING_VIOLATION                                                 Handle        = 0x8010000B
+	SCARD_E_NO_SMARTCARD                                                      Handle        = 0x8010000C
+	SCARD_E_UNKNOWN_CARD                                                      Handle        = 0x8010000D
+	SCARD_E_CANT_DISPOSE                                                      Handle        = 0x8010000E
+	SCARD_E_PROTO_MISMATCH                                                    Handle        = 0x8010000F
+	SCARD_E_NOT_READY                                                         Handle        = 0x80100010
+	SCARD_E_INVALID_VALUE                                                     Handle        = 0x80100011
+	SCARD_E_SYSTEM_CANCELLED                                                  Handle        = 0x80100012
+	SCARD_F_COMM_ERROR                                                        Handle        = 0x80100013
+	SCARD_F_UNKNOWN_ERROR                                                     Handle        = 0x80100014
+	SCARD_E_INVALID_ATR                                                       Handle        = 0x80100015
+	SCARD_E_NOT_TRANSACTED                                                    Handle        = 0x80100016
+	SCARD_E_READER_UNAVAILABLE                                                Handle        = 0x80100017
+	SCARD_P_SHUTDOWN                                                          Handle        = 0x80100018
+	SCARD_E_PCI_TOO_SMALL                                                     Handle        = 0x80100019
+	SCARD_E_READER_UNSUPPORTED                                                Handle        = 0x8010001A
+	SCARD_E_DUPLICATE_READER                                                  Handle        = 0x8010001B
+	SCARD_E_CARD_UNSUPPORTED                                                  Handle        = 0x8010001C
+	SCARD_E_NO_SERVICE                                                        Handle        = 0x8010001D
+	SCARD_E_SERVICE_STOPPED                                                   Handle        = 0x8010001E
+	SCARD_E_UNEXPECTED                                                        Handle        = 0x8010001F
+	SCARD_E_ICC_INSTALLATION                                                  Handle        = 0x80100020
+	SCARD_E_ICC_CREATEORDER                                                   Handle        = 0x80100021
+	SCARD_E_UNSUPPORTED_FEATURE                                               Handle        = 0x80100022
+	SCARD_E_DIR_NOT_FOUND                                                     Handle        = 0x80100023
+	SCARD_E_FILE_NOT_FOUND                                                    Handle        = 0x80100024
+	SCARD_E_NO_DIR                                                            Handle        = 0x80100025
+	SCARD_E_NO_FILE                                                           Handle        = 0x80100026
+	SCARD_E_NO_ACCESS                                                         Handle        = 0x80100027
+	SCARD_E_WRITE_TOO_MANY                                                    Handle        = 0x80100028
+	SCARD_E_BAD_SEEK                                                          Handle        = 0x80100029
+	SCARD_E_INVALID_CHV                                                       Handle        = 0x8010002A
+	SCARD_E_UNKNOWN_RES_MNG                                                   Handle        = 0x8010002B
+	SCARD_E_NO_SUCH_CERTIFICATE                                               Handle        = 0x8010002C
+	SCARD_E_CERTIFICATE_UNAVAILABLE                                           Handle        = 0x8010002D
+	SCARD_E_NO_READERS_AVAILABLE                                              Handle        = 0x8010002E
+	SCARD_E_COMM_DATA_LOST                                                    Handle        = 0x8010002F
+	SCARD_E_NO_KEY_CONTAINER                                                  Handle        = 0x80100030
+	SCARD_E_SERVER_TOO_BUSY                                                   Handle        = 0x80100031
+	SCARD_E_PIN_CACHE_EXPIRED                                                 Handle        = 0x80100032
+	SCARD_E_NO_PIN_CACHE                                                      Handle        = 0x80100033
+	SCARD_E_READ_ONLY_CARD                                                    Handle        = 0x80100034
+	SCARD_W_UNSUPPORTED_CARD                                                  Handle        = 0x80100065
+	SCARD_W_UNRESPONSIVE_CARD                                                 Handle        = 0x80100066
+	SCARD_W_UNPOWERED_CARD                                                    Handle        = 0x80100067
+	SCARD_W_RESET_CARD                                                        Handle        = 0x80100068
+	SCARD_W_REMOVED_CARD                                                      Handle        = 0x80100069
+	SCARD_W_SECURITY_VIOLATION                                                Handle        = 0x8010006A
+	SCARD_W_WRONG_CHV                                                         Handle        = 0x8010006B
+	SCARD_W_CHV_BLOCKED                                                       Handle        = 0x8010006C
+	SCARD_W_EOF                                                               Handle        = 0x8010006D
+	SCARD_W_CANCELLED_BY_USER                                                 Handle        = 0x8010006E
+	SCARD_W_CARD_NOT_AUTHENTICATED                                            Handle        = 0x8010006F
+	SCARD_W_CACHE_ITEM_NOT_FOUND                                              Handle        = 0x80100070
+	SCARD_W_CACHE_ITEM_STALE                                                  Handle        = 0x80100071
+	SCARD_W_CACHE_ITEM_TOO_BIG                                                Handle        = 0x80100072
+	COMADMIN_E_OBJECTERRORS                                                   Handle        = 0x80110401
+	COMADMIN_E_OBJECTINVALID                                                  Handle        = 0x80110402
+	COMADMIN_E_KEYMISSING                                                     Handle        = 0x80110403
+	COMADMIN_E_ALREADYINSTALLED                                               Handle        = 0x80110404
+	COMADMIN_E_APP_FILE_WRITEFAIL                                             Handle        = 0x80110407
+	COMADMIN_E_APP_FILE_READFAIL                                              Handle        = 0x80110408
+	COMADMIN_E_APP_FILE_VERSION                                               Handle        = 0x80110409
+	COMADMIN_E_BADPATH                                                        Handle        = 0x8011040A
+	COMADMIN_E_APPLICATIONEXISTS                                              Handle        = 0x8011040B
+	COMADMIN_E_ROLEEXISTS                                                     Handle        = 0x8011040C
+	COMADMIN_E_CANTCOPYFILE                                                   Handle        = 0x8011040D
+	COMADMIN_E_NOUSER                                                         Handle        = 0x8011040F
+	COMADMIN_E_INVALIDUSERIDS                                                 Handle        = 0x80110410
+	COMADMIN_E_NOREGISTRYCLSID                                                Handle        = 0x80110411
+	COMADMIN_E_BADREGISTRYPROGID                                              Handle        = 0x80110412
+	COMADMIN_E_AUTHENTICATIONLEVEL                                            Handle        = 0x80110413
+	COMADMIN_E_USERPASSWDNOTVALID                                             Handle        = 0x80110414
+	COMADMIN_E_CLSIDORIIDMISMATCH                                             Handle        = 0x80110418
+	COMADMIN_E_REMOTEINTERFACE                                                Handle        = 0x80110419
+	COMADMIN_E_DLLREGISTERSERVER                                              Handle        = 0x8011041A
+	COMADMIN_E_NOSERVERSHARE                                                  Handle        = 0x8011041B
+	COMADMIN_E_DLLLOADFAILED                                                  Handle        = 0x8011041D
+	COMADMIN_E_BADREGISTRYLIBID                                               Handle        = 0x8011041E
+	COMADMIN_E_APPDIRNOTFOUND                                                 Handle        = 0x8011041F
+	COMADMIN_E_REGISTRARFAILED                                                Handle        = 0x80110423
+	COMADMIN_E_COMPFILE_DOESNOTEXIST                                          Handle        = 0x80110424
+	COMADMIN_E_COMPFILE_LOADDLLFAIL                                           Handle        = 0x80110425
+	COMADMIN_E_COMPFILE_GETCLASSOBJ                                           Handle        = 0x80110426
+	COMADMIN_E_COMPFILE_CLASSNOTAVAIL                                         Handle        = 0x80110427
+	COMADMIN_E_COMPFILE_BADTLB                                                Handle        = 0x80110428
+	COMADMIN_E_COMPFILE_NOTINSTALLABLE                                        Handle        = 0x80110429
+	COMADMIN_E_NOTCHANGEABLE                                                  Handle        = 0x8011042A
+	COMADMIN_E_NOTDELETEABLE                                                  Handle        = 0x8011042B
+	COMADMIN_E_SESSION                                                        Handle        = 0x8011042C
+	COMADMIN_E_COMP_MOVE_LOCKED                                               Handle        = 0x8011042D
+	COMADMIN_E_COMP_MOVE_BAD_DEST                                             Handle        = 0x8011042E
+	COMADMIN_E_REGISTERTLB                                                    Handle        = 0x80110430
+	COMADMIN_E_SYSTEMAPP                                                      Handle        = 0x80110433
+	COMADMIN_E_COMPFILE_NOREGISTRAR                                           Handle        = 0x80110434
+	COMADMIN_E_COREQCOMPINSTALLED                                             Handle        = 0x80110435
+	COMADMIN_E_SERVICENOTINSTALLED                                            Handle        = 0x80110436
+	COMADMIN_E_PROPERTYSAVEFAILED                                             Handle        = 0x80110437
+	COMADMIN_E_OBJECTEXISTS                                                   Handle        = 0x80110438
+	COMADMIN_E_COMPONENTEXISTS                                                Handle        = 0x80110439
+	COMADMIN_E_REGFILE_CORRUPT                                                Handle        = 0x8011043B
+	COMADMIN_E_PROPERTY_OVERFLOW                                              Handle        = 0x8011043C
+	COMADMIN_E_NOTINREGISTRY                                                  Handle        = 0x8011043E
+	COMADMIN_E_OBJECTNOTPOOLABLE                                              Handle        = 0x8011043F
+	COMADMIN_E_APPLID_MATCHES_CLSID                                           Handle        = 0x80110446
+	COMADMIN_E_ROLE_DOES_NOT_EXIST                                            Handle        = 0x80110447
+	COMADMIN_E_START_APP_NEEDS_COMPONENTS                                     Handle        = 0x80110448
+	COMADMIN_E_REQUIRES_DIFFERENT_PLATFORM                                    Handle        = 0x80110449
+	COMADMIN_E_CAN_NOT_EXPORT_APP_PROXY                                       Handle        = 0x8011044A
+	COMADMIN_E_CAN_NOT_START_APP                                              Handle        = 0x8011044B
+	COMADMIN_E_CAN_NOT_EXPORT_SYS_APP                                         Handle        = 0x8011044C
+	COMADMIN_E_CANT_SUBSCRIBE_TO_COMPONENT                                    Handle        = 0x8011044D
+	COMADMIN_E_EVENTCLASS_CANT_BE_SUBSCRIBER                                  Handle        = 0x8011044E
+	COMADMIN_E_LIB_APP_PROXY_INCOMPATIBLE                                     Handle        = 0x8011044F
+	COMADMIN_E_BASE_PARTITION_ONLY                                            Handle        = 0x80110450
+	COMADMIN_E_START_APP_DISABLED                                             Handle        = 0x80110451
+	COMADMIN_E_CAT_DUPLICATE_PARTITION_NAME                                   Handle        = 0x80110457
+	COMADMIN_E_CAT_INVALID_PARTITION_NAME                                     Handle        = 0x80110458
+	COMADMIN_E_CAT_PARTITION_IN_USE                                           Handle        = 0x80110459
+	COMADMIN_E_FILE_PARTITION_DUPLICATE_FILES                                 Handle        = 0x8011045A
+	COMADMIN_E_CAT_IMPORTED_COMPONENTS_NOT_ALLOWED                            Handle        = 0x8011045B
+	COMADMIN_E_AMBIGUOUS_APPLICATION_NAME                                     Handle        = 0x8011045C
+	COMADMIN_E_AMBIGUOUS_PARTITION_NAME                                       Handle        = 0x8011045D
+	COMADMIN_E_REGDB_NOTINITIALIZED                                           Handle        = 0x80110472
+	COMADMIN_E_REGDB_NOTOPEN                                                  Handle        = 0x80110473
+	COMADMIN_E_REGDB_SYSTEMERR                                                Handle        = 0x80110474
+	COMADMIN_E_REGDB_ALREADYRUNNING                                           Handle        = 0x80110475
+	COMADMIN_E_MIG_VERSIONNOTSUPPORTED                                        Handle        = 0x80110480
+	COMADMIN_E_MIG_SCHEMANOTFOUND                                             Handle        = 0x80110481
+	COMADMIN_E_CAT_BITNESSMISMATCH                                            Handle        = 0x80110482
+	COMADMIN_E_CAT_UNACCEPTABLEBITNESS                                        Handle        = 0x80110483
+	COMADMIN_E_CAT_WRONGAPPBITNESS                                            Handle        = 0x80110484
+	COMADMIN_E_CAT_PAUSE_RESUME_NOT_SUPPORTED                                 Handle        = 0x80110485
+	COMADMIN_E_CAT_SERVERFAULT                                                Handle        = 0x80110486
+	COMQC_E_APPLICATION_NOT_QUEUED                                            Handle        = 0x80110600
+	COMQC_E_NO_QUEUEABLE_INTERFACES                                           Handle        = 0x80110601
+	COMQC_E_QUEUING_SERVICE_NOT_AVAILABLE                                     Handle        = 0x80110602
+	COMQC_E_NO_IPERSISTSTREAM                                                 Handle        = 0x80110603
+	COMQC_E_BAD_MESSAGE                                                       Handle        = 0x80110604
+	COMQC_E_UNAUTHENTICATED                                                   Handle        = 0x80110605
+	COMQC_E_UNTRUSTED_ENQUEUER                                                Handle        = 0x80110606
+	MSDTC_E_DUPLICATE_RESOURCE                                                Handle        = 0x80110701
+	COMADMIN_E_OBJECT_PARENT_MISSING                                          Handle        = 0x80110808
+	COMADMIN_E_OBJECT_DOES_NOT_EXIST                                          Handle        = 0x80110809
+	COMADMIN_E_APP_NOT_RUNNING                                                Handle        = 0x8011080A
+	COMADMIN_E_INVALID_PARTITION                                              Handle        = 0x8011080B
+	COMADMIN_E_SVCAPP_NOT_POOLABLE_OR_RECYCLABLE                              Handle        = 0x8011080D
+	COMADMIN_E_USER_IN_SET                                                    Handle        = 0x8011080E
+	COMADMIN_E_CANTRECYCLELIBRARYAPPS                                         Handle        = 0x8011080F
+	COMADMIN_E_CANTRECYCLESERVICEAPPS                                         Handle        = 0x80110811
+	COMADMIN_E_PROCESSALREADYRECYCLED                                         Handle        = 0x80110812
+	COMADMIN_E_PAUSEDPROCESSMAYNOTBERECYCLED                                  Handle        = 0x80110813
+	COMADMIN_E_CANTMAKEINPROCSERVICE                                          Handle        = 0x80110814
+	COMADMIN_E_PROGIDINUSEBYCLSID                                             Handle        = 0x80110815
+	COMADMIN_E_DEFAULT_PARTITION_NOT_IN_SET                                   Handle        = 0x80110816
+	COMADMIN_E_RECYCLEDPROCESSMAYNOTBEPAUSED                                  Handle        = 0x80110817
+	COMADMIN_E_PARTITION_ACCESSDENIED                                         Handle        = 0x80110818
+	COMADMIN_E_PARTITION_MSI_ONLY                                             Handle        = 0x80110819
+	COMADMIN_E_LEGACYCOMPS_NOT_ALLOWED_IN_1_0_FORMAT                          Handle        = 0x8011081A
+	COMADMIN_E_LEGACYCOMPS_NOT_ALLOWED_IN_NONBASE_PARTITIONS                  Handle        = 0x8011081B
+	COMADMIN_E_COMP_MOVE_SOURCE                                               Handle        = 0x8011081C
+	COMADMIN_E_COMP_MOVE_DEST                                                 Handle        = 0x8011081D
+	COMADMIN_E_COMP_MOVE_PRIVATE                                              Handle        = 0x8011081E
+	COMADMIN_E_BASEPARTITION_REQUIRED_IN_SET                                  Handle        = 0x8011081F
+	COMADMIN_E_CANNOT_ALIAS_EVENTCLASS                                        Handle        = 0x80110820
+	COMADMIN_E_PRIVATE_ACCESSDENIED                                           Handle        = 0x80110821
+	COMADMIN_E_SAFERINVALID                                                   Handle        = 0x80110822
+	COMADMIN_E_REGISTRY_ACCESSDENIED                                          Handle        = 0x80110823
+	COMADMIN_E_PARTITIONS_DISABLED                                            Handle        = 0x80110824
+	WER_S_REPORT_DEBUG                                                        Handle        = 0x001B0000
+	WER_S_REPORT_UPLOADED                                                     Handle        = 0x001B0001
+	WER_S_REPORT_QUEUED                                                       Handle        = 0x001B0002
+	WER_S_DISABLED                                                            Handle        = 0x001B0003
+	WER_S_SUSPENDED_UPLOAD                                                    Handle        = 0x001B0004
+	WER_S_DISABLED_QUEUE                                                      Handle        = 0x001B0005
+	WER_S_DISABLED_ARCHIVE                                                    Handle        = 0x001B0006
+	WER_S_REPORT_ASYNC                                                        Handle        = 0x001B0007
+	WER_S_IGNORE_ASSERT_INSTANCE                                              Handle        = 0x001B0008
+	WER_S_IGNORE_ALL_ASSERTS                                                  Handle        = 0x001B0009
+	WER_S_ASSERT_CONTINUE                                                     Handle        = 0x001B000A
+	WER_S_THROTTLED                                                           Handle        = 0x001B000B
+	WER_S_REPORT_UPLOADED_CAB                                                 Handle        = 0x001B000C
+	WER_E_CRASH_FAILURE                                                       Handle        = 0x801B8000
+	WER_E_CANCELED                                                            Handle        = 0x801B8001
+	WER_E_NETWORK_FAILURE                                                     Handle        = 0x801B8002
+	WER_E_NOT_INITIALIZED                                                     Handle        = 0x801B8003
+	WER_E_ALREADY_REPORTING                                                   Handle        = 0x801B8004
+	WER_E_DUMP_THROTTLED                                                      Handle        = 0x801B8005
+	WER_E_INSUFFICIENT_CONSENT                                                Handle        = 0x801B8006
+	WER_E_TOO_HEAVY                                                           Handle        = 0x801B8007
+	ERROR_FLT_IO_COMPLETE                                                     Handle        = 0x001F0001
+	ERROR_FLT_NO_HANDLER_DEFINED                                              Handle        = 0x801F0001
+	ERROR_FLT_CONTEXT_ALREADY_DEFINED                                         Handle        = 0x801F0002
+	ERROR_FLT_INVALID_ASYNCHRONOUS_REQUEST                                    Handle        = 0x801F0003
+	ERROR_FLT_DISALLOW_FAST_IO                                                Handle        = 0x801F0004
+	ERROR_FLT_INVALID_NAME_REQUEST                                            Handle        = 0x801F0005
+	ERROR_FLT_NOT_SAFE_TO_POST_OPERATION                                      Handle        = 0x801F0006
+	ERROR_FLT_NOT_INITIALIZED                                                 Handle        = 0x801F0007
+	ERROR_FLT_FILTER_NOT_READY                                                Handle        = 0x801F0008
+	ERROR_FLT_POST_OPERATION_CLEANUP                                          Handle        = 0x801F0009
+	ERROR_FLT_INTERNAL_ERROR                                                  Handle        = 0x801F000A
+	ERROR_FLT_DELETING_OBJECT                                                 Handle        = 0x801F000B
+	ERROR_FLT_MUST_BE_NONPAGED_POOL                                           Handle        = 0x801F000C
+	ERROR_FLT_DUPLICATE_ENTRY                                                 Handle        = 0x801F000D
+	ERROR_FLT_CBDQ_DISABLED                                                   Handle        = 0x801F000E
+	ERROR_FLT_DO_NOT_ATTACH                                                   Handle        = 0x801F000F
+	ERROR_FLT_DO_NOT_DETACH                                                   Handle        = 0x801F0010
+	ERROR_FLT_INSTANCE_ALTITUDE_COLLISION                                     Handle        = 0x801F0011
+	ERROR_FLT_INSTANCE_NAME_COLLISION                                         Handle        = 0x801F0012
+	ERROR_FLT_FILTER_NOT_FOUND                                                Handle        = 0x801F0013
+	ERROR_FLT_VOLUME_NOT_FOUND                                                Handle        = 0x801F0014
+	ERROR_FLT_INSTANCE_NOT_FOUND                                              Handle        = 0x801F0015
+	ERROR_FLT_CONTEXT_ALLOCATION_NOT_FOUND                                    Handle        = 0x801F0016
+	ERROR_FLT_INVALID_CONTEXT_REGISTRATION                                    Handle        = 0x801F0017
+	ERROR_FLT_NAME_CACHE_MISS                                                 Handle        = 0x801F0018
+	ERROR_FLT_NO_DEVICE_OBJECT                                                Handle        = 0x801F0019
+	ERROR_FLT_VOLUME_ALREADY_MOUNTED                                          Handle        = 0x801F001A
+	ERROR_FLT_ALREADY_ENLISTED                                                Handle        = 0x801F001B
+	ERROR_FLT_CONTEXT_ALREADY_LINKED                                          Handle        = 0x801F001C
+	ERROR_FLT_NO_WAITER_FOR_REPLY                                             Handle        = 0x801F0020
+	ERROR_FLT_REGISTRATION_BUSY                                               Handle        = 0x801F0023
+	ERROR_HUNG_DISPLAY_DRIVER_THREAD                                          Handle        = 0x80260001
+	DWM_E_COMPOSITIONDISABLED                                                 Handle        = 0x80263001
+	DWM_E_REMOTING_NOT_SUPPORTED                                              Handle        = 0x80263002
+	DWM_E_NO_REDIRECTION_SURFACE_AVAILABLE                                    Handle        = 0x80263003
+	DWM_E_NOT_QUEUING_PRESENTS                                                Handle        = 0x80263004
+	DWM_E_ADAPTER_NOT_FOUND                                                   Handle        = 0x80263005
+	DWM_S_GDI_REDIRECTION_SURFACE                                             Handle        = 0x00263005
+	DWM_E_TEXTURE_TOO_LARGE                                                   Handle        = 0x80263007
+	DWM_S_GDI_REDIRECTION_SURFACE_BLT_VIA_GDI                                 Handle        = 0x00263008
+	ERROR_MONITOR_NO_DESCRIPTOR                                               Handle        = 0x00261001
+	ERROR_MONITOR_UNKNOWN_DESCRIPTOR_FORMAT                                   Handle        = 0x00261002
+	ERROR_MONITOR_INVALID_DESCRIPTOR_CHECKSUM                                 Handle        = 0xC0261003
+	ERROR_MONITOR_INVALID_STANDARD_TIMING_BLOCK                               Handle        = 0xC0261004
+	ERROR_MONITOR_WMI_DATABLOCK_REGISTRATION_FAILED                           Handle        = 0xC0261005
+	ERROR_MONITOR_INVALID_SERIAL_NUMBER_MONDSC_BLOCK                          Handle        = 0xC0261006
+	ERROR_MONITOR_INVALID_USER_FRIENDLY_MONDSC_BLOCK                          Handle        = 0xC0261007
+	ERROR_MONITOR_NO_MORE_DESCRIPTOR_DATA                                     Handle        = 0xC0261008
+	ERROR_MONITOR_INVALID_DETAILED_TIMING_BLOCK                               Handle        = 0xC0261009
+	ERROR_MONITOR_INVALID_MANUFACTURE_DATE                                    Handle        = 0xC026100A
+	ERROR_GRAPHICS_NOT_EXCLUSIVE_MODE_OWNER                                   Handle        = 0xC0262000
+	ERROR_GRAPHICS_INSUFFICIENT_DMA_BUFFER                                    Handle        = 0xC0262001
+	ERROR_GRAPHICS_INVALID_DISPLAY_ADAPTER                                    Handle        = 0xC0262002
+	ERROR_GRAPHICS_ADAPTER_WAS_RESET                                          Handle        = 0xC0262003
+	ERROR_GRAPHICS_INVALID_DRIVER_MODEL                                       Handle        = 0xC0262004
+	ERROR_GRAPHICS_PRESENT_MODE_CHANGED                                       Handle        = 0xC0262005
+	ERROR_GRAPHICS_PRESENT_OCCLUDED                                           Handle        = 0xC0262006
+	ERROR_GRAPHICS_PRESENT_DENIED                                             Handle        = 0xC0262007
+	ERROR_GRAPHICS_CANNOTCOLORCONVERT                                         Handle        = 0xC0262008
+	ERROR_GRAPHICS_DRIVER_MISMATCH                                            Handle        = 0xC0262009
+	ERROR_GRAPHICS_PARTIAL_DATA_POPULATED                                     Handle        = 0x4026200A
+	ERROR_GRAPHICS_PRESENT_REDIRECTION_DISABLED                               Handle        = 0xC026200B
+	ERROR_GRAPHICS_PRESENT_UNOCCLUDED                                         Handle        = 0xC026200C
+	ERROR_GRAPHICS_WINDOWDC_NOT_AVAILABLE                                     Handle        = 0xC026200D
+	ERROR_GRAPHICS_WINDOWLESS_PRESENT_DISABLED                                Handle        = 0xC026200E
+	ERROR_GRAPHICS_PRESENT_INVALID_WINDOW                                     Handle        = 0xC026200F
+	ERROR_GRAPHICS_PRESENT_BUFFER_NOT_BOUND                                   Handle        = 0xC0262010
+	ERROR_GRAPHICS_VAIL_STATE_CHANGED                                         Handle        = 0xC0262011
+	ERROR_GRAPHICS_NO_VIDEO_MEMORY                                            Handle        = 0xC0262100
+	ERROR_GRAPHICS_CANT_LOCK_MEMORY                                           Handle        = 0xC0262101
+	ERROR_GRAPHICS_ALLOCATION_BUSY                                            Handle        = 0xC0262102
+	ERROR_GRAPHICS_TOO_MANY_REFERENCES                                        Handle        = 0xC0262103
+	ERROR_GRAPHICS_TRY_AGAIN_LATER                                            Handle        = 0xC0262104
+	ERROR_GRAPHICS_TRY_AGAIN_NOW                                              Handle        = 0xC0262105
+	ERROR_GRAPHICS_ALLOCATION_INVALID                                         Handle        = 0xC0262106
+	ERROR_GRAPHICS_UNSWIZZLING_APERTURE_UNAVAILABLE                           Handle        = 0xC0262107
+	ERROR_GRAPHICS_UNSWIZZLING_APERTURE_UNSUPPORTED                           Handle        = 0xC0262108
+	ERROR_GRAPHICS_CANT_EVICT_PINNED_ALLOCATION                               Handle        = 0xC0262109
+	ERROR_GRAPHICS_INVALID_ALLOCATION_USAGE                                   Handle        = 0xC0262110
+	ERROR_GRAPHICS_CANT_RENDER_LOCKED_ALLOCATION                              Handle        = 0xC0262111
+	ERROR_GRAPHICS_ALLOCATION_CLOSED                                          Handle        = 0xC0262112
+	ERROR_GRAPHICS_INVALID_ALLOCATION_INSTANCE                                Handle        = 0xC0262113
+	ERROR_GRAPHICS_INVALID_ALLOCATION_HANDLE                                  Handle        = 0xC0262114
+	ERROR_GRAPHICS_WRONG_ALLOCATION_DEVICE                                    Handle        = 0xC0262115
+	ERROR_GRAPHICS_ALLOCATION_CONTENT_LOST                                    Handle        = 0xC0262116
+	ERROR_GRAPHICS_GPU_EXCEPTION_ON_DEVICE                                    Handle        = 0xC0262200
+	ERROR_GRAPHICS_SKIP_ALLOCATION_PREPARATION                                Handle        = 0x40262201
+	ERROR_GRAPHICS_INVALID_VIDPN_TOPOLOGY                                     Handle        = 0xC0262300
+	ERROR_GRAPHICS_VIDPN_TOPOLOGY_NOT_SUPPORTED                               Handle        = 0xC0262301
+	ERROR_GRAPHICS_VIDPN_TOPOLOGY_CURRENTLY_NOT_SUPPORTED                     Handle        = 0xC0262302
+	ERROR_GRAPHICS_INVALID_VIDPN                                              Handle        = 0xC0262303
+	ERROR_GRAPHICS_INVALID_VIDEO_PRESENT_SOURCE                               Handle        = 0xC0262304
+	ERROR_GRAPHICS_INVALID_VIDEO_PRESENT_TARGET                               Handle        = 0xC0262305
+	ERROR_GRAPHICS_VIDPN_MODALITY_NOT_SUPPORTED                               Handle        = 0xC0262306
+	ERROR_GRAPHICS_MODE_NOT_PINNED                                            Handle        = 0x00262307
+	ERROR_GRAPHICS_INVALID_VIDPN_SOURCEMODESET                                Handle        = 0xC0262308
+	ERROR_GRAPHICS_INVALID_VIDPN_TARGETMODESET                                Handle        = 0xC0262309
+	ERROR_GRAPHICS_INVALID_FREQUENCY                                          Handle        = 0xC026230A
+	ERROR_GRAPHICS_INVALID_ACTIVE_REGION                                      Handle        = 0xC026230B
+	ERROR_GRAPHICS_INVALID_TOTAL_REGION                                       Handle        = 0xC026230C
+	ERROR_GRAPHICS_INVALID_VIDEO_PRESENT_SOURCE_MODE                          Handle        = 0xC0262310
+	ERROR_GRAPHICS_INVALID_VIDEO_PRESENT_TARGET_MODE                          Handle        = 0xC0262311
+	ERROR_GRAPHICS_PINNED_MODE_MUST_REMAIN_IN_SET                             Handle        = 0xC0262312
+	ERROR_GRAPHICS_PATH_ALREADY_IN_TOPOLOGY                                   Handle        = 0xC0262313
+	ERROR_GRAPHICS_MODE_ALREADY_IN_MODESET                                    Handle        = 0xC0262314
+	ERROR_GRAPHICS_INVALID_VIDEOPRESENTSOURCESET                              Handle        = 0xC0262315
+	ERROR_GRAPHICS_INVALID_VIDEOPRESENTTARGETSET                              Handle        = 0xC0262316
+	ERROR_GRAPHICS_SOURCE_ALREADY_IN_SET                                      Handle        = 0xC0262317
+	ERROR_GRAPHICS_TARGET_ALREADY_IN_SET                                      Handle        = 0xC0262318
+	ERROR_GRAPHICS_INVALID_VIDPN_PRESENT_PATH                                 Handle        = 0xC0262319
+	ERROR_GRAPHICS_NO_RECOMMENDED_VIDPN_TOPOLOGY                              Handle        = 0xC026231A
+	ERROR_GRAPHICS_INVALID_MONITOR_FREQUENCYRANGESET                          Handle        = 0xC026231B
+	ERROR_GRAPHICS_INVALID_MONITOR_FREQUENCYRANGE                             Handle        = 0xC026231C
+	ERROR_GRAPHICS_FREQUENCYRANGE_NOT_IN_SET                                  Handle        = 0xC026231D
+	ERROR_GRAPHICS_NO_PREFERRED_MODE                                          Handle        = 0x0026231E
+	ERROR_GRAPHICS_FREQUENCYRANGE_ALREADY_IN_SET                              Handle        = 0xC026231F
+	ERROR_GRAPHICS_STALE_MODESET                                              Handle        = 0xC0262320
+	ERROR_GRAPHICS_INVALID_MONITOR_SOURCEMODESET                              Handle        = 0xC0262321
+	ERROR_GRAPHICS_INVALID_MONITOR_SOURCE_MODE                                Handle        = 0xC0262322
+	ERROR_GRAPHICS_NO_RECOMMENDED_FUNCTIONAL_VIDPN                            Handle        = 0xC0262323
+	ERROR_GRAPHICS_MODE_ID_MUST_BE_UNIQUE                                     Handle        = 0xC0262324
+	ERROR_GRAPHICS_EMPTY_ADAPTER_MONITOR_MODE_SUPPORT_INTERSECTION            Handle        = 0xC0262325
+	ERROR_GRAPHICS_VIDEO_PRESENT_TARGETS_LESS_THAN_SOURCES                    Handle        = 0xC0262326
+	ERROR_GRAPHICS_PATH_NOT_IN_TOPOLOGY                                       Handle        = 0xC0262327
+	ERROR_GRAPHICS_ADAPTER_MUST_HAVE_AT_LEAST_ONE_SOURCE                      Handle        = 0xC0262328
+	ERROR_GRAPHICS_ADAPTER_MUST_HAVE_AT_LEAST_ONE_TARGET                      Handle        = 0xC0262329
+	ERROR_GRAPHICS_INVALID_MONITORDESCRIPTORSET                               Handle        = 0xC026232A
+	ERROR_GRAPHICS_INVALID_MONITORDESCRIPTOR                                  Handle        = 0xC026232B
+	ERROR_GRAPHICS_MONITORDESCRIPTOR_NOT_IN_SET                               Handle        = 0xC026232C
+	ERROR_GRAPHICS_MONITORDESCRIPTOR_ALREADY_IN_SET                           Handle        = 0xC026232D
+	ERROR_GRAPHICS_MONITORDESCRIPTOR_ID_MUST_BE_UNIQUE                        Handle        = 0xC026232E
+	ERROR_GRAPHICS_INVALID_VIDPN_TARGET_SUBSET_TYPE                           Handle        = 0xC026232F
+	ERROR_GRAPHICS_RESOURCES_NOT_RELATED                                      Handle        = 0xC0262330
+	ERROR_GRAPHICS_SOURCE_ID_MUST_BE_UNIQUE                                   Handle        = 0xC0262331
+	ERROR_GRAPHICS_TARGET_ID_MUST_BE_UNIQUE                                   Handle        = 0xC0262332
+	ERROR_GRAPHICS_NO_AVAILABLE_VIDPN_TARGET                                  Handle        = 0xC0262333
+	ERROR_GRAPHICS_MONITOR_COULD_NOT_BE_ASSOCIATED_WITH_ADAPTER               Handle        = 0xC0262334
+	ERROR_GRAPHICS_NO_VIDPNMGR                                                Handle        = 0xC0262335
+	ERROR_GRAPHICS_NO_ACTIVE_VIDPN                                            Handle        = 0xC0262336
+	ERROR_GRAPHICS_STALE_VIDPN_TOPOLOGY                                       Handle        = 0xC0262337
+	ERROR_GRAPHICS_MONITOR_NOT_CONNECTED                                      Handle        = 0xC0262338
+	ERROR_GRAPHICS_SOURCE_NOT_IN_TOPOLOGY                                     Handle        = 0xC0262339
+	ERROR_GRAPHICS_INVALID_PRIMARYSURFACE_SIZE                                Handle        = 0xC026233A
+	ERROR_GRAPHICS_INVALID_VISIBLEREGION_SIZE                                 Handle        = 0xC026233B
+	ERROR_GRAPHICS_INVALID_STRIDE                                             Handle        = 0xC026233C
+	ERROR_GRAPHICS_INVALID_PIXELFORMAT                                        Handle        = 0xC026233D
+	ERROR_GRAPHICS_INVALID_COLORBASIS                                         Handle        = 0xC026233E
+	ERROR_GRAPHICS_INVALID_PIXELVALUEACCESSMODE                               Handle        = 0xC026233F
+	ERROR_GRAPHICS_TARGET_NOT_IN_TOPOLOGY                                     Handle        = 0xC0262340
+	ERROR_GRAPHICS_NO_DISPLAY_MODE_MANAGEMENT_SUPPORT                         Handle        = 0xC0262341
+	ERROR_GRAPHICS_VIDPN_SOURCE_IN_USE                                        Handle        = 0xC0262342
+	ERROR_GRAPHICS_CANT_ACCESS_ACTIVE_VIDPN                                   Handle        = 0xC0262343
+	ERROR_GRAPHICS_INVALID_PATH_IMPORTANCE_ORDINAL                            Handle        = 0xC0262344
+	ERROR_GRAPHICS_INVALID_PATH_CONTENT_GEOMETRY_TRANSFORMATION               Handle        = 0xC0262345
+	ERROR_GRAPHICS_PATH_CONTENT_GEOMETRY_TRANSFORMATION_NOT_SUPPORTED         Handle        = 0xC0262346
+	ERROR_GRAPHICS_INVALID_GAMMA_RAMP                                         Handle        = 0xC0262347
+	ERROR_GRAPHICS_GAMMA_RAMP_NOT_SUPPORTED                                   Handle        = 0xC0262348
+	ERROR_GRAPHICS_MULTISAMPLING_NOT_SUPPORTED                                Handle        = 0xC0262349
+	ERROR_GRAPHICS_MODE_NOT_IN_MODESET                                        Handle        = 0xC026234A
+	ERROR_GRAPHICS_DATASET_IS_EMPTY                                           Handle        = 0x0026234B
+	ERROR_GRAPHICS_NO_MORE_ELEMENTS_IN_DATASET                                Handle        = 0x0026234C
+	ERROR_GRAPHICS_INVALID_VIDPN_TOPOLOGY_RECOMMENDATION_REASON               Handle        = 0xC026234D
+	ERROR_GRAPHICS_INVALID_PATH_CONTENT_TYPE                                  Handle        = 0xC026234E
+	ERROR_GRAPHICS_INVALID_COPYPROTECTION_TYPE                                Handle        = 0xC026234F
+	ERROR_GRAPHICS_UNASSIGNED_MODESET_ALREADY_EXISTS                          Handle        = 0xC0262350
+	ERROR_GRAPHICS_PATH_CONTENT_GEOMETRY_TRANSFORMATION_NOT_PINNED            Handle        = 0x00262351
+	ERROR_GRAPHICS_INVALID_SCANLINE_ORDERING                                  Handle        = 0xC0262352
+	ERROR_GRAPHICS_TOPOLOGY_CHANGES_NOT_ALLOWED                               Handle        = 0xC0262353
+	ERROR_GRAPHICS_NO_AVAILABLE_IMPORTANCE_ORDINALS                           Handle        = 0xC0262354
+	ERROR_GRAPHICS_INCOMPATIBLE_PRIVATE_FORMAT                                Handle        = 0xC0262355
+	ERROR_GRAPHICS_INVALID_MODE_PRUNING_ALGORITHM                             Handle        = 0xC0262356
+	ERROR_GRAPHICS_INVALID_MONITOR_CAPABILITY_ORIGIN                          Handle        = 0xC0262357
+	ERROR_GRAPHICS_INVALID_MONITOR_FREQUENCYRANGE_CONSTRAINT                  Handle        = 0xC0262358
+	ERROR_GRAPHICS_MAX_NUM_PATHS_REACHED                                      Handle        = 0xC0262359
+	ERROR_GRAPHICS_CANCEL_VIDPN_TOPOLOGY_AUGMENTATION                         Handle        = 0xC026235A
+	ERROR_GRAPHICS_INVALID_CLIENT_TYPE                                        Handle        = 0xC026235B
+	ERROR_GRAPHICS_CLIENTVIDPN_NOT_SET                                        Handle        = 0xC026235C
+	ERROR_GRAPHICS_SPECIFIED_CHILD_ALREADY_CONNECTED                          Handle        = 0xC0262400
+	ERROR_GRAPHICS_CHILD_DESCRIPTOR_NOT_SUPPORTED                             Handle        = 0xC0262401
+	ERROR_GRAPHICS_UNKNOWN_CHILD_STATUS                                       Handle        = 0x4026242F
+	ERROR_GRAPHICS_NOT_A_LINKED_ADAPTER                                       Handle        = 0xC0262430
+	ERROR_GRAPHICS_LEADLINK_NOT_ENUMERATED                                    Handle        = 0xC0262431
+	ERROR_GRAPHICS_CHAINLINKS_NOT_ENUMERATED                                  Handle        = 0xC0262432
+	ERROR_GRAPHICS_ADAPTER_CHAIN_NOT_READY                                    Handle        = 0xC0262433
+	ERROR_GRAPHICS_CHAINLINKS_NOT_STARTED                                     Handle        = 0xC0262434
+	ERROR_GRAPHICS_CHAINLINKS_NOT_POWERED_ON                                  Handle        = 0xC0262435
+	ERROR_GRAPHICS_INCONSISTENT_DEVICE_LINK_STATE                             Handle        = 0xC0262436
+	ERROR_GRAPHICS_LEADLINK_START_DEFERRED                                    Handle        = 0x40262437
+	ERROR_GRAPHICS_NOT_POST_DEVICE_DRIVER                                     Handle        = 0xC0262438
+	ERROR_GRAPHICS_POLLING_TOO_FREQUENTLY                                     Handle        = 0x40262439
+	ERROR_GRAPHICS_START_DEFERRED                                             Handle        = 0x4026243A
+	ERROR_GRAPHICS_ADAPTER_ACCESS_NOT_EXCLUDED                                Handle        = 0xC026243B
+	ERROR_GRAPHICS_DEPENDABLE_CHILD_STATUS                                    Handle        = 0x4026243C
+	ERROR_GRAPHICS_OPM_NOT_SUPPORTED                                          Handle        = 0xC0262500
+	ERROR_GRAPHICS_COPP_NOT_SUPPORTED                                         Handle        = 0xC0262501
+	ERROR_GRAPHICS_UAB_NOT_SUPPORTED                                          Handle        = 0xC0262502
+	ERROR_GRAPHICS_OPM_INVALID_ENCRYPTED_PARAMETERS                           Handle        = 0xC0262503
+	ERROR_GRAPHICS_OPM_NO_VIDEO_OUTPUTS_EXIST                                 Handle        = 0xC0262505
+	ERROR_GRAPHICS_OPM_INTERNAL_ERROR                                         Handle        = 0xC026250B
+	ERROR_GRAPHICS_OPM_INVALID_HANDLE                                         Handle        = 0xC026250C
+	ERROR_GRAPHICS_PVP_INVALID_CERTIFICATE_LENGTH                             Handle        = 0xC026250E
+	ERROR_GRAPHICS_OPM_SPANNING_MODE_ENABLED                                  Handle        = 0xC026250F
+	ERROR_GRAPHICS_OPM_THEATER_MODE_ENABLED                                   Handle        = 0xC0262510
+	ERROR_GRAPHICS_PVP_HFS_FAILED                                             Handle        = 0xC0262511
+	ERROR_GRAPHICS_OPM_INVALID_SRM                                            Handle        = 0xC0262512
+	ERROR_GRAPHICS_OPM_OUTPUT_DOES_NOT_SUPPORT_HDCP                           Handle        = 0xC0262513
+	ERROR_GRAPHICS_OPM_OUTPUT_DOES_NOT_SUPPORT_ACP                            Handle        = 0xC0262514
+	ERROR_GRAPHICS_OPM_OUTPUT_DOES_NOT_SUPPORT_CGMSA                          Handle        = 0xC0262515
+	ERROR_GRAPHICS_OPM_HDCP_SRM_NEVER_SET                                     Handle        = 0xC0262516
+	ERROR_GRAPHICS_OPM_RESOLUTION_TOO_HIGH                                    Handle        = 0xC0262517
+	ERROR_GRAPHICS_OPM_ALL_HDCP_HARDWARE_ALREADY_IN_USE                       Handle        = 0xC0262518
+	ERROR_GRAPHICS_OPM_VIDEO_OUTPUT_NO_LONGER_EXISTS                          Handle        = 0xC026251A
+	ERROR_GRAPHICS_OPM_SESSION_TYPE_CHANGE_IN_PROGRESS                        Handle        = 0xC026251B
+	ERROR_GRAPHICS_OPM_VIDEO_OUTPUT_DOES_NOT_HAVE_COPP_SEMANTICS              Handle        = 0xC026251C
+	ERROR_GRAPHICS_OPM_INVALID_INFORMATION_REQUEST                            Handle        = 0xC026251D
+	ERROR_GRAPHICS_OPM_DRIVER_INTERNAL_ERROR                                  Handle        = 0xC026251E
+	ERROR_GRAPHICS_OPM_VIDEO_OUTPUT_DOES_NOT_HAVE_OPM_SEMANTICS               Handle        = 0xC026251F
+	ERROR_GRAPHICS_OPM_SIGNALING_NOT_SUPPORTED                                Handle        = 0xC0262520
+	ERROR_GRAPHICS_OPM_INVALID_CONFIGURATION_REQUEST                          Handle        = 0xC0262521
+	ERROR_GRAPHICS_I2C_NOT_SUPPORTED                                          Handle        = 0xC0262580
+	ERROR_GRAPHICS_I2C_DEVICE_DOES_NOT_EXIST                                  Handle        = 0xC0262581
+	ERROR_GRAPHICS_I2C_ERROR_TRANSMITTING_DATA                                Handle        = 0xC0262582
+	ERROR_GRAPHICS_I2C_ERROR_RECEIVING_DATA                                   Handle        = 0xC0262583
+	ERROR_GRAPHICS_DDCCI_VCP_NOT_SUPPORTED                                    Handle        = 0xC0262584
+	ERROR_GRAPHICS_DDCCI_INVALID_DATA                                         Handle        = 0xC0262585
+	ERROR_GRAPHICS_DDCCI_MONITOR_RETURNED_INVALID_TIMING_STATUS_BYTE          Handle        = 0xC0262586
+	ERROR_GRAPHICS_MCA_INVALID_CAPABILITIES_STRING                            Handle        = 0xC0262587
+	ERROR_GRAPHICS_MCA_INTERNAL_ERROR                                         Handle        = 0xC0262588
+	ERROR_GRAPHICS_DDCCI_INVALID_MESSAGE_COMMAND                              Handle        = 0xC0262589
+	ERROR_GRAPHICS_DDCCI_INVALID_MESSAGE_LENGTH                               Handle        = 0xC026258A
+	ERROR_GRAPHICS_DDCCI_INVALID_MESSAGE_CHECKSUM                             Handle        = 0xC026258B
+	ERROR_GRAPHICS_INVALID_PHYSICAL_MONITOR_HANDLE                            Handle        = 0xC026258C
+	ERROR_GRAPHICS_MONITOR_NO_LONGER_EXISTS                                   Handle        = 0xC026258D
+	ERROR_GRAPHICS_DDCCI_CURRENT_CURRENT_VALUE_GREATER_THAN_MAXIMUM_VALUE     Handle        = 0xC02625D8
+	ERROR_GRAPHICS_MCA_INVALID_VCP_VERSION                                    Handle        = 0xC02625D9
+	ERROR_GRAPHICS_MCA_MONITOR_VIOLATES_MCCS_SPECIFICATION                    Handle        = 0xC02625DA
+	ERROR_GRAPHICS_MCA_MCCS_VERSION_MISMATCH                                  Handle        = 0xC02625DB
+	ERROR_GRAPHICS_MCA_UNSUPPORTED_MCCS_VERSION                               Handle        = 0xC02625DC
+	ERROR_GRAPHICS_MCA_INVALID_TECHNOLOGY_TYPE_RETURNED                       Handle        = 0xC02625DE
+	ERROR_GRAPHICS_MCA_UNSUPPORTED_COLOR_TEMPERATURE                          Handle        = 0xC02625DF
+	ERROR_GRAPHICS_ONLY_CONSOLE_SESSION_SUPPORTED                             Handle        = 0xC02625E0
+	ERROR_GRAPHICS_NO_DISPLAY_DEVICE_CORRESPONDS_TO_NAME                      Handle        = 0xC02625E1
+	ERROR_GRAPHICS_DISPLAY_DEVICE_NOT_ATTACHED_TO_DESKTOP                     Handle        = 0xC02625E2
+	ERROR_GRAPHICS_MIRRORING_DEVICES_NOT_SUPPORTED                            Handle        = 0xC02625E3
+	ERROR_GRAPHICS_INVALID_POINTER                                            Handle        = 0xC02625E4
+	ERROR_GRAPHICS_NO_MONITORS_CORRESPOND_TO_DISPLAY_DEVICE                   Handle        = 0xC02625E5
+	ERROR_GRAPHICS_PARAMETER_ARRAY_TOO_SMALL                                  Handle        = 0xC02625E6
+	ERROR_GRAPHICS_INTERNAL_ERROR                                             Handle        = 0xC02625E7
+	ERROR_GRAPHICS_SESSION_TYPE_CHANGE_IN_PROGRESS                            Handle        = 0xC02605E8
+	NAP_E_INVALID_PACKET                                                      Handle        = 0x80270001
+	NAP_E_MISSING_SOH                                                         Handle        = 0x80270002
+	NAP_E_CONFLICTING_ID                                                      Handle        = 0x80270003
+	NAP_E_NO_CACHED_SOH                                                       Handle        = 0x80270004
+	NAP_E_STILL_BOUND                                                         Handle        = 0x80270005
+	NAP_E_NOT_REGISTERED                                                      Handle        = 0x80270006
+	NAP_E_NOT_INITIALIZED                                                     Handle        = 0x80270007
+	NAP_E_MISMATCHED_ID                                                       Handle        = 0x80270008
+	NAP_E_NOT_PENDING                                                         Handle        = 0x80270009
+	NAP_E_ID_NOT_FOUND                                                        Handle        = 0x8027000A
+	NAP_E_MAXSIZE_TOO_SMALL                                                   Handle        = 0x8027000B
+	NAP_E_SERVICE_NOT_RUNNING                                                 Handle        = 0x8027000C
+	NAP_S_CERT_ALREADY_PRESENT                                                Handle        = 0x0027000D
+	NAP_E_ENTITY_DISABLED                                                     Handle        = 0x8027000E
+	NAP_E_NETSH_GROUPPOLICY_ERROR                                             Handle        = 0x8027000F
+	NAP_E_TOO_MANY_CALLS                                                      Handle        = 0x80270010
+	NAP_E_SHV_CONFIG_EXISTED                                                  Handle        = 0x80270011
+	NAP_E_SHV_CONFIG_NOT_FOUND                                                Handle        = 0x80270012
+	NAP_E_SHV_TIMEOUT                                                         Handle        = 0x80270013
+	TPM_E_ERROR_MASK                                                          Handle        = 0x80280000
+	TPM_E_AUTHFAIL                                                            Handle        = 0x80280001
+	TPM_E_BADINDEX                                                            Handle        = 0x80280002
+	TPM_E_BAD_PARAMETER                                                       Handle        = 0x80280003
+	TPM_E_AUDITFAILURE                                                        Handle        = 0x80280004
+	TPM_E_CLEAR_DISABLED                                                      Handle        = 0x80280005
+	TPM_E_DEACTIVATED                                                         Handle        = 0x80280006
+	TPM_E_DISABLED                                                            Handle        = 0x80280007
+	TPM_E_DISABLED_CMD                                                        Handle        = 0x80280008
+	TPM_E_FAIL                                                                Handle        = 0x80280009
+	TPM_E_BAD_ORDINAL                                                         Handle        = 0x8028000A
+	TPM_E_INSTALL_DISABLED                                                    Handle        = 0x8028000B
+	TPM_E_INVALID_KEYHANDLE                                                   Handle        = 0x8028000C
+	TPM_E_KEYNOTFOUND                                                         Handle        = 0x8028000D
+	TPM_E_INAPPROPRIATE_ENC                                                   Handle        = 0x8028000E
+	TPM_E_MIGRATEFAIL                                                         Handle        = 0x8028000F
+	TPM_E_INVALID_PCR_INFO                                                    Handle        = 0x80280010
+	TPM_E_NOSPACE                                                             Handle        = 0x80280011
+	TPM_E_NOSRK                                                               Handle        = 0x80280012
+	TPM_E_NOTSEALED_BLOB                                                      Handle        = 0x80280013
+	TPM_E_OWNER_SET                                                           Handle        = 0x80280014
+	TPM_E_RESOURCES                                                           Handle        = 0x80280015
+	TPM_E_SHORTRANDOM                                                         Handle        = 0x80280016
+	TPM_E_SIZE                                                                Handle        = 0x80280017
+	TPM_E_WRONGPCRVAL                                                         Handle        = 0x80280018
+	TPM_E_BAD_PARAM_SIZE                                                      Handle        = 0x80280019
+	TPM_E_SHA_THREAD                                                          Handle        = 0x8028001A
+	TPM_E_SHA_ERROR                                                           Handle        = 0x8028001B
+	TPM_E_FAILEDSELFTEST                                                      Handle        = 0x8028001C
+	TPM_E_AUTH2FAIL                                                           Handle        = 0x8028001D
+	TPM_E_BADTAG                                                              Handle        = 0x8028001E
+	TPM_E_IOERROR                                                             Handle        = 0x8028001F
+	TPM_E_ENCRYPT_ERROR                                                       Handle        = 0x80280020
+	TPM_E_DECRYPT_ERROR                                                       Handle        = 0x80280021
+	TPM_E_INVALID_AUTHHANDLE                                                  Handle        = 0x80280022
+	TPM_E_NO_ENDORSEMENT                                                      Handle        = 0x80280023
+	TPM_E_INVALID_KEYUSAGE                                                    Handle        = 0x80280024
+	TPM_E_WRONG_ENTITYTYPE                                                    Handle        = 0x80280025
+	TPM_E_INVALID_POSTINIT                                                    Handle        = 0x80280026
+	TPM_E_INAPPROPRIATE_SIG                                                   Handle        = 0x80280027
+	TPM_E_BAD_KEY_PROPERTY                                                    Handle        = 0x80280028
+	TPM_E_BAD_MIGRATION                                                       Handle        = 0x80280029
+	TPM_E_BAD_SCHEME                                                          Handle        = 0x8028002A
+	TPM_E_BAD_DATASIZE                                                        Handle        = 0x8028002B
+	TPM_E_BAD_MODE                                                            Handle        = 0x8028002C
+	TPM_E_BAD_PRESENCE                                                        Handle        = 0x8028002D
+	TPM_E_BAD_VERSION                                                         Handle        = 0x8028002E
+	TPM_E_NO_WRAP_TRANSPORT                                                   Handle        = 0x8028002F
+	TPM_E_AUDITFAIL_UNSUCCESSFUL                                              Handle        = 0x80280030
+	TPM_E_AUDITFAIL_SUCCESSFUL                                                Handle        = 0x80280031
+	TPM_E_NOTRESETABLE                                                        Handle        = 0x80280032
+	TPM_E_NOTLOCAL                                                            Handle        = 0x80280033
+	TPM_E_BAD_TYPE                                                            Handle        = 0x80280034
+	TPM_E_INVALID_RESOURCE                                                    Handle        = 0x80280035
+	TPM_E_NOTFIPS                                                             Handle        = 0x80280036
+	TPM_E_INVALID_FAMILY                                                      Handle        = 0x80280037
+	TPM_E_NO_NV_PERMISSION                                                    Handle        = 0x80280038
+	TPM_E_REQUIRES_SIGN                                                       Handle        = 0x80280039
+	TPM_E_KEY_NOTSUPPORTED                                                    Handle        = 0x8028003A
+	TPM_E_AUTH_CONFLICT                                                       Handle        = 0x8028003B
+	TPM_E_AREA_LOCKED                                                         Handle        = 0x8028003C
+	TPM_E_BAD_LOCALITY                                                        Handle        = 0x8028003D
+	TPM_E_READ_ONLY                                                           Handle        = 0x8028003E
+	TPM_E_PER_NOWRITE                                                         Handle        = 0x8028003F
+	TPM_E_FAMILYCOUNT                                                         Handle        = 0x80280040
+	TPM_E_WRITE_LOCKED                                                        Handle        = 0x80280041
+	TPM_E_BAD_ATTRIBUTES                                                      Handle        = 0x80280042
+	TPM_E_INVALID_STRUCTURE                                                   Handle        = 0x80280043
+	TPM_E_KEY_OWNER_CONTROL                                                   Handle        = 0x80280044
+	TPM_E_BAD_COUNTER                                                         Handle        = 0x80280045
+	TPM_E_NOT_FULLWRITE                                                       Handle        = 0x80280046
+	TPM_E_CONTEXT_GAP                                                         Handle        = 0x80280047
+	TPM_E_MAXNVWRITES                                                         Handle        = 0x80280048
+	TPM_E_NOOPERATOR                                                          Handle        = 0x80280049
+	TPM_E_RESOURCEMISSING                                                     Handle        = 0x8028004A
+	TPM_E_DELEGATE_LOCK                                                       Handle        = 0x8028004B
+	TPM_E_DELEGATE_FAMILY                                                     Handle        = 0x8028004C
+	TPM_E_DELEGATE_ADMIN                                                      Handle        = 0x8028004D
+	TPM_E_TRANSPORT_NOTEXCLUSIVE                                              Handle        = 0x8028004E
+	TPM_E_OWNER_CONTROL                                                       Handle        = 0x8028004F
+	TPM_E_DAA_RESOURCES                                                       Handle        = 0x80280050
+	TPM_E_DAA_INPUT_DATA0                                                     Handle        = 0x80280051
+	TPM_E_DAA_INPUT_DATA1                                                     Handle        = 0x80280052
+	TPM_E_DAA_ISSUER_SETTINGS                                                 Handle        = 0x80280053
+	TPM_E_DAA_TPM_SETTINGS                                                    Handle        = 0x80280054
+	TPM_E_DAA_STAGE                                                           Handle        = 0x80280055
+	TPM_E_DAA_ISSUER_VALIDITY                                                 Handle        = 0x80280056
+	TPM_E_DAA_WRONG_W                                                         Handle        = 0x80280057
+	TPM_E_BAD_HANDLE                                                          Handle        = 0x80280058
+	TPM_E_BAD_DELEGATE                                                        Handle        = 0x80280059
+	TPM_E_BADCONTEXT                                                          Handle        = 0x8028005A
+	TPM_E_TOOMANYCONTEXTS                                                     Handle        = 0x8028005B
+	TPM_E_MA_TICKET_SIGNATURE                                                 Handle        = 0x8028005C
+	TPM_E_MA_DESTINATION                                                      Handle        = 0x8028005D
+	TPM_E_MA_SOURCE                                                           Handle        = 0x8028005E
+	TPM_E_MA_AUTHORITY                                                        Handle        = 0x8028005F
+	TPM_E_PERMANENTEK                                                         Handle        = 0x80280061
+	TPM_E_BAD_SIGNATURE                                                       Handle        = 0x80280062
+	TPM_E_NOCONTEXTSPACE                                                      Handle        = 0x80280063
+	TPM_20_E_ASYMMETRIC                                                       Handle        = 0x80280081
+	TPM_20_E_ATTRIBUTES                                                       Handle        = 0x80280082
+	TPM_20_E_HASH                                                             Handle        = 0x80280083
+	TPM_20_E_VALUE                                                            Handle        = 0x80280084
+	TPM_20_E_HIERARCHY                                                        Handle        = 0x80280085
+	TPM_20_E_KEY_SIZE                                                         Handle        = 0x80280087
+	TPM_20_E_MGF                                                              Handle        = 0x80280088
+	TPM_20_E_MODE                                                             Handle        = 0x80280089
+	TPM_20_E_TYPE                                                             Handle        = 0x8028008A
+	TPM_20_E_HANDLE                                                           Handle        = 0x8028008B
+	TPM_20_E_KDF                                                              Handle        = 0x8028008C
+	TPM_20_E_RANGE                                                            Handle        = 0x8028008D
+	TPM_20_E_AUTH_FAIL                                                        Handle        = 0x8028008E
+	TPM_20_E_NONCE                                                            Handle        = 0x8028008F
+	TPM_20_E_PP                                                               Handle        = 0x80280090
+	TPM_20_E_SCHEME                                                           Handle        = 0x80280092
+	TPM_20_E_SIZE                                                             Handle        = 0x80280095
+	TPM_20_E_SYMMETRIC                                                        Handle        = 0x80280096
+	TPM_20_E_TAG                                                              Handle        = 0x80280097
+	TPM_20_E_SELECTOR                                                         Handle        = 0x80280098
+	TPM_20_E_INSUFFICIENT                                                     Handle        = 0x8028009A
+	TPM_20_E_SIGNATURE                                                        Handle        = 0x8028009B
+	TPM_20_E_KEY                                                              Handle        = 0x8028009C
+	TPM_20_E_POLICY_FAIL                                                      Handle        = 0x8028009D
+	TPM_20_E_INTEGRITY                                                        Handle        = 0x8028009F
+	TPM_20_E_TICKET                                                           Handle        = 0x802800A0
+	TPM_20_E_RESERVED_BITS                                                    Handle        = 0x802800A1
+	TPM_20_E_BAD_AUTH                                                         Handle        = 0x802800A2
+	TPM_20_E_EXPIRED                                                          Handle        = 0x802800A3
+	TPM_20_E_POLICY_CC                                                        Handle        = 0x802800A4
+	TPM_20_E_BINDING                                                          Handle        = 0x802800A5
+	TPM_20_E_CURVE                                                            Handle        = 0x802800A6
+	TPM_20_E_ECC_POINT                                                        Handle        = 0x802800A7
+	TPM_20_E_INITIALIZE                                                       Handle        = 0x80280100
+	TPM_20_E_FAILURE                                                          Handle        = 0x80280101
+	TPM_20_E_SEQUENCE                                                         Handle        = 0x80280103
+	TPM_20_E_PRIVATE                                                          Handle        = 0x8028010B
+	TPM_20_E_HMAC                                                             Handle        = 0x80280119
+	TPM_20_E_DISABLED                                                         Handle        = 0x80280120
+	TPM_20_E_EXCLUSIVE                                                        Handle        = 0x80280121
+	TPM_20_E_ECC_CURVE                                                        Handle        = 0x80280123
+	TPM_20_E_AUTH_TYPE                                                        Handle        = 0x80280124
+	TPM_20_E_AUTH_MISSING                                                     Handle        = 0x80280125
+	TPM_20_E_POLICY                                                           Handle        = 0x80280126
+	TPM_20_E_PCR                                                              Handle        = 0x80280127
+	TPM_20_E_PCR_CHANGED                                                      Handle        = 0x80280128
+	TPM_20_E_UPGRADE                                                          Handle        = 0x8028012D
+	TPM_20_E_TOO_MANY_CONTEXTS                                                Handle        = 0x8028012E
+	TPM_20_E_AUTH_UNAVAILABLE                                                 Handle        = 0x8028012F
+	TPM_20_E_REBOOT                                                           Handle        = 0x80280130
+	TPM_20_E_UNBALANCED                                                       Handle        = 0x80280131
+	TPM_20_E_COMMAND_SIZE                                                     Handle        = 0x80280142
+	TPM_20_E_COMMAND_CODE                                                     Handle        = 0x80280143
+	TPM_20_E_AUTHSIZE                                                         Handle        = 0x80280144
+	TPM_20_E_AUTH_CONTEXT                                                     Handle        = 0x80280145
+	TPM_20_E_NV_RANGE                                                         Handle        = 0x80280146
+	TPM_20_E_NV_SIZE                                                          Handle        = 0x80280147
+	TPM_20_E_NV_LOCKED                                                        Handle        = 0x80280148
+	TPM_20_E_NV_AUTHORIZATION                                                 Handle        = 0x80280149
+	TPM_20_E_NV_UNINITIALIZED                                                 Handle        = 0x8028014A
+	TPM_20_E_NV_SPACE                                                         Handle        = 0x8028014B
+	TPM_20_E_NV_DEFINED                                                       Handle        = 0x8028014C
+	TPM_20_E_BAD_CONTEXT                                                      Handle        = 0x80280150
+	TPM_20_E_CPHASH                                                           Handle        = 0x80280151
+	TPM_20_E_PARENT                                                           Handle        = 0x80280152
+	TPM_20_E_NEEDS_TEST                                                       Handle        = 0x80280153
+	TPM_20_E_NO_RESULT                                                        Handle        = 0x80280154
+	TPM_20_E_SENSITIVE                                                        Handle        = 0x80280155
+	TPM_E_COMMAND_BLOCKED                                                     Handle        = 0x80280400
+	TPM_E_INVALID_HANDLE                                                      Handle        = 0x80280401
+	TPM_E_DUPLICATE_VHANDLE                                                   Handle        = 0x80280402
+	TPM_E_EMBEDDED_COMMAND_BLOCKED                                            Handle        = 0x80280403
+	TPM_E_EMBEDDED_COMMAND_UNSUPPORTED                                        Handle        = 0x80280404
+	TPM_E_RETRY                                                               Handle        = 0x80280800
+	TPM_E_NEEDS_SELFTEST                                                      Handle        = 0x80280801
+	TPM_E_DOING_SELFTEST                                                      Handle        = 0x80280802
+	TPM_E_DEFEND_LOCK_RUNNING                                                 Handle        = 0x80280803
+	TPM_20_E_CONTEXT_GAP                                                      Handle        = 0x80280901
+	TPM_20_E_OBJECT_MEMORY                                                    Handle        = 0x80280902
+	TPM_20_E_SESSION_MEMORY                                                   Handle        = 0x80280903
+	TPM_20_E_MEMORY                                                           Handle        = 0x80280904
+	TPM_20_E_SESSION_HANDLES                                                  Handle        = 0x80280905
+	TPM_20_E_OBJECT_HANDLES                                                   Handle        = 0x80280906
+	TPM_20_E_LOCALITY                                                         Handle        = 0x80280907
+	TPM_20_E_YIELDED                                                          Handle        = 0x80280908
+	TPM_20_E_CANCELED                                                         Handle        = 0x80280909
+	TPM_20_E_TESTING                                                          Handle        = 0x8028090A
+	TPM_20_E_NV_RATE                                                          Handle        = 0x80280920
+	TPM_20_E_LOCKOUT                                                          Handle        = 0x80280921
+	TPM_20_E_RETRY                                                            Handle        = 0x80280922
+	TPM_20_E_NV_UNAVAILABLE                                                   Handle        = 0x80280923
+	TBS_E_INTERNAL_ERROR                                                      Handle        = 0x80284001
+	TBS_E_BAD_PARAMETER                                                       Handle        = 0x80284002
+	TBS_E_INVALID_OUTPUT_POINTER                                              Handle        = 0x80284003
+	TBS_E_INVALID_CONTEXT                                                     Handle        = 0x80284004
+	TBS_E_INSUFFICIENT_BUFFER                                                 Handle        = 0x80284005
+	TBS_E_IOERROR                                                             Handle        = 0x80284006
+	TBS_E_INVALID_CONTEXT_PARAM                                               Handle        = 0x80284007
+	TBS_E_SERVICE_NOT_RUNNING                                                 Handle        = 0x80284008
+	TBS_E_TOO_MANY_TBS_CONTEXTS                                               Handle        = 0x80284009
+	TBS_E_TOO_MANY_RESOURCES                                                  Handle        = 0x8028400A
+	TBS_E_SERVICE_START_PENDING                                               Handle        = 0x8028400B
+	TBS_E_PPI_NOT_SUPPORTED                                                   Handle        = 0x8028400C
+	TBS_E_COMMAND_CANCELED                                                    Handle        = 0x8028400D
+	TBS_E_BUFFER_TOO_LARGE                                                    Handle        = 0x8028400E
+	TBS_E_TPM_NOT_FOUND                                                       Handle        = 0x8028400F
+	TBS_E_SERVICE_DISABLED                                                    Handle        = 0x80284010
+	TBS_E_NO_EVENT_LOG                                                        Handle        = 0x80284011
+	TBS_E_ACCESS_DENIED                                                       Handle        = 0x80284012
+	TBS_E_PROVISIONING_NOT_ALLOWED                                            Handle        = 0x80284013
+	TBS_E_PPI_FUNCTION_UNSUPPORTED                                            Handle        = 0x80284014
+	TBS_E_OWNERAUTH_NOT_FOUND                                                 Handle        = 0x80284015
+	TBS_E_PROVISIONING_INCOMPLETE                                             Handle        = 0x80284016
+	TPMAPI_E_INVALID_STATE                                                    Handle        = 0x80290100
+	TPMAPI_E_NOT_ENOUGH_DATA                                                  Handle        = 0x80290101
+	TPMAPI_E_TOO_MUCH_DATA                                                    Handle        = 0x80290102
+	TPMAPI_E_INVALID_OUTPUT_POINTER                                           Handle        = 0x80290103
+	TPMAPI_E_INVALID_PARAMETER                                                Handle        = 0x80290104
+	TPMAPI_E_OUT_OF_MEMORY                                                    Handle        = 0x80290105
+	TPMAPI_E_BUFFER_TOO_SMALL                                                 Handle        = 0x80290106
+	TPMAPI_E_INTERNAL_ERROR                                                   Handle        = 0x80290107
+	TPMAPI_E_ACCESS_DENIED                                                    Handle        = 0x80290108
+	TPMAPI_E_AUTHORIZATION_FAILED                                             Handle        = 0x80290109
+	TPMAPI_E_INVALID_CONTEXT_HANDLE                                           Handle        = 0x8029010A
+	TPMAPI_E_TBS_COMMUNICATION_ERROR                                          Handle        = 0x8029010B
+	TPMAPI_E_TPM_COMMAND_ERROR                                                Handle        = 0x8029010C
+	TPMAPI_E_MESSAGE_TOO_LARGE                                                Handle        = 0x8029010D
+	TPMAPI_E_INVALID_ENCODING                                                 Handle        = 0x8029010E
+	TPMAPI_E_INVALID_KEY_SIZE                                                 Handle        = 0x8029010F
+	TPMAPI_E_ENCRYPTION_FAILED                                                Handle        = 0x80290110
+	TPMAPI_E_INVALID_KEY_PARAMS                                               Handle        = 0x80290111
+	TPMAPI_E_INVALID_MIGRATION_AUTHORIZATION_BLOB                             Handle        = 0x80290112
+	TPMAPI_E_INVALID_PCR_INDEX                                                Handle        = 0x80290113
+	TPMAPI_E_INVALID_DELEGATE_BLOB                                            Handle        = 0x80290114
+	TPMAPI_E_INVALID_CONTEXT_PARAMS                                           Handle        = 0x80290115
+	TPMAPI_E_INVALID_KEY_BLOB                                                 Handle        = 0x80290116
+	TPMAPI_E_INVALID_PCR_DATA                                                 Handle        = 0x80290117
+	TPMAPI_E_INVALID_OWNER_AUTH                                               Handle        = 0x80290118
+	TPMAPI_E_FIPS_RNG_CHECK_FAILED                                            Handle        = 0x80290119
+	TPMAPI_E_EMPTY_TCG_LOG                                                    Handle        = 0x8029011A
+	TPMAPI_E_INVALID_TCG_LOG_ENTRY                                            Handle        = 0x8029011B
+	TPMAPI_E_TCG_SEPARATOR_ABSENT                                             Handle        = 0x8029011C
+	TPMAPI_E_TCG_INVALID_DIGEST_ENTRY                                         Handle        = 0x8029011D
+	TPMAPI_E_POLICY_DENIES_OPERATION                                          Handle        = 0x8029011E
+	TPMAPI_E_NV_BITS_NOT_DEFINED                                              Handle        = 0x8029011F
+	TPMAPI_E_NV_BITS_NOT_READY                                                Handle        = 0x80290120
+	TPMAPI_E_SEALING_KEY_NOT_AVAILABLE                                        Handle        = 0x80290121
+	TPMAPI_E_NO_AUTHORIZATION_CHAIN_FOUND                                     Handle        = 0x80290122
+	TPMAPI_E_SVN_COUNTER_NOT_AVAILABLE                                        Handle        = 0x80290123
+	TPMAPI_E_OWNER_AUTH_NOT_NULL                                              Handle        = 0x80290124
+	TPMAPI_E_ENDORSEMENT_AUTH_NOT_NULL                                        Handle        = 0x80290125
+	TPMAPI_E_AUTHORIZATION_REVOKED                                            Handle        = 0x80290126
+	TPMAPI_E_MALFORMED_AUTHORIZATION_KEY                                      Handle        = 0x80290127
+	TPMAPI_E_AUTHORIZING_KEY_NOT_SUPPORTED                                    Handle        = 0x80290128
+	TPMAPI_E_INVALID_AUTHORIZATION_SIGNATURE                                  Handle        = 0x80290129
+	TPMAPI_E_MALFORMED_AUTHORIZATION_POLICY                                   Handle        = 0x8029012A
+	TPMAPI_E_MALFORMED_AUTHORIZATION_OTHER                                    Handle        = 0x8029012B
+	TPMAPI_E_SEALING_KEY_CHANGED                                              Handle        = 0x8029012C
+	TBSIMP_E_BUFFER_TOO_SMALL                                                 Handle        = 0x80290200
+	TBSIMP_E_CLEANUP_FAILED                                                   Handle        = 0x80290201
+	TBSIMP_E_INVALID_CONTEXT_HANDLE                                           Handle        = 0x80290202
+	TBSIMP_E_INVALID_CONTEXT_PARAM                                            Handle        = 0x80290203
+	TBSIMP_E_TPM_ERROR                                                        Handle        = 0x80290204
+	TBSIMP_E_HASH_BAD_KEY                                                     Handle        = 0x80290205
+	TBSIMP_E_DUPLICATE_VHANDLE                                                Handle        = 0x80290206
+	TBSIMP_E_INVALID_OUTPUT_POINTER                                           Handle        = 0x80290207
+	TBSIMP_E_INVALID_PARAMETER                                                Handle        = 0x80290208
+	TBSIMP_E_RPC_INIT_FAILED                                                  Handle        = 0x80290209
+	TBSIMP_E_SCHEDULER_NOT_RUNNING                                            Handle        = 0x8029020A
+	TBSIMP_E_COMMAND_CANCELED                                                 Handle        = 0x8029020B
+	TBSIMP_E_OUT_OF_MEMORY                                                    Handle        = 0x8029020C
+	TBSIMP_E_LIST_NO_MORE_ITEMS                                               Handle        = 0x8029020D
+	TBSIMP_E_LIST_NOT_FOUND                                                   Handle        = 0x8029020E
+	TBSIMP_E_NOT_ENOUGH_SPACE                                                 Handle        = 0x8029020F
+	TBSIMP_E_NOT_ENOUGH_TPM_CONTEXTS                                          Handle        = 0x80290210
+	TBSIMP_E_COMMAND_FAILED                                                   Handle        = 0x80290211
+	TBSIMP_E_UNKNOWN_ORDINAL                                                  Handle        = 0x80290212
+	TBSIMP_E_RESOURCE_EXPIRED                                                 Handle        = 0x80290213
+	TBSIMP_E_INVALID_RESOURCE                                                 Handle        = 0x80290214
+	TBSIMP_E_NOTHING_TO_UNLOAD                                                Handle        = 0x80290215
+	TBSIMP_E_HASH_TABLE_FULL                                                  Handle        = 0x80290216
+	TBSIMP_E_TOO_MANY_TBS_CONTEXTS                                            Handle        = 0x80290217
+	TBSIMP_E_TOO_MANY_RESOURCES                                               Handle        = 0x80290218
+	TBSIMP_E_PPI_NOT_SUPPORTED                                                Handle        = 0x80290219
+	TBSIMP_E_TPM_INCOMPATIBLE                                                 Handle        = 0x8029021A
+	TBSIMP_E_NO_EVENT_LOG                                                     Handle        = 0x8029021B
+	TPM_E_PPI_ACPI_FAILURE                                                    Handle        = 0x80290300
+	TPM_E_PPI_USER_ABORT                                                      Handle        = 0x80290301
+	TPM_E_PPI_BIOS_FAILURE                                                    Handle        = 0x80290302
+	TPM_E_PPI_NOT_SUPPORTED                                                   Handle        = 0x80290303
+	TPM_E_PPI_BLOCKED_IN_BIOS                                                 Handle        = 0x80290304
+	TPM_E_PCP_ERROR_MASK                                                      Handle        = 0x80290400
+	TPM_E_PCP_DEVICE_NOT_READY                                                Handle        = 0x80290401
+	TPM_E_PCP_INVALID_HANDLE                                                  Handle        = 0x80290402
+	TPM_E_PCP_INVALID_PARAMETER                                               Handle        = 0x80290403
+	TPM_E_PCP_FLAG_NOT_SUPPORTED                                              Handle        = 0x80290404
+	TPM_E_PCP_NOT_SUPPORTED                                                   Handle        = 0x80290405
+	TPM_E_PCP_BUFFER_TOO_SMALL                                                Handle        = 0x80290406
+	TPM_E_PCP_INTERNAL_ERROR                                                  Handle        = 0x80290407
+	TPM_E_PCP_AUTHENTICATION_FAILED                                           Handle        = 0x80290408
+	TPM_E_PCP_AUTHENTICATION_IGNORED                                          Handle        = 0x80290409
+	TPM_E_PCP_POLICY_NOT_FOUND                                                Handle        = 0x8029040A
+	TPM_E_PCP_PROFILE_NOT_FOUND                                               Handle        = 0x8029040B
+	TPM_E_PCP_VALIDATION_FAILED                                               Handle        = 0x8029040C
+	TPM_E_PCP_WRONG_PARENT                                                    Handle        = 0x8029040E
+	TPM_E_KEY_NOT_LOADED                                                      Handle        = 0x8029040F
+	TPM_E_NO_KEY_CERTIFICATION                                                Handle        = 0x80290410
+	TPM_E_KEY_NOT_FINALIZED                                                   Handle        = 0x80290411
+	TPM_E_ATTESTATION_CHALLENGE_NOT_SET                                       Handle        = 0x80290412
+	TPM_E_NOT_PCR_BOUND                                                       Handle        = 0x80290413
+	TPM_E_KEY_ALREADY_FINALIZED                                               Handle        = 0x80290414
+	TPM_E_KEY_USAGE_POLICY_NOT_SUPPORTED                                      Handle        = 0x80290415
+	TPM_E_KEY_USAGE_POLICY_INVALID                                            Handle        = 0x80290416
+	TPM_E_SOFT_KEY_ERROR                                                      Handle        = 0x80290417
+	TPM_E_KEY_NOT_AUTHENTICATED                                               Handle        = 0x80290418
+	TPM_E_PCP_KEY_NOT_AIK                                                     Handle        = 0x80290419
+	TPM_E_KEY_NOT_SIGNING_KEY                                                 Handle        = 0x8029041A
+	TPM_E_LOCKED_OUT                                                          Handle        = 0x8029041B
+	TPM_E_CLAIM_TYPE_NOT_SUPPORTED                                            Handle        = 0x8029041C
+	TPM_E_VERSION_NOT_SUPPORTED                                               Handle        = 0x8029041D
+	TPM_E_BUFFER_LENGTH_MISMATCH                                              Handle        = 0x8029041E
+	TPM_E_PCP_IFX_RSA_KEY_CREATION_BLOCKED                                    Handle        = 0x8029041F
+	TPM_E_PCP_TICKET_MISSING                                                  Handle        = 0x80290420
+	TPM_E_PCP_RAW_POLICY_NOT_SUPPORTED                                        Handle        = 0x80290421
+	TPM_E_PCP_KEY_HANDLE_INVALIDATED                                          Handle        = 0x80290422
+	TPM_E_PCP_UNSUPPORTED_PSS_SALT                                            Handle        = 0x40290423
+	TPM_E_ZERO_EXHAUST_ENABLED                                                Handle        = 0x80290500
+	PLA_E_DCS_NOT_FOUND                                                       Handle        = 0x80300002
+	PLA_E_DCS_IN_USE                                                          Handle        = 0x803000AA
+	PLA_E_TOO_MANY_FOLDERS                                                    Handle        = 0x80300045
+	PLA_E_NO_MIN_DISK                                                         Handle        = 0x80300070
+	PLA_E_DCS_ALREADY_EXISTS                                                  Handle        = 0x803000B7
+	PLA_S_PROPERTY_IGNORED                                                    Handle        = 0x00300100
+	PLA_E_PROPERTY_CONFLICT                                                   Handle        = 0x80300101
+	PLA_E_DCS_SINGLETON_REQUIRED                                              Handle        = 0x80300102
+	PLA_E_CREDENTIALS_REQUIRED                                                Handle        = 0x80300103
+	PLA_E_DCS_NOT_RUNNING                                                     Handle        = 0x80300104
+	PLA_E_CONFLICT_INCL_EXCL_API                                              Handle        = 0x80300105
+	PLA_E_NETWORK_EXE_NOT_VALID                                               Handle        = 0x80300106
+	PLA_E_EXE_ALREADY_CONFIGURED                                              Handle        = 0x80300107
+	PLA_E_EXE_PATH_NOT_VALID                                                  Handle        = 0x80300108
+	PLA_E_DC_ALREADY_EXISTS                                                   Handle        = 0x80300109
+	PLA_E_DCS_START_WAIT_TIMEOUT                                              Handle        = 0x8030010A
+	PLA_E_DC_START_WAIT_TIMEOUT                                               Handle        = 0x8030010B
+	PLA_E_REPORT_WAIT_TIMEOUT                                                 Handle        = 0x8030010C
+	PLA_E_NO_DUPLICATES                                                       Handle        = 0x8030010D
+	PLA_E_EXE_FULL_PATH_REQUIRED                                              Handle        = 0x8030010E
+	PLA_E_INVALID_SESSION_NAME                                                Handle        = 0x8030010F
+	PLA_E_PLA_CHANNEL_NOT_ENABLED                                             Handle        = 0x80300110
+	PLA_E_TASKSCHED_CHANNEL_NOT_ENABLED                                       Handle        = 0x80300111
+	PLA_E_RULES_MANAGER_FAILED                                                Handle        = 0x80300112
+	PLA_E_CABAPI_FAILURE                                                      Handle        = 0x80300113
+	FVE_E_LOCKED_VOLUME                                                       Handle        = 0x80310000
+	FVE_E_NOT_ENCRYPTED                                                       Handle        = 0x80310001
+	FVE_E_NO_TPM_BIOS                                                         Handle        = 0x80310002
+	FVE_E_NO_MBR_METRIC                                                       Handle        = 0x80310003
+	FVE_E_NO_BOOTSECTOR_METRIC                                                Handle        = 0x80310004
+	FVE_E_NO_BOOTMGR_METRIC                                                   Handle        = 0x80310005
+	FVE_E_WRONG_BOOTMGR                                                       Handle        = 0x80310006
+	FVE_E_SECURE_KEY_REQUIRED                                                 Handle        = 0x80310007
+	FVE_E_NOT_ACTIVATED                                                       Handle        = 0x80310008
+	FVE_E_ACTION_NOT_ALLOWED                                                  Handle        = 0x80310009
+	FVE_E_AD_SCHEMA_NOT_INSTALLED                                             Handle        = 0x8031000A
+	FVE_E_AD_INVALID_DATATYPE                                                 Handle        = 0x8031000B
+	FVE_E_AD_INVALID_DATASIZE                                                 Handle        = 0x8031000C
+	FVE_E_AD_NO_VALUES                                                        Handle        = 0x8031000D
+	FVE_E_AD_ATTR_NOT_SET                                                     Handle        = 0x8031000E
+	FVE_E_AD_GUID_NOT_FOUND                                                   Handle        = 0x8031000F
+	FVE_E_BAD_INFORMATION                                                     Handle        = 0x80310010
+	FVE_E_TOO_SMALL                                                           Handle        = 0x80310011
+	FVE_E_SYSTEM_VOLUME                                                       Handle        = 0x80310012
+	FVE_E_FAILED_WRONG_FS                                                     Handle        = 0x80310013
+	FVE_E_BAD_PARTITION_SIZE                                                  Handle        = 0x80310014
+	FVE_E_NOT_SUPPORTED                                                       Handle        = 0x80310015
+	FVE_E_BAD_DATA                                                            Handle        = 0x80310016
+	FVE_E_VOLUME_NOT_BOUND                                                    Handle        = 0x80310017
+	FVE_E_TPM_NOT_OWNED                                                       Handle        = 0x80310018
+	FVE_E_NOT_DATA_VOLUME                                                     Handle        = 0x80310019
+	FVE_E_AD_INSUFFICIENT_BUFFER                                              Handle        = 0x8031001A
+	FVE_E_CONV_READ                                                           Handle        = 0x8031001B
+	FVE_E_CONV_WRITE                                                          Handle        = 0x8031001C
+	FVE_E_KEY_REQUIRED                                                        Handle        = 0x8031001D
+	FVE_E_CLUSTERING_NOT_SUPPORTED                                            Handle        = 0x8031001E
+	FVE_E_VOLUME_BOUND_ALREADY                                                Handle        = 0x8031001F
+	FVE_E_OS_NOT_PROTECTED                                                    Handle        = 0x80310020
+	FVE_E_PROTECTION_DISABLED                                                 Handle        = 0x80310021
+	FVE_E_RECOVERY_KEY_REQUIRED                                               Handle        = 0x80310022
+	FVE_E_FOREIGN_VOLUME                                                      Handle        = 0x80310023
+	FVE_E_OVERLAPPED_UPDATE                                                   Handle        = 0x80310024
+	FVE_E_TPM_SRK_AUTH_NOT_ZERO                                               Handle        = 0x80310025
+	FVE_E_FAILED_SECTOR_SIZE                                                  Handle        = 0x80310026
+	FVE_E_FAILED_AUTHENTICATION                                               Handle        = 0x80310027
+	FVE_E_NOT_OS_VOLUME                                                       Handle        = 0x80310028
+	FVE_E_AUTOUNLOCK_ENABLED                                                  Handle        = 0x80310029
+	FVE_E_WRONG_BOOTSECTOR                                                    Handle        = 0x8031002A
+	FVE_E_WRONG_SYSTEM_FS                                                     Handle        = 0x8031002B
+	FVE_E_POLICY_PASSWORD_REQUIRED                                            Handle        = 0x8031002C
+	FVE_E_CANNOT_SET_FVEK_ENCRYPTED                                           Handle        = 0x8031002D
+	FVE_E_CANNOT_ENCRYPT_NO_KEY                                               Handle        = 0x8031002E
+	FVE_E_BOOTABLE_CDDVD                                                      Handle        = 0x80310030
+	FVE_E_PROTECTOR_EXISTS                                                    Handle        = 0x80310031
+	FVE_E_RELATIVE_PATH                                                       Handle        = 0x80310032
+	FVE_E_PROTECTOR_NOT_FOUND                                                 Handle        = 0x80310033
+	FVE_E_INVALID_KEY_FORMAT                                                  Handle        = 0x80310034
+	FVE_E_INVALID_PASSWORD_FORMAT                                             Handle        = 0x80310035
+	FVE_E_FIPS_RNG_CHECK_FAILED                                               Handle        = 0x80310036
+	FVE_E_FIPS_PREVENTS_RECOVERY_PASSWORD                                     Handle        = 0x80310037
+	FVE_E_FIPS_PREVENTS_EXTERNAL_KEY_EXPORT                                   Handle        = 0x80310038
+	FVE_E_NOT_DECRYPTED                                                       Handle        = 0x80310039
+	FVE_E_INVALID_PROTECTOR_TYPE                                              Handle        = 0x8031003A
+	FVE_E_NO_PROTECTORS_TO_TEST                                               Handle        = 0x8031003B
+	FVE_E_KEYFILE_NOT_FOUND                                                   Handle        = 0x8031003C
+	FVE_E_KEYFILE_INVALID                                                     Handle        = 0x8031003D
+	FVE_E_KEYFILE_NO_VMK                                                      Handle        = 0x8031003E
+	FVE_E_TPM_DISABLED                                                        Handle        = 0x8031003F
+	FVE_E_NOT_ALLOWED_IN_SAFE_MODE                                            Handle        = 0x80310040
+	FVE_E_TPM_INVALID_PCR                                                     Handle        = 0x80310041
+	FVE_E_TPM_NO_VMK                                                          Handle        = 0x80310042
+	FVE_E_PIN_INVALID                                                         Handle        = 0x80310043
+	FVE_E_AUTH_INVALID_APPLICATION                                            Handle        = 0x80310044
+	FVE_E_AUTH_INVALID_CONFIG                                                 Handle        = 0x80310045
+	FVE_E_FIPS_DISABLE_PROTECTION_NOT_ALLOWED                                 Handle        = 0x80310046
+	FVE_E_FS_NOT_EXTENDED                                                     Handle        = 0x80310047
+	FVE_E_FIRMWARE_TYPE_NOT_SUPPORTED                                         Handle        = 0x80310048
+	FVE_E_NO_LICENSE                                                          Handle        = 0x80310049
+	FVE_E_NOT_ON_STACK                                                        Handle        = 0x8031004A
+	FVE_E_FS_MOUNTED                                                          Handle        = 0x8031004B
+	FVE_E_TOKEN_NOT_IMPERSONATED                                              Handle        = 0x8031004C
+	FVE_E_DRY_RUN_FAILED                                                      Handle        = 0x8031004D
+	FVE_E_REBOOT_REQUIRED                                                     Handle        = 0x8031004E
+	FVE_E_DEBUGGER_ENABLED                                                    Handle        = 0x8031004F
+	FVE_E_RAW_ACCESS                                                          Handle        = 0x80310050
+	FVE_E_RAW_BLOCKED                                                         Handle        = 0x80310051
+	FVE_E_BCD_APPLICATIONS_PATH_INCORRECT                                     Handle        = 0x80310052
+	FVE_E_NOT_ALLOWED_IN_VERSION                                              Handle        = 0x80310053
+	FVE_E_NO_AUTOUNLOCK_MASTER_KEY                                            Handle        = 0x80310054
+	FVE_E_MOR_FAILED                                                          Handle        = 0x80310055
+	FVE_E_HIDDEN_VOLUME                                                       Handle        = 0x80310056
+	FVE_E_TRANSIENT_STATE                                                     Handle        = 0x80310057
+	FVE_E_PUBKEY_NOT_ALLOWED                                                  Handle        = 0x80310058
+	FVE_E_VOLUME_HANDLE_OPEN                                                  Handle        = 0x80310059
+	FVE_E_NO_FEATURE_LICENSE                                                  Handle        = 0x8031005A
+	FVE_E_INVALID_STARTUP_OPTIONS                                             Handle        = 0x8031005B
+	FVE_E_POLICY_RECOVERY_PASSWORD_NOT_ALLOWED                                Handle        = 0x8031005C
+	FVE_E_POLICY_RECOVERY_PASSWORD_REQUIRED                                   Handle        = 0x8031005D
+	FVE_E_POLICY_RECOVERY_KEY_NOT_ALLOWED                                     Handle        = 0x8031005E
+	FVE_E_POLICY_RECOVERY_KEY_REQUIRED                                        Handle        = 0x8031005F
+	FVE_E_POLICY_STARTUP_PIN_NOT_ALLOWED                                      Handle        = 0x80310060
+	FVE_E_POLICY_STARTUP_PIN_REQUIRED                                         Handle        = 0x80310061
+	FVE_E_POLICY_STARTUP_KEY_NOT_ALLOWED                                      Handle        = 0x80310062
+	FVE_E_POLICY_STARTUP_KEY_REQUIRED                                         Handle        = 0x80310063
+	FVE_E_POLICY_STARTUP_PIN_KEY_NOT_ALLOWED                                  Handle        = 0x80310064
+	FVE_E_POLICY_STARTUP_PIN_KEY_REQUIRED                                     Handle        = 0x80310065
+	FVE_E_POLICY_STARTUP_TPM_NOT_ALLOWED                                      Handle        = 0x80310066
+	FVE_E_POLICY_STARTUP_TPM_REQUIRED                                         Handle        = 0x80310067
+	FVE_E_POLICY_INVALID_PIN_LENGTH                                           Handle        = 0x80310068
+	FVE_E_KEY_PROTECTOR_NOT_SUPPORTED                                         Handle        = 0x80310069
+	FVE_E_POLICY_PASSPHRASE_NOT_ALLOWED                                       Handle        = 0x8031006A
+	FVE_E_POLICY_PASSPHRASE_REQUIRED                                          Handle        = 0x8031006B
+	FVE_E_FIPS_PREVENTS_PASSPHRASE                                            Handle        = 0x8031006C
+	FVE_E_OS_VOLUME_PASSPHRASE_NOT_ALLOWED                                    Handle        = 0x8031006D
+	FVE_E_INVALID_BITLOCKER_OID                                               Handle        = 0x8031006E
+	FVE_E_VOLUME_TOO_SMALL                                                    Handle        = 0x8031006F
+	FVE_E_DV_NOT_SUPPORTED_ON_FS                                              Handle        = 0x80310070
+	FVE_E_DV_NOT_ALLOWED_BY_GP                                                Handle        = 0x80310071
+	FVE_E_POLICY_USER_CERTIFICATE_NOT_ALLOWED                                 Handle        = 0x80310072
+	FVE_E_POLICY_USER_CERTIFICATE_REQUIRED                                    Handle        = 0x80310073
+	FVE_E_POLICY_USER_CERT_MUST_BE_HW                                         Handle        = 0x80310074
+	FVE_E_POLICY_USER_CONFIGURE_FDV_AUTOUNLOCK_NOT_ALLOWED                    Handle        = 0x80310075
+	FVE_E_POLICY_USER_CONFIGURE_RDV_AUTOUNLOCK_NOT_ALLOWED                    Handle        = 0x80310076
+	FVE_E_POLICY_USER_CONFIGURE_RDV_NOT_ALLOWED                               Handle        = 0x80310077
+	FVE_E_POLICY_USER_ENABLE_RDV_NOT_ALLOWED                                  Handle        = 0x80310078
+	FVE_E_POLICY_USER_DISABLE_RDV_NOT_ALLOWED                                 Handle        = 0x80310079
+	FVE_E_POLICY_INVALID_PASSPHRASE_LENGTH                                    Handle        = 0x80310080
+	FVE_E_POLICY_PASSPHRASE_TOO_SIMPLE                                        Handle        = 0x80310081
+	FVE_E_RECOVERY_PARTITION                                                  Handle        = 0x80310082
+	FVE_E_POLICY_CONFLICT_FDV_RK_OFF_AUK_ON                                   Handle        = 0x80310083
+	FVE_E_POLICY_CONFLICT_RDV_RK_OFF_AUK_ON                                   Handle        = 0x80310084
+	FVE_E_NON_BITLOCKER_OID                                                   Handle        = 0x80310085
+	FVE_E_POLICY_PROHIBITS_SELFSIGNED                                         Handle        = 0x80310086
+	FVE_E_POLICY_CONFLICT_RO_AND_STARTUP_KEY_REQUIRED                         Handle        = 0x80310087
+	FVE_E_CONV_RECOVERY_FAILED                                                Handle        = 0x80310088
+	FVE_E_VIRTUALIZED_SPACE_TOO_BIG                                           Handle        = 0x80310089
+	FVE_E_POLICY_CONFLICT_OSV_RP_OFF_ADB_ON                                   Handle        = 0x80310090
+	FVE_E_POLICY_CONFLICT_FDV_RP_OFF_ADB_ON                                   Handle        = 0x80310091
+	FVE_E_POLICY_CONFLICT_RDV_RP_OFF_ADB_ON                                   Handle        = 0x80310092
+	FVE_E_NON_BITLOCKER_KU                                                    Handle        = 0x80310093
+	FVE_E_PRIVATEKEY_AUTH_FAILED                                              Handle        = 0x80310094
+	FVE_E_REMOVAL_OF_DRA_FAILED                                               Handle        = 0x80310095
+	FVE_E_OPERATION_NOT_SUPPORTED_ON_VISTA_VOLUME                             Handle        = 0x80310096
+	FVE_E_CANT_LOCK_AUTOUNLOCK_ENABLED_VOLUME                                 Handle        = 0x80310097
+	FVE_E_FIPS_HASH_KDF_NOT_ALLOWED                                           Handle        = 0x80310098
+	FVE_E_ENH_PIN_INVALID                                                     Handle        = 0x80310099
+	FVE_E_INVALID_PIN_CHARS                                                   Handle        = 0x8031009A
+	FVE_E_INVALID_DATUM_TYPE                                                  Handle        = 0x8031009B
+	FVE_E_EFI_ONLY                                                            Handle        = 0x8031009C
+	FVE_E_MULTIPLE_NKP_CERTS                                                  Handle        = 0x8031009D
+	FVE_E_REMOVAL_OF_NKP_FAILED                                               Handle        = 0x8031009E
+	FVE_E_INVALID_NKP_CERT                                                    Handle        = 0x8031009F
+	FVE_E_NO_EXISTING_PIN                                                     Handle        = 0x803100A0
+	FVE_E_PROTECTOR_CHANGE_PIN_MISMATCH                                       Handle        = 0x803100A1
+	FVE_E_PIN_PROTECTOR_CHANGE_BY_STD_USER_DISALLOWED                         Handle        = 0x803100A2
+	FVE_E_PROTECTOR_CHANGE_MAX_PIN_CHANGE_ATTEMPTS_REACHED                    Handle        = 0x803100A3
+	FVE_E_POLICY_PASSPHRASE_REQUIRES_ASCII                                    Handle        = 0x803100A4
+	FVE_E_FULL_ENCRYPTION_NOT_ALLOWED_ON_TP_STORAGE                           Handle        = 0x803100A5
+	FVE_E_WIPE_NOT_ALLOWED_ON_TP_STORAGE                                      Handle        = 0x803100A6
+	FVE_E_KEY_LENGTH_NOT_SUPPORTED_BY_EDRIVE                                  Handle        = 0x803100A7
+	FVE_E_NO_EXISTING_PASSPHRASE                                              Handle        = 0x803100A8
+	FVE_E_PROTECTOR_CHANGE_PASSPHRASE_MISMATCH                                Handle        = 0x803100A9
+	FVE_E_PASSPHRASE_TOO_LONG                                                 Handle        = 0x803100AA
+	FVE_E_NO_PASSPHRASE_WITH_TPM                                              Handle        = 0x803100AB
+	FVE_E_NO_TPM_WITH_PASSPHRASE                                              Handle        = 0x803100AC
+	FVE_E_NOT_ALLOWED_ON_CSV_STACK                                            Handle        = 0x803100AD
+	FVE_E_NOT_ALLOWED_ON_CLUSTER                                              Handle        = 0x803100AE
+	FVE_E_EDRIVE_NO_FAILOVER_TO_SW                                            Handle        = 0x803100AF
+	FVE_E_EDRIVE_BAND_IN_USE                                                  Handle        = 0x803100B0
+	FVE_E_EDRIVE_DISALLOWED_BY_GP                                             Handle        = 0x803100B1
+	FVE_E_EDRIVE_INCOMPATIBLE_VOLUME                                          Handle        = 0x803100B2
+	FVE_E_NOT_ALLOWED_TO_UPGRADE_WHILE_CONVERTING                             Handle        = 0x803100B3
+	FVE_E_EDRIVE_DV_NOT_SUPPORTED                                             Handle        = 0x803100B4
+	FVE_E_NO_PREBOOT_KEYBOARD_DETECTED                                        Handle        = 0x803100B5
+	FVE_E_NO_PREBOOT_KEYBOARD_OR_WINRE_DETECTED                               Handle        = 0x803100B6
+	FVE_E_POLICY_REQUIRES_STARTUP_PIN_ON_TOUCH_DEVICE                         Handle        = 0x803100B7
+	FVE_E_POLICY_REQUIRES_RECOVERY_PASSWORD_ON_TOUCH_DEVICE                   Handle        = 0x803100B8
+	FVE_E_WIPE_CANCEL_NOT_APPLICABLE                                          Handle        = 0x803100B9
+	FVE_E_SECUREBOOT_DISABLED                                                 Handle        = 0x803100BA
+	FVE_E_SECUREBOOT_CONFIGURATION_INVALID                                    Handle        = 0x803100BB
+	FVE_E_EDRIVE_DRY_RUN_FAILED                                               Handle        = 0x803100BC
+	FVE_E_SHADOW_COPY_PRESENT                                                 Handle        = 0x803100BD
+	FVE_E_POLICY_INVALID_ENHANCED_BCD_SETTINGS                                Handle        = 0x803100BE
+	FVE_E_EDRIVE_INCOMPATIBLE_FIRMWARE                                        Handle        = 0x803100BF
+	FVE_E_PROTECTOR_CHANGE_MAX_PASSPHRASE_CHANGE_ATTEMPTS_REACHED             Handle        = 0x803100C0
+	FVE_E_PASSPHRASE_PROTECTOR_CHANGE_BY_STD_USER_DISALLOWED                  Handle        = 0x803100C1
+	FVE_E_LIVEID_ACCOUNT_SUSPENDED                                            Handle        = 0x803100C2
+	FVE_E_LIVEID_ACCOUNT_BLOCKED                                              Handle        = 0x803100C3
+	FVE_E_NOT_PROVISIONED_ON_ALL_VOLUMES                                      Handle        = 0x803100C4
+	FVE_E_DE_FIXED_DATA_NOT_SUPPORTED                                         Handle        = 0x803100C5
+	FVE_E_DE_HARDWARE_NOT_COMPLIANT                                           Handle        = 0x803100C6
+	FVE_E_DE_WINRE_NOT_CONFIGURED                                             Handle        = 0x803100C7
+	FVE_E_DE_PROTECTION_SUSPENDED                                             Handle        = 0x803100C8
+	FVE_E_DE_OS_VOLUME_NOT_PROTECTED                                          Handle        = 0x803100C9
+	FVE_E_DE_DEVICE_LOCKEDOUT                                                 Handle        = 0x803100CA
+	FVE_E_DE_PROTECTION_NOT_YET_ENABLED                                       Handle        = 0x803100CB
+	FVE_E_INVALID_PIN_CHARS_DETAILED                                          Handle        = 0x803100CC
+	FVE_E_DEVICE_LOCKOUT_COUNTER_UNAVAILABLE                                  Handle        = 0x803100CD
+	FVE_E_DEVICELOCKOUT_COUNTER_MISMATCH                                      Handle        = 0x803100CE
+	FVE_E_BUFFER_TOO_LARGE                                                    Handle        = 0x803100CF
+	FVE_E_NO_SUCH_CAPABILITY_ON_TARGET                                        Handle        = 0x803100D0
+	FVE_E_DE_PREVENTED_FOR_OS                                                 Handle        = 0x803100D1
+	FVE_E_DE_VOLUME_OPTED_OUT                                                 Handle        = 0x803100D2
+	FVE_E_DE_VOLUME_NOT_SUPPORTED                                             Handle        = 0x803100D3
+	FVE_E_EOW_NOT_SUPPORTED_IN_VERSION                                        Handle        = 0x803100D4
+	FVE_E_ADBACKUP_NOT_ENABLED                                                Handle        = 0x803100D5
+	FVE_E_VOLUME_EXTEND_PREVENTS_EOW_DECRYPT                                  Handle        = 0x803100D6
+	FVE_E_NOT_DE_VOLUME                                                       Handle        = 0x803100D7
+	FVE_E_PROTECTION_CANNOT_BE_DISABLED                                       Handle        = 0x803100D8
+	FVE_E_OSV_KSR_NOT_ALLOWED                                                 Handle        = 0x803100D9
+	FWP_E_CALLOUT_NOT_FOUND                                                   Handle        = 0x80320001
+	FWP_E_CONDITION_NOT_FOUND                                                 Handle        = 0x80320002
+	FWP_E_FILTER_NOT_FOUND                                                    Handle        = 0x80320003
+	FWP_E_LAYER_NOT_FOUND                                                     Handle        = 0x80320004
+	FWP_E_PROVIDER_NOT_FOUND                                                  Handle        = 0x80320005
+	FWP_E_PROVIDER_CONTEXT_NOT_FOUND                                          Handle        = 0x80320006
+	FWP_E_SUBLAYER_NOT_FOUND                                                  Handle        = 0x80320007
+	FWP_E_NOT_FOUND                                                           Handle        = 0x80320008
+	FWP_E_ALREADY_EXISTS                                                      Handle        = 0x80320009
+	FWP_E_IN_USE                                                              Handle        = 0x8032000A
+	FWP_E_DYNAMIC_SESSION_IN_PROGRESS                                         Handle        = 0x8032000B
+	FWP_E_WRONG_SESSION                                                       Handle        = 0x8032000C
+	FWP_E_NO_TXN_IN_PROGRESS                                                  Handle        = 0x8032000D
+	FWP_E_TXN_IN_PROGRESS                                                     Handle        = 0x8032000E
+	FWP_E_TXN_ABORTED                                                         Handle        = 0x8032000F
+	FWP_E_SESSION_ABORTED                                                     Handle        = 0x80320010
+	FWP_E_INCOMPATIBLE_TXN                                                    Handle        = 0x80320011
+	FWP_E_TIMEOUT                                                             Handle        = 0x80320012
+	FWP_E_NET_EVENTS_DISABLED                                                 Handle        = 0x80320013
+	FWP_E_INCOMPATIBLE_LAYER                                                  Handle        = 0x80320014
+	FWP_E_KM_CLIENTS_ONLY                                                     Handle        = 0x80320015
+	FWP_E_LIFETIME_MISMATCH                                                   Handle        = 0x80320016
+	FWP_E_BUILTIN_OBJECT                                                      Handle        = 0x80320017
+	FWP_E_TOO_MANY_CALLOUTS                                                   Handle        = 0x80320018
+	FWP_E_NOTIFICATION_DROPPED                                                Handle        = 0x80320019
+	FWP_E_TRAFFIC_MISMATCH                                                    Handle        = 0x8032001A
+	FWP_E_INCOMPATIBLE_SA_STATE                                               Handle        = 0x8032001B
+	FWP_E_NULL_POINTER                                                        Handle        = 0x8032001C
+	FWP_E_INVALID_ENUMERATOR                                                  Handle        = 0x8032001D
+	FWP_E_INVALID_FLAGS                                                       Handle        = 0x8032001E
+	FWP_E_INVALID_NET_MASK                                                    Handle        = 0x8032001F
+	FWP_E_INVALID_RANGE                                                       Handle        = 0x80320020
+	FWP_E_INVALID_INTERVAL                                                    Handle        = 0x80320021
+	FWP_E_ZERO_LENGTH_ARRAY                                                   Handle        = 0x80320022
+	FWP_E_NULL_DISPLAY_NAME                                                   Handle        = 0x80320023
+	FWP_E_INVALID_ACTION_TYPE                                                 Handle        = 0x80320024
+	FWP_E_INVALID_WEIGHT                                                      Handle        = 0x80320025
+	FWP_E_MATCH_TYPE_MISMATCH                                                 Handle        = 0x80320026
+	FWP_E_TYPE_MISMATCH                                                       Handle        = 0x80320027
+	FWP_E_OUT_OF_BOUNDS                                                       Handle        = 0x80320028
+	FWP_E_RESERVED                                                            Handle        = 0x80320029
+	FWP_E_DUPLICATE_CONDITION                                                 Handle        = 0x8032002A
+	FWP_E_DUPLICATE_KEYMOD                                                    Handle        = 0x8032002B
+	FWP_E_ACTION_INCOMPATIBLE_WITH_LAYER                                      Handle        = 0x8032002C
+	FWP_E_ACTION_INCOMPATIBLE_WITH_SUBLAYER                                   Handle        = 0x8032002D
+	FWP_E_CONTEXT_INCOMPATIBLE_WITH_LAYER                                     Handle        = 0x8032002E
+	FWP_E_CONTEXT_INCOMPATIBLE_WITH_CALLOUT                                   Handle        = 0x8032002F
+	FWP_E_INCOMPATIBLE_AUTH_METHOD                                            Handle        = 0x80320030
+	FWP_E_INCOMPATIBLE_DH_GROUP                                               Handle        = 0x80320031
+	FWP_E_EM_NOT_SUPPORTED                                                    Handle        = 0x80320032
+	FWP_E_NEVER_MATCH                                                         Handle        = 0x80320033
+	FWP_E_PROVIDER_CONTEXT_MISMATCH                                           Handle        = 0x80320034
+	FWP_E_INVALID_PARAMETER                                                   Handle        = 0x80320035
+	FWP_E_TOO_MANY_SUBLAYERS                                                  Handle        = 0x80320036
+	FWP_E_CALLOUT_NOTIFICATION_FAILED                                         Handle        = 0x80320037
+	FWP_E_INVALID_AUTH_TRANSFORM                                              Handle        = 0x80320038
+	FWP_E_INVALID_CIPHER_TRANSFORM                                            Handle        = 0x80320039
+	FWP_E_INCOMPATIBLE_CIPHER_TRANSFORM                                       Handle        = 0x8032003A
+	FWP_E_INVALID_TRANSFORM_COMBINATION                                       Handle        = 0x8032003B
+	FWP_E_DUPLICATE_AUTH_METHOD                                               Handle        = 0x8032003C
+	FWP_E_INVALID_TUNNEL_ENDPOINT                                             Handle        = 0x8032003D
+	FWP_E_L2_DRIVER_NOT_READY                                                 Handle        = 0x8032003E
+	FWP_E_KEY_DICTATOR_ALREADY_REGISTERED                                     Handle        = 0x8032003F
+	FWP_E_KEY_DICTATION_INVALID_KEYING_MATERIAL                               Handle        = 0x80320040
+	FWP_E_CONNECTIONS_DISABLED                                                Handle        = 0x80320041
+	FWP_E_INVALID_DNS_NAME                                                    Handle        = 0x80320042
+	FWP_E_STILL_ON                                                            Handle        = 0x80320043
+	FWP_E_IKEEXT_NOT_RUNNING                                                  Handle        = 0x80320044
+	FWP_E_DROP_NOICMP                                                         Handle        = 0x80320104
+	WS_S_ASYNC                                                                Handle        = 0x003D0000
+	WS_S_END                                                                  Handle        = 0x003D0001
+	WS_E_INVALID_FORMAT                                                       Handle        = 0x803D0000
+	WS_E_OBJECT_FAULTED                                                       Handle        = 0x803D0001
+	WS_E_NUMERIC_OVERFLOW                                                     Handle        = 0x803D0002
+	WS_E_INVALID_OPERATION                                                    Handle        = 0x803D0003
+	WS_E_OPERATION_ABORTED                                                    Handle        = 0x803D0004
+	WS_E_ENDPOINT_ACCESS_DENIED                                               Handle        = 0x803D0005
+	WS_E_OPERATION_TIMED_OUT                                                  Handle        = 0x803D0006
+	WS_E_OPERATION_ABANDONED                                                  Handle        = 0x803D0007
+	WS_E_QUOTA_EXCEEDED                                                       Handle        = 0x803D0008
+	WS_E_NO_TRANSLATION_AVAILABLE                                             Handle        = 0x803D0009
+	WS_E_SECURITY_VERIFICATION_FAILURE                                        Handle        = 0x803D000A
+	WS_E_ADDRESS_IN_USE                                                       Handle        = 0x803D000B
+	WS_E_ADDRESS_NOT_AVAILABLE                                                Handle        = 0x803D000C
+	WS_E_ENDPOINT_NOT_FOUND                                                   Handle        = 0x803D000D
+	WS_E_ENDPOINT_NOT_AVAILABLE                                               Handle        = 0x803D000E
+	WS_E_ENDPOINT_FAILURE                                                     Handle        = 0x803D000F
+	WS_E_ENDPOINT_UNREACHABLE                                                 Handle        = 0x803D0010
+	WS_E_ENDPOINT_ACTION_NOT_SUPPORTED                                        Handle        = 0x803D0011
+	WS_E_ENDPOINT_TOO_BUSY                                                    Handle        = 0x803D0012
+	WS_E_ENDPOINT_FAULT_RECEIVED                                              Handle        = 0x803D0013
+	WS_E_ENDPOINT_DISCONNECTED                                                Handle        = 0x803D0014
+	WS_E_PROXY_FAILURE                                                        Handle        = 0x803D0015
+	WS_E_PROXY_ACCESS_DENIED                                                  Handle        = 0x803D0016
+	WS_E_NOT_SUPPORTED                                                        Handle        = 0x803D0017
+	WS_E_PROXY_REQUIRES_BASIC_AUTH                                            Handle        = 0x803D0018
+	WS_E_PROXY_REQUIRES_DIGEST_AUTH                                           Handle        = 0x803D0019
+	WS_E_PROXY_REQUIRES_NTLM_AUTH                                             Handle        = 0x803D001A
+	WS_E_PROXY_REQUIRES_NEGOTIATE_AUTH                                        Handle        = 0x803D001B
+	WS_E_SERVER_REQUIRES_BASIC_AUTH                                           Handle        = 0x803D001C
+	WS_E_SERVER_REQUIRES_DIGEST_AUTH                                          Handle        = 0x803D001D
+	WS_E_SERVER_REQUIRES_NTLM_AUTH                                            Handle        = 0x803D001E
+	WS_E_SERVER_REQUIRES_NEGOTIATE_AUTH                                       Handle        = 0x803D001F
+	WS_E_INVALID_ENDPOINT_URL                                                 Handle        = 0x803D0020
+	WS_E_OTHER                                                                Handle        = 0x803D0021
+	WS_E_SECURITY_TOKEN_EXPIRED                                               Handle        = 0x803D0022
+	WS_E_SECURITY_SYSTEM_FAILURE                                              Handle        = 0x803D0023
+	ERROR_NDIS_INTERFACE_CLOSING                                              syscall.Errno = 0x80340002
+	ERROR_NDIS_BAD_VERSION                                                    syscall.Errno = 0x80340004
+	ERROR_NDIS_BAD_CHARACTERISTICS                                            syscall.Errno = 0x80340005
+	ERROR_NDIS_ADAPTER_NOT_FOUND                                              syscall.Errno = 0x80340006
+	ERROR_NDIS_OPEN_FAILED                                                    syscall.Errno = 0x80340007
+	ERROR_NDIS_DEVICE_FAILED                                                  syscall.Errno = 0x80340008
+	ERROR_NDIS_MULTICAST_FULL                                                 syscall.Errno = 0x80340009
+	ERROR_NDIS_MULTICAST_EXISTS                                               syscall.Errno = 0x8034000A
+	ERROR_NDIS_MULTICAST_NOT_FOUND                                            syscall.Errno = 0x8034000B
+	ERROR_NDIS_REQUEST_ABORTED                                                syscall.Errno = 0x8034000C
+	ERROR_NDIS_RESET_IN_PROGRESS                                              syscall.Errno = 0x8034000D
+	ERROR_NDIS_NOT_SUPPORTED                                                  syscall.Errno = 0x803400BB
+	ERROR_NDIS_INVALID_PACKET                                                 syscall.Errno = 0x8034000F
+	ERROR_NDIS_ADAPTER_NOT_READY                                              syscall.Errno = 0x80340011
+	ERROR_NDIS_INVALID_LENGTH                                                 syscall.Errno = 0x80340014
+	ERROR_NDIS_INVALID_DATA                                                   syscall.Errno = 0x80340015
+	ERROR_NDIS_BUFFER_TOO_SHORT                                               syscall.Errno = 0x80340016
+	ERROR_NDIS_INVALID_OID                                                    syscall.Errno = 0x80340017
+	ERROR_NDIS_ADAPTER_REMOVED                                                syscall.Errno = 0x80340018
+	ERROR_NDIS_UNSUPPORTED_MEDIA                                              syscall.Errno = 0x80340019
+	ERROR_NDIS_GROUP_ADDRESS_IN_USE                                           syscall.Errno = 0x8034001A
+	ERROR_NDIS_FILE_NOT_FOUND                                                 syscall.Errno = 0x8034001B
+	ERROR_NDIS_ERROR_READING_FILE                                             syscall.Errno = 0x8034001C
+	ERROR_NDIS_ALREADY_MAPPED                                                 syscall.Errno = 0x8034001D
+	ERROR_NDIS_RESOURCE_CONFLICT                                              syscall.Errno = 0x8034001E
+	ERROR_NDIS_MEDIA_DISCONNECTED                                             syscall.Errno = 0x8034001F
+	ERROR_NDIS_INVALID_ADDRESS                                                syscall.Errno = 0x80340022
+	ERROR_NDIS_INVALID_DEVICE_REQUEST                                         syscall.Errno = 0x80340010
+	ERROR_NDIS_PAUSED                                                         syscall.Errno = 0x8034002A
+	ERROR_NDIS_INTERFACE_NOT_FOUND                                            syscall.Errno = 0x8034002B
+	ERROR_NDIS_UNSUPPORTED_REVISION                                           syscall.Errno = 0x8034002C
+	ERROR_NDIS_INVALID_PORT                                                   syscall.Errno = 0x8034002D
+	ERROR_NDIS_INVALID_PORT_STATE                                             syscall.Errno = 0x8034002E
+	ERROR_NDIS_LOW_POWER_STATE                                                syscall.Errno = 0x8034002F
+	ERROR_NDIS_REINIT_REQUIRED                                                syscall.Errno = 0x80340030
+	ERROR_NDIS_NO_QUEUES                                                      syscall.Errno = 0x80340031
+	ERROR_NDIS_DOT11_AUTO_CONFIG_ENABLED                                      syscall.Errno = 0x80342000
+	ERROR_NDIS_DOT11_MEDIA_IN_USE                                             syscall.Errno = 0x80342001
+	ERROR_NDIS_DOT11_POWER_STATE_INVALID                                      syscall.Errno = 0x80342002
+	ERROR_NDIS_PM_WOL_PATTERN_LIST_FULL                                       syscall.Errno = 0x80342003
+	ERROR_NDIS_PM_PROTOCOL_OFFLOAD_LIST_FULL                                  syscall.Errno = 0x80342004
+	ERROR_NDIS_DOT11_AP_CHANNEL_CURRENTLY_NOT_AVAILABLE                       syscall.Errno = 0x80342005
+	ERROR_NDIS_DOT11_AP_BAND_CURRENTLY_NOT_AVAILABLE                          syscall.Errno = 0x80342006
+	ERROR_NDIS_DOT11_AP_CHANNEL_NOT_ALLOWED                                   syscall.Errno = 0x80342007
+	ERROR_NDIS_DOT11_AP_BAND_NOT_ALLOWED                                      syscall.Errno = 0x80342008
+	ERROR_NDIS_INDICATION_REQUIRED                                            syscall.Errno = 0x00340001
+	ERROR_NDIS_OFFLOAD_POLICY                                                 syscall.Errno = 0xC034100F
+	ERROR_NDIS_OFFLOAD_CONNECTION_REJECTED                                    syscall.Errno = 0xC0341012
+	ERROR_NDIS_OFFLOAD_PATH_REJECTED                                          syscall.Errno = 0xC0341013
+	ERROR_HV_INVALID_HYPERCALL_CODE                                           syscall.Errno = 0xC0350002
+	ERROR_HV_INVALID_HYPERCALL_INPUT                                          syscall.Errno = 0xC0350003
+	ERROR_HV_INVALID_ALIGNMENT                                                syscall.Errno = 0xC0350004
+	ERROR_HV_INVALID_PARAMETER                                                syscall.Errno = 0xC0350005
+	ERROR_HV_ACCESS_DENIED                                                    syscall.Errno = 0xC0350006
+	ERROR_HV_INVALID_PARTITION_STATE                                          syscall.Errno = 0xC0350007
+	ERROR_HV_OPERATION_DENIED                                                 syscall.Errno = 0xC0350008
+	ERROR_HV_UNKNOWN_PROPERTY                                                 syscall.Errno = 0xC0350009
+	ERROR_HV_PROPERTY_VALUE_OUT_OF_RANGE                                      syscall.Errno = 0xC035000A
+	ERROR_HV_INSUFFICIENT_MEMORY                                              syscall.Errno = 0xC035000B
+	ERROR_HV_PARTITION_TOO_DEEP                                               syscall.Errno = 0xC035000C
+	ERROR_HV_INVALID_PARTITION_ID                                             syscall.Errno = 0xC035000D
+	ERROR_HV_INVALID_VP_INDEX                                                 syscall.Errno = 0xC035000E
+	ERROR_HV_INVALID_PORT_ID                                                  syscall.Errno = 0xC0350011
+	ERROR_HV_INVALID_CONNECTION_ID                                            syscall.Errno = 0xC0350012
+	ERROR_HV_INSUFFICIENT_BUFFERS                                             syscall.Errno = 0xC0350013
+	ERROR_HV_NOT_ACKNOWLEDGED                                                 syscall.Errno = 0xC0350014
+	ERROR_HV_INVALID_VP_STATE                                                 syscall.Errno = 0xC0350015
+	ERROR_HV_ACKNOWLEDGED                                                     syscall.Errno = 0xC0350016
+	ERROR_HV_INVALID_SAVE_RESTORE_STATE                                       syscall.Errno = 0xC0350017
+	ERROR_HV_INVALID_SYNIC_STATE                                              syscall.Errno = 0xC0350018
+	ERROR_HV_OBJECT_IN_USE                                                    syscall.Errno = 0xC0350019
+	ERROR_HV_INVALID_PROXIMITY_DOMAIN_INFO                                    syscall.Errno = 0xC035001A
+	ERROR_HV_NO_DATA                                                          syscall.Errno = 0xC035001B
+	ERROR_HV_INACTIVE                                                         syscall.Errno = 0xC035001C
+	ERROR_HV_NO_RESOURCES                                                     syscall.Errno = 0xC035001D
+	ERROR_HV_FEATURE_UNAVAILABLE                                              syscall.Errno = 0xC035001E
+	ERROR_HV_INSUFFICIENT_BUFFER                                              syscall.Errno = 0xC0350033
+	ERROR_HV_INSUFFICIENT_DEVICE_DOMAINS                                      syscall.Errno = 0xC0350038
+	ERROR_HV_CPUID_FEATURE_VALIDATION                                         syscall.Errno = 0xC035003C
+	ERROR_HV_CPUID_XSAVE_FEATURE_VALIDATION                                   syscall.Errno = 0xC035003D
+	ERROR_HV_PROCESSOR_STARTUP_TIMEOUT                                        syscall.Errno = 0xC035003E
+	ERROR_HV_SMX_ENABLED                                                      syscall.Errno = 0xC035003F
+	ERROR_HV_INVALID_LP_INDEX                                                 syscall.Errno = 0xC0350041
+	ERROR_HV_INVALID_REGISTER_VALUE                                           syscall.Errno = 0xC0350050
+	ERROR_HV_INVALID_VTL_STATE                                                syscall.Errno = 0xC0350051
+	ERROR_HV_NX_NOT_DETECTED                                                  syscall.Errno = 0xC0350055
+	ERROR_HV_INVALID_DEVICE_ID                                                syscall.Errno = 0xC0350057
+	ERROR_HV_INVALID_DEVICE_STATE                                             syscall.Errno = 0xC0350058
+	ERROR_HV_PENDING_PAGE_REQUESTS                                            syscall.Errno = 0x00350059
+	ERROR_HV_PAGE_REQUEST_INVALID                                             syscall.Errno = 0xC0350060
+	ERROR_HV_INVALID_CPU_GROUP_ID                                             syscall.Errno = 0xC035006F
+	ERROR_HV_INVALID_CPU_GROUP_STATE                                          syscall.Errno = 0xC0350070
+	ERROR_HV_OPERATION_FAILED                                                 syscall.Errno = 0xC0350071
+	ERROR_HV_NOT_ALLOWED_WITH_NESTED_VIRT_ACTIVE                              syscall.Errno = 0xC0350072
+	ERROR_HV_INSUFFICIENT_ROOT_MEMORY                                         syscall.Errno = 0xC0350073
+	ERROR_HV_NOT_PRESENT                                                      syscall.Errno = 0xC0351000
+	ERROR_VID_DUPLICATE_HANDLER                                               syscall.Errno = 0xC0370001
+	ERROR_VID_TOO_MANY_HANDLERS                                               syscall.Errno = 0xC0370002
+	ERROR_VID_QUEUE_FULL                                                      syscall.Errno = 0xC0370003
+	ERROR_VID_HANDLER_NOT_PRESENT                                             syscall.Errno = 0xC0370004
+	ERROR_VID_INVALID_OBJECT_NAME                                             syscall.Errno = 0xC0370005
+	ERROR_VID_PARTITION_NAME_TOO_LONG                                         syscall.Errno = 0xC0370006
+	ERROR_VID_MESSAGE_QUEUE_NAME_TOO_LONG                                     syscall.Errno = 0xC0370007
+	ERROR_VID_PARTITION_ALREADY_EXISTS                                        syscall.Errno = 0xC0370008
+	ERROR_VID_PARTITION_DOES_NOT_EXIST                                        syscall.Errno = 0xC0370009
+	ERROR_VID_PARTITION_NAME_NOT_FOUND                                        syscall.Errno = 0xC037000A
+	ERROR_VID_MESSAGE_QUEUE_ALREADY_EXISTS                                    syscall.Errno = 0xC037000B
+	ERROR_VID_EXCEEDED_MBP_ENTRY_MAP_LIMIT                                    syscall.Errno = 0xC037000C
+	ERROR_VID_MB_STILL_REFERENCED                                             syscall.Errno = 0xC037000D
+	ERROR_VID_CHILD_GPA_PAGE_SET_CORRUPTED                                    syscall.Errno = 0xC037000E
+	ERROR_VID_INVALID_NUMA_SETTINGS                                           syscall.Errno = 0xC037000F
+	ERROR_VID_INVALID_NUMA_NODE_INDEX                                         syscall.Errno = 0xC0370010
+	ERROR_VID_NOTIFICATION_QUEUE_ALREADY_ASSOCIATED                           syscall.Errno = 0xC0370011
+	ERROR_VID_INVALID_MEMORY_BLOCK_HANDLE                                     syscall.Errno = 0xC0370012
+	ERROR_VID_PAGE_RANGE_OVERFLOW                                             syscall.Errno = 0xC0370013
+	ERROR_VID_INVALID_MESSAGE_QUEUE_HANDLE                                    syscall.Errno = 0xC0370014
+	ERROR_VID_INVALID_GPA_RANGE_HANDLE                                        syscall.Errno = 0xC0370015
+	ERROR_VID_NO_MEMORY_BLOCK_NOTIFICATION_QUEUE                              syscall.Errno = 0xC0370016
+	ERROR_VID_MEMORY_BLOCK_LOCK_COUNT_EXCEEDED                                syscall.Errno = 0xC0370017
+	ERROR_VID_INVALID_PPM_HANDLE                                              syscall.Errno = 0xC0370018
+	ERROR_VID_MBPS_ARE_LOCKED                                                 syscall.Errno = 0xC0370019
+	ERROR_VID_MESSAGE_QUEUE_CLOSED                                            syscall.Errno = 0xC037001A
+	ERROR_VID_VIRTUAL_PROCESSOR_LIMIT_EXCEEDED                                syscall.Errno = 0xC037001B
+	ERROR_VID_STOP_PENDING                                                    syscall.Errno = 0xC037001C
+	ERROR_VID_INVALID_PROCESSOR_STATE                                         syscall.Errno = 0xC037001D
+	ERROR_VID_EXCEEDED_KM_CONTEXT_COUNT_LIMIT                                 syscall.Errno = 0xC037001E
+	ERROR_VID_KM_INTERFACE_ALREADY_INITIALIZED                                syscall.Errno = 0xC037001F
+	ERROR_VID_MB_PROPERTY_ALREADY_SET_RESET                                   syscall.Errno = 0xC0370020
+	ERROR_VID_MMIO_RANGE_DESTROYED                                            syscall.Errno = 0xC0370021
+	ERROR_VID_INVALID_CHILD_GPA_PAGE_SET                                      syscall.Errno = 0xC0370022
+	ERROR_VID_RESERVE_PAGE_SET_IS_BEING_USED                                  syscall.Errno = 0xC0370023
+	ERROR_VID_RESERVE_PAGE_SET_TOO_SMALL                                      syscall.Errno = 0xC0370024
+	ERROR_VID_MBP_ALREADY_LOCKED_USING_RESERVED_PAGE                          syscall.Errno = 0xC0370025
+	ERROR_VID_MBP_COUNT_EXCEEDED_LIMIT                                        syscall.Errno = 0xC0370026
+	ERROR_VID_SAVED_STATE_CORRUPT                                             syscall.Errno = 0xC0370027
+	ERROR_VID_SAVED_STATE_UNRECOGNIZED_ITEM                                   syscall.Errno = 0xC0370028
+	ERROR_VID_SAVED_STATE_INCOMPATIBLE                                        syscall.Errno = 0xC0370029
+	ERROR_VID_VTL_ACCESS_DENIED                                               syscall.Errno = 0xC037002A
+	ERROR_VMCOMPUTE_TERMINATED_DURING_START                                   syscall.Errno = 0xC0370100
+	ERROR_VMCOMPUTE_IMAGE_MISMATCH                                            syscall.Errno = 0xC0370101
+	ERROR_VMCOMPUTE_HYPERV_NOT_INSTALLED                                      syscall.Errno = 0xC0370102
+	ERROR_VMCOMPUTE_OPERATION_PENDING                                         syscall.Errno = 0xC0370103
+	ERROR_VMCOMPUTE_TOO_MANY_NOTIFICATIONS                                    syscall.Errno = 0xC0370104
+	ERROR_VMCOMPUTE_INVALID_STATE                                             syscall.Errno = 0xC0370105
+	ERROR_VMCOMPUTE_UNEXPECTED_EXIT                                           syscall.Errno = 0xC0370106
+	ERROR_VMCOMPUTE_TERMINATED                                                syscall.Errno = 0xC0370107
+	ERROR_VMCOMPUTE_CONNECT_FAILED                                            syscall.Errno = 0xC0370108
+	ERROR_VMCOMPUTE_TIMEOUT                                                   syscall.Errno = 0xC0370109
+	ERROR_VMCOMPUTE_CONNECTION_CLOSED                                         syscall.Errno = 0xC037010A
+	ERROR_VMCOMPUTE_UNKNOWN_MESSAGE                                           syscall.Errno = 0xC037010B
+	ERROR_VMCOMPUTE_UNSUPPORTED_PROTOCOL_VERSION                              syscall.Errno = 0xC037010C
+	ERROR_VMCOMPUTE_INVALID_JSON                                              syscall.Errno = 0xC037010D
+	ERROR_VMCOMPUTE_SYSTEM_NOT_FOUND                                          syscall.Errno = 0xC037010E
+	ERROR_VMCOMPUTE_SYSTEM_ALREADY_EXISTS                                     syscall.Errno = 0xC037010F
+	ERROR_VMCOMPUTE_SYSTEM_ALREADY_STOPPED                                    syscall.Errno = 0xC0370110
+	ERROR_VMCOMPUTE_PROTOCOL_ERROR                                            syscall.Errno = 0xC0370111
+	ERROR_VMCOMPUTE_INVALID_LAYER                                             syscall.Errno = 0xC0370112
+	ERROR_VMCOMPUTE_WINDOWS_INSIDER_REQUIRED                                  syscall.Errno = 0xC0370113
+	HCS_E_TERMINATED_DURING_START                                             Handle        = 0x80370100
+	HCS_E_IMAGE_MISMATCH                                                      Handle        = 0x80370101
+	HCS_E_HYPERV_NOT_INSTALLED                                                Handle        = 0x80370102
+	HCS_E_INVALID_STATE                                                       Handle        = 0x80370105
+	HCS_E_UNEXPECTED_EXIT                                                     Handle        = 0x80370106
+	HCS_E_TERMINATED                                                          Handle        = 0x80370107
+	HCS_E_CONNECT_FAILED                                                      Handle        = 0x80370108
+	HCS_E_CONNECTION_TIMEOUT                                                  Handle        = 0x80370109
+	HCS_E_CONNECTION_CLOSED                                                   Handle        = 0x8037010A
+	HCS_E_UNKNOWN_MESSAGE                                                     Handle        = 0x8037010B
+	HCS_E_UNSUPPORTED_PROTOCOL_VERSION                                        Handle        = 0x8037010C
+	HCS_E_INVALID_JSON                                                        Handle        = 0x8037010D
+	HCS_E_SYSTEM_NOT_FOUND                                                    Handle        = 0x8037010E
+	HCS_E_SYSTEM_ALREADY_EXISTS                                               Handle        = 0x8037010F
+	HCS_E_SYSTEM_ALREADY_STOPPED                                              Handle        = 0x80370110
+	HCS_E_PROTOCOL_ERROR                                                      Handle        = 0x80370111
+	HCS_E_INVALID_LAYER                                                       Handle        = 0x80370112
+	HCS_E_WINDOWS_INSIDER_REQUIRED                                            Handle        = 0x80370113
+	HCS_E_SERVICE_NOT_AVAILABLE                                               Handle        = 0x80370114
+	HCS_E_OPERATION_NOT_STARTED                                               Handle        = 0x80370115
+	HCS_E_OPERATION_ALREADY_STARTED                                           Handle        = 0x80370116
+	HCS_E_OPERATION_PENDING                                                   Handle        = 0x80370117
+	HCS_E_OPERATION_TIMEOUT                                                   Handle        = 0x80370118
+	HCS_E_OPERATION_SYSTEM_CALLBACK_ALREADY_SET                               Handle        = 0x80370119
+	HCS_E_OPERATION_RESULT_ALLOCATION_FAILED                                  Handle        = 0x8037011A
+	HCS_E_ACCESS_DENIED                                                       Handle        = 0x8037011B
+	HCS_E_GUEST_CRITICAL_ERROR                                                Handle        = 0x8037011C
+	ERROR_VNET_VIRTUAL_SWITCH_NAME_NOT_FOUND                                  syscall.Errno = 0xC0370200
+	ERROR_VID_REMOTE_NODE_PARENT_GPA_PAGES_USED                               syscall.Errno = 0x80370001
+	WHV_E_UNKNOWN_CAPABILITY                                                  Handle        = 0x80370300
+	WHV_E_INSUFFICIENT_BUFFER                                                 Handle        = 0x80370301
+	WHV_E_UNKNOWN_PROPERTY                                                    Handle        = 0x80370302
+	WHV_E_UNSUPPORTED_HYPERVISOR_CONFIG                                       Handle        = 0x80370303
+	WHV_E_INVALID_PARTITION_CONFIG                                            Handle        = 0x80370304
+	WHV_E_GPA_RANGE_NOT_FOUND                                                 Handle        = 0x80370305
+	WHV_E_VP_ALREADY_EXISTS                                                   Handle        = 0x80370306
+	WHV_E_VP_DOES_NOT_EXIST                                                   Handle        = 0x80370307
+	WHV_E_INVALID_VP_STATE                                                    Handle        = 0x80370308
+	WHV_E_INVALID_VP_REGISTER_NAME                                            Handle        = 0x80370309
+	ERROR_VSMB_SAVED_STATE_FILE_NOT_FOUND                                     syscall.Errno = 0xC0370400
+	ERROR_VSMB_SAVED_STATE_CORRUPT                                            syscall.Errno = 0xC0370401
+	ERROR_VOLMGR_INCOMPLETE_REGENERATION                                      syscall.Errno = 0x80380001
+	ERROR_VOLMGR_INCOMPLETE_DISK_MIGRATION                                    syscall.Errno = 0x80380002
+	ERROR_VOLMGR_DATABASE_FULL                                                syscall.Errno = 0xC0380001
+	ERROR_VOLMGR_DISK_CONFIGURATION_CORRUPTED                                 syscall.Errno = 0xC0380002
+	ERROR_VOLMGR_DISK_CONFIGURATION_NOT_IN_SYNC                               syscall.Errno = 0xC0380003
+	ERROR_VOLMGR_PACK_CONFIG_UPDATE_FAILED                                    syscall.Errno = 0xC0380004
+	ERROR_VOLMGR_DISK_CONTAINS_NON_SIMPLE_VOLUME                              syscall.Errno = 0xC0380005
+	ERROR_VOLMGR_DISK_DUPLICATE                                               syscall.Errno = 0xC0380006
+	ERROR_VOLMGR_DISK_DYNAMIC                                                 syscall.Errno = 0xC0380007
+	ERROR_VOLMGR_DISK_ID_INVALID                                              syscall.Errno = 0xC0380008
+	ERROR_VOLMGR_DISK_INVALID                                                 syscall.Errno = 0xC0380009
+	ERROR_VOLMGR_DISK_LAST_VOTER                                              syscall.Errno = 0xC038000A
+	ERROR_VOLMGR_DISK_LAYOUT_INVALID                                          syscall.Errno = 0xC038000B
+	ERROR_VOLMGR_DISK_LAYOUT_NON_BASIC_BETWEEN_BASIC_PARTITIONS               syscall.Errno = 0xC038000C
+	ERROR_VOLMGR_DISK_LAYOUT_NOT_CYLINDER_ALIGNED                             syscall.Errno = 0xC038000D
+	ERROR_VOLMGR_DISK_LAYOUT_PARTITIONS_TOO_SMALL                             syscall.Errno = 0xC038000E
+	ERROR_VOLMGR_DISK_LAYOUT_PRIMARY_BETWEEN_LOGICAL_PARTITIONS               syscall.Errno = 0xC038000F
+	ERROR_VOLMGR_DISK_LAYOUT_TOO_MANY_PARTITIONS                              syscall.Errno = 0xC0380010
+	ERROR_VOLMGR_DISK_MISSING                                                 syscall.Errno = 0xC0380011
+	ERROR_VOLMGR_DISK_NOT_EMPTY                                               syscall.Errno = 0xC0380012
+	ERROR_VOLMGR_DISK_NOT_ENOUGH_SPACE                                        syscall.Errno = 0xC0380013
+	ERROR_VOLMGR_DISK_REVECTORING_FAILED                                      syscall.Errno = 0xC0380014
+	ERROR_VOLMGR_DISK_SECTOR_SIZE_INVALID                                     syscall.Errno = 0xC0380015
+	ERROR_VOLMGR_DISK_SET_NOT_CONTAINED                                       syscall.Errno = 0xC0380016
+	ERROR_VOLMGR_DISK_USED_BY_MULTIPLE_MEMBERS                                syscall.Errno = 0xC0380017
+	ERROR_VOLMGR_DISK_USED_BY_MULTIPLE_PLEXES                                 syscall.Errno = 0xC0380018
+	ERROR_VOLMGR_DYNAMIC_DISK_NOT_SUPPORTED                                   syscall.Errno = 0xC0380019
+	ERROR_VOLMGR_EXTENT_ALREADY_USED                                          syscall.Errno = 0xC038001A
+	ERROR_VOLMGR_EXTENT_NOT_CONTIGUOUS                                        syscall.Errno = 0xC038001B
+	ERROR_VOLMGR_EXTENT_NOT_IN_PUBLIC_REGION                                  syscall.Errno = 0xC038001C
+	ERROR_VOLMGR_EXTENT_NOT_SECTOR_ALIGNED                                    syscall.Errno = 0xC038001D
+	ERROR_VOLMGR_EXTENT_OVERLAPS_EBR_PARTITION                                syscall.Errno = 0xC038001E
+	ERROR_VOLMGR_EXTENT_VOLUME_LENGTHS_DO_NOT_MATCH                           syscall.Errno = 0xC038001F
+	ERROR_VOLMGR_FAULT_TOLERANT_NOT_SUPPORTED                                 syscall.Errno = 0xC0380020
+	ERROR_VOLMGR_INTERLEAVE_LENGTH_INVALID                                    syscall.Errno = 0xC0380021
+	ERROR_VOLMGR_MAXIMUM_REGISTERED_USERS                                     syscall.Errno = 0xC0380022
+	ERROR_VOLMGR_MEMBER_IN_SYNC                                               syscall.Errno = 0xC0380023
+	ERROR_VOLMGR_MEMBER_INDEX_DUPLICATE                                       syscall.Errno = 0xC0380024
+	ERROR_VOLMGR_MEMBER_INDEX_INVALID                                         syscall.Errno = 0xC0380025
+	ERROR_VOLMGR_MEMBER_MISSING                                               syscall.Errno = 0xC0380026
+	ERROR_VOLMGR_MEMBER_NOT_DETACHED                                          syscall.Errno = 0xC0380027
+	ERROR_VOLMGR_MEMBER_REGENERATING                                          syscall.Errno = 0xC0380028
+	ERROR_VOLMGR_ALL_DISKS_FAILED                                             syscall.Errno = 0xC0380029
+	ERROR_VOLMGR_NO_REGISTERED_USERS                                          syscall.Errno = 0xC038002A
+	ERROR_VOLMGR_NO_SUCH_USER                                                 syscall.Errno = 0xC038002B
+	ERROR_VOLMGR_NOTIFICATION_RESET                                           syscall.Errno = 0xC038002C
+	ERROR_VOLMGR_NUMBER_OF_MEMBERS_INVALID                                    syscall.Errno = 0xC038002D
+	ERROR_VOLMGR_NUMBER_OF_PLEXES_INVALID                                     syscall.Errno = 0xC038002E
+	ERROR_VOLMGR_PACK_DUPLICATE                                               syscall.Errno = 0xC038002F
+	ERROR_VOLMGR_PACK_ID_INVALID                                              syscall.Errno = 0xC0380030
+	ERROR_VOLMGR_PACK_INVALID                                                 syscall.Errno = 0xC0380031
+	ERROR_VOLMGR_PACK_NAME_INVALID                                            syscall.Errno = 0xC0380032
+	ERROR_VOLMGR_PACK_OFFLINE                                                 syscall.Errno = 0xC0380033
+	ERROR_VOLMGR_PACK_HAS_QUORUM                                              syscall.Errno = 0xC0380034
+	ERROR_VOLMGR_PACK_WITHOUT_QUORUM                                          syscall.Errno = 0xC0380035
+	ERROR_VOLMGR_PARTITION_STYLE_INVALID                                      syscall.Errno = 0xC0380036
+	ERROR_VOLMGR_PARTITION_UPDATE_FAILED                                      syscall.Errno = 0xC0380037
+	ERROR_VOLMGR_PLEX_IN_SYNC                                                 syscall.Errno = 0xC0380038
+	ERROR_VOLMGR_PLEX_INDEX_DUPLICATE                                         syscall.Errno = 0xC0380039
+	ERROR_VOLMGR_PLEX_INDEX_INVALID                                           syscall.Errno = 0xC038003A
+	ERROR_VOLMGR_PLEX_LAST_ACTIVE                                             syscall.Errno = 0xC038003B
+	ERROR_VOLMGR_PLEX_MISSING                                                 syscall.Errno = 0xC038003C
+	ERROR_VOLMGR_PLEX_REGENERATING                                            syscall.Errno = 0xC038003D
+	ERROR_VOLMGR_PLEX_TYPE_INVALID                                            syscall.Errno = 0xC038003E
+	ERROR_VOLMGR_PLEX_NOT_RAID5                                               syscall.Errno = 0xC038003F
+	ERROR_VOLMGR_PLEX_NOT_SIMPLE                                              syscall.Errno = 0xC0380040
+	ERROR_VOLMGR_STRUCTURE_SIZE_INVALID                                       syscall.Errno = 0xC0380041
+	ERROR_VOLMGR_TOO_MANY_NOTIFICATION_REQUESTS                               syscall.Errno = 0xC0380042
+	ERROR_VOLMGR_TRANSACTION_IN_PROGRESS                                      syscall.Errno = 0xC0380043
+	ERROR_VOLMGR_UNEXPECTED_DISK_LAYOUT_CHANGE                                syscall.Errno = 0xC0380044
+	ERROR_VOLMGR_VOLUME_CONTAINS_MISSING_DISK                                 syscall.Errno = 0xC0380045
+	ERROR_VOLMGR_VOLUME_ID_INVALID                                            syscall.Errno = 0xC0380046
+	ERROR_VOLMGR_VOLUME_LENGTH_INVALID                                        syscall.Errno = 0xC0380047
+	ERROR_VOLMGR_VOLUME_LENGTH_NOT_SECTOR_SIZE_MULTIPLE                       syscall.Errno = 0xC0380048
+	ERROR_VOLMGR_VOLUME_NOT_MIRRORED                                          syscall.Errno = 0xC0380049
+	ERROR_VOLMGR_VOLUME_NOT_RETAINED                                          syscall.Errno = 0xC038004A
+	ERROR_VOLMGR_VOLUME_OFFLINE                                               syscall.Errno = 0xC038004B
+	ERROR_VOLMGR_VOLUME_RETAINED                                              syscall.Errno = 0xC038004C
+	ERROR_VOLMGR_NUMBER_OF_EXTENTS_INVALID                                    syscall.Errno = 0xC038004D
+	ERROR_VOLMGR_DIFFERENT_SECTOR_SIZE                                        syscall.Errno = 0xC038004E
+	ERROR_VOLMGR_BAD_BOOT_DISK                                                syscall.Errno = 0xC038004F
+	ERROR_VOLMGR_PACK_CONFIG_OFFLINE                                          syscall.Errno = 0xC0380050
+	ERROR_VOLMGR_PACK_CONFIG_ONLINE                                           syscall.Errno = 0xC0380051
+	ERROR_VOLMGR_NOT_PRIMARY_PACK                                             syscall.Errno = 0xC0380052
+	ERROR_VOLMGR_PACK_LOG_UPDATE_FAILED                                       syscall.Errno = 0xC0380053
+	ERROR_VOLMGR_NUMBER_OF_DISKS_IN_PLEX_INVALID                              syscall.Errno = 0xC0380054
+	ERROR_VOLMGR_NUMBER_OF_DISKS_IN_MEMBER_INVALID                            syscall.Errno = 0xC0380055
+	ERROR_VOLMGR_VOLUME_MIRRORED                                              syscall.Errno = 0xC0380056
+	ERROR_VOLMGR_PLEX_NOT_SIMPLE_SPANNED                                      syscall.Errno = 0xC0380057
+	ERROR_VOLMGR_NO_VALID_LOG_COPIES                                          syscall.Errno = 0xC0380058
+	ERROR_VOLMGR_PRIMARY_PACK_PRESENT                                         syscall.Errno = 0xC0380059
+	ERROR_VOLMGR_NUMBER_OF_DISKS_INVALID                                      syscall.Errno = 0xC038005A
+	ERROR_VOLMGR_MIRROR_NOT_SUPPORTED                                         syscall.Errno = 0xC038005B
+	ERROR_VOLMGR_RAID5_NOT_SUPPORTED                                          syscall.Errno = 0xC038005C
+	ERROR_BCD_NOT_ALL_ENTRIES_IMPORTED                                        syscall.Errno = 0x80390001
+	ERROR_BCD_TOO_MANY_ELEMENTS                                               syscall.Errno = 0xC0390002
+	ERROR_BCD_NOT_ALL_ENTRIES_SYNCHRONIZED                                    syscall.Errno = 0x80390003
+	ERROR_VHD_DRIVE_FOOTER_MISSING                                            syscall.Errno = 0xC03A0001
+	ERROR_VHD_DRIVE_FOOTER_CHECKSUM_MISMATCH                                  syscall.Errno = 0xC03A0002
+	ERROR_VHD_DRIVE_FOOTER_CORRUPT                                            syscall.Errno = 0xC03A0003
+	ERROR_VHD_FORMAT_UNKNOWN                                                  syscall.Errno = 0xC03A0004
+	ERROR_VHD_FORMAT_UNSUPPORTED_VERSION                                      syscall.Errno = 0xC03A0005
+	ERROR_VHD_SPARSE_HEADER_CHECKSUM_MISMATCH                                 syscall.Errno = 0xC03A0006
+	ERROR_VHD_SPARSE_HEADER_UNSUPPORTED_VERSION                               syscall.Errno = 0xC03A0007
+	ERROR_VHD_SPARSE_HEADER_CORRUPT                                           syscall.Errno = 0xC03A0008
+	ERROR_VHD_BLOCK_ALLOCATION_FAILURE                                        syscall.Errno = 0xC03A0009
+	ERROR_VHD_BLOCK_ALLOCATION_TABLE_CORRUPT                                  syscall.Errno = 0xC03A000A
+	ERROR_VHD_INVALID_BLOCK_SIZE                                              syscall.Errno = 0xC03A000B
+	ERROR_VHD_BITMAP_MISMATCH                                                 syscall.Errno = 0xC03A000C
+	ERROR_VHD_PARENT_VHD_NOT_FOUND                                            syscall.Errno = 0xC03A000D
+	ERROR_VHD_CHILD_PARENT_ID_MISMATCH                                        syscall.Errno = 0xC03A000E
+	ERROR_VHD_CHILD_PARENT_TIMESTAMP_MISMATCH                                 syscall.Errno = 0xC03A000F
+	ERROR_VHD_METADATA_READ_FAILURE                                           syscall.Errno = 0xC03A0010
+	ERROR_VHD_METADATA_WRITE_FAILURE                                          syscall.Errno = 0xC03A0011
+	ERROR_VHD_INVALID_SIZE                                                    syscall.Errno = 0xC03A0012
+	ERROR_VHD_INVALID_FILE_SIZE                                               syscall.Errno = 0xC03A0013
+	ERROR_VIRTDISK_PROVIDER_NOT_FOUND                                         syscall.Errno = 0xC03A0014
+	ERROR_VIRTDISK_NOT_VIRTUAL_DISK                                           syscall.Errno = 0xC03A0015
+	ERROR_VHD_PARENT_VHD_ACCESS_DENIED                                        syscall.Errno = 0xC03A0016
+	ERROR_VHD_CHILD_PARENT_SIZE_MISMATCH                                      syscall.Errno = 0xC03A0017
+	ERROR_VHD_DIFFERENCING_CHAIN_CYCLE_DETECTED                               syscall.Errno = 0xC03A0018
+	ERROR_VHD_DIFFERENCING_CHAIN_ERROR_IN_PARENT                              syscall.Errno = 0xC03A0019
+	ERROR_VIRTUAL_DISK_LIMITATION                                             syscall.Errno = 0xC03A001A
+	ERROR_VHD_INVALID_TYPE                                                    syscall.Errno = 0xC03A001B
+	ERROR_VHD_INVALID_STATE                                                   syscall.Errno = 0xC03A001C
+	ERROR_VIRTDISK_UNSUPPORTED_DISK_SECTOR_SIZE                               syscall.Errno = 0xC03A001D
+	ERROR_VIRTDISK_DISK_ALREADY_OWNED                                         syscall.Errno = 0xC03A001E
+	ERROR_VIRTDISK_DISK_ONLINE_AND_WRITABLE                                   syscall.Errno = 0xC03A001F
+	ERROR_CTLOG_TRACKING_NOT_INITIALIZED                                      syscall.Errno = 0xC03A0020
+	ERROR_CTLOG_LOGFILE_SIZE_EXCEEDED_MAXSIZE                                 syscall.Errno = 0xC03A0021
+	ERROR_CTLOG_VHD_CHANGED_OFFLINE                                           syscall.Errno = 0xC03A0022
+	ERROR_CTLOG_INVALID_TRACKING_STATE                                        syscall.Errno = 0xC03A0023
+	ERROR_CTLOG_INCONSISTENT_TRACKING_FILE                                    syscall.Errno = 0xC03A0024
+	ERROR_VHD_RESIZE_WOULD_TRUNCATE_DATA                                      syscall.Errno = 0xC03A0025
+	ERROR_VHD_COULD_NOT_COMPUTE_MINIMUM_VIRTUAL_SIZE                          syscall.Errno = 0xC03A0026
+	ERROR_VHD_ALREADY_AT_OR_BELOW_MINIMUM_VIRTUAL_SIZE                        syscall.Errno = 0xC03A0027
+	ERROR_VHD_METADATA_FULL                                                   syscall.Errno = 0xC03A0028
+	ERROR_VHD_INVALID_CHANGE_TRACKING_ID                                      syscall.Errno = 0xC03A0029
+	ERROR_VHD_CHANGE_TRACKING_DISABLED                                        syscall.Errno = 0xC03A002A
+	ERROR_VHD_MISSING_CHANGE_TRACKING_INFORMATION                             syscall.Errno = 0xC03A0030
+	ERROR_QUERY_STORAGE_ERROR                                                 syscall.Errno = 0x803A0001
+	HCN_E_NETWORK_NOT_FOUND                                                   Handle        = 0x803B0001
+	HCN_E_ENDPOINT_NOT_FOUND                                                  Handle        = 0x803B0002
+	HCN_E_LAYER_NOT_FOUND                                                     Handle        = 0x803B0003
+	HCN_E_SWITCH_NOT_FOUND                                                    Handle        = 0x803B0004
+	HCN_E_SUBNET_NOT_FOUND                                                    Handle        = 0x803B0005
+	HCN_E_ADAPTER_NOT_FOUND                                                   Handle        = 0x803B0006
+	HCN_E_PORT_NOT_FOUND                                                      Handle        = 0x803B0007
+	HCN_E_POLICY_NOT_FOUND                                                    Handle        = 0x803B0008
+	HCN_E_VFP_PORTSETTING_NOT_FOUND                                           Handle        = 0x803B0009
+	HCN_E_INVALID_NETWORK                                                     Handle        = 0x803B000A
+	HCN_E_INVALID_NETWORK_TYPE                                                Handle        = 0x803B000B
+	HCN_E_INVALID_ENDPOINT                                                    Handle        = 0x803B000C
+	HCN_E_INVALID_POLICY                                                      Handle        = 0x803B000D
+	HCN_E_INVALID_POLICY_TYPE                                                 Handle        = 0x803B000E
+	HCN_E_INVALID_REMOTE_ENDPOINT_OPERATION                                   Handle        = 0x803B000F
+	HCN_E_NETWORK_ALREADY_EXISTS                                              Handle        = 0x803B0010
+	HCN_E_LAYER_ALREADY_EXISTS                                                Handle        = 0x803B0011
+	HCN_E_POLICY_ALREADY_EXISTS                                               Handle        = 0x803B0012
+	HCN_E_PORT_ALREADY_EXISTS                                                 Handle        = 0x803B0013
+	HCN_E_ENDPOINT_ALREADY_ATTACHED                                           Handle        = 0x803B0014
+	HCN_E_REQUEST_UNSUPPORTED                                                 Handle        = 0x803B0015
+	HCN_E_MAPPING_NOT_SUPPORTED                                               Handle        = 0x803B0016
+	HCN_E_DEGRADED_OPERATION                                                  Handle        = 0x803B0017
+	HCN_E_SHARED_SWITCH_MODIFICATION                                          Handle        = 0x803B0018
+	HCN_E_GUID_CONVERSION_FAILURE                                             Handle        = 0x803B0019
+	HCN_E_REGKEY_FAILURE                                                      Handle        = 0x803B001A
+	HCN_E_INVALID_JSON                                                        Handle        = 0x803B001B
+	HCN_E_INVALID_JSON_REFERENCE                                              Handle        = 0x803B001C
+	HCN_E_ENDPOINT_SHARING_DISABLED                                           Handle        = 0x803B001D
+	HCN_E_INVALID_IP                                                          Handle        = 0x803B001E
+	HCN_E_SWITCH_EXTENSION_NOT_FOUND                                          Handle        = 0x803B001F
+	HCN_E_MANAGER_STOPPED                                                     Handle        = 0x803B0020
+	GCN_E_MODULE_NOT_FOUND                                                    Handle        = 0x803B0021
+	GCN_E_NO_REQUEST_HANDLERS                                                 Handle        = 0x803B0022
+	GCN_E_REQUEST_UNSUPPORTED                                                 Handle        = 0x803B0023
+	GCN_E_RUNTIMEKEYS_FAILED                                                  Handle        = 0x803B0024
+	GCN_E_NETADAPTER_TIMEOUT                                                  Handle        = 0x803B0025
+	GCN_E_NETADAPTER_NOT_FOUND                                                Handle        = 0x803B0026
+	GCN_E_NETCOMPARTMENT_NOT_FOUND                                            Handle        = 0x803B0027
+	GCN_E_NETINTERFACE_NOT_FOUND                                              Handle        = 0x803B0028
+	GCN_E_DEFAULTNAMESPACE_EXISTS                                             Handle        = 0x803B0029
+	SDIAG_E_CANCELLED                                                         syscall.Errno = 0x803C0100
+	SDIAG_E_SCRIPT                                                            syscall.Errno = 0x803C0101
+	SDIAG_E_POWERSHELL                                                        syscall.Errno = 0x803C0102
+	SDIAG_E_MANAGEDHOST                                                       syscall.Errno = 0x803C0103
+	SDIAG_E_NOVERIFIER                                                        syscall.Errno = 0x803C0104
+	SDIAG_S_CANNOTRUN                                                         syscall.Errno = 0x003C0105
+	SDIAG_E_DISABLED                                                          syscall.Errno = 0x803C0106
+	SDIAG_E_TRUST                                                             syscall.Errno = 0x803C0107
+	SDIAG_E_CANNOTRUN                                                         syscall.Errno = 0x803C0108
+	SDIAG_E_VERSION                                                           syscall.Errno = 0x803C0109
+	SDIAG_E_RESOURCE                                                          syscall.Errno = 0x803C010A
+	SDIAG_E_ROOTCAUSE                                                         syscall.Errno = 0x803C010B
+	WPN_E_CHANNEL_CLOSED                                                      Handle        = 0x803E0100
+	WPN_E_CHANNEL_REQUEST_NOT_COMPLETE                                        Handle        = 0x803E0101
+	WPN_E_INVALID_APP                                                         Handle        = 0x803E0102
+	WPN_E_OUTSTANDING_CHANNEL_REQUEST                                         Handle        = 0x803E0103
+	WPN_E_DUPLICATE_CHANNEL                                                   Handle        = 0x803E0104
+	WPN_E_PLATFORM_UNAVAILABLE                                                Handle        = 0x803E0105
+	WPN_E_NOTIFICATION_POSTED                                                 Handle        = 0x803E0106
+	WPN_E_NOTIFICATION_HIDDEN                                                 Handle        = 0x803E0107
+	WPN_E_NOTIFICATION_NOT_POSTED                                             Handle        = 0x803E0108
+	WPN_E_CLOUD_DISABLED                                                      Handle        = 0x803E0109
+	WPN_E_CLOUD_INCAPABLE                                                     Handle        = 0x803E0110
+	WPN_E_CLOUD_AUTH_UNAVAILABLE                                              Handle        = 0x803E011A
+	WPN_E_CLOUD_SERVICE_UNAVAILABLE                                           Handle        = 0x803E011B
+	WPN_E_FAILED_LOCK_SCREEN_UPDATE_INTIALIZATION                             Handle        = 0x803E011C
+	WPN_E_NOTIFICATION_DISABLED                                               Handle        = 0x803E0111
+	WPN_E_NOTIFICATION_INCAPABLE                                              Handle        = 0x803E0112
+	WPN_E_INTERNET_INCAPABLE                                                  Handle        = 0x803E0113
+	WPN_E_NOTIFICATION_TYPE_DISABLED                                          Handle        = 0x803E0114
+	WPN_E_NOTIFICATION_SIZE                                                   Handle        = 0x803E0115
+	WPN_E_TAG_SIZE                                                            Handle        = 0x803E0116
+	WPN_E_ACCESS_DENIED                                                       Handle        = 0x803E0117
+	WPN_E_DUPLICATE_REGISTRATION                                              Handle        = 0x803E0118
+	WPN_E_PUSH_NOTIFICATION_INCAPABLE                                         Handle        = 0x803E0119
+	WPN_E_DEV_ID_SIZE                                                         Handle        = 0x803E0120
+	WPN_E_TAG_ALPHANUMERIC                                                    Handle        = 0x803E012A
+	WPN_E_INVALID_HTTP_STATUS_CODE                                            Handle        = 0x803E012B
+	WPN_E_OUT_OF_SESSION                                                      Handle        = 0x803E0200
+	WPN_E_POWER_SAVE                                                          Handle        = 0x803E0201
+	WPN_E_IMAGE_NOT_FOUND_IN_CACHE                                            Handle        = 0x803E0202
+	WPN_E_ALL_URL_NOT_COMPLETED                                               Handle        = 0x803E0203
+	WPN_E_INVALID_CLOUD_IMAGE                                                 Handle        = 0x803E0204
+	WPN_E_NOTIFICATION_ID_MATCHED                                             Handle        = 0x803E0205
+	WPN_E_CALLBACK_ALREADY_REGISTERED                                         Handle        = 0x803E0206
+	WPN_E_TOAST_NOTIFICATION_DROPPED                                          Handle        = 0x803E0207
+	WPN_E_STORAGE_LOCKED                                                      Handle        = 0x803E0208
+	WPN_E_GROUP_SIZE                                                          Handle        = 0x803E0209
+	WPN_E_GROUP_ALPHANUMERIC                                                  Handle        = 0x803E020A
+	WPN_E_CLOUD_DISABLED_FOR_APP                                              Handle        = 0x803E020B
+	E_MBN_CONTEXT_NOT_ACTIVATED                                               Handle        = 0x80548201
+	E_MBN_BAD_SIM                                                             Handle        = 0x80548202
+	E_MBN_DATA_CLASS_NOT_AVAILABLE                                            Handle        = 0x80548203
+	E_MBN_INVALID_ACCESS_STRING                                               Handle        = 0x80548204
+	E_MBN_MAX_ACTIVATED_CONTEXTS                                              Handle        = 0x80548205
+	E_MBN_PACKET_SVC_DETACHED                                                 Handle        = 0x80548206
+	E_MBN_PROVIDER_NOT_VISIBLE                                                Handle        = 0x80548207
+	E_MBN_RADIO_POWER_OFF                                                     Handle        = 0x80548208
+	E_MBN_SERVICE_NOT_ACTIVATED                                               Handle        = 0x80548209
+	E_MBN_SIM_NOT_INSERTED                                                    Handle        = 0x8054820A
+	E_MBN_VOICE_CALL_IN_PROGRESS                                              Handle        = 0x8054820B
+	E_MBN_INVALID_CACHE                                                       Handle        = 0x8054820C
+	E_MBN_NOT_REGISTERED                                                      Handle        = 0x8054820D
+	E_MBN_PROVIDERS_NOT_FOUND                                                 Handle        = 0x8054820E
+	E_MBN_PIN_NOT_SUPPORTED                                                   Handle        = 0x8054820F
+	E_MBN_PIN_REQUIRED                                                        Handle        = 0x80548210
+	E_MBN_PIN_DISABLED                                                        Handle        = 0x80548211
+	E_MBN_FAILURE                                                             Handle        = 0x80548212
+	E_MBN_INVALID_PROFILE                                                     Handle        = 0x80548218
+	E_MBN_DEFAULT_PROFILE_EXIST                                               Handle        = 0x80548219
+	E_MBN_SMS_ENCODING_NOT_SUPPORTED                                          Handle        = 0x80548220
+	E_MBN_SMS_FILTER_NOT_SUPPORTED                                            Handle        = 0x80548221
+	E_MBN_SMS_INVALID_MEMORY_INDEX                                            Handle        = 0x80548222
+	E_MBN_SMS_LANG_NOT_SUPPORTED                                              Handle        = 0x80548223
+	E_MBN_SMS_MEMORY_FAILURE                                                  Handle        = 0x80548224
+	E_MBN_SMS_NETWORK_TIMEOUT                                                 Handle        = 0x80548225
+	E_MBN_SMS_UNKNOWN_SMSC_ADDRESS                                            Handle        = 0x80548226
+	E_MBN_SMS_FORMAT_NOT_SUPPORTED                                            Handle        = 0x80548227
+	E_MBN_SMS_OPERATION_NOT_ALLOWED                                           Handle        = 0x80548228
+	E_MBN_SMS_MEMORY_FULL                                                     Handle        = 0x80548229
+	PEER_E_IPV6_NOT_INSTALLED                                                 Handle        = 0x80630001
+	PEER_E_NOT_INITIALIZED                                                    Handle        = 0x80630002
+	PEER_E_CANNOT_START_SERVICE                                               Handle        = 0x80630003
+	PEER_E_NOT_LICENSED                                                       Handle        = 0x80630004
+	PEER_E_INVALID_GRAPH                                                      Handle        = 0x80630010
+	PEER_E_DBNAME_CHANGED                                                     Handle        = 0x80630011
+	PEER_E_DUPLICATE_GRAPH                                                    Handle        = 0x80630012
+	PEER_E_GRAPH_NOT_READY                                                    Handle        = 0x80630013
+	PEER_E_GRAPH_SHUTTING_DOWN                                                Handle        = 0x80630014
+	PEER_E_GRAPH_IN_USE                                                       Handle        = 0x80630015
+	PEER_E_INVALID_DATABASE                                                   Handle        = 0x80630016
+	PEER_E_TOO_MANY_ATTRIBUTES                                                Handle        = 0x80630017
+	PEER_E_CONNECTION_NOT_FOUND                                               Handle        = 0x80630103
+	PEER_E_CONNECT_SELF                                                       Handle        = 0x80630106
+	PEER_E_ALREADY_LISTENING                                                  Handle        = 0x80630107
+	PEER_E_NODE_NOT_FOUND                                                     Handle        = 0x80630108
+	PEER_E_CONNECTION_FAILED                                                  Handle        = 0x80630109
+	PEER_E_CONNECTION_NOT_AUTHENTICATED                                       Handle        = 0x8063010A
+	PEER_E_CONNECTION_REFUSED                                                 Handle        = 0x8063010B
+	PEER_E_CLASSIFIER_TOO_LONG                                                Handle        = 0x80630201
+	PEER_E_TOO_MANY_IDENTITIES                                                Handle        = 0x80630202
+	PEER_E_NO_KEY_ACCESS                                                      Handle        = 0x80630203
+	PEER_E_GROUPS_EXIST                                                       Handle        = 0x80630204
+	PEER_E_RECORD_NOT_FOUND                                                   Handle        = 0x80630301
+	PEER_E_DATABASE_ACCESSDENIED                                              Handle        = 0x80630302
+	PEER_E_DBINITIALIZATION_FAILED                                            Handle        = 0x80630303
+	PEER_E_MAX_RECORD_SIZE_EXCEEDED                                           Handle        = 0x80630304
+	PEER_E_DATABASE_ALREADY_PRESENT                                           Handle        = 0x80630305
+	PEER_E_DATABASE_NOT_PRESENT                                               Handle        = 0x80630306
+	PEER_E_IDENTITY_NOT_FOUND                                                 Handle        = 0x80630401
+	PEER_E_EVENT_HANDLE_NOT_FOUND                                             Handle        = 0x80630501
+	PEER_E_INVALID_SEARCH                                                     Handle        = 0x80630601
+	PEER_E_INVALID_ATTRIBUTES                                                 Handle        = 0x80630602
+	PEER_E_INVITATION_NOT_TRUSTED                                             Handle        = 0x80630701
+	PEER_E_CHAIN_TOO_LONG                                                     Handle        = 0x80630703
+	PEER_E_INVALID_TIME_PERIOD                                                Handle        = 0x80630705
+	PEER_E_CIRCULAR_CHAIN_DETECTED                                            Handle        = 0x80630706
+	PEER_E_CERT_STORE_CORRUPTED                                               Handle        = 0x80630801
+	PEER_E_NO_CLOUD                                                           Handle        = 0x80631001
+	PEER_E_CLOUD_NAME_AMBIGUOUS                                               Handle        = 0x80631005
+	PEER_E_INVALID_RECORD                                                     Handle        = 0x80632010
+	PEER_E_NOT_AUTHORIZED                                                     Handle        = 0x80632020
+	PEER_E_PASSWORD_DOES_NOT_MEET_POLICY                                      Handle        = 0x80632021
+	PEER_E_DEFERRED_VALIDATION                                                Handle        = 0x80632030
+	PEER_E_INVALID_GROUP_PROPERTIES                                           Handle        = 0x80632040
+	PEER_E_INVALID_PEER_NAME                                                  Handle        = 0x80632050
+	PEER_E_INVALID_CLASSIFIER                                                 Handle        = 0x80632060
+	PEER_E_INVALID_FRIENDLY_NAME                                              Handle        = 0x80632070
+	PEER_E_INVALID_ROLE_PROPERTY                                              Handle        = 0x80632071
+	PEER_E_INVALID_CLASSIFIER_PROPERTY                                        Handle        = 0x80632072
+	PEER_E_INVALID_RECORD_EXPIRATION                                          Handle        = 0x80632080
+	PEER_E_INVALID_CREDENTIAL_INFO                                            Handle        = 0x80632081
+	PEER_E_INVALID_CREDENTIAL                                                 Handle        = 0x80632082
+	PEER_E_INVALID_RECORD_SIZE                                                Handle        = 0x80632083
+	PEER_E_UNSUPPORTED_VERSION                                                Handle        = 0x80632090
+	PEER_E_GROUP_NOT_READY                                                    Handle        = 0x80632091
+	PEER_E_GROUP_IN_USE                                                       Handle        = 0x80632092
+	PEER_E_INVALID_GROUP                                                      Handle        = 0x80632093
+	PEER_E_NO_MEMBERS_FOUND                                                   Handle        = 0x80632094
+	PEER_E_NO_MEMBER_CONNECTIONS                                              Handle        = 0x80632095
+	PEER_E_UNABLE_TO_LISTEN                                                   Handle        = 0x80632096
+	PEER_E_IDENTITY_DELETED                                                   Handle        = 0x806320A0
+	PEER_E_SERVICE_NOT_AVAILABLE                                              Handle        = 0x806320A1
+	PEER_E_CONTACT_NOT_FOUND                                                  Handle        = 0x80636001
+	PEER_S_GRAPH_DATA_CREATED                                                 Handle        = 0x00630001
+	PEER_S_NO_EVENT_DATA                                                      Handle        = 0x00630002
+	PEER_S_ALREADY_CONNECTED                                                  Handle        = 0x00632000
+	PEER_S_SUBSCRIPTION_EXISTS                                                Handle        = 0x00636000
+	PEER_S_NO_CONNECTIVITY                                                    Handle        = 0x00630005
+	PEER_S_ALREADY_A_MEMBER                                                   Handle        = 0x00630006
+	PEER_E_CANNOT_CONVERT_PEER_NAME                                           Handle        = 0x80634001
+	PEER_E_INVALID_PEER_HOST_NAME                                             Handle        = 0x80634002
+	PEER_E_NO_MORE                                                            Handle        = 0x80634003
+	PEER_E_PNRP_DUPLICATE_PEER_NAME                                           Handle        = 0x80634005
+	PEER_E_INVITE_CANCELLED                                                   Handle        = 0x80637000
+	PEER_E_INVITE_RESPONSE_NOT_AVAILABLE                                      Handle        = 0x80637001
+	PEER_E_NOT_SIGNED_IN                                                      Handle        = 0x80637003
+	PEER_E_PRIVACY_DECLINED                                                   Handle        = 0x80637004
+	PEER_E_TIMEOUT                                                            Handle        = 0x80637005
+	PEER_E_INVALID_ADDRESS                                                    Handle        = 0x80637007
+	PEER_E_FW_EXCEPTION_DISABLED                                              Handle        = 0x80637008
+	PEER_E_FW_BLOCKED_BY_POLICY                                               Handle        = 0x80637009
+	PEER_E_FW_BLOCKED_BY_SHIELDS_UP                                           Handle        = 0x8063700A
+	PEER_E_FW_DECLINED                                                        Handle        = 0x8063700B
+	UI_E_CREATE_FAILED                                                        Handle        = 0x802A0001
+	UI_E_SHUTDOWN_CALLED                                                      Handle        = 0x802A0002
+	UI_E_ILLEGAL_REENTRANCY                                                   Handle        = 0x802A0003
+	UI_E_OBJECT_SEALED                                                        Handle        = 0x802A0004
+	UI_E_VALUE_NOT_SET                                                        Handle        = 0x802A0005
+	UI_E_VALUE_NOT_DETERMINED                                                 Handle        = 0x802A0006
+	UI_E_INVALID_OUTPUT                                                       Handle        = 0x802A0007
+	UI_E_BOOLEAN_EXPECTED                                                     Handle        = 0x802A0008
+	UI_E_DIFFERENT_OWNER                                                      Handle        = 0x802A0009
+	UI_E_AMBIGUOUS_MATCH                                                      Handle        = 0x802A000A
+	UI_E_FP_OVERFLOW                                                          Handle        = 0x802A000B
+	UI_E_WRONG_THREAD                                                         Handle        = 0x802A000C
+	UI_E_STORYBOARD_ACTIVE                                                    Handle        = 0x802A0101
+	UI_E_STORYBOARD_NOT_PLAYING                                               Handle        = 0x802A0102
+	UI_E_START_KEYFRAME_AFTER_END                                             Handle        = 0x802A0103
+	UI_E_END_KEYFRAME_NOT_DETERMINED                                          Handle        = 0x802A0104
+	UI_E_LOOPS_OVERLAP                                                        Handle        = 0x802A0105
+	UI_E_TRANSITION_ALREADY_USED                                              Handle        = 0x802A0106
+	UI_E_TRANSITION_NOT_IN_STORYBOARD                                         Handle        = 0x802A0107
+	UI_E_TRANSITION_ECLIPSED                                                  Handle        = 0x802A0108
+	UI_E_TIME_BEFORE_LAST_UPDATE                                              Handle        = 0x802A0109
+	UI_E_TIMER_CLIENT_ALREADY_CONNECTED                                       Handle        = 0x802A010A
+	UI_E_INVALID_DIMENSION                                                    Handle        = 0x802A010B
+	UI_E_PRIMITIVE_OUT_OF_BOUNDS                                              Handle        = 0x802A010C
+	UI_E_WINDOW_CLOSED                                                        Handle        = 0x802A0201
+	E_BLUETOOTH_ATT_INVALID_HANDLE                                            Handle        = 0x80650001
+	E_BLUETOOTH_ATT_READ_NOT_PERMITTED                                        Handle        = 0x80650002
+	E_BLUETOOTH_ATT_WRITE_NOT_PERMITTED                                       Handle        = 0x80650003
+	E_BLUETOOTH_ATT_INVALID_PDU                                               Handle        = 0x80650004
+	E_BLUETOOTH_ATT_INSUFFICIENT_AUTHENTICATION                               Handle        = 0x80650005
+	E_BLUETOOTH_ATT_REQUEST_NOT_SUPPORTED                                     Handle        = 0x80650006
+	E_BLUETOOTH_ATT_INVALID_OFFSET                                            Handle        = 0x80650007
+	E_BLUETOOTH_ATT_INSUFFICIENT_AUTHORIZATION                                Handle        = 0x80650008
+	E_BLUETOOTH_ATT_PREPARE_QUEUE_FULL                                        Handle        = 0x80650009
+	E_BLUETOOTH_ATT_ATTRIBUTE_NOT_FOUND                                       Handle        = 0x8065000A
+	E_BLUETOOTH_ATT_ATTRIBUTE_NOT_LONG                                        Handle        = 0x8065000B
+	E_BLUETOOTH_ATT_INSUFFICIENT_ENCRYPTION_KEY_SIZE                          Handle        = 0x8065000C
+	E_BLUETOOTH_ATT_INVALID_ATTRIBUTE_VALUE_LENGTH                            Handle        = 0x8065000D
+	E_BLUETOOTH_ATT_UNLIKELY                                                  Handle        = 0x8065000E
+	E_BLUETOOTH_ATT_INSUFFICIENT_ENCRYPTION                                   Handle        = 0x8065000F
+	E_BLUETOOTH_ATT_UNSUPPORTED_GROUP_TYPE                                    Handle        = 0x80650010
+	E_BLUETOOTH_ATT_INSUFFICIENT_RESOURCES                                    Handle        = 0x80650011
+	E_BLUETOOTH_ATT_UNKNOWN_ERROR                                             Handle        = 0x80651000
+	E_AUDIO_ENGINE_NODE_NOT_FOUND                                             Handle        = 0x80660001
+	E_HDAUDIO_EMPTY_CONNECTION_LIST                                           Handle        = 0x80660002
+	E_HDAUDIO_CONNECTION_LIST_NOT_SUPPORTED                                   Handle        = 0x80660003
+	E_HDAUDIO_NO_LOGICAL_DEVICES_CREATED                                      Handle        = 0x80660004
+	E_HDAUDIO_NULL_LINKED_LIST_ENTRY                                          Handle        = 0x80660005
+	STATEREPOSITORY_E_CONCURRENCY_LOCKING_FAILURE                             Handle        = 0x80670001
+	STATEREPOSITORY_E_STATEMENT_INPROGRESS                                    Handle        = 0x80670002
+	STATEREPOSITORY_E_CONFIGURATION_INVALID                                   Handle        = 0x80670003
+	STATEREPOSITORY_E_UNKNOWN_SCHEMA_VERSION                                  Handle        = 0x80670004
+	STATEREPOSITORY_ERROR_DICTIONARY_CORRUPTED                                Handle        = 0x80670005
+	STATEREPOSITORY_E_BLOCKED                                                 Handle        = 0x80670006
+	STATEREPOSITORY_E_BUSY_RETRY                                              Handle        = 0x80670007
+	STATEREPOSITORY_E_BUSY_RECOVERY_RETRY                                     Handle        = 0x80670008
+	STATEREPOSITORY_E_LOCKED_RETRY                                            Handle        = 0x80670009
+	STATEREPOSITORY_E_LOCKED_SHAREDCACHE_RETRY                                Handle        = 0x8067000A
+	STATEREPOSITORY_E_TRANSACTION_REQUIRED                                    Handle        = 0x8067000B
+	STATEREPOSITORY_E_BUSY_TIMEOUT_EXCEEDED                                   Handle        = 0x8067000C
+	STATEREPOSITORY_E_BUSY_RECOVERY_TIMEOUT_EXCEEDED                          Handle        = 0x8067000D
+	STATEREPOSITORY_E_LOCKED_TIMEOUT_EXCEEDED                                 Handle        = 0x8067000E
+	STATEREPOSITORY_E_LOCKED_SHAREDCACHE_TIMEOUT_EXCEEDED                     Handle        = 0x8067000F
+	STATEREPOSITORY_E_SERVICE_STOP_IN_PROGRESS                                Handle        = 0x80670010
+	STATEREPOSTORY_E_NESTED_TRANSACTION_NOT_SUPPORTED                         Handle        = 0x80670011
+	STATEREPOSITORY_ERROR_CACHE_CORRUPTED                                     Handle        = 0x80670012
+	STATEREPOSITORY_TRANSACTION_CALLER_ID_CHANGED                             Handle        = 0x00670013
+	STATEREPOSITORY_TRANSACTION_IN_PROGRESS                                   Handle        = 0x00670014
+	ERROR_SPACES_POOL_WAS_DELETED                                             Handle        = 0x00E70001
+	ERROR_SPACES_FAULT_DOMAIN_TYPE_INVALID                                    Handle        = 0x80E70001
+	ERROR_SPACES_INTERNAL_ERROR                                               Handle        = 0x80E70002
+	ERROR_SPACES_RESILIENCY_TYPE_INVALID                                      Handle        = 0x80E70003
+	ERROR_SPACES_DRIVE_SECTOR_SIZE_INVALID                                    Handle        = 0x80E70004
+	ERROR_SPACES_DRIVE_REDUNDANCY_INVALID                                     Handle        = 0x80E70006
+	ERROR_SPACES_NUMBER_OF_DATA_COPIES_INVALID                                Handle        = 0x80E70007
+	ERROR_SPACES_PARITY_LAYOUT_INVALID                                        Handle        = 0x80E70008
+	ERROR_SPACES_INTERLEAVE_LENGTH_INVALID                                    Handle        = 0x80E70009
+	ERROR_SPACES_NUMBER_OF_COLUMNS_INVALID                                    Handle        = 0x80E7000A
+	ERROR_SPACES_NOT_ENOUGH_DRIVES                                            Handle        = 0x80E7000B
+	ERROR_SPACES_EXTENDED_ERROR                                               Handle        = 0x80E7000C
+	ERROR_SPACES_PROVISIONING_TYPE_INVALID                                    Handle        = 0x80E7000D
+	ERROR_SPACES_ALLOCATION_SIZE_INVALID                                      Handle        = 0x80E7000E
+	ERROR_SPACES_ENCLOSURE_AWARE_INVALID                                      Handle        = 0x80E7000F
+	ERROR_SPACES_WRITE_CACHE_SIZE_INVALID                                     Handle        = 0x80E70010
+	ERROR_SPACES_NUMBER_OF_GROUPS_INVALID                                     Handle        = 0x80E70011
+	ERROR_SPACES_DRIVE_OPERATIONAL_STATE_INVALID                              Handle        = 0x80E70012
+	ERROR_SPACES_ENTRY_INCOMPLETE                                             Handle        = 0x80E70013
+	ERROR_SPACES_ENTRY_INVALID                                                Handle        = 0x80E70014
+	ERROR_VOLSNAP_BOOTFILE_NOT_VALID                                          Handle        = 0x80820001
+	ERROR_VOLSNAP_ACTIVATION_TIMEOUT                                          Handle        = 0x80820002
+	ERROR_TIERING_NOT_SUPPORTED_ON_VOLUME                                     Handle        = 0x80830001
+	ERROR_TIERING_VOLUME_DISMOUNT_IN_PROGRESS                                 Handle        = 0x80830002
+	ERROR_TIERING_STORAGE_TIER_NOT_FOUND                                      Handle        = 0x80830003
+	ERROR_TIERING_INVALID_FILE_ID                                             Handle        = 0x80830004
+	ERROR_TIERING_WRONG_CLUSTER_NODE                                          Handle        = 0x80830005
+	ERROR_TIERING_ALREADY_PROCESSING                                          Handle        = 0x80830006
+	ERROR_TIERING_CANNOT_PIN_OBJECT                                           Handle        = 0x80830007
+	ERROR_TIERING_FILE_IS_NOT_PINNED                                          Handle        = 0x80830008
+	ERROR_NOT_A_TIERED_VOLUME                                                 Handle        = 0x80830009
+	ERROR_ATTRIBUTE_NOT_PRESENT                                               Handle        = 0x8083000A
+	ERROR_SECCORE_INVALID_COMMAND                                             Handle        = 0xC0E80000
+	ERROR_NO_APPLICABLE_APP_LICENSES_FOUND                                    Handle        = 0xC0EA0001
+	ERROR_CLIP_LICENSE_NOT_FOUND                                              Handle        = 0xC0EA0002
+	ERROR_CLIP_DEVICE_LICENSE_MISSING                                         Handle        = 0xC0EA0003
+	ERROR_CLIP_LICENSE_INVALID_SIGNATURE                                      Handle        = 0xC0EA0004
+	ERROR_CLIP_KEYHOLDER_LICENSE_MISSING_OR_INVALID                           Handle        = 0xC0EA0005
+	ERROR_CLIP_LICENSE_EXPIRED                                                Handle        = 0xC0EA0006
+	ERROR_CLIP_LICENSE_SIGNED_BY_UNKNOWN_SOURCE                               Handle        = 0xC0EA0007
+	ERROR_CLIP_LICENSE_NOT_SIGNED                                             Handle        = 0xC0EA0008
+	ERROR_CLIP_LICENSE_HARDWARE_ID_OUT_OF_TOLERANCE                           Handle        = 0xC0EA0009
+	ERROR_CLIP_LICENSE_DEVICE_ID_MISMATCH                                     Handle        = 0xC0EA000A
+	DXGI_STATUS_OCCLUDED                                                      Handle        = 0x087A0001
+	DXGI_STATUS_CLIPPED                                                       Handle        = 0x087A0002
+	DXGI_STATUS_NO_REDIRECTION                                                Handle        = 0x087A0004
+	DXGI_STATUS_NO_DESKTOP_ACCESS                                             Handle        = 0x087A0005
+	DXGI_STATUS_GRAPHICS_VIDPN_SOURCE_IN_USE                                  Handle        = 0x087A0006
+	DXGI_STATUS_MODE_CHANGED                                                  Handle        = 0x087A0007
+	DXGI_STATUS_MODE_CHANGE_IN_PROGRESS                                       Handle        = 0x087A0008
+	DXGI_ERROR_INVALID_CALL                                                   Handle        = 0x887A0001
+	DXGI_ERROR_NOT_FOUND                                                      Handle        = 0x887A0002
+	DXGI_ERROR_MORE_DATA                                                      Handle        = 0x887A0003
+	DXGI_ERROR_UNSUPPORTED                                                    Handle        = 0x887A0004
+	DXGI_ERROR_DEVICE_REMOVED                                                 Handle        = 0x887A0005
+	DXGI_ERROR_DEVICE_HUNG                                                    Handle        = 0x887A0006
+	DXGI_ERROR_DEVICE_RESET                                                   Handle        = 0x887A0007
+	DXGI_ERROR_WAS_STILL_DRAWING                                              Handle        = 0x887A000A
+	DXGI_ERROR_FRAME_STATISTICS_DISJOINT                                      Handle        = 0x887A000B
+	DXGI_ERROR_GRAPHICS_VIDPN_SOURCE_IN_USE                                   Handle        = 0x887A000C
+	DXGI_ERROR_DRIVER_INTERNAL_ERROR                                          Handle        = 0x887A0020
+	DXGI_ERROR_NONEXCLUSIVE                                                   Handle        = 0x887A0021
+	DXGI_ERROR_NOT_CURRENTLY_AVAILABLE                                        Handle        = 0x887A0022
+	DXGI_ERROR_REMOTE_CLIENT_DISCONNECTED                                     Handle        = 0x887A0023
+	DXGI_ERROR_REMOTE_OUTOFMEMORY                                             Handle        = 0x887A0024
+	DXGI_ERROR_ACCESS_LOST                                                    Handle        = 0x887A0026
+	DXGI_ERROR_WAIT_TIMEOUT                                                   Handle        = 0x887A0027
+	DXGI_ERROR_SESSION_DISCONNECTED                                           Handle        = 0x887A0028
+	DXGI_ERROR_RESTRICT_TO_OUTPUT_STALE                                       Handle        = 0x887A0029
+	DXGI_ERROR_CANNOT_PROTECT_CONTENT                                         Handle        = 0x887A002A
+	DXGI_ERROR_ACCESS_DENIED                                                  Handle        = 0x887A002B
+	DXGI_ERROR_NAME_ALREADY_EXISTS                                            Handle        = 0x887A002C
+	DXGI_ERROR_SDK_COMPONENT_MISSING                                          Handle        = 0x887A002D
+	DXGI_ERROR_NOT_CURRENT                                                    Handle        = 0x887A002E
+	DXGI_ERROR_HW_PROTECTION_OUTOFMEMORY                                      Handle        = 0x887A0030
+	DXGI_ERROR_DYNAMIC_CODE_POLICY_VIOLATION                                  Handle        = 0x887A0031
+	DXGI_ERROR_NON_COMPOSITED_UI                                              Handle        = 0x887A0032
+	DXGI_STATUS_UNOCCLUDED                                                    Handle        = 0x087A0009
+	DXGI_STATUS_DDA_WAS_STILL_DRAWING                                         Handle        = 0x087A000A
+	DXGI_ERROR_MODE_CHANGE_IN_PROGRESS                                        Handle        = 0x887A0025
+	DXGI_STATUS_PRESENT_REQUIRED                                              Handle        = 0x087A002F
+	DXGI_ERROR_CACHE_CORRUPT                                                  Handle        = 0x887A0033
+	DXGI_ERROR_CACHE_FULL                                                     Handle        = 0x887A0034
+	DXGI_ERROR_CACHE_HASH_COLLISION                                           Handle        = 0x887A0035
+	DXGI_ERROR_ALREADY_EXISTS                                                 Handle        = 0x887A0036
+	DXGI_DDI_ERR_WASSTILLDRAWING                                              Handle        = 0x887B0001
+	DXGI_DDI_ERR_UNSUPPORTED                                                  Handle        = 0x887B0002
+	DXGI_DDI_ERR_NONEXCLUSIVE                                                 Handle        = 0x887B0003
+	D3D10_ERROR_TOO_MANY_UNIQUE_STATE_OBJECTS                                 Handle        = 0x88790001
+	D3D10_ERROR_FILE_NOT_FOUND                                                Handle        = 0x88790002
+	D3D11_ERROR_TOO_MANY_UNIQUE_STATE_OBJECTS                                 Handle        = 0x887C0001
+	D3D11_ERROR_FILE_NOT_FOUND                                                Handle        = 0x887C0002
+	D3D11_ERROR_TOO_MANY_UNIQUE_VIEW_OBJECTS                                  Handle        = 0x887C0003
+	D3D11_ERROR_DEFERRED_CONTEXT_MAP_WITHOUT_INITIAL_DISCARD                  Handle        = 0x887C0004
+	D3D12_ERROR_ADAPTER_NOT_FOUND                                             Handle        = 0x887E0001
+	D3D12_ERROR_DRIVER_VERSION_MISMATCH                                       Handle        = 0x887E0002
+	D2DERR_WRONG_STATE                                                        Handle        = 0x88990001
+	D2DERR_NOT_INITIALIZED                                                    Handle        = 0x88990002
+	D2DERR_UNSUPPORTED_OPERATION                                              Handle        = 0x88990003
+	D2DERR_SCANNER_FAILED                                                     Handle        = 0x88990004
+	D2DERR_SCREEN_ACCESS_DENIED                                               Handle        = 0x88990005
+	D2DERR_DISPLAY_STATE_INVALID                                              Handle        = 0x88990006
+	D2DERR_ZERO_VECTOR                                                        Handle        = 0x88990007
+	D2DERR_INTERNAL_ERROR                                                     Handle        = 0x88990008
+	D2DERR_DISPLAY_FORMAT_NOT_SUPPORTED                                       Handle        = 0x88990009
+	D2DERR_INVALID_CALL                                                       Handle        = 0x8899000A
+	D2DERR_NO_HARDWARE_DEVICE                                                 Handle        = 0x8899000B
+	D2DERR_RECREATE_TARGET                                                    Handle        = 0x8899000C
+	D2DERR_TOO_MANY_SHADER_ELEMENTS                                           Handle        = 0x8899000D
+	D2DERR_SHADER_COMPILE_FAILED                                              Handle        = 0x8899000E
+	D2DERR_MAX_TEXTURE_SIZE_EXCEEDED                                          Handle        = 0x8899000F
+	D2DERR_UNSUPPORTED_VERSION                                                Handle        = 0x88990010
+	D2DERR_BAD_NUMBER                                                         Handle        = 0x88990011
+	D2DERR_WRONG_FACTORY                                                      Handle        = 0x88990012
+	D2DERR_LAYER_ALREADY_IN_USE                                               Handle        = 0x88990013
+	D2DERR_POP_CALL_DID_NOT_MATCH_PUSH                                        Handle        = 0x88990014
+	D2DERR_WRONG_RESOURCE_DOMAIN                                              Handle        = 0x88990015
+	D2DERR_PUSH_POP_UNBALANCED                                                Handle        = 0x88990016
+	D2DERR_RENDER_TARGET_HAS_LAYER_OR_CLIPRECT                                Handle        = 0x88990017
+	D2DERR_INCOMPATIBLE_BRUSH_TYPES                                           Handle        = 0x88990018
+	D2DERR_WIN32_ERROR                                                        Handle        = 0x88990019
+	D2DERR_TARGET_NOT_GDI_COMPATIBLE                                          Handle        = 0x8899001A
+	D2DERR_TEXT_EFFECT_IS_WRONG_TYPE                                          Handle        = 0x8899001B
+	D2DERR_TEXT_RENDERER_NOT_RELEASED                                         Handle        = 0x8899001C
+	D2DERR_EXCEEDS_MAX_BITMAP_SIZE                                            Handle        = 0x8899001D
+	D2DERR_INVALID_GRAPH_CONFIGURATION                                        Handle        = 0x8899001E
+	D2DERR_INVALID_INTERNAL_GRAPH_CONFIGURATION                               Handle        = 0x8899001F
+	D2DERR_CYCLIC_GRAPH                                                       Handle        = 0x88990020
+	D2DERR_BITMAP_CANNOT_DRAW                                                 Handle        = 0x88990021
+	D2DERR_OUTSTANDING_BITMAP_REFERENCES                                      Handle        = 0x88990022
+	D2DERR_ORIGINAL_TARGET_NOT_BOUND                                          Handle        = 0x88990023
+	D2DERR_INVALID_TARGET                                                     Handle        = 0x88990024
+	D2DERR_BITMAP_BOUND_AS_TARGET                                             Handle        = 0x88990025
+	D2DERR_INSUFFICIENT_DEVICE_CAPABILITIES                                   Handle        = 0x88990026
+	D2DERR_INTERMEDIATE_TOO_LARGE                                             Handle        = 0x88990027
+	D2DERR_EFFECT_IS_NOT_REGISTERED                                           Handle        = 0x88990028
+	D2DERR_INVALID_PROPERTY                                                   Handle        = 0x88990029
+	D2DERR_NO_SUBPROPERTIES                                                   Handle        = 0x8899002A
+	D2DERR_PRINT_JOB_CLOSED                                                   Handle        = 0x8899002B
+	D2DERR_PRINT_FORMAT_NOT_SUPPORTED                                         Handle        = 0x8899002C
+	D2DERR_TOO_MANY_TRANSFORM_INPUTS                                          Handle        = 0x8899002D
+	D2DERR_INVALID_GLYPH_IMAGE                                                Handle        = 0x8899002E
+	DWRITE_E_FILEFORMAT                                                       Handle        = 0x88985000
+	DWRITE_E_UNEXPECTED                                                       Handle        = 0x88985001
+	DWRITE_E_NOFONT                                                           Handle        = 0x88985002
+	DWRITE_E_FILENOTFOUND                                                     Handle        = 0x88985003
+	DWRITE_E_FILEACCESS                                                       Handle        = 0x88985004
+	DWRITE_E_FONTCOLLECTIONOBSOLETE                                           Handle        = 0x88985005
+	DWRITE_E_ALREADYREGISTERED                                                Handle        = 0x88985006
+	DWRITE_E_CACHEFORMAT                                                      Handle        = 0x88985007
+	DWRITE_E_CACHEVERSION                                                     Handle        = 0x88985008
+	DWRITE_E_UNSUPPORTEDOPERATION                                             Handle        = 0x88985009
+	DWRITE_E_TEXTRENDERERINCOMPATIBLE                                         Handle        = 0x8898500A
+	DWRITE_E_FLOWDIRECTIONCONFLICTS                                           Handle        = 0x8898500B
+	DWRITE_E_NOCOLOR                                                          Handle        = 0x8898500C
+	DWRITE_E_REMOTEFONT                                                       Handle        = 0x8898500D
+	DWRITE_E_DOWNLOADCANCELLED                                                Handle        = 0x8898500E
+	DWRITE_E_DOWNLOADFAILED                                                   Handle        = 0x8898500F
+	DWRITE_E_TOOMANYDOWNLOADS                                                 Handle        = 0x88985010
+	WINCODEC_ERR_WRONGSTATE                                                   Handle        = 0x88982F04
+	WINCODEC_ERR_VALUEOUTOFRANGE                                              Handle        = 0x88982F05
+	WINCODEC_ERR_UNKNOWNIMAGEFORMAT                                           Handle        = 0x88982F07
+	WINCODEC_ERR_UNSUPPORTEDVERSION                                           Handle        = 0x88982F0B
+	WINCODEC_ERR_NOTINITIALIZED                                               Handle        = 0x88982F0C
+	WINCODEC_ERR_ALREADYLOCKED                                                Handle        = 0x88982F0D
+	WINCODEC_ERR_PROPERTYNOTFOUND                                             Handle        = 0x88982F40
+	WINCODEC_ERR_PROPERTYNOTSUPPORTED                                         Handle        = 0x88982F41
+	WINCODEC_ERR_PROPERTYSIZE                                                 Handle        = 0x88982F42
+	WINCODEC_ERR_CODECPRESENT                                                 Handle        = 0x88982F43
+	WINCODEC_ERR_CODECNOTHUMBNAIL                                             Handle        = 0x88982F44
+	WINCODEC_ERR_PALETTEUNAVAILABLE                                           Handle        = 0x88982F45
+	WINCODEC_ERR_CODECTOOMANYSCANLINES                                        Handle        = 0x88982F46
+	WINCODEC_ERR_INTERNALERROR                                                Handle        = 0x88982F48
+	WINCODEC_ERR_SOURCERECTDOESNOTMATCHDIMENSIONS                             Handle        = 0x88982F49
+	WINCODEC_ERR_COMPONENTNOTFOUND                                            Handle        = 0x88982F50
+	WINCODEC_ERR_IMAGESIZEOUTOFRANGE                                          Handle        = 0x88982F51
+	WINCODEC_ERR_TOOMUCHMETADATA                                              Handle        = 0x88982F52
+	WINCODEC_ERR_BADIMAGE                                                     Handle        = 0x88982F60
+	WINCODEC_ERR_BADHEADER                                                    Handle        = 0x88982F61
+	WINCODEC_ERR_FRAMEMISSING                                                 Handle        = 0x88982F62
+	WINCODEC_ERR_BADMETADATAHEADER                                            Handle        = 0x88982F63
+	WINCODEC_ERR_BADSTREAMDATA                                                Handle        = 0x88982F70
+	WINCODEC_ERR_STREAMWRITE                                                  Handle        = 0x88982F71
+	WINCODEC_ERR_STREAMREAD                                                   Handle        = 0x88982F72
+	WINCODEC_ERR_STREAMNOTAVAILABLE                                           Handle        = 0x88982F73
+	WINCODEC_ERR_UNSUPPORTEDPIXELFORMAT                                       Handle        = 0x88982F80
+	WINCODEC_ERR_UNSUPPORTEDOPERATION                                         Handle        = 0x88982F81
+	WINCODEC_ERR_INVALIDREGISTRATION                                          Handle        = 0x88982F8A
+	WINCODEC_ERR_COMPONENTINITIALIZEFAILURE                                   Handle        = 0x88982F8B
+	WINCODEC_ERR_INSUFFICIENTBUFFER                                           Handle        = 0x88982F8C
+	WINCODEC_ERR_DUPLICATEMETADATAPRESENT                                     Handle        = 0x88982F8D
+	WINCODEC_ERR_PROPERTYUNEXPECTEDTYPE                                       Handle        = 0x88982F8E
+	WINCODEC_ERR_UNEXPECTEDSIZE                                               Handle        = 0x88982F8F
+	WINCODEC_ERR_INVALIDQUERYREQUEST                                          Handle        = 0x88982F90
+	WINCODEC_ERR_UNEXPECTEDMETADATATYPE                                       Handle        = 0x88982F91
+	WINCODEC_ERR_REQUESTONLYVALIDATMETADATAROOT                               Handle        = 0x88982F92
+	WINCODEC_ERR_INVALIDQUERYCHARACTER                                        Handle        = 0x88982F93
+	WINCODEC_ERR_WIN32ERROR                                                   Handle        = 0x88982F94
+	WINCODEC_ERR_INVALIDPROGRESSIVELEVEL                                      Handle        = 0x88982F95
+	WINCODEC_ERR_INVALIDJPEGSCANINDEX                                         Handle        = 0x88982F96
+	MILERR_OBJECTBUSY                                                         Handle        = 0x88980001
+	MILERR_INSUFFICIENTBUFFER                                                 Handle        = 0x88980002
+	MILERR_WIN32ERROR                                                         Handle        = 0x88980003
+	MILERR_SCANNER_FAILED                                                     Handle        = 0x88980004
+	MILERR_SCREENACCESSDENIED                                                 Handle        = 0x88980005
+	MILERR_DISPLAYSTATEINVALID                                                Handle        = 0x88980006
+	MILERR_NONINVERTIBLEMATRIX                                                Handle        = 0x88980007
+	MILERR_ZEROVECTOR                                                         Handle        = 0x88980008
+	MILERR_TERMINATED                                                         Handle        = 0x88980009
+	MILERR_BADNUMBER                                                          Handle        = 0x8898000A
+	MILERR_INTERNALERROR                                                      Handle        = 0x88980080
+	MILERR_DISPLAYFORMATNOTSUPPORTED                                          Handle        = 0x88980084
+	MILERR_INVALIDCALL                                                        Handle        = 0x88980085
+	MILERR_ALREADYLOCKED                                                      Handle        = 0x88980086
+	MILERR_NOTLOCKED                                                          Handle        = 0x88980087
+	MILERR_DEVICECANNOTRENDERTEXT                                             Handle        = 0x88980088
+	MILERR_GLYPHBITMAPMISSED                                                  Handle        = 0x88980089
+	MILERR_MALFORMEDGLYPHCACHE                                                Handle        = 0x8898008A
+	MILERR_GENERIC_IGNORE                                                     Handle        = 0x8898008B
+	MILERR_MALFORMED_GUIDELINE_DATA                                           Handle        = 0x8898008C
+	MILERR_NO_HARDWARE_DEVICE                                                 Handle        = 0x8898008D
+	MILERR_NEED_RECREATE_AND_PRESENT                                          Handle        = 0x8898008E
+	MILERR_ALREADY_INITIALIZED                                                Handle        = 0x8898008F
+	MILERR_MISMATCHED_SIZE                                                    Handle        = 0x88980090
+	MILERR_NO_REDIRECTION_SURFACE_AVAILABLE                                   Handle        = 0x88980091
+	MILERR_REMOTING_NOT_SUPPORTED                                             Handle        = 0x88980092
+	MILERR_QUEUED_PRESENT_NOT_SUPPORTED                                       Handle        = 0x88980093
+	MILERR_NOT_QUEUING_PRESENTS                                               Handle        = 0x88980094
+	MILERR_NO_REDIRECTION_SURFACE_RETRY_LATER                                 Handle        = 0x88980095
+	MILERR_TOOMANYSHADERELEMNTS                                               Handle        = 0x88980096
+	MILERR_MROW_READLOCK_FAILED                                               Handle        = 0x88980097
+	MILERR_MROW_UPDATE_FAILED                                                 Handle        = 0x88980098
+	MILERR_SHADER_COMPILE_FAILED                                              Handle        = 0x88980099
+	MILERR_MAX_TEXTURE_SIZE_EXCEEDED                                          Handle        = 0x8898009A
+	MILERR_QPC_TIME_WENT_BACKWARD                                             Handle        = 0x8898009B
+	MILERR_DXGI_ENUMERATION_OUT_OF_SYNC                                       Handle        = 0x8898009D
+	MILERR_ADAPTER_NOT_FOUND                                                  Handle        = 0x8898009E
+	MILERR_COLORSPACE_NOT_SUPPORTED                                           Handle        = 0x8898009F
+	MILERR_PREFILTER_NOT_SUPPORTED                                            Handle        = 0x889800A0
+	MILERR_DISPLAYID_ACCESS_DENIED                                            Handle        = 0x889800A1
+	UCEERR_INVALIDPACKETHEADER                                                Handle        = 0x88980400
+	UCEERR_UNKNOWNPACKET                                                      Handle        = 0x88980401
+	UCEERR_ILLEGALPACKET                                                      Handle        = 0x88980402
+	UCEERR_MALFORMEDPACKET                                                    Handle        = 0x88980403
+	UCEERR_ILLEGALHANDLE                                                      Handle        = 0x88980404
+	UCEERR_HANDLELOOKUPFAILED                                                 Handle        = 0x88980405
+	UCEERR_RENDERTHREADFAILURE                                                Handle        = 0x88980406
+	UCEERR_CTXSTACKFRSTTARGETNULL                                             Handle        = 0x88980407
+	UCEERR_CONNECTIONIDLOOKUPFAILED                                           Handle        = 0x88980408
+	UCEERR_BLOCKSFULL                                                         Handle        = 0x88980409
+	UCEERR_MEMORYFAILURE                                                      Handle        = 0x8898040A
+	UCEERR_PACKETRECORDOUTOFRANGE                                             Handle        = 0x8898040B
+	UCEERR_ILLEGALRECORDTYPE                                                  Handle        = 0x8898040C
+	UCEERR_OUTOFHANDLES                                                       Handle        = 0x8898040D
+	UCEERR_UNCHANGABLE_UPDATE_ATTEMPTED                                       Handle        = 0x8898040E
+	UCEERR_NO_MULTIPLE_WORKER_THREADS                                         Handle        = 0x8898040F
+	UCEERR_REMOTINGNOTSUPPORTED                                               Handle        = 0x88980410
+	UCEERR_MISSINGENDCOMMAND                                                  Handle        = 0x88980411
+	UCEERR_MISSINGBEGINCOMMAND                                                Handle        = 0x88980412
+	UCEERR_CHANNELSYNCTIMEDOUT                                                Handle        = 0x88980413
+	UCEERR_CHANNELSYNCABANDONED                                               Handle        = 0x88980414
+	UCEERR_UNSUPPORTEDTRANSPORTVERSION                                        Handle        = 0x88980415
+	UCEERR_TRANSPORTUNAVAILABLE                                               Handle        = 0x88980416
+	UCEERR_FEEDBACK_UNSUPPORTED                                               Handle        = 0x88980417
+	UCEERR_COMMANDTRANSPORTDENIED                                             Handle        = 0x88980418
+	UCEERR_GRAPHICSSTREAMUNAVAILABLE                                          Handle        = 0x88980419
+	UCEERR_GRAPHICSSTREAMALREADYOPEN                                          Handle        = 0x88980420
+	UCEERR_TRANSPORTDISCONNECTED                                              Handle        = 0x88980421
+	UCEERR_TRANSPORTOVERLOADED                                                Handle        = 0x88980422
+	UCEERR_PARTITION_ZOMBIED                                                  Handle        = 0x88980423
+	MILAVERR_NOCLOCK                                                          Handle        = 0x88980500
+	MILAVERR_NOMEDIATYPE                                                      Handle        = 0x88980501
+	MILAVERR_NOVIDEOMIXER                                                     Handle        = 0x88980502
+	MILAVERR_NOVIDEOPRESENTER                                                 Handle        = 0x88980503
+	MILAVERR_NOREADYFRAMES                                                    Handle        = 0x88980504
+	MILAVERR_MODULENOTLOADED                                                  Handle        = 0x88980505
+	MILAVERR_WMPFACTORYNOTREGISTERED                                          Handle        = 0x88980506
+	MILAVERR_INVALIDWMPVERSION                                                Handle        = 0x88980507
+	MILAVERR_INSUFFICIENTVIDEORESOURCES                                       Handle        = 0x88980508
+	MILAVERR_VIDEOACCELERATIONNOTAVAILABLE                                    Handle        = 0x88980509
+	MILAVERR_REQUESTEDTEXTURETOOBIG                                           Handle        = 0x8898050A
+	MILAVERR_SEEKFAILED                                                       Handle        = 0x8898050B
+	MILAVERR_UNEXPECTEDWMPFAILURE                                             Handle        = 0x8898050C
+	MILAVERR_MEDIAPLAYERCLOSED                                                Handle        = 0x8898050D
+	MILAVERR_UNKNOWNHARDWAREERROR                                             Handle        = 0x8898050E
+	MILEFFECTSERR_UNKNOWNPROPERTY                                             Handle        = 0x8898060E
+	MILEFFECTSERR_EFFECTNOTPARTOFGROUP                                        Handle        = 0x8898060F
+	MILEFFECTSERR_NOINPUTSOURCEATTACHED                                       Handle        = 0x88980610
+	MILEFFECTSERR_CONNECTORNOTCONNECTED                                       Handle        = 0x88980611
+	MILEFFECTSERR_CONNECTORNOTASSOCIATEDWITHEFFECT                            Handle        = 0x88980612
+	MILEFFECTSERR_RESERVED                                                    Handle        = 0x88980613
+	MILEFFECTSERR_CYCLEDETECTED                                               Handle        = 0x88980614
+	MILEFFECTSERR_EFFECTINMORETHANONEGRAPH                                    Handle        = 0x88980615
+	MILEFFECTSERR_EFFECTALREADYINAGRAPH                                       Handle        = 0x88980616
+	MILEFFECTSERR_EFFECTHASNOCHILDREN                                         Handle        = 0x88980617
+	MILEFFECTSERR_ALREADYATTACHEDTOLISTENER                                   Handle        = 0x88980618
+	MILEFFECTSERR_NOTAFFINETRANSFORM                                          Handle        = 0x88980619
+	MILEFFECTSERR_EMPTYBOUNDS                                                 Handle        = 0x8898061A
+	MILEFFECTSERR_OUTPUTSIZETOOLARGE                                          Handle        = 0x8898061B
+	DWMERR_STATE_TRANSITION_FAILED                                            Handle        = 0x88980700
+	DWMERR_THEME_FAILED                                                       Handle        = 0x88980701
+	DWMERR_CATASTROPHIC_FAILURE                                               Handle        = 0x88980702
+	DCOMPOSITION_ERROR_WINDOW_ALREADY_COMPOSED                                Handle        = 0x88980800
+	DCOMPOSITION_ERROR_SURFACE_BEING_RENDERED                                 Handle        = 0x88980801
+	DCOMPOSITION_ERROR_SURFACE_NOT_BEING_RENDERED                             Handle        = 0x88980802
+	ONL_E_INVALID_AUTHENTICATION_TARGET                                       Handle        = 0x80860001
+	ONL_E_ACCESS_DENIED_BY_TOU                                                Handle        = 0x80860002
+	ONL_E_INVALID_APPLICATION                                                 Handle        = 0x80860003
+	ONL_E_PASSWORD_UPDATE_REQUIRED                                            Handle        = 0x80860004
+	ONL_E_ACCOUNT_UPDATE_REQUIRED                                             Handle        = 0x80860005
+	ONL_E_FORCESIGNIN                                                         Handle        = 0x80860006
+	ONL_E_ACCOUNT_LOCKED                                                      Handle        = 0x80860007
+	ONL_E_PARENTAL_CONSENT_REQUIRED                                           Handle        = 0x80860008
+	ONL_E_EMAIL_VERIFICATION_REQUIRED                                         Handle        = 0x80860009
+	ONL_E_ACCOUNT_SUSPENDED_COMPROIMISE                                       Handle        = 0x8086000A
+	ONL_E_ACCOUNT_SUSPENDED_ABUSE                                             Handle        = 0x8086000B
+	ONL_E_ACTION_REQUIRED                                                     Handle        = 0x8086000C
+	ONL_CONNECTION_COUNT_LIMIT                                                Handle        = 0x8086000D
+	ONL_E_CONNECTED_ACCOUNT_CAN_NOT_SIGNOUT                                   Handle        = 0x8086000E
+	ONL_E_USER_AUTHENTICATION_REQUIRED                                        Handle        = 0x8086000F
+	ONL_E_REQUEST_THROTTLED                                                   Handle        = 0x80860010
+	FA_E_MAX_PERSISTED_ITEMS_REACHED                                          Handle        = 0x80270220
+	FA_E_HOMEGROUP_NOT_AVAILABLE                                              Handle        = 0x80270222
+	E_MONITOR_RESOLUTION_TOO_LOW                                              Handle        = 0x80270250
+	E_ELEVATED_ACTIVATION_NOT_SUPPORTED                                       Handle        = 0x80270251
+	E_UAC_DISABLED                                                            Handle        = 0x80270252
+	E_FULL_ADMIN_NOT_SUPPORTED                                                Handle        = 0x80270253
+	E_APPLICATION_NOT_REGISTERED                                              Handle        = 0x80270254
+	E_MULTIPLE_EXTENSIONS_FOR_APPLICATION                                     Handle        = 0x80270255
+	E_MULTIPLE_PACKAGES_FOR_FAMILY                                            Handle        = 0x80270256
+	E_APPLICATION_MANAGER_NOT_RUNNING                                         Handle        = 0x80270257
+	S_STORE_LAUNCHED_FOR_REMEDIATION                                          Handle        = 0x00270258
+	S_APPLICATION_ACTIVATION_ERROR_HANDLED_BY_DIALOG                          Handle        = 0x00270259
+	E_APPLICATION_ACTIVATION_TIMED_OUT                                        Handle        = 0x8027025A
+	E_APPLICATION_ACTIVATION_EXEC_FAILURE                                     Handle        = 0x8027025B
+	E_APPLICATION_TEMPORARY_LICENSE_ERROR                                     Handle        = 0x8027025C
+	E_APPLICATION_TRIAL_LICENSE_EXPIRED                                       Handle        = 0x8027025D
+	E_SKYDRIVE_ROOT_TARGET_FILE_SYSTEM_NOT_SUPPORTED                          Handle        = 0x80270260
+	E_SKYDRIVE_ROOT_TARGET_OVERLAP                                            Handle        = 0x80270261
+	E_SKYDRIVE_ROOT_TARGET_CANNOT_INDEX                                       Handle        = 0x80270262
+	E_SKYDRIVE_FILE_NOT_UPLOADED                                              Handle        = 0x80270263
+	E_SKYDRIVE_UPDATE_AVAILABILITY_FAIL                                       Handle        = 0x80270264
+	E_SKYDRIVE_ROOT_TARGET_VOLUME_ROOT_NOT_SUPPORTED                          Handle        = 0x80270265
+	E_SYNCENGINE_FILE_SIZE_OVER_LIMIT                                         Handle        = 0x8802B001
+	E_SYNCENGINE_FILE_SIZE_EXCEEDS_REMAINING_QUOTA                            Handle        = 0x8802B002
+	E_SYNCENGINE_UNSUPPORTED_FILE_NAME                                        Handle        = 0x8802B003
+	E_SYNCENGINE_FOLDER_ITEM_COUNT_LIMIT_EXCEEDED                             Handle        = 0x8802B004
+	E_SYNCENGINE_FILE_SYNC_PARTNER_ERROR                                      Handle        = 0x8802B005
+	E_SYNCENGINE_SYNC_PAUSED_BY_SERVICE                                       Handle        = 0x8802B006
+	E_SYNCENGINE_FILE_IDENTIFIER_UNKNOWN                                      Handle        = 0x8802C002
+	E_SYNCENGINE_SERVICE_AUTHENTICATION_FAILED                                Handle        = 0x8802C003
+	E_SYNCENGINE_UNKNOWN_SERVICE_ERROR                                        Handle        = 0x8802C004
+	E_SYNCENGINE_SERVICE_RETURNED_UNEXPECTED_SIZE                             Handle        = 0x8802C005
+	E_SYNCENGINE_REQUEST_BLOCKED_BY_SERVICE                                   Handle        = 0x8802C006
+	E_SYNCENGINE_REQUEST_BLOCKED_DUE_TO_CLIENT_ERROR                          Handle        = 0x8802C007
+	E_SYNCENGINE_FOLDER_INACCESSIBLE                                          Handle        = 0x8802D001
+	E_SYNCENGINE_UNSUPPORTED_FOLDER_NAME                                      Handle        = 0x8802D002
+	E_SYNCENGINE_UNSUPPORTED_MARKET                                           Handle        = 0x8802D003
+	E_SYNCENGINE_PATH_LENGTH_LIMIT_EXCEEDED                                   Handle        = 0x8802D004
+	E_SYNCENGINE_REMOTE_PATH_LENGTH_LIMIT_EXCEEDED                            Handle        = 0x8802D005
+	E_SYNCENGINE_CLIENT_UPDATE_NEEDED                                         Handle        = 0x8802D006
+	E_SYNCENGINE_PROXY_AUTHENTICATION_REQUIRED                                Handle        = 0x8802D007
+	E_SYNCENGINE_STORAGE_SERVICE_PROVISIONING_FAILED                          Handle        = 0x8802D008
+	E_SYNCENGINE_UNSUPPORTED_REPARSE_POINT                                    Handle        = 0x8802D009
+	E_SYNCENGINE_STORAGE_SERVICE_BLOCKED                                      Handle        = 0x8802D00A
+	E_SYNCENGINE_FOLDER_IN_REDIRECTION                                        Handle        = 0x8802D00B
+	EAS_E_POLICY_NOT_MANAGED_BY_OS                                            Handle        = 0x80550001
+	EAS_E_POLICY_COMPLIANT_WITH_ACTIONS                                       Handle        = 0x80550002
+	EAS_E_REQUESTED_POLICY_NOT_ENFORCEABLE                                    Handle        = 0x80550003
+	EAS_E_CURRENT_USER_HAS_BLANK_PASSWORD                                     Handle        = 0x80550004
+	EAS_E_REQUESTED_POLICY_PASSWORD_EXPIRATION_INCOMPATIBLE                   Handle        = 0x80550005
+	EAS_E_USER_CANNOT_CHANGE_PASSWORD                                         Handle        = 0x80550006
+	EAS_E_ADMINS_HAVE_BLANK_PASSWORD                                          Handle        = 0x80550007
+	EAS_E_ADMINS_CANNOT_CHANGE_PASSWORD                                       Handle        = 0x80550008
+	EAS_E_LOCAL_CONTROLLED_USERS_CANNOT_CHANGE_PASSWORD                       Handle        = 0x80550009
+	EAS_E_PASSWORD_POLICY_NOT_ENFORCEABLE_FOR_CONNECTED_ADMINS                Handle        = 0x8055000A
+	EAS_E_CONNECTED_ADMINS_NEED_TO_CHANGE_PASSWORD                            Handle        = 0x8055000B
+	EAS_E_PASSWORD_POLICY_NOT_ENFORCEABLE_FOR_CURRENT_CONNECTED_USER          Handle        = 0x8055000C
+	EAS_E_CURRENT_CONNECTED_USER_NEED_TO_CHANGE_PASSWORD                      Handle        = 0x8055000D
+	WEB_E_UNSUPPORTED_FORMAT                                                  Handle        = 0x83750001
+	WEB_E_INVALID_XML                                                         Handle        = 0x83750002
+	WEB_E_MISSING_REQUIRED_ELEMENT                                            Handle        = 0x83750003
+	WEB_E_MISSING_REQUIRED_ATTRIBUTE                                          Handle        = 0x83750004
+	WEB_E_UNEXPECTED_CONTENT                                                  Handle        = 0x83750005
+	WEB_E_RESOURCE_TOO_LARGE                                                  Handle        = 0x83750006
+	WEB_E_INVALID_JSON_STRING                                                 Handle        = 0x83750007
+	WEB_E_INVALID_JSON_NUMBER                                                 Handle        = 0x83750008
+	WEB_E_JSON_VALUE_NOT_FOUND                                                Handle        = 0x83750009
+	HTTP_E_STATUS_UNEXPECTED                                                  Handle        = 0x80190001
+	HTTP_E_STATUS_UNEXPECTED_REDIRECTION                                      Handle        = 0x80190003
+	HTTP_E_STATUS_UNEXPECTED_CLIENT_ERROR                                     Handle        = 0x80190004
+	HTTP_E_STATUS_UNEXPECTED_SERVER_ERROR                                     Handle        = 0x80190005
+	HTTP_E_STATUS_AMBIGUOUS                                                   Handle        = 0x8019012C
+	HTTP_E_STATUS_MOVED                                                       Handle        = 0x8019012D
+	HTTP_E_STATUS_REDIRECT                                                    Handle        = 0x8019012E
+	HTTP_E_STATUS_REDIRECT_METHOD                                             Handle        = 0x8019012F
+	HTTP_E_STATUS_NOT_MODIFIED                                                Handle        = 0x80190130
+	HTTP_E_STATUS_USE_PROXY                                                   Handle        = 0x80190131
+	HTTP_E_STATUS_REDIRECT_KEEP_VERB                                          Handle        = 0x80190133
+	HTTP_E_STATUS_BAD_REQUEST                                                 Handle        = 0x80190190
+	HTTP_E_STATUS_DENIED                                                      Handle        = 0x80190191
+	HTTP_E_STATUS_PAYMENT_REQ                                                 Handle        = 0x80190192
+	HTTP_E_STATUS_FORBIDDEN                                                   Handle        = 0x80190193
+	HTTP_E_STATUS_NOT_FOUND                                                   Handle        = 0x80190194
+	HTTP_E_STATUS_BAD_METHOD                                                  Handle        = 0x80190195
+	HTTP_E_STATUS_NONE_ACCEPTABLE                                             Handle        = 0x80190196
+	HTTP_E_STATUS_PROXY_AUTH_REQ                                              Handle        = 0x80190197
+	HTTP_E_STATUS_REQUEST_TIMEOUT                                             Handle        = 0x80190198
+	HTTP_E_STATUS_CONFLICT                                                    Handle        = 0x80190199
+	HTTP_E_STATUS_GONE                                                        Handle        = 0x8019019A
+	HTTP_E_STATUS_LENGTH_REQUIRED                                             Handle        = 0x8019019B
+	HTTP_E_STATUS_PRECOND_FAILED                                              Handle        = 0x8019019C
+	HTTP_E_STATUS_REQUEST_TOO_LARGE                                           Handle        = 0x8019019D
+	HTTP_E_STATUS_URI_TOO_LONG                                                Handle        = 0x8019019E
+	HTTP_E_STATUS_UNSUPPORTED_MEDIA                                           Handle        = 0x8019019F
+	HTTP_E_STATUS_RANGE_NOT_SATISFIABLE                                       Handle        = 0x801901A0
+	HTTP_E_STATUS_EXPECTATION_FAILED                                          Handle        = 0x801901A1
+	HTTP_E_STATUS_SERVER_ERROR                                                Handle        = 0x801901F4
+	HTTP_E_STATUS_NOT_SUPPORTED                                               Handle        = 0x801901F5
+	HTTP_E_STATUS_BAD_GATEWAY                                                 Handle        = 0x801901F6
+	HTTP_E_STATUS_SERVICE_UNAVAIL                                             Handle        = 0x801901F7
+	HTTP_E_STATUS_GATEWAY_TIMEOUT                                             Handle        = 0x801901F8
+	HTTP_E_STATUS_VERSION_NOT_SUP                                             Handle        = 0x801901F9
+	E_INVALID_PROTOCOL_OPERATION                                              Handle        = 0x83760001
+	E_INVALID_PROTOCOL_FORMAT                                                 Handle        = 0x83760002
+	E_PROTOCOL_EXTENSIONS_NOT_SUPPORTED                                       Handle        = 0x83760003
+	E_SUBPROTOCOL_NOT_SUPPORTED                                               Handle        = 0x83760004
+	E_PROTOCOL_VERSION_NOT_SUPPORTED                                          Handle        = 0x83760005
+	INPUT_E_OUT_OF_ORDER                                                      Handle        = 0x80400000
+	INPUT_E_REENTRANCY                                                        Handle        = 0x80400001
+	INPUT_E_MULTIMODAL                                                        Handle        = 0x80400002
+	INPUT_E_PACKET                                                            Handle        = 0x80400003
+	INPUT_E_FRAME                                                             Handle        = 0x80400004
+	INPUT_E_HISTORY                                                           Handle        = 0x80400005
+	INPUT_E_DEVICE_INFO                                                       Handle        = 0x80400006
+	INPUT_E_TRANSFORM                                                         Handle        = 0x80400007
+	INPUT_E_DEVICE_PROPERTY                                                   Handle        = 0x80400008
+	INET_E_INVALID_URL                                                        Handle        = 0x800C0002
+	INET_E_NO_SESSION                                                         Handle        = 0x800C0003
+	INET_E_CANNOT_CONNECT                                                     Handle        = 0x800C0004
+	INET_E_RESOURCE_NOT_FOUND                                                 Handle        = 0x800C0005
+	INET_E_OBJECT_NOT_FOUND                                                   Handle        = 0x800C0006
+	INET_E_DATA_NOT_AVAILABLE                                                 Handle        = 0x800C0007
+	INET_E_DOWNLOAD_FAILURE                                                   Handle        = 0x800C0008
+	INET_E_AUTHENTICATION_REQUIRED                                            Handle        = 0x800C0009
+	INET_E_NO_VALID_MEDIA                                                     Handle        = 0x800C000A
+	INET_E_CONNECTION_TIMEOUT                                                 Handle        = 0x800C000B
+	INET_E_INVALID_REQUEST                                                    Handle        = 0x800C000C
+	INET_E_UNKNOWN_PROTOCOL                                                   Handle        = 0x800C000D
+	INET_E_SECURITY_PROBLEM                                                   Handle        = 0x800C000E
+	INET_E_CANNOT_LOAD_DATA                                                   Handle        = 0x800C000F
+	INET_E_CANNOT_INSTANTIATE_OBJECT                                          Handle        = 0x800C0010
+	INET_E_INVALID_CERTIFICATE                                                Handle        = 0x800C0019
+	INET_E_REDIRECT_FAILED                                                    Handle        = 0x800C0014
+	INET_E_REDIRECT_TO_DIR                                                    Handle        = 0x800C0015
+	ERROR_DBG_CREATE_PROCESS_FAILURE_LOCKDOWN                                 Handle        = 0x80B00001
+	ERROR_DBG_ATTACH_PROCESS_FAILURE_LOCKDOWN                                 Handle        = 0x80B00002
+	ERROR_DBG_CONNECT_SERVER_FAILURE_LOCKDOWN                                 Handle        = 0x80B00003
+	ERROR_DBG_START_SERVER_FAILURE_LOCKDOWN                                   Handle        = 0x80B00004
+	ERROR_IO_PREEMPTED                                                        Handle        = 0x89010001
+	JSCRIPT_E_CANTEXECUTE                                                     Handle        = 0x89020001
+	WEP_E_NOT_PROVISIONED_ON_ALL_VOLUMES                                      Handle        = 0x88010001
+	WEP_E_FIXED_DATA_NOT_SUPPORTED                                            Handle        = 0x88010002
+	WEP_E_HARDWARE_NOT_COMPLIANT                                              Handle        = 0x88010003
+	WEP_E_LOCK_NOT_CONFIGURED                                                 Handle        = 0x88010004
+	WEP_E_PROTECTION_SUSPENDED                                                Handle        = 0x88010005
+	WEP_E_NO_LICENSE                                                          Handle        = 0x88010006
+	WEP_E_OS_NOT_PROTECTED                                                    Handle        = 0x88010007
+	WEP_E_UNEXPECTED_FAIL                                                     Handle        = 0x88010008
+	WEP_E_BUFFER_TOO_LARGE                                                    Handle        = 0x88010009
+	ERROR_SVHDX_ERROR_STORED                                                  Handle        = 0xC05C0000
+	ERROR_SVHDX_ERROR_NOT_AVAILABLE                                           Handle        = 0xC05CFF00
+	ERROR_SVHDX_UNIT_ATTENTION_AVAILABLE                                      Handle        = 0xC05CFF01
+	ERROR_SVHDX_UNIT_ATTENTION_CAPACITY_DATA_CHANGED                          Handle        = 0xC05CFF02
+	ERROR_SVHDX_UNIT_ATTENTION_RESERVATIONS_PREEMPTED                         Handle        = 0xC05CFF03
+	ERROR_SVHDX_UNIT_ATTENTION_RESERVATIONS_RELEASED                          Handle        = 0xC05CFF04
+	ERROR_SVHDX_UNIT_ATTENTION_REGISTRATIONS_PREEMPTED                        Handle        = 0xC05CFF05
+	ERROR_SVHDX_UNIT_ATTENTION_OPERATING_DEFINITION_CHANGED                   Handle        = 0xC05CFF06
+	ERROR_SVHDX_RESERVATION_CONFLICT                                          Handle        = 0xC05CFF07
+	ERROR_SVHDX_WRONG_FILE_TYPE                                               Handle        = 0xC05CFF08
+	ERROR_SVHDX_VERSION_MISMATCH                                              Handle        = 0xC05CFF09
+	ERROR_VHD_SHARED                                                          Handle        = 0xC05CFF0A
+	ERROR_SVHDX_NO_INITIATOR                                                  Handle        = 0xC05CFF0B
+	ERROR_VHDSET_BACKING_STORAGE_NOT_FOUND                                    Handle        = 0xC05CFF0C
+	ERROR_SMB_NO_PREAUTH_INTEGRITY_HASH_OVERLAP                               Handle        = 0xC05D0000
+	ERROR_SMB_BAD_CLUSTER_DIALECT                                             Handle        = 0xC05D0001
+	WININET_E_OUT_OF_HANDLES                                                  Handle        = 0x80072EE1
+	WININET_E_TIMEOUT                                                         Handle        = 0x80072EE2
+	WININET_E_EXTENDED_ERROR                                                  Handle        = 0x80072EE3
+	WININET_E_INTERNAL_ERROR                                                  Handle        = 0x80072EE4
+	WININET_E_INVALID_URL                                                     Handle        = 0x80072EE5
+	WININET_E_UNRECOGNIZED_SCHEME                                             Handle        = 0x80072EE6
+	WININET_E_NAME_NOT_RESOLVED                                               Handle        = 0x80072EE7
+	WININET_E_PROTOCOL_NOT_FOUND                                              Handle        = 0x80072EE8
+	WININET_E_INVALID_OPTION                                                  Handle        = 0x80072EE9
+	WININET_E_BAD_OPTION_LENGTH                                               Handle        = 0x80072EEA
+	WININET_E_OPTION_NOT_SETTABLE                                             Handle        = 0x80072EEB
+	WININET_E_SHUTDOWN                                                        Handle        = 0x80072EEC
+	WININET_E_INCORRECT_USER_NAME                                             Handle        = 0x80072EED
+	WININET_E_INCORRECT_PASSWORD                                              Handle        = 0x80072EEE
+	WININET_E_LOGIN_FAILURE                                                   Handle        = 0x80072EEF
+	WININET_E_INVALID_OPERATION                                               Handle        = 0x80072EF0
+	WININET_E_OPERATION_CANCELLED                                             Handle        = 0x80072EF1
+	WININET_E_INCORRECT_HANDLE_TYPE                                           Handle        = 0x80072EF2
+	WININET_E_INCORRECT_HANDLE_STATE                                          Handle        = 0x80072EF3
+	WININET_E_NOT_PROXY_REQUEST                                               Handle        = 0x80072EF4
+	WININET_E_REGISTRY_VALUE_NOT_FOUND                                        Handle        = 0x80072EF5
+	WININET_E_BAD_REGISTRY_PARAMETER                                          Handle        = 0x80072EF6
+	WININET_E_NO_DIRECT_ACCESS                                                Handle        = 0x80072EF7
+	WININET_E_NO_CONTEXT                                                      Handle        = 0x80072EF8
+	WININET_E_NO_CALLBACK                                                     Handle        = 0x80072EF9
+	WININET_E_REQUEST_PENDING                                                 Handle        = 0x80072EFA
+	WININET_E_INCORRECT_FORMAT                                                Handle        = 0x80072EFB
+	WININET_E_ITEM_NOT_FOUND                                                  Handle        = 0x80072EFC
+	WININET_E_CANNOT_CONNECT                                                  Handle        = 0x80072EFD
+	WININET_E_CONNECTION_ABORTED                                              Handle        = 0x80072EFE
+	WININET_E_CONNECTION_RESET                                                Handle        = 0x80072EFF
+	WININET_E_FORCE_RETRY                                                     Handle        = 0x80072F00
+	WININET_E_INVALID_PROXY_REQUEST                                           Handle        = 0x80072F01
+	WININET_E_NEED_UI                                                         Handle        = 0x80072F02
+	WININET_E_HANDLE_EXISTS                                                   Handle        = 0x80072F04
+	WININET_E_SEC_CERT_DATE_INVALID                                           Handle        = 0x80072F05
+	WININET_E_SEC_CERT_CN_INVALID                                             Handle        = 0x80072F06
+	WININET_E_HTTP_TO_HTTPS_ON_REDIR                                          Handle        = 0x80072F07
+	WININET_E_HTTPS_TO_HTTP_ON_REDIR                                          Handle        = 0x80072F08
+	WININET_E_MIXED_SECURITY                                                  Handle        = 0x80072F09
+	WININET_E_CHG_POST_IS_NON_SECURE                                          Handle        = 0x80072F0A
+	WININET_E_POST_IS_NON_SECURE                                              Handle        = 0x80072F0B
+	WININET_E_CLIENT_AUTH_CERT_NEEDED                                         Handle        = 0x80072F0C
+	WININET_E_INVALID_CA                                                      Handle        = 0x80072F0D
+	WININET_E_CLIENT_AUTH_NOT_SETUP                                           Handle        = 0x80072F0E
+	WININET_E_ASYNC_THREAD_FAILED                                             Handle        = 0x80072F0F
+	WININET_E_REDIRECT_SCHEME_CHANGE                                          Handle        = 0x80072F10
+	WININET_E_DIALOG_PENDING                                                  Handle        = 0x80072F11
+	WININET_E_RETRY_DIALOG                                                    Handle        = 0x80072F12
+	WININET_E_NO_NEW_CONTAINERS                                               Handle        = 0x80072F13
+	WININET_E_HTTPS_HTTP_SUBMIT_REDIR                                         Handle        = 0x80072F14
+	WININET_E_SEC_CERT_ERRORS                                                 Handle        = 0x80072F17
+	WININET_E_SEC_CERT_REV_FAILED                                             Handle        = 0x80072F19
+	WININET_E_HEADER_NOT_FOUND                                                Handle        = 0x80072F76
+	WININET_E_DOWNLEVEL_SERVER                                                Handle        = 0x80072F77
+	WININET_E_INVALID_SERVER_RESPONSE                                         Handle        = 0x80072F78
+	WININET_E_INVALID_HEADER                                                  Handle        = 0x80072F79
+	WININET_E_INVALID_QUERY_REQUEST                                           Handle        = 0x80072F7A
+	WININET_E_HEADER_ALREADY_EXISTS                                           Handle        = 0x80072F7B
+	WININET_E_REDIRECT_FAILED                                                 Handle        = 0x80072F7C
+	WININET_E_SECURITY_CHANNEL_ERROR                                          Handle        = 0x80072F7D
+	WININET_E_UNABLE_TO_CACHE_FILE                                            Handle        = 0x80072F7E
+	WININET_E_TCPIP_NOT_INSTALLED                                             Handle        = 0x80072F7F
+	WININET_E_DISCONNECTED                                                    Handle        = 0x80072F83
+	WININET_E_SERVER_UNREACHABLE                                              Handle        = 0x80072F84
+	WININET_E_PROXY_SERVER_UNREACHABLE                                        Handle        = 0x80072F85
+	WININET_E_BAD_AUTO_PROXY_SCRIPT                                           Handle        = 0x80072F86
+	WININET_E_UNABLE_TO_DOWNLOAD_SCRIPT                                       Handle        = 0x80072F87
+	WININET_E_SEC_INVALID_CERT                                                Handle        = 0x80072F89
+	WININET_E_SEC_CERT_REVOKED                                                Handle        = 0x80072F8A
+	WININET_E_FAILED_DUETOSECURITYCHECK                                       Handle        = 0x80072F8B
+	WININET_E_NOT_INITIALIZED                                                 Handle        = 0x80072F8C
+	WININET_E_LOGIN_FAILURE_DISPLAY_ENTITY_BODY                               Handle        = 0x80072F8E
+	WININET_E_DECODING_FAILED                                                 Handle        = 0x80072F8F
+	WININET_E_NOT_REDIRECTED                                                  Handle        = 0x80072F80
+	WININET_E_COOKIE_NEEDS_CONFIRMATION                                       Handle        = 0x80072F81
+	WININET_E_COOKIE_DECLINED                                                 Handle        = 0x80072F82
+	WININET_E_REDIRECT_NEEDS_CONFIRMATION                                     Handle        = 0x80072F88
+	SQLITE_E_ERROR                                                            Handle        = 0x87AF0001
+	SQLITE_E_INTERNAL                                                         Handle        = 0x87AF0002
+	SQLITE_E_PERM                                                             Handle        = 0x87AF0003
+	SQLITE_E_ABORT                                                            Handle        = 0x87AF0004
+	SQLITE_E_BUSY                                                             Handle        = 0x87AF0005
+	SQLITE_E_LOCKED                                                           Handle        = 0x87AF0006
+	SQLITE_E_NOMEM                                                            Handle        = 0x87AF0007
+	SQLITE_E_READONLY                                                         Handle        = 0x87AF0008
+	SQLITE_E_INTERRUPT                                                        Handle        = 0x87AF0009
+	SQLITE_E_IOERR                                                            Handle        = 0x87AF000A
+	SQLITE_E_CORRUPT                                                          Handle        = 0x87AF000B
+	SQLITE_E_NOTFOUND                                                         Handle        = 0x87AF000C
+	SQLITE_E_FULL                                                             Handle        = 0x87AF000D
+	SQLITE_E_CANTOPEN                                                         Handle        = 0x87AF000E
+	SQLITE_E_PROTOCOL                                                         Handle        = 0x87AF000F
+	SQLITE_E_EMPTY                                                            Handle        = 0x87AF0010
+	SQLITE_E_SCHEMA                                                           Handle        = 0x87AF0011
+	SQLITE_E_TOOBIG                                                           Handle        = 0x87AF0012
+	SQLITE_E_CONSTRAINT                                                       Handle        = 0x87AF0013
+	SQLITE_E_MISMATCH                                                         Handle        = 0x87AF0014
+	SQLITE_E_MISUSE                                                           Handle        = 0x87AF0015
+	SQLITE_E_NOLFS                                                            Handle        = 0x87AF0016
+	SQLITE_E_AUTH                                                             Handle        = 0x87AF0017
+	SQLITE_E_FORMAT                                                           Handle        = 0x87AF0018
+	SQLITE_E_RANGE                                                            Handle        = 0x87AF0019
+	SQLITE_E_NOTADB                                                           Handle        = 0x87AF001A
+	SQLITE_E_NOTICE                                                           Handle        = 0x87AF001B
+	SQLITE_E_WARNING                                                          Handle        = 0x87AF001C
+	SQLITE_E_ROW                                                              Handle        = 0x87AF0064
+	SQLITE_E_DONE                                                             Handle        = 0x87AF0065
+	SQLITE_E_IOERR_READ                                                       Handle        = 0x87AF010A
+	SQLITE_E_IOERR_SHORT_READ                                                 Handle        = 0x87AF020A
+	SQLITE_E_IOERR_WRITE                                                      Handle        = 0x87AF030A
+	SQLITE_E_IOERR_FSYNC                                                      Handle        = 0x87AF040A
+	SQLITE_E_IOERR_DIR_FSYNC                                                  Handle        = 0x87AF050A
+	SQLITE_E_IOERR_TRUNCATE                                                   Handle        = 0x87AF060A
+	SQLITE_E_IOERR_FSTAT                                                      Handle        = 0x87AF070A
+	SQLITE_E_IOERR_UNLOCK                                                     Handle        = 0x87AF080A
+	SQLITE_E_IOERR_RDLOCK                                                     Handle        = 0x87AF090A
+	SQLITE_E_IOERR_DELETE                                                     Handle        = 0x87AF0A0A
+	SQLITE_E_IOERR_BLOCKED                                                    Handle        = 0x87AF0B0A
+	SQLITE_E_IOERR_NOMEM                                                      Handle        = 0x87AF0C0A
+	SQLITE_E_IOERR_ACCESS                                                     Handle        = 0x87AF0D0A
+	SQLITE_E_IOERR_CHECKRESERVEDLOCK                                          Handle        = 0x87AF0E0A
+	SQLITE_E_IOERR_LOCK                                                       Handle        = 0x87AF0F0A
+	SQLITE_E_IOERR_CLOSE                                                      Handle        = 0x87AF100A
+	SQLITE_E_IOERR_DIR_CLOSE                                                  Handle        = 0x87AF110A
+	SQLITE_E_IOERR_SHMOPEN                                                    Handle        = 0x87AF120A
+	SQLITE_E_IOERR_SHMSIZE                                                    Handle        = 0x87AF130A
+	SQLITE_E_IOERR_SHMLOCK                                                    Handle        = 0x87AF140A
+	SQLITE_E_IOERR_SHMMAP                                                     Handle        = 0x87AF150A
+	SQLITE_E_IOERR_SEEK                                                       Handle        = 0x87AF160A
+	SQLITE_E_IOERR_DELETE_NOENT                                               Handle        = 0x87AF170A
+	SQLITE_E_IOERR_MMAP                                                       Handle        = 0x87AF180A
+	SQLITE_E_IOERR_GETTEMPPATH                                                Handle        = 0x87AF190A
+	SQLITE_E_IOERR_CONVPATH                                                   Handle        = 0x87AF1A0A
+	SQLITE_E_IOERR_VNODE                                                      Handle        = 0x87AF1A02
+	SQLITE_E_IOERR_AUTH                                                       Handle        = 0x87AF1A03
+	SQLITE_E_LOCKED_SHAREDCACHE                                               Handle        = 0x87AF0106
+	SQLITE_E_BUSY_RECOVERY                                                    Handle        = 0x87AF0105
+	SQLITE_E_BUSY_SNAPSHOT                                                    Handle        = 0x87AF0205
+	SQLITE_E_CANTOPEN_NOTEMPDIR                                               Handle        = 0x87AF010E
+	SQLITE_E_CANTOPEN_ISDIR                                                   Handle        = 0x87AF020E
+	SQLITE_E_CANTOPEN_FULLPATH                                                Handle        = 0x87AF030E
+	SQLITE_E_CANTOPEN_CONVPATH                                                Handle        = 0x87AF040E
+	SQLITE_E_CORRUPT_VTAB                                                     Handle        = 0x87AF010B
+	SQLITE_E_READONLY_RECOVERY                                                Handle        = 0x87AF0108
+	SQLITE_E_READONLY_CANTLOCK                                                Handle        = 0x87AF0208
+	SQLITE_E_READONLY_ROLLBACK                                                Handle        = 0x87AF0308
+	SQLITE_E_READONLY_DBMOVED                                                 Handle        = 0x87AF0408
+	SQLITE_E_ABORT_ROLLBACK                                                   Handle        = 0x87AF0204
+	SQLITE_E_CONSTRAINT_CHECK                                                 Handle        = 0x87AF0113
+	SQLITE_E_CONSTRAINT_COMMITHOOK                                            Handle        = 0x87AF0213
+	SQLITE_E_CONSTRAINT_FOREIGNKEY                                            Handle        = 0x87AF0313
+	SQLITE_E_CONSTRAINT_FUNCTION                                              Handle        = 0x87AF0413
+	SQLITE_E_CONSTRAINT_NOTNULL                                               Handle        = 0x87AF0513
+	SQLITE_E_CONSTRAINT_PRIMARYKEY                                            Handle        = 0x87AF0613
+	SQLITE_E_CONSTRAINT_TRIGGER                                               Handle        = 0x87AF0713
+	SQLITE_E_CONSTRAINT_UNIQUE                                                Handle        = 0x87AF0813
+	SQLITE_E_CONSTRAINT_VTAB                                                  Handle        = 0x87AF0913
+	SQLITE_E_CONSTRAINT_ROWID                                                 Handle        = 0x87AF0A13
+	SQLITE_E_NOTICE_RECOVER_WAL                                               Handle        = 0x87AF011B
+	SQLITE_E_NOTICE_RECOVER_ROLLBACK                                          Handle        = 0x87AF021B
+	SQLITE_E_WARNING_AUTOINDEX                                                Handle        = 0x87AF011C
+	UTC_E_TOGGLE_TRACE_STARTED                                                Handle        = 0x87C51001
+	UTC_E_ALTERNATIVE_TRACE_CANNOT_PREEMPT                                    Handle        = 0x87C51002
+	UTC_E_AOT_NOT_RUNNING                                                     Handle        = 0x87C51003
+	UTC_E_SCRIPT_TYPE_INVALID                                                 Handle        = 0x87C51004
+	UTC_E_SCENARIODEF_NOT_FOUND                                               Handle        = 0x87C51005
+	UTC_E_TRACEPROFILE_NOT_FOUND                                              Handle        = 0x87C51006
+	UTC_E_FORWARDER_ALREADY_ENABLED                                           Handle        = 0x87C51007
+	UTC_E_FORWARDER_ALREADY_DISABLED                                          Handle        = 0x87C51008
+	UTC_E_EVENTLOG_ENTRY_MALFORMED                                            Handle        = 0x87C51009
+	UTC_E_DIAGRULES_SCHEMAVERSION_MISMATCH                                    Handle        = 0x87C5100A
+	UTC_E_SCRIPT_TERMINATED                                                   Handle        = 0x87C5100B
+	UTC_E_INVALID_CUSTOM_FILTER                                               Handle        = 0x87C5100C
+	UTC_E_TRACE_NOT_RUNNING                                                   Handle        = 0x87C5100D
+	UTC_E_REESCALATED_TOO_QUICKLY                                             Handle        = 0x87C5100E
+	UTC_E_ESCALATION_ALREADY_RUNNING                                          Handle        = 0x87C5100F
+	UTC_E_PERFTRACK_ALREADY_TRACING                                           Handle        = 0x87C51010
+	UTC_E_REACHED_MAX_ESCALATIONS                                             Handle        = 0x87C51011
+	UTC_E_FORWARDER_PRODUCER_MISMATCH                                         Handle        = 0x87C51012
+	UTC_E_INTENTIONAL_SCRIPT_FAILURE                                          Handle        = 0x87C51013
+	UTC_E_SQM_INIT_FAILED                                                     Handle        = 0x87C51014
+	UTC_E_NO_WER_LOGGER_SUPPORTED                                             Handle        = 0x87C51015
+	UTC_E_TRACERS_DONT_EXIST                                                  Handle        = 0x87C51016
+	UTC_E_WINRT_INIT_FAILED                                                   Handle        = 0x87C51017
+	UTC_E_SCENARIODEF_SCHEMAVERSION_MISMATCH                                  Handle        = 0x87C51018
+	UTC_E_INVALID_FILTER                                                      Handle        = 0x87C51019
+	UTC_E_EXE_TERMINATED                                                      Handle        = 0x87C5101A
+	UTC_E_ESCALATION_NOT_AUTHORIZED                                           Handle        = 0x87C5101B
+	UTC_E_SETUP_NOT_AUTHORIZED                                                Handle        = 0x87C5101C
+	UTC_E_CHILD_PROCESS_FAILED                                                Handle        = 0x87C5101D
+	UTC_E_COMMAND_LINE_NOT_AUTHORIZED                                         Handle        = 0x87C5101E
+	UTC_E_CANNOT_LOAD_SCENARIO_EDITOR_XML                                     Handle        = 0x87C5101F
+	UTC_E_ESCALATION_TIMED_OUT                                                Handle        = 0x87C51020
+	UTC_E_SETUP_TIMED_OUT                                                     Handle        = 0x87C51021
+	UTC_E_TRIGGER_MISMATCH                                                    Handle        = 0x87C51022
+	UTC_E_TRIGGER_NOT_FOUND                                                   Handle        = 0x87C51023
+	UTC_E_SIF_NOT_SUPPORTED                                                   Handle        = 0x87C51024
+	UTC_E_DELAY_TERMINATED                                                    Handle        = 0x87C51025
+	UTC_E_DEVICE_TICKET_ERROR                                                 Handle        = 0x87C51026
+	UTC_E_TRACE_BUFFER_LIMIT_EXCEEDED                                         Handle        = 0x87C51027
+	UTC_E_API_RESULT_UNAVAILABLE                                              Handle        = 0x87C51028
+	UTC_E_RPC_TIMEOUT                                                         Handle        = 0x87C51029
+	UTC_E_RPC_WAIT_FAILED                                                     Handle        = 0x87C5102A
+	UTC_E_API_BUSY                                                            Handle        = 0x87C5102B
+	UTC_E_TRACE_MIN_DURATION_REQUIREMENT_NOT_MET                              Handle        = 0x87C5102C
+	UTC_E_EXCLUSIVITY_NOT_AVAILABLE                                           Handle        = 0x87C5102D
+	UTC_E_GETFILE_FILE_PATH_NOT_APPROVED                                      Handle        = 0x87C5102E
+	UTC_E_ESCALATION_DIRECTORY_ALREADY_EXISTS                                 Handle        = 0x87C5102F
+	UTC_E_TIME_TRIGGER_ON_START_INVALID                                       Handle        = 0x87C51030
+	UTC_E_TIME_TRIGGER_ONLY_VALID_ON_SINGLE_TRANSITION                        Handle        = 0x87C51031
+	UTC_E_TIME_TRIGGER_INVALID_TIME_RANGE                                     Handle        = 0x87C51032
+	UTC_E_MULTIPLE_TIME_TRIGGER_ON_SINGLE_STATE                               Handle        = 0x87C51033
+	UTC_E_BINARY_MISSING                                                      Handle        = 0x87C51034
+	UTC_E_NETWORK_CAPTURE_NOT_ALLOWED                                         Handle        = 0x87C51035
+	UTC_E_FAILED_TO_RESOLVE_CONTAINER_ID                                      Handle        = 0x87C51036
+	UTC_E_UNABLE_TO_RESOLVE_SESSION                                           Handle        = 0x87C51037
+	UTC_E_THROTTLED                                                           Handle        = 0x87C51038
+	UTC_E_UNAPPROVED_SCRIPT                                                   Handle        = 0x87C51039
+	UTC_E_SCRIPT_MISSING                                                      Handle        = 0x87C5103A
+	UTC_E_SCENARIO_THROTTLED                                                  Handle        = 0x87C5103B
+	UTC_E_API_NOT_SUPPORTED                                                   Handle        = 0x87C5103C
+	UTC_E_GETFILE_EXTERNAL_PATH_NOT_APPROVED                                  Handle        = 0x87C5103D
+	UTC_E_TRY_GET_SCENARIO_TIMEOUT_EXCEEDED                                   Handle        = 0x87C5103E
+	UTC_E_CERT_REV_FAILED                                                     Handle        = 0x87C5103F
+	UTC_E_FAILED_TO_START_NDISCAP                                             Handle        = 0x87C51040
+	UTC_E_KERNELDUMP_LIMIT_REACHED                                            Handle        = 0x87C51041
+	UTC_E_MISSING_AGGREGATE_EVENT_TAG                                         Handle        = 0x87C51042
+	UTC_E_INVALID_AGGREGATION_STRUCT                                          Handle        = 0x87C51043
+	UTC_E_ACTION_NOT_SUPPORTED_IN_DESTINATION                                 Handle        = 0x87C51044
+	UTC_E_FILTER_MISSING_ATTRIBUTE                                            Handle        = 0x87C51045
+	UTC_E_FILTER_INVALID_TYPE                                                 Handle        = 0x87C51046
+	UTC_E_FILTER_VARIABLE_NOT_FOUND                                           Handle        = 0x87C51047
+	UTC_E_FILTER_FUNCTION_RESTRICTED                                          Handle        = 0x87C51048
+	UTC_E_FILTER_VERSION_MISMATCH                                             Handle        = 0x87C51049
+	UTC_E_FILTER_INVALID_FUNCTION                                             Handle        = 0x87C51050
+	UTC_E_FILTER_INVALID_FUNCTION_PARAMS                                      Handle        = 0x87C51051
+	UTC_E_FILTER_INVALID_COMMAND                                              Handle        = 0x87C51052
+	UTC_E_FILTER_ILLEGAL_EVAL                                                 Handle        = 0x87C51053
+	UTC_E_TTTRACER_RETURNED_ERROR                                             Handle        = 0x87C51054
+	UTC_E_AGENT_DIAGNOSTICS_TOO_LARGE                                         Handle        = 0x87C51055
+	UTC_E_FAILED_TO_RECEIVE_AGENT_DIAGNOSTICS                                 Handle        = 0x87C51056
+	UTC_E_SCENARIO_HAS_NO_ACTIONS                                             Handle        = 0x87C51057
+	UTC_E_TTTRACER_STORAGE_FULL                                               Handle        = 0x87C51058
+	UTC_E_INSUFFICIENT_SPACE_TO_START_TRACE                                   Handle        = 0x87C51059
+	UTC_E_ESCALATION_CANCELLED_AT_SHUTDOWN                                    Handle        = 0x87C5105A
+	UTC_E_GETFILEINFOACTION_FILE_NOT_APPROVED                                 Handle        = 0x87C5105B
+	WINML_ERR_INVALID_DEVICE                                                  Handle        = 0x88900001
+	WINML_ERR_INVALID_BINDING                                                 Handle        = 0x88900002
+	WINML_ERR_VALUE_NOTFOUND                                                  Handle        = 0x88900003
+	WINML_ERR_SIZE_MISMATCH                                                   Handle        = 0x88900004
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/zknownfolderids_windows.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/zknownfolderids_windows.go
new file mode 100644
index 000000000..6048ac679
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/zknownfolderids_windows.go
@@ -0,0 +1,149 @@
+// Code generated by 'mkknownfolderids.bash'; DO NOT EDIT.
+
+package windows
+
+type KNOWNFOLDERID GUID
+
+var (
+	FOLDERID_NetworkFolder          = &KNOWNFOLDERID{0xd20beec4, 0x5ca8, 0x4905, [8]byte{0xae, 0x3b, 0xbf, 0x25, 0x1e, 0xa0, 0x9b, 0x53}}
+	FOLDERID_ComputerFolder         = &KNOWNFOLDERID{0x0ac0837c, 0xbbf8, 0x452a, [8]byte{0x85, 0x0d, 0x79, 0xd0, 0x8e, 0x66, 0x7c, 0xa7}}
+	FOLDERID_InternetFolder         = &KNOWNFOLDERID{0x4d9f7874, 0x4e0c, 0x4904, [8]byte{0x96, 0x7b, 0x40, 0xb0, 0xd2, 0x0c, 0x3e, 0x4b}}
+	FOLDERID_ControlPanelFolder     = &KNOWNFOLDERID{0x82a74aeb, 0xaeb4, 0x465c, [8]byte{0xa0, 0x14, 0xd0, 0x97, 0xee, 0x34, 0x6d, 0x63}}
+	FOLDERID_PrintersFolder         = &KNOWNFOLDERID{0x76fc4e2d, 0xd6ad, 0x4519, [8]byte{0xa6, 0x63, 0x37, 0xbd, 0x56, 0x06, 0x81, 0x85}}
+	FOLDERID_SyncManagerFolder      = &KNOWNFOLDERID{0x43668bf8, 0xc14e, 0x49b2, [8]byte{0x97, 0xc9, 0x74, 0x77, 0x84, 0xd7, 0x84, 0xb7}}
+	FOLDERID_SyncSetupFolder        = &KNOWNFOLDERID{0x0f214138, 0xb1d3, 0x4a90, [8]byte{0xbb, 0xa9, 0x27, 0xcb, 0xc0, 0xc5, 0x38, 0x9a}}
+	FOLDERID_ConflictFolder         = &KNOWNFOLDERID{0x4bfefb45, 0x347d, 0x4006, [8]byte{0xa5, 0xbe, 0xac, 0x0c, 0xb0, 0x56, 0x71, 0x92}}
+	FOLDERID_SyncResultsFolder      = &KNOWNFOLDERID{0x289a9a43, 0xbe44, 0x4057, [8]byte{0xa4, 0x1b, 0x58, 0x7a, 0x76, 0xd7, 0xe7, 0xf9}}
+	FOLDERID_RecycleBinFolder       = &KNOWNFOLDERID{0xb7534046, 0x3ecb, 0x4c18, [8]byte{0xbe, 0x4e, 0x64, 0xcd, 0x4c, 0xb7, 0xd6, 0xac}}
+	FOLDERID_ConnectionsFolder      = &KNOWNFOLDERID{0x6f0cd92b, 0x2e97, 0x45d1, [8]byte{0x88, 0xff, 0xb0, 0xd1, 0x86, 0xb8, 0xde, 0xdd}}
+	FOLDERID_Fonts                  = &KNOWNFOLDERID{0xfd228cb7, 0xae11, 0x4ae3, [8]byte{0x86, 0x4c, 0x16, 0xf3, 0x91, 0x0a, 0xb8, 0xfe}}
+	FOLDERID_Desktop                = &KNOWNFOLDERID{0xb4bfcc3a, 0xdb2c, 0x424c, [8]byte{0xb0, 0x29, 0x7f, 0xe9, 0x9a, 0x87, 0xc6, 0x41}}
+	FOLDERID_Startup                = &KNOWNFOLDERID{0xb97d20bb, 0xf46a, 0x4c97, [8]byte{0xba, 0x10, 0x5e, 0x36, 0x08, 0x43, 0x08, 0x54}}
+	FOLDERID_Programs               = &KNOWNFOLDERID{0xa77f5d77, 0x2e2b, 0x44c3, [8]byte{0xa6, 0xa2, 0xab, 0xa6, 0x01, 0x05, 0x4a, 0x51}}
+	FOLDERID_StartMenu              = &KNOWNFOLDERID{0x625b53c3, 0xab48, 0x4ec1, [8]byte{0xba, 0x1f, 0xa1, 0xef, 0x41, 0x46, 0xfc, 0x19}}
+	FOLDERID_Recent                 = &KNOWNFOLDERID{0xae50c081, 0xebd2, 0x438a, [8]byte{0x86, 0x55, 0x8a, 0x09, 0x2e, 0x34, 0x98, 0x7a}}
+	FOLDERID_SendTo                 = &KNOWNFOLDERID{0x8983036c, 0x27c0, 0x404b, [8]byte{0x8f, 0x08, 0x10, 0x2d, 0x10, 0xdc, 0xfd, 0x74}}
+	FOLDERID_Documents              = &KNOWNFOLDERID{0xfdd39ad0, 0x238f, 0x46af, [8]byte{0xad, 0xb4, 0x6c, 0x85, 0x48, 0x03, 0x69, 0xc7}}
+	FOLDERID_Favorites              = &KNOWNFOLDERID{0x1777f761, 0x68ad, 0x4d8a, [8]byte{0x87, 0xbd, 0x30, 0xb7, 0x59, 0xfa, 0x33, 0xdd}}
+	FOLDERID_NetHood                = &KNOWNFOLDERID{0xc5abbf53, 0xe17f, 0x4121, [8]byte{0x89, 0x00, 0x86, 0x62, 0x6f, 0xc2, 0xc9, 0x73}}
+	FOLDERID_PrintHood              = &KNOWNFOLDERID{0x9274bd8d, 0xcfd1, 0x41c3, [8]byte{0xb3, 0x5e, 0xb1, 0x3f, 0x55, 0xa7, 0x58, 0xf4}}
+	FOLDERID_Templates              = &KNOWNFOLDERID{0xa63293e8, 0x664e, 0x48db, [8]byte{0xa0, 0x79, 0xdf, 0x75, 0x9e, 0x05, 0x09, 0xf7}}
+	FOLDERID_CommonStartup          = &KNOWNFOLDERID{0x82a5ea35, 0xd9cd, 0x47c5, [8]byte{0x96, 0x29, 0xe1, 0x5d, 0x2f, 0x71, 0x4e, 0x6e}}
+	FOLDERID_CommonPrograms         = &KNOWNFOLDERID{0x0139d44e, 0x6afe, 0x49f2, [8]byte{0x86, 0x90, 0x3d, 0xaf, 0xca, 0xe6, 0xff, 0xb8}}
+	FOLDERID_CommonStartMenu        = &KNOWNFOLDERID{0xa4115719, 0xd62e, 0x491d, [8]byte{0xaa, 0x7c, 0xe7, 0x4b, 0x8b, 0xe3, 0xb0, 0x67}}
+	FOLDERID_PublicDesktop          = &KNOWNFOLDERID{0xc4aa340d, 0xf20f, 0x4863, [8]byte{0xaf, 0xef, 0xf8, 0x7e, 0xf2, 0xe6, 0xba, 0x25}}
+	FOLDERID_ProgramData            = &KNOWNFOLDERID{0x62ab5d82, 0xfdc1, 0x4dc3, [8]byte{0xa9, 0xdd, 0x07, 0x0d, 0x1d, 0x49, 0x5d, 0x97}}
+	FOLDERID_CommonTemplates        = &KNOWNFOLDERID{0xb94237e7, 0x57ac, 0x4347, [8]byte{0x91, 0x51, 0xb0, 0x8c, 0x6c, 0x32, 0xd1, 0xf7}}
+	FOLDERID_PublicDocuments        = &KNOWNFOLDERID{0xed4824af, 0xdce4, 0x45a8, [8]byte{0x81, 0xe2, 0xfc, 0x79, 0x65, 0x08, 0x36, 0x34}}
+	FOLDERID_RoamingAppData         = &KNOWNFOLDERID{0x3eb685db, 0x65f9, 0x4cf6, [8]byte{0xa0, 0x3a, 0xe3, 0xef, 0x65, 0x72, 0x9f, 0x3d}}
+	FOLDERID_LocalAppData           = &KNOWNFOLDERID{0xf1b32785, 0x6fba, 0x4fcf, [8]byte{0x9d, 0x55, 0x7b, 0x8e, 0x7f, 0x15, 0x70, 0x91}}
+	FOLDERID_LocalAppDataLow        = &KNOWNFOLDERID{0xa520a1a4, 0x1780, 0x4ff6, [8]byte{0xbd, 0x18, 0x16, 0x73, 0x43, 0xc5, 0xaf, 0x16}}
+	FOLDERID_InternetCache          = &KNOWNFOLDERID{0x352481e8, 0x33be, 0x4251, [8]byte{0xba, 0x85, 0x60, 0x07, 0xca, 0xed, 0xcf, 0x9d}}
+	FOLDERID_Cookies                = &KNOWNFOLDERID{0x2b0f765d, 0xc0e9, 0x4171, [8]byte{0x90, 0x8e, 0x08, 0xa6, 0x11, 0xb8, 0x4f, 0xf6}}
+	FOLDERID_History                = &KNOWNFOLDERID{0xd9dc8a3b, 0xb784, 0x432e, [8]byte{0xa7, 0x81, 0x5a, 0x11, 0x30, 0xa7, 0x59, 0x63}}
+	FOLDERID_System                 = &KNOWNFOLDERID{0x1ac14e77, 0x02e7, 0x4e5d, [8]byte{0xb7, 0x44, 0x2e, 0xb1, 0xae, 0x51, 0x98, 0xb7}}
+	FOLDERID_SystemX86              = &KNOWNFOLDERID{0xd65231b0, 0xb2f1, 0x4857, [8]byte{0xa4, 0xce, 0xa8, 0xe7, 0xc6, 0xea, 0x7d, 0x27}}
+	FOLDERID_Windows                = &KNOWNFOLDERID{0xf38bf404, 0x1d43, 0x42f2, [8]byte{0x93, 0x05, 0x67, 0xde, 0x0b, 0x28, 0xfc, 0x23}}
+	FOLDERID_Profile                = &KNOWNFOLDERID{0x5e6c858f, 0x0e22, 0x4760, [8]byte{0x9a, 0xfe, 0xea, 0x33, 0x17, 0xb6, 0x71, 0x73}}
+	FOLDERID_Pictures               = &KNOWNFOLDERID{0x33e28130, 0x4e1e, 0x4676, [8]byte{0x83, 0x5a, 0x98, 0x39, 0x5c, 0x3b, 0xc3, 0xbb}}
+	FOLDERID_ProgramFilesX86        = &KNOWNFOLDERID{0x7c5a40ef, 0xa0fb, 0x4bfc, [8]byte{0x87, 0x4a, 0xc0, 0xf2, 0xe0, 0xb9, 0xfa, 0x8e}}
+	FOLDERID_ProgramFilesCommonX86  = &KNOWNFOLDERID{0xde974d24, 0xd9c6, 0x4d3e, [8]byte{0xbf, 0x91, 0xf4, 0x45, 0x51, 0x20, 0xb9, 0x17}}
+	FOLDERID_ProgramFilesX64        = &KNOWNFOLDERID{0x6d809377, 0x6af0, 0x444b, [8]byte{0x89, 0x57, 0xa3, 0x77, 0x3f, 0x02, 0x20, 0x0e}}
+	FOLDERID_ProgramFilesCommonX64  = &KNOWNFOLDERID{0x6365d5a7, 0x0f0d, 0x45e5, [8]byte{0x87, 0xf6, 0x0d, 0xa5, 0x6b, 0x6a, 0x4f, 0x7d}}
+	FOLDERID_ProgramFiles           = &KNOWNFOLDERID{0x905e63b6, 0xc1bf, 0x494e, [8]byte{0xb2, 0x9c, 0x65, 0xb7, 0x32, 0xd3, 0xd2, 0x1a}}
+	FOLDERID_ProgramFilesCommon     = &KNOWNFOLDERID{0xf7f1ed05, 0x9f6d, 0x47a2, [8]byte{0xaa, 0xae, 0x29, 0xd3, 0x17, 0xc6, 0xf0, 0x66}}
+	FOLDERID_UserProgramFiles       = &KNOWNFOLDERID{0x5cd7aee2, 0x2219, 0x4a67, [8]byte{0xb8, 0x5d, 0x6c, 0x9c, 0xe1, 0x56, 0x60, 0xcb}}
+	FOLDERID_UserProgramFilesCommon = &KNOWNFOLDERID{0xbcbd3057, 0xca5c, 0x4622, [8]byte{0xb4, 0x2d, 0xbc, 0x56, 0xdb, 0x0a, 0xe5, 0x16}}
+	FOLDERID_AdminTools             = &KNOWNFOLDERID{0x724ef170, 0xa42d, 0x4fef, [8]byte{0x9f, 0x26, 0xb6, 0x0e, 0x84, 0x6f, 0xba, 0x4f}}
+	FOLDERID_CommonAdminTools       = &KNOWNFOLDERID{0xd0384e7d, 0xbac3, 0x4797, [8]byte{0x8f, 0x14, 0xcb, 0xa2, 0x29, 0xb3, 0x92, 0xb5}}
+	FOLDERID_Music                  = &KNOWNFOLDERID{0x4bd8d571, 0x6d19, 0x48d3, [8]byte{0xbe, 0x97, 0x42, 0x22, 0x20, 0x08, 0x0e, 0x43}}
+	FOLDERID_Videos                 = &KNOWNFOLDERID{0x18989b1d, 0x99b5, 0x455b, [8]byte{0x84, 0x1c, 0xab, 0x7c, 0x74, 0xe4, 0xdd, 0xfc}}
+	FOLDERID_Ringtones              = &KNOWNFOLDERID{0xc870044b, 0xf49e, 0x4126, [8]byte{0xa9, 0xc3, 0xb5, 0x2a, 0x1f, 0xf4, 0x11, 0xe8}}
+	FOLDERID_PublicPictures         = &KNOWNFOLDERID{0xb6ebfb86, 0x6907, 0x413c, [8]byte{0x9a, 0xf7, 0x4f, 0xc2, 0xab, 0xf0, 0x7c, 0xc5}}
+	FOLDERID_PublicMusic            = &KNOWNFOLDERID{0x3214fab5, 0x9757, 0x4298, [8]byte{0xbb, 0x61, 0x92, 0xa9, 0xde, 0xaa, 0x44, 0xff}}
+	FOLDERID_PublicVideos           = &KNOWNFOLDERID{0x2400183a, 0x6185, 0x49fb, [8]byte{0xa2, 0xd8, 0x4a, 0x39, 0x2a, 0x60, 0x2b, 0xa3}}
+	FOLDERID_PublicRingtones        = &KNOWNFOLDERID{0xe555ab60, 0x153b, 0x4d17, [8]byte{0x9f, 0x04, 0xa5, 0xfe, 0x99, 0xfc, 0x15, 0xec}}
+	FOLDERID_ResourceDir            = &KNOWNFOLDERID{0x8ad10c31, 0x2adb, 0x4296, [8]byte{0xa8, 0xf7, 0xe4, 0x70, 0x12, 0x32, 0xc9, 0x72}}
+	FOLDERID_LocalizedResourcesDir  = &KNOWNFOLDERID{0x2a00375e, 0x224c, 0x49de, [8]byte{0xb8, 0xd1, 0x44, 0x0d, 0xf7, 0xef, 0x3d, 0xdc}}
+	FOLDERID_CommonOEMLinks         = &KNOWNFOLDERID{0xc1bae2d0, 0x10df, 0x4334, [8]byte{0xbe, 0xdd, 0x7a, 0xa2, 0x0b, 0x22, 0x7a, 0x9d}}
+	FOLDERID_CDBurning              = &KNOWNFOLDERID{0x9e52ab10, 0xf80d, 0x49df, [8]byte{0xac, 0xb8, 0x43, 0x30, 0xf5, 0x68, 0x78, 0x55}}
+	FOLDERID_UserProfiles           = &KNOWNFOLDERID{0x0762d272, 0xc50a, 0x4bb0, [8]byte{0xa3, 0x82, 0x69, 0x7d, 0xcd, 0x72, 0x9b, 0x80}}
+	FOLDERID_Playlists              = &KNOWNFOLDERID{0xde92c1c7, 0x837f, 0x4f69, [8]byte{0xa3, 0xbb, 0x86, 0xe6, 0x31, 0x20, 0x4a, 0x23}}
+	FOLDERID_SamplePlaylists        = &KNOWNFOLDERID{0x15ca69b3, 0x30ee, 0x49c1, [8]byte{0xac, 0xe1, 0x6b, 0x5e, 0xc3, 0x72, 0xaf, 0xb5}}
+	FOLDERID_SampleMusic            = &KNOWNFOLDERID{0xb250c668, 0xf57d, 0x4ee1, [8]byte{0xa6, 0x3c, 0x29, 0x0e, 0xe7, 0xd1, 0xaa, 0x1f}}
+	FOLDERID_SamplePictures         = &KNOWNFOLDERID{0xc4900540, 0x2379, 0x4c75, [8]byte{0x84, 0x4b, 0x64, 0xe6, 0xfa, 0xf8, 0x71, 0x6b}}
+	FOLDERID_SampleVideos           = &KNOWNFOLDERID{0x859ead94, 0x2e85, 0x48ad, [8]byte{0xa7, 0x1a, 0x09, 0x69, 0xcb, 0x56, 0xa6, 0xcd}}
+	FOLDERID_PhotoAlbums            = &KNOWNFOLDERID{0x69d2cf90, 0xfc33, 0x4fb7, [8]byte{0x9a, 0x0c, 0xeb, 0xb0, 0xf0, 0xfc, 0xb4, 0x3c}}
+	FOLDERID_Public                 = &KNOWNFOLDERID{0xdfdf76a2, 0xc82a, 0x4d63, [8]byte{0x90, 0x6a, 0x56, 0x44, 0xac, 0x45, 0x73, 0x85}}
+	FOLDERID_ChangeRemovePrograms   = &KNOWNFOLDERID{0xdf7266ac, 0x9274, 0x4867, [8]byte{0x8d, 0x55, 0x3b, 0xd6, 0x61, 0xde, 0x87, 0x2d}}
+	FOLDERID_AppUpdates             = &KNOWNFOLDERID{0xa305ce99, 0xf527, 0x492b, [8]byte{0x8b, 0x1a, 0x7e, 0x76, 0xfa, 0x98, 0xd6, 0xe4}}
+	FOLDERID_AddNewPrograms         = &KNOWNFOLDERID{0xde61d971, 0x5ebc, 0x4f02, [8]byte{0xa3, 0xa9, 0x6c, 0x82, 0x89, 0x5e, 0x5c, 0x04}}
+	FOLDERID_Downloads              = &KNOWNFOLDERID{0x374de290, 0x123f, 0x4565, [8]byte{0x91, 0x64, 0x39, 0xc4, 0x92, 0x5e, 0x46, 0x7b}}
+	FOLDERID_PublicDownloads        = &KNOWNFOLDERID{0x3d644c9b, 0x1fb8, 0x4f30, [8]byte{0x9b, 0x45, 0xf6, 0x70, 0x23, 0x5f, 0x79, 0xc0}}
+	FOLDERID_SavedSearches          = &KNOWNFOLDERID{0x7d1d3a04, 0xdebb, 0x4115, [8]byte{0x95, 0xcf, 0x2f, 0x29, 0xda, 0x29, 0x20, 0xda}}
+	FOLDERID_QuickLaunch            = &KNOWNFOLDERID{0x52a4f021, 0x7b75, 0x48a9, [8]byte{0x9f, 0x6b, 0x4b, 0x87, 0xa2, 0x10, 0xbc, 0x8f}}
+	FOLDERID_Contacts               = &KNOWNFOLDERID{0x56784854, 0xc6cb, 0x462b, [8]byte{0x81, 0x69, 0x88, 0xe3, 0x50, 0xac, 0xb8, 0x82}}
+	FOLDERID_SidebarParts           = &KNOWNFOLDERID{0xa75d362e, 0x50fc, 0x4fb7, [8]byte{0xac, 0x2c, 0xa8, 0xbe, 0xaa, 0x31, 0x44, 0x93}}
+	FOLDERID_SidebarDefaultParts    = &KNOWNFOLDERID{0x7b396e54, 0x9ec5, 0x4300, [8]byte{0xbe, 0x0a, 0x24, 0x82, 0xeb, 0xae, 0x1a, 0x26}}
+	FOLDERID_PublicGameTasks        = &KNOWNFOLDERID{0xdebf2536, 0xe1a8, 0x4c59, [8]byte{0xb6, 0xa2, 0x41, 0x45, 0x86, 0x47, 0x6a, 0xea}}
+	FOLDERID_GameTasks              = &KNOWNFOLDERID{0x054fae61, 0x4dd8, 0x4787, [8]byte{0x80, 0xb6, 0x09, 0x02, 0x20, 0xc4, 0xb7, 0x00}}
+	FOLDERID_SavedGames             = &KNOWNFOLDERID{0x4c5c32ff, 0xbb9d, 0x43b0, [8]byte{0xb5, 0xb4, 0x2d, 0x72, 0xe5, 0x4e, 0xaa, 0xa4}}
+	FOLDERID_Games                  = &KNOWNFOLDERID{0xcac52c1a, 0xb53d, 0x4edc, [8]byte{0x92, 0xd7, 0x6b, 0x2e, 0x8a, 0xc1, 0x94, 0x34}}
+	FOLDERID_SEARCH_MAPI            = &KNOWNFOLDERID{0x98ec0e18, 0x2098, 0x4d44, [8]byte{0x86, 0x44, 0x66, 0x97, 0x93, 0x15, 0xa2, 0x81}}
+	FOLDERID_SEARCH_CSC             = &KNOWNFOLDERID{0xee32e446, 0x31ca, 0x4aba, [8]byte{0x81, 0x4f, 0xa5, 0xeb, 0xd2, 0xfd, 0x6d, 0x5e}}
+	FOLDERID_Links                  = &KNOWNFOLDERID{0xbfb9d5e0, 0xc6a9, 0x404c, [8]byte{0xb2, 0xb2, 0xae, 0x6d, 0xb6, 0xaf, 0x49, 0x68}}
+	FOLDERID_UsersFiles             = &KNOWNFOLDERID{0xf3ce0f7c, 0x4901, 0x4acc, [8]byte{0x86, 0x48, 0xd5, 0xd4, 0x4b, 0x04, 0xef, 0x8f}}
+	FOLDERID_UsersLibraries         = &KNOWNFOLDERID{0xa302545d, 0xdeff, 0x464b, [8]byte{0xab, 0xe8, 0x61, 0xc8, 0x64, 0x8d, 0x93, 0x9b}}
+	FOLDERID_SearchHome             = &KNOWNFOLDERID{0x190337d1, 0xb8ca, 0x4121, [8]byte{0xa6, 0x39, 0x6d, 0x47, 0x2d, 0x16, 0x97, 0x2a}}
+	FOLDERID_OriginalImages         = &KNOWNFOLDERID{0x2c36c0aa, 0x5812, 0x4b87, [8]byte{0xbf, 0xd0, 0x4c, 0xd0, 0xdf, 0xb1, 0x9b, 0x39}}
+	FOLDERID_DocumentsLibrary       = &KNOWNFOLDERID{0x7b0db17d, 0x9cd2, 0x4a93, [8]byte{0x97, 0x33, 0x46, 0xcc, 0x89, 0x02, 0x2e, 0x7c}}
+	FOLDERID_MusicLibrary           = &KNOWNFOLDERID{0x2112ab0a, 0xc86a, 0x4ffe, [8]byte{0xa3, 0x68, 0x0d, 0xe9, 0x6e, 0x47, 0x01, 0x2e}}
+	FOLDERID_PicturesLibrary        = &KNOWNFOLDERID{0xa990ae9f, 0xa03b, 0x4e80, [8]byte{0x94, 0xbc, 0x99, 0x12, 0xd7, 0x50, 0x41, 0x04}}
+	FOLDERID_VideosLibrary          = &KNOWNFOLDERID{0x491e922f, 0x5643, 0x4af4, [8]byte{0xa7, 0xeb, 0x4e, 0x7a, 0x13, 0x8d, 0x81, 0x74}}
+	FOLDERID_RecordedTVLibrary      = &KNOWNFOLDERID{0x1a6fdba2, 0xf42d, 0x4358, [8]byte{0xa7, 0x98, 0xb7, 0x4d, 0x74, 0x59, 0x26, 0xc5}}
+	FOLDERID_HomeGroup              = &KNOWNFOLDERID{0x52528a6b, 0xb9e3, 0x4add, [8]byte{0xb6, 0x0d, 0x58, 0x8c, 0x2d, 0xba, 0x84, 0x2d}}
+	FOLDERID_HomeGroupCurrentUser   = &KNOWNFOLDERID{0x9b74b6a3, 0x0dfd, 0x4f11, [8]byte{0x9e, 0x78, 0x5f, 0x78, 0x00, 0xf2, 0xe7, 0x72}}
+	FOLDERID_DeviceMetadataStore    = &KNOWNFOLDERID{0x5ce4a5e9, 0xe4eb, 0x479d, [8]byte{0xb8, 0x9f, 0x13, 0x0c, 0x02, 0x88, 0x61, 0x55}}
+	FOLDERID_Libraries              = &KNOWNFOLDERID{0x1b3ea5dc, 0xb587, 0x4786, [8]byte{0xb4, 0xef, 0xbd, 0x1d, 0xc3, 0x32, 0xae, 0xae}}
+	FOLDERID_PublicLibraries        = &KNOWNFOLDERID{0x48daf80b, 0xe6cf, 0x4f4e, [8]byte{0xb8, 0x00, 0x0e, 0x69, 0xd8, 0x4e, 0xe3, 0x84}}
+	FOLDERID_UserPinned             = &KNOWNFOLDERID{0x9e3995ab, 0x1f9c, 0x4f13, [8]byte{0xb8, 0x27, 0x48, 0xb2, 0x4b, 0x6c, 0x71, 0x74}}
+	FOLDERID_ImplicitAppShortcuts   = &KNOWNFOLDERID{0xbcb5256f, 0x79f6, 0x4cee, [8]byte{0xb7, 0x25, 0xdc, 0x34, 0xe4, 0x02, 0xfd, 0x46}}
+	FOLDERID_AccountPictures        = &KNOWNFOLDERID{0x008ca0b1, 0x55b4, 0x4c56, [8]byte{0xb8, 0xa8, 0x4d, 0xe4, 0xb2, 0x99, 0xd3, 0xbe}}
+	FOLDERID_PublicUserTiles        = &KNOWNFOLDERID{0x0482af6c, 0x08f1, 0x4c34, [8]byte{0x8c, 0x90, 0xe1, 0x7e, 0xc9, 0x8b, 0x1e, 0x17}}
+	FOLDERID_AppsFolder             = &KNOWNFOLDERID{0x1e87508d, 0x89c2, 0x42f0, [8]byte{0x8a, 0x7e, 0x64, 0x5a, 0x0f, 0x50, 0xca, 0x58}}
+	FOLDERID_StartMenuAllPrograms   = &KNOWNFOLDERID{0xf26305ef, 0x6948, 0x40b9, [8]byte{0xb2, 0x55, 0x81, 0x45, 0x3d, 0x09, 0xc7, 0x85}}
+	FOLDERID_CommonStartMenuPlaces  = &KNOWNFOLDERID{0xa440879f, 0x87a0, 0x4f7d, [8]byte{0xb7, 0x00, 0x02, 0x07, 0xb9, 0x66, 0x19, 0x4a}}
+	FOLDERID_ApplicationShortcuts   = &KNOWNFOLDERID{0xa3918781, 0xe5f2, 0x4890, [8]byte{0xb3, 0xd9, 0xa7, 0xe5, 0x43, 0x32, 0x32, 0x8c}}
+	FOLDERID_RoamingTiles           = &KNOWNFOLDERID{0x00bcfc5a, 0xed94, 0x4e48, [8]byte{0x96, 0xa1, 0x3f, 0x62, 0x17, 0xf2, 0x19, 0x90}}
+	FOLDERID_RoamedTileImages       = &KNOWNFOLDERID{0xaaa8d5a5, 0xf1d6, 0x4259, [8]byte{0xba, 0xa8, 0x78, 0xe7, 0xef, 0x60, 0x83, 0x5e}}
+	FOLDERID_Screenshots            = &KNOWNFOLDERID{0xb7bede81, 0xdf94, 0x4682, [8]byte{0xa7, 0xd8, 0x57, 0xa5, 0x26, 0x20, 0xb8, 0x6f}}
+	FOLDERID_CameraRoll             = &KNOWNFOLDERID{0xab5fb87b, 0x7ce2, 0x4f83, [8]byte{0x91, 0x5d, 0x55, 0x08, 0x46, 0xc9, 0x53, 0x7b}}
+	FOLDERID_SkyDrive               = &KNOWNFOLDERID{0xa52bba46, 0xe9e1, 0x435f, [8]byte{0xb3, 0xd9, 0x28, 0xda, 0xa6, 0x48, 0xc0, 0xf6}}
+	FOLDERID_OneDrive               = &KNOWNFOLDERID{0xa52bba46, 0xe9e1, 0x435f, [8]byte{0xb3, 0xd9, 0x28, 0xda, 0xa6, 0x48, 0xc0, 0xf6}}
+	FOLDERID_SkyDriveDocuments      = &KNOWNFOLDERID{0x24d89e24, 0x2f19, 0x4534, [8]byte{0x9d, 0xde, 0x6a, 0x66, 0x71, 0xfb, 0xb8, 0xfe}}
+	FOLDERID_SkyDrivePictures       = &KNOWNFOLDERID{0x339719b5, 0x8c47, 0x4894, [8]byte{0x94, 0xc2, 0xd8, 0xf7, 0x7a, 0xdd, 0x44, 0xa6}}
+	FOLDERID_SkyDriveMusic          = &KNOWNFOLDERID{0xc3f2459e, 0x80d6, 0x45dc, [8]byte{0xbf, 0xef, 0x1f, 0x76, 0x9f, 0x2b, 0xe7, 0x30}}
+	FOLDERID_SkyDriveCameraRoll     = &KNOWNFOLDERID{0x767e6811, 0x49cb, 0x4273, [8]byte{0x87, 0xc2, 0x20, 0xf3, 0x55, 0xe1, 0x08, 0x5b}}
+	FOLDERID_SearchHistory          = &KNOWNFOLDERID{0x0d4c3db6, 0x03a3, 0x462f, [8]byte{0xa0, 0xe6, 0x08, 0x92, 0x4c, 0x41, 0xb5, 0xd4}}
+	FOLDERID_SearchTemplates        = &KNOWNFOLDERID{0x7e636bfe, 0xdfa9, 0x4d5e, [8]byte{0xb4, 0x56, 0xd7, 0xb3, 0x98, 0x51, 0xd8, 0xa9}}
+	FOLDERID_CameraRollLibrary      = &KNOWNFOLDERID{0x2b20df75, 0x1eda, 0x4039, [8]byte{0x80, 0x97, 0x38, 0x79, 0x82, 0x27, 0xd5, 0xb7}}
+	FOLDERID_SavedPictures          = &KNOWNFOLDERID{0x3b193882, 0xd3ad, 0x4eab, [8]byte{0x96, 0x5a, 0x69, 0x82, 0x9d, 0x1f, 0xb5, 0x9f}}
+	FOLDERID_SavedPicturesLibrary   = &KNOWNFOLDERID{0xe25b5812, 0xbe88, 0x4bd9, [8]byte{0x94, 0xb0, 0x29, 0x23, 0x34, 0x77, 0xb6, 0xc3}}
+	FOLDERID_RetailDemo             = &KNOWNFOLDERID{0x12d4c69e, 0x24ad, 0x4923, [8]byte{0xbe, 0x19, 0x31, 0x32, 0x1c, 0x43, 0xa7, 0x67}}
+	FOLDERID_Device                 = &KNOWNFOLDERID{0x1c2ac1dc, 0x4358, 0x4b6c, [8]byte{0x97, 0x33, 0xaf, 0x21, 0x15, 0x65, 0x76, 0xf0}}
+	FOLDERID_DevelopmentFiles       = &KNOWNFOLDERID{0xdbe8e08e, 0x3053, 0x4bbc, [8]byte{0xb1, 0x83, 0x2a, 0x7b, 0x2b, 0x19, 0x1e, 0x59}}
+	FOLDERID_Objects3D              = &KNOWNFOLDERID{0x31c0dd25, 0x9439, 0x4f12, [8]byte{0xbf, 0x41, 0x7f, 0xf4, 0xed, 0xa3, 0x87, 0x22}}
+	FOLDERID_AppCaptures            = &KNOWNFOLDERID{0xedc0fe71, 0x98d8, 0x4f4a, [8]byte{0xb9, 0x20, 0xc8, 0xdc, 0x13, 0x3c, 0xb1, 0x65}}
+	FOLDERID_LocalDocuments         = &KNOWNFOLDERID{0xf42ee2d3, 0x909f, 0x4907, [8]byte{0x88, 0x71, 0x4c, 0x22, 0xfc, 0x0b, 0xf7, 0x56}}
+	FOLDERID_LocalPictures          = &KNOWNFOLDERID{0x0ddd015d, 0xb06c, 0x45d5, [8]byte{0x8c, 0x4c, 0xf5, 0x97, 0x13, 0x85, 0x46, 0x39}}
+	FOLDERID_LocalVideos            = &KNOWNFOLDERID{0x35286a68, 0x3c57, 0x41a1, [8]byte{0xbb, 0xb1, 0x0e, 0xae, 0x73, 0xd7, 0x6c, 0x95}}
+	FOLDERID_LocalMusic             = &KNOWNFOLDERID{0xa0c69a99, 0x21c8, 0x4671, [8]byte{0x87, 0x03, 0x79, 0x34, 0x16, 0x2f, 0xcf, 0x1d}}
+	FOLDERID_LocalDownloads         = &KNOWNFOLDERID{0x7d83ee9b, 0x2244, 0x4e70, [8]byte{0xb1, 0xf5, 0x53, 0x93, 0x04, 0x2a, 0xf1, 0xe4}}
+	FOLDERID_RecordedCalls          = &KNOWNFOLDERID{0x2f8b40c2, 0x83ed, 0x48ee, [8]byte{0xb3, 0x83, 0xa1, 0xf1, 0x57, 0xec, 0x6f, 0x9a}}
+	FOLDERID_AllAppMods             = &KNOWNFOLDERID{0x7ad67899, 0x66af, 0x43ba, [8]byte{0x91, 0x56, 0x6a, 0xad, 0x42, 0xe6, 0xc5, 0x96}}
+	FOLDERID_CurrentAppMods         = &KNOWNFOLDERID{0x3db40b20, 0x2a30, 0x4dbe, [8]byte{0x91, 0x7e, 0x77, 0x1d, 0xd2, 0x1d, 0xd0, 0x99}}
+	FOLDERID_AppDataDesktop         = &KNOWNFOLDERID{0xb2c5e279, 0x7add, 0x439f, [8]byte{0xb2, 0x8c, 0xc4, 0x1f, 0xe1, 0xbb, 0xf6, 0x72}}
+	FOLDERID_AppDataDocuments       = &KNOWNFOLDERID{0x7be16610, 0x1f7f, 0x44ac, [8]byte{0xbf, 0xf0, 0x83, 0xe1, 0x5f, 0x2f, 0xfc, 0xa1}}
+	FOLDERID_AppDataFavorites       = &KNOWNFOLDERID{0x7cfbefbc, 0xde1f, 0x45aa, [8]byte{0xb8, 0x43, 0xa5, 0x42, 0xac, 0x53, 0x6c, 0xc9}}
+	FOLDERID_AppDataProgramData     = &KNOWNFOLDERID{0x559d40a3, 0xa036, 0x40fa, [8]byte{0xaf, 0x61, 0x84, 0xcb, 0x43, 0x0a, 0x4d, 0x34}}
+)
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/zsyscall_windows.go
new file mode 100644
index 000000000..347f13dbf
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/sys/windows/zsyscall_windows.go
@@ -0,0 +1,4083 @@
+// Code generated by 'go generate'; DO NOT EDIT.
+
+package windows
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+var _ unsafe.Pointer
+
+// Do the interface allocations only once for common
+// Errno values.
+const (
+	errnoERROR_IO_PENDING = 997
+)
+
+var (
+	errERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING)
+)
+
+// errnoErr returns common boxed Errno values, to prevent
+// allocations at runtime.
+func errnoErr(e syscall.Errno) error {
+	switch e {
+	case 0:
+		return nil
+	case errnoERROR_IO_PENDING:
+		return errERROR_IO_PENDING
+	}
+	// TODO: add more here, after collecting data on the common
+	// error values see on Windows. (perhaps when running
+	// all.bat?)
+	return e
+}
+
+var (
+	modadvapi32 = NewLazySystemDLL("advapi32.dll")
+	modkernel32 = NewLazySystemDLL("kernel32.dll")
+	modshell32  = NewLazySystemDLL("shell32.dll")
+	moduserenv  = NewLazySystemDLL("userenv.dll")
+	modmswsock  = NewLazySystemDLL("mswsock.dll")
+	modcrypt32  = NewLazySystemDLL("crypt32.dll")
+	moduser32   = NewLazySystemDLL("user32.dll")
+	modole32    = NewLazySystemDLL("ole32.dll")
+	modntdll    = NewLazySystemDLL("ntdll.dll")
+	modpsapi    = NewLazySystemDLL("psapi.dll")
+	modws2_32   = NewLazySystemDLL("ws2_32.dll")
+	moddnsapi   = NewLazySystemDLL("dnsapi.dll")
+	modiphlpapi = NewLazySystemDLL("iphlpapi.dll")
+	modsecur32  = NewLazySystemDLL("secur32.dll")
+	modnetapi32 = NewLazySystemDLL("netapi32.dll")
+	modwtsapi32 = NewLazySystemDLL("wtsapi32.dll")
+
+	procRegisterEventSourceW                                 = modadvapi32.NewProc("RegisterEventSourceW")
+	procDeregisterEventSource                                = modadvapi32.NewProc("DeregisterEventSource")
+	procReportEventW                                         = modadvapi32.NewProc("ReportEventW")
+	procOpenSCManagerW                                       = modadvapi32.NewProc("OpenSCManagerW")
+	procCloseServiceHandle                                   = modadvapi32.NewProc("CloseServiceHandle")
+	procCreateServiceW                                       = modadvapi32.NewProc("CreateServiceW")
+	procOpenServiceW                                         = modadvapi32.NewProc("OpenServiceW")
+	procDeleteService                                        = modadvapi32.NewProc("DeleteService")
+	procStartServiceW                                        = modadvapi32.NewProc("StartServiceW")
+	procQueryServiceStatus                                   = modadvapi32.NewProc("QueryServiceStatus")
+	procQueryServiceLockStatusW                              = modadvapi32.NewProc("QueryServiceLockStatusW")
+	procControlService                                       = modadvapi32.NewProc("ControlService")
+	procStartServiceCtrlDispatcherW                          = modadvapi32.NewProc("StartServiceCtrlDispatcherW")
+	procSetServiceStatus                                     = modadvapi32.NewProc("SetServiceStatus")
+	procChangeServiceConfigW                                 = modadvapi32.NewProc("ChangeServiceConfigW")
+	procQueryServiceConfigW                                  = modadvapi32.NewProc("QueryServiceConfigW")
+	procChangeServiceConfig2W                                = modadvapi32.NewProc("ChangeServiceConfig2W")
+	procQueryServiceConfig2W                                 = modadvapi32.NewProc("QueryServiceConfig2W")
+	procEnumServicesStatusExW                                = modadvapi32.NewProc("EnumServicesStatusExW")
+	procQueryServiceStatusEx                                 = modadvapi32.NewProc("QueryServiceStatusEx")
+	procNotifyServiceStatusChangeW                           = modadvapi32.NewProc("NotifyServiceStatusChangeW")
+	procGetLastError                                         = modkernel32.NewProc("GetLastError")
+	procLoadLibraryW                                         = modkernel32.NewProc("LoadLibraryW")
+	procLoadLibraryExW                                       = modkernel32.NewProc("LoadLibraryExW")
+	procFreeLibrary                                          = modkernel32.NewProc("FreeLibrary")
+	procGetProcAddress                                       = modkernel32.NewProc("GetProcAddress")
+	procGetModuleFileNameW                                   = modkernel32.NewProc("GetModuleFileNameW")
+	procGetModuleHandleExW                                   = modkernel32.NewProc("GetModuleHandleExW")
+	procGetVersion                                           = modkernel32.NewProc("GetVersion")
+	procFormatMessageW                                       = modkernel32.NewProc("FormatMessageW")
+	procExitProcess                                          = modkernel32.NewProc("ExitProcess")
+	procIsWow64Process                                       = modkernel32.NewProc("IsWow64Process")
+	procCreateFileW                                          = modkernel32.NewProc("CreateFileW")
+	procReadFile                                             = modkernel32.NewProc("ReadFile")
+	procWriteFile                                            = modkernel32.NewProc("WriteFile")
+	procGetOverlappedResult                                  = modkernel32.NewProc("GetOverlappedResult")
+	procSetFilePointer                                       = modkernel32.NewProc("SetFilePointer")
+	procCloseHandle                                          = modkernel32.NewProc("CloseHandle")
+	procGetStdHandle                                         = modkernel32.NewProc("GetStdHandle")
+	procSetStdHandle                                         = modkernel32.NewProc("SetStdHandle")
+	procFindFirstFileW                                       = modkernel32.NewProc("FindFirstFileW")
+	procFindNextFileW                                        = modkernel32.NewProc("FindNextFileW")
+	procFindClose                                            = modkernel32.NewProc("FindClose")
+	procGetFileInformationByHandle                           = modkernel32.NewProc("GetFileInformationByHandle")
+	procGetFileInformationByHandleEx                         = modkernel32.NewProc("GetFileInformationByHandleEx")
+	procGetCurrentDirectoryW                                 = modkernel32.NewProc("GetCurrentDirectoryW")
+	procSetCurrentDirectoryW                                 = modkernel32.NewProc("SetCurrentDirectoryW")
+	procCreateDirectoryW                                     = modkernel32.NewProc("CreateDirectoryW")
+	procRemoveDirectoryW                                     = modkernel32.NewProc("RemoveDirectoryW")
+	procDeleteFileW                                          = modkernel32.NewProc("DeleteFileW")
+	procMoveFileW                                            = modkernel32.NewProc("MoveFileW")
+	procMoveFileExW                                          = modkernel32.NewProc("MoveFileExW")
+	procLockFileEx                                           = modkernel32.NewProc("LockFileEx")
+	procUnlockFileEx                                         = modkernel32.NewProc("UnlockFileEx")
+	procGetComputerNameW                                     = modkernel32.NewProc("GetComputerNameW")
+	procGetComputerNameExW                                   = modkernel32.NewProc("GetComputerNameExW")
+	procSetEndOfFile                                         = modkernel32.NewProc("SetEndOfFile")
+	procGetSystemTimeAsFileTime                              = modkernel32.NewProc("GetSystemTimeAsFileTime")
+	procGetSystemTimePreciseAsFileTime                       = modkernel32.NewProc("GetSystemTimePreciseAsFileTime")
+	procGetTimeZoneInformation                               = modkernel32.NewProc("GetTimeZoneInformation")
+	procCreateIoCompletionPort                               = modkernel32.NewProc("CreateIoCompletionPort")
+	procGetQueuedCompletionStatus                            = modkernel32.NewProc("GetQueuedCompletionStatus")
+	procPostQueuedCompletionStatus                           = modkernel32.NewProc("PostQueuedCompletionStatus")
+	procCancelIo                                             = modkernel32.NewProc("CancelIo")
+	procCancelIoEx                                           = modkernel32.NewProc("CancelIoEx")
+	procCreateProcessW                                       = modkernel32.NewProc("CreateProcessW")
+	procOpenProcess                                          = modkernel32.NewProc("OpenProcess")
+	procShellExecuteW                                        = modshell32.NewProc("ShellExecuteW")
+	procSHGetKnownFolderPath                                 = modshell32.NewProc("SHGetKnownFolderPath")
+	procTerminateProcess                                     = modkernel32.NewProc("TerminateProcess")
+	procGetExitCodeProcess                                   = modkernel32.NewProc("GetExitCodeProcess")
+	procGetStartupInfoW                                      = modkernel32.NewProc("GetStartupInfoW")
+	procGetProcessTimes                                      = modkernel32.NewProc("GetProcessTimes")
+	procDuplicateHandle                                      = modkernel32.NewProc("DuplicateHandle")
+	procWaitForSingleObject                                  = modkernel32.NewProc("WaitForSingleObject")
+	procWaitForMultipleObjects                               = modkernel32.NewProc("WaitForMultipleObjects")
+	procGetTempPathW                                         = modkernel32.NewProc("GetTempPathW")
+	procCreatePipe                                           = modkernel32.NewProc("CreatePipe")
+	procGetFileType                                          = modkernel32.NewProc("GetFileType")
+	procCryptAcquireContextW                                 = modadvapi32.NewProc("CryptAcquireContextW")
+	procCryptReleaseContext                                  = modadvapi32.NewProc("CryptReleaseContext")
+	procCryptGenRandom                                       = modadvapi32.NewProc("CryptGenRandom")
+	procGetEnvironmentStringsW                               = modkernel32.NewProc("GetEnvironmentStringsW")
+	procFreeEnvironmentStringsW                              = modkernel32.NewProc("FreeEnvironmentStringsW")
+	procGetEnvironmentVariableW                              = modkernel32.NewProc("GetEnvironmentVariableW")
+	procSetEnvironmentVariableW                              = modkernel32.NewProc("SetEnvironmentVariableW")
+	procCreateEnvironmentBlock                               = moduserenv.NewProc("CreateEnvironmentBlock")
+	procDestroyEnvironmentBlock                              = moduserenv.NewProc("DestroyEnvironmentBlock")
+	procGetTickCount64                                       = modkernel32.NewProc("GetTickCount64")
+	procSetFileTime                                          = modkernel32.NewProc("SetFileTime")
+	procGetFileAttributesW                                   = modkernel32.NewProc("GetFileAttributesW")
+	procSetFileAttributesW                                   = modkernel32.NewProc("SetFileAttributesW")
+	procGetFileAttributesExW                                 = modkernel32.NewProc("GetFileAttributesExW")
+	procGetCommandLineW                                      = modkernel32.NewProc("GetCommandLineW")
+	procCommandLineToArgvW                                   = modshell32.NewProc("CommandLineToArgvW")
+	procLocalFree                                            = modkernel32.NewProc("LocalFree")
+	procSetHandleInformation                                 = modkernel32.NewProc("SetHandleInformation")
+	procFlushFileBuffers                                     = modkernel32.NewProc("FlushFileBuffers")
+	procGetFullPathNameW                                     = modkernel32.NewProc("GetFullPathNameW")
+	procGetLongPathNameW                                     = modkernel32.NewProc("GetLongPathNameW")
+	procGetShortPathNameW                                    = modkernel32.NewProc("GetShortPathNameW")
+	procCreateFileMappingW                                   = modkernel32.NewProc("CreateFileMappingW")
+	procMapViewOfFile                                        = modkernel32.NewProc("MapViewOfFile")
+	procUnmapViewOfFile                                      = modkernel32.NewProc("UnmapViewOfFile")
+	procFlushViewOfFile                                      = modkernel32.NewProc("FlushViewOfFile")
+	procVirtualLock                                          = modkernel32.NewProc("VirtualLock")
+	procVirtualUnlock                                        = modkernel32.NewProc("VirtualUnlock")
+	procVirtualAlloc                                         = modkernel32.NewProc("VirtualAlloc")
+	procVirtualFree                                          = modkernel32.NewProc("VirtualFree")
+	procVirtualProtect                                       = modkernel32.NewProc("VirtualProtect")
+	procTransmitFile                                         = modmswsock.NewProc("TransmitFile")
+	procReadDirectoryChangesW                                = modkernel32.NewProc("ReadDirectoryChangesW")
+	procCertOpenSystemStoreW                                 = modcrypt32.NewProc("CertOpenSystemStoreW")
+	procCertOpenStore                                        = modcrypt32.NewProc("CertOpenStore")
+	procCertEnumCertificatesInStore                          = modcrypt32.NewProc("CertEnumCertificatesInStore")
+	procCertAddCertificateContextToStore                     = modcrypt32.NewProc("CertAddCertificateContextToStore")
+	procCertCloseStore                                       = modcrypt32.NewProc("CertCloseStore")
+	procCertGetCertificateChain                              = modcrypt32.NewProc("CertGetCertificateChain")
+	procCertFreeCertificateChain                             = modcrypt32.NewProc("CertFreeCertificateChain")
+	procCertCreateCertificateContext                         = modcrypt32.NewProc("CertCreateCertificateContext")
+	procCertFreeCertificateContext                           = modcrypt32.NewProc("CertFreeCertificateContext")
+	procCertVerifyCertificateChainPolicy                     = modcrypt32.NewProc("CertVerifyCertificateChainPolicy")
+	procRegOpenKeyExW                                        = modadvapi32.NewProc("RegOpenKeyExW")
+	procRegCloseKey                                          = modadvapi32.NewProc("RegCloseKey")
+	procRegQueryInfoKeyW                                     = modadvapi32.NewProc("RegQueryInfoKeyW")
+	procRegEnumKeyExW                                        = modadvapi32.NewProc("RegEnumKeyExW")
+	procRegQueryValueExW                                     = modadvapi32.NewProc("RegQueryValueExW")
+	procGetCurrentProcessId                                  = modkernel32.NewProc("GetCurrentProcessId")
+	procGetConsoleMode                                       = modkernel32.NewProc("GetConsoleMode")
+	procSetConsoleMode                                       = modkernel32.NewProc("SetConsoleMode")
+	procGetConsoleScreenBufferInfo                           = modkernel32.NewProc("GetConsoleScreenBufferInfo")
+	procWriteConsoleW                                        = modkernel32.NewProc("WriteConsoleW")
+	procReadConsoleW                                         = modkernel32.NewProc("ReadConsoleW")
+	procCreateToolhelp32Snapshot                             = modkernel32.NewProc("CreateToolhelp32Snapshot")
+	procProcess32FirstW                                      = modkernel32.NewProc("Process32FirstW")
+	procProcess32NextW                                       = modkernel32.NewProc("Process32NextW")
+	procThread32First                                        = modkernel32.NewProc("Thread32First")
+	procThread32Next                                         = modkernel32.NewProc("Thread32Next")
+	procDeviceIoControl                                      = modkernel32.NewProc("DeviceIoControl")
+	procCreateSymbolicLinkW                                  = modkernel32.NewProc("CreateSymbolicLinkW")
+	procCreateHardLinkW                                      = modkernel32.NewProc("CreateHardLinkW")
+	procGetCurrentThreadId                                   = modkernel32.NewProc("GetCurrentThreadId")
+	procCreateEventW                                         = modkernel32.NewProc("CreateEventW")
+	procCreateEventExW                                       = modkernel32.NewProc("CreateEventExW")
+	procOpenEventW                                           = modkernel32.NewProc("OpenEventW")
+	procSetEvent                                             = modkernel32.NewProc("SetEvent")
+	procResetEvent                                           = modkernel32.NewProc("ResetEvent")
+	procPulseEvent                                           = modkernel32.NewProc("PulseEvent")
+	procCreateMutexW                                         = modkernel32.NewProc("CreateMutexW")
+	procCreateMutexExW                                       = modkernel32.NewProc("CreateMutexExW")
+	procOpenMutexW                                           = modkernel32.NewProc("OpenMutexW")
+	procReleaseMutex                                         = modkernel32.NewProc("ReleaseMutex")
+	procSleepEx                                              = modkernel32.NewProc("SleepEx")
+	procCreateJobObjectW                                     = modkernel32.NewProc("CreateJobObjectW")
+	procAssignProcessToJobObject                             = modkernel32.NewProc("AssignProcessToJobObject")
+	procTerminateJobObject                                   = modkernel32.NewProc("TerminateJobObject")
+	procSetErrorMode                                         = modkernel32.NewProc("SetErrorMode")
+	procResumeThread                                         = modkernel32.NewProc("ResumeThread")
+	procSetPriorityClass                                     = modkernel32.NewProc("SetPriorityClass")
+	procGetPriorityClass                                     = modkernel32.NewProc("GetPriorityClass")
+	procQueryInformationJobObject                            = modkernel32.NewProc("QueryInformationJobObject")
+	procSetInformationJobObject                              = modkernel32.NewProc("SetInformationJobObject")
+	procGenerateConsoleCtrlEvent                             = modkernel32.NewProc("GenerateConsoleCtrlEvent")
+	procGetProcessId                                         = modkernel32.NewProc("GetProcessId")
+	procOpenThread                                           = modkernel32.NewProc("OpenThread")
+	procSetProcessPriorityBoost                              = modkernel32.NewProc("SetProcessPriorityBoost")
+	procGetProcessWorkingSetSizeEx                           = modkernel32.NewProc("GetProcessWorkingSetSizeEx")
+	procSetProcessWorkingSetSizeEx                           = modkernel32.NewProc("SetProcessWorkingSetSizeEx")
+	procDefineDosDeviceW                                     = modkernel32.NewProc("DefineDosDeviceW")
+	procDeleteVolumeMountPointW                              = modkernel32.NewProc("DeleteVolumeMountPointW")
+	procFindFirstVolumeW                                     = modkernel32.NewProc("FindFirstVolumeW")
+	procFindFirstVolumeMountPointW                           = modkernel32.NewProc("FindFirstVolumeMountPointW")
+	procFindNextVolumeW                                      = modkernel32.NewProc("FindNextVolumeW")
+	procFindNextVolumeMountPointW                            = modkernel32.NewProc("FindNextVolumeMountPointW")
+	procFindVolumeClose                                      = modkernel32.NewProc("FindVolumeClose")
+	procFindVolumeMountPointClose                            = modkernel32.NewProc("FindVolumeMountPointClose")
+	procGetDiskFreeSpaceExW                                  = modkernel32.NewProc("GetDiskFreeSpaceExW")
+	procGetDriveTypeW                                        = modkernel32.NewProc("GetDriveTypeW")
+	procGetLogicalDrives                                     = modkernel32.NewProc("GetLogicalDrives")
+	procGetLogicalDriveStringsW                              = modkernel32.NewProc("GetLogicalDriveStringsW")
+	procGetVolumeInformationW                                = modkernel32.NewProc("GetVolumeInformationW")
+	procGetVolumeInformationByHandleW                        = modkernel32.NewProc("GetVolumeInformationByHandleW")
+	procGetVolumeNameForVolumeMountPointW                    = modkernel32.NewProc("GetVolumeNameForVolumeMountPointW")
+	procGetVolumePathNameW                                   = modkernel32.NewProc("GetVolumePathNameW")
+	procGetVolumePathNamesForVolumeNameW                     = modkernel32.NewProc("GetVolumePathNamesForVolumeNameW")
+	procQueryDosDeviceW                                      = modkernel32.NewProc("QueryDosDeviceW")
+	procSetVolumeLabelW                                      = modkernel32.NewProc("SetVolumeLabelW")
+	procSetVolumeMountPointW                                 = modkernel32.NewProc("SetVolumeMountPointW")
+	procMessageBoxW                                          = moduser32.NewProc("MessageBoxW")
+	procExitWindowsEx                                        = moduser32.NewProc("ExitWindowsEx")
+	procInitiateSystemShutdownExW                            = modadvapi32.NewProc("InitiateSystemShutdownExW")
+	procSetProcessShutdownParameters                         = modkernel32.NewProc("SetProcessShutdownParameters")
+	procGetProcessShutdownParameters                         = modkernel32.NewProc("GetProcessShutdownParameters")
+	procCLSIDFromString                                      = modole32.NewProc("CLSIDFromString")
+	procStringFromGUID2                                      = modole32.NewProc("StringFromGUID2")
+	procCoCreateGuid                                         = modole32.NewProc("CoCreateGuid")
+	procCoTaskMemFree                                        = modole32.NewProc("CoTaskMemFree")
+	procRtlGetVersion                                        = modntdll.NewProc("RtlGetVersion")
+	procRtlGetNtVersionNumbers                               = modntdll.NewProc("RtlGetNtVersionNumbers")
+	procGetProcessPreferredUILanguages                       = modkernel32.NewProc("GetProcessPreferredUILanguages")
+	procGetThreadPreferredUILanguages                        = modkernel32.NewProc("GetThreadPreferredUILanguages")
+	procGetUserPreferredUILanguages                          = modkernel32.NewProc("GetUserPreferredUILanguages")
+	procGetSystemPreferredUILanguages                        = modkernel32.NewProc("GetSystemPreferredUILanguages")
+	procEnumProcesses                                        = modpsapi.NewProc("EnumProcesses")
+	procWSAStartup                                           = modws2_32.NewProc("WSAStartup")
+	procWSACleanup                                           = modws2_32.NewProc("WSACleanup")
+	procWSAIoctl                                             = modws2_32.NewProc("WSAIoctl")
+	procsocket                                               = modws2_32.NewProc("socket")
+	procsendto                                               = modws2_32.NewProc("sendto")
+	procrecvfrom                                             = modws2_32.NewProc("recvfrom")
+	procsetsockopt                                           = modws2_32.NewProc("setsockopt")
+	procgetsockopt                                           = modws2_32.NewProc("getsockopt")
+	procbind                                                 = modws2_32.NewProc("bind")
+	procconnect                                              = modws2_32.NewProc("connect")
+	procgetsockname                                          = modws2_32.NewProc("getsockname")
+	procgetpeername                                          = modws2_32.NewProc("getpeername")
+	proclisten                                               = modws2_32.NewProc("listen")
+	procshutdown                                             = modws2_32.NewProc("shutdown")
+	procclosesocket                                          = modws2_32.NewProc("closesocket")
+	procAcceptEx                                             = modmswsock.NewProc("AcceptEx")
+	procGetAcceptExSockaddrs                                 = modmswsock.NewProc("GetAcceptExSockaddrs")
+	procWSARecv                                              = modws2_32.NewProc("WSARecv")
+	procWSASend                                              = modws2_32.NewProc("WSASend")
+	procWSARecvFrom                                          = modws2_32.NewProc("WSARecvFrom")
+	procWSASendTo                                            = modws2_32.NewProc("WSASendTo")
+	procgethostbyname                                        = modws2_32.NewProc("gethostbyname")
+	procgetservbyname                                        = modws2_32.NewProc("getservbyname")
+	procntohs                                                = modws2_32.NewProc("ntohs")
+	procgetprotobyname                                       = modws2_32.NewProc("getprotobyname")
+	procDnsQuery_W                                           = moddnsapi.NewProc("DnsQuery_W")
+	procDnsRecordListFree                                    = moddnsapi.NewProc("DnsRecordListFree")
+	procDnsNameCompare_W                                     = moddnsapi.NewProc("DnsNameCompare_W")
+	procGetAddrInfoW                                         = modws2_32.NewProc("GetAddrInfoW")
+	procFreeAddrInfoW                                        = modws2_32.NewProc("FreeAddrInfoW")
+	procGetIfEntry                                           = modiphlpapi.NewProc("GetIfEntry")
+	procGetAdaptersInfo                                      = modiphlpapi.NewProc("GetAdaptersInfo")
+	procSetFileCompletionNotificationModes                   = modkernel32.NewProc("SetFileCompletionNotificationModes")
+	procWSAEnumProtocolsW                                    = modws2_32.NewProc("WSAEnumProtocolsW")
+	procGetAdaptersAddresses                                 = modiphlpapi.NewProc("GetAdaptersAddresses")
+	procGetACP                                               = modkernel32.NewProc("GetACP")
+	procMultiByteToWideChar                                  = modkernel32.NewProc("MultiByteToWideChar")
+	procTranslateNameW                                       = modsecur32.NewProc("TranslateNameW")
+	procGetUserNameExW                                       = modsecur32.NewProc("GetUserNameExW")
+	procNetUserGetInfo                                       = modnetapi32.NewProc("NetUserGetInfo")
+	procNetGetJoinInformation                                = modnetapi32.NewProc("NetGetJoinInformation")
+	procNetApiBufferFree                                     = modnetapi32.NewProc("NetApiBufferFree")
+	procLookupAccountSidW                                    = modadvapi32.NewProc("LookupAccountSidW")
+	procLookupAccountNameW                                   = modadvapi32.NewProc("LookupAccountNameW")
+	procConvertSidToStringSidW                               = modadvapi32.NewProc("ConvertSidToStringSidW")
+	procConvertStringSidToSidW                               = modadvapi32.NewProc("ConvertStringSidToSidW")
+	procGetLengthSid                                         = modadvapi32.NewProc("GetLengthSid")
+	procCopySid                                              = modadvapi32.NewProc("CopySid")
+	procAllocateAndInitializeSid                             = modadvapi32.NewProc("AllocateAndInitializeSid")
+	procCreateWellKnownSid                                   = modadvapi32.NewProc("CreateWellKnownSid")
+	procIsWellKnownSid                                       = modadvapi32.NewProc("IsWellKnownSid")
+	procFreeSid                                              = modadvapi32.NewProc("FreeSid")
+	procEqualSid                                             = modadvapi32.NewProc("EqualSid")
+	procGetSidIdentifierAuthority                            = modadvapi32.NewProc("GetSidIdentifierAuthority")
+	procGetSidSubAuthorityCount                              = modadvapi32.NewProc("GetSidSubAuthorityCount")
+	procGetSidSubAuthority                                   = modadvapi32.NewProc("GetSidSubAuthority")
+	procIsValidSid                                           = modadvapi32.NewProc("IsValidSid")
+	procCheckTokenMembership                                 = modadvapi32.NewProc("CheckTokenMembership")
+	procOpenProcessToken                                     = modadvapi32.NewProc("OpenProcessToken")
+	procOpenThreadToken                                      = modadvapi32.NewProc("OpenThreadToken")
+	procImpersonateSelf                                      = modadvapi32.NewProc("ImpersonateSelf")
+	procRevertToSelf                                         = modadvapi32.NewProc("RevertToSelf")
+	procSetThreadToken                                       = modadvapi32.NewProc("SetThreadToken")
+	procLookupPrivilegeValueW                                = modadvapi32.NewProc("LookupPrivilegeValueW")
+	procAdjustTokenPrivileges                                = modadvapi32.NewProc("AdjustTokenPrivileges")
+	procAdjustTokenGroups                                    = modadvapi32.NewProc("AdjustTokenGroups")
+	procGetTokenInformation                                  = modadvapi32.NewProc("GetTokenInformation")
+	procSetTokenInformation                                  = modadvapi32.NewProc("SetTokenInformation")
+	procDuplicateTokenEx                                     = modadvapi32.NewProc("DuplicateTokenEx")
+	procGetUserProfileDirectoryW                             = moduserenv.NewProc("GetUserProfileDirectoryW")
+	procGetSystemDirectoryW                                  = modkernel32.NewProc("GetSystemDirectoryW")
+	procGetWindowsDirectoryW                                 = modkernel32.NewProc("GetWindowsDirectoryW")
+	procGetSystemWindowsDirectoryW                           = modkernel32.NewProc("GetSystemWindowsDirectoryW")
+	procWTSQueryUserToken                                    = modwtsapi32.NewProc("WTSQueryUserToken")
+	procWTSEnumerateSessionsW                                = modwtsapi32.NewProc("WTSEnumerateSessionsW")
+	procWTSFreeMemory                                        = modwtsapi32.NewProc("WTSFreeMemory")
+	procGetSecurityInfo                                      = modadvapi32.NewProc("GetSecurityInfo")
+	procSetSecurityInfo                                      = modadvapi32.NewProc("SetSecurityInfo")
+	procGetNamedSecurityInfoW                                = modadvapi32.NewProc("GetNamedSecurityInfoW")
+	procSetNamedSecurityInfoW                                = modadvapi32.NewProc("SetNamedSecurityInfoW")
+	procBuildSecurityDescriptorW                             = modadvapi32.NewProc("BuildSecurityDescriptorW")
+	procInitializeSecurityDescriptor                         = modadvapi32.NewProc("InitializeSecurityDescriptor")
+	procGetSecurityDescriptorControl                         = modadvapi32.NewProc("GetSecurityDescriptorControl")
+	procGetSecurityDescriptorDacl                            = modadvapi32.NewProc("GetSecurityDescriptorDacl")
+	procGetSecurityDescriptorSacl                            = modadvapi32.NewProc("GetSecurityDescriptorSacl")
+	procGetSecurityDescriptorOwner                           = modadvapi32.NewProc("GetSecurityDescriptorOwner")
+	procGetSecurityDescriptorGroup                           = modadvapi32.NewProc("GetSecurityDescriptorGroup")
+	procGetSecurityDescriptorLength                          = modadvapi32.NewProc("GetSecurityDescriptorLength")
+	procGetSecurityDescriptorRMControl                       = modadvapi32.NewProc("GetSecurityDescriptorRMControl")
+	procIsValidSecurityDescriptor                            = modadvapi32.NewProc("IsValidSecurityDescriptor")
+	procSetSecurityDescriptorControl                         = modadvapi32.NewProc("SetSecurityDescriptorControl")
+	procSetSecurityDescriptorDacl                            = modadvapi32.NewProc("SetSecurityDescriptorDacl")
+	procSetSecurityDescriptorSacl                            = modadvapi32.NewProc("SetSecurityDescriptorSacl")
+	procSetSecurityDescriptorOwner                           = modadvapi32.NewProc("SetSecurityDescriptorOwner")
+	procSetSecurityDescriptorGroup                           = modadvapi32.NewProc("SetSecurityDescriptorGroup")
+	procSetSecurityDescriptorRMControl                       = modadvapi32.NewProc("SetSecurityDescriptorRMControl")
+	procConvertStringSecurityDescriptorToSecurityDescriptorW = modadvapi32.NewProc("ConvertStringSecurityDescriptorToSecurityDescriptorW")
+	procConvertSecurityDescriptorToStringSecurityDescriptorW = modadvapi32.NewProc("ConvertSecurityDescriptorToStringSecurityDescriptorW")
+	procMakeAbsoluteSD                                       = modadvapi32.NewProc("MakeAbsoluteSD")
+	procMakeSelfRelativeSD                                   = modadvapi32.NewProc("MakeSelfRelativeSD")
+	procSetEntriesInAclW                                     = modadvapi32.NewProc("SetEntriesInAclW")
+)
+
+func RegisterEventSource(uncServerName *uint16, sourceName *uint16) (handle Handle, err error) {
+	r0, _, e1 := syscall.Syscall(procRegisterEventSourceW.Addr(), 2, uintptr(unsafe.Pointer(uncServerName)), uintptr(unsafe.Pointer(sourceName)), 0)
+	handle = Handle(r0)
+	if handle == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func DeregisterEventSource(handle Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procDeregisterEventSource.Addr(), 1, uintptr(handle), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func ReportEvent(log Handle, etype uint16, category uint16, eventId uint32, usrSId uintptr, numStrings uint16, dataSize uint32, strings **uint16, rawData *byte) (err error) {
+	r1, _, e1 := syscall.Syscall9(procReportEventW.Addr(), 9, uintptr(log), uintptr(etype), uintptr(category), uintptr(eventId), uintptr(usrSId), uintptr(numStrings), uintptr(dataSize), uintptr(unsafe.Pointer(strings)), uintptr(unsafe.Pointer(rawData)))
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func OpenSCManager(machineName *uint16, databaseName *uint16, access uint32) (handle Handle, err error) {
+	r0, _, e1 := syscall.Syscall(procOpenSCManagerW.Addr(), 3, uintptr(unsafe.Pointer(machineName)), uintptr(unsafe.Pointer(databaseName)), uintptr(access))
+	handle = Handle(r0)
+	if handle == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func CloseServiceHandle(handle Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procCloseServiceHandle.Addr(), 1, uintptr(handle), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func CreateService(mgr Handle, serviceName *uint16, displayName *uint16, access uint32, srvType uint32, startType uint32, errCtl uint32, pathName *uint16, loadOrderGroup *uint16, tagId *uint32, dependencies *uint16, serviceStartName *uint16, password *uint16) (handle Handle, err error) {
+	r0, _, e1 := syscall.Syscall15(procCreateServiceW.Addr(), 13, uintptr(mgr), uintptr(unsafe.Pointer(serviceName)), uintptr(unsafe.Pointer(displayName)), uintptr(access), uintptr(srvType), uintptr(startType), uintptr(errCtl), uintptr(unsafe.Pointer(pathName)), uintptr(unsafe.Pointer(loadOrderGroup)), uintptr(unsafe.Pointer(tagId)), uintptr(unsafe.Pointer(dependencies)), uintptr(unsafe.Pointer(serviceStartName)), uintptr(unsafe.Pointer(password)), 0, 0)
+	handle = Handle(r0)
+	if handle == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func OpenService(mgr Handle, serviceName *uint16, access uint32) (handle Handle, err error) {
+	r0, _, e1 := syscall.Syscall(procOpenServiceW.Addr(), 3, uintptr(mgr), uintptr(unsafe.Pointer(serviceName)), uintptr(access))
+	handle = Handle(r0)
+	if handle == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func DeleteService(service Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procDeleteService.Addr(), 1, uintptr(service), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func StartService(service Handle, numArgs uint32, argVectors **uint16) (err error) {
+	r1, _, e1 := syscall.Syscall(procStartServiceW.Addr(), 3, uintptr(service), uintptr(numArgs), uintptr(unsafe.Pointer(argVectors)))
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func QueryServiceStatus(service Handle, status *SERVICE_STATUS) (err error) {
+	r1, _, e1 := syscall.Syscall(procQueryServiceStatus.Addr(), 2, uintptr(service), uintptr(unsafe.Pointer(status)), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func QueryServiceLockStatus(mgr Handle, lockStatus *QUERY_SERVICE_LOCK_STATUS, bufSize uint32, bytesNeeded *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procQueryServiceLockStatusW.Addr(), 4, uintptr(mgr), uintptr(unsafe.Pointer(lockStatus)), uintptr(bufSize), uintptr(unsafe.Pointer(bytesNeeded)), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func ControlService(service Handle, control uint32, status *SERVICE_STATUS) (err error) {
+	r1, _, e1 := syscall.Syscall(procControlService.Addr(), 3, uintptr(service), uintptr(control), uintptr(unsafe.Pointer(status)))
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func StartServiceCtrlDispatcher(serviceTable *SERVICE_TABLE_ENTRY) (err error) {
+	r1, _, e1 := syscall.Syscall(procStartServiceCtrlDispatcherW.Addr(), 1, uintptr(unsafe.Pointer(serviceTable)), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func SetServiceStatus(service Handle, serviceStatus *SERVICE_STATUS) (err error) {
+	r1, _, e1 := syscall.Syscall(procSetServiceStatus.Addr(), 2, uintptr(service), uintptr(unsafe.Pointer(serviceStatus)), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func ChangeServiceConfig(service Handle, serviceType uint32, startType uint32, errorControl uint32, binaryPathName *uint16, loadOrderGroup *uint16, tagId *uint32, dependencies *uint16, serviceStartName *uint16, password *uint16, displayName *uint16) (err error) {
+	r1, _, e1 := syscall.Syscall12(procChangeServiceConfigW.Addr(), 11, uintptr(service), uintptr(serviceType), uintptr(startType), uintptr(errorControl), uintptr(unsafe.Pointer(binaryPathName)), uintptr(unsafe.Pointer(loadOrderGroup)), uintptr(unsafe.Pointer(tagId)), uintptr(unsafe.Pointer(dependencies)), uintptr(unsafe.Pointer(serviceStartName)), uintptr(unsafe.Pointer(password)), uintptr(unsafe.Pointer(displayName)), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func QueryServiceConfig(service Handle, serviceConfig *QUERY_SERVICE_CONFIG, bufSize uint32, bytesNeeded *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procQueryServiceConfigW.Addr(), 4, uintptr(service), uintptr(unsafe.Pointer(serviceConfig)), uintptr(bufSize), uintptr(unsafe.Pointer(bytesNeeded)), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func ChangeServiceConfig2(service Handle, infoLevel uint32, info *byte) (err error) {
+	r1, _, e1 := syscall.Syscall(procChangeServiceConfig2W.Addr(), 3, uintptr(service), uintptr(infoLevel), uintptr(unsafe.Pointer(info)))
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func QueryServiceConfig2(service Handle, infoLevel uint32, buff *byte, buffSize uint32, bytesNeeded *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procQueryServiceConfig2W.Addr(), 5, uintptr(service), uintptr(infoLevel), uintptr(unsafe.Pointer(buff)), uintptr(buffSize), uintptr(unsafe.Pointer(bytesNeeded)), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func EnumServicesStatusEx(mgr Handle, infoLevel uint32, serviceType uint32, serviceState uint32, services *byte, bufSize uint32, bytesNeeded *uint32, servicesReturned *uint32, resumeHandle *uint32, groupName *uint16) (err error) {
+	r1, _, e1 := syscall.Syscall12(procEnumServicesStatusExW.Addr(), 10, uintptr(mgr), uintptr(infoLevel), uintptr(serviceType), uintptr(serviceState), uintptr(unsafe.Pointer(services)), uintptr(bufSize), uintptr(unsafe.Pointer(bytesNeeded)), uintptr(unsafe.Pointer(servicesReturned)), uintptr(unsafe.Pointer(resumeHandle)), uintptr(unsafe.Pointer(groupName)), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func QueryServiceStatusEx(service Handle, infoLevel uint32, buff *byte, buffSize uint32, bytesNeeded *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procQueryServiceStatusEx.Addr(), 5, uintptr(service), uintptr(infoLevel), uintptr(unsafe.Pointer(buff)), uintptr(buffSize), uintptr(unsafe.Pointer(bytesNeeded)), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func NotifyServiceStatusChange(service Handle, notifyMask uint32, notifier *SERVICE_NOTIFY) (ret error) {
+	r0, _, _ := syscall.Syscall(procNotifyServiceStatusChangeW.Addr(), 3, uintptr(service), uintptr(notifyMask), uintptr(unsafe.Pointer(notifier)))
+	if r0 != 0 {
+		ret = syscall.Errno(r0)
+	}
+	return
+}
+
+func GetLastError() (lasterr error) {
+	r0, _, _ := syscall.Syscall(procGetLastError.Addr(), 0, 0, 0, 0)
+	if r0 != 0 {
+		lasterr = syscall.Errno(r0)
+	}
+	return
+}
+
+func LoadLibrary(libname string) (handle Handle, err error) {
+	var _p0 *uint16
+	_p0, err = syscall.UTF16PtrFromString(libname)
+	if err != nil {
+		return
+	}
+	return _LoadLibrary(_p0)
+}
+
+func _LoadLibrary(libname *uint16) (handle Handle, err error) {
+	r0, _, e1 := syscall.Syscall(procLoadLibraryW.Addr(), 1, uintptr(unsafe.Pointer(libname)), 0, 0)
+	handle = Handle(r0)
+	if handle == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func LoadLibraryEx(libname string, zero Handle, flags uintptr) (handle Handle, err error) {
+	var _p0 *uint16
+	_p0, err = syscall.UTF16PtrFromString(libname)
+	if err != nil {
+		return
+	}
+	return _LoadLibraryEx(_p0, zero, flags)
+}
+
+func _LoadLibraryEx(libname *uint16, zero Handle, flags uintptr) (handle Handle, err error) {
+	r0, _, e1 := syscall.Syscall(procLoadLibraryExW.Addr(), 3, uintptr(unsafe.Pointer(libname)), uintptr(zero), uintptr(flags))
+	handle = Handle(r0)
+	if handle == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func FreeLibrary(handle Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procFreeLibrary.Addr(), 1, uintptr(handle), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func GetProcAddress(module Handle, procname string) (proc uintptr, err error) {
+	var _p0 *byte
+	_p0, err = syscall.BytePtrFromString(procname)
+	if err != nil {
+		return
+	}
+	return _GetProcAddress(module, _p0)
+}
+
+func _GetProcAddress(module Handle, procname *byte) (proc uintptr, err error) {
+	r0, _, e1 := syscall.Syscall(procGetProcAddress.Addr(), 2, uintptr(module), uintptr(unsafe.Pointer(procname)), 0)
+	proc = uintptr(r0)
+	if proc == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func GetModuleFileName(module Handle, filename *uint16, size uint32) (n uint32, err error) {
+	r0, _, e1 := syscall.Syscall(procGetModuleFileNameW.Addr(), 3, uintptr(module), uintptr(unsafe.Pointer(filename)), uintptr(size))
+	n = uint32(r0)
+	if n == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func GetModuleHandleEx(flags uint32, moduleName *uint16, module *Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procGetModuleHandleExW.Addr(), 3, uintptr(flags), uintptr(unsafe.Pointer(moduleName)), uintptr(unsafe.Pointer(module)))
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func GetVersion() (ver uint32, err error) {
+	r0, _, e1 := syscall.Syscall(procGetVersion.Addr(), 0, 0, 0, 0)
+	ver = uint32(r0)
+	if ver == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func FormatMessage(flags uint32, msgsrc uintptr, msgid uint32, langid uint32, buf []uint16, args *byte) (n uint32, err error) {
+	var _p0 *uint16
+	if len(buf) > 0 {
+		_p0 = &buf[0]
+	}
+	r0, _, e1 := syscall.Syscall9(procFormatMessageW.Addr(), 7, uintptr(flags), uintptr(msgsrc), uintptr(msgid), uintptr(langid), uintptr(unsafe.Pointer(_p0)), uintptr(len(buf)), uintptr(unsafe.Pointer(args)), 0, 0)
+	n = uint32(r0)
+	if n == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func ExitProcess(exitcode uint32) {
+	syscall.Syscall(procExitProcess.Addr(), 1, uintptr(exitcode), 0, 0)
+	return
+}
+
+func IsWow64Process(handle Handle, isWow64 *bool) (err error) {
+	var _p0 uint32
+	if *isWow64 {
+		_p0 = 1
+	} else {
+		_p0 = 0
+	}
+	r1, _, e1 := syscall.Syscall(procIsWow64Process.Addr(), 2, uintptr(handle), uintptr(unsafe.Pointer(&_p0)), 0)
+	*isWow64 = _p0 != 0
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func CreateFile(name *uint16, access uint32, mode uint32, sa *SecurityAttributes, createmode uint32, attrs uint32, templatefile Handle) (handle Handle, err error) {
+	r0, _, e1 := syscall.Syscall9(procCreateFileW.Addr(), 7, uintptr(unsafe.Pointer(name)), uintptr(access), uintptr(mode), uintptr(unsafe.Pointer(sa)), uintptr(createmode), uintptr(attrs), uintptr(templatefile), 0, 0)
+	handle = Handle(r0)
+	if handle == InvalidHandle {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func ReadFile(handle Handle, buf []byte, done *uint32, overlapped *Overlapped) (err error) {
+	var _p0 *byte
+	if len(buf) > 0 {
+		_p0 = &buf[0]
+	}
+	r1, _, e1 := syscall.Syscall6(procReadFile.Addr(), 5, uintptr(handle), uintptr(unsafe.Pointer(_p0)), uintptr(len(buf)), uintptr(unsafe.Pointer(done)), uintptr(unsafe.Pointer(overlapped)), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func WriteFile(handle Handle, buf []byte, done *uint32, overlapped *Overlapped) (err error) {
+	var _p0 *byte
+	if len(buf) > 0 {
+		_p0 = &buf[0]
+	}
+	r1, _, e1 := syscall.Syscall6(procWriteFile.Addr(), 5, uintptr(handle), uintptr(unsafe.Pointer(_p0)), uintptr(len(buf)), uintptr(unsafe.Pointer(done)), uintptr(unsafe.Pointer(overlapped)), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func GetOverlappedResult(handle Handle, overlapped *Overlapped, done *uint32, wait bool) (err error) {
+	var _p0 uint32
+	if wait {
+		_p0 = 1
+	} else {
+		_p0 = 0
+	}
+	r1, _, e1 := syscall.Syscall6(procGetOverlappedResult.Addr(), 4, uintptr(handle), uintptr(unsafe.Pointer(overlapped)), uintptr(unsafe.Pointer(done)), uintptr(_p0), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func SetFilePointer(handle Handle, lowoffset int32, highoffsetptr *int32, whence uint32) (newlowoffset uint32, err error) {
+	r0, _, e1 := syscall.Syscall6(procSetFilePointer.Addr(), 4, uintptr(handle), uintptr(lowoffset), uintptr(unsafe.Pointer(highoffsetptr)), uintptr(whence), 0, 0)
+	newlowoffset = uint32(r0)
+	if newlowoffset == 0xffffffff {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func CloseHandle(handle Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procCloseHandle.Addr(), 1, uintptr(handle), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func GetStdHandle(stdhandle uint32) (handle Handle, err error) {
+	r0, _, e1 := syscall.Syscall(procGetStdHandle.Addr(), 1, uintptr(stdhandle), 0, 0)
+	handle = Handle(r0)
+	if handle == InvalidHandle {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func SetStdHandle(stdhandle uint32, handle Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procSetStdHandle.Addr(), 2, uintptr(stdhandle), uintptr(handle), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func findFirstFile1(name *uint16, data *win32finddata1) (handle Handle, err error) {
+	r0, _, e1 := syscall.Syscall(procFindFirstFileW.Addr(), 2, uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(data)), 0)
+	handle = Handle(r0)
+	if handle == InvalidHandle {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func findNextFile1(handle Handle, data *win32finddata1) (err error) {
+	r1, _, e1 := syscall.Syscall(procFindNextFileW.Addr(), 2, uintptr(handle), uintptr(unsafe.Pointer(data)), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func FindClose(handle Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procFindClose.Addr(), 1, uintptr(handle), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func GetFileInformationByHandle(handle Handle, data *ByHandleFileInformation) (err error) {
+	r1, _, e1 := syscall.Syscall(procGetFileInformationByHandle.Addr(), 2, uintptr(handle), uintptr(unsafe.Pointer(data)), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func GetFileInformationByHandleEx(handle Handle, class uint32, outBuffer *byte, outBufferLen uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procGetFileInformationByHandleEx.Addr(), 4, uintptr(handle), uintptr(class), uintptr(unsafe.Pointer(outBuffer)), uintptr(outBufferLen), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func GetCurrentDirectory(buflen uint32, buf *uint16) (n uint32, err error) {
+	r0, _, e1 := syscall.Syscall(procGetCurrentDirectoryW.Addr(), 2, uintptr(buflen), uintptr(unsafe.Pointer(buf)), 0)
+	n = uint32(r0)
+	if n == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func SetCurrentDirectory(path *uint16) (err error) {
+	r1, _, e1 := syscall.Syscall(procSetCurrentDirectoryW.Addr(), 1, uintptr(unsafe.Pointer(path)), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func CreateDirectory(path *uint16, sa *SecurityAttributes) (err error) {
+	r1, _, e1 := syscall.Syscall(procCreateDirectoryW.Addr(), 2, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(sa)), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func RemoveDirectory(path *uint16) (err error) {
+	r1, _, e1 := syscall.Syscall(procRemoveDirectoryW.Addr(), 1, uintptr(unsafe.Pointer(path)), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func DeleteFile(path *uint16) (err error) {
+	r1, _, e1 := syscall.Syscall(procDeleteFileW.Addr(), 1, uintptr(unsafe.Pointer(path)), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func MoveFile(from *uint16, to *uint16) (err error) {
+	r1, _, e1 := syscall.Syscall(procMoveFileW.Addr(), 2, uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(to)), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func MoveFileEx(from *uint16, to *uint16, flags uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procMoveFileExW.Addr(), 3, uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(to)), uintptr(flags))
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func LockFileEx(file Handle, flags uint32, reserved uint32, bytesLow uint32, bytesHigh uint32, overlapped *Overlapped) (err error) {
+	r1, _, e1 := syscall.Syscall6(procLockFileEx.Addr(), 6, uintptr(file), uintptr(flags), uintptr(reserved), uintptr(bytesLow), uintptr(bytesHigh), uintptr(unsafe.Pointer(overlapped)))
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func UnlockFileEx(file Handle, reserved uint32, bytesLow uint32, bytesHigh uint32, overlapped *Overlapped) (err error) {
+	r1, _, e1 := syscall.Syscall6(procUnlockFileEx.Addr(), 5, uintptr(file), uintptr(reserved), uintptr(bytesLow), uintptr(bytesHigh), uintptr(unsafe.Pointer(overlapped)), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func GetComputerName(buf *uint16, n *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procGetComputerNameW.Addr(), 2, uintptr(unsafe.Pointer(buf)), uintptr(unsafe.Pointer(n)), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func GetComputerNameEx(nametype uint32, buf *uint16, n *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procGetComputerNameExW.Addr(), 3, uintptr(nametype), uintptr(unsafe.Pointer(buf)), uintptr(unsafe.Pointer(n)))
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func SetEndOfFile(handle Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procSetEndOfFile.Addr(), 1, uintptr(handle), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func GetSystemTimeAsFileTime(time *Filetime) {
+	syscall.Syscall(procGetSystemTimeAsFileTime.Addr(), 1, uintptr(unsafe.Pointer(time)), 0, 0)
+	return
+}
+
+func GetSystemTimePreciseAsFileTime(time *Filetime) {
+	syscall.Syscall(procGetSystemTimePreciseAsFileTime.Addr(), 1, uintptr(unsafe.Pointer(time)), 0, 0)
+	return
+}
+
+func GetTimeZoneInformation(tzi *Timezoneinformation) (rc uint32, err error) {
+	r0, _, e1 := syscall.Syscall(procGetTimeZoneInformation.Addr(), 1, uintptr(unsafe.Pointer(tzi)), 0, 0)
+	rc = uint32(r0)
+	if rc == 0xffffffff {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func CreateIoCompletionPort(filehandle Handle, cphandle Handle, key uint32, threadcnt uint32) (handle Handle, err error) {
+	r0, _, e1 := syscall.Syscall6(procCreateIoCompletionPort.Addr(), 4, uintptr(filehandle), uintptr(cphandle), uintptr(key), uintptr(threadcnt), 0, 0)
+	handle = Handle(r0)
+	if handle == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func GetQueuedCompletionStatus(cphandle Handle, qty *uint32, key *uint32, overlapped **Overlapped, timeout uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procGetQueuedCompletionStatus.Addr(), 5, uintptr(cphandle), uintptr(unsafe.Pointer(qty)), uintptr(unsafe.Pointer(key)), uintptr(unsafe.Pointer(overlapped)), uintptr(timeout), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func PostQueuedCompletionStatus(cphandle Handle, qty uint32, key uint32, overlapped *Overlapped) (err error) {
+	r1, _, e1 := syscall.Syscall6(procPostQueuedCompletionStatus.Addr(), 4, uintptr(cphandle), uintptr(qty), uintptr(key), uintptr(unsafe.Pointer(overlapped)), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func CancelIo(s Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procCancelIo.Addr(), 1, uintptr(s), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func CancelIoEx(s Handle, o *Overlapped) (err error) {
+	r1, _, e1 := syscall.Syscall(procCancelIoEx.Addr(), 2, uintptr(s), uintptr(unsafe.Pointer(o)), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func CreateProcess(appName *uint16, commandLine *uint16, procSecurity *SecurityAttributes, threadSecurity *SecurityAttributes, inheritHandles bool, creationFlags uint32, env *uint16, currentDir *uint16, startupInfo *StartupInfo, outProcInfo *ProcessInformation) (err error) {
+	var _p0 uint32
+	if inheritHandles {
+		_p0 = 1
+	} else {
+		_p0 = 0
+	}
+	r1, _, e1 := syscall.Syscall12(procCreateProcessW.Addr(), 10, uintptr(unsafe.Pointer(appName)), uintptr(unsafe.Pointer(commandLine)), uintptr(unsafe.Pointer(procSecurity)), uintptr(unsafe.Pointer(threadSecurity)), uintptr(_p0), uintptr(creationFlags), uintptr(unsafe.Pointer(env)), uintptr(unsafe.Pointer(currentDir)), uintptr(unsafe.Pointer(startupInfo)), uintptr(unsafe.Pointer(outProcInfo)), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func OpenProcess(desiredAccess uint32, inheritHandle bool, processId uint32) (handle Handle, err error) {
+	var _p0 uint32
+	if inheritHandle {
+		_p0 = 1
+	} else {
+		_p0 = 0
+	}
+	r0, _, e1 := syscall.Syscall(procOpenProcess.Addr(), 3, uintptr(desiredAccess), uintptr(_p0), uintptr(processId))
+	handle = Handle(r0)
+	if handle == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func ShellExecute(hwnd Handle, verb *uint16, file *uint16, args *uint16, cwd *uint16, showCmd int32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procShellExecuteW.Addr(), 6, uintptr(hwnd), uintptr(unsafe.Pointer(verb)), uintptr(unsafe.Pointer(file)), uintptr(unsafe.Pointer(args)), uintptr(unsafe.Pointer(cwd)), uintptr(showCmd))
+	if r1 <= 32 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func shGetKnownFolderPath(id *KNOWNFOLDERID, flags uint32, token Token, path **uint16) (ret error) {
+	r0, _, _ := syscall.Syscall6(procSHGetKnownFolderPath.Addr(), 4, uintptr(unsafe.Pointer(id)), uintptr(flags), uintptr(token), uintptr(unsafe.Pointer(path)), 0, 0)
+	if r0 != 0 {
+		ret = syscall.Errno(r0)
+	}
+	return
+}
+
+func TerminateProcess(handle Handle, exitcode uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procTerminateProcess.Addr(), 2, uintptr(handle), uintptr(exitcode), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func GetExitCodeProcess(handle Handle, exitcode *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procGetExitCodeProcess.Addr(), 2, uintptr(handle), uintptr(unsafe.Pointer(exitcode)), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func GetStartupInfo(startupInfo *StartupInfo) (err error) {
+	r1, _, e1 := syscall.Syscall(procGetStartupInfoW.Addr(), 1, uintptr(unsafe.Pointer(startupInfo)), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func GetProcessTimes(handle Handle, creationTime *Filetime, exitTime *Filetime, kernelTime *Filetime, userTime *Filetime) (err error) {
+	r1, _, e1 := syscall.Syscall6(procGetProcessTimes.Addr(), 5, uintptr(handle), uintptr(unsafe.Pointer(creationTime)), uintptr(unsafe.Pointer(exitTime)), uintptr(unsafe.Pointer(kernelTime)), uintptr(unsafe.Pointer(userTime)), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func DuplicateHandle(hSourceProcessHandle Handle, hSourceHandle Handle, hTargetProcessHandle Handle, lpTargetHandle *Handle, dwDesiredAccess uint32, bInheritHandle bool, dwOptions uint32) (err error) {
+	var _p0 uint32
+	if bInheritHandle {
+		_p0 = 1
+	} else {
+		_p0 = 0
+	}
+	r1, _, e1 := syscall.Syscall9(procDuplicateHandle.Addr(), 7, uintptr(hSourceProcessHandle), uintptr(hSourceHandle), uintptr(hTargetProcessHandle), uintptr(unsafe.Pointer(lpTargetHandle)), uintptr(dwDesiredAccess), uintptr(_p0), uintptr(dwOptions), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func WaitForSingleObject(handle Handle, waitMilliseconds uint32) (event uint32, err error) {
+	r0, _, e1 := syscall.Syscall(procWaitForSingleObject.Addr(), 2, uintptr(handle), uintptr(waitMilliseconds), 0)
+	event = uint32(r0)
+	if event == 0xffffffff {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func waitForMultipleObjects(count uint32, handles uintptr, waitAll bool, waitMilliseconds uint32) (event uint32, err error) {
+	var _p0 uint32
+	if waitAll {
+		_p0 = 1
+	} else {
+		_p0 = 0
+	}
+	r0, _, e1 := syscall.Syscall6(procWaitForMultipleObjects.Addr(), 4, uintptr(count), uintptr(handles), uintptr(_p0), uintptr(waitMilliseconds), 0, 0)
+	event = uint32(r0)
+	if event == 0xffffffff {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func GetTempPath(buflen uint32, buf *uint16) (n uint32, err error) {
+	r0, _, e1 := syscall.Syscall(procGetTempPathW.Addr(), 2, uintptr(buflen), uintptr(unsafe.Pointer(buf)), 0)
+	n = uint32(r0)
+	if n == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func CreatePipe(readhandle *Handle, writehandle *Handle, sa *SecurityAttributes, size uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procCreatePipe.Addr(), 4, uintptr(unsafe.Pointer(readhandle)), uintptr(unsafe.Pointer(writehandle)), uintptr(unsafe.Pointer(sa)), uintptr(size), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func GetFileType(filehandle Handle) (n uint32, err error) {
+	r0, _, e1 := syscall.Syscall(procGetFileType.Addr(), 1, uintptr(filehandle), 0, 0)
+	n = uint32(r0)
+	if n == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func CryptAcquireContext(provhandle *Handle, container *uint16, provider *uint16, provtype uint32, flags uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procCryptAcquireContextW.Addr(), 5, uintptr(unsafe.Pointer(provhandle)), uintptr(unsafe.Pointer(container)), uintptr(unsafe.Pointer(provider)), uintptr(provtype), uintptr(flags), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func CryptReleaseContext(provhandle Handle, flags uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procCryptReleaseContext.Addr(), 2, uintptr(provhandle), uintptr(flags), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func CryptGenRandom(provhandle Handle, buflen uint32, buf *byte) (err error) {
+	r1, _, e1 := syscall.Syscall(procCryptGenRandom.Addr(), 3, uintptr(provhandle), uintptr(buflen), uintptr(unsafe.Pointer(buf)))
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func GetEnvironmentStrings() (envs *uint16, err error) {
+	r0, _, e1 := syscall.Syscall(procGetEnvironmentStringsW.Addr(), 0, 0, 0, 0)
+	envs = (*uint16)(unsafe.Pointer(r0))
+	if envs == nil {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func FreeEnvironmentStrings(envs *uint16) (err error) {
+	r1, _, e1 := syscall.Syscall(procFreeEnvironmentStringsW.Addr(), 1, uintptr(unsafe.Pointer(envs)), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func GetEnvironmentVariable(name *uint16, buffer *uint16, size uint32) (n uint32, err error) {
+	r0, _, e1 := syscall.Syscall(procGetEnvironmentVariableW.Addr(), 3, uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(buffer)), uintptr(size))
+	n = uint32(r0)
+	if n == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func SetEnvironmentVariable(name *uint16, value *uint16) (err error) {
+	r1, _, e1 := syscall.Syscall(procSetEnvironmentVariableW.Addr(), 2, uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(value)), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func CreateEnvironmentBlock(block **uint16, token Token, inheritExisting bool) (err error) {
+	var _p0 uint32
+	if inheritExisting {
+		_p0 = 1
+	} else {
+		_p0 = 0
+	}
+	r1, _, e1 := syscall.Syscall(procCreateEnvironmentBlock.Addr(), 3, uintptr(unsafe.Pointer(block)), uintptr(token), uintptr(_p0))
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func DestroyEnvironmentBlock(block *uint16) (err error) {
+	r1, _, e1 := syscall.Syscall(procDestroyEnvironmentBlock.Addr(), 1, uintptr(unsafe.Pointer(block)), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func getTickCount64() (ms uint64) {
+	r0, _, _ := syscall.Syscall(procGetTickCount64.Addr(), 0, 0, 0, 0)
+	ms = uint64(r0)
+	return
+}
+
+func SetFileTime(handle Handle, ctime *Filetime, atime *Filetime, wtime *Filetime) (err error) {
+	r1, _, e1 := syscall.Syscall6(procSetFileTime.Addr(), 4, uintptr(handle), uintptr(unsafe.Pointer(ctime)), uintptr(unsafe.Pointer(atime)), uintptr(unsafe.Pointer(wtime)), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func GetFileAttributes(name *uint16) (attrs uint32, err error) {
+	r0, _, e1 := syscall.Syscall(procGetFileAttributesW.Addr(), 1, uintptr(unsafe.Pointer(name)), 0, 0)
+	attrs = uint32(r0)
+	if attrs == INVALID_FILE_ATTRIBUTES {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func SetFileAttributes(name *uint16, attrs uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procSetFileAttributesW.Addr(), 2, uintptr(unsafe.Pointer(name)), uintptr(attrs), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func GetFileAttributesEx(name *uint16, level uint32, info *byte) (err error) {
+	r1, _, e1 := syscall.Syscall(procGetFileAttributesExW.Addr(), 3, uintptr(unsafe.Pointer(name)), uintptr(level), uintptr(unsafe.Pointer(info)))
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func GetCommandLine() (cmd *uint16) {
+	r0, _, _ := syscall.Syscall(procGetCommandLineW.Addr(), 0, 0, 0, 0)
+	cmd = (*uint16)(unsafe.Pointer(r0))
+	return
+}
+
+func CommandLineToArgv(cmd *uint16, argc *int32) (argv *[8192]*[8192]uint16, err error) {
+	r0, _, e1 := syscall.Syscall(procCommandLineToArgvW.Addr(), 2, uintptr(unsafe.Pointer(cmd)), uintptr(unsafe.Pointer(argc)), 0)
+	argv = (*[8192]*[8192]uint16)(unsafe.Pointer(r0))
+	if argv == nil {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func LocalFree(hmem Handle) (handle Handle, err error) {
+	r0, _, e1 := syscall.Syscall(procLocalFree.Addr(), 1, uintptr(hmem), 0, 0)
+	handle = Handle(r0)
+	if handle != 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func SetHandleInformation(handle Handle, mask uint32, flags uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procSetHandleInformation.Addr(), 3, uintptr(handle), uintptr(mask), uintptr(flags))
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func FlushFileBuffers(handle Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procFlushFileBuffers.Addr(), 1, uintptr(handle), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func GetFullPathName(path *uint16, buflen uint32, buf *uint16, fname **uint16) (n uint32, err error) {
+	r0, _, e1 := syscall.Syscall6(procGetFullPathNameW.Addr(), 4, uintptr(unsafe.Pointer(path)), uintptr(buflen), uintptr(unsafe.Pointer(buf)), uintptr(unsafe.Pointer(fname)), 0, 0)
+	n = uint32(r0)
+	if n == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func GetLongPathName(path *uint16, buf *uint16, buflen uint32) (n uint32, err error) {
+	r0, _, e1 := syscall.Syscall(procGetLongPathNameW.Addr(), 3, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(buf)), uintptr(buflen))
+	n = uint32(r0)
+	if n == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func GetShortPathName(longpath *uint16, shortpath *uint16, buflen uint32) (n uint32, err error) {
+	r0, _, e1 := syscall.Syscall(procGetShortPathNameW.Addr(), 3, uintptr(unsafe.Pointer(longpath)), uintptr(unsafe.Pointer(shortpath)), uintptr(buflen))
+	n = uint32(r0)
+	if n == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func CreateFileMapping(fhandle Handle, sa *SecurityAttributes, prot uint32, maxSizeHigh uint32, maxSizeLow uint32, name *uint16) (handle Handle, err error) {
+	r0, _, e1 := syscall.Syscall6(procCreateFileMappingW.Addr(), 6, uintptr(fhandle), uintptr(unsafe.Pointer(sa)), uintptr(prot), uintptr(maxSizeHigh), uintptr(maxSizeLow), uintptr(unsafe.Pointer(name)))
+	handle = Handle(r0)
+	if handle == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func MapViewOfFile(handle Handle, access uint32, offsetHigh uint32, offsetLow uint32, length uintptr) (addr uintptr, err error) {
+	r0, _, e1 := syscall.Syscall6(procMapViewOfFile.Addr(), 5, uintptr(handle), uintptr(access), uintptr(offsetHigh), uintptr(offsetLow), uintptr(length), 0)
+	addr = uintptr(r0)
+	if addr == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func UnmapViewOfFile(addr uintptr) (err error) {
+	r1, _, e1 := syscall.Syscall(procUnmapViewOfFile.Addr(), 1, uintptr(addr), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func FlushViewOfFile(addr uintptr, length uintptr) (err error) {
+	r1, _, e1 := syscall.Syscall(procFlushViewOfFile.Addr(), 2, uintptr(addr), uintptr(length), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func VirtualLock(addr uintptr, length uintptr) (err error) {
+	r1, _, e1 := syscall.Syscall(procVirtualLock.Addr(), 2, uintptr(addr), uintptr(length), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func VirtualUnlock(addr uintptr, length uintptr) (err error) {
+	r1, _, e1 := syscall.Syscall(procVirtualUnlock.Addr(), 2, uintptr(addr), uintptr(length), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func VirtualAlloc(address uintptr, size uintptr, alloctype uint32, protect uint32) (value uintptr, err error) {
+	r0, _, e1 := syscall.Syscall6(procVirtualAlloc.Addr(), 4, uintptr(address), uintptr(size), uintptr(alloctype), uintptr(protect), 0, 0)
+	value = uintptr(r0)
+	if value == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func VirtualFree(address uintptr, size uintptr, freetype uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procVirtualFree.Addr(), 3, uintptr(address), uintptr(size), uintptr(freetype))
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func VirtualProtect(address uintptr, size uintptr, newprotect uint32, oldprotect *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procVirtualProtect.Addr(), 4, uintptr(address), uintptr(size), uintptr(newprotect), uintptr(unsafe.Pointer(oldprotect)), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func TransmitFile(s Handle, handle Handle, bytesToWrite uint32, bytsPerSend uint32, overlapped *Overlapped, transmitFileBuf *TransmitFileBuffers, flags uint32) (err error) {
+	r1, _, e1 := syscall.Syscall9(procTransmitFile.Addr(), 7, uintptr(s), uintptr(handle), uintptr(bytesToWrite), uintptr(bytsPerSend), uintptr(unsafe.Pointer(overlapped)), uintptr(unsafe.Pointer(transmitFileBuf)), uintptr(flags), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func ReadDirectoryChanges(handle Handle, buf *byte, buflen uint32, watchSubTree bool, mask uint32, retlen *uint32, overlapped *Overlapped, completionRoutine uintptr) (err error) {
+	var _p0 uint32
+	if watchSubTree {
+		_p0 = 1
+	} else {
+		_p0 = 0
+	}
+	r1, _, e1 := syscall.Syscall9(procReadDirectoryChangesW.Addr(), 8, uintptr(handle), uintptr(unsafe.Pointer(buf)), uintptr(buflen), uintptr(_p0), uintptr(mask), uintptr(unsafe.Pointer(retlen)), uintptr(unsafe.Pointer(overlapped)), uintptr(completionRoutine), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func CertOpenSystemStore(hprov Handle, name *uint16) (store Handle, err error) {
+	r0, _, e1 := syscall.Syscall(procCertOpenSystemStoreW.Addr(), 2, uintptr(hprov), uintptr(unsafe.Pointer(name)), 0)
+	store = Handle(r0)
+	if store == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func CertOpenStore(storeProvider uintptr, msgAndCertEncodingType uint32, cryptProv uintptr, flags uint32, para uintptr) (handle Handle, err error) {
+	r0, _, e1 := syscall.Syscall6(procCertOpenStore.Addr(), 5, uintptr(storeProvider), uintptr(msgAndCertEncodingType), uintptr(cryptProv), uintptr(flags), uintptr(para), 0)
+	handle = Handle(r0)
+	if handle == InvalidHandle {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func CertEnumCertificatesInStore(store Handle, prevContext *CertContext) (context *CertContext, err error) {
+	r0, _, e1 := syscall.Syscall(procCertEnumCertificatesInStore.Addr(), 2, uintptr(store), uintptr(unsafe.Pointer(prevContext)), 0)
+	context = (*CertContext)(unsafe.Pointer(r0))
+	if context == nil {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func CertAddCertificateContextToStore(store Handle, certContext *CertContext, addDisposition uint32, storeContext **CertContext) (err error) {
+	r1, _, e1 := syscall.Syscall6(procCertAddCertificateContextToStore.Addr(), 4, uintptr(store), uintptr(unsafe.Pointer(certContext)), uintptr(addDisposition), uintptr(unsafe.Pointer(storeContext)), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func CertCloseStore(store Handle, flags uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procCertCloseStore.Addr(), 2, uintptr(store), uintptr(flags), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func CertGetCertificateChain(engine Handle, leaf *CertContext, time *Filetime, additionalStore Handle, para *CertChainPara, flags uint32, reserved uintptr, chainCtx **CertChainContext) (err error) {
+	r1, _, e1 := syscall.Syscall9(procCertGetCertificateChain.Addr(), 8, uintptr(engine), uintptr(unsafe.Pointer(leaf)), uintptr(unsafe.Pointer(time)), uintptr(additionalStore), uintptr(unsafe.Pointer(para)), uintptr(flags), uintptr(reserved), uintptr(unsafe.Pointer(chainCtx)), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func CertFreeCertificateChain(ctx *CertChainContext) {
+	syscall.Syscall(procCertFreeCertificateChain.Addr(), 1, uintptr(unsafe.Pointer(ctx)), 0, 0)
+	return
+}
+
+func CertCreateCertificateContext(certEncodingType uint32, certEncoded *byte, encodedLen uint32) (context *CertContext, err error) {
+	r0, _, e1 := syscall.Syscall(procCertCreateCertificateContext.Addr(), 3, uintptr(certEncodingType), uintptr(unsafe.Pointer(certEncoded)), uintptr(encodedLen))
+	context = (*CertContext)(unsafe.Pointer(r0))
+	if context == nil {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func CertFreeCertificateContext(ctx *CertContext) (err error) {
+	r1, _, e1 := syscall.Syscall(procCertFreeCertificateContext.Addr(), 1, uintptr(unsafe.Pointer(ctx)), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func CertVerifyCertificateChainPolicy(policyOID uintptr, chain *CertChainContext, para *CertChainPolicyPara, status *CertChainPolicyStatus) (err error) {
+	r1, _, e1 := syscall.Syscall6(procCertVerifyCertificateChainPolicy.Addr(), 4, uintptr(policyOID), uintptr(unsafe.Pointer(chain)), uintptr(unsafe.Pointer(para)), uintptr(unsafe.Pointer(status)), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func RegOpenKeyEx(key Handle, subkey *uint16, options uint32, desiredAccess uint32, result *Handle) (regerrno error) {
+	r0, _, _ := syscall.Syscall6(procRegOpenKeyExW.Addr(), 5, uintptr(key), uintptr(unsafe.Pointer(subkey)), uintptr(options), uintptr(desiredAccess), uintptr(unsafe.Pointer(result)), 0)
+	if r0 != 0 {
+		regerrno = syscall.Errno(r0)
+	}
+	return
+}
+
+func RegCloseKey(key Handle) (regerrno error) {
+	r0, _, _ := syscall.Syscall(procRegCloseKey.Addr(), 1, uintptr(key), 0, 0)
+	if r0 != 0 {
+		regerrno = syscall.Errno(r0)
+	}
+	return
+}
+
+func RegQueryInfoKey(key Handle, class *uint16, classLen *uint32, reserved *uint32, subkeysLen *uint32, maxSubkeyLen *uint32, maxClassLen *uint32, valuesLen *uint32, maxValueNameLen *uint32, maxValueLen *uint32, saLen *uint32, lastWriteTime *Filetime) (regerrno error) {
+	r0, _, _ := syscall.Syscall12(procRegQueryInfoKeyW.Addr(), 12, uintptr(key), uintptr(unsafe.Pointer(class)), uintptr(unsafe.Pointer(classLen)), uintptr(unsafe.Pointer(reserved)), uintptr(unsafe.Pointer(subkeysLen)), uintptr(unsafe.Pointer(maxSubkeyLen)), uintptr(unsafe.Pointer(maxClassLen)), uintptr(unsafe.Pointer(valuesLen)), uintptr(unsafe.Pointer(maxValueNameLen)), uintptr(unsafe.Pointer(maxValueLen)), uintptr(unsafe.Pointer(saLen)), uintptr(unsafe.Pointer(lastWriteTime)))
+	if r0 != 0 {
+		regerrno = syscall.Errno(r0)
+	}
+	return
+}
+
+func RegEnumKeyEx(key Handle, index uint32, name *uint16, nameLen *uint32, reserved *uint32, class *uint16, classLen *uint32, lastWriteTime *Filetime) (regerrno error) {
+	r0, _, _ := syscall.Syscall9(procRegEnumKeyExW.Addr(), 8, uintptr(key), uintptr(index), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(nameLen)), uintptr(unsafe.Pointer(reserved)), uintptr(unsafe.Pointer(class)), uintptr(unsafe.Pointer(classLen)), uintptr(unsafe.Pointer(lastWriteTime)), 0)
+	if r0 != 0 {
+		regerrno = syscall.Errno(r0)
+	}
+	return
+}
+
+func RegQueryValueEx(key Handle, name *uint16, reserved *uint32, valtype *uint32, buf *byte, buflen *uint32) (regerrno error) {
+	r0, _, _ := syscall.Syscall6(procRegQueryValueExW.Addr(), 6, uintptr(key), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(reserved)), uintptr(unsafe.Pointer(valtype)), uintptr(unsafe.Pointer(buf)), uintptr(unsafe.Pointer(buflen)))
+	if r0 != 0 {
+		regerrno = syscall.Errno(r0)
+	}
+	return
+}
+
+func GetCurrentProcessId() (pid uint32) {
+	r0, _, _ := syscall.Syscall(procGetCurrentProcessId.Addr(), 0, 0, 0, 0)
+	pid = uint32(r0)
+	return
+}
+
+func GetConsoleMode(console Handle, mode *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procGetConsoleMode.Addr(), 2, uintptr(console), uintptr(unsafe.Pointer(mode)), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func SetConsoleMode(console Handle, mode uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procSetConsoleMode.Addr(), 2, uintptr(console), uintptr(mode), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func GetConsoleScreenBufferInfo(console Handle, info *ConsoleScreenBufferInfo) (err error) {
+	r1, _, e1 := syscall.Syscall(procGetConsoleScreenBufferInfo.Addr(), 2, uintptr(console), uintptr(unsafe.Pointer(info)), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func WriteConsole(console Handle, buf *uint16, towrite uint32, written *uint32, reserved *byte) (err error) {
+	r1, _, e1 := syscall.Syscall6(procWriteConsoleW.Addr(), 5, uintptr(console), uintptr(unsafe.Pointer(buf)), uintptr(towrite), uintptr(unsafe.Pointer(written)), uintptr(unsafe.Pointer(reserved)), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func ReadConsole(console Handle, buf *uint16, toread uint32, read *uint32, inputControl *byte) (err error) {
+	r1, _, e1 := syscall.Syscall6(procReadConsoleW.Addr(), 5, uintptr(console), uintptr(unsafe.Pointer(buf)), uintptr(toread), uintptr(unsafe.Pointer(read)), uintptr(unsafe.Pointer(inputControl)), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func CreateToolhelp32Snapshot(flags uint32, processId uint32) (handle Handle, err error) {
+	r0, _, e1 := syscall.Syscall(procCreateToolhelp32Snapshot.Addr(), 2, uintptr(flags), uintptr(processId), 0)
+	handle = Handle(r0)
+	if handle == InvalidHandle {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func Process32First(snapshot Handle, procEntry *ProcessEntry32) (err error) {
+	r1, _, e1 := syscall.Syscall(procProcess32FirstW.Addr(), 2, uintptr(snapshot), uintptr(unsafe.Pointer(procEntry)), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func Process32Next(snapshot Handle, procEntry *ProcessEntry32) (err error) {
+	r1, _, e1 := syscall.Syscall(procProcess32NextW.Addr(), 2, uintptr(snapshot), uintptr(unsafe.Pointer(procEntry)), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func Thread32First(snapshot Handle, threadEntry *ThreadEntry32) (err error) {
+	r1, _, e1 := syscall.Syscall(procThread32First.Addr(), 2, uintptr(snapshot), uintptr(unsafe.Pointer(threadEntry)), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func Thread32Next(snapshot Handle, threadEntry *ThreadEntry32) (err error) {
+	r1, _, e1 := syscall.Syscall(procThread32Next.Addr(), 2, uintptr(snapshot), uintptr(unsafe.Pointer(threadEntry)), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func DeviceIoControl(handle Handle, ioControlCode uint32, inBuffer *byte, inBufferSize uint32, outBuffer *byte, outBufferSize uint32, bytesReturned *uint32, overlapped *Overlapped) (err error) {
+	r1, _, e1 := syscall.Syscall9(procDeviceIoControl.Addr(), 8, uintptr(handle), uintptr(ioControlCode), uintptr(unsafe.Pointer(inBuffer)), uintptr(inBufferSize), uintptr(unsafe.Pointer(outBuffer)), uintptr(outBufferSize), uintptr(unsafe.Pointer(bytesReturned)), uintptr(unsafe.Pointer(overlapped)), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func CreateSymbolicLink(symlinkfilename *uint16, targetfilename *uint16, flags uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procCreateSymbolicLinkW.Addr(), 3, uintptr(unsafe.Pointer(symlinkfilename)), uintptr(unsafe.Pointer(targetfilename)), uintptr(flags))
+	if r1&0xff == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func CreateHardLink(filename *uint16, existingfilename *uint16, reserved uintptr) (err error) {
+	r1, _, e1 := syscall.Syscall(procCreateHardLinkW.Addr(), 3, uintptr(unsafe.Pointer(filename)), uintptr(unsafe.Pointer(existingfilename)), uintptr(reserved))
+	if r1&0xff == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func GetCurrentThreadId() (id uint32) {
+	r0, _, _ := syscall.Syscall(procGetCurrentThreadId.Addr(), 0, 0, 0, 0)
+	id = uint32(r0)
+	return
+}
+
+func CreateEvent(eventAttrs *SecurityAttributes, manualReset uint32, initialState uint32, name *uint16) (handle Handle, err error) {
+	r0, _, e1 := syscall.Syscall6(procCreateEventW.Addr(), 4, uintptr(unsafe.Pointer(eventAttrs)), uintptr(manualReset), uintptr(initialState), uintptr(unsafe.Pointer(name)), 0, 0)
+	handle = Handle(r0)
+	if handle == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func CreateEventEx(eventAttrs *SecurityAttributes, name *uint16, flags uint32, desiredAccess uint32) (handle Handle, err error) {
+	r0, _, e1 := syscall.Syscall6(procCreateEventExW.Addr(), 4, uintptr(unsafe.Pointer(eventAttrs)), uintptr(unsafe.Pointer(name)), uintptr(flags), uintptr(desiredAccess), 0, 0)
+	handle = Handle(r0)
+	if handle == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func OpenEvent(desiredAccess uint32, inheritHandle bool, name *uint16) (handle Handle, err error) {
+	var _p0 uint32
+	if inheritHandle {
+		_p0 = 1
+	} else {
+		_p0 = 0
+	}
+	r0, _, e1 := syscall.Syscall(procOpenEventW.Addr(), 3, uintptr(desiredAccess), uintptr(_p0), uintptr(unsafe.Pointer(name)))
+	handle = Handle(r0)
+	if handle == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func SetEvent(event Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procSetEvent.Addr(), 1, uintptr(event), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func ResetEvent(event Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procResetEvent.Addr(), 1, uintptr(event), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func PulseEvent(event Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procPulseEvent.Addr(), 1, uintptr(event), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func CreateMutex(mutexAttrs *SecurityAttributes, initialOwner bool, name *uint16) (handle Handle, err error) {
+	var _p0 uint32
+	if initialOwner {
+		_p0 = 1
+	} else {
+		_p0 = 0
+	}
+	r0, _, e1 := syscall.Syscall(procCreateMutexW.Addr(), 3, uintptr(unsafe.Pointer(mutexAttrs)), uintptr(_p0), uintptr(unsafe.Pointer(name)))
+	handle = Handle(r0)
+	if handle == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func CreateMutexEx(mutexAttrs *SecurityAttributes, name *uint16, flags uint32, desiredAccess uint32) (handle Handle, err error) {
+	r0, _, e1 := syscall.Syscall6(procCreateMutexExW.Addr(), 4, uintptr(unsafe.Pointer(mutexAttrs)), uintptr(unsafe.Pointer(name)), uintptr(flags), uintptr(desiredAccess), 0, 0)
+	handle = Handle(r0)
+	if handle == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func OpenMutex(desiredAccess uint32, inheritHandle bool, name *uint16) (handle Handle, err error) {
+	var _p0 uint32
+	if inheritHandle {
+		_p0 = 1
+	} else {
+		_p0 = 0
+	}
+	r0, _, e1 := syscall.Syscall(procOpenMutexW.Addr(), 3, uintptr(desiredAccess), uintptr(_p0), uintptr(unsafe.Pointer(name)))
+	handle = Handle(r0)
+	if handle == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func ReleaseMutex(mutex Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procReleaseMutex.Addr(), 1, uintptr(mutex), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func SleepEx(milliseconds uint32, alertable bool) (ret uint32) {
+	var _p0 uint32
+	if alertable {
+		_p0 = 1
+	} else {
+		_p0 = 0
+	}
+	r0, _, _ := syscall.Syscall(procSleepEx.Addr(), 2, uintptr(milliseconds), uintptr(_p0), 0)
+	ret = uint32(r0)
+	return
+}
+
+func CreateJobObject(jobAttr *SecurityAttributes, name *uint16) (handle Handle, err error) {
+	r0, _, e1 := syscall.Syscall(procCreateJobObjectW.Addr(), 2, uintptr(unsafe.Pointer(jobAttr)), uintptr(unsafe.Pointer(name)), 0)
+	handle = Handle(r0)
+	if handle == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func AssignProcessToJobObject(job Handle, process Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procAssignProcessToJobObject.Addr(), 2, uintptr(job), uintptr(process), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func TerminateJobObject(job Handle, exitCode uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procTerminateJobObject.Addr(), 2, uintptr(job), uintptr(exitCode), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func SetErrorMode(mode uint32) (ret uint32) {
+	r0, _, _ := syscall.Syscall(procSetErrorMode.Addr(), 1, uintptr(mode), 0, 0)
+	ret = uint32(r0)
+	return
+}
+
+func ResumeThread(thread Handle) (ret uint32, err error) {
+	r0, _, e1 := syscall.Syscall(procResumeThread.Addr(), 1, uintptr(thread), 0, 0)
+	ret = uint32(r0)
+	if ret == 0xffffffff {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func SetPriorityClass(process Handle, priorityClass uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procSetPriorityClass.Addr(), 2, uintptr(process), uintptr(priorityClass), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func GetPriorityClass(process Handle) (ret uint32, err error) {
+	r0, _, e1 := syscall.Syscall(procGetPriorityClass.Addr(), 1, uintptr(process), 0, 0)
+	ret = uint32(r0)
+	if ret == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func QueryInformationJobObject(job Handle, JobObjectInformationClass int32, JobObjectInformation uintptr, JobObjectInformationLength uint32, retlen *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procQueryInformationJobObject.Addr(), 5, uintptr(job), uintptr(JobObjectInformationClass), uintptr(JobObjectInformation), uintptr(JobObjectInformationLength), uintptr(unsafe.Pointer(retlen)), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func SetInformationJobObject(job Handle, JobObjectInformationClass uint32, JobObjectInformation uintptr, JobObjectInformationLength uint32) (ret int, err error) {
+	r0, _, e1 := syscall.Syscall6(procSetInformationJobObject.Addr(), 4, uintptr(job), uintptr(JobObjectInformationClass), uintptr(JobObjectInformation), uintptr(JobObjectInformationLength), 0, 0)
+	ret = int(r0)
+	if ret == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func GenerateConsoleCtrlEvent(ctrlEvent uint32, processGroupID uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procGenerateConsoleCtrlEvent.Addr(), 2, uintptr(ctrlEvent), uintptr(processGroupID), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func GetProcessId(process Handle) (id uint32, err error) {
+	r0, _, e1 := syscall.Syscall(procGetProcessId.Addr(), 1, uintptr(process), 0, 0)
+	id = uint32(r0)
+	if id == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func OpenThread(desiredAccess uint32, inheritHandle bool, threadId uint32) (handle Handle, err error) {
+	var _p0 uint32
+	if inheritHandle {
+		_p0 = 1
+	} else {
+		_p0 = 0
+	}
+	r0, _, e1 := syscall.Syscall(procOpenThread.Addr(), 3, uintptr(desiredAccess), uintptr(_p0), uintptr(threadId))
+	handle = Handle(r0)
+	if handle == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func SetProcessPriorityBoost(process Handle, disable bool) (err error) {
+	var _p0 uint32
+	if disable {
+		_p0 = 1
+	} else {
+		_p0 = 0
+	}
+	r1, _, e1 := syscall.Syscall(procSetProcessPriorityBoost.Addr(), 2, uintptr(process), uintptr(_p0), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func GetProcessWorkingSetSizeEx(hProcess Handle, lpMinimumWorkingSetSize *uintptr, lpMaximumWorkingSetSize *uintptr, flags *uint32) {
+	syscall.Syscall6(procGetProcessWorkingSetSizeEx.Addr(), 4, uintptr(hProcess), uintptr(unsafe.Pointer(lpMinimumWorkingSetSize)), uintptr(unsafe.Pointer(lpMaximumWorkingSetSize)), uintptr(unsafe.Pointer(flags)), 0, 0)
+	return
+}
+
+func SetProcessWorkingSetSizeEx(hProcess Handle, dwMinimumWorkingSetSize uintptr, dwMaximumWorkingSetSize uintptr, flags uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procSetProcessWorkingSetSizeEx.Addr(), 4, uintptr(hProcess), uintptr(dwMinimumWorkingSetSize), uintptr(dwMaximumWorkingSetSize), uintptr(flags), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func DefineDosDevice(flags uint32, deviceName *uint16, targetPath *uint16) (err error) {
+	r1, _, e1 := syscall.Syscall(procDefineDosDeviceW.Addr(), 3, uintptr(flags), uintptr(unsafe.Pointer(deviceName)), uintptr(unsafe.Pointer(targetPath)))
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func DeleteVolumeMountPoint(volumeMountPoint *uint16) (err error) {
+	r1, _, e1 := syscall.Syscall(procDeleteVolumeMountPointW.Addr(), 1, uintptr(unsafe.Pointer(volumeMountPoint)), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func FindFirstVolume(volumeName *uint16, bufferLength uint32) (handle Handle, err error) {
+	r0, _, e1 := syscall.Syscall(procFindFirstVolumeW.Addr(), 2, uintptr(unsafe.Pointer(volumeName)), uintptr(bufferLength), 0)
+	handle = Handle(r0)
+	if handle == InvalidHandle {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func FindFirstVolumeMountPoint(rootPathName *uint16, volumeMountPoint *uint16, bufferLength uint32) (handle Handle, err error) {
+	r0, _, e1 := syscall.Syscall(procFindFirstVolumeMountPointW.Addr(), 3, uintptr(unsafe.Pointer(rootPathName)), uintptr(unsafe.Pointer(volumeMountPoint)), uintptr(bufferLength))
+	handle = Handle(r0)
+	if handle == InvalidHandle {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func FindNextVolume(findVolume Handle, volumeName *uint16, bufferLength uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procFindNextVolumeW.Addr(), 3, uintptr(findVolume), uintptr(unsafe.Pointer(volumeName)), uintptr(bufferLength))
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func FindNextVolumeMountPoint(findVolumeMountPoint Handle, volumeMountPoint *uint16, bufferLength uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procFindNextVolumeMountPointW.Addr(), 3, uintptr(findVolumeMountPoint), uintptr(unsafe.Pointer(volumeMountPoint)), uintptr(bufferLength))
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func FindVolumeClose(findVolume Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procFindVolumeClose.Addr(), 1, uintptr(findVolume), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func FindVolumeMountPointClose(findVolumeMountPoint Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procFindVolumeMountPointClose.Addr(), 1, uintptr(findVolumeMountPoint), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func GetDiskFreeSpaceEx(directoryName *uint16, freeBytesAvailableToCaller *uint64, totalNumberOfBytes *uint64, totalNumberOfFreeBytes *uint64) (err error) {
+	r1, _, e1 := syscall.Syscall6(procGetDiskFreeSpaceExW.Addr(), 4, uintptr(unsafe.Pointer(directoryName)), uintptr(unsafe.Pointer(freeBytesAvailableToCaller)), uintptr(unsafe.Pointer(totalNumberOfBytes)), uintptr(unsafe.Pointer(totalNumberOfFreeBytes)), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func GetDriveType(rootPathName *uint16) (driveType uint32) {
+	r0, _, _ := syscall.Syscall(procGetDriveTypeW.Addr(), 1, uintptr(unsafe.Pointer(rootPathName)), 0, 0)
+	driveType = uint32(r0)
+	return
+}
+
+func GetLogicalDrives() (drivesBitMask uint32, err error) {
+	r0, _, e1 := syscall.Syscall(procGetLogicalDrives.Addr(), 0, 0, 0, 0)
+	drivesBitMask = uint32(r0)
+	if drivesBitMask == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func GetLogicalDriveStrings(bufferLength uint32, buffer *uint16) (n uint32, err error) {
+	r0, _, e1 := syscall.Syscall(procGetLogicalDriveStringsW.Addr(), 2, uintptr(bufferLength), uintptr(unsafe.Pointer(buffer)), 0)
+	n = uint32(r0)
+	if n == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func GetVolumeInformation(rootPathName *uint16, volumeNameBuffer *uint16, volumeNameSize uint32, volumeNameSerialNumber *uint32, maximumComponentLength *uint32, fileSystemFlags *uint32, fileSystemNameBuffer *uint16, fileSystemNameSize uint32) (err error) {
+	r1, _, e1 := syscall.Syscall9(procGetVolumeInformationW.Addr(), 8, uintptr(unsafe.Pointer(rootPathName)), uintptr(unsafe.Pointer(volumeNameBuffer)), uintptr(volumeNameSize), uintptr(unsafe.Pointer(volumeNameSerialNumber)), uintptr(unsafe.Pointer(maximumComponentLength)), uintptr(unsafe.Pointer(fileSystemFlags)), uintptr(unsafe.Pointer(fileSystemNameBuffer)), uintptr(fileSystemNameSize), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func GetVolumeInformationByHandle(file Handle, volumeNameBuffer *uint16, volumeNameSize uint32, volumeNameSerialNumber *uint32, maximumComponentLength *uint32, fileSystemFlags *uint32, fileSystemNameBuffer *uint16, fileSystemNameSize uint32) (err error) {
+	r1, _, e1 := syscall.Syscall9(procGetVolumeInformationByHandleW.Addr(), 8, uintptr(file), uintptr(unsafe.Pointer(volumeNameBuffer)), uintptr(volumeNameSize), uintptr(unsafe.Pointer(volumeNameSerialNumber)), uintptr(unsafe.Pointer(maximumComponentLength)), uintptr(unsafe.Pointer(fileSystemFlags)), uintptr(unsafe.Pointer(fileSystemNameBuffer)), uintptr(fileSystemNameSize), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func GetVolumeNameForVolumeMountPoint(volumeMountPoint *uint16, volumeName *uint16, bufferlength uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procGetVolumeNameForVolumeMountPointW.Addr(), 3, uintptr(unsafe.Pointer(volumeMountPoint)), uintptr(unsafe.Pointer(volumeName)), uintptr(bufferlength))
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func GetVolumePathName(fileName *uint16, volumePathName *uint16, bufferLength uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procGetVolumePathNameW.Addr(), 3, uintptr(unsafe.Pointer(fileName)), uintptr(unsafe.Pointer(volumePathName)), uintptr(bufferLength))
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func GetVolumePathNamesForVolumeName(volumeName *uint16, volumePathNames *uint16, bufferLength uint32, returnLength *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procGetVolumePathNamesForVolumeNameW.Addr(), 4, uintptr(unsafe.Pointer(volumeName)), uintptr(unsafe.Pointer(volumePathNames)), uintptr(bufferLength), uintptr(unsafe.Pointer(returnLength)), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func QueryDosDevice(deviceName *uint16, targetPath *uint16, max uint32) (n uint32, err error) {
+	r0, _, e1 := syscall.Syscall(procQueryDosDeviceW.Addr(), 3, uintptr(unsafe.Pointer(deviceName)), uintptr(unsafe.Pointer(targetPath)), uintptr(max))
+	n = uint32(r0)
+	if n == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func SetVolumeLabel(rootPathName *uint16, volumeName *uint16) (err error) {
+	r1, _, e1 := syscall.Syscall(procSetVolumeLabelW.Addr(), 2, uintptr(unsafe.Pointer(rootPathName)), uintptr(unsafe.Pointer(volumeName)), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func SetVolumeMountPoint(volumeMountPoint *uint16, volumeName *uint16) (err error) {
+	r1, _, e1 := syscall.Syscall(procSetVolumeMountPointW.Addr(), 2, uintptr(unsafe.Pointer(volumeMountPoint)), uintptr(unsafe.Pointer(volumeName)), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func MessageBox(hwnd Handle, text *uint16, caption *uint16, boxtype uint32) (ret int32, err error) {
+	r0, _, e1 := syscall.Syscall6(procMessageBoxW.Addr(), 4, uintptr(hwnd), uintptr(unsafe.Pointer(text)), uintptr(unsafe.Pointer(caption)), uintptr(boxtype), 0, 0)
+	ret = int32(r0)
+	if ret == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func ExitWindowsEx(flags uint32, reason uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procExitWindowsEx.Addr(), 2, uintptr(flags), uintptr(reason), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func InitiateSystemShutdownEx(machineName *uint16, message *uint16, timeout uint32, forceAppsClosed bool, rebootAfterShutdown bool, reason uint32) (err error) {
+	var _p0 uint32
+	if forceAppsClosed {
+		_p0 = 1
+	} else {
+		_p0 = 0
+	}
+	var _p1 uint32
+	if rebootAfterShutdown {
+		_p1 = 1
+	} else {
+		_p1 = 0
+	}
+	r1, _, e1 := syscall.Syscall6(procInitiateSystemShutdownExW.Addr(), 6, uintptr(unsafe.Pointer(machineName)), uintptr(unsafe.Pointer(message)), uintptr(timeout), uintptr(_p0), uintptr(_p1), uintptr(reason))
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func SetProcessShutdownParameters(level uint32, flags uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procSetProcessShutdownParameters.Addr(), 2, uintptr(level), uintptr(flags), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func GetProcessShutdownParameters(level *uint32, flags *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procGetProcessShutdownParameters.Addr(), 2, uintptr(unsafe.Pointer(level)), uintptr(unsafe.Pointer(flags)), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func clsidFromString(lpsz *uint16, pclsid *GUID) (ret error) {
+	r0, _, _ := syscall.Syscall(procCLSIDFromString.Addr(), 2, uintptr(unsafe.Pointer(lpsz)), uintptr(unsafe.Pointer(pclsid)), 0)
+	if r0 != 0 {
+		ret = syscall.Errno(r0)
+	}
+	return
+}
+
+func stringFromGUID2(rguid *GUID, lpsz *uint16, cchMax int32) (chars int32) {
+	r0, _, _ := syscall.Syscall(procStringFromGUID2.Addr(), 3, uintptr(unsafe.Pointer(rguid)), uintptr(unsafe.Pointer(lpsz)), uintptr(cchMax))
+	chars = int32(r0)
+	return
+}
+
+func coCreateGuid(pguid *GUID) (ret error) {
+	r0, _, _ := syscall.Syscall(procCoCreateGuid.Addr(), 1, uintptr(unsafe.Pointer(pguid)), 0, 0)
+	if r0 != 0 {
+		ret = syscall.Errno(r0)
+	}
+	return
+}
+
+func CoTaskMemFree(address unsafe.Pointer) {
+	syscall.Syscall(procCoTaskMemFree.Addr(), 1, uintptr(address), 0, 0)
+	return
+}
+
+func rtlGetVersion(info *OsVersionInfoEx) (ret error) {
+	r0, _, _ := syscall.Syscall(procRtlGetVersion.Addr(), 1, uintptr(unsafe.Pointer(info)), 0, 0)
+	if r0 != 0 {
+		ret = syscall.Errno(r0)
+	}
+	return
+}
+
+func rtlGetNtVersionNumbers(majorVersion *uint32, minorVersion *uint32, buildNumber *uint32) {
+	syscall.Syscall(procRtlGetNtVersionNumbers.Addr(), 3, uintptr(unsafe.Pointer(majorVersion)), uintptr(unsafe.Pointer(minorVersion)), uintptr(unsafe.Pointer(buildNumber)))
+	return
+}
+
+func getProcessPreferredUILanguages(flags uint32, numLanguages *uint32, buf *uint16, bufSize *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procGetProcessPreferredUILanguages.Addr(), 4, uintptr(flags), uintptr(unsafe.Pointer(numLanguages)), uintptr(unsafe.Pointer(buf)), uintptr(unsafe.Pointer(bufSize)), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func getThreadPreferredUILanguages(flags uint32, numLanguages *uint32, buf *uint16, bufSize *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procGetThreadPreferredUILanguages.Addr(), 4, uintptr(flags), uintptr(unsafe.Pointer(numLanguages)), uintptr(unsafe.Pointer(buf)), uintptr(unsafe.Pointer(bufSize)), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func getUserPreferredUILanguages(flags uint32, numLanguages *uint32, buf *uint16, bufSize *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procGetUserPreferredUILanguages.Addr(), 4, uintptr(flags), uintptr(unsafe.Pointer(numLanguages)), uintptr(unsafe.Pointer(buf)), uintptr(unsafe.Pointer(bufSize)), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func getSystemPreferredUILanguages(flags uint32, numLanguages *uint32, buf *uint16, bufSize *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procGetSystemPreferredUILanguages.Addr(), 4, uintptr(flags), uintptr(unsafe.Pointer(numLanguages)), uintptr(unsafe.Pointer(buf)), uintptr(unsafe.Pointer(bufSize)), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func EnumProcesses(processIds []uint32, bytesReturned *uint32) (err error) {
+	var _p0 *uint32
+	if len(processIds) > 0 {
+		_p0 = &processIds[0]
+	}
+	r1, _, e1 := syscall.Syscall(procEnumProcesses.Addr(), 3, uintptr(unsafe.Pointer(_p0)), uintptr(len(processIds)), uintptr(unsafe.Pointer(bytesReturned)))
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func WSAStartup(verreq uint32, data *WSAData) (sockerr error) {
+	r0, _, _ := syscall.Syscall(procWSAStartup.Addr(), 2, uintptr(verreq), uintptr(unsafe.Pointer(data)), 0)
+	if r0 != 0 {
+		sockerr = syscall.Errno(r0)
+	}
+	return
+}
+
+func WSACleanup() (err error) {
+	r1, _, e1 := syscall.Syscall(procWSACleanup.Addr(), 0, 0, 0, 0)
+	if r1 == socket_error {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func WSAIoctl(s Handle, iocc uint32, inbuf *byte, cbif uint32, outbuf *byte, cbob uint32, cbbr *uint32, overlapped *Overlapped, completionRoutine uintptr) (err error) {
+	r1, _, e1 := syscall.Syscall9(procWSAIoctl.Addr(), 9, uintptr(s), uintptr(iocc), uintptr(unsafe.Pointer(inbuf)), uintptr(cbif), uintptr(unsafe.Pointer(outbuf)), uintptr(cbob), uintptr(unsafe.Pointer(cbbr)), uintptr(unsafe.Pointer(overlapped)), uintptr(completionRoutine))
+	if r1 == socket_error {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func socket(af int32, typ int32, protocol int32) (handle Handle, err error) {
+	r0, _, e1 := syscall.Syscall(procsocket.Addr(), 3, uintptr(af), uintptr(typ), uintptr(protocol))
+	handle = Handle(r0)
+	if handle == InvalidHandle {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func sendto(s Handle, buf []byte, flags int32, to unsafe.Pointer, tolen int32) (err error) {
+	var _p0 *byte
+	if len(buf) > 0 {
+		_p0 = &buf[0]
+	}
+	r1, _, e1 := syscall.Syscall6(procsendto.Addr(), 6, uintptr(s), uintptr(unsafe.Pointer(_p0)), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(tolen))
+	if r1 == socket_error {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func recvfrom(s Handle, buf []byte, flags int32, from *RawSockaddrAny, fromlen *int32) (n int32, err error) {
+	var _p0 *byte
+	if len(buf) > 0 {
+		_p0 = &buf[0]
+	}
+	r0, _, e1 := syscall.Syscall6(procrecvfrom.Addr(), 6, uintptr(s), uintptr(unsafe.Pointer(_p0)), uintptr(len(buf)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+	n = int32(r0)
+	if n == -1 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func Setsockopt(s Handle, level int32, optname int32, optval *byte, optlen int32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procsetsockopt.Addr(), 5, uintptr(s), uintptr(level), uintptr(optname), uintptr(unsafe.Pointer(optval)), uintptr(optlen), 0)
+	if r1 == socket_error {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func Getsockopt(s Handle, level int32, optname int32, optval *byte, optlen *int32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procgetsockopt.Addr(), 5, uintptr(s), uintptr(level), uintptr(optname), uintptr(unsafe.Pointer(optval)), uintptr(unsafe.Pointer(optlen)), 0)
+	if r1 == socket_error {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func bind(s Handle, name unsafe.Pointer, namelen int32) (err error) {
+	r1, _, e1 := syscall.Syscall(procbind.Addr(), 3, uintptr(s), uintptr(name), uintptr(namelen))
+	if r1 == socket_error {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func connect(s Handle, name unsafe.Pointer, namelen int32) (err error) {
+	r1, _, e1 := syscall.Syscall(procconnect.Addr(), 3, uintptr(s), uintptr(name), uintptr(namelen))
+	if r1 == socket_error {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func getsockname(s Handle, rsa *RawSockaddrAny, addrlen *int32) (err error) {
+	r1, _, e1 := syscall.Syscall(procgetsockname.Addr(), 3, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if r1 == socket_error {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func getpeername(s Handle, rsa *RawSockaddrAny, addrlen *int32) (err error) {
+	r1, _, e1 := syscall.Syscall(procgetpeername.Addr(), 3, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if r1 == socket_error {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func listen(s Handle, backlog int32) (err error) {
+	r1, _, e1 := syscall.Syscall(proclisten.Addr(), 2, uintptr(s), uintptr(backlog), 0)
+	if r1 == socket_error {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func shutdown(s Handle, how int32) (err error) {
+	r1, _, e1 := syscall.Syscall(procshutdown.Addr(), 2, uintptr(s), uintptr(how), 0)
+	if r1 == socket_error {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func Closesocket(s Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procclosesocket.Addr(), 1, uintptr(s), 0, 0)
+	if r1 == socket_error {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func AcceptEx(ls Handle, as Handle, buf *byte, rxdatalen uint32, laddrlen uint32, raddrlen uint32, recvd *uint32, overlapped *Overlapped) (err error) {
+	r1, _, e1 := syscall.Syscall9(procAcceptEx.Addr(), 8, uintptr(ls), uintptr(as), uintptr(unsafe.Pointer(buf)), uintptr(rxdatalen), uintptr(laddrlen), uintptr(raddrlen), uintptr(unsafe.Pointer(recvd)), uintptr(unsafe.Pointer(overlapped)), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func GetAcceptExSockaddrs(buf *byte, rxdatalen uint32, laddrlen uint32, raddrlen uint32, lrsa **RawSockaddrAny, lrsalen *int32, rrsa **RawSockaddrAny, rrsalen *int32) {
+	syscall.Syscall9(procGetAcceptExSockaddrs.Addr(), 8, uintptr(unsafe.Pointer(buf)), uintptr(rxdatalen), uintptr(laddrlen), uintptr(raddrlen), uintptr(unsafe.Pointer(lrsa)), uintptr(unsafe.Pointer(lrsalen)), uintptr(unsafe.Pointer(rrsa)), uintptr(unsafe.Pointer(rrsalen)), 0)
+	return
+}
+
+func WSARecv(s Handle, bufs *WSABuf, bufcnt uint32, recvd *uint32, flags *uint32, overlapped *Overlapped, croutine *byte) (err error) {
+	r1, _, e1 := syscall.Syscall9(procWSARecv.Addr(), 7, uintptr(s), uintptr(unsafe.Pointer(bufs)), uintptr(bufcnt), uintptr(unsafe.Pointer(recvd)), uintptr(unsafe.Pointer(flags)), uintptr(unsafe.Pointer(overlapped)), uintptr(unsafe.Pointer(croutine)), 0, 0)
+	if r1 == socket_error {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func WSASend(s Handle, bufs *WSABuf, bufcnt uint32, sent *uint32, flags uint32, overlapped *Overlapped, croutine *byte) (err error) {
+	r1, _, e1 := syscall.Syscall9(procWSASend.Addr(), 7, uintptr(s), uintptr(unsafe.Pointer(bufs)), uintptr(bufcnt), uintptr(unsafe.Pointer(sent)), uintptr(flags), uintptr(unsafe.Pointer(overlapped)), uintptr(unsafe.Pointer(croutine)), 0, 0)
+	if r1 == socket_error {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func WSARecvFrom(s Handle, bufs *WSABuf, bufcnt uint32, recvd *uint32, flags *uint32, from *RawSockaddrAny, fromlen *int32, overlapped *Overlapped, croutine *byte) (err error) {
+	r1, _, e1 := syscall.Syscall9(procWSARecvFrom.Addr(), 9, uintptr(s), uintptr(unsafe.Pointer(bufs)), uintptr(bufcnt), uintptr(unsafe.Pointer(recvd)), uintptr(unsafe.Pointer(flags)), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)), uintptr(unsafe.Pointer(overlapped)), uintptr(unsafe.Pointer(croutine)))
+	if r1 == socket_error {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func WSASendTo(s Handle, bufs *WSABuf, bufcnt uint32, sent *uint32, flags uint32, to *RawSockaddrAny, tolen int32, overlapped *Overlapped, croutine *byte) (err error) {
+	r1, _, e1 := syscall.Syscall9(procWSASendTo.Addr(), 9, uintptr(s), uintptr(unsafe.Pointer(bufs)), uintptr(bufcnt), uintptr(unsafe.Pointer(sent)), uintptr(flags), uintptr(unsafe.Pointer(to)), uintptr(tolen), uintptr(unsafe.Pointer(overlapped)), uintptr(unsafe.Pointer(croutine)))
+	if r1 == socket_error {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func GetHostByName(name string) (h *Hostent, err error) {
+	var _p0 *byte
+	_p0, err = syscall.BytePtrFromString(name)
+	if err != nil {
+		return
+	}
+	return _GetHostByName(_p0)
+}
+
+func _GetHostByName(name *byte) (h *Hostent, err error) {
+	r0, _, e1 := syscall.Syscall(procgethostbyname.Addr(), 1, uintptr(unsafe.Pointer(name)), 0, 0)
+	h = (*Hostent)(unsafe.Pointer(r0))
+	if h == nil {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func GetServByName(name string, proto string) (s *Servent, err error) {
+	var _p0 *byte
+	_p0, err = syscall.BytePtrFromString(name)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = syscall.BytePtrFromString(proto)
+	if err != nil {
+		return
+	}
+	return _GetServByName(_p0, _p1)
+}
+
+func _GetServByName(name *byte, proto *byte) (s *Servent, err error) {
+	r0, _, e1 := syscall.Syscall(procgetservbyname.Addr(), 2, uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(proto)), 0)
+	s = (*Servent)(unsafe.Pointer(r0))
+	if s == nil {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func Ntohs(netshort uint16) (u uint16) {
+	r0, _, _ := syscall.Syscall(procntohs.Addr(), 1, uintptr(netshort), 0, 0)
+	u = uint16(r0)
+	return
+}
+
+func GetProtoByName(name string) (p *Protoent, err error) {
+	var _p0 *byte
+	_p0, err = syscall.BytePtrFromString(name)
+	if err != nil {
+		return
+	}
+	return _GetProtoByName(_p0)
+}
+
+func _GetProtoByName(name *byte) (p *Protoent, err error) {
+	r0, _, e1 := syscall.Syscall(procgetprotobyname.Addr(), 1, uintptr(unsafe.Pointer(name)), 0, 0)
+	p = (*Protoent)(unsafe.Pointer(r0))
+	if p == nil {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func DnsQuery(name string, qtype uint16, options uint32, extra *byte, qrs **DNSRecord, pr *byte) (status error) {
+	var _p0 *uint16
+	_p0, status = syscall.UTF16PtrFromString(name)
+	if status != nil {
+		return
+	}
+	return _DnsQuery(_p0, qtype, options, extra, qrs, pr)
+}
+
+func _DnsQuery(name *uint16, qtype uint16, options uint32, extra *byte, qrs **DNSRecord, pr *byte) (status error) {
+	r0, _, _ := syscall.Syscall6(procDnsQuery_W.Addr(), 6, uintptr(unsafe.Pointer(name)), uintptr(qtype), uintptr(options), uintptr(unsafe.Pointer(extra)), uintptr(unsafe.Pointer(qrs)), uintptr(unsafe.Pointer(pr)))
+	if r0 != 0 {
+		status = syscall.Errno(r0)
+	}
+	return
+}
+
+func DnsRecordListFree(rl *DNSRecord, freetype uint32) {
+	syscall.Syscall(procDnsRecordListFree.Addr(), 2, uintptr(unsafe.Pointer(rl)), uintptr(freetype), 0)
+	return
+}
+
+func DnsNameCompare(name1 *uint16, name2 *uint16) (same bool) {
+	r0, _, _ := syscall.Syscall(procDnsNameCompare_W.Addr(), 2, uintptr(unsafe.Pointer(name1)), uintptr(unsafe.Pointer(name2)), 0)
+	same = r0 != 0
+	return
+}
+
+func GetAddrInfoW(nodename *uint16, servicename *uint16, hints *AddrinfoW, result **AddrinfoW) (sockerr error) {
+	r0, _, _ := syscall.Syscall6(procGetAddrInfoW.Addr(), 4, uintptr(unsafe.Pointer(nodename)), uintptr(unsafe.Pointer(servicename)), uintptr(unsafe.Pointer(hints)), uintptr(unsafe.Pointer(result)), 0, 0)
+	if r0 != 0 {
+		sockerr = syscall.Errno(r0)
+	}
+	return
+}
+
+func FreeAddrInfoW(addrinfo *AddrinfoW) {
+	syscall.Syscall(procFreeAddrInfoW.Addr(), 1, uintptr(unsafe.Pointer(addrinfo)), 0, 0)
+	return
+}
+
+func GetIfEntry(pIfRow *MibIfRow) (errcode error) {
+	r0, _, _ := syscall.Syscall(procGetIfEntry.Addr(), 1, uintptr(unsafe.Pointer(pIfRow)), 0, 0)
+	if r0 != 0 {
+		errcode = syscall.Errno(r0)
+	}
+	return
+}
+
+func GetAdaptersInfo(ai *IpAdapterInfo, ol *uint32) (errcode error) {
+	r0, _, _ := syscall.Syscall(procGetAdaptersInfo.Addr(), 2, uintptr(unsafe.Pointer(ai)), uintptr(unsafe.Pointer(ol)), 0)
+	if r0 != 0 {
+		errcode = syscall.Errno(r0)
+	}
+	return
+}
+
+func SetFileCompletionNotificationModes(handle Handle, flags uint8) (err error) {
+	r1, _, e1 := syscall.Syscall(procSetFileCompletionNotificationModes.Addr(), 2, uintptr(handle), uintptr(flags), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func WSAEnumProtocols(protocols *int32, protocolBuffer *WSAProtocolInfo, bufferLength *uint32) (n int32, err error) {
+	r0, _, e1 := syscall.Syscall(procWSAEnumProtocolsW.Addr(), 3, uintptr(unsafe.Pointer(protocols)), uintptr(unsafe.Pointer(protocolBuffer)), uintptr(unsafe.Pointer(bufferLength)))
+	n = int32(r0)
+	if n == -1 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func GetAdaptersAddresses(family uint32, flags uint32, reserved uintptr, adapterAddresses *IpAdapterAddresses, sizePointer *uint32) (errcode error) {
+	r0, _, _ := syscall.Syscall6(procGetAdaptersAddresses.Addr(), 5, uintptr(family), uintptr(flags), uintptr(reserved), uintptr(unsafe.Pointer(adapterAddresses)), uintptr(unsafe.Pointer(sizePointer)), 0)
+	if r0 != 0 {
+		errcode = syscall.Errno(r0)
+	}
+	return
+}
+
+func GetACP() (acp uint32) {
+	r0, _, _ := syscall.Syscall(procGetACP.Addr(), 0, 0, 0, 0)
+	acp = uint32(r0)
+	return
+}
+
+func MultiByteToWideChar(codePage uint32, dwFlags uint32, str *byte, nstr int32, wchar *uint16, nwchar int32) (nwrite int32, err error) {
+	r0, _, e1 := syscall.Syscall6(procMultiByteToWideChar.Addr(), 6, uintptr(codePage), uintptr(dwFlags), uintptr(unsafe.Pointer(str)), uintptr(nstr), uintptr(unsafe.Pointer(wchar)), uintptr(nwchar))
+	nwrite = int32(r0)
+	if nwrite == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func TranslateName(accName *uint16, accNameFormat uint32, desiredNameFormat uint32, translatedName *uint16, nSize *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procTranslateNameW.Addr(), 5, uintptr(unsafe.Pointer(accName)), uintptr(accNameFormat), uintptr(desiredNameFormat), uintptr(unsafe.Pointer(translatedName)), uintptr(unsafe.Pointer(nSize)), 0)
+	if r1&0xff == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func GetUserNameEx(nameFormat uint32, nameBuffre *uint16, nSize *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procGetUserNameExW.Addr(), 3, uintptr(nameFormat), uintptr(unsafe.Pointer(nameBuffre)), uintptr(unsafe.Pointer(nSize)))
+	if r1&0xff == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func NetUserGetInfo(serverName *uint16, userName *uint16, level uint32, buf **byte) (neterr error) {
+	r0, _, _ := syscall.Syscall6(procNetUserGetInfo.Addr(), 4, uintptr(unsafe.Pointer(serverName)), uintptr(unsafe.Pointer(userName)), uintptr(level), uintptr(unsafe.Pointer(buf)), 0, 0)
+	if r0 != 0 {
+		neterr = syscall.Errno(r0)
+	}
+	return
+}
+
+func NetGetJoinInformation(server *uint16, name **uint16, bufType *uint32) (neterr error) {
+	r0, _, _ := syscall.Syscall(procNetGetJoinInformation.Addr(), 3, uintptr(unsafe.Pointer(server)), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(bufType)))
+	if r0 != 0 {
+		neterr = syscall.Errno(r0)
+	}
+	return
+}
+
+func NetApiBufferFree(buf *byte) (neterr error) {
+	r0, _, _ := syscall.Syscall(procNetApiBufferFree.Addr(), 1, uintptr(unsafe.Pointer(buf)), 0, 0)
+	if r0 != 0 {
+		neterr = syscall.Errno(r0)
+	}
+	return
+}
+
+func LookupAccountSid(systemName *uint16, sid *SID, name *uint16, nameLen *uint32, refdDomainName *uint16, refdDomainNameLen *uint32, use *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall9(procLookupAccountSidW.Addr(), 7, uintptr(unsafe.Pointer(systemName)), uintptr(unsafe.Pointer(sid)), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(nameLen)), uintptr(unsafe.Pointer(refdDomainName)), uintptr(unsafe.Pointer(refdDomainNameLen)), uintptr(unsafe.Pointer(use)), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func LookupAccountName(systemName *uint16, accountName *uint16, sid *SID, sidLen *uint32, refdDomainName *uint16, refdDomainNameLen *uint32, use *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall9(procLookupAccountNameW.Addr(), 7, uintptr(unsafe.Pointer(systemName)), uintptr(unsafe.Pointer(accountName)), uintptr(unsafe.Pointer(sid)), uintptr(unsafe.Pointer(sidLen)), uintptr(unsafe.Pointer(refdDomainName)), uintptr(unsafe.Pointer(refdDomainNameLen)), uintptr(unsafe.Pointer(use)), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func ConvertSidToStringSid(sid *SID, stringSid **uint16) (err error) {
+	r1, _, e1 := syscall.Syscall(procConvertSidToStringSidW.Addr(), 2, uintptr(unsafe.Pointer(sid)), uintptr(unsafe.Pointer(stringSid)), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func ConvertStringSidToSid(stringSid *uint16, sid **SID) (err error) {
+	r1, _, e1 := syscall.Syscall(procConvertStringSidToSidW.Addr(), 2, uintptr(unsafe.Pointer(stringSid)), uintptr(unsafe.Pointer(sid)), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func GetLengthSid(sid *SID) (len uint32) {
+	r0, _, _ := syscall.Syscall(procGetLengthSid.Addr(), 1, uintptr(unsafe.Pointer(sid)), 0, 0)
+	len = uint32(r0)
+	return
+}
+
+func CopySid(destSidLen uint32, destSid *SID, srcSid *SID) (err error) {
+	r1, _, e1 := syscall.Syscall(procCopySid.Addr(), 3, uintptr(destSidLen), uintptr(unsafe.Pointer(destSid)), uintptr(unsafe.Pointer(srcSid)))
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func AllocateAndInitializeSid(identAuth *SidIdentifierAuthority, subAuth byte, subAuth0 uint32, subAuth1 uint32, subAuth2 uint32, subAuth3 uint32, subAuth4 uint32, subAuth5 uint32, subAuth6 uint32, subAuth7 uint32, sid **SID) (err error) {
+	r1, _, e1 := syscall.Syscall12(procAllocateAndInitializeSid.Addr(), 11, uintptr(unsafe.Pointer(identAuth)), uintptr(subAuth), uintptr(subAuth0), uintptr(subAuth1), uintptr(subAuth2), uintptr(subAuth3), uintptr(subAuth4), uintptr(subAuth5), uintptr(subAuth6), uintptr(subAuth7), uintptr(unsafe.Pointer(sid)), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func createWellKnownSid(sidType WELL_KNOWN_SID_TYPE, domainSid *SID, sid *SID, sizeSid *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procCreateWellKnownSid.Addr(), 4, uintptr(sidType), uintptr(unsafe.Pointer(domainSid)), uintptr(unsafe.Pointer(sid)), uintptr(unsafe.Pointer(sizeSid)), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func isWellKnownSid(sid *SID, sidType WELL_KNOWN_SID_TYPE) (isWellKnown bool) {
+	r0, _, _ := syscall.Syscall(procIsWellKnownSid.Addr(), 2, uintptr(unsafe.Pointer(sid)), uintptr(sidType), 0)
+	isWellKnown = r0 != 0
+	return
+}
+
+func FreeSid(sid *SID) (err error) {
+	r1, _, e1 := syscall.Syscall(procFreeSid.Addr(), 1, uintptr(unsafe.Pointer(sid)), 0, 0)
+	if r1 != 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func EqualSid(sid1 *SID, sid2 *SID) (isEqual bool) {
+	r0, _, _ := syscall.Syscall(procEqualSid.Addr(), 2, uintptr(unsafe.Pointer(sid1)), uintptr(unsafe.Pointer(sid2)), 0)
+	isEqual = r0 != 0
+	return
+}
+
+func getSidIdentifierAuthority(sid *SID) (authority *SidIdentifierAuthority) {
+	r0, _, _ := syscall.Syscall(procGetSidIdentifierAuthority.Addr(), 1, uintptr(unsafe.Pointer(sid)), 0, 0)
+	authority = (*SidIdentifierAuthority)(unsafe.Pointer(r0))
+	return
+}
+
+func getSidSubAuthorityCount(sid *SID) (count *uint8) {
+	r0, _, _ := syscall.Syscall(procGetSidSubAuthorityCount.Addr(), 1, uintptr(unsafe.Pointer(sid)), 0, 0)
+	count = (*uint8)(unsafe.Pointer(r0))
+	return
+}
+
+func getSidSubAuthority(sid *SID, index uint32) (subAuthority *uint32) {
+	r0, _, _ := syscall.Syscall(procGetSidSubAuthority.Addr(), 2, uintptr(unsafe.Pointer(sid)), uintptr(index), 0)
+	subAuthority = (*uint32)(unsafe.Pointer(r0))
+	return
+}
+
+func isValidSid(sid *SID) (isValid bool) {
+	r0, _, _ := syscall.Syscall(procIsValidSid.Addr(), 1, uintptr(unsafe.Pointer(sid)), 0, 0)
+	isValid = r0 != 0
+	return
+}
+
+func checkTokenMembership(tokenHandle Token, sidToCheck *SID, isMember *int32) (err error) {
+	r1, _, e1 := syscall.Syscall(procCheckTokenMembership.Addr(), 3, uintptr(tokenHandle), uintptr(unsafe.Pointer(sidToCheck)), uintptr(unsafe.Pointer(isMember)))
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func OpenProcessToken(process Handle, access uint32, token *Token) (err error) {
+	r1, _, e1 := syscall.Syscall(procOpenProcessToken.Addr(), 3, uintptr(process), uintptr(access), uintptr(unsafe.Pointer(token)))
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func OpenThreadToken(thread Handle, access uint32, openAsSelf bool, token *Token) (err error) {
+	var _p0 uint32
+	if openAsSelf {
+		_p0 = 1
+	} else {
+		_p0 = 0
+	}
+	r1, _, e1 := syscall.Syscall6(procOpenThreadToken.Addr(), 4, uintptr(thread), uintptr(access), uintptr(_p0), uintptr(unsafe.Pointer(token)), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func ImpersonateSelf(impersonationlevel uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procImpersonateSelf.Addr(), 1, uintptr(impersonationlevel), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func RevertToSelf() (err error) {
+	r1, _, e1 := syscall.Syscall(procRevertToSelf.Addr(), 0, 0, 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func SetThreadToken(thread *Handle, token Token) (err error) {
+	r1, _, e1 := syscall.Syscall(procSetThreadToken.Addr(), 2, uintptr(unsafe.Pointer(thread)), uintptr(token), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func LookupPrivilegeValue(systemname *uint16, name *uint16, luid *LUID) (err error) {
+	r1, _, e1 := syscall.Syscall(procLookupPrivilegeValueW.Addr(), 3, uintptr(unsafe.Pointer(systemname)), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(luid)))
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func AdjustTokenPrivileges(token Token, disableAllPrivileges bool, newstate *Tokenprivileges, buflen uint32, prevstate *Tokenprivileges, returnlen *uint32) (err error) {
+	var _p0 uint32
+	if disableAllPrivileges {
+		_p0 = 1
+	} else {
+		_p0 = 0
+	}
+	r1, _, e1 := syscall.Syscall6(procAdjustTokenPrivileges.Addr(), 6, uintptr(token), uintptr(_p0), uintptr(unsafe.Pointer(newstate)), uintptr(buflen), uintptr(unsafe.Pointer(prevstate)), uintptr(unsafe.Pointer(returnlen)))
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func AdjustTokenGroups(token Token, resetToDefault bool, newstate *Tokengroups, buflen uint32, prevstate *Tokengroups, returnlen *uint32) (err error) {
+	var _p0 uint32
+	if resetToDefault {
+		_p0 = 1
+	} else {
+		_p0 = 0
+	}
+	r1, _, e1 := syscall.Syscall6(procAdjustTokenGroups.Addr(), 6, uintptr(token), uintptr(_p0), uintptr(unsafe.Pointer(newstate)), uintptr(buflen), uintptr(unsafe.Pointer(prevstate)), uintptr(unsafe.Pointer(returnlen)))
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func GetTokenInformation(token Token, infoClass uint32, info *byte, infoLen uint32, returnedLen *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procGetTokenInformation.Addr(), 5, uintptr(token), uintptr(infoClass), uintptr(unsafe.Pointer(info)), uintptr(infoLen), uintptr(unsafe.Pointer(returnedLen)), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func SetTokenInformation(token Token, infoClass uint32, info *byte, infoLen uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procSetTokenInformation.Addr(), 4, uintptr(token), uintptr(infoClass), uintptr(unsafe.Pointer(info)), uintptr(infoLen), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func DuplicateTokenEx(existingToken Token, desiredAccess uint32, tokenAttributes *SecurityAttributes, impersonationLevel uint32, tokenType uint32, newToken *Token) (err error) {
+	r1, _, e1 := syscall.Syscall6(procDuplicateTokenEx.Addr(), 6, uintptr(existingToken), uintptr(desiredAccess), uintptr(unsafe.Pointer(tokenAttributes)), uintptr(impersonationLevel), uintptr(tokenType), uintptr(unsafe.Pointer(newToken)))
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func GetUserProfileDirectory(t Token, dir *uint16, dirLen *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procGetUserProfileDirectoryW.Addr(), 3, uintptr(t), uintptr(unsafe.Pointer(dir)), uintptr(unsafe.Pointer(dirLen)))
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func getSystemDirectory(dir *uint16, dirLen uint32) (len uint32, err error) {
+	r0, _, e1 := syscall.Syscall(procGetSystemDirectoryW.Addr(), 2, uintptr(unsafe.Pointer(dir)), uintptr(dirLen), 0)
+	len = uint32(r0)
+	if len == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func getWindowsDirectory(dir *uint16, dirLen uint32) (len uint32, err error) {
+	r0, _, e1 := syscall.Syscall(procGetWindowsDirectoryW.Addr(), 2, uintptr(unsafe.Pointer(dir)), uintptr(dirLen), 0)
+	len = uint32(r0)
+	if len == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func getSystemWindowsDirectory(dir *uint16, dirLen uint32) (len uint32, err error) {
+	r0, _, e1 := syscall.Syscall(procGetSystemWindowsDirectoryW.Addr(), 2, uintptr(unsafe.Pointer(dir)), uintptr(dirLen), 0)
+	len = uint32(r0)
+	if len == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func WTSQueryUserToken(session uint32, token *Token) (err error) {
+	r1, _, e1 := syscall.Syscall(procWTSQueryUserToken.Addr(), 2, uintptr(session), uintptr(unsafe.Pointer(token)), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func WTSEnumerateSessions(handle Handle, reserved uint32, version uint32, sessions **WTS_SESSION_INFO, count *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procWTSEnumerateSessionsW.Addr(), 5, uintptr(handle), uintptr(reserved), uintptr(version), uintptr(unsafe.Pointer(sessions)), uintptr(unsafe.Pointer(count)), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func WTSFreeMemory(ptr uintptr) {
+	syscall.Syscall(procWTSFreeMemory.Addr(), 1, uintptr(ptr), 0, 0)
+	return
+}
+
+func getSecurityInfo(handle Handle, objectType SE_OBJECT_TYPE, securityInformation SECURITY_INFORMATION, owner **SID, group **SID, dacl **ACL, sacl **ACL, sd **SECURITY_DESCRIPTOR) (ret error) {
+	r0, _, _ := syscall.Syscall9(procGetSecurityInfo.Addr(), 8, uintptr(handle), uintptr(objectType), uintptr(securityInformation), uintptr(unsafe.Pointer(owner)), uintptr(unsafe.Pointer(group)), uintptr(unsafe.Pointer(dacl)), uintptr(unsafe.Pointer(sacl)), uintptr(unsafe.Pointer(sd)), 0)
+	if r0 != 0 {
+		ret = syscall.Errno(r0)
+	}
+	return
+}
+
+func SetSecurityInfo(handle Handle, objectType SE_OBJECT_TYPE, securityInformation SECURITY_INFORMATION, owner *SID, group *SID, dacl *ACL, sacl *ACL) {
+	syscall.Syscall9(procSetSecurityInfo.Addr(), 7, uintptr(handle), uintptr(objectType), uintptr(securityInformation), uintptr(unsafe.Pointer(owner)), uintptr(unsafe.Pointer(group)), uintptr(unsafe.Pointer(dacl)), uintptr(unsafe.Pointer(sacl)), 0, 0)
+	return
+}
+
+func getNamedSecurityInfo(objectName string, objectType SE_OBJECT_TYPE, securityInformation SECURITY_INFORMATION, owner **SID, group **SID, dacl **ACL, sacl **ACL, sd **SECURITY_DESCRIPTOR) (ret error) {
+	var _p0 *uint16
+	_p0, ret = syscall.UTF16PtrFromString(objectName)
+	if ret != nil {
+		return
+	}
+	return _getNamedSecurityInfo(_p0, objectType, securityInformation, owner, group, dacl, sacl, sd)
+}
+
+func _getNamedSecurityInfo(objectName *uint16, objectType SE_OBJECT_TYPE, securityInformation SECURITY_INFORMATION, owner **SID, group **SID, dacl **ACL, sacl **ACL, sd **SECURITY_DESCRIPTOR) (ret error) {
+	r0, _, _ := syscall.Syscall9(procGetNamedSecurityInfoW.Addr(), 8, uintptr(unsafe.Pointer(objectName)), uintptr(objectType), uintptr(securityInformation), uintptr(unsafe.Pointer(owner)), uintptr(unsafe.Pointer(group)), uintptr(unsafe.Pointer(dacl)), uintptr(unsafe.Pointer(sacl)), uintptr(unsafe.Pointer(sd)), 0)
+	if r0 != 0 {
+		ret = syscall.Errno(r0)
+	}
+	return
+}
+
+func SetNamedSecurityInfo(objectName string, objectType SE_OBJECT_TYPE, securityInformation SECURITY_INFORMATION, owner *SID, group *SID, dacl *ACL, sacl *ACL) (ret error) {
+	var _p0 *uint16
+	_p0, ret = syscall.UTF16PtrFromString(objectName)
+	if ret != nil {
+		return
+	}
+	return _SetNamedSecurityInfo(_p0, objectType, securityInformation, owner, group, dacl, sacl)
+}
+
+func _SetNamedSecurityInfo(objectName *uint16, objectType SE_OBJECT_TYPE, securityInformation SECURITY_INFORMATION, owner *SID, group *SID, dacl *ACL, sacl *ACL) (ret error) {
+	r0, _, _ := syscall.Syscall9(procSetNamedSecurityInfoW.Addr(), 7, uintptr(unsafe.Pointer(objectName)), uintptr(objectType), uintptr(securityInformation), uintptr(unsafe.Pointer(owner)), uintptr(unsafe.Pointer(group)), uintptr(unsafe.Pointer(dacl)), uintptr(unsafe.Pointer(sacl)), 0, 0)
+	if r0 != 0 {
+		ret = syscall.Errno(r0)
+	}
+	return
+}
+
+func buildSecurityDescriptor(owner *TRUSTEE, group *TRUSTEE, countAccessEntries uint32, accessEntries *EXPLICIT_ACCESS, countAuditEntries uint32, auditEntries *EXPLICIT_ACCESS, oldSecurityDescriptor *SECURITY_DESCRIPTOR, sizeNewSecurityDescriptor *uint32, newSecurityDescriptor **SECURITY_DESCRIPTOR) (ret error) {
+	r0, _, _ := syscall.Syscall9(procBuildSecurityDescriptorW.Addr(), 9, uintptr(unsafe.Pointer(owner)), uintptr(unsafe.Pointer(group)), uintptr(countAccessEntries), uintptr(unsafe.Pointer(accessEntries)), uintptr(countAuditEntries), uintptr(unsafe.Pointer(auditEntries)), uintptr(unsafe.Pointer(oldSecurityDescriptor)), uintptr(unsafe.Pointer(sizeNewSecurityDescriptor)), uintptr(unsafe.Pointer(newSecurityDescriptor)))
+	if r0 != 0 {
+		ret = syscall.Errno(r0)
+	}
+	return
+}
+
+func initializeSecurityDescriptor(absoluteSD *SECURITY_DESCRIPTOR, revision uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procInitializeSecurityDescriptor.Addr(), 2, uintptr(unsafe.Pointer(absoluteSD)), uintptr(revision), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func getSecurityDescriptorControl(sd *SECURITY_DESCRIPTOR, control *SECURITY_DESCRIPTOR_CONTROL, revision *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procGetSecurityDescriptorControl.Addr(), 3, uintptr(unsafe.Pointer(sd)), uintptr(unsafe.Pointer(control)), uintptr(unsafe.Pointer(revision)))
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func getSecurityDescriptorDacl(sd *SECURITY_DESCRIPTOR, daclPresent *bool, dacl **ACL, daclDefaulted *bool) (err error) {
+	var _p0 uint32
+	if *daclPresent {
+		_p0 = 1
+	} else {
+		_p0 = 0
+	}
+	var _p1 uint32
+	if *daclDefaulted {
+		_p1 = 1
+	} else {
+		_p1 = 0
+	}
+	r1, _, e1 := syscall.Syscall6(procGetSecurityDescriptorDacl.Addr(), 4, uintptr(unsafe.Pointer(sd)), uintptr(unsafe.Pointer(&_p0)), uintptr(unsafe.Pointer(dacl)), uintptr(unsafe.Pointer(&_p1)), 0, 0)
+	*daclPresent = _p0 != 0
+	*daclDefaulted = _p1 != 0
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func getSecurityDescriptorSacl(sd *SECURITY_DESCRIPTOR, saclPresent *bool, sacl **ACL, saclDefaulted *bool) (err error) {
+	var _p0 uint32
+	if *saclPresent {
+		_p0 = 1
+	} else {
+		_p0 = 0
+	}
+	var _p1 uint32
+	if *saclDefaulted {
+		_p1 = 1
+	} else {
+		_p1 = 0
+	}
+	r1, _, e1 := syscall.Syscall6(procGetSecurityDescriptorSacl.Addr(), 4, uintptr(unsafe.Pointer(sd)), uintptr(unsafe.Pointer(&_p0)), uintptr(unsafe.Pointer(sacl)), uintptr(unsafe.Pointer(&_p1)), 0, 0)
+	*saclPresent = _p0 != 0
+	*saclDefaulted = _p1 != 0
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func getSecurityDescriptorOwner(sd *SECURITY_DESCRIPTOR, owner **SID, ownerDefaulted *bool) (err error) {
+	var _p0 uint32
+	if *ownerDefaulted {
+		_p0 = 1
+	} else {
+		_p0 = 0
+	}
+	r1, _, e1 := syscall.Syscall(procGetSecurityDescriptorOwner.Addr(), 3, uintptr(unsafe.Pointer(sd)), uintptr(unsafe.Pointer(owner)), uintptr(unsafe.Pointer(&_p0)))
+	*ownerDefaulted = _p0 != 0
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func getSecurityDescriptorGroup(sd *SECURITY_DESCRIPTOR, group **SID, groupDefaulted *bool) (err error) {
+	var _p0 uint32
+	if *groupDefaulted {
+		_p0 = 1
+	} else {
+		_p0 = 0
+	}
+	r1, _, e1 := syscall.Syscall(procGetSecurityDescriptorGroup.Addr(), 3, uintptr(unsafe.Pointer(sd)), uintptr(unsafe.Pointer(group)), uintptr(unsafe.Pointer(&_p0)))
+	*groupDefaulted = _p0 != 0
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func getSecurityDescriptorLength(sd *SECURITY_DESCRIPTOR) (len uint32) {
+	r0, _, _ := syscall.Syscall(procGetSecurityDescriptorLength.Addr(), 1, uintptr(unsafe.Pointer(sd)), 0, 0)
+	len = uint32(r0)
+	return
+}
+
+func getSecurityDescriptorRMControl(sd *SECURITY_DESCRIPTOR, rmControl *uint8) (ret error) {
+	r0, _, _ := syscall.Syscall(procGetSecurityDescriptorRMControl.Addr(), 2, uintptr(unsafe.Pointer(sd)), uintptr(unsafe.Pointer(rmControl)), 0)
+	if r0 != 0 {
+		ret = syscall.Errno(r0)
+	}
+	return
+}
+
+func isValidSecurityDescriptor(sd *SECURITY_DESCRIPTOR) (isValid bool) {
+	r0, _, _ := syscall.Syscall(procIsValidSecurityDescriptor.Addr(), 1, uintptr(unsafe.Pointer(sd)), 0, 0)
+	isValid = r0 != 0
+	return
+}
+
+func setSecurityDescriptorControl(sd *SECURITY_DESCRIPTOR, controlBitsOfInterest SECURITY_DESCRIPTOR_CONTROL, controlBitsToSet SECURITY_DESCRIPTOR_CONTROL) (err error) {
+	r1, _, e1 := syscall.Syscall(procSetSecurityDescriptorControl.Addr(), 3, uintptr(unsafe.Pointer(sd)), uintptr(controlBitsOfInterest), uintptr(controlBitsToSet))
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func setSecurityDescriptorDacl(sd *SECURITY_DESCRIPTOR, daclPresent bool, dacl *ACL, daclDefaulted bool) (err error) {
+	var _p0 uint32
+	if daclPresent {
+		_p0 = 1
+	} else {
+		_p0 = 0
+	}
+	var _p1 uint32
+	if daclDefaulted {
+		_p1 = 1
+	} else {
+		_p1 = 0
+	}
+	r1, _, e1 := syscall.Syscall6(procSetSecurityDescriptorDacl.Addr(), 4, uintptr(unsafe.Pointer(sd)), uintptr(_p0), uintptr(unsafe.Pointer(dacl)), uintptr(_p1), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func setSecurityDescriptorSacl(sd *SECURITY_DESCRIPTOR, saclPresent bool, sacl *ACL, saclDefaulted bool) (err error) {
+	var _p0 uint32
+	if saclPresent {
+		_p0 = 1
+	} else {
+		_p0 = 0
+	}
+	var _p1 uint32
+	if saclDefaulted {
+		_p1 = 1
+	} else {
+		_p1 = 0
+	}
+	r1, _, e1 := syscall.Syscall6(procSetSecurityDescriptorSacl.Addr(), 4, uintptr(unsafe.Pointer(sd)), uintptr(_p0), uintptr(unsafe.Pointer(sacl)), uintptr(_p1), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func setSecurityDescriptorOwner(sd *SECURITY_DESCRIPTOR, owner *SID, ownerDefaulted bool) (err error) {
+	var _p0 uint32
+	if ownerDefaulted {
+		_p0 = 1
+	} else {
+		_p0 = 0
+	}
+	r1, _, e1 := syscall.Syscall(procSetSecurityDescriptorOwner.Addr(), 3, uintptr(unsafe.Pointer(sd)), uintptr(unsafe.Pointer(owner)), uintptr(_p0))
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func setSecurityDescriptorGroup(sd *SECURITY_DESCRIPTOR, group *SID, groupDefaulted bool) (err error) {
+	var _p0 uint32
+	if groupDefaulted {
+		_p0 = 1
+	} else {
+		_p0 = 0
+	}
+	r1, _, e1 := syscall.Syscall(procSetSecurityDescriptorGroup.Addr(), 3, uintptr(unsafe.Pointer(sd)), uintptr(unsafe.Pointer(group)), uintptr(_p0))
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func setSecurityDescriptorRMControl(sd *SECURITY_DESCRIPTOR, rmControl *uint8) {
+	syscall.Syscall(procSetSecurityDescriptorRMControl.Addr(), 2, uintptr(unsafe.Pointer(sd)), uintptr(unsafe.Pointer(rmControl)), 0)
+	return
+}
+
+func convertStringSecurityDescriptorToSecurityDescriptor(str string, revision uint32, sd **SECURITY_DESCRIPTOR, size *uint32) (err error) {
+	var _p0 *uint16
+	_p0, err = syscall.UTF16PtrFromString(str)
+	if err != nil {
+		return
+	}
+	return _convertStringSecurityDescriptorToSecurityDescriptor(_p0, revision, sd, size)
+}
+
+func _convertStringSecurityDescriptorToSecurityDescriptor(str *uint16, revision uint32, sd **SECURITY_DESCRIPTOR, size *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procConvertStringSecurityDescriptorToSecurityDescriptorW.Addr(), 4, uintptr(unsafe.Pointer(str)), uintptr(revision), uintptr(unsafe.Pointer(sd)), uintptr(unsafe.Pointer(size)), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func convertSecurityDescriptorToStringSecurityDescriptor(sd *SECURITY_DESCRIPTOR, revision uint32, securityInformation SECURITY_INFORMATION, str **uint16, strLen *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procConvertSecurityDescriptorToStringSecurityDescriptorW.Addr(), 5, uintptr(unsafe.Pointer(sd)), uintptr(revision), uintptr(securityInformation), uintptr(unsafe.Pointer(str)), uintptr(unsafe.Pointer(strLen)), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func makeAbsoluteSD(selfRelativeSD *SECURITY_DESCRIPTOR, absoluteSD *SECURITY_DESCRIPTOR, absoluteSDSize *uint32, dacl *ACL, daclSize *uint32, sacl *ACL, saclSize *uint32, owner *SID, ownerSize *uint32, group *SID, groupSize *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall12(procMakeAbsoluteSD.Addr(), 11, uintptr(unsafe.Pointer(selfRelativeSD)), uintptr(unsafe.Pointer(absoluteSD)), uintptr(unsafe.Pointer(absoluteSDSize)), uintptr(unsafe.Pointer(dacl)), uintptr(unsafe.Pointer(daclSize)), uintptr(unsafe.Pointer(sacl)), uintptr(unsafe.Pointer(saclSize)), uintptr(unsafe.Pointer(owner)), uintptr(unsafe.Pointer(ownerSize)), uintptr(unsafe.Pointer(group)), uintptr(unsafe.Pointer(groupSize)), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func makeSelfRelativeSD(absoluteSD *SECURITY_DESCRIPTOR, selfRelativeSD *SECURITY_DESCRIPTOR, selfRelativeSDSize *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procMakeSelfRelativeSD.Addr(), 3, uintptr(unsafe.Pointer(absoluteSD)), uintptr(unsafe.Pointer(selfRelativeSD)), uintptr(unsafe.Pointer(selfRelativeSDSize)))
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func setEntriesInAcl(countExplicitEntries uint32, explicitEntries *EXPLICIT_ACCESS, oldACL *ACL, newACL **ACL) (ret error) {
+	r0, _, _ := syscall.Syscall6(procSetEntriesInAclW.Addr(), 4, uintptr(countExplicitEntries), uintptr(unsafe.Pointer(explicitEntries)), uintptr(unsafe.Pointer(oldACL)), uintptr(unsafe.Pointer(newACL)), 0, 0)
+	if r0 != 0 {
+		ret = syscall.Errno(r0)
+	}
+	return
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/xerrors/LICENSE b/trunk/3rdparty/srs-bench/vendor/golang.org/x/xerrors/LICENSE
new file mode 100644
index 000000000..e4a47e17f
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/xerrors/LICENSE
@@ -0,0 +1,27 @@
+Copyright (c) 2019 The Go Authors. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+   * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/xerrors/PATENTS b/trunk/3rdparty/srs-bench/vendor/golang.org/x/xerrors/PATENTS
new file mode 100644
index 000000000..733099041
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/xerrors/PATENTS
@@ -0,0 +1,22 @@
+Additional IP Rights Grant (Patents)
+
+"This implementation" means the copyrightable works distributed by
+Google as part of the Go project.
+
+Google hereby grants to You a perpetual, worldwide, non-exclusive,
+no-charge, royalty-free, irrevocable (except as stated in this section)
+patent license to make, have made, use, offer to sell, sell, import,
+transfer and otherwise run, modify and propagate the contents of this
+implementation of Go, where such license applies only to those patent
+claims, both currently owned or controlled by Google and acquired in
+the future, licensable by Google that are necessarily infringed by this
+implementation of Go.  This grant does not include claims that would be
+infringed only as a consequence of further modification of this
+implementation.  If you or your agent or exclusive licensee institute or
+order or agree to the institution of patent litigation against any
+entity (including a cross-claim or counterclaim in a lawsuit) alleging
+that this implementation of Go or any code incorporated within this
+implementation of Go constitutes direct or contributory patent
+infringement, or inducement of patent infringement, then any patent
+rights granted to you under this License for this implementation of Go
+shall terminate as of the date such litigation is filed.
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/xerrors/README b/trunk/3rdparty/srs-bench/vendor/golang.org/x/xerrors/README
new file mode 100644
index 000000000..aac7867a5
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/xerrors/README
@@ -0,0 +1,2 @@
+This repository holds the transition packages for the new Go 1.13 error values.
+See golang.org/design/29934-error-values.
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/xerrors/adaptor.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/xerrors/adaptor.go
new file mode 100644
index 000000000..4317f2483
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/xerrors/adaptor.go
@@ -0,0 +1,193 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package xerrors
+
+import (
+	"bytes"
+	"fmt"
+	"io"
+	"reflect"
+	"strconv"
+)
+
+// FormatError calls the FormatError method of f with an errors.Printer
+// configured according to s and verb, and writes the result to s.
+func FormatError(f Formatter, s fmt.State, verb rune) {
+	// Assuming this function is only called from the Format method, and given
+	// that FormatError takes precedence over Format, it cannot be called from
+	// any package that supports errors.Formatter. It is therefore safe to
+	// disregard that State may be a specific printer implementation and use one
+	// of our choice instead.
+
+	// limitations: does not support printing error as Go struct.
+
+	var (
+		sep    = " " // separator before next error
+		p      = &state{State: s}
+		direct = true
+	)
+
+	var err error = f
+
+	switch verb {
+	// Note that this switch must match the preference order
+	// for ordinary string printing (%#v before %+v, and so on).
+
+	case 'v':
+		if s.Flag('#') {
+			if stringer, ok := err.(fmt.GoStringer); ok {
+				io.WriteString(&p.buf, stringer.GoString())
+				goto exit
+			}
+			// proceed as if it were %v
+		} else if s.Flag('+') {
+			p.printDetail = true
+			sep = "\n  - "
+		}
+	case 's':
+	case 'q', 'x', 'X':
+		// Use an intermediate buffer in the rare cases that precision,
+		// truncation, or one of the alternative verbs (q, x, and X) are
+		// specified.
+		direct = false
+
+	default:
+		p.buf.WriteString("%!")
+		p.buf.WriteRune(verb)
+		p.buf.WriteByte('(')
+		switch {
+		case err != nil:
+			p.buf.WriteString(reflect.TypeOf(f).String())
+		default:
+			p.buf.WriteString("<nil>")
+		}
+		p.buf.WriteByte(')')
+		io.Copy(s, &p.buf)
+		return
+	}
+
+loop:
+	for {
+		switch v := err.(type) {
+		case Formatter:
+			err = v.FormatError((*printer)(p))
+		case fmt.Formatter:
+			v.Format(p, 'v')
+			break loop
+		default:
+			io.WriteString(&p.buf, v.Error())
+			break loop
+		}
+		if err == nil {
+			break
+		}
+		if p.needColon || !p.printDetail {
+			p.buf.WriteByte(':')
+			p.needColon = false
+		}
+		p.buf.WriteString(sep)
+		p.inDetail = false
+		p.needNewline = false
+	}
+
+exit:
+	width, okW := s.Width()
+	prec, okP := s.Precision()
+
+	if !direct || (okW && width > 0) || okP {
+		// Construct format string from State s.
+		format := []byte{'%'}
+		if s.Flag('-') {
+			format = append(format, '-')
+		}
+		if s.Flag('+') {
+			format = append(format, '+')
+		}
+		if s.Flag(' ') {
+			format = append(format, ' ')
+		}
+		if okW {
+			format = strconv.AppendInt(format, int64(width), 10)
+		}
+		if okP {
+			format = append(format, '.')
+			format = strconv.AppendInt(format, int64(prec), 10)
+		}
+		format = append(format, string(verb)...)
+		fmt.Fprintf(s, string(format), p.buf.String())
+	} else {
+		io.Copy(s, &p.buf)
+	}
+}
+
+var detailSep = []byte("\n    ")
+
+// state tracks error printing state. It implements fmt.State.
+type state struct {
+	fmt.State
+	buf bytes.Buffer
+
+	printDetail bool
+	inDetail    bool
+	needColon   bool
+	needNewline bool
+}
+
+func (s *state) Write(b []byte) (n int, err error) {
+	if s.printDetail {
+		if len(b) == 0 {
+			return 0, nil
+		}
+		if s.inDetail && s.needColon {
+			s.needNewline = true
+			if b[0] == '\n' {
+				b = b[1:]
+			}
+		}
+		k := 0
+		for i, c := range b {
+			if s.needNewline {
+				if s.inDetail && s.needColon {
+					s.buf.WriteByte(':')
+					s.needColon = false
+				}
+				s.buf.Write(detailSep)
+				s.needNewline = false
+			}
+			if c == '\n' {
+				s.buf.Write(b[k:i])
+				k = i + 1
+				s.needNewline = true
+			}
+		}
+		s.buf.Write(b[k:])
+		if !s.inDetail {
+			s.needColon = true
+		}
+	} else if !s.inDetail {
+		s.buf.Write(b)
+	}
+	return len(b), nil
+}
+
+// printer wraps a state to implement an xerrors.Printer.
+type printer state
+
+func (s *printer) Print(args ...interface{}) {
+	if !s.inDetail || s.printDetail {
+		fmt.Fprint((*state)(s), args...)
+	}
+}
+
+func (s *printer) Printf(format string, args ...interface{}) {
+	if !s.inDetail || s.printDetail {
+		fmt.Fprintf((*state)(s), format, args...)
+	}
+}
+
+func (s *printer) Detail() bool {
+	s.inDetail = true
+	return s.printDetail
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/xerrors/codereview.cfg b/trunk/3rdparty/srs-bench/vendor/golang.org/x/xerrors/codereview.cfg
new file mode 100644
index 000000000..3f8b14b64
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/xerrors/codereview.cfg
@@ -0,0 +1 @@
+issuerepo: golang/go
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/xerrors/doc.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/xerrors/doc.go
new file mode 100644
index 000000000..eef99d9d5
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/xerrors/doc.go
@@ -0,0 +1,22 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package xerrors implements functions to manipulate errors.
+//
+// This package is based on the Go 2 proposal for error values:
+//   https://golang.org/design/29934-error-values
+//
+// These functions were incorporated into the standard library's errors package
+// in Go 1.13:
+// - Is
+// - As
+// - Unwrap
+//
+// Also, Errorf's %w verb was incorporated into fmt.Errorf.
+//
+// Use this package to get equivalent behavior in all supported Go versions.
+//
+// No other features of this package were included in Go 1.13, and at present
+// there are no plans to include any of them.
+package xerrors // import "golang.org/x/xerrors"
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/xerrors/errors.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/xerrors/errors.go
new file mode 100644
index 000000000..e88d3772d
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/xerrors/errors.go
@@ -0,0 +1,33 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package xerrors
+
+import "fmt"
+
+// errorString is a trivial implementation of error.
+type errorString struct {
+	s     string
+	frame Frame
+}
+
+// New returns an error that formats as the given text.
+//
+// The returned error contains a Frame set to the caller's location and
+// implements Formatter to show this information when printed with details.
+func New(text string) error {
+	return &errorString{text, Caller(1)}
+}
+
+func (e *errorString) Error() string {
+	return e.s
+}
+
+func (e *errorString) Format(s fmt.State, v rune) { FormatError(e, s, v) }
+
+func (e *errorString) FormatError(p Printer) (next error) {
+	p.Print(e.s)
+	e.frame.Format(p)
+	return nil
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/xerrors/fmt.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/xerrors/fmt.go
new file mode 100644
index 000000000..829862ddf
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/xerrors/fmt.go
@@ -0,0 +1,187 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package xerrors
+
+import (
+	"fmt"
+	"strings"
+	"unicode"
+	"unicode/utf8"
+
+	"golang.org/x/xerrors/internal"
+)
+
+const percentBangString = "%!"
+
+// Errorf formats according to a format specifier and returns the string as a
+// value that satisfies error.
+//
+// The returned error includes the file and line number of the caller when
+// formatted with additional detail enabled. If the last argument is an error
+// the returned error's Format method will return it if the format string ends
+// with ": %s", ": %v", or ": %w". If the last argument is an error and the
+// format string ends with ": %w", the returned error implements an Unwrap
+// method returning it.
+//
+// If the format specifier includes a %w verb with an error operand in a
+// position other than at the end, the returned error will still implement an
+// Unwrap method returning the operand, but the error's Format method will not
+// return the wrapped error.
+//
+// It is invalid to include more than one %w verb or to supply it with an
+// operand that does not implement the error interface. The %w verb is otherwise
+// a synonym for %v.
+func Errorf(format string, a ...interface{}) error {
+	format = formatPlusW(format)
+	// Support a ": %[wsv]" suffix, which works well with xerrors.Formatter.
+	wrap := strings.HasSuffix(format, ": %w")
+	idx, format2, ok := parsePercentW(format)
+	percentWElsewhere := !wrap && idx >= 0
+	if !percentWElsewhere && (wrap || strings.HasSuffix(format, ": %s") || strings.HasSuffix(format, ": %v")) {
+		err := errorAt(a, len(a)-1)
+		if err == nil {
+			return &noWrapError{fmt.Sprintf(format, a...), nil, Caller(1)}
+		}
+		// TODO: this is not entirely correct. The error value could be
+		// printed elsewhere in format if it mixes numbered with unnumbered
+		// substitutions. With relatively small changes to doPrintf we can
+		// have it optionally ignore extra arguments and pass the argument
+		// list in its entirety.
+		msg := fmt.Sprintf(format[:len(format)-len(": %s")], a[:len(a)-1]...)
+		frame := Frame{}
+		if internal.EnableTrace {
+			frame = Caller(1)
+		}
+		if wrap {
+			return &wrapError{msg, err, frame}
+		}
+		return &noWrapError{msg, err, frame}
+	}
+	// Support %w anywhere.
+	// TODO: don't repeat the wrapped error's message when %w occurs in the middle.
+	msg := fmt.Sprintf(format2, a...)
+	if idx < 0 {
+		return &noWrapError{msg, nil, Caller(1)}
+	}
+	err := errorAt(a, idx)
+	if !ok || err == nil {
+		// Too many %ws or argument of %w is not an error. Approximate the Go
+		// 1.13 fmt.Errorf message.
+		return &noWrapError{fmt.Sprintf("%sw(%s)", percentBangString, msg), nil, Caller(1)}
+	}
+	frame := Frame{}
+	if internal.EnableTrace {
+		frame = Caller(1)
+	}
+	return &wrapError{msg, err, frame}
+}
+
+func errorAt(args []interface{}, i int) error {
+	if i < 0 || i >= len(args) {
+		return nil
+	}
+	err, ok := args[i].(error)
+	if !ok {
+		return nil
+	}
+	return err
+}
+
+// formatPlusW is used to avoid the vet check that will barf at %w.
+func formatPlusW(s string) string {
+	return s
+}
+
+// Return the index of the only %w in format, or -1 if none.
+// Also return a rewritten format string with %w replaced by %v, and
+// false if there is more than one %w.
+// TODO: handle "%[N]w".
+func parsePercentW(format string) (idx int, newFormat string, ok bool) {
+	// Loosely copied from golang.org/x/tools/go/analysis/passes/printf/printf.go.
+	idx = -1
+	ok = true
+	n := 0
+	sz := 0
+	var isW bool
+	for i := 0; i < len(format); i += sz {
+		if format[i] != '%' {
+			sz = 1
+			continue
+		}
+		// "%%" is not a format directive.
+		if i+1 < len(format) && format[i+1] == '%' {
+			sz = 2
+			continue
+		}
+		sz, isW = parsePrintfVerb(format[i:])
+		if isW {
+			if idx >= 0 {
+				ok = false
+			} else {
+				idx = n
+			}
+			// "Replace" the last character, the 'w', with a 'v'.
+			p := i + sz - 1
+			format = format[:p] + "v" + format[p+1:]
+		}
+		n++
+	}
+	return idx, format, ok
+}
+
+// Parse the printf verb starting with a % at s[0].
+// Return how many bytes it occupies and whether the verb is 'w'.
+func parsePrintfVerb(s string) (int, bool) {
+	// Assume only that the directive is a sequence of non-letters followed by a single letter.
+	sz := 0
+	var r rune
+	for i := 1; i < len(s); i += sz {
+		r, sz = utf8.DecodeRuneInString(s[i:])
+		if unicode.IsLetter(r) {
+			return i + sz, r == 'w'
+		}
+	}
+	return len(s), false
+}
+
+type noWrapError struct {
+	msg   string
+	err   error
+	frame Frame
+}
+
+func (e *noWrapError) Error() string {
+	return fmt.Sprint(e)
+}
+
+func (e *noWrapError) Format(s fmt.State, v rune) { FormatError(e, s, v) }
+
+func (e *noWrapError) FormatError(p Printer) (next error) {
+	p.Print(e.msg)
+	e.frame.Format(p)
+	return e.err
+}
+
+type wrapError struct {
+	msg   string
+	err   error
+	frame Frame
+}
+
+func (e *wrapError) Error() string {
+	return fmt.Sprint(e)
+}
+
+func (e *wrapError) Format(s fmt.State, v rune) { FormatError(e, s, v) }
+
+func (e *wrapError) FormatError(p Printer) (next error) {
+	p.Print(e.msg)
+	e.frame.Format(p)
+	return e.err
+}
+
+func (e *wrapError) Unwrap() error {
+	return e.err
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/xerrors/format.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/xerrors/format.go
new file mode 100644
index 000000000..1bc9c26b9
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/xerrors/format.go
@@ -0,0 +1,34 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package xerrors
+
+// A Formatter formats error messages.
+type Formatter interface {
+	error
+
+	// FormatError prints the receiver's first error and returns the next error in
+	// the error chain, if any.
+	FormatError(p Printer) (next error)
+}
+
+// A Printer formats error messages.
+//
+// The most common implementation of Printer is the one provided by package fmt
+// during Printf (as of Go 1.13). Localization packages such as golang.org/x/text/message
+// typically provide their own implementations.
+type Printer interface {
+	// Print appends args to the message output.
+	Print(args ...interface{})
+
+	// Printf writes a formatted string.
+	Printf(format string, args ...interface{})
+
+	// Detail reports whether error detail is requested.
+	// After the first call to Detail, all text written to the Printer
+	// is formatted as additional detail, or ignored when
+	// detail has not been requested.
+	// If Detail returns false, the caller can avoid printing the detail at all.
+	Detail() bool
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/xerrors/frame.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/xerrors/frame.go
new file mode 100644
index 000000000..0de628ec5
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/xerrors/frame.go
@@ -0,0 +1,56 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package xerrors
+
+import (
+	"runtime"
+)
+
+// A Frame contains part of a call stack.
+type Frame struct {
+	// Make room for three PCs: the one we were asked for, what it called,
+	// and possibly a PC for skipPleaseUseCallersFrames. See:
+	// https://go.googlesource.com/go/+/032678e0fb/src/runtime/extern.go#169
+	frames [3]uintptr
+}
+
+// Caller returns a Frame that describes a frame on the caller's stack.
+// The argument skip is the number of frames to skip over.
+// Caller(0) returns the frame for the caller of Caller.
+func Caller(skip int) Frame {
+	var s Frame
+	runtime.Callers(skip+1, s.frames[:])
+	return s
+}
+
+// location reports the file, line, and function of a frame.
+//
+// The returned function may be "" even if file and line are not.
+func (f Frame) location() (function, file string, line int) {
+	frames := runtime.CallersFrames(f.frames[:])
+	if _, ok := frames.Next(); !ok {
+		return "", "", 0
+	}
+	fr, ok := frames.Next()
+	if !ok {
+		return "", "", 0
+	}
+	return fr.Function, fr.File, fr.Line
+}
+
+// Format prints the stack as error detail.
+// It should be called from an error's Format implementation
+// after printing any other error detail.
+func (f Frame) Format(p Printer) {
+	if p.Detail() {
+		function, file, line := f.location()
+		if function != "" {
+			p.Printf("%s\n    ", function)
+		}
+		if file != "" {
+			p.Printf("%s:%d\n", file, line)
+		}
+	}
+}
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/xerrors/go.mod b/trunk/3rdparty/srs-bench/vendor/golang.org/x/xerrors/go.mod
new file mode 100644
index 000000000..870d4f612
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/xerrors/go.mod
@@ -0,0 +1,3 @@
+module golang.org/x/xerrors
+
+go 1.11
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/xerrors/internal/internal.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/xerrors/internal/internal.go
new file mode 100644
index 000000000..89f4eca5d
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/xerrors/internal/internal.go
@@ -0,0 +1,8 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package internal
+
+// EnableTrace indicates whether stack information should be recorded in errors.
+var EnableTrace = true
diff --git a/trunk/3rdparty/srs-bench/vendor/golang.org/x/xerrors/wrap.go b/trunk/3rdparty/srs-bench/vendor/golang.org/x/xerrors/wrap.go
new file mode 100644
index 000000000..9a3b51037
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/golang.org/x/xerrors/wrap.go
@@ -0,0 +1,106 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package xerrors
+
+import (
+	"reflect"
+)
+
+// A Wrapper provides context around another error.
+type Wrapper interface {
+	// Unwrap returns the next error in the error chain.
+	// If there is no next error, Unwrap returns nil.
+	Unwrap() error
+}
+
+// Opaque returns an error with the same error formatting as err
+// but that does not match err and cannot be unwrapped.
+func Opaque(err error) error {
+	return noWrapper{err}
+}
+
+type noWrapper struct {
+	error
+}
+
+func (e noWrapper) FormatError(p Printer) (next error) {
+	if f, ok := e.error.(Formatter); ok {
+		return f.FormatError(p)
+	}
+	p.Print(e.error)
+	return nil
+}
+
+// Unwrap returns the result of calling the Unwrap method on err, if err implements
+// Unwrap. Otherwise, Unwrap returns nil.
+func Unwrap(err error) error {
+	u, ok := err.(Wrapper)
+	if !ok {
+		return nil
+	}
+	return u.Unwrap()
+}
+
+// Is reports whether any error in err's chain matches target.
+//
+// An error is considered to match a target if it is equal to that target or if
+// it implements a method Is(error) bool such that Is(target) returns true.
+func Is(err, target error) bool {
+	if target == nil {
+		return err == target
+	}
+
+	isComparable := reflect.TypeOf(target).Comparable()
+	for {
+		if isComparable && err == target {
+			return true
+		}
+		if x, ok := err.(interface{ Is(error) bool }); ok && x.Is(target) {
+			return true
+		}
+		// TODO: consider supporing target.Is(err). This would allow
+		// user-definable predicates, but also may allow for coping with sloppy
+		// APIs, thereby making it easier to get away with them.
+		if err = Unwrap(err); err == nil {
+			return false
+		}
+	}
+}
+
+// As finds the first error in err's chain that matches the type to which target
+// points, and if so, sets the target to its value and returns true. An error
+// matches a type if it is assignable to the target type, or if it has a method
+// As(interface{}) bool such that As(target) returns true. As will panic if target
+// is not a non-nil pointer to a type which implements error or is of interface type.
+//
+// The As method should set the target to its value and return true if err
+// matches the type to which target points.
+func As(err error, target interface{}) bool {
+	if target == nil {
+		panic("errors: target cannot be nil")
+	}
+	val := reflect.ValueOf(target)
+	typ := val.Type()
+	if typ.Kind() != reflect.Ptr || val.IsNil() {
+		panic("errors: target must be a non-nil pointer")
+	}
+	if e := typ.Elem(); e.Kind() != reflect.Interface && !e.Implements(errorType) {
+		panic("errors: *target must be interface or implement error")
+	}
+	targetType := typ.Elem()
+	for err != nil {
+		if reflect.TypeOf(err).AssignableTo(targetType) {
+			val.Elem().Set(reflect.ValueOf(err))
+			return true
+		}
+		if x, ok := err.(interface{ As(interface{}) bool }); ok && x.As(target) {
+			return true
+		}
+		err = Unwrap(err)
+	}
+	return false
+}
+
+var errorType = reflect.TypeOf((*error)(nil)).Elem()
diff --git a/trunk/3rdparty/srs-bench/vendor/modules.txt b/trunk/3rdparty/srs-bench/vendor/modules.txt
new file mode 100644
index 000000000..cfc1e4b26
--- /dev/null
+++ b/trunk/3rdparty/srs-bench/vendor/modules.txt
@@ -0,0 +1,90 @@
+# github.com/google/uuid v1.1.2
+github.com/google/uuid
+# github.com/ossrs/go-oryx-lib v0.0.8
+## explicit
+github.com/ossrs/go-oryx-lib/errors
+github.com/ossrs/go-oryx-lib/logger
+# github.com/pion/datachannel v1.4.21
+github.com/pion/datachannel
+# github.com/pion/dtls/v2 v2.0.4
+github.com/pion/dtls/v2
+github.com/pion/dtls/v2/internal/closer
+github.com/pion/dtls/v2/internal/net/connctx
+github.com/pion/dtls/v2/pkg/crypto/ccm
+github.com/pion/dtls/v2/pkg/crypto/fingerprint
+# github.com/pion/ice/v2 v2.0.14
+github.com/pion/ice/v2
+# github.com/pion/interceptor v0.0.9
+## explicit
+github.com/pion/interceptor
+github.com/pion/interceptor/pkg/nack
+# github.com/pion/logging v0.2.2
+github.com/pion/logging
+# github.com/pion/mdns v0.0.4
+github.com/pion/mdns
+# github.com/pion/randutil v0.1.0
+github.com/pion/randutil
+# github.com/pion/rtcp v1.2.6
+## explicit
+github.com/pion/rtcp
+# github.com/pion/rtp v1.6.2
+## explicit
+github.com/pion/rtp
+github.com/pion/rtp/codecs
+# github.com/pion/sctp v1.7.11
+github.com/pion/sctp
+# github.com/pion/sdp/v3 v3.0.4
+## explicit
+github.com/pion/sdp/v3
+# github.com/pion/srtp/v2 v2.0.1
+github.com/pion/srtp/v2
+# github.com/pion/stun v0.3.5
+github.com/pion/stun
+github.com/pion/stun/internal/hmac
+# github.com/pion/transport v0.12.2
+github.com/pion/transport/deadline
+github.com/pion/transport/packetio
+github.com/pion/transport/replaydetector
+github.com/pion/transport/vnet
+# github.com/pion/turn/v2 v2.0.5
+github.com/pion/turn/v2
+github.com/pion/turn/v2/internal/allocation
+github.com/pion/turn/v2/internal/client
+github.com/pion/turn/v2/internal/ipnet
+github.com/pion/turn/v2/internal/proto
+github.com/pion/turn/v2/internal/server
+# github.com/pion/udp v0.1.0
+github.com/pion/udp
+# github.com/pion/webrtc/v3 v3.0.4
+## explicit
+github.com/pion/webrtc/v3
+github.com/pion/webrtc/v3/internal/mux
+github.com/pion/webrtc/v3/internal/util
+github.com/pion/webrtc/v3/pkg/media
+github.com/pion/webrtc/v3/pkg/media/h264reader
+github.com/pion/webrtc/v3/pkg/media/h264writer
+github.com/pion/webrtc/v3/pkg/media/ivfwriter
+github.com/pion/webrtc/v3/pkg/media/oggreader
+github.com/pion/webrtc/v3/pkg/media/oggwriter
+github.com/pion/webrtc/v3/pkg/rtcerr
+# github.com/pkg/errors v0.9.1
+github.com/pkg/errors
+# golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897
+golang.org/x/crypto/cryptobyte
+golang.org/x/crypto/cryptobyte/asn1
+golang.org/x/crypto/curve25519
+# golang.org/x/net v0.0.0-20201201195509-5d6afe98e0b7
+golang.org/x/net/bpf
+golang.org/x/net/dns/dnsmessage
+golang.org/x/net/internal/iana
+golang.org/x/net/internal/socket
+golang.org/x/net/internal/socks
+golang.org/x/net/ipv4
+golang.org/x/net/proxy
+# golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f
+golang.org/x/sys/internal/unsafeheader
+golang.org/x/sys/unix
+golang.org/x/sys/windows
+# golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1
+golang.org/x/xerrors
+golang.org/x/xerrors/internal
diff --git a/trunk/auto/coverage.sh b/trunk/auto/coverage.sh
index 55cb7ce46..c211243ea 100644
--- a/trunk/auto/coverage.sh
+++ b/trunk/auto/coverage.sh
@@ -39,7 +39,9 @@ ret=$?; if [[ $ret -ne 0 ]]; then echo "Cook gcov files failed, ret=$ret"; exit
 #       https://codecov.io/gh/ossrs/srs/src/20fbb4466fdc8ba5d810b8570df6004063212838/trunk/src/protocol/srs_rtmp_stack.cpp
 # Remark: It takes a few minutes to sync with github, so it might not available when CircleCI is done.
 #       https://circleci.com/gh/ossrs/srs/tree/3.0release
+#
+# Note: Use '-X gcov' to avoid generate the gcov files again.
 cd $workdir &&
 export CODECOV_TOKEN="493bba46-c468-4e73-8b45-8cdd8ff62d96" &&
-bash <(curl -s https://codecov.io/bash) &&
+bash <(curl -s https://codecov.io/bash) -X gcov &&
 echo "Done" && exit 0
diff --git a/trunk/auto/depends.sh b/trunk/auto/depends.sh
index c58f81d53..23ec86081 100755
--- a/trunk/auto/depends.sh
+++ b/trunk/auto/depends.sh
@@ -359,7 +359,7 @@ if [[ $SRS_EXTRA_FLAGS != '' ]]; then
     _ST_EXTRA_CFLAGS="$_ST_EXTRA_CFLAGS $SRS_EXTRA_FLAGS"
 fi
 # Patched ST from https://github.com/ossrs/state-threads/tree/srs
-if [[ -f ${SRS_OBJS}/${SRS_PLATFORM}/st/libst.a ]]; then
+if [[ -f ${SRS_OBJS}/${SRS_PLATFORM}/st-srs/${_ST_OBJ}/libst.a ]]; then
     echo "The state-threads is ok.";
 else
     echo "Building state-threads.";
@@ -388,6 +388,7 @@ fi
 # check status
 ret=$?; if [[ $ret -ne 0 ]]; then echo "Build state-threads failed, ret=$ret"; exit $ret; fi
 # Always update the links.
+(cd ${SRS_OBJS}/${SRS_PLATFORM} && rm -rf st && ln -sf st-srs/${_ST_OBJ} st)
 (cd ${SRS_OBJS} && rm -rf st && ln -sf ${SRS_PLATFORM}/st-srs/${_ST_OBJ} st)
 if [ ! -f ${SRS_OBJS}/st/libst.a ]; then echo "Build state-threads static lib failed."; exit -1; fi
 
@@ -507,20 +508,31 @@ if [[ $SRS_SSL == YES && $SRS_USE_SYS_SSL != YES ]]; then
     if [[ $SRS_OSX == YES ]]; then
         export KERNEL_BITS=64;
     fi
-    # Default to openssl 1.1, use 1.0 if required.
-    OPENSSL_CANDIDATE="openssl-1.1.0e" && OPENSSL_UNZIP="unzip -q ../../3rdparty/$OPENSSL_CANDIDATE.zip"
+    # Use 1.0 if required.
     if [[ $SRS_SSL_1_0 == YES ]]; then
+        OPENSSL_AR="$SRS_TOOL_AR -r" # For openssl 1.0, MUST specifies the args for ar or build faild.
         OPENSSL_CANDIDATE="openssl-OpenSSL_1_0_2u" && OPENSSL_UNZIP="tar xf ../../3rdparty/$OPENSSL_CANDIDATE.tar.gz"
+    else
+        OPENSSL_AR="$SRS_TOOL_AR"
+        OPENSSL_CANDIDATE="openssl-1.1-fit" && OPENSSL_UNZIP="cp -R ../../3rdparty/$OPENSSL_CANDIDATE ."
     fi
+    #
+    # https://wiki.openssl.org/index.php/Compilation_and_Installation#Configure_Options
+    # Already defined: -no-shared -no-threads -no-asm
+    # Should enable:  -no-dtls -no-dtls1 -no-ssl3
+    # Might able to disable: -no-ssl2 -no-comp -no-idea -no-hw -no-engine -no-dso -no-err -no-nextprotoneg -no-psk -no-srp -no-ec2m -no-weak-ssl-ciphers
+    # Note that we do not disable more features, because no file could be removed.
+    #OPENSSL_OPTIONS="$OPENSSL_OPTIONS -no-ssl2 -no-comp -no-idea -no-hw -no-engine -no-dso -no-err -no-nextprotoneg -no-psk -no-srp -no-ec2m -no-weak-ssl-ciphers"
+    #
     # cross build not specified, if exists flag, need to rebuild for no-arm platform.
-    if [[ -f ${SRS_OBJS}/${SRS_PLATFORM}/openssl/lib/libssl.a ]]; then
+    if [[ -f ${SRS_OBJS}/${SRS_PLATFORM}/$OPENSSL_CANDIDATE/_release/lib/libssl.a ]]; then
         echo "The $OPENSSL_CANDIDATE is ok.";
     else
         echo "Building $OPENSSL_CANDIDATE.";
         (
             rm -rf ${SRS_OBJS}/${SRS_PLATFORM}/${OPENSSL_CANDIDATE} && cd ${SRS_OBJS}/${SRS_PLATFORM} &&
             ${OPENSSL_UNZIP} && cd $OPENSSL_CANDIDATE && ${OPENSSL_CONFIG} --prefix=`pwd`/_release $OPENSSL_OPTIONS &&
-            make CC=${SRS_TOOL_CC} AR="${SRS_TOOL_AR} -rs" LD=${SRS_TOOL_LD} RANDLIB=${SRS_TOOL_RANDLIB} ${SRS_JOBS} && make install_sw &&
+            make CC=${SRS_TOOL_CC} AR="${OPENSSL_AR}" LD=${SRS_TOOL_LD} RANDLIB=${SRS_TOOL_RANDLIB} ${SRS_JOBS} && make install_sw &&
             cd .. && rm -rf openssl && ln -sf $OPENSSL_CANDIDATE/_release openssl
         )
     fi
@@ -532,6 +544,7 @@ if [[ $SRS_SSL == YES && $SRS_USE_SYS_SSL != YES ]]; then
     # check status
     ret=$?; if [[ $ret -ne 0 ]]; then echo "Build $OPENSSL_CANDIDATE failed, ret=$ret"; exit $ret; fi
     # Always update the links.
+    (cd ${SRS_OBJS}/${SRS_PLATFORM} && rm -rf openssl && ln -sf $OPENSSL_CANDIDATE/_release openssl)
     (cd ${SRS_OBJS} && rm -rf openssl && ln -sf ${SRS_PLATFORM}/${OPENSSL_LIB} openssl)
     if [ ! -f ${SRS_OBJS}/openssl/lib/libssl.a ]; then echo "Build $OPENSSL_CANDIDATE failed."; exit -1; fi
 fi
@@ -558,29 +571,30 @@ if [[ $SRS_SRTP_ASM == YES ]]; then
     SRTP_CONFIG="export PKG_CONFIG_PATH=../openssl/lib/pkgconfig" && SRTP_OPTIONS="--enable-openssl"
 fi
 # Patched ST from https://github.com/ossrs/state-threads/tree/srs
-if [[ -f ${SRS_OBJS}/${SRS_PLATFORM}/srtp2/lib/libsrtp2.a ]]; then
-    echo "The srtp2 is ok.";
+if [[ -f ${SRS_OBJS}/${SRS_PLATFORM}/libsrtp-2-fit/_release/lib/libsrtp2.a ]]; then
+    echo "The libsrtp-2-fit is ok.";
 else
-    echo "Building srtp2.";
+    echo "Building libsrtp-2-fit.";
     (
         rm -rf ${SRS_OBJS}/srtp2 && cd ${SRS_OBJS}/${SRS_PLATFORM} &&
-        rm -rf libsrtp-2.0.0 && unzip -q ../../3rdparty/libsrtp-2.0.0.zip && cd libsrtp-2.0.0 &&
+        rm -rf libsrtp-2-fit && cp -R ../../3rdparty/libsrtp-2-fit . && cd libsrtp-2-fit &&
         ${SRTP_CONFIG} && ./configure ${SRTP_OPTIONS} --prefix=`pwd`/_release &&
         make ${SRS_JOBS} && make install &&
-        cd .. && rm -rf srtp2 && ln -sf libsrtp-2.0.0/_release srtp2
+        cd .. && rm -rf srtp2 && ln -sf libsrtp-2-fit/_release srtp2
     )
 fi
 # check status
-ret=$?; if [[ $ret -ne 0 ]]; then echo "Build srtp2 failed, ret=$ret"; exit $ret; fi
+ret=$?; if [[ $ret -ne 0 ]]; then echo "Build libsrtp-2-fit failed, ret=$ret"; exit $ret; fi
 # Always update the links.
-(cd ${SRS_OBJS} && rm -rf srtp2 && ln -sf ${SRS_PLATFORM}/libsrtp-2.0.0/_release srtp2)
-if [ ! -f ${SRS_OBJS}/srtp2/lib/libsrtp2.a ]; then echo "Build srtp2 static lib failed."; exit -1; fi
+(cd ${SRS_OBJS}/${SRS_PLATFORM} && rm -rf srtp2 && ln -sf libsrtp-2-fit/_release srtp2)
+(cd ${SRS_OBJS} && rm -rf srtp2 && ln -sf ${SRS_PLATFORM}/libsrtp-2-fit/_release srtp2)
+if [ ! -f ${SRS_OBJS}/srtp2/lib/libsrtp2.a ]; then echo "Build libsrtp-2-fit static lib failed."; exit -1; fi
 
 #####################################################################################
 # libopus, for WebRTC to transcode AAC with Opus.
 #####################################################################################
 if [[ $SRS_RTC == YES ]]; then
-    if [[ -f ${SRS_OBJS}/${SRS_PLATFORM}/opus/lib/libopus.a ]]; then
+    if [[ -f ${SRS_OBJS}/${SRS_PLATFORM}/opus-1.3.1/_release/lib/libopus.a ]]; then
         echo "The opus-1.3.1 is ok.";
     else
         echo "Building opus-1.3.1.";
@@ -594,6 +608,7 @@ if [[ $SRS_RTC == YES ]]; then
     # check status
     ret=$?; if [[ $ret -ne 0 ]]; then echo "Build opus-1.3.1 failed, ret=$ret"; exit $ret; fi
     # Always update the links.
+    (cd ${SRS_OBJS}/${SRS_PLATFORM} && rm -rf opus && ln -sf opus-1.3.1/_release opus)
     (cd ${SRS_OBJS} && rm -rf opus && ln -sf ${SRS_PLATFORM}/opus-1.3.1/_release opus)
     if [ ! -f ${SRS_OBJS}/opus/lib/libopus.a ]; then echo "Build opus-1.3.1 failed."; exit -1; fi
 fi
@@ -613,33 +628,20 @@ if [[ $SRS_FFMPEG_FIT == YES ]]; then
         FFMPEG_OPTIONS="--disable-x86asm"
     fi
 
-    if [[ -f ${SRS_OBJS}/${SRS_PLATFORM}/ffmpeg/lib/libavcodec.a ]]; then
-        echo "The ffmpeg-4.2-fit is ok.";
+    if [[ -f ${SRS_OBJS}/${SRS_PLATFORM}/ffmpeg-4-fit/_release/lib/libavcodec.a ]]; then
+        echo "The ffmpeg-4-fit is ok.";
     else
-        echo "Building ffmpeg-4.2-fit.";
+        echo "Building ffmpeg-4-fit.";
         (
-            rm -rf ${SRS_OBJS}/${SRS_PLATFORM}/ffmpeg-4.2-fit && mkdir -p ${SRS_OBJS}/${SRS_PLATFORM}/ffmpeg-4.2-fit &&
+            rm -rf ${SRS_OBJS}/${SRS_PLATFORM}/ffmpeg-4-fit && mkdir -p ${SRS_OBJS}/${SRS_PLATFORM}/ffmpeg-4-fit &&
             # Create a hidden directory .src
-            cd ${SRS_OBJS}/${SRS_PLATFORM}/ffmpeg-4.2-fit && ABS_OBJS=`(cd .. && pwd)` && ln -sf ../../../3rdparty/ffmpeg-4.2-fit .src &&
-            # Link source files under .src
-            _srs_link_file .src/ ./ ./ &&
-            for dir in `(cd .src && find . -maxdepth 1 -type d|grep '\./')`; do
-                dir=`basename $dir` && mkdir -p $dir && _srs_link_file .src/$dir/ $dir/ ../ &&
-                for dir2 in `(cd .src/$dir && find . -maxdepth 1 -type d|grep '\./')`; do
-                    dir2=`basename $dir2` && mkdir -p $dir/$dir2 && _srs_link_file .src/$dir/$dir2/ $dir/$dir2/ ../../ &&
-                    for dir3 in `(cd .src/$dir/$dir2 && find . -maxdepth 1 -type d|grep '\./')`; do
-                        dir3=`basename $dir3` && mkdir -p $dir/$dir2/$dir3 && _srs_link_file .src/$dir/$dir2/$dir3/ $dir/$dir2/$dir3/ ../../../;
-                    done
-                done
-            done &&
-            # We should remove some files(in .gitignore) to keep them in local generated.
-            (cd ffbuild && rm -f config.fate config.log config.mak config.sh .config) &&
-            (cd libavutil && rm -f lib.version libavutil.version ffversion.h avconfig.h) &&
-            (rm -rf doc && rm -f config.asm config.h libavcodec/libavcodec.version libswresample/libswresample.version) &&
+            cd ${SRS_OBJS}/${SRS_PLATFORM}/ffmpeg-4-fit && cp -R ../../../3rdparty/ffmpeg-4-fit/* . &&
+            # For libopus and other codecs.
+            ABS_OBJS=$(cd .. && pwd) &&
             # Build source code.
             PKG_CONFIG_PATH=$ABS_OBJS/opus/lib/pkgconfig ./configure \
-              --prefix=`pwd`/${SRS_PLATFORM}/_release \
-              --pkg-config-flags="--static" --extra-libs=-lpthread --extra-libs=-lm ${FFMPEG_OPTIONS} \
+              --prefix=`pwd`/_release \
+              --pkg-config-flags="--static" --extra-libs="-lpthread" --extra-libs="-lm" ${FFMPEG_OPTIONS} \
               --disable-programs --disable-doc --disable-htmlpages --disable-manpages --disable-podpages --disable-txtpages \
               --disable-avdevice --disable-avformat --disable-swscale --disable-postproc --disable-avfilter --disable-network \
               --disable-dct --disable-dwt --disable-error-resilience --disable-lsp --disable-lzo --disable-faan --disable-pixelutils \
@@ -649,14 +651,15 @@ if [[ $SRS_FFMPEG_FIT == YES ]]; then
               --disable-lzma --disable-sdl2 --disable-everything --enable-decoder=aac --enable-decoder=aac_fixed --enable-decoder=aac_latm \
               --enable-decoder=libopus --enable-encoder=aac --enable-encoder=opus --enable-encoder=libopus --enable-libopus &&
             make ${SRS_JOBS} && make install &&
-            cd .. && rm -rf ffmpeg && ln -sf ffmpeg-4.2-fit/${SRS_PLATFORM}/_release ffmpeg
+            cd .. && rm -rf ffmpeg && ln -sf ffmpeg-4-fit/_release ffmpeg
         )
     fi
     # check status
-    ret=$?; if [[ $ret -ne 0 ]]; then echo "Build ffmpeg-4.2-fit failed, ret=$ret"; exit $ret; fi
+    ret=$?; if [[ $ret -ne 0 ]]; then echo "Build ffmpeg-4-fit failed, ret=$ret"; exit $ret; fi
     # Always update the links.
-    (cd ${SRS_OBJS} && rm -rf ffmpeg && ln -sf ${SRS_PLATFORM}/ffmpeg-4.2-fit/${SRS_PLATFORM}/_release ffmpeg)
-    if [ ! -f ${SRS_OBJS}/ffmpeg/lib/libavcodec.a ]; then echo "Build ffmpeg-4.2-fit failed."; exit -1; fi
+    (cd ${SRS_OBJS}/${SRS_PLATFORM} && rm -rf ffmpeg && ln -sf ffmpeg-4-fit/_release ffmpeg)
+    (cd ${SRS_OBJS} && rm -rf ffmpeg && ln -sf ${SRS_PLATFORM}/ffmpeg-4-fit/_release ffmpeg)
+    if [ ! -f ${SRS_OBJS}/ffmpeg/lib/libavcodec.a ]; then echo "Build ffmpeg-4-fit failed."; exit -1; fi
 fi
 
 #####################################################################################
@@ -704,7 +707,7 @@ fi
 # build utest code
 #####################################################################################
 if [ $SRS_UTEST = YES ]; then
-    if [[ -f ${SRS_OBJS}/${SRS_PLATFORM}/gtest/include/gtest/gtest.h ]]; then
+    if [[ -f ${SRS_OBJS}/${SRS_PLATFORM}/gtest-1.6.0/include/gtest/gtest.h ]]; then
         echo "The gtest-1.6.0 is ok.";
     else
         echo "Build gtest-1.6.0";
@@ -717,6 +720,7 @@ if [ $SRS_UTEST = YES ]; then
     # check status
     ret=$?; if [[ $ret -ne 0 ]]; then echo "Build gtest-1.6.0 failed, ret=$ret"; exit $ret; fi
     # Always update the links.
+    (cd ${SRS_OBJS}/${SRS_PLATFORM} && rm -rf gtest && ln -sf gtest-1.6.0 gtest)
     (cd ${SRS_OBJS} && rm -rf gtest && ln -sf ${SRS_PLATFORM}/gtest-1.6.0 gtest)
     if [ ! -f ${SRS_OBJS}/gtest/include/gtest/gtest.h ]; then echo "Build gtest-1.6.0 failed."; exit -1; fi
 fi
diff --git a/trunk/auto/options.sh b/trunk/auto/options.sh
index 82d2c5256..e2a0bb7d3 100755
--- a/trunk/auto/options.sh
+++ b/trunk/auto/options.sh
@@ -513,12 +513,6 @@ function apply_detail_options() {
         echo "Disable SRTP-ASM, because NASM is disabled."
         SRS_SRTP_ASM=NO
     fi
-
-    # Which openssl we choose, openssl-1.0.* for SRTP with ASM, others we use openssl-1.1.*
-    if [[ $SRS_SRTP_ASM == YES && $SRS_SSL_1_0 == NO ]]; then
-        echo "Use openssl-1.0 for SRTP-ASM."
-        SRS_SSL_1_0=YES
-    fi
 }
 apply_detail_options
 
diff --git a/trunk/auto/setup_variables.sh b/trunk/auto/setup_variables.sh
index cf26ea0c3..1a1bcb4d1 100755
--- a/trunk/auto/setup_variables.sh
+++ b/trunk/auto/setup_variables.sh
@@ -13,6 +13,7 @@ if [[ $OS_KERNEL_NAME == Darwin ]]; then
   SRS_PLATFORM="${SRS_PLATFORM}-${GCC_VERSION}"
 else
   GCC_VERSION="GCC$(gcc --version 2>/dev/null|grep gcc|awk '{print $3}')"
+  echo $GCC_VERSION| grep '-' >/dev/null && GCC_VERSION=$(echo $GCC_VERSION| awk -F '-' '{print$1}')
   SRS_PLATFORM="${SRS_PLATFORM}-${GCC_VERSION}"
 fi
 # Use isolate cache for different SRS version.
diff --git a/trunk/conf/full.conf b/trunk/conf/full.conf
index 2a99710b6..e1b64f10d 100644
--- a/trunk/conf/full.conf
+++ b/trunk/conf/full.conf
@@ -494,8 +494,8 @@ rtc_server {
     # For RTP packet and its payload cache.
     rtp_cache {
         # Whether enable the RTP packet cache.
-        # default: off
-        enabled off;
+        # default: on
+        enabled on;
         # The cache size for rtp packet in MB, each object is about 300B..
         # default: 64
         pkt_size 64.0;
@@ -506,8 +506,8 @@ rtc_server {
     # For RTP shared message and the large buffer cache.
     rtp_msg_cache {
         #Whether enable the RTP message(a large buffer) cache.
-        # default: off
-        enabled off;
+        # default: on
+        enabled on;
         # The cache size for message object in MB, each object is about 40B.
         # default: 16
         msg_size 16.0;
@@ -579,8 +579,8 @@ vhost rtc.vhost.srs.com {
         # default: on
         enabled on;
         # Whether directly use the packet, avoid copy.
-        # default: off
-        no_copy off;
+        # default: on
+        no_copy on;
     }
     # For TWCC.
     twcc {
diff --git a/trunk/conf/regression-test.conf b/trunk/conf/regression-test.conf
new file mode 100644
index 000000000..bd732952e
--- /dev/null
+++ b/trunk/conf/regression-test.conf
@@ -0,0 +1,55 @@
+
+listen              1935;
+max_connections     1000;
+daemon              on;
+disable_daemon_for_docker off;
+srs_log_tank        file;
+
+http_server {
+    enabled         on;
+    listen          8080;
+    dir             ./objs/nginx/html;
+}
+
+http_api {
+    enabled         on;
+    listen          1985;
+}
+stats {
+    network         0;
+}
+rtc_server {
+    enabled         on;
+    # Listen at udp://8000
+    listen          8000;
+    #
+    # The $CANDIDATE means fetch from env, if not configed, use * as default.
+    #
+    # The * means retrieving server IP automatically, from all network interfaces,
+    # @see https://github.com/ossrs/srs/issues/307#issuecomment-599028124
+    candidate       $CANDIDATE;
+}
+
+vhost __defaultVhost__ {
+    rtc {
+        enabled     on;
+        bframe      discard;
+    }
+    http_remux {
+        enabled     on;
+        mount       [vhost]/[app]/[stream].flv;
+    }
+    ingest livestream {
+        enabled on;
+        input {
+            type    file;
+            url     ./doc/source.200kbps.768x320.flv;
+        }
+        ffmpeg      ./objs/ffmpeg/bin/ffmpeg;
+        engine {
+            enabled          off;
+            output          rtmp://127.0.0.1:[port]/live/livestream;
+        }
+    }
+}
+
diff --git a/trunk/conf/rtc.conf b/trunk/conf/rtc.conf
index 02b97079b..b5a70eb07 100644
--- a/trunk/conf/rtc.conf
+++ b/trunk/conf/rtc.conf
@@ -34,5 +34,9 @@ vhost __defaultVhost__ {
         enabled     on;
         bframe      discard;
     }
+    http_remux {
+        enabled     on;
+        mount       [vhost]/[app]/[stream].flv;
+    }
 }
 
diff --git a/trunk/configure b/trunk/configure
index 02dc2a0cc..70a8319f9 100755
--- a/trunk/configure
+++ b/trunk/configure
@@ -192,8 +192,8 @@ if [[ $SRS_GCOV == YES ]]; then
     SrsLinkOptions="${SrsLinkOptions} ${SrsGcov}";
 fi
 
-# For FFMPEG/RTC.
-if [[ $SRS_RTC == YES && $SRS_NASM == NO && $SRS_OSX == NO ]]; then
+# For FFMPEG/RTC on Linux.
+if [[ $SRS_OSX != YES && $SRS_RTC == YES && $SRS_FFMPEG_FIT == YES ]]; then
     SrsLinkOptions="${SrsLinkOptions} -lrt";
 fi
 
diff --git a/trunk/src/app/srs_app_config.cpp b/trunk/src/app/srs_app_config.cpp
index e04742613..7e538389b 100644
--- a/trunk/src/app/srs_app_config.cpp
+++ b/trunk/src/app/srs_app_config.cpp
@@ -4919,7 +4919,7 @@ SrsConfDirective* SrsConfig::get_rtc_server_rtp_cache()
 
 bool SrsConfig::get_rtc_server_rtp_cache_enabled()
 {
-    static bool DEFAULT = false;
+    static bool DEFAULT = true;
 
     SrsConfDirective* conf = get_rtc_server_rtp_cache();
     if (!conf) {
@@ -4931,7 +4931,7 @@ bool SrsConfig::get_rtc_server_rtp_cache_enabled()
         return DEFAULT;
     }
 
-    return SRS_CONF_PERFER_FALSE(conf->arg0());
+    return SRS_CONF_PERFER_TRUE(conf->arg0());
 }
 
 uint64_t SrsConfig::get_rtc_server_rtp_cache_pkt_size()
@@ -4985,7 +4985,7 @@ SrsConfDirective* SrsConfig::get_rtc_server_rtp_msg_cache()
 
 bool SrsConfig::get_rtc_server_rtp_msg_cache_enabled()
 {
-    static bool DEFAULT = false;
+    static bool DEFAULT = true;
 
     SrsConfDirective* conf = get_rtc_server_rtp_msg_cache();
     if (!conf) {
@@ -4997,7 +4997,7 @@ bool SrsConfig::get_rtc_server_rtp_msg_cache_enabled()
         return DEFAULT;
     }
 
-    return SRS_CONF_PERFER_FALSE(conf->arg0());
+    return SRS_CONF_PERFER_TRUE(conf->arg0());
 }
 
 uint64_t SrsConfig::get_rtc_server_rtp_msg_cache_msg_size()
@@ -5251,7 +5251,7 @@ bool SrsConfig::get_rtc_nack_enabled(string vhost)
 
 bool SrsConfig::get_rtc_nack_no_copy(string vhost)
 {
-    static bool DEFAULT = false;
+    static bool DEFAULT = true;
 
     SrsConfDirective* conf = get_vhost(vhost);
     if (!conf) {
@@ -5268,7 +5268,7 @@ bool SrsConfig::get_rtc_nack_no_copy(string vhost)
         return DEFAULT;
     }
 
-    return SRS_CONF_PERFER_FALSE(conf->arg0());
+    return SRS_CONF_PERFER_TRUE(conf->arg0());
 }
 
 bool SrsConfig::get_rtc_twcc_enabled(string vhost)
diff --git a/trunk/src/app/srs_app_rtc_codec.cpp b/trunk/src/app/srs_app_rtc_codec.cpp
index b3db983ef..7194f9605 100644
--- a/trunk/src/app/srs_app_rtc_codec.cpp
+++ b/trunk/src/app/srs_app_rtc_codec.cpp
@@ -130,10 +130,11 @@ srs_error_t SrsAudioDecoder::decode(SrsSample *pkt, char *buf, int &size)
             return srs_error_new(ERROR_RTC_RTP_MUXER, "Failed to calculate data size");
         }
 
-        for (int i = 0; i < frame_->nb_samples; i++) {
-            if (size + pcm_size * codec_ctx_->channels <= max) {
-                memcpy(buf + size,frame_->data[0] + pcm_size*codec_ctx_->channels * i, pcm_size * codec_ctx_->channels);
-                size += pcm_size * codec_ctx_->channels;
+        // @see https://github.com/ossrs/srs/pull/2011/files
+        for (int i = 0; i < codec_ctx_->channels; i++) {
+            if (size + pcm_size * frame_->nb_samples <= max) {
+                memcpy(buf + size,frame_->data[i],pcm_size * frame_->nb_samples);
+                size += pcm_size * frame_->nb_samples;
             }
         }
     }
diff --git a/trunk/src/app/srs_app_rtc_conn.cpp b/trunk/src/app/srs_app_rtc_conn.cpp
index f0c9d18e6..27dd2a903 100644
--- a/trunk/src/app/srs_app_rtc_conn.cpp
+++ b/trunk/src/app/srs_app_rtc_conn.cpp
@@ -866,6 +866,7 @@ SrsRtcPublishStream::SrsRtcPublishStream(SrsRtcConnection* session, const SrsCon
     pt_to_drop_ = 0;
 
     nn_audio_frames = 0;
+    twcc_enabled_ = false;
     twcc_id_ = 0;
     twcc_fb_count_ = 0;
     
@@ -930,7 +931,7 @@ srs_error_t SrsRtcPublishStream::initialize(SrsRequest* r, SrsRtcStreamDescripti
         media_ssrc = desc->ssrc_;
         break;
     }
-    if (twcc_id != -1) {
+    if (twcc_id > 0) {
         twcc_id_ = twcc_id;
         extension_types_.register_by_uri(twcc_id_, kTWCCExt);
         rtcp_twcc_.set_media_ssrc(media_ssrc);
@@ -941,6 +942,11 @@ srs_error_t SrsRtcPublishStream::initialize(SrsRequest* r, SrsRtcStreamDescripti
     pt_to_drop_ = (uint16_t)_srs_config->get_rtc_drop_for_pt(req->vhost);
     twcc_enabled_ = _srs_config->get_rtc_twcc_enabled(req->vhost);
 
+    // No TWCC when negotiate, disable it.
+    if (twcc_id <= 0) {
+        twcc_enabled_ = false;
+    }
+
     srs_trace("RTC publisher nack=%d, nnc=%d, pt-drop=%u, twcc=%u/%d", nack_enabled_, nack_no_copy_, pt_to_drop_, twcc_enabled_, twcc_id);
 
     // Setup tracks.
@@ -3116,6 +3122,7 @@ srs_error_t SrsRtcConnection::negotiate_play_capability(SrsRequest* req, SrsRtcS
     //negotiate audio media
     if(NULL != req_stream_desc->audio_track_desc_) {
         SrsRtcTrackDescription* req_audio_track = req_stream_desc->audio_track_desc_;
+        int remote_twcc_id = req_audio_track->get_rtp_extension_id(kTWCCExt);
 
         src_track_descs = source->get_track_desc("audio", "opus");
         if (src_track_descs.size() > 0) {
@@ -3131,6 +3138,11 @@ srs_error_t SrsRtcConnection::negotiate_play_capability(SrsRequest* req, SrsRtcS
                 track->red_->pt_ = req_audio_track->red_->pt_;
             }
 
+            track->del_rtp_extension_desc(kTWCCExt);
+            if (remote_twcc_id > 0) {
+                track->add_rtp_extension_desc(remote_twcc_id, kTWCCExt);
+            }
+
             track->mid_ = req_audio_track->mid_;
             sub_relations.insert(make_pair(track->ssrc_, track));
             track->set_direction("sendonly");
@@ -3143,6 +3155,8 @@ srs_error_t SrsRtcConnection::negotiate_play_capability(SrsRequest* req, SrsRtcS
     src_track_descs = source->get_track_desc("video", "h264");
     for(int i = 0; i < (int)req_video_tracks.size(); ++i) {
         SrsRtcTrackDescription* req_video = req_video_tracks.at(i);
+        int remote_twcc_id = req_video->get_rtp_extension_id(kTWCCExt);
+
         for(int j = 0; j < (int)src_track_descs.size(); ++j) {
             SrsRtcTrackDescription* src_video = src_track_descs.at(j);
             if(req_video->id_ == src_video->id_) {
@@ -3158,6 +3172,11 @@ srs_error_t SrsRtcConnection::negotiate_play_capability(SrsRequest* req, SrsRtcS
                     track->red_->pt_ = req_video->red_->pt_;
                 }
 
+                track->del_rtp_extension_desc(kTWCCExt);
+                if (remote_twcc_id > 0) {
+                    track->add_rtp_extension_desc(remote_twcc_id, kTWCCExt);
+                }
+
                 track->mid_ = req_video->mid_;
                 sub_relations.insert(make_pair(track->ssrc_, track));
                 track->set_direction("sendonly");
diff --git a/trunk/src/app/srs_app_rtc_server.cpp b/trunk/src/app/srs_app_rtc_server.cpp
index 45a4dc010..617337889 100644
--- a/trunk/src/app/srs_app_rtc_server.cpp
+++ b/trunk/src/app/srs_app_rtc_server.cpp
@@ -768,11 +768,11 @@ srs_error_t SrsRtcServer::notify(int type, srs_utime_t interval, srs_utime_t tic
         rnk_desc = buf;
     }
 
-    string drop_desc;
+    string loss_desc;
     SrsSnmpUdpStat* s = srs_get_udp_snmp_stat();
     if (s->rcv_buf_errors_delta || s->snd_buf_errors_delta) {
-        snprintf(buf, sizeof(buf), ", drop=(r:%d,s:%d)", s->rcv_buf_errors_delta, s->snd_buf_errors_delta);
-        drop_desc = buf;
+        snprintf(buf, sizeof(buf), ", loss=(r:%d,s:%d)", s->rcv_buf_errors_delta, s->snd_buf_errors_delta);
+        loss_desc = buf;
     }
 
     string fid_desc;
@@ -784,7 +784,7 @@ srs_error_t SrsRtcServer::notify(int type, srs_utime_t interval, srs_utime_t tic
 
     srs_trace("RTC: Server conns=%u%s%s%s%s%s%s%s",
         nn_rtc_conns,
-        rpkts_desc.c_str(), spkts_desc.c_str(), rtcp_desc.c_str(), snk_desc.c_str(), rnk_desc.c_str(), drop_desc.c_str(), fid_desc.c_str()
+        rpkts_desc.c_str(), spkts_desc.c_str(), rtcp_desc.c_str(), snk_desc.c_str(), rnk_desc.c_str(), loss_desc.c_str(), fid_desc.c_str()
     );
 
     return err;
diff --git a/trunk/src/app/srs_app_rtc_source.cpp b/trunk/src/app/srs_app_rtc_source.cpp
index cc328b176..96a6bcc18 100644
--- a/trunk/src/app/srs_app_rtc_source.cpp
+++ b/trunk/src/app/srs_app_rtc_source.cpp
@@ -1583,6 +1583,16 @@ void SrsRtcTrackDescription::add_rtp_extension_desc(int id, std::string uri)
     extmaps_[id] = uri;
 }
 
+void SrsRtcTrackDescription::del_rtp_extension_desc(std::string uri)
+{
+    for(std::map<int, std::string>::iterator it = extmaps_.begin(); it != extmaps_.end(); ++it) {
+        if(uri == it->second) {
+            extmaps_.erase(it++);
+            break;
+        }
+    }
+}
+
 void SrsRtcTrackDescription::set_direction(std::string direction)
 {
     direction_ = direction;
@@ -1630,7 +1640,7 @@ void SrsRtcTrackDescription::set_mid(std::string mid)
 
 int SrsRtcTrackDescription::get_rtp_extension_id(std::string uri)
 {
-     for(std::map<int, std::string>::iterator it = extmaps_.begin(); it != extmaps_.end(); ++it) {
+    for (std::map<int, std::string>::iterator it = extmaps_.begin(); it != extmaps_.end(); ++it) {
         if(uri == it->second) {
             return it->first;
         }
diff --git a/trunk/src/app/srs_app_rtc_source.hpp b/trunk/src/app/srs_app_rtc_source.hpp
index 8f29946f3..f22bffc27 100644
--- a/trunk/src/app/srs_app_rtc_source.hpp
+++ b/trunk/src/app/srs_app_rtc_source.hpp
@@ -439,6 +439,7 @@ public:
     bool has_ssrc(uint32_t ssrc);
 public:
     void add_rtp_extension_desc(int id, std::string uri);
+    void del_rtp_extension_desc(std::string uri);
     void set_direction(std::string direction);
     void set_codec_payload(SrsCodecPayload* payload);
     // auxiliary paylod include red, rtx, ulpfec.
diff --git a/trunk/src/core/srs_core_version4.hpp b/trunk/src/core/srs_core_version4.hpp
index 05bc29894..63540429b 100644
--- a/trunk/src/core/srs_core_version4.hpp
+++ b/trunk/src/core/srs_core_version4.hpp
@@ -24,6 +24,6 @@
 #ifndef SRS_CORE_VERSION4_HPP
 #define SRS_CORE_VERSION4_HPP
 
-#define SRS_VERSION4_REVISION 76
+#define SRS_VERSION4_REVISION 81
 
 #endif
diff --git a/trunk/src/utest/srs_utest_rtc.cpp b/trunk/src/utest/srs_utest_rtc.cpp
index d3d5e00a2..845f03b53 100644
--- a/trunk/src/utest/srs_utest_rtc.cpp
+++ b/trunk/src/utest/srs_utest_rtc.cpp
@@ -1143,8 +1143,8 @@ VOID TEST(KernelRTCTest, DTLSServerARQTest)
 
         EXPECT_EQ(1, cio.nn_client_hello);
         EXPECT_EQ(1, sio.nn_server_hello);
-        EXPECT_EQ(1, cio.nn_certificate);
-        EXPECT_EQ(1, sio.nn_new_session);
+        EXPECT_TRUE(1 <= cio.nn_certificate);
+        EXPECT_TRUE(1 <= sio.nn_new_session);
         EXPECT_EQ(0, sio.nn_change_cipher);
     }